diff --git a/.build_exclusions b/.build_exclusions
index a0ad3213abe0..226dfd415add 100644
--- a/.build_exclusions
+++ b/.build_exclusions
@@ -1,8 +1,17 @@
 pkg/*.xpi
 *~
 *.sw?
+*/.*.sw?
+*/*/.*.sw?
+*/*/*/.*.sw?
 chrome/content/rules/*.xml
 chrome/content/rules/*.py
 chrome/content/rules/validity-*
 chrome/content/rules/make-*
 *.xcf.gz
+.gitignore
+.eslintrc.json
+.eslintignore
+node_modules
+package-lock.json
+test
diff --git a/.dockerignore b/.dockerignore
new file mode 100644
index 000000000000..48c75600b1fa
--- /dev/null
+++ b/.dockerignore
@@ -0,0 +1 @@
+.git/*
diff --git a/.editorconfig b/.editorconfig
new file mode 100644
index 000000000000..3188469e924a
--- /dev/null
+++ b/.editorconfig
@@ -0,0 +1,21 @@
+# EditorConfig is awesome: https://EditorConfig.org
+
+root = true
+
+[*]
+end_of_line = lf
+insert_final_newline = true
+charset = utf-8
+trim_trailing_whitespace = true
+
+[src/chrome/content/rules/*.xml]
+indent_style = tab
+indent_size = 4
+
+[*.{css,html,js,sh}]
+indent_style = space
+indent_size = 2
+
+[*.py]
+indent_style = space
+indent_size = 4
diff --git a/.github/ISSUE_TEMPLATE.md b/.github/ISSUE_TEMPLATE.md
new file mode 100644
index 000000000000..e57a0b19e0e8
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE.md
@@ -0,0 +1,11 @@
+[//]: # (Thank you for reporting an issue to HTTPS Everywhere.)
+[//]: # (We welcome input from users on improving this project.)
+[//]: #
+[//]: # (Please help us by following this issue template.)
+[//]: # (You can delete all blank lines and all lines starting)
+[//]: # (with the comment marker, such as this one.)
+
+Type: other
+
+[//]: # (Include any other relevant information below. Thank you again for)
+[//]: # (helping to improve HTTPS Everywhere.)
diff --git a/.github/ISSUE_TEMPLATE/code-issue.md b/.github/ISSUE_TEMPLATE/code-issue.md
new file mode 100644
index 000000000000..c62ff8b75aff
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/code-issue.md
@@ -0,0 +1,16 @@
+---
+name: Code issue report
+about: Report an issue about our code
+---
+
+[//]: # (Thank you for reporting an issue to HTTPS Everywhere.)
+[//]: # (We welcome input from users on improving this project.)
+[//]: #
+[//]: # (Please help us by following this issue template.)
+[//]: # (You can delete all blank lines and all lines starting)
+[//]: # (with the comment marker, such as this one.)
+
+Type: code issue
+
+[//]: # (Include any other relevant information below. Thank you again for)
+[//]: # (helping to improve HTTPS Everywhere.)
diff --git a/.github/ISSUE_TEMPLATE/feature-request.md b/.github/ISSUE_TEMPLATE/feature-request.md
new file mode 100644
index 000000000000..eb831076fd25
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/feature-request.md
@@ -0,0 +1,16 @@
+---
+name: Feature request
+about: Request a feature to help us improve HTTPS Everywhere
+---
+
+[//]: # (Thank you for reporting an issue to HTTPS Everywhere.)
+[//]: # (We welcome input from users on improving this project.)
+[//]: #
+[//]: # (Please help us by following this issue template.)
+[//]: # (You can delete all blank lines and all lines starting)
+[//]: # (with the comment marker, such as this one.)
+
+Type: feature request
+
+[//]: # (Include any other relevant information below. Thank you again for)
+[//]: # (helping to improve HTTPS Everywhere.)
diff --git a/.github/ISSUE_TEMPLATE/new-ruleset.md b/.github/ISSUE_TEMPLATE/new-ruleset.md
new file mode 100644
index 000000000000..59250bbece3f
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/new-ruleset.md
@@ -0,0 +1,42 @@
+---
+name: New ruleset
+about: Request/submit a new ruleset
+---
+
+[//]: # (Thank you for reporting an issue to HTTPS Everywhere.)
+[//]: # (We welcome input from users on improving this project.)
+[//]: #
+[//]: # (Please help us by following this issue template.)
+[//]: # (You can delete all blank lines and all lines starting)
+[//]: # (with the comment marker, such as this one.)
+[//]: #
+[//]: # (Delete all but one of the following "Type" lines.)
+[//]: # (Leave in the line that best describes the issue you are reporting.)
+[//]: #
+[//]: # (If you are submitting a new ruleset, please check the list at)
+[//]: # (https://www.eff.org/https-everywhere/atlas/index.html and the open)
+[//]: # (issues and pull requests to make sure it doesn't already exist.)
+
+Type: new ruleset
+
+[//]: # (If you are reporting a ruleset/website problem, include the top-level)
+[//]: # (domain below. For example, if you want to report an issue about)
+[//]: # ("one.example.com" and "two.example.com", then the line below should)
+[//]: # (be:)
+[//]: #
+[//]: # (Domain: example.com)
+[//]: #
+[//]: # (Be sure to remove the parenthesis and comment marker.  If you are only)
+[//]: # (reporting an issue about "one.example.com", then the line below should)
+[//]: # (be:)
+[//]: #
+[//]: # (Domain: one.example.com)
+[//]: #
+[//]: # (Only include one top-level domain. If you have more than one top-level)
+[//]: # (domain to report, such as both "example.com" and "example.org", open a)
+[//]: # (new issue for each top-level domain.)
+
+Domain:
+
+[//]: # (Include any other relevant information below. Thank you again for)
+[//]: # (helping to improve HTTPS Everywhere.)
diff --git a/.github/ISSUE_TEMPLATE/ruleset-issue.md b/.github/ISSUE_TEMPLATE/ruleset-issue.md
new file mode 100644
index 000000000000..7b1217b52b42
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/ruleset-issue.md
@@ -0,0 +1,22 @@
+---
+name: Ruleset/website issue report
+about: Report a issue about a ruleset/website
+---
+
+[//]: # (Thank you for reporting an issue to HTTPS Everywhere.)
+[//]: # (We welcome input from users on improving this project.)
+[//]: #
+[//]: # (Please help us by following this issue template.)
+[//]: # (You can delete all blank lines and all lines starting)
+[//]: # (with the comment marker, such as this one.)
+[//]: #
+
+Type: ruleset/website issue
+
+[//]: # (Uncomment and fill the domain bellow if you belive that yet another)
+[//]: # (domain should be added to the existing ruleset.)
+
+[//]: # Domain:
+
+[//]: # (Include any other relevant information below. Thank you again for)
+[//]: # (helping to improve HTTPS Everywhere.)
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 000000000000..89917ee4ceb8
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,20 @@
+version: 2
+updates:
+  # Maintain dependencies for npm
+  - package-ecosystem: "npm"
+    directory: "/chromium/"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+      time: "06:00"
+    assignees:
+      - "zoracon"
+    commit-message:
+      prefix: "npmauto"
+    labels:
+      - "dependencies"
+    pull-request-branch-name:
+      separator: "-"
+    reviewers:
+      - "zoracon"
+    versioning-strategy: widen
diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
new file mode 100644
index 000000000000..ef2f1688f71e
--- /dev/null
+++ b/.github/pull_request_template.md
@@ -0,0 +1,9 @@
+Fixes #(issue)
+
+## Type of change
+
+- [ ] Bug fix (non-breaking change which fixes an issue)
+- [ ] New feature (non-breaking change which adds functionality)
+- [ ] Refactoring existing code
+- [ ] New Ruleset
+- [ ] Existing Ruleset
diff --git a/.gitignore b/.gitignore
index 51c53314d083..104e25eb17f3 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,12 +1,22 @@
+*.pyc
+*.swp
 *~
+.DS_Store
+.idea
+.vagrant
+.venv/
+.venv2/
+.venv3/
 chromium.pem
-dummy-chromium.pem
-pkg/crx
-pkg/*.crx
-pkg/*.xpi
+from-preloads/
+pkg/
 src/chrome/content/rules/default.rulesets
-*.swp
+src/chrome/content/rules/default.rulesets.json
+src/defaults/rulesets.sqlite
+test_profile/
 tokenkeys.py*
-.idea
-*.pyc
-from-preloads/
+Vagrantfile
+.cache/
+geckodriver.log
+node_modules/
+coverage/
diff --git a/.gitmodules b/.gitmodules
new file mode 100644
index 000000000000..1919060dd62c
--- /dev/null
+++ b/.gitmodules
@@ -0,0 +1,8 @@
+[submodule "translations"]
+	path = translations
+	url = https://git.torproject.org/translation.git
+	branch = https_everywhere
+
+[submodule "lib-wasm"]
+	path = lib-wasm
+	url = https://github.com/EFForg/https-everywhere-lib-wasm.git
diff --git a/.travis.yml b/.travis.yml
new file mode 100644
index 000000000000..f028c3a3915c
--- /dev/null
+++ b/.travis.yml
@@ -0,0 +1,37 @@
+sudo: required
+os: linux
+dist: bionic
+language: python
+python: 3.6
+group: bionic
+services:
+  - docker
+  - xvfb
+matrix:
+  fast_finish: true
+  include:
+    - env: TEST="lint"
+      language: node_js
+      node_js:
+        - "lts/*"
+    - env: TEST="unittests"
+      language: node_js
+      node_js:
+        - "lts/*"
+    - env: TEST="validations"
+    - env: TEST="fetch"
+    - env: TEST="preloaded"
+    # - addons:
+    #     chrome: beta
+    #   env: TEST="chrome beta" BROWSER=google-chrome-beta
+    - addons:
+        chrome: stable
+      env: TEST="chrome stable" BROWSER=google-chrome-stable
+    - addons:
+        firefox: latest
+      env: TEST="firefox" BROWSER=firefox
+    - addons:
+        firefox: latest-esr
+      env: TEST="firefox esr" BROWSER=firefox
+before_script: travis_retry test/setup_travis.sh
+script: . test/run_travis.sh
diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md
new file mode 100644
index 000000000000..f5636ad09567
--- /dev/null
+++ b/CODE_OF_CONDUCT.md
@@ -0,0 +1 @@
+This project is governed by [EFF's Public Projects Code of Conduct](https://www.eff.org/pages/eppcode).
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
new file mode 100644
index 000000000000..3ddaf4439e1d
--- /dev/null
+++ b/CONTRIBUTING.md
@@ -0,0 +1,437 @@
+# Table of Contents
+
+## General Info
+
+**On May 31st, 2021 we will end manual additions to the rulesets.** Please see [this explanation on the future of HTTPSE Rulesets.](https://github.com/EFForg/https-everywhere/blob/master/docs/adrs/duckduckgo-smarter-encryption.md)
+
+We will continue accept requests on rulesets already in our list that are causing significant breakage for users through the summer. However, in autumn, we will begin the plan to ultimately move our crowdsourced rulesets out of the extension in favor of the Smarter Encryption Ruleset.
+
+- [Table of Contents](#table-of-contents)
+- [Welcome](#welcome)
+  - [HTTPS Everywhere Source Code Layout](#https-everywhere-source-code-layout)
+  - [Install Dependencies and Test Build](#install-dependencies-and-test-build)
+  - [Precommit Testing](#precommit-testing)
+  - [Testing](#testing)
+    - [Quickly Testing a Ruleset](#quickly-testing-a-ruleset)
+    - [Coverage](#coverage)
+  - [Submitting Changes](#submitting-changes)
+  - [Contributing Rulesets](#contributing-rulesets)
+    - [General Info](#general-info)
+    - [New Rulesets](#new-rulesets)
+    - [Minimum Requirements for a Ruleset PR](#minimum-requirements-for-a-ruleset-pr)
+  - [Ruleset Style Guide](#ruleset-style-guide)
+    - [Motivation](#motivation)
+    - [Indentation & Misc Stylistic Conventions](#indentation--misc-stylistic-conventions)
+    - [Wildcards in Targets](#wildcards-in-targets)
+      - [Left-Wildcards](#left-wildcards)
+      - [Edge-Case: Right-Wildcards](#edge-case-right-wildcards)
+    - [Complicated Regex in Rules](#complicated-regex-in-rules)
+    - [Enumerating Subdomains](#enumerating-subdomains)
+    - [Target Ordering](#target-ordering)
+    - [Rule Ordering](#rule-ordering)
+    - [Non-working hosts](#non-working-hosts)
+    - [Ruleset Names](#ruleset-names)
+      - [Filenames](#filenames)
+    - [Cross-referencing Rulesets](#cross-referencing-rulesets)
+    - [Regex Conventions](#regex-conventions)
+    - [Snapping Redirects](#snapping-redirects)
+    - [Example: Ruleset before style guidelines are applied](#example-ruleset-before-style-guidelines-are-applied)
+    - [Example: Ruleset after style guidelines are applied, with test URLs](#example-ruleset-after-style-guidelines-are-applied-with-test-urls)
+  - [Removal of Rules](#removal-of-rules)
+    - [Regular Rules](#regular-rules)
+    - [HSTS Preloaded Rules](#hsts-preloaded-rules)
+  - [Contributing Code](#contributing-code)
+  - [Contributing Documentation](#contributing-documentation)
+  - [Pull Requests from Deleted Accounts](#pull-requests-from-deleted-accounts)
+  - [Contributing Translations](#contributing-translations)
+
+# Welcome
+
+Welcome, and thank you for your interest in contributing to HTTPS Everywhere! HTTPS Everywhere depends on the open source community for its continued success, so any contribution is appreciated.
+
+One of the things that makes it easy to contribute to HTTPS Everywhere is that you don't have to be a coder to contribute. That's because HTTPS Everywhere's most important component is the list of rules that tell it when it can request a website over HTTPS. These rules are just XML files that contain regular expressions, so if you can write XML and simple regexes, you can help us add rules and increase HTTPS Everywhere's coverage. No coding skills necessary!
+
+If you want to have the greatest impact, however, you can help be a ruleset maintainer. Ruleset maintainers are trusted volunteers who examine rulesets contributed by others and work with them to ensure that these rulesets work properly and are styled correctly before they're merged in. While we currently have a couple of extremely dedicated and extremely proficient ruleset maintainers, the backlog of sites to add to HTTPS Everywhere just keeps growing, and they need help! If you would like to volunteer to become one, the best thing to do is to build trust in your work by monitoring the repository, contributing pull requests, and commenting on issues that interest you. Then you can contact us at https-everywhere-rules-owner [at] eff <dot> org expressing your interest in helping out.
+
+If you get stuck we have two publicly-archived mailing lists: the [https-everywhere list](https://lists.eff.org/mailman/listinfo/https-everywhere) is for discussing the project as a whole, and the [https-everywhere-rulesets list](https://lists.eff.org/mailman/listinfo/https-everywhere-rules) is for discussing the `rulesets` and their contents, including patches and git pull requests.
+
+You can also find more information on about HTTPS Everywhere on our [FAQ](https://www.eff.org/https-everywhere/faq) page.
+
+Also, please remember that this project is governed by [EFF's Public Projects Code of Conduct](https://www.eff.org/pages/eppcode).
+
+Thanks again, and we look forward to your contributions!
+
+## HTTPS Everywhere Source Code Layout
+
+There are several main areas of development on HTTPS Everywhere: the rulesets, the core codebase, utilities, and tests.
+
+The rulesets can be found in the [`rules`](rules) top-level path and include all the rules for redirecting individual sites to HTTPS.  These are written in XML. If you want to get started contributing to HTTPS Everywhere, we recommend starting here.
+
+The core codebase consists of the code that performs the redirects, the UI, logging code, and ruleset loading.  This encompasses all code delivered with the extension itself that is *not* a ruleset.  It is written in JavaScript, using the `WebExtensions` API (located in [`chromium`](chromium)).
+
+The utilities ([`utils`](utils) top-level path) include scripts that build the extension, sanitize and perform normalization on rulesets, simplify rules, and help label GitHub issues.  Historically, these utilities have been written in Python.  Many of the newer utilities are written in JavaScript, and are meant to be run in node.  Some of the wrappers for these utilities are in shell scripts.
+
+Tests are performed in headless browsers and located in the [`test`](test) top-level path.  These are written in Python, and some of the wrappers for these tests are in shell scripts.
+
+Source Tree:
+
+		chromium/                 WebExtension source code (for Firefox & Chromium/chrome)
+		chromium/external         External dependencies
+		chromium/test             Unit tests
+
+		rules/                    Symbolic link to src/chrome/content/rules
+
+		src/chrome/content/rules  Ruleset files live here
+
+		test/                     Travis unit test source code live here
+
+		utils/                    Various utilities (includes some Travis test source)
+
+## Install Dependencies and Test Build
+
+Get the packages you need and install a git hook to run tests before push:
+
+		bash install-dev-dependencies.sh
+
+Run the ruleset validations and browser tests:
+
+		bash test.sh
+
+Run the latest code and rulesets in a standalone Firefox profile:
+
+		bash test/firefox.sh --justrun
+
+Run the latest code and rulesets in a standalone profile for a specific version of Firefox:
+
+		FIREFOX=/path/to/firefox bash test/firefox.sh --justrun
+
+Run the latest code and rulesets in a standalone Chromium profile:
+
+		bash test/chromium.sh --justrun
+
+Run the latest code and rulesets in a standalone Tor Browser profile:
+
+		bash test/tor-browser.sh path_to_tor_browser.tar.xz
+
+Build the Firefox (.xpi) & Chromium (.crx) extensions:
+
+		bash make.sh
+
+Both of the build commands store their output under pkg/.
+
+## Precommit Testing
+
+One can run the available test suites automatically by enabling the precommit
+hook provided with:
+
+		ln -s ../../hooks/precommit .git/hooks/pre-commit
+
+## Testing
+
+### Quickly Testing a Ruleset
+
+1. Open a version of the Firefox or Chrome browser without HTTPS Everywhere loaded to the HTTP endpoint
+
+2. From your working ruleset branch, test with running `bash test/firefox.sh --justrun` or `bash test/chromium.sh --justrun` to open a fresh profile with the extension loaded and click around and compare the look and functionality of both sites. If something fails to load or looks strange, you may be able to debug the problem by opening the network tab of your browser debugging tool.  Modify the `ruleset` until you get it in a good state - you'll have to re-run the HTTPS Everywhere-equipped browser upon each change.
+
+### Coverage
+
+Please reference [HTTPS Ruleset Checker](https://github.com/EFForg/https-everywhere/blob/master/test/rules/README.md) to properly test rulesets against our tests before sending a pull request.
+
+## Submitting Changes
+
+To submit changes, open a pull request from our [GitHub repository](https://github.com/efforg/https-everywhere).
+
+HTTPS Everywhere is maintained by a limited set of staff and volunteers.  Please be mindful that we may take a while before we're able to review your contributions.
+
+## Contributing Rulesets
+
+Thanks for your interest in contributing to the HTTPS Everywhere `rulesets`! There's just a few things you should know before jumping in. First some terminology, which will help you understand how exactly `rulesets` are structured and what each one contains:
+
+* `ruleset`: a scope in which `rules`, `targets`, and `tests` are contained. `rulesets` are usually named after the entity which controls the group of `targets` contained in it.  There is one `ruleset` per XML file within the `src/chrome/content/rules` directory.
+* `target`: a Fully Qualified Domain Name which may include a wildcard specified by `*.` on the left side, which `rules` are applied to. There may be many `targets` within any given `ruleset`.
+* `rule`: a specific regular expression rewrite that is applied for all matching `targets` within the same `ruleset`.  There may be many `rules` within any given `ruleset`.
+* `test`: a URL for which a request is made to ensure that the rewrite is working properly.  There may be many `tests` within any given `ruleset`.
+
+```xml
+<!--
+				An example ruleset. Note that this example doesn't necessarily
+				satisfy the style criteria described below - we just have it
+				here to show you what the components of a ruleset looks like.
+-->
+<ruleset name="eff.org">
+				<target host="*.eff.org" />
+
+				<rule from="^http:" to="https:" />
+
+				<test url="http://www.eff.org/https-everywhere/" />
+</ruleset>
+```
+
+HTTPS Everywhere includes tens of thousands of `rulesets`.  Any one of these sites can change their HTTPS configuration at any time, so keeping HTTPS Everywhere usable is a task that requires constant maintenance.  At the same time, HTTPS deployment on the web is becoming more and more widespread, thanks to projects like [Let's Encrypt](https://letsencrypt.org/).  This is a very good thing, as it means the web is becoming a safer place!  However, with each new `ruleset` that HTTPS Everywhere includes comes with an increase in both download size upon install and memory usage at runtime.  Rather than adding new `rulesets`, we encourage potential contributors to look for broken `rulesets` and try to fix them first.
+
+Some `rulesets` have the attribute `platform="mixedcontent"`.  These `rulesets` cause problems in browsers that enable active mixed-content (loading insecure resources in a secure page) blocking.  When browsers started enforcing active mixed-content blocking, some HTTPS sites started to break.  That's why we introduced this tag - it disables those `rulesets` for browsers blocking active mixed content.  It is likely that many of these sites have fixed this historical problem, so we particularly encourage `ruleset` contributors to fix these `rulesets` first:
+
+		git grep -i mixedcontent src/chrome/content/rules
+
+### New Rulesets
+
+If you want to create new `rulesets` to submit to us, we expect them to be in the `src/chrome/content/rules` directory. That directory also contains a useful script, `make-trivial-rule`, to create a simple `ruleset` for a specified domain. There is also a script in `test/validations/special/run.py`, to check all the pending `rulesets` for several common errors and oversights. For example, if you wanted to make a `ruleset` for the `example.com` domain, you could run:
+
+```bash
+cd src/chrome/content/rules
+bash ./make-trivial-rule example.com
+```
+
+This would create `Example.com.xml`, which you could then take a look at and edit based on your knowledge of any specific URLs at `example.com` that do or don't work in HTTPS. Please have a look at our Ruleset Style Guide below, where you can find useful tips about finding more subdomains. Our goal is to have as many subdomains covered as we can find.
+
+### Minimum Requirements for a Ruleset PR
+
+There are several volunteers to HTTPS Everywhere who have graciously dedicated their time to look at the `ruleset` contributions and work with contributors to ensure quality of the pull requests before merging.  It is typical for there to be several back-and-forth communications with these `ruleset` maintainers before a PR is in a good shape to merge.  Please be patient and respectful, the maintainers are donating their time for no benefit other than the satisfaction of making the web more secure.  They are under no obligation to merge your request, and may reject it if it is impossible to ensure quality.  You can identify these volunteers by looking for the "Collaborator" identifier in their comments on HTTPS Everywhere issues and pull requests.
+
+In the back-and-forth process of getting the `ruleset` in good shape, there may be many commits made.  It is this project's convention to squash-and-merge these commits into a single commit before merging into the project.  If your commits are cryptographically signed, we may ask you to squash the commits yourself in order to preserve this signature.  Otherwise, we may squash them ourselves before merging.
+
+We prefer small, granular changes to the rulesets.  Not only are these easier to test and review, this results in cleaner commits.
+
+## Ruleset Style Guide
+
+### Motivation
+
+Rules should be written in a way that is consistent, easy for humans to read and debug, reduces the chance of errors, and makes testing easy.
+
+To that end here are some style guidelines for writing or modifying rulesets. They are intended to help and simplify in places where choices are ambiguous, but like all guidelines they can be broken if the circumstances require it.
+
+### Indentation & Misc Stylistic Conventions
+
+Use tabs for indentation.  For `tests` and `exclusions`, place them under the `target` that they refer to, indented one additional layer.  See below for an example.
+
+We provide an [`.editorconfig`](.editorconfig) file in the top-level path, which you can configure your editor of choice to use.  This will enforce proper indentation.
+
+Use double quotes (`"`, not `'`).
+
+### Wildcards in Targets
+
+#### Left-Wildcards
+
+Avoid using the left-wildcard (`<target host="*.example.com" />`) unless you intend to rewrite all or nearly all subdomains.  If it can be demonstrated that there is comprehensive HTTPS coverage for subdomains, left-wildcards may be appropriate.  Many rules today specify a left-wildcard target, but the rewrite rules only rewrite an explicit list of hostnames.
+
+Instead, prefer listing explicit target hosts and a single rewrite from `"^http:"` to `"^https:"`. This saves you time as a ruleset author because each explicit target host automatically creates an implicit test URL, reducing the need to add your own test URLs. These also make it easier for someone reading the ruleset to figure out which subdomains are covered.
+
+If you know all subdomains of a given domain support HTTPS, go ahead and use a left-wildcard, along with a plain rewrite from `"^http:"` to `"^https:"`. Make sure to add a bunch of test URLs for the more important subdomains.
+
+#### Edge-Case: Right-Wildcards
+
+Right-wildcards (`<target host="account.google.*" />`) are highly discouraged.  Only use them in edge-cases where other solutions are unruly.
+
+Example:
+
+* Complicated rulesets like [`Google.tld_Subdomains.xml`](https://github.com/EFForg/https-everywhere/blob/cb03ac8418a773a309d605231a15a702fce96ce9/src/chrome/content/rules/Google.tld_Subdomains.xml)
+
+Where they must be used, please add a comment to the `ruleset` explaining why.
+
+### Complicated Regex in Rules
+
+Avoid regexes with long strings of subdomains, e.g. `<rule from="^http://(foo|bar|baz|bananas).example.com" />`. These are hard to read and maintain, and are usually better expressed with a longer list of target hosts, plus a plain rewrite from `"^http:"` to `"^https:"`.
+
+In general, avoid using open-ended regex in rules.  In certain cases, open-ended regex may be the most elegant solution.  But carefully consider if there are other options.
+
+Examples:
+
+* Rulesets with a lot of domains that we can catch with a simple regex that would be tedious and error-prone to list individually, like [`360.cn.xml`](https://github.com/EFForg/https-everywhere/blob/9698e64a2de7cf37509ab13ba9dcfd5bd4f84a95/src/chrome/content/rules/360.cn.xml#L98-L103)
+* CDNs with an arbitrarily large number of subdomains ([example](https://github.com/EFForg/https-everywhere/pull/7484#issuecomment-262852427)).
+
+### Enumerating Subdomains
+
+If you're not sure what subdomains might exist, you can install the `Sublist3r` tool:
+
+		git clone https://github.com/aboul3la/Sublist3r.git
+		cd Sublist3r
+		sudo pip install -r requirements.txt # or use virtualenv...
+
+Then you can to enumerate the list of subdomains:
+
+		python sublist3r.py -d example.com -e Baidu,Yahoo,Google,Bing,Ask,Netcraft,Virustotal,SSL
+
+Alternatively, you can iteratively use Google queries and enumerate the list of results like such:
+
+1. site:*.eff.org
+2. site:*.eff.org -site:www.eff.org
+3. site:*.eff.org -site:www.eff.org -site:ssd.eff.org
+
+... and so on.
+
+### Target Ordering
+
+In all cases where there is a list of domains, sort them in alphabetical order starting from the top level domain at the right reading left, moving ^ and www to the top of their group. For example:
+
+		example.com
+		www.example.com
+		a.example.com
+		www.a.example.com
+		b.a.example.com
+		b.example.com
+		example.net
+		www.example.net
+		a.example.net
+
+### Rule Ordering
+
+If there are a handful of tricky subdomains, but most subdomains can handle the plain rewrite from `"^http:"` to `"^https:"`, specify the rules for the tricky subdomains first, and then then plain rule last. Earlier rules will take precedence, and processing stops at the first matching rule. There may be a tiny performance hit for processing exception cases earlier in the ruleset and the common case last, but in most cases the performance issue is trumped by readability.
+
+### Non-working hosts
+
+It is useful to list hosts that do not work in the comments of a `ruleset`.  This is a stylistic preference but is not strictly required.
+
+For easy reading, please avoid using UTF characters unless in the rare instances that they are part of the hostname itself.
+
+Example:
+
+```xml
+<!--
+	Invalid certificate:
+					incomplete.example.com (incomplete certificate chain)
+					selfsigned.example.com
+					wronghost.example.com
+
+	Redirect to HTTP:
+					httponly.example.com
+
+	Refused:
+					abc.example.com
+					abc.abc.example.com
+
+	Time out:
+					drop.example.com
+
+-->
+```
+
+In most cases, the absence of a `2XX` or `3XX` endpoint indicates that a host should not be included in the set of `targets` and is non-working, *except* when it is clear that the site functions as intended in the absence of such an endpoint.
+
+### Ruleset Names
+
+For simple sites, the `ruleset` `name` attribute can be either a site description or the domain itself. For example, the [SeattleAquarium.org.xml](https://github.com/EFForg/https-everywhere/blob/30b7a0101d0bb8a492a0f089096bc162de07f778/src/chrome/content/rules/SeattleAquarium.org.xml) ruleset could have a `name` of `Seattle Aquarium`, `SeattleAquarium.org`, or `seattleaquarium.org`.
+
+If a `ruleset` covers multiple domains, then the `ruleset` `name` should reflect the broader organization, project, or concept for what a ruleset is trying to accomplish.
+
+Examples:
+
+* [`Google.xml`](https://github.com/EFForg/https-everywhere/blob/5.2.10/src/chrome/content/rules/Google.xml) is just named `Google`, and
+* [`Bitly.xml`](https://github.com/EFForg/https-everywhere/blob/5.2.10/src/chrome/content/rules/Bitly.xml) is named `bit.ly`, but
+* [`Bitly_branded_short_domains.xml`](https://raw.githubusercontent.com/EFForg/https-everywhere/5.2.10/src/chrome/content/rules/Bitly_branded_short_domains.xml) is named `Bitly vanity domains`
+
+#### Filenames
+
+Filenames should vaguely resemble the `name` so that someone looking for the file based on the `name` can find it easily. Filenames that start with a capital letter are preferred.  Prefer dashes over underscores in filenames. Dashes are easier to type.
+
+### Cross-referencing Rulesets
+
+This sort of comment: `For other Migros coverage, see Migros.xml.` is definitely appropriate, in both directions.
+
+### Regex Conventions
+
+When matching an arbitrary DNS label (a single component of a hostname), prefer `([\w-]+)` for a single label (i.e. www), or `([\w.-]+)` for multiple labels (i.e. www.beta). Avoid more visually complicated options like `([^/:@\.]+\.)?`.
+
+For `securecookie` tags, if you know that all cookies on the included targets can be secured (which in particular means that the cookies are not used by any of its non-securable subdomains), use the trivial
+
+```xml
+<securecookie host=".+" name=".+" />
+```
+
+where we prefer `.+` over `.*` and `.`. They are functionally equivalent, but it's nice to be consistent.
+
+Avoid the negative lookahead operator `?!`. This is almost always better expressed using positive rule tags and negative exclusion tags. Some rulesets have exclusion tags that contain negative lookahead operators, which is very confusing.
+
+Prefer capturing groups `(www\.)?` over non-capturing `(?:www\.)?`. The non-capturing form adds extra line noise that makes rules harder to read. Generally you can achieve the same effect by choosing a correspondingly higher index for your replacement group to account for the groups you don't care about.
+
+### Snapping Redirects
+
+Avoid snapping redirects. For instance, if `https://foo.fm` serves HTTPS correctly, but redirects to `https://foo.com`, it's tempting to rewrite `foo.fm` to `foo.com`, to save users the latency of the redirect. However, such rulesets are less obviously correct and require more scrutiny. And the redirect can go out of date and cause problems. HTTPS Everywhere rulesets should change requests the minimum amount necessary to ensure a secure connection.
+
+### Example: Ruleset before style guidelines are applied
+
+```xml
+<ruleset name="WHATWG.org">
+		<target host='whatwg.org' />
+		<target host="*.whatwg.org" />
+
+		<rule from="^http://((?:developers|html-differences|images|resources|\w+\.spec|wiki|www)\.)?whatwg\.org/"
+		to="https://$1whatwg.org/" />
+</ruleset>
+```
+
+### Example: Ruleset after style guidelines are applied, with test URLs
+
+```xml
+<ruleset name="WHATWG.org">
+	<target host="whatwg.org" />
+	<target host="www.whatwg.org" />
+	<target host="developers.whatwg.org" />
+	<target host="html-differences.whatwg.org" />
+	<target host="images.whatwg.org" />
+	<target host="resources.whatwg.org" />
+	<target host="*.spec.whatwg.org" />
+		<test url="http://html.spec.whatwg.org/" />
+		<test url="http://fetch.spec.whatwg.org/" />
+		<test url="http://xhr.spec.whatwg.org/" />
+		<test url="http://dom.spec.whatwg.org/" />
+	<target host="wiki.whatwg.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
+```
+
+## Removal of Rules
+
+### Regular Rules
+
+It should be considered a sufficient condition for removal if a contributor can demonstrate that the TLS configuration for either a specific `target` or a ruleset altogether is unstable and/or breaking, or will be unstable and/or breaking in the near future.  It is, of course, preferable that the `ruleset` be fixed rather than removed.
+
+### HSTS Preloaded Rules
+
+In `utils` we have a tool called `hsts-prune` which removes `targets` from rulesets if they are already contained in the [HSTS preload](https://hstspreload.org/) list for browsers that we support.  To be explicit, the script is an implementation of the following policy:
+
+> Let `included domain` denote either a `target`, or a parent of a `target`.  Let `supported browsers` include the ESR, Dev, and Stable releases of Firefox, and the Stable release of Chromium.  If `included domain` is a parent of the `target`, the `included domain` must be present in the HSTS preload list for all `supported browsers` with the relevant flag which denotes inclusion of subdomains set to `true`.  If `included domain` is the `target` itself, it must be included the HSTS preload list for all `supported browsers`.  Additionally, if the http endpoint of the `target` exists, it must issue a 3XX redirect to the https endpoint for that target.  Additionally, the https endpoint for the `target` must deliver a `Strict-Transport-Security` header with the following directives present:
+>
+> * `max-age` >= 31536000
+> * `includeSubDomains`
+> * `preload`
+>
+> If all the above conditions are met, a contributor may remove the `target` from the HTTPS Everywhere rulesets.  If all targets are removed for a ruleset, the contributor is advised to remove the ruleset file itself.  The ruleset `rule` and `test` tags may need to be modified in order to pass the ruleset coverage test.
+
+Every new pull request automatically has the `hsts-prune` utility applied to it as part of the continual integration process.  If a new PR introduces a `target` which is preloaded, it will fail the CI test suite.  See:
+
+* `.travis.yml`
+* `test/run_travis.sh`
+
+## Contributing Code
+
+In addition to `ruleset` contributions, we also encourage code contributions to HTTPS Everywhere.  There are a few considerations to keep in mind when contributing code.
+
+Officially supported browsers:
+
+* Firefox Stable
+* Firefox ESR
+* Chromium Stable
+
+We also informally support the Opera browser, but do not have tooling around testing Opera.  Firefox ESR is supported because this is what the [Tor Browser](https://www.torproject.org/projects/torbrowser.html.en), which includes HTTPS Everywhere, is built upon.  For the test commands, refer to [README.md](README.md).
+
+The current extension maintainer is [@zoracon](https://github.com/zoracon).  You can tag them for PRs which involve the core codebase.
+
+Several of our utilities and our full test suite is written in Python.  Eventually we would like the whole codebase to be standardized as JavaScript.  If you are so inclined, it would be helpful to rewrite the tooling and tests into JavaScript while maintaining the functionality.
+
+## Contributing Documentation
+
+Standalone documentation should be written in [Markdown](https://en.wikipedia.org/wiki/Markdown) that follows the [Google style guide](https://github.com/google/styleguide/blob/gh-pages/docguide/style.md). If you are updating existing documentation that does not follow the Google style guide, then you should follow the style of the file you are updating.
+
+* * *
+
+## Pull Requests from Deleted Accounts
+
+Sometimes a contributor will [delete their GitHub account](https://help.github.com/articles/deleting-your-user-account/) after submitting a pull request, resulting in the pull request being associated with the [Ghost user (@ghost)](https://github.com/ghost).  These @ghost pull requests can cause problems for HTTPS Everywhere maintainers, leaving questions unanswered and closing off the possibility of receiving maintainer feedback to solicit clarification or request changes.
+
+We ask that if you want to delete your GitHub account, you either close your HTTPS Everywhere pull requests before you delete your account, or wait to delete your account until we merge your pull requests. Otherwise, maintainers are free to close @ghost pull requests without any comment.
+
+## Contributing Translations
+
+We are reviewing our process around translations and currently discussing ways to improve. Translations are still processed under the same entity and those who have an account already, do not need to take action at this time. Thank you for your contributions.
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 000000000000..2912aedc98e9
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,7 @@
+FROM electronicfrontierfoundation/https-everywhere-docker-base
+MAINTAINER William Budington "bill@eff.org"
+WORKDIR /opt
+
+COPY test/rules/requirements.txt /tmp/
+RUN pip3 install -r /tmp/requirements.txt
+RUN rm /tmp/requirements.txt
diff --git a/LICENSE.txt b/LICENSE.txt
index bd9f9e1ac846..7c7a3bde0e95 100644
--- a/LICENSE.txt
+++ b/LICENSE.txt
@@ -1,33 +1,15 @@
-HTTPS Everwyhere:
-Copyright © 2010-2012 Mike Perry <mikeperry@fscked.org>
-                      Peter Eckersley <pde@eff.org>
-                      and many others
-                      (Licensed GPL v2+)
-
-Incorporating code from NoScript,
-Copyright © 2004-2007 Giorgio Maone <g.maone@informaction.com>
+HTTPS Everywhere:
+Copyright © 2010-2021 Electronic Frontier Foundation and others
 Licensed GPL v2+
 
-Incorporating code from Convergence
-Copyright © Moxie Marlinspike
-Licensed GPL v3+
-
-Incorporating code from js-lru
-Copyright © 2010 Rasmus Andersson
-Licensed MIT
-
-The build system incorporates code from Python 2.6,
-Copyright © 2001-2006 Python Software Foundation
-Python Software Foundation License Version 2
-
-Net License:  GPL v3+ (complete tree)
-              GPL v2+ (if Moxie's NSS.js is absent)
-
+HTTPS Everywhere Rulesets (src/chrome/content/rules):
+To the extent copyright applies to the rulesets, they can be used according to GPL v2 or later.
 
-Text of MIT License:
-====================
-Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+The DuckDuckGo Smarter Encryption list, utilized by HTTPS Everywhere at https://www.https-rulesets.org/ddg, is publicly available under the Creative Commons Attribution-NonCommercial-ShareAlike 4.0. International license. 
+If you'd like to license the list for commercial use, please reach out to: https://help.duckduckgo.com/duckduckgo-help-pages/company/contact-us/
 
-The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+Issue Format Bot (utils/issue-format-bot/*):
+Copyright © 2017 AJ Jordan, AGPLv3+
 
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+The build system incorporates code from Python 3.6 and Python 3 respectively
+Copyright © 2001-2018 Python Software Foundation; All Rights Reserved
diff --git a/Makefile b/Makefile
deleted file mode 100644
index c2db72141c8a..000000000000
--- a/Makefile
+++ /dev/null
@@ -1,14 +0,0 @@
-#!/usr/bin/make -f
-
-# this rule makes tag or branch targets
-%:
-	./makexpi.sh $@
-# this makes prerelease xpis (and is the default rule)
-prerelease: pkg
-	./makexpi.sh
-pkg:
-	mkdir pkg
-clean:
-	rm -f pkg/*.xpi
-
-.PHONY: clean prerelease
diff --git a/README.md b/README.md
index 4b4faee23009..d3255879024e 100644
--- a/README.md
+++ b/README.md
@@ -1,71 +1,23 @@
-HTTPS Everywhere
-================
+[![Build Status](https://travis-ci.com/EFForg/https-everywhere.svg?branch=master)](https://travis-ci.com/EFForg/https-everywhere)
+[![Coverage Status](https://coveralls.io/repos/github/EFForg/https-everywhere/badge.svg?branch=master)](https://coveralls.io/github/EFForg/https-everywhere?branch=master)
 
-Installing Dependencies in Debian or Ubuntu
--------------------------------------------
+# Update on HTTPS Everywhere
+⚠️This project is no longer being maintained or updated. Please uninstall and direct users to the advice below to switch to HTTPS by default natively.
 
-    sudo apt-get install python-lxml python-libxml2 libxml2-utils zip
+You no longer need HTTPS Everywhere to set HTTPS by default! Major browsers now offer native support for an HTTPS only mode.
+Find out how to turn it on [here](https://www.eff.org/https-everywhere/set-https-default-your-browser).
 
-Installing Dependencies in Mac OS X
------------------------------------
+This extension will be sunset by January 2023.
 
-We recommend Mac users install dependencies using Homebrew:
-http://mxcl.github.io/homebrew/
 
-Once you have Homebrew and Xcode installed, run this to install HTTPS Everywhere dependencies.
+# Getting Started With HTTPS Everywhere
 
-    brew install python libxml2 gnu-sed 
+HTTPS Everywhere is a Firefox, Chrome, and Opera extension that encrypts your communications with many major websites, making your browsing more secure. Encrypt the web: [Install HTTPS Everywhere today](https://www.eff.org/https-everywhere).
 
-Homebrew puts python in /usr/local/bin, but the python that comes with OS X is in /usr/bin. In order to use homebrew's version of python and pip you must change the order of your path so that /usr/local/bin comes before /usr/bin. This command will force your path to start with /usr/local/bin: 
+## For Users
 
-    echo PATH=/usr/local/bin:$PATH >> ~/.profile
+Want to install or uninstall HTTPS Everywhere? Have questions? [View this guide](https://www.eff.org/https-everywhere) for installation and here for [FAQs](https://www.eff.org/https-everywhere/faq).
 
-After running this close your terminal and then open it again. Then install lxml using pip.
+## For Website Owners and Maintainers
 
-    pip install lxml
-
-Build Instructions
-------------------
-
-To build the Firefox version go to the git repository root and run:
-
-    ./makexpi.sh
-
-To build the Chrome version go to the git repository root and run:
-
-    ./makecrx.sh
-
-After building the extension the xpi files (for Firefox) and crx files (for Chrome) get created in the pkg directory. You can open those files within your browser to install the browser extension.
-
-Ruleset Tests
--------------
-
-You can run ruleset tests by opening `about:config` and changing `extensions.https_everywhere.show_ruleset_tests` to true. Now when you open the HTTPS Everywhere context menu there will be a "Run HTTPS Everywhere Ruleset Tests" menu item.
-
-When you run the tests, be prepared to let your computer run them for a really long time.
-
-Source Tree
------------
-
-This is the source tree for HTTPS Everywhere for Firefox and Chrome.
-
-Important directories you might want to know about
-
-    src/                      The Firefox source
-
-    chromium/                 The Chromium/Chrome source 
-                              (not to be confused with Firefox browser "chrome" or UI)
-     
-    src/components            |
-    src/chrome/content        | Firefox JavaScript and XUL code
-    src/chrome/content/code   |
-
-    src/chrome/content/rules  The rulesets live here
-
-Precommit Testing
------------------
-
-One can run the available test suites automatically by enabling the precommit
-hook provided with:
-
-    $ ln -s ../../hooks/precommit .git/hooks/pre-commit
+Want to deploy HTTPS on your site? [View this guide](https://www.eff.org/https-everywhere/deploying-https).
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 000000000000..186e6892ac86
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,17 @@
+# Security Policy
+
+## Supported Versions
+
+Use this section to tell people about which versions of your project are
+currently being supported with security updates.
+
+| Browser         |  Supported         |
+| --------------- | ------------------ |
+| Firefox         | :white_check_mark: |
+| Firefox Android | :white_check_mark: |
+| Chrome          | :white_check_mark: |
+| Opera           | :white_check_mark: |
+
+## Reporting a Vulnerability
+
+https://www.eff.org/security
diff --git a/browser-dist/README.md b/browser-dist/README.md
new file mode 100644
index 000000000000..47385bff828a
--- /dev/null
+++ b/browser-dist/README.md
@@ -0,0 +1,32 @@
+# Browser Distribution Special Cases
+
+## Edge
+
+Case:
+Edge does not accept CRX files for direct upload to store.
+
+Work around: `edge.sh`
+
+## Opera
+
+Case:
+Opera does not accept `default.rulesets` due to strict MIME type restriction
+
+In order to not disrupt many downstream channels, we are building a separate CRX file for Opera for now.
+
+Work around: `opera.sh`
+
+## Build process
+
+These scripts are normally ran after main build and deployment is finished. The reason being we want a confirmed CRX file upload to Chrome to build the Edge zip and Opera crx distributions on.
+
+## CRX Verification of Files before Upload
+
+Install Node Package for CRX Verification via NPM
+`[sudo] npm -g i crx3-utils`
+
+### Verify CRX file
+
+1. `crx3-info rsa 0 < $crx > public.pem`
+2. `crx3-verify rsa 0 public.pem < $crx`
+3. `echo "CRX verified"`
diff --git a/browser-dist/edge.sh b/browser-dist/edge.sh
new file mode 100755
index 000000000000..d8d62cd4a259
--- /dev/null
+++ b/browser-dist/edge.sh
@@ -0,0 +1,25 @@
+#!/bin/bash
+# Written for transparency and reproducibility on Edge upload
+# See browser-dist.md for more info
+
+VERSION=`python3 -c "import json ; print(json.loads(open('../chromium/manifest.json').read())['version'])"`
+crx_cws="../pkg/https-everywhere-$VERSION-cws.crx"
+crx_eff="../pkg/https-everywhere-$VERSION-eff.crx"
+
+crx3-info rsa 0 < $crx_cws > public.pem
+crx3-verify rsa 0 public.pem < $crx_cws
+echo "CRX verified"
+
+#Build Edge Zip File
+echo "Building Edge Zip"
+crx3-info < $crx_eff | awk '/^header/ {print $2}' \
+    | xargs -I% dd if=$crx_eff iflag=skip_bytes skip=% > https-everywhere-$VERSION-edge.zip
+
+echo >&2 "Edge zip package has sha256sum: `openssl dgst -sha256 -binary "https-everywhere-$VERSION-edge.zip" | xxd -p`"
+
+mv https-everywhere-$VERSION-edge.zip ../pkg/https-everywhere-$VERSION-edge.zip
+
+echo "Created pkg/https-everywhere-$VERSION-edge.zip"
+
+#Now remove unneeded pem file
+rm public.pem
\ No newline at end of file
diff --git a/browser-dist/opera.sh b/browser-dist/opera.sh
new file mode 100755
index 000000000000..261b8ad41b6c
--- /dev/null
+++ b/browser-dist/opera.sh
@@ -0,0 +1,168 @@
+#!/usr/bin/env bash
+
+# Build an HTTPS Everywhere Opera CRX Distribution
+# Written for transparency and reproducibility on Opera upload
+# See browser-dist.md for more info
+
+# To build the current state of the tree:
+#
+#     ./browser-dist-opera.sh
+#
+# To build a particular tagged release:
+#
+#     ./browser-dist-opera.sh <version number>
+#
+# eg:
+#
+#     ./browser-dist-opera.sh 2017.8.15
+#
+# Note that .crx files must be signed; this script makes you a
+# "dummy-chromium.pem" private key for you to sign your own local releases,
+# but these .crx files won't detect and upgrade to official HTTPS Everywhere
+# releases signed by EFF :/.  We should find a more elegant arrangement.
+
+! getopt --test > /dev/null
+if [[ ${PIPESTATUS[0]} -ne 4 ]]; then
+  echo 'I’m sorry, `getopt --test` failed in this environment.'
+  exit 1
+fi
+
+OPTIONS=eck:
+LONGOPTS=remove-extension-update,remove-update-channels,key:
+! PARSED=$(getopt --options=$OPTIONS --longoptions=$LONGOPTS --name "$0" -- "$@")
+if [[ ${PIPESTATUS[0]} -ne 0 ]]; then
+  # e.g. return value is 1
+  #  then getopt has complained about wrong arguments to stdout
+  exit 2
+fi
+
+# read getopt’s output this way to handle the quoting right:
+eval set -- "$PARSED"
+
+REMOVE_EXTENSION_UPDATE=false
+REMOVE_UPDATE_CHANNELS=false
+KEY=$(pwd)/dummy-chromium.pem
+while true; do
+  case "$1" in
+    -e|--remove-extension-update)
+      REMOVE_EXTENSION_UPDATE=true
+      shift
+      ;;
+    -c|--remove-update-channels)
+      REMOVE_UPDATE_CHANNELS=true
+      shift
+      ;;
+    -k|--key)
+      KEY="$2"
+      shift 2
+      ;;
+    --)
+      shift
+      break
+      ;;
+    *)
+      echo "Programming error"
+      exit 3
+      ;;
+  esac
+done
+
+if [ "${KEY:0:1}" != "/" ]; then
+  echo "Key must be specified as an absolute path."
+  exit 4
+fi
+
+cd $(dirname $0)
+
+if [ -n "$1" ]; then
+  BRANCH=`git branch | head -n 1 | cut -d \  -f 2-`
+  SUBDIR=checkout
+  [ -d $SUBDIR ] || mkdir $SUBDIR
+  cp -r -f -a .git $SUBDIR
+  cd $SUBDIR
+  git reset --hard "$1"
+  git submodule update --recursive -f
+fi
+
+VERSION=`python3 -c "import json ; print(json.loads(open('../chromium/manifest.json').read())['version'])"`
+
+echo "Building version" $VERSION
+
+[ -d pkg ] || mkdir -p ../pkg
+[ -e pkg/crx-opera ] && rm -rf ../pkg/crx-opera
+
+# Clean up obsolete ruleset databases, just in case they still exist.
+rm -f src/chrome/content/rules/default.rulesets src/defaults/rulesets.sqlite
+
+mkdir -p ../pkg/crx-opera/rules
+cd ../pkg/crx-opera
+cp -a ../../chromium/* ./
+# Turn the Firefox translations into the appropriate Chrome format:
+rm -rf _locales/
+mkdir _locales/
+python3 ../../utils/chromium-translations.py ../../translations/ _locales/
+python3 ../../utils/chromium-translations.py ../../src/chrome/locale/ _locales/
+do_not_ship="*.py *.xml"
+rm -f $do_not_ship
+
+mkdir wasm
+cp ../../lib-wasm/pkg/*.wasm wasm
+cp ../../lib-wasm/pkg/*.js wasm
+
+cd ../..
+
+python3 ./utils/merge-rulesets.py || exit 5
+
+cp src/chrome/content/rules/default.rulesets.json pkg/crx-opera/rules/default.rulesets.json
+
+sed -i -e "s/VERSION/$VERSION/g" pkg/crx-opera/manifest.json
+
+for x in `cat .build_exclusions`; do
+  rm -rf pkg/crx-opera/$x
+done
+
+#Create Opera CRX caveat
+cd pkg/crx-opera
+sed -i 's/rules\/default.rulesets/rules\/default.rulesets.json/g' background-scripts/update.js
+cd ../..
+
+# Remove the 'applications' manifest key from the crx version of the extension, change the 'author' string to a hash, and add the "update_url" manifest key
+# "update_url" needs to be present to avoid problems reported in https://bugs.chromium.org/p/chromium/issues/detail?id=805755
+python3 -c "import json; m=json.loads(open('pkg/crx-opera/manifest.json').read()); m['author']={'email': 'eff.software.projects@gmail.com'}; del m['applications']; open('pkg/crx-opera/manifest.json','w').write(json.dumps(m,indent=4,sort_keys=True))"
+
+# If the --remove-update-channels flag is set, remove all out-of-band update channels
+if $REMOVE_UPDATE_CHANNELS; then
+  echo "Flag --remove-update-channels specified.  Removing all out-of-band update channels."
+  echo "require.scopes.update_channels.update_channels = [];" >> pkg/crx-opera/background-scripts/update_channels.js
+fi
+
+if [ -n "$BRANCH" ] ; then
+  crx_opera="pkg/https-everywhere-$VERSION-opera.crx"
+else
+  crx_opera="pkg/https-everywhere-$VERSION-pre-opera.crx"
+fi
+if ! [ -f "$KEY" ] ; then
+  echo "Making a dummy signing key for local build purposes"
+  openssl genrsa -out /tmp/dummy-chromium.pem 768
+  openssl pkcs8 -topk8 -nocrypt -in /tmp/dummy-chromium.pem -out $KEY
+fi
+
+# now pack the crx'es
+BROWSER="chromium-browser"
+which $BROWSER || BROWSER="chromium"
+
+$BROWSER --no-message-box --pack-extension="pkg/crx-opera" --pack-extension-key="$KEY" 2> /dev/null
+
+mv pkg/crx-opera.crx $crx_opera
+
+echo >&2 "Opera crx package has sha256sum: `openssl dgst -sha256 -binary "$crx_opera" | xxd -p`"
+echo >&2 "Total included rules: `find src/chrome/content/rules -name "*.xml" | wc -l`"
+echo >&2 "Rules disabled by default: `find src/chrome/content/rules -name "*.xml" | xargs grep -F default_off | wc -l`"
+
+echo "Created $crx_opera"
+
+if [ -n "$BRANCH" ]; then
+  cd ..
+  cp $SUBDIR/$crx_opera pkg
+  rm -rf $SUBDIR
+fi
diff --git a/cert-validity/mozilla/README b/cert-validity/mozilla/README
deleted file mode 100644
index 00e7b396d841..000000000000
--- a/cert-validity/mozilla/README
+++ /dev/null
@@ -1,6 +0,0 @@
-These are root CA certificates from Mozilla's mozilla-beta tree as of
-2011-05-25.
-
-The ones in the "hashed" directory have been processed with c_hash so
-that they can be used with curl --capath.  Their contents are identical
-to the originals.
diff --git a/cert-validity/mozilla/builtin-certs/ACEDICOM_Root.crt b/cert-validity/mozilla/builtin-certs/ACEDICOM_Root.crt
deleted file mode 100644
index bc5647907d9f..000000000000
--- a/cert-validity/mozilla/builtin-certs/ACEDICOM_Root.crt
+++ /dev/null
@@ -1,35 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFtTCCA52gAwIBAgIIYY3HhjsBggUwDQYJKoZIhvcNAQEFBQAwRDEWMBQG
-A1UEAwwNQUNFRElDT00gUm9vdDEMMAoGA1UECwwDUEtJMQ8wDQYDVQQKDAZF
-RElDT00xCzAJBgNVBAYTAkVTMB4XDTA4MDQxODE2MjQyMloXDTI4MDQxMzE2
-MjQyMlowRDEWMBQGA1UEAwwNQUNFRElDT00gUm9vdDEMMAoGA1UECwwDUEtJ
-MQ8wDQYDVQQKDAZFRElDT00xCzAJBgNVBAYTAkVTMIICIjANBgkqhkiG9w0B
-AQEFAAOCAg8AMIICCgKCAgEA/5KV4WgGdrQsyFhIyv2AVClVYyT/kGWbEHV7
-w2rbYgIB8hiGtXxaOLHkWLn709gtn70yN78sFW2+tfQh0hOR2QetAQXW8713
-zl9CgQr5auODAKgrLlUTY4HKRxx7XBZXehuDYAQ6PmXDzQHe3qTWDLqO3tkE
-7hdWIpuPY/1NFgu3e3eM+SW10W2ZEi5PGrjm6gSSrj0RuVFCPYewMYWveVqc
-/udOXpJPQ/yrOq2lEiZmueIM15jO1FillUAKt0SdE3QrwqXrIhWYENiLxQSf
-HY9g5QYbm8+5eaA9oiM/Qj9r+hwDezCNzmzAv+YbX79nuIQZ1RXve8uQNjFi
-ybwCq0Zfm/4aaJQ0PZCOrfbkHQl/Sog4P75n/TSW9R28MHTLOO7VbKvU/PQA
-twBbhTIWdjPp2KOZnQUAqhbm84F9b32qhm2tFXTTxKJxqvQUfecyuB+81fFO
-vW8XAjnXDpVCOscAPukmYxHqC9FK/xidstd7LzrZlvvoHpKuE1XI2Sf23Egb
-sCTBheN3nZqk8wwRHQ3ItBTutYJXCb8gWH8vIiPYcMt5bMlL8qkqyPyHK9ca
-UPgn6C9D4zq92Fdx/c6mUlv53U3t5fZvie27k5x2IXXwkkwp9y+cAS7+UEae
-ZAwUswdbxcJzbPEHXEUkFDWug/FqTYl6+rPYLWbwNof1K1MCAwEAAaOBqjCB
-pzAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFKaz4SsrSbbXc6GqlPUB
-53NlTKxQMA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUprPhKytJttdzoaqU
-9QHnc2VMrFAwRAYDVR0gBD0wOzA5BgRVHSAAMDEwLwYIKwYBBQUHAgEWI2h0
-dHA6Ly9hY2VkaWNvbS5lZGljb21ncm91cC5jb20vZG9jMA0GCSqGSIb3DQEB
-BQUAA4ICAQDOLAtSUWImfQwng4/F9tqgaHtPkl7qpHMyEVNEskTLnewPeUKz
-EKbHDZ3Ltvo/Onzqv4hTGzz3gvoFNTPhNahXwOf9jU8/kzJPeGYDdwdY6ZXI
-fj7QeQCM8htRM5u8lOk6e25SLTKeI6RF+7YuE7CLGLHdztUdp0J/Vb77W7tH
-1PwkzQSulgUV1qzOMPPKC8W64iLgpq0i5ALudBF/TP94HTXa5gI06xgSYXcG
-CRZj6hitoocf8seACQl1ThCojz2GuHURwCRiipZ7SkXp7FnFvmuD5uHorLUw
-Hv4FB4D54SMNUI8FmP8sX+g7tq3PgbUhh8oIKiMnMCArz+2UW6yyetLHKKGK
-C5tNSixthT8Jcjxn4tncB7rrZXtaAWPWkFtPF2Y9fwsZo5NjEFIqnxQWWOLc
-pfShFosOkYuByptZ+thrkQdlVV9SH686+5DdaaVbnG0OLLb6zqylfDJKZ0Dc
-MDQj3dcEI2bw/FWAp/tmGYI1Z2JwOV5vx+qQQEQIHriy1tvuWacNGHk0vFQY
-XlPKNFHtRQrmjseCNj6nOGOpMCwXEGCSn1WHElkQwg9naRHMTh5+Spqtr0Co
-daxWkHS4oJyleW/c6RrIaQXpuvoDs3zk4E7Czp3otkYNbn5XOmeUwssfnHdK
-Z05phkOTOPu220+DkdRgfks+KzgHVZhepA==
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/AC_RaxC3xADz_CerticxC3xA1mara_S.A..crt b/cert-validity/mozilla/builtin-certs/AC_RaxC3xADz_CerticxC3xA1mara_S.A..crt
deleted file mode 100644
index c9d91bb7eb31..000000000000
--- a/cert-validity/mozilla/builtin-certs/AC_RaxC3xADz_CerticxC3xA1mara_S.A..crt
+++ /dev/null
@@ -1,39 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIGZjCCBE6gAwIBAgIPB35Sk3vgFeNX8GmMy+wMMA0GCSqGSIb3DQEBBQUA
-MHsxCzAJBgNVBAYTAkNPMUcwRQYDVQQKDD5Tb2NpZWRhZCBDYW1lcmFsIGRl
-IENlcnRpZmljYWNpw7NuIERpZ2l0YWwgLSBDZXJ0aWPDoW1hcmEgUy5BLjEj
-MCEGA1UEAwwaQUMgUmHDrXogQ2VydGljw6FtYXJhIFMuQS4wHhcNMDYxMTI3
-MjA0NjI5WhcNMzAwNDAyMjE0MjAyWjB7MQswCQYDVQQGEwJDTzFHMEUGA1UE
-Cgw+U29jaWVkYWQgQ2FtZXJhbCBkZSBDZXJ0aWZpY2FjacOzbiBEaWdpdGFs
-IC0gQ2VydGljw6FtYXJhIFMuQS4xIzAhBgNVBAMMGkFDIFJhw616IENlcnRp
-Y8OhbWFyYSBTLkEuMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA
-q2uJo1PMSCMI+8PPUZYILrgIem08kBeGqentLhM0R7LQcNzJPNCNyu5LF6vQ
-hbCnIwTLqKL85XXbQMpiiY9QngE9JlsYhBzLfDe3fezTf3MZsGqy2IiKLUV0
-qPezuMDU2s0iiXRNWhU5cxh0T7XrmafBHoi0wpOQY5fzp6cSsgkiBzPZkc0O
-nB8OIMfuuzONj8LSWKdf/WU34ojC2I+GdV75LaeHM/J4Ny+LvB2GNzmxlPLY
-vEqcgxhaBvzz1NS6jBUJJfD5to0EfhcSM2tXSExP2yYe68yQ54v5aHxwD6Mq
-0Do43zeX4lvegGHTgNiRg0JaTASJaBE8rF9ogEHMYELODVoqDA+bMMCm8Ibb
-q0nXl21Ii/kDwFJnmxL3wvIumGVC2daa49AZMQyth9VXAnow6IYm+48jilSH
-5L887uvDdUhfHjlvgWJsxS3EF1QZtzeNnDeRyPYL1epjb4OsOMLzP96a++Ej
-YfDIJss2yKHzMI+ko6Kh3VOz3vCaMh+DkXkwwakfU5tTohVTP92dsxA7SH2J
-D/ztA/X7JWR1DhcZDY8AFmd5ekD8LVkH2ZD6mq093ICK5lw1omdMEWux+IBk
-AC1vImHFrEsm5VoQgpukg3s0956JkSCXjrdCx2bD0Omk1vUgjcTDlaxECp1b
-czwmPS9KvqfJpxAe+59QafMCAwEAAaOB5jCB4zAPBgNVHRMBAf8EBTADAQH/
-MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQU0QnQ6dfOeXRU+Tows/RtLAMD
-G2gwgaAGA1UdIASBmDCBlTCBkgYEVR0gADCBiTArBggrBgEFBQcCARYfaHR0
-cDovL3d3dy5jZXJ0aWNhbWFyYS5jb20vZHBjLzBaBggrBgEFBQcCAjBOGkxM
-aW1pdGFjaW9uZXMgZGUgZ2FyYW507WFzIGRlIGVzdGUgY2VydGlmaWNhZG8g
-c2UgcHVlZGVuIGVuY29udHJhciBlbiBsYSBEUEMuMA0GCSqGSIb3DQEBBQUA
-A4ICAQBclLW4RZFNjmEfAygPU3zmpFmps4p6xbD/CHwso3EcIRNnoZUSQDWD
-g4902zNc8El2CoFS3UnUmjIz75uny3XlesuXEpBcunvFm9+7OSPI/5jOCk0i
-AUgHforA1SBClETvv3eiiWdIG0ADBaGJ7M9i4z0ldma/Jre7Ir5v/zlXdLp6
-yQGVwZVR6Kss+LGGIOk/yzVb0hfpKv6DExdA7ohiZVvVO2Dpezy4ydV/NgIl
-qmjCMRW3MGXrfx1IebHPOeJCgBbT9ZMj/EyXyVo3bHwi2ErN0o42gzmRkBDI
-8ck1fj+404HGIGQatlDCIaR43NAvO2STdPCWkPHv+wlaNECW8DYSwaN0jJN+
-Qd53i+yG2dIPPy3RzECiiWZIHiCznCNZc6lEc7wkeZBWN7PGKX6jD/EpOe9+
-XCgycDWs2rjIdWb8m0w5R44bb5tNAlQiM+9hup4phO9OSzNHdpdqy35f/RWm
-nkJDW2ZaiogN9xa5P1FlK2Zqi9E4UqLWRhH6/JocdJ6PlwsCT2TG9WjTSy3/
-pDceiz+/RL5hRqGEPQgnTIEgd4kI6mdAXmwIUV80WoyWaM3X94nCHNMyAK9S
-y9NgWyo6R35rMDOhYil/SrnhLecUIw4OGEfhefwVVdCx/CVxY3UzHCMrr1zZ
-7Ud3YA47Dx7SwNxkBYn8eNZcLCZDqQ==
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/AOL_Time_Warner_Root_Certification_Authority_1.crt b/cert-validity/mozilla/builtin-certs/AOL_Time_Warner_Root_Certification_Authority_1.crt
deleted file mode 100644
index 109b1825d071..000000000000
--- a/cert-validity/mozilla/builtin-certs/AOL_Time_Warner_Root_Certification_Authority_1.crt
+++ /dev/null
@@ -1,25 +0,0 @@
------BEGIN CERTIFICATE-----
-MIID5jCCAs6gAwIBAgIBATANBgkqhkiG9w0BAQUFADCBgzELMAkGA1UEBhMC
-VVMxHTAbBgNVBAoTFEFPTCBUaW1lIFdhcm5lciBJbmMuMRwwGgYDVQQLExNB
-bWVyaWNhIE9ubGluZSBJbmMuMTcwNQYDVQQDEy5BT0wgVGltZSBXYXJuZXIg
-Um9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAxMB4XDTAyMDUyOTA2MDAw
-MFoXDTM3MTEyMDE1MDMwMFowgYMxCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRB
-T0wgVGltZSBXYXJuZXIgSW5jLjEcMBoGA1UECxMTQW1lcmljYSBPbmxpbmUg
-SW5jLjE3MDUGA1UEAxMuQU9MIFRpbWUgV2FybmVyIFJvb3QgQ2VydGlmaWNh
-dGlvbiBBdXRob3JpdHkgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
-ggEBAJnej8Mlo2k06AX3dLm/WpcZuS+U0pPlLYnKhHw/EEMbjIt8hFj4JHxI
-zyr9wBXZGH6EGhfT257XyuTZ16pYUYfw8ItITuLCxFlpMGK2MKKMCxGZYTVt
-fu/FsRkGIBKOQuHfD5YQUqjPnF+VFNivO3ULMSAfRC+iYkGzuxgh28pxPIzs
-trkNn+9R7017EvILDOGsQI93f7DKeHEMXRZxcKLXwjqFzQ6axOAAsNUl6twr
-5JQtOJyJQVdkKGUZHLZEtMgxa44Be3ZZJX8VHIQIfHNlIAqhBC4aMqiaILGc
-LCFZ5/vP7nAtCMpjPiybkxlqpMKX/7eGV4iFbJ4VFitNLLMCAwEAAaNjMGEw
-DwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUoTYwFsuGkABFgFOxj8jYPXy+
-XxIwHwYDVR0jBBgwFoAUoTYwFsuGkABFgFOxj8jYPXy+XxIwDgYDVR0PAQH/
-BAQDAgGGMA0GCSqGSIb3DQEBBQUAA4IBAQCKIBilvrMvtKaEAEAwKfq0FHNM
-eUWn9nDg6H5kHgqVfGphwu9OH77/yZkfB2FK4V1Mza3u0FIy2VkyvNp5ctZ7
-CegCgTXTCt8RHcl5oIBN/lrXVtbtDyqvpxh1MwzqwWEFT2qaifKNuZ8u77Bf
-WgDrvq2g+EQFZ7zLBO+eZMXpyD8Fv8YvBxzDNnGGyjhmSs3WuEvGbKeXO/oT
-LW4jYYehY0KswsuXn2Fozy1MBJ3XJU8KDk2QixhWqJNIV9xvrr2eZ1d3iVCz
-vhGbRWeDhhmH05i9CBoWH1iCC+GWaQVLjuyDUTEH1dSf/1l7qG6Fz9NLqUmw
-X7A5KGgOc90lmt4S
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/AOL_Time_Warner_Root_Certification_Authority_2.crt b/cert-validity/mozilla/builtin-certs/AOL_Time_Warner_Root_Certification_Authority_2.crt
deleted file mode 100644
index 42934914e487..000000000000
--- a/cert-validity/mozilla/builtin-certs/AOL_Time_Warner_Root_Certification_Authority_2.crt
+++ /dev/null
@@ -1,36 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIF5jCCA86gAwIBAgIBATANBgkqhkiG9w0BAQUFADCBgzELMAkGA1UEBhMC
-VVMxHTAbBgNVBAoTFEFPTCBUaW1lIFdhcm5lciBJbmMuMRwwGgYDVQQLExNB
-bWVyaWNhIE9ubGluZSBJbmMuMTcwNQYDVQQDEy5BT0wgVGltZSBXYXJuZXIg
-Um9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAyMB4XDTAyMDUyOTA2MDAw
-MFoXDTM3MDkyODIzNDMwMFowgYMxCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRB
-T0wgVGltZSBXYXJuZXIgSW5jLjEcMBoGA1UECxMTQW1lcmljYSBPbmxpbmUg
-SW5jLjE3MDUGA1UEAxMuQU9MIFRpbWUgV2FybmVyIFJvb3QgQ2VydGlmaWNh
-dGlvbiBBdXRob3JpdHkgMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
-ggIBALQ3WggWmRToVbEbJGv8x4vmh6mJ7ouZzU9AhqS2TcnZsdw8TQ2FTBVs
-RotSeJ/4I/1n9SQ6aF3Q92RhQVSji6UI0ilbm2BPJoPRYxJWSXakFsKlnUWs
-i4SVqBax7J/qJBrvuVdcmiQhLE0OcR+mrF1FdAOYxFSMFkpBd4aVdQxHAWZg
-/BXxD+r1FHjHDtdugRxev17nOirYlxcwfACtCJ0zr7iZYYCLqJV+FNwSbKTQ
-2O9ASQI2+W6p1h2WVgSysy0WVoaP2SBXgM1nEG2wTPDaRrbqJS5Gr42whTg0
-ixQmgiusrpkLjhTXUr2eacOGAgvqdnUxCc4zGSGFQ+aJLZ8lN2fxI2rSAG2X
-+Z/nKcrdH9cG6rjJuQkhn8g/BsXS6RJGAE57COtCPStIbp1n3UsC5ETzkxml
-J85per5n0/xQpCyrw2u544BMzwVhSyvcG7mm0tCq9Stz+86QNZ8MUhy/XCFh
-EVsVS6kkUfykXPcXnbDS+gfpj1bkGoxoigTTfFrjnqKhynFbotSg5ymFXQNo
-Kk/SBtc9+cMDLz9l+WceR0DTYw/j1Y75hauXTLPXJuuWCpTehTacyH+BCQJJ
-Kg71ZDIMgtG6aoIbs0t0EfOMd9afv9w3pKdVBC/UMejTRrkDfNoSTllkt1Ex
-MVCgyhwn2RAurda9EGYrw7AiShJbAgMBAAGjYzBhMA8GA1UdEwEB/wQFMAMB
-Af8wHQYDVR0OBBYEFE9pbQN+nZ8HGEO8txBO1b+pxCAoMB8GA1UdIwQYMBaA
-FE9pbQN+nZ8HGEO8txBO1b+pxCAoMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG
-9w0BAQUFAAOCAgEAO/Ouyuguh4X7ZVnnrREUpVe8WJ8kEle7+z802u6teio0
-cnAxa8cZmIDJgt43d15Ui47y6mdPyXSEkVYJ1eV6moG2gcKtNuTxVBFT8zRF
-ASbI5Rq8NEQh3q0l/HYWdyGQgJhXnU7q7C+qPBR7V8F+GBRn7iTGvboVsNIY
-vbdVgaxTwOjdaRITQrcCtQVBynlQboIOcXKTRuidDV29rs4prWPVVRaAMCf/
-drr3uNZK49m1+VLQTkCpx+XCMseqdiThawVQ68W/ClTluUI8JPu3B5wwn3la
-5uBAUhX0/Kr0VvlEl4ftDmVyXr4m+02kLQgH3thcoNyBM5kYJRF3p+v9WAks
-mWsbivNSPxpNSGDxoPYzAlOL7SUJuA0t7Zdz7NeWH45gDtoQmy8YJPamTQr5
-O8t1wswvziRpyQoijlmn94IM19drNZxDAGrElWe6nEXLuA4399xOAU++CrYD
-062KRffaJ00psUjf5BHklka9bAI+1lHIlRcBFanyqqryvy9lG2/QuRqT9Y41
-xICHPpQvZuTpqP9BnHAqTyo5GJUefvthATxRCC4oGKQWDzH9OmwjkyB24f0H
-hdFbP9IcczLd+rn4jM8Ch3qaluTtT4mNU0OrDhPAARW0eTjb/G49nlG2uBOL
-Z8/5fNkiHfZdxRwBL5joeiQYvITX+txyW/fBOmg=
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/AddTrust_External_Root.crt b/cert-validity/mozilla/builtin-certs/AddTrust_External_Root.crt
deleted file mode 100644
index 775da4062740..000000000000
--- a/cert-validity/mozilla/builtin-certs/AddTrust_External_Root.crt
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJT
-RTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4
-dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5h
-bCBDQSBSb290MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowbzEL
-MAkGA1UEBhMCU0UxFDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1B
-ZGRUcnVzdCBFeHRlcm5hbCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1
-c3QgRXh0ZXJuYWwgQ0EgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
-AQoCggEBALf3GjPm8gAELTngTlvtH7xsD821+iO2zt6bETOXpClMfZOfvUq8
-k+0DGuOPz+VtUFrWlymUWoCwSXrbLpX9uMq/NzgtHj6RQa1wVsfwTz/oMp50
-ysiQVOnGXw94nZpAPA6sYapeFI+eh6FqUNzXmk6vBbOmcZSccbNQYArHE504
-B4YCqOmoaSYYkKtMsE8jqzpPhNjfzp/haW+710LXa0Tkx63ubUFfclpxCDez
-eWWkWaCUN/cALw3CknLa0Dhy2xSoRcRdKn23tNbE7qzNE0S3ySvdQwAl+mG5
-aWpYIxG3pzOPVnVZ9c0p10a3CitlttNCbxWyuHv77+ldU9U0WicCAwEAAaOB
-3DCB2TAdBgNVHQ4EFgQUrb2YejS0Jvf6xCZU7wO94CTLVBowCwYDVR0PBAQD
-AgEGMA8GA1UdEwEB/wQFMAMBAf8wgZkGA1UdIwSBkTCBjoAUrb2YejS0Jvf6
-xCZU7wO94CTLVBqhc6RxMG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRU
-cnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdv
-cmsxIjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3SCAQEwDQYJ
-KoZIhvcNAQEFBQADggEBALCb4IUlwtYj4g+WBpKdQZic2YR5gdkeWxQHIzZl
-j7DYd7usQWxHYINRsPkyPef89iYTx4AWpb9a/IfPeHmJIZriTAcKhjW88t5R
-xNKWt9x+Tu5w/Rw56wwCURQtjr0W4MHfRnXnJK3s9EK0hZNwEGe6nQY1ShjT
-K3rMUUKhemPR5ruhxSvCNr4TDea9Y355e6cJDUCrat2PisP29owaQgVR1EX1
-n6diIWgVIEM8med8vSTYqZEXc4g/VhsxOBi0cQ+azcgOno4uG+GMmIPLHzHx
-REzGBHNJdmAPx/i9F4BrLunMTA5amnkPIAou1Z5jJh5VkpTYghdae9C8x49O
-hgQ=
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/AddTrust_Low-Value_Services_Root.crt b/cert-validity/mozilla/builtin-certs/AddTrust_Low-Value_Services_Root.crt
deleted file mode 100644
index 2b3a41de22fc..000000000000
--- a/cert-validity/mozilla/builtin-certs/AddTrust_Low-Value_Services_Root.crt
+++ /dev/null
@@ -1,26 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEGDCCAwCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBlMQswCQYDVQQGEwJT
-RTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRU
-UCBOZXR3b3JrMSEwHwYDVQQDExhBZGRUcnVzdCBDbGFzcyAxIENBIFJvb3Qw
-HhcNMDAwNTMwMTAzODMxWhcNMjAwNTMwMTAzODMxWjBlMQswCQYDVQQGEwJT
-RTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRU
-UCBOZXR3b3JrMSEwHwYDVQQDExhBZGRUcnVzdCBDbGFzcyAxIENBIFJvb3Qw
-ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCWltQhSWDia+hBBwze
-xODcEyPNwTXH+9ZOEQpnXvUGW2ulCDtbKRY654eyNAbFvAWlA3yCyykQruGI
-gb3WntP+LVbBFc7jJp0VLhD7Bo8wBN6ntGO0/7Gcrjyvd7ZWxbWroulpOj0O
-M3kyP3CCkplhbY0wCI9xP6ZIVxn4JdxLZlyldI+Yrsj5wAYi56xz36Uu+1Lc
-sRVlIPo1Zmne3yzxbrww2ywkEtvrNTVokMsAsJchPXQhI2U0K7t4WaPW4XY5
-mqRJjox0r26kmqPZm9I4XJuiGMx1I4S+6+JNM3GOGvDC+Mcdoq0Dlyz4zyXG
-9rgkMbFjXZJ/Y/AlyVMuH79NAgMBAAGjgdIwgc8wHQYDVR0OBBYEFJWxtPCU
-tr3H2tERCSG+wa9J/RB7MAsGA1UdDwQEAwIBBjAPBgNVHRMBAf8EBTADAQH/
-MIGPBgNVHSMEgYcwgYSAFJWxtPCUtr3H2tERCSG+wa9J/RB7oWmkZzBlMQsw
-CQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFk
-ZFRydXN0IFRUUCBOZXR3b3JrMSEwHwYDVQQDExhBZGRUcnVzdCBDbGFzcyAx
-IENBIFJvb3SCAQEwDQYJKoZIhvcNAQEFBQADggEBACxtZBsfzQ3duQH6lmM0
-MkhHma6X7f1yFqZzR1r0693p9db7RcwpiURdv0Y5PejuvE1Uhh4dbOMXJ0Ph
-iVYrqW9yTkkz43J8KiOavD7/KCrto/8cI7pDVwlnTUtiBi34/2ydYB7YHEt9
-tTEv2dB8Xfjea4MYeDdXL+gzB2ffHsdrKpV2ro9Xo/D0UrSpUwjP4E/TelOL
-/bscVjby/rK25Xa71SJlpz/+0WatC7xrmYbvP33zGDLKe8bjq2RGlfgmadlV
-g3sslgf/WSxEo8bl6ancoWOAWiFeIc9TVPC6b4nbqKqVz4vjccweGyBECMB6
-tkD9xOQ14R0WHNC8K47Wcdk=
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/AddTrust_Public_Services_Root.crt b/cert-validity/mozilla/builtin-certs/AddTrust_Public_Services_Root.crt
deleted file mode 100644
index bf5fdbf97453..000000000000
--- a/cert-validity/mozilla/builtin-certs/AddTrust_Public_Services_Root.crt
+++ /dev/null
@@ -1,26 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEFTCCAv2gAwIBAgIBATANBgkqhkiG9w0BAQUFADBkMQswCQYDVQQGEwJT
-RTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRU
-UCBOZXR3b3JrMSAwHgYDVQQDExdBZGRUcnVzdCBQdWJsaWMgQ0EgUm9vdDAe
-Fw0wMDA1MzAxMDQxNTBaFw0yMDA1MzAxMDQxNTBaMGQxCzAJBgNVBAYTAlNF
-MRQwEgYDVQQKEwtBZGRUcnVzdCBBQjEdMBsGA1UECxMUQWRkVHJ1c3QgVFRQ
-IE5ldHdvcmsxIDAeBgNVBAMTF0FkZFRydXN0IFB1YmxpYyBDQSBSb290MIIB
-IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6Rowj4OIFMEg2Dybjxt+
-A3S72mnTRqX4jsIMEZBRpS9mVEBV6tsfSlbunyNu9DnLoblv8n75XYcmYZ4c
-+OLspoH4IcUkzBEMP9smcnrHAZcHF/nXGCwwfQ56HmIexkvA/X1id9NEHif2
-P0tEs7c42TkfYNVRknMDtABp4/MUTu7R3AnPdzRGULD4EfL+OHn3Bzn+UZKX
-C1sIXzSGAa2Il+tmzV7R/9x98oTaunet3IAIx6eH1lWfl2royBFkuucZKT8R
-s3iQhCBSWxHveNCD9tVIkNAwHM+A+WD+eeSI8t0A65RF62WUaUC6wNW0uLp9
-BBGo6zEFlpROWCGOn9Bg/QIDAQABo4HRMIHOMB0GA1UdDgQWBBSBPjfYkrAf
-d59ctKtzquf2NGAv+jALBgNVHQ8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zCB
-jgYDVR0jBIGGMIGDgBSBPjfYkrAfd59ctKtzquf2NGAv+qFopGYwZDELMAkG
-A1UEBhMCU0UxFDASBgNVBAoTC0FkZFRydXN0IEFCMR0wGwYDVQQLExRBZGRU
-cnVzdCBUVFAgTmV0d29yazEgMB4GA1UEAxMXQWRkVHJ1c3QgUHVibGljIENB
-IFJvb3SCAQEwDQYJKoZIhvcNAQEFBQADggEBAAP3FUr4JNojVhaTdt02KLmu
-G7jD8WS6IBh4lSknVwW8fCr0uVFV2ocC3g8WFzH4qnkuCRO7r7IgGRLlk/lL
-+YPoRNWyQSW/iHVv/xD8SlTQX/D67zZzfRs2RcYhbbQVuE7PnFylPVoAjgbj
-PGsye/Kf8Lb93/AoGEjwxrzQvzSAlsJKsW2Ox5BF3i9nrEUEo3rcVZLJR2bY
-GozH7ZxOmuASu7VqTITh4SINhwBk/ox9Yjllpu9CtoAlEmEBqCQTcAARJl/6
-NVDFSMwGR+gn2HCNX2TmoUQmXiLsks3/QppEIW1cxeMiHV9HEufOX1362Kqx
-My3ZdvJOOjMMK7MtkAY=
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/AddTrust_Qualified_Certificates_Root.crt b/cert-validity/mozilla/builtin-certs/AddTrust_Qualified_Certificates_Root.crt
deleted file mode 100644
index e56c20f17f01..000000000000
--- a/cert-validity/mozilla/builtin-certs/AddTrust_Qualified_Certificates_Root.crt
+++ /dev/null
@@ -1,26 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEHjCCAwagAwIBAgIBATANBgkqhkiG9w0BAQUFADBnMQswCQYDVQQGEwJT
-RTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRU
-UCBOZXR3b3JrMSMwIQYDVQQDExpBZGRUcnVzdCBRdWFsaWZpZWQgQ0EgUm9v
-dDAeFw0wMDA1MzAxMDQ0NTBaFw0yMDA1MzAxMDQ0NTBaMGcxCzAJBgNVBAYT
-AlNFMRQwEgYDVQQKEwtBZGRUcnVzdCBBQjEdMBsGA1UECxMUQWRkVHJ1c3Qg
-VFRQIE5ldHdvcmsxIzAhBgNVBAMTGkFkZFRydXN0IFF1YWxpZmllZCBDQSBS
-b290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5B6a/twJWoek
-n0e+EV+vhDTbYjx5eLfpMLXsDBwqxBb/4Oxx64r1EW7tTw2R0hIYLUkVAcKk
-IhPHEWT/IhKauY5cLwjPcWqzZwFZ8V1G87B4pfYOQnrjfxvM0PC3KP0q6p6z
-sLkEqv32x7SxuCqg+1jxGaBvcCV+PmlKfw8i2O+tCBGaKZnhqkRFmhJePp1t
-UvznoD1oL/BLcHwTOK28FSXx1s6rosAx1i+f4P8UWfyEk9mHfExUE+uf0S0R
-+Bg6Ot4l2ffTQO2kBhLEO+GRwVY18BTcZTYJbqukB8c10cIDMzZbdSZtQvES
-a0NvS3GU+jQd7RNuyoB/mC9suWXY6QIDAQABo4HUMIHRMB0GA1UdDgQWBBQ5
-lYtii1zJ1IC6WA+XPxUIQ8yYpzALBgNVHQ8EBAMCAQYwDwYDVR0TAQH/BAUw
-AwEB/zCBkQYDVR0jBIGJMIGGgBQ5lYtii1zJ1IC6WA+XPxUIQ8yYp6FrpGkw
-ZzELMAkGA1UEBhMCU0UxFDASBgNVBAoTC0FkZFRydXN0IEFCMR0wGwYDVQQL
-ExRBZGRUcnVzdCBUVFAgTmV0d29yazEjMCEGA1UEAxMaQWRkVHJ1c3QgUXVh
-bGlmaWVkIENBIFJvb3SCAQEwDQYJKoZIhvcNAQEFBQADggEBABmrder4i2Vh
-lRO6aQTvhsoToMeqT2QbPxj2qC0sVY8FtzDqQmodwCVRLae/DLPt7wh/bDxG
-GuoYQ992zPlmhpwsaPXpF/gxsxjE1kh9I0xowX67ARRvxdlu3rsEQmr49lx9
-5dr6h+sNNVJn0J6XdgWTP5XHAeZpVTh/EGGZyeNfpso+gmNIquIISD6q8rKF
-Yqa0p9m9N5xotS1WfbC3P6CxB9bpT9zeRXEwMn8bLgn5v1Kh7sKAPgZcLlVA
-wRv1cEWw3F369nJad9Jjzc9YiQBCYz95OdBEsIJuQRno3eDBiFrRHnGTHyQw
-dOUeqN48Jzd/g66ed8/wMLH/S5noxqE=
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/America_Online_Root_Certification_Authority_1.crt b/cert-validity/mozilla/builtin-certs/America_Online_Root_Certification_Authority_1.crt
deleted file mode 100644
index 26203ee8a147..000000000000
--- a/cert-validity/mozilla/builtin-certs/America_Online_Root_Certification_Authority_1.crt
+++ /dev/null
@@ -1,23 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDpDCCAoygAwIBAgIBATANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJV
-UzEcMBoGA1UEChMTQW1lcmljYSBPbmxpbmUgSW5jLjE2MDQGA1UEAxMtQW1l
-cmljYSBPbmxpbmUgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAxMB4X
-DTAyMDUyODA2MDAwMFoXDTM3MTExOTIwNDMwMFowYzELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0FtZXJpY2EgT25saW5lIEluYy4xNjA0BgNVBAMTLUFtZXJp
-Y2EgT25saW5lIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgMTCCASIw
-DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKgv6KRpBgNHw+kqmP8ZonCa
-xlCyfqXfaE0bfA+2l2h9LaaLl+lkhsmj76CGv2BlnEtUiMJIxUo5vxTjWVXl
-GbR0yLQFOVwWpeKVBeASrlmLojNoWBym1BW32J/X3HGrfpq/m44zDyL9Hy7n
-BzbvYjnF3cu6JRQj3gzGPTzOggjmZj7aUTsWOqMFf6Dch9Wc/HKpoH145Lcx
-VR5lu9RhsCFg7RAycsWSJR74kEoYeEfffjA3PlAb2xzTa5qGUwew76wGePiE
-mf4hjUyAtgyC9mZweRrTT6PP8c9GsEsPPt2IYriMqQkoO3rHl+Ee5fSfwMCu
-JKDIodkP1nsmgmkyPacCAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAdBgNV
-HQ4EFgQUAK3Zo/Z59m50qX8zPYEX10zPM94wHwYDVR0jBBgwFoAUAK3Zo/Z5
-9m50qX8zPYEX10zPM94wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBBQUA
-A4IBAQB8itEfGDeC4Liwo+1WlchiYZwFos3CYiZhzRAW18y0ZTTQEYqtqKkF
-Zu90821fnZmv9ov761KyBZiibyrFVL0lvV+uyIbqRizBs73B6UlwGBaXCBOM
-IOAbLjpHyx7kADCVW/RFo8AasAFOq73AI25jP4BKxQft3OJvx8Fi8eNy1gTI
-dGcL+oiroQHIb/AUr9KZzVGTfu0uOMe9zkZQPXLjeSWdm4grECDdpbgyn43g
-Kd8hdIaC2y+CMMbHNYaz+ZZfRtsMRf3zUMNvxsNIrUam4SdHCh0Om7bCd39j
-8uB9Gr784N/Xx6dssPmuujz9dLQR6FgNgLzTqIA6me11zEZ7
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/America_Online_Root_Certification_Authority_2.crt b/cert-validity/mozilla/builtin-certs/America_Online_Root_Certification_Authority_2.crt
deleted file mode 100644
index c7028dc9d0fd..000000000000
--- a/cert-validity/mozilla/builtin-certs/America_Online_Root_Certification_Authority_2.crt
+++ /dev/null
@@ -1,35 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFpDCCA4ygAwIBAgIBATANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJV
-UzEcMBoGA1UEChMTQW1lcmljYSBPbmxpbmUgSW5jLjE2MDQGA1UEAxMtQW1l
-cmljYSBPbmxpbmUgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAyMB4X
-DTAyMDUyODA2MDAwMFoXDTM3MDkyOTE0MDgwMFowYzELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0FtZXJpY2EgT25saW5lIEluYy4xNjA0BgNVBAMTLUFtZXJp
-Y2EgT25saW5lIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgMjCCAiIw
-DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMxBRR3pPU0Q9oyxQcngXssN
-t79Hc9PwVU3dxgz6sWYFas14tNwC206B89enfHG8dWOgXeMHDEjsJcQDIPT/
-DjsS/5uN4cbVG7RtIuOx238hZK+GvFciKtZHgVdEglZTvYYUAQv8f3SkWq7x
-uhG1m1hagLQ3eAkzfDJHA1zEpYNI9FdWboE2JxhP7JsowtS013wMPgwr38oE
-18aO6lhOqKSlGBxsRZijQdEt0sdtjRnxrXm3gT+9BoInLRBYBbV4Bbkv2wxr
-kJB+FFk4u5QkE+XRnRTf04JNRvCAOVIyD+OEsnpD8l7eXz8d3eOyG6ChKiMD
-bi4BFYdcpnV1x5dhvt6G3NRI270qv0pV2uh9UPu0gBe4lL8BPeraunzgWGcX
-uVjgiIZGZ2ydEEdYMtA1fHkqkKJaEBEjNa0vzORKW6fIJ/KD3l67Xnfn6KVu
-Y8INXWHQjNJsWiEOyiijzirplcdIz5ZvHZIlyMbGwcEMBawmxNJ10uEqZ8A9
-W6Wa6897GqidFEXlD6CaZd4vKL3Ob5Rmg0gp2OpljK+T2WSfVVcmv2/LNzGZ
-o2C7HK2JNDJiuEMhBnIMoVxtRsX6Kc8w3onccVvdtjc+31D1uAclJuW8tf48
-ArO3+L5DwYcRlJ4jbBeKuIonDFRH8KmzwICMoCfrHRnjB453cMor9H124Hhn
-AgMBAAGjYzBhMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFE1FwWg4u3Op
-aaEg5+31IqEjFNeeMB8GA1UdIwQYMBaAFE1FwWg4u3OpaaEg5+31IqEjFNee
-MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQUFAAOCAgEAZ2sGuV9FOypL
-M7PmG2tZTiLMubekJcmnxPBUlgtk87FYT15R/LKXeydlwuXK5w0MJXti4/qf
-tIe3RUavg6WXSIylvfEWK5t2LHo1YGwRgJfMqZJS5ivmae2p+DYtLHe/YUjR
-Ywu5W1LtGLBDQiKmsXeu3mnFzcccobGlHBD7GL4acN3Bkku+KVqdPzW+5X1R
-+FXgJXUjhx5c3LqdsKyzadsXg8n33gy8CNyRnqjQ1xU3c6U1uPx+xURABsPr
-+CKAXEfOAuMRn0T//ZoyzH1kUQ7rVyZ2OuMeIjzCpjbdGe+n/BLzJsBZMYVM
-nNjP36TMzCmT/5RtdlwTCJfy7aULTd3oyWgOZtMADjMSW7yV5TKQqLPGbIOt
-d+6Lfn6xqavT4fG2wLHqiMDn05DpKJKUe2h7lyoKZy2FAjgQ5ANh1NolNscI
-WC2hp1GvMApJ9aZphwctREZ2jirlmjvXGKL8nDgQzMY70rUXOm/9riW99XJZ
-ZLF0KjhfGEzfz3EEWjbUvy+ZnOjZurGV5gJLIaFb1cFPj65pbVPbAZO1XB4Y
-3WRayhgoPmMEEf0cjQAPuDffZ4qdZqkCapH/E8ovXYO8h5Ns3CRRFgQlZvqz
-2cK6Kb6aSDiCmfS/O0oxGfm/jiEzFMpPVF/7zvuPcX/9XhmgD0uRuMRUvAaw
-RY8mkaKO/qk=
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/ApplicationCA_-_Japanese_Government.crt b/cert-validity/mozilla/builtin-certs/ApplicationCA_-_Japanese_Government.crt
deleted file mode 100644
index c1e2c771ed64..000000000000
--- a/cert-validity/mozilla/builtin-certs/ApplicationCA_-_Japanese_Government.crt
+++ /dev/null
@@ -1,23 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDoDCCAoigAwIBAgIBMTANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJK
-UDEcMBoGA1UEChMTSmFwYW5lc2UgR292ZXJubWVudDEWMBQGA1UECxMNQXBw
-bGljYXRpb25DQTAeFw0wNzEyMTIxNTAwMDBaFw0xNzEyMTIxNTAwMDBaMEMx
-CzAJBgNVBAYTAkpQMRwwGgYDVQQKExNKYXBhbmVzZSBHb3Zlcm5tZW50MRYw
-FAYDVQQLEw1BcHBsaWNhdGlvbkNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
-MIIBCgKCAQEAp23gdE6Hj6UG3mii24aZS2QNcfAKBZuOquHMLtJqO8F6tJdh
-jYq+xpqcBrSGUeQ3DnR4fl+Kf5Sk10cI/VBaVuRorChzoHvpfxiSQE8tnfWu
-REhzNgaeZCw7NCPbXCbkcXmP1G55IrmTwcrNwVbtiGrXoDkhBFcsovW8R0FP
-XjQilbUfKW1eSvNNcr5BViCH/OlQR9cwFO5cjFW6WY2H/CPek9AEjP3vbb3Q
-esmlOmpyM8ZKDQUXKi17safY1vC+9D/qDihtQWEjdnjDuGWk81quzMKq2edY
-3rZ+nYVunyoKb58DKTCXKB28t89UKU5RMfkntigm/qJj5kEW8DOYRwIDAQAB
-o4GeMIGbMB0GA1UdDgQWBBRUWssmP3HMlEYNllPqa0jQk/5CdTAOBgNVHQ8B
-Af8EBAMCAQYwWQYDVR0RBFIwUKROMEwxCzAJBgNVBAYTAkpQMRgwFgYDVQQK
-DA/ml6XmnKzlm73mlL/lupwxIzAhBgNVBAsMGuOCouODl+ODquOCseODvOOC
-t+ODp+ODs0NBMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEB
-ADlqRHZ3ODrso2dGD/mLBqj7apAxzn7s2tGJfHrrLgy9mTLnsCTWw//1sogJ
-hyzjVOGjprIIC8CFqMjSnHH2HZ9g/DgzE+Ge3Atf2hZQKXsvcJEPmbo0NI2V
-dMV+eKlmXb3KIXdCEKxmJj3ekav9FfBv7WxfEPjzFvYDio+nEhEMy/0/ecGc
-/WLuo89UDNErXxc+4z6/wCs+CZv+iKZ+tJIX/COUgb1up8WMwusRRdv4QcmW
-dupwX3kSa+SjB1oF7ydJzyGfikwJcGapJsErEU4z0g781mzSDjJkaP+tBXhf
-Ax2o45CsJOAPQKdLrosot4LKGAfmt1t06SAZf7IbiVQ=
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt b/cert-validity/mozilla/builtin-certs/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt
deleted file mode 100644
index 19069bced8cc..000000000000
--- a/cert-validity/mozilla/builtin-certs/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt
+++ /dev/null
@@ -1,37 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIGFDCCA/ygAwIBAgIIU+w77vuySF8wDQYJKoZIhvcNAQEFBQAwUTELMAkG
-A1UEBhMCRVMxQjBABgNVBAMMOUF1dG9yaWRhZCBkZSBDZXJ0aWZpY2FjaW9u
-IEZpcm1hcHJvZmVzaW9uYWwgQ0lGIEE2MjYzNDA2ODAeFw0wOTA1MjAwODM4
-MTVaFw0zMDEyMzEwODM4MTVaMFExCzAJBgNVBAYTAkVTMUIwQAYDVQQDDDlB
-dXRvcmlkYWQgZGUgQ2VydGlmaWNhY2lvbiBGaXJtYXByb2Zlc2lvbmFsIENJ
-RiBBNjI2MzQwNjgwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDK
-lmuO6vj78aI14H9M2uDDUtd9thDIAl6zQyrET2qyyhxdKJp4ERppWVevtSBC
-5IsP5t9bpgOSL/UR5GLXMnE42QQMcas9UX4PB99jBVzpv5RvwSmCwLTaUbDB
-PLutN0pcyvFLNg4kq7/DhHf9qFD0sefGL9ItWY16Ck6WaVICqjaY7Pz6FIMM
-Nx/Jkjd/14Et5cS54D40/mf0PmbR0/RAz15iNA9wBj4gGFrO93IbJWyTdBST
-o3OxDqqHECNZXyAFGUftaI6SEspd/NYrspI8IM/hX68gvqB2f3bl7BqGYTM+
-53u0P6APjqK5am+5hyZvQWyIplD9amML9ZMWGxmPsu2bm8mQ9QEM3xk9Dz44
-I8kvjwzRAv4bVdZO0I08r0+k8/6vKtMFnXkIoctXMbScyJCyZ/QYFpM6/EfY
-0XiWMR+6KwxfXZmtY4laJCB22N/9q06mIqqdXuYnin1oKaPnirjaEbsXLZmd
-EyRG98Xi2J+Of8ePdG1asuhy9azuJBCtLxTa/y2aRnFHvkLfuwHb9H/TKI8x
-WVvTyQKmtFLKbpf7Q8UIJm+K9Lv9nyiqDdVF8xM6HdjAeI9BZzwelGSuewvF
-6NkBiDkal4ZkQdU7hwxu+g/GvUgUvzlN1J5Bto+WHWOWk9mVBngxaJ43BjuA
-iUVhOSPHG0SjFeUc+JIwuwIDAQABo4HvMIHsMBIGA1UdEwEB/wQIMAYBAf8C
-AQEwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBRlzeurNR4APn7VdMActHNH
-DhpkLzCBpgYDVR0gBIGeMIGbMIGYBgRVHSAAMIGPMC8GCCsGAQUFBwIBFiNo
-dHRwOi8vd3d3LmZpcm1hcHJvZmVzaW9uYWwuY29tL2NwczBcBggrBgEFBQcC
-AjBQHk4AUABhAHMAZQBvACAAZABlACAAbABhACAAQgBvAG4AYQBuAG8AdgBh
-ACAANAA3ACAAQgBhAHIAYwBlAGwAbwBuAGEAIAAwADgAMAAxADcwDQYJKoZI
-hvcNAQEFBQADggIBABd9oPm03cXF661LJLWhAqvdpYhKsg9VSytXjDvlMd3+
-xDLx51tkljYyGOylMnfX40S2wBEqgLk9am58m9Ot/MPWo+ZkKXzR4Tgegiv/
-J2Wv+xYVxC5xhOW1//qkR71kMrv2JYSiJ0L1ILDCExARzRAVukKQKtJE4ZYm
-6zFIEv0q2skGz3QeqUvVhyj5eTSSPi5E6PaPT481PyWzOdxjKpBrIF/EUhJO
-lywqrJ2X3kjyo2bbwtKDlaZmp54lD+kLM5FlClrD2VQS3a/DTg4fJl4N3LON
-7NWBcN7STyQF82xO9UxJZo3R/9ILJUFI/lGExkKvgATP0H5kSeTy36LssUzA
-Kh3ntLFlosS88Zj0qnAHY7S42jtM+kAiMFsRpvAFDsYCA0irhpuF3dvd6qJ2
-gHN99ZwExEWN57kci57q13XRcrHedUTnQn3iV2t93Jm8PYMo6oCTjcVMZcFw
-gbg4/EMxsvYDNEeyrPsiBsse3RdHHF9mudMaotoRsaS8I8nkvof/uZS2+F0g
-StRf571oe2XyFR7SOqkt6dhrJKyXWERHrVkY8SFlcN7ONGCoQPHzPKTDKCOM
-/iczQ0CgFzzr6juwcqajuUpLXhZI9LK8yIySxZ2frHI2vDSANGupi5LAuBft
-7HZT9SQBjLMi6Et8Vcad+qMUu2WFbm5PEn4KPJ2V
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/Baltimore_CyberTrust_Root.crt b/cert-validity/mozilla/builtin-certs/Baltimore_CyberTrust_Root.crt
deleted file mode 100644
index 9758eb4b29ed..000000000000
--- a/cert-validity/mozilla/builtin-certs/Baltimore_CyberTrust_Root.crt
+++ /dev/null
@@ -1,22 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDdzCCAl+gAwIBAgIEAgAAuTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQG
-EwJJRTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0
-MSIwIAYDVQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTAwMDUx
-MjE4NDYwMFoXDTI1MDUxMjIzNTkwMFowWjELMAkGA1UEBhMCSUUxEjAQBgNV
-BAoTCUJhbHRpbW9yZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZ
-QmFsdGltb3JlIEN5YmVyVHJ1c3QgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQAD
-ggEPADCCAQoCggEBAKMEuyKrmD1X6CZymrV51Cni4eiVgLGw41uOKymaZN+h
-Xe2wCQVt2yguzmKiYv60iNoS6zjrIZ3AQSsBUnuId9Mcj8e6uYi1agnnc+gR
-QKfRzMpijS3ljwumUNKoUMMo6vWrJYeKmpYcqWe4PwzV9/lSEy/CG9VwcPCP
-wBLKBsua4dnKM3p31vjsufFoREJIE9LAwqSuXmD+tqYF/LTdB1kC1FkYmGP1
-pWPgkAx9XbIGevOF6uvUA65ehD5f/xXtabz5OTZydc93Uk3zyZAsuT3lySNT
-Px8kmCFcB5kpvcY67Oduhjprl3RjM71oGDHweI12v/yejl0qhqdNkNwnGjkC
-AwEAAaNFMEMwHQYDVR0OBBYEFOWdWTCCR1jMrPoIVDaGezq1BE3wMBIGA1Ud
-EwEB/wQIMAYBAf8CAQMwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBBQUA
-A4IBAQCFDF2O5G9RaEIFoN27TyclhAO992T9Ldcw46QQF+vaKSm2eT929hkT
-I7gQCvlYpNRhcL0EYWoSihfVCr3FvDB81ukMJY2GQE/szKN+OMY3EU/t3Wgx
-jkzSswF07r51XgdIGn9w/xZchMB5hbgF/X++ZRGjD8ACtPhSNzkE1akxehi/
-oCr0Epn3o0WC4zxe9Z2etciefC7IpJ5OCBRLbf1wbWsaY71k5h+3zvDyny67
-G7fyUIhzksLi4xaNmjICq44Y3ekQEe5+NauQrz4wlHrQMz2nZQ/1/I6eYs9H
-RCwBXbsdtTLSR9I4LtD+gdwyah617jzV/OeBHRnDJELqYzmp
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/Buypass_Class_2_CA_1.crt b/cert-validity/mozilla/builtin-certs/Buypass_Class_2_CA_1.crt
deleted file mode 100644
index 5d600faa8721..000000000000
--- a/cert-validity/mozilla/builtin-certs/Buypass_Class_2_CA_1.crt
+++ /dev/null
@@ -1,21 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDUzCCAjugAwIBAgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJO
-TzEdMBsGA1UECgwUQnV5cGFzcyBBUy05ODMxNjMzMjcxHTAbBgNVBAMMFEJ1
-eXBhc3MgQ2xhc3MgMiBDQSAxMB4XDTA2MTAxMzEwMjUwOVoXDTE2MTAxMzEw
-MjUwOVowSzELMAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1eXBhc3MgQVMtOTgz
-MTYzMzI3MR0wGwYDVQQDDBRCdXlwYXNzIENsYXNzIDIgQ0EgMTCCASIwDQYJ
-KoZIhvcNAQEBBQADggEPADCCAQoCggEBAIs8B0XY9t/mx8q6jUPFR42wWsE4
-25KEHK8T1A9vNkYgxC7McXA0ojTTNy7Y3Tp3L8DrKehc0rWpkTSHIln+zNvn
-ma+WwajHQN2lFYxuyHyXA8vmIPLXl18xoS830r7uvqmtqEyeIWZDO6i88wmj
-ONVZJMHCR3axiFyCO7srpgTXjAePzdVBHfCuuCkslFJgNJQ72uA40Z0zPhX0
-kzLFANq1KWYOOngPIVJfAuWSeyXTkh4vFZ2B5J2O6O+JzhRMVB0cgRJNcKi+
-EAUXfh/RuFdV7c27UsKwHnjCTTZoy1YmwVLBvXb3WNVyfh9EdrsAiR0WnVE1
-703CVu9r4Iw7DekCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4E
-FgQUP42aWYv8e3uco684sDntkHGA1sgwDgYDVR0PAQH/BAQDAgEGMA0GCSqG
-SIb3DQEBBQUAA4IBAQAVGn4TirnoB6NLJzKyQJHyIdFkhb5jatLPgcIV1Xp+
-DCmsNx4cfHZSldq1fyOhKXdlyTKdqC5Wq2B2zha0jX94wNWZUYN/Xtm+DKhQ
-7SLHrQVMdvvt7h5HZPb3J31cKA9FxVxiXqaakZG3Uxcu3K1gnZZkOb1naLKu
-BctN518fV4bVIJwo+28TOPX2EZL2fZleHwzoq0QkKXJAPTZSr4xYkHPB7GEs
-eaHsh7U/2k3ZIQAw3pDaDtMaSKk+hQsUi4y8QZ5q9w5wwDX3OaJdZtB7WZ+o
-RxKaJyOkLY4ng5IgodcVf/EuGO70SH8vf/GhGLWhC5SgYiAynB321O+/TIho
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/Buypass_Class_3_CA_1.crt b/cert-validity/mozilla/builtin-certs/Buypass_Class_3_CA_1.crt
deleted file mode 100644
index 5b474b5e4eda..000000000000
--- a/cert-validity/mozilla/builtin-certs/Buypass_Class_3_CA_1.crt
+++ /dev/null
@@ -1,21 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDUzCCAjugAwIBAgIBAjANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJO
-TzEdMBsGA1UECgwUQnV5cGFzcyBBUy05ODMxNjMzMjcxHTAbBgNVBAMMFEJ1
-eXBhc3MgQ2xhc3MgMyBDQSAxMB4XDTA1MDUwOTE0MTMwM1oXDTE1MDUwOTE0
-MTMwM1owSzELMAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1eXBhc3MgQVMtOTgz
-MTYzMzI3MR0wGwYDVQQDDBRCdXlwYXNzIENsYXNzIDMgQ0EgMTCCASIwDQYJ
-KoZIhvcNAQEBBQADggEPADCCAQoCggEBAKSO13TZKWTeXx+HgJHqTjnmGcZE
-C4DVC69TB4sSveZn8AKxifZgisRbsELRwCGoy+Gb72RRtqfPFfV0gGgEkKBY
-ouZ0plNTVUhjP5JW3SROjvi6K//zNIqeKNc0n6wv1g/xpC+9UrJJhW05NfBE
-MJNGJPO251P7vGGvqaMU+8IXF4Rs4HyI+MkcVyzwPX6UvCWThOiaAJpFBUJX
-gPROztmuOfbIUxAMZTpHe2DC1vqRycZxbL2RhzyRhkmr8w+gbCZ2Xhysm3Hl
-jbybIR6c1jh+JIAVMYKWsUnTYjdbiAwKYjT+p0h+mbEwi5A3lRyoH6UsjfRV
-yNvdWQrCrXig9IsCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4E
-FgQUOBTmyPCppAP0Tj4io1vy1uCtQHQwDgYDVR0PAQH/BAQDAgEGMA0GCSqG
-SIb3DQEBBQUAA4IBAQABZ6OMySU9E2NdFm/soT4JXJEVKirZgCFPBdy7pYmr
-EzMqnji3jG8CcmPHc3ceCQa6Oyh7pEfJYWsICCD8igWKH7y6xsL+z27sEzNx
-Zy5p+qksP2bAEllNC1QCkoS72xLvg3BweMhT+t/Gxv/ciC8HwEmdMldg0/L2
-mSlf56oBzKwzqBwKu5HEA6BvtjT5htOzdlSY9EqBs1OdTUDs5XcTRa9bqh/Y
-L0yCe/4qxFi7T/ye/QNlGioOw6UgFpRreaaiErS7GqQjel/wroQk5PMr+4ok
-oyeYZdowdXb8GZHo2+ubPzK/QJcHJrrM85SFSnonk8+QQtS4Wxam58tAA915
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/CA_Disig.crt b/cert-validity/mozilla/builtin-certs/CA_Disig.crt
deleted file mode 100644
index b36ea98fa3b6..000000000000
--- a/cert-validity/mozilla/builtin-certs/CA_Disig.crt
+++ /dev/null
@@ -1,26 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEDzCCAvegAwIBAgIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJT
-SzETMBEGA1UEBxMKQnJhdGlzbGF2YTETMBEGA1UEChMKRGlzaWcgYS5zLjER
-MA8GA1UEAxMIQ0EgRGlzaWcwHhcNMDYwMzIyMDEzOTM0WhcNMTYwMzIyMDEz
-OTM0WjBKMQswCQYDVQQGEwJTSzETMBEGA1UEBxMKQnJhdGlzbGF2YTETMBEG
-A1UEChMKRGlzaWcgYS5zLjERMA8GA1UEAxMIQ0EgRGlzaWcwggEiMA0GCSqG
-SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCS9jHBfYj9mQGp2HvycXXxMcbzdWb6
-UShGhJd4NLxs/LxFWYgmGErENx+hSkS943EE9UQX4j/8SFhvXJ56CbpRNyIj
-ZkMhsDxkovhqFQ4/61HhVKndBpnXmjxUizkDPw/Fzsbrg3ICqB9x8y34dQjb
-Ykzo+s7552oftms1grrijxaSfQUMbEYDXcDtab86wYqg6I7ZuUUohwjstMoV
-voLdtUSLLa2GDGhibYVW8qwUYzrG0ZmsNHhWS8+2rT+MitcE5eN4TPWGqvWP
-+j1scaMtymfraHtuM6kMgiioTGohQBUgDCZbg8KpFhXAJIJdKxatymP2dACw
-30PEEGBWZ2NFAgMBAAGjgf8wgfwwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4E
-FgQUjbJJaJ1yCCW5wCf1UJNWSEZx+Y8wDgYDVR0PAQH/BAQDAgEGMDYGA1Ud
-EQQvMC2BE2Nhb3BlcmF0b3JAZGlzaWcuc2uGFmh0dHA6Ly93d3cuZGlzaWcu
-c2svY2EwZgYDVR0fBF8wXTAtoCugKYYnaHR0cDovL3d3dy5kaXNpZy5zay9j
-YS9jcmwvY2FfZGlzaWcuY3JsMCygKqAohiZodHRwOi8vY2EuZGlzaWcuc2sv
-Y2EvY3JsL2NhX2Rpc2lnLmNybDAaBgNVHSAEEzARMA8GDSuBHpGT5goAAAAB
-AQEwDQYJKoZIhvcNAQEFBQADggEBAF00dGFMrzvY/59tWDYcPQuBDRIrRhCA
-/ec8J9B6yKm2fnQwM6M6int0wHl5QpNt/7EpFIKrIYwvF/k/Ji/1WcbvgAa3
-mkkp7M5+cTxqEEHA9tOasnxakZzArFvITV734VP/Q3f8nktnbNfzg9Gg4H8l
-37iYC5oyOGwwoPP/CBUz91BKez6jPiCp3C9WgArtQVCwyfTssuMmRAAOb54G
-vCKWU3BlxFAKRmukLyeBEicTXxChds6KezfqwzlhA5WYOudsiCUI/HloDYd9
-Yvi0X/vF2Ey9WLw/Q1vUHgFNPGO+I++MzVpQuGhU+QqZMxEA4Z7CRneC9VkG
-jCFMhwnN5ag=
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/CNNIC_ROOT.crt b/cert-validity/mozilla/builtin-certs/CNNIC_ROOT.crt
deleted file mode 100644
index 7a82a7002fbc..000000000000
--- a/cert-validity/mozilla/builtin-certs/CNNIC_ROOT.crt
+++ /dev/null
@@ -1,22 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDVTCCAj2gAwIBAgIESTMAATANBgkqhkiG9w0BAQUFADAyMQswCQYDVQQG
-EwJDTjEOMAwGA1UEChMFQ05OSUMxEzARBgNVBAMTCkNOTklDIFJPT1QwHhcN
-MDcwNDE2MDcwOTE0WhcNMjcwNDE2MDcwOTE0WjAyMQswCQYDVQQGEwJDTjEO
-MAwGA1UEChMFQ05OSUMxEzARBgNVBAMTCkNOTklDIFJPT1QwggEiMA0GCSqG
-SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTNfc/c3et6FtzF8LRb+1VvG7q6KR5
-smzDo+/hn7E7SIX1mlwhIhAsxYLO2uOabjfhhyzcuQxauohV3/2q2x8x6gHx
-3zkBwRP9SFIhxFXf2tizVHa6dLG3fdfA6PZZxU3Iva0fFNrfWEQlMhkqx35+
-jq44sDB7R3IJMfAw28Mbdim7aXZOV/kbZKKTVrdvmW7bCgScEeOAH8tjlBAK
-qeFkgjH5jCftppkA9nCTGPihNIaj3XrCGHn2emU1z5DrvTOTn1OrczvmmzQg
-Lx3vqR1jGqCA2wMv+SYahtKNu6m+UjqHZ0gNv7Sg2Ca+I19zN38m5pIEo3/P
-IKe38zrKy5nLAgMBAAGjczBxMBEGCWCGSAGG+EIBAQQEAwIABzAfBgNVHSME
-GDAWgBRl8jGtKvf33VKWCscCwQ7vptU7ETAPBgNVHRMBAf8EBTADAQH/MAsG
-A1UdDwQEAwIB/jAdBgNVHQ4EFgQUZfIxrSr3991SlgrHAsEO76bVOxEwDQYJ
-KoZIhvcNAQEFBQADggEBAEs17szkrr/Dbq2flTtLP1se31cpolnKOOK5Gv+e
-5m4y3R6u6jW39ZORTtpC4cMXYFDy0VwmuYK36m3knITnA3kXr5g9lNvHugDn
-uL8BV8F3RTIMO/G0HAiw/VGgod2aHRM2mm23xzy54cXZF/qD1T0VoDy7Hgvi
-yJA/qIYM/PmLXoXLT1tLYhFHxUV8BS9BsZ4QaRuZluBVeftOhpm4lNqGOGqT
-o+fLbuXf6iFViZx9fX+Y9QCJ7uOEwFyWtcVG6kbghVW2G8kS1sHNzYDzAgE8
-yGnLRUhj2JTQ7IUOO04RZfSCjKY9ri4ilAnIXOo8gV0WKgOXFlUJ24pBgp5m
-mxE=
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/COMODO_Certification_Authority.crt b/cert-validity/mozilla/builtin-certs/COMODO_Certification_Authority.crt
deleted file mode 100644
index 4c37a972c7ac..000000000000
--- a/cert-validity/mozilla/builtin-certs/COMODO_Certification_Authority.crt
+++ /dev/null
@@ -1,26 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEHTCCAwWgAwIBAgIQToEtioJl4AsC7j41AkblPTANBgkqhkiG9w0BAQUF
-ADCBgTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3Rl
-cjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0
-ZWQxJzAlBgNVBAMTHkNPTU9ETyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAe
-Fw0wNjEyMDEwMDAwMDBaFw0yOTEyMzEyMzU5NTlaMIGBMQswCQYDVQQGEwJH
-QjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxm
-b3JkMRowGAYDVQQKExFDT01PRE8gQ0EgTGltaXRlZDEnMCUGA1UEAxMeQ09N
-T0RPIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEF
-AAOCAQ8AMIIBCgKCAQEA0ECLi3LjkRv3UcEbVASY06m/weaKXTuH+7uIzg3j
-Lz8GlvCiKVCZrts7oVewdFFxze1CkU1B/qnI2GqGd0S7WWaXUF601CxwRM/a
-N5VCaTwwxHGzUvAhTaHYujl8HJ6jJJ3ygxaYqhZ8Q5sVW7euNJH+1GImGEaa
-P+vB+fGQV+useg2L23IwambV4EajcNxo2f8ESIl33rXp+2dtQem8Ob0y2WIC
-8bGoPW43nOIv4tOiJovGuFVDiOEjPqXSJDlqR6sA1KGzqSX+DT+nHbrTUcEL
-pNqsOO9VUCQFZUaTNE8tja3G1CEZ0o7KBWFxB3NH5YoZEr0ETc5OnKVIrLsm
-9wIDAQABo4GOMIGLMB0GA1UdDgQWBBQLWOWLxkwVN6RAqTCpIb5HNlpW/zAO
-BgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zBJBgNVHR8EQjBAMD6g
-PKA6hjhodHRwOi8vY3JsLmNvbW9kb2NhLmNvbS9DT01PRE9DZXJ0aWZpY2F0
-aW9uQXV0aG9yaXR5LmNybDANBgkqhkiG9w0BAQUFAAOCAQEAPpiem/Yb6dc5
-t3iuHXIYSdOH5EOC6z/JqvWote9VfCFSZfnVDeFs9D6Mk3ORLgLETgdxb8CP
-OGEIqB6BCsAvIC9Bi5HcSEW88cbeunZrM8gALTFGTO3nnc+IlP8zwFboJIYm
-uNg4ON8qa90SzMc/RxdMosIGlgnW2/4/PEZB31jiVg88O8EckzXZOFKs7sjs
-LjBOlDW0JB9LeGna8gI4zJVSk/BwJVmcIGfE7vmLV2H0knZ9P4SNVbfo5azV
-8fUZVqZa+5Acr5Pr5RzUZ5ddBA6+C4OmF4O5MBKgxTMVBbkN+8cFduPYSo38
-NBejxiEovjBFMR7HeL5YYTisO+IBZQ==
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/COMODO_ECC_Certification_Authority.crt b/cert-validity/mozilla/builtin-certs/COMODO_ECC_Certification_Authority.crt
deleted file mode 100644
index 7264793df37d..000000000000
--- a/cert-validity/mozilla/builtin-certs/COMODO_ECC_Certification_Authority.crt
+++ /dev/null
@@ -1,17 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICiTCCAg+gAwIBAgIQH0evqmIAcFBUTAGem2OZKjAKBggqhkjOPQQDAzCB
-hTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQ
-MA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQx
-KzApBgNVBAMTIkNPTU9ETyBFQ0MgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw
-HhcNMDgwMzA2MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMC
-R0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2Fs
-Zm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNP
-TU9ETyBFQ0MgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwdjAQBgcqhkjOPQIB
-BgUrgQQAIgNiAAQDR3svdcmCFYX7deSRFtSrYpn1PlILBs5BAH+X4QokPB0B
-BO490o0JlwzgdeT6+3eKKvUDYEs2ixYjFq0JcfRK9ChQtP6IHG4/bC8vCVlb
-pVsLM5niwz2J+Wos77LTBumjQjBAMB0GA1UdDgQWBBR1cacZSBm8nZ3qQUff
-lMRId5nTeTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAKBggq
-hkjOPQQDAwNoADBlAjEA7wNbeqy3eApyt4jf/7VGFAkK+qDmfQjGGoe9GKhz
-vSbKYAydzpmfz1wPMOG+FDHqAjAU9JM8SaczepBGR7NjfRObTrdvGDeAU/7d
-IOA1mjbRxwG55tzd8/8dLDoWV9mSOdY=
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/Camerfirma_Chambers_of_Commerce_Root.crt b/cert-validity/mozilla/builtin-certs/Camerfirma_Chambers_of_Commerce_Root.crt
deleted file mode 100644
index 604873efcde8..000000000000
--- a/cert-validity/mozilla/builtin-certs/Camerfirma_Chambers_of_Commerce_Root.crt
+++ /dev/null
@@ -1,30 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEvTCCA6WgAwIBAgIBADANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJF
-VTEnMCUGA1UEChMeQUMgQ2FtZXJmaXJtYSBTQSBDSUYgQTgyNzQzMjg3MSMw
-IQYDVQQLExpodHRwOi8vd3d3LmNoYW1iZXJzaWduLm9yZzEiMCAGA1UEAxMZ
-Q2hhbWJlcnMgb2YgQ29tbWVyY2UgUm9vdDAeFw0wMzA5MzAxNjEzNDNaFw0z
-NzA5MzAxNjEzNDRaMH8xCzAJBgNVBAYTAkVVMScwJQYDVQQKEx5BQyBDYW1l
-cmZpcm1hIFNBIENJRiBBODI3NDMyODcxIzAhBgNVBAsTGmh0dHA6Ly93d3cu
-Y2hhbWJlcnNpZ24ub3JnMSIwIAYDVQQDExlDaGFtYmVycyBvZiBDb21tZXJj
-ZSBSb290MIIBIDANBgkqhkiG9w0BAQEFAAOCAQ0AMIIBCAKCAQEAtzZV5aVd
-GDDg2olUkfzIx1L4L1DZ77F1c2VHfRtbunXF/KGIJPov7coISjlUxFF6tdpg
-6jg8gbLL8bvZkSM/SAFwdakFKq0fcfPJVD0dBmpAPrMMhe5cG3nCYsS4No41
-XQEMIwRHNaqbYE6gZj3LJgqcQKH0XZi/caulAGgq7YN6D6IUtdQis4CwPAxa
-UWktWBiP7Zme8a7ileb2R6jWDA+wWFjbw2Y3npuRVDM30pQcakjJyfKl2qUM
-I/cjDpwyVV5xnIQFUZot/eZOKjRa3spAN2cMVCFVd9oKDMyXroDclDZK9D7O
-NhMeU+SsTjoF7Nuucpw4i9A5O4kKPnf+dQIBA6OCAUQwggFAMBIGA1UdEwEB
-/wQIMAYBAf8CAQwwPAYDVR0fBDUwMzAxoC+gLYYraHR0cDovL2NybC5jaGFt
-YmVyc2lnbi5vcmcvY2hhbWJlcnNyb290LmNybDAdBgNVHQ4EFgQU45T1sU3p
-26EpW1eLTXYGduHRooowDgYDVR0PAQH/BAQDAgEGMBEGCWCGSAGG+EIBAQQE
-AwIABzAnBgNVHREEIDAegRxjaGFtYmVyc3Jvb3RAY2hhbWJlcnNpZ24ub3Jn
-MCcGA1UdEgQgMB6BHGNoYW1iZXJzcm9vdEBjaGFtYmVyc2lnbi5vcmcwWAYD
-VR0gBFEwTzBNBgsrBgEEAYGHLgoDATA+MDwGCCsGAQUFBwIBFjBodHRwOi8v
-Y3BzLmNoYW1iZXJzaWduLm9yZy9jcHMvY2hhbWJlcnNyb290Lmh0bWwwDQYJ
-KoZIhvcNAQEFBQADggEBAAxBl8IahsAifJ/7kPMa0QOx7xP5IV8EnNrJpY0n
-bJaHkb5BkAFyk+cefV/2icZdp0AJPaxJRUXcLo0waLIJuvvDL8y6C98/d3tG
-fToSJI6WjzwFCm/SlCgdbQzALogi1djPHRPH8EjX1wWnz8dHnjs8NMiAT9QU
-u/wNUPf6s+xCX6ndbcj0dc97wXImsQEcXCz9ek60AcUFV7nnPKoF2YjpB0ZB
-zu9Bga5Y34OirsrXdx/nADydb47kMgkdTXg0eDQ8lJsm7U9xxhl6vSAiSFr+
-S30Dt+dYvsYyTnQeaN2oaFuzPu5ifdmA6Ap1erfutGWaIZDgqtCYvDi1czyL
-+Nw=
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/Camerfirma_Global_Chambersign_Root.crt b/cert-validity/mozilla/builtin-certs/Camerfirma_Global_Chambersign_Root.crt
deleted file mode 100644
index 0569b4e5c056..000000000000
--- a/cert-validity/mozilla/builtin-certs/Camerfirma_Global_Chambersign_Root.crt
+++ /dev/null
@@ -1,30 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIExTCCA62gAwIBAgIBADANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJF
-VTEnMCUGA1UEChMeQUMgQ2FtZXJmaXJtYSBTQSBDSUYgQTgyNzQzMjg3MSMw
-IQYDVQQLExpodHRwOi8vd3d3LmNoYW1iZXJzaWduLm9yZzEgMB4GA1UEAxMX
-R2xvYmFsIENoYW1iZXJzaWduIFJvb3QwHhcNMDMwOTMwMTYxNDE4WhcNMzcw
-OTMwMTYxNDE4WjB9MQswCQYDVQQGEwJFVTEnMCUGA1UEChMeQUMgQ2FtZXJm
-aXJtYSBTQSBDSUYgQTgyNzQzMjg3MSMwIQYDVQQLExpodHRwOi8vd3d3LmNo
-YW1iZXJzaWduLm9yZzEgMB4GA1UEAxMXR2xvYmFsIENoYW1iZXJzaWduIFJv
-b3QwggEgMA0GCSqGSIb3DQEBAQUAA4IBDQAwggEIAoIBAQCicKLQn0KuWxfH
-2H3PFIP8T8mhtxOviteePgQKkotgVvq0Mi+ITaFgCPS3CU6gSS9J1tPfnZda
-n5QEcOw/Wdm3zGaLmFIoCQLfxS+EjXqXd7/sQJ0lcqu1PzKY+7e3/HKE5TWH
-+VX6ox8Oby4o3Wmg2UIQxvi1RMLQQ3/bvOSiPGpVeAp3qdjqGTK3L/5cPxvu
-sZjsyq16aUXjlg9V9ubtdepl6DJWk0aJqCWKZQbua795B9Dxt6/tLE2Su8Co
-X6dnfQTyFQhwrJLWfQTSM/tMtgsL+xrJxI0DqX5c8lCrEqWhz0hQpe/SyBoT
-+rB/sYIcd2oPX9wLlY/vQ37mRQklAgEDo4IBUDCCAUwwEgYDVR0TAQH/BAgw
-BgEB/wIBDDA/BgNVHR8EODA2MDSgMqAwhi5odHRwOi8vY3JsLmNoYW1iZXJz
-aWduLm9yZy9jaGFtYmVyc2lnbnJvb3QuY3JsMB0GA1UdDgQWBBRDnDafsJ4w
-TcbOX60Qq+UDpfqpFDAOBgNVHQ8BAf8EBAMCAQYwEQYJYIZIAYb4QgEBBAQD
-AgAHMCoGA1UdEQQjMCGBH2NoYW1iZXJzaWducm9vdEBjaGFtYmVyc2lnbi5v
-cmcwKgYDVR0SBCMwIYEfY2hhbWJlcnNpZ25yb290QGNoYW1iZXJzaWduLm9y
-ZzBbBgNVHSAEVDBSMFAGCysGAQQBgYcuCgEBMEEwPwYIKwYBBQUHAgEWM2h0
-dHA6Ly9jcHMuY2hhbWJlcnNpZ24ub3JnL2Nwcy9jaGFtYmVyc2lnbnJvb3Qu
-aHRtbDANBgkqhkiG9w0BAQUFAAOCAQEAPDtwkfkEVCeR4e3t/mh/YV3lQWVP
-MvEYBZRqHN4fcNs+ezICNLUMbKGKfKX0j//U2K0X1S0E0T9YgOKBWYi+wONG
-kyT+kL0mojAt6JcmVzWJdJYY9hXiryQZVgICsroPFOrGimbBhkVVi76Svpyk
-BMdJPJ7oKXqJ1/6v/2j1pReQvayZzKWGVwlnRtvWFsJG8eSpUPWP0ZIV018+
-xgBJOm5YstHRJw0lyDL4IBHNfTIzSJRUTN3cecQwn+uOuFW114hcxWokPbLT
-BQNRxgfvzBRydD1ucs4YKIxKoHflCStFREest2d/AYoFWpO+ocH/+OcOZ6RH
-SXZddZAa9SaP8A==
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/Certigna.crt b/cert-validity/mozilla/builtin-certs/Certigna.crt
deleted file mode 100644
index 77972ba8296c..000000000000
--- a/cert-validity/mozilla/builtin-certs/Certigna.crt
+++ /dev/null
@@ -1,23 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDqDCCApCgAwIBAgIJAP7c4wEPyUj/MA0GCSqGSIb3DQEBBQUAMDQxCzAJ
-BgNVBAYTAkZSMRIwEAYDVQQKDAlEaGlteW90aXMxETAPBgNVBAMMCENlcnRp
-Z25hMB4XDTA3MDYyOTE1MTMwNVoXDTI3MDYyOTE1MTMwNVowNDELMAkGA1UE
-BhMCRlIxEjAQBgNVBAoMCURoaW15b3RpczERMA8GA1UEAwwIQ2VydGlnbmEw
-ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIaPHJ1tazNHUmgh7s
-tL7qXOEm7RFHYeGifBZ4QCHkYJ5ayGPhxLGWkv8YbWkj4Sti993iNi+RB7lI
-zw7sebYs5zRLcAglozyHGxnygQcPOJAZ0xH+hrTy0V4eHpbNgGzOOzGTtvKg
-0KmVEn2lmsxryIRWijOp5yIVUxbwzBfsV1/pogqYCd7jX5xv3EjjhQsVWqa6
-n6xI4wmy9/Qy3l40vhx4XUJbzg4ij02Q130yGLMLLGq/jj8UEYkgDncUtT2U
-CIf3JR7VsmAA7G8qKCVuKj4YYxclPz5EIBb2JsglrgVKtOdjLPOMFlN+XPsR
-GgjBRmKfIrjxwo1p3Po6WAbfAgMBAAGjgbwwgbkwDwYDVR0TAQH/BAUwAwEB
-/zAdBgNVHQ4EFgQUGu3+QTmQtCRZvgHyUtVF9lo53BEwZAYDVR0jBF0wW4AU
-Gu3+QTmQtCRZvgHyUtVF9lo53BGhOKQ2MDQxCzAJBgNVBAYTAkZSMRIwEAYD
-VQQKDAlEaGlteW90aXMxETAPBgNVBAMMCENlcnRpZ25hggkA/tzjAQ/JSP8w
-DgYDVR0PAQH/BAQDAgEGMBEGCWCGSAGG+EIBAQQEAwIABzANBgkqhkiG9w0B
-AQUFAAOCAQEAhQMeknH2Qq/ho2Ge6/PAD/Kl1NqV5ta+aDY9fm4fTIrv0Q8h
-bV6lUmPOEvjvKtpv6zf+EwLHyzs+ImvaYS5/1HI93TDhHkxAGYwP15zRgzB7
-mFncfca5DClMoTOi62c6ZYTTluLtdkVwj7Ur3vkj1kluPBS1xp81HlDQwY9q
-cEQCYsuuHWhBp6pX6FOqB9IG9tUUBguRA3UsbHK1YZWaDYu5Def131TN3ubY
-1gkIl2PlwS6wt0QmwCbAr1UwnjvVNioZBPRcHv/PLLf/0P2HQBHVESO7SMAh
-qaQoLf0V+LBOK/QwWyH8EZE0vkHve52Xdf+XlcCWWC/qu0bXu+TZLg==
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/Certplus_Class_2_Primary_CA.crt b/cert-validity/mozilla/builtin-certs/Certplus_Class_2_Primary_CA.crt
deleted file mode 100644
index 60afd90bf519..000000000000
--- a/cert-validity/mozilla/builtin-certs/Certplus_Class_2_Primary_CA.crt
+++ /dev/null
@@ -1,23 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDkjCCAnqgAwIBAgIRAIW9S/PY2uNp9pTXX8OlRCMwDQYJKoZIhvcNAQEF
-BQAwPTELMAkGA1UEBhMCRlIxETAPBgNVBAoTCENlcnRwbHVzMRswGQYDVQQD
-ExJDbGFzcyAyIFByaW1hcnkgQ0EwHhcNOTkwNzA3MTcwNTAwWhcNMTkwNzA2
-MjM1OTU5WjA9MQswCQYDVQQGEwJGUjERMA8GA1UEChMIQ2VydHBsdXMxGzAZ
-BgNVBAMTEkNsYXNzIDIgUHJpbWFyeSBDQTCCASIwDQYJKoZIhvcNAQEBBQAD
-ggEPADCCAQoCggEBANxQltAS+DXSCHh6tlJw/W/uz7kRy1134ezpfgSN1sxv
-c0NXYKwzCkTsA18cgCSR5aiRVhKC9+Ar9NuuYS6JEI1rbLqzAr3VNsVINyPi
-8Fo3UjMXEuLRYE2+L0ER4/YXJQyLkcAbmXuZVg2v7tK8R1fjeUl7NIknJITe
-sezpWE7+Tt9avkGtrAjFGA7v0lPubNCdEgETjdyAYveVqUSISnFOYFWe2yMZ
-eVYHDD9jC1yw4r5+FfyUM1hBOHTE4Y+L3yasH7WLO7dDWWuwJKZtkIvEcupd
-M5i3y95ee++U8Rs+yskhwcWYAqqi9lt3m/V+llU0HGdpwPFC40es/CgcZlUC
-AwEAAaOBjDCBiTAPBgNVHRMECDAGAQH/AgEKMAsGA1UdDwQEAwIBBjAdBgNV
-HQ4EFgQU43Mt38sOKAze3bOkynm4jrvoMIkwEQYJYIZIAYb4QgEBBAQDAgEG
-MDcGA1UdHwQwMC4wLKAqoCiGJmh0dHA6Ly93d3cuY2VydHBsdXMuY29tL0NS
-TC9jbGFzczIuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQCnVM+IRBnL39R/AN9W
-M2K191EBkOvDP9GIROkkXe/nFL0gt5o8AP5tn9uQ3Nf0YtaLcF3n5QRIqWh8
-yfFC82x/xXp8HVGIutIKPidd3i1RTtMTZGnkLuPT55sJmabglZvOGtd/vjzO
-UrMRFcEPF80Du5wlFbqidon8BvEY0JNLDnyCt6X09l/+7UCmnYR0ObncHoUW
-2ikbhiMAybuJfm6AiB4vFLQDJKgybwOaRywwvlbGp0ICcBvqQNi6BQNwB6SW
-//1IMwrh3KWBkJtN3X3n57LNXMhqlfil9o3EXXgIvnsG1knPGTZQIy4I5p4F
-TUcY1Rbpsda2ENW7l7+ijrRU
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/Certum_Root_CA.crt b/cert-validity/mozilla/builtin-certs/Certum_Root_CA.crt
deleted file mode 100644
index 6f38777b08e8..000000000000
--- a/cert-validity/mozilla/builtin-certs/Certum_Root_CA.crt
+++ /dev/null
@@ -1,20 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDDDCCAfSgAwIBAgIDAQAgMA0GCSqGSIb3DQEBBQUAMD4xCzAJBgNVBAYT
-AlBMMRswGQYDVQQKExJVbml6ZXRvIFNwLiB6IG8uby4xEjAQBgNVBAMTCUNl
-cnR1bSBDQTAeFw0wMjA2MTExMDQ2MzlaFw0yNzA2MTExMDQ2MzlaMD4xCzAJ
-BgNVBAYTAlBMMRswGQYDVQQKExJVbml6ZXRvIFNwLiB6IG8uby4xEjAQBgNV
-BAMTCUNlcnR1bSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
-AM6xwS7TT3zNJc4YPk/EjG+AanPIW1H4m9LcuwBcsaD8dQPugfCI7iNS6eYV
-M42sLQnFdvkrOYCJ5JdLkKWoePhzQ3ukYbDYWMzhbGZ+nPMJXlVjhNWo7/Ox
-LjBos8Q82KxujZlakE403Daaj4GIULdtlkIJ89eVgw1BS7Bqa/j8D35in2fE
-7SZfECYPCE/wpFcozo+47UX2bu4lXapuOb7kky/ZR6By6/qmW6/KUz/iDsaW
-VhFu9+lmqSbYf5VT7QqFiLpPKaVCjF62/IUgAKpoC6EahQGcxEZjgoi2IrHu
-/qpGWX7PNSzVttpd90gzFFS269lvzs2I1qsb2pY7HVkCAwEAAaMTMBEwDwYD
-VR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAuI3O7+cUus/usESS
-bLQ5PqKEbq24IXfS1HeCh+YgQYHu4vgRt2PRFze+GXYkHAQaTOs9qmdvLdTN
-/mUxcMUbpgIKumB7bVjCmkn+YzILa+M6wKyrO7Do0wlRjBCDxjTgxSvgGrZg
-FCdsMneMvLJymM/NzD+5yCRCFNZX/OYmQ6kd5YCQzgNUKD73P9P4Te1qCjqT
-E5s7FCMTY5w/0YcneeVMUeMBrYVdGjux1XMQpNPyvG5k9VpWkKjHDkx0Dy5x
-O/fIR/RpbxXyEV6DHpx8Uq79AtoSqFlnGNu8cN2bsWntgM6JQEhqDjXKKWYV
-IZQs6GAqm4VKQPNriiTsBhYscw==
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/Chambers_of_Commerce_Root_-_2008.crt b/cert-validity/mozilla/builtin-certs/Chambers_of_Commerce_Root_-_2008.crt
deleted file mode 100644
index f9d9278f4d23..000000000000
--- a/cert-validity/mozilla/builtin-certs/Chambers_of_Commerce_Root_-_2008.crt
+++ /dev/null
@@ -1,44 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIHTzCCBTegAwIBAgIJAKPaQn6ksa7aMA0GCSqGSIb3DQEBBQUAMIGuMQsw
-CQYDVQQGEwJFVTFDMEEGA1UEBxM6TWFkcmlkIChzZWUgY3VycmVudCBhZGRy
-ZXNzIGF0IHd3dy5jYW1lcmZpcm1hLmNvbS9hZGRyZXNzKTESMBAGA1UEBRMJ
-QTgyNzQzMjg3MRswGQYDVQQKExJBQyBDYW1lcmZpcm1hIFMuQS4xKTAnBgNV
-BAMTIENoYW1iZXJzIG9mIENvbW1lcmNlIFJvb3QgLSAyMDA4MB4XDTA4MDgw
-MTEyMjk1MFoXDTM4MDczMTEyMjk1MFowga4xCzAJBgNVBAYTAkVVMUMwQQYD
-VQQHEzpNYWRyaWQgKHNlZSBjdXJyZW50IGFkZHJlc3MgYXQgd3d3LmNhbWVy
-ZmlybWEuY29tL2FkZHJlc3MpMRIwEAYDVQQFEwlBODI3NDMyODcxGzAZBgNV
-BAoTEkFDIENhbWVyZmlybWEgUy5BLjEpMCcGA1UEAxMgQ2hhbWJlcnMgb2Yg
-Q29tbWVyY2UgUm9vdCAtIDIwMDgwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw
-ggIKAoICAQCvAMtwNyuAWko6bHiUfaN/Gh/2NdW928sNRHI+JrKQUrpjOyhY
-b6WzbZSm891kDFX29ufyIiKAXuFixrYp4YFs8r/lfTJqVKAyGVn+H4vXPWCG
-hSRv4xGzdz4gljUha7MI2XAuZPeEklPWDrCQiorjh40G072QDuKZoRuGDtqa
-CrsLYVAGUvGef3bsyw/QHg3PmTA9HMRFEFis1tPo1+XqxQEHd9ZR5gN/ikil
-TWh1uem8nk4ZcfUyS5xtYBkL+8ydddy/Js2Pk3g5eXNeJQ7KXOt3EgfLZEFH
-cpOrUMPrCXZkNNI5t3YRCQ12RcSprj1qr7V9ZS+UWBDsXHyvfuK2GNnQm05a
-Sd+pZgvMPMZ4fKecHePOjlO+Bd5gD2vlGts/4+EhySnB8esHnFIbAURRPHsl
-18TlUlRdJQfKFiC4reRB7noI/plvg6aRArBsNlVq5331lubKgdaX8ZSD6e2w
-sWsSaR6s+12pxZjptFtYer49okQ6Y1nUCyXeG0+95QGezdIp1Z8XGQpvvwyQ
-0wlf2eOKNcx5Wk0ZN5K3xMGtr/R5JJqyAQuxr1yW84Ay+1w9mPGgP0revq+U
-LtlVmhduYJ1jbLhjya6BXBg14JC7vjxPNyK5fuvPnnchpj04gftI2jE9K+OJ
-9dC1vX7gUMQSibMjmhAxhduub+84Mxh2EQIDAQABo4IBbDCCAWgwEgYDVR0T
-AQH/BAgwBgEB/wIBDDAdBgNVHQ4EFgQU+SSsD7K1+HnA+mCIG8TZTQKeFxkw
-geMGA1UdIwSB2zCB2IAU+SSsD7K1+HnA+mCIG8TZTQKeFxmhgbSkgbEwga4x
-CzAJBgNVBAYTAkVVMUMwQQYDVQQHEzpNYWRyaWQgKHNlZSBjdXJyZW50IGFk
-ZHJlc3MgYXQgd3d3LmNhbWVyZmlybWEuY29tL2FkZHJlc3MpMRIwEAYDVQQF
-EwlBODI3NDMyODcxGzAZBgNVBAoTEkFDIENhbWVyZmlybWEgUy5BLjEpMCcG
-A1UEAxMgQ2hhbWJlcnMgb2YgQ29tbWVyY2UgUm9vdCAtIDIwMDiCCQCj2kJ+
-pLGu2jAOBgNVHQ8BAf8EBAMCAQYwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYI
-KwYBBQUHAgEWHGh0dHA6Ly9wb2xpY3kuY2FtZXJmaXJtYS5jb20wDQYJKoZI
-hvcNAQEFBQADggIBAJASryI1wqM58C7e6bXpeHxIvj99RZJe6dqxGfwWPJ+0
-W2aeaufDuV2I6A+tzyMP3iU6XsxPpcG1Lawk0lgH3qLPaYRgM+gQDROpI9CF
-5Y57pp49chNyM/WqfcZjHwj0/gF/JM8rLFQJ3uIrbZLGOU8W6jx+ekbURWpG
-qOt1glanq6B8aBMz9p0w8G8nOSQjKpD9kCk18pPfNKXG9/jvjA9iSnyu0/VU
-+I22mlaHFoI6M6taIgj3grrqLuBHmrS1RaMFO9ncLkVAO+rcf+g769HsJtg1
-pDDFOqxXnrN2pSB7+R5KBWIBpih1YJeSDW4+TTdDDZIVnBgizVGZoCkaPF+K
-MjNbMMeJL0eYD6MDxvbxrN8y8NmBGuScvfaAFPDRLLmF9dijscilIeUcE5fu
-Dr3fKanvNFNb0+RqE4QGtjICxFKuItLcsiFCGtpA8CnJ7AoMXOLQusxI0zcK
-zBIKinmwPQN/aUv0NCB9szTqjktk9T79syNnFQ0EuPAtwQlRPLJsFfClI9eD
-dOTlLsn+mCdCxqvGnrDQWzilm1DefhiYtUU79nm06PcaewaD+9CL2rvHvRir
-CG88gGtAPxkZumWK5r7VXNM21+9AUiRgOGcEMeyP84LG3rlV8zsxkVrctQgV
-rXYlCg17LofiDKYGvCYQbTed7N14jHyAxfDZd0jQ
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/ComSign_CA.crt b/cert-validity/mozilla/builtin-certs/ComSign_CA.crt
deleted file mode 100644
index 1510c0ad0bf6..000000000000
--- a/cert-validity/mozilla/builtin-certs/ComSign_CA.crt
+++ /dev/null
@@ -1,23 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDkzCCAnugAwIBAgIQFBOWgxRVjOp7Y+X8NId3RDANBgkqhkiG9w0BAQUF
-ADA0MRMwEQYDVQQDEwpDb21TaWduIENBMRAwDgYDVQQKEwdDb21TaWduMQsw
-CQYDVQQGEwJJTDAeFw0wNDAzMjQxMTMyMThaFw0yOTAzMTkxNTAyMThaMDQx
-EzARBgNVBAMTCkNvbVNpZ24gQ0ExEDAOBgNVBAoTB0NvbVNpZ24xCzAJBgNV
-BAYTAklMMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8ORUaSvT
-x49qROR+WCf4C9DklBKK8Rs4OC8fMZwG1Cyn3gsqrhqg455qv588x26i+Ytk
-bDqthVVRVKU4VbirgwTyP2Q298CNQ0NqZtH3FyrV7zb6MBBC11PN+fozc0yz
-6YQgitZBJzXkOPqUm7h65HkfM/sb2CEJKHxNGGleZIp6GZPKfuzzcuc3B1hZ
-KKxC+cX/zT/npfo4sdAMx9lSGlPWgcxCejVb7Us6eva1jsz/D3zkYDaHL63w
-oSV9/9JLEYhwVKZBqGdTUkJe5DSe5L6j7KpiXd3DTKaCQeQzC6zJMw9kglcq
-/QytNuEMrkvF7zuZ2SOzW120V+x0cAwqTwIDAQABo4GgMIGdMAwGA1UdEwQF
-MAMBAf8wPQYDVR0fBDYwNDAyoDCgLoYsaHR0cDovL2ZlZGlyLmNvbXNpZ24u
-Y28uaWwvY3JsL0NvbVNpZ25DQS5jcmwwDgYDVR0PAQH/BAQDAgGGMB8GA1Ud
-IwQYMBaAFEsBmz5WGmU2dst7l6qSBe4y5ygxMB0GA1UdDgQWBBRLAZs+Vhpl
-NnbLe5eqkgXuMucoMTANBgkqhkiG9w0BAQUFAAOCAQEA0Nmlfv4pYEWdfoPP
-brxHbvUanlR2QnG0PFg/LUAlQvaBnPGJEMgOqnhPOAlXsDzACPw1jvFIUY0M
-cXS6hMTXcpuEfDhOZAYnKuGntewImbQKDdSFc8gS4TXt8QUxHXOZDOuWyt3T
-5oWq8Ir7dcHyCTxlZWTzTNity4hp8+SDtwy9F1qWF8pb/627HOkthIDYIb6F
-UtnUdLlphbpN7Sgy6/lhSuTENh4Z3G+EER+V9YMoGKgzkkMn3V0TBEVPh9VG
-zT2ouvDzuFYkRes3x+F2T3I5GN9+dHLHcy056mDmrRGiVod7w2ia/viMcKjf
-ZTL0pECMocJEAw6UAGegcQCCSA==
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/ComSign_Secured_CA.crt b/cert-validity/mozilla/builtin-certs/ComSign_Secured_CA.crt
deleted file mode 100644
index 7ef8903b2f2e..000000000000
--- a/cert-validity/mozilla/builtin-certs/ComSign_Secured_CA.crt
+++ /dev/null
@@ -1,23 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDqzCCApOgAwIBAgIRAMcoRwmzuGxFjB36JPU2TukwDQYJKoZIhvcNAQEF
-BQAwPDEbMBkGA1UEAxMSQ29tU2lnbiBTZWN1cmVkIENBMRAwDgYDVQQKEwdD
-b21TaWduMQswCQYDVQQGEwJJTDAeFw0wNDAzMjQxMTM3MjBaFw0yOTAzMTYx
-NTA0NTZaMDwxGzAZBgNVBAMTEkNvbVNpZ24gU2VjdXJlZCBDQTEQMA4GA1UE
-ChMHQ29tU2lnbjELMAkGA1UEBhMCSUwwggEiMA0GCSqGSIb3DQEBAQUAA4IB
-DwAwggEKAoIBAQDGtWhfHZQVw6QIVS3joFd67+l0Kru5fFdJGhFeTymHDEjW
-aueP1H5XJLkGieQcPOqs49ohgHMhCu95mGwfCP+hUH3ymBvJVG8+pSjsIQQP
-RbsHPaHA+iqYHU4Gk/v1iDurX8sWv+bznkqH7Rnqwp9D5PGBpX8QTz7RSmKt
-UxvLg/8HZaWSLWapW7ha9B20IZFKF3ueMv5WJDmyVIRD9YTC2LxBkMyd1mja
-6YJQqTtoz7VdApRgFrFD2UNd3V2Hbuq7s8lr9gOUCXDeFhF6K+h2j0kQmHe5
-Y1yLM5d19guMsqtb3nQgJT/j8xH5h2iGNXHDHYwt6+UarA9z1YJZQIDTAgMB
-AAGjgacwgaQwDAYDVR0TBAUwAwEB/zBEBgNVHR8EPTA7MDmgN6A1hjNodHRw
-Oi8vZmVkaXIuY29tc2lnbi5jby5pbC9jcmwvQ29tU2lnblNlY3VyZWRDQS5j
-cmwwDgYDVR0PAQH/BAQDAgGGMB8GA1UdIwQYMBaAFMFL7XC29z58ADsAj8c+
-DkWfHl3sMB0GA1UdDgQWBBTBS+1wtvc+fAA7AI/HPg5Fnx5d7DANBgkqhkiG
-9w0BAQUFAAOCAQEAFs/ukhNQq3sUnjO2QiBq1BW9Cav8cujvR3qQrFHBZE7p
-iL1DRYHjZiM/EoZNGeQFsOY3wo3aBijJD4mkU6l1P7CW+6tMM1X5eCZGbxs2
-mPtCdsGCuY7e+0X5YxtiOzkGynd6qDwJz2w2PQ8KRUtpFhpFfTMDZflScZAm
-laxMDPWLkz/MdXSFmLr/YnpNH4n+rr2UAJm/EaXc4HnFFgt9AmEd6oX5AhVP
-51qJThRv4zdLhfXBPGHg/QVBspJ/wx2g0K5SZGBrGMYmnNj1ZOQ2GmKfig8+
-/21OGVZOIJFsnzQzOjRXUDpvgV4GxvU+fE6OK85lBi5d0ipTdF7Tbieejw==
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/Comodo_AAA_Services_root.crt b/cert-validity/mozilla/builtin-certs/Comodo_AAA_Services_root.crt
deleted file mode 100644
index 0d8b05edf561..000000000000
--- a/cert-validity/mozilla/builtin-certs/Comodo_AAA_Services_root.crt
+++ /dev/null
@@ -1,26 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEMjCCAxqgAwIBAgIBATANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJH
-QjEbMBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxm
-b3JkMRowGAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UEAwwYQUFB
-IENlcnRpZmljYXRlIFNlcnZpY2VzMB4XDTA0MDEwMTAwMDAwMFoXDTI4MTIz
-MTIzNTk1OVowezELMAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFu
-Y2hlc3RlcjEQMA4GA1UEBwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENB
-IExpbWl0ZWQxITAfBgNVBAMMGEFBQSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczCC
-ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL5AnfRu4ep2hxxNRUSO
-vkbIgwadwSr+GB+O5AL686tdUIoWMQuaBtDFcCLNSS1UY8y2bmhGC1Pqy0wk
-wLxyTurxFa70VJoSCsN6sjNg4tqJVfMiWPPe3M/vg4aijJRPn2jymJBGhCfH
-dr/jzDUsi14HZGWCwEiwqJH5YZ92IFCokcdmtet4YgNW8IoaE+oxox6gmf04
-9vYnMlhvB/VruPsUK6+3qszWY19zjNoFmag4qMsXeDZRrOme9Hg6jc8P2ULi
-mAyrL58OAd7vn5lJ8S3frHRNG5i1R8XlKdH5kBjHYpy+g8cmez6KJcfA3Z3m
-NWgQIJ2P2N7Sw4ScDV7oL8kCAwEAAaOBwDCBvTAdBgNVHQ4EFgQUoBEKIz6W
-8Qfs4q8p74Klf9AwpLQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMB
-Af8wewYDVR0fBHQwcjA4oDagNIYyaHR0cDovL2NybC5jb21vZG9jYS5jb20v
-QUFBQ2VydGlmaWNhdGVTZXJ2aWNlcy5jcmwwNqA0oDKGMGh0dHA6Ly9jcmwu
-Y29tb2RvLm5ldC9BQUFDZXJ0aWZpY2F0ZVNlcnZpY2VzLmNybDANBgkqhkiG
-9w0BAQUFAAOCAQEACFb8AvCb6P+k+tZ7xkSAzk/ExfYAWMymtrwUSWgEdujm
-7l3sAg9g1o1QGE8mTgHj5rCl7r+8dFRBv/38ErjHT1r0iWAFf2C3BUrz9vHC
-v8S5dIa2LX1rzNLzRt0vxuBqw8M0Ayx9lt1awg6nCpnBBYurDC/zXDrPbDdV
-CYfeU0BsWO/8tqtlbgT2G9w84FoVxp7Z8VlIMCFlA2zs6SFz7JsDoeA3raAV
-GI/6ugLOpyypEBMs1OUIJqsil2D4kF501KKaU73yqWjgom7C12yxow+ev+to
-51byrvLjKzg6CYG1a4XXvi3tPxq3smPi9WIsgtRqAEFQ8TmDn5XpNpaYbg==
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/Comodo_Secure_Services_root.crt b/cert-validity/mozilla/builtin-certs/Comodo_Secure_Services_root.crt
deleted file mode 100644
index 2531148b767d..000000000000
--- a/cert-validity/mozilla/builtin-certs/Comodo_Secure_Services_root.crt
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEPzCCAyegAwIBAgIBATANBgkqhkiG9w0BAQUFADB+MQswCQYDVQQGEwJH
-QjEbMBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxm
-b3JkMRowGAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEkMCIGA1UEAwwbU2Vj
-dXJlIENlcnRpZmljYXRlIFNlcnZpY2VzMB4XDTA0MDEwMTAwMDAwMFoXDTI4
-MTIzMTIzNTk1OVowfjELMAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIg
-TWFuY2hlc3RlcjEQMA4GA1UEBwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2Rv
-IENBIExpbWl0ZWQxJDAiBgNVBAMMG1NlY3VyZSBDZXJ0aWZpY2F0ZSBTZXJ2
-aWNlczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMBxM4KK0HDr
-c4eCQNUd5MvJDkKQ+d40uaG6EfQlhfPMcm3ye5drswfxdySRXyWP9nQ95IDC
-+DwN879A6vfIUtFyb+/Iq0G4bi4XKpVpDM3SHpR7LZQdqnXXs5jLrLxkU0C8
-j6ysNstcrbvd4JQX7NFc0L/vpZXJkMWwrPsbQ996CF23uPJAGysnnlDOXmWC
-iIxe004MeuoIkbY2qitC++rCoznl2yY4rYsK7hljxxwk3wN42ubqwUcaCwtG
-Cd0C/N7Lh1/XMGNooa7cMqG6vv5Eq2i2pRcV/b3Vp6ea5EQz6YiO/O1R65Nx
-Tq0B50SOqy3LqP4BSUjwwN3HaNiS/j0CAwEAAaOBxzCBxDAdBgNVHQ4EFgQU
-PNiTiMLAggnMAZkGkyDpnnAJY08wDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB
-/wQFMAMBAf8wgYEGA1UdHwR6MHgwO6A5oDeGNWh0dHA6Ly9jcmwuY29tb2Rv
-Y2EuY29tL1NlY3VyZUNlcnRpZmljYXRlU2VydmljZXMuY3JsMDmgN6A1hjNo
-dHRwOi8vY3JsLmNvbW9kby5uZXQvU2VjdXJlQ2VydGlmaWNhdGVTZXJ2aWNl
-cy5jcmwwDQYJKoZIhvcNAQEFBQADggEBAIcBbSMdflsXfcFhMs+P5/OKlFlm
-4J4oqF7Tt/Q05qo5spcWxYJvMqTpjOev/e/C6LlLqqP05tqNZSH7uoDrJiiF
-Gv45jN5bBAS0VPmjZ55B+glSzAVIqMk/IQQezkhr/IXownuvf7fM+F86/TXG
-De+X3EyrEeFryzHRbPtIgKvcnDe4IRRLDXE97IMzbtFuMhbsmMcWi1mmNKsF
-Vy2T96oTy9IT4rcuO81rUBcJaD61JlfutuC23bkpgHl9j6PwpCikFcSF9CfU
-a7/lXORlAnZUtOM3ZiTTGWHIUhDlizeauan5Hb/qmZJhlv8BzaFfDbxxvA6s
-Cx1HRR3B7Hzs/Sk=
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/Comodo_Trusted_Services_root.crt b/cert-validity/mozilla/builtin-certs/Comodo_Trusted_Services_root.crt
deleted file mode 100644
index 009bca2b74e7..000000000000
--- a/cert-validity/mozilla/builtin-certs/Comodo_Trusted_Services_root.crt
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEQzCCAyugAwIBAgIBATANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJH
-QjEbMBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxm
-b3JkMRowGAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDElMCMGA1UEAwwcVHJ1
-c3RlZCBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczAeFw0wNDAxMDEwMDAwMDBaFw0y
-ODEyMzEyMzU5NTlaMH8xCzAJBgNVBAYTAkdCMRswGQYDVQQIDBJHcmVhdGVy
-IE1hbmNoZXN0ZXIxEDAOBgNVBAcMB1NhbGZvcmQxGjAYBgNVBAoMEUNvbW9k
-byBDQSBMaW1pdGVkMSUwIwYDVQQDDBxUcnVzdGVkIENlcnRpZmljYXRlIFNl
-cnZpY2VzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA33FvNlhT
-WvI2VFeAxHQIIO0Yfyod5jWaHiWsnOWWfnJSoBVC21ndZHoa0Lh73TkVvFVI
-xO06AOoxEbrycXQaZ7jPM8yoMa+j49d/vzMtTGo87IvDktJTdyR0nAducPy9
-C1t2ul/y/9c3S0pgePfw+spwtOpZqqPOSC+pw7ILfhdyFgymBwwbOM/JYrc/
-oJOlh0Hyt3BAd9i+FHzjqMB6juljatEPmsbS9Is6FARW1O24zG71++IsWL1/
-T2sr92AkWCTOJu80kTrV44HQsvAEAtdbtz6SrGsSivnkBbA7kUlcsutT6vif
-R4buv5XAwAaf0lteERv0xwQ1KdJVXOTt6wIDAQABo4HJMIHGMB0GA1UdDgQW
-BBTFe1i97doladL3WRaoszLAeydb9DAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0T
-AQH/BAUwAwEB/zCBgwYDVR0fBHwwejA8oDqgOIY2aHR0cDovL2NybC5jb21v
-ZG9jYS5jb20vVHJ1c3RlZENlcnRpZmljYXRlU2VydmljZXMuY3JsMDqgOKA2
-hjRodHRwOi8vY3JsLmNvbW9kby5uZXQvVHJ1c3RlZENlcnRpZmljYXRlU2Vy
-dmljZXMuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQDIk4E7ibSvuIQSTI3S8Ntw
-uleGFTQQuS9/HrCoiWChisJ3DFBKmwCL2Iv0QeLQg4pKHBQGsKNoBXAxMKdT
-mw7pSqBYaWcOrp32pSxBvzwGa+RZzG0Q8ZZvH9/0BAKkn0U+yNj6NkZEUD+C
-l5EfKNsYEYwq5GWDVxISjBc/lDb+XbDABHcTuPQV1T84zJQ6VdCsmPW6AF/g
-hhmBeC8owH7TzEIK9a5QoNE+xqFx7D+gIIxmOom0jtTYsU0lR+4viMi14QVF
-wL4Ucd56/Y57fU0IlqUSc/AtyjcndBInTMu2l+nZrghtWjlA3QVHdWpaIbOj
-GM9O9y5Xt5hwXsjEeLBi
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/Cybertrust_Global_Root.crt b/cert-validity/mozilla/builtin-certs/Cybertrust_Global_Root.crt
deleted file mode 100644
index 0df28698c11e..000000000000
--- a/cert-validity/mozilla/builtin-certs/Cybertrust_Global_Root.crt
+++ /dev/null
@@ -1,23 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDoTCCAomgAwIBAgILBAAAAAABD4WqLUgwDQYJKoZIhvcNAQEFBQAwOzEY
-MBYGA1UEChMPQ3liZXJ0cnVzdCwgSW5jMR8wHQYDVQQDExZDeWJlcnRydXN0
-IEdsb2JhbCBSb290MB4XDTA2MTIxNTA4MDAwMFoXDTIxMTIxNTA4MDAwMFow
-OzEYMBYGA1UEChMPQ3liZXJ0cnVzdCwgSW5jMR8wHQYDVQQDExZDeWJlcnRy
-dXN0IEdsb2JhbCBSb290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
-AQEA+Mi8vRRQZhP/8NN57CPytxrHjoXxEnOmGaoQ25yiZXRadz5RfVb23CO2
-1O1fWLE3TdVJDm71aofW0ozSJ8bi/zafmGWgE07GKmSb1ZASzxQG9Dvj1Ci+
-6A74q05IlG2OlTEQXO2iLb3VOm2yHLtgwEZLAfVJrn5GitB0jaEMAs7u/OeP
-uGtm839EAL9mJRQr3RAwHQeWP032a7iPt3sMpTjr3kfb1V05/Iin89cqdPHo
-WqI7n1C6poxFNcJQZZXcY4Lv3b93TZxiyWNzFtApD0mpSPCzqrdsxacwOUBd
-rsTiXSZT8M4cIwhhqJQZugRiQOwfOHB3EgZxpzAYXSUnpQIDAQABo4GlMIGi
-MA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBS2
-CHsNesysIEyGVjJez6tuhS1wVzA/BgNVHR8EODA2MDSgMqAwhi5odHRwOi8v
-d3d3Mi5wdWJsaWMtdHJ1c3QuY29tL2NybC9jdC9jdHJvb3QuY3JsMB8GA1Ud
-IwQYMBaAFLYIew16zKwgTIZWMl7Pq26FLXBXMA0GCSqGSIb3DQEBBQUAA4IB
-AQBW7wojoFROlZfJ+InaRcHUowAl9B8Tq7ejhVhpwjCt2BWKLePJzYFa+HMj
-Wqd8BfP9IjsO0QbE2zZMcwSO5bAi5MXzLqXZI+O4Tkogp24CJJ8iYGd7ix1y
-CcUxXOl5n4BHPa2hCwcUPUf/A2kaDAtE52Mlp3+yybh2hO0j9n0Hq0V+09+z
-v+mKts2oomcrUtW3ZfA5TGOgkXmTUg9U3YO7n9GPp1Nzw8v/MOx8BLjYRB+T
-X3EJIrduPuocA06dGiBh+4E37F78CkWr1+cXVdCg6mCbpvbjjFspwgZgFJ0t
-l0ypkxWdYcQBX0jWWL1WMRJOEcgh4LMRkWXbtKaIOM5V
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/DST_ACES_CA_X6.crt b/cert-validity/mozilla/builtin-certs/DST_ACES_CA_X6.crt
deleted file mode 100644
index 436c98b8b0b5..000000000000
--- a/cert-validity/mozilla/builtin-certs/DST_ACES_CA_X6.crt
+++ /dev/null
@@ -1,26 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIECTCCAvGgAwIBAgIQDV6ZCtadt3js2AdWO4YV2TANBgkqhkiG9w0BAQUF
-ADBbMQswCQYDVQQGEwJVUzEgMB4GA1UEChMXRGlnaXRhbCBTaWduYXR1cmUg
-VHJ1c3QxETAPBgNVBAsTCERTVCBBQ0VTMRcwFQYDVQQDEw5EU1QgQUNFUyBD
-QSBYNjAeFw0wMzExMjAyMTE5NThaFw0xNzExMjAyMTE5NThaMFsxCzAJBgNV
-BAYTAlVTMSAwHgYDVQQKExdEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdDERMA8G
-A1UECxMIRFNUIEFDRVMxFzAVBgNVBAMTDkRTVCBBQ0VTIENBIFg2MIIBIjAN
-BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuT31LMmU3HWKlV1j6IR3dma5
-WZFcRt2SPp/5DgO0PWGSvSMmtWPuktKe1jzIDZBfZIGxqAgNTNj50wUoUrQB
-JcWVHAx+PhCEdc/BGZFjz+iokYi5Q1K7gLFViYsx+tC3dr5BPTCapCIlF3Po
-HuLTrCq9Wzgh1SpL11V94zpVvddtawJXa+ZHfAjIgrrep4c9oW24MFbCswKB
-Xy314powGCi4ZtPLAZZv6opFVdbgnf9nKxcCpk4aahELfrd755jWjHZvwTvb
-UJN+5dCOHze4vbrGn2zpfDPyMjwmR/onJALJfh1biEITajV8fTXpLmaRcpPV
-MibEdPVTo7NdmvYJywIDAQABo4HIMIHFMA8GA1UdEwEB/wQFMAMBAf8wDgYD
-VR0PAQH/BAQDAgHGMB8GA1UdEQQYMBaBFHBraS1vcHNAdHJ1c3Rkc3QuY29t
-MGIGA1UdIARbMFkwVwYKYIZIAWUDAgEBATBJMEcGCCsGAQUFBwIBFjtodHRw
-Oi8vd3d3LnRydXN0ZHN0LmNvbS9jZXJ0aWZpY2F0ZXMvcG9saWN5L0FDRVMt
-aW5kZXguaHRtbDAdBgNVHQ4EFgQUCXIGThhDD+XWzMNqizF7eI+og7gwDQYJ
-KoZIhvcNAQEFBQADggEBAKPYjtay284F5zLNAdMEA+V25FYrnJmQ6AgwbN99
-Pe7lv7UkQIRJ4dEorsTCOlMwiPH1d25Ryvr/ma8kXxug/fKshMrfqfBfBC6t
-Fr8hlxCBPeP/h40y3JTlR4peahPJlJU90u7INJXQgNStMgiAVDzgvVJT11J8
-smk/f3rPanTK+gQqnExaBqXpIK1FZg9p8d2/6eMyi/rgwYZNcjwu2JN4Cir4
-2NInPRmJX1p7ijvMDNpRrscL9yuwNwXsvFcj4jjSm2jzVhKIT0J8uDHEtdvk
-yCE06UgRNe76x5JXxZ805Mf29w4LTJxoeHtxMcfrHuBnQfO3oKfN5XozNmr6
-mis=
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/DST_Root_CA_X3.crt b/cert-validity/mozilla/builtin-certs/DST_Root_CA_X3.crt
deleted file mode 100644
index 68fbf9745bf6..000000000000
--- a/cert-validity/mozilla/builtin-certs/DST_Root_CA_X3.crt
+++ /dev/null
@@ -1,21 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUF
-ADA/MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAV
-BgNVBAMTDkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkz
-MDE0MDExNVowPzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3Qg
-Q28uMRcwFQYDVQQDEw5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEB
-BQADggEPADCCAQoCggEBAN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdA
-wRgUi+DoM3ZJKuM/IUmTrE4Orz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJ
-o6m67XMuegwGMoOifooUMM0RoOEqOLl5CjH9UL2AZd+3UWODyOKIYepLYYHs
-Umu5ouJLGiifSKOeDNoJjj4XLh7dIN9bxiqKqy69cK3FCxolkHRyxXtqqzTW
-MIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw7BZy1SbsOFU5Q9D8/RhcQPGX
-69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaDaeQQmxkqtilX4+U9m5/w
-Al0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw
-HQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqGSIb3DQEBBQUA
-A4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69ikugdB/O
-EIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXrAvHR
-AosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz
-R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJW
-FBM5JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06Xyx
-V3bqxbYoOb8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/Deutsche_Telekom_Root_CA_2.crt b/cert-validity/mozilla/builtin-certs/Deutsche_Telekom_Root_CA_2.crt
deleted file mode 100644
index 34a601cb1e98..000000000000
--- a/cert-validity/mozilla/builtin-certs/Deutsche_Telekom_Root_CA_2.crt
+++ /dev/null
@@ -1,23 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDnzCCAoegAwIBAgIBJjANBgkqhkiG9w0BAQUFADBxMQswCQYDVQQGEwJE
-RTEcMBoGA1UEChMTRGV1dHNjaGUgVGVsZWtvbSBBRzEfMB0GA1UECxMWVC1U
-ZWxlU2VjIFRydXN0IENlbnRlcjEjMCEGA1UEAxMaRGV1dHNjaGUgVGVsZWtv
-bSBSb290IENBIDIwHhcNOTkwNzA5MTIxMTAwWhcNMTkwNzA5MjM1OTAwWjBx
-MQswCQYDVQQGEwJERTEcMBoGA1UEChMTRGV1dHNjaGUgVGVsZWtvbSBBRzEf
-MB0GA1UECxMWVC1UZWxlU2VjIFRydXN0IENlbnRlcjEjMCEGA1UEAxMaRGV1
-dHNjaGUgVGVsZWtvbSBSb290IENBIDIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
-DwAwggEKAoIBAQCrC6M14IspFLEUha88EOQ5bzVdSq7d6mGNlUn0b2SjGmBm
-pKlAIoTZ1KXleJMOaAGtuU1cOs7TuKhCQN/Po7qCWWqSG6wcmtoIKyUn+Wkj
-R/Hg6yx6m/UTAtB+NHzCnjwAWav12gz1MjwrrFDa1sPeg5TKqAyZMg4ISFZb
-avva4VhYAUlfckE8FQYBjl2tqriTtM2e66foai1SNNs671x1Udrb8zH57nGY
-MsRUFUQM+ZtV7a3fGAigo4aKSe5TBY8ZTNXeWHmb0mocQqvF1afPaA+W5OFh
-mHZhyJF81j4A4pFQh+GdCuatl9Idxjp9y7zaAzTVjlsB9WoHtxa2bkp/AgMB
-AAGjQjBAMB0GA1UdDgQWBBQxw3kbuvVT1xfgiXotF2wKsyudMzAPBgNVHRME
-CDAGAQH/AgEFMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEA
-lGRZrTlk5ynrE/5aw4sTV8gEJPB0d8Bg42f76Ymmg7+Wgnxu1MM9756Abrsp
-tJh6sTtU6zkXR34ajgv8HzFZMQSyzhfzLMdiNlXiItiJVbSYSKpk+tYcNthE
-eFpaIzpXl/V6ME+un2pMSyuOoAPjPuCp1NJ70rOo4nI8rZ7/gFnkm0W09juw
-zTkZmDLl6iFhkOQxIY40sfcvNUqFENrnijchvllj4PKFiDFT1FQUhXB59C4G
-dyd1Lx+4ivn+xbrYNuSD7Odlt79jWvNGr4GUN9RBjNYj1h7P9WgbRGOiWrqn
-NVmh5XAFmw4jV5mUCm26OWMohpLzGITY+9HPBVZkVw==
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/DigiCert_Assured_ID_Root_CA.crt b/cert-validity/mozilla/builtin-certs/DigiCert_Assured_ID_Root_CA.crt
deleted file mode 100644
index 3d5dbae5d747..000000000000
--- a/cert-validity/mozilla/builtin-certs/DigiCert_Assured_ID_Root_CA.crt
+++ /dev/null
@@ -1,24 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDtzCCAp+gAwIBAgIQDOfg5RfYRv6P5WD8G/AwOTANBgkqhkiG9w0BAQUF
-ADBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYD
-VQQLExB3d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1
-cmVkIElEIFJvb3QgQ0EwHhcNMDYxMTEwMDAwMDAwWhcNMzExMTEwMDAwMDAw
-WjBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYD
-VQQLExB3d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1
-cmVkIElEIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
-AQCtDhXO5EOAXLGH87dg+XESpa7cJpSIqvTO9SA5KFhgDPiA2qkVlTJhPLWx
-KISKityfCgyDF3qPkKyK53lTXDGEKvYPmDI2dsze3Tyoou9q+yHyUmHfnyDX
-H+Kx2f4YZNISW1/5WBg1vEfNoTb5a3/UsDg+wRvDjDPZ2C8Y/igPs6eD1sNu
-RMBhNZYW/lmci3Zt1/GiSw0r/wty2p5g0I6QNcZ4VYcgoc/lbQrISXwxmDNs
-IumH0DJaoroTghHtORedmTpyoeb6pNnVFzF1roV9Iq4/AUaG9ih5yLHa5FcX
-xH4cDrC0kqZWs72yl+2qp/C3xag/lRbQ/6GW6whfGHdPAgMBAAGjYzBhMA4G
-A1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRF66Kv
-9JLLgjEtUYunpyGd823IDzAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYunpyGd
-823IDzANBgkqhkiG9w0BAQUFAAOCAQEAog683+Lt8ONyc3pklL/3cmbYMuRC
-dWKuh+vy1dneVrOfzM4UKLkNl2BcEkxY5NM9g0lFWJc1aRqoR+pWxnmrEthn
-gYTffwk8lOa4JiwgvT2zKIn3X/8i4peEH+ll74fg38FnSbNd67IJKusm7Xi+
-fT8r87cmNW1fiQG2SVufAQWbqz0lwcy2f8Lxb4bG+mRo64EtlOtCt/qMHt1i
-8b5QZ7dsvfPxH2sMNgcWfzd8qVttevESRmCD1ycEvkvOl77DZypoEd+A5wwz
-Zr8TDRRu838fYxAe+o0bJW1sj6W3YQGx0qMmoRBxna3iw/nDmVG3KwcIzi7m
-ULKn+gpFL6Lw8g==
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/DigiCert_Global_Root_CA.crt b/cert-validity/mozilla/builtin-certs/DigiCert_Global_Root_CA.crt
deleted file mode 100644
index 5117d96d327c..000000000000
--- a/cert-validity/mozilla/builtin-certs/DigiCert_Global_Root_CA.crt
+++ /dev/null
@@ -1,24 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUF
-ADBhMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYD
-VQQLExB3d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9i
-YWwgUm9vdCBDQTAeFw0wNjExMTAwMDAwMDBaFw0zMTExMTAwMDAwMDBaMGEx
-CzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsT
-EHd3dy5kaWdpY2VydC5jb20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBS
-b290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jvhEXLe
-qKTTo1eqUKKPC3eQyaKl7hLOllsBCSDMAZOnTjC3U/dDxGkAV53ijSLdhwZA
-AIEJzs4bg7/fzTtxRuLWZscFs3YnFo97nh6Vfe63SKMI2tavegw5BmV/Sl0f
-vBf4q77uKNd0f3p4mVmFaG5cIzJLv07A6Fpt43C/dxC//AH2hdmoRBBYMql1
-GNXRor5H4idq9Joz+EkIYIvUX7Q6hL+hqkpMfT7PT19sdl6gSzeRntwi5m3O
-FBqOasv+zbMUZBfHWymeMr/y7vrTC0LUq7dBMtoM1O/4gdW7jVg/tRvoSSii
-cNoxBN33shbyTApOB6jtSj1etX+jkMOvJwIDAQABo2MwYTAOBgNVHQ8BAf8E
-BAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA95QNVbRTLtm8KPi
-GxvDl7I90VUwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUwDQYJ
-KoZIhvcNAQEFBQADggEBAMucN6pIExIK+t1EnE9SsPTfrgT1eXkIoyQY/Esr
-hMAtudXH/vTBH1jLuG2cenTnmCmrEbXjcKChzUyImZOMkXDiqw8cvpOp/2PV
-5Adg06O/nVsJ8dWO41P0jmP6P6fbtGbfYmbW0W5BjfIttep3Sp+dWOIrWcBA
-I+0tKIJFPnlUkiaY4IBIqDfv8NZ5YBberOgOzW6sRBc4L0na4UU+Krk2U886
-UAb3LujEV0lsYSEY1QSteDwsOoBrp+uvFRTp2InBuThs4pFsiv9kuXclVzDA
-GySj4dzp30d8tbQkCAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWV
-bd4=
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/DigiCert_High_Assurance_EV_Root_CA.crt b/cert-validity/mozilla/builtin-certs/DigiCert_High_Assurance_EV_Root_CA.crt
deleted file mode 100644
index 3d7216fee41f..000000000000
--- a/cert-validity/mozilla/builtin-certs/DigiCert_High_Assurance_EV_Root_CA.crt
+++ /dev/null
@@ -1,24 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUF
-ADBsMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYD
-VQQLExB3d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdo
-IEFzc3VyYW5jZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAwMFoXDTMxMTEx
-MDAwMDAwMFowbDELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IElu
-YzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNl
-cnQgSGlnaCBBc3N1cmFuY2UgRVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEB
-BQADggEPADCCAQoCggEBAMbM5XPm+9S75S0tMqbf5YE/yc0lSbZxKsPVlDRn
-ogocsF9ppkCxxLeyj9CYpKlBWTrT3JTWPNt0OKRKzE0lgvdKpVMSOO7zSW1x
-kX5jtqumX8OkhPhPYlG++MXs2ziS4wblCJEMxChBVfvLWokVfnHoNb9Ncgk9
-vjo4UFt3MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFBIk5lYYeBQVCmeVyJ3hlK
-V9Uu5l0cUyx+mM0aBhakaHPQNAQTXKFx01p8VdteZOE3hzBWBOURtCmAEvF5
-OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUeh10aUAsgEsxBu24LUTi4
-S8sCAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8w
-HQYDVR0OBBYEFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaAFLE+
-w2kD+L9HAdSYJhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3Nec
-nzyIZgYIVyHbIUf4KmeqvxgydkAQV8GK83rZEWWONfqe/EW1ntlMMUu4kehD
-LI6zeM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFpmyPInngiK3BD41VH
-MWEZ71jFhS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkK
-mNEVX58Svnw2Yzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E
-1CAx2/S6cCZdkGCevEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN
-7EeqJSdnoDfzAIJ9VNep+OkuE6N36B9K
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/DigiNotar_Root_CA.crt b/cert-validity/mozilla/builtin-certs/DigiNotar_Root_CA.crt
deleted file mode 100644
index 261be1bd1ae6..000000000000
--- a/cert-validity/mozilla/builtin-certs/DigiNotar_Root_CA.crt
+++ /dev/null
@@ -1,34 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFijCCA3KgAwIBAgIQDHbanJEMTiye/hXQWJM8TDANBgkqhkiG9w0BAQUF
-ADBfMQswCQYDVQQGEwJOTDESMBAGA1UEChMJRGlnaU5vdGFyMRowGAYDVQQD
-ExFEaWdpTm90YXIgUm9vdCBDQTEgMB4GCSqGSIb3DQEJARYRaW5mb0BkaWdp
-bm90YXIubmwwHhcNMDcwNTE2MTcxOTM2WhcNMjUwMzMxMTgxOTIxWjBfMQsw
-CQYDVQQGEwJOTDESMBAGA1UEChMJRGlnaU5vdGFyMRowGAYDVQQDExFEaWdp
-Tm90YXIgUm9vdCBDQTEgMB4GCSqGSIb3DQEJARYRaW5mb0BkaWdpbm90YXIu
-bmwwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCssFjBAL3YIQgL
-K5r+blYwBZ8bd5AQQVzDDYcRd46B8cp86Yxq7Th0Nbva3/m7wAk3tJZzgX0z
-Gpg595NvlX89ubF1h7pRSOiLcD6VBMXYtsMW2YiwsYcdcNqGtA8Ui3rPENF0
-NqISe3eGSnnme98CEWilToauNFibJBN4ViIlHgGLS1Fx+4LMWZZpiFpoU8W5
-DQI3y0u8ZkqQfioLBQftFl9VkHXYRskbg+IIvvEjzJkd1ioPgyAVWCeCLvri
-IsJJsbkBgWqdbZ1Ad2h2TiEqbYRAhU52mXyC8/O3AlnUJgEbjt+tUwbRrhjd
-4rI6y9eIOI6sWym5GdOY+RgDz0iChmYLG2kPyes4iHomGgVMktck1JbyrFIt
-o0fVUvY//s6EBnCmqj6i8rZWNBhXouSBbefK8GrTx5FrAoNBfBXva5pkXuPQ
-POWx63tdhvvL5ndJzaNl3Pe5nLjkC1+Tz8wwGjIczhxjlaX56uF0i57pK6kw
-e6AYHw4YC+VbqdPRbB4HZ4+RS6mKvNJmqpMBiLKR+jFc1abBUggJzQpjotMi
-puih2TkGl/VujQKQjBR7P4DNG5y6xFhyI6+2Vp/GekIzKQc/gsnmHwUNzUwo
-NovTyD4cxojvXu6JZOkd69qJfjKmadHdzIif0dDJZiHcBmfFlHqabWJMfczg
-ZICynkeOowIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQE
-AwIBBjAdBgNVHQ4EFgQUiGi/4I41xDs4a2L3KDuEgcgM100wDQYJKoZIhvcN
-AQEFBQADggIBADsCjcs8MOhuoK3yc7NfniUTBAXT9uOLuwt5zlPe5JbF0a9z
-vNXD0EBVfEB/zRtfCdXyfJ9oHbtdzno5wozWmHvFg1Wo1X1AyuAe94leY12h
-E8JdiraKfADzI8PthV9xdvBoY6pFITlIYXg23PFDk9Qlx/KAZeFTAnVR/Ho6
-7zerhChXDNjU1JlWbOOi/lmEtDHoM/hklJRRl6s5xUvt2t2AC298KQ3Ejopy
-DedTFLJgQT2EkTFoPSdE2+Xe9PpjRchMPpj1P0G6Tss3DbpmmPHdy59c91Q2
-gmssvBNhl0L4eLvMyKKfyvBovWsdst+Nbwed2o5nx0ceyrm/KkKRt2NTZvFC
-o+H0Wk1Ya7XkpDOtXHAd3ODy63MUkZoDweoAZbwH/M8SESIsrqC9OuCiKthZ
-6SnTGDWkrBFfGbW1G/8iSlzGeuQX7yCpp/Q/rYqnmgQlnQ7KN+ZQ/YxCKQSa
-7LnPS3K94gg2ryMvYuXKAdNw23yCIywWMQzGNgeQerEfZ1jEO1hZibCMjFCz
-2IbLaKPECudpSyDOwR5WS5WpI2jYMNjD67BVUc3l/Su49bsRn1NU9jQZjHkJ
-NsphFyUXC4KYcwx3dMPVDceoEkzHp1RxRy4sGn3J4ys7SN4nhKdjNrN9j6Bk
-OSQNPXuHr2ZcdBtLc7LljPCGmbjlxd+Ewbfr
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/Digital_Signature_Trust_Co._Global_CA_1.crt b/cert-validity/mozilla/builtin-certs/Digital_Signature_Trust_Co._Global_CA_1.crt
deleted file mode 100644
index ac596d8f9613..000000000000
--- a/cert-validity/mozilla/builtin-certs/Digital_Signature_Trust_Co._Global_CA_1.crt
+++ /dev/null
@@ -1,21 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDKTCCApKgAwIBAgIENnAVljANBgkqhkiG9w0BAQUFADBGMQswCQYDVQQG
-EwJVUzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMREw
-DwYDVQQLEwhEU1RDQSBFMTAeFw05ODEyMTAxODEwMjNaFw0xODEyMTAxODQw
-MjNaMEYxCzAJBgNVBAYTAlVTMSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVy
-ZSBUcnVzdCBDby4xETAPBgNVBAsTCERTVENBIEUxMIGdMA0GCSqGSIb3DQEB
-AQUAA4GLADCBhwKBgQCgbIGpzzQeJN3+hijM3oMv+V7UQtLodGBmE5gGHKlR
-EmlvMVW5SXIACH7TpWJENySZj9mDSI+ZbZUTu0M7LklOiDfBu1h//uG9+Lth
-zfNHwJmm8fOR6Hh8AMthyUQncWlVSn5JTe2io74CTADKAqjuAQIxZA9SLRN0
-dja1erQtcQIBA6OCASQwggEgMBEGCWCGSAGG+EIBAQQEAwIABzBoBgNVHR8E
-YTBfMF2gW6BZpFcwVTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG0RpZ2l0YWwg
-U2lnbmF0dXJlIFRydXN0IENvLjERMA8GA1UECxMIRFNUQ0EgRTExDTALBgNV
-BAMTBENSTDEwKwYDVR0QBCQwIoAPMTk5ODEyMTAxODEwMjNagQ8yMDE4MTIx
-MDE4MTAyM1owCwYDVR0PBAQDAgEGMB8GA1UdIwQYMBaAFGp5fpFpRhgTCgJ3
-pVlbYJglDqL4MB0GA1UdDgQWBBRqeX6RaUYYEwoCd6VZW2CYJQ6i+DAMBgNV
-HRMEBTADAQH/MBkGCSqGSIb2fQdBAAQMMAobBFY0LjADAgSQMA0GCSqGSIb3
-DQEBBQUAA4GBACIS2Hod3IEGtgllsofIH160L+nEHvI8wbsEkBFKg05+k7lN
-QseSJqBcNJo4cvj9axY+IO6CizEqkzaFI4iKPANo08kJD038bKTaKHKTDomA
-sH3+gG9lbRgzl4vCa4nuYD3Im+9/KzJic5PLPON74nZ4RbyhkwS7hp86W0N6
-w4pl
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/Digital_Signature_Trust_Co._Global_CA_3.crt b/cert-validity/mozilla/builtin-certs/Digital_Signature_Trust_Co._Global_CA_3.crt
deleted file mode 100644
index bf437fefaa3f..000000000000
--- a/cert-validity/mozilla/builtin-certs/Digital_Signature_Trust_Co._Global_CA_3.crt
+++ /dev/null
@@ -1,21 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDKTCCApKgAwIBAgIENm7TzjANBgkqhkiG9w0BAQUFADBGMQswCQYDVQQG
-EwJVUzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMREw
-DwYDVQQLEwhEU1RDQSBFMjAeFw05ODEyMDkxOTE3MjZaFw0xODEyMDkxOTQ3
-MjZaMEYxCzAJBgNVBAYTAlVTMSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVy
-ZSBUcnVzdCBDby4xETAPBgNVBAsTCERTVENBIEUyMIGdMA0GCSqGSIb3DQEB
-AQUAA4GLADCBhwKBgQC/k48Xku8zExjrEH9OFr//Bo8qhbxe+SSmJIi2A7fB
-w18DW9Fvrn5C6mYjuGODVvsoLeE4i7TuqAHhzhy2iCoiRoX7n6dwqUcUP87e
-ZfCocfdPJmyMvMa1795JJ/9IKn3oTQPMx7JSxhcxEzu1TdvIxPbDDyQq2gyd
-55FbgM2UnQIBA6OCASQwggEgMBEGCWCGSAGG+EIBAQQEAwIABzBoBgNVHR8E
-YTBfMF2gW6BZpFcwVTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG0RpZ2l0YWwg
-U2lnbmF0dXJlIFRydXN0IENvLjERMA8GA1UECxMIRFNUQ0EgRTIxDTALBgNV
-BAMTBENSTDEwKwYDVR0QBCQwIoAPMTk5ODEyMDkxOTE3MjZagQ8yMDE4MTIw
-OTE5MTcyNlowCwYDVR0PBAQDAgEGMB8GA1UdIwQYMBaAFB6CTShlgDzJQW6s
-NS5ay97u+DlbMB0GA1UdDgQWBBQegk0oZYA8yUFurDUuWsve7vg5WzAMBgNV
-HRMEBTADAQH/MBkGCSqGSIb2fQdBAAQMMAobBFY0LjADAgSQMA0GCSqGSIb3
-DQEBBQUAA4GBAEeNg61i8tuwnkUiBbmi1gMOOHLnnvx75pO2mqWilMg0HZHR
-xdf0CiUPPXiBng+xZ8SQTGPdXqfiup/1902lMXucKS1M/mQ+7LZT/uqb7YLb
-dHVLB3luHtgZg3Pe9T7Qtd7nS2h9Qy4qIOF+oHhEngj1mPnHfxsb1gYgAlih
-w6ID
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/E-Guven_Kok_Elektronik_Sertifika_Hizmet_Saglayicisi.crt b/cert-validity/mozilla/builtin-certs/E-Guven_Kok_Elektronik_Sertifika_Hizmet_Saglayicisi.crt
deleted file mode 100644
index 3a8a333e3b37..000000000000
--- a/cert-validity/mozilla/builtin-certs/E-Guven_Kok_Elektronik_Sertifika_Hizmet_Saglayicisi.crt
+++ /dev/null
@@ -1,24 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDtjCCAp6gAwIBAgIQRJmNPMADJ72cdpW56tustTANBgkqhkiG9w0BAQUF
-ADB1MQswCQYDVQQGEwJUUjEoMCYGA1UEChMfRWxla3Ryb25payBCaWxnaSBH
-dXZlbmxpZ2kgQS5TLjE8MDoGA1UEAxMzZS1HdXZlbiBLb2sgRWxla3Ryb25p
-ayBTZXJ0aWZpa2EgSGl6bWV0IFNhZ2xheWljaXNpMB4XDTA3MDEwNDExMzI0
-OFoXDTE3MDEwNDExMzI0OFowdTELMAkGA1UEBhMCVFIxKDAmBgNVBAoTH0Vs
-ZWt0cm9uaWsgQmlsZ2kgR3V2ZW5saWdpIEEuUy4xPDA6BgNVBAMTM2UtR3V2
-ZW4gS29rIEVsZWt0cm9uaWsgU2VydGlmaWthIEhpem1ldCBTYWdsYXlpY2lz
-aTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMMSIJ6wXgBljU5G
-u4Bc6SwGl9XzcslwuedLZYDBS75+PNdUMZTe1RK6UxYC6lhj71vY8+0qGqpx
-SKPcEC1fX+tcS5yWCEIlKBHMilpiAVDV6wlTL/jDj/6z/P2douNffb7tC+Bg
-62nsM+3YjfsSSYMAyYuXjDtzKjKzEve5TfL0TW3H5tYmNwjy2f1rXKPlSFxY
-vEK+A1qBuhw1DADT9SN+cTAIJjjcJRFHLfO6IxClv7wC90Nex/6wN1CZew+T
-zuZDLMN+DfIcQ2Zgy2ExR4ejT669VmxMvLz4Bcpk9Ok0oSy1c+HCPujIyTQl
-CFzz7abHlJ+tiEMl1+E5YP6sOVkCAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEG
-MA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFJ/uRLOU1fqRTy7ZVZoEVtst
-xNulMA0GCSqGSIb3DQEBBQUAA4IBAQB/X7lTW2M9dTLn+sR0GstG30ZpHFLP
-qk/CaOv/gKlR6D1id4k9CnU58W5dF4dvaAXBlGzZXd/aslnLpRCKysw5zZ/r
-Tt5S/wzw9JKp8mxTq5vSR6AfdPebmvEvFZ96ZDAYBzwqD2fK/A+JYZ1lpTzl
-vBNbCNvj/+27BrtqBrF6T2XGgv0enIu1De5Iu7i9qgi0+6N8y5/NkHZchpZ4
-Vwpm+Vganf2XKWDeEaaQHBkc7gGWIjQ0LpH5t8Qn0Xvmv/uARFoW5evg1Ao4
-vOSR49XrXMGs3xtqfJ7lddK2l4fbzIcrQzqECK+rPNv3PGYxhrCdU3nt+CPe
-QuMtgvEP5fqX
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/EBG_Elektronik_Sertifika_Hizmet_SaxC4x9Flayxc4xb1x63xc4xb1sxc4xb1.crt b/cert-validity/mozilla/builtin-certs/EBG_Elektronik_Sertifika_Hizmet_SaxC4x9Flayxc4xb1x63xc4xb1sxc4xb1.crt
deleted file mode 100644
index 8054d969745b..000000000000
--- a/cert-validity/mozilla/builtin-certs/EBG_Elektronik_Sertifika_Hizmet_SaxC4x9Flayxc4xb1x63xc4xb1sxc4xb1.crt
+++ /dev/null
@@ -1,36 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIF5zCCA8+gAwIBAgIITK9zQhyOdAIwDQYJKoZIhvcNAQEFBQAwgYAxODA2
-BgNVBAMML0VCRyBFbGVrdHJvbmlrIFNlcnRpZmlrYSBIaXptZXQgU2HEn2xh
-ecSxY8Sxc8SxMTcwNQYDVQQKDC5FQkcgQmlsacWfaW0gVGVrbm9sb2ppbGVy
-aSB2ZSBIaXptZXRsZXJpIEEuxZ4uMQswCQYDVQQGEwJUUjAeFw0wNjA4MTcw
-MDIxMDlaFw0xNjA4MTQwMDMxMDlaMIGAMTgwNgYDVQQDDC9FQkcgRWxla3Ry
-b25payBTZXJ0aWZpa2EgSGl6bWV0IFNhxJ9sYXnEsWPEsXPEsTE3MDUGA1UE
-CgwuRUJHIEJpbGnFn2ltIFRla25vbG9qaWxlcmkgdmUgSGl6bWV0bGVyaSBB
-LsWeLjELMAkGA1UEBhMCVFIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK
-AoICAQDuoIRh0DpqZhAy2DE4f6en5f2h4fuXd7hxlugTlkaDT7byX3JWbhNg
-pQGR4lvFzVcfd2NR/y8927k/qqk153nQ9dAktiHq6yOU/im/+4mRDGSaBUor
-zAzu8T2bgmmkTPiab+ci2hC6X5L8GCcKqKpE+i4stPtGmggDg3KriORqcsnl
-ZR9uKg+ds+g75AxuetpX/dfreYteIAbTdgtsApWjluTLdlHRKJ2hGvxEok3M
-enaoDT2/F08iiFD9rrbskFBKW5+VQarKD7JK/oCZTqNGFav4c0JqwmZ2sQom
-Fd2TkuzbqV9UIlKRcF0T6kjsbgNs2d1s/OsNA/+mgxKb8amTD8UmTDGyY5lh
-cucqZJnSuOl14nypqZoaqsNW2xCaPINStnuWt6yHd6i58mcLlEOzrz5z+kI2
-sSXFCjEmN1ZnuqMLfdb3ic1nobc6HmZP9qBVFCVMLDMNpkGMvQQxahByCp0O
-Lna9XvNRiYuoP1Vzv9s6xiQFlpJIqkuNKgPlV5EQ9GooFW5Hd4RcUXSfGenm
-HmMWOeMRFeNYGkS9y8RsZteEBt8w9DeiQyJ50hBs37vmExH8nYQKE3vwO9D8
-owrXieqWfo1IhR5kX9tUoqzVegJ5a9KK8GfaZXINFHDk6Y54jzJ0fFfy1tb0
-Nokb+Clsi7n2l9GkLqq+CxnCRelwXQIDAJ3Zo2MwYTAPBgNVHRMBAf8EBTAD
-AQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQU587GT/wWZ5b6SqMHwQSn
-y2re2kcwHwYDVR0jBBgwFoAU587GT/wWZ5b6SqMHwQSny2re2kcwDQYJKoZI
-hvcNAQEFBQADggIBAJuYml2+8ygjdsZs93/mQJ7ANtyVDR2tFcU22NU57/Ie
-Il6zgrRdu0waypIN30ckHrMk2pGI6YNw3ZPX6bqz3xZaPt7gyPvT/Wwp+BVG
-oGgmzJNSroIBk5DKd8pNSe/iWtkqvTDOTLKBtjDOWU/aWR1qeqRFsIImgYZ2
-9fUQALjuswnoT4cCB64kXPBfrAowzIpAoHMEwfuJJPaaHFy3PApnNgUIMbOv
-2AFoKuB4j3TeuFGkjGwgPaL7s9QJ/XvCgKqTbCmYIai7FvOpEl90tYeY8pUm
-3zTvilORiF0alKM/fCL414i6poyWqD1SNGKfAB5UVUJnxk1Gj7sURT0KlhaO
-EKGXmdXTMIXM3rRyt7yKPBgpaP3ccQfuJDlq+u2lrDgv+R4QDgZxGhBM/nV+
-/x5XOULK1+EVoVZVWRvRo68R2E7DpSvvkL/A7IITW43WciyTTo9qKd+FPNMN
-4KIYEsxVL0e3p5sC/kH2iExt2qkBR4NkJ2IQgtYSe14DHzSpyZH+r11thie3
-I6p1GMog57AP14kOpmciY/SDQSsGS7tY1dHXt7kQY9iJSrSq3RZj9W6+YKH4
-7ejWkE8axsWgKdOnIaj1Wjz3x0miIZpKlVIglnKaZsv30oZDfCK+lvm9AahH
-3eU7QPl1K5srRmSGjR70j/sHd9DqSaIcjVIUpgqT
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/Entrust.net_Global_Secure_Personal_CA.crt b/cert-validity/mozilla/builtin-certs/Entrust.net_Global_Secure_Personal_CA.crt
deleted file mode 100644
index e041d3443e60..000000000000
--- a/cert-validity/mozilla/builtin-certs/Entrust.net_Global_Secure_Personal_CA.crt
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEgzCCA+ygAwIBAgIEOJ725DANBgkqhkiG9w0BAQQFADCBtDEUMBIGA1UE
-ChMLRW50cnVzdC5uZXQxQDA+BgNVBAsUN3d3dy5lbnRydXN0Lm5ldC9HQ0NB
-X0NQUyBpbmNvcnAuIGJ5IHJlZi4gKGxpbWl0cyBsaWFiLikxJTAjBgNVBAsT
-HChjKSAyMDAwIEVudHJ1c3QubmV0IExpbWl0ZWQxMzAxBgNVBAMTKkVudHJ1
-c3QubmV0IENsaWVudCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wMDAy
-MDcxNjE2NDBaFw0yMDAyMDcxNjQ2NDBaMIG0MRQwEgYDVQQKEwtFbnRydXN0
-Lm5ldDFAMD4GA1UECxQ3d3d3LmVudHJ1c3QubmV0L0dDQ0FfQ1BTIGluY29y
-cC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTElMCMGA1UECxMcKGMpIDIwMDAg
-RW50cnVzdC5uZXQgTGltaXRlZDEzMDEGA1UEAxMqRW50cnVzdC5uZXQgQ2xp
-ZW50IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUA
-A4GNADCBiQKBgQCTdLS25MVL1qFof2LV7PdRV7NySpj10InJrWPNTTVRaoTU
-rcloeW+46xHbh65cJFET8VQlhK8pK5/jgOLZy93GRUk0iJBeAZfv6lOm3fzB
-3ksqJeTpNfpVBQbliXrqpBFXO/x8PTbNZzVtpKklWb1m9fkn5JVn1j+SgF7y
-NH0rhQIDAQABo4IBnjCCAZowEQYJYIZIAYb4QgEBBAQDAgAHMIHdBgNVHR8E
-gdUwgdIwgc+ggcyggcmkgcYwgcMxFDASBgNVBAoTC0VudHJ1c3QubmV0MUAw
-PgYDVQQLFDd3d3cuZW50cnVzdC5uZXQvR0NDQV9DUFMgaW5jb3JwLiBieSBy
-ZWYuIChsaW1pdHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMjAwMCBFbnRydXN0
-Lm5ldCBMaW1pdGVkMTMwMQYDVQQDEypFbnRydXN0Lm5ldCBDbGllbnQgQ2Vy
-dGlmaWNhdGlvbiBBdXRob3JpdHkxDTALBgNVBAMTBENSTDEwKwYDVR0QBCQw
-IoAPMjAwMDAyMDcxNjE2NDBagQ8yMDIwMDIwNzE2NDY0MFowCwYDVR0PBAQD
-AgEGMB8GA1UdIwQYMBaAFISLdP3FjcD/J20gN0V8/i3OutN9MB0GA1UdDgQW
-BBSEi3T9xY3A/ydtIDdFfP4tzrrTfTAMBgNVHRMEBTADAQH/MB0GCSqGSIb2
-fQdBAAQQMA4bCFY1LjA6NC4wAwIEkDANBgkqhkiG9w0BAQQFAAOBgQBObzWA
-O9GK9Q6nIMstZVXQkvTnhLUGJoMShAusO7JE7r3PQNsgDrpuFOow4DtifH+L
-a3xKp9U1PL6oXOpLu5OOgGarDyn9TS2/GpsKkMWr2tGzhtQvJFJcem3G8v7l
-TRowjJDyutdKPkN+1MhQGof4T4HHdguEOnKdzmVml64mXg==
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/Entrust.net_Global_Secure_Server_CA.crt b/cert-validity/mozilla/builtin-certs/Entrust.net_Global_Secure_Server_CA.crt
deleted file mode 100644
index 458ce6928386..000000000000
--- a/cert-validity/mozilla/builtin-certs/Entrust.net_Global_Secure_Server_CA.crt
+++ /dev/null
@@ -1,29 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIElTCCA/6gAwIBAgIEOJsRPDANBgkqhkiG9w0BAQQFADCBujEUMBIGA1UE
-ChMLRW50cnVzdC5uZXQxPzA9BgNVBAsUNnd3dy5lbnRydXN0Lm5ldC9TU0xf
-Q1BTIGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTElMCMGA1UECxMc
-KGMpIDIwMDAgRW50cnVzdC5uZXQgTGltaXRlZDE6MDgGA1UEAxMxRW50cnVz
-dC5uZXQgU2VjdXJlIFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAe
-Fw0wMDAyMDQxNzIwMDBaFw0yMDAyMDQxNzUwMDBaMIG6MRQwEgYDVQQKEwtF
-bnRydXN0Lm5ldDE/MD0GA1UECxQ2d3d3LmVudHJ1c3QubmV0L1NTTF9DUFMg
-aW5jb3JwLiBieSByZWYuIChsaW1pdHMgbGlhYi4pMSUwIwYDVQQLExwoYykg
-MjAwMCBFbnRydXN0Lm5ldCBMaW1pdGVkMTowOAYDVQQDEzFFbnRydXN0Lm5l
-dCBTZWN1cmUgU2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0G
-CSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHwV9OcfHO8GCGD9JYf9Mzly0XonUw
-tZZkJi9ow0SrqHXmAGc0V55lxyKbc+bT3QgON1WqJUaBbL3+qPZ1V1eMkGxK
-wz6LS0MKyRFWmponIpnPVZ5h2QLifLZ8OAfc439PmrkDQYC2dWcTC5/oVzbI
-XQA23mYU2m52H083jIITiQIDAQABo4IBpDCCAaAwEQYJYIZIAYb4QgEBBAQD
-AgAHMIHjBgNVHR8EgdswgdgwgdWggdKggc+kgcwwgckxFDASBgNVBAoTC0Vu
-dHJ1c3QubmV0MT8wPQYDVQQLFDZ3d3cuZW50cnVzdC5uZXQvU1NMX0NQUyBp
-bmNvcnAuIGJ5IHJlZi4gKGxpbWl0cyBsaWFiLikxJTAjBgNVBAsTHChjKSAy
-MDAwIEVudHJ1c3QubmV0IExpbWl0ZWQxOjA4BgNVBAMTMUVudHJ1c3QubmV0
-IFNlY3VyZSBTZXJ2ZXIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxDTALBgNV
-BAMTBENSTDEwKwYDVR0QBCQwIoAPMjAwMDAyMDQxNzIwMDBagQ8yMDIwMDIw
-NDE3NTAwMFowCwYDVR0PBAQDAgEGMB8GA1UdIwQYMBaAFMtswGvjuz7L/CKc
-/vuLkpyw8m4iMB0GA1UdDgQWBBTLbMBr47s+y/winP77i5KcsPJuIjAMBgNV
-HRMEBTADAQH/MB0GCSqGSIb2fQdBAAQQMA4bCFY1LjA6NC4wAwIEkDANBgkq
-hkiG9w0BAQQFAAOBgQBi24GRzsiad0Iv7L0no1MPUBvqTpLwqa+poLpIYcvv
-yQbvH9X07t9WLebKahlzqlO+krNQAraFJnJj2HVQYnUUt7NQGj/KEQALhUVp
-bbalrlHhStyCP2yMNLJ3a9kC9n8O6mUE8c1UyrrJzOCE98g+EZfTYAkYvAX/
-bIkz8OwVDw==
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/Entrust.net_Premium_2048_Secure_Server_CA.crt b/cert-validity/mozilla/builtin-certs/Entrust.net_Premium_2048_Secure_Server_CA.crt
deleted file mode 100644
index e71afc5ecf7c..000000000000
--- a/cert-validity/mozilla/builtin-certs/Entrust.net_Premium_2048_Secure_Server_CA.crt
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEXDCCA0SgAwIBAgIEOGO5ZjANBgkqhkiG9w0BAQUFADCBtDEUMBIGA1UE
-ChMLRW50cnVzdC5uZXQxQDA+BgNVBAsUN3d3dy5lbnRydXN0Lm5ldC9DUFNf
-MjA0OCBpbmNvcnAuIGJ5IHJlZi4gKGxpbWl0cyBsaWFiLikxJTAjBgNVBAsT
-HChjKSAxOTk5IEVudHJ1c3QubmV0IExpbWl0ZWQxMzAxBgNVBAMTKkVudHJ1
-c3QubmV0IENlcnRpZmljYXRpb24gQXV0aG9yaXR5ICgyMDQ4KTAeFw05OTEy
-MjQxNzUwNTFaFw0xOTEyMjQxODIwNTFaMIG0MRQwEgYDVQQKEwtFbnRydXN0
-Lm5ldDFAMD4GA1UECxQ3d3d3LmVudHJ1c3QubmV0L0NQU18yMDQ4IGluY29y
-cC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTElMCMGA1UECxMcKGMpIDE5OTkg
-RW50cnVzdC5uZXQgTGltaXRlZDEzMDEGA1UEAxMqRW50cnVzdC5uZXQgQ2Vy
-dGlmaWNhdGlvbiBBdXRob3JpdHkgKDIwNDgpMIIBIjANBgkqhkiG9w0BAQEF
-AAOCAQ8AMIIBCgKCAQEArU1LqRKGsuqjIAcVFmQqK0vRvwtKTY7tgHalZ7d4
-QMBzQshowNtTK91euHaYNZOLGp18EzoOH1u3Hs/lJBQesYGpjX24zGtLA/EC
-DNyrpUAkAH90lKGdCCmziAv1h3edVc3kw37XamSrhRSGlVuXMlBvPci6Zgzj
-/L24ScF2iUkZ/cCovYmjZy/Gn7xxGWC4LeksyZB2ZnuU4q941mVTXTzWnLLP
-KQP5L6RQstRIzgUyVYr9smRMDuSYB3Xbf9+5CFVghTAp+XtIpGmG4zU/HoZd
-enoVve8AjhUiVBcAkCaTvA5JaJG/+EfTnZVCwQ5N328mz8MYIWJmQ3DW1cAH
-4QIDAQABo3QwcjARBglghkgBhvhCAQEEBAMCAAcwHwYDVR0jBBgwFoAUVeSB
-0RGAvtiJuQijMfmhJAkWuXAwHQYDVR0OBBYEFFXkgdERgL7YibkIozH5oSQJ
-FrlwMB0GCSqGSIb2fQdBAAQQMA4bCFY1LjA6NC4wAwIEkDANBgkqhkiG9w0B
-AQUFAAOCAQEAWUesIYSKF8mciVMeuoCFGsY8Tj6xnLZ8xpJdGGQC49MGCBFh
-fGPjK50xA3B20qMooPS7mmNz7W3lKtvtFKkrxjYR0CvrB4ul2p5cGZ1WEvVU
-KcgF7bISKo30Axv/55IQh7A6tcOdBTcSo8f0FbnVpDkWm1M6I5HxqIKiaoho
-wXkCIryqptau37AUX7iH0N18f3v/rxzP5tsHrV7bhZ3QKw0z2wTR5klAEyt2
-+z7pnIkPFc4YsIV4IU9rTw76NmfNB/L/CNDi3tm/Kq+4h4YhPATKt5Rof888
-6ZjXOP/swNlQ8C5LWK5Gb9Auw2DaclVyvUxFnmG6v4SBkgPR0ml8xQ==
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/Entrust.net_Secure_Personal_CA.crt b/cert-validity/mozilla/builtin-certs/Entrust.net_Secure_Personal_CA.crt
deleted file mode 100644
index 6d6f364669bd..000000000000
--- a/cert-validity/mozilla/builtin-certs/Entrust.net_Secure_Personal_CA.crt
+++ /dev/null
@@ -1,31 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIE7TCCBFagAwIBAgIEOAOR7jANBgkqhkiG9w0BAQQFADCByTELMAkGA1UE
-BhMCVVMxFDASBgNVBAoTC0VudHJ1c3QubmV0MUgwRgYDVQQLFD93d3cuZW50
-cnVzdC5uZXQvQ2xpZW50X0NBX0luZm8vQ1BTIGluY29ycC4gYnkgcmVmLiBs
-aW1pdHMgbGlhYi4xJTAjBgNVBAsTHChjKSAxOTk5IEVudHJ1c3QubmV0IExp
-bWl0ZWQxMzAxBgNVBAMTKkVudHJ1c3QubmV0IENsaWVudCBDZXJ0aWZpY2F0
-aW9uIEF1dGhvcml0eTAeFw05OTEwMTIxOTI0MzBaFw0xOTEwMTIxOTU0MzBa
-MIHJMQswCQYDVQQGEwJVUzEUMBIGA1UEChMLRW50cnVzdC5uZXQxSDBGBgNV
-BAsUP3d3dy5lbnRydXN0Lm5ldC9DbGllbnRfQ0FfSW5mby9DUFMgaW5jb3Jw
-LiBieSByZWYuIGxpbWl0cyBsaWFiLjElMCMGA1UECxMcKGMpIDE5OTkgRW50
-cnVzdC5uZXQgTGltaXRlZDEzMDEGA1UEAxMqRW50cnVzdC5uZXQgQ2xpZW50
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGdMA0GCSqGSIb3DQEBAQUAA4GL
-ADCBhwKBgQDIOpleMRffrCdvkHvkGf9FozTC28GoT/Bo6oT9n3V5z8GKUZSv
-x1cDR2SerYIbWtp/N3hHuzeYEpbOxhN979IMMFGpOZ5V+Pux5zDeg7K6PvHV
-iTs7hbqqdCz+PzFur5GVbgbUB01LLFZHGARS2g4Qk79jkJvh34zmAqTmT173
-iwIBA6OCAeAwggHcMBEGCWCGSAGG+EIBAQQEAwIABzCCASIGA1UdHwSCARkw
-ggEVMIHkoIHhoIHepIHbMIHYMQswCQYDVQQGEwJVUzEUMBIGA1UEChMLRW50
-cnVzdC5uZXQxSDBGBgNVBAsUP3d3dy5lbnRydXN0Lm5ldC9DbGllbnRfQ0Ff
-SW5mby9DUFMgaW5jb3JwLiBieSByZWYuIGxpbWl0cyBsaWFiLjElMCMGA1UE
-CxMcKGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDEzMDEGA1UEAxMqRW50
-cnVzdC5uZXQgQ2xpZW50IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MQ0wCwYD
-VQQDEwRDUkwxMCygKqAohiZodHRwOi8vd3d3LmVudHJ1c3QubmV0L0NSTC9D
-bGllbnQxLmNybDArBgNVHRAEJDAigA8xOTk5MTAxMjE5MjQzMFqBDzIwMTkx
-MDEyMTkyNDMwWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUxPucKXuXzUyW
-/O5bs8qZdIuV6kwwHQYDVR0OBBYEFMT7nCl7l81MlvzuW7PKmXSLlepMMAwG
-A1UdEwQFMAMBAf8wGQYJKoZIhvZ9B0EABAwwChsEVjQuMAMCBJAwDQYJKoZI
-hvcNAQEEBQADgYEAP66K8ddmAwWePvrqHEa7pFuPeJoSSJn59DXeDDYHAmsQ
-OokUgZwxpnyyQbJq5wcBoUv5nyU7lsqZwz6hURzzwy5E97BnRqqS5TvaHBkU
-ODDV4qIxJS7x7EU47fgGWANzYrAQMY9Av2TgXD7FTx/aEkP/TOYGJqibGapE
-PHayXOw=
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/Entrust.net_Secure_Server_CA.crt b/cert-validity/mozilla/builtin-certs/Entrust.net_Secure_Server_CA.crt
deleted file mode 100644
index 56267570e28d..000000000000
--- a/cert-validity/mozilla/builtin-certs/Entrust.net_Secure_Server_CA.crt
+++ /dev/null
@@ -1,30 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIE2DCCBEGgAwIBAgIEN0rSQzANBgkqhkiG9w0BAQUFADCBwzELMAkGA1UE
-BhMCVVMxFDASBgNVBAoTC0VudHJ1c3QubmV0MTswOQYDVQQLEzJ3d3cuZW50
-cnVzdC5uZXQvQ1BTIGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTEl
-MCMGA1UECxMcKGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDE6MDgGA1UE
-AxMxRW50cnVzdC5uZXQgU2VjdXJlIFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1
-dGhvcml0eTAeFw05OTA1MjUxNjA5NDBaFw0xOTA1MjUxNjM5NDBaMIHDMQsw
-CQYDVQQGEwJVUzEUMBIGA1UEChMLRW50cnVzdC5uZXQxOzA5BgNVBAsTMnd3
-dy5lbnRydXN0Lm5ldC9DUFMgaW5jb3JwLiBieSByZWYuIChsaW1pdHMgbGlh
-Yi4pMSUwIwYDVQQLExwoYykgMTk5OSBFbnRydXN0Lm5ldCBMaW1pdGVkMTow
-OAYDVQQDEzFFbnRydXN0Lm5ldCBTZWN1cmUgU2VydmVyIENlcnRpZmljYXRp
-b24gQXV0aG9yaXR5MIGdMA0GCSqGSIb3DQEBAQUAA4GLADCBhwKBgQDNKIM0
-VBuJ8w+vN5Ex/68xYMmo6LIQaO2f55M28Qpku0f1BBc/I0dNxScZgSYMVHIN
-iC3ZH5oSn7yzcdOAGT9HZnuMNSjSuQrfJNqc1lB5gXpa0zf3wkrYKZImZNHk
-mGw6AIr1NJtl+O3jEP/9uElY3KDegjlrgbEWGWG5VLbmQwIBA6OCAdcwggHT
-MBEGCWCGSAGG+EIBAQQEAwIABzCCARkGA1UdHwSCARAwggEMMIHeoIHboIHY
-pIHVMIHSMQswCQYDVQQGEwJVUzEUMBIGA1UEChMLRW50cnVzdC5uZXQxOzA5
-BgNVBAsTMnd3dy5lbnRydXN0Lm5ldC9DUFMgaW5jb3JwLiBieSByZWYuIChs
-aW1pdHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMTk5OSBFbnRydXN0Lm5ldCBM
-aW1pdGVkMTowOAYDVQQDEzFFbnRydXN0Lm5ldCBTZWN1cmUgU2VydmVyIENl
-cnRpZmljYXRpb24gQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMCmgJ6AlhiNo
-dHRwOi8vd3d3LmVudHJ1c3QubmV0L0NSTC9uZXQxLmNybDArBgNVHRAEJDAi
-gA8xOTk5MDUyNTE2MDk0MFqBDzIwMTkwNTI1MTYwOTQwWjALBgNVHQ8EBAMC
-AQYwHwYDVR0jBBgwFoAU8BdiE1U9s/8KAGv7UISX8+1i0BowHQYDVR0OBBYE
-FPAXYhNVPbP/CgBr+1CEl/PtYtAaMAwGA1UdEwQFMAMBAf8wGQYJKoZIhvZ9
-B0EABAwwChsEVjQuMAMCBJAwDQYJKoZIhvcNAQEFBQADgYEAkNwwAvpkdMKn
-CqV8IY00F6j7Rw7/JXyNEwr75Ji174z4xRAN95K+8cPV1ZVqBLssziY2Zcgx
-xufuP+NXdYR6Ee9GTxj005i7qIcyunL2POI9n9cd2cNgQ4xYDiKWL2KjLB+6
-rQXvqzJ4h6BUcxm1XAX5Uj5tLUUL9wqT6u0G+bI=
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/Entrust_Root_Certification_Authority.crt b/cert-validity/mozilla/builtin-certs/Entrust_Root_Certification_Authority.crt
deleted file mode 100644
index c56bb9ce609a..000000000000
--- a/cert-validity/mozilla/builtin-certs/Entrust_Root_Certification_Authority.crt
+++ /dev/null
@@ -1,29 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEkTCCA3mgAwIBAgIERWtQVDANBgkqhkiG9w0BAQUFADCBsDELMAkGA1UE
-BhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xOTA3BgNVBAsTMHd3dy5l
-bnRydXN0Lm5ldC9DUFMgaXMgaW5jb3Jwb3JhdGVkIGJ5IHJlZmVyZW5jZTEf
-MB0GA1UECxMWKGMpIDIwMDYgRW50cnVzdCwgSW5jLjEtMCsGA1UEAxMkRW50
-cnVzdCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA2MTEyNzIw
-MjM0MloXDTI2MTEyNzIwNTM0MlowgbAxCzAJBgNVBAYTAlVTMRYwFAYDVQQK
-Ew1FbnRydXN0LCBJbmMuMTkwNwYDVQQLEzB3d3cuZW50cnVzdC5uZXQvQ1BT
-IGlzIGluY29ycG9yYXRlZCBieSByZWZlcmVuY2UxHzAdBgNVBAsTFihjKSAy
-MDA2IEVudHJ1c3QsIEluYy4xLTArBgNVBAMTJEVudHJ1c3QgUm9vdCBDZXJ0
-aWZpY2F0aW9uIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
-AQoCggEBALaVtkNC+sZtKm9I35RMOVcF7sN5EUFoNu3s/poBj6E4KPz3EEZm
-Lk0eGrEaTsbRwJWIsMn/MYszA9u3g3s+IIRe7bJWKKf44LlAcTfFy0cOlypo
-wCKVYhXbR9n10Cv/gkvJrT7eTNuQgFA/CYqEAOwwCj0Yzfv9KlmaI5UXLEWe
-H25DeW0MXJj+SKfFI0dcXv1u5x609mhF0YaDW6KKjbHjKYD+JXGIrb68j6xS
-lkuqUY3kEzEZ6E5Nn9uss2rVvDlUccp6en+Q3X0dgNmBu1kmwhH+5pPi94Dk
-Zfs0Nw4pgHBNrziGLp5/V6+eF67rHMsoIV+2HNjnogQi+dPa2MsCAwEAAaOB
-sDCBrTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zArBgNVHRAE
-JDAigA8yMDA2MTEyNzIwMjM0MlqBDzIwMjYxMTI3MjA1MzQyWjAfBgNVHSME
-GDAWgBRokORnpKZTgMeGZqTx90tD+4S9bTAdBgNVHQ4EFgQUaJDkZ6SmU4DH
-hmak8fdLQ/uEvW0wHQYJKoZIhvZ9B0EABBAwDhsIVjcuMTo0LjADAgSQMA0G
-CSqGSIb3DQEBBQUAA4IBAQCT1DCw1wMgKtD5Y+iRDAUgqV8ZyntyTtSx29CW
-+1RaGSwMCPeyvIWonX9tO1KzKtvn1ISMY/YPyyYBkVBs9F8U4pN0wBOeMDpQ
-47RgxRzwIkSNcUesyBrJ6ZuaAGAT/3B+XxFNSRuzFVJ7yVTav52Vr2ua2J7p
-8eRDjeIRRDq/r72DQnNSi6q7pynP9WQcCk3RvKqsnyrQ/39/2n3qse0wJcGE
-2jTSW3iDVuycNsMm4hH2Z0kdkquM++v/eu6FSqdQgPCnXEqULl8FmTxSQeDN
-tGPPAUO6nIPcj2A781q0tHuu2guQOHXvgR1m0vdXcDazv/wor3ElhVsT/h5/
-WrQ8
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/Equifax_Secure_CA.crt b/cert-validity/mozilla/builtin-certs/Equifax_Secure_CA.crt
deleted file mode 100644
index 9cebe1aca2c9..000000000000
--- a/cert-validity/mozilla/builtin-certs/Equifax_Secure_CA.crt
+++ /dev/null
@@ -1,20 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDIDCCAomgAwIBAgIENd70zzANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQG
-EwJVUzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1
-cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTk4MDgyMjE2NDE1MVoXDTE4
-MDgyMjE2NDE1MVowTjELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0VxdWlmYXgx
-LTArBgNVBAsTJEVxdWlmYXggU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0
-eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwV2xWGcIYu6gmi0fCG2R
-FGiYCh7+2gRvE4RiIcPRfM6fBeC4AfBONOziipUEZKzxa1NfBbPLZ4C/QgKO
-/t0BCezhABRP/PvwDN1Dulsr4R+AcJkVV5MW8Q+XarfCaCMczE1ZMKxRHjuv
-K9buY0V7xdlfUNLjUA86iOe/FP3gx7kCAwEAAaOCAQkwggEFMHAGA1UdHwRp
-MGcwZaBjoGGkXzBdMQswCQYDVQQGEwJVUzEQMA4GA1UEChMHRXF1aWZheDEt
-MCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5
-MQ0wCwYDVQQDEwRDUkwxMBoGA1UdEAQTMBGBDzIwMTgwODIyMTY0MTUxWjAL
-BgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUSOZo+SvSspXXR9gjIBBPM5iQn9Qw
-HQYDVR0OBBYEFEjmaPkr0rKV10fYIyAQTzOYkJ/UMAwGA1UdEwQFMAMBAf8w
-GgYJKoZIhvZ9B0EABA0wCxsFVjMuMGMDAgbAMA0GCSqGSIb3DQEBBQUAA4GB
-AFjOKer89961zgK5F7WF0bnj4JXMJTENAKaSbn+2kmOeUJXRmm/kEd5jhW6Y
-7qj/WsjTVbJmcVfewCHrPSqnI0kBBIZCe/zuf6IWUrVnZ9NA2zsmWLIodz2u
-FHdh1voqZiegDfqnc1zqcPGUIWVEX/r87yloqaKHee9570+sB3c4
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/Equifax_Secure_Global_eBusiness_CA.crt b/cert-validity/mozilla/builtin-certs/Equifax_Secure_Global_eBusiness_CA.crt
deleted file mode 100644
index 55b3e2c7cf98..000000000000
--- a/cert-validity/mozilla/builtin-certs/Equifax_Secure_Global_eBusiness_CA.crt
+++ /dev/null
@@ -1,17 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICkDCCAfmgAwIBAgIBATANBgkqhkiG9w0BAQQFADBaMQswCQYDVQQGEwJV
-UzEcMBoGA1UEChMTRXF1aWZheCBTZWN1cmUgSW5jLjEtMCsGA1UEAxMkRXF1
-aWZheCBTZWN1cmUgR2xvYmFsIGVCdXNpbmVzcyBDQS0xMB4XDTk5MDYyMTA0
-MDAwMFoXDTIwMDYyMTA0MDAwMFowWjELMAkGA1UEBhMCVVMxHDAaBgNVBAoT
-E0VxdWlmYXggU2VjdXJlIEluYy4xLTArBgNVBAMTJEVxdWlmYXggU2VjdXJl
-IEdsb2JhbCBlQnVzaW5lc3MgQ0EtMTCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
-gYkCgYEAuucXkAJlsTRVPEnCUdXfp9E3j9HngXNBUmCbnaEXJnitx7HoJpQy
-td4zjTov2/KaelpzmKNc6fuKcxtc58O/gGzNqfTWK8D3+ZmqY6KxRwIP1ORR
-OhI8bIpaVIRw28HFkM9yRcuoWcDNM50/o5brhTMhHD4ePmBudpxnhcXIw2EC
-AwEAAaNmMGQwEQYJYIZIAYb4QgEBBAQDAgAHMA8GA1UdEwEB/wQFMAMBAf8w
-HwYDVR0jBBgwFoAUvqigdHJQa0S3ySPY+6j/s1draGwwHQYDVR0OBBYEFL6o
-oHRyUGtEt8kj2Puo/7NXa2hsMA0GCSqGSIb3DQEBBAUAA4GBADDiAVGqx+pf
-2rnQZQ8w1j7aDRRJbpGTJxQx78T3LUX47Me/okENI7SS+RkAZ70Br83gcfxa
-z2TE4JaY0KNA4gGK7ycH8WUBikQtBmV1UsCGECAhX2xrD2yuCRyv8qIYNMR1
-pHMc8Y3c7635s3a0kr/clRAevsvIO1qEYBlWlKlV
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/Equifax_Secure_eBusiness_CA_1.crt b/cert-validity/mozilla/builtin-certs/Equifax_Secure_eBusiness_CA_1.crt
deleted file mode 100644
index acbc3989341e..000000000000
--- a/cert-validity/mozilla/builtin-certs/Equifax_Secure_eBusiness_CA_1.crt
+++ /dev/null
@@ -1,17 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICgjCCAeugAwIBAgIBBDANBgkqhkiG9w0BAQQFADBTMQswCQYDVQQGEwJV
-UzEcMBoGA1UEChMTRXF1aWZheCBTZWN1cmUgSW5jLjEmMCQGA1UEAxMdRXF1
-aWZheCBTZWN1cmUgZUJ1c2luZXNzIENBLTEwHhcNOTkwNjIxMDQwMDAwWhcN
-MjAwNjIxMDQwMDAwWjBTMQswCQYDVQQGEwJVUzEcMBoGA1UEChMTRXF1aWZh
-eCBTZWN1cmUgSW5jLjEmMCQGA1UEAxMdRXF1aWZheCBTZWN1cmUgZUJ1c2lu
-ZXNzIENBLTEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM4vGbwXt3fe
-k6lfWg0XTzQaDJj0ItlZ1MRoRvC0NcWFAyDGr0WlIVFFQesWWDYyb+JQYmT5
-/VGcqiTZ9J2DKocKIdMSODRsjQBuWqDZQu4aIZX5UkxVWsUPOE9G+m34LjXW
-HXzr4vCwdYDIqROsvojvOm6rXyo4YgKwEnv+j6YDAgMBAAGjZjBkMBEGCWCG
-SAGG+EIBAQQEAwIABzAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFEp4
-MlIR21kWNl7fwRQ2QGpHfEyhMB0GA1UdDgQWBBRKeDJSEdtZFjZe38EUNkBq
-R3xMoTANBgkqhkiG9w0BAQQFAAOBgQB1W6ibAxHm6VZMzfmpTMANmvPMZWnm
-JXbMWbfWVMMdzZmsGd20hdXgPfxiIKeES1hl8eL5lSE/9dR+WB5Hh1Q+WKG1
-tfgq73HnvMP2sUlG4tega+VWeponmHxGYhTnyfxuAxJ5gDgdSIKN/Bf+KpYr
-tWKmpj29f5JZzVoqgrI3eQ==
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/Equifax_Secure_eBusiness_CA_2.crt b/cert-validity/mozilla/builtin-certs/Equifax_Secure_eBusiness_CA_2.crt
deleted file mode 100644
index e549ef88c129..000000000000
--- a/cert-validity/mozilla/builtin-certs/Equifax_Secure_eBusiness_CA_2.crt
+++ /dev/null
@@ -1,20 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDIDCCAomgAwIBAgIEN3DPtTANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQG
-EwJVUzEXMBUGA1UEChMORXF1aWZheCBTZWN1cmUxJjAkBgNVBAsTHUVxdWlm
-YXggU2VjdXJlIGVCdXNpbmVzcyBDQS0yMB4XDTk5MDYyMzEyMTQ0NVoXDTE5
-MDYyMzEyMTQ0NVowTjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDkVxdWlmYXgg
-U2VjdXJlMSYwJAYDVQQLEx1FcXVpZmF4IFNlY3VyZSBlQnVzaW5lc3MgQ0Et
-MjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA5Dk5kx5SBhsoNviyoynF
-7Y6yEb3+6+e0dMKP/wXn2Z0GvxLIPw7y1tEkshHe0XMJitSxLJgJDR5QRrKD
-pkWNYmi7hRsgcDKqQM2mll/EcTc/BPO3QSQ5BxoeLmFYoBIL5aXfxavqN3HM
-HMg3OrmXUqesxWoklE6ce8/AatbfIb0CAwEAAaOCAQkwggEFMHAGA1UdHwRp
-MGcwZaBjoGGkXzBdMQswCQYDVQQGEwJVUzEXMBUGA1UEChMORXF1aWZheCBT
-ZWN1cmUxJjAkBgNVBAsTHUVxdWlmYXggU2VjdXJlIGVCdXNpbmVzcyBDQS0y
-MQ0wCwYDVQQDEwRDUkwxMBoGA1UdEAQTMBGBDzIwMTkwNjIzMTIxNDQ1WjAL
-BgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUUJ4L6q9euSBIplBqy/3YIHqngnYw
-HQYDVR0OBBYEFFCeC+qvXrkgSKZQasv92CB6p4J2MAwGA1UdEwQFMAMBAf8w
-GgYJKoZIhvZ9B0EABA0wCxsFVjMuMGMDAgbAMA0GCSqGSIb3DQEBBQUAA4GB
-AAyGgq3oThr1jokn4jVYPSm0B482UJW/bsGe68SQsoWou7dC4A8HOd/7npCy
-0cE+U58DRLB+S/Rv5Hwf5+Kx5Lia78O9zt4LMjTZ3ijtM2vE1Nc9ElirfQkt
-y3D1E4qUoSek1nDFbZS1yX2doNLGCEnZZpum0/QL3MUmV+GRMOrN
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/Firmaprofesional_Root_CA.crt b/cert-validity/mozilla/builtin-certs/Firmaprofesional_Root_CA.crt
deleted file mode 100644
index 0d4961461935..000000000000
--- a/cert-validity/mozilla/builtin-certs/Firmaprofesional_Root_CA.crt
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEVzCCAz+gAwIBAgIBATANBgkqhkiG9w0BAQUFADCBnTELMAkGA1UEBhMC
-RVMxIjAgBgNVBAcTGUMvIE11bnRhbmVyIDI0NCBCYXJjZWxvbmExQjBABgNV
-BAMTOUF1dG9yaWRhZCBkZSBDZXJ0aWZpY2FjaW9uIEZpcm1hcHJvZmVzaW9u
-YWwgQ0lGIEE2MjYzNDA2ODEmMCQGCSqGSIb3DQEJARYXY2FAZmlybWFwcm9m
-ZXNpb25hbC5jb20wHhcNMDExMDI0MjIwMDAwWhcNMTMxMDI0MjIwMDAwWjCB
-nTELMAkGA1UEBhMCRVMxIjAgBgNVBAcTGUMvIE11bnRhbmVyIDI0NCBCYXJj
-ZWxvbmExQjBABgNVBAMTOUF1dG9yaWRhZCBkZSBDZXJ0aWZpY2FjaW9uIEZp
-cm1hcHJvZmVzaW9uYWwgQ0lGIEE2MjYzNDA2ODEmMCQGCSqGSIb3DQEJARYX
-Y2FAZmlybWFwcm9mZXNpb25hbC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IB
-DwAwggEKAoIBAQDnIwNvbyOlXnjOlSztlB5uCp4Bx+ow0Syd3Tfom5h5VtP8
-c9/Qit5Vj1H5WuretXDE7aTt/6MNbg9kUDGvASdYrv5sp0ovFy3Tc9UTHI9Z
-pTQsHVQERc1ouKDAA6XPhUJHlShbz++AbOCQl4oBPB3zhxAwJkh91/zpnZFx
-/0GaqUC1N5wpIE8fUuOgfRNtVLcK3ulqTgesrBlf3H5idPayBQC6haD9HThu
-y1q7hryUZzM1gywfI834yJFxzJeL764P3CkDG8A563DtwW4O2GcLiam8NeTv
-tjS0pbbELaW+0MOUJEjb35bTALVmGotmBQ/dPz/LP6pemkr4tErvlTcbAgMB
-AAGjgZ8wgZwwKgYDVR0RBCMwIYYfaHR0cDovL3d3dy5maXJtYXByb2Zlc2lv
-bmFsLmNvbTASBgNVHRMBAf8ECDAGAQH/AgEBMCsGA1UdEAQkMCKADzIwMDEx
-MDI0MjIwMDAwWoEPMjAxMzEwMjQyMjAwMDBaMA4GA1UdDwEB/wQEAwIBBjAd
-BgNVHQ4EFgQUMwugZtHq2s7eYpMEKFK1FH84aLcwDQYJKoZIhvcNAQEFBQAD
-ggEBAEdz/o0nVPD11HecJ3lXV7cVVuzH2Fi3AQL0M+2TUIiefEaxvT8Ub/Gz
-R0iLjJcG1+p+o1wqu00vR+L4OQbJnC4xGgN49Lw4xiKLMzHwFgQEffl25EvX
-wOaD7FnMP97/T2u3Z36mhoEyIwOdyPdfwUpgpZKpsaSgYMN4h7Mi8yrrW6nt
-Bas3D7Hi05V2Y1Z0jFhyGzflZKG+TQyTmAyX9odtsz/ny4Cm7YjHX1BiAuiZ
-dBbQ5rQ58SfLyEDW44YQqSMSkuBpQWOnryULwMWSyx6Yo1q6xTMPoJcB3X/g
-e9YGVM+h4k0460tQtcsm9MracEpqoeJ5quGnM/b9Sh/22WA=
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/GTE_CyberTrust_Global_Root.crt b/cert-validity/mozilla/builtin-certs/GTE_CyberTrust_Global_Root.crt
deleted file mode 100644
index 63d8d23fe3ae..000000000000
--- a/cert-validity/mozilla/builtin-certs/GTE_CyberTrust_Global_Root.crt
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICWjCCAcMCAgGlMA0GCSqGSIb3DQEBBAUAMHUxCzAJBgNVBAYTAlVTMRgw
-FgYDVQQKEw9HVEUgQ29ycG9yYXRpb24xJzAlBgNVBAsTHkdURSBDeWJlclRy
-dXN0IFNvbHV0aW9ucywgSW5jLjEjMCEGA1UEAxMaR1RFIEN5YmVyVHJ1c3Qg
-R2xvYmFsIFJvb3QwHhcNOTgwODEzMDAyOTAwWhcNMTgwODEzMjM1OTAwWjB1
-MQswCQYDVQQGEwJVUzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW9uMScwJQYD
-VQQLEx5HVEUgQ3liZXJUcnVzdCBTb2x1dGlvbnMsIEluYy4xIzAhBgNVBAMT
-GkdURSBDeWJlclRydXN0IEdsb2JhbCBSb290MIGfMA0GCSqGSIb3DQEBAQUA
-A4GNADCBiQKBgQCVD6C28FCc6HrHiM3dFw4usJTQGz0O9pTAipTHBsiQl8i4
-ZBp6fmw8U+E3KHNgf7KXUwefU/ltWJTSr41tiGeA5u2ylc9yMcqlHHK6XALn
-ZELn+aks1joNrI1CqiQBOeacPwGFVw1Yh0X404Wqk2kmhXBIgD8SFcd5tB8F
-LztimQIDAQABMA0GCSqGSIb3DQEBBAUAA4GBAG3rGwnpXtlR22ciYaQqPEh3
-46B8pt5zohQDhT37qw4wxYMWM4ETCJ57NE7fQMh017l93PR2VX2bY1QY6fDq
-81yx2YtCHrnAlU66+tXifPVoYb+O7AWXX1uw16OFNMQkpw0PlZPvy5TYnh+d
-XIVtx6quTx8itc2VrbqnzPmrC3p/
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/GeoTrust_Global_CA.crt b/cert-validity/mozilla/builtin-certs/GeoTrust_Global_CA.crt
deleted file mode 100644
index 137a3c0b52c5..000000000000
--- a/cert-validity/mozilla/builtin-certs/GeoTrust_Global_CA.crt
+++ /dev/null
@@ -1,22 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDVDCCAjygAwIBAgIDAjRWMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYT
-AlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVz
-dCBHbG9iYWwgQ0EwHhcNMDIwNTIxMDQwMDAwWhcNMjIwNTIxMDQwMDAwWjBC
-MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UE
-AxMSR2VvVHJ1c3QgR2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
-MIIBCgKCAQEA2swYYzD99BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEH
-CIjaWC9mOSm9BXiLnTjoBbdqfnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlC
-GDUUna2YRpIuT8rxh0PBFpVXLVDviS2Aelet8u5fa9IAjbkU+BQVNdnARqN7
-csiRv8lVK83Qlz6cJmTM386DGXHKTubU1XupGc1V3sjs0l44U+VcT4wt/lAj
-Nvxm5suOpDkZALeVAjmRCw7+OC7RHQWa9k0+bw8HHa8sHo9gOeL6NlMTOdRe
-JivbPagUvTLrGAMoUgRx5aszPeE4uwc2hGKceeoWMPRfwCvocWvk+QIDAQAB
-o1MwUTAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTAephojYn7qwVkDBF9
-qn1luMrMTjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1luMrMTjANBgkq
-hkiG9w0BAQUFAAOCAQEANeMpauUvXVSOKVCUn5kaFOSPeCpilKInZ57Qzxpe
-R+nBsqTP3UEaBU6bS+5Kb1VSsyShNwrrZHYqLizz/Tt1kL/6cdjHPTfStQWV
-Yrmm3ok9Nns4d0iXrKYgjy6myQzCsplFAMfOEVEiIuCl6rYVSAlk6l5PdPcF
-PseKUgzbFbS9bZvlxrFUaKnjaZC2mqUPuLk/IH2uSrW4nOQdtqvmlKXBx4Ot
-2/Unhw4EbNX/3aBd7YdStysVAq45pmp06drE57xNNB6pXE0zX5IJL4hmXXeX
-xx12E6nV5fEWCRE11azbJHFwLJhWC9kXtNHjUStedejV0NxPNO3CBWaAocvm
-Mw==
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/GeoTrust_Global_CA_2.crt b/cert-validity/mozilla/builtin-certs/GeoTrust_Global_CA_2.crt
deleted file mode 100644
index a4e205c97366..000000000000
--- a/cert-validity/mozilla/builtin-certs/GeoTrust_Global_CA_2.crt
+++ /dev/null
@@ -1,22 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDZjCCAk6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBEMQswCQYDVQQGEwJV
-UzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEdMBsGA1UEAxMUR2VvVHJ1c3Qg
-R2xvYmFsIENBIDIwHhcNMDQwMzA0MDUwMDAwWhcNMTkwMzA0MDUwMDAwWjBE
-MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEdMBsGA1UE
-AxMUR2VvVHJ1c3QgR2xvYmFsIENBIDIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
-DwAwggEKAoIBAQDvPE1APRDfO1MA4Wf+lGAVPoWI8YkNkMgoI5kF6Csgncbz
-YEbYwbLVjDHZ3CB5JIG/NTL8Y2nbsSpr7iFY8gjpeMtvy/wWUsiRxP89c96x
-PqfCfWbB9X5SJBri1WeR0IIQ13hLTytCOb1kLUCgsBDTOEhGiKEMuzozKmKY
-+wCdE1l/bztyqu6mD4b5BWHqZ38MN5aL5mkWRxHCJ1kDs6ZgwiFAVvqgx306
-E+PsV8ez1q6diYD3Aecs9pYrEw15LNnA5IZ7S4wMcoKK+xfNAGw6EzywhIdL
-Fnopsk/bHdQL82Y3vdj2V7teJHq4PIu5+pIaGoSe2HSPqht/XvT+RSIhAgMB
-AAGjYzBhMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFHE4NvICMVNHK266
-ZUapEBVYIAUJMB8GA1UdIwQYMBaAFHE4NvICMVNHK266ZUapEBVYIAUJMA4G
-A1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQUFAAOCAQEAA/e1K6tdEPx7srJe
-rJsOflN4WT5CBP51o62sgU7XAotexC3IUnbHLB/8gTKY0UvGkpMzNTEv/Ngd
-RN3ggX+d6YvhZJFiCzkIjKx0nVnZellSlxG5FntvRdOW2TF9AjYPnDtuzywN
-A0ZF66D0f0hExghAzN4bcLUprbqLOzRldRtxIR0sFAqwlpW41uryZfspuk/q
-kZN0abby/+Ea0AzRdoXLiiW9l14sbxWZJue2Kf8i7MkCx1YAzUm5s2x7UwQa
-4qjJqhIFI8LO57sEAszAR6LkxCkvW0VXiVHuPOtSCP8HNR6fNWpHSlaY0VqF
-H4z1Ir+rzoPz4iIprn2DQKi6bA==
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/GeoTrust_Primary_Certification_Authority.crt b/cert-validity/mozilla/builtin-certs/GeoTrust_Primary_Certification_Authority.crt
deleted file mode 100644
index 87e35a884e92..000000000000
--- a/cert-validity/mozilla/builtin-certs/GeoTrust_Primary_Certification_Authority.crt
+++ /dev/null
@@ -1,22 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDfDCCAmSgAwIBAgIQGKy1av1pthU6Y2yv2vrEoTANBgkqhkiG9w0BAQUF
-ADBYMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjExMC8G
-A1UEAxMoR2VvVHJ1c3QgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0
-eTAeFw0wNjExMjcwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMFgxCzAJBgNVBAYT
-AlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMTEwLwYDVQQDEyhHZW9UcnVz
-dCBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG
-9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvrgVe//UfH1nrYNke8hCUy3f9oQIIGHW
-AVlqnEQRr+92/ZV+zmEwu3qDXwK9AWbK7hWNb6EwnL2hhZ6UOvNWiAAxz9ju
-apYC2e0DjPt1befquFUWBRaa9OBesYjAZIVcFU2Ix7e64HXprQU9nceJSOC7
-KMgD4TCTZF5SwFlwIjVXiIrxlQqD17wxcwE07e9GceBrAqg1cmuXm2bgyxx5
-X9gaBGgeRwLmnWDiNpcB3841kt++Z8dtd1k7j53WkBWUvEI0EME5+bEnPn7W
-inXFsq+W06Lem+SYvn3h6YGttm/81w7a4DSwDRp35+MImO9Y+pyEtzavwt+s
-0vQQBnBxNQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQE
-AwIBBjAdBgNVHQ4EFgQULNVQQZcVi/CPNmFbSvtr2ZnJM5IwDQYJKoZIhvcN
-AQEFBQADggEBAFpwfyzdtzRP9YZRqSa+S7iq8XEN3GHHoOo0Hnp3DwQ16CeP
-bJC/kRYkRj5KTs4rFtULUh38H2eiAkUxT87z+gOneZ1TatnaYzr4gNfTmeGl
-4b7UVXGYNTq+k+qurUKykG/g/CFNNWMziUnWm07Kx+dOCQD32sfvmWKZd7aV
-Il6KoKv0uHiYyjgZmclynnjNS6yvGaBzEi38wkG6gZHaFloxt/m0cYASSJly
-c1pZU8FjUjPtp8nSOQJw+uCxQmYpqptR7TBUIhRf2asdweSU8Pj1K/fqynhG
-1riR/aYNKxoUAT6A8EKglQdebc3MS6RFjasS6LPeWuWgfOgPIh1a6Vk=
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/GeoTrust_Primary_Certification_Authority_-_G2.crt b/cert-validity/mozilla/builtin-certs/GeoTrust_Primary_Certification_Authority_-_G2.crt
deleted file mode 100644
index 840a5965528c..000000000000
--- a/cert-validity/mozilla/builtin-certs/GeoTrust_Primary_Certification_Authority_-_G2.crt
+++ /dev/null
@@ -1,18 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICrjCCAjWgAwIBAgIQPLL0SAoA4v7rJDteYD7DazAKBggqhkjOPQQDAzCB
-mDELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xOTA3BgNV
-BAsTMChjKSAyMDA3IEdlb1RydXN0IEluYy4gLSBGb3IgYXV0aG9yaXplZCB1
-c2Ugb25seTE2MDQGA1UEAxMtR2VvVHJ1c3QgUHJpbWFyeSBDZXJ0aWZpY2F0
-aW9uIEF1dGhvcml0eSAtIEcyMB4XDTA3MTEwNTAwMDAwMFoXDTM4MDExODIz
-NTk1OVowgZgxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMu
-MTkwNwYDVQQLEzAoYykgMjAwNyBHZW9UcnVzdCBJbmMuIC0gRm9yIGF1dGhv
-cml6ZWQgdXNlIG9ubHkxNjA0BgNVBAMTLUdlb1RydXN0IFByaW1hcnkgQ2Vy
-dGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMjB2MBAGByqGSM49AgEGBSuBBAAi
-A2IABBWx6P0DFUPlrOuHNxFi79KDNlJ9RVcLSo17VDs6bl8VAsBQps8lL33K
-SLjHUGMcKiEIfJo22Av+0SbFWDEwKCXzXV2juLaltJLtbCyf691DiaI8S0iR
-HVDsJt/WYC69IaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC
-AQYwHQYDVR0OBBYEFBVfNVdRVfslsq0DafwBo/q+EVXVMAoGCCqGSM49BAMD
-A2cAMGQCMGSWWaboCd6LuvpaiIjwH5HTRqjySkwCY/tsXzjbLkGTqQ7mndwx
-HLKgpxgceeHHNgIwOlavmnRs9vuD4DPTCF+hnMJbn0bWtsuRBmOiBuczrD6o
-gRLQy7rQkgu2npaqBA+K
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/GeoTrust_Primary_Certification_Authority_-_G3.crt b/cert-validity/mozilla/builtin-certs/GeoTrust_Primary_Certification_Authority_-_G3.crt
deleted file mode 100644
index 6dcf7e81f134..000000000000
--- a/cert-validity/mozilla/builtin-certs/GeoTrust_Primary_Certification_Authority_-_G3.crt
+++ /dev/null
@@ -1,25 +0,0 @@
------BEGIN CERTIFICATE-----
-MIID/jCCAuagAwIBAgIQFaxulBmyeUtB9iepwxgPHzANBgkqhkiG9w0BAQsF
-ADCBmDELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xOTA3
-BgNVBAsTMChjKSAyMDA4IEdlb1RydXN0IEluYy4gLSBGb3IgYXV0aG9yaXpl
-ZCB1c2Ugb25seTE2MDQGA1UEAxMtR2VvVHJ1c3QgUHJpbWFyeSBDZXJ0aWZp
-Y2F0aW9uIEF1dGhvcml0eSAtIEczMB4XDTA4MDQwMjAwMDAwMFoXDTM3MTIw
-MTIzNTk1OVowgZgxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJ
-bmMuMTkwNwYDVQQLEzAoYykgMjAwOCBHZW9UcnVzdCBJbmMuIC0gRm9yIGF1
-dGhvcml6ZWQgdXNlIG9ubHkxNjA0BgNVBAMTLUdlb1RydXN0IFByaW1hcnkg
-Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMzCCASIwDQYJKoZIhvcNAQEB
-BQADggEPADCCAQoCggEBANziXmJYHTNXOTIz+uvLh4yn1ErdBojqZI4xmKU4
-kB6Yzy5jK/BGvESyiaHAKAxJcCGVn2TAppMSAmUmhsalifD614SgcK9PGpc/
-BkTVyetyEH3kMSj7HGHmKAdEc5IiaacDiGydY8hS2pgn5whMcD60yRLBxWeD
-XTPzAxHsatBT4tG6NmCUgLthY2xbF37fQJQeqw3CIShwiP/WJmxsYAQlTlV+
-fe+/lEjetx3dcI0FX4ilm/LC7urRQEFtYjgdVgbFA0dRIBn8exALDmKudlW/
-X3e+PkkBUz2YJQN2JFodtNuJ6nnltrM7P7pMKEF/BqxqjsHQ9gUdfeZChuOl
-1UcCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw
-HQYDVR0OBBYEFMR5yo6hTgMdHNxr2zFblD4/MH8tMA0GCSqGSIb3DQEBCwUA
-A4IBAQAtxRPPVoB7eni9n64smefv2t+UXglpp+duaIy9cr5HqQ6XErhK8WTT
-Od8lNNTBzU6B8A8ExCSzNJbGpqow32hhc9f5joWJ7w5elShKKiePEI4ufIbE
-Ap7aDHdlDkQNkv39sxY2+hENHYwOB4lqKVb3cvTdFZx3NWZXqxNT2I7BQMXX
-ExZacse3aQHEerGDAWh9jUGhlBjBJVz88P6DAod8DQ3PLghcSkANPuyBYeYk
-28rgDi0Hsj5W3I31QYUHSJsMC8tJP33st/3LjWeJGqvtux6jAAgIFyqCXDFd
-RootD4abdNlF+9RAsXqqaC2Gspki4cErx5z481+oghLrGREt
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/GeoTrust_Universal_CA.crt b/cert-validity/mozilla/builtin-certs/GeoTrust_Universal_CA.crt
deleted file mode 100644
index dd2680b98e1c..000000000000
--- a/cert-validity/mozilla/builtin-certs/GeoTrust_Universal_CA.crt
+++ /dev/null
@@ -1,33 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFaDCCA1CgAwIBAgIBATANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJV
-UzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEeMBwGA1UEAxMVR2VvVHJ1c3Qg
-VW5pdmVyc2FsIENBMB4XDTA0MDMwNDA1MDAwMFoXDTI5MDMwNDA1MDAwMFow
-RTELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xHjAcBgNV
-BAMTFUdlb1RydXN0IFVuaXZlcnNhbCBDQTCCAiIwDQYJKoZIhvcNAQEBBQAD
-ggIPADCCAgoCggIBAKYVVaCjxuAfjJ0hUNfBvitbtaSeodlyWL0AG0y/YckU
-HUWCq8YdgNY96xCcOq9tJPi8cQGeBvV8Xx7BDlXKg5pZMK4ZyzBIle0iN430
-SppyZj6tlcDgFgDgEB8rMQ7XlFTTQjOgNB0eRXbdT8oYN+yFFXoZCPzVx5zw
-8qkuEKmS5j1YPakWaDwvdSEYfyh3peFhF7em6fgemdtzbvQKoiFs7tqqhZJm
-r/Z6a4LauiIINQ/PQvE1+mrufislzDoR5G2vc7J2Ha3QsnhnGqQ5HFELZ1aD
-/ThdDc7d8Lsrlh/eezJS/R27tQahsiFepdaVaH/wmZ7cRQg+59IJDTWU3YBO
-U5fXtQlEIGQWFwMCTFMNaN7VqnJNk22CDtucvc+081xdVHppCZbW2xHBjXWo
-tM85yM48vCR85mLK4b19p71XZQvk/iXttmkQ3CgaRr0BHdCXteGYO8A3ZNY9
-lO4L4fUorgtWv3GLIylBjobFS1J72HGrH4oVpjuDWtdYAVHGTEHZf9hBZ3Ki
-KN9gg6meyHv8U3NyWfWTehd2Ds735VzZC1U0oqpbtWpU5xPKV+yXbfReBi9F
-i1jUIxaS5BZuKGNZMN9QAZxjiRqf2xeUgnA3wySemkfWWspOqGmJch+RbNt+
-nhutxx9z3SxPGWX9f5NAEC7S8O08ni4oPmkmM8V7AgMBAAGjYzBhMA8GA1Ud
-EwEB/wQFMAMBAf8wHQYDVR0OBBYEFNq7LqqwDLiIJlF0XG0D08DYj3rWMB8G
-A1UdIwQYMBaAFNq7LqqwDLiIJlF0XG0D08DYj3rWMA4GA1UdDwEB/wQEAwIB
-hjANBgkqhkiG9w0BAQUFAAOCAgEAMXjmx7XfuJRAyXHEqDXsRh3ChfMoWIaw
-C/yOsjmPRFWrZIRcaanQmjg8+uUfNeVE44B5lGiku8SfPeE0zTBGi1QrlaXv
-9z+ZhP015s8xxtxqv6fXIwjhmF7DWgh2qaavdy+3YL1ERmrvl/9zlcGO6JP7
-/TG37FcREUWbMPEaiDnBTzynANXH/KttgCJwpQzgXQQpAvvLoJHRfNbDflDV
-nVi+QTjruXU8FdmbyUqDWcDaU/0zuzYYm4UPFd3uLax2k7nZAY1IEKj79TiG
-8dsKxr2EoyNB3tZ3b4XUhRxQ4K5RirqNPnbiucon8l+f725ZDQbYKxek0nxr
-u18UGkiPGkzns0ccjkxFKyDuSN/n3QmOGKjaQI2SJhFTYXNd673nxE0pN2Hr
-rDktZy4W1vUAg4WhzH92xH3kt0tm7wNFYGm2DFKWkoRepqO1pD4r2czYG0eq
-8kTaT/kD6PAUyz/zg97QwVTjt+gKN02LIFkDMBmhLMi9ER/frslKxfMnZmaG
-rGiR/9nmUxwPi1xpZQomyB40w11Re9epnAahNt3ViZS82eQtDF4JbAiXfKM9
-fJP/P6EUp8+1Xevb2xzEdt+Iub1FBZUbrvxGakyvSOPOrg/SfuvmbJxPgWp6
-ZKy7PtXny3YuxadIwVyQD8vIP/rmMuGNG2+k5o7Y+SlIis5z/iw=
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/GeoTrust_Universal_CA_2.crt b/cert-validity/mozilla/builtin-certs/GeoTrust_Universal_CA_2.crt
deleted file mode 100644
index e06895456021..000000000000
--- a/cert-validity/mozilla/builtin-certs/GeoTrust_Universal_CA_2.crt
+++ /dev/null
@@ -1,33 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFbDCCA1SgAwIBAgIBATANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJV
-UzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEgMB4GA1UEAxMXR2VvVHJ1c3Qg
-VW5pdmVyc2FsIENBIDIwHhcNMDQwMzA0MDUwMDAwWhcNMjkwMzA0MDUwMDAw
-WjBHMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEgMB4G
-A1UEAxMXR2VvVHJ1c3QgVW5pdmVyc2FsIENBIDIwggIiMA0GCSqGSIb3DQEB
-AQUAA4ICDwAwggIKAoICAQCzVFLByT7y2dyxUxpZKeexw0Uo5dfR7cXFS6Gq
-dHtXr0om/Nj1XqduGdt0DE81WzILAePb63p3NeqqWuDW6KFXlPCQo3RWlEQw
-Ax5cTiuFJnSCegx2oG9NzkEtoBUGFF+3Qs17j1hhNNwqCPkuwwGmIkQcTAeC
-5lvO0Ep8BNMZcyfwqph/Lq9O64ceJHdqXbboW0W63MOhBW9Wjo8QJqVJwy7X
-QYci4E+GymC16qFjwAGXEHm9ADwSbSsVsaxLse4YuU6W3Nx2/zu+z18DwPw7
-6L5GG//aQMJS9/7jOvdqdzXQ2o3rXhhqMcceujwbKNZrVMaqW9eiLBsZzKIC
-9ptZvTdrhrVtgrrY6slWvKk2WP0+GfPtDCapkzj4T8FdIgbQl+rhrcZV4IEr
-KIM6+vR7IVEAvlI4zs1meaj0gVbi0IMJR1FbUGrP20gaXT73y/Zl92zxlfgC
-OzJWgjl6W70viRu/obTo/3+NjN8D8WBOWBFM66M/ECuDmgFz2ZRthAAnZqzw
-cEAJQpKtT5MNYQlRJNiS1QuUYbKHsu3/mjX/hVTK7URDrBs8FmtISgocQIgf
-ksILAAX/8sgCSqSqqcyZlpwvWOB94b67B9xfBHJcMTTD7F8t4D1kkCLm0ey4
-Lt1ZrtmhN79UNdxzMk+MBB4zsslG8dhcyFVQyWi9qLo2CQIDAQABo2MwYTAP
-BgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBR281Xh+qQ2+/CfXGJx7Tz0RzgQ
-KzAfBgNVHSMEGDAWgBR281Xh+qQ2+/CfXGJx7Tz0RzgQKzAOBgNVHQ8BAf8E
-BAMCAYYwDQYJKoZIhvcNAQEFBQADggIBAGbBxiPz2eAubl/oz66wsCVNK/g7
-WJtAJDday6sWSf+zdXkzoS9tcBc0kf5nfo/sm+VegqlVHy/c1FEHEv6sFj4s
-NcZj/NwQ6w2jqtB8zNHQL1EuxBRa3ugZ4T7GzKQp5y6EqgYweHZUcyiYWTjg
-AA1i00J9IZ+uPTqM1fp3DRgrFg5fNuH8KrUwJM/gYwx7WBr+mbpCErGR9Hxo
-4sjoryzqyX6uuyo9DRXcNJW2GHSoag/HtPQTxORb7QrSpJdMKu0vbBKJPfEn
-cKpqA1Ihn0CoZ1Dy81of398j9tx4TuaYT1U6U+Pv8vSfx3zYWK8pIpe44L2R
-LrB27FcRz+8pRPPphXpgY+RdM4kX2TGq2tbzGDVyz4crL2MjhF2EjD9XoIj8
-mZEoJmmZ1I+XRL6O1UixpCgp8RW04eWe3fiPpm8m1wk8OhwRDqZsN/etRIcs
-KMfYdIKz0G9KV7s1KSegi+ghp4dkNl3M2Basx7InQJJVOCiNUW7dFGdTbHFc
-JoRNdVq2fmBWqU2t+5sel/MN2dKXVHfaPRK34B7vCAas+YWH6aLcr34YEoP9
-VhdBLtUpgn2Z9DH2canPLAEnpQW5qrJITirvn5NSUZU8UnOOVkwXQMAJKOSL
-akhT2+zNVVXxxvjpoixMptEmX36vWkzaH6byHCx+rgIW0lbQL1dTR+iS
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/GlobalSign_Root_CA.crt b/cert-validity/mozilla/builtin-certs/GlobalSign_Root_CA.crt
deleted file mode 100644
index f6b004506a82..000000000000
--- a/cert-validity/mozilla/builtin-certs/GlobalSign_Root_CA.crt
+++ /dev/null
@@ -1,22 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzEL
-MAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNV
-BAsTB1Jvb3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05
-ODA5MDExMjAwMDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkw
-FwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRsw
-GQYDVQQDExJHbG9iYWxTaWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUA
-A4IBDwAwggEKAoIBAQDaDuaZjc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR
-4mdmzxzdzxtIK+6NiY6arymAZavpxy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc
-71DuxC73/OlS8pF94G3VNTCOXkNz8kHp1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4
-bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdGsnUOhugZitVtbNV4FpWi6cgK
-OOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJU26Qzns3dLlwR5EiUWMW
-ea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N89iFo7+ryUp9/k5DP
-AgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0G
-A1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0BAQUFAAOC
-AQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOzyj1h
-TdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE
-38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm
-7ymPAbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr
-+WymXUadDKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveC
-X4XSQRjbgbMEHMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A==
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/GlobalSign_Root_CA_-_R2.crt b/cert-validity/mozilla/builtin-certs/GlobalSign_Root_CA_-_R2.crt
deleted file mode 100644
index 0b61610d74d7..000000000000
--- a/cert-validity/mozilla/builtin-certs/GlobalSign_Root_CA_-_R2.crt
+++ /dev/null
@@ -1,24 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDujCCAqKgAwIBAgILBAAAAAABD4Ym5g0wDQYJKoZIhvcNAQEFBQAwTDEg
-MB4GA1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkds
-b2JhbFNpZ24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDYxMjE1MDgwMDAw
-WhcNMjExMjE1MDgwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3Qg
-Q0EgLSBSMjETMBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFs
-U2lnbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKbPJA6+Lm8o
-mUVCxKs+IVSbC9N/hHD6ErPLv4dfxn+G07IwXNb9rfF73OX4YJYJkhD10FPe
-+3t+c4isUoh7SqbKSaZeqKeMWhG8eoLrvozps6yWJQeXSpkqBy+0Hne/ig+1
-AnwblrjFuTosvNYSuetZfeLQBoZfXklqtTleiDTsvHgMCJiEbKjNS7SgfQx5
-TfC4LcshytVsW33hoCmEofnTlEnLJGKRILzdC9XZzPnqJworc5HGnRusyMvo
-4KD0L5CLTfuwNhv2GXqF4G3yYROIXJ/gkwpRl4pazq+r1feqCapgvdzZX99y
-qWATXgAByUr6P6TqBwMhAo6CygPCm48CAwEAAaOBnDCBmTAOBgNVHQ8BAf8E
-BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUm+IHV2ccHsBqBt5Z
-tJot39wZhi4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5nbG9iYWxz
-aWduLm5ldC9yb290LXIyLmNybDAfBgNVHSMEGDAWgBSb4gdXZxwewGoG3lm0
-mi3f3BmGLjANBgkqhkiG9w0BAQUFAAOCAQEAmYFThxxol4aR7OBKuEQLq4Gs
-J0/WwbgcQ3izDJr86iw8bmEbTUsp9Z8FHSbBuOmDAGJFtqkIk7mpM0sYmsL4
-h4hO291xNBrBVNpGP+DTKqttVCL1OmLNIG+6KYnX3ZHu01yiPqFbQfXf5WRD
-LenVOavSot+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG7
-9G+dwfCMNYxdAfvDbbnvRG15RjF+Cv6pgsH/76tuIMRQyV+dTZsXjAzlAcmg
-QWpzU/qlULRuJQ/7TBj0/VLZjmmx6BEP3ojY+x1J96relc8geMJgEtslQIxq
-/H5COEBkEveegeGTLg==
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/GlobalSign_Root_CA_-_R3.crt b/cert-validity/mozilla/builtin-certs/GlobalSign_Root_CA_-_R3.crt
deleted file mode 100644
index f368452bd06f..000000000000
--- a/cert-validity/mozilla/builtin-certs/GlobalSign_Root_CA_-_R3.crt
+++ /dev/null
@@ -1,22 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDXzCCAkegAwIBAgILBAAAAAABIVhTCKIwDQYJKoZIhvcNAQELBQAwTDEg
-MB4GA1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkds
-b2JhbFNpZ24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDkwMzE4MTAwMDAw
-WhcNMjkwMzE4MTAwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3Qg
-Q0EgLSBSMzETMBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFs
-U2lnbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMwldpB5Bngi
-FvXAg7aEyiie/QV2EcWtiHL8RgJDx7KKnQRfJMsuS+FggkbhUqsMgUdwbN1k
-0ev1LKMPgj0MK66X17YUhhB5uzsTgHeMCOFJ0mpiLx9e+pZo34knlTifBtc+
-ycsmWQ1z3rDI6SYOgxXG71uL0gRgykmmKPZpO/bLyCiR5Z2KYVc3rHQU3HTg
-Ou5yLy6c+9C7v/U9AOEGM+iCK65TpjoWc4zdQQ4gOsC0p6Hpsk+QLjJg6VfL
-uQSSaGjlOCZgdbKfd/+RFO+uIEn8rUAVSNECMWEZXriX7613t2Saer9fwRPv
-m2L7DWzgVGkWqQPabumDk3F2xmmFghcCAwEAAaNCMEAwDgYDVR0PAQH/BAQD
-AgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFI/wS3+oLkUkrk1Q+mOa
-i97i3Ru8MA0GCSqGSIb3DQEBCwUAA4IBAQBLQNvAUKr+yAzv95ZURUm7lgAJ
-QayzE4aGKAczymvmdLm6AC2upArT9fHxD4q/c2dKg8dEe3jgr25sbwMpjjM5
-RcOO5LlXbKr8EpbsU8Yt5CRsuZRj+9xTaGdWPoO4zzUhw8lo/s7awlOqzJCK
-6fBdRoyV3XpYKBovHd7NADdBj+1EbddTKJd+82cEHhXXipa0095MJ6RMG3Nz
-dvQXmcIfeg7jLQitChws/zyrVQ4PkX4268NXSb7hLi18YIvDQVETI53O9zJr
-lAGomecsMx86OyXShkDOOyyGeMlhLxS67ttVb9+E7gUJTb0o2HLO02JQZR7r
-kpeDMdmztcpHWD9f
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/Global_Chambersign_Root_-_2008.crt b/cert-validity/mozilla/builtin-certs/Global_Chambersign_Root_-_2008.crt
deleted file mode 100644
index 02570d37a9eb..000000000000
--- a/cert-validity/mozilla/builtin-certs/Global_Chambersign_Root_-_2008.crt
+++ /dev/null
@@ -1,44 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIHSTCCBTGgAwIBAgIJAMnN0+nVfSPOMA0GCSqGSIb3DQEBBQUAMIGsMQsw
-CQYDVQQGEwJFVTFDMEEGA1UEBxM6TWFkcmlkIChzZWUgY3VycmVudCBhZGRy
-ZXNzIGF0IHd3dy5jYW1lcmZpcm1hLmNvbS9hZGRyZXNzKTESMBAGA1UEBRMJ
-QTgyNzQzMjg3MRswGQYDVQQKExJBQyBDYW1lcmZpcm1hIFMuQS4xJzAlBgNV
-BAMTHkdsb2JhbCBDaGFtYmVyc2lnbiBSb290IC0gMjAwODAeFw0wODA4MDEx
-MjMxNDBaFw0zODA3MzExMjMxNDBaMIGsMQswCQYDVQQGEwJFVTFDMEEGA1UE
-BxM6TWFkcmlkIChzZWUgY3VycmVudCBhZGRyZXNzIGF0IHd3dy5jYW1lcmZp
-cm1hLmNvbS9hZGRyZXNzKTESMBAGA1UEBRMJQTgyNzQzMjg3MRswGQYDVQQK
-ExJBQyBDYW1lcmZpcm1hIFMuQS4xJzAlBgNVBAMTHkdsb2JhbCBDaGFtYmVy
-c2lnbiBSb290IC0gMjAwODCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
-ggIBAMDfVtPkOpt2RbQT2//BthmLN0EYlVJH6xedKYiONWwGMi5HYvNJBL99
-RDaxccy9Wglz1dmFRP+RVyXfXjaOcNFccUMd2drvXNL7G706tcuto8xEpw2u
-IRU/uXpbknXYpBI4iRmKt4DS4jJvVpyR1ogQC7N0ZJJ0YPP2zxhPYLIj0Mc7
-zmFLmY/CDNBAspjcDahOo7kKrmCgrUVSY7pmvWjg+b4aqIG7HkF4ddPB/gBV
-sIdU6CeQNR1MM62X/JcumIS/LMmjv9GYERTtY/jKmIhYF5ntRQOXfjyGHoiM
-vvKRhI9lNNgATH23MRdaKXoKGCQwoze1eqkBfSbW+Q6OWfH9GzO1KTsXO0G2
-Id3UwD2ln58fQ1DJu7xsepeY7s2MH/ucUa6LcL0nn3HAa6x9kGbo1106DbDV
-wo3VyJ2dwW3Q0L9R5OP4wzg2rtandeavhENdk5IMagfeOx2YItaswTXbo6Al
-/3K1dh3ebeksZixShNBFks4c5eUzHdwHU1SjqoI7mjcv3N2gZOnm3b2u/GSF
-HTynyQbehP9r6GsaPMWis0L7iwk+XwhSx2LE1AVxv8Rk5Pihg+g+EpuoHtQ2
-TS9x9o0o9oOpE9JhwZG7SMA0j0GMS0zbaRL/UJScIINZc+18ofLx/d33SdND
-WKBWY8o9PeU1VlnpDsogzCtLkykPAgMBAAGjggFqMIIBZjASBgNVHRMBAf8E
-CDAGAQH/AgEMMB0GA1UdDgQWBBS5CcqcHtvTbDprru1U8VuTBjUuXjCB4QYD
-VR0jBIHZMIHWgBS5CcqcHtvTbDprru1U8VuTBjUuXqGBsqSBrzCBrDELMAkG
-A1UEBhMCRVUxQzBBBgNVBAcTOk1hZHJpZCAoc2VlIGN1cnJlbnQgYWRkcmVz
-cyBhdCB3d3cuY2FtZXJmaXJtYS5jb20vYWRkcmVzcykxEjAQBgNVBAUTCUE4
-Mjc0MzI4NzEbMBkGA1UEChMSQUMgQ2FtZXJmaXJtYSBTLkEuMScwJQYDVQQD
-Ex5HbG9iYWwgQ2hhbWJlcnNpZ24gUm9vdCAtIDIwMDiCCQDJzdPp1X0jzjAO
-BgNVHQ8BAf8EBAMCAQYwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUH
-AgEWHGh0dHA6Ly9wb2xpY3kuY2FtZXJmaXJtYS5jb20wDQYJKoZIhvcNAQEF
-BQADggIBAICIf3DekijZBZRG/5BXqfEv3xoNa/p8DhxJJHkn2EaqbylZUohw
-EurdPfWbU1Rv4WCiqAm57OtZfMY18dwY6fFn5a+6ReAJ3spED8IXDneRRXoz
-X1+WLGiLwUePmJs9wOzL9dWCkoQ10b42OFZyMVtHLaoXpGNR6woBrX/sdZ7L
-oR/xfxKxueRkf2fWIyr0uDldmOghp+G9PUIadJpwr2hsUF1Jz//7Dl3mLEfX
-gTpZALVza2Mg9jFFCDkO9HB+QHBaP9BrQql0PSgvAm11cpUJjUhjxsYjV5KT
-XjXBjfkK9yydYhz2rXzdpjEetrHHfoUm+qRqtdpjMNHvkzeyZi99Bffnt0uY
-lDXA2TopwZ2yUDMdSqlapskD7+3056huirRXhOukP9DuqqqHW2Pok+JrqNS4
-cnhrG+055F3Lm6qH1U9OAP7Zap88MQ8oAgF9mOinsKJknnn4SPIVqczmyETr
-P3iZ8ntxPjzxmKfFGBI/5rsoM0LpRQp8bfKGeS/Fghl9CYl8slR2iK7ewfPM
-4W7bMdaTrpmg7yVqc5iJWzouE4gev8CSlDQb4ye3ix5vQv/n6TebUB0tovkC
-7stYWDpxvGjjqsGvHCgfotwjZT+B6q6Z09gwzxMNTxXJhLynSC34MCN32EZL
-eW32jO06f2ARePTpm67VVMB0gNELQp/B
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/Go_Daddy_Class_2_CA.crt b/cert-validity/mozilla/builtin-certs/Go_Daddy_Class_2_CA.crt
deleted file mode 100644
index 0569e5beda32..000000000000
--- a/cert-validity/mozilla/builtin-certs/Go_Daddy_Class_2_CA.crt
+++ /dev/null
@@ -1,25 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEADCCAuigAwIBAgIBADANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJV
-UzEhMB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQL
-EyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4X
-DTA0MDYyOTE3MDYyMFoXDTM0MDYyOTE3MDYyMFowYzELMAkGA1UEBhMCVVMx
-ITAfBgNVBAoTGFRoZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMo
-R28gRGFkZHkgQ2xhc3MgMiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASAw
-DQYJKoZIhvcNAQEBBQADggENADCCAQgCggEBAN6d1+pXGEmhW+vXX0iG6r7d
-/+TvZxz0ZWizV3GgXne77ZtJ6XCAPVYYYwhv2vLM0D9/AlQiVBDYsoHUwHU9
-S3/Hd8M+eKsaA7Ugay9qK7HFiH7Eux6wwdhFJ2+qN1j3hybX2C32qRe3H3I2
-TqYXP2WYktsqbl2i/ojgC95/5Y0V4evLOtXiEqITLdiOr18SPaAIBQi2XKVl
-OARFmR6jYGB0xUGlcmIbYsUfb18aQr4CUWWoriMYavx4A6lNf4DD+qta/KFA
-pMoZFv6yyO9ecw3ud72a9nmYvLEHZ6IVDd2gWMZEewo+YihfukEHU1jPEX44
-dMX4/7VpkI+EdOqXG68CAQOjgcAwgb0wHQYDVR0OBBYEFNLEsNKR1EwRcbNh
-yz2h/t2oatTjMIGNBgNVHSMEgYUwgYKAFNLEsNKR1EwRcbNhyz2h/t2oatTj
-oWekZTBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5IEdy
-b3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmlj
-YXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEF
-BQADggEBADJL87LKPpH8EsahB4yOd6AzBhRckB4Y9wimPQoZ+YeAEW5p5JYX
-MP80kWNyOO7MHAGjHZQopDH2esRU1/blMVgDoszOYtuURXO1v0XJJLXVggKt
-I3lpjbi2Tc7PTMozI+gciKqdi0FuFskg5YmezTvacPd+mSYgFFQlq25zheab
-IZ0KbIIOqPjCDPoQHmyW74cNxA9hi63ugyuV+I6ShHI56yDqg+2DzZduCLzr
-Tia2cyvk0/ZM/iZx4mERdEr/VxqHD3VILs9RaRegAhJhldXRQLIQTO7ErBBD
-pqWeCtWVYpoNz4iCxTIM5CufReYNnyicsbkqWletNw+vHX/bvZ8=
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/Hongkong_Post_Root_CA_1.crt b/cert-validity/mozilla/builtin-certs/Hongkong_Post_Root_CA_1.crt
deleted file mode 100644
index 3903fbbf2ac0..000000000000
--- a/cert-validity/mozilla/builtin-certs/Hongkong_Post_Root_CA_1.crt
+++ /dev/null
@@ -1,21 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDMDCCAhigAwIBAgICA+gwDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UEBhMC
-SEsxFjAUBgNVBAoTDUhvbmdrb25nIFBvc3QxIDAeBgNVBAMTF0hvbmdrb25n
-IFBvc3QgUm9vdCBDQSAxMB4XDTAzMDUxNTA1MTMxNFoXDTIzMDUxNTA0NTIy
-OVowRzELMAkGA1UEBhMCSEsxFjAUBgNVBAoTDUhvbmdrb25nIFBvc3QxIDAe
-BgNVBAMTF0hvbmdrb25nIFBvc3QgUm9vdCBDQSAxMIIBIjANBgkqhkiG9w0B
-AQEFAAOCAQ8AMIIBCgKCAQEArP84tulmAknjorThkPlAj3n54r15/gK97iSS
-HSL22oVyaf7XPwnU3ZG1ApzQjVrhVcNQhrkpJsLj2aDxaQMoIIBFIi1WpztU
-lVYiWR8o3x8gPW2iNr4joLFutbEnPzlTCeqrauh0ssJlXI6/fMN4hM2eFvz1
-Lk8gKgifd/PFHsSaUmYeSF7jEAaPIpjhZY4bXSNmO7ilMlHIhqqhqZ5/dpTC
-pmy3QfDVyAY45tQM4vM7TG1QjMSDJ8EThFk9nnV0ttgCXjqQesBCNnLsak3c
-78QA3xMYV18meMjWCnl3v/evt3a5pQuEF10Q6m/hq5URX208o1xNg1vysxmK
-gIsLhwIDAQABoyYwJDASBgNVHRMBAf8ECDAGAQH/AgEDMA4GA1UdDwEB/wQE
-AwIBxjANBgkqhkiG9w0BAQUFAAOCAQEADkbVPK7ih9legYsCmEEIjEy82tvu
-JxuC52pF7BaLT4Wg87JwvVqWuspube5Gi27nKi6Wsxkz67SfqLI37piol7Yu
-tmcn1KZJ/RyTZXaeQi/cImyaT/JaFTmxcdcrUehtHJjA2Sr0oYJ71clBoiMB
-dDhViw+5LmeiIAQ32pwL0xch4I+XeTRvhEgCIDMb5jREn5Fw9IBehEPCKdJs
-EhTkYY2sEJCehFC78JZvRZ+K88psT/oROhUVRsPNH4NbLUES7VBnQRM9IauU
-iqpOfMGx+6fWtScvl6tu4B3i0RwsH0Ti/L6RoZz71ilTc4afU9hDDl3WY4Jx
-HYB0yvbiAmvZWg==
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/IGC_A.crt b/cert-validity/mozilla/builtin-certs/IGC_A.crt
deleted file mode 100644
index 3b804a8c5200..000000000000
--- a/cert-validity/mozilla/builtin-certs/IGC_A.crt
+++ /dev/null
@@ -1,25 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEAjCCAuqgAwIBAgIFORFFEJQwDQYJKoZIhvcNAQEFBQAwgYUxCzAJBgNV
-BAYTAkZSMQ8wDQYDVQQIEwZGcmFuY2UxDjAMBgNVBAcTBVBhcmlzMRAwDgYD
-VQQKEwdQTS9TR0ROMQ4wDAYDVQQLEwVEQ1NTSTEOMAwGA1UEAxMFSUdDL0Ex
-IzAhBgkqhkiG9w0BCQEWFGlnY2FAc2dkbi5wbS5nb3V2LmZyMB4XDTAyMTIx
-MzE0MjkyM1oXDTIwMTAxNzE0MjkyMlowgYUxCzAJBgNVBAYTAkZSMQ8wDQYD
-VQQIEwZGcmFuY2UxDjAMBgNVBAcTBVBhcmlzMRAwDgYDVQQKEwdQTS9TR0RO
-MQ4wDAYDVQQLEwVEQ1NTSTEOMAwGA1UEAxMFSUdDL0ExIzAhBgkqhkiG9w0B
-CQEWFGlnY2FAc2dkbi5wbS5nb3V2LmZyMIIBIjANBgkqhkiG9w0BAQEFAAOC
-AQ8AMIIBCgKCAQEAsh/R0GLFMzvABIaIs9z4iPf930Pfeo2aSVz2TqrMHLmh
-6yeJ8kbpO0px1R2OLc/mratjUMdUC24SyZA2xtgv2pGqaMVy/hcKshd+ebUy
-iHDKcMCWSo7kVc0dJ5S/znIq7Fz5cyD+vfcuiWe4u0dzEvfRNWk68gq5rv9G
-Qkaiv6GFGvm/5P9JhfejcIYyHF2fYPepraX/z9E0+X1bF8bc1g4oa8Ld8fUz
-aJ1O/Id8NhLWo4DoQw1VYZTqZDdH6nfK0LJYBcNdfrGoRpAxVs5wKpayMLh3
-5nnAvSk7/ZR3TL0gzUEl4C7HG7vupARB0l2tEmqKm0f7yd1GQOGdPDPQtQID
-AQABo3cwdTAPBgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBRjAVBgNVHSAE
-DjAMMAoGCCqBegF5AQEBMB0GA1UdDgQWBBSjBS8YYFDCiQrdKyFP/45OqDAx
-NjAfBgNVHSMEGDAWgBSjBS8YYFDCiQrdKyFP/45OqDAxNjANBgkqhkiG9w0B
-AQUFAAOCAQEABdwm2Pp3FURo/C9mOnTgXeQp/wYHE4RKq89toB9RlPhJy3Q2
-FLwV3duJL92PoF189RLrn544pEfMs5bZvpwlqwN+Mw+VgQ39FuCIvjfwbF3Q
-MZsyK10XZZOYYLxuj7GoPB7ZHPOpJkL5ZB3C55L29B5aqhlSXa/oovdgoPaN
-8In1buAKBQGVyYsgCrpa/JosPL3Dt8ldeCUFP1YUmwza+zpI/pdpXsoQhvdO
-lgQITeywvl3cO45Pwf2aNjSaTFR+FwNIlQgRHAdvhQh+XU3Endv7rs6y0bO4
-g2wdsrN58dhwmX7wEwLOXt1R0982gaEbeC9xs/FZTEYYKKuF0mBWWg==
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/IPS_CLASE1_root.crt b/cert-validity/mozilla/builtin-certs/IPS_CLASE1_root.crt
deleted file mode 100644
index 64551b1e3e41..000000000000
--- a/cert-validity/mozilla/builtin-certs/IPS_CLASE1_root.crt
+++ /dev/null
@@ -1,48 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIH6jCCB1OgAwIBAgIBADANBgkqhkiG9w0BAQUFADCCARIxCzAJBgNVBAYT
-AkVTMRIwEAYDVQQIEwlCYXJjZWxvbmExEjAQBgNVBAcTCUJhcmNlbG9uYTEu
-MCwGA1UEChMlSVBTIEludGVybmV0IHB1Ymxpc2hpbmcgU2VydmljZXMgcy5s
-LjErMCkGA1UEChQiaXBzQG1haWwuaXBzLmVzIEMuSS5GLiAgQi02MDkyOTQ1
-MjEuMCwGA1UECxMlSVBTIENBIENMQVNFMSBDZXJ0aWZpY2F0aW9uIEF1dGhv
-cml0eTEuMCwGA1UEAxMlSVBTIENBIENMQVNFMSBDZXJ0aWZpY2F0aW9uIEF1
-dGhvcml0eTEeMBwGCSqGSIb3DQEJARYPaXBzQG1haWwuaXBzLmVzMB4XDTAx
-MTIyOTAwNTkzOFoXDTI1MTIyNzAwNTkzOFowggESMQswCQYDVQQGEwJFUzES
-MBAGA1UECBMJQmFyY2Vsb25hMRIwEAYDVQQHEwlCYXJjZWxvbmExLjAsBgNV
-BAoTJUlQUyBJbnRlcm5ldCBwdWJsaXNoaW5nIFNlcnZpY2VzIHMubC4xKzAp
-BgNVBAoUImlwc0BtYWlsLmlwcy5lcyBDLkkuRi4gIEItNjA5Mjk0NTIxLjAs
-BgNVBAsTJUlQUyBDQSBDTEFTRTEgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkx
-LjAsBgNVBAMTJUlQUyBDQSBDTEFTRTEgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
-dHkxHjAcBgkqhkiG9w0BCQEWD2lwc0BtYWlsLmlwcy5lczCBnzANBgkqhkiG
-9w0BAQEFAAOBjQAwgYkCgYEA4FEnpwvdr9G5Q1uCN0VWcu+atsIS7ywSzHb5
-BlmvXSHU0lq4oNTzav3KaY1mSPd05u42veiWkXWmcSjK5yISMmmwPh5r9FBS
-YmL9Yzt9fuzuOOpi9GyocY3h6YvJP8a1zZRCb92CRTzo3wno7wpVqVZHYUxJ
-ZHMQKD/Kvwn/xi8CAwEAAaOCBEowggRGMB0GA1UdDgQWBBTrsxl588GlHKzc
-uh9morKbadB4CDCCAUQGA1UdIwSCATswggE3gBTrsxl588GlHKzcuh9morKb
-adB4CKGCARqkggEWMIIBEjELMAkGA1UEBhMCRVMxEjAQBgNVBAgTCUJhcmNl
-bG9uYTESMBAGA1UEBxMJQmFyY2Vsb25hMS4wLAYDVQQKEyVJUFMgSW50ZXJu
-ZXQgcHVibGlzaGluZyBTZXJ2aWNlcyBzLmwuMSswKQYDVQQKFCJpcHNAbWFp
-bC5pcHMuZXMgQy5JLkYuICBCLTYwOTI5NDUyMS4wLAYDVQQLEyVJUFMgQ0Eg
-Q0xBU0UxIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MS4wLAYDVQQDEyVJUFMg
-Q0EgQ0xBU0UxIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MR4wHAYJKoZIhvcN
-AQkBFg9pcHNAbWFpbC5pcHMuZXOCAQAwDAYDVR0TBAUwAwEB/zAMBgNVHQ8E
-BQMDB/+AMGsGA1UdJQRkMGIGCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUH
-AwMGCCsGAQUFBwMEBggrBgEFBQcDCAYKKwYBBAGCNwIBFQYKKwYBBAGCNwIB
-FgYKKwYBBAGCNwoDAQYKKwYBBAGCNwoDBDARBglghkgBhvhCAQEEBAMCAAcw
-GgYDVR0RBBMwEYEPaXBzQG1haWwuaXBzLmVzMBoGA1UdEgQTMBGBD2lwc0Bt
-YWlsLmlwcy5lczBBBglghkgBhvhCAQ0ENBYyQ0xBU0UxIENBIENlcnRpZmlj
-YXRlIGlzc3VlZCBieSBodHRwOi8vd3d3Lmlwcy5lcy8wKQYJYIZIAYb4QgEC
-BBwWGmh0dHA6Ly93d3cuaXBzLmVzL2lwczIwMDIvMDoGCWCGSAGG+EIBBAQt
-FitodHRwOi8vd3d3Lmlwcy5lcy9pcHMyMDAyL2lwczIwMDJDTEFTRTEuY3Js
-MD8GCWCGSAGG+EIBAwQyFjBodHRwOi8vd3d3Lmlwcy5lcy9pcHMyMDAyL3Jl
-dm9jYXRpb25DTEFTRTEuaHRtbD8wPAYJYIZIAYb4QgEHBC8WLWh0dHA6Ly93
-d3cuaXBzLmVzL2lwczIwMDIvcmVuZXdhbENMQVNFMS5odG1sPzA6BglghkgB
-hvhCAQgELRYraHR0cDovL3d3dy5pcHMuZXMvaXBzMjAwMi9wb2xpY3lDTEFT
-RTEuaHRtbDBzBgNVHR8EbDBqMDGgL6AthitodHRwOi8vd3d3Lmlwcy5lcy9p
-cHMyMDAyL2lwczIwMDJDTEFTRTEuY3JsMDWgM6Axhi9odHRwOi8vd3d3YmFj
-ay5pcHMuZXMvaXBzMjAwMi9pcHMyMDAyQ0xBU0UxLmNybDAvBggrBgEFBQcB
-AQQjMCEwHwYIKwYBBQUHMAGGE2h0dHA6Ly9vY3NwLmlwcy5lcy8wDQYJKoZI
-hvcNAQEFBQADgYEAK9Dr/drIyllq2tPMMi7JVBuKYn4VLenZMdMu9Ccj/1ur
-xUq2ckCuU3T0vAW0xtnIyXf7t/k0f3gA+Nak5FI/LEpjV4F1Wo7ojPsCwJTG
-Kbqz3Bzosq/SLmJbGqmODszFV0VRFOlOHIilkfSj945RyKm+hjM+5i9Ibq9U
-kE6tsSU=
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/IPS_CLASE3_root.crt b/cert-validity/mozilla/builtin-certs/IPS_CLASE3_root.crt
deleted file mode 100644
index eab0f9f23c00..000000000000
--- a/cert-validity/mozilla/builtin-certs/IPS_CLASE3_root.crt
+++ /dev/null
@@ -1,48 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIH6jCCB1OgAwIBAgIBADANBgkqhkiG9w0BAQUFADCCARIxCzAJBgNVBAYT
-AkVTMRIwEAYDVQQIEwlCYXJjZWxvbmExEjAQBgNVBAcTCUJhcmNlbG9uYTEu
-MCwGA1UEChMlSVBTIEludGVybmV0IHB1Ymxpc2hpbmcgU2VydmljZXMgcy5s
-LjErMCkGA1UEChQiaXBzQG1haWwuaXBzLmVzIEMuSS5GLiAgQi02MDkyOTQ1
-MjEuMCwGA1UECxMlSVBTIENBIENMQVNFMyBDZXJ0aWZpY2F0aW9uIEF1dGhv
-cml0eTEuMCwGA1UEAxMlSVBTIENBIENMQVNFMyBDZXJ0aWZpY2F0aW9uIEF1
-dGhvcml0eTEeMBwGCSqGSIb3DQEJARYPaXBzQG1haWwuaXBzLmVzMB4XDTAx
-MTIyOTAxMDE0NFoXDTI1MTIyNzAxMDE0NFowggESMQswCQYDVQQGEwJFUzES
-MBAGA1UECBMJQmFyY2Vsb25hMRIwEAYDVQQHEwlCYXJjZWxvbmExLjAsBgNV
-BAoTJUlQUyBJbnRlcm5ldCBwdWJsaXNoaW5nIFNlcnZpY2VzIHMubC4xKzAp
-BgNVBAoUImlwc0BtYWlsLmlwcy5lcyBDLkkuRi4gIEItNjA5Mjk0NTIxLjAs
-BgNVBAsTJUlQUyBDQSBDTEFTRTMgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkx
-LjAsBgNVBAMTJUlQUyBDQSBDTEFTRTMgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
-dHkxHjAcBgkqhkiG9w0BCQEWD2lwc0BtYWlsLmlwcy5lczCBnzANBgkqhkiG
-9w0BAQEFAAOBjQAwgYkCgYEAqxf+DrDGaBtT8FK+n/ra+osTBLsBjzLZH49N
-zjaY2uQARIwo2BNEKqRrThckQpzTiKRBgtYj+4vJhuW5qYIF3PHeH+AMmVWY
-8jjsbJ0gA8DvqqPGZARRLXgNo9KoOtYkTOmWehisEyMiG3zoMRGzXwmqMHBx
-RiVrSXGAK5UBsh8CAwEAAaOCBEowggRGMB0GA1UdDgQWBBS4k/8uy9wsjqLn
-ev42USGjmFsMNDCCAUQGA1UdIwSCATswggE3gBS4k/8uy9wsjqLnev42USGj
-mFsMNKGCARqkggEWMIIBEjELMAkGA1UEBhMCRVMxEjAQBgNVBAgTCUJhcmNl
-bG9uYTESMBAGA1UEBxMJQmFyY2Vsb25hMS4wLAYDVQQKEyVJUFMgSW50ZXJu
-ZXQgcHVibGlzaGluZyBTZXJ2aWNlcyBzLmwuMSswKQYDVQQKFCJpcHNAbWFp
-bC5pcHMuZXMgQy5JLkYuICBCLTYwOTI5NDUyMS4wLAYDVQQLEyVJUFMgQ0Eg
-Q0xBU0UzIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MS4wLAYDVQQDEyVJUFMg
-Q0EgQ0xBU0UzIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MR4wHAYJKoZIhvcN
-AQkBFg9pcHNAbWFpbC5pcHMuZXOCAQAwDAYDVR0TBAUwAwEB/zAMBgNVHQ8E
-BQMDB/+AMGsGA1UdJQRkMGIGCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUH
-AwMGCCsGAQUFBwMEBggrBgEFBQcDCAYKKwYBBAGCNwIBFQYKKwYBBAGCNwIB
-FgYKKwYBBAGCNwoDAQYKKwYBBAGCNwoDBDARBglghkgBhvhCAQEEBAMCAAcw
-GgYDVR0RBBMwEYEPaXBzQG1haWwuaXBzLmVzMBoGA1UdEgQTMBGBD2lwc0Bt
-YWlsLmlwcy5lczBBBglghkgBhvhCAQ0ENBYyQ0xBU0UzIENBIENlcnRpZmlj
-YXRlIGlzc3VlZCBieSBodHRwOi8vd3d3Lmlwcy5lcy8wKQYJYIZIAYb4QgEC
-BBwWGmh0dHA6Ly93d3cuaXBzLmVzL2lwczIwMDIvMDoGCWCGSAGG+EIBBAQt
-FitodHRwOi8vd3d3Lmlwcy5lcy9pcHMyMDAyL2lwczIwMDJDTEFTRTMuY3Js
-MD8GCWCGSAGG+EIBAwQyFjBodHRwOi8vd3d3Lmlwcy5lcy9pcHMyMDAyL3Jl
-dm9jYXRpb25DTEFTRTMuaHRtbD8wPAYJYIZIAYb4QgEHBC8WLWh0dHA6Ly93
-d3cuaXBzLmVzL2lwczIwMDIvcmVuZXdhbENMQVNFMy5odG1sPzA6BglghkgB
-hvhCAQgELRYraHR0cDovL3d3dy5pcHMuZXMvaXBzMjAwMi9wb2xpY3lDTEFT
-RTMuaHRtbDBzBgNVHR8EbDBqMDGgL6AthitodHRwOi8vd3d3Lmlwcy5lcy9p
-cHMyMDAyL2lwczIwMDJDTEFTRTMuY3JsMDWgM6Axhi9odHRwOi8vd3d3YmFj
-ay5pcHMuZXMvaXBzMjAwMi9pcHMyMDAyQ0xBU0UzLmNybDAvBggrBgEFBQcB
-AQQjMCEwHwYIKwYBBQUHMAGGE2h0dHA6Ly9vY3NwLmlwcy5lcy8wDQYJKoZI
-hvcNAQEFBQADgYEAF2VcmZVDAyevJuXr0LMXI/dDqsfwfewPxqmurpYPdikc
-4gYtfibFPPqhwYHOU7BC0ZdXGhd+pFFhxu7pXu8Fuuu9D6eSb9ijBmgpjnn1
-/7/5p6/ksc7C0YBCJwUENPjDfxZ4IwwHJPJGR607VNCv1TGyr33I6unUVtkO
-E7LFRVA=
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/IPS_CLASEA1_root.crt b/cert-validity/mozilla/builtin-certs/IPS_CLASEA1_root.crt
deleted file mode 100644
index 951c7f62c5e8..000000000000
--- a/cert-validity/mozilla/builtin-certs/IPS_CLASEA1_root.crt
+++ /dev/null
@@ -1,48 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIH9zCCB2CgAwIBAgIBADANBgkqhkiG9w0BAQUFADCCARQxCzAJBgNVBAYT
-AkVTMRIwEAYDVQQIEwlCYXJjZWxvbmExEjAQBgNVBAcTCUJhcmNlbG9uYTEu
-MCwGA1UEChMlSVBTIEludGVybmV0IHB1Ymxpc2hpbmcgU2VydmljZXMgcy5s
-LjErMCkGA1UEChQiaXBzQG1haWwuaXBzLmVzIEMuSS5GLiAgQi02MDkyOTQ1
-MjEvMC0GA1UECxMmSVBTIENBIENMQVNFQTEgQ2VydGlmaWNhdGlvbiBBdXRo
-b3JpdHkxLzAtBgNVBAMTJklQUyBDQSBDTEFTRUExIENlcnRpZmljYXRpb24g
-QXV0aG9yaXR5MR4wHAYJKoZIhvcNAQkBFg9pcHNAbWFpbC5pcHMuZXMwHhcN
-MDExMjI5MDEwNTMyWhcNMjUxMjI3MDEwNTMyWjCCARQxCzAJBgNVBAYTAkVT
-MRIwEAYDVQQIEwlCYXJjZWxvbmExEjAQBgNVBAcTCUJhcmNlbG9uYTEuMCwG
-A1UEChMlSVBTIEludGVybmV0IHB1Ymxpc2hpbmcgU2VydmljZXMgcy5sLjEr
-MCkGA1UEChQiaXBzQG1haWwuaXBzLmVzIEMuSS5GLiAgQi02MDkyOTQ1MjEv
-MC0GA1UECxMmSVBTIENBIENMQVNFQTEgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
-dHkxLzAtBgNVBAMTJklQUyBDQSBDTEFTRUExIENlcnRpZmljYXRpb24gQXV0
-aG9yaXR5MR4wHAYJKoZIhvcNAQkBFg9pcHNAbWFpbC5pcHMuZXMwgZ8wDQYJ
-KoZIhvcNAQEBBQADgY0AMIGJAoGBALsw19zQVL01Tp/FTILq0VA8R5j8m2md
-d81u4D/u6zJfX5/S0HnllXNEITLgCtud186Nq1KLK3jgm1t99P1tCeWu4Wwd
-ByOgF9H5fahGRpEiqLJpxq339fWUoTCUvQDMRH/uxJ7JweaPCjbB/SQ9AaD1
-e+J8eGZDi09Z8pvZ+kmzAgMBAAGjggRTMIIETzAdBgNVHQ4EFgQUZyaW56G/
-2LUDnf473P7yiuYV3TAwggFGBgNVHSMEggE9MIIBOYAUZyaW56G/2LUDnf47
-3P7yiuYV3TChggEcpIIBGDCCARQxCzAJBgNVBAYTAkVTMRIwEAYDVQQIEwlC
-YXJjZWxvbmExEjAQBgNVBAcTCUJhcmNlbG9uYTEuMCwGA1UEChMlSVBTIElu
-dGVybmV0IHB1Ymxpc2hpbmcgU2VydmljZXMgcy5sLjErMCkGA1UEChQiaXBz
-QG1haWwuaXBzLmVzIEMuSS5GLiAgQi02MDkyOTQ1MjEvMC0GA1UECxMmSVBT
-IENBIENMQVNFQTEgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxLzAtBgNVBAMT
-JklQUyBDQSBDTEFTRUExIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MR4wHAYJ
-KoZIhvcNAQkBFg9pcHNAbWFpbC5pcHMuZXOCAQAwDAYDVR0TBAUwAwEB/zAM
-BgNVHQ8EBQMDB/+AMGsGA1UdJQRkMGIGCCsGAQUFBwMBBggrBgEFBQcDAgYI
-KwYBBQUHAwMGCCsGAQUFBwMEBggrBgEFBQcDCAYKKwYBBAGCNwIBFQYKKwYB
-BAGCNwIBFgYKKwYBBAGCNwoDAQYKKwYBBAGCNwoDBDARBglghkgBhvhCAQEE
-BAMCAAcwGgYDVR0RBBMwEYEPaXBzQG1haWwuaXBzLmVzMBoGA1UdEgQTMBGB
-D2lwc0BtYWlsLmlwcy5lczBCBglghkgBhvhCAQ0ENRYzQ0xBU0VBMSBDQSBD
-ZXJ0aWZpY2F0ZSBpc3N1ZWQgYnkgaHR0cDovL3d3dy5pcHMuZXMvMCkGCWCG
-SAGG+EIBAgQcFhpodHRwOi8vd3d3Lmlwcy5lcy9pcHMyMDAyLzA7BglghkgB
-hvhCAQQELhYsaHR0cDovL3d3dy5pcHMuZXMvaXBzMjAwMi9pcHMyMDAyQ0xB
-U0VBMS5jcmwwQAYJYIZIAYb4QgEDBDMWMWh0dHA6Ly93d3cuaXBzLmVzL2lw
-czIwMDIvcmV2b2NhdGlvbkNMQVNFQTEuaHRtbD8wPQYJYIZIAYb4QgEHBDAW
-Lmh0dHA6Ly93d3cuaXBzLmVzL2lwczIwMDIvcmVuZXdhbENMQVNFQTEuaHRt
-bD8wOwYJYIZIAYb4QgEIBC4WLGh0dHA6Ly93d3cuaXBzLmVzL2lwczIwMDIv
-cG9saWN5Q0xBU0VBMS5odG1sMHUGA1UdHwRuMGwwMqAwoC6GLGh0dHA6Ly93
-d3cuaXBzLmVzL2lwczIwMDIvaXBzMjAwMkNMQVNFQTEuY3JsMDagNKAyhjBo
-dHRwOi8vd3d3YmFjay5pcHMuZXMvaXBzMjAwMi9pcHMyMDAyQ0xBU0VBMS5j
-cmwwLwYIKwYBBQUHAQEEIzAhMB8GCCsGAQUFBzABhhNodHRwOi8vb2NzcC5p
-cHMuZXMvMA0GCSqGSIb3DQEBBQUAA4GBAH66iqyAAIQVCtWYUQxkxZwCWINm
-yq0eB81+atqAB98DNEock8RLWCA1NnHtogo1EqWmZaeFaQoO42Hu6r4okzPV
-7Oi+xNtff6j5YzHIa5biKcJboOeXNp13XjFr/tOn2yrb25aLH2betgPAK7N4
-1lUH5Y85UN4HI3LmvSAUS7SG
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/IPS_CLASEA3_root.crt b/cert-validity/mozilla/builtin-certs/IPS_CLASEA3_root.crt
deleted file mode 100644
index 3901be856cab..000000000000
--- a/cert-validity/mozilla/builtin-certs/IPS_CLASEA3_root.crt
+++ /dev/null
@@ -1,48 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIH9zCCB2CgAwIBAgIBADANBgkqhkiG9w0BAQUFADCCARQxCzAJBgNVBAYT
-AkVTMRIwEAYDVQQIEwlCYXJjZWxvbmExEjAQBgNVBAcTCUJhcmNlbG9uYTEu
-MCwGA1UEChMlSVBTIEludGVybmV0IHB1Ymxpc2hpbmcgU2VydmljZXMgcy5s
-LjErMCkGA1UEChQiaXBzQG1haWwuaXBzLmVzIEMuSS5GLiAgQi02MDkyOTQ1
-MjEvMC0GA1UECxMmSVBTIENBIENMQVNFQTMgQ2VydGlmaWNhdGlvbiBBdXRo
-b3JpdHkxLzAtBgNVBAMTJklQUyBDQSBDTEFTRUEzIENlcnRpZmljYXRpb24g
-QXV0aG9yaXR5MR4wHAYJKoZIhvcNAQkBFg9pcHNAbWFpbC5pcHMuZXMwHhcN
-MDExMjI5MDEwNzUwWhcNMjUxMjI3MDEwNzUwWjCCARQxCzAJBgNVBAYTAkVT
-MRIwEAYDVQQIEwlCYXJjZWxvbmExEjAQBgNVBAcTCUJhcmNlbG9uYTEuMCwG
-A1UEChMlSVBTIEludGVybmV0IHB1Ymxpc2hpbmcgU2VydmljZXMgcy5sLjEr
-MCkGA1UEChQiaXBzQG1haWwuaXBzLmVzIEMuSS5GLiAgQi02MDkyOTQ1MjEv
-MC0GA1UECxMmSVBTIENBIENMQVNFQTMgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
-dHkxLzAtBgNVBAMTJklQUyBDQSBDTEFTRUEzIENlcnRpZmljYXRpb24gQXV0
-aG9yaXR5MR4wHAYJKoZIhvcNAQkBFg9pcHNAbWFpbC5pcHMuZXMwgZ8wDQYJ
-KoZIhvcNAQEBBQADgY0AMIGJAoGBAO6AAPYaZC6tasiDsYun7o/ZttvNG7uG
-BiJ2MwwSbUhWYdLcgiViL5/SaTBlA0IjWLxH3GvWdV0XPOH/8lhneaDBgbHU
-VqLyjRGZ/fZ98cfEXgIqmuJKtROKAP2Md4bm15T1IHUuDky/dMQ/gT6DtKM4
-Ninn6Cr1jIhBqoCm42zvAgMBAAGjggRTMIIETzAdBgNVHQ4EFgQUHp9XUEe2
-YZM50yz82l09BXW3mQIwggFGBgNVHSMEggE9MIIBOYAUHp9XUEe2YZM50yz8
-2l09BXW3mQKhggEcpIIBGDCCARQxCzAJBgNVBAYTAkVTMRIwEAYDVQQIEwlC
-YXJjZWxvbmExEjAQBgNVBAcTCUJhcmNlbG9uYTEuMCwGA1UEChMlSVBTIElu
-dGVybmV0IHB1Ymxpc2hpbmcgU2VydmljZXMgcy5sLjErMCkGA1UEChQiaXBz
-QG1haWwuaXBzLmVzIEMuSS5GLiAgQi02MDkyOTQ1MjEvMC0GA1UECxMmSVBT
-IENBIENMQVNFQTMgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxLzAtBgNVBAMT
-JklQUyBDQSBDTEFTRUEzIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MR4wHAYJ
-KoZIhvcNAQkBFg9pcHNAbWFpbC5pcHMuZXOCAQAwDAYDVR0TBAUwAwEB/zAM
-BgNVHQ8EBQMDB/+AMGsGA1UdJQRkMGIGCCsGAQUFBwMBBggrBgEFBQcDAgYI
-KwYBBQUHAwMGCCsGAQUFBwMEBggrBgEFBQcDCAYKKwYBBAGCNwIBFQYKKwYB
-BAGCNwIBFgYKKwYBBAGCNwoDAQYKKwYBBAGCNwoDBDARBglghkgBhvhCAQEE
-BAMCAAcwGgYDVR0RBBMwEYEPaXBzQG1haWwuaXBzLmVzMBoGA1UdEgQTMBGB
-D2lwc0BtYWlsLmlwcy5lczBCBglghkgBhvhCAQ0ENRYzQ0xBU0VBMyBDQSBD
-ZXJ0aWZpY2F0ZSBpc3N1ZWQgYnkgaHR0cDovL3d3dy5pcHMuZXMvMCkGCWCG
-SAGG+EIBAgQcFhpodHRwOi8vd3d3Lmlwcy5lcy9pcHMyMDAyLzA7BglghkgB
-hvhCAQQELhYsaHR0cDovL3d3dy5pcHMuZXMvaXBzMjAwMi9pcHMyMDAyQ0xB
-U0VBMy5jcmwwQAYJYIZIAYb4QgEDBDMWMWh0dHA6Ly93d3cuaXBzLmVzL2lw
-czIwMDIvcmV2b2NhdGlvbkNMQVNFQTMuaHRtbD8wPQYJYIZIAYb4QgEHBDAW
-Lmh0dHA6Ly93d3cuaXBzLmVzL2lwczIwMDIvcmVuZXdhbENMQVNFQTMuaHRt
-bD8wOwYJYIZIAYb4QgEIBC4WLGh0dHA6Ly93d3cuaXBzLmVzL2lwczIwMDIv
-cG9saWN5Q0xBU0VBMy5odG1sMHUGA1UdHwRuMGwwMqAwoC6GLGh0dHA6Ly93
-d3cuaXBzLmVzL2lwczIwMDIvaXBzMjAwMkNMQVNFQTMuY3JsMDagNKAyhjBo
-dHRwOi8vd3d3YmFjay5pcHMuZXMvaXBzMjAwMi9pcHMyMDAyQ0xBU0VBMy5j
-cmwwLwYIKwYBBQUHAQEEIzAhMB8GCCsGAQUFBzABhhNodHRwOi8vb2NzcC5p
-cHMuZXMvMA0GCSqGSIb3DQEBBQUAA4GBAEo9IEca2on0eisxeewBwMwB9dbB
-/MjD81ACUZBYKp/nNQlbMAqBACVHr9QPDp5gJqiVp4MI3y2s6Q73nMify5NF
-8bpqxmdRSmlPa/59Cy9SKcJQrSRE7SOzSMtEQMEDlQwKeAYSAfWRMS1Jjbs/
-RU4s4OjNtckUFQzjB4ObJnXv
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/IPS_Chained_CAs_root.crt b/cert-validity/mozilla/builtin-certs/IPS_Chained_CAs_root.crt
deleted file mode 100644
index 4461f5a29cfc..000000000000
--- a/cert-validity/mozilla/builtin-certs/IPS_Chained_CAs_root.crt
+++ /dev/null
@@ -1,48 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIH9zCCB2CgAwIBAgIBADANBgkqhkiG9w0BAQUFADCCARwxCzAJBgNVBAYT
-AkVTMRIwEAYDVQQIEwlCYXJjZWxvbmExEjAQBgNVBAcTCUJhcmNlbG9uYTEu
-MCwGA1UEChMlSVBTIEludGVybmV0IHB1Ymxpc2hpbmcgU2VydmljZXMgcy5s
-LjErMCkGA1UEChQiaXBzQG1haWwuaXBzLmVzIEMuSS5GLiAgQi02MDkyOTQ1
-MjEzMDEGA1UECxMqSVBTIENBIENoYWluZWQgQ0FzIENlcnRpZmljYXRpb24g
-QXV0aG9yaXR5MTMwMQYDVQQDEypJUFMgQ0EgQ2hhaW5lZCBDQXMgQ2VydGlm
-aWNhdGlvbiBBdXRob3JpdHkxHjAcBgkqhkiG9w0BCQEWD2lwc0BtYWlsLmlw
-cy5lczAeFw0wMTEyMjkwMDUzNThaFw0yNTEyMjcwMDUzNThaMIIBHDELMAkG
-A1UEBhMCRVMxEjAQBgNVBAgTCUJhcmNlbG9uYTESMBAGA1UEBxMJQmFyY2Vs
-b25hMS4wLAYDVQQKEyVJUFMgSW50ZXJuZXQgcHVibGlzaGluZyBTZXJ2aWNl
-cyBzLmwuMSswKQYDVQQKFCJpcHNAbWFpbC5pcHMuZXMgQy5JLkYuICBCLTYw
-OTI5NDUyMTMwMQYDVQQLEypJUFMgQ0EgQ2hhaW5lZCBDQXMgQ2VydGlmaWNh
-dGlvbiBBdXRob3JpdHkxMzAxBgNVBAMTKklQUyBDQSBDaGFpbmVkIENBcyBD
-ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEeMBwGCSqGSIb3DQEJARYPaXBzQG1h
-aWwuaXBzLmVzMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDcVpJJspQg
-vJhPUOtopKdJC7/SMejHT8KGC/po/UNaivNgkjWZOLtNA1IhW/A3mTXhQSCB
-hYEFcYGdtJUZqV92NC5jNzVXjrQfQj8VXOF6wV8TGDIxya2+o8eDZh65nAQT
-y2nBBt4wBrszo7Uf8I9vzv+W6FS+ZoCua9tBhDaiPQIDAQABo4IEQzCCBD8w
-HQYDVR0OBBYEFKGtMbH5PuEXpsirNPxShwkeYlJBMIIBTgYDVR0jBIIBRTCC
-AUGAFKGtMbH5PuEXpsirNPxShwkeYlJBoYIBJKSCASAwggEcMQswCQYDVQQG
-EwJFUzESMBAGA1UECBMJQmFyY2Vsb25hMRIwEAYDVQQHEwlCYXJjZWxvbmEx
-LjAsBgNVBAoTJUlQUyBJbnRlcm5ldCBwdWJsaXNoaW5nIFNlcnZpY2VzIHMu
-bC4xKzApBgNVBAoUImlwc0BtYWlsLmlwcy5lcyBDLkkuRi4gIEItNjA5Mjk0
-NTIxMzAxBgNVBAsTKklQUyBDQSBDaGFpbmVkIENBcyBDZXJ0aWZpY2F0aW9u
-IEF1dGhvcml0eTEzMDEGA1UEAxMqSVBTIENBIENoYWluZWQgQ0FzIENlcnRp
-ZmljYXRpb24gQXV0aG9yaXR5MR4wHAYJKoZIhvcNAQkBFg9pcHNAbWFpbC5p
-cHMuZXOCAQAwDAYDVR0TBAUwAwEB/zAMBgNVHQ8EBQMDB/+AMGsGA1UdJQRk
-MGIGCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwMGCCsGAQUFBwMEBggr
-BgEFBQcDCAYKKwYBBAGCNwIBFQYKKwYBBAGCNwIBFgYKKwYBBAGCNwoDAQYK
-KwYBBAGCNwoDBDARBglghkgBhvhCAQEEBAMCAAcwGgYDVR0RBBMwEYEPaXBz
-QG1haWwuaXBzLmVzMBoGA1UdEgQTMBGBD2lwc0BtYWlsLmlwcy5lczBCBglg
-hkgBhvhCAQ0ENRYzQ2hhaW5lZCBDQSBDZXJ0aWZpY2F0ZSBpc3N1ZWQgYnkg
-aHR0cDovL3d3dy5pcHMuZXMvMCkGCWCGSAGG+EIBAgQcFhpodHRwOi8vd3d3
-Lmlwcy5lcy9pcHMyMDAyLzA3BglghkgBhvhCAQQEKhYoaHR0cDovL3d3dy5p
-cHMuZXMvaXBzMjAwMi9pcHMyMDAyQ0FDLmNybDA8BglghkgBhvhCAQMELxYt
-aHR0cDovL3d3dy5pcHMuZXMvaXBzMjAwMi9yZXZvY2F0aW9uQ0FDLmh0bWw/
-MDkGCWCGSAGG+EIBBwQsFipodHRwOi8vd3d3Lmlwcy5lcy9pcHMyMDAyL3Jl
-bmV3YWxDQUMuaHRtbD8wNwYJYIZIAYb4QgEIBCoWKGh0dHA6Ly93d3cuaXBz
-LmVzL2lwczIwMDIvcG9saWN5Q0FDLmh0bWwwbQYDVR0fBGYwZDAuoCygKoYo
-aHR0cDovL3d3dy5pcHMuZXMvaXBzMjAwMi9pcHMyMDAyQ0FDLmNybDAyoDCg
-LoYsaHR0cDovL3d3d2JhY2suaXBzLmVzL2lwczIwMDIvaXBzMjAwMkNBQy5j
-cmwwLwYIKwYBBQUHAQEEIzAhMB8GCCsGAQUFBzABhhNodHRwOi8vb2NzcC5p
-cHMuZXMvMA0GCSqGSIb3DQEBBQUAA4GBAERyMJ1WWKJBGyi3leGmGpVfp3hA
-K+/blkr8THFj2XOVvQLiogbHvpcqk4A0hgP63Ng9HgfNHnNDJGD1HWHc3Jag
-vPsd4+cSACczAsDAK1M92GsDgaPb1pOVIO/Tln4mkImcJpvNb2ar7QMiRDjM
-Wb2f2/YHogF/JsRj9SVCXmK9
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/IPS_Timestamping_root.crt b/cert-validity/mozilla/builtin-certs/IPS_Timestamping_root.crt
deleted file mode 100644
index e836e3fcbde0..000000000000
--- a/cert-validity/mozilla/builtin-certs/IPS_Timestamping_root.crt
+++ /dev/null
@@ -1,49 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIIODCCB6GgAwIBAgIBADANBgkqhkiG9w0BAQUFADCCAR4xCzAJBgNVBAYT
-AkVTMRIwEAYDVQQIEwlCYXJjZWxvbmExEjAQBgNVBAcTCUJhcmNlbG9uYTEu
-MCwGA1UEChMlSVBTIEludGVybmV0IHB1Ymxpc2hpbmcgU2VydmljZXMgcy5s
-LjErMCkGA1UEChQiaXBzQG1haWwuaXBzLmVzIEMuSS5GLiAgQi02MDkyOTQ1
-MjE0MDIGA1UECxMrSVBTIENBIFRpbWVzdGFtcGluZyBDZXJ0aWZpY2F0aW9u
-IEF1dGhvcml0eTE0MDIGA1UEAxMrSVBTIENBIFRpbWVzdGFtcGluZyBDZXJ0
-aWZpY2F0aW9uIEF1dGhvcml0eTEeMBwGCSqGSIb3DQEJARYPaXBzQG1haWwu
-aXBzLmVzMB4XDTAxMTIyOTAxMTAxOFoXDTI1MTIyNzAxMTAxOFowggEeMQsw
-CQYDVQQGEwJFUzESMBAGA1UECBMJQmFyY2Vsb25hMRIwEAYDVQQHEwlCYXJj
-ZWxvbmExLjAsBgNVBAoTJUlQUyBJbnRlcm5ldCBwdWJsaXNoaW5nIFNlcnZp
-Y2VzIHMubC4xKzApBgNVBAoUImlwc0BtYWlsLmlwcy5lcyBDLkkuRi4gIEIt
-NjA5Mjk0NTIxNDAyBgNVBAsTK0lQUyBDQSBUaW1lc3RhbXBpbmcgQ2VydGlm
-aWNhdGlvbiBBdXRob3JpdHkxNDAyBgNVBAMTK0lQUyBDQSBUaW1lc3RhbXBp
-bmcgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxHjAcBgkqhkiG9w0BCQEWD2lw
-c0BtYWlsLmlwcy5lczCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvLju
-VqWajOY2ycJioGaBjRrVetJznw6EZLqVtJCneK/K/lRhW86yIFcBrkSSQxA4
-Efdo/BdApWgnMjvEp+ZCccWZ73b/K5Uk9UmSGGjKALWkWi9uy9YbLA1UZ2t6
-KaFYq6JaANZbuxjC3/YeE1Z2m6Vo4pjOxgOKNNtMg0GmqaMCAwEAAaOCBIAw
-ggR8MB0GA1UdDgQWBBSL0BBQCYHynQnVDmB4AyKiP8jKZjCCAVAGA1UdIwSC
-AUcwggFDgBSL0BBQCYHynQnVDmB4AyKiP8jKZqGCASakggEiMIIBHjELMAkG
-A1UEBhMCRVMxEjAQBgNVBAgTCUJhcmNlbG9uYTESMBAGA1UEBxMJQmFyY2Vs
-b25hMS4wLAYDVQQKEyVJUFMgSW50ZXJuZXQgcHVibGlzaGluZyBTZXJ2aWNl
-cyBzLmwuMSswKQYDVQQKFCJpcHNAbWFpbC5pcHMuZXMgQy5JLkYuICBCLTYw
-OTI5NDUyMTQwMgYDVQQLEytJUFMgQ0EgVGltZXN0YW1waW5nIENlcnRpZmlj
-YXRpb24gQXV0aG9yaXR5MTQwMgYDVQQDEytJUFMgQ0EgVGltZXN0YW1waW5n
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MR4wHAYJKoZIhvcNAQkBFg9pcHNA
-bWFpbC5pcHMuZXOCAQAwDAYDVR0TBAUwAwEB/zAMBgNVHQ8EBQMDB/+AMGsG
-A1UdJQRkMGIGCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwMGCCsGAQUF
-BwMEBggrBgEFBQcDCAYKKwYBBAGCNwIBFQYKKwYBBAGCNwIBFgYKKwYBBAGC
-NwoDAQYKKwYBBAGCNwoDBDARBglghkgBhvhCAQEEBAMCAAcwGgYDVR0RBBMw
-EYEPaXBzQG1haWwuaXBzLmVzMBoGA1UdEgQTMBGBD2lwc0BtYWlsLmlwcy5l
-czBHBglghkgBhvhCAQ0EOhY4VGltZXN0YW1waW5nIENBIENlcnRpZmljYXRl
-IGlzc3VlZCBieSBodHRwOi8vd3d3Lmlwcy5lcy8wKQYJYIZIAYb4QgECBBwW
-Gmh0dHA6Ly93d3cuaXBzLmVzL2lwczIwMDIvMEAGCWCGSAGG+EIBBAQzFjFo
-dHRwOi8vd3d3Lmlwcy5lcy9pcHMyMDAyL2lwczIwMDJUaW1lc3RhbXBpbmcu
-Y3JsMEUGCWCGSAGG+EIBAwQ4FjZodHRwOi8vd3d3Lmlwcy5lcy9pcHMyMDAy
-L3Jldm9jYXRpb25UaW1lc3RhbXBpbmcuaHRtbD8wQgYJYIZIAYb4QgEHBDUW
-M2h0dHA6Ly93d3cuaXBzLmVzL2lwczIwMDIvcmVuZXdhbFRpbWVzdGFtcGlu
-Zy5odG1sPzBABglghkgBhvhCAQgEMxYxaHR0cDovL3d3dy5pcHMuZXMvaXBz
-MjAwMi9wb2xpY3lUaW1lc3RhbXBpbmcuaHRtbDB/BgNVHR8EeDB2MDegNaAz
-hjFodHRwOi8vd3d3Lmlwcy5lcy9pcHMyMDAyL2lwczIwMDJUaW1lc3RhbXBp
-bmcuY3JsMDugOaA3hjVodHRwOi8vd3d3YmFjay5pcHMuZXMvaXBzMjAwMi9p
-cHMyMDAyVGltZXN0YW1waW5nLmNybDAvBggrBgEFBQcBAQQjMCEwHwYIKwYB
-BQUHMAGGE2h0dHA6Ly9vY3NwLmlwcy5lcy8wDQYJKoZIhvcNAQEFBQADgYEA
-ZbrBzAAalZHK6Ww6vzoeFAh8+4Pua2JR0zORtWB5fgTYXXk36MNbsMRnLWha
-sl8OCvrNPzpFoeo2zyYepxEoxZSPhExTCMWTs/zif/WN87GphV+I3pGW7hdb
-rqXqcGV4LCFkAZXOzkw+UPS2Wctjjba9GNSHSl/c7+lW8AoM6HU=
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/Izenpe.com.crt b/cert-validity/mozilla/builtin-certs/Izenpe.com.crt
deleted file mode 100644
index aee3b36eec4a..000000000000
--- a/cert-validity/mozilla/builtin-certs/Izenpe.com.crt
+++ /dev/null
@@ -1,36 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIF8TCCA9mgAwIBAgIQALC3WhZIX7/hy/WL1xnmfTANBgkqhkiG9w0BAQsF
-ADA4MQswCQYDVQQGEwJFUzEUMBIGA1UECgwLSVpFTlBFIFMuQS4xEzARBgNV
-BAMMCkl6ZW5wZS5jb20wHhcNMDcxMjEzMTMwODI4WhcNMzcxMjEzMDgyNzI1
-WjA4MQswCQYDVQQGEwJFUzEUMBIGA1UECgwLSVpFTlBFIFMuQS4xEzARBgNV
-BAMMCkl6ZW5wZS5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC
-AQDJ03rKDx6sp4boFmVqscIbRTJxldn+EFvMr+eleQGPicPK8lVx93e+d5Tz
-cqQsRNiekpsUOqHnJJAKClaOxdgmlOHZSOEtPtoKct2jmRXagaKH9HtuJneJ
-WK3W6wyyQXpzbm3benhB6QiIEn6HLmYRY2xU+zydcsC8Lv/Ct90NduM61/e0
-aL6i9eOBbsFGb12N4E3GVFWJGjMxCrFXuaOKmMPsOzTFlUFpfnXCPCDFYbpR
-R6AgkJOhkEvzTnyFRVSa0QUmQbC1TR0zvsQDyCV8wXDbO/QJLVQnSKwv4cSs
-PsjLkkxTOTcj7NMB+eAJRE1NZMDhDVqHIrytG6P+JrUV86f8hBnp7KGItERp
-hIPzidF0BqnMC9bC3ieFUCbKF7jJeodWLBoBHmy+E60QrLUk9TiRodZL2vG7
-0t5HtfG8gfZZa88ZU+mNFctKy6lvROUbQc/hhqfK0GqfvEyNBjNaooXlkDWg
-YlwWTvDjovoDGrQscbNYLN57C9saD+veIR8GdwYDsMnvmfzAuU8Lhij+0rnq
-49qlw0dpEuDb8PYZi+17cNcC1u2HGCgsBCRMd+RIihrGO5rUD8r6ddIBQFqN
-eb+Lz0vPqhbBleStTIo+F5HUsWLlguWABKQDfo2/2n+iD5dPDNMN+9fR5XJ+
-HMh3/1uaD7euBUbl8agW7EekFwIDAQABo4H2MIHzMIGwBgNVHREEgagwgaWB
-D2luZm9AaXplbnBlLmNvbaSBkTCBjjFHMEUGA1UECgw+SVpFTlBFIFMuQS4g
-LSBDSUYgQTAxMzM3MjYwLVJNZXJjLlZpdG9yaWEtR2FzdGVpeiBUMTA1NSBG
-NjIgUzgxQzBBBgNVBAkMOkF2ZGEgZGVsIE1lZGl0ZXJyYW5lbyBFdG9yYmlk
-ZWEgMTQgLSAwMTAxMCBWaXRvcmlhLUdhc3RlaXowDwYDVR0TAQH/BAUwAwEB
-/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFB0cZQ6o8iV7tJHP5LGx5r1V
-dGwFMA0GCSqGSIb3DQEBCwUAA4ICAQB4pgwWSp9MiDrAyw6lFn2fuUhfGI8N
-Yjb2zRlrrKvV9pF9rnHzP7MOeIWblaQnIUdCSnxIOvVFfLMMjlF4rJUT3sb9
-fbgakEyrkgPH7UIBzg/YsfqikuFgba56awmqxinuaElnMIAkejEWOVt+8Rwu
-3WwJrfIxwYJOubv5vr8qhT/AQKM6WfxZSzwoJNu0FXWuDYi6LnPAvViH5ULy
-617uHjAimcs30cQhbIHsvm0m5hzkQiCeR7Csg1lwLDXWrzY0tM07+DKo7+N4
-ifuNRSzanLh+QBxh5z6ikixL8s36mLYp//Pye6kfLqCTVyvehQP5aTfLnnhq
-BbTFMXiJ7HqnheG5ezzevh55hM6fcA5ZwjUukCox2eRFekGkLhObNA5me0mr
-ZJfQRsN5nXJQY6aYWwa9SG3YOYNw6DXwBdGqvOPbyALqfP2C2sJbUjWumDqt
-ujWTI6cfSN01RpiyEGjkpTHCClguGYEQyVB1/OpaFs4R1+7vUIgtYf8/QnMF
-lEPVjjxOAToZpR9GTnfQXeWBIiGH/pR9hNiTrdZoQ0iy2+tzJOeRf1SktoA+
-naM8THLCV8Sg1Mw4J87VBp6iSNnpn86CcDaTmjvfliHjWbcM2pE38P1ZWrOZ
-yGlsQyYBNWNgVYkDOnXYukrZVP/u3oDYLdE41V4tC5h9Pmzb/CaIxw==
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/Juur-SK.crt b/cert-validity/mozilla/builtin-certs/Juur-SK.crt
deleted file mode 100644
index fbd5d16b11cc..000000000000
--- a/cert-validity/mozilla/builtin-certs/Juur-SK.crt
+++ /dev/null
@@ -1,30 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIE5jCCA86gAwIBAgIEO45L/DANBgkqhkiG9w0BAQUFADBdMRgwFgYJKoZI
-hvcNAQkBFglwa2lAc2suZWUxCzAJBgNVBAYTAkVFMSIwIAYDVQQKExlBUyBT
-ZXJ0aWZpdHNlZXJpbWlza2Vza3VzMRAwDgYDVQQDEwdKdXVyLVNLMB4XDTAx
-MDgzMDE0MjMwMVoXDTE2MDgyNjE0MjMwMVowXTEYMBYGCSqGSIb3DQEJARYJ
-cGtpQHNrLmVlMQswCQYDVQQGEwJFRTEiMCAGA1UEChMZQVMgU2VydGlmaXRz
-ZWVyaW1pc2tlc2t1czEQMA4GA1UEAxMHSnV1ci1TSzCCASIwDQYJKoZIhvcN
-AQEBBQADggEPADCCAQoCggEBAIFxNj4zB9bjMI0TfncyRsvPGbJgMUaXhvSY
-RqTCZUXP00B841oiqBB4M8yIsdOBSvZiF3tfTQou0M+LI+5PAk676w7KvRhj
-6IAcjeEcjT3g/1tf6mTll+g/mX8MCgkzABpTpyHhOEvWgxutr2TC+Rx6jGZI
-TWYfGAriPrsfB2WThbkasLnE+w0R9vXW+RvHLCu3GFH+4Hv2qEivbDtPL+/4
-0UceJlfwUR0zlv/vWT3aTdEVNMfqPxZIe5EcgEMPPbgFPtGzlc3Yyg/CQ2fb
-t5PgIoIuvvVoKIO5wTtpeyDaTpxt4brNj3pssAki14sL2xzVWiZbDcDq5WDQ
-n/413z8CAwEAAaOCAawwggGoMA8GA1UdEwEB/wQFMAMBAf8wggEWBgNVHSAE
-ggENMIIBCTCCAQUGCisGAQQBzh8BAQEwgfYwgdAGCCsGAQUFBwICMIHDHoHA
-AFMAZQBlACAAcwBlAHIAdABpAGYAaQBrAGEAYQB0ACAAbwBuACAAdgDkAGwA
-agBhAHMAdABhAHQAdQBkACAAQQBTAC0AaQBzACAAUwBlAHIAdABpAGYAaQB0
-AHMAZQBlAHIAaQBtAGkAcwBrAGUAcwBrAHUAcwAgAGEAbABhAG0ALQBTAEsA
-IABzAGUAcgB0AGkAZgBpAGsAYQBhAHQAaQBkAGUAIABrAGkAbgBuAGkAdABh
-AG0AaQBzAGUAawBzMCEGCCsGAQUFBwIBFhVodHRwOi8vd3d3LnNrLmVlL2Nw
-cy8wKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3d3dy5zay5lZS9qdXVyL2Ny
-bC8wHQYDVR0OBBYEFASqekej5ImvGs8KQKcYP2/v6X2+MB8GA1UdIwQYMBaA
-FASqekej5ImvGs8KQKcYP2/v6X2+MA4GA1UdDwEB/wQEAwIB5jANBgkqhkiG
-9w0BAQUFAAOCAQEAe8EYlFOiCfP+JmeaUOTDBS8rNXiRTHyoERF5TElZrMj3
-hWVcRrs7EKACr81Ptcw2Kuxd/u+gkcm2k298gFTsxwhwDY77guwqYHhpNjbR
-xZyLabVAyJRld/JXIWY7zoVAtjNjGr95HvxcHdMdkxuLDF2FvZkwMhgJkVLp
-fKG6/2SSmuz+Ne6ML678IIbsSt4beDI3poHSna9aEhbKmVv8b20OxaAehsmR
-0FyYgl9jDIpaq9iVpszLita/ZEuOyoqysOkhMp6qqIWYNIE5ITuoOlIyPfZr
-N4YGWhWY3PARZv40ILcD9EEQfTmEeZZyY7aWAuVrua0ZTbvGRNs2yyqcjg==
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/MD5_Collisions_Forged_Rogue_CA_25c3.crt b/cert-validity/mozilla/builtin-certs/MD5_Collisions_Forged_Rogue_CA_25c3.crt
deleted file mode 100644
index bb1568577843..000000000000
--- a/cert-validity/mozilla/builtin-certs/MD5_Collisions_Forged_Rogue_CA_25c3.crt
+++ /dev/null
@@ -1,26 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEMjCCA5ugAwIBAgIBQjANBgkqhkiG9w0BAQQFADBaMQswCQYDVQQGEwJV
-UzEcMBoGA1UEChMTRXF1aWZheCBTZWN1cmUgSW5jLjEtMCsGA1UEAxMkRXF1
-aWZheCBTZWN1cmUgR2xvYmFsIGVCdXNpbmVzcyBDQS0xMB4XDTA0MDczMTAw
-MDAwMVoXDTA0MDkwMjAwMDAwMVowPDE6MDgGA1UEAxMxTUQ1IENvbGxpc2lv
-bnMgSW5jLiAoaHR0cDovL3d3dy5waHJlZWRvbS5vcmcvbWQ1KTCBnzANBgkq
-hkiG9w0BAQEFAAOBjQAwgYkCgYEAuqZZySwo1iqw+O2fRqSkN+4OGWhZ0bMD
-mVHWFppeN2sV4A5L9YRk+KPbQW811ZsVH9vEOFJwgZdej6C193458DKsHq1E
-0rP6SMPOkZvs9Jx84Vr1yDdrmoPe58oglzFCcxWRaPSIr/koKMXpD3OwF0sT
-TJl10ETmfghsGvJPG0ECAwEAAaOCAiQwggIgMAsGA1UdDwQEAwIBxjAPBgNV
-HRMBAf8EBTADAQH/MB0GA1UdDgQWBBSnBGAfq3JDCMV/CJBVVhzWzuY46zAf
-BgNVHSMEGDAWgBS+qKB0clBrRLfJI9j7qP+zV2tobDCCAb4GCWCGSAGG+EIB
-DQSCAa8WggGrMwAAACdeOeCJYQ9Oo8VFCza7AdFTqsMIj2/4Tz6Hh0QR3GDg
-35JV+bhzG1STxZ/QRsRgtjVizbmvHKhpGslbPJY3wO1n77v+wIucUC8pvYMi
-no4I+qwTcKJYf2JiihH3ifbftmdZcxb7YxaKtJE4zi71tr5MpJRJ5GURCkIV
-ycEw4mnVRX2lJru5YexiZPA54ee8aNhQUZ4dYNPRo6cK+AMgoXABF5E2TwJw
-MYaD3fcP2AcdEbMTBKXc8K5QsSgOY2kqDIJvj0cz32yiBpLxT0W+2TA2oyuM
-1neuNWN/Tkyak0g22Z8CAwEAAaOBvTCBujAOBgNVHQ8BAf8EBAMCBPAwHQYD
-VR0OBBYEFM2mg/qlYDf3ljcXKd5BePGHiVXnMDsGA1UdHwQ0MDIwMKAuoCyG
-Kmh0dHA6Ly9jcmwuZ2VvdHJ1c3QuY29tL2NybHMvZ2xvYmFsY2ExLmNybDAf
-BgNVHSMEGDAWgBS+qKB0clBrRLfJI9j7qP+zV2tobDAdBgNVHSUEFjAUBggr
-BgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQQF
-AAOBgQCnIQKN0Q6igHcl/UNgFY/s75BH1IRCFSYRHM3CPBApqbbfq1d1kdrl
-K7OQRRwwY1Y/itlQ+u1YbMBlrGZX3hzGdjv1AA6ORc5/TJDsK8bNs7SPYtD+
-t8UmckTt9phbrsvRlfXaCL5oRrF1yOwdjx56lPGqU3iiRa5U6tGedMh2Zw==
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/Microsec_e-Szigno_Root_CA.crt b/cert-validity/mozilla/builtin-certs/Microsec_e-Szigno_Root_CA.crt
deleted file mode 100644
index e3f269a31feb..000000000000
--- a/cert-validity/mozilla/builtin-certs/Microsec_e-Szigno_Root_CA.crt
+++ /dev/null
@@ -1,46 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIHqDCCBpCgAwIBAgIRAMy4579OKRr9otxmpRwsDxEwDQYJKoZIhvcNAQEF
-BQAwcjELMAkGA1UEBhMCSFUxETAPBgNVBAcTCEJ1ZGFwZXN0MRYwFAYDVQQK
-Ew1NaWNyb3NlYyBMdGQuMRQwEgYDVQQLEwtlLVN6aWdubyBDQTEiMCAGA1UE
-AxMZTWljcm9zZWMgZS1Temlnbm8gUm9vdCBDQTAeFw0wNTA0MDYxMjI4NDRa
-Fw0xNzA0MDYxMjI4NDRaMHIxCzAJBgNVBAYTAkhVMREwDwYDVQQHEwhCdWRh
-cGVzdDEWMBQGA1UEChMNTWljcm9zZWMgTHRkLjEUMBIGA1UECxMLZS1Temln
-bm8gQ0ExIjAgBgNVBAMTGU1pY3Jvc2VjIGUtU3ppZ25vIFJvb3QgQ0EwggEi
-MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDtyADVgXvNOABHzNuEwSFp
-LHSQDCHZU4ftPkNEU6+r+ICbPHiN1I2uuO/TEdyB5s87lozWbxXGd36hL+Bf
-krYn13aaHUM86tnsL+4582pnS4uCzyL4ZVX+LMsvfUh6PXX5qqAnu3jCBspR
-wn5mS6/NoqdNAoI/gqyFxuEPkEeZlApxcpMqyabAvjxWTHOSJ/FrtfX9/DAF
-YJLG65Z+AZHCabEeHXtTRbjcQR/Ji3HWVBTji1R4P770Yjtb9aPs1ZJ04nQw
-7wHb4dSrmZsqa/i9phyGI0Jf7Enemotb9HI6QMVJPqW+jqpx62z69Rrkav17
-fVVA71hu5tnVvCSrwe+3AgMBAAGjggQ3MIIEMzBnBggrBgEFBQcBAQRbMFkw
-KAYIKwYBBQUHMAGGHGh0dHBzOi8vcmNhLmUtc3ppZ25vLmh1L29jc3AwLQYI
-KwYBBQUHMAKGIWh0dHA6Ly93d3cuZS1zemlnbm8uaHUvUm9vdENBLmNydDAP
-BgNVHRMBAf8EBTADAQH/MIIBcwYDVR0gBIIBajCCAWYwggFiBgwrBgEEAYGo
-GAIBAQEwggFQMCgGCCsGAQUFBwIBFhxodHRwOi8vd3d3LmUtc3ppZ25vLmh1
-L1NaU1ovMIIBIgYIKwYBBQUHAgIwggEUHoIBEABBACAAdABhAG4A+gBzAO0A
-dAB2AOEAbgB5ACAA6QByAHQAZQBsAG0AZQB6AOkAcwDpAGgAZQB6ACAA6QBz
-ACAAZQBsAGYAbwBnAGEAZADhAHMA4QBoAG8AegAgAGEAIABTAHoAbwBsAGcA
-4QBsAHQAYQB0APMAIABTAHoAbwBsAGcA4QBsAHQAYQB0AOEAcwBpACAAUwB6
-AGEAYgDhAGwAeQB6AGEAdABhACAAcwB6AGUAcgBpAG4AdAAgAGsAZQBsAGwA
-IABlAGwAagDhAHIAbgBpADoAIABoAHQAdABwADoALwAvAHcAdwB3AC4AZQAt
-AHMAegBpAGcAbgBvAC4AaAB1AC8AUwBaAFMAWgAvMIHIBgNVHR8EgcAwgb0w
-gbqggbeggbSGIWh0dHA6Ly93d3cuZS1zemlnbm8uaHUvUm9vdENBLmNybIaB
-jmxkYXA6Ly9sZGFwLmUtc3ppZ25vLmh1L0NOPU1pY3Jvc2VjJTIwZS1Temln
-bm8lMjBSb290JTIwQ0EsT1U9ZS1Temlnbm8lMjBDQSxPPU1pY3Jvc2VjJTIw
-THRkLixMPUJ1ZGFwZXN0LEM9SFU/Y2VydGlmaWNhdGVSZXZvY2F0aW9uTGlz
-dDtiaW5hcnkwDgYDVR0PAQH/BAQDAgEGMIGWBgNVHREEgY4wgYuBEGluZm9A
-ZS1zemlnbm8uaHWkdzB1MSMwIQYDVQQDDBpNaWNyb3NlYyBlLVN6aWduw7Mg
-Um9vdCBDQTEWMBQGA1UECwwNZS1TemlnbsOzIEhTWjEWMBQGA1UEChMNTWlj
-cm9zZWMgS2Z0LjERMA8GA1UEBxMIQnVkYXBlc3QxCzAJBgNVBAYTAkhVMIGs
-BgNVHSMEgaQwgaGAFMegSXUWYYTbMUuE0vE3QJDvTtz3oXakdDByMQswCQYD
-VQQGEwJIVTERMA8GA1UEBxMIQnVkYXBlc3QxFjAUBgNVBAoTDU1pY3Jvc2Vj
-IEx0ZC4xFDASBgNVBAsTC2UtU3ppZ25vIENBMSIwIAYDVQQDExlNaWNyb3Nl
-YyBlLVN6aWdubyBSb290IENBghEAzLjnv04pGv2i3GalHCwPETAdBgNVHQ4E
-FgQUx6BJdRZhhNsxS4TS8TdAkO9O3PcwDQYJKoZIhvcNAQEFBQADggEBANMT
-nGZjWS7KXHAM/IO8VbH0jgdsZifOwTsgqRy7RlRw7lrMoHfqaEQn6/Ip3Xep
-1fvj1KcExJW4C+FEaGAHQzAxQmHl7tnlJNUb3+FKG6qfx1/4ehHqE5MAyopY
-se7tDk2016g2JnzgOsHVV4Lxdbb9iV/a86g4nzUGCM4ilb7N1fy+W955a9x6
-qWVmvrElWl/tftOsRm1M9DKHtCAE4Gx4sHfRhUZLphK3dehKyVZs15KrnfVJ
-ONJPU+NVkBHbmJbGSfI+9J8b4PeI3CVimUTYc78/MPMMNz7UwiiAc7EBt51a
-lhQBS6kRnSlqLtBdgcDPsiBDxwPgN05dCtxZICU=
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/Microsec_e-Szigno_Root_CA_2009.crt b/cert-validity/mozilla/builtin-certs/Microsec_e-Szigno_Root_CA_2009.crt
deleted file mode 100644
index cba9badd122d..000000000000
--- a/cert-validity/mozilla/builtin-certs/Microsec_e-Szigno_Root_CA_2009.crt
+++ /dev/null
@@ -1,26 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIECjCCAvKgAwIBAgIJAMJ+QwRORz8ZMA0GCSqGSIb3DQEBCwUAMIGCMQsw
-CQYDVQQGEwJIVTERMA8GA1UEBwwIQnVkYXBlc3QxFjAUBgNVBAoMDU1pY3Jv
-c2VjIEx0ZC4xJzAlBgNVBAMMHk1pY3Jvc2VjIGUtU3ppZ25vIFJvb3QgQ0Eg
-MjAwOTEfMB0GCSqGSIb3DQEJARYQaW5mb0BlLXN6aWduby5odTAeFw0wOTA2
-MTYxMTMwMThaFw0yOTEyMzAxMTMwMThaMIGCMQswCQYDVQQGEwJIVTERMA8G
-A1UEBwwIQnVkYXBlc3QxFjAUBgNVBAoMDU1pY3Jvc2VjIEx0ZC4xJzAlBgNV
-BAMMHk1pY3Jvc2VjIGUtU3ppZ25vIFJvb3QgQ0EgMjAwOTEfMB0GCSqGSIb3
-DQEJARYQaW5mb0BlLXN6aWduby5odTCCASIwDQYJKoZIhvcNAQEBBQADggEP
-ADCCAQoCggEBAOn4j/NjrdqG2KfgQvvPkd6mJviZpWNwrZuuyjNAfW2WbqEO
-RO7hE52UQlKavXWFdCyoDh2Tthi3jCyoz/tccbna7P7ofo/kLx2yqHWH2Leh
-5TvPmUpG0IMZfcChEhyVbUr02MelTTMuhTlAdX4UfIASmFDHQWe4oIBhVKZs
-Th/gnQ4H6cm6M+f+wFUoLAKApxn1ntxVUwOXewdI/5n7N4okxFnMUBBjjqqp
-GrCEGob5X7uxUG6k0QrM1XF+H6cbfPVTbiJfyyvm1HxdrtbCxkzlBQHZ7Vf8
-wSN5/PrIJIOV87VqUQHQd9bpEqH5GoP7ghu5sJf0dgYzQ0mg/wu1+rUCAwEA
-AaOBgDB+MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1Ud
-DgQWBBTLD8bfQkPMPcu1SCOhGnqmKrs0aDAfBgNVHSMEGDAWgBTLD8bfQkPM
-Pcu1SCOhGnqmKrs0aDAbBgNVHREEFDASgRBpbmZvQGUtc3ppZ25vLmh1MA0G
-CSqGSIb3DQEBCwUAA4IBAQDJ0Q5eLtXMs3w+y/w9/w0olZMEyL/azXm4Q5Dw
-pL7v8u8hmLzU1F0G9u5C7DBsoKqpyvGvivo/C3NqPuouQH4frlRheesuCDfX
-I/OMn74dseGkddug4lQUsbocKaQY9hK6ohQU4zE1yED/t+AFdlfBHFny+L/k
-7SViXITwfn4fs775tyERzAMBVnCnEJIeGzSBHq2cGsMEPO0CYdYeBvNfOofy
-K/FFh+U9rNHHV4S9a67c2Pm2G2JwCz02yULyMtd6YebS2z3PyKnJm9zbWETX
-bzivf3jTo60adbocwTZ8jx5tHMN1Rq41Bab2XD0h7lbwyYIiLXpUq3DDfSJl
-gnCW
------END CERTIFICATE-----
diff --git "a/cert-validity/mozilla/builtin-certs/NetLock_Arany_=Class_Gold=_F\305\221tan\303\272s\303\255tv\303\241ny.crt" "b/cert-validity/mozilla/builtin-certs/NetLock_Arany_=Class_Gold=_F\305\221tan\303\272s\303\255tv\303\241ny.crt"
deleted file mode 100644
index eedd0b6f9cb0..000000000000
--- "a/cert-validity/mozilla/builtin-certs/NetLock_Arany_=Class_Gold=_F\305\221tan\303\272s\303\255tv\303\241ny.crt"
+++ /dev/null
@@ -1,26 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEFTCCAv2gAwIBAgIGSUEs5AAQMA0GCSqGSIb3DQEBCwUAMIGnMQswCQYD
-VQQGEwJIVTERMA8GA1UEBwwIQnVkYXBlc3QxFTATBgNVBAoMDE5ldExvY2sg
-S2Z0LjE3MDUGA1UECwwuVGFuw7pzw610dsOhbnlraWFkw7NrIChDZXJ0aWZp
-Y2F0aW9uIFNlcnZpY2VzKTE1MDMGA1UEAwwsTmV0TG9jayBBcmFueSAoQ2xh
-c3MgR29sZCkgRsWRdGFuw7pzw610dsOhbnkwHhcNMDgxMjExMTUwODIxWhcN
-MjgxMjA2MTUwODIxWjCBpzELMAkGA1UEBhMCSFUxETAPBgNVBAcMCEJ1ZGFw
-ZXN0MRUwEwYDVQQKDAxOZXRMb2NrIEtmdC4xNzA1BgNVBAsMLlRhbsO6c8Ot
-dHbDoW55a2lhZMOzayAoQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcykxNTAzBgNV
-BAMMLE5ldExvY2sgQXJhbnkgKENsYXNzIEdvbGQpIEbFkXRhbsO6c8OtdHbD
-oW55MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxCRec75LbRTD
-ofTjl5Bu0jBFHjzuZ9lk4BqKf8owyoPjIMHj9DrTlF8afFttvzBPhCf2nx9J
-vMaZCpDyD/V/Q4Q3Y1GLeqVw/HpYzY6b7cNGbIRwXdrzAZAj/E4wqX7hJ2Pn
-7WQ8oLjJM2P+FpD/sLj916jAwJRDC7bVWaaeVtAkH3B5r9s5VA1lddkVQZQB
-r17s9o3x/61k/iCa11zr/qYfCGSji3ZVrR47KGAuhyXoqq8fxmRGILdwfzze
-SNuWU7c5d+Qa4scWhHaXWy+7GRWF+GmF9ZmnqfI0p6m2pgP8b4Y9VHx2BJtr
-+UBdADTHLpl1neWIA6pN+APSQnbAGwIDAKiLo0UwQzASBgNVHRMBAf8ECDAG
-AQH/AgEEMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUzPpnk/C2uNClwB7z
-U/2MU9+D15YwDQYJKoZIhvcNAQELBQADggEBAKt/7hwWqZw8UQCgwBEIBaeZ
-5m8BiFRhbvG5GK1Krf6BQCOUL/t1fC8oS2IkgYIL9WHxHG64YTjrgfpioTta
-YtOUZcTh5m2C+C8lcLIhJsFyUR+MLMOEkMNaj7rP9KdlpeuY0fsFskZ1FSNq
-b4VjMIDw1Z4fKRzCbLBQWV2QWzuoDTDPv31/zvGdg73JRm4gpvlhUbohL3u+
-pRVjodSVh/GeufOJ8z2FuLjbvrW5KfnaNwUASZQDhETnv0Mxz3WLJdH0pmT1
-kvarBes96aULNmLazAZfNou2XjG4Kvte9nHfRCaexOYNkbQudZWAUWpLMKaw
-YqGT8ZvYzsRjdT9ZR7E=
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/NetLock_Business_=Class_B=_Root.crt b/cert-validity/mozilla/builtin-certs/NetLock_Business_=Class_B=_Root.crt
deleted file mode 100644
index bb6f28a18643..000000000000
--- a/cert-validity/mozilla/builtin-certs/NetLock_Business_=Class_B=_Root.crt
+++ /dev/null
@@ -1,33 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFSzCCBLSgAwIBAgIBaTANBgkqhkiG9w0BAQQFADCBmTELMAkGA1UEBhMC
-SFUxETAPBgNVBAcTCEJ1ZGFwZXN0MScwJQYDVQQKEx5OZXRMb2NrIEhhbG96
-YXRiaXp0b25zYWdpIEtmdC4xGjAYBgNVBAsTEVRhbnVzaXR2YW55a2lhZG9r
-MTIwMAYDVQQDEylOZXRMb2NrIFV6bGV0aSAoQ2xhc3MgQikgVGFudXNpdHZh
-bnlraWFkbzAeFw05OTAyMjUxNDEwMjJaFw0xOTAyMjAxNDEwMjJaMIGZMQsw
-CQYDVQQGEwJIVTERMA8GA1UEBxMIQnVkYXBlc3QxJzAlBgNVBAoTHk5ldExv
-Y2sgSGFsb3phdGJpenRvbnNhZ2kgS2Z0LjEaMBgGA1UECxMRVGFudXNpdHZh
-bnlraWFkb2sxMjAwBgNVBAMTKU5ldExvY2sgVXpsZXRpIChDbGFzcyBCKSBU
-YW51c2l0dmFueWtpYWRvMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCx
-6gTsIKAjwo84YM/HRrPVG/77uZmeBNwcf4xKgZjupNTKihe5In+DCnVMm8Bp
-2GQ5o+2So/1bXHQawEfKOml2mrriRBf8TKPV/riXiK+IA4kfpPIEPsgHC+b5
-sy96YhQJRhTKZPWLgLViqNhr1nGTLbO/CVRY7QbrqHvcQ7GhaQIDAQABo4IC
-nzCCApswEgYDVR0TAQH/BAgwBgEB/wIBBDAOBgNVHQ8BAf8EBAMCAAYwEQYJ
-YIZIAYb4QgEBBAQDAgAHMIICYAYJYIZIAYb4QgENBIICURaCAk1GSUdZRUxF
-TSEgRXplbiB0YW51c2l0dmFueSBhIE5ldExvY2sgS2Z0LiBBbHRhbGFub3Mg
-U3pvbGdhbHRhdGFzaSBGZWx0ZXRlbGVpYmVuIGxlaXJ0IGVsamFyYXNvayBh
-bGFwamFuIGtlc3p1bHQuIEEgaGl0ZWxlc2l0ZXMgZm9seWFtYXRhdCBhIE5l
-dExvY2sgS2Z0LiB0ZXJtZWtmZWxlbG9zc2VnLWJpenRvc2l0YXNhIHZlZGku
-IEEgZGlnaXRhbGlzIGFsYWlyYXMgZWxmb2dhZGFzYW5hayBmZWx0ZXRlbGUg
-YXogZWxvaXJ0IGVsbGVub3J6ZXNpIGVsamFyYXMgbWVndGV0ZWxlLiBBeiBl
-bGphcmFzIGxlaXJhc2EgbWVndGFsYWxoYXRvIGEgTmV0TG9jayBLZnQuIElu
-dGVybmV0IGhvbmxhcGphbiBhIGh0dHBzOi8vd3d3Lm5ldGxvY2submV0L2Rv
-Y3MgY2ltZW4gdmFneSBrZXJoZXRvIGF6IGVsbGVub3J6ZXNAbmV0bG9jay5u
-ZXQgZS1tYWlsIGNpbWVuLiBJTVBPUlRBTlQhIFRoZSBpc3N1YW5jZSBhbmQg
-dGhlIHVzZSBvZiB0aGlzIGNlcnRpZmljYXRlIGlzIHN1YmplY3QgdG8gdGhl
-IE5ldExvY2sgQ1BTIGF2YWlsYWJsZSBhdCBodHRwczovL3d3dy5uZXRsb2Nr
-Lm5ldC9kb2NzIG9yIGJ5IGUtbWFpbCBhdCBjcHNAbmV0bG9jay5uZXQuMA0G
-CSqGSIb3DQEBBAUAA4GBAATbrowXr/gOkDFOzT4JwG06sPgzTEdM43WIEJes
-sDgVkcYplswhwG08pXTP2IKlOcNl40JwuyKQ433bNXbhoLXan3BukxowOR0w
-2y7jfLKRstE3Kfq51hdcR0/jHTjrn9V7lagonhVK0dHQKwCXoOKSNitjrFgB
-azMpUIaD8QFI
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/NetLock_Express_=Class_C=_Root.crt b/cert-validity/mozilla/builtin-certs/NetLock_Express_=Class_C=_Root.crt
deleted file mode 100644
index 2efa72de0a83..000000000000
--- a/cert-validity/mozilla/builtin-certs/NetLock_Express_=Class_C=_Root.crt
+++ /dev/null
@@ -1,33 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFTzCCBLigAwIBAgIBaDANBgkqhkiG9w0BAQQFADCBmzELMAkGA1UEBhMC
-SFUxETAPBgNVBAcTCEJ1ZGFwZXN0MScwJQYDVQQKEx5OZXRMb2NrIEhhbG96
-YXRiaXp0b25zYWdpIEtmdC4xGjAYBgNVBAsTEVRhbnVzaXR2YW55a2lhZG9r
-MTQwMgYDVQQDEytOZXRMb2NrIEV4cHJlc3N6IChDbGFzcyBDKSBUYW51c2l0
-dmFueWtpYWRvMB4XDTk5MDIyNTE0MDgxMVoXDTE5MDIyMDE0MDgxMVowgZsx
-CzAJBgNVBAYTAkhVMREwDwYDVQQHEwhCdWRhcGVzdDEnMCUGA1UEChMeTmV0
-TG9jayBIYWxvemF0Yml6dG9uc2FnaSBLZnQuMRowGAYDVQQLExFUYW51c2l0
-dmFueWtpYWRvazE0MDIGA1UEAxMrTmV0TG9jayBFeHByZXNzeiAoQ2xhc3Mg
-QykgVGFudXNpdHZhbnlraWFkbzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
-gYEA6+ywbGGKIyWvYCDj2Z/8kwvbXY2wobNAOoLO/XXgeDIDhlqGlZHtU/qd
-QPzm6N3ZW3oDvV3zOwzDUXmbrVWg6dADEK8KuhRC2VImESLH0iDMgqSaqf64
-gXadarfSNnU+sYYJ9m5tfk63euyucYT2BDMIJTLrdKwWRMbkQJMdf60CAwEA
-AaOCAp8wggKbMBIGA1UdEwEB/wQIMAYBAf8CAQQwDgYDVR0PAQH/BAQDAgAG
-MBEGCWCGSAGG+EIBAQQEAwIABzCCAmAGCWCGSAGG+EIBDQSCAlEWggJNRklH
-WUVMRU0hIEV6ZW4gdGFudXNpdHZhbnkgYSBOZXRMb2NrIEtmdC4gQWx0YWxh
-bm9zIFN6b2xnYWx0YXRhc2kgRmVsdGV0ZWxlaWJlbiBsZWlydCBlbGphcmFz
-b2sgYWxhcGphbiBrZXN6dWx0LiBBIGhpdGVsZXNpdGVzIGZvbHlhbWF0YXQg
-YSBOZXRMb2NrIEtmdC4gdGVybWVrZmVsZWxvc3NlZy1iaXp0b3NpdGFzYSB2
-ZWRpLiBBIGRpZ2l0YWxpcyBhbGFpcmFzIGVsZm9nYWRhc2FuYWsgZmVsdGV0
-ZWxlIGF6IGVsb2lydCBlbGxlbm9yemVzaSBlbGphcmFzIG1lZ3RldGVsZS4g
-QXogZWxqYXJhcyBsZWlyYXNhIG1lZ3RhbGFsaGF0byBhIE5ldExvY2sgS2Z0
-LiBJbnRlcm5ldCBob25sYXBqYW4gYSBodHRwczovL3d3dy5uZXRsb2NrLm5l
-dC9kb2NzIGNpbWVuIHZhZ3kga2VyaGV0byBheiBlbGxlbm9yemVzQG5ldGxv
-Y2submV0IGUtbWFpbCBjaW1lbi4gSU1QT1JUQU5UISBUaGUgaXNzdWFuY2Ug
-YW5kIHRoZSB1c2Ugb2YgdGhpcyBjZXJ0aWZpY2F0ZSBpcyBzdWJqZWN0IHRv
-IHRoZSBOZXRMb2NrIENQUyBhdmFpbGFibGUgYXQgaHR0cHM6Ly93d3cubmV0
-bG9jay5uZXQvZG9jcyBvciBieSBlLW1haWwgYXQgY3BzQG5ldGxvY2submV0
-LjANBgkqhkiG9w0BAQQFAAOBgQAQrX/XDDKACtiG8XmYta3UzbM2xJZIwVzN
-mtkFLp++UOv0JhQQLdRmF/iewSf98e3ke0ugbLWrmldwpu2gpO0u9f38vf5N
-NwgMvOOWgyL1SRt/Syu0VMGAfJlOHdCM7tCs5ZL6dVb+ZKATj7i4Fp1hBWeA
-yNDYpQcCNJgEjTME1A==
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/NetLock_Notary_=Class_A=_Root.crt b/cert-validity/mozilla/builtin-certs/NetLock_Notary_=Class_A=_Root.crt
deleted file mode 100644
index 7eb90817756d..000000000000
--- a/cert-validity/mozilla/builtin-certs/NetLock_Notary_=Class_A=_Root.crt
+++ /dev/null
@@ -1,39 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIGfTCCBWWgAwIBAgICAQMwDQYJKoZIhvcNAQEEBQAwga8xCzAJBgNVBAYT
-AkhVMRAwDgYDVQQIEwdIdW5nYXJ5MREwDwYDVQQHEwhCdWRhcGVzdDEnMCUG
-A1UEChMeTmV0TG9jayBIYWxvemF0Yml6dG9uc2FnaSBLZnQuMRowGAYDVQQL
-ExFUYW51c2l0dmFueWtpYWRvazE2MDQGA1UEAxMtTmV0TG9jayBLb3pqZWd5
-em9pIChDbGFzcyBBKSBUYW51c2l0dmFueWtpYWRvMB4XDTk5MDIyNDIzMTQ0
-N1oXDTE5MDIxOTIzMTQ0N1owga8xCzAJBgNVBAYTAkhVMRAwDgYDVQQIEwdI
-dW5nYXJ5MREwDwYDVQQHEwhCdWRhcGVzdDEnMCUGA1UEChMeTmV0TG9jayBI
-YWxvemF0Yml6dG9uc2FnaSBLZnQuMRowGAYDVQQLExFUYW51c2l0dmFueWtp
-YWRvazE2MDQGA1UEAxMtTmV0TG9jayBLb3pqZWd5em9pIChDbGFzcyBBKSBU
-YW51c2l0dmFueWtpYWRvMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
-AQEAvHSMD7tM9DceqQWC2ObhbHDqeLVu0ThEDaiDzl3S1tWBxdRL51uUcCbb
-O51qTGL3cfNk1mE7PetzozfZz+qMkjvN9wfcZnSX9EUi3fRc4L9t875lM+QV
-Or/bmJBVOMTtplVjC7B4BPTjbsE/jvxReB+SnoPC/tmwqcm8WgD/qaiYdPv2
-LD4VOQ22BFWoDpggQrOxJa1+mm9dU7GrDPzr4PN6s6iz/0b2Y6LYOph7tqyF
-/7AlT3Rj5xMHpQqPBffAZG9+pyeAlt7ULoZgx2srXnN7F+eRP2QM2EsiNCub
-MvJIH5+hCoR64sKtlz2O1cH5VqNQ6ca0+pii7pXmKgOM3wIDAQABo4ICnzCC
-ApswDgYDVR0PAQH/BAQDAgAGMBIGA1UdEwEB/wQIMAYBAf8CAQQwEQYJYIZI
-AYb4QgEBBAQDAgAHMIICYAYJYIZIAYb4QgENBIICURaCAk1GSUdZRUxFTSEg
-RXplbiB0YW51c2l0dmFueSBhIE5ldExvY2sgS2Z0LiBBbHRhbGFub3MgU3pv
-bGdhbHRhdGFzaSBGZWx0ZXRlbGVpYmVuIGxlaXJ0IGVsamFyYXNvayBhbGFw
-amFuIGtlc3p1bHQuIEEgaGl0ZWxlc2l0ZXMgZm9seWFtYXRhdCBhIE5ldExv
-Y2sgS2Z0LiB0ZXJtZWtmZWxlbG9zc2VnLWJpenRvc2l0YXNhIHZlZGkuIEEg
-ZGlnaXRhbGlzIGFsYWlyYXMgZWxmb2dhZGFzYW5hayBmZWx0ZXRlbGUgYXog
-ZWxvaXJ0IGVsbGVub3J6ZXNpIGVsamFyYXMgbWVndGV0ZWxlLiBBeiBlbGph
-cmFzIGxlaXJhc2EgbWVndGFsYWxoYXRvIGEgTmV0TG9jayBLZnQuIEludGVy
-bmV0IGhvbmxhcGphbiBhIGh0dHBzOi8vd3d3Lm5ldGxvY2submV0L2RvY3Mg
-Y2ltZW4gdmFneSBrZXJoZXRvIGF6IGVsbGVub3J6ZXNAbmV0bG9jay5uZXQg
-ZS1tYWlsIGNpbWVuLiBJTVBPUlRBTlQhIFRoZSBpc3N1YW5jZSBhbmQgdGhl
-IHVzZSBvZiB0aGlzIGNlcnRpZmljYXRlIGlzIHN1YmplY3QgdG8gdGhlIE5l
-dExvY2sgQ1BTIGF2YWlsYWJsZSBhdCBodHRwczovL3d3dy5uZXRsb2NrLm5l
-dC9kb2NzIG9yIGJ5IGUtbWFpbCBhdCBjcHNAbmV0bG9jay5uZXQuMA0GCSqG
-SIb3DQEBBAUAA4IBAQBIJEb3ulZv+sgoA0BO5TE5ayZrU3/b39/zcT0mwBQO
-xmd7I6gMc90Bu8bKbjc5VdXHjFYgDigKDtIqpLBJUsY4B/6+CgmM0ZjPytoU
-MaFP0jn8DxEsQ8Pdq5PHVT5HfBgaANzze9jyf1JsIPQLX2lS9O74silg6+NJ
-MSEN1rUQQeJBCWziGppWS3cC9qCbmieH6FUpccKQn0V4GuEVZD3QDtigdp+u
-xdAu6tYPVuxkf1qbFFgBJ34TUMdrKuZoPL9coAob4Q566eKAw+np9v1sEZ7Q
-5SgnK1QyQhSCdeZK8CtmdWOMovsEPoMOmzbwGOQmIMOM8CgHrTwXZoi1/baI
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/NetLock_Qualified_=Class_QA=_Root.crt b/cert-validity/mozilla/builtin-certs/NetLock_Qualified_=Class_QA=_Root.crt
deleted file mode 100644
index 01e194e0ab89..000000000000
--- a/cert-validity/mozilla/builtin-certs/NetLock_Qualified_=Class_QA=_Root.crt
+++ /dev/null
@@ -1,41 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIG0TCCBbmgAwIBAgIBezANBgkqhkiG9w0BAQUFADCByTELMAkGA1UEBhMC
-SFUxETAPBgNVBAcTCEJ1ZGFwZXN0MScwJQYDVQQKEx5OZXRMb2NrIEhhbG96
-YXRiaXp0b25zYWdpIEtmdC4xGjAYBgNVBAsTEVRhbnVzaXR2YW55a2lhZG9r
-MUIwQAYDVQQDEzlOZXRMb2NrIE1pbm9zaXRldHQgS296amVneXpvaSAoQ2xh
-c3MgUUEpIFRhbnVzaXR2YW55a2lhZG8xHjAcBgkqhkiG9w0BCQEWD2luZm9A
-bmV0bG9jay5odTAeFw0wMzAzMzAwMTQ3MTFaFw0yMjEyMTUwMTQ3MTFaMIHJ
-MQswCQYDVQQGEwJIVTERMA8GA1UEBxMIQnVkYXBlc3QxJzAlBgNVBAoTHk5l
-dExvY2sgSGFsb3phdGJpenRvbnNhZ2kgS2Z0LjEaMBgGA1UECxMRVGFudXNp
-dHZhbnlraWFkb2sxQjBABgNVBAMTOU5ldExvY2sgTWlub3NpdGV0dCBLb3pq
-ZWd5em9pIChDbGFzcyBRQSkgVGFudXNpdHZhbnlraWFkbzEeMBwGCSqGSIb3
-DQEJARYPaW5mb0BuZXRsb2NrLmh1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
-MIIBCgKCAQEAx1Ilstg91IRVCacbvWy5FPSKAtt2/GoqeKvld/Bu4IwjZ9ul
-ZJm53QE+b+8tmjwi8F3JV6BVQX/yQ15YglMxZc4e8ia6AFQer7C8HORSjKAy
-r7c3sVNnaHRnUPYtLmTeriZ539+Zhqurf4XsoPuAzPS4DB6TRWO53Lhbm+1b
-OdRfYrCnjnxmOCyqsQhjF2d9zL2z8cM/z1A57dEZgxXbhxInlrfa6uWdvLrq
-OU+L73Sa58XQ0uqGURzk/mQIKAR5BevKxXEOC++r6uwSEaEYBTJp0QwsGj0l
-mT+1fMptsK6ZmfoIYOcZwvK9UdPM0wKswREMgM6r3JSda6M5UzrWhQIDAMV9
-o4ICwDCCArwwEgYDVR0TAQH/BAgwBgEB/wIBBDAOBgNVHQ8BAf8EBAMCAQYw
-ggJ1BglghkgBhvhCAQ0EggJmFoICYkZJR1lFTEVNISBFemVuIHRhbnVzaXR2
-YW55IGEgTmV0TG9jayBLZnQuIE1pbm9zaXRldHQgU3pvbGdhbHRhdGFzaSBT
-emFiYWx5emF0YWJhbiBsZWlydCBlbGphcmFzb2sgYWxhcGphbiBrZXN6dWx0
-LiBBIG1pbm9zaXRldHQgZWxla3Ryb25pa3VzIGFsYWlyYXMgam9naGF0YXMg
-ZXJ2ZW55ZXN1bGVzZW5laywgdmFsYW1pbnQgZWxmb2dhZGFzYW5hayBmZWx0
-ZXRlbGUgYSBNaW5vc2l0ZXR0IFN6b2xnYWx0YXRhc2kgU3phYmFseXphdGJh
-biwgYXogQWx0YWxhbm9zIFN6ZXJ6b2Rlc2kgRmVsdGV0ZWxla2JlbiBlbG9p
-cnQgZWxsZW5vcnplc2kgZWxqYXJhcyBtZWd0ZXRlbGUuIEEgZG9rdW1lbnR1
-bW9rIG1lZ3RhbGFsaGF0b2sgYSBodHRwczovL3d3dy5uZXRsb2NrLmh1L2Rv
-Y3MvIGNpbWVuIHZhZ3kga2VyaGV0b2sgYXogaW5mb0BuZXRsb2NrLm5ldCBl
-LW1haWwgY2ltZW4uIFdBUk5JTkchIFRoZSBpc3N1YW5jZSBhbmQgdGhlIHVz
-ZSBvZiB0aGlzIGNlcnRpZmljYXRlIGFyZSBzdWJqZWN0IHRvIHRoZSBOZXRM
-b2NrIFF1YWxpZmllZCBDUFMgYXZhaWxhYmxlIGF0IGh0dHBzOi8vd3d3Lm5l
-dGxvY2suaHUvZG9jcy8gb3IgYnkgZS1tYWlsIGF0IGluZm9AbmV0bG9jay5u
-ZXQwHQYDVR0OBBYEFAlqYhaSsFq7VQ7LdTI6MuWyIckoMA0GCSqGSIb3DQEB
-BQUAA4IBAQCRalCc23iBmz+LQuM7/KbD7kPgz/PigDVJRXYC4uMvBcXxKufA
-QTPGtpvQMznNwNuhrWw3AkxYQTvyl5LGSKjN5Yo5iWH5Upfpvfb5lHTocQ68
-d4bDBsxafEp+NFAwLvt/MpqNPfMgW/hqyobzMUwsWYACff44yTB1HLdV47yf
-uqhthCgFdbOLDcCRVCHnpgu0mfVRQdzNo0ci2ccBgcTcR08m6h/t280NmPSj
-nLRzMkqWmf68f8glWPhY83ZmiVSkpj7EUFy6iRiCdUgh0k8T6GB+B3bbELVR
-5qq5aKrN9p2QdRLqOBrKROi3macqaJVmlaut74nLYKkGEsaUR+ko
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/Network_Solutions_Certificate_Authority.crt b/cert-validity/mozilla/builtin-certs/Network_Solutions_Certificate_Authority.crt
deleted file mode 100644
index 8d4f6fb16bc2..000000000000
--- a/cert-validity/mozilla/builtin-certs/Network_Solutions_Certificate_Authority.crt
+++ /dev/null
@@ -1,25 +0,0 @@
------BEGIN CERTIFICATE-----
-MIID5jCCAs6gAwIBAgIQV8szb8JcFuZHFhfjkDFo4DANBgkqhkiG9w0BAQUF
-ADBiMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYTmV0d29yayBTb2x1dGlvbnMg
-TC5MLkMuMTAwLgYDVQQDEydOZXR3b3JrIFNvbHV0aW9ucyBDZXJ0aWZpY2F0
-ZSBBdXRob3JpdHkwHhcNMDYxMjAxMDAwMDAwWhcNMjkxMjMxMjM1OTU5WjBi
-MQswCQYDVQQGEwJVUzEhMB8GA1UEChMYTmV0d29yayBTb2x1dGlvbnMgTC5M
-LkMuMTAwLgYDVQQDEydOZXR3b3JrIFNvbHV0aW9ucyBDZXJ0aWZpY2F0ZSBB
-dXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkvH6S
-MG3G2I4rC7xGzuAnlt7e+foS0zwzc7MEL7xxjOWftiJgPl9dzgn/ggwbmlFQ
-GiaJ3dVhXRncEg8tCqJDXRfQNJIg6nPPOCwGJgl6cvf6UDL4wpPTaaIjzkGx
-zOTVHzbRijr4jGPiFFlp7Q3Tf2vouAPlT2rlmGNpSAW+Lv8ztumXWWn4Zxmu
-k2GWRBXTcrA/vGp97Eh/jcOrqnErU2lBUzS1sLnFBgrEsEX1QV1uiUV7PTsm
-jHTC5dLRfbIR1PtYMiKagMnc/Qzpf14Dl847ABSHJ3A4qY5usyd2mFHgBeMh
-qxrVhSI8KbWaFsWAqPS7azCPL0YCorEMIuDTAgMBAAGjgZcwgZQwHQYDVR0O
-BBYEFCEwyfsA106Y2oeqKtCnLrFAMadMMA4GA1UdDwEB/wQEAwIBBjAPBgNV
-HRMBAf8EBTADAQH/MFIGA1UdHwRLMEkwR6BFoEOGQWh0dHA6Ly9jcmwubmV0
-c29sc3NsLmNvbS9OZXR3b3JrU29sdXRpb25zQ2VydGlmaWNhdGVBdXRob3Jp
-dHkuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQC7rkvnt1frf6ott3NHhWrB5KUd
-5Oc86fRZZXe1eltajSU24HqXLjjAV2CDmAaDn7l2em5Q4LqILPxFzBiwmZVR
-DuwduIj/h1AcgsLj4DKAv6ALR8jDMe+ZZzKATxcheQxpXN5eNK4CtSbqUN9/
-GGUsyfJj4akH/nxxH2szJGoeBfcFaMBqEssuXmHLrijTfsK0ZpEmXzwuJF/L
-WA/rKOyvEZbz3HtvwKeI8lN3s2Berq4o2jUsbzRF0ybh3uxbTydrFny9RAQY
-grOJeRcQcT16ohZO9QHNpGxlaKFJdlxDydi8NmdspZS11My5vWo1ViHe2MPr
-+8ukYEywVaCge1ey
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/OISTE_WISeKey_Global_Root_GA_CA.crt b/cert-validity/mozilla/builtin-certs/OISTE_WISeKey_Global_Root_GA_CA.crt
deleted file mode 100644
index 9ddb31ea97ef..000000000000
--- a/cert-validity/mozilla/builtin-certs/OISTE_WISeKey_Global_Root_GA_CA.crt
+++ /dev/null
@@ -1,25 +0,0 @@
------BEGIN CERTIFICATE-----
-MIID8TCCAtmgAwIBAgIQQT1yx/RrH4FDffHSKFTfmjANBgkqhkiG9w0BAQUF
-ADCBijELMAkGA1UEBhMCQ0gxEDAOBgNVBAoTB1dJU2VLZXkxGzAZBgNVBAsT
-EkNvcHlyaWdodCAoYykgMjAwNTEiMCAGA1UECxMZT0lTVEUgRm91bmRhdGlv
-biBFbmRvcnNlZDEoMCYGA1UEAxMfT0lTVEUgV0lTZUtleSBHbG9iYWwgUm9v
-dCBHQSBDQTAeFw0wNTEyMTExNjAzNDRaFw0zNzEyMTExNjA5NTFaMIGKMQsw
-CQYDVQQGEwJDSDEQMA4GA1UEChMHV0lTZUtleTEbMBkGA1UECxMSQ29weXJp
-Z2h0IChjKSAyMDA1MSIwIAYDVQQLExlPSVNURSBGb3VuZGF0aW9uIEVuZG9y
-c2VkMSgwJgYDVQQDEx9PSVNURSBXSVNlS2V5IEdsb2JhbCBSb290IEdBIENB
-MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy0+zAJs9Nt350Ulq
-axBJH+zYK7LG+DKBKUOVTJoZIyEVRd7jyBxRVVuuk+g3/ytr6dTqvirdqFEr
-12bDYVxgAsj1znJ7O7jyTmUIms2kahnBAbtzptf2w93NvKSLtZlhuAGio9RN
-1AU9ka34tAhxZK9w8RxrfvbDd50kc3vkDIzh2TbhmYsFmQvtRTEJysIA2/dy
-oJaqlYfQjse2YXMNdmaM3Bu0Y6Kff5MTMPGhJ9vZ/yxViJGg4E8HsChWjBgb
-l0SOid3gF27nKu+POQoxhILYQBRJLnpB5Kf+42TMwVlxSywhp1t94B3RLoGb
-w9ho972WG6xwsRYUC9tguSYBBQIDAQABo1EwTzALBgNVHQ8EBAMCAYYwDwYD
-VR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUswN+rja8sHnR3JQmthG+IbJphpQw
-EAYJKwYBBAGCNxUBBAMCAQAwDQYJKoZIhvcNAQEFBQADggEBAEuh/wuHbrP5
-wUOxSPMowB0uyQlB+pQAHKSkq0lPjz0e701vvbyk9vImMMkQyh2I+3QZH4VF
-vbBsUfk2ftv1TDI6QU9bR8/oCy22xBmddMVHxjtqD6wU2zz0c5ypBd8A3HR4
-+vg1YFkCExh8vPtNsCBtQ7tgMHpnM1zFmdH4LTlSc/uMqpclXHLZCB6rTjzj
-gTGfA6b7wP4piFXahNVQA7bihKOmNqoROgHhGEvWRGizPflTdISzRpFGlgC3
-gCy24eMQ4tui5yiPAZZiFj4A4xylNoEYokxSdsARo27mHbrjWr42U8U+dY+G
-aSlYU7Wcu2+fXMUY7N0v4ZjJ/L7fCg0=
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/QuoVadis_Root_CA.crt b/cert-validity/mozilla/builtin-certs/QuoVadis_Root_CA.crt
deleted file mode 100644
index 3d6171cfebe3..000000000000
--- a/cert-validity/mozilla/builtin-certs/QuoVadis_Root_CA.crt
+++ /dev/null
@@ -1,36 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIF0DCCBLigAwIBAgIEOrZQizANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQG
-EwJCTTEZMBcGA1UEChMQUXVvVmFkaXMgTGltaXRlZDElMCMGA1UECxMcUm9v
-dCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEuMCwGA1UEAxMlUXVvVmFkaXMg
-Um9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wMTAzMTkxODMzMzNa
-Fw0yMTAzMTcxODMzMzNaMH8xCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9W
-YWRpcyBMaW1pdGVkMSUwIwYDVQQLExxSb290IENlcnRpZmljYXRpb24gQXV0
-aG9yaXR5MS4wLAYDVQQDEyVRdW9WYWRpcyBSb290IENlcnRpZmljYXRpb24g
-QXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2G1
-lVO6V/z68mcLOhrfEYBklbTRvM16z/Ypli4kVEAkOPcahdxYTMukJ0KX0J+D
-isPkBgNbAKVRHnAEdOLB1Dqr1607BxgFjv2DrOpm2RgbaIr1VxqYuvXtdj18
-2d6UajtLF8HVj71lODqV0D1VNk7feVcxKh7YWWVJWCCYfqtffp/p1k3sg3Sp
-x2zY7ilKhSoGFPlU5tPaZQeLYzcS19Dsw3sgQUSj7cugF+FxZc4dZjH3dgEZ
-yH0DWLaVSR2mEiboxgx24ONmy+pdpibu5cxfvWenAScOospUxbF6lR1xHkop
-igPcakXBpBlebzbNw6Kwt/5cOOJSvPhEQ+aQuwIDAQABo4ICUjCCAk4wPQYI
-KwYBBQUHAQEEMTAvMC0GCCsGAQUFBzABhiFodHRwczovL29jc3AucXVvdmFk
-aXNvZmZzaG9yZS5jb20wDwYDVR0TAQH/BAUwAwEB/zCCARoGA1UdIASCAREw
-ggENMIIBCQYJKwYBBAG+WAABMIH7MIHUBggrBgEFBQcCAjCBxxqBxFJlbGlh
-bmNlIG9uIHRoZSBRdW9WYWRpcyBSb290IENlcnRpZmljYXRlIGJ5IGFueSBw
-YXJ0eSBhc3N1bWVzIGFjY2VwdGFuY2Ugb2YgdGhlIHRoZW4gYXBwbGljYWJs
-ZSBzdGFuZGFyZCB0ZXJtcyBhbmQgY29uZGl0aW9ucyBvZiB1c2UsIGNlcnRp
-ZmljYXRpb24gcHJhY3RpY2VzLCBhbmQgdGhlIFF1b1ZhZGlzIENlcnRpZmlj
-YXRlIFBvbGljeS4wIgYIKwYBBQUHAgEWFmh0dHA6Ly93d3cucXVvdmFkaXMu
-Ym0wHQYDVR0OBBYEFItLbe3TKbkGGew5Oanwl4Rqy+/fMIGuBgNVHSMEgaYw
-gaOAFItLbe3TKbkGGew5Oanwl4Rqy+/foYGEpIGBMH8xCzAJBgNVBAYTAkJN
-MRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMSUwIwYDVQQLExxSb290IENl
-cnRpZmljYXRpb24gQXV0aG9yaXR5MS4wLAYDVQQDEyVRdW9WYWRpcyBSb290
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggQ6tlCLMA4GA1UdDwEB/wQEAwIB
-BjANBgkqhkiG9w0BAQUFAAOCAQEAitQUtf70mpKnGdSkfnIYj9lofFIk3Wdv
-OXrEql494liwTXCYhGHoG+NpGA7O+0dQoE7/8CQfvbLO9Sf87C9TqnN7Az10
-buYWnuulLsS/VidQK2K6vkscPFVcQR0kvoIgR13VRH56FmjffU1RcHhXHTMe
-/QKZnAzNCgVPx7uOpHX6Sm2xgI4JVrmcGmD+XcHXetwReNDWXcG31a0ymQM6
-isxUJTkxgXsTIlG6Rmyhu576BGxJJnSP0nPrzDCi5upZIof4l/UO/erMkqQW
-xFIY6iHOsfHmhIHluqmGKPJDWl0Snawe2ajlCmqnf6CHKc/yiU3U7MXi5nrQ
-NiOKSnQ2+Q==
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/QuoVadis_Root_CA_2.crt b/cert-validity/mozilla/builtin-certs/QuoVadis_Root_CA_2.crt
deleted file mode 100644
index 8a7679142592..000000000000
--- a/cert-validity/mozilla/builtin-certs/QuoVadis_Root_CA_2.crt
+++ /dev/null
@@ -1,35 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFtzCCA5+gAwIBAgICBQkwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMC
-Qk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1Zh
-ZGlzIFJvb3QgQ0EgMjAeFw0wNjExMjQxODI3MDBaFw0zMTExMjQxODIzMzNa
-MEUxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMRsw
-GQYDVQQDExJRdW9WYWRpcyBSb290IENBIDIwggIiMA0GCSqGSIb3DQEBAQUA
-A4ICDwAwggIKAoICAQCaGMpLlA0ALa8DKYrwD4HIrkwZhR0In6spRIXzL4Gt
-Mh6QRr+jhiYaHv5+HBg6XJxgFyo6dIMzMH1hVBHL7avg5tKifvVrbxi3Cgst
-/ek+7wrGsxDp3MJGF/hd/aTa/55JWpzmM+Yklvc/ulsrHHo1wtZn/qtmUItt
-KGAr79dgw8eTvI02kfN/+NsRE8Scd3bBrrcCaoF6qUWD4gXmuVbBlDePSHFj
-IuwXZQeVikvfj8ZaCuWw419eaxGrDPmF60Tp+ARz8un+XJiM9XOva7R+zdRc
-AitMOeGylZUtQofX1bOQQ7dsE/He3fbE+Ik/0XX1ksOR1YqI0JDs3G3eicJl
-cZaLDQP9nL9bFqyS2+r+eXyt66/3FsvbzSUr5R/7mp/iUcw6UwxI5g69ybR2
-BlLmEROFcmMDBOAENisgGQLodKcftslWZvB1JdxnwQ5hYIizPtGo/KPaHbDR
-sSNU30R2be1B2MGyIrZTHN81Hdyhdyox5C315eXbyOD/5YDXC2Og/zOhD7os
-FRXql7PSorW+8oyWHhqPHWykYTe5hnMz15eWniN9gqRMgeKh0bpnX5UHoycR
-7hYQe7xFSkyyBNKr79X9DFHOUGoIMfmR2gyPZFwDwzqLID9ujWc9Otb+fVuI
-yV77zGHcizN300QyNQliBJIWENieJ0f7OyHj+OsdWwIDAQABo4GwMIGtMA8G
-A1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBQahGK8SEwz
-JQTU7tD2A8QZRtGUazBuBgNVHSMEZzBlgBQahGK8SEwzJQTU7tD2A8QZRtGU
-a6FJpEcwRTELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0
-ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJvb3QgQ0EgMoICBQkwDQYJKoZIhvcN
-AQEFBQADggIBAD4KFk2fBluornFdLwUvZ+YTRYPENvbzwCYMDbVHZF34tHLJ
-RqUDGCdViXh9duqWNIAXINzng/iN/Ae42l9NLmeyhP3ZRPx3UIHmfLTJDQty
-U/h2BwdBR5YM++CCJpNVjP4iH2BlfF/nJrP3MpCYUNQ3cVX2kiF495V5+vgt
-JodmVjB3pjd4M1IQWK4/YY7yarHvGH5KWWPKjaJW1acvvFYfzznB4vsKqBUs
-fU16Y8Zsl0Q80m/DShcK+JDSV6IZUaUtl0HaB0+pUNqQjZRG4T7wlP0QADj1
-O+hA4bRuVhogzG9Yje0uRY/W6ZM/57Es3zrWIozchLsib9D45MY56QSIPMO6
-61V6bYCZJPVsAfv4l7CUW+v90m/xd2gNNWQjrLhVoQPRTUIZ3Ph1WVaj+ahJ
-efivDrkRoHy3au000LYmYjgahwz46P0u05B/B5EqHdZ+XIWDmbA4CD/pXvk1
-B+TJYm5Xf6dQlfe6yJvmjqIBxdZmv3lh8zwc4bmCXF2gw+nYSL0ZohEUGW6y
-hhtoPkg3Goi3XZZenMfvJ2II4pEZXNLxId26F0KCl3GBUzGpn/Z9Yr9y4aOT
-HcyKJloJONDO1w2AFrR4pTqHTI2KpdVGl/IsELm8VCLAAVBpQ570su9t+Oza
-8eOx79+Rj1QqCyXBJhnEUhAFZdWCEOrCMc0u
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/QuoVadis_Root_CA_3.crt b/cert-validity/mozilla/builtin-certs/QuoVadis_Root_CA_3.crt
deleted file mode 100644
index 4efc0c193d76..000000000000
--- a/cert-validity/mozilla/builtin-certs/QuoVadis_Root_CA_3.crt
+++ /dev/null
@@ -1,40 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIGnTCCBIWgAwIBAgICBcYwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMC
-Qk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1Zh
-ZGlzIFJvb3QgQ0EgMzAeFw0wNjExMjQxOTExMjNaFw0zMTExMjQxOTA2NDRa
-MEUxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMRsw
-GQYDVQQDExJRdW9WYWRpcyBSb290IENBIDMwggIiMA0GCSqGSIb3DQEBAQUA
-A4ICDwAwggIKAoICAQDMV0IWVJzmmNPTTe7+7cefQzlKZbPoFog02w1ZkXTP
-krgEQK0CSzGrvI2RaNggDhoB4hp7Thdd4oq3P5kazethq8Jlph+3t723j/z9
-cI8LoGe+AaJZz3HmDyl2/7FWeUUrH556VOijKTVopAFPD6QuN+8bv+OPEKhy
-q1hX51SGyMnzW9os2l2ObjyjPtr7guXd8lyyBTNvijbO0BNO/79KDDRMpsMh
-vVAEVeuxu537RR5kFd5VAYwCdrXLoT9CabwvvWhDFlaJKjdhkf2mrk7AyxRl
-lDdLkgbvBNDInIjbC3uBr7E9KsRlOni27tyAsdLTmZw67mtaa7ONt9XOnMK+
-pUsvFrGeaDsGb659n/je7Mwpp5ijJUMv7/FfJuGITfhebtfZFG4ZM2mnO4SJ
-k8RTVROhUXhA+LjJou57ulJCg54U7QVSWllWp5f8nT8KKdjcT5EOE7zelaTf
-i5m+rJsziO+1ga8bxiJTyPbH7pcUsMV8eFLI8M5ud2CEpukqdiDtWAEXMJPp
-Govgc2PZapKUSU60rUqFxKMiMPwJ7Wgic6aIDFUhWMXhOp8q3crhkODZc6ts
-gLjoC2SToJyMGf+z0gzskSaHirOi4XCPLArlzW1oUevaPwV/izLmE1xr/l9A
-4iLItLRkT9a6fUg+qGkM17uGcclzuD87nSVL2v9A6wIDAQABo4IBlTCCAZEw
-DwYDVR0TAQH/BAUwAwEB/zCB4QYDVR0gBIHZMIHWMIHTBgkrBgEEAb5YAAMw
-gcUwgZMGCCsGAQUFBwICMIGGGoGDQW55IHVzZSBvZiB0aGlzIENlcnRpZmlj
-YXRlIGNvbnN0aXR1dGVzIGFjY2VwdGFuY2Ugb2YgdGhlIFF1b1ZhZGlzIFJv
-b3QgQ0EgMyBDZXJ0aWZpY2F0ZSBQb2xpY3kgLyBDZXJ0aWZpY2F0aW9uIFBy
-YWN0aWNlIFN0YXRlbWVudC4wLQYIKwYBBQUHAgEWIWh0dHA6Ly93d3cucXVv
-dmFkaXNnbG9iYWwuY29tL2NwczALBgNVHQ8EBAMCAQYwHQYDVR0OBBYEFPLA
-E+CCQz777i9nMpY1XNu4ywLQMG4GA1UdIwRnMGWAFPLAE+CCQz777i9nMpY1
-XNu4ywLQoUmkRzBFMQswCQYDVQQGEwJCTTEZMBcGA1UEChMQUXVvVmFkaXMg
-TGltaXRlZDEbMBkGA1UEAxMSUXVvVmFkaXMgUm9vdCBDQSAzggIFxjANBgkq
-hkiG9w0BAQUFAAOCAgEAT62gLEz6wPJv92ZVqyM07ucp2sNbtrCD2dDQ4iH7
-82CnO11gUyeim/YIIirnv6By5ZwkajGxkHon24QRiSemd1o417+shvzuXYO8
-BsbRd2sPbSQvS3pspweWyuOEn62Iix2rFo1bZhfZFvSLgNLd+LJ2w/w4E6oM
-3kJpK27zPOuAJ9v1pkQNn1pVWQvVDVJIxa6f8i+AxeoyUDUSly7B4f/xI4hR
-OJ/yZlZ25w9Rl6VSDE1JUZU2Pb+iSwwQHYaZTKrzchGT5Or2m9qoXadNt54C
-rnMAyNojA+j56hl0YgCUyyIgvpSnWbWCar6ZeXqp8kokUvd0/bpO5qgdAm6x
-DYBEwa7TIzdfu4V8K5Iu6H6li92Z4b8nby1dqnuH/grdS/yO9SbkbnBCbjPs
-MZ57k8HkyWkaPcBrTiJt7qtYTcbQQcEr6k8Sh17rRdhs9ZgC06DYVYoGmRmi
-oHfRMJ6szHXug/WwYjnPbFfiTNKRCw51KBuav/0aQ/HKd/s7j2G4aSgWQgRe
-cCocIdiP4b0jWy10QJLZYxkNc91pvGJHvOB0K7Lrfb5BG7XARsWhIstfTsEo
-kt4YutUqKLsRixeTmJlglFwjz1onl14LBQaTNx47aTbrqZ5hHY8y2o4M1nQ+
-ewkk2gF3R8Q7zTSMmfXK4SVhM7JZG+Ju1zdXtg2pEto=
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/RSA_Root_Certificate_1.crt b/cert-validity/mozilla/builtin-certs/RSA_Root_Certificate_1.crt
deleted file mode 100644
index f6cdfcd033a9..000000000000
--- a/cert-validity/mozilla/builtin-certs/RSA_Root_Certificate_1.crt
+++ /dev/null
@@ -1,19 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIC5zCCAlACAQEwDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcTG1ZhbGlD
-ZXJ0IFZhbGlkYXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIElu
-Yy4xNTAzBgNVBAsTLFZhbGlDZXJ0IENsYXNzIDMgUG9saWN5IFZhbGlkYXRp
-b24gQXV0aG9yaXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZhbGljZXJ0LmNv
-bS8xIDAeBgkqhkiG9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMB4XDTk5MDYy
-NjAwMjIzM1oXDTE5MDYyNjAwMjIzM1owgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0
-IFZhbGlkYXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4x
-NTAzBgNVBAsTLFZhbGlDZXJ0IENsYXNzIDMgUG9saWN5IFZhbGlkYXRpb24g
-QXV0aG9yaXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZhbGljZXJ0LmNvbS8x
-IDAeBgkqhkiG9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMIGfMA0GCSqGSIb3
-DQEBAQUAA4GNADCBiQKBgQDjmFGWHOjVsQaBalfDcnWTq8+epvzzFlLWLU2f
-NUSoLgRNB0mKOCn1dzfnt6td3zZxFJmP3MKS8edgkpfs2Ejcv8ECIMYkpChM
-MFp2bbFc893enhBxoYjHW5tBbcqwuI4V7q0zK89HBFx1cQqYJJgpp0lZpd34
-t0NiYfPT4tBVPwIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAFa7AliEZwgs3x/b
-e0kz9dNnnfS0ChCzycUs4pJqcXgn8nCDQtM+z6lU9PHYkhaM0QTLS6vJn0Wu
-PIqpsHEzXcjFV9+vqDWzf4mH6eglkrh/hXqu1rweN1gqZ8mRzyqBPu3GOd/A
-PhmcGcwTTYJBtYze4D1gCCAPRX5ron+jjBXu
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/RSA_Security_2048_v3.crt b/cert-validity/mozilla/builtin-certs/RSA_Security_2048_v3.crt
deleted file mode 100644
index 86c907eb9891..000000000000
--- a/cert-validity/mozilla/builtin-certs/RSA_Security_2048_v3.crt
+++ /dev/null
@@ -1,22 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDYTCCAkmgAwIBAgIQCgEBAQAAAnwAAAAKAAAAAjANBgkqhkiG9w0BAQUF
-ADA6MRkwFwYDVQQKExBSU0EgU2VjdXJpdHkgSW5jMR0wGwYDVQQLExRSU0Eg
-U2VjdXJpdHkgMjA0OCBWMzAeFw0wMTAyMjIyMDM5MjNaFw0yNjAyMjIyMDM5
-MjNaMDoxGTAXBgNVBAoTEFJTQSBTZWN1cml0eSBJbmMxHTAbBgNVBAsTFFJT
-QSBTZWN1cml0eSAyMDQ4IFYzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
-CgKCAQEAt49VcdKA3XtpeafwGFAyPGJn9gqVB93mG/Oe2dJBVGutn3y+Gc37
-RqtBaB4Y6lXIL5F4iSj7Jylg/9+PjDvJSZu1pJTOAeo+tWN7fyb9Gd3AIb2E
-0S1PRsNO3Ng3OTsor8udGuorryGlwSMiuLgbWhOHV4PR8CDn6E8jQrAApX2J
-6elhc5SYcSa8LWrg903w8bYqODGBDSnhAMFRD0xS+ARaqn1y07iHKrtjEAMq
-s6FPDVpeRrc9DvV07Jmf+T0kgYim3WBU6JU2PcYJk5qjEoAAVZkZR73QpXzD
-uvsf9/UP+Ky5tfQ3mBMY3oVbtwyCO4dvlTlYMNpuAWgXIszACwIDAQABo2Mw
-YTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAfBgNVHSMEGDAW
-gBQHw1EwpKrpRa41JPr/JCwz0LGdjDAdBgNVHQ4EFgQUB8NRMKSq6UWuNST6
-/yQsM9CxnYwwDQYJKoZIhvcNAQEFBQADggEBAF8+hnZuuDU8TjYcHnmYv/3V
-EhF5Ug7uMYm83X/50cYVIeiKAVQNOvtUudZj1LGqlk2iQk3UUx+LEN5/Zb5g
-EydxiKRz44Rj0aRV4VCT5hsOedBnvEbIvz8XDZXmxpBp3ue0L96VfdASPz0+
-f00/FGj1EVDVwfSQpQgdMWD/YIwjVAqv/qFuxdF6Kmh4zx6CCiC0H63lhbJq
-aHVOrSU3lIW+vaHU6rcMSzyd6BIA8F+sDeGscGNz9395nzIlQnQFgCi/vcEk
-llgVsRch6YlL2weIZ/QVrXA+L02FO8K32/6YaCOJ4XQP3vTFhGMpG8zLB8kA
-pKnXwiJPZ9d37CAFYd4=
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/S-TRUST_Authentication_and_Encryption_Root_CA_2005_PN.crt b/cert-validity/mozilla/builtin-certs/S-TRUST_Authentication_and_Encryption_Root_CA_2005_PN.crt
deleted file mode 100644
index 674287b3cca5..000000000000
--- a/cert-validity/mozilla/builtin-certs/S-TRUST_Authentication_and_Encryption_Root_CA_2005_PN.crt
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEezCCA2OgAwIBAgIQNxkY5lNUfBq1uMtZWts1tzANBgkqhkiG9w0BAQUF
-ADCBrjELMAkGA1UEBhMCREUxIDAeBgNVBAgTF0JhZGVuLVd1ZXJ0dGVtYmVy
-ZyAoQlcpMRIwEAYDVQQHEwlTdHV0dGdhcnQxKTAnBgNVBAoTIERldXRzY2hl
-ciBTcGFya2Fzc2VuIFZlcmxhZyBHbWJIMT4wPAYDVQQDEzVTLVRSVVNUIEF1
-dGhlbnRpY2F0aW9uIGFuZCBFbmNyeXB0aW9uIFJvb3QgQ0EgMjAwNTpQTjAe
-Fw0wNTA2MjIwMDAwMDBaFw0zMDA2MjEyMzU5NTlaMIGuMQswCQYDVQQGEwJE
-RTEgMB4GA1UECBMXQmFkZW4tV3VlcnR0ZW1iZXJnIChCVykxEjAQBgNVBAcT
-CVN0dXR0Z2FydDEpMCcGA1UEChMgRGV1dHNjaGVyIFNwYXJrYXNzZW4gVmVy
-bGFnIEdtYkgxPjA8BgNVBAMTNVMtVFJVU1QgQXV0aGVudGljYXRpb24gYW5k
-IEVuY3J5cHRpb24gUm9vdCBDQSAyMDA1OlBOMIIBIjANBgkqhkiG9w0BAQEF
-AAOCAQ8AMIIBCgKCAQEA2bVKwdMz6tNGs9HiTNL1toPQb9UY6ZOvJ44TzbUl
-NlA0EmQpoVXhOmCTnijJ4/Ob4QSwI7+Vio5bG0F/WsPoTUzVJBY+h0jUJ67m
-91MduwwA7z5hca2/OnpYH5Q9XIHV1W/fuJvS9eXLg3KSwlOyggLrra1fFi2S
-U3bxibYs9cEv4KdKb6AwajLrmnQDaHgTncovmwsdvs91DSaXm8f1XgqfeN+z
-vOyauu9VjxuapgdjKRdZYgkqeQd3peDRF2npW932kKvimAoA0SVtnteFhy+S
-8dF2g08LOlk3KC8zpxdQ1iALCvQm+Z845y2kuJuJja2tyWp9iRe79n+Ag3rm
-7QIDAQABo4GSMIGPMBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQD
-AgEGMCkGA1UdEQQiMCCkHjAcMRowGAYDVQQDExFTVFJvbmxpbmUxLTIwNDgt
-NTAdBgNVHQ4EFgQUD8oeXHngovMpttKFswtKtWXsa1IwHwYDVR0jBBgwFoAU
-D8oeXHngovMpttKFswtKtWXsa1IwDQYJKoZIhvcNAQEFBQADggEBAK8B8O0Z
-PCjoTVy7pWMciDMDpwCHpB8gq9Yc4wYfl35UvbfRssnV2oDsF9eK9XvCAPbp
-EW+EoFolMeKJ+aQAPzFoLtU96G7m1R08P7K9n3frndOMusDXtk3sU5wPBG7q
-NWdX4wple5A64U8+wwCSersFiXOMy6ZNwPv2AtawB6MDwidAnwzkhYItr5pC
-HdDHjfhA7p0GVxzZotiAFP7hYy0yh9WUUpY6RsZxlj33mA6ykaqP2vROJAA5
-VeitF7nTNCtKqUDMFypVZUF0Qn71wK/Ik63yGFs9iQzbRzkk+OBM8h+wPQrK
-BU6JIRrjKpms/H+h8Q8bHz2eBIPdltkdOpQ=
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/SecureSign_RootCA11.crt b/cert-validity/mozilla/builtin-certs/SecureSign_RootCA11.crt
deleted file mode 100644
index 6287d2f03e97..000000000000
--- a/cert-validity/mozilla/builtin-certs/SecureSign_RootCA11.crt
+++ /dev/null
@@ -1,22 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDbTCCAlWgAwIBAgIBATANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJK
-UDErMCkGA1UEChMiSmFwYW4gQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcywgSW5j
-LjEcMBoGA1UEAxMTU2VjdXJlU2lnbiBSb290Q0ExMTAeFw0wOTA0MDgwNDU2
-NDdaFw0yOTA0MDgwNDU2NDdaMFgxCzAJBgNVBAYTAkpQMSswKQYDVQQKEyJK
-YXBhbiBDZXJ0aWZpY2F0aW9uIFNlcnZpY2VzLCBJbmMuMRwwGgYDVQQDExNT
-ZWN1cmVTaWduIFJvb3RDQTExMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
-CgKCAQEA/XeqpRyQBTvLTJszi1oURaTnkBbR31fSIRCkF/3frNYfp+TbfPfs
-37gD2pRY/V1yfIw/XwFndBWW4wI8h9uuywGOwvNmxoVF9ALGOrVisq/6nL+k
-5tSAMJjzDbaTj6nU2DbysPyKyiyhFTOVMdrAG/LuYpmGYz+/3ZMqg6h2uRMf
-t85OQoWPIucuGvKVCbIFtUROd6EgvanyTgp9UK31BQ1FT0Zx/Sg+U/sE2C3X
-ZR1KG/rPO7AxmjVuyIsG0wCR8pQIZUyxNAYAeoni8McDWc/V1uinMrPmmECG
-xc0nEovMe863ETxiYAcjPitAbpSACW22s293bzUIUPsCh8U+iQIDAQABo0Iw
-QDAdBgNVHQ4EFgQUW/hNT7KlhtQ60vFjmqC+CfZXt94wDgYDVR0PAQH/BAQD
-AgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAKChOBZm
-LqdWHyGcBvod7bkixTgm2E5P7KN/ed5GIaGHd48HCJqypMWvDzKYC3xmKbab
-fSVSSUOrTC4rbnpwrxYO4wJs+0LmGJ1F2FXI6Dvd5+H0LgscNFxsWEr7jIhQ
-X5Ucv+2rIrVls4W6ng+4reV6G4pQOh29Dbx7VFALuUKvVaAYga1lme++5Jy/
-xIWrQbJUb9wlze144o4MjQlJ3WN7WmmWAiGovVJZ6X01y8hSyn+B/tlr0/cR
-7SXf+Of5pPpyl4RTDaXQMhhRdlkUbA/r7F+AjHVDg8OFmP9Mni0N5HeDk061
-lgeLKBObjBmNQSdJQO7e5iNEOdyhIta6A/I=
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/SecureTrust_CA.crt b/cert-validity/mozilla/builtin-certs/SecureTrust_CA.crt
deleted file mode 100644
index 118853de94a2..000000000000
--- a/cert-validity/mozilla/builtin-certs/SecureTrust_CA.crt
+++ /dev/null
@@ -1,24 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDuDCCAqCgAwIBAgIQDPCOXAgWpa1Cf/DrJxhZ0DANBgkqhkiG9w0BAQUF
-ADBIMQswCQYDVQQGEwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9y
-YXRpb24xFzAVBgNVBAMTDlNlY3VyZVRydXN0IENBMB4XDTA2MTEwNzE5MzEx
-OFoXDTI5MTIzMTE5NDA1NVowSDELMAkGA1UEBhMCVVMxIDAeBgNVBAoTF1Nl
-Y3VyZVRydXN0IENvcnBvcmF0aW9uMRcwFQYDVQQDEw5TZWN1cmVUcnVzdCBD
-QTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKukgeWVzfX2FI7C
-T8rU4niVWJxB4Q2ZQCQXOZEzZum+4YOvYlyJ0fwkW2Gz4BERQRwdbvC4u/je
-p4G6pkjGnx29vo6pQT64lO0pGtSO0gMdA+9tDWccV9cGrcrI9f4Or2YlSASW
-C12juhbDCE/RRvgUXPLIXgGZbf2IzIaowW8xQmxSPmjL8xk037uHGFaAJsTQ
-3MBv396gwpEWoGQRS0S8Hvbn+mPeZqx2pHGj7DaUaHp3pLHnDi+BeuK1cobv
-omuL8A/b01k/unK8RCSc43Oz969XL0Imnal0ugBS8kvNU3xHCzaFDmapCJcW
-NFfBZveA4+1wVMeT4C4oFVmHursCAwEAAaOBnTCBmjATBgkrBgEEAYI3FAIE
-Bh4EAEMAQTALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4E
-FgQUQjK2FvoE/f5dS3rD/fdMQB1aQ68wNAYDVR0fBC0wKzApoCegJYYjaHR0
-cDovL2NybC5zZWN1cmV0cnVzdC5jb20vU1RDQS5jcmwwEAYJKwYBBAGCNxUB
-BAMCAQAwDQYJKoZIhvcNAQEFBQADggEBADDtT0rhWDpSclu1pqNlGKa7UTt3
-6Z3q059c4EVlew3KW+JwULKUBRSuSceNQQcSc5R+DCMh/bwQf2AQWnL1mA6s
-7Ll/3XpvXdMc9P+IBWlCqQVxyLesJugutIxq/3HcuLHfmbx8IVQr5Fiiu1cp
-rp6poxkmD5kuCLDv/WnPmRoJjeOnnyvJNjR7JLN4TJUXpAYmHrZkUjZfYGfZ
-nMUFdAvnZyPSCPyI6a6Lf+Ew9Dd+/cYy2i2eRDAwbO4H3tI0/NL/QPZL9GZG
-BlSm8jIKYyYwa5vR3ItHuuG51WLQoqD0ZwV4KWMabwTW+MZMo5qxN7SN5ShL
-HZ4swrhovO0C7jE=
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/Secure_Global_CA.crt b/cert-validity/mozilla/builtin-certs/Secure_Global_CA.crt
deleted file mode 100644
index 12aa3f442ec5..000000000000
--- a/cert-validity/mozilla/builtin-certs/Secure_Global_CA.crt
+++ /dev/null
@@ -1,24 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDvDCCAqSgAwIBAgIQB1YipOjUiolN9BPI8PjqpTANBgkqhkiG9w0BAQUF
-ADBKMQswCQYDVQQGEwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9y
-YXRpb24xGTAXBgNVBAMTEFNlY3VyZSBHbG9iYWwgQ0EwHhcNMDYxMTA3MTk0
-MjI4WhcNMjkxMjMxMTk1MjA2WjBKMQswCQYDVQQGEwJVUzEgMB4GA1UEChMX
-U2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24xGTAXBgNVBAMTEFNlY3VyZSBHbG9i
-YWwgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvNS7YrGxV
-aQZx5RNoJLNP2MwhR/jxYDiJiQPpvepeRlMJ3Fz1Wuj3RSoC6zFh1ykzTM7H
-fAo3fg+6MpjhHZevj8fcyTiW89sa/FHtaMbQbqR8JNGuQsiWUGMu4P51/pin
-X0kuleM5M2SOHqRfkNJnPLLZ/kG5VacJjnIFHovdRIWCQtBJwB1g8NEXLJXr
-9qXBkqPFwqcIYA1gBBCWeZ4WNOaptvolRTnIHmX5k/Wq8VLcmZg9pYYaDDUz
-+kulBAYVHDGA76oYa8J719rO+TMg1fW9ajMtgQT7sFzUnKPiXB3jqUJ1XnvU
-d+85VLrJChgbEplJL4hL/VBi0XPnj3pDAgMBAAGjgZ0wgZowEwYJKwYBBAGC
-NxQCBAYeBABDAEEwCwYDVR0PBAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wHQYD
-VR0OBBYEFK9EBMJBfkiD2045AuzshHrmzsmkMDQGA1UdHwQtMCswKaAnoCWG
-I2h0dHA6Ly9jcmwuc2VjdXJldHJ1c3QuY29tL1NHQ0EuY3JsMBAGCSsGAQQB
-gjcVAQQDAgEAMA0GCSqGSIb3DQEBBQUAA4IBAQBjGghAfaReUw132HquHw0L
-URYD7xh8yOOvaliTFGCRsoTciE6+OYo68+aCiV0BN7OrJKQVDpI1WkpEXk5X
-+nXOH0jOZvQ8QCaSmGwb7iRGDBezUqXbpZGRzzfTb+cnCDpOGR86p1hcF895
-P4vkp9MmI50mD1hp/Ed+stCNi5O/KU9DaXR2Z0vPB4zmAve14bRDtUstFJ/5
-3CYNv6ZHdAbYiNE6KTCEztI5gGIbqMdXSbxqVVFnFUq+NQfk1XWYN3kwFNsp
-nWzFacxHVaIw98xcf8LDmBxrThaA63p4ZUWiABqvDA1VZDRIuJK58bRQKfJP
-Ix/abKwfROHdI3hRW8cW
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/Security_Communication_EV_RootCA1.crt b/cert-validity/mozilla/builtin-certs/Security_Communication_EV_RootCA1.crt
deleted file mode 100644
index a2d8b78d8888..000000000000
--- a/cert-validity/mozilla/builtin-certs/Security_Communication_EV_RootCA1.crt
+++ /dev/null
@@ -1,22 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDfTCCAmWgAwIBAgIBADANBgkqhkiG9w0BAQUFADBgMQswCQYDVQQGEwJK
-UDElMCMGA1UEChMcU0VDT00gVHJ1c3QgU3lzdGVtcyBDTy4sTFRELjEqMCgG
-A1UECxMhU2VjdXJpdHkgQ29tbXVuaWNhdGlvbiBFViBSb290Q0ExMB4XDTA3
-MDYwNjAyMTIzMloXDTM3MDYwNjAyMTIzMlowYDELMAkGA1UEBhMCSlAxJTAj
-BgNVBAoTHFNFQ09NIFRydXN0IFN5c3RlbXMgQ08uLExURC4xKjAoBgNVBAsT
-IVNlY3VyaXR5IENvbW11bmljYXRpb24gRVYgUm9vdENBMTCCASIwDQYJKoZI
-hvcNAQEBBQADggEPADCCAQoCggEBALx/7FebJOD+nLpCeamIivqA4PUHKUPq
-jgo0No0c+qe1OXj/l3X3L+SqawSERMqm4miO/VVQYg+kcQ7OBzgtQoVQrTyW
-b4vVog7P3kmJPdZkLjjlHmy1V4qe70gOzXppFodEtZDkBp2uoQSXWHnvIEqC
-a4wiv+wfD+mEce3xDuS4GBPMVjZd0ZoeUWs5bmB2iDQL87PRsJ3KYeJkHcFG
-B7hj3R4zZbOOCVVSPbW9/wfrrWFVGCypaZhKqkDFMxRldAD5kd6vA0jFQFTc
-D4SQaCDFkpbcLuUCRarAX1T4bepJz11sS6/vmsJWXMY1VkJqMF/Cq/biPT+z
-yRGPMUzXn0kCAwEAAaNCMEAwHQYDVR0OBBYEFDVK9U2vP9eCOKyrcWUXdYyd
-VZPmMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3
-DQEBBQUAA4IBAQCoh+ns+EBnXcPBZsdAS5f8hxOQWsTvoMpfi7ent/HWtWS3
-irO4G8za+6xmiEHO6Pzk2x6Ipu0nUBsCMCRGef4Eh3CXQHPRwMFXGZpppSeZ
-q51ihPZRwSzJIxXYKLerJRO1RuGGAv8mjMSIkh1W/hln8lXkgKNrnKt34VFx
-DSDbEJrbvXZ5B3eZKK2aXtqxT0QsNY6llsf9g/BYxnnWmHyojf6GPgcWkuF7
-5x3sM3Z+Qi5KhfmRiWiEA4Glm5q+4zfFVKtWOxgtQaQM+ELbmaDgcm+7XeEW
-T1MKZPlO9L9OVL14bIjqv5wTJMJwaaJ/D8g8rQjJsJhAoyrniIPtd490
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/Security_Communication_Root_CA.crt b/cert-validity/mozilla/builtin-certs/Security_Communication_Root_CA.crt
deleted file mode 100644
index ea0efb7d73ca..000000000000
--- a/cert-validity/mozilla/builtin-certs/Security_Communication_Root_CA.crt
+++ /dev/null
@@ -1,22 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDWjCCAkKgAwIBAgIBADANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJK
-UDEYMBYGA1UEChMPU0VDT00gVHJ1c3QubmV0MScwJQYDVQQLEx5TZWN1cml0
-eSBDb21tdW5pY2F0aW9uIFJvb3RDQTEwHhcNMDMwOTMwMDQyMDQ5WhcNMjMw
-OTMwMDQyMDQ5WjBQMQswCQYDVQQGEwJKUDEYMBYGA1UEChMPU0VDT00gVHJ1
-c3QubmV0MScwJQYDVQQLEx5TZWN1cml0eSBDb21tdW5pY2F0aW9uIFJvb3RD
-QTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzs/5/022x7xZ8
-V6UMbXaKL0u/ZPtM7orw8yl89f/uKuDp6bpbZCKamm8sOiZpUQWZJtzVHGpx
-xpp9Hp3dfGzGjGdnSj74cbAZJ6kJDKaVv0uMDPpVmDvY6CKhS3E4eayXkmmz
-iX7qIWgGmBSWh9JhNrxtJ1aeV+7AwFb9Ms+k2Y7CI9eNqPPYJayX5HA49LY6
-tJ07lyZDo6G8SVlyTCMwhwFY9k6+HGhWZq/NQV3Is00qVUarH9oe4kA92819
-uZKAnDfdDJZkndwi92SL32HeFZRSFaB9UslLqCHJxrHty8OVYNEP8Ktw+N/L
-TX7s1vqr2b1/VPKl6Xn62dZ2JChzAgMBAAGjPzA9MB0GA1UdDgQWBBSgc0mZ
-aNyFW2XjmygvV5+9M7wHSDALBgNVHQ8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB
-/zANBgkqhkiG9w0BAQUFAAOCAQEAaECpqLvkT115swW1F7NgE+vGkl3g0dNq
-/vu+m22/xwVtWSDEHPC32oRYAmP6SBbvT6UL90qY8j+eG61Ha2POCEfrUj94
-nK9NrvjVT8+amCoQQTlSxN3Zmw7vkwGusi7KaEIkQmywszo+zenaSMQVy+n5
-Bw+SUEmK3TGXX8npN6o7WWWXlDLJs58+OmJYxUmtYg5xpTKqL8aJdkNAExNn
-PaJUJRDL8Try2frbSVa7pv6nQTXD4IhhyYjH3zYQIphZ6rBK+1YWc26sTfci
-oU+tHXotRSflMMFe8toTyyVCUZVHA4xsIcx0Qu1T/zOLjw9XARYvz6buyXAi
-FL39vmwLAw==
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/Sonera_Class_1_Root_CA.crt b/cert-validity/mozilla/builtin-certs/Sonera_Class_1_Root_CA.crt
deleted file mode 100644
index 0a8b244991e9..000000000000
--- a/cert-validity/mozilla/builtin-certs/Sonera_Class_1_Root_CA.crt
+++ /dev/null
@@ -1,20 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDIDCCAgigAwIBAgIBJDANBgkqhkiG9w0BAQUFADA5MQswCQYDVQQGEwJG
-STEPMA0GA1UEChMGU29uZXJhMRkwFwYDVQQDExBTb25lcmEgQ2xhc3MxIENB
-MB4XDTAxMDQwNjEwNDkxM1oXDTIxMDQwNjEwNDkxM1owOTELMAkGA1UEBhMC
-RkkxDzANBgNVBAoTBlNvbmVyYTEZMBcGA1UEAxMQU29uZXJhIENsYXNzMSBD
-QTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALWJHytPZwp5/8Ue
-+H887dF+2rDNbS82rDTG29lkFwhjMDMiikzujrsPDUJVyZ0upe/3p4zDq7mX
-y47vPxVnqIJyY1MPQYx9EJUkoVqlBvqSV536pQHydekfvFYmUk54GWVYVQNY
-wBSujHxVX3BbdyMGNpfzJLWaRpXk3w0LBUXl0fIdgrvGE+D+qnr9aTCU89JF
-hfzyMlsy3uhsXR/LpCJ0sICOXZT3BgBLqdReLjVQCfOAl/QMF6452F/NM8Ec
-yonCIvdFEu1eEpOdY6uCLrnrQkFEy0oaAIINnvmLVz5MxxftLItyM19yejhW
-1ebZrgUaHXVFsculJRwSVzb9IjcCAwEAAaMzMDEwDwYDVR0TAQH/BAUwAwEB
-/zARBgNVHQ4ECgQIR+IMi/ZTiFIwCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEB
-BQUAA4IBAQCLGrLJXWG04bkruVPRsoWdd44W7hE928Jj2VuXZfsSZ9gqXLar
-5V7DtxYvyOirHYr9qxp81V9jz9yw3Xe5qObSIjiHBxTZ/75Wtf0HDjxVyhbM
-p6Z3N/vbXB9OWQaHowND9Rart4S9Tu+fMTfwRvFAttEMpWT4Y14h21VOTzF2
-nBBhjrZTOqMRvq9tfB69ri3iDGnHhVNoomG6xT60eVR4ngrHAr5i0RGCS2Uv
-kVrCqIexVmiUefkl98HVrhq4uz2PqYo4Ffdz0Fpg0YCw8NzVUM1O7pJIae2y
-Ix4wzMiUyLb1O4Z/P6Yun/Y+LLWSlj7fLJOK/4GMDw9ZIRlXvVWa
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/Sonera_Class_2_Root_CA.crt b/cert-validity/mozilla/builtin-certs/Sonera_Class_2_Root_CA.crt
deleted file mode 100644
index fa4f701883df..000000000000
--- a/cert-validity/mozilla/builtin-certs/Sonera_Class_2_Root_CA.crt
+++ /dev/null
@@ -1,20 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDIDCCAgigAwIBAgIBHTANBgkqhkiG9w0BAQUFADA5MQswCQYDVQQGEwJG
-STEPMA0GA1UEChMGU29uZXJhMRkwFwYDVQQDExBTb25lcmEgQ2xhc3MyIENB
-MB4XDTAxMDQwNjA3Mjk0MFoXDTIxMDQwNjA3Mjk0MFowOTELMAkGA1UEBhMC
-RkkxDzANBgNVBAoTBlNvbmVyYTEZMBcGA1UEAxMQU29uZXJhIENsYXNzMiBD
-QTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJAXSjWdyvANlsdE
-+hY3/Ei9vX+ALTU74W+oZ6m/AxxNjG8yR9VBaKQTBME1DJqEQ/xcHf+Js+gX
-GM2RX/uJ4+q/Tl18GybTdXnt5oTjV+WtKcT0OijnpXuENmmz/V52vaMtmdOQ
-TiMofRhj8VQ7Jp12W5dCsv+u8E7s3TmVToMGf+dJQMjFAbJUWmYdPfz56TwK
-noG4cPABi+QjVHzIrviQHgCWctRUz2EjvOr7nQKV0ba5cTppCD8PtOFCx4j1
-P5iop7oc4HFx71hXgVB6XGt0Rg6DA5jDjqhu8nYybieDwnPz3BjotJPqdURr
-BGAgcVeHnfO+oJAjPYok4doh28MCAwEAAaMzMDEwDwYDVR0TAQH/BAUwAwEB
-/zARBgNVHQ4ECgQISqCqWITTXjwwCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEB
-BQUAA4IBAQBazof5FnIVV0sd2ZvnoiYw7JNn39Yt0jSv9zilzqsWuasvfDXL
-rNAPtEwr/IDva4yRXzZ299uzGxnq9LIR/WFxRL8oszodv7ND6J+/3DEIcbCd
-jdY0RzKQxmUk96BKfARzjzlvF4xytb1LyHr4e4PDKE6cCepnP7JnBBvDFNr4
-50kkkdAdavphOe9r5yF1BgfYErQhIHBCcYHaPJo2vqZbDWpsmh+Re/n570K6
-Tk6ezAyNlNzZRZxe7EJQY670XcSxEtzKO6gunRRaBXW37Ndj4ro1tgQIkeja
-nZz2ZrUYrAqmVCY0M9IbwdR/GjqOC6oybtv8TyWf2TLHllpwrN9M
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/Staat_der_Nederlanden_Root_CA.crt b/cert-validity/mozilla/builtin-certs/Staat_der_Nederlanden_Root_CA.crt
deleted file mode 100644
index 5329bb3e1821..000000000000
--- a/cert-validity/mozilla/builtin-certs/Staat_der_Nederlanden_Root_CA.crt
+++ /dev/null
@@ -1,24 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDujCCAqKgAwIBAgIEAJiWijANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQG
-EwJOTDEeMBwGA1UEChMVU3RhYXQgZGVyIE5lZGVybGFuZGVuMSYwJAYDVQQD
-Ex1TdGFhdCBkZXIgTmVkZXJsYW5kZW4gUm9vdCBDQTAeFw0wMjEyMTcwOTIz
-NDlaFw0xNTEyMTYwOTE1MzhaMFUxCzAJBgNVBAYTAk5MMR4wHAYDVQQKExVT
-dGFhdCBkZXIgTmVkZXJsYW5kZW4xJjAkBgNVBAMTHVN0YWF0IGRlciBOZWRl
-cmxhbmRlbiBSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
-AQEAmNK1URF6gaYUmHFtvsznExvWJw56s2oYHLZhWtVhCb/ekBPHZ+7d89rF
-DBKeNVU+LCeIQGv33N0iYfXCxw719tV2U02PjLwYdjeFnejKScfST5gTCaI+
-Ioicf9byEGW07l8Y1Rfj+MX94p2i71MOhXeiD+EwR+4A5zN9RGcaC1Hoi6Ce
-UJhoNFIfLm0B8mBF8jHrqTFoKbt6QZ7GGX+UtFE5A3+y3qcym7RHjm+0Sq7l
-r7HcsBthvJly3uSJt3omXdozSVtSnA71iq3DuD3oBmrC1SoLbHuEvVYFy4Zl
-kuxEK7COudxwC0barbxjiDn622r+I/q85Ej0ZytqERAhSQIDAQABo4GRMIGO
-MAwGA1UdEwQFMAMBAf8wTwYDVR0gBEgwRjBEBgRVHSAAMDwwOgYIKwYBBQUH
-AgEWLmh0dHA6Ly93d3cucGtpb3ZlcmhlaWQubmwvcG9saWNpZXMvcm9vdC1w
-b2xpY3kwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBSofeu8Y6R0E3QA7Jbg
-0zTBLL9s+DANBgkqhkiG9w0BAQUFAAOCAQEABYSHVXQ2YcG70dTGFagTtJ+k
-/rvuFbQvBgwp8qiSpGEN/KtcCFtREytNwiphyPgJWPwtArI5fZlmgb9uXJVF
-IGzmeafR2Bwp/MIgJ1HI8XxdNGdphREwxgDS1/PTfLbwMVcoEoJz6TMvplW0
-C5GUR5z6u3pCMuiufi3IvKwUv9kP2Vv8wfl6leF9fpb8cbDCTMjfRTTJzg3y
-nGQI0DvDKcWy7ZAEwbEpkcUwb8GpcjPM/l0WFywRaed+/sWDCN+83CI6LiBp
-IzlWYGeQiy52OfsRiJf2fL1LuCAWZwWN4jvBcj+UlTfHXbme2JOhF4//DGYV
-wSR8MnwDHTuhWEUykw==
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/Staat_der_Nederlanden_Root_CA_-_G2.crt b/cert-validity/mozilla/builtin-certs/Staat_der_Nederlanden_Root_CA_-_G2.crt
deleted file mode 100644
index 595fae093885..000000000000
--- a/cert-validity/mozilla/builtin-certs/Staat_der_Nederlanden_Root_CA_-_G2.crt
+++ /dev/null
@@ -1,36 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFyjCCA7KgAwIBAgIEAJiWjDANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQG
-EwJOTDEeMBwGA1UECgwVU3RhYXQgZGVyIE5lZGVybGFuZGVuMSswKQYDVQQD
-DCJTdGFhdCBkZXIgTmVkZXJsYW5kZW4gUm9vdCBDQSAtIEcyMB4XDTA4MDMy
-NjExMTgxN1oXDTIwMDMyNTExMDMxMFowWjELMAkGA1UEBhMCTkwxHjAcBgNV
-BAoMFVN0YWF0IGRlciBOZWRlcmxhbmRlbjErMCkGA1UEAwwiU3RhYXQgZGVy
-IE5lZGVybGFuZGVuIFJvb3QgQ0EgLSBHMjCCAiIwDQYJKoZIhvcNAQEBBQAD
-ggIPADCCAgoCggIBAMVZ5291qj5LnLW4rJ4L5PnZyqtdj7U5EILXr1HgO+EA
-SGrP2uEGQxGZqhQlEq0i6ABtQ8SpuOUfiUtnvWFI7/3S4GCI5bkYYCjDdyut
-sDeqN95kWSpGV+RLufg3fNU254DBtvPUZ5uW6M7XxgpT0GtJlvOjCwV3SPcl
-5XCsMBQgJeN/dVrlSPhOewMHBPqCYYdu8DvEpMfQ9XQ+pV0aCPKbJdL2rAQm
-PlU6Yiile7Iwr/g3wtG61jj99O9JMDeZJiFIhQGp5Rbn3JBV3w/oOM2ZNyFP
-XfUib2rFEhZgF1XyZWampzCROME4HYYEhLoaJXhena/MUGDWE4dS7WMfbWV9
-whUYdMrhfmQpjHLYFhN9C0lK8SgbIHRrxT3dsKpICT0ugpTNGmXZK4iambwY
-fp/ufWZ8Pr2UuIHOzZgweMFvZ9C+X+Bo7d7iscksWXiSqt8rYGPy5V6548r6
-f1CGPqI0GAwJaCgRHOThuVw+R7oyPxjMW4T182t0xHJ04eOLoEq9jWYv6q01
-2iDTiIJh8BIitrzQ1aTsr1SIJSQ8p22xcik/Plemf1WvbibG/ufMQFxRRIEK
-eN5KzlW/HdXZt1bv8Hb/C3m1r737qWmRRpdogBQ2HbN/uymYNqUg+oJgYjOk
-7Na6B6duxc8UpufWkjTYgfX8HV2qXB72o007uPc5AgMBAAGjgZcwgZQwDwYD
-VR0TAQH/BAUwAwEB/zBSBgNVHSAESzBJMEcGBFUdIAAwPzA9BggrBgEFBQcC
-ARYxaHR0cDovL3d3dy5wa2lvdmVyaGVpZC5ubC9wb2xpY2llcy9yb290LXBv
-bGljeS1HMjAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFJFoMocVHYnitfGs
-Nig0jQt8YojrMA0GCSqGSIb3DQEBCwUAA4ICAQCoQUpnKpKBglBu4dfYszk7
-8wIVCVBR7y29JHuIhjv5tLySCZa59sCrI2AGeYwRTlHSeYAz+51IvuxBQ4Ef
-fkdAHOV6CMqqi3WtFMTC6GY8ggen5ieCWxjmD27ZUD6KQhgpxrRW/FYQoAUX
-vQwjf/ST7ZwaUb7dRUG/kSS0H4zpX897IZmflZ85OkYcbPnNe5yQzSipx6lV
-u6xiNGI1E0sUOlWDuYaNkqbG9AclVMwWVxJKgnjIFNkXgiYtXSAfea7+1HAW
-FpWD2DU5/1JddRwWxRNVz0fMdWVSSt7wsKfkCpYL+63C4iWEst3kvX5ZbJvw
-8NjnyvLplzh+ib7M+zkXYT9y2zqR2GUBGR2tUKRXCnxLvJxxcypFURmFzI79
-R6d0lR2o0a9OF7FpJsKqeFdbxU2n5Z4FF5TKsl+gSRiNNOkmbEgeqmiSBeGC
-c1qb3AdbCG19ndeNIdn8FCCqwkXfP+cAslHkwvgFuXkajDTznlvkN1trSt8s
-V4pAWja63XVECDdCcAz+3F4hoKOKwJCcaNpQ5kUQR3i2TtJlycM33+FCY7BX
-N0Ute4qcvwXqZVUz9zkQxSgqIXobisQk+T8VyJoVIPVVYpbtbZNQvOSqeK3Z
-ywplh6ZmwcSBo3c6WB4L7oOLnR7SUqTMHW+wmG2UMbX4cQrcufx9MmDm66+K
-AQ==
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/Starfield_Class_2_CA.crt b/cert-validity/mozilla/builtin-certs/Starfield_Class_2_CA.crt
deleted file mode 100644
index fe372f787170..000000000000
--- a/cert-validity/mozilla/builtin-certs/Starfield_Class_2_CA.crt
+++ /dev/null
@@ -1,26 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJV
-UzElMCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAG
-A1UECxMpU3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
-dHkwHhcNMDQwNjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQG
-EwJVUzElMCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEy
-MDAGA1UECxMpU3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRo
-b3JpdHkwggEgMA0GCSqGSIb3DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGm
-BIWtDBFk385N78gDGIc/oav7PKaf8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1
-KKY/e97gKvDIr1MvnsoFAZMej2YcOadN+lq2cwQlZut3f+dZxkqZJRRU6ybH
-838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0X9tDkYI22WY8sbi5gv2cOj4Q
-yDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aaK4UmkhynArPkPw2vCHmC
-uDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA1W4TNSNe35tfPe/W
-93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0GA1UdDgQWBBS/
-X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fRzt0fhvRb
-Vazc1xDCDqmI56FspGowaDELMAkGA1UEBhMCVVMxJTAjBgNVBAoTHFN0YXJm
-aWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBD
-bGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMB
-Af8wDQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1ep
-oXkJKtv3L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLM
-PUxA2IGvd56Deruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L
-7ShZ3U0WixeDyLJlxy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMt
-lb71cZBDzI0fmgAKhynpVSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl9
-0TSrE9atvNziPTnNvT51cKEYWQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/
-D5fs4C8fF5Q=
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/StartCom_Certification_Authority.crt b/cert-validity/mozilla/builtin-certs/StartCom_Certification_Authority.crt
deleted file mode 100644
index 554a087dee37..000000000000
--- a/cert-validity/mozilla/builtin-certs/StartCom_Certification_Authority.crt
+++ /dev/null
@@ -1,47 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIHyTCCBbGgAwIBAgIBATANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJJ
-TDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERp
-Z2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3RhcnRDb20g
-Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDYwOTE3MTk0NjM2WhcNMzYw
-OTE3MTk0NjM2WjB9MQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20g
-THRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2ln
-bmluZzEpMCcGA1UEAxMgU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3Jp
-dHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDBiNsJvGxGfHif
-lXu1M5DycmLWwTYgIiRezul38kMKogZkpMyONvg45iPwbm2xPN1yo4UcodM9
-tDMr0y+v/uqwQVlntsQGfQqedIXWeUyAN3rfOQVSWff0G0ZDpNKFhdLDcfN1
-YjS6LIp/Ho/u7TTQEceWzVI9ujPW3U3eCztKS5/CJi/6tRYccjV3yjxd5srh
-JosaNnZcAdt0FCX+7bWgiA/deMotHweXMAEtcnn6RtYTKqi5pquDSR3l8u/d
-5AGOGAqPY1MWhWKpDhk6zLVmpsJrdAfkK+F2PrRt2PZE4XNiHzvEvqBTViVs
-UQn3qqvKv3b9bZvzndu/PWa8DFaqr5hIlTpL36dYUNk4dalb6kMMAv+Z6+hs
-TXBbKWWc3apdzK8BMewM69KN6Oqce+Zu9ydmDBpI125C4z/eIT574Q1w+2Oq
-qGwaVLRcJXrJosmLFqa7LH4XXgVNWG4SHQHuEhANxjJ/GP/89PrNbpHoNkm+
-Gkhpi8KWTRoSsmkXwQqQ1vp5Iki/untp+HDH+no32NgN0nZPV/+Qt+OR0t3v
-wmC3Zzrd/qqc8NSLf3Iizsafl7b4r4qgEKjZ+xjGtrVcUjyJthkqcwEKDwOz
-EmDyei+B26Nu/yYwl/WL3YlXtq09s68rxbd2AvCl1iuahhQqcvbjM4xdCUsT
-37uMdBNSSwIDAQABo4ICUjCCAk4wDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMC
-Aa4wHQYDVR0OBBYEFE4L7xqkQFulF2mHMMo0aEPQQa7yMGQGA1UdHwRdMFsw
-LKAqoCiGJmh0dHA6Ly9jZXJ0LnN0YXJ0Y29tLm9yZy9zZnNjYS1jcmwuY3Js
-MCugKaAnhiVodHRwOi8vY3JsLnN0YXJ0Y29tLm9yZy9zZnNjYS1jcmwuY3Js
-MIIBXQYDVR0gBIIBVDCCAVAwggFMBgsrBgEEAYG1NwEBATCCATswLwYIKwYB
-BQUHAgEWI2h0dHA6Ly9jZXJ0LnN0YXJ0Y29tLm9yZy9wb2xpY3kucGRmMDUG
-CCsGAQUFBwIBFilodHRwOi8vY2VydC5zdGFydGNvbS5vcmcvaW50ZXJtZWRp
-YXRlLnBkZjCB0AYIKwYBBQUHAgIwgcMwJxYgU3RhcnQgQ29tbWVyY2lhbCAo
-U3RhcnRDb20pIEx0ZC4wAwIBARqBl0xpbWl0ZWQgTGlhYmlsaXR5LCByZWFk
-IHRoZSBzZWN0aW9uICpMZWdhbCBMaW1pdGF0aW9ucyogb2YgdGhlIFN0YXJ0
-Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5IFBvbGljeSBhdmFpbGFibGUg
-YXQgaHR0cDovL2NlcnQuc3RhcnRjb20ub3JnL3BvbGljeS5wZGYwEQYJYIZI
-AYb4QgEBBAQDAgAHMDgGCWCGSAGG+EIBDQQrFilTdGFydENvbSBGcmVlIFNT
-TCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTANBgkqhkiG9w0BAQUFAAOCAgEA
-FmyZ9GYMNPXQhV59CuzaEE44HF7fpiUFS5Eyweg78T3dRAlbB0mKKctmArex
-mvclmAk8jhvh3TaHK0u7aNM5Zj2gJsfyOZEdUauCe37Vzlrk4gNXcGmXCPle
-WKYK34wGmkUWFjgKXlf2Ysd6AgXmvB618p70qSmD+LIU424oh0TDkBreOKk8
-rENNZEXO3SipXPJzewT4F+irsfMuXGRuczE6Eri8sxHkfY+BUZo7jYn0TZNm
-ezwD7dOaHZrzZVD1oNB1ny+v8OqCQ5j4aZyJecRDjkZy42Q2Eq/3JR44iZB3
-fsNrarnDy0RLrHiQi+fHLB5LEUTINFInzQpdn4XBidUaePKVEFMy3YCEZnXZ
-tWgo+2EuvoSoOMCZEoalHmdkrQYuL6lwhceWD3yJZfWOQ1QOq92lgDmUYMA0
-yZZwLKMS9R9Ie70cfmu3nZD0Ijuu+PwqyvqCUqDvr0tVk+vBtfAii6w0TiYi
-BKGHLHVKt+V9E9e4DGTANtLJL4YSjCMJwRuCO3NJo2pXh5Tl1njFmUNj403g
-dy3hZZlyaQQaRwnmDwFWJPsfvw55qVguucQJAX6Vum0ABj6y6koQOdjQK/W/
-7HW/lwLFCRsI3FU34oH7N4RDYiDK51ZLZer+bMEkkyShNOsF/5oirpt9P/Fl
-UQqmMGqz9IgcgA38corog14=
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/SwissSign_Gold_CA_-_G2.crt b/cert-validity/mozilla/builtin-certs/SwissSign_Gold_CA_-_G2.crt
deleted file mode 100644
index 0ebdd4ad8edc..000000000000
--- a/cert-validity/mozilla/builtin-certs/SwissSign_Gold_CA_-_G2.crt
+++ /dev/null
@@ -1,35 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFujCCA6KgAwIBAgIJALtAHEP1Xk+wMA0GCSqGSIb3DQEBBQUAMEUxCzAJ
-BgNVBAYTAkNIMRUwEwYDVQQKEwxTd2lzc1NpZ24gQUcxHzAdBgNVBAMTFlN3
-aXNzU2lnbiBHb2xkIENBIC0gRzIwHhcNMDYxMDI1MDgzMDM1WhcNMzYxMDI1
-MDgzMDM1WjBFMQswCQYDVQQGEwJDSDEVMBMGA1UEChMMU3dpc3NTaWduIEFH
-MR8wHQYDVQQDExZTd2lzc1NpZ24gR29sZCBDQSAtIEcyMIICIjANBgkqhkiG
-9w0BAQEFAAOCAg8AMIICCgKCAgEAr+TufoskDhJuqVAtFkQ7kpJcyrhdhJJC
-Eyq8ZVeCQD5XJM1QiyUqt2/876LQwB8CJEoTlo8jE+YoWACjR8cGp4QjK7u9
-lit/VcyLwVcfDmJlD909Vopz2q5+bbqBHH5CjCA12UNNhPqE21Is8w4ndwtr
-vxEvcnifLtg+5hg3Wipy+dpikJKVyh+c6bM8K8vzARO/Ws/BtQpgvd21mWRT
-uKCWs2/iJneRjOBiEAKfNA+k1ZIzUd6+jbqEemA8atufK+ze3gE/bk3lUIbL
-tK/tREDFylqM2tIrfKjuvqblCqoOpd8FUrdVxyJdMmqXl2MT28nbeTZ7hTpK
-xVKJ+STnnXepgv9VHKVxaSvRAiTysybUa9oEVeXBCsdtMDeQKuSeFDNeFhdV
-xVu1yzSJkvGdJo+hB9TGsnhQ2wwMC3wLjEHXuendjIj3o02yMszYF9rNt85m
-ndT9Xv+9lz4pded+p2JYryU0pUHHPbwNUMoDAw8IWh+Vc3hiv69yFGkOpeUD
-DniOJihC8AcLYiAQZzlG+qkDzAQ4embvIIO1jEpWjpEA/I5cgt6IoMPiaG59
-je883WX0XaxR7ySArqpWl2/5rX3aYT+YdzylkbYcjCbaZaIJbcHiVOO5ykxM
-gI93e2CaHt+28kgeDrpOVG2Y4OGiGqJ3UM/EY5LsRxmd6+ZrzsECAwEAAaOB
-rDCBqTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4E
-FgQUWyV7lqRlUX64OfPAeGZe6Drn8O4wHwYDVR0jBBgwFoAUWyV7lqRlUX64
-OfPAeGZe6Drn8O4wRgYDVR0gBD8wPTA7BglghXQBWQECAQEwLjAsBggrBgEF
-BQcCARYgaHR0cDovL3JlcG9zaXRvcnkuc3dpc3NzaWduLmNvbS8wDQYJKoZI
-hvcNAQEFBQADggIBACe645R88a7A3hfm5djV9VSwg/S7zV4Fe0+fdWavPOhW
-fvxyeDgD2StiGwC5+OlgzczOUYrHUDFu4Up+GC9pWbY9ZIEr44OE5iKHjn3g
-7gKZYbge9LgriBIWhMIxkziWMaa5O1M/wySTVltpkuzFwbs4AOPsF6m43Md8
-AYOfMke6UiI0HTJ6CVanfCU2qT1L2sCCbwq7EsiHSycR+R4tx5M/nttfJmtS
-2S6K8RTGRI0Vqbe/vd6mGu6uLftIdxf+u+yvGPUqUfA5hJeVbG4bwyvEdGB5
-JbAKJ9/fXtI5z0V9QkvfsywexcZdylU6oJxpmo/a77KwPJ+HbBIrZXAVUjEa
-JM9vMSNQH4xPjyPDdEFjHFWoFN0+4FFQz/EbMFYOkrCChdiDyyJkvC24JdVU
-orgG6q2SpCSgwYa1ShNqR88uC1aVVMvOmttqtKay20EIhid392qgQmwLOM7X
-dVAyksLfKzAiSNDVQTglXaTpXZ/GlHXQRf0wl0OPkKsKx4ZzYEppLd6leNcG
-2mqeSz53OiATIgHQv2ieY2BrNU0LbbqhPcCT4H8js1WtciVORvnSFu+wZMEB
-nunKoGqYDs/YYPIvSbjkQuE4NRb0yG5P94FW6LqjviOvrv1vA+ACOzB2+htt
-Qc8Bsem4yWb02ybzOqR08kkkW8mw0FfB+j564ZfJ
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/SwissSign_Platinum_CA_-_G2.crt b/cert-validity/mozilla/builtin-certs/SwissSign_Platinum_CA_-_G2.crt
deleted file mode 100644
index 6eb627a91f8b..000000000000
--- a/cert-validity/mozilla/builtin-certs/SwissSign_Platinum_CA_-_G2.crt
+++ /dev/null
@@ -1,35 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFwTCCA6mgAwIBAgIITrIAZwwDXU8wDQYJKoZIhvcNAQEFBQAwSTELMAkG
-A1UEBhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEjMCEGA1UEAxMaU3dp
-c3NTaWduIFBsYXRpbnVtIENBIC0gRzIwHhcNMDYxMDI1MDgzNjAwWhcNMzYx
-MDI1MDgzNjAwWjBJMQswCQYDVQQGEwJDSDEVMBMGA1UEChMMU3dpc3NTaWdu
-IEFHMSMwIQYDVQQDExpTd2lzc1NpZ24gUGxhdGludW0gQ0EgLSBHMjCCAiIw
-DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMrfogLi2vj8Bxax3mCq3pZc
-ZB/HL37PZ/pEQtZ2Y5Wu669yIIpFR4ZieIbWIDkm9K6j/SPnpZy1IiEZtzeT
-IsBQnIJ71NUERFzLtMKfkr4k2HtnIuJpX+UFeNSH2XFwMyVTtIc7KZAoNppV
-RDBopIOXfw0enHb/FZ1glwCNioUD7IC+6ixuEFGSzH7VozPY1kneWCqv9hbr
-S3uQMpe5up1Y8fhXSQQeol0GcN1x2/ndi5objM89o03Oy3z2u5yg+gnOI2Ky
-6Q0f4nIoj5+saCB9bzuohTEJfwvH6GXp43gOCWcwizSC+13gzJ2BbWLuCB4E
-LE6b7P6pT1/9aXjvCR+htL/68++QHkwFix7qepF6w9fl+zC8bBsQWJj3Gl/Q
-KTIDE0ZNYWqFTFJ0LwYfexHihJfGmfNtf9dng34TaNhxKFrYzt3oEBSa/m0j
-h26OWnA81Y0JAKeqvLAxN23IhBQeW71FYyBrS3SMvds6DsHPWhaPpZjydomy
-ExI7C3d3rLvlPClKknLKYRorXkzig3R3+jVIeoVNjZpTxN94ypeRSCtFKwH3
-HBqi7Ri6Cr2D+m+8jVeTO9TUps4e8aCxzqv9KyiaTxvXw3LbpMS/XUz13XuW
-ae5ogObnmLo2t/5u7Su9IPhlGdpVCX4l3P5hYnL5fhgC72O00Puv5TtjjGeP
-AgMBAAGjgawwgakwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8w
-HQYDVR0OBBYEFFCvzAeHFUdvOMW0ZdHelarp35zMMB8GA1UdIwQYMBaAFFCv
-zAeHFUdvOMW0ZdHelarp35zMMEYGA1UdIAQ/MD0wOwYJYIV0AVkBAQEBMC4w
-LAYIKwYBBQUHAgEWIGh0dHA6Ly9yZXBvc2l0b3J5LnN3aXNzc2lnbi5jb20v
-MA0GCSqGSIb3DQEBBQUAA4ICAQAIhab1Fgz8RBrBY+D5VUYI/HAcQiiWjrfF
-wUF1TglxeeVtlspLpYhg0DB0uMoI3LQwnkAHFmtllXcBrqS3NQuB2nEVqXQX
-OHtYyvkv+8Bldo1bAbl93oI9ZLi+FHSjClTTLJUYFzX1UWs/j6KWYTl4a0vl
-pqD4U99REJNi54Av4tHgvI42Rncz7Lj7jposiU0xEQ8mngS7twSNC/K5/Fqd
-Oxa3L8iYq/6KUFkuozv8KV2LwUvJ4ooTHbG/u0IdUt1O2BReEMYxB+9xJ/cb
-OQncguqLs5WGXv312l0xpuAxtpTmREl0xRbl9x8DYSjFyMsSoEJL+WuICI20
-MhjzdZ/EfwBPBZWcoxcCw7NTm6ogOSkrZvqdr16zktK1puEa+S1BaYEUtLS1
-7Yk9zvupnTVCRLEcFHOBzyoBNZox1S2PbYTfgE1X4z/FhHXaicYwu+uPyyII
-oK6q8QNsOktNCaUOcsZWayFCTiMlFGiudgp8DAdwZPmaL/YFOSbGDI8Zf0Ne
-bvRbFS/bYV3mZy8/CJT5YLSYMdp08YSTcU1f+2BY0fvEwW2JorsgH51xkcsy
-mxM9Pn2SUjWskpSi0xjCfMfqr3YFFt1nJ8J+HAciIfNAChs0B0QTwoRqjt8Z
-Wr9/6x3iGjjRXK9HkmuAtTClyY3YqzGBH9/CZjfTk6mFhnll0g==
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/SwissSign_Silver_CA_-_G2.crt b/cert-validity/mozilla/builtin-certs/SwissSign_Silver_CA_-_G2.crt
deleted file mode 100644
index ede080e0bf19..000000000000
--- a/cert-validity/mozilla/builtin-certs/SwissSign_Silver_CA_-_G2.crt
+++ /dev/null
@@ -1,35 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFvTCCA6WgAwIBAgIITxvUL1S7L0swDQYJKoZIhvcNAQEFBQAwRzELMAkG
-A1UEBhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEhMB8GA1UEAxMYU3dp
-c3NTaWduIFNpbHZlciBDQSAtIEcyMB4XDTA2MTAyNTA4MzI0NloXDTM2MTAy
-NTA4MzI0NlowRzELMAkGA1UEBhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBB
-RzEhMB8GA1UEAxMYU3dpc3NTaWduIFNpbHZlciBDQSAtIEcyMIICIjANBgkq
-hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxPGHf9N4Mfc4yfjDmUO8x/e8N+dO
-cbpLj6VzHVxumK4DV644N0MvFz0fyM5oEMF4rhkDKxD6LHmD9ui5aLlV8gRE
-pzn5/ASLHvGiTSf5YXu6t+WiE7brYT7QbNHm+/pe7R20nqA1W6GSy/BJkv6F
-CgU+5tkL4k+73JU3/JHpMjUi0R86TieFnbAVlDLaYQ1HTWBCrpJH6INaUFjp
-iou5XaHc3ZlKHzZnu0jkg7Y360g6rw9njxcH6ATK72oxh9TAtvmUcXtnZLi2
-kUpCe2UuMGoM9ZDulebyzYLs2aFK7PayS+VFheZteJMELpyCbTapxDFkH4aD
-Cyr0NQp4yVXPQbBH6TCfmb5hqAaEuSh6XzjZG6k4sIN/c8HDO0gqgg8hm7jM
-qDXDhBuDsz6+pJVpATqJAHgE2cn0mRmrVn5bi4Y5FZGkECwJMoBgs5PAKrYY
-C51+jUnyEEp/+dVGLxmSo5mnJqy7jDzmDrxHB9xzUfFwZC8I+bRHHTBsROop
-N4WSaGa8gzj+ezku01DwH/teYLappvonQfGbGHLy9YR0SslnxFSuSGTfjNFu
-sB3hB48IHpmccelM2KX3RxIfdNFRnobzwqIjQAtz20um53MGjMGg6cFZrEb6
-5i/4z3GcRm25xBWNOHkDRUjvxF3XCO6HOSKGsg0PWEP3calILv3q1h8CAwEA
-AaOBrDCBqTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNV
-HQ4EFgQUF6DNweRBtjpbO8tFnb0cwpj6hlgwHwYDVR0jBBgwFoAUF6DNweRB
-tjpbO8tFnb0cwpj6hlgwRgYDVR0gBD8wPTA7BglghXQBWQEDAQEwLjAsBggr
-BgEFBQcCARYgaHR0cDovL3JlcG9zaXRvcnkuc3dpc3NzaWduLmNvbS8wDQYJ
-KoZIhvcNAQEFBQADggIBAHPGgeAn0i0P4JUw4ppBf1AsX19iYamGamkYDHRJ
-1l2E6kFSGG9YrVBWIGrGvShpWJHckRE1qTodvBqlYJ7YH39FkWnZfrt4csEG
-DyrOj4VwYaygzQu4OSlWhDJOhrs9xCrZ1x9y7v5RoSJBsXECYxqCsGKrXlcS
-H9/L3XWgwF15kIwb4FDm3jH+mHtwX6WQ2K34ArZv02DdQEsixT2tOnqfGhpH
-kXkzuoLcMmkDlm4fS/Bx/uNncqCxv1yL5PqZIseEuRuNI5c/7SXgz2W79WEE
-790eslpBIlqhn10s6FvJbakMDHiqYMZWjwFaDGi8aRl5xB9+lwW/xekkUV7U
-1UtT7dkjWjYDZaPBA61BMPNGG4WQr2W11bHkFlt4dR2Xem1ZqSqPe97Dh4kQ
-mUlzeMg9vVE1dCrV8X5pGyq7O70luJpaPXJhkGaH7gzWTdQRdAtq/gsD/KNV
-V4n+SsuuWxcFyPKNIzFTONItaj+CuY0IavdeQXRuwxF+B6wpYJE/OMpXEA29
-MC/HpeZBoNquBYeaoKRlbEwJDIm6uNO5wJOKMPqN5ZprFQFOZ6raYlY+hAhm
-0sQ2fac+EPyI4NSA5QC9qvNOBqN6avlicuMJT+ubDgEj8Z+7fNzcbBGXJbLy
-tGMU0gYqZ4yD9c7qB9iaah7s5Aq7KkzrCWA5zspi2C5u
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/Swisscom_Root_CA_1.crt b/cert-validity/mozilla/builtin-certs/Swisscom_Root_CA_1.crt
deleted file mode 100644
index b5b055dd67c7..000000000000
--- a/cert-validity/mozilla/builtin-certs/Swisscom_Root_CA_1.crt
+++ /dev/null
@@ -1,36 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIF2TCCA8GgAwIBAgIQXAuFXAvnWUHfV8w/f52oNjANBgkqhkiG9w0BAQUF
-ADBkMQswCQYDVQQGEwJjaDERMA8GA1UEChMIU3dpc3Njb20xJTAjBgNVBAsT
-HERpZ2l0YWwgQ2VydGlmaWNhdGUgU2VydmljZXMxGzAZBgNVBAMTElN3aXNz
-Y29tIFJvb3QgQ0EgMTAeFw0wNTA4MTgxMjA2MjBaFw0yNTA4MTgyMjA2MjBa
-MGQxCzAJBgNVBAYTAmNoMREwDwYDVQQKEwhTd2lzc2NvbTElMCMGA1UECxMc
-RGlnaXRhbCBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczEbMBkGA1UEAxMSU3dpc3Nj
-b20gUm9vdCBDQSAxMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA
-0LmwqAzZuz8h+BvVM5OAFmUgdbI9m2BtRsiMMW8Xw/qabFbtPMWRV8PNq5ZJ
-kCoZSx6jbVfd8StiKHVFXqrWW/oLJdihFvkcxC7mlSpnzNApbjyFNDhhSbEA
-n9Y6cV9Nbc5fuankiX9qUvrKm/LcqfmdmUc/TilftKaNXXsLmREDA/7n29uj
-/x2lzZAeAR81sH8A25Bvxn570e56eqeqDFdvpG3FEzuwpdntMhy0XmeLVNxz
-h+XTF3xmUHJd1BpYwdnP2IkCb6dJtDZd0KTeByy2dbcokdaXvij1mB7qWybJ
-vbCXc9qukSbraMH5ORXWZ0sKbU/Lz7DkQnGMU3nn7uHbHaBuHYwadzVcFh4r
-Ux80i9Fs/PJnB3r1re3WmquhsUvhzDdf/X/NTa64H5xD+SpYVUNFvJbNcA78
-yeNmuk6NO4HLFWR7uZToXTNShXEuT46iBhFRyePLoW4xCGQMwtI89Tbo19AO
-eCMgkckkKmUpWyL3Ic6DXqTz3kvTaI9GdVyDCW4pa8RwjPWd1yAv/0bSKzjC
-L3UcPX7ape8eYIVpQtPM+GP+HkM5haa2Y0EQs3MevNP6yn0WR+Kn1dCjigoI
-lmJWbjTb2QK5MHXjBNLnj8KwEUAKrNVxAmKLMb7dxiNYMUJDLXT5xp6mig/p
-/r+D5kNXJLrvRjSq1xIBOO0CAwEAAaOBhjCBgzAOBgNVHQ8BAf8EBAMCAYYw
-HQYDVR0hBBYwFDASBgdghXQBUwABBgdghXQBUwABMBIGA1UdEwEB/wQIMAYB
-Af8CAQcwHwYDVR0jBBgwFoAUAyUv3m+CATpcLNwroWm1Z9SM0/0wHQYDVR0O
-BBYEFAMlL95vggE6XCzcK6FptWfUjNP9MA0GCSqGSIb3DQEBBQUAA4ICAQA1
-EMvspgQNDQ/NwNurqPKIlwzfky9NfEBWMXrrpA9gzXrzvsMnjgM+pN0S734e
-dAY8PzHyHHuRMSG08NBsl9Tpl7IkVh5WwzW9iAUPWxAaZOHHgjD5Mq2eUCzn
-eAXQMbFamIp1TpBcahQq4FJHgmDmHtqBsfsUC1rxn9KVuj7QG9YVHaO+htXb
-D8BJZLsuUBlL0iT43R4HVtA4oJVwIHaM190e3p9xxCPvgxNcoyQVTSlAPGrE
-qdi3pkSlDfTgnXceQHAm/NrZNuR55LU/vJtlvrsRls/bxig5OgjOR1tTWsWZ
-/l2p3e9M1MalrQLmjAcSHm8D0W+go/MpvRLHUKKwf4ipmXeascClOS5cfGni
-LLDqN2qk4Vrh9VDlg++luyqI54zb/W1elxmofmZ1a3Hqv7HHb6D0jqTsNFFb
-jCYDcKF31QESVwA12yPeDooomf2xEG9L/zgtYE4snOtnta1J7ksfrK/7DZBa
-ZmBwXarNeNQk7shBoJMBkpxqnvy5JMWzFYJ+vq6VK+uxwNrjAWALXmmshFZh
-vnEX/h0TD/7Gh0Xp/jKgGg0TpJRVcaUWi7rKibCyx/yP2FS1k2Kdzs9Z+z0Y
-zirLNRWCXf9UIltxUvu3yf5gmwBBZPCqKuy2QkPOiWaByIufOVQDJdMWNY6E
-0F/6MBr1mmz0DlP5OlvRHA==
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/TC_TrustCenter_Class_2_CA_II.crt b/cert-validity/mozilla/builtin-certs/TC_TrustCenter_Class_2_CA_II.crt
deleted file mode 100644
index c6083d678577..000000000000
--- a/cert-validity/mozilla/builtin-certs/TC_TrustCenter_Class_2_CA_II.crt
+++ /dev/null
@@ -1,29 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEqjCCA5KgAwIBAgIOLmoAAQACH9dSISwRXDswDQYJKoZIhvcNAQEFBQAw
-djELMAkGA1UEBhMCREUxHDAaBgNVBAoTE1RDIFRydXN0Q2VudGVyIEdtYkgx
-IjAgBgNVBAsTGVRDIFRydXN0Q2VudGVyIENsYXNzIDIgQ0ExJTAjBgNVBAMT
-HFRDIFRydXN0Q2VudGVyIENsYXNzIDIgQ0EgSUkwHhcNMDYwMTEyMTQzODQz
-WhcNMjUxMjMxMjI1OTU5WjB2MQswCQYDVQQGEwJERTEcMBoGA1UEChMTVEMg
-VHJ1c3RDZW50ZXIgR21iSDEiMCAGA1UECxMZVEMgVHJ1c3RDZW50ZXIgQ2xh
-c3MgMiBDQTElMCMGA1UEAxMcVEMgVHJ1c3RDZW50ZXIgQ2xhc3MgMiBDQSBJ
-STCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKuAh5uO8MN8h9fo
-JIIRszzdQ2Lu+MNF2ujhoF/RKrLqk2jftMjWQ+nEdVl//OEd+DFwIxuInie5
-e/060smp6RQvkL4DUsFJzfb95AhmC1eKokKguNV/aVyQMrKXDcpK3EY+AlWJ
-U+MaWss2xgdW94zPEfRMuzBwBJWl9jmM/XOBCH2JXjIeIqkiRUuwZi4wzJ9l
-/fzLganx4Duvo4bRierERXlQXa7pIXSSTYtZgo+U4+lK8edJsBTj9WLL1XK9
-H7nSn6DNqPoByNkN39r8R52zyFTfSUrxIan+GE7uSNQZu+995OKdy1u2bv/j
-zVrndIIFuoAlOMvkaZ6vQaoahPUCAwEAAaOCATQwggEwMA8GA1UdEwEB/wQF
-MAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBTjq1RMgKHbVkO3kUrL
-84J6E1wIqzCB7QYDVR0fBIHlMIHiMIHfoIHcoIHZhjVodHRwOi8vd3d3LnRy
-dXN0Y2VudGVyLmRlL2NybC92Mi90Y19jbGFzc18yX2NhX0lJLmNybIaBn2xk
-YXA6Ly93d3cudHJ1c3RjZW50ZXIuZGUvQ049VEMlMjBUcnVzdENlbnRlciUy
-MENsYXNzJTIwMiUyMENBJTIwSUksTz1UQyUyMFRydXN0Q2VudGVyJTIwR21i
-SCxPVT1yb290Y2VydHMsREM9dHJ1c3RjZW50ZXIsREM9ZGU/Y2VydGlmaWNh
-dGVSZXZvY2F0aW9uTGlzdD9iYXNlPzANBgkqhkiG9w0BAQUFAAOCAQEAjNff
-fu4bgBCzg/XbEeprS6iSGNn3Bzn1LL4GdXpoUxUc6krtXvwjshOg0wn/9vYu
-a0Fxec3ibf2uWWuFHbhOIprtZjluS5TmVfwLG4t3wVMTZonZKNaL80VKY7f9
-ewthXbhtvsPcW3nS7Yblok2+XnR8au0WOB9/WIFaGusyiC2y8zl3gK9etmF1
-KdsjTYjKUCjLhdLTEKJZbtOTVAB6okaVhgWcqRmY5TFyDADiZ9lA4CQze28s
-uVyrZZ0srHbqNZn1l7kPJOzHdiEoZa5X6AeIdUpWoNIFOqTmjZKILPPy4cHG
-YdtBxceb9w4aUUXCYWvcZCcXjFq32nQozZfkvQ==
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/TC_TrustCenter_Class_3_CA_II.crt b/cert-validity/mozilla/builtin-certs/TC_TrustCenter_Class_3_CA_II.crt
deleted file mode 100644
index be8a825e5135..000000000000
--- a/cert-validity/mozilla/builtin-certs/TC_TrustCenter_Class_3_CA_II.crt
+++ /dev/null
@@ -1,29 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEqjCCA5KgAwIBAgIOSkcAAQAC5aBd1j8AUb8wDQYJKoZIhvcNAQEFBQAw
-djELMAkGA1UEBhMCREUxHDAaBgNVBAoTE1RDIFRydXN0Q2VudGVyIEdtYkgx
-IjAgBgNVBAsTGVRDIFRydXN0Q2VudGVyIENsYXNzIDMgQ0ExJTAjBgNVBAMT
-HFRDIFRydXN0Q2VudGVyIENsYXNzIDMgQ0EgSUkwHhcNMDYwMTEyMTQ0MTU3
-WhcNMjUxMjMxMjI1OTU5WjB2MQswCQYDVQQGEwJERTEcMBoGA1UEChMTVEMg
-VHJ1c3RDZW50ZXIgR21iSDEiMCAGA1UECxMZVEMgVHJ1c3RDZW50ZXIgQ2xh
-c3MgMyBDQTElMCMGA1UEAxMcVEMgVHJ1c3RDZW50ZXIgQ2xhc3MgMyBDQSBJ
-STCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALTgu1G7OVyLBMVM
-eRwjhjEQY0NVJz/GRcekPewJDRoeIMJWHt4bNwcwIi9v8Qbxq63WyKthoy9D
-xLCyLfzDlml7forkzMA5EpBCYMnMNWju2l+QVl/NHE1bWEnrDgFPZPosPIlY
-2C8u4rBo6SI7dYnWRBpl8huXJh0obazovVkdKyT21oQDZogkAHhg8fir/gKy
-a/si+zXmFtGt9i4S5Po1auUZuV3bOx4a+9P/FRQI2AlqukWdFHlgfa9Aigdz
-s5OW03Q0jTo3Kd5c7PXuLjHCINy+8U9/I1LZW+Jk2ZyqBwi1Rb3R0DHBq1Sf
-qdLDYmAD8bs5SpJKPQq5ncWg/jcCAwEAAaOCATQwggEwMA8GA1UdEwEB/wQF
-MAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBTUovyfs8PYA9NXXAek
-0CSnwPIA1DCB7QYDVR0fBIHlMIHiMIHfoIHcoIHZhjVodHRwOi8vd3d3LnRy
-dXN0Y2VudGVyLmRlL2NybC92Mi90Y19jbGFzc18zX2NhX0lJLmNybIaBn2xk
-YXA6Ly93d3cudHJ1c3RjZW50ZXIuZGUvQ049VEMlMjBUcnVzdENlbnRlciUy
-MENsYXNzJTIwMyUyMENBJTIwSUksTz1UQyUyMFRydXN0Q2VudGVyJTIwR21i
-SCxPVT1yb290Y2VydHMsREM9dHJ1c3RjZW50ZXIsREM9ZGU/Y2VydGlmaWNh
-dGVSZXZvY2F0aW9uTGlzdD9iYXNlPzANBgkqhkiG9w0BAQUFAAOCAQEANmDk
-cPcGIEPZIxpC8vijsrlNirTzwppVMXzEO2eatN9NDoqTSheLG43KieHPOh6s
-HfGcMrSOWXaiQYUlN6AT0PV8TtXqluJucsG7Kv5sbviRmEb8yRtXW+rIGjs/
-sFGYPAfaLFkB2otE6OF0/ado3VS6g0bsyEa1+K+XwDsJHI/OcpY9M1ZwvJbL
-2NV9IJqDnxrcOfHFcqMRA/07QlIp2+gB95tejNaNhk4Z+rwcvsUhpYeeeC42
-2wlxo3I0+GzjBgnyXlal092Y+tTmBvTwtiBjS+opvaqCZh77gaqnN60TGOaS
-w4HBM7uIHqHn4rS9MWwOUT1v+5ZWgOI2F9Hc5A==
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/TC_TrustCenter_Universal_CA_I.crt b/cert-validity/mozilla/builtin-certs/TC_TrustCenter_Universal_CA_I.crt
deleted file mode 100644
index 3260142e62af..000000000000
--- a/cert-validity/mozilla/builtin-certs/TC_TrustCenter_Universal_CA_I.crt
+++ /dev/null
@@ -1,25 +0,0 @@
------BEGIN CERTIFICATE-----
-MIID3TCCAsWgAwIBAgIOHaIAAQAC7LdggHiNtgYwDQYJKoZIhvcNAQEFBQAw
-eTELMAkGA1UEBhMCREUxHDAaBgNVBAoTE1RDIFRydXN0Q2VudGVyIEdtYkgx
-JDAiBgNVBAsTG1RDIFRydXN0Q2VudGVyIFVuaXZlcnNhbCBDQTEmMCQGA1UE
-AxMdVEMgVHJ1c3RDZW50ZXIgVW5pdmVyc2FsIENBIEkwHhcNMDYwMzIyMTU1
-NDI4WhcNMjUxMjMxMjI1OTU5WjB5MQswCQYDVQQGEwJERTEcMBoGA1UEChMT
-VEMgVHJ1c3RDZW50ZXIgR21iSDEkMCIGA1UECxMbVEMgVHJ1c3RDZW50ZXIg
-VW5pdmVyc2FsIENBMSYwJAYDVQQDEx1UQyBUcnVzdENlbnRlciBVbml2ZXJz
-YWwgQ0EgSTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKR3I5ZE
-r5D0MacQ9CaHnPM42Q9e3s9B6DGtxnSRJJZ4Hgmgm5qVSkr1YnwCqMqs+1oE
-djneX/H5s7/zA1hV0qq34wQi0fiU2iIIAI3TfCZdzHd55yx4Oagmcw6iXSVp
-hU9VDprvxrlE4Vc93x9UIuVvZaozhDrzznq+VZeujRIPFDPiUHDDSYcTvFHe
-15gSWu86gzOSBnWLknwSaHtwag+1m7Z3W0hZneTvWq3zwZ7U10VOylY0Ibw+
-F1tvdwxIAUMpsN0/lm7mlaoMwCC2/T42J5zjXM9OgdwZu5GQfezmlwQek8wi
-SdeXhrYTCjxDI3d+8NzmzSQfO4ObNDqDNOMCAwEAAaNjMGEwHwYDVR0jBBgw
-FoAUkqR1LKSevoFE63n8isWVpesQdXMwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
-HQ8BAf8EBAMCAYYwHQYDVR0OBBYEFJKkdSyknr6BROt5/IrFlaXrEHVzMA0G
-CSqGSIb3DQEBBQUAA4IBAQAo0uCG1eb4e/CX3CJrO5UUVg8RMKWaTzqwOuAG
-y2X17caXJ/4l8lfmXpWMPmRgFVp/Lw0BxbFg/UU1z/CyvwbZ71q+s2IhtNer
-NXxTPqYn8aEt2hojnczd7Dwtnic0XQ/CNnm8yUpiLe1r2X1BQ3y2qsrtYbE3
-ghUJGooWMNjsydZHcnhLEEYUjl8Or+zHL6sQ17bxbuyGssLoDZJz3KL0Dzq/
-YSMQiZxIQG5wALPTujdEWBF6AmqI8Dc08BnprNRlc/ZpjGSUOnmFKbAWKwyC
-Pwacx/0QK54PLLae4xW/2TYcuiUaUj0a7CIMHOCkoj3w6DnPgcB77V0fb8XQ
-C9eY
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/TC_TrustCenter_Universal_CA_III.crt b/cert-validity/mozilla/builtin-certs/TC_TrustCenter_Universal_CA_III.crt
deleted file mode 100644
index 60cc4e3ee429..000000000000
--- a/cert-validity/mozilla/builtin-certs/TC_TrustCenter_Universal_CA_III.crt
+++ /dev/null
@@ -1,25 +0,0 @@
------BEGIN CERTIFICATE-----
-MIID4TCCAsmgAwIBAgIOYyUAAQACFI0zFQLkbPQwDQYJKoZIhvcNAQEFBQAw
-ezELMAkGA1UEBhMCREUxHDAaBgNVBAoTE1RDIFRydXN0Q2VudGVyIEdtYkgx
-JDAiBgNVBAsTG1RDIFRydXN0Q2VudGVyIFVuaXZlcnNhbCBDQTEoMCYGA1UE
-AxMfVEMgVHJ1c3RDZW50ZXIgVW5pdmVyc2FsIENBIElJSTAeFw0wOTA5MDkw
-ODE1MjdaFw0yOTEyMzEyMzU5NTlaMHsxCzAJBgNVBAYTAkRFMRwwGgYDVQQK
-ExNUQyBUcnVzdENlbnRlciBHbWJIMSQwIgYDVQQLExtUQyBUcnVzdENlbnRl
-ciBVbml2ZXJzYWwgQ0ExKDAmBgNVBAMTH1RDIFRydXN0Q2VudGVyIFVuaXZl
-cnNhbCBDQSBJSUkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDC
-2pxisLlxErALyBpXsq6DFJmzNEubkKLF5+cvAqBNLaT6hdqbJYUtQCggberg
-vbFIgyIpRJ9Og+41URNzdNW88jBmlFPAQDYvDIRlzg9uwliT6CwLOunBjvvy
-a8o84pxOjuT5fdMnnxvVZ3iHLX8LR7PH6MlIfK8vzArZQe+f/prhsq75U7Xl
-6UafYOPfjdN/+5Z+s7Vy+EutCHnNaYlAJ/Uqwa1D7KRTyGG299J5KmcYdkht
-WyUB0SbFt1dpIxVbYYqt8Bst2a9c8SaQaanVDED1M4BDj5yjdipFtK+/fz6H
-P3bFzSreIMUWWMv5G/UPyw0RUmS40nZid4PxWJ//AgMBAAGjYzBhMB8GA1Ud
-IwQYMBaAFFbn4VslQ4Dg9ozhcbyO5YAvxEjiMA8GA1UdEwEB/wQFMAMBAf8w
-DgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBRW5+FbJUOA4PaM4XG8juWAL8RI
-4jANBgkqhkiG9w0BAQUFAAOCAQEAg8ev6n9NCjw5sWi+e22JLumzCecYV42F
-mhfzdkJQEw/HkG8zrcVJYCtsSVgZ1OK+t7+rSbyUyKu+KGwWaODIl0YgoGhn
-YIg5IFHYaAERzqf2EQf27OysGh+yZm5WZ2B6dF7AbZc2rrUNXWZzwCUyRdhK
-BgePxLcHsU0GDeGl6/R1yrqc0L2z0zIkTO5+4nYES0lT2PLpVDP85XEfPRRc
-lkvxOvIAu2y0+pZVCIgJwcyRGSmwIC3/yzikQOEXvnlhgP8HA4ZMTnsGnxGG
-jYnuJ8Tb4rwZjgvDwxPHLQNjO9Po5KIqwoIIlBZU8O8fJ5AluA0OKBtHd0e9
-HKgl8ZS0Zg==
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/TC_TrustCenter__Germany__Class_2_CA.crt b/cert-validity/mozilla/builtin-certs/TC_TrustCenter__Germany__Class_2_CA.crt
deleted file mode 100644
index 974c86b17c57..000000000000
--- a/cert-validity/mozilla/builtin-certs/TC_TrustCenter__Germany__Class_2_CA.crt
+++ /dev/null
@@ -1,22 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDXDCCAsWgAwIBAgICA+owDQYJKoZIhvcNAQEEBQAwgbwxCzAJBgNVBAYT
-AkRFMRAwDgYDVQQIEwdIYW1idXJnMRAwDgYDVQQHEwdIYW1idXJnMTowOAYD
-VQQKEzFUQyBUcnVzdENlbnRlciBmb3IgU2VjdXJpdHkgaW4gRGF0YSBOZXR3
-b3JrcyBHbWJIMSIwIAYDVQQLExlUQyBUcnVzdENlbnRlciBDbGFzcyAyIENB
-MSkwJwYJKoZIhvcNAQkBFhpjZXJ0aWZpY2F0ZUB0cnVzdGNlbnRlci5kZTAe
-Fw05ODAzMDkxMTU5NTlaFw0xMTAxMDExMTU5NTlaMIG8MQswCQYDVQQGEwJE
-RTEQMA4GA1UECBMHSGFtYnVyZzEQMA4GA1UEBxMHSGFtYnVyZzE6MDgGA1UE
-ChMxVEMgVHJ1c3RDZW50ZXIgZm9yIFNlY3VyaXR5IGluIERhdGEgTmV0d29y
-a3MgR21iSDEiMCAGA1UECxMZVEMgVHJ1c3RDZW50ZXIgQ2xhc3MgMiBDQTEp
-MCcGCSqGSIb3DQEJARYaY2VydGlmaWNhdGVAdHJ1c3RjZW50ZXIuZGUwgZ8w
-DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANo46O0yAClxgwENv4wB3NrGrTmk
-qYov1YtcaF9QxmL1Zr3KkSLsqh1R1z2zUbKDTl3LSbDwTFXlay3HhQswHJJO
-gtTKAu33b77c4OMUuAVT8pr0VotanoWT0bSCVq5Nu6hLVxa8/vhYnvgpjbB7
-zXjJT6yLZwzxnPv8V5tXXE8NAgMBAAGjazBpMA8GA1UdEwEB/wQFMAMBAf8w
-DgYDVR0PAQH/BAQDAgGGMDMGCWCGSAGG+EIBCAQmFiRodHRwOi8vd3d3LnRy
-dXN0Y2VudGVyLmRlL2d1aWRlbGluZXMwEQYJYIZIAYb4QgEBBAQDAgAHMA0G
-CSqGSIb3DQEBBAUAA4GBAIRS+yjf/x91AbwBvgRWl2p0QiQxg/lGsQaKic+W
-LDO/jLVfenKhhQbOhvgFjuj5Jcrag4wGrOs2bYWRNAQ29ELw+HkuCkhcq8xR
-T3h2oNmsGb0q0WkEKJHKNhAngFdb0lz1wlurZIFjdFH0l7/NEij3TWZ/p/Ac
-ASZ4smZHcFFk
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/TC_TrustCenter__Germany__Class_3_CA.crt b/cert-validity/mozilla/builtin-certs/TC_TrustCenter__Germany__Class_3_CA.crt
deleted file mode 100644
index cd88223c713d..000000000000
--- a/cert-validity/mozilla/builtin-certs/TC_TrustCenter__Germany__Class_3_CA.crt
+++ /dev/null
@@ -1,22 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDXDCCAsWgAwIBAgICA+swDQYJKoZIhvcNAQEEBQAwgbwxCzAJBgNVBAYT
-AkRFMRAwDgYDVQQIEwdIYW1idXJnMRAwDgYDVQQHEwdIYW1idXJnMTowOAYD
-VQQKEzFUQyBUcnVzdENlbnRlciBmb3IgU2VjdXJpdHkgaW4gRGF0YSBOZXR3
-b3JrcyBHbWJIMSIwIAYDVQQLExlUQyBUcnVzdENlbnRlciBDbGFzcyAzIENB
-MSkwJwYJKoZIhvcNAQkBFhpjZXJ0aWZpY2F0ZUB0cnVzdGNlbnRlci5kZTAe
-Fw05ODAzMDkxMTU5NTlaFw0xMTAxMDExMTU5NTlaMIG8MQswCQYDVQQGEwJE
-RTEQMA4GA1UECBMHSGFtYnVyZzEQMA4GA1UEBxMHSGFtYnVyZzE6MDgGA1UE
-ChMxVEMgVHJ1c3RDZW50ZXIgZm9yIFNlY3VyaXR5IGluIERhdGEgTmV0d29y
-a3MgR21iSDEiMCAGA1UECxMZVEMgVHJ1c3RDZW50ZXIgQ2xhc3MgMyBDQTEp
-MCcGCSqGSIb3DQEJARYaY2VydGlmaWNhdGVAdHJ1c3RjZW50ZXIuZGUwgZ8w
-DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALa0wTUFLg2N7KBAahwOJ6ZQkmtQ
-GwfeLud2zODa/ISoXoxjaitN2U4CdhHBC/KNecoAtvGwDtf7pBc9r6tpepYn
-v68zoZoqWarEtTcI8hKlMbZD9TKWcSgoq40oht+77uMMfTDWw1Krj10nnGvA
-o+cFa1dJRLNu6mTP0o56UHd3AgMBAAGjazBpMA8GA1UdEwEB/wQFMAMBAf8w
-DgYDVR0PAQH/BAQDAgGGMDMGCWCGSAGG+EIBCAQmFiRodHRwOi8vd3d3LnRy
-dXN0Y2VudGVyLmRlL2d1aWRlbGluZXMwEQYJYIZIAYb4QgEBBAQDAgAHMA0G
-CSqGSIb3DQEBBAUAA4GBABY9xs3Bu4VxhUafPiCPUSiZ7C1FIWMjWwS7TJC4
-iJIETb19AaM/9uzO8d7+feXhPrvGq14L3T2WxMup1Pkm5gZOngylerpuw3yC
-GdHHsbHD2w2Om0B8NwvxXej9H5CIpQ5ON2QhqE6NtJ/x3kit1VYYUimLRzQS
-CdS7kjXvD9s0
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/TDC_Internet_Root_CA.crt b/cert-validity/mozilla/builtin-certs/TDC_Internet_Root_CA.crt
deleted file mode 100644
index d441fd8d5ae4..000000000000
--- a/cert-validity/mozilla/builtin-certs/TDC_Internet_Root_CA.crt
+++ /dev/null
@@ -1,26 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEKzCCAxOgAwIBAgIEOsylTDANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQG
-EwJESzEVMBMGA1UEChMMVERDIEludGVybmV0MR0wGwYDVQQLExRUREMgSW50
-ZXJuZXQgUm9vdCBDQTAeFw0wMTA0MDUxNjMzMTdaFw0yMTA0MDUxNzAzMTda
-MEMxCzAJBgNVBAYTAkRLMRUwEwYDVQQKEwxUREMgSW50ZXJuZXQxHTAbBgNV
-BAsTFFREQyBJbnRlcm5ldCBSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOC
-AQ8AMIIBCgKCAQEAxLhAvJHVYx/XmaCLDEAedLdInUaMArLgJF/wGROnN4Nr
-XceO+YQwzho7+vvOi20jxsNuZp+Jpd/gQlBn+h9sHvTQBda/ytZO5GhgbEaq
-HF1j4QeGDmUApy6mcca8uYGoOn0a0vnRrEvLznWv3Hv6gXPU/Lq9QYjUdLP5
-Xjg6PEOo0pVOd20TDJ2PeAG3WiAfAzc14izbSysseLlJ28TQx5yc5IogCSEW
-Vmb/Bexb4/DPqyQkXsN/cHoSxNK1EKC2IeGNeGlVRGn1ypYcNIUXJXfi9i8n
-mHj9eQY6otZaQ8H/7AQ77hPv01ha/5Lr7K7a8jcDR0G2l8ktCkEiu7vmpwID
-AQABo4IBJTCCASEwEQYJYIZIAYb4QgEBBAQDAgAHMGUGA1UdHwReMFwwWqBY
-oFakVDBSMQswCQYDVQQGEwJESzEVMBMGA1UEChMMVERDIEludGVybmV0MR0w
-GwYDVQQLExRUREMgSW50ZXJuZXQgUm9vdCBDQTENMAsGA1UEAxMEQ1JMMTAr
-BgNVHRAEJDAigA8yMDAxMDQwNTE2MzMxN1qBDzIwMjEwNDA1MTcwMzE3WjAL
-BgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUbGQBx/2FbazI2p5QCIUItTxWqFAw
-HQYDVR0OBBYEFGxkAcf9hW2syNqeUAiFCLU8VqhQMAwGA1UdEwQFMAMBAf8w
-HQYJKoZIhvZ9B0EABBAwDhsIVjUuMDo0LjADAgSQMA0GCSqGSIb3DQEBBQUA
-A4IBAQBOQ8zR3R0QGwZ/t6T609lN+yOfI1Rb5osvBCiLtSdtiaHsmGnc540m
-gwV5dOy0uaOXwTUA/RXaOYE6lTGQ3pfphqiZdwzlWqCE/xIWrG64jcN7ksKs
-LtB9KOy282A4aW8+2ARVPp7MVdK6/rtHBNcK2RYKNCn1WBPVT8+PVkuzHu7T
-mHnaCB4Mb7j4Fifvwm899qNLPg7kbWzbO0ESm70NRyN/PErQr8Cv9u8btRXE
-64PECV90i9kR+8JWsTz4cMo0jUNAE4z9mQNUecYu6oah9jrUCbz0vGbMPVjQ
-V0kK7iXiQe4T+Zs4NNEA9X7nlB38aQNiuJkFBT1reBK9sG9l
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/TDC_OCES_Root_CA.crt b/cert-validity/mozilla/builtin-certs/TDC_OCES_Root_CA.crt
deleted file mode 100644
index 917b44cfe2f9..000000000000
--- a/cert-validity/mozilla/builtin-certs/TDC_OCES_Root_CA.crt
+++ /dev/null
@@ -1,32 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFGTCCBAGgAwIBAgIEPki9xDANBgkqhkiG9w0BAQUFADAxMQswCQYDVQQG
-EwJESzEMMAoGA1UEChMDVERDMRQwEgYDVQQDEwtUREMgT0NFUyBDQTAeFw0w
-MzAyMTEwODM5MzBaFw0zNzAyMTEwOTA5MzBaMDExCzAJBgNVBAYTAkRLMQww
-CgYDVQQKEwNUREMxFDASBgNVBAMTC1REQyBPQ0VTIENBMIIBIjANBgkqhkiG
-9w0BAQEFAAOCAQ8AMIIBCgKCAQEArGL2YSCyz8DGhdfjeebM7fI5kqSXLmSj
-hFuHnEz9pPPEXyG9VhDr2y5h7JNp46PMvZnDBfwGuMo2HP6QjklMxFaaL1a8
-z3sM8W9Hpg1DTeLpHTk0zY0s2RKY+ePhwUp8hjjEqcRhiNJerxomTdXkoCJH
-hNlktxmW/OwZ5LKXJk5KTMuPJItUGBxIYXvViGjaXbXqzRowwYCDdlCqT9HU
-3Tjw7xb04QxQBr/q+3pJoSgrHPb8FTKjdGqPqcNiKXEx5TukYBdedObaE+3p
-Hx8b0bJoc8YQNHVGEBDjkAB2QMuLt0MJIf+rTpPGWOmlgtt3xDqZsXKVSQTw
-tyv6e1mO3QIDAQABo4ICNzCCAjMwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8B
-Af8EBAMCAQYwgewGA1UdIASB5DCB4TCB3gYIKoFQgSkBAQEwgdEwLwYIKwYB
-BQUHAgEWI2h0dHA6Ly93d3cuY2VydGlmaWthdC5kay9yZXBvc2l0b3J5MIGd
-BggrBgEFBQcCAjCBkDAKFgNUREMwAwIBARqBgUNlcnRpZmlrYXRlciBmcmEg
-ZGVubmUgQ0EgdWRzdGVkZXMgdW5kZXIgT0lEIDEuMi4yMDguMTY5LjEuMS4x
-LiBDZXJ0aWZpY2F0ZXMgZnJvbSB0aGlzIENBIGFyZSBpc3N1ZWQgdW5kZXIg
-T0lEIDEuMi4yMDguMTY5LjEuMS4xLjARBglghkgBhvhCAQEEBAMCAAcwgYEG
-A1UdHwR6MHgwSKBGoESkQjBAMQswCQYDVQQGEwJESzEMMAoGA1UEChMDVERD
-MRQwEgYDVQQDEwtUREMgT0NFUyBDQTENMAsGA1UEAxMEQ1JMMTAsoCqgKIYm
-aHR0cDovL2NybC5vY2VzLmNlcnRpZmlrYXQuZGsvb2Nlcy5jcmwwKwYDVR0Q
-BCQwIoAPMjAwMzAyMTEwODM5MzBagQ8yMDM3MDIxMTA5MDkzMFowHwYDVR0j
-BBgwFoAUYLWF7FZkfhIZJ2cdUBVLc647+RIwHQYDVR0OBBYEFGC1hexWZH4S
-GSdnHVAVS3OuO/kSMB0GCSqGSIb2fQdBAAQQMA4bCFY2LjA6NC4wAwIEkDAN
-BgkqhkiG9w0BAQUFAAOCAQEACromJkbTc6gJ82sLMJn9iuFXehHTuJTXCRBu
-o7E4A9G28kNBKWKnctj7fAXmMXAnVBhOinxO5dHKjHiIzxvTkIvmI/gLDjND
-fZziChmPyQE+dF10yYscA+UYyAFMP8uXBV2YcaaYb7Z8vTd/vuGTJW1v8Aqt
-FxjhA7wHKcitJuj4YfD9IQl+mo6paH1IYnK9AOoBmbgGglGBTvH1tJFUuSN6
-AJqfXY3gPGS5GhKSKseCRHI53OI8xthV9RVOyAUO28bQYqbsFbS1AoLbrIyi
-gfCbmTH1ICCoiGEKB5+U/NDXG8wuF/MEJ3Zn61SD/aSQfgY9BKNDLdr8C2Lq
-L19iUw==
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/TURKTRUST_Certificate_Services_Provider_Root_1.crt b/cert-validity/mozilla/builtin-certs/TURKTRUST_Certificate_Services_Provider_Root_1.crt
deleted file mode 100644
index f70bdb2df68c..000000000000
--- a/cert-validity/mozilla/builtin-certs/TURKTRUST_Certificate_Services_Provider_Root_1.crt
+++ /dev/null
@@ -1,25 +0,0 @@
------BEGIN CERTIFICATE-----
-MIID+zCCAuOgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBtzE/MD0GA1UEAww2
-VMOcUktUUlVTVCBFbGVrdHJvbmlrIFNlcnRpZmlrYSBIaXptZXQgU2HEn2xh
-ecSxY8Sxc8SxMQswCQYDVQQGDAJUUjEPMA0GA1UEBwwGQU5LQVJBMVYwVAYD
-VQQKDE0oYykgMjAwNSBUw5xSS1RSVVNUIEJpbGdpIMSwbGV0acWfaW0gdmUg
-QmlsacWfaW0gR8O8dmVubGnEn2kgSGl6bWV0bGVyaSBBLsWeLjAeFw0wNTA1
-MTMxMDI3MTdaFw0xNTAzMjIxMDI3MTdaMIG3MT8wPQYDVQQDDDZUw5xSS1RS
-VVNUIEVsZWt0cm9uaWsgU2VydGlmaWthIEhpem1ldCBTYcSfbGF5xLFjxLFz
-xLExCzAJBgNVBAYMAlRSMQ8wDQYDVQQHDAZBTktBUkExVjBUBgNVBAoMTShj
-KSAyMDA1IFTDnFJLVFJVU1QgQmlsZ2kgxLBsZXRpxZ9pbSB2ZSBCaWxpxZ9p
-bSBHw7x2ZW5sacSfaSBIaXptZXRsZXJpIEEuxZ4uMIIBIjANBgkqhkiG9w0B
-AQEFAAOCAQ8AMIIBCgKCAQEAylIF1mMD2Bxf3dJ7XfIMYGFbazt0K3gNfUW9
-InTojAPBxhEqPZW8qZSwu5GXyGl8hMW0kWxsE2qkVa2kheiVfrMArwDCBRj1
-cJ02i67L5BuBf5OI+2pVu32Fks66WJ/bMsW9Xe8iSi9BB35JYbOG7E6mQW6E
-vAPs9TscyB/C7qju6hJKjRTP8wrgUDn5CDX4EVmt5yLqS8oUBt5CurKZ8y1U
-iBAG6uEaPj1nH/vO+3yC6BFdSsG5FOpU2WabfIl9BJpiyelSPJ6c79L1JuTm
-5Rh8i27fbMx4W09ysstcP4wFjdFMjK2Sx+F4f2VsSQZQLJ4ywtdKxnWKWU51
-b0dewQIDAQABoxAwDjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IB
-AQAV9VX/N5aAWSGk/KEVTCD21F/aAyT8z5Aa9CEKmu46sWrv7/hg0Uw2ZkUd
-82YCdAR7kjCo3gp2D++Vbr3JN+YaDayJSFvMgzbC9UZcWYJWtNX+I7TYVBxE
-q8Sn5RTOPEFhfEPmzcSBCYsk+1Ql1haolgxnB2+zUEfjHCQo3SqYpGH+2+oS
-N7wBGjSFvW5P55FyB0SFHljKVETd96y5y4khctuPwGkplyqjrhgjlxxBKot8
-KsF8kOipKMDTkcatKIdAaLX/7KfS0zgYnNN9aV3wxqUeJBujR/xpB2jn5Jq0
-7Q+hh4cCzofSSE7hvP/L8XKSRGQDJereW26fyfJOrN3H
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/TURKTRUST_Certificate_Services_Provider_Root_2.crt b/cert-validity/mozilla/builtin-certs/TURKTRUST_Certificate_Services_Provider_Root_2.crt
deleted file mode 100644
index 2d5e5d2e9beb..000000000000
--- a/cert-validity/mozilla/builtin-certs/TURKTRUST_Certificate_Services_Provider_Root_2.crt
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEPDCCAySgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBvjE/MD0GA1UEAww2
-VMOcUktUUlVTVCBFbGVrdHJvbmlrIFNlcnRpZmlrYSBIaXptZXQgU2HEn2xh
-ecSxY8Sxc8SxMQswCQYDVQQGEwJUUjEPMA0GA1UEBwwGQW5rYXJhMV0wWwYD
-VQQKDFRUw5xSS1RSVVNUIEJpbGdpIMSwbGV0acWfaW0gdmUgQmlsacWfaW0g
-R8O8dmVubGnEn2kgSGl6bWV0bGVyaSBBLsWeLiAoYykgS2FzxLFtIDIwMDUw
-HhcNMDUxMTA3MTAwNzU3WhcNMTUwOTE2MTAwNzU3WjCBvjE/MD0GA1UEAww2
-VMOcUktUUlVTVCBFbGVrdHJvbmlrIFNlcnRpZmlrYSBIaXptZXQgU2HEn2xh
-ecSxY8Sxc8SxMQswCQYDVQQGEwJUUjEPMA0GA1UEBwwGQW5rYXJhMV0wWwYD
-VQQKDFRUw5xSS1RSVVNUIEJpbGdpIMSwbGV0acWfaW0gdmUgQmlsacWfaW0g
-R8O8dmVubGnEn2kgSGl6bWV0bGVyaSBBLsWeLiAoYykgS2FzxLFtIDIwMDUw
-ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpNn7DkUNMwxmYCMjH
-WHtPFoylzkkBH3MOrHUTpvqeLCDe2JAOCtFp0if7qnefJ1Il4std2NiDUBd9
-irWCPwSOtNXwSadktx4uXyCcUHVPr+G1QRT0mJKIx+XlZEdhR3n9wFHxwZnn
-3M5q+6+1ATDcRhzviuyV79z/rxAc653YsKpqhRgNF8k+v/Gb0AmJQv2gQrSd
-iVFVKc8bcLyEVK3BEx+Y9C52YItdP5qtygy/p1Zbj3e41Z55SZI/4PGXJHps
-mxcPbe9TmJEr5A++WXkHeLuXlfSfadRYhwqp48y2WBmfJiGxxFmNskF1wK1p
-zpwACPI2/z7woQ8arBT9pmAPAgMBAAGjQzBBMB0GA1UdDgQWBBTZN7NOBf3Z
-z58SFq62iS/rJTqIHDAPBgNVHQ8BAf8EBQMDBwYAMA8GA1UdEwEB/wQFMAMB
-Af8wDQYJKoZIhvcNAQEFBQADggEBAHJglrfJ3NgpXiOFX7KzLXb7iNcX/ntt
-Rbj2hWyfIvwqECLsqrkw9qtY1jkQMZkpAL2JZkH7dN6RwRgLn7Vhy506vvWo
-lKMiVW4XSf/SKfE4Jl3vpao6+XF75tpYHdN0wgH6PmlYX63LaL4ULptswLbc
-oCb6dxriJNoaN+BnrdFzgw2lGh1uEpJ+hGIAF728JRhX8tepb1mIvDS3LoV4
-nZbcFMMsilKbloxSZj2GFotHuFEJjOp9zYhys2AzsfAKRO8P9Qk3iCQOLGsg
-OqL6EfJANZxEaGM7rDNvY7wsu/LSy3Z9fYjYHcgFHW68lKlmjHdxx/qR+i9R
-nuk5UrbnBEI=
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/Taiwan_GRCA.crt b/cert-validity/mozilla/builtin-certs/Taiwan_GRCA.crt
deleted file mode 100644
index cfcd80b87f79..000000000000
--- a/cert-validity/mozilla/builtin-certs/Taiwan_GRCA.crt
+++ /dev/null
@@ -1,34 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFcjCCA1qgAwIBAgIQH51ZWtcvwgZEpYAIaeNe9jANBgkqhkiG9w0BAQUF
-ADA/MQswCQYDVQQGEwJUVzEwMC4GA1UECgwnR292ZXJubWVudCBSb290IENl
-cnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTAyMTIwNTEzMjMzM1oXDTMyMTIw
-NTEzMjMzM1owPzELMAkGA1UEBhMCVFcxMDAuBgNVBAoMJ0dvdmVybm1lbnQg
-Um9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCAiIwDQYJKoZIhvcNAQEB
-BQADggIPADCCAgoCggIBAJoluOzMonWoe/fOW1mKydGGEghU7Jzy50b2iPN8
-6aXfTEc2pBsBHH8eV4qNw8XRIePaJD9IK/ufLqGU5ywck9G/GwGHU5nOp/UK
-IXZ3/6m3xnOUT0b3EEk3+qhZSV1qgQdW8or5BtD3cCJNtLdBuTK4sfCxw5w/
-cP1T3YGq2GN49thTbqGsaoQkclSGxtKyyhwOeYHWtXBiCAEuTk8O1RGvqa/l
-mr/czIdtJuTJV6L7lvnM4T9TjGxMfptTCAtsF/tnyMKtsc2AtJfcdgEWFelq
-16TheEfOhtX7MfP6Mb40qij7cEwdScevLJ1tZqa2jWR+tSBqnTuBto9AAGdL
-iYa4zGX+FVPpBMHWXx1E1wovJ5pGfaENda1UhhXcSTvxls4Pm6Dso3pdvtUq
-dULle96ltqqvKKyskKw4t9VoNSZ63Pc78/1Fm9G7Q3hub/FCVGqY8A2tl+lS
-XunVanLeavcbYBT0peS2cWeqH+riTcFCQP5nRhc4L0c/cZyu5SHKYS1tB6iE
-fC3uUSXxY5Ce/eFXiGvviiNtsea9P63RPZYLhY3Naye7twWb7LuRqQoHEgKX
-TiCQ8P8NHuJBO9NAOueNXdpm5AKwB1KYXA6OM5zCppX7VRluTI6uSw+9wThN
-Xo+EHWbNxWCWtFJaBYmOlXqYwZE8lSOyDvR5tMl8wUohAgMBAAGjajBoMB0G
-A1UdDgQWBBTMzO/MKWCkO7GStjz6MmKPrCUVOzAMBgNVHRMEBTADAQH/MDkG
-BGcqBwAEMTAvMC0CAQAwCQYFKw4DAhoFADAHBgVnKgMAAAQUA5vwIhP/lSg2
-09yewDL7MTqKUWUwDQYJKoZIhvcNAQEFBQADggIBAECASvomyc5eMN1PhnR2
-WPWus4MzeKR6dBcZTulStbngCnRiqmjKeKBMmo4sIy7VahIkv9Ro04rQ2Jyf
-tB8M3jh+Vzj8jeJPXgyfqzvS/3WXy6TjZwj/5cAWtUgBfen5Cv8b5Wppv3gh
-qMKnI6mGq3ZW6A4M9hPdKmaKZEk9GhiHkASfQlK3T8v+R0F2Ne//AHY2RTKb
-xkaFXeIksB7jSJaYV0eUVXoPQbFEJPPB/hprv4j9wabak2BegUqZIJxIZhm1
-AHlUD7gsL0u8qV1bYH+Mh6XgUmMqvtg7hUAV/h62ZT/FS9p+tXo1KaMuephg
-IqP0fSdOLeq0dDzpD6QzDxARvBMB1uUO07+1EqLhRSPAzAhuYbeJq4PjJB7m
-XQfnHyA+z2fI56wwbSdLaG5LKlwCCDTb+HbkZ6MmnD+iMsJKxYEYMRBWqoTv
-LQr/uB930r+lWKBi5NdLkXWNiYCYfm3LU05er/ayl4WXudpVBrkk7tfGOB5j
-GxI7leFYrPLfhNVfmS8NVVvmONsuP3LpSIXLuykTjx44VbnzssQwmSNOXfJI
-oRIM3BKQCZBUkQM8R+XVyWXgt0t97EfTsws+rZ7QdAAO671RrcDeLMDDav7v
-3Aun+kbfYNucpllQdSNpc5Oy+fwC00fmcc4QAu4njIT/rEUNE1yDMuAlpYYs
-fPQS
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/Thawte_Personal_Freemail_CA.crt b/cert-validity/mozilla/builtin-certs/Thawte_Personal_Freemail_CA.crt
deleted file mode 100644
index 565a4be14ef8..000000000000
--- a/cert-validity/mozilla/builtin-certs/Thawte_Personal_Freemail_CA.crt
+++ /dev/null
@@ -1,21 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDLTCCApagAwIBAgIBADANBgkqhkiG9w0BAQQFADCB0TELMAkGA1UEBhMC
-WkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3du
-MRowGAYDVQQKExFUaGF3dGUgQ29uc3VsdGluZzEoMCYGA1UECxMfQ2VydGlm
-aWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEkMCIGA1UEAxMbVGhhd3RlIFBl
-cnNvbmFsIEZyZWVtYWlsIENBMSswKQYJKoZIhvcNAQkBFhxwZXJzb25hbC1m
-cmVlbWFpbEB0aGF3dGUuY29tMB4XDTk2MDEwMTAwMDAwMFoXDTIwMTIzMTIz
-NTk1OVowgdExCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUx
-EjAQBgNVBAcTCUNhcGUgVG93bjEaMBgGA1UEChMRVGhhd3RlIENvbnN1bHRp
-bmcxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2VydmljZXMgRGl2aXNpb24x
-JDAiBgNVBAMTG1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBDQTErMCkGCSqG
-SIb3DQEJARYccGVyc29uYWwtZnJlZW1haWxAdGhhd3RlLmNvbTCBnzANBgkq
-hkiG9w0BAQEFAAOBjQAwgYkCgYEA1GnX1LCUZFtx6UfYDFG26nKRsIRefS0N
-j3sS34UldSh0OkIsYyeflXtL734Zhx2G6qPduc6WZBrCFG5ErHzmj+hND3Ef
-QDimAKOHePb5lIZererAXnbr2RSjXW56fAylS1V/Bhkpf56aJtVquzgkCGqY
-x7Hao5iR/Xnb5VrEHLkCAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zANBgkq
-hkiG9w0BAQQFAAOBgQDH7JJ+Tvj1lqVnYiqk8E0RYNBvjWBYYawmu1I1XAjP
-MPuoSpaKH2JCI4wXD/S6ZJwXrEcp352YXtJsYHFcoqzceePnbgBHH7UNKOgC
-neSa/RP0ptl8sfjcXyMmCZGAc9AUG95DqYMl8uacLxXK/qarigd1iwzdUYRr
-5PjRzneigQ==
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/Thawte_Premium_Server_CA.crt b/cert-validity/mozilla/builtin-certs/Thawte_Premium_Server_CA.crt
deleted file mode 100644
index aa37cfc9ffcc..000000000000
--- a/cert-validity/mozilla/builtin-certs/Thawte_Premium_Server_CA.crt
+++ /dev/null
@@ -1,21 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDJzCCApCgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBzjELMAkGA1UEBhMC
-WkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3du
-MR0wGwYDVQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UECxMfQ2Vy
-dGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEhMB8GA1UEAxMYVGhhd3Rl
-IFByZW1pdW0gU2VydmVyIENBMSgwJgYJKoZIhvcNAQkBFhlwcmVtaXVtLXNl
-cnZlckB0aGF3dGUuY29tMB4XDTk2MDgwMTAwMDAwMFoXDTIwMTIzMTIzNTk1
-OVowgc4xCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQ
-BgNVBAcTCUNhcGUgVG93bjEdMBsGA1UEChMUVGhhd3RlIENvbnN1bHRpbmcg
-Y2MxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2VydmljZXMgRGl2aXNpb24x
-ITAfBgNVBAMTGFRoYXd0ZSBQcmVtaXVtIFNlcnZlciBDQTEoMCYGCSqGSIb3
-DQEJARYZcHJlbWl1bS1zZXJ2ZXJAdGhhd3RlLmNvbTCBnzANBgkqhkiG9w0B
-AQEFAAOBjQAwgYkCgYEA0jY2aovXwlue2oFBYo847kkEVdbQ7xwblRZH7xhI
-NTpS9CtqBo87L+pW46+GjZ4X9560ZXUCTe/LCaIhUdib0GfQug2SBhRz1JPL
-lyoAnFxODLz6FVL88kRu2hFKbgifLy3j+ao6hnO2RlNYyIkFvYMRuHM/qgeN
-9EJN50CdHDcCAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0B
-AQQFAAOBgQAmSCwWwlj66BZ0DKqqX1Q/8tfJeGBeXm43YyJ3Nn6yF8Q0ufUI
-hfzJATj/Tb7yFkJD57taRvvBxhEf8UqwKEbJw8RCfbz6q1lu1bdRiBHjpIUZ
-a4JMpAwSremkrj/xw0llmozFyD4lt5SZu5IycQfwhl7tUCemDaYj+bvLpgcU
-Qg==
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/Thawte_Server_CA.crt b/cert-validity/mozilla/builtin-certs/Thawte_Server_CA.crt
deleted file mode 100644
index ac4e25bfab78..000000000000
--- a/cert-validity/mozilla/builtin-certs/Thawte_Server_CA.crt
+++ /dev/null
@@ -1,20 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDEzCCAnygAwIBAgIBATANBgkqhkiG9w0BAQQFADCBxDELMAkGA1UEBhMC
-WkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3du
-MR0wGwYDVQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UECxMfQ2Vy
-dGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEZMBcGA1UEAxMQVGhhd3Rl
-IFNlcnZlciBDQTEmMCQGCSqGSIb3DQEJARYXc2VydmVyLWNlcnRzQHRoYXd0
-ZS5jb20wHhcNOTYwODAxMDAwMDAwWhcNMjAxMjMxMjM1OTU5WjCBxDELMAkG
-A1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2Fw
-ZSBUb3duMR0wGwYDVQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UE
-CxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEZMBcGA1UEAxMQ
-VGhhd3RlIFNlcnZlciBDQTEmMCQGCSqGSIb3DQEJARYXc2VydmVyLWNlcnRz
-QHRoYXd0ZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANOkUG7I
-/1Zr5s9dtuoMaHVHoqrC2oQl/Kj0R1HahbUgdJSGHg91yekIYfUGbTBuFRkC
-6VLAYttNmZ7iagxEOM3+vuNkCXDF/rFrKbYvScg71CcEJRCXL+eQbcAoQpnX
-TEPew/UhbVSfXcNY4cDk2VuwuNy0e982OsK1ZiIS1ocNAgMBAAGjEzARMA8G
-A1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAB/pMaVz7lcxG7oWD
-TSEwjsrZqG9JGubaUeNgcGyEYRGhGshIPllDfU+VPaGLtwtimHp1it2ITk6e
-QNuozDJ0uW8NxuOzRAvZim+aKZuZGCg70eNAKJpaPNW15yAbi8qkq43pUdni
-TCxZqdq5snUb9kLy78fyGPmJvKP/iiMucEc=
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/Thawte_Time_Stamping_CA.crt b/cert-validity/mozilla/builtin-certs/Thawte_Time_Stamping_CA.crt
deleted file mode 100644
index fecbd15efbdd..000000000000
--- a/cert-validity/mozilla/builtin-certs/Thawte_Time_Stamping_CA.crt
+++ /dev/null
@@ -1,18 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICoTCCAgqgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBizELMAkGA1UEBhMC
-WkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTEUMBIGA1UEBxMLRHVyYmFudmls
-bGUxDzANBgNVBAoTBlRoYXd0ZTEdMBsGA1UECxMUVGhhd3RlIENlcnRpZmlj
-YXRpb24xHzAdBgNVBAMTFlRoYXd0ZSBUaW1lc3RhbXBpbmcgQ0EwHhcNOTcw
-MTAxMDAwMDAwWhcNMjAxMjMxMjM1OTU5WjCBizELMAkGA1UEBhMCWkExFTAT
-BgNVBAgTDFdlc3Rlcm4gQ2FwZTEUMBIGA1UEBxMLRHVyYmFudmlsbGUxDzAN
-BgNVBAoTBlRoYXd0ZTEdMBsGA1UECxMUVGhhd3RlIENlcnRpZmljYXRpb24x
-HzAdBgNVBAMTFlRoYXd0ZSBUaW1lc3RhbXBpbmcgQ0EwgZ8wDQYJKoZIhvcN
-AQEBBQADgY0AMIGJAoGBANYrWHhhRYZT6jR7UZztsOYuGA7+4F+oJ9O0yeB8
-WU4WDnNUYMF/9p8u6TqFJBU820cEY8OexJQaWt9MevPZQx08EHp5JduQ/vBR
-5zDWQQD9nyjfeb6Uu522FOMjhdepQeBMpHmwKxqL8vg7ij5FrHGSALSQQZj7
-X+36ty6K+Ig3AgMBAAGjEzARMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcN
-AQEEBQADgYEAZ9viwuaHPUCDhjc1fR/OmsMMZiCouqoEiYbC9RAIDb/LogWK
-0E02PvTX72nGXuSwlG9KuefeW4i2e9vjJ+V2w/A1wcu1J5szedyQpgCed/r8
-zSeUQhac0xxo7L9c3eWpexAKMnRUEzGLhQOEkbdYATAUOK8oyvyxUBkZCayJ
-SdM=
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/Txc3x9cx42xC4xB0TAK_UEKAE_KxC3xB6k_Sertifika_Hizmet_SaxC4x9Flayxc4xb1x63xc4xb1sxc4xb1_-_SxC3xBCrxC3xBCm_3.crt b/cert-validity/mozilla/builtin-certs/Txc3x9cx42xC4xB0TAK_UEKAE_KxC3xB6k_Sertifika_Hizmet_SaxC4x9Flayxc4xb1x63xc4xb1sxc4xb1_-_SxC3xBCrxC3xBCm_3.crt
deleted file mode 100644
index 72060a90c65f..000000000000
--- a/cert-validity/mozilla/builtin-certs/Txc3x9cx42xC4xB0TAK_UEKAE_KxC3xB6k_Sertifika_Hizmet_SaxC4x9Flayxc4xb1x63xc4xb1sxc4xb1_-_SxC3xBCrxC3xBCm_3.crt
+++ /dev/null
@@ -1,32 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFFzCCA/+gAwIBAgIBETANBgkqhkiG9w0BAQUFADCCASsxCzAJBgNVBAYT
-AlRSMRgwFgYDVQQHDA9HZWJ6ZSAtIEtvY2FlbGkxRzBFBgNVBAoMPlTDvHJr
-aXllIEJpbGltc2VsIHZlIFRla25vbG9qaWsgQXJhxZ90xLFybWEgS3VydW11
-IC0gVMOcQsSwVEFLMUgwRgYDVQQLDD9VbHVzYWwgRWxla3Ryb25payB2ZSBL
-cmlwdG9sb2ppIEFyYcWfdMSxcm1hIEVuc3RpdMO8c8O8IC0gVUVLQUUxIzAh
-BgNVBAsMGkthbXUgU2VydGlmaWthc3lvbiBNZXJrZXppMUowSAYDVQQDDEFU
-w5xCxLBUQUsgVUVLQUUgS8O2ayBTZXJ0aWZpa2EgSGl6bWV0IFNhxJ9sYXnE
-sWPEsXPEsSAtIFPDvHLDvG0gMzAeFw0wNzA4MjQxMTM3MDdaFw0xNzA4MjEx
-MTM3MDdaMIIBKzELMAkGA1UEBhMCVFIxGDAWBgNVBAcMD0dlYnplIC0gS29j
-YWVsaTFHMEUGA1UECgw+VMO8cmtpeWUgQmlsaW1zZWwgdmUgVGVrbm9sb2pp
-ayBBcmHFn3TEsXJtYSBLdXJ1bXUgLSBUw5xCxLBUQUsxSDBGBgNVBAsMP1Vs
-dXNhbCBFbGVrdHJvbmlrIHZlIEtyaXB0b2xvamkgQXJhxZ90xLFybWEgRW5z
-dGl0w7xzw7wgLSBVRUtBRTEjMCEGA1UECwwaS2FtdSBTZXJ0aWZpa2FzeW9u
-IE1lcmtlemkxSjBIBgNVBAMMQVTDnELEsFRBSyBVRUtBRSBLw7ZrIFNlcnRp
-ZmlrYSBIaXptZXQgU2HEn2xhecSxY8Sxc8SxIC0gU8O8csO8bSAzMIIBIjAN
-BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAim1L/xCIOsP2fpTo6iBkcK4h
-gb46ezzb8R1Sf1n68yJMlaCQvEhOEav7t7WNeoMojCZG2E6VQIdhn8WebYGH
-V2yKO7Rm6sxA/OOqbLLLAdsyv9Lrhc+hDVXDWzhXcLh1xnnRFDDtG1hba+81
-8qEhTsXOfJlfbLm4IpNQp81McGq+agV/E5wrHur+R84EpW+sky58K5+eeROR
-6Oqeyjh1jmKwlZMq5d/pXpduIF9fhHpEORlAHLpVK/swsoHvhOPc7Jg4OQOF
-CKlUAwUp8MmPi+oLhmUZEdPpCSPeaJMDyTYcIW7OjGbxmTDY17PDHfiBLqi9
-ggtm/oLL4eAagsNAgQIDAQABo0IwQDAdBgNVHQ4EFgQUvYiHyY/2pAoLquvF
-/pEjnatKijIwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJ
-KoZIhvcNAQEFBQADggEBAB18+kmPNOm3JpIWmgV050vQbTlswyb2zrgxvMTf
-vCr4N5EY3ATIZJkrGG2AA1nJrvhY0D7twyOfaTyGOBye79oneNGEN3GKPEs5
-z35FBtYt2IpNeBLWrcLTy9LQQfMmNkqblWwM7uXRQydmwYj3erMgbOqwaSvH
-IOgMA8RBBZniP+Rr+KCGgceExh/VS4ESshYhLBOhgLJeDEoTniDYYkCrkOpk
-Si+sDQESeUWoL4cZaMjihccwsnX5OD+ywJO0a+IDRM5noN+J1q2MdqMTw5Rh
-K2vZbMEHCiIHhWyFJEapvj+LeISCfiQMnf2BN+MlqO02TpUsyZyQ2uypQjyt
-tgI=
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/UTN-USER_First-Network_Applications.crt b/cert-validity/mozilla/builtin-certs/UTN-USER_First-Network_Applications.crt
deleted file mode 100644
index 48568f0e921f..000000000000
--- a/cert-validity/mozilla/builtin-certs/UTN-USER_First-Network_Applications.crt
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEZDCCA0ygAwIBAgIQRL4Mi1AAJLQR0zYwS8AzdzANBgkqhkiG9w0BAQUF
-ADCBozELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0
-IExha2UgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEw
-HwYDVQQLExhodHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xKzApBgNVBAMTIlVU
-Ti1VU0VSRmlyc3QtTmV0d29yayBBcHBsaWNhdGlvbnMwHhcNOTkwNzA5MTg0
-ODM5WhcNMTkwNzA5MTg1NzQ5WjCBozELMAkGA1UEBhMCVVMxCzAJBgNVBAgT
-AlVUMRcwFQYDVQQHEw5TYWx0IExha2UgQ2l0eTEeMBwGA1UEChMVVGhlIFVT
-RVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExhodHRwOi8vd3d3LnVzZXJ0cnVz
-dC5jb20xKzApBgNVBAMTIlVUTi1VU0VSRmlyc3QtTmV0d29yayBBcHBsaWNh
-dGlvbnMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCz+5Gh5DZV
-hawGNFugmliy+LUPBXeDrjKxdpJo7CNKyXY/45y2N3kDuatpjQclthln5LAb
-GHNhSuh+zdMvZOOmfAz6F4CjDUeJT1FxL+78P/m4FoCHiZMlIJpDgmkkdihZ
-NaEdwH+DBmQWICzTSaSFtMBhf1EI+GgVkYDLpdXuOzr0hAReYFmnjDRy7rh4
-xdE7EkpvfmUnuaRVxblvQ6TFHSyZwFKkeEwVs0CYCGtDxgGwenv1axwiP8vv
-/6jQOkt2FZ7S0cYu49tXGzKiuG/ohqY/cKvlcJKrRB5AUPuco2LkbG6gyN7i
-gEL66S/ozjIEj3yNtxyjNTwV3Z7DrpelAgMBAAGjgZEwgY4wCwYDVR0PBAQD
-AgHGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFPqGydvguul49Uuo1hXf
-8NPhahQ8ME8GA1UdHwRIMEYwRKBCoECGPmh0dHA6Ly9jcmwudXNlcnRydXN0
-LmNvbS9VVE4tVVNFUkZpcnN0LU5ldHdvcmtBcHBsaWNhdGlvbnMuY3JsMA0G
-CSqGSIb3DQEBBQUAA4IBAQCk8yXM0dSRgyLQzDKrm5ZONJFUICU0YV8qAhXh
-i6r/fWRRzwr/vH3YIWp4yy9Rb/hCHTO967V7lMPDqaAt39EpHx3+jz+7qEUq
-f9FuVSTiuwL7MT++6LzsQCv4AdRWOOTKRIK1YSAhZ2X28AvnNPilwpyjXEAf
-hZOVBt5P1CeptqX8Fs1zMT+4ZSfP1FMa8Kxun08FDAOBp4QpxFq9ZFdyrTvP
-NximmMatBrTcCKME1SmklpoSZ0qMYEWd8SOasACcaLWYUNPvji6SZbFIPiG+
-FTAqDbUMo2s/rn9X9R+WfN9v3YIwLGUbQErNaLly7HF27FSOH4UMAWr6pjis
-H8SE
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/UTN_DATACorp_SGC_Root_CA.crt b/cert-validity/mozilla/builtin-certs/UTN_DATACorp_SGC_Root_CA.crt
deleted file mode 100644
index 2f61bb0e43b6..000000000000
--- a/cert-validity/mozilla/builtin-certs/UTN_DATACorp_SGC_Root_CA.crt
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEXjCCA0agAwIBAgIQRL4Mi1AAIbQR0ypoBqmtaTANBgkqhkiG9w0BAQUF
-ADCBkzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0
-IExha2UgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEw
-HwYDVQQLExhodHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xGzAZBgNVBAMTElVU
-TiAtIERBVEFDb3JwIFNHQzAeFw05OTA2MjQxODU3MjFaFw0xOTA2MjQxOTA2
-MzBaMIGTMQswCQYDVQQGEwJVUzELMAkGA1UECBMCVVQxFzAVBgNVBAcTDlNh
-bHQgTGFrZSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsx
-ITAfBgNVBAsTGGh0dHA6Ly93d3cudXNlcnRydXN0LmNvbTEbMBkGA1UEAxMS
-VVROIC0gREFUQUNvcnAgU0dDMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
-CgKCAQEA3+5YEKIrblXEjr8uRgnn4AgPLit6E5Qbvfa2gI5lBZMAHryv4g+O
-GQ0SR+ysraP6LnD43m77VkIVni5c7yPeIbkFdicZD0/Ww5y0vpQZY/KmEQrr
-U0icvvIpOxboGqBMpsn0GFlowHDyUwDAXlCCpVZvNvlK4ESGoE1O1kduSUrL
-Z9emxAW5jh70/P/N5zbgnAVssjMiFdC04MwXwLLA9P4yPykqlXvY8qdOD1R8
-oQ2AswkDwf9c3V6aPryuvEeKaq5xyh+xKrhfQgUL7EYw0XILyulWbfXv33i+
-Ybqypa4ETLyorGkVl73v67SMvzX41MPRKA5cOp9wGDMgd8SirwIDAQABo4Gr
-MIGoMAsGA1UdDwQEAwIBxjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRT
-MtGzz3/64PGgXYVOktKeRR20TzA9BgNVHR8ENjA0MDKgMKAuhixodHRwOi8v
-Y3JsLnVzZXJ0cnVzdC5jb20vVVROLURBVEFDb3JwU0dDLmNybDAqBgNVHSUE
-IzAhBggrBgEFBQcDAQYKKwYBBAGCNwoDAwYJYIZIAYb4QgQBMA0GCSqGSIb3
-DQEBBQUAA4IBAQAnNZcAiosovcYzMB4p/OL31ZjUQLtgyr+rFywJNn9Q+kHc
-rpY6CiM+iVnJowftGzet/Hy+UUla3joKVAgWRcKZsYfNjGjgaQPpxE6YsjuM
-FrMOoAyYUJuTqXAJyCyjj98C5OBxOvG0I3KgqgHf35g+FFCgMSa9KOlaMCZ1
-+XtgHI3zzVAmbQQnmt/VDUVHKWss5nbZqSl9Mt3JNjy9rjXxEZ4du5A/EkdO
-jtd+D2JzHVImOBwYSf0wdJrE5SIv2MCN7ZF6TACPcn9d2t0bi0Vr591pl6jF
-VkwPDPafepE39peC4N1xaf92P2BNPM/3mfnGV/TJVTl4uix5yaaIK/QI
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/UTN_USERFirst_Email_Root_CA.crt b/cert-validity/mozilla/builtin-certs/UTN_USERFirst_Email_Root_CA.crt
deleted file mode 100644
index d21b75083472..000000000000
--- a/cert-validity/mozilla/builtin-certs/UTN_USERFirst_Email_Root_CA.crt
+++ /dev/null
@@ -1,29 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEojCCA4qgAwIBAgIQRL4Mi1AAJLQR0zYlJWfJiTANBgkqhkiG9w0BAQUF
-ADCBrjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0
-IExha2UgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEw
-HwYDVQQLExhodHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xNjA0BgNVBAMTLVVU
-Ti1VU0VSRmlyc3QtQ2xpZW50IEF1dGhlbnRpY2F0aW9uIGFuZCBFbWFpbDAe
-Fw05OTA3MDkxNzI4NTBaFw0xOTA3MDkxNzM2NThaMIGuMQswCQYDVQQGEwJV
-UzELMAkGA1UECBMCVVQxFzAVBgNVBAcTDlNhbHQgTGFrZSBDaXR5MR4wHAYD
-VQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxITAfBgNVBAsTGGh0dHA6Ly93
-d3cudXNlcnRydXN0LmNvbTE2MDQGA1UEAxMtVVROLVVTRVJGaXJzdC1DbGll
-bnQgQXV0aGVudGljYXRpb24gYW5kIEVtYWlsMIIBIjANBgkqhkiG9w0BAQEF
-AAOCAQ8AMIIBCgKCAQEAsjmFpPJ9q0E7YkY3rs3BYHW8OWX5ShpHornMSMxq
-mNVNNRm5pELlzkniii8efNIxB8dOtINknS4p1aJkxIW9hVE1eaROaJB7HHqk
-kqgX8pgV8pPMyaQylbsMTzC9mKALi+VuG6JG+ni8om+rWV6lL8/K2m2qL+us
-obNqqrcuZzWLeeEeaYji5kbNoKXqvgvOdjp6Dpvq/NonWz1zHyLmSGHGTPNp
-saguG7bUMSAsvIKKjqQOpdeJQ/wWWq8dcdcRWdq6hw2v+vPhwvCkxWeM1tZU
-Ot4KpLoDd7NlyP0e03RiqhjKaJMeoYV+9Udly/hNVyh00jT/MLbu9mIwFIws
-6wIDAQABo4G5MIG2MAsGA1UdDwQEAwIBxjAPBgNVHRMBAf8EBTADAQH/MB0G
-A1UdDgQWBBSJgmd9xJ0mcABLtFBIfN49rgRufTBYBgNVHR8EUTBPME2gS6BJ
-hkdodHRwOi8vY3JsLnVzZXJ0cnVzdC5jb20vVVROLVVTRVJGaXJzdC1DbGll
-bnRBdXRoZW50aWNhdGlvbmFuZEVtYWlsLmNybDAdBgNVHSUEFjAUBggrBgEF
-BQcDAgYIKwYBBQUHAwQwDQYJKoZIhvcNAQEFBQADggEBALFtYV2mGn98q0rk
-MPxTbyUkxsrt4jFcKw7u7mFVbwQ+zznexRtJlOTrIEy05p5QLnLZjfWqo7NK
-2lYcYJeA3IKirUq9iiv/Cwm0xtcgBEXkzYABurorbs6q15L+5K/r9CYdFip/
-bDCVNy8zEqx/3cfREYxRmLLQo5HQrfafnoOTHh1CuEava2bwm3/q4wMC5QJR
-warVNZ1yQAOJujEdxRBoUp7fooXFXAimeOZTT7Hot9MUnpOmw2TjrH5xzbyf
-6QMbzPvprDHBr3wVdAKZw7JHpsIyYdfHb0gkUSeh1YdV8nuPmD0Wnu51tvjQ
-jvLzxq4oW6fw8zYX/MMF08oDSlQ=
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/UTN_USERFirst_Hardware_Root_CA.crt b/cert-validity/mozilla/builtin-certs/UTN_USERFirst_Hardware_Root_CA.crt
deleted file mode 100644
index 4383399e3bce..000000000000
--- a/cert-validity/mozilla/builtin-certs/UTN_USERFirst_Hardware_Root_CA.crt
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEdDCCA1ygAwIBAgIQRL4Mi1AAJLQR0zYq/mUK/TANBgkqhkiG9w0BAQUF
-ADCBlzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0
-IExha2UgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEw
-HwYDVQQLExhodHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xHzAdBgNVBAMTFlVU
-Ti1VU0VSRmlyc3QtSGFyZHdhcmUwHhcNOTkwNzA5MTgxMDQyWhcNMTkwNzA5
-MTgxOTIyWjCBlzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQH
-Ew5TYWx0IExha2UgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3
-b3JrMSEwHwYDVQQLExhodHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xHzAdBgNV
-BAMTFlVUTi1VU0VSRmlyc3QtSGFyZHdhcmUwggEiMA0GCSqGSIb3DQEBAQUA
-A4IBDwAwggEKAoIBAQCx98M4P7Sof885glFn0G2f0v9Y8+efK+wNiVSZuTiZ
-FvfgIXlIwrthdBKWHTxqctU8EGc6Oe0rE81m65UJM6Rsl7HoxuzBdXmcRl6N
-q9Bq/bkqVRcQVLMZ8Jr28bFdtqdt++BxF2uiiPsA3/4aMXcMmgF6sTLjKwEH
-OG7DpV4jvEWbe1DByTCP2+UretNb+zNAHqDVmBe8i4fDidNdoI6yqqr2jmmI
-BsX6iSHzCJ1pLgkzmykNRg+MzEk0sGlRvfkGzWitZky8PqxhvQqIDsjfPe58
-BEydCl5rkdbux+0ojatNh4lz0G6k0B4WixThdkQDf2Os5M1JnMWS9KsyoUhb
-AgMBAAGjgbkwgbYwCwYDVR0PBAQDAgHGMA8GA1UdEwEB/wQFMAMBAf8wHQYD
-VR0OBBYEFKFyXyYbKJhDlV0HN9WFlp1L0sNFMEQGA1UdHwQ9MDswOaA3oDWG
-M2h0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9VVE4tVVNFUkZpcnN0LUhhcmR3
-YXJlLmNybDAxBgNVHSUEKjAoBggrBgEFBQcDAQYIKwYBBQUHAwUGCCsGAQUF
-BwMGBggrBgEFBQcDBzANBgkqhkiG9w0BAQUFAAOCAQEARxkP3nTGmZev/K0o
-XnWO6y1n7k57K9cM//bey1WiCuFMVGWTYGufEpytXoMs61quwOQt9ABjHbjA
-bPLPSbtNk28GpgoiskliCE7/yMgUsogWXecB5BKV5UU0s4tpvc+0hY91UZ59
-Ojg6FEgSxvunOxqNDYJAB+gECJChicsZUN/KHAG8HQQZexB2lzvukJDKxA4f
-Fm517zP4029bHpbj4HR3dHuKom4t3XbWOTCC8KucUvIqx69JXn7HaOWCgchq
-J/kniCrVWFCVH/A7HFe7fRQ5YiuayZSSKqMiDP+JJn1fIytH1xUdqWqeUQ0q
-UZ6B+dQ7XnASfxAynB67nfhmqA==
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/UTN_USERFirst_Object_Root_CA.crt b/cert-validity/mozilla/builtin-certs/UTN_USERFirst_Object_Root_CA.crt
deleted file mode 100644
index 6df9e7889b4b..000000000000
--- a/cert-validity/mozilla/builtin-certs/UTN_USERFirst_Object_Root_CA.crt
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEZjCCA06gAwIBAgIQRL4Mi1AAJLQR0zYt4LNfGzANBgkqhkiG9w0BAQUF
-ADCBlTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0
-IExha2UgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEw
-HwYDVQQLExhodHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xHTAbBgNVBAMTFFVU
-Ti1VU0VSRmlyc3QtT2JqZWN0MB4XDTk5MDcwOTE4MzEyMFoXDTE5MDcwOTE4
-NDAzNlowgZUxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJVVDEXMBUGA1UEBxMO
-U2FsdCBMYWtlIENpdHkxHjAcBgNVBAoTFVRoZSBVU0VSVFJVU1QgTmV0d29y
-azEhMB8GA1UECxMYaHR0cDovL3d3dy51c2VydHJ1c3QuY29tMR0wGwYDVQQD
-ExRVVE4tVVNFUkZpcnN0LU9iamVjdDCCASIwDQYJKoZIhvcNAQEBBQADggEP
-ADCCAQoCggEBAM6qgT+jo2F4qjEAVZURnicPHxzfOpuCaDDASmEd8S8O+r55
-96Uj71VRloTN2+O5bj4x2AogZ8f02b+U60cEPgLOKqJdhwQJ9jCdGIqXsqoc
-/EHSoTbL+z2RuufZcDX65OeQw5ujm9M89RKZd7G3CeBo5hy485RjiGpq/gt2
-yb70IuRnuasaXnfBhQfdDWy/7gbHd2pBnqcP1/vulBe3/IW+pKvEHDHd17bR
-5PDv3xaPslKT16HUiaEHLr/hARJCHhrh2JU022R5KP+6LhHC5ehbkkj7RwvC
-bNqtMoNB86XlQXD9ZZBt+vpRxPm9lisZBCzTbafc8H9vg2XiaquHhnUCAwEA
-AaOBrzCBrDALBgNVHQ8EBAMCAcYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4E
-FgQU2u1kdBScFDyr3ZmpvVsoTYs8ydgwQgYDVR0fBDswOTA3oDWgM4YxaHR0
-cDovL2NybC51c2VydHJ1c3QuY29tL1VUTi1VU0VSRmlyc3QtT2JqZWN0LmNy
-bDApBgNVHSUEIjAgBggrBgEFBQcDAwYIKwYBBQUHAwgGCisGAQQBgjcKAwQw
-DQYJKoZIhvcNAQEFBQADggEBAAgfUrE3RHjb/c652pWWmKpVZIC1WkDdIaXF
-wfNfLEzIR1pp6ujwNTX00CXzyKakh0q9G7FzCL3Uw8q2NbtZhncxzaeAFK4T
-7/yxSPlrJSUtUbYsbUXBmMiKVl0+7kNOPmsnjtA6S4ULX9Ptaqd1y9Fahy85
-dRNacrACgZ++8A+EVCBibGnU4U3GDZlDAQ0Slox4nb9QorFEqmrPF3rPbw/U
-+CRVX/A0FklmPlBGyWNxODFiuGK581OtbLUrohKqGU8J2l7nk8aOFAj+8DCA
-GKCGhU3IfdeLA/5u1fedFqySLKAj5ZyRUh+U3xeUc8OzwcFxBSAAeL0TUh2o
-Ps0AH8g=
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/ValiCert_Class_1_VA.crt b/cert-validity/mozilla/builtin-certs/ValiCert_Class_1_VA.crt
deleted file mode 100644
index e12d0b8fc917..000000000000
--- a/cert-validity/mozilla/builtin-certs/ValiCert_Class_1_VA.crt
+++ /dev/null
@@ -1,19 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIC5zCCAlACAQEwDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcTG1ZhbGlD
-ZXJ0IFZhbGlkYXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIElu
-Yy4xNTAzBgNVBAsTLFZhbGlDZXJ0IENsYXNzIDEgUG9saWN5IFZhbGlkYXRp
-b24gQXV0aG9yaXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZhbGljZXJ0LmNv
-bS8xIDAeBgkqhkiG9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMB4XDTk5MDYy
-NTIyMjM0OFoXDTE5MDYyNTIyMjM0OFowgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0
-IFZhbGlkYXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4x
-NTAzBgNVBAsTLFZhbGlDZXJ0IENsYXNzIDEgUG9saWN5IFZhbGlkYXRpb24g
-QXV0aG9yaXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZhbGljZXJ0LmNvbS8x
-IDAeBgkqhkiG9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMIGfMA0GCSqGSIb3
-DQEBAQUAA4GNADCBiQKBgQDYWYJ6ibiWuqYvaG9YLqdUHAZu9OqNSLwxlBfw
-8068srg1knaw0KWlAdcAAxIiGQj4/xEjm84H9b9pGib+TunRf50sQB1ZaG6m
-+FiwnRqP0z/x3BkGgagO4DrdyFNFCQbmD3DD+kCmDuJWBQ8YTfwggtFzVXSN
-dnKgHZ0dwN0/cQIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAFBoPUn0LBwGlN+V
-YH+Wexf+T3GtZMjdd9LvWVXoP+iOBSoh8gfStadS/pyxtuJbdxdA6nLWI8so
-gTLDAHkY7FkXicnGah5xyf23dKUlRWnFSKsZ4UWKJWsZ7uW7EvV/96aNUcPw
-nXS3qT6gpf+2SQMT2iLM7XGCK5nPOrf1LXLI
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/ValiCert_Class_2_VA.crt b/cert-validity/mozilla/builtin-certs/ValiCert_Class_2_VA.crt
deleted file mode 100644
index 52e095208a4b..000000000000
--- a/cert-validity/mozilla/builtin-certs/ValiCert_Class_2_VA.crt
+++ /dev/null
@@ -1,19 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIC5zCCAlACAQEwDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcTG1ZhbGlD
-ZXJ0IFZhbGlkYXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIElu
-Yy4xNTAzBgNVBAsTLFZhbGlDZXJ0IENsYXNzIDIgUG9saWN5IFZhbGlkYXRp
-b24gQXV0aG9yaXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZhbGljZXJ0LmNv
-bS8xIDAeBgkqhkiG9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMB4XDTk5MDYy
-NjAwMTk1NFoXDTE5MDYyNjAwMTk1NFowgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0
-IFZhbGlkYXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4x
-NTAzBgNVBAsTLFZhbGlDZXJ0IENsYXNzIDIgUG9saWN5IFZhbGlkYXRpb24g
-QXV0aG9yaXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZhbGljZXJ0LmNvbS8x
-IDAeBgkqhkiG9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMIGfMA0GCSqGSIb3
-DQEBAQUAA4GNADCBiQKBgQDOOnHK5avIWZJV16vYdA757tn2VUdZZUcOBVXc
-65g2PFxTXdMwzzjsvUGJ7SVCCSRrCl6zfN1SLUzm1NZ9WlmpZdRJEy0kTRxQ
-b7XBhVQ7/nHk01xC+YDgkRoKWzk2Z/M/VXwbP7RfZHM047QSv4dk+NoS/zcn
-wbNDu+97bi5p9wIDAQABMA0GCSqGSIb3DQEBBQUAA4GBADt/UG9vUJSZSWI4
-OB9L+KXIPqeCgfYrx+jFzug6EILLGACOTb2oWH+heQC1u+mNr0HZDzTuIYEZ
-oDJJKPTEjlbVUjP9UNV+mWwD5MlM/Mtsq2azSiGM5bUMMj4QssxsodyamEwC
-W/POuZ6lcg5Ktz885hZo+L7tdEy8W9ViH0Pd
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G4.crt b/cert-validity/mozilla/builtin-certs/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G4.crt
deleted file mode 100644
index ed3f87831c37..000000000000
--- a/cert-validity/mozilla/builtin-certs/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G4.crt
+++ /dev/null
@@ -1,23 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDhDCCAwqgAwIBAgIQL4D+I4wOIg9IZxIokYesszAKBggqhkjOPQQDAzCB
-yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYD
-VQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAw
-NyBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUw
-QwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRp
-ZmljYXRpb24gQXV0aG9yaXR5IC0gRzQwHhcNMDcxMTA1MDAwMDAwWhcNMzgw
-MTE4MjM1OTU5WjCByjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWdu
-LCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYD
-VQQLEzEoYykgMjAwNyBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVk
-IHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQ
-cmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzQwdjAQBgcqhkjO
-PQIBBgUrgQQAIgNiAASnVnp8Utpkmw4tXNherJI9/gHmGUo9FANL+mAnINmD
-iWn6VMaaGF5VKmTeBvaNSjutEDxlPZCIBIngMGGzrl0Bp3vefLK+ymVhAIau
-2o970ImtTR1ZmkGxvEeA3J5iw/mjgbIwga8wDwYDVR0TAQH/BAUwAwEB/zAO
-BgNVHQ8BAf8EBAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1h
-Z2UvZ2lmMCEwHzAHBgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYj
-aHR0cDovL2xvZ28udmVyaXNpZ24uY29tL3ZzbG9nby5naWYwHQYDVR0OBBYE
-FLMWkf3upm7ktS5Jj4d4gYDs5bG1MAoGCCqGSM49BAMDA2gAMGUCMGYhDBgm
-YFo4e1ZC4Kf8NoRRkSAsdk1DPcQdhCPQrNZ8NQbOzWm9kA3bbEhCHQ6qQgIx
-AJw9SDkjOVgaFRJZap7v1VmyHVIsmXHNxynfGyphe3HR3vPA5Q06Sqotp9iG
-Kt0uEA==
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.crt b/cert-validity/mozilla/builtin-certs/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.crt
deleted file mode 100644
index ac020205f099..000000000000
--- a/cert-validity/mozilla/builtin-certs/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.crt
+++ /dev/null
@@ -1,30 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIE0zCCA7ugAwIBAgIQGNrRniZ96LtKIVjNzGs7SjANBgkqhkiG9w0BAQUF
-ADCByjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8w
-HQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykg
-MjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5
-MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENl
-cnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzUwHhcNMDYxMTA4MDAwMDAwWhcN
-MzYwNzE2MjM1OTU5WjCByjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlT
-aWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTow
-OAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3Jp
-emVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAzIFB1Ymxp
-YyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzUwggEiMA0G
-CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvJAgIKXo1nmAMqudLO07cfLw8
-RRy7K+D+KQL5VwijZIUVJ/XxrcgxiV0i6CqqpkKzj/i5Vbext0uz/o9+B1fs
-70PbZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6/WhkcIzSdhDY2pS
-S9KP6HBRTdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQGBO+Q
-ueQA5N06tRn/Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+
-rCpSx4/VBEnkjWNHiDxpg8v+R70rfk/Fla4OndTRQ8Bnc+MUCH7lP59zuDMK
-z10/NIeWiu5T6CUVAgMBAAGjgbIwga8wDwYDVR0TAQH/BAUwAwEB/zAOBgNV
-HQ8BAf8EBAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2Uv
-Z2lmMCEwHzAHBgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0
-cDovL2xvZ28udmVyaXNpZ24uY29tL3ZzbG9nby5naWYwHQYDVR0OBBYEFH/T
-ZafC3ey78DAJ80M5+gKvMzEzMA0GCSqGSIb3DQEBBQUAA4IBAQCTJEowX2LP
-2BqYLz3q3JktvXf2pXkiOOzEp6B4Eq1iDkVwZMXnl2YtmAl+X6/WzChl8gGq
-CBpH3vn5fJJaCGkgDdk+bW48DW7Y5gaRQBi5+MHt39tBquCWIMnNZBU4gcmU
-7qKEKQsTb47bDN0lAtukixlE0kF6BWlKWE9gyn6CagsCqiUXObXbf+eEZSqV
-ir2G3l6BFoMtEMze/aiCKm0oHw0LxOXnGiYZ4fQRbxC1lfznQgUy286dUV4o
-tp6F01vvpX1FQHKOtw5rDgb7MzVIcbidJ4vEZV8NhnacRHr2lVz2XTIIM6RU
-thg/aFzyQkqFOFSDX9HoLPKsEdao7WNq
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/VeriSign_Universal_Root_Certification_Authority.crt b/cert-validity/mozilla/builtin-certs/VeriSign_Universal_Root_Certification_Authority.crt
deleted file mode 100644
index 08d80440b2f7..000000000000
--- a/cert-validity/mozilla/builtin-certs/VeriSign_Universal_Root_Certification_Authority.crt
+++ /dev/null
@@ -1,29 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEuTCCA6GgAwIBAgIQQBrEZCGzEyEDDrvkEhrFHTANBgkqhkiG9w0BAQsF
-ADCBvTELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8w
-HQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykg
-MjAwOCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5
-MTgwNgYDVQQDEy9WZXJpU2lnbiBVbml2ZXJzYWwgUm9vdCBDZXJ0aWZpY2F0
-aW9uIEF1dGhvcml0eTAeFw0wODA0MDIwMDAwMDBaFw0zNzEyMDEyMzU5NTla
-MIG9MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAd
-BgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAy
-MDA4IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkx
-ODA2BgNVBAMTL1ZlcmlTaWduIFVuaXZlcnNhbCBSb290IENlcnRpZmljYXRp
-b24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
-x2E3XrEBNNti1xWb/1hajCMj1mCOkdeQmIN65lgZOIzF9uVkhbSicfvtvbna
-zU0AtMgtc6XHaXGVHzk8skQHnOgO+k1KxCHfKWGPMiJhgsWHH26MfF8WIFFE
-0XBPV+rjHOPMee5Y2A7Cs0WTwCznmhcrewA3ekEzeOEz4vMQGn+HLL729fdC
-4uW/h2KJXwBL38Xd5HVEMkE6HnFuacsLdUYI0crSK5XQz/u5QGtkjFdN/BMR
-eYTtXlT2NJ8IAfMQJQYXStrxHXpma5hgZqTZ79IugvHw7wnqRMkVauIDbjPT
-rJ9VAMf2CGqUuV/c4DPxhGD5WycRtPwW8rtWaoAljQIDAQABo4GyMIGvMA8G
-A1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMG0GCCsGAQUFBwEMBGEw
-X6FdoFswWTBXMFUWCWltYWdlL2dpZjAhMB8wBwYFKw4DAhoEFI/l0xqGrI2O
-a8PPgGrUSBgsexkuMCUWI2h0dHA6Ly9sb2dvLnZlcmlzaWduLmNvbS92c2xv
-Z28uZ2lmMB0GA1UdDgQWBBS2d/ppSEefUxLVwuoHMnYH0ZcHGTANBgkqhkiG
-9w0BAQsFAAOCAQEASvj4sAPmLGd75JR3Y8xuTPl9Dg3cyLk1uXBPY/ok+myD
-jEedO2Pzmvl2MpWRsXe8rJq+seQxIcaBlVZaDrHC1LGmWazxY8u4TB1ZkErv
-kBYoH1quEPuBUDgMbMzxPcP1Y+Oz4yHJJDnp/RVmRvQbEdBNc6N9Rvk97ahf
-YtTxP/jgdFcrGJ2BtMQo2pSXpXDrrB2+BxHw1dvd5Yzw1TKwg+ZX4o+/vqGq
-vz0dtdQ46tewXDpPaj+PwGZsY6rp2aQW9IHRlRQOfc2VNNnSj3BzgXucfr2Y
-YdhFh5iQxeuGMMY1v/D/w1WIg0vvBZIGcfK4mJO37M2CYfE45k+XmCpajQ==
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/Verisign_Class_1_Public_Primary_Certification_Authority.crt b/cert-validity/mozilla/builtin-certs/Verisign_Class_1_Public_Primary_Certification_Authority.crt
deleted file mode 100644
index 7e61f51e4b0e..000000000000
--- a/cert-validity/mozilla/builtin-certs/Verisign_Class_1_Public_Primary_Certification_Authority.crt
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICPDCCAaUCED9pHoGc8JpK83P/uUii5N0wDQYJKoZIhvcNAQEFBQAwXzEL
-MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQL
-Ey5DbGFzcyAxIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9y
-aXR5MB4XDTk2MDEyOTAwMDAwMFoXDTI4MDgwMjIzNTk1OVowXzELMAkGA1UE
-BhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz
-cyAxIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGf
-MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDlGb9to1ZhLZlIcfZn3rmN67ee
-hoAKkQ76OCWvRoiC5XOooJskXQ0fzGVuDLDQVoQYh5oGmxChc9+0WDlrbsH2
-FdWoqD+qEgaNMax/sDTXjzRniAnNFBHiTkVWaR94AoDa3EeRKbs2yWNcxeDX
-LYd7obcysHswuiovMaruo2fa2wIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAFgV
-KTk8d6PaXCUDfGD67gmZPCcQcMgMCeazh88K4hiWNWLMv5sneYlfycQJ9M61
-Hd8qveXbhpxoJeUwfLaJFf5n0a3hUKw8fGJLj7qE1xIVGx/KXQ/BUpQqEZna
-e88MNhPVNdwQGVnqlMEAv3WP2fr9dgTbYruQagPZRjXZ+Hxb
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/Verisign_Class_1_Public_Primary_Certification_Authority_-_G2.crt b/cert-validity/mozilla/builtin-certs/Verisign_Class_1_Public_Primary_Certification_Authority_-_G2.crt
deleted file mode 100644
index 58d7b184ba2b..000000000000
--- a/cert-validity/mozilla/builtin-certs/Verisign_Class_1_Public_Primary_Certification_Authority_-_G2.crt
+++ /dev/null
@@ -1,20 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDAjCCAmsCEEzH6qqYPnHTkxD4PTqJkZIwDQYJKoZIhvcNAQEFBQAwgcEx
-CzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UE
-CxMzQ2xhc3MgMSBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhv
-cml0eSAtIEcyMTowOAYDVQQLEzEoYykgMTk5OCBWZXJpU2lnbiwgSW5jLiAt
-IEZvciBhdXRob3JpemVkIHVzZSBvbmx5MR8wHQYDVQQLExZWZXJpU2lnbiBU
-cnVzdCBOZXR3b3JrMB4XDTk4MDUxODAwMDAwMFoXDTI4MDgwMTIzNTk1OVow
-gcExCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoG
-A1UECxMzQ2xhc3MgMSBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1
-dGhvcml0eSAtIEcyMTowOAYDVQQLEzEoYykgMTk5OCBWZXJpU2lnbiwgSW5j
-LiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MR8wHQYDVQQLExZWZXJpU2ln
-biBUcnVzdCBOZXR3b3JrMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCq
-0Lq+Fi24g9TK0g+8djHKlNgdk4xWArzZbxpvUjZudVYKVdPfQ4chEWWKfo+9
-Id5rMj8bhDSVBZ1BNeuS65bdqlk/AVNtmU/t5eIqWpDBucSmFc/IReumXY6c
-PvBkJHalzasab7bYe1FhbqZ/h8jit+U03EGI6glAvnOSPWvndQIDAQABMA0G
-CSqGSIb3DQEBBQUAA4GBAKlPww3HZ74sy9mozS11534Vnjty637rXC0Jh9Zr
-bWB85a7FkCMMXErQr7Fd88e2CtvgFZMN3QO8x3aKtd1Pw5sTdbgBwObJW2ul
-uIncrKTdcu1OofdPvAbT6shkdHvClUGcZXNY8ZCaPGqxmMnEh7zPRW1F4m4i
-P/68DzFc6PLZ
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/Verisign_Class_1_Public_Primary_Certification_Authority_-_G3.crt b/cert-validity/mozilla/builtin-certs/Verisign_Class_1_Public_Primary_Certification_Authority_-_G3.crt
deleted file mode 100644
index e8b4d3dd3479..000000000000
--- a/cert-validity/mozilla/builtin-certs/Verisign_Class_1_Public_Primary_Certification_Authority_-_G3.crt
+++ /dev/null
@@ -1,26 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEGjCCAwICEQCLW3VWhFSFCwDPrzhIzrGkMA0GCSqGSIb3DQEBBQUAMIHK
-MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNV
-BAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5
-IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBD
-BgNVBAMTPFZlcmlTaWduIENsYXNzIDEgUHVibGljIFByaW1hcnkgQ2VydGlm
-aWNhdGlvbiBBdXRob3JpdHkgLSBHMzAeFw05OTEwMDEwMDAwMDBaFw0zNjA3
-MTYyMzU5NTlaMIHKMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24s
-IEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNV
-BAsTMShjKSAxOTk5IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQg
-dXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWduIENsYXNzIDEgUHVibGljIFBy
-aW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMzCCASIwDQYJKoZI
-hvcNAQEBBQADggEPADCCAQoCggEBAN2E1Lm0+afY8wR4nN493GwTFtl63SRR
-ZsDHJlkNrAYIwpTRMx/wgzUfbhvI3qpuFU5UJ+/EbRrsC+MO8ESlV8dAWB6j
-Rx9x7GD2bZTIGDnt/kIYVt/kTEkQeE4BdjVjEjbdZrwBBDajVWjVojYJrKsh
-JlQGrT/KFOCsyq0GHZXi+J3x4GD/wn91K0zM2v6HmSHquv4+VNfSWXjbPG7P
-oBMAGrgnoeS+Z5bKoMWznN3JdZ7rMJpfo83ZrngZPyPpXNspva1VyBtUjGP2
-6KbqxzcSXKMpHgLZ2x87tNcPVkeBFQRKr4Mn0cVYiMHd9qqnoxjaaKptEVHh
-v2Vrn5Z20T0CAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAq2aN17O6x5q25lXQ
-BfGfMY1aqtmqRiYPce2lrVNWYgFHKkTp/j90CxObufRNG7LRX7K20ohcs5/N
-y9Sn2WCVhDr4wTcdYcrnsMXlkdpUpqwxga6X3s0IrLjAl4B/bnKk52kTlWUf
-xJM8/XmPBNQ+T+r3ns7NZ3xPZQL/kYVUc8f/NveGLezQXk//EZ9yBta4GvFM
-DSZl4kSAHsef493oCtrspSCAaWihT37ha88HQfqDjrw43bAuEbFrskLMmrz5
-SCJ5ShkPshw+IHTZasO+8ih4E1Z5T21Q6huwtVexN2ZYI/PcD98Kh8TvhgXV
-OBRgmaNL3gaWcSzy27YfpO8/7g==
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/Verisign_Class_2_Public_Primary_Certification_Authority.crt b/cert-validity/mozilla/builtin-certs/Verisign_Class_2_Public_Primary_Certification_Authority.crt
deleted file mode 100644
index 61dd2c05b4a8..000000000000
--- a/cert-validity/mozilla/builtin-certs/Verisign_Class_2_Public_Primary_Certification_Authority.crt
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICPDCCAaUCEC0b/EoXjaOR6+f/9YtFvgswDQYJKoZIhvcNAQECBQAwXzEL
-MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQL
-Ey5DbGFzcyAyIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9y
-aXR5MB4XDTk2MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UE
-BhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz
-cyAyIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGf
-MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2WoujDWojg4BrzzmH9CETMwZM
-JaLtVRKXxaeAufqDwSCg+i8VDXyhYGt+eSz6Bg86rvYbb7HS/y8oUl+DfUvE
-erf4Zh+AVPy3wo5ZShRXRtGak75BkQO7FYCTXOvnzAhsPz6zSvz/S2wj1VCC
-JkQZjiPDceoZJEcEnnW/yKYAHwIDAQABMA0GCSqGSIb3DQEBAgUAA4GBAIob
-K/o5wXTXXtgZZKJYSi034DNHD6zt96rbHuSLBlxgJ8pFUs4W7z8GZOeUaHxg
-MxURaa+dYo2jA1Rrpr7l7gUYYAS/QoD90KioHgE796Ncr6Pc5iaAIzy4RHT3
-Cq5Ji2F4zCS/iIqnDupzGUH9TQPwiNHleI2lKk/2lw0Xd8rY
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/Verisign_Class_2_Public_Primary_Certification_Authority_-_G2.crt b/cert-validity/mozilla/builtin-certs/Verisign_Class_2_Public_Primary_Certification_Authority_-_G2.crt
deleted file mode 100644
index 6565ead23b32..000000000000
--- a/cert-validity/mozilla/builtin-certs/Verisign_Class_2_Public_Primary_Certification_Authority_-_G2.crt
+++ /dev/null
@@ -1,20 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDAzCCAmwCEQC5L2DMiJ+hekYJuFtwbIqvMA0GCSqGSIb3DQEBBQUAMIHB
-MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xPDA6BgNV
-BAsTM0NsYXNzIDIgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRo
-b3JpdHkgLSBHMjE6MDgGA1UECxMxKGMpIDE5OTggVmVyaVNpZ24sIEluYy4g
-LSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTEfMB0GA1UECxMWVmVyaVNpZ24g
-VHJ1c3QgTmV0d29yazAeFw05ODA1MTgwMDAwMDBaFw0yODA4MDEyMzU5NTla
-MIHBMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xPDA6
-BgNVBAsTM0NsYXNzIDIgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBB
-dXRob3JpdHkgLSBHMjE6MDgGA1UECxMxKGMpIDE5OTggVmVyaVNpZ24sIElu
-Yy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTEfMB0GA1UECxMWVmVyaVNp
-Z24gVHJ1c3QgTmV0d29yazCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
-p4gBIXQs5xoD8JjhlzwPIQjxnNuX6Zr8wgQGE75fUsjMHiwSViy4AWkszJkf
-rbCWrnkE8hM5wXuYuggs6MKEEyyqaekJ9MepAqRCwiNPStjwDqL7MWzJ5m+Z
-Jwf15vRMeJ5t60aG+rmGyVTyssSv1EYcWskVMP8NbPUtDm3Of3cCAwEAATAN
-BgkqhkiG9w0BAQUFAAOBgQByLvl/0fFx+8Se9sVeUYpAmLho+Jscg9jinb3/
-7aHmZuovCfTK1+qlK5X2JGCGTUQug6XELaDTrnhpb3LabK4I8GOSN+a7xDAX
-rXfMSTWqz9iP0b63GJZHc2pUIjRkLbYWm1lbtFFZOrMLFPQS32eg9K0yZF6x
-RnInjBJ7xUS0rg==
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/Verisign_Class_2_Public_Primary_Certification_Authority_-_G3.crt b/cert-validity/mozilla/builtin-certs/Verisign_Class_2_Public_Primary_Certification_Authority_-_G3.crt
deleted file mode 100644
index 8a474bf9220b..000000000000
--- a/cert-validity/mozilla/builtin-certs/Verisign_Class_2_Public_Primary_Certification_Authority_-_G3.crt
+++ /dev/null
@@ -1,26 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEGTCCAwECEGFwy0mMX5hFKeewptlQW3owDQYJKoZIhvcNAQEFBQAwgcox
-CzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UE
-CxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazE6MDgGA1UECxMxKGMpIDE5OTkg
-VmVyaVNpZ24sIEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTFFMEMG
-A1UEAxM8VmVyaVNpZ24gQ2xhc3MgMiBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZp
-Y2F0aW9uIEF1dGhvcml0eSAtIEczMB4XDTk5MTAwMTAwMDAwMFoXDTM2MDcx
-NjIzNTk1OVowgcoxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwg
-SW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazE6MDgGA1UE
-CxMxKGMpIDE5OTkgVmVyaVNpZ24sIEluYy4gLSBGb3IgYXV0aG9yaXplZCB1
-c2Ugb25seTFFMEMGA1UEAxM8VmVyaVNpZ24gQ2xhc3MgMiBQdWJsaWMgUHJp
-bWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEczMIIBIjANBgkqhkiG
-9w0BAQEFAAOCAQ8AMIIBCgKCAQEArwoNwtUs22e5LeWUJ92lvuCwTY+zYVY8
-1nzD9M0+hsuiiOLh2KRpxbXiv8GmR1BeRjmL1Za6tW8UvxDOJxOeBUebMXoT
-2B/Z0wI3i60sR/COgQanDTAM6/c8DyAd3HJG7qUCyFvDyVZpTMUYwZF7C9UT
-AJu878NIPkZgIIUq1ZC2zYugzDLdt/1AVbJQHFauzI13TccgTacxdu9okoqQ
-HgiBVrKtaaNS0MscxCM9H5n+TOgWY47GCI72MfbS+uV23bUckqNJzc0BzWjN
-qWm6o+sdDZykIKbBoMXRRkwXbdKsZj+WjOCE1Db/IlnF+RFgqF8EffIa9iVC
-YQ/ESrg+iQIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQA0JhU8wI1NQ0kdvekh
-ktdmnLfexbjQ5F1fdiLAJvmEOjr5jLX77GDx6M4EsMjdpwOPMPOY36TmpDHf
-0xwLRtxyID+u7gU8pDM/CzmscHhzS5kr3zDCVLCoO1Wh/hYozUK9dG6A2ydE
-p85EXdQbkJgNHkKUsQAsBNB0owIFImNjzYO1+8FtYmtpdf1dcEG59b98377B
-MnMiIYtYgXsVkXq642RIsH/7NiXaldDxJBQX3RiAa0YjOVT1jmIJBB2UkKab
-5iXiQkWquJCtvgiPqQtCGJTPcjnhsUPgKM+351psE2tJs//jGHyJizNdrDPX
-p/naOlXJWBD5qu9ats9LS98q
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/Verisign_Class_3_Public_Primary_Certification_Authority.crt b/cert-validity/mozilla/builtin-certs/Verisign_Class_3_Public_Primary_Certification_Authority.crt
deleted file mode 100644
index 30d2107d9ac8..000000000000
--- a/cert-validity/mozilla/builtin-certs/Verisign_Class_3_Public_Primary_Certification_Authority.crt
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICPDCCAaUCEDyRMcsf9tAbDpq40ES/Er4wDQYJKoZIhvcNAQEFBQAwXzEL
-MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQL
-Ey5DbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9y
-aXR5MB4XDTk2MDEyOTAwMDAwMFoXDTI4MDgwMjIzNTk1OVowXzELMAkGA1UE
-BhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz
-cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGf
-MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69q
-RUCPhAwL0TPZ2RHP7gJYHyX3KqhEBarsAx94f56TuZoAqiN91qyFomNFx3In
-zPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/isI19wKTakyYbnsZogy1Olhec9vn2a
-/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0GCSqGSIb3DQEBBQUAA4GBABBy
-UqkFFBkyCEHwxWsKzH4PIRnN5GfcX6kb5sroc50i2JhucwNhkcV8sEVAbkSd
-jbCxlnRhLQ2pRdKkkirWmnWXbj9T/UWZYB2oK0z5XqcJ2HUw19JlYD1n1khV
-dWk/kfVIC0dpImmClr7JyDiGSnoscxlIaU5rfGW/D/xwzoiQ
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/Verisign_Class_3_Public_Primary_Certification_Authority_-_G2.crt b/cert-validity/mozilla/builtin-certs/Verisign_Class_3_Public_Primary_Certification_Authority_-_G2.crt
deleted file mode 100644
index 9950f1f2e0a9..000000000000
--- a/cert-validity/mozilla/builtin-certs/Verisign_Class_3_Public_Primary_Certification_Authority_-_G2.crt
+++ /dev/null
@@ -1,20 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDAjCCAmsCEH3Z/gfPqB63EHln+6eJNMYwDQYJKoZIhvcNAQEFBQAwgcEx
-CzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UE
-CxMzQ2xhc3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhv
-cml0eSAtIEcyMTowOAYDVQQLEzEoYykgMTk5OCBWZXJpU2lnbiwgSW5jLiAt
-IEZvciBhdXRob3JpemVkIHVzZSBvbmx5MR8wHQYDVQQLExZWZXJpU2lnbiBU
-cnVzdCBOZXR3b3JrMB4XDTk4MDUxODAwMDAwMFoXDTI4MDgwMTIzNTk1OVow
-gcExCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoG
-A1UECxMzQ2xhc3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1
-dGhvcml0eSAtIEcyMTowOAYDVQQLEzEoYykgMTk5OCBWZXJpU2lnbiwgSW5j
-LiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MR8wHQYDVQQLExZWZXJpU2ln
-biBUcnVzdCBOZXR3b3JrMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDM
-XtERXVxp0KvTuWpMmR9ZmDCOFoUgRm1HP9SFIIThbbP4pO0M8RcPO/mn+SXX
-wc+EY/J8Y8+iR/LGWzOOZEAEaMGAuWQcRXfH2G71lSk8UOg013gfqLptQ5GV
-j0VXXn7F+8qkBOvqlzdUMG+7AUcyM83cV5tkaWH4mx0ciU9cZwIDAQABMA0G
-CSqGSIb3DQEBBQUAA4GBAFFNzb5cy5gZnBWyATl4Lk0PZ3BwmcYQWpSkU01U
-bSuvDV1Ai2TT1+7eVmGSX6bEHRBhNtMsJzzoKQm5EWR0zLVznxxIqbxhAe7i
-F6YM40AIOw7n60RzKprxaZLvcRTDOaxxp5EJb+RxBrO6WVcmeQD2+A2iMzAo
-1KpYoJ2daZH9
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.crt b/cert-validity/mozilla/builtin-certs/Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.crt
deleted file mode 100644
index 53c88aa13fc6..000000000000
--- a/cert-validity/mozilla/builtin-certs/Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.crt
+++ /dev/null
@@ -1,26 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEGjCCAwICEQCbfgZJoz5iudXukEhxKe9XMA0GCSqGSIb3DQEBBQUAMIHK
-MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNV
-BAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5
-IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBD
-BgNVBAMTPFZlcmlTaWduIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlm
-aWNhdGlvbiBBdXRob3JpdHkgLSBHMzAeFw05OTEwMDEwMDAwMDBaFw0zNjA3
-MTYyMzU5NTlaMIHKMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24s
-IEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNV
-BAsTMShjKSAxOTk5IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQg
-dXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWduIENsYXNzIDMgUHVibGljIFBy
-aW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMzCCASIwDQYJKoZI
-hvcNAQEBBQADggEPADCCAQoCggEBAMu6nFL8eB8aHm8bN3O9+MlrlBIwT/A2
-R/XQkQr1F8ilYcEWQE37imGQ5XYgwREGfassbqb1EUGO+i2tKmFZpGcmTNDo
-vFJbcCAEWNF6yaRpvIMXZK0Fi7zQWM6NjPXr8EJJC52XJ2cybuGukxUccLwg
-TS8Y3pKI6GyFVxEa6X7jJhFUokWWVYPKMIno3Nij7SqAP395ZVc+FSBmCC+V
-k7+qRy+oRpfwEuL+wgorUeZ25rdGt+INpsyow0xZVYnm6FNcHOqd8GIWC6fJ
-Xwzw3sJ2zq/3avL6QaaiMxTJ5Xpj055iN9WFZZ4O5lMkdBteHRJTW8cs54NJ
-OxWuimi5V5cCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAERSWwauSCPc/L8my
-/uRan2Te2yFPhpk0djZX3dAVL8WtfxUfN2JzPtTnX84XA9s1+ivbrmAJXx5f
-j267Cz3qWhMeDGBvtcC1IyIuBwvLqXTLR7sdwdela8wv0kL9Sd2nic9TutoA
-Wii/gt/4uhMdUIaC/Y4wjylGsB49Ndo4YhYYSq3mtlFs3q9i6wHQHiT+eo8S
-GhJouPtmmRQURVyu565pF4ErWjfJXir0xuKhXFSbplQAz/DxwceYMBo7Nhbb
-o27q/a2ywtrvAkcTisDxszGtTxzhT5yvDwyd93gN2PQ1VoDat20Xj50egWTh
-/sVFuq1ruQp6Tk9LhO5L8X3dEQ==
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/Verisign_Class_4_Public_Primary_Certification_Authority_-_G2.crt b/cert-validity/mozilla/builtin-certs/Verisign_Class_4_Public_Primary_Certification_Authority_-_G2.crt
deleted file mode 100644
index 1bcda430ecda..000000000000
--- a/cert-validity/mozilla/builtin-certs/Verisign_Class_4_Public_Primary_Certification_Authority_-_G2.crt
+++ /dev/null
@@ -1,20 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDAjCCAmsCEDKIjprS9esTR/h/xCA3JfgwDQYJKoZIhvcNAQEFBQAwgcEx
-CzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UE
-CxMzQ2xhc3MgNCBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhv
-cml0eSAtIEcyMTowOAYDVQQLEzEoYykgMTk5OCBWZXJpU2lnbiwgSW5jLiAt
-IEZvciBhdXRob3JpemVkIHVzZSBvbmx5MR8wHQYDVQQLExZWZXJpU2lnbiBU
-cnVzdCBOZXR3b3JrMB4XDTk4MDUxODAwMDAwMFoXDTI4MDgwMTIzNTk1OVow
-gcExCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoG
-A1UECxMzQ2xhc3MgNCBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1
-dGhvcml0eSAtIEcyMTowOAYDVQQLEzEoYykgMTk5OCBWZXJpU2lnbiwgSW5j
-LiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MR8wHQYDVQQLExZWZXJpU2ln
-biBUcnVzdCBOZXR3b3JrMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC6
-8OTP+cSuhVS5B1f5j8V/aBH4xBewRNzjMHPVKmIquNDMHO0oW369atyzkSTK
-QWI8/AIBvxwWMZQFl3Zuoq29YRdsTjCG8FE3KlDHqGKB3FtKqsGgtG7rL+VX
-xbErQHDbWk2hjh+9Ax/YA9SPTJlxvOKCzFjomDqG04Y48wApHwIDAQABMA0G
-CSqGSIb3DQEBBQUAA4GBAIWMEsGnuVAVess+rLhDityq3RS6iYF+ATwjcSGI
-L4LcY/oCRaxFWdcqWERbt5+BO5JoPeI3JPV7bI92NZYJqFmduc4jq3TWg/0y
-cyfYaT5DdPauxYma51N86Xv2S/PBZYPejYqcPIiNOVn8qj8ijaHBZlCBckzt
-ImRPT8qAkbYp
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/Verisign_Class_4_Public_Primary_Certification_Authority_-_G3.crt b/cert-validity/mozilla/builtin-certs/Verisign_Class_4_Public_Primary_Certification_Authority_-_G3.crt
deleted file mode 100644
index 050644f8441a..000000000000
--- a/cert-validity/mozilla/builtin-certs/Verisign_Class_4_Public_Primary_Certification_Authority_-_G3.crt
+++ /dev/null
@@ -1,26 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEGjCCAwICEQDsoKeLbnVqAc/EfMwvlF7XMA0GCSqGSIb3DQEBBQUAMIHK
-MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNV
-BAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5
-IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBD
-BgNVBAMTPFZlcmlTaWduIENsYXNzIDQgUHVibGljIFByaW1hcnkgQ2VydGlm
-aWNhdGlvbiBBdXRob3JpdHkgLSBHMzAeFw05OTEwMDEwMDAwMDBaFw0zNjA3
-MTYyMzU5NTlaMIHKMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24s
-IEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNV
-BAsTMShjKSAxOTk5IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQg
-dXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWduIENsYXNzIDQgUHVibGljIFBy
-aW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMzCCASIwDQYJKoZI
-hvcNAQEBBQADggEPADCCAQoCggEBAK3LpRFpxlmr8Y+1GQ9Wzsy1HyDkniYl
-S+BzZYlZ3tCD5PUPtbut8XzoIfzk6AzufEUiGXaStBO3IFsJ+mGuqPKljYXC
-KtbeZjbSmwL0qJJgfJxptI8kHtCGUvYynEFYHiK9zUVilQhu0GbdU6LM8BDc
-VHOLBKFGMzNcF0C5nk3T875Vg+ixiY5afJqWIpA7iCXy0lOIAgwLePLmNxdL
-MEYH5IBtptiWLugs+BGzOA1mppvqySNb247i8xOOGlktqgLw7KSHZtzBP/XY
-ufTsgsbSPZUd5cBPhMnZo0QoBmrXRazwa2rvTl/4EYIeOGM0ZlDUPpNz+jDD
-Zq3/ky2X7wMCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAj/ola09b5KROJ1Wr
-IhVZPMq1CtRK26vdoV9TxaBXOcLORyu+OshWv8LZJxA6sQU8wHcxuzrTBXtt
-mhwwjIDLk5Mqg6sFUYICABFna/OIYUdfA5PVWw3g8dShMjWFsjrbsIKr0csK
-vE+MW8VLADsfKoKmfjaF3H48ZwC15DtS4KjrXRX5xm3wrR0OhbepmnMUWluP
-QSjA1egtTaRezarZ7c7c2NU8Qh0XwRJdRTjDOPP8hS6DRkiy1yBfkjaP53kP
-mF6Z6PDQpLv1U70qzlmwr25/bLvSHgCwIe34QWKCudiyxLtGUPMxxY8BqHTr
-9Xgn2uf3ZkPznoM+IKrDNWCRzg==
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/Visa_eCommerce_Root.crt b/cert-validity/mozilla/builtin-certs/Visa_eCommerce_Root.crt
deleted file mode 100644
index 0c925459e3b9..000000000000
--- a/cert-validity/mozilla/builtin-certs/Visa_eCommerce_Root.crt
+++ /dev/null
@@ -1,23 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDojCCAoqgAwIBAgIQE4Y1TR0/BvLB+WUF1ZAcYjANBgkqhkiG9w0BAQUF
-ADBrMQswCQYDVQQGEwJVUzENMAsGA1UEChMEVklTQTEvMC0GA1UECxMmVmlz
-YSBJbnRlcm5hdGlvbmFsIFNlcnZpY2UgQXNzb2NpYXRpb24xHDAaBgNVBAMT
-E1Zpc2EgZUNvbW1lcmNlIFJvb3QwHhcNMDIwNjI2MDIxODM2WhcNMjIwNjI0
-MDAxNjEyWjBrMQswCQYDVQQGEwJVUzENMAsGA1UEChMEVklTQTEvMC0GA1UE
-CxMmVmlzYSBJbnRlcm5hdGlvbmFsIFNlcnZpY2UgQXNzb2NpYXRpb24xHDAa
-BgNVBAMTE1Zpc2EgZUNvbW1lcmNlIFJvb3QwggEiMA0GCSqGSIb3DQEBAQUA
-A4IBDwAwggEKAoIBAQCvV95WHm6h2mCxlCfLF9sHP4CFT8icttD0b0/Pmdjh
-28JIXDqsOTPHH2qLJj0rNfVIsZHBAk4ElpF7sDPwsRROEW+1QK8bRaVK7362
-rPKgH1g/EkZgPI2h4H3PVz4zHvtH8aoVlwdVZqW1LS7YgFmypw23RuwhY/81
-q6UCzyr0TP579ZRdhE2o8mCP2w4lPJ9zcc+U30rq299yOIzzlr3xF7zSujtF
-Wsan9sYXiwGd/BmoKoMWuDpI/k4+oKsGGelT84ATB+0tvz8KPFUgOSwsAGl0
-lUq8ILKpeeUYiZGo3BxN77t+Nwtd/jmliFKMAGzsGHxBvfaLdXe6YJ2E5/4t
-AgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0G
-A1UdDgQWBBQVOIMPPyw/cDMezUb+B4wg4NfDtzANBgkqhkiG9w0BAQUFAAOC
-AQEAX/FBfXxcCLkr4NWSR/pnXKUTwwMhmytMiUbPWU3J/qVAtmPN3XEolWcR
-zCSs00Rsca4BIGsDoo8Ytyk6feUWYFN4PMCvFYP3j1IzJL1kk5fui/fbGKht
-cbP3LBfQdCVp9/5rPJS+TUtBjE7ic9DjkCJzQ83z7+pzzkWKsKZJ/0x9nXGI
-xHYdkFsd7v3M9+79YKWxehZx0RbQfBI8bGmX265fOZpwLwU8GUYEmSA20GBu
-YQa7FkKMcPcw++DbZqMAAb3mLNqRX6BGi01qnD093QVG/na/oAo85ADmJ7f/
-hC3euiInlhBx6yLt398znM/jra6O1I7mT1GvFpLgXPYHDw==
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/WellsSecure_Public_Root_Certificate_Authority.crt b/cert-validity/mozilla/builtin-certs/WellsSecure_Public_Root_Certificate_Authority.crt
deleted file mode 100644
index c41b59cca4ef..000000000000
--- a/cert-validity/mozilla/builtin-certs/WellsSecure_Public_Root_Certificate_Authority.crt
+++ /dev/null
@@ -1,30 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEvTCCA6WgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBhTELMAkGA1UEBhMC
-VVMxIDAeBgNVBAoMF1dlbGxzIEZhcmdvIFdlbGxzU2VjdXJlMRwwGgYDVQQL
-DBNXZWxscyBGYXJnbyBCYW5rIE5BMTYwNAYDVQQDDC1XZWxsc1NlY3VyZSBQ
-dWJsaWMgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDcxMjEzMTcw
-NzU0WhcNMjIxMjE0MDAwNzU0WjCBhTELMAkGA1UEBhMCVVMxIDAeBgNVBAoM
-F1dlbGxzIEZhcmdvIFdlbGxzU2VjdXJlMRwwGgYDVQQLDBNXZWxscyBGYXJn
-byBCYW5rIE5BMTYwNAYDVQQDDC1XZWxsc1NlY3VyZSBQdWJsaWMgUm9vdCBD
-ZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
-ggEKAoIBAQDub7S9eeKPCCGeOARBJe+rWxxTkqxtnt3CxC5FlAM1iGd0V+Pf
-jLindo8796jE2yljDpFoNoqXjopxaAkH5OjUDk/41itMpBb570OYj7OeUt9t
-kTmPOL13i0Nj67eT/DBMHAGTthP796EfvyXhdDcsHqRePGj4S78NuR4uNuip
-5Kf4D8uCdXw1LSLWwr8L87T8bJVhHlfXBIEyg1J55oNjz7fLY4sR4r1e6/aN
-7ZVyKLSsEmLpSjPmgzKuBXWVvYSV2ypcm44uDLiBK0HmOFafSZtsdvqKXfcB
-eYF8wYNABf5x/Qw/zE5gCQ5lRxAvAcAFP4/4s0HvWkJ+We/SlwxlAgMBAAGj
-ggE0MIIBMDAPBgNVHRMBAf8EBTADAQH/MDkGA1UdHwQyMDAwLqAsoCqGKGh0
-dHA6Ly9jcmwucGtpLndlbGxzZmFyZ28uY29tL3dzcHJjYS5jcmwwDgYDVR0P
-AQH/BAQDAgHGMB0GA1UdDgQWBBQmlRkQ2eihl5H/3BnZtQQ+0nMKajCBsgYD
-VR0jBIGqMIGngBQmlRkQ2eihl5H/3BnZtQQ+0nMKaqGBi6SBiDCBhTELMAkG
-A1UEBhMCVVMxIDAeBgNVBAoMF1dlbGxzIEZhcmdvIFdlbGxzU2VjdXJlMRww
-GgYDVQQLDBNXZWxscyBGYXJnbyBCYW5rIE5BMTYwNAYDVQQDDC1XZWxsc1Nl
-Y3VyZSBQdWJsaWMgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHmCAQEwDQYJ
-KoZIhvcNAQEFBQADggEBALkVsUSRzCPIK0134/iaeycNzXK7mQDKfGYZUMbV
-mO2rvwNa5U3lHshPcZeG1eMd/ZDJPHV3V3p9+N701NX3leZ0bh08rnyd2wID
-BSxxSyU+B+NemvVmFymIGjifz6pBA4SXa5M4esowRBskRDPQ5NHcKDj0E0M1
-NSljqHyita04pO2t/caaH/+Xc/77szWnk4bGdpEA5qxRFsQnMlzbc9qlk1eO
-Pm01JghZ1edE13YgY+esE2fDbbFwRnzVlhE9iW9dqKHrjQrawx0zbKPqZxma
-mX9LPYNRKh3KL4YMon4QLSvUFpULB6ouFJJJtylv2G0xffX8oRAHh84vWdw+
-WNs=
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/Wells_Fargo_Root_CA.crt b/cert-validity/mozilla/builtin-certs/Wells_Fargo_Root_CA.crt
deleted file mode 100644
index a2536c528d8a..000000000000
--- a/cert-validity/mozilla/builtin-certs/Wells_Fargo_Root_CA.crt
+++ /dev/null
@@ -1,25 +0,0 @@
------BEGIN CERTIFICATE-----
-MIID5TCCAs2gAwIBAgIEOeSXnjANBgkqhkiG9w0BAQUFADCBgjELMAkGA1UE
-BhMCVVMxFDASBgNVBAoTC1dlbGxzIEZhcmdvMSwwKgYDVQQLEyNXZWxscyBG
-YXJnbyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEvMC0GA1UEAxMmV2VsbHMg
-RmFyZ28gUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDAxMDExMTY0
-MTI4WhcNMjEwMTE0MTY0MTI4WjCBgjELMAkGA1UEBhMCVVMxFDASBgNVBAoT
-C1dlbGxzIEZhcmdvMSwwKgYDVQQLEyNXZWxscyBGYXJnbyBDZXJ0aWZpY2F0
-aW9uIEF1dGhvcml0eTEvMC0GA1UEAxMmV2VsbHMgRmFyZ28gUm9vdCBDZXJ0
-aWZpY2F0ZSBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
-AoIBAQDVqDM7Jvk0/82bfuUER84A4n135zHCLielTWi5MbqNQ1mXx3Oqfz1c
-QJ4F5aHiidlMuD+b+Qy0yGIZLEWukR5zcUHESxP9cMIlrCL1dQu3U+SlK93O
-vRw6esP3E48mVJwWa2uv+9iWsWCaSOAlIiR5NM4OJgALTqv9i86C1y8IcGjB
-qAr5dE8Hq6T54oN+J3N0Prj5OEL8pahbSCOz6+MlsoCultQKnMJ4msZoGK43
-YjdeUXWoWGPAUe5AeH6orxqg4bB4nVCMe+ez/I4jsNtlAHCEAQgAFG5Uhpq6
-zPk3EPbg3oQtnaSFN9OH4xXQwReQfhkhahKpdv0SAulPIV4XAgMBAAGjYTBf
-MA8GA1UdEwEB/wQFMAMBAf8wTAYDVR0gBEUwQzBBBgtghkgBhvt7hwcBCzAy
-MDAGCCsGAQUFBwIBFiRodHRwOi8vd3d3LndlbGxzZmFyZ28uY29tL2NlcnRw
-b2xpY3kwDQYJKoZIhvcNAQEFBQADggEBANIn3ZwKdyu7IvICtUpKkfnRLb7k
-uxpo7w6kAOnu5+/u9vnldKTC2FJYxHT7zmu1Oyl5GFrvm+0fazbuSCUlFLZW
-ohDo7qd/0D+j0MNdJu4HzMPBJCGHHt8qElNvQRbn7a6U+oxy+hNH8Dx+rn0R
-OhPs7fpvcmR7nX1/Jv16+yWt6j4pf0zjAFcysLPp7VMX2YuyFA4w6OXVE8Zk
-r8QA1dhYJPz1j+zxx32l2w8n0cbyQIjmH/ZhqPRCyLk306m+LFZ4wnKbWV01
-QIroTmMatukgalHizqSQ33ZwmVxwQ023tqcZZE6St8WRPH9IFmV7Fv3L/PvZ
-1dZPIWU7Sn9Ho/s=
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/XRamp_Global_CA_Root.crt b/cert-validity/mozilla/builtin-certs/XRamp_Global_CA_Root.crt
deleted file mode 100644
index 08754538f6ef..000000000000
--- a/cert-validity/mozilla/builtin-certs/XRamp_Global_CA_Root.crt
+++ /dev/null
@@ -1,26 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEMDCCAxigAwIBAgIQUJRs7Bjq1ZxN1ZfvdY+grTANBgkqhkiG9w0BAQUF
-ADCBgjELMAkGA1UEBhMCVVMxHjAcBgNVBAsTFXd3dy54cmFtcHNlY3VyaXR5
-LmNvbTEkMCIGA1UEChMbWFJhbXAgU2VjdXJpdHkgU2VydmljZXMgSW5jMS0w
-KwYDVQQDEyRYUmFtcCBHbG9iYWwgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw
-HhcNMDQxMTAxMTcxNDA0WhcNMzUwMTAxMDUzNzE5WjCBgjELMAkGA1UEBhMC
-VVMxHjAcBgNVBAsTFXd3dy54cmFtcHNlY3VyaXR5LmNvbTEkMCIGA1UEChMb
-WFJhbXAgU2VjdXJpdHkgU2VydmljZXMgSW5jMS0wKwYDVQQDEyRYUmFtcCBH
-bG9iYWwgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEB
-AQUAA4IBDwAwggEKAoIBAQCYJB69FbS638eMpSe2OAtp87ZOqCwuIR1cRN8h
-XX4jdP5efrRKt6atH67gBhbim1vZZ3RrXYCPKZ2GG9mcDZhtdhAoWORlsH9K
-mHmf4MMxfoArtYzAQDsRhtDLooY2YKTVMIJt2W7QDxIEM5dfT2Fa8OT5kavn
-HTu86M/0ay00fOJIYRyO82FEzG+gSqmUsE3a56k0enI4qEHMPJQRfevIpoy3
-hsvKMzvZPTeL+3o+hiznc9cKV6xkmxnr9A8ECIqsAxcZZPRaJSKNNCyy9mgd
-Em3Tih4U2sSPpuIjhdV6Db1q4Ons7Be7QhtnqiXtRYMh/MHJfNViPvryxS3T
-/dRlAgMBAAGjgZ8wgZwwEwYJKwYBBAGCNxQCBAYeBABDAEEwCwYDVR0PBAQD
-AgGGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFMZPoj0GY4QJnM5i5ASs
-jVy16bYbMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9jcmwueHJhbXBzZWN1
-cml0eS5jb20vWEdDQS5jcmwwEAYJKwYBBAGCNxUBBAMCAQEwDQYJKoZIhvcN
-AQEFBQADggEBAJEVOQMBG2f7Shz5CmBbodpNl2L5JFMn14JkTpAuw0kbK5rc
-/Kh4ZzXxHfARvbdI4xD2Dd8/0sm2qlWkSLoC295ZLhVbO50WfUfXN+pfTXYS
-Nrsf16GBBEYgoyxtqZ4Bfj8pzgCT3/3JknOJiWSe5yvkHJEs0rnOfc5vMZnT
-5r7SHpDwCRR5XCOrTdLaIR9NmXmd4c8nnxCbHIgNsIpkQTG4DmyQJKSbXHGP
-urt+HBvbaoAPIbzp26a3QPSyi6mx5O+aGtA9aZnuqCij4Tyz8LIRnM98QObd
-50N9otg6tamN8jSZxNQQ4Qb9CYQQO+7ETPTsJ3xCwnR8gooJybQDJbw=
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/certSIGN_ROOT_CA.crt b/cert-validity/mozilla/builtin-certs/certSIGN_ROOT_CA.crt
deleted file mode 100644
index 10c23ddab629..000000000000
--- a/cert-validity/mozilla/builtin-certs/certSIGN_ROOT_CA.crt
+++ /dev/null
@@ -1,21 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDODCCAiCgAwIBAgIGIAYFFnACMA0GCSqGSIb3DQEBBQUAMDsxCzAJBgNV
-BAYTAlJPMREwDwYDVQQKEwhjZXJ0U0lHTjEZMBcGA1UECxMQY2VydFNJR04g
-Uk9PVCBDQTAeFw0wNjA3MDQxNzIwMDRaFw0zMTA3MDQxNzIwMDRaMDsxCzAJ
-BgNVBAYTAlJPMREwDwYDVQQKEwhjZXJ0U0lHTjEZMBcGA1UECxMQY2VydFNJ
-R04gUk9PVCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALcz
-uX7IJUqOtdu0KBuqV5Do0SLTZLrTk+jUrIZhQGpgV2hUhE28alQCBf/fm5oq
-rl0Hj0rDKH/v+yv6efHHrfAQUySQi2bJqIirr1qjAOm+ukbuW3N7LBeCgV5i
-LKECZbO9xSsAfsT8AzNXDe3i+s5dRdY4zTW2ssHQnIFKquSyAVwdj1+ZxLGt
-24gh65AIgoDzMKND5pCCrlUoSe1b16kQOA7+j0xbm0bqQfWwCHTD0IgztnzX
-dN/chNFDDnU5oSVAKOp4yw4sLjmdjItuFhwvJoIQ4uNllAoEwF73XVv4EOLQ
-unpL+943AAAaWyjj0pxzPjKHmKHJUS/X3qwzs08CAwEAAaNCMEAwDwYDVR0T
-AQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAcYwHQYDVR0OBBYEFOCMm9slSbPx
-fIbWskKHC9BroNnkMA0GCSqGSIb3DQEBBQUAA4IBAQA+0hyJLjX8+HXd5n9l
-iPRyTMks1zJO890ZeUe9jjtbkw9QSSQTaxQGcu8J06Gh40CEyecYMnQ8SG4P
-n0vU9x7Tk4ZkVJdjclDVVc/6IJMCopvDI5NOFlV2oHB5bc0hH88vLbwZ44gx
-+FkagQnIl6Z0x2DEW8xXjrJ1/RsCCdtZb3KTafcxQdaIOL+Hsr0Wefmq5L6I
-Jd1hJyMctTEHBDa0GpC9oHRxUIltvBTjD4au8as+x6AJzKNI0eDbZOeStc+v
-ckNwi/nDhDwTqn6Sm1dTk/pwwpEOMfmbZ13pljheX7NzTogVZ96edhBiIL5V
-aZVDADlN9u6wWk5JRFRYX0KD
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/ePKI_Root_Certification_Authority.crt b/cert-validity/mozilla/builtin-certs/ePKI_Root_Certification_Authority.crt
deleted file mode 100644
index bbb55c087ec1..000000000000
--- a/cert-validity/mozilla/builtin-certs/ePKI_Root_Certification_Authority.crt
+++ /dev/null
@@ -1,35 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFsDCCA5igAwIBAgIQFci9ZUdcr7iXAF7kBtK8nTANBgkqhkiG9w0BAQUF
-ADBeMQswCQYDVQQGEwJUVzEjMCEGA1UECgwaQ2h1bmdod2EgVGVsZWNvbSBD
-by4sIEx0ZC4xKjAoBgNVBAsMIWVQS0kgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1
-dGhvcml0eTAeFw0wNDEyMjAwMjMxMjdaFw0zNDEyMjAwMjMxMjdaMF4xCzAJ
-BgNVBAYTAlRXMSMwIQYDVQQKDBpDaHVuZ2h3YSBUZWxlY29tIENvLiwgTHRk
-LjEqMCgGA1UECwwhZVBLSSBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5
-MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA4SUP7o3biDN1Z82t
-H306Tm2d0y8U82N0ywEhajfqhFAHSyZbCUNsIZ5qyNUD9WBpj8zwIuQf5/dq
-IjG3LBXy4P4AakP/h2XGtRrBp0xtInAhijHyl3SJCRImHJ7K2RKilTza6We/
-CKBk49ZCt0Xvl/T29de1ShUCWH2YWEtgvM3XDZoTM1PRYfl61dd4s5oz9wCG
-zh1NlDivqOx4UXCKXBCDUSH3ET00hl7lSM2XgYI1TBnsZfZrxQWh7kcT1rMh
-J5QQCtkkO7q+RBNGMD+XPNjX12ruOzjjK9SXDrkb5wdJfzcq+Xd4z1TtW0ad
-o4AOkUPB1ltfFLqfpo0kR0BZv3I4sjZsN/+Z0V0OWQqraffAsgRFelQArr5T
-9rXn4fg8ozHSqf4hUmTFpmfwdQcGlBSBVcYn5AGPF8Fqcde+S/uUWH1+ETOx
-QvdibBjWzwloPn9s9h6PYq2lY9sJpx8iQkEeb5mKPtf5P0B6ebClAZLSnT0I
-FaUQAS2zMnaolQ2zepr7BxB4EW/hj8e6DyUadCrlHJhBmd8hh+iVBmoKs2pH
-dmX2Os+PYhcZewoozRrSgx4hxyy/vv9haLdnG7t4TY3OZ+XkwY63I2binZB1
-NJipNiuKmpS5nezMirH4JYlcWrYvjB9teSSnUmjDhDXiZo1jDiVN1Rmy5nk3
-pyKdVDECAwEAAaNqMGgwHQYDVR0OBBYEFB4M97Zn8uGSJglFwFU5Lnc/Qkqi
-MAwGA1UdEwQFMAMBAf8wOQYEZyoHAAQxMC8wLQIBADAJBgUrDgMCGgUAMAcG
-BWcqAwAABBRFsMLHClZ87lt4DJX5GFPBphzYEDANBgkqhkiG9w0BAQUFAAOC
-AgEACbODU1kBPpVJufGBuvl2ICO1J2B01GqZNF5sAFPZn/KmsSQHRGoqxqWO
-eBLoR9lYGxMqXnmbnwoqZ6YlPwZpVnPDimZI+ymBV3QGypzqKOg4ZyYr8dW1
-P2WT+DZdjo2NQCCHGervJ8A9tDkPJXtoUHRVnAxZfVo9QZQlUgjgRywVMRnV
-vwdVxrsStZf0X4OFunHB2WyBEXYKCrC/gpf36j36+uwtqSiUO1bd0lEursC9
-CBWMd1I0ltabrNMdjmEPNXubrjlpC2JgQCA2j6/7Nu4tCEoduL+bXPjqpRug
-c6bY+G7gMwRfaKonh+3ZwZCc7b3jajWvY9+rGNm65ulK6lCKD2GTHuItGeIw
-lDWSXQ62B68ZgI9HkFFLLk3dheLSClIKF5r8GrBQAuUBo2M3IUxExJtRmREO
-c5wGj1QupyheRDmHVi03vYVElOEMSyycw5KFNGHLD7ibSkNS/jQ6fbjpKdx2
-qcgw+BRxgMYeNkh0IkFch4LoGHGLQYlE535YW6i4jRPpp2zDR+2zGp1iro2C
-6pSe3VkQw63d4k3jMdXH7OjysP6SHhYKGvzZ8/gntsm+HbRsZJB/9OTEW9c3
-rkIO3aQab3yIVMUWbuF6aC74Or8NpDyJO3inTmODBCEIZ43ygknQW/2xzQ+D
-hNQ+IIX3Sj0rnP0qCglN6oH4EZw=
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/thawte_Primary_Root_CA.crt b/cert-validity/mozilla/builtin-certs/thawte_Primary_Root_CA.crt
deleted file mode 100644
index fe0c8bd9a73f..000000000000
--- a/cert-validity/mozilla/builtin-certs/thawte_Primary_Root_CA.crt
+++ /dev/null
@@ -1,26 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEIDCCAwigAwIBAgIQNE7VVyDV7exJ9C/ON9srbTANBgkqhkiG9w0BAQUF
-ADCBqTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYG
-A1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UE
-CxMvKGMpIDIwMDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNl
-IG9ubHkxHzAdBgNVBAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwHhcNMDYx
-MTE3MDAwMDAwWhcNMzYwNzE2MjM1OTU5WjCBqTELMAkGA1UEBhMCVVMxFTAT
-BgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBT
-ZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIwMDYgdGhhd3RlLCBJ
-bmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxHzAdBgNVBAMTFnRoYXd0
-ZSBQcmltYXJ5IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
-AoIBAQCsoPD7gFnUnMekz52hWXMJEEUMDSxuaPFsW0hoSVk3/AszGcJ3f8wQ
-LZU0HObrTQmnHNK4yZc2AreJ1CRfBsDMRJSUjQJib+ta3RGNKJpchJAQeg29
-dGYvajig4tVUROsdB58Hum/u6f1OCyn1PoSgAfGcq/gcfomk6KHYcWUNo1F7
-7rzSImANuVud37r8UVsLr5iy6S7pBOhih94ryNdOwUxkHt3Ph1i6Sk/KaAcd
-HJ1KxtUvkcx8cXIcxcBn6zL9yZJclNqFwJu/U30rCfSMnZEfl2pSy94JNqR3
-2HuHUETVPm4pafs5SSYeCaWAe0At6+gnhcn+Yf1+5nyXHdWdAgMBAAGjQjBA
-MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBR7
-W0XPr87Lev0xkhpqtvNG61dIUDANBgkqhkiG9w0BAQUFAAOCAQEAeRHAS7OR
-tvzw6WfUDW5FvlXok9LOAz/t2iWwHVfLHjp2oEzsUHboZHIMpKnxuIvW1oeE
-uzLlQRHAd9mzYJ3rG9XRbkREqaYB7FViHXe4XI5ISXycO1cRrK1zN44veFyQ
-aEfZYGDm/Ac9IiAXxPcW6cTYcvnIc3zfFi8VqT79aie2oetaupgf1eNNZAqd
-E8hhuvU5HIe6uL17In/2/qxAeeWsEG89jxt5dovEN7MhGITlNgDrYyCZuen+
-MwS7QcjBAvlEYyCegc5C09Y/LHbTY5xZ3Y+m4Q6gLkH3LpVHz7z9M/P2C2F+
-fpErgUfCJzDupxBdN49cOSvkBPB7jVaMaA==
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/thawte_Primary_Root_CA_-_G2.crt b/cert-validity/mozilla/builtin-certs/thawte_Primary_Root_CA_-_G2.crt
deleted file mode 100644
index b68a3e7d6bb8..000000000000
--- a/cert-validity/mozilla/builtin-certs/thawte_Primary_Root_CA_-_G2.crt
+++ /dev/null
@@ -1,17 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICiDCCAg2gAwIBAgIQNfwmXNmET8k9Jj1Xm67XVjAKBggqhkjOPQQDAzCB
-hDELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjE4MDYGA1UE
-CxMvKGMpIDIwMDcgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNl
-IG9ubHkxJDAiBgNVBAMTG3RoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EgLSBHMjAe
-Fw0wNzExMDUwMDAwMDBaFw0zODAxMTgyMzU5NTlaMIGEMQswCQYDVQQGEwJV
-UzEVMBMGA1UEChMMdGhhd3RlLCBJbmMuMTgwNgYDVQQLEy8oYykgMjAwNyB0
-aGF3dGUsIEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTEkMCIGA1UE
-AxMbdGhhd3RlIFByaW1hcnkgUm9vdCBDQSAtIEcyMHYwEAYHKoZIzj0CAQYF
-K4EEACIDYgAEotWcgnuVnfFSeIf+iha/BebfowJPDQfGAFG6DAJSLSKkQjnE
-/o/qycG+1E3/n3qe4rF8mq2nhglzh9HnmuN6papu+7qzcMBniKI11KOasf2t
-wu8x+qi58/sIxpHR+ymVo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB
-/wQEAwIBBjAdBgNVHQ4EFgQUmtgAMADna3+FGO6Lts6KDPgR4bswCgYIKoZI
-zj0EAwMDaQAwZgIxAN344FdHW6fmCsO99YCKlzUNG4k8VIZ3KMqh9HneteY4
-sPBlcIx/AlTCv//YoT7ZzwIxAMSNlPzcU9LcnXgWHxUzI1NS41oxXZ3Krr0T
-KUQNJ1uo52icEvdYPy5yAlejj6EULg==
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/builtin-certs/thawte_Primary_Root_CA_-_G3.crt b/cert-validity/mozilla/builtin-certs/thawte_Primary_Root_CA_-_G3.crt
deleted file mode 100644
index 8467a594a2c6..000000000000
--- a/cert-validity/mozilla/builtin-certs/thawte_Primary_Root_CA_-_G3.crt
+++ /dev/null
@@ -1,26 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEKjCCAxKgAwIBAgIQYAGXt0an6rS0mtZLL/eQ+zANBgkqhkiG9w0BAQsF
-ADCBrjELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYG
-A1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UE
-CxMvKGMpIDIwMDggdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNl
-IG9ubHkxJDAiBgNVBAMTG3RoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EgLSBHMzAe
-Fw0wODA0MDIwMDAwMDBaFw0zNzEyMDEyMzU5NTlaMIGuMQswCQYDVQQGEwJV
-UzEVMBMGA1UEChMMdGhhd3RlLCBJbmMuMSgwJgYDVQQLEx9DZXJ0aWZpY2F0
-aW9uIFNlcnZpY2VzIERpdmlzaW9uMTgwNgYDVQQLEy8oYykgMjAwOCB0aGF3
-dGUsIEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTEkMCIGA1UEAxMb
-dGhhd3RlIFByaW1hcnkgUm9vdCBDQSAtIEczMIIBIjANBgkqhkiG9w0BAQEF
-AAOCAQ8AMIIBCgKCAQEAsr8nLPvb2FvdeHsbnndmgcs+vHyu86YnmjSjaDFx
-ODNi5PNxZnmxqWWjpYvVj2AtP0LMqmsywCPLLEHd5N/8YZzic7IilRFDGF/E
-th9XbAoFWCLINkw6fKXRz4aviKdEAhN0cXMKQlkC+BsUa0Lfb1+6a4KinVvn
-Sr0eAXLbS3ToO39/fR8EtCab4LRarEc9VbjXsCZSKAExQGbY2SS99irY7CFJ
-XJv2eul/VTV+lmuNk5Mny5K76qxAwJ/C+IDPXfRa3M50hqY+bAtTyr2SzhkG
-cuYMXDhpxwTWvGzOW/b3aJzcJRVIiKHpqfiYnODz1TEoYRFsZ5aNOZnLwkUk
-OQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAd
-BgNVHQ4EFgQUrWyqlGCc7eT/+j4KdCtjA/e2Wb8wDQYJKoZIhvcNAQELBQAD
-ggEBABpA2JVlrAmSicY59BDlqQ5mU1143vokkbvnRFHfxhY0Cu9qRFHqKweK
-A3rD6z8KLFIWoCtDuSWQP3CpMyVtRRooOyfPqsMpQhvfO0zAMzRbQYi/aytl
-ryjvsvXDqmbOe1but8jLZ8HJnBoYuMTDSQPxYA5QzUbF83d597YV4Djbxy8o
-oAw/dyZ02SUS2jHaGh7cKUGRIjxpp7sC8rZcJwOJ9Abqm+RyguOhCcHpABnT
-PtRwa7pxpqpYrvS76Wy274fMm7v/OeZWYdMKp8RcTGB7BXcmer/YB1IsYvdw
-Y9k5vG8cwnncdimvzsUsZAReiDZuMdRAGmI0Nj81Aa6sY6A=
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/00673b5b.0 b/cert-validity/mozilla/hashed/00673b5b.0
deleted file mode 100644
index fe0c8bd9a73f..000000000000
--- a/cert-validity/mozilla/hashed/00673b5b.0
+++ /dev/null
@@ -1,26 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEIDCCAwigAwIBAgIQNE7VVyDV7exJ9C/ON9srbTANBgkqhkiG9w0BAQUF
-ADCBqTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYG
-A1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UE
-CxMvKGMpIDIwMDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNl
-IG9ubHkxHzAdBgNVBAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwHhcNMDYx
-MTE3MDAwMDAwWhcNMzYwNzE2MjM1OTU5WjCBqTELMAkGA1UEBhMCVVMxFTAT
-BgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBT
-ZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIwMDYgdGhhd3RlLCBJ
-bmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxHzAdBgNVBAMTFnRoYXd0
-ZSBQcmltYXJ5IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
-AoIBAQCsoPD7gFnUnMekz52hWXMJEEUMDSxuaPFsW0hoSVk3/AszGcJ3f8wQ
-LZU0HObrTQmnHNK4yZc2AreJ1CRfBsDMRJSUjQJib+ta3RGNKJpchJAQeg29
-dGYvajig4tVUROsdB58Hum/u6f1OCyn1PoSgAfGcq/gcfomk6KHYcWUNo1F7
-7rzSImANuVud37r8UVsLr5iy6S7pBOhih94ryNdOwUxkHt3Ph1i6Sk/KaAcd
-HJ1KxtUvkcx8cXIcxcBn6zL9yZJclNqFwJu/U30rCfSMnZEfl2pSy94JNqR3
-2HuHUETVPm4pafs5SSYeCaWAe0At6+gnhcn+Yf1+5nyXHdWdAgMBAAGjQjBA
-MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBR7
-W0XPr87Lev0xkhpqtvNG61dIUDANBgkqhkiG9w0BAQUFAAOCAQEAeRHAS7OR
-tvzw6WfUDW5FvlXok9LOAz/t2iWwHVfLHjp2oEzsUHboZHIMpKnxuIvW1oeE
-uzLlQRHAd9mzYJ3rG9XRbkREqaYB7FViHXe4XI5ISXycO1cRrK1zN44veFyQ
-aEfZYGDm/Ac9IiAXxPcW6cTYcvnIc3zfFi8VqT79aie2oetaupgf1eNNZAqd
-E8hhuvU5HIe6uL17In/2/qxAeeWsEG89jxt5dovEN7MhGITlNgDrYyCZuen+
-MwS7QcjBAvlEYyCegc5C09Y/LHbTY5xZ3Y+m4Q6gLkH3LpVHz7z9M/P2C2F+
-fpErgUfCJzDupxBdN49cOSvkBPB7jVaMaA==
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/02b73561.0 b/cert-validity/mozilla/hashed/02b73561.0
deleted file mode 100644
index 2531148b767d..000000000000
--- a/cert-validity/mozilla/hashed/02b73561.0
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEPzCCAyegAwIBAgIBATANBgkqhkiG9w0BAQUFADB+MQswCQYDVQQGEwJH
-QjEbMBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxm
-b3JkMRowGAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEkMCIGA1UEAwwbU2Vj
-dXJlIENlcnRpZmljYXRlIFNlcnZpY2VzMB4XDTA0MDEwMTAwMDAwMFoXDTI4
-MTIzMTIzNTk1OVowfjELMAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIg
-TWFuY2hlc3RlcjEQMA4GA1UEBwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2Rv
-IENBIExpbWl0ZWQxJDAiBgNVBAMMG1NlY3VyZSBDZXJ0aWZpY2F0ZSBTZXJ2
-aWNlczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMBxM4KK0HDr
-c4eCQNUd5MvJDkKQ+d40uaG6EfQlhfPMcm3ye5drswfxdySRXyWP9nQ95IDC
-+DwN879A6vfIUtFyb+/Iq0G4bi4XKpVpDM3SHpR7LZQdqnXXs5jLrLxkU0C8
-j6ysNstcrbvd4JQX7NFc0L/vpZXJkMWwrPsbQ996CF23uPJAGysnnlDOXmWC
-iIxe004MeuoIkbY2qitC++rCoznl2yY4rYsK7hljxxwk3wN42ubqwUcaCwtG
-Cd0C/N7Lh1/XMGNooa7cMqG6vv5Eq2i2pRcV/b3Vp6ea5EQz6YiO/O1R65Nx
-Tq0B50SOqy3LqP4BSUjwwN3HaNiS/j0CAwEAAaOBxzCBxDAdBgNVHQ4EFgQU
-PNiTiMLAggnMAZkGkyDpnnAJY08wDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB
-/wQFMAMBAf8wgYEGA1UdHwR6MHgwO6A5oDeGNWh0dHA6Ly9jcmwuY29tb2Rv
-Y2EuY29tL1NlY3VyZUNlcnRpZmljYXRlU2VydmljZXMuY3JsMDmgN6A1hjNo
-dHRwOi8vY3JsLmNvbW9kby5uZXQvU2VjdXJlQ2VydGlmaWNhdGVTZXJ2aWNl
-cy5jcmwwDQYJKoZIhvcNAQEFBQADggEBAIcBbSMdflsXfcFhMs+P5/OKlFlm
-4J4oqF7Tt/Q05qo5spcWxYJvMqTpjOev/e/C6LlLqqP05tqNZSH7uoDrJiiF
-Gv45jN5bBAS0VPmjZ55B+glSzAVIqMk/IQQezkhr/IXownuvf7fM+F86/TXG
-De+X3EyrEeFryzHRbPtIgKvcnDe4IRRLDXE97IMzbtFuMhbsmMcWi1mmNKsF
-Vy2T96oTy9IT4rcuO81rUBcJaD61JlfutuC23bkpgHl9j6PwpCikFcSF9CfU
-a7/lXORlAnZUtOM3ZiTTGWHIUhDlizeauan5Hb/qmZJhlv8BzaFfDbxxvA6s
-Cx1HRR3B7Hzs/Sk=
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/0481cb65.0 b/cert-validity/mozilla/hashed/0481cb65.0
deleted file mode 100644
index 42934914e487..000000000000
--- a/cert-validity/mozilla/hashed/0481cb65.0
+++ /dev/null
@@ -1,36 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIF5jCCA86gAwIBAgIBATANBgkqhkiG9w0BAQUFADCBgzELMAkGA1UEBhMC
-VVMxHTAbBgNVBAoTFEFPTCBUaW1lIFdhcm5lciBJbmMuMRwwGgYDVQQLExNB
-bWVyaWNhIE9ubGluZSBJbmMuMTcwNQYDVQQDEy5BT0wgVGltZSBXYXJuZXIg
-Um9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAyMB4XDTAyMDUyOTA2MDAw
-MFoXDTM3MDkyODIzNDMwMFowgYMxCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRB
-T0wgVGltZSBXYXJuZXIgSW5jLjEcMBoGA1UECxMTQW1lcmljYSBPbmxpbmUg
-SW5jLjE3MDUGA1UEAxMuQU9MIFRpbWUgV2FybmVyIFJvb3QgQ2VydGlmaWNh
-dGlvbiBBdXRob3JpdHkgMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
-ggIBALQ3WggWmRToVbEbJGv8x4vmh6mJ7ouZzU9AhqS2TcnZsdw8TQ2FTBVs
-RotSeJ/4I/1n9SQ6aF3Q92RhQVSji6UI0ilbm2BPJoPRYxJWSXakFsKlnUWs
-i4SVqBax7J/qJBrvuVdcmiQhLE0OcR+mrF1FdAOYxFSMFkpBd4aVdQxHAWZg
-/BXxD+r1FHjHDtdugRxev17nOirYlxcwfACtCJ0zr7iZYYCLqJV+FNwSbKTQ
-2O9ASQI2+W6p1h2WVgSysy0WVoaP2SBXgM1nEG2wTPDaRrbqJS5Gr42whTg0
-ixQmgiusrpkLjhTXUr2eacOGAgvqdnUxCc4zGSGFQ+aJLZ8lN2fxI2rSAG2X
-+Z/nKcrdH9cG6rjJuQkhn8g/BsXS6RJGAE57COtCPStIbp1n3UsC5ETzkxml
-J85per5n0/xQpCyrw2u544BMzwVhSyvcG7mm0tCq9Stz+86QNZ8MUhy/XCFh
-EVsVS6kkUfykXPcXnbDS+gfpj1bkGoxoigTTfFrjnqKhynFbotSg5ymFXQNo
-Kk/SBtc9+cMDLz9l+WceR0DTYw/j1Y75hauXTLPXJuuWCpTehTacyH+BCQJJ
-Kg71ZDIMgtG6aoIbs0t0EfOMd9afv9w3pKdVBC/UMejTRrkDfNoSTllkt1Ex
-MVCgyhwn2RAurda9EGYrw7AiShJbAgMBAAGjYzBhMA8GA1UdEwEB/wQFMAMB
-Af8wHQYDVR0OBBYEFE9pbQN+nZ8HGEO8txBO1b+pxCAoMB8GA1UdIwQYMBaA
-FE9pbQN+nZ8HGEO8txBO1b+pxCAoMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG
-9w0BAQUFAAOCAgEAO/Ouyuguh4X7ZVnnrREUpVe8WJ8kEle7+z802u6teio0
-cnAxa8cZmIDJgt43d15Ui47y6mdPyXSEkVYJ1eV6moG2gcKtNuTxVBFT8zRF
-ASbI5Rq8NEQh3q0l/HYWdyGQgJhXnU7q7C+qPBR7V8F+GBRn7iTGvboVsNIY
-vbdVgaxTwOjdaRITQrcCtQVBynlQboIOcXKTRuidDV29rs4prWPVVRaAMCf/
-drr3uNZK49m1+VLQTkCpx+XCMseqdiThawVQ68W/ClTluUI8JPu3B5wwn3la
-5uBAUhX0/Kr0VvlEl4ftDmVyXr4m+02kLQgH3thcoNyBM5kYJRF3p+v9WAks
-mWsbivNSPxpNSGDxoPYzAlOL7SUJuA0t7Zdz7NeWH45gDtoQmy8YJPamTQr5
-O8t1wswvziRpyQoijlmn94IM19drNZxDAGrElWe6nEXLuA4399xOAU++CrYD
-062KRffaJ00psUjf5BHklka9bAI+1lHIlRcBFanyqqryvy9lG2/QuRqT9Y41
-xICHPpQvZuTpqP9BnHAqTyo5GJUefvthATxRCC4oGKQWDzH9OmwjkyB24f0H
-hdFbP9IcczLd+rn4jM8Ch3qaluTtT4mNU0OrDhPAARW0eTjb/G49nlG2uBOL
-Z8/5fNkiHfZdxRwBL5joeiQYvITX+txyW/fBOmg=
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/052e396b.0 b/cert-validity/mozilla/hashed/052e396b.0
deleted file mode 100644
index e56c20f17f01..000000000000
--- a/cert-validity/mozilla/hashed/052e396b.0
+++ /dev/null
@@ -1,26 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEHjCCAwagAwIBAgIBATANBgkqhkiG9w0BAQUFADBnMQswCQYDVQQGEwJT
-RTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRU
-UCBOZXR3b3JrMSMwIQYDVQQDExpBZGRUcnVzdCBRdWFsaWZpZWQgQ0EgUm9v
-dDAeFw0wMDA1MzAxMDQ0NTBaFw0yMDA1MzAxMDQ0NTBaMGcxCzAJBgNVBAYT
-AlNFMRQwEgYDVQQKEwtBZGRUcnVzdCBBQjEdMBsGA1UECxMUQWRkVHJ1c3Qg
-VFRQIE5ldHdvcmsxIzAhBgNVBAMTGkFkZFRydXN0IFF1YWxpZmllZCBDQSBS
-b290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5B6a/twJWoek
-n0e+EV+vhDTbYjx5eLfpMLXsDBwqxBb/4Oxx64r1EW7tTw2R0hIYLUkVAcKk
-IhPHEWT/IhKauY5cLwjPcWqzZwFZ8V1G87B4pfYOQnrjfxvM0PC3KP0q6p6z
-sLkEqv32x7SxuCqg+1jxGaBvcCV+PmlKfw8i2O+tCBGaKZnhqkRFmhJePp1t
-UvznoD1oL/BLcHwTOK28FSXx1s6rosAx1i+f4P8UWfyEk9mHfExUE+uf0S0R
-+Bg6Ot4l2ffTQO2kBhLEO+GRwVY18BTcZTYJbqukB8c10cIDMzZbdSZtQvES
-a0NvS3GU+jQd7RNuyoB/mC9suWXY6QIDAQABo4HUMIHRMB0GA1UdDgQWBBQ5
-lYtii1zJ1IC6WA+XPxUIQ8yYpzALBgNVHQ8EBAMCAQYwDwYDVR0TAQH/BAUw
-AwEB/zCBkQYDVR0jBIGJMIGGgBQ5lYtii1zJ1IC6WA+XPxUIQ8yYp6FrpGkw
-ZzELMAkGA1UEBhMCU0UxFDASBgNVBAoTC0FkZFRydXN0IEFCMR0wGwYDVQQL
-ExRBZGRUcnVzdCBUVFAgTmV0d29yazEjMCEGA1UEAxMaQWRkVHJ1c3QgUXVh
-bGlmaWVkIENBIFJvb3SCAQEwDQYJKoZIhvcNAQEFBQADggEBABmrder4i2Vh
-lRO6aQTvhsoToMeqT2QbPxj2qC0sVY8FtzDqQmodwCVRLae/DLPt7wh/bDxG
-GuoYQ992zPlmhpwsaPXpF/gxsxjE1kh9I0xowX67ARRvxdlu3rsEQmr49lx9
-5dr6h+sNNVJn0J6XdgWTP5XHAeZpVTh/EGGZyeNfpso+gmNIquIISD6q8rKF
-Yqa0p9m9N5xotS1WfbC3P6CxB9bpT9zeRXEwMn8bLgn5v1Kh7sKAPgZcLlVA
-wRv1cEWw3F369nJad9Jjzc9YiQBCYz95OdBEsIJuQRno3eDBiFrRHnGTHyQw
-dOUeqN48Jzd/g66ed8/wMLH/S5noxqE=
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/08aef7bb.0 b/cert-validity/mozilla/hashed/08aef7bb.0
deleted file mode 100644
index c41b59cca4ef..000000000000
--- a/cert-validity/mozilla/hashed/08aef7bb.0
+++ /dev/null
@@ -1,30 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEvTCCA6WgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBhTELMAkGA1UEBhMC
-VVMxIDAeBgNVBAoMF1dlbGxzIEZhcmdvIFdlbGxzU2VjdXJlMRwwGgYDVQQL
-DBNXZWxscyBGYXJnbyBCYW5rIE5BMTYwNAYDVQQDDC1XZWxsc1NlY3VyZSBQ
-dWJsaWMgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDcxMjEzMTcw
-NzU0WhcNMjIxMjE0MDAwNzU0WjCBhTELMAkGA1UEBhMCVVMxIDAeBgNVBAoM
-F1dlbGxzIEZhcmdvIFdlbGxzU2VjdXJlMRwwGgYDVQQLDBNXZWxscyBGYXJn
-byBCYW5rIE5BMTYwNAYDVQQDDC1XZWxsc1NlY3VyZSBQdWJsaWMgUm9vdCBD
-ZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
-ggEKAoIBAQDub7S9eeKPCCGeOARBJe+rWxxTkqxtnt3CxC5FlAM1iGd0V+Pf
-jLindo8796jE2yljDpFoNoqXjopxaAkH5OjUDk/41itMpBb570OYj7OeUt9t
-kTmPOL13i0Nj67eT/DBMHAGTthP796EfvyXhdDcsHqRePGj4S78NuR4uNuip
-5Kf4D8uCdXw1LSLWwr8L87T8bJVhHlfXBIEyg1J55oNjz7fLY4sR4r1e6/aN
-7ZVyKLSsEmLpSjPmgzKuBXWVvYSV2ypcm44uDLiBK0HmOFafSZtsdvqKXfcB
-eYF8wYNABf5x/Qw/zE5gCQ5lRxAvAcAFP4/4s0HvWkJ+We/SlwxlAgMBAAGj
-ggE0MIIBMDAPBgNVHRMBAf8EBTADAQH/MDkGA1UdHwQyMDAwLqAsoCqGKGh0
-dHA6Ly9jcmwucGtpLndlbGxzZmFyZ28uY29tL3dzcHJjYS5jcmwwDgYDVR0P
-AQH/BAQDAgHGMB0GA1UdDgQWBBQmlRkQ2eihl5H/3BnZtQQ+0nMKajCBsgYD
-VR0jBIGqMIGngBQmlRkQ2eihl5H/3BnZtQQ+0nMKaqGBi6SBiDCBhTELMAkG
-A1UEBhMCVVMxIDAeBgNVBAoMF1dlbGxzIEZhcmdvIFdlbGxzU2VjdXJlMRww
-GgYDVQQLDBNXZWxscyBGYXJnbyBCYW5rIE5BMTYwNAYDVQQDDC1XZWxsc1Nl
-Y3VyZSBQdWJsaWMgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHmCAQEwDQYJ
-KoZIhvcNAQEFBQADggEBALkVsUSRzCPIK0134/iaeycNzXK7mQDKfGYZUMbV
-mO2rvwNa5U3lHshPcZeG1eMd/ZDJPHV3V3p9+N701NX3leZ0bh08rnyd2wID
-BSxxSyU+B+NemvVmFymIGjifz6pBA4SXa5M4esowRBskRDPQ5NHcKDj0E0M1
-NSljqHyita04pO2t/caaH/+Xc/77szWnk4bGdpEA5qxRFsQnMlzbc9qlk1eO
-Pm01JghZ1edE13YgY+esE2fDbbFwRnzVlhE9iW9dqKHrjQrawx0zbKPqZxma
-mX9LPYNRKh3KL4YMon4QLSvUFpULB6ouFJJJtylv2G0xffX8oRAHh84vWdw+
-WNs=
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/0c364b2d.0 b/cert-validity/mozilla/hashed/0c364b2d.0
deleted file mode 100644
index 6d6f364669bd..000000000000
--- a/cert-validity/mozilla/hashed/0c364b2d.0
+++ /dev/null
@@ -1,31 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIE7TCCBFagAwIBAgIEOAOR7jANBgkqhkiG9w0BAQQFADCByTELMAkGA1UE
-BhMCVVMxFDASBgNVBAoTC0VudHJ1c3QubmV0MUgwRgYDVQQLFD93d3cuZW50
-cnVzdC5uZXQvQ2xpZW50X0NBX0luZm8vQ1BTIGluY29ycC4gYnkgcmVmLiBs
-aW1pdHMgbGlhYi4xJTAjBgNVBAsTHChjKSAxOTk5IEVudHJ1c3QubmV0IExp
-bWl0ZWQxMzAxBgNVBAMTKkVudHJ1c3QubmV0IENsaWVudCBDZXJ0aWZpY2F0
-aW9uIEF1dGhvcml0eTAeFw05OTEwMTIxOTI0MzBaFw0xOTEwMTIxOTU0MzBa
-MIHJMQswCQYDVQQGEwJVUzEUMBIGA1UEChMLRW50cnVzdC5uZXQxSDBGBgNV
-BAsUP3d3dy5lbnRydXN0Lm5ldC9DbGllbnRfQ0FfSW5mby9DUFMgaW5jb3Jw
-LiBieSByZWYuIGxpbWl0cyBsaWFiLjElMCMGA1UECxMcKGMpIDE5OTkgRW50
-cnVzdC5uZXQgTGltaXRlZDEzMDEGA1UEAxMqRW50cnVzdC5uZXQgQ2xpZW50
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGdMA0GCSqGSIb3DQEBAQUAA4GL
-ADCBhwKBgQDIOpleMRffrCdvkHvkGf9FozTC28GoT/Bo6oT9n3V5z8GKUZSv
-x1cDR2SerYIbWtp/N3hHuzeYEpbOxhN979IMMFGpOZ5V+Pux5zDeg7K6PvHV
-iTs7hbqqdCz+PzFur5GVbgbUB01LLFZHGARS2g4Qk79jkJvh34zmAqTmT173
-iwIBA6OCAeAwggHcMBEGCWCGSAGG+EIBAQQEAwIABzCCASIGA1UdHwSCARkw
-ggEVMIHkoIHhoIHepIHbMIHYMQswCQYDVQQGEwJVUzEUMBIGA1UEChMLRW50
-cnVzdC5uZXQxSDBGBgNVBAsUP3d3dy5lbnRydXN0Lm5ldC9DbGllbnRfQ0Ff
-SW5mby9DUFMgaW5jb3JwLiBieSByZWYuIGxpbWl0cyBsaWFiLjElMCMGA1UE
-CxMcKGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDEzMDEGA1UEAxMqRW50
-cnVzdC5uZXQgQ2xpZW50IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MQ0wCwYD
-VQQDEwRDUkwxMCygKqAohiZodHRwOi8vd3d3LmVudHJ1c3QubmV0L0NSTC9D
-bGllbnQxLmNybDArBgNVHRAEJDAigA8xOTk5MTAxMjE5MjQzMFqBDzIwMTkx
-MDEyMTkyNDMwWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUxPucKXuXzUyW
-/O5bs8qZdIuV6kwwHQYDVR0OBBYEFMT7nCl7l81MlvzuW7PKmXSLlepMMAwG
-A1UdEwQFMAMBAf8wGQYJKoZIhvZ9B0EABAwwChsEVjQuMAMCBJAwDQYJKoZI
-hvcNAQEEBQADgYEAP66K8ddmAwWePvrqHEa7pFuPeJoSSJn59DXeDDYHAmsQ
-OokUgZwxpnyyQbJq5wcBoUv5nyU7lsqZwz6hURzzwy5E97BnRqqS5TvaHBkU
-ODDV4qIxJS7x7EU47fgGWANzYrAQMY9Av2TgXD7FTx/aEkP/TOYGJqibGapE
-PHayXOw=
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/0d188d89.0 b/cert-validity/mozilla/hashed/0d188d89.0
deleted file mode 100644
index 3a8a333e3b37..000000000000
--- a/cert-validity/mozilla/hashed/0d188d89.0
+++ /dev/null
@@ -1,24 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDtjCCAp6gAwIBAgIQRJmNPMADJ72cdpW56tustTANBgkqhkiG9w0BAQUF
-ADB1MQswCQYDVQQGEwJUUjEoMCYGA1UEChMfRWxla3Ryb25payBCaWxnaSBH
-dXZlbmxpZ2kgQS5TLjE8MDoGA1UEAxMzZS1HdXZlbiBLb2sgRWxla3Ryb25p
-ayBTZXJ0aWZpa2EgSGl6bWV0IFNhZ2xheWljaXNpMB4XDTA3MDEwNDExMzI0
-OFoXDTE3MDEwNDExMzI0OFowdTELMAkGA1UEBhMCVFIxKDAmBgNVBAoTH0Vs
-ZWt0cm9uaWsgQmlsZ2kgR3V2ZW5saWdpIEEuUy4xPDA6BgNVBAMTM2UtR3V2
-ZW4gS29rIEVsZWt0cm9uaWsgU2VydGlmaWthIEhpem1ldCBTYWdsYXlpY2lz
-aTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMMSIJ6wXgBljU5G
-u4Bc6SwGl9XzcslwuedLZYDBS75+PNdUMZTe1RK6UxYC6lhj71vY8+0qGqpx
-SKPcEC1fX+tcS5yWCEIlKBHMilpiAVDV6wlTL/jDj/6z/P2douNffb7tC+Bg
-62nsM+3YjfsSSYMAyYuXjDtzKjKzEve5TfL0TW3H5tYmNwjy2f1rXKPlSFxY
-vEK+A1qBuhw1DADT9SN+cTAIJjjcJRFHLfO6IxClv7wC90Nex/6wN1CZew+T
-zuZDLMN+DfIcQ2Zgy2ExR4ejT669VmxMvLz4Bcpk9Ok0oSy1c+HCPujIyTQl
-CFzz7abHlJ+tiEMl1+E5YP6sOVkCAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEG
-MA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFJ/uRLOU1fqRTy7ZVZoEVtst
-xNulMA0GCSqGSIb3DQEBBQUAA4IBAQB/X7lTW2M9dTLn+sR0GstG30ZpHFLP
-qk/CaOv/gKlR6D1id4k9CnU58W5dF4dvaAXBlGzZXd/aslnLpRCKysw5zZ/r
-Tt5S/wzw9JKp8mxTq5vSR6AfdPebmvEvFZ96ZDAYBzwqD2fK/A+JYZ1lpTzl
-vBNbCNvj/+27BrtqBrF6T2XGgv0enIu1De5Iu7i9qgi0+6N8y5/NkHZchpZ4
-Vwpm+Vganf2XKWDeEaaQHBkc7gGWIjQ0LpH5t8Qn0Xvmv/uARFoW5evg1Ao4
-vOSR49XrXMGs3xtqfJ7lddK2l4fbzIcrQzqECK+rPNv3PGYxhrCdU3nt+CPe
-QuMtgvEP5fqX
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/0dbd0096.0 b/cert-validity/mozilla/hashed/0dbd0096.0
deleted file mode 100644
index 109b1825d071..000000000000
--- a/cert-validity/mozilla/hashed/0dbd0096.0
+++ /dev/null
@@ -1,25 +0,0 @@
------BEGIN CERTIFICATE-----
-MIID5jCCAs6gAwIBAgIBATANBgkqhkiG9w0BAQUFADCBgzELMAkGA1UEBhMC
-VVMxHTAbBgNVBAoTFEFPTCBUaW1lIFdhcm5lciBJbmMuMRwwGgYDVQQLExNB
-bWVyaWNhIE9ubGluZSBJbmMuMTcwNQYDVQQDEy5BT0wgVGltZSBXYXJuZXIg
-Um9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAxMB4XDTAyMDUyOTA2MDAw
-MFoXDTM3MTEyMDE1MDMwMFowgYMxCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRB
-T0wgVGltZSBXYXJuZXIgSW5jLjEcMBoGA1UECxMTQW1lcmljYSBPbmxpbmUg
-SW5jLjE3MDUGA1UEAxMuQU9MIFRpbWUgV2FybmVyIFJvb3QgQ2VydGlmaWNh
-dGlvbiBBdXRob3JpdHkgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
-ggEBAJnej8Mlo2k06AX3dLm/WpcZuS+U0pPlLYnKhHw/EEMbjIt8hFj4JHxI
-zyr9wBXZGH6EGhfT257XyuTZ16pYUYfw8ItITuLCxFlpMGK2MKKMCxGZYTVt
-fu/FsRkGIBKOQuHfD5YQUqjPnF+VFNivO3ULMSAfRC+iYkGzuxgh28pxPIzs
-trkNn+9R7017EvILDOGsQI93f7DKeHEMXRZxcKLXwjqFzQ6axOAAsNUl6twr
-5JQtOJyJQVdkKGUZHLZEtMgxa44Be3ZZJX8VHIQIfHNlIAqhBC4aMqiaILGc
-LCFZ5/vP7nAtCMpjPiybkxlqpMKX/7eGV4iFbJ4VFitNLLMCAwEAAaNjMGEw
-DwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUoTYwFsuGkABFgFOxj8jYPXy+
-XxIwHwYDVR0jBBgwFoAUoTYwFsuGkABFgFOxj8jYPXy+XxIwDgYDVR0PAQH/
-BAQDAgGGMA0GCSqGSIb3DQEBBQUAA4IBAQCKIBilvrMvtKaEAEAwKfq0FHNM
-eUWn9nDg6H5kHgqVfGphwu9OH77/yZkfB2FK4V1Mza3u0FIy2VkyvNp5ctZ7
-CegCgTXTCt8RHcl5oIBN/lrXVtbtDyqvpxh1MwzqwWEFT2qaifKNuZ8u77Bf
-WgDrvq2g+EQFZ7zLBO+eZMXpyD8Fv8YvBxzDNnGGyjhmSs3WuEvGbKeXO/oT
-LW4jYYehY0KswsuXn2Fozy1MBJ3XJU8KDk2QixhWqJNIV9xvrr2eZ1d3iVCz
-vhGbRWeDhhmH05i9CBoWH1iCC+GWaQVLjuyDUTEH1dSf/1l7qG6Fz9NLqUmw
-X7A5KGgOc90lmt4S
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/111e6273.0 b/cert-validity/mozilla/hashed/111e6273.0
deleted file mode 100644
index 0b61610d74d7..000000000000
--- a/cert-validity/mozilla/hashed/111e6273.0
+++ /dev/null
@@ -1,24 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDujCCAqKgAwIBAgILBAAAAAABD4Ym5g0wDQYJKoZIhvcNAQEFBQAwTDEg
-MB4GA1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkds
-b2JhbFNpZ24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDYxMjE1MDgwMDAw
-WhcNMjExMjE1MDgwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3Qg
-Q0EgLSBSMjETMBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFs
-U2lnbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKbPJA6+Lm8o
-mUVCxKs+IVSbC9N/hHD6ErPLv4dfxn+G07IwXNb9rfF73OX4YJYJkhD10FPe
-+3t+c4isUoh7SqbKSaZeqKeMWhG8eoLrvozps6yWJQeXSpkqBy+0Hne/ig+1
-AnwblrjFuTosvNYSuetZfeLQBoZfXklqtTleiDTsvHgMCJiEbKjNS7SgfQx5
-TfC4LcshytVsW33hoCmEofnTlEnLJGKRILzdC9XZzPnqJworc5HGnRusyMvo
-4KD0L5CLTfuwNhv2GXqF4G3yYROIXJ/gkwpRl4pazq+r1feqCapgvdzZX99y
-qWATXgAByUr6P6TqBwMhAo6CygPCm48CAwEAAaOBnDCBmTAOBgNVHQ8BAf8E
-BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUm+IHV2ccHsBqBt5Z
-tJot39wZhi4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5nbG9iYWxz
-aWduLm5ldC9yb290LXIyLmNybDAfBgNVHSMEGDAWgBSb4gdXZxwewGoG3lm0
-mi3f3BmGLjANBgkqhkiG9w0BAQUFAAOCAQEAmYFThxxol4aR7OBKuEQLq4Gs
-J0/WwbgcQ3izDJr86iw8bmEbTUsp9Z8FHSbBuOmDAGJFtqkIk7mpM0sYmsL4
-h4hO291xNBrBVNpGP+DTKqttVCL1OmLNIG+6KYnX3ZHu01yiPqFbQfXf5WRD
-LenVOavSot+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG7
-9G+dwfCMNYxdAfvDbbnvRG15RjF+Cv6pgsH/76tuIMRQyV+dTZsXjAzlAcmg
-QWpzU/qlULRuJQ/7TBj0/VLZjmmx6BEP3ojY+x1J96relc8geMJgEtslQIxq
-/H5COEBkEveegeGTLg==
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/1155c94b.0 b/cert-validity/mozilla/hashed/1155c94b.0
deleted file mode 100644
index 0d4961461935..000000000000
--- a/cert-validity/mozilla/hashed/1155c94b.0
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEVzCCAz+gAwIBAgIBATANBgkqhkiG9w0BAQUFADCBnTELMAkGA1UEBhMC
-RVMxIjAgBgNVBAcTGUMvIE11bnRhbmVyIDI0NCBCYXJjZWxvbmExQjBABgNV
-BAMTOUF1dG9yaWRhZCBkZSBDZXJ0aWZpY2FjaW9uIEZpcm1hcHJvZmVzaW9u
-YWwgQ0lGIEE2MjYzNDA2ODEmMCQGCSqGSIb3DQEJARYXY2FAZmlybWFwcm9m
-ZXNpb25hbC5jb20wHhcNMDExMDI0MjIwMDAwWhcNMTMxMDI0MjIwMDAwWjCB
-nTELMAkGA1UEBhMCRVMxIjAgBgNVBAcTGUMvIE11bnRhbmVyIDI0NCBCYXJj
-ZWxvbmExQjBABgNVBAMTOUF1dG9yaWRhZCBkZSBDZXJ0aWZpY2FjaW9uIEZp
-cm1hcHJvZmVzaW9uYWwgQ0lGIEE2MjYzNDA2ODEmMCQGCSqGSIb3DQEJARYX
-Y2FAZmlybWFwcm9mZXNpb25hbC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IB
-DwAwggEKAoIBAQDnIwNvbyOlXnjOlSztlB5uCp4Bx+ow0Syd3Tfom5h5VtP8
-c9/Qit5Vj1H5WuretXDE7aTt/6MNbg9kUDGvASdYrv5sp0ovFy3Tc9UTHI9Z
-pTQsHVQERc1ouKDAA6XPhUJHlShbz++AbOCQl4oBPB3zhxAwJkh91/zpnZFx
-/0GaqUC1N5wpIE8fUuOgfRNtVLcK3ulqTgesrBlf3H5idPayBQC6haD9HThu
-y1q7hryUZzM1gywfI834yJFxzJeL764P3CkDG8A563DtwW4O2GcLiam8NeTv
-tjS0pbbELaW+0MOUJEjb35bTALVmGotmBQ/dPz/LP6pemkr4tErvlTcbAgMB
-AAGjgZ8wgZwwKgYDVR0RBCMwIYYfaHR0cDovL3d3dy5maXJtYXByb2Zlc2lv
-bmFsLmNvbTASBgNVHRMBAf8ECDAGAQH/AgEBMCsGA1UdEAQkMCKADzIwMDEx
-MDI0MjIwMDAwWoEPMjAxMzEwMjQyMjAwMDBaMA4GA1UdDwEB/wQEAwIBBjAd
-BgNVHQ4EFgQUMwugZtHq2s7eYpMEKFK1FH84aLcwDQYJKoZIhvcNAQEFBQAD
-ggEBAEdz/o0nVPD11HecJ3lXV7cVVuzH2Fi3AQL0M+2TUIiefEaxvT8Ub/Gz
-R0iLjJcG1+p+o1wqu00vR+L4OQbJnC4xGgN49Lw4xiKLMzHwFgQEffl25EvX
-wOaD7FnMP97/T2u3Z36mhoEyIwOdyPdfwUpgpZKpsaSgYMN4h7Mi8yrrW6nt
-Bas3D7Hi05V2Y1Z0jFhyGzflZKG+TQyTmAyX9odtsz/ny4Cm7YjHX1BiAuiZ
-dBbQ5rQ58SfLyEDW44YQqSMSkuBpQWOnryULwMWSyx6Yo1q6xTMPoJcB3X/g
-e9YGVM+h4k0460tQtcsm9MracEpqoeJ5quGnM/b9Sh/22WA=
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/119afc2e.0 b/cert-validity/mozilla/hashed/119afc2e.0
deleted file mode 100644
index fbd5d16b11cc..000000000000
--- a/cert-validity/mozilla/hashed/119afc2e.0
+++ /dev/null
@@ -1,30 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIE5jCCA86gAwIBAgIEO45L/DANBgkqhkiG9w0BAQUFADBdMRgwFgYJKoZI
-hvcNAQkBFglwa2lAc2suZWUxCzAJBgNVBAYTAkVFMSIwIAYDVQQKExlBUyBT
-ZXJ0aWZpdHNlZXJpbWlza2Vza3VzMRAwDgYDVQQDEwdKdXVyLVNLMB4XDTAx
-MDgzMDE0MjMwMVoXDTE2MDgyNjE0MjMwMVowXTEYMBYGCSqGSIb3DQEJARYJ
-cGtpQHNrLmVlMQswCQYDVQQGEwJFRTEiMCAGA1UEChMZQVMgU2VydGlmaXRz
-ZWVyaW1pc2tlc2t1czEQMA4GA1UEAxMHSnV1ci1TSzCCASIwDQYJKoZIhvcN
-AQEBBQADggEPADCCAQoCggEBAIFxNj4zB9bjMI0TfncyRsvPGbJgMUaXhvSY
-RqTCZUXP00B841oiqBB4M8yIsdOBSvZiF3tfTQou0M+LI+5PAk676w7KvRhj
-6IAcjeEcjT3g/1tf6mTll+g/mX8MCgkzABpTpyHhOEvWgxutr2TC+Rx6jGZI
-TWYfGAriPrsfB2WThbkasLnE+w0R9vXW+RvHLCu3GFH+4Hv2qEivbDtPL+/4
-0UceJlfwUR0zlv/vWT3aTdEVNMfqPxZIe5EcgEMPPbgFPtGzlc3Yyg/CQ2fb
-t5PgIoIuvvVoKIO5wTtpeyDaTpxt4brNj3pssAki14sL2xzVWiZbDcDq5WDQ
-n/413z8CAwEAAaOCAawwggGoMA8GA1UdEwEB/wQFMAMBAf8wggEWBgNVHSAE
-ggENMIIBCTCCAQUGCisGAQQBzh8BAQEwgfYwgdAGCCsGAQUFBwICMIHDHoHA
-AFMAZQBlACAAcwBlAHIAdABpAGYAaQBrAGEAYQB0ACAAbwBuACAAdgDkAGwA
-agBhAHMAdABhAHQAdQBkACAAQQBTAC0AaQBzACAAUwBlAHIAdABpAGYAaQB0
-AHMAZQBlAHIAaQBtAGkAcwBrAGUAcwBrAHUAcwAgAGEAbABhAG0ALQBTAEsA
-IABzAGUAcgB0AGkAZgBpAGsAYQBhAHQAaQBkAGUAIABrAGkAbgBuAGkAdABh
-AG0AaQBzAGUAawBzMCEGCCsGAQUFBwIBFhVodHRwOi8vd3d3LnNrLmVlL2Nw
-cy8wKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3d3dy5zay5lZS9qdXVyL2Ny
-bC8wHQYDVR0OBBYEFASqekej5ImvGs8KQKcYP2/v6X2+MB8GA1UdIwQYMBaA
-FASqekej5ImvGs8KQKcYP2/v6X2+MA4GA1UdDwEB/wQEAwIB5jANBgkqhkiG
-9w0BAQUFAAOCAQEAe8EYlFOiCfP+JmeaUOTDBS8rNXiRTHyoERF5TElZrMj3
-hWVcRrs7EKACr81Ptcw2Kuxd/u+gkcm2k298gFTsxwhwDY77guwqYHhpNjbR
-xZyLabVAyJRld/JXIWY7zoVAtjNjGr95HvxcHdMdkxuLDF2FvZkwMhgJkVLp
-fKG6/2SSmuz+Ne6ML678IIbsSt4beDI3poHSna9aEhbKmVv8b20OxaAehsmR
-0FyYgl9jDIpaq9iVpszLita/ZEuOyoqysOkhMp6qqIWYNIE5ITuoOlIyPfZr
-N4YGWhWY3PARZv40ILcD9EEQfTmEeZZyY7aWAuVrua0ZTbvGRNs2yyqcjg==
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/11a09b38.0 b/cert-validity/mozilla/hashed/11a09b38.0
deleted file mode 100644
index 917b44cfe2f9..000000000000
--- a/cert-validity/mozilla/hashed/11a09b38.0
+++ /dev/null
@@ -1,32 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFGTCCBAGgAwIBAgIEPki9xDANBgkqhkiG9w0BAQUFADAxMQswCQYDVQQG
-EwJESzEMMAoGA1UEChMDVERDMRQwEgYDVQQDEwtUREMgT0NFUyBDQTAeFw0w
-MzAyMTEwODM5MzBaFw0zNzAyMTEwOTA5MzBaMDExCzAJBgNVBAYTAkRLMQww
-CgYDVQQKEwNUREMxFDASBgNVBAMTC1REQyBPQ0VTIENBMIIBIjANBgkqhkiG
-9w0BAQEFAAOCAQ8AMIIBCgKCAQEArGL2YSCyz8DGhdfjeebM7fI5kqSXLmSj
-hFuHnEz9pPPEXyG9VhDr2y5h7JNp46PMvZnDBfwGuMo2HP6QjklMxFaaL1a8
-z3sM8W9Hpg1DTeLpHTk0zY0s2RKY+ePhwUp8hjjEqcRhiNJerxomTdXkoCJH
-hNlktxmW/OwZ5LKXJk5KTMuPJItUGBxIYXvViGjaXbXqzRowwYCDdlCqT9HU
-3Tjw7xb04QxQBr/q+3pJoSgrHPb8FTKjdGqPqcNiKXEx5TukYBdedObaE+3p
-Hx8b0bJoc8YQNHVGEBDjkAB2QMuLt0MJIf+rTpPGWOmlgtt3xDqZsXKVSQTw
-tyv6e1mO3QIDAQABo4ICNzCCAjMwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8B
-Af8EBAMCAQYwgewGA1UdIASB5DCB4TCB3gYIKoFQgSkBAQEwgdEwLwYIKwYB
-BQUHAgEWI2h0dHA6Ly93d3cuY2VydGlmaWthdC5kay9yZXBvc2l0b3J5MIGd
-BggrBgEFBQcCAjCBkDAKFgNUREMwAwIBARqBgUNlcnRpZmlrYXRlciBmcmEg
-ZGVubmUgQ0EgdWRzdGVkZXMgdW5kZXIgT0lEIDEuMi4yMDguMTY5LjEuMS4x
-LiBDZXJ0aWZpY2F0ZXMgZnJvbSB0aGlzIENBIGFyZSBpc3N1ZWQgdW5kZXIg
-T0lEIDEuMi4yMDguMTY5LjEuMS4xLjARBglghkgBhvhCAQEEBAMCAAcwgYEG
-A1UdHwR6MHgwSKBGoESkQjBAMQswCQYDVQQGEwJESzEMMAoGA1UEChMDVERD
-MRQwEgYDVQQDEwtUREMgT0NFUyBDQTENMAsGA1UEAxMEQ1JMMTAsoCqgKIYm
-aHR0cDovL2NybC5vY2VzLmNlcnRpZmlrYXQuZGsvb2Nlcy5jcmwwKwYDVR0Q
-BCQwIoAPMjAwMzAyMTEwODM5MzBagQ8yMDM3MDIxMTA5MDkzMFowHwYDVR0j
-BBgwFoAUYLWF7FZkfhIZJ2cdUBVLc647+RIwHQYDVR0OBBYEFGC1hexWZH4S
-GSdnHVAVS3OuO/kSMB0GCSqGSIb2fQdBAAQQMA4bCFY2LjA6NC4wAwIEkDAN
-BgkqhkiG9w0BAQUFAAOCAQEACromJkbTc6gJ82sLMJn9iuFXehHTuJTXCRBu
-o7E4A9G28kNBKWKnctj7fAXmMXAnVBhOinxO5dHKjHiIzxvTkIvmI/gLDjND
-fZziChmPyQE+dF10yYscA+UYyAFMP8uXBV2YcaaYb7Z8vTd/vuGTJW1v8Aqt
-FxjhA7wHKcitJuj4YfD9IQl+mo6paH1IYnK9AOoBmbgGglGBTvH1tJFUuSN6
-AJqfXY3gPGS5GhKSKseCRHI53OI8xthV9RVOyAUO28bQYqbsFbS1AoLbrIyi
-gfCbmTH1ICCoiGEKB5+U/NDXG8wuF/MEJ3Zn61SD/aSQfgY9BKNDLdr8C2Lq
-L19iUw==
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/11f154d6.0 b/cert-validity/mozilla/hashed/11f154d6.0
deleted file mode 100644
index e8b4d3dd3479..000000000000
--- a/cert-validity/mozilla/hashed/11f154d6.0
+++ /dev/null
@@ -1,26 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEGjCCAwICEQCLW3VWhFSFCwDPrzhIzrGkMA0GCSqGSIb3DQEBBQUAMIHK
-MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNV
-BAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5
-IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBD
-BgNVBAMTPFZlcmlTaWduIENsYXNzIDEgUHVibGljIFByaW1hcnkgQ2VydGlm
-aWNhdGlvbiBBdXRob3JpdHkgLSBHMzAeFw05OTEwMDEwMDAwMDBaFw0zNjA3
-MTYyMzU5NTlaMIHKMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24s
-IEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNV
-BAsTMShjKSAxOTk5IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQg
-dXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWduIENsYXNzIDEgUHVibGljIFBy
-aW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMzCCASIwDQYJKoZI
-hvcNAQEBBQADggEPADCCAQoCggEBAN2E1Lm0+afY8wR4nN493GwTFtl63SRR
-ZsDHJlkNrAYIwpTRMx/wgzUfbhvI3qpuFU5UJ+/EbRrsC+MO8ESlV8dAWB6j
-Rx9x7GD2bZTIGDnt/kIYVt/kTEkQeE4BdjVjEjbdZrwBBDajVWjVojYJrKsh
-JlQGrT/KFOCsyq0GHZXi+J3x4GD/wn91K0zM2v6HmSHquv4+VNfSWXjbPG7P
-oBMAGrgnoeS+Z5bKoMWznN3JdZ7rMJpfo83ZrngZPyPpXNspva1VyBtUjGP2
-6KbqxzcSXKMpHgLZ2x87tNcPVkeBFQRKr4Mn0cVYiMHd9qqnoxjaaKptEVHh
-v2Vrn5Z20T0CAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAq2aN17O6x5q25lXQ
-BfGfMY1aqtmqRiYPce2lrVNWYgFHKkTp/j90CxObufRNG7LRX7K20ohcs5/N
-y9Sn2WCVhDr4wTcdYcrnsMXlkdpUpqwxga6X3s0IrLjAl4B/bnKk52kTlWUf
-xJM8/XmPBNQ+T+r3ns7NZ3xPZQL/kYVUc8f/NveGLezQXk//EZ9yBta4GvFM
-DSZl4kSAHsef493oCtrspSCAaWihT37ha88HQfqDjrw43bAuEbFrskLMmrz5
-SCJ5ShkPshw+IHTZasO+8ih4E1Z5T21Q6huwtVexN2ZYI/PcD98Kh8TvhgXV
-OBRgmaNL3gaWcSzy27YfpO8/7g==
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/124bbd54.0 b/cert-validity/mozilla/hashed/124bbd54.0
deleted file mode 100644
index 009bca2b74e7..000000000000
--- a/cert-validity/mozilla/hashed/124bbd54.0
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEQzCCAyugAwIBAgIBATANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJH
-QjEbMBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxm
-b3JkMRowGAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDElMCMGA1UEAwwcVHJ1
-c3RlZCBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczAeFw0wNDAxMDEwMDAwMDBaFw0y
-ODEyMzEyMzU5NTlaMH8xCzAJBgNVBAYTAkdCMRswGQYDVQQIDBJHcmVhdGVy
-IE1hbmNoZXN0ZXIxEDAOBgNVBAcMB1NhbGZvcmQxGjAYBgNVBAoMEUNvbW9k
-byBDQSBMaW1pdGVkMSUwIwYDVQQDDBxUcnVzdGVkIENlcnRpZmljYXRlIFNl
-cnZpY2VzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA33FvNlhT
-WvI2VFeAxHQIIO0Yfyod5jWaHiWsnOWWfnJSoBVC21ndZHoa0Lh73TkVvFVI
-xO06AOoxEbrycXQaZ7jPM8yoMa+j49d/vzMtTGo87IvDktJTdyR0nAducPy9
-C1t2ul/y/9c3S0pgePfw+spwtOpZqqPOSC+pw7ILfhdyFgymBwwbOM/JYrc/
-oJOlh0Hyt3BAd9i+FHzjqMB6juljatEPmsbS9Is6FARW1O24zG71++IsWL1/
-T2sr92AkWCTOJu80kTrV44HQsvAEAtdbtz6SrGsSivnkBbA7kUlcsutT6vif
-R4buv5XAwAaf0lteERv0xwQ1KdJVXOTt6wIDAQABo4HJMIHGMB0GA1UdDgQW
-BBTFe1i97doladL3WRaoszLAeydb9DAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0T
-AQH/BAUwAwEB/zCBgwYDVR0fBHwwejA8oDqgOIY2aHR0cDovL2NybC5jb21v
-ZG9jYS5jb20vVHJ1c3RlZENlcnRpZmljYXRlU2VydmljZXMuY3JsMDqgOKA2
-hjRodHRwOi8vY3JsLmNvbW9kby5uZXQvVHJ1c3RlZENlcnRpZmljYXRlU2Vy
-dmljZXMuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQDIk4E7ibSvuIQSTI3S8Ntw
-uleGFTQQuS9/HrCoiWChisJ3DFBKmwCL2Iv0QeLQg4pKHBQGsKNoBXAxMKdT
-mw7pSqBYaWcOrp32pSxBvzwGa+RZzG0Q8ZZvH9/0BAKkn0U+yNj6NkZEUD+C
-l5EfKNsYEYwq5GWDVxISjBc/lDb+XbDABHcTuPQV1T84zJQ6VdCsmPW6AF/g
-hhmBeC8owH7TzEIK9a5QoNE+xqFx7D+gIIxmOom0jtTYsU0lR+4viMi14QVF
-wL4Ucd56/Y57fU0IlqUSc/AtyjcndBInTMu2l+nZrghtWjlA3QVHdWpaIbOj
-GM9O9y5Xt5hwXsjEeLBi
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/12d55845.0 b/cert-validity/mozilla/hashed/12d55845.0
deleted file mode 100644
index 68fbf9745bf6..000000000000
--- a/cert-validity/mozilla/hashed/12d55845.0
+++ /dev/null
@@ -1,21 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUF
-ADA/MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAV
-BgNVBAMTDkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkz
-MDE0MDExNVowPzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3Qg
-Q28uMRcwFQYDVQQDEw5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEB
-BQADggEPADCCAQoCggEBAN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdA
-wRgUi+DoM3ZJKuM/IUmTrE4Orz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJ
-o6m67XMuegwGMoOifooUMM0RoOEqOLl5CjH9UL2AZd+3UWODyOKIYepLYYHs
-Umu5ouJLGiifSKOeDNoJjj4XLh7dIN9bxiqKqy69cK3FCxolkHRyxXtqqzTW
-MIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw7BZy1SbsOFU5Q9D8/RhcQPGX
-69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaDaeQQmxkqtilX4+U9m5/w
-Al0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw
-HQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqGSIb3DQEBBQUA
-A4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69ikugdB/O
-EIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXrAvHR
-AosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz
-R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJW
-FBM5JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06Xyx
-V3bqxbYoOb8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/17b51fe6.0 b/cert-validity/mozilla/hashed/17b51fe6.0
deleted file mode 100644
index 60afd90bf519..000000000000
--- a/cert-validity/mozilla/hashed/17b51fe6.0
+++ /dev/null
@@ -1,23 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDkjCCAnqgAwIBAgIRAIW9S/PY2uNp9pTXX8OlRCMwDQYJKoZIhvcNAQEF
-BQAwPTELMAkGA1UEBhMCRlIxETAPBgNVBAoTCENlcnRwbHVzMRswGQYDVQQD
-ExJDbGFzcyAyIFByaW1hcnkgQ0EwHhcNOTkwNzA3MTcwNTAwWhcNMTkwNzA2
-MjM1OTU5WjA9MQswCQYDVQQGEwJGUjERMA8GA1UEChMIQ2VydHBsdXMxGzAZ
-BgNVBAMTEkNsYXNzIDIgUHJpbWFyeSBDQTCCASIwDQYJKoZIhvcNAQEBBQAD
-ggEPADCCAQoCggEBANxQltAS+DXSCHh6tlJw/W/uz7kRy1134ezpfgSN1sxv
-c0NXYKwzCkTsA18cgCSR5aiRVhKC9+Ar9NuuYS6JEI1rbLqzAr3VNsVINyPi
-8Fo3UjMXEuLRYE2+L0ER4/YXJQyLkcAbmXuZVg2v7tK8R1fjeUl7NIknJITe
-sezpWE7+Tt9avkGtrAjFGA7v0lPubNCdEgETjdyAYveVqUSISnFOYFWe2yMZ
-eVYHDD9jC1yw4r5+FfyUM1hBOHTE4Y+L3yasH7WLO7dDWWuwJKZtkIvEcupd
-M5i3y95ee++U8Rs+yskhwcWYAqqi9lt3m/V+llU0HGdpwPFC40es/CgcZlUC
-AwEAAaOBjDCBiTAPBgNVHRMECDAGAQH/AgEKMAsGA1UdDwQEAwIBBjAdBgNV
-HQ4EFgQU43Mt38sOKAze3bOkynm4jrvoMIkwEQYJYIZIAYb4QgEBBAQDAgEG
-MDcGA1UdHwQwMC4wLKAqoCiGJmh0dHA6Ly93d3cuY2VydHBsdXMuY29tL0NS
-TC9jbGFzczIuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQCnVM+IRBnL39R/AN9W
-M2K191EBkOvDP9GIROkkXe/nFL0gt5o8AP5tn9uQ3Nf0YtaLcF3n5QRIqWh8
-yfFC82x/xXp8HVGIutIKPidd3i1RTtMTZGnkLuPT55sJmabglZvOGtd/vjzO
-UrMRFcEPF80Du5wlFbqidon8BvEY0JNLDnyCt6X09l/+7UCmnYR0ObncHoUW
-2ikbhiMAybuJfm6AiB4vFLQDJKgybwOaRywwvlbGp0ICcBvqQNi6BQNwB6SW
-//1IMwrh3KWBkJtN3X3n57LNXMhqlfil9o3EXXgIvnsG1knPGTZQIy4I5p4F
-TUcY1Rbpsda2ENW7l7+ijrRU
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/19899da5.0 b/cert-validity/mozilla/hashed/19899da5.0
deleted file mode 100644
index 458ce6928386..000000000000
--- a/cert-validity/mozilla/hashed/19899da5.0
+++ /dev/null
@@ -1,29 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIElTCCA/6gAwIBAgIEOJsRPDANBgkqhkiG9w0BAQQFADCBujEUMBIGA1UE
-ChMLRW50cnVzdC5uZXQxPzA9BgNVBAsUNnd3dy5lbnRydXN0Lm5ldC9TU0xf
-Q1BTIGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTElMCMGA1UECxMc
-KGMpIDIwMDAgRW50cnVzdC5uZXQgTGltaXRlZDE6MDgGA1UEAxMxRW50cnVz
-dC5uZXQgU2VjdXJlIFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAe
-Fw0wMDAyMDQxNzIwMDBaFw0yMDAyMDQxNzUwMDBaMIG6MRQwEgYDVQQKEwtF
-bnRydXN0Lm5ldDE/MD0GA1UECxQ2d3d3LmVudHJ1c3QubmV0L1NTTF9DUFMg
-aW5jb3JwLiBieSByZWYuIChsaW1pdHMgbGlhYi4pMSUwIwYDVQQLExwoYykg
-MjAwMCBFbnRydXN0Lm5ldCBMaW1pdGVkMTowOAYDVQQDEzFFbnRydXN0Lm5l
-dCBTZWN1cmUgU2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0G
-CSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHwV9OcfHO8GCGD9JYf9Mzly0XonUw
-tZZkJi9ow0SrqHXmAGc0V55lxyKbc+bT3QgON1WqJUaBbL3+qPZ1V1eMkGxK
-wz6LS0MKyRFWmponIpnPVZ5h2QLifLZ8OAfc439PmrkDQYC2dWcTC5/oVzbI
-XQA23mYU2m52H083jIITiQIDAQABo4IBpDCCAaAwEQYJYIZIAYb4QgEBBAQD
-AgAHMIHjBgNVHR8EgdswgdgwgdWggdKggc+kgcwwgckxFDASBgNVBAoTC0Vu
-dHJ1c3QubmV0MT8wPQYDVQQLFDZ3d3cuZW50cnVzdC5uZXQvU1NMX0NQUyBp
-bmNvcnAuIGJ5IHJlZi4gKGxpbWl0cyBsaWFiLikxJTAjBgNVBAsTHChjKSAy
-MDAwIEVudHJ1c3QubmV0IExpbWl0ZWQxOjA4BgNVBAMTMUVudHJ1c3QubmV0
-IFNlY3VyZSBTZXJ2ZXIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxDTALBgNV
-BAMTBENSTDEwKwYDVR0QBCQwIoAPMjAwMDAyMDQxNzIwMDBagQ8yMDIwMDIw
-NDE3NTAwMFowCwYDVR0PBAQDAgEGMB8GA1UdIwQYMBaAFMtswGvjuz7L/CKc
-/vuLkpyw8m4iMB0GA1UdDgQWBBTLbMBr47s+y/winP77i5KcsPJuIjAMBgNV
-HRMEBTADAQH/MB0GCSqGSIb2fQdBAAQQMA4bCFY1LjA6NC4wAwIEkDANBgkq
-hkiG9w0BAQQFAAOBgQBi24GRzsiad0Iv7L0no1MPUBvqTpLwqa+poLpIYcvv
-yQbvH9X07t9WLebKahlzqlO+krNQAraFJnJj2HVQYnUUt7NQGj/KEQALhUVp
-bbalrlHhStyCP2yMNLJ3a9kC9n8O6mUE8c1UyrrJzOCE98g+EZfTYAkYvAX/
-bIkz8OwVDw==
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/1dac3003.0 b/cert-validity/mozilla/hashed/1dac3003.0
deleted file mode 100644
index 436c98b8b0b5..000000000000
--- a/cert-validity/mozilla/hashed/1dac3003.0
+++ /dev/null
@@ -1,26 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIECTCCAvGgAwIBAgIQDV6ZCtadt3js2AdWO4YV2TANBgkqhkiG9w0BAQUF
-ADBbMQswCQYDVQQGEwJVUzEgMB4GA1UEChMXRGlnaXRhbCBTaWduYXR1cmUg
-VHJ1c3QxETAPBgNVBAsTCERTVCBBQ0VTMRcwFQYDVQQDEw5EU1QgQUNFUyBD
-QSBYNjAeFw0wMzExMjAyMTE5NThaFw0xNzExMjAyMTE5NThaMFsxCzAJBgNV
-BAYTAlVTMSAwHgYDVQQKExdEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdDERMA8G
-A1UECxMIRFNUIEFDRVMxFzAVBgNVBAMTDkRTVCBBQ0VTIENBIFg2MIIBIjAN
-BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuT31LMmU3HWKlV1j6IR3dma5
-WZFcRt2SPp/5DgO0PWGSvSMmtWPuktKe1jzIDZBfZIGxqAgNTNj50wUoUrQB
-JcWVHAx+PhCEdc/BGZFjz+iokYi5Q1K7gLFViYsx+tC3dr5BPTCapCIlF3Po
-HuLTrCq9Wzgh1SpL11V94zpVvddtawJXa+ZHfAjIgrrep4c9oW24MFbCswKB
-Xy314powGCi4ZtPLAZZv6opFVdbgnf9nKxcCpk4aahELfrd755jWjHZvwTvb
-UJN+5dCOHze4vbrGn2zpfDPyMjwmR/onJALJfh1biEITajV8fTXpLmaRcpPV
-MibEdPVTo7NdmvYJywIDAQABo4HIMIHFMA8GA1UdEwEB/wQFMAMBAf8wDgYD
-VR0PAQH/BAQDAgHGMB8GA1UdEQQYMBaBFHBraS1vcHNAdHJ1c3Rkc3QuY29t
-MGIGA1UdIARbMFkwVwYKYIZIAWUDAgEBATBJMEcGCCsGAQUFBwIBFjtodHRw
-Oi8vd3d3LnRydXN0ZHN0LmNvbS9jZXJ0aWZpY2F0ZXMvcG9saWN5L0FDRVMt
-aW5kZXguaHRtbDAdBgNVHQ4EFgQUCXIGThhDD+XWzMNqizF7eI+og7gwDQYJ
-KoZIhvcNAQEFBQADggEBAKPYjtay284F5zLNAdMEA+V25FYrnJmQ6AgwbN99
-Pe7lv7UkQIRJ4dEorsTCOlMwiPH1d25Ryvr/ma8kXxug/fKshMrfqfBfBC6t
-Fr8hlxCBPeP/h40y3JTlR4peahPJlJU90u7INJXQgNStMgiAVDzgvVJT11J8
-smk/f3rPanTK+gQqnExaBqXpIK1FZg9p8d2/6eMyi/rgwYZNcjwu2JN4Cir4
-2NInPRmJX1p7ijvMDNpRrscL9yuwNwXsvFcj4jjSm2jzVhKIT0J8uDHEtdvk
-yCE06UgRNe76x5JXxZ805Mf29w4LTJxoeHtxMcfrHuBnQfO3oKfN5XozNmr6
-mis=
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/1dcd6f4c.0 b/cert-validity/mozilla/hashed/1dcd6f4c.0
deleted file mode 100644
index cfcd80b87f79..000000000000
--- a/cert-validity/mozilla/hashed/1dcd6f4c.0
+++ /dev/null
@@ -1,34 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFcjCCA1qgAwIBAgIQH51ZWtcvwgZEpYAIaeNe9jANBgkqhkiG9w0BAQUF
-ADA/MQswCQYDVQQGEwJUVzEwMC4GA1UECgwnR292ZXJubWVudCBSb290IENl
-cnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTAyMTIwNTEzMjMzM1oXDTMyMTIw
-NTEzMjMzM1owPzELMAkGA1UEBhMCVFcxMDAuBgNVBAoMJ0dvdmVybm1lbnQg
-Um9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCAiIwDQYJKoZIhvcNAQEB
-BQADggIPADCCAgoCggIBAJoluOzMonWoe/fOW1mKydGGEghU7Jzy50b2iPN8
-6aXfTEc2pBsBHH8eV4qNw8XRIePaJD9IK/ufLqGU5ywck9G/GwGHU5nOp/UK
-IXZ3/6m3xnOUT0b3EEk3+qhZSV1qgQdW8or5BtD3cCJNtLdBuTK4sfCxw5w/
-cP1T3YGq2GN49thTbqGsaoQkclSGxtKyyhwOeYHWtXBiCAEuTk8O1RGvqa/l
-mr/czIdtJuTJV6L7lvnM4T9TjGxMfptTCAtsF/tnyMKtsc2AtJfcdgEWFelq
-16TheEfOhtX7MfP6Mb40qij7cEwdScevLJ1tZqa2jWR+tSBqnTuBto9AAGdL
-iYa4zGX+FVPpBMHWXx1E1wovJ5pGfaENda1UhhXcSTvxls4Pm6Dso3pdvtUq
-dULle96ltqqvKKyskKw4t9VoNSZ63Pc78/1Fm9G7Q3hub/FCVGqY8A2tl+lS
-XunVanLeavcbYBT0peS2cWeqH+riTcFCQP5nRhc4L0c/cZyu5SHKYS1tB6iE
-fC3uUSXxY5Ce/eFXiGvviiNtsea9P63RPZYLhY3Naye7twWb7LuRqQoHEgKX
-TiCQ8P8NHuJBO9NAOueNXdpm5AKwB1KYXA6OM5zCppX7VRluTI6uSw+9wThN
-Xo+EHWbNxWCWtFJaBYmOlXqYwZE8lSOyDvR5tMl8wUohAgMBAAGjajBoMB0G
-A1UdDgQWBBTMzO/MKWCkO7GStjz6MmKPrCUVOzAMBgNVHRMEBTADAQH/MDkG
-BGcqBwAEMTAvMC0CAQAwCQYFKw4DAhoFADAHBgVnKgMAAAQUA5vwIhP/lSg2
-09yewDL7MTqKUWUwDQYJKoZIhvcNAQEFBQADggIBAECASvomyc5eMN1PhnR2
-WPWus4MzeKR6dBcZTulStbngCnRiqmjKeKBMmo4sIy7VahIkv9Ro04rQ2Jyf
-tB8M3jh+Vzj8jeJPXgyfqzvS/3WXy6TjZwj/5cAWtUgBfen5Cv8b5Wppv3gh
-qMKnI6mGq3ZW6A4M9hPdKmaKZEk9GhiHkASfQlK3T8v+R0F2Ne//AHY2RTKb
-xkaFXeIksB7jSJaYV0eUVXoPQbFEJPPB/hprv4j9wabak2BegUqZIJxIZhm1
-AHlUD7gsL0u8qV1bYH+Mh6XgUmMqvtg7hUAV/h62ZT/FS9p+tXo1KaMuephg
-IqP0fSdOLeq0dDzpD6QzDxARvBMB1uUO07+1EqLhRSPAzAhuYbeJq4PjJB7m
-XQfnHyA+z2fI56wwbSdLaG5LKlwCCDTb+HbkZ6MmnD+iMsJKxYEYMRBWqoTv
-LQr/uB930r+lWKBi5NdLkXWNiYCYfm3LU05er/ayl4WXudpVBrkk7tfGOB5j
-GxI7leFYrPLfhNVfmS8NVVvmONsuP3LpSIXLuykTjx44VbnzssQwmSNOXfJI
-oRIM3BKQCZBUkQM8R+XVyWXgt0t97EfTsws+rZ7QdAAO671RrcDeLMDDav7v
-3Aun+kbfYNucpllQdSNpc5Oy+fwC00fmcc4QAu4njIT/rEUNE1yDMuAlpYYs
-fPQS
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/1df5ec47.0 b/cert-validity/mozilla/hashed/1df5ec47.0
deleted file mode 100644
index 60cc4e3ee429..000000000000
--- a/cert-validity/mozilla/hashed/1df5ec47.0
+++ /dev/null
@@ -1,25 +0,0 @@
------BEGIN CERTIFICATE-----
-MIID4TCCAsmgAwIBAgIOYyUAAQACFI0zFQLkbPQwDQYJKoZIhvcNAQEFBQAw
-ezELMAkGA1UEBhMCREUxHDAaBgNVBAoTE1RDIFRydXN0Q2VudGVyIEdtYkgx
-JDAiBgNVBAsTG1RDIFRydXN0Q2VudGVyIFVuaXZlcnNhbCBDQTEoMCYGA1UE
-AxMfVEMgVHJ1c3RDZW50ZXIgVW5pdmVyc2FsIENBIElJSTAeFw0wOTA5MDkw
-ODE1MjdaFw0yOTEyMzEyMzU5NTlaMHsxCzAJBgNVBAYTAkRFMRwwGgYDVQQK
-ExNUQyBUcnVzdENlbnRlciBHbWJIMSQwIgYDVQQLExtUQyBUcnVzdENlbnRl
-ciBVbml2ZXJzYWwgQ0ExKDAmBgNVBAMTH1RDIFRydXN0Q2VudGVyIFVuaXZl
-cnNhbCBDQSBJSUkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDC
-2pxisLlxErALyBpXsq6DFJmzNEubkKLF5+cvAqBNLaT6hdqbJYUtQCggberg
-vbFIgyIpRJ9Og+41URNzdNW88jBmlFPAQDYvDIRlzg9uwliT6CwLOunBjvvy
-a8o84pxOjuT5fdMnnxvVZ3iHLX8LR7PH6MlIfK8vzArZQe+f/prhsq75U7Xl
-6UafYOPfjdN/+5Z+s7Vy+EutCHnNaYlAJ/Uqwa1D7KRTyGG299J5KmcYdkht
-WyUB0SbFt1dpIxVbYYqt8Bst2a9c8SaQaanVDED1M4BDj5yjdipFtK+/fz6H
-P3bFzSreIMUWWMv5G/UPyw0RUmS40nZid4PxWJ//AgMBAAGjYzBhMB8GA1Ud
-IwQYMBaAFFbn4VslQ4Dg9ozhcbyO5YAvxEjiMA8GA1UdEwEB/wQFMAMBAf8w
-DgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBRW5+FbJUOA4PaM4XG8juWAL8RI
-4jANBgkqhkiG9w0BAQUFAAOCAQEAg8ev6n9NCjw5sWi+e22JLumzCecYV42F
-mhfzdkJQEw/HkG8zrcVJYCtsSVgZ1OK+t7+rSbyUyKu+KGwWaODIl0YgoGhn
-YIg5IFHYaAERzqf2EQf27OysGh+yZm5WZ2B6dF7AbZc2rrUNXWZzwCUyRdhK
-BgePxLcHsU0GDeGl6/R1yrqc0L2z0zIkTO5+4nYES0lT2PLpVDP85XEfPRRc
-lkvxOvIAu2y0+pZVCIgJwcyRGSmwIC3/yzikQOEXvnlhgP8HA4ZMTnsGnxGG
-jYnuJ8Tb4rwZjgvDwxPHLQNjO9Po5KIqwoIIlBZU8O8fJ5AluA0OKBtHd0e9
-HKgl8ZS0Zg==
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/1e8e7201.0 b/cert-validity/mozilla/hashed/1e8e7201.0
deleted file mode 100644
index f368452bd06f..000000000000
--- a/cert-validity/mozilla/hashed/1e8e7201.0
+++ /dev/null
@@ -1,22 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDXzCCAkegAwIBAgILBAAAAAABIVhTCKIwDQYJKoZIhvcNAQELBQAwTDEg
-MB4GA1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkds
-b2JhbFNpZ24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDkwMzE4MTAwMDAw
-WhcNMjkwMzE4MTAwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3Qg
-Q0EgLSBSMzETMBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFs
-U2lnbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMwldpB5Bngi
-FvXAg7aEyiie/QV2EcWtiHL8RgJDx7KKnQRfJMsuS+FggkbhUqsMgUdwbN1k
-0ev1LKMPgj0MK66X17YUhhB5uzsTgHeMCOFJ0mpiLx9e+pZo34knlTifBtc+
-ycsmWQ1z3rDI6SYOgxXG71uL0gRgykmmKPZpO/bLyCiR5Z2KYVc3rHQU3HTg
-Ou5yLy6c+9C7v/U9AOEGM+iCK65TpjoWc4zdQQ4gOsC0p6Hpsk+QLjJg6VfL
-uQSSaGjlOCZgdbKfd/+RFO+uIEn8rUAVSNECMWEZXriX7613t2Saer9fwRPv
-m2L7DWzgVGkWqQPabumDk3F2xmmFghcCAwEAAaNCMEAwDgYDVR0PAQH/BAQD
-AgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFI/wS3+oLkUkrk1Q+mOa
-i97i3Ru8MA0GCSqGSIb3DQEBCwUAA4IBAQBLQNvAUKr+yAzv95ZURUm7lgAJ
-QayzE4aGKAczymvmdLm6AC2upArT9fHxD4q/c2dKg8dEe3jgr25sbwMpjjM5
-RcOO5LlXbKr8EpbsU8Yt5CRsuZRj+9xTaGdWPoO4zzUhw8lo/s7awlOqzJCK
-6fBdRoyV3XpYKBovHd7NADdBj+1EbddTKJd+82cEHhXXipa0095MJ6RMG3Nz
-dvQXmcIfeg7jLQitChws/zyrVQ4PkX4268NXSb7hLi18YIvDQVETI53O9zJr
-lAGomecsMx86OyXShkDOOyyGeMlhLxS67ttVb9+E7gUJTb0o2HLO02JQZR7r
-kpeDMdmztcpHWD9f
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/1eb37bdf.0 b/cert-validity/mozilla/hashed/1eb37bdf.0
deleted file mode 100644
index f9d9278f4d23..000000000000
--- a/cert-validity/mozilla/hashed/1eb37bdf.0
+++ /dev/null
@@ -1,44 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIHTzCCBTegAwIBAgIJAKPaQn6ksa7aMA0GCSqGSIb3DQEBBQUAMIGuMQsw
-CQYDVQQGEwJFVTFDMEEGA1UEBxM6TWFkcmlkIChzZWUgY3VycmVudCBhZGRy
-ZXNzIGF0IHd3dy5jYW1lcmZpcm1hLmNvbS9hZGRyZXNzKTESMBAGA1UEBRMJ
-QTgyNzQzMjg3MRswGQYDVQQKExJBQyBDYW1lcmZpcm1hIFMuQS4xKTAnBgNV
-BAMTIENoYW1iZXJzIG9mIENvbW1lcmNlIFJvb3QgLSAyMDA4MB4XDTA4MDgw
-MTEyMjk1MFoXDTM4MDczMTEyMjk1MFowga4xCzAJBgNVBAYTAkVVMUMwQQYD
-VQQHEzpNYWRyaWQgKHNlZSBjdXJyZW50IGFkZHJlc3MgYXQgd3d3LmNhbWVy
-ZmlybWEuY29tL2FkZHJlc3MpMRIwEAYDVQQFEwlBODI3NDMyODcxGzAZBgNV
-BAoTEkFDIENhbWVyZmlybWEgUy5BLjEpMCcGA1UEAxMgQ2hhbWJlcnMgb2Yg
-Q29tbWVyY2UgUm9vdCAtIDIwMDgwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw
-ggIKAoICAQCvAMtwNyuAWko6bHiUfaN/Gh/2NdW928sNRHI+JrKQUrpjOyhY
-b6WzbZSm891kDFX29ufyIiKAXuFixrYp4YFs8r/lfTJqVKAyGVn+H4vXPWCG
-hSRv4xGzdz4gljUha7MI2XAuZPeEklPWDrCQiorjh40G072QDuKZoRuGDtqa
-CrsLYVAGUvGef3bsyw/QHg3PmTA9HMRFEFis1tPo1+XqxQEHd9ZR5gN/ikil
-TWh1uem8nk4ZcfUyS5xtYBkL+8ydddy/Js2Pk3g5eXNeJQ7KXOt3EgfLZEFH
-cpOrUMPrCXZkNNI5t3YRCQ12RcSprj1qr7V9ZS+UWBDsXHyvfuK2GNnQm05a
-Sd+pZgvMPMZ4fKecHePOjlO+Bd5gD2vlGts/4+EhySnB8esHnFIbAURRPHsl
-18TlUlRdJQfKFiC4reRB7noI/plvg6aRArBsNlVq5331lubKgdaX8ZSD6e2w
-sWsSaR6s+12pxZjptFtYer49okQ6Y1nUCyXeG0+95QGezdIp1Z8XGQpvvwyQ
-0wlf2eOKNcx5Wk0ZN5K3xMGtr/R5JJqyAQuxr1yW84Ay+1w9mPGgP0revq+U
-LtlVmhduYJ1jbLhjya6BXBg14JC7vjxPNyK5fuvPnnchpj04gftI2jE9K+OJ
-9dC1vX7gUMQSibMjmhAxhduub+84Mxh2EQIDAQABo4IBbDCCAWgwEgYDVR0T
-AQH/BAgwBgEB/wIBDDAdBgNVHQ4EFgQU+SSsD7K1+HnA+mCIG8TZTQKeFxkw
-geMGA1UdIwSB2zCB2IAU+SSsD7K1+HnA+mCIG8TZTQKeFxmhgbSkgbEwga4x
-CzAJBgNVBAYTAkVVMUMwQQYDVQQHEzpNYWRyaWQgKHNlZSBjdXJyZW50IGFk
-ZHJlc3MgYXQgd3d3LmNhbWVyZmlybWEuY29tL2FkZHJlc3MpMRIwEAYDVQQF
-EwlBODI3NDMyODcxGzAZBgNVBAoTEkFDIENhbWVyZmlybWEgUy5BLjEpMCcG
-A1UEAxMgQ2hhbWJlcnMgb2YgQ29tbWVyY2UgUm9vdCAtIDIwMDiCCQCj2kJ+
-pLGu2jAOBgNVHQ8BAf8EBAMCAQYwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYI
-KwYBBQUHAgEWHGh0dHA6Ly9wb2xpY3kuY2FtZXJmaXJtYS5jb20wDQYJKoZI
-hvcNAQEFBQADggIBAJASryI1wqM58C7e6bXpeHxIvj99RZJe6dqxGfwWPJ+0
-W2aeaufDuV2I6A+tzyMP3iU6XsxPpcG1Lawk0lgH3qLPaYRgM+gQDROpI9CF
-5Y57pp49chNyM/WqfcZjHwj0/gF/JM8rLFQJ3uIrbZLGOU8W6jx+ekbURWpG
-qOt1glanq6B8aBMz9p0w8G8nOSQjKpD9kCk18pPfNKXG9/jvjA9iSnyu0/VU
-+I22mlaHFoI6M6taIgj3grrqLuBHmrS1RaMFO9ncLkVAO+rcf+g769HsJtg1
-pDDFOqxXnrN2pSB7+R5KBWIBpih1YJeSDW4+TTdDDZIVnBgizVGZoCkaPF+K
-MjNbMMeJL0eYD6MDxvbxrN8y8NmBGuScvfaAFPDRLLmF9dijscilIeUcE5fu
-Dr3fKanvNFNb0+RqE4QGtjICxFKuItLcsiFCGtpA8CnJ7AoMXOLQusxI0zcK
-zBIKinmwPQN/aUv0NCB9szTqjktk9T79syNnFQ0EuPAtwQlRPLJsFfClI9eD
-dOTlLsn+mCdCxqvGnrDQWzilm1DefhiYtUU79nm06PcaewaD+9CL2rvHvRir
-CG88gGtAPxkZumWK5r7VXNM21+9AUiRgOGcEMeyP84LG3rlV8zsxkVrctQgV
-rXYlCg17LofiDKYGvCYQbTed7N14jHyAxfDZd0jQ
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/219d9499.0 b/cert-validity/mozilla/hashed/219d9499.0
deleted file mode 100644
index 0569e5beda32..000000000000
--- a/cert-validity/mozilla/hashed/219d9499.0
+++ /dev/null
@@ -1,25 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEADCCAuigAwIBAgIBADANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJV
-UzEhMB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQL
-EyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4X
-DTA0MDYyOTE3MDYyMFoXDTM0MDYyOTE3MDYyMFowYzELMAkGA1UEBhMCVVMx
-ITAfBgNVBAoTGFRoZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMo
-R28gRGFkZHkgQ2xhc3MgMiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASAw
-DQYJKoZIhvcNAQEBBQADggENADCCAQgCggEBAN6d1+pXGEmhW+vXX0iG6r7d
-/+TvZxz0ZWizV3GgXne77ZtJ6XCAPVYYYwhv2vLM0D9/AlQiVBDYsoHUwHU9
-S3/Hd8M+eKsaA7Ugay9qK7HFiH7Eux6wwdhFJ2+qN1j3hybX2C32qRe3H3I2
-TqYXP2WYktsqbl2i/ojgC95/5Y0V4evLOtXiEqITLdiOr18SPaAIBQi2XKVl
-OARFmR6jYGB0xUGlcmIbYsUfb18aQr4CUWWoriMYavx4A6lNf4DD+qta/KFA
-pMoZFv6yyO9ecw3ud72a9nmYvLEHZ6IVDd2gWMZEewo+YihfukEHU1jPEX44
-dMX4/7VpkI+EdOqXG68CAQOjgcAwgb0wHQYDVR0OBBYEFNLEsNKR1EwRcbNh
-yz2h/t2oatTjMIGNBgNVHSMEgYUwgYKAFNLEsNKR1EwRcbNhyz2h/t2oatTj
-oWekZTBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5IEdy
-b3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmlj
-YXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEF
-BQADggEBADJL87LKPpH8EsahB4yOd6AzBhRckB4Y9wimPQoZ+YeAEW5p5JYX
-MP80kWNyOO7MHAGjHZQopDH2esRU1/blMVgDoszOYtuURXO1v0XJJLXVggKt
-I3lpjbi2Tc7PTMozI+gciKqdi0FuFskg5YmezTvacPd+mSYgFFQlq25zheab
-IZ0KbIIOqPjCDPoQHmyW74cNxA9hi63ugyuV+I6ShHI56yDqg+2DzZduCLzr
-Tia2cyvk0/ZM/iZx4mERdEr/VxqHD3VILs9RaRegAhJhldXRQLIQTO7ErBBD
-pqWeCtWVYpoNz4iCxTIM5CufReYNnyicsbkqWletNw+vHX/bvZ8=
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/23f4c490.0 b/cert-validity/mozilla/hashed/23f4c490.0
deleted file mode 100644
index fe372f787170..000000000000
--- a/cert-validity/mozilla/hashed/23f4c490.0
+++ /dev/null
@@ -1,26 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJV
-UzElMCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAG
-A1UECxMpU3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
-dHkwHhcNMDQwNjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQG
-EwJVUzElMCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEy
-MDAGA1UECxMpU3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRo
-b3JpdHkwggEgMA0GCSqGSIb3DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGm
-BIWtDBFk385N78gDGIc/oav7PKaf8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1
-KKY/e97gKvDIr1MvnsoFAZMej2YcOadN+lq2cwQlZut3f+dZxkqZJRRU6ybH
-838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0X9tDkYI22WY8sbi5gv2cOj4Q
-yDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aaK4UmkhynArPkPw2vCHmC
-uDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA1W4TNSNe35tfPe/W
-93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0GA1UdDgQWBBS/
-X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fRzt0fhvRb
-Vazc1xDCDqmI56FspGowaDELMAkGA1UEBhMCVVMxJTAjBgNVBAoTHFN0YXJm
-aWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBD
-bGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMB
-Af8wDQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1ep
-oXkJKtv3L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLM
-PUxA2IGvd56Deruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L
-7ShZ3U0WixeDyLJlxy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMt
-lb71cZBDzI0fmgAKhynpVSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl9
-0TSrE9atvNziPTnNvT51cKEYWQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/
-D5fs4C8fF5Q=
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/256fd83b.0 b/cert-validity/mozilla/hashed/256fd83b.0
deleted file mode 100644
index 974c86b17c57..000000000000
--- a/cert-validity/mozilla/hashed/256fd83b.0
+++ /dev/null
@@ -1,22 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDXDCCAsWgAwIBAgICA+owDQYJKoZIhvcNAQEEBQAwgbwxCzAJBgNVBAYT
-AkRFMRAwDgYDVQQIEwdIYW1idXJnMRAwDgYDVQQHEwdIYW1idXJnMTowOAYD
-VQQKEzFUQyBUcnVzdENlbnRlciBmb3IgU2VjdXJpdHkgaW4gRGF0YSBOZXR3
-b3JrcyBHbWJIMSIwIAYDVQQLExlUQyBUcnVzdENlbnRlciBDbGFzcyAyIENB
-MSkwJwYJKoZIhvcNAQkBFhpjZXJ0aWZpY2F0ZUB0cnVzdGNlbnRlci5kZTAe
-Fw05ODAzMDkxMTU5NTlaFw0xMTAxMDExMTU5NTlaMIG8MQswCQYDVQQGEwJE
-RTEQMA4GA1UECBMHSGFtYnVyZzEQMA4GA1UEBxMHSGFtYnVyZzE6MDgGA1UE
-ChMxVEMgVHJ1c3RDZW50ZXIgZm9yIFNlY3VyaXR5IGluIERhdGEgTmV0d29y
-a3MgR21iSDEiMCAGA1UECxMZVEMgVHJ1c3RDZW50ZXIgQ2xhc3MgMiBDQTEp
-MCcGCSqGSIb3DQEJARYaY2VydGlmaWNhdGVAdHJ1c3RjZW50ZXIuZGUwgZ8w
-DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANo46O0yAClxgwENv4wB3NrGrTmk
-qYov1YtcaF9QxmL1Zr3KkSLsqh1R1z2zUbKDTl3LSbDwTFXlay3HhQswHJJO
-gtTKAu33b77c4OMUuAVT8pr0VotanoWT0bSCVq5Nu6hLVxa8/vhYnvgpjbB7
-zXjJT6yLZwzxnPv8V5tXXE8NAgMBAAGjazBpMA8GA1UdEwEB/wQFMAMBAf8w
-DgYDVR0PAQH/BAQDAgGGMDMGCWCGSAGG+EIBCAQmFiRodHRwOi8vd3d3LnRy
-dXN0Y2VudGVyLmRlL2d1aWRlbGluZXMwEQYJYIZIAYb4QgEBBAQDAgAHMA0G
-CSqGSIb3DQEBBAUAA4GBAIRS+yjf/x91AbwBvgRWl2p0QiQxg/lGsQaKic+W
-LDO/jLVfenKhhQbOhvgFjuj5Jcrag4wGrOs2bYWRNAQ29ELw+HkuCkhcq8xR
-T3h2oNmsGb0q0WkEKJHKNhAngFdb0lz1wlurZIFjdFH0l7/NEij3TWZ/p/Ac
-ASZ4smZHcFFk
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/27af790d.0 b/cert-validity/mozilla/hashed/27af790d.0
deleted file mode 100644
index 840a5965528c..000000000000
--- a/cert-validity/mozilla/hashed/27af790d.0
+++ /dev/null
@@ -1,18 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICrjCCAjWgAwIBAgIQPLL0SAoA4v7rJDteYD7DazAKBggqhkjOPQQDAzCB
-mDELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xOTA3BgNV
-BAsTMChjKSAyMDA3IEdlb1RydXN0IEluYy4gLSBGb3IgYXV0aG9yaXplZCB1
-c2Ugb25seTE2MDQGA1UEAxMtR2VvVHJ1c3QgUHJpbWFyeSBDZXJ0aWZpY2F0
-aW9uIEF1dGhvcml0eSAtIEcyMB4XDTA3MTEwNTAwMDAwMFoXDTM4MDExODIz
-NTk1OVowgZgxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMu
-MTkwNwYDVQQLEzAoYykgMjAwNyBHZW9UcnVzdCBJbmMuIC0gRm9yIGF1dGhv
-cml6ZWQgdXNlIG9ubHkxNjA0BgNVBAMTLUdlb1RydXN0IFByaW1hcnkgQ2Vy
-dGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMjB2MBAGByqGSM49AgEGBSuBBAAi
-A2IABBWx6P0DFUPlrOuHNxFi79KDNlJ9RVcLSo17VDs6bl8VAsBQps8lL33K
-SLjHUGMcKiEIfJo22Av+0SbFWDEwKCXzXV2juLaltJLtbCyf691DiaI8S0iR
-HVDsJt/WYC69IaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC
-AQYwHQYDVR0OBBYEFBVfNVdRVfslsq0DafwBo/q+EVXVMAoGCCqGSM49BAMD
-A2cAMGQCMGSWWaboCd6LuvpaiIjwH5HTRqjySkwCY/tsXzjbLkGTqQ7mndwx
-HLKgpxgceeHHNgIwOlavmnRs9vuD4DPTCF+hnMJbn0bWtsuRBmOiBuczrD6o
-gRLQy7rQkgu2npaqBA+K
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/2afc57aa.0 b/cert-validity/mozilla/hashed/2afc57aa.0
deleted file mode 100644
index c6083d678577..000000000000
--- a/cert-validity/mozilla/hashed/2afc57aa.0
+++ /dev/null
@@ -1,29 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEqjCCA5KgAwIBAgIOLmoAAQACH9dSISwRXDswDQYJKoZIhvcNAQEFBQAw
-djELMAkGA1UEBhMCREUxHDAaBgNVBAoTE1RDIFRydXN0Q2VudGVyIEdtYkgx
-IjAgBgNVBAsTGVRDIFRydXN0Q2VudGVyIENsYXNzIDIgQ0ExJTAjBgNVBAMT
-HFRDIFRydXN0Q2VudGVyIENsYXNzIDIgQ0EgSUkwHhcNMDYwMTEyMTQzODQz
-WhcNMjUxMjMxMjI1OTU5WjB2MQswCQYDVQQGEwJERTEcMBoGA1UEChMTVEMg
-VHJ1c3RDZW50ZXIgR21iSDEiMCAGA1UECxMZVEMgVHJ1c3RDZW50ZXIgQ2xh
-c3MgMiBDQTElMCMGA1UEAxMcVEMgVHJ1c3RDZW50ZXIgQ2xhc3MgMiBDQSBJ
-STCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKuAh5uO8MN8h9fo
-JIIRszzdQ2Lu+MNF2ujhoF/RKrLqk2jftMjWQ+nEdVl//OEd+DFwIxuInie5
-e/060smp6RQvkL4DUsFJzfb95AhmC1eKokKguNV/aVyQMrKXDcpK3EY+AlWJ
-U+MaWss2xgdW94zPEfRMuzBwBJWl9jmM/XOBCH2JXjIeIqkiRUuwZi4wzJ9l
-/fzLganx4Duvo4bRierERXlQXa7pIXSSTYtZgo+U4+lK8edJsBTj9WLL1XK9
-H7nSn6DNqPoByNkN39r8R52zyFTfSUrxIan+GE7uSNQZu+995OKdy1u2bv/j
-zVrndIIFuoAlOMvkaZ6vQaoahPUCAwEAAaOCATQwggEwMA8GA1UdEwEB/wQF
-MAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBTjq1RMgKHbVkO3kUrL
-84J6E1wIqzCB7QYDVR0fBIHlMIHiMIHfoIHcoIHZhjVodHRwOi8vd3d3LnRy
-dXN0Y2VudGVyLmRlL2NybC92Mi90Y19jbGFzc18yX2NhX0lJLmNybIaBn2xk
-YXA6Ly93d3cudHJ1c3RjZW50ZXIuZGUvQ049VEMlMjBUcnVzdENlbnRlciUy
-MENsYXNzJTIwMiUyMENBJTIwSUksTz1UQyUyMFRydXN0Q2VudGVyJTIwR21i
-SCxPVT1yb290Y2VydHMsREM9dHJ1c3RjZW50ZXIsREM9ZGU/Y2VydGlmaWNh
-dGVSZXZvY2F0aW9uTGlzdD9iYXNlPzANBgkqhkiG9w0BAQUFAAOCAQEAjNff
-fu4bgBCzg/XbEeprS6iSGNn3Bzn1LL4GdXpoUxUc6krtXvwjshOg0wn/9vYu
-a0Fxec3ibf2uWWuFHbhOIprtZjluS5TmVfwLG4t3wVMTZonZKNaL80VKY7f9
-ewthXbhtvsPcW3nS7Yblok2+XnR8au0WOB9/WIFaGusyiC2y8zl3gK9etmF1
-KdsjTYjKUCjLhdLTEKJZbtOTVAB6okaVhgWcqRmY5TFyDADiZ9lA4CQze28s
-uVyrZZ0srHbqNZn1l7kPJOzHdiEoZa5X6AeIdUpWoNIFOqTmjZKILPPy4cHG
-YdtBxceb9w4aUUXCYWvcZCcXjFq32nQozZfkvQ==
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/2edf7016.0 b/cert-validity/mozilla/hashed/2edf7016.0
deleted file mode 100644
index 7e61f51e4b0e..000000000000
--- a/cert-validity/mozilla/hashed/2edf7016.0
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICPDCCAaUCED9pHoGc8JpK83P/uUii5N0wDQYJKoZIhvcNAQEFBQAwXzEL
-MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQL
-Ey5DbGFzcyAxIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9y
-aXR5MB4XDTk2MDEyOTAwMDAwMFoXDTI4MDgwMjIzNTk1OVowXzELMAkGA1UE
-BhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz
-cyAxIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGf
-MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDlGb9to1ZhLZlIcfZn3rmN67ee
-hoAKkQ76OCWvRoiC5XOooJskXQ0fzGVuDLDQVoQYh5oGmxChc9+0WDlrbsH2
-FdWoqD+qEgaNMax/sDTXjzRniAnNFBHiTkVWaR94AoDa3EeRKbs2yWNcxeDX
-LYd7obcysHswuiovMaruo2fa2wIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAFgV
-KTk8d6PaXCUDfGD67gmZPCcQcMgMCeazh88K4hiWNWLMv5sneYlfycQJ9M61
-Hd8qveXbhpxoJeUwfLaJFf5n0a3hUKw8fGJLj7qE1xIVGx/KXQ/BUpQqEZna
-e88MNhPVNdwQGVnqlMEAv3WP2fr9dgTbYruQagPZRjXZ+Hxb
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/2fa87019.0 b/cert-validity/mozilla/hashed/2fa87019.0
deleted file mode 100644
index 8d4f6fb16bc2..000000000000
--- a/cert-validity/mozilla/hashed/2fa87019.0
+++ /dev/null
@@ -1,25 +0,0 @@
------BEGIN CERTIFICATE-----
-MIID5jCCAs6gAwIBAgIQV8szb8JcFuZHFhfjkDFo4DANBgkqhkiG9w0BAQUF
-ADBiMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYTmV0d29yayBTb2x1dGlvbnMg
-TC5MLkMuMTAwLgYDVQQDEydOZXR3b3JrIFNvbHV0aW9ucyBDZXJ0aWZpY2F0
-ZSBBdXRob3JpdHkwHhcNMDYxMjAxMDAwMDAwWhcNMjkxMjMxMjM1OTU5WjBi
-MQswCQYDVQQGEwJVUzEhMB8GA1UEChMYTmV0d29yayBTb2x1dGlvbnMgTC5M
-LkMuMTAwLgYDVQQDEydOZXR3b3JrIFNvbHV0aW9ucyBDZXJ0aWZpY2F0ZSBB
-dXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkvH6S
-MG3G2I4rC7xGzuAnlt7e+foS0zwzc7MEL7xxjOWftiJgPl9dzgn/ggwbmlFQ
-GiaJ3dVhXRncEg8tCqJDXRfQNJIg6nPPOCwGJgl6cvf6UDL4wpPTaaIjzkGx
-zOTVHzbRijr4jGPiFFlp7Q3Tf2vouAPlT2rlmGNpSAW+Lv8ztumXWWn4Zxmu
-k2GWRBXTcrA/vGp97Eh/jcOrqnErU2lBUzS1sLnFBgrEsEX1QV1uiUV7PTsm
-jHTC5dLRfbIR1PtYMiKagMnc/Qzpf14Dl847ABSHJ3A4qY5usyd2mFHgBeMh
-qxrVhSI8KbWaFsWAqPS7azCPL0YCorEMIuDTAgMBAAGjgZcwgZQwHQYDVR0O
-BBYEFCEwyfsA106Y2oeqKtCnLrFAMadMMA4GA1UdDwEB/wQEAwIBBjAPBgNV
-HRMBAf8EBTADAQH/MFIGA1UdHwRLMEkwR6BFoEOGQWh0dHA6Ly9jcmwubmV0
-c29sc3NsLmNvbS9OZXR3b3JrU29sdXRpb25zQ2VydGlmaWNhdGVBdXRob3Jp
-dHkuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQC7rkvnt1frf6ott3NHhWrB5KUd
-5Oc86fRZZXe1eltajSU24HqXLjjAV2CDmAaDn7l2em5Q4LqILPxFzBiwmZVR
-DuwduIj/h1AcgsLj4DKAv6ALR8jDMe+ZZzKATxcheQxpXN5eNK4CtSbqUN9/
-GGUsyfJj4akH/nxxH2szJGoeBfcFaMBqEssuXmHLrijTfsK0ZpEmXzwuJF/L
-WA/rKOyvEZbz3HtvwKeI8lN3s2Berq4o2jUsbzRF0ybh3uxbTydrFny9RAQY
-grOJeRcQcT16ohZO9QHNpGxlaKFJdlxDydi8NmdspZS11My5vWo1ViHe2MPr
-+8ukYEywVaCge1ey
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/2fb1850a.0 b/cert-validity/mozilla/hashed/2fb1850a.0
deleted file mode 100644
index c7028dc9d0fd..000000000000
--- a/cert-validity/mozilla/hashed/2fb1850a.0
+++ /dev/null
@@ -1,35 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFpDCCA4ygAwIBAgIBATANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJV
-UzEcMBoGA1UEChMTQW1lcmljYSBPbmxpbmUgSW5jLjE2MDQGA1UEAxMtQW1l
-cmljYSBPbmxpbmUgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAyMB4X
-DTAyMDUyODA2MDAwMFoXDTM3MDkyOTE0MDgwMFowYzELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0FtZXJpY2EgT25saW5lIEluYy4xNjA0BgNVBAMTLUFtZXJp
-Y2EgT25saW5lIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgMjCCAiIw
-DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMxBRR3pPU0Q9oyxQcngXssN
-t79Hc9PwVU3dxgz6sWYFas14tNwC206B89enfHG8dWOgXeMHDEjsJcQDIPT/
-DjsS/5uN4cbVG7RtIuOx238hZK+GvFciKtZHgVdEglZTvYYUAQv8f3SkWq7x
-uhG1m1hagLQ3eAkzfDJHA1zEpYNI9FdWboE2JxhP7JsowtS013wMPgwr38oE
-18aO6lhOqKSlGBxsRZijQdEt0sdtjRnxrXm3gT+9BoInLRBYBbV4Bbkv2wxr
-kJB+FFk4u5QkE+XRnRTf04JNRvCAOVIyD+OEsnpD8l7eXz8d3eOyG6ChKiMD
-bi4BFYdcpnV1x5dhvt6G3NRI270qv0pV2uh9UPu0gBe4lL8BPeraunzgWGcX
-uVjgiIZGZ2ydEEdYMtA1fHkqkKJaEBEjNa0vzORKW6fIJ/KD3l67Xnfn6KVu
-Y8INXWHQjNJsWiEOyiijzirplcdIz5ZvHZIlyMbGwcEMBawmxNJ10uEqZ8A9
-W6Wa6897GqidFEXlD6CaZd4vKL3Ob5Rmg0gp2OpljK+T2WSfVVcmv2/LNzGZ
-o2C7HK2JNDJiuEMhBnIMoVxtRsX6Kc8w3onccVvdtjc+31D1uAclJuW8tf48
-ArO3+L5DwYcRlJ4jbBeKuIonDFRH8KmzwICMoCfrHRnjB453cMor9H124Hhn
-AgMBAAGjYzBhMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFE1FwWg4u3Op
-aaEg5+31IqEjFNeeMB8GA1UdIwQYMBaAFE1FwWg4u3OpaaEg5+31IqEjFNee
-MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQUFAAOCAgEAZ2sGuV9FOypL
-M7PmG2tZTiLMubekJcmnxPBUlgtk87FYT15R/LKXeydlwuXK5w0MJXti4/qf
-tIe3RUavg6WXSIylvfEWK5t2LHo1YGwRgJfMqZJS5ivmae2p+DYtLHe/YUjR
-Ywu5W1LtGLBDQiKmsXeu3mnFzcccobGlHBD7GL4acN3Bkku+KVqdPzW+5X1R
-+FXgJXUjhx5c3LqdsKyzadsXg8n33gy8CNyRnqjQ1xU3c6U1uPx+xURABsPr
-+CKAXEfOAuMRn0T//ZoyzH1kUQ7rVyZ2OuMeIjzCpjbdGe+n/BLzJsBZMYVM
-nNjP36TMzCmT/5RtdlwTCJfy7aULTd3oyWgOZtMADjMSW7yV5TKQqLPGbIOt
-d+6Lfn6xqavT4fG2wLHqiMDn05DpKJKUe2h7lyoKZy2FAjgQ5ANh1NolNscI
-WC2hp1GvMApJ9aZphwctREZ2jirlmjvXGKL8nDgQzMY70rUXOm/9riW99XJZ
-ZLF0KjhfGEzfz3EEWjbUvy+ZnOjZurGV5gJLIaFb1cFPj65pbVPbAZO1XB4Y
-3WRayhgoPmMEEf0cjQAPuDffZ4qdZqkCapH/E8ovXYO8h5Ns3CRRFgQlZvqz
-2cK6Kb6aSDiCmfS/O0oxGfm/jiEzFMpPVF/7zvuPcX/9XhmgD0uRuMRUvAaw
-RY8mkaKO/qk=
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/33815e15.0 b/cert-validity/mozilla/hashed/33815e15.0
deleted file mode 100644
index 554a087dee37..000000000000
--- a/cert-validity/mozilla/hashed/33815e15.0
+++ /dev/null
@@ -1,47 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIHyTCCBbGgAwIBAgIBATANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJJ
-TDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERp
-Z2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3RhcnRDb20g
-Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDYwOTE3MTk0NjM2WhcNMzYw
-OTE3MTk0NjM2WjB9MQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20g
-THRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2ln
-bmluZzEpMCcGA1UEAxMgU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3Jp
-dHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDBiNsJvGxGfHif
-lXu1M5DycmLWwTYgIiRezul38kMKogZkpMyONvg45iPwbm2xPN1yo4UcodM9
-tDMr0y+v/uqwQVlntsQGfQqedIXWeUyAN3rfOQVSWff0G0ZDpNKFhdLDcfN1
-YjS6LIp/Ho/u7TTQEceWzVI9ujPW3U3eCztKS5/CJi/6tRYccjV3yjxd5srh
-JosaNnZcAdt0FCX+7bWgiA/deMotHweXMAEtcnn6RtYTKqi5pquDSR3l8u/d
-5AGOGAqPY1MWhWKpDhk6zLVmpsJrdAfkK+F2PrRt2PZE4XNiHzvEvqBTViVs
-UQn3qqvKv3b9bZvzndu/PWa8DFaqr5hIlTpL36dYUNk4dalb6kMMAv+Z6+hs
-TXBbKWWc3apdzK8BMewM69KN6Oqce+Zu9ydmDBpI125C4z/eIT574Q1w+2Oq
-qGwaVLRcJXrJosmLFqa7LH4XXgVNWG4SHQHuEhANxjJ/GP/89PrNbpHoNkm+
-Gkhpi8KWTRoSsmkXwQqQ1vp5Iki/untp+HDH+no32NgN0nZPV/+Qt+OR0t3v
-wmC3Zzrd/qqc8NSLf3Iizsafl7b4r4qgEKjZ+xjGtrVcUjyJthkqcwEKDwOz
-EmDyei+B26Nu/yYwl/WL3YlXtq09s68rxbd2AvCl1iuahhQqcvbjM4xdCUsT
-37uMdBNSSwIDAQABo4ICUjCCAk4wDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMC
-Aa4wHQYDVR0OBBYEFE4L7xqkQFulF2mHMMo0aEPQQa7yMGQGA1UdHwRdMFsw
-LKAqoCiGJmh0dHA6Ly9jZXJ0LnN0YXJ0Y29tLm9yZy9zZnNjYS1jcmwuY3Js
-MCugKaAnhiVodHRwOi8vY3JsLnN0YXJ0Y29tLm9yZy9zZnNjYS1jcmwuY3Js
-MIIBXQYDVR0gBIIBVDCCAVAwggFMBgsrBgEEAYG1NwEBATCCATswLwYIKwYB
-BQUHAgEWI2h0dHA6Ly9jZXJ0LnN0YXJ0Y29tLm9yZy9wb2xpY3kucGRmMDUG
-CCsGAQUFBwIBFilodHRwOi8vY2VydC5zdGFydGNvbS5vcmcvaW50ZXJtZWRp
-YXRlLnBkZjCB0AYIKwYBBQUHAgIwgcMwJxYgU3RhcnQgQ29tbWVyY2lhbCAo
-U3RhcnRDb20pIEx0ZC4wAwIBARqBl0xpbWl0ZWQgTGlhYmlsaXR5LCByZWFk
-IHRoZSBzZWN0aW9uICpMZWdhbCBMaW1pdGF0aW9ucyogb2YgdGhlIFN0YXJ0
-Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5IFBvbGljeSBhdmFpbGFibGUg
-YXQgaHR0cDovL2NlcnQuc3RhcnRjb20ub3JnL3BvbGljeS5wZGYwEQYJYIZI
-AYb4QgEBBAQDAgAHMDgGCWCGSAGG+EIBDQQrFilTdGFydENvbSBGcmVlIFNT
-TCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTANBgkqhkiG9w0BAQUFAAOCAgEA
-FmyZ9GYMNPXQhV59CuzaEE44HF7fpiUFS5Eyweg78T3dRAlbB0mKKctmArex
-mvclmAk8jhvh3TaHK0u7aNM5Zj2gJsfyOZEdUauCe37Vzlrk4gNXcGmXCPle
-WKYK34wGmkUWFjgKXlf2Ysd6AgXmvB618p70qSmD+LIU424oh0TDkBreOKk8
-rENNZEXO3SipXPJzewT4F+irsfMuXGRuczE6Eri8sxHkfY+BUZo7jYn0TZNm
-ezwD7dOaHZrzZVD1oNB1ny+v8OqCQ5j4aZyJecRDjkZy42Q2Eq/3JR44iZB3
-fsNrarnDy0RLrHiQi+fHLB5LEUTINFInzQpdn4XBidUaePKVEFMy3YCEZnXZ
-tWgo+2EuvoSoOMCZEoalHmdkrQYuL6lwhceWD3yJZfWOQ1QOq92lgDmUYMA0
-yZZwLKMS9R9Ie70cfmu3nZD0Ijuu+PwqyvqCUqDvr0tVk+vBtfAii6w0TiYi
-BKGHLHVKt+V9E9e4DGTANtLJL4YSjCMJwRuCO3NJo2pXh5Tl1njFmUNj403g
-dy3hZZlyaQQaRwnmDwFWJPsfvw55qVguucQJAX6Vum0ABj6y6koQOdjQK/W/
-7HW/lwLFCRsI3FU34oH7N4RDYiDK51ZLZer+bMEkkyShNOsF/5oirpt9P/Fl
-UQqmMGqz9IgcgA38corog14=
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/343eb6cb.0 b/cert-validity/mozilla/hashed/343eb6cb.0
deleted file mode 100644
index 0df28698c11e..000000000000
--- a/cert-validity/mozilla/hashed/343eb6cb.0
+++ /dev/null
@@ -1,23 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDoTCCAomgAwIBAgILBAAAAAABD4WqLUgwDQYJKoZIhvcNAQEFBQAwOzEY
-MBYGA1UEChMPQ3liZXJ0cnVzdCwgSW5jMR8wHQYDVQQDExZDeWJlcnRydXN0
-IEdsb2JhbCBSb290MB4XDTA2MTIxNTA4MDAwMFoXDTIxMTIxNTA4MDAwMFow
-OzEYMBYGA1UEChMPQ3liZXJ0cnVzdCwgSW5jMR8wHQYDVQQDExZDeWJlcnRy
-dXN0IEdsb2JhbCBSb290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
-AQEA+Mi8vRRQZhP/8NN57CPytxrHjoXxEnOmGaoQ25yiZXRadz5RfVb23CO2
-1O1fWLE3TdVJDm71aofW0ozSJ8bi/zafmGWgE07GKmSb1ZASzxQG9Dvj1Ci+
-6A74q05IlG2OlTEQXO2iLb3VOm2yHLtgwEZLAfVJrn5GitB0jaEMAs7u/OeP
-uGtm839EAL9mJRQr3RAwHQeWP032a7iPt3sMpTjr3kfb1V05/Iin89cqdPHo
-WqI7n1C6poxFNcJQZZXcY4Lv3b93TZxiyWNzFtApD0mpSPCzqrdsxacwOUBd
-rsTiXSZT8M4cIwhhqJQZugRiQOwfOHB3EgZxpzAYXSUnpQIDAQABo4GlMIGi
-MA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBS2
-CHsNesysIEyGVjJez6tuhS1wVzA/BgNVHR8EODA2MDSgMqAwhi5odHRwOi8v
-d3d3Mi5wdWJsaWMtdHJ1c3QuY29tL2NybC9jdC9jdHJvb3QuY3JsMB8GA1Ud
-IwQYMBaAFLYIew16zKwgTIZWMl7Pq26FLXBXMA0GCSqGSIb3DQEBBQUAA4IB
-AQBW7wojoFROlZfJ+InaRcHUowAl9B8Tq7ejhVhpwjCt2BWKLePJzYFa+HMj
-Wqd8BfP9IjsO0QbE2zZMcwSO5bAi5MXzLqXZI+O4Tkogp24CJJ8iYGd7ix1y
-CcUxXOl5n4BHPa2hCwcUPUf/A2kaDAtE52Mlp3+yybh2hO0j9n0Hq0V+09+z
-v+mKts2oomcrUtW3ZfA5TGOgkXmTUg9U3YO7n9GPp1Nzw8v/MOx8BLjYRB+T
-X3EJIrduPuocA06dGiBh+4E37F78CkWr1+cXVdCg6mCbpvbjjFspwgZgFJ0t
-l0ypkxWdYcQBX0jWWL1WMRJOEcgh4LMRkWXbtKaIOM5V
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/399e7759.0 b/cert-validity/mozilla/hashed/399e7759.0
deleted file mode 100644
index 5117d96d327c..000000000000
--- a/cert-validity/mozilla/hashed/399e7759.0
+++ /dev/null
@@ -1,24 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUF
-ADBhMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYD
-VQQLExB3d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9i
-YWwgUm9vdCBDQTAeFw0wNjExMTAwMDAwMDBaFw0zMTExMTAwMDAwMDBaMGEx
-CzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsT
-EHd3dy5kaWdpY2VydC5jb20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBS
-b290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jvhEXLe
-qKTTo1eqUKKPC3eQyaKl7hLOllsBCSDMAZOnTjC3U/dDxGkAV53ijSLdhwZA
-AIEJzs4bg7/fzTtxRuLWZscFs3YnFo97nh6Vfe63SKMI2tavegw5BmV/Sl0f
-vBf4q77uKNd0f3p4mVmFaG5cIzJLv07A6Fpt43C/dxC//AH2hdmoRBBYMql1
-GNXRor5H4idq9Joz+EkIYIvUX7Q6hL+hqkpMfT7PT19sdl6gSzeRntwi5m3O
-FBqOasv+zbMUZBfHWymeMr/y7vrTC0LUq7dBMtoM1O/4gdW7jVg/tRvoSSii
-cNoxBN33shbyTApOB6jtSj1etX+jkMOvJwIDAQABo2MwYTAOBgNVHQ8BAf8E
-BAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA95QNVbRTLtm8KPi
-GxvDl7I90VUwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUwDQYJ
-KoZIhvcNAQEFBQADggEBAMucN6pIExIK+t1EnE9SsPTfrgT1eXkIoyQY/Esr
-hMAtudXH/vTBH1jLuG2cenTnmCmrEbXjcKChzUyImZOMkXDiqw8cvpOp/2PV
-5Adg06O/nVsJ8dWO41P0jmP6P6fbtGbfYmbW0W5BjfIttep3Sp+dWOIrWcBA
-I+0tKIJFPnlUkiaY4IBIqDfv8NZ5YBberOgOzW6sRBc4L0na4UU+Krk2U886
-UAb3LujEV0lsYSEY1QSteDwsOoBrp+uvFRTp2InBuThs4pFsiv9kuXclVzDA
-GySj4dzp30d8tbQkCAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWV
-bd4=
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/3a3b02ce.0 b/cert-validity/mozilla/hashed/3a3b02ce.0
deleted file mode 100644
index 9ddb31ea97ef..000000000000
--- a/cert-validity/mozilla/hashed/3a3b02ce.0
+++ /dev/null
@@ -1,25 +0,0 @@
------BEGIN CERTIFICATE-----
-MIID8TCCAtmgAwIBAgIQQT1yx/RrH4FDffHSKFTfmjANBgkqhkiG9w0BAQUF
-ADCBijELMAkGA1UEBhMCQ0gxEDAOBgNVBAoTB1dJU2VLZXkxGzAZBgNVBAsT
-EkNvcHlyaWdodCAoYykgMjAwNTEiMCAGA1UECxMZT0lTVEUgRm91bmRhdGlv
-biBFbmRvcnNlZDEoMCYGA1UEAxMfT0lTVEUgV0lTZUtleSBHbG9iYWwgUm9v
-dCBHQSBDQTAeFw0wNTEyMTExNjAzNDRaFw0zNzEyMTExNjA5NTFaMIGKMQsw
-CQYDVQQGEwJDSDEQMA4GA1UEChMHV0lTZUtleTEbMBkGA1UECxMSQ29weXJp
-Z2h0IChjKSAyMDA1MSIwIAYDVQQLExlPSVNURSBGb3VuZGF0aW9uIEVuZG9y
-c2VkMSgwJgYDVQQDEx9PSVNURSBXSVNlS2V5IEdsb2JhbCBSb290IEdBIENB
-MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy0+zAJs9Nt350Ulq
-axBJH+zYK7LG+DKBKUOVTJoZIyEVRd7jyBxRVVuuk+g3/ytr6dTqvirdqFEr
-12bDYVxgAsj1znJ7O7jyTmUIms2kahnBAbtzptf2w93NvKSLtZlhuAGio9RN
-1AU9ka34tAhxZK9w8RxrfvbDd50kc3vkDIzh2TbhmYsFmQvtRTEJysIA2/dy
-oJaqlYfQjse2YXMNdmaM3Bu0Y6Kff5MTMPGhJ9vZ/yxViJGg4E8HsChWjBgb
-l0SOid3gF27nKu+POQoxhILYQBRJLnpB5Kf+42TMwVlxSywhp1t94B3RLoGb
-w9ho972WG6xwsRYUC9tguSYBBQIDAQABo1EwTzALBgNVHQ8EBAMCAYYwDwYD
-VR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUswN+rja8sHnR3JQmthG+IbJphpQw
-EAYJKwYBBAGCNxUBBAMCAQAwDQYJKoZIhvcNAQEFBQADggEBAEuh/wuHbrP5
-wUOxSPMowB0uyQlB+pQAHKSkq0lPjz0e701vvbyk9vImMMkQyh2I+3QZH4VF
-vbBsUfk2ftv1TDI6QU9bR8/oCy22xBmddMVHxjtqD6wU2zz0c5ypBd8A3HR4
-+vg1YFkCExh8vPtNsCBtQ7tgMHpnM1zFmdH4LTlSc/uMqpclXHLZCB6rTjzj
-gTGfA6b7wP4piFXahNVQA7bihKOmNqoROgHhGEvWRGizPflTdISzRpFGlgC3
-gCy24eMQ4tui5yiPAZZiFj4A4xylNoEYokxSdsARo27mHbrjWr42U8U+dY+G
-aSlYU7Wcu2+fXMUY7N0v4ZjJ/L7fCg0=
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/3ad48a91.0 b/cert-validity/mozilla/hashed/3ad48a91.0
deleted file mode 100644
index 9758eb4b29ed..000000000000
--- a/cert-validity/mozilla/hashed/3ad48a91.0
+++ /dev/null
@@ -1,22 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDdzCCAl+gAwIBAgIEAgAAuTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQG
-EwJJRTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0
-MSIwIAYDVQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTAwMDUx
-MjE4NDYwMFoXDTI1MDUxMjIzNTkwMFowWjELMAkGA1UEBhMCSUUxEjAQBgNV
-BAoTCUJhbHRpbW9yZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZ
-QmFsdGltb3JlIEN5YmVyVHJ1c3QgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQAD
-ggEPADCCAQoCggEBAKMEuyKrmD1X6CZymrV51Cni4eiVgLGw41uOKymaZN+h
-Xe2wCQVt2yguzmKiYv60iNoS6zjrIZ3AQSsBUnuId9Mcj8e6uYi1agnnc+gR
-QKfRzMpijS3ljwumUNKoUMMo6vWrJYeKmpYcqWe4PwzV9/lSEy/CG9VwcPCP
-wBLKBsua4dnKM3p31vjsufFoREJIE9LAwqSuXmD+tqYF/LTdB1kC1FkYmGP1
-pWPgkAx9XbIGevOF6uvUA65ehD5f/xXtabz5OTZydc93Uk3zyZAsuT3lySNT
-Px8kmCFcB5kpvcY67Oduhjprl3RjM71oGDHweI12v/yejl0qhqdNkNwnGjkC
-AwEAAaNFMEMwHQYDVR0OBBYEFOWdWTCCR1jMrPoIVDaGezq1BE3wMBIGA1Ud
-EwEB/wQIMAYBAf8CAQMwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBBQUA
-A4IBAQCFDF2O5G9RaEIFoN27TyclhAO992T9Ldcw46QQF+vaKSm2eT929hkT
-I7gQCvlYpNRhcL0EYWoSihfVCr3FvDB81ukMJY2GQE/szKN+OMY3EU/t3Wgx
-jkzSswF07r51XgdIGn9w/xZchMB5hbgF/X++ZRGjD8ACtPhSNzkE1akxehi/
-oCr0Epn3o0WC4zxe9Z2etciefC7IpJ5OCBRLbf1wbWsaY71k5h+3zvDyny67
-G7fyUIhzksLi4xaNmjICq44Y3ekQEe5+NauQrz4wlHrQMz2nZQ/1/I6eYs9H
-RCwBXbsdtTLSR9I4LtD+gdwyah617jzV/OeBHRnDJELqYzmp
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/3c58f906.0 b/cert-validity/mozilla/hashed/3c58f906.0
deleted file mode 100644
index 775da4062740..000000000000
--- a/cert-validity/mozilla/hashed/3c58f906.0
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJT
-RTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4
-dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5h
-bCBDQSBSb290MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowbzEL
-MAkGA1UEBhMCU0UxFDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1B
-ZGRUcnVzdCBFeHRlcm5hbCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1
-c3QgRXh0ZXJuYWwgQ0EgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
-AQoCggEBALf3GjPm8gAELTngTlvtH7xsD821+iO2zt6bETOXpClMfZOfvUq8
-k+0DGuOPz+VtUFrWlymUWoCwSXrbLpX9uMq/NzgtHj6RQa1wVsfwTz/oMp50
-ysiQVOnGXw94nZpAPA6sYapeFI+eh6FqUNzXmk6vBbOmcZSccbNQYArHE504
-B4YCqOmoaSYYkKtMsE8jqzpPhNjfzp/haW+710LXa0Tkx63ubUFfclpxCDez
-eWWkWaCUN/cALw3CknLa0Dhy2xSoRcRdKn23tNbE7qzNE0S3ySvdQwAl+mG5
-aWpYIxG3pzOPVnVZ9c0p10a3CitlttNCbxWyuHv77+ldU9U0WicCAwEAAaOB
-3DCB2TAdBgNVHQ4EFgQUrb2YejS0Jvf6xCZU7wO94CTLVBowCwYDVR0PBAQD
-AgEGMA8GA1UdEwEB/wQFMAMBAf8wgZkGA1UdIwSBkTCBjoAUrb2YejS0Jvf6
-xCZU7wO94CTLVBqhc6RxMG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRU
-cnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdv
-cmsxIjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3SCAQEwDQYJ
-KoZIhvcNAQEFBQADggEBALCb4IUlwtYj4g+WBpKdQZic2YR5gdkeWxQHIzZl
-j7DYd7usQWxHYINRsPkyPef89iYTx4AWpb9a/IfPeHmJIZriTAcKhjW88t5R
-xNKWt9x+Tu5w/Rw56wwCURQtjr0W4MHfRnXnJK3s9EK0hZNwEGe6nQY1ShjT
-K3rMUUKhemPR5ruhxSvCNr4TDea9Y355e6cJDUCrat2PisP29owaQgVR1EX1
-n6diIWgVIEM8med8vSTYqZEXc4g/VhsxOBi0cQ+azcgOno4uG+GMmIPLHzHx
-REzGBHNJdmAPx/i9F4BrLunMTA5amnkPIAou1Z5jJh5VkpTYghdae9C8x49O
-hgQ=
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/3c860d51.0 b/cert-validity/mozilla/hashed/3c860d51.0
deleted file mode 100644
index 0ebdd4ad8edc..000000000000
--- a/cert-validity/mozilla/hashed/3c860d51.0
+++ /dev/null
@@ -1,35 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFujCCA6KgAwIBAgIJALtAHEP1Xk+wMA0GCSqGSIb3DQEBBQUAMEUxCzAJ
-BgNVBAYTAkNIMRUwEwYDVQQKEwxTd2lzc1NpZ24gQUcxHzAdBgNVBAMTFlN3
-aXNzU2lnbiBHb2xkIENBIC0gRzIwHhcNMDYxMDI1MDgzMDM1WhcNMzYxMDI1
-MDgzMDM1WjBFMQswCQYDVQQGEwJDSDEVMBMGA1UEChMMU3dpc3NTaWduIEFH
-MR8wHQYDVQQDExZTd2lzc1NpZ24gR29sZCBDQSAtIEcyMIICIjANBgkqhkiG
-9w0BAQEFAAOCAg8AMIICCgKCAgEAr+TufoskDhJuqVAtFkQ7kpJcyrhdhJJC
-Eyq8ZVeCQD5XJM1QiyUqt2/876LQwB8CJEoTlo8jE+YoWACjR8cGp4QjK7u9
-lit/VcyLwVcfDmJlD909Vopz2q5+bbqBHH5CjCA12UNNhPqE21Is8w4ndwtr
-vxEvcnifLtg+5hg3Wipy+dpikJKVyh+c6bM8K8vzARO/Ws/BtQpgvd21mWRT
-uKCWs2/iJneRjOBiEAKfNA+k1ZIzUd6+jbqEemA8atufK+ze3gE/bk3lUIbL
-tK/tREDFylqM2tIrfKjuvqblCqoOpd8FUrdVxyJdMmqXl2MT28nbeTZ7hTpK
-xVKJ+STnnXepgv9VHKVxaSvRAiTysybUa9oEVeXBCsdtMDeQKuSeFDNeFhdV
-xVu1yzSJkvGdJo+hB9TGsnhQ2wwMC3wLjEHXuendjIj3o02yMszYF9rNt85m
-ndT9Xv+9lz4pded+p2JYryU0pUHHPbwNUMoDAw8IWh+Vc3hiv69yFGkOpeUD
-DniOJihC8AcLYiAQZzlG+qkDzAQ4embvIIO1jEpWjpEA/I5cgt6IoMPiaG59
-je883WX0XaxR7ySArqpWl2/5rX3aYT+YdzylkbYcjCbaZaIJbcHiVOO5ykxM
-gI93e2CaHt+28kgeDrpOVG2Y4OGiGqJ3UM/EY5LsRxmd6+ZrzsECAwEAAaOB
-rDCBqTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4E
-FgQUWyV7lqRlUX64OfPAeGZe6Drn8O4wHwYDVR0jBBgwFoAUWyV7lqRlUX64
-OfPAeGZe6Drn8O4wRgYDVR0gBD8wPTA7BglghXQBWQECAQEwLjAsBggrBgEF
-BQcCARYgaHR0cDovL3JlcG9zaXRvcnkuc3dpc3NzaWduLmNvbS8wDQYJKoZI
-hvcNAQEFBQADggIBACe645R88a7A3hfm5djV9VSwg/S7zV4Fe0+fdWavPOhW
-fvxyeDgD2StiGwC5+OlgzczOUYrHUDFu4Up+GC9pWbY9ZIEr44OE5iKHjn3g
-7gKZYbge9LgriBIWhMIxkziWMaa5O1M/wySTVltpkuzFwbs4AOPsF6m43Md8
-AYOfMke6UiI0HTJ6CVanfCU2qT1L2sCCbwq7EsiHSycR+R4tx5M/nttfJmtS
-2S6K8RTGRI0Vqbe/vd6mGu6uLftIdxf+u+yvGPUqUfA5hJeVbG4bwyvEdGB5
-JbAKJ9/fXtI5z0V9QkvfsywexcZdylU6oJxpmo/a77KwPJ+HbBIrZXAVUjEa
-JM9vMSNQH4xPjyPDdEFjHFWoFN0+4FFQz/EbMFYOkrCChdiDyyJkvC24JdVU
-orgG6q2SpCSgwYa1ShNqR88uC1aVVMvOmttqtKay20EIhid392qgQmwLOM7X
-dVAyksLfKzAiSNDVQTglXaTpXZ/GlHXQRf0wl0OPkKsKx4ZzYEppLd6leNcG
-2mqeSz53OiATIgHQv2ieY2BrNU0LbbqhPcCT4H8js1WtciVORvnSFu+wZMEB
-nunKoGqYDs/YYPIvSbjkQuE4NRb0yG5P94FW6LqjviOvrv1vA+ACOzB2+htt
-Qc8Bsem4yWb02ybzOqR08kkkW8mw0FfB+j564ZfJ
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/3d441de8.0 b/cert-validity/mozilla/hashed/3d441de8.0
deleted file mode 100644
index 595fae093885..000000000000
--- a/cert-validity/mozilla/hashed/3d441de8.0
+++ /dev/null
@@ -1,36 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFyjCCA7KgAwIBAgIEAJiWjDANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQG
-EwJOTDEeMBwGA1UECgwVU3RhYXQgZGVyIE5lZGVybGFuZGVuMSswKQYDVQQD
-DCJTdGFhdCBkZXIgTmVkZXJsYW5kZW4gUm9vdCBDQSAtIEcyMB4XDTA4MDMy
-NjExMTgxN1oXDTIwMDMyNTExMDMxMFowWjELMAkGA1UEBhMCTkwxHjAcBgNV
-BAoMFVN0YWF0IGRlciBOZWRlcmxhbmRlbjErMCkGA1UEAwwiU3RhYXQgZGVy
-IE5lZGVybGFuZGVuIFJvb3QgQ0EgLSBHMjCCAiIwDQYJKoZIhvcNAQEBBQAD
-ggIPADCCAgoCggIBAMVZ5291qj5LnLW4rJ4L5PnZyqtdj7U5EILXr1HgO+EA
-SGrP2uEGQxGZqhQlEq0i6ABtQ8SpuOUfiUtnvWFI7/3S4GCI5bkYYCjDdyut
-sDeqN95kWSpGV+RLufg3fNU254DBtvPUZ5uW6M7XxgpT0GtJlvOjCwV3SPcl
-5XCsMBQgJeN/dVrlSPhOewMHBPqCYYdu8DvEpMfQ9XQ+pV0aCPKbJdL2rAQm
-PlU6Yiile7Iwr/g3wtG61jj99O9JMDeZJiFIhQGp5Rbn3JBV3w/oOM2ZNyFP
-XfUib2rFEhZgF1XyZWampzCROME4HYYEhLoaJXhena/MUGDWE4dS7WMfbWV9
-whUYdMrhfmQpjHLYFhN9C0lK8SgbIHRrxT3dsKpICT0ugpTNGmXZK4iambwY
-fp/ufWZ8Pr2UuIHOzZgweMFvZ9C+X+Bo7d7iscksWXiSqt8rYGPy5V6548r6
-f1CGPqI0GAwJaCgRHOThuVw+R7oyPxjMW4T182t0xHJ04eOLoEq9jWYv6q01
-2iDTiIJh8BIitrzQ1aTsr1SIJSQ8p22xcik/Plemf1WvbibG/ufMQFxRRIEK
-eN5KzlW/HdXZt1bv8Hb/C3m1r737qWmRRpdogBQ2HbN/uymYNqUg+oJgYjOk
-7Na6B6duxc8UpufWkjTYgfX8HV2qXB72o007uPc5AgMBAAGjgZcwgZQwDwYD
-VR0TAQH/BAUwAwEB/zBSBgNVHSAESzBJMEcGBFUdIAAwPzA9BggrBgEFBQcC
-ARYxaHR0cDovL3d3dy5wa2lvdmVyaGVpZC5ubC9wb2xpY2llcy9yb290LXBv
-bGljeS1HMjAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFJFoMocVHYnitfGs
-Nig0jQt8YojrMA0GCSqGSIb3DQEBCwUAA4ICAQCoQUpnKpKBglBu4dfYszk7
-8wIVCVBR7y29JHuIhjv5tLySCZa59sCrI2AGeYwRTlHSeYAz+51IvuxBQ4Ef
-fkdAHOV6CMqqi3WtFMTC6GY8ggen5ieCWxjmD27ZUD6KQhgpxrRW/FYQoAUX
-vQwjf/ST7ZwaUb7dRUG/kSS0H4zpX897IZmflZ85OkYcbPnNe5yQzSipx6lV
-u6xiNGI1E0sUOlWDuYaNkqbG9AclVMwWVxJKgnjIFNkXgiYtXSAfea7+1HAW
-FpWD2DU5/1JddRwWxRNVz0fMdWVSSt7wsKfkCpYL+63C4iWEst3kvX5ZbJvw
-8NjnyvLplzh+ib7M+zkXYT9y2zqR2GUBGR2tUKRXCnxLvJxxcypFURmFzI79
-R6d0lR2o0a9OF7FpJsKqeFdbxU2n5Z4FF5TKsl+gSRiNNOkmbEgeqmiSBeGC
-c1qb3AdbCG19ndeNIdn8FCCqwkXfP+cAslHkwvgFuXkajDTznlvkN1trSt8s
-V4pAWja63XVECDdCcAz+3F4hoKOKwJCcaNpQ5kUQR3i2TtJlycM33+FCY7BX
-N0Ute4qcvwXqZVUz9zkQxSgqIXobisQk+T8VyJoVIPVVYpbtbZNQvOSqeK3Z
-ywplh6ZmwcSBo3c6WB4L7oOLnR7SUqTMHW+wmG2UMbX4cQrcufx9MmDm66+K
-AQ==
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/3e7271e8.0 b/cert-validity/mozilla/hashed/3e7271e8.0
deleted file mode 100644
index e71afc5ecf7c..000000000000
--- a/cert-validity/mozilla/hashed/3e7271e8.0
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEXDCCA0SgAwIBAgIEOGO5ZjANBgkqhkiG9w0BAQUFADCBtDEUMBIGA1UE
-ChMLRW50cnVzdC5uZXQxQDA+BgNVBAsUN3d3dy5lbnRydXN0Lm5ldC9DUFNf
-MjA0OCBpbmNvcnAuIGJ5IHJlZi4gKGxpbWl0cyBsaWFiLikxJTAjBgNVBAsT
-HChjKSAxOTk5IEVudHJ1c3QubmV0IExpbWl0ZWQxMzAxBgNVBAMTKkVudHJ1
-c3QubmV0IENlcnRpZmljYXRpb24gQXV0aG9yaXR5ICgyMDQ4KTAeFw05OTEy
-MjQxNzUwNTFaFw0xOTEyMjQxODIwNTFaMIG0MRQwEgYDVQQKEwtFbnRydXN0
-Lm5ldDFAMD4GA1UECxQ3d3d3LmVudHJ1c3QubmV0L0NQU18yMDQ4IGluY29y
-cC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTElMCMGA1UECxMcKGMpIDE5OTkg
-RW50cnVzdC5uZXQgTGltaXRlZDEzMDEGA1UEAxMqRW50cnVzdC5uZXQgQ2Vy
-dGlmaWNhdGlvbiBBdXRob3JpdHkgKDIwNDgpMIIBIjANBgkqhkiG9w0BAQEF
-AAOCAQ8AMIIBCgKCAQEArU1LqRKGsuqjIAcVFmQqK0vRvwtKTY7tgHalZ7d4
-QMBzQshowNtTK91euHaYNZOLGp18EzoOH1u3Hs/lJBQesYGpjX24zGtLA/EC
-DNyrpUAkAH90lKGdCCmziAv1h3edVc3kw37XamSrhRSGlVuXMlBvPci6Zgzj
-/L24ScF2iUkZ/cCovYmjZy/Gn7xxGWC4LeksyZB2ZnuU4q941mVTXTzWnLLP
-KQP5L6RQstRIzgUyVYr9smRMDuSYB3Xbf9+5CFVghTAp+XtIpGmG4zU/HoZd
-enoVve8AjhUiVBcAkCaTvA5JaJG/+EfTnZVCwQ5N328mz8MYIWJmQ3DW1cAH
-4QIDAQABo3QwcjARBglghkgBhvhCAQEEBAMCAAcwHwYDVR0jBBgwFoAUVeSB
-0RGAvtiJuQijMfmhJAkWuXAwHQYDVR0OBBYEFFXkgdERgL7YibkIozH5oSQJ
-FrlwMB0GCSqGSIb2fQdBAAQQMA4bCFY1LjA6NC4wAwIEkDANBgkqhkiG9w0B
-AQUFAAOCAQEAWUesIYSKF8mciVMeuoCFGsY8Tj6xnLZ8xpJdGGQC49MGCBFh
-fGPjK50xA3B20qMooPS7mmNz7W3lKtvtFKkrxjYR0CvrB4ul2p5cGZ1WEvVU
-KcgF7bISKo30Axv/55IQh7A6tcOdBTcSo8f0FbnVpDkWm1M6I5HxqIKiaoho
-wXkCIryqptau37AUX7iH0N18f3v/rxzP5tsHrV7bhZ3QKw0z2wTR5klAEyt2
-+z7pnIkPFc4YsIV4IU9rTw76NmfNB/L/CNDi3tm/Kq+4h4YhPATKt5Rof888
-6ZjXOP/swNlQ8C5LWK5Gb9Auw2DaclVyvUxFnmG6v4SBkgPR0ml8xQ==
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/4184de39.0 b/cert-validity/mozilla/hashed/4184de39.0
deleted file mode 100644
index e836e3fcbde0..000000000000
--- a/cert-validity/mozilla/hashed/4184de39.0
+++ /dev/null
@@ -1,49 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIIODCCB6GgAwIBAgIBADANBgkqhkiG9w0BAQUFADCCAR4xCzAJBgNVBAYT
-AkVTMRIwEAYDVQQIEwlCYXJjZWxvbmExEjAQBgNVBAcTCUJhcmNlbG9uYTEu
-MCwGA1UEChMlSVBTIEludGVybmV0IHB1Ymxpc2hpbmcgU2VydmljZXMgcy5s
-LjErMCkGA1UEChQiaXBzQG1haWwuaXBzLmVzIEMuSS5GLiAgQi02MDkyOTQ1
-MjE0MDIGA1UECxMrSVBTIENBIFRpbWVzdGFtcGluZyBDZXJ0aWZpY2F0aW9u
-IEF1dGhvcml0eTE0MDIGA1UEAxMrSVBTIENBIFRpbWVzdGFtcGluZyBDZXJ0
-aWZpY2F0aW9uIEF1dGhvcml0eTEeMBwGCSqGSIb3DQEJARYPaXBzQG1haWwu
-aXBzLmVzMB4XDTAxMTIyOTAxMTAxOFoXDTI1MTIyNzAxMTAxOFowggEeMQsw
-CQYDVQQGEwJFUzESMBAGA1UECBMJQmFyY2Vsb25hMRIwEAYDVQQHEwlCYXJj
-ZWxvbmExLjAsBgNVBAoTJUlQUyBJbnRlcm5ldCBwdWJsaXNoaW5nIFNlcnZp
-Y2VzIHMubC4xKzApBgNVBAoUImlwc0BtYWlsLmlwcy5lcyBDLkkuRi4gIEIt
-NjA5Mjk0NTIxNDAyBgNVBAsTK0lQUyBDQSBUaW1lc3RhbXBpbmcgQ2VydGlm
-aWNhdGlvbiBBdXRob3JpdHkxNDAyBgNVBAMTK0lQUyBDQSBUaW1lc3RhbXBp
-bmcgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxHjAcBgkqhkiG9w0BCQEWD2lw
-c0BtYWlsLmlwcy5lczCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvLju
-VqWajOY2ycJioGaBjRrVetJznw6EZLqVtJCneK/K/lRhW86yIFcBrkSSQxA4
-Efdo/BdApWgnMjvEp+ZCccWZ73b/K5Uk9UmSGGjKALWkWi9uy9YbLA1UZ2t6
-KaFYq6JaANZbuxjC3/YeE1Z2m6Vo4pjOxgOKNNtMg0GmqaMCAwEAAaOCBIAw
-ggR8MB0GA1UdDgQWBBSL0BBQCYHynQnVDmB4AyKiP8jKZjCCAVAGA1UdIwSC
-AUcwggFDgBSL0BBQCYHynQnVDmB4AyKiP8jKZqGCASakggEiMIIBHjELMAkG
-A1UEBhMCRVMxEjAQBgNVBAgTCUJhcmNlbG9uYTESMBAGA1UEBxMJQmFyY2Vs
-b25hMS4wLAYDVQQKEyVJUFMgSW50ZXJuZXQgcHVibGlzaGluZyBTZXJ2aWNl
-cyBzLmwuMSswKQYDVQQKFCJpcHNAbWFpbC5pcHMuZXMgQy5JLkYuICBCLTYw
-OTI5NDUyMTQwMgYDVQQLEytJUFMgQ0EgVGltZXN0YW1waW5nIENlcnRpZmlj
-YXRpb24gQXV0aG9yaXR5MTQwMgYDVQQDEytJUFMgQ0EgVGltZXN0YW1waW5n
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MR4wHAYJKoZIhvcNAQkBFg9pcHNA
-bWFpbC5pcHMuZXOCAQAwDAYDVR0TBAUwAwEB/zAMBgNVHQ8EBQMDB/+AMGsG
-A1UdJQRkMGIGCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwMGCCsGAQUF
-BwMEBggrBgEFBQcDCAYKKwYBBAGCNwIBFQYKKwYBBAGCNwIBFgYKKwYBBAGC
-NwoDAQYKKwYBBAGCNwoDBDARBglghkgBhvhCAQEEBAMCAAcwGgYDVR0RBBMw
-EYEPaXBzQG1haWwuaXBzLmVzMBoGA1UdEgQTMBGBD2lwc0BtYWlsLmlwcy5l
-czBHBglghkgBhvhCAQ0EOhY4VGltZXN0YW1waW5nIENBIENlcnRpZmljYXRl
-IGlzc3VlZCBieSBodHRwOi8vd3d3Lmlwcy5lcy8wKQYJYIZIAYb4QgECBBwW
-Gmh0dHA6Ly93d3cuaXBzLmVzL2lwczIwMDIvMEAGCWCGSAGG+EIBBAQzFjFo
-dHRwOi8vd3d3Lmlwcy5lcy9pcHMyMDAyL2lwczIwMDJUaW1lc3RhbXBpbmcu
-Y3JsMEUGCWCGSAGG+EIBAwQ4FjZodHRwOi8vd3d3Lmlwcy5lcy9pcHMyMDAy
-L3Jldm9jYXRpb25UaW1lc3RhbXBpbmcuaHRtbD8wQgYJYIZIAYb4QgEHBDUW
-M2h0dHA6Ly93d3cuaXBzLmVzL2lwczIwMDIvcmVuZXdhbFRpbWVzdGFtcGlu
-Zy5odG1sPzBABglghkgBhvhCAQgEMxYxaHR0cDovL3d3dy5pcHMuZXMvaXBz
-MjAwMi9wb2xpY3lUaW1lc3RhbXBpbmcuaHRtbDB/BgNVHR8EeDB2MDegNaAz
-hjFodHRwOi8vd3d3Lmlwcy5lcy9pcHMyMDAyL2lwczIwMDJUaW1lc3RhbXBp
-bmcuY3JsMDugOaA3hjVodHRwOi8vd3d3YmFjay5pcHMuZXMvaXBzMjAwMi9p
-cHMyMDAyVGltZXN0YW1waW5nLmNybDAvBggrBgEFBQcBAQQjMCEwHwYIKwYB
-BQUHMAGGE2h0dHA6Ly9vY3NwLmlwcy5lcy8wDQYJKoZIhvcNAQEFBQADgYEA
-ZbrBzAAalZHK6Ww6vzoeFAh8+4Pua2JR0zORtWB5fgTYXXk36MNbsMRnLWha
-sl8OCvrNPzpFoeo2zyYepxEoxZSPhExTCMWTs/zif/WN87GphV+I3pGW7hdb
-rqXqcGV4LCFkAZXOzkw+UPS2Wctjjba9GNSHSl/c7+lW8AoM6HU=
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/418595b9.0 b/cert-validity/mozilla/hashed/418595b9.0
deleted file mode 100644
index 72060a90c65f..000000000000
--- a/cert-validity/mozilla/hashed/418595b9.0
+++ /dev/null
@@ -1,32 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFFzCCA/+gAwIBAgIBETANBgkqhkiG9w0BAQUFADCCASsxCzAJBgNVBAYT
-AlRSMRgwFgYDVQQHDA9HZWJ6ZSAtIEtvY2FlbGkxRzBFBgNVBAoMPlTDvHJr
-aXllIEJpbGltc2VsIHZlIFRla25vbG9qaWsgQXJhxZ90xLFybWEgS3VydW11
-IC0gVMOcQsSwVEFLMUgwRgYDVQQLDD9VbHVzYWwgRWxla3Ryb25payB2ZSBL
-cmlwdG9sb2ppIEFyYcWfdMSxcm1hIEVuc3RpdMO8c8O8IC0gVUVLQUUxIzAh
-BgNVBAsMGkthbXUgU2VydGlmaWthc3lvbiBNZXJrZXppMUowSAYDVQQDDEFU
-w5xCxLBUQUsgVUVLQUUgS8O2ayBTZXJ0aWZpa2EgSGl6bWV0IFNhxJ9sYXnE
-sWPEsXPEsSAtIFPDvHLDvG0gMzAeFw0wNzA4MjQxMTM3MDdaFw0xNzA4MjEx
-MTM3MDdaMIIBKzELMAkGA1UEBhMCVFIxGDAWBgNVBAcMD0dlYnplIC0gS29j
-YWVsaTFHMEUGA1UECgw+VMO8cmtpeWUgQmlsaW1zZWwgdmUgVGVrbm9sb2pp
-ayBBcmHFn3TEsXJtYSBLdXJ1bXUgLSBUw5xCxLBUQUsxSDBGBgNVBAsMP1Vs
-dXNhbCBFbGVrdHJvbmlrIHZlIEtyaXB0b2xvamkgQXJhxZ90xLFybWEgRW5z
-dGl0w7xzw7wgLSBVRUtBRTEjMCEGA1UECwwaS2FtdSBTZXJ0aWZpa2FzeW9u
-IE1lcmtlemkxSjBIBgNVBAMMQVTDnELEsFRBSyBVRUtBRSBLw7ZrIFNlcnRp
-ZmlrYSBIaXptZXQgU2HEn2xhecSxY8Sxc8SxIC0gU8O8csO8bSAzMIIBIjAN
-BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAim1L/xCIOsP2fpTo6iBkcK4h
-gb46ezzb8R1Sf1n68yJMlaCQvEhOEav7t7WNeoMojCZG2E6VQIdhn8WebYGH
-V2yKO7Rm6sxA/OOqbLLLAdsyv9Lrhc+hDVXDWzhXcLh1xnnRFDDtG1hba+81
-8qEhTsXOfJlfbLm4IpNQp81McGq+agV/E5wrHur+R84EpW+sky58K5+eeROR
-6Oqeyjh1jmKwlZMq5d/pXpduIF9fhHpEORlAHLpVK/swsoHvhOPc7Jg4OQOF
-CKlUAwUp8MmPi+oLhmUZEdPpCSPeaJMDyTYcIW7OjGbxmTDY17PDHfiBLqi9
-ggtm/oLL4eAagsNAgQIDAQABo0IwQDAdBgNVHQ4EFgQUvYiHyY/2pAoLquvF
-/pEjnatKijIwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJ
-KoZIhvcNAQEFBQADggEBAB18+kmPNOm3JpIWmgV050vQbTlswyb2zrgxvMTf
-vCr4N5EY3ATIZJkrGG2AA1nJrvhY0D7twyOfaTyGOBye79oneNGEN3GKPEs5
-z35FBtYt2IpNeBLWrcLTy9LQQfMmNkqblWwM7uXRQydmwYj3erMgbOqwaSvH
-IOgMA8RBBZniP+Rr+KCGgceExh/VS4ESshYhLBOhgLJeDEoTniDYYkCrkOpk
-Si+sDQESeUWoL4cZaMjihccwsnX5OD+ywJO0a+IDRM5noN+J1q2MdqMTw5Rh
-K2vZbMEHCiIHhWyFJEapvj+LeISCfiQMnf2BN+MlqO02TpUsyZyQ2uypQjyt
-tgI=
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/46b2fd3b.0 b/cert-validity/mozilla/hashed/46b2fd3b.0
deleted file mode 100644
index 6eb627a91f8b..000000000000
--- a/cert-validity/mozilla/hashed/46b2fd3b.0
+++ /dev/null
@@ -1,35 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFwTCCA6mgAwIBAgIITrIAZwwDXU8wDQYJKoZIhvcNAQEFBQAwSTELMAkG
-A1UEBhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEjMCEGA1UEAxMaU3dp
-c3NTaWduIFBsYXRpbnVtIENBIC0gRzIwHhcNMDYxMDI1MDgzNjAwWhcNMzYx
-MDI1MDgzNjAwWjBJMQswCQYDVQQGEwJDSDEVMBMGA1UEChMMU3dpc3NTaWdu
-IEFHMSMwIQYDVQQDExpTd2lzc1NpZ24gUGxhdGludW0gQ0EgLSBHMjCCAiIw
-DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMrfogLi2vj8Bxax3mCq3pZc
-ZB/HL37PZ/pEQtZ2Y5Wu669yIIpFR4ZieIbWIDkm9K6j/SPnpZy1IiEZtzeT
-IsBQnIJ71NUERFzLtMKfkr4k2HtnIuJpX+UFeNSH2XFwMyVTtIc7KZAoNppV
-RDBopIOXfw0enHb/FZ1glwCNioUD7IC+6ixuEFGSzH7VozPY1kneWCqv9hbr
-S3uQMpe5up1Y8fhXSQQeol0GcN1x2/ndi5objM89o03Oy3z2u5yg+gnOI2Ky
-6Q0f4nIoj5+saCB9bzuohTEJfwvH6GXp43gOCWcwizSC+13gzJ2BbWLuCB4E
-LE6b7P6pT1/9aXjvCR+htL/68++QHkwFix7qepF6w9fl+zC8bBsQWJj3Gl/Q
-KTIDE0ZNYWqFTFJ0LwYfexHihJfGmfNtf9dng34TaNhxKFrYzt3oEBSa/m0j
-h26OWnA81Y0JAKeqvLAxN23IhBQeW71FYyBrS3SMvds6DsHPWhaPpZjydomy
-ExI7C3d3rLvlPClKknLKYRorXkzig3R3+jVIeoVNjZpTxN94ypeRSCtFKwH3
-HBqi7Ri6Cr2D+m+8jVeTO9TUps4e8aCxzqv9KyiaTxvXw3LbpMS/XUz13XuW
-ae5ogObnmLo2t/5u7Su9IPhlGdpVCX4l3P5hYnL5fhgC72O00Puv5TtjjGeP
-AgMBAAGjgawwgakwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8w
-HQYDVR0OBBYEFFCvzAeHFUdvOMW0ZdHelarp35zMMB8GA1UdIwQYMBaAFFCv
-zAeHFUdvOMW0ZdHelarp35zMMEYGA1UdIAQ/MD0wOwYJYIV0AVkBAQEBMC4w
-LAYIKwYBBQUHAgEWIGh0dHA6Ly9yZXBvc2l0b3J5LnN3aXNzc2lnbi5jb20v
-MA0GCSqGSIb3DQEBBQUAA4ICAQAIhab1Fgz8RBrBY+D5VUYI/HAcQiiWjrfF
-wUF1TglxeeVtlspLpYhg0DB0uMoI3LQwnkAHFmtllXcBrqS3NQuB2nEVqXQX
-OHtYyvkv+8Bldo1bAbl93oI9ZLi+FHSjClTTLJUYFzX1UWs/j6KWYTl4a0vl
-pqD4U99REJNi54Av4tHgvI42Rncz7Lj7jposiU0xEQ8mngS7twSNC/K5/Fqd
-Oxa3L8iYq/6KUFkuozv8KV2LwUvJ4ooTHbG/u0IdUt1O2BReEMYxB+9xJ/cb
-OQncguqLs5WGXv312l0xpuAxtpTmREl0xRbl9x8DYSjFyMsSoEJL+WuICI20
-MhjzdZ/EfwBPBZWcoxcCw7NTm6ogOSkrZvqdr16zktK1puEa+S1BaYEUtLS1
-7Yk9zvupnTVCRLEcFHOBzyoBNZox1S2PbYTfgE1X4z/FhHXaicYwu+uPyyII
-oK6q8QNsOktNCaUOcsZWayFCTiMlFGiudgp8DAdwZPmaL/YFOSbGDI8Zf0Ne
-bvRbFS/bYV3mZy8/CJT5YLSYMdp08YSTcU1f+2BY0fvEwW2JorsgH51xkcsy
-mxM9Pn2SUjWskpSi0xjCfMfqr3YFFt1nJ8J+HAciIfNAChs0B0QTwoRqjt8Z
-Wr9/6x3iGjjRXK9HkmuAtTClyY3YqzGBH9/CZjfTk6mFhnll0g==
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/48a195d8.0 b/cert-validity/mozilla/hashed/48a195d8.0
deleted file mode 100644
index aee3b36eec4a..000000000000
--- a/cert-validity/mozilla/hashed/48a195d8.0
+++ /dev/null
@@ -1,36 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIF8TCCA9mgAwIBAgIQALC3WhZIX7/hy/WL1xnmfTANBgkqhkiG9w0BAQsF
-ADA4MQswCQYDVQQGEwJFUzEUMBIGA1UECgwLSVpFTlBFIFMuQS4xEzARBgNV
-BAMMCkl6ZW5wZS5jb20wHhcNMDcxMjEzMTMwODI4WhcNMzcxMjEzMDgyNzI1
-WjA4MQswCQYDVQQGEwJFUzEUMBIGA1UECgwLSVpFTlBFIFMuQS4xEzARBgNV
-BAMMCkl6ZW5wZS5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC
-AQDJ03rKDx6sp4boFmVqscIbRTJxldn+EFvMr+eleQGPicPK8lVx93e+d5Tz
-cqQsRNiekpsUOqHnJJAKClaOxdgmlOHZSOEtPtoKct2jmRXagaKH9HtuJneJ
-WK3W6wyyQXpzbm3benhB6QiIEn6HLmYRY2xU+zydcsC8Lv/Ct90NduM61/e0
-aL6i9eOBbsFGb12N4E3GVFWJGjMxCrFXuaOKmMPsOzTFlUFpfnXCPCDFYbpR
-R6AgkJOhkEvzTnyFRVSa0QUmQbC1TR0zvsQDyCV8wXDbO/QJLVQnSKwv4cSs
-PsjLkkxTOTcj7NMB+eAJRE1NZMDhDVqHIrytG6P+JrUV86f8hBnp7KGItERp
-hIPzidF0BqnMC9bC3ieFUCbKF7jJeodWLBoBHmy+E60QrLUk9TiRodZL2vG7
-0t5HtfG8gfZZa88ZU+mNFctKy6lvROUbQc/hhqfK0GqfvEyNBjNaooXlkDWg
-YlwWTvDjovoDGrQscbNYLN57C9saD+veIR8GdwYDsMnvmfzAuU8Lhij+0rnq
-49qlw0dpEuDb8PYZi+17cNcC1u2HGCgsBCRMd+RIihrGO5rUD8r6ddIBQFqN
-eb+Lz0vPqhbBleStTIo+F5HUsWLlguWABKQDfo2/2n+iD5dPDNMN+9fR5XJ+
-HMh3/1uaD7euBUbl8agW7EekFwIDAQABo4H2MIHzMIGwBgNVHREEgagwgaWB
-D2luZm9AaXplbnBlLmNvbaSBkTCBjjFHMEUGA1UECgw+SVpFTlBFIFMuQS4g
-LSBDSUYgQTAxMzM3MjYwLVJNZXJjLlZpdG9yaWEtR2FzdGVpeiBUMTA1NSBG
-NjIgUzgxQzBBBgNVBAkMOkF2ZGEgZGVsIE1lZGl0ZXJyYW5lbyBFdG9yYmlk
-ZWEgMTQgLSAwMTAxMCBWaXRvcmlhLUdhc3RlaXowDwYDVR0TAQH/BAUwAwEB
-/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFB0cZQ6o8iV7tJHP5LGx5r1V
-dGwFMA0GCSqGSIb3DQEBCwUAA4ICAQB4pgwWSp9MiDrAyw6lFn2fuUhfGI8N
-Yjb2zRlrrKvV9pF9rnHzP7MOeIWblaQnIUdCSnxIOvVFfLMMjlF4rJUT3sb9
-fbgakEyrkgPH7UIBzg/YsfqikuFgba56awmqxinuaElnMIAkejEWOVt+8Rwu
-3WwJrfIxwYJOubv5vr8qhT/AQKM6WfxZSzwoJNu0FXWuDYi6LnPAvViH5ULy
-617uHjAimcs30cQhbIHsvm0m5hzkQiCeR7Csg1lwLDXWrzY0tM07+DKo7+N4
-ifuNRSzanLh+QBxh5z6ikixL8s36mLYp//Pye6kfLqCTVyvehQP5aTfLnnhq
-BbTFMXiJ7HqnheG5ezzevh55hM6fcA5ZwjUukCox2eRFekGkLhObNA5me0mr
-ZJfQRsN5nXJQY6aYWwa9SG3YOYNw6DXwBdGqvOPbyALqfP2C2sJbUjWumDqt
-ujWTI6cfSN01RpiyEGjkpTHCClguGYEQyVB1/OpaFs4R1+7vUIgtYf8/QnMF
-lEPVjjxOAToZpR9GTnfQXeWBIiGH/pR9hNiTrdZoQ0iy2+tzJOeRf1SktoA+
-naM8THLCV8Sg1Mw4J87VBp6iSNnpn86CcDaTmjvfliHjWbcM2pE38P1ZWrOZ
-yGlsQyYBNWNgVYkDOnXYukrZVP/u3oDYLdE41V4tC5h9Pmzb/CaIxw==
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/4d654d1d.0 b/cert-validity/mozilla/hashed/4d654d1d.0
deleted file mode 100644
index 63d8d23fe3ae..000000000000
--- a/cert-validity/mozilla/hashed/4d654d1d.0
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICWjCCAcMCAgGlMA0GCSqGSIb3DQEBBAUAMHUxCzAJBgNVBAYTAlVTMRgw
-FgYDVQQKEw9HVEUgQ29ycG9yYXRpb24xJzAlBgNVBAsTHkdURSBDeWJlclRy
-dXN0IFNvbHV0aW9ucywgSW5jLjEjMCEGA1UEAxMaR1RFIEN5YmVyVHJ1c3Qg
-R2xvYmFsIFJvb3QwHhcNOTgwODEzMDAyOTAwWhcNMTgwODEzMjM1OTAwWjB1
-MQswCQYDVQQGEwJVUzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW9uMScwJQYD
-VQQLEx5HVEUgQ3liZXJUcnVzdCBTb2x1dGlvbnMsIEluYy4xIzAhBgNVBAMT
-GkdURSBDeWJlclRydXN0IEdsb2JhbCBSb290MIGfMA0GCSqGSIb3DQEBAQUA
-A4GNADCBiQKBgQCVD6C28FCc6HrHiM3dFw4usJTQGz0O9pTAipTHBsiQl8i4
-ZBp6fmw8U+E3KHNgf7KXUwefU/ltWJTSr41tiGeA5u2ylc9yMcqlHHK6XALn
-ZELn+aks1joNrI1CqiQBOeacPwGFVw1Yh0X404Wqk2kmhXBIgD8SFcd5tB8F
-LztimQIDAQABMA0GCSqGSIb3DQEBBAUAA4GBAG3rGwnpXtlR22ciYaQqPEh3
-46B8pt5zohQDhT37qw4wxYMWM4ETCJ57NE7fQMh017l93PR2VX2bY1QY6fDq
-81yx2YtCHrnAlU66+tXifPVoYb+O7AWXX1uw16OFNMQkpw0PlZPvy5TYnh+d
-XIVtx6quTx8itc2VrbqnzPmrC3p/
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/4e18c148.0 b/cert-validity/mozilla/hashed/4e18c148.0
deleted file mode 100644
index 34a601cb1e98..000000000000
--- a/cert-validity/mozilla/hashed/4e18c148.0
+++ /dev/null
@@ -1,23 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDnzCCAoegAwIBAgIBJjANBgkqhkiG9w0BAQUFADBxMQswCQYDVQQGEwJE
-RTEcMBoGA1UEChMTRGV1dHNjaGUgVGVsZWtvbSBBRzEfMB0GA1UECxMWVC1U
-ZWxlU2VjIFRydXN0IENlbnRlcjEjMCEGA1UEAxMaRGV1dHNjaGUgVGVsZWtv
-bSBSb290IENBIDIwHhcNOTkwNzA5MTIxMTAwWhcNMTkwNzA5MjM1OTAwWjBx
-MQswCQYDVQQGEwJERTEcMBoGA1UEChMTRGV1dHNjaGUgVGVsZWtvbSBBRzEf
-MB0GA1UECxMWVC1UZWxlU2VjIFRydXN0IENlbnRlcjEjMCEGA1UEAxMaRGV1
-dHNjaGUgVGVsZWtvbSBSb290IENBIDIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
-DwAwggEKAoIBAQCrC6M14IspFLEUha88EOQ5bzVdSq7d6mGNlUn0b2SjGmBm
-pKlAIoTZ1KXleJMOaAGtuU1cOs7TuKhCQN/Po7qCWWqSG6wcmtoIKyUn+Wkj
-R/Hg6yx6m/UTAtB+NHzCnjwAWav12gz1MjwrrFDa1sPeg5TKqAyZMg4ISFZb
-avva4VhYAUlfckE8FQYBjl2tqriTtM2e66foai1SNNs671x1Udrb8zH57nGY
-MsRUFUQM+ZtV7a3fGAigo4aKSe5TBY8ZTNXeWHmb0mocQqvF1afPaA+W5OFh
-mHZhyJF81j4A4pFQh+GdCuatl9Idxjp9y7zaAzTVjlsB9WoHtxa2bkp/AgMB
-AAGjQjBAMB0GA1UdDgQWBBQxw3kbuvVT1xfgiXotF2wKsyudMzAPBgNVHRME
-CDAGAQH/AgEFMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEA
-lGRZrTlk5ynrE/5aw4sTV8gEJPB0d8Bg42f76Ymmg7+Wgnxu1MM9756Abrsp
-tJh6sTtU6zkXR34ajgv8HzFZMQSyzhfzLMdiNlXiItiJVbSYSKpk+tYcNthE
-eFpaIzpXl/V6ME+un2pMSyuOoAPjPuCp1NJ70rOo4nI8rZ7/gFnkm0W09juw
-zTkZmDLl6iFhkOQxIY40sfcvNUqFENrnijchvllj4PKFiDFT1FQUhXB59C4G
-dyd1Lx+4ivn+xbrYNuSD7Odlt79jWvNGr4GUN9RBjNYj1h7P9WgbRGOiWrqn
-NVmh5XAFmw4jV5mUCm26OWMohpLzGITY+9HPBVZkVw==
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/4fbd6bfa.0 b/cert-validity/mozilla/hashed/4fbd6bfa.0
deleted file mode 100644
index 2f61bb0e43b6..000000000000
--- a/cert-validity/mozilla/hashed/4fbd6bfa.0
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEXjCCA0agAwIBAgIQRL4Mi1AAIbQR0ypoBqmtaTANBgkqhkiG9w0BAQUF
-ADCBkzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0
-IExha2UgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEw
-HwYDVQQLExhodHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xGzAZBgNVBAMTElVU
-TiAtIERBVEFDb3JwIFNHQzAeFw05OTA2MjQxODU3MjFaFw0xOTA2MjQxOTA2
-MzBaMIGTMQswCQYDVQQGEwJVUzELMAkGA1UECBMCVVQxFzAVBgNVBAcTDlNh
-bHQgTGFrZSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsx
-ITAfBgNVBAsTGGh0dHA6Ly93d3cudXNlcnRydXN0LmNvbTEbMBkGA1UEAxMS
-VVROIC0gREFUQUNvcnAgU0dDMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
-CgKCAQEA3+5YEKIrblXEjr8uRgnn4AgPLit6E5Qbvfa2gI5lBZMAHryv4g+O
-GQ0SR+ysraP6LnD43m77VkIVni5c7yPeIbkFdicZD0/Ww5y0vpQZY/KmEQrr
-U0icvvIpOxboGqBMpsn0GFlowHDyUwDAXlCCpVZvNvlK4ESGoE1O1kduSUrL
-Z9emxAW5jh70/P/N5zbgnAVssjMiFdC04MwXwLLA9P4yPykqlXvY8qdOD1R8
-oQ2AswkDwf9c3V6aPryuvEeKaq5xyh+xKrhfQgUL7EYw0XILyulWbfXv33i+
-Ybqypa4ETLyorGkVl73v67SMvzX41MPRKA5cOp9wGDMgd8SirwIDAQABo4Gr
-MIGoMAsGA1UdDwQEAwIBxjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRT
-MtGzz3/64PGgXYVOktKeRR20TzA9BgNVHR8ENjA0MDKgMKAuhixodHRwOi8v
-Y3JsLnVzZXJ0cnVzdC5jb20vVVROLURBVEFDb3JwU0dDLmNybDAqBgNVHSUE
-IzAhBggrBgEFBQcDAQYKKwYBBAGCNwoDAwYJYIZIAYb4QgQBMA0GCSqGSIb3
-DQEBBQUAA4IBAQAnNZcAiosovcYzMB4p/OL31ZjUQLtgyr+rFywJNn9Q+kHc
-rpY6CiM+iVnJowftGzet/Hy+UUla3joKVAgWRcKZsYfNjGjgaQPpxE6YsjuM
-FrMOoAyYUJuTqXAJyCyjj98C5OBxOvG0I3KgqgHf35g+FFCgMSa9KOlaMCZ1
-+XtgHI3zzVAmbQQnmt/VDUVHKWss5nbZqSl9Mt3JNjy9rjXxEZ4du5A/EkdO
-jtd+D2JzHVImOBwYSf0wdJrE5SIv2MCN7ZF6TACPcn9d2t0bi0Vr591pl6jF
-VkwPDPafepE39peC4N1xaf92P2BNPM/3mfnGV/TJVTl4uix5yaaIK/QI
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/5021a0a2.0 b/cert-validity/mozilla/hashed/5021a0a2.0
deleted file mode 100644
index 3260142e62af..000000000000
--- a/cert-validity/mozilla/hashed/5021a0a2.0
+++ /dev/null
@@ -1,25 +0,0 @@
------BEGIN CERTIFICATE-----
-MIID3TCCAsWgAwIBAgIOHaIAAQAC7LdggHiNtgYwDQYJKoZIhvcNAQEFBQAw
-eTELMAkGA1UEBhMCREUxHDAaBgNVBAoTE1RDIFRydXN0Q2VudGVyIEdtYkgx
-JDAiBgNVBAsTG1RDIFRydXN0Q2VudGVyIFVuaXZlcnNhbCBDQTEmMCQGA1UE
-AxMdVEMgVHJ1c3RDZW50ZXIgVW5pdmVyc2FsIENBIEkwHhcNMDYwMzIyMTU1
-NDI4WhcNMjUxMjMxMjI1OTU5WjB5MQswCQYDVQQGEwJERTEcMBoGA1UEChMT
-VEMgVHJ1c3RDZW50ZXIgR21iSDEkMCIGA1UECxMbVEMgVHJ1c3RDZW50ZXIg
-VW5pdmVyc2FsIENBMSYwJAYDVQQDEx1UQyBUcnVzdENlbnRlciBVbml2ZXJz
-YWwgQ0EgSTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKR3I5ZE
-r5D0MacQ9CaHnPM42Q9e3s9B6DGtxnSRJJZ4Hgmgm5qVSkr1YnwCqMqs+1oE
-djneX/H5s7/zA1hV0qq34wQi0fiU2iIIAI3TfCZdzHd55yx4Oagmcw6iXSVp
-hU9VDprvxrlE4Vc93x9UIuVvZaozhDrzznq+VZeujRIPFDPiUHDDSYcTvFHe
-15gSWu86gzOSBnWLknwSaHtwag+1m7Z3W0hZneTvWq3zwZ7U10VOylY0Ibw+
-F1tvdwxIAUMpsN0/lm7mlaoMwCC2/T42J5zjXM9OgdwZu5GQfezmlwQek8wi
-SdeXhrYTCjxDI3d+8NzmzSQfO4ObNDqDNOMCAwEAAaNjMGEwHwYDVR0jBBgw
-FoAUkqR1LKSevoFE63n8isWVpesQdXMwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
-HQ8BAf8EBAMCAYYwHQYDVR0OBBYEFJKkdSyknr6BROt5/IrFlaXrEHVzMA0G
-CSqGSIb3DQEBBQUAA4IBAQAo0uCG1eb4e/CX3CJrO5UUVg8RMKWaTzqwOuAG
-y2X17caXJ/4l8lfmXpWMPmRgFVp/Lw0BxbFg/UU1z/CyvwbZ71q+s2IhtNer
-NXxTPqYn8aEt2hojnczd7Dwtnic0XQ/CNnm8yUpiLe1r2X1BQ3y2qsrtYbE3
-ghUJGooWMNjsydZHcnhLEEYUjl8Or+zHL6sQ17bxbuyGssLoDZJz3KL0Dzq/
-YSMQiZxIQG5wALPTujdEWBF6AmqI8Dc08BnprNRlc/ZpjGSUOnmFKbAWKwyC
-Pwacx/0QK54PLLae4xW/2TYcuiUaUj0a7CIMHOCkoj3w6DnPgcB77V0fb8XQ
-C9eY
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/5046c355.0 b/cert-validity/mozilla/hashed/5046c355.0
deleted file mode 100644
index ede080e0bf19..000000000000
--- a/cert-validity/mozilla/hashed/5046c355.0
+++ /dev/null
@@ -1,35 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFvTCCA6WgAwIBAgIITxvUL1S7L0swDQYJKoZIhvcNAQEFBQAwRzELMAkG
-A1UEBhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEhMB8GA1UEAxMYU3dp
-c3NTaWduIFNpbHZlciBDQSAtIEcyMB4XDTA2MTAyNTA4MzI0NloXDTM2MTAy
-NTA4MzI0NlowRzELMAkGA1UEBhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBB
-RzEhMB8GA1UEAxMYU3dpc3NTaWduIFNpbHZlciBDQSAtIEcyMIICIjANBgkq
-hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxPGHf9N4Mfc4yfjDmUO8x/e8N+dO
-cbpLj6VzHVxumK4DV644N0MvFz0fyM5oEMF4rhkDKxD6LHmD9ui5aLlV8gRE
-pzn5/ASLHvGiTSf5YXu6t+WiE7brYT7QbNHm+/pe7R20nqA1W6GSy/BJkv6F
-CgU+5tkL4k+73JU3/JHpMjUi0R86TieFnbAVlDLaYQ1HTWBCrpJH6INaUFjp
-iou5XaHc3ZlKHzZnu0jkg7Y360g6rw9njxcH6ATK72oxh9TAtvmUcXtnZLi2
-kUpCe2UuMGoM9ZDulebyzYLs2aFK7PayS+VFheZteJMELpyCbTapxDFkH4aD
-Cyr0NQp4yVXPQbBH6TCfmb5hqAaEuSh6XzjZG6k4sIN/c8HDO0gqgg8hm7jM
-qDXDhBuDsz6+pJVpATqJAHgE2cn0mRmrVn5bi4Y5FZGkECwJMoBgs5PAKrYY
-C51+jUnyEEp/+dVGLxmSo5mnJqy7jDzmDrxHB9xzUfFwZC8I+bRHHTBsROop
-N4WSaGa8gzj+ezku01DwH/teYLappvonQfGbGHLy9YR0SslnxFSuSGTfjNFu
-sB3hB48IHpmccelM2KX3RxIfdNFRnobzwqIjQAtz20um53MGjMGg6cFZrEb6
-5i/4z3GcRm25xBWNOHkDRUjvxF3XCO6HOSKGsg0PWEP3calILv3q1h8CAwEA
-AaOBrDCBqTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNV
-HQ4EFgQUF6DNweRBtjpbO8tFnb0cwpj6hlgwHwYDVR0jBBgwFoAUF6DNweRB
-tjpbO8tFnb0cwpj6hlgwRgYDVR0gBD8wPTA7BglghXQBWQEDAQEwLjAsBggr
-BgEFBQcCARYgaHR0cDovL3JlcG9zaXRvcnkuc3dpc3NzaWduLmNvbS8wDQYJ
-KoZIhvcNAQEFBQADggIBAHPGgeAn0i0P4JUw4ppBf1AsX19iYamGamkYDHRJ
-1l2E6kFSGG9YrVBWIGrGvShpWJHckRE1qTodvBqlYJ7YH39FkWnZfrt4csEG
-DyrOj4VwYaygzQu4OSlWhDJOhrs9xCrZ1x9y7v5RoSJBsXECYxqCsGKrXlcS
-H9/L3XWgwF15kIwb4FDm3jH+mHtwX6WQ2K34ArZv02DdQEsixT2tOnqfGhpH
-kXkzuoLcMmkDlm4fS/Bx/uNncqCxv1yL5PqZIseEuRuNI5c/7SXgz2W79WEE
-790eslpBIlqhn10s6FvJbakMDHiqYMZWjwFaDGi8aRl5xB9+lwW/xekkUV7U
-1UtT7dkjWjYDZaPBA61BMPNGG4WQr2W11bHkFlt4dR2Xem1ZqSqPe97Dh4kQ
-mUlzeMg9vVE1dCrV8X5pGyq7O70luJpaPXJhkGaH7gzWTdQRdAtq/gsD/KNV
-V4n+SsuuWxcFyPKNIzFTONItaj+CuY0IavdeQXRuwxF+B6wpYJE/OMpXEA29
-MC/HpeZBoNquBYeaoKRlbEwJDIm6uNO5wJOKMPqN5ZprFQFOZ6raYlY+hAhm
-0sQ2fac+EPyI4NSA5QC9qvNOBqN6avlicuMJT+ubDgEj8Z+7fNzcbBGXJbLy
-tGMU0gYqZ4yD9c7qB9iaah7s5Aq7KkzrCWA5zspi2C5u
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/524d9b43.0 b/cert-validity/mozilla/hashed/524d9b43.0
deleted file mode 100644
index 08d80440b2f7..000000000000
--- a/cert-validity/mozilla/hashed/524d9b43.0
+++ /dev/null
@@ -1,29 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEuTCCA6GgAwIBAgIQQBrEZCGzEyEDDrvkEhrFHTANBgkqhkiG9w0BAQsF
-ADCBvTELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8w
-HQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykg
-MjAwOCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5
-MTgwNgYDVQQDEy9WZXJpU2lnbiBVbml2ZXJzYWwgUm9vdCBDZXJ0aWZpY2F0
-aW9uIEF1dGhvcml0eTAeFw0wODA0MDIwMDAwMDBaFw0zNzEyMDEyMzU5NTla
-MIG9MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAd
-BgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAy
-MDA4IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkx
-ODA2BgNVBAMTL1ZlcmlTaWduIFVuaXZlcnNhbCBSb290IENlcnRpZmljYXRp
-b24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
-x2E3XrEBNNti1xWb/1hajCMj1mCOkdeQmIN65lgZOIzF9uVkhbSicfvtvbna
-zU0AtMgtc6XHaXGVHzk8skQHnOgO+k1KxCHfKWGPMiJhgsWHH26MfF8WIFFE
-0XBPV+rjHOPMee5Y2A7Cs0WTwCznmhcrewA3ekEzeOEz4vMQGn+HLL729fdC
-4uW/h2KJXwBL38Xd5HVEMkE6HnFuacsLdUYI0crSK5XQz/u5QGtkjFdN/BMR
-eYTtXlT2NJ8IAfMQJQYXStrxHXpma5hgZqTZ79IugvHw7wnqRMkVauIDbjPT
-rJ9VAMf2CGqUuV/c4DPxhGD5WycRtPwW8rtWaoAljQIDAQABo4GyMIGvMA8G
-A1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMG0GCCsGAQUFBwEMBGEw
-X6FdoFswWTBXMFUWCWltYWdlL2dpZjAhMB8wBwYFKw4DAhoEFI/l0xqGrI2O
-a8PPgGrUSBgsexkuMCUWI2h0dHA6Ly9sb2dvLnZlcmlzaWduLmNvbS92c2xv
-Z28uZ2lmMB0GA1UdDgQWBBS2d/ppSEefUxLVwuoHMnYH0ZcHGTANBgkqhkiG
-9w0BAQsFAAOCAQEASvj4sAPmLGd75JR3Y8xuTPl9Dg3cyLk1uXBPY/ok+myD
-jEedO2Pzmvl2MpWRsXe8rJq+seQxIcaBlVZaDrHC1LGmWazxY8u4TB1ZkErv
-kBYoH1quEPuBUDgMbMzxPcP1Y+Oz4yHJJDnp/RVmRvQbEdBNc6N9Rvk97ahf
-YtTxP/jgdFcrGJ2BtMQo2pSXpXDrrB2+BxHw1dvd5Yzw1TKwg+ZX4o+/vqGq
-vz0dtdQ46tewXDpPaj+PwGZsY6rp2aQW9IHRlRQOfc2VNNnSj3BzgXucfr2Y
-YdhFh5iQxeuGMMY1v/D/w1WIg0vvBZIGcfK4mJO37M2CYfE45k+XmCpajQ==
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/54edfa5d.0 b/cert-validity/mozilla/hashed/54edfa5d.0
deleted file mode 100644
index cd88223c713d..000000000000
--- a/cert-validity/mozilla/hashed/54edfa5d.0
+++ /dev/null
@@ -1,22 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDXDCCAsWgAwIBAgICA+swDQYJKoZIhvcNAQEEBQAwgbwxCzAJBgNVBAYT
-AkRFMRAwDgYDVQQIEwdIYW1idXJnMRAwDgYDVQQHEwdIYW1idXJnMTowOAYD
-VQQKEzFUQyBUcnVzdENlbnRlciBmb3IgU2VjdXJpdHkgaW4gRGF0YSBOZXR3
-b3JrcyBHbWJIMSIwIAYDVQQLExlUQyBUcnVzdENlbnRlciBDbGFzcyAzIENB
-MSkwJwYJKoZIhvcNAQkBFhpjZXJ0aWZpY2F0ZUB0cnVzdGNlbnRlci5kZTAe
-Fw05ODAzMDkxMTU5NTlaFw0xMTAxMDExMTU5NTlaMIG8MQswCQYDVQQGEwJE
-RTEQMA4GA1UECBMHSGFtYnVyZzEQMA4GA1UEBxMHSGFtYnVyZzE6MDgGA1UE
-ChMxVEMgVHJ1c3RDZW50ZXIgZm9yIFNlY3VyaXR5IGluIERhdGEgTmV0d29y
-a3MgR21iSDEiMCAGA1UECxMZVEMgVHJ1c3RDZW50ZXIgQ2xhc3MgMyBDQTEp
-MCcGCSqGSIb3DQEJARYaY2VydGlmaWNhdGVAdHJ1c3RjZW50ZXIuZGUwgZ8w
-DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALa0wTUFLg2N7KBAahwOJ6ZQkmtQ
-GwfeLud2zODa/ISoXoxjaitN2U4CdhHBC/KNecoAtvGwDtf7pBc9r6tpepYn
-v68zoZoqWarEtTcI8hKlMbZD9TKWcSgoq40oht+77uMMfTDWw1Krj10nnGvA
-o+cFa1dJRLNu6mTP0o56UHd3AgMBAAGjazBpMA8GA1UdEwEB/wQFMAMBAf8w
-DgYDVR0PAQH/BAQDAgGGMDMGCWCGSAGG+EIBCAQmFiRodHRwOi8vd3d3LnRy
-dXN0Y2VudGVyLmRlL2d1aWRlbGluZXMwEQYJYIZIAYb4QgEBBAQDAgAHMA0G
-CSqGSIb3DQEBBAUAA4GBABY9xs3Bu4VxhUafPiCPUSiZ7C1FIWMjWwS7TJC4
-iJIETb19AaM/9uzO8d7+feXhPrvGq14L3T2WxMup1Pkm5gZOngylerpuw3yC
-GdHHsbHD2w2Om0B8NwvxXej9H5CIpQ5ON2QhqE6NtJ/x3kit1VYYUimLRzQS
-CdS7kjXvD9s0
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/56b8a0b6.0 b/cert-validity/mozilla/hashed/56b8a0b6.0
deleted file mode 100644
index 2d5e5d2e9beb..000000000000
--- a/cert-validity/mozilla/hashed/56b8a0b6.0
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEPDCCAySgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBvjE/MD0GA1UEAww2
-VMOcUktUUlVTVCBFbGVrdHJvbmlrIFNlcnRpZmlrYSBIaXptZXQgU2HEn2xh
-ecSxY8Sxc8SxMQswCQYDVQQGEwJUUjEPMA0GA1UEBwwGQW5rYXJhMV0wWwYD
-VQQKDFRUw5xSS1RSVVNUIEJpbGdpIMSwbGV0acWfaW0gdmUgQmlsacWfaW0g
-R8O8dmVubGnEn2kgSGl6bWV0bGVyaSBBLsWeLiAoYykgS2FzxLFtIDIwMDUw
-HhcNMDUxMTA3MTAwNzU3WhcNMTUwOTE2MTAwNzU3WjCBvjE/MD0GA1UEAww2
-VMOcUktUUlVTVCBFbGVrdHJvbmlrIFNlcnRpZmlrYSBIaXptZXQgU2HEn2xh
-ecSxY8Sxc8SxMQswCQYDVQQGEwJUUjEPMA0GA1UEBwwGQW5rYXJhMV0wWwYD
-VQQKDFRUw5xSS1RSVVNUIEJpbGdpIMSwbGV0acWfaW0gdmUgQmlsacWfaW0g
-R8O8dmVubGnEn2kgSGl6bWV0bGVyaSBBLsWeLiAoYykgS2FzxLFtIDIwMDUw
-ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpNn7DkUNMwxmYCMjH
-WHtPFoylzkkBH3MOrHUTpvqeLCDe2JAOCtFp0if7qnefJ1Il4std2NiDUBd9
-irWCPwSOtNXwSadktx4uXyCcUHVPr+G1QRT0mJKIx+XlZEdhR3n9wFHxwZnn
-3M5q+6+1ATDcRhzviuyV79z/rxAc653YsKpqhRgNF8k+v/Gb0AmJQv2gQrSd
-iVFVKc8bcLyEVK3BEx+Y9C52YItdP5qtygy/p1Zbj3e41Z55SZI/4PGXJHps
-mxcPbe9TmJEr5A++WXkHeLuXlfSfadRYhwqp48y2WBmfJiGxxFmNskF1wK1p
-zpwACPI2/z7woQ8arBT9pmAPAgMBAAGjQzBBMB0GA1UdDgQWBBTZN7NOBf3Z
-z58SFq62iS/rJTqIHDAPBgNVHQ8BAf8EBQMDBwYAMA8GA1UdEwEB/wQFMAMB
-Af8wDQYJKoZIhvcNAQEFBQADggEBAHJglrfJ3NgpXiOFX7KzLXb7iNcX/ntt
-Rbj2hWyfIvwqECLsqrkw9qtY1jkQMZkpAL2JZkH7dN6RwRgLn7Vhy506vvWo
-lKMiVW4XSf/SKfE4Jl3vpao6+XF75tpYHdN0wgH6PmlYX63LaL4ULptswLbc
-oCb6dxriJNoaN+BnrdFzgw2lGh1uEpJ+hGIAF728JRhX8tepb1mIvDS3LoV4
-nZbcFMMsilKbloxSZj2GFotHuFEJjOp9zYhys2AzsfAKRO8P9Qk3iCQOLGsg
-OqL6EfJANZxEaGM7rDNvY7wsu/LSy3Z9fYjYHcgFHW68lKlmjHdxx/qR+i9R
-nuk5UrbnBEI=
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/57692373.0 b/cert-validity/mozilla/hashed/57692373.0
deleted file mode 100644
index a4e205c97366..000000000000
--- a/cert-validity/mozilla/hashed/57692373.0
+++ /dev/null
@@ -1,22 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDZjCCAk6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBEMQswCQYDVQQGEwJV
-UzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEdMBsGA1UEAxMUR2VvVHJ1c3Qg
-R2xvYmFsIENBIDIwHhcNMDQwMzA0MDUwMDAwWhcNMTkwMzA0MDUwMDAwWjBE
-MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEdMBsGA1UE
-AxMUR2VvVHJ1c3QgR2xvYmFsIENBIDIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
-DwAwggEKAoIBAQDvPE1APRDfO1MA4Wf+lGAVPoWI8YkNkMgoI5kF6Csgncbz
-YEbYwbLVjDHZ3CB5JIG/NTL8Y2nbsSpr7iFY8gjpeMtvy/wWUsiRxP89c96x
-PqfCfWbB9X5SJBri1WeR0IIQ13hLTytCOb1kLUCgsBDTOEhGiKEMuzozKmKY
-+wCdE1l/bztyqu6mD4b5BWHqZ38MN5aL5mkWRxHCJ1kDs6ZgwiFAVvqgx306
-E+PsV8ez1q6diYD3Aecs9pYrEw15LNnA5IZ7S4wMcoKK+xfNAGw6EzywhIdL
-Fnopsk/bHdQL82Y3vdj2V7teJHq4PIu5+pIaGoSe2HSPqht/XvT+RSIhAgMB
-AAGjYzBhMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFHE4NvICMVNHK266
-ZUapEBVYIAUJMB8GA1UdIwQYMBaAFHE4NvICMVNHK266ZUapEBVYIAUJMA4G
-A1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQUFAAOCAQEAA/e1K6tdEPx7srJe
-rJsOflN4WT5CBP51o62sgU7XAotexC3IUnbHLB/8gTKY0UvGkpMzNTEv/Ngd
-RN3ggX+d6YvhZJFiCzkIjKx0nVnZellSlxG5FntvRdOW2TF9AjYPnDtuzywN
-A0ZF66D0f0hExghAzN4bcLUprbqLOzRldRtxIR0sFAqwlpW41uryZfspuk/q
-kZN0abby/+Ea0AzRdoXLiiW9l14sbxWZJue2Kf8i7MkCx1YAzUm5s2x7UwQa
-4qjJqhIFI8LO57sEAszAR6LkxCkvW0VXiVHuPOtSCP8HNR6fNWpHSlaY0VqF
-H4z1Ir+rzoPz4iIprn2DQKi6bA==
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/58a44af1.0 b/cert-validity/mozilla/hashed/58a44af1.0
deleted file mode 100644
index 3b804a8c5200..000000000000
--- a/cert-validity/mozilla/hashed/58a44af1.0
+++ /dev/null
@@ -1,25 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEAjCCAuqgAwIBAgIFORFFEJQwDQYJKoZIhvcNAQEFBQAwgYUxCzAJBgNV
-BAYTAkZSMQ8wDQYDVQQIEwZGcmFuY2UxDjAMBgNVBAcTBVBhcmlzMRAwDgYD
-VQQKEwdQTS9TR0ROMQ4wDAYDVQQLEwVEQ1NTSTEOMAwGA1UEAxMFSUdDL0Ex
-IzAhBgkqhkiG9w0BCQEWFGlnY2FAc2dkbi5wbS5nb3V2LmZyMB4XDTAyMTIx
-MzE0MjkyM1oXDTIwMTAxNzE0MjkyMlowgYUxCzAJBgNVBAYTAkZSMQ8wDQYD
-VQQIEwZGcmFuY2UxDjAMBgNVBAcTBVBhcmlzMRAwDgYDVQQKEwdQTS9TR0RO
-MQ4wDAYDVQQLEwVEQ1NTSTEOMAwGA1UEAxMFSUdDL0ExIzAhBgkqhkiG9w0B
-CQEWFGlnY2FAc2dkbi5wbS5nb3V2LmZyMIIBIjANBgkqhkiG9w0BAQEFAAOC
-AQ8AMIIBCgKCAQEAsh/R0GLFMzvABIaIs9z4iPf930Pfeo2aSVz2TqrMHLmh
-6yeJ8kbpO0px1R2OLc/mratjUMdUC24SyZA2xtgv2pGqaMVy/hcKshd+ebUy
-iHDKcMCWSo7kVc0dJ5S/znIq7Fz5cyD+vfcuiWe4u0dzEvfRNWk68gq5rv9G
-Qkaiv6GFGvm/5P9JhfejcIYyHF2fYPepraX/z9E0+X1bF8bc1g4oa8Ld8fUz
-aJ1O/Id8NhLWo4DoQw1VYZTqZDdH6nfK0LJYBcNdfrGoRpAxVs5wKpayMLh3
-5nnAvSk7/ZR3TL0gzUEl4C7HG7vupARB0l2tEmqKm0f7yd1GQOGdPDPQtQID
-AQABo3cwdTAPBgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBRjAVBgNVHSAE
-DjAMMAoGCCqBegF5AQEBMB0GA1UdDgQWBBSjBS8YYFDCiQrdKyFP/45OqDAx
-NjAfBgNVHSMEGDAWgBSjBS8YYFDCiQrdKyFP/45OqDAxNjANBgkqhkiG9w0B
-AQUFAAOCAQEABdwm2Pp3FURo/C9mOnTgXeQp/wYHE4RKq89toB9RlPhJy3Q2
-FLwV3duJL92PoF189RLrn544pEfMs5bZvpwlqwN+Mw+VgQ39FuCIvjfwbF3Q
-MZsyK10XZZOYYLxuj7GoPB7ZHPOpJkL5ZB3C55L29B5aqhlSXa/oovdgoPaN
-8In1buAKBQGVyYsgCrpa/JosPL3Dt8ldeCUFP1YUmwza+zpI/pdpXsoQhvdO
-lgQITeywvl3cO45Pwf2aNjSaTFR+FwNIlQgRHAdvhQh+XU3Endv7rs6y0bO4
-g2wdsrN58dhwmX7wEwLOXt1R0982gaEbeC9xs/FZTEYYKKuF0mBWWg==
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/594f1775.0 b/cert-validity/mozilla/hashed/594f1775.0
deleted file mode 100644
index 9cebe1aca2c9..000000000000
--- a/cert-validity/mozilla/hashed/594f1775.0
+++ /dev/null
@@ -1,20 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDIDCCAomgAwIBAgIENd70zzANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQG
-EwJVUzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1
-cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTk4MDgyMjE2NDE1MVoXDTE4
-MDgyMjE2NDE1MVowTjELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0VxdWlmYXgx
-LTArBgNVBAsTJEVxdWlmYXggU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0
-eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwV2xWGcIYu6gmi0fCG2R
-FGiYCh7+2gRvE4RiIcPRfM6fBeC4AfBONOziipUEZKzxa1NfBbPLZ4C/QgKO
-/t0BCezhABRP/PvwDN1Dulsr4R+AcJkVV5MW8Q+XarfCaCMczE1ZMKxRHjuv
-K9buY0V7xdlfUNLjUA86iOe/FP3gx7kCAwEAAaOCAQkwggEFMHAGA1UdHwRp
-MGcwZaBjoGGkXzBdMQswCQYDVQQGEwJVUzEQMA4GA1UEChMHRXF1aWZheDEt
-MCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5
-MQ0wCwYDVQQDEwRDUkwxMBoGA1UdEAQTMBGBDzIwMTgwODIyMTY0MTUxWjAL
-BgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUSOZo+SvSspXXR9gjIBBPM5iQn9Qw
-HQYDVR0OBBYEFEjmaPkr0rKV10fYIyAQTzOYkJ/UMAwGA1UdEwQFMAMBAf8w
-GgYJKoZIhvZ9B0EABA0wCxsFVjMuMGMDAgbAMA0GCSqGSIb3DQEBBQUAA4GB
-AFjOKer89961zgK5F7WF0bnj4JXMJTENAKaSbn+2kmOeUJXRmm/kEd5jhW6Y
-7qj/WsjTVbJmcVfewCHrPSqnI0kBBIZCe/zuf6IWUrVnZ9NA2zsmWLIodz2u
-FHdh1voqZiegDfqnc1zqcPGUIWVEX/r87yloqaKHee9570+sB3c4
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/5a3f0ff8.0 b/cert-validity/mozilla/hashed/5a3f0ff8.0
deleted file mode 100644
index 4c37a972c7ac..000000000000
--- a/cert-validity/mozilla/hashed/5a3f0ff8.0
+++ /dev/null
@@ -1,26 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEHTCCAwWgAwIBAgIQToEtioJl4AsC7j41AkblPTANBgkqhkiG9w0BAQUF
-ADCBgTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3Rl
-cjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0
-ZWQxJzAlBgNVBAMTHkNPTU9ETyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAe
-Fw0wNjEyMDEwMDAwMDBaFw0yOTEyMzEyMzU5NTlaMIGBMQswCQYDVQQGEwJH
-QjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxm
-b3JkMRowGAYDVQQKExFDT01PRE8gQ0EgTGltaXRlZDEnMCUGA1UEAxMeQ09N
-T0RPIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEF
-AAOCAQ8AMIIBCgKCAQEA0ECLi3LjkRv3UcEbVASY06m/weaKXTuH+7uIzg3j
-Lz8GlvCiKVCZrts7oVewdFFxze1CkU1B/qnI2GqGd0S7WWaXUF601CxwRM/a
-N5VCaTwwxHGzUvAhTaHYujl8HJ6jJJ3ygxaYqhZ8Q5sVW7euNJH+1GImGEaa
-P+vB+fGQV+useg2L23IwambV4EajcNxo2f8ESIl33rXp+2dtQem8Ob0y2WIC
-8bGoPW43nOIv4tOiJovGuFVDiOEjPqXSJDlqR6sA1KGzqSX+DT+nHbrTUcEL
-pNqsOO9VUCQFZUaTNE8tja3G1CEZ0o7KBWFxB3NH5YoZEr0ETc5OnKVIrLsm
-9wIDAQABo4GOMIGLMB0GA1UdDgQWBBQLWOWLxkwVN6RAqTCpIb5HNlpW/zAO
-BgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zBJBgNVHR8EQjBAMD6g
-PKA6hjhodHRwOi8vY3JsLmNvbW9kb2NhLmNvbS9DT01PRE9DZXJ0aWZpY2F0
-aW9uQXV0aG9yaXR5LmNybDANBgkqhkiG9w0BAQUFAAOCAQEAPpiem/Yb6dc5
-t3iuHXIYSdOH5EOC6z/JqvWote9VfCFSZfnVDeFs9D6Mk3ORLgLETgdxb8CP
-OGEIqB6BCsAvIC9Bi5HcSEW88cbeunZrM8gALTFGTO3nnc+IlP8zwFboJIYm
-uNg4ON8qa90SzMc/RxdMosIGlgnW2/4/PEZB31jiVg88O8EckzXZOFKs7sjs
-LjBOlDW0JB9LeGna8gI4zJVSk/BwJVmcIGfE7vmLV2H0knZ9P4SNVbfo5azV
-8fUZVqZa+5Acr5Pr5RzUZ5ddBA6+C4OmF4O5MBKgxTMVBbkN+8cFduPYSo38
-NBejxiEovjBFMR7HeL5YYTisO+IBZQ==
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/5a5372fc.0 b/cert-validity/mozilla/hashed/5a5372fc.0
deleted file mode 100644
index bb6f28a18643..000000000000
--- a/cert-validity/mozilla/hashed/5a5372fc.0
+++ /dev/null
@@ -1,33 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFSzCCBLSgAwIBAgIBaTANBgkqhkiG9w0BAQQFADCBmTELMAkGA1UEBhMC
-SFUxETAPBgNVBAcTCEJ1ZGFwZXN0MScwJQYDVQQKEx5OZXRMb2NrIEhhbG96
-YXRiaXp0b25zYWdpIEtmdC4xGjAYBgNVBAsTEVRhbnVzaXR2YW55a2lhZG9r
-MTIwMAYDVQQDEylOZXRMb2NrIFV6bGV0aSAoQ2xhc3MgQikgVGFudXNpdHZh
-bnlraWFkbzAeFw05OTAyMjUxNDEwMjJaFw0xOTAyMjAxNDEwMjJaMIGZMQsw
-CQYDVQQGEwJIVTERMA8GA1UEBxMIQnVkYXBlc3QxJzAlBgNVBAoTHk5ldExv
-Y2sgSGFsb3phdGJpenRvbnNhZ2kgS2Z0LjEaMBgGA1UECxMRVGFudXNpdHZh
-bnlraWFkb2sxMjAwBgNVBAMTKU5ldExvY2sgVXpsZXRpIChDbGFzcyBCKSBU
-YW51c2l0dmFueWtpYWRvMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCx
-6gTsIKAjwo84YM/HRrPVG/77uZmeBNwcf4xKgZjupNTKihe5In+DCnVMm8Bp
-2GQ5o+2So/1bXHQawEfKOml2mrriRBf8TKPV/riXiK+IA4kfpPIEPsgHC+b5
-sy96YhQJRhTKZPWLgLViqNhr1nGTLbO/CVRY7QbrqHvcQ7GhaQIDAQABo4IC
-nzCCApswEgYDVR0TAQH/BAgwBgEB/wIBBDAOBgNVHQ8BAf8EBAMCAAYwEQYJ
-YIZIAYb4QgEBBAQDAgAHMIICYAYJYIZIAYb4QgENBIICURaCAk1GSUdZRUxF
-TSEgRXplbiB0YW51c2l0dmFueSBhIE5ldExvY2sgS2Z0LiBBbHRhbGFub3Mg
-U3pvbGdhbHRhdGFzaSBGZWx0ZXRlbGVpYmVuIGxlaXJ0IGVsamFyYXNvayBh
-bGFwamFuIGtlc3p1bHQuIEEgaGl0ZWxlc2l0ZXMgZm9seWFtYXRhdCBhIE5l
-dExvY2sgS2Z0LiB0ZXJtZWtmZWxlbG9zc2VnLWJpenRvc2l0YXNhIHZlZGku
-IEEgZGlnaXRhbGlzIGFsYWlyYXMgZWxmb2dhZGFzYW5hayBmZWx0ZXRlbGUg
-YXogZWxvaXJ0IGVsbGVub3J6ZXNpIGVsamFyYXMgbWVndGV0ZWxlLiBBeiBl
-bGphcmFzIGxlaXJhc2EgbWVndGFsYWxoYXRvIGEgTmV0TG9jayBLZnQuIElu
-dGVybmV0IGhvbmxhcGphbiBhIGh0dHBzOi8vd3d3Lm5ldGxvY2submV0L2Rv
-Y3MgY2ltZW4gdmFneSBrZXJoZXRvIGF6IGVsbGVub3J6ZXNAbmV0bG9jay5u
-ZXQgZS1tYWlsIGNpbWVuLiBJTVBPUlRBTlQhIFRoZSBpc3N1YW5jZSBhbmQg
-dGhlIHVzZSBvZiB0aGlzIGNlcnRpZmljYXRlIGlzIHN1YmplY3QgdG8gdGhl
-IE5ldExvY2sgQ1BTIGF2YWlsYWJsZSBhdCBodHRwczovL3d3dy5uZXRsb2Nr
-Lm5ldC9kb2NzIG9yIGJ5IGUtbWFpbCBhdCBjcHNAbmV0bG9jay5uZXQuMA0G
-CSqGSIb3DQEBBAUAA4GBAATbrowXr/gOkDFOzT4JwG06sPgzTEdM43WIEJes
-sDgVkcYplswhwG08pXTP2IKlOcNl40JwuyKQ433bNXbhoLXan3BukxowOR0w
-2y7jfLKRstE3Kfq51hdcR0/jHTjrn9V7lagonhVK0dHQKwCXoOKSNitjrFgB
-azMpUIaD8QFI
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/5cf9d536.0 b/cert-validity/mozilla/hashed/5cf9d536.0
deleted file mode 100644
index 3d6171cfebe3..000000000000
--- a/cert-validity/mozilla/hashed/5cf9d536.0
+++ /dev/null
@@ -1,36 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIF0DCCBLigAwIBAgIEOrZQizANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQG
-EwJCTTEZMBcGA1UEChMQUXVvVmFkaXMgTGltaXRlZDElMCMGA1UECxMcUm9v
-dCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEuMCwGA1UEAxMlUXVvVmFkaXMg
-Um9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wMTAzMTkxODMzMzNa
-Fw0yMTAzMTcxODMzMzNaMH8xCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9W
-YWRpcyBMaW1pdGVkMSUwIwYDVQQLExxSb290IENlcnRpZmljYXRpb24gQXV0
-aG9yaXR5MS4wLAYDVQQDEyVRdW9WYWRpcyBSb290IENlcnRpZmljYXRpb24g
-QXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2G1
-lVO6V/z68mcLOhrfEYBklbTRvM16z/Ypli4kVEAkOPcahdxYTMukJ0KX0J+D
-isPkBgNbAKVRHnAEdOLB1Dqr1607BxgFjv2DrOpm2RgbaIr1VxqYuvXtdj18
-2d6UajtLF8HVj71lODqV0D1VNk7feVcxKh7YWWVJWCCYfqtffp/p1k3sg3Sp
-x2zY7ilKhSoGFPlU5tPaZQeLYzcS19Dsw3sgQUSj7cugF+FxZc4dZjH3dgEZ
-yH0DWLaVSR2mEiboxgx24ONmy+pdpibu5cxfvWenAScOospUxbF6lR1xHkop
-igPcakXBpBlebzbNw6Kwt/5cOOJSvPhEQ+aQuwIDAQABo4ICUjCCAk4wPQYI
-KwYBBQUHAQEEMTAvMC0GCCsGAQUFBzABhiFodHRwczovL29jc3AucXVvdmFk
-aXNvZmZzaG9yZS5jb20wDwYDVR0TAQH/BAUwAwEB/zCCARoGA1UdIASCAREw
-ggENMIIBCQYJKwYBBAG+WAABMIH7MIHUBggrBgEFBQcCAjCBxxqBxFJlbGlh
-bmNlIG9uIHRoZSBRdW9WYWRpcyBSb290IENlcnRpZmljYXRlIGJ5IGFueSBw
-YXJ0eSBhc3N1bWVzIGFjY2VwdGFuY2Ugb2YgdGhlIHRoZW4gYXBwbGljYWJs
-ZSBzdGFuZGFyZCB0ZXJtcyBhbmQgY29uZGl0aW9ucyBvZiB1c2UsIGNlcnRp
-ZmljYXRpb24gcHJhY3RpY2VzLCBhbmQgdGhlIFF1b1ZhZGlzIENlcnRpZmlj
-YXRlIFBvbGljeS4wIgYIKwYBBQUHAgEWFmh0dHA6Ly93d3cucXVvdmFkaXMu
-Ym0wHQYDVR0OBBYEFItLbe3TKbkGGew5Oanwl4Rqy+/fMIGuBgNVHSMEgaYw
-gaOAFItLbe3TKbkGGew5Oanwl4Rqy+/foYGEpIGBMH8xCzAJBgNVBAYTAkJN
-MRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMSUwIwYDVQQLExxSb290IENl
-cnRpZmljYXRpb24gQXV0aG9yaXR5MS4wLAYDVQQDEyVRdW9WYWRpcyBSb290
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggQ6tlCLMA4GA1UdDwEB/wQEAwIB
-BjANBgkqhkiG9w0BAQUFAAOCAQEAitQUtf70mpKnGdSkfnIYj9lofFIk3Wdv
-OXrEql494liwTXCYhGHoG+NpGA7O+0dQoE7/8CQfvbLO9Sf87C9TqnN7Az10
-buYWnuulLsS/VidQK2K6vkscPFVcQR0kvoIgR13VRH56FmjffU1RcHhXHTMe
-/QKZnAzNCgVPx7uOpHX6Sm2xgI4JVrmcGmD+XcHXetwReNDWXcG31a0ymQM6
-isxUJTkxgXsTIlG6Rmyhu576BGxJJnSP0nPrzDCi5upZIof4l/UO/erMkqQW
-xFIY6iHOsfHmhIHluqmGKPJDWl0Snawe2ajlCmqnf6CHKc/yiU3U7MXi5nrQ
-NiOKSnQ2+Q==
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/5e4e69e7.0 b/cert-validity/mozilla/hashed/5e4e69e7.0
deleted file mode 100644
index ed3f87831c37..000000000000
--- a/cert-validity/mozilla/hashed/5e4e69e7.0
+++ /dev/null
@@ -1,23 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDhDCCAwqgAwIBAgIQL4D+I4wOIg9IZxIokYesszAKBggqhkjOPQQDAzCB
-yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYD
-VQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAw
-NyBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUw
-QwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRp
-ZmljYXRpb24gQXV0aG9yaXR5IC0gRzQwHhcNMDcxMTA1MDAwMDAwWhcNMzgw
-MTE4MjM1OTU5WjCByjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWdu
-LCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYD
-VQQLEzEoYykgMjAwNyBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVk
-IHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQ
-cmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzQwdjAQBgcqhkjO
-PQIBBgUrgQQAIgNiAASnVnp8Utpkmw4tXNherJI9/gHmGUo9FANL+mAnINmD
-iWn6VMaaGF5VKmTeBvaNSjutEDxlPZCIBIngMGGzrl0Bp3vefLK+ymVhAIau
-2o970ImtTR1ZmkGxvEeA3J5iw/mjgbIwga8wDwYDVR0TAQH/BAUwAwEB/zAO
-BgNVHQ8BAf8EBAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1h
-Z2UvZ2lmMCEwHzAHBgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYj
-aHR0cDovL2xvZ28udmVyaXNpZ24uY29tL3ZzbG9nby5naWYwHQYDVR0OBBYE
-FLMWkf3upm7ktS5Jj4d4gYDs5bG1MAoGCCqGSM49BAMDA2gAMGUCMGYhDBgm
-YFo4e1ZC4Kf8NoRRkSAsdk1DPcQdhCPQrNZ8NQbOzWm9kA3bbEhCHQ6qQgIx
-AJw9SDkjOVgaFRJZap7v1VmyHVIsmXHNxynfGyphe3HR3vPA5Q06Sqotp9iG
-Kt0uEA==
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/60afe812.0 b/cert-validity/mozilla/hashed/60afe812.0
deleted file mode 100644
index eedd0b6f9cb0..000000000000
--- a/cert-validity/mozilla/hashed/60afe812.0
+++ /dev/null
@@ -1,26 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEFTCCAv2gAwIBAgIGSUEs5AAQMA0GCSqGSIb3DQEBCwUAMIGnMQswCQYD
-VQQGEwJIVTERMA8GA1UEBwwIQnVkYXBlc3QxFTATBgNVBAoMDE5ldExvY2sg
-S2Z0LjE3MDUGA1UECwwuVGFuw7pzw610dsOhbnlraWFkw7NrIChDZXJ0aWZp
-Y2F0aW9uIFNlcnZpY2VzKTE1MDMGA1UEAwwsTmV0TG9jayBBcmFueSAoQ2xh
-c3MgR29sZCkgRsWRdGFuw7pzw610dsOhbnkwHhcNMDgxMjExMTUwODIxWhcN
-MjgxMjA2MTUwODIxWjCBpzELMAkGA1UEBhMCSFUxETAPBgNVBAcMCEJ1ZGFw
-ZXN0MRUwEwYDVQQKDAxOZXRMb2NrIEtmdC4xNzA1BgNVBAsMLlRhbsO6c8Ot
-dHbDoW55a2lhZMOzayAoQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcykxNTAzBgNV
-BAMMLE5ldExvY2sgQXJhbnkgKENsYXNzIEdvbGQpIEbFkXRhbsO6c8OtdHbD
-oW55MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxCRec75LbRTD
-ofTjl5Bu0jBFHjzuZ9lk4BqKf8owyoPjIMHj9DrTlF8afFttvzBPhCf2nx9J
-vMaZCpDyD/V/Q4Q3Y1GLeqVw/HpYzY6b7cNGbIRwXdrzAZAj/E4wqX7hJ2Pn
-7WQ8oLjJM2P+FpD/sLj916jAwJRDC7bVWaaeVtAkH3B5r9s5VA1lddkVQZQB
-r17s9o3x/61k/iCa11zr/qYfCGSji3ZVrR47KGAuhyXoqq8fxmRGILdwfzze
-SNuWU7c5d+Qa4scWhHaXWy+7GRWF+GmF9ZmnqfI0p6m2pgP8b4Y9VHx2BJtr
-+UBdADTHLpl1neWIA6pN+APSQnbAGwIDAKiLo0UwQzASBgNVHRMBAf8ECDAG
-AQH/AgEEMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUzPpnk/C2uNClwB7z
-U/2MU9+D15YwDQYJKoZIhvcNAQELBQADggEBAKt/7hwWqZw8UQCgwBEIBaeZ
-5m8BiFRhbvG5GK1Krf6BQCOUL/t1fC8oS2IkgYIL9WHxHG64YTjrgfpioTta
-YtOUZcTh5m2C+C8lcLIhJsFyUR+MLMOEkMNaj7rP9KdlpeuY0fsFskZ1FSNq
-b4VjMIDw1Z4fKRzCbLBQWV2QWzuoDTDPv31/zvGdg73JRm4gpvlhUbohL3u+
-pRVjodSVh/GeufOJ8z2FuLjbvrW5KfnaNwUASZQDhETnv0Mxz3WLJdH0pmT1
-kvarBes96aULNmLazAZfNou2XjG4Kvte9nHfRCaexOYNkbQudZWAUWpLMKaw
-YqGT8ZvYzsRjdT9ZR7E=
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/635ccfd5.0 b/cert-validity/mozilla/hashed/635ccfd5.0
deleted file mode 100644
index 2efa72de0a83..000000000000
--- a/cert-validity/mozilla/hashed/635ccfd5.0
+++ /dev/null
@@ -1,33 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFTzCCBLigAwIBAgIBaDANBgkqhkiG9w0BAQQFADCBmzELMAkGA1UEBhMC
-SFUxETAPBgNVBAcTCEJ1ZGFwZXN0MScwJQYDVQQKEx5OZXRMb2NrIEhhbG96
-YXRiaXp0b25zYWdpIEtmdC4xGjAYBgNVBAsTEVRhbnVzaXR2YW55a2lhZG9r
-MTQwMgYDVQQDEytOZXRMb2NrIEV4cHJlc3N6IChDbGFzcyBDKSBUYW51c2l0
-dmFueWtpYWRvMB4XDTk5MDIyNTE0MDgxMVoXDTE5MDIyMDE0MDgxMVowgZsx
-CzAJBgNVBAYTAkhVMREwDwYDVQQHEwhCdWRhcGVzdDEnMCUGA1UEChMeTmV0
-TG9jayBIYWxvemF0Yml6dG9uc2FnaSBLZnQuMRowGAYDVQQLExFUYW51c2l0
-dmFueWtpYWRvazE0MDIGA1UEAxMrTmV0TG9jayBFeHByZXNzeiAoQ2xhc3Mg
-QykgVGFudXNpdHZhbnlraWFkbzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
-gYEA6+ywbGGKIyWvYCDj2Z/8kwvbXY2wobNAOoLO/XXgeDIDhlqGlZHtU/qd
-QPzm6N3ZW3oDvV3zOwzDUXmbrVWg6dADEK8KuhRC2VImESLH0iDMgqSaqf64
-gXadarfSNnU+sYYJ9m5tfk63euyucYT2BDMIJTLrdKwWRMbkQJMdf60CAwEA
-AaOCAp8wggKbMBIGA1UdEwEB/wQIMAYBAf8CAQQwDgYDVR0PAQH/BAQDAgAG
-MBEGCWCGSAGG+EIBAQQEAwIABzCCAmAGCWCGSAGG+EIBDQSCAlEWggJNRklH
-WUVMRU0hIEV6ZW4gdGFudXNpdHZhbnkgYSBOZXRMb2NrIEtmdC4gQWx0YWxh
-bm9zIFN6b2xnYWx0YXRhc2kgRmVsdGV0ZWxlaWJlbiBsZWlydCBlbGphcmFz
-b2sgYWxhcGphbiBrZXN6dWx0LiBBIGhpdGVsZXNpdGVzIGZvbHlhbWF0YXQg
-YSBOZXRMb2NrIEtmdC4gdGVybWVrZmVsZWxvc3NlZy1iaXp0b3NpdGFzYSB2
-ZWRpLiBBIGRpZ2l0YWxpcyBhbGFpcmFzIGVsZm9nYWRhc2FuYWsgZmVsdGV0
-ZWxlIGF6IGVsb2lydCBlbGxlbm9yemVzaSBlbGphcmFzIG1lZ3RldGVsZS4g
-QXogZWxqYXJhcyBsZWlyYXNhIG1lZ3RhbGFsaGF0byBhIE5ldExvY2sgS2Z0
-LiBJbnRlcm5ldCBob25sYXBqYW4gYSBodHRwczovL3d3dy5uZXRsb2NrLm5l
-dC9kb2NzIGNpbWVuIHZhZ3kga2VyaGV0byBheiBlbGxlbm9yemVzQG5ldGxv
-Y2submV0IGUtbWFpbCBjaW1lbi4gSU1QT1JUQU5UISBUaGUgaXNzdWFuY2Ug
-YW5kIHRoZSB1c2Ugb2YgdGhpcyBjZXJ0aWZpY2F0ZSBpcyBzdWJqZWN0IHRv
-IHRoZSBOZXRMb2NrIENQUyBhdmFpbGFibGUgYXQgaHR0cHM6Ly93d3cubmV0
-bG9jay5uZXQvZG9jcyBvciBieSBlLW1haWwgYXQgY3BzQG5ldGxvY2submV0
-LjANBgkqhkiG9w0BAQQFAAOBgQAQrX/XDDKACtiG8XmYta3UzbM2xJZIwVzN
-mtkFLp++UOv0JhQQLdRmF/iewSf98e3ke0ugbLWrmldwpu2gpO0u9f38vf5N
-NwgMvOOWgyL1SRt/Syu0VMGAfJlOHdCM7tCs5ZL6dVb+ZKATj7i4Fp1hBWeA
-yNDYpQcCNJgEjTME1A==
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/67495436.0 b/cert-validity/mozilla/hashed/67495436.0
deleted file mode 100644
index 8467a594a2c6..000000000000
--- a/cert-validity/mozilla/hashed/67495436.0
+++ /dev/null
@@ -1,26 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEKjCCAxKgAwIBAgIQYAGXt0an6rS0mtZLL/eQ+zANBgkqhkiG9w0BAQsF
-ADCBrjELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYG
-A1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UE
-CxMvKGMpIDIwMDggdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNl
-IG9ubHkxJDAiBgNVBAMTG3RoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EgLSBHMzAe
-Fw0wODA0MDIwMDAwMDBaFw0zNzEyMDEyMzU5NTlaMIGuMQswCQYDVQQGEwJV
-UzEVMBMGA1UEChMMdGhhd3RlLCBJbmMuMSgwJgYDVQQLEx9DZXJ0aWZpY2F0
-aW9uIFNlcnZpY2VzIERpdmlzaW9uMTgwNgYDVQQLEy8oYykgMjAwOCB0aGF3
-dGUsIEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTEkMCIGA1UEAxMb
-dGhhd3RlIFByaW1hcnkgUm9vdCBDQSAtIEczMIIBIjANBgkqhkiG9w0BAQEF
-AAOCAQ8AMIIBCgKCAQEAsr8nLPvb2FvdeHsbnndmgcs+vHyu86YnmjSjaDFx
-ODNi5PNxZnmxqWWjpYvVj2AtP0LMqmsywCPLLEHd5N/8YZzic7IilRFDGF/E
-th9XbAoFWCLINkw6fKXRz4aviKdEAhN0cXMKQlkC+BsUa0Lfb1+6a4KinVvn
-Sr0eAXLbS3ToO39/fR8EtCab4LRarEc9VbjXsCZSKAExQGbY2SS99irY7CFJ
-XJv2eul/VTV+lmuNk5Mny5K76qxAwJ/C+IDPXfRa3M50hqY+bAtTyr2SzhkG
-cuYMXDhpxwTWvGzOW/b3aJzcJRVIiKHpqfiYnODz1TEoYRFsZ5aNOZnLwkUk
-OQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAd
-BgNVHQ4EFgQUrWyqlGCc7eT/+j4KdCtjA/e2Wb8wDQYJKoZIhvcNAQELBQAD
-ggEBABpA2JVlrAmSicY59BDlqQ5mU1143vokkbvnRFHfxhY0Cu9qRFHqKweK
-A3rD6z8KLFIWoCtDuSWQP3CpMyVtRRooOyfPqsMpQhvfO0zAMzRbQYi/aytl
-ryjvsvXDqmbOe1but8jLZ8HJnBoYuMTDSQPxYA5QzUbF83d597YV4Djbxy8o
-oAw/dyZ02SUS2jHaGh7cKUGRIjxpp7sC8rZcJwOJ9Abqm+RyguOhCcHpABnT
-PtRwa7pxpqpYrvS76Wy274fMm7v/OeZWYdMKp8RcTGB7BXcmer/YB1IsYvdw
-Y9k5vG8cwnncdimvzsUsZAReiDZuMdRAGmI0Nj81Aa6sY6A=
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/69105f4f.0 b/cert-validity/mozilla/hashed/69105f4f.0
deleted file mode 100644
index 3d5dbae5d747..000000000000
--- a/cert-validity/mozilla/hashed/69105f4f.0
+++ /dev/null
@@ -1,24 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDtzCCAp+gAwIBAgIQDOfg5RfYRv6P5WD8G/AwOTANBgkqhkiG9w0BAQUF
-ADBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYD
-VQQLExB3d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1
-cmVkIElEIFJvb3QgQ0EwHhcNMDYxMTEwMDAwMDAwWhcNMzExMTEwMDAwMDAw
-WjBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYD
-VQQLExB3d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1
-cmVkIElEIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
-AQCtDhXO5EOAXLGH87dg+XESpa7cJpSIqvTO9SA5KFhgDPiA2qkVlTJhPLWx
-KISKityfCgyDF3qPkKyK53lTXDGEKvYPmDI2dsze3Tyoou9q+yHyUmHfnyDX
-H+Kx2f4YZNISW1/5WBg1vEfNoTb5a3/UsDg+wRvDjDPZ2C8Y/igPs6eD1sNu
-RMBhNZYW/lmci3Zt1/GiSw0r/wty2p5g0I6QNcZ4VYcgoc/lbQrISXwxmDNs
-IumH0DJaoroTghHtORedmTpyoeb6pNnVFzF1roV9Iq4/AUaG9ih5yLHa5FcX
-xH4cDrC0kqZWs72yl+2qp/C3xag/lRbQ/6GW6whfGHdPAgMBAAGjYzBhMA4G
-A1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRF66Kv
-9JLLgjEtUYunpyGd823IDzAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYunpyGd
-823IDzANBgkqhkiG9w0BAQUFAAOCAQEAog683+Lt8ONyc3pklL/3cmbYMuRC
-dWKuh+vy1dneVrOfzM4UKLkNl2BcEkxY5NM9g0lFWJc1aRqoR+pWxnmrEthn
-gYTffwk8lOa4JiwgvT2zKIn3X/8i4peEH+ll74fg38FnSbNd67IJKusm7Xi+
-fT8r87cmNW1fiQG2SVufAQWbqz0lwcy2f8Lxb4bG+mRo64EtlOtCt/qMHt1i
-8b5QZ7dsvfPxH2sMNgcWfzd8qVttevESRmCD1ycEvkvOl77DZypoEd+A5wwz
-Zr8TDRRu838fYxAe+o0bJW1sj6W3YQGx0qMmoRBxna3iw/nDmVG3KwcIzi7m
-ULKn+gpFL6Lw8g==
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/6adf0799.0 b/cert-validity/mozilla/hashed/6adf0799.0
deleted file mode 100644
index a2536c528d8a..000000000000
--- a/cert-validity/mozilla/hashed/6adf0799.0
+++ /dev/null
@@ -1,25 +0,0 @@
------BEGIN CERTIFICATE-----
-MIID5TCCAs2gAwIBAgIEOeSXnjANBgkqhkiG9w0BAQUFADCBgjELMAkGA1UE
-BhMCVVMxFDASBgNVBAoTC1dlbGxzIEZhcmdvMSwwKgYDVQQLEyNXZWxscyBG
-YXJnbyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEvMC0GA1UEAxMmV2VsbHMg
-RmFyZ28gUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDAxMDExMTY0
-MTI4WhcNMjEwMTE0MTY0MTI4WjCBgjELMAkGA1UEBhMCVVMxFDASBgNVBAoT
-C1dlbGxzIEZhcmdvMSwwKgYDVQQLEyNXZWxscyBGYXJnbyBDZXJ0aWZpY2F0
-aW9uIEF1dGhvcml0eTEvMC0GA1UEAxMmV2VsbHMgRmFyZ28gUm9vdCBDZXJ0
-aWZpY2F0ZSBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
-AoIBAQDVqDM7Jvk0/82bfuUER84A4n135zHCLielTWi5MbqNQ1mXx3Oqfz1c
-QJ4F5aHiidlMuD+b+Qy0yGIZLEWukR5zcUHESxP9cMIlrCL1dQu3U+SlK93O
-vRw6esP3E48mVJwWa2uv+9iWsWCaSOAlIiR5NM4OJgALTqv9i86C1y8IcGjB
-qAr5dE8Hq6T54oN+J3N0Prj5OEL8pahbSCOz6+MlsoCultQKnMJ4msZoGK43
-YjdeUXWoWGPAUe5AeH6orxqg4bB4nVCMe+ez/I4jsNtlAHCEAQgAFG5Uhpq6
-zPk3EPbg3oQtnaSFN9OH4xXQwReQfhkhahKpdv0SAulPIV4XAgMBAAGjYTBf
-MA8GA1UdEwEB/wQFMAMBAf8wTAYDVR0gBEUwQzBBBgtghkgBhvt7hwcBCzAy
-MDAGCCsGAQUFBwIBFiRodHRwOi8vd3d3LndlbGxzZmFyZ28uY29tL2NlcnRw
-b2xpY3kwDQYJKoZIhvcNAQEFBQADggEBANIn3ZwKdyu7IvICtUpKkfnRLb7k
-uxpo7w6kAOnu5+/u9vnldKTC2FJYxHT7zmu1Oyl5GFrvm+0fazbuSCUlFLZW
-ohDo7qd/0D+j0MNdJu4HzMPBJCGHHt8qElNvQRbn7a6U+oxy+hNH8Dx+rn0R
-OhPs7fpvcmR7nX1/Jv16+yWt6j4pf0zjAFcysLPp7VMX2YuyFA4w6OXVE8Zk
-r8QA1dhYJPz1j+zxx32l2w8n0cbyQIjmH/ZhqPRCyLk306m+LFZ4wnKbWV01
-QIroTmMatukgalHizqSQ33ZwmVxwQ023tqcZZE6St8WRPH9IFmV7Fv3L/PvZ
-1dZPIWU7Sn9Ho/s=
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/6e8bf996.0 b/cert-validity/mozilla/hashed/6e8bf996.0
deleted file mode 100644
index 6f38777b08e8..000000000000
--- a/cert-validity/mozilla/hashed/6e8bf996.0
+++ /dev/null
@@ -1,20 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDDDCCAfSgAwIBAgIDAQAgMA0GCSqGSIb3DQEBBQUAMD4xCzAJBgNVBAYT
-AlBMMRswGQYDVQQKExJVbml6ZXRvIFNwLiB6IG8uby4xEjAQBgNVBAMTCUNl
-cnR1bSBDQTAeFw0wMjA2MTExMDQ2MzlaFw0yNzA2MTExMDQ2MzlaMD4xCzAJ
-BgNVBAYTAlBMMRswGQYDVQQKExJVbml6ZXRvIFNwLiB6IG8uby4xEjAQBgNV
-BAMTCUNlcnR1bSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
-AM6xwS7TT3zNJc4YPk/EjG+AanPIW1H4m9LcuwBcsaD8dQPugfCI7iNS6eYV
-M42sLQnFdvkrOYCJ5JdLkKWoePhzQ3ukYbDYWMzhbGZ+nPMJXlVjhNWo7/Ox
-LjBos8Q82KxujZlakE403Daaj4GIULdtlkIJ89eVgw1BS7Bqa/j8D35in2fE
-7SZfECYPCE/wpFcozo+47UX2bu4lXapuOb7kky/ZR6By6/qmW6/KUz/iDsaW
-VhFu9+lmqSbYf5VT7QqFiLpPKaVCjF62/IUgAKpoC6EahQGcxEZjgoi2IrHu
-/qpGWX7PNSzVttpd90gzFFS269lvzs2I1qsb2pY7HVkCAwEAAaMTMBEwDwYD
-VR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAuI3O7+cUus/usESS
-bLQ5PqKEbq24IXfS1HeCh+YgQYHu4vgRt2PRFze+GXYkHAQaTOs9qmdvLdTN
-/mUxcMUbpgIKumB7bVjCmkn+YzILa+M6wKyrO7Do0wlRjBCDxjTgxSvgGrZg
-FCdsMneMvLJymM/NzD+5yCRCFNZX/OYmQ6kd5YCQzgNUKD73P9P4Te1qCjqT
-E5s7FCMTY5w/0YcneeVMUeMBrYVdGjux1XMQpNPyvG5k9VpWkKjHDkx0Dy5x
-O/fIR/RpbxXyEV6DHpx8Uq79AtoSqFlnGNu8cN2bsWntgM6JQEhqDjXKKWYV
-IZQs6GAqm4VKQPNriiTsBhYscw==
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/6fcc125d.0 b/cert-validity/mozilla/hashed/6fcc125d.0
deleted file mode 100644
index 0c925459e3b9..000000000000
--- a/cert-validity/mozilla/hashed/6fcc125d.0
+++ /dev/null
@@ -1,23 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDojCCAoqgAwIBAgIQE4Y1TR0/BvLB+WUF1ZAcYjANBgkqhkiG9w0BAQUF
-ADBrMQswCQYDVQQGEwJVUzENMAsGA1UEChMEVklTQTEvMC0GA1UECxMmVmlz
-YSBJbnRlcm5hdGlvbmFsIFNlcnZpY2UgQXNzb2NpYXRpb24xHDAaBgNVBAMT
-E1Zpc2EgZUNvbW1lcmNlIFJvb3QwHhcNMDIwNjI2MDIxODM2WhcNMjIwNjI0
-MDAxNjEyWjBrMQswCQYDVQQGEwJVUzENMAsGA1UEChMEVklTQTEvMC0GA1UE
-CxMmVmlzYSBJbnRlcm5hdGlvbmFsIFNlcnZpY2UgQXNzb2NpYXRpb24xHDAa
-BgNVBAMTE1Zpc2EgZUNvbW1lcmNlIFJvb3QwggEiMA0GCSqGSIb3DQEBAQUA
-A4IBDwAwggEKAoIBAQCvV95WHm6h2mCxlCfLF9sHP4CFT8icttD0b0/Pmdjh
-28JIXDqsOTPHH2qLJj0rNfVIsZHBAk4ElpF7sDPwsRROEW+1QK8bRaVK7362
-rPKgH1g/EkZgPI2h4H3PVz4zHvtH8aoVlwdVZqW1LS7YgFmypw23RuwhY/81
-q6UCzyr0TP579ZRdhE2o8mCP2w4lPJ9zcc+U30rq299yOIzzlr3xF7zSujtF
-Wsan9sYXiwGd/BmoKoMWuDpI/k4+oKsGGelT84ATB+0tvz8KPFUgOSwsAGl0
-lUq8ILKpeeUYiZGo3BxN77t+Nwtd/jmliFKMAGzsGHxBvfaLdXe6YJ2E5/4t
-AgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0G
-A1UdDgQWBBQVOIMPPyw/cDMezUb+B4wg4NfDtzANBgkqhkiG9w0BAQUFAAOC
-AQEAX/FBfXxcCLkr4NWSR/pnXKUTwwMhmytMiUbPWU3J/qVAtmPN3XEolWcR
-zCSs00Rsca4BIGsDoo8Ytyk6feUWYFN4PMCvFYP3j1IzJL1kk5fui/fbGKht
-cbP3LBfQdCVp9/5rPJS+TUtBjE7ic9DjkCJzQ83z7+pzzkWKsKZJ/0x9nXGI
-xHYdkFsd7v3M9+79YKWxehZx0RbQfBI8bGmX265fOZpwLwU8GUYEmSA20GBu
-YQa7FkKMcPcw++DbZqMAAb3mLNqRX6BGi01qnD093QVG/na/oAo85ADmJ7f/
-hC3euiInlhBx6yLt398znM/jra6O1I7mT1GvFpLgXPYHDw==
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/709afd2b.0 b/cert-validity/mozilla/hashed/709afd2b.0
deleted file mode 100644
index 565a4be14ef8..000000000000
--- a/cert-validity/mozilla/hashed/709afd2b.0
+++ /dev/null
@@ -1,21 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDLTCCApagAwIBAgIBADANBgkqhkiG9w0BAQQFADCB0TELMAkGA1UEBhMC
-WkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3du
-MRowGAYDVQQKExFUaGF3dGUgQ29uc3VsdGluZzEoMCYGA1UECxMfQ2VydGlm
-aWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEkMCIGA1UEAxMbVGhhd3RlIFBl
-cnNvbmFsIEZyZWVtYWlsIENBMSswKQYJKoZIhvcNAQkBFhxwZXJzb25hbC1m
-cmVlbWFpbEB0aGF3dGUuY29tMB4XDTk2MDEwMTAwMDAwMFoXDTIwMTIzMTIz
-NTk1OVowgdExCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUx
-EjAQBgNVBAcTCUNhcGUgVG93bjEaMBgGA1UEChMRVGhhd3RlIENvbnN1bHRp
-bmcxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2VydmljZXMgRGl2aXNpb24x
-JDAiBgNVBAMTG1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBDQTErMCkGCSqG
-SIb3DQEJARYccGVyc29uYWwtZnJlZW1haWxAdGhhd3RlLmNvbTCBnzANBgkq
-hkiG9w0BAQEFAAOBjQAwgYkCgYEA1GnX1LCUZFtx6UfYDFG26nKRsIRefS0N
-j3sS34UldSh0OkIsYyeflXtL734Zhx2G6qPduc6WZBrCFG5ErHzmj+hND3Ef
-QDimAKOHePb5lIZererAXnbr2RSjXW56fAylS1V/Bhkpf56aJtVquzgkCGqY
-x7Hao5iR/Xnb5VrEHLkCAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zANBgkq
-hkiG9w0BAQQFAAOBgQDH7JJ+Tvj1lqVnYiqk8E0RYNBvjWBYYawmu1I1XAjP
-MPuoSpaKH2JCI4wXD/S6ZJwXrEcp352YXtJsYHFcoqzceePnbgBHH7UNKOgC
-neSa/RP0ptl8sfjcXyMmCZGAc9AUG95DqYMl8uacLxXK/qarigd1iwzdUYRr
-5PjRzneigQ==
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/72bf6a04.0 b/cert-validity/mozilla/hashed/72bf6a04.0
deleted file mode 100644
index 3901be856cab..000000000000
--- a/cert-validity/mozilla/hashed/72bf6a04.0
+++ /dev/null
@@ -1,48 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIH9zCCB2CgAwIBAgIBADANBgkqhkiG9w0BAQUFADCCARQxCzAJBgNVBAYT
-AkVTMRIwEAYDVQQIEwlCYXJjZWxvbmExEjAQBgNVBAcTCUJhcmNlbG9uYTEu
-MCwGA1UEChMlSVBTIEludGVybmV0IHB1Ymxpc2hpbmcgU2VydmljZXMgcy5s
-LjErMCkGA1UEChQiaXBzQG1haWwuaXBzLmVzIEMuSS5GLiAgQi02MDkyOTQ1
-MjEvMC0GA1UECxMmSVBTIENBIENMQVNFQTMgQ2VydGlmaWNhdGlvbiBBdXRo
-b3JpdHkxLzAtBgNVBAMTJklQUyBDQSBDTEFTRUEzIENlcnRpZmljYXRpb24g
-QXV0aG9yaXR5MR4wHAYJKoZIhvcNAQkBFg9pcHNAbWFpbC5pcHMuZXMwHhcN
-MDExMjI5MDEwNzUwWhcNMjUxMjI3MDEwNzUwWjCCARQxCzAJBgNVBAYTAkVT
-MRIwEAYDVQQIEwlCYXJjZWxvbmExEjAQBgNVBAcTCUJhcmNlbG9uYTEuMCwG
-A1UEChMlSVBTIEludGVybmV0IHB1Ymxpc2hpbmcgU2VydmljZXMgcy5sLjEr
-MCkGA1UEChQiaXBzQG1haWwuaXBzLmVzIEMuSS5GLiAgQi02MDkyOTQ1MjEv
-MC0GA1UECxMmSVBTIENBIENMQVNFQTMgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
-dHkxLzAtBgNVBAMTJklQUyBDQSBDTEFTRUEzIENlcnRpZmljYXRpb24gQXV0
-aG9yaXR5MR4wHAYJKoZIhvcNAQkBFg9pcHNAbWFpbC5pcHMuZXMwgZ8wDQYJ
-KoZIhvcNAQEBBQADgY0AMIGJAoGBAO6AAPYaZC6tasiDsYun7o/ZttvNG7uG
-BiJ2MwwSbUhWYdLcgiViL5/SaTBlA0IjWLxH3GvWdV0XPOH/8lhneaDBgbHU
-VqLyjRGZ/fZ98cfEXgIqmuJKtROKAP2Md4bm15T1IHUuDky/dMQ/gT6DtKM4
-Ninn6Cr1jIhBqoCm42zvAgMBAAGjggRTMIIETzAdBgNVHQ4EFgQUHp9XUEe2
-YZM50yz82l09BXW3mQIwggFGBgNVHSMEggE9MIIBOYAUHp9XUEe2YZM50yz8
-2l09BXW3mQKhggEcpIIBGDCCARQxCzAJBgNVBAYTAkVTMRIwEAYDVQQIEwlC
-YXJjZWxvbmExEjAQBgNVBAcTCUJhcmNlbG9uYTEuMCwGA1UEChMlSVBTIElu
-dGVybmV0IHB1Ymxpc2hpbmcgU2VydmljZXMgcy5sLjErMCkGA1UEChQiaXBz
-QG1haWwuaXBzLmVzIEMuSS5GLiAgQi02MDkyOTQ1MjEvMC0GA1UECxMmSVBT
-IENBIENMQVNFQTMgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxLzAtBgNVBAMT
-JklQUyBDQSBDTEFTRUEzIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MR4wHAYJ
-KoZIhvcNAQkBFg9pcHNAbWFpbC5pcHMuZXOCAQAwDAYDVR0TBAUwAwEB/zAM
-BgNVHQ8EBQMDB/+AMGsGA1UdJQRkMGIGCCsGAQUFBwMBBggrBgEFBQcDAgYI
-KwYBBQUHAwMGCCsGAQUFBwMEBggrBgEFBQcDCAYKKwYBBAGCNwIBFQYKKwYB
-BAGCNwIBFgYKKwYBBAGCNwoDAQYKKwYBBAGCNwoDBDARBglghkgBhvhCAQEE
-BAMCAAcwGgYDVR0RBBMwEYEPaXBzQG1haWwuaXBzLmVzMBoGA1UdEgQTMBGB
-D2lwc0BtYWlsLmlwcy5lczBCBglghkgBhvhCAQ0ENRYzQ0xBU0VBMyBDQSBD
-ZXJ0aWZpY2F0ZSBpc3N1ZWQgYnkgaHR0cDovL3d3dy5pcHMuZXMvMCkGCWCG
-SAGG+EIBAgQcFhpodHRwOi8vd3d3Lmlwcy5lcy9pcHMyMDAyLzA7BglghkgB
-hvhCAQQELhYsaHR0cDovL3d3dy5pcHMuZXMvaXBzMjAwMi9pcHMyMDAyQ0xB
-U0VBMy5jcmwwQAYJYIZIAYb4QgEDBDMWMWh0dHA6Ly93d3cuaXBzLmVzL2lw
-czIwMDIvcmV2b2NhdGlvbkNMQVNFQTMuaHRtbD8wPQYJYIZIAYb4QgEHBDAW
-Lmh0dHA6Ly93d3cuaXBzLmVzL2lwczIwMDIvcmVuZXdhbENMQVNFQTMuaHRt
-bD8wOwYJYIZIAYb4QgEIBC4WLGh0dHA6Ly93d3cuaXBzLmVzL2lwczIwMDIv
-cG9saWN5Q0xBU0VBMy5odG1sMHUGA1UdHwRuMGwwMqAwoC6GLGh0dHA6Ly93
-d3cuaXBzLmVzL2lwczIwMDIvaXBzMjAwMkNMQVNFQTMuY3JsMDagNKAyhjBo
-dHRwOi8vd3d3YmFjay5pcHMuZXMvaXBzMjAwMi9pcHMyMDAyQ0xBU0VBMy5j
-cmwwLwYIKwYBBQUHAQEEIzAhMB8GCCsGAQUFBzABhhNodHRwOi8vb2NzcC5p
-cHMuZXMvMA0GCSqGSIb3DQEBBQUAA4GBAEo9IEca2on0eisxeewBwMwB9dbB
-/MjD81ACUZBYKp/nNQlbMAqBACVHr9QPDp5gJqiVp4MI3y2s6Q73nMify5NF
-8bpqxmdRSmlPa/59Cy9SKcJQrSRE7SOzSMtEQMEDlQwKeAYSAfWRMS1Jjbs/
-RU4s4OjNtckUFQzjB4ObJnXv
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/72f369af.0 b/cert-validity/mozilla/hashed/72f369af.0
deleted file mode 100644
index 5d600faa8721..000000000000
--- a/cert-validity/mozilla/hashed/72f369af.0
+++ /dev/null
@@ -1,21 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDUzCCAjugAwIBAgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJO
-TzEdMBsGA1UECgwUQnV5cGFzcyBBUy05ODMxNjMzMjcxHTAbBgNVBAMMFEJ1
-eXBhc3MgQ2xhc3MgMiBDQSAxMB4XDTA2MTAxMzEwMjUwOVoXDTE2MTAxMzEw
-MjUwOVowSzELMAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1eXBhc3MgQVMtOTgz
-MTYzMzI3MR0wGwYDVQQDDBRCdXlwYXNzIENsYXNzIDIgQ0EgMTCCASIwDQYJ
-KoZIhvcNAQEBBQADggEPADCCAQoCggEBAIs8B0XY9t/mx8q6jUPFR42wWsE4
-25KEHK8T1A9vNkYgxC7McXA0ojTTNy7Y3Tp3L8DrKehc0rWpkTSHIln+zNvn
-ma+WwajHQN2lFYxuyHyXA8vmIPLXl18xoS830r7uvqmtqEyeIWZDO6i88wmj
-ONVZJMHCR3axiFyCO7srpgTXjAePzdVBHfCuuCkslFJgNJQ72uA40Z0zPhX0
-kzLFANq1KWYOOngPIVJfAuWSeyXTkh4vFZ2B5J2O6O+JzhRMVB0cgRJNcKi+
-EAUXfh/RuFdV7c27UsKwHnjCTTZoy1YmwVLBvXb3WNVyfh9EdrsAiR0WnVE1
-703CVu9r4Iw7DekCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4E
-FgQUP42aWYv8e3uco684sDntkHGA1sgwDgYDVR0PAQH/BAQDAgEGMA0GCSqG
-SIb3DQEBBQUAA4IBAQAVGn4TirnoB6NLJzKyQJHyIdFkhb5jatLPgcIV1Xp+
-DCmsNx4cfHZSldq1fyOhKXdlyTKdqC5Wq2B2zha0jX94wNWZUYN/Xtm+DKhQ
-7SLHrQVMdvvt7h5HZPb3J31cKA9FxVxiXqaakZG3Uxcu3K1gnZZkOb1naLKu
-BctN518fV4bVIJwo+28TOPX2EZL2fZleHwzoq0QkKXJAPTZSr4xYkHPB7GEs
-eaHsh7U/2k3ZIQAw3pDaDtMaSKk+hQsUi4y8QZ5q9w5wwDX3OaJdZtB7WZ+o
-RxKaJyOkLY4ng5IgodcVf/EuGO70SH8vf/GhGLWhC5SgYiAynB321O+/TIho
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/72fa7371.0 b/cert-validity/mozilla/hashed/72fa7371.0
deleted file mode 100644
index 9950f1f2e0a9..000000000000
--- a/cert-validity/mozilla/hashed/72fa7371.0
+++ /dev/null
@@ -1,20 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDAjCCAmsCEH3Z/gfPqB63EHln+6eJNMYwDQYJKoZIhvcNAQEFBQAwgcEx
-CzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UE
-CxMzQ2xhc3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhv
-cml0eSAtIEcyMTowOAYDVQQLEzEoYykgMTk5OCBWZXJpU2lnbiwgSW5jLiAt
-IEZvciBhdXRob3JpemVkIHVzZSBvbmx5MR8wHQYDVQQLExZWZXJpU2lnbiBU
-cnVzdCBOZXR3b3JrMB4XDTk4MDUxODAwMDAwMFoXDTI4MDgwMTIzNTk1OVow
-gcExCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoG
-A1UECxMzQ2xhc3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1
-dGhvcml0eSAtIEcyMTowOAYDVQQLEzEoYykgMTk5OCBWZXJpU2lnbiwgSW5j
-LiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MR8wHQYDVQQLExZWZXJpU2ln
-biBUcnVzdCBOZXR3b3JrMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDM
-XtERXVxp0KvTuWpMmR9ZmDCOFoUgRm1HP9SFIIThbbP4pO0M8RcPO/mn+SXX
-wc+EY/J8Y8+iR/LGWzOOZEAEaMGAuWQcRXfH2G71lSk8UOg013gfqLptQ5GV
-j0VXXn7F+8qkBOvqlzdUMG+7AUcyM83cV5tkaWH4mx0ciU9cZwIDAQABMA0G
-CSqGSIb3DQEBBQUAA4GBAFFNzb5cy5gZnBWyATl4Lk0PZ3BwmcYQWpSkU01U
-bSuvDV1Ai2TT1+7eVmGSX6bEHRBhNtMsJzzoKQm5EWR0zLVznxxIqbxhAe7i
-F6YM40AIOw7n60RzKprxaZLvcRTDOaxxp5EJb+RxBrO6WVcmeQD2+A2iMzAo
-1KpYoJ2daZH9
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/74c26bd0.0 b/cert-validity/mozilla/hashed/74c26bd0.0
deleted file mode 100644
index 55b3e2c7cf98..000000000000
--- a/cert-validity/mozilla/hashed/74c26bd0.0
+++ /dev/null
@@ -1,17 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICkDCCAfmgAwIBAgIBATANBgkqhkiG9w0BAQQFADBaMQswCQYDVQQGEwJV
-UzEcMBoGA1UEChMTRXF1aWZheCBTZWN1cmUgSW5jLjEtMCsGA1UEAxMkRXF1
-aWZheCBTZWN1cmUgR2xvYmFsIGVCdXNpbmVzcyBDQS0xMB4XDTk5MDYyMTA0
-MDAwMFoXDTIwMDYyMTA0MDAwMFowWjELMAkGA1UEBhMCVVMxHDAaBgNVBAoT
-E0VxdWlmYXggU2VjdXJlIEluYy4xLTArBgNVBAMTJEVxdWlmYXggU2VjdXJl
-IEdsb2JhbCBlQnVzaW5lc3MgQ0EtMTCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
-gYkCgYEAuucXkAJlsTRVPEnCUdXfp9E3j9HngXNBUmCbnaEXJnitx7HoJpQy
-td4zjTov2/KaelpzmKNc6fuKcxtc58O/gGzNqfTWK8D3+ZmqY6KxRwIP1ORR
-OhI8bIpaVIRw28HFkM9yRcuoWcDNM50/o5brhTMhHD4ePmBudpxnhcXIw2EC
-AwEAAaNmMGQwEQYJYIZIAYb4QgEBBAQDAgAHMA8GA1UdEwEB/wQFMAMBAf8w
-HwYDVR0jBBgwFoAUvqigdHJQa0S3ySPY+6j/s1draGwwHQYDVR0OBBYEFL6o
-oHRyUGtEt8kj2Puo/7NXa2hsMA0GCSqGSIb3DQEBBAUAA4GBADDiAVGqx+pf
-2rnQZQ8w1j7aDRRJbpGTJxQx78T3LUX47Me/okENI7SS+RkAZ70Br83gcfxa
-z2TE4JaY0KNA4gGK7ycH8WUBikQtBmV1UsCGECAhX2xrD2yuCRyv8qIYNMR1
-pHMc8Y3c7635s3a0kr/clRAevsvIO1qEYBlWlKlV
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/755f7420.0 b/cert-validity/mozilla/hashed/755f7420.0
deleted file mode 100644
index 0a8b244991e9..000000000000
--- a/cert-validity/mozilla/hashed/755f7420.0
+++ /dev/null
@@ -1,20 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDIDCCAgigAwIBAgIBJDANBgkqhkiG9w0BAQUFADA5MQswCQYDVQQGEwJG
-STEPMA0GA1UEChMGU29uZXJhMRkwFwYDVQQDExBTb25lcmEgQ2xhc3MxIENB
-MB4XDTAxMDQwNjEwNDkxM1oXDTIxMDQwNjEwNDkxM1owOTELMAkGA1UEBhMC
-RkkxDzANBgNVBAoTBlNvbmVyYTEZMBcGA1UEAxMQU29uZXJhIENsYXNzMSBD
-QTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALWJHytPZwp5/8Ue
-+H887dF+2rDNbS82rDTG29lkFwhjMDMiikzujrsPDUJVyZ0upe/3p4zDq7mX
-y47vPxVnqIJyY1MPQYx9EJUkoVqlBvqSV536pQHydekfvFYmUk54GWVYVQNY
-wBSujHxVX3BbdyMGNpfzJLWaRpXk3w0LBUXl0fIdgrvGE+D+qnr9aTCU89JF
-hfzyMlsy3uhsXR/LpCJ0sICOXZT3BgBLqdReLjVQCfOAl/QMF6452F/NM8Ec
-yonCIvdFEu1eEpOdY6uCLrnrQkFEy0oaAIINnvmLVz5MxxftLItyM19yejhW
-1ebZrgUaHXVFsculJRwSVzb9IjcCAwEAAaMzMDEwDwYDVR0TAQH/BAUwAwEB
-/zARBgNVHQ4ECgQIR+IMi/ZTiFIwCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEB
-BQUAA4IBAQCLGrLJXWG04bkruVPRsoWdd44W7hE928Jj2VuXZfsSZ9gqXLar
-5V7DtxYvyOirHYr9qxp81V9jz9yw3Xe5qObSIjiHBxTZ/75Wtf0HDjxVyhbM
-p6Z3N/vbXB9OWQaHowND9Rart4S9Tu+fMTfwRvFAttEMpWT4Y14h21VOTzF2
-nBBhjrZTOqMRvq9tfB69ri3iDGnHhVNoomG6xT60eVR4ngrHAr5i0RGCS2Uv
-kVrCqIexVmiUefkl98HVrhq4uz2PqYo4Ffdz0Fpg0YCw8NzVUM1O7pJIae2y
-Ix4wzMiUyLb1O4Z/P6Yun/Y+LLWSlj7fLJOK/4GMDw9ZIRlXvVWa
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/75680d2e.0 b/cert-validity/mozilla/hashed/75680d2e.0
deleted file mode 100644
index 0d8b05edf561..000000000000
--- a/cert-validity/mozilla/hashed/75680d2e.0
+++ /dev/null
@@ -1,26 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEMjCCAxqgAwIBAgIBATANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJH
-QjEbMBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxm
-b3JkMRowGAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UEAwwYQUFB
-IENlcnRpZmljYXRlIFNlcnZpY2VzMB4XDTA0MDEwMTAwMDAwMFoXDTI4MTIz
-MTIzNTk1OVowezELMAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFu
-Y2hlc3RlcjEQMA4GA1UEBwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENB
-IExpbWl0ZWQxITAfBgNVBAMMGEFBQSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczCC
-ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL5AnfRu4ep2hxxNRUSO
-vkbIgwadwSr+GB+O5AL686tdUIoWMQuaBtDFcCLNSS1UY8y2bmhGC1Pqy0wk
-wLxyTurxFa70VJoSCsN6sjNg4tqJVfMiWPPe3M/vg4aijJRPn2jymJBGhCfH
-dr/jzDUsi14HZGWCwEiwqJH5YZ92IFCokcdmtet4YgNW8IoaE+oxox6gmf04
-9vYnMlhvB/VruPsUK6+3qszWY19zjNoFmag4qMsXeDZRrOme9Hg6jc8P2ULi
-mAyrL58OAd7vn5lJ8S3frHRNG5i1R8XlKdH5kBjHYpy+g8cmez6KJcfA3Z3m
-NWgQIJ2P2N7Sw4ScDV7oL8kCAwEAAaOBwDCBvTAdBgNVHQ4EFgQUoBEKIz6W
-8Qfs4q8p74Klf9AwpLQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMB
-Af8wewYDVR0fBHQwcjA4oDagNIYyaHR0cDovL2NybC5jb21vZG9jYS5jb20v
-QUFBQ2VydGlmaWNhdGVTZXJ2aWNlcy5jcmwwNqA0oDKGMGh0dHA6Ly9jcmwu
-Y29tb2RvLm5ldC9BQUFDZXJ0aWZpY2F0ZVNlcnZpY2VzLmNybDANBgkqhkiG
-9w0BAQUFAAOCAQEACFb8AvCb6P+k+tZ7xkSAzk/ExfYAWMymtrwUSWgEdujm
-7l3sAg9g1o1QGE8mTgHj5rCl7r+8dFRBv/38ErjHT1r0iWAFf2C3BUrz9vHC
-v8S5dIa2LX1rzNLzRt0vxuBqw8M0Ayx9lt1awg6nCpnBBYurDC/zXDrPbDdV
-CYfeU0BsWO/8tqtlbgT2G9w84FoVxp7Z8VlIMCFlA2zs6SFz7JsDoeA3raAV
-GI/6ugLOpyypEBMs1OUIJqsil2D4kF501KKaU73yqWjgom7C12yxow+ev+to
-51byrvLjKzg6CYG1a4XXvi3tPxq3smPi9WIsgtRqAEFQ8TmDn5XpNpaYbg==
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/7651b327.0 b/cert-validity/mozilla/hashed/7651b327.0
deleted file mode 100644
index 30d2107d9ac8..000000000000
--- a/cert-validity/mozilla/hashed/7651b327.0
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICPDCCAaUCEDyRMcsf9tAbDpq40ES/Er4wDQYJKoZIhvcNAQEFBQAwXzEL
-MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQL
-Ey5DbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9y
-aXR5MB4XDTk2MDEyOTAwMDAwMFoXDTI4MDgwMjIzNTk1OVowXzELMAkGA1UE
-BhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz
-cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGf
-MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69q
-RUCPhAwL0TPZ2RHP7gJYHyX3KqhEBarsAx94f56TuZoAqiN91qyFomNFx3In
-zPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/isI19wKTakyYbnsZogy1Olhec9vn2a
-/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0GCSqGSIb3DQEBBQUAA4GBABBy
-UqkFFBkyCEHwxWsKzH4PIRnN5GfcX6kb5sroc50i2JhucwNhkcV8sEVAbkSd
-jbCxlnRhLQ2pRdKkkirWmnWXbj9T/UWZYB2oK0z5XqcJ2HUw19JlYD1n1khV
-dWk/kfVIC0dpImmClr7JyDiGSnoscxlIaU5rfGW/D/xwzoiQ
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/76579174.0 b/cert-validity/mozilla/hashed/76579174.0
deleted file mode 100644
index 08754538f6ef..000000000000
--- a/cert-validity/mozilla/hashed/76579174.0
+++ /dev/null
@@ -1,26 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEMDCCAxigAwIBAgIQUJRs7Bjq1ZxN1ZfvdY+grTANBgkqhkiG9w0BAQUF
-ADCBgjELMAkGA1UEBhMCVVMxHjAcBgNVBAsTFXd3dy54cmFtcHNlY3VyaXR5
-LmNvbTEkMCIGA1UEChMbWFJhbXAgU2VjdXJpdHkgU2VydmljZXMgSW5jMS0w
-KwYDVQQDEyRYUmFtcCBHbG9iYWwgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw
-HhcNMDQxMTAxMTcxNDA0WhcNMzUwMTAxMDUzNzE5WjCBgjELMAkGA1UEBhMC
-VVMxHjAcBgNVBAsTFXd3dy54cmFtcHNlY3VyaXR5LmNvbTEkMCIGA1UEChMb
-WFJhbXAgU2VjdXJpdHkgU2VydmljZXMgSW5jMS0wKwYDVQQDEyRYUmFtcCBH
-bG9iYWwgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEB
-AQUAA4IBDwAwggEKAoIBAQCYJB69FbS638eMpSe2OAtp87ZOqCwuIR1cRN8h
-XX4jdP5efrRKt6atH67gBhbim1vZZ3RrXYCPKZ2GG9mcDZhtdhAoWORlsH9K
-mHmf4MMxfoArtYzAQDsRhtDLooY2YKTVMIJt2W7QDxIEM5dfT2Fa8OT5kavn
-HTu86M/0ay00fOJIYRyO82FEzG+gSqmUsE3a56k0enI4qEHMPJQRfevIpoy3
-hsvKMzvZPTeL+3o+hiznc9cKV6xkmxnr9A8ECIqsAxcZZPRaJSKNNCyy9mgd
-Em3Tih4U2sSPpuIjhdV6Db1q4Ons7Be7QhtnqiXtRYMh/MHJfNViPvryxS3T
-/dRlAgMBAAGjgZ8wgZwwEwYJKwYBBAGCNxQCBAYeBABDAEEwCwYDVR0PBAQD
-AgGGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFMZPoj0GY4QJnM5i5ASs
-jVy16bYbMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9jcmwueHJhbXBzZWN1
-cml0eS5jb20vWEdDQS5jcmwwEAYJKwYBBAGCNxUBBAMCAQEwDQYJKoZIhvcN
-AQEFBQADggEBAJEVOQMBG2f7Shz5CmBbodpNl2L5JFMn14JkTpAuw0kbK5rc
-/Kh4ZzXxHfARvbdI4xD2Dd8/0sm2qlWkSLoC295ZLhVbO50WfUfXN+pfTXYS
-Nrsf16GBBEYgoyxtqZ4Bfj8pzgCT3/3JknOJiWSe5yvkHJEs0rnOfc5vMZnT
-5r7SHpDwCRR5XCOrTdLaIR9NmXmd4c8nnxCbHIgNsIpkQTG4DmyQJKSbXHGP
-urt+HBvbaoAPIbzp26a3QPSyi6mx5O+aGtA9aZnuqCij4Tyz8LIRnM98QObd
-50N9otg6tamN8jSZxNQQ4Qb9CYQQO+7ETPTsJ3xCwnR8gooJybQDJbw=
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/7999be0d.0 b/cert-validity/mozilla/hashed/7999be0d.0
deleted file mode 100644
index 137a3c0b52c5..000000000000
--- a/cert-validity/mozilla/hashed/7999be0d.0
+++ /dev/null
@@ -1,22 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDVDCCAjygAwIBAgIDAjRWMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYT
-AlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVz
-dCBHbG9iYWwgQ0EwHhcNMDIwNTIxMDQwMDAwWhcNMjIwNTIxMDQwMDAwWjBC
-MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UE
-AxMSR2VvVHJ1c3QgR2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
-MIIBCgKCAQEA2swYYzD99BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEH
-CIjaWC9mOSm9BXiLnTjoBbdqfnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlC
-GDUUna2YRpIuT8rxh0PBFpVXLVDviS2Aelet8u5fa9IAjbkU+BQVNdnARqN7
-csiRv8lVK83Qlz6cJmTM386DGXHKTubU1XupGc1V3sjs0l44U+VcT4wt/lAj
-Nvxm5suOpDkZALeVAjmRCw7+OC7RHQWa9k0+bw8HHa8sHo9gOeL6NlMTOdRe
-JivbPagUvTLrGAMoUgRx5aszPeE4uwc2hGKceeoWMPRfwCvocWvk+QIDAQAB
-o1MwUTAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTAephojYn7qwVkDBF9
-qn1luMrMTjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1luMrMTjANBgkq
-hkiG9w0BAQUFAAOCAQEANeMpauUvXVSOKVCUn5kaFOSPeCpilKInZ57Qzxpe
-R+nBsqTP3UEaBU6bS+5Kb1VSsyShNwrrZHYqLizz/Tt1kL/6cdjHPTfStQWV
-Yrmm3ok9Nns4d0iXrKYgjy6myQzCsplFAMfOEVEiIuCl6rYVSAlk6l5PdPcF
-PseKUgzbFbS9bZvlxrFUaKnjaZC2mqUPuLk/IH2uSrW4nOQdtqvmlKXBx4Ot
-2/Unhw4EbNX/3aBd7YdStysVAq45pmp06drE57xNNB6pXE0zX5IJL4hmXXeX
-xx12E6nV5fEWCRE11azbJHFwLJhWC9kXtNHjUStedejV0NxPNO3CBWaAocvm
-Mw==
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/7a481e66.0 b/cert-validity/mozilla/hashed/7a481e66.0
deleted file mode 100644
index be8a825e5135..000000000000
--- a/cert-validity/mozilla/hashed/7a481e66.0
+++ /dev/null
@@ -1,29 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEqjCCA5KgAwIBAgIOSkcAAQAC5aBd1j8AUb8wDQYJKoZIhvcNAQEFBQAw
-djELMAkGA1UEBhMCREUxHDAaBgNVBAoTE1RDIFRydXN0Q2VudGVyIEdtYkgx
-IjAgBgNVBAsTGVRDIFRydXN0Q2VudGVyIENsYXNzIDMgQ0ExJTAjBgNVBAMT
-HFRDIFRydXN0Q2VudGVyIENsYXNzIDMgQ0EgSUkwHhcNMDYwMTEyMTQ0MTU3
-WhcNMjUxMjMxMjI1OTU5WjB2MQswCQYDVQQGEwJERTEcMBoGA1UEChMTVEMg
-VHJ1c3RDZW50ZXIgR21iSDEiMCAGA1UECxMZVEMgVHJ1c3RDZW50ZXIgQ2xh
-c3MgMyBDQTElMCMGA1UEAxMcVEMgVHJ1c3RDZW50ZXIgQ2xhc3MgMyBDQSBJ
-STCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALTgu1G7OVyLBMVM
-eRwjhjEQY0NVJz/GRcekPewJDRoeIMJWHt4bNwcwIi9v8Qbxq63WyKthoy9D
-xLCyLfzDlml7forkzMA5EpBCYMnMNWju2l+QVl/NHE1bWEnrDgFPZPosPIlY
-2C8u4rBo6SI7dYnWRBpl8huXJh0obazovVkdKyT21oQDZogkAHhg8fir/gKy
-a/si+zXmFtGt9i4S5Po1auUZuV3bOx4a+9P/FRQI2AlqukWdFHlgfa9Aigdz
-s5OW03Q0jTo3Kd5c7PXuLjHCINy+8U9/I1LZW+Jk2ZyqBwi1Rb3R0DHBq1Sf
-qdLDYmAD8bs5SpJKPQq5ncWg/jcCAwEAAaOCATQwggEwMA8GA1UdEwEB/wQF
-MAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBTUovyfs8PYA9NXXAek
-0CSnwPIA1DCB7QYDVR0fBIHlMIHiMIHfoIHcoIHZhjVodHRwOi8vd3d3LnRy
-dXN0Y2VudGVyLmRlL2NybC92Mi90Y19jbGFzc18zX2NhX0lJLmNybIaBn2xk
-YXA6Ly93d3cudHJ1c3RjZW50ZXIuZGUvQ049VEMlMjBUcnVzdENlbnRlciUy
-MENsYXNzJTIwMyUyMENBJTIwSUksTz1UQyUyMFRydXN0Q2VudGVyJTIwR21i
-SCxPVT1yb290Y2VydHMsREM9dHJ1c3RjZW50ZXIsREM9ZGU/Y2VydGlmaWNh
-dGVSZXZvY2F0aW9uTGlzdD9iYXNlPzANBgkqhkiG9w0BAQUFAAOCAQEANmDk
-cPcGIEPZIxpC8vijsrlNirTzwppVMXzEO2eatN9NDoqTSheLG43KieHPOh6s
-HfGcMrSOWXaiQYUlN6AT0PV8TtXqluJucsG7Kv5sbviRmEb8yRtXW+rIGjs/
-sFGYPAfaLFkB2otE6OF0/ado3VS6g0bsyEa1+K+XwDsJHI/OcpY9M1ZwvJbL
-2NV9IJqDnxrcOfHFcqMRA/07QlIp2+gB95tejNaNhk4Z+rwcvsUhpYeeeC42
-2wlxo3I0+GzjBgnyXlal092Y+tTmBvTwtiBjS+opvaqCZh77gaqnN60TGOaS
-w4HBM7uIHqHn4rS9MWwOUT1v+5ZWgOI2F9Hc5A==
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/7a819ef2.0 b/cert-validity/mozilla/hashed/7a819ef2.0
deleted file mode 100644
index 8a7679142592..000000000000
--- a/cert-validity/mozilla/hashed/7a819ef2.0
+++ /dev/null
@@ -1,35 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFtzCCA5+gAwIBAgICBQkwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMC
-Qk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1Zh
-ZGlzIFJvb3QgQ0EgMjAeFw0wNjExMjQxODI3MDBaFw0zMTExMjQxODIzMzNa
-MEUxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMRsw
-GQYDVQQDExJRdW9WYWRpcyBSb290IENBIDIwggIiMA0GCSqGSIb3DQEBAQUA
-A4ICDwAwggIKAoICAQCaGMpLlA0ALa8DKYrwD4HIrkwZhR0In6spRIXzL4Gt
-Mh6QRr+jhiYaHv5+HBg6XJxgFyo6dIMzMH1hVBHL7avg5tKifvVrbxi3Cgst
-/ek+7wrGsxDp3MJGF/hd/aTa/55JWpzmM+Yklvc/ulsrHHo1wtZn/qtmUItt
-KGAr79dgw8eTvI02kfN/+NsRE8Scd3bBrrcCaoF6qUWD4gXmuVbBlDePSHFj
-IuwXZQeVikvfj8ZaCuWw419eaxGrDPmF60Tp+ARz8un+XJiM9XOva7R+zdRc
-AitMOeGylZUtQofX1bOQQ7dsE/He3fbE+Ik/0XX1ksOR1YqI0JDs3G3eicJl
-cZaLDQP9nL9bFqyS2+r+eXyt66/3FsvbzSUr5R/7mp/iUcw6UwxI5g69ybR2
-BlLmEROFcmMDBOAENisgGQLodKcftslWZvB1JdxnwQ5hYIizPtGo/KPaHbDR
-sSNU30R2be1B2MGyIrZTHN81Hdyhdyox5C315eXbyOD/5YDXC2Og/zOhD7os
-FRXql7PSorW+8oyWHhqPHWykYTe5hnMz15eWniN9gqRMgeKh0bpnX5UHoycR
-7hYQe7xFSkyyBNKr79X9DFHOUGoIMfmR2gyPZFwDwzqLID9ujWc9Otb+fVuI
-yV77zGHcizN300QyNQliBJIWENieJ0f7OyHj+OsdWwIDAQABo4GwMIGtMA8G
-A1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBQahGK8SEwz
-JQTU7tD2A8QZRtGUazBuBgNVHSMEZzBlgBQahGK8SEwzJQTU7tD2A8QZRtGU
-a6FJpEcwRTELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0
-ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJvb3QgQ0EgMoICBQkwDQYJKoZIhvcN
-AQEFBQADggIBAD4KFk2fBluornFdLwUvZ+YTRYPENvbzwCYMDbVHZF34tHLJ
-RqUDGCdViXh9duqWNIAXINzng/iN/Ae42l9NLmeyhP3ZRPx3UIHmfLTJDQty
-U/h2BwdBR5YM++CCJpNVjP4iH2BlfF/nJrP3MpCYUNQ3cVX2kiF495V5+vgt
-JodmVjB3pjd4M1IQWK4/YY7yarHvGH5KWWPKjaJW1acvvFYfzznB4vsKqBUs
-fU16Y8Zsl0Q80m/DShcK+JDSV6IZUaUtl0HaB0+pUNqQjZRG4T7wlP0QADj1
-O+hA4bRuVhogzG9Yje0uRY/W6ZM/57Es3zrWIozchLsib9D45MY56QSIPMO6
-61V6bYCZJPVsAfv4l7CUW+v90m/xd2gNNWQjrLhVoQPRTUIZ3Ph1WVaj+ahJ
-efivDrkRoHy3au000LYmYjgahwz46P0u05B/B5EqHdZ+XIWDmbA4CD/pXvk1
-B+TJYm5Xf6dQlfe6yJvmjqIBxdZmv3lh8zwc4bmCXF2gw+nYSL0ZohEUGW6y
-hhtoPkg3Goi3XZZenMfvJ2II4pEZXNLxId26F0KCl3GBUzGpn/Z9Yr9y4aOT
-HcyKJloJONDO1w2AFrR4pTqHTI2KpdVGl/IsELm8VCLAAVBpQ570su9t+Oza
-8eOx79+Rj1QqCyXBJhnEUhAFZdWCEOrCMc0u
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/7d3cd826.0 b/cert-validity/mozilla/hashed/7d3cd826.0
deleted file mode 100644
index f6cdfcd033a9..000000000000
--- a/cert-validity/mozilla/hashed/7d3cd826.0
+++ /dev/null
@@ -1,19 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIC5zCCAlACAQEwDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcTG1ZhbGlD
-ZXJ0IFZhbGlkYXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIElu
-Yy4xNTAzBgNVBAsTLFZhbGlDZXJ0IENsYXNzIDMgUG9saWN5IFZhbGlkYXRp
-b24gQXV0aG9yaXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZhbGljZXJ0LmNv
-bS8xIDAeBgkqhkiG9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMB4XDTk5MDYy
-NjAwMjIzM1oXDTE5MDYyNjAwMjIzM1owgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0
-IFZhbGlkYXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4x
-NTAzBgNVBAsTLFZhbGlDZXJ0IENsYXNzIDMgUG9saWN5IFZhbGlkYXRpb24g
-QXV0aG9yaXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZhbGljZXJ0LmNvbS8x
-IDAeBgkqhkiG9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMIGfMA0GCSqGSIb3
-DQEBAQUAA4GNADCBiQKBgQDjmFGWHOjVsQaBalfDcnWTq8+epvzzFlLWLU2f
-NUSoLgRNB0mKOCn1dzfnt6td3zZxFJmP3MKS8edgkpfs2Ejcv8ECIMYkpChM
-MFp2bbFc893enhBxoYjHW5tBbcqwuI4V7q0zK89HBFx1cQqYJJgpp0lZpd34
-t0NiYfPT4tBVPwIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAFa7AliEZwgs3x/b
-e0kz9dNnnfS0ChCzycUs4pJqcXgn8nCDQtM+z6lU9PHYkhaM0QTLS6vJn0Wu
-PIqpsHEzXcjFV9+vqDWzf4mH6eglkrh/hXqu1rweN1gqZ8mRzyqBPu3GOd/A
-PhmcGcwTTYJBtYze4D1gCCAPRX5ron+jjBXu
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/7d453d8f.0 b/cert-validity/mozilla/hashed/7d453d8f.0
deleted file mode 100644
index 53c88aa13fc6..000000000000
--- a/cert-validity/mozilla/hashed/7d453d8f.0
+++ /dev/null
@@ -1,26 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEGjCCAwICEQCbfgZJoz5iudXukEhxKe9XMA0GCSqGSIb3DQEBBQUAMIHK
-MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNV
-BAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5
-IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBD
-BgNVBAMTPFZlcmlTaWduIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlm
-aWNhdGlvbiBBdXRob3JpdHkgLSBHMzAeFw05OTEwMDEwMDAwMDBaFw0zNjA3
-MTYyMzU5NTlaMIHKMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24s
-IEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNV
-BAsTMShjKSAxOTk5IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQg
-dXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWduIENsYXNzIDMgUHVibGljIFBy
-aW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMzCCASIwDQYJKoZI
-hvcNAQEBBQADggEPADCCAQoCggEBAMu6nFL8eB8aHm8bN3O9+MlrlBIwT/A2
-R/XQkQr1F8ilYcEWQE37imGQ5XYgwREGfassbqb1EUGO+i2tKmFZpGcmTNDo
-vFJbcCAEWNF6yaRpvIMXZK0Fi7zQWM6NjPXr8EJJC52XJ2cybuGukxUccLwg
-TS8Y3pKI6GyFVxEa6X7jJhFUokWWVYPKMIno3Nij7SqAP395ZVc+FSBmCC+V
-k7+qRy+oRpfwEuL+wgorUeZ25rdGt+INpsyow0xZVYnm6FNcHOqd8GIWC6fJ
-Xwzw3sJ2zq/3avL6QaaiMxTJ5Xpj055iN9WFZZ4O5lMkdBteHRJTW8cs54NJ
-OxWuimi5V5cCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAERSWwauSCPc/L8my
-/uRan2Te2yFPhpk0djZX3dAVL8WtfxUfN2JzPtTnX84XA9s1+ivbrmAJXx5f
-j267Cz3qWhMeDGBvtcC1IyIuBwvLqXTLR7sdwdela8wv0kL9Sd2nic9TutoA
-Wii/gt/4uhMdUIaC/Y4wjylGsB49Ndo4YhYYSq3mtlFs3q9i6wHQHiT+eo8S
-GhJouPtmmRQURVyu565pF4ErWjfJXir0xuKhXFSbplQAz/DxwceYMBo7Nhbb
-o27q/a2ywtrvAkcTisDxszGtTxzhT5yvDwyd93gN2PQ1VoDat20Xj50egWTh
-/sVFuq1ruQp6Tk9LhO5L8X3dEQ==
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/81b9768f.0 b/cert-validity/mozilla/hashed/81b9768f.0
deleted file mode 100644
index 3d7216fee41f..000000000000
--- a/cert-validity/mozilla/hashed/81b9768f.0
+++ /dev/null
@@ -1,24 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUF
-ADBsMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYD
-VQQLExB3d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdo
-IEFzc3VyYW5jZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAwMFoXDTMxMTEx
-MDAwMDAwMFowbDELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IElu
-YzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNl
-cnQgSGlnaCBBc3N1cmFuY2UgRVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEB
-BQADggEPADCCAQoCggEBAMbM5XPm+9S75S0tMqbf5YE/yc0lSbZxKsPVlDRn
-ogocsF9ppkCxxLeyj9CYpKlBWTrT3JTWPNt0OKRKzE0lgvdKpVMSOO7zSW1x
-kX5jtqumX8OkhPhPYlG++MXs2ziS4wblCJEMxChBVfvLWokVfnHoNb9Ncgk9
-vjo4UFt3MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFBIk5lYYeBQVCmeVyJ3hlK
-V9Uu5l0cUyx+mM0aBhakaHPQNAQTXKFx01p8VdteZOE3hzBWBOURtCmAEvF5
-OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUeh10aUAsgEsxBu24LUTi4
-S8sCAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8w
-HQYDVR0OBBYEFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaAFLE+
-w2kD+L9HAdSYJhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3Nec
-nzyIZgYIVyHbIUf4KmeqvxgydkAQV8GK83rZEWWONfqe/EW1ntlMMUu4kehD
-LI6zeM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFpmyPInngiK3BD41VH
-MWEZ71jFhS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkK
-mNEVX58Svnw2Yzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E
-1CAx2/S6cCZdkGCevEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN
-7EeqJSdnoDfzAIJ9VNep+OkuE6N36B9K
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/8317b10c.0 b/cert-validity/mozilla/hashed/8317b10c.0
deleted file mode 100644
index 01e194e0ab89..000000000000
--- a/cert-validity/mozilla/hashed/8317b10c.0
+++ /dev/null
@@ -1,41 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIG0TCCBbmgAwIBAgIBezANBgkqhkiG9w0BAQUFADCByTELMAkGA1UEBhMC
-SFUxETAPBgNVBAcTCEJ1ZGFwZXN0MScwJQYDVQQKEx5OZXRMb2NrIEhhbG96
-YXRiaXp0b25zYWdpIEtmdC4xGjAYBgNVBAsTEVRhbnVzaXR2YW55a2lhZG9r
-MUIwQAYDVQQDEzlOZXRMb2NrIE1pbm9zaXRldHQgS296amVneXpvaSAoQ2xh
-c3MgUUEpIFRhbnVzaXR2YW55a2lhZG8xHjAcBgkqhkiG9w0BCQEWD2luZm9A
-bmV0bG9jay5odTAeFw0wMzAzMzAwMTQ3MTFaFw0yMjEyMTUwMTQ3MTFaMIHJ
-MQswCQYDVQQGEwJIVTERMA8GA1UEBxMIQnVkYXBlc3QxJzAlBgNVBAoTHk5l
-dExvY2sgSGFsb3phdGJpenRvbnNhZ2kgS2Z0LjEaMBgGA1UECxMRVGFudXNp
-dHZhbnlraWFkb2sxQjBABgNVBAMTOU5ldExvY2sgTWlub3NpdGV0dCBLb3pq
-ZWd5em9pIChDbGFzcyBRQSkgVGFudXNpdHZhbnlraWFkbzEeMBwGCSqGSIb3
-DQEJARYPaW5mb0BuZXRsb2NrLmh1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
-MIIBCgKCAQEAx1Ilstg91IRVCacbvWy5FPSKAtt2/GoqeKvld/Bu4IwjZ9ul
-ZJm53QE+b+8tmjwi8F3JV6BVQX/yQ15YglMxZc4e8ia6AFQer7C8HORSjKAy
-r7c3sVNnaHRnUPYtLmTeriZ539+Zhqurf4XsoPuAzPS4DB6TRWO53Lhbm+1b
-OdRfYrCnjnxmOCyqsQhjF2d9zL2z8cM/z1A57dEZgxXbhxInlrfa6uWdvLrq
-OU+L73Sa58XQ0uqGURzk/mQIKAR5BevKxXEOC++r6uwSEaEYBTJp0QwsGj0l
-mT+1fMptsK6ZmfoIYOcZwvK9UdPM0wKswREMgM6r3JSda6M5UzrWhQIDAMV9
-o4ICwDCCArwwEgYDVR0TAQH/BAgwBgEB/wIBBDAOBgNVHQ8BAf8EBAMCAQYw
-ggJ1BglghkgBhvhCAQ0EggJmFoICYkZJR1lFTEVNISBFemVuIHRhbnVzaXR2
-YW55IGEgTmV0TG9jayBLZnQuIE1pbm9zaXRldHQgU3pvbGdhbHRhdGFzaSBT
-emFiYWx5emF0YWJhbiBsZWlydCBlbGphcmFzb2sgYWxhcGphbiBrZXN6dWx0
-LiBBIG1pbm9zaXRldHQgZWxla3Ryb25pa3VzIGFsYWlyYXMgam9naGF0YXMg
-ZXJ2ZW55ZXN1bGVzZW5laywgdmFsYW1pbnQgZWxmb2dhZGFzYW5hayBmZWx0
-ZXRlbGUgYSBNaW5vc2l0ZXR0IFN6b2xnYWx0YXRhc2kgU3phYmFseXphdGJh
-biwgYXogQWx0YWxhbm9zIFN6ZXJ6b2Rlc2kgRmVsdGV0ZWxla2JlbiBlbG9p
-cnQgZWxsZW5vcnplc2kgZWxqYXJhcyBtZWd0ZXRlbGUuIEEgZG9rdW1lbnR1
-bW9rIG1lZ3RhbGFsaGF0b2sgYSBodHRwczovL3d3dy5uZXRsb2NrLmh1L2Rv
-Y3MvIGNpbWVuIHZhZ3kga2VyaGV0b2sgYXogaW5mb0BuZXRsb2NrLm5ldCBl
-LW1haWwgY2ltZW4uIFdBUk5JTkchIFRoZSBpc3N1YW5jZSBhbmQgdGhlIHVz
-ZSBvZiB0aGlzIGNlcnRpZmljYXRlIGFyZSBzdWJqZWN0IHRvIHRoZSBOZXRM
-b2NrIFF1YWxpZmllZCBDUFMgYXZhaWxhYmxlIGF0IGh0dHBzOi8vd3d3Lm5l
-dGxvY2suaHUvZG9jcy8gb3IgYnkgZS1tYWlsIGF0IGluZm9AbmV0bG9jay5u
-ZXQwHQYDVR0OBBYEFAlqYhaSsFq7VQ7LdTI6MuWyIckoMA0GCSqGSIb3DQEB
-BQUAA4IBAQCRalCc23iBmz+LQuM7/KbD7kPgz/PigDVJRXYC4uMvBcXxKufA
-QTPGtpvQMznNwNuhrWw3AkxYQTvyl5LGSKjN5Yo5iWH5Upfpvfb5lHTocQ68
-d4bDBsxafEp+NFAwLvt/MpqNPfMgW/hqyobzMUwsWYACff44yTB1HLdV47yf
-uqhthCgFdbOLDcCRVCHnpgu0mfVRQdzNo0ci2ccBgcTcR08m6h/t280NmPSj
-nLRzMkqWmf68f8glWPhY83ZmiVSkpj7EUFy6iRiCdUgh0k8T6GB+B3bbELVR
-5qq5aKrN9p2QdRLqOBrKROi3macqaJVmlaut74nLYKkGEsaUR+ko
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/8470719d.0 b/cert-validity/mozilla/hashed/8470719d.0
deleted file mode 100644
index 86c907eb9891..000000000000
--- a/cert-validity/mozilla/hashed/8470719d.0
+++ /dev/null
@@ -1,22 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDYTCCAkmgAwIBAgIQCgEBAQAAAnwAAAAKAAAAAjANBgkqhkiG9w0BAQUF
-ADA6MRkwFwYDVQQKExBSU0EgU2VjdXJpdHkgSW5jMR0wGwYDVQQLExRSU0Eg
-U2VjdXJpdHkgMjA0OCBWMzAeFw0wMTAyMjIyMDM5MjNaFw0yNjAyMjIyMDM5
-MjNaMDoxGTAXBgNVBAoTEFJTQSBTZWN1cml0eSBJbmMxHTAbBgNVBAsTFFJT
-QSBTZWN1cml0eSAyMDQ4IFYzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
-CgKCAQEAt49VcdKA3XtpeafwGFAyPGJn9gqVB93mG/Oe2dJBVGutn3y+Gc37
-RqtBaB4Y6lXIL5F4iSj7Jylg/9+PjDvJSZu1pJTOAeo+tWN7fyb9Gd3AIb2E
-0S1PRsNO3Ng3OTsor8udGuorryGlwSMiuLgbWhOHV4PR8CDn6E8jQrAApX2J
-6elhc5SYcSa8LWrg903w8bYqODGBDSnhAMFRD0xS+ARaqn1y07iHKrtjEAMq
-s6FPDVpeRrc9DvV07Jmf+T0kgYim3WBU6JU2PcYJk5qjEoAAVZkZR73QpXzD
-uvsf9/UP+Ky5tfQ3mBMY3oVbtwyCO4dvlTlYMNpuAWgXIszACwIDAQABo2Mw
-YTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAfBgNVHSMEGDAW
-gBQHw1EwpKrpRa41JPr/JCwz0LGdjDAdBgNVHQ4EFgQUB8NRMKSq6UWuNST6
-/yQsM9CxnYwwDQYJKoZIhvcNAQEFBQADggEBAF8+hnZuuDU8TjYcHnmYv/3V
-EhF5Ug7uMYm83X/50cYVIeiKAVQNOvtUudZj1LGqlk2iQk3UUx+LEN5/Zb5g
-EydxiKRz44Rj0aRV4VCT5hsOedBnvEbIvz8XDZXmxpBp3ue0L96VfdASPz0+
-f00/FGj1EVDVwfSQpQgdMWD/YIwjVAqv/qFuxdF6Kmh4zx6CCiC0H63lhbJq
-aHVOrSU3lIW+vaHU6rcMSzyd6BIA8F+sDeGscGNz9395nzIlQnQFgCi/vcEk
-llgVsRch6YlL2weIZ/QVrXA+L02FO8K32/6YaCOJ4XQP3vTFhGMpG8zLB8kA
-pKnXwiJPZ9d37CAFYd4=
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/84cba82f.0 b/cert-validity/mozilla/hashed/84cba82f.0
deleted file mode 100644
index f70bdb2df68c..000000000000
--- a/cert-validity/mozilla/hashed/84cba82f.0
+++ /dev/null
@@ -1,25 +0,0 @@
------BEGIN CERTIFICATE-----
-MIID+zCCAuOgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBtzE/MD0GA1UEAww2
-VMOcUktUUlVTVCBFbGVrdHJvbmlrIFNlcnRpZmlrYSBIaXptZXQgU2HEn2xh
-ecSxY8Sxc8SxMQswCQYDVQQGDAJUUjEPMA0GA1UEBwwGQU5LQVJBMVYwVAYD
-VQQKDE0oYykgMjAwNSBUw5xSS1RSVVNUIEJpbGdpIMSwbGV0acWfaW0gdmUg
-QmlsacWfaW0gR8O8dmVubGnEn2kgSGl6bWV0bGVyaSBBLsWeLjAeFw0wNTA1
-MTMxMDI3MTdaFw0xNTAzMjIxMDI3MTdaMIG3MT8wPQYDVQQDDDZUw5xSS1RS
-VVNUIEVsZWt0cm9uaWsgU2VydGlmaWthIEhpem1ldCBTYcSfbGF5xLFjxLFz
-xLExCzAJBgNVBAYMAlRSMQ8wDQYDVQQHDAZBTktBUkExVjBUBgNVBAoMTShj
-KSAyMDA1IFTDnFJLVFJVU1QgQmlsZ2kgxLBsZXRpxZ9pbSB2ZSBCaWxpxZ9p
-bSBHw7x2ZW5sacSfaSBIaXptZXRsZXJpIEEuxZ4uMIIBIjANBgkqhkiG9w0B
-AQEFAAOCAQ8AMIIBCgKCAQEAylIF1mMD2Bxf3dJ7XfIMYGFbazt0K3gNfUW9
-InTojAPBxhEqPZW8qZSwu5GXyGl8hMW0kWxsE2qkVa2kheiVfrMArwDCBRj1
-cJ02i67L5BuBf5OI+2pVu32Fks66WJ/bMsW9Xe8iSi9BB35JYbOG7E6mQW6E
-vAPs9TscyB/C7qju6hJKjRTP8wrgUDn5CDX4EVmt5yLqS8oUBt5CurKZ8y1U
-iBAG6uEaPj1nH/vO+3yC6BFdSsG5FOpU2WabfIl9BJpiyelSPJ6c79L1JuTm
-5Rh8i27fbMx4W09ysstcP4wFjdFMjK2Sx+F4f2VsSQZQLJ4ywtdKxnWKWU51
-b0dewQIDAQABoxAwDjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IB
-AQAV9VX/N5aAWSGk/KEVTCD21F/aAyT8z5Aa9CEKmu46sWrv7/hg0Uw2ZkUd
-82YCdAR7kjCo3gp2D++Vbr3JN+YaDayJSFvMgzbC9UZcWYJWtNX+I7TYVBxE
-q8Sn5RTOPEFhfEPmzcSBCYsk+1Ql1haolgxnB2+zUEfjHCQo3SqYpGH+2+oS
-N7wBGjSFvW5P55FyB0SFHljKVETd96y5y4khctuPwGkplyqjrhgjlxxBKot8
-KsF8kOipKMDTkcatKIdAaLX/7KfS0zgYnNN9aV3wxqUeJBujR/xpB2jn5Jq0
-7Q+hh4cCzofSSE7hvP/L8XKSRGQDJereW26fyfJOrN3H
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/86f32474.0 b/cert-validity/mozilla/hashed/86f32474.0
deleted file mode 100644
index eab0f9f23c00..000000000000
--- a/cert-validity/mozilla/hashed/86f32474.0
+++ /dev/null
@@ -1,48 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIH6jCCB1OgAwIBAgIBADANBgkqhkiG9w0BAQUFADCCARIxCzAJBgNVBAYT
-AkVTMRIwEAYDVQQIEwlCYXJjZWxvbmExEjAQBgNVBAcTCUJhcmNlbG9uYTEu
-MCwGA1UEChMlSVBTIEludGVybmV0IHB1Ymxpc2hpbmcgU2VydmljZXMgcy5s
-LjErMCkGA1UEChQiaXBzQG1haWwuaXBzLmVzIEMuSS5GLiAgQi02MDkyOTQ1
-MjEuMCwGA1UECxMlSVBTIENBIENMQVNFMyBDZXJ0aWZpY2F0aW9uIEF1dGhv
-cml0eTEuMCwGA1UEAxMlSVBTIENBIENMQVNFMyBDZXJ0aWZpY2F0aW9uIEF1
-dGhvcml0eTEeMBwGCSqGSIb3DQEJARYPaXBzQG1haWwuaXBzLmVzMB4XDTAx
-MTIyOTAxMDE0NFoXDTI1MTIyNzAxMDE0NFowggESMQswCQYDVQQGEwJFUzES
-MBAGA1UECBMJQmFyY2Vsb25hMRIwEAYDVQQHEwlCYXJjZWxvbmExLjAsBgNV
-BAoTJUlQUyBJbnRlcm5ldCBwdWJsaXNoaW5nIFNlcnZpY2VzIHMubC4xKzAp
-BgNVBAoUImlwc0BtYWlsLmlwcy5lcyBDLkkuRi4gIEItNjA5Mjk0NTIxLjAs
-BgNVBAsTJUlQUyBDQSBDTEFTRTMgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkx
-LjAsBgNVBAMTJUlQUyBDQSBDTEFTRTMgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
-dHkxHjAcBgkqhkiG9w0BCQEWD2lwc0BtYWlsLmlwcy5lczCBnzANBgkqhkiG
-9w0BAQEFAAOBjQAwgYkCgYEAqxf+DrDGaBtT8FK+n/ra+osTBLsBjzLZH49N
-zjaY2uQARIwo2BNEKqRrThckQpzTiKRBgtYj+4vJhuW5qYIF3PHeH+AMmVWY
-8jjsbJ0gA8DvqqPGZARRLXgNo9KoOtYkTOmWehisEyMiG3zoMRGzXwmqMHBx
-RiVrSXGAK5UBsh8CAwEAAaOCBEowggRGMB0GA1UdDgQWBBS4k/8uy9wsjqLn
-ev42USGjmFsMNDCCAUQGA1UdIwSCATswggE3gBS4k/8uy9wsjqLnev42USGj
-mFsMNKGCARqkggEWMIIBEjELMAkGA1UEBhMCRVMxEjAQBgNVBAgTCUJhcmNl
-bG9uYTESMBAGA1UEBxMJQmFyY2Vsb25hMS4wLAYDVQQKEyVJUFMgSW50ZXJu
-ZXQgcHVibGlzaGluZyBTZXJ2aWNlcyBzLmwuMSswKQYDVQQKFCJpcHNAbWFp
-bC5pcHMuZXMgQy5JLkYuICBCLTYwOTI5NDUyMS4wLAYDVQQLEyVJUFMgQ0Eg
-Q0xBU0UzIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MS4wLAYDVQQDEyVJUFMg
-Q0EgQ0xBU0UzIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MR4wHAYJKoZIhvcN
-AQkBFg9pcHNAbWFpbC5pcHMuZXOCAQAwDAYDVR0TBAUwAwEB/zAMBgNVHQ8E
-BQMDB/+AMGsGA1UdJQRkMGIGCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUH
-AwMGCCsGAQUFBwMEBggrBgEFBQcDCAYKKwYBBAGCNwIBFQYKKwYBBAGCNwIB
-FgYKKwYBBAGCNwoDAQYKKwYBBAGCNwoDBDARBglghkgBhvhCAQEEBAMCAAcw
-GgYDVR0RBBMwEYEPaXBzQG1haWwuaXBzLmVzMBoGA1UdEgQTMBGBD2lwc0Bt
-YWlsLmlwcy5lczBBBglghkgBhvhCAQ0ENBYyQ0xBU0UzIENBIENlcnRpZmlj
-YXRlIGlzc3VlZCBieSBodHRwOi8vd3d3Lmlwcy5lcy8wKQYJYIZIAYb4QgEC
-BBwWGmh0dHA6Ly93d3cuaXBzLmVzL2lwczIwMDIvMDoGCWCGSAGG+EIBBAQt
-FitodHRwOi8vd3d3Lmlwcy5lcy9pcHMyMDAyL2lwczIwMDJDTEFTRTMuY3Js
-MD8GCWCGSAGG+EIBAwQyFjBodHRwOi8vd3d3Lmlwcy5lcy9pcHMyMDAyL3Jl
-dm9jYXRpb25DTEFTRTMuaHRtbD8wPAYJYIZIAYb4QgEHBC8WLWh0dHA6Ly93
-d3cuaXBzLmVzL2lwczIwMDIvcmVuZXdhbENMQVNFMy5odG1sPzA6BglghkgB
-hvhCAQgELRYraHR0cDovL3d3dy5pcHMuZXMvaXBzMjAwMi9wb2xpY3lDTEFT
-RTMuaHRtbDBzBgNVHR8EbDBqMDGgL6AthitodHRwOi8vd3d3Lmlwcy5lcy9p
-cHMyMDAyL2lwczIwMDJDTEFTRTMuY3JsMDWgM6Axhi9odHRwOi8vd3d3YmFj
-ay5pcHMuZXMvaXBzMjAwMi9pcHMyMDAyQ0xBU0UzLmNybDAvBggrBgEFBQcB
-AQQjMCEwHwYIKwYBBQUHMAGGE2h0dHA6Ly9vY3NwLmlwcy5lcy8wDQYJKoZI
-hvcNAQEFBQADgYEAF2VcmZVDAyevJuXr0LMXI/dDqsfwfewPxqmurpYPdikc
-4gYtfibFPPqhwYHOU7BC0ZdXGhd+pFFhxu7pXu8Fuuu9D6eSb9ijBmgpjnn1
-/7/5p6/ksc7C0YBCJwUENPjDfxZ4IwwHJPJGR607VNCv1TGyr33I6unUVtkO
-E7LFRVA=
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/87753b0d.0 b/cert-validity/mozilla/hashed/87753b0d.0
deleted file mode 100644
index e06895456021..000000000000
--- a/cert-validity/mozilla/hashed/87753b0d.0
+++ /dev/null
@@ -1,33 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFbDCCA1SgAwIBAgIBATANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJV
-UzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEgMB4GA1UEAxMXR2VvVHJ1c3Qg
-VW5pdmVyc2FsIENBIDIwHhcNMDQwMzA0MDUwMDAwWhcNMjkwMzA0MDUwMDAw
-WjBHMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEgMB4G
-A1UEAxMXR2VvVHJ1c3QgVW5pdmVyc2FsIENBIDIwggIiMA0GCSqGSIb3DQEB
-AQUAA4ICDwAwggIKAoICAQCzVFLByT7y2dyxUxpZKeexw0Uo5dfR7cXFS6Gq
-dHtXr0om/Nj1XqduGdt0DE81WzILAePb63p3NeqqWuDW6KFXlPCQo3RWlEQw
-Ax5cTiuFJnSCegx2oG9NzkEtoBUGFF+3Qs17j1hhNNwqCPkuwwGmIkQcTAeC
-5lvO0Ep8BNMZcyfwqph/Lq9O64ceJHdqXbboW0W63MOhBW9Wjo8QJqVJwy7X
-QYci4E+GymC16qFjwAGXEHm9ADwSbSsVsaxLse4YuU6W3Nx2/zu+z18DwPw7
-6L5GG//aQMJS9/7jOvdqdzXQ2o3rXhhqMcceujwbKNZrVMaqW9eiLBsZzKIC
-9ptZvTdrhrVtgrrY6slWvKk2WP0+GfPtDCapkzj4T8FdIgbQl+rhrcZV4IEr
-KIM6+vR7IVEAvlI4zs1meaj0gVbi0IMJR1FbUGrP20gaXT73y/Zl92zxlfgC
-OzJWgjl6W70viRu/obTo/3+NjN8D8WBOWBFM66M/ECuDmgFz2ZRthAAnZqzw
-cEAJQpKtT5MNYQlRJNiS1QuUYbKHsu3/mjX/hVTK7URDrBs8FmtISgocQIgf
-ksILAAX/8sgCSqSqqcyZlpwvWOB94b67B9xfBHJcMTTD7F8t4D1kkCLm0ey4
-Lt1ZrtmhN79UNdxzMk+MBB4zsslG8dhcyFVQyWi9qLo2CQIDAQABo2MwYTAP
-BgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBR281Xh+qQ2+/CfXGJx7Tz0RzgQ
-KzAfBgNVHSMEGDAWgBR281Xh+qQ2+/CfXGJx7Tz0RzgQKzAOBgNVHQ8BAf8E
-BAMCAYYwDQYJKoZIhvcNAQEFBQADggIBAGbBxiPz2eAubl/oz66wsCVNK/g7
-WJtAJDday6sWSf+zdXkzoS9tcBc0kf5nfo/sm+VegqlVHy/c1FEHEv6sFj4s
-NcZj/NwQ6w2jqtB8zNHQL1EuxBRa3ugZ4T7GzKQp5y6EqgYweHZUcyiYWTjg
-AA1i00J9IZ+uPTqM1fp3DRgrFg5fNuH8KrUwJM/gYwx7WBr+mbpCErGR9Hxo
-4sjoryzqyX6uuyo9DRXcNJW2GHSoag/HtPQTxORb7QrSpJdMKu0vbBKJPfEn
-cKpqA1Ihn0CoZ1Dy81of398j9tx4TuaYT1U6U+Pv8vSfx3zYWK8pIpe44L2R
-LrB27FcRz+8pRPPphXpgY+RdM4kX2TGq2tbzGDVyz4crL2MjhF2EjD9XoIj8
-mZEoJmmZ1I+XRL6O1UixpCgp8RW04eWe3fiPpm8m1wk8OhwRDqZsN/etRIcs
-KMfYdIKz0G9KV7s1KSegi+ghp4dkNl3M2Basx7InQJJVOCiNUW7dFGdTbHFc
-JoRNdVq2fmBWqU2t+5sel/MN2dKXVHfaPRK34B7vCAas+YWH6aLcr34YEoP9
-VhdBLtUpgn2Z9DH2canPLAEnpQW5qrJITirvn5NSUZU8UnOOVkwXQMAJKOSL
-akhT2+zNVVXxxvjpoixMptEmX36vWkzaH6byHCx+rgIW0lbQL1dTR+iS
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/882de061.0 b/cert-validity/mozilla/hashed/882de061.0
deleted file mode 100644
index 10c23ddab629..000000000000
--- a/cert-validity/mozilla/hashed/882de061.0
+++ /dev/null
@@ -1,21 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDODCCAiCgAwIBAgIGIAYFFnACMA0GCSqGSIb3DQEBBQUAMDsxCzAJBgNV
-BAYTAlJPMREwDwYDVQQKEwhjZXJ0U0lHTjEZMBcGA1UECxMQY2VydFNJR04g
-Uk9PVCBDQTAeFw0wNjA3MDQxNzIwMDRaFw0zMTA3MDQxNzIwMDRaMDsxCzAJ
-BgNVBAYTAlJPMREwDwYDVQQKEwhjZXJ0U0lHTjEZMBcGA1UECxMQY2VydFNJ
-R04gUk9PVCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALcz
-uX7IJUqOtdu0KBuqV5Do0SLTZLrTk+jUrIZhQGpgV2hUhE28alQCBf/fm5oq
-rl0Hj0rDKH/v+yv6efHHrfAQUySQi2bJqIirr1qjAOm+ukbuW3N7LBeCgV5i
-LKECZbO9xSsAfsT8AzNXDe3i+s5dRdY4zTW2ssHQnIFKquSyAVwdj1+ZxLGt
-24gh65AIgoDzMKND5pCCrlUoSe1b16kQOA7+j0xbm0bqQfWwCHTD0IgztnzX
-dN/chNFDDnU5oSVAKOp4yw4sLjmdjItuFhwvJoIQ4uNllAoEwF73XVv4EOLQ
-unpL+943AAAaWyjj0pxzPjKHmKHJUS/X3qwzs08CAwEAAaNCMEAwDwYDVR0T
-AQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAcYwHQYDVR0OBBYEFOCMm9slSbPx
-fIbWskKHC9BroNnkMA0GCSqGSIb3DQEBBQUAA4IBAQA+0hyJLjX8+HXd5n9l
-iPRyTMks1zJO890ZeUe9jjtbkw9QSSQTaxQGcu8J06Gh40CEyecYMnQ8SG4P
-n0vU9x7Tk4ZkVJdjclDVVc/6IJMCopvDI5NOFlV2oHB5bc0hH88vLbwZ44gx
-+FkagQnIl6Z0x2DEW8xXjrJ1/RsCCdtZb3KTafcxQdaIOL+Hsr0Wefmq5L6I
-Jd1hJyMctTEHBDa0GpC9oHRxUIltvBTjD4au8as+x6AJzKNI0eDbZOeStc+v
-ckNwi/nDhDwTqn6Sm1dTk/pwwpEOMfmbZ13pljheX7NzTogVZ96edhBiIL5V
-aZVDADlN9u6wWk5JRFRYX0KD
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/895cad1a.0 b/cert-validity/mozilla/hashed/895cad1a.0
deleted file mode 100644
index 7a82a7002fbc..000000000000
--- a/cert-validity/mozilla/hashed/895cad1a.0
+++ /dev/null
@@ -1,22 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDVTCCAj2gAwIBAgIESTMAATANBgkqhkiG9w0BAQUFADAyMQswCQYDVQQG
-EwJDTjEOMAwGA1UEChMFQ05OSUMxEzARBgNVBAMTCkNOTklDIFJPT1QwHhcN
-MDcwNDE2MDcwOTE0WhcNMjcwNDE2MDcwOTE0WjAyMQswCQYDVQQGEwJDTjEO
-MAwGA1UEChMFQ05OSUMxEzARBgNVBAMTCkNOTklDIFJPT1QwggEiMA0GCSqG
-SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTNfc/c3et6FtzF8LRb+1VvG7q6KR5
-smzDo+/hn7E7SIX1mlwhIhAsxYLO2uOabjfhhyzcuQxauohV3/2q2x8x6gHx
-3zkBwRP9SFIhxFXf2tizVHa6dLG3fdfA6PZZxU3Iva0fFNrfWEQlMhkqx35+
-jq44sDB7R3IJMfAw28Mbdim7aXZOV/kbZKKTVrdvmW7bCgScEeOAH8tjlBAK
-qeFkgjH5jCftppkA9nCTGPihNIaj3XrCGHn2emU1z5DrvTOTn1OrczvmmzQg
-Lx3vqR1jGqCA2wMv+SYahtKNu6m+UjqHZ0gNv7Sg2Ca+I19zN38m5pIEo3/P
-IKe38zrKy5nLAgMBAAGjczBxMBEGCWCGSAGG+EIBAQQEAwIABzAfBgNVHSME
-GDAWgBRl8jGtKvf33VKWCscCwQ7vptU7ETAPBgNVHRMBAf8EBTADAQH/MAsG
-A1UdDwQEAwIB/jAdBgNVHQ4EFgQUZfIxrSr3991SlgrHAsEO76bVOxEwDQYJ
-KoZIhvcNAQEFBQADggEBAEs17szkrr/Dbq2flTtLP1se31cpolnKOOK5Gv+e
-5m4y3R6u6jW39ZORTtpC4cMXYFDy0VwmuYK36m3knITnA3kXr5g9lNvHugDn
-uL8BV8F3RTIMO/G0HAiw/VGgod2aHRM2mm23xzy54cXZF/qD1T0VoDy7Hgvi
-yJA/qIYM/PmLXoXLT1tLYhFHxUV8BS9BsZ4QaRuZluBVeftOhpm4lNqGOGqT
-o+fLbuXf6iFViZx9fX+Y9QCJ7uOEwFyWtcVG6kbghVW2G8kS1sHNzYDzAgE8
-yGnLRUhj2JTQ7IUOO04RZfSCjKY9ri4ilAnIXOo8gV0WKgOXFlUJ24pBgp5m
-mxE=
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/89c02a45.0 b/cert-validity/mozilla/hashed/89c02a45.0
deleted file mode 100644
index 7264793df37d..000000000000
--- a/cert-validity/mozilla/hashed/89c02a45.0
+++ /dev/null
@@ -1,17 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICiTCCAg+gAwIBAgIQH0evqmIAcFBUTAGem2OZKjAKBggqhkjOPQQDAzCB
-hTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQ
-MA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQx
-KzApBgNVBAMTIkNPTU9ETyBFQ0MgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw
-HhcNMDgwMzA2MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMC
-R0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2Fs
-Zm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNP
-TU9ETyBFQ0MgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwdjAQBgcqhkjOPQIB
-BgUrgQQAIgNiAAQDR3svdcmCFYX7deSRFtSrYpn1PlILBs5BAH+X4QokPB0B
-BO490o0JlwzgdeT6+3eKKvUDYEs2ixYjFq0JcfRK9ChQtP6IHG4/bC8vCVlb
-pVsLM5niwz2J+Wos77LTBumjQjBAMB0GA1UdDgQWBBR1cacZSBm8nZ3qQUff
-lMRId5nTeTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAKBggq
-hkjOPQQDAwNoADBlAjEA7wNbeqy3eApyt4jf/7VGFAkK+qDmfQjGGoe9GKhz
-vSbKYAydzpmfz1wPMOG+FDHqAjAU9JM8SaczepBGR7NjfRObTrdvGDeAU/7d
-IOA1mjbRxwG55tzd8/8dLDoWV9mSOdY=
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/8f7b96c4.0 b/cert-validity/mozilla/hashed/8f7b96c4.0
deleted file mode 100644
index e549ef88c129..000000000000
--- a/cert-validity/mozilla/hashed/8f7b96c4.0
+++ /dev/null
@@ -1,20 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDIDCCAomgAwIBAgIEN3DPtTANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQG
-EwJVUzEXMBUGA1UEChMORXF1aWZheCBTZWN1cmUxJjAkBgNVBAsTHUVxdWlm
-YXggU2VjdXJlIGVCdXNpbmVzcyBDQS0yMB4XDTk5MDYyMzEyMTQ0NVoXDTE5
-MDYyMzEyMTQ0NVowTjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDkVxdWlmYXgg
-U2VjdXJlMSYwJAYDVQQLEx1FcXVpZmF4IFNlY3VyZSBlQnVzaW5lc3MgQ0Et
-MjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA5Dk5kx5SBhsoNviyoynF
-7Y6yEb3+6+e0dMKP/wXn2Z0GvxLIPw7y1tEkshHe0XMJitSxLJgJDR5QRrKD
-pkWNYmi7hRsgcDKqQM2mll/EcTc/BPO3QSQ5BxoeLmFYoBIL5aXfxavqN3HM
-HMg3OrmXUqesxWoklE6ce8/AatbfIb0CAwEAAaOCAQkwggEFMHAGA1UdHwRp
-MGcwZaBjoGGkXzBdMQswCQYDVQQGEwJVUzEXMBUGA1UEChMORXF1aWZheCBT
-ZWN1cmUxJjAkBgNVBAsTHUVxdWlmYXggU2VjdXJlIGVCdXNpbmVzcyBDQS0y
-MQ0wCwYDVQQDEwRDUkwxMBoGA1UdEAQTMBGBDzIwMTkwNjIzMTIxNDQ1WjAL
-BgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUUJ4L6q9euSBIplBqy/3YIHqngnYw
-HQYDVR0OBBYEFFCeC+qvXrkgSKZQasv92CB6p4J2MAwGA1UdEwQFMAMBAf8w
-GgYJKoZIhvZ9B0EABA0wCxsFVjMuMGMDAgbAMA0GCSqGSIb3DQEBBQUAA4GB
-AAyGgq3oThr1jokn4jVYPSm0B482UJW/bsGe68SQsoWou7dC4A8HOd/7npCy
-0cE+U58DRLB+S/Rv5Hwf5+Kx5Lia78O9zt4LMjTZ3ijtM2vE1Nc9ElirfQkt
-y3D1E4qUoSek1nDFbZS1yX2doNLGCEnZZpum0/QL3MUmV+GRMOrN
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/8fe643df.0 b/cert-validity/mozilla/hashed/8fe643df.0
deleted file mode 100644
index 951c7f62c5e8..000000000000
--- a/cert-validity/mozilla/hashed/8fe643df.0
+++ /dev/null
@@ -1,48 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIH9zCCB2CgAwIBAgIBADANBgkqhkiG9w0BAQUFADCCARQxCzAJBgNVBAYT
-AkVTMRIwEAYDVQQIEwlCYXJjZWxvbmExEjAQBgNVBAcTCUJhcmNlbG9uYTEu
-MCwGA1UEChMlSVBTIEludGVybmV0IHB1Ymxpc2hpbmcgU2VydmljZXMgcy5s
-LjErMCkGA1UEChQiaXBzQG1haWwuaXBzLmVzIEMuSS5GLiAgQi02MDkyOTQ1
-MjEvMC0GA1UECxMmSVBTIENBIENMQVNFQTEgQ2VydGlmaWNhdGlvbiBBdXRo
-b3JpdHkxLzAtBgNVBAMTJklQUyBDQSBDTEFTRUExIENlcnRpZmljYXRpb24g
-QXV0aG9yaXR5MR4wHAYJKoZIhvcNAQkBFg9pcHNAbWFpbC5pcHMuZXMwHhcN
-MDExMjI5MDEwNTMyWhcNMjUxMjI3MDEwNTMyWjCCARQxCzAJBgNVBAYTAkVT
-MRIwEAYDVQQIEwlCYXJjZWxvbmExEjAQBgNVBAcTCUJhcmNlbG9uYTEuMCwG
-A1UEChMlSVBTIEludGVybmV0IHB1Ymxpc2hpbmcgU2VydmljZXMgcy5sLjEr
-MCkGA1UEChQiaXBzQG1haWwuaXBzLmVzIEMuSS5GLiAgQi02MDkyOTQ1MjEv
-MC0GA1UECxMmSVBTIENBIENMQVNFQTEgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
-dHkxLzAtBgNVBAMTJklQUyBDQSBDTEFTRUExIENlcnRpZmljYXRpb24gQXV0
-aG9yaXR5MR4wHAYJKoZIhvcNAQkBFg9pcHNAbWFpbC5pcHMuZXMwgZ8wDQYJ
-KoZIhvcNAQEBBQADgY0AMIGJAoGBALsw19zQVL01Tp/FTILq0VA8R5j8m2md
-d81u4D/u6zJfX5/S0HnllXNEITLgCtud186Nq1KLK3jgm1t99P1tCeWu4Wwd
-ByOgF9H5fahGRpEiqLJpxq339fWUoTCUvQDMRH/uxJ7JweaPCjbB/SQ9AaD1
-e+J8eGZDi09Z8pvZ+kmzAgMBAAGjggRTMIIETzAdBgNVHQ4EFgQUZyaW56G/
-2LUDnf473P7yiuYV3TAwggFGBgNVHSMEggE9MIIBOYAUZyaW56G/2LUDnf47
-3P7yiuYV3TChggEcpIIBGDCCARQxCzAJBgNVBAYTAkVTMRIwEAYDVQQIEwlC
-YXJjZWxvbmExEjAQBgNVBAcTCUJhcmNlbG9uYTEuMCwGA1UEChMlSVBTIElu
-dGVybmV0IHB1Ymxpc2hpbmcgU2VydmljZXMgcy5sLjErMCkGA1UEChQiaXBz
-QG1haWwuaXBzLmVzIEMuSS5GLiAgQi02MDkyOTQ1MjEvMC0GA1UECxMmSVBT
-IENBIENMQVNFQTEgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxLzAtBgNVBAMT
-JklQUyBDQSBDTEFTRUExIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MR4wHAYJ
-KoZIhvcNAQkBFg9pcHNAbWFpbC5pcHMuZXOCAQAwDAYDVR0TBAUwAwEB/zAM
-BgNVHQ8EBQMDB/+AMGsGA1UdJQRkMGIGCCsGAQUFBwMBBggrBgEFBQcDAgYI
-KwYBBQUHAwMGCCsGAQUFBwMEBggrBgEFBQcDCAYKKwYBBAGCNwIBFQYKKwYB
-BAGCNwIBFgYKKwYBBAGCNwoDAQYKKwYBBAGCNwoDBDARBglghkgBhvhCAQEE
-BAMCAAcwGgYDVR0RBBMwEYEPaXBzQG1haWwuaXBzLmVzMBoGA1UdEgQTMBGB
-D2lwc0BtYWlsLmlwcy5lczBCBglghkgBhvhCAQ0ENRYzQ0xBU0VBMSBDQSBD
-ZXJ0aWZpY2F0ZSBpc3N1ZWQgYnkgaHR0cDovL3d3dy5pcHMuZXMvMCkGCWCG
-SAGG+EIBAgQcFhpodHRwOi8vd3d3Lmlwcy5lcy9pcHMyMDAyLzA7BglghkgB
-hvhCAQQELhYsaHR0cDovL3d3dy5pcHMuZXMvaXBzMjAwMi9pcHMyMDAyQ0xB
-U0VBMS5jcmwwQAYJYIZIAYb4QgEDBDMWMWh0dHA6Ly93d3cuaXBzLmVzL2lw
-czIwMDIvcmV2b2NhdGlvbkNMQVNFQTEuaHRtbD8wPQYJYIZIAYb4QgEHBDAW
-Lmh0dHA6Ly93d3cuaXBzLmVzL2lwczIwMDIvcmVuZXdhbENMQVNFQTEuaHRt
-bD8wOwYJYIZIAYb4QgEIBC4WLGh0dHA6Ly93d3cuaXBzLmVzL2lwczIwMDIv
-cG9saWN5Q0xBU0VBMS5odG1sMHUGA1UdHwRuMGwwMqAwoC6GLGh0dHA6Ly93
-d3cuaXBzLmVzL2lwczIwMDIvaXBzMjAwMkNMQVNFQTEuY3JsMDagNKAyhjBo
-dHRwOi8vd3d3YmFjay5pcHMuZXMvaXBzMjAwMi9pcHMyMDAyQ0xBU0VBMS5j
-cmwwLwYIKwYBBQUHAQEEIzAhMB8GCCsGAQUFBzABhhNodHRwOi8vb2NzcC5p
-cHMuZXMvMA0GCSqGSIb3DQEBBQUAA4GBAH66iqyAAIQVCtWYUQxkxZwCWINm
-yq0eB81+atqAB98DNEock8RLWCA1NnHtogo1EqWmZaeFaQoO42Hu6r4okzPV
-7Oi+xNtff6j5YzHIa5biKcJboOeXNp13XjFr/tOn2yrb25aLH2betgPAK7N4
-1lUH5Y85UN4HI3LmvSAUS7SG
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/9339512a.0 b/cert-validity/mozilla/hashed/9339512a.0
deleted file mode 100644
index 4efc0c193d76..000000000000
--- a/cert-validity/mozilla/hashed/9339512a.0
+++ /dev/null
@@ -1,40 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIGnTCCBIWgAwIBAgICBcYwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMC
-Qk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1Zh
-ZGlzIFJvb3QgQ0EgMzAeFw0wNjExMjQxOTExMjNaFw0zMTExMjQxOTA2NDRa
-MEUxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMRsw
-GQYDVQQDExJRdW9WYWRpcyBSb290IENBIDMwggIiMA0GCSqGSIb3DQEBAQUA
-A4ICDwAwggIKAoICAQDMV0IWVJzmmNPTTe7+7cefQzlKZbPoFog02w1ZkXTP
-krgEQK0CSzGrvI2RaNggDhoB4hp7Thdd4oq3P5kazethq8Jlph+3t723j/z9
-cI8LoGe+AaJZz3HmDyl2/7FWeUUrH556VOijKTVopAFPD6QuN+8bv+OPEKhy
-q1hX51SGyMnzW9os2l2ObjyjPtr7guXd8lyyBTNvijbO0BNO/79KDDRMpsMh
-vVAEVeuxu537RR5kFd5VAYwCdrXLoT9CabwvvWhDFlaJKjdhkf2mrk7AyxRl
-lDdLkgbvBNDInIjbC3uBr7E9KsRlOni27tyAsdLTmZw67mtaa7ONt9XOnMK+
-pUsvFrGeaDsGb659n/je7Mwpp5ijJUMv7/FfJuGITfhebtfZFG4ZM2mnO4SJ
-k8RTVROhUXhA+LjJou57ulJCg54U7QVSWllWp5f8nT8KKdjcT5EOE7zelaTf
-i5m+rJsziO+1ga8bxiJTyPbH7pcUsMV8eFLI8M5ud2CEpukqdiDtWAEXMJPp
-Govgc2PZapKUSU60rUqFxKMiMPwJ7Wgic6aIDFUhWMXhOp8q3crhkODZc6ts
-gLjoC2SToJyMGf+z0gzskSaHirOi4XCPLArlzW1oUevaPwV/izLmE1xr/l9A
-4iLItLRkT9a6fUg+qGkM17uGcclzuD87nSVL2v9A6wIDAQABo4IBlTCCAZEw
-DwYDVR0TAQH/BAUwAwEB/zCB4QYDVR0gBIHZMIHWMIHTBgkrBgEEAb5YAAMw
-gcUwgZMGCCsGAQUFBwICMIGGGoGDQW55IHVzZSBvZiB0aGlzIENlcnRpZmlj
-YXRlIGNvbnN0aXR1dGVzIGFjY2VwdGFuY2Ugb2YgdGhlIFF1b1ZhZGlzIFJv
-b3QgQ0EgMyBDZXJ0aWZpY2F0ZSBQb2xpY3kgLyBDZXJ0aWZpY2F0aW9uIFBy
-YWN0aWNlIFN0YXRlbWVudC4wLQYIKwYBBQUHAgEWIWh0dHA6Ly93d3cucXVv
-dmFkaXNnbG9iYWwuY29tL2NwczALBgNVHQ8EBAMCAQYwHQYDVR0OBBYEFPLA
-E+CCQz777i9nMpY1XNu4ywLQMG4GA1UdIwRnMGWAFPLAE+CCQz777i9nMpY1
-XNu4ywLQoUmkRzBFMQswCQYDVQQGEwJCTTEZMBcGA1UEChMQUXVvVmFkaXMg
-TGltaXRlZDEbMBkGA1UEAxMSUXVvVmFkaXMgUm9vdCBDQSAzggIFxjANBgkq
-hkiG9w0BAQUFAAOCAgEAT62gLEz6wPJv92ZVqyM07ucp2sNbtrCD2dDQ4iH7
-82CnO11gUyeim/YIIirnv6By5ZwkajGxkHon24QRiSemd1o417+shvzuXYO8
-BsbRd2sPbSQvS3pspweWyuOEn62Iix2rFo1bZhfZFvSLgNLd+LJ2w/w4E6oM
-3kJpK27zPOuAJ9v1pkQNn1pVWQvVDVJIxa6f8i+AxeoyUDUSly7B4f/xI4hR
-OJ/yZlZ25w9Rl6VSDE1JUZU2Pb+iSwwQHYaZTKrzchGT5Or2m9qoXadNt54C
-rnMAyNojA+j56hl0YgCUyyIgvpSnWbWCar6ZeXqp8kokUvd0/bpO5qgdAm6x
-DYBEwa7TIzdfu4V8K5Iu6H6li92Z4b8nby1dqnuH/grdS/yO9SbkbnBCbjPs
-MZ57k8HkyWkaPcBrTiJt7qtYTcbQQcEr6k8Sh17rRdhs9ZgC06DYVYoGmRmi
-oHfRMJ6szHXug/WwYjnPbFfiTNKRCw51KBuav/0aQ/HKd/s7j2G4aSgWQgRe
-cCocIdiP4b0jWy10QJLZYxkNc91pvGJHvOB0K7Lrfb5BG7XARsWhIstfTsEo
-kt4YutUqKLsRixeTmJlglFwjz1onl14LBQaTNx47aTbrqZ5hHY8y2o4M1nQ+
-ewkk2gF3R8Q7zTSMmfXK4SVhM7JZG+Ju1zdXtg2pEto=
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/9685a493.0 b/cert-validity/mozilla/hashed/9685a493.0
deleted file mode 100644
index 3903fbbf2ac0..000000000000
--- a/cert-validity/mozilla/hashed/9685a493.0
+++ /dev/null
@@ -1,21 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDMDCCAhigAwIBAgICA+gwDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UEBhMC
-SEsxFjAUBgNVBAoTDUhvbmdrb25nIFBvc3QxIDAeBgNVBAMTF0hvbmdrb25n
-IFBvc3QgUm9vdCBDQSAxMB4XDTAzMDUxNTA1MTMxNFoXDTIzMDUxNTA0NTIy
-OVowRzELMAkGA1UEBhMCSEsxFjAUBgNVBAoTDUhvbmdrb25nIFBvc3QxIDAe
-BgNVBAMTF0hvbmdrb25nIFBvc3QgUm9vdCBDQSAxMIIBIjANBgkqhkiG9w0B
-AQEFAAOCAQ8AMIIBCgKCAQEArP84tulmAknjorThkPlAj3n54r15/gK97iSS
-HSL22oVyaf7XPwnU3ZG1ApzQjVrhVcNQhrkpJsLj2aDxaQMoIIBFIi1WpztU
-lVYiWR8o3x8gPW2iNr4joLFutbEnPzlTCeqrauh0ssJlXI6/fMN4hM2eFvz1
-Lk8gKgifd/PFHsSaUmYeSF7jEAaPIpjhZY4bXSNmO7ilMlHIhqqhqZ5/dpTC
-pmy3QfDVyAY45tQM4vM7TG1QjMSDJ8EThFk9nnV0ttgCXjqQesBCNnLsak3c
-78QA3xMYV18meMjWCnl3v/evt3a5pQuEF10Q6m/hq5URX208o1xNg1vysxmK
-gIsLhwIDAQABoyYwJDASBgNVHRMBAf8ECDAGAQH/AgEDMA4GA1UdDwEB/wQE
-AwIBxjANBgkqhkiG9w0BAQUFAAOCAQEADkbVPK7ih9legYsCmEEIjEy82tvu
-JxuC52pF7BaLT4Wg87JwvVqWuspube5Gi27nKi6Wsxkz67SfqLI37piol7Yu
-tmcn1KZJ/RyTZXaeQi/cImyaT/JaFTmxcdcrUehtHJjA2Sr0oYJ71clBoiMB
-dDhViw+5LmeiIAQ32pwL0xch4I+XeTRvhEgCIDMb5jREn5Fw9IBehEPCKdJs
-EhTkYY2sEJCehFC78JZvRZ+K88psT/oROhUVRsPNH4NbLUES7VBnQRM9IauU
-iqpOfMGx+6fWtScvl6tu4B3i0RwsH0Ti/L6RoZz71ilTc4afU9hDDl3WY4Jx
-HYB0yvbiAmvZWg==
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/9772ca32.0 b/cert-validity/mozilla/hashed/9772ca32.0
deleted file mode 100644
index 87e35a884e92..000000000000
--- a/cert-validity/mozilla/hashed/9772ca32.0
+++ /dev/null
@@ -1,22 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDfDCCAmSgAwIBAgIQGKy1av1pthU6Y2yv2vrEoTANBgkqhkiG9w0BAQUF
-ADBYMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjExMC8G
-A1UEAxMoR2VvVHJ1c3QgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0
-eTAeFw0wNjExMjcwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMFgxCzAJBgNVBAYT
-AlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMTEwLwYDVQQDEyhHZW9UcnVz
-dCBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG
-9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvrgVe//UfH1nrYNke8hCUy3f9oQIIGHW
-AVlqnEQRr+92/ZV+zmEwu3qDXwK9AWbK7hWNb6EwnL2hhZ6UOvNWiAAxz9ju
-apYC2e0DjPt1befquFUWBRaa9OBesYjAZIVcFU2Ix7e64HXprQU9nceJSOC7
-KMgD4TCTZF5SwFlwIjVXiIrxlQqD17wxcwE07e9GceBrAqg1cmuXm2bgyxx5
-X9gaBGgeRwLmnWDiNpcB3841kt++Z8dtd1k7j53WkBWUvEI0EME5+bEnPn7W
-inXFsq+W06Lem+SYvn3h6YGttm/81w7a4DSwDRp35+MImO9Y+pyEtzavwt+s
-0vQQBnBxNQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQE
-AwIBBjAdBgNVHQ4EFgQULNVQQZcVi/CPNmFbSvtr2ZnJM5IwDQYJKoZIhvcN
-AQEFBQADggEBAFpwfyzdtzRP9YZRqSa+S7iq8XEN3GHHoOo0Hnp3DwQ16CeP
-bJC/kRYkRj5KTs4rFtULUh38H2eiAkUxT87z+gOneZ1TatnaYzr4gNfTmeGl
-4b7UVXGYNTq+k+qurUKykG/g/CFNNWMziUnWm07Kx+dOCQD32sfvmWKZd7aV
-Il6KoKv0uHiYyjgZmclynnjNS6yvGaBzEi38wkG6gZHaFloxt/m0cYASSJly
-c1pZU8FjUjPtp8nSOQJw+uCxQmYpqptR7TBUIhRf2asdweSU8Pj1K/fqynhG
-1riR/aYNKxoUAT6A8EKglQdebc3MS6RFjasS6LPeWuWgfOgPIh1a6Vk=
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/9d6523ce.0 b/cert-validity/mozilla/hashed/9d6523ce.0
deleted file mode 100644
index bbb55c087ec1..000000000000
--- a/cert-validity/mozilla/hashed/9d6523ce.0
+++ /dev/null
@@ -1,35 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFsDCCA5igAwIBAgIQFci9ZUdcr7iXAF7kBtK8nTANBgkqhkiG9w0BAQUF
-ADBeMQswCQYDVQQGEwJUVzEjMCEGA1UECgwaQ2h1bmdod2EgVGVsZWNvbSBD
-by4sIEx0ZC4xKjAoBgNVBAsMIWVQS0kgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1
-dGhvcml0eTAeFw0wNDEyMjAwMjMxMjdaFw0zNDEyMjAwMjMxMjdaMF4xCzAJ
-BgNVBAYTAlRXMSMwIQYDVQQKDBpDaHVuZ2h3YSBUZWxlY29tIENvLiwgTHRk
-LjEqMCgGA1UECwwhZVBLSSBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5
-MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA4SUP7o3biDN1Z82t
-H306Tm2d0y8U82N0ywEhajfqhFAHSyZbCUNsIZ5qyNUD9WBpj8zwIuQf5/dq
-IjG3LBXy4P4AakP/h2XGtRrBp0xtInAhijHyl3SJCRImHJ7K2RKilTza6We/
-CKBk49ZCt0Xvl/T29de1ShUCWH2YWEtgvM3XDZoTM1PRYfl61dd4s5oz9wCG
-zh1NlDivqOx4UXCKXBCDUSH3ET00hl7lSM2XgYI1TBnsZfZrxQWh7kcT1rMh
-J5QQCtkkO7q+RBNGMD+XPNjX12ruOzjjK9SXDrkb5wdJfzcq+Xd4z1TtW0ad
-o4AOkUPB1ltfFLqfpo0kR0BZv3I4sjZsN/+Z0V0OWQqraffAsgRFelQArr5T
-9rXn4fg8ozHSqf4hUmTFpmfwdQcGlBSBVcYn5AGPF8Fqcde+S/uUWH1+ETOx
-QvdibBjWzwloPn9s9h6PYq2lY9sJpx8iQkEeb5mKPtf5P0B6ebClAZLSnT0I
-FaUQAS2zMnaolQ2zepr7BxB4EW/hj8e6DyUadCrlHJhBmd8hh+iVBmoKs2pH
-dmX2Os+PYhcZewoozRrSgx4hxyy/vv9haLdnG7t4TY3OZ+XkwY63I2binZB1
-NJipNiuKmpS5nezMirH4JYlcWrYvjB9teSSnUmjDhDXiZo1jDiVN1Rmy5nk3
-pyKdVDECAwEAAaNqMGgwHQYDVR0OBBYEFB4M97Zn8uGSJglFwFU5Lnc/Qkqi
-MAwGA1UdEwQFMAMBAf8wOQYEZyoHAAQxMC8wLQIBADAJBgUrDgMCGgUAMAcG
-BWcqAwAABBRFsMLHClZ87lt4DJX5GFPBphzYEDANBgkqhkiG9w0BAQUFAAOC
-AgEACbODU1kBPpVJufGBuvl2ICO1J2B01GqZNF5sAFPZn/KmsSQHRGoqxqWO
-eBLoR9lYGxMqXnmbnwoqZ6YlPwZpVnPDimZI+ymBV3QGypzqKOg4ZyYr8dW1
-P2WT+DZdjo2NQCCHGervJ8A9tDkPJXtoUHRVnAxZfVo9QZQlUgjgRywVMRnV
-vwdVxrsStZf0X4OFunHB2WyBEXYKCrC/gpf36j36+uwtqSiUO1bd0lEursC9
-CBWMd1I0ltabrNMdjmEPNXubrjlpC2JgQCA2j6/7Nu4tCEoduL+bXPjqpRug
-c6bY+G7gMwRfaKonh+3ZwZCc7b3jajWvY9+rGNm65ulK6lCKD2GTHuItGeIw
-lDWSXQ62B68ZgI9HkFFLLk3dheLSClIKF5r8GrBQAuUBo2M3IUxExJtRmREO
-c5wGj1QupyheRDmHVi03vYVElOEMSyycw5KFNGHLD7ibSkNS/jQ6fbjpKdx2
-qcgw+BRxgMYeNkh0IkFch4LoGHGLQYlE535YW6i4jRPpp2zDR+2zGp1iro2C
-6pSe3VkQw63d4k3jMdXH7OjysP6SHhYKGvzZ8/gntsm+HbRsZJB/9OTEW9c3
-rkIO3aQab3yIVMUWbuF6aC74Or8NpDyJO3inTmODBCEIZ43ygknQW/2xzQ+D
-hNQ+IIX3Sj0rnP0qCglN6oH4EZw=
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/9dbefe7b.0 b/cert-validity/mozilla/hashed/9dbefe7b.0
deleted file mode 100644
index a2d8b78d8888..000000000000
--- a/cert-validity/mozilla/hashed/9dbefe7b.0
+++ /dev/null
@@ -1,22 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDfTCCAmWgAwIBAgIBADANBgkqhkiG9w0BAQUFADBgMQswCQYDVQQGEwJK
-UDElMCMGA1UEChMcU0VDT00gVHJ1c3QgU3lzdGVtcyBDTy4sTFRELjEqMCgG
-A1UECxMhU2VjdXJpdHkgQ29tbXVuaWNhdGlvbiBFViBSb290Q0ExMB4XDTA3
-MDYwNjAyMTIzMloXDTM3MDYwNjAyMTIzMlowYDELMAkGA1UEBhMCSlAxJTAj
-BgNVBAoTHFNFQ09NIFRydXN0IFN5c3RlbXMgQ08uLExURC4xKjAoBgNVBAsT
-IVNlY3VyaXR5IENvbW11bmljYXRpb24gRVYgUm9vdENBMTCCASIwDQYJKoZI
-hvcNAQEBBQADggEPADCCAQoCggEBALx/7FebJOD+nLpCeamIivqA4PUHKUPq
-jgo0No0c+qe1OXj/l3X3L+SqawSERMqm4miO/VVQYg+kcQ7OBzgtQoVQrTyW
-b4vVog7P3kmJPdZkLjjlHmy1V4qe70gOzXppFodEtZDkBp2uoQSXWHnvIEqC
-a4wiv+wfD+mEce3xDuS4GBPMVjZd0ZoeUWs5bmB2iDQL87PRsJ3KYeJkHcFG
-B7hj3R4zZbOOCVVSPbW9/wfrrWFVGCypaZhKqkDFMxRldAD5kd6vA0jFQFTc
-D4SQaCDFkpbcLuUCRarAX1T4bepJz11sS6/vmsJWXMY1VkJqMF/Cq/biPT+z
-yRGPMUzXn0kCAwEAAaNCMEAwHQYDVR0OBBYEFDVK9U2vP9eCOKyrcWUXdYyd
-VZPmMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3
-DQEBBQUAA4IBAQCoh+ns+EBnXcPBZsdAS5f8hxOQWsTvoMpfi7ent/HWtWS3
-irO4G8za+6xmiEHO6Pzk2x6Ipu0nUBsCMCRGef4Eh3CXQHPRwMFXGZpppSeZ
-q51ihPZRwSzJIxXYKLerJRO1RuGGAv8mjMSIkh1W/hln8lXkgKNrnKt34VFx
-DSDbEJrbvXZ5B3eZKK2aXtqxT0QsNY6llsf9g/BYxnnWmHyojf6GPgcWkuF7
-5x3sM3Z+Qi5KhfmRiWiEA4Glm5q+4zfFVKtWOxgtQaQM+ELbmaDgcm+7XeEW
-T1MKZPlO9L9OVL14bIjqv5wTJMJwaaJ/D8g8rQjJsJhAoyrniIPtd490
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/9ec3a561.0 b/cert-validity/mozilla/hashed/9ec3a561.0
deleted file mode 100644
index d21b75083472..000000000000
--- a/cert-validity/mozilla/hashed/9ec3a561.0
+++ /dev/null
@@ -1,29 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEojCCA4qgAwIBAgIQRL4Mi1AAJLQR0zYlJWfJiTANBgkqhkiG9w0BAQUF
-ADCBrjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0
-IExha2UgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEw
-HwYDVQQLExhodHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xNjA0BgNVBAMTLVVU
-Ti1VU0VSRmlyc3QtQ2xpZW50IEF1dGhlbnRpY2F0aW9uIGFuZCBFbWFpbDAe
-Fw05OTA3MDkxNzI4NTBaFw0xOTA3MDkxNzM2NThaMIGuMQswCQYDVQQGEwJV
-UzELMAkGA1UECBMCVVQxFzAVBgNVBAcTDlNhbHQgTGFrZSBDaXR5MR4wHAYD
-VQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxITAfBgNVBAsTGGh0dHA6Ly93
-d3cudXNlcnRydXN0LmNvbTE2MDQGA1UEAxMtVVROLVVTRVJGaXJzdC1DbGll
-bnQgQXV0aGVudGljYXRpb24gYW5kIEVtYWlsMIIBIjANBgkqhkiG9w0BAQEF
-AAOCAQ8AMIIBCgKCAQEAsjmFpPJ9q0E7YkY3rs3BYHW8OWX5ShpHornMSMxq
-mNVNNRm5pELlzkniii8efNIxB8dOtINknS4p1aJkxIW9hVE1eaROaJB7HHqk
-kqgX8pgV8pPMyaQylbsMTzC9mKALi+VuG6JG+ni8om+rWV6lL8/K2m2qL+us
-obNqqrcuZzWLeeEeaYji5kbNoKXqvgvOdjp6Dpvq/NonWz1zHyLmSGHGTPNp
-saguG7bUMSAsvIKKjqQOpdeJQ/wWWq8dcdcRWdq6hw2v+vPhwvCkxWeM1tZU
-Ot4KpLoDd7NlyP0e03RiqhjKaJMeoYV+9Udly/hNVyh00jT/MLbu9mIwFIws
-6wIDAQABo4G5MIG2MAsGA1UdDwQEAwIBxjAPBgNVHRMBAf8EBTADAQH/MB0G
-A1UdDgQWBBSJgmd9xJ0mcABLtFBIfN49rgRufTBYBgNVHR8EUTBPME2gS6BJ
-hkdodHRwOi8vY3JsLnVzZXJ0cnVzdC5jb20vVVROLVVTRVJGaXJzdC1DbGll
-bnRBdXRoZW50aWNhdGlvbmFuZEVtYWlsLmNybDAdBgNVHSUEFjAUBggrBgEF
-BQcDAgYIKwYBBQUHAwQwDQYJKoZIhvcNAQEFBQADggEBALFtYV2mGn98q0rk
-MPxTbyUkxsrt4jFcKw7u7mFVbwQ+zznexRtJlOTrIEy05p5QLnLZjfWqo7NK
-2lYcYJeA3IKirUq9iiv/Cwm0xtcgBEXkzYABurorbs6q15L+5K/r9CYdFip/
-bDCVNy8zEqx/3cfREYxRmLLQo5HQrfafnoOTHh1CuEava2bwm3/q4wMC5QJR
-warVNZ1yQAOJujEdxRBoUp7fooXFXAimeOZTT7Hot9MUnpOmw2TjrH5xzbyf
-6QMbzPvprDHBr3wVdAKZw7JHpsIyYdfHb0gkUSeh1YdV8nuPmD0Wnu51tvjQ
-jvLzxq4oW6fw8zYX/MMF08oDSlQ=
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/9f533518.0 b/cert-validity/mozilla/hashed/9f533518.0
deleted file mode 100644
index 02570d37a9eb..000000000000
--- a/cert-validity/mozilla/hashed/9f533518.0
+++ /dev/null
@@ -1,44 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIHSTCCBTGgAwIBAgIJAMnN0+nVfSPOMA0GCSqGSIb3DQEBBQUAMIGsMQsw
-CQYDVQQGEwJFVTFDMEEGA1UEBxM6TWFkcmlkIChzZWUgY3VycmVudCBhZGRy
-ZXNzIGF0IHd3dy5jYW1lcmZpcm1hLmNvbS9hZGRyZXNzKTESMBAGA1UEBRMJ
-QTgyNzQzMjg3MRswGQYDVQQKExJBQyBDYW1lcmZpcm1hIFMuQS4xJzAlBgNV
-BAMTHkdsb2JhbCBDaGFtYmVyc2lnbiBSb290IC0gMjAwODAeFw0wODA4MDEx
-MjMxNDBaFw0zODA3MzExMjMxNDBaMIGsMQswCQYDVQQGEwJFVTFDMEEGA1UE
-BxM6TWFkcmlkIChzZWUgY3VycmVudCBhZGRyZXNzIGF0IHd3dy5jYW1lcmZp
-cm1hLmNvbS9hZGRyZXNzKTESMBAGA1UEBRMJQTgyNzQzMjg3MRswGQYDVQQK
-ExJBQyBDYW1lcmZpcm1hIFMuQS4xJzAlBgNVBAMTHkdsb2JhbCBDaGFtYmVy
-c2lnbiBSb290IC0gMjAwODCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
-ggIBAMDfVtPkOpt2RbQT2//BthmLN0EYlVJH6xedKYiONWwGMi5HYvNJBL99
-RDaxccy9Wglz1dmFRP+RVyXfXjaOcNFccUMd2drvXNL7G706tcuto8xEpw2u
-IRU/uXpbknXYpBI4iRmKt4DS4jJvVpyR1ogQC7N0ZJJ0YPP2zxhPYLIj0Mc7
-zmFLmY/CDNBAspjcDahOo7kKrmCgrUVSY7pmvWjg+b4aqIG7HkF4ddPB/gBV
-sIdU6CeQNR1MM62X/JcumIS/LMmjv9GYERTtY/jKmIhYF5ntRQOXfjyGHoiM
-vvKRhI9lNNgATH23MRdaKXoKGCQwoze1eqkBfSbW+Q6OWfH9GzO1KTsXO0G2
-Id3UwD2ln58fQ1DJu7xsepeY7s2MH/ucUa6LcL0nn3HAa6x9kGbo1106DbDV
-wo3VyJ2dwW3Q0L9R5OP4wzg2rtandeavhENdk5IMagfeOx2YItaswTXbo6Al
-/3K1dh3ebeksZixShNBFks4c5eUzHdwHU1SjqoI7mjcv3N2gZOnm3b2u/GSF
-HTynyQbehP9r6GsaPMWis0L7iwk+XwhSx2LE1AVxv8Rk5Pihg+g+EpuoHtQ2
-TS9x9o0o9oOpE9JhwZG7SMA0j0GMS0zbaRL/UJScIINZc+18ofLx/d33SdND
-WKBWY8o9PeU1VlnpDsogzCtLkykPAgMBAAGjggFqMIIBZjASBgNVHRMBAf8E
-CDAGAQH/AgEMMB0GA1UdDgQWBBS5CcqcHtvTbDprru1U8VuTBjUuXjCB4QYD
-VR0jBIHZMIHWgBS5CcqcHtvTbDprru1U8VuTBjUuXqGBsqSBrzCBrDELMAkG
-A1UEBhMCRVUxQzBBBgNVBAcTOk1hZHJpZCAoc2VlIGN1cnJlbnQgYWRkcmVz
-cyBhdCB3d3cuY2FtZXJmaXJtYS5jb20vYWRkcmVzcykxEjAQBgNVBAUTCUE4
-Mjc0MzI4NzEbMBkGA1UEChMSQUMgQ2FtZXJmaXJtYSBTLkEuMScwJQYDVQQD
-Ex5HbG9iYWwgQ2hhbWJlcnNpZ24gUm9vdCAtIDIwMDiCCQDJzdPp1X0jzjAO
-BgNVHQ8BAf8EBAMCAQYwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUH
-AgEWHGh0dHA6Ly9wb2xpY3kuY2FtZXJmaXJtYS5jb20wDQYJKoZIhvcNAQEF
-BQADggIBAICIf3DekijZBZRG/5BXqfEv3xoNa/p8DhxJJHkn2EaqbylZUohw
-EurdPfWbU1Rv4WCiqAm57OtZfMY18dwY6fFn5a+6ReAJ3spED8IXDneRRXoz
-X1+WLGiLwUePmJs9wOzL9dWCkoQ10b42OFZyMVtHLaoXpGNR6woBrX/sdZ7L
-oR/xfxKxueRkf2fWIyr0uDldmOghp+G9PUIadJpwr2hsUF1Jz//7Dl3mLEfX
-gTpZALVza2Mg9jFFCDkO9HB+QHBaP9BrQql0PSgvAm11cpUJjUhjxsYjV5KT
-XjXBjfkK9yydYhz2rXzdpjEetrHHfoUm+qRqtdpjMNHvkzeyZi99Bffnt0uY
-lDXA2TopwZ2yUDMdSqlapskD7+3056huirRXhOukP9DuqqqHW2Pok+JrqNS4
-cnhrG+055F3Lm6qH1U9OAP7Zap88MQ8oAgF9mOinsKJknnn4SPIVqczmyETr
-P3iZ8ntxPjzxmKfFGBI/5rsoM0LpRQp8bfKGeS/Fghl9CYl8slR2iK7ewfPM
-4W7bMdaTrpmg7yVqc5iJWzouE4gev8CSlDQb4ye3ix5vQv/n6TebUB0tovkC
-7stYWDpxvGjjqsGvHCgfotwjZT+B6q6Z09gwzxMNTxXJhLynSC34MCN32EZL
-eW32jO06f2ARePTpm67VVMB0gNELQp/B
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/a0bc6fbb.0 b/cert-validity/mozilla/hashed/a0bc6fbb.0
deleted file mode 100644
index 0569b4e5c056..000000000000
--- a/cert-validity/mozilla/hashed/a0bc6fbb.0
+++ /dev/null
@@ -1,30 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIExTCCA62gAwIBAgIBADANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJF
-VTEnMCUGA1UEChMeQUMgQ2FtZXJmaXJtYSBTQSBDSUYgQTgyNzQzMjg3MSMw
-IQYDVQQLExpodHRwOi8vd3d3LmNoYW1iZXJzaWduLm9yZzEgMB4GA1UEAxMX
-R2xvYmFsIENoYW1iZXJzaWduIFJvb3QwHhcNMDMwOTMwMTYxNDE4WhcNMzcw
-OTMwMTYxNDE4WjB9MQswCQYDVQQGEwJFVTEnMCUGA1UEChMeQUMgQ2FtZXJm
-aXJtYSBTQSBDSUYgQTgyNzQzMjg3MSMwIQYDVQQLExpodHRwOi8vd3d3LmNo
-YW1iZXJzaWduLm9yZzEgMB4GA1UEAxMXR2xvYmFsIENoYW1iZXJzaWduIFJv
-b3QwggEgMA0GCSqGSIb3DQEBAQUAA4IBDQAwggEIAoIBAQCicKLQn0KuWxfH
-2H3PFIP8T8mhtxOviteePgQKkotgVvq0Mi+ITaFgCPS3CU6gSS9J1tPfnZda
-n5QEcOw/Wdm3zGaLmFIoCQLfxS+EjXqXd7/sQJ0lcqu1PzKY+7e3/HKE5TWH
-+VX6ox8Oby4o3Wmg2UIQxvi1RMLQQ3/bvOSiPGpVeAp3qdjqGTK3L/5cPxvu
-sZjsyq16aUXjlg9V9ubtdepl6DJWk0aJqCWKZQbua795B9Dxt6/tLE2Su8Co
-X6dnfQTyFQhwrJLWfQTSM/tMtgsL+xrJxI0DqX5c8lCrEqWhz0hQpe/SyBoT
-+rB/sYIcd2oPX9wLlY/vQ37mRQklAgEDo4IBUDCCAUwwEgYDVR0TAQH/BAgw
-BgEB/wIBDDA/BgNVHR8EODA2MDSgMqAwhi5odHRwOi8vY3JsLmNoYW1iZXJz
-aWduLm9yZy9jaGFtYmVyc2lnbnJvb3QuY3JsMB0GA1UdDgQWBBRDnDafsJ4w
-TcbOX60Qq+UDpfqpFDAOBgNVHQ8BAf8EBAMCAQYwEQYJYIZIAYb4QgEBBAQD
-AgAHMCoGA1UdEQQjMCGBH2NoYW1iZXJzaWducm9vdEBjaGFtYmVyc2lnbi5v
-cmcwKgYDVR0SBCMwIYEfY2hhbWJlcnNpZ25yb290QGNoYW1iZXJzaWduLm9y
-ZzBbBgNVHSAEVDBSMFAGCysGAQQBgYcuCgEBMEEwPwYIKwYBBQUHAgEWM2h0
-dHA6Ly9jcHMuY2hhbWJlcnNpZ24ub3JnL2Nwcy9jaGFtYmVyc2lnbnJvb3Qu
-aHRtbDANBgkqhkiG9w0BAQUFAAOCAQEAPDtwkfkEVCeR4e3t/mh/YV3lQWVP
-MvEYBZRqHN4fcNs+ezICNLUMbKGKfKX0j//U2K0X1S0E0T9YgOKBWYi+wONG
-kyT+kL0mojAt6JcmVzWJdJYY9hXiryQZVgICsroPFOrGimbBhkVVi76Svpyk
-BMdJPJ7oKXqJ1/6v/2j1pReQvayZzKWGVwlnRtvWFsJG8eSpUPWP0ZIV018+
-xgBJOm5YstHRJw0lyDL4IBHNfTIzSJRUTN3cecQwn+uOuFW114hcxWokPbLT
-BQNRxgfvzBRydD1ucs4YKIxKoHflCStFREest2d/AYoFWpO+ocH/+OcOZ6RH
-SXZddZAa9SaP8A==
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/a15b3b6b.0 b/cert-validity/mozilla/hashed/a15b3b6b.0
deleted file mode 100644
index bf437fefaa3f..000000000000
--- a/cert-validity/mozilla/hashed/a15b3b6b.0
+++ /dev/null
@@ -1,21 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDKTCCApKgAwIBAgIENm7TzjANBgkqhkiG9w0BAQUFADBGMQswCQYDVQQG
-EwJVUzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMREw
-DwYDVQQLEwhEU1RDQSBFMjAeFw05ODEyMDkxOTE3MjZaFw0xODEyMDkxOTQ3
-MjZaMEYxCzAJBgNVBAYTAlVTMSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVy
-ZSBUcnVzdCBDby4xETAPBgNVBAsTCERTVENBIEUyMIGdMA0GCSqGSIb3DQEB
-AQUAA4GLADCBhwKBgQC/k48Xku8zExjrEH9OFr//Bo8qhbxe+SSmJIi2A7fB
-w18DW9Fvrn5C6mYjuGODVvsoLeE4i7TuqAHhzhy2iCoiRoX7n6dwqUcUP87e
-ZfCocfdPJmyMvMa1795JJ/9IKn3oTQPMx7JSxhcxEzu1TdvIxPbDDyQq2gyd
-55FbgM2UnQIBA6OCASQwggEgMBEGCWCGSAGG+EIBAQQEAwIABzBoBgNVHR8E
-YTBfMF2gW6BZpFcwVTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG0RpZ2l0YWwg
-U2lnbmF0dXJlIFRydXN0IENvLjERMA8GA1UECxMIRFNUQ0EgRTIxDTALBgNV
-BAMTBENSTDEwKwYDVR0QBCQwIoAPMTk5ODEyMDkxOTE3MjZagQ8yMDE4MTIw
-OTE5MTcyNlowCwYDVR0PBAQDAgEGMB8GA1UdIwQYMBaAFB6CTShlgDzJQW6s
-NS5ay97u+DlbMB0GA1UdDgQWBBQegk0oZYA8yUFurDUuWsve7vg5WzAMBgNV
-HRMEBTADAQH/MBkGCSqGSIb2fQdBAAQMMAobBFY0LjADAgSQMA0GCSqGSIb3
-DQEBBQUAA4GBAEeNg61i8tuwnkUiBbmi1gMOOHLnnvx75pO2mqWilMg0HZHR
-xdf0CiUPPXiBng+xZ8SQTGPdXqfiup/1902lMXucKS1M/mQ+7LZT/uqb7YLb
-dHVLB3luHtgZg3Pe9T7Qtd7nS2h9Qy4qIOF+oHhEngj1mPnHfxsb1gYgAlih
-w6ID
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/a2df7ad7.0 b/cert-validity/mozilla/hashed/a2df7ad7.0
deleted file mode 100644
index bf5fdbf97453..000000000000
--- a/cert-validity/mozilla/hashed/a2df7ad7.0
+++ /dev/null
@@ -1,26 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEFTCCAv2gAwIBAgIBATANBgkqhkiG9w0BAQUFADBkMQswCQYDVQQGEwJT
-RTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRU
-UCBOZXR3b3JrMSAwHgYDVQQDExdBZGRUcnVzdCBQdWJsaWMgQ0EgUm9vdDAe
-Fw0wMDA1MzAxMDQxNTBaFw0yMDA1MzAxMDQxNTBaMGQxCzAJBgNVBAYTAlNF
-MRQwEgYDVQQKEwtBZGRUcnVzdCBBQjEdMBsGA1UECxMUQWRkVHJ1c3QgVFRQ
-IE5ldHdvcmsxIDAeBgNVBAMTF0FkZFRydXN0IFB1YmxpYyBDQSBSb290MIIB
-IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6Rowj4OIFMEg2Dybjxt+
-A3S72mnTRqX4jsIMEZBRpS9mVEBV6tsfSlbunyNu9DnLoblv8n75XYcmYZ4c
-+OLspoH4IcUkzBEMP9smcnrHAZcHF/nXGCwwfQ56HmIexkvA/X1id9NEHif2
-P0tEs7c42TkfYNVRknMDtABp4/MUTu7R3AnPdzRGULD4EfL+OHn3Bzn+UZKX
-C1sIXzSGAa2Il+tmzV7R/9x98oTaunet3IAIx6eH1lWfl2royBFkuucZKT8R
-s3iQhCBSWxHveNCD9tVIkNAwHM+A+WD+eeSI8t0A65RF62WUaUC6wNW0uLp9
-BBGo6zEFlpROWCGOn9Bg/QIDAQABo4HRMIHOMB0GA1UdDgQWBBSBPjfYkrAf
-d59ctKtzquf2NGAv+jALBgNVHQ8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zCB
-jgYDVR0jBIGGMIGDgBSBPjfYkrAfd59ctKtzquf2NGAv+qFopGYwZDELMAkG
-A1UEBhMCU0UxFDASBgNVBAoTC0FkZFRydXN0IEFCMR0wGwYDVQQLExRBZGRU
-cnVzdCBUVFAgTmV0d29yazEgMB4GA1UEAxMXQWRkVHJ1c3QgUHVibGljIENB
-IFJvb3SCAQEwDQYJKoZIhvcNAQEFBQADggEBAAP3FUr4JNojVhaTdt02KLmu
-G7jD8WS6IBh4lSknVwW8fCr0uVFV2ocC3g8WFzH4qnkuCRO7r7IgGRLlk/lL
-+YPoRNWyQSW/iHVv/xD8SlTQX/D67zZzfRs2RcYhbbQVuE7PnFylPVoAjgbj
-PGsye/Kf8Lb93/AoGEjwxrzQvzSAlsJKsW2Ox5BF3i9nrEUEo3rcVZLJR2bY
-GozH7ZxOmuASu7VqTITh4SINhwBk/ox9Yjllpu9CtoAlEmEBqCQTcAARJl/6
-NVDFSMwGR+gn2HCNX2TmoUQmXiLsks3/QppEIW1cxeMiHV9HEufOX1362Kqx
-My3ZdvJOOjMMK7MtkAY=
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/a3896b44.0 b/cert-validity/mozilla/hashed/a3896b44.0
deleted file mode 100644
index ea0efb7d73ca..000000000000
--- a/cert-validity/mozilla/hashed/a3896b44.0
+++ /dev/null
@@ -1,22 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDWjCCAkKgAwIBAgIBADANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJK
-UDEYMBYGA1UEChMPU0VDT00gVHJ1c3QubmV0MScwJQYDVQQLEx5TZWN1cml0
-eSBDb21tdW5pY2F0aW9uIFJvb3RDQTEwHhcNMDMwOTMwMDQyMDQ5WhcNMjMw
-OTMwMDQyMDQ5WjBQMQswCQYDVQQGEwJKUDEYMBYGA1UEChMPU0VDT00gVHJ1
-c3QubmV0MScwJQYDVQQLEx5TZWN1cml0eSBDb21tdW5pY2F0aW9uIFJvb3RD
-QTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzs/5/022x7xZ8
-V6UMbXaKL0u/ZPtM7orw8yl89f/uKuDp6bpbZCKamm8sOiZpUQWZJtzVHGpx
-xpp9Hp3dfGzGjGdnSj74cbAZJ6kJDKaVv0uMDPpVmDvY6CKhS3E4eayXkmmz
-iX7qIWgGmBSWh9JhNrxtJ1aeV+7AwFb9Ms+k2Y7CI9eNqPPYJayX5HA49LY6
-tJ07lyZDo6G8SVlyTCMwhwFY9k6+HGhWZq/NQV3Is00qVUarH9oe4kA92819
-uZKAnDfdDJZkndwi92SL32HeFZRSFaB9UslLqCHJxrHty8OVYNEP8Ktw+N/L
-TX7s1vqr2b1/VPKl6Xn62dZ2JChzAgMBAAGjPzA9MB0GA1UdDgQWBBSgc0mZ
-aNyFW2XjmygvV5+9M7wHSDALBgNVHQ8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB
-/zANBgkqhkiG9w0BAQUFAAOCAQEAaECpqLvkT115swW1F7NgE+vGkl3g0dNq
-/vu+m22/xwVtWSDEHPC32oRYAmP6SBbvT6UL90qY8j+eG61Ha2POCEfrUj94
-nK9NrvjVT8+amCoQQTlSxN3Zmw7vkwGusi7KaEIkQmywszo+zenaSMQVy+n5
-Bw+SUEmK3TGXX8npN6o7WWWXlDLJs58+OmJYxUmtYg5xpTKqL8aJdkNAExNn
-PaJUJRDL8Try2frbSVa7pv6nQTXD4IhhyYjH3zYQIphZ6rBK+1YWc26sTfci
-oU+tHXotRSflMMFe8toTyyVCUZVHA4xsIcx0Qu1T/zOLjw9XARYvz6buyXAi
-FL39vmwLAw==
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/a6776c69.0 b/cert-validity/mozilla/hashed/a6776c69.0
deleted file mode 100644
index 4461f5a29cfc..000000000000
--- a/cert-validity/mozilla/hashed/a6776c69.0
+++ /dev/null
@@ -1,48 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIH9zCCB2CgAwIBAgIBADANBgkqhkiG9w0BAQUFADCCARwxCzAJBgNVBAYT
-AkVTMRIwEAYDVQQIEwlCYXJjZWxvbmExEjAQBgNVBAcTCUJhcmNlbG9uYTEu
-MCwGA1UEChMlSVBTIEludGVybmV0IHB1Ymxpc2hpbmcgU2VydmljZXMgcy5s
-LjErMCkGA1UEChQiaXBzQG1haWwuaXBzLmVzIEMuSS5GLiAgQi02MDkyOTQ1
-MjEzMDEGA1UECxMqSVBTIENBIENoYWluZWQgQ0FzIENlcnRpZmljYXRpb24g
-QXV0aG9yaXR5MTMwMQYDVQQDEypJUFMgQ0EgQ2hhaW5lZCBDQXMgQ2VydGlm
-aWNhdGlvbiBBdXRob3JpdHkxHjAcBgkqhkiG9w0BCQEWD2lwc0BtYWlsLmlw
-cy5lczAeFw0wMTEyMjkwMDUzNThaFw0yNTEyMjcwMDUzNThaMIIBHDELMAkG
-A1UEBhMCRVMxEjAQBgNVBAgTCUJhcmNlbG9uYTESMBAGA1UEBxMJQmFyY2Vs
-b25hMS4wLAYDVQQKEyVJUFMgSW50ZXJuZXQgcHVibGlzaGluZyBTZXJ2aWNl
-cyBzLmwuMSswKQYDVQQKFCJpcHNAbWFpbC5pcHMuZXMgQy5JLkYuICBCLTYw
-OTI5NDUyMTMwMQYDVQQLEypJUFMgQ0EgQ2hhaW5lZCBDQXMgQ2VydGlmaWNh
-dGlvbiBBdXRob3JpdHkxMzAxBgNVBAMTKklQUyBDQSBDaGFpbmVkIENBcyBD
-ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEeMBwGCSqGSIb3DQEJARYPaXBzQG1h
-aWwuaXBzLmVzMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDcVpJJspQg
-vJhPUOtopKdJC7/SMejHT8KGC/po/UNaivNgkjWZOLtNA1IhW/A3mTXhQSCB
-hYEFcYGdtJUZqV92NC5jNzVXjrQfQj8VXOF6wV8TGDIxya2+o8eDZh65nAQT
-y2nBBt4wBrszo7Uf8I9vzv+W6FS+ZoCua9tBhDaiPQIDAQABo4IEQzCCBD8w
-HQYDVR0OBBYEFKGtMbH5PuEXpsirNPxShwkeYlJBMIIBTgYDVR0jBIIBRTCC
-AUGAFKGtMbH5PuEXpsirNPxShwkeYlJBoYIBJKSCASAwggEcMQswCQYDVQQG
-EwJFUzESMBAGA1UECBMJQmFyY2Vsb25hMRIwEAYDVQQHEwlCYXJjZWxvbmEx
-LjAsBgNVBAoTJUlQUyBJbnRlcm5ldCBwdWJsaXNoaW5nIFNlcnZpY2VzIHMu
-bC4xKzApBgNVBAoUImlwc0BtYWlsLmlwcy5lcyBDLkkuRi4gIEItNjA5Mjk0
-NTIxMzAxBgNVBAsTKklQUyBDQSBDaGFpbmVkIENBcyBDZXJ0aWZpY2F0aW9u
-IEF1dGhvcml0eTEzMDEGA1UEAxMqSVBTIENBIENoYWluZWQgQ0FzIENlcnRp
-ZmljYXRpb24gQXV0aG9yaXR5MR4wHAYJKoZIhvcNAQkBFg9pcHNAbWFpbC5p
-cHMuZXOCAQAwDAYDVR0TBAUwAwEB/zAMBgNVHQ8EBQMDB/+AMGsGA1UdJQRk
-MGIGCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwMGCCsGAQUFBwMEBggr
-BgEFBQcDCAYKKwYBBAGCNwIBFQYKKwYBBAGCNwIBFgYKKwYBBAGCNwoDAQYK
-KwYBBAGCNwoDBDARBglghkgBhvhCAQEEBAMCAAcwGgYDVR0RBBMwEYEPaXBz
-QG1haWwuaXBzLmVzMBoGA1UdEgQTMBGBD2lwc0BtYWlsLmlwcy5lczBCBglg
-hkgBhvhCAQ0ENRYzQ2hhaW5lZCBDQSBDZXJ0aWZpY2F0ZSBpc3N1ZWQgYnkg
-aHR0cDovL3d3dy5pcHMuZXMvMCkGCWCGSAGG+EIBAgQcFhpodHRwOi8vd3d3
-Lmlwcy5lcy9pcHMyMDAyLzA3BglghkgBhvhCAQQEKhYoaHR0cDovL3d3dy5p
-cHMuZXMvaXBzMjAwMi9pcHMyMDAyQ0FDLmNybDA8BglghkgBhvhCAQMELxYt
-aHR0cDovL3d3dy5pcHMuZXMvaXBzMjAwMi9yZXZvY2F0aW9uQ0FDLmh0bWw/
-MDkGCWCGSAGG+EIBBwQsFipodHRwOi8vd3d3Lmlwcy5lcy9pcHMyMDAyL3Jl
-bmV3YWxDQUMuaHRtbD8wNwYJYIZIAYb4QgEIBCoWKGh0dHA6Ly93d3cuaXBz
-LmVzL2lwczIwMDIvcG9saWN5Q0FDLmh0bWwwbQYDVR0fBGYwZDAuoCygKoYo
-aHR0cDovL3d3dy5pcHMuZXMvaXBzMjAwMi9pcHMyMDAyQ0FDLmNybDAyoDCg
-LoYsaHR0cDovL3d3d2JhY2suaXBzLmVzL2lwczIwMDIvaXBzMjAwMkNBQy5j
-cmwwLwYIKwYBBQUHAQEEIzAhMB8GCCsGAQUFBzABhhNodHRwOi8vb2NzcC5p
-cHMuZXMvMA0GCSqGSIb3DQEBBQUAA4GBAERyMJ1WWKJBGyi3leGmGpVfp3hA
-K+/blkr8THFj2XOVvQLiogbHvpcqk4A0hgP63Ng9HgfNHnNDJGD1HWHc3Jag
-vPsd4+cSACczAsDAK1M92GsDgaPb1pOVIO/Tln4mkImcJpvNb2ar7QMiRDjM
-Wb2f2/YHogF/JsRj9SVCXmK9
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/a7605362.0 b/cert-validity/mozilla/hashed/a7605362.0
deleted file mode 100644
index fa4f701883df..000000000000
--- a/cert-validity/mozilla/hashed/a7605362.0
+++ /dev/null
@@ -1,20 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDIDCCAgigAwIBAgIBHTANBgkqhkiG9w0BAQUFADA5MQswCQYDVQQGEwJG
-STEPMA0GA1UEChMGU29uZXJhMRkwFwYDVQQDExBTb25lcmEgQ2xhc3MyIENB
-MB4XDTAxMDQwNjA3Mjk0MFoXDTIxMDQwNjA3Mjk0MFowOTELMAkGA1UEBhMC
-RkkxDzANBgNVBAoTBlNvbmVyYTEZMBcGA1UEAxMQU29uZXJhIENsYXNzMiBD
-QTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJAXSjWdyvANlsdE
-+hY3/Ei9vX+ALTU74W+oZ6m/AxxNjG8yR9VBaKQTBME1DJqEQ/xcHf+Js+gX
-GM2RX/uJ4+q/Tl18GybTdXnt5oTjV+WtKcT0OijnpXuENmmz/V52vaMtmdOQ
-TiMofRhj8VQ7Jp12W5dCsv+u8E7s3TmVToMGf+dJQMjFAbJUWmYdPfz56TwK
-noG4cPABi+QjVHzIrviQHgCWctRUz2EjvOr7nQKV0ba5cTppCD8PtOFCx4j1
-P5iop7oc4HFx71hXgVB6XGt0Rg6DA5jDjqhu8nYybieDwnPz3BjotJPqdURr
-BGAgcVeHnfO+oJAjPYok4doh28MCAwEAAaMzMDEwDwYDVR0TAQH/BAUwAwEB
-/zARBgNVHQ4ECgQISqCqWITTXjwwCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEB
-BQUAA4IBAQBazof5FnIVV0sd2ZvnoiYw7JNn39Yt0jSv9zilzqsWuasvfDXL
-rNAPtEwr/IDva4yRXzZ299uzGxnq9LIR/WFxRL8oszodv7ND6J+/3DEIcbCd
-jdY0RzKQxmUk96BKfARzjzlvF4xytb1LyHr4e4PDKE6cCepnP7JnBBvDFNr4
-50kkkdAdavphOe9r5yF1BgfYErQhIHBCcYHaPJo2vqZbDWpsmh+Re/n570K6
-Tk6ezAyNlNzZRZxe7EJQY670XcSxEtzKO6gunRRaBXW37Ndj4ro1tgQIkeja
-nZz2ZrUYrAqmVCY0M9IbwdR/GjqOC6oybtv8TyWf2TLHllpwrN9M
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/a7d2cf64.0 b/cert-validity/mozilla/hashed/a7d2cf64.0
deleted file mode 100644
index b68a3e7d6bb8..000000000000
--- a/cert-validity/mozilla/hashed/a7d2cf64.0
+++ /dev/null
@@ -1,17 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICiDCCAg2gAwIBAgIQNfwmXNmET8k9Jj1Xm67XVjAKBggqhkjOPQQDAzCB
-hDELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjE4MDYGA1UE
-CxMvKGMpIDIwMDcgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNl
-IG9ubHkxJDAiBgNVBAMTG3RoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EgLSBHMjAe
-Fw0wNzExMDUwMDAwMDBaFw0zODAxMTgyMzU5NTlaMIGEMQswCQYDVQQGEwJV
-UzEVMBMGA1UEChMMdGhhd3RlLCBJbmMuMTgwNgYDVQQLEy8oYykgMjAwNyB0
-aGF3dGUsIEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTEkMCIGA1UE
-AxMbdGhhd3RlIFByaW1hcnkgUm9vdCBDQSAtIEcyMHYwEAYHKoZIzj0CAQYF
-K4EEACIDYgAEotWcgnuVnfFSeIf+iha/BebfowJPDQfGAFG6DAJSLSKkQjnE
-/o/qycG+1E3/n3qe4rF8mq2nhglzh9HnmuN6papu+7qzcMBniKI11KOasf2t
-wu8x+qi58/sIxpHR+ymVo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB
-/wQEAwIBBjAdBgNVHQ4EFgQUmtgAMADna3+FGO6Lts6KDPgR4bswCgYIKoZI
-zj0EAwMDaQAwZgIxAN344FdHW6fmCsO99YCKlzUNG4k8VIZ3KMqh9HneteY4
-sPBlcIx/AlTCv//YoT7ZzwIxAMSNlPzcU9LcnXgWHxUzI1NS41oxXZ3Krr0T
-KUQNJ1uo52icEvdYPy5yAlejj6EULg==
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/aaa45464.0 b/cert-validity/mozilla/hashed/aaa45464.0
deleted file mode 100644
index fecbd15efbdd..000000000000
--- a/cert-validity/mozilla/hashed/aaa45464.0
+++ /dev/null
@@ -1,18 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICoTCCAgqgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBizELMAkGA1UEBhMC
-WkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTEUMBIGA1UEBxMLRHVyYmFudmls
-bGUxDzANBgNVBAoTBlRoYXd0ZTEdMBsGA1UECxMUVGhhd3RlIENlcnRpZmlj
-YXRpb24xHzAdBgNVBAMTFlRoYXd0ZSBUaW1lc3RhbXBpbmcgQ0EwHhcNOTcw
-MTAxMDAwMDAwWhcNMjAxMjMxMjM1OTU5WjCBizELMAkGA1UEBhMCWkExFTAT
-BgNVBAgTDFdlc3Rlcm4gQ2FwZTEUMBIGA1UEBxMLRHVyYmFudmlsbGUxDzAN
-BgNVBAoTBlRoYXd0ZTEdMBsGA1UECxMUVGhhd3RlIENlcnRpZmljYXRpb24x
-HzAdBgNVBAMTFlRoYXd0ZSBUaW1lc3RhbXBpbmcgQ0EwgZ8wDQYJKoZIhvcN
-AQEBBQADgY0AMIGJAoGBANYrWHhhRYZT6jR7UZztsOYuGA7+4F+oJ9O0yeB8
-WU4WDnNUYMF/9p8u6TqFJBU820cEY8OexJQaWt9MevPZQx08EHp5JduQ/vBR
-5zDWQQD9nyjfeb6Uu522FOMjhdepQeBMpHmwKxqL8vg7ij5FrHGSALSQQZj7
-X+36ty6K+Ig3AgMBAAGjEzARMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcN
-AQEEBQADgYEAZ9viwuaHPUCDhjc1fR/OmsMMZiCouqoEiYbC9RAIDb/LogWK
-0E02PvTX72nGXuSwlG9KuefeW4i2e9vjJ+V2w/A1wcu1J5szedyQpgCed/r8
-zSeUQhac0xxo7L9c3eWpexAKMnRUEzGLhQOEkbdYATAUOK8oyvyxUBkZCayJ
-SdM=
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/ab5346f4.0 b/cert-validity/mozilla/hashed/ab5346f4.0
deleted file mode 100644
index 6287d2f03e97..000000000000
--- a/cert-validity/mozilla/hashed/ab5346f4.0
+++ /dev/null
@@ -1,22 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDbTCCAlWgAwIBAgIBATANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJK
-UDErMCkGA1UEChMiSmFwYW4gQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcywgSW5j
-LjEcMBoGA1UEAxMTU2VjdXJlU2lnbiBSb290Q0ExMTAeFw0wOTA0MDgwNDU2
-NDdaFw0yOTA0MDgwNDU2NDdaMFgxCzAJBgNVBAYTAkpQMSswKQYDVQQKEyJK
-YXBhbiBDZXJ0aWZpY2F0aW9uIFNlcnZpY2VzLCBJbmMuMRwwGgYDVQQDExNT
-ZWN1cmVTaWduIFJvb3RDQTExMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
-CgKCAQEA/XeqpRyQBTvLTJszi1oURaTnkBbR31fSIRCkF/3frNYfp+TbfPfs
-37gD2pRY/V1yfIw/XwFndBWW4wI8h9uuywGOwvNmxoVF9ALGOrVisq/6nL+k
-5tSAMJjzDbaTj6nU2DbysPyKyiyhFTOVMdrAG/LuYpmGYz+/3ZMqg6h2uRMf
-t85OQoWPIucuGvKVCbIFtUROd6EgvanyTgp9UK31BQ1FT0Zx/Sg+U/sE2C3X
-ZR1KG/rPO7AxmjVuyIsG0wCR8pQIZUyxNAYAeoni8McDWc/V1uinMrPmmECG
-xc0nEovMe863ETxiYAcjPitAbpSACW22s293bzUIUPsCh8U+iQIDAQABo0Iw
-QDAdBgNVHQ4EFgQUW/hNT7KlhtQ60vFjmqC+CfZXt94wDgYDVR0PAQH/BAQD
-AgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAKChOBZm
-LqdWHyGcBvod7bkixTgm2E5P7KN/ed5GIaGHd48HCJqypMWvDzKYC3xmKbab
-fSVSSUOrTC4rbnpwrxYO4wJs+0LmGJ1F2FXI6Dvd5+H0LgscNFxsWEr7jIhQ
-X5Ucv+2rIrVls4W6ng+4reV6G4pQOh29Dbx7VFALuUKvVaAYga1lme++5Jy/
-xIWrQbJUb9wlze144o4MjQlJ3WN7WmmWAiGovVJZ6X01y8hSyn+B/tlr0/cR
-7SXf+Of5pPpyl4RTDaXQMhhRdlkUbA/r7F+AjHVDg8OFmP9Mni0N5HeDk061
-lgeLKBObjBmNQSdJQO7e5iNEOdyhIta6A/I=
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/add67345.0 b/cert-validity/mozilla/hashed/add67345.0
deleted file mode 100644
index 7eb90817756d..000000000000
--- a/cert-validity/mozilla/hashed/add67345.0
+++ /dev/null
@@ -1,39 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIGfTCCBWWgAwIBAgICAQMwDQYJKoZIhvcNAQEEBQAwga8xCzAJBgNVBAYT
-AkhVMRAwDgYDVQQIEwdIdW5nYXJ5MREwDwYDVQQHEwhCdWRhcGVzdDEnMCUG
-A1UEChMeTmV0TG9jayBIYWxvemF0Yml6dG9uc2FnaSBLZnQuMRowGAYDVQQL
-ExFUYW51c2l0dmFueWtpYWRvazE2MDQGA1UEAxMtTmV0TG9jayBLb3pqZWd5
-em9pIChDbGFzcyBBKSBUYW51c2l0dmFueWtpYWRvMB4XDTk5MDIyNDIzMTQ0
-N1oXDTE5MDIxOTIzMTQ0N1owga8xCzAJBgNVBAYTAkhVMRAwDgYDVQQIEwdI
-dW5nYXJ5MREwDwYDVQQHEwhCdWRhcGVzdDEnMCUGA1UEChMeTmV0TG9jayBI
-YWxvemF0Yml6dG9uc2FnaSBLZnQuMRowGAYDVQQLExFUYW51c2l0dmFueWtp
-YWRvazE2MDQGA1UEAxMtTmV0TG9jayBLb3pqZWd5em9pIChDbGFzcyBBKSBU
-YW51c2l0dmFueWtpYWRvMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
-AQEAvHSMD7tM9DceqQWC2ObhbHDqeLVu0ThEDaiDzl3S1tWBxdRL51uUcCbb
-O51qTGL3cfNk1mE7PetzozfZz+qMkjvN9wfcZnSX9EUi3fRc4L9t875lM+QV
-Or/bmJBVOMTtplVjC7B4BPTjbsE/jvxReB+SnoPC/tmwqcm8WgD/qaiYdPv2
-LD4VOQ22BFWoDpggQrOxJa1+mm9dU7GrDPzr4PN6s6iz/0b2Y6LYOph7tqyF
-/7AlT3Rj5xMHpQqPBffAZG9+pyeAlt7ULoZgx2srXnN7F+eRP2QM2EsiNCub
-MvJIH5+hCoR64sKtlz2O1cH5VqNQ6ca0+pii7pXmKgOM3wIDAQABo4ICnzCC
-ApswDgYDVR0PAQH/BAQDAgAGMBIGA1UdEwEB/wQIMAYBAf8CAQQwEQYJYIZI
-AYb4QgEBBAQDAgAHMIICYAYJYIZIAYb4QgENBIICURaCAk1GSUdZRUxFTSEg
-RXplbiB0YW51c2l0dmFueSBhIE5ldExvY2sgS2Z0LiBBbHRhbGFub3MgU3pv
-bGdhbHRhdGFzaSBGZWx0ZXRlbGVpYmVuIGxlaXJ0IGVsamFyYXNvayBhbGFw
-amFuIGtlc3p1bHQuIEEgaGl0ZWxlc2l0ZXMgZm9seWFtYXRhdCBhIE5ldExv
-Y2sgS2Z0LiB0ZXJtZWtmZWxlbG9zc2VnLWJpenRvc2l0YXNhIHZlZGkuIEEg
-ZGlnaXRhbGlzIGFsYWlyYXMgZWxmb2dhZGFzYW5hayBmZWx0ZXRlbGUgYXog
-ZWxvaXJ0IGVsbGVub3J6ZXNpIGVsamFyYXMgbWVndGV0ZWxlLiBBeiBlbGph
-cmFzIGxlaXJhc2EgbWVndGFsYWxoYXRvIGEgTmV0TG9jayBLZnQuIEludGVy
-bmV0IGhvbmxhcGphbiBhIGh0dHBzOi8vd3d3Lm5ldGxvY2submV0L2RvY3Mg
-Y2ltZW4gdmFneSBrZXJoZXRvIGF6IGVsbGVub3J6ZXNAbmV0bG9jay5uZXQg
-ZS1tYWlsIGNpbWVuLiBJTVBPUlRBTlQhIFRoZSBpc3N1YW5jZSBhbmQgdGhl
-IHVzZSBvZiB0aGlzIGNlcnRpZmljYXRlIGlzIHN1YmplY3QgdG8gdGhlIE5l
-dExvY2sgQ1BTIGF2YWlsYWJsZSBhdCBodHRwczovL3d3dy5uZXRsb2NrLm5l
-dC9kb2NzIG9yIGJ5IGUtbWFpbCBhdCBjcHNAbmV0bG9jay5uZXQuMA0GCSqG
-SIb3DQEBBAUAA4IBAQBIJEb3ulZv+sgoA0BO5TE5ayZrU3/b39/zcT0mwBQO
-xmd7I6gMc90Bu8bKbjc5VdXHjFYgDigKDtIqpLBJUsY4B/6+CgmM0ZjPytoU
-MaFP0jn8DxEsQ8Pdq5PHVT5HfBgaANzze9jyf1JsIPQLX2lS9O74silg6+NJ
-MSEN1rUQQeJBCWziGppWS3cC9qCbmieH6FUpccKQn0V4GuEVZD3QDtigdp+u
-xdAu6tYPVuxkf1qbFFgBJ34TUMdrKuZoPL9coAob4Q566eKAw+np9v1sEZ7Q
-5SgnK1QyQhSCdeZK8CtmdWOMovsEPoMOmzbwGOQmIMOM8CgHrTwXZoi1/baI
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/b0f3e76e.0 b/cert-validity/mozilla/hashed/b0f3e76e.0
deleted file mode 100644
index f6b004506a82..000000000000
--- a/cert-validity/mozilla/hashed/b0f3e76e.0
+++ /dev/null
@@ -1,22 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzEL
-MAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNV
-BAsTB1Jvb3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05
-ODA5MDExMjAwMDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkw
-FwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRsw
-GQYDVQQDExJHbG9iYWxTaWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUA
-A4IBDwAwggEKAoIBAQDaDuaZjc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR
-4mdmzxzdzxtIK+6NiY6arymAZavpxy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc
-71DuxC73/OlS8pF94G3VNTCOXkNz8kHp1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4
-bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdGsnUOhugZitVtbNV4FpWi6cgK
-OOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJU26Qzns3dLlwR5EiUWMW
-ea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N89iFo7+ryUp9/k5DP
-AgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0G
-A1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0BAQUFAAOC
-AQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOzyj1h
-TdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE
-38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm
-7ymPAbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr
-+WymXUadDKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveC
-X4XSQRjbgbMEHMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A==
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/b5f329fa.0 b/cert-validity/mozilla/hashed/b5f329fa.0
deleted file mode 100644
index 61dd2c05b4a8..000000000000
--- a/cert-validity/mozilla/hashed/b5f329fa.0
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICPDCCAaUCEC0b/EoXjaOR6+f/9YtFvgswDQYJKoZIhvcNAQECBQAwXzEL
-MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQL
-Ey5DbGFzcyAyIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9y
-aXR5MB4XDTk2MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UE
-BhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz
-cyAyIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGf
-MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2WoujDWojg4BrzzmH9CETMwZM
-JaLtVRKXxaeAufqDwSCg+i8VDXyhYGt+eSz6Bg86rvYbb7HS/y8oUl+DfUvE
-erf4Zh+AVPy3wo5ZShRXRtGak75BkQO7FYCTXOvnzAhsPz6zSvz/S2wj1VCC
-JkQZjiPDceoZJEcEnnW/yKYAHwIDAQABMA0GCSqGSIb3DQEBAgUAA4GBAIob
-K/o5wXTXXtgZZKJYSi034DNHD6zt96rbHuSLBlxgJ8pFUs4W7z8GZOeUaHxg
-MxURaa+dYo2jA1Rrpr7l7gUYYAS/QoD90KioHgE796Ncr6Pc5iaAIzy4RHT3
-Cq5Ji2F4zCS/iIqnDupzGUH9TQPwiNHleI2lKk/2lw0Xd8rY
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/bcdd5959.0 b/cert-validity/mozilla/hashed/bcdd5959.0
deleted file mode 100644
index 52e095208a4b..000000000000
--- a/cert-validity/mozilla/hashed/bcdd5959.0
+++ /dev/null
@@ -1,19 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIC5zCCAlACAQEwDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcTG1ZhbGlD
-ZXJ0IFZhbGlkYXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIElu
-Yy4xNTAzBgNVBAsTLFZhbGlDZXJ0IENsYXNzIDIgUG9saWN5IFZhbGlkYXRp
-b24gQXV0aG9yaXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZhbGljZXJ0LmNv
-bS8xIDAeBgkqhkiG9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMB4XDTk5MDYy
-NjAwMTk1NFoXDTE5MDYyNjAwMTk1NFowgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0
-IFZhbGlkYXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4x
-NTAzBgNVBAsTLFZhbGlDZXJ0IENsYXNzIDIgUG9saWN5IFZhbGlkYXRpb24g
-QXV0aG9yaXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZhbGljZXJ0LmNvbS8x
-IDAeBgkqhkiG9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMIGfMA0GCSqGSIb3
-DQEBAQUAA4GNADCBiQKBgQDOOnHK5avIWZJV16vYdA757tn2VUdZZUcOBVXc
-65g2PFxTXdMwzzjsvUGJ7SVCCSRrCl6zfN1SLUzm1NZ9WlmpZdRJEy0kTRxQ
-b7XBhVQ7/nHk01xC+YDgkRoKWzk2Z/M/VXwbP7RfZHM047QSv4dk+NoS/zcn
-wbNDu+97bi5p9wIDAQABMA0GCSqGSIb3DQEBBQUAA4GBADt/UG9vUJSZSWI4
-OB9L+KXIPqeCgfYrx+jFzug6EILLGACOTb2oWH+heQC1u+mNr0HZDzTuIYEZ
-oDJJKPTEjlbVUjP9UNV+mWwD5MlM/Mtsq2azSiGM5bUMMj4QssxsodyamEwC
-W/POuZ6lcg5Ktz885hZo+L7tdEy8W9ViH0Pd
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/bda4cc84.0 b/cert-validity/mozilla/hashed/bda4cc84.0
deleted file mode 100644
index 26203ee8a147..000000000000
--- a/cert-validity/mozilla/hashed/bda4cc84.0
+++ /dev/null
@@ -1,23 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDpDCCAoygAwIBAgIBATANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJV
-UzEcMBoGA1UEChMTQW1lcmljYSBPbmxpbmUgSW5jLjE2MDQGA1UEAxMtQW1l
-cmljYSBPbmxpbmUgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAxMB4X
-DTAyMDUyODA2MDAwMFoXDTM3MTExOTIwNDMwMFowYzELMAkGA1UEBhMCVVMx
-HDAaBgNVBAoTE0FtZXJpY2EgT25saW5lIEluYy4xNjA0BgNVBAMTLUFtZXJp
-Y2EgT25saW5lIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgMTCCASIw
-DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKgv6KRpBgNHw+kqmP8ZonCa
-xlCyfqXfaE0bfA+2l2h9LaaLl+lkhsmj76CGv2BlnEtUiMJIxUo5vxTjWVXl
-GbR0yLQFOVwWpeKVBeASrlmLojNoWBym1BW32J/X3HGrfpq/m44zDyL9Hy7n
-BzbvYjnF3cu6JRQj3gzGPTzOggjmZj7aUTsWOqMFf6Dch9Wc/HKpoH145Lcx
-VR5lu9RhsCFg7RAycsWSJR74kEoYeEfffjA3PlAb2xzTa5qGUwew76wGePiE
-mf4hjUyAtgyC9mZweRrTT6PP8c9GsEsPPt2IYriMqQkoO3rHl+Ee5fSfwMCu
-JKDIodkP1nsmgmkyPacCAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAdBgNV
-HQ4EFgQUAK3Zo/Z59m50qX8zPYEX10zPM94wHwYDVR0jBBgwFoAUAK3Zo/Z5
-9m50qX8zPYEX10zPM94wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBBQUA
-A4IBAQB8itEfGDeC4Liwo+1WlchiYZwFos3CYiZhzRAW18y0ZTTQEYqtqKkF
-Zu90821fnZmv9ov761KyBZiibyrFVL0lvV+uyIbqRizBs73B6UlwGBaXCBOM
-IOAbLjpHyx7kADCVW/RFo8AasAFOq73AI25jP4BKxQft3OJvx8Fi8eNy1gTI
-dGcL+oiroQHIb/AUr9KZzVGTfu0uOMe9zkZQPXLjeSWdm4grECDdpbgyn43g
-Kd8hdIaC2y+CMMbHNYaz+ZZfRtsMRf3zUMNvxsNIrUam4SdHCh0Om7bCd39j
-8uB9Gr784N/Xx6dssPmuujz9dLQR6FgNgLzTqIA6me11zEZ7
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/bdacca6f.0 b/cert-validity/mozilla/hashed/bdacca6f.0
deleted file mode 100644
index 12aa3f442ec5..000000000000
--- a/cert-validity/mozilla/hashed/bdacca6f.0
+++ /dev/null
@@ -1,24 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDvDCCAqSgAwIBAgIQB1YipOjUiolN9BPI8PjqpTANBgkqhkiG9w0BAQUF
-ADBKMQswCQYDVQQGEwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9y
-YXRpb24xGTAXBgNVBAMTEFNlY3VyZSBHbG9iYWwgQ0EwHhcNMDYxMTA3MTk0
-MjI4WhcNMjkxMjMxMTk1MjA2WjBKMQswCQYDVQQGEwJVUzEgMB4GA1UEChMX
-U2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24xGTAXBgNVBAMTEFNlY3VyZSBHbG9i
-YWwgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvNS7YrGxV
-aQZx5RNoJLNP2MwhR/jxYDiJiQPpvepeRlMJ3Fz1Wuj3RSoC6zFh1ykzTM7H
-fAo3fg+6MpjhHZevj8fcyTiW89sa/FHtaMbQbqR8JNGuQsiWUGMu4P51/pin
-X0kuleM5M2SOHqRfkNJnPLLZ/kG5VacJjnIFHovdRIWCQtBJwB1g8NEXLJXr
-9qXBkqPFwqcIYA1gBBCWeZ4WNOaptvolRTnIHmX5k/Wq8VLcmZg9pYYaDDUz
-+kulBAYVHDGA76oYa8J719rO+TMg1fW9ajMtgQT7sFzUnKPiXB3jqUJ1XnvU
-d+85VLrJChgbEplJL4hL/VBi0XPnj3pDAgMBAAGjgZ0wgZowEwYJKwYBBAGC
-NxQCBAYeBABDAEEwCwYDVR0PBAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wHQYD
-VR0OBBYEFK9EBMJBfkiD2045AuzshHrmzsmkMDQGA1UdHwQtMCswKaAnoCWG
-I2h0dHA6Ly9jcmwuc2VjdXJldHJ1c3QuY29tL1NHQ0EuY3JsMBAGCSsGAQQB
-gjcVAQQDAgEAMA0GCSqGSIb3DQEBBQUAA4IBAQBjGghAfaReUw132HquHw0L
-URYD7xh8yOOvaliTFGCRsoTciE6+OYo68+aCiV0BN7OrJKQVDpI1WkpEXk5X
-+nXOH0jOZvQ8QCaSmGwb7iRGDBezUqXbpZGRzzfTb+cnCDpOGR86p1hcF895
-P4vkp9MmI50mD1hp/Ed+stCNi5O/KU9DaXR2Z0vPB4zmAve14bRDtUstFJ/5
-3CYNv6ZHdAbYiNE6KTCEztI5gGIbqMdXSbxqVVFnFUq+NQfk1XWYN3kwFNsp
-nWzFacxHVaIw98xcf8LDmBxrThaA63p4ZUWiABqvDA1VZDRIuJK58bRQKfJP
-Ix/abKwfROHdI3hRW8cW
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/bf64f35b.0 b/cert-validity/mozilla/hashed/bf64f35b.0
deleted file mode 100644
index c56bb9ce609a..000000000000
--- a/cert-validity/mozilla/hashed/bf64f35b.0
+++ /dev/null
@@ -1,29 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEkTCCA3mgAwIBAgIERWtQVDANBgkqhkiG9w0BAQUFADCBsDELMAkGA1UE
-BhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xOTA3BgNVBAsTMHd3dy5l
-bnRydXN0Lm5ldC9DUFMgaXMgaW5jb3Jwb3JhdGVkIGJ5IHJlZmVyZW5jZTEf
-MB0GA1UECxMWKGMpIDIwMDYgRW50cnVzdCwgSW5jLjEtMCsGA1UEAxMkRW50
-cnVzdCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA2MTEyNzIw
-MjM0MloXDTI2MTEyNzIwNTM0MlowgbAxCzAJBgNVBAYTAlVTMRYwFAYDVQQK
-Ew1FbnRydXN0LCBJbmMuMTkwNwYDVQQLEzB3d3cuZW50cnVzdC5uZXQvQ1BT
-IGlzIGluY29ycG9yYXRlZCBieSByZWZlcmVuY2UxHzAdBgNVBAsTFihjKSAy
-MDA2IEVudHJ1c3QsIEluYy4xLTArBgNVBAMTJEVudHJ1c3QgUm9vdCBDZXJ0
-aWZpY2F0aW9uIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
-AQoCggEBALaVtkNC+sZtKm9I35RMOVcF7sN5EUFoNu3s/poBj6E4KPz3EEZm
-Lk0eGrEaTsbRwJWIsMn/MYszA9u3g3s+IIRe7bJWKKf44LlAcTfFy0cOlypo
-wCKVYhXbR9n10Cv/gkvJrT7eTNuQgFA/CYqEAOwwCj0Yzfv9KlmaI5UXLEWe
-H25DeW0MXJj+SKfFI0dcXv1u5x609mhF0YaDW6KKjbHjKYD+JXGIrb68j6xS
-lkuqUY3kEzEZ6E5Nn9uss2rVvDlUccp6en+Q3X0dgNmBu1kmwhH+5pPi94Dk
-Zfs0Nw4pgHBNrziGLp5/V6+eF67rHMsoIV+2HNjnogQi+dPa2MsCAwEAAaOB
-sDCBrTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zArBgNVHRAE
-JDAigA8yMDA2MTEyNzIwMjM0MlqBDzIwMjYxMTI3MjA1MzQyWjAfBgNVHSME
-GDAWgBRokORnpKZTgMeGZqTx90tD+4S9bTAdBgNVHQ4EFgQUaJDkZ6SmU4DH
-hmak8fdLQ/uEvW0wHQYJKoZIhvZ9B0EABBAwDhsIVjcuMTo0LjADAgSQMA0G
-CSqGSIb3DQEBBQUAA4IBAQCT1DCw1wMgKtD5Y+iRDAUgqV8ZyntyTtSx29CW
-+1RaGSwMCPeyvIWonX9tO1KzKtvn1ISMY/YPyyYBkVBs9F8U4pN0wBOeMDpQ
-47RgxRzwIkSNcUesyBrJ6ZuaAGAT/3B+XxFNSRuzFVJ7yVTav52Vr2ua2J7p
-8eRDjeIRRDq/r72DQnNSi6q7pynP9WQcCk3RvKqsnyrQ/39/2n3qse0wJcGE
-2jTSW3iDVuycNsMm4hH2Z0kdkquM++v/eu6FSqdQgPCnXEqULl8FmTxSQeDN
-tGPPAUO6nIPcj2A781q0tHuu2guQOHXvgR1m0vdXcDazv/wor3ElhVsT/h5/
-WrQ8
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/c0cafbd2.0 b/cert-validity/mozilla/hashed/c0cafbd2.0
deleted file mode 100644
index 261be1bd1ae6..000000000000
--- a/cert-validity/mozilla/hashed/c0cafbd2.0
+++ /dev/null
@@ -1,34 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFijCCA3KgAwIBAgIQDHbanJEMTiye/hXQWJM8TDANBgkqhkiG9w0BAQUF
-ADBfMQswCQYDVQQGEwJOTDESMBAGA1UEChMJRGlnaU5vdGFyMRowGAYDVQQD
-ExFEaWdpTm90YXIgUm9vdCBDQTEgMB4GCSqGSIb3DQEJARYRaW5mb0BkaWdp
-bm90YXIubmwwHhcNMDcwNTE2MTcxOTM2WhcNMjUwMzMxMTgxOTIxWjBfMQsw
-CQYDVQQGEwJOTDESMBAGA1UEChMJRGlnaU5vdGFyMRowGAYDVQQDExFEaWdp
-Tm90YXIgUm9vdCBDQTEgMB4GCSqGSIb3DQEJARYRaW5mb0BkaWdpbm90YXIu
-bmwwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCssFjBAL3YIQgL
-K5r+blYwBZ8bd5AQQVzDDYcRd46B8cp86Yxq7Th0Nbva3/m7wAk3tJZzgX0z
-Gpg595NvlX89ubF1h7pRSOiLcD6VBMXYtsMW2YiwsYcdcNqGtA8Ui3rPENF0
-NqISe3eGSnnme98CEWilToauNFibJBN4ViIlHgGLS1Fx+4LMWZZpiFpoU8W5
-DQI3y0u8ZkqQfioLBQftFl9VkHXYRskbg+IIvvEjzJkd1ioPgyAVWCeCLvri
-IsJJsbkBgWqdbZ1Ad2h2TiEqbYRAhU52mXyC8/O3AlnUJgEbjt+tUwbRrhjd
-4rI6y9eIOI6sWym5GdOY+RgDz0iChmYLG2kPyes4iHomGgVMktck1JbyrFIt
-o0fVUvY//s6EBnCmqj6i8rZWNBhXouSBbefK8GrTx5FrAoNBfBXva5pkXuPQ
-POWx63tdhvvL5ndJzaNl3Pe5nLjkC1+Tz8wwGjIczhxjlaX56uF0i57pK6kw
-e6AYHw4YC+VbqdPRbB4HZ4+RS6mKvNJmqpMBiLKR+jFc1abBUggJzQpjotMi
-puih2TkGl/VujQKQjBR7P4DNG5y6xFhyI6+2Vp/GekIzKQc/gsnmHwUNzUwo
-NovTyD4cxojvXu6JZOkd69qJfjKmadHdzIif0dDJZiHcBmfFlHqabWJMfczg
-ZICynkeOowIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQE
-AwIBBjAdBgNVHQ4EFgQUiGi/4I41xDs4a2L3KDuEgcgM100wDQYJKoZIhvcN
-AQEFBQADggIBADsCjcs8MOhuoK3yc7NfniUTBAXT9uOLuwt5zlPe5JbF0a9z
-vNXD0EBVfEB/zRtfCdXyfJ9oHbtdzno5wozWmHvFg1Wo1X1AyuAe94leY12h
-E8JdiraKfADzI8PthV9xdvBoY6pFITlIYXg23PFDk9Qlx/KAZeFTAnVR/Ho6
-7zerhChXDNjU1JlWbOOi/lmEtDHoM/hklJRRl6s5xUvt2t2AC298KQ3Ejopy
-DedTFLJgQT2EkTFoPSdE2+Xe9PpjRchMPpj1P0G6Tss3DbpmmPHdy59c91Q2
-gmssvBNhl0L4eLvMyKKfyvBovWsdst+Nbwed2o5nx0ceyrm/KkKRt2NTZvFC
-o+H0Wk1Ya7XkpDOtXHAd3ODy63MUkZoDweoAZbwH/M8SESIsrqC9OuCiKthZ
-6SnTGDWkrBFfGbW1G/8iSlzGeuQX7yCpp/Q/rYqnmgQlnQ7KN+ZQ/YxCKQSa
-7LnPS3K94gg2ryMvYuXKAdNw23yCIywWMQzGNgeQerEfZ1jEO1hZibCMjFCz
-2IbLaKPECudpSyDOwR5WS5WpI2jYMNjD67BVUc3l/Su49bsRn1NU9jQZjHkJ
-NsphFyUXC4KYcwx3dMPVDceoEkzHp1RxRy4sGn3J4ys7SN4nhKdjNrN9j6Bk
-OSQNPXuHr2ZcdBtLc7LljPCGmbjlxd+Ewbfr
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/c19d42c7.0 b/cert-validity/mozilla/hashed/c19d42c7.0
deleted file mode 100644
index 58d7b184ba2b..000000000000
--- a/cert-validity/mozilla/hashed/c19d42c7.0
+++ /dev/null
@@ -1,20 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDAjCCAmsCEEzH6qqYPnHTkxD4PTqJkZIwDQYJKoZIhvcNAQEFBQAwgcEx
-CzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UE
-CxMzQ2xhc3MgMSBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhv
-cml0eSAtIEcyMTowOAYDVQQLEzEoYykgMTk5OCBWZXJpU2lnbiwgSW5jLiAt
-IEZvciBhdXRob3JpemVkIHVzZSBvbmx5MR8wHQYDVQQLExZWZXJpU2lnbiBU
-cnVzdCBOZXR3b3JrMB4XDTk4MDUxODAwMDAwMFoXDTI4MDgwMTIzNTk1OVow
-gcExCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoG
-A1UECxMzQ2xhc3MgMSBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1
-dGhvcml0eSAtIEcyMTowOAYDVQQLEzEoYykgMTk5OCBWZXJpU2lnbiwgSW5j
-LiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MR8wHQYDVQQLExZWZXJpU2ln
-biBUcnVzdCBOZXR3b3JrMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCq
-0Lq+Fi24g9TK0g+8djHKlNgdk4xWArzZbxpvUjZudVYKVdPfQ4chEWWKfo+9
-Id5rMj8bhDSVBZ1BNeuS65bdqlk/AVNtmU/t5eIqWpDBucSmFc/IReumXY6c
-PvBkJHalzasab7bYe1FhbqZ/h8jit+U03EGI6glAvnOSPWvndQIDAQABMA0G
-CSqGSIb3DQEBBQUAA4GBAKlPww3HZ74sy9mozS11534Vnjty637rXC0Jh9Zr
-bWB85a7FkCMMXErQr7Fd88e2CtvgFZMN3QO8x3aKtd1Pw5sTdbgBwObJW2ul
-uIncrKTdcu1OofdPvAbT6shkdHvClUGcZXNY8ZCaPGqxmMnEh7zPRW1F4m4i
-P/68DzFc6PLZ
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/c215bc69.0 b/cert-validity/mozilla/hashed/c215bc69.0
deleted file mode 100644
index ac596d8f9613..000000000000
--- a/cert-validity/mozilla/hashed/c215bc69.0
+++ /dev/null
@@ -1,21 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDKTCCApKgAwIBAgIENnAVljANBgkqhkiG9w0BAQUFADBGMQswCQYDVQQG
-EwJVUzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMREw
-DwYDVQQLEwhEU1RDQSBFMTAeFw05ODEyMTAxODEwMjNaFw0xODEyMTAxODQw
-MjNaMEYxCzAJBgNVBAYTAlVTMSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVy
-ZSBUcnVzdCBDby4xETAPBgNVBAsTCERTVENBIEUxMIGdMA0GCSqGSIb3DQEB
-AQUAA4GLADCBhwKBgQCgbIGpzzQeJN3+hijM3oMv+V7UQtLodGBmE5gGHKlR
-EmlvMVW5SXIACH7TpWJENySZj9mDSI+ZbZUTu0M7LklOiDfBu1h//uG9+Lth
-zfNHwJmm8fOR6Hh8AMthyUQncWlVSn5JTe2io74CTADKAqjuAQIxZA9SLRN0
-dja1erQtcQIBA6OCASQwggEgMBEGCWCGSAGG+EIBAQQEAwIABzBoBgNVHR8E
-YTBfMF2gW6BZpFcwVTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG0RpZ2l0YWwg
-U2lnbmF0dXJlIFRydXN0IENvLjERMA8GA1UECxMIRFNUQ0EgRTExDTALBgNV
-BAMTBENSTDEwKwYDVR0QBCQwIoAPMTk5ODEyMTAxODEwMjNagQ8yMDE4MTIx
-MDE4MTAyM1owCwYDVR0PBAQDAgEGMB8GA1UdIwQYMBaAFGp5fpFpRhgTCgJ3
-pVlbYJglDqL4MB0GA1UdDgQWBBRqeX6RaUYYEwoCd6VZW2CYJQ6i+DAMBgNV
-HRMEBTADAQH/MBkGCSqGSIb2fQdBAAQMMAobBFY0LjADAgSQMA0GCSqGSIb3
-DQEBBQUAA4GBACIS2Hod3IEGtgllsofIH160L+nEHvI8wbsEkBFKg05+k7lN
-QseSJqBcNJo4cvj9axY+IO6CizEqkzaFI4iKPANo08kJD038bKTaKHKTDomA
-sH3+gG9lbRgzl4vCa4nuYD3Im+9/KzJic5PLPON74nZ4RbyhkwS7hp86W0N6
-w4pl
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/c33a80d4.0 b/cert-validity/mozilla/hashed/c33a80d4.0
deleted file mode 100644
index aa37cfc9ffcc..000000000000
--- a/cert-validity/mozilla/hashed/c33a80d4.0
+++ /dev/null
@@ -1,21 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDJzCCApCgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBzjELMAkGA1UEBhMC
-WkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3du
-MR0wGwYDVQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UECxMfQ2Vy
-dGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEhMB8GA1UEAxMYVGhhd3Rl
-IFByZW1pdW0gU2VydmVyIENBMSgwJgYJKoZIhvcNAQkBFhlwcmVtaXVtLXNl
-cnZlckB0aGF3dGUuY29tMB4XDTk2MDgwMTAwMDAwMFoXDTIwMTIzMTIzNTk1
-OVowgc4xCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQ
-BgNVBAcTCUNhcGUgVG93bjEdMBsGA1UEChMUVGhhd3RlIENvbnN1bHRpbmcg
-Y2MxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2VydmljZXMgRGl2aXNpb24x
-ITAfBgNVBAMTGFRoYXd0ZSBQcmVtaXVtIFNlcnZlciBDQTEoMCYGCSqGSIb3
-DQEJARYZcHJlbWl1bS1zZXJ2ZXJAdGhhd3RlLmNvbTCBnzANBgkqhkiG9w0B
-AQEFAAOBjQAwgYkCgYEA0jY2aovXwlue2oFBYo847kkEVdbQ7xwblRZH7xhI
-NTpS9CtqBo87L+pW46+GjZ4X9560ZXUCTe/LCaIhUdib0GfQug2SBhRz1JPL
-lyoAnFxODLz6FVL88kRu2hFKbgifLy3j+ao6hnO2RlNYyIkFvYMRuHM/qgeN
-9EJN50CdHDcCAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0B
-AQQFAAOBgQAmSCwWwlj66BZ0DKqqX1Q/8tfJeGBeXm43YyJ3Nn6yF8Q0ufUI
-hfzJATj/Tb7yFkJD57taRvvBxhEf8UqwKEbJw8RCfbz6q1lu1bdRiBHjpIUZ
-a4JMpAwSremkrj/xw0llmozFyD4lt5SZu5IycQfwhl7tUCemDaYj+bvLpgcU
-Qg==
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/c527e4ab.0 b/cert-validity/mozilla/hashed/c527e4ab.0
deleted file mode 100644
index 050644f8441a..000000000000
--- a/cert-validity/mozilla/hashed/c527e4ab.0
+++ /dev/null
@@ -1,26 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEGjCCAwICEQDsoKeLbnVqAc/EfMwvlF7XMA0GCSqGSIb3DQEBBQUAMIHK
-MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNV
-BAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5
-IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBD
-BgNVBAMTPFZlcmlTaWduIENsYXNzIDQgUHVibGljIFByaW1hcnkgQ2VydGlm
-aWNhdGlvbiBBdXRob3JpdHkgLSBHMzAeFw05OTEwMDEwMDAwMDBaFw0zNjA3
-MTYyMzU5NTlaMIHKMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24s
-IEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNV
-BAsTMShjKSAxOTk5IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQg
-dXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWduIENsYXNzIDQgUHVibGljIFBy
-aW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMzCCASIwDQYJKoZI
-hvcNAQEBBQADggEPADCCAQoCggEBAK3LpRFpxlmr8Y+1GQ9Wzsy1HyDkniYl
-S+BzZYlZ3tCD5PUPtbut8XzoIfzk6AzufEUiGXaStBO3IFsJ+mGuqPKljYXC
-KtbeZjbSmwL0qJJgfJxptI8kHtCGUvYynEFYHiK9zUVilQhu0GbdU6LM8BDc
-VHOLBKFGMzNcF0C5nk3T875Vg+ixiY5afJqWIpA7iCXy0lOIAgwLePLmNxdL
-MEYH5IBtptiWLugs+BGzOA1mppvqySNb247i8xOOGlktqgLw7KSHZtzBP/XY
-ufTsgsbSPZUd5cBPhMnZo0QoBmrXRazwa2rvTl/4EYIeOGM0ZlDUPpNz+jDD
-Zq3/ky2X7wMCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAj/ola09b5KROJ1Wr
-IhVZPMq1CtRK26vdoV9TxaBXOcLORyu+OshWv8LZJxA6sQU8wHcxuzrTBXtt
-mhwwjIDLk5Mqg6sFUYICABFna/OIYUdfA5PVWw3g8dShMjWFsjrbsIKr0csK
-vE+MW8VLADsfKoKmfjaF3H48ZwC15DtS4KjrXRX5xm3wrR0OhbepmnMUWluP
-QSjA1egtTaRezarZ7c7c2NU8Qh0XwRJdRTjDOPP8hS6DRkiy1yBfkjaP53kP
-mF6Z6PDQpLv1U70qzlmwr25/bLvSHgCwIe34QWKCudiyxLtGUPMxxY8BqHTr
-9Xgn2uf3ZkPznoM+IKrDNWCRzg==
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/c7e2a638.0 b/cert-validity/mozilla/hashed/c7e2a638.0
deleted file mode 100644
index 6dcf7e81f134..000000000000
--- a/cert-validity/mozilla/hashed/c7e2a638.0
+++ /dev/null
@@ -1,25 +0,0 @@
------BEGIN CERTIFICATE-----
-MIID/jCCAuagAwIBAgIQFaxulBmyeUtB9iepwxgPHzANBgkqhkiG9w0BAQsF
-ADCBmDELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xOTA3
-BgNVBAsTMChjKSAyMDA4IEdlb1RydXN0IEluYy4gLSBGb3IgYXV0aG9yaXpl
-ZCB1c2Ugb25seTE2MDQGA1UEAxMtR2VvVHJ1c3QgUHJpbWFyeSBDZXJ0aWZp
-Y2F0aW9uIEF1dGhvcml0eSAtIEczMB4XDTA4MDQwMjAwMDAwMFoXDTM3MTIw
-MTIzNTk1OVowgZgxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJ
-bmMuMTkwNwYDVQQLEzAoYykgMjAwOCBHZW9UcnVzdCBJbmMuIC0gRm9yIGF1
-dGhvcml6ZWQgdXNlIG9ubHkxNjA0BgNVBAMTLUdlb1RydXN0IFByaW1hcnkg
-Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMzCCASIwDQYJKoZIhvcNAQEB
-BQADggEPADCCAQoCggEBANziXmJYHTNXOTIz+uvLh4yn1ErdBojqZI4xmKU4
-kB6Yzy5jK/BGvESyiaHAKAxJcCGVn2TAppMSAmUmhsalifD614SgcK9PGpc/
-BkTVyetyEH3kMSj7HGHmKAdEc5IiaacDiGydY8hS2pgn5whMcD60yRLBxWeD
-XTPzAxHsatBT4tG6NmCUgLthY2xbF37fQJQeqw3CIShwiP/WJmxsYAQlTlV+
-fe+/lEjetx3dcI0FX4ilm/LC7urRQEFtYjgdVgbFA0dRIBn8exALDmKudlW/
-X3e+PkkBUz2YJQN2JFodtNuJ6nnltrM7P7pMKEF/BqxqjsHQ9gUdfeZChuOl
-1UcCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw
-HQYDVR0OBBYEFMR5yo6hTgMdHNxr2zFblD4/MH8tMA0GCSqGSIb3DQEBCwUA
-A4IBAQAtxRPPVoB7eni9n64smefv2t+UXglpp+duaIy9cr5HqQ6XErhK8WTT
-Od8lNNTBzU6B8A8ExCSzNJbGpqow32hhc9f5joWJ7w5elShKKiePEI4ufIbE
-Ap7aDHdlDkQNkv39sxY2+hENHYwOB4lqKVb3cvTdFZx3NWZXqxNT2I7BQMXX
-ExZacse3aQHEerGDAWh9jUGhlBjBJVz88P6DAod8DQ3PLghcSkANPuyBYeYk
-28rgDi0Hsj5W3I31QYUHSJsMC8tJP33st/3LjWeJGqvtux6jAAgIFyqCXDFd
-RootD4abdNlF+9RAsXqqaC2Gspki4cErx5z481+oghLrGREt
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/c8763593.0 b/cert-validity/mozilla/hashed/c8763593.0
deleted file mode 100644
index c9d91bb7eb31..000000000000
--- a/cert-validity/mozilla/hashed/c8763593.0
+++ /dev/null
@@ -1,39 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIGZjCCBE6gAwIBAgIPB35Sk3vgFeNX8GmMy+wMMA0GCSqGSIb3DQEBBQUA
-MHsxCzAJBgNVBAYTAkNPMUcwRQYDVQQKDD5Tb2NpZWRhZCBDYW1lcmFsIGRl
-IENlcnRpZmljYWNpw7NuIERpZ2l0YWwgLSBDZXJ0aWPDoW1hcmEgUy5BLjEj
-MCEGA1UEAwwaQUMgUmHDrXogQ2VydGljw6FtYXJhIFMuQS4wHhcNMDYxMTI3
-MjA0NjI5WhcNMzAwNDAyMjE0MjAyWjB7MQswCQYDVQQGEwJDTzFHMEUGA1UE
-Cgw+U29jaWVkYWQgQ2FtZXJhbCBkZSBDZXJ0aWZpY2FjacOzbiBEaWdpdGFs
-IC0gQ2VydGljw6FtYXJhIFMuQS4xIzAhBgNVBAMMGkFDIFJhw616IENlcnRp
-Y8OhbWFyYSBTLkEuMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA
-q2uJo1PMSCMI+8PPUZYILrgIem08kBeGqentLhM0R7LQcNzJPNCNyu5LF6vQ
-hbCnIwTLqKL85XXbQMpiiY9QngE9JlsYhBzLfDe3fezTf3MZsGqy2IiKLUV0
-qPezuMDU2s0iiXRNWhU5cxh0T7XrmafBHoi0wpOQY5fzp6cSsgkiBzPZkc0O
-nB8OIMfuuzONj8LSWKdf/WU34ojC2I+GdV75LaeHM/J4Ny+LvB2GNzmxlPLY
-vEqcgxhaBvzz1NS6jBUJJfD5to0EfhcSM2tXSExP2yYe68yQ54v5aHxwD6Mq
-0Do43zeX4lvegGHTgNiRg0JaTASJaBE8rF9ogEHMYELODVoqDA+bMMCm8Ibb
-q0nXl21Ii/kDwFJnmxL3wvIumGVC2daa49AZMQyth9VXAnow6IYm+48jilSH
-5L887uvDdUhfHjlvgWJsxS3EF1QZtzeNnDeRyPYL1epjb4OsOMLzP96a++Ej
-YfDIJss2yKHzMI+ko6Kh3VOz3vCaMh+DkXkwwakfU5tTohVTP92dsxA7SH2J
-D/ztA/X7JWR1DhcZDY8AFmd5ekD8LVkH2ZD6mq093ICK5lw1omdMEWux+IBk
-AC1vImHFrEsm5VoQgpukg3s0956JkSCXjrdCx2bD0Omk1vUgjcTDlaxECp1b
-czwmPS9KvqfJpxAe+59QafMCAwEAAaOB5jCB4zAPBgNVHRMBAf8EBTADAQH/
-MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQU0QnQ6dfOeXRU+Tows/RtLAMD
-G2gwgaAGA1UdIASBmDCBlTCBkgYEVR0gADCBiTArBggrBgEFBQcCARYfaHR0
-cDovL3d3dy5jZXJ0aWNhbWFyYS5jb20vZHBjLzBaBggrBgEFBQcCAjBOGkxM
-aW1pdGFjaW9uZXMgZGUgZ2FyYW507WFzIGRlIGVzdGUgY2VydGlmaWNhZG8g
-c2UgcHVlZGVuIGVuY29udHJhciBlbiBsYSBEUEMuMA0GCSqGSIb3DQEBBQUA
-A4ICAQBclLW4RZFNjmEfAygPU3zmpFmps4p6xbD/CHwso3EcIRNnoZUSQDWD
-g4902zNc8El2CoFS3UnUmjIz75uny3XlesuXEpBcunvFm9+7OSPI/5jOCk0i
-AUgHforA1SBClETvv3eiiWdIG0ADBaGJ7M9i4z0ldma/Jre7Ir5v/zlXdLp6
-yQGVwZVR6Kss+LGGIOk/yzVb0hfpKv6DExdA7ohiZVvVO2Dpezy4ydV/NgIl
-qmjCMRW3MGXrfx1IebHPOeJCgBbT9ZMj/EyXyVo3bHwi2ErN0o42gzmRkBDI
-8ck1fj+404HGIGQatlDCIaR43NAvO2STdPCWkPHv+wlaNECW8DYSwaN0jJN+
-Qd53i+yG2dIPPy3RzECiiWZIHiCznCNZc6lEc7wkeZBWN7PGKX6jD/EpOe9+
-XCgycDWs2rjIdWb8m0w5R44bb5tNAlQiM+9hup4phO9OSzNHdpdqy35f/RWm
-nkJDW2ZaiogN9xa5P1FlK2Zqi9E4UqLWRhH6/JocdJ6PlwsCT2TG9WjTSy3/
-pDceiz+/RL5hRqGEPQgnTIEgd4kI6mdAXmwIUV80WoyWaM3X94nCHNMyAK9S
-y9NgWyo6R35rMDOhYil/SrnhLecUIw4OGEfhefwVVdCx/CVxY3UzHCMrr1zZ
-7Ud3YA47Dx7SwNxkBYn8eNZcLCZDqQ==
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/ccb919f9.0 b/cert-validity/mozilla/hashed/ccb919f9.0
deleted file mode 100644
index 6df9e7889b4b..000000000000
--- a/cert-validity/mozilla/hashed/ccb919f9.0
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEZjCCA06gAwIBAgIQRL4Mi1AAJLQR0zYt4LNfGzANBgkqhkiG9w0BAQUF
-ADCBlTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0
-IExha2UgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEw
-HwYDVQQLExhodHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xHTAbBgNVBAMTFFVU
-Ti1VU0VSRmlyc3QtT2JqZWN0MB4XDTk5MDcwOTE4MzEyMFoXDTE5MDcwOTE4
-NDAzNlowgZUxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJVVDEXMBUGA1UEBxMO
-U2FsdCBMYWtlIENpdHkxHjAcBgNVBAoTFVRoZSBVU0VSVFJVU1QgTmV0d29y
-azEhMB8GA1UECxMYaHR0cDovL3d3dy51c2VydHJ1c3QuY29tMR0wGwYDVQQD
-ExRVVE4tVVNFUkZpcnN0LU9iamVjdDCCASIwDQYJKoZIhvcNAQEBBQADggEP
-ADCCAQoCggEBAM6qgT+jo2F4qjEAVZURnicPHxzfOpuCaDDASmEd8S8O+r55
-96Uj71VRloTN2+O5bj4x2AogZ8f02b+U60cEPgLOKqJdhwQJ9jCdGIqXsqoc
-/EHSoTbL+z2RuufZcDX65OeQw5ujm9M89RKZd7G3CeBo5hy485RjiGpq/gt2
-yb70IuRnuasaXnfBhQfdDWy/7gbHd2pBnqcP1/vulBe3/IW+pKvEHDHd17bR
-5PDv3xaPslKT16HUiaEHLr/hARJCHhrh2JU022R5KP+6LhHC5ehbkkj7RwvC
-bNqtMoNB86XlQXD9ZZBt+vpRxPm9lisZBCzTbafc8H9vg2XiaquHhnUCAwEA
-AaOBrzCBrDALBgNVHQ8EBAMCAcYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4E
-FgQU2u1kdBScFDyr3ZmpvVsoTYs8ydgwQgYDVR0fBDswOTA3oDWgM4YxaHR0
-cDovL2NybC51c2VydHJ1c3QuY29tL1VUTi1VU0VSRmlyc3QtT2JqZWN0LmNy
-bDApBgNVHSUEIjAgBggrBgEFBQcDAwYIKwYBBQUHAwgGCisGAQQBgjcKAwQw
-DQYJKoZIhvcNAQEFBQADggEBAAgfUrE3RHjb/c652pWWmKpVZIC1WkDdIaXF
-wfNfLEzIR1pp6ujwNTX00CXzyKakh0q9G7FzCL3Uw8q2NbtZhncxzaeAFK4T
-7/yxSPlrJSUtUbYsbUXBmMiKVl0+7kNOPmsnjtA6S4ULX9Ptaqd1y9Fahy85
-dRNacrACgZ++8A+EVCBibGnU4U3GDZlDAQ0Slox4nb9QorFEqmrPF3rPbw/U
-+CRVX/A0FklmPlBGyWNxODFiuGK581OtbLUrohKqGU8J2l7nk8aOFAj+8DCA
-GKCGhU3IfdeLA/5u1fedFqySLKAj5ZyRUh+U3xeUc8OzwcFxBSAAeL0TUh2o
-Ps0AH8g=
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/cdaebb72.0 b/cert-validity/mozilla/hashed/cdaebb72.0
deleted file mode 100644
index 5329bb3e1821..000000000000
--- a/cert-validity/mozilla/hashed/cdaebb72.0
+++ /dev/null
@@ -1,24 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDujCCAqKgAwIBAgIEAJiWijANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQG
-EwJOTDEeMBwGA1UEChMVU3RhYXQgZGVyIE5lZGVybGFuZGVuMSYwJAYDVQQD
-Ex1TdGFhdCBkZXIgTmVkZXJsYW5kZW4gUm9vdCBDQTAeFw0wMjEyMTcwOTIz
-NDlaFw0xNTEyMTYwOTE1MzhaMFUxCzAJBgNVBAYTAk5MMR4wHAYDVQQKExVT
-dGFhdCBkZXIgTmVkZXJsYW5kZW4xJjAkBgNVBAMTHVN0YWF0IGRlciBOZWRl
-cmxhbmRlbiBSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
-AQEAmNK1URF6gaYUmHFtvsznExvWJw56s2oYHLZhWtVhCb/ekBPHZ+7d89rF
-DBKeNVU+LCeIQGv33N0iYfXCxw719tV2U02PjLwYdjeFnejKScfST5gTCaI+
-Ioicf9byEGW07l8Y1Rfj+MX94p2i71MOhXeiD+EwR+4A5zN9RGcaC1Hoi6Ce
-UJhoNFIfLm0B8mBF8jHrqTFoKbt6QZ7GGX+UtFE5A3+y3qcym7RHjm+0Sq7l
-r7HcsBthvJly3uSJt3omXdozSVtSnA71iq3DuD3oBmrC1SoLbHuEvVYFy4Zl
-kuxEK7COudxwC0barbxjiDn622r+I/q85Ej0ZytqERAhSQIDAQABo4GRMIGO
-MAwGA1UdEwQFMAMBAf8wTwYDVR0gBEgwRjBEBgRVHSAAMDwwOgYIKwYBBQUH
-AgEWLmh0dHA6Ly93d3cucGtpb3ZlcmhlaWQubmwvcG9saWNpZXMvcm9vdC1w
-b2xpY3kwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBSofeu8Y6R0E3QA7Jbg
-0zTBLL9s+DANBgkqhkiG9w0BAQUFAAOCAQEABYSHVXQ2YcG70dTGFagTtJ+k
-/rvuFbQvBgwp8qiSpGEN/KtcCFtREytNwiphyPgJWPwtArI5fZlmgb9uXJVF
-IGzmeafR2Bwp/MIgJ1HI8XxdNGdphREwxgDS1/PTfLbwMVcoEoJz6TMvplW0
-C5GUR5z6u3pCMuiufi3IvKwUv9kP2Vv8wfl6leF9fpb8cbDCTMjfRTTJzg3y
-nGQI0DvDKcWy7ZAEwbEpkcUwb8GpcjPM/l0WFywRaed+/sWDCN+83CI6LiBp
-IzlWYGeQiy52OfsRiJf2fL1LuCAWZwWN4jvBcj+UlTfHXbme2JOhF4//DGYV
-wSR8MnwDHTuhWEUykw==
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/cf701eeb.0 b/cert-validity/mozilla/hashed/cf701eeb.0
deleted file mode 100644
index 118853de94a2..000000000000
--- a/cert-validity/mozilla/hashed/cf701eeb.0
+++ /dev/null
@@ -1,24 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDuDCCAqCgAwIBAgIQDPCOXAgWpa1Cf/DrJxhZ0DANBgkqhkiG9w0BAQUF
-ADBIMQswCQYDVQQGEwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9y
-YXRpb24xFzAVBgNVBAMTDlNlY3VyZVRydXN0IENBMB4XDTA2MTEwNzE5MzEx
-OFoXDTI5MTIzMTE5NDA1NVowSDELMAkGA1UEBhMCVVMxIDAeBgNVBAoTF1Nl
-Y3VyZVRydXN0IENvcnBvcmF0aW9uMRcwFQYDVQQDEw5TZWN1cmVUcnVzdCBD
-QTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKukgeWVzfX2FI7C
-T8rU4niVWJxB4Q2ZQCQXOZEzZum+4YOvYlyJ0fwkW2Gz4BERQRwdbvC4u/je
-p4G6pkjGnx29vo6pQT64lO0pGtSO0gMdA+9tDWccV9cGrcrI9f4Or2YlSASW
-C12juhbDCE/RRvgUXPLIXgGZbf2IzIaowW8xQmxSPmjL8xk037uHGFaAJsTQ
-3MBv396gwpEWoGQRS0S8Hvbn+mPeZqx2pHGj7DaUaHp3pLHnDi+BeuK1cobv
-omuL8A/b01k/unK8RCSc43Oz969XL0Imnal0ugBS8kvNU3xHCzaFDmapCJcW
-NFfBZveA4+1wVMeT4C4oFVmHursCAwEAAaOBnTCBmjATBgkrBgEEAYI3FAIE
-Bh4EAEMAQTALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4E
-FgQUQjK2FvoE/f5dS3rD/fdMQB1aQ68wNAYDVR0fBC0wKzApoCegJYYjaHR0
-cDovL2NybC5zZWN1cmV0cnVzdC5jb20vU1RDQS5jcmwwEAYJKwYBBAGCNxUB
-BAMCAQAwDQYJKoZIhvcNAQEFBQADggEBADDtT0rhWDpSclu1pqNlGKa7UTt3
-6Z3q059c4EVlew3KW+JwULKUBRSuSceNQQcSc5R+DCMh/bwQf2AQWnL1mA6s
-7Ll/3XpvXdMc9P+IBWlCqQVxyLesJugutIxq/3HcuLHfmbx8IVQr5Fiiu1cp
-rp6poxkmD5kuCLDv/WnPmRoJjeOnnyvJNjR7JLN4TJUXpAYmHrZkUjZfYGfZ
-nMUFdAvnZyPSCPyI6a6Lf+Ew9Dd+/cYy2i2eRDAwbO4H3tI0/NL/QPZL9GZG
-BlSm8jIKYyYwa5vR3ItHuuG51WLQoqD0ZwV4KWMabwTW+MZMo5qxN7SN5ShL
-HZ4swrhovO0C7jE=
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/d16a5865.0 b/cert-validity/mozilla/hashed/d16a5865.0
deleted file mode 100644
index 19069bced8cc..000000000000
--- a/cert-validity/mozilla/hashed/d16a5865.0
+++ /dev/null
@@ -1,37 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIGFDCCA/ygAwIBAgIIU+w77vuySF8wDQYJKoZIhvcNAQEFBQAwUTELMAkG
-A1UEBhMCRVMxQjBABgNVBAMMOUF1dG9yaWRhZCBkZSBDZXJ0aWZpY2FjaW9u
-IEZpcm1hcHJvZmVzaW9uYWwgQ0lGIEE2MjYzNDA2ODAeFw0wOTA1MjAwODM4
-MTVaFw0zMDEyMzEwODM4MTVaMFExCzAJBgNVBAYTAkVTMUIwQAYDVQQDDDlB
-dXRvcmlkYWQgZGUgQ2VydGlmaWNhY2lvbiBGaXJtYXByb2Zlc2lvbmFsIENJ
-RiBBNjI2MzQwNjgwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDK
-lmuO6vj78aI14H9M2uDDUtd9thDIAl6zQyrET2qyyhxdKJp4ERppWVevtSBC
-5IsP5t9bpgOSL/UR5GLXMnE42QQMcas9UX4PB99jBVzpv5RvwSmCwLTaUbDB
-PLutN0pcyvFLNg4kq7/DhHf9qFD0sefGL9ItWY16Ck6WaVICqjaY7Pz6FIMM
-Nx/Jkjd/14Et5cS54D40/mf0PmbR0/RAz15iNA9wBj4gGFrO93IbJWyTdBST
-o3OxDqqHECNZXyAFGUftaI6SEspd/NYrspI8IM/hX68gvqB2f3bl7BqGYTM+
-53u0P6APjqK5am+5hyZvQWyIplD9amML9ZMWGxmPsu2bm8mQ9QEM3xk9Dz44
-I8kvjwzRAv4bVdZO0I08r0+k8/6vKtMFnXkIoctXMbScyJCyZ/QYFpM6/EfY
-0XiWMR+6KwxfXZmtY4laJCB22N/9q06mIqqdXuYnin1oKaPnirjaEbsXLZmd
-EyRG98Xi2J+Of8ePdG1asuhy9azuJBCtLxTa/y2aRnFHvkLfuwHb9H/TKI8x
-WVvTyQKmtFLKbpf7Q8UIJm+K9Lv9nyiqDdVF8xM6HdjAeI9BZzwelGSuewvF
-6NkBiDkal4ZkQdU7hwxu+g/GvUgUvzlN1J5Bto+WHWOWk9mVBngxaJ43BjuA
-iUVhOSPHG0SjFeUc+JIwuwIDAQABo4HvMIHsMBIGA1UdEwEB/wQIMAYBAf8C
-AQEwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBRlzeurNR4APn7VdMActHNH
-DhpkLzCBpgYDVR0gBIGeMIGbMIGYBgRVHSAAMIGPMC8GCCsGAQUFBwIBFiNo
-dHRwOi8vd3d3LmZpcm1hcHJvZmVzaW9uYWwuY29tL2NwczBcBggrBgEFBQcC
-AjBQHk4AUABhAHMAZQBvACAAZABlACAAbABhACAAQgBvAG4AYQBuAG8AdgBh
-ACAANAA3ACAAQgBhAHIAYwBlAGwAbwBuAGEAIAAwADgAMAAxADcwDQYJKoZI
-hvcNAQEFBQADggIBABd9oPm03cXF661LJLWhAqvdpYhKsg9VSytXjDvlMd3+
-xDLx51tkljYyGOylMnfX40S2wBEqgLk9am58m9Ot/MPWo+ZkKXzR4Tgegiv/
-J2Wv+xYVxC5xhOW1//qkR71kMrv2JYSiJ0L1ILDCExARzRAVukKQKtJE4ZYm
-6zFIEv0q2skGz3QeqUvVhyj5eTSSPi5E6PaPT481PyWzOdxjKpBrIF/EUhJO
-lywqrJ2X3kjyo2bbwtKDlaZmp54lD+kLM5FlClrD2VQS3a/DTg4fJl4N3LON
-7NWBcN7STyQF82xO9UxJZo3R/9ILJUFI/lGExkKvgATP0H5kSeTy36LssUzA
-Kh3ntLFlosS88Zj0qnAHY7S42jtM+kAiMFsRpvAFDsYCA0irhpuF3dvd6qJ2
-gHN99ZwExEWN57kci57q13XRcrHedUTnQn3iV2t93Jm8PYMo6oCTjcVMZcFw
-gbg4/EMxsvYDNEeyrPsiBsse3RdHHF9mudMaotoRsaS8I8nkvof/uZS2+F0g
-StRf571oe2XyFR7SOqkt6dhrJKyXWERHrVkY8SFlcN7ONGCoQPHzPKTDKCOM
-/iczQ0CgFzzr6juwcqajuUpLXhZI9LK8yIySxZ2frHI2vDSANGupi5LAuBft
-7HZT9SQBjLMi6Et8Vcad+qMUu2WFbm5PEn4KPJ2V
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/d2adc77d.0 b/cert-validity/mozilla/hashed/d2adc77d.0
deleted file mode 100644
index e041d3443e60..000000000000
--- a/cert-validity/mozilla/hashed/d2adc77d.0
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEgzCCA+ygAwIBAgIEOJ725DANBgkqhkiG9w0BAQQFADCBtDEUMBIGA1UE
-ChMLRW50cnVzdC5uZXQxQDA+BgNVBAsUN3d3dy5lbnRydXN0Lm5ldC9HQ0NB
-X0NQUyBpbmNvcnAuIGJ5IHJlZi4gKGxpbWl0cyBsaWFiLikxJTAjBgNVBAsT
-HChjKSAyMDAwIEVudHJ1c3QubmV0IExpbWl0ZWQxMzAxBgNVBAMTKkVudHJ1
-c3QubmV0IENsaWVudCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wMDAy
-MDcxNjE2NDBaFw0yMDAyMDcxNjQ2NDBaMIG0MRQwEgYDVQQKEwtFbnRydXN0
-Lm5ldDFAMD4GA1UECxQ3d3d3LmVudHJ1c3QubmV0L0dDQ0FfQ1BTIGluY29y
-cC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTElMCMGA1UECxMcKGMpIDIwMDAg
-RW50cnVzdC5uZXQgTGltaXRlZDEzMDEGA1UEAxMqRW50cnVzdC5uZXQgQ2xp
-ZW50IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUA
-A4GNADCBiQKBgQCTdLS25MVL1qFof2LV7PdRV7NySpj10InJrWPNTTVRaoTU
-rcloeW+46xHbh65cJFET8VQlhK8pK5/jgOLZy93GRUk0iJBeAZfv6lOm3fzB
-3ksqJeTpNfpVBQbliXrqpBFXO/x8PTbNZzVtpKklWb1m9fkn5JVn1j+SgF7y
-NH0rhQIDAQABo4IBnjCCAZowEQYJYIZIAYb4QgEBBAQDAgAHMIHdBgNVHR8E
-gdUwgdIwgc+ggcyggcmkgcYwgcMxFDASBgNVBAoTC0VudHJ1c3QubmV0MUAw
-PgYDVQQLFDd3d3cuZW50cnVzdC5uZXQvR0NDQV9DUFMgaW5jb3JwLiBieSBy
-ZWYuIChsaW1pdHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMjAwMCBFbnRydXN0
-Lm5ldCBMaW1pdGVkMTMwMQYDVQQDEypFbnRydXN0Lm5ldCBDbGllbnQgQ2Vy
-dGlmaWNhdGlvbiBBdXRob3JpdHkxDTALBgNVBAMTBENSTDEwKwYDVR0QBCQw
-IoAPMjAwMDAyMDcxNjE2NDBagQ8yMDIwMDIwNzE2NDY0MFowCwYDVR0PBAQD
-AgEGMB8GA1UdIwQYMBaAFISLdP3FjcD/J20gN0V8/i3OutN9MB0GA1UdDgQW
-BBSEi3T9xY3A/ydtIDdFfP4tzrrTfTAMBgNVHRMEBTADAQH/MB0GCSqGSIb2
-fQdBAAQQMA4bCFY1LjA6NC4wAwIEkDANBgkqhkiG9w0BAQQFAAOBgQBObzWA
-O9GK9Q6nIMstZVXQkvTnhLUGJoMShAusO7JE7r3PQNsgDrpuFOow4DtifH+L
-a3xKp9U1PL6oXOpLu5OOgGarDyn9TS2/GpsKkMWr2tGzhtQvJFJcem3G8v7l
-TRowjJDyutdKPkN+1MhQGof4T4HHdguEOnKdzmVml64mXg==
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/d537fba6.0 b/cert-validity/mozilla/hashed/d537fba6.0
deleted file mode 100644
index d441fd8d5ae4..000000000000
--- a/cert-validity/mozilla/hashed/d537fba6.0
+++ /dev/null
@@ -1,26 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEKzCCAxOgAwIBAgIEOsylTDANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQG
-EwJESzEVMBMGA1UEChMMVERDIEludGVybmV0MR0wGwYDVQQLExRUREMgSW50
-ZXJuZXQgUm9vdCBDQTAeFw0wMTA0MDUxNjMzMTdaFw0yMTA0MDUxNzAzMTda
-MEMxCzAJBgNVBAYTAkRLMRUwEwYDVQQKEwxUREMgSW50ZXJuZXQxHTAbBgNV
-BAsTFFREQyBJbnRlcm5ldCBSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOC
-AQ8AMIIBCgKCAQEAxLhAvJHVYx/XmaCLDEAedLdInUaMArLgJF/wGROnN4Nr
-XceO+YQwzho7+vvOi20jxsNuZp+Jpd/gQlBn+h9sHvTQBda/ytZO5GhgbEaq
-HF1j4QeGDmUApy6mcca8uYGoOn0a0vnRrEvLznWv3Hv6gXPU/Lq9QYjUdLP5
-Xjg6PEOo0pVOd20TDJ2PeAG3WiAfAzc14izbSysseLlJ28TQx5yc5IogCSEW
-Vmb/Bexb4/DPqyQkXsN/cHoSxNK1EKC2IeGNeGlVRGn1ypYcNIUXJXfi9i8n
-mHj9eQY6otZaQ8H/7AQ77hPv01ha/5Lr7K7a8jcDR0G2l8ktCkEiu7vmpwID
-AQABo4IBJTCCASEwEQYJYIZIAYb4QgEBBAQDAgAHMGUGA1UdHwReMFwwWqBY
-oFakVDBSMQswCQYDVQQGEwJESzEVMBMGA1UEChMMVERDIEludGVybmV0MR0w
-GwYDVQQLExRUREMgSW50ZXJuZXQgUm9vdCBDQTENMAsGA1UEAxMEQ1JMMTAr
-BgNVHRAEJDAigA8yMDAxMDQwNTE2MzMxN1qBDzIwMjEwNDA1MTcwMzE3WjAL
-BgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUbGQBx/2FbazI2p5QCIUItTxWqFAw
-HQYDVR0OBBYEFGxkAcf9hW2syNqeUAiFCLU8VqhQMAwGA1UdEwQFMAMBAf8w
-HQYJKoZIhvZ9B0EABBAwDhsIVjUuMDo0LjADAgSQMA0GCSqGSIb3DQEBBQUA
-A4IBAQBOQ8zR3R0QGwZ/t6T609lN+yOfI1Rb5osvBCiLtSdtiaHsmGnc540m
-gwV5dOy0uaOXwTUA/RXaOYE6lTGQ3pfphqiZdwzlWqCE/xIWrG64jcN7ksKs
-LtB9KOy282A4aW8+2ARVPp7MVdK6/rtHBNcK2RYKNCn1WBPVT8+PVkuzHu7T
-mHnaCB4Mb7j4Fifvwm899qNLPg7kbWzbO0ESm70NRyN/PErQr8Cv9u8btRXE
-64PECV90i9kR+8JWsTz4cMo0jUNAE4z9mQNUecYu6oah9jrUCbz0vGbMPVjQ
-V0kK7iXiQe4T+Zs4NNEA9X7nlB38aQNiuJkFBT1reBK9sG9l
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/d64f06f3.0 b/cert-validity/mozilla/hashed/d64f06f3.0
deleted file mode 100644
index b36ea98fa3b6..000000000000
--- a/cert-validity/mozilla/hashed/d64f06f3.0
+++ /dev/null
@@ -1,26 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEDzCCAvegAwIBAgIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJT
-SzETMBEGA1UEBxMKQnJhdGlzbGF2YTETMBEGA1UEChMKRGlzaWcgYS5zLjER
-MA8GA1UEAxMIQ0EgRGlzaWcwHhcNMDYwMzIyMDEzOTM0WhcNMTYwMzIyMDEz
-OTM0WjBKMQswCQYDVQQGEwJTSzETMBEGA1UEBxMKQnJhdGlzbGF2YTETMBEG
-A1UEChMKRGlzaWcgYS5zLjERMA8GA1UEAxMIQ0EgRGlzaWcwggEiMA0GCSqG
-SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCS9jHBfYj9mQGp2HvycXXxMcbzdWb6
-UShGhJd4NLxs/LxFWYgmGErENx+hSkS943EE9UQX4j/8SFhvXJ56CbpRNyIj
-ZkMhsDxkovhqFQ4/61HhVKndBpnXmjxUizkDPw/Fzsbrg3ICqB9x8y34dQjb
-Ykzo+s7552oftms1grrijxaSfQUMbEYDXcDtab86wYqg6I7ZuUUohwjstMoV
-voLdtUSLLa2GDGhibYVW8qwUYzrG0ZmsNHhWS8+2rT+MitcE5eN4TPWGqvWP
-+j1scaMtymfraHtuM6kMgiioTGohQBUgDCZbg8KpFhXAJIJdKxatymP2dACw
-30PEEGBWZ2NFAgMBAAGjgf8wgfwwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4E
-FgQUjbJJaJ1yCCW5wCf1UJNWSEZx+Y8wDgYDVR0PAQH/BAQDAgEGMDYGA1Ud
-EQQvMC2BE2Nhb3BlcmF0b3JAZGlzaWcuc2uGFmh0dHA6Ly93d3cuZGlzaWcu
-c2svY2EwZgYDVR0fBF8wXTAtoCugKYYnaHR0cDovL3d3dy5kaXNpZy5zay9j
-YS9jcmwvY2FfZGlzaWcuY3JsMCygKqAohiZodHRwOi8vY2EuZGlzaWcuc2sv
-Y2EvY3JsL2NhX2Rpc2lnLmNybDAaBgNVHSAEEzARMA8GDSuBHpGT5goAAAAB
-AQEwDQYJKoZIhvcNAQEFBQADggEBAF00dGFMrzvY/59tWDYcPQuBDRIrRhCA
-/ec8J9B6yKm2fnQwM6M6int0wHl5QpNt/7EpFIKrIYwvF/k/Ji/1WcbvgAa3
-mkkp7M5+cTxqEEHA9tOasnxakZzArFvITV734VP/Q3f8nktnbNfzg9Gg4H8l
-37iYC5oyOGwwoPP/CBUz91BKez6jPiCp3C9WgArtQVCwyfTssuMmRAAOb54G
-vCKWU3BlxFAKRmukLyeBEicTXxChds6KezfqwzlhA5WYOudsiCUI/HloDYd9
-Yvi0X/vF2Ey9WLw/Q1vUHgFNPGO+I++MzVpQuGhU+QqZMxEA4Z7CRneC9VkG
-jCFMhwnN5ag=
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/d78a75c7.0 b/cert-validity/mozilla/hashed/d78a75c7.0
deleted file mode 100644
index 8a474bf9220b..000000000000
--- a/cert-validity/mozilla/hashed/d78a75c7.0
+++ /dev/null
@@ -1,26 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEGTCCAwECEGFwy0mMX5hFKeewptlQW3owDQYJKoZIhvcNAQEFBQAwgcox
-CzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UE
-CxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazE6MDgGA1UECxMxKGMpIDE5OTkg
-VmVyaVNpZ24sIEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTFFMEMG
-A1UEAxM8VmVyaVNpZ24gQ2xhc3MgMiBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZp
-Y2F0aW9uIEF1dGhvcml0eSAtIEczMB4XDTk5MTAwMTAwMDAwMFoXDTM2MDcx
-NjIzNTk1OVowgcoxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwg
-SW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazE6MDgGA1UE
-CxMxKGMpIDE5OTkgVmVyaVNpZ24sIEluYy4gLSBGb3IgYXV0aG9yaXplZCB1
-c2Ugb25seTFFMEMGA1UEAxM8VmVyaVNpZ24gQ2xhc3MgMiBQdWJsaWMgUHJp
-bWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEczMIIBIjANBgkqhkiG
-9w0BAQEFAAOCAQ8AMIIBCgKCAQEArwoNwtUs22e5LeWUJ92lvuCwTY+zYVY8
-1nzD9M0+hsuiiOLh2KRpxbXiv8GmR1BeRjmL1Za6tW8UvxDOJxOeBUebMXoT
-2B/Z0wI3i60sR/COgQanDTAM6/c8DyAd3HJG7qUCyFvDyVZpTMUYwZF7C9UT
-AJu878NIPkZgIIUq1ZC2zYugzDLdt/1AVbJQHFauzI13TccgTacxdu9okoqQ
-HgiBVrKtaaNS0MscxCM9H5n+TOgWY47GCI72MfbS+uV23bUckqNJzc0BzWjN
-qWm6o+sdDZykIKbBoMXRRkwXbdKsZj+WjOCE1Db/IlnF+RFgqF8EffIa9iVC
-YQ/ESrg+iQIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQA0JhU8wI1NQ0kdvekh
-ktdmnLfexbjQ5F1fdiLAJvmEOjr5jLX77GDx6M4EsMjdpwOPMPOY36TmpDHf
-0xwLRtxyID+u7gU8pDM/CzmscHhzS5kr3zDCVLCoO1Wh/hYozUK9dG6A2ydE
-p85EXdQbkJgNHkKUsQAsBNB0owIFImNjzYO1+8FtYmtpdf1dcEG59b98377B
-MnMiIYtYgXsVkXq642RIsH/7NiXaldDxJBQX3RiAa0YjOVT1jmIJBB2UkKab
-5iXiQkWquJCtvgiPqQtCGJTPcjnhsUPgKM+351psE2tJs//jGHyJizNdrDPX
-p/naOlXJWBD5qu9ats9LS98q
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/d8274e24.0 b/cert-validity/mozilla/hashed/d8274e24.0
deleted file mode 100644
index 48568f0e921f..000000000000
--- a/cert-validity/mozilla/hashed/d8274e24.0
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEZDCCA0ygAwIBAgIQRL4Mi1AAJLQR0zYwS8AzdzANBgkqhkiG9w0BAQUF
-ADCBozELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0
-IExha2UgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEw
-HwYDVQQLExhodHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xKzApBgNVBAMTIlVU
-Ti1VU0VSRmlyc3QtTmV0d29yayBBcHBsaWNhdGlvbnMwHhcNOTkwNzA5MTg0
-ODM5WhcNMTkwNzA5MTg1NzQ5WjCBozELMAkGA1UEBhMCVVMxCzAJBgNVBAgT
-AlVUMRcwFQYDVQQHEw5TYWx0IExha2UgQ2l0eTEeMBwGA1UEChMVVGhlIFVT
-RVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExhodHRwOi8vd3d3LnVzZXJ0cnVz
-dC5jb20xKzApBgNVBAMTIlVUTi1VU0VSRmlyc3QtTmV0d29yayBBcHBsaWNh
-dGlvbnMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCz+5Gh5DZV
-hawGNFugmliy+LUPBXeDrjKxdpJo7CNKyXY/45y2N3kDuatpjQclthln5LAb
-GHNhSuh+zdMvZOOmfAz6F4CjDUeJT1FxL+78P/m4FoCHiZMlIJpDgmkkdihZ
-NaEdwH+DBmQWICzTSaSFtMBhf1EI+GgVkYDLpdXuOzr0hAReYFmnjDRy7rh4
-xdE7EkpvfmUnuaRVxblvQ6TFHSyZwFKkeEwVs0CYCGtDxgGwenv1axwiP8vv
-/6jQOkt2FZ7S0cYu49tXGzKiuG/ohqY/cKvlcJKrRB5AUPuco2LkbG6gyN7i
-gEL66S/ozjIEj3yNtxyjNTwV3Z7DrpelAgMBAAGjgZEwgY4wCwYDVR0PBAQD
-AgHGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFPqGydvguul49Uuo1hXf
-8NPhahQ8ME8GA1UdHwRIMEYwRKBCoECGPmh0dHA6Ly9jcmwudXNlcnRydXN0
-LmNvbS9VVE4tVVNFUkZpcnN0LU5ldHdvcmtBcHBsaWNhdGlvbnMuY3JsMA0G
-CSqGSIb3DQEBBQUAA4IBAQCk8yXM0dSRgyLQzDKrm5ZONJFUICU0YV8qAhXh
-i6r/fWRRzwr/vH3YIWp4yy9Rb/hCHTO967V7lMPDqaAt39EpHx3+jz+7qEUq
-f9FuVSTiuwL7MT++6LzsQCv4AdRWOOTKRIK1YSAhZ2X28AvnNPilwpyjXEAf
-hZOVBt5P1CeptqX8Fs1zMT+4ZSfP1FMa8Kxun08FDAOBp4QpxFq9ZFdyrTvP
-NximmMatBrTcCKME1SmklpoSZ0qMYEWd8SOasACcaLWYUNPvji6SZbFIPiG+
-FTAqDbUMo2s/rn9X9R+WfN9v3YIwLGUbQErNaLly7HF27FSOH4UMAWr6pjis
-H8SE
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/ddc328ff.0 b/cert-validity/mozilla/hashed/ddc328ff.0
deleted file mode 100644
index ac4e25bfab78..000000000000
--- a/cert-validity/mozilla/hashed/ddc328ff.0
+++ /dev/null
@@ -1,20 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDEzCCAnygAwIBAgIBATANBgkqhkiG9w0BAQQFADCBxDELMAkGA1UEBhMC
-WkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3du
-MR0wGwYDVQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UECxMfQ2Vy
-dGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEZMBcGA1UEAxMQVGhhd3Rl
-IFNlcnZlciBDQTEmMCQGCSqGSIb3DQEJARYXc2VydmVyLWNlcnRzQHRoYXd0
-ZS5jb20wHhcNOTYwODAxMDAwMDAwWhcNMjAxMjMxMjM1OTU5WjCBxDELMAkG
-A1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2Fw
-ZSBUb3duMR0wGwYDVQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UE
-CxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEZMBcGA1UEAxMQ
-VGhhd3RlIFNlcnZlciBDQTEmMCQGCSqGSIb3DQEJARYXc2VydmVyLWNlcnRz
-QHRoYXd0ZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANOkUG7I
-/1Zr5s9dtuoMaHVHoqrC2oQl/Kj0R1HahbUgdJSGHg91yekIYfUGbTBuFRkC
-6VLAYttNmZ7iagxEOM3+vuNkCXDF/rFrKbYvScg71CcEJRCXL+eQbcAoQpnX
-TEPew/UhbVSfXcNY4cDk2VuwuNy0e982OsK1ZiIS1ocNAgMBAAGjEzARMA8G
-A1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAB/pMaVz7lcxG7oWD
-TSEwjsrZqG9JGubaUeNgcGyEYRGhGshIPllDfU+VPaGLtwtimHp1it2ITk6e
-QNuozDJ0uW8NxuOzRAvZim+aKZuZGCg70eNAKJpaPNW15yAbi8qkq43pUdni
-TCxZqdq5snUb9kLy78fyGPmJvKP/iiMucEc=
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/e268a4c5.0 b/cert-validity/mozilla/hashed/e268a4c5.0
deleted file mode 100644
index 2b3a41de22fc..000000000000
--- a/cert-validity/mozilla/hashed/e268a4c5.0
+++ /dev/null
@@ -1,26 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEGDCCAwCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBlMQswCQYDVQQGEwJT
-RTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRU
-UCBOZXR3b3JrMSEwHwYDVQQDExhBZGRUcnVzdCBDbGFzcyAxIENBIFJvb3Qw
-HhcNMDAwNTMwMTAzODMxWhcNMjAwNTMwMTAzODMxWjBlMQswCQYDVQQGEwJT
-RTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRU
-UCBOZXR3b3JrMSEwHwYDVQQDExhBZGRUcnVzdCBDbGFzcyAxIENBIFJvb3Qw
-ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCWltQhSWDia+hBBwze
-xODcEyPNwTXH+9ZOEQpnXvUGW2ulCDtbKRY654eyNAbFvAWlA3yCyykQruGI
-gb3WntP+LVbBFc7jJp0VLhD7Bo8wBN6ntGO0/7Gcrjyvd7ZWxbWroulpOj0O
-M3kyP3CCkplhbY0wCI9xP6ZIVxn4JdxLZlyldI+Yrsj5wAYi56xz36Uu+1Lc
-sRVlIPo1Zmne3yzxbrww2ywkEtvrNTVokMsAsJchPXQhI2U0K7t4WaPW4XY5
-mqRJjox0r26kmqPZm9I4XJuiGMx1I4S+6+JNM3GOGvDC+Mcdoq0Dlyz4zyXG
-9rgkMbFjXZJ/Y/AlyVMuH79NAgMBAAGjgdIwgc8wHQYDVR0OBBYEFJWxtPCU
-tr3H2tERCSG+wa9J/RB7MAsGA1UdDwQEAwIBBjAPBgNVHRMBAf8EBTADAQH/
-MIGPBgNVHSMEgYcwgYSAFJWxtPCUtr3H2tERCSG+wa9J/RB7oWmkZzBlMQsw
-CQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFk
-ZFRydXN0IFRUUCBOZXR3b3JrMSEwHwYDVQQDExhBZGRUcnVzdCBDbGFzcyAx
-IENBIFJvb3SCAQEwDQYJKoZIhvcNAQEFBQADggEBACxtZBsfzQ3duQH6lmM0
-MkhHma6X7f1yFqZzR1r0693p9db7RcwpiURdv0Y5PejuvE1Uhh4dbOMXJ0Ph
-iVYrqW9yTkkz43J8KiOavD7/KCrto/8cI7pDVwlnTUtiBi34/2ydYB7YHEt9
-tTEv2dB8Xfjea4MYeDdXL+gzB2ffHsdrKpV2ro9Xo/D0UrSpUwjP4E/TelOL
-/bscVjby/rK25Xa71SJlpz/+0WatC7xrmYbvP33zGDLKe8bjq2RGlfgmadlV
-g3sslgf/WSxEo8bl6ancoWOAWiFeIc9TVPC6b4nbqKqVz4vjccweGyBECMB6
-tkD9xOQ14R0WHNC8K47Wcdk=
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/e60bf0c0.0 b/cert-validity/mozilla/hashed/e60bf0c0.0
deleted file mode 100644
index b5b055dd67c7..000000000000
--- a/cert-validity/mozilla/hashed/e60bf0c0.0
+++ /dev/null
@@ -1,36 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIF2TCCA8GgAwIBAgIQXAuFXAvnWUHfV8w/f52oNjANBgkqhkiG9w0BAQUF
-ADBkMQswCQYDVQQGEwJjaDERMA8GA1UEChMIU3dpc3Njb20xJTAjBgNVBAsT
-HERpZ2l0YWwgQ2VydGlmaWNhdGUgU2VydmljZXMxGzAZBgNVBAMTElN3aXNz
-Y29tIFJvb3QgQ0EgMTAeFw0wNTA4MTgxMjA2MjBaFw0yNTA4MTgyMjA2MjBa
-MGQxCzAJBgNVBAYTAmNoMREwDwYDVQQKEwhTd2lzc2NvbTElMCMGA1UECxMc
-RGlnaXRhbCBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczEbMBkGA1UEAxMSU3dpc3Nj
-b20gUm9vdCBDQSAxMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA
-0LmwqAzZuz8h+BvVM5OAFmUgdbI9m2BtRsiMMW8Xw/qabFbtPMWRV8PNq5ZJ
-kCoZSx6jbVfd8StiKHVFXqrWW/oLJdihFvkcxC7mlSpnzNApbjyFNDhhSbEA
-n9Y6cV9Nbc5fuankiX9qUvrKm/LcqfmdmUc/TilftKaNXXsLmREDA/7n29uj
-/x2lzZAeAR81sH8A25Bvxn570e56eqeqDFdvpG3FEzuwpdntMhy0XmeLVNxz
-h+XTF3xmUHJd1BpYwdnP2IkCb6dJtDZd0KTeByy2dbcokdaXvij1mB7qWybJ
-vbCXc9qukSbraMH5ORXWZ0sKbU/Lz7DkQnGMU3nn7uHbHaBuHYwadzVcFh4r
-Ux80i9Fs/PJnB3r1re3WmquhsUvhzDdf/X/NTa64H5xD+SpYVUNFvJbNcA78
-yeNmuk6NO4HLFWR7uZToXTNShXEuT46iBhFRyePLoW4xCGQMwtI89Tbo19AO
-eCMgkckkKmUpWyL3Ic6DXqTz3kvTaI9GdVyDCW4pa8RwjPWd1yAv/0bSKzjC
-L3UcPX7ape8eYIVpQtPM+GP+HkM5haa2Y0EQs3MevNP6yn0WR+Kn1dCjigoI
-lmJWbjTb2QK5MHXjBNLnj8KwEUAKrNVxAmKLMb7dxiNYMUJDLXT5xp6mig/p
-/r+D5kNXJLrvRjSq1xIBOO0CAwEAAaOBhjCBgzAOBgNVHQ8BAf8EBAMCAYYw
-HQYDVR0hBBYwFDASBgdghXQBUwABBgdghXQBUwABMBIGA1UdEwEB/wQIMAYB
-Af8CAQcwHwYDVR0jBBgwFoAUAyUv3m+CATpcLNwroWm1Z9SM0/0wHQYDVR0O
-BBYEFAMlL95vggE6XCzcK6FptWfUjNP9MA0GCSqGSIb3DQEBBQUAA4ICAQA1
-EMvspgQNDQ/NwNurqPKIlwzfky9NfEBWMXrrpA9gzXrzvsMnjgM+pN0S734e
-dAY8PzHyHHuRMSG08NBsl9Tpl7IkVh5WwzW9iAUPWxAaZOHHgjD5Mq2eUCzn
-eAXQMbFamIp1TpBcahQq4FJHgmDmHtqBsfsUC1rxn9KVuj7QG9YVHaO+htXb
-D8BJZLsuUBlL0iT43R4HVtA4oJVwIHaM190e3p9xxCPvgxNcoyQVTSlAPGrE
-qdi3pkSlDfTgnXceQHAm/NrZNuR55LU/vJtlvrsRls/bxig5OgjOR1tTWsWZ
-/l2p3e9M1MalrQLmjAcSHm8D0W+go/MpvRLHUKKwf4ipmXeascClOS5cfGni
-LLDqN2qk4Vrh9VDlg++luyqI54zb/W1elxmofmZ1a3Hqv7HHb6D0jqTsNFFb
-jCYDcKF31QESVwA12yPeDooomf2xEG9L/zgtYE4snOtnta1J7ksfrK/7DZBa
-ZmBwXarNeNQk7shBoJMBkpxqnvy5JMWzFYJ+vq6VK+uxwNrjAWALXmmshFZh
-vnEX/h0TD/7Gh0Xp/jKgGg0TpJRVcaUWi7rKibCyx/yP2FS1k2Kdzs9Z+z0Y
-zirLNRWCXf9UIltxUvu3yf5gmwBBZPCqKuy2QkPOiWaByIufOVQDJdMWNY6E
-0F/6MBr1mmz0DlP5OlvRHA==
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/e7461595.0 b/cert-validity/mozilla/hashed/e7461595.0
deleted file mode 100644
index bb1568577843..000000000000
--- a/cert-validity/mozilla/hashed/e7461595.0
+++ /dev/null
@@ -1,26 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEMjCCA5ugAwIBAgIBQjANBgkqhkiG9w0BAQQFADBaMQswCQYDVQQGEwJV
-UzEcMBoGA1UEChMTRXF1aWZheCBTZWN1cmUgSW5jLjEtMCsGA1UEAxMkRXF1
-aWZheCBTZWN1cmUgR2xvYmFsIGVCdXNpbmVzcyBDQS0xMB4XDTA0MDczMTAw
-MDAwMVoXDTA0MDkwMjAwMDAwMVowPDE6MDgGA1UEAxMxTUQ1IENvbGxpc2lv
-bnMgSW5jLiAoaHR0cDovL3d3dy5waHJlZWRvbS5vcmcvbWQ1KTCBnzANBgkq
-hkiG9w0BAQEFAAOBjQAwgYkCgYEAuqZZySwo1iqw+O2fRqSkN+4OGWhZ0bMD
-mVHWFppeN2sV4A5L9YRk+KPbQW811ZsVH9vEOFJwgZdej6C193458DKsHq1E
-0rP6SMPOkZvs9Jx84Vr1yDdrmoPe58oglzFCcxWRaPSIr/koKMXpD3OwF0sT
-TJl10ETmfghsGvJPG0ECAwEAAaOCAiQwggIgMAsGA1UdDwQEAwIBxjAPBgNV
-HRMBAf8EBTADAQH/MB0GA1UdDgQWBBSnBGAfq3JDCMV/CJBVVhzWzuY46zAf
-BgNVHSMEGDAWgBS+qKB0clBrRLfJI9j7qP+zV2tobDCCAb4GCWCGSAGG+EIB
-DQSCAa8WggGrMwAAACdeOeCJYQ9Oo8VFCza7AdFTqsMIj2/4Tz6Hh0QR3GDg
-35JV+bhzG1STxZ/QRsRgtjVizbmvHKhpGslbPJY3wO1n77v+wIucUC8pvYMi
-no4I+qwTcKJYf2JiihH3ifbftmdZcxb7YxaKtJE4zi71tr5MpJRJ5GURCkIV
-ycEw4mnVRX2lJru5YexiZPA54ee8aNhQUZ4dYNPRo6cK+AMgoXABF5E2TwJw
-MYaD3fcP2AcdEbMTBKXc8K5QsSgOY2kqDIJvj0cz32yiBpLxT0W+2TA2oyuM
-1neuNWN/Tkyak0g22Z8CAwEAAaOBvTCBujAOBgNVHQ8BAf8EBAMCBPAwHQYD
-VR0OBBYEFM2mg/qlYDf3ljcXKd5BePGHiVXnMDsGA1UdHwQ0MDIwMKAuoCyG
-Kmh0dHA6Ly9jcmwuZ2VvdHJ1c3QuY29tL2NybHMvZ2xvYmFsY2ExLmNybDAf
-BgNVHSMEGDAWgBS+qKB0clBrRLfJI9j7qP+zV2tobDAdBgNVHSUEFjAUBggr
-BgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQQF
-AAOBgQCnIQKN0Q6igHcl/UNgFY/s75BH1IRCFSYRHM3CPBApqbbfq1d1kdrl
-K7OQRRwwY1Y/itlQ+u1YbMBlrGZX3hzGdjv1AA6ORc5/TJDsK8bNs7SPYtD+
-t8UmckTt9phbrsvRlfXaCL5oRrF1yOwdjx56lPGqU3iiRa5U6tGedMh2Zw==
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/e775ed2d.0 b/cert-validity/mozilla/hashed/e775ed2d.0
deleted file mode 100644
index dd2680b98e1c..000000000000
--- a/cert-validity/mozilla/hashed/e775ed2d.0
+++ /dev/null
@@ -1,33 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFaDCCA1CgAwIBAgIBATANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJV
-UzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEeMBwGA1UEAxMVR2VvVHJ1c3Qg
-VW5pdmVyc2FsIENBMB4XDTA0MDMwNDA1MDAwMFoXDTI5MDMwNDA1MDAwMFow
-RTELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xHjAcBgNV
-BAMTFUdlb1RydXN0IFVuaXZlcnNhbCBDQTCCAiIwDQYJKoZIhvcNAQEBBQAD
-ggIPADCCAgoCggIBAKYVVaCjxuAfjJ0hUNfBvitbtaSeodlyWL0AG0y/YckU
-HUWCq8YdgNY96xCcOq9tJPi8cQGeBvV8Xx7BDlXKg5pZMK4ZyzBIle0iN430
-SppyZj6tlcDgFgDgEB8rMQ7XlFTTQjOgNB0eRXbdT8oYN+yFFXoZCPzVx5zw
-8qkuEKmS5j1YPakWaDwvdSEYfyh3peFhF7em6fgemdtzbvQKoiFs7tqqhZJm
-r/Z6a4LauiIINQ/PQvE1+mrufislzDoR5G2vc7J2Ha3QsnhnGqQ5HFELZ1aD
-/ThdDc7d8Lsrlh/eezJS/R27tQahsiFepdaVaH/wmZ7cRQg+59IJDTWU3YBO
-U5fXtQlEIGQWFwMCTFMNaN7VqnJNk22CDtucvc+081xdVHppCZbW2xHBjXWo
-tM85yM48vCR85mLK4b19p71XZQvk/iXttmkQ3CgaRr0BHdCXteGYO8A3ZNY9
-lO4L4fUorgtWv3GLIylBjobFS1J72HGrH4oVpjuDWtdYAVHGTEHZf9hBZ3Ki
-KN9gg6meyHv8U3NyWfWTehd2Ds735VzZC1U0oqpbtWpU5xPKV+yXbfReBi9F
-i1jUIxaS5BZuKGNZMN9QAZxjiRqf2xeUgnA3wySemkfWWspOqGmJch+RbNt+
-nhutxx9z3SxPGWX9f5NAEC7S8O08ni4oPmkmM8V7AgMBAAGjYzBhMA8GA1Ud
-EwEB/wQFMAMBAf8wHQYDVR0OBBYEFNq7LqqwDLiIJlF0XG0D08DYj3rWMB8G
-A1UdIwQYMBaAFNq7LqqwDLiIJlF0XG0D08DYj3rWMA4GA1UdDwEB/wQEAwIB
-hjANBgkqhkiG9w0BAQUFAAOCAgEAMXjmx7XfuJRAyXHEqDXsRh3ChfMoWIaw
-C/yOsjmPRFWrZIRcaanQmjg8+uUfNeVE44B5lGiku8SfPeE0zTBGi1QrlaXv
-9z+ZhP015s8xxtxqv6fXIwjhmF7DWgh2qaavdy+3YL1ERmrvl/9zlcGO6JP7
-/TG37FcREUWbMPEaiDnBTzynANXH/KttgCJwpQzgXQQpAvvLoJHRfNbDflDV
-nVi+QTjruXU8FdmbyUqDWcDaU/0zuzYYm4UPFd3uLax2k7nZAY1IEKj79TiG
-8dsKxr2EoyNB3tZ3b4XUhRxQ4K5RirqNPnbiucon8l+f725ZDQbYKxek0nxr
-u18UGkiPGkzns0ccjkxFKyDuSN/n3QmOGKjaQI2SJhFTYXNd673nxE0pN2Hr
-rDktZy4W1vUAg4WhzH92xH3kt0tm7wNFYGm2DFKWkoRepqO1pD4r2czYG0eq
-8kTaT/kD6PAUyz/zg97QwVTjt+gKN02LIFkDMBmhLMi9ER/frslKxfMnZmaG
-rGiR/9nmUxwPi1xpZQomyB40w11Re9epnAahNt3ViZS82eQtDF4JbAiXfKM9
-fJP/P6EUp8+1Xevb2xzEdt+Iub1FBZUbrvxGakyvSOPOrg/SfuvmbJxPgWp6
-ZKy7PtXny3YuxadIwVyQD8vIP/rmMuGNG2+k5o7Y+SlIis5z/iw=
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/e7b8d656.0 b/cert-validity/mozilla/hashed/e7b8d656.0
deleted file mode 100644
index acbc3989341e..000000000000
--- a/cert-validity/mozilla/hashed/e7b8d656.0
+++ /dev/null
@@ -1,17 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICgjCCAeugAwIBAgIBBDANBgkqhkiG9w0BAQQFADBTMQswCQYDVQQGEwJV
-UzEcMBoGA1UEChMTRXF1aWZheCBTZWN1cmUgSW5jLjEmMCQGA1UEAxMdRXF1
-aWZheCBTZWN1cmUgZUJ1c2luZXNzIENBLTEwHhcNOTkwNjIxMDQwMDAwWhcN
-MjAwNjIxMDQwMDAwWjBTMQswCQYDVQQGEwJVUzEcMBoGA1UEChMTRXF1aWZh
-eCBTZWN1cmUgSW5jLjEmMCQGA1UEAxMdRXF1aWZheCBTZWN1cmUgZUJ1c2lu
-ZXNzIENBLTEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM4vGbwXt3fe
-k6lfWg0XTzQaDJj0ItlZ1MRoRvC0NcWFAyDGr0WlIVFFQesWWDYyb+JQYmT5
-/VGcqiTZ9J2DKocKIdMSODRsjQBuWqDZQu4aIZX5UkxVWsUPOE9G+m34LjXW
-HXzr4vCwdYDIqROsvojvOm6rXyo4YgKwEnv+j6YDAgMBAAGjZjBkMBEGCWCG
-SAGG+EIBAQQEAwIABzAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFEp4
-MlIR21kWNl7fwRQ2QGpHfEyhMB0GA1UdDgQWBBRKeDJSEdtZFjZe38EUNkBq
-R3xMoTANBgkqhkiG9w0BAQQFAAOBgQB1W6ibAxHm6VZMzfmpTMANmvPMZWnm
-JXbMWbfWVMMdzZmsGd20hdXgPfxiIKeES1hl8eL5lSE/9dR+WB5Hh1Q+WKG1
-tfgq73HnvMP2sUlG4tega+VWeponmHxGYhTnyfxuAxJ5gDgdSIKN/Bf+KpYr
-tWKmpj29f5JZzVoqgrI3eQ==
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/e8651083.0 b/cert-validity/mozilla/hashed/e8651083.0
deleted file mode 100644
index cba9badd122d..000000000000
--- a/cert-validity/mozilla/hashed/e8651083.0
+++ /dev/null
@@ -1,26 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIECjCCAvKgAwIBAgIJAMJ+QwRORz8ZMA0GCSqGSIb3DQEBCwUAMIGCMQsw
-CQYDVQQGEwJIVTERMA8GA1UEBwwIQnVkYXBlc3QxFjAUBgNVBAoMDU1pY3Jv
-c2VjIEx0ZC4xJzAlBgNVBAMMHk1pY3Jvc2VjIGUtU3ppZ25vIFJvb3QgQ0Eg
-MjAwOTEfMB0GCSqGSIb3DQEJARYQaW5mb0BlLXN6aWduby5odTAeFw0wOTA2
-MTYxMTMwMThaFw0yOTEyMzAxMTMwMThaMIGCMQswCQYDVQQGEwJIVTERMA8G
-A1UEBwwIQnVkYXBlc3QxFjAUBgNVBAoMDU1pY3Jvc2VjIEx0ZC4xJzAlBgNV
-BAMMHk1pY3Jvc2VjIGUtU3ppZ25vIFJvb3QgQ0EgMjAwOTEfMB0GCSqGSIb3
-DQEJARYQaW5mb0BlLXN6aWduby5odTCCASIwDQYJKoZIhvcNAQEBBQADggEP
-ADCCAQoCggEBAOn4j/NjrdqG2KfgQvvPkd6mJviZpWNwrZuuyjNAfW2WbqEO
-RO7hE52UQlKavXWFdCyoDh2Tthi3jCyoz/tccbna7P7ofo/kLx2yqHWH2Leh
-5TvPmUpG0IMZfcChEhyVbUr02MelTTMuhTlAdX4UfIASmFDHQWe4oIBhVKZs
-Th/gnQ4H6cm6M+f+wFUoLAKApxn1ntxVUwOXewdI/5n7N4okxFnMUBBjjqqp
-GrCEGob5X7uxUG6k0QrM1XF+H6cbfPVTbiJfyyvm1HxdrtbCxkzlBQHZ7Vf8
-wSN5/PrIJIOV87VqUQHQd9bpEqH5GoP7ghu5sJf0dgYzQ0mg/wu1+rUCAwEA
-AaOBgDB+MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1Ud
-DgQWBBTLD8bfQkPMPcu1SCOhGnqmKrs0aDAfBgNVHSMEGDAWgBTLD8bfQkPM
-Pcu1SCOhGnqmKrs0aDAbBgNVHREEFDASgRBpbmZvQGUtc3ppZ25vLmh1MA0G
-CSqGSIb3DQEBCwUAA4IBAQDJ0Q5eLtXMs3w+y/w9/w0olZMEyL/azXm4Q5Dw
-pL7v8u8hmLzU1F0G9u5C7DBsoKqpyvGvivo/C3NqPuouQH4frlRheesuCDfX
-I/OMn74dseGkddug4lQUsbocKaQY9hK6ohQU4zE1yED/t+AFdlfBHFny+L/k
-7SViXITwfn4fs775tyERzAMBVnCnEJIeGzSBHq2cGsMEPO0CYdYeBvNfOofy
-K/FFh+U9rNHHV4S9a67c2Pm2G2JwCz02yULyMtd6YebS2z3PyKnJm9zbWETX
-bzivf3jTo60adbocwTZ8jx5tHMN1Rq41Bab2XD0h7lbwyYIiLXpUq3DDfSJl
-gnCW
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/ea169617.0 b/cert-validity/mozilla/hashed/ea169617.0
deleted file mode 100644
index bc5647907d9f..000000000000
--- a/cert-validity/mozilla/hashed/ea169617.0
+++ /dev/null
@@ -1,35 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFtTCCA52gAwIBAgIIYY3HhjsBggUwDQYJKoZIhvcNAQEFBQAwRDEWMBQG
-A1UEAwwNQUNFRElDT00gUm9vdDEMMAoGA1UECwwDUEtJMQ8wDQYDVQQKDAZF
-RElDT00xCzAJBgNVBAYTAkVTMB4XDTA4MDQxODE2MjQyMloXDTI4MDQxMzE2
-MjQyMlowRDEWMBQGA1UEAwwNQUNFRElDT00gUm9vdDEMMAoGA1UECwwDUEtJ
-MQ8wDQYDVQQKDAZFRElDT00xCzAJBgNVBAYTAkVTMIICIjANBgkqhkiG9w0B
-AQEFAAOCAg8AMIICCgKCAgEA/5KV4WgGdrQsyFhIyv2AVClVYyT/kGWbEHV7
-w2rbYgIB8hiGtXxaOLHkWLn709gtn70yN78sFW2+tfQh0hOR2QetAQXW8713
-zl9CgQr5auODAKgrLlUTY4HKRxx7XBZXehuDYAQ6PmXDzQHe3qTWDLqO3tkE
-7hdWIpuPY/1NFgu3e3eM+SW10W2ZEi5PGrjm6gSSrj0RuVFCPYewMYWveVqc
-/udOXpJPQ/yrOq2lEiZmueIM15jO1FillUAKt0SdE3QrwqXrIhWYENiLxQSf
-HY9g5QYbm8+5eaA9oiM/Qj9r+hwDezCNzmzAv+YbX79nuIQZ1RXve8uQNjFi
-ybwCq0Zfm/4aaJQ0PZCOrfbkHQl/Sog4P75n/TSW9R28MHTLOO7VbKvU/PQA
-twBbhTIWdjPp2KOZnQUAqhbm84F9b32qhm2tFXTTxKJxqvQUfecyuB+81fFO
-vW8XAjnXDpVCOscAPukmYxHqC9FK/xidstd7LzrZlvvoHpKuE1XI2Sf23Egb
-sCTBheN3nZqk8wwRHQ3ItBTutYJXCb8gWH8vIiPYcMt5bMlL8qkqyPyHK9ca
-UPgn6C9D4zq92Fdx/c6mUlv53U3t5fZvie27k5x2IXXwkkwp9y+cAS7+UEae
-ZAwUswdbxcJzbPEHXEUkFDWug/FqTYl6+rPYLWbwNof1K1MCAwEAAaOBqjCB
-pzAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFKaz4SsrSbbXc6GqlPUB
-53NlTKxQMA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUprPhKytJttdzoaqU
-9QHnc2VMrFAwRAYDVR0gBD0wOzA5BgRVHSAAMDEwLwYIKwYBBQUHAgEWI2h0
-dHA6Ly9hY2VkaWNvbS5lZGljb21ncm91cC5jb20vZG9jMA0GCSqGSIb3DQEB
-BQUAA4ICAQDOLAtSUWImfQwng4/F9tqgaHtPkl7qpHMyEVNEskTLnewPeUKz
-EKbHDZ3Ltvo/Onzqv4hTGzz3gvoFNTPhNahXwOf9jU8/kzJPeGYDdwdY6ZXI
-fj7QeQCM8htRM5u8lOk6e25SLTKeI6RF+7YuE7CLGLHdztUdp0J/Vb77W7tH
-1PwkzQSulgUV1qzOMPPKC8W64iLgpq0i5ALudBF/TP94HTXa5gI06xgSYXcG
-CRZj6hitoocf8seACQl1ThCojz2GuHURwCRiipZ7SkXp7FnFvmuD5uHorLUw
-Hv4FB4D54SMNUI8FmP8sX+g7tq3PgbUhh8oIKiMnMCArz+2UW6yyetLHKKGK
-C5tNSixthT8Jcjxn4tncB7rrZXtaAWPWkFtPF2Y9fwsZo5NjEFIqnxQWWOLc
-pfShFosOkYuByptZ+thrkQdlVV9SH686+5DdaaVbnG0OLLb6zqylfDJKZ0Dc
-MDQj3dcEI2bw/FWAp/tmGYI1Z2JwOV5vx+qQQEQIHriy1tvuWacNGHk0vFQY
-XlPKNFHtRQrmjseCNj6nOGOpMCwXEGCSn1WHElkQwg9naRHMTh5+Spqtr0Co
-daxWkHS4oJyleW/c6RrIaQXpuvoDs3zk4E7Czp3otkYNbn5XOmeUwssfnHdK
-Z05phkOTOPu220+DkdRgfks+KzgHVZhepA==
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/eb375c3e.0 b/cert-validity/mozilla/hashed/eb375c3e.0
deleted file mode 100644
index 5b474b5e4eda..000000000000
--- a/cert-validity/mozilla/hashed/eb375c3e.0
+++ /dev/null
@@ -1,21 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDUzCCAjugAwIBAgIBAjANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJO
-TzEdMBsGA1UECgwUQnV5cGFzcyBBUy05ODMxNjMzMjcxHTAbBgNVBAMMFEJ1
-eXBhc3MgQ2xhc3MgMyBDQSAxMB4XDTA1MDUwOTE0MTMwM1oXDTE1MDUwOTE0
-MTMwM1owSzELMAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1eXBhc3MgQVMtOTgz
-MTYzMzI3MR0wGwYDVQQDDBRCdXlwYXNzIENsYXNzIDMgQ0EgMTCCASIwDQYJ
-KoZIhvcNAQEBBQADggEPADCCAQoCggEBAKSO13TZKWTeXx+HgJHqTjnmGcZE
-C4DVC69TB4sSveZn8AKxifZgisRbsELRwCGoy+Gb72RRtqfPFfV0gGgEkKBY
-ouZ0plNTVUhjP5JW3SROjvi6K//zNIqeKNc0n6wv1g/xpC+9UrJJhW05NfBE
-MJNGJPO251P7vGGvqaMU+8IXF4Rs4HyI+MkcVyzwPX6UvCWThOiaAJpFBUJX
-gPROztmuOfbIUxAMZTpHe2DC1vqRycZxbL2RhzyRhkmr8w+gbCZ2Xhysm3Hl
-jbybIR6c1jh+JIAVMYKWsUnTYjdbiAwKYjT+p0h+mbEwi5A3lRyoH6UsjfRV
-yNvdWQrCrXig9IsCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4E
-FgQUOBTmyPCppAP0Tj4io1vy1uCtQHQwDgYDVR0PAQH/BAQDAgEGMA0GCSqG
-SIb3DQEBBQUAA4IBAQABZ6OMySU9E2NdFm/soT4JXJEVKirZgCFPBdy7pYmr
-EzMqnji3jG8CcmPHc3ceCQa6Oyh7pEfJYWsICCD8igWKH7y6xsL+z27sEzNx
-Zy5p+qksP2bAEllNC1QCkoS72xLvg3BweMhT+t/Gxv/ciC8HwEmdMldg0/L2
-mSlf56oBzKwzqBwKu5HEA6BvtjT5htOzdlSY9EqBs1OdTUDs5XcTRa9bqh/Y
-L0yCe/4qxFi7T/ye/QNlGioOw6UgFpRreaaiErS7GqQjel/wroQk5PMr+4ok
-oyeYZdowdXb8GZHo2+ubPzK/QJcHJrrM85SFSnonk8+QQtS4Wxam58tAA915
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/ed049835.0 b/cert-validity/mozilla/hashed/ed049835.0
deleted file mode 100644
index 1bcda430ecda..000000000000
--- a/cert-validity/mozilla/hashed/ed049835.0
+++ /dev/null
@@ -1,20 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDAjCCAmsCEDKIjprS9esTR/h/xCA3JfgwDQYJKoZIhvcNAQEFBQAwgcEx
-CzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UE
-CxMzQ2xhc3MgNCBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhv
-cml0eSAtIEcyMTowOAYDVQQLEzEoYykgMTk5OCBWZXJpU2lnbiwgSW5jLiAt
-IEZvciBhdXRob3JpemVkIHVzZSBvbmx5MR8wHQYDVQQLExZWZXJpU2lnbiBU
-cnVzdCBOZXR3b3JrMB4XDTk4MDUxODAwMDAwMFoXDTI4MDgwMTIzNTk1OVow
-gcExCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoG
-A1UECxMzQ2xhc3MgNCBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1
-dGhvcml0eSAtIEcyMTowOAYDVQQLEzEoYykgMTk5OCBWZXJpU2lnbiwgSW5j
-LiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MR8wHQYDVQQLExZWZXJpU2ln
-biBUcnVzdCBOZXR3b3JrMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC6
-8OTP+cSuhVS5B1f5j8V/aBH4xBewRNzjMHPVKmIquNDMHO0oW369atyzkSTK
-QWI8/AIBvxwWMZQFl3Zuoq29YRdsTjCG8FE3KlDHqGKB3FtKqsGgtG7rL+VX
-xbErQHDbWk2hjh+9Ax/YA9SPTJlxvOKCzFjomDqG04Y48wApHwIDAQABMA0G
-CSqGSIb3DQEBBQUAA4GBAIWMEsGnuVAVess+rLhDityq3RS6iYF+ATwjcSGI
-L4LcY/oCRaxFWdcqWERbt5+BO5JoPeI3JPV7bI92NZYJqFmduc4jq3TWg/0y
-cyfYaT5DdPauxYma51N86Xv2S/PBZYPejYqcPIiNOVn8qj8ijaHBZlCBckzt
-ImRPT8qAkbYp
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/ed524cf5.0 b/cert-validity/mozilla/hashed/ed524cf5.0
deleted file mode 100644
index 56267570e28d..000000000000
--- a/cert-validity/mozilla/hashed/ed524cf5.0
+++ /dev/null
@@ -1,30 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIE2DCCBEGgAwIBAgIEN0rSQzANBgkqhkiG9w0BAQUFADCBwzELMAkGA1UE
-BhMCVVMxFDASBgNVBAoTC0VudHJ1c3QubmV0MTswOQYDVQQLEzJ3d3cuZW50
-cnVzdC5uZXQvQ1BTIGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTEl
-MCMGA1UECxMcKGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDE6MDgGA1UE
-AxMxRW50cnVzdC5uZXQgU2VjdXJlIFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1
-dGhvcml0eTAeFw05OTA1MjUxNjA5NDBaFw0xOTA1MjUxNjM5NDBaMIHDMQsw
-CQYDVQQGEwJVUzEUMBIGA1UEChMLRW50cnVzdC5uZXQxOzA5BgNVBAsTMnd3
-dy5lbnRydXN0Lm5ldC9DUFMgaW5jb3JwLiBieSByZWYuIChsaW1pdHMgbGlh
-Yi4pMSUwIwYDVQQLExwoYykgMTk5OSBFbnRydXN0Lm5ldCBMaW1pdGVkMTow
-OAYDVQQDEzFFbnRydXN0Lm5ldCBTZWN1cmUgU2VydmVyIENlcnRpZmljYXRp
-b24gQXV0aG9yaXR5MIGdMA0GCSqGSIb3DQEBAQUAA4GLADCBhwKBgQDNKIM0
-VBuJ8w+vN5Ex/68xYMmo6LIQaO2f55M28Qpku0f1BBc/I0dNxScZgSYMVHIN
-iC3ZH5oSn7yzcdOAGT9HZnuMNSjSuQrfJNqc1lB5gXpa0zf3wkrYKZImZNHk
-mGw6AIr1NJtl+O3jEP/9uElY3KDegjlrgbEWGWG5VLbmQwIBA6OCAdcwggHT
-MBEGCWCGSAGG+EIBAQQEAwIABzCCARkGA1UdHwSCARAwggEMMIHeoIHboIHY
-pIHVMIHSMQswCQYDVQQGEwJVUzEUMBIGA1UEChMLRW50cnVzdC5uZXQxOzA5
-BgNVBAsTMnd3dy5lbnRydXN0Lm5ldC9DUFMgaW5jb3JwLiBieSByZWYuIChs
-aW1pdHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMTk5OSBFbnRydXN0Lm5ldCBM
-aW1pdGVkMTowOAYDVQQDEzFFbnRydXN0Lm5ldCBTZWN1cmUgU2VydmVyIENl
-cnRpZmljYXRpb24gQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMCmgJ6AlhiNo
-dHRwOi8vd3d3LmVudHJ1c3QubmV0L0NSTC9uZXQxLmNybDArBgNVHRAEJDAi
-gA8xOTk5MDUyNTE2MDk0MFqBDzIwMTkwNTI1MTYwOTQwWjALBgNVHQ8EBAMC
-AQYwHwYDVR0jBBgwFoAU8BdiE1U9s/8KAGv7UISX8+1i0BowHQYDVR0OBBYE
-FPAXYhNVPbP/CgBr+1CEl/PtYtAaMAwGA1UdEwQFMAMBAf8wGQYJKoZIhvZ9
-B0EABAwwChsEVjQuMAMCBJAwDQYJKoZIhvcNAQEFBQADgYEAkNwwAvpkdMKn
-CqV8IY00F6j7Rw7/JXyNEwr75Ji174z4xRAN95K+8cPV1ZVqBLssziY2Zcgx
-xufuP+NXdYR6Ee9GTxj005i7qIcyunL2POI9n9cd2cNgQ4xYDiKWL2KjLB+6
-rQXvqzJ4h6BUcxm1XAX5Uj5tLUUL9wqT6u0G+bI=
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/ed62f4e3.0 b/cert-validity/mozilla/hashed/ed62f4e3.0
deleted file mode 100644
index 6565ead23b32..000000000000
--- a/cert-validity/mozilla/hashed/ed62f4e3.0
+++ /dev/null
@@ -1,20 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDAzCCAmwCEQC5L2DMiJ+hekYJuFtwbIqvMA0GCSqGSIb3DQEBBQUAMIHB
-MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xPDA6BgNV
-BAsTM0NsYXNzIDIgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRo
-b3JpdHkgLSBHMjE6MDgGA1UECxMxKGMpIDE5OTggVmVyaVNpZ24sIEluYy4g
-LSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTEfMB0GA1UECxMWVmVyaVNpZ24g
-VHJ1c3QgTmV0d29yazAeFw05ODA1MTgwMDAwMDBaFw0yODA4MDEyMzU5NTla
-MIHBMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xPDA6
-BgNVBAsTM0NsYXNzIDIgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBB
-dXRob3JpdHkgLSBHMjE6MDgGA1UECxMxKGMpIDE5OTggVmVyaVNpZ24sIElu
-Yy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTEfMB0GA1UECxMWVmVyaVNp
-Z24gVHJ1c3QgTmV0d29yazCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
-p4gBIXQs5xoD8JjhlzwPIQjxnNuX6Zr8wgQGE75fUsjMHiwSViy4AWkszJkf
-rbCWrnkE8hM5wXuYuggs6MKEEyyqaekJ9MepAqRCwiNPStjwDqL7MWzJ5m+Z
-Jwf15vRMeJ5t60aG+rmGyVTyssSv1EYcWskVMP8NbPUtDm3Of3cCAwEAATAN
-BgkqhkiG9w0BAQUFAAOBgQByLvl/0fFx+8Se9sVeUYpAmLho+Jscg9jinb3/
-7aHmZuovCfTK1+qlK5X2JGCGTUQug6XELaDTrnhpb3LabK4I8GOSN+a7xDAX
-rXfMSTWqz9iP0b63GJZHc2pUIjRkLbYWm1lbtFFZOrMLFPQS32eg9K0yZF6x
-RnInjBJ7xUS0rg==
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/ee7cd6fb.0 b/cert-validity/mozilla/hashed/ee7cd6fb.0
deleted file mode 100644
index 604873efcde8..000000000000
--- a/cert-validity/mozilla/hashed/ee7cd6fb.0
+++ /dev/null
@@ -1,30 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEvTCCA6WgAwIBAgIBADANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJF
-VTEnMCUGA1UEChMeQUMgQ2FtZXJmaXJtYSBTQSBDSUYgQTgyNzQzMjg3MSMw
-IQYDVQQLExpodHRwOi8vd3d3LmNoYW1iZXJzaWduLm9yZzEiMCAGA1UEAxMZ
-Q2hhbWJlcnMgb2YgQ29tbWVyY2UgUm9vdDAeFw0wMzA5MzAxNjEzNDNaFw0z
-NzA5MzAxNjEzNDRaMH8xCzAJBgNVBAYTAkVVMScwJQYDVQQKEx5BQyBDYW1l
-cmZpcm1hIFNBIENJRiBBODI3NDMyODcxIzAhBgNVBAsTGmh0dHA6Ly93d3cu
-Y2hhbWJlcnNpZ24ub3JnMSIwIAYDVQQDExlDaGFtYmVycyBvZiBDb21tZXJj
-ZSBSb290MIIBIDANBgkqhkiG9w0BAQEFAAOCAQ0AMIIBCAKCAQEAtzZV5aVd
-GDDg2olUkfzIx1L4L1DZ77F1c2VHfRtbunXF/KGIJPov7coISjlUxFF6tdpg
-6jg8gbLL8bvZkSM/SAFwdakFKq0fcfPJVD0dBmpAPrMMhe5cG3nCYsS4No41
-XQEMIwRHNaqbYE6gZj3LJgqcQKH0XZi/caulAGgq7YN6D6IUtdQis4CwPAxa
-UWktWBiP7Zme8a7ileb2R6jWDA+wWFjbw2Y3npuRVDM30pQcakjJyfKl2qUM
-I/cjDpwyVV5xnIQFUZot/eZOKjRa3spAN2cMVCFVd9oKDMyXroDclDZK9D7O
-NhMeU+SsTjoF7Nuucpw4i9A5O4kKPnf+dQIBA6OCAUQwggFAMBIGA1UdEwEB
-/wQIMAYBAf8CAQwwPAYDVR0fBDUwMzAxoC+gLYYraHR0cDovL2NybC5jaGFt
-YmVyc2lnbi5vcmcvY2hhbWJlcnNyb290LmNybDAdBgNVHQ4EFgQU45T1sU3p
-26EpW1eLTXYGduHRooowDgYDVR0PAQH/BAQDAgEGMBEGCWCGSAGG+EIBAQQE
-AwIABzAnBgNVHREEIDAegRxjaGFtYmVyc3Jvb3RAY2hhbWJlcnNpZ24ub3Jn
-MCcGA1UdEgQgMB6BHGNoYW1iZXJzcm9vdEBjaGFtYmVyc2lnbi5vcmcwWAYD
-VR0gBFEwTzBNBgsrBgEEAYGHLgoDATA+MDwGCCsGAQUFBwIBFjBodHRwOi8v
-Y3BzLmNoYW1iZXJzaWduLm9yZy9jcHMvY2hhbWJlcnNyb290Lmh0bWwwDQYJ
-KoZIhvcNAQEFBQADggEBAAxBl8IahsAifJ/7kPMa0QOx7xP5IV8EnNrJpY0n
-bJaHkb5BkAFyk+cefV/2icZdp0AJPaxJRUXcLo0waLIJuvvDL8y6C98/d3tG
-fToSJI6WjzwFCm/SlCgdbQzALogi1djPHRPH8EjX1wWnz8dHnjs8NMiAT9QU
-u/wNUPf6s+xCX6ndbcj0dc97wXImsQEcXCz9ek60AcUFV7nnPKoF2YjpB0ZB
-zu9Bga5Y34OirsrXdx/nADydb47kMgkdTXg0eDQ8lJsm7U9xxhl6vSAiSFr+
-S30Dt+dYvsYyTnQeaN2oaFuzPu5ifdmA6Ap1erfutGWaIZDgqtCYvDi1czyL
-+Nw=
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/f4996e82.0 b/cert-validity/mozilla/hashed/f4996e82.0
deleted file mode 100644
index e12d0b8fc917..000000000000
--- a/cert-validity/mozilla/hashed/f4996e82.0
+++ /dev/null
@@ -1,19 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIC5zCCAlACAQEwDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcTG1ZhbGlD
-ZXJ0IFZhbGlkYXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIElu
-Yy4xNTAzBgNVBAsTLFZhbGlDZXJ0IENsYXNzIDEgUG9saWN5IFZhbGlkYXRp
-b24gQXV0aG9yaXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZhbGljZXJ0LmNv
-bS8xIDAeBgkqhkiG9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMB4XDTk5MDYy
-NTIyMjM0OFoXDTE5MDYyNTIyMjM0OFowgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0
-IFZhbGlkYXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4x
-NTAzBgNVBAsTLFZhbGlDZXJ0IENsYXNzIDEgUG9saWN5IFZhbGlkYXRpb24g
-QXV0aG9yaXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZhbGljZXJ0LmNvbS8x
-IDAeBgkqhkiG9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMIGfMA0GCSqGSIb3
-DQEBAQUAA4GNADCBiQKBgQDYWYJ6ibiWuqYvaG9YLqdUHAZu9OqNSLwxlBfw
-8068srg1knaw0KWlAdcAAxIiGQj4/xEjm84H9b9pGib+TunRf50sQB1ZaG6m
-+FiwnRqP0z/x3BkGgagO4DrdyFNFCQbmD3DD+kCmDuJWBQ8YTfwggtFzVXSN
-dnKgHZ0dwN0/cQIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAFBoPUn0LBwGlN+V
-YH+Wexf+T3GtZMjdd9LvWVXoP+iOBSoh8gfStadS/pyxtuJbdxdA6nLWI8so
-gTLDAHkY7FkXicnGah5xyf23dKUlRWnFSKsZ4UWKJWsZ7uW7EvV/96aNUcPw
-nXS3qT6gpf+2SQMT2iLM7XGCK5nPOrf1LXLI
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/f559733c.0 b/cert-validity/mozilla/hashed/f559733c.0
deleted file mode 100644
index 674287b3cca5..000000000000
--- a/cert-validity/mozilla/hashed/f559733c.0
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEezCCA2OgAwIBAgIQNxkY5lNUfBq1uMtZWts1tzANBgkqhkiG9w0BAQUF
-ADCBrjELMAkGA1UEBhMCREUxIDAeBgNVBAgTF0JhZGVuLVd1ZXJ0dGVtYmVy
-ZyAoQlcpMRIwEAYDVQQHEwlTdHV0dGdhcnQxKTAnBgNVBAoTIERldXRzY2hl
-ciBTcGFya2Fzc2VuIFZlcmxhZyBHbWJIMT4wPAYDVQQDEzVTLVRSVVNUIEF1
-dGhlbnRpY2F0aW9uIGFuZCBFbmNyeXB0aW9uIFJvb3QgQ0EgMjAwNTpQTjAe
-Fw0wNTA2MjIwMDAwMDBaFw0zMDA2MjEyMzU5NTlaMIGuMQswCQYDVQQGEwJE
-RTEgMB4GA1UECBMXQmFkZW4tV3VlcnR0ZW1iZXJnIChCVykxEjAQBgNVBAcT
-CVN0dXR0Z2FydDEpMCcGA1UEChMgRGV1dHNjaGVyIFNwYXJrYXNzZW4gVmVy
-bGFnIEdtYkgxPjA8BgNVBAMTNVMtVFJVU1QgQXV0aGVudGljYXRpb24gYW5k
-IEVuY3J5cHRpb24gUm9vdCBDQSAyMDA1OlBOMIIBIjANBgkqhkiG9w0BAQEF
-AAOCAQ8AMIIBCgKCAQEA2bVKwdMz6tNGs9HiTNL1toPQb9UY6ZOvJ44TzbUl
-NlA0EmQpoVXhOmCTnijJ4/Ob4QSwI7+Vio5bG0F/WsPoTUzVJBY+h0jUJ67m
-91MduwwA7z5hca2/OnpYH5Q9XIHV1W/fuJvS9eXLg3KSwlOyggLrra1fFi2S
-U3bxibYs9cEv4KdKb6AwajLrmnQDaHgTncovmwsdvs91DSaXm8f1XgqfeN+z
-vOyauu9VjxuapgdjKRdZYgkqeQd3peDRF2npW932kKvimAoA0SVtnteFhy+S
-8dF2g08LOlk3KC8zpxdQ1iALCvQm+Z845y2kuJuJja2tyWp9iRe79n+Ag3rm
-7QIDAQABo4GSMIGPMBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQD
-AgEGMCkGA1UdEQQiMCCkHjAcMRowGAYDVQQDExFTVFJvbmxpbmUxLTIwNDgt
-NTAdBgNVHQ4EFgQUD8oeXHngovMpttKFswtKtWXsa1IwHwYDVR0jBBgwFoAU
-D8oeXHngovMpttKFswtKtWXsa1IwDQYJKoZIhvcNAQEFBQADggEBAK8B8O0Z
-PCjoTVy7pWMciDMDpwCHpB8gq9Yc4wYfl35UvbfRssnV2oDsF9eK9XvCAPbp
-EW+EoFolMeKJ+aQAPzFoLtU96G7m1R08P7K9n3frndOMusDXtk3sU5wPBG7q
-NWdX4wple5A64U8+wwCSersFiXOMy6ZNwPv2AtawB6MDwidAnwzkhYItr5pC
-HdDHjfhA7p0GVxzZotiAFP7hYy0yh9WUUpY6RsZxlj33mA6ykaqP2vROJAA5
-VeitF7nTNCtKqUDMFypVZUF0Qn71wK/Ik63yGFs9iQzbRzkk+OBM8h+wPQrK
-BU6JIRrjKpms/H+h8Q8bHz2eBIPdltkdOpQ=
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/f58a60fe.0 b/cert-validity/mozilla/hashed/f58a60fe.0
deleted file mode 100644
index 7ef8903b2f2e..000000000000
--- a/cert-validity/mozilla/hashed/f58a60fe.0
+++ /dev/null
@@ -1,23 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDqzCCApOgAwIBAgIRAMcoRwmzuGxFjB36JPU2TukwDQYJKoZIhvcNAQEF
-BQAwPDEbMBkGA1UEAxMSQ29tU2lnbiBTZWN1cmVkIENBMRAwDgYDVQQKEwdD
-b21TaWduMQswCQYDVQQGEwJJTDAeFw0wNDAzMjQxMTM3MjBaFw0yOTAzMTYx
-NTA0NTZaMDwxGzAZBgNVBAMTEkNvbVNpZ24gU2VjdXJlZCBDQTEQMA4GA1UE
-ChMHQ29tU2lnbjELMAkGA1UEBhMCSUwwggEiMA0GCSqGSIb3DQEBAQUAA4IB
-DwAwggEKAoIBAQDGtWhfHZQVw6QIVS3joFd67+l0Kru5fFdJGhFeTymHDEjW
-aueP1H5XJLkGieQcPOqs49ohgHMhCu95mGwfCP+hUH3ymBvJVG8+pSjsIQQP
-RbsHPaHA+iqYHU4Gk/v1iDurX8sWv+bznkqH7Rnqwp9D5PGBpX8QTz7RSmKt
-UxvLg/8HZaWSLWapW7ha9B20IZFKF3ueMv5WJDmyVIRD9YTC2LxBkMyd1mja
-6YJQqTtoz7VdApRgFrFD2UNd3V2Hbuq7s8lr9gOUCXDeFhF6K+h2j0kQmHe5
-Y1yLM5d19guMsqtb3nQgJT/j8xH5h2iGNXHDHYwt6+UarA9z1YJZQIDTAgMB
-AAGjgacwgaQwDAYDVR0TBAUwAwEB/zBEBgNVHR8EPTA7MDmgN6A1hjNodHRw
-Oi8vZmVkaXIuY29tc2lnbi5jby5pbC9jcmwvQ29tU2lnblNlY3VyZWRDQS5j
-cmwwDgYDVR0PAQH/BAQDAgGGMB8GA1UdIwQYMBaAFMFL7XC29z58ADsAj8c+
-DkWfHl3sMB0GA1UdDgQWBBTBS+1wtvc+fAA7AI/HPg5Fnx5d7DANBgkqhkiG
-9w0BAQUFAAOCAQEAFs/ukhNQq3sUnjO2QiBq1BW9Cav8cujvR3qQrFHBZE7p
-iL1DRYHjZiM/EoZNGeQFsOY3wo3aBijJD4mkU6l1P7CW+6tMM1X5eCZGbxs2
-mPtCdsGCuY7e+0X5YxtiOzkGynd6qDwJz2w2PQ8KRUtpFhpFfTMDZflScZAm
-laxMDPWLkz/MdXSFmLr/YnpNH4n+rr2UAJm/EaXc4HnFFgt9AmEd6oX5AhVP
-51qJThRv4zdLhfXBPGHg/QVBspJ/wx2g0K5SZGBrGMYmnNj1ZOQ2GmKfig8+
-/21OGVZOIJFsnzQzOjRXUDpvgV4GxvU+fE6OK85lBi5d0ipTdF7Tbieejw==
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/f61bff45.0 b/cert-validity/mozilla/hashed/f61bff45.0
deleted file mode 100644
index e3f269a31feb..000000000000
--- a/cert-validity/mozilla/hashed/f61bff45.0
+++ /dev/null
@@ -1,46 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIHqDCCBpCgAwIBAgIRAMy4579OKRr9otxmpRwsDxEwDQYJKoZIhvcNAQEF
-BQAwcjELMAkGA1UEBhMCSFUxETAPBgNVBAcTCEJ1ZGFwZXN0MRYwFAYDVQQK
-Ew1NaWNyb3NlYyBMdGQuMRQwEgYDVQQLEwtlLVN6aWdubyBDQTEiMCAGA1UE
-AxMZTWljcm9zZWMgZS1Temlnbm8gUm9vdCBDQTAeFw0wNTA0MDYxMjI4NDRa
-Fw0xNzA0MDYxMjI4NDRaMHIxCzAJBgNVBAYTAkhVMREwDwYDVQQHEwhCdWRh
-cGVzdDEWMBQGA1UEChMNTWljcm9zZWMgTHRkLjEUMBIGA1UECxMLZS1Temln
-bm8gQ0ExIjAgBgNVBAMTGU1pY3Jvc2VjIGUtU3ppZ25vIFJvb3QgQ0EwggEi
-MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDtyADVgXvNOABHzNuEwSFp
-LHSQDCHZU4ftPkNEU6+r+ICbPHiN1I2uuO/TEdyB5s87lozWbxXGd36hL+Bf
-krYn13aaHUM86tnsL+4582pnS4uCzyL4ZVX+LMsvfUh6PXX5qqAnu3jCBspR
-wn5mS6/NoqdNAoI/gqyFxuEPkEeZlApxcpMqyabAvjxWTHOSJ/FrtfX9/DAF
-YJLG65Z+AZHCabEeHXtTRbjcQR/Ji3HWVBTji1R4P770Yjtb9aPs1ZJ04nQw
-7wHb4dSrmZsqa/i9phyGI0Jf7Enemotb9HI6QMVJPqW+jqpx62z69Rrkav17
-fVVA71hu5tnVvCSrwe+3AgMBAAGjggQ3MIIEMzBnBggrBgEFBQcBAQRbMFkw
-KAYIKwYBBQUHMAGGHGh0dHBzOi8vcmNhLmUtc3ppZ25vLmh1L29jc3AwLQYI
-KwYBBQUHMAKGIWh0dHA6Ly93d3cuZS1zemlnbm8uaHUvUm9vdENBLmNydDAP
-BgNVHRMBAf8EBTADAQH/MIIBcwYDVR0gBIIBajCCAWYwggFiBgwrBgEEAYGo
-GAIBAQEwggFQMCgGCCsGAQUFBwIBFhxodHRwOi8vd3d3LmUtc3ppZ25vLmh1
-L1NaU1ovMIIBIgYIKwYBBQUHAgIwggEUHoIBEABBACAAdABhAG4A+gBzAO0A
-dAB2AOEAbgB5ACAA6QByAHQAZQBsAG0AZQB6AOkAcwDpAGgAZQB6ACAA6QBz
-ACAAZQBsAGYAbwBnAGEAZADhAHMA4QBoAG8AegAgAGEAIABTAHoAbwBsAGcA
-4QBsAHQAYQB0APMAIABTAHoAbwBsAGcA4QBsAHQAYQB0AOEAcwBpACAAUwB6
-AGEAYgDhAGwAeQB6AGEAdABhACAAcwB6AGUAcgBpAG4AdAAgAGsAZQBsAGwA
-IABlAGwAagDhAHIAbgBpADoAIABoAHQAdABwADoALwAvAHcAdwB3AC4AZQAt
-AHMAegBpAGcAbgBvAC4AaAB1AC8AUwBaAFMAWgAvMIHIBgNVHR8EgcAwgb0w
-gbqggbeggbSGIWh0dHA6Ly93d3cuZS1zemlnbm8uaHUvUm9vdENBLmNybIaB
-jmxkYXA6Ly9sZGFwLmUtc3ppZ25vLmh1L0NOPU1pY3Jvc2VjJTIwZS1Temln
-bm8lMjBSb290JTIwQ0EsT1U9ZS1Temlnbm8lMjBDQSxPPU1pY3Jvc2VjJTIw
-THRkLixMPUJ1ZGFwZXN0LEM9SFU/Y2VydGlmaWNhdGVSZXZvY2F0aW9uTGlz
-dDtiaW5hcnkwDgYDVR0PAQH/BAQDAgEGMIGWBgNVHREEgY4wgYuBEGluZm9A
-ZS1zemlnbm8uaHWkdzB1MSMwIQYDVQQDDBpNaWNyb3NlYyBlLVN6aWduw7Mg
-Um9vdCBDQTEWMBQGA1UECwwNZS1TemlnbsOzIEhTWjEWMBQGA1UEChMNTWlj
-cm9zZWMgS2Z0LjERMA8GA1UEBxMIQnVkYXBlc3QxCzAJBgNVBAYTAkhVMIGs
-BgNVHSMEgaQwgaGAFMegSXUWYYTbMUuE0vE3QJDvTtz3oXakdDByMQswCQYD
-VQQGEwJIVTERMA8GA1UEBxMIQnVkYXBlc3QxFjAUBgNVBAoTDU1pY3Jvc2Vj
-IEx0ZC4xFDASBgNVBAsTC2UtU3ppZ25vIENBMSIwIAYDVQQDExlNaWNyb3Nl
-YyBlLVN6aWdubyBSb290IENBghEAzLjnv04pGv2i3GalHCwPETAdBgNVHQ4E
-FgQUx6BJdRZhhNsxS4TS8TdAkO9O3PcwDQYJKoZIhvcNAQEFBQADggEBANMT
-nGZjWS7KXHAM/IO8VbH0jgdsZifOwTsgqRy7RlRw7lrMoHfqaEQn6/Ip3Xep
-1fvj1KcExJW4C+FEaGAHQzAxQmHl7tnlJNUb3+FKG6qfx1/4ehHqE5MAyopY
-se7tDk2016g2JnzgOsHVV4Lxdbb9iV/a86g4nzUGCM4ilb7N1fy+W955a9x6
-qWVmvrElWl/tftOsRm1M9DKHtCAE4Gx4sHfRhUZLphK3dehKyVZs15KrnfVJ
-ONJPU+NVkBHbmJbGSfI+9J8b4PeI3CVimUTYc78/MPMMNz7UwiiAc7EBt51a
-lhQBS6kRnSlqLtBdgcDPsiBDxwPgN05dCtxZICU=
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/f80cc7f6.0 b/cert-validity/mozilla/hashed/f80cc7f6.0
deleted file mode 100644
index 8054d969745b..000000000000
--- a/cert-validity/mozilla/hashed/f80cc7f6.0
+++ /dev/null
@@ -1,36 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIF5zCCA8+gAwIBAgIITK9zQhyOdAIwDQYJKoZIhvcNAQEFBQAwgYAxODA2
-BgNVBAMML0VCRyBFbGVrdHJvbmlrIFNlcnRpZmlrYSBIaXptZXQgU2HEn2xh
-ecSxY8Sxc8SxMTcwNQYDVQQKDC5FQkcgQmlsacWfaW0gVGVrbm9sb2ppbGVy
-aSB2ZSBIaXptZXRsZXJpIEEuxZ4uMQswCQYDVQQGEwJUUjAeFw0wNjA4MTcw
-MDIxMDlaFw0xNjA4MTQwMDMxMDlaMIGAMTgwNgYDVQQDDC9FQkcgRWxla3Ry
-b25payBTZXJ0aWZpa2EgSGl6bWV0IFNhxJ9sYXnEsWPEsXPEsTE3MDUGA1UE
-CgwuRUJHIEJpbGnFn2ltIFRla25vbG9qaWxlcmkgdmUgSGl6bWV0bGVyaSBB
-LsWeLjELMAkGA1UEBhMCVFIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK
-AoICAQDuoIRh0DpqZhAy2DE4f6en5f2h4fuXd7hxlugTlkaDT7byX3JWbhNg
-pQGR4lvFzVcfd2NR/y8927k/qqk153nQ9dAktiHq6yOU/im/+4mRDGSaBUor
-zAzu8T2bgmmkTPiab+ci2hC6X5L8GCcKqKpE+i4stPtGmggDg3KriORqcsnl
-ZR9uKg+ds+g75AxuetpX/dfreYteIAbTdgtsApWjluTLdlHRKJ2hGvxEok3M
-enaoDT2/F08iiFD9rrbskFBKW5+VQarKD7JK/oCZTqNGFav4c0JqwmZ2sQom
-Fd2TkuzbqV9UIlKRcF0T6kjsbgNs2d1s/OsNA/+mgxKb8amTD8UmTDGyY5lh
-cucqZJnSuOl14nypqZoaqsNW2xCaPINStnuWt6yHd6i58mcLlEOzrz5z+kI2
-sSXFCjEmN1ZnuqMLfdb3ic1nobc6HmZP9qBVFCVMLDMNpkGMvQQxahByCp0O
-Lna9XvNRiYuoP1Vzv9s6xiQFlpJIqkuNKgPlV5EQ9GooFW5Hd4RcUXSfGenm
-HmMWOeMRFeNYGkS9y8RsZteEBt8w9DeiQyJ50hBs37vmExH8nYQKE3vwO9D8
-owrXieqWfo1IhR5kX9tUoqzVegJ5a9KK8GfaZXINFHDk6Y54jzJ0fFfy1tb0
-Nokb+Clsi7n2l9GkLqq+CxnCRelwXQIDAJ3Zo2MwYTAPBgNVHRMBAf8EBTAD
-AQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQU587GT/wWZ5b6SqMHwQSn
-y2re2kcwHwYDVR0jBBgwFoAU587GT/wWZ5b6SqMHwQSny2re2kcwDQYJKoZI
-hvcNAQEFBQADggIBAJuYml2+8ygjdsZs93/mQJ7ANtyVDR2tFcU22NU57/Ie
-Il6zgrRdu0waypIN30ckHrMk2pGI6YNw3ZPX6bqz3xZaPt7gyPvT/Wwp+BVG
-oGgmzJNSroIBk5DKd8pNSe/iWtkqvTDOTLKBtjDOWU/aWR1qeqRFsIImgYZ2
-9fUQALjuswnoT4cCB64kXPBfrAowzIpAoHMEwfuJJPaaHFy3PApnNgUIMbOv
-2AFoKuB4j3TeuFGkjGwgPaL7s9QJ/XvCgKqTbCmYIai7FvOpEl90tYeY8pUm
-3zTvilORiF0alKM/fCL414i6poyWqD1SNGKfAB5UVUJnxk1Gj7sURT0KlhaO
-EKGXmdXTMIXM3rRyt7yKPBgpaP3ccQfuJDlq+u2lrDgv+R4QDgZxGhBM/nV+
-/x5XOULK1+EVoVZVWRvRo68R2E7DpSvvkL/A7IITW43WciyTTo9qKd+FPNMN
-4KIYEsxVL0e3p5sC/kH2iExt2qkBR4NkJ2IQgtYSe14DHzSpyZH+r11thie3
-I6p1GMog57AP14kOpmciY/SDQSsGS7tY1dHXt7kQY9iJSrSq3RZj9W6+YKH4
-7ejWkE8axsWgKdOnIaj1Wjz3x0miIZpKlVIglnKaZsv30oZDfCK+lvm9AahH
-3eU7QPl1K5srRmSGjR70j/sHd9DqSaIcjVIUpgqT
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/f950ccc2.0 b/cert-validity/mozilla/hashed/f950ccc2.0
deleted file mode 100644
index 64551b1e3e41..000000000000
--- a/cert-validity/mozilla/hashed/f950ccc2.0
+++ /dev/null
@@ -1,48 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIH6jCCB1OgAwIBAgIBADANBgkqhkiG9w0BAQUFADCCARIxCzAJBgNVBAYT
-AkVTMRIwEAYDVQQIEwlCYXJjZWxvbmExEjAQBgNVBAcTCUJhcmNlbG9uYTEu
-MCwGA1UEChMlSVBTIEludGVybmV0IHB1Ymxpc2hpbmcgU2VydmljZXMgcy5s
-LjErMCkGA1UEChQiaXBzQG1haWwuaXBzLmVzIEMuSS5GLiAgQi02MDkyOTQ1
-MjEuMCwGA1UECxMlSVBTIENBIENMQVNFMSBDZXJ0aWZpY2F0aW9uIEF1dGhv
-cml0eTEuMCwGA1UEAxMlSVBTIENBIENMQVNFMSBDZXJ0aWZpY2F0aW9uIEF1
-dGhvcml0eTEeMBwGCSqGSIb3DQEJARYPaXBzQG1haWwuaXBzLmVzMB4XDTAx
-MTIyOTAwNTkzOFoXDTI1MTIyNzAwNTkzOFowggESMQswCQYDVQQGEwJFUzES
-MBAGA1UECBMJQmFyY2Vsb25hMRIwEAYDVQQHEwlCYXJjZWxvbmExLjAsBgNV
-BAoTJUlQUyBJbnRlcm5ldCBwdWJsaXNoaW5nIFNlcnZpY2VzIHMubC4xKzAp
-BgNVBAoUImlwc0BtYWlsLmlwcy5lcyBDLkkuRi4gIEItNjA5Mjk0NTIxLjAs
-BgNVBAsTJUlQUyBDQSBDTEFTRTEgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkx
-LjAsBgNVBAMTJUlQUyBDQSBDTEFTRTEgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
-dHkxHjAcBgkqhkiG9w0BCQEWD2lwc0BtYWlsLmlwcy5lczCBnzANBgkqhkiG
-9w0BAQEFAAOBjQAwgYkCgYEA4FEnpwvdr9G5Q1uCN0VWcu+atsIS7ywSzHb5
-BlmvXSHU0lq4oNTzav3KaY1mSPd05u42veiWkXWmcSjK5yISMmmwPh5r9FBS
-YmL9Yzt9fuzuOOpi9GyocY3h6YvJP8a1zZRCb92CRTzo3wno7wpVqVZHYUxJ
-ZHMQKD/Kvwn/xi8CAwEAAaOCBEowggRGMB0GA1UdDgQWBBTrsxl588GlHKzc
-uh9morKbadB4CDCCAUQGA1UdIwSCATswggE3gBTrsxl588GlHKzcuh9morKb
-adB4CKGCARqkggEWMIIBEjELMAkGA1UEBhMCRVMxEjAQBgNVBAgTCUJhcmNl
-bG9uYTESMBAGA1UEBxMJQmFyY2Vsb25hMS4wLAYDVQQKEyVJUFMgSW50ZXJu
-ZXQgcHVibGlzaGluZyBTZXJ2aWNlcyBzLmwuMSswKQYDVQQKFCJpcHNAbWFp
-bC5pcHMuZXMgQy5JLkYuICBCLTYwOTI5NDUyMS4wLAYDVQQLEyVJUFMgQ0Eg
-Q0xBU0UxIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MS4wLAYDVQQDEyVJUFMg
-Q0EgQ0xBU0UxIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MR4wHAYJKoZIhvcN
-AQkBFg9pcHNAbWFpbC5pcHMuZXOCAQAwDAYDVR0TBAUwAwEB/zAMBgNVHQ8E
-BQMDB/+AMGsGA1UdJQRkMGIGCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUH
-AwMGCCsGAQUFBwMEBggrBgEFBQcDCAYKKwYBBAGCNwIBFQYKKwYBBAGCNwIB
-FgYKKwYBBAGCNwoDAQYKKwYBBAGCNwoDBDARBglghkgBhvhCAQEEBAMCAAcw
-GgYDVR0RBBMwEYEPaXBzQG1haWwuaXBzLmVzMBoGA1UdEgQTMBGBD2lwc0Bt
-YWlsLmlwcy5lczBBBglghkgBhvhCAQ0ENBYyQ0xBU0UxIENBIENlcnRpZmlj
-YXRlIGlzc3VlZCBieSBodHRwOi8vd3d3Lmlwcy5lcy8wKQYJYIZIAYb4QgEC
-BBwWGmh0dHA6Ly93d3cuaXBzLmVzL2lwczIwMDIvMDoGCWCGSAGG+EIBBAQt
-FitodHRwOi8vd3d3Lmlwcy5lcy9pcHMyMDAyL2lwczIwMDJDTEFTRTEuY3Js
-MD8GCWCGSAGG+EIBAwQyFjBodHRwOi8vd3d3Lmlwcy5lcy9pcHMyMDAyL3Jl
-dm9jYXRpb25DTEFTRTEuaHRtbD8wPAYJYIZIAYb4QgEHBC8WLWh0dHA6Ly93
-d3cuaXBzLmVzL2lwczIwMDIvcmVuZXdhbENMQVNFMS5odG1sPzA6BglghkgB
-hvhCAQgELRYraHR0cDovL3d3dy5pcHMuZXMvaXBzMjAwMi9wb2xpY3lDTEFT
-RTEuaHRtbDBzBgNVHR8EbDBqMDGgL6AthitodHRwOi8vd3d3Lmlwcy5lcy9p
-cHMyMDAyL2lwczIwMDJDTEFTRTEuY3JsMDWgM6Axhi9odHRwOi8vd3d3YmFj
-ay5pcHMuZXMvaXBzMjAwMi9pcHMyMDAyQ0xBU0UxLmNybDAvBggrBgEFBQcB
-AQQjMCEwHwYIKwYBBQUHMAGGE2h0dHA6Ly9vY3NwLmlwcy5lcy8wDQYJKoZI
-hvcNAQEFBQADgYEAK9Dr/drIyllq2tPMMi7JVBuKYn4VLenZMdMu9Ccj/1ur
-xUq2ckCuU3T0vAW0xtnIyXf7t/k0f3gA+Nak5FI/LEpjV4F1Wo7ojPsCwJTG
-Kbqz3Bzosq/SLmJbGqmODszFV0VRFOlOHIilkfSj945RyKm+hjM+5i9Ibq9U
-kE6tsSU=
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/fac084d7.0 b/cert-validity/mozilla/hashed/fac084d7.0
deleted file mode 100644
index c1e2c771ed64..000000000000
--- a/cert-validity/mozilla/hashed/fac084d7.0
+++ /dev/null
@@ -1,23 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDoDCCAoigAwIBAgIBMTANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJK
-UDEcMBoGA1UEChMTSmFwYW5lc2UgR292ZXJubWVudDEWMBQGA1UECxMNQXBw
-bGljYXRpb25DQTAeFw0wNzEyMTIxNTAwMDBaFw0xNzEyMTIxNTAwMDBaMEMx
-CzAJBgNVBAYTAkpQMRwwGgYDVQQKExNKYXBhbmVzZSBHb3Zlcm5tZW50MRYw
-FAYDVQQLEw1BcHBsaWNhdGlvbkNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
-MIIBCgKCAQEAp23gdE6Hj6UG3mii24aZS2QNcfAKBZuOquHMLtJqO8F6tJdh
-jYq+xpqcBrSGUeQ3DnR4fl+Kf5Sk10cI/VBaVuRorChzoHvpfxiSQE8tnfWu
-REhzNgaeZCw7NCPbXCbkcXmP1G55IrmTwcrNwVbtiGrXoDkhBFcsovW8R0FP
-XjQilbUfKW1eSvNNcr5BViCH/OlQR9cwFO5cjFW6WY2H/CPek9AEjP3vbb3Q
-esmlOmpyM8ZKDQUXKi17safY1vC+9D/qDihtQWEjdnjDuGWk81quzMKq2edY
-3rZ+nYVunyoKb58DKTCXKB28t89UKU5RMfkntigm/qJj5kEW8DOYRwIDAQAB
-o4GeMIGbMB0GA1UdDgQWBBRUWssmP3HMlEYNllPqa0jQk/5CdTAOBgNVHQ8B
-Af8EBAMCAQYwWQYDVR0RBFIwUKROMEwxCzAJBgNVBAYTAkpQMRgwFgYDVQQK
-DA/ml6XmnKzlm73mlL/lupwxIzAhBgNVBAsMGuOCouODl+ODquOCseODvOOC
-t+ODp+ODs0NBMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEB
-ADlqRHZ3ODrso2dGD/mLBqj7apAxzn7s2tGJfHrrLgy9mTLnsCTWw//1sogJ
-hyzjVOGjprIIC8CFqMjSnHH2HZ9g/DgzE+Ge3Atf2hZQKXsvcJEPmbo0NI2V
-dMV+eKlmXb3KIXdCEKxmJj3ekav9FfBv7WxfEPjzFvYDio+nEhEMy/0/ecGc
-/WLuo89UDNErXxc+4z6/wCs+CZv+iKZ+tJIX/COUgb1up8WMwusRRdv4QcmW
-dupwX3kSa+SjB1oF7ydJzyGfikwJcGapJsErEU4z0g781mzSDjJkaP+tBXhf
-Ax2o45CsJOAPQKdLrosot4LKGAfmt1t06SAZf7IbiVQ=
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/facacbc6.0 b/cert-validity/mozilla/hashed/facacbc6.0
deleted file mode 100644
index ac020205f099..000000000000
--- a/cert-validity/mozilla/hashed/facacbc6.0
+++ /dev/null
@@ -1,30 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIE0zCCA7ugAwIBAgIQGNrRniZ96LtKIVjNzGs7SjANBgkqhkiG9w0BAQUF
-ADCByjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8w
-HQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykg
-MjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5
-MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENl
-cnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzUwHhcNMDYxMTA4MDAwMDAwWhcN
-MzYwNzE2MjM1OTU5WjCByjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlT
-aWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTow
-OAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3Jp
-emVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAzIFB1Ymxp
-YyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzUwggEiMA0G
-CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvJAgIKXo1nmAMqudLO07cfLw8
-RRy7K+D+KQL5VwijZIUVJ/XxrcgxiV0i6CqqpkKzj/i5Vbext0uz/o9+B1fs
-70PbZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6/WhkcIzSdhDY2pS
-S9KP6HBRTdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQGBO+Q
-ueQA5N06tRn/Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+
-rCpSx4/VBEnkjWNHiDxpg8v+R70rfk/Fla4OndTRQ8Bnc+MUCH7lP59zuDMK
-z10/NIeWiu5T6CUVAgMBAAGjgbIwga8wDwYDVR0TAQH/BAUwAwEB/zAOBgNV
-HQ8BAf8EBAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2Uv
-Z2lmMCEwHzAHBgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0
-cDovL2xvZ28udmVyaXNpZ24uY29tL3ZzbG9nby5naWYwHQYDVR0OBBYEFH/T
-ZafC3ey78DAJ80M5+gKvMzEzMA0GCSqGSIb3DQEBBQUAA4IBAQCTJEowX2LP
-2BqYLz3q3JktvXf2pXkiOOzEp6B4Eq1iDkVwZMXnl2YtmAl+X6/WzChl8gGq
-CBpH3vn5fJJaCGkgDdk+bW48DW7Y5gaRQBi5+MHt39tBquCWIMnNZBU4gcmU
-7qKEKQsTb47bDN0lAtukixlE0kF6BWlKWE9gyn6CagsCqiUXObXbf+eEZSqV
-ir2G3l6BFoMtEMze/aiCKm0oHw0LxOXnGiYZ4fQRbxC1lfznQgUy286dUV4o
-tp6F01vvpX1FQHKOtw5rDgb7MzVIcbidJ4vEZV8NhnacRHr2lVz2XTIIM6RU
-thg/aFzyQkqFOFSDX9HoLPKsEdao7WNq
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/fde84897.0 b/cert-validity/mozilla/hashed/fde84897.0
deleted file mode 100644
index 77972ba8296c..000000000000
--- a/cert-validity/mozilla/hashed/fde84897.0
+++ /dev/null
@@ -1,23 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDqDCCApCgAwIBAgIJAP7c4wEPyUj/MA0GCSqGSIb3DQEBBQUAMDQxCzAJ
-BgNVBAYTAkZSMRIwEAYDVQQKDAlEaGlteW90aXMxETAPBgNVBAMMCENlcnRp
-Z25hMB4XDTA3MDYyOTE1MTMwNVoXDTI3MDYyOTE1MTMwNVowNDELMAkGA1UE
-BhMCRlIxEjAQBgNVBAoMCURoaW15b3RpczERMA8GA1UEAwwIQ2VydGlnbmEw
-ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIaPHJ1tazNHUmgh7s
-tL7qXOEm7RFHYeGifBZ4QCHkYJ5ayGPhxLGWkv8YbWkj4Sti993iNi+RB7lI
-zw7sebYs5zRLcAglozyHGxnygQcPOJAZ0xH+hrTy0V4eHpbNgGzOOzGTtvKg
-0KmVEn2lmsxryIRWijOp5yIVUxbwzBfsV1/pogqYCd7jX5xv3EjjhQsVWqa6
-n6xI4wmy9/Qy3l40vhx4XUJbzg4ij02Q130yGLMLLGq/jj8UEYkgDncUtT2U
-CIf3JR7VsmAA7G8qKCVuKj4YYxclPz5EIBb2JsglrgVKtOdjLPOMFlN+XPsR
-GgjBRmKfIrjxwo1p3Po6WAbfAgMBAAGjgbwwgbkwDwYDVR0TAQH/BAUwAwEB
-/zAdBgNVHQ4EFgQUGu3+QTmQtCRZvgHyUtVF9lo53BEwZAYDVR0jBF0wW4AU
-Gu3+QTmQtCRZvgHyUtVF9lo53BGhOKQ2MDQxCzAJBgNVBAYTAkZSMRIwEAYD
-VQQKDAlEaGlteW90aXMxETAPBgNVBAMMCENlcnRpZ25hggkA/tzjAQ/JSP8w
-DgYDVR0PAQH/BAQDAgEGMBEGCWCGSAGG+EIBAQQEAwIABzANBgkqhkiG9w0B
-AQUFAAOCAQEAhQMeknH2Qq/ho2Ge6/PAD/Kl1NqV5ta+aDY9fm4fTIrv0Q8h
-bV6lUmPOEvjvKtpv6zf+EwLHyzs+ImvaYS5/1HI93TDhHkxAGYwP15zRgzB7
-mFncfca5DClMoTOi62c6ZYTTluLtdkVwj7Ur3vkj1kluPBS1xp81HlDQwY9q
-cEQCYsuuHWhBp6pX6FOqB9IG9tUUBguRA3UsbHK1YZWaDYu5Def131TN3ubY
-1gkIl2PlwS6wt0QmwCbAr1UwnjvVNioZBPRcHv/PLLf/0P2HQBHVESO7SMAh
-qaQoLf0V+LBOK/QwWyH8EZE0vkHve52Xdf+XlcCWWC/qu0bXu+TZLg==
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/ff588423.0 b/cert-validity/mozilla/hashed/ff588423.0
deleted file mode 100644
index 1510c0ad0bf6..000000000000
--- a/cert-validity/mozilla/hashed/ff588423.0
+++ /dev/null
@@ -1,23 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDkzCCAnugAwIBAgIQFBOWgxRVjOp7Y+X8NId3RDANBgkqhkiG9w0BAQUF
-ADA0MRMwEQYDVQQDEwpDb21TaWduIENBMRAwDgYDVQQKEwdDb21TaWduMQsw
-CQYDVQQGEwJJTDAeFw0wNDAzMjQxMTMyMThaFw0yOTAzMTkxNTAyMThaMDQx
-EzARBgNVBAMTCkNvbVNpZ24gQ0ExEDAOBgNVBAoTB0NvbVNpZ24xCzAJBgNV
-BAYTAklMMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8ORUaSvT
-x49qROR+WCf4C9DklBKK8Rs4OC8fMZwG1Cyn3gsqrhqg455qv588x26i+Ytk
-bDqthVVRVKU4VbirgwTyP2Q298CNQ0NqZtH3FyrV7zb6MBBC11PN+fozc0yz
-6YQgitZBJzXkOPqUm7h65HkfM/sb2CEJKHxNGGleZIp6GZPKfuzzcuc3B1hZ
-KKxC+cX/zT/npfo4sdAMx9lSGlPWgcxCejVb7Us6eva1jsz/D3zkYDaHL63w
-oSV9/9JLEYhwVKZBqGdTUkJe5DSe5L6j7KpiXd3DTKaCQeQzC6zJMw9kglcq
-/QytNuEMrkvF7zuZ2SOzW120V+x0cAwqTwIDAQABo4GgMIGdMAwGA1UdEwQF
-MAMBAf8wPQYDVR0fBDYwNDAyoDCgLoYsaHR0cDovL2ZlZGlyLmNvbXNpZ24u
-Y28uaWwvY3JsL0NvbVNpZ25DQS5jcmwwDgYDVR0PAQH/BAQDAgGGMB8GA1Ud
-IwQYMBaAFEsBmz5WGmU2dst7l6qSBe4y5ygxMB0GA1UdDgQWBBRLAZs+Vhpl
-NnbLe5eqkgXuMucoMTANBgkqhkiG9w0BAQUFAAOCAQEA0Nmlfv4pYEWdfoPP
-brxHbvUanlR2QnG0PFg/LUAlQvaBnPGJEMgOqnhPOAlXsDzACPw1jvFIUY0M
-cXS6hMTXcpuEfDhOZAYnKuGntewImbQKDdSFc8gS4TXt8QUxHXOZDOuWyt3T
-5oWq8Ir7dcHyCTxlZWTzTNity4hp8+SDtwy9F1qWF8pb/627HOkthIDYIb6F
-UtnUdLlphbpN7Sgy6/lhSuTENh4Z3G+EER+V9YMoGKgzkkMn3V0TBEVPh9VG
-zT2ouvDzuFYkRes3x+F2T3I5GN9+dHLHcy056mDmrRGiVod7w2ia/viMcKjf
-ZTL0pECMocJEAw6UAGegcQCCSA==
------END CERTIFICATE-----
diff --git a/cert-validity/mozilla/hashed/ff783690.0 b/cert-validity/mozilla/hashed/ff783690.0
deleted file mode 100644
index 4383399e3bce..000000000000
--- a/cert-validity/mozilla/hashed/ff783690.0
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEdDCCA1ygAwIBAgIQRL4Mi1AAJLQR0zYq/mUK/TANBgkqhkiG9w0BAQUF
-ADCBlzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0
-IExha2UgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEw
-HwYDVQQLExhodHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xHzAdBgNVBAMTFlVU
-Ti1VU0VSRmlyc3QtSGFyZHdhcmUwHhcNOTkwNzA5MTgxMDQyWhcNMTkwNzA5
-MTgxOTIyWjCBlzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQH
-Ew5TYWx0IExha2UgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3
-b3JrMSEwHwYDVQQLExhodHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xHzAdBgNV
-BAMTFlVUTi1VU0VSRmlyc3QtSGFyZHdhcmUwggEiMA0GCSqGSIb3DQEBAQUA
-A4IBDwAwggEKAoIBAQCx98M4P7Sof885glFn0G2f0v9Y8+efK+wNiVSZuTiZ
-FvfgIXlIwrthdBKWHTxqctU8EGc6Oe0rE81m65UJM6Rsl7HoxuzBdXmcRl6N
-q9Bq/bkqVRcQVLMZ8Jr28bFdtqdt++BxF2uiiPsA3/4aMXcMmgF6sTLjKwEH
-OG7DpV4jvEWbe1DByTCP2+UretNb+zNAHqDVmBe8i4fDidNdoI6yqqr2jmmI
-BsX6iSHzCJ1pLgkzmykNRg+MzEk0sGlRvfkGzWitZky8PqxhvQqIDsjfPe58
-BEydCl5rkdbux+0ojatNh4lz0G6k0B4WixThdkQDf2Os5M1JnMWS9KsyoUhb
-AgMBAAGjgbkwgbYwCwYDVR0PBAQDAgHGMA8GA1UdEwEB/wQFMAMBAf8wHQYD
-VR0OBBYEFKFyXyYbKJhDlV0HN9WFlp1L0sNFMEQGA1UdHwQ9MDswOaA3oDWG
-M2h0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9VVE4tVVNFUkZpcnN0LUhhcmR3
-YXJlLmNybDAxBgNVHSUEKjAoBggrBgEFBQcDAQYIKwYBBQUHAwUGCCsGAQUF
-BwMGBggrBgEFBQcDBzANBgkqhkiG9w0BAQUFAAOCAQEARxkP3nTGmZev/K0o
-XnWO6y1n7k57K9cM//bey1WiCuFMVGWTYGufEpytXoMs61quwOQt9ABjHbjA
-bPLPSbtNk28GpgoiskliCE7/yMgUsogWXecB5BKV5UU0s4tpvc+0hY91UZ59
-Ojg6FEgSxvunOxqNDYJAB+gECJChicsZUN/KHAG8HQQZexB2lzvukJDKxA4f
-Fm517zP4029bHpbj4HR3dHuKom4t3XbWOTCC8KucUvIqx69JXn7HaOWCgchq
-J/kniCrVWFCVH/A7HFe7fRQ5YiuayZSSKqMiDP+JJn1fIytH1xUdqWqeUQ0q
-UZ6B+dQ7XnASfxAynB67nfhmqA==
------END CERTIFICATE-----
diff --git a/chromium/.eslintignore b/chromium/.eslintignore
new file mode 100644
index 000000000000..6f1043967f94
--- /dev/null
+++ b/chromium/.eslintignore
@@ -0,0 +1 @@
+external/
diff --git a/chromium/.eslintrc.json b/chromium/.eslintrc.json
new file mode 100644
index 000000000000..c696ae27c66e
--- /dev/null
+++ b/chromium/.eslintrc.json
@@ -0,0 +1,27 @@
+{
+  "env": {
+    "browser": true,
+    "es6": true,
+    "webextensions": true
+  },
+  "parserOptions": {
+    "ecmaVersion": 2019,
+    "sourceType": "script"
+  },
+  "rules": {
+    "indent": ["error", 2, {"outerIIFEBody": 0}],
+    "no-unused-vars": "error",
+    "no-undef": "error",
+    "strict": ["error", "global"],
+    "semi": ["error", "always"],
+    "space-before-blocks": ["error"],
+    "brace-style": ["error"],
+    "no-invalid-regexp": "error",
+    "no-trailing-spaces": "error"
+  },
+  "globals": {
+    "exports": true,
+    "require": true,
+    "wasm_bindgen": true
+  }
+}
diff --git a/chromium/.gitignore b/chromium/.gitignore
index 54bc44849d57..94dda0257826 100644
--- a/chromium/.gitignore
+++ b/chromium/.gitignore
@@ -1 +1,2 @@
-updates.xml
\ No newline at end of file
+.nyc_output
+updates.xml
diff --git a/chromium/URI.js b/chromium/URI.js
deleted file mode 100644
index f411ee508147..000000000000
--- a/chromium/URI.js
+++ /dev/null
@@ -1,69 +0,0 @@
-/*! URI.js v1.7.2 http://medialize.github.com/URI.js/ */
-/* build contains: IPv6.js, punycode.js, SecondLevelDomains.js, URI.js, URITemplate.js */
-(function(){("undefined"!==typeof module&&module.exports?module.exports:window).IPv6={best:function(d){var d=d.toLowerCase().split(":"),j=d.length,h=8;""===d[0]&&""===d[1]&&""===d[2]?(d.shift(),d.shift()):""===d[0]&&""===d[1]?d.shift():""===d[j-1]&&""===d[j-2]&&d.pop();j=d.length;-1!==d[j-1].indexOf(".")&&(h=7);var i;for(i=0;i<j&&""!==d[i];i++);if(i<h)for(d.splice(i,1,"0000");d.length<h;)d.splice(i,0,"0000");for(i=0;i<h;i++){for(var j=d[i].split(""),f=0;3>f;f++)if("0"===j[0]&&1<j.length)j.splice(0,
-1);else break;d[i]=j.join("")}var j=-1,r=f=0,t=-1,g=!1;for(i=0;i<h;i++)g?"0"===d[i]?r+=1:(g=!1,r>f&&(j=t,f=r)):"0"==d[i]&&(g=!0,t=i,r=1);r>f&&(j=t,f=r);1<f&&d.splice(j,f,"");j=d.length;h="";""===d[0]&&(beststr=":");for(i=0;i<j;i++){h+=d[i];if(i===j-1)break;h+=":"}""===d[j-1]&&(h+=":");return h}}})();
-(function(d){function j(a){throw RangeError(B[a]);}function h(a,b){for(var e=a.length;e--;)a[e]=b(a[e]);return a}function i(a){for(var b=[],e=0,c=a.length,k,d;e<c;)k=a.charCodeAt(e++),55296==(k&63488)&&(d=a.charCodeAt(e++),(55296!=(k&64512)||56320!=(d&64512))&&j("ucs2decode"),k=((k&1023)<<10)+(d&1023)+65536),b.push(k);return b}function f(a){return h(a,function(a){var b="";55296==(a&63488)&&j("ucs2encode");65535<a&&(a-=65536,b+=y(a>>>10&1023|55296),a=56320|a&1023);return b+=y(a)}).join("")}function r(e,
-c,k){for(var d=0,e=k?v(e/b):e>>1,e=e+v(e/c);e>w*q>>1;d+=n)e=v(e/w);return v(d+(w+1)*e/(e+a))}function t(a){var b=[],c=a.length,d,g=0,s=k,i=e,m,h,l,p,u;m=a.lastIndexOf(A);0>m&&(m=0);for(h=0;h<m;++h)128<=a.charCodeAt(h)&&j("not-basic"),b.push(a.charCodeAt(h));for(m=0<m?m+1:0;m<c;){h=g;d=1;for(l=n;;l+=n){m>=c&&j("invalid-input");p=a.charCodeAt(m++);p=10>p-48?p-22:26>p-65?p-65:26>p-97?p-97:n;(p>=n||p>v((x-g)/d))&&j("overflow");g+=p*d;u=l<=i?o:l>=i+q?q:l-i;if(p<u)break;p=n-u;d>v(x/p)&&j("overflow");d*=
-p}d=b.length+1;i=r(g-h,d,0==h);v(g/d)>x-s&&j("overflow");s+=v(g/d);g%=d;b.splice(g++,0,s)}return f(b)}function g(a){var b,c,d,g,f,s,m,h,l,p=[],u,t,w,a=i(a);u=a.length;b=k;c=0;f=e;for(s=0;s<u;++s)l=a[s],128>l&&p.push(y(l));for((d=g=p.length)&&p.push(A);d<u;){m=x;for(s=0;s<u;++s)l=a[s],l>=b&&l<m&&(m=l);t=d+1;m-b>v((x-c)/t)&&j("overflow");c+=(m-b)*t;b=m;for(s=0;s<u;++s)if(l=a[s],l<b&&++c>x&&j("overflow"),l==b){h=c;for(m=n;;m+=n){l=m<=f?o:m>=f+q?q:m-f;if(h<l)break;w=h-l;h=n-l;p.push(y(l+w%h+22+75*(26>
-l+w%h)-0));h=v(w/h)}p.push(y(h+22+75*(26>h)-0));f=r(c,t,d==g);c=0;++d}++c;++b}return p.join("")}var c,m="function"==typeof define&&"object"==typeof define.amd&&define.amd&&define,l="object"==typeof exports&&exports,p="object"==typeof module&&module,x=2147483647,n=36,o=1,q=26,a=38,b=700,e=72,k=128,A="-",s=/[^ -~]/,u=/^xn--/,B={overflow:"Overflow: input needs wider integers to process.",ucs2decode:"UCS-2(decode): illegal sequence",ucs2encode:"UCS-2(encode): illegal value","not-basic":"Illegal input >= 0x80 (not a basic code point)",
-"invalid-input":"Invalid input"},w=n-o,v=Math.floor,y=String.fromCharCode,z;c={version:"0.3.0",ucs2:{decode:i,encode:f},decode:t,encode:g,toASCII:function(a){return h(a.split("."),function(a){return s.test(a)?"xn--"+g(a):a}).join(".")},toUnicode:function(a){return h(a.split("."),function(a){return u.test(a)?t(a.slice(4).toLowerCase()):a}).join(".")}};if(l)if(p&&p.exports==l)p.exports=c;else for(z in c)c.hasOwnProperty(z)&&(l[z]=c[z]);else m?define("punycode",c):d.punycode=c})(this);
-(function(){var d={list:{ac:"com|gov|mil|net|org",ae:"ac|co|gov|mil|name|net|org|pro|sch",af:"com|edu|gov|net|org",al:"com|edu|gov|mil|net|org",ao:"co|ed|gv|it|og|pb",ar:"com|edu|gob|gov|int|mil|net|org|tur",at:"ac|co|gv|or",au:"asn|com|csiro|edu|gov|id|net|org",ba:"co|com|edu|gov|mil|net|org|rs|unbi|unmo|unsa|untz|unze",bb:"biz|co|com|edu|gov|info|net|org|store|tv",bh:"biz|cc|com|edu|gov|info|net|org",bn:"com|edu|gov|net|org",bo:"com|edu|gob|gov|int|mil|net|org|tv",br:"adm|adv|agr|am|arq|art|ato|b|bio|blog|bmd|cim|cng|cnt|com|coop|ecn|edu|eng|esp|etc|eti|far|flog|fm|fnd|fot|fst|g12|ggf|gov|imb|ind|inf|jor|jus|lel|mat|med|mil|mus|net|nom|not|ntr|odo|org|ppg|pro|psc|psi|qsl|rec|slg|srv|tmp|trd|tur|tv|vet|vlog|wiki|zlg",
-bs:"com|edu|gov|net|org",bz:"du|et|om|ov|rg",ca:"ab|bc|mb|nb|nf|nl|ns|nt|nu|on|pe|qc|sk|yk",ck:"biz|co|edu|gen|gov|info|net|org",cn:"ac|ah|bj|com|cq|edu|fj|gd|gov|gs|gx|gz|ha|hb|he|hi|hl|hn|jl|js|jx|ln|mil|net|nm|nx|org|qh|sc|sd|sh|sn|sx|tj|tw|xj|xz|yn|zj",co:"com|edu|gov|mil|net|nom|org",cr:"ac|c|co|ed|fi|go|or|sa",cy:"ac|biz|com|ekloges|gov|ltd|name|net|org|parliament|press|pro|tm","do":"art|com|edu|gob|gov|mil|net|org|sld|web",dz:"art|asso|com|edu|gov|net|org|pol",ec:"com|edu|fin|gov|info|med|mil|net|org|pro",
-eg:"com|edu|eun|gov|mil|name|net|org|sci",er:"com|edu|gov|ind|mil|net|org|rochest|w",es:"com|edu|gob|nom|org",et:"biz|com|edu|gov|info|name|net|org",fj:"ac|biz|com|info|mil|name|net|org|pro",fk:"ac|co|gov|net|nom|org",fr:"asso|com|f|gouv|nom|prd|presse|tm",gg:"co|net|org",gh:"com|edu|gov|mil|org",gn:"ac|com|gov|net|org",gr:"com|edu|gov|mil|net|org",gt:"com|edu|gob|ind|mil|net|org",gu:"com|edu|gov|net|org",hk:"com|edu|gov|idv|net|org",id:"ac|co|go|mil|net|or|sch|web",il:"ac|co|gov|idf|k12|muni|net|org",
-"in":"ac|co|edu|ernet|firm|gen|gov|i|ind|mil|net|nic|org|res",iq:"com|edu|gov|i|mil|net|org",ir:"ac|co|dnssec|gov|i|id|net|org|sch",it:"edu|gov",je:"co|net|org",jo:"com|edu|gov|mil|name|net|org|sch",jp:"ac|ad|co|ed|go|gr|lg|ne|or",ke:"ac|co|go|info|me|mobi|ne|or|sc",kh:"com|edu|gov|mil|net|org|per",ki:"biz|com|de|edu|gov|info|mob|net|org|tel",km:"asso|com|coop|edu|gouv|k|medecin|mil|nom|notaires|pharmaciens|presse|tm|veterinaire",kn:"edu|gov|net|org",kr:"ac|busan|chungbuk|chungnam|co|daegu|daejeon|es|gangwon|go|gwangju|gyeongbuk|gyeonggi|gyeongnam|hs|incheon|jeju|jeonbuk|jeonnam|k|kg|mil|ms|ne|or|pe|re|sc|seoul|ulsan",
-kw:"com|edu|gov|net|org",ky:"com|edu|gov|net|org",kz:"com|edu|gov|mil|net|org",lb:"com|edu|gov|net|org",lk:"assn|com|edu|gov|grp|hotel|int|ltd|net|ngo|org|sch|soc|web",lr:"com|edu|gov|net|org",lv:"asn|com|conf|edu|gov|id|mil|net|org",ly:"com|edu|gov|id|med|net|org|plc|sch",ma:"ac|co|gov|m|net|org|press",mc:"asso|tm",me:"ac|co|edu|gov|its|net|org|priv",mg:"com|edu|gov|mil|nom|org|prd|tm",mk:"com|edu|gov|inf|name|net|org|pro",ml:"com|edu|gov|net|org|presse",mn:"edu|gov|org",mo:"com|edu|gov|net|org",
-mt:"com|edu|gov|net|org",mv:"aero|biz|com|coop|edu|gov|info|int|mil|museum|name|net|org|pro",mw:"ac|co|com|coop|edu|gov|int|museum|net|org",mx:"com|edu|gob|net|org",my:"com|edu|gov|mil|name|net|org|sch",nf:"arts|com|firm|info|net|other|per|rec|store|web",ng:"biz|com|edu|gov|mil|mobi|name|net|org|sch",ni:"ac|co|com|edu|gob|mil|net|nom|org",np:"com|edu|gov|mil|net|org",nr:"biz|com|edu|gov|info|net|org",om:"ac|biz|co|com|edu|gov|med|mil|museum|net|org|pro|sch",pe:"com|edu|gob|mil|net|nom|org|sld",ph:"com|edu|gov|i|mil|net|ngo|org",
-pk:"biz|com|edu|fam|gob|gok|gon|gop|gos|gov|net|org|web",pl:"art|bialystok|biz|com|edu|gda|gdansk|gorzow|gov|info|katowice|krakow|lodz|lublin|mil|net|ngo|olsztyn|org|poznan|pwr|radom|slupsk|szczecin|torun|warszawa|waw|wroc|wroclaw|zgora",pr:"ac|biz|com|edu|est|gov|info|isla|name|net|org|pro|prof",ps:"com|edu|gov|net|org|plo|sec",pw:"belau|co|ed|go|ne|or",ro:"arts|com|firm|info|nom|nt|org|rec|store|tm|www",rs:"ac|co|edu|gov|in|org",sb:"com|edu|gov|net|org",sc:"com|edu|gov|net|org",sh:"co|com|edu|gov|net|nom|org",
-sl:"com|edu|gov|net|org",st:"co|com|consulado|edu|embaixada|gov|mil|net|org|principe|saotome|store",sv:"com|edu|gob|org|red",sz:"ac|co|org",tr:"av|bbs|bel|biz|com|dr|edu|gen|gov|info|k12|name|net|org|pol|tel|tsk|tv|web",tt:"aero|biz|cat|co|com|coop|edu|gov|info|int|jobs|mil|mobi|museum|name|net|org|pro|tel|travel",tw:"club|com|ebiz|edu|game|gov|idv|mil|net|org",mu:"ac|co|com|gov|net|or|org",mz:"ac|co|edu|gov|org",na:"co|com",nz:"ac|co|cri|geek|gen|govt|health|iwi|maori|mil|net|org|parliament|school",
-pa:"abo|ac|com|edu|gob|ing|med|net|nom|org|sld",pt:"com|edu|gov|int|net|nome|org|publ",py:"com|edu|gov|mil|net|org",qa:"com|edu|gov|mil|net|org",re:"asso|com|nom",ru:"ac|adygeya|altai|amur|arkhangelsk|astrakhan|bashkiria|belgorod|bir|bryansk|buryatia|cbg|chel|chelyabinsk|chita|chukotka|chuvashia|com|dagestan|e-burg|edu|gov|grozny|int|irkutsk|ivanovo|izhevsk|jar|joshkar-ola|kalmykia|kaluga|kamchatka|karelia|kazan|kchr|kemerovo|khabarovsk|khakassia|khv|kirov|koenig|komi|kostroma|kranoyarsk|kuban|kurgan|kursk|lipetsk|magadan|mari|mari-el|marine|mil|mordovia|mosreg|msk|murmansk|nalchik|net|nnov|nov|novosibirsk|nsk|omsk|orenburg|org|oryol|penza|perm|pp|pskov|ptz|rnd|ryazan|sakhalin|samara|saratov|simbirsk|smolensk|spb|stavropol|stv|surgut|tambov|tatarstan|tom|tomsk|tsaritsyn|tsk|tula|tuva|tver|tyumen|udm|udmurtia|ulan-ude|vladikavkaz|vladimir|vladivostok|volgograd|vologda|voronezh|vrn|vyatka|yakutia|yamal|yekaterinburg|yuzhno-sakhalinsk",
-rw:"ac|co|com|edu|gouv|gov|int|mil|net",sa:"com|edu|gov|med|net|org|pub|sch",sd:"com|edu|gov|info|med|net|org|tv",se:"a|ac|b|bd|c|d|e|f|g|h|i|k|l|m|n|o|org|p|parti|pp|press|r|s|t|tm|u|w|x|y|z",sg:"com|edu|gov|idn|net|org|per",sn:"art|com|edu|gouv|org|perso|univ",sy:"com|edu|gov|mil|net|news|org",th:"ac|co|go|in|mi|net|or",tj:"ac|biz|co|com|edu|go|gov|info|int|mil|name|net|nic|org|test|web",tn:"agrinet|com|defense|edunet|ens|fin|gov|ind|info|intl|mincom|nat|net|org|perso|rnrt|rns|rnu|tourism",tz:"ac|co|go|ne|or",
-ua:"biz|cherkassy|chernigov|chernovtsy|ck|cn|co|com|crimea|cv|dn|dnepropetrovsk|donetsk|dp|edu|gov|if|in|ivano-frankivsk|kh|kharkov|kherson|khmelnitskiy|kiev|kirovograd|km|kr|ks|kv|lg|lugansk|lutsk|lviv|me|mk|net|nikolaev|od|odessa|org|pl|poltava|pp|rovno|rv|sebastopol|sumy|te|ternopil|uzhgorod|vinnica|vn|zaporizhzhe|zhitomir|zp|zt",ug:"ac|co|go|ne|or|org|sc",uk:"ac|bl|british-library|co|cym|gov|govt|icnet|jet|lea|ltd|me|mil|mod|national-library-scotland|nel|net|nhs|nic|nls|org|orgn|parliament|plc|police|sch|scot|soc",
-us:"dni|fed|isa|kids|nsn",uy:"com|edu|gub|mil|net|org",ve:"co|com|edu|gob|info|mil|net|org|web",vi:"co|com|k12|net|org",vn:"ac|biz|com|edu|gov|health|info|int|name|net|org|pro",ye:"co|com|gov|ltd|me|net|org|plc",yu:"ac|co|edu|gov|org",za:"ac|agric|alt|bourse|city|co|cybernet|db|edu|gov|grondar|iaccess|imt|inca|landesign|law|mil|net|ngo|nis|nom|olivetti|org|pix|school|tm|web",zm:"ac|co|com|edu|gov|net|org|sch"},has_expression:null,is_expression:null,has:function(j){return!!j.match(d.has_expression)},
-is:function(j){return!!j.match(d.is_expression)},get:function(j){return(j=j.match(d.has_expression))&&j[1]||null},init:function(){var j="",h;for(h in d.list)Object.prototype.hasOwnProperty.call(d.list,h)&&(j+="|("+("("+d.list[h]+")."+h)+")");d.has_expression=RegExp("\\.("+j.substr(1)+")$","i");d.is_expression=RegExp("^("+j.substr(1)+")$","i")}};d.init();"undefined"!==typeof module&&module.exports?module.exports=d:window.SecondLevelDomains=d})();
-(function(d){function j(a){return a.replace(/([.*+?^=!:${}()|[\]\/\\])/g,"\\$1")}function h(a){return"[object Array]"===String(Object.prototype.toString.call(a))}function i(a){return encodeURIComponent(a).replace(/[!'()*]/g,escape)}var f="undefined"!==typeof module&&module.exports,r=f?require("./punycode"):window.punycode,t=f?require("./IPv6"):window.IPv6,g=f?require("./SecondLevelDomains"):window.SecondLevelDomains,c=function(a,b){if(!(this instanceof c))return new c(a,b);a===d&&(a="undefined"!==
-typeof location?location.href+"":"");this.href(a);return b!==d?this.absoluteTo(b):this},f=c.prototype;c.idn_expression=/[^a-z0-9\.-]/i;c.punycode_expression=/(xn--)/i;c.ip4_expression=/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/;c.ip6_expression=/^\s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?\s*$/;
-c.find_uri_expression=/\b((?:[a-z][\w-]+:(?:\/{1,3}|[a-z0-9%])|www\d{0,3}[.]|[a-z0-9.\-]+[.][a-z]{2,4}\/)(?:[^\s()<>]+|\(([^\s()<>]+|(\([^\s()<>]+\)))*\))+(?:\(([^\s()<>]+|(\([^\s()<>]+\)))*\)|[^\s`!()\[\]{};:'".,<>?\u00ab\u00bb\u201c\u201d\u2018\u2019]))/ig;c.defaultPorts={http:"80",https:"443",ftp:"21"};c.invalid_hostname_characters=/[^a-zA-Z0-9\.-]/;c.encode=i;c.decode=decodeURIComponent;c.iso8859=function(){c.encode=escape;c.decode=unescape};c.unicode=function(){c.encode=i;c.decode=decodeURIComponent};
-c.characters={pathname:{encode:{expression:/%(24|26|2B|2C|3B|3D|3A|40)/ig,map:{"%24":"$","%26":"&","%2B":"+","%2C":",","%3B":";","%3D":"=","%3A":":","%40":"@"}},decode:{expression:/[\/\?#]/g,map:{"/":"%2F","?":"%3F","#":"%23"}}},reserved:{encode:{expression:/%(21|23|24|26|27|28|29|2A|2B|2C|2F|3A|3B|3D|3F|40|5B|5D)/ig,map:{"%3A":":","%2F":"/","%3F":"?","%23":"#","%5B":"[","%5D":"]","%40":"@","%21":"!","%24":"$","%26":"&","%27":"'","%28":"(","%29":")","%2A":"*","%2B":"+","%2C":",","%3B":";","%3D":"="}}}};
-c.encodeQuery=function(a){return c.encode(a+"").replace(/%20/g,"+")};c.decodeQuery=function(a){return c.decode((a+"").replace(/\+/g,"%20"))};c.recodePath=function(a){for(var a=(a+"").split("/"),b=0,e=a.length;b<e;b++)a[b]=c.encodePathSegment(c.decode(a[b]));return a.join("/")};c.decodePath=function(a){for(var a=(a+"").split("/"),b=0,e=a.length;b<e;b++)a[b]=c.decodePathSegment(a[b]);return a.join("/")};var m={encode:"encode",decode:"decode"},l,p=function(a,b){return function(e){return c[b](e+"").replace(c.characters[a][b].expression,
-function(e){return c.characters[a][b].map[e]})}};for(l in m)c[l+"PathSegment"]=p("pathname",m[l]);c.encodeReserved=p("reserved","encode");c.parse=function(a){var b,e={};b=a.indexOf("#");-1<b&&(e.fragment=a.substring(b+1)||null,a=a.substring(0,b));b=a.indexOf("?");-1<b&&(e.query=a.substring(b+1)||null,a=a.substring(0,b));"//"===a.substring(0,2)?(e.protocol="",a=a.substring(2),a=c.parseAuthority(a,e)):(b=a.indexOf(":"),-1<b&&(e.protocol=a.substring(0,b),"//"===a.substring(b+1,b+3)?(a=a.substring(b+
-3),a=c.parseAuthority(a,e)):(a=a.substring(b+1),e.urn=!0)));e.path=a;return e};c.parseHost=function(a,b){var e=a.indexOf("/"),c;-1===e&&(e=a.length);"["===a[0]?(c=a.indexOf("]"),b.hostname=a.substring(1,c)||null,b.port=a.substring(c+2,e)||null):a.indexOf(":")!==a.lastIndexOf(":")?(b.hostname=a.substring(0,e)||null,b.port=null):(c=a.substring(0,e).split(":"),b.hostname=c[0]||null,b.port=c[1]||null);b.hostname&&"/"!==a.substring(e)[0]&&(e++,a="/"+a);return a.substring(e)||"/"};c.parseAuthority=function(a,
-b){a=c.parseUserinfo(a,b);return c.parseHost(a,b)};c.parseUserinfo=function(a,b){var e=a.indexOf("@"),k=a.indexOf("/");-1<e&&(-1===k||e<k)?(k=a.substring(0,e).split(":"),b.username=k[0]?c.decode(k[0]):null,b.password=k[1]?c.decode(k[1]):null,a=a.substring(e+1)):(b.username=null,b.password=null);return a};c.parseQuery=function(a){if(!a)return{};a=a.replace(/&+/g,"&").replace(/^\?*&*|&+$/g,"");if(!a)return{};for(var b={},a=a.split("&"),e=a.length,k=0;k<e;k++){var d=a[k].split("="),g=c.decodeQuery(d.shift()),
-d=d.length?c.decodeQuery(d.join("=")):null;b[g]?("string"===typeof b[g]&&(b[g]=[b[g]]),b[g].push(d)):b[g]=d}return b};c.build=function(a){var b="";a.protocol&&(b+=a.protocol+":");if(!a.urn&&(b||a.hostname))b+="//";b+=c.buildAuthority(a)||"";"string"===typeof a.path&&("/"!==a.path[0]&&"string"===typeof a.hostname&&(b+="/"),b+=a.path);"string"===typeof a.query&&(b+="?"+a.query);"string"===typeof a.fragment&&(b+="#"+a.fragment);return b};c.buildHost=function(a){var b="";if(a.hostname)c.ip6_expression.test(a.hostname)?
-b=a.port?b+("["+a.hostname+"]:"+a.port):b+a.hostname:(b+=a.hostname,a.port&&(b+=":"+a.port));else return"";return b};c.buildAuthority=function(a){return c.buildUserinfo(a)+c.buildHost(a)};c.buildUserinfo=function(a){var b="";a.username&&(b+=c.encode(a.username),a.password&&(b+=":"+c.encode(a.password)),b+="@");return b};c.buildQuery=function(a,b){var e="",k;for(k in a)if(Object.hasOwnProperty.call(a,k)&&k)if(h(a[k]))for(var g={},f=0,m=a[k].length;f<m;f++)a[k][f]!==d&&g[a[k][f]+""]===d&&(e+="&"+c.buildQueryParameter(k,
-a[k][f]),!0!==b&&(g[a[k][f]+""]=!0));else a[k]!==d&&(e+="&"+c.buildQueryParameter(k,a[k]));return e.substring(1)};c.buildQueryParameter=function(a,b){return c.encodeQuery(a)+(null!==b?"="+c.encodeQuery(b):"")};c.addQuery=function(a,b,e){if("object"===typeof b)for(var k in b)Object.prototype.hasOwnProperty.call(b,k)&&c.addQuery(a,k,b[k]);else if("string"===typeof b)a[b]===d?a[b]=e:("string"===typeof a[b]&&(a[b]=[a[b]]),h(e)||(e=[e]),a[b]=a[b].concat(e));else throw new TypeError("URI.addQuery() accepts an object, string as the name parameter");
-};c.removeQuery=function(a,b,e){if(h(b))for(var e=0,k=b.length;e<k;e++)a[b[e]]=d;else if("object"===typeof b)for(k in b)Object.prototype.hasOwnProperty.call(b,k)&&c.removeQuery(a,k,b[k]);else if("string"===typeof b)if(e!==d)if(a[b]===e)a[b]=d;else{if(h(a[b])){var k=a[b],g={},f,m;if(h(e)){f=0;for(m=e.length;f<m;f++)g[e[f]]=!0}else g[e]=!0;f=0;for(m=k.length;f<m;f++)g[k[f]]!==d&&(k.splice(f,1),m--,f--);a[b]=k}}else a[b]=d;else throw new TypeError("URI.addQuery() accepts an object, string as the first parameter");
-};c.commonPath=function(a,b){var e=Math.min(a.length,b.length),c;for(c=0;c<e;c++)if(a[c]!==b[c]){c--;break}if(1>c)return a[0]===b[0]&&"/"===a[0]?"/":"";"/"!==a[c]&&(c=a.substring(0,c).lastIndexOf("/"));return a.substring(0,c+1)};c.withinString=function(a,b){return a.replace(c.find_uri_expression,b)};c.ensureValidHostname=function(a){if(a.match(c.invalid_hostname_characters)){if(!r)throw new TypeError("Hostname '"+a+"' contains characters other than [A-Z0-9.-] and Punycode.js is not available");if(r.toASCII(a).match(c.invalid_hostname_characters))throw new TypeError("Hostname '"+
-a+"' contains characters other than [A-Z0-9.-]");}};f.build=function(a){if(!0===a)this._deferred_build=!0;else if(a===d||this._deferred_build)this._string=c.build(this._parts),this._deferred_build=!1;return this};f.clone=function(){return new c(this)};f.toString=function(){return this.build(!1)._string};f.valueOf=function(){return this.toString()};m={protocol:"protocol",username:"username",password:"password",hostname:"hostname",port:"port"};p=function(a){return function(b,e){if(b===d)return this._parts[a]||
-"";this._parts[a]=b;this.build(!e);return this}};for(l in m)f[l]=p(m[l]);m={query:"?",fragment:"#"};p=function(a,b){return function(e,c){if(e===d)return this._parts[a]||"";null!==e&&(e+="",e[0]===b&&(e=e.substring(1)));this._parts[a]=e;this.build(!c);return this}};for(l in m)f[l]=p(l,m[l]);m={search:["?","query"],hash:["#","fragment"]};p=function(a,b){return function(c,k){var d=this[a](c,k);return"string"===typeof d&&d.length?b+d:d}};for(l in m)f[l]=p(m[l][1],m[l][0]);f.pathname=function(a,b){if(a===
-d||!0===a){var e=this._parts.path||(this._parts.urn?"":"/");return a?c.decodePath(e):e}this._parts.path=a?c.recodePath(a):"/";this.build(!b);return this};f.path=f.pathname;f.href=function(a,b){if(a===d)return this.toString();this._string="";this._parts={protocol:null,username:null,password:null,hostname:null,urn:null,port:null,path:null,query:null,fragment:null};var e=a instanceof c,k="object"===typeof a&&(a.hostname||a.path),g;if("string"===typeof a)this._parts=c.parse(a);else if(e||k)for(g in e=
-e?a._parts:a,e)Object.hasOwnProperty.call(this._parts,g)&&(this._parts[g]=e[g]);else throw new TypeError("invalid input");this.build(!b);return this};f.is=function(a){var b=!1,e=!1,d=!1,f=!1,m=!1,l=!1,h=!1,i=!this._parts.urn;this._parts.hostname&&(i=!1,e=c.ip4_expression.test(this._parts.hostname),d=c.ip6_expression.test(this._parts.hostname),b=e||d,m=(f=!b)&&g&&g.has(this._parts.hostname),l=f&&c.idn_expression.test(this._parts.hostname),h=f&&c.punycode_expression.test(this._parts.hostname));switch(a.toLowerCase()){case "relative":return i;
-case "absolute":return!i;case "domain":case "name":return f;case "sld":return m;case "ip":return b;case "ip4":case "ipv4":case "inet4":return e;case "ip6":case "ipv6":case "inet6":return d;case "idn":return l;case "url":return!this._parts.urn;case "urn":return!!this._parts.urn;case "punycode":return h}return null};var x=f.protocol,n=f.port,o=f.hostname;f.protocol=function(a,b){if(a!==d&&a&&(a=a.replace(/:(\/\/)?$/,""),a.match(/[^a-zA-z0-9\.+-]/)))throw new TypeError("Protocol '"+a+"' contains characters other than [A-Z0-9.+-]");
-return x.call(this,a,b)};f.scheme=f.protocol;f.port=function(a,b){if(this._parts.urn)return a===d?"":this;if(a!==d&&(0===a&&(a=null),a&&(a+="",":"===a[0]&&(a=a.substring(1)),a.match(/[^0-9]/))))throw new TypeError("Port '"+a+"' contains characters other than [0-9]");return n.call(this,a,b)};f.hostname=function(a,b){if(this._parts.urn)return a===d?"":this;if(a!==d){var e={};c.parseHost(a,e);a=e.hostname}return o.call(this,a,b)};f.host=function(a,b){if(this._parts.urn)return a===d?"":this;if(a===d)return this._parts.hostname?
-c.buildHost(this._parts):"";c.parseHost(a,this._parts);this.build(!b);return this};f.authority=function(a,b){if(this._parts.urn)return a===d?"":this;if(a===d)return this._parts.hostname?c.buildAuthority(this._parts):"";c.parseAuthority(a,this._parts);this.build(!b);return this};f.userinfo=function(a,b){if(this._parts.urn)return a===d?"":this;if(a===d){if(!this._parts.username)return"";var e=c.buildUserinfo(this._parts);return e.substring(0,e.length-1)}"@"!==a[a.length-1]&&(a+="@");c.parseUserinfo(a,
-this._parts);this.build(!b);return this};f.subdomain=function(a,b){if(this._parts.urn)return a===d?"":this;if(a===d){if(!this._parts.hostname||this.is("IP"))return"";var e=this._parts.hostname.length-this.domain().length-1;return this._parts.hostname.substring(0,e)||""}e=this._parts.hostname.length-this.domain().length;e=this._parts.hostname.substring(0,e);e=RegExp("^"+j(e));a&&"."!==a[a.length-1]&&(a+=".");a&&c.ensureValidHostname(a);this._parts.hostname=this._parts.hostname.replace(e,a);this.build(!b);
-return this};f.domain=function(a,b){if(this._parts.urn)return a===d?"":this;"boolean"===typeof a&&(b=a,a=d);if(a===d){if(!this._parts.hostname||this.is("IP"))return"";var e=this._parts.hostname.match(/\./g);if(e&&2>e.length)return this._parts.hostname;e=this._parts.hostname.length-this.tld(b).length-1;e=this._parts.hostname.lastIndexOf(".",e-1)+1;return this._parts.hostname.substring(e)||""}if(!a)throw new TypeError("cannot set domain empty");c.ensureValidHostname(a);!this._parts.hostname||this.is("IP")?
-this._parts.hostname=a:(e=RegExp(j(this.domain())+"$"),this._parts.hostname=this._parts.hostname.replace(e,a));this.build(!b);return this};f.tld=function(a,b){if(this._parts.urn)return a===d?"":this;"boolean"===typeof a&&(b=a,a=d);if(a===d){if(!this._parts.hostname||this.is("IP"))return"";var c=this._parts.hostname.lastIndexOf("."),c=this._parts.hostname.substring(c+1);return!0!==b&&g&&g.list[c.toLowerCase()]?g.get(this._parts.hostname)||c:c}if(a)if(a.match(/[^a-zA-Z0-9-]/))if(g&&g.is(a))c=RegExp(j(this.tld())+
-"$"),this._parts.hostname=this._parts.hostname.replace(c,a);else throw new TypeError("TLD '"+a+"' contains characters other than [A-Z0-9]");else{if(!this._parts.hostname||this.is("IP"))throw new ReferenceError("cannot set TLD on non-domain host");c=RegExp(j(this.tld())+"$");this._parts.hostname=this._parts.hostname.replace(c,a)}else throw new TypeError("cannot set TLD empty");this.build(!b);return this};f.directory=function(a,b){if(this._parts.urn)return a===d?"":this;if(a===d||!0===a){if(!this._parts.path&&
-!this._parts.hostname)return"";if("/"===this._parts.path)return"/";var e=this._parts.path.length-this.filename().length-1,e=this._parts.path.substring(0,e)||(this._parts.hostname?"/":"");return a?c.decodePath(e):e}e=this._parts.path.length-this.filename().length;e=this._parts.path.substring(0,e);e=RegExp("^"+j(e));this.is("relative")||(a||(a="/"),"/"!==a[0]&&(a="/"+a));a&&"/"!==a[a.length-1]&&(a+="/");a=c.recodePath(a);this._parts.path=this._parts.path.replace(e,a);this.build(!b);return this};f.filename=
-function(a,b){if(this._parts.urn)return a===d?"":this;if(a===d||!0===a){if(!this._parts.path||"/"===this._parts.path)return"";var e=this._parts.path.lastIndexOf("/"),e=this._parts.path.substring(e+1);return a?c.decodePathSegment(e):e}e=!1;"/"===a[0]&&(a=a.substring(1));a.match(/\.?\//)&&(e=!0);var k=RegExp(j(this.filename())+"$"),a=c.recodePath(a);this._parts.path=this._parts.path.replace(k,a);e?this.normalizePath(b):this.build(!b);return this};f.suffix=function(a,b){if(this._parts.urn)return a===
-d?"":this;if(a===d||!0===a){if(!this._parts.path||"/"===this._parts.path)return"";var e=this.filename(),k=e.lastIndexOf(".");if(-1===k)return"";e=e.substring(k+1);e=/^[a-z0-9%]+$/i.test(e)?e:"";return a?c.decodePathSegment(e):e}"."===a[0]&&(a=a.substring(1));if(e=this.suffix())k=a?RegExp(j(e)+"$"):RegExp(j("."+e)+"$");else{if(!a)return this;this._parts.path+="."+c.recodePath(a)}k&&(a=c.recodePath(a),this._parts.path=this._parts.path.replace(k,a));this.build(!b);return this};f.segment=function(a,b,
-c){var k=this._parts.urn?":":"/",g=this.path(),f="/"===g.substring(0,1),g=g.split(k);"number"!==typeof a&&(c=b,b=a,a=d);if(a!==d&&"number"!==typeof a)throw Error("Bad segment '"+a+"', must be 0-based integer");f&&g.shift();0>a&&(a=Math.max(g.length+a,0));if(b===d)return a===d?g:g[a];if(null===a||g[a]===d)if(h(b))g=b;else{if(b||"string"===typeof b&&b.length)""===g[g.length-1]?g[g.length-1]=b:g.push(b)}else b||"string"===typeof b&&b.length?g[a]=b:g.splice(a,1);f&&g.unshift("");return this.path(g.join(k),
-c)};var q=f.query;f.query=function(a,b){return!0===a?c.parseQuery(this._parts.query):a!==d&&"string"!==typeof a?(this._parts.query=c.buildQuery(a),this.build(!b),this):q.call(this,a,b)};f.addQuery=function(a,b,e){var d=c.parseQuery(this._parts.query);c.addQuery(d,a,b);this._parts.query=c.buildQuery(d);"string"!==typeof a&&(e=b);this.build(!e);return this};f.removeQuery=function(a,b,e){var d=c.parseQuery(this._parts.query);c.removeQuery(d,a,b);this._parts.query=c.buildQuery(d);"string"!==typeof a&&
-(e=b);this.build(!e);return this};f.addSearch=f.addQuery;f.removeSearch=f.removeQuery;f.normalize=function(){return this._parts.urn?this.normalizeProtocol(!1).normalizeQuery(!1).normalizeFragment(!1).build():this.normalizeProtocol(!1).normalizeHostname(!1).normalizePort(!1).normalizePath(!1).normalizeQuery(!1).normalizeFragment(!1).build()};f.normalizeProtocol=function(a){"string"===typeof this._parts.protocol&&(this._parts.protocol=this._parts.protocol.toLowerCase(),this.build(!a));return this};
-f.normalizeHostname=function(a){this._parts.hostname&&(this.is("IDN")&&r?this._parts.hostname=r.toASCII(this._parts.hostname):this.is("IPv6")&&t&&(this._parts.hostname=t.best(this._parts.hostname)),this._parts.hostname=this._parts.hostname.toLowerCase(),this.build(!a));return this};f.normalizePort=function(a){"string"===typeof this._parts.protocol&&this._parts.port===c.defaultPorts[this._parts.protocol]&&(this._parts.port=null,this.build(!a));return this};f.normalizePath=function(a){if(this._parts.urn||
-!this._parts.path||"/"===this._parts.path)return this;var b,e,d=this._parts.path,g,f;"/"!==d[0]&&("."===d[0]&&(e=d.substring(0,d.indexOf("/"))),b=!0,d="/"+d);for(d=d.replace(/(\/(\.\/)+)|\/{2,}/g,"/");;){g=d.indexOf("/../");if(-1===g)break;else if(0===g){d=d.substring(3);break}f=d.substring(0,g).lastIndexOf("/");-1===f&&(f=g);d=d.substring(0,f)+d.substring(g+3)}b&&this.is("relative")&&(d=e?e+d:d.substring(1));d=c.recodePath(d);this._parts.path=d;this.build(!a);return this};f.normalizePathname=f.normalizePath;
-f.normalizeQuery=function(a){"string"===typeof this._parts.query&&(this._parts.query.length?this.query(c.parseQuery(this._parts.query)):this._parts.query=null,this.build(!a));return this};f.normalizeFragment=function(a){this._parts.fragment||(this._parts.fragment=null,this.build(!a));return this};f.normalizeSearch=f.normalizeQuery;f.normalizeHash=f.normalizeFragment;f.iso8859=function(){var a=c.encode,b=c.decode;c.encode=escape;c.decode=decodeURIComponent;this.normalize();c.encode=a;c.decode=b;return this};
-f.unicode=function(){var a=c.encode,b=c.decode;c.encode=i;c.decode=unescape;this.normalize();c.encode=a;c.decode=b;return this};f.readable=function(){var a=this.clone();a.username("").password("").normalize();var b="";a._parts.protocol&&(b+=a._parts.protocol+"://");a._parts.hostname&&(a.is("punycode")&&r?(b+=r.toUnicode(a._parts.hostname),a._parts.port&&(b+=":"+a._parts.port)):b+=a.host());a._parts.hostname&&(a._parts.path&&"/"!==a._parts.path[0])&&(b+="/");b+=a.path(!0);if(a._parts.query){for(var e=
-"",g=0,f=a._parts.query.split("&"),m=f.length;g<m;g++){var l=(f[g]||"").split("="),e=e+("&"+c.decodeQuery(l[0]).replace(/&/g,"%26"));l[1]!==d&&(e+="="+c.decodeQuery(l[1]).replace(/&/g,"%26"))}b+="?"+e.substring(1)}return b+=a.hash()};f.absoluteTo=function(a){var b=this.clone(),e=["protocol","username","password","hostname","port"],d,g;if(this._parts.urn)throw Error("URNs do not have any generally defined hierachical components");if(this._parts.hostname)return b;a instanceof c||(a=new c(a));d=0;for(g;g=
-e[d];d++)b._parts[g]=a._parts[g];e=["query","path"];d=0;for(g;g=e[d];d++)!b._parts[g]&&a._parts[g]&&(b._parts[g]=a._parts[g]);"/"!==b.path()[0]&&(a=a.directory(),b._parts.path=(a?a+"/":"")+b._parts.path,b.normalizePath());b.build();return b};f.relativeTo=function(a){var b=this.clone(),e=["protocol","username","password","hostname","port"],d;if(this._parts.urn)throw Error("URNs do not have any generally defined hierachical components");a instanceof c||(a=new c(a));if("/"!==this.path()[0]||"/"!==a.path()[0])throw Error("Cannot calculate common path from non-relative URLs");
-d=c.commonPath(b.path(),a.path());for(var a=a.directory(),g=0,f;f=e[g];g++)b._parts[f]=null;if(!d||"/"===d)return b;if(a+"/"===d)b._parts.path="./"+b.filename();else{e="../";d=RegExp("^"+j(d));for(a=a.replace(d,"/").match(/\//g).length-1;a--;)e+="../";b._parts.path=b._parts.path.replace(d,e)}b.build();return b};f.equals=function(a){var b=this.clone(),e=new c(a),d={},g={},a={},f;b.normalize();e.normalize();if(b.toString()===e.toString())return!0;d=b.query();g=e.query();b.query("");e.query("");if(b.toString()!==
-e.toString()||d.length!==g.length)return!1;d=c.parseQuery(d);g=c.parseQuery(g);for(f in d)if(Object.prototype.hasOwnProperty.call(d,f)){if(h(d[f])){if(!h(g[f])||d[f].length!==g[f].length)return!1;d[f].sort();g[f].sort();b=0;for(e=d[f].length;b<e;b++)if(d[f][b]!==g[f][b])return!1}else if(d[f]!==g[f])return!1;a[f]=!0}for(f in g)if(Object.prototype.hasOwnProperty.call(g,f)&&!a[f])return!1;return!0};"undefined"!==typeof module&&module.exports?module.exports=c:window.URI=c})();
-(function(d){var j=Object.prototype.hasOwnProperty,h="undefined"!==typeof module&&module.exports?require("./URI"):window.URI,i=function(d){if(i._cache[d])return i._cache[d];if(!(this instanceof i))return new i(d);this.expression=d;i._cache[d]=this;return this},f=function(d){this.data=d;this.cache={}},r=i.prototype,t={"":{prefix:"",separator:",",named:!1,empty_name_separator:!1,encode:"encode"},"+":{prefix:"",separator:",",named:!1,empty_name_separator:!1,encode:"encodeReserved"},"#":{prefix:"#",separator:",",
-named:!1,empty_name_separator:!1,encode:"encodeReserved"},".":{prefix:".",separator:".",named:!1,empty_name_separator:!1,encode:"encode"},"/":{prefix:"/",separator:"/",named:!1,empty_name_separator:!1,encode:"encode"},";":{prefix:";",separator:";",named:!0,empty_name_separator:!1,encode:"encode"},"?":{prefix:"?",separator:"&",named:!0,empty_name_separator:!0,encode:"encode"},"&":{prefix:"&",separator:"&",named:!0,empty_name_separator:!0,encode:"encode"}};i._cache={};i.EXPRESSION_PATTERN=/\{([^a-zA-Z0-9%_]?)([^\}]+)(\}|$)/g;
-i.VARIABLE_PATTERN=/^([^*:]+)((\*)|:(\d+))?$/;i.VARIABLE_NAME_PATTERN=/[^a-zA-Z0-9%_]/;i.expand=function(d,c){var f=t[d.operator],l=f.named?"Named":"Unnamed",h=d.variables,j=[],n,o,q;for(q=0;o=h[q];q++)n=c.get(o.name),n.val.length?j.push(i["expand"+l](n,f,o.explode,o.explode&&f.separator||",",o.maxlength,o.name)):n.type&&j.push("");return j.length?f.prefix+j.join(f.separator):""};i.expandNamed=function(g,c,f,l,i,j){var n="",o=c.encode,c=c.empty_name_separator,q=!g[o].length,a=2===g.type?"":h[o](j),
-b,e,k;e=0;for(k=g.val.length;e<k;e++)(i?(b=h[o](g.val[e][1].substring(0,i)),2===g.type&&(a=h[o](g.val[e][0].substring(0,i)))):q?(b=h[o](g.val[e][1]),2===g.type?(a=h[o](g.val[e][0]),g[o].push([a,b])):g[o].push([d,b])):(b=g[o][e][1],2===g.type&&(a=g[o][e][0])),n&&(n+=l),f)?n+=a+(c||b?"=":"")+b:(e||(n+=h[o](j)+(c||b?"=":"")),2===g.type&&(n+=a+","),n+=b);return n};i.expandUnnamed=function(g,c,f,l,i){var j="",n=c.encode,c=c.empty_name_separator,o=!g[n].length,q,a,b,e;b=0;for(e=g.val.length;b<e;b++)i?a=
-h[n](g.val[b][1].substring(0,i)):o?(a=h[n](g.val[b][1]),g[n].push([2===g.type?h[n](g.val[b][0]):d,a])):a=g[n][b][1],j&&(j+=l),2===g.type&&(q=i?h[n](g.val[b][0].substring(0,i)):g[n][b][0],j+=q,j=f?j+(c||a?"=":""):j+","),j+=a;return j};r.expand=function(d){var c="";(!this.parts||!this.parts.length)&&this.parse();d instanceof f||(d=new f(d));for(var j=0,l=this.parts.length;j<l;j++)c+="string"===typeof this.parts[j]?this.parts[j]:i.expand(this.parts[j],d);return c};r.parse=function(){var d=this.expression,
-c=i.EXPRESSION_PATTERN,f=i.VARIABLE_PATTERN,j=i.VARIABLE_NAME_PATTERN,h=[],r=0,n,o,q;for(c.lastIndex=0;;){o=c.exec(d);if(null===o){h.push(d.substring(r));break}else h.push(d.substring(r,o.index)),r=o.index+o[0].length;if(t[o[1]]){if(!o[3])throw Error('Unclosed Expression "'+o[0]+'"');}else throw Error('Unknown Operator "'+o[1]+'" in "'+o[0]+'"');n=o[2].split(",");for(var a=0,b=n.length;a<b;a++){q=n[a].match(f);if(null===q)throw Error('Invalid Variable "'+n[a]+'" in "'+o[0]+'"');if(q[1].match(j))throw Error('Invalid Variable Name "'+
-q[1]+'" in "'+o[0]+'"');n[a]={name:q[1],explode:!!q[3],maxlength:q[4]&&parseInt(q[4],10)}}if(!n.length)throw Error('Expression Missing Variable(s) "'+o[0]+'"');h.push({expression:o[0],operator:o[1],variables:n})}h.length||h.push(d);this.parts=h;return this};f.prototype.get=function(f){var c=this.data,h={type:0,val:[],encode:[],encodeReserved:[]},i;if(this.cache[f]!==d)return this.cache[f];this.cache[f]=h;c="[object Function]"===String(Object.prototype.toString.call(c))?c(f):"[object Function]"===
-String(Object.prototype.toString.call(c[f]))?c[f](f):c[f];if(c===d||null===c)return h;if("[object Array]"===String(Object.prototype.toString.call(c))){i=0;for(f=c.length;i<f;i++)c[i]!==d&&null!==c[i]&&h.val.push([d,String(c[i])]);h.val.length&&(h.type=3)}else if("[object Object]"===String(Object.prototype.toString.call(c))){for(i in c)j.call(c,i)&&(c[i]!==d&&null!==c[i])&&h.val.push([i,String(c[i])]);h.val.length&&(h.type=2)}else h.type=1,h.val.push([d,String(c)]);return h};h.expand=function(d,c){var f=
-(new i(d)).expand(c);return new h(f)};"undefined"!==typeof module&&module.exports?module.exports=i:window.URITemplate=i})();
\ No newline at end of file
diff --git a/chromium/_locales/en/messages.json b/chromium/_locales/en/messages.json
deleted file mode 100644
index b67838d3c5b5..000000000000
--- a/chromium/_locales/en/messages.json
+++ /dev/null
@@ -1,117 +0,0 @@
-{
-    "about_title": {
-        "message": "About HTTPS Everywhere"
-    },
-    "about_ext_name": {
-        "message": "HTTPS Everywhere"
-    },
-    "about_ext_description": {
-        "message": "Encrypt the Web! Automatically use HTTPS security on many sites."
-    },
-    "about_version": {
-        "message": "Version"
-    },
-    "about_created_by": {
-        "message": "Created by"
-    },
-    "about_librarians": {
-        "message": "Ruleset Librarians"
-    },
-    "about_thanks": {
-        "message": "Thanks to"
-    },
-    "about_contribute": {
-        "message": "If you like HTTPS Everywhere, you might consider"
-    },
-    "about_donate_tor": {
-        "message": "Donating to Tor"
-    },
-    "about_tor_lang_code": {
-        "message": "en"
-    },
-    "about_donate_eff": {
-        "message": "Donating to EFF"
-    },
-    "menu_about": {
-        "message": "About HTTPS Everywhere"
-    },
-    "menu_observatory": {
-        "message": "SSL Observatory Preferences"
-    },
-    "menu_globalEnable": {
-        "message": "Enable HTTPS Everywhere"
-    },
-    "menu_globalDisable": {
-        "message": "Disable HTTPS Everywhere"
-    },
-    "prefs_title": {
-        "message": "HTTPS Everywhere Preferences"
-    },
-    "prefs_enable_all": {
-        "message": "Enable All"
-    },
-    "prefs_disable_all": {
-        "message": "Disable All"
-    },
-    "prefs_reset_defaults": {
-        "message": "Reset to Defaults"
-    },
-    "prefs_search": {
-        "message": "Search"
-    },
-    "prefs_site": {
-        "message": "Site"
-    },
-    "prefs_notes": {
-        "message": "Notes"
-    },
-    "prefs_list_caption": {
-        "message": "Which HTTPS redirection rules should apply?"
-    },
-    "prefs_enabled": {
-        "message": "Enabled"
-    },
-    "prefs_ruleset_howto": {
-        "message": "You can learn how to write your own rulesets (to add support for other web sites)"
-    },
-    "prefs_here_link": {
-        "message": "here"
-    },
-    "prefs_toggle": {
-        "message": "Toggle"
-    },
-    "prefs_reset_default": {
-        "message": "Reset to Default"
-    },
-    "prefs_view_xml_source": {
-        "message": "View XML Source"
-    },
-    "source_downloading": {
-        "message": "Downloading"
-    },
-    "source_filename": {
-        "message": "Filename"
-    },
-    "source_unable_to_download": {
-        "message": "Unable to download source."
-    },
-    "chrome_stable_rules": {
-        "message": "Stable rules"
-    },
-    "chrome_stable_rules_description": {
-        "message": "Force <a href=\"https://wikipedia.org/wiki/Transport_Layer_Security\" title=\"Wikipedia article about encryption\" target=\"_blank\" tabindex=\"-1\">encrypted</a> connections to these websites:"
-    },
-    "chrome_experimental_rules": {
-        "message": "Experimental rules"
-    },
-    "chrome_experimental_rules_description": {
-        "message": "May cause warnings or breakage. Disabled by default."
-    },
-    "chrome_what_is_this": {
-        "message": "What is this?"
-    },
-    "chrome_what_is_this_title": {
-        "message": "HTTPS Everywhere website"
-    }
-}
-
diff --git a/chromium/_locales/es/messages.json b/chromium/_locales/es/messages.json
deleted file mode 100644
index a897a7951ea5..000000000000
--- a/chromium/_locales/es/messages.json
+++ /dev/null
@@ -1,117 +0,0 @@
-{
-    "about_title": {
-        "message": "Acerca de HTTPS Everywhere"
-    },
-    "about_ext_name": {
-        "message": "HTTPS Everywhere"
-    },
-    "about_ext_description": {
-        "message": "¡Cifra la Web! Utiliza automáticamente la seguridad HTTPS en varios sitios."
-    },
-    "about_version": {
-        "message": "Versión"
-    },
-    "about_created_by": {
-        "message": "Creado por"
-    },
-    "about_librarians": {
-        "message": "Libreros de Grupos de Reglas"
-    },
-    "about_thanks": {
-        "message": "Agradecimientos para"
-    },
-    "about_contribute": {
-        "message": "Si le agrada HTTPS Everywhere, podría considerar"
-    },
-    "about_donate_tor": {
-        "message": "Donar a Tor"
-    },
-    "about_tor_lang_code": {
-        "message": "es"
-    },
-    "about_donate_eff": {
-        "message": "Donar a EFF"
-    },
-    "menu_about": {
-        "message": "Acerca de HTTPS Everywhere"
-    },
-    "menu_observatory": {
-        "message": "Opciones del Observatorio SSL"
-    },
-    "menu_globalEnable": {
-        "message": "Habilitar HTTPS Everywhere"
-    },
-    "menu_globalDisable": {
-        "message": "Deshabilitar HTTPS Everywhere"
-    },
-    "prefs_title": {
-        "message": "Preferencias de HTTPS Everywhere"
-    },
-    "prefs_enable_all": {
-        "message": "Habilitar Todo"
-    },
-    "prefs_disable_all": {
-        "message": "Deshabilitar Todo"
-    },
-    "prefs_reset_defaults": {
-        "message": "Restablecer Configuraciones por Defecto"
-    },
-    "prefs_search": {
-        "message": "Buscar"
-    },
-    "prefs_site": {
-        "message": "Sitio"
-    },
-    "prefs_notes": {
-        "message": "Notas"
-    },
-    "prefs_list_caption": {
-        "message": "¿Qué reglas de redirección de HTTPS deberían aplicarse?"
-    },
-    "prefs_enabled": {
-        "message": "Habilitado"
-    },
-    "prefs_ruleset_howto": {
-        "message": "Puede aprender a escribir sus propios grupos de reglas (para añadir soporte para otros sitios web)"
-    },
-    "prefs_here_link": {
-        "message": "aquí"
-    },
-    "prefs_toggle": {
-        "message": "Cambiar"
-    },
-    "prefs_reset_default": {
-        "message": "Restablecer Configuración por Defecto"
-    },
-    "prefs_view_xml_source": {
-        "message": "Ver Código XML"
-    },
-    "source_downloading": {
-        "message": "Descargando"
-    },
-    "source_filename": {
-        "message": "Nombre del archivo"
-    },
-    "source_unable_to_download": {
-        "message": "No fue posible descargar el código."
-    },
-    "chrome_stable_rules": {
-        "message": "Reglas estables"
-    },
-    "chrome_stable_rules_description": {
-        "message": "Forzar conexiones <a href=\"https://es.wikipedia.org/wiki/Transport_Layer_Security\" title=\"Artículo de Wikipedia sobre el cifrado\" target=\"_blank\" tabindex=\"-1\">cifradas</a> a estos sitios web:"
-    },
-    "chrome_experimental_rules": {
-        "message": "Reglas experimentales"
-    },
-    "chrome_experimental_rules_description": {
-        "message": "Puede causar advertencias o roturas. Desactivado de forma predeterminada."
-    },
-    "chrome_what_is_this": {
-        "message": "¿Qué es esto?"
-    },
-    "chrome_what_is_this_title": {
-        "message": "HTTPS Everywhere sitio web"
-    }
-}
-
diff --git a/chromium/_locales/fi/messages.json b/chromium/_locales/fi/messages.json
deleted file mode 100644
index e391014f65f4..000000000000
--- a/chromium/_locales/fi/messages.json
+++ /dev/null
@@ -1,26 +0,0 @@
-{
-    "about_ext_name": {
-        "message": "HTTPS Everywhere"
-    },
-    "about_ext_description": {
-        "message": "Salaa Web! Käytä automaattisesti HTTPS-suojausta useilla sivustoilla."
-    },
-    "chrome_stable_rules": {
-        "message": "Vakaat säännöt"
-    },
-    "chrome_stable_rules_description": {
-        "message": "Pakota näiden sivustojen yhteydet <a href=\"https://fi.wikipedia.org/wiki/TLS\" title=\"Wikipedia-artikkeli salauksesta\" target=\"_blank\" tabindex=\"-1\">salatuiksi</a>:"
-    },
-    "chrome_experimental_rules": {
-        "message": "Kokeelliset säännöt"
-    },
-    "chrome_experimental_rules_description": {
-        "message": "Saattavat aiheuttaa varoituksia tai rikkoutumisia. Oletusarvoisesti poissa päältä."
-    },
-    "chrome_what_is_this": {
-        "message": "Mikä tämä on?"
-    },
-    "chrome_what_is_this_title": {
-        "message": "HTTPS Everywhere -sivusto"
-    }
-}
diff --git a/chromium/background-scripts/background.js b/chromium/background-scripts/background.js
new file mode 100644
index 000000000000..331e6dc22432
--- /dev/null
+++ b/chromium/background-scripts/background.js
@@ -0,0 +1,976 @@
+"use strict";
+
+(function(exports) {
+
+const rules = require('./rules'),
+  store = require('./store'),
+  incognito = require('./incognito'),
+  util = require('./util'),
+  update = require('./update'),
+  { update_channels } = require('./update_channels'),
+  wasm = require('./wasm'),
+  ipUtils = require('./ip_utils'),
+  ssl_codes = require('./ssl_codes');
+
+let all_rules = new rules.RuleSets();
+let blooms = [];
+
+async function initialize() {
+  await wasm.initialize();
+  await store.initialize();
+  await store.performMigrations();
+  await initializeStoredGlobals();
+  await getUpgradeToSecureAvailable();
+  await update.initialize(store, initializeAllRules);
+  await all_rules.loadFromBrowserStorage(store, update.applyStoredRulesets);
+  await update.applyStoredBlooms(blooms);
+  await incognito.onIncognitoDestruction(destroy_caches);
+}
+initialize();
+
+async function initializeAllRules() {
+  const r = new rules.RuleSets();
+  await r.loadFromBrowserStorage(store, update.applyStoredRulesets);
+  Object.assign(all_rules, r);
+  blooms.length = 0;
+  await update.applyStoredBlooms(blooms);
+}
+
+/**
+ * Load preferences. Structure is:
+ *  {
+ *    httpNowhere: Boolean,
+ *    isExtensionEnabled: Boolean
+ *  }
+ */
+var httpNowhereOn = false;
+var isExtensionEnabled = true;
+let disabledList = new Set();
+let httpOnceList = new Set();
+
+/**
+ * Check if HTTPS Everywhere should be ON for host
+ */
+function isExtensionDisabledOnSite(host) {
+  // make sure the host is not matched in the httpOnceList
+  if (httpOnceList.has(host)) {
+    return true;
+  }
+
+  // make sure the host is not matched in the disabledList
+  if (disabledList.has(host)) {
+    return true;
+  }
+
+  // make sure the host is matched by any wildcard expressions in the disabledList
+  const experessions = util.getWildcardExpressions(host);
+  for (const expression of experessions) {
+    if (disabledList.has(expression)) {
+      return true;
+    }
+  }
+
+  // otherwise return false
+  return false;
+}
+
+function initializeStoredGlobals() {
+  return new Promise(resolve => {
+    store.get({
+      httpNowhere: false,
+      globalEnabled: true,
+      enableMixedRulesets: false,
+      disabledList: []
+    }, function(item) {
+      httpNowhereOn = item.httpNowhere;
+      isExtensionEnabled = item.globalEnabled;
+      for (let disabledSite of item.disabledList) {
+        disabledList.add(disabledSite);
+      }
+      updateState();
+
+      rules.settings.enableMixedRulesets = item.enableMixedRulesets;
+
+      resolve();
+    });
+  });
+}
+
+/** @type {boolean} */
+let upgradeToSecureAvailable = false;
+
+function getUpgradeToSecureAvailable() {
+  if (typeof browser !== 'undefined') {
+    return browser.runtime.getBrowserInfo().then(function(info) {
+      let version = info.version.match(/^(\d+)/)[1];
+      if (info.name == "Firefox" && version >= 59) {
+        upgradeToSecureAvailable = true;
+      } else {
+        upgradeToSecureAvailable = false;
+      }
+    });
+  } else {
+    return new Promise(resolve => {
+      upgradeToSecureAvailable = false;
+      resolve();
+    });
+  }
+}
+
+chrome.storage.onChanged.addListener(async function(changes, areaName) {
+  if (areaName === 'sync' || areaName === 'local') {
+    if ('httpNowhere' in changes) {
+      httpNowhereOn = changes.httpNowhere.newValue;
+      updateState();
+    }
+    if ('globalEnabled' in changes) {
+      isExtensionEnabled = changes.globalEnabled.newValue;
+      updateState();
+    }
+    if ('enableMixedRulesets' in changes) {
+      // Don't require users to restart the browsers
+      rules.settings.enableMixedRulesets = changes.enableMixedRulesets.newValue;
+      initializeAllRules();
+    }
+    if ('debugging_rulesets' in changes) {
+      initializeAllRules();
+    }
+  }
+});
+
+if (chrome.tabs) {
+  chrome.tabs.onActivated.addListener(function() {
+    updateState();
+  });
+}
+if (chrome.windows) {
+  chrome.windows.onFocusChanged.addListener(function() {
+    updateState();
+  });
+
+  // Grant access to HTTP site only during session, clear once window is closed
+  chrome.windows.onRemoved.addListener(function() {
+    chrome.windows.getAll({}, function(windows) {
+      if(windows.length > 0) {
+        return;
+      } else {
+        httpOnceList.clear();
+      }
+    });
+  });
+
+}
+chrome.webNavigation.onCompleted.addListener(function() {
+  updateState();
+});
+
+/**
+ * Set the icon color correctly
+ * active: extension is enabled.
+ * blocking: extension is in "block all HTTP requests" mode.
+ * disabled: extension is disabled from the popup menu.
+ */
+
+function updateState () {
+  if (!chrome.tabs) return;
+
+  let iconState = 'active';
+
+  if (!isExtensionEnabled) {
+    iconState = 'disabled';
+  } else if (httpNowhereOn) {
+    iconState = 'blocking';
+  }
+
+  chrome.browserAction.setTitle({
+    title: 'HTTPS Everywhere' + ((iconState === 'active') ? '' : ' (' + iconState + ')')
+  });
+
+  const chromeUrl = 'chrome://';
+
+  chrome.tabs.query({ active: true, currentWindow: true, status: 'complete' }, function(tabs) {
+    if (!tabs || tabs.length === 0 || tabs[0].url.startsWith(chromeUrl) ) {
+      return;
+    }
+
+    // tabUrl.host instead of hostname should be used to show the "disabled" status properly (#19293)
+    const tabUrl = new URL(tabs[0].url);
+    const host = util.getNormalisedHostname(tabUrl.host);
+
+    if (isExtensionDisabledOnSite(host) || iconState == "disabled") {
+      if ('setIcon' in chrome.browserAction) {
+        chrome.browserAction.setIcon({
+          path: {
+            38: 'images/icons/icon-disabled-38.png'
+          }
+        });
+      }
+    } else {
+      if ('setIcon' in chrome.browserAction) {
+        chrome.browserAction.setIcon({
+          path: {
+            38: 'images/icons/icon-' + iconState + '-38.png'
+          }
+        });
+      }
+    }
+  });
+}
+
+/**
+ * The following allows fennec to interact with the popup ui
+ * */
+chrome.browserAction.onClicked.addListener(e => {
+  const url = chrome.runtime.getURL("/pages/popup/index.html?tabId=" + e.id);
+  chrome.tabs.create({
+    url
+  });
+});
+
+/**
+ * A centralized storage for browsing data within the browser session.
+ */
+function BrowserSession() {
+  this.tabs = new Map();
+  this.requests = new Map();
+
+  if (chrome.tabs) {
+    chrome.tabs.onRemoved.addListener(tabId => {
+      this.deleteTab(tabId);
+    });
+  }
+}
+
+BrowserSession.prototype = {
+  putTab: function(tabId, key, value, overwrite) {
+    if (!this.tabs.has(tabId)) {
+      this.tabs.set(tabId, {});
+    }
+
+    if (!(key in this.tabs.get(tabId)) || overwrite) {
+      this.tabs.get(tabId)[key] = value;
+    }
+  },
+
+  getTab: function(tabId, key, defaultValue) {
+    if (this.tabs.has(tabId) && key in this.tabs.get(tabId)) {
+      return this.tabs.get(tabId)[key];
+    }
+    return defaultValue;
+  },
+
+  deleteTab: function(tabId) {
+    if (this.tabs.has(tabId)) {
+      this.tabs.delete(tabId);
+    }
+  },
+
+  putTabAppliedRulesets: function(tabId, type, ruleset) {
+    this.putTab(tabId, "main_frame", false, false);
+
+    // always show main_frame ruleset on the top
+    if (type == "main_frame") {
+      this.putTab(tabId, "main_frame", true, true);
+      this.putTab(tabId, "applied_rulesets", [ruleset,], true);
+      return ;
+    }
+
+    // sort by ruleset names alphabetically, case-insensitive
+    if (this.getTab(tabId, "applied_rulesets", null)) {
+      let rulesets = this.getTab(tabId, "applied_rulesets", null);
+      let insertIndex = 0;
+
+      const ruleset_name = ruleset.name.toLowerCase();
+
+      for (const item of rulesets) {
+        const item_name = item.name.toLowerCase();
+
+        if (item_name == ruleset_name) {
+          return ;
+        } else if (insertIndex == 0 && this.getTab(tabId, "main_frame", false)) {
+          insertIndex = 1;
+        } else if (item_name < ruleset_name) {
+          insertIndex++;
+        }
+      }
+      rulesets.splice(insertIndex, 0, ruleset);
+    } else {
+      this.putTab(tabId, "applied_rulesets", [ruleset,], true);
+    }
+  },
+
+  getTabAppliedRulesets: function(tabId) {
+    return this.getTab(tabId, "applied_rulesets", null);
+  },
+
+  putRequest: function(requestId, key, value) {
+    if (!this.requests.has(requestId)) {
+      this.requests.set(requestId, {});
+    }
+    this.requests.get(requestId)[key] = value;
+  },
+
+  getRequest: function(requestId, key, defaultValue) {
+    if (this.requests.has(requestId) && key in this.requests.get(requestId)) {
+      return this.requests.get(requestId)[key];
+    }
+    return defaultValue;
+  },
+
+  deleteRequest: function(requestId) {
+    if (this.requests.has(requestId)) {
+      this.requests.delete(requestId);
+    }
+  }
+};
+
+let browserSession = new BrowserSession();
+
+var urlBlacklist = new Set();
+
+const cancelUrl = chrome.runtime.getURL("/pages/cancel/index.html");
+
+function redirectOnCancel(shouldCancel, originURL) {
+  return shouldCancel ? {redirectUrl: newCancelUrl(originURL)} : {cancel: false};
+}
+
+const newCancelUrl = originURL => `${cancelUrl}?originURL=${encodeURIComponent(originURL)}`;
+
+/**
+ * Called before a HTTP(s) request. Does the heavy lifting
+ * Cancels the request/redirects it to HTTPS. URL modification happens in here.
+ * @param details of the handler, see Chrome doc
+ * */
+function onBeforeRequest(details) {
+  // If HTTPSe has been disabled by the user, return immediately.
+  if (!isExtensionEnabled) {
+    return;
+  }
+
+  let uri = new URL(details.url);
+
+  // Normalise hosts with tailing dots, e.g. "www.example.com."
+  uri.hostname = util.getNormalisedHostname(uri.hostname);
+
+  let ip = ipUtils.parseIp(uri.hostname);
+
+  let isLocalIp = false;
+
+  if (ip !== -1) {
+    isLocalIp = ipUtils.isLocalIp(ip);
+  }
+
+  if (details.type == "main_frame") {
+    // Clear the content from previous browser session.
+    // This needed to be done before this listener returns,
+    // otherwise, the extension popup might include rulesets
+    // from previous page.
+    browserSession.deleteTab(details.tabId);
+
+    // Check if an user has disabled HTTPS Everywhere on this site.  We should
+    // ensure that all subresources are not run through HTTPS Everywhere as well.
+    browserSession.putTab(details.tabId, 'first_party_host', uri.host, true);
+  }
+
+  if (isExtensionDisabledOnSite(browserSession.getTab(details.tabId, 'first_party_host', null))) {
+    return;
+  }
+
+  // Should the request be canceled?
+  // true if the URL is a http:// connection to a remote canonical host, and not
+  // a tor hidden service
+  const shouldCancel = httpNowhereOn &&
+    (uri.protocol === 'http:' || uri.protocol === 'ftp:') &&
+    uri.hostname.slice(-6) !== '.onion' &&
+    uri.hostname !== 'localhost' &&
+    !uri.hostname.endsWith('.localhost') &&
+    uri.hostname !== '[::1]' &&
+    !isLocalIp;
+
+  // If there is a username / password, put them aside during the ruleset
+  // analysis process
+  let using_credentials_in_url = false;
+  let tmp_user;
+  let tmp_pass;
+  if (uri.password || uri.username) {
+    using_credentials_in_url = true;
+    tmp_user = uri.username;
+    tmp_pass = uri.password;
+    uri.username = '';
+    uri.password = '';
+  }
+
+  if (details.url != uri.href && !using_credentials_in_url) {
+    util.log(util.INFO, "Original url " + details.url +
+        " changed before processing to " + uri.href);
+  }
+  if (urlBlacklist.has(uri.href)) {
+    return redirectOnCancel(shouldCancel, details.url);
+  }
+
+  if (browserSession.getRequest(details.requestId, "redirect_count", 0) >= 8) {
+    util.log(util.NOTE, "Redirect counter hit for " + uri.href);
+    urlBlacklist.add(uri.href);
+    rules.settings.domainBlacklist.add(uri.hostname);
+    util.log(util.WARN, "Domain blacklisted " + uri.hostname);
+    return redirectOnCancel(shouldCancel, details.url);
+  }
+
+  // whether to use mozilla's upgradeToSecure BlockingResponse if available
+  let upgradeToSecure = false;
+  let newuristr = null;
+
+  let potentiallyApplicable = all_rules.potentiallyApplicableRulesets(uri.hostname);
+
+  for (let ruleset of potentiallyApplicable) {
+    if (details.url.match(ruleset.scope)) {
+      browserSession.putTabAppliedRulesets(details.tabId, details.type, ruleset);
+      if (ruleset.active && !newuristr) {
+        newuristr = ruleset.apply(uri.href);
+      }
+    }
+  }
+
+  if (newuristr == null && blooms.length > 0 && uri.protocol === 'http:') {
+    for(let bloom of blooms) {
+      if(bloom.check(uri.hostname)) {
+        newuristr = uri.href.replace(/^http:/, "https:");
+        break;
+      }
+    }
+  }
+
+  // only use upgradeToSecure for trivial rewrites
+  if (upgradeToSecureAvailable && newuristr) {
+    // check rewritten URIs against the trivially upgraded URI
+    const trivialUpgradeUri = uri.href.replace(/^http:/, "https:");
+    upgradeToSecure = (newuristr == trivialUpgradeUri);
+  }
+
+  // re-insert userpass info which was stripped temporarily
+  if (using_credentials_in_url) {
+    if (newuristr) {
+      const uri_with_credentials = new URL(newuristr);
+      uri_with_credentials.username = tmp_user;
+      uri_with_credentials.password = tmp_pass;
+      newuristr = uri_with_credentials.href;
+    } else {
+      const url_with_credentials = new URL(uri.href);
+      url_with_credentials.username = tmp_user;
+      url_with_credentials.password = tmp_pass;
+      uri.href = url_with_credentials.href;
+    }
+  }
+
+  if (httpNowhereOn) {
+    // If loading a main frame, try the HTTPS version as an alternative to
+    // failing.
+    if (shouldCancel) {
+      if (!newuristr) {
+        newuristr = uri.href.replace(/^http:/, "https:");
+        browserSession.putRequest(details.requestId, "simple_http_nowhere_redirect", true);
+        upgradeToSecure = true;
+      } else {
+        newuristr = newuristr.replace(/^http:/, "https:");
+      }
+    }
+    if (
+      newuristr &&
+      (
+        newuristr.substring(0, 5) === "http:" ||
+        newuristr.substring(0, 4) === "ftp:"
+      )
+    ) {
+      // Abort early if we're about to redirect to HTTP or FTP in HTTP Nowhere mode
+      return {redirectUrl: newCancelUrl(newuristr)};
+    }
+  }
+
+  if (upgradeToSecureAvailable && upgradeToSecure) {
+    util.log(util.INFO, 'onBeforeRequest returning upgradeToSecure: true');
+    return {upgradeToSecure: true};
+  } else if (newuristr) {
+    util.log(util.INFO, 'onBeforeRequest returning redirectUrl: ' + newuristr);
+    return {redirectUrl: newuristr};
+  } else {
+    util.log(util.INFO, 'onBeforeRequest returning shouldCancel: ' + shouldCancel);
+    return redirectOnCancel(shouldCancel, details.url);
+  }
+}
+
+/**
+ * monitor cookie changes. Automatically convert them to secure cookies
+ * @param changeInfo Cookie changed info, see Chrome doc
+ * */
+function onCookieChanged(changeInfo) {
+  if (!changeInfo.removed && !changeInfo.cookie.secure && isExtensionEnabled) {
+    if (all_rules.shouldSecureCookie(changeInfo.cookie)) {
+      let cookie = {
+        name:changeInfo.cookie.name,
+        value:changeInfo.cookie.value,
+        path:changeInfo.cookie.path,
+        httpOnly:changeInfo.cookie.httpOnly,
+        expirationDate:changeInfo.cookie.expirationDate,
+        storeId:changeInfo.cookie.storeId,
+        secure: true
+      };
+
+      // Host-only cookies don't set the domain field.
+      if (!changeInfo.cookie.hostOnly) {
+        cookie.domain = changeInfo.cookie.domain;
+      }
+
+      // Chromium cookie sameSite status, see https://tools.ietf.org/html/draft-west-first-party-cookies
+      if (changeInfo.cookie.sameSite) {
+        cookie.sameSite = changeInfo.cookie.sameSite;
+      }
+
+      // Firefox first-party isolation
+      if (changeInfo.cookie.firstPartyDomain) {
+        cookie.firstPartyDomain = changeInfo.cookie.firstPartyDomain;
+      }
+
+      // The cookie API is magical -- we must recreate the URL from the domain and path.
+      if (changeInfo.cookie.domain[0] == ".") {
+        cookie.url = "https://www" + changeInfo.cookie.domain + cookie.path;
+      } else {
+        cookie.url = "https://" + changeInfo.cookie.domain + cookie.path;
+      }
+      // We get repeated events for some cookies because sites change their
+      // value repeatedly and remove the "secure" flag.
+      util.log(util.DBUG,
+        "Securing cookie " + cookie.name + " for " + changeInfo.cookie.domain + ", was secure=" + changeInfo.cookie.secure);
+      chrome.cookies.set(cookie);
+    }
+  }
+}
+
+/**
+ * handling redirects, breaking loops
+ * @param details details for the redirect (see chrome doc)
+ * */
+function onBeforeRedirect(details) {
+  // Catch redirect loops (ignoring about:blank, etc. caused by other extensions)
+  let prefix = details.redirectUrl.substring(0, 5);
+  if (prefix === "http:" || prefix === "https") {
+    let count = browserSession.getRequest(details.requestId, "redirect_count", 0);
+    if (count) {
+      browserSession.putRequest(details.requestId, "redirect_count", count + 1);
+      util.log(util.DBUG, "Got redirect id " + details.requestId + ": "+count);
+    } else {
+      browserSession.putRequest(details.requestId, "redirect_count", 1);
+    }
+  }
+}
+
+/**
+ * handle webrequest.onCompleted, cleanup redirectCounter
+ * @param details details for the chrome.webRequest (see chrome doc)
+ */
+function onCompleted(details) {
+  browserSession.deleteRequest(details.requestId);
+}
+
+/**
+ * handle webrequest.onErrorOccurred, cleanup redirectCounter
+ * @param details details for the chrome.webRequest (see chrome doc)
+ */
+function onErrorOccurred(details) {
+  if (httpNowhereOn &&
+    details.type == "main_frame" &&
+    browserSession.getRequest(details.requestId, "simple_http_nowhere_redirect", false) &&
+    // Enumerate errors that are likely due to HTTPS misconfigurations
+    ssl_codes.error_list.some(message => details.error.includes(message))
+  ) {
+    let url = new URL(details.url);
+    if (url.protocol == "https:") {
+      url.protocol = "http:";
+    }
+    chrome.tabs.update(details.tabId, {url: newCancelUrl(url.toString())});
+  }
+
+  browserSession.deleteRequest(details.requestId);
+}
+
+/**
+ * handle webrequest.onHeadersReceived, insert upgrade-insecure-requests directive and
+ * rewrite access-control-allow-origin if presented in HTTP Nowhere mode
+ * @param details details for the chrome.webRequest (see chrome doc)
+ */
+function onHeadersReceived(details) {
+  if (isExtensionEnabled && httpNowhereOn) {
+    // Do not upgrade the .onion requests in EASE mode,
+    // See https://github.com/EFForg/https-everywhere/pull/14600#discussion_r168072480
+    const uri = new URL(details.url);
+    const hostname = util.getNormalisedHostname(uri.hostname);
+    if (hostname.slice(-6) == '.onion') {
+      return {};
+    }
+
+    // Do not upgrade resources if the first-party domain disbled EASE mode
+    // This is needed for HTTPS sites serve mixed content and is broken
+    if (isExtensionDisabledOnSite(browserSession.getTab(details.tabId, 'first_party_host', null))) {
+      return {};
+    }
+
+    let responseHeadersChanged = false;
+    let cspHeaderFound = false;
+
+    for (const idx in details.responseHeaders) {
+      if (details.responseHeaders[idx].name.match(/Content-Security-Policy/i)) {
+        // Existing CSP headers found
+        cspHeaderFound = true;
+        const value = details.responseHeaders[idx].value;
+
+        // Prepend if no upgrade-insecure-requests directive exists
+        if (!value.match(/upgrade-insecure-requests/i)) {
+          details.responseHeaders[idx].value = "upgrade-insecure-requests; " + value;
+          responseHeadersChanged = true;
+        }
+      }
+
+      if (details.responseHeaders[idx].name.match(/Access-Control-Allow-Origin/i)) {
+        // Existing access-control-allow-origin header found
+        const value = details.responseHeaders[idx].value;
+
+        // If HTTP protocol is used, change it to HTTPS
+        if (value.match(/http:/)) {
+          details.responseHeaders[idx].value = value.replace(/http:/g, "https:");
+          responseHeadersChanged = true;
+        }
+      }
+    }
+
+    if (!cspHeaderFound) {
+      // CSP headers not found
+      const upgradeInsecureRequests = {
+        name: 'Content-Security-Policy',
+        value: 'upgrade-insecure-requests'
+      };
+      details.responseHeaders.push(upgradeInsecureRequests);
+      responseHeadersChanged = true;
+    }
+
+    if (responseHeadersChanged) {
+      return {responseHeaders: details.responseHeaders};
+    }
+  }
+  return {};
+}
+
+// Registers the handler for requests
+// See: https://github.com/EFForg/https-everywhere/issues/10039
+chrome.webRequest.onBeforeRequest.addListener(onBeforeRequest, {urls: ["*://*/*", "ftp://*/*"]}, ["blocking"]);
+
+// Try to catch redirect loops on URLs we've redirected to HTTPS.
+chrome.webRequest.onBeforeRedirect.addListener(onBeforeRedirect, {urls: ["https://*/*"]});
+
+// Cleanup redirectCounter if necessary
+chrome.webRequest.onCompleted.addListener(onCompleted, {urls: ["*://*/*"]});
+
+// Cleanup redirectCounter if necessary
+chrome.webRequest.onErrorOccurred.addListener(onErrorOccurred, {urls: ["*://*/*"]});
+
+// Insert upgrade-insecure-requests directive in httpNowhere mode
+chrome.webRequest.onHeadersReceived.addListener(onHeadersReceived, {urls: ["https://*/*"]}, ["blocking", "responseHeaders"]);
+
+// Listen for cookies set/updated and secure them if applicable. This function is async/nonblocking.
+chrome.cookies.onChanged.addListener(onCookieChanged);
+
+// This is necessary for communication with the popup in Firefox Private
+// Browsing Mode, see https://bugzilla.mozilla.org/show_bug.cgi?id=1329304
+chrome.runtime.onMessage.addListener(function(message, sender, sendResponse) {
+
+  function get_update_channels_generic(update_channels) {
+    let last_updated_promises = [];
+    for(let update_channel of update_channels) {
+      last_updated_promises.push(new Promise(resolve => {
+        store.local.get({['uc-timestamp: ' + update_channel.name]: 0}, item => {
+          resolve([update_channel.name, item['uc-timestamp: ' + update_channel.name]]);
+        });
+      }));
+    }
+    Promise.all(last_updated_promises).then(results => {
+      const last_updated = results.reduce((obj, item) => {
+        obj[item[0]] = item[1];
+        return obj;
+      }, {});
+      sendResponse({update_channels, last_updated});
+    });
+  }
+
+  function storeDisabledList(message) {
+
+    const disabledListArray = Array.from(disabledList);
+    const httpOnceListArray = Array.from(httpOnceList);
+
+    if (message === 'once') {
+      store.set({httpOnceList: httpOnceListArray}, () => {
+        sendResponse(true);
+      });
+    } else {
+      store.set({disabledList: disabledListArray}, () => {
+        sendResponse(true);
+      });
+    }
+
+    return true;
+  }
+
+  const responses = {
+    get_option: () => {
+      store.get(message.object, sendResponse);
+      return true;
+    },
+    set_option: () => {
+      store.set(message.object, item => {
+        if (sendResponse) {
+          sendResponse(item);
+        }
+      });
+    },
+    delete_from_ruleset_cache: () => {
+      all_rules.ruleCache.delete(message.object);
+    },
+    get_applied_rulesets: () => {
+      sendResponse(browserSession.getTabAppliedRulesets(message.object));
+      return true;
+    },
+    set_ruleset_active_status: () => {
+      let rulesets = browserSession.getTabAppliedRulesets(message.object.tab_id);
+
+      for (let ruleset of rulesets) {
+        if (ruleset.name == message.object.name) {
+          ruleset.active = message.object.active;
+          if (ruleset.default_state == message.object.active) {
+            message.object.active = undefined;
+          }
+          break;
+        }
+      }
+
+      all_rules.setRuleActiveState(message.object.name, message.object.active).then(() => {
+        sendResponse(true);
+      });
+
+      return true;
+    },
+    reset_to_defaults: () => {
+      // restore the 'default states' of the rulesets
+      store.set_promise('ruleActiveStates', {}).then(() => {
+        // clear the caches such that it becomes stateless
+        destroy_caches();
+        // re-activate all rules according to the new states
+        initializeAllRules();
+        // reload tabs when operations completed
+        chrome.tabs.reload();
+      });
+    },
+    get_user_rules: () => {
+      store.get_promise(all_rules.USER_RULE_KEY, []).then(userRules => sendResponse(userRules));
+      return true;
+    },
+    add_new_rule: () => {
+      all_rules.addNewRuleAndStore(message.object).then(() => {
+        sendResponse(true);
+      });
+      return true;
+    },
+    remove_rule: () => {
+      all_rules.removeRuleAndStore(message.object.ruleset, message.object.src)
+        .then(() => {
+          /**
+           * FIXME: initializeAllRules is needed for calls from the option pages.
+           * Since message.object is not of type Ruleset, rules.removeUserRule
+           * is not usable...
+           */
+          if (message.object.src === 'options') {
+            return initializeAllRules();
+          }
+        })
+        .then(() => {
+          if (sendResponse !== null) {
+            sendResponse(true);
+          }
+        });
+      return true;
+    },
+    get_update_channel_timestamps: () => {
+      update.getUpdateChannelTimestamps().then(timestamps => sendResponse(timestamps));
+      return true;
+    },
+    get_pinned_update_channels: () => {
+      get_update_channels_generic(update_channels);
+      return true;
+    },
+    get_stored_update_channels: () => {
+      store.get({update_channels: []}, item => {
+        get_update_channels_generic(item.update_channels);
+      });
+      return true;
+    },
+    create_update_channel: () => {
+
+      store.get({update_channels: []}, item => {
+
+        const update_channel_names = update_channels.concat(item.update_channels).reduce((obj, item) => {
+          obj.add(item.name);
+          return obj;
+        }, new Set());
+
+        if(update_channel_names.has(message.object)) {
+          return sendResponse(false);
+        }
+
+        item.update_channels.push({
+          name: message.object,
+          jwk: {},
+          update_path_prefix: '',
+          scope: ''
+        });
+
+        store.set({update_channels: item.update_channels}, () => {
+          sendResponse(true);
+        });
+
+      });
+      return true;
+    },
+    delete_update_channel: () => {
+      store.get({update_channels: []}, item => {
+        store.set({update_channels: item.update_channels.filter(update_channel => {
+          return (update_channel.name != message.object);
+        })}, () => {
+          store.local.remove([
+            'uc-timestamp: ' + message.object,
+            'uc-stored-timestamp: ' + message.object,
+            'rulesets: ' + message.object,
+            'bloom: ' + message.object,
+            'bloom_bitmap_bits: ' + message.object,
+            'bloom_k_num: ' + message.object,
+            'bloom_sip_keys_0_0: ' + message.object,
+            'bloom_sip_keys_0_1: ' + message.object,
+            'bloom_sip_keys_1_0: ' + message.object,
+            'bloom_sip_keys_1_1: ' + message.object,
+          ], () => {
+            initializeAllRules();
+            sendResponse(true);
+          });
+        });
+      });
+      return true;
+    },
+    update_update_channel: () => {
+      store.get({update_channels: []}, item => {
+        let scope_changed = false;
+        item.update_channels = item.update_channels.map(update_channel => {
+          if(update_channel.name == message.object.name) {
+            if(update_channel.scope != message.object.scope) {
+              scope_changed = true;
+            }
+            update_channel = message.object;
+          }
+          return update_channel;
+        });
+
+        // Ensure that we check for new rulesets from the update channel immediately.
+        // If the scope has changed, make sure that the rulesets are re-initialized.
+        update.removeStorageListener();
+        store.set({update_channels: item.update_channels}, () => {
+          update.loadUpdateChannelsKeys().then(() => {
+            update.resetTimer();
+            if(scope_changed) {
+              initializeAllRules();
+            }
+            sendResponse(true);
+          });
+          update.addStorageListener();
+        });
+      });
+      return true;
+    },
+    get_simple_rules_ending_with: () => {
+      return sendResponse(all_rules.getSimpleRulesEndingWith(message.object));
+    },
+    get_last_checked: () => {
+      store.local.get({'last-checked': false}, item => {
+        sendResponse(item['last-checked']);
+      });
+      return true;
+    },
+    disable_on_site_once: () => {
+      httpOnceList.add(message.object);
+      return storeDisabledList('once');
+    },
+    disable_on_site: () => {
+      const host = util.getNormalisedHostname(message.object);
+      // always validate hostname before adding it to the disabled list
+      if (util.isValidHostname(host)) {
+        disabledList.add(host);
+        return storeDisabledList('disable');
+      }
+      return sendResponse(false);
+    },
+    enable_on_site: () => {
+      disabledList.delete(util.getNormalisedHostname(message.object));
+      return storeDisabledList('enable');
+    },
+    check_if_site_disabled: () => {
+      return sendResponse(isExtensionDisabledOnSite(util.getNormalisedHostname(message.object)));
+    },
+    is_firefox: () => {
+      if(typeof(browser) != "undefined") {
+        browser.runtime.getBrowserInfo().then(function(info) {
+          if (info.name == "Firefox") {
+            sendResponse(true);
+          } else {
+            sendResponse(false);
+          }
+        });
+      } else {
+        sendResponse(false);
+      }
+      return true;
+    }
+  };
+  if (message.type in responses) {
+    return responses[message.type]();
+  }
+});
+
+/**
+ * @description Notify users about extension sunsetting in January 2023 and instructions turn on HTTPS natively
+ * @link https://www.eff.org/deeplinks/2021/09/https-actually-everywhere
+ */
+chrome.runtime.onInstalled.addListener(async ({reason, temporary}) => {
+  if (temporary) return;
+  switch (reason) {
+  case "install":
+  case "update":
+    {
+      const url = "https://www.eff.org/https-everywhere/set-https-default-your-browser";
+      await chrome.tabs.create({ active : false, url: url });
+    }
+    break;
+  }
+});
+
+/**
+ * Clear any cache/ blacklist we have.
+ */
+function destroy_caches() {
+  util.log(util.DBUG, "Destroying caches.");
+  all_rules.cookieHostCache.clear();
+  all_rules.ruleCache.clear();
+  rules.settings.domainBlacklist.clear();
+  urlBlacklist.clear();
+  httpOnceList.clear();
+}
+
+Object.assign(exports, {
+  all_rules,
+  blooms,
+  urlBlacklist
+});
+
+})(typeof exports == 'undefined' ? require.scopes.background = {} : exports);
diff --git a/chromium/background-scripts/bootstrap.js b/chromium/background-scripts/bootstrap.js
new file mode 100644
index 000000000000..65d7a7a24ebf
--- /dev/null
+++ b/chromium/background-scripts/bootstrap.js
@@ -0,0 +1,9 @@
+"use strict";
+
+function require(module) {
+  if (module.startsWith('./') && require.scopes.hasOwnProperty(module.slice(2))) {
+    return require.scopes[module.slice(2)];
+  }
+  throw new Error('module: ' + module + ' not found.');
+}
+require.scopes = {};
diff --git a/chromium/background-scripts/incognito.js b/chromium/background-scripts/incognito.js
new file mode 100644
index 000000000000..7d4bc815c729
--- /dev/null
+++ b/chromium/background-scripts/incognito.js
@@ -0,0 +1,73 @@
+"use strict";
+
+(function(exports) {
+
+// This file keeps track of incognito sessions, and clears any caches after
+// an entire incognito session is closed (i.e. all incognito windows are closed).
+
+let state = {
+  incognito_session_exists: false,
+};
+
+function Incognito(onIncognitoDestruction) {
+  Object.assign(this, {onIncognitoDestruction});
+  // Listen to window creation, so we can detect if an incognito window is created
+  if (chrome.windows) {
+    chrome.windows.onCreated.addListener(this.detect_incognito_creation);
+  }
+
+  // Listen to window destruction, so we can clear caches if all incognito windows are destroyed
+  if (chrome.windows) {
+    chrome.windows.onRemoved.addListener(this.detect_incognito_destruction);
+  }
+}
+
+Incognito.prototype = {
+  /**
+   * Detect if an incognito session is created, so we can clear caches when it's destroyed.
+   *
+   * @param window: A standard Window object.
+   */
+  detect_incognito_creation: function(window_) {
+    if (window_.incognito === true) {
+      state.incognito_session_exists = true;
+    }
+  },
+
+  // If a window is destroyed, and an incognito session existed, see if it still does.
+  detect_incognito_destruction: async function() {
+    if (state.incognito_session_exists) {
+      if (!(await any_incognito_windows())) {
+        state.incognito_session_exists = false;
+        this.onIncognitoDestruction();
+      }
+    }
+  },
+};
+
+/**
+ * Check if any incognito window still exists
+ */
+function any_incognito_windows() {
+  return new Promise(resolve => {
+    chrome.windows.getAll(arrayOfWindows => {
+      for (let window_ of arrayOfWindows) {
+        if (window_.incognito === true) {
+          return resolve(true);
+        }
+      }
+      resolve(false);
+    });
+  });
+}
+
+function onIncognitoDestruction(callback) {
+  return new Incognito(callback);
+};
+
+Object.assign(exports, {
+  onIncognitoDestruction,
+  state,
+});
+
+})(typeof exports == 'undefined' ? require.scopes.incognito = {} : exports);
diff --git a/chromium/background-scripts/ip_utils.js b/chromium/background-scripts/ip_utils.js
new file mode 100644
index 000000000000..90e0b1a44530
--- /dev/null
+++ b/chromium/background-scripts/ip_utils.js
@@ -0,0 +1,71 @@
+'use strict';
+
+(function (exports) {
+
+/**
+ * Parse and convert literal IP address into numerical IP address.
+ * @param {string} ip
+ * @returns {number}
+ */
+const parseIp = ip => {
+  if (!/^[0-9.]+$/.test(ip)) {
+    return -1;
+  }
+
+  /** @type {string[]} */
+  const octets = ip.split('.');
+
+  if (octets.length !== 4) {
+    return -1;
+  }
+
+  let ipN = 0;
+
+  for (const octet of octets) {
+    if (octet === '') {
+      return -1;
+    }
+
+    const octetN = parseInt(octet);
+
+    if (octetN < 0 || octetN > 255) {
+      return -1;
+    }
+
+    ipN = (ipN << 8) | octetN;
+  }
+
+  return ipN >>> 0;
+};
+
+/**
+ * Check if the numeric IP address is within a certain range.
+ * @param {number} ip
+ * @param {number[]} range
+ * @returns {boolean}
+ */
+const isIpInRange = (ip, [rangeIp, mask]) => (ip & mask) >>> 0 === rangeIp;
+
+// A list of local IP address ranges
+const localRanges = [
+  [/* 0.0.0.0         */ 0x00000000, /* 255.255.255.255 */ 0xffffffff],
+  [/* 127.0.0.0       */ 0x7f000000, /* 255.0.0.0       */ 0xff000000],
+  [/* 10.0.0.0        */ 0x0a000000, /* 255.0.0.0       */ 0xff000000],
+  [/* 172.16.0.0      */ 0xac100000, /* 255.240.0.0     */ 0xfff00000],
+  [/* 192.168.0.0     */ 0xc0a80000, /* 255.255.0.0     */ 0xffff0000],
+];
+
+/**
+ * Check if the numeric IP address is inside the local IP address ranges.
+ * @param {number} ip
+ * @returns {boolean}
+ */
+const isLocalIp = ip => localRanges.some(range => isIpInRange(ip, range));
+
+Object.assign(exports, {
+  parseIp,
+  isIpInRange,
+  isLocalIp
+});
+
+})(typeof exports !== 'undefined' ? exports : require.scopes.ip_utils = {});
diff --git a/chromium/background-scripts/modules/ssl_codes.js b/chromium/background-scripts/modules/ssl_codes.js
new file mode 100644
index 000000000000..ed955ec8355a
--- /dev/null
+++ b/chromium/background-scripts/modules/ssl_codes.js
@@ -0,0 +1,48 @@
+"use strict";
+
+/**
+ * @exports error_list
+ * @type {array}
+ * @description A list of known SSL config errors to filter through and not try to upgrade the user
+ * @see
+ * Chrome SSL errors: https://github.com/chromium/chromium/blob/master/components/domain_reliability/util.cc
+ * Firefox SSL Errors: https://hg.mozilla.org/releases/mozilla-release/file/tip/security/manager/locales/en-US/chrome/pipnss/nsserrors.properties
+ */
+
+(function (exports) {
+
+const error_list = [
+  "net::ERR_SSL_PROTOCOL_ERROR",
+  "net::ERR_SSL_VERSION_OR_CIPHER_MISMATCH",
+  "net::ERR_SSL_UNRECOGNIZED_NAME_ALERT",
+  "net::ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN",
+  "net::ERR_CERT_COMMON_NAME_INVALID",
+  "net::ERR_CERT_DATE_INVALID",
+  "net::ERR_CERT_AUTHORITY_INVALID",
+  "net::ERR_CERT_REVOKED",
+  "net::ERR_CERT_INVALID",
+  "net::ERR_CONNECTION_CLOSED",
+  "net::ERR_CONNECTION_RESET",
+  "net::ERR_CONNECTION_REFUSED",
+  "net::ERR_CONNECTION_ABORTED",
+  "net::ERR_CONNECTION_FAILED",
+  "net::ERR_ABORTED", ,
+  "NS_ERROR_CONNECTION_REFUSED",
+  "NS_ERROR_NET_ON_TLS_HANDSHAKE_ENDED",
+  "NS_BINDING_ABORTED",
+  "SSL received a record that exceeded the maximum permissible length.",
+  "Peer’s Certificate has expired.",
+  "Unable to communicate securely with peer: requested domain name does not match the server’s certificate.",
+  "Peer’s Certificate issuer is not recognized.",
+  "Peer’s Certificate has been revoked.",
+  "Peer reports it experienced an internal error.",
+  "The server uses key pinning (HPKP) but no trusted certificate chain could be constructed that matches the pinset. Key pinning violations cannot be overridden.",
+  "SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message.",
+  "The certificate was signed using a signature algorithm that is disabled because it is not secure.",
+  "Cannot communicate securely with peer: no common encryption algorithm(s).",
+  "SSL peer has no certificate for the requested DNS name."
+];
+
+Object.assign(exports, { error_list });
+
+})(typeof exports !== 'undefined' ? exports : require.scopes.ssl_codes = {});
\ No newline at end of file
diff --git a/chromium/background-scripts/rules.js b/chromium/background-scripts/rules.js
new file mode 100644
index 000000000000..7f0a5b550637
--- /dev/null
+++ b/chromium/background-scripts/rules.js
@@ -0,0 +1,802 @@
+"use strict";
+
+(function(exports) {
+
+const util = require('./util'),
+  wasm = require('./wasm');
+
+let settings = {
+  enableMixedRulesets: false,
+  domainBlacklist: new Set(),
+};
+
+// To reduce memory usage for the numerous rules/cookies with trivial rules
+const trivial_cookie_rule_c = /.+/;
+
+/* A map of all scope RegExp objects */
+const scopes = new Map();
+
+/**
+ * Returns the scope object from the map for the given scope string.
+ * @param {string} scope ruleset scope string
+ * @returns {RegExp}
+ */
+function getScope(scope) {
+  if (!scopes.has(scope)) {
+    scopes.set(scope, new RegExp(scope));
+  }
+  return scopes.get(scope);
+}
+
+/**
+ * Constructs a single rule
+ * @param from
+ * @param to
+ * @constructor
+ */
+function Rule(from, to) {
+  this.from_c = new RegExp(from);
+  this.to = to;
+}
+
+// To reduce memory usage for the numerous rules/cookies with trivial rules
+const trivial_rule = new Rule("^http:", "https:");
+
+/**
+ * Returns a common trivial rule or constructs a new one.
+ */
+function getRule(from, to) {
+  if (from === "^http:" && to === "https:") {
+    // This is a trivial rule, rewriting http->https with no complex RegExp.
+    return trivial_rule;
+  } else {
+    // This is a non-trivial rule.
+    return new Rule(from, to);
+  }
+}
+
+/**
+ * Generates a CookieRule
+ * @param host The host regex to compile
+ * @param cookiename The cookie name Regex to compile
+ * @constructor
+ */
+function CookieRule(host, cookiename) {
+  if (host === '.+') {
+    // Some cookie rules trivially match any host.
+    this.host_c = trivial_cookie_rule_c;
+  } else {
+    this.host_c = new RegExp(host);
+  }
+
+  if (cookiename === '.+') {
+    // About 50% of cookie rules trivially match any name.
+    this.name_c = trivial_cookie_rule_c;
+  } else {
+    this.name_c = new RegExp(cookiename);
+  }
+}
+
+/**
+ *A collection of rules
+ * @param {string} set_name The name of this set
+ * @param {boolean} default_state activity state
+ * @param {string} scope ruleset scope string
+ * @param {string} note Note will be displayed in popup
+ * @constructor
+ */
+function RuleSet(set_name, default_state, scope, note) {
+  this.name = set_name;
+  this.rules = [];
+  this.exclusions = null;
+  this.cookierules = null;
+  this.active = default_state;
+  this.default_state = default_state;
+  this.scope = getScope(scope);
+  this.note = note;
+}
+
+RuleSet.prototype = {
+  /**
+   * Check if a URI can be rewritten and rewrite it
+   * @param urispec The uri to rewrite
+   * @returns {*} null or the rewritten uri
+   */
+  apply: function(urispec) {
+    var returl = null;
+    // If we're covered by an exclusion, go home
+    if (this.exclusions !== null && this.exclusions.test(urispec)) {
+      util.log(util.DBUG, "excluded uri " + urispec);
+      return null;
+    }
+
+    // Okay, now find the first rule that triggers
+    for (let rule of this.rules) {
+      returl = urispec.replace(rule.from_c,
+        rule.to);
+      if (returl != urispec) {
+        return returl;
+      }
+    }
+    return null;
+  },
+
+  /**
+   * Deep equivalence comparison
+   * @param ruleset The ruleset to compare with
+   * @returns true or false, depending on whether it's deeply equivalent
+   */
+  isEquivalentTo: function(ruleset) {
+    if(this.name != ruleset.name ||
+       this.note != ruleset.note ||
+       this.active != ruleset.active ||
+       this.default_state != ruleset.default_state) {
+      return false;
+    }
+
+    try {
+      var this_exclusions_source = this.exclusions.source;
+    } catch(e) {
+      var this_exclusions_source = null;
+    }
+
+    try {
+      var ruleset_exclusions_source = ruleset.exclusions.source;
+    } catch(e) {
+      var ruleset_exclusions_source = null;
+    }
+
+    try {
+      var this_rules_length = this.rules.length;
+    } catch(e) {
+      var this_rules_length = 0;
+    }
+
+    try {
+      var ruleset_rules_length = ruleset.rules.length;
+    } catch(e) {
+      var ruleset_rules_length = 0;
+    }
+
+    if(this_rules_length != ruleset_rules_length) {
+      return false;
+    }
+
+    if (this_exclusions_source != ruleset_exclusions_source) {
+      return false;
+    }
+
+    if(this_rules_length > 0) {
+      for(let x = 0; x < this.rules.length; x++) {
+        if(this.rules[x].to != ruleset.rules[x].to) {
+          return false;
+        }
+      }
+    }
+
+    return true;
+  }
+
+};
+
+/**
+ * Initialize Rule Sets
+ * @constructor
+ */
+function RuleSets() {
+  // Load rules into structure
+  this.targets = new Map();
+
+  // A cache for potentiallyApplicableRulesets
+  this.ruleCache = new Map();
+
+  // A cache for cookie hostnames.
+  this.cookieHostCache = new Map();
+
+  /**
+   * A hash of rule name -> active status (true/false).
+   * @type {Object<string, boolean>}
+   */
+  this.ruleActiveStates = {};
+
+  // The key to retrieve user rules from the storage api
+  this.USER_RULE_KEY = 'userRules';
+
+  return this;
+}
+
+
+RuleSets.prototype = {
+
+  /**
+   * Load packaged rulesets, and rulesets in browser storage
+   * @param store object from store.js
+   */
+  loadFromBrowserStorage: async function(store, applyStoredFunc) {
+    this.store = store;
+    this.ruleActiveStates = await this.store.get_promise('ruleActiveStates', {});
+    try {
+      this.wasm_rs = wasm.RuleSets.new();
+    } catch(e) {
+      util.log(util.WARN, 'Falling back to pure JS implementation: ' + e);
+    }
+    await applyStoredFunc(this);
+    await this.loadStoredUserRules();
+    await this.addStoredCustomRulesets();
+  },
+
+  /**
+   * Convert XML to JS and load rulesets
+   * @param {Document} ruleXml
+   * @param {string} scope
+   */
+  addFromXml: function(ruleXml, scope) {
+    const rulesets_xml = ruleXml.getElementsByTagName("ruleset");
+
+    let rulesets = [];
+    for (let ruleset_xml of rulesets_xml) {
+      rulesets.push(this.convertOneXmlToJs(ruleset_xml));
+    }
+
+    this.addFromJson(rulesets, scope);
+  },
+
+  /**
+   * @param {*} ruleJson
+   * @param {string} scope
+   */
+  addFromJson: function(ruleJson, scope) {
+    if (this.wasm_rs) {
+      this.wasm_rs.add_all_from_js_array(
+        ruleJson,
+        settings.enableMixedRulesets,
+        this.ruleActiveStates,
+        scope);
+    } else {
+      for (let ruleset of ruleJson) {
+        try {
+          this.parseOneJsonRuleset(ruleset, scope);
+        } catch(e) {
+          util.log(util.WARN, 'Error processing ruleset:' + e);
+        }
+      }
+    }
+  },
+
+  /**
+   * Parse one JSON format ruleset element
+   * @param {*} ruletag
+   * @param {string} scope
+   */
+  parseOneJsonRuleset: function(ruletag, scope) {
+    var default_state = true;
+    var note = "";
+    var default_off = ruletag["default_off"];
+    if (default_off) {
+      default_state = false;
+      if (default_off === "user rule") {
+        default_state = true;
+      }
+      note += default_off + "\n";
+    }
+
+    // If a ruleset declares a platform, and we don't match it, treat it as
+    // off-by-default. In practice, this excludes "mixedcontent" rules.
+    var platform = ruletag["platform"];
+    if (platform) {
+      default_state = false;
+      if (platform == "mixedcontent" && settings.enableMixedRulesets) {
+        default_state = true;
+      }
+      note += "Platform(s): " + platform + "\n";
+    }
+
+    var rule_set = new RuleSet(ruletag["name"], default_state, scope, note.trim());
+
+    // Read user prefs
+    if (rule_set.name in this.ruleActiveStates) {
+      rule_set.active = this.ruleActiveStates[rule_set.name];
+    }
+
+    var rules = ruletag["rule"];
+    for (let rule of rules) {
+      if (rule["from"] != null && rule["to"] != null) {
+        rule_set.rules.push(getRule(rule["from"], rule["to"]));
+      }
+    }
+
+    var exclusions = ruletag["exclusion"];
+    if (exclusions != null) {
+      rule_set.exclusions = new RegExp(exclusions.join("|"));
+    }
+
+    var cookierules = ruletag["securecookie"];
+    if (cookierules != null) {
+      for (let cookierule of cookierules) {
+        if (cookierule["host"] != null && cookierule["name"] != null) {
+          if (!rule_set.cookierules) {
+            rule_set.cookierules = [];
+          }
+          rule_set.cookierules.push(new CookieRule(cookierule["host"], cookierule["name"]));
+        }
+      }
+    }
+
+    var targets = ruletag["target"];
+    for (let target of targets) {
+      if (target != null) {
+        if (!this.targets.has(target)) {
+          this.targets.set(target, []);
+        }
+        this.targets.get(target).push(rule_set);
+      }
+    }
+  },
+
+  /**
+   * Load a user rule
+   * @param params
+   * @param {string} scope
+   * @returns {boolean}
+   */
+  addUserRule : function(params, scope) {
+    util.log(util.INFO, 'adding new user rule for ' + JSON.stringify(params));
+    if (this.wasm_rs) {
+      this.wasm_rs.add_all_from_js_array(
+        [params],
+        settings.enableMixedRulesets,
+        this.ruleActiveStates,
+        scope);
+    } else {
+      this.parseOneJsonRuleset(params, scope);
+    }
+
+    // clear cache so new rule take effect immediately
+    for (const target of params.target) {
+      this.ruleCache.delete(target);
+    }
+
+    // TODO: maybe promote this rule?
+    util.log(util.INFO, 'done adding rule');
+    return true;
+  },
+
+  /**
+   * Remove a user rule
+   * @param params
+   * @returns {boolean}
+   */
+  removeUserRule: function(ruleset, src) {
+    /**
+     * FIXME: We have to use ruleset.name here because the ruleset itself
+     * carries no information on the target it is applying on. This also
+     * made it impossible for users to set custom ruleset name.
+     */
+    util.log(util.INFO, 'removing user rule for ' + JSON.stringify(ruleset));
+
+    // Remove any cache from runtime
+    this.ruleCache.delete(ruleset.name);
+
+    if (src === 'popup') {
+
+      if (this.wasm_rs) {
+        this.wasm_rs.remove_ruleset(ruleset);
+      } else {
+        const tmp = this.targets.get(ruleset.name).filter(r => !r.isEquivalentTo(ruleset));
+        this.targets.set(ruleset.name, tmp);
+
+        if (this.targets.get(ruleset.name).length == 0) {
+          this.targets.delete(ruleset.name);
+        }
+      }
+    }
+
+    if (src === 'options') {
+      /**
+       * FIXME: There is nothing we can do if the call comes from the
+       * option page because isEquivalentTo cannot work reliably.
+       * Leave the heavy duties to background.js to call initializeAllRules
+       */
+    }
+    util.log(util.INFO, 'done removing rule');
+    return true;
+  },
+
+  /**
+  * Retrieve stored user rules from storage api
+  **/
+  getStoredUserRules: async function() {
+    return await this.store.get_promise(this.USER_RULE_KEY, []);
+  },
+
+  /**
+  * Load all stored user rules into this RuleSet object
+  */
+  loadStoredUserRules: function() {
+    return this.getStoredUserRules()
+      .then(userRules => {
+        this.addFromJson(userRules, '');
+        util.log(util.INFO, `loaded ${userRules.length} stored user rules`);
+      });
+  },
+
+  /**
+  * Adds a new user rule
+  * @param params: params defining the rule
+  * @param cb: Callback to call after success/fail
+  * */
+  addNewRuleAndStore: async function(params) {
+    if (this.addUserRule(params, '')) {
+      // If we successfully added the user rule, save it in the storage
+      // api so it's automatically applied when the extension is
+      // reloaded.
+      let userRules = await this.getStoredUserRules();
+      // TODO: there's a race condition here, if this code is ever executed from multiple
+      // client windows in different event loops.
+      userRules.push(params);
+      // TODO: can we exceed the max size for storage?
+      await this.store.set_promise(this.USER_RULE_KEY, userRules);
+    }
+  },
+
+  /**
+  * Removes a user rule
+  * @param ruleset: the ruleset to remove
+  * */
+  removeRuleAndStore: async function(ruleset, src) {
+    if (this.removeUserRule(ruleset, src)) {
+      let userRules = await this.getStoredUserRules();
+
+      if (src === 'popup') {
+        userRules = userRules.filter(r =>
+          !(r.name === ruleset.name && r.rule[0].to === ruleset.rules[0].to)
+        );
+      }
+
+      if (src === 'options') {
+        userRules = userRules.filter(r =>
+          !(r.name === ruleset.name && r.rule[0].to === ruleset.rule[0].to)
+        );
+      }
+      await this.store.set_promise(this.USER_RULE_KEY, userRules);
+    }
+  },
+
+  addStoredCustomRulesets: function() {
+    return new Promise(resolve => {
+      this.store.get({
+        legacy_custom_rulesets: [],
+        debugging_rulesets: ""
+      }, item => {
+        this.loadCustomRulesets(item.legacy_custom_rulesets);
+        this.loadCustomRuleset("<root>" + item.debugging_rulesets + "</root>");
+        resolve();
+      });
+    });
+  },
+
+  // Load in the legacy custom rulesets, if any
+  loadCustomRulesets: function(legacy_custom_rulesets) {
+    for(let legacy_custom_ruleset of legacy_custom_rulesets) {
+      this.loadCustomRuleset(legacy_custom_ruleset);
+    }
+  },
+
+  loadCustomRuleset: function(ruleset_string) {
+    this.addFromXml((new DOMParser()).parseFromString(ruleset_string, 'text/xml'), '');
+  },
+
+  setRuleActiveState: async function(ruleset_name, active) {
+    if (active == undefined) {
+      delete this.ruleActiveStates[ruleset_name];
+    } else {
+      this.ruleActiveStates[ruleset_name] = active;
+    }
+    await this.store.set_promise('ruleActiveStates', this.ruleActiveStates);
+  },
+
+  /**
+   * Converts an XML ruleset to a JS ruleset for parsing
+   * @param ruletag The whole <ruleset> tag to parse
+   */
+  convertOneXmlToJs: function(ruletag) {
+    try {
+      let ruleset = {};
+
+      let default_off = ruletag.getAttribute("default_off");
+      if (default_off) {
+        ruleset["default_off"] = default_off;
+      }
+
+      let platform = ruletag.getAttribute("platform");
+      if (platform) {
+        ruleset["platform"] = platform;
+      }
+
+      let name = ruletag.getAttribute("name");
+      if (name) {
+        ruleset["name"] = name;
+      }
+
+      let rules = [];
+      for (let rule of ruletag.getElementsByTagName("rule")) {
+        rules.push({
+          from: rule.getAttribute("from"),
+          to: rule.getAttribute("to")
+        });
+      }
+      if (rules.length > 0) {
+        ruleset["rule"] = rules;
+      }
+
+      let exclusions = [];
+      for (let exclusion of ruletag.getElementsByTagName("exclusion")) {
+        exclusions.push(exclusion.getAttribute("pattern"));
+      }
+      if (exclusions.length > 0) {
+        ruleset["exclusion"] = exclusions;
+      }
+
+      let cookierules = [];
+      for (let cookierule of ruletag.getElementsByTagName("securecookie")) {
+        cookierules.push({
+          host: cookierule.getAttribute("host"),
+          name: cookierule.getAttribute("name")
+        });
+      }
+      if (cookierules.length > 0) {
+        ruleset["securecookie"] = cookierules;
+      }
+
+      let targets = [];
+      for (let target of ruletag.getElementsByTagName("target")) {
+        targets.push(target.getAttribute("host"));
+      }
+      if (targets.length > 0) {
+        ruleset["target"] = targets;
+      }
+
+      return ruleset;
+    } catch (e) {
+      util.log(util.WARN, 'Error converting ruleset to JS:' + e);
+      return {};
+    }
+  },
+
+  /**
+   * Return a list of rulesets that apply to this host
+   * @param host The host to check
+   * @returns {*} (empty) list
+   */
+  potentiallyApplicableRulesets: function(host) {
+    // Have we cached this result? If so, return it!
+    if (this.ruleCache.has(host)) {
+      let cached_item = this.ruleCache.get(host);
+      util.log(util.DBUG, "Ruleset cache hit for " + host + " items:" + cached_item.size);
+      return cached_item;
+    } else {
+      util.log(util.DBUG, "Ruleset cache miss for " + host);
+    }
+
+    let results;
+    if (this.wasm_rs) {
+      let pa = this.wasm_rs.potentially_applicable(host);
+      results = new Set([...pa].map(ruleset => {
+        let rs = new RuleSet(ruleset.name, ruleset.default_state, ruleset.scope, ruleset.note);
+
+        if (ruleset.cookierules) {
+          let cookierules = ruleset.cookierules.map(cookierule => {
+            return new CookieRule(cookierule.host, cookierule.name);
+          });
+          rs.cookierules = cookierules;
+        } else {
+          rs.cookierules = null;
+        }
+
+        let rules = ruleset.rules.map(rule => {
+          return getRule(rule.from, rule.to);
+        });
+        rs.rules = rules;
+
+        if (ruleset.exclusions) {
+          rs.exclusions = new RegExp(ruleset.exclusions);
+        } else {
+          rs.exclusions = null;
+        }
+
+        rs.active = ruleset.active;
+
+        return rs;
+      }));
+    } else {
+      // Let's begin search
+      results = (this.targets.has(host) ?
+        new Set([...this.targets.get(host)]) :
+        new Set());
+
+      let expressions = util.getWildcardExpressions(host);
+      for (const expression of expressions) {
+        results = (this.targets.has(expression) ?
+          new Set([...results, ...this.targets.get(expression)]) :
+          results);
+      }
+
+      // Clean the results list, which may contain duplicates or undefined entries
+      results.delete(undefined);
+
+      util.log(util.DBUG,"Applicable rules for " + host + ":");
+      if (results.size == 0) {
+        util.log(util.DBUG, "  None");
+        results = util.nullIterable;
+      } else {
+        results.forEach(result => util.log(util.DBUG, "  " + result.name));
+      }
+    }
+
+    // Insert results into the ruleset cache
+    this.ruleCache.set(host, results);
+
+    // Cap the size of the cache. (Limit chosen somewhat arbitrarily)
+    if (this.ruleCache.size > 1000) {
+      // Map.prototype.keys() returns keys in insertion order, so this is a FIFO.
+      this.ruleCache.delete(this.ruleCache.keys().next().value);
+    }
+
+    return results;
+  },
+
+  /**
+   * Check to see if the Cookie object c meets any of our cookierule criteria for being marked as secure.
+   * @param cookie The cookie to test
+   * @returns {*} true or false
+   */
+  shouldSecureCookie: function(cookie) {
+    let hostname = cookie.domain;
+    // cookie domain scopes can start with .
+    while (hostname.charAt(0) == ".") {
+      hostname = hostname.slice(1);
+    }
+
+    // Check if the domain might be being served over HTTP.  If so, it isn't
+    // safe to secure a cookie!  We can't always know this for sure because
+    // observing cookie-changed doesn't give us enough context to know the
+    // full origin URI.
+
+    // First, if there are any redirect loops on this domain, don't secure
+    // cookies.  XXX This is not a very satisfactory heuristic.  Sometimes we
+    // would want to secure the cookie anyway, because the URLs that loop are
+    // not authenticated or not important.  Also by the time the loop has been
+    // observed and the domain blacklisted, a cookie might already have been
+    // flagged as secure.
+
+    if (settings.domainBlacklist.has(hostname)) {
+      util.log(util.INFO, "cookies for " + hostname + "blacklisted");
+      return false;
+    }
+
+    // Second, we need a cookie pass two tests before patching it
+    //   (1) it is safe to secure the cookie, as per safeToSecureCookie()
+    //   (2) it matches with the CookieRule
+    //
+    // We kept a cache of the results for (1), if we have a cached result which
+    //   (a) is false, we should not secure the cookie for sure
+    //   (b) is true, we need to perform test (2)
+    //
+    // Otherwise,
+    //   (c) We need to perform (1) and (2) in place
+
+    let safe = false;
+    if (this.cookieHostCache.has(hostname)) {
+      util.log(util.DBUG, "Cookie host cache hit for " + hostname);
+      safe = this.cookieHostCache.get(hostname); // true only if it is case (b)
+      if (!safe) {
+        return false; // (a)
+      }
+    } else {
+      util.log(util.DBUG, "Cookie host cache miss for " + hostname);
+    }
+
+    const potentiallyApplicable = this.potentiallyApplicableRulesets(hostname);
+    for (const ruleset of potentiallyApplicable) {
+      if (ruleset.cookierules !== null && ruleset.active) {
+        // safe is false only indicate the lack of a cached result
+        // we cannot use it to avoid looping here
+        for (const cookierule of ruleset.cookierules) {
+          // if safe is true, it is case (b); otherwise it is case (c)
+          if (cookierule.host_c.test(cookie.domain) && cookierule.name_c.test(cookie.name)) {
+            return safe || this.safeToSecureCookie(hostname, potentiallyApplicable);
+          }
+        }
+      }
+    }
+    return false;
+  },
+
+  /**
+   * Check if it is secure to secure the cookie (=patch the secure flag in).
+   * @param domain The domain of the cookie
+   * @param potentiallyApplicable
+   * @returns {*} true or false
+   */
+  safeToSecureCookie: function(domain, potentiallyApplicable) {
+    // Make up a random URL on the domain, and see if we would HTTPSify that.
+    var nonce_path = "/" + Math.random().toString();
+    var test_uri = "http://" + domain + nonce_path + nonce_path;
+
+    // Cap the size of the cookie cache (limit chosen somewhat arbitrarily)
+    if (this.cookieHostCache.size > 250) {
+      // Map.prototype.keys() returns keys in insertion order, so this is a FIFO.
+      this.cookieHostCache.delete(this.cookieHostCache.keys().next().value);
+    }
+
+    util.log(util.INFO, "Testing securecookie applicability with " + test_uri);
+    for (let ruleset of potentiallyApplicable) {
+      if (ruleset.active && ruleset.apply(test_uri)) {
+        util.log(util.INFO, "Cookie domain could be secured.");
+        this.cookieHostCache.set(domain, true);
+        return true;
+      }
+    }
+    util.log(util.INFO, "Cookie domain could NOT be secured.");
+    this.cookieHostCache.set(domain, false);
+    return false;
+  },
+
+  /**
+   * Get a list of simple rules (active, with no exclusions) for all hosts that
+   * are in a single ruleset, and end in the specified ending.
+   * @param ending Target ending to search for
+   * @returns A list of { host, from_regex, to, scope_regex }
+   */
+  getSimpleRulesEndingWith: function(ending) {
+    let results;
+
+    if (this.wasm_rs) {
+      results = this.wasm_rs.get_simple_rules_ending_with(ending);
+    } else {
+      results = [];
+      for(let [host, rulesets] of this.targets) {
+        if (host.endsWith(ending) &&
+            rulesets.length == 1 &&
+            rulesets[0].active === true &&
+            rulesets[0].exclusions == null
+        ) {
+          for (let rule of rulesets[0].rules) {
+            if (rule.from_c.test("http://" + host + "/")) {
+              results.push({ host, from_regex: rule.from_c.toString(), to: rule.to, scope_regex: rulesets[0].scope.toString() });
+            }
+          }
+        }
+      }
+    }
+    return results;
+  },
+
+  /**
+   * Rewrite an URI
+   * @param urispec The uri to rewrite
+   * @param host The host of this uri
+   * @returns {*} the new uri or null
+   */
+  rewriteURI: function(urispec, host) {
+    var newuri = null;
+    var potentiallyApplicable = this.potentiallyApplicableRulesets(host);
+    for (let ruleset of potentiallyApplicable) {
+      if (ruleset.active && (newuri = ruleset.apply(urispec))) {
+        return newuri;
+      }
+    }
+    return null;
+  }
+};
+
+Object.assign(exports, {
+  settings,
+  trivial_rule,
+  Rule,
+  RuleSet,
+  RuleSets,
+  getRule
+});
+
+})(typeof exports == 'undefined' ? require.scopes.rules = {} : exports);
diff --git a/chromium/background-scripts/store.js b/chromium/background-scripts/store.js
new file mode 100644
index 000000000000..e3af7cb8086f
--- /dev/null
+++ b/chromium/background-scripts/store.js
@@ -0,0 +1,143 @@
+"use strict";
+
+(function(exports) {
+
+const rules = require('./rules');
+const util = require("./util");
+
+function initialize() {
+  return new Promise(resolve => {
+    if (chrome.storage.sync) {
+      chrome.storage.sync.set({"sync-set-test": true}, () => {
+        if(chrome.runtime.lastError) {
+          setStorage(chrome.storage.local);
+        } else {
+          setStorage(chrome.storage.sync);
+        }
+        resolve();
+      });
+    } else {
+      setStorage(chrome.storage.local);
+      resolve();
+    }
+  });
+}
+
+/* Storage promise setters and getters */
+
+function generic_get_promise(key, default_val, storage) {
+  return new Promise(res => storage.get({[key]: default_val}, data => res(data[key])));
+}
+
+function generic_set_promise(key, value, storage) {
+  return new Promise(res => storage.set({[key]: value}, res));
+}
+
+function get_promise(key, default_val) {
+  return generic_get_promise(key, default_val, exports);
+}
+
+function set_promise(key, value) {
+  return generic_set_promise(key, value, exports);
+}
+
+function local_get_promise(key, default_val) {
+  return generic_get_promise(key, default_val, chrome.storage.local);
+}
+
+function local_set_promise(key, value) {
+  return generic_set_promise(key, value, chrome.storage.local);
+}
+
+
+
+async function performMigrations() {
+  let migration_version = await get_promise('migration_version', 0);
+
+  try {
+    if (migration_version === 0) {
+      let ls = localStorage;
+      let ruleActiveStates = {};
+
+      for (let key in ls) {
+        if (ls.hasOwnProperty(key)) {
+          if (rules.RuleSets().USER_RULE_KEY === key) {
+            await set_promise(rules.RuleSets().USER_RULE_KEY, JSON.parse(ls[key]));
+          } else {
+            ruleActiveStates[key] = (ls[key] === "true");
+          }
+        }
+      }
+      migration_version = 1;
+      await set_promise('migration_version', migration_version);
+      await set_promise('ruleActiveStates', ruleActiveStates);
+    }
+
+  } catch (e) {
+    // do nothing
+  }
+
+  if (migration_version <= 1) {
+    await get_promise(rules.RuleSets().USER_RULE_KEY, [])
+      .then(userRules => {
+        userRules = userRules.map(userRule => {
+          return {
+            name: userRule.host,
+            target: [userRule.host],
+            rule: [{ from: userRule.urlMatcher, to: userRule.redirectTo }],
+            default_off: "user rule"
+          };
+        });
+        return userRules;
+      })
+      .then(userRules => {
+        return set_promise(rules.RuleSets().USER_RULE_KEY, userRules);
+      });
+
+    migration_version = 2;
+    await set_promise('migration_version', migration_version);
+  }
+
+  if (migration_version <= 2) {
+    await get_promise('disabledList', [])
+      .then(disabledList => {
+        disabledList = disabledList.map(item => {
+          return util.getNormalisedHostname(item);
+        });
+        return disabledList;
+      })
+      .then(disabledList => {
+        return set_promise('disabledList', disabledList);
+      });
+
+    migration_version = 3;
+    await set_promise('migration_version', migration_version);
+  }
+}
+
+const local = {
+  get: (...args) => chrome.storage.local.get(...args),
+  set: (...args) => chrome.storage.local.set(...args),
+  remove: (...args) => chrome.storage.local.remove(...args),
+  get_promise: local_get_promise,
+  set_promise: local_set_promise
+};
+
+function setStorage(store) {
+  Object.assign(exports, {
+    get: store.get.bind(store),
+    set: store.set.bind(store),
+    remove: store.remove.bind(store),
+    get_promise,
+    set_promise,
+    local
+  });
+  chrome.runtime.sendMessage("store_initialized");
+}
+
+Object.assign(exports, {
+  initialize,
+  performMigrations
+});
+
+})(typeof exports == 'undefined' ? require.scopes.store = {} : exports);
diff --git a/chromium/background-scripts/update.js b/chromium/background-scripts/update.js
new file mode 100644
index 000000000000..a0bc7fdf85e9
--- /dev/null
+++ b/chromium/background-scripts/update.js
@@ -0,0 +1,480 @@
+/* global pako */
+
+"use strict";
+
+let combined_update_channels, extension_version;
+const { update_channels } = require('./update_channels');
+const wasm = require('./wasm');
+
+// Determine if we're in the tests.  If so, define some necessary components.
+if (typeof window === "undefined") {
+  var WebCrypto = require("node-webcrypto-ossl"),
+    crypto = new WebCrypto(),
+    atob = require("atob"),
+    btoa = require("btoa"),
+    pako = require('../external/pako-1.0.5/pako_inflate.min.js'),
+    { TextDecoder } = require('text-encoding'),
+    chrome = require("sinon-chrome"),
+    window = { atob, btoa, chrome, crypto, pako, TextDecoder },
+    fs = require('fs');
+
+  extension_version = JSON.parse(fs.readFileSync('./manifest.json')).version;
+
+  combined_update_channels = update_channels;
+} else {
+  extension_version = chrome.runtime.getManifest().version;
+}
+
+(function(exports) {
+
+const util = require('./util');
+
+let store,
+  background_callback;
+
+// how often we should check for new rulesets
+const periodicity = 86400;
+
+const extension_date = new Date(extension_version.split('.').slice(0,3).join('-'));
+const extension_timestamp = extension_date.getTime() / 1000;
+
+let imported_keys;
+
+// update channels are loaded from `background-scripts/update_channels.js` as well as the storage api
+async function loadUpdateChannelsKeys() {
+  util.log(util.NOTE, 'Loading update channels and importing associated public keys.');
+
+  const stored_update_channels = await store.get_promise('update_channels', []);
+  const combined_update_channels_preflight = update_channels.concat(stored_update_channels);
+
+  imported_keys = {};
+  combined_update_channels = [];
+
+  for(let update_channel of combined_update_channels_preflight) {
+
+    try{
+      imported_keys[update_channel.name] = await window.crypto.subtle.importKey(
+        "jwk",
+        update_channel.jwk,
+        {
+          name: "RSA-PSS",
+          hash: {name: "SHA-256"},
+        },
+        false,
+        ["verify"]
+      );
+      combined_update_channels.push(update_channel);
+      util.log(util.NOTE, update_channel.name + ': Update channel key loaded.');
+    } catch(err) {
+      util.log(util.WARN, update_channel.name + ': Could not import key.  Aborting.');
+    }
+  }
+}
+
+
+// Determine the time until we should check for new rulesets
+async function timeToNextCheck() {
+  const last_checked = await store.local.get_promise('last-checked', false);
+  if(last_checked) {
+    const current_timestamp = Date.now() / 1000;
+    const secs_since_last_checked = current_timestamp - last_checked;
+    return Math.max(0, periodicity - secs_since_last_checked);
+  } else {
+    return 0;
+  }
+}
+
+// Check for new rulesets immediately
+async function resetTimer() {
+  await store.local.set_promise('last-checked', false);
+  destroyTimer();
+  await createTimer();
+}
+
+// Check for new updates. If found, return the timestamp. If not, return false
+async function checkForNewUpdates(update_channel) {
+  let timestamp_result = await fetch(update_channel.update_path_prefix + (update_channel.format == "bloom" ? "/latest-bloom-timestamp" : "/latest-rulesets-timestamp"));
+  if(timestamp_result.status == 200) {
+    let uc_timestamp = Number(await timestamp_result.text());
+
+    if((await store.local.get_promise('uc-timestamp: ' + update_channel.name, 0)) < uc_timestamp) {
+      return uc_timestamp;
+    }
+  }
+  return false;
+}
+
+// Retrieve the timestamp for when an update channel was published
+async function getUpdateChannelTimestamps() {
+  let timestamp_promises = [];
+  for(let update_channel of combined_update_channels) {
+    timestamp_promises.push(new Promise(async resolve => {
+      let timestamp = await store.local.get_promise('uc-stored-timestamp: ' + update_channel.name, 0);
+      resolve([update_channel, timestamp]);
+    }));
+  }
+  let timestamps = await Promise.all(timestamp_promises);
+  return timestamps;
+}
+
+// Download and return new rulesets
+async function getNewRulesets(rulesets_timestamp, update_channel) {
+
+  store.local.set_promise('uc-timestamp: ' + update_channel.name, rulesets_timestamp);
+
+  let signature_promise = fetch(update_channel.update_path_prefix + "/rulesets-signature." + rulesets_timestamp + ".sha256");
+  let rulesets_promise = fetch(update_channel.update_path_prefix + "/default.rulesets." + rulesets_timestamp + ".gz");
+
+  let responses = await Promise.all([
+    signature_promise,
+    rulesets_promise
+  ]);
+
+  let resolutions = await Promise.all([
+    responses[0].arrayBuffer(),
+    responses[1].arrayBuffer()
+  ]);
+
+  return {
+    signature_array_buffer: resolutions[0],
+    rulesets_array_buffer: resolutions[1]
+  };
+}
+
+// Download and return new bloom
+async function getNewBloom(bloom_timestamp, update_channel) {
+  store.local.set_promise('uc-timestamp: ' + update_channel.name, bloom_timestamp);
+
+  let signature_promise = fetch(update_channel.update_path_prefix + "/bloom-signature." + bloom_timestamp + ".sha256");
+  let bloom_metadata_promise = fetch(update_channel.update_path_prefix + "/bloom-metadata." + bloom_timestamp + ".json");
+  let bloom_promise = fetch(update_channel.update_path_prefix + "/bloom." + bloom_timestamp + ".bin");
+
+  let responses = await Promise.all([
+    signature_promise,
+    bloom_metadata_promise,
+    bloom_promise
+  ]);
+
+  let resolutions = await Promise.all([
+    responses[0].arrayBuffer(),
+    responses[1].arrayBuffer(),
+    responses[2].arrayBuffer()
+  ]);
+
+  return {
+    signature_array_buffer: resolutions[0],
+    bloom_metadata_array_buffer: resolutions[1],
+    bloom_array_buffer: resolutions[2],
+  };
+
+}
+
+// Returns a promise which verifies that the rulesets have a valid EFF
+// signature, and if so, stores them and returns true.
+// Otherwise, it throws an exception.
+function verifyAndStoreNewRulesets(new_rulesets, rulesets_timestamp, update_channel) {
+  return new Promise((resolve, reject) => {
+    window.crypto.subtle.verify(
+      {
+        name: "RSA-PSS",
+        saltLength: 32
+      },
+      imported_keys[update_channel.name],
+      new_rulesets.signature_array_buffer,
+      new_rulesets.rulesets_array_buffer
+    ).then(async isvalid => {
+      if(isvalid) {
+        util.log(util.NOTE, update_channel.name + ': Downloaded ruleset signature checks out.  Storing rulesets.');
+
+        const rulesets_gz = util.ArrayBufferToString(new_rulesets.rulesets_array_buffer);
+        const rulesets_byte_array = pako.inflate(rulesets_gz);
+        const rulesets = new TextDecoder("utf-8").decode(rulesets_byte_array);
+        const rulesets_json = JSON.parse(rulesets);
+
+        if(rulesets_json.timestamp != rulesets_timestamp) {
+          reject(update_channel.name + ': Downloaded ruleset had an incorrect timestamp.  This may be an attempted downgrade attack.  Aborting.');
+        } else {
+          await store.local.set_promise('rulesets: ' + update_channel.name, window.btoa(rulesets_gz));
+          resolve(true);
+        }
+      } else {
+        reject(update_channel.name + ': Downloaded ruleset signature is invalid.  Aborting.');
+      }
+    }).catch(() => {
+      reject(update_channel.name + ': Downloaded ruleset signature could not be verified.  Aborting.');
+    });
+  });
+}
+
+// Returns a promise which verifies that the bloom has a valid EFF
+// signature, and if so, stores it and returns true.
+// Otherwise, it throws an exception.
+function verifyAndStoreNewBloom(new_bloom, bloom_timestamp, update_channel) {
+  return new Promise((resolve, reject) => {
+    window.crypto.subtle.verify(
+      {
+        name: "RSA-PSS",
+        saltLength: 32
+      },
+      imported_keys[update_channel.name],
+      new_bloom.signature_array_buffer,
+      new_bloom.bloom_metadata_array_buffer
+    ).then(async isvalid => {
+      if(isvalid) {
+        util.log(util.NOTE, update_channel.name + ': Bloom filter metadata signature checks out.');
+
+        const bloom_metadata = JSON.parse(util.ArrayBufferToString(new_bloom.bloom_metadata_array_buffer));
+        const bloom_str = util.ArrayBufferToString(new_bloom.bloom_array_buffer);
+
+        if(bloom_metadata.timestamp != bloom_timestamp) {
+          reject(update_channel.name + ': Downloaded bloom filter had an incorrect timestamp.  This may be an attempted downgrade attack.  Aborting.');
+        } else if(await sha256sum(new_bloom.bloom_array_buffer) != bloom_metadata.sha256sum) {
+          reject(update_channel.name + ': sha256sum of the bloom filter is invalid.  Aborting.');
+        } else {
+          await store.local.set_promise('bloom: ' + update_channel.name, window.btoa(bloom_str));
+          await store.local.set_promise('bloom_bitmap_bits: ' + update_channel.name, bloom_metadata.bitmap_bits);
+          await store.local.set_promise('bloom_k_num: ' + update_channel.name, bloom_metadata.k_num);
+          await store.local.set_promise('bloom_sip_keys_0_0: ' + update_channel.name, bloom_metadata.sip_keys[0][0]);
+          await store.local.set_promise('bloom_sip_keys_0_1: ' + update_channel.name, bloom_metadata.sip_keys[0][1]);
+          await store.local.set_promise('bloom_sip_keys_1_0: ' + update_channel.name, bloom_metadata.sip_keys[1][0]);
+          await store.local.set_promise('bloom_sip_keys_1_1: ' + update_channel.name, bloom_metadata.sip_keys[1][1]);
+          resolve(true);
+        }
+      } else {
+        reject(update_channel.name + ': Downloaded bloom filter metadata signature is invalid.  Aborting.');
+      }
+    }).catch(() => {
+      reject(update_channel.name + ': Downloaded bloom signature could not be verified.  Aborting.');
+    });
+  });
+}
+
+async function sha256sum(buffer) {
+  const hashBuffer = await window.crypto.subtle.digest('SHA-256', buffer);
+  const hashArray = Array.from(new Uint8Array(hashBuffer));
+  const hashHex = hashArray.map(b => ('00' + b.toString(16)).slice(-2)).join('');
+  return hashHex;
+}
+
+function isNotUndefined(subject) {
+  return (typeof subject != 'undefined');
+}
+
+// Apply the rulesets we have stored.
+async function applyStoredRulesets(rulesets_obj) {
+  let rulesets_promises = [];
+  for(let update_channel of combined_update_channels) {
+    if(update_channel.format == "rulesets" || !update_channel.format) {
+      rulesets_promises.push(new Promise(resolve => {
+        const key = 'rulesets: ' + update_channel.name;
+        chrome.storage.local.get(key, root => {
+          if(root[key]) {
+            util.log(util.NOTE, update_channel.name + ': Applying stored rulesets.');
+
+            const rulesets_gz = window.atob(root[key]);
+            const rulesets_byte_array = pako.inflate(rulesets_gz);
+            const rulesets_string = new TextDecoder("utf-8").decode(rulesets_byte_array);
+            const rulesets_json = JSON.parse(rulesets_string);
+
+            resolve({json: rulesets_json, scope: update_channel.scope, replaces: update_channel.replaces_default_rulesets});
+          } else {
+            resolve();
+          }
+        });
+      }));
+    }
+  }
+
+  const rulesets_results = (await Promise.all(rulesets_promises)).filter(isNotUndefined);
+
+  let replaces = false;
+  for(const rulesets_result of rulesets_results) {
+    if(rulesets_result.replaces === true) {
+      replaces = true;
+    }
+    rulesets_obj.addFromJson(rulesets_result.json.rulesets, rulesets_result.scope);
+  }
+
+  if(!replaces) {
+    rulesets_obj.addFromJson(util.loadExtensionFile('rules/default.rulesets', 'json'), '');
+  }
+}
+
+// Apply the blooms we have stored.
+async function applyStoredBlooms(bloom_arr) {
+  let bloom_promises = [];
+  for(let update_channel of combined_update_channels) {
+    if(update_channel.format == "bloom") {
+      bloom_promises.push(new Promise(resolve => {
+        const key = 'bloom: ' + update_channel.name;
+        chrome.storage.local.get(key, async root => {
+          if(root[key]) {
+            util.log(util.NOTE, update_channel.name + ': Applying stored bloom filter.');
+            const bloom = util.StringToArrayBuffer(window.atob(root[key]));
+            const bloom_bitmap_bits = await store.local.get_promise('bloom_bitmap_bits: ' + update_channel.name, "");
+            const bloom_k_num = await store.local.get_promise('bloom_k_num: ' + update_channel.name, "");
+            const bloom_sip_keys_0_0 = await store.local.get_promise('bloom_sip_keys_0_0: ' + update_channel.name, "");
+            const bloom_sip_keys_0_1 = await store.local.get_promise('bloom_sip_keys_0_1: ' + update_channel.name, "");
+            const bloom_sip_keys_1_0 = await store.local.get_promise('bloom_sip_keys_1_0: ' + update_channel.name, "");
+            const bloom_sip_keys_1_1 = await store.local.get_promise('bloom_sip_keys_1_1: ' + update_channel.name, "");
+
+            try{
+              resolve(wasm.Bloom.from_existing(bloom, bloom_bitmap_bits, bloom_k_num, [[bloom_sip_keys_0_0, bloom_sip_keys_0_1], [bloom_sip_keys_1_0, bloom_sip_keys_1_1]]));
+            } catch(_) {
+              resolve();
+            }
+          } else {
+            resolve();
+          }
+        });
+      }));
+    }
+  }
+
+  bloom_arr.length = 0;
+  const bloom_results = (await Promise.all(bloom_promises)).filter(isNotUndefined);
+  for(const bloom_result of bloom_results) {
+    bloom_arr.push(bloom_result);
+  }
+}
+
+
+// basic workflow for periodic checks
+async function performCheck() {
+  util.log(util.NOTE, 'Checking for new updates.');
+
+  const current_timestamp = Date.now() / 1000;
+  store.local.set_promise('last-checked', current_timestamp);
+
+  let num_updates = 0;
+  for(let update_channel of combined_update_channels) {
+    if(update_channel.format == "bloom") {
+      let new_bloom_timestamp = await checkForNewUpdates(update_channel);
+      if(new_bloom_timestamp) {
+        util.log(util.NOTE, update_channel.name + ': A new bloom filter has been released.  Downloading now.');
+        let new_bloom = await getNewBloom(new_bloom_timestamp, update_channel);
+        try{
+          await verifyAndStoreNewBloom(new_bloom, new_bloom_timestamp, update_channel);
+          store.local.set_promise('uc-stored-timestamp: ' + update_channel.name, new_bloom_timestamp);
+          num_updates++;
+        } catch(err) {
+          util.log(util.WARN, update_channel.name + ': ' + err);
+        }
+      }
+    } else {
+      let new_rulesets_timestamp = await checkForNewUpdates(update_channel);
+      if(new_rulesets_timestamp) {
+
+        if(update_channel.replaces_default_rulesets && extension_timestamp > new_rulesets_timestamp) {
+          util.log(util.NOTE, update_channel.name + ': A new ruleset bundle has been released, but it is older than the extension-bundled rulesets it replaces.  Skipping.');
+          continue;
+        }
+
+        util.log(util.NOTE, update_channel.name + ': A new ruleset bundle has been released.  Downloading now.');
+        let new_rulesets = await getNewRulesets(new_rulesets_timestamp, update_channel);
+        try{
+          await verifyAndStoreNewRulesets(new_rulesets, new_rulesets_timestamp, update_channel);
+          store.local.set_promise('uc-stored-timestamp: ' + update_channel.name, new_rulesets_timestamp);
+          num_updates++;
+        } catch(err) {
+          util.log(util.WARN, update_channel.name + ': ' + err);
+        }
+      }
+    }
+  }
+  if(num_updates > 0) {
+    background_callback();
+  }
+};
+
+async function storageListener(changes, areaName) {
+  if (areaName === 'sync' || areaName === 'local') {
+    if ('autoUpdateRulesets' in changes) {
+      if (changes.autoUpdateRulesets.newValue) {
+        await createTimer();
+      } else {
+        destroyTimer();
+      }
+    }
+  }
+
+  if ('update_channels' in changes) {
+    await loadUpdateChannelsKeys();
+  }
+};
+
+function addStorageListener() {
+  chrome.storage.onChanged.addListener(storageListener);
+}
+
+function removeStorageListener() {
+  chrome.storage.onChanged.removeListener(storageListener);
+}
+
+addStorageListener();
+
+let initialCheck,
+  subsequentChecks;
+
+async function createTimer() {
+  const time_to_next_check = await timeToNextCheck();
+
+  initialCheck = setTimeout(() => {
+    performCheck();
+    subsequentChecks = setInterval(performCheck, periodicity * 1000);
+  }, time_to_next_check * 1000);
+}
+
+function destroyTimer() {
+  if (initialCheck) {
+    clearTimeout(initialCheck);
+  }
+  if (subsequentChecks) {
+    clearInterval(subsequentChecks);
+  }
+}
+
+function clear_replacement_update_channels() {
+  let keys = [];
+  for (const update_channel of combined_update_channels) {
+    if(update_channel.replaces_default_rulesets) {
+      util.log(util.NOTE, update_channel.name + ': You have a new version of the extension.  Clearing any stored rulesets, which replace the new extension-bundled ones.');
+      keys.push('uc-timestamp: ' + update_channel.name);
+      keys.push('uc-stored-timestamp: ' + update_channel.name);
+      keys.push('rulesets: ' + update_channel.name);
+    }
+  }
+
+  return new Promise(resolve => {
+    chrome.storage.local.remove(keys, resolve);
+  });
+}
+
+async function initialize(store_param, cb) {
+  store = store_param;
+  background_callback = cb;
+
+  await loadUpdateChannelsKeys();
+
+  if (await store.local.get_promise('extensionTimestamp', 0) !== extension_timestamp) {
+    await clear_replacement_update_channels();
+    await store.local.set_promise('extensionTimestamp', extension_timestamp);
+  }
+
+  if (await store.get_promise('autoUpdateRulesets', true)) {
+    await createTimer();
+  }
+}
+
+Object.assign(exports, {
+  applyStoredRulesets,
+  applyStoredBlooms,
+  initialize,
+  getUpdateChannelTimestamps,
+  resetTimer,
+  loadUpdateChannelsKeys,
+  addStorageListener,
+  removeStorageListener,
+});
+
+})(typeof exports == 'undefined' ? require.scopes.update = {} : exports);
diff --git a/chromium/background-scripts/update_channels.js b/chromium/background-scripts/update_channels.js
new file mode 100644
index 000000000000..80494ef0f2cc
--- /dev/null
+++ b/chromium/background-scripts/update_channels.js
@@ -0,0 +1,44 @@
+/* exported update_channels */
+
+'use strict';
+
+(function (exports) {
+
+exports.update_channels = [
+  {
+    name: 'EFF (Full)',
+    jwk: {
+      kty: 'RSA',
+      e: 'AQAB',
+      n: '1cwvFQu3Kw-Pz8bcEFuV5zx0ZheDsc4Tva7Qv6BL90_sDLqCW79Y543nDkPtNVfFH_89pt2kSPp_IcS5XnYiw6zBQeFuILFw5JpvZt14K0s4' +
+        'e025Q9CXfhYKIBKT9PnqihwAacjMa6rQb7RTu7XxVvqxRb3b0vx2CR40LSlYZ8H_KpeaUwq2oz-fyrI6LFTeYvbO3ZuLKeK5xV1a32xeTVMF' +
+        'kIj3LxnQalxq-DRHfj7LRRoTnbRDW4uoDc8aVpLFliuO79jUKbobz4slpiWJ4wjKR_O6OK13HbZUiOSxi8Bms-UqBPOyzbMVpmA7lv_zWdaL' +
+        'u1IVlVXQyLVbbrqI6llRqfHdcJoEl-eC48AofuB-relQtjTEK_hyBf7sPwrbqAarjRjlyEx6Qy5gTXyxM9attfNAeupYR6jm8LKm6TFpfWky' +
+        'DxUmj_f5pJMBWNTomV74f8iQ2M18_KWMUDCOf80tR0t21Q1iCWdvA3K_KJn05tTLyumlwwlQijMqRkYuao-CX9L3DJIaB3VPYPTSIPUr7oi1' +
+        '6agsuamOyiOtlZiRpEvoNg2ksJMZtwnj5xhBQydkdhMW2ZpHDzcLuZlhJYZL_l3_7wuzRM7vpyA9obP92CpZRFJErGZmFxJC93I4U9-0B0wg' +
+        '-sbyMKGJ5j1BWTnibCklDXtWzXtuiz18EgE'
+    },
+    update_path_prefix: 'https://www.https-rulesets.org/v1/',
+    scope: '',
+    replaces_default_rulesets: true
+  },
+  {
+    name: 'DuckDuckGo Smarter Encryption',
+    format: 'bloom',
+    jwk: {
+      kty: 'RSA',
+      e: 'AQAB',
+      n: '1cwvFQu3Kw-Pz8bcEFuV5zx0ZheDsc4Tva7Qv6BL90_sDLqCW79Y543nDkPtNVfFH_89pt2kSPp_IcS5XnYiw6zBQeFuILFw5JpvZt14K0s4' +
+        'e025Q9CXfhYKIBKT9PnqihwAacjMa6rQb7RTu7XxVvqxRb3b0vx2CR40LSlYZ8H_KpeaUwq2oz-fyrI6LFTeYvbO3ZuLKeK5xV1a32xeTVMF' +
+        'kIj3LxnQalxq-DRHfj7LRRoTnbRDW4uoDc8aVpLFliuO79jUKbobz4slpiWJ4wjKR_O6OK13HbZUiOSxi8Bms-UqBPOyzbMVpmA7lv_zWdaL' +
+        'u1IVlVXQyLVbbrqI6llRqfHdcJoEl-eC48AofuB-relQtjTEK_hyBf7sPwrbqAarjRjlyEx6Qy5gTXyxM9attfNAeupYR6jm8LKm6TFpfWky' +
+        'DxUmj_f5pJMBWNTomV74f8iQ2M18_KWMUDCOf80tR0t21Q1iCWdvA3K_KJn05tTLyumlwwlQijMqRkYuao-CX9L3DJIaB3VPYPTSIPUr7oi1' +
+        '6agsuamOyiOtlZiRpEvoNg2ksJMZtwnj5xhBQydkdhMW2ZpHDzcLuZlhJYZL_l3_7wuzRM7vpyA9obP92CpZRFJErGZmFxJC93I4U9-0B0wg' +
+        '-sbyMKGJ5j1BWTnibCklDXtWzXtuiz18EgE'
+    },
+    update_path_prefix: 'https://www.https-rulesets.org/ddg/',
+    scope: '',
+  }
+];
+
+})(typeof exports === 'undefined' ? require.scopes.update_channels = {} : exports);
diff --git a/chromium/background-scripts/util.js b/chromium/background-scripts/util.js
new file mode 100644
index 000000000000..e2b069b8017d
--- /dev/null
+++ b/chromium/background-scripts/util.js
@@ -0,0 +1,183 @@
+"use strict";
+
+(function(exports) {
+
+var VERB = 1;
+var DBUG = 2;
+var INFO = 3;
+var NOTE = 4;
+var WARN = 5;
+// FYI: Logging everything is /very/ slow. Chrome will log & buffer
+// these console logs even when the debug tools are closed. :(
+
+// TODO: Add an easy UI to change the log level.
+// (Developers can just type DEFAULT_LOG_LEVEL=VERB in the console)
+var DEFAULT_LOG_LEVEL = NOTE;
+console.log("Hey developer! Want to see more verbose logging?");
+console.log("Type this into the console: let util = require('./util'); util.setDefaultLogLevel(util.VERB);");
+console.log("Accepted levels are VERB, DBUG, INFO, NOTE and WARN, default is NOTE");
+
+function log(level, str) {
+  if (level >= DEFAULT_LOG_LEVEL) {
+    if (level === WARN) {
+      // Show warning with a little yellow icon in Chrome.
+      console.warn(str);
+    } else {
+      console.log(str);
+    }
+  }
+}
+
+function setDefaultLogLevel(level) {
+  DEFAULT_LOG_LEVEL = level;
+}
+
+function getDefaultLogLevel() {
+  return DEFAULT_LOG_LEVEL;
+}
+
+/**
+ * Load a file packaged with the extension
+ *
+ * @param url: a relative URL to local file
+ */
+function loadExtensionFile(url, returnType) {
+  var xhr = new XMLHttpRequest();
+  // Use blocking XHR to ensure everything is loaded by the time
+  // we return.
+  xhr.open("GET", chrome.runtime.getURL(url), false);
+  xhr.send(null);
+  // Get file contents
+  if (xhr.readyState !== 4) {
+    return;
+  }
+  if (returnType === 'xml') {
+    return xhr.responseXML;
+  }
+  if (returnType === 'json') {
+    return JSON.parse(xhr.responseText);
+  }
+  return xhr.responseText;
+}
+
+/**
+ * Remove tailing dots from hostname, e.g. "www.example.com."
+ * Preserve port numbers if they are used
+ */
+function getNormalisedHostname(host) {
+  let [ hostname, port ] = host.split(":");
+  while (hostname && hostname[hostname.length - 1] === '.' && hostname !== '.') {
+    hostname = hostname.slice(0, -1);
+  }
+  if (port) {
+    return `${hostname}:${port}`;
+  }
+  return hostname;
+}
+
+// Empty iterable singleton to reduce memory usage
+const nullIterable = Object.create(null, {
+  [Symbol.iterator]: {
+    value: function* () {
+      // do nothing
+    }
+  },
+
+  size: {
+    value: 0
+  },
+});
+
+/**
+ * Return true if host is well-formed (RFC 1035)
+ */
+function isValidHostname(host) {
+  if (host && host.length > 0 && host.length <= 255 && host.indexOf("..") === -1) {
+    return true;
+  }
+  return false;
+}
+
+/**
+ * Return a list of wildcard expressions which support
+ * the host under HTTPS Everywhere's implementation
+ */
+function getWildcardExpressions(host) {
+  // Ensure host is well-formed (RFC 1035)
+  if (!isValidHostname(host)) {
+    return nullIterable;
+  }
+
+  // Ensure host does not contain a wildcard itself
+  if (host.indexOf("*") != -1) {
+    return nullIterable;
+  }
+
+  let results = [];
+
+  // Replace www.example.com with www.example.*
+  // eat away from the right for once and only once
+  let segmented = host.split(".");
+  if (segmented.length > 1) {
+    const tmp = [...segmented.slice(0, segmented.length - 1), "*"].join(".");
+    results.push(tmp);
+  }
+
+  // now eat away from the left, with *, so that for x.y.z.google.com we
+  // check *.y.z.google.com, *.z.google.com and *.google.com
+  for (let i = 1; i < segmented.length - 1; i++) {
+    const tmp = ["*", ...segmented.slice(i, segmented.length)].join(".");
+    results.push(tmp);
+  }
+  return results;
+}
+
+/**
+ * Convert an ArrayBuffer to string
+ *
+ * @param array: an ArrayBuffer to convert
+ */
+function ArrayBufferToString(ab) {
+  let array = new Uint8Array(ab);
+  let string = "";
+
+  for (let byte of array) {
+    string += String.fromCharCode(byte);
+  }
+
+  return string;
+}
+
+/**
+ * Convert a string to an ArrayBuffer
+ *
+ * @param string: a string to convert
+ */
+function StringToArrayBuffer(str) {
+  var byteArray = new Uint8Array(str.length);
+  for (var i = 0; i < str.length; i++) {
+    byteArray[i] = str.charCodeAt(i);
+  }
+  return byteArray;
+}
+
+
+Object.assign(exports, {
+  VERB,
+  DBUG,
+  INFO,
+  NOTE,
+  WARN,
+  log,
+  nullIterable,
+  isValidHostname,
+  getNormalisedHostname,
+  getWildcardExpressions,
+  setDefaultLogLevel,
+  getDefaultLogLevel,
+  loadExtensionFile,
+  ArrayBufferToString,
+  StringToArrayBuffer
+});
+
+})(typeof exports == 'undefined' ? require.scopes.util = {} : exports);
diff --git a/chromium/background-scripts/wasm.js b/chromium/background-scripts/wasm.js
new file mode 100644
index 000000000000..551b1d3ea672
--- /dev/null
+++ b/chromium/background-scripts/wasm.js
@@ -0,0 +1,27 @@
+"use strict";
+
+(function(exports) {
+
+const util = require('./util'),
+  { RuleSets, Bloom } = wasm_bindgen;
+
+async function initialize() {
+  try {
+    await wasm_bindgen(chrome.runtime.getURL('wasm/https_everywhere_lib_wasm_bg.wasm'));
+  } catch(e) {
+    util.log(util.WARN, 'The wasm library has not loaded correctly: ' + e);
+  }
+}
+
+function is_enabled() {
+  return true;
+}
+
+Object.assign(exports, {
+  initialize,
+  RuleSets,
+  Bloom,
+  is_enabled,
+});
+
+})(typeof exports == 'undefined' ? require.scopes.wasm = {} : exports);
diff --git a/chromium/background.js b/chromium/background.js
deleted file mode 100644
index c5a54d0ff660..000000000000
--- a/chromium/background.js
+++ /dev/null
@@ -1,287 +0,0 @@
-
-var all_rules = new RuleSets();
-var wr = chrome.webRequest;
-
-/*
-for (var v in localStorage) {
-  log(DBUG, "localStorage["+v+"]: "+localStorage[v]);
-}
-
-var rs = all_rules.potentiallyApplicableRulesets("www.google.com");
-for (r in rs) {
-  log(DBUG, rs[r].name +": "+ rs[r].active);
-  log(DBUG, rs[r].name +": "+ rs[r].default_state);
-}
-*/
-
-function displayPageAction(tabId) {
-  // Right now, the call to chrome.tabs.get creates
-  // a console error for a missing tab, even in a try/catch
-  // block. As it still provides a good test of whether a tab
-  // exists (if it does not then 'tab' in the callback is undefined)
-  // Reading forums on chrome extensions, it seems the only way
-  // to avoid a console error is to loop through all windows
-  // and explicitly check for the tabid in question. This seems
-  // expensive and not necessary so we are living with console errors
-  // of the form: "Error during tabs.get: No tab with id: 370"
-
-  if (tabId != -1 && this.activeRulesets.getRulesets(tabId)) {
-    chrome.tabs.get(tabId, function(tab) {
-      if(typeof(tab) == "undefined") {
-        log(DBUG, "Not a real tab. Skipping showing pageAction.");
-      }
-      else {
-        chrome.pageAction.show(tabId);
-      }
-    });
-  }
-}
-
-function AppliedRulesets() {
-  this.active_tab_rules = {};
-
-  var that = this;
-  chrome.tabs.onRemoved.addListener(function(tabId, info) {
-    that.removeTab(tabId);
-  });
-}
-
-AppliedRulesets.prototype = {
-  addRulesetToTab: function(tabId, ruleset) {
-    if (tabId in this.active_tab_rules) {
-      this.active_tab_rules[tabId][ruleset.name] = ruleset;
-    } else {
-      this.active_tab_rules[tabId] = {};
-      this.active_tab_rules[tabId][ruleset.name] = ruleset;
-    }
-  },
-
-  getRulesets: function(tabId) {
-    if (tabId in this.active_tab_rules)
-      return this.active_tab_rules[tabId];
-    else
-      return null;
-  },
-
-  removeTab: function(tabId) {
-    delete this.active_tab_rules[tabId];
-  }
-};
-
-// FIXME: change this name
-var activeRulesets = new AppliedRulesets();
-
-var urlBlacklist = {};
-var domainBlacklist = {};
-
-// redirect counter workaround
-// TODO: Remove this code if they ever give us a real counter
-var redirectCounter = {};
-
-function onBeforeRequest(details) {
-  // get URL into canonical format
-  // todo: check that this is enough
-  var tmpuri = new URI(details.url);
-
-  // Normalise hosts such as "www.example.com."
-  var tmphost = tmpuri.hostname();
-  if (tmphost.charAt(tmphost.length - 1) == ".") {
-    while (tmphost.charAt(tmphost.length - 1) == ".")
-      tmphost = tmphost.slice(0,-1);
-  }
-  tmpuri.hostname(tmphost);
-
-  // If there is a username / password, put them aside during the ruleset
-  // analysis process
-  var tmpuserinfo = tmpuri.userinfo();
-  tmpuri.userinfo('');
-
-  var canonical_url = tmpuri.toString();
-  if (details.url != canonical_url && tmpuserinfo === '') {
-    log(INFO, "Original url " + details.url + 
-        " changed before processing to " + canonical_url);
-  }
-  if (canonical_url in urlBlacklist) {
-    return;
-  }
-
-  var a = document.createElement("a");
-  a.href = canonical_url;
-
-  if (details.type == "main_frame") {
-    activeRulesets.removeTab(details.tabId);
-  }
-
-  if (details.requestId in redirectCounter) {
-    redirectCounter[details.requestId] += 1;
-    log(DBUG, "Got redirect id "+details.requestId+
-        ": "+redirectCounter[details.requestId]);
-  } else {
-    redirectCounter[details.requestId] = 0;
-  }
-
-  if (redirectCounter[details.requestId] > 9) {
-    log(NOTE, "Redirect counter hit for "+canonical_url);
-    urlBlacklist[canonical_url] = true;
-    var hostname = tmpuri.hostname();
-    domainBlacklist[hostname] = true;
-    log(WARN, "Domain blacklisted " + hostname);
-    return;
-  }
-
-  var newuristr = null;
-
-  var rs = all_rules.potentiallyApplicableRulesets(a.hostname);
-  for(var i = 0; i < rs.length; ++i) {
-    activeRulesets.addRulesetToTab(details.tabId, rs[i]);
-    if (rs[i].active && !newuristr)
-      newuristr = rs[i].apply(canonical_url);
-  }
-
-  displayPageAction(details.tabId);
-
-  if (newuristr) {
-    // re-insert userpass info which was stripped temporarily
-    // while rules were applied
-    var finaluri = new URI(newuristr);
-    finaluri.userinfo(tmpuserinfo);
-    var finaluristr = finaluri.toString();
-    log(DBUG, "Redirecting from "+a.href+" to "+finaluristr);
-    return {redirectUrl: finaluristr};
-  }
-}
-
-function onCookieChanged(changeInfo) {
-  if (!changeInfo.removed && !changeInfo.cookie.secure) {
-    if (all_rules.shouldSecureCookie(changeInfo.cookie, false)) {
-      var cookie = {name:changeInfo.cookie.name,value:changeInfo.cookie.value,
-                    domain:changeInfo.cookie.domain,path:changeInfo.cookie.path,
-                    httpOnly:changeInfo.cookie.httpOnly,
-                    expirationDate:changeInfo.cookie.expirationDate,
-                    storeId:changeInfo.cookie.storeId};
-      cookie.secure = true;
-      // FIXME: What is with this url noise? are we just supposed to lie?
-      if (cookie.domain[0] == ".") {
-        cookie.url = "https://www"+cookie.domain+cookie.path;
-      } else {
-        cookie.url = "https://"+cookie.domain+cookie.path;
-      }
-      // We get repeated events for some cookies because sites change their
-      // value repeatedly and remove the "secure" flag.
-      log(DBUG,
-       "Securing cookie "+cookie.name+" for "+cookie.domain+", was secure="+changeInfo.cookie.secure);
-      chrome.cookies.set(cookie);
-    }
-  }
-}
-
-// Check to see if a newly set cookie in an HTTP request should be secured
-function onHeadersReceived(details) {
-  var a = document.createElement("a");  // hack to parse URLs
-  a.href = details.url;                 //
-  var host = a.hostname;
-
-  // TODO: Verify this with wireshark
-  for (var h in details.responseHeaders) {
-    if (details.responseHeaders[h].name == "Set-Cookie") {
-      log(INFO,"Deciding whether to secure cookies in " + details.url);
-      var cookie = details.responseHeaders[h].value;
-
-      if (cookie.indexOf("; Secure") == -1) {
-        log(INFO, "Got insecure cookie header: "+cookie);
-        // Create a fake "nsICookie2"-ish object to pass in to our rule API:
-        var fake = {domain:host, name:cookie.split("=")[0]};
-        var ruleset = all_rules.shouldSecureCookie(fake, true);
-        if (ruleset) {
-          activeRulesets.addRulesetToTab(details.tabId, ruleset);
-          details.responseHeaders[h].value = cookie+"; Secure";
-          log(INFO, "Secured cookie: "+details.responseHeaders[h].value);
-        }
-      }
-    }
-  }
-
-  return {responseHeaders:details.responseHeaders};
-}
-
-// This event is needed due to the potential race between cookie permissions
-// update and cookie transmission, becuase the cookie API is non-blocking..
-// It would be less perf impact to have a blocking version of the cookie API
-// available instead.
-function onBeforeSendHeaders(details) {
-  // XXX this function appears to enforce something equivalent to the secure
-  // cookie flag by independent means.  Is that really what it's supposed to
-  // do?
-  var a = document.createElement("a");
-  a.href = details.url;
-  var host = a.hostname;
-
-  // TODO: Verify this with wireshark
-  for (var h in details.requestHeaders) {
-    if (details.requestHeaders[h].name == "Cookie") {
-      var newCookies = [];
-      var cookies = details.requestHeaders[h].value.split(";");
-
-      for (var c in cookies) {
-        // Create a fake "nsICookie2"-ish object to pass in to our rule API:
-        var fake = {domain:host, name:cookies[c].split("=")[0]};
-        // XXX I have no idea whether the knownHttp parameter should be true
-        // or false here.  We're supposedly inside a race condition or
-        // something, right?
-        var ruleset = all_rules.shouldSecureCookie(fake, false);
-        if (ruleset) {
-          activeRulesets.addRulesetToTab(details.tabId, ruleset);
-          log(INFO, "Woah, we lost the race on updating a cookie: "+details.requestHeaders[h].value);
-        } else {
-          newCookies.push(cookies[c]);
-        }
-      }
-      details.requestHeaders[h].value = newCookies.join(";");
-      log(DBUG, "Got new cookie header: "+details.requestHeaders[h].value);
-    }
-  }
-
-  return {requestHeaders:details.requestHeaders};
-}
-
-function onResponseStarted(details) {
-
-  // redirect counter workaround
-  // TODO: Remove this code if they ever give us a real counter
-  if (details.requestId in redirectCounter) {
-    delete redirectCounter[details.requestId];
-  }
-}
-
-function onErrorOccurred(details) {
-  displayPageAction(details.tabId);
-}
-
-function onCompleted(details) {
-  displayPageAction(details.tabId);
-}
-
-wr.onBeforeRequest.addListener(onBeforeRequest, {urls: ["https://*/*", "http://*/*"]}, ["blocking"]);
-
-// This watches cookies sent via HTTP.
-// We do *not* watch HTTPS cookies -- they're already being sent over HTTPS -- yay!
-wr.onBeforeSendHeaders.addListener(onBeforeSendHeaders, {urls: ["http://*/*"]},
-                                   ["requestHeaders", "blocking"]);
-
-// This parses HTTPS cookies and may set their secure flag.
-// We never do this for cookies set by HTTP.
-wr.onHeadersReceived.addListener(onHeadersReceived, {urls: ["https://*/*"]},
-                                    ["responseHeaders", "blocking"]);
-
-wr.onResponseStarted.addListener(onResponseStarted,
-                                 {urls: ["https://*/*", "http://*/*"]});
-wr.onErrorOccurred.addListener(onErrorOccurred,
-                               {urls: ["https://*/*", "http://*/*"]});
-wr.onCompleted.addListener(onCompleted,
-                           {urls: ["https://*/*", "http://*/*"]});
-
-chrome.tabs.onUpdated.addListener(function(tabId, changeInfo, tab) {
-    displayPageAction(tabId);
-});
-
-chrome.cookies.onChanged.addListener(onCookieChanged);
diff --git a/chromium/chrome-resources/css/chrome_shared.css b/chromium/chrome-resources/css/chrome_shared.css
deleted file mode 100644
index 3f1ebbd05bc8..000000000000
--- a/chromium/chrome-resources/css/chrome_shared.css
+++ /dev/null
@@ -1,106 +0,0 @@
-/* Copyright (c) 2012 The Chromium Authors. All rights reserved.
- * Use of this source code is governed by a BSD-style license that can be
- * found in the LICENSE file. */
-
-/* This file holds CSS that should be shared, in theory, by all user-visible
- * chrome:// pages. */
-
-@import url("widgets.css");
-<if expr="pp_ifdef('chromeos')">
-  @import url("chromeos/ui_account_tweaks.css");
-</if>
-
-/* Prevent CSS from overriding the hidden property. */
-[hidden] {
-  display: none !important;
-}
-
-html.loading * {
-  -webkit-transition-delay: 0 !important;
-  -webkit-transition-duration: 0 !important;
-}
-
-body {
-  cursor: default;
-  margin: 0;
-}
-
-p {
-  line-height: 1.8em;
-}
-
-h1,
-h2,
-h3 {
-  -webkit-user-select: none;
-  font-weight: normal;
-  /* Makes the vertical size of the text the same for all fonts. */
-  line-height: 1;
-}
-
-h1 {
-  font-size: 1.5em;
-}
-
-h2 {
-  font-size: 1.3em;
-  margin-bottom: 0.4em;
-}
-
-h3 {
-  color: black;
-  font-size: 1.2em;
-  margin-bottom: 0.8em;
-}
-
-a {
-  color: rgb(17, 85, 204);
-  text-decoration: underline;
-}
-
-a:active {
-  color: rgb(5, 37, 119);
-}
-
-/* Elements that need to be LTR even in an RTL context, but should align
- * right. (Namely, URLs, search engine names, etc.)
- */
-html[dir='rtl'] .weakrtl {
-  direction: ltr;
-  text-align: right;
-}
-
-/* Input fields in search engine table need to be weak-rtl. Since those input
- * fields are generated for all cr.ListItem elements (and we only want weakrtl
- * on some), the class needs to be on the enclosing div.
- */
-html[dir='rtl'] div.weakrtl input {
-  direction: ltr;
-  text-align: right;
-}
-
-html[dir='rtl'] .favicon-cell.weakrtl {
-  -webkit-padding-end: 22px;
-  -webkit-padding-start: 0;
-}
-
-/* weakrtl for selection drop downs needs to account for the fact that
- * Webkit does not honor the text-align attribute for the select element.
- * (See Webkit bug #40216)
- */
-html[dir='rtl'] select.weakrtl {
-  direction: rtl;
-}
-
-html[dir='rtl'] select.weakrtl option {
-  direction: ltr;
-}
-
-/* WebKit does not honor alignment for text specified via placeholder attribute.
- * This CSS is a workaround. Please remove once WebKit bug is fixed.
- * https://bugs.webkit.org/show_bug.cgi?id=63367
- */
-html[dir='rtl'] input.weakrtl::-webkit-input-placeholder,
-html[dir='rtl'] .weakrtl input::-webkit-input-placeholder {
-  direction: rtl;
-}
diff --git a/chromium/chrome-resources/css/widgets.css b/chromium/chrome-resources/css/widgets.css
deleted file mode 100644
index d319b049a7b1..000000000000
--- a/chromium/chrome-resources/css/widgets.css
+++ /dev/null
@@ -1,305 +0,0 @@
-/* Copyright (c) 2012 The Chromium Authors. All rights reserved.
- * Use of this source code is governed by a BSD-style license that can be
- * found in the LICENSE file. */
-
-/* This file defines styles for form controls. The order of rule blocks is
- * important as there are some rules with equal specificity that rely on order
- * as a tiebreaker. These are marked with OVERRIDE. */
-
-/* Default state **************************************************************/
-
-:-webkit-any(button,
-             input[type='button'],
-             input[type='submit']):not(.custom-appearance):not(.link-button),
-select,
-input[type='checkbox'],
-input[type='radio'] {
-  -webkit-appearance: none;
-  -webkit-user-select: none;
-  background-image: -webkit-linear-gradient(#ededed, #ededed 38%, #dedede);
-  border: 1px solid rgba(0, 0, 0, 0.25);
-  border-radius: 2px;
-  box-shadow: 0 1px 0 rgba(0, 0, 0, 0.08),
-      inset 0 1px 2px rgba(255, 255, 255, 0.75);
-  color: #444;
-  font: inherit;
-  margin: 0 1px 0 0;
-  text-shadow: 0 1px 0 rgb(240, 240, 240);
-}
-
-:-webkit-any(button,
-             input[type='button'],
-             input[type='submit']):not(.custom-appearance):not(.link-button),
-select {
-  min-height: 2em;
-  min-width: 4em;
-<if expr="is_win">
-  /* The following platform-specific rule is necessary to get adjacent
-   * buttons, text inputs, and so forth to align on their borders while also
-   * aligning on the text's baselines. */
-  padding-bottom: 1px;
-</if>
-}
-
-:-webkit-any(button,
-             input[type='button'],
-             input[type='submit']):not(.custom-appearance):not(.link-button) {
-  -webkit-padding-end: 10px;
-  -webkit-padding-start: 10px;
-}
-
-select {
-  -webkit-appearance: none;
-  -webkit-padding-end: 20px;
-  -webkit-padding-start: 6px;
-  /* OVERRIDE */
-  background-image: url('../images/select.png'),
-      -webkit-linear-gradient(#ededed, #ededed 38%, #dedede);
-  background-position: right center;
-  background-repeat: no-repeat;
-}
-
-html[dir='rtl'] select {
-  background-position: center left;
-}
-
-input[type='checkbox'] {
-  bottom: 2px;
-  height: 13px;
-  position: relative;
-  vertical-align: middle;
-  width: 13px;
-}
-
-input[type='radio'] {
-  /* OVERRIDE */
-  border-radius: 100%;
-  bottom: 3px;
-  height: 15px;
-  position: relative;
-  vertical-align: middle;
-  width: 15px;
-}
-
-/* TODO(estade): add more types here? */
-input[type='password'],
-input[type='search'],
-input[type='text'],
-input[type='url'],
-input:not([type]),
-textarea {
-  border: 1px solid #bfbfbf;
-  border-radius: 2px;
-  box-sizing: border-box;
-  color: #444;
-  font: inherit;
-  margin: 0;
-  /* Use min-height to accommodate addditional padding for touch as needed. */
-  min-height: 2em;
-  padding: 3px;
-<if expr="is_win or is_macosx">
-  /* For better alignment between adjacent buttons and inputs. */
-  padding-bottom: 4px;
-</if>
-}
-
-input[type='search'] {
-  -webkit-appearance: textfield;
-  /* NOTE: Keep a relatively high min-width for this so we don't obscure the end
-   * of the default text in relatively spacious languages (i.e. German). */
-  min-width: 160px;
-}
-
-/* Remove when https://bugs.webkit.org/show_bug.cgi?id=51499 is fixed.
- * TODO(dbeam): are there more types that would benefit from this? */
-input[type='search']::-webkit-textfield-decoration-container {
-  direction: inherit;
-}
-
-/* Checked ********************************************************************/
-
-input[type='checkbox']:checked::before {
-  -webkit-user-select: none;
-  background-image: url('../images/check.png');
-  background-size: 100% 100%;
-  content: '';
-  display: block;
-  height: 100%;
-  width: 100%;
-}
-
-input[type='radio']:checked::before {
-  background-color: #666;
-  border-radius: 100%;
-  bottom: 3px;
-  content: '';
-  display: block;
-  left: 3px;
-  position: absolute;
-  right: 3px;
-  top: 3px;
-}
-
-/* Hover **********************************************************************/
-
-:enabled:hover:-webkit-any(
-    select,
-    input[type='checkbox'],
-    input[type='radio'],
-    :-webkit-any(
-        button,
-        input[type='button'],
-        input[type='submit']):not(.custom-appearance):not(.link-button)) {
-  background-image: -webkit-linear-gradient(#f0f0f0, #f0f0f0 38%, #e0e0e0);
-  border-color: rgba(0, 0, 0, 0.3);
-  box-shadow: 0 1px 0 rgba(0, 0, 0, 0.12),
-      inset 0 1px 2px rgba(255, 255, 255, 0.95);
-  color: black;
-}
-
-:enabled:hover:-webkit-any(select) {
-  /* OVERRIDE */
-  background-image: url('../images/select.png'),
-      -webkit-linear-gradient(#f0f0f0, #f0f0f0 38%, #e0e0e0);
-}
-
-/* Active *********************************************************************/
-
-:enabled:active:-webkit-any(
-    select,
-    input[type='checkbox'],
-    input[type='radio'],
-    :-webkit-any(
-        button,
-        input[type='button'],
-        input[type='submit']):not(.custom-appearance):not(.link-button)) {
-  background-image: -webkit-linear-gradient(#e7e7e7, #e7e7e7 38%, #d7d7d7);
-  box-shadow: none;
-  text-shadow: none;
-}
-
-:enabled:active:-webkit-any(select) {
-  /* OVERRIDE */
-  background-image: url('../images/select.png'),
-      -webkit-linear-gradient(#e7e7e7, #e7e7e7 38%, #d7d7d7);
-}
-
-/* Disabled *******************************************************************/
-
-:disabled:-webkit-any(
-    button,
-    input[type='button'],
-    input[type='submit']):not(.custom-appearance):not(.link-button),
-select:disabled {
-  background-image: -webkit-linear-gradient(#f1f1f1, #f1f1f1 38%, #e6e6e6);
-  border-color: rgba(80, 80, 80, 0.2);
-  box-shadow: 0 1px 0 rgba(80, 80, 80, 0.08),
-      inset 0 1px 2px rgba(255, 255, 255, 0.75);
-  color: #aaa;
-}
-
-select:disabled {
-  /* OVERRIDE */
-  background-image: url('../images/disabled_select.png'),
-      -webkit-linear-gradient(#f1f1f1, #f1f1f1 38%, #e6e6e6);
-}
-
-input:disabled:-webkit-any([type='checkbox'],
-                           [type='radio']) {
-  opacity: .75;
-}
-
-input:disabled:-webkit-any([type='password'],
-                           [type='search'],
-                           [type='text'],
-                           [type='url'],
-                           :not([type])) {
-  color: #999;
-}
-
-/* Focus **********************************************************************/
-
-:enabled:focus:-webkit-any(
-    select,
-    input[type='checkbox'],
-    input[type='password'],
-    input[type='radio'],
-    input[type='search'],
-    input[type='text'],
-    input[type='url'],
-    input:not([type]),
-    :-webkit-any(
-         button,
-         input[type='button'],
-         input[type='submit']):not(.custom-appearance):not(.link-button)) {
-  /* OVERRIDE */
-  -webkit-transition: border-color 200ms;
-  /* We use border color because it follows the border radius (unlike outline).
-   * This is particularly noticeable on mac. */
-  border-color: rgb(77, 144, 254);
-  outline: none;
-}
-
-/* Link buttons ***************************************************************/
-
-.link-button {
-  -webkit-box-shadow: none;
-  background: transparent none;
-  border: none;
-  color: rgb(17, 85, 204);
-  cursor: pointer;
-  /* Input elements have -webkit-small-control which can override the body font.
-   * Resolve this by using 'inherit'. */
-  font: inherit;
-  margin: 0;
-  padding: 0 4px;
-}
-
-.link-button:hover {
-  text-decoration: underline;
-}
-
-.link-button:active {
-  color: rgb(5, 37, 119);
-  text-decoration: underline;
-}
-
-.link-button[disabled] {
-  color: #999;
-  cursor: default;
-  text-decoration: none;
-}
-
-/* Checkbox/radio helpers ******************************************************
- *
- * .checkbox and .radio classes wrap labels. Checkboxes and radios should use
- * these classes with the markup structure:
- *
- *   <div class="checkbox">
- *     <label>
- *       <input type="checkbox"></input>
- *       <span>
- *     </label>
- *   </div>
- */
-
-:-webkit-any(.checkbox, .radio) label {
-  /* Don't expand horizontally: <http://crbug.com/112091>. */
-  display: -webkit-inline-box;
-  padding-bottom: 7px;
-  padding-top: 7px;
-}
-
-:-webkit-any(.checkbox, .radio) label input ~ span {
-  -webkit-margin-start: 0.6em;
-  /* Make sure long spans wrap at the same horizontal position they start. */
-  display: block;
-}
-
-:-webkit-any(.checkbox, .radio) label:hover {
-  color: black;
-}
-
-label > input:disabled:-webkit-any([type='checkbox'], [type='radio']) ~ span {
-  color: #999;
-}
diff --git a/chromium/chrome-resources/images/check.png b/chromium/chrome-resources/images/check.png
deleted file mode 100644
index 02cb7552e71a..000000000000
Binary files a/chromium/chrome-resources/images/check.png and /dev/null differ
diff --git a/chromium/chrome-resources/update-from-chrome-svn.sh b/chromium/chrome-resources/update-from-chrome-svn.sh
deleted file mode 100755
index a5225ade2816..000000000000
--- a/chromium/chrome-resources/update-from-chrome-svn.sh
+++ /dev/null
@@ -1,13 +0,0 @@
-#!/bin/sh
-
-HOST='https://src.chromium.org'
-BASE='chrome/trunk/src/ui/webui/resources'
-FILES='
-css/chrome_shared.css
-css/widgets.css
-images/check.png'
-
-for FILE in $FILES; do
-	wget --force-directories --no-host-directories --cut-dirs=6 $HOST/$BASE/$FILE
-done
-
diff --git a/chromium/external/README.md b/chromium/external/README.md
new file mode 100644
index 000000000000..031cf55c1721
--- /dev/null
+++ b/chromium/external/README.md
@@ -0,0 +1,52 @@
+# External dependencies
+
+This directory contains files that are external dependencies for HTTPS Everywhere, with instructions on how to get or remake them.
+
+## CodeMirror 5.31.0
+
+```bash
+$ npm install uglify-js@3.1.9
+$ npm install uglifycss@0.0.27
+$ curl -o codemirror.zip https://codemirror.net/codemirror-5.31.0.zip
+$ unzip codemirror.zip
+```
+
+### codemirror-5.31.0.min.js
+
+```bash
+uglifyjs \
+  --compress \
+  --mangle \
+  --comments '/copyright|license/' \
+  --output codemirror-5.31.0.min.js \
+  codemirror-5.31.0/lib/codemirror.js
+```
+
+### codemirror-5.31.0.xml.min.js
+
+```bash
+uglifyjs \
+  --compress \
+  --mangle \
+  --comments '/copyright|license/' \
+  --output codemirror-5.31.0.xml.min.js \
+  codemirror-5.31.0/mode/xml/xml.js
+```
+
+### codemirror-5.31.0.min.css
+
+```bash
+uglifycss \
+  --output codemirror-5.31.0.min.css \
+  codemirror-5.31.0/lib/codemirror.css
+```
+
+## Pako 1.0.5
+
+`$ npm install pako@1.0.5`
+
+### pako_inflate.min.js
+
+```bash
+
+$ cp node_modules/pako/dist/pako_inflate.js pako-1.0.5/pako_inflate.min.js
diff --git a/chromium/external/codemirror/codemirror-5.31.0.min.css b/chromium/external/codemirror/codemirror-5.31.0.min.css
new file mode 100644
index 000000000000..762a5dde1e76
--- /dev/null
+++ b/chromium/external/codemirror/codemirror-5.31.0.min.css
@@ -0,0 +1 @@
+.CodeMirror{font-family:monospace;height:300px;color:black;direction:ltr}.CodeMirror-lines{padding:4px 0}.CodeMirror pre{padding:0 4px}.CodeMirror-scrollbar-filler,.CodeMirror-gutter-filler{background-color:white}.CodeMirror-gutters{border-right:1px solid #ddd;background-color:#f7f7f7;white-space:nowrap}.CodeMirror-linenumber{padding:0 3px 0 5px;min-width:20px;text-align:right;color:#999;white-space:nowrap}.CodeMirror-guttermarker{color:black}.CodeMirror-guttermarker-subtle{color:#999}.CodeMirror-cursor{border-left:1px solid black;border-right:0;width:0}.CodeMirror div.CodeMirror-secondarycursor{border-left:1px solid silver}.cm-fat-cursor .CodeMirror-cursor{width:auto;border:0 !important;background:#7e7}.cm-fat-cursor div.CodeMirror-cursors{z-index:1}.cm-fat-cursor-mark{background-color:rgba(20,255,20,0.5);-webkit-animation:blink 1.06s steps(1) infinite;-moz-animation:blink 1.06s steps(1) infinite;animation:blink 1.06s steps(1) infinite}.cm-animate-fat-cursor{width:auto;border:0;-webkit-animation:blink 1.06s steps(1) infinite;-moz-animation:blink 1.06s steps(1) infinite;animation:blink 1.06s steps(1) infinite;background-color:#7e7}@-moz-keyframes blink{50%{background-color:transparent}}@-webkit-keyframes blink{50%{background-color:transparent}}@keyframes blink{50%{background-color:transparent}}.cm-tab{display:inline-block;text-decoration:inherit}.CodeMirror-rulers{position:absolute;left:0;right:0;top:-50px;bottom:-20px;overflow:hidden}.CodeMirror-ruler{border-left:1px solid #ccc;top:0;bottom:0;position:absolute}.cm-s-default .cm-header{color:blue}.cm-s-default .cm-quote{color:#090}.cm-negative{color:#d44}.cm-positive{color:#292}.cm-header,.cm-strong{font-weight:bold}.cm-em{font-style:italic}.cm-link{text-decoration:underline}.cm-strikethrough{text-decoration:line-through}.cm-s-default .cm-keyword{color:#708}.cm-s-default .cm-atom{color:#219}.cm-s-default .cm-number{color:#164}.cm-s-default .cm-def{color:#00f}.cm-s-default .cm-variable-2{color:#05a}.cm-s-default .cm-variable-3,.cm-s-default .cm-type{color:#085}.cm-s-default .cm-comment{color:#a50}.cm-s-default .cm-string{color:#a11}.cm-s-default .cm-string-2{color:#f50}.cm-s-default .cm-meta{color:#555}.cm-s-default .cm-qualifier{color:#555}.cm-s-default .cm-builtin{color:#30a}.cm-s-default .cm-bracket{color:#997}.cm-s-default .cm-tag{color:#170}.cm-s-default .cm-attribute{color:#00c}.cm-s-default .cm-hr{color:#999}.cm-s-default .cm-link{color:#00c}.cm-s-default .cm-error{color:red}.cm-invalidchar{color:red}.CodeMirror-composing{border-bottom:2px solid}div.CodeMirror span.CodeMirror-matchingbracket{color:#0f0}div.CodeMirror span.CodeMirror-nonmatchingbracket{color:#f22}.CodeMirror-matchingtag{background:rgba(255,150,0,.3)}.CodeMirror-activeline-background{background:#e8f2ff}.CodeMirror{position:relative;overflow:hidden;background:white}.CodeMirror-scroll{overflow:scroll !important;margin-bottom:-30px;margin-right:-30px;padding-bottom:30px;height:100%;outline:0;position:relative}.CodeMirror-sizer{position:relative;border-right:30px solid transparent}.CodeMirror-vscrollbar,.CodeMirror-hscrollbar,.CodeMirror-scrollbar-filler,.CodeMirror-gutter-filler{position:absolute;z-index:6;display:none}.CodeMirror-vscrollbar{right:0;top:0;overflow-x:hidden;overflow-y:scroll}.CodeMirror-hscrollbar{bottom:0;left:0;overflow-y:hidden;overflow-x:scroll}.CodeMirror-scrollbar-filler{right:0;bottom:0}.CodeMirror-gutter-filler{left:0;bottom:0}.CodeMirror-gutters{position:absolute;left:0;top:0;min-height:100%;z-index:3}.CodeMirror-gutter{white-space:normal;height:100%;display:inline-block;vertical-align:top;margin-bottom:-30px}.CodeMirror-gutter-wrapper{position:absolute;z-index:4;background:none !important;border:none !important}.CodeMirror-gutter-background{position:absolute;top:0;bottom:0;z-index:4}.CodeMirror-gutter-elt{position:absolute;cursor:default;z-index:4}.CodeMirror-gutter-wrapper ::selection{background-color:transparent}.CodeMirror-gutter-wrapper ::-moz-selection{background-color:transparent}.CodeMirror-lines{cursor:text;min-height:1px}.CodeMirror pre{-moz-border-radius:0;-webkit-border-radius:0;border-radius:0;border-width:0;background:transparent;font-family:inherit;font-size:inherit;margin:0;white-space:pre;word-wrap:normal;line-height:inherit;color:inherit;z-index:2;position:relative;overflow:visible;-webkit-tap-highlight-color:transparent;-webkit-font-variant-ligatures:contextual;font-variant-ligatures:contextual}.CodeMirror-wrap pre{word-wrap:break-word;white-space:pre-wrap;word-break:normal}.CodeMirror-linebackground{position:absolute;left:0;right:0;top:0;bottom:0;z-index:0}.CodeMirror-linewidget{position:relative;z-index:2;overflow:auto}.CodeMirror-rtl pre{direction:rtl}.CodeMirror-code{outline:0}.CodeMirror-scroll,.CodeMirror-sizer,.CodeMirror-gutter,.CodeMirror-gutters,.CodeMirror-linenumber{-moz-box-sizing:content-box;box-sizing:content-box}.CodeMirror-measure{position:absolute;width:100%;height:0;overflow:hidden;visibility:hidden}.CodeMirror-cursor{position:absolute;pointer-events:none}.CodeMirror-measure pre{position:static}div.CodeMirror-cursors{visibility:hidden;position:relative;z-index:3}div.CodeMirror-dragcursors{visibility:visible}.CodeMirror-focused div.CodeMirror-cursors{visibility:visible}.CodeMirror-selected{background:#d9d9d9}.CodeMirror-focused .CodeMirror-selected{background:#d7d4f0}.CodeMirror-crosshair{cursor:crosshair}.CodeMirror-line::selection,.CodeMirror-line>span::selection,.CodeMirror-line>span>span::selection{background:#d7d4f0}.CodeMirror-line::-moz-selection,.CodeMirror-line>span::-moz-selection,.CodeMirror-line>span>span::-moz-selection{background:#d7d4f0}.cm-searching{background-color:#ffa;background-color:rgba(255,255,0,.4)}.cm-force-border{padding-right:.1px}@media print{.CodeMirror div.CodeMirror-cursors{visibility:hidden}}.cm-tab-wrap-hack:after{content:''}span.CodeMirror-selectedtext{background:0}
\ No newline at end of file
diff --git a/chromium/external/codemirror/codemirror-5.31.0.min.js b/chromium/external/codemirror/codemirror-5.31.0.min.js
new file mode 100644
index 000000000000..b3c040158f9f
--- /dev/null
+++ b/chromium/external/codemirror/codemirror-5.31.0.min.js
@@ -0,0 +1,3 @@
+// CodeMirror, copyright (c) by Marijn Haverbeke and others
+// Distributed under an MIT license: http://codemirror.net/LICENSE
+!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?module.exports=t():"function"==typeof define&&define.amd?define(t):e.CodeMirror=t()}(this,function(){"use strict";function e(e){return new RegExp("(^|\\s)"+e+"(?:$|\\s)\\s*")}function t(e){for(var t=e.childNodes.length;t>0;--t)e.removeChild(e.firstChild);return e}function r(e,r){return t(e).appendChild(r)}function n(e,t,r,n){var i=document.createElement(e);if(r&&(i.className=r),n&&(i.style.cssText=n),"string"==typeof t)i.appendChild(document.createTextNode(t));else if(t)for(var o=0;o<t.length;++o)i.appendChild(t[o]);return i}function i(e,t,r,i){var o=n(e,t,r,i);return o.setAttribute("role","presentation"),o}function o(e,t){if(3==t.nodeType&&(t=t.parentNode),e.contains)return e.contains(t);do{if(11==t.nodeType&&(t=t.host),t==e)return!0}while(t=t.parentNode)}function l(){var e;try{e=document.activeElement}catch(t){e=document.body||null}for(;e&&e.shadowRoot&&e.shadowRoot.activeElement;)e=e.shadowRoot.activeElement;return e}function s(t,r){var n=t.className;e(r).test(n)||(t.className+=(n?" ":"")+r)}function a(t,r){for(var n=t.split(" "),i=0;i<n.length;i++)n[i]&&!e(n[i]).test(r)&&(r+=" "+n[i]);return r}function u(e){var t=Array.prototype.slice.call(arguments,1);return function(){return e.apply(null,t)}}function c(e,t,r){t||(t={});for(var n in e)!e.hasOwnProperty(n)||!1===r&&t.hasOwnProperty(n)||(t[n]=e[n]);return t}function h(e,t,r,n,i){null==t&&-1==(t=e.search(/[^\s\u00a0]/))&&(t=e.length);for(var o=n||0,l=i||0;;){var s=e.indexOf("\t",o);if(s<0||s>=t)return l+(t-o);l+=s-o,l+=r-l%r,o=s+1}}function f(e,t){for(var r=0;r<e.length;++r)if(e[r]==t)return r;return-1}function d(e,t,r){for(var n=0,i=0;;){var o=e.indexOf("\t",n);-1==o&&(o=e.length);var l=o-n;if(o==e.length||i+l>=t)return n+Math.min(l,t-i);if(i+=o-n,i+=r-i%r,n=o+1,i>=t)return n}}function p(e){for(;wo.length<=e;)wo.push(g(wo)+" ");return wo[e]}function g(e){return e[e.length-1]}function v(e,t){for(var r=[],n=0;n<e.length;n++)r[n]=t(e[n],n);return r}function m(){}function y(e,t){var r;return Object.create?r=Object.create(e):(m.prototype=e,r=new m),t&&c(t,r),r}function b(e){return/\w/.test(e)||e>"€"&&(e.toUpperCase()!=e.toLowerCase()||xo.test(e))}function w(e,t){return t?!!(t.source.indexOf("\\w")>-1&&b(e))||t.test(e):b(e)}function x(e){for(var t in e)if(e.hasOwnProperty(t)&&e[t])return!1;return!0}function C(e){return e.charCodeAt(0)>=768&&Co.test(e)}function S(e,t,r){for(;(r<0?t>0:t<e.length)&&C(e.charAt(t));)t+=r;return t}function L(e,t,r){for(var n=t>r?-1:1;;){if(t==r)return t;var i=(t+r)/2,o=n<0?Math.ceil(i):Math.floor(i);if(o==t)return e(o)?t:r;e(o)?r=o:t=o+n}}function k(e,t){if((t-=e.first)<0||t>=e.size)throw new Error("There is no line "+(t+e.first)+" in the document.");for(var r=e;!r.lines;)for(var n=0;;++n){var i=r.children[n],o=i.chunkSize();if(t<o){r=i;break}t-=o}return r.lines[t]}function T(e,t,r){var n=[],i=t.line;return e.iter(t.line,r.line+1,function(e){var o=e.text;i==r.line&&(o=o.slice(0,r.ch)),i==t.line&&(o=o.slice(t.ch)),n.push(o),++i}),n}function M(e,t,r){var n=[];return e.iter(t,r,function(e){n.push(e.text)}),n}function N(e,t){var r=t-e.height;if(r)for(var n=e;n;n=n.parent)n.height+=r}function O(e){if(null==e.parent)return null;for(var t=e.parent,r=f(t.lines,e),n=t.parent;n;t=n,n=n.parent)for(var i=0;n.children[i]!=t;++i)r+=n.children[i].chunkSize();return r+t.first}function A(e,t){var r=e.first;e:do{for(var n=0;n<e.children.length;++n){var i=e.children[n],o=i.height;if(t<o){e=i;continue e}t-=o,r+=i.chunkSize()}return r}while(!e.lines);for(var l=0;l<e.lines.length;++l){var s=e.lines[l].height;if(t<s)break;t-=s}return r+l}function W(e,t){return t>=e.first&&t<e.first+e.size}function D(e,t){return String(e.lineNumberFormatter(t+e.firstLineNumber))}function H(e,t,r){if(void 0===r&&(r=null),!(this instanceof H))return new H(e,t,r);this.line=e,this.ch=t,this.sticky=r}function F(e,t){return e.line-t.line||e.ch-t.ch}function P(e,t){return e.sticky==t.sticky&&0==F(e,t)}function E(e){return H(e.line,e.ch)}function z(e,t){return F(e,t)<0?t:e}function I(e,t){return F(e,t)<0?e:t}function R(e,t){return Math.max(e.first,Math.min(t,e.first+e.size-1))}function B(e,t){if(t.line<e.first)return H(e.first,0);var r=e.first+e.size-1;return t.line>r?H(r,k(e,r).text.length):function(e,t){var r=e.ch;return null==r||r>t?H(e.line,t):r<0?H(e.line,0):e}(t,k(e,t.line).text.length)}function G(e,t){for(var r=[],n=0;n<t.length;n++)r[n]=B(e,t[n]);return r}function U(e,t,r){this.marker=e,this.from=t,this.to=r}function V(e,t){if(e)for(var r=0;r<e.length;++r){var n=e[r];if(n.marker==t)return n}}function K(e,t){for(var r,n=0;n<e.length;++n)e[n]!=t&&(r||(r=[])).push(e[n]);return r}function j(e,t){if(t.full)return null;var r=W(e,t.from.line)&&k(e,t.from.line).markedSpans,n=W(e,t.to.line)&&k(e,t.to.line).markedSpans;if(!r&&!n)return null;var i=t.from.ch,o=t.to.ch,l=0==F(t.from,t.to),s=function(e,t,r){var n;if(e)for(var i=0;i<e.length;++i){var o=e[i],l=o.marker;if(null==o.from||(l.inclusiveLeft?o.from<=t:o.from<t)||o.from==t&&"bookmark"==l.type&&(!r||!o.marker.insertLeft)){var s=null==o.to||(l.inclusiveRight?o.to>=t:o.to>t);(n||(n=[])).push(new U(l,o.from,s?null:o.to))}}return n}(r,i,l),a=function(e,t,r){var n;if(e)for(var i=0;i<e.length;++i){var o=e[i],l=o.marker;if(null==o.to||(l.inclusiveRight?o.to>=t:o.to>t)||o.from==t&&"bookmark"==l.type&&(!r||o.marker.insertLeft)){var s=null==o.from||(l.inclusiveLeft?o.from<=t:o.from<t);(n||(n=[])).push(new U(l,s?null:o.from-t,null==o.to?null:o.to-t))}}return n}(n,o,l),u=1==t.text.length,c=g(t.text).length+(u?i:0);if(s)for(var h=0;h<s.length;++h){var f=s[h];if(null==f.to){var d=V(a,f.marker);d?u&&(f.to=null==d.to?null:d.to+c):f.to=i}}if(a)for(var p=0;p<a.length;++p){var v=a[p];if(null!=v.to&&(v.to+=c),null==v.from){V(s,v.marker)||(v.from=c,u&&(s||(s=[])).push(v))}else v.from+=c,u&&(s||(s=[])).push(v)}s&&(s=X(s)),a&&a!=s&&(a=X(a));var m=[s];if(!u){var y,b=t.text.length-2;if(b>0&&s)for(var w=0;w<s.length;++w)null==s[w].to&&(y||(y=[])).push(new U(s[w].marker,null,null));for(var x=0;x<b;++x)m.push(y);m.push(a)}return m}function X(e){for(var t=0;t<e.length;++t){var r=e[t];null!=r.from&&r.from==r.to&&!1!==r.marker.clearWhenEmpty&&e.splice(t--,1)}return e.length?e:null}function Y(e){var t=e.markedSpans;if(t){for(var r=0;r<t.length;++r)t[r].marker.detachLine(e);e.markedSpans=null}}function _(e,t){if(t){for(var r=0;r<t.length;++r)t[r].marker.attachLine(e);e.markedSpans=t}}function $(e){return e.inclusiveLeft?-1:0}function q(e){return e.inclusiveRight?1:0}function Z(e,t){var r=e.lines.length-t.lines.length;if(0!=r)return r;var n=e.find(),i=t.find(),o=F(n.from,i.from)||$(e)-$(t);if(o)return-o;var l=F(n.to,i.to)||q(e)-q(t);return l||t.id-e.id}function Q(e,t){var r,n=Lo&&e.markedSpans;if(n)for(var i=void 0,o=0;o<n.length;++o)(i=n[o]).marker.collapsed&&null==(t?i.from:i.to)&&(!r||Z(r,i.marker)<0)&&(r=i.marker);return r}function J(e){return Q(e,!0)}function ee(e){return Q(e,!1)}function te(e,t,r,n,i){var o=k(e,t),l=Lo&&o.markedSpans;if(l)for(var s=0;s<l.length;++s){var a=l[s];if(a.marker.collapsed){var u=a.marker.find(0),c=F(u.from,r)||$(a.marker)-$(i),h=F(u.to,n)||q(a.marker)-q(i);if(!(c>=0&&h<=0||c<=0&&h>=0)&&(c<=0&&(a.marker.inclusiveRight&&i.inclusiveLeft?F(u.to,r)>=0:F(u.to,r)>0)||c>=0&&(a.marker.inclusiveRight&&i.inclusiveLeft?F(u.from,n)<=0:F(u.from,n)<0)))return!0}}}function re(e){for(var t;t=J(e);)e=t.find(-1,!0).line;return e}function ne(e,t){var r=k(e,t),n=re(r);return r==n?t:O(n)}function ie(e,t){if(t>e.lastLine())return t;var r,n=k(e,t);if(!oe(e,n))return t;for(;r=ee(n);)n=r.find(1,!0).line;return O(n)+1}function oe(e,t){var r=Lo&&t.markedSpans;if(r)for(var n=void 0,i=0;i<r.length;++i)if((n=r[i]).marker.collapsed){if(null==n.from)return!0;if(!n.marker.widgetNode&&0==n.from&&n.marker.inclusiveLeft&&le(e,t,n))return!0}}function le(e,t,r){if(null==r.to){var n=r.marker.find(1,!0);return le(e,n.line,V(n.line.markedSpans,r.marker))}if(r.marker.inclusiveRight&&r.to==t.text.length)return!0;for(var i=void 0,o=0;o<t.markedSpans.length;++o)if((i=t.markedSpans[o]).marker.collapsed&&!i.marker.widgetNode&&i.from==r.to&&(null==i.to||i.to!=r.from)&&(i.marker.inclusiveLeft||r.marker.inclusiveRight)&&le(e,t,i))return!0}function se(e){for(var t=0,r=(e=re(e)).parent,n=0;n<r.lines.length;++n){var i=r.lines[n];if(i==e)break;t+=i.height}for(var o=r.parent;o;r=o,o=r.parent)for(var l=0;l<o.children.length;++l){var s=o.children[l];if(s==r)break;t+=s.height}return t}function ae(e){if(0==e.height)return 0;for(var t,r=e.text.length,n=e;t=J(n);){var i=t.find(0,!0);n=i.from.line,r+=i.from.ch-i.to.ch}for(n=e;t=ee(n);){var o=t.find(0,!0);r-=n.text.length-o.from.ch,r+=(n=o.to.line).text.length-o.to.ch}return r}function ue(e){var t=e.display,r=e.doc;t.maxLine=k(r,r.first),t.maxLineLength=ae(t.maxLine),t.maxLineChanged=!0,r.iter(function(e){var r=ae(e);r>t.maxLineLength&&(t.maxLineLength=r,t.maxLine=e)})}function ce(e,t,r){var n;ko=null;for(var i=0;i<e.length;++i){var o=e[i];if(o.from<t&&o.to>t)return i;o.to==t&&(o.from!=o.to&&"before"==r?n=i:ko=i),o.from==t&&(o.from!=o.to&&"before"!=r?n=i:ko=i)}return null!=n?n:ko}function he(e,t){var r=e.order;return null==r&&(r=e.order=To(e.text,t)),r}function fe(e,t){return e._handlers&&e._handlers[t]||Mo}function de(e,t,r){if(e.removeEventListener)e.removeEventListener(t,r,!1);else if(e.detachEvent)e.detachEvent("on"+t,r);else{var n=e._handlers,i=n&&n[t];if(i){var o=f(i,r);o>-1&&(n[t]=i.slice(0,o).concat(i.slice(o+1)))}}}function pe(e,t){var r=fe(e,t);if(r.length)for(var n=Array.prototype.slice.call(arguments,2),i=0;i<r.length;++i)r[i].apply(null,n)}function ge(e,t,r){return"string"==typeof t&&(t={type:t,preventDefault:function(){this.defaultPrevented=!0}}),pe(e,r||t.type,e,t),xe(t)||t.codemirrorIgnore}function ve(e){var t=e._handlers&&e._handlers.cursorActivity;if(t)for(var r=e.curOp.cursorActivityHandlers||(e.curOp.cursorActivityHandlers=[]),n=0;n<t.length;++n)-1==f(r,t[n])&&r.push(t[n])}function me(e,t){return fe(e,t).length>0}function ye(e){e.prototype.on=function(e,t){No(this,e,t)},e.prototype.off=function(e,t){de(this,e,t)}}function be(e){e.preventDefault?e.preventDefault():e.returnValue=!1}function we(e){e.stopPropagation?e.stopPropagation():e.cancelBubble=!0}function xe(e){return null!=e.defaultPrevented?e.defaultPrevented:0==e.returnValue}function Ce(e){be(e),we(e)}function Se(e){return e.target||e.srcElement}function Le(e){var t=e.which;return null==t&&(1&e.button?t=1:2&e.button?t=3:4&e.button&&(t=2)),ro&&e.ctrlKey&&1==t&&(t=3),t}function ke(e){if(null==fo){var t=n("span","​");r(e,n("span",[t,document.createTextNode("x")])),0!=e.firstChild.offsetHeight&&(fo=t.offsetWidth<=1&&t.offsetHeight>2&&!(Ki&&ji<8))}var i=fo?n("span","​"):n("span"," ",null,"display: inline-block; width: 1px; margin-right: -1px");return i.setAttribute("cm-text",""),i}function Te(e){if(null!=po)return po;var n=r(e,document.createTextNode("AخA")),i=lo(n,0,1).getBoundingClientRect(),o=lo(n,1,2).getBoundingClientRect();return t(e),!(!i||i.left==i.right)&&(po=o.right-i.right<3)}function Me(e){if("string"==typeof e&&Po.hasOwnProperty(e))e=Po[e];else if(e&&"string"==typeof e.name&&Po.hasOwnProperty(e.name)){var t=Po[e.name];"string"==typeof t&&(t={name:t}),(e=y(t,e)).name=t.name}else{if("string"==typeof e&&/^[\w\-]+\/[\w\-]+\+xml$/.test(e))return Me("application/xml");if("string"==typeof e&&/^[\w\-]+\/[\w\-]+\+json$/.test(e))return Me("application/json")}return"string"==typeof e?{name:e}:e||{name:"null"}}function Ne(e,t){t=Me(t);var r=Fo[t.name];if(!r)return Ne(e,"text/plain");var n=r(e,t);if(Eo.hasOwnProperty(t.name)){var i=Eo[t.name];for(var o in i)i.hasOwnProperty(o)&&(n.hasOwnProperty(o)&&(n["_"+o]=n[o]),n[o]=i[o])}if(n.name=t.name,t.helperType&&(n.helperType=t.helperType),t.modeProps)for(var l in t.modeProps)n[l]=t.modeProps[l];return n}function Oe(e,t){c(t,Eo.hasOwnProperty(e)?Eo[e]:Eo[e]={})}function Ae(e,t){if(!0===t)return t;if(e.copyState)return e.copyState(t);var r={};for(var n in t){var i=t[n];i instanceof Array&&(i=i.concat([])),r[n]=i}return r}function We(e,t){for(var r;e.innerMode&&(r=e.innerMode(t))&&r.mode!=e;)t=r.state,e=r.mode;return r||{mode:e,state:t}}function De(e,t,r){return!e.startState||e.startState(t,r)}function He(e,t,r,n){var i=[e.state.modeGen],o={};Ge(e,t.text,e.doc.mode,r,function(e,t){return i.push(e,t)},o,n);for(var l=r.state,s=function(n){r.baseTokens=i;var s=e.state.overlays[n],a=1,u=0;r.state=!0,Ge(e,t.text,s.mode,r,function(e,t){for(var r=a;u<e;){var n=i[a];n>e&&i.splice(a,1,e,i[a+1],n),a+=2,u=Math.min(e,n)}if(t)if(s.opaque)i.splice(r,a-r,e,"overlay "+t),a=r+2;else for(;r<a;r+=2){var o=i[r+1];i[r+1]=(o?o+" ":"")+"overlay "+t}},o),r.state=l,r.baseTokens=null,r.baseTokenPos=1},a=0;a<e.state.overlays.length;++a)s(a);return{styles:i,classes:o.bgClass||o.textClass?o:null}}function Fe(e,t,r){if(!t.styles||t.styles[0]!=e.state.modeGen){var n=Pe(e,O(t)),i=t.text.length>e.options.maxHighlightLength&&Ae(e.doc.mode,n.state),o=He(e,t,n);i&&(n.state=i),t.stateAfter=n.save(!i),t.styles=o.styles,o.classes?t.styleClasses=o.classes:t.styleClasses&&(t.styleClasses=null),r===e.doc.highlightFrontier&&(e.doc.modeFrontier=Math.max(e.doc.modeFrontier,++e.doc.highlightFrontier))}return t.styles}function Pe(e,t,r){var n=e.doc,i=e.display;if(!n.mode.startState)return new Ro(n,!0,t);var o=function(e,t,r){for(var n,i,o=e.doc,l=r?-1:t-(e.doc.mode.innerMode?1e3:100),s=t;s>l;--s){if(s<=o.first)return o.first;var a=k(o,s-1),u=a.stateAfter;if(u&&(!r||s+(u instanceof Io?u.lookAhead:0)<=o.modeFrontier))return s;var c=h(a.text,null,e.options.tabSize);(null==i||n>c)&&(i=s-1,n=c)}return i}(e,t,r),l=o>n.first&&k(n,o-1).stateAfter,s=l?Ro.fromSaved(n,l,o):new Ro(n,De(n.mode),o);return n.iter(o,t,function(r){Ee(e,r.text,s);var n=s.line;r.stateAfter=n==t-1||n%5==0||n>=i.viewFrom&&n<i.viewTo?s.save():null,s.nextLine()}),r&&(n.modeFrontier=s.line),s}function Ee(e,t,r,n){var i=e.doc.mode,o=new zo(t,e.options.tabSize,r);for(o.start=o.pos=n||0,""==t&&ze(i,r.state);!o.eol();)Ie(i,o,r.state),o.start=o.pos}function ze(e,t){if(e.blankLine)return e.blankLine(t);if(e.innerMode){var r=We(e,t);return r.mode.blankLine?r.mode.blankLine(r.state):void 0}}function Ie(e,t,r,n){for(var i=0;i<10;i++){n&&(n[0]=We(e,r).mode);var o=e.token(t,r);if(t.pos>t.start)return o}throw new Error("Mode "+e.name+" failed to advance stream.")}function Re(e,t,r,n){var i,o,l=e.doc,s=l.mode,a=k(l,(t=B(l,t)).line),u=Pe(e,t.line,r),c=new zo(a.text,e.options.tabSize,u);for(n&&(o=[]);(n||c.pos<t.ch)&&!c.eol();)c.start=c.pos,i=Ie(s,c,u.state),n&&o.push(new Bo(c,i,Ae(l.mode,u.state)));return n?o:new Bo(c,i,u.state)}function Be(e,t){if(e)for(;;){var r=e.match(/(?:^|\s+)line-(background-)?(\S+)/);if(!r)break;e=e.slice(0,r.index)+e.slice(r.index+r[0].length);var n=r[1]?"bgClass":"textClass";null==t[n]?t[n]=r[2]:new RegExp("(?:^|s)"+r[2]+"(?:$|s)").test(t[n])||(t[n]+=" "+r[2])}return e}function Ge(e,t,r,n,i,o,l){var s=r.flattenSpans;null==s&&(s=e.options.flattenSpans);var a,u=0,c=null,h=new zo(t,e.options.tabSize,n),f=e.options.addModeClass&&[null];for(""==t&&Be(ze(r,n.state),o);!h.eol();){if(h.pos>e.options.maxHighlightLength?(s=!1,l&&Ee(e,t,n,h.pos),h.pos=t.length,a=null):a=Be(Ie(r,h,n.state,f),o),f){var d=f[0].name;d&&(a="m-"+(a?d+" "+a:d))}if(!s||c!=a){for(;u<h.start;)i(u=Math.min(h.start,u+5e3),c);c=a}h.start=h.pos}for(;u<h.pos;){var p=Math.min(h.pos,u+5e3);i(p,c),u=p}}function Ue(e){e.parent=null,Y(e)}function Ve(e,t){if(!e||/^\s*$/.test(e))return null;var r=t.addModeClass?Ko:Vo;return r[e]||(r[e]=e.replace(/\S+/g,"cm-$&"))}function Ke(e,t){var r=i("span",null,null,Xi?"padding-right: .1px":null),n={pre:i("pre",[r],"CodeMirror-line"),content:r,col:0,pos:0,cm:e,trailingSpace:!1,splitSpaces:(Ki||Xi)&&e.getOption("lineWrapping")};t.measure={};for(var o=0;o<=(t.rest?t.rest.length:0);o++){var l=o?t.rest[o-1]:t.line,s=void 0;n.pos=0,n.addToken=Xe,Te(e.display.measure)&&(s=he(l,e.doc.direction))&&(n.addToken=function(e,t){return function(r,n,i,o,l,s,a){i=i?i+" cm-force-border":"cm-force-border";for(var u=r.pos,c=u+n.length;;){for(var h=void 0,f=0;f<t.length&&!((h=t[f]).to>u&&h.from<=u);f++);if(h.to>=c)return e(r,n,i,o,l,s,a);e(r,n.slice(0,h.to-u),i,o,null,s,a),o=null,n=n.slice(h.to-u),u=h.to}}}(n.addToken,s)),n.map=[];!function(e,t,r){var n=e.markedSpans,i=e.text,o=0;if(!n){for(var l=1;l<r.length;l+=2)t.addToken(t,i.slice(o,o=r[l]),Ve(r[l+1],t.cm.options));return}for(var s,a,u,c,h,f,d,p=i.length,g=0,v=1,m="",y=0;;){if(y==g){u=c=h=f=a="",d=null,y=1/0;for(var b=[],w=void 0,x=0;x<n.length;++x){var C=n[x],S=C.marker;"bookmark"==S.type&&C.from==g&&S.widgetNode?b.push(S):C.from<=g&&(null==C.to||C.to>g||S.collapsed&&C.to==g&&C.from==g)?(null!=C.to&&C.to!=g&&y>C.to&&(y=C.to,c=""),S.className&&(u+=" "+S.className),S.css&&(a=(a?a+";":"")+S.css),S.startStyle&&C.from==g&&(h+=" "+S.startStyle),S.endStyle&&C.to==y&&(w||(w=[])).push(S.endStyle,C.to),S.title&&!f&&(f=S.title),S.collapsed&&(!d||Z(d.marker,S)<0)&&(d=C)):C.from>g&&y>C.from&&(y=C.from)}if(w)for(var L=0;L<w.length;L+=2)w[L+1]==y&&(c+=" "+w[L]);if(!d||d.from==g)for(var k=0;k<b.length;++k)Ye(t,0,b[k]);if(d&&(d.from||0)==g){if(Ye(t,(null==d.to?p+1:d.to)-g,d.marker,null==d.from),null==d.to)return;d.to==g&&(d=!1)}}if(g>=p)break;for(var T=Math.min(p,y);;){if(m){var M=g+m.length;if(!d){var N=M>T?m.slice(0,T-g):m;t.addToken(t,N,s?s+u:u,h,g+N.length==y?c:"",f,a)}if(M>=T){m=m.slice(T-g),g=T;break}g=M,h=""}m=i.slice(o,o=r[v++]),s=Ve(r[v++],t.cm.options)}}}(l,n,Fe(e,l,t!=e.display.externalMeasured&&O(l))),l.styleClasses&&(l.styleClasses.bgClass&&(n.bgClass=a(l.styleClasses.bgClass,n.bgClass||"")),l.styleClasses.textClass&&(n.textClass=a(l.styleClasses.textClass,n.textClass||""))),0==n.map.length&&n.map.push(0,0,n.content.appendChild(ke(e.display.measure))),0==o?(t.measure.map=n.map,t.measure.cache={}):((t.measure.maps||(t.measure.maps=[])).push(n.map),(t.measure.caches||(t.measure.caches=[])).push({}))}if(Xi){var u=n.content.lastChild;(/\bcm-tab\b/.test(u.className)||u.querySelector&&u.querySelector(".cm-tab"))&&(n.content.className="cm-tab-wrap-hack")}return pe(e,"renderLine",e,t.line,n.pre),n.pre.className&&(n.textClass=a(n.pre.className,n.textClass||"")),n}function je(e){var t=n("span","•","cm-invalidchar");return t.title="\\u"+e.charCodeAt(0).toString(16),t.setAttribute("aria-label",t.title),t}function Xe(e,t,r,i,o,l,s){if(t){var a,u=e.splitSpaces?function(e,t){if(e.length>1&&!/  /.test(e))return e;for(var r=t,n="",i=0;i<e.length;i++){var o=e.charAt(i);" "!=o||!r||i!=e.length-1&&32!=e.charCodeAt(i+1)||(o=" "),n+=o,r=" "==o}return n}(t,e.trailingSpace):t,c=e.cm.state.specialChars,h=!1;if(c.test(t)){a=document.createDocumentFragment();for(var f=0;;){c.lastIndex=f;var d=c.exec(t),g=d?d.index-f:t.length-f;if(g){var v=document.createTextNode(u.slice(f,f+g));Ki&&ji<9?a.appendChild(n("span",[v])):a.appendChild(v),e.map.push(e.pos,e.pos+g,v),e.col+=g,e.pos+=g}if(!d)break;f+=g+1;var m=void 0;if("\t"==d[0]){var y=e.cm.options.tabSize,b=y-e.col%y;(m=a.appendChild(n("span",p(b),"cm-tab"))).setAttribute("role","presentation"),m.setAttribute("cm-text","\t"),e.col+=b}else"\r"==d[0]||"\n"==d[0]?((m=a.appendChild(n("span","\r"==d[0]?"␍":"␤","cm-invalidchar"))).setAttribute("cm-text",d[0]),e.col+=1):((m=e.cm.options.specialCharPlaceholder(d[0])).setAttribute("cm-text",d[0]),Ki&&ji<9?a.appendChild(n("span",[m])):a.appendChild(m),e.col+=1);e.map.push(e.pos,e.pos+1,m),e.pos++}}else e.col+=t.length,a=document.createTextNode(u),e.map.push(e.pos,e.pos+t.length,a),Ki&&ji<9&&(h=!0),e.pos+=t.length;if(e.trailingSpace=32==u.charCodeAt(t.length-1),r||i||o||h||s){var w=r||"";i&&(w+=i),o&&(w+=o);var x=n("span",[a],w,s);return l&&(x.title=l),e.content.appendChild(x)}e.content.appendChild(a)}}function Ye(e,t,r,n){var i=!n&&r.widgetNode;i&&e.map.push(e.pos,e.pos+t,i),!n&&e.cm.display.input.needsContentAttribute&&(i||(i=e.content.appendChild(document.createElement("span"))),i.setAttribute("cm-marker",r.id)),i&&(e.cm.display.input.setUneditable(i),e.content.appendChild(i)),e.pos+=t,e.trailingSpace=!1}function _e(e,t,r){this.line=t,this.rest=function(e){for(var t,r;t=ee(e);)e=t.find(1,!0).line,(r||(r=[])).push(e);return r}(t),this.size=this.rest?O(g(this.rest))-r+1:1,this.node=this.text=null,this.hidden=oe(e,t)}function $e(e,t,r){for(var n,i=[],o=t;o<r;o=n){var l=new _e(e.doc,k(e.doc,o),o);n=o+l.size,i.push(l)}return i}function qe(e,t){var r=fe(e,t);if(r.length){var n,i=Array.prototype.slice.call(arguments,2);jo?n=jo.delayedCallbacks:Xo?n=Xo:(n=Xo=[],setTimeout(Ze,0));for(var o=function(e){n.push(function(){return r[e].apply(null,i)})},l=0;l<r.length;++l)o(l)}}function Ze(){var e=Xo;Xo=null;for(var t=0;t<e.length;++t)e[t]()}function Qe(e,t,r,n){for(var i=0;i<t.changes.length;i++){var o=t.changes[i];"text"==o?function(e,t){var r=t.text.className,n=et(e,t);t.text==t.node&&(t.node=n.pre);t.text.parentNode.replaceChild(n.pre,t.text),t.text=n.pre,n.bgClass!=t.bgClass||n.textClass!=t.textClass?(t.bgClass=n.bgClass,t.textClass=n.textClass,tt(e,t)):r&&(t.text.className=r)}(e,t):"gutter"==o?rt(e,t,r,n):"class"==o?tt(e,t):"widget"==o&&function(e,t,r){t.alignable&&(t.alignable=null);for(var n=t.node.firstChild,i=void 0;n;n=i)i=n.nextSibling,"CodeMirror-linewidget"==n.className&&t.node.removeChild(n);it(e,t,r)}(e,t,n)}t.changes=null}function Je(e){return e.node==e.text&&(e.node=n("div",null,null,"position: relative"),e.text.parentNode&&e.text.parentNode.replaceChild(e.node,e.text),e.node.appendChild(e.text),Ki&&ji<8&&(e.node.style.zIndex=2)),e.node}function et(e,t){var r=e.display.externalMeasured;return r&&r.line==t.line?(e.display.externalMeasured=null,t.measure=r.measure,r.built):Ke(e,t)}function tt(e,t){!function(e,t){var r=t.bgClass?t.bgClass+" "+(t.line.bgClass||""):t.line.bgClass;if(r&&(r+=" CodeMirror-linebackground"),t.background)r?t.background.className=r:(t.background.parentNode.removeChild(t.background),t.background=null);else if(r){var i=Je(t);t.background=i.insertBefore(n("div",null,r),i.firstChild),e.display.input.setUneditable(t.background)}}(e,t),t.line.wrapClass?Je(t).className=t.line.wrapClass:t.node!=t.text&&(t.node.className="");var r=t.textClass?t.textClass+" "+(t.line.textClass||""):t.line.textClass;t.text.className=r||""}function rt(e,t,r,i){if(t.gutter&&(t.node.removeChild(t.gutter),t.gutter=null),t.gutterBackground&&(t.node.removeChild(t.gutterBackground),t.gutterBackground=null),t.line.gutterClass){var o=Je(t);t.gutterBackground=n("div",null,"CodeMirror-gutter-background "+t.line.gutterClass,"left: "+(e.options.fixedGutter?i.fixedPos:-i.gutterTotalWidth)+"px; width: "+i.gutterTotalWidth+"px"),e.display.input.setUneditable(t.gutterBackground),o.insertBefore(t.gutterBackground,t.text)}var l=t.line.gutterMarkers;if(e.options.lineNumbers||l){var s=Je(t),a=t.gutter=n("div",null,"CodeMirror-gutter-wrapper","left: "+(e.options.fixedGutter?i.fixedPos:-i.gutterTotalWidth)+"px");if(e.display.input.setUneditable(a),s.insertBefore(a,t.text),t.line.gutterClass&&(a.className+=" "+t.line.gutterClass),!e.options.lineNumbers||l&&l["CodeMirror-linenumbers"]||(t.lineNumber=a.appendChild(n("div",D(e.options,r),"CodeMirror-linenumber CodeMirror-gutter-elt","left: "+i.gutterLeft["CodeMirror-linenumbers"]+"px; width: "+e.display.lineNumInnerWidth+"px"))),l)for(var u=0;u<e.options.gutters.length;++u){var c=e.options.gutters[u],h=l.hasOwnProperty(c)&&l[c];h&&a.appendChild(n("div",[h],"CodeMirror-gutter-elt","left: "+i.gutterLeft[c]+"px; width: "+i.gutterWidth[c]+"px"))}}}function nt(e,t,r,n){var i=et(e,t);return t.text=t.node=i.pre,i.bgClass&&(t.bgClass=i.bgClass),i.textClass&&(t.textClass=i.textClass),tt(e,t),rt(e,t,r,n),it(e,t,n),t.node}function it(e,t,r){if(ot(e,t.line,t,r,!0),t.rest)for(var n=0;n<t.rest.length;n++)ot(e,t.rest[n],t,r,!1)}function ot(e,t,r,i,o){if(t.widgets)for(var l=Je(r),s=0,a=t.widgets;s<a.length;++s){var u=a[s],c=n("div",[u.node],"CodeMirror-linewidget");u.handleMouseEvents||c.setAttribute("cm-ignore-events","true"),function(e,t,r,n){if(e.noHScroll){(r.alignable||(r.alignable=[])).push(t);var i=n.wrapperWidth;t.style.left=n.fixedPos+"px",e.coverGutter||(i-=n.gutterTotalWidth,t.style.paddingLeft=n.gutterTotalWidth+"px"),t.style.width=i+"px"}e.coverGutter&&(t.style.zIndex=5,t.style.position="relative",e.noHScroll||(t.style.marginLeft=-n.gutterTotalWidth+"px"))}(u,c,r,i),e.display.input.setUneditable(c),o&&u.above?l.insertBefore(c,r.gutter||r.text):l.appendChild(c),qe(u,"redraw")}}function lt(e){if(null!=e.height)return e.height;var t=e.doc.cm;if(!t)return 0;if(!o(document.body,e.node)){var i="position: relative;";e.coverGutter&&(i+="margin-left: -"+t.display.gutters.offsetWidth+"px;"),e.noHScroll&&(i+="width: "+t.display.wrapper.clientWidth+"px;"),r(t.display.measure,n("div",[e.node],null,i))}return e.height=e.node.parentNode.offsetHeight}function st(e,t){for(var r=Se(t);r!=e.wrapper;r=r.parentNode)if(!r||1==r.nodeType&&"true"==r.getAttribute("cm-ignore-events")||r.parentNode==e.sizer&&r!=e.mover)return!0}function at(e){return e.lineSpace.offsetTop}function ut(e){return e.mover.offsetHeight-e.lineSpace.offsetHeight}function ct(e){if(e.cachedPaddingH)return e.cachedPaddingH;var t=r(e.measure,n("pre","x")),i=window.getComputedStyle?window.getComputedStyle(t):t.currentStyle,o={left:parseInt(i.paddingLeft),right:parseInt(i.paddingRight)};return isNaN(o.left)||isNaN(o.right)||(e.cachedPaddingH=o),o}function ht(e){return go-e.display.nativeBarWidth}function ft(e){return e.display.scroller.clientWidth-ht(e)-e.display.barWidth}function dt(e){return e.display.scroller.clientHeight-ht(e)-e.display.barHeight}function pt(e,t,r){if(e.line==t)return{map:e.measure.map,cache:e.measure.cache};for(var n=0;n<e.rest.length;n++)if(e.rest[n]==t)return{map:e.measure.maps[n],cache:e.measure.caches[n]};for(var i=0;i<e.rest.length;i++)if(O(e.rest[i])>r)return{map:e.measure.maps[i],cache:e.measure.caches[i],before:!0}}function gt(e,t,r,n){return yt(e,mt(e,t),r,n)}function vt(e,t){if(t>=e.display.viewFrom&&t<e.display.viewTo)return e.display.view[Kt(e,t)];var r=e.display.externalMeasured;return r&&t>=r.lineN&&t<r.lineN+r.size?r:void 0}function mt(e,t){var n=O(t),i=vt(e,n);i&&!i.text?i=null:i&&i.changes&&(Qe(e,i,n,Rt(e)),e.curOp.forceUpdate=!0),i||(i=function(e,t){var n=O(t=re(t)),i=e.display.externalMeasured=new _e(e.doc,t,n);i.lineN=n;var o=i.built=Ke(e,i);return i.text=o.pre,r(e.display.lineMeasure,o.pre),i}(e,t));var o=pt(i,t,n);return{line:t,view:i,rect:null,map:o.map,cache:o.cache,before:o.before,hasHeights:!1}}function yt(e,t,i,o,l){t.before&&(i=-1);var s,a=i+(o||"");return t.cache.hasOwnProperty(a)?s=t.cache[a]:(t.rect||(t.rect=t.view.text.getBoundingClientRect()),t.hasHeights||(!function(e,t,r){var n=e.options.lineWrapping,i=n&&ft(e);if(!t.measure.heights||n&&t.measure.width!=i){var o=t.measure.heights=[];if(n){t.measure.width=i;for(var l=t.text.firstChild.getClientRects(),s=0;s<l.length-1;s++){var a=l[s],u=l[s+1];Math.abs(a.bottom-u.bottom)>2&&o.push((a.bottom+u.top)/2-r.top)}}o.push(r.bottom-r.top)}}(e,t.view,t.rect),t.hasHeights=!0),(s=function(e,t,i,o){var l,s=bt(t.map,i,o),a=s.node,u=s.start,c=s.end,h=s.collapse;if(3==a.nodeType){for(var f=0;f<4;f++){for(;u&&C(t.line.text.charAt(s.coverStart+u));)--u;for(;s.coverStart+c<s.coverEnd&&C(t.line.text.charAt(s.coverStart+c));)++c;if((l=Ki&&ji<9&&0==u&&c==s.coverEnd-s.coverStart?a.parentNode.getBoundingClientRect():wt(lo(a,u,c).getClientRects(),o)).left||l.right||0==u)break;c=u,u-=1,h="right"}Ki&&ji<11&&(l=function(e,t){if(!window.screen||null==screen.logicalXDPI||screen.logicalXDPI==screen.deviceXDPI||!function(e){if(null!=Ho)return Ho;var t=r(e,n("span","x")),i=t.getBoundingClientRect(),o=lo(t,0,1).getBoundingClientRect();return Ho=Math.abs(i.left-o.left)>1}(e))return t;var i=screen.logicalXDPI/screen.deviceXDPI,o=screen.logicalYDPI/screen.deviceYDPI;return{left:t.left*i,right:t.right*i,top:t.top*o,bottom:t.bottom*o}}(e.display.measure,l))}else{u>0&&(h=o="right");var d;l=e.options.lineWrapping&&(d=a.getClientRects()).length>1?d["right"==o?d.length-1:0]:a.getBoundingClientRect()}if(Ki&&ji<9&&!u&&(!l||!l.left&&!l.right)){var p=a.parentNode.getClientRects()[0];l=p?{left:p.left,right:p.left+It(e.display),top:p.top,bottom:p.bottom}:Yo}for(var g=l.top-t.rect.top,v=l.bottom-t.rect.top,m=(g+v)/2,y=t.view.measure.heights,b=0;b<y.length-1&&!(m<y[b]);b++);var w=b?y[b-1]:0,x=y[b],S={left:("right"==h?l.right:l.left)-t.rect.left,right:("left"==h?l.left:l.right)-t.rect.left,top:w,bottom:x};l.left||l.right||(S.bogus=!0);e.options.singleCursorHeightPerLine||(S.rtop=g,S.rbottom=v);return S}(e,t,i,o)).bogus||(t.cache[a]=s)),{left:s.left,right:s.right,top:l?s.rtop:s.top,bottom:l?s.rbottom:s.bottom}}function bt(e,t,r){for(var n,i,o,l,s,a,u=0;u<e.length;u+=3)if(s=e[u],a=e[u+1],t<s?(i=0,o=1,l="left"):t<a?o=(i=t-s)+1:(u==e.length-3||t==a&&e[u+3]>t)&&(i=(o=a-s)-1,t>=a&&(l="right")),null!=i){if(n=e[u+2],s==a&&r==(n.insertLeft?"left":"right")&&(l=r),"left"==r&&0==i)for(;u&&e[u-2]==e[u-3]&&e[u-1].insertLeft;)n=e[2+(u-=3)],l="left";if("right"==r&&i==a-s)for(;u<e.length-3&&e[u+3]==e[u+4]&&!e[u+5].insertLeft;)n=e[(u+=3)+2],l="right";break}return{node:n,start:i,end:o,collapse:l,coverStart:s,coverEnd:a}}function wt(e,t){var r=Yo;if("left"==t)for(var n=0;n<e.length&&(r=e[n]).left==r.right;n++);else for(var i=e.length-1;i>=0&&(r=e[i]).left==r.right;i--);return r}function xt(e){if(e.measure&&(e.measure.cache={},e.measure.heights=null,e.rest))for(var t=0;t<e.rest.length;t++)e.measure.caches[t]={}}function Ct(e){e.display.externalMeasure=null,t(e.display.lineMeasure);for(var r=0;r<e.display.view.length;r++)xt(e.display.view[r])}function St(e){Ct(e),e.display.cachedCharWidth=e.display.cachedTextHeight=e.display.cachedPaddingH=null,e.options.lineWrapping||(e.display.maxLineChanged=!0),e.display.lineNumChars=null}function Lt(){return _i&&eo?-(document.body.getBoundingClientRect().left-parseInt(getComputedStyle(document.body).marginLeft)):window.pageXOffset||(document.documentElement||document.body).scrollLeft}function kt(){return _i&&eo?-(document.body.getBoundingClientRect().top-parseInt(getComputedStyle(document.body).marginTop)):window.pageYOffset||(document.documentElement||document.body).scrollTop}function Tt(e){var t=0;if(e.widgets)for(var r=0;r<e.widgets.length;++r)e.widgets[r].above&&(t+=lt(e.widgets[r]));return t}function Mt(e,t,r,n,i){if(!i){var o=Tt(t);r.top+=o,r.bottom+=o}if("line"==n)return r;n||(n="local");var l=se(t);if("local"==n?l+=at(e.display):l-=e.display.viewOffset,"page"==n||"window"==n){var s=e.display.lineSpace.getBoundingClientRect();l+=s.top+("window"==n?0:kt());var a=s.left+("window"==n?0:Lt());r.left+=a,r.right+=a}return r.top+=l,r.bottom+=l,r}function Nt(e,t,r){if("div"==r)return t;var n=t.left,i=t.top;if("page"==r)n-=Lt(),i-=kt();else if("local"==r||!r){var o=e.display.sizer.getBoundingClientRect();n+=o.left,i+=o.top}var l=e.display.lineSpace.getBoundingClientRect();return{left:n-l.left,top:i-l.top}}function Ot(e,t,r,n,i){return n||(n=k(e.doc,t.line)),Mt(e,n,gt(e,n,t.ch,i),r)}function At(e,t,r,n,i,o){function l(t,l){var s=yt(e,i,t,l?"right":"left",o);return l?s.left=s.right:s.right=s.left,Mt(e,n,s,r)}function s(e,t,r){var n=1==a[t].level;return l(r?e-1:e,n!=r)}n=n||k(e.doc,t.line),i||(i=mt(e,n));var a=he(n,e.doc.direction),u=t.ch,c=t.sticky;if(u>=n.text.length?(u=n.text.length,c="before"):u<=0&&(u=0,c="after"),!a)return l("before"==c?u-1:u,"before"==c);var h=ce(a,u,c),f=ko,d=s(u,h,"before"==c);return null!=f&&(d.other=s(u,f,"before"!=c)),d}function Wt(e,t){var r=0;t=B(e.doc,t),e.options.lineWrapping||(r=It(e.display)*t.ch);var n=k(e.doc,t.line),i=se(n)+at(e.display);return{left:r,right:r,top:i,bottom:i+n.height}}function Dt(e,t,r,n,i){var o=H(e,t,r);return o.xRel=i,n&&(o.outside=!0),o}function Ht(e,t,r){var n=e.doc;if((r+=e.display.viewOffset)<0)return Dt(n.first,0,null,!0,-1);var i=A(n,r),o=n.first+n.size-1;if(i>o)return Dt(n.first+n.size-1,k(n,o).text.length,null,!0,1);t<0&&(t=0);for(var l=k(n,i);;){var s=function(e,t,r,n,i){i-=se(t);var o=mt(e,t),l=Tt(t),s=0,a=t.text.length,u=!0,c=he(t,e.doc.direction);if(c){var h=(e.options.lineWrapping?function(e,t,r,n,i,o,l){var s=Ft(e,t,n,l),a=s.begin,u=s.end;/\s/.test(t.text.charAt(u-1))&&u--;for(var c=null,h=null,f=0;f<i.length;f++){var d=i[f];if(!(d.from>=u||d.to<=a)){var p=1!=d.level,g=yt(e,n,p?Math.min(u,d.to)-1:Math.max(a,d.from)).right,v=g<o?o-g+1e9:g-o;(!c||h>v)&&(c=d,h=v)}}c||(c=i[i.length-1]);c.from<a&&(c={from:a,to:c.to,level:c.level});c.to>u&&(c={from:c.from,to:u,level:c.level});return c}:function(e,t,r,n,i,o,l){var s=L(function(s){var a=i[s],u=1!=a.level;return Et(At(e,H(r,u?a.to:a.from,u?"before":"after"),"line",t,n),o,l,!0)},0,i.length-1),a=i[s];if(s>0){var u=1!=a.level,c=At(e,H(r,u?a.from:a.to,u?"after":"before"),"line",t,n);Et(c,o,l,!0)&&c.top>l&&(a=i[s-1])}return a})(e,t,r,o,c,n,i);u=1!=h.level,s=u?h.from:h.to-1,a=u?h.to:h.from-1}var f,d,p=null,g=null,v=L(function(t){var r=yt(e,o,t);return r.top+=l,r.bottom+=l,!!Et(r,n,i,!1)&&(r.top<=i&&r.left<=n&&(p=t,g=r),!0)},s,a),m=!1;if(g){var y=n-g.left<g.right-n,b=y==u;v=p+(b?0:1),d=b?"after":"before",f=y?g.left:g.right}else{u||v!=a&&v!=s||v++,d=0==v?"after":v==t.text.length?"before":yt(e,o,v-(u?1:0)).bottom+l<=i==u?"after":"before";var w=At(e,H(r,v,d),"line",t,o);f=w.left,m=i<w.top||i>=w.bottom}return v=S(t.text,v,1),Dt(r,v,d,m,n-f)}(e,l,i,t,r),a=ee(l),u=a&&a.find(0,!0);if(!a||!(s.ch>u.from.ch||s.ch==u.from.ch&&s.xRel>0))return s;i=O(l=u.to.line)}}function Ft(e,t,r,n){n-=Tt(t);var i=t.text.length,o=L(function(t){return yt(e,r,t-1).bottom<=n},i,0);return i=L(function(t){return yt(e,r,t).top>n},o,i),{begin:o,end:i}}function Pt(e,t,r,n){r||(r=mt(e,t));return Ft(e,t,r,Mt(e,t,yt(e,r,n),"line").top)}function Et(e,t,r,n){return!(e.bottom<=r)&&(e.top>r||(n?e.left:e.right)>t)}function zt(e){if(null!=e.cachedTextHeight)return e.cachedTextHeight;if(null==Uo){Uo=n("pre");for(var i=0;i<49;++i)Uo.appendChild(document.createTextNode("x")),Uo.appendChild(n("br"));Uo.appendChild(document.createTextNode("x"))}r(e.measure,Uo);var o=Uo.offsetHeight/50;return o>3&&(e.cachedTextHeight=o),t(e.measure),o||1}function It(e){if(null!=e.cachedCharWidth)return e.cachedCharWidth;var t=n("span","xxxxxxxxxx"),i=n("pre",[t]);r(e.measure,i);var o=t.getBoundingClientRect(),l=(o.right-o.left)/10;return l>2&&(e.cachedCharWidth=l),l||10}function Rt(e){for(var t=e.display,r={},n={},i=t.gutters.clientLeft,o=t.gutters.firstChild,l=0;o;o=o.nextSibling,++l)r[e.options.gutters[l]]=o.offsetLeft+o.clientLeft+i,n[e.options.gutters[l]]=o.clientWidth;return{fixedPos:Bt(t),gutterTotalWidth:t.gutters.offsetWidth,gutterLeft:r,gutterWidth:n,wrapperWidth:t.wrapper.clientWidth}}function Bt(e){return e.scroller.getBoundingClientRect().left-e.sizer.getBoundingClientRect().left}function Gt(e){var t=zt(e.display),r=e.options.lineWrapping,n=r&&Math.max(5,e.display.scroller.clientWidth/It(e.display)-3);return function(i){if(oe(e.doc,i))return 0;var o=0;if(i.widgets)for(var l=0;l<i.widgets.length;l++)i.widgets[l].height&&(o+=i.widgets[l].height);return r?o+(Math.ceil(i.text.length/n)||1)*t:o+t}}function Ut(e){var t=e.doc,r=Gt(e);t.iter(function(e){var t=r(e);t!=e.height&&N(e,t)})}function Vt(e,t,r,n){var i=e.display;if(!r&&"true"==Se(t).getAttribute("cm-not-content"))return null;var o,l,s=i.lineSpace.getBoundingClientRect();try{o=t.clientX-s.left,l=t.clientY-s.top}catch(t){return null}var a,u=Ht(e,o,l);if(n&&1==u.xRel&&(a=k(e.doc,u.line).text).length==u.ch){var c=h(a,a.length,e.options.tabSize)-a.length;u=H(u.line,Math.max(0,Math.round((o-ct(e.display).left)/It(e.display))-c))}return u}function Kt(e,t){if(t>=e.display.viewTo)return null;if((t-=e.display.viewFrom)<0)return null;for(var r=e.display.view,n=0;n<r.length;n++)if((t-=r[n].size)<0)return n}function jt(e){e.display.input.showSelection(e.display.input.prepareSelection())}function Xt(e,t){void 0===t&&(t=!0);for(var r=e.doc,i={},o=i.cursors=document.createDocumentFragment(),l=i.selection=document.createDocumentFragment(),s=0;s<r.sel.ranges.length;s++)if(t||s!=r.sel.primIndex){var a=r.sel.ranges[s];if(!(a.from().line>=e.display.viewTo||a.to().line<e.display.viewFrom)){var u=a.empty();(u||e.options.showCursorWhenSelecting)&&Yt(e,a.head,o),u||function(e,t,r){function i(e,t,r,i){t<0&&(t=0),t=Math.round(t),i=Math.round(i),a.appendChild(n("div",null,"CodeMirror-selected","position: absolute; left: "+e+"px;\n                             top: "+t+"px; width: "+(null==r?h-e:r)+"px;\n                             height: "+(i-t)+"px"))}function o(t,r,n){function o(r,n){return Ot(e,H(t,r),"div",d,n)}function l(t,r,n){var i=Pt(e,d,null,t),l="ltr"==r==("after"==n)?"left":"right";return o("after"==n?i.begin:i.end-(/\s/.test(d.text.charAt(i.end-1))?2:1),l)[l]}var a,u,d=k(s,t),p=d.text.length,g=he(d,s.direction);return function(e,t,r,n){if(!e)return n(t,r,"ltr",0);for(var i=!1,o=0;o<e.length;++o){var l=e[o];(l.from<r&&l.to>t||t==r&&l.to==t)&&(n(Math.max(l.from,t),Math.min(l.to,r),1==l.level?"rtl":"ltr",o),i=!0)}i||n(t,r,"ltr")}(g,r||0,null==n?p:n,function(e,t,s,d){var v="ltr"==s,m=o(e,v?"left":"right"),y=o(t-1,v?"right":"left"),b=null==r&&0==e,w=null==n&&t==p,x=0==d,C=!g||d==g.length-1;if(y.top-m.top<=3){var S=(f?w:b)&&C,L=(f?b:w)&&x?c:(v?m:y).left,k=S?h:(v?y:m).right;i(L,m.top,k-L,m.bottom)}else{var T,M,N,O;v?(T=f&&b&&x?c:m.left,M=f?h:l(e,s,"before"),N=f?c:l(t,s,"after"),O=f&&w&&C?h:y.right):(T=f?l(e,s,"before"):c,M=!f&&b&&x?h:m.right,N=!f&&w&&C?c:y.left,O=f?l(t,s,"after"):h),i(T,m.top,M-T,m.bottom),m.bottom<y.top&&i(c,m.bottom,null,y.top),i(N,y.top,O-N,y.bottom)}(!a||_t(m,a)<0)&&(a=m),_t(y,a)<0&&(a=y),(!u||_t(m,u)<0)&&(u=m),_t(y,u)<0&&(u=y)}),{start:a,end:u}}var l=e.display,s=e.doc,a=document.createDocumentFragment(),u=ct(e.display),c=u.left,h=Math.max(l.sizerWidth,ft(e)-l.sizer.offsetLeft)-u.right,f="ltr"==s.direction;var d=t.from(),p=t.to();if(d.line==p.line)o(d.line,d.ch,p.ch);else{var g=k(s,d.line),v=k(s,p.line),m=re(g)==re(v),y=o(d.line,d.ch,m?g.text.length+1:null).end,b=o(p.line,m?0:null,p.ch).start;m&&(y.top<b.top-2?(i(y.right,y.top,null,y.bottom),i(c,b.top,b.left,b.bottom)):i(y.right,y.top,b.left-y.right,y.bottom)),y.bottom<b.top&&i(c,y.bottom,null,b.top)}r.appendChild(a)}(e,a,l)}}return i}function Yt(e,t,r){var i=At(e,t,"div",null,null,!e.options.singleCursorHeightPerLine),o=r.appendChild(n("div"," ","CodeMirror-cursor"));if(o.style.left=i.left+"px",o.style.top=i.top+"px",o.style.height=Math.max(0,i.bottom-i.top)*e.options.cursorHeight+"px",i.other){var l=r.appendChild(n("div"," ","CodeMirror-cursor CodeMirror-secondarycursor"));l.style.display="",l.style.left=i.other.left+"px",l.style.top=i.other.top+"px",l.style.height=.85*(i.other.bottom-i.other.top)+"px"}}function _t(e,t){return e.top-t.top||e.left-t.left}function $t(e){if(e.state.focused){var t=e.display;clearInterval(t.blinker);var r=!0;t.cursorDiv.style.visibility="",e.options.cursorBlinkRate>0?t.blinker=setInterval(function(){return t.cursorDiv.style.visibility=(r=!r)?"":"hidden"},e.options.cursorBlinkRate):e.options.cursorBlinkRate<0&&(t.cursorDiv.style.visibility="hidden")}}function qt(e){e.state.focused||(e.display.input.focus(),Qt(e))}function Zt(e){e.state.delayingBlurEvent=!0,setTimeout(function(){e.state.delayingBlurEvent&&(e.state.delayingBlurEvent=!1,Jt(e))},100)}function Qt(e,t){e.state.delayingBlurEvent&&(e.state.delayingBlurEvent=!1),"nocursor"!=e.options.readOnly&&(e.state.focused||(pe(e,"focus",e,t),e.state.focused=!0,s(e.display.wrapper,"CodeMirror-focused"),e.curOp||e.display.selForContextMenu==e.doc.sel||(e.display.input.reset(),Xi&&setTimeout(function(){return e.display.input.reset(!0)},20)),e.display.input.receivedFocus()),$t(e))}function Jt(e,t){e.state.delayingBlurEvent||(e.state.focused&&(pe(e,"blur",e,t),e.state.focused=!1,uo(e.display.wrapper,"CodeMirror-focused")),clearInterval(e.display.blinker),setTimeout(function(){e.state.focused||(e.display.shift=!1)},150))}function er(e){for(var t=e.display,r=t.lineDiv.offsetTop,n=0;n<t.view.length;n++){var i=t.view[n],o=void 0;if(!i.hidden){if(Ki&&ji<8){var l=i.node.offsetTop+i.node.offsetHeight;o=l-r,r=l}else{var s=i.node.getBoundingClientRect();o=s.bottom-s.top}var a=i.line.height-o;if(o<2&&(o=zt(t)),(a>.005||a<-.005)&&(N(i.line,o),tr(i.line),i.rest))for(var u=0;u<i.rest.length;u++)tr(i.rest[u])}}}function tr(e){if(e.widgets)for(var t=0;t<e.widgets.length;++t)e.widgets[t].height=e.widgets[t].node.parentNode.offsetHeight}function rr(e,t,r){var n=r&&null!=r.top?Math.max(0,r.top):e.scroller.scrollTop;n=Math.floor(n-at(e));var i=r&&null!=r.bottom?r.bottom:n+e.wrapper.clientHeight,o=A(t,n),l=A(t,i);if(r&&r.ensure){var s=r.ensure.from.line,a=r.ensure.to.line;s<o?(o=s,l=A(t,se(k(t,s))+e.wrapper.clientHeight)):Math.min(a,t.lastLine())>=l&&(o=A(t,se(k(t,a))-e.wrapper.clientHeight),l=a)}return{from:o,to:Math.max(l,o+1)}}function nr(e){var t=e.display,r=t.view;if(t.alignWidgets||t.gutters.firstChild&&e.options.fixedGutter){for(var n=Bt(t)-t.scroller.scrollLeft+e.doc.scrollLeft,i=t.gutters.offsetWidth,o=n+"px",l=0;l<r.length;l++)if(!r[l].hidden){e.options.fixedGutter&&(r[l].gutter&&(r[l].gutter.style.left=o),r[l].gutterBackground&&(r[l].gutterBackground.style.left=o));var s=r[l].alignable;if(s)for(var a=0;a<s.length;a++)s[a].style.left=o}e.options.fixedGutter&&(t.gutters.style.left=n+i+"px")}}function ir(e){if(!e.options.lineNumbers)return!1;var t=e.doc,r=D(e.options,t.first+t.size-1),i=e.display;if(r.length!=i.lineNumChars){var o=i.measure.appendChild(n("div",[n("div",r)],"CodeMirror-linenumber CodeMirror-gutter-elt")),l=o.firstChild.offsetWidth,s=o.offsetWidth-l;return i.lineGutter.style.width="",i.lineNumInnerWidth=Math.max(l,i.lineGutter.offsetWidth-s)+1,i.lineNumWidth=i.lineNumInnerWidth+s,i.lineNumChars=i.lineNumInnerWidth?r.length:-1,i.lineGutter.style.width=i.lineNumWidth+"px",Fr(e),!0}return!1}function or(e,t){var r=e.display,n=zt(e.display);t.top<0&&(t.top=0);var i=e.curOp&&null!=e.curOp.scrollTop?e.curOp.scrollTop:r.scroller.scrollTop,o=dt(e),l={};t.bottom-t.top>o&&(t.bottom=t.top+o);var s=e.doc.height+ut(r),a=t.top<n,u=t.bottom>s-n;if(t.top<i)l.scrollTop=a?0:t.top;else if(t.bottom>i+o){var c=Math.min(t.top,(u?s:t.bottom)-o);c!=i&&(l.scrollTop=c)}var h=e.curOp&&null!=e.curOp.scrollLeft?e.curOp.scrollLeft:r.scroller.scrollLeft,f=ft(e)-(e.options.fixedGutter?r.gutters.offsetWidth:0),d=t.right-t.left>f;return d&&(t.right=t.left+f),t.left<10?l.scrollLeft=0:t.left<h?l.scrollLeft=Math.max(0,t.left-(d?0:10)):t.right>f+h-3&&(l.scrollLeft=t.right+(d?0:10)-f),l}function lr(e,t){null!=t&&(ur(e),e.curOp.scrollTop=(null==e.curOp.scrollTop?e.doc.scrollTop:e.curOp.scrollTop)+t)}function sr(e){ur(e);var t=e.getCursor();e.curOp.scrollToPos={from:t,to:t,margin:e.options.cursorScrollMargin}}function ar(e,t,r){null==t&&null==r||ur(e),null!=t&&(e.curOp.scrollLeft=t),null!=r&&(e.curOp.scrollTop=r)}function ur(e){var t=e.curOp.scrollToPos;if(t){e.curOp.scrollToPos=null;cr(e,Wt(e,t.from),Wt(e,t.to),t.margin)}}function cr(e,t,r,n){var i=or(e,{left:Math.min(t.left,r.left),top:Math.min(t.top,r.top)-n,right:Math.max(t.right,r.right),bottom:Math.max(t.bottom,r.bottom)+n});ar(e,i.scrollLeft,i.scrollTop)}function hr(e,t){Math.abs(e.doc.scrollTop-t)<2||(Bi||Hr(e,{top:t}),fr(e,t,!0),Bi&&Hr(e),Or(e,100))}function fr(e,t,r){t=Math.min(e.display.scroller.scrollHeight-e.display.scroller.clientHeight,t),(e.display.scroller.scrollTop!=t||r)&&(e.doc.scrollTop=t,e.display.scrollbars.setScrollTop(t),e.display.scroller.scrollTop!=t&&(e.display.scroller.scrollTop=t))}function dr(e,t,r,n){t=Math.min(t,e.display.scroller.scrollWidth-e.display.scroller.clientWidth),(r?t==e.doc.scrollLeft:Math.abs(e.doc.scrollLeft-t)<2)&&!n||(e.doc.scrollLeft=t,nr(e),e.display.scroller.scrollLeft!=t&&(e.display.scroller.scrollLeft=t),e.display.scrollbars.setScrollLeft(t))}function pr(e){var t=e.display,r=t.gutters.offsetWidth,n=Math.round(e.doc.height+ut(e.display));return{clientHeight:t.scroller.clientHeight,viewHeight:t.wrapper.clientHeight,scrollWidth:t.scroller.scrollWidth,clientWidth:t.scroller.clientWidth,viewWidth:t.wrapper.clientWidth,barLeft:e.options.fixedGutter?r:0,docHeight:n,scrollHeight:n+ht(e)+t.barHeight,nativeBarWidth:t.nativeBarWidth,gutterWidth:r}}function gr(e,t){t||(t=pr(e));var r=e.display.barWidth,n=e.display.barHeight;vr(e,t);for(var i=0;i<4&&r!=e.display.barWidth||n!=e.display.barHeight;i++)r!=e.display.barWidth&&e.options.lineWrapping&&er(e),vr(e,pr(e)),r=e.display.barWidth,n=e.display.barHeight}function vr(e,t){var r=e.display,n=r.scrollbars.update(t);r.sizer.style.paddingRight=(r.barWidth=n.right)+"px",r.sizer.style.paddingBottom=(r.barHeight=n.bottom)+"px",r.heightForcer.style.borderBottom=n.bottom+"px solid transparent",n.right&&n.bottom?(r.scrollbarFiller.style.display="block",r.scrollbarFiller.style.height=n.bottom+"px",r.scrollbarFiller.style.width=n.right+"px"):r.scrollbarFiller.style.display="",n.bottom&&e.options.coverGutterNextToScrollbar&&e.options.fixedGutter?(r.gutterFiller.style.display="block",r.gutterFiller.style.height=n.bottom+"px",r.gutterFiller.style.width=t.gutterWidth+"px"):r.gutterFiller.style.display=""}function mr(e){e.display.scrollbars&&(e.display.scrollbars.clear(),e.display.scrollbars.addClass&&uo(e.display.wrapper,e.display.scrollbars.addClass)),e.display.scrollbars=new qo[e.options.scrollbarStyle](function(t){e.display.wrapper.insertBefore(t,e.display.scrollbarFiller),No(t,"mousedown",function(){e.state.focused&&setTimeout(function(){return e.display.input.focus()},0)}),t.setAttribute("cm-not-content","true")},function(t,r){"horizontal"==r?dr(e,t):hr(e,t)},e),e.display.scrollbars.addClass&&s(e.display.wrapper,e.display.scrollbars.addClass)}function yr(e){e.curOp={cm:e,viewChanged:!1,startHeight:e.doc.height,forceUpdate:!1,updateInput:null,typing:!1,changeObjs:null,cursorActivityHandlers:null,cursorActivityCalled:0,selectionChanged:!1,updateMaxLine:!1,scrollLeft:null,scrollTop:null,scrollToPos:null,focus:!1,id:++Zo},function(e){jo?jo.ops.push(e):e.ownsGroup=jo={ops:[e],delayedCallbacks:[]}}(e.curOp)}function br(e){!function(e,t){var r=e.ownsGroup;if(r)try{!function(e){var t=e.delayedCallbacks,r=0;do{for(;r<t.length;r++)t[r].call(null);for(var n=0;n<e.ops.length;n++){var i=e.ops[n];if(i.cursorActivityHandlers)for(;i.cursorActivityCalled<i.cursorActivityHandlers.length;)i.cursorActivityHandlers[i.cursorActivityCalled++].call(null,i.cm)}}while(r<t.length)}(r)}finally{jo=null,t(r)}}(e.curOp,function(e){for(var t=0;t<e.ops.length;t++)e.ops[t].cm.curOp=null;!function(e){for(var t=e.ops,r=0;r<t.length;r++)!function(e){var t=e.cm,r=t.display;(function(e){var t=e.display;!t.scrollbarsClipped&&t.scroller.offsetWidth&&(t.nativeBarWidth=t.scroller.offsetWidth-t.scroller.clientWidth,t.heightForcer.style.height=ht(e)+"px",t.sizer.style.marginBottom=-t.nativeBarWidth+"px",t.sizer.style.borderRightWidth=ht(e)+"px",t.scrollbarsClipped=!0)})(t),e.updateMaxLine&&ue(t);e.mustUpdate=e.viewChanged||e.forceUpdate||null!=e.scrollTop||e.scrollToPos&&(e.scrollToPos.from.line<r.viewFrom||e.scrollToPos.to.line>=r.viewTo)||r.maxLineChanged&&t.options.lineWrapping,e.update=e.mustUpdate&&new Qo(t,e.mustUpdate&&{top:e.scrollTop,ensure:e.scrollToPos},e.forceUpdate)}(t[r]);for(var i=0;i<t.length;i++)!function(e){e.updatedDisplay=e.mustUpdate&&Wr(e.cm,e.update)}(t[i]);for(var o=0;o<t.length;o++)!function(e){var t=e.cm,r=t.display;e.updatedDisplay&&er(t);e.barMeasure=pr(t),r.maxLineChanged&&!t.options.lineWrapping&&(e.adjustWidthTo=gt(t,r.maxLine,r.maxLine.text.length).left+3,t.display.sizerWidth=e.adjustWidthTo,e.barMeasure.scrollWidth=Math.max(r.scroller.clientWidth,r.sizer.offsetLeft+e.adjustWidthTo+ht(t)+t.display.barWidth),e.maxScrollLeft=Math.max(0,r.sizer.offsetLeft+e.adjustWidthTo-ft(t)));(e.updatedDisplay||e.selectionChanged)&&(e.preparedSelection=r.input.prepareSelection())}(t[o]);for(var s=0;s<t.length;s++)!function(e){var t=e.cm;null!=e.adjustWidthTo&&(t.display.sizer.style.minWidth=e.adjustWidthTo+"px",e.maxScrollLeft<t.doc.scrollLeft&&dr(t,Math.min(t.display.scroller.scrollLeft,e.maxScrollLeft),!0),t.display.maxLineChanged=!1);var r=e.focus&&e.focus==l();e.preparedSelection&&t.display.input.showSelection(e.preparedSelection,r);(e.updatedDisplay||e.startHeight!=t.doc.height)&&gr(t,e.barMeasure);e.updatedDisplay&&Pr(t,e.barMeasure);e.selectionChanged&&$t(t);t.state.focused&&e.updateInput&&t.display.input.reset(e.typing);r&&qt(e.cm)}(t[s]);for(var a=0;a<t.length;a++)!function(e){var t=e.cm,r=t.display,i=t.doc;e.updatedDisplay&&Dr(t,e.update);null==r.wheelStartX||null==e.scrollTop&&null==e.scrollLeft&&!e.scrollToPos||(r.wheelStartX=r.wheelStartY=null);null!=e.scrollTop&&fr(t,e.scrollTop,e.forceScroll);null!=e.scrollLeft&&dr(t,e.scrollLeft,!0,!0);if(e.scrollToPos){var o=function(e,t,r,n){null==n&&(n=0);var i;e.options.lineWrapping||t!=r||(r="before"==(t=t.ch?H(t.line,"before"==t.sticky?t.ch-1:t.ch,"after"):t).sticky?H(t.line,t.ch+1,"before"):t);for(var o=0;o<5;o++){var l=!1,s=At(e,t),a=r&&r!=t?At(e,r):s,u=or(e,i={left:Math.min(s.left,a.left),top:Math.min(s.top,a.top)-n,right:Math.max(s.left,a.left),bottom:Math.max(s.bottom,a.bottom)+n}),c=e.doc.scrollTop,h=e.doc.scrollLeft;if(null!=u.scrollTop&&(hr(e,u.scrollTop),Math.abs(e.doc.scrollTop-c)>1&&(l=!0)),null!=u.scrollLeft&&(dr(e,u.scrollLeft),Math.abs(e.doc.scrollLeft-h)>1&&(l=!0)),!l)break}return i}(t,B(i,e.scrollToPos.from),B(i,e.scrollToPos.to),e.scrollToPos.margin);!function(e,t){if(!ge(e,"scrollCursorIntoView")){var r=e.display,i=r.sizer.getBoundingClientRect(),o=null;if(t.top+i.top<0?o=!0:t.bottom+i.top>(window.innerHeight||document.documentElement.clientHeight)&&(o=!1),null!=o&&!Qi){var l=n("div","​",null,"position: absolute;\n                         top: "+(t.top-r.viewOffset-at(e.display))+"px;\n                         height: "+(t.bottom-t.top+ht(e)+r.barHeight)+"px;\n                         left: "+t.left+"px; width: "+Math.max(2,t.right-t.left)+"px;");e.display.lineSpace.appendChild(l),l.scrollIntoView(o),e.display.lineSpace.removeChild(l)}}}(t,o)}var l=e.maybeHiddenMarkers,s=e.maybeUnhiddenMarkers;if(l)for(var a=0;a<l.length;++a)l[a].lines.length||pe(l[a],"hide");if(s)for(var u=0;u<s.length;++u)s[u].lines.length&&pe(s[u],"unhide");r.wrapper.offsetHeight&&(i.scrollTop=t.display.scroller.scrollTop);e.changeObjs&&pe(t,"changes",t,e.changeObjs);e.update&&e.update.finish()}(t[a])}(e)})}function wr(e,t){if(e.curOp)return t();yr(e);try{return t()}finally{br(e)}}function xr(e,t){return function(){if(e.curOp)return t.apply(e,arguments);yr(e);try{return t.apply(e,arguments)}finally{br(e)}}}function Cr(e){return function(){if(this.curOp)return e.apply(this,arguments);yr(this);try{return e.apply(this,arguments)}finally{br(this)}}}function Sr(e){return function(){var t=this.cm;if(!t||t.curOp)return e.apply(this,arguments);yr(t);try{return e.apply(this,arguments)}finally{br(t)}}}function Lr(e,t,r,n){null==t&&(t=e.doc.first),null==r&&(r=e.doc.first+e.doc.size),n||(n=0);var i=e.display;if(n&&r<i.viewTo&&(null==i.updateLineNumbers||i.updateLineNumbers>t)&&(i.updateLineNumbers=t),e.curOp.viewChanged=!0,t>=i.viewTo)Lo&&ne(e.doc,t)<i.viewTo&&Tr(e);else if(r<=i.viewFrom)Lo&&ie(e.doc,r+n)>i.viewFrom?Tr(e):(i.viewFrom+=n,i.viewTo+=n);else if(t<=i.viewFrom&&r>=i.viewTo)Tr(e);else if(t<=i.viewFrom){var o=Mr(e,r,r+n,1);o?(i.view=i.view.slice(o.index),i.viewFrom=o.lineN,i.viewTo+=n):Tr(e)}else if(r>=i.viewTo){var l=Mr(e,t,t,-1);l?(i.view=i.view.slice(0,l.index),i.viewTo=l.lineN):Tr(e)}else{var s=Mr(e,t,t,-1),a=Mr(e,r,r+n,1);s&&a?(i.view=i.view.slice(0,s.index).concat($e(e,s.lineN,a.lineN)).concat(i.view.slice(a.index)),i.viewTo+=n):Tr(e)}var u=i.externalMeasured;u&&(r<u.lineN?u.lineN+=n:t<u.lineN+u.size&&(i.externalMeasured=null))}function kr(e,t,r){e.curOp.viewChanged=!0;var n=e.display,i=e.display.externalMeasured;if(i&&t>=i.lineN&&t<i.lineN+i.size&&(n.externalMeasured=null),!(t<n.viewFrom||t>=n.viewTo)){var o=n.view[Kt(e,t)];if(null!=o.node){var l=o.changes||(o.changes=[]);-1==f(l,r)&&l.push(r)}}}function Tr(e){e.display.viewFrom=e.display.viewTo=e.doc.first,e.display.view=[],e.display.viewOffset=0}function Mr(e,t,r,n){var i,o=Kt(e,t),l=e.display.view;if(!Lo||r==e.doc.first+e.doc.size)return{index:o,lineN:r};for(var s=e.display.viewFrom,a=0;a<o;a++)s+=l[a].size;if(s!=t){if(n>0){if(o==l.length-1)return null;i=s+l[o].size-t,o++}else i=s-t;t+=i,r+=i}for(;ne(e.doc,r)!=r;){if(o==(n<0?0:l.length-1))return null;r+=n*l[o-(n<0?1:0)].size,o+=n}return{index:o,lineN:r}}function Nr(e){for(var t=e.display.view,r=0,n=0;n<t.length;n++){var i=t[n];i.hidden||i.node&&!i.changes||++r}return r}function Or(e,t){e.doc.highlightFrontier<e.display.viewTo&&e.state.highlight.set(t,u(Ar,e))}function Ar(e){var t=e.doc;if(!(t.highlightFrontier>=e.display.viewTo)){var r=+new Date+e.options.workTime,n=Pe(e,t.highlightFrontier),i=[];t.iter(n.line,Math.min(t.first+t.size,e.display.viewTo+500),function(o){if(n.line>=e.display.viewFrom){var l=o.styles,s=o.text.length>e.options.maxHighlightLength?Ae(t.mode,n.state):null,a=He(e,o,n,!0);s&&(n.state=s),o.styles=a.styles;var u=o.styleClasses,c=a.classes;c?o.styleClasses=c:u&&(o.styleClasses=null);for(var h=!l||l.length!=o.styles.length||u!=c&&(!u||!c||u.bgClass!=c.bgClass||u.textClass!=c.textClass),f=0;!h&&f<l.length;++f)h=l[f]!=o.styles[f];h&&i.push(n.line),o.stateAfter=n.save(),n.nextLine()}else o.text.length<=e.options.maxHighlightLength&&Ee(e,o.text,n),o.stateAfter=n.line%5==0?n.save():null,n.nextLine();if(+new Date>r)return Or(e,e.options.workDelay),!0}),t.highlightFrontier=n.line,t.modeFrontier=Math.max(t.modeFrontier,n.line),i.length&&wr(e,function(){for(var t=0;t<i.length;t++)kr(e,i[t],"text")})}}function Wr(e,r){var n=e.display,i=e.doc;if(r.editorIsHidden)return Tr(e),!1;if(!r.force&&r.visible.from>=n.viewFrom&&r.visible.to<=n.viewTo&&(null==n.updateLineNumbers||n.updateLineNumbers>=n.viewTo)&&n.renderedView==n.view&&0==Nr(e))return!1;ir(e)&&(Tr(e),r.dims=Rt(e));var s=i.first+i.size,a=Math.max(r.visible.from-e.options.viewportMargin,i.first),u=Math.min(s,r.visible.to+e.options.viewportMargin);n.viewFrom<a&&a-n.viewFrom<20&&(a=Math.max(i.first,n.viewFrom)),n.viewTo>u&&n.viewTo-u<20&&(u=Math.min(s,n.viewTo)),Lo&&(a=ne(e.doc,a),u=ie(e.doc,u));var c=a!=n.viewFrom||u!=n.viewTo||n.lastWrapHeight!=r.wrapperHeight||n.lastWrapWidth!=r.wrapperWidth;!function(e,t,r){var n=e.display;0==n.view.length||t>=n.viewTo||r<=n.viewFrom?(n.view=$e(e,t,r),n.viewFrom=t):(n.viewFrom>t?n.view=$e(e,t,n.viewFrom).concat(n.view):n.viewFrom<t&&(n.view=n.view.slice(Kt(e,t))),n.viewFrom=t,n.viewTo<r?n.view=n.view.concat($e(e,n.viewTo,r)):n.viewTo>r&&(n.view=n.view.slice(0,Kt(e,r)))),n.viewTo=r}(e,a,u),n.viewOffset=se(k(e.doc,n.viewFrom)),e.display.mover.style.top=n.viewOffset+"px";var h=Nr(e);if(!c&&0==h&&!r.force&&n.renderedView==n.view&&(null==n.updateLineNumbers||n.updateLineNumbers>=n.viewTo))return!1;var d=function(e){if(e.hasFocus())return null;var t=l();if(!t||!o(e.display.lineDiv,t))return null;var r={activeElt:t};if(window.getSelection){var n=window.getSelection();n.anchorNode&&n.extend&&o(e.display.lineDiv,n.anchorNode)&&(r.anchorNode=n.anchorNode,r.anchorOffset=n.anchorOffset,r.focusNode=n.focusNode,r.focusOffset=n.focusOffset)}return r}(e);return h>4&&(n.lineDiv.style.display="none"),function(e,r,n){function i(t){var r=t.nextSibling;return Xi&&ro&&e.display.currentWheelTarget==t?t.style.display="none":t.parentNode.removeChild(t),r}var o=e.display,l=e.options.lineNumbers,s=o.lineDiv,a=s.firstChild;for(var u=o.view,c=o.viewFrom,h=0;h<u.length;h++){var d=u[h];if(d.hidden);else if(d.node&&d.node.parentNode==s){for(;a!=d.node;)a=i(a);var p=l&&null!=r&&r<=c&&d.lineNumber;d.changes&&(f(d.changes,"gutter")>-1&&(p=!1),Qe(e,d,c,n)),p&&(t(d.lineNumber),d.lineNumber.appendChild(document.createTextNode(D(e.options,c)))),a=d.node.nextSibling}else{var g=nt(e,d,c,n);s.insertBefore(g,a)}c+=d.size}for(;a;)a=i(a)}(e,n.updateLineNumbers,r.dims),h>4&&(n.lineDiv.style.display=""),n.renderedView=n.view,function(e){if(e&&e.activeElt&&e.activeElt!=l()&&(e.activeElt.focus(),e.anchorNode&&o(document.body,e.anchorNode)&&o(document.body,e.focusNode))){var t=window.getSelection(),r=document.createRange();r.setEnd(e.anchorNode,e.anchorOffset),r.collapse(!1),t.removeAllRanges(),t.addRange(r),t.extend(e.focusNode,e.focusOffset)}}(d),t(n.cursorDiv),t(n.selectionDiv),n.gutters.style.height=n.sizer.style.minHeight=0,c&&(n.lastWrapHeight=r.wrapperHeight,n.lastWrapWidth=r.wrapperWidth,Or(e,400)),n.updateLineNumbers=null,!0}function Dr(e,t){for(var r=t.viewport,n=!0;(n&&e.options.lineWrapping&&t.oldDisplayWidth!=ft(e)||(r&&null!=r.top&&(r={top:Math.min(e.doc.height+ut(e.display)-dt(e),r.top)}),t.visible=rr(e.display,e.doc,r),!(t.visible.from>=e.display.viewFrom&&t.visible.to<=e.display.viewTo)))&&Wr(e,t);n=!1){er(e);var i=pr(e);jt(e),gr(e,i),Pr(e,i),t.force=!1}t.signal(e,"update",e),e.display.viewFrom==e.display.reportedViewFrom&&e.display.viewTo==e.display.reportedViewTo||(t.signal(e,"viewportChange",e,e.display.viewFrom,e.display.viewTo),e.display.reportedViewFrom=e.display.viewFrom,e.display.reportedViewTo=e.display.viewTo)}function Hr(e,t){var r=new Qo(e,t);if(Wr(e,r)){er(e),Dr(e,r);var n=pr(e);jt(e),gr(e,n),Pr(e,n),r.finish()}}function Fr(e){var t=e.display.gutters.offsetWidth;e.display.sizer.style.marginLeft=t+"px"}function Pr(e,t){e.display.sizer.style.minHeight=t.docHeight+"px",e.display.heightForcer.style.top=t.docHeight+"px",e.display.gutters.style.height=t.docHeight+e.display.barHeight+ht(e)+"px"}function Er(e){var r=e.display.gutters,i=e.options.gutters;t(r);for(var o=0;o<i.length;++o){var l=i[o],s=r.appendChild(n("div",null,"CodeMirror-gutter "+l));"CodeMirror-linenumbers"==l&&(e.display.lineGutter=s,s.style.width=(e.display.lineNumWidth||1)+"px")}r.style.display=o?"":"none",Fr(e)}function zr(e){var t=f(e.gutters,"CodeMirror-linenumbers");-1==t&&e.lineNumbers?e.gutters=e.gutters.concat(["CodeMirror-linenumbers"]):t>-1&&!e.lineNumbers&&(e.gutters=e.gutters.slice(0),e.gutters.splice(t,1))}function Ir(e){var t=e.wheelDeltaX,r=e.wheelDeltaY;return null==t&&e.detail&&e.axis==e.HORIZONTAL_AXIS&&(t=e.detail),null==r&&e.detail&&e.axis==e.VERTICAL_AXIS?r=e.detail:null==r&&(r=e.wheelDelta),{x:t,y:r}}function Rr(e){var t=Ir(e);return t.x*=el,t.y*=el,t}function Br(e,t){var r=Ir(t),n=r.x,i=r.y,o=e.display,l=o.scroller,s=l.scrollWidth>l.clientWidth,a=l.scrollHeight>l.clientHeight;if(n&&s||i&&a){if(i&&ro&&Xi)e:for(var u=t.target,c=o.view;u!=l;u=u.parentNode)for(var h=0;h<c.length;h++)if(c[h].node==u){e.display.currentWheelTarget=u;break e}if(n&&!Bi&&!$i&&null!=el)return i&&a&&hr(e,Math.max(0,l.scrollTop+i*el)),dr(e,Math.max(0,l.scrollLeft+n*el)),(!i||i&&a)&&be(t),void(o.wheelStartX=null);if(i&&null!=el){var f=i*el,d=e.doc.scrollTop,p=d+o.wrapper.clientHeight;f<0?d=Math.max(0,d+f-50):p=Math.min(e.doc.height,p+f+50),Hr(e,{top:d,bottom:p})}Jo<20&&(null==o.wheelStartX?(o.wheelStartX=l.scrollLeft,o.wheelStartY=l.scrollTop,o.wheelDX=n,o.wheelDY=i,setTimeout(function(){if(null!=o.wheelStartX){var e=l.scrollLeft-o.wheelStartX,t=l.scrollTop-o.wheelStartY,r=t&&o.wheelDY&&t/o.wheelDY||e&&o.wheelDX&&e/o.wheelDX;o.wheelStartX=o.wheelStartY=null,r&&(el=(el*Jo+r)/(Jo+1),++Jo)}},200)):(o.wheelDX+=n,o.wheelDY+=i))}}function Gr(e,t){var r=e[t];e.sort(function(e,t){return F(e.from(),t.from())}),t=f(e,r);for(var n=1;n<e.length;n++){var i=e[n],o=e[n-1];if(F(o.to(),i.from())>=0){var l=I(o.from(),i.from()),s=z(o.to(),i.to()),a=o.empty()?i.from()==i.head:o.from()==o.head;n<=t&&--t,e.splice(--n,2,new rl(a?s:l,a?l:s))}}return new tl(e,t)}function Ur(e,t){return new tl([new rl(e,t||e)],0)}function Vr(e){return e.text?H(e.from.line+e.text.length-1,g(e.text).length+(1==e.text.length?e.from.ch:0)):e.to}function Kr(e,t){if(F(e,t.from)<0)return e;if(F(e,t.to)<=0)return Vr(t);var r=e.line+t.text.length-(t.to.line-t.from.line)-1,n=e.ch;return e.line==t.to.line&&(n+=Vr(t).ch-t.to.ch),H(r,n)}function jr(e,t){for(var r=[],n=0;n<e.sel.ranges.length;n++){var i=e.sel.ranges[n];r.push(new rl(Kr(i.anchor,t),Kr(i.head,t)))}return Gr(r,e.sel.primIndex)}function Xr(e,t,r){return e.line==t.line?H(r.line,e.ch-t.ch+r.ch):H(r.line+(e.line-t.line),e.ch)}function Yr(e){e.doc.mode=Ne(e.options,e.doc.modeOption),_r(e)}function _r(e){e.doc.iter(function(e){e.stateAfter&&(e.stateAfter=null),e.styles&&(e.styles=null)}),e.doc.modeFrontier=e.doc.highlightFrontier=e.doc.first,Or(e,100),e.state.modeGen++,e.curOp&&Lr(e)}function $r(e,t){return 0==t.from.ch&&0==t.to.ch&&""==g(t.text)&&(!e.cm||e.cm.options.wholeLineUpdateBefore)}function qr(e,t,r,n){function i(e){return r?r[e]:null}function o(e,r,i){!function(e,t,r,n){e.text=t,e.stateAfter&&(e.stateAfter=null),e.styles&&(e.styles=null),null!=e.order&&(e.order=null),Y(e),_(e,r);var i=n?n(e):1;i!=e.height&&N(e,i)}(e,r,i,n),qe(e,"change",e,t)}function l(e,t){for(var r=[],o=e;o<t;++o)r.push(new Go(u[o],i(o),n));return r}var s=t.from,a=t.to,u=t.text,c=k(e,s.line),h=k(e,a.line),f=g(u),d=i(u.length-1),p=a.line-s.line;if(t.full)e.insert(0,l(0,u.length)),e.remove(u.length,e.size-u.length);else if($r(e,t)){var v=l(0,u.length-1);o(h,h.text,d),p&&e.remove(s.line,p),v.length&&e.insert(s.line,v)}else if(c==h)if(1==u.length)o(c,c.text.slice(0,s.ch)+f+c.text.slice(a.ch),d);else{var m=l(1,u.length-1);m.push(new Go(f+c.text.slice(a.ch),d,n)),o(c,c.text.slice(0,s.ch)+u[0],i(0)),e.insert(s.line+1,m)}else if(1==u.length)o(c,c.text.slice(0,s.ch)+u[0]+h.text.slice(a.ch),i(0)),e.remove(s.line+1,p);else{o(c,c.text.slice(0,s.ch)+u[0],i(0)),o(h,f+h.text.slice(a.ch),d);var y=l(1,u.length-1);p>1&&e.remove(s.line+1,p-1),e.insert(s.line+1,y)}qe(e,"change",e,t)}function Zr(e,t,r){function n(e,i,o){if(e.linked)for(var l=0;l<e.linked.length;++l){var s=e.linked[l];if(s.doc!=i){var a=o&&s.sharedHist;r&&!a||(t(s.doc,a),n(s.doc,e,a))}}}n(e,null,!0)}function Qr(e,t){if(t.cm)throw new Error("This document is already in use.");e.doc=t,t.cm=e,Ut(e),Yr(e),Jr(e),e.options.lineWrapping||ue(e),e.options.mode=t.modeOption,Lr(e)}function Jr(e){("rtl"==e.doc.direction?s:uo)(e.display.lineDiv,"CodeMirror-rtl")}function en(e){this.done=[],this.undone=[],this.undoDepth=1/0,this.lastModTime=this.lastSelTime=0,this.lastOp=this.lastSelOp=null,this.lastOrigin=this.lastSelOrigin=null,this.generation=this.maxGeneration=e||1}function tn(e,t){var r={from:E(t.from),to:Vr(t),text:T(e,t.from,t.to)};return sn(e,r,t.from.line,t.to.line+1),Zr(e,function(e){return sn(e,r,t.from.line,t.to.line+1)},!0),r}function rn(e){for(;e.length;){if(!g(e).ranges)break;e.pop()}}function nn(e,t,r,n){var i=e.history;i.undone.length=0;var o,l,s=+new Date;if((i.lastOp==n||i.lastOrigin==t.origin&&t.origin&&("+"==t.origin.charAt(0)&&e.cm&&i.lastModTime>s-e.cm.options.historyEventDelay||"*"==t.origin.charAt(0)))&&(o=function(e,t){return t?(rn(e.done),g(e.done)):e.done.length&&!g(e.done).ranges?g(e.done):e.done.length>1&&!e.done[e.done.length-2].ranges?(e.done.pop(),g(e.done)):void 0}(i,i.lastOp==n)))l=g(o.changes),0==F(t.from,t.to)&&0==F(t.from,l.to)?l.to=Vr(t):o.changes.push(tn(e,t));else{var a=g(i.done);for(a&&a.ranges||ln(e.sel,i.done),o={changes:[tn(e,t)],generation:i.generation},i.done.push(o);i.done.length>i.undoDepth;)i.done.shift(),i.done[0].ranges||i.done.shift()}i.done.push(r),i.generation=++i.maxGeneration,i.lastModTime=i.lastSelTime=s,i.lastOp=i.lastSelOp=n,i.lastOrigin=i.lastSelOrigin=t.origin,l||pe(e,"historyAdded")}function on(e,t,r,n){var i=e.history,o=n&&n.origin;r==i.lastSelOp||o&&i.lastSelOrigin==o&&(i.lastModTime==i.lastSelTime&&i.lastOrigin==o||function(e,t,r,n){var i=t.charAt(0);return"*"==i||"+"==i&&r.ranges.length==n.ranges.length&&r.somethingSelected()==n.somethingSelected()&&new Date-e.history.lastSelTime<=(e.cm?e.cm.options.historyEventDelay:500)}(e,o,g(i.done),t))?i.done[i.done.length-1]=t:ln(t,i.done),i.lastSelTime=+new Date,i.lastSelOrigin=o,i.lastSelOp=r,n&&!1!==n.clearRedo&&rn(i.undone)}function ln(e,t){var r=g(t);r&&r.ranges&&r.equals(e)||t.push(e)}function sn(e,t,r,n){var i=t["spans_"+e.id],o=0;e.iter(Math.max(e.first,r),Math.min(e.first+e.size,n),function(r){r.markedSpans&&((i||(i=t["spans_"+e.id]={}))[o]=r.markedSpans),++o})}function an(e){if(!e)return null;for(var t,r=0;r<e.length;++r)e[r].marker.explicitlyCleared?t||(t=e.slice(0,r)):t&&t.push(e[r]);return t?t.length?t:null:e}function un(e,t){var r=function(e,t){var r=t["spans_"+e.id];if(!r)return null;for(var n=[],i=0;i<t.text.length;++i)n.push(an(r[i]));return n}(e,t),n=j(e,t);if(!r)return n;if(!n)return r;for(var i=0;i<r.length;++i){var o=r[i],l=n[i];if(o&&l)e:for(var s=0;s<l.length;++s){for(var a=l[s],u=0;u<o.length;++u)if(o[u].marker==a.marker)continue e;o.push(a)}else l&&(r[i]=l)}return r}function cn(e,t,r){for(var n=[],i=0;i<e.length;++i){var o=e[i];if(o.ranges)n.push(r?tl.prototype.deepCopy.call(o):o);else{var l=o.changes,s=[];n.push({changes:s});for(var a=0;a<l.length;++a){var u=l[a],c=void 0;if(s.push({from:u.from,to:u.to,text:u.text}),t)for(var h in u)(c=h.match(/^spans_(\d+)$/))&&f(t,Number(c[1]))>-1&&(g(s)[h]=u[h],delete u[h])}}}return n}function hn(e,t,r,n){if(n){var i=e.anchor;if(r){var o=F(t,i)<0;o!=F(r,i)<0?(i=t,t=r):o!=F(t,r)<0&&(t=r)}return new rl(i,t)}return new rl(r||t,t)}function fn(e,t,r,n,i){null==i&&(i=e.cm&&(e.cm.display.shift||e.extend)),mn(e,new tl([hn(e.sel.primary(),t,r,i)],0),n)}function dn(e,t,r){for(var n=[],i=e.cm&&(e.cm.display.shift||e.extend),o=0;o<e.sel.ranges.length;o++)n[o]=hn(e.sel.ranges[o],t[o],null,i);mn(e,Gr(n,e.sel.primIndex),r)}function pn(e,t,r,n){var i=e.sel.ranges.slice(0);i[t]=r,mn(e,Gr(i,e.sel.primIndex),n)}function gn(e,t,r,n){mn(e,Ur(t,r),n)}function vn(e,t,r){var n=e.history.done,i=g(n);i&&i.ranges?(n[n.length-1]=t,yn(e,t,r)):mn(e,t,r)}function mn(e,t,r){yn(e,t,r),on(e,e.sel,e.cm?e.cm.curOp.id:NaN,r)}function yn(e,t,r){(me(e,"beforeSelectionChange")||e.cm&&me(e.cm,"beforeSelectionChange"))&&(t=function(e,t,r){var n={ranges:t.ranges,update:function(t){this.ranges=[];for(var r=0;r<t.length;r++)this.ranges[r]=new rl(B(e,t[r].anchor),B(e,t[r].head))},origin:r&&r.origin};return pe(e,"beforeSelectionChange",e,n),e.cm&&pe(e.cm,"beforeSelectionChange",e.cm,n),n.ranges!=t.ranges?Gr(n.ranges,n.ranges.length-1):t}(e,t,r));bn(e,xn(e,t,r&&r.bias||(F(t.primary().head,e.sel.primary().head)<0?-1:1),!0)),r&&!1===r.scroll||!e.cm||sr(e.cm)}function bn(e,t){t.equals(e.sel)||(e.sel=t,e.cm&&(e.cm.curOp.updateInput=e.cm.curOp.selectionChanged=!0,ve(e.cm)),qe(e,"cursorActivity",e))}function wn(e){bn(e,xn(e,e.sel,null,!1))}function xn(e,t,r,n){for(var i,o=0;o<t.ranges.length;o++){var l=t.ranges[o],s=t.ranges.length==e.sel.ranges.length&&e.sel.ranges[o],a=Sn(e,l.anchor,s&&s.anchor,r,n),u=Sn(e,l.head,s&&s.head,r,n);(i||a!=l.anchor||u!=l.head)&&(i||(i=t.ranges.slice(0,o)),i[o]=new rl(a,u))}return i?Gr(i,t.primIndex):t}function Cn(e,t,r,n,i){var o=k(e,t.line);if(o.markedSpans)for(var l=0;l<o.markedSpans.length;++l){var s=o.markedSpans[l],a=s.marker;if((null==s.from||(a.inclusiveLeft?s.from<=t.ch:s.from<t.ch))&&(null==s.to||(a.inclusiveRight?s.to>=t.ch:s.to>t.ch))){if(i&&(pe(a,"beforeCursorEnter"),a.explicitlyCleared)){if(o.markedSpans){--l;continue}break}if(!a.atomic)continue;if(r){var u=a.find(n<0?1:-1),c=void 0;if((n<0?a.inclusiveRight:a.inclusiveLeft)&&(u=Ln(e,u,-n,u&&u.line==t.line?o:null)),u&&u.line==t.line&&(c=F(u,r))&&(n<0?c<0:c>0))return Cn(e,u,t,n,i)}var h=a.find(n<0?-1:1);return(n<0?a.inclusiveLeft:a.inclusiveRight)&&(h=Ln(e,h,n,h.line==t.line?o:null)),h?Cn(e,h,t,n,i):null}}return t}function Sn(e,t,r,n,i){var o=n||1,l=Cn(e,t,r,o,i)||!i&&Cn(e,t,r,o,!0)||Cn(e,t,r,-o,i)||!i&&Cn(e,t,r,-o,!0);return l||(e.cantEdit=!0,H(e.first,0))}function Ln(e,t,r,n){return r<0&&0==t.ch?t.line>e.first?B(e,H(t.line-1)):null:r>0&&t.ch==(n||k(e,t.line)).text.length?t.line<e.first+e.size-1?H(t.line+1,0):null:new H(t.line,t.ch+r)}function kn(e){e.setSelection(H(e.firstLine(),0),H(e.lastLine()),mo)}function Tn(e,t,r){var n={canceled:!1,from:t.from,to:t.to,text:t.text,origin:t.origin,cancel:function(){return n.canceled=!0}};return r&&(n.update=function(t,r,i,o){t&&(n.from=B(e,t)),r&&(n.to=B(e,r)),i&&(n.text=i),void 0!==o&&(n.origin=o)}),pe(e,"beforeChange",e,n),e.cm&&pe(e.cm,"beforeChange",e.cm,n),n.canceled?null:{from:n.from,to:n.to,text:n.text,origin:n.origin}}function Mn(e,t,r){if(e.cm){if(!e.cm.curOp)return xr(e.cm,Mn)(e,t,r);if(e.cm.state.suppressEdits)return}if(!(me(e,"beforeChange")||e.cm&&me(e.cm,"beforeChange"))||(t=Tn(e,t,!0))){var n=So&&!r&&function(e,t,r){var n=null;if(e.iter(t.line,r.line+1,function(e){if(e.markedSpans)for(var t=0;t<e.markedSpans.length;++t){var r=e.markedSpans[t].marker;!r.readOnly||n&&-1!=f(n,r)||(n||(n=[])).push(r)}}),!n)return null;for(var i=[{from:t,to:r}],o=0;o<n.length;++o)for(var l=n[o],s=l.find(0),a=0;a<i.length;++a){var u=i[a];if(!(F(u.to,s.from)<0||F(u.from,s.to)>0)){var c=[a,1],h=F(u.from,s.from),d=F(u.to,s.to);(h<0||!l.inclusiveLeft&&!h)&&c.push({from:u.from,to:s.from}),(d>0||!l.inclusiveRight&&!d)&&c.push({from:s.to,to:u.to}),i.splice.apply(i,c),a+=c.length-3}}return i}(e,t.from,t.to);if(n)for(var i=n.length-1;i>=0;--i)Nn(e,{from:n[i].from,to:n[i].to,text:i?[""]:t.text,origin:t.origin});else Nn(e,t)}}function Nn(e,t){if(1!=t.text.length||""!=t.text[0]||0!=F(t.from,t.to)){var r=jr(e,t);nn(e,t,r,e.cm?e.cm.curOp.id:NaN),Wn(e,t,r,j(e,t));var n=[];Zr(e,function(e,r){r||-1!=f(n,e.history)||(Pn(e.history,t),n.push(e.history)),Wn(e,t,null,j(e,t))})}}function On(e,t,r){if(!e.cm||!e.cm.state.suppressEdits||r){for(var n,i=e.history,o=e.sel,l="undo"==t?i.done:i.undone,s="undo"==t?i.undone:i.done,a=0;a<l.length&&(n=l[a],r?!n.ranges||n.equals(e.sel):n.ranges);a++);if(a!=l.length){for(i.lastOrigin=i.lastSelOrigin=null;(n=l.pop()).ranges;){if(ln(n,s),r&&!n.equals(e.sel))return void mn(e,n,{clearRedo:!1});o=n}var u=[];ln(o,s),s.push({changes:u,generation:i.generation}),i.generation=n.generation||++i.maxGeneration;for(var c=me(e,"beforeChange")||e.cm&&me(e.cm,"beforeChange"),h=function(r){var i=n.changes[r];if(i.origin=t,c&&!Tn(e,i,!1))return l.length=0,{};u.push(tn(e,i));var o=r?jr(e,i):g(l);Wn(e,i,o,un(e,i)),!r&&e.cm&&e.cm.scrollIntoView({from:i.from,to:Vr(i)});var s=[];Zr(e,function(e,t){t||-1!=f(s,e.history)||(Pn(e.history,i),s.push(e.history)),Wn(e,i,null,un(e,i))})},d=n.changes.length-1;d>=0;--d){var p=h(d);if(p)return p.v}}}}function An(e,t){if(0!=t&&(e.first+=t,e.sel=new tl(v(e.sel.ranges,function(e){return new rl(H(e.anchor.line+t,e.anchor.ch),H(e.head.line+t,e.head.ch))}),e.sel.primIndex),e.cm)){Lr(e.cm,e.first,e.first-t,t);for(var r=e.cm.display,n=r.viewFrom;n<r.viewTo;n++)kr(e.cm,n,"gutter")}}function Wn(e,t,r,n){if(e.cm&&!e.cm.curOp)return xr(e.cm,Wn)(e,t,r,n);if(t.to.line<e.first)An(e,t.text.length-1-(t.to.line-t.from.line));else if(!(t.from.line>e.lastLine())){if(t.from.line<e.first){var i=t.text.length-1-(e.first-t.from.line);An(e,i),t={from:H(e.first,0),to:H(t.to.line+i,t.to.ch),text:[g(t.text)],origin:t.origin}}var o=e.lastLine();t.to.line>o&&(t={from:t.from,to:H(o,k(e,o).text.length),text:[t.text[0]],origin:t.origin}),t.removed=T(e,t.from,t.to),r||(r=jr(e,t)),e.cm?function(e,t,r){var n=e.doc,i=e.display,o=t.from,l=t.to,s=!1,a=o.line;e.options.lineWrapping||(a=O(re(k(n,o.line))),n.iter(a,l.line+1,function(e){if(e==i.maxLine)return s=!0,!0}));n.sel.contains(t.from,t.to)>-1&&ve(e);qr(n,t,r,Gt(e)),e.options.lineWrapping||(n.iter(a,o.line+t.text.length,function(e){var t=ae(e);t>i.maxLineLength&&(i.maxLine=e,i.maxLineLength=t,i.maxLineChanged=!0,s=!1)}),s&&(e.curOp.updateMaxLine=!0));(function(e,t){if(e.modeFrontier=Math.min(e.modeFrontier,t),!(e.highlightFrontier<t-10)){for(var r=e.first,n=t-1;n>r;n--){var i=k(e,n).stateAfter;if(i&&(!(i instanceof Io)||n+i.lookAhead<t)){r=n+1;break}}e.highlightFrontier=Math.min(e.highlightFrontier,r)}})(n,o.line),Or(e,400);var u=t.text.length-(l.line-o.line)-1;t.full?Lr(e):o.line!=l.line||1!=t.text.length||$r(e.doc,t)?Lr(e,o.line,l.line+1,u):kr(e,o.line,"text");var c=me(e,"changes"),h=me(e,"change");if(h||c){var f={from:o,to:l,text:t.text,removed:t.removed,origin:t.origin};h&&qe(e,"change",e,f),c&&(e.curOp.changeObjs||(e.curOp.changeObjs=[])).push(f)}e.display.selForContextMenu=null}(e.cm,t,n):qr(e,t,n),yn(e,r,mo)}}function Dn(e,t,r,n,i){if(n||(n=r),F(n,r)<0){var o;r=(o=[n,r])[0],n=o[1]}"string"==typeof t&&(t=e.splitLines(t)),Mn(e,{from:r,to:n,text:t,origin:i})}function Hn(e,t,r,n){r<e.line?e.line+=n:t<e.line&&(e.line=t,e.ch=0)}function Fn(e,t,r,n){for(var i=0;i<e.length;++i){var o=e[i],l=!0;if(o.ranges){o.copied||((o=e[i]=o.deepCopy()).copied=!0);for(var s=0;s<o.ranges.length;s++)Hn(o.ranges[s].anchor,t,r,n),Hn(o.ranges[s].head,t,r,n)}else{for(var a=0;a<o.changes.length;++a){var u=o.changes[a];if(r<u.from.line)u.from=H(u.from.line+n,u.from.ch),u.to=H(u.to.line+n,u.to.ch);else if(t<=u.to.line){l=!1;break}}l||(e.splice(0,i+1),i=0)}}}function Pn(e,t){var r=t.from.line,n=t.to.line,i=t.text.length-(n-r)-1;Fn(e.done,r,n,i),Fn(e.undone,r,n,i)}function En(e,t,r,n){var i=t,o=t;return"number"==typeof t?o=k(e,R(e,t)):i=O(t),null==i?null:(n(o,i)&&e.cm&&kr(e.cm,i,r),o)}function zn(e){this.lines=e,this.parent=null;for(var t=0,r=0;r<e.length;++r)e[r].parent=this,t+=e[r].height;this.height=t}function In(e){this.children=e;for(var t=0,r=0,n=0;n<e.length;++n){var i=e[n];t+=i.chunkSize(),r+=i.height,i.parent=this}this.size=t,this.height=r,this.parent=null}function Rn(e,t,r){se(t)<(e.curOp&&e.curOp.scrollTop||e.doc.scrollTop)&&lr(e,r)}function Bn(e,t,r,n,o){if(n&&n.shared)return function(e,t,r,n,i){(n=c(n)).shared=!1;var o=[Bn(e,t,r,n,i)],l=o[0],s=n.widgetNode;return Zr(e,function(e){s&&(n.widgetNode=s.cloneNode(!0)),o.push(Bn(e,B(e,t),B(e,r),n,i));for(var a=0;a<e.linked.length;++a)if(e.linked[a].isParent)return;l=g(o)}),new ll(o,l)}(e,t,r,n,o);if(e.cm&&!e.cm.curOp)return xr(e.cm,Bn)(e,t,r,n,o);var l=new ol(e,o),s=F(t,r);if(n&&c(n,l,!1),s>0||0==s&&!1!==l.clearWhenEmpty)return l;if(l.replacedWith&&(l.collapsed=!0,l.widgetNode=i("span",[l.replacedWith],"CodeMirror-widget"),n.handleMouseEvents||l.widgetNode.setAttribute("cm-ignore-events","true"),n.insertLeft&&(l.widgetNode.insertLeft=!0)),l.collapsed){if(te(e,t.line,t,r,l)||t.line!=r.line&&te(e,r.line,t,r,l))throw new Error("Inserting collapsed marker partially overlapping an existing one");Lo=!0}l.addToHistory&&nn(e,{from:t,to:r,origin:"markText"},e.sel,NaN);var a,u=t.line,h=e.cm;if(e.iter(u,r.line+1,function(e){h&&l.collapsed&&!h.options.lineWrapping&&re(e)==h.display.maxLine&&(a=!0),l.collapsed&&u!=t.line&&N(e,0),function(e,t){e.markedSpans=e.markedSpans?e.markedSpans.concat([t]):[t],t.marker.attachLine(e)}(e,new U(l,u==t.line?t.ch:null,u==r.line?r.ch:null)),++u}),l.collapsed&&e.iter(t.line,r.line+1,function(t){oe(e,t)&&N(t,0)}),l.clearOnEnter&&No(l,"beforeCursorEnter",function(){return l.clear()}),l.readOnly&&(So=!0,(e.history.done.length||e.history.undone.length)&&e.clearHistory()),l.collapsed&&(l.id=++il,l.atomic=!0),h){if(a&&(h.curOp.updateMaxLine=!0),l.collapsed)Lr(h,t.line,r.line+1);else if(l.className||l.title||l.startStyle||l.endStyle||l.css)for(var f=t.line;f<=r.line;f++)kr(h,f,"text");l.atomic&&wn(h.doc),qe(h,"markerAdded",h,l)}return l}function Gn(e){return e.findMarks(H(e.first,0),e.clipPos(H(e.lastLine())),function(e){return e.parent})}function Un(e){for(var t=function(t){var r=e[t],n=[r.primary.doc];Zr(r.primary.doc,function(e){return n.push(e)});for(var i=0;i<r.markers.length;i++){var o=r.markers[i];-1==f(n,o.doc)&&(o.parent=null,r.markers.splice(i--,1))}},r=0;r<e.length;r++)t(r)}function Vn(e){var t=this;if(Kn(t),!ge(t,e)&&!st(t.display,e)){be(e),Ki&&(ul=+new Date);var r=Vt(t,e,!0),n=e.dataTransfer.files;if(r&&!t.isReadOnly())if(n&&n.length&&window.FileReader&&window.File)for(var i=n.length,o=Array(i),l=0,s=function(e,n){if(!t.options.allowDropFileTypes||-1!=f(t.options.allowDropFileTypes,e.type)){var s=new FileReader;s.onload=xr(t,function(){var e=s.result;if(/[\x00-\x08\x0e-\x1f]{2}/.test(e)&&(e=""),o[n]=e,++l==i){var a={from:r=B(t.doc,r),to:r,text:t.doc.splitLines(o.join(t.doc.lineSeparator())),origin:"paste"};Mn(t.doc,a),vn(t.doc,Ur(r,Vr(a)))}}),s.readAsText(e)}},a=0;a<i;++a)s(n[a],a);else{if(t.state.draggingText&&t.doc.sel.contains(r)>-1)return t.state.draggingText(e),void setTimeout(function(){return t.display.input.focus()},20);try{var u=e.dataTransfer.getData("Text");if(u){var c;if(t.state.draggingText&&!t.state.draggingText.copy&&(c=t.listSelections()),yn(t.doc,Ur(r,r)),c)for(var h=0;h<c.length;++h)Dn(t.doc,"",c[h].anchor,c[h].head,"drag");t.replaceSelection(u,"around","paste"),t.display.input.focus()}}catch(e){}}}}function Kn(e){e.display.dragCursor&&(e.display.lineSpace.removeChild(e.display.dragCursor),e.display.dragCursor=null)}function jn(e){if(document.getElementsByClassName)for(var t=document.getElementsByClassName("CodeMirror"),r=0;r<t.length;r++){var n=t[r].CodeMirror;n&&e(n)}}function Xn(){cl||(!function(){var e;No(window,"resize",function(){null==e&&(e=setTimeout(function(){e=null,jn(Yn)},100))}),No(window,"blur",function(){return jn(Jt)})}(),cl=!0)}function Yn(e){var t=e.display;t.lastWrapHeight==t.wrapper.clientHeight&&t.lastWrapWidth==t.wrapper.clientWidth||(t.cachedCharWidth=t.cachedTextHeight=t.cachedPaddingH=null,t.scrollbarsClipped=!1,e.setSize())}function _n(e){var t=e.split(/-(?!$)/);e=t[t.length-1];for(var r,n,i,o,l=0;l<t.length-1;l++){var s=t[l];if(/^(cmd|meta|m)$/i.test(s))o=!0;else if(/^a(lt)?$/i.test(s))r=!0;else if(/^(c|ctrl|control)$/i.test(s))n=!0;else{if(!/^s(hift)?$/i.test(s))throw new Error("Unrecognized modifier name: "+s);i=!0}}return r&&(e="Alt-"+e),n&&(e="Ctrl-"+e),o&&(e="Cmd-"+e),i&&(e="Shift-"+e),e}function $n(e){var t={};for(var r in e)if(e.hasOwnProperty(r)){var n=e[r];if(/^(name|fallthrough|(de|at)tach)$/.test(r))continue;if("..."==n){delete e[r];continue}for(var i=v(r.split(" "),_n),o=0;o<i.length;o++){var l=void 0,s=void 0;o==i.length-1?(s=i.join(" "),l=n):(s=i.slice(0,o+1).join(" "),l="...");var a=t[s];if(a){if(a!=l)throw new Error("Inconsistent bindings for "+s)}else t[s]=l}delete e[r]}for(var u in t)e[u]=t[u];return e}function qn(e,t,r,n){var i=(t=ei(t)).call?t.call(e,n):t[e];if(!1===i)return"nothing";if("..."===i)return"multi";if(null!=i&&r(i))return"handled";if(t.fallthrough){if("[object Array]"!=Object.prototype.toString.call(t.fallthrough))return qn(e,t.fallthrough,r,n);for(var o=0;o<t.fallthrough.length;o++){var l=qn(e,t.fallthrough[o],r,n);if(l)return l}}}function Zn(e){var t="string"==typeof e?e:hl[e.keyCode];return"Ctrl"==t||"Alt"==t||"Shift"==t||"Mod"==t}function Qn(e,t,r){var n=e;return t.altKey&&"Alt"!=n&&(e="Alt-"+e),(so?t.metaKey:t.ctrlKey)&&"Ctrl"!=n&&(e="Ctrl-"+e),(so?t.ctrlKey:t.metaKey)&&"Cmd"!=n&&(e="Cmd-"+e),!r&&t.shiftKey&&"Shift"!=n&&(e="Shift-"+e),e}function Jn(e,t){if($i&&34==e.keyCode&&e.char)return!1;var r=hl[e.keyCode];return null!=r&&!e.altGraphKey&&Qn(r,e,t)}function ei(e){return"string"==typeof e?gl[e]:e}function ti(e,t){for(var r=e.doc.sel.ranges,n=[],i=0;i<r.length;i++){for(var o=t(r[i]);n.length&&F(o.from,g(n).to)<=0;){var l=n.pop();if(F(l.from,o.from)<0){o.from=l.from;break}}n.push(o)}wr(e,function(){for(var t=n.length-1;t>=0;t--)Dn(e.doc,"",n[t].from,n[t].to,"+delete");sr(e)})}function ri(e,t,r){var n=S(e.text,t+r,r);return n<0||n>e.text.length?null:n}function ni(e,t,r){var n=ri(e,t.ch,r);return null==n?null:new H(t.line,n,r<0?"after":"before")}function ii(e,t,r,n,i){if(e){var o=he(r,t.doc.direction);if(o){var l,s=i<0?g(o):o[0],a=i<0==(1==s.level)?"after":"before";if(s.level>0||"rtl"==t.doc.direction){var u=mt(t,r);l=i<0?r.text.length-1:0;var c=yt(t,u,l).top;l=L(function(e){return yt(t,u,e).top==c},i<0==(1==s.level)?s.from:s.to-1,l),"before"==a&&(l=ri(r,l,1))}else l=i<0?s.to:s.from;return new H(n,l,a)}}return new H(n,i<0?r.text.length:0,i<0?"before":"after")}function oi(e,t){var r=k(e.doc,t),n=re(r);return n!=r&&(t=O(n)),ii(!0,e,n,t,1)}function li(e,t){var r=k(e.doc,t),n=function(e){for(var t;t=ee(e);)e=t.find(1,!0).line;return e}(r);return n!=r&&(t=O(n)),ii(!0,e,r,t,-1)}function si(e,t){var r=oi(e,t.line),n=k(e.doc,r.line),i=he(n,e.doc.direction);if(!i||0==i[0].level){var o=Math.max(0,n.text.search(/\S/)),l=t.line==r.line&&t.ch<=o&&t.ch;return H(r.line,l?0:o,r.sticky)}return r}function ai(e,t,r){if("string"==typeof t&&!(t=vl[t]))return!1;e.display.input.ensurePolled();var n=e.display.shift,i=!1;try{e.isReadOnly()&&(e.state.suppressEdits=!0),r&&(e.display.shift=!1),i=t(e)!=vo}finally{e.display.shift=n,e.state.suppressEdits=!1}return i}function ui(e,t,r,n){var i=e.state.keySeq;if(i){if(Zn(t))return"handled";ml.set(50,function(){e.state.keySeq==i&&(e.state.keySeq=null,e.display.input.reset())}),t=i+" "+t}var o=function(e,t,r){for(var n=0;n<e.state.keyMaps.length;n++){var i=qn(t,e.state.keyMaps[n],r,e);if(i)return i}return e.options.extraKeys&&qn(t,e.options.extraKeys,r,e)||qn(t,e.options.keyMap,r,e)}(e,t,n);return"multi"==o&&(e.state.keySeq=t),"handled"==o&&qe(e,"keyHandled",e,t,r),"handled"!=o&&"multi"!=o||(be(r),$t(e)),i&&!o&&/\'$/.test(t)?(be(r),!0):!!o}function ci(e,t){var r=Jn(t,!0);return!!r&&(t.shiftKey&&!e.state.keySeq?ui(e,"Shift-"+r,t,function(t){return ai(e,t,!0)})||ui(e,r,t,function(t){if("string"==typeof t?/^go[A-Z]/.test(t):t.motion)return ai(e,t)}):ui(e,r,t,function(t){return ai(e,t)}))}function hi(e){var t=this;if(t.curOp.focus=l(),!ge(t,e)){Ki&&ji<11&&27==e.keyCode&&(e.returnValue=!1);var r=e.keyCode;t.display.shift=16==r||e.shiftKey;var n=ci(t,e);$i&&(yl=n?r:null,!n&&88==r&&!Do&&(ro?e.metaKey:e.ctrlKey)&&t.replaceSelection("",null,"cut")),18!=r||/\bCodeMirror-crosshair\b/.test(t.display.lineDiv.className)||function(e){function t(e){18!=e.keyCode&&e.altKey||(uo(r,"CodeMirror-crosshair"),de(document,"keyup",t),de(document,"mouseover",t))}var r=e.display.lineDiv;s(r,"CodeMirror-crosshair");No(document,"keyup",t),No(document,"mouseover",t)}(t)}}function fi(e){16==e.keyCode&&(this.doc.sel.shift=!1),ge(this,e)}function di(e){var t=this;if(!(st(t.display,e)||ge(t,e)||e.ctrlKey&&!e.altKey||ro&&e.metaKey)){var r=e.keyCode,n=e.charCode;if($i&&r==yl)return yl=null,void be(e);if(!$i||e.which&&!(e.which<10)||!ci(t,e)){var i=String.fromCharCode(null==n?r:n);"\b"!=i&&(function(e,t,r){return ui(e,"'"+r+"'",t,function(t){return ai(e,t,!0)})}(t,e,i)||t.display.input.onKeyPress(e))}}}function pi(e){var t=this,r=t.display;if(!(ge(t,e)||r.activeTouch&&r.input.supportsTouch()))if(r.input.ensurePolled(),r.shift=e.shiftKey,st(r,e))Xi||(r.scroller.draggable=!1,setTimeout(function(){return r.scroller.draggable=!0},100));else if(!mi(t,e)){var n=Vt(t,e),i=Le(e),o=n?function(e,t){var r=+new Date;return xl&&xl.compare(r,e,t)?(wl=xl=null,"triple"):wl&&wl.compare(r,e,t)?(xl=new bl(r,e,t),wl=null,"double"):(wl=new bl(r,e,t),xl=null,"single")}(n,i):"single";window.focus(),1==i&&t.state.selectingText&&t.state.selectingText(e),n&&function(e,t,r,n,i){var o="Click";"double"==n?o="Double"+o:"triple"==n&&(o="Triple"+o);return o=(1==t?"Left":2==t?"Middle":"Right")+o,ui(e,Qn(o,i),i,function(t){if("string"==typeof t&&(t=vl[t]),!t)return!1;var n=!1;try{e.isReadOnly()&&(e.state.suppressEdits=!0),n=t(e,r)!=vo}finally{e.state.suppressEdits=!1}return n})}(t,i,n,o,e)||(1==i?n?function(e,t,r,n){Ki?setTimeout(u(qt,e),0):e.curOp.focus=l();var i,o=function(e,t,r){var n=e.getOption("configureMouse"),i=n?n(e,t,r):{};if(null==i.unit){var o=no?r.shiftKey&&r.metaKey:r.altKey;i.unit=o?"rectangle":"single"==t?"char":"double"==t?"word":"line"}(null==i.extend||e.doc.extend)&&(i.extend=e.doc.extend||r.shiftKey);null==i.addNew&&(i.addNew=ro?r.metaKey:r.ctrlKey);null==i.moveOnDrag&&(i.moveOnDrag=!(ro?r.altKey:r.ctrlKey));return i}(e,r,n),s=e.doc.sel;e.options.dragDrop&&Oo&&!e.isReadOnly()&&"single"==r&&(i=s.contains(t))>-1&&(F((i=s.ranges[i]).from(),t)<0||t.xRel>0)&&(F(i.to(),t)>0||t.xRel<0)?function(e,t,r,n){var i=e.display,o=!1,l=xr(e,function(t){Xi&&(i.scroller.draggable=!1),e.state.draggingText=!1,de(document,"mouseup",l),de(document,"mousemove",s),de(i.scroller,"dragstart",a),de(i.scroller,"drop",l),o||(be(t),n.addNew||fn(e.doc,r,null,null,n.extend),Xi||Ki&&9==ji?setTimeout(function(){document.body.focus(),i.input.focus()},20):i.input.focus())}),s=function(e){o=o||Math.abs(t.clientX-e.clientX)+Math.abs(t.clientY-e.clientY)>=10},a=function(){return o=!0};Xi&&(i.scroller.draggable=!0);e.state.draggingText=l,l.copy=!n.moveOnDrag,i.scroller.dragDrop&&i.scroller.dragDrop();No(document,"mouseup",l),No(document,"mousemove",s),No(i.scroller,"dragstart",a),No(i.scroller,"drop",l),Zt(e),setTimeout(function(){return i.input.focus()},20)}(e,n,t,o):function(e,t,r,n){function i(t){if(0!=F(m,t))if(m=t,"rectangle"==n.unit){for(var i=[],o=e.options.tabSize,l=h(k(u,r.line).text,r.ch,o),s=h(k(u,t.line).text,t.ch,o),a=Math.min(l,s),g=Math.max(l,s),v=Math.min(r.line,t.line),y=Math.min(e.lastLine(),Math.max(r.line,t.line));v<=y;v++){var b=k(u,v).text,w=d(b,a,o);a==g?i.push(new rl(H(v,w),H(v,w))):b.length>w&&i.push(new rl(H(v,w),H(v,d(b,g,o))))}i.length||i.push(new rl(r,r)),mn(u,Gr(p.ranges.slice(0,f).concat(i),f),{origin:"*mouse",scroll:!1}),e.scrollIntoView(t)}else{var x,C=c,S=gi(e,t,n.unit),L=C.anchor;F(S.anchor,L)>0?(x=S.head,L=I(C.from(),S.anchor)):(x=S.anchor,L=z(C.to(),S.head));var T=p.ranges.slice(0);T[f]=function(e,t){var r=t.anchor,n=t.head,i=k(e.doc,r.line);if(0==F(r,n)&&r.sticky==n.sticky)return t;var o=he(i);if(!o)return t;var l=ce(o,r.ch,r.sticky),s=o[l];if(s.from!=r.ch&&s.to!=r.ch)return t;var a=l+(s.from==r.ch==(1!=s.level)?0:1);if(0==a||a==o.length)return t;var u;if(n.line!=r.line)u=(n.line-r.line)*("ltr"==e.doc.direction?1:-1)>0;else{var c=ce(o,n.ch,n.sticky),h=c-l||(n.ch-r.ch)*(1==s.level?-1:1);u=c==a-1||c==a?h<0:h>0}var f=o[a+(u?-1:0)],d=u==(1==f.level),p=d?f.from:f.to,g=d?"after":"before";return r.ch==p&&r.sticky==g?t:new rl(new H(r.line,p,g),n)}(e,new rl(B(u,L),x)),mn(u,Gr(T,f),yo)}}function o(t){var r=++b,s=Vt(e,t,!0,"rectangle"==n.unit);if(s)if(0!=F(s,m)){e.curOp.focus=l(),i(s);var c=rr(a,u);(s.line>=c.to||s.line<c.from)&&setTimeout(xr(e,function(){b==r&&o(t)}),150)}else{var h=t.clientY<y.top?-20:t.clientY>y.bottom?20:0;h&&setTimeout(xr(e,function(){b==r&&(a.scroller.scrollTop+=h,o(t))}),50)}}function s(t){e.state.selectingText=!1,b=1/0,be(t),a.input.focus(),de(document,"mousemove",w),de(document,"mouseup",x),u.history.lastSelOrigin=null}var a=e.display,u=e.doc;be(t);var c,f,p=u.sel,g=p.ranges;n.addNew&&!n.extend?(f=u.sel.contains(r),c=f>-1?g[f]:new rl(r,r)):(c=u.sel.primary(),f=u.sel.primIndex);if("rectangle"==n.unit)n.addNew||(c=new rl(r,r)),r=Vt(e,t,!0,!0),f=-1;else{var v=gi(e,r,n.unit);c=n.extend?hn(c,v.anchor,v.head,n.extend):v}n.addNew?-1==f?(f=g.length,mn(u,Gr(g.concat([c]),f),{scroll:!1,origin:"*mouse"})):g.length>1&&g[f].empty()&&"char"==n.unit&&!n.extend?(mn(u,Gr(g.slice(0,f).concat(g.slice(f+1)),0),{scroll:!1,origin:"*mouse"}),p=u.sel):pn(u,f,c,yo):(f=0,mn(u,new tl([c],0),yo),p=u.sel);var m=r;var y=a.wrapper.getBoundingClientRect(),b=0;var w=xr(e,function(e){Le(e)?o(e):s(e)}),x=xr(e,s);e.state.selectingText=x,No(document,"mousemove",w),No(document,"mouseup",x)}(e,n,t,o)}(t,n,o,e):Se(e)==r.scroller&&be(e):2==i?(n&&fn(t.doc,n),setTimeout(function(){return r.input.focus()},20)):3==i&&(ao?yi(t,e):Zt(t)))}}function gi(e,t,r){if("char"==r)return new rl(t,t);if("word"==r)return e.findWordAt(t);if("line"==r)return new rl(H(t.line,0),B(e.doc,H(t.line+1,0)));var n=r(e,t);return new rl(n.from,n.to)}function vi(e,t,r,n){var i,o;if(t.touches)i=t.touches[0].clientX,o=t.touches[0].clientY;else try{i=t.clientX,o=t.clientY}catch(t){return!1}if(i>=Math.floor(e.display.gutters.getBoundingClientRect().right))return!1;n&&be(t);var l=e.display,s=l.lineDiv.getBoundingClientRect();if(o>s.bottom||!me(e,r))return xe(t);o-=s.top-l.viewOffset;for(var a=0;a<e.options.gutters.length;++a){var u=l.gutters.childNodes[a];if(u&&u.getBoundingClientRect().right>=i){return pe(e,r,e,A(e.doc,o),e.options.gutters[a],t),xe(t)}}}function mi(e,t){return vi(e,t,"gutterClick",!0)}function yi(e,t){st(e.display,t)||function(e,t){if(!me(e,"gutterContextMenu"))return!1;return vi(e,t,"gutterContextMenu",!1)}(e,t)||ge(e,t,"contextmenu")||e.display.input.onContextMenu(t)}function bi(e){e.display.wrapper.className=e.display.wrapper.className.replace(/\s*cm-s-\S+/g,"")+e.options.theme.replace(/(^|\s)\s*/g," cm-s-"),St(e)}function wi(e){Er(e),Lr(e),nr(e)}function xi(e,t,r){if(!t!=!(r&&r!=Cl)){var n=e.display.dragFunctions,i=t?No:de;i(e.display.scroller,"dragstart",n.start),i(e.display.scroller,"dragenter",n.enter),i(e.display.scroller,"dragover",n.over),i(e.display.scroller,"dragleave",n.leave),i(e.display.scroller,"drop",n.drop)}}function Ci(e){e.options.lineWrapping?(s(e.display.wrapper,"CodeMirror-wrap"),e.display.sizer.style.minWidth="",e.display.sizerWidth=null):(uo(e.display.wrapper,"CodeMirror-wrap"),ue(e)),Ut(e),Lr(e),St(e),setTimeout(function(){return gr(e)},100)}function Si(e,t){var o=this;if(!(this instanceof Si))return new Si(e,t);this.options=t=t?c(t):{},c(Sl,t,!1),zr(t);var l=t.value;"string"==typeof l&&(l=new al(l,t.mode,null,t.lineSeparator,t.direction)),this.doc=l;var s=new Si.inputStyles[t.inputStyle](this),a=this.display=new function(e,t,r){var o=this;this.input=r,o.scrollbarFiller=n("div",null,"CodeMirror-scrollbar-filler"),o.scrollbarFiller.setAttribute("cm-not-content","true"),o.gutterFiller=n("div",null,"CodeMirror-gutter-filler"),o.gutterFiller.setAttribute("cm-not-content","true"),o.lineDiv=i("div",null,"CodeMirror-code"),o.selectionDiv=n("div",null,null,"position: relative; z-index: 1"),o.cursorDiv=n("div",null,"CodeMirror-cursors"),o.measure=n("div",null,"CodeMirror-measure"),o.lineMeasure=n("div",null,"CodeMirror-measure"),o.lineSpace=i("div",[o.measure,o.lineMeasure,o.selectionDiv,o.cursorDiv,o.lineDiv],null,"position: relative; outline: none");var l=i("div",[o.lineSpace],"CodeMirror-lines");o.mover=n("div",[l],null,"position: relative"),o.sizer=n("div",[o.mover],"CodeMirror-sizer"),o.sizerWidth=null,o.heightForcer=n("div",null,null,"position: absolute; height: "+go+"px; width: 1px;"),o.gutters=n("div",null,"CodeMirror-gutters"),o.lineGutter=null,o.scroller=n("div",[o.sizer,o.heightForcer,o.gutters],"CodeMirror-scroll"),o.scroller.setAttribute("tabIndex","-1"),o.wrapper=n("div",[o.scrollbarFiller,o.gutterFiller,o.scroller],"CodeMirror"),Ki&&ji<8&&(o.gutters.style.zIndex=-1,o.scroller.style.paddingRight=0),Xi||Bi&&to||(o.scroller.draggable=!0),e&&(e.appendChild?e.appendChild(o.wrapper):e(o.wrapper)),o.viewFrom=o.viewTo=t.first,o.reportedViewFrom=o.reportedViewTo=t.first,o.view=[],o.renderedView=null,o.externalMeasured=null,o.viewOffset=0,o.lastWrapHeight=o.lastWrapWidth=0,o.updateLineNumbers=null,o.nativeBarWidth=o.barHeight=o.barWidth=0,o.scrollbarsClipped=!1,o.lineNumWidth=o.lineNumInnerWidth=o.lineNumChars=null,o.alignWidgets=!1,o.cachedCharWidth=o.cachedTextHeight=o.cachedPaddingH=null,o.maxLine=null,o.maxLineLength=0,o.maxLineChanged=!1,o.wheelDX=o.wheelDY=o.wheelStartX=o.wheelStartY=null,o.shift=!1,o.selForContextMenu=null,o.activeTouch=null,r.init(o)}(e,l,s);a.wrapper.CodeMirror=this,Er(this),bi(this),t.lineWrapping&&(this.display.wrapper.className+=" CodeMirror-wrap"),mr(this),this.state={keyMaps:[],overlays:[],modeGen:0,overwrite:!1,delayingBlurEvent:!1,focused:!1,suppressEdits:!1,pasteIncoming:!1,cutIncoming:!1,selectingText:!1,draggingText:!1,highlight:new ho,keySeq:null,specialChars:null},t.autofocus&&!to&&a.input.focus(),Ki&&ji<11&&setTimeout(function(){return o.display.input.reset(!0)},20),function(e){function t(){o.activeTouch&&(l=setTimeout(function(){return o.activeTouch=null},1e3),(s=o.activeTouch).end=+new Date)}function i(e,t){if(null==t.left)return!0;var r=t.left-e.left,n=t.top-e.top;return r*r+n*n>400}var o=e.display;No(o.scroller,"mousedown",xr(e,pi)),Ki&&ji<11?No(o.scroller,"dblclick",xr(e,function(t){if(!ge(e,t)){var r=Vt(e,t);if(r&&!mi(e,t)&&!st(e.display,t)){be(t);var n=e.findWordAt(r);fn(e.doc,n.anchor,n.head)}}})):No(o.scroller,"dblclick",function(t){return ge(e,t)||be(t)});ao||No(o.scroller,"contextmenu",function(t){return yi(e,t)});var l,s={end:0};No(o.scroller,"touchstart",function(t){if(!ge(e,t)&&!function(e){if(1!=e.touches.length)return!1;var t=e.touches[0];return t.radiusX<=1&&t.radiusY<=1}(t)&&!mi(e,t)){o.input.ensurePolled(),clearTimeout(l);var r=+new Date;o.activeTouch={start:r,moved:!1,prev:r-s.end<=300?s:null},1==t.touches.length&&(o.activeTouch.left=t.touches[0].pageX,o.activeTouch.top=t.touches[0].pageY)}}),No(o.scroller,"touchmove",function(){o.activeTouch&&(o.activeTouch.moved=!0)}),No(o.scroller,"touchend",function(r){var n=o.activeTouch;if(n&&!st(o,r)&&null!=n.left&&!n.moved&&new Date-n.start<300){var l,s=e.coordsChar(o.activeTouch,"page");l=!n.prev||i(n,n.prev)?new rl(s,s):!n.prev.prev||i(n,n.prev.prev)?e.findWordAt(s):new rl(H(s.line,0),B(e.doc,H(s.line+1,0))),e.setSelection(l.anchor,l.head),e.focus(),be(r)}t()}),No(o.scroller,"touchcancel",t),No(o.scroller,"scroll",function(){o.scroller.clientHeight&&(hr(e,o.scroller.scrollTop),dr(e,o.scroller.scrollLeft,!0),pe(e,"scroll",e))}),No(o.scroller,"mousewheel",function(t){return Br(e,t)}),No(o.scroller,"DOMMouseScroll",function(t){return Br(e,t)}),No(o.wrapper,"scroll",function(){return o.wrapper.scrollTop=o.wrapper.scrollLeft=0}),o.dragFunctions={enter:function(t){ge(e,t)||Ce(t)},over:function(t){ge(e,t)||(!function(e,t){var i=Vt(e,t);if(i){var o=document.createDocumentFragment();Yt(e,i,o),e.display.dragCursor||(e.display.dragCursor=n("div",null,"CodeMirror-cursors CodeMirror-dragcursors"),e.display.lineSpace.insertBefore(e.display.dragCursor,e.display.cursorDiv)),r(e.display.dragCursor,o)}}(e,t),Ce(t))},start:function(t){return function(e,t){if(Ki&&(!e.state.draggingText||+new Date-ul<100))Ce(t);else if(!ge(e,t)&&!st(e.display,t)&&(t.dataTransfer.setData("Text",e.getSelection()),t.dataTransfer.effectAllowed="copyMove",t.dataTransfer.setDragImage&&!qi)){var r=n("img",null,null,"position: fixed; left: 0; top: 0;");r.src="data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==",$i&&(r.width=r.height=1,e.display.wrapper.appendChild(r),r._top=r.offsetTop),t.dataTransfer.setDragImage(r,0,0),$i&&r.parentNode.removeChild(r)}}(e,t)},drop:xr(e,Vn),leave:function(t){ge(e,t)||Kn(e)}};var a=o.input.getField();No(a,"keyup",function(t){return fi.call(e,t)}),No(a,"keydown",xr(e,hi)),No(a,"keypress",xr(e,di)),No(a,"focus",function(t){return Qt(e,t)}),No(a,"blur",function(t){return Jt(e,t)})}(this),Xn(),yr(this),this.curOp.forceUpdate=!0,Qr(this,l),t.autofocus&&!to||this.hasFocus()?setTimeout(u(Qt,this),20):Jt(this);for(var h in Ll)Ll.hasOwnProperty(h)&&Ll[h](o,t[h],Cl);ir(this),t.finishInit&&t.finishInit(this);for(var f=0;f<kl.length;++f)kl[f](o);br(this),Xi&&t.lineWrapping&&"optimizelegibility"==getComputedStyle(a.lineDiv).textRendering&&(a.lineDiv.style.textRendering="auto")}function Li(e,t,r,n){var i,o=e.doc;null==r&&(r="add"),"smart"==r&&(o.mode.indent?i=Pe(e,t).state:r="prev");var l=e.options.tabSize,s=k(o,t),a=h(s.text,null,l);s.stateAfter&&(s.stateAfter=null);var u,c=s.text.match(/^\s*/)[0];if(n||/\S/.test(s.text)){if("smart"==r&&((u=o.mode.indent(i,s.text.slice(c.length),s.text))==vo||u>150)){if(!n)return;r="prev"}}else u=0,r="not";"prev"==r?u=t>o.first?h(k(o,t-1).text,null,l):0:"add"==r?u=a+e.options.indentUnit:"subtract"==r?u=a-e.options.indentUnit:"number"==typeof r&&(u=a+r),u=Math.max(0,u);var f="",d=0;if(e.options.indentWithTabs)for(var g=Math.floor(u/l);g;--g)d+=l,f+="\t";if(d<u&&(f+=p(u-d)),f!=c)return Dn(o,f,H(t,0),H(t,c.length),"+input"),s.stateAfter=null,!0;for(var v=0;v<o.sel.ranges.length;v++){var m=o.sel.ranges[v];if(m.head.line==t&&m.head.ch<c.length){var y=H(t,c.length);pn(o,v,new rl(y,y));break}}}function ki(e){Tl=e}function Ti(e,t,r,n,i){var o=e.doc;e.display.shift=!1,n||(n=o.sel);var l=e.state.pasteIncoming||"paste"==i,s=Ao(t),a=null;if(l&&n.ranges.length>1)if(Tl&&Tl.text.join("\n")==t){if(n.ranges.length%Tl.text.length==0){a=[];for(var u=0;u<Tl.text.length;u++)a.push(o.splitLines(Tl.text[u]))}}else s.length==n.ranges.length&&e.options.pasteLinesPerSelection&&(a=v(s,function(e){return[e]}));for(var c,h=n.ranges.length-1;h>=0;h--){var f=n.ranges[h],d=f.from(),p=f.to();f.empty()&&(r&&r>0?d=H(d.line,d.ch-r):e.state.overwrite&&!l?p=H(p.line,Math.min(k(o,p.line).text.length,p.ch+g(s).length)):Tl&&Tl.lineWise&&Tl.text.join("\n")==t&&(d=p=H(d.line,0))),c=e.curOp.updateInput;var m={from:d,to:p,text:a?a[h%a.length]:s,origin:i||(l?"paste":e.state.cutIncoming?"cut":"+input")};Mn(e.doc,m),qe(e,"inputRead",e,m)}t&&!l&&Ni(e,t),sr(e),e.curOp.updateInput=c,e.curOp.typing=!0,e.state.pasteIncoming=e.state.cutIncoming=!1}function Mi(e,t){var r=e.clipboardData&&e.clipboardData.getData("Text");if(r)return e.preventDefault(),t.isReadOnly()||t.options.disableInput||wr(t,function(){return Ti(t,r,0,null,"paste")}),!0}function Ni(e,t){if(e.options.electricChars&&e.options.smartIndent)for(var r=e.doc.sel,n=r.ranges.length-1;n>=0;n--){var i=r.ranges[n];if(!(i.head.ch>100||n&&r.ranges[n-1].head.line==i.head.line)){var o=e.getModeAt(i.head),l=!1;if(o.electricChars){for(var s=0;s<o.electricChars.length;s++)if(t.indexOf(o.electricChars.charAt(s))>-1){l=Li(e,i.head.line,"smart");break}}else o.electricInput&&o.electricInput.test(k(e.doc,i.head.line).text.slice(0,i.head.ch))&&(l=Li(e,i.head.line,"smart"));l&&qe(e,"electricInput",e,i.head.line)}}}function Oi(e){for(var t=[],r=[],n=0;n<e.doc.sel.ranges.length;n++){var i=e.doc.sel.ranges[n].head.line,o={anchor:H(i,0),head:H(i+1,0)};r.push(o),t.push(e.getRange(o.anchor,o.head))}return{text:t,ranges:r}}function Ai(e,t){e.setAttribute("autocorrect","off"),e.setAttribute("autocapitalize","off"),e.setAttribute("spellcheck",!!t)}function Wi(){var e=n("textarea",null,null,"position: absolute; bottom: -1em; padding: 0; width: 1px; height: 1em; outline: none"),t=n("div",[e],null,"overflow: hidden; position: relative; width: 3px; height: 0px;");return Xi?e.style.width="1000px":e.setAttribute("wrap","off"),Ji&&(e.style.border="1px solid black"),Ai(e),t}function Di(e){var t=e.optionHandlers,r=e.helpers={};e.prototype={constructor:e,focus:function(){window.focus(),this.display.input.focus()},setOption:function(e,r){var n=this.options,i=n[e];n[e]==r&&"mode"!=e||(n[e]=r,t.hasOwnProperty(e)&&xr(this,t[e])(this,r,i),pe(this,"optionChange",this,e))},getOption:function(e){return this.options[e]},getDoc:function(){return this.doc},addKeyMap:function(e,t){this.state.keyMaps[t?"push":"unshift"](ei(e))},removeKeyMap:function(e){for(var t=this.state.keyMaps,r=0;r<t.length;++r)if(t[r]==e||t[r].name==e)return t.splice(r,1),!0},addOverlay:Cr(function(t,r){var n=t.token?t:e.getMode(this.options,t);if(n.startState)throw new Error("Overlays may not be stateful.");!function(e,t,r){for(var n=0,i=r(t);n<e.length&&r(e[n])<=i;)n++;e.splice(n,0,t)}(this.state.overlays,{mode:n,modeSpec:t,opaque:r&&r.opaque,priority:r&&r.priority||0},function(e){return e.priority}),this.state.modeGen++,Lr(this)}),removeOverlay:Cr(function(e){for(var t=this.state.overlays,r=0;r<t.length;++r){var n=t[r].modeSpec;if(n==e||"string"==typeof e&&n.name==e)return t.splice(r,1),this.state.modeGen++,void Lr(this)}}),indentLine:Cr(function(e,t,r){"string"!=typeof t&&"number"!=typeof t&&(t=null==t?this.options.smartIndent?"smart":"prev":t?"add":"subtract"),W(this.doc,e)&&Li(this,e,t,r)}),indentSelection:Cr(function(e){for(var t=this.doc.sel.ranges,r=-1,n=0;n<t.length;n++){var i=t[n];if(i.empty())i.head.line>r&&(Li(this,i.head.line,e,!0),r=i.head.line,n==this.doc.sel.primIndex&&sr(this));else{var o=i.from(),l=i.to(),s=Math.max(r,o.line);r=Math.min(this.lastLine(),l.line-(l.ch?0:1))+1;for(var a=s;a<r;++a)Li(this,a,e);var u=this.doc.sel.ranges;0==o.ch&&t.length==u.length&&u[n].from().ch>0&&pn(this.doc,n,new rl(o,u[n].to()),mo)}}}),getTokenAt:function(e,t){return Re(this,e,t)},getLineTokens:function(e,t){return Re(this,H(e),t,!0)},getTokenTypeAt:function(e){e=B(this.doc,e);var t,r=Fe(this,k(this.doc,e.line)),n=0,i=(r.length-1)/2,o=e.ch;if(0==o)t=r[2];else for(;;){var l=n+i>>1;if((l?r[2*l-1]:0)>=o)i=l;else{if(!(r[2*l+1]<o)){t=r[2*l+2];break}n=l+1}}var s=t?t.indexOf("overlay "):-1;return s<0?t:0==s?null:t.slice(0,s-1)},getModeAt:function(t){var r=this.doc.mode;return r.innerMode?e.innerMode(r,this.getTokenAt(t).state).mode:r},getHelper:function(e,t){return this.getHelpers(e,t)[0]},getHelpers:function(e,t){var n=[];if(!r.hasOwnProperty(t))return n;var i=r[t],o=this.getModeAt(e);if("string"==typeof o[t])i[o[t]]&&n.push(i[o[t]]);else if(o[t])for(var l=0;l<o[t].length;l++){var s=i[o[t][l]];s&&n.push(s)}else o.helperType&&i[o.helperType]?n.push(i[o.helperType]):i[o.name]&&n.push(i[o.name]);for(var a=0;a<i._global.length;a++){var u=i._global[a];u.pred(o,this)&&-1==f(n,u.val)&&n.push(u.val)}return n},getStateAfter:function(e,t){var r=this.doc;return e=R(r,null==e?r.first+r.size-1:e),Pe(this,e+1,t).state},cursorCoords:function(e,t){var r,n=this.doc.sel.primary();return r=null==e?n.head:"object"==typeof e?B(this.doc,e):e?n.from():n.to(),At(this,r,t||"page")},charCoords:function(e,t){return Ot(this,B(this.doc,e),t||"page")},coordsChar:function(e,t){return e=Nt(this,e,t||"page"),Ht(this,e.left,e.top)},lineAtHeight:function(e,t){return e=Nt(this,{top:e,left:0},t||"page").top,A(this.doc,e+this.display.viewOffset)},heightAtLine:function(e,t,r){var n,i=!1;if("number"==typeof e){var o=this.doc.first+this.doc.size-1;e<this.doc.first?e=this.doc.first:e>o&&(e=o,i=!0),n=k(this.doc,e)}else n=e;return Mt(this,n,{top:0,left:0},t||"page",r||i).top+(i?this.doc.height-se(n):0)},defaultTextHeight:function(){return zt(this.display)},defaultCharWidth:function(){return It(this.display)},getViewport:function(){return{from:this.display.viewFrom,to:this.display.viewTo}},addWidget:function(e,t,r,n,i){var o=this.display,l=(e=At(this,B(this.doc,e))).bottom,s=e.left;if(t.style.position="absolute",t.setAttribute("cm-ignore-events","true"),this.display.input.setUneditable(t),o.sizer.appendChild(t),"over"==n)l=e.top;else if("above"==n||"near"==n){var a=Math.max(o.wrapper.clientHeight,this.doc.height),u=Math.max(o.sizer.clientWidth,o.lineSpace.clientWidth);("above"==n||e.bottom+t.offsetHeight>a)&&e.top>t.offsetHeight?l=e.top-t.offsetHeight:e.bottom+t.offsetHeight<=a&&(l=e.bottom),s+t.offsetWidth>u&&(s=u-t.offsetWidth)}t.style.top=l+"px",t.style.left=t.style.right="","right"==i?(s=o.sizer.clientWidth-t.offsetWidth,t.style.right="0px"):("left"==i?s=0:"middle"==i&&(s=(o.sizer.clientWidth-t.offsetWidth)/2),t.style.left=s+"px"),r&&function(e,t){var r=or(e,t);null!=r.scrollTop&&hr(e,r.scrollTop),null!=r.scrollLeft&&dr(e,r.scrollLeft)}(this,{left:s,top:l,right:s+t.offsetWidth,bottom:l+t.offsetHeight})},triggerOnKeyDown:Cr(hi),triggerOnKeyPress:Cr(di),triggerOnKeyUp:fi,triggerOnMouseDown:Cr(pi),execCommand:function(e){if(vl.hasOwnProperty(e))return vl[e].call(null,this)},triggerElectric:Cr(function(e){Ni(this,e)}),findPosH:function(e,t,r,n){var i=1;t<0&&(i=-1,t=-t);for(var o=B(this.doc,e),l=0;l<t&&!(o=Hi(this.doc,o,i,r,n)).hitSide;++l);return o},moveH:Cr(function(e,t){var r=this;this.extendSelectionsBy(function(n){return r.display.shift||r.doc.extend||n.empty()?Hi(r.doc,n.head,e,t,r.options.rtlMoveVisually):e<0?n.from():n.to()},bo)}),deleteH:Cr(function(e,t){var r=this.doc.sel,n=this.doc;r.somethingSelected()?n.replaceSelection("",null,"+delete"):ti(this,function(r){var i=Hi(n,r.head,e,t,!1);return e<0?{from:i,to:r.head}:{from:r.head,to:i}})}),findPosV:function(e,t,r,n){var i=1,o=n;t<0&&(i=-1,t=-t);for(var l=B(this.doc,e),s=0;s<t;++s){var a=At(this,l,"div");if(null==o?o=a.left:a.left=o,(l=Fi(this,a,i,r)).hitSide)break}return l},moveV:Cr(function(e,t){var r=this,n=this.doc,i=[],o=!this.display.shift&&!n.extend&&n.sel.somethingSelected();if(n.extendSelectionsBy(function(l){if(o)return e<0?l.from():l.to();var s=At(r,l.head,"div");null!=l.goalColumn&&(s.left=l.goalColumn),i.push(s.left);var a=Fi(r,s,e,t);return"page"==t&&l==n.sel.primary()&&lr(r,Ot(r,a,"div").top-s.top),a},bo),i.length)for(var l=0;l<n.sel.ranges.length;l++)n.sel.ranges[l].goalColumn=i[l]}),findWordAt:function(e){var t=k(this.doc,e.line).text,r=e.ch,n=e.ch;if(t){var i=this.getHelper(e,"wordChars");"before"!=e.sticky&&n!=t.length||!r?++n:--r;for(var o=t.charAt(r),l=w(o,i)?function(e){return w(e,i)}:/\s/.test(o)?function(e){return/\s/.test(e)}:function(e){return!/\s/.test(e)&&!w(e)};r>0&&l(t.charAt(r-1));)--r;for(;n<t.length&&l(t.charAt(n));)++n}return new rl(H(e.line,r),H(e.line,n))},toggleOverwrite:function(e){null!=e&&e==this.state.overwrite||((this.state.overwrite=!this.state.overwrite)?s(this.display.cursorDiv,"CodeMirror-overwrite"):uo(this.display.cursorDiv,"CodeMirror-overwrite"),pe(this,"overwriteToggle",this,this.state.overwrite))},hasFocus:function(){return this.display.input.getField()==l()},isReadOnly:function(){return!(!this.options.readOnly&&!this.doc.cantEdit)},scrollTo:Cr(function(e,t){ar(this,e,t)}),getScrollInfo:function(){var e=this.display.scroller;return{left:e.scrollLeft,top:e.scrollTop,height:e.scrollHeight-ht(this)-this.display.barHeight,width:e.scrollWidth-ht(this)-this.display.barWidth,clientHeight:dt(this),clientWidth:ft(this)}},scrollIntoView:Cr(function(e,t){null==e?(e={from:this.doc.sel.primary().head,to:null},null==t&&(t=this.options.cursorScrollMargin)):"number"==typeof e?e={from:H(e,0),to:null}:null==e.from&&(e={from:e,to:null}),e.to||(e.to=e.from),e.margin=t||0,null!=e.from.line?function(e,t){ur(e),e.curOp.scrollToPos=t}(this,e):cr(this,e.from,e.to,e.margin)}),setSize:Cr(function(e,t){var r=this,n=function(e){return"number"==typeof e||/^\d+$/.test(String(e))?e+"px":e};null!=e&&(this.display.wrapper.style.width=n(e)),null!=t&&(this.display.wrapper.style.height=n(t)),this.options.lineWrapping&&Ct(this);var i=this.display.viewFrom;this.doc.iter(i,this.display.viewTo,function(e){if(e.widgets)for(var t=0;t<e.widgets.length;t++)if(e.widgets[t].noHScroll){kr(r,i,"widget");break}++i}),this.curOp.forceUpdate=!0,pe(this,"refresh",this)}),operation:function(e){return wr(this,e)},startOperation:function(){return yr(this)},endOperation:function(){return br(this)},refresh:Cr(function(){var e=this.display.cachedTextHeight;Lr(this),this.curOp.forceUpdate=!0,St(this),ar(this,this.doc.scrollLeft,this.doc.scrollTop),Fr(this),(null==e||Math.abs(e-zt(this.display))>.5)&&Ut(this),pe(this,"refresh",this)}),swapDoc:Cr(function(e){var t=this.doc;return t.cm=null,Qr(this,e),St(this),this.display.input.reset(),ar(this,e.scrollLeft,e.scrollTop),this.curOp.forceScroll=!0,qe(this,"swapDoc",this,t),t}),getInputField:function(){return this.display.input.getField()},getWrapperElement:function(){return this.display.wrapper},getScrollerElement:function(){return this.display.scroller},getGutterElement:function(){return this.display.gutters}},ye(e),e.registerHelper=function(t,n,i){r.hasOwnProperty(t)||(r[t]=e[t]={_global:[]}),r[t][n]=i},e.registerGlobalHelper=function(t,n,i,o){e.registerHelper(t,n,o),r[t]._global.push({pred:i,val:o})}}function Hi(e,t,r,n,i){function o(n){var o;if(null==(o=i?function(e,t,r,n){var i=he(t,e.doc.direction);if(!i)return ni(t,r,n);r.ch>=t.text.length?(r.ch=t.text.length,r.sticky="before"):r.ch<=0&&(r.ch=0,r.sticky="after");var o=ce(i,r.ch,r.sticky),l=i[o];if("ltr"==e.doc.direction&&l.level%2==0&&(n>0?l.to>r.ch:l.from<r.ch))return ni(t,r,n);var s,a=function(e,r){return ri(t,e instanceof H?e.ch:e,r)},u=function(r){return e.options.lineWrapping?(s=s||mt(e,t),Pt(e,t,s,r)):{begin:0,end:t.text.length}},c=u("before"==r.sticky?a(r,-1):r.ch);if("rtl"==e.doc.direction||1==l.level){var h=1==l.level==n<0,f=a(r,h?1:-1);if(null!=f&&(h?f<=l.to&&f<=c.end:f>=l.from&&f>=c.begin)){var d=h?"before":"after";return new H(r.line,f,d)}}var p=function(e,t,n){for(var o=function(e,t){return t?new H(r.line,a(e,1),"before"):new H(r.line,e,"after")};e>=0&&e<i.length;e+=t){var l=i[e],s=t>0==(1!=l.level),u=s?n.begin:a(n.end,-1);if(l.from<=u&&u<l.to)return o(u,s);if(u=s?l.from:a(l.to,-1),n.begin<=u&&u<n.end)return o(u,s)}},g=p(o+n,n,c);if(g)return g;var v=n>0?c.end:a(c.begin,-1);return null==v||n>0&&v==t.text.length||!(g=p(n>0?0:i.length-1,n,u(v)))?null:g}(e.cm,a,t,r):ni(a,t,r))){if(n||!function(){var n=t.line+r;return!(n<e.first||n>=e.first+e.size)&&(t=new H(n,t.ch,t.sticky),a=k(e,n))}())return!1;t=ii(i,e.cm,a,t.line,r)}else t=o;return!0}var l=t,s=r,a=k(e,t.line);if("char"==n)o();else if("column"==n)o(!0);else if("word"==n||"group"==n)for(var u=null,c="group"==n,h=e.cm&&e.cm.getHelper(t,"wordChars"),f=!0;!(r<0)||o(!f);f=!1){var d=a.text.charAt(t.ch)||"\n",p=w(d,h)?"w":c&&"\n"==d?"n":!c||/\s/.test(d)?null:"p";if(!c||f||p||(p="s"),u&&u!=p){r<0&&(r=1,o(),t.sticky="after");break}if(p&&(u=p),r>0&&!o(!f))break}var g=Sn(e,t,l,s,!0);return P(l,g)&&(g.hitSide=!0),g}function Fi(e,t,r,n){var i,o=e.doc,l=t.left;if("page"==n){var s=Math.min(e.display.wrapper.clientHeight,window.innerHeight||document.documentElement.clientHeight),a=Math.max(s-.5*zt(e.display),3);i=(r>0?t.bottom:t.top)+r*a}else"line"==n&&(i=r>0?t.bottom+3:t.top-3);for(var u;(u=Ht(e,l,i)).outside;){if(r<0?i<=0:i>=o.height){u.hitSide=!0;break}i+=5*r}return u}function Pi(e,t){var r=vt(e,t.line);if(!r||r.hidden)return null;var n=k(e.doc,t.line),i=pt(r,n,t.line),o=he(n,e.doc.direction),l="left";if(o){l=ce(o,t.ch)%2?"right":"left"}var s=bt(i.map,t.ch,l);return s.offset="right"==s.collapse?s.end:s.start,s}function Ei(e,t){return t&&(e.bad=!0),e}function zi(e,t,r){var n;if(t==e.display.lineDiv){if(!(n=e.display.lineDiv.childNodes[r]))return Ei(e.clipPos(H(e.display.viewTo-1)),!0);t=null,r=0}else for(n=t;;n=n.parentNode){if(!n||n==e.display.lineDiv)return null;if(n.parentNode&&n.parentNode==e.display.lineDiv)break}for(var i=0;i<e.display.view.length;i++){var l=e.display.view[i];if(l.node==n)return function(e,t,r){function n(t,r,n){for(var i=-1;i<(h?h.length:0);i++)for(var o=i<0?c.map:h[i],l=0;l<o.length;l+=3){var s=o[l+2];if(s==t||s==r){var a=O(i<0?e.line:e.rest[i]),u=o[l]+n;return(n<0||s!=t)&&(u=o[l+(n?1:0)]),H(a,u)}}}var i=e.text.firstChild,l=!1;if(!t||!o(i,t))return Ei(H(O(e.line),0),!0);if(t==i&&(l=!0,t=i.childNodes[r],r=0,!t)){var s=e.rest?g(e.rest):e.line;return Ei(H(O(s),s.text.length),l)}var a=3==t.nodeType?t:null,u=t;a||1!=t.childNodes.length||3!=t.firstChild.nodeType||(a=t.firstChild,r&&(r=a.nodeValue.length));for(;u.parentNode!=i;)u=u.parentNode;var c=e.measure,h=c.maps;var f=n(a,u,r);if(f)return Ei(f,l);for(var d=u.nextSibling,p=a?a.nodeValue.length-r:0;d;d=d.nextSibling){if(f=n(d,d.firstChild,0))return Ei(H(f.line,f.ch-p),l);p+=d.textContent.length}for(var v=u.previousSibling,m=r;v;v=v.previousSibling){if(f=n(v,v.firstChild,-1))return Ei(H(f.line,f.ch+m),l);m+=v.textContent.length}}(l,t,r)}}var Ii=navigator.userAgent,Ri=navigator.platform,Bi=/gecko\/\d/i.test(Ii),Gi=/MSIE \d/.test(Ii),Ui=/Trident\/(?:[7-9]|\d{2,})\..*rv:(\d+)/.exec(Ii),Vi=/Edge\/(\d+)/.exec(Ii),Ki=Gi||Ui||Vi,ji=Ki&&(Gi?document.documentMode||6:+(Vi||Ui)[1]),Xi=!Vi&&/WebKit\//.test(Ii),Yi=Xi&&/Qt\/\d+\.\d+/.test(Ii),_i=!Vi&&/Chrome\//.test(Ii),$i=/Opera\//.test(Ii),qi=/Apple Computer/.test(navigator.vendor),Zi=/Mac OS X 1\d\D([8-9]|\d\d)\D/.test(Ii),Qi=/PhantomJS/.test(Ii),Ji=!Vi&&/AppleWebKit/.test(Ii)&&/Mobile\/\w+/.test(Ii),eo=/Android/.test(Ii),to=Ji||eo||/webOS|BlackBerry|Opera Mini|Opera Mobi|IEMobile/i.test(Ii),ro=Ji||/Mac/.test(Ri),no=/\bCrOS\b/.test(Ii),io=/win/i.test(Ri),oo=$i&&Ii.match(/Version\/(\d*\.\d*)/);oo&&(oo=Number(oo[1])),oo&&oo>=15&&($i=!1,Xi=!0);var lo,so=ro&&(Yi||$i&&(null==oo||oo<12.11)),ao=Bi||Ki&&ji>=9,uo=function(t,r){var n=t.className,i=e(r).exec(n);if(i){var o=n.slice(i.index+i[0].length);t.className=n.slice(0,i.index)+(o?i[1]+o:"")}};lo=document.createRange?function(e,t,r,n){var i=document.createRange();return i.setEnd(n||e,r),i.setStart(e,t),i}:function(e,t,r){var n=document.body.createTextRange();try{n.moveToElementText(e.parentNode)}catch(e){return n}return n.collapse(!0),n.moveEnd("character",r),n.moveStart("character",t),n};var co=function(e){e.select()};Ji?co=function(e){e.selectionStart=0,e.selectionEnd=e.value.length}:Ki&&(co=function(e){try{e.select()}catch(e){}});var ho=function(){this.id=null};ho.prototype.set=function(e,t){clearTimeout(this.id),this.id=setTimeout(t,e)};var fo,po,go=30,vo={toString:function(){return"CodeMirror.Pass"}},mo={scroll:!1},yo={origin:"*mouse"},bo={origin:"+move"},wo=[""],xo=/[\u00df\u0587\u0590-\u05f4\u0600-\u06ff\u3040-\u309f\u30a0-\u30ff\u3400-\u4db5\u4e00-\u9fcc\uac00-\ud7af]/,Co=/[\u0300-\u036f\u0483-\u0489\u0591-\u05bd\u05bf\u05c1\u05c2\u05c4\u05c5\u05c7\u0610-\u061a\u064b-\u065e\u0670\u06d6-\u06dc\u06de-\u06e4\u06e7\u06e8\u06ea-\u06ed\u0711\u0730-\u074a\u07a6-\u07b0\u07eb-\u07f3\u0816-\u0819\u081b-\u0823\u0825-\u0827\u0829-\u082d\u0900-\u0902\u093c\u0941-\u0948\u094d\u0951-\u0955\u0962\u0963\u0981\u09bc\u09be\u09c1-\u09c4\u09cd\u09d7\u09e2\u09e3\u0a01\u0a02\u0a3c\u0a41\u0a42\u0a47\u0a48\u0a4b-\u0a4d\u0a51\u0a70\u0a71\u0a75\u0a81\u0a82\u0abc\u0ac1-\u0ac5\u0ac7\u0ac8\u0acd\u0ae2\u0ae3\u0b01\u0b3c\u0b3e\u0b3f\u0b41-\u0b44\u0b4d\u0b56\u0b57\u0b62\u0b63\u0b82\u0bbe\u0bc0\u0bcd\u0bd7\u0c3e-\u0c40\u0c46-\u0c48\u0c4a-\u0c4d\u0c55\u0c56\u0c62\u0c63\u0cbc\u0cbf\u0cc2\u0cc6\u0ccc\u0ccd\u0cd5\u0cd6\u0ce2\u0ce3\u0d3e\u0d41-\u0d44\u0d4d\u0d57\u0d62\u0d63\u0dca\u0dcf\u0dd2-\u0dd4\u0dd6\u0ddf\u0e31\u0e34-\u0e3a\u0e47-\u0e4e\u0eb1\u0eb4-\u0eb9\u0ebb\u0ebc\u0ec8-\u0ecd\u0f18\u0f19\u0f35\u0f37\u0f39\u0f71-\u0f7e\u0f80-\u0f84\u0f86\u0f87\u0f90-\u0f97\u0f99-\u0fbc\u0fc6\u102d-\u1030\u1032-\u1037\u1039\u103a\u103d\u103e\u1058\u1059\u105e-\u1060\u1071-\u1074\u1082\u1085\u1086\u108d\u109d\u135f\u1712-\u1714\u1732-\u1734\u1752\u1753\u1772\u1773\u17b7-\u17bd\u17c6\u17c9-\u17d3\u17dd\u180b-\u180d\u18a9\u1920-\u1922\u1927\u1928\u1932\u1939-\u193b\u1a17\u1a18\u1a56\u1a58-\u1a5e\u1a60\u1a62\u1a65-\u1a6c\u1a73-\u1a7c\u1a7f\u1b00-\u1b03\u1b34\u1b36-\u1b3a\u1b3c\u1b42\u1b6b-\u1b73\u1b80\u1b81\u1ba2-\u1ba5\u1ba8\u1ba9\u1c2c-\u1c33\u1c36\u1c37\u1cd0-\u1cd2\u1cd4-\u1ce0\u1ce2-\u1ce8\u1ced\u1dc0-\u1de6\u1dfd-\u1dff\u200c\u200d\u20d0-\u20f0\u2cef-\u2cf1\u2de0-\u2dff\u302a-\u302f\u3099\u309a\ua66f-\ua672\ua67c\ua67d\ua6f0\ua6f1\ua802\ua806\ua80b\ua825\ua826\ua8c4\ua8e0-\ua8f1\ua926-\ua92d\ua947-\ua951\ua980-\ua982\ua9b3\ua9b6-\ua9b9\ua9bc\uaa29-\uaa2e\uaa31\uaa32\uaa35\uaa36\uaa43\uaa4c\uaab0\uaab2-\uaab4\uaab7\uaab8\uaabe\uaabf\uaac1\uabe5\uabe8\uabed\udc00-\udfff\ufb1e\ufe00-\ufe0f\ufe20-\ufe26\uff9e\uff9f]/,So=!1,Lo=!1,ko=null,To=function(){function e(e){return e<=247?r.charAt(e):1424<=e&&e<=1524?"R":1536<=e&&e<=1785?n.charAt(e-1536):1774<=e&&e<=2220?"r":8192<=e&&e<=8203?"w":8204==e?"b":"L"}function t(e,t,r){this.level=e,this.from=t,this.to=r}var r="bbbbbbbbbtstwsbbbbbbbbbbbbbbssstwNN%%%NNNNNN,N,N1111111111NNNNNNNLLLLLLLLLLLLLLLLLLLLLLLLLLNNNNNNLLLLLLLLLLLLLLLLLLLLLLLLLLNNNNbbbbbbsbbbbbbbbbbbbbbbbbbbbbbbbbb,N%%%%NNNNLNNNNN%%11NLNNN1LNNNNNLLLLLLLLLLLLLLLLLLLLLLLNLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLN",n="nnnnnnNNr%%r,rNNmmmmmmmmmmmrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrmmmmmmmmmmmmmmmmmmmmmnnnnnnnnnn%nnrrrmrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrmmmmmmmnNmmmmmmrrmmNmmmmrr1111111111",i=/[\u0590-\u05f4\u0600-\u06ff\u0700-\u08ac]/,o=/[stwN]/,l=/[LRr]/,s=/[Lb1n]/,a=/[1n]/;return function(r,n){var u="ltr"==n?"L":"R";if(0==r.length||"ltr"==n&&!i.test(r))return!1;for(var c=r.length,h=[],f=0;f<c;++f)h.push(e(r.charCodeAt(f)));for(var d=0,p=u;d<c;++d){var v=h[d];"m"==v?h[d]=p:p=v}for(var m=0,y=u;m<c;++m){var b=h[m];"1"==b&&"r"==y?h[m]="n":l.test(b)&&(y=b,"r"==b&&(h[m]="R"))}for(var w=1,x=h[0];w<c-1;++w){var C=h[w];"+"==C&&"1"==x&&"1"==h[w+1]?h[w]="1":","!=C||x!=h[w+1]||"1"!=x&&"n"!=x||(h[w]=x),x=C}for(var S=0;S<c;++S){var L=h[S];if(","==L)h[S]="N";else if("%"==L){var k=void 0;for(k=S+1;k<c&&"%"==h[k];++k);for(var T=S&&"!"==h[S-1]||k<c&&"1"==h[k]?"1":"N",M=S;M<k;++M)h[M]=T;S=k-1}}for(var N=0,O=u;N<c;++N){var A=h[N];"L"==O&&"1"==A?h[N]="L":l.test(A)&&(O=A)}for(var W=0;W<c;++W)if(o.test(h[W])){var D=void 0;for(D=W+1;D<c&&o.test(h[D]);++D);for(var H="L"==(W?h[W-1]:u),F=H==("L"==(D<c?h[D]:u))?H?"L":"R":u,P=W;P<D;++P)h[P]=F;W=D-1}for(var E,z=[],I=0;I<c;)if(s.test(h[I])){var R=I;for(++I;I<c&&s.test(h[I]);++I);z.push(new t(0,R,I))}else{var B=I,G=z.length;for(++I;I<c&&"L"!=h[I];++I);for(var U=B;U<I;)if(a.test(h[U])){B<U&&z.splice(G,0,new t(1,B,U));var V=U;for(++U;U<I&&a.test(h[U]);++U);z.splice(G,0,new t(2,V,U)),B=U}else++U;B<I&&z.splice(G,0,new t(1,B,I))}return"ltr"==n&&(1==z[0].level&&(E=r.match(/^\s+/))&&(z[0].from=E[0].length,z.unshift(new t(0,0,E[0].length))),1==g(z).level&&(E=r.match(/\s+$/))&&(g(z).to-=E[0].length,z.push(new t(0,c-E[0].length,c)))),"rtl"==n?z.reverse():z}}(),Mo=[],No=function(e,t,r){if(e.addEventListener)e.addEventListener(t,r,!1);else if(e.attachEvent)e.attachEvent("on"+t,r);else{var n=e._handlers||(e._handlers={});n[t]=(n[t]||Mo).concat(r)}},Oo=function(){if(Ki&&ji<9)return!1;var e=n("div");return"draggable"in e||"dragDrop"in e}(),Ao=3!="\n\nb".split(/\n/).length?function(e){for(var t=0,r=[],n=e.length;t<=n;){var i=e.indexOf("\n",t);-1==i&&(i=e.length);var o=e.slice(t,"\r"==e.charAt(i-1)?i-1:i),l=o.indexOf("\r");-1!=l?(r.push(o.slice(0,l)),t+=l+1):(r.push(o),t=i+1)}return r}:function(e){return e.split(/\r\n?|\n/)},Wo=window.getSelection?function(e){try{return e.selectionStart!=e.selectionEnd}catch(e){return!1}}:function(e){var t;try{t=e.ownerDocument.selection.createRange()}catch(e){}return!(!t||t.parentElement()!=e)&&0!=t.compareEndPoints("StartToEnd",t)},Do=function(){var e=n("div");return"oncopy"in e||(e.setAttribute("oncopy","return;"),"function"==typeof e.oncopy)}(),Ho=null,Fo={},Po={},Eo={},zo=function(e,t,r){this.pos=this.start=0,this.string=e,this.tabSize=t||8,this.lastColumnPos=this.lastColumnValue=0,this.lineStart=0,this.lineOracle=r};zo.prototype.eol=function(){return this.pos>=this.string.length},zo.prototype.sol=function(){return this.pos==this.lineStart},zo.prototype.peek=function(){return this.string.charAt(this.pos)||void 0},zo.prototype.next=function(){if(this.pos<this.string.length)return this.string.charAt(this.pos++)},zo.prototype.eat=function(e){var t=this.string.charAt(this.pos);if("string"==typeof e?t==e:t&&(e.test?e.test(t):e(t)))return++this.pos,t},zo.prototype.eatWhile=function(e){for(var t=this.pos;this.eat(e););return this.pos>t},zo.prototype.eatSpace=function(){for(var e=this.pos;/[\s\u00a0]/.test(this.string.charAt(this.pos));)++this.pos;return this.pos>e},zo.prototype.skipToEnd=function(){this.pos=this.string.length},zo.prototype.skipTo=function(e){var t=this.string.indexOf(e,this.pos);if(t>-1)return this.pos=t,!0},zo.prototype.backUp=function(e){this.pos-=e},zo.prototype.column=function(){return this.lastColumnPos<this.start&&(this.lastColumnValue=h(this.string,this.start,this.tabSize,this.lastColumnPos,this.lastColumnValue),this.lastColumnPos=this.start),this.lastColumnValue-(this.lineStart?h(this.string,this.lineStart,this.tabSize):0)},zo.prototype.indentation=function(){return h(this.string,null,this.tabSize)-(this.lineStart?h(this.string,this.lineStart,this.tabSize):0)},zo.prototype.match=function(e,t,r){if("string"!=typeof e){var n=this.string.slice(this.pos).match(e);return n&&n.index>0?null:(n&&!1!==t&&(this.pos+=n[0].length),n)}var i=function(e){return r?e.toLowerCase():e};if(i(this.string.substr(this.pos,e.length))==i(e))return!1!==t&&(this.pos+=e.length),!0},zo.prototype.current=function(){return this.string.slice(this.start,this.pos)},zo.prototype.hideFirstChars=function(e,t){this.lineStart+=e;try{return t()}finally{this.lineStart-=e}},zo.prototype.lookAhead=function(e){var t=this.lineOracle;return t&&t.lookAhead(e)},zo.prototype.baseToken=function(){var e=this.lineOracle;return e&&e.baseToken(this.pos)};var Io=function(e,t){this.state=e,this.lookAhead=t},Ro=function(e,t,r,n){this.state=t,this.doc=e,this.line=r,this.maxLookAhead=n||0,this.baseTokens=null,this.baseTokenPos=1};Ro.prototype.lookAhead=function(e){var t=this.doc.getLine(this.line+e);return null!=t&&e>this.maxLookAhead&&(this.maxLookAhead=e),t},Ro.prototype.baseToken=function(e){if(!this.baseTokens)return null;for(;this.baseTokens[this.baseTokenPos]<=e;)this.baseTokenPos+=2;var t=this.baseTokens[this.baseTokenPos+1];return{type:t&&t.replace(/( |^)overlay .*/,""),size:this.baseTokens[this.baseTokenPos]-e}},Ro.prototype.nextLine=function(){this.line++,this.maxLookAhead>0&&this.maxLookAhead--},Ro.fromSaved=function(e,t,r){return t instanceof Io?new Ro(e,Ae(e.mode,t.state),r,t.lookAhead):new Ro(e,Ae(e.mode,t),r)},Ro.prototype.save=function(e){var t=!1!==e?Ae(this.doc.mode,this.state):this.state;return this.maxLookAhead>0?new Io(t,this.maxLookAhead):t};var Bo=function(e,t,r){this.start=e.start,this.end=e.pos,this.string=e.current(),this.type=t||null,this.state=r},Go=function(e,t,r){this.text=e,_(this,t),this.height=r?r(this):1};Go.prototype.lineNo=function(){return O(this)},ye(Go);var Uo,Vo={},Ko={},jo=null,Xo=null,Yo={left:0,right:0,top:0,bottom:0},_o=function(e,t,r){this.cm=r;var i=this.vert=n("div",[n("div",null,null,"min-width: 1px")],"CodeMirror-vscrollbar"),o=this.horiz=n("div",[n("div",null,null,"height: 100%; min-height: 1px")],"CodeMirror-hscrollbar");e(i),e(o),No(i,"scroll",function(){i.clientHeight&&t(i.scrollTop,"vertical")}),No(o,"scroll",function(){o.clientWidth&&t(o.scrollLeft,"horizontal")}),this.checkedZeroWidth=!1,Ki&&ji<8&&(this.horiz.style.minHeight=this.vert.style.minWidth="18px")};_o.prototype.update=function(e){var t=e.scrollWidth>e.clientWidth+1,r=e.scrollHeight>e.clientHeight+1,n=e.nativeBarWidth;if(r){this.vert.style.display="block",this.vert.style.bottom=t?n+"px":"0";var i=e.viewHeight-(t?n:0);this.vert.firstChild.style.height=Math.max(0,e.scrollHeight-e.clientHeight+i)+"px"}else this.vert.style.display="",this.vert.firstChild.style.height="0";if(t){this.horiz.style.display="block",this.horiz.style.right=r?n+"px":"0",this.horiz.style.left=e.barLeft+"px";var o=e.viewWidth-e.barLeft-(r?n:0);this.horiz.firstChild.style.width=Math.max(0,e.scrollWidth-e.clientWidth+o)+"px"}else this.horiz.style.display="",this.horiz.firstChild.style.width="0";return!this.checkedZeroWidth&&e.clientHeight>0&&(0==n&&this.zeroWidthHack(),this.checkedZeroWidth=!0),{right:r?n:0,bottom:t?n:0}},_o.prototype.setScrollLeft=function(e){this.horiz.scrollLeft!=e&&(this.horiz.scrollLeft=e),this.disableHoriz&&this.enableZeroWidthBar(this.horiz,this.disableHoriz,"horiz")},_o.prototype.setScrollTop=function(e){this.vert.scrollTop!=e&&(this.vert.scrollTop=e),this.disableVert&&this.enableZeroWidthBar(this.vert,this.disableVert,"vert")},_o.prototype.zeroWidthHack=function(){var e=ro&&!Zi?"12px":"18px";this.horiz.style.height=this.vert.style.width=e,this.horiz.style.pointerEvents=this.vert.style.pointerEvents="none",this.disableHoriz=new ho,this.disableVert=new ho},_o.prototype.enableZeroWidthBar=function(e,t,r){function n(){var i=e.getBoundingClientRect();("vert"==r?document.elementFromPoint(i.right-1,(i.top+i.bottom)/2):document.elementFromPoint((i.right+i.left)/2,i.bottom-1))!=e?e.style.pointerEvents="none":t.set(1e3,n)}e.style.pointerEvents="auto",t.set(1e3,n)},_o.prototype.clear=function(){var e=this.horiz.parentNode;e.removeChild(this.horiz),e.removeChild(this.vert)};var $o=function(){};$o.prototype.update=function(){return{bottom:0,right:0}},$o.prototype.setScrollLeft=function(){},$o.prototype.setScrollTop=function(){},$o.prototype.clear=function(){};var qo={native:_o,null:$o},Zo=0,Qo=function(e,t,r){var n=e.display;this.viewport=t,this.visible=rr(n,e.doc,t),this.editorIsHidden=!n.wrapper.offsetWidth,this.wrapperHeight=n.wrapper.clientHeight,this.wrapperWidth=n.wrapper.clientWidth,this.oldDisplayWidth=ft(e),this.force=r,this.dims=Rt(e),this.events=[]};Qo.prototype.signal=function(e,t){me(e,t)&&this.events.push(arguments)},Qo.prototype.finish=function(){for(var e=0;e<this.events.length;e++)pe.apply(null,this.events[e])};var Jo=0,el=null;Ki?el=-.53:Bi?el=15:_i?el=-.7:qi&&(el=-1/3);var tl=function(e,t){this.ranges=e,this.primIndex=t};tl.prototype.primary=function(){return this.ranges[this.primIndex]},tl.prototype.equals=function(e){if(e==this)return!0;if(e.primIndex!=this.primIndex||e.ranges.length!=this.ranges.length)return!1;for(var t=0;t<this.ranges.length;t++){var r=this.ranges[t],n=e.ranges[t];if(!P(r.anchor,n.anchor)||!P(r.head,n.head))return!1}return!0},tl.prototype.deepCopy=function(){for(var e=[],t=0;t<this.ranges.length;t++)e[t]=new rl(E(this.ranges[t].anchor),E(this.ranges[t].head));return new tl(e,this.primIndex)},tl.prototype.somethingSelected=function(){for(var e=0;e<this.ranges.length;e++)if(!this.ranges[e].empty())return!0;return!1},tl.prototype.contains=function(e,t){t||(t=e);for(var r=0;r<this.ranges.length;r++){var n=this.ranges[r];if(F(t,n.from())>=0&&F(e,n.to())<=0)return r}return-1};var rl=function(e,t){this.anchor=e,this.head=t};rl.prototype.from=function(){return I(this.anchor,this.head)},rl.prototype.to=function(){return z(this.anchor,this.head)},rl.prototype.empty=function(){return this.head.line==this.anchor.line&&this.head.ch==this.anchor.ch},zn.prototype={chunkSize:function(){return this.lines.length},removeInner:function(e,t){for(var r=e,n=e+t;r<n;++r){var i=this.lines[r];this.height-=i.height,Ue(i),qe(i,"delete")}this.lines.splice(e,t)},collapse:function(e){e.push.apply(e,this.lines)},insertInner:function(e,t,r){this.height+=r,this.lines=this.lines.slice(0,e).concat(t).concat(this.lines.slice(e));for(var n=0;n<t.length;++n)t[n].parent=this},iterN:function(e,t,r){for(var n=e+t;e<n;++e)if(r(this.lines[e]))return!0}},In.prototype={chunkSize:function(){return this.size},removeInner:function(e,t){this.size-=t;for(var r=0;r<this.children.length;++r){var n=this.children[r],i=n.chunkSize();if(e<i){var o=Math.min(t,i-e),l=n.height;if(n.removeInner(e,o),this.height-=l-n.height,i==o&&(this.children.splice(r--,1),n.parent=null),0==(t-=o))break;e=0}else e-=i}if(this.size-t<25&&(this.children.length>1||!(this.children[0]instanceof zn))){var s=[];this.collapse(s),this.children=[new zn(s)],this.children[0].parent=this}},collapse:function(e){for(var t=0;t<this.children.length;++t)this.children[t].collapse(e)},insertInner:function(e,t,r){this.size+=t.length,this.height+=r;for(var n=0;n<this.children.length;++n){var i=this.children[n],o=i.chunkSize();if(e<=o){if(i.insertInner(e,t,r),i.lines&&i.lines.length>50){for(var l=i.lines.length%25+25,s=l;s<i.lines.length;){var a=new zn(i.lines.slice(s,s+=25));i.height-=a.height,this.children.splice(++n,0,a),a.parent=this}i.lines=i.lines.slice(0,l),this.maybeSpill()}break}e-=o}},maybeSpill:function(){if(!(this.children.length<=10)){var e=this;do{var t=new In(e.children.splice(e.children.length-5,5));if(e.parent){e.size-=t.size,e.height-=t.height;var r=f(e.parent.children,e);e.parent.children.splice(r+1,0,t)}else{var n=new In(e.children);n.parent=e,e.children=[n,t],e=n}t.parent=e.parent}while(e.children.length>10);e.parent.maybeSpill()}},iterN:function(e,t,r){for(var n=0;n<this.children.length;++n){var i=this.children[n],o=i.chunkSize();if(e<o){var l=Math.min(t,o-e);if(i.iterN(e,l,r))return!0;if(0==(t-=l))break;e=0}else e-=o}}};var nl=function(e,t,r){if(r)for(var n in r)r.hasOwnProperty(n)&&(this[n]=r[n]);this.doc=e,this.node=t};nl.prototype.clear=function(){var e=this.doc.cm,t=this.line.widgets,r=this.line,n=O(r);if(null!=n&&t){for(var i=0;i<t.length;++i)t[i]==this&&t.splice(i--,1);t.length||(r.widgets=null);var o=lt(this);N(r,Math.max(0,r.height-o)),e&&(wr(e,function(){Rn(e,r,-o),kr(e,n,"widget")}),qe(e,"lineWidgetCleared",e,this,n))}},nl.prototype.changed=function(){var e=this,t=this.height,r=this.doc.cm,n=this.line;this.height=null;var i=lt(this)-t;i&&(N(n,n.height+i),r&&wr(r,function(){r.curOp.forceUpdate=!0,Rn(r,n,i),qe(r,"lineWidgetChanged",r,e,O(n))}))},ye(nl);var il=0,ol=function(e,t){this.lines=[],this.type=t,this.doc=e,this.id=++il};ol.prototype.clear=function(){if(!this.explicitlyCleared){var e=this.doc.cm,t=e&&!e.curOp;if(t&&yr(e),me(this,"clear")){var r=this.find();r&&qe(this,"clear",r.from,r.to)}for(var n=null,i=null,o=0;o<this.lines.length;++o){var l=this.lines[o],s=V(l.markedSpans,this);e&&!this.collapsed?kr(e,O(l),"text"):e&&(null!=s.to&&(i=O(l)),null!=s.from&&(n=O(l))),l.markedSpans=K(l.markedSpans,s),null==s.from&&this.collapsed&&!oe(this.doc,l)&&e&&N(l,zt(e.display))}if(e&&this.collapsed&&!e.options.lineWrapping)for(var a=0;a<this.lines.length;++a){var u=re(this.lines[a]),c=ae(u);c>e.display.maxLineLength&&(e.display.maxLine=u,e.display.maxLineLength=c,e.display.maxLineChanged=!0)}null!=n&&e&&this.collapsed&&Lr(e,n,i+1),this.lines.length=0,this.explicitlyCleared=!0,this.atomic&&this.doc.cantEdit&&(this.doc.cantEdit=!1,e&&wn(e.doc)),e&&qe(e,"markerCleared",e,this,n,i),t&&br(e),this.parent&&this.parent.clear()}},ol.prototype.find=function(e,t){null==e&&"bookmark"==this.type&&(e=1);for(var r,n,i=0;i<this.lines.length;++i){var o=this.lines[i],l=V(o.markedSpans,this);if(null!=l.from&&(r=H(t?o:O(o),l.from),-1==e))return r;if(null!=l.to&&(n=H(t?o:O(o),l.to),1==e))return n}return r&&{from:r,to:n}},ol.prototype.changed=function(){var e=this,t=this.find(-1,!0),r=this,n=this.doc.cm;t&&n&&wr(n,function(){var i=t.line,o=O(t.line),l=vt(n,o);if(l&&(xt(l),n.curOp.selectionChanged=n.curOp.forceUpdate=!0),n.curOp.updateMaxLine=!0,!oe(r.doc,i)&&null!=r.height){var s=r.height;r.height=null;var a=lt(r)-s;a&&N(i,i.height+a)}qe(n,"markerChanged",n,e)})},ol.prototype.attachLine=function(e){if(!this.lines.length&&this.doc.cm){var t=this.doc.cm.curOp;t.maybeHiddenMarkers&&-1!=f(t.maybeHiddenMarkers,this)||(t.maybeUnhiddenMarkers||(t.maybeUnhiddenMarkers=[])).push(this)}this.lines.push(e)},ol.prototype.detachLine=function(e){if(this.lines.splice(f(this.lines,e),1),!this.lines.length&&this.doc.cm){var t=this.doc.cm.curOp;(t.maybeHiddenMarkers||(t.maybeHiddenMarkers=[])).push(this)}},ye(ol);var ll=function(e,t){this.markers=e,this.primary=t;for(var r=0;r<e.length;++r)e[r].parent=this};ll.prototype.clear=function(){if(!this.explicitlyCleared){this.explicitlyCleared=!0;for(var e=0;e<this.markers.length;++e)this.markers[e].clear();qe(this,"clear")}},ll.prototype.find=function(e,t){return this.primary.find(e,t)},ye(ll);var sl=0,al=function(e,t,r,n,i){if(!(this instanceof al))return new al(e,t,r,n,i);null==r&&(r=0),In.call(this,[new zn([new Go("",null)])]),this.first=r,this.scrollTop=this.scrollLeft=0,this.cantEdit=!1,this.cleanGeneration=1,this.modeFrontier=this.highlightFrontier=r;var o=H(r,0);this.sel=Ur(o),this.history=new en(null),this.id=++sl,this.modeOption=t,this.lineSep=n,this.direction="rtl"==i?"rtl":"ltr",this.extend=!1,"string"==typeof e&&(e=this.splitLines(e)),qr(this,{from:o,to:o,text:e}),mn(this,Ur(o),mo)};al.prototype=y(In.prototype,{constructor:al,iter:function(e,t,r){r?this.iterN(e-this.first,t-e,r):this.iterN(this.first,this.first+this.size,e)},insert:function(e,t){for(var r=0,n=0;n<t.length;++n)r+=t[n].height;this.insertInner(e-this.first,t,r)},remove:function(e,t){this.removeInner(e-this.first,t)},getValue:function(e){var t=M(this,this.first,this.first+this.size);return!1===e?t:t.join(e||this.lineSeparator())},setValue:Sr(function(e){var t=H(this.first,0),r=this.first+this.size-1;Mn(this,{from:t,to:H(r,k(this,r).text.length),text:this.splitLines(e),origin:"setValue",full:!0},!0),this.cm&&ar(this.cm,0,0),mn(this,Ur(t),mo)}),replaceRange:function(e,t,r,n){Dn(this,e,t=B(this,t),r=r?B(this,r):t,n)},getRange:function(e,t,r){var n=T(this,B(this,e),B(this,t));return!1===r?n:n.join(r||this.lineSeparator())},getLine:function(e){var t=this.getLineHandle(e);return t&&t.text},getLineHandle:function(e){if(W(this,e))return k(this,e)},getLineNumber:function(e){return O(e)},getLineHandleVisualStart:function(e){return"number"==typeof e&&(e=k(this,e)),re(e)},lineCount:function(){return this.size},firstLine:function(){return this.first},lastLine:function(){return this.first+this.size-1},clipPos:function(e){return B(this,e)},getCursor:function(e){var t=this.sel.primary();return null==e||"head"==e?t.head:"anchor"==e?t.anchor:"end"==e||"to"==e||!1===e?t.to():t.from()},listSelections:function(){return this.sel.ranges},somethingSelected:function(){return this.sel.somethingSelected()},setCursor:Sr(function(e,t,r){gn(this,B(this,"number"==typeof e?H(e,t||0):e),null,r)}),setSelection:Sr(function(e,t,r){gn(this,B(this,e),B(this,t||e),r)}),extendSelection:Sr(function(e,t,r){fn(this,B(this,e),t&&B(this,t),r)}),extendSelections:Sr(function(e,t){dn(this,G(this,e),t)}),extendSelectionsBy:Sr(function(e,t){dn(this,G(this,v(this.sel.ranges,e)),t)}),setSelections:Sr(function(e,t,r){if(e.length){for(var n=[],i=0;i<e.length;i++)n[i]=new rl(B(this,e[i].anchor),B(this,e[i].head));null==t&&(t=Math.min(e.length-1,this.sel.primIndex)),mn(this,Gr(n,t),r)}}),addSelection:Sr(function(e,t,r){var n=this.sel.ranges.slice(0);n.push(new rl(B(this,e),B(this,t||e))),mn(this,Gr(n,n.length-1),r)}),getSelection:function(e){for(var t,r=this.sel.ranges,n=0;n<r.length;n++){var i=T(this,r[n].from(),r[n].to());t=t?t.concat(i):i}return!1===e?t:t.join(e||this.lineSeparator())},getSelections:function(e){for(var t=[],r=this.sel.ranges,n=0;n<r.length;n++){var i=T(this,r[n].from(),r[n].to());!1!==e&&(i=i.join(e||this.lineSeparator())),t[n]=i}return t},replaceSelection:function(e,t,r){for(var n=[],i=0;i<this.sel.ranges.length;i++)n[i]=e;this.replaceSelections(n,t,r||"+input")},replaceSelections:Sr(function(e,t,r){for(var n=[],i=this.sel,o=0;o<i.ranges.length;o++){var l=i.ranges[o];n[o]={from:l.from(),to:l.to(),text:this.splitLines(e[o]),origin:r}}for(var s=t&&"end"!=t&&function(e,t,r){for(var n=[],i=H(e.first,0),o=i,l=0;l<t.length;l++){var s=t[l],a=Xr(s.from,i,o),u=Xr(Vr(s),i,o);if(i=s.to,o=u,"around"==r){var c=e.sel.ranges[l],h=F(c.head,c.anchor)<0;n[l]=new rl(h?u:a,h?a:u)}else n[l]=new rl(a,a)}return new tl(n,e.sel.primIndex)}(this,n,t),a=n.length-1;a>=0;a--)Mn(this,n[a]);s?vn(this,s):this.cm&&sr(this.cm)}),undo:Sr(function(){On(this,"undo")}),redo:Sr(function(){On(this,"redo")}),undoSelection:Sr(function(){On(this,"undo",!0)}),redoSelection:Sr(function(){On(this,"redo",!0)}),setExtending:function(e){this.extend=e},getExtending:function(){return this.extend},historySize:function(){for(var e=this.history,t=0,r=0,n=0;n<e.done.length;n++)e.done[n].ranges||++t;for(var i=0;i<e.undone.length;i++)e.undone[i].ranges||++r;return{undo:t,redo:r}},clearHistory:function(){this.history=new en(this.history.maxGeneration)},markClean:function(){this.cleanGeneration=this.changeGeneration(!0)},changeGeneration:function(e){return e&&(this.history.lastOp=this.history.lastSelOp=this.history.lastOrigin=null),this.history.generation},isClean:function(e){return this.history.generation==(e||this.cleanGeneration)},getHistory:function(){return{done:cn(this.history.done),undone:cn(this.history.undone)}},setHistory:function(e){var t=this.history=new en(this.history.maxGeneration);t.done=cn(e.done.slice(0),null,!0),t.undone=cn(e.undone.slice(0),null,!0)},setGutterMarker:Sr(function(e,t,r){return En(this,e,"gutter",function(e){var n=e.gutterMarkers||(e.gutterMarkers={});return n[t]=r,!r&&x(n)&&(e.gutterMarkers=null),!0})}),clearGutter:Sr(function(e){var t=this;this.iter(function(r){r.gutterMarkers&&r.gutterMarkers[e]&&En(t,r,"gutter",function(){return r.gutterMarkers[e]=null,x(r.gutterMarkers)&&(r.gutterMarkers=null),!0})})}),lineInfo:function(e){var t;if("number"==typeof e){if(!W(this,e))return null;if(t=e,!(e=k(this,e)))return null}else if(null==(t=O(e)))return null;return{line:t,handle:e,text:e.text,gutterMarkers:e.gutterMarkers,textClass:e.textClass,bgClass:e.bgClass,wrapClass:e.wrapClass,widgets:e.widgets}},addLineClass:Sr(function(t,r,n){return En(this,t,"gutter"==r?"gutter":"class",function(t){var i="text"==r?"textClass":"background"==r?"bgClass":"gutter"==r?"gutterClass":"wrapClass";if(t[i]){if(e(n).test(t[i]))return!1;t[i]+=" "+n}else t[i]=n;return!0})}),removeLineClass:Sr(function(t,r,n){return En(this,t,"gutter"==r?"gutter":"class",function(t){var i="text"==r?"textClass":"background"==r?"bgClass":"gutter"==r?"gutterClass":"wrapClass",o=t[i];if(!o)return!1;if(null==n)t[i]=null;else{var l=o.match(e(n));if(!l)return!1;var s=l.index+l[0].length;t[i]=o.slice(0,l.index)+(l.index&&s!=o.length?" ":"")+o.slice(s)||null}return!0})}),addLineWidget:Sr(function(e,t,r){return function(e,t,r,n){var i=new nl(e,r,n),o=e.cm;return o&&i.noHScroll&&(o.display.alignWidgets=!0),En(e,t,"widget",function(t){var r=t.widgets||(t.widgets=[]);if(null==i.insertAt?r.push(i):r.splice(Math.min(r.length-1,Math.max(0,i.insertAt)),0,i),i.line=t,o&&!oe(e,t)){var n=se(t)<e.scrollTop;N(t,t.height+lt(i)),n&&lr(o,i.height),o.curOp.forceUpdate=!0}return!0}),qe(o,"lineWidgetAdded",o,i,"number"==typeof t?t:O(t)),i}(this,e,t,r)}),removeLineWidget:function(e){e.clear()},markText:function(e,t,r){return Bn(this,B(this,e),B(this,t),r,r&&r.type||"range")},setBookmark:function(e,t){var r={replacedWith:t&&(null==t.nodeType?t.widget:t),insertLeft:t&&t.insertLeft,clearWhenEmpty:!1,shared:t&&t.shared,handleMouseEvents:t&&t.handleMouseEvents};return e=B(this,e),Bn(this,e,e,r,"bookmark")},findMarksAt:function(e){var t=[],r=k(this,(e=B(this,e)).line).markedSpans;if(r)for(var n=0;n<r.length;++n){var i=r[n];(null==i.from||i.from<=e.ch)&&(null==i.to||i.to>=e.ch)&&t.push(i.marker.parent||i.marker)}return t},findMarks:function(e,t,r){e=B(this,e),t=B(this,t);var n=[],i=e.line;return this.iter(e.line,t.line+1,function(o){var l=o.markedSpans;if(l)for(var s=0;s<l.length;s++){var a=l[s];null!=a.to&&i==e.line&&e.ch>=a.to||null==a.from&&i!=e.line||null!=a.from&&i==t.line&&a.from>=t.ch||r&&!r(a.marker)||n.push(a.marker.parent||a.marker)}++i}),n},getAllMarks:function(){var e=[];return this.iter(function(t){var r=t.markedSpans;if(r)for(var n=0;n<r.length;++n)null!=r[n].from&&e.push(r[n].marker)}),e},posFromIndex:function(e){var t,r=this.first,n=this.lineSeparator().length;return this.iter(function(i){var o=i.text.length+n;if(o>e)return t=e,!0;e-=o,++r}),B(this,H(r,t))},indexFromPos:function(e){var t=(e=B(this,e)).ch;if(e.line<this.first||e.ch<0)return 0;var r=this.lineSeparator().length;return this.iter(this.first,e.line,function(e){t+=e.text.length+r}),t},copy:function(e){var t=new al(M(this,this.first,this.first+this.size),this.modeOption,this.first,this.lineSep,this.direction);return t.scrollTop=this.scrollTop,t.scrollLeft=this.scrollLeft,t.sel=this.sel,t.extend=!1,e&&(t.history.undoDepth=this.history.undoDepth,t.setHistory(this.getHistory())),t},linkedDoc:function(e){e||(e={});var t=this.first,r=this.first+this.size;null!=e.from&&e.from>t&&(t=e.from),null!=e.to&&e.to<r&&(r=e.to);var n=new al(M(this,t,r),e.mode||this.modeOption,t,this.lineSep,this.direction);return e.sharedHist&&(n.history=this.history),(this.linked||(this.linked=[])).push({doc:n,sharedHist:e.sharedHist}),n.linked=[{doc:this,isParent:!0,sharedHist:e.sharedHist}],function(e,t){for(var r=0;r<t.length;r++){var n=t[r],i=n.find(),o=e.clipPos(i.from),l=e.clipPos(i.to);if(F(o,l)){var s=Bn(e,o,l,n.primary,n.primary.type);n.markers.push(s),s.parent=n}}}(n,Gn(this)),n},unlinkDoc:function(e){if(e instanceof Si&&(e=e.doc),this.linked)for(var t=0;t<this.linked.length;++t){if(this.linked[t].doc==e){this.linked.splice(t,1),e.unlinkDoc(this),Un(Gn(this));break}}if(e.history==this.history){var r=[e.id];Zr(e,function(e){return r.push(e.id)},!0),e.history=new en(null),e.history.done=cn(this.history.done,r),e.history.undone=cn(this.history.undone,r)}},iterLinkedDocs:function(e){Zr(this,e)},getMode:function(){return this.mode},getEditor:function(){return this.cm},splitLines:function(e){return this.lineSep?e.split(this.lineSep):Ao(e)},lineSeparator:function(){return this.lineSep||"\n"},setDirection:Sr(function(e){"rtl"!=e&&(e="ltr"),e!=this.direction&&(this.direction=e,this.iter(function(e){return e.order=null}),this.cm&&function(e){wr(e,function(){Jr(e),Lr(e)})}(this.cm))})}),al.prototype.eachLine=al.prototype.iter;for(var ul=0,cl=!1,hl={3:"Enter",8:"Backspace",9:"Tab",13:"Enter",16:"Shift",17:"Ctrl",18:"Alt",19:"Pause",20:"CapsLock",27:"Esc",32:"Space",33:"PageUp",34:"PageDown",35:"End",36:"Home",37:"Left",38:"Up",39:"Right",40:"Down",44:"PrintScrn",45:"Insert",46:"Delete",59:";",61:"=",91:"Mod",92:"Mod",93:"Mod",106:"*",107:"=",109:"-",110:".",111:"/",127:"Delete",173:"-",186:";",187:"=",188:",",189:"-",190:".",191:"/",192:"`",219:"[",220:"\\",221:"]",222:"'",63232:"Up",63233:"Down",63234:"Left",63235:"Right",63272:"Delete",63273:"Home",63275:"End",63276:"PageUp",63277:"PageDown",63302:"Insert"},fl=0;fl<10;fl++)hl[fl+48]=hl[fl+96]=String(fl);for(var dl=65;dl<=90;dl++)hl[dl]=String.fromCharCode(dl);for(var pl=1;pl<=12;pl++)hl[pl+111]=hl[pl+63235]="F"+pl;var gl={};gl.basic={Left:"goCharLeft",Right:"goCharRight",Up:"goLineUp",Down:"goLineDown",End:"goLineEnd",Home:"goLineStartSmart",PageUp:"goPageUp",PageDown:"goPageDown",Delete:"delCharAfter",Backspace:"delCharBefore","Shift-Backspace":"delCharBefore",Tab:"defaultTab","Shift-Tab":"indentAuto",Enter:"newlineAndIndent",Insert:"toggleOverwrite",Esc:"singleSelection"},gl.pcDefault={"Ctrl-A":"selectAll","Ctrl-D":"deleteLine","Ctrl-Z":"undo","Shift-Ctrl-Z":"redo","Ctrl-Y":"redo","Ctrl-Home":"goDocStart","Ctrl-End":"goDocEnd","Ctrl-Up":"goLineUp","Ctrl-Down":"goLineDown","Ctrl-Left":"goGroupLeft","Ctrl-Right":"goGroupRight","Alt-Left":"goLineStart","Alt-Right":"goLineEnd","Ctrl-Backspace":"delGroupBefore","Ctrl-Delete":"delGroupAfter","Ctrl-S":"save","Ctrl-F":"find","Ctrl-G":"findNext","Shift-Ctrl-G":"findPrev","Shift-Ctrl-F":"replace","Shift-Ctrl-R":"replaceAll","Ctrl-[":"indentLess","Ctrl-]":"indentMore","Ctrl-U":"undoSelection","Shift-Ctrl-U":"redoSelection","Alt-U":"redoSelection",fallthrough:"basic"},gl.emacsy={"Ctrl-F":"goCharRight","Ctrl-B":"goCharLeft","Ctrl-P":"goLineUp","Ctrl-N":"goLineDown","Alt-F":"goWordRight","Alt-B":"goWordLeft","Ctrl-A":"goLineStart","Ctrl-E":"goLineEnd","Ctrl-V":"goPageDown","Shift-Ctrl-V":"goPageUp","Ctrl-D":"delCharAfter","Ctrl-H":"delCharBefore","Alt-D":"delWordAfter","Alt-Backspace":"delWordBefore","Ctrl-K":"killLine","Ctrl-T":"transposeChars","Ctrl-O":"openLine"},gl.macDefault={"Cmd-A":"selectAll","Cmd-D":"deleteLine","Cmd-Z":"undo","Shift-Cmd-Z":"redo","Cmd-Y":"redo","Cmd-Home":"goDocStart","Cmd-Up":"goDocStart","Cmd-End":"goDocEnd","Cmd-Down":"goDocEnd","Alt-Left":"goGroupLeft","Alt-Right":"goGroupRight","Cmd-Left":"goLineLeft","Cmd-Right":"goLineRight","Alt-Backspace":"delGroupBefore","Ctrl-Alt-Backspace":"delGroupAfter","Alt-Delete":"delGroupAfter","Cmd-S":"save","Cmd-F":"find","Cmd-G":"findNext","Shift-Cmd-G":"findPrev","Cmd-Alt-F":"replace","Shift-Cmd-Alt-F":"replaceAll","Cmd-[":"indentLess","Cmd-]":"indentMore","Cmd-Backspace":"delWrappedLineLeft","Cmd-Delete":"delWrappedLineRight","Cmd-U":"undoSelection","Shift-Cmd-U":"redoSelection","Ctrl-Up":"goDocStart","Ctrl-Down":"goDocEnd",fallthrough:["basic","emacsy"]},gl.default=ro?gl.macDefault:gl.pcDefault;var vl={selectAll:kn,singleSelection:function(e){return e.setSelection(e.getCursor("anchor"),e.getCursor("head"),mo)},killLine:function(e){return ti(e,function(t){if(t.empty()){var r=k(e.doc,t.head.line).text.length;return t.head.ch==r&&t.head.line<e.lastLine()?{from:t.head,to:H(t.head.line+1,0)}:{from:t.head,to:H(t.head.line,r)}}return{from:t.from(),to:t.to()}})},deleteLine:function(e){return ti(e,function(t){return{from:H(t.from().line,0),to:B(e.doc,H(t.to().line+1,0))}})},delLineLeft:function(e){return ti(e,function(e){return{from:H(e.from().line,0),to:e.from()}})},delWrappedLineLeft:function(e){return ti(e,function(t){var r=e.charCoords(t.head,"div").top+5;return{from:e.coordsChar({left:0,top:r},"div"),to:t.from()}})},delWrappedLineRight:function(e){return ti(e,function(t){var r=e.charCoords(t.head,"div").top+5,n=e.coordsChar({left:e.display.lineDiv.offsetWidth+100,top:r},"div");return{from:t.from(),to:n}})},undo:function(e){return e.undo()},redo:function(e){return e.redo()},undoSelection:function(e){return e.undoSelection()},redoSelection:function(e){return e.redoSelection()},goDocStart:function(e){return e.extendSelection(H(e.firstLine(),0))},goDocEnd:function(e){return e.extendSelection(H(e.lastLine()))},goLineStart:function(e){return e.extendSelectionsBy(function(t){return oi(e,t.head.line)},{origin:"+move",bias:1})},goLineStartSmart:function(e){return e.extendSelectionsBy(function(t){return si(e,t.head)},{origin:"+move",bias:1})},goLineEnd:function(e){return e.extendSelectionsBy(function(t){return li(e,t.head.line)},{origin:"+move",bias:-1})},goLineRight:function(e){return e.extendSelectionsBy(function(t){var r=e.cursorCoords(t.head,"div").top+5;return e.coordsChar({left:e.display.lineDiv.offsetWidth+100,top:r},"div")},bo)},goLineLeft:function(e){return e.extendSelectionsBy(function(t){var r=e.cursorCoords(t.head,"div").top+5;return e.coordsChar({left:0,top:r},"div")},bo)},goLineLeftSmart:function(e){return e.extendSelectionsBy(function(t){var r=e.cursorCoords(t.head,"div").top+5,n=e.coordsChar({left:0,top:r},"div");return n.ch<e.getLine(n.line).search(/\S/)?si(e,t.head):n},bo)},goLineUp:function(e){return e.moveV(-1,"line")},goLineDown:function(e){return e.moveV(1,"line")},goPageUp:function(e){return e.moveV(-1,"page")},goPageDown:function(e){return e.moveV(1,"page")},goCharLeft:function(e){return e.moveH(-1,"char")},goCharRight:function(e){return e.moveH(1,"char")},goColumnLeft:function(e){return e.moveH(-1,"column")},goColumnRight:function(e){return e.moveH(1,"column")},goWordLeft:function(e){return e.moveH(-1,"word")},goGroupRight:function(e){return e.moveH(1,"group")},goGroupLeft:function(e){return e.moveH(-1,"group")},goWordRight:function(e){return e.moveH(1,"word")},delCharBefore:function(e){return e.deleteH(-1,"char")},delCharAfter:function(e){return e.deleteH(1,"char")},delWordBefore:function(e){return e.deleteH(-1,"word")},delWordAfter:function(e){return e.deleteH(1,"word")},delGroupBefore:function(e){return e.deleteH(-1,"group")},delGroupAfter:function(e){return e.deleteH(1,"group")},indentAuto:function(e){return e.indentSelection("smart")},indentMore:function(e){return e.indentSelection("add")},indentLess:function(e){return e.indentSelection("subtract")},insertTab:function(e){return e.replaceSelection("\t")},insertSoftTab:function(e){for(var t=[],r=e.listSelections(),n=e.options.tabSize,i=0;i<r.length;i++){var o=r[i].from(),l=h(e.getLine(o.line),o.ch,n);t.push(p(n-l%n))}e.replaceSelections(t)},defaultTab:function(e){e.somethingSelected()?e.indentSelection("add"):e.execCommand("insertTab")},transposeChars:function(e){return wr(e,function(){for(var t=e.listSelections(),r=[],n=0;n<t.length;n++)if(t[n].empty()){var i=t[n].head,o=k(e.doc,i.line).text;if(o)if(i.ch==o.length&&(i=new H(i.line,i.ch-1)),i.ch>0)i=new H(i.line,i.ch+1),e.replaceRange(o.charAt(i.ch-1)+o.charAt(i.ch-2),H(i.line,i.ch-2),i,"+transpose");else if(i.line>e.doc.first){var l=k(e.doc,i.line-1).text;l&&(i=new H(i.line,1),e.replaceRange(o.charAt(0)+e.doc.lineSeparator()+l.charAt(l.length-1),H(i.line-1,l.length-1),i,"+transpose"))}r.push(new rl(i,i))}e.setSelections(r)})},newlineAndIndent:function(e){return wr(e,function(){for(var t=e.listSelections(),r=t.length-1;r>=0;r--)e.replaceRange(e.doc.lineSeparator(),t[r].anchor,t[r].head,"+input");t=e.listSelections();for(var n=0;n<t.length;n++)e.indentLine(t[n].from().line,null,!0);sr(e)})},openLine:function(e){return e.replaceSelection("\n","start")},toggleOverwrite:function(e){return e.toggleOverwrite()}},ml=new ho,yl=null,bl=function(e,t,r){this.time=e,this.pos=t,this.button=r};bl.prototype.compare=function(e,t,r){return this.time+400>e&&0==F(t,this.pos)&&r==this.button};var wl,xl,Cl={toString:function(){return"CodeMirror.Init"}},Sl={},Ll={};Si.defaults=Sl,Si.optionHandlers=Ll;var kl=[];Si.defineInitHook=function(e){return kl.push(e)};var Tl=null,Ml=function(e){this.cm=e,this.lastAnchorNode=this.lastAnchorOffset=this.lastFocusNode=this.lastFocusOffset=null,this.polling=new ho,this.composing=null,this.gracePeriod=!1,this.readDOMTimeout=null};Ml.prototype.init=function(e){function t(e){if(!ge(i,e)){if(i.somethingSelected())ki({lineWise:!1,text:i.getSelections()}),"cut"==e.type&&i.replaceSelection("",null,"cut");else{if(!i.options.lineWiseCopyCut)return;var t=Oi(i);ki({lineWise:!0,text:t.text}),"cut"==e.type&&i.operation(function(){i.setSelections(t.ranges,0,mo),i.replaceSelection("",null,"cut")})}if(e.clipboardData){e.clipboardData.clearData();var r=Tl.text.join("\n");if(e.clipboardData.setData("Text",r),e.clipboardData.getData("Text")==r)return void e.preventDefault()}var l=Wi(),s=l.firstChild;i.display.lineSpace.insertBefore(l,i.display.lineSpace.firstChild),s.value=Tl.text.join("\n");var a=document.activeElement;co(s),setTimeout(function(){i.display.lineSpace.removeChild(l),a.focus(),a==o&&n.showPrimarySelection()},50)}}var r=this,n=this,i=n.cm,o=n.div=e.lineDiv;Ai(o,i.options.spellcheck),No(o,"paste",function(e){ge(i,e)||Mi(e,i)||ji<=11&&setTimeout(xr(i,function(){return r.updateFromDOM()}),20)}),No(o,"compositionstart",function(e){r.composing={data:e.data,done:!1}}),No(o,"compositionupdate",function(e){r.composing||(r.composing={data:e.data,done:!1})}),No(o,"compositionend",function(e){r.composing&&(e.data!=r.composing.data&&r.readFromDOMSoon(),r.composing.done=!0)}),No(o,"touchstart",function(){return n.forceCompositionEnd()}),No(o,"input",function(){r.composing||r.readFromDOMSoon()}),No(o,"copy",t),No(o,"cut",t)},Ml.prototype.prepareSelection=function(){var e=Xt(this.cm,!1);return e.focus=this.cm.state.focused,e},Ml.prototype.showSelection=function(e,t){e&&this.cm.display.view.length&&((e.focus||t)&&this.showPrimarySelection(),this.showMultipleSelections(e))},Ml.prototype.showPrimarySelection=function(){var e=window.getSelection(),t=this.cm,r=t.doc.sel.primary(),n=r.from(),i=r.to();if(t.display.viewTo==t.display.viewFrom||n.line>=t.display.viewTo||i.line<t.display.viewFrom)e.removeAllRanges();else{var o=zi(t,e.anchorNode,e.anchorOffset),l=zi(t,e.focusNode,e.focusOffset);if(!o||o.bad||!l||l.bad||0!=F(I(o,l),n)||0!=F(z(o,l),i)){var s=t.display.view,a=n.line>=t.display.viewFrom&&Pi(t,n)||{node:s[0].measure.map[2],offset:0},u=i.line<t.display.viewTo&&Pi(t,i);if(!u){var c=s[s.length-1].measure,h=c.maps?c.maps[c.maps.length-1]:c.map;u={node:h[h.length-1],offset:h[h.length-2]-h[h.length-3]}}if(a&&u){var f,d=e.rangeCount&&e.getRangeAt(0);try{f=lo(a.node,a.offset,u.offset,u.node)}catch(e){}f&&(!Bi&&t.state.focused?(e.collapse(a.node,a.offset),f.collapsed||(e.removeAllRanges(),e.addRange(f))):(e.removeAllRanges(),e.addRange(f)),d&&null==e.anchorNode?e.addRange(d):Bi&&this.startGracePeriod()),this.rememberSelection()}else e.removeAllRanges()}}},Ml.prototype.startGracePeriod=function(){var e=this;clearTimeout(this.gracePeriod),this.gracePeriod=setTimeout(function(){e.gracePeriod=!1,e.selectionChanged()&&e.cm.operation(function(){return e.cm.curOp.selectionChanged=!0})},20)},Ml.prototype.showMultipleSelections=function(e){r(this.cm.display.cursorDiv,e.cursors),r(this.cm.display.selectionDiv,e.selection)},Ml.prototype.rememberSelection=function(){var e=window.getSelection();this.lastAnchorNode=e.anchorNode,this.lastAnchorOffset=e.anchorOffset,this.lastFocusNode=e.focusNode,this.lastFocusOffset=e.focusOffset},Ml.prototype.selectionInEditor=function(){var e=window.getSelection();if(!e.rangeCount)return!1;var t=e.getRangeAt(0).commonAncestorContainer;return o(this.div,t)},Ml.prototype.focus=function(){"nocursor"!=this.cm.options.readOnly&&(this.selectionInEditor()||this.showSelection(this.prepareSelection(),!0),this.div.focus())},Ml.prototype.blur=function(){this.div.blur()},Ml.prototype.getField=function(){return this.div},Ml.prototype.supportsTouch=function(){return!0},Ml.prototype.receivedFocus=function(){function e(){t.cm.state.focused&&(t.pollSelection(),t.polling.set(t.cm.options.pollInterval,e))}var t=this;this.selectionInEditor()?this.pollSelection():wr(this.cm,function(){return t.cm.curOp.selectionChanged=!0}),this.polling.set(this.cm.options.pollInterval,e)},Ml.prototype.selectionChanged=function(){var e=window.getSelection();return e.anchorNode!=this.lastAnchorNode||e.anchorOffset!=this.lastAnchorOffset||e.focusNode!=this.lastFocusNode||e.focusOffset!=this.lastFocusOffset},Ml.prototype.pollSelection=function(){if(null==this.readDOMTimeout&&!this.gracePeriod&&this.selectionChanged()){var e=window.getSelection(),t=this.cm;if(eo&&_i&&this.cm.options.gutters.length&&function(e){for(var t=e;t;t=t.parentNode)if(/CodeMirror-gutter-wrapper/.test(t.className))return!0;return!1}(e.anchorNode))return this.cm.triggerOnKeyDown({type:"keydown",keyCode:8,preventDefault:Math.abs}),this.blur(),void this.focus();if(!this.composing){this.rememberSelection();var r=zi(t,e.anchorNode,e.anchorOffset),n=zi(t,e.focusNode,e.focusOffset);r&&n&&wr(t,function(){mn(t.doc,Ur(r,n),mo),(r.bad||n.bad)&&(t.curOp.selectionChanged=!0)})}}},Ml.prototype.pollContent=function(){null!=this.readDOMTimeout&&(clearTimeout(this.readDOMTimeout),this.readDOMTimeout=null);var e=this.cm,t=e.display,r=e.doc.sel.primary(),n=r.from(),i=r.to();if(0==n.ch&&n.line>e.firstLine()&&(n=H(n.line-1,k(e.doc,n.line-1).length)),i.ch==k(e.doc,i.line).text.length&&i.line<e.lastLine()&&(i=H(i.line+1,0)),n.line<t.viewFrom||i.line>t.viewTo-1)return!1;var o,l,s;n.line==t.viewFrom||0==(o=Kt(e,n.line))?(l=O(t.view[0].line),s=t.view[0].node):(l=O(t.view[o].line),s=t.view[o-1].node.nextSibling);var a,u,c=Kt(e,i.line);if(c==t.view.length-1?(a=t.viewTo-1,u=t.lineDiv.lastChild):(a=O(t.view[c+1].line)-1,u=t.view[c+1].node.previousSibling),!s)return!1;for(var h=e.doc.splitLines(function(e,t,r,n,i){function o(){u&&(a+=c,u=!1)}function l(e){e&&(o(),a+=e)}function s(t){if(1==t.nodeType){var r=t.getAttribute("cm-text");if(null!=r)return void l(r||t.textContent.replace(/\u200b/g,""));var a,h=t.getAttribute("cm-marker");if(h){var f=e.findMarks(H(n,0),H(i+1,0),function(e){return function(t){return t.id==e}}(+h));return void(f.length&&(a=f[0].find(0))&&l(T(e.doc,a.from,a.to).join(c)))}if("false"==t.getAttribute("contenteditable"))return;var d=/^(pre|div|p)$/i.test(t.nodeName);d&&o();for(var p=0;p<t.childNodes.length;p++)s(t.childNodes[p]);d&&(u=!0)}else 3==t.nodeType&&l(t.nodeValue)}for(var a="",u=!1,c=e.doc.lineSeparator();s(t),t!=r;)t=t.nextSibling;return a}(e,s,u,l,a)),f=T(e.doc,H(l,0),H(a,k(e.doc,a).text.length));h.length>1&&f.length>1;)if(g(h)==g(f))h.pop(),f.pop(),a--;else{if(h[0]!=f[0])break;h.shift(),f.shift(),l++}for(var d=0,p=0,v=h[0],m=f[0],y=Math.min(v.length,m.length);d<y&&v.charCodeAt(d)==m.charCodeAt(d);)++d;for(var b=g(h),w=g(f),x=Math.min(b.length-(1==h.length?d:0),w.length-(1==f.length?d:0));p<x&&b.charCodeAt(b.length-p-1)==w.charCodeAt(w.length-p-1);)++p;if(1==h.length&&1==f.length&&l==n.line)for(;d&&d>n.ch&&b.charCodeAt(b.length-p-1)==w.charCodeAt(w.length-p-1);)d--,p++;h[h.length-1]=b.slice(0,b.length-p).replace(/^\u200b+/,""),h[0]=h[0].slice(d).replace(/\u200b+$/,"");var C=H(l,d),S=H(a,f.length?g(f).length-p:0);return h.length>1||h[0]||F(C,S)?(Dn(e.doc,h,C,S,"+input"),!0):void 0},Ml.prototype.ensurePolled=function(){this.forceCompositionEnd()},Ml.prototype.reset=function(){this.forceCompositionEnd()},Ml.prototype.forceCompositionEnd=function(){this.composing&&(clearTimeout(this.readDOMTimeout),this.composing=null,this.updateFromDOM(),this.div.blur(),this.div.focus())},Ml.prototype.readFromDOMSoon=function(){var e=this;null==this.readDOMTimeout&&(this.readDOMTimeout=setTimeout(function(){if(e.readDOMTimeout=null,e.composing){if(!e.composing.done)return;e.composing=null}e.updateFromDOM()},80))},Ml.prototype.updateFromDOM=function(){var e=this;!this.cm.isReadOnly()&&this.pollContent()||wr(this.cm,function(){return Lr(e.cm)})},Ml.prototype.setUneditable=function(e){e.contentEditable="false"},Ml.prototype.onKeyPress=function(e){0!=e.charCode&&(e.preventDefault(),this.cm.isReadOnly()||xr(this.cm,Ti)(this.cm,String.fromCharCode(null==e.charCode?e.keyCode:e.charCode),0))},Ml.prototype.readOnlyChanged=function(e){this.div.contentEditable=String("nocursor"!=e)},Ml.prototype.onContextMenu=function(){},Ml.prototype.resetPosition=function(){},Ml.prototype.needsContentAttribute=!0;var Nl=function(e){this.cm=e,this.prevInput="",this.pollingFast=!1,this.polling=new ho,this.hasSelection=!1,this.composing=null};Nl.prototype.init=function(e){function t(e){if(!ge(i,e)){if(i.somethingSelected())ki({lineWise:!1,text:i.getSelections()});else{if(!i.options.lineWiseCopyCut)return;var t=Oi(i);ki({lineWise:!0,text:t.text}),"cut"==e.type?i.setSelections(t.ranges,null,mo):(n.prevInput="",l.value=t.text.join("\n"),co(l))}"cut"==e.type&&(i.state.cutIncoming=!0)}}var r=this,n=this,i=this.cm,o=this.wrapper=Wi(),l=this.textarea=o.firstChild;e.wrapper.insertBefore(o,e.wrapper.firstChild),Ji&&(l.style.width="0px"),No(l,"input",function(){Ki&&ji>=9&&r.hasSelection&&(r.hasSelection=null),n.poll()}),No(l,"paste",function(e){ge(i,e)||Mi(e,i)||(i.state.pasteIncoming=!0,n.fastPoll())}),No(l,"cut",t),No(l,"copy",t),No(e.scroller,"paste",function(t){st(e,t)||ge(i,t)||(i.state.pasteIncoming=!0,n.focus())}),No(e.lineSpace,"selectstart",function(t){st(e,t)||be(t)}),No(l,"compositionstart",function(){var e=i.getCursor("from");n.composing&&n.composing.range.clear(),n.composing={start:e,range:i.markText(e,i.getCursor("to"),{className:"CodeMirror-composing"})}}),No(l,"compositionend",function(){n.composing&&(n.poll(),n.composing.range.clear(),n.composing=null)})},Nl.prototype.prepareSelection=function(){var e=this.cm,t=e.display,r=e.doc,n=Xt(e);if(e.options.moveInputWithCursor){var i=At(e,r.sel.primary().head,"div"),o=t.wrapper.getBoundingClientRect(),l=t.lineDiv.getBoundingClientRect();n.teTop=Math.max(0,Math.min(t.wrapper.clientHeight-10,i.top+l.top-o.top)),n.teLeft=Math.max(0,Math.min(t.wrapper.clientWidth-10,i.left+l.left-o.left))}return n},Nl.prototype.showSelection=function(e){var t=this.cm.display;r(t.cursorDiv,e.cursors),r(t.selectionDiv,e.selection),null!=e.teTop&&(this.wrapper.style.top=e.teTop+"px",this.wrapper.style.left=e.teLeft+"px")},Nl.prototype.reset=function(e){if(!this.contextMenuPending&&!this.composing){var t=this.cm;if(t.somethingSelected()){this.prevInput="";var r=t.getSelection();this.textarea.value=r,t.state.focused&&co(this.textarea),Ki&&ji>=9&&(this.hasSelection=r)}else e||(this.prevInput=this.textarea.value="",Ki&&ji>=9&&(this.hasSelection=null))}},Nl.prototype.getField=function(){return this.textarea},Nl.prototype.supportsTouch=function(){return!1},Nl.prototype.focus=function(){if("nocursor"!=this.cm.options.readOnly&&(!to||l()!=this.textarea))try{this.textarea.focus()}catch(e){}},Nl.prototype.blur=function(){this.textarea.blur()},Nl.prototype.resetPosition=function(){this.wrapper.style.top=this.wrapper.style.left=0},Nl.prototype.receivedFocus=function(){this.slowPoll()},Nl.prototype.slowPoll=function(){var e=this;this.pollingFast||this.polling.set(this.cm.options.pollInterval,function(){e.poll(),e.cm.state.focused&&e.slowPoll()})},Nl.prototype.fastPoll=function(){function e(){r.poll()||t?(r.pollingFast=!1,r.slowPoll()):(t=!0,r.polling.set(60,e))}var t=!1,r=this;r.pollingFast=!0,r.polling.set(20,e)},Nl.prototype.poll=function(){var e=this,t=this.cm,r=this.textarea,n=this.prevInput;if(this.contextMenuPending||!t.state.focused||Wo(r)&&!n&&!this.composing||t.isReadOnly()||t.options.disableInput||t.state.keySeq)return!1;var i=r.value;if(i==n&&!t.somethingSelected())return!1;if(Ki&&ji>=9&&this.hasSelection===i||ro&&/[\uf700-\uf7ff]/.test(i))return t.display.input.reset(),!1;if(t.doc.sel==t.display.selForContextMenu){var o=i.charCodeAt(0);if(8203!=o||n||(n="​"),8666==o)return this.reset(),this.cm.execCommand("undo")}for(var l=0,s=Math.min(n.length,i.length);l<s&&n.charCodeAt(l)==i.charCodeAt(l);)++l;return wr(t,function(){Ti(t,i.slice(l),n.length-l,null,e.composing?"*compose":null),i.length>1e3||i.indexOf("\n")>-1?r.value=e.prevInput="":e.prevInput=i,e.composing&&(e.composing.range.clear(),e.composing.range=t.markText(e.composing.start,t.getCursor("to"),{className:"CodeMirror-composing"}))}),!0},Nl.prototype.ensurePolled=function(){this.pollingFast&&this.poll()&&(this.pollingFast=!1)},Nl.prototype.onKeyPress=function(){Ki&&ji>=9&&(this.hasSelection=null),this.fastPoll()},Nl.prototype.onContextMenu=function(e){function t(){if(null!=l.selectionStart){var e=i.somethingSelected(),t="​"+(e?l.value:"");l.value="⇚",l.value=t,n.prevInput=e?"":"​",l.selectionStart=1,l.selectionEnd=t.length,o.selForContextMenu=i.doc.sel}}function r(){if(n.contextMenuPending=!1,n.wrapper.style.cssText=c,l.style.cssText=u,Ki&&ji<9&&o.scrollbars.setScrollTop(o.scroller.scrollTop=a),null!=l.selectionStart){(!Ki||Ki&&ji<9)&&t();var e=0,r=function(){o.selForContextMenu==i.doc.sel&&0==l.selectionStart&&l.selectionEnd>0&&"​"==n.prevInput?xr(i,kn)(i):e++<10?o.detectingSelectAll=setTimeout(r,500):(o.selForContextMenu=null,o.input.reset())};o.detectingSelectAll=setTimeout(r,200)}}var n=this,i=n.cm,o=i.display,l=n.textarea,s=Vt(i,e),a=o.scroller.scrollTop;if(s&&!$i){i.options.resetSelectionOnContextMenu&&-1==i.doc.sel.contains(s)&&xr(i,mn)(i.doc,Ur(s),mo);var u=l.style.cssText,c=n.wrapper.style.cssText;n.wrapper.style.cssText="position: absolute";var h=n.wrapper.getBoundingClientRect();l.style.cssText="position: absolute; width: 30px; height: 30px;\n      top: "+(e.clientY-h.top-5)+"px; left: "+(e.clientX-h.left-5)+"px;\n      z-index: 1000; background: "+(Ki?"rgba(255, 255, 255, .05)":"transparent")+";\n      outline: none; border-width: 0; outline: none; overflow: hidden; opacity: .05; filter: alpha(opacity=5);";var f;if(Xi&&(f=window.scrollY),o.input.focus(),Xi&&window.scrollTo(null,f),o.input.reset(),i.somethingSelected()||(l.value=n.prevInput=" "),n.contextMenuPending=!0,o.selForContextMenu=i.doc.sel,clearTimeout(o.detectingSelectAll),Ki&&ji>=9&&t(),ao){Ce(e);var d=function(){de(window,"mouseup",d),setTimeout(r,20)};No(window,"mouseup",d)}else setTimeout(r,50)}},Nl.prototype.readOnlyChanged=function(e){e||this.reset(),this.textarea.disabled="nocursor"==e},Nl.prototype.setUneditable=function(){},Nl.prototype.needsContentAttribute=!1,function(e){function t(t,n,i,o){e.defaults[t]=n,i&&(r[t]=o?function(e,t,r){r!=Cl&&i(e,t,r)}:i)}var r=e.optionHandlers;e.defineOption=t,e.Init=Cl,t("value","",function(e,t){return e.setValue(t)},!0),t("mode",null,function(e,t){e.doc.modeOption=t,Yr(e)},!0),t("indentUnit",2,Yr,!0),t("indentWithTabs",!1),t("smartIndent",!0),t("tabSize",4,function(e){_r(e),St(e),Lr(e)},!0),t("lineSeparator",null,function(e,t){if(e.doc.lineSep=t,t){var r=[],n=e.doc.first;e.doc.iter(function(e){for(var i=0;;){var o=e.text.indexOf(t,i);if(-1==o)break;i=o+t.length,r.push(H(n,o))}n++});for(var i=r.length-1;i>=0;i--)Dn(e.doc,t,r[i],H(r[i].line,r[i].ch+t.length))}}),t("specialChars",/[\u0000-\u001f\u007f-\u009f\u00ad\u061c\u200b-\u200f\u2028\u2029\ufeff]/g,function(e,t,r){e.state.specialChars=new RegExp(t.source+(t.test("\t")?"":"|\t"),"g"),r!=Cl&&e.refresh()}),t("specialCharPlaceholder",je,function(e){return e.refresh()},!0),t("electricChars",!0),t("inputStyle",to?"contenteditable":"textarea",function(){throw new Error("inputStyle can not (yet) be changed in a running editor")},!0),t("spellcheck",!1,function(e,t){return e.getInputField().spellcheck=t},!0),t("rtlMoveVisually",!io),t("wholeLineUpdateBefore",!0),t("theme","default",function(e){bi(e),wi(e)},!0),t("keyMap","default",function(e,t,r){var n=ei(t),i=r!=Cl&&ei(r);i&&i.detach&&i.detach(e,n),n.attach&&n.attach(e,i||null)}),t("extraKeys",null),t("configureMouse",null),t("lineWrapping",!1,Ci,!0),t("gutters",[],function(e){zr(e.options),wi(e)},!0),t("fixedGutter",!0,function(e,t){e.display.gutters.style.left=t?Bt(e.display)+"px":"0",e.refresh()},!0),t("coverGutterNextToScrollbar",!1,function(e){return gr(e)},!0),t("scrollbarStyle","native",function(e){mr(e),gr(e),e.display.scrollbars.setScrollTop(e.doc.scrollTop),e.display.scrollbars.setScrollLeft(e.doc.scrollLeft)},!0),t("lineNumbers",!1,function(e){zr(e.options),wi(e)},!0),t("firstLineNumber",1,wi,!0),t("lineNumberFormatter",function(e){return e},wi,!0),t("showCursorWhenSelecting",!1,jt,!0),t("resetSelectionOnContextMenu",!0),t("lineWiseCopyCut",!0),t("pasteLinesPerSelection",!0),t("readOnly",!1,function(e,t){"nocursor"==t&&(Jt(e),e.display.input.blur()),e.display.input.readOnlyChanged(t)}),t("disableInput",!1,function(e,t){t||e.display.input.reset()},!0),t("dragDrop",!0,xi),t("allowDropFileTypes",null),t("cursorBlinkRate",530),t("cursorScrollMargin",0),t("cursorHeight",1,jt,!0),t("singleCursorHeightPerLine",!0,jt,!0),t("workTime",100),t("workDelay",100),t("flattenSpans",!0,_r,!0),t("addModeClass",!1,_r,!0),t("pollInterval",100),t("undoDepth",200,function(e,t){return e.doc.history.undoDepth=t}),t("historyEventDelay",1250),t("viewportMargin",10,function(e){return e.refresh()},!0),t("maxHighlightLength",1e4,_r,!0),t("moveInputWithCursor",!0,function(e,t){t||e.display.input.resetPosition()}),t("tabindex",null,function(e,t){return e.display.input.getField().tabIndex=t||""}),t("autofocus",null),t("direction","ltr",function(e,t){return e.doc.setDirection(t)},!0)}(Si),Di(Si);var Ol="iter insert remove copy getEditor constructor".split(" ");for(var Al in al.prototype)al.prototype.hasOwnProperty(Al)&&f(Ol,Al)<0&&(Si.prototype[Al]=function(e){return function(){return e.apply(this.doc,arguments)}}(al.prototype[Al]));return ye(al),Si.inputStyles={textarea:Nl,contenteditable:Ml},Si.defineMode=function(e){Si.defaults.mode||"null"==e||(Si.defaults.mode=e),function(e,t){arguments.length>2&&(t.dependencies=Array.prototype.slice.call(arguments,2)),Fo[e]=t}.apply(this,arguments)},Si.defineMIME=function(e,t){Po[e]=t},Si.defineMode("null",function(){return{token:function(e){return e.skipToEnd()}}}),Si.defineMIME("text/plain","null"),Si.defineExtension=function(e,t){Si.prototype[e]=t},Si.defineDocExtension=function(e,t){al.prototype[e]=t},Si.fromTextArea=function(e,t){function r(){e.value=a.getValue()}if(t=t?c(t):{},t.value=e.value,!t.tabindex&&e.tabIndex&&(t.tabindex=e.tabIndex),!t.placeholder&&e.placeholder&&(t.placeholder=e.placeholder),null==t.autofocus){var n=l();t.autofocus=n==e||null!=e.getAttribute("autofocus")&&n==document.body}var i;if(e.form&&(No(e.form,"submit",r),!t.leaveSubmitMethodAlone)){var o=e.form;i=o.submit;try{var s=o.submit=function(){r(),o.submit=i,o.submit(),o.submit=s}}catch(e){}}t.finishInit=function(t){t.save=r,t.getTextArea=function(){return e},t.toTextArea=function(){t.toTextArea=isNaN,r(),e.parentNode.removeChild(t.getWrapperElement()),e.style.display="",e.form&&(de(e.form,"submit",r),"function"==typeof e.form.submit&&(e.form.submit=i))}},e.style.display="none";var a=Si(function(t){return e.parentNode.insertBefore(t,e.nextSibling)},t);return a},function(e){e.off=de,e.on=No,e.wheelEventPixels=Rr,e.Doc=al,e.splitLines=Ao,e.countColumn=h,e.findColumn=d,e.isWordChar=b,e.Pass=vo,e.signal=pe,e.Line=Go,e.changeEnd=Vr,e.scrollbarModel=qo,e.Pos=H,e.cmpPos=F,e.modes=Fo,e.mimeModes=Po,e.resolveMode=Me,e.getMode=Ne,e.modeExtensions=Eo,e.extendMode=Oe,e.copyState=Ae,e.startState=De,e.innerMode=We,e.commands=vl,e.keyMap=gl,e.keyName=Jn,e.isModifierKey=Zn,e.lookupKey=qn,e.normalizeKeyMap=$n,e.StringStream=zo,e.SharedTextMarker=ll,e.TextMarker=ol,e.LineWidget=nl,e.e_preventDefault=be,e.e_stopPropagation=we,e.e_stop=Ce,e.addClass=s,e.contains=o,e.rmClass=uo,e.keyNames=hl}(Si),Si.version="5.31.0",Si});
\ No newline at end of file
diff --git a/chromium/external/codemirror/codemirror-5.31.0.xml.min.js b/chromium/external/codemirror/codemirror-5.31.0.xml.min.js
new file mode 100644
index 000000000000..1e5069152289
--- /dev/null
+++ b/chromium/external/codemirror/codemirror-5.31.0.xml.min.js
@@ -0,0 +1,3 @@
+// CodeMirror, copyright (c) by Marijn Haverbeke and others
+// Distributed under an MIT license: http://codemirror.net/LICENSE
+!function(t){"object"==typeof exports&&"object"==typeof module?t(require("../../lib/codemirror")):"function"==typeof define&&define.amd?define(["../../lib/codemirror"],t):t(CodeMirror)}(function(t){"use strict";var e={autoSelfClosers:{area:!0,base:!0,br:!0,col:!0,command:!0,embed:!0,frame:!0,hr:!0,img:!0,input:!0,keygen:!0,link:!0,meta:!0,param:!0,source:!0,track:!0,wbr:!0,menuitem:!0},implicitlyClosed:{dd:!0,li:!0,optgroup:!0,option:!0,p:!0,rp:!0,rt:!0,tbody:!0,td:!0,tfoot:!0,th:!0,tr:!0},contextGrabbers:{dd:{dd:!0,dt:!0},dt:{dd:!0,dt:!0},li:{li:!0},option:{option:!0,optgroup:!0},optgroup:{optgroup:!0},p:{address:!0,article:!0,aside:!0,blockquote:!0,dir:!0,div:!0,dl:!0,fieldset:!0,footer:!0,form:!0,h1:!0,h2:!0,h3:!0,h4:!0,h5:!0,h6:!0,header:!0,hgroup:!0,hr:!0,menu:!0,nav:!0,ol:!0,p:!0,pre:!0,section:!0,table:!0,ul:!0},rp:{rp:!0,rt:!0},rt:{rp:!0,rt:!0},tbody:{tbody:!0,tfoot:!0},td:{td:!0,th:!0},tfoot:{tbody:!0},th:{td:!0,th:!0},thead:{tbody:!0,tfoot:!0},tr:{tr:!0}},doNotIndent:{pre:!0},allowUnquoted:!0,allowMissing:!0,caseFold:!0},n={autoSelfClosers:{},implicitlyClosed:{},contextGrabbers:{},doNotIndent:{},allowUnquoted:!1,allowMissing:!1,caseFold:!1};t.defineMode("xml",function(r,o){function a(t,e){function n(n){return e.tokenize=n,n(t,e)}var r=t.next();if("<"==r)return t.eat("!")?t.eat("[")?t.match("CDATA[")?n(l("atom","]]>")):null:t.match("--")?n(l("comment","--\x3e")):t.match("DOCTYPE",!0,!0)?(t.eatWhile(/[\w\._\-]/),n(u(1))):null:t.eat("?")?(t.eatWhile(/[\w\._\-]/),e.tokenize=l("meta","?>"),"meta"):(N=t.eat("/")?"closeTag":"openTag",e.tokenize=i,"tag bracket");if("&"==r){return(t.eat("#")?t.eat("x")?t.eatWhile(/[a-fA-F\d]/)&&t.eat(";"):t.eatWhile(/[\d]/)&&t.eat(";"):t.eatWhile(/[\w\.\-:]/)&&t.eat(";"))?"atom":"error"}return t.eatWhile(/[^&<]/),null}function i(t,e){var n=t.next();if(">"==n||"/"==n&&t.eat(">"))return e.tokenize=a,N=">"==n?"endTag":"selfcloseTag","tag bracket";if("="==n)return N="equals",null;if("<"==n){e.tokenize=a,e.state=f,e.tagName=e.tagStart=null;var r=e.tokenize(t,e);return r?r+" tag error":"tag error"}return/[\'\"]/.test(n)?(e.tokenize=function(t){var e=function(e,n){for(;!e.eol();)if(e.next()==t){n.tokenize=i;break}return"string"};return e.isInAttribute=!0,e}(n),e.stringStartCol=t.column(),e.tokenize(t,e)):(t.match(/^[^\s\u00a0=<>\"\']*[^\s\u00a0=<>\"\'\/]/),"word")}function l(t,e){return function(n,r){for(;!n.eol();){if(n.match(e)){r.tokenize=a;break}n.next()}return t}}function u(t){return function(e,n){for(var r;null!=(r=e.next());){if("<"==r)return n.tokenize=u(t+1),n.tokenize(e,n);if(">"==r){if(1==t){n.tokenize=a;break}return n.tokenize=u(t-1),n.tokenize(e,n)}}return"meta"}}function d(t){t.context&&(t.context=t.context.prev)}function c(t,e){for(var n;;){if(!t.context)return;if(n=t.context.tagName,!w.contextGrabbers.hasOwnProperty(n)||!w.contextGrabbers[n].hasOwnProperty(e))return;d(t)}}function f(t,e,n){return"openTag"==t?(n.tagStart=e.column(),s):"closeTag"==t?m:f}function s(t,e,n){return"word"==t?(n.tagName=e.current(),T="tag",h):(T="error",s)}function m(t,e,n){if("word"==t){var r=e.current();return n.context&&n.context.tagName!=r&&w.implicitlyClosed.hasOwnProperty(n.context.tagName)&&d(n),n.context&&n.context.tagName==r||!1===w.matchClosing?(T="tag",g):(T="tag error",p)}return T="error",p}function g(t,e,n){return"endTag"!=t?(T="error",g):(d(n),f)}function p(t,e,n){return T="error",g(t,0,n)}function h(t,e,n){if("word"==t)return T="attribute",x;if("endTag"==t||"selfcloseTag"==t){var r=n.tagName,o=n.tagStart;return n.tagName=n.tagStart=null,"selfcloseTag"==t||w.autoSelfClosers.hasOwnProperty(r)?c(n,r):(c(n,r),n.context=new function(t,e,n){this.prev=t.context,this.tagName=e,this.indent=t.indented,this.startOfLine=n,(w.doNotIndent.hasOwnProperty(e)||t.context&&t.context.noIndent)&&(this.noIndent=!0)}(n,r,o==n.indented)),f}return T="error",h}function x(t,e,n){return"equals"==t?b:(w.allowMissing||(T="error"),h(t,0,n))}function b(t,e,n){return"string"==t?k:"word"==t&&w.allowUnquoted?(T="string",h):(T="error",h(t,0,n))}function k(t,e,n){return"string"==t?k:h(t,0,n)}var v=r.indentUnit,w={},y=o.htmlMode?e:n;for(var z in y)w[z]=y[z];for(var z in o)w[z]=o[z];var N,T;return a.isInText=!0,{startState:function(t){var e={tokenize:a,state:f,indented:t||0,tagName:null,tagStart:null,context:null};return null!=t&&(e.baseIndent=t),e},token:function(t,e){if(!e.tagName&&t.sol()&&(e.indented=t.indentation()),t.eatSpace())return null;N=null;var n=e.tokenize(t,e);return(n||N)&&"comment"!=n&&(T=null,e.state=e.state(N||n,t,e),T&&(n="error"==T?n+" error":T)),n},indent:function(e,n,r){var o=e.context;if(e.tokenize.isInAttribute)return e.tagStart==e.indented?e.stringStartCol+1:e.indented+v;if(o&&o.noIndent)return t.Pass;if(e.tokenize!=i&&e.tokenize!=a)return r?r.match(/^(\s*)/)[0].length:0;if(e.tagName)return!1!==w.multilineTagIndentPastTag?e.tagStart+e.tagName.length+2:e.tagStart+v*(w.multilineTagIndentFactor||1);if(w.alignCDATA&&/<!\[CDATA\[/.test(n))return 0;var l=n&&/^<(\/)?([\w_:\.-]*)/.exec(n);if(l&&l[1])for(;o;){if(o.tagName==l[2]){o=o.prev;break}if(!w.implicitlyClosed.hasOwnProperty(o.tagName))break;o=o.prev}else if(l)for(;o;){var u=w.contextGrabbers[o.tagName];if(!u||!u.hasOwnProperty(l[2]))break;o=o.prev}for(;o&&o.prev&&!o.startOfLine;)o=o.prev;return o?o.indent+v:e.baseIndent||0},electricInput:/<\/[\s\w:]+>$/,blockCommentStart:"\x3c!--",blockCommentEnd:"--\x3e",configuration:w.htmlMode?"html":"xml",helperType:w.htmlMode?"html":"xml",skipAttribute:function(t){t.state==b&&(t.state=h)}}}),t.defineMIME("text/xml","xml"),t.defineMIME("application/xml","xml"),t.mimeModes.hasOwnProperty("text/html")||t.defineMIME("text/html",{name:"xml",htmlMode:!0})});
\ No newline at end of file
diff --git a/chromium/external/pako-1.0.5/pako_inflate.min.js b/chromium/external/pako-1.0.5/pako_inflate.min.js
new file mode 100644
index 000000000000..fdd03f31a5be
--- /dev/null
+++ b/chromium/external/pako-1.0.5/pako_inflate.min.js
@@ -0,0 +1,3290 @@
+/* pako 1.0.5 nodeca/pako */(function(f){if(typeof exports==="object"&&typeof module!=="undefined"){module.exports=f()}else if(typeof define==="function"&&define.amd){define([],f)}else{var g;if(typeof window!=="undefined"){g=window}else if(typeof global!=="undefined"){g=global}else if(typeof self!=="undefined"){g=self}else{g=this}g.pako = f()}})(function(){var define,module,exports;return (function e(t,n,r){function s(o,u){if(!n[o]){if(!t[o]){var a=typeof require=="function"&&require;if(!u&&a)return a(o,!0);if(i)return i(o,!0);var f=new Error("Cannot find module '"+o+"'");throw f.code="MODULE_NOT_FOUND",f}var l=n[o]={exports:{}};t[o][0].call(l.exports,function(e){var n=t[o][1][e];return s(n?n:e)},l,l.exports,e,t,n,r)}return n[o].exports}var i=typeof require=="function"&&require;for(var o=0;o<r.length;o++)s(r[o]);return s})({1:[function(require,module,exports){
+'use strict';
+
+
+var TYPED_OK =  (typeof Uint8Array !== 'undefined') &&
+                (typeof Uint16Array !== 'undefined') &&
+                (typeof Int32Array !== 'undefined');
+
+
+exports.assign = function (obj /*from1, from2, from3, ...*/) {
+  var sources = Array.prototype.slice.call(arguments, 1);
+  while (sources.length) {
+    var source = sources.shift();
+    if (!source) { continue; }
+
+    if (typeof source !== 'object') {
+      throw new TypeError(source + 'must be non-object');
+    }
+
+    for (var p in source) {
+      if (source.hasOwnProperty(p)) {
+        obj[p] = source[p];
+      }
+    }
+  }
+
+  return obj;
+};
+
+
+// reduce buffer size, avoiding mem copy
+exports.shrinkBuf = function (buf, size) {
+  if (buf.length === size) { return buf; }
+  if (buf.subarray) { return buf.subarray(0, size); }
+  buf.length = size;
+  return buf;
+};
+
+
+var fnTyped = {
+  arraySet: function (dest, src, src_offs, len, dest_offs) {
+    if (src.subarray && dest.subarray) {
+      dest.set(src.subarray(src_offs, src_offs + len), dest_offs);
+      return;
+    }
+    // Fallback to ordinary array
+    for (var i = 0; i < len; i++) {
+      dest[dest_offs + i] = src[src_offs + i];
+    }
+  },
+  // Join array of chunks to single array.
+  flattenChunks: function (chunks) {
+    var i, l, len, pos, chunk, result;
+
+    // calculate data length
+    len = 0;
+    for (i = 0, l = chunks.length; i < l; i++) {
+      len += chunks[i].length;
+    }
+
+    // join chunks
+    result = new Uint8Array(len);
+    pos = 0;
+    for (i = 0, l = chunks.length; i < l; i++) {
+      chunk = chunks[i];
+      result.set(chunk, pos);
+      pos += chunk.length;
+    }
+
+    return result;
+  }
+};
+
+var fnUntyped = {
+  arraySet: function (dest, src, src_offs, len, dest_offs) {
+    for (var i = 0; i < len; i++) {
+      dest[dest_offs + i] = src[src_offs + i];
+    }
+  },
+  // Join array of chunks to single array.
+  flattenChunks: function (chunks) {
+    return [].concat.apply([], chunks);
+  }
+};
+
+
+// Enable/Disable typed arrays use, for testing
+//
+exports.setTyped = function (on) {
+  if (on) {
+    exports.Buf8  = Uint8Array;
+    exports.Buf16 = Uint16Array;
+    exports.Buf32 = Int32Array;
+    exports.assign(exports, fnTyped);
+  } else {
+    exports.Buf8  = Array;
+    exports.Buf16 = Array;
+    exports.Buf32 = Array;
+    exports.assign(exports, fnUntyped);
+  }
+};
+
+exports.setTyped(TYPED_OK);
+
+},{}],2:[function(require,module,exports){
+// String encode/decode helpers
+'use strict';
+
+
+var utils = require('./common');
+
+
+// Quick check if we can use fast array to bin string conversion
+//
+// - apply(Array) can fail on Android 2.2
+// - apply(Uint8Array) can fail on iOS 5.1 Safary
+//
+var STR_APPLY_OK = true;
+var STR_APPLY_UIA_OK = true;
+
+try { String.fromCharCode.apply(null, [ 0 ]); } catch (__) { STR_APPLY_OK = false; }
+try { String.fromCharCode.apply(null, new Uint8Array(1)); } catch (__) { STR_APPLY_UIA_OK = false; }
+
+
+// Table with utf8 lengths (calculated by first byte of sequence)
+// Note, that 5 & 6-byte values and some 4-byte values can not be represented in JS,
+// because max possible codepoint is 0x10ffff
+var _utf8len = new utils.Buf8(256);
+for (var q = 0; q < 256; q++) {
+  _utf8len[q] = (q >= 252 ? 6 : q >= 248 ? 5 : q >= 240 ? 4 : q >= 224 ? 3 : q >= 192 ? 2 : 1);
+}
+_utf8len[254] = _utf8len[254] = 1; // Invalid sequence start
+
+
+// convert string to array (typed, when possible)
+exports.string2buf = function (str) {
+  var buf, c, c2, m_pos, i, str_len = str.length, buf_len = 0;
+
+  // count binary size
+  for (m_pos = 0; m_pos < str_len; m_pos++) {
+    c = str.charCodeAt(m_pos);
+    if ((c & 0xfc00) === 0xd800 && (m_pos + 1 < str_len)) {
+      c2 = str.charCodeAt(m_pos + 1);
+      if ((c2 & 0xfc00) === 0xdc00) {
+        c = 0x10000 + ((c - 0xd800) << 10) + (c2 - 0xdc00);
+        m_pos++;
+      }
+    }
+    buf_len += c < 0x80 ? 1 : c < 0x800 ? 2 : c < 0x10000 ? 3 : 4;
+  }
+
+  // allocate buffer
+  buf = new utils.Buf8(buf_len);
+
+  // convert
+  for (i = 0, m_pos = 0; i < buf_len; m_pos++) {
+    c = str.charCodeAt(m_pos);
+    if ((c & 0xfc00) === 0xd800 && (m_pos + 1 < str_len)) {
+      c2 = str.charCodeAt(m_pos + 1);
+      if ((c2 & 0xfc00) === 0xdc00) {
+        c = 0x10000 + ((c - 0xd800) << 10) + (c2 - 0xdc00);
+        m_pos++;
+      }
+    }
+    if (c < 0x80) {
+      /* one byte */
+      buf[i++] = c;
+    } else if (c < 0x800) {
+      /* two bytes */
+      buf[i++] = 0xC0 | (c >>> 6);
+      buf[i++] = 0x80 | (c & 0x3f);
+    } else if (c < 0x10000) {
+      /* three bytes */
+      buf[i++] = 0xE0 | (c >>> 12);
+      buf[i++] = 0x80 | (c >>> 6 & 0x3f);
+      buf[i++] = 0x80 | (c & 0x3f);
+    } else {
+      /* four bytes */
+      buf[i++] = 0xf0 | (c >>> 18);
+      buf[i++] = 0x80 | (c >>> 12 & 0x3f);
+      buf[i++] = 0x80 | (c >>> 6 & 0x3f);
+      buf[i++] = 0x80 | (c & 0x3f);
+    }
+  }
+
+  return buf;
+};
+
+// Helper (used in 2 places)
+function buf2binstring(buf, len) {
+  // use fallback for big arrays to avoid stack overflow
+  if (len < 65537) {
+    if ((buf.subarray && STR_APPLY_UIA_OK) || (!buf.subarray && STR_APPLY_OK)) {
+      return String.fromCharCode.apply(null, utils.shrinkBuf(buf, len));
+    }
+  }
+
+  var result = '';
+  for (var i = 0; i < len; i++) {
+    result += String.fromCharCode(buf[i]);
+  }
+  return result;
+}
+
+
+// Convert byte array to binary string
+exports.buf2binstring = function (buf) {
+  return buf2binstring(buf, buf.length);
+};
+
+
+// Convert binary string (typed, when possible)
+exports.binstring2buf = function (str) {
+  var buf = new utils.Buf8(str.length);
+  for (var i = 0, len = buf.length; i < len; i++) {
+    buf[i] = str.charCodeAt(i);
+  }
+  return buf;
+};
+
+
+// convert array to string
+exports.buf2string = function (buf, max) {
+  var i, out, c, c_len;
+  var len = max || buf.length;
+
+  // Reserve max possible length (2 words per char)
+  // NB: by unknown reasons, Array is significantly faster for
+  //     String.fromCharCode.apply than Uint16Array.
+  var utf16buf = new Array(len * 2);
+
+  for (out = 0, i = 0; i < len;) {
+    c = buf[i++];
+    // quick process ascii
+    if (c < 0x80) { utf16buf[out++] = c; continue; }
+
+    c_len = _utf8len[c];
+    // skip 5 & 6 byte codes
+    if (c_len > 4) { utf16buf[out++] = 0xfffd; i += c_len - 1; continue; }
+
+    // apply mask on first byte
+    c &= c_len === 2 ? 0x1f : c_len === 3 ? 0x0f : 0x07;
+    // join the rest
+    while (c_len > 1 && i < len) {
+      c = (c << 6) | (buf[i++] & 0x3f);
+      c_len--;
+    }
+
+    // terminated by end of string?
+    if (c_len > 1) { utf16buf[out++] = 0xfffd; continue; }
+
+    if (c < 0x10000) {
+      utf16buf[out++] = c;
+    } else {
+      c -= 0x10000;
+      utf16buf[out++] = 0xd800 | ((c >> 10) & 0x3ff);
+      utf16buf[out++] = 0xdc00 | (c & 0x3ff);
+    }
+  }
+
+  return buf2binstring(utf16buf, out);
+};
+
+
+// Calculate max possible position in utf8 buffer,
+// that will not break sequence. If that's not possible
+// - (very small limits) return max size as is.
+//
+// buf[] - utf8 bytes array
+// max   - length limit (mandatory);
+exports.utf8border = function (buf, max) {
+  var pos;
+
+  max = max || buf.length;
+  if (max > buf.length) { max = buf.length; }
+
+  // go back from last position, until start of sequence found
+  pos = max - 1;
+  while (pos >= 0 && (buf[pos] & 0xC0) === 0x80) { pos--; }
+
+  // Fuckup - very small and broken sequence,
+  // return max, because we should return something anyway.
+  if (pos < 0) { return max; }
+
+  // If we came to start of buffer - that means vuffer is too small,
+  // return max too.
+  if (pos === 0) { return max; }
+
+  return (pos + _utf8len[buf[pos]] > max) ? pos : max;
+};
+
+},{"./common":1}],3:[function(require,module,exports){
+'use strict';
+
+// Note: adler32 takes 12% for level 0 and 2% for level 6.
+// It doesn't worth to make additional optimizationa as in original.
+// Small size is preferable.
+
+// (C) 1995-2013 Jean-loup Gailly and Mark Adler
+// (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin
+//
+// This software is provided 'as-is', without any express or implied
+// warranty. In no event will the authors be held liable for any damages
+// arising from the use of this software.
+//
+// Permission is granted to anyone to use this software for any purpose,
+// including commercial applications, and to alter it and redistribute it
+// freely, subject to the following restrictions:
+//
+// 1. The origin of this software must not be misrepresented; you must not
+//   claim that you wrote the original software. If you use this software
+//   in a product, an acknowledgment in the product documentation would be
+//   appreciated but is not required.
+// 2. Altered source versions must be plainly marked as such, and must not be
+//   misrepresented as being the original software.
+// 3. This notice may not be removed or altered from any source distribution.
+
+function adler32(adler, buf, len, pos) {
+  var s1 = (adler & 0xffff) |0,
+      s2 = ((adler >>> 16) & 0xffff) |0,
+      n = 0;
+
+  while (len !== 0) {
+    // Set limit ~ twice less than 5552, to keep
+    // s2 in 31-bits, because we force signed ints.
+    // in other case %= will fail.
+    n = len > 2000 ? 2000 : len;
+    len -= n;
+
+    do {
+      s1 = (s1 + buf[pos++]) |0;
+      s2 = (s2 + s1) |0;
+    } while (--n);
+
+    s1 %= 65521;
+    s2 %= 65521;
+  }
+
+  return (s1 | (s2 << 16)) |0;
+}
+
+
+module.exports = adler32;
+
+},{}],4:[function(require,module,exports){
+'use strict';
+
+// (C) 1995-2013 Jean-loup Gailly and Mark Adler
+// (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin
+//
+// This software is provided 'as-is', without any express or implied
+// warranty. In no event will the authors be held liable for any damages
+// arising from the use of this software.
+//
+// Permission is granted to anyone to use this software for any purpose,
+// including commercial applications, and to alter it and redistribute it
+// freely, subject to the following restrictions:
+//
+// 1. The origin of this software must not be misrepresented; you must not
+//   claim that you wrote the original software. If you use this software
+//   in a product, an acknowledgment in the product documentation would be
+//   appreciated but is not required.
+// 2. Altered source versions must be plainly marked as such, and must not be
+//   misrepresented as being the original software.
+// 3. This notice may not be removed or altered from any source distribution.
+
+module.exports = {
+
+  /* Allowed flush values; see deflate() and inflate() below for details */
+  Z_NO_FLUSH:         0,
+  Z_PARTIAL_FLUSH:    1,
+  Z_SYNC_FLUSH:       2,
+  Z_FULL_FLUSH:       3,
+  Z_FINISH:           4,
+  Z_BLOCK:            5,
+  Z_TREES:            6,
+
+  /* Return codes for the compression/decompression functions. Negative values
+  * are errors, positive values are used for special but normal events.
+  */
+  Z_OK:               0,
+  Z_STREAM_END:       1,
+  Z_NEED_DICT:        2,
+  Z_ERRNO:           -1,
+  Z_STREAM_ERROR:    -2,
+  Z_DATA_ERROR:      -3,
+  //Z_MEM_ERROR:     -4,
+  Z_BUF_ERROR:       -5,
+  //Z_VERSION_ERROR: -6,
+
+  /* compression levels */
+  Z_NO_COMPRESSION:         0,
+  Z_BEST_SPEED:             1,
+  Z_BEST_COMPRESSION:       9,
+  Z_DEFAULT_COMPRESSION:   -1,
+
+
+  Z_FILTERED:               1,
+  Z_HUFFMAN_ONLY:           2,
+  Z_RLE:                    3,
+  Z_FIXED:                  4,
+  Z_DEFAULT_STRATEGY:       0,
+
+  /* Possible values of the data_type field (though see inflate()) */
+  Z_BINARY:                 0,
+  Z_TEXT:                   1,
+  //Z_ASCII:                1, // = Z_TEXT (deprecated)
+  Z_UNKNOWN:                2,
+
+  /* The deflate compression method */
+  Z_DEFLATED:               8
+  //Z_NULL:                 null // Use -1 or null inline, depending on var type
+};
+
+},{}],5:[function(require,module,exports){
+'use strict';
+
+// Note: we can't get significant speed boost here.
+// So write code to minimize size - no pregenerated tables
+// and array tools dependencies.
+
+// (C) 1995-2013 Jean-loup Gailly and Mark Adler
+// (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin
+//
+// This software is provided 'as-is', without any express or implied
+// warranty. In no event will the authors be held liable for any damages
+// arising from the use of this software.
+//
+// Permission is granted to anyone to use this software for any purpose,
+// including commercial applications, and to alter it and redistribute it
+// freely, subject to the following restrictions:
+//
+// 1. The origin of this software must not be misrepresented; you must not
+//   claim that you wrote the original software. If you use this software
+//   in a product, an acknowledgment in the product documentation would be
+//   appreciated but is not required.
+// 2. Altered source versions must be plainly marked as such, and must not be
+//   misrepresented as being the original software.
+// 3. This notice may not be removed or altered from any source distribution.
+
+// Use ordinary array, since untyped makes no boost here
+function makeTable() {
+  var c, table = [];
+
+  for (var n = 0; n < 256; n++) {
+    c = n;
+    for (var k = 0; k < 8; k++) {
+      c = ((c & 1) ? (0xEDB88320 ^ (c >>> 1)) : (c >>> 1));
+    }
+    table[n] = c;
+  }
+
+  return table;
+}
+
+// Create table on load. Just 255 signed longs. Not a problem.
+var crcTable = makeTable();
+
+
+function crc32(crc, buf, len, pos) {
+  var t = crcTable,
+      end = pos + len;
+
+  crc ^= -1;
+
+  for (var i = pos; i < end; i++) {
+    crc = (crc >>> 8) ^ t[(crc ^ buf[i]) & 0xFF];
+  }
+
+  return (crc ^ (-1)); // >>> 0;
+}
+
+
+module.exports = crc32;
+
+},{}],6:[function(require,module,exports){
+'use strict';
+
+// (C) 1995-2013 Jean-loup Gailly and Mark Adler
+// (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin
+//
+// This software is provided 'as-is', without any express or implied
+// warranty. In no event will the authors be held liable for any damages
+// arising from the use of this software.
+//
+// Permission is granted to anyone to use this software for any purpose,
+// including commercial applications, and to alter it and redistribute it
+// freely, subject to the following restrictions:
+//
+// 1. The origin of this software must not be misrepresented; you must not
+//   claim that you wrote the original software. If you use this software
+//   in a product, an acknowledgment in the product documentation would be
+//   appreciated but is not required.
+// 2. Altered source versions must be plainly marked as such, and must not be
+//   misrepresented as being the original software.
+// 3. This notice may not be removed or altered from any source distribution.
+
+function GZheader() {
+  /* true if compressed data believed to be text */
+  this.text       = 0;
+  /* modification time */
+  this.time       = 0;
+  /* extra flags (not used when writing a gzip file) */
+  this.xflags     = 0;
+  /* operating system */
+  this.os         = 0;
+  /* pointer to extra field or Z_NULL if none */
+  this.extra      = null;
+  /* extra field length (valid if extra != Z_NULL) */
+  this.extra_len  = 0; // Actually, we don't need it in JS,
+                       // but leave for few code modifications
+
+  //
+  // Setup limits is not necessary because in js we should not preallocate memory
+  // for inflate use constant limit in 65536 bytes
+  //
+
+  /* space at extra (only when reading header) */
+  // this.extra_max  = 0;
+  /* pointer to zero-terminated file name or Z_NULL */
+  this.name       = '';
+  /* space at name (only when reading header) */
+  // this.name_max   = 0;
+  /* pointer to zero-terminated comment or Z_NULL */
+  this.comment    = '';
+  /* space at comment (only when reading header) */
+  // this.comm_max   = 0;
+  /* true if there was or will be a header crc */
+  this.hcrc       = 0;
+  /* true when done reading gzip header (not used when writing a gzip file) */
+  this.done       = false;
+}
+
+module.exports = GZheader;
+
+},{}],7:[function(require,module,exports){
+'use strict';
+
+// (C) 1995-2013 Jean-loup Gailly and Mark Adler
+// (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin
+//
+// This software is provided 'as-is', without any express or implied
+// warranty. In no event will the authors be held liable for any damages
+// arising from the use of this software.
+//
+// Permission is granted to anyone to use this software for any purpose,
+// including commercial applications, and to alter it and redistribute it
+// freely, subject to the following restrictions:
+//
+// 1. The origin of this software must not be misrepresented; you must not
+//   claim that you wrote the original software. If you use this software
+//   in a product, an acknowledgment in the product documentation would be
+//   appreciated but is not required.
+// 2. Altered source versions must be plainly marked as such, and must not be
+//   misrepresented as being the original software.
+// 3. This notice may not be removed or altered from any source distribution.
+
+// See state defs from inflate.js
+var BAD = 30;       /* got a data error -- remain here until reset */
+var TYPE = 12;      /* i: waiting for type bits, including last-flag bit */
+
+/*
+   Decode literal, length, and distance codes and write out the resulting
+   literal and match bytes until either not enough input or output is
+   available, an end-of-block is encountered, or a data error is encountered.
+   When large enough input and output buffers are supplied to inflate(), for
+   example, a 16K input buffer and a 64K output buffer, more than 95% of the
+   inflate execution time is spent in this routine.
+
+   Entry assumptions:
+
+        state.mode === LEN
+        strm.avail_in >= 6
+        strm.avail_out >= 258
+        start >= strm.avail_out
+        state.bits < 8
+
+   On return, state.mode is one of:
+
+        LEN -- ran out of enough output space or enough available input
+        TYPE -- reached end of block code, inflate() to interpret next block
+        BAD -- error in block data
+
+   Notes:
+
+    - The maximum input bits used by a length/distance pair is 15 bits for the
+      length code, 5 bits for the length extra, 15 bits for the distance code,
+      and 13 bits for the distance extra.  This totals 48 bits, or six bytes.
+      Therefore if strm.avail_in >= 6, then there is enough input to avoid
+      checking for available input while decoding.
+
+    - The maximum bytes that a single length/distance pair can output is 258
+      bytes, which is the maximum length that can be coded.  inflate_fast()
+      requires strm.avail_out >= 258 for each loop to avoid checking for
+      output space.
+ */
+module.exports = function inflate_fast(strm, start) {
+  var state;
+  var _in;                    /* local strm.input */
+  var last;                   /* have enough input while in < last */
+  var _out;                   /* local strm.output */
+  var beg;                    /* inflate()'s initial strm.output */
+  var end;                    /* while out < end, enough space available */
+//#ifdef INFLATE_STRICT
+  var dmax;                   /* maximum distance from zlib header */
+//#endif
+  var wsize;                  /* window size or zero if not using window */
+  var whave;                  /* valid bytes in the window */
+  var wnext;                  /* window write index */
+  // Use `s_window` instead `window`, avoid conflict with instrumentation tools
+  var s_window;               /* allocated sliding window, if wsize != 0 */
+  var hold;                   /* local strm.hold */
+  var bits;                   /* local strm.bits */
+  var lcode;                  /* local strm.lencode */
+  var dcode;                  /* local strm.distcode */
+  var lmask;                  /* mask for first level of length codes */
+  var dmask;                  /* mask for first level of distance codes */
+  var here;                   /* retrieved table entry */
+  var op;                     /* code bits, operation, extra bits, or */
+                              /*  window position, window bytes to copy */
+  var len;                    /* match length, unused bytes */
+  var dist;                   /* match distance */
+  var from;                   /* where to copy match from */
+  var from_source;
+
+
+  var input, output; // JS specific, because we have no pointers
+
+  /* copy state to local variables */
+  state = strm.state;
+  //here = state.here;
+  _in = strm.next_in;
+  input = strm.input;
+  last = _in + (strm.avail_in - 5);
+  _out = strm.next_out;
+  output = strm.output;
+  beg = _out - (start - strm.avail_out);
+  end = _out + (strm.avail_out - 257);
+//#ifdef INFLATE_STRICT
+  dmax = state.dmax;
+//#endif
+  wsize = state.wsize;
+  whave = state.whave;
+  wnext = state.wnext;
+  s_window = state.window;
+  hold = state.hold;
+  bits = state.bits;
+  lcode = state.lencode;
+  dcode = state.distcode;
+  lmask = (1 << state.lenbits) - 1;
+  dmask = (1 << state.distbits) - 1;
+
+
+  /* decode literals and length/distances until end-of-block or not enough
+     input data or output space */
+
+  top:
+  do {
+    if (bits < 15) {
+      hold += input[_in++] << bits;
+      bits += 8;
+      hold += input[_in++] << bits;
+      bits += 8;
+    }
+
+    here = lcode[hold & lmask];
+
+    dolen:
+    for (;;) { // Goto emulation
+      op = here >>> 24/*here.bits*/;
+      hold >>>= op;
+      bits -= op;
+      op = (here >>> 16) & 0xff/*here.op*/;
+      if (op === 0) {                          /* literal */
+        //Tracevv((stderr, here.val >= 0x20 && here.val < 0x7f ?
+        //        "inflate:         literal '%c'\n" :
+        //        "inflate:         literal 0x%02x\n", here.val));
+        output[_out++] = here & 0xffff/*here.val*/;
+      }
+      else if (op & 16) {                     /* length base */
+        len = here & 0xffff/*here.val*/;
+        op &= 15;                           /* number of extra bits */
+        if (op) {
+          if (bits < op) {
+            hold += input[_in++] << bits;
+            bits += 8;
+          }
+          len += hold & ((1 << op) - 1);
+          hold >>>= op;
+          bits -= op;
+        }
+        //Tracevv((stderr, "inflate:         length %u\n", len));
+        if (bits < 15) {
+          hold += input[_in++] << bits;
+          bits += 8;
+          hold += input[_in++] << bits;
+          bits += 8;
+        }
+        here = dcode[hold & dmask];
+
+        dodist:
+        for (;;) { // goto emulation
+          op = here >>> 24/*here.bits*/;
+          hold >>>= op;
+          bits -= op;
+          op = (here >>> 16) & 0xff/*here.op*/;
+
+          if (op & 16) {                      /* distance base */
+            dist = here & 0xffff/*here.val*/;
+            op &= 15;                       /* number of extra bits */
+            if (bits < op) {
+              hold += input[_in++] << bits;
+              bits += 8;
+              if (bits < op) {
+                hold += input[_in++] << bits;
+                bits += 8;
+              }
+            }
+            dist += hold & ((1 << op) - 1);
+//#ifdef INFLATE_STRICT
+            if (dist > dmax) {
+              strm.msg = 'invalid distance too far back';
+              state.mode = BAD;
+              break top;
+            }
+//#endif
+            hold >>>= op;
+            bits -= op;
+            //Tracevv((stderr, "inflate:         distance %u\n", dist));
+            op = _out - beg;                /* max distance in output */
+            if (dist > op) {                /* see if copy from window */
+              op = dist - op;               /* distance back in window */
+              if (op > whave) {
+                if (state.sane) {
+                  strm.msg = 'invalid distance too far back';
+                  state.mode = BAD;
+                  break top;
+                }
+
+// (!) This block is disabled in zlib defailts,
+// don't enable it for binary compatibility
+//#ifdef INFLATE_ALLOW_INVALID_DISTANCE_TOOFAR_ARRR
+//                if (len <= op - whave) {
+//                  do {
+//                    output[_out++] = 0;
+//                  } while (--len);
+//                  continue top;
+//                }
+//                len -= op - whave;
+//                do {
+//                  output[_out++] = 0;
+//                } while (--op > whave);
+//                if (op === 0) {
+//                  from = _out - dist;
+//                  do {
+//                    output[_out++] = output[from++];
+//                  } while (--len);
+//                  continue top;
+//                }
+//#endif
+              }
+              from = 0; // window index
+              from_source = s_window;
+              if (wnext === 0) {           /* very common case */
+                from += wsize - op;
+                if (op < len) {         /* some from window */
+                  len -= op;
+                  do {
+                    output[_out++] = s_window[from++];
+                  } while (--op);
+                  from = _out - dist;  /* rest from output */
+                  from_source = output;
+                }
+              }
+              else if (wnext < op) {      /* wrap around window */
+                from += wsize + wnext - op;
+                op -= wnext;
+                if (op < len) {         /* some from end of window */
+                  len -= op;
+                  do {
+                    output[_out++] = s_window[from++];
+                  } while (--op);
+                  from = 0;
+                  if (wnext < len) {  /* some from start of window */
+                    op = wnext;
+                    len -= op;
+                    do {
+                      output[_out++] = s_window[from++];
+                    } while (--op);
+                    from = _out - dist;      /* rest from output */
+                    from_source = output;
+                  }
+                }
+              }
+              else {                      /* contiguous in window */
+                from += wnext - op;
+                if (op < len) {         /* some from window */
+                  len -= op;
+                  do {
+                    output[_out++] = s_window[from++];
+                  } while (--op);
+                  from = _out - dist;  /* rest from output */
+                  from_source = output;
+                }
+              }
+              while (len > 2) {
+                output[_out++] = from_source[from++];
+                output[_out++] = from_source[from++];
+                output[_out++] = from_source[from++];
+                len -= 3;
+              }
+              if (len) {
+                output[_out++] = from_source[from++];
+                if (len > 1) {
+                  output[_out++] = from_source[from++];
+                }
+              }
+            }
+            else {
+              from = _out - dist;          /* copy direct from output */
+              do {                        /* minimum length is three */
+                output[_out++] = output[from++];
+                output[_out++] = output[from++];
+                output[_out++] = output[from++];
+                len -= 3;
+              } while (len > 2);
+              if (len) {
+                output[_out++] = output[from++];
+                if (len > 1) {
+                  output[_out++] = output[from++];
+                }
+              }
+            }
+          }
+          else if ((op & 64) === 0) {          /* 2nd level distance code */
+            here = dcode[(here & 0xffff)/*here.val*/ + (hold & ((1 << op) - 1))];
+            continue dodist;
+          }
+          else {
+            strm.msg = 'invalid distance code';
+            state.mode = BAD;
+            break top;
+          }
+
+          break; // need to emulate goto via "continue"
+        }
+      }
+      else if ((op & 64) === 0) {              /* 2nd level length code */
+        here = lcode[(here & 0xffff)/*here.val*/ + (hold & ((1 << op) - 1))];
+        continue dolen;
+      }
+      else if (op & 32) {                     /* end-of-block */
+        //Tracevv((stderr, "inflate:         end of block\n"));
+        state.mode = TYPE;
+        break top;
+      }
+      else {
+        strm.msg = 'invalid literal/length code';
+        state.mode = BAD;
+        break top;
+      }
+
+      break; // need to emulate goto via "continue"
+    }
+  } while (_in < last && _out < end);
+
+  /* return unused bytes (on entry, bits < 8, so in won't go too far back) */
+  len = bits >> 3;
+  _in -= len;
+  bits -= len << 3;
+  hold &= (1 << bits) - 1;
+
+  /* update state and return */
+  strm.next_in = _in;
+  strm.next_out = _out;
+  strm.avail_in = (_in < last ? 5 + (last - _in) : 5 - (_in - last));
+  strm.avail_out = (_out < end ? 257 + (end - _out) : 257 - (_out - end));
+  state.hold = hold;
+  state.bits = bits;
+  return;
+};
+
+},{}],8:[function(require,module,exports){
+'use strict';
+
+// (C) 1995-2013 Jean-loup Gailly and Mark Adler
+// (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin
+//
+// This software is provided 'as-is', without any express or implied
+// warranty. In no event will the authors be held liable for any damages
+// arising from the use of this software.
+//
+// Permission is granted to anyone to use this software for any purpose,
+// including commercial applications, and to alter it and redistribute it
+// freely, subject to the following restrictions:
+//
+// 1. The origin of this software must not be misrepresented; you must not
+//   claim that you wrote the original software. If you use this software
+//   in a product, an acknowledgment in the product documentation would be
+//   appreciated but is not required.
+// 2. Altered source versions must be plainly marked as such, and must not be
+//   misrepresented as being the original software.
+// 3. This notice may not be removed or altered from any source distribution.
+
+var utils         = require('../utils/common');
+var adler32       = require('./adler32');
+var crc32         = require('./crc32');
+var inflate_fast  = require('./inffast');
+var inflate_table = require('./inftrees');
+
+var CODES = 0;
+var LENS = 1;
+var DISTS = 2;
+
+/* Public constants ==========================================================*/
+/* ===========================================================================*/
+
+
+/* Allowed flush values; see deflate() and inflate() below for details */
+//var Z_NO_FLUSH      = 0;
+//var Z_PARTIAL_FLUSH = 1;
+//var Z_SYNC_FLUSH    = 2;
+//var Z_FULL_FLUSH    = 3;
+var Z_FINISH        = 4;
+var Z_BLOCK         = 5;
+var Z_TREES         = 6;
+
+
+/* Return codes for the compression/decompression functions. Negative values
+ * are errors, positive values are used for special but normal events.
+ */
+var Z_OK            = 0;
+var Z_STREAM_END    = 1;
+var Z_NEED_DICT     = 2;
+//var Z_ERRNO         = -1;
+var Z_STREAM_ERROR  = -2;
+var Z_DATA_ERROR    = -3;
+var Z_MEM_ERROR     = -4;
+var Z_BUF_ERROR     = -5;
+//var Z_VERSION_ERROR = -6;
+
+/* The deflate compression method */
+var Z_DEFLATED  = 8;
+
+
+/* STATES ====================================================================*/
+/* ===========================================================================*/
+
+
+var    HEAD = 1;       /* i: waiting for magic header */
+var    FLAGS = 2;      /* i: waiting for method and flags (gzip) */
+var    TIME = 3;       /* i: waiting for modification time (gzip) */
+var    OS = 4;         /* i: waiting for extra flags and operating system (gzip) */
+var    EXLEN = 5;      /* i: waiting for extra length (gzip) */
+var    EXTRA = 6;      /* i: waiting for extra bytes (gzip) */
+var    NAME = 7;       /* i: waiting for end of file name (gzip) */
+var    COMMENT = 8;    /* i: waiting for end of comment (gzip) */
+var    HCRC = 9;       /* i: waiting for header crc (gzip) */
+var    DICTID = 10;    /* i: waiting for dictionary check value */
+var    DICT = 11;      /* waiting for inflateSetDictionary() call */
+var        TYPE = 12;      /* i: waiting for type bits, including last-flag bit */
+var        TYPEDO = 13;    /* i: same, but skip check to exit inflate on new block */
+var        STORED = 14;    /* i: waiting for stored size (length and complement) */
+var        COPY_ = 15;     /* i/o: same as COPY below, but only first time in */
+var        COPY = 16;      /* i/o: waiting for input or output to copy stored block */
+var        TABLE = 17;     /* i: waiting for dynamic block table lengths */
+var        LENLENS = 18;   /* i: waiting for code length code lengths */
+var        CODELENS = 19;  /* i: waiting for length/lit and distance code lengths */
+var            LEN_ = 20;      /* i: same as LEN below, but only first time in */
+var            LEN = 21;       /* i: waiting for length/lit/eob code */
+var            LENEXT = 22;    /* i: waiting for length extra bits */
+var            DIST = 23;      /* i: waiting for distance code */
+var            DISTEXT = 24;   /* i: waiting for distance extra bits */
+var            MATCH = 25;     /* o: waiting for output space to copy string */
+var            LIT = 26;       /* o: waiting for output space to write literal */
+var    CHECK = 27;     /* i: waiting for 32-bit check value */
+var    LENGTH = 28;    /* i: waiting for 32-bit length (gzip) */
+var    DONE = 29;      /* finished check, done -- remain here until reset */
+var    BAD = 30;       /* got a data error -- remain here until reset */
+var    MEM = 31;       /* got an inflate() memory error -- remain here until reset */
+var    SYNC = 32;      /* looking for synchronization bytes to restart inflate() */
+
+/* ===========================================================================*/
+
+
+
+var ENOUGH_LENS = 852;
+var ENOUGH_DISTS = 592;
+//var ENOUGH =  (ENOUGH_LENS+ENOUGH_DISTS);
+
+var MAX_WBITS = 15;
+/* 32K LZ77 window */
+var DEF_WBITS = MAX_WBITS;
+
+
+function zswap32(q) {
+  return  (((q >>> 24) & 0xff) +
+          ((q >>> 8) & 0xff00) +
+          ((q & 0xff00) << 8) +
+          ((q & 0xff) << 24));
+}
+
+
+function InflateState() {
+  this.mode = 0;             /* current inflate mode */
+  this.last = false;          /* true if processing last block */
+  this.wrap = 0;              /* bit 0 true for zlib, bit 1 true for gzip */
+  this.havedict = false;      /* true if dictionary provided */
+  this.flags = 0;             /* gzip header method and flags (0 if zlib) */
+  this.dmax = 0;              /* zlib header max distance (INFLATE_STRICT) */
+  this.check = 0;             /* protected copy of check value */
+  this.total = 0;             /* protected copy of output count */
+  // TODO: may be {}
+  this.head = null;           /* where to save gzip header information */
+
+  /* sliding window */
+  this.wbits = 0;             /* log base 2 of requested window size */
+  this.wsize = 0;             /* window size or zero if not using window */
+  this.whave = 0;             /* valid bytes in the window */
+  this.wnext = 0;             /* window write index */
+  this.window = null;         /* allocated sliding window, if needed */
+
+  /* bit accumulator */
+  this.hold = 0;              /* input bit accumulator */
+  this.bits = 0;              /* number of bits in "in" */
+
+  /* for string and stored block copying */
+  this.length = 0;            /* literal or length of data to copy */
+  this.offset = 0;            /* distance back to copy string from */
+
+  /* for table and code decoding */
+  this.extra = 0;             /* extra bits needed */
+
+  /* fixed and dynamic code tables */
+  this.lencode = null;          /* starting table for length/literal codes */
+  this.distcode = null;         /* starting table for distance codes */
+  this.lenbits = 0;           /* index bits for lencode */
+  this.distbits = 0;          /* index bits for distcode */
+
+  /* dynamic table building */
+  this.ncode = 0;             /* number of code length code lengths */
+  this.nlen = 0;              /* number of length code lengths */
+  this.ndist = 0;             /* number of distance code lengths */
+  this.have = 0;              /* number of code lengths in lens[] */
+  this.next = null;              /* next available space in codes[] */
+
+  this.lens = new utils.Buf16(320); /* temporary storage for code lengths */
+  this.work = new utils.Buf16(288); /* work area for code table building */
+
+  /*
+   because we don't have pointers in js, we use lencode and distcode directly
+   as buffers so we don't need codes
+  */
+  //this.codes = new utils.Buf32(ENOUGH);       /* space for code tables */
+  this.lendyn = null;              /* dynamic table for length/literal codes (JS specific) */
+  this.distdyn = null;             /* dynamic table for distance codes (JS specific) */
+  this.sane = 0;                   /* if false, allow invalid distance too far */
+  this.back = 0;                   /* bits back of last unprocessed length/lit */
+  this.was = 0;                    /* initial length of match */
+}
+
+function inflateResetKeep(strm) {
+  var state;
+
+  if (!strm || !strm.state) { return Z_STREAM_ERROR; }
+  state = strm.state;
+  strm.total_in = strm.total_out = state.total = 0;
+  strm.msg = ''; /*Z_NULL*/
+  if (state.wrap) {       /* to support ill-conceived Java test suite */
+    strm.adler = state.wrap & 1;
+  }
+  state.mode = HEAD;
+  state.last = 0;
+  state.havedict = 0;
+  state.dmax = 32768;
+  state.head = null/*Z_NULL*/;
+  state.hold = 0;
+  state.bits = 0;
+  //state.lencode = state.distcode = state.next = state.codes;
+  state.lencode = state.lendyn = new utils.Buf32(ENOUGH_LENS);
+  state.distcode = state.distdyn = new utils.Buf32(ENOUGH_DISTS);
+
+  state.sane = 1;
+  state.back = -1;
+  //Tracev((stderr, "inflate: reset\n"));
+  return Z_OK;
+}
+
+function inflateReset(strm) {
+  var state;
+
+  if (!strm || !strm.state) { return Z_STREAM_ERROR; }
+  state = strm.state;
+  state.wsize = 0;
+  state.whave = 0;
+  state.wnext = 0;
+  return inflateResetKeep(strm);
+
+}
+
+function inflateReset2(strm, windowBits) {
+  var wrap;
+  var state;
+
+  /* get the state */
+  if (!strm || !strm.state) { return Z_STREAM_ERROR; }
+  state = strm.state;
+
+  /* extract wrap request from windowBits parameter */
+  if (windowBits < 0) {
+    wrap = 0;
+    windowBits = -windowBits;
+  }
+  else {
+    wrap = (windowBits >> 4) + 1;
+    if (windowBits < 48) {
+      windowBits &= 15;
+    }
+  }
+
+  /* set number of window bits, free window if different */
+  if (windowBits && (windowBits < 8 || windowBits > 15)) {
+    return Z_STREAM_ERROR;
+  }
+  if (state.window !== null && state.wbits !== windowBits) {
+    state.window = null;
+  }
+
+  /* update state and reset the rest of it */
+  state.wrap = wrap;
+  state.wbits = windowBits;
+  return inflateReset(strm);
+}
+
+function inflateInit2(strm, windowBits) {
+  var ret;
+  var state;
+
+  if (!strm) { return Z_STREAM_ERROR; }
+  //strm.msg = Z_NULL;                 /* in case we return an error */
+
+  state = new InflateState();
+
+  //if (state === Z_NULL) return Z_MEM_ERROR;
+  //Tracev((stderr, "inflate: allocated\n"));
+  strm.state = state;
+  state.window = null/*Z_NULL*/;
+  ret = inflateReset2(strm, windowBits);
+  if (ret !== Z_OK) {
+    strm.state = null/*Z_NULL*/;
+  }
+  return ret;
+}
+
+function inflateInit(strm) {
+  return inflateInit2(strm, DEF_WBITS);
+}
+
+
+/*
+ Return state with length and distance decoding tables and index sizes set to
+ fixed code decoding.  Normally this returns fixed tables from inffixed.h.
+ If BUILDFIXED is defined, then instead this routine builds the tables the
+ first time it's called, and returns those tables the first time and
+ thereafter.  This reduces the size of the code by about 2K bytes, in
+ exchange for a little execution time.  However, BUILDFIXED should not be
+ used for threaded applications, since the rewriting of the tables and virgin
+ may not be thread-safe.
+ */
+var virgin = true;
+
+var lenfix, distfix; // We have no pointers in JS, so keep tables separate
+
+function fixedtables(state) {
+  /* build fixed huffman tables if first call (may not be thread safe) */
+  if (virgin) {
+    var sym;
+
+    lenfix = new utils.Buf32(512);
+    distfix = new utils.Buf32(32);
+
+    /* literal/length table */
+    sym = 0;
+    while (sym < 144) { state.lens[sym++] = 8; }
+    while (sym < 256) { state.lens[sym++] = 9; }
+    while (sym < 280) { state.lens[sym++] = 7; }
+    while (sym < 288) { state.lens[sym++] = 8; }
+
+    inflate_table(LENS,  state.lens, 0, 288, lenfix,   0, state.work, { bits: 9 });
+
+    /* distance table */
+    sym = 0;
+    while (sym < 32) { state.lens[sym++] = 5; }
+
+    inflate_table(DISTS, state.lens, 0, 32,   distfix, 0, state.work, { bits: 5 });
+
+    /* do this just once */
+    virgin = false;
+  }
+
+  state.lencode = lenfix;
+  state.lenbits = 9;
+  state.distcode = distfix;
+  state.distbits = 5;
+}
+
+
+/*
+ Update the window with the last wsize (normally 32K) bytes written before
+ returning.  If window does not exist yet, create it.  This is only called
+ when a window is already in use, or when output has been written during this
+ inflate call, but the end of the deflate stream has not been reached yet.
+ It is also called to create a window for dictionary data when a dictionary
+ is loaded.
+
+ Providing output buffers larger than 32K to inflate() should provide a speed
+ advantage, since only the last 32K of output is copied to the sliding window
+ upon return from inflate(), and since all distances after the first 32K of
+ output will fall in the output data, making match copies simpler and faster.
+ The advantage may be dependent on the size of the processor's data caches.
+ */
+function updatewindow(strm, src, end, copy) {
+  var dist;
+  var state = strm.state;
+
+  /* if it hasn't been done already, allocate space for the window */
+  if (state.window === null) {
+    state.wsize = 1 << state.wbits;
+    state.wnext = 0;
+    state.whave = 0;
+
+    state.window = new utils.Buf8(state.wsize);
+  }
+
+  /* copy state->wsize or less output bytes into the circular window */
+  if (copy >= state.wsize) {
+    utils.arraySet(state.window, src, end - state.wsize, state.wsize, 0);
+    state.wnext = 0;
+    state.whave = state.wsize;
+  }
+  else {
+    dist = state.wsize - state.wnext;
+    if (dist > copy) {
+      dist = copy;
+    }
+    //zmemcpy(state->window + state->wnext, end - copy, dist);
+    utils.arraySet(state.window, src, end - copy, dist, state.wnext);
+    copy -= dist;
+    if (copy) {
+      //zmemcpy(state->window, end - copy, copy);
+      utils.arraySet(state.window, src, end - copy, copy, 0);
+      state.wnext = copy;
+      state.whave = state.wsize;
+    }
+    else {
+      state.wnext += dist;
+      if (state.wnext === state.wsize) { state.wnext = 0; }
+      if (state.whave < state.wsize) { state.whave += dist; }
+    }
+  }
+  return 0;
+}
+
+function inflate(strm, flush) {
+  var state;
+  var input, output;          // input/output buffers
+  var next;                   /* next input INDEX */
+  var put;                    /* next output INDEX */
+  var have, left;             /* available input and output */
+  var hold;                   /* bit buffer */
+  var bits;                   /* bits in bit buffer */
+  var _in, _out;              /* save starting available input and output */
+  var copy;                   /* number of stored or match bytes to copy */
+  var from;                   /* where to copy match bytes from */
+  var from_source;
+  var here = 0;               /* current decoding table entry */
+  var here_bits, here_op, here_val; // paked "here" denormalized (JS specific)
+  //var last;                   /* parent table entry */
+  var last_bits, last_op, last_val; // paked "last" denormalized (JS specific)
+  var len;                    /* length to copy for repeats, bits to drop */
+  var ret;                    /* return code */
+  var hbuf = new utils.Buf8(4);    /* buffer for gzip header crc calculation */
+  var opts;
+
+  var n; // temporary var for NEED_BITS
+
+  var order = /* permutation of code lengths */
+    [ 16, 17, 18, 0, 8, 7, 9, 6, 10, 5, 11, 4, 12, 3, 13, 2, 14, 1, 15 ];
+
+
+  if (!strm || !strm.state || !strm.output ||
+      (!strm.input && strm.avail_in !== 0)) {
+    return Z_STREAM_ERROR;
+  }
+
+  state = strm.state;
+  if (state.mode === TYPE) { state.mode = TYPEDO; }    /* skip check */
+
+
+  //--- LOAD() ---
+  put = strm.next_out;
+  output = strm.output;
+  left = strm.avail_out;
+  next = strm.next_in;
+  input = strm.input;
+  have = strm.avail_in;
+  hold = state.hold;
+  bits = state.bits;
+  //---
+
+  _in = have;
+  _out = left;
+  ret = Z_OK;
+
+  inf_leave: // goto emulation
+  for (;;) {
+    switch (state.mode) {
+    case HEAD:
+      if (state.wrap === 0) {
+        state.mode = TYPEDO;
+        break;
+      }
+      //=== NEEDBITS(16);
+      while (bits < 16) {
+        if (have === 0) { break inf_leave; }
+        have--;
+        hold += input[next++] << bits;
+        bits += 8;
+      }
+      //===//
+      if ((state.wrap & 2) && hold === 0x8b1f) {  /* gzip header */
+        state.check = 0/*crc32(0L, Z_NULL, 0)*/;
+        //=== CRC2(state.check, hold);
+        hbuf[0] = hold & 0xff;
+        hbuf[1] = (hold >>> 8) & 0xff;
+        state.check = crc32(state.check, hbuf, 2, 0);
+        //===//
+
+        //=== INITBITS();
+        hold = 0;
+        bits = 0;
+        //===//
+        state.mode = FLAGS;
+        break;
+      }
+      state.flags = 0;           /* expect zlib header */
+      if (state.head) {
+        state.head.done = false;
+      }
+      if (!(state.wrap & 1) ||   /* check if zlib header allowed */
+        (((hold & 0xff)/*BITS(8)*/ << 8) + (hold >> 8)) % 31) {
+        strm.msg = 'incorrect header check';
+        state.mode = BAD;
+        break;
+      }
+      if ((hold & 0x0f)/*BITS(4)*/ !== Z_DEFLATED) {
+        strm.msg = 'unknown compression method';
+        state.mode = BAD;
+        break;
+      }
+      //--- DROPBITS(4) ---//
+      hold >>>= 4;
+      bits -= 4;
+      //---//
+      len = (hold & 0x0f)/*BITS(4)*/ + 8;
+      if (state.wbits === 0) {
+        state.wbits = len;
+      }
+      else if (len > state.wbits) {
+        strm.msg = 'invalid window size';
+        state.mode = BAD;
+        break;
+      }
+      state.dmax = 1 << len;
+      //Tracev((stderr, "inflate:   zlib header ok\n"));
+      strm.adler = state.check = 1/*adler32(0L, Z_NULL, 0)*/;
+      state.mode = hold & 0x200 ? DICTID : TYPE;
+      //=== INITBITS();
+      hold = 0;
+      bits = 0;
+      //===//
+      break;
+    case FLAGS:
+      //=== NEEDBITS(16); */
+      while (bits < 16) {
+        if (have === 0) { break inf_leave; }
+        have--;
+        hold += input[next++] << bits;
+        bits += 8;
+      }
+      //===//
+      state.flags = hold;
+      if ((state.flags & 0xff) !== Z_DEFLATED) {
+        strm.msg = 'unknown compression method';
+        state.mode = BAD;
+        break;
+      }
+      if (state.flags & 0xe000) {
+        strm.msg = 'unknown header flags set';
+        state.mode = BAD;
+        break;
+      }
+      if (state.head) {
+        state.head.text = ((hold >> 8) & 1);
+      }
+      if (state.flags & 0x0200) {
+        //=== CRC2(state.check, hold);
+        hbuf[0] = hold & 0xff;
+        hbuf[1] = (hold >>> 8) & 0xff;
+        state.check = crc32(state.check, hbuf, 2, 0);
+        //===//
+      }
+      //=== INITBITS();
+      hold = 0;
+      bits = 0;
+      //===//
+      state.mode = TIME;
+      /* falls through */
+    case TIME:
+      //=== NEEDBITS(32); */
+      while (bits < 32) {
+        if (have === 0) { break inf_leave; }
+        have--;
+        hold += input[next++] << bits;
+        bits += 8;
+      }
+      //===//
+      if (state.head) {
+        state.head.time = hold;
+      }
+      if (state.flags & 0x0200) {
+        //=== CRC4(state.check, hold)
+        hbuf[0] = hold & 0xff;
+        hbuf[1] = (hold >>> 8) & 0xff;
+        hbuf[2] = (hold >>> 16) & 0xff;
+        hbuf[3] = (hold >>> 24) & 0xff;
+        state.check = crc32(state.check, hbuf, 4, 0);
+        //===
+      }
+      //=== INITBITS();
+      hold = 0;
+      bits = 0;
+      //===//
+      state.mode = OS;
+      /* falls through */
+    case OS:
+      //=== NEEDBITS(16); */
+      while (bits < 16) {
+        if (have === 0) { break inf_leave; }
+        have--;
+        hold += input[next++] << bits;
+        bits += 8;
+      }
+      //===//
+      if (state.head) {
+        state.head.xflags = (hold & 0xff);
+        state.head.os = (hold >> 8);
+      }
+      if (state.flags & 0x0200) {
+        //=== CRC2(state.check, hold);
+        hbuf[0] = hold & 0xff;
+        hbuf[1] = (hold >>> 8) & 0xff;
+        state.check = crc32(state.check, hbuf, 2, 0);
+        //===//
+      }
+      //=== INITBITS();
+      hold = 0;
+      bits = 0;
+      //===//
+      state.mode = EXLEN;
+      /* falls through */
+    case EXLEN:
+      if (state.flags & 0x0400) {
+        //=== NEEDBITS(16); */
+        while (bits < 16) {
+          if (have === 0) { break inf_leave; }
+          have--;
+          hold += input[next++] << bits;
+          bits += 8;
+        }
+        //===//
+        state.length = hold;
+        if (state.head) {
+          state.head.extra_len = hold;
+        }
+        if (state.flags & 0x0200) {
+          //=== CRC2(state.check, hold);
+          hbuf[0] = hold & 0xff;
+          hbuf[1] = (hold >>> 8) & 0xff;
+          state.check = crc32(state.check, hbuf, 2, 0);
+          //===//
+        }
+        //=== INITBITS();
+        hold = 0;
+        bits = 0;
+        //===//
+      }
+      else if (state.head) {
+        state.head.extra = null/*Z_NULL*/;
+      }
+      state.mode = EXTRA;
+      /* falls through */
+    case EXTRA:
+      if (state.flags & 0x0400) {
+        copy = state.length;
+        if (copy > have) { copy = have; }
+        if (copy) {
+          if (state.head) {
+            len = state.head.extra_len - state.length;
+            if (!state.head.extra) {
+              // Use untyped array for more conveniend processing later
+              state.head.extra = new Array(state.head.extra_len);
+            }
+            utils.arraySet(
+              state.head.extra,
+              input,
+              next,
+              // extra field is limited to 65536 bytes
+              // - no need for additional size check
+              copy,
+              /*len + copy > state.head.extra_max - len ? state.head.extra_max : copy,*/
+              len
+            );
+            //zmemcpy(state.head.extra + len, next,
+            //        len + copy > state.head.extra_max ?
+            //        state.head.extra_max - len : copy);
+          }
+          if (state.flags & 0x0200) {
+            state.check = crc32(state.check, input, copy, next);
+          }
+          have -= copy;
+          next += copy;
+          state.length -= copy;
+        }
+        if (state.length) { break inf_leave; }
+      }
+      state.length = 0;
+      state.mode = NAME;
+      /* falls through */
+    case NAME:
+      if (state.flags & 0x0800) {
+        if (have === 0) { break inf_leave; }
+        copy = 0;
+        do {
+          // TODO: 2 or 1 bytes?
+          len = input[next + copy++];
+          /* use constant limit because in js we should not preallocate memory */
+          if (state.head && len &&
+              (state.length < 65536 /*state.head.name_max*/)) {
+            state.head.name += String.fromCharCode(len);
+          }
+        } while (len && copy < have);
+
+        if (state.flags & 0x0200) {
+          state.check = crc32(state.check, input, copy, next);
+        }
+        have -= copy;
+        next += copy;
+        if (len) { break inf_leave; }
+      }
+      else if (state.head) {
+        state.head.name = null;
+      }
+      state.length = 0;
+      state.mode = COMMENT;
+      /* falls through */
+    case COMMENT:
+      if (state.flags & 0x1000) {
+        if (have === 0) { break inf_leave; }
+        copy = 0;
+        do {
+          len = input[next + copy++];
+          /* use constant limit because in js we should not preallocate memory */
+          if (state.head && len &&
+              (state.length < 65536 /*state.head.comm_max*/)) {
+            state.head.comment += String.fromCharCode(len);
+          }
+        } while (len && copy < have);
+        if (state.flags & 0x0200) {
+          state.check = crc32(state.check, input, copy, next);
+        }
+        have -= copy;
+        next += copy;
+        if (len) { break inf_leave; }
+      }
+      else if (state.head) {
+        state.head.comment = null;
+      }
+      state.mode = HCRC;
+      /* falls through */
+    case HCRC:
+      if (state.flags & 0x0200) {
+        //=== NEEDBITS(16); */
+        while (bits < 16) {
+          if (have === 0) { break inf_leave; }
+          have--;
+          hold += input[next++] << bits;
+          bits += 8;
+        }
+        //===//
+        if (hold !== (state.check & 0xffff)) {
+          strm.msg = 'header crc mismatch';
+          state.mode = BAD;
+          break;
+        }
+        //=== INITBITS();
+        hold = 0;
+        bits = 0;
+        //===//
+      }
+      if (state.head) {
+        state.head.hcrc = ((state.flags >> 9) & 1);
+        state.head.done = true;
+      }
+      strm.adler = state.check = 0;
+      state.mode = TYPE;
+      break;
+    case DICTID:
+      //=== NEEDBITS(32); */
+      while (bits < 32) {
+        if (have === 0) { break inf_leave; }
+        have--;
+        hold += input[next++] << bits;
+        bits += 8;
+      }
+      //===//
+      strm.adler = state.check = zswap32(hold);
+      //=== INITBITS();
+      hold = 0;
+      bits = 0;
+      //===//
+      state.mode = DICT;
+      /* falls through */
+    case DICT:
+      if (state.havedict === 0) {
+        //--- RESTORE() ---
+        strm.next_out = put;
+        strm.avail_out = left;
+        strm.next_in = next;
+        strm.avail_in = have;
+        state.hold = hold;
+        state.bits = bits;
+        //---
+        return Z_NEED_DICT;
+      }
+      strm.adler = state.check = 1/*adler32(0L, Z_NULL, 0)*/;
+      state.mode = TYPE;
+      /* falls through */
+    case TYPE:
+      if (flush === Z_BLOCK || flush === Z_TREES) { break inf_leave; }
+      /* falls through */
+    case TYPEDO:
+      if (state.last) {
+        //--- BYTEBITS() ---//
+        hold >>>= bits & 7;
+        bits -= bits & 7;
+        //---//
+        state.mode = CHECK;
+        break;
+      }
+      //=== NEEDBITS(3); */
+      while (bits < 3) {
+        if (have === 0) { break inf_leave; }
+        have--;
+        hold += input[next++] << bits;
+        bits += 8;
+      }
+      //===//
+      state.last = (hold & 0x01)/*BITS(1)*/;
+      //--- DROPBITS(1) ---//
+      hold >>>= 1;
+      bits -= 1;
+      //---//
+
+      switch ((hold & 0x03)/*BITS(2)*/) {
+      case 0:                             /* stored block */
+        //Tracev((stderr, "inflate:     stored block%s\n",
+        //        state.last ? " (last)" : ""));
+        state.mode = STORED;
+        break;
+      case 1:                             /* fixed block */
+        fixedtables(state);
+        //Tracev((stderr, "inflate:     fixed codes block%s\n",
+        //        state.last ? " (last)" : ""));
+        state.mode = LEN_;             /* decode codes */
+        if (flush === Z_TREES) {
+          //--- DROPBITS(2) ---//
+          hold >>>= 2;
+          bits -= 2;
+          //---//
+          break inf_leave;
+        }
+        break;
+      case 2:                             /* dynamic block */
+        //Tracev((stderr, "inflate:     dynamic codes block%s\n",
+        //        state.last ? " (last)" : ""));
+        state.mode = TABLE;
+        break;
+      case 3:
+        strm.msg = 'invalid block type';
+        state.mode = BAD;
+      }
+      //--- DROPBITS(2) ---//
+      hold >>>= 2;
+      bits -= 2;
+      //---//
+      break;
+    case STORED:
+      //--- BYTEBITS() ---// /* go to byte boundary */
+      hold >>>= bits & 7;
+      bits -= bits & 7;
+      //---//
+      //=== NEEDBITS(32); */
+      while (bits < 32) {
+        if (have === 0) { break inf_leave; }
+        have--;
+        hold += input[next++] << bits;
+        bits += 8;
+      }
+      //===//
+      if ((hold & 0xffff) !== ((hold >>> 16) ^ 0xffff)) {
+        strm.msg = 'invalid stored block lengths';
+        state.mode = BAD;
+        break;
+      }
+      state.length = hold & 0xffff;
+      //Tracev((stderr, "inflate:       stored length %u\n",
+      //        state.length));
+      //=== INITBITS();
+      hold = 0;
+      bits = 0;
+      //===//
+      state.mode = COPY_;
+      if (flush === Z_TREES) { break inf_leave; }
+      /* falls through */
+    case COPY_:
+      state.mode = COPY;
+      /* falls through */
+    case COPY:
+      copy = state.length;
+      if (copy) {
+        if (copy > have) { copy = have; }
+        if (copy > left) { copy = left; }
+        if (copy === 0) { break inf_leave; }
+        //--- zmemcpy(put, next, copy); ---
+        utils.arraySet(output, input, next, copy, put);
+        //---//
+        have -= copy;
+        next += copy;
+        left -= copy;
+        put += copy;
+        state.length -= copy;
+        break;
+      }
+      //Tracev((stderr, "inflate:       stored end\n"));
+      state.mode = TYPE;
+      break;
+    case TABLE:
+      //=== NEEDBITS(14); */
+      while (bits < 14) {
+        if (have === 0) { break inf_leave; }
+        have--;
+        hold += input[next++] << bits;
+        bits += 8;
+      }
+      //===//
+      state.nlen = (hold & 0x1f)/*BITS(5)*/ + 257;
+      //--- DROPBITS(5) ---//
+      hold >>>= 5;
+      bits -= 5;
+      //---//
+      state.ndist = (hold & 0x1f)/*BITS(5)*/ + 1;
+      //--- DROPBITS(5) ---//
+      hold >>>= 5;
+      bits -= 5;
+      //---//
+      state.ncode = (hold & 0x0f)/*BITS(4)*/ + 4;
+      //--- DROPBITS(4) ---//
+      hold >>>= 4;
+      bits -= 4;
+      //---//
+//#ifndef PKZIP_BUG_WORKAROUND
+      if (state.nlen > 286 || state.ndist > 30) {
+        strm.msg = 'too many length or distance symbols';
+        state.mode = BAD;
+        break;
+      }
+//#endif
+      //Tracev((stderr, "inflate:       table sizes ok\n"));
+      state.have = 0;
+      state.mode = LENLENS;
+      /* falls through */
+    case LENLENS:
+      while (state.have < state.ncode) {
+        //=== NEEDBITS(3);
+        while (bits < 3) {
+          if (have === 0) { break inf_leave; }
+          have--;
+          hold += input[next++] << bits;
+          bits += 8;
+        }
+        //===//
+        state.lens[order[state.have++]] = (hold & 0x07);//BITS(3);
+        //--- DROPBITS(3) ---//
+        hold >>>= 3;
+        bits -= 3;
+        //---//
+      }
+      while (state.have < 19) {
+        state.lens[order[state.have++]] = 0;
+      }
+      // We have separate tables & no pointers. 2 commented lines below not needed.
+      //state.next = state.codes;
+      //state.lencode = state.next;
+      // Switch to use dynamic table
+      state.lencode = state.lendyn;
+      state.lenbits = 7;
+
+      opts = { bits: state.lenbits };
+      ret = inflate_table(CODES, state.lens, 0, 19, state.lencode, 0, state.work, opts);
+      state.lenbits = opts.bits;
+
+      if (ret) {
+        strm.msg = 'invalid code lengths set';
+        state.mode = BAD;
+        break;
+      }
+      //Tracev((stderr, "inflate:       code lengths ok\n"));
+      state.have = 0;
+      state.mode = CODELENS;
+      /* falls through */
+    case CODELENS:
+      while (state.have < state.nlen + state.ndist) {
+        for (;;) {
+          here = state.lencode[hold & ((1 << state.lenbits) - 1)];/*BITS(state.lenbits)*/
+          here_bits = here >>> 24;
+          here_op = (here >>> 16) & 0xff;
+          here_val = here & 0xffff;
+
+          if ((here_bits) <= bits) { break; }
+          //--- PULLBYTE() ---//
+          if (have === 0) { break inf_leave; }
+          have--;
+          hold += input[next++] << bits;
+          bits += 8;
+          //---//
+        }
+        if (here_val < 16) {
+          //--- DROPBITS(here.bits) ---//
+          hold >>>= here_bits;
+          bits -= here_bits;
+          //---//
+          state.lens[state.have++] = here_val;
+        }
+        else {
+          if (here_val === 16) {
+            //=== NEEDBITS(here.bits + 2);
+            n = here_bits + 2;
+            while (bits < n) {
+              if (have === 0) { break inf_leave; }
+              have--;
+              hold += input[next++] << bits;
+              bits += 8;
+            }
+            //===//
+            //--- DROPBITS(here.bits) ---//
+            hold >>>= here_bits;
+            bits -= here_bits;
+            //---//
+            if (state.have === 0) {
+              strm.msg = 'invalid bit length repeat';
+              state.mode = BAD;
+              break;
+            }
+            len = state.lens[state.have - 1];
+            copy = 3 + (hold & 0x03);//BITS(2);
+            //--- DROPBITS(2) ---//
+            hold >>>= 2;
+            bits -= 2;
+            //---//
+          }
+          else if (here_val === 17) {
+            //=== NEEDBITS(here.bits + 3);
+            n = here_bits + 3;
+            while (bits < n) {
+              if (have === 0) { break inf_leave; }
+              have--;
+              hold += input[next++] << bits;
+              bits += 8;
+            }
+            //===//
+            //--- DROPBITS(here.bits) ---//
+            hold >>>= here_bits;
+            bits -= here_bits;
+            //---//
+            len = 0;
+            copy = 3 + (hold & 0x07);//BITS(3);
+            //--- DROPBITS(3) ---//
+            hold >>>= 3;
+            bits -= 3;
+            //---//
+          }
+          else {
+            //=== NEEDBITS(here.bits + 7);
+            n = here_bits + 7;
+            while (bits < n) {
+              if (have === 0) { break inf_leave; }
+              have--;
+              hold += input[next++] << bits;
+              bits += 8;
+            }
+            //===//
+            //--- DROPBITS(here.bits) ---//
+            hold >>>= here_bits;
+            bits -= here_bits;
+            //---//
+            len = 0;
+            copy = 11 + (hold & 0x7f);//BITS(7);
+            //--- DROPBITS(7) ---//
+            hold >>>= 7;
+            bits -= 7;
+            //---//
+          }
+          if (state.have + copy > state.nlen + state.ndist) {
+            strm.msg = 'invalid bit length repeat';
+            state.mode = BAD;
+            break;
+          }
+          while (copy--) {
+            state.lens[state.have++] = len;
+          }
+        }
+      }
+
+      /* handle error breaks in while */
+      if (state.mode === BAD) { break; }
+
+      /* check for end-of-block code (better have one) */
+      if (state.lens[256] === 0) {
+        strm.msg = 'invalid code -- missing end-of-block';
+        state.mode = BAD;
+        break;
+      }
+
+      /* build code tables -- note: do not change the lenbits or distbits
+         values here (9 and 6) without reading the comments in inftrees.h
+         concerning the ENOUGH constants, which depend on those values */
+      state.lenbits = 9;
+
+      opts = { bits: state.lenbits };
+      ret = inflate_table(LENS, state.lens, 0, state.nlen, state.lencode, 0, state.work, opts);
+      // We have separate tables & no pointers. 2 commented lines below not needed.
+      // state.next_index = opts.table_index;
+      state.lenbits = opts.bits;
+      // state.lencode = state.next;
+
+      if (ret) {
+        strm.msg = 'invalid literal/lengths set';
+        state.mode = BAD;
+        break;
+      }
+
+      state.distbits = 6;
+      //state.distcode.copy(state.codes);
+      // Switch to use dynamic table
+      state.distcode = state.distdyn;
+      opts = { bits: state.distbits };
+      ret = inflate_table(DISTS, state.lens, state.nlen, state.ndist, state.distcode, 0, state.work, opts);
+      // We have separate tables & no pointers. 2 commented lines below not needed.
+      // state.next_index = opts.table_index;
+      state.distbits = opts.bits;
+      // state.distcode = state.next;
+
+      if (ret) {
+        strm.msg = 'invalid distances set';
+        state.mode = BAD;
+        break;
+      }
+      //Tracev((stderr, 'inflate:       codes ok\n'));
+      state.mode = LEN_;
+      if (flush === Z_TREES) { break inf_leave; }
+      /* falls through */
+    case LEN_:
+      state.mode = LEN;
+      /* falls through */
+    case LEN:
+      if (have >= 6 && left >= 258) {
+        //--- RESTORE() ---
+        strm.next_out = put;
+        strm.avail_out = left;
+        strm.next_in = next;
+        strm.avail_in = have;
+        state.hold = hold;
+        state.bits = bits;
+        //---
+        inflate_fast(strm, _out);
+        //--- LOAD() ---
+        put = strm.next_out;
+        output = strm.output;
+        left = strm.avail_out;
+        next = strm.next_in;
+        input = strm.input;
+        have = strm.avail_in;
+        hold = state.hold;
+        bits = state.bits;
+        //---
+
+        if (state.mode === TYPE) {
+          state.back = -1;
+        }
+        break;
+      }
+      state.back = 0;
+      for (;;) {
+        here = state.lencode[hold & ((1 << state.lenbits) - 1)];  /*BITS(state.lenbits)*/
+        here_bits = here >>> 24;
+        here_op = (here >>> 16) & 0xff;
+        here_val = here & 0xffff;
+
+        if (here_bits <= bits) { break; }
+        //--- PULLBYTE() ---//
+        if (have === 0) { break inf_leave; }
+        have--;
+        hold += input[next++] << bits;
+        bits += 8;
+        //---//
+      }
+      if (here_op && (here_op & 0xf0) === 0) {
+        last_bits = here_bits;
+        last_op = here_op;
+        last_val = here_val;
+        for (;;) {
+          here = state.lencode[last_val +
+                  ((hold & ((1 << (last_bits + last_op)) - 1))/*BITS(last.bits + last.op)*/ >> last_bits)];
+          here_bits = here >>> 24;
+          here_op = (here >>> 16) & 0xff;
+          here_val = here & 0xffff;
+
+          if ((last_bits + here_bits) <= bits) { break; }
+          //--- PULLBYTE() ---//
+          if (have === 0) { break inf_leave; }
+          have--;
+          hold += input[next++] << bits;
+          bits += 8;
+          //---//
+        }
+        //--- DROPBITS(last.bits) ---//
+        hold >>>= last_bits;
+        bits -= last_bits;
+        //---//
+        state.back += last_bits;
+      }
+      //--- DROPBITS(here.bits) ---//
+      hold >>>= here_bits;
+      bits -= here_bits;
+      //---//
+      state.back += here_bits;
+      state.length = here_val;
+      if (here_op === 0) {
+        //Tracevv((stderr, here.val >= 0x20 && here.val < 0x7f ?
+        //        "inflate:         literal '%c'\n" :
+        //        "inflate:         literal 0x%02x\n", here.val));
+        state.mode = LIT;
+        break;
+      }
+      if (here_op & 32) {
+        //Tracevv((stderr, "inflate:         end of block\n"));
+        state.back = -1;
+        state.mode = TYPE;
+        break;
+      }
+      if (here_op & 64) {
+        strm.msg = 'invalid literal/length code';
+        state.mode = BAD;
+        break;
+      }
+      state.extra = here_op & 15;
+      state.mode = LENEXT;
+      /* falls through */
+    case LENEXT:
+      if (state.extra) {
+        //=== NEEDBITS(state.extra);
+        n = state.extra;
+        while (bits < n) {
+          if (have === 0) { break inf_leave; }
+          have--;
+          hold += input[next++] << bits;
+          bits += 8;
+        }
+        //===//
+        state.length += hold & ((1 << state.extra) - 1)/*BITS(state.extra)*/;
+        //--- DROPBITS(state.extra) ---//
+        hold >>>= state.extra;
+        bits -= state.extra;
+        //---//
+        state.back += state.extra;
+      }
+      //Tracevv((stderr, "inflate:         length %u\n", state.length));
+      state.was = state.length;
+      state.mode = DIST;
+      /* falls through */
+    case DIST:
+      for (;;) {
+        here = state.distcode[hold & ((1 << state.distbits) - 1)];/*BITS(state.distbits)*/
+        here_bits = here >>> 24;
+        here_op = (here >>> 16) & 0xff;
+        here_val = here & 0xffff;
+
+        if ((here_bits) <= bits) { break; }
+        //--- PULLBYTE() ---//
+        if (have === 0) { break inf_leave; }
+        have--;
+        hold += input[next++] << bits;
+        bits += 8;
+        //---//
+      }
+      if ((here_op & 0xf0) === 0) {
+        last_bits = here_bits;
+        last_op = here_op;
+        last_val = here_val;
+        for (;;) {
+          here = state.distcode[last_val +
+                  ((hold & ((1 << (last_bits + last_op)) - 1))/*BITS(last.bits + last.op)*/ >> last_bits)];
+          here_bits = here >>> 24;
+          here_op = (here >>> 16) & 0xff;
+          here_val = here & 0xffff;
+
+          if ((last_bits + here_bits) <= bits) { break; }
+          //--- PULLBYTE() ---//
+          if (have === 0) { break inf_leave; }
+          have--;
+          hold += input[next++] << bits;
+          bits += 8;
+          //---//
+        }
+        //--- DROPBITS(last.bits) ---//
+        hold >>>= last_bits;
+        bits -= last_bits;
+        //---//
+        state.back += last_bits;
+      }
+      //--- DROPBITS(here.bits) ---//
+      hold >>>= here_bits;
+      bits -= here_bits;
+      //---//
+      state.back += here_bits;
+      if (here_op & 64) {
+        strm.msg = 'invalid distance code';
+        state.mode = BAD;
+        break;
+      }
+      state.offset = here_val;
+      state.extra = (here_op) & 15;
+      state.mode = DISTEXT;
+      /* falls through */
+    case DISTEXT:
+      if (state.extra) {
+        //=== NEEDBITS(state.extra);
+        n = state.extra;
+        while (bits < n) {
+          if (have === 0) { break inf_leave; }
+          have--;
+          hold += input[next++] << bits;
+          bits += 8;
+        }
+        //===//
+        state.offset += hold & ((1 << state.extra) - 1)/*BITS(state.extra)*/;
+        //--- DROPBITS(state.extra) ---//
+        hold >>>= state.extra;
+        bits -= state.extra;
+        //---//
+        state.back += state.extra;
+      }
+//#ifdef INFLATE_STRICT
+      if (state.offset > state.dmax) {
+        strm.msg = 'invalid distance too far back';
+        state.mode = BAD;
+        break;
+      }
+//#endif
+      //Tracevv((stderr, "inflate:         distance %u\n", state.offset));
+      state.mode = MATCH;
+      /* falls through */
+    case MATCH:
+      if (left === 0) { break inf_leave; }
+      copy = _out - left;
+      if (state.offset > copy) {         /* copy from window */
+        copy = state.offset - copy;
+        if (copy > state.whave) {
+          if (state.sane) {
+            strm.msg = 'invalid distance too far back';
+            state.mode = BAD;
+            break;
+          }
+// (!) This block is disabled in zlib defailts,
+// don't enable it for binary compatibility
+//#ifdef INFLATE_ALLOW_INVALID_DISTANCE_TOOFAR_ARRR
+//          Trace((stderr, "inflate.c too far\n"));
+//          copy -= state.whave;
+//          if (copy > state.length) { copy = state.length; }
+//          if (copy > left) { copy = left; }
+//          left -= copy;
+//          state.length -= copy;
+//          do {
+//            output[put++] = 0;
+//          } while (--copy);
+//          if (state.length === 0) { state.mode = LEN; }
+//          break;
+//#endif
+        }
+        if (copy > state.wnext) {
+          copy -= state.wnext;
+          from = state.wsize - copy;
+        }
+        else {
+          from = state.wnext - copy;
+        }
+        if (copy > state.length) { copy = state.length; }
+        from_source = state.window;
+      }
+      else {                              /* copy from output */
+        from_source = output;
+        from = put - state.offset;
+        copy = state.length;
+      }
+      if (copy > left) { copy = left; }
+      left -= copy;
+      state.length -= copy;
+      do {
+        output[put++] = from_source[from++];
+      } while (--copy);
+      if (state.length === 0) { state.mode = LEN; }
+      break;
+    case LIT:
+      if (left === 0) { break inf_leave; }
+      output[put++] = state.length;
+      left--;
+      state.mode = LEN;
+      break;
+    case CHECK:
+      if (state.wrap) {
+        //=== NEEDBITS(32);
+        while (bits < 32) {
+          if (have === 0) { break inf_leave; }
+          have--;
+          // Use '|' insdead of '+' to make sure that result is signed
+          hold |= input[next++] << bits;
+          bits += 8;
+        }
+        //===//
+        _out -= left;
+        strm.total_out += _out;
+        state.total += _out;
+        if (_out) {
+          strm.adler = state.check =
+              /*UPDATE(state.check, put - _out, _out);*/
+              (state.flags ? crc32(state.check, output, _out, put - _out) : adler32(state.check, output, _out, put - _out));
+
+        }
+        _out = left;
+        // NB: crc32 stored as signed 32-bit int, zswap32 returns signed too
+        if ((state.flags ? hold : zswap32(hold)) !== state.check) {
+          strm.msg = 'incorrect data check';
+          state.mode = BAD;
+          break;
+        }
+        //=== INITBITS();
+        hold = 0;
+        bits = 0;
+        //===//
+        //Tracev((stderr, "inflate:   check matches trailer\n"));
+      }
+      state.mode = LENGTH;
+      /* falls through */
+    case LENGTH:
+      if (state.wrap && state.flags) {
+        //=== NEEDBITS(32);
+        while (bits < 32) {
+          if (have === 0) { break inf_leave; }
+          have--;
+          hold += input[next++] << bits;
+          bits += 8;
+        }
+        //===//
+        if (hold !== (state.total & 0xffffffff)) {
+          strm.msg = 'incorrect length check';
+          state.mode = BAD;
+          break;
+        }
+        //=== INITBITS();
+        hold = 0;
+        bits = 0;
+        //===//
+        //Tracev((stderr, "inflate:   length matches trailer\n"));
+      }
+      state.mode = DONE;
+      /* falls through */
+    case DONE:
+      ret = Z_STREAM_END;
+      break inf_leave;
+    case BAD:
+      ret = Z_DATA_ERROR;
+      break inf_leave;
+    case MEM:
+      return Z_MEM_ERROR;
+    case SYNC:
+      /* falls through */
+    default:
+      return Z_STREAM_ERROR;
+    }
+  }
+
+  // inf_leave <- here is real place for "goto inf_leave", emulated via "break inf_leave"
+
+  /*
+     Return from inflate(), updating the total counts and the check value.
+     If there was no progress during the inflate() call, return a buffer
+     error.  Call updatewindow() to create and/or update the window state.
+     Note: a memory error from inflate() is non-recoverable.
+   */
+
+  //--- RESTORE() ---
+  strm.next_out = put;
+  strm.avail_out = left;
+  strm.next_in = next;
+  strm.avail_in = have;
+  state.hold = hold;
+  state.bits = bits;
+  //---
+
+  if (state.wsize || (_out !== strm.avail_out && state.mode < BAD &&
+                      (state.mode < CHECK || flush !== Z_FINISH))) {
+    if (updatewindow(strm, strm.output, strm.next_out, _out - strm.avail_out)) {
+      state.mode = MEM;
+      return Z_MEM_ERROR;
+    }
+  }
+  _in -= strm.avail_in;
+  _out -= strm.avail_out;
+  strm.total_in += _in;
+  strm.total_out += _out;
+  state.total += _out;
+  if (state.wrap && _out) {
+    strm.adler = state.check = /*UPDATE(state.check, strm.next_out - _out, _out);*/
+      (state.flags ? crc32(state.check, output, _out, strm.next_out - _out) : adler32(state.check, output, _out, strm.next_out - _out));
+  }
+  strm.data_type = state.bits + (state.last ? 64 : 0) +
+                    (state.mode === TYPE ? 128 : 0) +
+                    (state.mode === LEN_ || state.mode === COPY_ ? 256 : 0);
+  if (((_in === 0 && _out === 0) || flush === Z_FINISH) && ret === Z_OK) {
+    ret = Z_BUF_ERROR;
+  }
+  return ret;
+}
+
+function inflateEnd(strm) {
+
+  if (!strm || !strm.state /*|| strm->zfree == (free_func)0*/) {
+    return Z_STREAM_ERROR;
+  }
+
+  var state = strm.state;
+  if (state.window) {
+    state.window = null;
+  }
+  strm.state = null;
+  return Z_OK;
+}
+
+function inflateGetHeader(strm, head) {
+  var state;
+
+  /* check state */
+  if (!strm || !strm.state) { return Z_STREAM_ERROR; }
+  state = strm.state;
+  if ((state.wrap & 2) === 0) { return Z_STREAM_ERROR; }
+
+  /* save header structure */
+  state.head = head;
+  head.done = false;
+  return Z_OK;
+}
+
+function inflateSetDictionary(strm, dictionary) {
+  var dictLength = dictionary.length;
+
+  var state;
+  var dictid;
+  var ret;
+
+  /* check state */
+  if (!strm /* == Z_NULL */ || !strm.state /* == Z_NULL */) { return Z_STREAM_ERROR; }
+  state = strm.state;
+
+  if (state.wrap !== 0 && state.mode !== DICT) {
+    return Z_STREAM_ERROR;
+  }
+
+  /* check for correct dictionary identifier */
+  if (state.mode === DICT) {
+    dictid = 1; /* adler32(0, null, 0)*/
+    /* dictid = adler32(dictid, dictionary, dictLength); */
+    dictid = adler32(dictid, dictionary, dictLength, 0);
+    if (dictid !== state.check) {
+      return Z_DATA_ERROR;
+    }
+  }
+  /* copy dictionary to window using updatewindow(), which will amend the
+   existing dictionary if appropriate */
+  ret = updatewindow(strm, dictionary, dictLength, dictLength);
+  if (ret) {
+    state.mode = MEM;
+    return Z_MEM_ERROR;
+  }
+  state.havedict = 1;
+  // Tracev((stderr, "inflate:   dictionary set\n"));
+  return Z_OK;
+}
+
+exports.inflateReset = inflateReset;
+exports.inflateReset2 = inflateReset2;
+exports.inflateResetKeep = inflateResetKeep;
+exports.inflateInit = inflateInit;
+exports.inflateInit2 = inflateInit2;
+exports.inflate = inflate;
+exports.inflateEnd = inflateEnd;
+exports.inflateGetHeader = inflateGetHeader;
+exports.inflateSetDictionary = inflateSetDictionary;
+exports.inflateInfo = 'pako inflate (from Nodeca project)';
+
+/* Not implemented
+exports.inflateCopy = inflateCopy;
+exports.inflateGetDictionary = inflateGetDictionary;
+exports.inflateMark = inflateMark;
+exports.inflatePrime = inflatePrime;
+exports.inflateSync = inflateSync;
+exports.inflateSyncPoint = inflateSyncPoint;
+exports.inflateUndermine = inflateUndermine;
+*/
+
+},{"../utils/common":1,"./adler32":3,"./crc32":5,"./inffast":7,"./inftrees":9}],9:[function(require,module,exports){
+'use strict';
+
+// (C) 1995-2013 Jean-loup Gailly and Mark Adler
+// (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin
+//
+// This software is provided 'as-is', without any express or implied
+// warranty. In no event will the authors be held liable for any damages
+// arising from the use of this software.
+//
+// Permission is granted to anyone to use this software for any purpose,
+// including commercial applications, and to alter it and redistribute it
+// freely, subject to the following restrictions:
+//
+// 1. The origin of this software must not be misrepresented; you must not
+//   claim that you wrote the original software. If you use this software
+//   in a product, an acknowledgment in the product documentation would be
+//   appreciated but is not required.
+// 2. Altered source versions must be plainly marked as such, and must not be
+//   misrepresented as being the original software.
+// 3. This notice may not be removed or altered from any source distribution.
+
+var utils = require('../utils/common');
+
+var MAXBITS = 15;
+var ENOUGH_LENS = 852;
+var ENOUGH_DISTS = 592;
+//var ENOUGH = (ENOUGH_LENS+ENOUGH_DISTS);
+
+var CODES = 0;
+var LENS = 1;
+var DISTS = 2;
+
+var lbase = [ /* Length codes 257..285 base */
+  3, 4, 5, 6, 7, 8, 9, 10, 11, 13, 15, 17, 19, 23, 27, 31,
+  35, 43, 51, 59, 67, 83, 99, 115, 131, 163, 195, 227, 258, 0, 0
+];
+
+var lext = [ /* Length codes 257..285 extra */
+  16, 16, 16, 16, 16, 16, 16, 16, 17, 17, 17, 17, 18, 18, 18, 18,
+  19, 19, 19, 19, 20, 20, 20, 20, 21, 21, 21, 21, 16, 72, 78
+];
+
+var dbase = [ /* Distance codes 0..29 base */
+  1, 2, 3, 4, 5, 7, 9, 13, 17, 25, 33, 49, 65, 97, 129, 193,
+  257, 385, 513, 769, 1025, 1537, 2049, 3073, 4097, 6145,
+  8193, 12289, 16385, 24577, 0, 0
+];
+
+var dext = [ /* Distance codes 0..29 extra */
+  16, 16, 16, 16, 17, 17, 18, 18, 19, 19, 20, 20, 21, 21, 22, 22,
+  23, 23, 24, 24, 25, 25, 26, 26, 27, 27,
+  28, 28, 29, 29, 64, 64
+];
+
+module.exports = function inflate_table(type, lens, lens_index, codes, table, table_index, work, opts)
+{
+  var bits = opts.bits;
+      //here = opts.here; /* table entry for duplication */
+
+  var len = 0;               /* a code's length in bits */
+  var sym = 0;               /* index of code symbols */
+  var min = 0, max = 0;          /* minimum and maximum code lengths */
+  var root = 0;              /* number of index bits for root table */
+  var curr = 0;              /* number of index bits for current table */
+  var drop = 0;              /* code bits to drop for sub-table */
+  var left = 0;                   /* number of prefix codes available */
+  var used = 0;              /* code entries in table used */
+  var huff = 0;              /* Huffman code */
+  var incr;              /* for incrementing code, index */
+  var fill;              /* index for replicating entries */
+  var low;               /* low bits for current root entry */
+  var mask;              /* mask for low root bits */
+  var next;             /* next available space in table */
+  var base = null;     /* base value table to use */
+  var base_index = 0;
+//  var shoextra;    /* extra bits table to use */
+  var end;                    /* use base and extra for symbol > end */
+  var count = new utils.Buf16(MAXBITS + 1); //[MAXBITS+1];    /* number of codes of each length */
+  var offs = new utils.Buf16(MAXBITS + 1); //[MAXBITS+1];     /* offsets in table for each length */
+  var extra = null;
+  var extra_index = 0;
+
+  var here_bits, here_op, here_val;
+
+  /*
+   Process a set of code lengths to create a canonical Huffman code.  The
+   code lengths are lens[0..codes-1].  Each length corresponds to the
+   symbols 0..codes-1.  The Huffman code is generated by first sorting the
+   symbols by length from short to long, and retaining the symbol order
+   for codes with equal lengths.  Then the code starts with all zero bits
+   for the first code of the shortest length, and the codes are integer
+   increments for the same length, and zeros are appended as the length
+   increases.  For the deflate format, these bits are stored backwards
+   from their more natural integer increment ordering, and so when the
+   decoding tables are built in the large loop below, the integer codes
+   are incremented backwards.
+
+   This routine assumes, but does not check, that all of the entries in
+   lens[] are in the range 0..MAXBITS.  The caller must assure this.
+   1..MAXBITS is interpreted as that code length.  zero means that that
+   symbol does not occur in this code.
+
+   The codes are sorted by computing a count of codes for each length,
+   creating from that a table of starting indices for each length in the
+   sorted table, and then entering the symbols in order in the sorted
+   table.  The sorted table is work[], with that space being provided by
+   the caller.
+
+   The length counts are used for other purposes as well, i.e. finding
+   the minimum and maximum length codes, determining if there are any
+   codes at all, checking for a valid set of lengths, and looking ahead
+   at length counts to determine sub-table sizes when building the
+   decoding tables.
+   */
+
+  /* accumulate lengths for codes (assumes lens[] all in 0..MAXBITS) */
+  for (len = 0; len <= MAXBITS; len++) {
+    count[len] = 0;
+  }
+  for (sym = 0; sym < codes; sym++) {
+    count[lens[lens_index + sym]]++;
+  }
+
+  /* bound code lengths, force root to be within code lengths */
+  root = bits;
+  for (max = MAXBITS; max >= 1; max--) {
+    if (count[max] !== 0) { break; }
+  }
+  if (root > max) {
+    root = max;
+  }
+  if (max === 0) {                     /* no symbols to code at all */
+    //table.op[opts.table_index] = 64;  //here.op = (var char)64;    /* invalid code marker */
+    //table.bits[opts.table_index] = 1;   //here.bits = (var char)1;
+    //table.val[opts.table_index++] = 0;   //here.val = (var short)0;
+    table[table_index++] = (1 << 24) | (64 << 16) | 0;
+
+
+    //table.op[opts.table_index] = 64;
+    //table.bits[opts.table_index] = 1;
+    //table.val[opts.table_index++] = 0;
+    table[table_index++] = (1 << 24) | (64 << 16) | 0;
+
+    opts.bits = 1;
+    return 0;     /* no symbols, but wait for decoding to report error */
+  }
+  for (min = 1; min < max; min++) {
+    if (count[min] !== 0) { break; }
+  }
+  if (root < min) {
+    root = min;
+  }
+
+  /* check for an over-subscribed or incomplete set of lengths */
+  left = 1;
+  for (len = 1; len <= MAXBITS; len++) {
+    left <<= 1;
+    left -= count[len];
+    if (left < 0) {
+      return -1;
+    }        /* over-subscribed */
+  }
+  if (left > 0 && (type === CODES || max !== 1)) {
+    return -1;                      /* incomplete set */
+  }
+
+  /* generate offsets into symbol table for each length for sorting */
+  offs[1] = 0;
+  for (len = 1; len < MAXBITS; len++) {
+    offs[len + 1] = offs[len] + count[len];
+  }
+
+  /* sort symbols by length, by symbol order within each length */
+  for (sym = 0; sym < codes; sym++) {
+    if (lens[lens_index + sym] !== 0) {
+      work[offs[lens[lens_index + sym]]++] = sym;
+    }
+  }
+
+  /*
+   Create and fill in decoding tables.  In this loop, the table being
+   filled is at next and has curr index bits.  The code being used is huff
+   with length len.  That code is converted to an index by dropping drop
+   bits off of the bottom.  For codes where len is less than drop + curr,
+   those top drop + curr - len bits are incremented through all values to
+   fill the table with replicated entries.
+
+   root is the number of index bits for the root table.  When len exceeds
+   root, sub-tables are created pointed to by the root entry with an index
+   of the low root bits of huff.  This is saved in low to check for when a
+   new sub-table should be started.  drop is zero when the root table is
+   being filled, and drop is root when sub-tables are being filled.
+
+   When a new sub-table is needed, it is necessary to look ahead in the
+   code lengths to determine what size sub-table is needed.  The length
+   counts are used for this, and so count[] is decremented as codes are
+   entered in the tables.
+
+   used keeps track of how many table entries have been allocated from the
+   provided *table space.  It is checked for LENS and DIST tables against
+   the constants ENOUGH_LENS and ENOUGH_DISTS to guard against changes in
+   the initial root table size constants.  See the comments in inftrees.h
+   for more information.
+
+   sym increments through all symbols, and the loop terminates when
+   all codes of length max, i.e. all codes, have been processed.  This
+   routine permits incomplete codes, so another loop after this one fills
+   in the rest of the decoding tables with invalid code markers.
+   */
+
+  /* set up for code type */
+  // poor man optimization - use if-else instead of switch,
+  // to avoid deopts in old v8
+  if (type === CODES) {
+    base = extra = work;    /* dummy value--not used */
+    end = 19;
+
+  } else if (type === LENS) {
+    base = lbase;
+    base_index -= 257;
+    extra = lext;
+    extra_index -= 257;
+    end = 256;
+
+  } else {                    /* DISTS */
+    base = dbase;
+    extra = dext;
+    end = -1;
+  }
+
+  /* initialize opts for loop */
+  huff = 0;                   /* starting code */
+  sym = 0;                    /* starting code symbol */
+  len = min;                  /* starting code length */
+  next = table_index;              /* current table to fill in */
+  curr = root;                /* current table index bits */
+  drop = 0;                   /* current bits to drop from code for index */
+  low = -1;                   /* trigger new sub-table when len > root */
+  used = 1 << root;          /* use root table entries */
+  mask = used - 1;            /* mask for comparing low */
+
+  /* check available table space */
+  if ((type === LENS && used > ENOUGH_LENS) ||
+    (type === DISTS && used > ENOUGH_DISTS)) {
+    return 1;
+  }
+
+  /* process all codes and make table entries */
+  for (;;) {
+    /* create table entry */
+    here_bits = len - drop;
+    if (work[sym] < end) {
+      here_op = 0;
+      here_val = work[sym];
+    }
+    else if (work[sym] > end) {
+      here_op = extra[extra_index + work[sym]];
+      here_val = base[base_index + work[sym]];
+    }
+    else {
+      here_op = 32 + 64;         /* end of block */
+      here_val = 0;
+    }
+
+    /* replicate for those indices with low len bits equal to huff */
+    incr = 1 << (len - drop);
+    fill = 1 << curr;
+    min = fill;                 /* save offset to next table */
+    do {
+      fill -= incr;
+      table[next + (huff >> drop) + fill] = (here_bits << 24) | (here_op << 16) | here_val |0;
+    } while (fill !== 0);
+
+    /* backwards increment the len-bit code huff */
+    incr = 1 << (len - 1);
+    while (huff & incr) {
+      incr >>= 1;
+    }
+    if (incr !== 0) {
+      huff &= incr - 1;
+      huff += incr;
+    } else {
+      huff = 0;
+    }
+
+    /* go to next symbol, update count, len */
+    sym++;
+    if (--count[len] === 0) {
+      if (len === max) { break; }
+      len = lens[lens_index + work[sym]];
+    }
+
+    /* create new sub-table if needed */
+    if (len > root && (huff & mask) !== low) {
+      /* if first time, transition to sub-tables */
+      if (drop === 0) {
+        drop = root;
+      }
+
+      /* increment past last table */
+      next += min;            /* here min is 1 << curr */
+
+      /* determine length of next table */
+      curr = len - drop;
+      left = 1 << curr;
+      while (curr + drop < max) {
+        left -= count[curr + drop];
+        if (left <= 0) { break; }
+        curr++;
+        left <<= 1;
+      }
+
+      /* check for enough space */
+      used += 1 << curr;
+      if ((type === LENS && used > ENOUGH_LENS) ||
+        (type === DISTS && used > ENOUGH_DISTS)) {
+        return 1;
+      }
+
+      /* point entry in root table to sub-table */
+      low = huff & mask;
+      /*table.op[low] = curr;
+      table.bits[low] = root;
+      table.val[low] = next - opts.table_index;*/
+      table[low] = (root << 24) | (curr << 16) | (next - table_index) |0;
+    }
+  }
+
+  /* fill in remaining table entry if code is incomplete (guaranteed to have
+   at most one remaining entry, since if the code is incomplete, the
+   maximum code length that was allowed to get this far is one bit) */
+  if (huff !== 0) {
+    //table.op[next + huff] = 64;            /* invalid code marker */
+    //table.bits[next + huff] = len - drop;
+    //table.val[next + huff] = 0;
+    table[next + huff] = ((len - drop) << 24) | (64 << 16) |0;
+  }
+
+  /* set return parameters */
+  //opts.table_index += used;
+  opts.bits = root;
+  return 0;
+};
+
+},{"../utils/common":1}],10:[function(require,module,exports){
+'use strict';
+
+// (C) 1995-2013 Jean-loup Gailly and Mark Adler
+// (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin
+//
+// This software is provided 'as-is', without any express or implied
+// warranty. In no event will the authors be held liable for any damages
+// arising from the use of this software.
+//
+// Permission is granted to anyone to use this software for any purpose,
+// including commercial applications, and to alter it and redistribute it
+// freely, subject to the following restrictions:
+//
+// 1. The origin of this software must not be misrepresented; you must not
+//   claim that you wrote the original software. If you use this software
+//   in a product, an acknowledgment in the product documentation would be
+//   appreciated but is not required.
+// 2. Altered source versions must be plainly marked as such, and must not be
+//   misrepresented as being the original software.
+// 3. This notice may not be removed or altered from any source distribution.
+
+module.exports = {
+  2:      'need dictionary',     /* Z_NEED_DICT       2  */
+  1:      'stream end',          /* Z_STREAM_END      1  */
+  0:      '',                    /* Z_OK              0  */
+  '-1':   'file error',          /* Z_ERRNO         (-1) */
+  '-2':   'stream error',        /* Z_STREAM_ERROR  (-2) */
+  '-3':   'data error',          /* Z_DATA_ERROR    (-3) */
+  '-4':   'insufficient memory', /* Z_MEM_ERROR     (-4) */
+  '-5':   'buffer error',        /* Z_BUF_ERROR     (-5) */
+  '-6':   'incompatible version' /* Z_VERSION_ERROR (-6) */
+};
+
+},{}],11:[function(require,module,exports){
+'use strict';
+
+// (C) 1995-2013 Jean-loup Gailly and Mark Adler
+// (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin
+//
+// This software is provided 'as-is', without any express or implied
+// warranty. In no event will the authors be held liable for any damages
+// arising from the use of this software.
+//
+// Permission is granted to anyone to use this software for any purpose,
+// including commercial applications, and to alter it and redistribute it
+// freely, subject to the following restrictions:
+//
+// 1. The origin of this software must not be misrepresented; you must not
+//   claim that you wrote the original software. If you use this software
+//   in a product, an acknowledgment in the product documentation would be
+//   appreciated but is not required.
+// 2. Altered source versions must be plainly marked as such, and must not be
+//   misrepresented as being the original software.
+// 3. This notice may not be removed or altered from any source distribution.
+
+function ZStream() {
+  /* next input byte */
+  this.input = null; // JS specific, because we have no pointers
+  this.next_in = 0;
+  /* number of bytes available at input */
+  this.avail_in = 0;
+  /* total number of input bytes read so far */
+  this.total_in = 0;
+  /* next output byte should be put there */
+  this.output = null; // JS specific, because we have no pointers
+  this.next_out = 0;
+  /* remaining free space at output */
+  this.avail_out = 0;
+  /* total number of bytes output so far */
+  this.total_out = 0;
+  /* last error message, NULL if no error */
+  this.msg = ''/*Z_NULL*/;
+  /* not visible by applications */
+  this.state = null;
+  /* best guess about the data type: binary or text */
+  this.data_type = 2/*Z_UNKNOWN*/;
+  /* adler32 value of the uncompressed data */
+  this.adler = 0;
+}
+
+module.exports = ZStream;
+
+},{}],"/lib/inflate.js":[function(require,module,exports){
+'use strict';
+
+
+var zlib_inflate = require('./zlib/inflate');
+var utils        = require('./utils/common');
+var strings      = require('./utils/strings');
+var c            = require('./zlib/constants');
+var msg          = require('./zlib/messages');
+var ZStream      = require('./zlib/zstream');
+var GZheader     = require('./zlib/gzheader');
+
+var toString = Object.prototype.toString;
+
+/**
+ * class Inflate
+ *
+ * Generic JS-style wrapper for zlib calls. If you don't need
+ * streaming behaviour - use more simple functions: [[inflate]]
+ * and [[inflateRaw]].
+ **/
+
+/* internal
+ * inflate.chunks -> Array
+ *
+ * Chunks of output data, if [[Inflate#onData]] not overriden.
+ **/
+
+/**
+ * Inflate.result -> Uint8Array|Array|String
+ *
+ * Uncompressed result, generated by default [[Inflate#onData]]
+ * and [[Inflate#onEnd]] handlers. Filled after you push last chunk
+ * (call [[Inflate#push]] with `Z_FINISH` / `true` param) or if you
+ * push a chunk with explicit flush (call [[Inflate#push]] with
+ * `Z_SYNC_FLUSH` param).
+ **/
+
+/**
+ * Inflate.err -> Number
+ *
+ * Error code after inflate finished. 0 (Z_OK) on success.
+ * Should be checked if broken data possible.
+ **/
+
+/**
+ * Inflate.msg -> String
+ *
+ * Error message, if [[Inflate.err]] != 0
+ **/
+
+
+/**
+ * new Inflate(options)
+ * - options (Object): zlib inflate options.
+ *
+ * Creates new inflator instance with specified params. Throws exception
+ * on bad params. Supported options:
+ *
+ * - `windowBits`
+ * - `dictionary`
+ *
+ * [http://zlib.net/manual.html#Advanced](http://zlib.net/manual.html#Advanced)
+ * for more information on these.
+ *
+ * Additional options, for internal needs:
+ *
+ * - `chunkSize` - size of generated data chunks (16K by default)
+ * - `raw` (Boolean) - do raw inflate
+ * - `to` (String) - if equal to 'string', then result will be converted
+ *   from utf8 to utf16 (javascript) string. When string output requested,
+ *   chunk length can differ from `chunkSize`, depending on content.
+ *
+ * By default, when no options set, autodetect deflate/gzip data format via
+ * wrapper header.
+ *
+ * ##### Example:
+ *
+ * ```javascript
+ * var pako = require('pako')
+ *   , chunk1 = Uint8Array([1,2,3,4,5,6,7,8,9])
+ *   , chunk2 = Uint8Array([10,11,12,13,14,15,16,17,18,19]);
+ *
+ * var inflate = new pako.Inflate({ level: 3});
+ *
+ * inflate.push(chunk1, false);
+ * inflate.push(chunk2, true);  // true -> last chunk
+ *
+ * if (inflate.err) { throw new Error(inflate.err); }
+ *
+ * console.log(inflate.result);
+ * ```
+ **/
+function Inflate(options) {
+  if (!(this instanceof Inflate)) return new Inflate(options);
+
+  this.options = utils.assign({
+    chunkSize: 16384,
+    windowBits: 0,
+    to: ''
+  }, options || {});
+
+  var opt = this.options;
+
+  // Force window size for `raw` data, if not set directly,
+  // because we have no header for autodetect.
+  if (opt.raw && (opt.windowBits >= 0) && (opt.windowBits < 16)) {
+    opt.windowBits = -opt.windowBits;
+    if (opt.windowBits === 0) { opt.windowBits = -15; }
+  }
+
+  // If `windowBits` not defined (and mode not raw) - set autodetect flag for gzip/deflate
+  if ((opt.windowBits >= 0) && (opt.windowBits < 16) &&
+      !(options && options.windowBits)) {
+    opt.windowBits += 32;
+  }
+
+  // Gzip header has no info about windows size, we can do autodetect only
+  // for deflate. So, if window size not set, force it to max when gzip possible
+  if ((opt.windowBits > 15) && (opt.windowBits < 48)) {
+    // bit 3 (16) -> gzipped data
+    // bit 4 (32) -> autodetect gzip/deflate
+    if ((opt.windowBits & 15) === 0) {
+      opt.windowBits |= 15;
+    }
+  }
+
+  this.err    = 0;      // error code, if happens (0 = Z_OK)
+  this.msg    = '';     // error message
+  this.ended  = false;  // used to avoid multiple onEnd() calls
+  this.chunks = [];     // chunks of compressed data
+
+  this.strm   = new ZStream();
+  this.strm.avail_out = 0;
+
+  var status  = zlib_inflate.inflateInit2(
+    this.strm,
+    opt.windowBits
+  );
+
+  if (status !== c.Z_OK) {
+    throw new Error(msg[status]);
+  }
+
+  this.header = new GZheader();
+
+  zlib_inflate.inflateGetHeader(this.strm, this.header);
+}
+
+/**
+ * Inflate#push(data[, mode]) -> Boolean
+ * - data (Uint8Array|Array|ArrayBuffer|String): input data
+ * - mode (Number|Boolean): 0..6 for corresponding Z_NO_FLUSH..Z_TREE modes.
+ *   See constants. Skipped or `false` means Z_NO_FLUSH, `true` meansh Z_FINISH.
+ *
+ * Sends input data to inflate pipe, generating [[Inflate#onData]] calls with
+ * new output chunks. Returns `true` on success. The last data block must have
+ * mode Z_FINISH (or `true`). That will flush internal pending buffers and call
+ * [[Inflate#onEnd]]. For interim explicit flushes (without ending the stream) you
+ * can use mode Z_SYNC_FLUSH, keeping the decompression context.
+ *
+ * On fail call [[Inflate#onEnd]] with error code and return false.
+ *
+ * We strongly recommend to use `Uint8Array` on input for best speed (output
+ * format is detected automatically). Also, don't skip last param and always
+ * use the same type in your code (boolean or number). That will improve JS speed.
+ *
+ * For regular `Array`-s make sure all elements are [0..255].
+ *
+ * ##### Example
+ *
+ * ```javascript
+ * push(chunk, false); // push one of data chunks
+ * ...
+ * push(chunk, true);  // push last chunk
+ * ```
+ **/
+Inflate.prototype.push = function (data, mode) {
+  var strm = this.strm;
+  var chunkSize = this.options.chunkSize;
+  var dictionary = this.options.dictionary;
+  var status, _mode;
+  var next_out_utf8, tail, utf8str;
+  var dict;
+
+  // Flag to properly process Z_BUF_ERROR on testing inflate call
+  // when we check that all output data was flushed.
+  var allowBufError = false;
+
+  if (this.ended) { return false; }
+  _mode = (mode === ~~mode) ? mode : ((mode === true) ? c.Z_FINISH : c.Z_NO_FLUSH);
+
+  // Convert data if needed
+  if (typeof data === 'string') {
+    // Only binary strings can be decompressed on practice
+    strm.input = strings.binstring2buf(data);
+  } else if (toString.call(data) === '[object ArrayBuffer]') {
+    strm.input = new Uint8Array(data);
+  } else {
+    strm.input = data;
+  }
+
+  strm.next_in = 0;
+  strm.avail_in = strm.input.length;
+
+  do {
+    if (strm.avail_out === 0) {
+      strm.output = new utils.Buf8(chunkSize);
+      strm.next_out = 0;
+      strm.avail_out = chunkSize;
+    }
+
+    status = zlib_inflate.inflate(strm, c.Z_NO_FLUSH);    /* no bad return value */
+
+    if (status === c.Z_NEED_DICT && dictionary) {
+      // Convert data if needed
+      if (typeof dictionary === 'string') {
+        dict = strings.string2buf(dictionary);
+      } else if (toString.call(dictionary) === '[object ArrayBuffer]') {
+        dict = new Uint8Array(dictionary);
+      } else {
+        dict = dictionary;
+      }
+
+      status = zlib_inflate.inflateSetDictionary(this.strm, dict);
+
+    }
+
+    if (status === c.Z_BUF_ERROR && allowBufError === true) {
+      status = c.Z_OK;
+      allowBufError = false;
+    }
+
+    if (status !== c.Z_STREAM_END && status !== c.Z_OK) {
+      this.onEnd(status);
+      this.ended = true;
+      return false;
+    }
+
+    if (strm.next_out) {
+      if (strm.avail_out === 0 || status === c.Z_STREAM_END || (strm.avail_in === 0 && (_mode === c.Z_FINISH || _mode === c.Z_SYNC_FLUSH))) {
+
+        if (this.options.to === 'string') {
+
+          next_out_utf8 = strings.utf8border(strm.output, strm.next_out);
+
+          tail = strm.next_out - next_out_utf8;
+          utf8str = strings.buf2string(strm.output, next_out_utf8);
+
+          // move tail
+          strm.next_out = tail;
+          strm.avail_out = chunkSize - tail;
+          if (tail) { utils.arraySet(strm.output, strm.output, next_out_utf8, tail, 0); }
+
+          this.onData(utf8str);
+
+        } else {
+          this.onData(utils.shrinkBuf(strm.output, strm.next_out));
+        }
+      }
+    }
+
+    // When no more input data, we should check that internal inflate buffers
+    // are flushed. The only way to do it when avail_out = 0 - run one more
+    // inflate pass. But if output data not exists, inflate return Z_BUF_ERROR.
+    // Here we set flag to process this error properly.
+    //
+    // NOTE. Deflate does not return error in this case and does not needs such
+    // logic.
+    if (strm.avail_in === 0 && strm.avail_out === 0) {
+      allowBufError = true;
+    }
+
+  } while ((strm.avail_in > 0 || strm.avail_out === 0) && status !== c.Z_STREAM_END);
+
+  if (status === c.Z_STREAM_END) {
+    _mode = c.Z_FINISH;
+  }
+
+  // Finalize on the last chunk.
+  if (_mode === c.Z_FINISH) {
+    status = zlib_inflate.inflateEnd(this.strm);
+    this.onEnd(status);
+    this.ended = true;
+    return status === c.Z_OK;
+  }
+
+  // callback interim results if Z_SYNC_FLUSH.
+  if (_mode === c.Z_SYNC_FLUSH) {
+    this.onEnd(c.Z_OK);
+    strm.avail_out = 0;
+    return true;
+  }
+
+  return true;
+};
+
+
+/**
+ * Inflate#onData(chunk) -> Void
+ * - chunk (Uint8Array|Array|String): ouput data. Type of array depends
+ *   on js engine support. When string output requested, each chunk
+ *   will be string.
+ *
+ * By default, stores data blocks in `chunks[]` property and glue
+ * those in `onEnd`. Override this handler, if you need another behaviour.
+ **/
+Inflate.prototype.onData = function (chunk) {
+  this.chunks.push(chunk);
+};
+
+
+/**
+ * Inflate#onEnd(status) -> Void
+ * - status (Number): inflate status. 0 (Z_OK) on success,
+ *   other if not.
+ *
+ * Called either after you tell inflate that the input stream is
+ * complete (Z_FINISH) or should be flushed (Z_SYNC_FLUSH)
+ * or if an error happened. By default - join collected chunks,
+ * free memory and fill `results` / `err` properties.
+ **/
+Inflate.prototype.onEnd = function (status) {
+  // On success - join
+  if (status === c.Z_OK) {
+    if (this.options.to === 'string') {
+      // Glue & convert here, until we teach pako to send
+      // utf8 alligned strings to onData
+      this.result = this.chunks.join('');
+    } else {
+      this.result = utils.flattenChunks(this.chunks);
+    }
+  }
+  this.chunks = [];
+  this.err = status;
+  this.msg = this.strm.msg;
+};
+
+
+/**
+ * inflate(data[, options]) -> Uint8Array|Array|String
+ * - data (Uint8Array|Array|String): input data to decompress.
+ * - options (Object): zlib inflate options.
+ *
+ * Decompress `data` with inflate/ungzip and `options`. Autodetect
+ * format via wrapper header by default. That's why we don't provide
+ * separate `ungzip` method.
+ *
+ * Supported options are:
+ *
+ * - windowBits
+ *
+ * [http://zlib.net/manual.html#Advanced](http://zlib.net/manual.html#Advanced)
+ * for more information.
+ *
+ * Sugar (options):
+ *
+ * - `raw` (Boolean) - say that we work with raw stream, if you don't wish to specify
+ *   negative windowBits implicitly.
+ * - `to` (String) - if equal to 'string', then result will be converted
+ *   from utf8 to utf16 (javascript) string. When string output requested,
+ *   chunk length can differ from `chunkSize`, depending on content.
+ *
+ *
+ * ##### Example:
+ *
+ * ```javascript
+ * var pako = require('pako')
+ *   , input = pako.deflate([1,2,3,4,5,6,7,8,9])
+ *   , output;
+ *
+ * try {
+ *   output = pako.inflate(input);
+ * } catch (err)
+ *   console.log(err);
+ * }
+ * ```
+ **/
+function inflate(input, options) {
+  var inflator = new Inflate(options);
+
+  inflator.push(input, true);
+
+  // That will never happens, if you don't cheat with options :)
+  if (inflator.err) { throw inflator.msg || msg[inflator.err]; }
+
+  return inflator.result;
+}
+
+
+/**
+ * inflateRaw(data[, options]) -> Uint8Array|Array|String
+ * - data (Uint8Array|Array|String): input data to decompress.
+ * - options (Object): zlib inflate options.
+ *
+ * The same as [[inflate]], but creates raw data, without wrapper
+ * (header and adler32 crc).
+ **/
+function inflateRaw(input, options) {
+  options = options || {};
+  options.raw = true;
+  return inflate(input, options);
+}
+
+
+/**
+ * ungzip(data[, options]) -> Uint8Array|Array|String
+ * - data (Uint8Array|Array|String): input data to decompress.
+ * - options (Object): zlib inflate options.
+ *
+ * Just shortcut to [[inflate]], because it autodetects format
+ * by header.content. Done for convenience.
+ **/
+
+
+exports.Inflate = Inflate;
+exports.inflate = inflate;
+exports.inflateRaw = inflateRaw;
+exports.ungzip  = inflate;
+
+},{"./utils/common":1,"./utils/strings":2,"./zlib/constants":4,"./zlib/gzheader":6,"./zlib/inflate":8,"./zlib/messages":10,"./zlib/zstream":11}]},{},[])("/lib/inflate.js")
+});
\ No newline at end of file
diff --git a/chromium/icon.jpg b/chromium/icon.jpg
deleted file mode 100644
index db87ce1c7bd0..000000000000
Binary files a/chromium/icon.jpg and /dev/null differ
diff --git a/chromium/icon128.png b/chromium/icon128.png
deleted file mode 100644
index 8d573455c292..000000000000
Binary files a/chromium/icon128.png and /dev/null differ
diff --git a/chromium/icon16.png b/chromium/icon16.png
deleted file mode 100644
index d80e65fa5575..000000000000
Binary files a/chromium/icon16.png and /dev/null differ
diff --git a/chromium/icon48.png b/chromium/icon48.png
deleted file mode 100644
index 74b8118334ed..000000000000
Binary files a/chromium/icon48.png and /dev/null differ
diff --git a/chromium/images/HTTPS-Everywhere-Logo.png b/chromium/images/HTTPS-Everywhere-Logo.png
new file mode 100644
index 000000000000..d1ebd640731b
Binary files /dev/null and b/chromium/images/HTTPS-Everywhere-Logo.png differ
diff --git a/chromium/images/banner-red.svg b/chromium/images/banner-red.svg
new file mode 100644
index 000000000000..5e1e54b9f800
--- /dev/null
+++ b/chromium/images/banner-red.svg
@@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 1244 263"><style>.a{fill:#020202}@media(prefers-color-scheme:dark){.a{fill:#fff}}</style><path class="a" d="M1243.4 8.5h-35.6l-53.1 146.7h35.6zm-59.2 0h-35.6l-53.1 146.7h35.7zm-108.6 91.10001c-5.6 0-10.1 1.8-13.6 5.3s-5.3 8.1-5.3 13.6c0 5.7 1.8 10.3 5.3 13.8s8.1 5.3 13.6 5.3c5.7 0 10.3-1.8 13.8-5.3s5.3-8.1 5.3-13.8c0-5.6-1.8-10.1-5.3-13.6-3.5-3.6-8.1-5.3-13.8-5.3zm0-55.1c-5.6 0-10.1 1.8-13.6 5.3s-5.3 8.1-5.3 13.6c0 5.7 1.8 10.3 5.3 13.8s8.1 5.3 13.6 5.3c5.7 0 10.3-1.8 13.8-5.3s5.3-8.1 5.3-13.8c0-5.6-1.8-10.1-5.3-13.6s-8.1-5.3-13.8-5.3zm-104.9-43.6c11.7 0 23.3 1.6 34.9 4.8 11.6 3.2 21.7 7.5 30.2 12.9l-17.9 37.6c-8.4-4.6-17.5-8.6-27.4-12.2-9.9-3.6-17.9-5.3-24-5.3-6.1 0-9.2 2.1-9.2 6.2 0 2.8 1.9 5.3 5.8 7.4 3.8 2.1 8.6 3.7 14.3 4.8 5.7 1.1 11.9 2.9 18.7 5.2 6.8 2.3 13 5 18.7 8 5.7 3 10.5 7.6 14.3 13.8 3.8 6.2 5.8 13.6 5.8 22.1 0 15.8-6 27.8-17.9 35.9-12 8.1-27 12.2-45 12.2-13.2 0-26.6-2.1-40-6.3-13.4-4.2-25.1-10.1-34.9-17.6l18.4-37.1c7.5 6.3 17 11.7 28.4 16.3 11.4 4.6 20.9 6.9 28.6 6.9 8 0 12-2.6 12-7.7 0-3-1.9-5.5-5.8-7.6-3.8-2.1-8.6-3.6-14.3-4.7-5.7-1.1-11.9-2.7-18.7-4.9-6.8-2.2-13-4.7-18.7-7.6-5.7-2.8-10.5-7.2-14.3-13.1-3.8-5.9-5.8-13-5.8-21.2 0-14.9 5.8-26.8 17.4-35.5 11.4-8.9 26.9-13.3 46.4-13.3zm-211.3 2.1h70.2c19.5 0 34.6 4.7 45.3 14 10.7 9.3 16 22.5 16 39.6 0 18.1-5.3 32.1-16 42.2-10.7 10-25.8 15.1-45.3 15.1h-20.7v38.9h-49.5zm49.5 37.6v35.6H827c5.4 0 9.6-1.6 12.5-4.8 2.9-3.2 4.4-7.6 4.4-13.3 0-5.5-1.5-9.9-4.4-12.9-2.9-3.1-7.1-4.6-12.5-4.6zm-61.3 1.5h-42.7v110.6h-49.5v-110.6h-42.5v-39.1h134.7zm-145.8 0h-42.7v110.6h-49.5v-110.6h-42.5v-39.1h134.7zm-146.4 110.6h-49.5v-54h-46.3v54H310v-149.7h49.5v58.1h46.3v-58.1h49.5v149.7z"/><path fill="#630000" d="M0 218V3h215l45 45v215H45z"/><path fill="#931111" d="M215 3l45 45v215L0 3z"/><path fill="#ec1e1e" d="M0 3h215v215H0zm1229.9 196.5h-43.7v10.4h39.7v21.3h-39.7v10.5h44.8V263h-73v-84.9h71.9zm-112.2 63.6l-10.2-22.1H1097v22.1h-28.1v-84.9h41.1c11.6 0 20.5 2.6 26.8 7.9 6.3 5.3 9.5 12.8 9.5 22.5 0 12.4-4.5 21.4-13.5 26.9l16.7 27.6zm-20.7-43.4h13c3.1 0 5.4-.9 7.1-2.7 1.7-1.8 2.5-4.3 2.5-7.6 0-3.2-.8-5.6-2.5-7.3-1.7-1.7-4-2.6-7.1-2.6h-13zm-41.2-20.2H1012v10.4h39.7v21.3H1012v10.5h44.8V263h-72.9v-84.9h71.9zm-85.3 63.6h-28.1v-30.7h-26.3v30.7H888v-84.9h28.1v33h26.3v-33h28.1zm-117.1 0h-29l-11.8-50.8-12.1 50.8h-29L744 178.2h30.1l12.8 55.7 12.6-55.6 27.4-.1 12.8 55.7 12.6-55.7H881zm-139.2-26.4v26.4h-28.1v-25.8l-31-59.1h28l17.1 32.7 16.5-32.7h28zm-91.6 26.4L612.4 241h-10.5v22.1h-28.1v-84.9h41.1c11.6 0 20.5 2.6 26.8 7.9 6.3 5.3 9.5 12.8 9.5 22.5 0 12.4-4.5 21.4-13.5 26.9l16.7 27.6zm-20.7-43.4h13c3.1 0 5.4-.9 7.1-2.7 1.7-1.8 2.5-4.3 2.5-7.6 0-3.2-.8-5.6-2.5-7.3-1.7-1.7-4-2.6-7.1-2.6h-13zm-41.2-20.2H517v10.4h39.7v21.3H517v10.5h44.8V263h-72.9v-84.9h71.9v21.4zm-111.1 63.6h-29.1l-32.2-84.9h30.1l17.6 55.7 17.4-55.7H482zm-67.8-63.6h-43.7v10.4h39.7v21.3h-39.7v10.5h44.8V263H310v-84.9h71.9v21.4z"/><path fill="#fff" d="M111.35 41.4c10.5 0 21 1.4 31.5 4.3s19.5 6.8 27.3 11.7l-16.2 33.9c-7.6-4.1-15.8-7.8-24.7-11-8.9-3.2-16.1-4.8-21.7-4.8-5.5 0-8.3 1.9-8.3 5.6 0 2.6 1.7 4.8 5.2 6.6 3.5 1.9 7.8 3.3 12.9 4.3 5.1 1 10.8 2.6 16.9 4.7 6.1 2.1 11.7 4.5 16.9 7.2 5.1 2.7 9.4 6.8 12.9 12.4 3.5 5.6 5.2 12.2 5.2 19.9 0 14.3-5.4 25-16.2 32.4-10.8 7.3-24.3 11-40.6 11-11.9 0-24-1.9-36.1-5.7-12.1-3.8-22.6-9.1-31.5-15.9l16.6-33.5c6.8 5.7 15.3 10.6 25.6 14.7 10.3 4.2 18.9 6.3 25.8 6.3 7.2 0 10.8-2.3 10.8-6.9 0-2.7-1.7-5-5.2-6.8-3.5-1.9-7.8-3.3-12.9-4.2-5.1-1-10.8-2.4-16.9-4.4-6.1-2-11.7-4.3-16.9-6.8-5.1-2.6-9.4-6.5-12.9-11.8-3.5-5.3-5.2-11.7-5.2-19.2 0-13.5 5.2-24.2 15.7-32.1 10.4-7.9 24.4-11.9 42-11.9z"/></svg>
\ No newline at end of file
diff --git a/chromium/images/eff-logo-monogram-red.png b/chromium/images/eff-logo-monogram-red.png
new file mode 100644
index 000000000000..2b91daab5203
Binary files /dev/null and b/chromium/images/eff-logo-monogram-red.png differ
diff --git a/chromium/images/icons/icon-active-128.png b/chromium/images/icons/icon-active-128.png
new file mode 100644
index 000000000000..12c1a63bff5c
Binary files /dev/null and b/chromium/images/icons/icon-active-128.png differ
diff --git a/chromium/images/icons/icon-active-38.png b/chromium/images/icons/icon-active-38.png
new file mode 100644
index 000000000000..30a41b05d948
Binary files /dev/null and b/chromium/images/icons/icon-active-38.png differ
diff --git a/chromium/images/icons/icon-active-48.png b/chromium/images/icons/icon-active-48.png
new file mode 100644
index 000000000000..427a300151e3
Binary files /dev/null and b/chromium/images/icons/icon-active-48.png differ
diff --git a/chromium/images/icons/icon-blocking-38.png b/chromium/images/icons/icon-blocking-38.png
new file mode 100644
index 000000000000..4dd9ab1caa03
Binary files /dev/null and b/chromium/images/icons/icon-blocking-38.png differ
diff --git a/chromium/images/icons/icon-disabled-38.png b/chromium/images/icons/icon-disabled-38.png
new file mode 100644
index 000000000000..57c80f6a0f85
Binary files /dev/null and b/chromium/images/icons/icon-disabled-38.png differ
diff --git a/chromium/images/onboarding/httpseverywhere-logo.png b/chromium/images/onboarding/httpseverywhere-logo.png
new file mode 100644
index 000000000000..30aebc3ee763
Binary files /dev/null and b/chromium/images/onboarding/httpseverywhere-logo.png differ
diff --git a/chromium/images/remove.png b/chromium/images/remove.png
new file mode 100644
index 000000000000..cf328163408a
Binary files /dev/null and b/chromium/images/remove.png differ
diff --git a/chromium/lru.js b/chromium/lru.js
deleted file mode 100644
index 13213f10ce69..000000000000
--- a/chromium/lru.js
+++ /dev/null
@@ -1,251 +0,0 @@
-/**
- * A doubly linked list-based Least Recently Used (LRU) cache. Will keep most
- * recently used items while discarding least recently used items when its limit
- * is reached.
- *
- * Licensed under MIT. Copyright (c) 2010 Rasmus Andersson <http://hunch.se/>
- * See README.md for details.
- *
- * Illustration of the design:
- *
- *       entry             entry             entry             entry
- *       ______            ______            ______            ______
- *      | head |.newer => |      |.newer => |      |.newer => | tail |
- *      |  A   |          |  B   |          |  C   |          |  D   |
- *      |______| <= older.|______| <= older.|______| <= older.|______|
- *
- *  removed  <--  <--  <--  <--  <--  <--  <--  <--  <--  <--  <--  added
- */
-function LRUCache (limit) {
-  // Current size of the cache. (Read-only).
-  this.size = 0;
-  // Maximum number of items this cache can hold.
-  this.limit = limit;
-  this._keymap = {};
-}
-
-/**
- * Put <value> into the cache associated with <key>. Returns the entry which was
- * removed to make room for the new entry. Otherwise undefined is returned
- * (i.e. if there was enough room already).
- */
-LRUCache.prototype.put = function(key, value) {
-  var entry = {key:key, value:value};
-  // Note: No protection agains replacing, and thus orphan entries. By design.
-  this._keymap[key] = entry;
-  if (this.tail) {
-    // link previous tail to the new tail (entry)
-    this.tail.newer = entry;
-    entry.older = this.tail;
-  } else {
-    // we're first in -- yay
-    this.head = entry;
-  }
-  // add new entry to the end of the linked list -- it's now the freshest entry.
-  this.tail = entry;
-  if (this.size === this.limit) {
-    // we hit the limit -- remove the head
-    return this.shift();
-  } else {
-    // increase the size counter
-    this.size++;
-  }
-};
-
-/**
- * Purge the least recently used (oldest) entry from the cache. Returns the
- * removed entry or undefined if the cache was empty.
- *
- * If you need to perform any form of finalization of purged items, this is a
- * good place to do it. Simply override/replace this function:
- *
- *   var c = new LRUCache(123);
- *   c.shift = function() {
- *     var entry = LRUCache.prototype.shift.call(this);
- *     doSomethingWith(entry);
- *     return entry;
- *   }
- */
-LRUCache.prototype.shift = function() {
-  // todo: handle special case when limit == 1
-  var entry = this.head;
-  if (entry) {
-    if (this.head.newer) {
-      this.head = this.head.newer;
-      this.head.older = undefined;
-    } else {
-      this.head = undefined;
-    }
-    // Remove last strong reference to <entry> and remove links from the purged
-    // entry being returned:
-    entry.newer = entry.older = undefined;
-    // delete is slow, but we need to do this to avoid uncontrollable growth:
-    delete this._keymap[entry.key];
-  }
-  return entry;
-};
-
-/**
- * Get and register recent use of <key>. Returns the value associated with <key>
- * or undefined if not in cache.
- */
-LRUCache.prototype.get = function(key, returnEntry) {
-  // First, find our cache entry
-  var entry = this._keymap[key];
-  if (entry === undefined) return; // Not cached. Sorry.
-  // As <key> was found in the cache, register it as being requested recently
-  if (entry === this.tail) {
-    // Already the most recenlty used entry, so no need to update the list
-    return entry.value;
-  }
-  // HEAD--------------TAIL
-  //   <.older   .newer>
-  //  <--- add direction --
-  //   A  B  C  <D>  E
-  if (entry.newer) {
-    if (entry === this.head)
-      this.head = entry.newer;
-    entry.newer.older = entry.older; // C <-- E.
-  }
-  if (entry.older)
-    entry.older.newer = entry.newer; // C. --> E
-  entry.newer = undefined; // D --x
-  entry.older = this.tail; // D. --> E
-  if (this.tail)
-    this.tail.newer = entry; // E. <-- D
-  this.tail = entry;
-  return returnEntry ? entry : entry.value;
-};
-
-// ----------------------------------------------------------------------------
-// Following code is optional and can be removed without breaking the core
-// functionality.
-
-/**
- * Check if <key> is in the cache without registering recent use. Feasible if
- * you do not want to chage the state of the cache, but only "peek" at it.
- * Returns the entry associated with <key> if found, or undefined if not found.
- */
-LRUCache.prototype.find = function(key) {
-  return this._keymap[key];
-};
-
-/**
- * Update the value of entry with <key>. Returns the old value, or undefined if
- * entry was not in the cache.
- */
-LRUCache.prototype.set = function(key, value) {
-  var oldvalue, entry = this.get(key, true);
-  if (entry) {
-    oldvalue = entry.value;
-    entry.value = value;
-  } else {
-    oldvalue = this.put(key, value);
-    if (oldvalue) oldvalue = oldvalue.value;
-  }
-  return oldvalue;
-};
-
-/**
- * Remove entry <key> from cache and return its value. Returns undefined if not
- * found.
- */
-LRUCache.prototype.remove = function(key) {
-  var entry = this._keymap[key];
-  if (!entry) return;
-  delete this._keymap[entry.key]; // need to do delete unfortunately
-  if (entry.newer && entry.older) {
-    // relink the older entry with the newer entry
-    entry.older.newer = entry.newer;
-    entry.newer.older = entry.older;
-  } else if (entry.newer) {
-    // remove the link to us
-    entry.newer.older = undefined;
-    // link the newer entry to head
-    this.head = entry.newer;
-  } else if (entry.older) {
-    // remove the link to us
-    entry.older.newer = undefined;
-    // link the newer entry to head
-    this.tail = entry.older;
-  } else {// if(entry.older === undefined && entry.newer === undefined) {
-    this.head = this.tail = undefined;
-  }
-
-  this.size--;
-  return entry.value;
-};
-
-/** Removes all entries */
-LRUCache.prototype.removeAll = function() {
-  // This should be safe, as we never expose strong refrences to the outside
-  this.head = this.tail = undefined;
-  this.size = 0;
-  this._keymap = {};
-};
-
-/**
- * Return an array containing all keys of entries stored in the cache object, in
- * arbitrary order.
- */
-if (typeof Object.keys === 'function') {
-  LRUCache.prototype.keys = function() { return Object.keys(this._keymap); };
-} else {
-  LRUCache.prototype.keys = function() {
-    var keys = [];
-    for (var k in this._keymap) keys.push(k);
-    return keys;
-  };
-}
-
-/**
- * Call `fun` for each entry. Starting with the newest entry if `desc` is a true
- * value, otherwise starts with the oldest (head) enrty and moves towards the
- * tail.
- *
- * `fun` is called with 3 arguments in the context `context`:
- *   `fun.call(context, Object key, Object value, LRUCache self)`
- */
-LRUCache.prototype.forEach = function(fun, context, desc) {
-  var entry;
-  if (context === true) { desc = true; context = undefined; }
-  else if (typeof context !== 'object') context = this;
-  if (desc) {
-    entry = this.tail;
-    while (entry) {
-      fun.call(context, entry.key, entry.value, this);
-      entry = entry.older;
-    }
-  } else {
-    entry = this.head;
-    while (entry) {
-      fun.call(context, entry.key, entry.value, this);
-      entry = entry.newer;
-    }
-  }
-};
-
-/** Returns a JSON (array) representation */
-LRUCache.prototype.toJSON = function() {
-  var s = [], entry = this.head;
-  while (entry) {
-    s.push({key:entry.key.toJSON(), value:entry.value.toJSON()});
-    entry = entry.newer;
-  }
-  return s;
-};
-
-/** Returns a String representation */
-LRUCache.prototype.toString = function() {
-  var s = '', entry = this.head;
-  while (entry) {
-    s += String(entry.key)+':'+entry.value;
-    entry = entry.newer;
-    if (entry)
-      s += ' < ';
-  }
-  return s;
-};
-
-// Export ourselves
-if (typeof this === 'object') this.LRUCache = LRUCache;
diff --git a/chromium/manifest.json b/chromium/manifest.json
index cc57e266969e..5a1ee704713e 100644
--- a/chromium/manifest.json
+++ b/chromium/manifest.json
@@ -1,40 +1,63 @@
 {
-    "author": {
-        "email": "eff.software.projects@gmail.com"
-    }, 
+    "applications": {
+        "gecko": {
+            "id": "https-everywhere-eff@eff.org",
+            "update_url": "https://www.eff.org/files/https-everywhere-updates.json"
+        }
+    },
+    "author": "extension-devs@eff.org",
     "background": {
         "scripts": [
-            "util.js", 
-            "URI.js", 
-            "lru.js",
-            "rule_list.js", 
-            "rules.js", 
-            "background.js"
+            "background-scripts/bootstrap.js",
+            "background-scripts/util.js",
+            "wasm/https_everywhere_lib_wasm.js",
+            "background-scripts/wasm.js",
+            "background-scripts/update_channels.js",
+            "background-scripts/update.js",
+            "background-scripts/rules.js",
+            "background-scripts/store.js",
+            "external/pako-1.0.5/pako_inflate.min.js",
+            "background-scripts/incognito.js",
+            "background-scripts/ip_utils.js",
+            "background-scripts/modules/ssl_codes.js",
+            "background-scripts/background.js"
         ]
-    }, 
-    "default_locale": "en", 
-    "description": "__MSG_about_ext_description__", 
-    "homepage_url": "https://www.eff.org/https-everywhere", 
-    "icons": {
-        "128": "icon128.png", 
-        "16": "icon16.png", 
-        "48": "icon48.png"
-    }, 
-    "manifest_version": 2, 
-    "minimum_chrome_version": "18", 
-    "name": "__MSG_about_ext_name__", 
-    "page_action": {
-        "default_icon": "icon48.png", 
-        "default_popup": "popup.html", 
+    },
+    "browser_action": {
+        "default_icon": {
+            "38": "images/icons/icon-active-38.png"
+        },
+        "default_popup": "pages/popup/index.html",
         "default_title": "__MSG_about_ext_name__"
-    }, 
+    },
+    "content_security_policy": "script-src 'self' 'wasm-eval'; object-src 'self'",
+    "default_locale": "en",
+    "description": "__MSG_about_ext_description__",
+    "homepage_url": "https://www.eff.org/https-everywhere",
+    "icons": {
+        "128": "images/icons/icon-active-128.png",
+        "48": "images/icons/icon-active-48.png"
+    },
+    "incognito": "split",
+    "manifest_version": 2,
+    "minimum_chrome_version": "55",
+    "name": "__MSG_about_ext_name__",
+    "options_ui": {
+        "open_in_tab": true,
+        "page": "pages/options/index.html"
+    },
     "permissions": [
-        "webRequest", 
-        "webRequestBlocking", 
-        "tabs", 
-        "cookies", 
-        "<all_urls>"
-    ], 
-    "update_url": "https://www.eff.org/files/https-everywhere-chrome-updates.xml", 
-    "version": "2013.10.16"
-}
+        "webNavigation",
+        "webRequest",
+        "webRequestBlocking",
+        "tabs",
+        "cookies",
+        "storage",
+        "*://*/*",
+        "ftp://*/*"
+    ],
+    "version": "2022.5.24",
+    "web_accessible_resources": [
+        "/pages/cancel/index.html"
+    ]
+}
\ No newline at end of file
diff --git a/chromium/package-lock.json b/chromium/package-lock.json
new file mode 100644
index 000000000000..0886adcdb32c
--- /dev/null
+++ b/chromium/package-lock.json
@@ -0,0 +1,2909 @@
+{
+  "name": "https-everywhere",
+  "version": "1.0.0",
+  "lockfileVersion": 1,
+  "requires": true,
+  "dependencies": {
+    "@babel/code-frame": {
+      "version": "7.10.4",
+      "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.10.4.tgz",
+      "integrity": "sha512-vG6SvB6oYEhvgisZNFRmRCUkLz11c7rp+tbNTynGqc6mS1d5ATd/sGyV6W0KZZnXRKMTzZDRgQT3Ou9jhpAfUg==",
+      "dev": true,
+      "requires": {
+        "@babel/highlight": "^7.10.4"
+      }
+    },
+    "@babel/core": {
+      "version": "7.11.1",
+      "resolved": "https://registry.npmjs.org/@babel/core/-/core-7.11.1.tgz",
+      "integrity": "sha512-XqF7F6FWQdKGGWAzGELL+aCO1p+lRY5Tj5/tbT3St1G8NaH70jhhDIKknIZaDans0OQBG5wRAldROLHSt44BgQ==",
+      "dev": true,
+      "requires": {
+        "@babel/code-frame": "^7.10.4",
+        "@babel/generator": "^7.11.0",
+        "@babel/helper-module-transforms": "^7.11.0",
+        "@babel/helpers": "^7.10.4",
+        "@babel/parser": "^7.11.1",
+        "@babel/template": "^7.10.4",
+        "@babel/traverse": "^7.11.0",
+        "@babel/types": "^7.11.0",
+        "convert-source-map": "^1.7.0",
+        "debug": "^4.1.0",
+        "gensync": "^1.0.0-beta.1",
+        "json5": "^2.1.2",
+        "lodash": "^4.17.19",
+        "resolve": "^1.3.2",
+        "semver": "^5.4.1",
+        "source-map": "^0.5.0"
+      },
+      "dependencies": {
+        "debug": {
+          "version": "4.1.1",
+          "resolved": "https://registry.npmjs.org/debug/-/debug-4.1.1.tgz",
+          "integrity": "sha512-pYAIzeRo8J6KPEaJ0VWOh5Pzkbw/RetuzehGM7QRRX5he4fPHx2rdKMB256ehJCkX+XRQm16eZLqLNS8RSZXZw==",
+          "dev": true,
+          "requires": {
+            "ms": "^2.1.1"
+          }
+        },
+        "semver": {
+          "version": "5.7.1",
+          "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.1.tgz",
+          "integrity": "sha512-sauaDf/PZdVgrLTNYHRtpXa1iRiKcaebiKQ1BJdpQlWH2lCvexQdX55snPFyK7QzpudqbCI0qXFfOasHdyNDGQ==",
+          "dev": true
+        }
+      }
+    },
+    "@babel/generator": {
+      "version": "7.11.0",
+      "resolved": "https://registry.npmjs.org/@babel/generator/-/generator-7.11.0.tgz",
+      "integrity": "sha512-fEm3Uzw7Mc9Xi//qU20cBKatTfs2aOtKqmvy/Vm7RkJEGFQ4xc9myCfbXxqK//ZS8MR/ciOHw6meGASJuKmDfQ==",
+      "dev": true,
+      "requires": {
+        "@babel/types": "^7.11.0",
+        "jsesc": "^2.5.1",
+        "source-map": "^0.5.0"
+      }
+    },
+    "@babel/helper-function-name": {
+      "version": "7.10.4",
+      "resolved": "https://registry.npmjs.org/@babel/helper-function-name/-/helper-function-name-7.10.4.tgz",
+      "integrity": "sha512-YdaSyz1n8gY44EmN7x44zBn9zQ1Ry2Y+3GTA+3vH6Mizke1Vw0aWDM66FOYEPw8//qKkmqOckrGgTYa+6sceqQ==",
+      "dev": true,
+      "requires": {
+        "@babel/helper-get-function-arity": "^7.10.4",
+        "@babel/template": "^7.10.4",
+        "@babel/types": "^7.10.4"
+      }
+    },
+    "@babel/helper-get-function-arity": {
+      "version": "7.10.4",
+      "resolved": "https://registry.npmjs.org/@babel/helper-get-function-arity/-/helper-get-function-arity-7.10.4.tgz",
+      "integrity": "sha512-EkN3YDB+SRDgiIUnNgcmiD361ti+AVbL3f3Henf6dqqUyr5dMsorno0lJWJuLhDhkI5sYEpgj6y9kB8AOU1I2A==",
+      "dev": true,
+      "requires": {
+        "@babel/types": "^7.10.4"
+      }
+    },
+    "@babel/helper-member-expression-to-functions": {
+      "version": "7.11.0",
+      "resolved": "https://registry.npmjs.org/@babel/helper-member-expression-to-functions/-/helper-member-expression-to-functions-7.11.0.tgz",
+      "integrity": "sha512-JbFlKHFntRV5qKw3YC0CvQnDZ4XMwgzzBbld7Ly4Mj4cbFy3KywcR8NtNctRToMWJOVvLINJv525Gd6wwVEx/Q==",
+      "dev": true,
+      "requires": {
+        "@babel/types": "^7.11.0"
+      }
+    },
+    "@babel/helper-module-imports": {
+      "version": "7.10.4",
+      "resolved": "https://registry.npmjs.org/@babel/helper-module-imports/-/helper-module-imports-7.10.4.tgz",
+      "integrity": "sha512-nEQJHqYavI217oD9+s5MUBzk6x1IlvoS9WTPfgG43CbMEeStE0v+r+TucWdx8KFGowPGvyOkDT9+7DHedIDnVw==",
+      "dev": true,
+      "requires": {
+        "@babel/types": "^7.10.4"
+      }
+    },
+    "@babel/helper-module-transforms": {
+      "version": "7.11.0",
+      "resolved": "https://registry.npmjs.org/@babel/helper-module-transforms/-/helper-module-transforms-7.11.0.tgz",
+      "integrity": "sha512-02EVu8COMuTRO1TAzdMtpBPbe6aQ1w/8fePD2YgQmxZU4gpNWaL9gK3Jp7dxlkUlUCJOTaSeA+Hrm1BRQwqIhg==",
+      "dev": true,
+      "requires": {
+        "@babel/helper-module-imports": "^7.10.4",
+        "@babel/helper-replace-supers": "^7.10.4",
+        "@babel/helper-simple-access": "^7.10.4",
+        "@babel/helper-split-export-declaration": "^7.11.0",
+        "@babel/template": "^7.10.4",
+        "@babel/types": "^7.11.0",
+        "lodash": "^4.17.19"
+      }
+    },
+    "@babel/helper-optimise-call-expression": {
+      "version": "7.10.4",
+      "resolved": "https://registry.npmjs.org/@babel/helper-optimise-call-expression/-/helper-optimise-call-expression-7.10.4.tgz",
+      "integrity": "sha512-n3UGKY4VXwXThEiKrgRAoVPBMqeoPgHVqiHZOanAJCG9nQUL2pLRQirUzl0ioKclHGpGqRgIOkgcIJaIWLpygg==",
+      "dev": true,
+      "requires": {
+        "@babel/types": "^7.10.4"
+      }
+    },
+    "@babel/helper-replace-supers": {
+      "version": "7.10.4",
+      "resolved": "https://registry.npmjs.org/@babel/helper-replace-supers/-/helper-replace-supers-7.10.4.tgz",
+      "integrity": "sha512-sPxZfFXocEymYTdVK1UNmFPBN+Hv5mJkLPsYWwGBxZAxaWfFu+xqp7b6qWD0yjNuNL2VKc6L5M18tOXUP7NU0A==",
+      "dev": true,
+      "requires": {
+        "@babel/helper-member-expression-to-functions": "^7.10.4",
+        "@babel/helper-optimise-call-expression": "^7.10.4",
+        "@babel/traverse": "^7.10.4",
+        "@babel/types": "^7.10.4"
+      }
+    },
+    "@babel/helper-simple-access": {
+      "version": "7.10.4",
+      "resolved": "https://registry.npmjs.org/@babel/helper-simple-access/-/helper-simple-access-7.10.4.tgz",
+      "integrity": "sha512-0fMy72ej/VEvF8ULmX6yb5MtHG4uH4Dbd6I/aHDb/JVg0bbivwt9Wg+h3uMvX+QSFtwr5MeItvazbrc4jtRAXw==",
+      "dev": true,
+      "requires": {
+        "@babel/template": "^7.10.4",
+        "@babel/types": "^7.10.4"
+      }
+    },
+    "@babel/helper-split-export-declaration": {
+      "version": "7.11.0",
+      "resolved": "https://registry.npmjs.org/@babel/helper-split-export-declaration/-/helper-split-export-declaration-7.11.0.tgz",
+      "integrity": "sha512-74Vejvp6mHkGE+m+k5vHY93FX2cAtrw1zXrZXRlG4l410Nm9PxfEiVTn1PjDPV5SnmieiueY4AFg2xqhNFuuZg==",
+      "dev": true,
+      "requires": {
+        "@babel/types": "^7.11.0"
+      }
+    },
+    "@babel/helper-validator-identifier": {
+      "version": "7.10.4",
+      "resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.10.4.tgz",
+      "integrity": "sha512-3U9y+43hz7ZM+rzG24Qe2mufW5KhvFg/NhnNph+i9mgCtdTCtMJuI1TMkrIUiK7Ix4PYlRF9I5dhqaLYA/ADXw==",
+      "dev": true
+    },
+    "@babel/helpers": {
+      "version": "7.10.4",
+      "resolved": "https://registry.npmjs.org/@babel/helpers/-/helpers-7.10.4.tgz",
+      "integrity": "sha512-L2gX/XeUONeEbI78dXSrJzGdz4GQ+ZTA/aazfUsFaWjSe95kiCuOZ5HsXvkiw3iwF+mFHSRUfJU8t6YavocdXA==",
+      "dev": true,
+      "requires": {
+        "@babel/template": "^7.10.4",
+        "@babel/traverse": "^7.10.4",
+        "@babel/types": "^7.10.4"
+      }
+    },
+    "@babel/highlight": {
+      "version": "7.10.4",
+      "resolved": "https://registry.npmjs.org/@babel/highlight/-/highlight-7.10.4.tgz",
+      "integrity": "sha512-i6rgnR/YgPEQzZZnbTHHuZdlE8qyoBNalD6F+q4vAFlcMEcqmkoG+mPqJYJCo63qPf74+Y1UZsl3l6f7/RIkmA==",
+      "dev": true,
+      "requires": {
+        "@babel/helper-validator-identifier": "^7.10.4",
+        "chalk": "^2.0.0",
+        "js-tokens": "^4.0.0"
+      }
+    },
+    "@babel/parser": {
+      "version": "7.11.3",
+      "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.11.3.tgz",
+      "integrity": "sha512-REo8xv7+sDxkKvoxEywIdsNFiZLybwdI7hcT5uEPyQrSMB4YQ973BfC9OOrD/81MaIjh6UxdulIQXkjmiH3PcA==",
+      "dev": true
+    },
+    "@babel/runtime": {
+      "version": "7.12.5",
+      "resolved": "https://registry.npmjs.org/@babel/runtime/-/runtime-7.12.5.tgz",
+      "integrity": "sha512-plcc+hbExy3McchJCEQG3knOsuh3HH+Prx1P6cLIkET/0dLuQDEnrT+s27Axgc9bqfsmNUNHfscgMUdBpC9xfg==",
+      "dev": true,
+      "requires": {
+        "regenerator-runtime": "^0.13.4"
+      }
+    },
+    "@babel/template": {
+      "version": "7.10.4",
+      "resolved": "https://registry.npmjs.org/@babel/template/-/template-7.10.4.tgz",
+      "integrity": "sha512-ZCjD27cGJFUB6nmCB1Enki3r+L5kJveX9pq1SvAUKoICy6CZ9yD8xO086YXdYhvNjBdnekm4ZnaP5yC8Cs/1tA==",
+      "dev": true,
+      "requires": {
+        "@babel/code-frame": "^7.10.4",
+        "@babel/parser": "^7.10.4",
+        "@babel/types": "^7.10.4"
+      }
+    },
+    "@babel/traverse": {
+      "version": "7.11.0",
+      "resolved": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.11.0.tgz",
+      "integrity": "sha512-ZB2V+LskoWKNpMq6E5UUCrjtDUh5IOTAyIl0dTjIEoXum/iKWkoIEKIRDnUucO6f+2FzNkE0oD4RLKoPIufDtg==",
+      "dev": true,
+      "requires": {
+        "@babel/code-frame": "^7.10.4",
+        "@babel/generator": "^7.11.0",
+        "@babel/helper-function-name": "^7.10.4",
+        "@babel/helper-split-export-declaration": "^7.11.0",
+        "@babel/parser": "^7.11.0",
+        "@babel/types": "^7.11.0",
+        "debug": "^4.1.0",
+        "globals": "^11.1.0",
+        "lodash": "^4.17.19"
+      },
+      "dependencies": {
+        "debug": {
+          "version": "4.1.1",
+          "resolved": "https://registry.npmjs.org/debug/-/debug-4.1.1.tgz",
+          "integrity": "sha512-pYAIzeRo8J6KPEaJ0VWOh5Pzkbw/RetuzehGM7QRRX5he4fPHx2rdKMB256ehJCkX+XRQm16eZLqLNS8RSZXZw==",
+          "dev": true,
+          "requires": {
+            "ms": "^2.1.1"
+          }
+        }
+      }
+    },
+    "@babel/types": {
+      "version": "7.11.0",
+      "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.11.0.tgz",
+      "integrity": "sha512-O53yME4ZZI0jO1EVGtF1ePGl0LHirG4P1ibcD80XyzZcKhcMFeCXmh4Xb1ifGBIV233Qg12x4rBfQgA+tmOukA==",
+      "dev": true,
+      "requires": {
+        "@babel/helper-validator-identifier": "^7.10.4",
+        "lodash": "^4.17.19",
+        "to-fast-properties": "^2.0.0"
+      }
+    },
+    "@codemirror/autocomplete": {
+      "version": "6.0.2",
+      "resolved": "https://registry.npmjs.org/@codemirror/autocomplete/-/autocomplete-6.0.2.tgz",
+      "integrity": "sha512-9PDjnllmXan/7Uax87KGORbxerDJ/cu10SB+n4Jz0zXMEvIh3+TGgZxhIvDOtaQ4jDBQEM7kHYW4vLdQB0DGZQ==",
+      "dev": true,
+      "requires": {
+        "@codemirror/language": "^6.0.0",
+        "@codemirror/state": "^6.0.0",
+        "@codemirror/view": "^6.0.0",
+        "@lezer/common": "^1.0.0"
+      }
+    },
+    "@codemirror/commands": {
+      "version": "6.0.1",
+      "resolved": "https://registry.npmjs.org/@codemirror/commands/-/commands-6.0.1.tgz",
+      "integrity": "sha512-iNHDByicYqQjs0Wo1MKGfqNbMYMyhS9WV6EwMVwsHXImlFemgEUC+c5X22bXKBStN3qnwg4fArNZM+gkv22baQ==",
+      "dev": true,
+      "requires": {
+        "@codemirror/language": "^6.0.0",
+        "@codemirror/state": "^6.0.0",
+        "@codemirror/view": "^6.0.0",
+        "@lezer/common": "^1.0.0"
+      }
+    },
+    "@codemirror/language": {
+      "version": "6.2.0",
+      "resolved": "https://registry.npmjs.org/@codemirror/language/-/language-6.2.0.tgz",
+      "integrity": "sha512-tabB0Ef/BflwoEmTB4a//WZ9P90UQyne9qWB9YFsmeS4bnEqSys7UpGk/da1URMXhyfuzWCwp+AQNMhvu8SfnA==",
+      "dev": true,
+      "requires": {
+        "@codemirror/state": "^6.0.0",
+        "@codemirror/view": "^6.0.0",
+        "@lezer/common": "^1.0.0",
+        "@lezer/highlight": "^1.0.0",
+        "@lezer/lr": "^1.0.0",
+        "style-mod": "^4.0.0"
+      }
+    },
+    "@codemirror/lint": {
+      "version": "6.0.0",
+      "resolved": "https://registry.npmjs.org/@codemirror/lint/-/lint-6.0.0.tgz",
+      "integrity": "sha512-nUUXcJW1Xp54kNs+a1ToPLK8MadO0rMTnJB8Zk4Z8gBdrN0kqV7uvUraU/T2yqg+grDNR38Vmy/MrhQN/RgwiA==",
+      "dev": true,
+      "requires": {
+        "@codemirror/state": "^6.0.0",
+        "@codemirror/view": "^6.0.0",
+        "crelt": "^1.0.5"
+      }
+    },
+    "@codemirror/search": {
+      "version": "6.0.0",
+      "resolved": "https://registry.npmjs.org/@codemirror/search/-/search-6.0.0.tgz",
+      "integrity": "sha512-rL0rd3AhI0TAsaJPUaEwC63KHLO7KL0Z/dYozXj6E7L3wNHRyx7RfE0/j5HsIf912EE5n2PCb4Vg0rGYmDv4UQ==",
+      "dev": true,
+      "requires": {
+        "@codemirror/state": "^6.0.0",
+        "@codemirror/view": "^6.0.0",
+        "crelt": "^1.0.5"
+      }
+    },
+    "@codemirror/state": {
+      "version": "6.1.0",
+      "resolved": "https://registry.npmjs.org/@codemirror/state/-/state-6.1.0.tgz",
+      "integrity": "sha512-qbUr94DZTe6/V1VS7LDLz11rM/1t/nJxR1El4I6UaxDEdc0aZZvq6JCLJWiRmUf95NRAnDH6fhXn+PWp9wGCIg==",
+      "dev": true
+    },
+    "@codemirror/view": {
+      "version": "6.0.2",
+      "resolved": "https://registry.npmjs.org/@codemirror/view/-/view-6.0.2.tgz",
+      "integrity": "sha512-mnVT/q1JvKPjpmjXJNeCi/xHyaJ3abGJsumIVpdQ1nE1MXAyHf7GHWt8QpWMUvDiqF0j+inkhVR2OviTdFFX7Q==",
+      "dev": true,
+      "requires": {
+        "@codemirror/state": "^6.0.0",
+        "style-mod": "^4.0.0",
+        "w3c-keyname": "^2.2.4"
+      }
+    },
+    "@istanbuljs/load-nyc-config": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/@istanbuljs/load-nyc-config/-/load-nyc-config-1.1.0.tgz",
+      "integrity": "sha512-VjeHSlIzpv/NyD3N0YuHfXOPDIixcA1q2ZV98wsMqcYlPmv2n3Yb2lYP9XMElnaFVXg5A7YLTeLu6V84uQDjmQ==",
+      "dev": true,
+      "requires": {
+        "camelcase": "^5.3.1",
+        "find-up": "^4.1.0",
+        "get-package-type": "^0.1.0",
+        "js-yaml": "^3.13.1",
+        "resolve-from": "^5.0.0"
+      },
+      "dependencies": {
+        "find-up": {
+          "version": "4.1.0",
+          "resolved": "https://registry.npmjs.org/find-up/-/find-up-4.1.0.tgz",
+          "integrity": "sha512-PpOwAdQ/YlXQ2vj8a3h8IipDuYRi3wceVQQGYWxNINccq40Anw7BlsEXCMbt1Zt+OLA6Fq9suIpIWD0OsnISlw==",
+          "dev": true,
+          "requires": {
+            "locate-path": "^5.0.0",
+            "path-exists": "^4.0.0"
+          }
+        },
+        "locate-path": {
+          "version": "5.0.0",
+          "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-5.0.0.tgz",
+          "integrity": "sha512-t7hw9pI+WvuwNJXwk5zVHpyhIqzg2qTlklJOf0mVxGSbe3Fp2VieZcduNYjaLDoy6p9uGpQEGWG87WpMKlNq8g==",
+          "dev": true,
+          "requires": {
+            "p-locate": "^4.1.0"
+          }
+        },
+        "p-locate": {
+          "version": "4.1.0",
+          "resolved": "https://registry.npmjs.org/p-locate/-/p-locate-4.1.0.tgz",
+          "integrity": "sha512-R79ZZ/0wAxKGu3oYMlz8jy/kbhsNrS7SKZ7PxEHBgJ5+F2mtFW2fK2cOtBh1cHYkQsbzFV7I+EoRKe6Yt0oK7A==",
+          "dev": true,
+          "requires": {
+            "p-limit": "^2.2.0"
+          }
+        },
+        "path-exists": {
+          "version": "4.0.0",
+          "resolved": "https://registry.npmjs.org/path-exists/-/path-exists-4.0.0.tgz",
+          "integrity": "sha512-ak9Qy5Q7jYb2Wwcey5Fpvg2KoAc/ZIhLSLOSBmRmygPsGwkVVt0fZa0qrtMz+m6tJTAHfZQ8FnmB4MG4LWy7/w==",
+          "dev": true
+        }
+      }
+    },
+    "@istanbuljs/schema": {
+      "version": "0.1.2",
+      "resolved": "https://registry.npmjs.org/@istanbuljs/schema/-/schema-0.1.2.tgz",
+      "integrity": "sha512-tsAQNx32a8CoFhjhijUIhI4kccIAgmGhy8LZMZgGfmXcpMbPRUqn5LWmgRttILi6yeGmBJd2xsPkFMs0PzgPCw==",
+      "dev": true
+    },
+    "@lezer/common": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/@lezer/common/-/common-1.0.0.tgz",
+      "integrity": "sha512-ohydQe+Hb+w4oMDvXzs8uuJd2NoA3D8YDcLiuDsLqH+yflDTPEpgCsWI3/6rH5C3BAedtH1/R51dxENldQceEA==",
+      "dev": true
+    },
+    "@lezer/highlight": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/@lezer/highlight/-/highlight-1.0.0.tgz",
+      "integrity": "sha512-nsCnNtim90UKsB5YxoX65v3GEIw3iCHw9RM2DtdgkiqAbKh9pCdvi8AWNwkYf10Lu6fxNhXPpkpHbW6mihhvJA==",
+      "dev": true,
+      "requires": {
+        "@lezer/common": "^1.0.0"
+      }
+    },
+    "@lezer/lr": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/@lezer/lr/-/lr-1.1.0.tgz",
+      "integrity": "sha512-Iad04uVwk1PvSnj25mqj7zEEIRAsasbsTRmVzI0AUTs/+1Dz1//iYAaoLr7A+Xa7bZDfql5MKTxZmSlkYZD3Dg==",
+      "dev": true,
+      "requires": {
+        "@lezer/common": "^1.0.0"
+      }
+    },
+    "@sinonjs/commons": {
+      "version": "1.8.1",
+      "resolved": "https://registry.npmjs.org/@sinonjs/commons/-/commons-1.8.1.tgz",
+      "integrity": "sha512-892K+kWUUi3cl+LlqEWIDrhvLgdL79tECi8JZUyq6IviKy/DNhuzCRlbHUjxK89f4ypPMMaFnFuR9Ie6DoIMsw==",
+      "dev": true,
+      "requires": {
+        "type-detect": "4.0.8"
+      }
+    },
+    "@sinonjs/fake-timers": {
+      "version": "9.1.2",
+      "resolved": "https://registry.npmjs.org/@sinonjs/fake-timers/-/fake-timers-9.1.2.tgz",
+      "integrity": "sha512-BPS4ynJW/o92PUR4wgriz2Ud5gpST5vz6GQfMixEDK0Z8ZCUv2M7SkBLykH56T++Xs+8ln9zTGbOvNGIe02/jw==",
+      "dev": true,
+      "requires": {
+        "@sinonjs/commons": "^1.7.0"
+      }
+    },
+    "@sinonjs/samsam": {
+      "version": "6.1.1",
+      "resolved": "https://registry.npmjs.org/@sinonjs/samsam/-/samsam-6.1.1.tgz",
+      "integrity": "sha512-cZ7rKJTLiE7u7Wi/v9Hc2fs3Ucc3jrWeMgPHbbTCeVAB2S0wOBbYlkJVeNSL04i7fdhT8wIbDq1zhC/PXTD2SA==",
+      "dev": true,
+      "requires": {
+        "@sinonjs/commons": "^1.6.0",
+        "lodash.get": "^4.4.2",
+        "type-detect": "^4.0.8"
+      }
+    },
+    "@sinonjs/text-encoding": {
+      "version": "0.7.1",
+      "resolved": "https://registry.npmjs.org/@sinonjs/text-encoding/-/text-encoding-0.7.1.tgz",
+      "integrity": "sha512-+iTbntw2IZPb/anVDbypzfQa+ay64MW0Zo8aJ8gZPWMMK6/OubMVb6lUPMagqjOPnmtauXnFCACVl3O7ogjeqQ==",
+      "dev": true
+    },
+    "@types/color-name": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/@types/color-name/-/color-name-1.1.1.tgz",
+      "integrity": "sha512-rr+OQyAjxze7GgWrSaJwydHStIhHq2lvY3BOC2Mj7KnzI7XK0Uw1TOOdI9lDoajEbSWLiYgoo4f1R51erQfhPQ==",
+      "dev": true
+    },
+    "@ungap/promise-all-settled": {
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/@ungap/promise-all-settled/-/promise-all-settled-1.1.2.tgz",
+      "integrity": "sha512-sL/cEvJWAnClXw0wHk85/2L0G6Sj8UB0Ctc1TEMbKSsmpRosqhwj9gWgFRZSrBr2f9tiXISwNhCPmlfqUqyb9Q==",
+      "dev": true
+    },
+    "aggregate-error": {
+      "version": "3.0.1",
+      "resolved": "https://registry.npmjs.org/aggregate-error/-/aggregate-error-3.0.1.tgz",
+      "integrity": "sha512-quoaXsZ9/BLNae5yiNoUz+Nhkwz83GhWwtYFglcjEQB2NDHCIpApbqXxIFnm4Pq/Nvhrsq5sYJFyohrrxnTGAA==",
+      "dev": true,
+      "requires": {
+        "clean-stack": "^2.0.0",
+        "indent-string": "^4.0.0"
+      }
+    },
+    "ajv": {
+      "version": "6.12.6",
+      "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz",
+      "integrity": "sha512-j3fVLgvTo527anyYyJOGTYJbG+vnnQYvE0m5mmkc1TK+nxAppkCLMIL0aZ4dblVCNoGShhm+kzE4ZUykBoMg4g==",
+      "dev": true,
+      "requires": {
+        "fast-deep-equal": "^3.1.1",
+        "fast-json-stable-stringify": "^2.0.0",
+        "json-schema-traverse": "^0.4.1",
+        "uri-js": "^4.2.2"
+      }
+    },
+    "ansi-colors": {
+      "version": "4.1.1",
+      "resolved": "https://registry.npmjs.org/ansi-colors/-/ansi-colors-4.1.1.tgz",
+      "integrity": "sha512-JoX0apGbHaUJBNl6yF+p6JAFYZ666/hhCGKN5t9QFjbJQKUU/g8MNbFDbvfrgKXvI1QpZplPOnwIo99lX/AAmA==",
+      "dev": true
+    },
+    "ansi-regex": {
+      "version": "5.0.1",
+      "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz",
+      "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==",
+      "dev": true
+    },
+    "ansi-styles": {
+      "version": "3.2.1",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz",
+      "integrity": "sha512-VT0ZI6kZRdTh8YyJw3SMbYm/u+NqfsAxEpWO0Pf9sq8/e94WxxOpPKx9FR1FlyCtOVDNOQ+8ntlqFxiRc+r5qA==",
+      "dev": true,
+      "requires": {
+        "color-convert": "^1.9.0"
+      }
+    },
+    "anymatch": {
+      "version": "3.1.2",
+      "resolved": "https://registry.npmjs.org/anymatch/-/anymatch-3.1.2.tgz",
+      "integrity": "sha512-P43ePfOAIupkguHUycrc4qJ9kz8ZiuOUijaETwX7THt0Y/GNK7v0aa8rY816xWjZ7rJdA5XdMcpVFTKMq+RvWg==",
+      "dev": true,
+      "requires": {
+        "normalize-path": "^3.0.0",
+        "picomatch": "^2.0.4"
+      }
+    },
+    "append-transform": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/append-transform/-/append-transform-2.0.0.tgz",
+      "integrity": "sha512-7yeyCEurROLQJFv5Xj4lEGTy0borxepjFv1g22oAdqFu//SrAlDl1O1Nxx15SH1RoliUml6p8dwJW9jvZughhg==",
+      "dev": true,
+      "requires": {
+        "default-require-extensions": "^3.0.0"
+      }
+    },
+    "archy": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/archy/-/archy-1.0.0.tgz",
+      "integrity": "sha1-+cjBN1fMHde8N5rHeyxipcKGjEA=",
+      "dev": true
+    },
+    "argparse": {
+      "version": "1.0.10",
+      "resolved": "https://registry.npmjs.org/argparse/-/argparse-1.0.10.tgz",
+      "integrity": "sha512-o5Roy6tNG4SL/FOkCAN6RzjiakZS25RLYFrcMttJqbdd8BWrnA+fGz57iN5Pb06pvBGvl5gQ0B48dJlslXvoTg==",
+      "dev": true,
+      "requires": {
+        "sprintf-js": "~1.0.2"
+      }
+    },
+    "array-from": {
+      "version": "2.1.1",
+      "resolved": "https://registry.npmjs.org/array-from/-/array-from-2.1.1.tgz",
+      "integrity": "sha1-z+nYwmYoudxa7MYqn12PHzUsEZU=",
+      "dev": true
+    },
+    "asn1": {
+      "version": "0.2.4",
+      "resolved": "https://registry.npmjs.org/asn1/-/asn1-0.2.4.tgz",
+      "integrity": "sha512-jxwzQpLQjSmWXgwaCZE9Nz+glAG01yF1QnWgbhGwHI5A6FRIEY6IVqtHhIepHqI7/kyEyQEagBC5mBEFlIYvdg==",
+      "dev": true,
+      "requires": {
+        "safer-buffer": "~2.1.0"
+      }
+    },
+    "assert-plus": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/assert-plus/-/assert-plus-1.0.0.tgz",
+      "integrity": "sha1-8S4PPF13sLHN2RRpQuTpbB5N1SU=",
+      "dev": true
+    },
+    "assertion-error": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/assertion-error/-/assertion-error-1.1.0.tgz",
+      "integrity": "sha512-jgsaNduz+ndvGyFt3uSuWqvy4lCnIJiovtouQN5JZHOKCS2QuhEdbcQHFhVksz2N2U9hXJo8odG7ETyWlEeuDw==",
+      "dev": true
+    },
+    "asynckit": {
+      "version": "0.4.0",
+      "resolved": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz",
+      "integrity": "sha1-x57Zf380y48robyXkLzDZkdLS3k=",
+      "dev": true
+    },
+    "atob": {
+      "version": "2.1.2",
+      "resolved": "https://registry.npmjs.org/atob/-/atob-2.1.2.tgz",
+      "integrity": "sha512-Wm6ukoaOGJi/73p/cl2GvLjTI5JM1k/O14isD73YML8StrH/7/lRFgmg8nICZgD3bZZvjwCGxtMOD3wWNAu8cg==",
+      "dev": true
+    },
+    "aws-sign2": {
+      "version": "0.7.0",
+      "resolved": "https://registry.npmjs.org/aws-sign2/-/aws-sign2-0.7.0.tgz",
+      "integrity": "sha1-tG6JCTSpWR8tL2+G1+ap8bP+dqg=",
+      "dev": true
+    },
+    "aws4": {
+      "version": "1.11.0",
+      "resolved": "https://registry.npmjs.org/aws4/-/aws4-1.11.0.tgz",
+      "integrity": "sha512-xh1Rl34h6Fi1DC2WWKfxUTVqRsNnr6LsKz2+hfwDxQJWmrx8+c7ylaqBMcHfl1U1r2dsifOvKX3LQuLNZ+XSvA==",
+      "dev": true
+    },
+    "balanced-match": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.0.tgz",
+      "integrity": "sha1-ibTRmasr7kneFk6gK4nORi1xt2c=",
+      "dev": true
+    },
+    "bcrypt-pbkdf": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/bcrypt-pbkdf/-/bcrypt-pbkdf-1.0.2.tgz",
+      "integrity": "sha1-pDAdOJtqQ/m2f/PKEaP2Y342Dp4=",
+      "dev": true,
+      "requires": {
+        "tweetnacl": "^0.14.3"
+      }
+    },
+    "binary-extensions": {
+      "version": "2.2.0",
+      "resolved": "https://registry.npmjs.org/binary-extensions/-/binary-extensions-2.2.0.tgz",
+      "integrity": "sha512-jDctJ/IVQbZoJykoeHbhXpOlNBqGNcwXJKJog42E5HDPUwQTSdjCHdihjj0DlnheQ7blbT6dHOafNAiS8ooQKA==",
+      "dev": true
+    },
+    "brace-expansion": {
+      "version": "1.1.11",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz",
+      "integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==",
+      "dev": true,
+      "requires": {
+        "balanced-match": "^1.0.0",
+        "concat-map": "0.0.1"
+      }
+    },
+    "braces": {
+      "version": "3.0.2",
+      "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.2.tgz",
+      "integrity": "sha512-b8um+L1RzM3WDSzvhm6gIz1yfTbBt6YTlcEKAvsmqCZZFw46z626lVj9j1yEPW33H5H+lBQpZMP1k8l+78Ha0A==",
+      "dev": true,
+      "requires": {
+        "fill-range": "^7.0.1"
+      }
+    },
+    "browser-stdout": {
+      "version": "1.3.1",
+      "resolved": "https://registry.npmjs.org/browser-stdout/-/browser-stdout-1.3.1.tgz",
+      "integrity": "sha512-qhAVI1+Av2X7qelOfAIYwXONood6XlZE/fXaBSmW/T5SzLAmCgzi+eiWE7fUvbHaeNBQH13UftjpXxsfLkMpgw==",
+      "dev": true
+    },
+    "btoa": {
+      "version": "1.2.1",
+      "resolved": "https://registry.npmjs.org/btoa/-/btoa-1.2.1.tgz",
+      "integrity": "sha512-SB4/MIGlsiVkMcHmT+pSmIPoNDoHg+7cMzmt3Uxt628MTz2487DKSqK/fuhFBrkuqrYv5UCEnACpF4dTFNKc/g==",
+      "dev": true
+    },
+    "caching-transform": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/caching-transform/-/caching-transform-4.0.0.tgz",
+      "integrity": "sha512-kpqOvwXnjjN44D89K5ccQC+RUrsy7jB/XLlRrx0D7/2HNcTPqzsb6XgYoErwko6QsV184CA2YgS1fxDiiDZMWA==",
+      "dev": true,
+      "requires": {
+        "hasha": "^5.0.0",
+        "make-dir": "^3.0.0",
+        "package-hash": "^4.0.0",
+        "write-file-atomic": "^3.0.0"
+      }
+    },
+    "camelcase": {
+      "version": "5.3.1",
+      "resolved": "https://registry.npmjs.org/camelcase/-/camelcase-5.3.1.tgz",
+      "integrity": "sha512-L28STB170nwWS63UjtlEOE3dldQApaJXZkOI1uMFfzf3rRuPegHaHesyee+YxQ+W6SvRDQV6UrdOdRiR153wJg==",
+      "dev": true
+    },
+    "caseless": {
+      "version": "0.12.0",
+      "resolved": "https://registry.npmjs.org/caseless/-/caseless-0.12.0.tgz",
+      "integrity": "sha1-G2gcIf+EAzyCZUMJBolCDRhxUdw=",
+      "dev": true
+    },
+    "chai": {
+      "version": "4.3.6",
+      "resolved": "https://registry.npmjs.org/chai/-/chai-4.3.6.tgz",
+      "integrity": "sha512-bbcp3YfHCUzMOvKqsztczerVgBKSsEijCySNlHHbX3VG1nskvqjz5Rfso1gGwD6w6oOV3eI60pKuMOV5MV7p3Q==",
+      "dev": true,
+      "requires": {
+        "assertion-error": "^1.1.0",
+        "check-error": "^1.0.2",
+        "deep-eql": "^3.0.1",
+        "get-func-name": "^2.0.0",
+        "loupe": "^2.3.1",
+        "pathval": "^1.1.1",
+        "type-detect": "^4.0.5"
+      }
+    },
+    "chalk": {
+      "version": "2.4.2",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz",
+      "integrity": "sha512-Mti+f9lpJNcwF4tWV8/OrTTtF1gZi+f8FqlyAdouralcFWFQWF2+NgCHShjkCb+IFBLq9buZwE1xckQU4peSuQ==",
+      "dev": true,
+      "requires": {
+        "ansi-styles": "^3.2.1",
+        "escape-string-regexp": "^1.0.5",
+        "supports-color": "^5.3.0"
+      },
+      "dependencies": {
+        "has-flag": {
+          "version": "3.0.0",
+          "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz",
+          "integrity": "sha1-tdRU3CGZriJWmfNGfloH87lVuv0=",
+          "dev": true
+        },
+        "supports-color": {
+          "version": "5.5.0",
+          "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz",
+          "integrity": "sha512-QjVjwdXIt408MIiAqCX4oUKsgU2EqAGzs2Ppkm4aQYbjm+ZEWEcW4SfFNTr4uMNZma0ey4f5lgLrkB0aX0QMow==",
+          "dev": true,
+          "requires": {
+            "has-flag": "^3.0.0"
+          }
+        }
+      }
+    },
+    "check-error": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/check-error/-/check-error-1.0.2.tgz",
+      "integrity": "sha1-V00xLt2Iu13YkS6Sht1sCu1KrII=",
+      "dev": true
+    },
+    "chokidar": {
+      "version": "3.5.3",
+      "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-3.5.3.tgz",
+      "integrity": "sha512-Dr3sfKRP6oTcjf2JmUmFJfeVMvXBdegxB0iVQ5eb2V10uFJUCAS8OByZdVAyVb8xXNz3GjjTgj9kLWsZTqE6kw==",
+      "dev": true,
+      "requires": {
+        "anymatch": "~3.1.2",
+        "braces": "~3.0.2",
+        "fsevents": "~2.3.2",
+        "glob-parent": "~5.1.2",
+        "is-binary-path": "~2.1.0",
+        "is-glob": "~4.0.1",
+        "normalize-path": "~3.0.0",
+        "readdirp": "~3.6.0"
+      }
+    },
+    "clean-stack": {
+      "version": "2.2.0",
+      "resolved": "https://registry.npmjs.org/clean-stack/-/clean-stack-2.2.0.tgz",
+      "integrity": "sha512-4diC9HaTE+KRAMWhDhrGOECgWZxoevMc5TlkObMqNSsVU62PYzXZ/SMTjzyGAFF1YusgxGcSWTEXBhp0CPwQ1A==",
+      "dev": true
+    },
+    "cliui": {
+      "version": "7.0.4",
+      "resolved": "https://registry.npmjs.org/cliui/-/cliui-7.0.4.tgz",
+      "integrity": "sha512-OcRE68cOsVMXp1Yvonl/fzkQOyjLSu/8bhPDfQt0e0/Eb283TKP20Fs2MqoPsr9SwA595rRCA+QMzYc9nBP+JQ==",
+      "dev": true,
+      "requires": {
+        "string-width": "^4.2.0",
+        "strip-ansi": "^6.0.0",
+        "wrap-ansi": "^7.0.0"
+      }
+    },
+    "codemirror": {
+      "version": "6.0.1",
+      "resolved": "https://registry.npmjs.org/codemirror/-/codemirror-6.0.1.tgz",
+      "integrity": "sha512-J8j+nZ+CdWmIeFIGXEFbFPtpiYacFMDR8GlHK3IyHQJMCaVRfGx9NT+Hxivv1ckLWPvNdZqndbr/7lVhrf/Svg==",
+      "dev": true,
+      "requires": {
+        "@codemirror/autocomplete": "^6.0.0",
+        "@codemirror/commands": "^6.0.0",
+        "@codemirror/language": "^6.0.0",
+        "@codemirror/lint": "^6.0.0",
+        "@codemirror/search": "^6.0.0",
+        "@codemirror/state": "^6.0.0",
+        "@codemirror/view": "^6.0.0"
+      }
+    },
+    "color-convert": {
+      "version": "1.9.3",
+      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz",
+      "integrity": "sha512-QfAUtd+vFdAtFQcC8CCyYt1fYWxSqAiK2cSD6zDB8N3cpsEBAvRxp9zOGg6G/SHHJYAT88/az/IuDGALsNVbGg==",
+      "dev": true,
+      "requires": {
+        "color-name": "1.1.3"
+      }
+    },
+    "color-name": {
+      "version": "1.1.3",
+      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz",
+      "integrity": "sha1-p9BVi9icQveV3UIyj3QIMcpTvCU=",
+      "dev": true
+    },
+    "combined-stream": {
+      "version": "1.0.8",
+      "resolved": "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz",
+      "integrity": "sha512-FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg==",
+      "dev": true,
+      "requires": {
+        "delayed-stream": "~1.0.0"
+      }
+    },
+    "commondir": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/commondir/-/commondir-1.0.1.tgz",
+      "integrity": "sha1-3dgA2gxmEnOTzKWVDqloo6rxJTs=",
+      "dev": true
+    },
+    "concat-map": {
+      "version": "0.0.1",
+      "resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz",
+      "integrity": "sha1-2Klr13/Wjfd5OnMDajug1UBdR3s=",
+      "dev": true
+    },
+    "convert-source-map": {
+      "version": "1.7.0",
+      "resolved": "https://registry.npmjs.org/convert-source-map/-/convert-source-map-1.7.0.tgz",
+      "integrity": "sha512-4FJkXzKXEDB1snCFZlLP4gpC3JILicCpGbzG9f9G7tGqGCzETQ2hWPrcinA9oU4wtf2biUaEH5065UnMeR33oA==",
+      "dev": true,
+      "requires": {
+        "safe-buffer": "~5.1.1"
+      }
+    },
+    "core-js": {
+      "version": "3.8.1",
+      "resolved": "https://registry.npmjs.org/core-js/-/core-js-3.8.1.tgz",
+      "integrity": "sha512-9Id2xHY1W7m8hCl8NkhQn5CufmF/WuR30BTRewvCXc1aZd3kMECwNZ69ndLbekKfakw9Rf2Xyc+QR6E7Gg+obg==",
+      "dev": true
+    },
+    "core-util-is": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.2.tgz",
+      "integrity": "sha1-tf1UIgqivFq1eqtxQMlAdUUDwac=",
+      "dev": true
+    },
+    "coveralls": {
+      "version": "3.1.1",
+      "resolved": "https://registry.npmjs.org/coveralls/-/coveralls-3.1.1.tgz",
+      "integrity": "sha512-+dxnG2NHncSD1NrqbSM3dn/lE57O6Qf/koe9+I7c+wzkqRmEvcp0kgJdxKInzYzkICKkFMZsX3Vct3++tsF9ww==",
+      "dev": true,
+      "requires": {
+        "js-yaml": "^3.13.1",
+        "lcov-parse": "^1.0.0",
+        "log-driver": "^1.2.7",
+        "minimist": "^1.2.5",
+        "request": "^2.88.2"
+      }
+    },
+    "crelt": {
+      "version": "1.0.5",
+      "resolved": "https://registry.npmjs.org/crelt/-/crelt-1.0.5.tgz",
+      "integrity": "sha512-+BO9wPPi+DWTDcNYhr/W90myha8ptzftZT+LwcmUbbok0rcP/fequmFYCw8NMoH7pkAZQzU78b3kYrlua5a9eA==",
+      "dev": true
+    },
+    "cross-spawn": {
+      "version": "7.0.3",
+      "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz",
+      "integrity": "sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==",
+      "dev": true,
+      "requires": {
+        "path-key": "^3.1.0",
+        "shebang-command": "^2.0.0",
+        "which": "^2.0.1"
+      }
+    },
+    "dashdash": {
+      "version": "1.14.1",
+      "resolved": "https://registry.npmjs.org/dashdash/-/dashdash-1.14.1.tgz",
+      "integrity": "sha1-hTz6D3y+L+1d4gMmuN1YEDX24vA=",
+      "dev": true,
+      "requires": {
+        "assert-plus": "^1.0.0"
+      }
+    },
+    "debug": {
+      "version": "4.2.0",
+      "resolved": "https://registry.npmjs.org/debug/-/debug-4.2.0.tgz",
+      "integrity": "sha512-IX2ncY78vDTjZMFUdmsvIRFY2Cf4FnD0wRs+nQwJU8Lu99/tPFdb0VybiiMTPe3I6rQmwsqQqRBvxU+bZ/I8sg==",
+      "dev": true,
+      "requires": {
+        "ms": "2.1.2"
+      }
+    },
+    "decamelize": {
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/decamelize/-/decamelize-1.2.0.tgz",
+      "integrity": "sha1-9lNNFRSCabIDUue+4m9QH5oZEpA=",
+      "dev": true
+    },
+    "deep-eql": {
+      "version": "3.0.1",
+      "resolved": "https://registry.npmjs.org/deep-eql/-/deep-eql-3.0.1.tgz",
+      "integrity": "sha512-+QeIQyN5ZuO+3Uk5DYh6/1eKO0m0YmJFGNmFHGACpf1ClL1nmlV/p4gNgbl2pJGxgXb4faqo6UE+M5ACEMyVcw==",
+      "dev": true,
+      "requires": {
+        "type-detect": "^4.0.0"
+      }
+    },
+    "default-require-extensions": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/default-require-extensions/-/default-require-extensions-3.0.0.tgz",
+      "integrity": "sha512-ek6DpXq/SCpvjhpFsLFRVtIxJCRw6fUR42lYMVZuUMK7n8eMz4Uh5clckdBjEpLhn/gEBZo7hDJnJcwdKLKQjg==",
+      "dev": true,
+      "requires": {
+        "strip-bom": "^4.0.0"
+      }
+    },
+    "delayed-stream": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz",
+      "integrity": "sha1-3zrhmayt+31ECqrgsp4icrJOxhk=",
+      "dev": true
+    },
+    "diff": {
+      "version": "5.0.0",
+      "resolved": "https://registry.npmjs.org/diff/-/diff-5.0.0.tgz",
+      "integrity": "sha512-/VTCrvm5Z0JGty/BWHljh+BAiw3IK+2j87NGMu8Nwc/f48WoDAC395uomO9ZD117ZOBaHmkX1oyLvkVM/aIT3w==",
+      "dev": true
+    },
+    "ecc-jsbn": {
+      "version": "0.1.2",
+      "resolved": "https://registry.npmjs.org/ecc-jsbn/-/ecc-jsbn-0.1.2.tgz",
+      "integrity": "sha1-OoOpBOVDUyh4dMVkt1SThoSamMk=",
+      "dev": true,
+      "requires": {
+        "jsbn": "~0.1.0",
+        "safer-buffer": "^2.1.0"
+      }
+    },
+    "emoji-regex": {
+      "version": "8.0.0",
+      "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz",
+      "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==",
+      "dev": true
+    },
+    "es6-error": {
+      "version": "4.1.1",
+      "resolved": "https://registry.npmjs.org/es6-error/-/es6-error-4.1.1.tgz",
+      "integrity": "sha512-Um/+FxMr9CISWh0bi5Zv0iOD+4cFh5qLeks1qhAopKVAJw3drgKbKySikp7wGhDL0HPeaja0P5ULZrxLkniUVg==",
+      "dev": true
+    },
+    "escalade": {
+      "version": "3.1.1",
+      "resolved": "https://registry.npmjs.org/escalade/-/escalade-3.1.1.tgz",
+      "integrity": "sha512-k0er2gUkLf8O0zKJiAhmkTnJlTvINGv7ygDNPbeIsX/TJjGJZHuh9B2UxbsaEkmlEo9MfhrSzmhIlhRlI2GXnw==",
+      "dev": true
+    },
+    "escape-string-regexp": {
+      "version": "1.0.5",
+      "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz",
+      "integrity": "sha1-G2HAViGQqN/2rjuyzwIAyhMLhtQ=",
+      "dev": true
+    },
+    "esprima": {
+      "version": "4.0.1",
+      "resolved": "https://registry.npmjs.org/esprima/-/esprima-4.0.1.tgz",
+      "integrity": "sha512-eGuFFw7Upda+g4p+QHvnW0RyTX/SVeJBDM/gCtMARO0cLuT2HcEKnTPvhjV6aGeqrCB/sbNop0Kszm0jsaWU4A==",
+      "dev": true
+    },
+    "extend": {
+      "version": "3.0.2",
+      "resolved": "https://registry.npmjs.org/extend/-/extend-3.0.2.tgz",
+      "integrity": "sha512-fjquC59cD7CyW6urNXK0FBufkZcoiGG80wTuPujX590cB5Ttln20E2UB4S/WARVqhXffZl2LNgS+gQdPIIim/g==",
+      "dev": true
+    },
+    "extsprintf": {
+      "version": "1.3.0",
+      "resolved": "https://registry.npmjs.org/extsprintf/-/extsprintf-1.3.0.tgz",
+      "integrity": "sha1-lpGEQOMEGnpBT4xS48V06zw+HgU=",
+      "dev": true
+    },
+    "fast-deep-equal": {
+      "version": "3.1.3",
+      "resolved": "https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-3.1.3.tgz",
+      "integrity": "sha512-f3qQ9oQy9j2AhBe/H9VC91wLmKBCCU/gDOnKNAYG5hswO7BLKj09Hc5HYNz9cGI++xlpDCIgDaitVs03ATR84Q==",
+      "dev": true
+    },
+    "fast-json-stable-stringify": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/fast-json-stable-stringify/-/fast-json-stable-stringify-2.1.0.tgz",
+      "integrity": "sha512-lhd/wF+Lk98HZoTCtlVraHtfh5XYijIjalXck7saUtuanSDyLMxnHhSXEDJqHxD7msR8D0uCmqlkwjCV8xvwHw==",
+      "dev": true
+    },
+    "fetch-mock": {
+      "version": "9.11.0",
+      "resolved": "https://registry.npmjs.org/fetch-mock/-/fetch-mock-9.11.0.tgz",
+      "integrity": "sha512-PG1XUv+x7iag5p/iNHD4/jdpxL9FtVSqRMUQhPab4hVDt80T1MH5ehzVrL2IdXO9Q2iBggArFvPqjUbHFuI58Q==",
+      "dev": true,
+      "requires": {
+        "@babel/core": "^7.0.0",
+        "@babel/runtime": "^7.0.0",
+        "core-js": "^3.0.0",
+        "debug": "^4.1.1",
+        "glob-to-regexp": "^0.4.0",
+        "is-subset": "^0.1.1",
+        "lodash.isequal": "^4.5.0",
+        "path-to-regexp": "^2.2.1",
+        "querystring": "^0.2.0",
+        "whatwg-url": "^6.5.0"
+      }
+    },
+    "fill-range": {
+      "version": "7.0.1",
+      "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.0.1.tgz",
+      "integrity": "sha512-qOo9F+dMUmC2Lcb4BbVvnKJxTPjCm+RRpe4gDuGrzkL7mEVl/djYSu2OdQ2Pa302N4oqkSg9ir6jaLWJ2USVpQ==",
+      "dev": true,
+      "requires": {
+        "to-regex-range": "^5.0.1"
+      }
+    },
+    "find-cache-dir": {
+      "version": "3.3.1",
+      "resolved": "https://registry.npmjs.org/find-cache-dir/-/find-cache-dir-3.3.1.tgz",
+      "integrity": "sha512-t2GDMt3oGC/v+BMwzmllWDuJF/xcDtE5j/fCGbqDD7OLuJkj0cfh1YSA5VKPvwMeLFLNDBkwOKZ2X85jGLVftQ==",
+      "dev": true,
+      "requires": {
+        "commondir": "^1.0.1",
+        "make-dir": "^3.0.2",
+        "pkg-dir": "^4.1.0"
+      }
+    },
+    "find-up": {
+      "version": "5.0.0",
+      "resolved": "https://registry.npmjs.org/find-up/-/find-up-5.0.0.tgz",
+      "integrity": "sha512-78/PXT1wlLLDgTzDs7sjq9hzz0vXD+zn+7wypEe4fXQxCmdmqfGsEPQxmiCSQI3ajFV91bVSsvNtrJRiW6nGng==",
+      "dev": true,
+      "requires": {
+        "locate-path": "^6.0.0",
+        "path-exists": "^4.0.0"
+      }
+    },
+    "flat": {
+      "version": "5.0.2",
+      "resolved": "https://registry.npmjs.org/flat/-/flat-5.0.2.tgz",
+      "integrity": "sha512-b6suED+5/3rTpUBdG1gupIl8MPFCAMA0QXwmljLhvCUKcUvdE4gWky9zpuGCcXHOsz4J9wPGNWq6OKpmIzz3hQ==",
+      "dev": true
+    },
+    "foreground-child": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/foreground-child/-/foreground-child-2.0.0.tgz",
+      "integrity": "sha512-dCIq9FpEcyQyXKCkyzmlPTFNgrCzPudOe+mhvJU5zAtlBnGVy2yKxtfsxK2tQBThwq225jcvBjpw1Gr40uzZCA==",
+      "dev": true,
+      "requires": {
+        "cross-spawn": "^7.0.0",
+        "signal-exit": "^3.0.2"
+      }
+    },
+    "forever-agent": {
+      "version": "0.6.1",
+      "resolved": "https://registry.npmjs.org/forever-agent/-/forever-agent-0.6.1.tgz",
+      "integrity": "sha1-+8cfDEGt6zf5bFd60e1C2P2sypE=",
+      "dev": true
+    },
+    "form-data": {
+      "version": "2.3.3",
+      "resolved": "https://registry.npmjs.org/form-data/-/form-data-2.3.3.tgz",
+      "integrity": "sha512-1lLKB2Mu3aGP1Q/2eCOx0fNbRMe7XdwktwOruhfqqd0rIJWwN4Dh+E3hrPSlDCXnSR7UtZ1N38rVXm+6+MEhJQ==",
+      "dev": true,
+      "requires": {
+        "asynckit": "^0.4.0",
+        "combined-stream": "^1.0.6",
+        "mime-types": "^2.1.12"
+      }
+    },
+    "fromentries": {
+      "version": "1.2.1",
+      "resolved": "https://registry.npmjs.org/fromentries/-/fromentries-1.2.1.tgz",
+      "integrity": "sha512-Xu2Qh8yqYuDhQGOhD5iJGninErSfI9A3FrriD3tjUgV5VbJFeH8vfgZ9HnC6jWN80QDVNQK5vmxRAmEAp7Mevw==",
+      "dev": true
+    },
+    "fs.realpath": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz",
+      "integrity": "sha1-FQStJSMVjKpA20onh8sBQRmU6k8=",
+      "dev": true
+    },
+    "fsevents": {
+      "version": "2.3.2",
+      "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.2.tgz",
+      "integrity": "sha512-xiqMQR4xAeHTuB9uWm+fFRcIOgKBMiOBP+eXiyT7jsgVCq1bkVygt00oASowB7EdtpOHaaPgKt812P9ab+DDKA==",
+      "dev": true,
+      "optional": true
+    },
+    "gensync": {
+      "version": "1.0.0-beta.1",
+      "resolved": "https://registry.npmjs.org/gensync/-/gensync-1.0.0-beta.1.tgz",
+      "integrity": "sha512-r8EC6NO1sngH/zdD9fiRDLdcgnbayXah+mLgManTaIZJqEC1MZstmnox8KpnI2/fxQwrp5OpCOYWLp4rBl4Jcg==",
+      "dev": true
+    },
+    "get-caller-file": {
+      "version": "2.0.5",
+      "resolved": "https://registry.npmjs.org/get-caller-file/-/get-caller-file-2.0.5.tgz",
+      "integrity": "sha512-DyFP3BM/3YHTQOCUL/w0OZHR0lpKeGrxotcHWcqNEdnltqFwXVfhEBQ94eIo34AfQpo0rGki4cyIiftY06h2Fg==",
+      "dev": true
+    },
+    "get-func-name": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/get-func-name/-/get-func-name-2.0.0.tgz",
+      "integrity": "sha1-6td0q+5y4gQJQzoGY2YCPdaIekE=",
+      "dev": true
+    },
+    "get-package-type": {
+      "version": "0.1.0",
+      "resolved": "https://registry.npmjs.org/get-package-type/-/get-package-type-0.1.0.tgz",
+      "integrity": "sha512-pjzuKtY64GYfWizNAJ0fr9VqttZkNiK2iS430LtIHzjBEr6bX8Am2zm4sW4Ro5wjWW5cAlRL1qAMTcXbjNAO2Q==",
+      "dev": true
+    },
+    "getpass": {
+      "version": "0.1.7",
+      "resolved": "https://registry.npmjs.org/getpass/-/getpass-0.1.7.tgz",
+      "integrity": "sha1-Xv+OPmhNVprkyysSgmBOi6YhSfo=",
+      "dev": true,
+      "requires": {
+        "assert-plus": "^1.0.0"
+      }
+    },
+    "glob": {
+      "version": "7.1.6",
+      "resolved": "https://registry.npmjs.org/glob/-/glob-7.1.6.tgz",
+      "integrity": "sha512-LwaxwyZ72Lk7vZINtNNrywX0ZuLyStrdDtabefZKAY5ZGJhVtgdznluResxNmPitE0SAO+O26sWTHeKSI2wMBA==",
+      "dev": true,
+      "requires": {
+        "fs.realpath": "^1.0.0",
+        "inflight": "^1.0.4",
+        "inherits": "2",
+        "minimatch": "^3.0.4",
+        "once": "^1.3.0",
+        "path-is-absolute": "^1.0.0"
+      }
+    },
+    "glob-parent": {
+      "version": "5.1.2",
+      "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz",
+      "integrity": "sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow==",
+      "dev": true,
+      "requires": {
+        "is-glob": "^4.0.1"
+      }
+    },
+    "glob-to-regexp": {
+      "version": "0.4.1",
+      "resolved": "https://registry.npmjs.org/glob-to-regexp/-/glob-to-regexp-0.4.1.tgz",
+      "integrity": "sha512-lkX1HJXwyMcprw/5YUZc2s7DrpAiHB21/V+E1rHUrVNokkvB6bqMzT0VfV6/86ZNabt1k14YOIaT7nDvOX3Iiw==",
+      "dev": true
+    },
+    "globals": {
+      "version": "11.12.0",
+      "resolved": "https://registry.npmjs.org/globals/-/globals-11.12.0.tgz",
+      "integrity": "sha512-WOBp/EEGUiIsJSp7wcv/y6MO+lV9UoncWqxuFfm8eBwzWNgyfBd6Gz+IeKQ9jCmyhoH99g15M3T+QaVHFjizVA==",
+      "dev": true
+    },
+    "graceful-fs": {
+      "version": "4.2.4",
+      "resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.4.tgz",
+      "integrity": "sha512-WjKPNJF79dtJAVniUlGGWHYGz2jWxT6VhN/4m1NdkbZ2nOsEF+cI1Edgql5zCRhs/VsQYRvrXctxktVXZUkixw==",
+      "dev": true
+    },
+    "har-schema": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/har-schema/-/har-schema-2.0.0.tgz",
+      "integrity": "sha1-qUwiJOvKwEeCoNkDVSHyRzW37JI=",
+      "dev": true
+    },
+    "har-validator": {
+      "version": "5.1.5",
+      "resolved": "https://registry.npmjs.org/har-validator/-/har-validator-5.1.5.tgz",
+      "integrity": "sha512-nmT2T0lljbxdQZfspsno9hgrG3Uir6Ks5afism62poxqBM6sDnMEuPmzTq8XN0OEwqKLLdh1jQI3qyE66Nzb3w==",
+      "dev": true,
+      "requires": {
+        "ajv": "^6.12.3",
+        "har-schema": "^2.0.0"
+      }
+    },
+    "has-flag": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
+      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
+      "dev": true
+    },
+    "hasha": {
+      "version": "5.2.0",
+      "resolved": "https://registry.npmjs.org/hasha/-/hasha-5.2.0.tgz",
+      "integrity": "sha512-2W+jKdQbAdSIrggA8Q35Br8qKadTrqCTC8+XZvBWepKDK6m9XkX6Iz1a2yh2KP01kzAR/dpuMeUnocoLYDcskw==",
+      "dev": true,
+      "requires": {
+        "is-stream": "^2.0.0",
+        "type-fest": "^0.8.0"
+      }
+    },
+    "he": {
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/he/-/he-1.2.0.tgz",
+      "integrity": "sha512-F/1DnUGPopORZi0ni+CvrCgHQ5FyEAHRLSApuYWMmrbSwoN2Mn/7k+Gl38gJnR7yyDZk6WLXwiGod1JOWNDKGw==",
+      "dev": true
+    },
+    "html-escaper": {
+      "version": "2.0.2",
+      "resolved": "https://registry.npmjs.org/html-escaper/-/html-escaper-2.0.2.tgz",
+      "integrity": "sha512-H2iMtd0I4Mt5eYiapRdIDjp+XzelXQ0tFE4JS7YFwFevXXMmOp9myNrUvCg0D6ws8iqkRPBfKHgbwig1SmlLfg==",
+      "dev": true
+    },
+    "http-signature": {
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/http-signature/-/http-signature-1.2.0.tgz",
+      "integrity": "sha1-muzZJRFHcvPZW2WmCruPfBj7rOE=",
+      "dev": true,
+      "requires": {
+        "assert-plus": "^1.0.0",
+        "jsprim": "^1.2.2",
+        "sshpk": "^1.7.0"
+      }
+    },
+    "imurmurhash": {
+      "version": "0.1.4",
+      "resolved": "https://registry.npmjs.org/imurmurhash/-/imurmurhash-0.1.4.tgz",
+      "integrity": "sha1-khi5srkoojixPcT7a21XbyMUU+o=",
+      "dev": true
+    },
+    "indent-string": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/indent-string/-/indent-string-4.0.0.tgz",
+      "integrity": "sha512-EdDDZu4A2OyIK7Lr/2zG+w5jmbuk1DVBnEwREQvBzspBJkCEbRa8GxU1lghYcaGJCnRWibjDXlq779X1/y5xwg==",
+      "dev": true
+    },
+    "inflight": {
+      "version": "1.0.6",
+      "resolved": "https://registry.npmjs.org/inflight/-/inflight-1.0.6.tgz",
+      "integrity": "sha1-Sb1jMdfQLQwJvJEKEHW6gWW1bfk=",
+      "dev": true,
+      "requires": {
+        "once": "^1.3.0",
+        "wrappy": "1"
+      }
+    },
+    "inherits": {
+      "version": "2.0.3",
+      "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.3.tgz",
+      "integrity": "sha1-Yzwsg+PaQqUC9SRmAiSA9CCCYd4=",
+      "dev": true
+    },
+    "is-binary-path": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/is-binary-path/-/is-binary-path-2.1.0.tgz",
+      "integrity": "sha512-ZMERYes6pDydyuGidse7OsHxtbI7WVeUEozgR/g7rd0xUimYNlvZRE/K2MgZTjWy725IfelLeVcEM97mmtRGXw==",
+      "dev": true,
+      "requires": {
+        "binary-extensions": "^2.0.0"
+      }
+    },
+    "is-extglob": {
+      "version": "2.1.1",
+      "resolved": "https://registry.npmjs.org/is-extglob/-/is-extglob-2.1.1.tgz",
+      "integrity": "sha1-qIwCU1eR8C7TfHahueqXc8gz+MI=",
+      "dev": true
+    },
+    "is-fullwidth-code-point": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz",
+      "integrity": "sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg==",
+      "dev": true
+    },
+    "is-glob": {
+      "version": "4.0.3",
+      "resolved": "https://registry.npmjs.org/is-glob/-/is-glob-4.0.3.tgz",
+      "integrity": "sha512-xelSayHH36ZgE7ZWhli7pW34hNbNl8Ojv5KVmkJD4hBdD3th8Tfk9vYasLM+mXWOZhFkgZfxhLSnrwRr4elSSg==",
+      "dev": true,
+      "requires": {
+        "is-extglob": "^2.1.1"
+      }
+    },
+    "is-number": {
+      "version": "7.0.0",
+      "resolved": "https://registry.npmjs.org/is-number/-/is-number-7.0.0.tgz",
+      "integrity": "sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng==",
+      "dev": true
+    },
+    "is-plain-obj": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/is-plain-obj/-/is-plain-obj-2.1.0.tgz",
+      "integrity": "sha512-YWnfyRwxL/+SsrWYfOpUtz5b3YD+nyfkHvjbcanzk8zgyO4ASD67uVMRt8k5bM4lLMDnXfriRhOpemw+NfT1eA==",
+      "dev": true
+    },
+    "is-stream": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/is-stream/-/is-stream-2.0.0.tgz",
+      "integrity": "sha512-XCoy+WlUr7d1+Z8GgSuXmpuUFC9fOhRXglJMx+dwLKTkL44Cjd4W1Z5P+BQZpr+cR93aGP4S/s7Ftw6Nd/kiEw==",
+      "dev": true
+    },
+    "is-subset": {
+      "version": "0.1.1",
+      "resolved": "https://registry.npmjs.org/is-subset/-/is-subset-0.1.1.tgz",
+      "integrity": "sha1-ilkRfZMt4d4A8kX83TnOQ/HpOaY=",
+      "dev": true
+    },
+    "is-typedarray": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/is-typedarray/-/is-typedarray-1.0.0.tgz",
+      "integrity": "sha1-5HnICFjfDBsR3dppQPlgEfzaSpo=",
+      "dev": true
+    },
+    "is-unicode-supported": {
+      "version": "0.1.0",
+      "resolved": "https://registry.npmjs.org/is-unicode-supported/-/is-unicode-supported-0.1.0.tgz",
+      "integrity": "sha512-knxG2q4UC3u8stRGyAVJCOdxFmv5DZiRcdlIaAQXAbSfJya+OhopNotLQrstBhququ4ZpuKbDc/8S6mgXgPFPw==",
+      "dev": true
+    },
+    "is-windows": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/is-windows/-/is-windows-1.0.2.tgz",
+      "integrity": "sha512-eXK1UInq2bPmjyX6e3VHIzMLobc4J94i4AWn+Hpq3OU5KkrRC96OAcR3PRJ/pGu6m8TRnBHP9dkXQVsT/COVIA==",
+      "dev": true
+    },
+    "isarray": {
+      "version": "0.0.1",
+      "resolved": "https://registry.npmjs.org/isarray/-/isarray-0.0.1.tgz",
+      "integrity": "sha1-ihis/Kmo9Bd+Cav8YDiTmwXR7t8=",
+      "dev": true
+    },
+    "isexe": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/isexe/-/isexe-2.0.0.tgz",
+      "integrity": "sha1-6PvzdNxVb/iUehDcsFctYz8s+hA=",
+      "dev": true
+    },
+    "isstream": {
+      "version": "0.1.2",
+      "resolved": "https://registry.npmjs.org/isstream/-/isstream-0.1.2.tgz",
+      "integrity": "sha1-R+Y/evVa+m+S4VAOaQ64uFKcCZo=",
+      "dev": true
+    },
+    "istanbul-lib-coverage": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/istanbul-lib-coverage/-/istanbul-lib-coverage-3.0.0.tgz",
+      "integrity": "sha512-UiUIqxMgRDET6eR+o5HbfRYP1l0hqkWOs7vNxC/mggutCMUIhWMm8gAHb8tHlyfD3/l6rlgNA5cKdDzEAf6hEg==",
+      "dev": true
+    },
+    "istanbul-lib-hook": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/istanbul-lib-hook/-/istanbul-lib-hook-3.0.0.tgz",
+      "integrity": "sha512-Pt/uge1Q9s+5VAZ+pCo16TYMWPBIl+oaNIjgLQxcX0itS6ueeaA+pEfThZpH8WxhFgCiEb8sAJY6MdUKgiIWaQ==",
+      "dev": true,
+      "requires": {
+        "append-transform": "^2.0.0"
+      }
+    },
+    "istanbul-lib-instrument": {
+      "version": "4.0.3",
+      "resolved": "https://registry.npmjs.org/istanbul-lib-instrument/-/istanbul-lib-instrument-4.0.3.tgz",
+      "integrity": "sha512-BXgQl9kf4WTCPCCpmFGoJkz/+uhvm7h7PFKUYxh7qarQd3ER33vHG//qaE8eN25l07YqZPpHXU9I09l/RD5aGQ==",
+      "dev": true,
+      "requires": {
+        "@babel/core": "^7.7.5",
+        "@istanbuljs/schema": "^0.1.2",
+        "istanbul-lib-coverage": "^3.0.0",
+        "semver": "^6.3.0"
+      }
+    },
+    "istanbul-lib-processinfo": {
+      "version": "2.0.2",
+      "resolved": "https://registry.npmjs.org/istanbul-lib-processinfo/-/istanbul-lib-processinfo-2.0.2.tgz",
+      "integrity": "sha512-kOwpa7z9hme+IBPZMzQ5vdQj8srYgAtaRqeI48NGmAQ+/5yKiHLV0QbYqQpxsdEF0+w14SoB8YbnHKcXE2KnYw==",
+      "dev": true,
+      "requires": {
+        "archy": "^1.0.0",
+        "cross-spawn": "^7.0.0",
+        "istanbul-lib-coverage": "^3.0.0-alpha.1",
+        "make-dir": "^3.0.0",
+        "p-map": "^3.0.0",
+        "rimraf": "^3.0.0",
+        "uuid": "^3.3.3"
+      },
+      "dependencies": {
+        "uuid": {
+          "version": "3.4.0",
+          "resolved": "https://registry.npmjs.org/uuid/-/uuid-3.4.0.tgz",
+          "integrity": "sha512-HjSDRw6gZE5JMggctHBcjVak08+KEVhSIiDzFnT9S9aegmp85S/bReBVTb4QTFaRNptJ9kuYaNhnbNEOkbKb/A==",
+          "dev": true
+        }
+      }
+    },
+    "istanbul-lib-report": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/istanbul-lib-report/-/istanbul-lib-report-3.0.0.tgz",
+      "integrity": "sha512-wcdi+uAKzfiGT2abPpKZ0hSU1rGQjUQnLvtY5MpQ7QCTahD3VODhcu4wcfY1YtkGaDD5yuydOLINXsfbus9ROw==",
+      "dev": true,
+      "requires": {
+        "istanbul-lib-coverage": "^3.0.0",
+        "make-dir": "^3.0.0",
+        "supports-color": "^7.1.0"
+      }
+    },
+    "istanbul-lib-source-maps": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/istanbul-lib-source-maps/-/istanbul-lib-source-maps-4.0.0.tgz",
+      "integrity": "sha512-c16LpFRkR8vQXyHZ5nLpY35JZtzj1PQY1iZmesUbf1FZHbIupcWfjgOXBY9YHkLEQ6puz1u4Dgj6qmU/DisrZg==",
+      "dev": true,
+      "requires": {
+        "debug": "^4.1.1",
+        "istanbul-lib-coverage": "^3.0.0",
+        "source-map": "^0.6.1"
+      },
+      "dependencies": {
+        "debug": {
+          "version": "4.1.1",
+          "resolved": "https://registry.npmjs.org/debug/-/debug-4.1.1.tgz",
+          "integrity": "sha512-pYAIzeRo8J6KPEaJ0VWOh5Pzkbw/RetuzehGM7QRRX5he4fPHx2rdKMB256ehJCkX+XRQm16eZLqLNS8RSZXZw==",
+          "dev": true,
+          "requires": {
+            "ms": "^2.1.1"
+          }
+        },
+        "source-map": {
+          "version": "0.6.1",
+          "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz",
+          "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==",
+          "dev": true
+        }
+      }
+    },
+    "istanbul-reports": {
+      "version": "3.0.2",
+      "resolved": "https://registry.npmjs.org/istanbul-reports/-/istanbul-reports-3.0.2.tgz",
+      "integrity": "sha512-9tZvz7AiR3PEDNGiV9vIouQ/EAcqMXFmkcA1CDFTwOB98OZVDL0PH9glHotf5Ugp6GCOTypfzGWI/OqjWNCRUw==",
+      "dev": true,
+      "requires": {
+        "html-escaper": "^2.0.0",
+        "istanbul-lib-report": "^3.0.0"
+      }
+    },
+    "js-tokens": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz",
+      "integrity": "sha512-RdJUflcE3cUzKiMqQgsCu06FPu9UdIJO0beYbPhHN4k6apgJtifcoCtT9bcxOpYBtpD2kCM6Sbzg4CausW/PKQ==",
+      "dev": true
+    },
+    "js-yaml": {
+      "version": "3.13.1",
+      "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.13.1.tgz",
+      "integrity": "sha512-YfbcO7jXDdyj0DGxYVSlSeQNHbD7XPWvrVWeVUujrQEoZzWJIRrCPoyk6kL6IAjAG2IolMK4T0hNUe0HOUs5Jw==",
+      "dev": true,
+      "requires": {
+        "argparse": "^1.0.7",
+        "esprima": "^4.0.0"
+      }
+    },
+    "jsbn": {
+      "version": "0.1.1",
+      "resolved": "https://registry.npmjs.org/jsbn/-/jsbn-0.1.1.tgz",
+      "integrity": "sha1-peZUwuWi3rXyAdls77yoDA7y9RM=",
+      "dev": true
+    },
+    "jsesc": {
+      "version": "2.5.2",
+      "resolved": "https://registry.npmjs.org/jsesc/-/jsesc-2.5.2.tgz",
+      "integrity": "sha512-OYu7XEzjkCQ3C5Ps3QIZsQfNpqoJyZZA99wd9aWd05NCtC5pWOkShK2mkL6HXQR6/Cy2lbNdPlZBpuQHXE63gA==",
+      "dev": true
+    },
+    "json-schema": {
+      "version": "0.4.0",
+      "resolved": "https://registry.npmjs.org/json-schema/-/json-schema-0.4.0.tgz",
+      "integrity": "sha512-es94M3nTIfsEPisRafak+HDLfHXnKBhV3vU5eqPcS3flIWqcxJWgXHXiey3YrpaNsanY5ei1VoYEbOzijuq9BA==",
+      "dev": true
+    },
+    "json-schema-traverse": {
+      "version": "0.4.1",
+      "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz",
+      "integrity": "sha512-xbbCH5dCYU5T8LcEhhuh7HJ88HXuW3qsI3Y0zOZFKfZEHcpWiHU/Jxzk629Brsab/mMiHQti9wMP+845RPe3Vg==",
+      "dev": true
+    },
+    "json-stringify-safe": {
+      "version": "5.0.1",
+      "resolved": "https://registry.npmjs.org/json-stringify-safe/-/json-stringify-safe-5.0.1.tgz",
+      "integrity": "sha1-Epai1Y/UXxmg9s4B1lcB4sc1tus=",
+      "dev": true
+    },
+    "json5": {
+      "version": "2.1.3",
+      "resolved": "https://registry.npmjs.org/json5/-/json5-2.1.3.tgz",
+      "integrity": "sha512-KXPvOm8K9IJKFM0bmdn8QXh7udDh1g/giieX0NLCaMnb4hEiVFqnop2ImTXCc5e0/oHz3LTqmHGtExn5hfMkOA==",
+      "dev": true,
+      "requires": {
+        "minimist": "^1.2.5"
+      }
+    },
+    "jsprim": {
+      "version": "1.4.2",
+      "resolved": "https://registry.npmjs.org/jsprim/-/jsprim-1.4.2.tgz",
+      "integrity": "sha512-P2bSOMAc/ciLz6DzgjVlGJP9+BrJWu5UDGK70C2iweC5QBIeFf0ZXRvGjEj2uYgrY2MkAAhsSWHDWlFtEroZWw==",
+      "dev": true,
+      "requires": {
+        "assert-plus": "1.0.0",
+        "extsprintf": "1.3.0",
+        "json-schema": "0.4.0",
+        "verror": "1.10.0"
+      }
+    },
+    "just-extend": {
+      "version": "4.1.0",
+      "resolved": "https://registry.npmjs.org/just-extend/-/just-extend-4.1.0.tgz",
+      "integrity": "sha512-ApcjaOdVTJ7y4r08xI5wIqpvwS48Q0PBG4DJROcEkH1f8MdAiNFyFxz3xoL0LWAVwjrwPYZdVHHxhRHcx/uGLA==",
+      "dev": true
+    },
+    "lcov-parse": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/lcov-parse/-/lcov-parse-1.0.0.tgz",
+      "integrity": "sha1-6w1GtUER68VhrLTECO+TY73I9+A=",
+      "dev": true
+    },
+    "locate-path": {
+      "version": "6.0.0",
+      "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-6.0.0.tgz",
+      "integrity": "sha512-iPZK6eYjbxRu3uB4/WZ3EsEIMJFMqAoopl3R+zuq0UjcAm/MO6KCweDgPfP3elTztoKP3KtnVHxTn2NHBSDVUw==",
+      "dev": true,
+      "requires": {
+        "p-locate": "^5.0.0"
+      }
+    },
+    "lodash": {
+      "version": "4.17.21",
+      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz",
+      "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==",
+      "dev": true
+    },
+    "lodash.flattendeep": {
+      "version": "4.4.0",
+      "resolved": "https://registry.npmjs.org/lodash.flattendeep/-/lodash.flattendeep-4.4.0.tgz",
+      "integrity": "sha1-+wMJF/hqMTTlvJvsDWngAT3f7bI=",
+      "dev": true
+    },
+    "lodash.get": {
+      "version": "4.4.2",
+      "resolved": "https://registry.npmjs.org/lodash.get/-/lodash.get-4.4.2.tgz",
+      "integrity": "sha1-LRd/ZS+jHpObRDjVNBSZ36OCXpk=",
+      "dev": true
+    },
+    "lodash.isequal": {
+      "version": "4.5.0",
+      "resolved": "https://registry.npmjs.org/lodash.isequal/-/lodash.isequal-4.5.0.tgz",
+      "integrity": "sha1-QVxEePK8wwEgwizhDtMib30+GOA=",
+      "dev": true
+    },
+    "lodash.sortby": {
+      "version": "4.7.0",
+      "resolved": "https://registry.npmjs.org/lodash.sortby/-/lodash.sortby-4.7.0.tgz",
+      "integrity": "sha1-7dFMgk4sycHgsKG0K7UhBRakJDg=",
+      "dev": true
+    },
+    "log-driver": {
+      "version": "1.2.7",
+      "resolved": "https://registry.npmjs.org/log-driver/-/log-driver-1.2.7.tgz",
+      "integrity": "sha512-U7KCmLdqsGHBLeWqYlFA0V0Sl6P08EE1ZrmA9cxjUE0WVqT9qnyVDPz1kzpFEP0jdJuFnasWIfSd7fsaNXkpbg==",
+      "dev": true
+    },
+    "log-symbols": {
+      "version": "4.1.0",
+      "resolved": "https://registry.npmjs.org/log-symbols/-/log-symbols-4.1.0.tgz",
+      "integrity": "sha512-8XPvpAA8uyhfteu8pIvQxpJZ7SYYdpUivZpGy6sFsBuKRY/7rQGavedeB8aK+Zkyq6upMFVL/9AW6vOYzfRyLg==",
+      "dev": true,
+      "requires": {
+        "chalk": "^4.1.0",
+        "is-unicode-supported": "^0.1.0"
+      },
+      "dependencies": {
+        "ansi-styles": {
+          "version": "4.3.0",
+          "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
+          "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
+          "dev": true,
+          "requires": {
+            "color-convert": "^2.0.1"
+          }
+        },
+        "chalk": {
+          "version": "4.1.2",
+          "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
+          "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
+          "dev": true,
+          "requires": {
+            "ansi-styles": "^4.1.0",
+            "supports-color": "^7.1.0"
+          }
+        },
+        "color-convert": {
+          "version": "2.0.1",
+          "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
+          "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
+          "dev": true,
+          "requires": {
+            "color-name": "~1.1.4"
+          }
+        },
+        "color-name": {
+          "version": "1.1.4",
+          "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
+          "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==",
+          "dev": true
+        }
+      }
+    },
+    "lolex": {
+      "version": "4.2.0",
+      "resolved": "https://registry.npmjs.org/lolex/-/lolex-4.2.0.tgz",
+      "integrity": "sha512-gKO5uExCXvSm6zbF562EvM+rd1kQDnB9AZBbiQVzf1ZmdDpxUSvpnAaVOP83N/31mRK8Ml8/VE8DMvsAZQ+7wg==",
+      "dev": true
+    },
+    "loupe": {
+      "version": "2.3.1",
+      "resolved": "https://registry.npmjs.org/loupe/-/loupe-2.3.1.tgz",
+      "integrity": "sha512-EN1D3jyVmaX4tnajVlfbREU4axL647hLec1h/PXAb8CPDMJiYitcWF2UeLVNttRqaIqQs4x+mRvXf+d+TlDrCA==",
+      "dev": true,
+      "requires": {
+        "get-func-name": "^2.0.0"
+      }
+    },
+    "make-dir": {
+      "version": "3.1.0",
+      "resolved": "https://registry.npmjs.org/make-dir/-/make-dir-3.1.0.tgz",
+      "integrity": "sha512-g3FeP20LNwhALb/6Cz6Dd4F2ngze0jz7tbzrD2wAV+o9FeNHe4rL+yK2md0J/fiSf1sa1ADhXqi5+oVwOM/eGw==",
+      "dev": true,
+      "requires": {
+        "semver": "^6.0.0"
+      }
+    },
+    "mime-db": {
+      "version": "1.48.0",
+      "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.48.0.tgz",
+      "integrity": "sha512-FM3QwxV+TnZYQ2aRqhlKBMHxk10lTbMt3bBkMAp54ddrNeVSfcQYOOKuGuy3Ddrm38I04If834fOUSq1yzslJQ==",
+      "dev": true
+    },
+    "mime-types": {
+      "version": "2.1.31",
+      "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.31.tgz",
+      "integrity": "sha512-XGZnNzm3QvgKxa8dpzyhFTHmpP3l5YNusmne07VUOXxou9CqUqYa/HBy124RqtVh/O2pECas/MOcsDgpilPOPg==",
+      "dev": true,
+      "requires": {
+        "mime-db": "1.48.0"
+      }
+    },
+    "minimatch": {
+      "version": "3.0.4",
+      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.0.4.tgz",
+      "integrity": "sha512-yJHVQEhyqPLUTgt9B83PXu6W3rx4MvvHvSUvToogpwoGDOUQ+yDrR0HRot+yOCdCO7u4hX3pWft6kWBBcqh0UA==",
+      "dev": true,
+      "requires": {
+        "brace-expansion": "^1.1.7"
+      }
+    },
+    "minimist": {
+      "version": "1.2.6",
+      "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.6.tgz",
+      "integrity": "sha512-Jsjnk4bw3YJqYzbdyBiNsPWHPfO++UGG749Cxs6peCu5Xg4nrena6OVxOYxrQTqww0Jmwt+Ref8rggumkTLz9Q==",
+      "dev": true
+    },
+    "mkdirp": {
+      "version": "0.5.5",
+      "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-0.5.5.tgz",
+      "integrity": "sha512-NKmAlESf6jMGym1++R0Ra7wvhV+wFW63FaSOFPwRahvea0gMUcGUhVeAg/0BC0wiv9ih5NYPB1Wn1UEI1/L+xQ==",
+      "dev": true,
+      "requires": {
+        "minimist": "^1.2.5"
+      }
+    },
+    "mocha": {
+      "version": "10.0.0",
+      "resolved": "https://registry.npmjs.org/mocha/-/mocha-10.0.0.tgz",
+      "integrity": "sha512-0Wl+elVUD43Y0BqPZBzZt8Tnkw9CMUdNYnUsTfOM1vuhJVZL+kiesFYsqwBkEEuEixaiPe5ZQdqDgX2jddhmoA==",
+      "dev": true,
+      "requires": {
+        "@ungap/promise-all-settled": "1.1.2",
+        "ansi-colors": "4.1.1",
+        "browser-stdout": "1.3.1",
+        "chokidar": "3.5.3",
+        "debug": "4.3.4",
+        "diff": "5.0.0",
+        "escape-string-regexp": "4.0.0",
+        "find-up": "5.0.0",
+        "glob": "7.2.0",
+        "he": "1.2.0",
+        "js-yaml": "4.1.0",
+        "log-symbols": "4.1.0",
+        "minimatch": "5.0.1",
+        "ms": "2.1.3",
+        "nanoid": "3.3.3",
+        "serialize-javascript": "6.0.0",
+        "strip-json-comments": "3.1.1",
+        "supports-color": "8.1.1",
+        "workerpool": "6.2.1",
+        "yargs": "16.2.0",
+        "yargs-parser": "20.2.4",
+        "yargs-unparser": "2.0.0"
+      },
+      "dependencies": {
+        "argparse": {
+          "version": "2.0.1",
+          "resolved": "https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz",
+          "integrity": "sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q==",
+          "dev": true
+        },
+        "debug": {
+          "version": "4.3.4",
+          "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.4.tgz",
+          "integrity": "sha512-PRWFHuSU3eDtQJPvnNY7Jcket1j0t5OuOsFzPPzsekD52Zl8qUfFIPEiswXqIvHWGVHOgX+7G/vCNNhehwxfkQ==",
+          "dev": true,
+          "requires": {
+            "ms": "2.1.2"
+          },
+          "dependencies": {
+            "ms": {
+              "version": "2.1.2",
+              "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz",
+              "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==",
+              "dev": true
+            }
+          }
+        },
+        "escape-string-regexp": {
+          "version": "4.0.0",
+          "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-4.0.0.tgz",
+          "integrity": "sha512-TtpcNJ3XAzx3Gq8sWRzJaVajRs0uVxA2YAkdb1jm2YkPz4G6egUFAyA3n5vtEIZefPk5Wa4UXbKuS5fKkJWdgA==",
+          "dev": true
+        },
+        "glob": {
+          "version": "7.2.0",
+          "resolved": "https://registry.npmjs.org/glob/-/glob-7.2.0.tgz",
+          "integrity": "sha512-lmLf6gtyrPq8tTjSmrO94wBeQbFR3HbLHbuyD69wuyQkImp2hWqMGB47OX65FBkPffO641IP9jWa1z4ivqG26Q==",
+          "dev": true,
+          "requires": {
+            "fs.realpath": "^1.0.0",
+            "inflight": "^1.0.4",
+            "inherits": "2",
+            "minimatch": "^3.0.4",
+            "once": "^1.3.0",
+            "path-is-absolute": "^1.0.0"
+          },
+          "dependencies": {
+            "minimatch": {
+              "version": "3.1.2",
+              "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz",
+              "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==",
+              "dev": true,
+              "requires": {
+                "brace-expansion": "^1.1.7"
+              }
+            }
+          }
+        },
+        "js-yaml": {
+          "version": "4.1.0",
+          "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz",
+          "integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==",
+          "dev": true,
+          "requires": {
+            "argparse": "^2.0.1"
+          }
+        },
+        "minimatch": {
+          "version": "5.0.1",
+          "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-5.0.1.tgz",
+          "integrity": "sha512-nLDxIFRyhDblz3qMuq+SoRZED4+miJ/G+tdDrjkkkRnjAsBexeGpgjLEQ0blJy7rHhR2b93rhQY4SvyWu9v03g==",
+          "dev": true,
+          "requires": {
+            "brace-expansion": "^2.0.1"
+          },
+          "dependencies": {
+            "brace-expansion": {
+              "version": "2.0.1",
+              "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz",
+              "integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==",
+              "dev": true,
+              "requires": {
+                "balanced-match": "^1.0.0"
+              }
+            }
+          }
+        },
+        "ms": {
+          "version": "2.1.3",
+          "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz",
+          "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==",
+          "dev": true
+        },
+        "supports-color": {
+          "version": "8.1.1",
+          "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-8.1.1.tgz",
+          "integrity": "sha512-MpUEN2OodtUzxvKQl72cUF7RQ5EiHsGvSsVG0ia9c5RbWGL2CI4C7EpPS8UTBIplnlzZiNuV56w+FuNxy3ty2Q==",
+          "dev": true,
+          "requires": {
+            "has-flag": "^4.0.0"
+          }
+        }
+      }
+    },
+    "ms": {
+      "version": "2.1.2",
+      "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz",
+      "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==",
+      "dev": true
+    },
+    "nan": {
+      "version": "2.16.0",
+      "resolved": "https://registry.npmjs.org/nan/-/nan-2.16.0.tgz",
+      "integrity": "sha512-UdAqHyFngu7TfQKsCBgAA6pWDkT8MAO7d0jyOecVhN5354xbLqdn8mV9Tat9gepAupm0bt2DbeaSC8vS52MuFA==",
+      "dev": true
+    },
+    "nanoid": {
+      "version": "3.3.3",
+      "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.3.tgz",
+      "integrity": "sha512-p1sjXuopFs0xg+fPASzQ28agW1oHD7xDsd9Xkf3T15H3c/cifrFHVwrh74PdoklAPi+i7MdRsE47vm2r6JoB+w==",
+      "dev": true
+    },
+    "nise": {
+      "version": "5.1.1",
+      "resolved": "https://registry.npmjs.org/nise/-/nise-5.1.1.tgz",
+      "integrity": "sha512-yr5kW2THW1AkxVmCnKEh4nbYkJdB3I7LUkiUgOvEkOp414mc2UMaHMA7pjq1nYowhdoJZGwEKGaQVbxfpWj10A==",
+      "dev": true,
+      "requires": {
+        "@sinonjs/commons": "^1.8.3",
+        "@sinonjs/fake-timers": ">=5",
+        "@sinonjs/text-encoding": "^0.7.1",
+        "just-extend": "^4.0.2",
+        "path-to-regexp": "^1.7.0"
+      },
+      "dependencies": {
+        "@sinonjs/commons": {
+          "version": "1.8.3",
+          "resolved": "https://registry.npmjs.org/@sinonjs/commons/-/commons-1.8.3.tgz",
+          "integrity": "sha512-xkNcLAn/wZaX14RPlwizcKicDk9G3F8m2nU3L7Ukm5zBgTwiT0wsoFAHx9Jq56fJA1z/7uKGtCRu16sOUCLIHQ==",
+          "dev": true,
+          "requires": {
+            "type-detect": "4.0.8"
+          }
+        },
+        "path-to-regexp": {
+          "version": "1.8.0",
+          "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-1.8.0.tgz",
+          "integrity": "sha512-n43JRhlUKUAlibEJhPeir1ncUID16QnEjNpwzNdO3Lm4ywrBpBZ5oLD0I6br9evr1Y9JTqwRtAh7JLoOzAQdVA==",
+          "dev": true,
+          "requires": {
+            "isarray": "0.0.1"
+          }
+        }
+      }
+    },
+    "node-preload": {
+      "version": "0.2.1",
+      "resolved": "https://registry.npmjs.org/node-preload/-/node-preload-0.2.1.tgz",
+      "integrity": "sha512-RM5oyBy45cLEoHqCeh+MNuFAxO0vTFBLskvQbOKnEE7YTTSN4tbN8QWDIPQ6L+WvKsB/qLEGpYe2ZZ9d4W9OIQ==",
+      "dev": true,
+      "requires": {
+        "process-on-spawn": "^1.0.0"
+      }
+    },
+    "node-webcrypto-ossl": {
+      "version": "1.0.49",
+      "resolved": "https://registry.npmjs.org/node-webcrypto-ossl/-/node-webcrypto-ossl-1.0.49.tgz",
+      "integrity": "sha512-Zs73PeTWoUXUFicvAaxZC6ZyVCuq1Eg/Q4rYqiWyBY4eWIbZPFiRIi/KRM0A9GVKBPRNraaXsVmRAC83jEQ6nw==",
+      "dev": true,
+      "requires": {
+        "mkdirp": "^0.5.5",
+        "nan": "^2.14.0",
+        "tslib": "^1.11.1",
+        "webcrypto-core": "^0.1.27"
+      }
+    },
+    "normalize-path": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/normalize-path/-/normalize-path-3.0.0.tgz",
+      "integrity": "sha512-6eZs5Ls3WtCisHWp9S2GUy8dqkpGi4BVSz3GaqiE6ezub0512ESztXUwUB6C6IKbQkY2Pnb/mD4WYojCRwcwLA==",
+      "dev": true
+    },
+    "nyc": {
+      "version": "15.1.0",
+      "resolved": "https://registry.npmjs.org/nyc/-/nyc-15.1.0.tgz",
+      "integrity": "sha512-jMW04n9SxKdKi1ZMGhvUTHBN0EICCRkHemEoE5jm6mTYcqcdas0ATzgUgejlQUHMvpnOZqGB5Xxsv9KxJW1j8A==",
+      "dev": true,
+      "requires": {
+        "@istanbuljs/load-nyc-config": "^1.0.0",
+        "@istanbuljs/schema": "^0.1.2",
+        "caching-transform": "^4.0.0",
+        "convert-source-map": "^1.7.0",
+        "decamelize": "^1.2.0",
+        "find-cache-dir": "^3.2.0",
+        "find-up": "^4.1.0",
+        "foreground-child": "^2.0.0",
+        "get-package-type": "^0.1.0",
+        "glob": "^7.1.6",
+        "istanbul-lib-coverage": "^3.0.0",
+        "istanbul-lib-hook": "^3.0.0",
+        "istanbul-lib-instrument": "^4.0.0",
+        "istanbul-lib-processinfo": "^2.0.2",
+        "istanbul-lib-report": "^3.0.0",
+        "istanbul-lib-source-maps": "^4.0.0",
+        "istanbul-reports": "^3.0.2",
+        "make-dir": "^3.0.0",
+        "node-preload": "^0.2.1",
+        "p-map": "^3.0.0",
+        "process-on-spawn": "^1.0.0",
+        "resolve-from": "^5.0.0",
+        "rimraf": "^3.0.0",
+        "signal-exit": "^3.0.2",
+        "spawn-wrap": "^2.0.0",
+        "test-exclude": "^6.0.0",
+        "yargs": "^15.0.2"
+      },
+      "dependencies": {
+        "ansi-styles": {
+          "version": "4.2.1",
+          "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.2.1.tgz",
+          "integrity": "sha512-9VGjrMsG1vePxcSweQsN20KY/c4zN0h9fLjqAbwbPfahM3t+NL+M9HC8xeXG2I8pX5NoamTGNuomEUFI7fcUjA==",
+          "dev": true,
+          "requires": {
+            "@types/color-name": "^1.1.1",
+            "color-convert": "^2.0.1"
+          }
+        },
+        "cliui": {
+          "version": "6.0.0",
+          "resolved": "https://registry.npmjs.org/cliui/-/cliui-6.0.0.tgz",
+          "integrity": "sha512-t6wbgtoCXvAzst7QgXxJYqPt0usEfbgQdftEPbLL/cvv6HPE5VgvqCuAIDR0NgU52ds6rFwqrgakNLrHEjCbrQ==",
+          "dev": true,
+          "requires": {
+            "string-width": "^4.2.0",
+            "strip-ansi": "^6.0.0",
+            "wrap-ansi": "^6.2.0"
+          }
+        },
+        "color-convert": {
+          "version": "2.0.1",
+          "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
+          "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
+          "dev": true,
+          "requires": {
+            "color-name": "~1.1.4"
+          }
+        },
+        "color-name": {
+          "version": "1.1.4",
+          "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
+          "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==",
+          "dev": true
+        },
+        "emoji-regex": {
+          "version": "8.0.0",
+          "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz",
+          "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==",
+          "dev": true
+        },
+        "find-up": {
+          "version": "4.1.0",
+          "resolved": "https://registry.npmjs.org/find-up/-/find-up-4.1.0.tgz",
+          "integrity": "sha512-PpOwAdQ/YlXQ2vj8a3h8IipDuYRi3wceVQQGYWxNINccq40Anw7BlsEXCMbt1Zt+OLA6Fq9suIpIWD0OsnISlw==",
+          "dev": true,
+          "requires": {
+            "locate-path": "^5.0.0",
+            "path-exists": "^4.0.0"
+          }
+        },
+        "is-fullwidth-code-point": {
+          "version": "3.0.0",
+          "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz",
+          "integrity": "sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg==",
+          "dev": true
+        },
+        "locate-path": {
+          "version": "5.0.0",
+          "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-5.0.0.tgz",
+          "integrity": "sha512-t7hw9pI+WvuwNJXwk5zVHpyhIqzg2qTlklJOf0mVxGSbe3Fp2VieZcduNYjaLDoy6p9uGpQEGWG87WpMKlNq8g==",
+          "dev": true,
+          "requires": {
+            "p-locate": "^4.1.0"
+          }
+        },
+        "p-locate": {
+          "version": "4.1.0",
+          "resolved": "https://registry.npmjs.org/p-locate/-/p-locate-4.1.0.tgz",
+          "integrity": "sha512-R79ZZ/0wAxKGu3oYMlz8jy/kbhsNrS7SKZ7PxEHBgJ5+F2mtFW2fK2cOtBh1cHYkQsbzFV7I+EoRKe6Yt0oK7A==",
+          "dev": true,
+          "requires": {
+            "p-limit": "^2.2.0"
+          }
+        },
+        "path-exists": {
+          "version": "4.0.0",
+          "resolved": "https://registry.npmjs.org/path-exists/-/path-exists-4.0.0.tgz",
+          "integrity": "sha512-ak9Qy5Q7jYb2Wwcey5Fpvg2KoAc/ZIhLSLOSBmRmygPsGwkVVt0fZa0qrtMz+m6tJTAHfZQ8FnmB4MG4LWy7/w==",
+          "dev": true
+        },
+        "string-width": {
+          "version": "4.2.0",
+          "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.0.tgz",
+          "integrity": "sha512-zUz5JD+tgqtuDjMhwIg5uFVV3dtqZ9yQJlZVfq4I01/K5Paj5UHj7VyrQOJvzawSVlKpObApbfD0Ed6yJc+1eg==",
+          "dev": true,
+          "requires": {
+            "emoji-regex": "^8.0.0",
+            "is-fullwidth-code-point": "^3.0.0",
+            "strip-ansi": "^6.0.0"
+          }
+        },
+        "strip-ansi": {
+          "version": "6.0.0",
+          "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.0.tgz",
+          "integrity": "sha512-AuvKTrTfQNYNIctbR1K/YGTR1756GycPsg7b9bdV9Duqur4gv6aKqHXah67Z8ImS7WEz5QVcOtlfW2rZEugt6w==",
+          "dev": true,
+          "requires": {
+            "ansi-regex": "^5.0.0"
+          }
+        },
+        "wrap-ansi": {
+          "version": "6.2.0",
+          "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-6.2.0.tgz",
+          "integrity": "sha512-r6lPcBGxZXlIcymEu7InxDMhdW0KDxpLgoFLcguasxCaJ/SOIZwINatK9KY/tf+ZrlywOKU0UDj3ATXUBfxJXA==",
+          "dev": true,
+          "requires": {
+            "ansi-styles": "^4.0.0",
+            "string-width": "^4.1.0",
+            "strip-ansi": "^6.0.0"
+          }
+        },
+        "y18n": {
+          "version": "4.0.1",
+          "resolved": "https://registry.npmjs.org/y18n/-/y18n-4.0.1.tgz",
+          "integrity": "sha512-wNcy4NvjMYL8gogWWYAO7ZFWFfHcbdbE57tZO8e4cbpj8tfUcwrwqSl3ad8HxpYWCdXcJUCeKKZS62Av1affwQ==",
+          "dev": true
+        },
+        "yargs": {
+          "version": "15.4.1",
+          "resolved": "https://registry.npmjs.org/yargs/-/yargs-15.4.1.tgz",
+          "integrity": "sha512-aePbxDmcYW++PaqBsJ+HYUFwCdv4LVvdnhBy78E57PIor8/OVvhMrADFFEDh8DHDFRv/O9i3lPhsENjO7QX0+A==",
+          "dev": true,
+          "requires": {
+            "cliui": "^6.0.0",
+            "decamelize": "^1.2.0",
+            "find-up": "^4.1.0",
+            "get-caller-file": "^2.0.1",
+            "require-directory": "^2.1.1",
+            "require-main-filename": "^2.0.0",
+            "set-blocking": "^2.0.0",
+            "string-width": "^4.2.0",
+            "which-module": "^2.0.0",
+            "y18n": "^4.0.0",
+            "yargs-parser": "^18.1.2"
+          }
+        },
+        "yargs-parser": {
+          "version": "18.1.3",
+          "resolved": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-18.1.3.tgz",
+          "integrity": "sha512-o50j0JeToy/4K6OZcaQmW6lyXXKhq7csREXcDwk2omFPJEwUNOVtJKvmDr9EI1fAJZUyZcRF7kxGBWmRXudrCQ==",
+          "dev": true,
+          "requires": {
+            "camelcase": "^5.0.0",
+            "decamelize": "^1.2.0"
+          }
+        }
+      }
+    },
+    "oauth-sign": {
+      "version": "0.9.0",
+      "resolved": "https://registry.npmjs.org/oauth-sign/-/oauth-sign-0.9.0.tgz",
+      "integrity": "sha512-fexhUFFPTGV8ybAtSIGbV6gOkSv8UtRbDBnAyLQw4QPKkgNlsH2ByPGtMUqdWkos6YCRmAqViwgZrJc/mRDzZQ==",
+      "dev": true
+    },
+    "once": {
+      "version": "1.4.0",
+      "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz",
+      "integrity": "sha1-WDsap3WWHUsROsF9nFC6753Xa9E=",
+      "dev": true,
+      "requires": {
+        "wrappy": "1"
+      }
+    },
+    "p-limit": {
+      "version": "2.2.1",
+      "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-2.2.1.tgz",
+      "integrity": "sha512-85Tk+90UCVWvbDavCLKPOLC9vvY8OwEX/RtKF+/1OADJMVlFfEHOiMTPVyxg7mk/dKa+ipdHm0OUkTvCpMTuwg==",
+      "dev": true,
+      "requires": {
+        "p-try": "^2.0.0"
+      }
+    },
+    "p-locate": {
+      "version": "5.0.0",
+      "resolved": "https://registry.npmjs.org/p-locate/-/p-locate-5.0.0.tgz",
+      "integrity": "sha512-LaNjtRWUBY++zB5nE/NwcaoMylSPk+S+ZHNB1TzdbMJMny6dynpAGt7X/tl/QYq3TIeE6nxHppbo2LGymrG5Pw==",
+      "dev": true,
+      "requires": {
+        "p-limit": "^3.0.2"
+      },
+      "dependencies": {
+        "p-limit": {
+          "version": "3.1.0",
+          "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-3.1.0.tgz",
+          "integrity": "sha512-TYOanM3wGwNGsZN2cVTYPArw454xnXj5qmWF1bEoAc4+cU/ol7GVh7odevjp1FNHduHc3KZMcFduxU5Xc6uJRQ==",
+          "dev": true,
+          "requires": {
+            "yocto-queue": "^0.1.0"
+          }
+        }
+      }
+    },
+    "p-map": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/p-map/-/p-map-3.0.0.tgz",
+      "integrity": "sha512-d3qXVTF/s+W+CdJ5A29wywV2n8CQQYahlgz2bFiA+4eVNJbHJodPZ+/gXwPGh0bOqA+j8S+6+ckmvLGPk1QpxQ==",
+      "dev": true,
+      "requires": {
+        "aggregate-error": "^3.0.0"
+      }
+    },
+    "p-try": {
+      "version": "2.2.0",
+      "resolved": "https://registry.npmjs.org/p-try/-/p-try-2.2.0.tgz",
+      "integrity": "sha512-R4nPAVTAU0B9D35/Gk3uJf/7XYbQcyohSKdvAxIRSNghFl4e71hVoGnBNQz9cWaXxO2I10KTC+3jMdvvoKw6dQ==",
+      "dev": true
+    },
+    "package-hash": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/package-hash/-/package-hash-4.0.0.tgz",
+      "integrity": "sha512-whdkPIooSu/bASggZ96BWVvZTRMOFxnyUG5PnTSGKoJE2gd5mbVNmR2Nj20QFzxYYgAXpoqC+AiXzl+UMRh7zQ==",
+      "dev": true,
+      "requires": {
+        "graceful-fs": "^4.1.15",
+        "hasha": "^5.0.0",
+        "lodash.flattendeep": "^4.4.0",
+        "release-zalgo": "^1.0.0"
+      }
+    },
+    "pako": {
+      "version": "2.0.4",
+      "resolved": "https://registry.npmjs.org/pako/-/pako-2.0.4.tgz",
+      "integrity": "sha512-v8tweI900AUkZN6heMU/4Uy4cXRc2AYNRggVmTR+dEncawDJgCdLMximOVA2p4qO57WMynangsfGRb5WD6L1Bg==",
+      "dev": true
+    },
+    "path-exists": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/path-exists/-/path-exists-4.0.0.tgz",
+      "integrity": "sha512-ak9Qy5Q7jYb2Wwcey5Fpvg2KoAc/ZIhLSLOSBmRmygPsGwkVVt0fZa0qrtMz+m6tJTAHfZQ8FnmB4MG4LWy7/w==",
+      "dev": true
+    },
+    "path-is-absolute": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz",
+      "integrity": "sha1-F0uSaHNVNP+8es5r9TpanhtcX18=",
+      "dev": true
+    },
+    "path-key": {
+      "version": "3.1.1",
+      "resolved": "https://registry.npmjs.org/path-key/-/path-key-3.1.1.tgz",
+      "integrity": "sha512-ojmeN0qd+y0jszEtoY48r0Peq5dwMEkIlCOu6Q5f41lfkswXuKtYrhgoTpLnyIcHm24Uhqx+5Tqm2InSwLhE6Q==",
+      "dev": true
+    },
+    "path-parse": {
+      "version": "1.0.7",
+      "resolved": "https://registry.npmjs.org/path-parse/-/path-parse-1.0.7.tgz",
+      "integrity": "sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw==",
+      "dev": true
+    },
+    "path-to-regexp": {
+      "version": "2.4.0",
+      "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-2.4.0.tgz",
+      "integrity": "sha512-G6zHoVqC6GGTQkZwF4lkuEyMbVOjoBKAEybQUypI1WTkqinCOrq2x6U2+phkJ1XsEMTy4LjtwPI7HW+NVrRR2w==",
+      "dev": true
+    },
+    "pathval": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/pathval/-/pathval-1.1.1.tgz",
+      "integrity": "sha512-Dp6zGqpTdETdR63lehJYPeIOqpiNBNtc7BpWSLrOje7UaIsE5aY92r/AunQA7rsXvet3lrJ3JnZX29UPTKXyKQ==",
+      "dev": true
+    },
+    "performance-now": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/performance-now/-/performance-now-2.1.0.tgz",
+      "integrity": "sha1-Ywn04OX6kT7BxpMHrjZLSzd8nns=",
+      "dev": true
+    },
+    "picomatch": {
+      "version": "2.3.1",
+      "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz",
+      "integrity": "sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==",
+      "dev": true
+    },
+    "pkg-dir": {
+      "version": "4.2.0",
+      "resolved": "https://registry.npmjs.org/pkg-dir/-/pkg-dir-4.2.0.tgz",
+      "integrity": "sha512-HRDzbaKjC+AOWVXxAU/x54COGeIv9eb+6CkDSQoNTt4XyWoIJvuPsXizxu/Fr23EiekbtZwmh1IcIG/l/a10GQ==",
+      "dev": true,
+      "requires": {
+        "find-up": "^4.0.0"
+      },
+      "dependencies": {
+        "find-up": {
+          "version": "4.1.0",
+          "resolved": "https://registry.npmjs.org/find-up/-/find-up-4.1.0.tgz",
+          "integrity": "sha512-PpOwAdQ/YlXQ2vj8a3h8IipDuYRi3wceVQQGYWxNINccq40Anw7BlsEXCMbt1Zt+OLA6Fq9suIpIWD0OsnISlw==",
+          "dev": true,
+          "requires": {
+            "locate-path": "^5.0.0",
+            "path-exists": "^4.0.0"
+          }
+        },
+        "locate-path": {
+          "version": "5.0.0",
+          "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-5.0.0.tgz",
+          "integrity": "sha512-t7hw9pI+WvuwNJXwk5zVHpyhIqzg2qTlklJOf0mVxGSbe3Fp2VieZcduNYjaLDoy6p9uGpQEGWG87WpMKlNq8g==",
+          "dev": true,
+          "requires": {
+            "p-locate": "^4.1.0"
+          }
+        },
+        "p-locate": {
+          "version": "4.1.0",
+          "resolved": "https://registry.npmjs.org/p-locate/-/p-locate-4.1.0.tgz",
+          "integrity": "sha512-R79ZZ/0wAxKGu3oYMlz8jy/kbhsNrS7SKZ7PxEHBgJ5+F2mtFW2fK2cOtBh1cHYkQsbzFV7I+EoRKe6Yt0oK7A==",
+          "dev": true,
+          "requires": {
+            "p-limit": "^2.2.0"
+          }
+        },
+        "path-exists": {
+          "version": "4.0.0",
+          "resolved": "https://registry.npmjs.org/path-exists/-/path-exists-4.0.0.tgz",
+          "integrity": "sha512-ak9Qy5Q7jYb2Wwcey5Fpvg2KoAc/ZIhLSLOSBmRmygPsGwkVVt0fZa0qrtMz+m6tJTAHfZQ8FnmB4MG4LWy7/w==",
+          "dev": true
+        }
+      }
+    },
+    "process-on-spawn": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/process-on-spawn/-/process-on-spawn-1.0.0.tgz",
+      "integrity": "sha512-1WsPDsUSMmZH5LeMLegqkPDrsGgsWwk1Exipy2hvB0o/F0ASzbpIctSCcZIK1ykJvtTJULEH+20WOFjMvGnCTg==",
+      "dev": true,
+      "requires": {
+        "fromentries": "^1.2.0"
+      }
+    },
+    "psl": {
+      "version": "1.8.0",
+      "resolved": "https://registry.npmjs.org/psl/-/psl-1.8.0.tgz",
+      "integrity": "sha512-RIdOzyoavK+hA18OGGWDqUTsCLhtA7IcZ/6NCs4fFJaHBDab+pDDmDIByWFRQJq2Cd7r1OoQxBGKOaztq+hjIQ==",
+      "dev": true
+    },
+    "punycode": {
+      "version": "2.1.1",
+      "resolved": "https://registry.npmjs.org/punycode/-/punycode-2.1.1.tgz",
+      "integrity": "sha512-XRsRjdf+j5ml+y/6GKHPZbrF/8p2Yga0JPtdqTIY2Xe5ohJPD9saDJJLPvp9+NSBprVvevdXZybnj2cv8OEd0A==",
+      "dev": true
+    },
+    "qs": {
+      "version": "6.5.2",
+      "resolved": "https://registry.npmjs.org/qs/-/qs-6.5.2.tgz",
+      "integrity": "sha512-N5ZAX4/LxJmF+7wN74pUD6qAh9/wnvdQcjq9TZjevvXzSUo7bfmw91saqMjzGS2xq91/odN2dW/WOl7qQHNDGA==",
+      "dev": true
+    },
+    "querystring": {
+      "version": "0.2.0",
+      "resolved": "https://registry.npmjs.org/querystring/-/querystring-0.2.0.tgz",
+      "integrity": "sha1-sgmEkgO7Jd+CDadW50cAWHhSFiA=",
+      "dev": true
+    },
+    "randombytes": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/randombytes/-/randombytes-2.1.0.tgz",
+      "integrity": "sha512-vYl3iOX+4CKUWuxGi9Ukhie6fsqXqS9FE2Zaic4tNFD2N2QQaXOMFbuKK4QmDHC0JO6B1Zp41J0LpT0oR68amQ==",
+      "dev": true,
+      "requires": {
+        "safe-buffer": "^5.1.0"
+      }
+    },
+    "readdirp": {
+      "version": "3.6.0",
+      "resolved": "https://registry.npmjs.org/readdirp/-/readdirp-3.6.0.tgz",
+      "integrity": "sha512-hOS089on8RduqdbhvQ5Z37A0ESjsqz6qnRcffsMU3495FuTdqSm+7bhJ29JvIOsBDEEnan5DPu9t3To9VRlMzA==",
+      "dev": true,
+      "requires": {
+        "picomatch": "^2.2.1"
+      }
+    },
+    "regenerator-runtime": {
+      "version": "0.13.7",
+      "resolved": "https://registry.npmjs.org/regenerator-runtime/-/regenerator-runtime-0.13.7.tgz",
+      "integrity": "sha512-a54FxoJDIr27pgf7IgeQGxmqUNYrcV338lf/6gH456HZ/PhX+5BcwHXG9ajESmwe6WRO0tAzRUrRmNONWgkrew==",
+      "dev": true
+    },
+    "release-zalgo": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/release-zalgo/-/release-zalgo-1.0.0.tgz",
+      "integrity": "sha1-CXALflB0Mpc5Mw5TXFqQ+2eFFzA=",
+      "dev": true,
+      "requires": {
+        "es6-error": "^4.0.1"
+      }
+    },
+    "request": {
+      "version": "2.88.2",
+      "resolved": "https://registry.npmjs.org/request/-/request-2.88.2.tgz",
+      "integrity": "sha512-MsvtOrfG9ZcrOwAW+Qi+F6HbD0CWXEh9ou77uOb7FM2WPhwT7smM833PzanhJLsgXjN89Ir6V2PczXNnMpwKhw==",
+      "dev": true,
+      "requires": {
+        "aws-sign2": "~0.7.0",
+        "aws4": "^1.8.0",
+        "caseless": "~0.12.0",
+        "combined-stream": "~1.0.6",
+        "extend": "~3.0.2",
+        "forever-agent": "~0.6.1",
+        "form-data": "~2.3.2",
+        "har-validator": "~5.1.3",
+        "http-signature": "~1.2.0",
+        "is-typedarray": "~1.0.0",
+        "isstream": "~0.1.2",
+        "json-stringify-safe": "~5.0.1",
+        "mime-types": "~2.1.19",
+        "oauth-sign": "~0.9.0",
+        "performance-now": "^2.1.0",
+        "qs": "~6.5.2",
+        "safe-buffer": "^5.1.2",
+        "tough-cookie": "~2.5.0",
+        "tunnel-agent": "^0.6.0",
+        "uuid": "^3.3.2"
+      }
+    },
+    "require-directory": {
+      "version": "2.1.1",
+      "resolved": "https://registry.npmjs.org/require-directory/-/require-directory-2.1.1.tgz",
+      "integrity": "sha1-jGStX9MNqxyXbiNE/+f3kqam30I=",
+      "dev": true
+    },
+    "require-main-filename": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/require-main-filename/-/require-main-filename-2.0.0.tgz",
+      "integrity": "sha512-NKN5kMDylKuldxYLSUfrbo5Tuzh4hd+2E8NPPX02mZtn1VuREQToYe/ZdlJy+J3uCpfaiGF05e7B8W0iXbQHmg==",
+      "dev": true
+    },
+    "resolve": {
+      "version": "1.17.0",
+      "resolved": "https://registry.npmjs.org/resolve/-/resolve-1.17.0.tgz",
+      "integrity": "sha512-ic+7JYiV8Vi2yzQGFWOkiZD5Z9z7O2Zhm9XMaTxdJExKasieFCr+yXZ/WmXsckHiKl12ar0y6XiXDx3m4RHn1w==",
+      "dev": true,
+      "requires": {
+        "path-parse": "^1.0.6"
+      }
+    },
+    "resolve-from": {
+      "version": "5.0.0",
+      "resolved": "https://registry.npmjs.org/resolve-from/-/resolve-from-5.0.0.tgz",
+      "integrity": "sha512-qYg9KP24dD5qka9J47d0aVky0N+b4fTU89LN9iDnjB5waksiC49rvMB0PrUJQGoTmH50XPiqOvAjDfaijGxYZw==",
+      "dev": true
+    },
+    "rimraf": {
+      "version": "3.0.2",
+      "resolved": "https://registry.npmjs.org/rimraf/-/rimraf-3.0.2.tgz",
+      "integrity": "sha512-JZkJMZkAGFFPP2YqXZXPbMlMBgsxzE8ILs4lMIX/2o0L9UBw9O/Y3o6wFw/i9YLapcUJWwqbi3kdxIPdC62TIA==",
+      "dev": true,
+      "requires": {
+        "glob": "^7.1.3"
+      }
+    },
+    "safe-buffer": {
+      "version": "5.1.2",
+      "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz",
+      "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g==",
+      "dev": true
+    },
+    "safer-buffer": {
+      "version": "2.1.2",
+      "resolved": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz",
+      "integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==",
+      "dev": true
+    },
+    "semver": {
+      "version": "6.3.0",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.0.tgz",
+      "integrity": "sha512-b39TBaTSfV6yBrapU89p5fKekE2m/NwnDocOVruQFS1/veMgdzuPcnOM34M6CwxW8jH/lxEa5rBoDeUwu5HHTw==",
+      "dev": true
+    },
+    "serialize-javascript": {
+      "version": "6.0.0",
+      "resolved": "https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-6.0.0.tgz",
+      "integrity": "sha512-Qr3TosvguFt8ePWqsvRfrKyQXIiW+nGbYpy8XK24NQHE83caxWt+mIymTT19DGFbNWNLfEwsrkSmN64lVWB9ag==",
+      "dev": true,
+      "requires": {
+        "randombytes": "^2.1.0"
+      }
+    },
+    "set-blocking": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/set-blocking/-/set-blocking-2.0.0.tgz",
+      "integrity": "sha1-BF+XgtARrppoA93TgrJDkrPYkPc=",
+      "dev": true
+    },
+    "shebang-command": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/shebang-command/-/shebang-command-2.0.0.tgz",
+      "integrity": "sha512-kHxr2zZpYtdmrN1qDjrrX/Z1rR1kG8Dx+gkpK1G4eXmvXswmcE1hTWBWYUzlraYw1/yZp6YuDY77YtvbN0dmDA==",
+      "dev": true,
+      "requires": {
+        "shebang-regex": "^3.0.0"
+      }
+    },
+    "shebang-regex": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/shebang-regex/-/shebang-regex-3.0.0.tgz",
+      "integrity": "sha512-7++dFhtcx3353uBaq8DDR4NuxBetBzC7ZQOhmTQInHEd6bSrXdiEyzCvG07Z44UYdLShWUyXt5M/yhz8ekcb1A==",
+      "dev": true
+    },
+    "signal-exit": {
+      "version": "3.0.3",
+      "resolved": "https://registry.npmjs.org/signal-exit/-/signal-exit-3.0.3.tgz",
+      "integrity": "sha512-VUJ49FC8U1OxwZLxIbTTrDvLnf/6TDgxZcK8wxR8zs13xpx7xbG60ndBlhNrFi2EMuFRoeDoJO7wthSLq42EjA==",
+      "dev": true
+    },
+    "sinon": {
+      "version": "14.0.0",
+      "resolved": "https://registry.npmjs.org/sinon/-/sinon-14.0.0.tgz",
+      "integrity": "sha512-ugA6BFmE+WrJdh0owRZHToLd32Uw3Lxq6E6LtNRU+xTVBefx632h03Q7apXWRsRdZAJ41LB8aUfn2+O4jsDNMw==",
+      "dev": true,
+      "requires": {
+        "@sinonjs/commons": "^1.8.3",
+        "@sinonjs/fake-timers": "^9.1.2",
+        "@sinonjs/samsam": "^6.1.1",
+        "diff": "^5.0.0",
+        "nise": "^5.1.1",
+        "supports-color": "^7.2.0"
+      },
+      "dependencies": {
+        "@sinonjs/commons": {
+          "version": "1.8.3",
+          "resolved": "https://registry.npmjs.org/@sinonjs/commons/-/commons-1.8.3.tgz",
+          "integrity": "sha512-xkNcLAn/wZaX14RPlwizcKicDk9G3F8m2nU3L7Ukm5zBgTwiT0wsoFAHx9Jq56fJA1z/7uKGtCRu16sOUCLIHQ==",
+          "dev": true,
+          "requires": {
+            "type-detect": "4.0.8"
+          }
+        },
+        "supports-color": {
+          "version": "7.2.0",
+          "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
+          "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
+          "dev": true,
+          "requires": {
+            "has-flag": "^4.0.0"
+          }
+        }
+      }
+    },
+    "sinon-chrome": {
+      "version": "3.0.1",
+      "resolved": "https://registry.npmjs.org/sinon-chrome/-/sinon-chrome-3.0.1.tgz",
+      "integrity": "sha512-NTEFhyuiWEMnRmIqldUiA2DhKn2EqnZxyEk5Ez5rBXj+Nl54aJ0MEmF4wjltrxecxd8zlNLxyE0HyLabev9JsQ==",
+      "dev": true,
+      "requires": {
+        "lodash": "^4.16.3",
+        "sinon": "^7.2.3",
+        "urijs": "^1.18.2"
+      },
+      "dependencies": {
+        "@sinonjs/formatio": {
+          "version": "3.2.2",
+          "resolved": "https://registry.npmjs.org/@sinonjs/formatio/-/formatio-3.2.2.tgz",
+          "integrity": "sha512-B8SEsgd8gArBLMD6zpRw3juQ2FVSsmdd7qlevyDqzS9WTCtvF55/gAL+h6gue8ZvPYcdiPdvueM/qm//9XzyTQ==",
+          "dev": true,
+          "requires": {
+            "@sinonjs/commons": "^1",
+            "@sinonjs/samsam": "^3.1.0"
+          }
+        },
+        "@sinonjs/samsam": {
+          "version": "3.3.3",
+          "resolved": "https://registry.npmjs.org/@sinonjs/samsam/-/samsam-3.3.3.tgz",
+          "integrity": "sha512-bKCMKZvWIjYD0BLGnNrxVuw4dkWCYsLqFOUWw8VgKF/+5Y+mE7LfHWPIYoDXowH+3a9LsWDMo0uAP8YDosPvHQ==",
+          "dev": true,
+          "requires": {
+            "@sinonjs/commons": "^1.3.0",
+            "array-from": "^2.1.1",
+            "lodash": "^4.17.15"
+          }
+        },
+        "diff": {
+          "version": "3.5.0",
+          "resolved": "https://registry.npmjs.org/diff/-/diff-3.5.0.tgz",
+          "integrity": "sha512-A46qtFgd+g7pDZinpnwiRJtxbC1hpgf0uzP3iG89scHk0AUC7A1TGxf5OiiOUv/JMZR8GOt8hL900hV0bOy5xA==",
+          "dev": true
+        },
+        "has-flag": {
+          "version": "3.0.0",
+          "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz",
+          "integrity": "sha1-tdRU3CGZriJWmfNGfloH87lVuv0=",
+          "dev": true
+        },
+        "nise": {
+          "version": "1.5.3",
+          "resolved": "https://registry.npmjs.org/nise/-/nise-1.5.3.tgz",
+          "integrity": "sha512-Ymbac/94xeIrMf59REBPOv0thr+CJVFMhrlAkW/gjCIE58BGQdCj0x7KRCb3yz+Ga2Rz3E9XXSvUyyxqqhjQAQ==",
+          "dev": true,
+          "requires": {
+            "@sinonjs/formatio": "^3.2.1",
+            "@sinonjs/text-encoding": "^0.7.1",
+            "just-extend": "^4.0.2",
+            "lolex": "^5.0.1",
+            "path-to-regexp": "^1.7.0"
+          },
+          "dependencies": {
+            "lolex": {
+              "version": "5.1.2",
+              "resolved": "https://registry.npmjs.org/lolex/-/lolex-5.1.2.tgz",
+              "integrity": "sha512-h4hmjAvHTmd+25JSwrtTIuwbKdwg5NzZVRMLn9saij4SZaepCrTCxPr35H/3bjwfMJtN+t3CX8672UIkglz28A==",
+              "dev": true,
+              "requires": {
+                "@sinonjs/commons": "^1.7.0"
+              }
+            }
+          }
+        },
+        "path-to-regexp": {
+          "version": "1.8.0",
+          "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-1.8.0.tgz",
+          "integrity": "sha512-n43JRhlUKUAlibEJhPeir1ncUID16QnEjNpwzNdO3Lm4ywrBpBZ5oLD0I6br9evr1Y9JTqwRtAh7JLoOzAQdVA==",
+          "dev": true,
+          "requires": {
+            "isarray": "0.0.1"
+          }
+        },
+        "sinon": {
+          "version": "7.5.0",
+          "resolved": "https://registry.npmjs.org/sinon/-/sinon-7.5.0.tgz",
+          "integrity": "sha512-AoD0oJWerp0/rY9czP/D6hDTTUYGpObhZjMpd7Cl/A6+j0xBE+ayL/ldfggkBXUs0IkvIiM1ljM8+WkOc5k78Q==",
+          "dev": true,
+          "requires": {
+            "@sinonjs/commons": "^1.4.0",
+            "@sinonjs/formatio": "^3.2.1",
+            "@sinonjs/samsam": "^3.3.3",
+            "diff": "^3.5.0",
+            "lolex": "^4.2.0",
+            "nise": "^1.5.2",
+            "supports-color": "^5.5.0"
+          }
+        },
+        "supports-color": {
+          "version": "5.5.0",
+          "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz",
+          "integrity": "sha512-QjVjwdXIt408MIiAqCX4oUKsgU2EqAGzs2Ppkm4aQYbjm+ZEWEcW4SfFNTr4uMNZma0ey4f5lgLrkB0aX0QMow==",
+          "dev": true,
+          "requires": {
+            "has-flag": "^3.0.0"
+          }
+        }
+      }
+    },
+    "source-map": {
+      "version": "0.5.7",
+      "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.5.7.tgz",
+      "integrity": "sha1-igOdLRAh0i0eoUyA2OpGi6LvP8w=",
+      "dev": true
+    },
+    "spawn-wrap": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/spawn-wrap/-/spawn-wrap-2.0.0.tgz",
+      "integrity": "sha512-EeajNjfN9zMnULLwhZZQU3GWBoFNkbngTUPfaawT4RkMiviTxcX0qfhVbGey39mfctfDHkWtuecgQ8NJcyQWHg==",
+      "dev": true,
+      "requires": {
+        "foreground-child": "^2.0.0",
+        "is-windows": "^1.0.2",
+        "make-dir": "^3.0.0",
+        "rimraf": "^3.0.0",
+        "signal-exit": "^3.0.2",
+        "which": "^2.0.1"
+      }
+    },
+    "sprintf-js": {
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz",
+      "integrity": "sha1-BOaSb2YolTVPPdAVIDYzuFcpfiw=",
+      "dev": true
+    },
+    "sshpk": {
+      "version": "1.16.1",
+      "resolved": "https://registry.npmjs.org/sshpk/-/sshpk-1.16.1.tgz",
+      "integrity": "sha512-HXXqVUq7+pcKeLqqZj6mHFUMvXtOJt1uoUx09pFW6011inTMxqI8BA8PM95myrIyyKwdnzjdFjLiE6KBPVtJIg==",
+      "dev": true,
+      "requires": {
+        "asn1": "~0.2.3",
+        "assert-plus": "^1.0.0",
+        "bcrypt-pbkdf": "^1.0.0",
+        "dashdash": "^1.12.0",
+        "ecc-jsbn": "~0.1.1",
+        "getpass": "^0.1.1",
+        "jsbn": "~0.1.0",
+        "safer-buffer": "^2.0.2",
+        "tweetnacl": "~0.14.0"
+      }
+    },
+    "string-width": {
+      "version": "4.2.3",
+      "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz",
+      "integrity": "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==",
+      "dev": true,
+      "requires": {
+        "emoji-regex": "^8.0.0",
+        "is-fullwidth-code-point": "^3.0.0",
+        "strip-ansi": "^6.0.1"
+      }
+    },
+    "strip-ansi": {
+      "version": "6.0.1",
+      "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz",
+      "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==",
+      "dev": true,
+      "requires": {
+        "ansi-regex": "^5.0.1"
+      }
+    },
+    "strip-bom": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/strip-bom/-/strip-bom-4.0.0.tgz",
+      "integrity": "sha512-3xurFv5tEgii33Zi8Jtp55wEIILR9eh34FAW00PZf+JnSsTmV/ioewSgQl97JHvgjoRGwPShsWm+IdrxB35d0w==",
+      "dev": true
+    },
+    "strip-json-comments": {
+      "version": "3.1.1",
+      "resolved": "https://registry.npmjs.org/strip-json-comments/-/strip-json-comments-3.1.1.tgz",
+      "integrity": "sha512-6fPc+R4ihwqP6N/aIv2f1gMH8lOVtWQHoqC4yK6oSDVVocumAsfCqjkXnqiYMhmMwS/mEHLp7Vehlt3ql6lEig==",
+      "dev": true
+    },
+    "style-mod": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/style-mod/-/style-mod-4.0.0.tgz",
+      "integrity": "sha512-OPhtyEjyyN9x3nhPsu76f52yUGXiZcgvsrFVtvTkyGRQJ0XK+GPc6ov1z+lRpbeabka+MYEQxOYRnt5nF30aMw==",
+      "dev": true
+    },
+    "supports-color": {
+      "version": "7.1.0",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.1.0.tgz",
+      "integrity": "sha512-oRSIpR8pxT1Wr2FquTNnGet79b3BWljqOuoW/h4oBhxJ/HUbX5nX6JSruTkvXDCFMwDPvsaTTbvMLKZWSy0R5g==",
+      "dev": true,
+      "requires": {
+        "has-flag": "^4.0.0"
+      }
+    },
+    "test-exclude": {
+      "version": "6.0.0",
+      "resolved": "https://registry.npmjs.org/test-exclude/-/test-exclude-6.0.0.tgz",
+      "integrity": "sha512-cAGWPIyOHU6zlmg88jwm7VRyXnMN7iV68OGAbYDk/Mh/xC/pzVPlQtY6ngoIH/5/tciuhGfvESU8GrHrcxD56w==",
+      "dev": true,
+      "requires": {
+        "@istanbuljs/schema": "^0.1.2",
+        "glob": "^7.1.4",
+        "minimatch": "^3.0.4"
+      }
+    },
+    "text-encoding": {
+      "version": "0.7.0",
+      "resolved": "https://registry.npmjs.org/text-encoding/-/text-encoding-0.7.0.tgz",
+      "integrity": "sha512-oJQ3f1hrOnbRLOcwKz0Liq2IcrvDeZRHXhd9RgLrsT+DjWY/nty1Hi7v3dtkaEYbPYe0mUoOfzRrMwfXXwgPUA==",
+      "dev": true
+    },
+    "to-fast-properties": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/to-fast-properties/-/to-fast-properties-2.0.0.tgz",
+      "integrity": "sha1-3F5pjL0HkmW8c+A3doGk5Og/YW4=",
+      "dev": true
+    },
+    "to-regex-range": {
+      "version": "5.0.1",
+      "resolved": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz",
+      "integrity": "sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ==",
+      "dev": true,
+      "requires": {
+        "is-number": "^7.0.0"
+      }
+    },
+    "tough-cookie": {
+      "version": "2.5.0",
+      "resolved": "https://registry.npmjs.org/tough-cookie/-/tough-cookie-2.5.0.tgz",
+      "integrity": "sha512-nlLsUzgm1kfLXSXfRZMc1KLAugd4hqJHDTvc2hDIwS3mZAfMEuMbc03SujMF+GEcpaX/qboeycw6iO8JwVv2+g==",
+      "dev": true,
+      "requires": {
+        "psl": "^1.1.28",
+        "punycode": "^2.1.1"
+      }
+    },
+    "tr46": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/tr46/-/tr46-1.0.1.tgz",
+      "integrity": "sha1-qLE/1r/SSJUZZ0zN5VujaTtwbQk=",
+      "dev": true,
+      "requires": {
+        "punycode": "^2.1.0"
+      }
+    },
+    "tslib": {
+      "version": "1.13.0",
+      "resolved": "https://registry.npmjs.org/tslib/-/tslib-1.13.0.tgz",
+      "integrity": "sha512-i/6DQjL8Xf3be4K/E6Wgpekn5Qasl1usyw++dAA35Ue5orEn65VIxOA+YvNNl9HV3qv70T7CNwjODHZrLwvd1Q==",
+      "dev": true
+    },
+    "tunnel-agent": {
+      "version": "0.6.0",
+      "resolved": "https://registry.npmjs.org/tunnel-agent/-/tunnel-agent-0.6.0.tgz",
+      "integrity": "sha1-J6XeoGs2sEoKmWZ3SykIaPD8QP0=",
+      "dev": true,
+      "requires": {
+        "safe-buffer": "^5.0.1"
+      }
+    },
+    "tweetnacl": {
+      "version": "0.14.5",
+      "resolved": "https://registry.npmjs.org/tweetnacl/-/tweetnacl-0.14.5.tgz",
+      "integrity": "sha1-WuaBd/GS1EViadEIr6k/+HQ/T2Q=",
+      "dev": true
+    },
+    "type-detect": {
+      "version": "4.0.8",
+      "resolved": "https://registry.npmjs.org/type-detect/-/type-detect-4.0.8.tgz",
+      "integrity": "sha512-0fr/mIH1dlO+x7TlcMy+bIDqKPsw/70tVyeHW787goQjhmqaZe10uwLujubK9q9Lg6Fiho1KUKDYz0Z7k7g5/g==",
+      "dev": true
+    },
+    "type-fest": {
+      "version": "0.8.1",
+      "resolved": "https://registry.npmjs.org/type-fest/-/type-fest-0.8.1.tgz",
+      "integrity": "sha512-4dbzIzqvjtgiM5rw1k5rEHtBANKmdudhGyBEajN01fEyhaAIhsoKNy6y7+IN93IfpFtwY9iqi7kD+xwKhQsNJA==",
+      "dev": true
+    },
+    "typedarray-to-buffer": {
+      "version": "3.1.5",
+      "resolved": "https://registry.npmjs.org/typedarray-to-buffer/-/typedarray-to-buffer-3.1.5.tgz",
+      "integrity": "sha512-zdu8XMNEDepKKR+XYOXAVPtWui0ly0NtohUscw+UmaHiAWT8hrV1rr//H6V+0DvJ3OQ19S979M0laLfX8rm82Q==",
+      "dev": true,
+      "requires": {
+        "is-typedarray": "^1.0.0"
+      }
+    },
+    "uri-js": {
+      "version": "4.4.1",
+      "resolved": "https://registry.npmjs.org/uri-js/-/uri-js-4.4.1.tgz",
+      "integrity": "sha512-7rKUyy33Q1yc98pQ1DAmLtwX109F7TIfWlW1Ydo8Wl1ii1SeHieeh0HHfPeL2fMXK6z0s8ecKs9frCuLJvndBg==",
+      "dev": true,
+      "requires": {
+        "punycode": "^2.1.0"
+      }
+    },
+    "urijs": {
+      "version": "1.19.11",
+      "resolved": "https://registry.npmjs.org/urijs/-/urijs-1.19.11.tgz",
+      "integrity": "sha512-HXgFDgDommxn5/bIv0cnQZsPhHDA90NPHD6+c/v21U5+Sx5hoP8+dP9IZXBU1gIfvdRfhG8cel9QNPeionfcCQ==",
+      "dev": true
+    },
+    "uuid": {
+      "version": "3.4.0",
+      "resolved": "https://registry.npmjs.org/uuid/-/uuid-3.4.0.tgz",
+      "integrity": "sha512-HjSDRw6gZE5JMggctHBcjVak08+KEVhSIiDzFnT9S9aegmp85S/bReBVTb4QTFaRNptJ9kuYaNhnbNEOkbKb/A==",
+      "dev": true
+    },
+    "verror": {
+      "version": "1.10.0",
+      "resolved": "https://registry.npmjs.org/verror/-/verror-1.10.0.tgz",
+      "integrity": "sha1-OhBcoXBTr1XW4nDB+CiGguGNpAA=",
+      "dev": true,
+      "requires": {
+        "assert-plus": "^1.0.0",
+        "core-util-is": "1.0.2",
+        "extsprintf": "^1.2.0"
+      }
+    },
+    "w3c-keyname": {
+      "version": "2.2.4",
+      "resolved": "https://registry.npmjs.org/w3c-keyname/-/w3c-keyname-2.2.4.tgz",
+      "integrity": "sha512-tOhfEwEzFLJzf6d1ZPkYfGj+FWhIpBux9ppoP3rlclw3Z0BZv3N7b7030Z1kYth+6rDuAsXUFr+d0VE6Ed1ikw==",
+      "dev": true
+    },
+    "webcrypto-core": {
+      "version": "0.1.27",
+      "resolved": "https://registry.npmjs.org/webcrypto-core/-/webcrypto-core-0.1.27.tgz",
+      "integrity": "sha512-r0MSFxvqaIjoqIKerm80P9+7n1dWBG88PYnshJk57J4uZuXlqNX8yQixrEIe3CGqrJ7xwfGM2SQGR4AlJYr02g==",
+      "dev": true,
+      "requires": {
+        "tslib": "^1.7.1"
+      }
+    },
+    "webidl-conversions": {
+      "version": "4.0.2",
+      "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-4.0.2.tgz",
+      "integrity": "sha512-YQ+BmxuTgd6UXZW3+ICGfyqRyHXVlD5GtQr5+qjiNW7bF0cqrzX500HVXPBOvgXb5YnzDd+h0zqyv61KUD7+Sg==",
+      "dev": true
+    },
+    "whatwg-url": {
+      "version": "6.5.0",
+      "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-6.5.0.tgz",
+      "integrity": "sha512-rhRZRqx/TLJQWUpQ6bmrt2UV4f0HCQ463yQuONJqC6fO2VoEb1pTYddbe59SkYq87aoM5A3bdhMZiUiVws+fzQ==",
+      "dev": true,
+      "requires": {
+        "lodash.sortby": "^4.7.0",
+        "tr46": "^1.0.1",
+        "webidl-conversions": "^4.0.2"
+      }
+    },
+    "which": {
+      "version": "2.0.2",
+      "resolved": "https://registry.npmjs.org/which/-/which-2.0.2.tgz",
+      "integrity": "sha512-BLI3Tl1TW3Pvl70l3yq3Y64i+awpwXqsGBYWkkqMtnbXgrMD+yj7rhW0kuEDxzJaYXGjEW5ogapKNMEKNMjibA==",
+      "dev": true,
+      "requires": {
+        "isexe": "^2.0.0"
+      }
+    },
+    "which-module": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/which-module/-/which-module-2.0.0.tgz",
+      "integrity": "sha1-2e8H3Od7mQK4o6j6SzHD4/fm6Ho=",
+      "dev": true
+    },
+    "workerpool": {
+      "version": "6.2.1",
+      "resolved": "https://registry.npmjs.org/workerpool/-/workerpool-6.2.1.tgz",
+      "integrity": "sha512-ILEIE97kDZvF9Wb9f6h5aXK4swSlKGUcOEGiIYb2OOu/IrDU9iwj0fD//SsA6E5ibwJxpEvhullJY4Sl4GcpAw==",
+      "dev": true
+    },
+    "wrap-ansi": {
+      "version": "7.0.0",
+      "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz",
+      "integrity": "sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==",
+      "dev": true,
+      "requires": {
+        "ansi-styles": "^4.0.0",
+        "string-width": "^4.1.0",
+        "strip-ansi": "^6.0.0"
+      },
+      "dependencies": {
+        "ansi-styles": {
+          "version": "4.3.0",
+          "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
+          "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
+          "dev": true,
+          "requires": {
+            "color-convert": "^2.0.1"
+          }
+        },
+        "color-convert": {
+          "version": "2.0.1",
+          "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
+          "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
+          "dev": true,
+          "requires": {
+            "color-name": "~1.1.4"
+          }
+        },
+        "color-name": {
+          "version": "1.1.4",
+          "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
+          "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==",
+          "dev": true
+        }
+      }
+    },
+    "wrappy": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz",
+      "integrity": "sha1-tSQ9jz7BqjXxNkYFvA0QNuMKtp8=",
+      "dev": true
+    },
+    "write-file-atomic": {
+      "version": "3.0.3",
+      "resolved": "https://registry.npmjs.org/write-file-atomic/-/write-file-atomic-3.0.3.tgz",
+      "integrity": "sha512-AvHcyZ5JnSfq3ioSyjrBkH9yW4m7Ayk8/9My/DD9onKeu/94fwrMocemO2QAJFAlnnDN+ZDS+ZjAR5ua1/PV/Q==",
+      "dev": true,
+      "requires": {
+        "imurmurhash": "^0.1.4",
+        "is-typedarray": "^1.0.0",
+        "signal-exit": "^3.0.2",
+        "typedarray-to-buffer": "^3.1.5"
+      }
+    },
+    "y18n": {
+      "version": "5.0.8",
+      "resolved": "https://registry.npmjs.org/y18n/-/y18n-5.0.8.tgz",
+      "integrity": "sha512-0pfFzegeDWJHJIAmTLRP2DwHjdF5s7jo9tuztdQxAhINCdvS+3nGINqPd00AphqJR/0LhANUS6/+7SCb98YOfA==",
+      "dev": true
+    },
+    "yargs": {
+      "version": "16.2.0",
+      "resolved": "https://registry.npmjs.org/yargs/-/yargs-16.2.0.tgz",
+      "integrity": "sha512-D1mvvtDG0L5ft/jGWkLpG1+m0eQxOfaBvTNELraWj22wSVUMWxZUvYgJYcKh6jGGIkJFhH4IZPQhR4TKpc8mBw==",
+      "dev": true,
+      "requires": {
+        "cliui": "^7.0.2",
+        "escalade": "^3.1.1",
+        "get-caller-file": "^2.0.5",
+        "require-directory": "^2.1.1",
+        "string-width": "^4.2.0",
+        "y18n": "^5.0.5",
+        "yargs-parser": "^20.2.2"
+      }
+    },
+    "yargs-parser": {
+      "version": "20.2.4",
+      "resolved": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-20.2.4.tgz",
+      "integrity": "sha512-WOkpgNhPTlE73h4VFAFsOnomJVaovO8VqLDzy5saChRBFQFBoMYirowyW+Q9HB4HFF4Z7VZTiG3iSzJJA29yRA==",
+      "dev": true
+    },
+    "yargs-unparser": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/yargs-unparser/-/yargs-unparser-2.0.0.tgz",
+      "integrity": "sha512-7pRTIA9Qc1caZ0bZ6RYRGbHJthJWuakf+WmHK0rVeLkNrrGhfoabBNdue6kdINI6r4if7ocq9aD/n7xwKOdzOA==",
+      "dev": true,
+      "requires": {
+        "camelcase": "^6.0.0",
+        "decamelize": "^4.0.0",
+        "flat": "^5.0.2",
+        "is-plain-obj": "^2.1.0"
+      },
+      "dependencies": {
+        "camelcase": {
+          "version": "6.3.0",
+          "resolved": "https://registry.npmjs.org/camelcase/-/camelcase-6.3.0.tgz",
+          "integrity": "sha512-Gmy6FhYlCY7uOElZUSbxo2UCDH8owEk996gkbrpsgGtrJLM3J7jGxl9Ic7Qwwj4ivOE5AWZWRMecDdF7hqGjFA==",
+          "dev": true
+        },
+        "decamelize": {
+          "version": "4.0.0",
+          "resolved": "https://registry.npmjs.org/decamelize/-/decamelize-4.0.0.tgz",
+          "integrity": "sha512-9iE1PgSik9HeIIw2JO94IidnE3eBoQrFJ3w7sFuzSX4DpmZ3v5sZpUiV5Swcf6mQEF+Y0ru8Neo+p+nyh2J+hQ==",
+          "dev": true
+        }
+      }
+    },
+    "yocto-queue": {
+      "version": "0.1.0",
+      "resolved": "https://registry.npmjs.org/yocto-queue/-/yocto-queue-0.1.0.tgz",
+      "integrity": "sha512-rVksvsnNCdJ/ohGc6xgPwyN8eheCxsiLM8mxuE/t/mOVqJewPuO1miLpTHQiRgTKCLexL4MeAFVagts7HmNZ2Q==",
+      "dev": true
+    }
+  }
+}
diff --git a/chromium/package.json b/chromium/package.json
new file mode 100644
index 000000000000..8918b2b89a60
--- /dev/null
+++ b/chromium/package.json
@@ -0,0 +1,35 @@
+{
+  "name": "https-everywhere",
+  "version": "1.0.0",
+  "description": "",
+  "main": "utils.js",
+  "devDependencies": {
+    "atob": "^2.0.3",
+    "btoa": "^1.1.2",
+    "chai": "^4.2.0",
+    "coveralls": "^3.1.0",
+    "codemirror": "~6.0.1",
+    "fetch-mock": "^9.10.7",
+    "mocha": "^10.0.0",
+    "nan": "^2.14.1",
+    "node-webcrypto-ossl": "^1.0.49",
+    "nyc": "^15.1.0",
+    "pako": "~2.0.2",
+    "sinon": "^14.0.0",
+    "sinon-chrome": "^3.0.1",
+    "text-encoding": "^0.7.0"
+  },
+  "scripts": {
+    "test": "mocha",
+    "cover": "nyc --reporter=html --reporter=text mocha",
+    "report": "nyc report --reporter=text-lcov | coveralls"
+  },
+  "nyc": {
+    "exclude": [
+      "external"
+    ]
+  },
+  "keywords": [],
+  "author": "",
+  "license": "GPL-2.0+"
+}
diff --git a/chromium/pages/base.css b/chromium/pages/base.css
new file mode 100644
index 000000000000..92adbf8a2dd6
--- /dev/null
+++ b/chromium/pages/base.css
@@ -0,0 +1,46 @@
+:root {
+  --https-blue: #0a84ff;
+  --darker-blue: #0060df;
+  --text-main: #000;
+  --text-secondary: #464646;
+  --light-grey: #ececec;
+  --space: 5px;
+  --font: 'Lucida Grande', 'Segoe UI', Tahoma, 'DejaVu Sans', Arial, sans-serif;
+  --code-font: 'VeraMono';
+}
+
+/*--------------------------------------------------------------
+# Layout
+--------------------------------------------------------------*/
+.grid {
+  display: grid;
+  grid-template-columns: 1fr 1fr 1fr;
+  row-gap: 16px;
+}
+
+/*--------------------------------------------------------------
+# Typography
+--------------------------------------------------------------*/
+.font {
+  font-family: var(--font);
+}
+
+/*--------------------------------------------------------------
+# Elements
+--------------------------------------------------------------*/
+.button {
+  border: var(--https-blue) solid 1px;
+  color: var(--text-main);
+  display: block;
+  font-size: 12px;
+  font-weight: bold;
+  margin: var(--space) auto;
+  padding: 10px;
+  text-align: center;
+  text-decoration: none;
+}
+
+.button:hover {
+  background-color: var(--darker-blue);
+  color: #fff;
+}
diff --git a/chromium/pages/cancel/index.html b/chromium/pages/cancel/index.html
new file mode 100644
index 000000000000..ec2518437350
--- /dev/null
+++ b/chromium/pages/cancel/index.html
@@ -0,0 +1,32 @@
+<!doctype html>
+<html>
+  <head>
+    <!-- Required meta tags -->
+    <meta charset="utf-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
+
+    <title>⚠ HTTPS Everywhere ⚠</title>
+    <link href="style.css" rel="stylesheet">
+    <link rel="icon" href="/images/icons/icon-blocking-38.png">
+  </head>
+  <body>
+      <div class="banner">
+        <img src="/images/banner-red.svg" alt="HTTPS Everywhere">
+      </div>
+
+      <div class="explainer" data-i18n="cancel_he_blocking_explainer"></div>
+
+      <div class="copy_block">
+        <pre id="url-value"></pre>
+        <button id="copy-url" class="ease_button" data-i18n="cancel_copy_url"></button>
+      </div>
+
+      <div class="button_options">
+        <button id="http-once-button" class="ease_button" data-i18n="cancel_http_once"></button>
+        <button id="open-url-button" class="ease_button" data-i18n="cancel_open_page"></button>
+      </div>
+    <script src="/pages/translation.js"></script>
+    <script src="/pages/util.js"></script>
+    <script src="ux.js"></script>
+  </body>
+</html>
diff --git a/chromium/pages/cancel/style.css b/chromium/pages/cancel/style.css
new file mode 100644
index 000000000000..aeba151a0749
--- /dev/null
+++ b/chromium/pages/cancel/style.css
@@ -0,0 +1,130 @@
+@import "../main.css";
+
+body {
+  display: grid;
+  grid-template-columns: 1fr 1fr 1fr;
+  margin: 2% auto;
+  font-size: 12pt;
+  font-family: sans-serif;
+  line-height: 150%;
+  row-gap: 16px;
+}
+
+/*---------
+# GRID LAYOUT
+---------*/
+.banner {
+  grid-column: 2;
+  grid-row: 1;
+}
+.explainer {
+  grid-column: 2;
+  grid-row: 2;
+}
+.copy_block {
+  grid-column: 2;
+  grid-row: 3;
+}
+.button_options {
+  grid-column: 2;
+  grid-row: 4;
+}
+
+h1 {
+  display: block;
+}
+
+h1 img {
+  width: 100%;
+  height: auto;
+}
+
+#url-paragraph {
+  display: inline-flex;
+  overflow: hidden;
+  white-space: nowrap;
+  text-overflow: ellipsis;
+}
+
+.ease_button {
+  background-color: #ec1e1e;
+  border: 1px solid #ec1e1e;
+  border-radius: 4px;
+  color: #fff;
+  cursor: pointer;
+  padding: 0.5em 1em;
+  float: none;
+  font-size: 12pt;
+  font-weight: normal;
+  margin: 8px 0;
+  line-height: 150%;
+}
+
+button:last-child {
+  margin: 0;
+}
+
+#url-value{
+ float: left;
+ font-weight: bold;
+ margin: 2% 2% 0 0;
+}
+#copy-url, #open-url-button{
+  background-color: var(--light-grey) !important;
+  border: 1px solid var(--text-secondary) !important;
+}
+#copy-url {
+  color: var(--text-secondary) !important;
+  font-size: 14px;
+}
+#open-url-button {
+  color: #666666 !important;
+}
+#copy-url:hover, #open-url-button:hover {
+  background-color: var(--text-secondary) !important;
+  border: 1px solid var(--text-secondary) !important;
+  color: var(--light-grey) !important;
+}
+
+@media screen and (max-width: 800px) {
+  body {
+    grid-template-columns: 1fr;
+    margin: 5%;
+  }
+  .banner {
+    grid-row: 1;
+  }
+  .explainer {
+    grid-row: 2;
+  }
+  .copy_block {
+    grid-row: 3;
+  }
+  .button_options {
+    grid-row: 4;
+  }
+  .ease_button {
+    width: 100%;
+    margin: 8px 0;
+  }
+}
+
+@media (prefers-color-scheme: dark) {
+  body {
+    background-color: #202023;
+    color: #f9f9fa;
+  }
+
+  a {
+    color: #45a1ff;
+  }
+
+  .ease_button {
+    color: #202023;
+  }
+
+  .ease_button:hover {
+    background-color: #202023;
+    border-color: #ec1e1e;
+  }
+}
diff --git a/chromium/pages/cancel/ux.js b/chromium/pages/cancel/ux.js
new file mode 100644
index 000000000000..d13dfdfb711a
--- /dev/null
+++ b/chromium/pages/cancel/ux.js
@@ -0,0 +1,124 @@
+/* global sendMessage */
+
+"use strict";
+
+let observer;
+document.addEventListener("DOMContentLoaded", () => {
+  const explainer = document.querySelector("[data-i18n=cancel_he_blocking_explainer]");
+  observer = new MutationObserver(() => {
+    replaceLink(explainer);
+  });
+  if (explainer.innerText.length > 0) {
+    replaceLink(explainer);
+  } else {
+    observer.observe(explainer, {childList: true});
+  }
+  displayURL();
+});
+
+function replaceLink(explainer) {
+  observer.disconnect();
+  const linkText = chrome.i18n.getMessage("cancel_he_blocking_network");
+  const link = document.createElement("a");
+  link.classList.add("wikilink");
+  link.href = "https://en.wikipedia.org/wiki/Downgrade_attack";
+  link.innerText = linkText;
+  explainer.innerHTML = explainer.innerHTML.replace(linkText, link.outerHTML);
+
+  /*
+    In response to translation of i18n string "cancel_he_blocking_network".
+    Within context of the paragraph and as a standalone string can be interpreted differently
+    langauge to language.
+
+    So if link fails to swap in replace, this conditional is triggered
+  */
+  if (document.getElementsByClassName("wikilink").length === 0) {
+    link.innerText = linkText;
+    explainer.after(link);
+  }
+
+}
+
+function displayURL() {
+  const searchParams = new URLSearchParams(window.location.search);
+  const originURL = searchParams.get('originURL');
+  const originURLLink = document.getElementById('url-value');
+  const openURLButton = document.getElementById('open-url-button');
+  const openHttpOnce = document.getElementById('http-once-button');
+  const copyButton = document.getElementById('copy-url');
+  const url = new URL(originURL);
+
+  originURLLink.innerText = originURL;
+  originURLLink.href = originURL;
+
+  openURLButton.addEventListener("click", function() {
+    sendMessage("disable_on_site", url.host, () => {
+      window.location = originURL;
+    });
+
+    return false;
+  });
+
+  // Copy URL Feature on EASE
+
+  function copyLinkAlternate() {
+    let isSuccessful = false;
+
+    const sel = window.getSelection();
+
+    try {
+      sel.removeAllRanges();
+
+      const range = document.createRange();
+      range.selectNode(originURLLink);
+
+      sel.addRange(range);
+
+      isSuccessful = document.execCommand("copy");
+
+      sel.removeAllRanges();
+
+      return isSuccessful;
+    } catch (err) {
+      console.error(err);
+
+      sel.removeAllRanges();
+
+      return false;
+    }
+  }
+
+  async function copyLink() {
+    try {
+      await navigator.clipboard.writeText(originURL);
+      return true;
+    } catch (err) {
+      return copyLinkAlternate();
+    }
+  }
+
+  let restoreTimeout = null;
+
+  copyButton.addEventListener("click", async () => {
+    if (await copyLink()) {
+      copyButton.innerText = chrome.i18n.getMessage("cancel_copied_url");
+
+      if (restoreTimeout !== null) {
+        clearTimeout(restoreTimeout);
+      }
+
+      restoreTimeout = setTimeout(() => {
+        copyButton.innerText = chrome.i18n.getMessage("cancel_copy_url");
+        restoreTimeout = null;
+      }, 1500);
+    }
+  });
+
+  openHttpOnce.addEventListener("click", function() {
+    sendMessage("disable_on_site_once", url.host, () => {
+      window.location = originURL;
+    });
+
+    return false;
+  });
+}
diff --git a/chromium/pages/debugging-rulesets/index.html b/chromium/pages/debugging-rulesets/index.html
new file mode 100644
index 000000000000..d3e91227f4c3
--- /dev/null
+++ b/chromium/pages/debugging-rulesets/index.html
@@ -0,0 +1,25 @@
+<!doctype html>
+<html>
+  <head>
+    <meta charset="utf-8">
+    <title></title>
+    <link href="style.css" rel="stylesheet">
+    <script src="/external/codemirror/codemirror-5.31.0.min.js"></script>
+    <link href="/external/codemirror/codemirror-5.31.0.min.css" rel="stylesheet">
+    <script src="/external/codemirror/codemirror-5.31.0.xml.min.js"></script>
+  </head>
+  <body>
+    <div class="section-header"><span class="section-header-span">Debugging Rulesets</span></div>
+    <div class="section-explainer">
+      Enter ruleset XML below and click save when ready.  These rulesets will be immediately activated upon saving, and will persist across restarts.<br>
+      <i>Warning</i>: This should only be used for debugging rulesets.  This feature is not guaranteed to work reliably for regular usage.<br>
+      <i>Note</i>: Due to a bug in Chromium, it may be necessary to close the options ui before saving.
+    </div>
+    <div id="unsaved-text">There are unsaved changes!  Be sure to save them for them to take effect.</div>
+    <textarea id="codemirror-textarea"></textarea>
+    <button type="button" id="save-button">Save</button>
+    <div id="saved-text">Saved!</div>
+    <script src="../util.js"></script>
+    <script src="ux.js"></script>
+  </body>
+</html>
diff --git a/chromium/pages/debugging-rulesets/style.css b/chromium/pages/debugging-rulesets/style.css
new file mode 100644
index 000000000000..e424c70b5a7b
--- /dev/null
+++ b/chromium/pages/debugging-rulesets/style.css
@@ -0,0 +1,40 @@
+.cm-s-main{
+  width: 100%;
+  height: 500px;
+}
+
+.cm-s-saved{
+  border: 1px solid black;
+}
+
+.cm-s-unsaved{
+  border: 1px solid red;
+}
+
+.section-explainer{
+  margin-bottom: 5px;
+}
+
+.section-header{
+  margin-bottom: 10px;
+}
+
+.section-header-span{
+  border-bottom: 1px solid #ccc;
+  font-size: 15px;
+}
+
+#saved-text{
+  display: none;
+  color: green;
+  font-weight: bold;
+  margin: 30px;
+}
+
+#unsaved-text{
+  font-weight: bold;
+  margin: 10px 0px;
+  color: red;
+  visibility: hidden;
+  text-align: center;
+}
diff --git a/chromium/pages/debugging-rulesets/ux.js b/chromium/pages/debugging-rulesets/ux.js
new file mode 100644
index 000000000000..0df93d8dd080
--- /dev/null
+++ b/chromium/pages/debugging-rulesets/ux.js
@@ -0,0 +1,46 @@
+/* global sendMessage, CodeMirror */
+
+"use strict";
+
+const savedTextElement = document.getElementById("saved-text");
+const unsavedTextElement = document.getElementById("unsaved-text");
+const savedTitle = "Debugging Rulesets";
+const unsavedTitle = "* Debugging Rulesets";
+
+document.title = savedTitle;
+
+const cm = CodeMirror.fromTextArea(
+  document.getElementById("codemirror-textarea"),
+  {
+    mode: "xml",
+    theme: "default main saved"
+  }
+);
+
+let valueHasChanged = false;
+sendMessage("get_option", { debugging_rulesets: "" }, item => {
+  cm.setValue(item.debugging_rulesets);
+  cm.on("change", cm => {
+    if (!(valueHasChanged)) {
+      valueHasChanged = true;
+      document.title = unsavedTitle;
+      cm.setOption("theme", "default main unsaved");
+      unsavedTextElement.style.visibility = "visible";
+    }
+  });
+});
+
+document.getElementById("save-button").addEventListener("click", e => {
+  e.preventDefault();
+  sendMessage("set_option", { debugging_rulesets: cm.getValue() }, () => {
+    savedTextElement.style.display = "block";
+    setTimeout(() => {
+      savedTextElement.style.display = "none";
+    }, 1000);
+
+    valueHasChanged = false;
+    document.title = savedTitle;
+    cm.setOption("theme", "default main saved");
+    unsavedTextElement.style.visibility = "hidden";
+  });
+});
diff --git a/chromium/pages/main.css b/chromium/pages/main.css
new file mode 100644
index 000000000000..2772c46141e7
--- /dev/null
+++ b/chromium/pages/main.css
@@ -0,0 +1,21 @@
+/*--------------------------------------------------------------
+>>> TABLE OF CONTENTS:
+----------------------------------------------------------------
+# Base
+  - Layout
+	- Typography
+	- Elements
+	- Links
+# Utilities
+	- Accessibility
+
+--------------------------------------------------------------*/
+
+/*--------------------------------------------------------------
+# Base
+--------------------------------------------------------------*/
+@import "base.css";
+
+/* Utilities - TBA
+--------------------------------------------- */
+
diff --git a/chromium/pages/options/index.html b/chromium/pages/options/index.html
new file mode 100644
index 000000000000..b6bdc337cfb3
--- /dev/null
+++ b/chromium/pages/options/index.html
@@ -0,0 +1,65 @@
+<!doctype html>
+<html>
+  <head>
+    <meta charset="utf-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1">
+    <title></title>
+    <link href="style.css" rel="stylesheet">
+  </head>
+  <body class="font">
+    <section class="header-wrapper">
+      <span class="button section-header-span active" data-show="general-settings-wrapper" data-i18n="options_generalSettings"></span>
+      <span class="button section-header-span inactive" data-show="advanced-settings-wrapper" data-i18n="options_advancedSettings"></span>
+      <span class="button section-header-span inactive" data-show="update-channels-wrapper" data-i18n="options_updateChannels"></span>
+    </section>
+    <div class="section-wrapper" id="general-settings-wrapper">
+      <div id="update-wrapper" class="settings-wrapper">
+        <input type="checkbox" id="autoUpdateRulesets">
+        <label for="autoUpdateRulesets" data-i18n="options_autoUpdateRulesets"></label>
+      </div>
+      <div id="user-rules-wrapper">
+        <p class="user-rules-wrapper-header" data-i18n="options_userRulesListed"></p>
+      </div>
+      <div id="disabled-rules-wrapper">
+        <p class="disabled-rules-wrapper-header" data-i18n="options_disabledUrlsListed"></p>
+        <div id="add-disabled-site-wrapper">
+          <button class="button" id="add-disabled-site" data-i18n="options_addDisabledSite"></button>
+          <input type="text" id="disabled-site" />
+        </div>
+        <div id="add-disabled-site-invalid-host" data-i18n="options_hostNotFormattedCorrectly"></div>
+      </div>
+    </div>
+
+    <div class="section-wrapper" id="advanced-settings-wrapper">
+      <div id="mixed-rulesets-wrapper" class="settings-wrapper">
+        <input type="checkbox" id="enableMixedRulesets">
+        <label for="enableMixedRulesets" data-i18n="options_enableMixedRulesets"></label>
+      </div>
+      <div id="show-devtools-tab-wrapper" class="settings-wrapper">
+        <input type="checkbox" id="showDevtoolsTab">
+        <label for="showDevtoolsTab" data-i18n="options_showDevtoolsTab"></label>
+      </div>
+    </div>
+
+    <div class="section-wrapper" id="update-channels-wrapper">
+      <div id="update-channels-error">
+        <span id="update-channels-error-text"></span>
+        <img id="update-channels-error-hide" src="/images/remove.png">
+      </div>
+      <div id="update-channels-warning" data-i18n="options_updateChannelsWarning"></div>
+      <div id="update-channels-last-checked"></div>
+      <div class="clearer"></div>
+      <div id="update-channels-list"></div>
+      <div id="add-update-channel-wrapper">
+        <button class="button" id="add-update-channel" data-i18n="options_addUpdateChannel"></button>
+        <input type="text" id="update-channel-name" />
+      </div>
+    </div>
+
+    <a id="secretArea" href="/pages/debugging-rulesets/index.html" target="_blank" class="hidden" data-i18n="options_debuggingRulesets"></a>
+
+    <script src="ux.js"></script>
+    <script src="../translation.js"></script>
+    <script src="../util.js"></script>
+  </body>
+</html>
diff --git a/chromium/pages/options/style.css b/chromium/pages/options/style.css
new file mode 100644
index 000000000000..032a7bad7a44
--- /dev/null
+++ b/chromium/pages/options/style.css
@@ -0,0 +1,264 @@
+@import "../main.css";
+
+body{
+  display: grid;
+  grid-template-columns: 1fr 1fr 1fr;
+}
+
+/*---------
+# GRID LAYOUT
+---------*/
+.header-wrapper, .section-wrapper {
+  margin: auto;
+}
+.header-wrapper {
+  display: inline-flex;
+  grid-column: 2;
+  grid-row: 1;
+}
+.section-wrapper {
+  grid-column: 2;
+  grid-row: 2;
+}
+#add-disabled-site-wrapper {
+  float: left;
+}
+#add-update-channel-wrapper {
+  display: inline-block;
+}
+
+.settings-wrapper{
+  margin: 10px 0 0 0;
+}
+
+.settings-wrapper#update-wrapper{
+  margin-bottom: 20px;
+}
+
+.settings-wrapper#show-devtools-tab-wrapper{
+  margin-bottom: 20px;
+}
+
+/** User rules Option**/
+.user-rules-wrapper-header {
+  font-weight: bold;
+  padding-left: 5px;
+}
+.user-rules-list-item:last-of-type {
+  border-bottom: none;
+}
+.user-rules-list-item {
+  border-bottom: 1px solid #ccc;
+  display: inline-flex;
+  margin-left: 5%;
+  width: 80%;
+}
+.user-rules-list-item p {
+  width: 100%;
+}
+
+/** Disabled Sites Option**/
+#add-disabled-site-invalid-host {
+  font-weight: bold;
+  color: red;
+  display: none;
+}
+.disabled-rules-wrapper-header {
+  font-weight: bold;
+  padding-left: 5px;
+}
+img.remove{
+  cursor: pointer;
+  float: right;
+  height: 15px;
+  margin-top: -34px;
+  width: 15px;
+}
+.disabled-rule-list-item:last-of-type {
+  border-bottom: none;
+}
+.disabled-rule-list-item {
+  border-bottom: 1px solid #ccc;
+  clear: both;
+}
+.disabled-rule-list-item p {
+  width: 80%;
+  word-wrap: anywhere;
+}
+
+.section-header{
+  margin-bottom: 10px;
+}
+
+#import{
+  margin-bottom: 10px;
+  float: right;
+}
+
+#import-confirmed{
+  display: none;
+}
+
+.section-header-span{
+  cursor: pointer;
+  padding: 8px;
+  margin-left: 0 !important;
+  margin-right: var(--space) !important;
+  display: inline-block;
+}
+
+.section-header-span.active{
+  background-color: var(--darker-blue);
+  color: #FFF;
+}
+.section-header-span.inactive{
+  background-color: var(--light-grey);
+}
+.section-header-span.inactive:hover {
+  background-color: var(--darker-blue);
+}
+
+.update-channel{
+  border: 1px solid grey;
+  border-radius: 20px;
+  margin-top: 30px;
+  margin-bottom: 30px;
+  padding: 6px;
+}
+
+.update-channel-name{
+  font-weight: bold;
+  font-size: 14px;
+  margin: 10px;
+}
+
+.update-channel-column-left {
+  width: 89px;
+  float: left;
+  font-size: 13px;
+  text-align: right;
+  margin-right: 10px;
+  min-height: 1px;
+}
+
+.update-channel-column-right {
+  float: left;
+  width: 380px;
+}
+
+textarea.update-channel-jwk {
+  width: 367px;
+  height: 250px;
+  resize: vertical;
+}
+
+input.update-channel-path-prefix, input.update-channel-scope {
+  width: 367px;
+}
+
+div.update-channel-row-scope {
+  margin-top: 3px;
+}
+
+.update-channel-column-right button {
+  float: right;
+  margin: 10px;
+  border-radius: 7px;
+}
+
+button#add-update-channel, button#add-disabled-site {
+  float: right;
+  height: 30px;
+  margin: 0px 10px 10px 10px;
+  padding: 6px;
+}
+
+input#update-channel-name, input#disabled-site {
+  float: right;
+}
+
+.clearer{
+  clear: both;
+}
+
+.update-channel-last-updated {
+  float: right;
+  font-weight: lighter;
+  font-size: 10px;
+}
+
+div#update-channels-error, div#update-channels-warning {
+  margin-top: 20px;
+  font-weight: bold;
+  padding: 10px;
+  border-radius: 10px;
+}
+
+div#update-channels-error {
+  background-color: #CC3333;
+  display: none;
+  color: white;
+}
+
+div#update-channels-warning {
+  background-color: #FFCC00;
+  font-color: black;
+}
+
+#update-channels-error-text{
+  display: inline-block;
+  width: 460px;
+}
+
+img#update-channels-error-hide {
+  float: right;
+}
+
+div#update-channels-last-checked {
+  margin-top: 10px;
+  float: right;
+  font-weight: bold;
+  font-size: 10px;
+}
+
+#update-channels-list {
+  display: inline-block;
+}
+
+@keyframes flash {
+  from {
+    background: #fc0;
+  }
+  to {
+    background: transparent;
+  }
+}
+
+#secretArea {
+  border-radius: 5px;
+  padding: 5px;
+}
+
+.hidden {
+  display: none
+}
+
+.flash {
+  animation: flash 1s ease-out;
+}
+
+@media (prefers-color-scheme: dark) {
+  body {
+    background-color: #202023;
+    color: #f9f9fa;
+  }
+
+  .section-header-span, div#update-channels-warning {
+    color: #000;
+  }
+
+  textarea, input[type=text] {
+    background-color: #202023;
+    color: #f9f9fa;
+  }
+}
diff --git a/chromium/pages/options/ux.js b/chromium/pages/options/ux.js
new file mode 100644
index 000000000000..07d94dc9928d
--- /dev/null
+++ b/chromium/pages/options/ux.js
@@ -0,0 +1,422 @@
+/* global sendMessage */
+/* global getOption_ */
+/* global e */
+/* global show, hide */
+
+"use strict";
+
+document.addEventListener("DOMContentLoaded", () => {
+  const secretArea = document.getElementById('secretArea');
+
+  const onKeyDownHandler = evt => {
+    if (evt.ctrlKey && evt.key === 'z') {
+      secretArea.classList.remove('hidden');
+      secretArea.classList.add('flash');
+
+      sendMessage('set_option', { developerMode: true });
+
+      document.removeEventListener('keydown', onKeyDownHandler);
+
+      evt.preventDefault();
+    }
+  };
+
+  sendMessage('get_option', { developerMode: false }, item => {
+    if (item.developerMode) {
+      secretArea.classList.remove('hidden');
+    } else {
+      document.addEventListener('keydown', onKeyDownHandler);
+    }
+  });
+
+  const autoUpdateRulesets = document.getElementById("autoUpdateRulesets");
+  const enableMixedRulesets = document.getElementById("enableMixedRulesets");
+  const showDevtoolsTab = document.getElementById("showDevtoolsTab");
+
+  const defaultOptions = {
+    autoUpdateRulesets: true,
+    enableMixedRulesets: false,
+    showDevtoolsTab: true
+  };
+
+  sendMessage("get_option", defaultOptions, item => {
+    autoUpdateRulesets.checked = item.autoUpdateRulesets;
+    enableMixedRulesets.checked = item.enableMixedRulesets;
+    showDevtoolsTab.checked = item.showDevtoolsTab;
+
+    autoUpdateRulesets.addEventListener("change", () => {
+      sendMessage("set_option", { autoUpdateRulesets: autoUpdateRulesets.checked });
+    });
+
+    enableMixedRulesets.addEventListener("change", () => {
+      sendMessage("set_option", { enableMixedRulesets: enableMixedRulesets.checked });
+    });
+
+    showDevtoolsTab.addEventListener("change", () => {
+      sendMessage("set_option", { showDevtoolsTab: showDevtoolsTab.checked });
+    });
+  });
+
+  function onlyShowSection(sectionId) {
+    document.querySelectorAll('.section-wrapper').forEach(sw => {
+      sw.style.display = "none";
+    });
+    document.getElementById(sectionId).style.display = "block";
+  }
+  onlyShowSection('general-settings-wrapper');
+
+  document.querySelectorAll('.section-header-span').forEach(shs => {
+    shs.addEventListener("click", () => {
+      document.querySelectorAll('.section-header-span').forEach(shs => {
+        shs.classList.remove("active");
+        shs.classList.add("inactive");
+      });
+      shs.classList.remove("inactive");
+      shs.classList.add("active");
+      onlyShowSection(shs.dataset.show);
+    });
+  });
+
+  function create_update_channel_element(update_channel, last_updated, locked) {
+    let ruleset_version_string;
+
+    if(last_updated) {
+      const ruleset_date = new Date(last_updated * 1000);
+      ruleset_version_string = ruleset_date.getUTCFullYear() + "." + (ruleset_date.getUTCMonth() + 1) + "." + ruleset_date.getUTCDate();
+    } else {
+      ruleset_version_string = "n/a";
+    }
+
+    const update_channel_div = document.createElement('div');
+    update_channel_div.className = "update-channel";
+
+    const update_channel_name = document.createElement('div');
+    update_channel_name.className = "update-channel-name";
+    update_channel_name.innerText = update_channel.name;
+    update_channel_div.appendChild(update_channel_name);
+    const update_channel_last_updated = document.createElement('div');
+    update_channel_last_updated.className = "update-channel-last-updated";
+    update_channel_last_updated.innerText = chrome.i18n.getMessage("options_storedRulesetsVersion") + ruleset_version_string;
+    update_channel_name.appendChild(update_channel_last_updated);
+
+    const update_channel_row_format = document.createElement('div');
+    update_channel_row_format.className = "update-channel-row-format";
+    update_channel_div.appendChild(update_channel_row_format);
+    const update_channel_format_column_left = document.createElement('div');
+    update_channel_format_column_left.className = "update-channel-column-left";
+    update_channel_format_column_left.innerText = "Format:";
+    update_channel_row_format.appendChild(update_channel_format_column_left);
+    const update_channel_format_column_right = document.createElement('div');
+    update_channel_format_column_right.className = "update-channel-column-right";
+    update_channel_row_format.appendChild(update_channel_format_column_right);
+    const update_channel_format = document.createElement('select');
+    update_channel_format.className = "update-channel-format";
+    update_channel_format.setAttribute("data-name", update_channel.name);
+    update_channel_format.disabled = locked;
+    update_channel_format_column_right.appendChild(update_channel_format);
+    const update_channel_format_option_ruleset = document.createElement('option');
+    update_channel_format_option_ruleset.value = "ruleset";
+    update_channel_format_option_ruleset.innerText = "ruleset";
+    update_channel_format_option_ruleset.defaultSelected = true;
+    update_channel_format_option_ruleset.selected = (update_channel.format == "ruleset");
+    update_channel_format.appendChild(update_channel_format_option_ruleset);
+    const update_channel_format_option_bloom = document.createElement('option');
+    update_channel_format_option_bloom.value = "bloom";
+    update_channel_format_option_bloom.innerText = "bloom";
+    update_channel_format_option_bloom.selected = (update_channel.format == "bloom");
+    update_channel_format.appendChild(update_channel_format_option_bloom);
+
+    const update_channel_row_jwk = document.createElement('div');
+    update_channel_row_jwk.className = "update-channel-row-jwk";
+    update_channel_div.appendChild(update_channel_row_jwk);
+    const update_channel_jwk_column_left = document.createElement('div');
+    update_channel_jwk_column_left.className = "update-channel-column-left";
+    update_channel_jwk_column_left.innerText = "JWK:";
+    update_channel_row_jwk.appendChild(update_channel_jwk_column_left);
+    const update_channel_jwk_column_right = document.createElement('div');
+    update_channel_jwk_column_right.className = "update-channel-column-right";
+    update_channel_row_jwk.appendChild(update_channel_jwk_column_right);
+    const update_channel_jwk = document.createElement('textarea');
+    update_channel_jwk.className = "update-channel-jwk";
+    update_channel_jwk.setAttribute("data-name", update_channel.name);
+    update_channel_jwk.disabled = locked;
+    update_channel_jwk.innerText = JSON.stringify(update_channel.jwk);
+    update_channel_jwk_column_right.appendChild(update_channel_jwk);
+
+    const update_channel_row_path_prefix = document.createElement('div');
+    update_channel_row_path_prefix.className = "update-channel-row-path-prefix";
+    update_channel_div.appendChild(update_channel_row_path_prefix);
+    const update_channel_path_prefix_column_left = document.createElement('div');
+    update_channel_path_prefix_column_left.className = "update-channel-column-left";
+    update_channel_path_prefix_column_left.innerText = "Path Prefix:";
+    update_channel_row_path_prefix.appendChild(update_channel_path_prefix_column_left);
+    const update_channel_path_prefix_column_right = document.createElement('div');
+    update_channel_path_prefix_column_right.className = "update-channel-column-right";
+    update_channel_row_path_prefix.appendChild(update_channel_path_prefix_column_right);
+    const update_channel_path_prefix = document.createElement('input');
+    update_channel_path_prefix.setAttribute("type", "text");
+    update_channel_path_prefix.className = "update-channel-path-prefix";
+    update_channel_path_prefix.setAttribute("data-name", update_channel.name);
+    update_channel_path_prefix.disabled = locked;
+    update_channel_path_prefix.value = update_channel.update_path_prefix;
+    update_channel_path_prefix_column_right.appendChild(update_channel_path_prefix);
+
+    let clearer = document.createElement('div');
+    clearer.className = "clearer";
+    update_channel_div.appendChild(clearer);
+
+    const update_channel_row_scope = document.createElement('div');
+    if(update_channel.format == "bloom") {
+      update_channel_row_scope.style.display = "none";
+    }
+    update_channel_row_scope.className = "update-channel-row-scope";
+    update_channel_div.appendChild(update_channel_row_scope);
+    const update_channel_scope_column_left = document.createElement('div');
+    update_channel_scope_column_left.className = "update-channel-column-left";
+    update_channel_scope_column_left.innerText = "Scope:";
+    update_channel_row_scope.appendChild(update_channel_scope_column_left);
+    const update_channel_scope_column_right = document.createElement('div');
+    update_channel_scope_column_right.className = "update-channel-column-right";
+    update_channel_row_scope.appendChild(update_channel_scope_column_right);
+    const update_channel_scope = document.createElement('input');
+    update_channel_scope.setAttribute("type", "text");
+    update_channel_scope.className = "update-channel-scope";
+    update_channel_scope.setAttribute("data-name", update_channel.name);
+    update_channel_scope.disabled = locked;
+    update_channel_scope.value = update_channel.scope;
+    update_channel_scope_column_right.appendChild(update_channel_scope);
+
+    const update_channel_row_controls = document.createElement('div');
+    update_channel_row_controls.className = "update-channel-row-controls";
+    update_channel_div.appendChild(update_channel_row_controls);
+    const update_channel_controls_column_left = document.createElement('div');
+    update_channel_controls_column_left.className = "update-channel-column-left";
+    update_channel_controls_column_left.innerText = " ";
+    update_channel_row_controls.appendChild(update_channel_controls_column_left);
+    const update_channel_controls_column_right = document.createElement('div');
+    update_channel_controls_column_right.className = "update-channel-column-right";
+    update_channel_row_controls.appendChild(update_channel_controls_column_right);
+    const update_channel_update = document.createElement('button');
+    update_channel_update.className = "update-channel-update";
+    update_channel_update.setAttribute("data-name", update_channel.name);
+    update_channel_update.disabled = locked;
+    update_channel_update.innerText = chrome.i18n.getMessage("options_update");
+    update_channel_controls_column_right.appendChild(update_channel_update);
+    const update_channel_delete = document.createElement('button');
+    update_channel_delete.className = "update-channel-update";
+    update_channel_delete.setAttribute("data-name", update_channel.name);
+    update_channel_delete.disabled = locked;
+    update_channel_delete.innerText = chrome.i18n.getMessage("options_delete");
+    update_channel_controls_column_right.appendChild(update_channel_delete);
+
+    clearer = document.createElement('div');
+    clearer.className = "clearer";
+    update_channel_div.appendChild(clearer);
+
+    update_channel_format.addEventListener("change", () => {
+      if(update_channel_format.value == "bloom") {
+        update_channel_row_scope.style.display = "none";
+      } else {
+        update_channel_row_scope.style.display = "block";
+      }
+    });
+    update_channel_delete.addEventListener("click", () => {
+      sendMessage("delete_update_channel", update_channel.name, () => {
+        render_update_channels();
+      });
+    });
+
+    update_channel_update.addEventListener("click", () => {
+      sendMessage("update_update_channel", {
+        name: update_channel.name,
+        format: update_channel_format.value,
+        jwk: JSON.parse(update_channel_jwk.value),
+        update_path_prefix: update_channel_path_prefix.value,
+        scope: update_channel_scope.value
+      }, () => {
+        render_update_channels();
+      });
+    });
+
+    return update_channel_div;
+  }
+
+  function render_update_channels() {
+    const update_channels_list = document.getElementById("update-channels-list");
+    while(update_channels_list.firstChild) {
+      update_channels_list.removeChild(update_channels_list.firstChild);
+    }
+
+    sendMessage("get_pinned_update_channels", null, item => {
+      for(const update_channel of item.update_channels) {
+        update_channels_list.appendChild(
+          create_update_channel_element(
+            update_channel,
+            item.last_updated[update_channel.name],
+            true,
+          )
+        );
+
+      }
+    });
+
+    sendMessage("get_stored_update_channels", null, item => {
+      for(const update_channel of item.update_channels) {
+        update_channels_list.appendChild(
+          create_update_channel_element(
+            update_channel,
+            item.last_updated[update_channel.name],
+            update_channel.locked === true,
+          )
+        );
+      }
+    });
+  }
+  render_update_channels();
+
+  const add_update_channel = document.getElementById("add-update-channel");
+  const update_channel_name_div = document.getElementById("update-channel-name");
+  const update_channels_error_text = document.getElementById("update-channels-error-text");
+  const update_channels_error = document.getElementById("update-channels-error");
+  update_channel_name_div.setAttribute("placeholder", chrome.i18n.getMessage("options_enterUpdateChannelName"));
+
+  function displayError(text) {
+    update_channels_error_text.innerText = text;
+    update_channels_error.style.display = "block";
+    window.scrollTo(0,0);
+  }
+
+  // Get a list of user Rules
+  sendMessage("get_user_rules", null, userRules => {
+    let user_rules_parent = e("user-rules-wrapper");
+
+    if ( 0 === userRules.length) {
+      hide(user_rules_parent);
+      return ;
+    }
+
+    // img element "remove button"
+    let templateRemove = document.createElement("img");
+    templateRemove.src = chrome.runtime.getURL("images/remove.png");
+    templateRemove.className = "remove";
+
+    for (const userRule of userRules) {
+      let user_rule_host = document.createElement("div");
+      let user_rule_name = document.createElement("p");
+      let remove = templateRemove.cloneNode(true);
+
+      user_rule_host.className = "user-rules-list-item";
+      user_rule_name.className = "user-rules-list-item-single";
+      user_rule_name.innerText = userRule.name;
+      user_rule_host.appendChild(user_rule_name);
+      user_rules_parent.appendChild(user_rule_host);
+      user_rule_host.appendChild(remove);
+
+      remove.addEventListener("click", () => {
+        // assume the removal is successful and hide ui element
+        hide( user_rule_host );
+        // remove the user rule
+        sendMessage("remove_rule", { ruleset: userRule, src: 'options' });
+      });
+    }
+  });
+
+  // HTTPS Everywhere Sites Disabled section in General Settings module
+  getOption_("disabledList", [], function(item) {
+    let rule_host_parent = e("disabled-rules-wrapper");
+
+    // img element "remove button"
+    let templateRemove = document.createElement("img");
+    templateRemove.src = chrome.runtime.getURL("images/remove.png");
+    templateRemove.className = "remove";
+
+    if( item ) {
+      for (const key of item.disabledList) {
+        let rule_host = document.createElement("div");
+        let remove = templateRemove.cloneNode(true);
+        let rule_host_site_name = document.createElement("p");
+
+        rule_host.className = "disabled-rule-list-item";
+        rule_host_site_name.className = "disabled-rule-list-item_single";
+        rule_host_site_name.innerText = key;
+        rule_host.appendChild( rule_host_site_name);
+        rule_host_parent.appendChild(rule_host);
+        rule_host.appendChild(remove);
+
+        remove.addEventListener("click", () => {
+          hide( rule_host );
+          sendMessage("enable_on_site", key);
+        });
+      }
+    }
+  });
+
+  const add_disabled_site = document.getElementById("add-disabled-site");
+  const disabled_site_input = document.getElementById("disabled-site");
+  const add_disabled_site_invalid_host = document.getElementById('add-disabled-site-invalid-host');
+  disabled_site_input.setAttribute("placeholder", chrome.i18n.getMessage("options_enterDisabledSite"));
+  function isValidHost(host) {
+    try {
+      new URL(`http://${host}/`);
+      return true;
+    } catch {
+      return false;
+    }
+  }
+  add_disabled_site.addEventListener("click", function() {
+    const host = disabled_site_input.value;
+
+    if (isValidHost(host)) {
+      hide(add_disabled_site_invalid_host);
+      sendMessage("disable_on_site", disabled_site_input.value, okay => {
+        if (okay) {
+          chrome.tabs.reload();
+        }
+      });
+    } else {
+      show(add_disabled_site_invalid_host);
+    }
+  });
+
+  add_update_channel.addEventListener("click", () => {
+    const update_channel_name = update_channel_name_div.value;
+    if(update_channel_name.trim() == "") {
+      displayError("Error: The update channel name is blank.  Please enter another name.");
+    } else {
+      update_channel_name_div.value = "";
+      sendMessage("create_update_channel", update_channel_name, result => {
+        if(result == true) {
+          render_update_channels();
+        } else {
+          displayError("Error: There already exists an update channel with this name.");
+        }
+      });
+    }
+  });
+
+  const update_channels_error_hide = document.getElementById("update-channels-error-hide");
+  update_channels_error_hide.addEventListener("click", () => {
+    update_channels_error.style.display = "none";
+  });
+
+  const update_channels_last_checked = document.getElementById("update-channels-last-checked");
+  sendMessage("get_last_checked", null, last_checked => {
+    let last_checked_string;
+    if(last_checked) {
+      const last_checked_date = new Date(last_checked * 1000);
+      const options = {
+        year: '2-digit',
+        month: '2-digit',
+        day: '2-digit',
+        hour: '2-digit',
+        minute: '2-digit',
+        timeZoneName: 'short'
+      };
+      const customDateTime = new Intl.DateTimeFormat('default', options).format;
+      last_checked_string = customDateTime(last_checked_date);
+    } else {
+      last_checked_string = chrome.i18n.getMessage("options_updatesLastCheckedNever");
+    }
+    update_channels_last_checked.innerText = chrome.i18n.getMessage("options_updatesLastChecked") + last_checked_string;
+  });
+});
diff --git a/chromium/pages/popup/index.html b/chromium/pages/popup/index.html
new file mode 100644
index 000000000000..d9441f2d3e9d
--- /dev/null
+++ b/chromium/pages/popup/index.html
@@ -0,0 +1,105 @@
+<!doctype html>
+<html>
+  <head>
+    <meta charset="utf-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1">
+    <title data-i18n="about_ext_name"></title>
+
+    <link href="style.css" rel="stylesheet">
+    <script src="ux.js"></script>
+    <script src="../translation.js"></script>
+    <script src="../util.js"></script>
+  </head>
+  <body>
+    <header>
+      <div class="logo-container">
+        <img src="../../images/HTTPS-Everywhere-Logo.png" alt="HTTPS Everywhere logo">
+      </div>
+
+      <small>
+        <span data-i18n="about_version">Version</span>: <span id="current-version"></span>
+        <br>
+        <span id="rulesets-versions"></span>
+      </small>
+    </header>
+
+    <section id="disableButton" class="options settings_block" style="visibility: hidden;">
+      <div class="onoffswitch switch" aria-label="Toggle on or off">
+        <h1 id="onoffswitch_label" data-i18n="menu_globalEnable"></h1>
+        <span class="slider round"></span>
+        <input aria-hidden="true" id="onoffswitch" type="checkbox" checked> <label id="onoffswitch__label" for="onoffswitch">
+        </label>
+      </div>
+    </section>
+
+    <section id="HttpNowhere" class="options settings_block" style="visibility: hidden;">
+      <h1 id="HttpNowhere__header"></h1>
+      <input aria-hidden="true" id="http-nowhere-checkbox" type="checkbox"><label id="http-nowhere-checkbox_label" aria-label="Toggle on or off" for="http-nowhere-checkbox"></label>
+      <h2 id="HttpNowhere__explained"></h2>
+    </section>
+
+    <section id="RuleManagement" class="settings_block">
+      <section id="settingsForThisSite">
+        <h1 data-i18n="chrome_settings_for_this_site_header"></h1>
+        <h2 data-i18n="chrome_settings_for_this_site_subheader"></h2>
+      </section>
+      <section id="disableEnableSection">
+          <a href="javascript:void 0" id="disable-on-this-site" class="button" data-i18n="chrome_disable_on_this_site"></a>
+          <a href="javascript:void 0" id="enable-on-this-site" class="button" data-i18n="chrome_enable_on_this_site"></a>
+      </section>
+      <div id="RuleManagement__see_more--prompt" class="see_more__prompt" aria-label="Listen or See more for explanation">
+        <span id="RuleManagement__see_more" class="see_more__arrow down"></span>
+        <span class="see_more__text" data-i18n="menu_seeMore"></span>
+      </div>
+      <div class="see_more__content hide">
+        <p class="see_more--clarified" data-i18n="chrome_settings_for_this_site_explained"></p>
+
+        <section id="addRuleSection">
+          <a href="javascript:void 0" id="add-rule-link" class="button" data-i18n="chrome_add_rule"></a>
+          <div id="add-new-rule-div" style="display: none">
+            <h3 data-i18n="about_add_new_rule"></h3>
+            <p data-i18n="chrome_always_https_for_host"></p>
+            <label for="new-rule-host" data-i18n="chrome_host" class="label_nontoggle"></label>
+            <input size="50" id="new-rule-host" type="text" disabled><br>
+            <div id="new-rule-regular-text">
+              <a href="javascript:void 0" id="new-rule-show-advanced-link" class="button" data-i18n="chrome_show_advanced"></a><br>
+            </div>
+            <div id="new-rule-advanced" style="display: none">
+              <a href="javascript:void 0" id="new-rule-hide-advanced-link" class="button" data-i18n="chrome_hide_advanced"></a><br>
+              <label for="new-rule-name" data-i18n="chrome_rule_name" class="label_nontoggle"></label>
+              <input size="50" id="new-rule-name" type="text">
+              <label for="new-rule-regex" data-i18n="chrome_regex" class="label_nontoggle"></label>
+              <input size="50" id="new-rule-regex" type="text">
+              <label for="new-rule-redirect" data-i18n="chrome_redirect_to" class="label_nontoggle"></label>
+              <input size="50" id="new-rule-redirect" type="text">
+            </div>
+            <button id="add-new-rule-button" class="button" data-i18n="chrome_add_new_rule"></button>
+            <button id="cancel-new-rule" class="button" data-i18n="chrome_status_cancel_button"></button>
+          </div>
+        </section>
+
+        <section id="StableRules" class="rules">
+          <h3 data-i18n="chrome_stable_rules"></h3>
+          <span id="RuleManagement--counter"></span>
+          <h2 class="description" data-i18n="chrome_stable_rules_description"></h2>
+        </section>
+
+        <section id="UnstableRules" class="rules">
+          <h3 data-i18n="chrome_experimental_rules"></h3>
+          <h2 class="description" data-i18n="chrome_experimental_rules_description"></h2>
+        </section>
+      </div>
+    </section>
+
+    <section id="resetButton" class="options">
+      <a href="javascript:void 0" id="reset-to-defaults" class="button" data-i18n="prefs_reset_defaults"></a>
+    </section>
+
+    <footer>
+      <a class="button" id="viewAllRules" href="https://atlas.eff.org/index.html" target="_blank" data-i18n="menu_viewAllRules"></a>
+      <a class="button" id="aboutTitle" href="https://www.eff.org/https-everywhere" target="_blank" data-i18n="about_title"></a>
+      <a class="button" id="donateEFF" href="https://supporters.eff.org/donate/support-https-everywhere" target="_blank" data-i18n="menu_donate_eff_imperative"></a>
+    </footer>
+
+  </body>
+</html>
diff --git a/chromium/pages/popup/style.css b/chromium/pages/popup/style.css
new file mode 100644
index 000000000000..304f2f8bf23f
--- /dev/null
+++ b/chromium/pages/popup/style.css
@@ -0,0 +1,313 @@
+@import "../main.css";
+
+body {
+  color: var(--text-secondary);
+  font-family: 'Lucida Grande', 'Segoe UI', Tahoma, 'DejaVu Sans', Arial, sans-serif;
+  margin: 0;
+  max-width: 400px;
+  min-width: 360px;
+}
+
+header {
+  background-color: var(--light-grey);
+  color: var(--text-main);
+  display: flex;
+  padding: var(--space);
+}
+
+header h1 {
+  font-size: 2em;
+}
+
+header .logo-container {
+  margin: var(--space);
+  width: 85%;
+}
+
+header .logo-container img {
+  width: 100%;
+}
+
+header small {
+  color: #000;
+  display: block;
+  font-size: .70em;
+  font-weight: bold;
+  margin: 1%;
+  width: 100%;
+}
+
+h1 {
+  font-size: 16px;
+  margin: var(--space) auto
+}
+
+h2 {
+  clear: both;
+  font-size: 12px;
+  font-weight: normal;
+  margin: 0;
+}
+
+h3 {
+  font-size: 16px;
+}
+
+h1,
+h2 {
+  color: var(--text-main);
+}
+
+footer {
+  display: inline-flex;
+  margin: var(--space);
+}
+
+footer a.button {
+  margin: var(--space);
+}
+
+/* Elements */
+.settings_block {
+  padding: 5px 1em 20px 1em;
+  border-bottom: var(--light-grey) solid 1px;
+}
+
+.see_more__prompt {
+  color: var(--text-main);
+  cursor: pointer;
+  font-size: 12px;
+  float: right;
+  margin: 5px 0;
+  padding: 10px 0;
+}
+
+.see_more__arrow {
+  border: solid var(--darker-blue);
+  border-width: 0 3px 3px 0;
+  float: right;
+  margin-left: 10px;
+  margin-top: 3px;
+  padding: 3px;
+}
+
+.see_more__content.show p {
+  font-size: 12px;
+  margin: 10px 0;
+}
+
+.down {
+  transform: rotate(45deg);
+}
+
+.up {
+  transform: rotate(-135deg);
+}
+
+input[type=checkbox] {
+  opacity: 0;
+}
+
+label {
+  background: grey;
+  border-radius: 25px;
+  color: var(--text-main);
+  cursor: pointer;
+  display: block;
+  float: right;
+  font-weight: bold;
+  height: 30px;
+  position: relative;
+  text-indent: -400px;
+  width: 50px;
+}
+
+label:after {
+  background: #fff;
+  border-radius: 90px;
+  content: '';
+  height: 20px;
+  left: 5px;
+  position: absolute;
+  top: 5px;
+  transition: 0.3s; /* Acts on transform below */
+  width: 20px;
+}
+input:checked+label {
+  background: var(--https-blue);
+}
+/* position  when checked*/
+input:checked+label:after {
+  left: calc(100% - 5px);
+  transform: translateX(-100%);
+}
+
+.label_nontoggle {
+  background: none;
+  border-radius: 0;
+  color: var(--text-main);
+  display: block;
+  font-weight: normal;
+  height: inherit;
+  position: relative;
+  text-indent: 0;
+  width: auto;
+}
+
+.label_nontoggle:after {
+  background: none;
+  border-radius: 0;
+  content: none;
+  height: auto;
+  left: initial;
+  position: relative;
+  top: initial;
+  transition: none;
+  width: auto;
+}
+
+/* Specific rules */
+.rule.checkbox {
+  clear: both;
+  margin: 5% auto;
+}
+
+.rule.checkbox .remove {
+  float: left;
+}
+
+.rule.checkbox label {
+  font-size: 12px;
+  font-weight: normal;
+  height: 25px;
+  text-indent: -285px;
+  width: 40px;
+}
+.rule.checkbox label:after {
+  border-radius: 20px;
+  height: 15px;
+  width: 15px;
+}
+
+#disable-on-this-site {
+  clear: both;
+}
+
+#disableButton {
+  display: block;
+}
+
+#HttpNowhere h1,
+#disableButton h1 {
+  float: left;
+}
+
+#RuleManagement {
+  padding: 5px 1em 10px 1em;
+}
+
+#settingsForThisSite h1 {
+  float: left;
+}
+
+#addRuleSection label,
+#addRuleSection button {
+  font-size: 14px;
+  width: 100%;
+}
+
+#addRuleSection input {
+  background: #fff;
+  border: 1px solid #000;
+  float: right;
+  margin: 5px auto;
+  padding: 5px;
+  width: 95%;
+}
+
+#new-rule-advanced,
+#new-rule-regular-text {
+  margin-top: 40px;
+}
+
+#HttpNowhere {
+  display: block;
+  padding: 5px 1em;
+}
+
+#StableRules h3 {
+  float: left;
+  margin: 10px;
+}
+#StableRules h2 {
+  margin-left: 10px;
+}
+#StableRules #RuleManagement--counter {
+  background: var(--darker-blue);
+  border-radius: 20px;
+  color: #fff;
+  display: block;
+  float: left;
+  font-size: 12px;
+  font-weight: bold;
+  height: 15px;
+  margin-top: 8px;
+  padding: 5px;
+  text-align: center;
+  width: 15px;
+}
+
+/* Event based */
+.see_more--clarified {
+  font-size: 12px;
+}
+
+/* Hide rules & options if the extension is off. */
+.disabled #RuleManagement,
+.disabled #HttpNowhere {
+  display: none;
+}
+
+/* By default the "Add a rule" link is hidden. It's shown on HTTPS sites only. */
+#addRuleSection {
+  display: none;
+}
+
+#rulesets-versions {
+  display: block;
+  clear: both;
+}
+
+.rulesets-version {
+  display: block;
+}
+
+#resetButton {
+  display: inline-flex;
+  margin: 10px;
+  width: 95%;
+}
+#reset-to-defaults {
+  width: 100%;
+}
+
+/* Initially hide section (until rules get added). */
+section.rules {
+  display: none;
+}
+
+/* For "see more" content */
+.hide {
+  height: 0;
+  opacity: 0;
+  overflow: hidden;
+  transition: 0s;
+  visibility: hidden;
+}
+
+.show {
+  clear: both;
+  opacity: 1;
+  transition: visibility 0s linear 0s, opacity 300ms;
+  visibility: visible;
+}
diff --git a/chromium/pages/popup/ux.js b/chromium/pages/popup/ux.js
new file mode 100644
index 000000000000..f38f22535b82
--- /dev/null
+++ b/chromium/pages/popup/ux.js
@@ -0,0 +1,417 @@
+/* global e */
+/* global hide */
+/* global show */
+/* global sendMessage */
+/* global getOption_ */
+/* global setOption_ */
+
+"use strict";
+
+/**
+ * Handles rule (de)activation in the popup
+ */
+function toggleRuleLine(event) {
+  getTab(activeTab => {
+    const set_ruleset = {
+      active: event.target.checked,
+      name: event.target.parentNode.innerText,
+      tab_id: activeTab.id,
+    };
+
+    sendMessage("set_ruleset_active_status", set_ruleset, () => {
+      // purge the name from the cache so that this unchecking is persistent.
+      sendMessage("delete_from_ruleset_cache", set_ruleset.name, () => {
+        // Now reload the selected tab of the current window.
+        chrome.tabs.reload(set_ruleset.tab_id);
+      });
+    });
+  });
+}
+
+/**
+ * @param {object} event
+ * @description Toggles content for user to view rules and explanations for different modes
+ */
+function toggleSeeMore(event) {
+  let target = event.target;
+  let content;
+
+  if (target !== this) {
+    content = document.querySelector('.see_more__content');
+  } else {
+    content = target.parentNode.querySelector('.see_more__content');
+  }
+
+  let arrow  = target.parentNode.querySelector('.see_more__arrow');
+  let text = target.parentNode.querySelector('.see_more__text');
+
+  if(arrow.classList.contains('down')) {
+    arrow.classList.replace('down', 'up');
+    text.innerText = chrome.i18n.getMessage("menu_seeLess");
+  } else if (arrow.classList.contains('up')) {
+    arrow.classList.replace('up', 'down');
+    text.innerText = chrome.i18n.getMessage("menu_seeMore");
+  }
+
+  if (content.classList.contains('hide')) {
+    content.classList.replace('hide', 'show');
+  } else if (content.classList.contains('show')) {
+    content.classList.replace('show', 'hide');
+  }
+}
+
+/**
+ * Creates rule lines (including checkbox and icon) for the popup
+ * @param rulesets
+ * @param list_div
+ * @param {string} ruleType
+ * @returns {*}
+ */
+function appendRulesToListDiv(rulesets, list_div, ruleType) {
+  if (rulesets && rulesets.length) {
+    // template parent block for each ruleset
+    let templateLine = document.createElement("div");
+    templateLine.className = "rule checkbox";
+
+    // label "container"
+    let templateLabel = document.createElement("label");
+
+    // checkbox
+    let templateCheckbox = document.createElement("input");
+    templateCheckbox.type = "checkbox";
+
+    // label text
+    let templateLabelText = document.createElement("span");
+
+    // img "remove" button
+    let templateRemove = document.createElement("img");
+    templateRemove.src = chrome.runtime.getURL("images/remove.png");
+    templateRemove.className = "remove";
+
+    templateLine.appendChild(templateCheckbox);
+    templateLabel.appendChild(templateLabelText);
+    templateLine.appendChild(templateLabel);
+
+    let increment = 0;
+
+    for (const ruleset of rulesets) {
+      increment++;
+      let line = templateLine.cloneNode(true);
+      let checkbox = line.querySelector("input[type=checkbox]");
+      let label = line.querySelector("label");
+      let text = line.querySelector("span");
+
+      // For each "id" attribute in each checkbox input and "for" attribute in label
+      checkbox.setAttribute("id", `${ruleType}_ruleset_${increment}`);
+      label.setAttribute("for", `${ruleType}_ruleset_${increment}`);
+
+      checkbox.checked = ruleset.active;
+      text.innerText = ruleset.name;
+
+      // Add listener to capture the toggle event
+      line.addEventListener("click", toggleRuleLine);
+
+      if (ruleset.note && ruleset.note.length) {
+        line.title = ruleset.note;
+
+        if (ruleset.note === "user rule") {
+          let remove = templateRemove.cloneNode(true);
+          line.appendChild(remove);
+
+          remove.addEventListener("click", () => {
+            sendMessage("remove_rule", { ruleset, src: 'popup' }, () => {
+              list_div.removeChild(line);
+            });
+          });
+        }
+      }
+      list_div.appendChild(line);
+    }
+    show(list_div);
+  }
+}
+
+function showHttpNowhereUI() {
+  // Set up checkbox for HTTP nowhere mode
+  getOption_('httpNowhere', false, function(item) {
+    if (item.httpNowhere) {
+      e('http-nowhere-checkbox').checked = true;
+      e('HttpNowhere__header').innerText = chrome.i18n.getMessage("menu_encryptAllSitesEligibleOn");
+      e('HttpNowhere__explained').innerText = chrome.i18n.getMessage("menu_httpNoWhereExplainedBlocked");
+    } else {
+      e('HttpNowhere__header').innerText = chrome.i18n.getMessage("menu_encryptAllSitesEligibleOff");
+      e('HttpNowhere__explained').innerText = chrome.i18n.getMessage("menu_httpNoWhereExplainedAllowed");
+    }
+    e('HttpNowhere').style.visibility = "visible";
+  });
+};
+
+// Change the UI to reflect extension enabled/disabled
+function updateEnabledDisabledUI() {
+  getOption_('globalEnabled', true, function(item) {
+    e('onoffswitch').checked = item.globalEnabled;
+    e('disableButton').style.visibility = "visible";
+    // Hide or show the rules sections
+    if (item.globalEnabled) {
+      document.body.className = "";
+      e('onoffswitch_label').innerText = chrome.i18n.getMessage("menu_globalEnable");
+      showHttpNowhereUI();
+    } else {
+      document.body.className = "disabled";
+      e('onoffswitch_label').innerText = chrome.i18n.getMessage("menu_globalDisable");
+    }
+  });
+}
+
+// Toggle extension enabled/disabled status
+function toggleEnabledDisabled() {
+  let extension_toggle_effect = function() {
+    updateEnabledDisabledUI();
+    // The extension state changed, give some time for toggle animation and reload tab
+    setTimeout(function() {
+      chrome.tabs.reload();
+      window.close();
+    }, 1500);
+  };
+
+  getOption_('globalEnabled', true, function(item) {
+    setOption_('globalEnabled', !item.globalEnabled, extension_toggle_effect);
+  });
+}
+
+/**
+ * @description Create the list of rules for a specific tab
+ * @param activeTab
+ */
+function listRules(activeTab) {
+  sendMessage("get_applied_rulesets", activeTab.id, function(rulesets) {
+    if (rulesets) {
+      // show the number of potentially applicable rulesets
+      let counter = rulesets.length;
+      let counterElement = document.querySelector("#RuleManagement--counter");
+      counterElement.innerText = counter;
+
+      const stableRules = rulesets.filter(ruleset => ruleset.default_state);
+      const unstableRules = rulesets.filter(ruleset => !ruleset.default_state);
+
+      appendRulesToListDiv(stableRules, e("StableRules"), 'stable');
+      appendRulesToListDiv(unstableRules, e("UnstableRules"), 'unstable');
+    }
+
+    // Only show the "Add a rule" section if we're on an HTTPS page
+    if (/^https:/.test(activeTab.url)) {
+      show(e("addRuleSection"));
+    }
+  });
+}
+
+/**
+ * Fill in content into the popup on load
+ */
+document.addEventListener("DOMContentLoaded", function () {
+  getTab(tab => {
+    const url = new URL(tab.url);
+    sendMessage("check_if_site_disabled", url.host, disabled => {
+      if(!disabled) {
+        listRules(tab);
+      }
+      showEnableOrDisable(url, disabled);
+    });
+  });
+
+  // Set up the enabled/disabled switch & hide/show rules
+  updateEnabledDisabledUI();
+  e('onoffswitch').addEventListener('click', toggleEnabledDisabled);
+  e('http-nowhere-checkbox').addEventListener('click', toggleHttpNowhere, false);
+  e('RuleManagement__see_more--prompt').addEventListener('click', toggleSeeMore);
+
+  e('reset-to-defaults').addEventListener('click', () => {
+    sendMessage("is_firefox", null, is_firefox => {
+      if (is_firefox) {
+        sendMessage("reset_to_defaults", null, () => {
+          window.close();
+        });
+      } else {
+        if (confirm(chrome.i18n.getMessage("prefs_reset_defaults_message"))) {
+          sendMessage("reset_to_defaults", null, () => {
+            window.close();
+          });
+        }
+      }
+    });
+  });
+
+  // Print the extension's current version.
+  var the_manifest = chrome.runtime.getManifest();
+  var version_info = e('current-version');
+  version_info.innerText = the_manifest.version;
+
+  let rulesets_versions = e('rulesets-versions');
+
+  rulesets_versions.addSpan = function(update_channel_name, ruleset_version_string) {
+    let timestamp_span = document.createElement("span");
+    timestamp_span.className = "rulesets-version";
+    timestamp_span.innerText = `${chrome.i18n.getMessage("about_rulesets_version")} ${update_channel_name}: ${ruleset_version_string}`;
+    this.appendChild(timestamp_span);
+  };
+
+  sendMessage("get_update_channel_timestamps", null, timestamps => {
+    let replaces = timestamps.some(([update_channel, timestamp]) =>
+      update_channel.replaces_default_rulesets && timestamp > 0
+    );
+    if(!replaces) {
+      rulesets_versions.addSpan("EFF (Full, Bundled)", the_manifest.version);
+    }
+    for(let [update_channel, timestamp] of timestamps) {
+      if(timestamp > 0) {
+        let ruleset_date = new Date(timestamp * 1000);
+        let ruleset_version_string = ruleset_date.getUTCFullYear() + "." + (ruleset_date.getUTCMonth() + 1) + "." + ruleset_date.getUTCDate();
+
+        rulesets_versions.addSpan(update_channel.name, ruleset_version_string);
+      }
+    }
+  });
+  e("aboutTitle").title = chrome.i18n.getMessage("about_title");
+  e("add-rule-link").addEventListener("click", addManualRule);
+  e("disable-on-this-site").addEventListener("click", disableOnSite);
+  e("enable-on-this-site").addEventListener("click", enableOnSite);
+});
+
+var escapeForRegex = function( value ) {
+  return value.replace(/[\-\[\]{}()*+?.,\\\^$|#\s]/g, "\\$&");
+};
+
+function showEnableOrDisable(url, disabled) {
+  if (["http:", "https:", "ftp:"].indexOf(url.protocol) != -1) {
+    const disableLink = e("disable-on-this-site");
+    const enableLink = e("enable-on-this-site");
+    const addRuleSection = e("addRuleSection");
+    const resetToDefaults = e('reset-to-defaults');
+    if (disabled) {
+      show(enableLink);
+      hide(disableLink);
+      hide(addRuleSection);
+      hide(resetToDefaults);
+    } else {
+      show(disableLink);
+      hide(enableLink);
+    }
+  } else {
+    const disableEnableSection = e("disableEnableSection");
+    hide(disableEnableSection);
+  }
+}
+
+/**
+ * Handles the manual addition of rules
+ */
+function addManualRule() {
+  getTab(function(tab) {
+    hide(e("add-rule-link"));
+    show(e("add-new-rule-div"));
+
+    const url = new URL(tab.url);
+
+    e("new-rule-host").value = url.host;
+
+    const escapedHost = escapeForRegex(url.host);
+
+    e("new-rule-regex").value = `^http://${escapedHost}/`;
+    e("new-rule-redirect").value = `https://${url.host}/`;
+    e("new-rule-name").value = "Manual rule for " + url.host;
+
+    e("add-new-rule-button").addEventListener("click", function() {
+      const params = {
+        /**
+         * FIXME: the current implementation forbide users setting custom
+         * ruleset names...
+         */
+        name: e("new-rule-host").value,
+        target : [e("new-rule-host").value],
+        rule: [{ to: e("new-rule-redirect").value, from: e("new-rule-regex").value }],
+        default_off: "user rule"
+      };
+      sendMessage("add_new_rule", params, function() {
+        location.reload();
+      });
+    });
+
+    e("cancel-new-rule").addEventListener("click", function() {
+      show(e("add-rule-link"));
+      hide(e("add-new-rule-div"));
+    });
+
+    e("new-rule-show-advanced-link").addEventListener("click", function() {
+      show(e("new-rule-advanced"));
+      hide(e("new-rule-regular-text"));
+    });
+
+    e("new-rule-hide-advanced-link").addEventListener("click", function() {
+      hide(e("new-rule-advanced"));
+      show(e("new-rule-regular-text"));
+    });
+  });
+}
+
+/**
+ * Disable HTTPS Everywhere on a particular FQDN
+ */
+function disableOnSite() {
+  getTab(function(tab) {
+    const url = new URL(tab.url);
+    sendMessage("disable_on_site", url.host);
+    chrome.tabs.reload(tab.id);
+    window.close();
+  });
+}
+
+function enableOnSite() {
+  getTab(function(tab) {
+    const url = new URL(tab.url);
+    sendMessage("enable_on_site", url.host);
+    chrome.tabs.reload(tab.id);
+    window.close();
+  });
+}
+
+/**
+ * @description Turns EASE Mode on and off
+ */
+function toggleHttpNowhere() {
+  getTab(tab => {
+    getOption_('httpNowhere', false, item => {
+      const enabled = !item.httpNowhere;
+      setOption_('httpNowhere', enabled, () => {
+        if (enabled) {
+          chrome.tabs.reload(tab.id);
+          e('HttpNowhere__header').innerText = chrome.i18n.getMessage("menu_encryptAllSitesEligibleOn");
+          e('HttpNowhere__explained').innerText = chrome.i18n.getMessage("menu_httpNoWhereExplainedBlocked");
+        } else {
+          e('HttpNowhere__header').innerText = chrome.i18n.getMessage("menu_encryptAllSitesEligibleOff");
+          e('HttpNowhere__explained').innerText = chrome.i18n.getMessage("menu_httpNoWhereExplainedAllowed");
+        }
+      });
+    });
+  });
+}
+
+function getTab(callback) {
+  let url = new URL(window.location.href);
+  if (url.searchParams.has('tabId')) {
+    let parentId = Number(url.searchParams.get('tabId'));
+    return chrome.tabs.get(parentId, callback);
+  }
+  chrome.tabs.query({active: true, lastFocusedWindow: true}, tabs => callback(tabs[0]));
+}
+
+// This code fixes a Chromium-specific bug that causes links in extension popup
+// to open in regular tab even if the popup is opened in incognito mode.
+
+document.addEventListener('click', e => {
+  const { target } = e;
+
+  if (target.matches('a[target="_blank"]')) {
+    chrome.tabs.create({ url: target.href });
+    e.preventDefault();
+  }
+});
diff --git a/chromium/pages/translation.js b/chromium/pages/translation.js
new file mode 100644
index 000000000000..c6c3163ab9a6
--- /dev/null
+++ b/chromium/pages/translation.js
@@ -0,0 +1,8 @@
+"use strict";
+
+document.addEventListener("DOMContentLoaded", () => {
+  // Auto-translate all elements with data-i18n attributes
+  for (const element of document.querySelectorAll("[data-i18n]")) {
+    element.innerText = chrome.i18n.getMessage(element.getAttribute("data-i18n")).replace(/&quot;/g,"\"");
+  }
+});
diff --git a/chromium/pages/util.js b/chromium/pages/util.js
new file mode 100644
index 000000000000..4e5aea4f9acd
--- /dev/null
+++ b/chromium/pages/util.js
@@ -0,0 +1,46 @@
+/* exported e */
+/* exported hide */
+/* exported show */
+/* exported sendMessage */
+/* exported getOption_ */
+/* exported setOption_ */
+
+"use strict";
+
+/**
+ * Element helper functions
+ */
+function e(id) {
+  return document.getElementById(id);
+}
+
+function hide(elem) {
+  elem.style.display = "none";
+}
+
+function show(elem) {
+  elem.style.display = "block";
+}
+
+function sendMessage(type, object, callback) {
+  chrome.runtime.sendMessage({ type, object }, callback);
+}
+
+/**
+* Get an option from global settings
+* @param {string} opt
+* @param {mixed} defaultOpt
+* @param {object} callback
+* @returns mixed
+*/
+function getOption_(opt, defaultOpt, callback) {
+  let details = {};
+  details[opt] = defaultOpt;
+  sendMessage("get_option", details, callback);
+}
+
+function setOption_(opt, value, callback) {
+  var details = {};
+  details[opt] = value;
+  sendMessage("set_option", details, callback);
+}
diff --git a/chromium/popup.css b/chromium/popup.css
deleted file mode 100644
index ac0325024f7a..000000000000
--- a/chromium/popup.css
+++ /dev/null
@@ -1,95 +0,0 @@
-body {
-  margin-left: 1em;
-  margin-top: 0;
-  margin-right: 1em;
-  margin-bottom: 0;
-  min-width: 20em;
-}
-
-/* Don't wrap text for important stuff. */
-h1, h2, h3, .rule {
-  white-space: nowrap;
-}
-
-/* Initially hide section (until rules get added). */
-section.rules {
-  position: fixed;
-  visibility: hidden;
-}
-
-/* Underline rules that have notes. */
-.rule [title] {
-  border-bottom: 1px dotted;
-  cursor: help;
-}
-
-/* Favicons */
-.rule img {
-  margin-left: 0.6em;
-  vertical-align: bottom;
-}
-
-/*** Everything below is "reverse-engineered" from Chrome's Settings page. ***/
-
-/* Override a strange pixel offset in widgets.css. */
-.rule input[type="checkbox"] {
-  bottom: 1px;
-}
-
-/* Override display attribute of text labels in widgets.css. */
-.rule span {
-  display: inline !important;
-}
-
-body {
-  /* Fonts Chrome specifies for each OS:     */
-  /* Linux: 'DejaVu Sans', Arial, sans-serif */
-  /* Mac: 'Lucida Grande', sans-serif        */
-  /* Windows: 'Segoe UI', Tahoma, sans-serif */
-  font-family: 'Lucida Grande', 'Segoe UI', Tahoma, 'DejaVu Sans', Arial, sans-serif;
-  font-size: 75%;
-  color: #303942;
-  padding-top: 55px;
-}
-
-header {
-  background-image: -webkit-linear-gradient(white, white 40%, rgba(255, 255, 255, 0.92));
-  left: 1em;
-  position: fixed;
-  right: 1em;
-  top: 0;
-  z-index: 3;
-}
-
-header > h1 {
-  margin: 0;
-  padding: 21px 0 13px;
-}
-
-/* Create a border under the h1 (but before anything that gets appended
- * to the end of the header). */
-header > h1::after {
-  background-color: #eee;
-  content: ' ';
-  display: block;
-  height: 1px;
-  position: relative;
-  top: 13px;
-}
-
-section {
-  -webkit-padding-start: 18px;
-  -webkit-padding-end: 18px;
-  margin-bottom: 24px;
-  margin-top: 8px;
-}
-
-section > h3 {
-  -webkit-margin-start: -18px;
-}
-
-footer {
-  border-top: 1px solid #EEE;
-  margin-top: 16px;
-  padding: 8px 0;
-}
diff --git a/chromium/popup.html b/chromium/popup.html
deleted file mode 100755
index 7c9be67fbcc9..000000000000
--- a/chromium/popup.html
+++ /dev/null
@@ -1,28 +0,0 @@
-<head>
-<title i18n="about_ext_name"></title>
-
-<!-- Local copy of chrome://resources/css/chrome_shared.css -->
-<link href="chrome-resources/css/chrome_shared.css" rel="stylesheet" type="text/css"/>
-
-<link href="popup.css" rel="stylesheet" type="text/css"/>
-<script src="popup.js"></script>
-</head>
-
-<body>
-<header>
-  <h1 i18n="about_ext_name"></h1>
-</header>
-<section id="StableRules" class="rules">
-  <h3 i18n="chrome_stable_rules"></h3>
-  <p class="description" i18n="chrome_stable_rules_description"></p>
-</section>
-<section id="UnstableRules" class="rules">
-  <h3 i18n="chrome_experimental_rules"></h3>
-  <p class="description" i18n="chrome_experimental_rules_description"></p>
-</section>
-<footer>
-  <a id="whatIsThis" href="https://www.eff.org/https-everywhere" target="_blank" tabindex="-1" i18n="chrome_what_is_this">blah</a>
-  <!-- <a href="" title="HTTPS Everywhere Options">Options</a> --->
-</footer>
-
-</body>
diff --git a/chromium/popup.js b/chromium/popup.js
deleted file mode 100644
index 1f1475b8e790..000000000000
--- a/chromium/popup.js
+++ /dev/null
@@ -1,90 +0,0 @@
-var backgroundPage = null;
-var stableRules = null;
-var unstableRules = null;
-var hostReg = /.*\/\/[^$/]*\//;
-
-function toggleRuleLine(checkbox, ruleset) {
-  ruleset.active = checkbox.checked;
-
-  if (ruleset.active != ruleset.default_state) {
-    localStorage[ruleset.name] = ruleset.active;
-  } else {
-    delete localStorage[ruleset.name];
-  }
-}
-
-function createRuleLine(ruleset) {
-
-  // parent block for line
-  var line = document.createElement("div");
-  line.className = "rule checkbox";
-
-  // label "container"
-  var label = document.createElement("label");
-
-  // checkbox
-  var checkbox = document.createElement("input");
-  checkbox.type = "checkbox";
-  if (ruleset.active) {
-    checkbox.setAttribute("checked", "");
-  }
-  checkbox.onchange = function(ev) {
-    toggleRuleLine(checkbox, ruleset);
-  };
-  label.appendChild(checkbox);
-
-  // favicon (from chrome's cache)
-  var favicon = document.createElement("img");
-  favicon.src = "chrome://favicon/";
-  for (var i=0; i < ruleset.rules.length; i++) {
-    var host = hostReg.exec(ruleset.rules[i].to);
-    if (host) {
-      favicon.src += host[0];
-      break;
-    }
-  }
-  label.appendChild(favicon);
-
-  // label text
-  var text = document.createElement("span");
-  text.innerText = ruleset.name;
-  if (ruleset.note.length) {
-    text.title = ruleset.note;
-  }
-  label.appendChild(text);
-
-  line.appendChild(label);
-
-  return line;
-}
-
-function gotTab(tab) {
-  var rulesets = backgroundPage.activeRulesets.getRulesets(tab.id);
-
-  for (var r in rulesets) {
-    var listDiv = stableRules;
-    if (!rulesets[r].default_state) {
-      listDiv = unstableRules;
-    }
-    listDiv.appendChild(createRuleLine(rulesets[r]));
-    listDiv.style.position = "static";
-    listDiv.style.visibility = "visible";
-  }
-}
-
-document.addEventListener("DOMContentLoaded", function () {
-  backgroundPage = chrome.extension.getBackgroundPage();
-  stableRules = document.getElementById("StableRules");
-  unstableRules = document.getElementById("UnstableRules");
-  chrome.tabs.getSelected(null, gotTab);
-
-  // auto-translate all elements with i18n attributes
-  var e = document.querySelectorAll("[i18n]");
-  for (var i=0; i < e.length; i++) {
-    e[i].innerHTML = chrome.i18n.getMessage(e[i].getAttribute("i18n"));
-  }
-
-  // other translations
-  document.getElementById("whatIsThis").setAttribute("title", chrome.i18n.getMessage("chrome_what_is_this_title"));
-});
-
diff --git a/chromium/rules.js b/chromium/rules.js
deleted file mode 100644
index cfe7f52c1770..000000000000
--- a/chromium/rules.js
+++ /dev/null
@@ -1,311 +0,0 @@
-// A cache for potentiallyApplicableRulesets
-// Size chosen /completely/ arbitrarily.
-var ruleCache = new LRUCache(2048);
-
-function Rule(from, to) {
-  //this.from = from;
-  this.to = to;
-  this.from_c = new RegExp(from);
-}
-
-function Exclusion(pattern) {
-  //this.pattern = pattern;
-  this.pattern_c = new RegExp(pattern);
-}
-
-function CookieRule(host, cookiename) {
-  this.host = host;
-  this.host_c = new RegExp(host);
-  this.name = cookiename;
-  this.name_c = new RegExp(cookiename);
-}
-
-function RuleSet(set_name, match_rule, default_state, note) {
-  this.name = set_name;
-  if (match_rule)
-    this.ruleset_match_c = new RegExp(match_rule);
-  else
-    this.ruleset_match_c = null;
-  this.rules = [];
-  this.exclusions = [];
-  this.targets = [];
-  this.cookierules = [];
-  this.active = default_state;
-  this.default_state = default_state;
-  this.note = note;
-}
-
-RuleSet.prototype = {
-  apply: function(urispec) {
-    var returl = null;
-    // If a rulset has a match_rule and it fails, go no further
-    if (this.ruleset_match_c && !this.ruleset_match_c.test(urispec)) {
-      log(VERB, "ruleset_match_c excluded " + urispec);
-      return null;
-    }
-    // Even so, if we're covered by an exclusion, go home
-    for(var i = 0; i < this.exclusions.length; ++i) {
-      if (this.exclusions[i].pattern_c.test(urispec)) {
-        log(DBUG,"excluded uri " + urispec);
-        return null;
-      }
-    }
-    // Okay, now find the first rule that triggers
-    for(var i = 0; i < this.rules.length; ++i) {
-      returl = urispec.replace(this.rules[i].from_c,
-                               this.rules[i].to);
-      if (returl != urispec) {
-        return returl;
-      }
-    }
-    if (this.ruleset_match_c) {
-      // This is not an error, because we do not insist the matchrule
-      // precisely describes to target space of URLs ot redirected
-      log(DBUG,"Ruleset "+this.name
-              +" had an applicable match-rule but no matching rules");
-    }
-    return null;
-  },
-
-};
-
-
-function RuleSets() {
-  // Load rules into structure
-  this.targets = {};
-
-  for(var i = 0; i < rule_list.length; i++) {
-    var xhr = new XMLHttpRequest();
-    // Use blocking XHR to ensure everything is loaded by the time
-    // we return.
-    //var that = this;
-    //xhr.onreadystatechange = function() { that.loadRuleSet(xhr); }
-    xhr.open("GET", chrome.extension.getURL(rule_list[i]), false);
-    //xhr.open("GET", chrome.extension.getURL(rule_list[i]), true);
-    xhr.send(null);
-    this.loadRuleSet(xhr);
-  }
-  this.global_rulesets = this.targets["*"] ? this.targets["*"] : [];
-}
-
-RuleSets.prototype = {
-
-  localPlatformRegexp: (function() {
-    if (/(OPR|Opera)[\/\s](\d+\.\d+)/.test(navigator.userAgent)) {
-      log(DBUG, 'Detected that we are running Opera');
-      return new RegExp("chromium|mixedcontent");
-    } else {
-      log(DBUG, 'Detected that we are running Chrome/Chromium');
-      return new RegExp("chromium");
-    }
-  })(),
-
-  loadRuleSet: function(xhr) {
-    // Get file contents
-    if (xhr.readyState != 4) {
-      return;
-    }
-
-    // XXX: Validation + error checking
-    var sets = xhr.responseXML.getElementsByTagName("ruleset");
-    for (var i = 0; i < sets.length; ++i) {
-      this.parseOneRuleset(sets[i]);
-    }
-  },
-
-  parseOneRuleset: function(ruletag) {
-    var default_state = true;
-    var note = "";
-    if (ruletag.attributes.default_off) {
-      default_state = false;
-      note += ruletag.attributes.default_off.value + "\n";
-    }
-
-    // If a ruleset declares a platform, and we don't match it, treat it as
-    // off-by-default
-    var platform = ruletag.getAttribute("platform");
-    if (platform) {
-      if (platform.search(this.localPlatformRegexp) == -1) {
-        default_state = false;
-      }
-      note += "Platform(s): " + platform + "\n";
-    }
-
-    var rule_set = new RuleSet(ruletag.getAttribute("name"),
-                               ruletag.getAttribute("match_rule"),
-                               default_state,
-                               note.trim());
-
-    // Read user prefs
-    if (rule_set.name in localStorage) {
-      rule_set.active = (localStorage[rule_set.name] == "true");
-    }
-
-    var rules = ruletag.getElementsByTagName("rule");
-    for(var j = 0; j < rules.length; j++) {
-      rule_set.rules.push(new Rule(rules[j].getAttribute("from"),
-                                    rules[j].getAttribute("to")));
-    }
-
-    var exclusions = ruletag.getElementsByTagName("exclusion");
-    for(var j = 0; j < exclusions.length; j++) {
-      rule_set.exclusions.push(
-            new Exclusion(exclusions[j].getAttribute("pattern")));
-    }
-
-    var cookierules = ruletag.getElementsByTagName("securecookie");
-    for(var j = 0; j < cookierules.length; j++) {
-      rule_set.cookierules.push(new CookieRule(cookierules[j].getAttribute("host"),
-                                           cookierules[j].getAttribute("name")));
-    }
-
-    var targets = ruletag.getElementsByTagName("target");
-    for(var j = 0; j < targets.length; j++) {
-       var host = targets[j].getAttribute("host");
-       if (!(host in this.targets)) {
-         this.targets[host] = [];
-       }
-       this.targets[host].push(rule_set);
-    }
-  },
-
-  setInsert: function(intoList, fromList) {
-    // Insert any elements from fromList into intoList, if they are not
-    // already there.  fromList may be null.
-    if (!fromList) return;
-    for (var i = 0; i < fromList.length; i++)
-      if (intoList.indexOf(fromList[i]) == -1)
-        intoList.push(fromList[i]);
-  },
-  
-  potentiallyApplicableRulesets: function(host) {
-    // Return a list of rulesets that apply to this host
-    var tmp, t;
-    // Have we cached this result? If so, return it!
-    var cached_item = ruleCache.get(host);
-    if (cached_item !== undefined) {
-        log(DBUG, "Rulseset cache hit for " + host);
-        return cached_item;
-    }
-    log(DBUG, "Ruleset cache miss for " + host);
-
-    var results = this.global_rulesets.slice(0); // copy global_rulesets
-    if (this.targets[host])
-      results = results.concat(this.targets[host]);
-    // replace each portion of the domain with a * in turn
-    var segmented = host.split(".");
-    for (var i = 0; i < segmented.length; ++i) {
-      tmp = segmented[i];
-      segmented[i] = "*";
-      t = segmented.join(".");
-      segmented[i] = tmp;
-      this.setInsert(results, this.targets[t]);
-    }
-    // now eat away from the left, with *, so that for x.y.z.google.com we
-    // check *.z.google.com and *.google.com (we did *.y.z.google.com above)
-    for (var i = 2; i <= segmented.length - 2; ++i) {
-      t = "*." + segmented.slice(i,segmented.length).join(".");
-      this.setInsert(results, this.targets[t]);
-    }
-    log(DBUG,"Applicable rules for " + host + ":");
-    if (results.length == 0)
-      log(DBUG, "  None");
-    else
-      for (var i = 0; i < results.length; ++i)
-        log(DBUG, "  " + results[i].name);
-
-    // Insert results into the ruleset cache
-    ruleCache.set(host, results);
-    return results;
-  },
-
-  shouldSecureCookie: function(cookie, knownHttps) {
-    // Check to see if the Cookie object c meets any of our cookierule citeria
-    // for being marked as secure.  knownHttps is true if the context for this
-    // cookie being set is known to be https.
-    //log(DBUG, "Testing cookie:");
-    //log(DBUG, "  name: " + cookie.name);
-    //log(DBUG, "  host: " + cookie.host);
-    //log(DBUG, "  domain: " + cookie.domain);
-    //log(DBUG, "  rawhost: " + cookie.rawHost);
-    var hostname = cookie.domain;
-    // cookie domain scopes can start with .
-    while (hostname.charAt(0) == ".")
-      hostname = hostname.slice(1);
-
-    var rs = this.potentiallyApplicableRulesets(hostname);
-    for (var i = 0; i < rs.length; ++i) {
-      var ruleset = rs[i];
-      if (ruleset.active) {
-        if (!knownHttps && !this.safeToSecureCookie(hostname))
-          continue;
-        for (var j = 0; j < ruleset.cookierules.length; j++) {
-          var cr = ruleset.cookierules[j];
-          if (cr.host_c.test(cookie.domain) && cr.name_c.test(cookie.name)) {
-            return ruleset;
-          }
-          //log(WARN, "no match domain " + cr.host_c.test(cookie.domain) +
-          //          " name " + cr.name_c.test(cookie.name));
-          //log(WARN, "with " + cookie.domain + " " + cookie.name);
-          //log(WARN, "and " + cr.host + " " + cr.name);
-        }
-      }
-    }
-    return null;
-  },
-
-  safeToSecureCookie: function(domain) {
-    // Check if the domain might be being served over HTTP.  If so, it isn't
-    // safe to secure a cookie!  We can't always know this for sure because
-    // observing cookie-changed doesn't give us enough context to know the
-    // full origin URI.
-
-    // First, if there are any redirect loops on this domain, don't secure
-    // cookies.  XXX This is not a very satisfactory heuristic.  Sometimes we
-    // would want to secure the cookie anyway, because the URLs that loop are
-    // not authenticated or not important.  Also by the time the loop has been
-    // observed and the domain blacklisted, a cookie might already have been
-    // flagged as secure.
-
-    if (domain in domainBlacklist) {
-      log(INFO, "cookies for " + domain + "blacklisted");
-      return false;
-    }
-
-    // If we passed that test, make up a random URL on the domain, and see if
-    // we would HTTPSify that.
-
-    try {
-      var nonce_path = "/" + Math.random().toString();
-      nonce_path = nonce_path + nonce_path;
-      var test_uri = "http://" + domain + nonce_path;
-    } catch (e) {
-      log(WARN, "explosion in safeToSecureCookie for " + domain + "\n"
-                      + "(" + e + ")");
-      return false;
-    }
-
-    log(INFO, "Testing securecookie applicability with " + test_uri);
-    var rs = this.potentiallyApplicableRulesets(domain);
-    for (var i = 0; i < rs.length; ++i) {
-      if (!rs[i].active) continue;
-      var rewrite = rs[i].apply(test_uri);
-      if (rewrite) {
-        log(INFO, "Yes: " + rewrite);
-        return true;
-      }
-    }
-    log(INFO, "(NO)");
-    return false;
-  },
-
-  rewriteURI: function(urispec, host) {
-    var newuri = null;
-    var rs = this.potentiallyApplicableRulesets(host);
-    for(var i = 0; i < rs.length; ++i) {
-      if (rs[i].active && (newuri = rs[i].apply(urispec)))
-        return newuri;
-    }
-    return null;
-  },
-};
diff --git a/chromium/setversion.py b/chromium/setversion.py
deleted file mode 100755
index 8de18f70a82b..000000000000
--- a/chromium/setversion.py
+++ /dev/null
@@ -1,12 +0,0 @@
-import json
-from datetime import date
-
-# Set the version in manifest.json to one based on today's date.
-
-t = date.today()
-f = open('chromium/manifest.json')
-manifest = json.loads(f.read())
-f.close()
-manifest['version'] = `t.year` +'.'+ `t.month` +'.'+ `t.day`
-f = open('chromium/manifest.json','w')
-f.write(json.dumps(manifest,indent=4,sort_keys=True))
diff --git a/chromium/test/.eslintrc b/chromium/test/.eslintrc
new file mode 100644
index 000000000000..8a30ebae0f21
--- /dev/null
+++ b/chromium/test/.eslintrc
@@ -0,0 +1,6 @@
+{
+  "env": {
+    "node": true,
+    "mocha": true
+  }
+}
diff --git a/chromium/test/example.rulesets.gz b/chromium/test/example.rulesets.gz
new file mode 100644
index 000000000000..401811763ff8
Binary files /dev/null and b/chromium/test/example.rulesets.gz differ
diff --git a/chromium/test/incognito_test.js b/chromium/test/incognito_test.js
new file mode 100644
index 000000000000..64cbe5ab8aa5
--- /dev/null
+++ b/chromium/test/incognito_test.js
@@ -0,0 +1,59 @@
+'use strict';
+
+const expect = require('chai').expect,
+  tu = require('./testing_utils'),
+  incognito = require('../background-scripts/incognito');
+
+describe('incognito.js', function() {
+  beforeEach(function() {
+    tu.stubber([
+      ['chrome.windows.onCreated.addListener', tu.Mock()],
+      ['chrome.windows.onRemoved.addListener', tu.Mock()],
+      ['chrome.windows.getAll', tu.Mock()],
+    ]);
+  });
+
+  describe('onIncognitoDestruction', function() {
+    beforeEach(function() {
+      incognito.state.incognito_session_exists = false;
+      this.callbackCalled = false;
+      this.callback = () => this.callbackCalled = true;
+      this.instance = incognito.onIncognitoDestruction(this.callback);
+    });
+
+    it('no incognito session by default', function() {
+      expect(incognito.state.incognito_session_exists).to.be.false;
+    });
+
+    it('with no incognito, callback not called', async function() {
+      incognito.state.incognito_session_exists = false;
+
+      await this.instance.detect_incognito_destruction();
+
+      expect(this.callbackCalled).to.be.false;
+    });
+
+    it('with incognitos still open, callback not called', async function() {
+      incognito.state.incognito_session_exists = true;
+      chrome.windows.getAll = func => func([{incognito: true}]);
+
+      await this.instance.detect_incognito_destruction();
+
+      expect(this.callbackCalled, 'not called').to.be.false;
+    });
+
+    it('callback called when last incognito closed', async function() {
+      incognito.state.incognito_session_exists = true;
+      chrome.windows.getAll = func => func([]);
+
+      await this.instance.detect_incognito_destruction();
+      expect(incognito.state.incognito_session_exists, 'constant changed').to.be.false;
+      expect(this.callbackCalled).to.be.true;
+    });
+
+    it('detects when an incognito window is created', function() {
+      this.instance.detect_incognito_creation({incognito: true});
+      expect(incognito.state.incognito_session_exists, 'constant changed').to.be.true;
+    });
+  });
+});
diff --git a/chromium/test/ip_utils_test.js b/chromium/test/ip_utils_test.js
new file mode 100644
index 000000000000..6301872ae646
--- /dev/null
+++ b/chromium/test/ip_utils_test.js
@@ -0,0 +1,92 @@
+'use strict';
+
+const { parseIp, isIpInRange, isLocalIp } = require('../background-scripts/ip_utils');
+
+const assert = require('chai').assert;
+
+describe('ip_utils.js', () => {
+  describe('parseIp', () => {
+    it('rejects an empty string', () => {
+      assert(parseIp('') === -1);
+    });
+
+    it('rejects a string consisting entirely of dots', () => {
+      assert(parseIp('.') === -1);
+      assert(parseIp('..') === -1);
+      assert(parseIp('...') === -1);
+      assert(parseIp('....') === -1);
+    });
+
+    it('rejects a string consisting only of digits', () => {
+      assert(parseIp('1') === -1);
+    });
+
+    it('rejects a string not consisting of four parts separated by dots', () => {
+      assert(parseIp('1.1') === -1);
+      assert(parseIp('1.1.1') === -1);
+      assert(parseIp('1.1.1.1.1') === -1);
+    });
+
+    it('rejects a well-formed IP address followed by one or multiple trailing dots', () => {
+      assert(parseIp('1.1.1.1.') === -1);
+      assert(parseIp('1.1.1.1..') === -1);
+      assert(parseIp('1.1.1.1...') === -1);
+    });
+
+    it('rejects an IP address-like string with omitted parts', () => {
+      assert(parseIp('.1.1.1') === -1);
+      assert(parseIp('1..1.1') === -1);
+      assert(parseIp('1.1..1') === -1);
+      assert(parseIp('1.1.1.') === -1);
+    });
+
+    it('rejects an IP address-like string with invalid parts', () => {
+      assert(parseIp('192.168.1.256') === -1);
+      assert(parseIp('192.168.256.1') === -1);
+      assert(parseIp('192.256.1.1') === -1);
+      assert(parseIp('256.168.1.1') === -1);
+      assert(parseIp('256.168.1.-1') === -1);
+    });
+
+    it('correctly parses well-formed IP addresses', () => {
+      assert(parseIp('192.168.0.1') === 0xc0a80001);
+      assert(parseIp('127.0.0.1') === 0x7f000001);
+      assert(parseIp('1.1.1.1') === 0x01010101);
+      assert(parseIp('8.8.8.8') === 0x08080808);
+    });
+  });
+
+  describe('isIpInRange', () => {
+    it('correctly detects if IP is in range', () => {
+      assert(isIpInRange(0xabadcafe, [0x00000000, 0x00000000]));
+      assert(isIpInRange(0x7f000001, [0x7f000000, 0xff000000]));
+      assert(isIpInRange(0xc0a80001, [0xc0a80000, 0xffff0000]));
+      assert(isIpInRange(0xc0a80101, [0xc0a80100, 0xffffff00]));
+      assert(isIpInRange(0xdeadbeef, [0xdeadbeef, 0xffffffff]));
+    });
+
+    it('correctly detects if IP is outside of range', () => {
+      assert(!isIpInRange(0xaaaaaaaa, [0xdeadbeef, 0xffffffff]));
+      assert(!isIpInRange(0xaaaaaaaa, [0x7f000000, 0xff000000]));
+      assert(!isIpInRange(0xaaaaaaaa, [0xc0a80000, 0xffff0000]));
+    });
+  });
+
+  describe('isLocalIp', () => {
+    it('correctly detects if IP is a private network or loopback address', () => {
+      assert(isLocalIp(0x00000000));
+      assert(isLocalIp(0x7fabcdef));
+      assert(isLocalIp(0x0aabcdef));
+      assert(isLocalIp(0xc0a8abcd));
+      assert(isLocalIp(0xac1abcde));
+    });
+
+    it('correctly detects if IP is not a private network or loopback address', () => {
+      assert(!isLocalIp(0x00abcdef));
+      assert(!isLocalIp(0x01010101));
+      assert(!isLocalIp(0x01000001));
+      assert(!isLocalIp(0x08080808));
+      assert(!isLocalIp(0x08080404));
+    });
+  });
+});
diff --git a/chromium/test/rules_test.js b/chromium/test/rules_test.js
new file mode 100644
index 000000000000..ae31ad0060ba
--- /dev/null
+++ b/chromium/test/rules_test.js
@@ -0,0 +1,221 @@
+'use strict';
+
+const text_encoding = require('text-encoding');
+global.TextDecoder = text_encoding.TextDecoder;
+global.TextEncoder = text_encoding.TextEncoder;
+global.self = global;
+require("../../lib-wasm/pkg/https_everywhere_lib_wasm.js");
+
+const assert = require('chai').assert,
+  rules = require('../background-scripts/rules');
+
+const Rule = rules.Rule,
+  RuleSet = rules.RuleSet,
+  RuleSets = rules.RuleSets,
+  getRule = rules.getRule;
+
+
+describe('rules.js', function() {
+  let test_str = 'test';
+
+  describe('Rule', function() {
+    it('constructs trivial rule', function() {
+      let rule = new Rule('^http:', 'https:');
+      assert.equal(rule.to, rules.trivial_rule.to);
+      assert.deepEqual(rule.from_c, rules.trivial_rule.from_c);
+    });
+  });
+
+  describe('getRule', function() {
+    it('returns trivial rule object', function() {
+      let trivial = rules.trivial_rule;
+      let rule = getRule('^http:', 'https:');
+      assert.equal(rule, trivial);
+    });
+  });
+
+  describe('RuleSet', function() {
+    beforeEach(function() {
+      this.ruleset = new RuleSet('set_name', true, 'note');
+    });
+
+    describe('#apply', function() {
+      it('excludes excluded uris', function() {
+        this.ruleset.exclusions = new RegExp(test_str);
+        assert.isNull(this.ruleset.apply(test_str));
+      });
+
+      it('rewrites uris', function() {
+        let rule = new Rule('^http:', 'https:');
+        this.ruleset.rules.push(rule);
+        assert.equal(this.ruleset.apply('http://example.com/'), 'https://example.com/');
+      });
+
+      it('does nothing when empty', function() {
+        assert.isNull(this.ruleset.apply('http://example.com/'));
+      });
+    });
+
+    describe('#isEquivalentTo', function() {
+      let inputs = ['a', 'b', 'c'];
+
+      it('not equivalent with different input', function() {
+        let rs = new RuleSet(...inputs);
+        assert.isFalse(
+          rs.isEquivalentTo(new RuleSet('e', 'f', 'g'))
+        );
+      });
+      it('not equivalent with different exclusions', function() {
+        let rs_a = new RuleSet(...inputs),
+          rs_b = new RuleSet(...inputs);
+        rs_a.exclusions = new RegExp('foo');
+        rs_b.exclusions = new RegExp('bar');
+
+        assert.isFalse(rs_a.isEquivalentTo(rs_b));
+      });
+
+      it('not equivalent with different rules', function() {
+        let rs_a = new RuleSet(...inputs),
+          rs_b = new RuleSet(...inputs);
+        rs_a.rules.push(new Rule('a', 'a'));
+        rs_b.rules.push(new Rule('b', 'b'));
+
+        assert.isFalse(rs_a.isEquivalentTo(rs_b));
+      });
+
+      it('equivalent to self', function() {
+        let rs = new RuleSet(...inputs);
+        assert.isTrue(rs.isEquivalentTo(rs));
+      });
+    });
+  });
+
+  describe('RuleSets', function() {
+    let rules_json = [{
+      name: "Freerangekitten.com",
+      rule: [{
+        to: "https:",
+        from: "^http:"
+      }],
+      target: ["freerangekitten.com", "www.freerangekitten.com"],
+      exclusion: ["foo", "bar"]
+    }];
+
+    beforeEach(function() {
+      this.rsets = new RuleSets();
+    });
+
+    describe('#addFromJson', function() {
+      it('can add a rule', function() {
+        this.rsets.addFromJson(rules_json);
+        assert.isTrue(this.rsets.targets.has('freerangekitten.com'));
+      });
+
+      it('parses exclusions', function() {
+        this.rsets.addFromJson(rules_json);
+        let rs = [...this.rsets.targets.get('freerangekitten.com')][0];
+        assert.strictEqual(rs.exclusions.source, "foo|bar");
+      });
+    });
+
+    describe('#rewriteURI', function() {
+      it('rewrites host added from json', function() {
+        let host = 'freerangekitten.com';
+        this.rsets.addFromJson(rules_json);
+
+        let newuri = this.rsets.rewriteURI('http://' + host + '/', host);
+
+        assert.strictEqual(newuri, 'https://' + host + '/', 'protocol changed to https');
+      });
+
+      it('does not rewrite unknown hosts', function() {
+        assert.isNull(this.rsets.rewriteURI('http://unknown.com/', 'unknown.com'));
+      });
+
+      it('does not rewrite excluded URLs', function() {
+        this.rsets.addFromJson(rules_json);
+        assert.isNull(this.rsets.rewriteURI('http://freerangekitten.com/foo', 'freerangekitten.com'));
+        assert.isNull(this.rsets.rewriteURI('http://www.freerangekitten.com/bar', 'freerangekitten.com'));
+
+        let newuri = this.rsets.rewriteURI('http://freerangekitten.com/baz', 'freerangekitten.com');
+        assert.strictEqual(newuri, 'https://freerangekitten.com/baz', 'protocol changed to https');
+      });
+    });
+
+    describe('#potentiallyApplicableRulesets', function() {
+      let host = 'example.com',
+        value = [host];
+
+      it('returns nothing when empty', function() {
+        assert.isEmpty(this.rsets.potentiallyApplicableRulesets(host));
+      });
+
+      it('returns nothing for malformed hosts', function() {
+        assert.isEmpty(this.rsets.potentiallyApplicableRulesets('....'));
+      });
+
+      it('returns nothing for empty hosts', function() {
+        assert.isEmpty(this.rsets.potentiallyApplicableRulesets(''));
+      });
+
+      it('returns cached rulesets', function() {
+        this.rsets.ruleCache.set(host, value);
+        assert.deepEqual(this.rsets.potentiallyApplicableRulesets(host), value);
+      });
+
+      it('caches results', function() {
+        this.rsets.targets.set(host, value);
+
+        assert.isEmpty(this.rsets.ruleCache);
+        this.rsets.potentiallyApplicableRulesets(host);
+        assert.isTrue(this.rsets.ruleCache.has(host));
+      });
+
+      describe('wildcard matching', function() {
+
+        it('no wildcard', function() {
+          let target = host;
+          this.rsets.targets.set(target, value);
+
+          let result = this.rsets.potentiallyApplicableRulesets(target),
+            expected = new Set(value);
+
+          assert.deepEqual(result, expected);
+        });
+
+        it('matches left hand side wildcards', function() {
+          let target = '*.' + host;
+          this.rsets.targets.set(target, value);
+
+          let res1 = this.rsets.potentiallyApplicableRulesets('sub.' + host);
+          assert.deepEqual(res1, new Set(value), 'default case');
+
+          let res2 = this.rsets.potentiallyApplicableRulesets(host);
+          assert.isEmpty(res2, 'wildcard does not match parent domains');
+
+          let res3 = this.rsets.potentiallyApplicableRulesets('moresub.sub.' + host);
+          assert.deepEqual(res3, new Set(value), 'wildcard matches sub domains');
+        });
+
+        it('matches right wildcards', function() {
+          const target = host + '.*';
+          this.rsets.targets.set(target, value);
+
+          const res1 = this.rsets.potentiallyApplicableRulesets(host + '.tld');
+          assert.deepEqual(res1, new Set(value), 'default case');
+
+          const res2 = this.rsets.potentiallyApplicableRulesets(host + '.tld.com');
+          assert.isEmpty(res2, 'wildcard matches second level domains');
+        });
+
+        it('ignore middle wildcards', function() {
+          const target = 'www.*.' + host;
+          this.rsets.targets.set(target, value);
+
+          const res1 = this.rsets.potentiallyApplicableRulesets('www.cdn.' + host);
+          assert.isEmpty(res1, 'middle wildcards are matched');
+        });
+      });
+    });
+  });
+});
diff --git a/chromium/test/testing_utils.js b/chromium/test/testing_utils.js
new file mode 100644
index 000000000000..66657aa8fb93
--- /dev/null
+++ b/chromium/test/testing_utils.js
@@ -0,0 +1,29 @@
+'use strict';
+
+function Mock() {
+  let out = function() {
+    out.calledWith = Array.from(arguments);
+  };
+  return out;
+}
+
+function stub(name, value) {
+  let parts = name.split('.'),
+    last = parts.pop(),
+    part = global;
+  parts.forEach(partName => {
+    if (!part.hasOwnProperty(partName)) {
+      part[partName] = {};
+    }
+    part = part[partName];
+  });
+  part[last] = value;
+}
+
+function stubber(namesValues) {
+  namesValues.forEach(nameValue => {
+    stub(...nameValue);
+  });
+}
+
+Object.assign(exports, {Mock, stub, stubber});
diff --git a/chromium/test/update_test.js b/chromium/test/update_test.js
new file mode 100644
index 000000000000..33d96412168e
--- /dev/null
+++ b/chromium/test/update_test.js
@@ -0,0 +1,71 @@
+'use strict';
+
+const assert = require('chai').assert,
+  update = require('../background-scripts/update'),
+  chrome = require("sinon-chrome"),
+  util = require('../background-scripts/util'),
+  atob = require("atob"),
+  TextDecoder = require('text-encoding').TextDecoder,
+  sinon = require('sinon');
+
+const fs = require('fs'),
+  { update_channels } = require('../background-scripts/update_channels'),
+  pako = require('../external/pako-1.0.5/pako_inflate.min.js');
+
+util.setDefaultLogLevel(util.WARN);
+
+describe('update.js', function() {
+  const example_rulesets_gz = fs.readFileSync(__dirname + '/example.rulesets.gz');
+
+  describe('applyStoredRulesets', function() {
+    beforeEach(() => {
+      chrome.flush();
+      if(util.loadExtensionFile.restore) {
+        util.loadExtensionFile.restore();
+      }
+    });
+
+    it('applies compressed rulesets from chrome.storage', function(done) {
+      let apply_promises = [];
+
+      for(let update_channel of update_channels) {
+        const key = 'rulesets: ' + update_channel.name;
+        chrome.storage.local.get.withArgs(key).yields({[key]: example_rulesets_gz});
+      }
+
+      update.applyStoredRulesets({addFromJson: response => {
+        apply_promises.push(new Promise(resolve => {
+          assert.isArray(response);
+          assert.equal(response[0].name, "Example.com");
+          resolve();
+        }));
+
+
+        Promise.all(apply_promises).then(() => done());
+
+      }});
+
+    });
+
+    it('applies rulesets from local extension file', function(done) {
+      for(let update_channel of update_channels) {
+        const key = 'rulesets: ' + update_channel.name;
+        chrome.storage.local.get.withArgs(key).yields({});
+      }
+
+      const example_rulesets_byte_array = pako.inflate(atob(example_rulesets_gz));
+      const example_rulesets = new TextDecoder("utf-8").decode(example_rulesets_byte_array);
+      const example_rulesets_json = JSON.parse(example_rulesets);
+
+      sinon.stub(util, "loadExtensionFile").returns(example_rulesets_json.rulesets);
+
+      update.applyStoredRulesets({addFromJson: response => {
+        assert.isArray(response);
+        assert.equal(response[0].name, "Example.com");
+        done();
+      }});
+    });
+
+  });
+
+});
diff --git a/chromium/test/util_test.js b/chromium/test/util_test.js
new file mode 100644
index 000000000000..af43df7440d1
--- /dev/null
+++ b/chromium/test/util_test.js
@@ -0,0 +1,105 @@
+'use strict';
+
+const assert = require('chai').assert,
+  util = require('../background-scripts/util');
+
+
+describe('util.js', function() {
+  describe('nullIterable', function() {
+    it('is iterable zero times and is size 0', function() {
+      let count = 0;
+      for (let _ of util.nullIterable) { // eslint-disable-line no-unused-vars
+        count += 1;
+      }
+      assert.strictEqual(count, 0);
+      assert.strictEqual(util.nullIterable.size,  0);
+      assert.isEmpty(util.nullIterable);
+    });
+  });
+
+  describe('isValidHostname', function() {
+    it('return true for common hosts', function() {
+      assert.strictEqual(util.isValidHostname('example.com'). true);
+      assert.strictEqual(util.isValidHostname('www.example.com'). true);
+      assert.strictEqual(util.isValidHostname('www.subdomain.example.com'). true);
+    });
+
+    it('return true for wildcard hosts', function() {
+      assert.strictEqual(util.isValidHostname('example.*'). true);
+      assert.strictEqual(util.isValidHostname('example.com.*'). true);
+      assert.strictEqual(util.isValidHostname('*.example.com'). true);
+      assert.strictEqual(util.isValidHostname('*.subdomain.example.com'). true);
+    });
+
+    it('return false for ill-formed hosts', function() {
+      // construct a lengthy hostname which host.length > 255
+      let prefix = "e1234567890.";
+      let lengthyHostname = "example.com";
+
+      for (let i = 0; i < 100; ++i) {
+        lengthyHostname = (prefix + lengthyHostname);
+      }
+
+      assert.strictEqual(util.isValidHostname(null), false);
+      assert.strictEqual(util.isValidHostname(''), false);
+      assert.strictEqual(util.isValidHostname(lengthyHostname), false);
+      assert.strictEqual(util.isValidHostname('example..com'), false);
+      assert.strictEqual(util.isValidHostname('www.example..com'), false);
+    });
+  });
+
+  describe('getNormalisedHostname', function() {
+    it('preserve port numbers', function() {
+      assert.strictEqual(util.getNormalisedHostname('example.com'), 'example.com');
+      assert.strictEqual(util.getNormalisedHostname('example.com:8080'), 'example.com:8080');
+    });
+
+    it('removes tailing dots and preserve port numbers', function() {
+      assert.strictEqual(util.getNormalisedHostname('example.com.'), 'example.com');
+      assert.strictEqual(util.getNormalisedHostname('example.com.:8080'), 'example.com:8080');
+      assert.strictEqual(util.getNormalisedHostname('example.com..'), 'example.com');
+      assert.strictEqual(util.getNormalisedHostname('example.com..:8080'), 'example.com:8080');
+    });
+
+    it('preserves a single dot', function() {
+      assert.strictEqual(util.getNormalisedHostname('.'), '.');
+    });
+  });
+
+  describe('getWildcardExpressions', function() {
+    it('return empty result for ill-formed hosts', function() {
+      assert.strictEqual(util.getWildcardExpressions(null).size, 0);
+      assert.strictEqual(util.getWildcardExpressions('').size, 0);
+      assert.strictEqual(util.getWildcardExpressions('example.com..').size, 0);
+    });
+
+    it('return empty result for wildcard hosts', function() {
+      assert.strictEqual(util.getWildcardExpressions('example.*').size, 0);
+      assert.strictEqual(util.getWildcardExpressions('example.com.*').size, 0);
+      assert.strictEqual(util.getWildcardExpressions('*.example.com').size, 0);
+      assert.strictEqual(util.getWildcardExpressions('*.subdomain.example.com').size, 0);
+    });
+
+    it('return list of supported wildcard expression', function() {
+      const params = {
+        'example.com': [
+          'example.*'
+        ],
+        'www.example.com': [
+          'www.example.*',
+          '*.example.com'
+        ],
+        'x.y.z.google.com': [
+          'x.y.z.google.*',
+          '*.y.z.google.com',
+          '*.z.google.com',
+          '*.google.com',
+        ]
+      };
+
+      for (const host in params) {
+        assert.deepEqual(util.getWildcardExpressions(host), params[host]);
+      }
+    });
+  });
+});
diff --git a/chromium/updates-master.xml b/chromium/updates-master.xml
deleted file mode 100644
index f6cb139b03ce..000000000000
--- a/chromium/updates-master.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<?xml version='1.0' encoding='UTF-8'?>
-<gupdate xmlns='http://www.google.com/update2/response' protocol='2.0'>
-  <app appid='gcbommkclmclpchllfjekcdonpmejbdp'>
-    <updatecheck codebase='https://eff.org/files/https-everywhere-chrome-VERSION.crx' version='VERSION' />
-  </app>
-</gupdate>
diff --git a/chromium/util.js b/chromium/util.js
deleted file mode 100644
index ede0e66c9a17..000000000000
--- a/chromium/util.js
+++ /dev/null
@@ -1,20 +0,0 @@
-VERB=1;
-DBUG=2;
-INFO=3;
-NOTE=4;
-WARN=5;
-// FYI: Logging everything is /very/ slow. Chrome will log & buffer
-// these console logs even when the debug tools are closed. :(
-
-// TODO: Add an easy UI to change the log level.
-// (Developers can just type DEFAULT_LOG_LEVEL=1 in the console)
-DEFAULT_LOG_LEVEL=4;
-function log(level, str) {
-    if (level >= DEFAULT_LOG_LEVEL) {
-        if (level === WARN) {
-            // Show warning with a little yellow icon in Chrome.
-            console.warn(str);
-        }
-        console.log(str);
-    }
-}
diff --git a/docs/README.md b/docs/README.md
new file mode 100644
index 000000000000..129e8e6890a4
--- /dev/null
+++ b/docs/README.md
@@ -0,0 +1,13 @@
+# HTTPS Everywhere Documentation
+
+The markdown files contained in this path provide documentation for
+contributing to HTTPS Everywhere.  These files are also templates that can be
+used to generate the markup for HTTPS Everywhere pages under
+`https://www.eff.org/https-everywhere`.  To do so, install the program `pandoc`
+and run
+
+    pandoc faq.md
+
+Copy the output, excluding the header on the first line, to the source of the
+relevant page within the CMS.  Note that some of the pages are dynamically
+generated and are not generated from templates contained here.
diff --git a/docs/adrs/bloom-filter-rule-signing.md b/docs/adrs/bloom-filter-rule-signing.md
new file mode 100644
index 000000000000..09b0fda6f2aa
--- /dev/null
+++ b/docs/adrs/bloom-filter-rule-signing.md
@@ -0,0 +1,28 @@
+# Bloom Filters and Async Rust for Ruleset Signing
+
+* Status: Deployed
+* Deciders: EFF (@zoracon and @hainish)
+* Deploy Date: 2021-03-03
+
+## Context and Problem Statement
+
+With larger ruleset lists to be signed on the DuckDuckGo Update channel, a better way to digest and form ruleset files were needed.
+
+## Decision Drivers
+
+* Bloom filters are able to ingest greater data sets at less memory expense
+* Rust is already incorporated in HTTPS Everywhere and is a memory safe language
+
+## Decision Outcome
+
+Created an async Rust script that ingests DuckDuckGo's Smarter Encryption list, compares to the Majestic Million list, and forms a bloom file and associated metadata.
+
+### Consequences and Concerns
+
+An accepted false positive is declared when the filter is generated.
+
+[Comment](https://github.com/EFForg/https-everywhere/pull/19910#issuecomment-771102775)
+
+## Links for Further Context
+* [Bloom Filter Script](https://github.com/EFForg/generate-smarter-encryption-bloom-filter)
+
diff --git a/docs/adrs/duckduckgo-smarter-encryption.md b/docs/adrs/duckduckgo-smarter-encryption.md
new file mode 100644
index 000000000000..a9c49824c9ae
--- /dev/null
+++ b/docs/adrs/duckduckgo-smarter-encryption.md
@@ -0,0 +1,33 @@
+# Incorporating DuckDuckGo Smarter Encryption
+
+* Status: Pending
+* Deciders: EFF (@zoracon and @hainish) and DuckDuckGo
+* Deploy Date: 2021-04-15
+
+## Context and Problem Statement
+
+With the increased HTTPS traffic, the current model of listed sites that support HTTPS is no longer a maintenance task that makes sense to uphold.
+
+## Decision Drivers
+
+* Firefox has an HTTPS-Only option
+* Browsers and websites are moving away from issues that created need for more granular ruleset maintenance.
+    * Mixed content is now blocked in major browsers
+    * Different domains for secure connection are now an older habit (i.e. secure.google.com)
+    * TLS 1.0, 1.1 deprecation 
+* Chrome’s Manifest V3 will force the extensions to have a ruleset cap. Instead of competing with other extensions like DuckDuckGo,  if the user prefers to use HTTPS Everywhere or DuckDuckGo's privacy essentials, we will provide the same coverage.
+* DuckDuckGo’s Smarter Encryption covers more domains than our current, more manual model.
+
+## Decision Outcome
+
+We chose to add the DuckDuckGo Smarter Encryption update channel, because it no longer is beneficial to diverse efforts with others with similar goals in this space.
+
+### Consequences and Concerns
+
+* We have many downstream partners supported and unofficial that rely on our current rulesets. This transition gives them time to make the needed decisions on their before we completely switch over to using DuckDuckGo's Smarter Encryption, and sunset our current rulesets in HTTPS Everywhere
+* …
+
+## Links for Further Context
+
+* https://spreadprivacy.com/duckduckgo-smarter-encryption/
+* https://www.eff.org/deeplinks/2020/11/10-years-https-everywhere
\ No newline at end of file
diff --git a/docs/default b/docs/default
new file mode 120000
index 000000000000..3e0b4191bfec
--- /dev/null
+++ b/docs/default
@@ -0,0 +1 @@
+en_US
\ No newline at end of file
diff --git a/docs/en_US/development.md b/docs/en_US/development.md
new file mode 100644
index 000000000000..b6041f652a98
--- /dev/null
+++ b/docs/en_US/development.md
@@ -0,0 +1,138 @@
+## HTTPS Everywhere Development
+
+### Pointers for developers
+
+*   **License:** GPL version 3+ (although most of the code is GPL-2 compatible)
+*   **Source code:** Available via Git with `git clone
+    https://github.com/EFForg/https-everywhere.git`. You can fork and open pull
+    requests using Github at
+    [https://github.com/EFForg/https-everywhere](https://github.com/EFForg/https-everywhere).
+*   **Translations:** If you would like to help translate HTTPS Everywhere into
+    another language, you can do that [through
+    Transifex](https://www.transifex.com/otf/torproject/).
+*   **Bug tracker:** Use the [GitHub issue
+    tracker](https://github.com/EFForg/https-everywhere/issues/) or the [Tor
+    Project issue tracker](https://trac.torproject.org/projects/tor/report/19).
+    For the Tor Project issue tracker, you can make an account or use the
+    anonymous one — "cypherpunks"/"writecode". You won't see replies unless you
+    put an email address in the CC field. Bugs that are caused by rulesets
+    should be tagged "httpse-ruleset-bug", and can be viewed [in this
+    report](https://trac.torproject.org/projects/tor/report/48).
+*   **Mailing lists:** The
+    [https-everywhere](https://lists.eff.org/mailman/listinfo/https-everywhere)
+    list ([archives](https://lists.eff.org/pipermail/https-everywhere/)) is for
+    discussing the project as a whole; the
+    [https-everywhere-rules](https://lists.eff.org/mailman/listinfo/https-everywhere-rules)
+    mailing list
+    ([archives](https://lists.eff.org/pipermail/https-everywhere-rules)) is for
+    discussing the [rulesets](https://www.eff.org/https-everywhere/rulesets)
+    and their contents, including patches and git pull requests.
+*   **IRC:** `#https-everywhere` on `irc.oftc.net`; if you don't have an IRC
+    client application already installed, you can [use this webchat
+    interface](https://webchat.oftc.net/?channels=#https-everywhere). If you
+    ask a question, be sure to stay in the channel — someone may reply a few
+    hours or a few days later.
+
+### Testing and contributing changes to the source code
+
+HTTPS Everywhere consists of a large number of rules for switching sites from
+HTTP to HTTPS. You can read more about how to write these rules
+[here](https://www.eff.org/https-everywhere/rulesets).
+
+If you want to create new rules to submit to us, we expect them to be in the
+src/chrome/content/rules directory. That directory also contains a useful
+script, make-trivial-rule, to create a simple rule for a specified domain.
+There is also a script in test/validations/special/run.py, to check all the
+pending rules for several common errors and oversights. For example, if you
+wanted to make a rule for the example.com domain, you could run
+
+    bash ./make-trivial-rule example.com
+
+inside the rules directory. This would create Example.com.xml, which you could
+then take a look at and edit based on your knowledge of any specific URLs at
+example.com that do or don't work in HTTPS.
+
+Before submitting your change, you should test it in Firefox and/or Chrome, as
+applicable. You can build the latest version of the extension and run it in a
+standalone Firefox profile using:
+
+    bash ./test.sh --justrun
+
+Similarly, to build and run in a standalone Chromium profile, run:
+
+    bash ./run-chromium.sh
+
+You should thoroughly test your changes on the target site: Navigate to as wide
+a variety of pages as you can find. Try to comment or log in if applicable.
+Make sure everything still works properly.
+
+After running your manual tests, run the automated tests and the fetch tests:
+
+    bash ./test.sh
+
+    bash ./fetch-test.sh
+
+This will catch some of the most common types of errors, but is not a
+guaranteed of correctness.
+
+Once you've tested your changes, you can submit them for review via any of the
+following:
+
+*   Open a pull request at
+    [https://github.com/EFForg/https-everywhere](https://github.com/EFForg/https-everywhere).
+*   Email https-everywhere-rules@eff.org to tell us about your changes. You can
+    use the following command to create a patch file: `git format-patch`
+
+### A quick HOWTO on working with Git
+
+You may want to also look at the [Git Reference](http://gitref.org/), [GitHub
+Help Site](https://help.github.com/) and the [Tor Project's Git
+documentation](https://gitweb.torproject.org/githax.git/tree/doc/Howto.txt) to
+fill in the gaps here, but the below should be enough to get the basics of the
+workflow down.
+
+First, tell git your name:
+
+    git config --global user.name "Your Name"
+    git config --global user.email "you@example.com"
+
+Then, get a copy of the 'origin' repository:
+
+    git clone https://github.com/EFForg/https-everywhere.git
+    cd https-everywhere
+
+Alternatively, if you already have a Github account, you can create a "fork" of
+the repository on Github at
+[https://github.com/EFForg/https-everywhere](https://github.com/EFForg/https-everywhere).
+See [this page](https://help.github.com/articles/fork-a-repo) for a tutorial.
+
+Once you have a local copy of the repository, create a new branch for your
+changes and check it out:
+
+    git checkout -b my-new-rules master
+
+When you want to send us your work, you'll need to add any new files to the
+index with git add:
+
+    git add ./src/chrome/content/rules/MyRule1.xml
+    git add ./src/chrome/content/rules/MyRule2.xml
+
+You can now commit your changes to the local branch. To make things easier, you
+should commit each xml file individually:
+
+    git commit ./src/chrome/content/rules/MyRule1.xml
+    git commit ./src/chrome/content/rules/MyRule2.xml
+
+Now, you need a place to publish your changes. You can create a github account
+here: [https://github.com/join](https://help.github.com/).
+[https://help.github.com/](https://help.github.com/) describes the account
+creation process and some other github-specific things.
+
+Once you have created your account and added your remote in your local
+checkout, you want to push your branch to your github remote:
+
+    git push github my-new-rules:my-new-rules
+
+Periodically, you should re-fetch the master repository:
+
+    git pull master
diff --git a/docs/en_US/faq.md b/docs/en_US/faq.md
new file mode 100644
index 000000000000..1a805b5bcf53
--- /dev/null
+++ b/docs/en_US/faq.md
@@ -0,0 +1,308 @@
+## HTTPS Everywhere FAQ
+
+This page answers frequently-asked questions about EFF's [HTTPS
+Everywhere](https://www.eff.org/https-everywhere) project. If your question
+isn't answered below, you can try the resources [listed
+here](https://www.eff.org/https-everywhere/development).
+
+*   [What if HTTPS Everywhere breaks some site that I
+    use?](#what-if-https-everywhere-breaks-some-site-that-i-use)
+*   [Why is HTTPS Everywhere preventing me from joining this hotel/school/other
+    wireless
+    network?](#why-is-https-everywhere-preventing-me-from-joining-this-hotelschoolother-wireless-network)
+*   [Will there be a version of HTTPS Everywhere for IE, Safari, or some other
+    browser?](#will-there-be-a-version-of-https-everywhere-for-ie-safari-or-some-other-browser)
+*   [Why use a allowlist of sites that support HTTPS? Why can't you try to use
+    HTTPS for every last site, and only fall back to HTTP if it isn't
+    available?](#why-use-a-allowlist-of-sites-that-support-https-why-cant-you-try-to-use-https-for-every-last-site-and-only-fall-back-to-http-if-it-isnt-available)
+*   [How do I get rid of/move the HTTPS Everywhere button in the
+    toolbar?](#how-do-i-get-rid-ofmove-the-https-everywhere-button-in-the-toolbar)
+*   [When does HTTPS Everywhere protect me? When does it not protect
+    me?](#when-does-https-everywhere-protect-me-when-does-it-not-protect-me)
+*   [What does HTTPS Everywhere protect me
+    against?](#what-does-https-everywhere-protect-me-against)
+*   [How do I get support for an additional site in HTTPS
+    Everywhere?](#how-do-i-get-support-for-an-additional-site-in-https-everywhere)
+*   [What if the site doesn't support HTTPS, or only supports it for some
+    activities, like entering credit card
+    information?](#what-if-the-site-doesnt-support-https-or-only-supports-it-for-some-activities-like-entering-credit-card-information)
+*   [Isn't it more expensive or slower for a site to support HTTPS compared to
+    regular
+    HTTP?](#isnt-it-more-expensive-or-slower-for-a-site-to-support-https-compared-to-regular-http)
+*   [Why should I use HTTPS Everywhere instead of just typing https:// at the
+    beginning of site
+    names?](#why-should-i-use-https-everywhere-instead-of-just-typing-https-at-the-beginning-of-site-names)
+*   [Why does HTTPS Everywhere include rules for sites like PayPal that already
+    require HTTPS on all their
+    pages?](#why-does-https-everywhere-include-rules-for-sites-like-paypal-that-already-require-https-on-all-their-pages)
+*   [What do the different colors for rulesets in the Firefox toolbar menu
+    mean?](#what-do-the-different-colors-for-rulesets-in-the-firefox-toolbar-menu-mean)
+*   [What do the different colors of the HTTPS Everywhere icon
+    mean?](#what-do-the-different-colors-of-the-https-everywhere-icon-mean)
+*   [I'm having a problem installing the browser
+    extension.](#im-having-a-problem-installing-the-browser-extension.)
+*   [How do I uninstall/remove HTTPS
+    Everywhere?](#how-do-i-uninstallremove-https-everywhere)
+*   [How do I add my own site to HTTPS
+    Everywhere?](#how-do-i-add-my-own-site-to-https-everywhere)
+*   [Can I help translate HTTPS Everywhere into my own
+    language?](#can-i-help-translate-https-everywhere-into-my-own-language)
+
+### [What if HTTPS Everywhere breaks some site that I use?](#what-if-https-everywhere-breaks-some-site-that-i-use)
+
+This is occasionally possible because of inconsistent support for HTTPS on
+sites (e.g., when a site seems to support HTTPS access but makes a few,
+unpredictable, parts of the site unavailable in HTTPS). If you [report the
+problem to us](https://github.com/EFForg/https-everywhere/issues), we can try
+to fix it. In the meantime, you can disable the rule affecting that particular
+site in your own copy of HTTPS Everywhere by clicking on the HTTPS Everywhere
+toolbar button and unchecking the rule for that site.
+
+You can also report the problem to the site, since they have the power to fix
+it!
+
+### [Why is HTTPS Everywhere preventing me from joining this hotel/school/other wireless network?](#why-is-https-everywhere-preventing-me-from-joining-this-hotelschoolother-wireless-network)
+
+Some wireless networks hijack your HTTP connections when you first join them,
+in order to demand authentication or simply to try to make you agree to terms
+of use. HTTPS pages are protected against this type of hijacking, which is as
+it should be. If you go to a website that isn't protected by HTTPS Everywhere
+or by HSTS (currently, example.com is one such site), that will allow your
+connection to be captured and redirected to the authentication or terms of use
+page.
+
+### [Will there be a version of HTTPS Everywhere for IE, Safari, or some other browser?](#will-there-be-a-version-of-https-everywhere-for-ie-safari-or-some-other-browser)
+
+As of early 2012, the Safari extension API does not offer a way to perform
+secure rewriting of http requests to https. But if you happen to know a way to
+perform secure request rewriting in these browsers, feel free to let us know at
+https-everywhere at EFF.org (but note that modifying document.location or
+window.location in JavaScript is not secure).
+
+### [Why use a allowlist of sites that support HTTPS? Why can't you try to use HTTPS for every last site, and only fall back to HTTP if it isn't available?](#why-use-a-allowlist-of-sites-that-support-https-why-cant-you-try-to-use-https-for-every-last-site-and-only-fall-back-to-http-if-it-isnt-available)
+
+There are several problems with the idea of trying to automatically detect
+HTTPS on every site. There is no guarantee that sites are going to give the
+same response via HTTPS that they give via HTTP. Also, it's not possible to
+test for HTTPS in real time without introducing security vulnerabilities (What
+should the extension do if the HTTPS connection attempt fails? Falling back to
+insecure HTTP isn't safe). And in some cases, HTTPS Everywhere has to perform
+quite complicated transformations on URIs — for example until recently the
+Wikipedia rule had to turn an address like
+`http://en.wikipedia.org/wiki/World_Wide_Web` into one like
+`https://secure.wikimedia.org/wikipedia/en/wiki/World_Wide_Web` because HTTPS
+was not available on Wikipedia's usual domains.
+
+### [How do I get rid of/move the HTTPS Everywhere button in the toolbar?](#how-do-i-get-rid-ofmove-the-https-everywhere-button-in-the-toolbar)
+
+The HTTPS Everywhere button is useful because it allows you to see, and
+disable, a ruleset if it happens to be causing problems with a site. But if
+you'd rather disable it, go to View->Toolbars->Customize, and drag the button
+out of the toolbar into the Addons bar at the bottom of the page. Then you can
+hide the Addons bar. (In theory you should be able to drag it into the tray of
+available icons too, but that may trigger [this
+bug](https://trac.torproject.org/projects/tor/ticket/6276).
+
+### [When does HTTPS Everywhere protect me? When does it not protect me?](#when-does-https-everywhere-protect-me-when-does-it-not-protect-me)
+
+HTTPS Everywhere protects you only when you are using _encrypted portions of
+supported web sites_. On a supported site, it will automatically activate HTTPS
+encryption for all known supported parts of the site (for some sites, this
+might be only a portion of the entire site). For example, if your web mail
+provider does not support HTTPS at all, HTTPS Everywhere can't make your access
+to your web mail secure. Similarly, if a site allows HTTPS for text but not
+images, someone might be able to see which images your browser loads and guess
+what you're accessing.
+
+HTTPS Everywhere depends entirely on the security features of the individual
+web sites that you use; it _activates_ those security features, but it can't
+_create_ them if they don't already exist. If you use a site not supported by
+HTTPS Everywhere or a site that provides some information in an insecure way,
+HTTPS Everywhere can't provide additional protection for your use of that site.
+Please remember to check that a particular site's security is working to the
+level you expect before sending or receiving confidential information,
+including passwords.
+
+One way to determine what level of protection you're getting when using a
+particular site is to use a packet-sniffing tool like
+[Wireshark](https://www.wireshark.org/) to record your own communications with
+the site. The resulting view of your communications is about the same as what
+an eavesdropper on your wifi network or at your ISP would see. This way, you
+can determine whether some or all of your communications would be protected;
+however, it may be quite time-consuming to make sense of the Wireshark output
+with enough care to get a definitive answer.
+
+You can also turn on the "Block all HTTP requests" feature for added
+protection. Instead of loading insecure pages or images, HTTPS Everywhere will
+block them outright.
+
+### [What does HTTPS Everywhere protect me against?](#what-does-https-everywhere-protect-me-against)
+
+On supported parts of supported sites, HTTPS Everywhere enables the sites'
+HTTPS protection which can protect you against eavesdropping and tampering with
+the contents of the site or with the information you send to the site. Ideally,
+this provides some protection against an attacker learning the content of the
+information flowing in each direction — for instance, the text of e-mail
+messages you send or receive through a webmail site, the products you browse or
+purchase on an e-commerce site, or the particular articles you read on a
+reference site.
+
+However, HTTPS Everywhere **does not conceal the identities of the sites you
+access**, the amount of time you spend using them, or the amount of information
+you upload or download from a particular site. For example, if you access
+`http://www.eff.org/issues/nsa-spying` and HTTPS Everywhere rewrites it to
+`https://www.eff.org/issues/nsa-spying`, an eavesdropper can still trivially
+recognize that you are accessing www.eff.org (but might not know which issue
+you are reading about). In general, the entire hostname part of the URL remains
+exposed to the eavesdropper because this must be sent repeatedly in unencrypted
+form while setting up the connection. Another way of saying this is that HTTPS
+was never designed to conceal the identity of the sites that you visit.
+
+Researchers have also shown that it may be possible for someone to figure out
+more about what you're doing on a site merely through careful observation of
+the amount of data you upload and download, or the timing patterns of your use
+of the site. A simple example is that if the site only has one page of a
+certain total size, anyone downloading exactly that much data from the site is
+probably accessing that page.
+
+If you want to protect yourself against monitoring of the sites you visit,
+consider using HTTPS Everywhere together with software like
+[Tor](https://www.torproject.org/).
+
+### [How do I get support for an additional site in HTTPS Everywhere?](#how-do-i-get-support-for-an-additional-site-in-https-everywhere)
+
+You can learn [how to write
+rules](https://www.eff.org/https-everywhere/rulesets) that teach HTTPS
+Everywhere to support new sites. You can install these rules in your own
+browser or send them to us for possible inclusion in the official version.
+
+### [What if the site doesn't support HTTPS, or only supports it for some activities, like entering credit card information?](#what-if-the-site-doesnt-support-https-or-only-supports-it-for-some-activities-like-entering-credit-card-information)
+
+You could try to contact the site and point out that using HTTPS for all site
+features is an increasingly common practice nowadays and protects users (and
+sites) against a variety of Internet attacks. For instance, it defends against
+the ability of other people on a wifi network to spy on your use of the site or
+even take over your account. You can also point out that credit card numbers
+aren't the only information you consider private or sensitive.
+
+Sites like Google, Twitter, and Facebook now support HTTPS for non-financial
+information — for general privacy and security reasons.
+
+### [Isn't it more expensive or slower for a site to support HTTPS compared to regular HTTP?](#isnt-it-more-expensive-or-slower-for-a-site-to-support-https-compared-to-regular-http)
+
+It can be, but some sites have been pleasantly surprised to see how practical
+it can be. Also, experts at Google are currently implementing several
+enhancements to the TLS protocol that make HTTPS dramatically faster; if these
+enhancements are added to the standard soon, the speed gap between the two
+should almost disappear. See [Adam Langley's description of the HTTPS
+deployment
+situation](https://www.imperialviolet.org/2010/06/25/overclocking-ssl.html) for
+more details on these issues. Notably, Langley states: "In order to [enable
+HTTPS by default for Gmail] we had to deploy no additional machines and no
+special hardware. On our production frontend machines, SSL/TLS accounts for
+less than 1% of the CPU load, less than 10KB of memory per connection and less
+than 2% of network overhead."
+
+It used to be expensive to purchase a certificate for HTTPS usage, but they can
+now be obtained for free from [Let's Encrypt](https://letsencrypt.org/) as
+well.
+
+### [Why should I use HTTPS Everywhere instead of just typing https:// at the beginning of site names?](#why-should-i-use-https-everywhere-instead-of-just-typing-https-at-the-beginning-of-site-names)
+
+Even if you normally type https://, HTTPS Everywhere might protect you if you
+occasionally forget. Also, it can rewrite other people's links that you follow.
+For instance, if you click on a link to
+`http://en.wikipedia.org/wiki/EFF_Pioneer_Award`, HTTPS Everywhere will
+automatically rewrite the link to
+`https://en.wikimedia.org/wikipedia/en/wiki/EFF_Pioneer_Award`. Thus, you might
+get some protection even if you wouldn't have noticed that the target site is
+available in HTTPS.
+
+### [Why does HTTPS Everywhere include rules for sites like PayPal that already require HTTPS on all their pages?](#why-does-https-everywhere-include-rules-for-sites-like-paypal-that-already-require-https-on-all-their-pages)
+
+HTTPS Everywhere, like the [HSTS
+spec](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security), tries to
+address an attack called [SSL stripping](https://moxie.org/software/sslstrip/).
+Users are only protected against the SSL stripping attack if their browsers
+don't even _try_ to connect to the HTTP version of the site — even if the site
+would have redirected them to the HTTPS version. With HTTPS Everywhere, the
+browser won't even attempt the insecure HTTP connection, even if that's what
+you ask it to do. (Note that HTTPS Everywhere currently does not include a
+comprehensive list of such sites, which are mainly financial institutions.)
+
+### [What do the different colors for rulesets in the Firefox toolbar menu mean?](#what-do-the-different-colors-for-rulesets-in-the-firefox-toolbar-menu-mean)
+
+The colors are:
+
+Dark Green: ruleset was active in loading the resources in the current page.
+
+Light Green: ruleset was ready to prevent HTTP loads in the current page, but
+everything that the ruleset would have covered was loaded over HTTPS anyway (in
+the code, light green is called a "moot rule").
+
+Dark Brown or Clockwise Red Arrow: broken rule -- the ruleset is active but the
+server is redirecting at least some URLs back from HTTPS to HTTP.
+
+Gray: the ruleset is disabled.
+
+### [What do the different colors of the HTTPS Everywhere icon mean?](#what-do-the-different-colors-of-the-https-everywhere-icon-mean)
+
+The colors are:
+
+Light Blue: HTTPS Everywhere is enabled.
+
+Dark Blue: HTTPS Everywhere is both enabled and active in loading resources in
+the current page.
+
+Red: All unencrypted requests will be blocked by HTTPS Everywhere.
+
+Gray: HTTPS Everywhere is disabled.
+
+### [I'm having a problem installing the browser extension.](#im-having-a-problem-installing-the-browser-extension.)
+
+Some people report that installing HTTPS Everywhere gives them the error: "The
+addon could not be downloaded because of a connection failure on www.eff.org."
+This may be caused by Avast anti-virus, which blocks installation of browser
+extensions. You may be able to [install from addons.mozilla.org
+instead](https://addons.mozilla.org/en-US/firefox/addon/https-everywhere/).
+
+### [How do I uninstall/remove HTTPS Everywhere?](#how-do-i-uninstallremove-https-everywhere)
+
+In Firefox: Click the menu button in the top right of the window at the end of
+the toolbar (it looks like three horizontal lines), and then click "Add-ons"
+(it looks like a puzzle piece). Scroll until you see HTTPS Everywhere, and then
+click the "Remove" button all the way on the right. You can then safely close
+the Add-ons tab.
+
+In Chrome: Click the menu button in the top right of the window at the end of
+the toolbar (it looks like three horizontal lines), and then click "Settings"
+near the bottom. On the left, click "Extensions". Scroll until you see HTTPS
+Everywhere, and then click the trash can icon on the right, and then click
+"Remove" to confirm removal. You can then safely close the Settings tab.
+
+### [How do I add my own site to HTTPS Everywhere?](#how-do-i-add-my-own-site-to-https-everywhere)
+
+We're excited that you want your site in HTTPS Everywhere! However, remember
+that not everyone who visits your site has our extension installed. If you run
+a web site, you can make it default to HTTPS for everyone, not just HTTPS
+Everywhere users. And it's less work! The steps you should take, in order, are:
+
+1.  Set up a
+    [redirect](https://www.sslshopper.com/apache-redirect-http-to-https.html)
+    from HTTP to HTTPS on your site.
+2.  [Add the Strict-Transport-Security (HSTS) header on your
+    site.](https://raymii.org/s/tutorials/HTTP_Strict_Transport_Security_for_Apache_NGINX_and_Lighttpd.html)
+3.  [Add your site to the HSTS Preload list.](https://hstspreload.appspot.com/)
+
+These steps will give your site much better protection than adding it to HTTPS
+Everywhere. Generally speaking, once you are done, there is no need to add your
+site to HTTPS Everywhere. However, if you would still like to, please follow
+the [instructions on writing
+rulesets](https://eff.org/https-everywhere/rulesets), and indicate that you are
+the author of the web site when you submit your pull request.
+
+### [Can I help translate HTTPS Everywhere into my own language? ](#can-i-help-translate-https-everywhere-into-my-own-language)
+
+Yes! We use the Tor Project's Transifex account for translations, please sign
+up to help translate at
+[https://www.transifex.com/otf/torproject](https://www.transifex.com/otf/torproject).
diff --git a/docs/en_US/https-everywhere-popup-updated.png b/docs/en_US/https-everywhere-popup-updated.png
new file mode 100644
index 000000000000..02023090383a
Binary files /dev/null and b/docs/en_US/https-everywhere-popup-updated.png differ
diff --git a/docs/en_US/https-everywhere-popup.png b/docs/en_US/https-everywhere-popup.png
new file mode 100644
index 000000000000..373cba228739
Binary files /dev/null and b/docs/en_US/https-everywhere-popup.png differ
diff --git a/docs/en_US/https-updates.png b/docs/en_US/https-updates.png
new file mode 100644
index 000000000000..61b79a28a0b5
Binary files /dev/null and b/docs/en_US/https-updates.png differ
diff --git a/docs/en_US/my-lan.png b/docs/en_US/my-lan.png
new file mode 100644
index 000000000000..4442b022754f
Binary files /dev/null and b/docs/en_US/my-lan.png differ
diff --git a/docs/en_US/options.png b/docs/en_US/options.png
new file mode 100644
index 000000000000..77b8e5d5dce4
Binary files /dev/null and b/docs/en_US/options.png differ
diff --git a/docs/en_US/ruleset-update-channels.md b/docs/en_US/ruleset-update-channels.md
new file mode 100644
index 000000000000..24828ac0129d
--- /dev/null
+++ b/docs/en_US/ruleset-update-channels.md
@@ -0,0 +1,180 @@
+* [Ruleset Update Channels](#ruleset-update-channels)
+  * [Update Channel Format & Logic](#update-channel-format--logic)
+  * [Publishing Custom Update Channels](#publishing-custom-update-channels)
+    * [1. Creating an RSA key and generating a `jwk` object from it](#1-creating-an-rsa-key-and-generating-a-jwk-object-from-it)
+    * [2. Signing rulesets with this key](#2-signing-rulesets-with-this-key)
+      * [Setup](#setup)
+      * [Signing](#signing)
+    * [3. Publishing those rulesets somewhere](#3-publishing-those-rulesets-somewhere)
+    * [4. Getting users to use your update channel](#4-getting-users-to-use-your-update-channel)
+  * [Adding and Deleting Update Channels](#adding-and-deleting-update-channels)
+
+# Ruleset Update Channels
+
+Whenever you download HTTPS Everywhere, it comes with a long list of *rulesets* that are maintained by the community.  These rulesets tell HTTPS Everywhere when and how to redirect requests to the secure version of a site.  HTTPS Everywhere includes tens of thousands of these rulesets, which are public and ever-changing as we expand and improve coverage.  They are delivered to you with each new version of the extension, along with all the code that makes up the extension itself.  Between and in addition to extension updates, code within the extension fetches regular updates to the rulesets.  This ensures that you get more up-to-date coverage for sites that offer HTTPS, and you'll encounter fewer sites that break due to bugs in our list of supported sites.
+
+![](https-updates.png)
+
+We deliver these rulesets via what we call an *update channel*.  Currently, HTTPS Everywhere is delivered with a single update channel, named `EFF (Full)`.  You can see this channel when you click on the HTTPS Everywhere icon and look at the bottom of the popup:
+
+![](https-everywhere-popup.png)
+
+First, the extension version is shown (in this case 2018.8.22), and then the version of the rulesets for a given update channel is shown (in this case 2018.8.30).
+
+## Update Channel Format & Logic
+
+Update channels can be found in [`chromium/background-scripts/update_channels.js`](https://github.com/EFForg/https-everywhere/blob/master/chromium/background-scripts/update_channels.js), and consist of:
+
+1. A `name` string, which identifies it and will be displayed in the extension popup
+2. A `jwk` object, which defines the RSA public key to use when verifying downloaded rulesets
+3. A `update_path_prefix` string, which tells the extension where to look for new rulesets
+4. A `scope` string, which is used to construct a JavaScript `RegExp` object
+5. A `replaces_default_rulesets` boolean, which tells the extension whether to overwrite the rulesets bundled with the extension
+
+Every 24 hours, the extension checks the URL contained in `update_path_prefix` appended with `/latest-rulesets-timestamp` (in the case of `EFF (Full)`, `https://www.https-rulesets.org/v1//latest-rulesets-timestamp`).  If it discovers the timestamp has updated since the last time it fetched the rulesets, it will download a new ruleset, following the format `update_path_prefix` appended with `default.rulesets.XXXXXXXXXX.gz`, where `XXXXXXXXXX` is the timestamp discovered in the previous request.  At the same time, a corresponding signature for that file is downloaded, `update_path_prefix` appended with `rulesets-signature.XXXXXXXXXX.sha256`, again with the timestamp replacing the `XXXXXXXXXX`.
+
+It then attempts to verify the rulesets, which are signed with the private RSA key corresponding to the public key in the update channel's `jwk` object.  If the signature verifies, the rulesets are stored and applied to the running instance of the extension.  If it can not be verified, the rulesets are discarded and the last known good state is used.
+
+Once the rulesets are stored, they will be allowed to operate on URLs only within the `scope` of the update channel, as found above.  URLs must match the regular expression in this string in order to be redirected.  This string will be used as the first and only argument when constructing a JavaScript `RegExp` object.  If you wanted to define an update channel that only operated on URLs with the `www` subdomain, you could do so by entering the string `^https?://www\\.`, for example:
+
+```javascript
+> re = new RegExp('^https?://www\\.');
+/^https?:\/\/www\./
+> "http://www.example.com/".match(re);
+[ 'http://www.',
+  index: 0,
+  input: 'http://www.example.com/',
+  groups: undefined ]
+> "http://example.com/".match(re);
+null
+```
+
+## Publishing Custom Update Channels
+
+In addition to the rulesets contained in the EFF update channel, you may want to publish your own.  There are a few instances where this may be useful:
+
+1. You are on a corporate LAN and would rather not divulge the internal DNS records for various services by submitting rulesets to the public list
+2. You are an organization that verifies `onion` services, and would like to create vanity URLs for the `onion` services that you've verified (this will make [usability of onion URLs](https://blog.torproject.org/cooking-onions-names-your-onions) much better)
+3. You would like to implement tracker blocking within HTTPS Everywhere by forwarding a list of hosts to an unroutable address
+
+There may be additional use cases not enumerated here.  For this to be effective, an organization has to publish their own custom update channel.  This involves a few steps:
+
+1. Creating an RSA key and generating a `jwk` object from it
+2. Signing rulesets with this key
+3. Publishing those rulesets somewhere
+4. Getting users to use your update channel
+
+We will go through each of these in sequence, but first, you'll want to consider if you want your signing process airgapped or not.  Airgapped signing has the advantage of making it hard for malware to exfiltrate key material and thus forge a signed ruleset update, but it will also make it slightly more difficult to sign.  If you decide on an airgapped signing process, you may want to copy the script [`utils/sign-rulesets/async-airgap.sh`](https://github.com/EFForg/https-everywhere/blob/master/utils/sign-rulesets/async-airgap.sh) to the airgap *before* cutting off networking for the last time.  You may also want to install the `python-qr` code on this machine to easily copy the RSA public key to your development environment, once generated, as well as `qrencode` and `eog` for ease in the signing process.
+
+### 1. Creating an RSA key and generating a `jwk` object from it
+
+To create an RSA key, issue the following command (either on your development machine if you are not using an airgapped process, or the airgap if you are):
+
+    openssl genrsa -out key.pem 4092
+
+Your RSA keypair will now be stored in the file `key.pem`.  To generate a corresping public key, issue this command:
+
+    openssl rsa -in key.pem -outform PEM -pubout -out public.pem
+
+Your public key is now stored in `public.pem`.  If you are using an airgap, copy this public key (with whatever method is safest in your setup, perhaps with the `qr` command) to your development environment.
+
+At this point, you will need to generate a `jwk` object from the public key.  This can be done with the `pem-jwk` node package.  You'll have to download node.js and npm, or just issue this command in docker:
+
+    sudo docker run -it -v $(pwd):/opt --workdir /opt node bash
+
+And you will be booted into a node environment.  Next, run
+
+    npm install -g pem-jwk
+
+This will install the `pem-jwk` package globally.  You can now run
+
+    cat public.pem | pem-jwk
+
+And you should see a `jwk` object displayed.  Take note of this, you will need it later.
+
+### 2. Signing rulesets with this key
+
+#### Setup
+
+On your development machine, clone or download the HTTPS Everywhere repository.  Since it's quite large, it will suffice to do a shallow clone:
+
+    git clone --depth=1 https://github.com/EFForg/https-everywhere.git
+
+or
+
+    curl -sLO https://github.com/EFForg/https-everywhere/archive/master.zip; unzip master.zip; mv https-everywhere-master https-everywhere
+
+Next,
+
+    cd https-everywhere
+    rm rules/*.xml
+
+This will remove all the rulesets bundled with the extension itself.  All the rulesets you want to sign for your update channel must be in the `rules` directory before moving to the next step.  Generate an example ruleset or use your own ruleset:
+
+    cd rules
+    ./make-trivial-rule example.com
+    cd ..
+
+#### Signing
+
+You will need python 3.6 on your system or available via docker for the next step.
+
+    sudo docker run -it -v $(pwd):/opt --workdir /opt python:3.6 bash
+
+Next, run
+
+    python3 utils/merge-rulesets.py
+
+You should see the following output:
+
+```shell
+ * Parsing XML ruleset and constructing JSON library...
+ * Writing JSON library to src/chrome/content/rules/default.rulesets
+ * Everything is okay.
+```
+
+This prepares the file you are about to sign.  If your do not have an airgap, run the following command:
+
+    utils/sign-rulesets/standalone.sh /path/to/key.pem /some/output/path
+
+If you have an airgapped setup, run the following command on your development machine:
+
+    utils/sign-rulesets/async-request.sh /path/to/public.pem /some/output/path
+
+This will display a hash for signing, as well as a metahash.  On your airgap machine, run the `async-airgap.sh` script that you had previously copied to it:
+
+    ./async-airgap.sh /path/to/key.pem SHA256_HASH
+
+typing the hash carefully.  Check the metahash to make sure it is the same as what was displayed on your development machine.  This will output base64-encoded data as well as a QR code representing that data that you can scan, and send that data to your development machine.  Once you have that data from the QR code pasted into the development machine prompt, press Ctrl-D and you should have output indicating that your rulesets have been signed successfully.
+
+### 3. Publishing those rulesets somewhere
+
+Once you've signed the rulesets successfully, choose a public URL to make these rulesets accessible.  You may want to use a CDN if you expect a lot of traffic on this endpoint.  Your rulesets as well as their signatures are stored in `/some/output/path` you chose above, you need only to upload them to an endpoint your users can access.
+
+### 4. Getting users to use your update channel
+
+Once you've established an update channel by publishing your rulesets, you'll want to let your users know how to use them.  From step 1 above, you have a `jwk` object.  You may want to also only allow modification of certain URLs, using the `scope` field.  The `update_path_prefix` field will simply be the public URL that you chose in step 3.
+
+If your users are using a custom build of HTTPS Everywhere (such as in a corporate LAN environment), you can modify [`chromium/background-scripts/update_channels.js`](https://github.com/EFForg/https-everywhere/blob/master/chromium/background-scripts/update_channels.js) to include a new update channel in the same format as the EFF update channel.
+
+In most cases, your users will just be using a standard HTTPS Everywhere build.  In this case, they will have to add your update channel using the UX, as explained below.
+
+## Adding and Deleting Update Channels
+
+In addition to being defined in `update_channels.js`, users can add additional update channels via the extension options.
+
+In Firefox, enter `about:addons` into the URL bar, then click on `Extensions` on the left navbar, then click `Preferences` next to the HTTPS Everywhere extension.
+
+In Chrome, right-click on the HTTPS Everywhere icon and click `Options`.
+
+You will now see the HTTPS Everywhere options page.  Click `Update Channels`.
+
+You will now see a list of update channels, with `EFF (Full)` being the first.  Below, you can add a new update channel.  Once you hit `Update`, the channel will download a new ruleset release (if available) from the channel.
+
+![](options.png)
+
+If a new ruleset update is available, after a few seconds you should now see the new ruleset version in the bottom of the extension popup:
+
+![](my-lan.png)
+
+You can also delete rulesets from the extension options.  Under `Update Channels`, just click `Delete` for the channel you want to delete.  This will immediately remove the rulesets from this update channel.
diff --git a/docs/en_US/rulesets.md b/docs/en_US/rulesets.md
new file mode 100644
index 000000000000..f9f71f020f34
--- /dev/null
+++ b/docs/en_US/rulesets.md
@@ -0,0 +1,208 @@
+## HTTPS Everywhere Rulesets
+
+This page describes how to write rulesets for [HTTPS
+Everywhere](https://eff.org/https-everywhere), a browser extension that
+switches sites over from HTTP to HTTPS automatically. HTTPS Everywhere comes
+with [thousands](https://atlas.eff.org/index.html) of rulesets that
+tell HTTPS Everywhere which sites it should switch to HTTPS and how. If there
+is a site that offers HTTPS and is not handled by the extension, this guide
+will explain how to add that site.
+
+#### [Rulesets](#rulesets)
+
+A `ruleset` is an [XML](https://www.xml.com/pub/a/98/10/guide0.html?page=2) file
+describing behavior for a site or group of sites. A ruleset contains one or
+more `rules`. For example, here is
+[`RabbitMQ.xml`](https://github.com/efforg/https-everywhere/blob/master/src/chrome/content/rules/RabbitMQ.xml),
+from the addon distribution:
+
+```xml
+<ruleset name="RabbitMQ">
+	<target host="rabbitmq.com" />
+	<target host="www.rabbitmq.com" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
+```
+
+The `target` tag specifies which web sites the ruleset applies to. The `rule`
+tag specifies how URLs on those web sites should be rewritten. This rule says
+that any URLs on `rabbitmq.com` and `www.rabbitmq.com` should be modified by
+replacing "http:" with "https:".
+
+When the browser loads a URL, HTTPS Everywhere takes the host name (e.g.
+<tt>www.rabbitmq.com</tt>) and searches its ruleset database for rulesets that
+match that host name.
+
+HTTPS Everywhere then tries each rule in those rulesets against the full URL.
+If the [Regular
+Expression](https://www.regular-expressions.info/quickstart.html), or regexp, in
+one of those rules matches, HTTPS Everywhere [rewrites the
+URL](#rules-and-regular-expressions) according the `to` attribute of the rule.
+
+#### [Wildcard Targets](#wildcard-targets)
+
+To cover all of a domain's subdomains, you may want to specify a wildcard
+target like `*.twitter.com`. Specifying this type of left-side wildcard matches
+any host name with `.twitter.com` as a suffix, e.g. `www.twitter.com` or
+`urls.api.twitter.com`. You can also specify a right-side wildcard like
+`www.google.*`. Right-side wildcards, unlike left-side wildcards, apply only
+one level deep. So if you want to cover all countries you'll generally need to
+specify `www.google.*`, `www.google.co.*`, and `www.google.com.*` to cover
+domains like `www.google.co.uk` or `www.google.com.au`. You should use wildcard
+targets only when you have rules that apply to the entire wildcard space. If
+your rules only apply to specific hosts, you should list each host as a
+separate target.
+
+#### [Rules and Regular Expressions](#rules-and-regular-expressions)
+
+The `rule` tags do the actual rewriting work. The `from` attribute of each rule
+is a [regular expression](https://www.regular-expressions.info/quickstart.html)
+matched against a full URL. You can use rules to rewrite URLs in simple or
+complicated ways. Here's a simplified (and now obsolete) example for Wikipedia:
+
+```xml
+<ruleset name="Wikipedia">
+	<target host="*.wikipedia.org" />
+
+	<rule from="^http://(\w{2})\.wikipedia\.org/wiki/"
+		to="https://secure.wikimedia.org/wikipedia/$1/wiki/"/>
+</ruleset>
+```
+
+The `to` attribute replaces the text matched by the `from` attribute. It can
+contain placeholders like `$1` that are replaced with the text matched inside
+the parentheses.
+
+This rule rewrites a URL like `http://fr.wikipedia.org/wiki/Chose` to
+`https://secure.wikimedia.org/wikipedia/fr/wiki/Chose`. Notice, again, that the
+target is allowed to contain (just one) * as a wildcard meaning "any".
+
+Rules are applied in the order they are listed within each ruleset. Order
+between rulesets is unspecified. Only the first rule or exception matching a
+given URL is applied.
+
+Rules are evaluated using [Javascript regular
+expressions](https://www.regular-expressions.info/javascript.html), which are
+similar but not identical to [Perl-style regular
+expressions.](https://www.regular-expressions.info/pcre.html) Note that if your
+rules include ampersands (&amp;), they need to be appropriately XML-encoded:
+replace each occurrence of **&amp;** with **&amp;#x26;**.
+
+#### [Exclusions](#exclusions)
+
+An exclusion specifies a pattern, using a regular expression, for URLs where
+the rule should **not** be applied. The Stack Exchange rule contains an
+exclusion for the OpenID login path, which breaks logins if it is rewritten:
+
+```xml
+<exclusion pattern="^http://(\w+\.)?stack(exchange|overflow)\.com/users/authenticate/" />
+```
+
+Exclusions are always evaluated before rules in a given ruleset. Matching any
+exclusion means that a URL won't match any rules within the same ruleset.
+However, if other rulesets match the same target hosts, the rules in those
+rulesets will still be tried.
+
+#### [Style Guide](#style-guide)
+
+There are many different ways you can write a ruleset, or regular expression
+within the ruleset. It's easier for everyone to understand the rulesets if they
+follow similar practices. You should read and follow the [Ruleset style
+guide](https://github.com/EFForg/https-everywhere/blob/master/CONTRIBUTING.md#ruleset-style-guide).
+Some of the guidelines in that document are intended to make [Ruleset
+testing](https://github.com/EFForg/https-everywhere/blob/master/ruleset-testing.md)
+less cumbersome.
+
+#### [Secure Cookies](#secure-cookies)
+
+Many HTTPS websites fail to correctly set the [secure
+flag](https://en.wikipedia.org/wiki/HTTP_cookie#Secure_and_HttpOnly)
+on authentication and/or tracking cookies. HTTPS Everywhere provides a facility
+for turning this flag on. For instance:
+
+```xml
+<securecookie host="^market\.android\.com$" name=".+" />
+```
+
+The "host" parameter is a regexp specifying which domains should have their
+cookies secured; the "name" parameter is a regexp specifying which cookies
+should be secured. For a cookie to be secured, it must be sent by a target host
+for that ruleset. It must also be sent over HTTPS and match the name regexp.
+For cookies set by Javascript in a web page, the Firefox extension can't tell
+which host set the cookie and instead uses the domain attribute of the cookie
+to check against target hosts. A cookie whose domain attribute starts with a
+"." (the default, if not specified by Javascript) will be matched as if it was
+sent from a host name made by stripping the leading dot.
+
+#### [Testing](#testing)
+
+We use an [automated
+checker](https://github.com/hiviah/https-everywhere-checker) to run some basic
+tests on all rulesets. This is described in more detail in our [Ruleset
+Testing](https://github.com/EFForg/https-everywhere/blob/master/ruleset-testing.md)
+document, but in short there are two parts: Your ruleset must have enough test
+URLs to cover all the various types of URL covered by your rules. And each of
+those test URLs must load, both before rewriting and after rewriting. Every
+target host tag generates an implicit test URL unless it contains a wildcard.
+You can add additional test URLs manually using the `<test url="..."/>` tag.
+The test URLs you add this way should be real pages loaded from the site, or
+real images, CSS, and Javascript if you have rules that specifically affect
+those resources. 
+
+You can test rulesets in the browser using a hidden debugging page, but please
+be aware that this approach should only be used for debugging purposes and
+should not be used for setting up personal custom rules. You can access the
+hidden debugging page this way:
+
+*   Firefox: `about:addons` > HTTPS Everywhere preferences > click under
+    `General Settings` > press <kbd>Ctrl-Z</kbd>
+*   Chromium/Chrome: `chrome://extensions/` > HTTPS Everywhere options > click
+    under `General Settings` > press <kbd>Ctrl-Z</kbd>
+
+You might need to disable popup blocking for the page to appear. Once you have
+loaded the page, you might find it convenient to bookmark it for later use.
+
+If you&apos;ve tested your rule and are sure it would be of use to the world at
+large, submit it as a [pull
+request](https://help.github.com/articles/using-pull-requests/) on our [GitHub
+repository](https://github.com/EFForg/https-everywhere/) or send it to the
+rulesets mailing list at `https-everywhere-rules AT eff.org`. Please be aware
+that this is a public and publicly-archived mailing list.
+
+#### [make-trivial-rule](#make-trivial-rule)
+
+As an alternative to writing rules by hand, there are scripts you can run from
+a Unix command line to automate the process of creating a simple rule for a
+specified domain. These scripts are not included with HTTPS Everywhere releases
+but are available in our development repository and are described in [our
+development documentation](https://www.eff.org/https-everywhere/development).
+
+#### [Disabling a ruleset by default](#disabling-a-ruleset-by-default)
+
+Sometimes rulesets are useful or interesting, but cause problems that make them
+unsuitable for being enabled by default in everyone's browsers. Typically when
+a ruleset has problems we will disable it by default until someone has time to
+fix it. You can do this by adding a `default_off` attribute to the ruleset
+element, with a value explaining why the rule is off.
+
+```xml
+<ruleset name="Amazon (buggy)" default_off="breaks site">
+	<target host="www.amazon.*" />
+	<target host="amazon.*" />
+</ruleset> 
+```
+
+You can add more details, like a link to a bug report, in the comments for the
+file.
+
+#### [Mixed Content Blocking (MCB)](#mixed-content-blocking-mcb)
+
+Some rulesets may trigger active mixed content (i.e. scripts loaded over HTTP
+instead of HTTPS). This type of mixed content is blocked in most major browsers,
+before HTTPS Everywhere has a chance to rewrite the URLs to an HTTPS version.
+This generally breaks the site. Depending on their configuration and threat
+model, some users might however decide to enable these rulesets via a global
+option in HTTPS Everywhere. To that effect, such rulesets are identified with 
+the specific `platform="mixedcontent"` attribute to the ruleset element.
diff --git a/docs/es/faq.md b/docs/es/faq.md
new file mode 100644
index 000000000000..bdd7547fc376
--- /dev/null
+++ b/docs/es/faq.md
@@ -0,0 +1,327 @@
+## Preguntas Frecuentes sobre "HTTPS Everywhere"
+
+Esta página responde a las preguntas más frecuentes sobre el proyecto de la EFF
+[HTTPS Everywhere](https://www.eff.org/https-everywhere) "HTTPS en todos
+lados". Si no encuentra la respuesta a su pregunta, puede intentar con los
+recursos [enumerados aquí](https://www.eff.org/https-everywhere/development).
+
+*   [¿Qué pasa si HTTPS Everywhere rompe algún sitio que
+    uso?](#what-if-https-everywhere-breaks-some-site-that-i-use)
+*   [¿Por qué HTTPS Everywhere me impide unirme a la red del hotel/escuela u
+    otra red
+    inalámbrica?](#why-is-https-everywhere-preventing-me-from-joining-this-hotelschoolother-wireless-network)
+*   [¿Habrá una versión de HTTPS Everywhere para IE, Safari o algún otro
+    navegador?](#will-there-be-a-version-of-https-everywhere-for-ie-safari-or-some-other-browser)
+*   [¿Por qué utilizar una lista de sitios aprobados que admiten HTTPS? ¿Por qué
+    no pueden intentar utilizar HTTPS para cada sitio, y sólo volver a HTTP si
+    no está
+    disponible?](#why-use-a-allowlist-of-sites-that-support-https-why-cant-you-try-to-use-https-for-every-last-site-and-only-fall-back-to-http-if-it-isnt-available)
+*   [¿Cómo puedo eliminar o mover el botón HTTPS Everywhere de la barra de
+    herramientas?](#how-do-i-get-rid-ofmove-the-https-everywhere-button-in-the-toolbar)
+*   [¿Cuándo me protege HTTPS Everywhere? ¿Cuándo no me
+    protege?](#when-does-https-everywhere-protect-me-when-does-it-not-protect-me)
+*   [¿De qué me protege HTTPS
+    Everywhere?](#what-does-https-everywhere-protect-me-against)
+*   [¿Cómo obtengo soporte para un sitio adicional en HTTPS
+    Everywhere?](#how-do-i-get-support-for-an-additional-site-in-https-everywhere)
+*   [¿Qué pasa si el sitio no admite HTTPS, o si sólo lo admite para algunas
+    actividades, como introducir información de la tarjeta de
+    crédito?](#what-if-the-site-doesnt-support-https-or-only-supports-it-for-some-activities-like-entering-credit-card-information)
+*   [¿No es más caro o lento para un sitio usar HTTPS en comparación con HTTP
+    normal?](#isnt-it-more-expensive-or-slower-for-a-site-to-support-https-compared-to-regular-http)
+*   [¿Por qué debría usar HTTPS Everywhere en lugar de simplemente teclear
+    https:// al principio del nombre de un
+    sitio?](#why-should-i-use-https-everywhere-instead-of-just-typing-https-at-the-beginning-of-site-names)
+*   [¿Por qué HTTPS Everywhere incluye reglas para sitios como PayPal que ya
+    requieren HTTPS en todas sus
+    páginas?](#why-does-https-everywhere-include-rules-for-sites-like-paypal-that-already-require-https-on-all-their-pages)
+*   [¿Qué significan los diferentes colores de las reglas en el menú de la
+    barra de herramientas en
+    Firefox?](#what-do-the-different-colors-for-rulesets-in-the-firefox-toolbar-menu-mean)
+*   [¿Qué significan los diferentes colores del icono de HTTPS
+    Everywhere?](#what-do-the-different-colors-of-the-https-everywhere-icon-mean)
+*   [Tengo un problema al instalar la extensión del
+    navegador.](#im-having-a-problem-installing-the-browser-extension.)
+*   [¿Cómo desinstalo/elimino HTTPS
+    Everywhere?](#how-do-i-uninstallremove-https-everywhere)
+*   [¿Cómo agrego mi propio sitio a HTTPS
+    Everywhere?](#how-do-i-add-my-own-site-to-https-everywhere)
+*   [¿Puedo ayudar a traducir HTTPS Everywhere a mi propio
+    idioma?](#can-i-help-translate-https-everywhere-into-my-own-language)
+
+### [¿Qué pasa si HTTPS Everywhere rompe algún sitio que uso?](#what-if-https-everywhere-breaks-some-site-that-i-use)
+
+Esto es ocasionalmente posible debido al soporte inconsistente de HTTPS en
+sitios (por ejemplo, cuando un sitio parece soportar HTTPS pero hace algunas
+partes del sitio, imprededicibles, indisponibles por medio de HTTPS). Si nos
+[informa del problema](https://github.com/EFForg/https-everywhere/issues),
+podemos intentar solucionarlo. Mientras tanto, puede desactivar la regla que
+afecta a ese sitio en particular en su propia copia de HTTPS Everywhere
+haciendo clic en el botón de la barra de herramientas HTTPS Everywhere y
+desmarcando la regla para ese sitio.
+
+También puede informar el problema al sitio, ya que ellos tienen el poder para
+solucionarlo!
+
+### [¿Por qué HTTPS Everywhere me impide unirme a la red del hotel/escuela u otra red inalámbrica?](#why-is-https-everywhere-preventing-me-from-joining-this-hotelschoolother-wireless-network)
+
+Algunas redes inalámbricas secuestran sus conexiones HTTP cuando se une por
+primera vez a ellas, con el fin de exigir su autenticación o simplemente
+intentar hacer que acepte los términos de uso. Las páginas HTTPS están
+protegidas contra este tipo de secuestro, que es como debería ser. Si va a un
+sitio web que no está protegido por HTTPS Everywhere o por HSTS (actualmente,
+example.com es uno de esos sitios), permitirá que su conexión sea capturada y
+redirigida a la página de autenticación o términos de uso.
+
+### [¿Habrá una versión de HTTPS Everywhere para IE, Safari o algún otro navegador?](#will-there-be-a-version-of-https-everywhere-for-ie-safari-or-some-other-browser)
+
+A principios de 2012, la API para extensiones de Safari no ofrece una forma de
+realizar la reescritura segura de las solicitudes HTTP a HTTPS. Pero si por
+casualidad conoce una forma de realizar la reescritura segura de solicitudes en
+estos navegadores, no dude en hacérnoslo saber en https-everywhere en EFF.org
+(pero tenga en cuenta que modificar document.location o window.location en
+JavaScript no es seguro).
+
+### [¿Por qué utilizar una lista de sitios aprobados que admiten HTTPS? ¿Por qué no pueden intentar utilizar HTTPS para cada sitio, y sólo volver a HTTP si no está disponible?](#why-use-a-allowlist-of-sites-that-support-https-why-cant-you-try-to-use-https-for-every-last-site-and-only-fall-back-to-http-if-it-isnt-available)
+
+Hay varios problemas con la idea de tratar de detectar automáticamente HTTPS en
+cada sitio. No hay ninguna garantía de que los sitios van a dar la misma
+respuesta a través de HTTPS que a través de HTTP. Además, no es posible probar
+HTTPS en tiempo real sin introducir vulnerabilidades de seguridad (¿Qué debería
+hacer la extensión si falla el intento de conexión por HTTPS? Volver a un HTTP
+inseguro no es seguro). Y en algunos casos, HTTPS Everywhere tiene que llevar a
+cabo transformaciones bastante complicadas en URIs - por ejemplo, hasta
+recientemente la regla de Wikipedia tenía que convertir una dirección como
+`http://en.wikipedia.org/wiki/World_Wide_Web` en
+`https://secure.wikimedia.org/wikipedia/en/wiki/World_Wide_Web` por que HTTPS
+no estaba disponible en los dominios habituales de Wikipedia.
+
+### [¿Cómo puedo eliminar o mover el botón HTTPS Everywhere de la barra de herramientas?](#how-do-i-get-rid-ofmove-the-https-everywhere-button-in-the-toolbar)
+
+El botón HTTPS Everywhere es útil porque le permite ver y desactivar un
+conjunto de reglas si causa problemas con un sitio. Pero si prefiere
+desactivarla, vaya a Ver->Barras de herramientas->Personalizar y arrastre el
+botón fuera de la barra de herramientas y dentro en la barra de complementos en
+la parte inferior de la página. Después, puede ocultar la barra de
+complementos. (En teoría, debería poder arrastrarlo a la bandeja de iconos
+disponibles también, pero eso puede desencadenar [este
+error](https://trac.torproject.org/projects/tor/ticket/6276).
+
+### [¿Cuándo me protege HTTPS Everywhere? ¿Cuándo no me protege?](#when-does-https-everywhere-protect-me-when-does-it-not-protect-me)
+
+HTTPS Everywhere lo protege sólo cuando está utilizando _porciones cifradas de
+sitios web soportados_. En un sitio soportado, se activará automáticamente el
+cifrado HTTPS para todas las partes soportadas conocidas del sitio (para
+algunos sitios, esto podría ser sólo una parte de todo el sitio). Por ejemplo,
+si su proveedor de correo web no admite HTTPS en absoluto, HTTPS Everywhere no
+puede hacer que su acceso a su correo web sea seguro. Del mismo modo, si un
+sitio permite HTTPS para texto pero no para imágenes, es posible que alguien
+vea las imágenes que cargue el navegador y adivine a qué está accediendo.
+
+HTTPS Everywhere depende completamente de las características de seguridad de
+los sitios web individuales que utilice; _Activa_ estas funciones de seguridad,
+pero no las puede _crear_ si no existen. Si utiliza un sitio no no soportado
+por HTTPS Everywhere o un sitio que proporciona cierta información de forma
+insegura, HTTPS Everywhere no puede proporcionar protección adicional para su
+uso de ese sitio. Por favor recuerde verificar que la seguridad de un sitio en
+particular está funcionando al nivel que usted espera antes de enviar o recibir
+información confidencial, incluyendo contraseñas.
+
+Una forma de determinar el nivel de protección que obtendrá al utilizar un
+sitio en particular es utilizar una herramienta de análisis de paquetes como
+[Wireshark] (https://www.wireshark.org/) para registrar sus propias
+comunicaciones con el sitio. La vista resultante de sus comunicaciones es
+aproximadamente igual a lo que un escucha secreto vería en su red wifi o en su
+ISP. De esta manera, puede determinar si algunas o todas sus comunicaciones
+estarían protegidas; Sin embargo, puede tomar bastante tiempo hacer sentido a
+la vista de Wireshark con suficiente cuidado para obtener una respuesta
+definitiva.
+
+También puede activar la función "Bloquear todas las solicitudes HTTP" para
+obtener mayor protección. En lugar de cargar páginas o imágenes inseguras,
+HTTPS Everywhere las bloqueará completamente.
+
+### [¿De qué me protege HTTPS Everywhere?](#what-does-https-everywhere-protect-me-against)
+
+En las partes compatibles de los sitios admitidos, HTTPS Everywhere habilita la
+protección HTTPS de los sitios, lo que le puede proteger contra la escucha y la
+manipulación indebida del contenido del sitio o de la información que envía al
+sitio. Idealmente, esto proporciona cierta protección contra un atacante que
+aprende el contenido de la información que fluye en ambos sentidos - por
+ejemplo, el texto de los mensajes de correo electrónico que envía o recibe a
+través de un sitio de webmail, los productos que navega o compra en un comercio
+electrónico Sitio o los artículos particulares que lea en un sitio de
+referencia.
+
+Sin embargo, HTTPS Everywhere **no oculta las identidades de los sitios a los
+que accede**, la cantidad de tiempo que pasa con ellos ni la cantidad de
+información que carga o descarga desde un sitio en particular. Por ejemplo, si
+accede a `http://www.eff.org/issues/nsa-spying` y HTTPS Everywhere vuelve a
+escribirlo como `https://www.eff.org/issues/nsa-spying`, un espía todavía puede
+reconocer de forma trivial que está accediendo a www.eff.org (pero puede que no
+sepa qué tema está leyendo). En general, toda la parte del nombre de dominio de
+una URL permanece expuesta al intruso, ya que ésta debe enviarse repetidamente
+en forma no cifrada durante el establecimiento de la conexión. Otra forma de
+decirlo es que HTTPS nunca fue diseñado para ocultar la identidad de los sitios
+que visita.
+
+Investigadores también han demostrado que es posible que alguien pueda
+averiguar más acerca de lo que está haciendo en un sitio simplemente a través
+de una cuidadosa observación de la cantidad de datos que sube y descarga, o los
+patrones de tiempo de su uso del sitio. Un ejemplo simple es que si el sitio
+sólo tiene una página de cierto tamaño total, cualquier persona que descargue
+exactamente esa cantidad de datos del sitio probablemente está accediendo a esa
+página.
+
+Si desea protegerse contra el monitoreo de los sitios que visita, considere
+usar HTTPS Everywhere junto con software como
+[Tor](https://www.torproject.org/).
+
+### [¿Cómo obtengo soporte para un sitio adicional en HTTPS Everywhere?](#how-do-i-get-support-for-an-additional-site-in-https-everywhere)
+
+Puede aprender [como escribir
+reglas](https://www.eff.org/https-everywhere/rulesets) que enseñan a HTTPS
+Everywhere a soportar nuevos sitios. Puede instalar estas reglas en su propio
+navegador o enviárnoslas para su posible inclusión en la versión oficial.
+
+### [¿Qué pasa si el sitio no admite HTTPS, o si sólo lo admite para algunas actividades, como introducir información de la tarjeta de crédito?](#what-if-the-site-doesnt-support-https-or-only-supports-it-for-some-activities-like-entering-credit-card-information)
+
+Podría tratar de ponerse en contacto con el sitio y señalar que el uso de HTTPS
+para todas las características del sitio es una práctica cada vez más común hoy
+en día y protege a los usuarios (y sitios) contra una variedad de ataques de
+Internet. Por ejemplo, le defiende contra la capacidad de otras personas en una
+red inalámbrica de espiar su uso del sitio o incluso tomar control de su
+cuenta. También puede señalar que los números de tarjetas de crédito no son la
+única información que usted considera privada o sensible.
+
+Sitios como Google, Twitter y Facebook ahora soportan HTTPS para información no
+financiera, por razones de privacidad y seguridad general.
+
+### [¿No es más caro o lento para un sitio usar HTTPS en comparación con HTTP normal?](#isnt-it-more-expensive-or-slower-for-a-site-to-support-https-compared-to-regular-http)
+
+Puede ser, pero algunos sitios han sido gratamente sorprendidos al ver lo
+práctico que puede ser. Además, los expertos de Google están actualmente
+implementando varias mejoras en el protocolo TLS que hacen HTTPS dramáticamente
+más rápido; si estas mejoras se añaden a la norma pronto, la brecha de
+velocidad entre los dos debería casi desaparecer. Ver [la descripción de Adam
+Langley de la situación de la implementación de
+HTTPS](https://www.imperialviolet.org/2010/06/25/overclocking-ssl.html) para
+más detalles sobre esta cuestión. En particular, Langley afirma: "Para
+[habilitar HTTPS de forma predeterminada para Gmail] no tuvimos que desplegar
+máquinas adicionales ni hardware especial. En nuestras máquinas frontend de
+producción, SSL/TLS representa menos del 1% de la carga del CPU, menos de 10KB
+de memoria por conexión y menos del 2% de la sobrecarga de red".
+
+Solía ser caro comprar un certificado para el uso de HTTPS, pero ahora se puede
+obtener de forma gratuita en [Let's Encrypt](https://letsencrypt.org/) de igual
+manera.
+
+### [¿Por qué debría usar HTTPS Everywhere en lugar de simplemente teclear https:// al principio del nombre de un sitio?](#why-should-i-use-https-everywhere-instead-of-just-typing-https-at-the-beginning-of-site-names)
+
+Incluso si normalmente escribe https://, HTTPS Everywhere podría protegerlo si
+alguna vez lo olvida. Además, puede reescribir los enlaces que siga de otras
+personas. Por ejemplo, si hace clic en un enlace a
+`http://en.wikipedia.org/wiki/EFF_Pioneer_Award`, HTTPS Everywhere volverá a
+escribir el enlace de forma automática como
+`https://en.wikimedia.org/wikipedia/en/wiki/EFF_Pioneer_Award`. Por lo tanto,
+puede obtener alguna protección incluso si no hubiera notado que el sitio de
+destino está disponible en HTTPS.
+
+### [¿Por qué HTTPS Everywhere incluye reglas para sitios como PayPal que ya requieren HTTPS en todas sus páginas?](#why-does-https-everywhere-include-rules-for-sites-like-paypal-that-already-require-https-on-all-their-pages)
+
+HTTPS Everywhere, como la [especificación
+HSTS](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security), trata de
+abordar un ataque llamado [SSL
+stripping](https://moxie.org/software/sslstrip/). Los usuarios sólo están
+protegidos contra un ataque "SSL stripping" si sus navegadores ni siquiera
+_intentan_ conectarse a la versión HTTP del sitio, incluso si el sitio los
+hubiera redirigido a la versión HTTPS. Con HTTPS Everywhere, el navegador ni
+siquiera intenta la conexión HTTP insegura, incluso si eso es lo que usted le
+pide que haga. (Tenga en cuenta que actualmente HTTPS Everywhere no incluye una
+lista completa de dichos sitios, que son principalmente instituciones
+financieras).
+
+### [¿Qué significan los diferentes colores de las reglas en el menú de la barra de herramientas en Firefox?](#what-do-the-different-colors-for-rulesets-in-the-firefox-toolbar-menu-mean)
+
+Los colores son:
+
+Verde oscuro: el conjunto de reglas estaba activa durante la carga de recursos
+en la página actual.
+
+Verde claro: el conjunto de reglas estaba listo para evitar las cargas HTTP en
+la página actual, pero todo lo que el conjunto de reglas habría cubierto se
+cargó a través de HTTPS de todos modos (en el código, verde claro se le llama
+una "regla discutible").
+
+Marrón oscuro o Flecha roja en el sentido de las agujas del reloj: regla rota
+-- el conjunto de reglas está activo, pero el servidor está redirigiendo al
+menos algunas direcciones URL de HTTPS a HTTP.
+
+Gris: el conjunto de reglas está deshabilitado.
+
+### [¿Qué significan los diferentes colores del icono de HTTPS Everywhere?](#what-do-the-different-colors-of-the-https-everywhere-icon-mean)
+
+Los colores son:
+
+Azul claro: HTTPS Everywhere está habilitado.
+
+Azul oscuro: HTTPS Everywhere está habilitado y activo para cargar recursos en
+la página actual.
+
+Rojo: Todas las peticiones sin cifrar serán bloqueadas por HTTPS Everywhere.
+
+Gris: HTTPS Everywhere está deshabilitado.
+
+### [Tengo un problema al instalar la extensión del navegador.](#im-having-a-problem-installing-the-browser-extension.)
+
+Algunas personas informan que la instalación de HTTPS Everywhere les da el
+error: "El complemento no se pudo descargar debido a un error de conexión en
+www.eff.org". Esto puede ser causado por el antivirus Avast, que bloquea la
+instalación de extensiones de navegador. Puede que pueda [instalarlo desde
+addons.mozilla.org](https://addons.mozilla.org/en-US/firefox/addon/https-everywhere/).
+
+### [¿Cómo desinstalo/elimino HTTPS Everywhere?](#how-do-i-uninstallremove-https-everywhere)
+
+En Firefox: Haga clic en el botón de menú en la parte superior derecha de la
+ventana al final de la barra de herramientas (aparece como tres líneas
+horizontales) y, a continuación, haga clic en "Complementos" (parece una pieza
+de rompecabezas). Desplácese hasta que vea HTTPS Everywhere y a continuación
+haga clic en el botón "Eliminar" que se encuentra completamente a la derecha.
+Al finalizar, puede cerrar la ventana de complementos.
+
+En Chrome: haga clic en el botón de menú situado en la parte superior derecha
+de la ventana al final de la barra de herramientas (aparece como tres líneas
+horizontales) y, a continuación, haz clic en "Configuración" cerca de la parte
+inferior. A la izquierda, haga clic en "Extensiones". Desplácese hasta que vea
+HTTPS Everywhere y a continuación, haga clic en el icono de la papelera de la
+derecha y haga clic en "Eliminar" para confirmar la eliminación. Al finalizar,
+puede cerrar la ventana de configuración.
+
+### [¿Cómo agrego mi propio sitio a HTTPS Everywhere?](#how-do-i-add-my-own-site-to-https-everywhere)
+
+Estamos contentos de que desee que su sitio en HTTPS Everywhere! Sin embargo,
+recuerde que no todos los que visitan su sitio tienen instalada nuestra
+extensión. Si administra un sitio web, puede configurarlo para que use de forma
+predeterminada HTTPS para todos, no solo para los usuarios de HTTPS Everywhere.
+Y es menos trabajo! Los pasos que usted debe tomar, en orden, son:
+
+1.  Configure un
+    [redireccionamiento](https://www.sslshopper.com/apache-redirect-http-to-https.html)
+    de HTTP a HTTPS en su sitio.
+2.  [Agregue el header "Strict-Transport-Security" (HSTS) en su
+    sitio.](https://raymii.org/s/tutorials/HTTP_Strict_Transport_Security_for_Apache_NGINX_and_Lighttpd.html)
+3.  [Agregue su sitio a la lista de precarga de
+    HSTS.](https://hstspreload.appspot.com/)
+
+Estos pasos le darán a su sitio una protección mucho mejor que añadirlo a HTTPS
+Everywhere. En términos generales, una vez que haya terminado, no es necesario
+agregar su sitio a HTTPS Everywhere. Sin embargo, si lo aún desea, siga las
+[instrucciones sobre escribir conjuntos de
+reglas](https://eff.org/https-everywhere/rulesets), e indique que usted es el
+autor del sitio cuando solicite un "pull request".
+
+### [¿Puedo ayudar a traducir HTTPS Everywhere a mi propio idioma? ](#can-i-help-translate-https-everywhere-into-my-own-language)
+
+¡Sí! Utilizamos la cuenta Transifex de Tor Project para las traducciones, por
+favor inscríbase para ayudar a traducir en
+[https://www.transifex.com/otf/torproject](https://www.transifex.com/otf/torproject).
diff --git a/dummy-chromium.pem b/dummy-chromium.pem
new file mode 100644
index 000000000000..b6bb2a5ed409
--- /dev/null
+++ b/dummy-chromium.pem
@@ -0,0 +1,13 @@
+-----BEGIN PRIVATE KEY-----
+MIIB5gIBADANBgkqhkiG9w0BAQEFAASCAdAwggHMAgEAAmEA3BZGOZsEWGEc82Yz
+Ddrey4Vp8dV4AQZPu2tM32Z6ZEx2538G3bWu5g0OPzX8Oqvzqr8ZRIvxcBbL3kgZ
+5wnhjVRTlWy0jxZDHCvVsATzhbhAt505zljHaRS1PrCYfV/nAgMBAAECYCQpRMCS
+R9R9oFQdpqXQIGswMIgbmuwQLWmN58ONAu8X4TGIHYiwIVyLKJwaMqcxOTn753Us
+7vFbGwoMnO3Krzh1Xn9z6uKnB7dDotgc9ZIQ5Ja8ExjJhl5iBMSWePYWAQIxAPRo
+yZ+JdWu+/y+/F6KsiCDx8EmdV8Dd09BogXH31S2VtSUEfZd/UDUPgbRgo+c9dwIx
+AOaGNJyJbHY4UCxC2hRBRZGNlic8SaFKEQAtN28gMWMDMgAh0ik8YtrPffBed+bN
+EQIxAOwTAx0MItTt6YLu6x9/0wUva89PIWHzYhKdvtqcbdbYEd4tljntCUYXMktO
+RUKoRQIxAL/3PHKqoc6kwGbLWO2LGVLHNCYCN1J/6j5aaRI6HcZVD9s6TteV+MA8
+D6UOFgz18QIxAJKXHDXXF+LXGsOwRMcp8nqg9Ri9daWW74JWyozFRqIsRhnhDhw9
+8f4cUAPw7BquBw==
+-----END PRIVATE KEY-----
diff --git a/hooks/precommit b/hooks/precommit
index 0f2873b9ca42..04c65b738ac5 100755
--- a/hooks/precommit
+++ b/hooks/precommit
@@ -39,7 +39,7 @@ if [ "$CHANGED_RULESETS" ]; then
             continue
         fi
 
-        ./utils/trivial-validate.py --quiet $FILE
+        python3 test/validations/special/run.py --quiet $FILE
         RESULT=$?
 
         if [ $RESULT -ne 0 ]; then
diff --git a/hooks/update b/hooks/update
index 40918f5c3ce9..d45a5f2d2f1d 100644
--- a/hooks/update
+++ b/hooks/update
@@ -42,21 +42,18 @@ echo "attempting to validate $newrev" >&2
 
 # --- Test build
 
-if [ -f makexpi.sh && -f makecrx.sh ]; then
-	./makexpi.sh
-	XPIBULID=$?
+if [ -f make.sh ]; then
+	./make.sh
+	EXTBULID=$?
 	
-	./makecrx.sh
-	CRXBUILD=$?
-	
-	if [ "$XPIBULID" != 0 || "$CRXBUILD" != 0 ]; then
+	if [ "$EXTBULID" != 0 ]; then
 		echo "*** build failed" >&2
 		exit 1
 	else
 		exit 0
 	fi
 else
-	echo "*** could not find makexpi.sh or makecrx.sh." >&2
+	echo "*** could not find make.sh." >&2
 	exit 1
 fi
 
diff --git a/image-src/https-everywhere-half-24.xcf.gz b/image-src/https-everywhere-half-24.xcf.gz
deleted file mode 100644
index ee5cfaf115fe..000000000000
Binary files a/image-src/https-everywhere-half-24.xcf.gz and /dev/null differ
diff --git a/image-src/https-everywhere.xcf b/image-src/https-everywhere.xcf
deleted file mode 100644
index 076a49ebdf56..000000000000
Binary files a/image-src/https-everywhere.xcf and /dev/null differ
diff --git a/image-src/ssl-observatory.jpg b/image-src/ssl-observatory.jpg
deleted file mode 100644
index 0241bee91b55..000000000000
Binary files a/image-src/ssl-observatory.jpg and /dev/null differ
diff --git a/install-dev-dependencies.sh b/install-dev-dependencies.sh
new file mode 100755
index 000000000000..9259d02b8676
--- /dev/null
+++ b/install-dev-dependencies.sh
@@ -0,0 +1,127 @@
+#!/bin/bash
+# Install packages that are necessary and/or useful to build and debug
+# HTTPS Everywhere
+set -o errexit
+
+if [ "$1" != "--no-prompt" ]; then
+  echo
+  echo "Warning: Installing the development dependencies for HTTPS Everywhere"
+  echo "may alter your system, installing requirements both within the package"
+  echo "management system and also external binaries."
+  echo
+  echo -n "Are you sure you want to continue? [y/N]: "
+  read CONTINUE
+  CONTINUE=`echo $CONTINUE | xargs | head -c 1 | awk '{print tolower($0)}'`
+  if [ "$CONTINUE" != "y" ]; then
+    exit
+  fi
+  echo
+fi
+
+if [ $UID != 0 ]; then
+  SUDO_SHIM=sudo
+fi
+
+if [ "`uname -m`" == "x86_64" ]; then
+  ARCH=64
+else
+  ARCH=32
+fi
+
+# debian based installation
+if type apt-get>/dev/null 2>&1;  then
+  $SUDO_SHIM apt-get update
+  $SUDO_SHIM apt-get install -y lsb-release
+  BROWSERS="firefox chromium-browser"
+  CHROMEDRIVER="chromium-chromedriver"
+  if [[ "$(lsb_release -is)" == "Debian" ]]; then
+    # Chromium takes the name of 'chromium' instead of 'chromium-browser' in
+    # Debian 7 (wheezy) and later.
+    BROWSERS="firefox-esr chromium"
+    CHROMEDRIVER="chromium-driver"
+  fi
+  $SUDO_SHIM apt-get install -y libxml2-dev libxml2-utils libxslt1-dev \
+    python3-dev $BROWSERS zip sqlite3 python3-pip libcurl4-openssl-dev xvfb \
+    nodejs \
+    npm \
+    libssl-dev git curl $CHROMEDRIVER
+  if ! type geckodriver >/dev/null 2>&1;  then
+    curl -LO "https://github.com/mozilla/geckodriver/releases/download/v0.24.0/geckodriver-v0.24.0-linux$ARCH.tar.gz"
+    tar -zxvf "geckodriver-v0.24.0-linux$ARCH.tar.gz"
+    rm -f "geckodriver-v0.24.0-linux$ARCH.tar.gz"
+    $SUDO_SHIM mv geckodriver /usr/bin/geckodriver
+    $SUDO_SHIM chown root /usr/bin/geckodriver
+    $SUDO_SHIM chmod 755 /usr/bin/geckodriver
+  fi
+  if [ ! -f /usr/lib/chromium-browser/chromedriver ] && [ -f `which chromedriver` ]; then
+    $SUDO_SHIM ln -s `which chromedriver` /usr/lib/chromium-browser/chromedriver
+  fi
+
+# macOS installation
+elif type brew >/dev/null 2>&1; then
+  brew list python &>/dev/null || brew install python
+  brew cask install chromedriver
+  brew install libxml2 gnu-sed
+  brew install node
+  if ! echo $PATH | grep -ql /usr/local/bin ; then
+    echo '/usr/local/bin not found in $PATH, please add it.'
+  fi
+
+# distros that use rpm (Fedora, Suse, CentOS) installation
+elif type dnf >/dev/null 2>&1; then
+  $SUDO_SHIM dnf install -y firefox gcc git libcurl-devel libxml2-devel \
+    libxslt-devel python3-devel redhat-rpm-config xorg-x11-server-Xvfb which \
+    findutils procps openssl openssl-devel chromium GConf2
+  if ! type chromedriver >/dev/null; then
+    curl -O "https://chromedriver.storage.googleapis.com/2.23/chromedriver_linux$ARCH.zip"
+    unzip "chromedriver_linux$ARCH.zip"
+    rm -f "chromedriver_linux$ARCH.zip"
+    $SUDO_SHIM mv chromedriver /usr/bin/chromedriver
+    $SUDO_SHIM chown root /usr/bin/chromedriver
+    $SUDO_SHIM chmod 755 /usr/bin/chromedriver
+  fi
+  if ! type geckodriver >/dev/null 2>&1;  then
+    curl -LO "https://github.com/mozilla/geckodriver/releases/download/v0.24.0/geckodriver-v0.24.0-macos.tar.gz"
+    tar -zxvf "geckodriver-v0.24.0-macos.tar.gz"
+    rm -f "geckodriver-v0.24.0-macos.tar.gz"
+    $SUDO_SHIM mv geckodriver /usr/bin/geckodriver
+    $SUDO_SHIM chown root /usr/bin/geckodriver
+    $SUDO_SHIM chmod 755 /usr/bin/geckodriver
+  fi
+
+  # This is needed for Firefox on some systems. See here for more information:
+  # https://github.com/EFForg/https-everywhere/pull/5584#issuecomment-238655443
+  if [ ! -f /var/lib/dbus/machine-id ]; then
+    $SUDO_SHIM sh -c 'dbus-uuidgen > /var/lib/dbus/machine-id'
+  fi
+  export PYCURL_SSL_LIBRARY=openssl
+
+  #Node
+  curl -sL https://rpm.nodesource.com/setup_12.x | $SUDO_SHIM bash -
+  $SUDO_SHIM yum install -y nodejs
+  $SUDO_SHIM yum install gcc-c++ make
+else
+    echo \
+    "Your distro isn't supported by this script yet!"\
+    "Please install dependencies manually."
+    exit
+fi
+
+# Get the addon SDK submodule and rule checker
+git submodule init
+git submodule update
+
+# Install Python packages
+pip3 install --user -r requirements.txt
+cd test/rules
+pip3 install --user -r requirements.txt
+cd -
+cd test/chromium
+pip3 install --user -r requirements.txt
+cd -
+
+# Install Node Package for CRX Verification
+$SUDO_SHIM npm -g i crx3-utils
+
+# Install git hook to run tests before pushing.
+ln -sf ../../test.sh .git/hooks/pre-push
diff --git a/lib-wasm b/lib-wasm
new file mode 160000
index 000000000000..dfad18667846
--- /dev/null
+++ b/lib-wasm
@@ -0,0 +1 @@
+Subproject commit dfad186678467a3f78e0d6a61400ed2f9c5d663d
diff --git a/make.sh b/make.sh
new file mode 100755
index 000000000000..415b80090c4a
--- /dev/null
+++ b/make.sh
@@ -0,0 +1,235 @@
+#!/usr/bin/env bash
+
+# Build an HTTPS Everywhere .crx & .xpi extension
+#
+# To build the current state of the tree:
+#
+#     ./make.sh
+#
+# To build a particular tagged release:
+#
+#     ./make.sh <version number>
+#
+# eg:
+#
+#     ./make.sh 2017.8.15
+#
+# Note that .crx files must be signed; this script makes you a
+# "dummy-chromium.pem" private key for you to sign your own local releases,
+# but these .crx files won't detect and upgrade to official HTTPS Everywhere
+# releases signed by EFF :/.  We should find a more elegant arrangement.
+
+! getopt --test > /dev/null
+if [[ ${PIPESTATUS[0]} -ne 4 ]]; then
+  echo 'I’m sorry, `getopt --test` failed in this environment.'
+  exit 1
+fi
+
+OPTIONS=eck:
+LONGOPTS=remove-extension-update,remove-update-channels,key:
+! PARSED=$(getopt --options=$OPTIONS --longoptions=$LONGOPTS --name "$0" -- "$@")
+if [[ ${PIPESTATUS[0]} -ne 0 ]]; then
+  # e.g. return value is 1
+  #  then getopt has complained about wrong arguments to stdout
+  exit 2
+fi
+
+# read getopt’s output this way to handle the quoting right:
+eval set -- "$PARSED"
+
+REMOVE_EXTENSION_UPDATE=false
+REMOVE_UPDATE_CHANNELS=false
+KEY=$(pwd)/dummy-chromium.pem
+while true; do
+  case "$1" in
+    -e|--remove-extension-update)
+      REMOVE_EXTENSION_UPDATE=true
+      shift
+      ;;
+    -c|--remove-update-channels)
+      REMOVE_UPDATE_CHANNELS=true
+      shift
+      ;;
+    -k|--key)
+      KEY="$2"
+      shift 2
+      ;;
+    --)
+      shift
+      break
+      ;;
+    *)
+      echo "Programming error"
+      exit 3
+      ;;
+  esac
+done
+
+if [ "${KEY:0:1}" != "/" ]; then
+  echo "Key must be specified as an absolute path."
+  exit 4
+fi
+
+
+
+
+cd $(dirname $0)
+
+if [ -n "$1" ]; then
+  BRANCH=`git branch | head -n 1 | cut -d \  -f 2-`
+  SUBDIR=checkout
+  [ -d $SUBDIR ] || mkdir $SUBDIR
+  cp -r -f -a .git $SUBDIR
+  cd $SUBDIR
+  git reset --hard "$1"
+  git submodule update --recursive -f
+fi
+
+VERSION=`python3 -c "import json ; print(json.loads(open('chromium/manifest.json').read())['version'])"`
+
+echo "Building version" $VERSION
+
+[ -d pkg ] || mkdir -p pkg
+[ -e pkg/crx-cws ] && rm -rf pkg/crx-cws
+[ -e pkg/crx-eff ] && rm -rf pkg/crx-eff
+[ -e pkg/xpi-amo ] && rm -rf pkg/xpi-amo
+[ -e pkg/xpi-eff ] && rm -rf pkg/xpi-eff
+
+# Clean up obsolete ruleset databases, just in case they still exist.
+rm -f src/chrome/content/rules/default.rulesets src/defaults/rulesets.sqlite
+
+mkdir -p pkg/crx-cws/rules
+cd pkg/crx-cws
+cp -a ../../chromium/* ./
+# Turn the Firefox translations into the appropriate Chrome format:
+rm -rf _locales/
+mkdir _locales/
+python3 ../../utils/chromium-translations.py ../../translations/ _locales/
+python3 ../../utils/chromium-translations.py ../../src/chrome/locale/ _locales/
+do_not_ship="*.py *.xml"
+rm -f $do_not_ship
+
+mkdir wasm
+cp ../../lib-wasm/pkg/*.wasm wasm
+cp ../../lib-wasm/pkg/*.js wasm
+
+cd ../..
+
+python3 ./utils/merge-rulesets.py || exit 5
+
+cp src/chrome/content/rules/default.rulesets pkg/crx-cws/rules/default.rulesets
+
+sed -i -e "s/VERSION/$VERSION/g" pkg/crx-cws/manifest.json
+
+for x in `cat .build_exclusions`; do
+  rm -rf pkg/crx-cws/$x
+done
+
+cp -a pkg/crx-cws pkg/crx-eff
+cp -a pkg/crx-cws pkg/xpi-amo
+cp -a pkg/crx-cws pkg/xpi-eff
+cp -a src/META-INF pkg/xpi-amo
+cp -a src/META-INF pkg/xpi-eff
+
+
+# Remove the 'applications' manifest key from the crx version of the extension, change the 'author' string to a hash, and add the "update_url" manifest key
+# "update_url" needs to be present to avoid problems reported in https://bugs.chromium.org/p/chromium/issues/detail?id=805755
+python3 -c "import json; m=json.loads(open('pkg/crx-cws/manifest.json').read()); m['author']={'email': 'eff.software.projects@gmail.com'}; del m['applications']; m['update_url'] = 'https://clients2.google.com/service/update2/crx'; open('pkg/crx-cws/manifest.json','w').write(json.dumps(m,indent=4,sort_keys=True))"
+python3 -c "import json; m=json.loads(open('pkg/crx-eff/manifest.json').read()); m['author']={'email': 'eff.software.projects@gmail.com'}; del m['applications']; open('pkg/crx-eff/manifest.json','w').write(json.dumps(m,indent=4,sort_keys=True))"
+# Remove the 'update_url' manifest key from the xpi version of the extension delivered to AMO
+python3 -c "import json; m=json.loads(open('pkg/xpi-amo/manifest.json').read()); del m['applications']['gecko']['update_url']; m['applications']['gecko']['id'] = 'https-everywhere@eff.org'; open('pkg/xpi-amo/manifest.json','w').write(json.dumps(m,indent=4,sort_keys=True))"
+
+# Remove the incognito key in AMO packages: #16394
+python3 -c "import json; m=json.loads(open('pkg/xpi-amo/manifest.json').read()); del m['incognito']; open('pkg/xpi-amo/manifest.json','w').write(json.dumps(m,indent=4,sort_keys=True))"
+python3 -c "import json; m=json.loads(open('pkg/xpi-eff/manifest.json').read()); del m['incognito']; open('pkg/xpi-eff/manifest.json','w').write(json.dumps(m,indent=4,sort_keys=True))"
+
+# If the --remove-extension-update flag is set, ensure the extension is unable to update
+if $REMOVE_EXTENSION_UPDATE; then
+  echo "Flag --remove-extension-update specified.  Removing the XPI extensions' ability to update."
+  python3 -c "import json; m=json.loads(open('pkg/xpi-amo/manifest.json').read()); m['applications']['gecko']['update_url'] = 'https://127.0.0.1'; open('pkg/xpi-amo/manifest.json','w').write(json.dumps(m,indent=4,sort_keys=True))"
+  python3 -c "import json; m=json.loads(open('pkg/xpi-eff/manifest.json').read()); m['applications']['gecko']['update_url'] = 'https://127.0.0.1'; open('pkg/xpi-eff/manifest.json','w').write(json.dumps(m,indent=4,sort_keys=True))"
+fi
+
+# If the --remove-update-channels flag is set, remove all out-of-band update channels
+if $REMOVE_UPDATE_CHANNELS; then
+  echo "Flag --remove-update-channels specified.  Removing all out-of-band update channels."
+  echo "require.scopes.update_channels.update_channels = [];" >> pkg/crx-cws/background-scripts/update_channels.js
+  echo "require.scopes.update_channels.update_channels = [];" >> pkg/crx-eff/background-scripts/update_channels.js
+  echo "require.scopes.update_channels.update_channels = [];" >> pkg/xpi-amo/background-scripts/update_channels.js
+  echo "require.scopes.update_channels.update_channels = [];" >> pkg/xpi-eff/background-scripts/update_channels.js
+fi
+
+if [ -n "$BRANCH" ] ; then
+  crx_cws="pkg/https-everywhere-$VERSION-cws.crx"
+  crx_eff="pkg/https-everywhere-$VERSION-eff.crx"
+  xpi_amo="pkg/https-everywhere-$VERSION-amo.xpi"
+  xpi_eff="pkg/https-everywhere-$VERSION-eff.xpi"
+
+else
+  crx_cws="pkg/https-everywhere-$VERSION~pre-cws.crx"
+  crx_eff="pkg/https-everywhere-$VERSION~pre-eff.crx"
+  xpi_amo="pkg/https-everywhere-$VERSION~pre-amo.xpi"
+  xpi_eff="pkg/https-everywhere-$VERSION~pre-eff.xpi"
+fi
+if ! [ -f "$KEY" ] ; then
+  echo "Making a dummy signing key for local build purposes"
+  openssl genrsa -out /tmp/dummy-chromium.pem 768
+  openssl pkcs8 -topk8 -nocrypt -in /tmp/dummy-chromium.pem -out $KEY
+fi
+
+
+# now pack the crx'es
+BROWSER="chromium-browser"
+which $BROWSER || BROWSER="chromium"
+
+$BROWSER --no-message-box --pack-extension="pkg/crx-cws" --pack-extension-key="$KEY" 2> /dev/null
+$BROWSER --no-message-box --pack-extension="pkg/crx-eff" --pack-extension-key="$KEY" 2> /dev/null
+
+mv pkg/crx-cws.crx $crx_cws
+mv pkg/crx-eff.crx $crx_eff
+
+echo >&2 "CWS crx package has sha256sum: `openssl dgst -sha256 -binary "$crx_cws" | xxd -p`"
+echo >&2 "EFF crx package has sha256sum: `openssl dgst -sha256 -binary "$crx_eff" | xxd -p`"
+
+# now zip up the xpi AMO dir
+name=pkg/xpi-amo
+dir=pkg/xpi-amo
+zip="$name.zip"
+
+cwd=$(pwd -P)
+(cd "$dir" && ../../utils/create_zip.py -n "$cwd/$zip" -x "../../.build_exclusions" .)
+echo >&2 "AMO xpi package has sha256sum: `openssl dgst -sha256 -binary "$cwd/$zip" | xxd -p`"
+
+cp $zip $xpi_amo
+
+# now zip up the xpi EFF dir
+name=pkg/xpi-eff
+dir=pkg/xpi-eff
+zip="$name.zip"
+
+cwd=$(pwd -P)
+(cd "$dir" && ../../utils/create_zip.py -n "$cwd/$zip" -x "../../.build_exclusions" .)
+echo >&2 "EFF xpi package has sha256sum: `openssl dgst -sha256 -binary "$cwd/$zip" | xxd -p`"
+
+cp $zip $xpi_eff
+
+bash utils/android-push.sh "$xpi_eff"
+
+echo >&2 "Total included rules: `find src/chrome/content/rules -name "*.xml" | wc -l`"
+echo >&2 "Rules disabled by default: `find src/chrome/content/rules -name "*.xml" | xargs grep -F default_off | wc -l`"
+
+# send the following to stdout so scripts can parse it
+# see test/selenium/shim.py
+echo "Created $xpi_amo"
+echo "Created $xpi_eff"
+echo "Created $crx_cws"
+echo "Created $crx_eff"
+
+if [ -n "$BRANCH" ]; then
+  cd ..
+  cp $SUBDIR/$crx_cws pkg
+  cp $SUBDIR/$crx_eff pkg
+  cp $SUBDIR/$xpi_amo pkg
+  cp $SUBDIR/$xpi_eff pkg
+  rm -rf $SUBDIR
+fi
diff --git a/makecrx.sh b/makecrx.sh
deleted file mode 100755
index f8ab66b990ac..000000000000
--- a/makecrx.sh
+++ /dev/null
@@ -1,158 +0,0 @@
-#!/usr/bin/env bash
-
-# Build an HTTPS Everywhere .crx Chromium extension (for Chromium 17+)
-#
-# To build the current state of the tree:
-#
-#     ./makecrx.sh
-#
-# To build a particular tagged release:
-#
-#     ./makecrx.sh <version number>
-#
-# eg:
-#
-#     ./makecrx.sh chrome-2012.1.26
-#
-# Note that .crx files must be signed; this script makes you a
-# "dummy-chromium.pem" private key for you to sign your own local releases,
-# but these .crx files won't detect and upgrade to official HTTPS Everywhere
-# releases signed by EFF :/.  We should find a more elegant arrangement.
-
-if [ -n "$1" ]; then
-  if [ "$1" = today ] ; then
-    python chromium/setversion.py
-  else
-    BRANCH=`git branch | head -n 1 | cut -d \  -f 2-`
-    SUBDIR=checkout
-    [ -d $SUBDIR ] || mkdir $SUBDIR
-    cp -r -f -a .git $SUBDIR
-    cd $SUBDIR
-    git reset --hard "$1"
-  fi
-fi
-
-VERSION=`python -c "import json ; print(json.loads(open('chromium/manifest.json').read())['version'])"`
-
-echo "Building chrome version" $VERSION
-
-if [ -f utils/trivial-validate.py ]; then
-	VALIDATE="python utils/trivial-validate.py --ignoredups google --ignoredups facebook"
-elif [ -x utils/trivial-validate ] ; then
-  # This case probably never happens
-	VALIDATE=./utils/trivial-validate
-else
-	VALIDATE=./trivial-validate
-fi
-
-if $VALIDATE src/chrome/content/rules >&2
-then
-  echo Validation of included rulesets completed. >&2
-  echo >&2
-else
-  echo ERROR: Validation of rulesets failed. >&2
-  exit 1
-fi
-
-if [ -f utils/relaxng.xml -a -x "$(which xmllint)" ] >&2
-then
-  if xmllint --noout --relaxng utils/relaxng.xml src/chrome/content/rules/*.xml
-  then
-    echo Validation of rulesets with RELAX NG grammar completed. >&2
-  else
-    echo ERROR: Validation of rulesets with RELAX NG grammar failed. >&2
-    exit 1
-  fi
-else
-  echo Validation of rulesets with RELAX NG grammar was SKIPPED. >&2
-fi
-
-sed -e "s/VERSION/$VERSION/g" chromium/updates-master.xml > chromium/updates.xml
-
-[ -d pkg ] || mkdir -p pkg
-[ -e pkg/crx ] && rm -rf pkg/crx
-mkdir -p pkg/crx/rules
-cd pkg/crx
-cp -a ../../chromium/* .
-do_not_ship="*.py *.xml icon.jpg"
-rm -f $do_not_ship
-cd ../..
-
-python ./utils/merge-rulesets.py
-
-export RULESETS=chrome/content/rules/default.rulesets
-cp src/$RULESETS pkg/crx/rules/default.rulesets
-
-echo 'var rule_list = [' > pkg/crx/rule_list.js
-for i in $(find pkg/crx/rules/ -maxdepth 1 \( -name '*.xml' -o -name '*.rulesets' \))
-do
-    echo "\"rules/$(basename $i)\"," >> pkg/crx/rule_list.js
-done
-echo '];' >> pkg/crx/rule_list.js
-sed -i -e "s/VERSION/$VERSION/g" pkg/crx/manifest.json
-#sed -i -e "s/VERSION/$VERSION/g" pkg/crx/updates.xml
-#sed -e "s/VERSION/$VERSION/g" pkg/updates-master.xml > pkg/crx/updates.xml
-
-if [ -n "$BRANCH" ] ; then
-  crx="pkg/https-everywhere-$VERSION.crx"
-  key=../dummy-chromium.pem
-else
-  crx="pkg/https-everywhere-$VERSION~pre.crx"
-  key=dummy-chromium.pem
-fi
-if ! [ -f "$key" ] ; then
-  echo "Making a dummy signing key for local build purposes"
-  openssl genrsa 2048 > "$key"
-fi
-
-## Based on https://code.google.com/chrome/extensions/crx.html
-
-dir=pkg/crx
-name=pkg/crx
-pub="$name.pub"
-sig="$name.sig"
-zip="$name.zip"
-trap 'rm -f "$pub" "$sig" "$zip"' EXIT
-
-# zip up the crx dir
-cwd=$(pwd -P)
-(cd "$dir" && python ../../utils/create_xpi.py -n "$cwd/$zip" -x "../../.build_exclusions" .)
-echo >&2 "Unsigned package has shasum: `shasum "$cwd/$zip"`" 
-
-# signature
-openssl sha1 -sha1 -binary -sign "$key" < "$zip" > "$sig"
-
-# public key
-openssl rsa -pubout -outform DER < "$key" > "$pub" 2>/dev/null
-
-byte_swap () {
-  # Take "abcdefgh" and return it as "ghefcdab"
-  echo "${1:6:2}${1:4:2}${1:2:2}${1:0:2}"
-}
-
-crmagic_hex="4372 3234" # Cr24
-version_hex="0200 0000" # 2
-pub_len_hex=$(byte_swap $(printf '%08x\n' $(ls -l "$pub" | awk '{print $5}')))
-sig_len_hex=$(byte_swap $(printf '%08x\n' $(ls -l "$sig" | awk '{print $5}')))
-(
-  echo "$crmagic_hex $version_hex $pub_len_hex $sig_len_hex" | xxd -r -p
-  cat "$pub" "$sig" "$zip"
-) > "$crx"
-#rm -rf pkg/crx
-
-#python githubhelper.py $VERSION
-
-#git add chromium/updates.xml
-#git commit -m "release $VERSION"
-#git tag -s chrome-$VERSION -m "release $VERSION"
-#git push
-#git push --tags
-
-echo >&2 "Total included rules: `find src/chrome/content/rules -name "*.xml" | wc -l`"
-echo >&2 "Rules disabled by default: `find src/chrome/content/rules -name "*.xml" | xargs grep -F default_off | wc -l`"
-echo >&2 "Created $crx"
-if [ -n "$BRANCH" ]; then
-  cd ..
-  cp $SUBDIR/$crx pkg
-  rm -rf $SUBDIR
-fi
diff --git a/makexpi.sh b/makexpi.sh
deleted file mode 100755
index bc7f442a54a1..000000000000
--- a/makexpi.sh
+++ /dev/null
@@ -1,146 +0,0 @@
-#!/bin/sh
-APP_NAME=https-everywhere
-
-# builds a .xpi from the git repository, placing the .xpi in the root
-# of the repository.
-#
-# invoke with no arguments to build from the current src directory.
-#
-#  ./makexpi.sh
-#
-# OR, invoke with a tag name to build a specific branch or tag.
-#
-# e.g.:
-#
-#  ./makexpi.sh 0.2.3.development.2
-
-cd "`dirname $0`"
-
-[ -d pkg ] || mkdir pkg
-
-# If the command line argument is a tag name, check that out and build it
-if [ -n "$1" ] && [ "$2" != "--no-recurse" ] && [ "$1" != "--fast" ] ; then
-	BRANCH=`git branch | head -n 1 | cut -d \  -f 2-`
-	SUBDIR=checkout
-	[ -d $SUBDIR ] || mkdir $SUBDIR
-	cp -r -f -a .git $SUBDIR
-	cd $SUBDIR
-	git reset --hard "$1"
-  # Use the version of the build script that was current when that
-  # tag/release/branch was made.
-  ./makexpi.sh $1 --no-recurse || exit 1
-  # The fact that the above works even when the thing you are building predates
-  # support for --no-recurse in this script is (1) non-intuitive; (2) crazy; and (3)
-  # involves two pristine checkouts of $1 within each other
-
-  # Now escape from the horrible mess we've made
-  cd ..
-	XPI_NAME="$APP_NAME-$1.xpi"
-  # In this mad recursive situation, sometimes old buggy build scripts make
-  # the xpi as ./pkg :(
-  if ! cp $SUBDIR/pkg/$XPI_NAME pkg/ ; then
-    echo Recovering from hair-raising recursion:
-    echo cp $SUBDIR/pkg pkg/$XPI_NAME
-    cp $SUBDIR/pkg pkg/$XPI_NAME
-  fi
-  rm -rf $SUBDIR
-  exit 0
-fi
-
-# =============== BEGIN VALIDATION ================
-# Unless we're in a hurry, validate the ruleset library & locales
-
-if [ "$1" != "--fast" ] ; then
-  if [ -f utils/trivial-validate.py ]; then
-    VALIDATE="python utils/trivial-validate.py --ignoredups google --ignoredups facebook"
-  elif [ -f trivial-validate.py ] ; then
-    VALIDATE="python trivial-validate.py --ignoredups google --ignoredups facebook"
-  elif [ -x utils/trivial-validate ] ; then
-    # This case probably never happens
-    VALIDATE=./utils/trivial-validate
-  else
-    VALIDATE=./trivial-validate
-  fi
-
-  if $VALIDATE src/chrome/content/rules >&2
-  then
-    echo Validation of included rulesets completed. >&2
-    echo >&2
-  else
-    echo ERROR: Validation of rulesets failed. >&2
-    exit 1
-  fi
-
-  if [ -f utils/relaxng.xml -a -x "$(which xmllint)" ] >&2
-  then
-    if xmllint --noout --relaxng utils/relaxng.xml src/chrome/content/rules/*.xml
-    then
-      echo Validation of rulesets with RELAX NG grammar completed. >&2
-    else
-      echo ERROR: Validation of rulesets with RELAX NG grammar failed. >&2
-      exit 1
-    fi
-  else
-    echo Validation of rulesets with RELAX NG grammar was SKIPPED. >&2
-  fi 2>&1 | grep -v validates
-
-  if [ -x ./utils/compare-locales.sh ] >&2
-  then
-    if ./utils/compare-locales.sh >&2
-    then
-      echo Validation of included locales completed. >&2
-    else
-      echo ERROR: Validation of locales failed. >&2
-      exit 1
-    fi
-  fi
-fi
-# =============== END VALIDATION ================
-
-# The name/version of the XPI we're building comes from src/install.rdf
-XPI_NAME="pkg/$APP_NAME-`grep em:version src/install.rdf | sed -e 's/[<>]/	/g' | cut -f3`"
-if [ "$1" ] && [ "$1" != "--fast" ] ; then
-	XPI_NAME="$XPI_NAME.xpi"
-else
-	XPI_NAME="$XPI_NAME~pre.xpi"
-fi
-
-[ -d pkg ] || mkdir pkg
-
-# Used for figuring out which branch to pull from when viewing source for rules
-GIT_OBJECT_FILE=".git/refs/heads/master"
-export GIT_COMMIT_ID="HEAD"
-if [ -e "$GIT_OBJECT_FILE" ]; then
-	export GIT_COMMIT_ID=$(cat "$GIT_OBJECT_FILE")
-fi
-
-# Unless we're in a hurry and there's already a ruleset library, build it from
-# the ruleset .xml files
-
-if [ "$1" = "--fast" ] ; then
-  FAST="--fast"
-fi
-python ./utils/merge-rulesets.py $FAST
-
-cd src
-
-# Build the XPI!
-rm -f "../$XPI_NAME"
-#zip -q -X -9r "../$XPI_NAME" . "-x@../.build_exclusions"
-
-python ../utils/create_xpi.py -n "../$XPI_NAME" -x "../.build_exclusions" "."
-
-ret="$?"
-if [ "$ret" != 0 ]; then
-    rm -f "../$XPI_NAME"
-    exit "$?"
-else
-  echo >&2 "Total included rules: `find chrome/content/rules -name "*.xml" | wc -l`"
-  echo >&2 "Rules disabled by default: `find chrome/content/rules -name "*.xml" | xargs grep -F default_off | wc -l`"
-  echo >&2 "Created $XPI_NAME"
-  if [ -n "$BRANCH" ]; then
-    cd ../..
-    cp $SUBDIR/$XPI_NAME pkg
-    rm -rf $SUBDIR
-  fi
-fi
diff --git a/requirements.txt b/requirements.txt
new file mode 100644
index 000000000000..6f97e1d4cd67
--- /dev/null
+++ b/requirements.txt
@@ -0,0 +1 @@
+lxml>=3.3.3
diff --git a/rules b/rules
new file mode 120000
index 000000000000..619db51439da
--- /dev/null
+++ b/rules
@@ -0,0 +1 @@
+src/chrome/content/rules
\ No newline at end of file
diff --git a/ruleset-testing.md b/ruleset-testing.md
new file mode 100644
index 000000000000..9d3a6fb82304
--- /dev/null
+++ b/ruleset-testing.md
@@ -0,0 +1,62 @@
+# Ruleset coverage requirements
+
+We have an automated tester that checks URLs for all rulesets to ensure they
+still work. In order for that tester to work we need input URLs. We have
+additional testing in place to ensure that all rulesets have a sufficient number
+of test URLs to test them thoroughly.
+
+Goal: 100% coverage of all targets and all branches of all regexes in each
+ruleset.
+
+Each ruleset has a number of "implicit" test URLs based on the target hosts. For
+each target host e.g. `example.com`, there is an implicit test URL of
+`http://example.com/`. Exception: target hosts that contain a wildcard ("`*`")
+do not create an implicit test URL.
+
+Additional test URLs can be added with the new `<test>` tag in the XML, e.g.
+`<test url="http://example.com/complex-page" />`.
+
+Test URLs will be matched against the regexes in each `<rule>` and
+`<exclusion>`. A test URL can only match against one `<rule>` and one
+`<exclusion>`. Once all the test URLs have been matched up, we count the number
+of test URLs matching each `<rule>` and each `<exclusion>`, and make sure the
+count meets the minimum number.  The minimum number of test URLs for each
+`<rule>` or `<exclusion>` is one plus the number of '`*`', '`+`', '`?`', or
+'`|`' characters in the regex. Since each of these characters increases the
+complexity of the regex (usually increasing the variety of URLs it can match),
+we require correspondingly more test URLs to ensure good coverage.
+
+# Example:
+```xml
+<ruleset name="example.com">
+	<target host="example.com" />
+	<target host="*.example.com" />
+
+	<test url="http://www.example.com/" />
+	<test url="http://beta.example.com/" />
+
+	<rule from="^http://([\w-]+\.)?example\.com/"
+		to="https://$1example.com/" />
+</ruleset>
+```
+This ruleset has one implicit test URL from a target host
+("`http://example.com/`"). The other target host has a wildcard, so creates no
+implicit test URL. There's a single rule. That rule contains a '`+`' and a
+'`?`', so it requires a total of three matching test URLs. We add the necessary
+test URLs using explicit `<test>` tags.
+
+# Testing and Continuous Build
+
+Testing for ruleset coverage is now part of the Travis CI continuous build.
+Currently we only test rulesets that have been modified since February 2 2015.
+Submitting changes to any ruleset that does not meet the coverage requirements
+will break the build. This means that even fixes of existing rules may require
+additional work to bring them up to snuff.
+
+To run the tests locally, first install the development dependencies:
+
+    ./install-dev-dependencies.sh
+
+To test a specific ruleset:
+
+    test/manual.sh rules/Example.xml
diff --git a/src/Changelog b/src/Changelog
index 18e3403a9732..db2f228f30d0 100644
--- a/src/Changelog
+++ b/src/Changelog
@@ -1,5 +1,644 @@
+2022.5.24
+* Improved EASE mode prompt
+* Add background tab on install or update to educate users on HTTPS only mode features in their browsers
+* Updated dependencies
+
+2021.7.13
+* Amend Incognito Key for Chrome and Firefox #20092
+* Fix unexpected arithmetic operations on strings #20043
+* Remove Top Alexa Labeller #20083
+* Update deprecated log function #20101
+* Patch Chrome Test Failure #20102
+
+2021.4.15
+* Add DuckDuckGo Smarter Encryption update channel
+* Bloom filter for rulesets
+* Firefox Fenix option page updates for Android users
+* Move to Python 3 from Python 3.6
+* Fix undefined type access
+* Fix empty default types
+
+2021.1.27
+* EASE Mode UI Changes
+* NPM Dependency updates
+* Geckodriver pull update
+* Chromedriver pull update
+* Integrate CSS Grid for Options Page and EASE UI
+* Put Options in new tab
+
+2020.11.17
+* Copy URL in EASE interstitial
+* Dependapot NPM updates
+* CRX distribution scripts for transparency for Edge and Opera
+* Port inclusion on allowlist for EASE
+* UI change to reflect a global setting
+
+2020.8.13
+* Fix port based whitelsiting issue #19291
+* Update documentation
+* Update dependencies (NPM and Chromedriver)
+* Minor code fixes in JS
+
+2020.5.19
+* Reverting Onboarding page for the time being
+* Patch for whitelisting rules and EASE mode issue
+* Double rule load patch in update channels
+* Fix minor JS and UX issues
+
+2020.3.16
+* EASE HTTP Once CSS fix
+* Allow users to whitelist hosts from the option page
+* EASE mode fixes for locale issue
+* Fetch Test Prep, TLS 1.2 update
+* Fetch Test Prep, Updated check rules script
+* Fix options page appearance on Firefox when dark mode is on
+* Dark mode adjustments
+
+2019.11.7
+* EASE HTTP Once Exception
+* Add Private network IPs to exclusion for HTTPSE
+* Revert icons back to previous state
+* Optimizations to url handling and hsts prune
+
+2019.6.27
+  * Making stylistic changes for mobile friendliness in Fennec
+  * Inclusion and use of the lib-wasm submodule, lowering memory overhead
+  * Refactor secure cookie logic
+  * Code cleanup
+  * Bundled ruleset updates
+
+2019.6.4
+  * Fix bug where link HTML is replaced in cancel page, instead of text
+  * Bundled ruleset updates
+
+2019.5.13
+  * UI nd functionality patches for stable rules
+  * Translations string fixes
+  * Minor npm updates for HSTS pruning
+
+2019.5.6
+  * UI tweaks for spacing and font sizes
+  * Fix reload bug
+  * Patch for offline release channel
+
+2019.5.2
+  * UI changes in extension menu (#17854)
+  * EASE interstitial UI tweaks (#17347)
+  * Remove support for wildcard in the middle (#12319)
+  * Update default timestamp for deterministic builds (#17623)
+  * Refactor and enhance trivialize-cookie-rules.js (#17438)
+  * Run HSTS-prune and fix impacted rulesets (#17338)
+  * Update HSTS preload max age (#17564)
+  * Fix DeprecationWarning in HTTPS Everywhere Checker (#17596 )
+  * Fix Chromium local store exception (#17557)
+  * Remove middle wildcard support in rules.js (#17715)
+
+
+2019.1.31
+   * Change "Block all unencrypted requests" language to "Encrypt all sites eligible"
+   * EASE mode patches for interstitial page and reload to trigger for EASE mode
+   * ES Lint clean up
+   * Disable test for Chrome (will work in patch while disabled)
+   * Deprecate I.P.s in rulesets (Special case for DNS I.P.s)
+
+2019.1.7
+  * Change "Block all unencrypted requests" language to "Encrypt all sites eligible"
+  * Amend check_rules.py fetch test to disable rules only if all rules are problematic,
+    and comment rules out if other rules are functional in the set
+  * HSTS Prune and updates
+  * Bundled ruleset updates
+
+2018.10.31
+  * Add additional error code for 'Block all unencrypted requests' interstitial
+    page.
+  * Fix race condition when adding update channel
+  * Add UX to remove user rules in options page
+  * Bundled ruleset updates
+
+2018.9.19
+  * Ensure the 'Block all unencrypted requests' interstitial page catches more
+    HTTPS misconfigurations (#16418)
+  * Allow users to disable HTTPS Everywhere on specific sites.  Add additional
+    UX controls in the options page for this. (#10041)
+  * Adding 'scope' to update channels, which defines regex limiting the URLs
+    an update channel is allowed to operate on (#16430)
+  * Bundled ruleset updates
+
+2018.8.22
+  * Adding a warning to pages which 'Block all unencrypted requests' is unable
+    to upgrade
+  * Adding a UX that enables users to add, delete, and edit update channels
+  * Reduces memory overhead by optimizing exclusion regex
+  * Block insecure FTP connections when 'Block all unencrypted requests'
+    is checked. This triggers a permissions dialogue in Firefox 57+, see
+    https://github.com/EFForg/https-everywhere/issues/16377#issuecomment-415492846
+    for more info.
+  * Bundled ruleset updates
+
+2018.6.21
+  * Fix: URLs with a hostname of '.' cause endless loop to be triggered
+  * Bundled ruleset updates
+
+2018.6.13
+  * Improve popup page performance and slightly reduce memory usage
+  * Measure and slightly improve memory usage for rulesets
+  * Fix CORS issues in Firefox. This bug was previously breaking embedded
+    videos or css on many websites. Chrome browser was not affected by this
+    bug
+  * Add "Reset to Defaults" option to reset the default ruleset states
+  * Add "Show Devtools tab" option to hide CDT tab
+  * Bundled ruleset updates
+
+2018.4.11
+  * Reduce out-of-band ruleset update TTL from 48 to 24 hours
+  * Bundled ruleset updates
+
+2018.4.3
+  * Applies the out-of-band ruleset updates, sourced from
+    https://www.https-rulesets.org/.  Clients perform a periodic check for new
+    rulesets to download, which are verified with the Web Crypto API using a
+    pinned key, then applied.
+  * Ruleset updates
+
+2018.3.13
+  * The unused `cacert` platform was removed from rulesets for simplicity
+  * Organizing the add-on files into a clean directory structure
+  * Ruleset updates
+
+2018.2.26
+  * Many/most mixed content blocking issues are solved when enabling the
+    "Block all unencrypted requests" option thanks to the injection of the
+    upgrade-insecure-requests header. This means this option can be more
+    easily used for daily browsing with less site breakage.
+  * Rulesets are alphabetically sorted in HTTPS Everywhere popup, with the
+    first-party site (if covered) at the top.
+  * Fixes an obscure Android bug where rulesets don't appear in popup for the
+    first window that is opened after restart.
+  * Many ruleset bugs have been solved (some dating 3 years back!)
+
+2018.1.29
+  * Ruleset updates
+
+2018.1.11
+  * Ruleset updates
+
+2017.12.6
+  * Remove unnecessary files from release
+  * Ruleset updates
+
+2017.11.21
+  * Ruleset updates
+
+2017.10.30
+  * Introduce migrations, migrate settings from localStorage to storage api
+  * Firefox: full WebExtensions version
+
+2017.10.24
+  * Significant code refactor
+  * Fixes for Fennec
+  * Ruleset updates
+
+2017.10.4
+  * Markup and small UI changes
+  * Modularize JS, clean up control flow
+  * Ruleset updates
+
+2017.9.12
+  * Decrease memory footprint by using JSON in default.rulesets
+  * Markup changes
+  * Ruleset updates
+
+2017.8.31
+  * Add counter badge to indicate how many rulesets are active
+  * Use Map instead of Object for targets (improves lookups)
+  * Fix race condition with persistent storage
+  * Ruleset updates
+
+2017.8.19
+  * Fix wildcard matching
+  * Remove usage of HTML string assignment
+  * Ruleset updates
+
+2017.8.17
+  * Firefox: Fix localStorage reference for users with cookies disabled
+
+2017.8.15
+  * Incorporating numerous fixes for WebExtensions to work within Firefox
+  * Firefox: Creating Embedded WebExtension wrapper to migrate legacy settings
+  * Removing legacy XPCOM codebase, unifying Firefox and Chrome codebase
+  * Ruleset updates
+
+Firefox 5.2.21 / Chrome 2017.7.18
+  * Ruleset updates
+
+Firefox 5.2.20 / Chrome 2017.7.5
+  * Ruleset updates
+
+Firefox 5.2.19 / Chrome 2017.6.20
+  * Chrome: Allow advanced users to enable rulesets which cause MCB
+  * Chrome: Fix - removal of custom rulesets should persist
+  * Ruleset updates
+
+Firefox 5.2.18 / Chrome 2017.6.5
+  * FF: Suppress request to check.torproject.org if SSL Observatory is disabled
+  * Chrome: Adding "View All Rules" link to Atlas
+  * Chrome: Allow removal of user-added, custom rulesets
+  * Ruleset updates
+
+Firefox 5.2.17 / Chrome 2017.5.22
+  * Ruleset updates
+
+Firefox 5.2.16 / Chrome 2017.5.8
+  * Ruleset updates
+
+Firefox 5.2.15 / Chrome 2017.4.19
+  * Ruleset updates
+
+Firefox 5.2.14 / Chrome 2017.4.5
+  * Ruleset updates
+
+Firefox 5.2.13 / Chrome 2017.3.17
+  * Ruleset updates
+
+Firefox 5.2.12 / Chrome 2017.3.9
+  * Excepting loopback hostnames from 'HTTPS Nowhere' functionality
+  * Ruleset updates
+
+Firefox 5.2.11 / Chrome 2017.2.13
+  * Ruleset updates
+
+Firefox 5.2.10 / Chrome 2017.1.25
+  * Removing targets which are HSTS preloaded in all supported browsers
+  * Ruleset updates
+
+Firefox 5.2.9 / Chrome 2016.12.19
+  * Ruleset updates
+  * In HTTP Nowhere mode, attempt HTTPS before block
+
+Firefox 5.2.8 / Chrome 2016.11.30
+  * Ruleset fixes
+
+Firefox 5.2.7 / Chrome 2016.11.8
+  * Ruleset fixes
+
+Firefox 5.2.6 / Chrome 2016.10.20
+  * Ruleset fixes
+  * Fix for domain isolation in Tor Browser with SSL Observatory
+
+Firefox 5.2.5 / Chrome 2016.9.21
+  * Ruleset fixes
+  * Removing deprecated torbutton options
+
+Firefox 5.2.4 / Chrome 2016.9.1
+  * Ruleset fixes
+  * Chrome Dev: Possible fix to "Extension Corrupted" errors
+  * Firefox Android: Fixing numerous issues with UI and functionality
+  * Firefox: Expanding SSL Observatory popup window
+
+Firefox 5.2.3
+  * Bugfix release: fixing a possible DLL hijacking vulnerability
+
+Firefox 5.2.2 / Chrome 2016.8.24
+  * Ruleset fixes
+
+Firefox 5.2.1
+  * Bugfix release: fix CSS to prevent large icons
+
+Chrome 2016.7.19
+  * New release fixing icon inclusion problem
+
+Firefox 5.2.0 / Chrome 2016.7.18
+  * Ruleset fixes
+  * Updating icons
+  * 'Block all unencrypted requests' now allows requests to .onion addresses
+
+Firefox 5.1.10 / Chrome 2016.6.9
+  * Ruleset fixes
+  * Fixing Tor Browser race condition
+
+Firefox 5.1.9 / Chrome 2016.5.10
+  * Adds large Bitly branded domain ruleset
+  * Additional ruleset fixes
+
+Firefox 5.1.6 / Chrome 2016.4.4
+  * Ruleset fixes
+  * Fix bug in Chromium, Firefox to limit FQDN
+
+Firefox 5.1.5 / Chrome 2016.3.23
+  * Ruleset fixes
+  * Improve coverage tests
+  * Add trivialize-rules tool and trivialized rulesets
+  * Remove checker as submodule & add to mainline repo
+
+Firefox 5.1.4 / Chrome 2016.2.23
+  * Fixes for Firefox Dev Edition
+  * Chrome: Fix regressions in custom rule functions
+  * Firefox: Fix custom ruleset regression
+
+Firefox 5.1.3 / Chrome 2016.2.18
+  * Performance & memory usage improvements for Chrome
+  * Introduce temporary disable option on Chrome
+  * Bugfix: make custom rules disableable
+  * Improvements to tests
+  * Switch to using JSON to store rulesets
+
+Firefox 5.1.2 / Chrome 2015.12.16
+  * Ruleset fixes
+
+Firefox 5.1.1 / Chrome 2015.8.25
+  * Ruleset fixes
+  * Clean up some unused code that was causing review problems on AMO.
+
+Firefox 5.1.0
+  * Signed by AMO so it won't get a warning in Firefox
+
+Firefox 5.0.9
+  * Fixed missing translations from 5.0.8
+
+Firefox 5.0.8 / Chrome-2015.8.13
+  * Ruleset fixes
+  * Restore checkbox icons on Firefox
+  * Add a link to the HTTPS Everywhere Atlas
+
+Firefox 5.0.7 / Chrome-2015.7.17
+  * Ruleset fixes, in particular disable broken Netflix rule
+  * Fix "Add a rule" functionality in Chrome.
+
+Chrome-2015.7.15
+  * Fix a broken ruleset that caused Chrome version to fail to rewrite all URLs.
+
+Firefox 5.0.6 / Chrome-2015.7.13
+  * Ruleset fixes
+  * Move options from "Enable / Disable rules" into icon menu
+  * EFF 25th birthday edition!
+
+Firefox 5.0.5 / Chrome-2015.5.28
+  * Ruleset fixes
+  * Fix ordering of locales to default to English again.
+
+Firefox 5.0.4 / Chrome-2015.5.12
+  * Ruleset fixes
+
+Firefox 5.0.3 / Chrome-2015.4.23
+  * Ruleset fixes
+
+Firefox 5.0.2 / Chrome-2015.4.7
+  * Ruleset fixes
+
+Firefox 5.0.1 / Chrome-2015.3.31            (2015-03-31)
+  * Disabled some broken rulesets.
+  * Fixed and updated many rulesets.
+  * Better null checking in Firefox.
+  * Add "Block All HTTP Requests" in Chrome.
+
+Firefox 5.0 / Chrome-2015.3.23              (2015-03-23)
+  * First stable 5.0 release
+  Versus 4.0.3:
+  * Many new rulesets.
+  * Improved automated ruleset testing.
+  * Many new translations in Firefox version.
+  * Support for Firefox electrolysis (aka e10s aka process separation).
+
+Firefox 5.0development.4                    (2015-03-20)
+  * Ruleset updates
+
+5.0development.3                            (2015-03-10)
+  * Added automated ruleset testing.
+  * Disabled many rules that failed ruleset tests.
+  * Fix cookie securing so it works for wildcard cookies
+    even when a wildcard target host is not present.
+  * User rule creation in Chromium is only offered on HTTPS.
+  * Enabling and disabling user rules on Chromium works.
+  * Candidate for 5.0 series stable release.
+
+5.0development.2                            (2014-12-22)
+  * Merged mobile support from 4.0 branch.
+  * New translations imported:
+    Catalan, Chinese (Taiwan), Croatian (Croatia),
+    Estonian, Faroese, French (Canada), Khmer, Malay (Malaysia),
+    Portuguese (Brazil), Romanian, Serbian, Sinhala (Sri Lanka),
+    Slovak (Slovakia), Slovenian (Slovenia), Thai, Ukrainian
+  * Various ruleset fixes.
+  * Candidate for a 5.0 series stable release.
+
+5.0development.1                            (2014-11-25)
+  * Support for multi-process Firefox (aka electrolysis or e10s).
+  * Merge latest rulesets.
+
+Firefox 4.0.3 / Chrome-2015.01.22 (2015-01-22)
+  * Ruleset updates.
+  * Update SSL Observatory code to match Firefox API changes in hashing.
+  * Bring code in line with guidelines for addons.mozilla.org.
+
+4.0.2		  (2014-10-15)
+  * Disable SSL 3 to Prevent POODLE attack:
+    https://github.com/EFForg/https-everywhere/pull/674
+  * NEW: HTTP Nowhere mode. Block all plaintext http
+  * Updates to Yahoo APIs, Fastly, VMWare, Netflix, Mashable, LinkedIn ,
+  Gitorious, Mozilla, msecnd, Hotmail, Live, Eniro, Steam, Phoronix,
+  net-security.org, Flickr, Craigslist, Apache.org, Joomla.org, Samsung,
+  Google IMages, Expedia, Akamai, Trip Advisor, Ikea, CEll, Leo.org, Facebook,
+  F-Secure, Dropbox, Courage Campaign, Box, Atlassian, Internet Archive,
+  localbitcoins.com, SOny, SciVerse, Web.com, Urgan Dictionary, Pornhub,
+  Fool.com, ClickBank, MGID, Which?, Microsoft, Barnes and Noble, Royal
+  Institute of GB, Wall Street Journal
+
+4.0.1										(2014-09-11)
+  * Significant new coverage: Reddit, Quora
+  * Fixes include:
+    Frontier Networks, Hotmail / Live, Microsoft, Mozilla, Ohio State, Rackspace, SJ.se, Timbo.se
+    https://github.com/EFForg/https-everywhere/issues/310
+    https://github.com/EFForg/https-everywhere/issues/500
+    https://trac.torproject.org/projects/tor/ticket/11402
+    https://trac.torproject.org/projects/tor/ticket/11418
+    https://trac.torproject.org/projects/tor/ticket/12583
+    https://trac.torproject.org/projects/tor/ticket/12104
+    https://trac.torproject.org/projects/tor/ticket/9466
+    https://github.com/EFForg/https-everywhere/issues/144
+  * Enhancements to MCB detection and subsequent ruleset fixes
+    https://github.com/EFForg/https-everywhere/issues/529
+
+chrome-2014.8.22							(2014-08-22)
+  * Rulesets from 4.0.0
+  * German translation
+
+4.0.0										(2014-08-04)
+  * Ruleset fixes to wikimedia, stanford-university, joyent, and gaytorrents.
+  * Merge Android Firefox branch, so Android now has the same release cycle
+  as the stable HTTPS Everywhere branch for Firefox.
+  * Remove old unused ContentPolicy code.
+
+5.0development.0                            (2014-07-28)
+  * Various rules for new gaming sites:
+  https://github.com/EFForg/https-everywhere/pull/387
+  * Add exception for flashproxy:
+  https://github.com/EFForg/https-everywhere/issues/357
+  * Updates to joyent, moevideo, FreeDesktop, Gfycat, Bytemark, tchibo,
+  Kantonalbank rules, godaddy, Bing, Pcwelt.de, Gamestar.de, o2-online,
+  heise.de, mozdev.org, Wikimedia, Spotify, Stanford-University, various Swiss
+  websites, SourceForge, utwente.nl, teamfortress.com, Fastly, mozilla.org,
+  AmazonAws, Technology Review, jitsi, googlecode.com, CDT, and other rules.
+  * Add Denh.am, justeatuk, owncloud, seanmckaybeck.com, strimoid.pl,
+  elkosmasgr, mantisbt, IAPC, ReadTheDocs, tox.im, and other rules.
+  * Initialize Convergence's NSS.js with nss library path:
+  https://github.com/EFForg/https-everywhere/pull/315
+  * Add filter for OCSP and other requests that should be unrewritten:
+  https://github.com/EFForg/https-everywhere/pull/332
+  * Add testing framework and a few basic extension tests:
+  https://github.com/EFForg/https-everywhere/pull/338
+  * Fix Chrome redirect loop detection:
+  https://github.com/EFForg/https-everywhere/issues/289
+  * Fix loading of user rules:
+  https://github.com/EFForg/https-everywhere/pull/293
+  * Fix SSL Obs. preferences XML parsing bug.
+  * Add experimental "HTTP Nowhere" mode (blocks all HTTP requests):
+  https://github.com/EFForg/https-everywhere/pull/379
+
+chrome-2014.6.26							(2014-06-25)
+  * Ruleset fixes (same as 3.5.3)
+  * Fix redirect loop detection for HTTPS to HTTPS redirects (Github #289)
+  * Remove item from rule cache when it is disabled by the user
+
+3.5.3										(2014-06-25)
+  * Ruleset fixes to Mozilla, PCWorld, MacWorld, Google Books, 4chan blog,
+  BuzzFeed, BBC, googlecode, TechDirt, Wikia, Technology Review, Google
+  Translate, CDT, Science Direct, Sourceforge
+  * Fix rulesets.sqlite path, allowing global installation (Github #255)
+  * Revert components/ssl-observatory.js to 3.4.5, possibly fixing crash bug
+  (Github #262)
+  * Update observatory whitelist
+
+4.0development.17                           (2014-05-23)
+  * Re-enable ability to see all rulesets in enable/disable dialog.
+  * Fix allowing global installation:
+  https://github.com/EFForg/https-everywhere/pull/255
+  * Better observatory whitelisting:
+  https://github.com/EFForg/https-everywhere/pull/276
+  * Add option for SSL obs. revoked cert warnings:
+  https://github.com/EFForg/https-everywhere/pull/278
+  * Numerous ruleset updates
+
+3.5.1                                       (2014-04-25)
+  * Revert https://github.com/EFForg/https-everywhere/pull/134 due to YouTube
+  breakage.
+  * Re-enable ability to see all rulesets in enable/disable dialog.
+  * Added more Debian coverage.
+  * Fixes to Doubleclick, Guardian, Heroku, Home Depot, HypeMachine, IMDB,
+  Justin.tv, Kikatek, Mozilla, MyFitnessPal, Pinterest, XKCD, Reuters,
+  Technet, Tumblr, Wordpress, Yandex, Youtube, Flickr.
+  * Fix Australis icon positioning:
+  https://github.com/EFForg/https-everywhere/pull/216
+
+chrome-2014.4.25
+  * Ruleset fixes (same as 3.5.1)
+
+chrome-2014.4.16
+  * Make Chrome build script compatible with Chrome release scripts.
+  * Fix disappearing icon: https://github.com/EFForg/https-everywhere/pull/220
+  * Fix XKCD images
+
+chrome-2014.4.14.1
+  * Revert back to chrome-2014.1.3 because of bug in Chrome release script.
+
+chrome-2014.4.14
+  * Add SV localization
+  * Add persistent user-generated rules, thanks to Vijay P.:
+  https://github.com/EFForg/https-everywhere/pull/60
+  * Use onBeforeRedirect for redirect loop detection:
+  https://github.com/EFForg/https-everywhere/pull/199
+  * Remove unneeded onBeforeSendHeaders listener:
+  https://github.com/EFForg/https-everywhere/pull/172
+  * Fix host-only cookie bug:
+  https://github.com/EFForg/https-everywhere/pull/166
+  * Split incognito mode:
+  https://github.com/EFForg/https-everywhere/pull/165
+  * Cleanup pageAction icon code:
+  https://github.com/EFForg/https-everywhere/pull/173
+  * Add and modify some rulesets (same as 3.5)
+
+3.5                                         (2014-04-14)
+  * Merge all non-ruleset changes from 4.0development.16
+  * Merge all new/modified rulesets from 4.0development.16 that are
+  in the Alexa Top 1000 using utils/alexa-ruleset-checker.py. For a full list,
+  see utils/alexa-logs/07042014.log.
+
+4.0development.16                           (2014-04-14)
+  * Restore code that loads custom rule files:
+  https://github.com/EFForg/https-everywhere/pull/156
+  * Use loadContext interface to get windows associated with requests
+  * Reduce annoying logging messages
+  * Report cert warning pages to SSL Observatory
+  * Remove SSL Observatory observers when disabled
+  * Don't set LOAD_REPLACE flag:
+  https://github.com/EFForg/https-everywhere/pull/134
+  * Add script to merge rulesets in Alexa Top 1M, thanks to Claudio Moretti:
+  https://github.com/EFForg/https-everywhere/pull/149
+  * 8 new rules
+  * 59 modified rules
+
+4.0development.15                           (2014-02-05)
+ * Replace the single XML ruleset library with an sqlite database of rulesets
+   that are loaded on demand
+   - reduces startup time by a factor of 10-20:
+      https://trac.torproject.org/projects/tor/ticket/10174
+   - reduces RAM usage https://trac.torproject.org/projects/tor/ticket/4804
+   - Is scalable: https://trac.torproject.org/projects/tor/ticket/6118
+   Further analysis in this thread:
+   https://lists.eff.org/pipermail/https-everywhere/2014-January/001919.html
+ * Implement a cleanup case to recover from some Observatory UI code bugs that
+   would leave the Observatory off incorrectly.
+   https://trac.torproject.org/projects/tor/ticket/10728
+ * Fix observatory - private browsing mode interaction
+   https://trac.torproject.org/projects/tor/ticket/10208
+ * Ship 848 new rulesets
+ * Update cert whitelist
+
+3.5android.0                                (2014-01-31)
+ * First Firefox for Android release! :D
+ * Major UI changes for mobile compatibility
+ * Android channel update URL set to
+   https://www.eff.org/files/https-everywhere-android-update-2048.rdf
+ * Updated rulesets: Freenode, Imgur
+
+3.4.5                                       (2014-01-03)
+ * Updated license
+ * Updated README.md
+ * Updated contributors list
+ * Fix a performance bug when re-enabling HTTPS-Everywhere from its menu
+ * Observatory cert whitelist update
+ * Updated rules: Atlassian, Brightcove, MIT, Pidgin, Microsoft, Whonix,
+   Skanetrafiken, Stack-Exchange, Stack-Exchange-mixedcontent
+
+chrome-2014.1.3
+  * Various ruleset fixes
+  * Various performance improvements, thanks to Nick Semenkovich and Jacob
+  Hoffman-Andrews!
+  * Add LRU caching for rules
+  * Refactor out unused code
+  * Reload page when rule is disabled
+  * Upgrade URI.js
+  * Add fi translation
+
+3.4.4tbb                                     (2013-12-06)
+ * Pseudorelease, just for Tor Browser Bundle usage
+ * Tiny ruleset tweaks (XKCD is back)!
+ * Create an about:config setting that overrules mixedcontent ruleset disablement
+
+3.4.3                                        (2013-12-03)
+ * Fixes: Cloudfront / Amazon MP3 player, Cornell/Arxiv, FlickR,
+          AmazonAWS/spiegel.tv
+ * Disable broken: Barns and Noble, Behance, Boards.ie, Elsevier, Kohls,
+   OpenDNS, Spin.de, Svenskakyrkan
+ * Deprecate the ContentPolicy API, fixing a crash bug
+    lurking since Firefox 20:
+    https://bugzilla.mozilla.org/show_bug.cgi?id=939180
+ *  Fix really silly Observatory UI bug that would leave the Observatory off
+    for non-Tor users after they turned it on
+ *  Update Observatory blacklist
+ *  Bump maxVersion from Firefox 25 to 28.
+
 4.0development.14                             (2013-11-21)
-  * Deprecate the ContentPolicy API, fixing a crash bug
+ * Deprecate the ContentPolicy API, fixing a crash bug
     lurking since Firefox 20:
     https://bugzilla.mozilla.org/show_bug.cgi?id=939180
  *  Fix really silly Observatory UI bug that would leave the Observatory off
@@ -60,10 +699,10 @@
     the stable branch, and changed many stable rules
 
 chrome-2013.8.17
-  * Urgent bugfix release for 
+  * Urgent bugfix release for
     https://trac.torproject.org/projects/tor/ticket/9507
     - release from the stable / 3.0 branch, not master
-    - don't ship the development ruleset library, it's not ready for prime 
+    - don't ship the development ruleset library, it's not ready for prime
       time yet
     - avoid performance hits from repeatedly re-testing rulesets
     - other possible weirdness
@@ -133,7 +772,7 @@ chrome-2013-8.16
   * Includes all fixes from 3.3
 
 3.3
-  * This major release fixed the following mixed content blocker (MCB) 
+  * This major release fixed the following mixed content blocker (MCB)
     related bugs in time for Firefox 23:
     https://trac.torproject.org/projects/tor/ticket/9196
     https://trac.torproject.org/projects/tor/ticket/8774
@@ -174,7 +813,7 @@ chrome-2013.7.10
 chrome-2012.6.4
   * The "factors of 12" chromium beta
   * Various ruleset fixes:
-    https://eff.org/r.5bSj
+    https://www.eff.org/r.5bSj
     https://trac.torproject.org/projects/tor/ticket/8584
     https://trac.torproject.org/projects/tor/ticket/8571
   * Disable Myspace by default due to mixed content
@@ -182,19 +821,19 @@ chrome-2012.6.4
 4.0development.8                              (2013-06-04)
   * Fix broken ruleset dialog in Firefox 22+
     https://trac.torproject.org/projects/tor/ticket/8997
-  * The toolbar button chnages to indicate active rulesets:
-    https://trac.torproject.org/projects/tor/ticket/4886 
+  * The toolbar button changes to indicate active rulesets:
+    https://trac.torproject.org/projects/tor/ticket/4886
   * Ship 31 new rulesets
   * New translations: Japanese and Sinhala
   * Updated translations: Hungarian, Lithuanian, Slovenian
   * Ruleset fixes from 3.2.2:
-    https://eff.org/r.5bSj
+    https://www.eff.org/r.5bSj
   * Observatory cert whitelist update
-  
+
 3.2.2                                         (2013-05-22)
   * Quick turn-around release to unbreak support.apple.com
   * Fixes for a number of other ruleset bugs:
-    https://eff.org/r.5bSj
+    https://www.eff.org/r.5bSj
   * Incremental observatory cert whitelist update
 
 3.2.1                                         (2013-05-17)
@@ -215,7 +854,7 @@ chrome-2012.6.4
   * Add a note hinting users how to toggle rulesets (thanks to Pavel Kazakov)
     https://trac.torproject.org/projects/tor/ticket/4967
   * Ship all fixes from 3.2:
-    https://eff.org/r.b9Qc
+    https://www.eff.org/r.b9Qc
   * Other known ruleset fixes: EA, Yandex
     https://trac.torproject.org/projects/tor/ticket/8571
   * Ship 1308 new rulesets!
@@ -224,16 +863,16 @@ chrome-2012.6.4
 chrome-2012.4.30
   * The "May day somewhere" chromium beta
   * Ship all ruleset bugfixes from the Firefox 3.2 release:
-    https://eff.org/r.b9Qc
+    https://www.eff.org/r.b9Qc
   * Flag/disable mixed content rulesets: Apple Support, BBC, Dell support,
     FBI, Wordpress, Zend
-    https://eff.org/r.1bQt
+    https://www.eff.org/r.1bQt
   * Disable VistaX64
     https://trac.torproject.org/projects/tor/ticket/8801
 
 3.2                                           (2013-04-25)
   * Related trac bugs for this release:
-    https://eff.org/r.b9Qc
+    https://www.eff.org/r.b9Qc
   * New: MoinMoin
   * Fixes: Adobe, Bahn.de, Cloudfront, Dell, Droplr, FBI, Google Maps,
     Joomla, Juno Download, Lenovo, New York Times, SEC, Soundcloud,
@@ -274,7 +913,7 @@ chrome-2012.3.7
     https://trac.torproject.org/projects/tor/ticket/8199
     https://trac.torproject.org/projects/tor/ticket/8198
   * Disable broken:
-    American Public Media (for real this time), Asymmetric Publications, 
+    American Public Media (for real this time), Asymmetric Publications,
     Salsa Labs, Vimeo
     https://trac.torproject.org/projects/tor/ticket/7650
     https://trac.torproject.org/projects/tor/ticket/8280
@@ -290,7 +929,7 @@ chrome-2013.1.18
   * Fix the implementation of safeToSecureCookie
     - Get https://trac.torproject.org/projects/tor/ticket/7491 right(er)
     - Fix https://trac.torproject.org/projects/tor/ticket/7855
-  * Fix a ruleset processing bug, which would prevent <target host="*.z.com"> 
+  * Fix a ruleset processing bug, which would prevent <target host="*.z.com">
     from matching x.y.z.com
   * Ship all ruleset fixes from 3.1.2 and 3.1.3
     - Except Etsy, where we're trying to fix rather than disable the ruleset
@@ -301,7 +940,7 @@ chrome-2013.1.18
 
 3.1.3                                         (2013-1-18)
   * Internet Freedom Day stable bugfix release
-  * Fixes: CloudFront/Spotify, AmazonAWS (Amazon MP3s and product images), Libav, 
+  * Fixes: CloudFront/Spotify, AmazonAWS (Amazon MP3s and product images), Libav,
            Google Maps, UserEcho
     https://trac.torproject.org/projects/tor/ticket/7931
     https://trac.torproject.org/projects/tor/ticket/7888
@@ -343,7 +982,7 @@ chrome-2012.12.17
   * Additionally disable: Automattic
 
 4.0development.4			     (2012-12-17)
-  * Fix nasty bug that prevented Firefox downloads from Mozilla's CDN 
+  * Fix nasty bug that prevented Firefox downloads from Mozilla's CDN
     https://trac.torproject.org/projects/tor/ticket/7717
   * Fix download from qt-project.org
   * Ship 72 new rulesets
@@ -401,8 +1040,8 @@ chrome-2012.10.31
   * Work around a nasty bug that was affecting some high-volume Live Youtube streams
     (but not other live YouTube streams)
     https://trac.torproject.org/projects/tor/ticket/7127
-  * Other Fixes: 
-    AdaCore, Akamai/MTV3 Katsomo, Akamai/HP, Atlassian, Bahn.de, MySQL, NPR, PBS, 
+  * Other Fixes:
+    AdaCore, Akamai/MTV3 Katsomo, Akamai/HP, Atlassian, Bahn.de, MySQL, NPR, PBS,
     Phronoix Media/Openbenchmarking, SSRN, Spoki
     https://trac.torproject.org/projects/tor/ticket/7219
     https://trac.torproject.org/projects/tor/ticket/7180
@@ -418,12 +1057,12 @@ chrome-2012.10.31
     https://trac.torproject.org/projects/tor/ticket/7114
     https://trac.torproject.org/projects/tor/ticket/7138
     https://trac.torproject.org/projects/tor/ticket/7107
-  
+
 3.0.3                                       (2012-10-29)
   * Work around a nasty bug that was affecting some high-volume Live Youtube streams
     (but not other live YouTube streams)
     https://trac.torproject.org/projects/tor/ticket/7127
-  * Other Fixes: 
+  * Other Fixes:
     AdaCore, Akamai/MTV3 Katsomo, Akamai/HP, Atlassian, Bahn.de, DemocracyNow, MySQL, NuGet,
     PBS, Phronoix Media/Openbenchmarking, SSRN, Spoki
     https://trac.torproject.org/projects/tor/ticket/7219
@@ -464,7 +1103,7 @@ chrome-2012.10.31
 
 chrome-2012.10.18
   * The "even more perfect" chromium alpha
-  * Fixes from the last two Firefox releases: 
+  * Fixes from the last two Firefox releases:
     Microsoft (Bing login button), ZeniMax, Ubuntuone, TrueCrypt, Springer,
     Optical Society, IMDB, Facebook, EzineArticles, Broadband Reports, Apache,
     Akamai (exclude Zynga content to prevent breakage of some Zynga games),
@@ -488,8 +1127,8 @@ chrome-2012.10.18
     hundreds of others
 
 3.0.1 and 4.0development.1:
-  * Fixes: adition.com, Akamai/SVTplay.se, Bahn.de, European Southern Observatory, 
-    IEEE, Indeed, Java, Librivox, Pinterest, New York Times, Springer, Vimeo, 
+  * Fixes: adition.com, Akamai/SVTplay.se, Bahn.de, European Southern Observatory,
+    IEEE, Indeed, Java, Librivox, Pinterest, New York Times, Springer, Vimeo,
     Shannon Health, O'Reilly Media
     https://trac.torproject.org/projects/tor/ticket/7080
     https://mail1.eff.org/pipermail/https-everywhere/2012-October/001583.html
@@ -514,7 +1153,7 @@ chrome-2012.10.9
 3.0                                         (2012-10-04)
   * Since version 2.x:
     * 1,455 new active rulesets
-    * UI improvements: 
+    * UI improvements:
       - right-click to view ruleset source in the config window
       - translate some untranslated menus
       - better icons in a few places (breaking/redirecting rules,
@@ -528,7 +1167,7 @@ chrome-2012.10.9
   * Relative to 3.0development.8:
     * Only promote the Decentralized SSL Observatory to 5% of non-Tor users
     * Update the SSL Observatory whitelist of common cert chains
-    * Fixes, mostly in the CDN/media playback department: 
+    * Fixes, mostly in the CDN/media playback department:
              Akamai/CNN, GO.com/ABC, AWS/Amazon Zeitgeist MP3 player,
              AWS/Spiegel.tv, Technology Review, Cloudfront/Tunein,
              Akamai/Discovery Channel, Beyond Security, OCaml, Gentoo,
@@ -564,14 +1203,14 @@ chrome-2012.9.21
     https://trac.torproject.org/projects/tor/ticket/6848
   * Replace jsURI with URI.js, fixing a number of bugs in the Chrome port
     - https://trac.torproject.org/projects/tor/ticket/6197
-    - Also breakage on other random pages like 
+    - Also breakage on other random pages like
       http://venturebeat.com/2012/09/13/how-do-not-track-could-destroy-the-internet-as-you-know-it/
   * Fixes: AOL, Antispam.de, BBC, BitTorrent, Facebook, Gearhog, LinkPlus
     Catalog, Microsoft, Mother Jones, Mozilla, Office.co.uk, OpenDNS,
     PassThePopcorn, Piriform, WhatCD, uTorrent
   * Disable broken: Paper.li, SVT.se, Soton.ac.uk
   * Reenable: Referly
-    
+
 chrome-2012.9.10
   * The "just add eleven" chromium alpha
   * Time to test the updating mechanism from direct -> Chrome Web Store
@@ -659,7 +1298,7 @@ chrome-2012.8.15
            Jottit
   * Disable broken: Project Syndicate, Alton Towers, Network for Good
     https://trac.torproject.org/projects/tor/ticket/6222
-  * The Decentralized SSL Observatory client now saves up some certificates if 
+  * The Decentralized SSL Observatory client now saves up some certificates if
     the network blocks or MITMs attempts to submit them.
 
 chrome-2012.6.21
@@ -675,8 +1314,8 @@ chrome-2012.6.21
     https://trac.torproject.org/projects/tor/ticket/5893
   * Ship 217 new rulesets (frozen; new rulesets now have to wait until 4.0
     development)
-  * Fixes: numerous, including: Boxee, CiteULike, MozillaMessaging, 
-           Yandex, Demonoid, Pirate Party, Gentoo, NYTimes, Microsoft, 
+  * Fixes: numerous, including: Boxee, CiteULike, MozillaMessaging,
+           Yandex, Demonoid, Pirate Party, Gentoo, NYTimes, Microsoft,
            Wikipedia, Lenovo, MyWOT
     https://trac.torproject.org/projects/tor/ticket/5912
     https://trac.torproject.org/projects/tor/ticket/6091
@@ -687,12 +1326,12 @@ chrome-2012.6.21
     https://mail1.eff.org/pipermail/https-everywhere-rules/2012-June/001190.html
     https://mail1.eff.org/pipermail/https-everywhere-rules/2012-May/001186.html
     https://mail1.eff.org/pipermail/https-everywhere/2012-May/001433.html
-  * Disable broken: MarketWatch, Disqus, Magento, Lavasoft, 
+  * Disable broken: MarketWatch, Disqus, Magento, Lavasoft,
                     Typepad/Say Media, Thomas Cook, Thomson Reuters clients,
                     Science Daily, BinRev, Ikea, Interpol
     https://trac.torproject.org/projects/tor/ticket/5899
     https://trac.torproject.org/projects/tor/ticket/5496
-  
+
 chrome-2012.6.18
   * The Divisible By Six Chromium Beta Release
   * Ship 444 new Rulesets
@@ -731,11 +1370,11 @@ chrome-2012.5.1
     Everywhere protection for cookies on some domains.
     https://trac.torproject.org/projects/tor/ticket/5676
     https://trac.torproject.org/projects/tor/ticket/2199
-  * More efficient ruleset storage shrinks the .crx download by a factor of 
+  * More efficient ruleset storage shrinks the .crx download by a factor of
     about 4 (thanks fauxfaux)
     https://trac.torproject.org/projects/tor/ticket/5275
   * Disable buggy rulesets: IBM, Scribd, Wunderground, ReadWriteWeb,
-    Pastebin.ca 
+    Pastebin.ca
     https://trac.torproject.org/projects/tor/ticket/5344
     https://trac.torproject.org/projects/tor/ticket/5435
     https://trac.torproject.org/projects/tor/ticket/5630
@@ -749,7 +1388,7 @@ chrome-2012.5.1
 
 
 3.0development.2                            (2012-04-26)
-  * License change: the tree now includes some code from Convergence, which 
+  * License change: the tree now includes some code from Convergence, which
                     is GPL v3+.  Other code remains licensable as GPLv2+
   * Ship 696 new rulesets (!!!), thanks to a lot of amazing work by Negres
   * Fix a downgrade attack that might allow attackers to deny HTTPS
@@ -776,9 +1415,9 @@ chrome-2012.5.1
   * Separate Observatory option to control self-signed cert submission
   * Numerous other ruleset enhancements, fixes, and probably exciting new bugs
     in Negres's ruleset changes
-   
+
 3.0development.1                            (2012-03-14)
-  * By default, use https://google.co.cctld instead of 
+  * By default, use https://google.co.cctld instead of
     encrypted.google.com
     https://trac.torproject.org/projects/tor/ticket/5152
   * Add an optional ruleset to use https://www.google.com
@@ -798,7 +1437,7 @@ chrome-2012.3.14
   * Add an optional ruleset to search on https://www.google.com
     instead of encrypted.google.com
   * Switch non-US google searches to country sites by default
-  * Better chrome context UI 
+  * Better chrome context UI
 
 2.2.3                                     (2012-09-25)
   * Workaround for breakage in Amazon Look Inside the Book (via Cloudfront)
@@ -807,7 +1446,7 @@ chrome-2012.3.14
   * Other fixes: PassThePopcorn, WhatCD, Antispam.de, RFCeditor,
                  Weatherspark / GoogleMaps
   * Disable broken: SVT.se
-    
+
 2.2.1                                     (2012-08-17)
   * Fix a configuration-parsing bug in 2.2 that would
     ignore default_off rules if this was a first install
@@ -843,7 +1482,7 @@ chrome-2012.3.14
 2.0.5                                       (2012-05-16)
   * Rebuild 2.0.4 without a bug in the release scripts that prevented all the
     rulesets from being absent
-  
+
 2.0.4                                       (2012-05-16)
   * Fix for compatibility with some other Firefox extensions:
     https://trac.torproject.org/projects/tor/ticket/5682
@@ -906,7 +1545,7 @@ chrome-2012.2.27
   * Split Google Translate out of the Google APIs rule, and turn it off by
     default on Chrome only:
     Fixes https://trac.torproject.org/projects/tor/ticket/5196
-  * Ship 19 new rulesets since last Chromium release 
+  * Ship 19 new rulesets since last Chromium release
 
 chrome-2012.2.9
   * make <exclusion pattern> rulesets elements work in the Chrome version
@@ -942,9 +1581,9 @@ chrome-2012.02.06{,.01}
   * Ship 126 new rulesets
   * Fixes: Wikipedia, Identi.ca, Verizon, CCC.de, UserScripts, Yandex,
            Hidemyass, Mozilla, Pogo, Google, Google Images, Google Video,
-           The Pirate Bay, AK Vorrat, JBoss 
+           The Pirate Bay, AK Vorrat, JBoss
   * Improvements: EFF, Flickr, RedHat, Diaspora, PrivatePaste, KDE,
-                  Portugese Govt 
+                  Portugese Govt
   * Disable broken: NSF.gov, WHO.int, Economist
   * New experimental Yahoo! ruleset (off by default)
   * New translations: Spanish, Nederlands
@@ -959,8 +1598,8 @@ chrome-2012.02.06{,.01}
   * Fixes: Java.com, Yandex, Wordpress, Wikipedia, Bahn.de, UNSW, Apache,
            DuckDuckGo, Google Images
   * Improvements: Debian, Tumblr, Apple, Facebook, VeriSign, Google Services,
-                  Flickr, Youtu.be 
-  * Disable broken: Target, OpenUniversity, TV.com, Radio Shack, 
+                  Flickr, Youtu.be
+  * Disable broken: Target, OpenUniversity, TV.com, Radio Shack,
                     Yahoo Mail :( :(,
                     Google Cache coverage in Google Services :( :( :(
 
@@ -1004,7 +1643,7 @@ chrome-2012.02.06{,.01}
     (currently opt-in, with a popup prompt if you have Tor Button installed)
   * Ship 164 new rulesets
   * Enable Google Maps by default
-  * Pending translations: Arabic, Dutch, German, Portugese, Latvian, Russian, 
+  * Pending translations: Arabic, Dutch, German, Portugese, Latvian, Russian,
                           Swedish
   * Fixes: OpenDNS, WordPress, Flickr
   * Expansions & Improvements: Google Services, Twitter, Gowalla, Apple, Bit.ly
@@ -1057,9 +1696,9 @@ chrome-2012.02.06{,.01}
 
 1.0.2                                        (2011-09-20)
   * Major improvements to the Wikipedia ruleset
-  * Disable broken/buggy rulesets: DeviantArt, eHow, About.me, Bandcamp, 
+  * Disable broken/buggy rulesets: DeviantArt, eHow, About.me, Bandcamp,
     StudiVZ, Securityfocus, BankofAmerica :( :( :(
-  * Small fixes: OpenDNS, WordPress, links in the "About" page 
+  * Small fixes: OpenDNS, WordPress, links in the "About" page
   * Declare incompatibility with Firefox 7 & 8 until Mozilla fixes this:
     https://bugzilla.mozilla.org/show_bug.cgi?id=677643
 
@@ -1103,7 +1742,7 @@ chrome-2012.02.06{,.01}
     https://trac.torproject.org/projects/tor/ticket/2199
   * By default, move context menu from toolbar to addons bar
   * Ship 22 new rulesets
-  * Add support for Google Plus, Accounts and AdWdords 
+  * Add support for Google Plus, Accounts and AdWdords
   * Improvements to Microsoft, Twitter and Gitorious
 
 1.0.0development.1:                          (2011-06-27)
@@ -1111,7 +1750,7 @@ chrome-2012.02.06{,.01}
     applicable to the current page (we can now stabilise the dev branch!)
   * Ship 42 new rulesets
   * Support for Google Image Search (except the very first landing page :/)
-  * Fixes: Netflix, Plone 
+  * Fixes: Netflix, Plone
   * Improvements: Google APIs, Google Services, Mediawiki
   * Disable broken rules: OKCupid, Surveymonkey
   * Declare compatibility with recent Seamonkey releases
@@ -1119,29 +1758,29 @@ chrome-2012.02.06{,.01}
 0.9.9.development.6:
   * Optimistically declare compatibility with Firefoxes up to v 7.*
   * Ship 193 new rulesets
-  * Fixes & Improvements: Wikipedia, AmazonAWS, Google Images, Microsoft, 
-    Mozilla, Netflix, Google User Content, Twitter, Gitorious, AdBlock Plus, 
+  * Fixes & Improvements: Wikipedia, AmazonAWS, Google Images, Microsoft,
+    Mozilla, Netflix, Google User Content, Twitter, Gitorious, AdBlock Plus,
     Youtube, he.net, Bitcoin
-  * Remove broken rules: Match.com 
+  * Remove broken rules: Match.com
 
 0.9.9.development.5:
   * Compatible with Firefox 4.0.1+
   * New ruleset management UI (thanks to katmagic and Stefan Tomanek)
   * Ship 136 new rulesets
-  * Fixes: reCAPTCHA, Google Images, Gentoo, Gitorious 
-  * Improvements: Bit.ly, Yahoo, Nokia 
-  * Disable: WashingtonPost :(, Doubleclick, OpenSSL.org (!) 
-  
+  * Fixes: reCAPTCHA, Google Images, Gentoo, Gitorious
+  * Improvements: Bit.ly, Yahoo, Nokia
+  * Disable: WashingtonPost :(, Doubleclick, OpenSSL.org (!)
+
 0.9.9.development.4:
   * Ship 117 new rulesets
-  * Fixes: MySQL, GroupOn, country-specific Google news sites, 
+  * Fixes: MySQL, GroupOn, country-specific Google news sites,
   * Improvements: mail.com, WordPress
   * Leave WashingtonPost ruleset on in the hope that it gets fixed soon :/
   * Disable broken rules: HTC, I2P ...
 
 0.9.9.development.3:
 
-  * In the settings dialogue, offer "Reset defaults" instead of "Enable all" 
+  * In the settings dialogue, offer "Reset defaults" instead of "Enable all"
   * Merge fixes from NoScript that avoid some torbutton bugs
   * Ship 56 new rulesets
   * Numerous tweaks + fixes, including NYTimes and AddThis
@@ -1149,10 +1788,10 @@ chrome-2012.02.06{,.01}
 0.9.9.development.2:
 
   * Prevent the preferences window from swallowing the screen on OS X / Windows
-  * Stop the StartCom rule from breaking StartCom OCSP/CRLs (which can't be HTTPS) 
+  * Stop the StartCom rule from breaking StartCom OCSP/CRLs (which can't be HTTPS)
   * Attempt to do the same for for CAcert
   * Fixes to: Reddit, Drupal.org
-  * Disable some problematic rulesets: Cisco, Opera 
+  * Disable some problematic rulesets: Cisco, Opera
   * Enable: Reddit
   * Ship another 62 rulesets
 
@@ -1200,7 +1839,7 @@ chrome-2012.02.06{,.01}
   * Support global installation for OS distributions (thanks dm0)
 
 0.9.2:
-  * Fix a bug in our redirection loop detection that was causing touble with 
+  * Fix a bug in our redirection loop detection that was causing trouble with
     some parts of NYTimes, Facebook, and other sites
     (closes: https://trac.torproject.org/projects/tor/ticket/2217)
 
@@ -1213,7 +1852,7 @@ chrome-2012.02.06{,.01}
     improvements!
   * Split the stricter parts of the Facebook rule into a "Facebook+" rule.
     It's what's required to protect Facebook from Firesheep and similar cookie
-    theft attacks, but it may break apps, because apps.facebook.com currently 
+    theft attacks, but it may break apps, because apps.facebook.com currently
     has the wrong cert.
   * Allow rulesets to specify that the secure flag should be set on some
     cookies even if the site operator failed to do so
@@ -1238,7 +1877,7 @@ chrome-2012.02.06{,.01}
   * Add scrollbars if there are a lot of rules present in the Preferences
     dialog (may still be somewhat buggy...)
   * Optimise GoogleServices.xml and support Google code search
-  * Patch for future compatiability with Request Policy:
+  * Patch for future compatibility with Request Policy:
     https://trac.torproject.org/projects/tor/ticket/1574
   * Support for the Firefox 4 API
   * The Amazon rule was causing a lot of glitches; it is now off by default
@@ -1252,7 +1891,7 @@ chrome-2012.02.06{,.01}
       https://trac.torproject.org/projects/tor/ticket/1672
       https://trac.torproject.org/projects/tor/ticket/1673
     The patch breaks toolbar search suggestions.  And who knows what else?
-  * Don't send some country homepages to https://www.google.com/webhp?hl= ; 
+  * Don't send some country homepages to https://www.google.com/webhp?hl= ;
     use https://encrypted.google.com instead
   * Cleanup and refactor the URI replacement and rewriting code.  Should
     hopefully fix https://trac.torproject.org/projects/tor/ticket/1649
@@ -1272,7 +1911,7 @@ chrome-2012.02.06{,.01}
 0.2.1:
   * Although google said https://www.google.com would continue to work, that
     wasn't absolutely true.
-  * The new encyrpted.google.com seems to require queries to be #q=thing
+  * The new encrypted.google.com seems to require queries to be #q=thing
     rather than search?q=thing, at least some of the time.  So let's do that.
 
 0.2.0:
diff --git a/src/META-INF/cose.manifest b/src/META-INF/cose.manifest
new file mode 100644
index 000000000000..045ba86369fd
--- /dev/null
+++ b/src/META-INF/cose.manifest
@@ -0,0 +1,732 @@
+Manifest-Version: 1.0
+
+Name: manifest.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: X0hd0tplhCo2R8s3OE27fLAZFD8=
+SHA256-Digest: iKk69TG3OJJNjjAJPTe72S+qXa4k/xL8yKmPzAGmaxg=
+
+Name: package.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: HQyF0Be9Z+C72YzyWk6LqTSCxkU=
+SHA256-Digest: 1v7I/u/oNho1Z8rtRLepk7VY9i0r8EktoXSvvy92SsE=
+
+Name: _locales/ace/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: ofcr0jXThFpy+75hHp2/Q7a13Iw=
+SHA256-Digest: fzhILeKwf6EXocFvocLJMDTVFY7948hKtI6L6UG8GFU=
+
+Name: _locales/ach/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: ofcr0jXThFpy+75hHp2/Q7a13Iw=
+SHA256-Digest: fzhILeKwf6EXocFvocLJMDTVFY7948hKtI6L6UG8GFU=
+
+Name: _locales/af/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: iOMFMT97+EoNCW6DRomntg8GSHk=
+SHA256-Digest: cw+OPqn11qIyL1P5cFnPmxrYTVKQ0oPX10+1KjXtNoc=
+
+Name: _locales/af_ZA/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: ofcr0jXThFpy+75hHp2/Q7a13Iw=
+SHA256-Digest: fzhILeKwf6EXocFvocLJMDTVFY7948hKtI6L6UG8GFU=
+
+Name: _locales/ar/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: pxQQhQSkkjd9EAlMdZmvk+qmXhg=
+SHA256-Digest: MORqa6PigyGRYrjsjuUVk80TAKErKzIZy9G5UnPV20U=
+
+Name: _locales/ar_EG/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: ofcr0jXThFpy+75hHp2/Q7a13Iw=
+SHA256-Digest: fzhILeKwf6EXocFvocLJMDTVFY7948hKtI6L6UG8GFU=
+
+Name: _locales/ast/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: VdPNPPiC8Ro2JsmoBFkdW3TAy2c=
+SHA256-Digest: 4zrpaArMxcBnUHIyLdenD/CDBXFXDgnSki4HzzEB0J8=
+
+Name: _locales/az/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: 3+BLldWYu7TK8cGkwWGVp8z0EUk=
+SHA256-Digest: hfU635JcDvcEJzmbg2zkxSrfMEe0SVNvq8U9wj1SvNg=
+
+Name: _locales/be/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: /7FQnv3lG2OqZFTdc3/fmuOznX8=
+SHA256-Digest: OrCo5OOtp9o91snpAQUrgUG1KbmJ7ScDZ3tncnnV2po=
+
+Name: _locales/bg/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: uvPzsM24ej+LdWMNASNfYE1+tBs=
+SHA256-Digest: Z0AMZvlkzgDfeSMbZQ+AdhZryI8kmsdpYpvOz8lM9TI=
+
+Name: _locales/bn/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: dVoXHkj2UXzj4ctLQ7g2+cQu/o8=
+SHA256-Digest: hTaM5b35bOJhTSV38ajtBg58bV5TdC47xttlYiZM/aU=
+
+Name: _locales/br/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: ZW6ty00kj6yNkgcEnnvyQjjgrWg=
+SHA256-Digest: sTBK8ujpW+kR/M9mXe2ShZUChO9Ytu7gKVYQkaOwrZU=
+
+Name: _locales/bs/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: Vg2wDGtsbEZthKbRz9yUjj7Q8YA=
+SHA256-Digest: vQgF2n0ktL3LZ1rqMaiZvCxRRt41I6PLvVHRJYvHb8o=
+
+Name: _locales/ca/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: /COeM2de5nZc7h2xYUdMcQqMeJw=
+SHA256-Digest: otyh6c/nvuTuTZfmLv2FfYlbI6fkf9ibQ4zZYWll2Bk=
+
+Name: _locales/cmn/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: ofcr0jXThFpy+75hHp2/Q7a13Iw=
+SHA256-Digest: fzhILeKwf6EXocFvocLJMDTVFY7948hKtI6L6UG8GFU=
+
+Name: _locales/cs/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: PSPcBF4f2cciaztX/tDK489gG6w=
+SHA256-Digest: nhqVZbEdeQLOEfTuC4WQZqq4nVX6TLgsumEei+NDJjo=
+
+Name: _locales/cy/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: A9MVuoq+YeTB4AJ7qXIW2t/2reU=
+SHA256-Digest: MMpP51GLMadXFrMHt8O5C2q5x9ipotM+rbjBCSAIa0k=
+
+Name: _locales/da/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: 6EA7b3gcz67OK5/NhNpqiv8JsRw=
+SHA256-Digest: XvGrh0Pr/cIN0+h7dYRhsWrE2sbpvCGejLUk5g2cb+M=
+
+Name: _locales/de/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: 5DxSzfj3HAO19N93skW8074DacU=
+SHA256-Digest: 6RRsp8DV8g7u3majB5LXV/HNNz9wltPP3/drftJO+t0=
+
+Name: _locales/el/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: cDgo3bT3QsyvgW6sNV1v7VhD+c0=
+SHA256-Digest: oBZLruNBa+ryEI2AaAM1IuFsmVxF73+deXjq7P6lunM=
+
+Name: _locales/en/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: ofcr0jXThFpy+75hHp2/Q7a13Iw=
+SHA256-Digest: fzhILeKwf6EXocFvocLJMDTVFY7948hKtI6L6UG8GFU=
+
+Name: _locales/en_GB/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: ofcr0jXThFpy+75hHp2/Q7a13Iw=
+SHA256-Digest: fzhILeKwf6EXocFvocLJMDTVFY7948hKtI6L6UG8GFU=
+
+Name: _locales/en_US/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: ofcr0jXThFpy+75hHp2/Q7a13Iw=
+SHA256-Digest: fzhILeKwf6EXocFvocLJMDTVFY7948hKtI6L6UG8GFU=
+
+Name: _locales/eo/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: cTvPwrTLEg/CLQ7vP936VGhWMBA=
+SHA256-Digest: 6Tb3+j9lXyFMz+bKnJ+MnaIRIAaOIgFGgGFeLUWIHB0=
+
+Name: _locales/es/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: wdTXKRaKo3+lt2F/WAfhHECWQ0Q=
+SHA256-Digest: 6LOKxRvSfOFCftbixNJLi3ILtnXblwVUdYoxy0KkUKE=
+
+Name: _locales/es_AR/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: jNe5tt2sg9FYb/CklhOA/EfCNso=
+SHA256-Digest: ejlUkVhdh38l0SQqB2iuiCGTJgg/HnUZ6YB1BIowEUI=
+
+Name: _locales/es_MX/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: 8r5iYER0e+Z9xsXkisoWpgiV6wY=
+SHA256-Digest: nNkWHeZ9eKPmXKJTHyKHmuqMNO9w7KdMoCpNtykVJSo=
+
+Name: _locales/et/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: RuKFi2LDlh1aZ/sgjAQHk9Dr0aU=
+SHA256-Digest: kEGCDq7xq97+kttCcjDTrhV+IRBdvTdokVw5x4MjUrg=
+
+Name: _locales/eu/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: CfUVBO8uVqaEVg2rfNiEzhOOIxs=
+SHA256-Digest: U4RrQUCTj9jzxLMjadoUZlclwDWv7StaWVTd+VfnN2I=
+
+Name: _locales/fa/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: Zi0T7F3MTegvevGxycGERaO+y+k=
+SHA256-Digest: FppLjcJVwKmgWnEVG8DUj/OfX/mPJaRmMHYdzdQ4Qk4=
+
+Name: _locales/fi/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: Ijd1g6JcPeStcajdi2p49GxtL/s=
+SHA256-Digest: XtP/3kb3g9EEZXkGRsQh5oEGWm5XdCCVHsY4eBWi2Lo=
+
+Name: _locales/fr/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: 4Kl28lQ4AxcFKuI1qPanfKBIO1I=
+SHA256-Digest: JR6Ytgifw1eNfP5eEY9DW2+NyBy5t5m8jcfG1eElpos=
+
+Name: _locales/fr_FR/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: /siGONOTKZIcZRCh3Gjklyi6FpA=
+SHA256-Digest: JOAxkWbsFpRl+/JTJ9Ii5P0ixY1UOkuZHRAjMb86eWI=
+
+Name: _locales/fy/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: qYt2G1hP0Cs203jLvxdBLgv4MGQ=
+SHA256-Digest: cNu7cS359ufs/B5EXOMBJIvVbfB8V9sQpFxorgrRxxg=
+
+Name: _locales/ga/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: oNZb00MUZHcEuMm1CKosXijaWgw=
+SHA256-Digest: knCNuU+/o1k+pt0GMADpt3nuzqz17npT4Olsoj8EL7o=
+
+Name: _locales/gd/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: ofcr0jXThFpy+75hHp2/Q7a13Iw=
+SHA256-Digest: fzhILeKwf6EXocFvocLJMDTVFY7948hKtI6L6UG8GFU=
+
+Name: _locales/gl/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: WBkm2qWTCShjdj+kFKqzxnZIoFg=
+SHA256-Digest: Y3K9ZWg9+2pL1r34SJhQYu26Viki5wqVlJmLmVfhQdo=
+
+Name: _locales/gu/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: cxaffBOuU3Z+D/AJ6TQAXNFki3M=
+SHA256-Digest: pTrp2BlrTKilZg+sRGpeuYQVSrInYg7QtVBMrLANj4Q=
+
+Name: _locales/he/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: zshsgYzIwWg+jtvY4ingp8vw64c=
+SHA256-Digest: BxJrAMOZ4VuFbXDVimpAN0xMEQBNZZkrmFWnTAXibks=
+
+Name: _locales/hi/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: QRpvL2rosEDoTdx6BxxGGJpSVmo=
+SHA256-Digest: liYeP2q1gkXphKzxxJNsqTh7+T1gzKsee+6vReQMdhs=
+
+Name: _locales/hr/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: x/3lhb7z7CVqZZdn3midgSjn5tY=
+SHA256-Digest: HHx+VP0HB42dWTZ38cR004DWeQpFRgaF5TULrZkatwI=
+
+Name: _locales/hu/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: 4eKsxvmbG58FfD5yjfm4b3cr+g4=
+SHA256-Digest: i9dh17H4Ruxjb3oxA4GPRJvRPecXQf3U+qaBlGj2qps=
+
+Name: _locales/hy/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: QzXAZ5katx2Ye+1QFyFHLcMJROM=
+SHA256-Digest: HSYKniubHesccfXGMZYre5wJva2MRztMYAhMHMA2+Z4=
+
+Name: _locales/ia/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: Mm0o9mYuk3kCk5WbKuPCFU7zpqo=
+SHA256-Digest: 6ORLVTr02qalRUcK63Ir1GXjw/p+v6nrK9/zI66QL6o=
+
+Name: _locales/id/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: 9QctIupOryS8eWp04EJHAWNYj7c=
+SHA256-Digest: NfVmJxGSWj5onjEn4//gX5P8n3QnqBXXP5Z9Lf+578M=
+
+Name: _locales/is/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: /P9T+vTThdd7i1pmGcYD6nOkY44=
+SHA256-Digest: L1OQmFHZBhJHVvNqOh3610u1MS+SLQd9NHvYu2FkRVE=
+
+Name: _locales/it/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: QfqJFvpr/CghH/0gsO9h+sYKy1Y=
+SHA256-Digest: vtdELbvnbICfJVOrxFLjaJq656uK7EK2pTcecgf4dNc=
+
+Name: _locales/ja/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: 7zImT7HvkvCQpdObYY520peFtDs=
+SHA256-Digest: mjSxBaiB+SkXyspN3wi6aodH4rYgcp6da2exdiEcGU4=
+
+Name: _locales/ka/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: fHsD070Q4aHyxYhCNfQIYT3MKS0=
+SHA256-Digest: yeIbx8SP8Wa4kvXo6Lzx9wrRj1LynhWFd2nbPUqZEsk=
+
+Name: _locales/kab/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: ofcr0jXThFpy+75hHp2/Q7a13Iw=
+SHA256-Digest: fzhILeKwf6EXocFvocLJMDTVFY7948hKtI6L6UG8GFU=
+
+Name: _locales/kk/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: 8Sdjq0KMj4ANwq94weNnUQYtI+s=
+SHA256-Digest: bTKB9CkWNhqawbJDhs1/GX4/z4j0Vg4cx31zKw44f5Y=
+
+Name: _locales/km/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: w5qIgDP+885pZJMl8FyA2yGUt1A=
+SHA256-Digest: sjEA2JwKdlS1D1hQxKQedb9DYCwOSDhyxusv/cUTkvE=
+
+Name: _locales/kn/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: MdvnoS3SrWGvRWSyvuRqoWvRiWc=
+SHA256-Digest: TaiiWa/PbBrRxhqRBYvFWtGmyyy/ovdu/yhHq/w9jk4=
+
+Name: _locales/ko/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: GqRtNAUwxrLDluWtx2LqjXzg+50=
+SHA256-Digest: McBNqK4HaGAS0dEAMzOD8lrwecj6CFapkKhRgZpR2qU=
+
+Name: _locales/lt/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: cBHtxCIgs0M0vuawqYXF7qBAPZo=
+SHA256-Digest: RvNH3JOZbIBt6KKPOdP91hxzpQQLbYxJxWeg36ncftU=
+
+Name: _locales/lv/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: ljoDEg01zL32eJF/+OECLuPZkoY=
+SHA256-Digest: +pRZCbp3zfzTbM0UqTpiJd23dSymtKZxiZlqD9zNZEw=
+
+Name: _locales/mk/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: dHL1X/r5TNAy5AXujh48jmaBZMY=
+SHA256-Digest: Fs8OnAZZqmqEZHAoYINC1qjLdniDuxjboibfVPvcxek=
+
+Name: _locales/ml/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: yjvR4hUOwBfI4/NLchJglHMznUY=
+SHA256-Digest: /LzzQ1QQeGqOJGuwyf7hF1ynGzYojAJy8SjnfpqP8nU=
+
+Name: _locales/mr/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: VqbEpeDWqRRSDXueR7OXzV5Zi0c=
+SHA256-Digest: DXWyMnlhjkPGEZgaBzsqFEU88IvmcrerTATrEqY+fqY=
+
+Name: _locales/ms_MY/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: pNrnIUMZ1KSdavj7IpvgaXtMW1Y=
+SHA256-Digest: WjOfy4w9K1h+lN9Ld1JdzPwXrpU3TYqIpcQLVhzSsKM=
+
+Name: _locales/my/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: kPgWIxR2rynJkEykmF/T0clmLcU=
+SHA256-Digest: pVtnX3UxISFA90i1ivkuL01oGhoah2AqzAJosnkZMCw=
+
+Name: _locales/nb/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: xCCz+aU59J3pUBQrTu8Sookw3Xc=
+SHA256-Digest: aHFiDv13/G909I851CrVRUPMSAyxLABNIT5TkFPWolw=
+
+Name: _locales/ne/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: ofcr0jXThFpy+75hHp2/Q7a13Iw=
+SHA256-Digest: fzhILeKwf6EXocFvocLJMDTVFY7948hKtI6L6UG8GFU=
+
+Name: _locales/nl/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: uHnFt32GmeGIWlUhV2oc0YwDBoQ=
+SHA256-Digest: EPKDxQlVhuigsi6at+OnLBBaPbqbNuYdbHu3nEx6Lv8=
+
+Name: _locales/nl_BE/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: vpN/Tt8RJNjNrjzQhvaCLnu818Y=
+SHA256-Digest: UMIycHh4OpfT6XEX5IkOJbBhBEmykK3QzilVLqxXbas=
+
+Name: _locales/nn/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: /uRXmVZ2hcY4LDKBmhSwYPb+v9A=
+SHA256-Digest: /VRfKB4L2T8XMwAUR9UCXed+uPckbOsicnTGYCRT62U=
+
+Name: _locales/oc/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: LEIoVVmbjin2D0Bj5PimJENOmCQ=
+SHA256-Digest: smQMMM7KSF/9lT0ryK07dEWxGtf3tYjF58E/kOIlNKY=
+
+Name: _locales/or/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: Ps0uvWBAvc6crMC3f7ztPoWLYHI=
+SHA256-Digest: sX3swrX1p95cHWLBMrKDJ8mCOM/k+g3kR6+vKtjUlIY=
+
+Name: _locales/pa/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: +P2o0dGSh7jJUtVjUFU70dqtxiI=
+SHA256-Digest: sHFd6kvNEbfWPpbLyIutoZkkEm0A9yWhjdbsXZ5YH5s=
+
+Name: _locales/pl/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: w97eXym45Cju4UUq2hDgfYZEivM=
+SHA256-Digest: 8dpWSVyqOkrMcQs4Ub98uEHMtAkwdtuag9kfv31TnwY=
+
+Name: _locales/pt_BR/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: B9dLWSgVB9XeiQqqE9ceVH+KFqw=
+SHA256-Digest: bkAA6J0bp9u83YD/Cea1ggdTUpXBl47Pb/RAgW/QO9c=
+
+Name: _locales/pt_PT/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: MFTtI6bvZgIBNjfsrsEes5SZWWM=
+SHA256-Digest: 6Oe7CSTsLlbxPCEcuVYO5tqvl3/TLquitxYnh40167c=
+
+Name: _locales/ro/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: iZA4eB6bVN8w8JNfUaLiB04ZeEU=
+SHA256-Digest: esk4A/1PXdU5yjo/Y/f3zS1fzrVQUIhGPFyAS1eSw+k=
+
+Name: _locales/ro_RO/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: iCzvlQJKPogorBRk1ZaRc1PHSzk=
+SHA256-Digest: f6sPhnOcfaNWIONa4Ow+YtnAM3GXnWIG1WXDRHOtves=
+
+Name: _locales/ru/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: 7icD6gFZZYuaRFlZHpM3v4S4rbw=
+SHA256-Digest: PsIJMB4ploNqnBAmnqfFHDXH+zFdu4P6BNZMnIwT0ok=
+
+Name: _locales/si/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: KM47GTd9GQqAik45v3TwGKzhUqI=
+SHA256-Digest: 3PvBqbX4qA1rQB4l+mrxTb6mwA7ssWzrxjn1VJn5peA=
+
+Name: _locales/si_LK/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: /XRTG3mjOsamcRjwWbYUqmyS+jw=
+SHA256-Digest: XbC317Ovdr7RhMsUfhfXDV1yDh+4pz86mQMG1PFGLdY=
+
+Name: _locales/sk/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: 8g2uM/IilbLetxLlpS1+hm+gb2w=
+SHA256-Digest: bnqVDCFodbSbseUbLOrdCwprRMxbpCYHMvVbz/3KP/o=
+
+Name: _locales/sl/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: MdQaZFkibS04O78qFlB6kmwhF9c=
+SHA256-Digest: 9pLwtRZfEy2la4LfIgkbDR/M+nNotJAA5wzEgT+AfyI=
+
+Name: _locales/sl_SI/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: wFhFU0upAYqmmQI/nRnGEnqP30Y=
+SHA256-Digest: qx/D6APKUhcKmNWwCHD/baIjzMFQNTR4/Rt6LvOTQ4Q=
+
+Name: _locales/son/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: ofcr0jXThFpy+75hHp2/Q7a13Iw=
+SHA256-Digest: fzhILeKwf6EXocFvocLJMDTVFY7948hKtI6L6UG8GFU=
+
+Name: _locales/sq/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: 87nTmcsWpoEAsJTN4/ZFf+01I8A=
+SHA256-Digest: POGPrXKN5GuJ59k227ozXns25ogQdzOOgA3azEA1f94=
+
+Name: _locales/sr/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: zJI0kCSZIB/4rfhaGxg0aUGrbtQ=
+SHA256-Digest: tfKdrL6vsCYxRU/QeEvAZC58y6qDuEKkhNi17r1e/8o=
+
+Name: _locales/sv/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: UI6tx0CmaOkUsjASOmQvxNRkX+c=
+SHA256-Digest: WnBcBaT7T7yKHUvac2bn2q5alrsbfEiLOQUXPIQLurQ=
+
+Name: _locales/sw/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: JSf0a8gCwILGBI0T4d/FfWfIGDc=
+SHA256-Digest: Z+oQpHb/T+I2XZ+JVJZW1KMeAP6yK/x9Quts8n64AlQ=
+
+Name: _locales/ta/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: CW5Q8ok59gE/ZC8A4uPqW4cIfhI=
+SHA256-Digest: vOG/RBohVZklUTu6y6cjUWg5RyNIbwaB33kUr5Ko2PI=
+
+Name: _locales/te/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: N/QOkBiJYvqsksR5+NWuHA0/fxk=
+SHA256-Digest: jZC8UbVBsT2RvDZ1uebHtr76/oRaNdlmxLKWLnDaI3A=
+
+Name: _locales/templates/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: ofcr0jXThFpy+75hHp2/Q7a13Iw=
+SHA256-Digest: fzhILeKwf6EXocFvocLJMDTVFY7948hKtI6L6UG8GFU=
+
+Name: _locales/th/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: QaLDEcDBj6HdEh+eAhQ02DWS81c=
+SHA256-Digest: ucjQxKDoCEwzTat3hNNjtMRJ/u85+QK47Rw93C4J8Sk=
+
+Name: _locales/tr/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: MDXJjWJjdDGjeYfHHa2+LsPj2tM=
+SHA256-Digest: vdziBTOIPyWhvyfApPrN8jZMww3lePVgo4zDkwcv9og=
+
+Name: _locales/uk/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: TargN1mxonMdbvos0GBcCxU0+dI=
+SHA256-Digest: 6ZRhyVruPhNEb5UPYCrb/EFcy6ArHSNqxBy4KNEhq/c=
+
+Name: _locales/ur/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: kUEeTx9OeiESvvWjprUjqluEhZk=
+SHA256-Digest: ADAHAHlOUIGXLO2Aj5/it+lavjH4WkbjLV43yI6CO4s=
+
+Name: _locales/uz/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: bmGV4U+3LA14ZwC5RcRdN5RB+tk=
+SHA256-Digest: SPoiBWn8W+vyUJHKfocitJ5y6RjXedgta0HxflAFB9Y=
+
+Name: _locales/vi/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: GMY5uzc6vq9pP9hqFNGlOgVYZ8k=
+SHA256-Digest: OidbjDj9CBSxmM5oW3RagDo6ZNvA+5P9CGN8C0cbgms=
+
+Name: _locales/zh-Hant/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: NXT6rNViMHWrKSlecajyj80CeIg=
+SHA256-Digest: 3zXYNMBhIcIsuhQRzfIAFhV3GdeGZXgyc+h5bFXMZtk=
+
+Name: _locales/zh/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: Vu5rZrqGhcESvjluy4x3EcMPi4o=
+SHA256-Digest: karIDiNHSaijMuQkVkG71+StamzOq9ZeGiQhzwJjTAw=
+
+Name: _locales/zh_CN/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: HWK9jni02GGBk/XOVpL/R1rs0NI=
+SHA256-Digest: Hl+NW/IGzS73WJhUVgY9cPJvMyb0ZomG7k64dzoJ1wc=
+
+Name: _locales/zh_HK/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: oZ9Ht83pERBafXR1h2mucibzUUo=
+SHA256-Digest: Vq5s6nfmwfxvTVQlmjFCHCYlzvJanl+4I8J2h8F0hjs=
+
+Name: _locales/zh_TW/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: yfJJJg+Uan6mqiwEm4W0l5tT+nU=
+SHA256-Digest: Xj6MJjfhW3liYqF0UIY6flSaOxnNyr4Urgu2gffF99I=
+
+Name: background-scripts/background.js
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: GMCKwYZnhsRm4ExhG1q6wY+DQno=
+SHA256-Digest: D4ogTIq+ze3hPGkcxzkc2jFho2hACQn3iYc2oaw4egE=
+
+Name: background-scripts/bootstrap.js
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: TSwjfTzojZXN1Iul+mBttRl/MAg=
+SHA256-Digest: WcKbJ0zQK8948MJzbMTTCf807jEGH7Bj8k7CuWCx0aM=
+
+Name: background-scripts/incognito.js
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: JXSvrJhaxqSgUtXqlm0r21VqSlo=
+SHA256-Digest: AnGJOJ4CKWmdFZaWNzvm7NWZjbzCKkdawPc8RZCH4d0=
+
+Name: background-scripts/ip_utils.js
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: 8RyxTy1FNW0wvKPs+DqKNNZYvV0=
+SHA256-Digest: F9Ij1ZyfnpmmCM0W3+WXfaBO/rnUAFZtXc2N305Qod8=
+
+Name: background-scripts/rules.js
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: 2dd1eq7Y16RvpmADSFGYSFdRvNc=
+SHA256-Digest: 9Qw9Xoky6/2DvBn5nza/xBXbjaWkEBI9hPaaqAdQDqU=
+
+Name: background-scripts/store.js
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: IdAI+nj6uuahTeT28Xx1QJwLveM=
+SHA256-Digest: lyCBwe6g79MMTtU1xyGBiIJidhqUsW/9YUXX158t6z8=
+
+Name: background-scripts/update.js
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: Z/kkBlC2HeS/G5zlAbeiFwLpgIQ=
+SHA256-Digest: R1y7pQHEB8w7mNOn0zxEL20mys/8sOZxy5238BzhNoI=
+
+Name: background-scripts/update_channels.js
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: kA9YO0yjVOE6vw2mpWPePkWyt/I=
+SHA256-Digest: L966QoT5hiVg5mzQq9dACJ5o8OVsROxhNRd+LebsAQQ=
+
+Name: background-scripts/util.js
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: pjJWekzg0QW6/0qYNf1pISXO14s=
+SHA256-Digest: 1Cykm0yxo5EZs0+fZWtUPzHa38B6ZalDAOojqu5awgo=
+
+Name: background-scripts/wasm.js
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: 7pQTqvYA4el8WRX7FjQNUUcMUwg=
+SHA256-Digest: TMk4CQYN4lxkG/ZBq+wp4erwwo8knS0H5HHBCa7LW08=
+
+Name: background-scripts/modules/ssl_codes.js
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: t5DE+asvCaL1VaVhVXbJDQXQaHw=
+SHA256-Digest: hGKfRGrQWsXH8+9OfHcHM4I45d6DIIxClYqMSH1oBCA=
+
+Name: external/README.md
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: DgCQOA7tYbKkLcJ92flagYsm0nI=
+SHA256-Digest: So9vbyA/ExcM/wEms+bwz/YVVa2ayDCNnJ5sYJk40tk=
+
+Name: external/codemirror/codemirror-5.31.0.min.css
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: 6L9PQ9XeTmwE+7WJ29O7oelFX7Y=
+SHA256-Digest: fIaQYYF933S7mhBn4vqsgaawzXI4iELVCrvv83rZ5ic=
+
+Name: external/codemirror/codemirror-5.31.0.min.js
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: iJyQEWjgaJ3IVz2bsX+RSnjLzGw=
+SHA256-Digest: yTU67I79B7rqtdoOdsJHDDK/92GDEeGj4+93U41HPgE=
+
+Name: external/codemirror/codemirror-5.31.0.xml.min.js
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: DMaXXHyF/jzGu8wJN2a1yHxkNHU=
+SHA256-Digest: d+N19fPYNZkqDuOxqLM8MHSxTiGDF/j5WLdynJ2D8/k=
+
+Name: external/pako-1.0.5/pako_inflate.min.js
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: V7Fd/JcXF6Ar68Oa5X3/rO7giNs=
+SHA256-Digest: h8L84MNiYQCe/szpOr1i5Cge5x/8EsvaaTlcdG9vOnE=
+
+Name: images/HTTPS-Everywhere-Logo.png
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: E0ESMX+oJaAutg08/RPfpc3Ix5E=
+SHA256-Digest: PKyVOZS7bg8UVeQDG3npTYLKtnB5FgmmdfoW/NC02bQ=
+
+Name: images/banner-red.svg
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: ZnApE5t/iqGaVc0fdm7I0Rpvdsk=
+SHA256-Digest: obGxFfdgfzgg0jj59ThEpLQwowcJCioxsVS/+X7Mtvg=
+
+Name: images/eff-logo-monogram-red.png
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: 5sbYS58Ze3MdPgDNas/ZnFn128Q=
+SHA256-Digest: aPdsjK4CCl3M8HBgqCLA5vu5n+w9cCs75gs0j5x/0Ak=
+
+Name: images/remove.png
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: Pn9f97i3AIFlAMf420qZNzvA7DY=
+SHA256-Digest: 7TrWr2ZkK0faWgDYUz9WtV3voVjEwqjLq0ROGvkU6y0=
+
+Name: images/icons/icon-active-128.png
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: p71skXMtghXylXMvFLnYW/jPos0=
+SHA256-Digest: 1DbMnWBmqaIRzzkUyRpdRzxz8z1HtUGq6RzRKcINuEA=
+
+Name: images/icons/icon-active-38.png
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: EleX4C/tgOj+W71fueie7ZoXAAY=
+SHA256-Digest: YgkTENwvpAo6Bb9WsTrUr+CfKY+gsQfq6uPoGdMw6kI=
+
+Name: images/icons/icon-active-48.png
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: VVqz4q4/4awX6PXZhnQmGFkAiqc=
+SHA256-Digest: pfkIfbdzORmTjUTLb2SsmaLv4oafijkSttiU3lUcKmM=
+
+Name: images/icons/icon-blocking-38.png
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: IebllmIP/cUmB0piMroSEA7HnHc=
+SHA256-Digest: 9oP7jvbkH3KM4VG+kAnItkvsT00o9/KKHvhexTJHCD4=
+
+Name: images/icons/icon-disabled-38.png
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: PJqzR54BFgNofExLbYn8DMEyvzE=
+SHA256-Digest: 2PzhLQJedFJa+ZOnE/j8r+XELaoYAn5ptQCSyNbmDcE=
+
+Name: images/onboarding/httpseverywhere-logo.png
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: XYvqYHk+Ebepsvq4U3bo9rYMqQI=
+SHA256-Digest: 292a2wZxJ/ltXI+/9OdCzMX2YZnJDWMYUoVOOnU+sUs=
+
+Name: pages/base.css
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: Yk+MDy/I88Qd0VMzEBIbf0fBo0s=
+SHA256-Digest: D7uZfk1BrCzx3HFnEBtdaN0E6rC6pErEZAd1X85xgCo=
+
+Name: pages/main.css
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: UN8/2mEQ6JZ7MTJiWQN8f77AgP8=
+SHA256-Digest: QhiZj5JKVR1gPvtg6EaZxI735GiFeZglzuSkTJpZvpE=
+
+Name: pages/translation.js
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: QMAZVa3usW8vcXwN2WP4lvIQQxQ=
+SHA256-Digest: +qWz2YZH5C1UqzTixYwsS3185+wd+q8Dhlm5czDI54w=
+
+Name: pages/util.js
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: XzUESMiqZDZv/WRcv+j8f/R/7uw=
+SHA256-Digest: tSZjbu7zilv5pujsEyp/+6HCfr7iu+KfoXNiftpAKAY=
+
+Name: pages/cancel/index.html
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: h94rEtsYrj+TsIBk2x+UqRhOHDM=
+SHA256-Digest: Fgv98mLYPbIiOUi3HAw4YktUVkkt+7clLW2IgxTD9us=
+
+Name: pages/cancel/style.css
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: 0L/xbmBq8hCu58P61j4htTOA4Wk=
+SHA256-Digest: ejF/rMWvajSbZFxp0hRT6SzhobQ3aILcf5pN1BTOGEE=
+
+Name: pages/cancel/ux.js
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: UtFAiW+HLmKUFMV/v2hPR5haiAI=
+SHA256-Digest: i3Vc/dqv2XS12us9g1J5f6iMIZC0gI36g5N/FEKX1pw=
+
+Name: pages/debugging-rulesets/index.html
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: DuBJ5S+QY5nztsCAqOuTgKmu4no=
+SHA256-Digest: J4l9PsxyBqZKSYfqo5Zp80vXBJ7mqRVKNS2KoVU9F5o=
+
+Name: pages/debugging-rulesets/style.css
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: 1DuOcKAihj5zxJ0CIgam4iq8YXc=
+SHA256-Digest: 9H1UQpqT3UDDSt2ao6Zgr4iT5o/iQ62HolhTDqNHHCE=
+
+Name: pages/debugging-rulesets/ux.js
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: IyqmSEBIenfSG4Mk++ciVOvpQvI=
+SHA256-Digest: OVzkDGtCe3pg65opGnboDfrFsqFsLJxa5CQxBPA9gi0=
+
+Name: pages/options/index.html
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: cXwoesX+lTfZgizRwhLvV5iFNDQ=
+SHA256-Digest: OzLgxg/tYfU/fSAIHLxBZ/++9W6FgznEEGHflPJ9aq8=
+
+Name: pages/options/style.css
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: m7GC//67J6ErvL9Wp1FvAUMLk/8=
+SHA256-Digest: O5CikoWfyy2E2v3es6BJGltQ+OKfeD/uIYp9xsrqsF4=
+
+Name: pages/options/ux.js
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: bUAAi8jBxAk5YiNWqSyiXxkSPs4=
+SHA256-Digest: WzJSEmMXT7Qi7rKftAFtuD6oRK0bfaLtzqCvtgwJ+/c=
+
+Name: pages/popup/index.html
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: 5vBn8FGlSOjp7z4UozcN+hnm3iI=
+SHA256-Digest: JoShZlQiKjzRj2JxRHXHW4Df2LsKWf568UU/oKVePpQ=
+
+Name: pages/popup/style.css
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: aPvKt4RXG/BofewRf4CE4mBg1lg=
+SHA256-Digest: H6iKtXGZJ/o2chDo+KZtB8VNYdaadxE8+143tDhl3/U=
+
+Name: pages/popup/ux.js
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: 68pu62q/sp5slQO9MUxCOv+ofU0=
+SHA256-Digest: 6VKXwWx0rQ6KoTh0OQ4KpscxkgcW433VAazICjc3bCM=
+
+Name: rules/default.rulesets
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: hqWsDDcf2fp+r/dTBZqGw2eaqb0=
+SHA256-Digest: hnQbXIa2D+1lFh6i13HSkXQyYa/TxpKrPlx3QzgnnX0=
+
+Name: wasm/https_everywhere_lib_wasm.js
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: ELfS13+0aPyRX67301qNv6fm3pk=
+SHA256-Digest: 519ILW7r7LqFtGI6M22GuXDA6xYikE6EngbvlT9//Lw=
+
+Name: wasm/https_everywhere_lib_wasm_bg.wasm
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: SBxLOV763w4ke4LOL1574PW9hCs=
+SHA256-Digest: 7JqJ7u/5t5yGxh8p2+YCmgl+LeoRWQRlDJY9cLxWqA4=
+
diff --git a/src/META-INF/cose.sig b/src/META-INF/cose.sig
new file mode 100644
index 000000000000..c124769c1e40
Binary files /dev/null and b/src/META-INF/cose.sig differ
diff --git a/src/META-INF/manifest.mf b/src/META-INF/manifest.mf
new file mode 100644
index 000000000000..35f49ce809b8
--- /dev/null
+++ b/src/META-INF/manifest.mf
@@ -0,0 +1,742 @@
+Manifest-Version: 1.0
+
+Name: manifest.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: X0hd0tplhCo2R8s3OE27fLAZFD8=
+SHA256-Digest: iKk69TG3OJJNjjAJPTe72S+qXa4k/xL8yKmPzAGmaxg=
+
+Name: package.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: HQyF0Be9Z+C72YzyWk6LqTSCxkU=
+SHA256-Digest: 1v7I/u/oNho1Z8rtRLepk7VY9i0r8EktoXSvvy92SsE=
+
+Name: _locales/ace/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: ofcr0jXThFpy+75hHp2/Q7a13Iw=
+SHA256-Digest: fzhILeKwf6EXocFvocLJMDTVFY7948hKtI6L6UG8GFU=
+
+Name: _locales/ach/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: ofcr0jXThFpy+75hHp2/Q7a13Iw=
+SHA256-Digest: fzhILeKwf6EXocFvocLJMDTVFY7948hKtI6L6UG8GFU=
+
+Name: _locales/af/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: iOMFMT97+EoNCW6DRomntg8GSHk=
+SHA256-Digest: cw+OPqn11qIyL1P5cFnPmxrYTVKQ0oPX10+1KjXtNoc=
+
+Name: _locales/af_ZA/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: ofcr0jXThFpy+75hHp2/Q7a13Iw=
+SHA256-Digest: fzhILeKwf6EXocFvocLJMDTVFY7948hKtI6L6UG8GFU=
+
+Name: _locales/ar/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: pxQQhQSkkjd9EAlMdZmvk+qmXhg=
+SHA256-Digest: MORqa6PigyGRYrjsjuUVk80TAKErKzIZy9G5UnPV20U=
+
+Name: _locales/ar_EG/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: ofcr0jXThFpy+75hHp2/Q7a13Iw=
+SHA256-Digest: fzhILeKwf6EXocFvocLJMDTVFY7948hKtI6L6UG8GFU=
+
+Name: _locales/ast/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: VdPNPPiC8Ro2JsmoBFkdW3TAy2c=
+SHA256-Digest: 4zrpaArMxcBnUHIyLdenD/CDBXFXDgnSki4HzzEB0J8=
+
+Name: _locales/az/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: 3+BLldWYu7TK8cGkwWGVp8z0EUk=
+SHA256-Digest: hfU635JcDvcEJzmbg2zkxSrfMEe0SVNvq8U9wj1SvNg=
+
+Name: _locales/be/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: /7FQnv3lG2OqZFTdc3/fmuOznX8=
+SHA256-Digest: OrCo5OOtp9o91snpAQUrgUG1KbmJ7ScDZ3tncnnV2po=
+
+Name: _locales/bg/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: uvPzsM24ej+LdWMNASNfYE1+tBs=
+SHA256-Digest: Z0AMZvlkzgDfeSMbZQ+AdhZryI8kmsdpYpvOz8lM9TI=
+
+Name: _locales/bn/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: dVoXHkj2UXzj4ctLQ7g2+cQu/o8=
+SHA256-Digest: hTaM5b35bOJhTSV38ajtBg58bV5TdC47xttlYiZM/aU=
+
+Name: _locales/br/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: ZW6ty00kj6yNkgcEnnvyQjjgrWg=
+SHA256-Digest: sTBK8ujpW+kR/M9mXe2ShZUChO9Ytu7gKVYQkaOwrZU=
+
+Name: _locales/bs/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: Vg2wDGtsbEZthKbRz9yUjj7Q8YA=
+SHA256-Digest: vQgF2n0ktL3LZ1rqMaiZvCxRRt41I6PLvVHRJYvHb8o=
+
+Name: _locales/ca/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: /COeM2de5nZc7h2xYUdMcQqMeJw=
+SHA256-Digest: otyh6c/nvuTuTZfmLv2FfYlbI6fkf9ibQ4zZYWll2Bk=
+
+Name: _locales/cmn/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: ofcr0jXThFpy+75hHp2/Q7a13Iw=
+SHA256-Digest: fzhILeKwf6EXocFvocLJMDTVFY7948hKtI6L6UG8GFU=
+
+Name: _locales/cs/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: PSPcBF4f2cciaztX/tDK489gG6w=
+SHA256-Digest: nhqVZbEdeQLOEfTuC4WQZqq4nVX6TLgsumEei+NDJjo=
+
+Name: _locales/cy/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: A9MVuoq+YeTB4AJ7qXIW2t/2reU=
+SHA256-Digest: MMpP51GLMadXFrMHt8O5C2q5x9ipotM+rbjBCSAIa0k=
+
+Name: _locales/da/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: 6EA7b3gcz67OK5/NhNpqiv8JsRw=
+SHA256-Digest: XvGrh0Pr/cIN0+h7dYRhsWrE2sbpvCGejLUk5g2cb+M=
+
+Name: _locales/de/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: 5DxSzfj3HAO19N93skW8074DacU=
+SHA256-Digest: 6RRsp8DV8g7u3majB5LXV/HNNz9wltPP3/drftJO+t0=
+
+Name: _locales/el/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: cDgo3bT3QsyvgW6sNV1v7VhD+c0=
+SHA256-Digest: oBZLruNBa+ryEI2AaAM1IuFsmVxF73+deXjq7P6lunM=
+
+Name: _locales/en/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: ofcr0jXThFpy+75hHp2/Q7a13Iw=
+SHA256-Digest: fzhILeKwf6EXocFvocLJMDTVFY7948hKtI6L6UG8GFU=
+
+Name: _locales/en_GB/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: ofcr0jXThFpy+75hHp2/Q7a13Iw=
+SHA256-Digest: fzhILeKwf6EXocFvocLJMDTVFY7948hKtI6L6UG8GFU=
+
+Name: _locales/en_US/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: ofcr0jXThFpy+75hHp2/Q7a13Iw=
+SHA256-Digest: fzhILeKwf6EXocFvocLJMDTVFY7948hKtI6L6UG8GFU=
+
+Name: _locales/eo/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: cTvPwrTLEg/CLQ7vP936VGhWMBA=
+SHA256-Digest: 6Tb3+j9lXyFMz+bKnJ+MnaIRIAaOIgFGgGFeLUWIHB0=
+
+Name: _locales/es/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: wdTXKRaKo3+lt2F/WAfhHECWQ0Q=
+SHA256-Digest: 6LOKxRvSfOFCftbixNJLi3ILtnXblwVUdYoxy0KkUKE=
+
+Name: _locales/es_AR/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: jNe5tt2sg9FYb/CklhOA/EfCNso=
+SHA256-Digest: ejlUkVhdh38l0SQqB2iuiCGTJgg/HnUZ6YB1BIowEUI=
+
+Name: _locales/es_MX/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: 8r5iYER0e+Z9xsXkisoWpgiV6wY=
+SHA256-Digest: nNkWHeZ9eKPmXKJTHyKHmuqMNO9w7KdMoCpNtykVJSo=
+
+Name: _locales/et/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: RuKFi2LDlh1aZ/sgjAQHk9Dr0aU=
+SHA256-Digest: kEGCDq7xq97+kttCcjDTrhV+IRBdvTdokVw5x4MjUrg=
+
+Name: _locales/eu/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: CfUVBO8uVqaEVg2rfNiEzhOOIxs=
+SHA256-Digest: U4RrQUCTj9jzxLMjadoUZlclwDWv7StaWVTd+VfnN2I=
+
+Name: _locales/fa/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: Zi0T7F3MTegvevGxycGERaO+y+k=
+SHA256-Digest: FppLjcJVwKmgWnEVG8DUj/OfX/mPJaRmMHYdzdQ4Qk4=
+
+Name: _locales/fi/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: Ijd1g6JcPeStcajdi2p49GxtL/s=
+SHA256-Digest: XtP/3kb3g9EEZXkGRsQh5oEGWm5XdCCVHsY4eBWi2Lo=
+
+Name: _locales/fr/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: 4Kl28lQ4AxcFKuI1qPanfKBIO1I=
+SHA256-Digest: JR6Ytgifw1eNfP5eEY9DW2+NyBy5t5m8jcfG1eElpos=
+
+Name: _locales/fr_FR/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: /siGONOTKZIcZRCh3Gjklyi6FpA=
+SHA256-Digest: JOAxkWbsFpRl+/JTJ9Ii5P0ixY1UOkuZHRAjMb86eWI=
+
+Name: _locales/fy/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: qYt2G1hP0Cs203jLvxdBLgv4MGQ=
+SHA256-Digest: cNu7cS359ufs/B5EXOMBJIvVbfB8V9sQpFxorgrRxxg=
+
+Name: _locales/ga/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: oNZb00MUZHcEuMm1CKosXijaWgw=
+SHA256-Digest: knCNuU+/o1k+pt0GMADpt3nuzqz17npT4Olsoj8EL7o=
+
+Name: _locales/gd/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: ofcr0jXThFpy+75hHp2/Q7a13Iw=
+SHA256-Digest: fzhILeKwf6EXocFvocLJMDTVFY7948hKtI6L6UG8GFU=
+
+Name: _locales/gl/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: WBkm2qWTCShjdj+kFKqzxnZIoFg=
+SHA256-Digest: Y3K9ZWg9+2pL1r34SJhQYu26Viki5wqVlJmLmVfhQdo=
+
+Name: _locales/gu/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: cxaffBOuU3Z+D/AJ6TQAXNFki3M=
+SHA256-Digest: pTrp2BlrTKilZg+sRGpeuYQVSrInYg7QtVBMrLANj4Q=
+
+Name: _locales/he/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: zshsgYzIwWg+jtvY4ingp8vw64c=
+SHA256-Digest: BxJrAMOZ4VuFbXDVimpAN0xMEQBNZZkrmFWnTAXibks=
+
+Name: _locales/hi/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: QRpvL2rosEDoTdx6BxxGGJpSVmo=
+SHA256-Digest: liYeP2q1gkXphKzxxJNsqTh7+T1gzKsee+6vReQMdhs=
+
+Name: _locales/hr/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: x/3lhb7z7CVqZZdn3midgSjn5tY=
+SHA256-Digest: HHx+VP0HB42dWTZ38cR004DWeQpFRgaF5TULrZkatwI=
+
+Name: _locales/hu/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: 4eKsxvmbG58FfD5yjfm4b3cr+g4=
+SHA256-Digest: i9dh17H4Ruxjb3oxA4GPRJvRPecXQf3U+qaBlGj2qps=
+
+Name: _locales/hy/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: QzXAZ5katx2Ye+1QFyFHLcMJROM=
+SHA256-Digest: HSYKniubHesccfXGMZYre5wJva2MRztMYAhMHMA2+Z4=
+
+Name: _locales/ia/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: Mm0o9mYuk3kCk5WbKuPCFU7zpqo=
+SHA256-Digest: 6ORLVTr02qalRUcK63Ir1GXjw/p+v6nrK9/zI66QL6o=
+
+Name: _locales/id/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: 9QctIupOryS8eWp04EJHAWNYj7c=
+SHA256-Digest: NfVmJxGSWj5onjEn4//gX5P8n3QnqBXXP5Z9Lf+578M=
+
+Name: _locales/is/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: /P9T+vTThdd7i1pmGcYD6nOkY44=
+SHA256-Digest: L1OQmFHZBhJHVvNqOh3610u1MS+SLQd9NHvYu2FkRVE=
+
+Name: _locales/it/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: QfqJFvpr/CghH/0gsO9h+sYKy1Y=
+SHA256-Digest: vtdELbvnbICfJVOrxFLjaJq656uK7EK2pTcecgf4dNc=
+
+Name: _locales/ja/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: 7zImT7HvkvCQpdObYY520peFtDs=
+SHA256-Digest: mjSxBaiB+SkXyspN3wi6aodH4rYgcp6da2exdiEcGU4=
+
+Name: _locales/ka/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: fHsD070Q4aHyxYhCNfQIYT3MKS0=
+SHA256-Digest: yeIbx8SP8Wa4kvXo6Lzx9wrRj1LynhWFd2nbPUqZEsk=
+
+Name: _locales/kab/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: ofcr0jXThFpy+75hHp2/Q7a13Iw=
+SHA256-Digest: fzhILeKwf6EXocFvocLJMDTVFY7948hKtI6L6UG8GFU=
+
+Name: _locales/kk/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: 8Sdjq0KMj4ANwq94weNnUQYtI+s=
+SHA256-Digest: bTKB9CkWNhqawbJDhs1/GX4/z4j0Vg4cx31zKw44f5Y=
+
+Name: _locales/km/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: w5qIgDP+885pZJMl8FyA2yGUt1A=
+SHA256-Digest: sjEA2JwKdlS1D1hQxKQedb9DYCwOSDhyxusv/cUTkvE=
+
+Name: _locales/kn/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: MdvnoS3SrWGvRWSyvuRqoWvRiWc=
+SHA256-Digest: TaiiWa/PbBrRxhqRBYvFWtGmyyy/ovdu/yhHq/w9jk4=
+
+Name: _locales/ko/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: GqRtNAUwxrLDluWtx2LqjXzg+50=
+SHA256-Digest: McBNqK4HaGAS0dEAMzOD8lrwecj6CFapkKhRgZpR2qU=
+
+Name: _locales/lt/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: cBHtxCIgs0M0vuawqYXF7qBAPZo=
+SHA256-Digest: RvNH3JOZbIBt6KKPOdP91hxzpQQLbYxJxWeg36ncftU=
+
+Name: _locales/lv/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: ljoDEg01zL32eJF/+OECLuPZkoY=
+SHA256-Digest: +pRZCbp3zfzTbM0UqTpiJd23dSymtKZxiZlqD9zNZEw=
+
+Name: _locales/mk/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: dHL1X/r5TNAy5AXujh48jmaBZMY=
+SHA256-Digest: Fs8OnAZZqmqEZHAoYINC1qjLdniDuxjboibfVPvcxek=
+
+Name: _locales/ml/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: yjvR4hUOwBfI4/NLchJglHMznUY=
+SHA256-Digest: /LzzQ1QQeGqOJGuwyf7hF1ynGzYojAJy8SjnfpqP8nU=
+
+Name: _locales/mr/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: VqbEpeDWqRRSDXueR7OXzV5Zi0c=
+SHA256-Digest: DXWyMnlhjkPGEZgaBzsqFEU88IvmcrerTATrEqY+fqY=
+
+Name: _locales/ms_MY/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: pNrnIUMZ1KSdavj7IpvgaXtMW1Y=
+SHA256-Digest: WjOfy4w9K1h+lN9Ld1JdzPwXrpU3TYqIpcQLVhzSsKM=
+
+Name: _locales/my/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: kPgWIxR2rynJkEykmF/T0clmLcU=
+SHA256-Digest: pVtnX3UxISFA90i1ivkuL01oGhoah2AqzAJosnkZMCw=
+
+Name: _locales/nb/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: xCCz+aU59J3pUBQrTu8Sookw3Xc=
+SHA256-Digest: aHFiDv13/G909I851CrVRUPMSAyxLABNIT5TkFPWolw=
+
+Name: _locales/ne/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: ofcr0jXThFpy+75hHp2/Q7a13Iw=
+SHA256-Digest: fzhILeKwf6EXocFvocLJMDTVFY7948hKtI6L6UG8GFU=
+
+Name: _locales/nl/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: uHnFt32GmeGIWlUhV2oc0YwDBoQ=
+SHA256-Digest: EPKDxQlVhuigsi6at+OnLBBaPbqbNuYdbHu3nEx6Lv8=
+
+Name: _locales/nl_BE/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: vpN/Tt8RJNjNrjzQhvaCLnu818Y=
+SHA256-Digest: UMIycHh4OpfT6XEX5IkOJbBhBEmykK3QzilVLqxXbas=
+
+Name: _locales/nn/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: /uRXmVZ2hcY4LDKBmhSwYPb+v9A=
+SHA256-Digest: /VRfKB4L2T8XMwAUR9UCXed+uPckbOsicnTGYCRT62U=
+
+Name: _locales/oc/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: LEIoVVmbjin2D0Bj5PimJENOmCQ=
+SHA256-Digest: smQMMM7KSF/9lT0ryK07dEWxGtf3tYjF58E/kOIlNKY=
+
+Name: _locales/or/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: Ps0uvWBAvc6crMC3f7ztPoWLYHI=
+SHA256-Digest: sX3swrX1p95cHWLBMrKDJ8mCOM/k+g3kR6+vKtjUlIY=
+
+Name: _locales/pa/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: +P2o0dGSh7jJUtVjUFU70dqtxiI=
+SHA256-Digest: sHFd6kvNEbfWPpbLyIutoZkkEm0A9yWhjdbsXZ5YH5s=
+
+Name: _locales/pl/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: w97eXym45Cju4UUq2hDgfYZEivM=
+SHA256-Digest: 8dpWSVyqOkrMcQs4Ub98uEHMtAkwdtuag9kfv31TnwY=
+
+Name: _locales/pt_BR/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: B9dLWSgVB9XeiQqqE9ceVH+KFqw=
+SHA256-Digest: bkAA6J0bp9u83YD/Cea1ggdTUpXBl47Pb/RAgW/QO9c=
+
+Name: _locales/pt_PT/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: MFTtI6bvZgIBNjfsrsEes5SZWWM=
+SHA256-Digest: 6Oe7CSTsLlbxPCEcuVYO5tqvl3/TLquitxYnh40167c=
+
+Name: _locales/ro/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: iZA4eB6bVN8w8JNfUaLiB04ZeEU=
+SHA256-Digest: esk4A/1PXdU5yjo/Y/f3zS1fzrVQUIhGPFyAS1eSw+k=
+
+Name: _locales/ro_RO/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: iCzvlQJKPogorBRk1ZaRc1PHSzk=
+SHA256-Digest: f6sPhnOcfaNWIONa4Ow+YtnAM3GXnWIG1WXDRHOtves=
+
+Name: _locales/ru/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: 7icD6gFZZYuaRFlZHpM3v4S4rbw=
+SHA256-Digest: PsIJMB4ploNqnBAmnqfFHDXH+zFdu4P6BNZMnIwT0ok=
+
+Name: _locales/si/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: KM47GTd9GQqAik45v3TwGKzhUqI=
+SHA256-Digest: 3PvBqbX4qA1rQB4l+mrxTb6mwA7ssWzrxjn1VJn5peA=
+
+Name: _locales/si_LK/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: /XRTG3mjOsamcRjwWbYUqmyS+jw=
+SHA256-Digest: XbC317Ovdr7RhMsUfhfXDV1yDh+4pz86mQMG1PFGLdY=
+
+Name: _locales/sk/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: 8g2uM/IilbLetxLlpS1+hm+gb2w=
+SHA256-Digest: bnqVDCFodbSbseUbLOrdCwprRMxbpCYHMvVbz/3KP/o=
+
+Name: _locales/sl/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: MdQaZFkibS04O78qFlB6kmwhF9c=
+SHA256-Digest: 9pLwtRZfEy2la4LfIgkbDR/M+nNotJAA5wzEgT+AfyI=
+
+Name: _locales/sl_SI/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: wFhFU0upAYqmmQI/nRnGEnqP30Y=
+SHA256-Digest: qx/D6APKUhcKmNWwCHD/baIjzMFQNTR4/Rt6LvOTQ4Q=
+
+Name: _locales/son/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: ofcr0jXThFpy+75hHp2/Q7a13Iw=
+SHA256-Digest: fzhILeKwf6EXocFvocLJMDTVFY7948hKtI6L6UG8GFU=
+
+Name: _locales/sq/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: 87nTmcsWpoEAsJTN4/ZFf+01I8A=
+SHA256-Digest: POGPrXKN5GuJ59k227ozXns25ogQdzOOgA3azEA1f94=
+
+Name: _locales/sr/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: zJI0kCSZIB/4rfhaGxg0aUGrbtQ=
+SHA256-Digest: tfKdrL6vsCYxRU/QeEvAZC58y6qDuEKkhNi17r1e/8o=
+
+Name: _locales/sv/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: UI6tx0CmaOkUsjASOmQvxNRkX+c=
+SHA256-Digest: WnBcBaT7T7yKHUvac2bn2q5alrsbfEiLOQUXPIQLurQ=
+
+Name: _locales/sw/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: JSf0a8gCwILGBI0T4d/FfWfIGDc=
+SHA256-Digest: Z+oQpHb/T+I2XZ+JVJZW1KMeAP6yK/x9Quts8n64AlQ=
+
+Name: _locales/ta/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: CW5Q8ok59gE/ZC8A4uPqW4cIfhI=
+SHA256-Digest: vOG/RBohVZklUTu6y6cjUWg5RyNIbwaB33kUr5Ko2PI=
+
+Name: _locales/te/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: N/QOkBiJYvqsksR5+NWuHA0/fxk=
+SHA256-Digest: jZC8UbVBsT2RvDZ1uebHtr76/oRaNdlmxLKWLnDaI3A=
+
+Name: _locales/templates/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: ofcr0jXThFpy+75hHp2/Q7a13Iw=
+SHA256-Digest: fzhILeKwf6EXocFvocLJMDTVFY7948hKtI6L6UG8GFU=
+
+Name: _locales/th/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: QaLDEcDBj6HdEh+eAhQ02DWS81c=
+SHA256-Digest: ucjQxKDoCEwzTat3hNNjtMRJ/u85+QK47Rw93C4J8Sk=
+
+Name: _locales/tr/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: MDXJjWJjdDGjeYfHHa2+LsPj2tM=
+SHA256-Digest: vdziBTOIPyWhvyfApPrN8jZMww3lePVgo4zDkwcv9og=
+
+Name: _locales/uk/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: TargN1mxonMdbvos0GBcCxU0+dI=
+SHA256-Digest: 6ZRhyVruPhNEb5UPYCrb/EFcy6ArHSNqxBy4KNEhq/c=
+
+Name: _locales/ur/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: kUEeTx9OeiESvvWjprUjqluEhZk=
+SHA256-Digest: ADAHAHlOUIGXLO2Aj5/it+lavjH4WkbjLV43yI6CO4s=
+
+Name: _locales/uz/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: bmGV4U+3LA14ZwC5RcRdN5RB+tk=
+SHA256-Digest: SPoiBWn8W+vyUJHKfocitJ5y6RjXedgta0HxflAFB9Y=
+
+Name: _locales/vi/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: GMY5uzc6vq9pP9hqFNGlOgVYZ8k=
+SHA256-Digest: OidbjDj9CBSxmM5oW3RagDo6ZNvA+5P9CGN8C0cbgms=
+
+Name: _locales/zh-Hant/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: NXT6rNViMHWrKSlecajyj80CeIg=
+SHA256-Digest: 3zXYNMBhIcIsuhQRzfIAFhV3GdeGZXgyc+h5bFXMZtk=
+
+Name: _locales/zh/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: Vu5rZrqGhcESvjluy4x3EcMPi4o=
+SHA256-Digest: karIDiNHSaijMuQkVkG71+StamzOq9ZeGiQhzwJjTAw=
+
+Name: _locales/zh_CN/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: HWK9jni02GGBk/XOVpL/R1rs0NI=
+SHA256-Digest: Hl+NW/IGzS73WJhUVgY9cPJvMyb0ZomG7k64dzoJ1wc=
+
+Name: _locales/zh_HK/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: oZ9Ht83pERBafXR1h2mucibzUUo=
+SHA256-Digest: Vq5s6nfmwfxvTVQlmjFCHCYlzvJanl+4I8J2h8F0hjs=
+
+Name: _locales/zh_TW/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: yfJJJg+Uan6mqiwEm4W0l5tT+nU=
+SHA256-Digest: Xj6MJjfhW3liYqF0UIY6flSaOxnNyr4Urgu2gffF99I=
+
+Name: background-scripts/background.js
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: GMCKwYZnhsRm4ExhG1q6wY+DQno=
+SHA256-Digest: D4ogTIq+ze3hPGkcxzkc2jFho2hACQn3iYc2oaw4egE=
+
+Name: background-scripts/bootstrap.js
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: TSwjfTzojZXN1Iul+mBttRl/MAg=
+SHA256-Digest: WcKbJ0zQK8948MJzbMTTCf807jEGH7Bj8k7CuWCx0aM=
+
+Name: background-scripts/incognito.js
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: JXSvrJhaxqSgUtXqlm0r21VqSlo=
+SHA256-Digest: AnGJOJ4CKWmdFZaWNzvm7NWZjbzCKkdawPc8RZCH4d0=
+
+Name: background-scripts/ip_utils.js
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: 8RyxTy1FNW0wvKPs+DqKNNZYvV0=
+SHA256-Digest: F9Ij1ZyfnpmmCM0W3+WXfaBO/rnUAFZtXc2N305Qod8=
+
+Name: background-scripts/rules.js
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: 2dd1eq7Y16RvpmADSFGYSFdRvNc=
+SHA256-Digest: 9Qw9Xoky6/2DvBn5nza/xBXbjaWkEBI9hPaaqAdQDqU=
+
+Name: background-scripts/store.js
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: IdAI+nj6uuahTeT28Xx1QJwLveM=
+SHA256-Digest: lyCBwe6g79MMTtU1xyGBiIJidhqUsW/9YUXX158t6z8=
+
+Name: background-scripts/update.js
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: Z/kkBlC2HeS/G5zlAbeiFwLpgIQ=
+SHA256-Digest: R1y7pQHEB8w7mNOn0zxEL20mys/8sOZxy5238BzhNoI=
+
+Name: background-scripts/update_channels.js
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: kA9YO0yjVOE6vw2mpWPePkWyt/I=
+SHA256-Digest: L966QoT5hiVg5mzQq9dACJ5o8OVsROxhNRd+LebsAQQ=
+
+Name: background-scripts/util.js
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: pjJWekzg0QW6/0qYNf1pISXO14s=
+SHA256-Digest: 1Cykm0yxo5EZs0+fZWtUPzHa38B6ZalDAOojqu5awgo=
+
+Name: background-scripts/wasm.js
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: 7pQTqvYA4el8WRX7FjQNUUcMUwg=
+SHA256-Digest: TMk4CQYN4lxkG/ZBq+wp4erwwo8knS0H5HHBCa7LW08=
+
+Name: background-scripts/modules/ssl_codes.js
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: t5DE+asvCaL1VaVhVXbJDQXQaHw=
+SHA256-Digest: hGKfRGrQWsXH8+9OfHcHM4I45d6DIIxClYqMSH1oBCA=
+
+Name: external/README.md
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: DgCQOA7tYbKkLcJ92flagYsm0nI=
+SHA256-Digest: So9vbyA/ExcM/wEms+bwz/YVVa2ayDCNnJ5sYJk40tk=
+
+Name: external/codemirror/codemirror-5.31.0.min.css
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: 6L9PQ9XeTmwE+7WJ29O7oelFX7Y=
+SHA256-Digest: fIaQYYF933S7mhBn4vqsgaawzXI4iELVCrvv83rZ5ic=
+
+Name: external/codemirror/codemirror-5.31.0.min.js
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: iJyQEWjgaJ3IVz2bsX+RSnjLzGw=
+SHA256-Digest: yTU67I79B7rqtdoOdsJHDDK/92GDEeGj4+93U41HPgE=
+
+Name: external/codemirror/codemirror-5.31.0.xml.min.js
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: DMaXXHyF/jzGu8wJN2a1yHxkNHU=
+SHA256-Digest: d+N19fPYNZkqDuOxqLM8MHSxTiGDF/j5WLdynJ2D8/k=
+
+Name: external/pako-1.0.5/pako_inflate.min.js
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: V7Fd/JcXF6Ar68Oa5X3/rO7giNs=
+SHA256-Digest: h8L84MNiYQCe/szpOr1i5Cge5x/8EsvaaTlcdG9vOnE=
+
+Name: images/HTTPS-Everywhere-Logo.png
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: E0ESMX+oJaAutg08/RPfpc3Ix5E=
+SHA256-Digest: PKyVOZS7bg8UVeQDG3npTYLKtnB5FgmmdfoW/NC02bQ=
+
+Name: images/banner-red.svg
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: ZnApE5t/iqGaVc0fdm7I0Rpvdsk=
+SHA256-Digest: obGxFfdgfzgg0jj59ThEpLQwowcJCioxsVS/+X7Mtvg=
+
+Name: images/eff-logo-monogram-red.png
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: 5sbYS58Ze3MdPgDNas/ZnFn128Q=
+SHA256-Digest: aPdsjK4CCl3M8HBgqCLA5vu5n+w9cCs75gs0j5x/0Ak=
+
+Name: images/remove.png
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: Pn9f97i3AIFlAMf420qZNzvA7DY=
+SHA256-Digest: 7TrWr2ZkK0faWgDYUz9WtV3voVjEwqjLq0ROGvkU6y0=
+
+Name: images/icons/icon-active-128.png
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: p71skXMtghXylXMvFLnYW/jPos0=
+SHA256-Digest: 1DbMnWBmqaIRzzkUyRpdRzxz8z1HtUGq6RzRKcINuEA=
+
+Name: images/icons/icon-active-38.png
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: EleX4C/tgOj+W71fueie7ZoXAAY=
+SHA256-Digest: YgkTENwvpAo6Bb9WsTrUr+CfKY+gsQfq6uPoGdMw6kI=
+
+Name: images/icons/icon-active-48.png
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: VVqz4q4/4awX6PXZhnQmGFkAiqc=
+SHA256-Digest: pfkIfbdzORmTjUTLb2SsmaLv4oafijkSttiU3lUcKmM=
+
+Name: images/icons/icon-blocking-38.png
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: IebllmIP/cUmB0piMroSEA7HnHc=
+SHA256-Digest: 9oP7jvbkH3KM4VG+kAnItkvsT00o9/KKHvhexTJHCD4=
+
+Name: images/icons/icon-disabled-38.png
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: PJqzR54BFgNofExLbYn8DMEyvzE=
+SHA256-Digest: 2PzhLQJedFJa+ZOnE/j8r+XELaoYAn5ptQCSyNbmDcE=
+
+Name: images/onboarding/httpseverywhere-logo.png
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: XYvqYHk+Ebepsvq4U3bo9rYMqQI=
+SHA256-Digest: 292a2wZxJ/ltXI+/9OdCzMX2YZnJDWMYUoVOOnU+sUs=
+
+Name: pages/base.css
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: Yk+MDy/I88Qd0VMzEBIbf0fBo0s=
+SHA256-Digest: D7uZfk1BrCzx3HFnEBtdaN0E6rC6pErEZAd1X85xgCo=
+
+Name: pages/main.css
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: UN8/2mEQ6JZ7MTJiWQN8f77AgP8=
+SHA256-Digest: QhiZj5JKVR1gPvtg6EaZxI735GiFeZglzuSkTJpZvpE=
+
+Name: pages/translation.js
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: QMAZVa3usW8vcXwN2WP4lvIQQxQ=
+SHA256-Digest: +qWz2YZH5C1UqzTixYwsS3185+wd+q8Dhlm5czDI54w=
+
+Name: pages/util.js
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: XzUESMiqZDZv/WRcv+j8f/R/7uw=
+SHA256-Digest: tSZjbu7zilv5pujsEyp/+6HCfr7iu+KfoXNiftpAKAY=
+
+Name: pages/cancel/index.html
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: h94rEtsYrj+TsIBk2x+UqRhOHDM=
+SHA256-Digest: Fgv98mLYPbIiOUi3HAw4YktUVkkt+7clLW2IgxTD9us=
+
+Name: pages/cancel/style.css
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: 0L/xbmBq8hCu58P61j4htTOA4Wk=
+SHA256-Digest: ejF/rMWvajSbZFxp0hRT6SzhobQ3aILcf5pN1BTOGEE=
+
+Name: pages/cancel/ux.js
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: UtFAiW+HLmKUFMV/v2hPR5haiAI=
+SHA256-Digest: i3Vc/dqv2XS12us9g1J5f6iMIZC0gI36g5N/FEKX1pw=
+
+Name: pages/debugging-rulesets/index.html
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: DuBJ5S+QY5nztsCAqOuTgKmu4no=
+SHA256-Digest: J4l9PsxyBqZKSYfqo5Zp80vXBJ7mqRVKNS2KoVU9F5o=
+
+Name: pages/debugging-rulesets/style.css
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: 1DuOcKAihj5zxJ0CIgam4iq8YXc=
+SHA256-Digest: 9H1UQpqT3UDDSt2ao6Zgr4iT5o/iQ62HolhTDqNHHCE=
+
+Name: pages/debugging-rulesets/ux.js
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: IyqmSEBIenfSG4Mk++ciVOvpQvI=
+SHA256-Digest: OVzkDGtCe3pg65opGnboDfrFsqFsLJxa5CQxBPA9gi0=
+
+Name: pages/options/index.html
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: cXwoesX+lTfZgizRwhLvV5iFNDQ=
+SHA256-Digest: OzLgxg/tYfU/fSAIHLxBZ/++9W6FgznEEGHflPJ9aq8=
+
+Name: pages/options/style.css
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: m7GC//67J6ErvL9Wp1FvAUMLk/8=
+SHA256-Digest: O5CikoWfyy2E2v3es6BJGltQ+OKfeD/uIYp9xsrqsF4=
+
+Name: pages/options/ux.js
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: bUAAi8jBxAk5YiNWqSyiXxkSPs4=
+SHA256-Digest: WzJSEmMXT7Qi7rKftAFtuD6oRK0bfaLtzqCvtgwJ+/c=
+
+Name: pages/popup/index.html
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: 5vBn8FGlSOjp7z4UozcN+hnm3iI=
+SHA256-Digest: JoShZlQiKjzRj2JxRHXHW4Df2LsKWf568UU/oKVePpQ=
+
+Name: pages/popup/style.css
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: aPvKt4RXG/BofewRf4CE4mBg1lg=
+SHA256-Digest: H6iKtXGZJ/o2chDo+KZtB8VNYdaadxE8+143tDhl3/U=
+
+Name: pages/popup/ux.js
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: 68pu62q/sp5slQO9MUxCOv+ofU0=
+SHA256-Digest: 6VKXwWx0rQ6KoTh0OQ4KpscxkgcW433VAazICjc3bCM=
+
+Name: rules/default.rulesets
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: hqWsDDcf2fp+r/dTBZqGw2eaqb0=
+SHA256-Digest: hnQbXIa2D+1lFh6i13HSkXQyYa/TxpKrPlx3QzgnnX0=
+
+Name: wasm/https_everywhere_lib_wasm.js
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: ELfS13+0aPyRX67301qNv6fm3pk=
+SHA256-Digest: 519ILW7r7LqFtGI6M22GuXDA6xYikE6EngbvlT9//Lw=
+
+Name: wasm/https_everywhere_lib_wasm_bg.wasm
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: SBxLOV763w4ke4LOL1574PW9hCs=
+SHA256-Digest: 7JqJ7u/5t5yGxh8p2+YCmgl+LeoRWQRlDJY9cLxWqA4=
+
+Name: META-INF/cose.manifest
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: +bvUG+miP05322u9llsWujjkaHA=
+SHA256-Digest: 0Rlv88HrG62MD20B3q/kRBPi9i8RxxgbxR5fKNHkV+Q=
+
+Name: META-INF/cose.sig
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: AusKfF2Hd6KpGJFyy+AgY3k6fvA=
+SHA256-Digest: fk2cPQJETV0QGzKdhH6cQytV8e2iU8Y7jIZoDBzOT7U=
+
diff --git a/src/META-INF/mozilla.rsa b/src/META-INF/mozilla.rsa
new file mode 100644
index 000000000000..d9e0388cc60c
Binary files /dev/null and b/src/META-INF/mozilla.rsa differ
diff --git a/src/META-INF/mozilla.sf b/src/META-INF/mozilla.sf
new file mode 100644
index 000000000000..98f503350eae
--- /dev/null
+++ b/src/META-INF/mozilla.sf
@@ -0,0 +1,4 @@
+Signature-Version: 1.0
+SHA1-Digest-Manifest: L31wgRQGJBOG3iJjSeLF4dXsod8=
+SHA256-Digest-Manifest: S3HRAq2xWZ+ssLk+lltuxaJGsOPVGY0M8JJuWG6J2us=
+
diff --git a/src/chrome.manifest b/src/chrome.manifest
deleted file mode 100644
index 50892c20a9d6..000000000000
--- a/src/chrome.manifest
+++ /dev/null
@@ -1,52 +0,0 @@
-content https-everywhere chrome/content/
-
-locale https-everywhere en chrome/locale/en/
-locale https-everywhere lt chrome/locale/lt/
-locale https-everywhere lv chrome/locale/lv/
-locale https-everywhere pt chrome/locale/pt/
-locale https-everywhere sv chrome/locale/sv/
-locale https-everywhere de chrome/locale/de/
-locale https-everywhere ru chrome/locale/ru/
-locale https-everywhere zh-CN chrome/locale/zh-CN/
-locale https-everywhere zh-TW chrome/locale/zh-TW/
-locale https-everywhere es chrome/locale/es/
-locale https-everywhere nl chrome/locale/nl/
-locale https-everywhere ar chrome/locale/ar/
-locale https-everywhere fa chrome/locale/fa/
-locale https-everywhere eu chrome/locale/eu/
-locale https-everywhere fr chrome/locale/fr/
-locale https-everywhere pl chrome/locale/pl/
-locale https-everywhere sk chrome/locale/sk/
-locale https-everywhere ms chrome/locale/ms/
-locale https-everywhere da chrome/locale/da/
-locale https-everywhere el chrome/locale/el/
-locale https-everywhere hu chrome/locale/hu/
-locale https-everywhere it chrome/locale/it/
-locale https-everywhere tr chrome/locale/tr/
-locale https-everywhere ko chrome/locale/ko/
-locale https-everywhere cs chrome/locale/cs/
-locale https-everywhere hr chrome/locale/hr/
-locale https-everywhere he chrome/locale/he/
-locale https-everywhere fi chrome/locale/fi/
-locale https-everywhere nb chrome/locale/nb/
-locale https-everywhere sl chrome/locale/sl/
-locale https-everywhere bg chrome/locale/bg/
-locale https-everywhere ja chrome/locale/ja/
-locale https-everywhere si chrome/locale/si/
-
-skin https-everywhere classic/1.0 chrome/skin/
-
-component {32c165b4-fe5e-4964-9250-603c410631b4} components/https-everywhere.js
-contract @eff.org/https-everywhere;1 {32c165b4-fe5e-4964-9250-603c410631b4}
-
-category profile-after-change HTTPSEverywhere @eff.org/https-everywhere;1
-category content-policy HTTPSEverywhere @eff.org/https-everywhere;1
-
-overlay chrome://browser/content/browser.xul chrome://https-everywhere/content/toolbar_button.xul
-overlay chrome://navigator/content/navigator.xul chrome://https-everywhere/content/toolbar_button.xul
-
-style chrome://global/content/customizeToolbar.xul chrome://https-everywhere/skin/https-everywhere.css
-component {0f9ab521-986d-4ad8-9c1f-6934e195c15c} components/ssl-observatory.js
-contract @eff.org/ssl-observatory;1 {0f9ab521-986d-4ad8-9c1f-6934e195c15c}
-
-category profile-after-change SSLObservatory @eff.org/ssl-observatory;1
diff --git a/src/chrome/content/about.xul b/src/chrome/content/about.xul
deleted file mode 100644
index 304071b96b9a..000000000000
--- a/src/chrome/content/about.xul
+++ /dev/null
@@ -1,72 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<?xml-stylesheet href="chrome://global/skin/" type="text/css"?>
-<?xml-stylesheet href="chrome://https-everywhere/content/preferences.css" type="text/css"?>
-
-<!DOCTYPE overlay SYSTEM "chrome://https-everywhere/locale/https-everywhere.dtd">
-
-<dialog id="https-everywhere-about"
-  xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"
-  xmlns:html="http://www.w3.org/1999/xhtml"
-  buttons="accept"
-  title="&https-everywhere.about.title;"
-  width="640"
-  height="480"
-  align="center">
-
-  <script type="application/x-javascript" 
-           src="chrome://https-everywhere/content/preferences.js"/>
-  <vbox style="overflow:auto" flex="1">
-    <label style="text-align:center; font-weight:bold; font-size:22px;">&https-everywhere.about.ext_name;</label>
-    <label style="text-align:center; font-size:18px; margin-bottom:10px;">&https-everywhere.about.ext_description;</label>
-
-    <groupbox>
-      <caption label="&https-everywhere.about.version;" />
-      <label>4.0development.15</label>
-    </groupbox>
-    
-    <groupbox>
-      <caption label="&https-everywhere.about.created_by;" />
-      <label>Mike Perry and Peter Eckersley</label>
-    </groupbox>
-    
-    <groupbox>
-      <caption label="&https-everywhere.about.librarians;" />
-      <label>Seth Schoen, MB and Andreas Jonsson</label>
-    </groupbox>
-
-    <groupbox>
-      <caption label="&https-everywhere.about.thanks;" />
-      <label>Many many contributors, including Aaron Swartz, Alec Moskvin,
-      Aleksey Kosterin, Alex Xu, Anas Qtiesh, Artyom Gavrichenkov, Brian
-      Carpenter, Chris Palmer, Christian Inci, Christopher Liu, Claudio
-      Moretti, Colonel Graff, Dan Auerbach, Daniel Kahn Gillmor, dm0, The
-      Doctor, Felix Geyer, Fruitless Creek, George Kargiotakis, haviah, Heiko
-      Adams, Jeroen van der Gun, Jay Weisskopf, Jacob Taylor, Jonathan Davies, Jorge Bernal,
-      katmagic, Kevin Jacobs, Korte, Liam K, Leonardo Brondani Schenkel, Marti Raudsepp, Micah Lee, Mike
-      Cardwell, Mangix, Matthias-Christian Ott, Mikko Harhanen, Mishari Muqbil, Neheb, Ori Avtalion, Osama Khalid,
-      nitrox, Pablo Castellano, Paul Wise, Pavel Kazakov, Phol Paucar, Richard
-      Green, Roan Kattouw, Rules Moore, Stefan Tomanek, Sam Reed, Steve
-      Milner, Sujit Rao, TK-999, Vendo, Victor Garin, Weiland Hoffmann, Whizz
-      Mo and Yan Zhu.  Also, portions of HTTPS Everywhere are based on code
-      from NoScript, by Giorgio Maone and others.  We are grateful for their
-      excellent work!</label>
-    </groupbox>
-
-    <label style="font-weight:bold; margin-top:10px;">
-      &https-everywhere.about.contribute;
-      <label id="donate link"
-        value="&https-everywhere.about.donate_tor;"
-        style="color: blue; cursor:hand; text-decoration:underline; font-style:bold"
-        onmouseover="event.target.style.cursor='pointer'"
-        onmouseout="event.target.style.cursor='default'"
-        onclick="window_opener('https://www.torproject.org/donate/donate.html.en')"/>
-      or
-      <label id="donate link2"
-        value="&https-everywhere.about.donate_eff;"
-        style="color: blue; cursor:hand; text-decoration:underline; font-style:bold"
-        onmouseover="event.target.style.cursor='pointer'"
-        onmouseout="event.target.style.cursor='default'"
-        onclick="window_opener('https://www.eff.org/donate')"/>
-    </label>
-  </vbox>
-</dialog>
diff --git a/src/chrome/content/code/ApplicableList.js b/src/chrome/content/code/ApplicableList.js
deleted file mode 100644
index 6949167f6aa8..000000000000
--- a/src/chrome/content/code/ApplicableList.js
+++ /dev/null
@@ -1,266 +0,0 @@
-// An ApplicableList is a structure used to keep track of which rulesets
-// were applied, and which ones weren't but might have been, to the contents
-// of a given page (top level nsIDOMWindow)
-
-serial_number = 0;
-
-function ApplicableList(logger, doc, domWin) {
-  this.domWin = domWin;
-  this.uri = doc.baseURIObject.clone();
-  if (!this.uri) {
-    this.log(WARN,"NULL CLONING URI " + doc);
-    if (doc) 
-      this.log(WARN,"NULL CLONING URI " + doc.baseURIObject);
-    if (doc.baseURIObject) 
-      this.log(WARN,"NULL CLONING URI " + doc.baseURIObject.spec);
-  }
-  this.home = doc.baseURIObject.spec; // what doc we're housekeeping for
-  this.log = logger;
-  this.active = {};
-  this.breaking = {}; // rulesets with redirection loops
-  this.inactive = {};
-  this.moot={};  // rulesets that might be applicable but uris are already https
-  this.all={};  // active + breaking + inactive + moot
-  serial_number += 1;
-  this.serial = serial_number;
-  this.log(DBUG,"Alist serial #" + this.serial + " for " + this.home);
-}
-
-ApplicableList.prototype = {
-
-  empty: function() {
-    // Empty everything, used when toggles occur in order to ensure that if
-    // the reload fails, the resulting list is not eroneous
-    this.active = {};
-    this.breaking = {}; 
-    this.inactive = {};
-    this.moot={};  
-    this.all={};  
-  },
-
-  active_rule: function(ruleset) {
-    this.log(INFO,"active rule " + ruleset.name +" in "+ this.home +" -> " +
-             this.domWin.document.baseURIObject.spec+ " serial " + this.serial);
-    this.active[ruleset.name] = ruleset;
-    this.all[ruleset.name] = ruleset;
-  },
-
-  breaking_rule: function(ruleset) {
-    this.log(NOTE,"breaking rule " + ruleset.name +" in "+ this.home +" -> " +
-             this.domWin.document.baseURIObject.spec+ " serial " + this.serial);
-    this.breaking[ruleset.name] = ruleset;
-    this.all[ruleset.name] = ruleset;
-  },
-
-  inactive_rule: function(ruleset) {
-
-    this.log(INFO,"inactive rule " + ruleset.name +" in "+ this.home +" -> " +
-             this.domWin.document.baseURIObject.spec+ " serial " + this.serial);
-    this.inactive[ruleset.name] = ruleset;
-    this.all[ruleset.name] = ruleset;
-  },
-
-  moot_rule: function(ruleset) {
-    this.log(INFO,"moot rule " + ruleset.name +" in "+ this.home + " serial " + this.serial);
-    this.moot[ruleset.name] = ruleset;
-    this.all[ruleset.name] = ruleset;
-  },
-
-  dom_handler: function(operation,key,data,src,dst) {
-    // See https://developer.mozilla.org/En/DOM/UserDataHandler
-    if (src && dst) 
-      dst.setUserData(key, data, this.dom_handler);
-  },
-
-  populate_list: function() {
-    // The base URI of the dom tends to be loaded from some /other/
-    // ApplicableList, so pretend we're loading it from here.
-    HTTPSEverywhere.instance.https_rules.rewrittenURI(this, this.uri);
-    this.log(DBUG, "populating using alist #" + this.serial);
-  },
-
-  populate_menu: function(document, menupopup, weird) {
-    this.populate_list();
-    this.document = document;
-    
-    var https_everywhere = CC["@eff.org/https-everywhere;1"].getService(Components.interfaces.nsISupports).wrappedJSObject;   
-   
-    // get the menu popup
-    this.menupopup = menupopup;
-
-    // empty it all of its menuitems
-    while(this.menupopup.firstChild.tagName != "menuseparator") {
-      this.menupopup.removeChild(this.menupopup.firstChild);
-    }
-    
-    // add global enable/disable toggle button  
-    var strings = document.getElementById("HttpsEverywhereStrings");
-    
-    var enableLabel = document.createElement('menuitem');
-    var text = strings.getString("https-everywhere.menu.globalDisable");
-    if(!https_everywhere.prefs.getBoolPref("globalEnabled"))
-      text = strings.getString("https-everywhere.menu.globalEnable");
-        
-    enableLabel.setAttribute('label', text);
-    enableLabel.setAttribute('command', 'https-everywhere-menuitem-globalEnableToggle');    
-    this.prepend_child(enableLabel);
-    
-    // add the label at the top
-    var any_rules = false;
-    for(var x in this.all) {
-      any_rules = true;  // how did JavaScript get this ugly?
-      break;
-    }
-    var label = document.createElement('menuitem');
-    label.setAttribute('label', strings.getString('https-everywhere.menu.enableDisable'));
-    label.setAttribute('command', 'https-everywhere-menuitem-preferences');
-    var label2 = false;
-    if (!any_rules) {
-      label2 = document.createElement('menuitem');
-      if (!weird) text = strings.getString('https-everywhere.menu.noRules');
-      else        text = strings.getString('https-everywhere.menu.unknownRules');
-      label2.setAttribute('label', text);
-      label2.setAttribute('command', 'https-everywhere-menuitem-preferences');
-      label2.setAttribute('style', 'color:#909090;');
-    }
-
-    // create a commandset if it doesn't already exist
-    this.commandset = document.getElementById('https-everywhere-commandset');
-    if(!this.commandset) {
-      this.commandset = document.createElement('commandset');
-      this.commandset.setAttribute('id', 'https-everywhere-commandset');
-      var win = document.getElementById('main-window');
-      win.appendChild(this.commandset);
-    } else {
-      // empty commandset
-      while(this.commandset.firstChild) 
-        this.commandset.removeChild(this.commandset.firstChild);
-    }
-
-    var wm = Components.classes["@mozilla.org/appshell/window-mediator;1"]
-                     .getService(Components.interfaces.nsIWindowMediator);
-                     
-    var domWin = wm.getMostRecentWindow("navigator:browser").content.document.defaultView.top;  
-    var location = domWin.document.baseURIObject.asciiSpec; //full url, including about:certerror details
-    
-    if(location.substr(0, 6) == "about:"){
-      //"From" portion of the rule is retrieved from the location bar via document.getElementById("urlbar").value
-        
-      var fromHost = document.getElementById("urlbar").value;  
-      
-      //scheme must be trimmed out to check for applicable rulesets       
-      if(fromHost.indexOf("://") != -1)
-        fromHost = fromHost.substr(fromHost.indexOf("://") + 3, fromHost.length);
-          
-      //trim off any page locations - we only want the host - e.g. domain.com
-      if(fromHost.indexOf("/") != -1)
-        fromHost = fromHost.substr(0, fromHost.indexOf("/"));
-                     
-      // Search for applicable rulesets for the host listed in the location bar
-      var plist = HTTPSRules.potentiallyApplicableRulesets(fromHost);     
-      for (var i = 0 ; i < plist.length ; i++){
-        //For each applicable rulset, determine active/inactive, and append to proper list.
-        var ruleOn = false;
-        try {
-          if(https_everywhere.rule_toggle_prefs.getBoolPref(plist[i].name))
-            ruleOn = true;
-        } catch(e) {
-          if(https_everywhere.https_rules.rulesetsByName[plist[i].name].active)
-            ruleOn = true;
-        }
-        if(ruleOn)
-          this.active_rule(plist[i]);
-        else
-          this.inactive_rule(plist[i]);                   
-      }   
-    }   
-    
-    // add all applicable commands
-    for(var x in this.breaking) 
-      this.add_command(this.breaking[x]); 
-    for(var x in this.active) 
-      this.add_command(this.active[x]); 
-    for(var x in this.moot)
-      this.add_command(this.moot[x]);
-    for(var x in this.inactive) 
-      this.add_command(this.inactive[x]);
-
-    if(https_everywhere.prefs.getBoolPref("globalEnabled")){
-       // add all the menu items
-       for (var x in this.inactive)
-          this.add_menuitem(this.inactive[x], 'inactive');
-       // rules that are active for some uris are not really moot
-       for (var x in this.moot) 
-          if (!(x in this.active))   
-              this.add_menuitem(this.moot[x], 'moot');
-       // break once break everywhere
-       for (var x in this.active) 
-          if (!(x in this.breaking))
-              this.add_menuitem(this.active[x], 'active');
-       for (var x in this.breaking)
-          this.add_menuitem(this.breaking[x], 'breaking');
-          
-       if (label2) this.prepend_child(label2);
-       this.prepend_child(label);
-    }
-    
-  },
-
-  prepend_child: function(node) {
-    this.menupopup.insertBefore(node, this.menupopup.firstChild);
-  },
-
-  add_command: function(rule) {
-      var command = this.document.createElement("command");
-      command.setAttribute('id', rule.id+'-command');
-      command.setAttribute('label', rule.name);
-      command.setAttribute('oncommand', 'toggle_rule("'+rule.id+'")');
-      this.commandset.appendChild(command);
-  },
-
-  // add a menu item for a rule -- type is "active", "inactive", "moot",
-  // or "breaking"
-
-  add_menuitem: function(rule, type) {
-    // create the menuitem
-    var item = this.document.createElement('menuitem');
-    item.setAttribute('command', rule.id+'-command');
-    item.setAttribute('class', type+'-item menuitem-iconic');
-    item.setAttribute('label', rule.name);
-
-    // we can get confused if rulesets have their state changed after the
-    // ApplicableList was constructed
-    if (!rule.active && (type == 'active' || type == 'moot'))
-      type = 'inactive';
-    if (rule.active && type == 'inactive')
-      type = 'moot';
-    
-    // set the icon
-    var image_src;
-    if (type == 'active') image_src = 'tick.png';
-    else if (type == 'inactive') image_src = 'cross.png';
-    else if (type == 'moot') image_src = 'tick-moot.png';
-    else if (type == 'breaking') image_src = 'loop.png';
-    item.setAttribute('image', 'chrome://https-everywhere/skin/'+image_src);
-
-    // all done
-    this.prepend_child(item);
-  },
-
-  show_applicable: function() {
-    this.log(WARN, "Applicable list number " + this.serial);
-    for (var x in this.active) 
-      this.log(WARN,"Active: " + this.active[x].name);
-
-    for (var x in this.breaking) 
-      this.log(WARN,"Breaking: " + this.breaking[x].name);
-  
-    for (x in this.inactive) 
-      this.log(WARN,"Inactive: " + this.inactive[x].name);
-
-    for (x in this.moot) 
-      this.log(WARN,"Moot: " + this.moot[x].name);
-    
-  }
-};
-
diff --git a/src/chrome/content/code/ChannelReplacement.js b/src/chrome/content/code/ChannelReplacement.js
deleted file mode 100644
index 328c0f9dc4db..000000000000
--- a/src/chrome/content/code/ChannelReplacement.js
+++ /dev/null
@@ -1,387 +0,0 @@
-function CtxCapturingListener(tracingChannel, captureObserver) {
-  this.originalListener = tracingChannel.setNewListener(this);
-  this.captureObserver = captureObserver;
-}
-CtxCapturingListener.prototype = {
-  originalListener: null,
-  originalCtx: null,
-  onStartRequest: function(request, ctx) {
-    this.originalCtx = ctx;
-    if (this.captureObserver) {
-      this.captureObserver.observeCapture(request, this);
-    }
-  },
-  onDataAvailable: function(request, ctx, inputStream, offset, count) {},
-  onStopRequest: function(request, ctx, statusCode) {},
-  QueryInterface: xpcom_generateQI([Ci.nsIStreamListener])
-};
-
-function ChannelReplacement(chan, newURI, newMethod) {
-  return this._init(chan, newURI, newMethod);
-}
-
-ChannelReplacement.supported = "nsITraceableChannel" in Ci;
-
-ChannelReplacement.runWhenPending = function(channel, callback) {
-  if (channel.isPending()) {
-    callback();
-    return false;
-  } else {
-    new LoadGroupWrapper(channel, callback);
-    return true;
-  }
-};
-
-
-ChannelReplacement.prototype = {
-  listener: null,
-  context: null,
-  oldChannel: null,
-  channel: null,
-  window: null,
-  suspended: false,
-  
-  get _unsupportedError() {
-    return new Error("Can't replace channels without nsITraceableChannel!");
-  },
-  
-  get _classifierClass() {
-    delete this.__proto__._classifierClass;
-    return this.__proto__._classifierClass = Cc["@mozilla.org/channelclassifier"];
-  },
-  
-  _autoHeadersRx: /^(?:Host|Cookie|Authorization)$|Cache|^If-/,
-  visitHeader: function(key, val) {
-    try {
-      // we skip authorization and cache-related fields which should be automatically set
-      if (!this._autoHeadersRx.test(key)) this.channel.setRequestHeader(key, val, false);
-    } catch (e) {
-      dump(e + "\n");
-    }
-  },
-  
-  _init: function(chan, newURI, newMethod) {
-    if (!(ChannelReplacement.supported && chan instanceof Ci.nsITraceableChannel))
-      throw this._unsupportedError;
-  
-    newURI = newURI || chan.URI;
-    
-    var newChan = IOS.newChannelFromURI(newURI);
-    
-    this.oldChannel = chan;
-    this.channel = newChan;
-    
-    // porting of http://mxr.mozilla.org/mozilla-central/source/netwerk/protocol/http/src/nsHttpChannel.cpp#2750
-    
-    var loadFlags = chan.loadFlags;
-    
-    if (chan.URI.schemeIs("https"))
-      loadFlags &= ~chan.INHIBIT_PERSISTENT_CACHING;
-    
-    
-    newChan.loadGroup = chan.loadGroup;
-    newChan.notificationCallbacks = chan.notificationCallbacks;
-    newChan.loadFlags = loadFlags | newChan.LOAD_REPLACE;
-    
-    if (!(newChan instanceof Ci.nsIHttpChannel))
-      return this;
-    
-    // copy headers
-    chan.visitRequestHeaders(this);
-
-    if (!newMethod || newMethod === chan.requestMethod) {
-      if (newChan instanceof Ci.nsIUploadChannel && chan instanceof Ci.nsIUploadChannel && chan.uploadStream ) {
-        var stream = chan.uploadStream;
-        if (stream instanceof Ci.nsISeekableStream) {
-          stream.seek(stream.NS_SEEK_SET, 0);
-        }
-        
-        try {
-          let ctype = chan.getRequestHeader("Content-type");
-          let clen = chan.getRequestHeader("Content-length");
-          if (ctype && clen) {
-            newChan.setUploadStream(stream, ctype, parseInt(clen, 10));
-          }
-        } catch(e) {
-          newChan.setUploadStream(stream, '', -1);
-        }
-        
-        newChan.requestMethod = chan.requestMethod;
-      }
-    } else {
-      newChan.requestMethod = newMethod;
-    }
-    
-    if (chan.referrer) newChan.referrer = chan.referrer;
-    newChan.allowPipelining = chan.allowPipelining;
-    newChan.redirectionLimit = chan.redirectionLimit - 1;
-    if (chan instanceof Ci.nsIHttpChannelInternal && newChan instanceof Ci.nsIHttpChannelInternal) {
-      if (chan.URI == chan.documentURI) {
-        newChan.documentURI = newURI;
-      } else {
-        newChan.documentURI = chan.documentURI;
-      }
-    }
-    
-    if (chan instanceof Ci.nsIEncodedChannel && newChan instanceof Ci.nsIEncodedChannel) {
-      newChan.applyConversion = chan.applyConversion;
-    }
-    
-    // we can't transfer resume information because we can't access mStartPos and mEntityID :(
-    // http://mxr.mozilla.org/mozilla-central/source/netwerk/protocol/http/src/nsHttpChannel.cpp#2826
-    
-    if ("nsIApplicationCacheChannel" in Ci &&
-      chan instanceof Ci.nsIApplicationCacheChannel && newChan instanceof Ci.nsIApplicationCacheChannel) {
-      newChan.applicationCache = chan.applicationCache;
-      newChan.inheritApplicationCache = chan.inheritApplicationCache;
-    }
-    
-    if (chan instanceof Ci.nsIPropertyBag && newChan instanceof Ci.nsIWritablePropertyBag) 
-      for (var properties = chan.enumerator, p; properties.hasMoreElements();)
-        if ((p = properties.getNext()) instanceof Ci.nsIProperty)
-          newChan.setProperty(p.name, p.value);
-
-    if (chan.loadFlags & chan.LOAD_DOCUMENT_URI) {
-      this.window = IOUtil.findWindow(chan);
-      if (this.window) this.window._replacedChannel = chan;
-    }
-    
-    return this;
-  },
-  
-  _onChannelRedirect: function() {
-    var oldChan = this.oldChannel;
-    var newChan = this.channel;
-    
-    if (this.realRedirect) {
-      if (oldChan.redirectionLimit === 0) {
-        oldChan.cancel(NS_ERROR_REDIRECT_LOOP);
-        throw NS_ERROR_REDIRECT_LOOP;
-      }
-    } else newChan.redirectionLimit += 1;
-    
-    
-    
-    // nsHttpHandler::OnChannelRedirect()
-
-    const CES = Ci.nsIChannelEventSink;
-    const flags = CES.REDIRECT_INTERNAL;
-    this._callSink(
-      Cc["@mozilla.org/netwerk/global-channel-event-sink;1"].getService(CES),
-      oldChan, newChan, flags);
-    var sink;
-    
-    for (let cess = Cc['@mozilla.org/categorymanager;1'].getService(CI.nsICategoryManager)
-            .enumerateCategory("net-channel-event-sinks");
-          cess.hasMoreElements();
-        ) {
-      sink = cess.getNext();
-      if (sink instanceof CES)
-        this._callSink(sink, oldChan, newChan, flags);
-    }
-    sink = IOUtil.queryNotificationCallbacks(oldChan, CES);
-    if (sink) this._callSink(sink, oldChan, newChan, flags);
-    
-    // ----------------------------------
-    
-    newChan.originalURI = oldChan.originalURI;
-    
-    sink = IOUtil.queryNotificationCallbacks(oldChan, Ci.nsIHttpEventSink);
-    if (sink) sink.onRedirect(oldChan, newChan);
-  },
-  
-  _callSink: function(sink, oldChan, newChan, flags) {
-    try { 
-      if ("onChannelRedirect" in sink) sink.onChannelRedirect(oldChan, newChan, flags);
-      else sink.asyncOnChannelRedirect(oldChan, newChan, flags, this._redirectCallback);
-    } catch(e) {
-      if (e.toString().indexOf("(NS_ERROR_DOM_BAD_URI)") !== -1 && oldChan.URI.spec !== newChan.URI.spec) {
-        let oldURL = oldChan.URI.spec;
-        try {
-          oldChan.URI.spec = newChan.URI.spec;
-          this._callSink(sink, oldChan, newChan, flags);
-        } catch(e1) {
-          throw e;
-        } finally {
-          oldChan.URI.spec = oldURL;
-        }
-      } else if (e.message.indexOf("(NS_ERROR_NOT_AVAILABLE)") === -1) throw e;
-    }
-  },
-  
-  _redirectCallback: ("nsIAsyncVerifyRedirectCallback" in Ci)
-    ? {
-        QueryInterface: xpcom_generateQI([Ci.nsIAsyncVerifyRedirectCallback]),
-        onRedirectVerifyCallback: function(result) {}
-      }
-    : null
-  ,
-  
-  replace: function(realRedirect, callback) {
-    let self = this;
-    let oldChan = this.oldChannel;
-    this.realRedirect = !!realRedirect;
-    if (typeof(callback) !== "function") {
-      callback = this._defaultCallback;
-    }
-    ChannelReplacement.runWhenPending(oldChan, function() {
-      if (oldChan.status) return; // channel's doom had been already defined
-     
-      let ccl = new CtxCapturingListener(oldChan, self);
-      self.loadGroup = oldChan.loadGroup;
-     
-      oldChan.loadGroup = null; // prevents the wheel from stopping spinning
-      
-    
-      if (self._redirectCallback) { // Gecko >= 2
-        // this calls asyncAbort, which calls onStartRequest on our listener
-        oldChan.cancel(NS_BINDING_REDIRECTED); 
-        self.suspend(); // believe it or not, this will defer asyncAbort() notifications until resume()
-        callback(self);
-      } else {
-        // legacy (Gecko < 2)
-        self.observeCapture = function(req, ccl) {
-          self.open = function() { self._redirect(ccl); };
-          callback(self);
-        };
-        oldChan.cancel(NS_BINDING_REDIRECTED); 
-      }
-      
-
-    });
-  },
-  
-  observeCapture: function(req, ccl) {
-    this._redirect(ccl);
-  },
-  
-  _defaultCallback: function(replacement) {
-    replacement.open();
-  },
-
-  open: function() {
-    this.resume(); // this triggers asyncAbort and the listeners in cascade
-  },
-  _redirect: function(ccl) {
-    let oldChan = this.oldChannel,
-      newChan = this.channel,
-      overlap;
-
-    if (!(this.window && (overlap = this.window._replacedChannel) !== oldChan)) {
-      try {
-        if (ABE.consoleDump && this.window) {
-          ABE.log("Opening delayed channel: " + oldChan.name + " - (current loading channel for this window " + (overlap && overlap.name) + ")");
-        }
-        
-         oldChan.loadGroup = this.loadGroup;
-    
-        this._onChannelRedirect();
-        newChan.asyncOpen(ccl.originalListener, ccl.originalCtx);
-        
-        if (this.window && this.window != IOUtil.findWindow(newChan)) { 
-          // late diverted load, unwanted artifact, abort
-          IOUtil.abort(newChan);
-        } else {
-          // safe browsing hook
-          if (this._classifierClass)
-            this._classifierClass.createInstance(Ci.nsIChannelClassifier).start(newChan, true);
-        }
-      } catch (e) {
-        ABE.log(e);
-      }
-    } else {
-      if (ABE.consoleDump) {
-        ABE.log("Detected double load on the same window: " + oldChan.name + " - " + (overlap && overlap.name));
-      }
-    }
-    
-    this.dispose();
-  },
-  
-  suspend: function() {
-    if (!this.suspended) {
-      this.oldChannel.suspend();
-      this.suspended = true;
-    }
-  },
-  resume: function() {
-    if (this.suspended) {
-      this.suspended = false;
-      try {
-        this.oldChannel.resume();
-      } catch (e) {}
-    }
-  },
-  
-  dispose: function() {
-    this.resume();
-    if (this.loadGroup) {
-      try {
-        this.loadGroup.removeRequest(this.oldChannel, null, NS_BINDING_REDIRECTED);
-      } catch (e) {}
-      this.loadGroup = null;
-    }
-
-  }
-};
-
-function LoadGroupWrapper(channel, callback) {
-  this._channel = channel;
-  this._inner = channel.loadGroup;
-  this._callback = callback;
-  channel.loadGroup = this;
-}
-LoadGroupWrapper.prototype = {
-  QueryInterface: xpcom_generateQI([Ci.nsILoadGroup]),
-  
-  get activeCount() {
-    return this._inner ? this._inner.activeCount : 0;
-  },
-  set defaultLoadRequest(v) {
-    return this._inner ? this._inner.defaultLoadRequest = v : v;
-  },
-  get defaultLoadRequest() {
-    return this._inner ? this._inner.defaultLoadRequest : null;
-  },
-  set groupObserver(v) {
-    return this._inner ? this._inner.groupObserver = v : v;
-  },
-  get groupObserver() {
-    return this._inner ? this._inner.groupObserver : null;
-  },
-  set notificationCallbacks(v) {
-    return this._inner ? this._inner.notificationCallbacks = v : v;
-  },
-  get notificationCallbacks() {
-    return this._inner ? this._inner.notificationCallbacks : null;
-  },
-  get requests() {
-    return this._inner ? this._inner.requests : this._emptyEnum;
-  },
-  
-  addRequest: function(r, ctx) {
-    this.detach();
-    if (this._inner) try {
-      this._inner.addRequest(r, ctx);
-    } catch(e) {
-      // addRequest may have not been implemented
-    }
-    if (r === this._channel)
-      try {
-        this._callback(r, ctx);
-      } catch (e) {}
-  },
-  removeRequest: function(r, ctx, status) {
-    this.detach();
-    if (this._inner) this._inner.removeRequest(r, ctx, status);
-  },
-  
-  detach: function() {
-    if (this._channel.loadGroup) this._channel.loadGroup = this._inner;
-  },
-  _emptyEnum: {
-    QueryInterface: xpcom_generateQI([Ci.nsISimpleEnumerator]),
-    getNext: function() { return null; },
-    hasMoreElements: function() { return false; }
-  }
-};
diff --git a/src/chrome/content/code/Cookie.js b/src/chrome/content/code/Cookie.js
deleted file mode 100644
index 9afe0a87ce6c..000000000000
--- a/src/chrome/content/code/Cookie.js
+++ /dev/null
@@ -1,148 +0,0 @@
-function Cookie(s, host) {
-  this.parse(s, host);
-}
-Cookie.computeId = function(c) {
-  return c.name + ";" + c.host + "/" + c.path;
-};
-Cookie.find = function(f) {
-  var cc = Cookie.prototype.cookieManager.enumerator;
-  var c;
-  while (cc.hasMoreElements()) {
-    if (f(c = cc.getNext())) return c;
-  }
-  return null;
-};
-
-Cookie.attributes = { host: 'domain', path: 'path', expires: 'expires', isHttpOnly: 'HttpOnly', isSecure: 'Secure' };
-Cookie.prototype = {
-  
-  name: '',
-  value: '',
-  source: '',
-  domain: '',
-  host: '',
-  rawHost: '',
-  path: '',
-  secure: false,
-  httponly: false,
-  session: true,
-  expires: 0,
-  
-  id: '',
-  
-  
-  toString: function() {
-    var c = [this['name'] + "=" + this.value];
-    var v;
-    const aa = Cookie.attributes;
-    for (var k in aa) {
-      var p = aa[k];
-      v = this[k];
-      switch(typeof(v)) {
-        case "string":
-          if (v) c.push(p + "=" + v);
-          break;
-        case "boolean":
-          if (v) c.push(p);
-          break;
-        case "number":
-          if (!this.isSession) c.push(p + "=" + new Date(v * 1000).toUTCString());
-          break;
-      }
-    }
-    return c.join("; ");
-  },
-  parse: function(s, host) {
-    var p;
-    if (this.source) {
-      // cleanup for recycle
-      for (p in this) {
-        if (typeof (p) != "function") delete this[p];
-      }
-    }
-    this.source = s;
-    this.host = host;
-    
-    var parts = s.split(/;\s*/);
-    var nv = parts.shift().split("=");
-    
-    this.name = nv.shift() || '';
-    this.value = nv.join('=') || '';
-    
-    var n, v;
-    for each (p in parts) {
-      nv = p.split("=");
-      switch (n = nv[0].toLowerCase()) {
-        case 'expires':
-          v = Math.round(Date.parse((nv[1] || '').replace(/\-/g, ' ')) / 1000);
-        break;
-        case 'domain':
-        case 'path':
-          v = nv[1] || '';
-          break;
-        case 'secure':
-        case 'httponly':
-          v = true;
-          break;
-        default:
-          n = 'unknown';
-      }
-      this[n] = v;
-    }
-    if (!this.expires) {
-      this.session = true;
-      this.expires = Math.round(new Date() / 1000) + 31536000;  
-    }
-    if (this.domain) {
-      if (!this.isDomain) this.domain = "." + this.domain;
-      this.host = this.domain;
-    }
-    this.rawHost = this.host.replace(/^\./, '');
-    
-    this.id = Cookie.computeId(this);
-  },
-  
-  
-  get cookieManager() {
-    delete Cookie.prototype.cookieManager;
-    var cman =  Cc["@mozilla.org/cookiemanager;1"]
-      .getService(Ci.nsICookieManager2).QueryInterface(Ci.nsICookieManager);
-    return Cookie.prototype.cookieManager = cman; 
-  },
-  belongsTo: function(host, path) {
-    if (path && this.path && path.indexOf(this.path) != 0) return false;
-    if (host == this.rawHost) return true;
-    var d = this.domain;
-    return d && (host == d || this.isDomain && host.slice(-d.length) == d);
-  },
-  save: function() {
-    this.save = ("cookieExists" in this.cookieManager)
-      ? function() { this.cookieManager.add(this.host, this.path, this.name, this.value, this.secure, this.httponly, this.session, this.expires); }
-      : function() { this.cookieManager.add(this.host, this.path, this.name, this.value, this.secure,                this.session, this.expires);}
-    ;
-    return this.save();
-  },
-  exists: function() {
-    var cc = this.cookieManager.enumerator;
-    while(cc.hasMoreElements()) {
-      if (this.sameAs(cc.getNext())) return true;
-    }
-    return false;
-  },
-  
-  sameAs: function(c) {
-    (c instanceof Ci.nsICookie) && (c instanceof Ci.nsICookie2);
-    return Cookie.computeId(c) == this.id;
-  },
-  
-  // nsICookie2 interface extras
-  get isSecure() { return this.secure; },
-  get expiry() { return this.expires; },
-  get isSession() { return this.session; },
-  get isHttpOnly() { return this.httponly; },
-  get isDomain() { return this.domain && this.domain[0] == '.'; },
-  policy: 0,
-  status: 0,
-  QueryInterface: xpcom_generateQI([Ci.nsICookie, Ci.nsICookie2])
-  
-};
diff --git a/src/chrome/content/code/HTTPS.js b/src/chrome/content/code/HTTPS.js
deleted file mode 100644
index c39a0ef18949..000000000000
--- a/src/chrome/content/code/HTTPS.js
+++ /dev/null
@@ -1,296 +0,0 @@
-INCLUDE('Cookie');
-// XXX: Disable STS for now.
-var STS = {
-  isSTSURI : function(uri) {
-    return false;
-  }
-};
-
-// Hack. We only need the part of the policystate that tracks content
-// policy loading.
-const PolicyState = {
-  attach: function(channel) {
-    IOUtil.attachToChannel(channel, "httpseverywhere.policyLoaded", true);
-  },
-
-  extract: function(channel) {
-    var res = IOUtil.extractFromChannel(channel,
-            "httpseverywhere.policyLoaded", true);
-    return res;
-  },
-};
-
-const HTTPS = {
-  ready: false,
-
-  secureCookies: true,
-  secureCookiesExceptions: null,
-  secureCookiesForced: null,
-  httpsForced: null,
-  httpsForcedExceptions: null,
-  httpsRewrite: null,
-  
-  replaceChannel: function(applicable_list, channel) {
-    var blob = HTTPSRules.rewrittenURI(applicable_list, channel.URI.clone());
-    if (null == blob) return false; // no rewrite
-    var uri = blob.newuri;
-    if (!uri) this.log(WARN, "OH NO BAD ARGH\nARGH");
-
-    var c2 = channel.QueryInterface(CI.nsIHttpChannel);
-    this.log(DBUG, channel.URI.spec+": Redirection limit is " + c2.redirectionLimit);
-    // XXX This used to be (c2.redirectionLimit == 1), but that's very
-    // inefficient in a case (eg amazon) where this may happen A LOT.
-    // Rather than number like 10, we should use the starting value
-    // in network.http.redirection-limit minus some counter
-    if (c2.redirectionLimit < 10) {
-      this.log(WARN, "Redirection loop trying to set HTTPS on:\n  " +
-      channel.URI.spec +"\n(falling back to HTTP)");
-      if (!blob.applied_ruleset) {
-        this.log(WARN,"Blacklisting rule for: " + channel.URI.spec);
-        https_everywhere_blacklist[channel.URI.spec] = true;
-      }
-      https_everywhere_blacklist[channel.URI.spec] = blob.applied_ruleset;
-      var domain = null;
-      try { domain = channel.URI.host; } catch (e) {}
-      if (domain) https_blacklist_domains[domain] = true;
-      return false;
-    }
-
-    // Check for the new internal redirect API. If it exists, use it.
-    if (!"redirectTo" in channel) {
-      this.log(WARN, "nsIHTTPChannel.redirectTo API is missing. This version of HTTPS Everywhere is useless!!!!\n!!!\n");
-      return false;
-    }
-
-    this.log(INFO, "Using nsIHttpChannel.redirectTo: " + channel.URI.spec + " -> " + uri.spec);
-    try {
-      channel.redirectTo(uri);
-      return true;
-    } catch(e) {
-      // This should not happen. We should only get exceptions if
-      // the channel was already open.
-      this.log(WARN, "Exception on nsIHttpChannel.redirectTo: "+e);
-
-      // Don't return: Fallback to NoScript ChannelReplacement.js
-    }
-    this.log(WARN,"Aborting redirection " + channel.name + ", should be HTTPS!");
-    IOUtil.abort(channel);
-    return false;
-  },
-
-  // getApplicableListForContext was remove along with the nsIContentPolicy
-  // bindings and the and forceURI path that used them.
-  
-  onCrossSiteRequest: function(channel, origin, browser, rw) {
-    try {
-      this.handleCrossSiteCookies(channel, origin, browser);
-    } catch(e) {
-      this.log(WARN, e + " --- " + e.stack);
-    }
-  },
-  
-  registered: false,
-  handleSecureCookies: function(req) {
-    
-    try {
-      req = req.QueryInterface(CI.nsIHttpChannel);
-    } catch(e) {
-      this.log(WARN, "Request is not an nsIHttpChannel: " + req);
-      return;
-    }
-    if (!this.secureCookies) return;
-    var uri = req.URI;
-    if (!uri) {
-      this.log(WARN,"No URI inside request " +req);
-      return;
-    }
-    //this.log(DBUG, "Cookie hunting in " + uri.spec);
-    var alist = HTTPSEverywhere.instance.getApplicableListForChannel(req);
-    if (!alist)
-      this.log(INFO, "No alist for cookies for "+(req.URI) ? req.URI.spec : "???");
-    
-    if (uri.schemeIs("https")) {
-      var host = uri.host;
-      try {
-        var cookies = req.getResponseHeader("Set-Cookie");
-      } catch(mayHappen) {
-        //this.log(VERB,"Exception hunting Set-Cookie in headers: " + mayHappen);
-        return;
-      }
-      if (!cookies) return;
-      var c;
-      for each (var cs in cookies.split("\n")) {
-        this.log(DBUG, "Examining cookie: ");
-        c = new Cookie(cs, host);
-        if (!c.secure && HTTPSRules.shouldSecureCookie(alist, c, true)) {
-          this.log(INFO, "Securing cookie: " + c.domain + " " + c.name);
-          c.secure = true;
-          req.setResponseHeader("Set-Cookie", c.source + ";Secure", true);
-        }
-      }
-      
-    }
-  },
-
-  handleInsecureCookie: function(c) {
-    if (HTTPSRules.shouldSecureCookie(null, c, false)) {
-      this.log(INFO, "Securing cookie from event: " + c.domain + " " + c.name);
-      var cookieManager = Components.classes["@mozilla.org/cookiemanager;1"]
-                            .getService(Components.interfaces.nsICookieManager2);
-      //some braindead cookies apparently use umghzabilliontrabilions
-      var expiry = Math.min(c.expiry, Math.pow(2,31));
-      cookieManager.remove(c.host, c.name, c.path, false);
-      cookieManager.add(c.host, c.path, c.name, c.value, true, c.isHTTPOnly, c.isSession, expiry);
-    }
-  },
-  
-  handleCrossSiteCookies: function(req, origin, browser) {
-     
-    var unsafeCookies = this.getUnsafeCookies(browser);
-    if (!unsafeCookies) return;
-    
-    var uri = req.URI;
-    var dscheme = uri.scheme;
-    
-    var oparts = origin && origin.match(/^(https?):\/\/([^\/:]+).*?(\/.*)/);
-    if (!(oparts && /https?/.test(dscheme))) return; 
-    
-    var oscheme = oparts[1];
-    if (oscheme == dscheme) return; // we want to check only cross-scheme requests
-    
-    var dsecure = dscheme == "https";
-    
-    if (dsecure && !ns.getPref("secureCookies.recycle", false)) return;
-   
-    var dhost = uri.host;
-    var dpath = uri.path;
-    
-    var ohost = oparts[2];
-    var opath = oparts[3];
-    
-    var ocookieCount = 0, totCount = 0;
-    var dcookies = [];
-    var c;
-    
-    for (var k in unsafeCookies) {
-      c = unsafeCookies[k];
-      if (!c.exists()) {
-        delete unsafeCookies[k];
-      } else {
-        totCount++;
-        if (c.belongsTo(dhost, dpath) && c.secure != dsecure) { // either secure on http or not secure on https
-          dcookies.push(c);
-        }
-        if (c.belongsTo(ohost, opath)) {
-          ocookieCount++;
-        }
-      }
-    }
-    
-    if (!totCount) {
-      this.setUnsafeCookies(browser, null);
-      return;
-    }
-    
-    // We want to "desecurify" cookies only if cross-navigation to unsafe
-    // destination originates from a site sharing some secured cookies
-
-    if (ocookieCount == 0 && !dsecure || !dcookies.length) return; 
-    
-    if (dsecure) {
-      this.log(WARN,"Detected cross-site navigation with secured cookies: " + origin + " -> " + uri.spec);
-      
-    } else {
-      this.log(WARN,"Detected unsafe navigation with NoScript-secured cookies: " + origin + " -> " + uri.spec);
-      this.log(WARN,uri.prePath + " cannot support secure cookies because it does not use HTTPS. Consider forcing HTTPS for " + uri.host + " in NoScript's Advanced HTTPS options panel.");
-    }
-    
-    var cs = CC['@mozilla.org/cookieService;1'].getService(CI.nsICookieService).getCookieString(uri, req);
-      
-    for each (c in dcookies) {
-      c.secure = dsecure;
-      c.save();
-      this.log(WARN,"Toggled secure flag on " + c);
-    }
-
-    if (cs) {
-      dcookies.push.apply(
-        dcookies, cs.split(/\s*;\s*/).map(function(cs) { var nv = cs.split("="); return { name: nv.shift(), value: nv.join("=") }; })
-         .filter(function(c) { return dcookies.every(function(x) { return x.name != c.name; }); })
-      );
-    }
-
-    cs = dcookies.map(function(c) { return c.name + "=" + c.value; }).join("; ");
-
-    this.log(WARN,"Sending Cookie for " + dhost + ": " + cs);
-    req.setRequestHeader("Cookie", cs, false); // "false" because merge syntax breaks Cookie header
-  },
-  
-  
-  cookiesCleanup: function(refCookie) {
-    var downgraded = [];
-
-    var ignored = this.secureCookiesExceptions;
-    var disabled = !this.secureCookies;
-    var bi = DOM.createBrowserIterator();
-    var unsafe, k, c, total, deleted;
-    for (var browser; browser = bi.next();) {
-      unsafe = this.getUnsafeCookies(browser);
-      if (!unsafe) continue;
-      total = deleted = 0;
-      for (k in unsafe) {
-        c = unsafe[k];
-        total++;
-        if (disabled || (refCookie ? c.belongsTo(refCookie.host) : ignored && ignored.test(c.rawHost))) {
-          if (c.exists()) {
-            this.log(WARN,"Cleaning Secure flag from " + c);
-            c.secure = false;
-            c.save();
-          }
-          delete unsafe[k];
-          deleted++;
-        }
-      }
-      if (total == deleted) this.setUnsafeCookies(browser, null);
-      if (!this.cookiesPerTab) break;
-    }
-  },
-  
-  get cookiesPerTab() {
-    return ns.getPref("secureCookies.perTab", false);
-  },
-  
-  _globalUnsafeCookies: {},
-  getUnsafeCookies: function(browser) { 
-    return this.cookiesPerTab
-      ? browser && ns.getExpando(browser, "unsafeCookies")
-      : this._globalUnsafeCookies;
-  },
-  setUnsafeCookies: function(browser, value) {
-    return this.cookiesPerTab
-      ? browser && ns.setExpando(browser, "unsafeCookies", value)
-      : this._globalUnsafeCookies = value;
-  },
-  
-  _getParent: function(req, w) {
-    return  w && w.frameElement || DOM.findBrowserForNode(w || IOUtil.findWindow(req));
-  }
-  
-};
-
-(function () {
-  ["secureCookies", "secureCookiesExceptions", "secureCookiesForced"].forEach(function(p) {
-    var v = HTTPS[p];
-    delete HTTPS[p];
-    HTTPS.__defineGetter__(p, function() {
-      return v;
-    });
-    HTTPS.__defineSetter__(p, function(n) {
-      v = n;
-      if (HTTPS.ready) HTTPS.cookiesCleanup();
-      return v;
-    });
-  });
-})();
-
-HTTPS.ready = true;
diff --git a/src/chrome/content/code/HTTPSRules.js b/src/chrome/content/code/HTTPSRules.js
deleted file mode 100644
index 23bc2332244c..000000000000
--- a/src/chrome/content/code/HTTPSRules.js
+++ /dev/null
@@ -1,709 +0,0 @@
-// Compilation of RegExps is now delayed until they are first used...
-
-function Rule(from, to) {
-  this.to = to;
-  this.from_c = from; // This will become a RegExp after compilation
-}
-
-function Exclusion(pattern) {
-  this.pattern_c = pattern; // Will become a RegExp after compilation
-}
-
-function CookieRule(host, cookiename) {
-  this.host = host;
-  this.name = cookiename;
-
-  // These will be made during compilation:
-
-  //this.host_c = new RegExp(host);
-  //this.name_c = new RegExp(cookiename);
-}
-
-ruleset_counter = 0;
-function RuleSet(name, xmlName, match_rule, default_off, platform) {
-  if(xmlName == "WordPress.xml" || xmlName == "Github.xml") {
-    this.log(NOTE, "RuleSet( name="+name+", xmlName="+xmlName+", match_rule="+match_rule+", default_off="+default_off+", platform="+platform+" )");
-  }
-
-  this.id="httpseR" + ruleset_counter;
-  ruleset_counter += 1;
-  this.on_by_default = true;
-  this.compiled = false;
-  this.name = name;
-  this.xmlName = xmlName;
-  //this.ruleset_match = match_rule;
-  this.notes = "";
-  if (match_rule)   this.ruleset_match_c = new RegExp(match_rule);
-  else              this.ruleset_match_c = null;
-  if (default_off) {
-    // Perhaps problematically, this currently ignores the actual content of
-    // the default_off XML attribute.  Ideally we'd like this attribute to be
-    // "valueless"
-    this.notes = default_off;
-    this.on_by_default = false;
-  }
-  if (platform)
-    if (platform.search(HTTPSRules.localPlatformRegexp) == -1) {
-      this.on_by_default = false;
-      this.notes = "Only for " + platform;
-    }
-
-  this.rules = [];
-  this.exclusions = [];
-  this.cookierules = [];
-  
-  this.rule_toggle_prefs = HTTPSEverywhere.instance.rule_toggle_prefs;
-
-  try {
-    // if this pref exists, use it
-    this.active = this.rule_toggle_prefs.getBoolPref(name);
-  } catch(e) {
-    // if not, use the default
-    this.active = this.on_by_default;
-  }
-}
-
-var dom_parser = Cc["@mozilla.org/xmlextras/domparser;1"].createInstance(Ci.nsIDOMParser);
-
-RuleSet.prototype = {
-
-  ensureCompiled: function() {
-    // Postpone compilation of exclusions, rules and cookies until now, to accelerate
-    // browser load time.
-    if (this.compiled) return;
-    var i;
-
-    for (i = 0; i < this.exclusions.length; ++i) {
-      this.exclusions[i].pattern_c = new RegExp(this.exclusions[i].pattern_c);
-    }
-    for (i = 0; i < this.rules.length; ++i) {
-      this.rules[i].from_c = new RegExp(this.rules[i].from_c);
-    }
-
-    for (i = 0; i < this.cookierules.length; i++) {
-       var cr = this.cookierules[i];
-       cr.host_c = new RegExp(cr.host);
-       cr.name_c = new RegExp(cr.name);
-    }
-
-    this.compiled = true;
-  },
-
-  apply: function(urispec) {
-    // return null if it does not apply
-    // and the new url if it does apply
-    var i;
-    var returl = null;
-    this.ensureCompiled();
-    // If a rulset has a match_rule and it fails, go no further
-    if (this.ruleset_match_c && !this.ruleset_match_c.test(urispec)) {
-      this.log(VERB, "ruleset_match_c excluded " + urispec);
-      return null;
-    }
-    // Even so, if we're covered by an exclusion, go home
-    for (i = 0; i < this.exclusions.length; ++i) {
-      if (this.exclusions[i].pattern_c.test(urispec)) {
-        this.log(DBUG,"excluded uri " + urispec);
-        return null;
-      }
-    }
-    // Okay, now find the first rule that triggers
-    for (i = 0; i < this.rules.length; ++i) {
-      // This is just for displaying inactive rules
-      returl = urispec.replace(this.rules[i].from_c, this.rules[i].to);
-      if (returl != urispec) return returl;
-    }
-
-    return null;
-  },
-  log: function(level, msg) {
-    https_everywhereLog(level, msg);
-  },
- 
-  wouldMatch: function(hypothetical_uri, alist) {
-    // return true if this ruleset would match the uri, assuming it were http
-    // used for judging moot / inactive rulesets
-    // alist is optional
- 
-    // if the ruleset is already somewhere in this applicable list, we don't
-    // care about hypothetical wouldMatch questions
-    if (alist && (this.name in alist.all)) return false;
- 
-    this.log(DBUG,"Would " +this.name + " match " +hypothetical_uri.spec +
-             "?  serial " + (alist && alist.serial));
-     
-    var uri = hypothetical_uri.clone();
-    if (uri.scheme == "https") uri.scheme = "http";
-    var urispec = uri.spec;
-
-    this.ensureCompiled();
- 
-    if (this.ruleset_match_c && !this.ruleset_match_c.test(urispec)) 
-      return false;
- 
-    for (var i = 0; i < this.exclusions.length; ++i) 
-      if (this.exclusions[i].pattern_c.test(urispec)) return false;
- 
-    for (var i = 0; i < this.rules.length; ++i) 
-      if (this.rules[i].from_c.test(urispec)) return true;
-    return false;
-  },
-
-  transformURI: function(uri) {
-    // If no rule applies, return null; if a rule would have applied but was
-    // inactive, return 0; otherwise, return a fresh uri instance
-    // for the target
-    var newurl = this.apply(uri.spec);
-    if (null == newurl) 
-      return null;
-    var newuri = Components.classes["@mozilla.org/network/standard-url;1"].
-                 createInstance(CI.nsIStandardURL);
-    newuri.init(CI.nsIStandardURL.URLTYPE_STANDARD, 80,
-             newurl, uri.originCharset, null);
-    newuri = newuri.QueryInterface(CI.nsIURI);
-    return newuri;
-  },
-
-  enable: function() {
-    // Enable us.
-    this.rule_toggle_prefs.setBoolPref(this.name, true);
-    this.active = true;
-  },
-
-  disable: function() {
-    // Disable us.
-    this.rule_toggle_prefs.setBoolPref(this.name, false);
-    this.active = false;
-  },
-
-  toggle: function() {
-    this.active = !this.active;
-    this.rule_toggle_prefs.setBoolPref(this.name, this.active);
-  },
-
-  clear: function() {
-    try {
-      this.rule_toggle_prefs.clearUserPref(this.name);
-    } catch(e) {
-      // this ruleset has never been toggled
-    }
-    this.active = this.on_by_default;
-  }
-};
-
-const RuleWriter = {
-
-  getCustomRuleDir: function() {
-    var loc = "ProfD";  // profile directory
-    var file =
-      CC["@mozilla.org/file/directory_service;1"]
-      .getService(CI.nsIProperties)
-      .get(loc, CI.nsILocalFile)
-      .clone();
-    file.append("HTTPSEverywhereUserRules");
-    // Check for existence, if not, create.
-    if (!file.exists()) {
-      file.create(CI.nsIFile.DIRECTORY_TYPE, 0700);
-    }
-    if (!file.isDirectory()) {
-      // XXX: Arg, death!
-    }
-    return file;
-  },
-
-  chromeToPath: function (aPath) {
-    if (!aPath || !(/^chrome:/.test(aPath)))
-       return; //not a chrome url
-
-    var ios =
-      CC['@mozilla.org/network/io-service;1']
-      .getService(CI.nsIIOService);
-    var uri = ios.newURI(aPath, "UTF-8", null);
-    var cr =
-      CC['@mozilla.org/chrome/chrome-registry;1']
-      .getService(CI.nsIChromeRegistry);
-    var rv = cr.convertChromeURL(uri).spec;
-
-    if (/^file:/.test(rv))
-      rv = this.urlToPath(rv);
-    else
-      rv = this.urlToPath("file://"+rv);
-
-    return rv;
-  },
-
-  urlToPath: function (aPath) {
-    if (!aPath || !/^file:/.test(aPath))
-      return ;
-
-    var ph =
-      CC["@mozilla.org/network/protocol;1?name=file"]
-      .createInstance(CI.nsIFileProtocolHandler);
-    var rv = ph.getFileFromURLSpec(aPath).path;
-
-    return rv;
-  },
-
-  getRuleDir: function() {
-    var loc = "chrome://https-everywhere/content/rules/";
-
-    var file =
-      CC["@mozilla.org/file/local;1"]
-      .createInstance(CI.nsILocalFile);  
-    file.initWithPath(this.chromeToPath(loc));
-
-    if (!file.isDirectory()) {
-      // XXX: Arg, death!
-      this.log(WARN,"Catastrophic failure: extension directory is not a directory");
-    }
-    return file;
-  },
-
-  read: function(file, rule_store) {
-    if (!file.exists())
-      return null;
-    if ((rule_store.targets == null) && (rule_store.targets != {}))
-      this.log(WARN, "TARGETS IS NULL");
-    var data = "";
-    var fstream = CC["@mozilla.org/network/file-input-stream;1"]
-        .createInstance(CI.nsIFileInputStream);
-    var sstream = CC["@mozilla.org/scriptableinputstream;1"]
-        .createInstance(CI.nsIScriptableInputStream);
-    fstream.init(file, -1, 0, 0);
-    sstream.init(fstream);
-
-    var str = sstream.read(4096);
-    while (str.length > 0) {
-      data += str;
-      str = sstream.read(4096);
-    }
-
-    sstream.close();
-    fstream.close();
-    // XXX: With DOMParser, we probably do not need to throw away the XML
-    // declaration anymore nowadays.
-    data = data.replace(/<\?xml[^>]*\?>/, ""); 
-    try {
-      var xmlrulesets = dom_parser.parseFromString(data, "text/xml");
-    } catch(e) { // file has been corrupted; XXX: handle error differently
-      this.log(WARN,"Error in XML file: " + file.path + "\n" + e);
-      return null;
-    }
-    this.parseXmlRulesets(xmlrulesets, rule_store, file);
-  },
-
-  parseXmlRulesets: function(xmldom, rule_store, file) {
-    // XML input files can either be a <ruleset> in a file, or a
-    // <rulesetlibrary> with many <rulesets> inside it (the latter form exists
-    // because ZIP does a much better job of compressing it).
-    if (xmldom.documentElement.nodeName == "ruleset") {
-      // This is a single ruleset.
-      this.parseOneRuleset(xmldom.documentElement, rule_store, file);
-    } else {
-      // The root of the XML tree is assumed to look like a <rulesetlibrary>
-      if (!xmldom.documentElement.getAttribute("gitcommitid")) {
-        // The gitcommitid is a tricky hack to let us display the true full
-        // source code of a ruleset, even though we strip out comments at build
-        // time, by having the UI fetch the ruleset from the public https git repo.
-        this.log(DBUG, "gitcommitid tag not found in <xmlruleset>");
-        rule_store.GITCommitID = "HEAD";
-      } else {
-        rule_store.GITCommitID = xmldom.documentElement.getAttribute("gitcommitid");
-      }
-
-      var rulesets = xmldom.documentElement.getElementsByTagName("ruleset");
-      if (rulesets.length == 0 && (file.path.search("00README") == -1))
-        this.log(WARN, "Probable <rulesetlibrary> with no <rulesets> in "
-                        + file.path + "\n" +  xmldom);
-      for (var j = 0; j < rulesets.length; j++)
-        this.parseOneRuleset(rulesets[j], rule_store, file);
-    }
-  },
-
-  parseOneRuleset: function(xmlruleset, rule_store, file) {
-    // Extract an xmlruleset into the rulestore
-    if (!xmlruleset.getAttribute("name")) {
-      this.log(WARN, "This blob: '" + xmlruleset + "' is not a ruleset\n");
-      return null;
-    }
-
-    this.log(DBUG, "Parsing " + xmlruleset.getAttribute("name") + " from " + file.path);
-
-    var match_rl = xmlruleset.getAttribute("match_rule");
-    var dflt_off = xmlruleset.getAttribute("default_off");
-    var platform = xmlruleset.getAttribute("platform");
-    var rs = new RuleSet(xmlruleset.getAttribute("name"), xmlruleset.getAttribute("f"), match_rl, dflt_off, platform);
-
-    var targets = xmlruleset.getElementsByTagName("target");
-    if (targets.length == 0) {
-      var msg = "Error: As of v0.3.0, XML rulesets require a target domain entry,";
-      msg = msg + "\nbut " + file.path + " is missing one.";
-      this.log(WARN, msg);
-      return null;
-    }
-
-    // see if this ruleset has the same name as an existing ruleset;
-    // if so, this ruleset is ignored; DON'T add or return it.
-    if (rs.name in rule_store.rulesetsByName) {
-      this.log(WARN, "Error: found duplicate rule name " + rs.name + " in file " + file.path);
-      return null;
-    }
-
-    // add this ruleset into HTTPSRules.targets with all of the applicable
-    // target host indexes
-    for (var i = 0; i < targets.length; i++) {
-      var host = targets[i].getAttribute("host");
-      if (!host) {
-        this.log(WARN, "<target> missing host in " + file.path);
-        return null;
-      }
-      if (! rule_store.targets[host])
-        rule_store.targets[host] = [];
-      rule_store.targets[host].push(rs);
-    }
-
-    var exclusions = xmlruleset.getElementsByTagName("exclusion");
-    for (var i = 0; i < exclusions.length; i++) {
-      var exclusion = new Exclusion(exclusions[i].getAttribute("pattern"));
-      rs.exclusions.push(exclusion);
-    }
-
-    var rules = xmlruleset.getElementsByTagName("rule");
-    for (var i = 0; i < rules.length; i++) {
-      var rule = new Rule(rules[i].getAttribute("from"),
-                          rules[i].getAttribute("to"));
-      rs.rules.push(rule);
-    }
-
-    var securecookies = xmlruleset.getElementsByTagName("securecookie");
-    for (var i = 0; i < securecookies.length; i++) {
-      var c_rule = new CookieRule(securecookies[i].getAttribute("host"),
-                                  securecookies[i].getAttribute("name"));
-      rs.cookierules.push(c_rule);
-      this.log(DBUG,"Cookie rule "+ c_rule.host+ " " +c_rule.name);
-    }
-
-    rule_store.rulesets.push(rs);
-    rule_store.rulesetsByID[rs.id] = rs;
-    rule_store.rulesetsByName[rs.name] = rs;
-
-  },
-
-  enumerate: function(dir) {
-    // file is the given directory (nsIFile)
-    var entries = dir.directoryEntries;
-    var ret = [];
-    while(entries.hasMoreElements()) {
-      var entry = entries.getNext();
-      entry.QueryInterface(Components.interfaces.nsIFile);
-      ret.push(entry);
-    }
-    return ret;
-  },
-};
-
-
-
-const HTTPSRules = {
-  init: function() {
-    try {
-      this.rulesets = [];
-      this.targets = {};  // dict mapping target host patterns -> lists of
-                          // applicable rules
-      this.rulesetsByID = {};
-      this.rulesetsByName = {};
-      var t1 = new Date().getTime();
-      this.checkMixedContentHandling();
-      var rulefiles = RuleWriter.enumerate(RuleWriter.getCustomRuleDir());
-      this.scanRulefiles(rulefiles);
-      rulefiles = RuleWriter.enumerate(RuleWriter.getRuleDir());
-      this.scanRulefiles(rulefiles);
-      var t,i;
-      for (t in this.targets) {
-        for (i = 0 ; i < this.targets[t].length ; i++) {
-          this.log(INFO, t + " -> " + this.targets[t][i].name);
-        }
-      }
-
-      // for any rulesets with <target host="*">
-      // every URI needs to be checked against these rulesets
-      // (though currently we don't ship any)
-      this.global_rulesets = this.targets["*"] ? this.targets["*"] : [];
-
-      this.rulesets.sort(
-        function(r1,r2) {
-            if (r1.name.toLowerCase() < r2.name.toLowerCase()) return -1;
-            else return 1;
-        }
-      );
-    } catch(e) {
-      this.log(WARN,"Rules Failed: "+e);
-    }
-    var t2 =  new Date().getTime();
-    this.log(NOTE,"Loading rulesets took " + (t2 - t1) / 1000.0 + " seconds");
-    return;
-  },
-
-  checkMixedContentHandling: function() {
-    // Firefox 23+ blocks mixed content by default, so rulesets that create
-    // mixed content situations should be disabled there
-    var appInfo = CC["@mozilla.org/xre/app-info;1"].getService(CI.nsIXULAppInfo);
-    var platformVer = appInfo.platformVersion;
-    var versionChecker = CC["@mozilla.org/xpcom/version-comparator;1"]
-                          .getService(CI.nsIVersionComparator);
-    var prefs = Components.classes["@mozilla.org/preferences-service;1"]
-                        .getService(Components.interfaces.nsIPrefService).getBranch("");
-
-
-    // If mixed content is present and enabled, and the user hasn't opted to enable
-    // mixed content triggering rules, leave them out. Otherwise add them in.
-    if(versionChecker.compare(appInfo.version, "23.0a1") >= 0
-            && prefs.getBoolPref("security.mixed_content.block_active_content")
-            && !prefs.getBoolPref("extensions.https_everywhere.enable_mixed_rulesets")) {
-      this.log(INFO, "Not activating rules that trigger mixed content errors.");
-      this.localPlatformRegexp = new RegExp("firefox");
-    } else {
-      this.log(INFO, "Activating rules that would normally trigger mixed content");
-      this.localPlatformRegexp = new RegExp("(firefox|mixedcontent)");
-    }
-  },
-
-  scanRulefiles: function(rulefiles) {
-    var i = 0;
-    var r = null;
-    for(i = 0; i < rulefiles.length; ++i) {
-      try {
-        this.log(DBUG,"Loading ruleset file: "+rulefiles[i].path);
-        RuleWriter.read(rulefiles[i], this);
-      } catch(e) {
-        this.log(WARN, "Error in ruleset file: " + e);
-        if (e.lineNumber)
-          this.log(WARN, "(line number: " + e.lineNumber + ")");
-      }
-    }
-  },
-
-  resetRulesetsToDefaults: function() {
-    // Callable from within the prefs UI and also for cleaning up buggy
-    // configurations...
-    for (var i in this.rulesets) {
-      this.rulesets[i].clear();
-    }
-  },
-
-  rewrittenURI: function(alist, input_uri) {
-    // This function oversees the task of working out if a uri should be
-    // rewritten, what it should be rewritten to, and recordkeeping of which
-    // applicable rulesets are and aren't active.  Previously this returned
-    // the new uri if there was a rewrite.  Now it returns a JS object with a
-    // newuri attribute and an applied_ruleset attribute (or null if there's
-    // no rewrite).
-    var i = 0; 
-    userpass_present = false; // Global so that sanitiseURI can tweak it.
-                              // Why does JS have no tuples, again?
-    var blob = {}; blob.newuri = null;
-    if (!alist) this.log(DBUG, "No applicable list rewriting " + input_uri.spec);
-    this.log(NOTE, "Processing " + input_uri.spec);
-
-    var uri = this.sanitiseURI(input_uri);
-
-    // Get the list of rulesets that target this host
-    try {
-      var rs = this.potentiallyApplicableRulesets(uri.host);
-    } catch(e) {
-      this.log(WARN, 'Could not check applicable rules for '+uri.spec);
-      return null;
-    }
-
-    // ponder each potentially applicable ruleset, working out if it applies
-    // and recording it as active/inactive/moot/breaking in the applicable list
-    for (i = 0; i < rs.length; ++i) {
-      if (!rs[i].active) {
-        if (alist && rs[i].wouldMatch(uri, alist))
-          alist.inactive_rule(rs[i]);
-        continue;
-      } 
-      blob.newuri = rs[i].transformURI(uri);
-      if (blob.newuri) {
-        // we rewrote the uri
-        this.log(DBUG, "Rewrote "+input_uri.spec);
-        if (alist) {
-          if (uri.spec in https_everywhere_blacklist) 
-            alist.breaking_rule(rs[i]);
-          else 
-            alist.active_rule(rs[i]);
-  }
-        if (userpass_present) blob.newuri.userPass = input_uri.userPass;
-        blob.applied_ruleset = rs[i];
-        return blob;
-      }
-      if (uri.scheme == "https" && alist) {
-        // we didn't rewrite but the rule applies to this domain and the
-        // requests are going over https
-        if (rs[i].wouldMatch(uri, alist)) alist.moot_rule(rs[i]);
-        continue;
-      } 
-    }
-    return null;
-  },
-
-  sanitiseURI: function(input_uri) {
-    // Rulesets shouldn't try to parse usernames and passwords.  If we find
-    // those, apply the ruleset without them (and then add them back later).
-    // When .userPass is absent, sometimes it is false and sometimes trying
-    // to read it raises an exception (probably depending on the URI type).
-    var uri = input_uri;
-    try {
-      if (input_uri.userPass) {
-        uri = input_uri.clone();
-        userpass_present = true; // tweaking a global in our caller :(
-        uri.userPass = null;
-      } 
-    } catch(e) {}
-
-    // example.com.  is equivalent to example.com
-    // example.com.. is invalid, but firefox would load it anyway
-    try {
-      if (uri.host)
-        try {
-          var h = uri.host;
-          if (h.charAt(h.length - 1) == ".") {
-            while (h.charAt(h.length - 1) == ".") 
-              h = h.slice(0,-1);
-            uri = uri.clone();
-            uri.host = h;
-          }
-        } catch(e) {
-          this.log(WARN, "Failed to normalise domain: ");
-          try       {this.log(WARN, input_uri.host);}
-          catch(e2) {this.log(WARN, "bang" + e + " & " + e2 + " & "+ input_uri);}
-        }
-    } catch(e3) {
-      this.log(INFO, "uri.host is explosive!");
-      try       { this.log(INFO, "(" + uri.spec + ")"); }  // happens for about: uris and soforth
-      catch(e4) { this.log(WARN, "(and unprintable!!!!!!)"); }
-    }
-    return uri;
-  },
-
-  setInsert: function(intoList, fromList) {
-    // Insert any elements from fromList into intoList, if they are not
-    // already there.  fromList may be null.
-    if (!fromList) return;
-    for (var i = 0; i < fromList.length; i++)
-      if (intoList.indexOf(fromList[i]) == -1)
-        intoList.push(fromList[i]);
-  },
-
-  potentiallyApplicableRulesets: function(host) {
-    // Return a list of rulesets that declare targets matching this host
-    var i, tmp, t;
-    var results = this.global_rulesets.slice(0); // copy global_rulesets
-    try {
-      if (this.targets[host])
-        results = results.concat(this.targets[host]);
-    } catch(e) {   
-      this.log(DBUG,"Couldn't check for ApplicableRulesets: " + e);
-      return [];
-    }
-    // replace each portion of the domain with a * in turn
-    var segmented = host.split(".");
-    for (i = 0; i < segmented.length; ++i) {
-      tmp = segmented[i];
-      segmented[i] = "*";
-      t = segmented.join(".");
-      segmented[i] = tmp;
-      this.setInsert(results, this.targets[t]);
-    }
-    // now eat away from the left, with *, so that for x.y.z.google.com we
-    // check *.z.google.com and *.google.com (we did *.y.z.google.com above)
-    for (i = 1; i <= segmented.length - 2; ++i) {
-      t = "*." + segmented.slice(i,segmented.length).join(".");
-      this.setInsert(results, this.targets[t]);
-    }
-    this.log(DBUG,"Potentially applicable rules for " + host + ":");
-    for (i = 0; i < results.length; ++i)
-      this.log(DBUG, "  " + results[i].name);
-    return results;
-  },
-
-  shouldSecureCookie: function(applicable_list, c, known_https) {
-    // Check to see if the Cookie object c meets any of our cookierule citeria
-    // for being marked as secure.
-    // @applicable_list : an ApplicableList or record keeping
-    // @c : an nsICookie2
-    // @known_https : true if we know the page setting the cookie is https
-
-    this.log(DBUG,"  rawhost: " + c.rawHost + "\n  name: " + c.name + "\n  host" + c.host);
-    var i,j;
-    var rs = this.potentiallyApplicableRulesets(c.host);
-    for (i = 0; i < rs.length; ++i) {
-      var ruleset = rs[i];
-      if (ruleset.active) {
-        ruleset.ensureCompiled();
-        // Never secure a cookie if this page might be HTTP
-        if (!known_https && !this.safeToSecureCookie(c.rawHost))
-          continue;
-        for (j = 0; j < ruleset.cookierules.length; j++) {
-          var cr = ruleset.cookierules[j];
-          if (cr.host_c.test(c.host) && cr.name_c.test(c.name)) {
-            if (applicable_list) applicable_list.active_rule(ruleset);
-            this.log(INFO,"Active cookie rule " + ruleset.name);
-            return true;
-          }
-        }
-        if (ruleset.cookierules.length > 0)
-          if (applicable_list) applicable_list.moot_rule(ruleset);
-      } else if (ruleset.cookierules.length > 0) {
-        if (applicable_list) applicable_list.inactive_rule(ruleset);
-        this.log(INFO,"Inactive cookie rule " + ruleset.name);
-      }
-    }
-    return false;
-  },
-
-  safeToSecureCookie: function(domain) {
-    // Check if the domain might be being served over HTTP.  If so, it isn't
-    // safe to secure a cookie!  We can't always know this for sure because
-    // observing cookie-changed doesn't give us enough context to know the
-    // full origin URI.
-
-    // First, if there are any redirect loops on this domain, don't secure
-    // cookies.  XXX This is not a very satisfactory heuristic.  Sometimes we
-    // would want to secure the cookie anyway, because the URLs that loop are
-    // not authenticated or not important.  Also by the time the loop has been
-    // observed and the domain blacklisted, a cookie might already have been
-    // flagged as secure.
-
-    if (domain in https_blacklist_domains) {
-      this.log(INFO, "cookies for " + domain + "blacklisted");
-      return false;
-    }
-
-    // If we passed that test, make up a random URL on the domain, and see if
-    // we would HTTPSify that.
-
-    try {
-      var nonce_path = "/" + Math.random().toString();
-      nonce_path = nonce_path + nonce_path;
-      var test_uri = "http://" + domain + nonce_path;
-    } catch (e) {
-      this.log(WARN, "explosion in safeToSecureCookie for " + domain + "\n" 
-                      + "(" + e + ")");
-      return false;
-    }
-
-    this.log(INFO, "Testing securecookie applicability with " + test_uri);
-    var rs = this.potentiallyApplicableRulesets(domain);
-    for (var i = 0; i < rs.length; ++i) {
-      if (!rs[i].active) continue;
-      var rewrite = rs[i].apply(test_uri);
-      if (rewrite) {
-        this.log(INFO, "Yes: " + rewrite);
-        return true;
-      }
-    }
-    this.log(INFO, "(NO)");
-    return false;
-  }
-};
diff --git a/src/chrome/content/code/IOUtil.js b/src/chrome/content/code/IOUtil.js
deleted file mode 100644
index 96c25004a7e0..000000000000
--- a/src/chrome/content/code/IOUtil.js
+++ /dev/null
@@ -1,263 +0,0 @@
-const IO = {
-  readFile: function(file, charset) {
-    var res;
-    
-    const is = Cc["@mozilla.org/network/file-input-stream;1"]
-      .createInstance(Ci.nsIFileInputStream );
-    is.init(file ,0x01, 256 /*0400*/, null);
-    const sis = Cc["@mozilla.org/scriptableinputstream;1"]
-      .createInstance(Ci.nsIScriptableInputStream);
-    sis.init(is);
-    
-    res = sis.read(sis.available());
-    is.close();
-    
-    if (charset !== null) { // use "null" if you want uncoverted data...
-      const unicodeConverter = Cc["@mozilla.org/intl/scriptableunicodeconverter"]
-        .createInstance(Ci.nsIScriptableUnicodeConverter);
-      try {
-        unicodeConverter.charset = charset || "UTF-8";
-      } catch(ex) {
-        unicodeConverter.charset = "UTF-8";
-      }
-      res = unicodeConverter.ConvertToUnicode(res);
-    }
-  
-    return res;
-  },
-  writeFile: function(file, content, charset) {
-    const unicodeConverter = Cc["@mozilla.org/intl/scriptableunicodeconverter"]
-      .createInstance(Ci.nsIScriptableUnicodeConverter);
-    try {
-      unicodeConverter.charset = charset || "UTF-8";
-    } catch(ex) {
-      unicodeConverter.charset = "UTF-8";
-    }
-    
-    content = unicodeConverter.ConvertFromUnicode(content);
-    const os = Cc["@mozilla.org/network/file-output-stream;1"]
-      .createInstance(Ci.nsIFileOutputStream);
-    os.init(file, 0x02 | 0x08 | 0x20, 448 /*0700*/, 0);
-    os.write(content, content.length);
-    os.close();
-  },
-  
-  safeWriteFile: function(file, content, charset) {
-    var tmp = file.clone();
-    var name = file.leafName;
-    tmp.leafName = name + ".tmp";
-    tmp.createUnique(Ci.nsIFile.NORMAL_FILE_TYPE, file.exists() ? file.permissions : 384 /*0600*/);
-    this.writeFile(tmp, content, charset);
-    tmp.moveTo(file.parent, name);
-  }
-};
-
-
-function nsISupportsWrapper(wrapped) {
-  this.wrappedJSObject = wrapped;
-}
-nsISupportsWrapper.prototype = {
-  QueryInterface: xpcom_generateQI([])
-};
-
-const IOUtil = {
-  asyncNetworking: true,
-  proxiedDNS: 0,
-
-  attachToChannel: function(channel, key, requestInfo) {
-    if (channel instanceof Ci.nsIWritablePropertyBag2) 
-      channel.setPropertyAsInterface(key, requestInfo);
-  },
-  extractFromChannel: function(channel, key, preserve) {
-    if (channel instanceof Ci.nsIPropertyBag2) {
-      let p = channel.get(key);
-      if (p) {
-        if (!preserve && (channel instanceof Ci.nsIWritablePropertyBag)) channel.deleteProperty(key);
-        if (p.wrappedJSObject) return p.wrappedJSObject;
-        p instanceof Ci.nsIURL || p instanceof Ci.nsIURL;
-        return p;
-      }
-    }
-    return null;
-  },
-
-  extractInternalReferrer: function(channel) {
-    if (channel instanceof Ci.nsIPropertyBag2) {
-      const key = "docshell.internalReferrer";
-      if (channel.hasKey(key))
-        try {
-          return channel.getPropertyAsInterface(key, Ci.nsIURL);
-        } catch(e) {}
-    }
-    return null;
-  },
-  extractInternalReferrerSpec: function(channel) {
-    var ref = this.extractInternalReferrer(channel);
-    return ref && ref.spec || null;
-  },
-  
-  getProxyInfo: function(channel) {
-    return Ci.nsIProxiedChannel && (channel instanceof Ci.nsIProxiedChannel) 
-    ? channel.proxyInfo
-    : Components.classes["@mozilla.org/network/protocol-proxy-service;1"]
-        .getService(Components.interfaces.nsIProtocolProxyService)
-        .resolve(channel.URI, 0);
-  },
-  
-  
-  canDoDNS: function(channel) {
-    if (!channel || IOS.offline) return false;
-    
-    var proxyInfo = this.getProxyInfo(channel);
-    switch(this.proxiedDNS) {
-      case 1:
-        return !(proxyInfo && (proxyInfo.flags & Ci.nsIProxyInfo.TRANSPARENT_PROXY_RESOLVES_HOST));
-      case 2:
-        return true;
-      default:
-        return !proxyInfo || proxyInfo.type == "direct";   
-    }
-
-  },
-  
-  abort: function(channel, noNetwork) {
-    channel.cancel(Cr.NS_ERROR_ABORT);
-  },
-  
-  findWindow: function(channel) {
-    for each(var cb in [channel.notificationCallbacks,
-                       channel.loadGroup && channel.loadGroup.notificationCallbacks]) {
-      if (cb instanceof Ci.nsIInterfaceRequestor) {
-        if (Ci.nsILoadContext) try {
-        // For Gecko 1.9.1
-          return cb.getInterface(Ci.nsILoadContext).associatedWindow;
-        } catch(e) {}
-        
-        try {
-          // For Gecko 1.9.0
-          return cb.getInterface(Ci.nsIDOMWindow);
-        } catch(e) {}
-      }
-    }
-    return null;
-  },
-  
-  readFile: IO.readFile,
-  writeFile: IO.writeFile,
-  safeWriteFIle: IO.safeWriteFile,
-  
-  _protocols: {}, // caching them we gain a 33% speed boost in URI creation :)
-  newURI: function(url) {
-    try {
-      let scheme =  url.substring(0, url.indexOf(':'));
-      return (this._protocols[scheme] || 
-        (this._protocols[scheme] =
-          Cc["@mozilla.org/network/protocol;1?name=" + scheme]
-          .getService(Ci.nsIProtocolHandler)))
-        .newURI(url, null, null);
-    } catch(e) {
-      return IOS.newURI(url, null, null);
-    }
-  },
-  
-  unwrapURL: function(url) {  
-    try {
-      if (!(url instanceof Ci.nsIURI))
-        url = this.newURI(url);
-      
-      switch (url.scheme) {
-        case "view-source":
-          return this.unwrapURL(url.path);
-        case "feed":
-          let u = url.spec.substring(5);
-          if (u.substring(0, 2) == '//') u = "http:" + u;
-          return this.unwrapURL(u);
-        case "wyciwyg":
-          return this.unwrapURL(url.path.replace(/^\/\/\d+\//, ""));
-        case "jar":
-          if (url instanceof Ci.nsIJARURI)
-            return this.unwrapURL(url.JARFile);
-      }
-    }
-    catch (e) {}
-    
-    return url;
-  },
-  
-  
-  get _channelFlags() {
-    delete this._channelFlags;
-    const constRx = /^[A-Z_]+$/;
-    const ff = {};
-    [Ci.nsIHttpChannel, Ci.nsICachingChannel].forEach(function(c) {
-      for (var p in c) {
-        if (constRx.test(p)) ff[p] = c[p];
-      }
-    });
-    return this._channelFlags = ff;
-  },
-  humanFlags: function(loadFlags) {
-    var hf = [];
-    var c = this._channelFlags;
-    for (var p in c) {
-      if (loadFlags & c[p]) hf.push(p + "=" + c[p]);
-    }
-    return hf.join("\n");
-  },
-  
-  queryNotificationCallbacks: function(chan, iid) {
-    var cb;
-    try {
-      cb = chan.notificationCallbacks.getInterface(iid);
-      if (cb) return cb;
-    } catch(e) {}
-    
-    try {
-      return chan.loadGroup && chan.loadGroup.notificationCallbacks.getInterface(iid);
-    } catch(e) {}
-    
-    return null;
-  },
-  
- 
-  anonymizeURI: function(uri, cookie) {
-    if (uri instanceof Ci.nsIURL) {
-      uri.query = this.anonymizeQS(uri.query, cookie);
-    } else return this.anonymizeURL(uri, cookie);
-    return uri;
-  },
-  anonymizeURL: function(url, cookie) {
-    var parts = url.split("?");
-    if (parts.length < 2) return url;
-    parts[1] = this.anonymizeQS(parts[1], cookie);
-    return parts.join("?");
-  },
-  
-  _splitName: function(nv) nv.split("=")[0],
-  _qsRx: /[&=]/,
-  _anonRx: /(?:auth|s\w+(?:id|key)$)/,
-  anonymizeQS: function(qs, cookie) {
-    if (!qs) return qs;
-    if (!this._qsRx.test(qs)) return '';
-    
-    var cookieNames, hasCookies;
-    if ((hasCookies = !!cookie)) cookieNames = cookie.split(/\s*;\s*/).map(this._splitName);
-    
-    let parms = qs.split("&");
-    for (j = parms.length; j-- > 0;) {
-      let nv = parms[j].split("=");
-      let name = nv[0];
-      if (this._anonRx.test(name) || cookie && cookieNames.indexOf(name) > -1)
-        parms.splice(j, 1);
-    }
-    return parms.join("&");
-  },
-
-  get TLDService() {
-    delete this.TLDService;
-    return this.TLDService = Cc["@mozilla.org/network/effective-tld-service;1"].getService(Ci.nsIEffectiveTLDService);
-  }
-  
-};
-
-
diff --git a/src/chrome/content/code/NSS.js b/src/chrome/content/code/NSS.js
deleted file mode 100644
index 97a7e78a5c07..000000000000
--- a/src/chrome/content/code/NSS.js
+++ /dev/null
@@ -1,491 +0,0 @@
-// Copyright (c) 2011 Moxie Marlinspike <moxie@thoughtcrime.org>
-// This program is free software; you can redistribute it and/or
-// modify it under the terms of the GNU General Public License as
-// published by the Free Software Foundation; either version 3 of the
-// License, or (at your option) any later version.
-
-// This program is distributed in the hope that it will be useful, but
-// WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-// General Public License for more details.
-
-// You should have received a copy of the GNU General Public License
-// along with this program; if not, write to the Free Software
-// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
-// USA
-
-
-/**
- * This class manages the ctypes bridge to the NSS (crypto) libraries
- * distributed with Mozilla.
- *
- **/
-
-function NSS() {
-
-}
-
-NSS.initialize = function(nssPath) {  
-  var sharedLib;
-
-  try {
-    sharedLib = ctypes.open(nssPath);    
-  } catch (e) {
-    dump("Failed to find nss3 in installed directory, checking system paths.\n");
-    sharedLib = ctypes.open(ctypes.libraryName("nss3"));
-  }
-
-  NSS.types = new Object();
-
-  NSS.types.CERTDistNames = ctypes.StructType("CERTDistNames");
-
-  NSS.types.SECItem = ctypes.StructType("SECItem",
-  				[{'type' : ctypes.int},
-                                 {'data' : ctypes.unsigned_char.ptr},
-                                 {'len' : ctypes.uint32_t}]);
-
-  NSS.types.PLArenaPool = ctypes.StructType("PLArenaPool");
-
-  NSS.types.CERTCertificateList = ctypes.StructType("CERTCertificateList",
-						    [{'certs' : NSS.types.SECItem.ptr},
-                                                     {'len' : ctypes.int},
-                                                     {'arena' : NSS.types.PLArenaPool.ptr}]),
-
-  NSS.types.CERTAVA = ctypes.StructType("CERTAVA",
-     				[{'type' : NSS.types.SECItem},
-                                 {'value' : NSS.types.SECItem}]);
-
-  NSS.types.CERTRDN = ctypes.StructType("CERTRDN",
-  				  [{'avas' : NSS.types.CERTAVA.ptr.ptr}]);
-  
-  NSS.types.SECAlgorithmID = ctypes.StructType("SECAlgorithmID",
-  				       [{'algorithm' : NSS.types.SECItem},
-                                        {'parameters' : NSS.types.SECItem}]);
-
-  NSS.types.CERTSignedData  = ctypes.StructType("CERTSignedData",
-    				       [{'data' : NSS.types.SECItem},
-                                        {'signatureAlgorithm' : NSS.types.SECAlgorithmID},
-                                        {'signature' : NSS.types.SECItem}]);
-
-  NSS.types.CERTOKDomainName = ctypes.StructType("CERTOKDomainName");
-
-  NSS.types.NSSCertificateStr = ctypes.StructType("NSSCertificateStr");
-
-  NSS.types.CERTAuthKeyID = ctypes.StructType("CERTAuthKeyID");
-
-  NSS.types.CERTName  = ctypes.StructType("CERTName",
-    				 [{'arena' : ctypes.voidptr_t},
-                                  {'rdns' : NSS.types.CERTRDN.ptr.ptr}]);
-
-  NSS.types.CERTValidity = ctypes.StructType("CERTValidity",
-    				     [{'arena' : ctypes.voidptr_t},
-                                      {'notBefore' : NSS.types.SECItem},
-                                      {'notAfter' : NSS.types.SECItem}]);
-
-  NSS.types.CERTCertExtension = ctypes.StructType("CERTCertExtension",
-						  [{'id' : NSS.types.SECItem},
-                                                   {'critical' : NSS.types.SECItem},
-                                                   {'value' : NSS.types.SECItem}]);
-
-  NSS.types.CERTCertDBHandle = ctypes.StructType("CERTCertDBHandle");
-
-  NSS.types.PK11SlotInfo = ctypes.StructType("PK11SlotInfo");
-
-  NSS.types.PK11SlotListElement = ctypes.StructType("PK11SlotListElement",
-						    [{'next' : ctypes.StructType("PK11SlotListElement").ptr},
-                                                     {'prev' : ctypes.StructType("PK11SlotListElement").ptr},
-                                                     {'slot' : NSS.types.PK11SlotInfo.ptr},
-                                                     {'refCount' : ctypes.int}]),
-
-  NSS.types.PK11SlotList = ctypes.StructType("PK11SlotList",
-					     [{'head' : NSS.types.PK11SlotListElement.ptr},
-                                              {'tail' : NSS.types.PK11SlotListElement.ptr},
-                                              {'lock' : ctypes.StructType("PZLock").ptr}]),
-
-  NSS.types.SECKEYPrivateKey = ctypes.StructType("SECKEYPrivateKey",
-  					 [{'arena' : NSS.types.PLArenaPool.ptr},
-                                          {'keyType' : ctypes.int},
-                                          {'pkcs11Slot' : NSS.types.PK11SlotInfo.ptr},
-                                          {'pkcs11ID' : ctypes.unsigned_long},
-                                          {'pkcs11IsTemp' : ctypes.int},
-                                          {'wincx' : ctypes.voidptr_t},
-                                          {'staticflags' : ctypes.int32_t}]);
-
-  NSS.types.SECKEYPublicKey = ctypes.StructType("SECKEYPublicKey");
-
-  NSS.types.CERTSubjectPublicKeyInfo = ctypes.StructType("CERTSubjectPublicKeyInfo",
-							 [{'arena' : NSS.types.PLArenaPool.ptr},
-                                                          {'algorithm' : NSS.types.SECAlgorithmID},
-                                                          {'subjectPublicKey' : NSS.types.SECItem}]);
-
-  NSS.types.CERTCertificateRequest = ctypes.StructType("CERTCertificateRequest");
-
-  NSS.types.SEC_ASN1Template = ctypes.StructType("SEC_ASN1Template",
-  					 [{'kind' : ctypes.unsigned_long},
-                                          {'offset' : ctypes.unsigned_long},
-                                          {'sub' : ctypes.voidptr_t},
-                                          {'size' : ctypes.unsigned_int}]);
-					 
-  NSS.types.PK11RSAGenParams = ctypes.StructType("PK11RSAGenParams",
-    					 [{'keySizeInBits' : ctypes.int}, 
-                                          {'pe' : ctypes.unsigned_long}]);
-
-  NSS.types.CERTCertTrust = ctypes.StructType("CERTCertTrust",
-    				      [{'sslFlags' : ctypes.uint32_t},
-                                       {'emailFlags' : ctypes.uint32_t},
-                                       {'objectSigningFlags' : ctypes.uint32_t}]);
-
-  NSS.types.CERTSubjectList = ctypes.StructType("CERTSubjectList");
-
-  NSS.types.CERTGeneralName = ctypes.StructType("CERTGeneralName");
-
-  NSS.types.CERTCertificate = ctypes.StructType("CERTCertificate",
-    					[{'arena' : NSS.types.PLArenaPool.ptr},
-                                         {'subjectName' : ctypes.char.ptr},
-                                         {'issuerName' : ctypes.char.ptr},
-                                         {'signatureWrap' : NSS.types.CERTSignedData},
-                                         {'derCert' : NSS.types.SECItem},
-                                         {'derIssuer' : NSS.types.SECItem},
-                                         {'derSubject' : NSS.types.SECItem},
-                                         {'derPublicKey' : NSS.types.SECItem},
-                                         {'certKey' : NSS.types.SECItem},
-                                         {'version' : NSS.types.SECItem},
-                                         {'serialNumber' : NSS.types.SECItem},
-                                         {'signature' : NSS.types.SECAlgorithmID},
-                                         {'issuer' : NSS.types.CERTName},
-                                         {'validity' : NSS.types.CERTValidity},
-                                         {'subject' : NSS.types.CERTName},
-                                         {'subjectPublicKeyInfo' : NSS.types.CERTSubjectPublicKeyInfo},
-                                         {'issuerID' : NSS.types.SECItem},
-                                         {'subjectID' : NSS.types.SECItem},
-                                         {'extensions' : NSS.types.CERTCertExtension.ptr.ptr},
-                                         {'emailAddr' : ctypes.char.ptr},					 
-                                         {'dbhandle' : NSS.types.CERTCertDBHandle.ptr},
-                                         {'subjectKeyID' : NSS.types.SECItem},
-                                         {'keyIDGenerated' : ctypes.int},
-                                         {'keyUsage' : ctypes.unsigned_int},
-                                         {'rawKeyUsage' : ctypes.unsigned_int},
-                                         {'keyUsagePresent' : ctypes.int},
-                                         {'nsCertType' : ctypes.uint32_t},
-                                         {'keepSession' : ctypes.int},
-                                         {'timeOK' : ctypes.int},
-                                         {'domainOK' : NSS.types.CERTOKDomainName.ptr},
-                                         {'isperm' : ctypes.int},
-                                         {'istemp' : ctypes.int},
-                                         {'nickname' : ctypes.char.ptr},
-                                         {'dbnickname' : ctypes.char.ptr},
-                                         {'nssCertificate' : NSS.types.NSSCertificateStr.ptr},
-                                         {'trust' : NSS.types.CERTCertTrust.ptr},
-                                         {'referenceCount' : ctypes.int},
-                                         {'subjectList' : NSS.types.CERTSubjectList.ptr},
-                                         {'authKeyID' : NSS.types.CERTAuthKeyID.ptr},
-                                         {'isRoot' : ctypes.int},
-                                         {'options' : ctypes.voidptr_t},
-                                         {'series' : ctypes.int},
-                                         {'slot' : NSS.types.PK11SlotInfo.ptr},
-                                         {'pkcs11ID' : ctypes.unsigned_long},
-                                         {'ownSlot' : ctypes.int}]);
-
-  NSS.types.CERTBasicConstraints = ctypes.StructType("CERTBasicConstraints",
-    					     [{'isCA': ctypes.int},
-                                              {'pathLenConstraint' : ctypes.int}]);
-	
-
-  NSS.lib = {
-    SEC_OID_MD5 : 3,
-    SEC_OID_SHA1 : 4,
-    SEC_OID_X509_KEY_USAGE : 81,
-    SEC_OID_NS_CERT_EXT_COMMENT : 75,
-    CKM_RSA_PKCS_KEY_PAIR_GEN : 0,
-    buffer : ctypes.ArrayType(ctypes.char),
-    ubuffer : ctypes.ArrayType(ctypes.unsigned_char),
-
-    // CERT_CertificateTemplate : sharedLib.declare("CERT_CertificateTemplate",
-    // 						 NSS.types.SEC_ASN1Template),
-
-    NSS_Get_CERT_CertificateTemplate : sharedLib.declare("NSS_Get_CERT_CertificateTemplate",
-							 ctypes.default_abi,
-							 NSS.types.SEC_ASN1Template.ptr),
-
-    PK11_HashBuf : sharedLib.declare("PK11_HashBuf",
-    				     ctypes.default_abi,
-    				     ctypes.int,
-    				     ctypes.int,
-    				     ctypes.unsigned_char.ptr,
-    				     ctypes.unsigned_char.ptr,
-    				     ctypes.int32_t),
-
-    CERT_GetDefaultCertDB : sharedLib.declare("CERT_GetDefaultCertDB",
-    					      ctypes.default_abi,
-    					      NSS.types.CERTCertDBHandle.ptr),
-
-    CERT_ChangeCertTrust : sharedLib.declare("CERT_ChangeCertTrust",
-    					     ctypes.default_abi,
-    					     ctypes.int32_t,
-    					     NSS.types.CERTCertDBHandle.ptr,
-    					     NSS.types.CERTCertificate.ptr,
-    					     NSS.types.CERTCertTrust.ptr),
-
-    CERT_FindCertByNickname : sharedLib.declare("CERT_FindCertByNickname",
-    						ctypes.default_abi,
-    						NSS.types.CERTCertificate.ptr,
-    						NSS.types.CERTCertDBHandle.ptr,
-    						ctypes.char.ptr),
-    
-    CERT_FindCertByDERCert : sharedLib.declare("CERT_FindCertByDERCert",
-					       ctypes.default_abi,
-					       NSS.types.CERTCertificate.ptr,
-					       NSS.types.CERTCertDBHandle.ptr,
-					       NSS.types.SECItem.ptr),
-
-    CERT_VerifyCertNow : sharedLib.declare("CERT_VerifyCertNow",
-					   ctypes.default_abi,
-					   ctypes.int,
-					   NSS.types.CERTCertDBHandle.ptr,
-					   NSS.types.CERTCertificate.ptr,
-					   ctypes.int,
-					   ctypes.int,
-					   ctypes.voidptr_t),
-
-    CERT_CertChainFromCert : sharedLib.declare("CERT_CertChainFromCert",
-					       ctypes.default_abi,
-					       NSS.types.CERTCertificateList.ptr,
-					       NSS.types.CERTCertificate.ptr,
-					       ctypes.int,
-					       ctypes.int),
-
-    PK11_FindKeyByAnyCert : sharedLib.declare("PK11_FindKeyByAnyCert",
-    					      ctypes.default_abi,
-    					      NSS.types.SECKEYPrivateKey.ptr,
-    					      NSS.types.CERTCertificate.ptr,
-    					      ctypes.voidptr_t),
-
-    PK11_GetInternalKeySlot : sharedLib.declare("PK11_GetInternalKeySlot",
-    						ctypes.default_abi,
-    						NSS.types.PK11SlotInfo.ptr),
-
-    PK11_GetAllSlotsForCert : sharedLib.declare("PK11_GetAllSlotsForCert",
-						ctypes.default_abi,
-						NSS.types.PK11SlotList.ptr,
-						NSS.types.CERTCertificate.ptr,
-						ctypes.voidptr_t),
-
-    PK11_GetTokenName : sharedLib.declare("PK11_GetTokenName",
-					  ctypes.default_abi,
-					  ctypes.char.ptr,
-					  NSS.types.PK11SlotInfo.ptr),
-
-    PK11_GenerateKeyPair : sharedLib.declare("PK11_GenerateKeyPair",
-					     ctypes.default_abi,
-					     NSS.types.SECKEYPrivateKey.ptr,
-					     NSS.types.PK11SlotInfo.ptr,
-					     ctypes.int,
-					     NSS.types.PK11RSAGenParams.ptr,
-					     NSS.types.SECKEYPublicKey.ptr.ptr,
-					     ctypes.int, 
-					     ctypes.int,
-					     ctypes.voidptr_t),
-					     
-    PK11_SetPrivateKeyNickname : sharedLib.declare("PK11_SetPrivateKeyNickname",
-						   ctypes.default_abi,
-						   ctypes.int,
-						   NSS.types.SECKEYPrivateKey.ptr,
-						   ctypes.char.ptr),
-
-    SEC_ASN1EncodeItem : sharedLib.declare("SEC_ASN1EncodeItem",
-					   ctypes.default_abi,
-					   NSS.types.SECItem.ptr,
-					   NSS.types.PLArenaPool.ptr,
-					   NSS.types.SECItem.ptr,
-					   ctypes.voidptr_t,
-					   NSS.types.SEC_ASN1Template.ptr),
-
-    SEC_DerSignData : sharedLib.declare("SEC_DerSignData",
-					ctypes.default_abi,
-					ctypes.int,
-					NSS.types.PLArenaPool.ptr,
-					NSS.types.SECItem.ptr,
-					ctypes.unsigned_char.ptr,
-					ctypes.int,
-					NSS.types.SECKEYPrivateKey.ptr,
-					ctypes.int),
-
-    SEC_GetSignatureAlgorithmOidTag : sharedLib.declare("SEC_GetSignatureAlgorithmOidTag",
-							ctypes.default_abi,
-							ctypes.int,
-							ctypes.int,
-							ctypes.int),
-					  
-    SECOID_SetAlgorithmID : sharedLib.declare("SECOID_SetAlgorithmID",
-					      ctypes.default_abi,
-					      ctypes.int,
-					      NSS.types.PLArenaPool.ptr,
-					      NSS.types.SECAlgorithmID.ptr,
-					      ctypes.int,
-					      NSS.types.SECItem.ptr),
-
-
-    CERT_Hexify : sharedLib.declare("CERT_Hexify",
-    				    ctypes.default_abi,
-    				    ctypes.char.ptr,
-    				    NSS.types.SECItem.ptr,
-    				    ctypes.int),
-
-    CERT_AsciiToName : sharedLib.declare("CERT_AsciiToName",
-    					 ctypes.default_abi,
-    					 NSS.types.CERTName.ptr,
-    					 ctypes.char.ptr),
-
-    SECKEY_CreateSubjectPublicKeyInfo : sharedLib.declare("SECKEY_CreateSubjectPublicKeyInfo",
-    							  ctypes.default_abi,
-    							  NSS.types.CERTSubjectPublicKeyInfo.ptr,
-    							  NSS.types.SECKEYPublicKey.ptr),
-
-    CERT_CreateCertificateRequest : sharedLib.declare("CERT_CreateCertificateRequest",
-    						      ctypes.default_abi,
-    						      NSS.types.CERTCertificateRequest.ptr,
-    						      NSS.types.CERTName.ptr,
-    						      NSS.types.CERTSubjectPublicKeyInfo.ptr,
-    						      NSS.types.SECItem.ptr.ptr),
-
-    CERT_CreateCertificate : sharedLib.declare("CERT_CreateCertificate",
-    					       ctypes.default_abi,
-    					       NSS.types.CERTCertificate.ptr,
-    					       ctypes.uint32_t,
-    					       NSS.types.CERTName.ptr,
-    					       NSS.types.CERTValidity.ptr,
-    					       NSS.types.CERTCertificateRequest.ptr),
-
-    CERT_DestroyCertificate : sharedLib.declare("CERT_DestroyCertificate",
-						ctypes.default_abi,
-						ctypes.int,
-						NSS.types.CERTCertificate.ptr),
-
-    CERT_DestroyCertificateList : sharedLib.declare("CERT_DestroyCertificateList",
-						    ctypes.default_abi,
-						    ctypes.int,
-						    NSS.types.CERTCertificateList.ptr),
-
-    CERT_NewTempCertificate : sharedLib.declare("CERT_NewTempCertificate",
-						ctypes.default_abi,
-						NSS.types.CERTCertificate.ptr,
-						NSS.types.CERTCertDBHandle.ptr,
-						NSS.types.SECItem.ptr,
-						ctypes.char.ptr,
-						ctypes.int,
-						ctypes.int),
-
-    CERT_CreateValidity : sharedLib.declare("CERT_CreateValidity",
-    					    ctypes.default_abi,
-    					    NSS.types.CERTValidity.ptr,
-    					    ctypes.int64_t,
-    					    ctypes.int64_t),
-
-    CERT_CertListFromCert : sharedLib.declare("CERT_CertListFromCert",
-					      ctypes.default_abi,
-					      NSS.types.CERTCertificateList.ptr,
-					      NSS.types.CERTCertificate.ptr),
-
-    CERT_StartCertExtensions : sharedLib.declare("CERT_StartCertExtensions",
-    					     ctypes.default_abi,
-    					     ctypes.voidptr_t,
-    					     NSS.types.CERTCertificate.ptr),
-
-    CERT_AddExtension : sharedLib.declare("CERT_AddExtension",
-    					  ctypes.default_abi,
-					  ctypes.int,
-    					  ctypes.voidptr_t,
-    					  ctypes.int,
-    					  NSS.types.SECItem.ptr,
-    					  ctypes.int,
-    					  ctypes.int),
-
-
-    CERT_EncodeBasicConstraintValue : sharedLib.declare("CERT_EncodeBasicConstraintValue",
-    							ctypes.default_abi,
-    							ctypes.int,
-    							NSS.types.PLArenaPool.ptr,
-    							NSS.types.CERTBasicConstraints.ptr,
-    							NSS.types.SECItem.ptr),
-
-    CERT_EncodeAndAddBitStrExtension : sharedLib.declare("CERT_EncodeAndAddBitStrExtension",
-    							 ctypes.default_abi,
-    							 ctypes.int,
-    							 ctypes.voidptr_t,
-    							 ctypes.int,
-    							 NSS.types.SECItem.ptr,
-    							 ctypes.int),
-
-    CERT_EncodeAltNameExtension : sharedLib.declare("CERT_EncodeAltNameExtension",
-    						    ctypes.default_abi,
-    						    ctypes.int,
-    						    NSS.types.PLArenaPool.ptr,
-    						    NSS.types.CERTGeneralName.ptr,
-    						    NSS.types.SECItem.ptr),
-
-    CERT_FinishExtensions : sharedLib.declare("CERT_FinishExtensions",
-    					      ctypes.default_abi,
-    					      ctypes.int,
-    					      ctypes.voidptr_t),
-							
-    CERT_ImportCerts : sharedLib.declare("CERT_ImportCerts",
-    					 ctypes.default_abi,
-    					 ctypes.int,
-    					 NSS.types.CERTCertDBHandle.ptr,
-    					 ctypes.int,
-    					 ctypes.int,
-    					 NSS.types.SECItem.ptr.ptr,
-    					 NSS.types.CERTCertificate.ptr.ptr.ptr,
-    					 ctypes.int,
-    					 ctypes.int,
-    					 ctypes.char.ptr),
-
-    PORT_NewArena : sharedLib.declare("PORT_NewArena",
-    				      ctypes.default_abi,
-    				      NSS.types.PLArenaPool.ptr,
-    				      ctypes.uint32_t),
-
-    PORT_ArenaZAlloc : sharedLib.declare("PORT_ArenaZAlloc",
-					 ctypes.default_abi,
-					 ctypes.voidptr_t,
-					 NSS.types.PLArenaPool.ptr,
-					 ctypes.int),
-
-    PORT_FreeArena : sharedLib.declare("PORT_FreeArena",
-    				       ctypes.default_abi,
-    				       ctypes.void_t,
-    				       NSS.types.PLArenaPool.ptr,
-    				       ctypes.int),
-
-    CERT_GetCommonName : sharedLib.declare("CERT_GetCommonName",
-    					   ctypes.default_abi,
-    					   ctypes.char.ptr,
-    					   NSS.types.CERTName.ptr),
-
-    CERT_GetOrgUnitName : sharedLib.declare("CERT_GetOrgUnitName",
-					    ctypes.default_abi,
-					    ctypes.char.ptr,
-					    NSS.types.CERTName.ptr),
-
-    CERT_GetCertificateNames : sharedLib.declare("CERT_GetCertificateNames",
-    						 ctypes.default_abi,
-    						 NSS.types.CERTGeneralName.ptr,
-    						 NSS.types.CERTCertificate.ptr,
-    						 NSS.types.PLArenaPool.ptr),
-
-    CERT_DecodeDERCertificate : sharedLib.declare("__CERT_DecodeDERCertificate",
-                                                  ctypes.default_abi,
-                                                  NSS.types.CERTCertificate.ptr,
-                                                  NSS.types.SECItem.ptr,
-                                                  ctypes.int,
-                                                  ctypes.char.ptr),
-
-    CERT_FindCertExtension : sharedLib.declare("CERT_FindCertExtension",
-					       ctypes.default_abi,
-					       ctypes.int,
-					       NSS.types.CERTCertificate.ptr,
-					       ctypes.int,
-					       NSS.types.SECItem.ptr),
-  };
-
-};
diff --git a/src/chrome/content/code/Root-CAs.js b/src/chrome/content/code/Root-CAs.js
deleted file mode 100644
index 49777faca435..000000000000
--- a/src/chrome/content/code/Root-CAs.js
+++ /dev/null
@@ -1,348 +0,0 @@
-// These are concatenated md5 and sha1 fingerprints for the Firefox and
-// Microsoft root CAs as of Aug 2010
-
-root_ca_hashes = {
-  '00531D1D7201D423C820D00B6088C5D143DDB1FFF3B49B73831407F6BC8B975023D07C50' : true,
-  '015A99C3D64FA94B3C3BB1A3AB274CBFFC219A76112F76C1C508833C9A2FA2BA84AC087A' : true,
-  '019408DE857F8D806CE602CA89522848750251B2C632536F9D917279543C137CD721C6E0' : true,
-  '0208EE8CAAB8387A6824DCB4E26A52337E206939CC5FA883635F64C750EBF5FDA9AEE653' : true,
-  '0226C3015E08303743A9D07DCF37E6BF323C118E1BF7B8B65254E2E2100DD6029037F096' : true,
-  '034287D7C1167D18AFA4703CB8312C3E4EF2E6670AC9B5091FE06BE0E5483EAAD6BA32D9' : true,
-  '03DC08EEC4703FFA20E5E179E81AE7C59ED18028FB1E8A9701480A7890A59ACD73DFF871' : true,
-  '044BFDC96CDA2A32857C598461468A64BEB5A995746B9EDF738B56E6DF437A77BE106B81' : true,
-  '0468E9247E41CED76C441630703DDDB9AB16DD144ECDC0FC4BAAB62ECF0408896FDE52B7' : true,
-  '068690F2195471FDDD3DE6EEA161CAFF7030AABF8432A800666CCCC42A887E42B7553E2B' : true,
-  '069F6979166690021B8C8CA2C3076F3A627F8D7827656399D27D7F9044C9FEB3F33EFA9A' : true,
-  '06F0171EB1E961ED7A363CA594A1374AFAAA27B8CAF5FDF5CDA98AC3378572E04CE8F2E0' : true,
-  '06F9EBECCC569D88BA90F5BAB01AE00216D424FE9610E17519AF232BB68774E24144BE6E' : true,
-  '076192047EA6B9CD5E6B007AE3BF1D0434D499426F9FC2BB27B075BAB682AAE5EFFCBA74' : true,
-  '087C581F522B44B43B79CD01F8C5C3C995E6ADF8D77146024DD56A21B2E73FCDF23B35FF' : true,
-  '0B092C1CD721866F94376FE6A7F3224D0409565B77DA582E6495AC0060A72354E64B0192' : true,
-  '0C412F135BA054F596662D7ECD0E03F4DA79C1711150C23439AA2B0B0C62FD55B2F9F580' : true,
-  '0C5ADD5AAE29F7A77679FA4151FEF035B865130BEDCA38D27F69929420770BED86EFBC10' : true,
-  '0C7FDD6AF42AB9C89BBD207EA9DB5C3760D68974B5C2659E8A0FC1887C88D246691B182C' : true,
-  '0CF89E17FCD403BDE68D9B3C0587FE8433A335C23CE8034B04E13DE5C48E791AEB8C3204' : true,
-  '0E40A76CDE035D8FD10FE4D18DF96CA9A9E9780814375888F20519B06D2B0D2B6016907D' : true,
-  '0EFA4BF7D760CD65F7A7068857986239D29F6C98BEFC6D986521543EE8BE56CEBC288CF3' : true,
-  '0FA01300C3558AB7D37E2D04739EDE3C8B1A1106B8E26B232980FD652E6181376441FD11' : true,
-  '100EADF35C841D8E035F2DC93937F552742CDF1594049CBF17A2046CC639BB3888E02E33' : true,
-  '10FC635DF6263E0DF325BE5F79CD6767742C3192E607E424EB4549542BE1BBC53E6174E2' : true,
-  '119279403CB18340E5AB664A679280DFA9628F4B98A91B4835BAD2C1463286BB66646A8C' : true,
-  '14F108AD9DFA64E289E71CCFA8AD7D5E3921C115C15D0ECA5CCB5BC4F07D21D8050B566A' : true,
-  '155EF5117AA2C1150E927E66FE3B84C3B38FECEC0B148AA686C3D00F01ECC8848E8085EB' : true,
-  '15ACA5C2922D79BCE87FCB67ED02CF36E7B4F69D61EC9069DB7E90A7401A3CF47D4FE8EE' : true,
-  '15B298A354704048703A375582C45AFA0048F8D37B153F6EA2798C323EF4F318A5624A9E' : true,
-  '15EE9F5AA08528DF6BDD34A3A056D8307F8A77836BDC6D068F8B0737FCC5725413068CA4' : true,
-  '160A1613C17FF01D887EE3D9E71261CCF88015D3F98479E1DA553D24FD42BA3F43886AEF' : true,
-  '173574AF7B611CEBF4F93CE2EE40F9A2925A8F8D2C6D04E0665F596AFF22D863E8256F3F' : true,
-  '1802B00127036A191B323B83DE9AA985D6BF7994F42BE5FA29DA0BD7587B591F47A44F22' : true,
-  '1898C0D6E93AFCF9B0F50CF74B014417FAB7EE36972662FB2DB02AF6BF03FDE87C4B2F9B' : true,
-  '18AE695D15CAB917673267D597B260C04BA7B9DDD68788E12FF852E1A024204BF286A8F6' : true,
-  '1AD00CB9A6E68A3B6E95860C5B8CD8195A4D0E8B5FDCFDF64E7299A36C060DB222CA78E4' : true,
-  '1B2E00CA2606903DADFE6F1568D36BB367650DF17E8E7E5B8240A4F4564BCFE23D69C6F0' : true,
-  '1BD75F76734CC0DC98CA442BCC0F78DD31E2C52CE1089BEFFDDADB26DD7C782EBC4037BD' : true,
-  '1C4BE2C62DB9AC3114F4400769CB1F4011C5B5F75552B011669C2E9717DE6D9BFF5FA810' : true,
-  '1D3554048578B03F42424DBF20730A3F02FAF3E291435468607857694DF5E45B68851868' : true,
-  '1D6496AF2D821A300BA0620D76BC53AA7FBB6ACD7E0AB438DAAF6FD50210D007C6C0829C' : true,
-  '1E240EA0F876D785A3F5F8A1493D2EBAFD1ED1E2021B0B9F73E8EB75CE23436BBCC746EB' : true,
-  '1E42950233926BB95FC07FDAD6B24BFCCCAB0EA04C2301D6697BDD379FCD12EB24E3949D' : true,
-  '1E74C3863C0C35C53EC27FEF3CAA3CD9209900B63D955728140CD13622D8C687A4EB0085' : true,
-  '200B4A7A88A7A942868A5F74567B880593E6AB220303B52328DCDA569EBAE4D1D1CCFB65' : true,
-  '206BD68B4A8F48ABE488090DE5651A500CFD83DBAE44B9A0C8F676F3B570650B94B69DBF' : true,
-  '2124A681C1D8F219AF4998E39DFE0BF46A174570A916FBE84453EED3D070A1D8DA442829' : true,
-  '21BC82AB49C4133B4BB22B5C6B909C198BAF4C9B1DF02A92F7DA128EB91BACF498604B6F' : true,
-  '21D84C822B990933A2EB14248D8E5FE84054DA6F1C3F4074ACED0FECCDDB79D153FB901D' : true,
-  '21EFB85040393F756F27FEE3EA5870EBA59C9B10EC7357515ABB660C4D94F73B9E6E9272' : true,
-  '222DA601EA7C0AF7F06C56433F7776D3FEB8C432DCF9769ACEAE3DD8908FFD288665647D' : true,
-  '224D8F8AFCF735C2BB5734907B8B22163E2BF7F2031B96F38CE6C4D8A85D3E2D58476A0F' : true,
-  '246DABD2F2EA4A66AE5BBCAE50AD6E56F9DD19266B2043F1FE4B3DCB0190AFF11F31A69D' : true,
-  '2477D9A891D13BFA882DC2FFF8CD3393D8C5388AB7301B1B6ED47AE645253A6F9F1A2761' : true,
-  '252AC6C5896839F9557202165EA39ED23C71D70E35A5DAA8B2E3812DC3677417F5990DF3' : true,
-  '255BA669B87BF8780DC18FA6EAE47063FA0882595F9CA6A11ECCBEAF65C764C0CCC311D0' : true,
-  '257ABA832EB6A20BDAFEF5020F08D7AD81968B3AEF1CDC70F5FA3269C292A3635BD123D3' : true,
-  '259DCF5EB3259D95B93F00865F47943D43F9B110D5BAFD48225231B0D0082B372FEF9A54' : true,
-  '266D2C1998B6706838505419EC9034600B77BEBBCB7AA24705DECC0FBD6A02FC7ABD9B52' : true,
-  '27DE36FE72B70003009DF4F01E6C0424DE3F40BD5093D39B6C60F6DABC076201008976C9' : true,
-  '27EC3947CDDA5AAFE29A016521A94CBB4D2378EC919539B5007F758F033B211EC54D8BCF' : true,
-  '2A5D003739469475397B11A6F29341E13F85F2BB4A62B0B58BE1614ABB0D4631B4BEF8BA' : true,
-  '2A954ECA79B2874573D92D90BAF99FB6A43489159A520F0D93D032CCAF37E7FE20A8B419' : true,
-  '2B508718392D3BFFC3917F2D7DC08A97B19DD096DCD4E3E0FD676885505A672C438D4E9C' : true,
-  '2B7020568682A018C807531228702172F17F6FB631DC99E3A3C87FFE1CF1811088D96033' : true,
-  '2C20269DCB1A4A0085B5B75AAEC201378C96BAEBDD2B070748EE303266A0F3986E7CAE58' : true,
-  '2C6F17A39562012065D2076EFCB83F6DB1EAC3E5B82476E9D50B1EC67D2CC11E12E0B491' : true,
-  '2C8C175EB154AB9317B5365ADBD1C6F2A073E5C5BD43610D864C21130A855857CC9CEA46' : true,
-  '2C8F9F661D1890B147269D8E86828CA96252DC40F71143A22FDE9EF7348E064251B18118' : true,
-  '2CC2B0D5D622C52E901EF4633F0FBB324A058FDFD761DB21B0C2EE48579BE27F42A4DA1C' : true,
-  '2DBBE525D3D165823AB70EFAE6EBE2E1B3EAC44776C9C81CEAF29D95B6CCA0081B67EC9D' : true,
-  '2E03FDC5F5D72B9464C1BE8931F1169B96995C7711E8E52DF9E34BECEC67D3CBF1B6C4D2' : true,
-  '30C908DDD73E63A4092814C74EB97E2CCFE4313DBA05B8A7C30063995A9EB7C247AD8FD5' : true,
-  '30C9E71E6BE614EB65B216692031674D3BC0380B33C3F6A60C86152293D9DFF54B81C004' : true,
-  '31853C62949763B9AAFD894EAF6FE0CF1F4914F7D874951DDDAE02C0BEFD3A2D82755185' : true,
-  '324A4BBBC863699BBE749AC6DD1D4624AD7E1C28B064EF8F6003402014C3D0E3370EB58A' : true,
-  '3327D16CFC9185FC8C7E98FA854EF305E70715F6F728365B5190E271DEE4C65EBEEACAF3' : true,
-  '33B784F55F27D76827DE14DE122AED6F0747220199CE74B97CB03D79B264A2C855E933FF' : true,
-  '343339FC6D033A8FA25385443270DEC45E5A168867BFFF00987D0B1DC2AB466C4264F956' : true,
-  '34FCB8D036DB9E14B3C2F2DB8FE494C7379A197B418545350CA60369F33C2EAF474F2079' : true,
-  '354895364A545A72968EE064CCEF2C8CC90D1BEA883DA7D117BE3B79F4210E1A5894A72D' : true,
-  '370971C4AFEB7501AE636C3016BFD1E5A399F76F0CBF4C9DA55E4AC24E8960984B2905B6' : true,
-  '3741491B18569A26F5ADC266FB40A54C4313BB96F1D5869BC14E6A92F6CFF63469878237' : true,
-  '3785445332451F20F0F395E125C4434EF48B11BFDEABBE94542071E641DE6BBE882B40B9' : true,
-  '37A56ED4B1258497B7FD56157AF9A200B435D4E1119D1C6690A749EBB394BD637BA782B7' : true,
-  '3916AAB96A41E11469DF9E6C3B72DCB6879F4BEE05DF98583BE360D633E70D3FFE9871AF' : true,
-  '3AB2DE229A209349F9EDC8D28AE7680D36863563FD5128C7BEA6F005CFE9B43668086CCE' : true,
-  '3AE550B039BEC7463633A1FE823E8D943CBB5DE0FCD6397C0588E56697BD462ABDF95C76' : true,
-  '3B0AE4BB416A84B39D2C575E6542BE478E1032E9245944F84791983EC9E829CB1059B4D3' : true,
-  '3C4C25CC0A19CAEE6AEB55160086725F23E833233E7D0CC92B7C4279AC19C2F474D604CA' : true,
-  '3D4129CB1EAA1174CD5DB062AFB0435BDDE1D2A901802E1D875E84B3807E4BB1FD994134' : true,
-  '3E455215095192E1B75D379FB187298AB1BC968BD4F49D622AA89A81F2150152A41D829C' : true,
-  '3E80175BADD77C104BF941B0CF1642B000EA522C8A9C06AA3ECCE0B4FA6CDC21D92E8099' : true,
-  '3F459639E25087F7BBFE980C3C2098E62AC8D58B57CEBF2F49AFF2FC768F511462907A41' : true,
-  '400125068D21436A0E43009CE743F3D5F9CD0E2CDA7624C18FBDF0F0ABB645B8F7FED57A' : true,
-  '410352DC0FF7501B16F0028EBA6F45C5DAC9024F54D8F6DF94935FB1732638CA6AD77C13' : true,
-  '41B807F7A8D109EEB49A8E704DFC1B787A74410FB0CD5C972A364B71BF031D88A6510E9E' : true,
-  '4265CABE019A9A4CA98C4149CDC0D57F293621028B20ED02F566C532D1D6ED909F45002F' : true,
-  '42769768CFA6B43824AAA11BF267DECA4178AB4CBFCE7B4102ACDAC4933E6FF50DCF715C' : true,
-  '4281A0E21CE35510DE558942659622E6E0B4322EB2F6A568B654538448184A5036874384' : true,
-  '429BD669C6D445AD2E81511D355A89624F555CE20DCD3364E0DC7C41EFDD40F50356C122' : true,
-  '45E1A572C5A93664409EF5E45884678C6B2F34AD8958BE62FDB06B5CCEBB9DD94F4E39F3' : true,
-  '45F750114EC5ADBD53688663EC7B6AE1C09AB0C8AD7114714ED5E21A5A276ADCD5E7EFCB' : true,
-  '468C210EAB92214659DBA6DB0061DE265A5A4DAF7861267C4B1F1E67586BAE6ED4FEB93F' : true,
-  '48D11E627801C26E4369A42CEE130AB564902AD7277AF3E32CD8CC1DC79DE1FD7F8069EA' : true,
-  '4963AE27F4D5953DD8DB2486B89C0753D3C063F219ED073E34AD5D750B327629FFD59AF2' : true,
-  '497904B0EB8719AC47B0BC11519B74D0D1EB23A46D17D68FD92564C2F1F1601764D8E349' : true,
-  '49EFA6A1F0DE8EA76AEE5B7D1E5FC4463E42A18706BD0C9CCF594750D2E4D6AB0048FDC4' : true,
-  '4B1C568CA0E8C79E1EF5EE32939965FE4C95A9902ABE0777CED18D6ACCC3372D2748381E' : true,
-  '4B6771BE33B90DB64B3A400187F08B1F7AC5FFF8DCBC5583176877073BF751735E9BD358' : true,
-  '4B798DD41D0392AA51EE04E5906F474954F9C163759F19045121A319F64C2D0555B7E073' : true,
-  '4BE2C99196650CF40E5A9392A00AFEB28CF427FD790C3AD166068DE81E57EFBB932272D4' : true,
-  '4C5641E50DBB2BE8CAA3ED1808AD43390483ED3399AC3608058722EDBC5E4600E3BEF9D7' : true,
-  '4D56677ECCE6457259B74F511172E169C0DB578157E9EE82B5917DF0DD6D82EE9039C4E2' : true,
-  '4FEBF1F070C280635D589FDA123CA9C4E392512F0ACFF505DFF6DE067F7537E165EA574B' : true,
-  '50193E2FE8B6F4055449F3AEC98B3E1947AFB915CDA26D82467B97FA42914468726138DD' : true,
-  '5186E81FBCB1C371B51810DB5FDCF62078E9DD0650624DB9CB36B50767F209B843BE15B3' : true,
-  '556EBEF54C1D7C0360C43418BC9649C1245C97DF7514E7CF2DF8BE72AE957B9E04741E85' : true,
-  '565FAA80611217F66721E62B6D61568E8025EFF46E70C8D472246584FE403B8A8D6ADBF5' : true,
-  '58EB470764D62CBAE29B96552B9700B56A6F2A8B6E2615088DF59CD24C402418AE42A3F1' : true,
-  '59736628512B98B410FF7D06FA22D6C8A0F8DB3F0BF417693B282EB74A6AD86DF9D448A3' : true,
-  '5A11B922850289E1C3F22CE14EC101844B421F7515F6AE8A6ECEF97F6982A400A4D9224E' : true,
-  '5B6F532CBB8188FA6C042C325DA56B967CA04FD8064C1CAA32A37AA94375038E8DF8DDC0' : true,
-  '5B9EFD3B6035EA688E52FE1319144AA36B81446A5CDDF474A0F800FFBE69FD0DB6287516' : true,
-  '5C48DCF74272EC56946D1CCC713580756631BF9EF74F9EB6C9D5A60CBA6ABED1F7BDEF7B' : true,
-  '5E397BDDF8BAEC82E9AC62BA0C54002BCA3AFBCF1240364B44B216208880483919937CF7' : true,
-  '5E809E845A0E650B1702F355182A3ED7786A74AC76AB147F9C6A3050BA9EA87EFE9ACE3C' : true,
-  '5F944A7322B8F7D131EC5939F78EFE6E9FC796E8F8524F863AE1496D381242105F1B78F5' : true,
-  '60847C5ACEDB0CD4CBA7E9FE02C6A9C0101DFA3FD50BCBBB9BB5600C1955A41AF4733A04' : true,
-  '649CEF2E44FCC68F5207D051738FCB3DDA40188B9189A3EDEEAEDA97FE2F9DF5B7D18A41' : true,
-  '65295911BB8F5166890D47824002C5AFC4674DDC6CE2967FF9C92E072EF8E8A7FBD6A131' : true,
-  '6558AB15AD576C1EA8A7B569ACBFFFEBE5DF743CB601C49B9843DCAB8CE86A81109FE48E' : true,
-  '67AC0D773011DED143AE7B737190BCA9ED8DC8386C4886AEEE079158AAC3BFE658E394B4' : true,
-  '67CB9DC013248A829BB2171ED11BECD4D23209AD23D314232174E40D7F9D62139786633A' : true,
-  '689B17C654E0E0E099551642F75A86D8027268293E5F5D17AAA4B3C3E6361E1F92575EAA' : true,
-  '6960ECBE8C94D76E6F2EC4782F55F08397226AAE4A7A64A59BD16787F27F841C0A001FD0' : true,
-  '6C397DA40E5559B23FD641B11250DE435F3B8CF2F810B37D78B4CEEC1919C37334B9C774' : true,
-  '6CC9A76E47F10CE3533B784C4DC26AC5B72FFF92D2CE43DE0A8D4C548C503726A81E2B93' : true,
-  '6D38C49B22244CA3A8B3A09345E157FA89C32E6B524E4D65388B9ECEDC637134ED4193A3' : true,
-  '70B57C4881953E80DC289BBAEF1EE4854072BA31FEC351438480F62E6CB95508461EAB2F' : true,
-  '711F0E21E7AAEA323A6623D3AB50D66996974CD6B663A7184526B1D648AD815CF51E801A' : true,
-  '71AA6AAF1FA5C0D50E90D40BF6AADFCC55C86F7414AC8BDD6814F4D86AF15F3710E104D0' : true,
-  '71E265FBCD7B0B845BE3BCD76320C598CFF810FB2C4FFC0156BFE1E1FABCB418C68D31C5' : true,
-  '72E44A87E369408077EABCE3F4FFF0E15F43E5B1BFF8788CAC1CC7CA4A9AC6222BCC34C6' : true,
-  '733A747AECBBA396A6C2E4E2C89BC0C3AEC5FB3FC8E1BFC4E54F03075A9AE800B7F7B6FA' : true,
-  '739DD35FC63C95FEC6ED89E58208DD897FB9E2C995C97A939F9E81A07AEA9B4D70463496' : true,
-  '74014A91B108C458CE47CDF0DD11530885A408C09C193E5D51587DCDD61330FD8CDE37BF' : true,
-  '747B820343F0009E6BB3EC47BF85A5934463C531D7CCC1006794612BB656D3BF8257846F' : true,
-  '74A82C81432B35609B78056B58F36582CFF360F524CB20F1FEAD89006F7F586A285B2D5B' : true,
-  '770D19B121FD00429C3E0CA5DD0B028E25019019CFFBD9991CB76825748D945F30939542' : true,
-  '774AF42C9DB027B747B515E4C762F0FCDF646DCB7B0FD3A96AEE88C64E2D676711FF9D5F' : true,
-  '782A02DFDB2E14D5A75F0ADFB68E9C5D4F65566336DB6598581D584A596C87934D5F2AB4' : true,
-  '78A5FB104BE4632ED26BFBF2B6C24B8EEC0C3716EA9EDFADD35DFBD55608E60A05D3CBF3' : true,
-  '79E4A9840D7D3A96D7C04FE2434C892EA8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436' : true,
-  '7A79544D07923B5BFF41F00EC739A298C060ED44CBD881BD0EF86C0BA287DDCF8167478C' : true,
-  '7BB508999A8C18BF85277D0EAEDAB2AB24BA6D6C8A5B5837A48DB5FAE919EA675C94D217' : true,
-  '7C62FF749D31535E684AD578AA1EBF239F744E9F2B4DBAEC0F312C50B6563B8E2D93C311' : true,
-  '7CA50FF85B9A7D6D30AE545AE342A28A59AF82799186C7B47507CBCF035746EB04DDB716' : true,
-  '7D86908F5BF1F240C0F73D62B5A4A93B72997913EC9B0DAE65D1B6D7B24A76A3AEC2EE16' : true,
-  '7E234E5BA7A5B425E90007741162AED67F8AB0CFD051876A66F3360F47C88D8CD335FC74' : true,
-  '7F667A71D3EB6978209A51149D83DA20BE36A4562FB2EE05DBB3D32323ADF445084ED656' : true,
-  '803ABC22C1E6FB8D9B3B274A321B9A0147BEABC922EAE80E78783462A79F45C254FDE68B' : true,
-  '8135B9FBFB12CA186936EBAE6978A1F1DCBB9EB7194BC47205C111752986835B53CAE4F8' : true,
-  '81D6ED354F1F26D031D040DD8AE5810DE0925E18C7765E22DABD9427529DA6AF4E066428' : true,
-  '8212F789E10B9160A4B6229F9468119268ED18B309CD5291C0D3357C1D1141BF883866B1' : true,
-  '824AD493004D66B6A32CA77B3536CF0B687EC17E0602E3CD3F7DFBD7E28D57A0199A3F44' : true,
-  '8292BA5BEFCD8A6FA63D55F984F6D6B7F9B5B632455F9CBEEC575F80DCE96E2CC7B278B7' : true,
-  '84901D95304956FC4181F045D776C46B439E525F5A6A47C32CEBC45C63ED39317CE5F4DF' : true,
-  '852FF4764CD5426CCB5E7DF717E835BD4EFCED9C6BDD0C985CA3C7D253063C5BE6FC620C' : true,
-  '85CA765A1BD16822DCA22312CAC680345BCDCDCC66F6DCE4441FE37D5CC3134C46F47038' : true,
-  '86386D5E49636C855CDB6DDC94B7D0F7ACED5F6553FD25CE015F1F7A483B6A749F6178C6' : true,
-  '86420509BCA79DEC1DF32E0EBAD81DD01D8259CA2127C3CBC16CD932F62C65298CA88712' : true,
-  '86ACDE2BC56DC3D98C2888D38D16131ECE6A64A309E42FBBD9851C453E6409EAE87D60F1' : true,
-  '86EF8E319D9F8569A2A41A127168BA1B90DECE77F8C825340E62EBD635E1BE20CF7327DD' : true,
-  '8714AB83C4041BF193C750E2D721EBEF30779E9315022E94856A3FF8BCF815B082F9AEFD' : true,
-  '879055F2CE31153C33D927C876E37DE13070F8833E4AA6803E09A646AE3F7D8AE1FD1654' : true,
-  '87CE0B7B2A0E4900E158719B37A893720563B8630D62D75ABBC8AB1E4BDFB5A899B24D43' : true,
-  '882C8C52B8A23CF3F7BB03EAAEAC420B74207441729CDD92EC7931D823108DC28192E2BB' : true,
-  '8949548CC8689A8329ECDC067321AB97A60F34C8626C81F68BF77DA9F667588A903F7D36' : true,
-  '8956AA4D441E59D805A1886DEAC828B26372C49DA9FFF051B8B5C7D4E5AAE30384024B9C' : true,
-  '8BCA525F7553D02C6F630D8F882E1CD78EB03FC3CF7BB292866268B751223DB5103405CB' : true,
-  '8CCADC0B22CEF5BE72AC411A11A8D81291C6D6EE3E8AC86384E548C299295C756C817B81' : true,
-  '8CD79FEBC7B8144C5478A7903BA935671F55E8839BAC30728BE7108EDE7B0BB0D3298224' : true,
-  '8D26FF2F316D5929DDE636A7E2CE6425720FC15DDC27D456D098FABF3CDD78D31EF5A8DA' : true,
-  '8D639B56C114E4EE9A128586119082A3D2441AA8C203AECAA96E501F124D52B68FE4C375' : true,
-  '8D7251DBA03ACF2077DFF265065EDFEFC8C25F169EF85074D5BEE8CDA2D43CAEE75FD257' : true,
-  '8EADB501AA4D81E48C1DD1E1140095193679CA35668772304D30A5FB873B0FA77BB70D54' : true,
-  '8F5D770627C4983C5B9378E7D77D9BCC7E784A101C8265CC2DE1F16D47B440CAD90A1945' : true,
-  '8F91E7EEE3FCDA86CAFCDC70EDB7B70C8250BED5A214433A66377CBC10EF83F669DA3A67' : true,
-  '911B3F6ECD9EABEE07FE1F71D2B36127E19FE30E8B84609E809B170D72A8C5BA6E1409BD' : true,
-  '91DE0625ABDAFD32170CBB25172A84672796BAE63F1801E277261BA0D77770028F20EEE4' : true,
-  '91F4035520A1F8632C62DEACFB611C8E21FCBD8E7F6CAF051BD1B343ECA8E76147F20F8A' : true,
-  '9265588BA21A317273685CB4A57A0748E621F3354379059A4B68309D8A2F74221587EC79' : true,
-  '932A3EF6FD23690D7120D42B47992BA6CBA1C5F8B0E35EB8B94512D3F934A2E90610D336' : true,
-  '937F901CED846717A4655F9BCB3002978781C25A96BDC2FB4C65064FF9390B26048A0E01' : true,
-  '93C28E117BD4F30319BD2875134A454AAB48F333DB04ABB9C072DA5B0CC1D057F0369B46' : true,
-  '93EB36130BC154F13E7505E5E01CD4375F4E1FCF31B7913B850B54F6E5FF501A2B6FC6CF' : true,
-  '93F1AD340B2BE7A85460E2738CA49431705D2B4565C7047A540694A79AF7ABB842BDC161' : true,
-  '9414777E3E5EFD8F30BD41B0CFE7D03075E0ABB6138512271C04F85FDDDE38E4B7242EFE' : true,
-  '96897D61D1552B27E25A39B42A6C446F8EFDCABC93E61E925D4D1DED181A4320A467A139' : true,
-  '9760E8575FD35047E5430C94368AB06290AEA26985FF14804C434952ECE9608477AF556F' : true,
-  '978FC66B3B3E40857724750B76BB55F8B5D303BF8682E152919D83F184ED05F1DCE5370C' : true,
-  '9A771918ED96CFDF1BB70EF58DB9882ECF74BFFF9B86815B08335440363E87B6B6F0BF73' : true,
-  '9AAEF722F533FB4EEC0A249DC63D7D255E997CA5945AAB75FFD14804A974BF2AE1DFE7E1' : true,
-  '9B340D1A315B97462698BCA6136A71969E6CEB179185A29EC6060CA53E1974AF94AF59D4' : true,
-  '9D666ACCFFD5F543B4BF8C16D12BA8998939576E178DF705780FCC5EC84F84F6253A4893' : true,
-  '9DFBF9ACED893322F428488325235BE0A69A91FD057F136A42630BB1760D2D51120C1650' : true,
-  '9E80FF78010C2EC136BDFE96906E08F34ABDEEEC950D359C89AEC752A12C5B29F6D6AA0C' : true,
-  '9F6C1F0F07AC1921F915BBD5C72CD82AF5C27CF5FFF3029ACF1A1A4BEC7EE1964C77D784' : true,
-  '9FDDDBABFF8EFF45215FF06C9D8FFE2B9656CD7B57969895D0E141466806FBB8C6110687' : true,
-  'A10B44B3CA10D8006E9D0FD80F920AD1B80186D1EB9C86A54104CF3054F34C52B7E558C6' : true,
-  'A208E4B33EEFDE084B60D0BF7952498D8CC4307BC60755E7B22DD9F7FEA245936C7CF288' : true,
-  'A2339B4C747873D46CE7C1F38DCB5CE985371CA6E550143DCE2803471BDE3A09E8F8770F' : true,
-  'A26F53B7EE40DB4A68E7FA18D9104B7269BD8CF49CD300FB592E1793CA556AF3ECAA35FB' : true,
-  'A33D88FE161BDDF95C9F1A7FD8C89008A3E31E20B2E46A328520472D0CDE9523E7260C6D' : true,
-  'A37D2C27E4A7F3AA5F75D4C49264026AB6AF5BE5F878A00114C3D7FEF8C775C34CCD17B6' : true,
-  'A3EC750F2E88DFFA48014E0B5C486FFB37F76DE6077C90C5B13E931AB74110B4F2E49A27' : true,
-  'A66B6090239B3F2DBB986FD6A7190D46E0AB059420725493056062023670F7CD2EFC6666' : true,
-  'A771FD26FC3CE540F19906EBC1936DE9E619D25B380B7B13FDA33E8A58CD82D8A88E0515' : true,
-  'A7F2E41606411150306B9CE3B49CB0C9E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46' : true,
-  'A80D6F3978B9436D77426D985ACC23CAD6DAA8208D09D2154D24B52FCB346EB258B28A58' : true,
-  'A8EDDEEB938866D82FC3BD1DBE45BE4D7639C71847E151B5C7EA01C758FBF12ABA298F7A' : true,
-  'A923759BBA49366E31C2DBF2E766BA87317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6' : true,
-  'A981C0B73A9250BC91A521FF3D47879FCB658264EA8CDA186E1752FB52C397367EA387BE' : true,
-  'AA088FF6F97BB7F2B1A71E9BEAEABD79CF9E876DD3EBFC422697A3B5A37AA076A9062348' : true,
-  'AA8E5DD9F8DB0A58B78D26876C823555409D4BD917B55C27B69B64CB9822440DCD09B889' : true,
-  'AABFBF6497DA981D6FC6083A957033CA394FF6850B06BE52E51856CC10E180E882B385CC' : true,
-  'AB57A65B7D428219B5D85826285EFDFFB12E13634586A46F1AB2606837582DC4ACFD9497' : true,
-  'ABAB8D2DB740E5973D2FF2A63BDA6A05C18211328A92B3B23809B9B5E2740A07FB12EB5E' : true,
-  'ABBFEAE36B29A6CCA6783599EFAD2B802F173F7DE99667AFA57AF80AA2D1B12FAC830338' : true,
-  'ACB694A59C17E0D791529BB19706A6E4D4DE20D05E66FC53FE1A50882C78DB2852CAE474' : true,
-  'AD8E0F9E016BA0C574D50CD368654F1ECFDEFE102FDA05BBE4C78D2E4423589005B2571D' : true,
-  'AFB8336E7CDDC60264AD58FC0D4F7BCFBC7B3C6FEF26B9F7AB10D7A1F6B67C5ED2A12D3D' : true,
-  'B001EE14D9AF291894768EF169332A846E3A55A4190C195C93843CC0DB722E313061F0B1' : true,
-  'B147BC1857D118A0782DEC71E82A9573204285DCF7EB764195578E136BD4B7D1E98E46A5' : true,
-  'B39C25B1C32E32538015309D4D02773E6782AAE0EDEEE21A5839D3C0CD14680A4F60142A' : true,
-  'B3A53E77216DAC4AC0C9FBD5413DCA0658119F0E128287EA50FDD987456F4F78DCFAD6D4' : true,
-  'B44ADBE85916461E5AD86EDA064352622964B686135B5DFDDD3253A89BBC24D74B08C64D' : true,
-  'B465220A7CADDF41B7D544D5ADFA9A75BC9219DDC98E14BF1A781F6E280B04C27F902712' : true,
-  'B4819E89AC1724FD2A4285271D0C2B5D20CB594FB4EDD895763FD5254E959A6674C6EEB2' : true,
-  'B5E83436C910445848706D2E83D4B805039EEDB80BE7A03C6953893B20D2D9323A4C2AFD' : true,
-  'B75274E292B48093F275E4CCD7F2EA263BC49F48F8F373A09C1EBDF85BB1C365C7D811B3' : true,
-  'B774CD487C5F9A0D3BF3FE66F41B3DFA5B4E0EC28EBD8292A51782241281AD9FEEDD4E4C' : true,
-  'B7B0D1EC1A033ECEA91511CCB16FB2AEE3D73606996CDFEF61FA04C335E98EA96104264A' : true,
-  'B8089AF003CC1B0DC86C0B76A1756423A0A1AB90C9FC847B3B1261E8977D5FD32261D3CC' : true,
-  'B816334C4C4CF2D8D34D06B4A65B4003838E30F77FDD14AA385ED145009C0E2236494FAA' : true,
-  'B8D312034E8C0C5A47C9B6C59E5B97FD0560A2C738FF98D1172A94FE45FB8A47D665371E' : true,
-  'BA21EA20D6DDDB8FC1578B40ADA1FCFC801D62D07B449D5C5C035C98EA61FA443C2A58FE' : true,
-  'BA926442161FCBA116481AF6405C59870456F23D1E9C43AECB0D807F1C0647551A05F456' : true,
-  'BC6C5133A7E9D366635415721B2192935922A1E15AEA163521F898396A4646B0441B0FA9' : true,
-  'BD8ACE34A8AE6148E85EC87A1CE8CCBFD2EDF88B41B6FE01461D6E2834EC7C8F6C77721E' : true,
-  'BDD6F58A7C3CC4A6F934CCC38961F6B2CABB51672400588E6419F1D40878D0403AA20264' : true,
-  'BE395ABE078AB1121725CC1D46343CB2DE990CED99E0431F60EDC3937E7CD5BF0ED9E5FA' : true,
-  'BF6059A35BBAF6A77642DA6F1A7B50CF5D989CDB159611365165641B560FDBEA2AC23EF1' : true,
-  'BFB5E77D3DEA6F1DF08A50BC8C1CFA1DE4554333CA390E128B8BF81D90B70F4002D1D6E9' : true,
-  'C1623E23C582739C03594B2BE977497F2AB628485E78FBF3AD9E7910DD6BDF99722C96E5' : true,
-  'C1D43E07AEEBECFD7589E67EA84CEBCD76B76096DD145629AC7585D37063C1BC47861C8B' : true,
-  'C1D951C084B86A75E82FD7D65F7EAC460B972C9EA6E7CC58D93B20BF71EC412E7209FABF' : true,
-  'C22A59ABCF152F4CF7E631A316AE840C9158C5EF987301A8903CFDAB03D72DA1D88909C9' : true,
-  'C2DBAB8E9652C5EEAEF25500896D55953913853E45C439A2DA718CDFB6F3E033E04FEE71' : true,
-  'C45D0E48B6AC28304E0ABCF938168757D8A6332CE0036FB185F6634F7D6A066526322827' : true,
-  'C463AB44201C36E437C05F279D0F6F6E97E2E99636A547554F838FBA38B82E74F89A830A' : true,
-  'C4D7F0B2A3C57D6167F004CD43D3BA5890DEDE9E4C4E9F6FD88617579DD391BC65A68964' : true,
-  'C570C4A2ED53780CC810538164CBD01D23E594945195F2414803B4D564D2A3A3F5D88B8C' : true,
-  'C5A1B7FF73DDD6D7343218DFFC3CAD8806083F593F15A104A069A46BA903D006B7970991' : true,
-  'C5DFB849CA051355EE2DBA1AC33EB028D69B561148F01C77C54578C10926DF5B856976AD' : true,
-  'C5E67BBF06D04F43EDC47A658AFB6B19339B6B1450249B557A01877284D9E02FC3D2D8E9' : true,
-  'C69F6D5CB379B00389CBF03FA4C09F8AEF2DACCBEABB682D32CE4ABD6CB90025236C07BC' : true,
-  'C7BD11D6918A3582C53666017C6F4779634C3B0230CF1B78B4569FECF2C04A8652EFEF0E' : true,
-  'C86E97F335A729144782892391A6BEC84A3F8D6BDC0E1ECFCD72E377DEF2D7FF92C19BC7' : true,
-  'C91962D0DA7E1020FCA4CD0380872DF551A44C28F313E3F9CB5E7C0A1E0E0DD2843758AE' : true,
-  'C9982777281E3D0E153C8400B88503E656E0FAC03B8F18235518E5D311CAE8C24331AB66' : true,
-  'CA3DD368F1035CD032FAB82B59E85ADB97817950D81C9670CC34D809CF794431367EF474' : true,
-  'CB17E431673EE209FE455793F30AFA1C4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5' : true,
-  'CBBDC3682DB3CB1859D32952E8C66489C9321DE6B5A82666CF6971A18A56F2D3A8675602' : true,
-  'CC4DAEFB306BD838FE50EB86614BD2269C615C4D4D85103A5326C24DBAEAE4A2D2D5CC97' : true,
-  'CD3B3D625B09B80936879E122F7164BA67EB337B684CEB0EC2B0760AB488278CDD9597DD' : true,
-  'CD68B6A7C7C4CE75E01D4F5744619209132D0D45534B6997CDB2D5C339E25576609B5CC6' : true,
-  'CD996CDB2AC296155ABF879EAEA5EE93EE29D6EA98E632C6E527E0906F0280688BDF44DC' : true,
-  'CDF439F3B51850D73EA4C591A03E214BE1A45B141A21DA1A79F41A42A961D669CD0634C1' : true,
-  'CE78335C5978016E18EAB936A0B92E23AE5083ED7CF45CBC8F61C621FE685D794221156E' : true,
-  'CF8F3B62A3CACA711BA3E1CB4857351F5D003860F002ED829DEAA41868F788186D62127F' : true,
-  'CFF4270DD4EDDC6516496D3DDABF6EDE3A44735AE581901F248661461E3B9CC45FF53A1B' : true,
-  'D2EDEE7992F78272180BFED98BEC13D8A7F8390BA57705096FD36941D42E7198C6D4D9D5' : true,
-  'D35376E3CE58C5B0F29FF42A05F0A1F2211165CA379FBB5ED801E31C430A62AAC109BCB4' : true,
-  'D3D9BDAE9FAC6724B3C81B52E1B9A9BD4A65D5F41DEF39B8B8904A4AD3648133CFC7A1D1' : true,
-  'D3F3A616C0FA6B1D59B12D964D0E112E74F8A3C3EFE7B390064B83903C21646020E5DFCE' : true,
-  'D474DE575C39B2D39C8583C5C065498A5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25' : true,
-  'D480656824F9892228DBF5A49A178F14016897E1A0B8F2C3B134665C20A727B7A158E28F' : true,
-  'D59788DA6416E71D664AA6EA37FC7ADCEC93DE083C93D933A986B3D5CDE25ACB2FEECF8E' : true,
-  'D5BEFFB5EE826CF0E2578EA7E5346F03D904080A4929C838E9F185ECF7A22DEF99342407' : true,
-  'D5E98140C51869FC462C8975620FAA7807E032E020B72C3F192F0628A2593A19A70F069E' : true,
-  'D63981C6527E9669FCFCCA66ED05F296B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E' : true,
-  'D6A5C3ED5DDD3E00C13D87921F1D3FE4B31EB1B740E36C8402DADC37D44DF5D4674952F9' : true,
-  'D6ED3CCAE2660FAF10430D779B0409BF85B5FF679B0C79961FC86E4422004613DB179284' : true,
-  'D7343DEF1D270928E131025B132BDDF7B172B1A56D95F91FE50287E14D37EA6A4463768A' : true,
-  'D87E32EF69F8BF72031D4082E8A775AF42EFDDE6BFF35ED0BAE6ACDD204C50AE86C4F4FA' : true,
-  'DA26B6E6C7C2F7B79E4659B3577718653E84D3BCC544C0F6FA19435C851F3F2FCBA8E814' : true,
-  'DB233DF969FA4BB9958044735E7D4183273EE12457FDC4F90C55E82B56167F62F532E547' : true,
-  'DBC8F2272EB1EA6A29235DFE563E33DFC8EC8C879269CB4BAB39E98D7E5767F31495739D' : true,
-  'DC32C3A76D2557C768099DEA2DA9A2D18782C6C304353BCFD29692D2593E7D44D934FF11' : true,
-  'DC6D6FAF897CDD17332FB5BA9035E9CE7F88CD7223F3C813818C994614A89C99FA3B5247' : true,
-  'DD753F56BFBBC5A17A1553C690F9FBCC24A40A1F573643A67F0A4B0749F6A22BF28ABB6B' : true,
-  'DF0DBC7CC836B77699A1ABF0D20F896A342CD9D3062DA48C346965297F081EBC2EF68FDC' : true,
-  'DF168A83EA83845DB96501C6A65D193EDBAC3C7AA4254DA1AA5CAAD68468CB88EEDDEEA8' : true,
-  'DF3C735981E7395081044C34A2CBB37B61573A11DF0ED87ED5926522EAD056D744B32371' : true,
-  'DFF28073CCF1E66173FCF542E9C57CEE99A69BE61AFE886B4D2B82007CB854FC317E1539' : true,
-  'E006A1C97DCFC9FC0DC0567596D862139BAAE59F56EE21CB435ABE2593DFA7F040D11DCB' : true,
-  'E14B5273D71BDB9330E5BDE4096EBEFB216B2A29E62A00CE820146D8244141B92511B279' : true,
-  'E1C07EA0AABBD4B77B84C228117808A7CDD4EEAE6000AC7F40C3802C171E30148030C072' : true,
-  'E2D52023ECEEB872E12B5D296FFA43DA9BACF3B664EAC5A17BED08437C72E4ACDA12F7E7' : true,
-  'E2D8F867F4509435FC5E05FC822295C30446C8BB9A6983C95C8A2E5464687C1115AAB74A' : true,
-  'E2F8E080D0083F1EC1E9D23F8069AE06C73026E325FE21916B55C4B53A56B13DCAF3D625' : true,
-  'E60BD2C9CA2D88DB1A710E4B78EB024140E78C1D523D1CD9954FAC1A1AB3BD3CBAA15BFC' : true,
-  'E77ADCB11F6E061F746C591627C34BC07454535C24A3A758207E3E3ED324F816FB211649' : true,
-  'E8CC9FB09B40C51F4FBA7421F952857A688B6EB807E8EDA5C7B17C4393D0795F0FAE155F' : true,
-  'EBB04F1D3A2E372F1DDA6E27D6B680FA18F7C1FCC3090203FD5BAA2F861A754976C8DD25' : true,
-  'EBF59D290D61F9421F7CC2BA6DE3150928903A635B5280FAE6774C0B6DA7D6BAA64AF2E8' : true,
-  'EC407D2B765267052CEAF23A4F65F0D8A5EC73D48C34FCBEF1005AEB85843524BBFAB727' : true,
-  'ED41F58C50C52B9C73E6EE6CEBC2A8261B4B396126276B6491A2686DD70243212D1F1D96' : true,
-  'EE2931BC327E9AE6E8B5F751B4347190503006091D97D4F5AE39F7CBE7927D7D652D3431' : true,
-  'EE7A41E0CF757D889280A21A9A7BA157679A4F81FC705DDEC419778DD2EBD875F4C242C6' : true,
-  'EEFE6169656EF89CC62AF4D72B63EFA29FAD91A6CE6AC6C50047C44EC9D4A50D92D84979' : true,
-  'EF5AF133EFF1CDBB5102EE12144B96C4A1DB6393916F17E4185509400415C70240B0AE6B' : true,
-  'F058C503826717AB8FDA0310278E19C2CB44A097857C45FA187ED952086CB9841F2D51B5' : true,
-  'F096B62FC510D5678E832532E85E2EE52388C9D371CC9E963DFF7D3CA7CEFCD625EC190D' : true,
-  'F09E639376A595BC1861F19BFBD364DD80BF3DE9A41D768D194B293C85632CDBC8EA8CF7' : true,
-  'F16A2218C9CDDFCE821D1DB7785CA9A57998A308E14D6585E6C21E153A719FBA5AD34AD9' : true,
-  'F1BC636A54E0B527F5CDE71AE34D6E4A36B12B49F9819ED74C9EBC380FC6568F5DACB2F7' : true,
-  'F20598E5964BBE5D55181B55B388E3929078C5A28F9A4325C2A7C73813CDFE13C20F934E' : true,
-  'F27DE954E4A3220D769FE70BBBB3242B049811056AFE9FD0F5BE01685AACE6A5D1C4454C' : true,
-  'F37E3A13DC746306741A3C38328CFBA9253F775B0E7797AB645F15915597C39E263631D1' : true,
-  'F3D752A875FD18ECE17D35B1706EA59C968338F113E36A7BABDD08F7776391A68736582E' : true,
-  'F4FF97428070FE66168BBED35315819BF44095C238AC73FC4F77BF8F98DF70F8F091BC52' : true,
-  'F520DA5203862B92768D5CB72D8B93ADA65CB4733D94A5C865A864647C2C01272C89B143' : true,
-  'F775AB29FB514EB7775EFF053C998EF5DE28F4A4FFE5B92FA3C503D1A349A7F9962A8212' : true,
-  'F7B661AB03C25C463E2D2CF4A124D854FAA7D9FB31B746F200A85E65797613D816E063B5' : true,
-  'F8387C7788DF2C16682EC2E2524BB8F95F3AFC0A8B64F686673474DF7EA9A2FEF9FA7A51' : true,
-  'F8BEC46322C9A846748BB81D1E4A2BF661EF43D77FCAD46151BC98E0C35912AF9FEB6311' : true,
-  'FB1B5D438A94CD44C676F2434B47E731F18B538D1BE903B6A6F056435B171589CAF36BF2' : true,
-  'FC11B8D8089330006D23F97EEB521E0270179B868C00A4FA609152223F9F3E32BDE00562' : true,
-  'FD49BE5B185A25ECF9C354851040E8D4086418E906CEE89C2353B6E27FBD9E7439F76316' : true
-};
diff --git a/src/chrome/content/code/STS.js b/src/chrome/content/code/STS.js
deleted file mode 100644
index 17999aaeda3a..000000000000
--- a/src/chrome/content/code/STS.js
+++ /dev/null
@@ -1,228 +0,0 @@
-// http://lists.w3.org/Archives/Public/www-archive/2009Sep/att-0051/draft-hodges-strict-transport-sec-05.plain.html
-
-const STS = {
-  
-  enabled: false,
-  
-  get db() {
-    delete this.db;
-    return this.initPersistentDB();
-  },
-  
-  initPersistentDB: function() {
-    return this.db = new STSDB(STSPersistence);
-  },
-  
-  processRequest: function(chan) {
-    if (this.enabled) {
-      var uri = chan.URI;
-      if (uri.schemeIs("https")) {
-        try {
-          this.db.processHeader(uri.asciiHost, chan.getResponseHeader("Strict-Transport-Security"));
-        } catch (e) {}
-      }
-    }
-  },
-  
-  isSTSURI: function(uri) {
-    return this.enabled && this.db.matches(uri.asciiHost);
-  },
-  
-  enterPrivateBrowsing: function() {
-    try {
-      this.db.save();
-    } catch(e) {}
-    
-    this.db = new STSDB(this.db);
-  },
-  
-  exitPrivateBrowsing: function() {
-    this.initPersistentDB();
-  },
-  
-  eraseDB: function() {
-    this.db.reset();
-    STSPersistence.save(this.db);
-  },
-  
-  patchErrorPage: function(docShell, errorURI) {
-    // see #errors-in-secure-transport-establishment
-    if (!this.enabled) return;
-    
-    if (!(/^about:certerror?/.test(errorURI.spec) &&
-          this.isSTSURI(docShell.currentURI))
-       ) return;
-    
-    Thread.delay(function() {
-      docShell.document.getElementById("expertContent").style.display = "none";
-    }, 100);
-  },
-  
-  dispose: function() {
-    this.db.save();
-  }
-};
-
-function STSDB(source) {
-  this._entries = {};
-  if (source && source._entries) { // clone
-    var entries = source._entries;
-    for (var p in entries) {
-      this._entries[p] = entries[p];
-    }
-  } else {
-    if (source && source.load) {
-      this._persistence = source;
-      this.load();
-    }
-  } 
-}
-
-STSDB.prototype = {
-  _persistence: null,
-  _dirty: false,
-  _saveTimer: null,
-  
-  processHeader: function(host, header) {
-    if (DNS.isIP(host)) return;
-    
-    var m = header.match(/^\s*max-age\s*=\s*(\d+)\s*(;\s*includeSubDomains)?/i);
-    if (!m) return;
-    var maxAge = parseInt(m[1]);
-    var includeSubDomains = !!m[2];
-    var expiration = Math.round(Date.now() / 1000) + maxAge; 
-    if (host in this._entries) {
-      var e = this._entries[host];
-      if (e.expiration == expiration && e.includeSubDomains == includeSubDomains)
-        return;
-      
-      e.expiration = expiration;
-      e.includeSubDomains = includeSubDomains;
-    } else {
-      this.add(new STSEntry(host, expiration, includeSubDomains));
-    }
-    this.saveDeferred();
-  },
-  
-  add: function(entry) {
-    this._entries[entry.host] = entry;
-  },
-  
-  matches: function(host, asSuperDomain) {
-    if (host in this._entries) {
-      var e = this._entries[host];
-      
-      if (e.expiration >= Date.now() / 1000) {
-        if ((!asSuperDomain || e.includeSubDomains))
-          return true;
-      } else {
-        delete this._entries[host];
-      }
-    }
-    
-    var dotPos = host.indexOf(".");
-    var lastDotPos = host.lastIndexOf(".");
-    
-    if (dotPos == lastDotPos)
-      return false;
-    
-    return this.matches(host.substring(dotPos + 1), true);
-  },
-  
-  serialize: function() {
-    var lines = [], ee = this._entries;
-    var e;
-    for (var h in ee) {
-      e = ee[h];
-      lines.push([e.host, e.expiration, e.includeSubDomains ? "*" : ""].join(";"));
-    }
-    return lines.join("\n");
-  },
-  restore: function(s) {
-    s.split(/\s+/).forEach(function(line) {
-      if (line) {
-        var args = line.split(";");
-        if (args.length > 1)
-          this.add(new STSEntry(args[0], parseInt(args[1]), !!args[2]));
-      }
-    }, this);
-  },
-  
-  load: function() {
-    if (this._persistence) {
-      this._persistence.load(this);
-      this.purgeExpired();
-    }
-  },
-  
-  save: function() {
-    if (this._dirty && this._persistence) {
-      this.purgeExpired();
-      this._persistence.save(this);
-      this._dirty = false;
-    }
-  },
-  
-  saveDeferred: function() {
-    if (this._dirty || !this._persistence) return;
-    this._dirty = true;
-    if (!this._timer) this._timer = Cc["@mozilla.org/timer;1"].createInstance(Ci.nsITimer);
-    this._timer.initWithCallback(this, 10000, Ci.nsITimer.TYPE_ONE_SHOT);
-  },
-  notify: function(timer) {
-    this.save();
-  },
-  
-  purgeExpired: function() {
-    var now = Math.round(Date.now() / 1000);
-    for (var h in this._entries) {
-      if (this._entries[h].expiration < now) delete this._entries[h];
-    }
-  },
-  
-  reset: function() {
-    this._entries = {};
-    this._dirty = false;
-  }
-};
-
-function STSEntry(host, expiration, includeSubDomains) {
-  this.host = host;
-  this.expiration = expiration;
-  if (includeSubDomains) this.includeSubDomains = includeSubDomains;
-}
-
-STSEntry.prototype = {
-  includeSubDomains: false
-};
-
-
-const STSPersistence = {
-  get _file() {
-    delete this._file;
-    var f =  Cc["@mozilla.org/file/directory_service;1"].getService(
-        Ci.nsIProperties).get("ProfD", Ci.nsIFile);
-    f.append("NoScriptSTS.db");
-    return this._file = f;
-  },
-  load: function(db) {
-    var f = this._file;
-    try {
-      if (f.exists()) db.restore(IO.readFile(f));
-    } catch (e) {
-      dump("STS: Error loading db from " + f.path + "!" + e + "\n");
-      return false;
-    }
-    return true;
-  },
-  save: function(db) {
-    var f = this._file;
-    try {
-      IO.safeWriteFile(f, db.serialize());
-    } catch(e) {
-      dump("STS: Error saving db to " + f.path + "!" + e + "\n");
-      return false;
-    }
-    return true;
-  }
-};
diff --git a/src/chrome/content/code/Thread.js b/src/chrome/content/code/Thread.js
deleted file mode 100644
index 8c9daf643007..000000000000
--- a/src/chrome/content/code/Thread.js
+++ /dev/null
@@ -1,100 +0,0 @@
-
-var Thread = {
-  
-  hostRunning: true,
-  activeLoops: 0,
-  _timers: [],
-  
-  spin: function(ctrl) { 
-    ctrl.startTime = ctrl.startTime || Date.now();
-    ctrl.timeout = false;
-    this.activeLoops++;
-    this._spinInternal(ctrl);
-    this.activeLoops--;
-    ctrl.elapsed = Date.now() - ctrl.startTime;
-    return ctrl.timeout;
-  },
-  
-  _spinInternal: function(ctrl) {
-    var t = ctrl.startTime;
-    var maxTime = parseInt(ctrl.maxTime);
-    if (maxTime) {
-      while(ctrl.running && this.hostRunning) {
-        this.yield();
-        if (Date.now() - t > maxTime) {
-          ctrl.timeout = true;
-          ctrl.running = false;
-          break;
-        }
-      }
-    } else while(ctrl.running && this.hostRunning) this.yield();
-  },
-  
-  yield: function() {
-    this.current.processNextEvent(true);
-  },
-  
-  yieldAll: function() {
-    var t = this.current;
-    while(t.hasPendingEvents()) t.processNextEvent(false);
-  },
-  
-  get current() {
-    delete this.current;
-    var obj = "@mozilla.org/thread-manager;1" in Cc 
-      ? Cc["@mozilla.org/thread-manager;1"].getService() 
-      : Cc["@mozilla.org/thread;1"].createInstance(Ci.nsIThread);
-    this.__defineGetter__("current", function() { return obj.currentThread; });
-    return this.current; 
-  },
-  
-  get currentQueue() {
-    delete this.currentQueue;
-    var eqs = null;
-    const CTRID = "@mozilla.org/event-queue-service;1";
-    if (CTRID in Cc) {
-      const IFace = Ci.nsIEventQueueService;
-      eqs = Cc[CTRID].getService(IFace);
-    }
-    this.__defineGetter__("currentQueue", eqs
-      ? function() { return eqs.getSpecialEventQueue(IFace.CURRENT_THREAD_EVENT_QUEUE); }
-      : this.__lookupGetter__("current")
-    );
-    return this.currentQueue;  
-  },
-  
-  delay: function(callback, time, self, args) {
-    var timer = Cc["@mozilla.org/timer;1"].createInstance(Ci.nsITimer);
-    this._timers.push(timer);
-    timer.initWithCallback({
-      notify: this._delayRunner,
-      context: { callback: callback, args: args || DUMMY_ARRAY, self: self || null }
-    }, time || 1, 0);
-  },
-  
-  dispatch: function(runnable) {
-    this.current.dispatch(runnable, Ci.nsIEventTarget.DISPATCH_NORMAL);
-  },
-  
-  asap: function(callback, self, args) {
-    this.current.dispatch({
-      run: function() {
-        callback.apply(self, args || DUMMY_ARRAY);
-      }
-    }, Ci.nsIEventTarget.DISPATCH_NORMAL);
-  },
-
-  _delayRunner: function(timer) {
-    var ctx = this.context;
-    try {
-      ctx.callback.apply(ctx.self, ctx.args);
-    } finally {
-      this.context = null;
-      var tt = Thread._timers;
-      var pos = tt.indexOf(timer);
-      if (pos > -1) tt.splice(pos, 1);
-      timer.cancel();
-    }
-  }
-  
-};
diff --git a/src/chrome/content/code/X509ChainWhitelist.js b/src/chrome/content/code/X509ChainWhitelist.js
deleted file mode 100644
index 4cfe810ec739..000000000000
--- a/src/chrome/content/code/X509ChainWhitelist.js
+++ /dev/null
@@ -1,1007 +0,0 @@
-
-// These are SHA256 fingerprints for the most common chains observed by the
-// Decentralized SSL Observatory.  These should not be resubmitted.  
-// This file is automatically generated by utils/mk_client_whitelist.py
-
-const X509ChainWhitelist = {
-  '0032C41D066AF46D88A5662C4F2D4195C7764C23CE71558318C90514B1F50E67' : true,
-  '0077DFC8E3CFE0E4398F208CDCB1BC5A7A78BEEF101ED256315FCB9833283B58' : true,
-  '012AAE6B27B392684695FA22F87C8DD3F60CDAB564EE4D4D58DF98575D99153B' : true,
-  '01FC275FB7BB83082EA2C546876545030D74F68355AF2B0CCB1972993B393E58' : true,
-  '0261C3970364E15EC2BB646934FE28F8FCE6E1D5E0B99C7539DF636ED03A9DF0' : true,
-  '027017BAD8EC764424A5DB3B647AD769E78F1653A92F800FAF21212C4DB6CEF8' : true,
-  '034AA8D4F147FC9E93CC18EB5BC06F28FE3DF4923CA61A9CAE92F4E3E078C5F3' : true,
-  '03985CA59706D4A023A5CE0B2E4F870EA465A8E3803CEB2AD859FC86D3569852' : true,
-  '04376F22DBF0B17201EB6871797B1D31FC00EBC4743317793B9C5A5BEA8CECF4' : true,
-  '046C78CE6601C4D88EAC305EE65068225CED3988A6BEC42E50B57B1979742245' : true,
-  '04AEEFBC8685B2668E25C23D77C6D63B95C7C0BA1B8ABBF434F5EAA66BC3E7F4' : true,
-  '052592AA10AFA8D750861F47C540D3A0653A87138ED7427BFD02C9D197D3EF8B' : true,
-  '0544DC1E0D529429A1C86E848D1C78B8511CC1A2128405D276FD864B452890EF' : true,
-  '055C88BD28194042771FF813973E086A30710231DB219FF377B79FA075E7F2AD' : true,
-  '05CB56F00C8DA64EEF10F2305EF696AF839CF8DD541910D760772AC86811FDAB' : true,
-  '05CE45708C3882B0DB81A4504FBE064C1ACD7DABDD071A7F263744FAAF040CF5' : true,
-  '05F70EA23C890F1C382FB250E40DFFD3488C271006DB6B10DC96BF34B6F74420' : true,
-  '06183C90C1DCDC3E9340477D37DC231361321A9960C1948E92D1A175A1500A08' : true,
-  '06808645F29D708E4C31AC40FA00000733238E10A56D2067AA62803C9736E923' : true,
-  '068C472FA1DE23C2C06DF499AC772804828ED3ED93A07C489B14D31E232E7A91' : true,
-  '0699966F623E746BF97DB3B6BBBEB83BCF2E8CAE89D907A49A731951B158216A' : true,
-  '06B35EEE47D7E55F278C5DB13FF137B269B6EF91B58FEB4B2E70E7CC1DB757D2' : true,
-  '07CF2A06F1718D6E476B98C2B42E370A35FAFE4C1F41CF7A1DE115CDB6222FAC' : true,
-  '07E7123B20A807889C384460FFCE4A7F53593A5C872B0E8FD45795D71CD0F9FE' : true,
-  '07FC57E4C188422B53059AD4839F467B9269E4EABBF902C99B30E25DEC5EB1B7' : true,
-  '0834241C7C2B598E20698047C331B173BCA189B96E528FA1993AFAAE3F7D51F6' : true,
-  '087FAD2F33E4D28A13CCFDE11F270188E01AE0EED615D2F433DA4EF05CA6BD4C' : true,
-  '089979504BECAC25640130E65E562AA3E3B5D49EE148FEF6A2B77A2A1CF5FC06' : true,
-  '08BD4BE042F6DA7D627143ED6B2BACE65615683C3C272123AC55105DE4BD723A' : true,
-  '08E5080C1D69F2C11524050C9C0EFDAEBFE68A27FD30EC04AAF4DE2D590F22EB' : true,
-  '09250AF23BC74D92973DD48812D5ED28CE1F5C110EE5F7CA791D9CFDE04A131C' : true,
-  '096800FDAFA82029B3B5E3947E0EAB6FB1F1D6958DE04E9256969F99F7518C57' : true,
-  '0A122B87C038CAEA46E8944009B11C2168E47F4DACAA9D3BBFB92CB5F5E1BCDE' : true,
-  '0A36586C8EEE28E5ECA1F542691D12B3CE7815CDCF722CDF7074AA71413C2550' : true,
-  '0A6A1FECBADAF7F1B473305A71E454F6AA8C1B0F40941FF4660B814BFF4984B3' : true,
-  '0A903D7CCFBB18FFEC8E3AB05FC7E592C1E7509D0EC2DBD9A2C05236BA9FD7C9' : true,
-  '0A91A9CAC951DA1739ABB2F29D16A6F5FAA9F49AC87516AB59CA77150D282528' : true,
-  '0AA5730256323B66DBE88E3056AA3F45E52BE5E2B87C1C9DBC1986CEAF97B5D9' : true,
-  '0B2D2C539D3D922820B6D08E159E6763D22AE797B2C32F8202B632BB93588588' : true,
-  '0B39ADF22CBA98C15754A7A899C5B96871337D2178EB3EBF0B5D5F88332EA971' : true,
-  '0B901F548AE4E0F25EF38010E311945FB198E497F203A88FE7C44970F7ECDC40' : true,
-  '0BF7910DA18465ED0EE5A83D531EFF4705834682795E242E0F35FBCDCF21FDA3' : true,
-  '0C114EDF67FB7C09C532297D79A5743EE5F8576A8EBE3DF69A728B8CFC0A167C' : true,
-  '0C7E90EF8BCD379CB001FD07530718DCC0A33E9D7D1D333F505F0143BC6A8FD6' : true,
-  '0CA932C2E0929B9B6C0A8822D3F094F671522419835049CAEAC51755D1F44777' : true,
-  '0D4F42B386775FF404B84D58859BC5AB029F1F9CC6B7AFFF32B838F8B8C71F3E' : true,
-  '0D8FC5F202A5668F7F3EA7F6A73521E0C7FEB5DBF6E58BA68AB7C7E01F4C532C' : true,
-  '0D91DE20988EA155526570498A1A6289FEC55994A5BA888C9134765F2A0B0580' : true,
-  '0E3AE0C9BEDFCFB38239DC4214A3AF3E6386720E2E5F8A85EEB52BD152E4DF09' : true,
-  '0E97955E2A050E4AE9D033E8DBEEC9D34D301FDE6174F525C2F6A492E93E2172' : true,
-  '0EEAAD4FE6818F1D723A5567CD0A6569D45E346E2DA2896222A7F3367F4AE8C7' : true,
-  '0F39AF5CA9615B05CBC12DE3C94A8C4FBA71CA8CEF541952315A9D0658DB5B28' : true,
-  '0F7B49A4A4B17C65D828A95173215C75C64F4C64FA8A2041933EA6A90C717B96' : true,
-  '0F7DE9806919EBD5EE47188428BF7FE13495E4684ADBB5BA980BB15D4D0B0C22' : true,
-  '0F8F66953B0F42560CDD573A013D3FB809D9747210E58F28F4878CDA5A8B8AD2' : true,
-  '0F97235268233245499D6C1319DF1BCA3AAAFB13CF9B06EB294FCA328022E82C' : true,
-  '0F9E066578F4AFB0ACBDC408CB25B7D7200BC5CB7FC4DA6D32532D827EA5B232' : true,
-  '0FA392F6EABCE0F4DA14C7B5237B21BEEE6BDA55832A8A6090CAEBB53AC8D77B' : true,
-  '1018C4740F917B815B388C816AA2EBD87E927EEC11DE7B83AE3CFF0D20796EDD' : true,
-  '10552D044AD79FBF1AF5357998DAB9B1FFD66D7B53C8107FC2280148D66475E3' : true,
-  '10E574517F12195DB38221953D8A8781DB6AA50B7225DCD374AEBF88FEAE8FDC' : true,
-  '10E82776E55D0C2D58F6598E615CF38AA14161D1EAD97C4A09182FE1D44E695B' : true,
-  '10FD669D6DA882678AEAFB35A5F8A0963C2E2B3084883EA515C8956FEC4207ED' : true,
-  '114ED15D4B557A16DDE1D01CB4074215CE6773C180FEF60F08267CEAFB670D5E' : true,
-  '116A5D5F3E99CFE5F72A4AFAC8699CC225C130F4B8520CDB350A1262D9585973' : true,
-  '118FF53B6BEB35CBFE6592D45BE082BA1228D1817E46B2CC14B8855FCC5C9D59' : true,
-  '11EC553AB76EED159FE553B52E7475FA71A0FF3F4B3038CF91BC7138F50B0A7E' : true,
-  '11F7A939F33BDF6270E16C747C0B0918902CD4501AF1843D9EA4445A2E708C58' : true,
-  '1243C75D0F805DA54E780D0D9C55247B1ABB31FC09EB65A7017695945F2A0D4A' : true,
-  '124E430E0E0B103B580A0436D7CF436F6ECE55908279FA8EBDF475AED08A9CE9' : true,
-  '12826065A034136FFC2258AA1A65F9E550A582B4017E396077917C775D42E553' : true,
-  '12FBC8655188921E5E00AE292584CF23DB7EDBD9BE05332444C6AE10CD03091C' : true,
-  '1363B86EDA0BFAF10F1141CBE7569647F2FFB370F539694288101128A38261B8' : true,
-  '137E64BF679E2CD24F034125EC926D48F34C7404CFD6B61B23BA9E91E55D3560' : true,
-  '13ECB3394571030912CDF82DDAFA05B242398929BD3ACE1598B79DBF28B701F8' : true,
-  '142A33AB96C13ED7C7B8782D764F374B5A8F9C4E33B4DFE9B7750E878E7C5D0D' : true,
-  '14587E25D8BF0150F429924144E88AC551C1F77CB5DC84F6CDDE7079014ED2EE' : true,
-  '14E443C709A20C11205371C5BC54C20CCD53AC434750EBC91C45B30DD0D8B53A' : true,
-  '14F5D6BA3842E708E3AADC26B8A9CD89FE9CF2BEF46398369521839733A4504F' : true,
-  '150B877BB614A98F2186C3B0978D190C77A605146A6A569036728F544520CDC8' : true,
-  '150F5BC3D839579BD7DD1254A6C3C3AFE3485D7DED21C3B8123BA6875886A91A' : true,
-  '156E0FA080CB12C484CBF15800B18C902C42519F13E564BDE3481C96B1CE3E32' : true,
-  '15F46CDF488A5BAD54DBA0F2E2F825F956F8ECF9E3AF294551E88F62A8A0CECD' : true,
-  '15F5D5A051BD14E9D3D3BD0D612CCF5BC72317FFF1542EC8E63D6E1C94ACD9F1' : true,
-  '17A0318A02B4E7EB14792644E1E28966257748F8162A53AF4E49697A4707C9F7' : true,
-  '17D0A909CE750C728FBD0F33589A3EBFDA452D00C757A18557DB4697289287B6' : true,
-  '17E110287D04C595DAE0C73090051A1F30F165A37429CD78C1F8FC1754549D41' : true,
-  '17EC9E8F98C207F4CA7FD0680193A54DC33BC97CB364669442F5B7492D36839E' : true,
-  '17FD21D68D53F369EEC1E22EFCC3B79B255EB8E1031D147F6461291C4D980037' : true,
-  '183AE55CFEE1CAC5CCBC1C58D813DED429DF750E023362FB8BEDCB27A9F94559' : true,
-  '186DC5DF9C693C311857A94BF9B2810BDD02F22DAD527D2BFBC0CDF24BCE26FD' : true,
-  '188F5D081FD0D98429D1747FFBFEAB39733EA7C2B61C8BF6B0ED62F71264C619' : true,
-  '1913F87916E843C9D9FBE3B9F37371780126AC502523358D0FA869E6662A377A' : true,
-  '19AD483D37D656F9D7844F14C53281FDD56683C0C8FB2A8F3F77DE7C810C1CFC' : true,
-  '19C76F18839C90F94AB9E4CD3ABC4C15E0A8DA9B8705E7DD872962CF8409DAF2' : true,
-  '1A5C89F300E3A9835759D6588CE3361993E336D76EF4B2F64F1DFC4D913BC6F3' : true,
-  '1AA7EB7CB182FF1BA09FCDFD088DE1F25F8551DAE53CE2C16D4D72D1B6091CA5' : true,
-  '1ABB4EB733CA30BD3AD3DB1870871CA2BDBCC01EB4655341404C1B498135CB8C' : true,
-  '1ADFE710199AE62734EAD27EEE6D6A4EC4D6FF19D6978A7CFBDCABA69C1617E1' : true,
-  '1B5827F9E4B66B4895AB47A0395BB1E135D15F7A23712147C5D382C1AD805ED5' : true,
-  '1B8AC4A31C75996D44252AED8CCF639282DF3A180900C660804483597238D8BF' : true,
-  '1BAF1A75711BC2EF2C4EB8C2BEA4B5B1B183E95ACCB247DB89B3098C324870C2' : true,
-  '1C1BD271327C7721AFDE3C5BE6FA98B132F2EE1911BDF05F0649121349A4537F' : true,
-  '1C363FBCE719D6567E55DE267E6662A454494FA085180F23FE84139E9E83527C' : true,
-  '1C573E491ECF04E3240144B2A63D8DDB457367055B90F5947CEFB55174A6B959' : true,
-  '1C923C0DC4E99E8F807E44A5499EAC4BC48022C63A3EB4CE819D556349FB57BA' : true,
-  '1D602FC8C0A6E38288593AF300D73F04B3A5AF89F5B08A0DAC3D935A9B69D7B9' : true,
-  '1E13ACD673838FB06999924BF38A93EA57D0E39CD20A98F3CA1AEFEA620D9405' : true,
-  '1E15FDE9774DDD452B000A3FD8118DAE63D16F8EAC19D26806BB08A70677F42F' : true,
-  '1E294231C72B07AAA6E2FE3B18BA14F1095F82718B42AF1DEE071D011740550E' : true,
-  '1E5D810BCB8DA3AF393761C59CC88D22669ECB7D4F926760BE1EC6CD83E60765' : true,
-  '1E5DD6CDAA3AAB8BB891B8D7B4E99AF2EBB7F08719F1D3B3C7B8694962EE8668' : true,
-  '1E84A8F15A3EB4B7921D7462C1FFF8DDC182E4E0682EB48C42FB3645BA43A6E2' : true,
-  '1EC6CF08000A6583160FEDE1C117794E75CA5533B666D04FAB138D8F12A4ABC1' : true,
-  '1F1A125828C6F4A21A9D035C28E5493FACE0F4D7DE6B6F2DD5B9FD5D426B6FC7' : true,
-  '1F33C56DBB422BB63D87AA52A9520103450E8F9F4C8EA024680E9ECF88AD80F6' : true,
-  '1F3C2A7060F08521E70C9B4ABB1FA63A1AF7E7EFB70C0D55F2F1DC91C4E616ED' : true,
-  '1F3C4550EEA0B9B8F4608632610548B64126E8929450D285DBF906752241CEF3' : true,
-  '1F4C963A9BA39CE44E46F135EFEAD5B30D6A0A3A43545E18CBE59DE452A6468B' : true,
-  '1F975043938278B18288C59F00F964BAAAA378535F68747EE2A11A4B3AD0B368' : true,
-  '1FB6F7F8DD4B392D4BEAA5E707AAF882D2AA83C5E9720C58B616F8DDDFFA6F77' : true,
-  '206A33714BD518CEFF68A6904E19B0837230BCADEADEA6E056EE3745774BE3EB' : true,
-  '20BE732FDB6D751C0991700E7C9D401093135652D25B1A29D3387E21D60B776B' : true,
-  '20F2E0109442ED3DB805D939B1FCC9F4C8E17414F748FDE98883C9EFA504397E' : true,
-  '215C6D97B01A9EA11CDCB7D4D62EF74D31231F99CA59F3D21104097AD5D52868' : true,
-  '22A3ABF61E77DD8AFD2C7A5EC2AA2CD4D928ABA0A3ACA37D6849F86025257C94' : true,
-  '22BA6A5C28A505A68F7C025447822720E4772BC380FD9EA58EA71C32682CF0FC' : true,
-  '22DD516BE482B2A7F3C5EE268E8110EB9814E86E4102654C3CF5705743BCF870' : true,
-  '22E6BB3D9964F458D462BAF404323775B20EEF02F174CDBB442D4381DB98C61D' : true,
-  '23223C3601CC5682B21E4D4C236BB85C9098082EE3942070E33CC791CDFAD31A' : true,
-  '243D9193A5D38C9F2C21409EA470757D3903F8C418709E12C47F01C4EC08E5D5' : true,
-  '24540FC5876A301AF83E2494013ED0B4F7B1312D7238EDDFA1DB0E7736082856' : true,
-  '24789DF7D8F1D393F224621E436675778CAFD595AF6988D2995F28553F28B629' : true,
-  '258296CAC41A779D819E37CB4B120D2270F55AD8BDA24747C572165BE31849D2' : true,
-  '25B87ACDCD18628D9B64EB9F6366C970B2FE922B39EBB7E3DD1354899260B180' : true,
-  '2601092E7F1A7841A9E65C6D24D0BBC0CFE986404E6DAFF628E2C2D70667EB59' : true,
-  '2635178113FBBCC75EABC09C497D411C994AD0170CF9DF999A4FF5C16872CDBB' : true,
-  '2643995B1EC6D06457AB936E18B5A5721CEDDCC82F4E116C36EEC5096BB04DC4' : true,
-  '2677470F2FBD067904B7014B88988BB94F72403C014240B9843AE5A5FA21661D' : true,
-  '26B163AB60042EB690FF4549F6086019E19A99A3B69332AD1FE85D9C46491AA9' : true,
-  '26D184F574A19836878B10B209825413B48BB1C92195AB69F6B01D359FD4D07E' : true,
-  '2710EBB98F6790081E34A1961D7716533511A1746616DDBAB9A3D64ED32B1875' : true,
-  '271B4C5B8689BD69CCA837BC080C554DBEE0B20C5B1C505F68544AEC29588277' : true,
-  '2774F85336B9446490224280339F361F69E44891C5D8F078F03FEC5BC7C37437' : true,
-  '27C6EFE085FD0EF2DD467630B0A650BD3624BB4065F811F5F99CA976B4C0B871' : true,
-  '28002E2FB259DA7341B69C144F4EC6B5B12CB9A981C34387044926957CF9152C' : true,
-  '28082C3B3FB30995C3ED4D971AF00E3114C75B9FA47540DEA79E120E01C03562' : true,
-  '28445F7C648AB6025EB469E9C5FD10C6C8D0D21B6A20F078854EFF406C55D3F7' : true,
-  '287821696D43B83F1EA4A3AF5F6E5695F86D770148341106757B98DACB5C979F' : true,
-  '287AC69E23A84ED6C79668FD778A1C5F89D93D9E85B1F84110731B3EF007852D' : true,
-  '2895D775D2F7F4D7BFF504B3C204939766B2C2734BC607B154CB1B2E52D76012' : true,
-  '28B0AB9576CCA12912B70D6D20A9E12BA6A497B458B381A5013451A3360F2C33' : true,
-  '28B2F8B5E2ED8681AE3D47EBB733718E32FF81FD736E97EEE68E12A6CFD3C9D6' : true,
-  '29AE4E3FA75E6A40E5C2D8BB9446BC39D672780F4CD6334CA2527FFEC0FBBFD3' : true,
-  '2A227A780950EC49D49437E4FBD2306EC1D213A25343B752F116B3C4203C641A' : true,
-  '2A2EE56590084C2B144125731B45BDF927C357840E997888F52EF90AD6361EA5' : true,
-  '2AE917E3AB4B867883088BCFFED53EBEF9F87988C77AE47FE325547B181931A1' : true,
-  '2AF0C30A27A1E4A3B2E8E8556B98EA6A79142C2634E443880969E9DBEE9B78A5' : true,
-  '2B372D2A09743CB535C71949D24612C108A95D542D5235B443C116426F4EC740' : true,
-  '2B5FC256FE24DB51001FBB200C80DEDE29EF2CCA290DEDA0EA7FA5627A8400E6' : true,
-  '2B96B9494AB9EF09B7D4ACC0F7C7C8B27BB23772D8203F98A635285335B476FA' : true,
-  '2BB158B54FA26B5A7FDA92096D214B5AB548D13D4CD0D275B967703750B03097' : true,
-  '2C27A3FBE2D833ED7FA00DE8A00EB1E16F40043D68C21C6FAA72A34DD839A5EB' : true,
-  '2C8BB8B502656B0E304D21A47C906224AE5003A8FFB106C518000F6A1D582D8A' : true,
-  '2D75CD1232720CFFABA233953EB8CFD860C23034BD9CF969E8D104485B251ECE' : true,
-  '2D978BE3F44F069B366DB5D8E3B1FE4B02775498DE8D17EA68B423259B681FDD' : true,
-  '2DBAF94C053FCCFA1EC09CBB22F54DAFF2DB4ABE1B3C61CFF1BEBC31260F4821' : true,
-  '2E23B68E6E803E74BA36D9C9006F96D8BAC39DB4CAEEBF1C12C6CC01CFDFAD6D' : true,
-  '2E50DDF50FA4B9220202816F9B79405227BA4F803E61FD96D6BC95A0263E49EC' : true,
-  '2E726E5D6C08B18944773DECBBBA88F95E25D586248B145354596BA8DB31DDC1' : true,
-  '2F0D2656CFB3D34F4775E89AD96E2AA7D3A1FCDE399BCB2E03AA2BA0A035946B' : true,
-  '2FE442C9741D5351A016B9796E3021A01BAC6867A567ABBD1C7EB08DD359DF94' : true,
-  '304039981650BCAEA6BAC7B1FF2E03A9BFBC8AF4C37F37E66D59D327776EAE77' : true,
-  '305B4CDDF744AA543DA713E7E60C19ED5537D49ED2252330B46B7E664C4E588C' : true,
-  '30AF2F588C872B174436F3B68ED432C0495D651C84A04787CC8C13D6D61DF63B' : true,
-  '3102A33CF44D88924253BC149D22198D046E6571E79D0C6CFE106F8A725364FC' : true,
-  '3141118408E436FF8489E07BACF80B260A33E842C5BEC83C763B6AE73701A76A' : true,
-  '317E74D56E70386FE26D5E404EBCE6E6AB5A7C2E013C3D64A4AF8778C6B9A1C5' : true,
-  '31844B7A093AEF79DB45553A062C20D2201654BED09D99BCFD7C39A953060F6E' : true,
-  '31C4E7F6630486BF42150967E951D3DA5ED8D382AA596FD571231CA96E0F352E' : true,
-  '32CFE4F78C2B8737E9A31F4E0A2513535FE242D02F1DD83C04ADA77839CC4442' : true,
-  '32D398E73D053561EC78257EB01F0945C2A38D9F80674F6F2B4B10BA35A2B4E4' : true,
-  '32FA61C84B195BCADA9A65448CD3C8CA66B1DFE252CF97D46567ACEB59BD2D83' : true,
-  '330457913F88C2037F663003C36F0B6B2B3071AD972C9A4DA54998A7CEB8B148' : true,
-  '3379517964657D6F875971C1ED6218D9F890BEFC7390CA654C79A666D1989A18' : true,
-  '3386FCF2133229E0BB6481DD2149E9D87540B5277E3FC3C3DFAE50A8D81D0653' : true,
-  '339C59871E132711D25988F0DDB86E0EE5D34B119972C0A5E3C3B556BC293D74' : true,
-  '33AECA70BE35D3CEA266552D0CEE341A93FF6149ACEE33194A297CEB28FE913F' : true,
-  '34CADA62CE9D32857D65E868355E258447C0111D3F78CDCF4360F5B7B9F7E3E4' : true,
-  '34F904FEE6E8CF59E4FFE90F627D688210910D0176C9B5ACF7DAE8CABA722B63' : true,
-  '357E325CD50420D15B1E6779D32E62FB6029A9710017B14CC23AD41DE08A400B' : true,
-  '359D692646482C906B77BC217B7C262E81B6D80441DAC6FC2E317C5A0C1A72DF' : true,
-  '35A88292416784CF9D883274B422DDA092B8692CB98FCC788C9B926987854291' : true,
-  '35C8C522026971801A41CE23438829BBA27D3902953FE183E2E3B84415F6ECEC' : true,
-  '35F3DED6881EAE44BE937AB5C8E0261DF6B6910FF34334B85CC1A2DDF787F491' : true,
-  '362BF6E353729E4F8FDA7D87DD726C825E2661DA801BB75B857F4DA622BB9704' : true,
-  '366B123FA1EA2FF7FDBCA0422E504C8E0AB62334AC8941D307060F5ACDFB58AA' : true,
-  '36DBF748A16ED7C4957E59BAAE4B899BAA3385424426C4AB71B6361F995F66A5' : true,
-  '3761FB4C3FDF80BD66FB31A506612BE2B98FAC57691A6125227B4787C35C32F6' : true,
-  '379F1BE4B67E89183FCD2AB1C0A3B930DE70D33CAE2C8629819DB4951600A398' : true,
-  '37A8C0FE01BCC73FA73F8A161566E23F12C22BAD0461D7CB9D9386EB7DD63800' : true,
-  '383BB79AFA098696BE4D3605F26A60FDD7C455D31FB03BE8553C3EA348F479F2' : true,
-  '386702317DA5549A08139017D14AC498D7DD4837E0E16F91BCAD37684AA6EB97' : true,
-  '388AF939697463B651AFF01141B625DC877D0FB31CBC5E234A5526BAAB68E660' : true,
-  '38A9FBB87006750C01301166855A09680E7FA128AC7FCF0B1E09FE2AD21B5F6C' : true,
-  '39C0063F00BE8D1DFB29EC620AF39C157B0BDA8102CFC95AB39D95DF3FF89CCA' : true,
-  '39EC99D4093CF0A60A947685856F20DBF85966FBCAB4033890361A650294A8A8' : true,
-  '3A9480EEDF0D65938DD92A7FE7E9BE4D797CEB0662CADDA2321D47C04818A57D' : true,
-  '3AFA38F8367A45AAFBA949076A38537CBAE4A0774FC4CC40BE52F944F29F7F19' : true,
-  '3B00662EE3F01FFE2C40842F0F3B76C039ABB785962E371767E89E2AFA311A74' : true,
-  '3B3A1C7A8131E1E6A66039972C1AEF65797E783ACC2C645CF10EEAA5F20BD297' : true,
-  '3C40EF3135CB1E82D0E6518EF75EAEDAC43DE347CB74E2A09CBC0C5A56DB2636' : true,
-  '3C49B9DC9307C6B33E0DBE135836504ACB9F6204B7172A412C28E797E56CA02A' : true,
-  '3C91A39CC52452FB91463E511257D3BFCDCA3A149EBF39978F39E55F20FB061E' : true,
-  '3C96B0CE3855D125998B8DDA63F2A37AA1FC5967949393D7428C1FA97D2542B4' : true,
-  '3CFD92A9ACFC3B9D7BF81B2994D398500413E7B57C711D711F98DB009FD142D4' : true,
-  '3D04D60DD221BA390696E262A7B522815BAD5A03B79D1176931F2AD5435D494F' : true,
-  '3D2A0A501279ED2F57D7535646A273B98256C81AE69CEF8A626263164BA87953' : true,
-  '3D7A71BB494A12E1F21A1EB9033CBEFCD1FE81F358B131016DAF92C1C06F1A38' : true,
-  '3D81B541D1B04B15AFEF518152CF8DDDB9300EE0A1BADC916FB366FA034120ED' : true,
-  '3D9910368BB2A01AF8277EA5E26F9CFCB045DC63CEC7397EEB2827B16C0344AE' : true,
-  '3DE5855D87575043D52CE7496F7486CBD8177FCB9F8C686B55F5F0EE761B2DFF' : true,
-  '3E09F448ED5A72584FA305F82A25706D2AE756083530B4E18665DA2AE46C1410' : true,
-  '3E18B028DAFB97BD9A036F1743316C8EC963C17066E362328FEA24D6FF8B2A7C' : true,
-  '3E486CEF660870234BD56B008730D8B318B7FBD047B55939D74545B98D8176DC' : true,
-  '3E5558CB92AEDC7E01DB0FBCD0825CC0F51AA7B683ABFD01D1E5E04C8A4D716B' : true,
-  '3E7FC707C590EECFA7E9DBBD270452366C0E2F0ABA7768B3F18E7DE34B3E15BD' : true,
-  '3EA82DE5DF72699D567B865AACE54C72AFF800647415E5E49D4260F422C26DA7' : true,
-  '3EFD44B1F0C8400130C35FE003FA304C2E47FD20612A4D1C83F88723B885CE66' : true,
-  '3FC8022D0C28EBFD45DC1D07E14F9E83F0CAD2E7ECEDBFDB991E01EBF2400F54' : true,
-  '3FC92874F07DB0DEE11CCB2CA7BDF187641DC78ECE4C76E71B2253FBBC17E3FE' : true,
-  '3FCBCC65096D7D731244167CCEAA21757E56D6EFC05A632AB3E062643E5B380F' : true,
-  '402FA5AD0E7932A07356FB849DCC1AEF11649D516ED1C5617C48F3E7F9B02356' : true,
-  '4035FE636CD5B6B9B97E597368C85B8D5B201A62D95B42AECB72ADF2A647C468' : true,
-  '40E66AA57071722F0B8E8B59A74998F82E8D5020BDDBB35D0E941851ED11921D' : true,
-  '41249205D1CD375DC40BB7214702FB08623ADDE494E8607E201EA47C02B22EFA' : true,
-  '4147C9CD6ECA16D7C6A8939E15E419220C822956FE754DCB2F08F2C78A99C3DC' : true,
-  '414CB8A3E4E86E2B4E03EB2FE71312CFE17B78945B41597F8E03AF04CFFAECC9' : true,
-  '4247E57738776992C6640ACA48156C9DE580F0A739CAF0A353CDDFE3417F7C46' : true,
-  '4248F09AC0B07BCF41B413A2D8FF50AC42C6943D6F6D20F9C37502FDD2315171' : true,
-  '426334353C51D4E625F2DE937D9AD9FE6769E0F4E1425AF23D7802385103B583' : true,
-  '4290EB1B22721BD2C297723FA6ACA6B3059F1E75C930FDC7075F14B3C5EB13E3' : true,
-  '429DA945C771332087229D2822684175DC050F832EB9F0ED90F868E99B6FBFC1' : true,
-  '42AB217D03120F24939F11A773F14973D937C6B96A8E23F5DA4F74F531428872' : true,
-  '42D6DFA920BABBF7876416C3F5B30598040F6A748F22E3C3E0E2D32DEF098AD1' : true,
-  '4321F690235447D71149C54E13896C885D07524C80CBA133428E1BD235123234' : true,
-  '4334AFEA82522F90599907B65AE5B3EDB85D23E2D5B879971D6360BDB5033E49' : true,
-  '43352809E8EA719091F911EE699352E82DC4AAC79764F38FFDBD7ADFF3FE2AEF' : true,
-  '43555C20820B179886354E63251A21247292B3B7BA46D8BEE860A0313258136A' : true,
-  '4373B2B85D4FEFE97E79B4C7935AD1762380D97FAE2C64FD61E58593F8BC8C4A' : true,
-  '43CFA30A34E75D16640693DF32B691B40219631AFFFC6A09DA97006AFD2811FC' : true,
-  '44338B3B7D1302BEC14439BFF723B5AF93DC549A7E1E417112C76C1455108EB3' : true,
-  '44CE10B295D3908C5CB40661F3F07EA13B27A31F32041B79D12AB7F5250B4227' : true,
-  '44CE6D5CE40E8F7BE79569A66792B181CA71DF0C80D3CEDA59A151F2E7CD32E3' : true,
-  '45CFA75EF370F3B3C2271E4AA0F99106B3339B6FEFDA5B335CC863F0C6F66323' : true,
-  '4603C35A8304F6057C253381D39404E8B40AE0958B4EB2CEAB7777CD85802C0C' : true,
-  '4603EDD34802888675698FD6276601F0E390FB7464310509FD94F3C1B86CD7E8' : true,
-  '46236B9468DB40FAF467AFB0C35B517E514251530785695F54440E6730AAE44A' : true,
-  '46584E2D9BFE069862BC6449C85E904AF29A71887DCAEB14C191D75ED0AC1FCF' : true,
-  '46853D3090658137B446AC75E481E4593CFF61E22115C348521D70EF398C05F8' : true,
-  '46C05D7E95263B17CE368AAED872817DB0517CD9F388396CF42568DF88C96C67' : true,
-  '46E74AF8240C97D2E91E118761CA4F74371BF7D2266601BAF6084BB1924B62D6' : true,
-  '46F2EDF5EE08FF676C44475ED70EB54353EC88DD1BD4F19EDACCE938640B6D82' : true,
-  '4751468F539356E881C8D97F27D067DF4F609F94EE9CAEDBA009C15066858113' : true,
-  '475971EE29368BC1FB6B66D497096A1ABA32C66A30C7D554CB11FE848345B46D' : true,
-  '47828F3C65E9FB0113793E5B60E19A44BC9775611C44ACB65481842FEE2FA819' : true,
-  '478D230215F850914D64BD43327923DEC9E52B4F14EF5E7E9122B16F40B2733D' : true,
-  '47A1BDC994354BC3EB242FFC12768EA8633719084BB5A159E30FC4388BED59B7' : true,
-  '47BE050E9E76AE62AED5EFF6EA9F2E0DF1FF0E7A3EE2B6B68D60B3C849E070EA' : true,
-  '47CBAB00A23A2771A5C885CD974879F84F93D3299B74586E7AAE3729A8A80573' : true,
-  '47E134C83737EE674C6AC46306C325701EFF7B0A4C887B968593CC1F5FCAAF0D' : true,
-  '480ABF7202B5437D84FC1F475A30A19C18C7F598BDA1375E8AB84829B966D596' : true,
-  '486F62E8D5F6323416CF210DDBD26A256AF9AD33F70A2C1CF8915866F74C149D' : true,
-  '48DF42F374FDCD58EB650256F421F6C1A73F663DCB8DE0972DF9421205509F8C' : true,
-  '49AC28CE0DDCDA953E64E7D131DEA9EF57169FF3280EC9FC6DAA88C943EA9E76' : true,
-  '49B7DA13E82D9DEB867193B30E48CD1279A66A6FB44236E1B93AAF62F58EE077' : true,
-  '49BCA8ED8D5E4808E64C3E4B576CC4A4F7EE095C4CB95D4AACCFDFAF974FEA1B' : true,
-  '4AE41D7B98B74E61B0D6EED291348B881E5531B4ECEB9940631835EF6A8CC60F' : true,
-  '4AF1D354BDAA3AB076BB6A02BAA3E1BAA2503D21ABE54B54001BCF62C0982721' : true,
-  '4B2851A38CCC082ED3A24F9DCB8C917F572D9F064CEF218D2E07ECBAAF6EDAAB' : true,
-  '4B6B616E1EE80E17D1BB037A2831C3AAD7E6CDE3D89A205D1F7D6E0854F3C21A' : true,
-  '4BF10AC1958BCBEFA06944AC7866E3458EA70E6ED97DBDDF01A84A360C3B71CA' : true,
-  '4BF81FD80AEED9A5AE7EFFEAC15933FCE004FC0145069E50D41F8F4D822052CC' : true,
-  '4C1A5506EA02230980E66C1CA936B268A3C453E997733E44074640CF4653594C' : true,
-  '4C3F647343026A15ADA9E047A8B4527FF88F9D01A2B7AB7241947443F75D5E96' : true,
-  '4C6FC9852280F11829BD4066C38BE6C1FE4E4C053F6126EE03D15EC3D0BD5B15' : true,
-  '4CE6DB77F8EF355DF6EC2ABA7A5989DD0F2D0BB228DB5DE69BE7C83E3603C69E' : true,
-  '4CE78AB01352DC6AD84A195DD333207A43CBA0372546FEDEC9E6803DA6375403' : true,
-  '4D26A014A4C4007564C743D9BBF9C2DC9A5A881C05E549DFFDAFCD3814F3966C' : true,
-  '4DD59EC33898319B54EE610C9A4DA78A87504FB8631FCA5783223F306529FABF' : true,
-  '4DDCB0EAA387111F7C2E0355AFF2C3325514BD9D9A3812295F7506999838B7ED' : true,
-  '4DE2D3AE998C8EAFC56C652F7A8A7DFBFEEA1D012A1BE1EBB62DB2C9CEC19E03' : true,
-  '4E0E281DBED708FB0AF032A0233F134D3BD309224DD8BE9894E749D1AE9BA37D' : true,
-  '4E5AD8D52C37A505176F9BA95BAF43CB5FD5A7FC4654DC71178ABEA8188E7ED6' : true,
-  '4E88949F1AA84802EB493CA5C6CDA9C6DED49A4DBA0C8453139C89A9CEC2E041' : true,
-  '4ED3C78D58943651EDB04EDDCB696F91F7B33450831CB18ACE714720AF4523EA' : true,
-  '4EEEAECB87A65C57EA7F90995CE9E6AACEF61FB0DB07AF5DFD0AE369E9E022EA' : true,
-  '4F212E4C3A8E4EA8F7D258A988D5930F05A8E61E78D86DBF9478DA2DE8F01B54' : true,
-  '4FF633B1CDAE0781F9C3859CBA1E9F4097C78BEA0293DDC184FBBC3926907070' : true,
-  '505051896DAF9F9BF23DF6C153230A8AF128200E65B17CF64439162D8E56E4EA' : true,
-  '509A3662D987A2D5D9CE7943D1878A36DFC4A786CC185CC9DE1D58E15E2EE02A' : true,
-  '50C1358C5AA5556E967E2CCC1397BEA364DE2E7C6704B6950E423AD5D5BBE798' : true,
-  '50D5DCC8D0668D34E90722924EB28C37C803E34156DE8E61DAB296DBD37F5993' : true,
-  '5112E6A8D06852BA07669C1DF31EFA1BA2BE7894C3F0F7B7282FEEBB698F7F4F' : true,
-  '511780070F7743BC9707B9E746C0B7876B108196DA39D1D70CCBF23D968EBEE1' : true,
-  '512EFAAE67E525C0DC3D7AF491ABA9FFA1B7439031207D293622E9286F0BB562' : true,
-  '5184A3AD148B610511D8D02CFBCD2993AFC3BBD576721B617FE7CB1DF53C070D' : true,
-  '51ABE9BEDE2D96CA84110007FD6626F0ADF9881A3C74870C119CEDBFF2B4CE54' : true,
-  '51EE14CDF007AFBCE34D598602831B21661F6FD7B6C04B0D34817757B4D007D7' : true,
-  '52B8E665B8191D828F946C041ABC28AC6A5719A4AA21B1C403F7611F11A84F31' : true,
-  '52C584E4DA8D3FD6FD63E83B2EA0FD6D98DB0413776C26122FF0420A3F0F91A0' : true,
-  '52F208427F03726C6DE3F5308C776D690F580EA39DDB01595DFB54364C48377D' : true,
-  '5376577409E17E8F37B2CC6FD486FBD356FF2AD0B5EF520DB7CDAD06C6A6F3E0' : true,
-  '538735DC5CF27D0DACB0FBC4FC24E0598D8838682CBE3DA8C37CDA60F60BE64C' : true,
-  '53C57169154423529775809598828294B218B2D2AFBCD3F2561FD072376CA188' : true,
-  '5428A68F388AB23F6D08D0038E82867CF77D261F3D5D627882D0D29C9EF00E34' : true,
-  '545F534AEBB8B23A836876732FB56320F4137854B74E284380CDCC41055EF874' : true,
-  '552771717F5948A7FBF93067CF25E5D1D67A63C8A3DD09EF98603165874E3281' : true,
-  '56B5B8AD95FC9A853F180196FAF9BF2896A8D2E053474ECA3A19295B1D214AD1' : true,
-  '56CC8586CAB1C99C3EA4C1D35E91FAA568DED02AA74364D08F480A0EEE4E4FF7' : true,
-  '57383F2DCB3A5959514A8C0CB208205EEF70D3A899BEA2AA7D1B6FD13BB23BD8' : true,
-  '57A0B57635F2D75EBC9C3B166E68E35E1CF91BD074AA9D5CBCB3359D93F02859' : true,
-  '585CCB444BDE628F6778320DE64727701AABA22F826C31063082CFC5835742BB' : true,
-  '597C180F976AF183984FD9B1D015D000C55AF0B873FE4A4F8E782D191285BAC1' : true,
-  '5999169B7C3C7ED6E94A194BF0DFF7D07EB7581BE8C82E77B83DE42263F6A673' : true,
-  '59E0DDB8377B568DA0FC1E2B7C482CC6331DA441F85E7F52FA8AE280DA90D051' : true,
-  '59FF0CC641EA56CD3670E81E4BD76A487163C70CCA729E0710D49AD1EAD70634' : true,
-  '5AA16CEF791C27E12F900F07D5FC9D0B3386A1FCCF2F547D08E94AD34BABB775' : true,
-  '5AA7341552FF047164227AEFB41437582F7116D76B854F54920A5D6A9B72271C' : true,
-  '5AEDDAC786E11B696A37E5506BF5CB702A3B803BC8506BBFF720788401D595A2' : true,
-  '5AFD1775AD2CAA741FCF1201AE206C4A1286C0DBF751AC035BAADE571F002927' : true,
-  '5B11479053C46A16C629C58DD5EB40529814B75A6BBDCD6BD6FC6BA9483D9669' : true,
-  '5B1D47E25C53FAFDB2894D342FB536794A99B4D0F4C0BB994DAC22CF9247F166' : true,
-  '5B67A7FC34D1885F7351DC949794160E0DB6E6C193286145DF8E483F21E90B80' : true,
-  '5B9259C486A3F9A7E48E59EC36147DCAB3D0505CFB76FC0266B8C9759221B10D' : true,
-  '5B9F8603E75E06129C216E4A2DF6FB4EC184CE685F6C229BB85233DFFD2335A6' : true,
-  '5BBFBD3CF817F597EDAB4A876B265CCC8FEBB25134D832A9E715AB5ED5F2AC5E' : true,
-  '5C07B9D0BC6C5C3634102DAF631A330FC02BF579A3421E1B8483E076953FCDF5' : true,
-  '5C2484F4DCA59EC5D77C5935BF71EC473995A9F7D39B0F26D2264A279C6DEC96' : true,
-  '5C25116119EA6FCA1D13D54D4870475E5B3D34B060605E02F9C7521D3EC47441' : true,
-  '5C34509E57E6B30A28891841EFB2A5F0D051493059DD80157C19B2822A97EAF4' : true,
-  '5C95EA9F41391B1D2609E3CBFEDDC0B9B865326B4526176D5305DF2EEF5AED52' : true,
-  '5CDF3C4C27BB3B1BBE8C6AB81EFF3FA995BBDFE662A0BCDED869E462BE748486' : true,
-  '5CE0E2F94DE7BFC370B5C429E1CE1A0635E4F38D55BAF122748D4307F1709DE9' : true,
-  '5D5F5FC12AC675264FB7F2783EF62458304D84B09BF62E19EC1B91243E3E5487' : true,
-  '5D77443F3FFBBAEAB8C88714A8EEE37196F7D9CE89517806EDBF897DE0215763' : true,
-  '5D9AEF41CDAC53CC5890CD0A09FF600E0EC254B03E07417DEC94B07F4EC3E206' : true,
-  '5DB16AA171CA274D753222AA4EC17827814F5A69CFE72D092397F048CEEB2370' : true,
-  '5DB5C9ED032EA5E502322A5D46B033BFC4E96092682F2F83A278372610EBC923' : true,
-  '5DFF17B36C6CED5E5607FC2A8B6559964A23AB8B08181E1CAC94E3B213767A1B' : true,
-  '5E579D296D274F9A01D1E1A7410A24029948FFA01595E64BD2E492EEFDD1F702' : true,
-  '5EC75158F235F80BBFC25F40D96AB89CC35D8578BAD11410B5D32CC33428A00E' : true,
-  '5EE2DD9AF59060324E5B80A3772B61F524827A27499AE7DCAF9B9BEA9D467241' : true,
-  '5F05ACF54EAA38008B650AAA2DBB3722805C793616B1A21B43E1879107254E38' : true,
-  '5F621EBDEDBFAA6E3C614EDA42B67A3BFF7199D8B89B7D816AF5C2D7C74E3C76' : true,
-  '5F6795C104B707429A3E966D32F847FF1B18497C73A45F6EA5E47378EF1D3823' : true,
-  '5F98F1AC11CB74885CCC871AB7CB1B95989E9E3E7482BDFC32895A65A783AFE9' : true,
-  '5FB819ACDB4D470232F59DBE853A5BC55C3713062ED6F75AD35982304E14B32A' : true,
-  '5FCCA125301032F32C5C915A1AF5191FB7E0ADB6E36AB4210099490CF54C2C27' : true,
-  '5FEFA4F01BA5AA16F36E2A4125C2E0F808B9503355BF09B3189A623B8EA42E69' : true,
-  '60234A884EF08293BDFED2AA0F7A12164317F1453966758A66FEA4AA422E9A14' : true,
-  '6085325DD4C19C14024B66E50D6FB600D161AE12B569A70B9C1EFFECBE9C2A3D' : true,
-  '60B1AE233D6CEE231FA2D0B3D5888FC9842087D2ABB3CBCC6E9C230D974F5D7E' : true,
-  '60B7233177358390EAA910658D1D063B57CC3D5B76F70E521CB81E39DB9AD50C' : true,
-  '613E70A1BE3CA6314EDB7C00B2477990271E0C8DE8210EED56ACD391E8CFF28F' : true,
-  '61F83ABFF7740C9144959145660E563D682A8D21E20B92AF581237F621A5187C' : true,
-  '623760585A2256D234ACE51A98E31B982EB5E5BA2D3CBD673C747FC832529F60' : true,
-  '624A2686ED8B75686FCCC3FD9DB8284E94981BF30BDD2453817BD653F3BD9CF2' : true,
-  '626042CAC6DE8C95C77C0E732144FCBD63418D72ED04CCB42FCBF260B38B21D5' : true,
-  '62C06D5EC111BEA1222B57F5BF5FA974B5025C3554BCFC2677048DF4A2EC0170' : true,
-  '62C4876E637B0361493822910A5FEBD70113B70407AEE4FDEBF249585FC4A069' : true,
-  '62C9A052080F8EBA5E8FEB9615B5CDDFFF1D74F8467653030CB1BA12337EB5D7' : true,
-  '63448627F20BDD4F11B278941D82DE56AD3A689CC06064D867FF060FCFE29A49' : true,
-  '634783AC64589BF61818D6D57D8C3628FBECF3354AE91725CC1CC3A6B62E4E0E' : true,
-  '63591FA550D322410D6B2617A3B70A23046032A8CB2F96F2CFFF9111D46489BB' : true,
-  '635B65E10638CE83AC12795BB42A235C6DF75DCE35AB6901255D4A3B0DE05FA0' : true,
-  '63DBD2E32AFC1025D4AC5CABF8E6E61ED4DF6D0DE50533BFBD6E3918F40E6EEB' : true,
-  '63E6A22E453B17B4EA3E35C6E39EB315DBB77A237B1BBA9BFB2B3BCF675A63B9' : true,
-  '63F85020290FCD168DD6D88948CF6113CDB05F3FB8E20507A4E35D92F6FDCA0E' : true,
-  '64261C63D988D7AD86D209177AEF7DB6EE3E62151B54C6FADF8F100C2750D0CB' : true,
-  '644E41BA23C44182CD1D12265833CF5D62553B2192496B051118DE945E0B5BBC' : true,
-  '64831454483CA9CA55859BBD324F492638DA8179EAAED19EA3CC8E16FCE7A83B' : true,
-  '64DF22A2854303C139C648D34EA8FC45F3ECF9D4762CC9E1FEAD8662BB512DA7' : true,
-  '64E0CC1B77A48D0233F2F1CB7995C3894B828D8650D191ADB6A8940C6BBA3E74' : true,
-  '6554B0046B4C5D2310B49B72D6494BF22F8A95C958DA38A11973C9370DF8857C' : true,
-  '65B9EA850436692D74A1A350E112A63BB4F2B9E4B10A602707ADBEFE76B247F2' : true,
-  '65E435C88F831D080BA50F37D0668230281DB9A679D705FBA84820A44D822540' : true,
-  '668B926F5EAA59F351B7ABFCBBE5FA17B547B01C5A7D4AE385736CE8FD13359E' : true,
-  '66E9E8A83F938165FE2D1F3E6669FD46132CFF7A2F99E5D23CC3CEEE0A07EFDA' : true,
-  '66F68579A292313FF975514DFBE38463C59215775C62323FD02302F539E3B252' : true,
-  '671DBED9969959A1ADA0F9DBAAFB7DD35CB71FB06D0337DB178E34BB5CAFA9C1' : true,
-  '676EC356B302BAC4392ABCD0702056E398C3092F6F3C66B61CA17171FB8196A5' : true,
-  '67DD1BFA9359B189710510FA166B93B9759B97BC0C9C3DBC5CB07434D09AC0F7' : true,
-  '67E6D8DB673E4B9ADC12C134F94EFEBC055068A7B255AC721582D7AE3FCD3D6C' : true,
-  '68EE7C99FB1E2B8F0DA74C5339E58C6A1F7C2697CDE363B2A8A6D8E012D2C773' : true,
-  '692C08B2A888E8B373FCCDB491C531D58002CAC55188368BB037DDA1F2C829F5' : true,
-  '6981222723F6C1FB0E7C14D8181D0799F0657E123C470C759F70A78D995B7102' : true,
-  '69A828B3AAE09B3F1EFBC53DB56353AF2444809A08F188668225B2A0EB520FC3' : true,
-  '69C135C5854B93D0B081254262DAFDB0FB3C0603D45EE6F5E91BD6678CF5A6E9' : true,
-  '69D7A817007EC6958CDE66700AE1372870F1AE4710026D3F93EE1A15E024C880' : true,
-  '69EEB2BDE9BE075A2C6927DCF5DB9E9427FBD153953D3843BE5151A6ECC3D560' : true,
-  '6A14524124841DA5A7C0A27539973C88C77C79EE8C190068EAAA9218CC35AE76' : true,
-  '6A4EA066674FCE8426B600E54B3FEB0A0328BC0E3DEAA77432CC047B2743D7DD' : true,
-  '6A525C84FBFEF83BEA806634766F1530D9C5964DFAE49BD2F678984AF29FB474' : true,
-  '6AC112C1828538894A1FAC7CECE0ACFEE75658118041513498E880274BD2B7C9' : true,
-  '6B02CD14A3675354A800006220E94D8D4D5F9774D60EC984955FF720D927E529' : true,
-  '6B59DAD53B5D9FAD67626890D678177BE94BBD7C8E7815986BB28C09BD60E9D2' : true,
-  '6BF07AE522AE438A1736D449CDFF0D8F72F7690C120CD9F51FA2CF88160E8980' : true,
-  '6C4ECAB94915E0D601B65DB60AC587D133DE63561C2D915347FFA5D69C1115F7' : true,
-  '6C636B0095B2D2ADC0DA3BEA01B82A14130410220A5692C3FA2F374E07EC03AA' : true,
-  '6CC97CE9EB4776E7E4EE831B97F15D992FDDE766B9AA2233B41770271C0BDD88' : true,
-  '6D13CD353D7F6723CC79620F59D5ADC6FF6FD185B9482C0D3044B69E8B60434B' : true,
-  '6D3BBB6612DF6B07FDB7630F79AE3C8B7609A853AC5E95FA5061E4248BE9CE97' : true,
-  '6D49AF2004D322236E0A30C695F776C09D980BF6D6060B571815BDF6104FC503' : true,
-  '6DDA1CB95F5505512C2759E9F6ACB12B2F66CDEA160527EFA91D2F1CE057079F' : true,
-  '6DF2BF0E57C2A025F1FFACF32B574A50464D613CA9873BD8DF692B62CB1DFD74' : true,
-  '6E61AF6B9F05C441F3AE6B3FE2D5A6ECF9885A2B223703D1C9660D14E6102F7F' : true,
-  '6E7E91E395DCD00520BAB2D41630963493456B73BF32E23ACBF4C2BBD5F0A703' : true,
-  '6E8D6125A9037938869D2D9C291AC9A2AC3731A6E7429D9E2037970069B7659C' : true,
-  '6E95E8980B03A9FF276C6A4F68B46DE8D29410A9FCF4285633DA91647BE7E10C' : true,
-  '6F6CA3B04E355CFF85B89EEB861EDD2D91CC874EEFE99A2D9B0A3095653D9E97' : true,
-  '6F8652847DB9289EECB5A58CA15FA522DA5F26A60E0BAFAA1BAAA37B32FBF465' : true,
-  '6FBABED892623FA77A93005871EF0A6374050AE9F3D3A346A8BD4558EE3959C1' : true,
-  '6FCE4CF77E254C2920BE515857DAB1929ECE7638DD8C370C1AF6A374F36517A6' : true,
-  '701E5C167D1D2A47E29F6E0EF64D59D978CA3287D20E3590ABF531EEFDDD885F' : true,
-  '70202315E3423BCD73E6A3CE51D0F541A78350111E683D8BA64AE9271A9C6369' : true,
-  '7066B709F68AFBA83E93FC497B97DAEE440AA3B27F8E6E32DFBB1365C3F2EE68' : true,
-  '70751440BEBC64501417A81F17FDB0FD31052D19DC361383EDE63E647ED1D8DA' : true,
-  '7081C7813097A8602BE2DFE4BF202EF4574BCD4DDF51FE8C7A2F872F93481E83' : true,
-  '709A501B0835742664FB4C650498359C1576F74186B0D12129A6E96A5C09080F' : true,
-  '70EE22590F5CFBBC659A9EA9BCFA0C876694116323562076D6FA6471E79907E9' : true,
-  '71168AF1899C2122E92CE1FAFCB2EE64B9CDE6D14069E7412F492C9078704F26' : true,
-  '7135F96275D82CA824EEB5D7B0510569C6D97E802BC20606615FFDA96E7CB514' : true,
-  '713C52C05CB8B1EA3B27FBBE33649956A33D8E1AC4F222EC3B90428E52C28E00' : true,
-  '714F1E26865618BA75AD738AD3B843B14D776EC9B7D617CA4E7C2DBC98C8E7D2' : true,
-  '716028AB05239B1018C6E2ED3F2EE6237F04BCA21C395AF1044D92AF5911EDAC' : true,
-  '7180F1CD379E01A81DB181F3A839C48E64734FD493D1013367A7287181C4A7DA' : true,
-  '722A1EF7AE81ED686799C56B96F9A9350898562924E260DB15ED49F00D20DECC' : true,
-  '72FB0C9D7767CD725184EC22406246CC4E130E49E4630E2D5BF248187EA583D0' : true,
-  '72FC451177A264EC01165ACC89684C137EB92467BB44EE64962C5D1AED5F8409' : true,
-  '731D2388EDB673DEAA419BD26B43D6AE7D27EFDFB47B6A1124EB20D30F90965F' : true,
-  '7356E86E8C181E623D168491A780BA7011327CF716B416619FED3C3878A425B5' : true,
-  '736C0DB075FFF94C2B0FF4741A10BB5F750370AADE4649446A75CC6F3B129F5F' : true,
-  '73B26EBA4831AC03380E60772E12BE78303E9A6816058678BC432BA8D640B3F6' : true,
-  '745D3184B509466217C4305CF4082681DA91C917D7C176D5C8FB8C9810C1EFF0' : true,
-  '7464C196FA42968ABF359C05DE1A029FA4CC551380CBBE661CCBFBB1C7865E70' : true,
-  '74711F9774C66CEC41DE4FD32197132B13A40A6758A106DC95BCADB9298A6241' : true,
-  '747E80C10894375B82C313C81766E6757B1B28E5BAE75AAB0BDE87A9242E8655' : true,
-  '7498564F1A708C3B6B69B90307F879BF79019344A9CBB308B89265989F87FCCE' : true,
-  '74C7149B1B6739C22FC0102A7EA2DBCA770432A85F2095812DC7961831F73EC2' : true,
-  '74D4CF230B19F9B9E3C674DB1B1754DEBA59A837534135CEA2A9DA3496876FD2' : true,
-  '74E0485AFE164965FF9F982F0999B980CF05DE73016EB7F6B38B105A5E07564D' : true,
-  '752DA9AD5E2DBF688A910E1BDF91CC22027100A8B2FF44B98F92D39D38833A27' : true,
-  '7567AE3D698B690FB2349D4468F155CEFE64ED1975B768E791D934332970791B' : true,
-  '75B0A587771EFCF6AD7AF92EFBDEFF0F4E5CAF9883AF521B9B13C78D247B5A4E' : true,
-  '75B50B0EBC80D619AC5A04DBDF5C622B1FBEE1F299594B0E4CD6B6363BEFF8CB' : true,
-  '75F12E7E7FEE1F0AE3C22D1B94D33E4A31EC9C3B0B30338AF4EAD52856A11D26' : true,
-  '7607259BFE14402887557E6AC9BB570FD9D3927DA048FF9C7926758ECE32B824' : true,
-  '767EB0B508322CA5B9E37A4A1CE1CC43F5AFEB557D509AD50261F25DA73ED0DE' : true,
-  '76A266265F7454F38CBC307C9FECDBE80081097444B97BCA9C722D93219EA358' : true,
-  '76B1A25306D53B410FE5318EF1D077B29081025ADDD40CA55ED4A0A1EF557E65' : true,
-  '76EBE04192726D45EAEF654FC3DFE992E2297DFDEE303BBE89C8F425269F41E7' : true,
-  '770784FC2B1A52F110194800E972006E868F055C52A8BE467F3AD7BCD7E441CC' : true,
-  '77C5EFEDC19C242BDC746C5EF4A1DF4117918CBE078CF6DD65FC274DB64CFBAD' : true,
-  '77CDA7C1BAC564BA322B350C6CEC0B9E813104332905F2D556603B8F661AC19A' : true,
-  '79244B0AFBB3B26770A470A4F23555757DC25D3856F56D0096D9F06EB47D5889' : true,
-  '792EE0B202E6A45AAA85E918497D9C9F16FEAC99500A7940C0FC812ECC42120C' : true,
-  '79B0B3A8D1BDB11D40FE8B93868460B339CEE667DE3E94C880AD9BB14E50CBFD' : true,
-  '79B893E3487215CD87BE3BB3CD5CE1359CF8385BEA49A5E45BD03624A0DB3D08' : true,
-  '79F9792935CFEB56CBCCF76F92C17E93606B2774C0F3618F2DE9BFE9506AA04F' : true,
-  '7A0F440C38F18E15DE15BBD496D670B48571AC7A71EE56F0F696E26FE1C06C92' : true,
-  '7A898AD8A9DC791DD00EC4F1C6CA3F1AFBF711D2A26E99E6D0740B1B5FCEFA49' : true,
-  '7A938A727247270556F67BCA523A333A2F22573331A6D696E6C559302C9C1912' : true,
-  '7B3234A53D173A266510B9777DBDA7F372E40651E07B910899A0C1063A560787' : true,
-  '7B40E5E9E8A2F63FFF19CE2F4EFEC73C902CD146E75DF866ED274651288DEC80' : true,
-  '7B45E99CAD17290A002ED52128572713BDD96FC1544094FE297EDF28E4D40063' : true,
-  '7B6DCA23E77F3424FAA26C0DB800ACB6E3BBC3DC13A11EE4679049EE3DF03A02' : true,
-  '7C6BB49D3E96F1125169FEB59751BE733ABD4F0D2860EA0A8F1A5C9B14A62968' : true,
-  '7CE1119D84CDCA99D2C1040485C894E22A02106EEEAB39FD20650BFBF7CC5948' : true,
-  '7CEE465792A72473B5B70A88F140AA27C5DAFC6C876AD88D2E45423D9CDC6C06' : true,
-  '7D04DEF71359ED7240B0765708F00B4B9C7C1A6420DF2B4FE659A6D48F387FD8' : true,
-  '7D100CF85EE12F47C6C9755F00CEDCEBBFA513CEC80993AE5E7FAF6F68289C23' : true,
-  '7D3EF8DEBFDDD39FA7CA90EAC62E660639521686926488A315B10FB2A0005F6A' : true,
-  '7D7753734C01837BEC44A0E459A049D96683FF8D0DB78878C3BEC4C9574B412A' : true,
-  '7D817F280F1D664E0C9E717287D6AADB1132D4F3A3E2001B94009119733C9434' : true,
-  '7D886B62A526E2B996C9F715AC5B23D07EDA09AD69D18E8F54F5210166AE0C8D' : true,
-  '7DAB96077DBBA3345EB176EDF7919AF6889938AFD1D9BD32105BD82B0D1CBCA1' : true,
-  '7DB5C89914B78FB51870985C529CF7646F6B1B6673143FC3667AC4090BA8F846' : true,
-  '7DBF7C36818F0BBE711267E6192080F75CE8908B48C9E6EB9626DD9B05308A7D' : true,
-  '7DD3D12A632F35EA7FABE8E0A7B4D74528157400F78278A31D305E315E8F5B47' : true,
-  '7DE8C95508E4933243E3EC7D7C222F82A250E1B71C5619C547FCDA51146392FD' : true,
-  '7E0CD7D375698FDB4C4FFDA33ECBEEDCC86ECE5ED8942F85B216B022812A3504' : true,
-  '7E91DE057AE630D8BAF8520E0BBD1636505E50F0651B64E9B6F70F20EC3432EA' : true,
-  '7F0F7FB9B5975CD10469ECD29F69E5C11CDE9EC561684535E8A36CBC514D3DBC' : true,
-  '7F3B3BE589085EF5F314845A6F850F9411F0594FAFDDF725D3AD3BB189BBBE99' : true,
-  '7FCD0B25EEE0A63FA151354DC39D42CA58AC10D8ED9EB4E0B215C652C07D4E28' : true,
-  '7FFE32EE5C6B026FC31E44AEF01ABB7908A9742C88B8D04F499C797E232A0D2E' : true,
-  '8035EB81467C64D22C3624A58022AF1B5D0D4047328109CABB74CE6B580A9A8E' : true,
-  '813CF894750BE7FE8A0C8B5003B362D62D400F6F08BC1FCABF247172A63B17E7' : true,
-  '814461D429FB2539D44E02913E03F0698FC1ECFF7894260AD3AA9C2716B99E0B' : true,
-  '81A524F4768E8D164B51E023E9FDC90DFBD9EB3D6111C0DA5328B8743253BE8A' : true,
-  '81C82F1726447A63776BE2F5E36CC6DEDF0C62F3B11C7C8B7CE17E10309C4569' : true,
-  '81F32F8C3E868A588E5F34A64C6FBDB483891716BABC5C59D75391A58D8C6146' : true,
-  '8239A7375F6155AE043178439B42195367B40AC6D182FCCEA2502DB0C81132EB' : true,
-  '8249977B7E0D31F533255488A5416349A1C6AAA59C330D6274C82364324C3870' : true,
-  '8256476D83180014AF0D76C02D405990926003E2052E205DD66B158E69DAD7AC' : true,
-  '82668C1629CB39A7B5D9DF6BC94349FA113F915999799DDFE31FF1862FACD095' : true,
-  '8287FD8ADF69D39EA5C6DF59EBDD2105CF3C56E44CF766C48F62A4822A6B3DD2' : true,
-  '82C49DF2DF809141CB5FB30EAA8E41A3E510AC7F51CF203FAC2B16F20C96C2E4' : true,
-  '82D1AEF2AFC46271D18C5FE50811DF9A5EAB812156C2FE6F531A34FD529E75A9' : true,
-  '835314FDEDE174507DA3297069F68C0A7CD6E11DF5FF359F9C0CB4699B7AC0BC' : true,
-  '83BBDAE22AE7CC2EEC0698B2435650633DEE4E0DCF849789C974976D4D641C33' : true,
-  '83D8EB4CA6F5CC0B0805F4AE182E26EC5E4AB5D4332B082090918769A2C44FC9' : true,
-  '83DD8D43E88B8D6ABAEA06F3A3A2455C8F6F79059923A08A8D2AF33233F5A63F' : true,
-  '84F98B7850FF7A169D5642E9EF4401DDEBE465DFD5BE957C9EF18CE9988C11AD' : true,
-  '851A8A0C89B1F8887979F884949755A99BEBC1B399E8913076EE7E48633A3C87' : true,
-  '8524BF9691E1C2AB2BA091218096105A335A0315C8282E59B6E8346B11E36608' : true,
-  '8583DD0B4F3B4EF42A66A8D6E369B1E2FCB8B7C64846B242384DF6B8FA0570BD' : true,
-  '85C4AABFC4B38B9B5D0A4B854DC02527DEC6BA1761B28F5698141AE36ECB15D1' : true,
-  '86154D1D0FD89E4E1FCF72511C74A8B2B0DDF4F38E675B649192ED0C9DAF84CE' : true,
-  '867F174720FB353AA46DD3BB56074679C9BB46EAD5A6C152B3B1FAFCDC252474' : true,
-  '8769B55BC6349F2874697988D13507CC28F9EC6630431A7A9D360046DCBB3190' : true,
-  '87C002662AAAB5BE7B6A7CF4B1CE9036E3A2A70A0A3CD80F64005C889ECCDDBE' : true,
-  '87D35135D0372CC692C261453242880BE00159B60C2450AC7D7B84DF963FCF8B' : true,
-  '87D61B9AF0E0A2D9F836AC304E2F5A84C543275820BC4BABBE3B75A0D182DAA0' : true,
-  '8858520A8D4E5C88D777C33963CC7F43E796B555E7FC573681B59DCFAFB43EFA' : true,
-  '887A5D0381838CCC20D204BBCFFDD864AB71C20D2BA06842921BD96BB171A796' : true,
-  '88EBF5BCAB2CF8C43095EC58E1BD0E375518B5C734CDC394BEB34F3A7B0480EC' : true,
-  '8919E46CD5418E4CBC8FEA766240D5918B48BB28BAE25743EB276B996E6E7B73' : true,
-  '89489486E767E3C410896A44B28109680C653391FA763E7A21ED1FEB13540DFE' : true,
-  '8974A885ADD3112CB168E00C10557410A89955EDFA94CCC4EBA3F5A51759D8E5' : true,
-  '899F08AAF5A4105B9B6CD106464D7634D5B27A444CDBC70264B8CFB56D290DEF' : true,
-  '89CBF98E81A0F82966E19BF3BB997A2E0BCC7C90FB83A2D4627FB311B6FD1D58' : true,
-  '89F5AB7CB2C9A8F6123C4D2F3F4FE378BEEE92B2EF506202BFE847DB058631E8' : true,
-  '8AA9D88BBB0B312ECA960B865AC172C7DD593A9D7049A3032795C5FE7BA4BE77' : true,
-  '8BB672CAE5B222514864A8E4FB8C89A774200D7773F2A56347C75D5094514C74' : true,
-  '8BE5E1A7C8736600D204B7C20EDDA49E72107EDA9AA5E03F971FB24FA8F8C686' : true,
-  '8C2DDBA5CA9E4CF79937A5A3AFCA79F371B6F235B37308EB53ADF12C319A7EC9' : true,
-  '8C6DDA18A4CB339717E1321FBFDC9A3ACC52F2FEF6FB453EA389A2B43FFFC63C' : true,
-  '8C7CFA7D4BB49D306857772722769DB1FB9CDC09F565F22A8EC082D956E93694' : true,
-  '8C85C2F6E697880B740C96BF35FAA02B4B2F718DDBC4A8ED6ECF9EBD7FBEC1E4' : true,
-  '8C8CB48F1D745276E13230C9BCB0B7ABBDEEC2B9F1FDC8B5C3A15612F5615100' : true,
-  '8CB93E0ED93C6730B58CC0314B8158A7A92184312C53A7CDABF05B369CC7E730' : true,
-  '8D0CF6F0B227BE9394DA0DADABAB81A44900D104A915645ABF030220F3AE187C' : true,
-  '8D0EC1B68E24C1C390A7DCE081085A14CB27FE8B5CE652A60529E04825F289DC' : true,
-  '8D7E00642EF079DCB1B9DE964075E3FD44C63D7DD6493AA3507D87D0E277CD25' : true,
-  '8E6419A3781E9E9C262AFDF8318332504EEA56B39EF770B9882523D132B85AE9' : true,
-  '8F8515B35B665B69D0DB9661EAE9FF0829B71CF4AFEB3BBF988BEE73985F5D3B' : true,
-  '8F9CE539058EA5E0587C8E79E554DBFD1971FDE7C5A96DD1EF7277AFC2EF70D3' : true,
-  '8FD4DF8A3A7C21CCBFCE204F35949C4CD5E2BA3B712FBE3AE290BFCFFB29CD78' : true,
-  '8FDA31393381A23479C8BFCADEA59DA75A1C390693F72CB7B546C641BC698256' : true,
-  '8FDDF56677555109B03ACCF8F39EAF657767096D71F1652125BBF487FC6BAEFC' : true,
-  '903081B318092837E460229248FA67A70B01EC6DF9C9D279188ACED18F1E6BB8' : true,
-  '905AF56BB5517C973A43C5B576B40C5EB69F00E615BEAA8538D294E40BBA836C' : true,
-  '90859FF52A82829F7DC99392C6AAD9F346F54ED3D468426C26233AD5D189FBC7' : true,
-  '90BDE9F4CB3DD673BDB6C641361BD8B076A985903DF004AF7E74DAD95EF82E50' : true,
-  '90D6AE9953E31E3DA34A67533E444BC924E67CC2C610FA468DB31E59B1A35471' : true,
-  '90F667D4F929D6F384FF63531B8C8AB3AEE3A92BEEA5D49A08E96E3415DE5B80' : true,
-  '90FF35B27260290E94BE3E2FD6F62F412A3FF4303E38ACF6315E190A1980A095' : true,
-  '91CD0D276921BD32F4C8616BF2676078C24E39AE1B30943C5263AE0377F41F21' : true,
-  '91CE410FCEA8EC201D33AB8E7419BC60E8EC83509B51D10BBAD728E2B6EAFB1C' : true,
-  '91EE28B14AB2C7571BE6CDE2D75FD4C05C960FB033DA819EDD463D5D3C494591' : true,
-  '922F05FAE9BB025C1CD2627237E07A1062438513D00ED14895B5D5C22CC51620' : true,
-  '927546232861B1DE9D105031E4A2502A170A06D65340705EE3D7ADDD34F9FE0A' : true,
-  '936EC5E6437D79832DE6B015C38725C84A4638D73770965D82F3CBA4EC35C0BA' : true,
-  '9389649C96CD20843B8AB8286EF61967AEB4D76DDDE1F91A109A78B62CAD3506' : true,
-  '9394C03EA88D9DCD628AACC140CF1FAAEC364252F318F577380BF2623009DFFF' : true,
-  '93953B68E8DD11D00ACD28501AB32FD3E41C24141813CFFA142BEC2B8D2665F5' : true,
-  '93AFEA0BFBF153CA77357087301C0F31B095EF2D5A53F7E2D02F9B13DD6E7325' : true,
-  '93D4086132C671C5A36C4BA995499EE03BF81259104468E2997198F83A5041D0' : true,
-  '93DCEAA3D67BD8992097C446EECE4A6A02DCF89EAB0008EFAE7D0C9BE26B7C00' : true,
-  '94C5E69A5644B4BBFF863312752633025D60B905984BC297D103F7B58F8F1CAA' : true,
-  '94CE12FB5F69E4273C8F813ED37ECB954AD667BC81C4E37DD27A40C291DDB12E' : true,
-  '951E14CC4823E3E83E2DD0CE75826B7BDBCD45CB16FCB70A1CFBE6C6BE1157D0' : true,
-  '958B00B1147A749C680D423BF46EFD460CFD4DB811460C215480EEE933850D77' : true,
-  '95EEDB5E6C8B8552E29D7FB0C607EC68AB3D3F88A3FF97F4C70D7BA9D69C8521' : true,
-  '9658D54C28C27DD6E9B79098D7D86C1EA32215492E8AE9DB225E3410EEBC39CE' : true,
-  '96735DA929F88A1A3292D120F963FF675FD13315DECAE2555139CCF71822F408' : true,
-  '967D76F5FBCD8DA9E6FC6CF1F461D0BB63786D6467FB636F10628E36F95A9799' : true,
-  '96B9BCDC21A4E9187BC7BB7B5BB052A1953140044A59ECFB2F1DB1C0FC648FE6' : true,
-  '96BC0612871BA526E0F8AB96612077A50930AD430147A0BFD37E1BE21E0C64DD' : true,
-  '96DC92A327E33DF81946BB760B8C22FD7F74A2C9592987BA110F7A9D211F47B8' : true,
-  '974149DB587C53796C2752AE8D14C7F3E7C9A1002EECE93420AEDF52B1F48558' : true,
-  '9787EFF64AF68F280E2778414020672F24C44010549900A5A0487F11CADF9A41' : true,
-  '97907F0BB6A5CFB411D9975E742C8DD55AED77AA373C56DD74ABE6B7C9892A60' : true,
-  '97B09B0E6CD2378FA7CED47F365C77266C94B867F8F87B01D8B667D0DB2F5DC8' : true,
-  '984E447F3A932B79E9373A9EA9786E0637ADEE21B6EAA6B8127B05F26D7181FF' : true,
-  '98AD6C8A91B962AFCC223C26F0026802B688AE55C204BA0A4ED5BFA5619D979C' : true,
-  '98D9DCCD4C1EF004D7F000B29AC540E935ADC074DAB919F8ABBAC7507FC35EBF' : true,
-  '990477B5471E1BFF7187E419CFAFEDE674FAF3E6325182F9F8C686A2BAB085B5' : true,
-  '9978468023B41579748FCA17B03E24B0842A8CBC73F92BAB7152E6CD1E29769B' : true,
-  '99E437DA5156E02DE52D0D95AFDE0FDBAF8F626F4D3BAD2FFFE7F4C75D76BD60' : true,
-  '9A51003D55795044502ADD35C199B9E3D62A6C9B554030E2ADF9005C2296A326' : true,
-  '9AE40265F51732A5A72BFE9B4C3CAA7106EE84D320F7C675C443C91550E5F701' : true,
-  '9B28E0C477E934B2FB3DB6D3E6722112F316E95B0526CD1E270453B6FD2171AB' : true,
-  '9B340670FFFA8B98B78247E2A470627E05F1AE05ADA505FDD049350B5A8521EC' : true,
-  '9B573154350FBEDA3CAC21F90DC0E59C9EB0DED7F069650E099F62B0871F3615' : true,
-  '9B80DD5C98B0F0A7AE343DBB896DBCE45DA52EB4E31BE057287A2A738D9CE3D6' : true,
-  '9B98284571E5FBB2A2BE676AE24830A6F0048748FA38D1F11CBCB252505D2E62' : true,
-  '9B9C56A1228EFF3D6520261D3CE06F38597A96199CEE7BFEE71D95F7EA6EB54D' : true,
-  '9BD01B7914B81371F2FBF23E7A0876608CAC69218A0DDB78C2AE45909744E5BE' : true,
-  '9BF6A4CE27AD782886988DB3FC3AF54CC857946C7C5E32A9A6AB13A9F7504DB1' : true,
-  '9C102F918224790C649D916B43E1CC9EFC4C16ACD141E22E85F199C1C6BE7DA2' : true,
-  '9C109FBEC4A2FC259F1C89666AFC54EC974EF4CC52C858B3C612689CC8A943FF' : true,
-  '9C1C2898E71561BB2B87D8859A5066940BA97950DE95E12ED293822111EC3D35' : true,
-  '9C7F9776163746C45FBC96E2985B57C6AF769E83428F910C3EEF0918BC5CE593' : true,
-  '9CF455322FC12AA2FFE88CCC43388419F61C41ED1AEC560E11D627A009DA62EC' : true,
-  '9D484D53782C2FC0798843979D991B84A180C1A833D717AE002E75F90E954EFB' : true,
-  '9E2F5DDC11A878B6A7D27F9FECBF10861EF27BACAA208D8EC7ADBE2682FADE95' : true,
-  '9E531CB7619C8C0D5C97E7ED9B20C3A269ACE189AFC5D80DF6D2034BFFD0E804' : true,
-  '9E6937E5BD26C280FA683490204D1347BD8662325524F0BE4B25FC17381923E8' : true,
-  '9E837E2CEACD82AEE4D2CCFDFCCDD0331D305E5B2D123B317E2F3C0376BAC850' : true,
-  '9ED22741CDF43DC2AA238D354F0BD95C28F1B5557ECE9489AABA4CC37CBFC9AF' : true,
-  '9EF5444454DA21B0B7D6110C9B040BDD005EA0BEA27788D00BB3F1C48D9D0F36' : true,
-  '9F217FAF2B478315518373657A359FE713009BCF22F2F00BA4CD6D071EC7A962' : true,
-  '9F7385E656F0E8237CE9A5E9C96A1B3CA17920EE75C112ABE9219C18F77E9E97' : true,
-  '9F9E4DC55925D2944C0ADE2959EED5F6E55A14BC2F6109F8864A8AAD2E4A7997' : true,
-  '9FC08812780624B21DB7596E278F22F0023D27DE99277E37CF07BBBD4B351590' : true,
-  '9FC5DF8E8AECAEAA4939A5BD94A078371135107A7AAA15ED5728C9887FF4DD8B' : true,
-  'A00CE86F3B49E7F372B6456C9F2F8615F007D98D1D0423CC36791DA3051E2591' : true,
-  'A0142CE676C4FA2524F53E7626D21042BFD8A903AC54F8AB2FB977ABB760D6D5' : true,
-  'A03D7CE2FA040738CCFEF1F20872DDC1E321745B2C34095822A51B3BDC07D9F5' : true,
-  'A03DFE739C80E109658E0B3EB41D9EE1F03EEE48162C4EB97EBC3548760402AF' : true,
-  'A0E9635A0A993A3C15F0D7362D4D7C1EC21A50B04AFDEC18685B4A21F69E42B3' : true,
-  'A0EC72259E87A736E450456B144143E34EC71EB7B43540C03CC57D4DE4EA25FF' : true,
-  'A1453B09F39601124160389EC5CB0457C723CC520AA8EF56B59AFE8021AD04EE' : true,
-  'A1712F04B99848A73D978552028EB84039AB331DCFCE329E8A7A59F678139F28' : true,
-  'A19FF2AB5EBF26CADFE7E4CA78BE0F77C18AE821F71F1262D5D8BB598E99A89F' : true,
-  'A1B71E94B84076BBF29645578CA796F299D5FC07CA4C2049D41760F9B53035F2' : true,
-  'A2152E5BF42DA70683BFF5526B3F9B90045F74B82A034EDDDFD2F8674BD20D7F' : true,
-  'A21C3F2CE357822C64D1F9C26446235137559939DBE7C7C3E5CDA218376EC1EB' : true,
-  'A277B893194AE7687EBBCFA344178B3578AA6228D2B430BBE2FC8D5EAEE43135' : true,
-  'A2E6C7ED88E5F8103D95E02F792372AB66EEDA5AF35CE4884316493325F971E9' : true,
-  'A3554186EC7CFF6B11D03F042B490700287F9CCE71A4F581B0C5C13C2A0CE643' : true,
-  'A37B9444FE3BB0FB2EC43F2677926EF458D0ED4F0688FEA6443A5F243F10C2AB' : true,
-  'A44473407C78C1A951194CB7DBBFBD5010A60A0C82565E02AE1E372975C8D8E4' : true,
-  'A45C0F1FB81BDEAED2EF4302BD5AF171F31496B6A8D502B488BC8E3E22D5E992' : true,
-  'A45C8546DF176BCD32BD7D15FFE732DA2B73EDB38D387108ADABBE4B20066275' : true,
-  'A4C6A2F0F5175D6C5C1D87E61ECCECB368E6B5374F056F222FEDBD0857B83F2A' : true,
-  'A4D07A0F8A6A11935F63B66461D06DAFE3D8AAC0E0001B5E842A2232F327137F' : true,
-  'A5278398DC472DC37141AA3EFCF4953AD7B14AC25D3730D2E99020353CDEEA25' : true,
-  'A558DE705EC13AE6FF7DF6E6B1BFDB54A7CB7FFAC1499954FB109E6B884CFC03' : true,
-  'A5B9EDB84D5E06BB960BD23A73B0AFC8A0F35C95B782BB54004EEF2430CD3351' : true,
-  'A6584C2334B3B29B3F7DC858D65AC229F679D8134C75DBD5A6CC1A4B897ABB2D' : true,
-  'A68F08DECE7FAEC73E7F00AFE4C758B2742EA6BCB9FFC0F3D09C3D3E79E41EBF' : true,
-  'A6B6702113E87CFB26DA2066CE2151698C68EC71EA906F632FD65DD35B3E0094' : true,
-  'A6D113CA991875E854CB226297662EE3B083F5D4E15E03D1FBD96AF0FA6691DB' : true,
-  'A6D1CFE508A9E64AC65FDE0FB8EDB8A808D3083125E2BFA975B4A1F0373FE8B9' : true,
-  'A74DA51FDF285B66F86065496D236FADC4D44051DA6400B743DAB15A81FF3B13' : true,
-  'A7636BE0A08F56D7F05A8D69AF0B7199FA7C05AAC123DCE71AB57C538A4D910A' : true,
-  'A84DC1DB143EEE938A45743268683770BA0FB2EE69A4EB4B131841555CF1E124' : true,
-  'A8E146E7A32922CB9F5908D8FC85B2928D4BBAF44E8917F370E57C60EC479EBF' : true,
-  'A9266E0A665A00C7C4360A7CE3FE0B5ADBD6E7E20A32677E43BA30FCFE112E30' : true,
-  'A93B07A90F55AB3B6BDD56958FD69A808C8DEFA838DB35D323F080A4AB1E4B60' : true,
-  'A982473B3AABC66BDE83F206E260A07267088862EF71389082A98858BB12C3EB' : true,
-  'A99953DEB7EA51793C1A353F91A070E4702D42AECC9808E4F14805A755D1866C' : true,
-  'A9DAFB7E89AA7141CD52F08D5740F09F388419744351D889C96D2B4C3153A424' : true,
-  'AA1716CB8EAE12CAD75B01F3A4EC5516140813349BF4041369089A6063625EDB' : true,
-  'AA55A82D7DDFFAE695312FA5ADFE893D1430057D1D8ECCCD2A9E985CEBAE3989' : true,
-  'AA9F7FEBC74FE835504EE24501DB2D00409FC761AACAFA92DC8A696388AE843D' : true,
-  'AAA011E89B2581C1863FB1DA1E41A8FB8EF14ED0817976F16909C68E27F4E70B' : true,
-  'AAB01A25BB1EE114084DBA1E0B2B8E5C84936196D40CAAA26A16E58FC50E2B93' : true,
-  'AAD7DA6E17F164E00B0B63A6338330219F40EE683F8E0CA5F6B709F2E13FB3E5' : true,
-  'AADA8A48FB9966CCB61E4B8C97DB2DE50F0AF34422D74D1A770501AD00C40119' : true,
-  'AAFF2842E6847355FCBED741BCD82746847E413E1BDBD16B33E09984B1F1F743' : true,
-  'AB34CB23DF8A006DD182B01EBBD38DC13785C4DDD433564B5CA7579DEBF3B1AC' : true,
-  'AB47045D4B45B0821E851EEEF7EA9D6571F9759DAE4F3DB1EF92597BFD2B4FF9' : true,
-  'AB6C39D7868C1C094E5E5A5AEC1ACD07396F82BAEE33CDF2AEDBB4F02E899B90' : true,
-  'ABB5673AF0583FF328D23B1D4F35B33EF6B68DDCDD482BB3BC1DCB43D2A0367D' : true,
-  'ABB5D30080E3CFE6F83F249F3F8A22C731F318DDF1BAC4D4895B2B7F7A6287E4' : true,
-  'ABE9809D21AFE6E0FB253DCD55E10C31DBAB32A973EC52DFDA1C15068F89D333' : true,
-  'AC34CA02ED811B4D918A2C55C7FA396105BE68AAC3A23E762627583D4F11E8A6' : true,
-  'ACBD5C965EBDEE4D8D3EDEE2A5FC407A6A3A7AD5E6EC120EF1854C18118953B2' : true,
-  'AD046A8C4DE2A89F32973F0566452CFD38CE0586998717364C528F5995B5E2F2' : true,
-  'AD05645C0957254FE67FC48F7BFAFC24D30BEBE233B82D87DAFF3B44EF7314B4' : true,
-  'AD3FC05D383E384659DA700279CE3C48DAB804AC74DE2B3DD3687F6ED355F99B' : true,
-  'AD40C15657CEFAB57F6A71035796462F0184B0AAA489E601087DE329F35CD757' : true,
-  'AD679FC990B740191DF7F88D51947A1F23D79F862160E3C94A22BB1169A7567D' : true,
-  'AE03E5FDACD94805484DE44DB4BABB96D1D2EED4F0B9CB528CB30210C8005C6A' : true,
-  'AE7960061D5D4739E2A6C0BEC6BE8E98ECE3E97994940C9BF5AB2E1C2C0D9702' : true,
-  'AE7BAFD9FB7AB3D87D0D58774420B314E46538D2894DC58DF5F5614DFE7F0435' : true,
-  'AEF7E370874D2001D989B258853C1974A5E45676D3D7595F74662C0B650BFE8D' : true,
-  'AFEC41B1302FD09F03015FB573960516918EFAE30F68D97D027D45A51C4115B7' : true,
-  'B06CD6AF9B4156B4379FF3C6C1F8CA182A923527D0DD92905394DB3446A11D5C' : true,
-  'B0FD996D85E74BF51328181823707C4FE5E96C0028C2B3FAC104A96237B63EC6' : true,
-  'B0FF4F8A6FD3F8FBB19A188351CD4925C951DC2D64633B9E0446F026670A47D1' : true,
-  'B183D8E672345AABE24C849B4A13D0BD99C296AAB273ABE88C00CAA229A27154' : true,
-  'B1991ED1894F821B66AEF2E26E0834CC796FFB43971A79588A44CCBF7E8B3076' : true,
-  'B1C705F5D1E939E93139448EE3155EC4895C970CF31CEC997A9FAA547851626C' : true,
-  'B20BEB685F3FB617FC974C4C624ED894EB2F7FA61DE28104C7B9EDA1F52F46FE' : true,
-  'B295FDC9D7462488EBD4E5FA8E5B062FE5E2D0432C6A02B99F4CAD1F9BE6D0BB' : true,
-  'B319CB30FD80959806C6836129AF6E1A8A32B8B8D39AF65674532BBCAFA2CF8C' : true,
-  'B31C07387E56AA457F17CA3D3A4C485683253CF387E6DCE37469B6A8E51CBF29' : true,
-  'B3251BB9A1B4F219400E69789FB08CA2BBA396C6D2FD3C4B69F4B7E1C0DDB615' : true,
-  'B3381C627EFBEF5DF3BCC9DB71A9B6E4C0A4F3114F7E7408A356FB33FBA5D20B' : true,
-  'B36D72C8B1F436DA49520421FC0A2869A9952DA405DA5E29EC3A1919453DD6F5' : true,
-  'B38D0B1FCAFA3F435FECB2B3A25804FB004BF11DE5CD691C1461A4D76792A4B0' : true,
-  'B3B5299F5F09E54A0D4F2C11044D183F9D6E2CF036784243ACFE5F0449FD698D' : true,
-  'B4130785116E5A84BF7B191696B213BA8877228388B18C2DA38DCB9EE14AC8CA' : true,
-  'B440A043514252DA267A339059C789BB14D1339B7964B0945262D978D9AD021E' : true,
-  'B5008FE6CBE7E0EC5B158E8C9CE487FB6E5349F47007F3CDD2B1AAA69098FA40' : true,
-  'B51BFFBF094EBB26247D54321DE8F7CC10B24BE9EA6D9383BF908E765D5D9594' : true,
-  'B5453C09F38363BC702FCACE4B64A74538B1BE40617640C00150CA9129FCDF52' : true,
-  'B55BBD123C4262662BC144E0CF4BC9B47059C4BD0A136C075BB9B3E82830799D' : true,
-  'B56769F28FE8395FCD50E7552BFBC2AA549F30E1092A54921BE76B07A6A800F5' : true,
-  'B5A9BD7AB128FDCB0DE3C7EAE193904867BAC57822BE195F3060369520403D6A' : true,
-  'B5C58EAB37201F8A7F3C520FECBB3C016A30960C5931DD7C43ECA217A1E31774' : true,
-  'B5D38F895E2681F656FEE774C8677D29749C3E5ADD3DAF7A2A91043BF5A4DDA5' : true,
-  'B5F004A0997E3448A1ABE7DCE45D8BD263AC631D14B05A04CA195E98D665B679' : true,
-  'B61D7AEFD0BDF0DF2C8C8E68D4E3D92EF45CF9F79AFD9EDC4729D71375916019' : true,
-  'B663B6C8C60A5969BEE4F6844813AAB8945EE2CE2253CFBA67500B991CD8A07F' : true,
-  'B6CEE930054D71DEE1D167A566B9881B8971F7EB4BC4A34FCFD9DDB3DE311B9C' : true,
-  'B6D0C415C5ED7819171DE421C8A75C18297924B93FC2A95FBD8C4200CE36681D' : true,
-  'B6FAC01424B5C332C72B6B218DC93AEBE54318DDBFC5BD1277E262FA7831E5B1' : true,
-  'B745A72DD07E5FED73CFA723D6BC2E98FA62B6E03ED378804EBEF7DCD83725C0' : true,
-  'B76BD62A287E68C2CC8F8CA7FD5196938DF4C39E6F46DD81A3A37D22B761C158' : true,
-  'B771F979722EB52E544B543F7AEF720A930674556EE93691DC650C73DE8252C1' : true,
-  'B7E6A641053C86E17A4A328D98700AF4BA3BDD35E5208359AF120C2690F51E3E' : true,
-  'B7EC03174DAD602E897345B072749AA86CAF05151062989E183C3039DE25569D' : true,
-  'B839688B9303FEF8860B4FB2EDF19FF2A0BF5306DAC007E8CE074CBA13B39A03' : true,
-  'B86F85494700264E918D8706B711B9E8C3C12AA776E0B63AF35B73CE56B15BBA' : true,
-  'B8845702F28C3AF9B35D8B5F1DFFFA014CE411CF592B18395F700CD8B937F3B9' : true,
-  'B8F0936622984493F4B74D087ACA8438AABAB1111DA258806EA86C23C6F6617E' : true,
-  'B9772693C35DE8A4B6EDC9457AFC3B4B52ECAFDBF612CEF1A27AE7F7FAB8F79C' : true,
-  'B9B09CE521337B9A3632C7FD98DE926EEBE5AE5E8B50A098213EBA0590C387A1' : true,
-  'B9BCE346B63D3B6AA111483A98E02E437E3AD0B6D08FF142A31E0373DBAA3207' : true,
-  'B9D8E2EC3C47B6130DB45DE0741CDB790E36E4617986AAD5A2BA232B8BD8A85D' : true,
-  'BA4052C530EB5FDDBBFD98FA9EB99660BC084678009D5AFB2F9996BCA40C354B' : true,
-  'BAC88F443D9F2F03CC7ABFB27373EF9600AC918E084967BB77E80650B3724266' : true,
-  'BADED8CA137A9AFC4A0FE344F663C743D1A549D0A8DE663426B90E788868024C' : true,
-  'BB4C7B45E3310BD7015B76D34CF4308E778E6376EB4841B0BD513BE1A45DA11B' : true,
-  'BB7E9348A57593802F083CAA99351386DBDF348C83AB35E554BB7BA44FE1FA55' : true,
-  'BBAA50F752648522389B89EDD345BF8C41FE10D4593A8A1DF467B2FFA7BF870B' : true,
-  'BBB3260B0820E7ED72785BDEBCD876383243C325BE758BF025075F10A6D9035D' : true,
-  'BBB99D57C9ECE54B1634DB4BD6211C5167A5EB4DC310340BDE14B1BBCE275937' : true,
-  'BBEF78F8C05ED5A5C2142C3598696B0674FF3DADFC8156896025A13EC892ECC2' : true,
-  'BBF6A87639A5064024887CA082F69575298067744B14B8E0EDE61626949BC7A0' : true,
-  'BC0B758091A4613FE070BECD6CDC0BF1FE89727C3482DB4A2353CEC027E3AB11' : true,
-  'BC17CA376A3CA716F41BFA9D3A2CED2B1941431D70543BD600B7596F4EA2E440' : true,
-  'BC1FE50662610B7D575931031B1EE60479D9D9E3D94048DE6FBD44C88B9FDAF1' : true,
-  'BC447B8A11DA8F1DE19285AAFB97AF1A26A35157AB8FE1E4AF80AA70B11AB65B' : true,
-  'BC568DC8C01D8D7595FFCA2A7E000780F15EC24CD38AAF25EDDCE7BCD41E4FAE' : true,
-  'BC622EDE87E66E364218B38609D792F6906F7CF95EE5EDD1A76BE0C48B8533F3' : true,
-  'BCE02BE648B8A1EE092574F3D453388649082A1B72E7AFE7ADBA310EFBD38DE6' : true,
-  'BCEAEC2D8B8C18B58BD320D77850EC38285F419ACA8A9E939DAE7DFDF26696D0' : true,
-  'BDE511A7E1B38D779BD9E758B2EE8F7F2DD5A242D37CA573394808CB01B78FA1' : true,
-  'BEDF91AB2008A01DA4111518C8065D4BFD9ED614A29CF89A16E94CBCD5F5D17F' : true,
-  'BF38E5D5BE0CC67C1CFAC96B40DFD91DE065F2DAAE427AA54893FFC5ADC73707' : true,
-  'BF9B71E2C87C03CF421733610A1BDAB430C041EB20DB75ADBD9ECB3D342072CA' : true,
-  'BFA0CD61FEFB0FE90D0F9025E67C62A735DC730F13B5D5FBED9B54A3DB882F91' : true,
-  'BFA5B4A3751715409895D27F7C9F057F2C31EE560DB075008A3BAA21DE838FF3' : true,
-  'BFE49B659622D1011F4BB655CDA77638665D068FBCAF11C73829D2DE16E43BE4' : true,
-  'C0AF523C6E9B52801FCA62602022547B25D8A107CC7008C67C438E1A093FA69B' : true,
-  'C0DA5CBD6F39A5B707B0E7DD33004811FD6F925DE713C817F3E2719393163E9F' : true,
-  'C0EF2D9BA63006B0352A74B6052B7D66949376FBE5417A7E01D33219E5BF1765' : true,
-  'C1AF26C31745338DD2E13C1BA98A2E643AAA3271CF1FD5B878E93B1DDA2DB868' : true,
-  'C1AFF08543BBDC3D2D796884D099D8A7B8D40FBA1F37AA31CEC16EBE2AFF0D0A' : true,
-  'C248614B9F4FC353E82AA41DEB83CE57110D64C4B16E7A5A685CF4BC9621DFCD' : true,
-  'C27D64BA2F133417986FC42073BCD7DB4668A2FA7D2D217CDE215F25D2BD5E23' : true,
-  'C284387A9875E45662ACE976D665D6A33C36F3EF2B053AF26C0918DEECBE7CB6' : true,
-  'C2C65F50563C7E96AFE6602B9A0B68DE74F3C7AE5C00ECDB39B98960BDFE5B91' : true,
-  'C2CE30C7F0723F2D2B25A18FA209B1CBC66662624FA8CD1EBA96BF051D969625' : true,
-  'C2E60ADC4803F0F11F83C644D8DAF80DAD4B9D6A67FC108B3C2CE6F2576EB69C' : true,
-  'C2E75AAAEBF724A42960CEFD07F59CDE937840DB2BD1FCD538C609F7D1A1387A' : true,
-  'C32E558AC4FEACD1690C227683DFC38CD26FEF103953FCEC9CBE0FAB08C176DF' : true,
-  'C36F1E72492E2C250006C6F4E71CF086D2383B2F8C9BC14BA68BC666CF714049' : true,
-  'C3C07C187D95222D855EBFDFF827193F71C471BAA3A1B51242BFE963FD4A63F1' : true,
-  'C3DEDA7A5C280862654DD266D482AF59CD7CE5C09020F8F32EDA0D0FE2345B02' : true,
-  'C3F22AB27D51E4BD5A5258957DC812BED15D17FD4119517479FF9FE70E751B19' : true,
-  'C455EB4F7D91839F3CE4EC401AF21797377666D1EB395947421B7B6CA8CB06BE' : true,
-  'C46DC6888470BF64D41C297E1FA082ABB128D4D0EC44DAB62E05E4FF8496B18B' : true,
-  'C4D51A111115A7D06422BBB16B67ECFC73D636DB08551B27596FEB532D8CC2BA' : true,
-  'C4F8364FC0A36A73AA0BDA4074FF1490B3AE07A7BEA479385BF28078288F9C3E' : true,
-  'C520C3FFB5C5107BEF2E8DC44C74803713E13D9BCC99A57C6838BE15ADAAC04A' : true,
-  'C55B18B5DF187AE68174C086FA4E692C6443B01FF4A19DCA743EC1F6E1B7E332' : true,
-  'C58F0FF2DF810FAC8EA095F349A2E6D7E0D9C09D6FBE7D45895408530E1C75F4' : true,
-  'C5B2A636DE1FD6629B4BA41FD1693F261F50577130A05366D298F9CD282E4BA7' : true,
-  'C5E4575B4442687C80E6F9F290846CE80217AEE8892B9977C5F455BEBE285EDA' : true,
-  'C610F374CDA9036FCB01F526005ED8561D16A27790491AFB26D56A1BF0716007' : true,
-  'C6479E02F20A3596203FF184483F1F6A29EF9F95DAD258EF2A84BC6125B299DC' : true,
-  'C66BA6D7D5EE44E268D2DFE0A00284BA59F2FD86AE8F738E84718A1B4C5927D3' : true,
-  'C6983038573EE575734E531266D91772390BDF63A276B49E9360C81F8C813EA6' : true,
-  'C6A38936450B0D72D5C38EC5BE6FA683D25CBFE604C7415BC5E55E2DEB06A946' : true,
-  'C6DE49C8D85A8712EA1A7CCD38B89C74933A89B1512E11FE96EA844F6D6CD9EC' : true,
-  'C6E05D29FAED5903549692D81FC477129F2A3C408AE6C03785B40154A4E80B56' : true,
-  'C7DCCF394F89BCF1B8D78F0E6A558FE8328B360430CD055DC111E930491951C7' : true,
-  'C821C2140114FA7DDE92FA497EED3E4B9131919A9EF3D6750013C6CE7FEE0B72' : true,
-  'C86755D4C77305CCE06484D0BFAA6CD8A72B73B646130D27BB75C8121ED14288' : true,
-  'C86D8AEC465B23370C4D5086141E9C98935D91524E3CF68BBE62C0AB231EEEBD' : true,
-  'C8726499B7FA3B32022A21230BC27CC59901DF584C69F33232EE76FD7A554F3D' : true,
-  'C88BF2F611A7EE5307733DC2950EFF56A96BC832961FF595196EB88EFDDF4932' : true,
-  'C8B4AB5E690CF9E14D079125CBD13232EACD4FA3F15276D2D7BC48FB84BDC0C3' : true,
-  'C8C2433B0C173644E3208A07D4103D433119301B3E0887748EB73300E58C9BB1' : true,
-  'C950A2AC5B35DEC3F384099AD2E3BA7FDBE79E93362A132380CB5ADD1EC2E94D' : true,
-  'C9B128CF349E20FE9560F5AD10F77673AB1F8F69FC6F2BF312FFFDBD5746B116' : true,
-  'C9F2002F6542DA1BC5833AF9A11F6F5F144B76539CDB9E1738C7DB37097523D9' : true,
-  'CA157632863D3E7B499F141741724FA84DBA48AEB51B04A53A9D3DFEA7F70BF1' : true,
-  'CA46DA728E76E97AD214DBB6AC9CB1EA2DC87202C88C35E87CE574FC1F2E0438' : true,
-  'CA846077B68DCA99AE30BAC33929143E856784B64E70098CBC7FF5BBD85C824B' : true,
-  'CB6C703326037CB5C4456097438DF15387452C0CACD89D9DDAB1475A2111C197' : true,
-  'CBC3C62B44E2C35250AB62FB2C3993C55F251559259727D5F76A63002148F17A' : true,
-  'CC1A62E8FD6FCF9A3BE4BAAA64AE2FC0BDEA2C2F34BAEF8F9123D991262DB210' : true,
-  'CC815184FE74CDD53947DCC9733B1D5E9B9E8F31C8C96154355ABAF389BF7D63' : true,
-  'CCF6435DDA033106286D7A69A4C8DD727B59C4E334826CDBCF6F66C801580FF4' : true,
-  'CD7C028069F371EBE93537094CB57A51CA0CA421B9A7F8C1422D9C454F864FD3' : true,
-  'CDE7AA628678D4BCAEF4240A9D09B5BC7BC1A1757010006931949C83DA299B9E' : true,
-  'CE01F10B612255CCF31E03F308F45E0A091C0FC41A13280F575BAA7F4F7B4A58' : true,
-  'CE318D567E77FA3E2B87268B09B1FE99484916CDBC7A56B99900CE7BB7B4F967' : true,
-  'CE34361030AA71334FC8EAC253C91EDDDAD3E2AF0974931325384B9A445CD116' : true,
-  'CEA9DC1557689CC8AFBC740C095ABE8AA617C19AB92B761EA71F19AB2B3FBA4A' : true,
-  'CF099A3A9DBE3D79F3E420A47A8447A50A2F87ACF2874CA86D49F271B82A68C5' : true,
-  'CF19B1004488D5D9C882E2C4D0A47789618E0BCD6475F6D9C6B5591C2BF333C9' : true,
-  'CF3457D98980F7909742C974AE4EEABF2007967D9870705867C18A5B47CEB2B4' : true,
-  'D010B9708329342E43370125857DBFD443ABC95CF5778898A7343E5F1C61F4E9' : true,
-  'D0927B6D60E3441E11D75A8FD593A38665AA7D211F691BDA3D0E815EBE303C25' : true,
-  'D0ADA8B3F0D09BD13AE5877B5E448C18376D129F92DCF2D4F1BB182725A62D3D' : true,
-  'D18241A820196F4910694FBB37556273E54236F41FD53B3AF75B6C6430D93B15' : true,
-  'D1B116326075EB6F65C4F8F8E6742B639DB23B56CD8420F42F8219CE615303C7' : true,
-  'D1C4E4D1F014FB8F889F45AFA39485BE742F64268C662BB28494855E393ADE96' : true,
-  'D1C684802932EB8EBBFA0DBD55EFA5345AB3A928653CC222D548CD29D91EEBFE' : true,
-  'D249C8E95880A20CAEEFADA9A9B8E80386234DBCA6D990E78CE574B430C0E6A2' : true,
-  'D2D9C57B19EABF7A90BCB421283733EABE5ECC6311B1D05089D4F4251D157E3D' : true,
-  'D3525FAE9E537DD0A56F0311A27A603C422DB0376928C707A12A1E3785F2BEE7' : true,
-  'D387A162888C2556F1D3B9A73201A8608A57085E1115214BD2588F315B89776A' : true,
-  'D41844AFC9E00E17DC87F0ED1AE4A0559C418770A4FD7033E3D9A9997C5E204E' : true,
-  'D4374D2DC334055205B79A4327686F87379C4D610595EABB64DD0F0665051227' : true,
-  'D44D1A7D80BD2F9B4A62E11BFEBBB74A5780B0366CB6038CEC9FBC8C8E19439A' : true,
-  'D53C334638CE54CB75DAA15D1AAAAD70081C9A52A2393DFC79E9C3A92D54F4D6' : true,
-  'D5D9E3A7DAB437D5F8967A307F6BEDD3B2AEFCF59B229BA649C4E549F01668B5' : true,
-  'D5E62D9B8F9EB17D8BA84646BC72AE6271E24D0C7787D302965A92ABAEDEE2FB' : true,
-  'D6061064FEC9DF923123EDB3050700BE1532B68D9FC12FAECABB9FA82CE2B887' : true,
-  'D6200C1744EDDC3BA40857A1089A20F7E86EC3B29FF413CA2BE49C060A79D19C' : true,
-  'D63DF52A3A887D35ED58C64463BF73252738FDDFD73E0F8B378E318AD3057D36' : true,
-  'D646154250C7883E951B03FBBE9EF7D3D00E74D60281FC82876A913A23AACB1B' : true,
-  'D7266CBBD307F97B7284312CD4C2A5BADA7D4EB123237EFA43E55D8D2F5B16A6' : true,
-  'D7632272521683A38E88A18C2CC6AED79B2C5E854483BDB6EE83D82BF41B96CA' : true,
-  'D77C2904CEF8726B748EE36E43BE65BDBD12FC48E4A4ECA4885537745B0BFD15' : true,
-  'D77D31A02283F81A4E64F7512C59BD71FF603FED5EC57F24F0A240F04B846999' : true,
-  'D782121A27D3EFEBF791EFE34D5A81385358DA939F5DEB17530252BFBC8E2F02' : true,
-  'D78220C9BDCD563F71BD8139B40A495879DAE9FB1968AE3225BD0D04DAF294BF' : true,
-  'D796DA6F4413295EF05E79C798E92CF8A6AE172A091C862D7176384D520BA2FA' : true,
-  'D7AAAAD6062EBEE0C1932945FD7ABC017F7FCAFD842BB5346E987F38C33EA678' : true,
-  'D7D1D7F326D3DE85FC1DFA7F45F9D5A3C64473B37143EB09DA66CE56F6258FCE' : true,
-  'D82602A79F22AF46AD32D0AD123D30464371FFCB7A8AFB8C51A74841463A20FF' : true,
-  'D82D68EAF052A2FB2F9324E8333D055A0B91AB07E22F15A25D43259CB98EFF57' : true,
-  'D86562629BA86C435C0965C4AC302160729F27804FEBA36E211F96CDEFB5DF8E' : true,
-  'D86996C0C019AAD9DF5531836BC48F54427021AB8E24BA1AD073895574A143FA' : true,
-  'D86CF2095E0D6C3DE32E728124623D29F7D2CC28669AF2E1794255D675B3474B' : true,
-  'D89FF0FA7A1E02ADC96283A27F9A7D875AEF9592518B3369AC790236A51211CD' : true,
-  'D8AA8D8A7A48ACCB4C1B7E6C2228B7BFBC297EAFAB1315643744E3EE4DFA7E6C' : true,
-  'D9065B6D9F7F27507D51170FB465FA6250DF528EC38BB46DAD0311C1DF63ACA1' : true,
-  'D9259A35701E881FD41A9939C4AB82EDAA83A18D1ABCBBBF8329FC6850A0C6DD' : true,
-  'D94290750677E2B5ECE7C2DC41AD4618C6995F173EC44DF80B23CC0E333EA654' : true,
-  'D9FDB29EF83808BC82A97839FB2F22C2D20DAB2E6B67BF5862C8922BB1FA9068' : true,
-  'DA5D20F1A6CF6CEC3AA7028A6E17D8F2E1A60069E497758B0CC938C08F4E76BC' : true,
-  'DAA384D0D2A94A18A14E3DDF7A963E59BE41C06B978F3DC8862E1EE6C8E76DD0' : true,
-  'DACA572539398A22DF7049B23BA3E59DAD6F34A44ED7D5E275457D9F79B880A8' : true,
-  'DADD1B4DC65D1DE3D13B18DEA58D61BA3449CE45E1C5176509B8A3B197A09618' : true,
-  'DB54ABB14B79069CAA8BE0A4AF8F5C97B27B6E674E3CB8DA132C1EE2902DBDEC' : true,
-  'DB995D854C4EDEF4DB5CCF20B2B30719056F3EDAA0CCF4B9D9C5C898407C5C7A' : true,
-  'DBBF19EB75C47A8473F59CE4B2A318B493EEFEE4B6719BDF40FAB2E81D9DB2D9' : true,
-  'DC5FA206BA63F5157E68208A383EF3A2D56EED879713602BB364A5A2A243A722' : true,
-  'DC90A8BEF7B1C62F9E4B3D3345665DBB5D6CB46077F5E7ED0628A5C0E3DFB742' : true,
-  'DCBC478CD6F43B2AF0C5974AA7B183F3487EF756F79BF4138288C4C207CFDD4A' : true,
-  'DCC87ABAA2524536C43A280BC52710BF117E56EBB39444873F93AEF18519A502' : true,
-  'DCCFAA33D28DE7243AB2C1514FF36012E967B0C0C6E62E940325CFCE982BFC23' : true,
-  'DD5A1FC87107218C43D2C1C73075C5506D6901CE1289F86DC0162E6BBB80B84C' : true,
-  'DD79B321EF333A6C39D48DB57DC5A138F023A111D56851CD4CBC8EB1BD094893' : true,
-  'DD7B5992561C1F706A82F7D9318E45DCB1CF508A564263893350E2D3CBC41241' : true,
-  'DDB4149166CCAC259D826E4E6649B5F59DB8DE3A2ABE0D0CA88F192AC891B331' : true,
-  'DDCA271FAF2837CD14B62951B3CBCB5BEBC264BF6C813019BC1091D8CB425F2C' : true,
-  'DDCA648AB82DF2A942AAD4B384839255D5D98ABEAFB602B2BBA2F4B115072EDC' : true,
-  'DE65D592D65A64794CCF2911A10DB5DB27C28E6C88BBBF75B75FCBC2CAF5A02A' : true,
-  'DEEBA70EA985BD2637FA63B79F69B0EEE5D261E95E3699B97855296B23D82C3D' : true,
-  'DF32CD36F2BAE47DB4BDD2610D77629F44819723F9BA4FCFF6CC7F6E5709FFFD' : true,
-  'DF4482289B54CB444569A5436AEEBEBFB348D966D2FBC8C5115376F3E5496303' : true,
-  'DF464344337A60D78868FE886F92848BFF8713D641C9AC5EBA29524842656CCA' : true,
-  'E06707F7CA1E65B0B452A3D09CBB61FD055BD338F0A358B4D27403451B0E3B1B' : true,
-  'E0BD7FDC3544BBBF78F401148ADE378A4A85214C0469EDD5EC23C5246A6F5555' : true,
-  'E0EFCF7FC7033248F1933BE975F931485787F32928E47DABAC84FEC9D7365CFB' : true,
-  'E131F4E38AE499C92E90E6B52F2A2959C457039C00FFBEDC54F8E634718A2FBD' : true,
-  'E141FC9E4CCAD241F40BB3FBEC1A8EA8C8DFC56E32528EF68A9A33F6CFB844E3' : true,
-  'E18545BD6D070F0C6AFE93153C190792C4921FC90953FAA775E351B1FB1BCC44' : true,
-  'E26F4C34273553354334DC7A22DC56A781F2491181799287CC91F12871FEB50D' : true,
-  'E27966B8B9C67C751F9AB8315D0BD1CEE334D96A8C5F60C764070EF8B8FCE61A' : true,
-  'E2C0F7B8612401A2E50A7CC84DF8FFC78D54272CDB2CCD0376A4BAF9264940A3' : true,
-  'E2C42D4BD3807D802CE3B9EBC6FACC04E34EF327F4BBEC1C7A48618A1271F5E4' : true,
-  'E2FC1229FE0EDF06A3706DB8DBD2344B61A9364840A3E61E6B29CE49A966AC8F' : true,
-  'E315468836F77DF6AA146AF392C5DB7262A83AA83FD7CD75771C70D29C3F16CB' : true,
-  'E381DF6792973BFE322D23C6CF2A6C24A4ECFC77F43F03D2FC04EE39FAD7C683' : true,
-  'E3EADC69740DF00FD147B0718CB1063D7E90E172E196C96956920235CF9DB382' : true,
-  'E3FFE980C209BCBE10F594806CAA472BA2D4702F6E2549AEB86DC52B46DCF773' : true,
-  'E47E188C00A2D2AF624B01A1E52AD2618C0ED598EA643C1F0CE4C5297B3649DB' : true,
-  'E4A79C0CBC9966A44EC1185DD6E66371FF395D0FAC53C1FD2619B02F6ACC9C6D' : true,
-  'E4F069C24D7162E3C94AB295EA33C8926BDDF79934CA28D8982A35650EB60B05' : true,
-  'E50C2EC0BA6891F60BB325C0762AB06271161EFA9E0B2ADD50FF520128092FBF' : true,
-  'E556C54852E6E0E61097B2A34DDCB87F12EF74CA847CE07C4CAD2348FF41D3E5' : true,
-  'E5E046397DC23925AB8CAD7CB66E2A12EBD989350CE41F89EED455248A109098' : true,
-  'E5FB4DB1871BDADEE779D366E7BD007F7A963FBCB00B90EC14C8077477E436AD' : true,
-  'E62CB2C9DEDF84514D7B8F31C2388555F2B768116D1813EA97FC6C00F715AE02' : true,
-  'E68C4E54088AD4A308EC6053041A4A8B04A213347BAE2CE86D3F1587B1518981' : true,
-  'E692108B3683F3C6362DF92476D62BAE60687035B70B9119F962190C9C215B04' : true,
-  'E6A029856494D7FE48E048D60E7BDE80D2B6217FF084F64A929056E166F479C2' : true,
-  'E6A6EDA8D60BE3C0A5A19631D1BC3262EDABEBFCD0144F3D19513C8F6342CD12' : true,
-  'E6EB9DC7D407B4A2F308B4822E5BEA7428CD4520C59934214831D61E95F2BA34' : true,
-  'E70FC0431E5B6632A30C04F99A4E0E55C860187A04CCCDA4FDC08E926E94964D' : true,
-  'E7CF336F6E4E8CC153474F240D9238D41091EBA635F25CDAFCFCFC3AF2A6BA43' : true,
-  'E80FA3BD00D99AF27B013B520D3CEB1A8DF8BE355EC971F08B4AE44FFCE44147' : true,
-  'E827A539BF87598F48DFEE077DC7768D19E88426AD9E91375DF32F0F944F2010' : true,
-  'E83B3C3A3EAA32F6C60BE4D4DA918AA4A5432FF3380D4886C2844D69094EC571' : true,
-  'E893B898F708775C51A0A60748972C53C4B62787A591B96EFBF8CE28E29E87D8' : true,
-  'E8AD1B8DA833226A37C21D1608E0DBA8C758EED7A943EDF323ACBB779E227C86' : true,
-  'E9A176C583F8B5522A9A86B6A4409AFAF614D6A7650A5D6C32E4499319F5280B' : true,
-  'E9A1ED503AF06DB86725A61A05DA4E121443B85923A0830BEB83FE6973D6C1EE' : true,
-  'E9BB3A11B595B1D403FE21DF47A3A4EB4CF43ED49259DA83FB0FAAEC048422D7' : true,
-  'E9DDA8C162F91A7D746A5567060DD636491C8C1441697B600F56C00FE73AC594' : true,
-  'EA6973A28807C80D7558B7636F875574C9FAD887BACF23B0F686A61C26EDBFA7' : true,
-  'EA9369F9AEF701B1F9699363254A2AE007F47AA824AECE077B82F1C0B6A69197' : true,
-  'EB11019A7642C75F4DDC1DC9CF3B469BFB4C44B71C615693C73175F16DCA036C' : true,
-  'EB26A8A870A888295A366493B26917B9D9618E0FBC13CBB02CA8E180A5B7A8B7' : true,
-  'EB41E514913E175F693EEA9EE3202E59EB9C450769C55BAA30C121C2A9E468C4' : true,
-  'EB5F60FED8FCE35455A15B9A8E9E200FCF1B8B5B278D1511C8C5EE67BD99FB46' : true,
-  'EBB8403BAC78C842A81201893DC86184BE82BC2BFEC8A51748651F938F4051B0' : true,
-  'EBC9928117D91D999CC375930982E891C5DC4F9E02A3960FE692DAB13D96ADA5' : true,
-  'EC3097F047F40894368CA744A97CBB177C1122963AFF3D958DDBAC299F793E71' : true,
-  'EC4FC179A9A40EBCF5F9508C94C0209D9C28ABFB21EE932FE11BC87F2887C490' : true,
-  'EC869ABCCE3A1C036F1AFABE5ECD4FDA581D16C0E81E16A2734E6004A55896BC' : true,
-  'ECA27FBA9090EAD50CEE16362AB7462FBD060DF8B4BE27C107328E49214D6758' : true,
-  'ECA4B72D4C90C2889F21F4084AE4CB53F5B8EA5D147529B0CF72D3A9093532B4' : true,
-  'ED310E1BAEB1759D2AEC00BCDE6D9A86DFA33B17563EB5105585F15327831032' : true,
-  'ED4960F15A8193849C5C2AC2285D218C7FBF0697FF46A958341F2980137F6700' : true,
-  'EE82E118167C83EC466137DE867DF824A5063074FC61CD164D21F26976741A2E' : true,
-  'EF162B09A3D267BB7B8C79D44D06A7AF21EF260518D0EF3A8CFA1730D7B89231' : true,
-  'EF55226DCFD0FA606BFD3496633BFCBC146925B2D6685AB4875E142D79233600' : true,
-  'EFBA99859B7F905F7A48954F12D88494E408EA444CA3B4FAB5E5FF37EC395576' : true,
-  'F010781D39EBF1A76700CA71DB56877685A52CEC2E7250D2C5684AF659887AC8' : true,
-  'F055D488944F4779BE3F17FBEAD728843701CE6598D01286AA1D525F26AEDAAB' : true,
-  'F07E7F2A7106743D8C1FF2E201F944E3227363968C5A0AE31112473B93BACC7B' : true,
-  'F0A9E452CB90B0B6C50FB794AAE7ECBF5E56801A10124C95292B28592FA9B003' : true,
-  'F0FD8D8E64636B1A1CC2557C50DBADE7A1F0536B905F5FFC06AFEF630AB9A40B' : true,
-  'F1C66D3A1C4917A59AF8ADC68A0722F7193D345BD978BA00FF669E7948D44F29' : true,
-  'F205928C933AFF1F1A6411AB779CFAE3FAAF43754AB86735DB52F74DB1DA81D2' : true,
-  'F233DDE8F7165F2D7AA4E736E6FE1F913570FA7CA3E3C134EFD22D5F303075DE' : true,
-  'F239A3C63AD2FAF6C5962868BBA5925DE8A00C5FD43A83C783C0C5D1079A8BCE' : true,
-  'F2835EDF2E61A29F9E62FEF97476165D5FF40E553A2A4F955EDE30C0A5149E12' : true,
-  'F28F54684E233C9EEC646C6E1336E33684DA3732ECBEEDB2A606E09DD29801FA' : true,
-  'F2C91876EDB36EAD7E4821C2A6581144F1E5A67B2DEF4A5E4AFDF79F5E1CC4D7' : true,
-  'F2F7938B7E294F17565B2833CC2E0A657DA80A237814C24B5C0AAAF35C4608F8' : true,
-  'F3160DD030C118B5D5835743E78CCADD0620E5C08460E0CD1F5D9D437352105B' : true,
-  'F319741878D155ED3E5DD4955A82B842700A64D86AB782B511F0CB9B25C48AFA' : true,
-  'F3A6A1A957C3BC86EFB3772C6153D97C33B908124CA58480AD1F62C54CD89013' : true,
-  'F3D202454336E948C83BCA2342C4D1A0DBB4335E829229BEAE04B4125F0D508E' : true,
-  'F3F90821BD1454FC7AC92F768D2C9F75B5CD79FF4DD3251F4B9D647D34024F73' : true,
-  'F456775CCC8DEC02CF2F92A48101E18EBCC9C880D41FA87EBE5E2EAA0E24620D' : true,
-  'F460158348B017310570CAB302E33DD12FF72526698115EEE8D3DE318383ED9C' : true,
-  'F47CA7623AEE6A1849B4F3F90818A93AA937A0EFA65D6674EA769BD7EC113BF8' : true,
-  'F48CB2C1C2551290BA59502BBFCEC7BF137B5176967BB92B38E79D4EAA63B7E0' : true,
-  'F4AD6AEF9BCAC58CF21EA81D65C3B8C85CBC9BCF6A2807FB0C5CD332C5F9BF49' : true,
-  'F4C119D9DB2CD569E75B9B1F0884B990575EFD920E8C62177990AE650B7AA274' : true,
-  'F4DD9346FC095DED0E4014722A90868202F9241E983F680AD69205E77DCB01ED' : true,
-  'F4EDB536BE8520B583202E17C56768579613187741195347DDB9BCE3AE2D5150' : true,
-  'F5B52148D7155BEE637459A918CE58D22D4E024FB715325FC1B36DA4C6255357' : true,
-  'F5DBA16527D871BEFEEAE706C232AD0B76FA1384EFB86A844C7BA46B96917B9D' : true,
-  'F5EB7AFA398131FF3966EE221B9C8F332BEFCB634D42631E349AC0BCF367E920' : true,
-  'F5F8E7786E1F61643C7D2805D86031E5C4CC97AE93FC3785FE289FBC44C381E4' : true,
-  'F66ABF80914FBDBE53F794409F4E0DC895129066609E8B491506FCE246A2EEB8' : true,
-  'F6A08E63AF8E62D51930BCE0FA7CF25DD2944512652EFA275E150EDD9C11CF51' : true,
-  'F6A7FA219283E5B13E256B4E039E4CCD93CB72B84D84086E398D5534ECA42DFE' : true,
-  'F74D9E23F4CB53775CA60178347F2A029F77579000B21AA08EC62A1C2932348A' : true,
-  'F754352E819D0C33E6CFC06EECBB4356DB5D8BD1FD2591C7C817CCE662BE2BC4' : true,
-  'F77AF5088D4EB425ADC0997C059C641EFB5AE2CAC73669EBAEEA378EDA383186' : true,
-  'F7A57247F89F0C50879598293BB33B7AFF5FB74BCE37BF7B53F8955CEFBB9511' : true,
-  'F7B593D9277B72E9CF376EAC2BD5535F76CD9FA0FDA3793D7EA6B4D050602E85' : true,
-  'F7FC63254BF2472575C6D5DEC8DDF02B24B6F1BDCE03D807B159A69820262D4A' : true,
-  'F823D6220F702D0547375FC4451FE27A91F0CE2AF9DA31552235F96CBBA56326' : true,
-  'F82E01B697453BD37AD7012E267DC78395DF3DF4BFB0B1657F58256616F9B355' : true,
-  'F8434B1782EC41F184305BD75BB3C0206721BC6CAD62442377072C06101B70DE' : true,
-  'F88D1DF97289C9ED7E062D4E4B2B2463F90946DAC91785A6FA02F2599D7FE65C' : true,
-  'F8E68F837C3E9452994FD6BF08F02D12D087BF6D44137BA37F72E408620F558B' : true,
-  'F9971BA9EA322BB3FCB85111FED48B9CC1C9788D7BC6985E3CCE4BB7801B0DCC' : true,
-  'F9D5CC6DF4DA5D7B237C07578FD0C48108FFD5E5B21F24CD46FB8CCB8B960671' : true,
-  'FADEBB24D23CEE1E8B02430C31A939E14821E9567A25367303F20F74879AB51C' : true,
-  'FB674F1642EE443BBB827B29FD871CC110D77875884B1B050FC804D2884B2B3A' : true,
-  'FB6814C66D6DDA2F348BF759398AB81F7795CA223F8AE9C0D82CA295162F68AD' : true,
-  'FB7B1676A5C0FABF7EEFA6815A78647C0985AEAE4F6864E905D27059DE252BF7' : true,
-  'FB7EF701469F77B6412100BB2D6399B1A574BB9610186FFFCC0119E14CB2021F' : true,
-  'FBCC79E05CC135E183F4963C2A206F9DFDBC2DD0D379A743D5FB301741796921' : true,
-  'FC2DA5A38AD07685CC019C7C388A396159FBAEF9EA491588FC995DBDF52A0B9C' : true,
-  'FCF4BA663F0032118EADF9D327B65AB502C7A8B336462A397238884E9A28508E' : true,
-  'FD3D5A1DEF394401B5387159AECA13C43342505D4BFAF2DABBADE1E801890363' : true,
-  'FD87C175594ABB82818D5CFEE506105069ECE5D5A499CFAD2E6376A88BAEB15D' : true,
-  'FD8B1849A13BBD87D072F9D09506C90C0F29D7CCBD2B6446AD31335348AF9294' : true,
-  'FD9DD5B7112851DFAA9AB9B451E38BBBC86D3A2463DBE0E51297A691724DE75F' : true,
-  'FDEE85771EF592A9E5F47D08250AFCBC73DCE96A72418B2848AE400F3CF59341' : true,
-  'FE5DBE234A59B532A12BD552A36DB75AD21EF243C48C61849A0F93AF314C5896' : true,
-  'FEB92F19B7394B8BF0FF71AEFD233E262AB656BDD531AD89FBEB9228C5378301' : true,
-  'FEE181302E80BF6B40A6B3DFF5290C4A425134BE686480E7FD755E32BAD6B4F3' : true,
-  'FEFEF80071B0D8E2B57D6601BB353A435A425EAA701827370C3585CE09F2CE50' : true,
-  'FF19126728541443A82A9C9A0E9F773BABF83B6BFFB09F82E4D9B79F6E3C4EB4' : true,
-  'FF769AAD90F56FB48D6C6CFCC86E38F9CBC6DB23774342892AFD4680ED3560FB' : true,
-} ;
diff --git a/src/chrome/content/code/sha256.js b/src/chrome/content/code/sha256.js
deleted file mode 100644
index 7e15f1af10d0..000000000000
--- a/src/chrome/content/code/sha256.js
+++ /dev/null
@@ -1,249 +0,0 @@
-/*
- * A JavaScript implementation of the SHA256 hash function.
- *
- * FILE:sha256.js
- * VERSION:0.8
- * AUTHOR:Christoph Bichlmeier <informatik@zombiearena.de>
- *
- * NOTE: This version is not tested thoroughly!
- *
- * Copyright (c) 2003, Christoph Bichlmeier
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. Neither the name of the copyright holder nor the names of contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * ======================================================================
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS
- * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
- * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
- * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
- * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/* SHA256 logical functions */
-function rotateRight(n,x) {
-    return ((x >>> n) | (x << (32 - n)));
-}
-function choice(x,y,z) {
-    return ((x & y) ^ (~x & z));
-}
-function majority(x,y,z) {
-    return ((x & y) ^ (x & z) ^ (y & z));
-}
-function sha256_Sigma0(x) {
-    return (rotateRight(2, x) ^ rotateRight(13, x) ^ rotateRight(22, x));
-}
-function sha256_Sigma1(x) {
-    return (rotateRight(6, x) ^ rotateRight(11, x) ^ rotateRight(25, x));
-}
-function sha256_sigma0(x) {
-    return (rotateRight(7, x) ^ rotateRight(18, x) ^ (x >>> 3));
-}
-function sha256_sigma1(x) {
-    return (rotateRight(17, x) ^ rotateRight(19, x) ^ (x >>> 10));
-}
-function sha256_expand(W, j) {
-    return (W[j&0x0f] += sha256_sigma1(W[(j+14)&0x0f]) + W[(j+9)&0x0f] + 
-	    sha256_sigma0(W[(j+1)&0x0f]));
-}
-
-/* Hash constant words K: */
-var K256 = new Array(
-		     0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5,
-		     0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
-		     0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,
-		     0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
-		     0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc,
-		     0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
-		     0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7,
-		     0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
-		     0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13,
-		     0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
-		     0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3,
-		     0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
-		     0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5,
-		     0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
-		     0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208,
-		     0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
-		     );
-
-/* global arrays */
-var ihash, count, buffer;
-var sha256_hex_digits = "0123456789abcdef";
-
-/* Add 32-bit integers with 16-bit operations (bug in some JS-interpreters: 
-   overflow) */
-function safe_add(x, y)
-{
-    var lsw = (x & 0xffff) + (y & 0xffff);
-    var msw = (x >> 16) + (y >> 16) + (lsw >> 16);
-    return (msw << 16) | (lsw & 0xffff);
-}
-
-/* Initialise the SHA256 computation */
-function sha256_init() {
-    ihash = new Array(8);
-    count = new Array(2);
-    buffer = new Array(64);
-    count[0] = count[1] = 0;
-    ihash[0] = 0x6a09e667;
-    ihash[1] = 0xbb67ae85;
-    ihash[2] = 0x3c6ef372;
-    ihash[3] = 0xa54ff53a;
-    ihash[4] = 0x510e527f;
-    ihash[5] = 0x9b05688c;
-    ihash[6] = 0x1f83d9ab;
-    ihash[7] = 0x5be0cd19;
-}
-
-/* Transform a 512-bit message block */
-function sha256_transform() {
-    var a, b, c, d, e, f, g, h, T1, T2;
-    var W = new Array(16);
-
-    /* Initialize registers with the previous intermediate value */
-    a = ihash[0];
-    b = ihash[1];
-    c = ihash[2];
-    d = ihash[3];
-    e = ihash[4];
-    f = ihash[5];
-    g = ihash[6];
-    h = ihash[7];
-
-    /* make 32-bit words */
-    for(var i=0; i<16; i++)
-	W[i] = ((buffer[(i<<2)+3]) | (buffer[(i<<2)+2] << 8) | (buffer[(i<<2)+1] 
-								<< 16) | (buffer[i<<2] << 24));
-
-    for(var j=0; j<64; j++) {
-	T1 = h + sha256_Sigma1(e) + choice(e, f, g) + K256[j];
-	if(j < 16) T1 += W[j];
-	else T1 += sha256_expand(W, j);
-	T2 = sha256_Sigma0(a) + majority(a, b, c);
-	h = g;
-	g = f;
-	f = e;
-	e = safe_add(d, T1);
-	d = c;
-	c = b;
-	b = a;
-	a = safe_add(T1, T2);
-    }
-
-    /* Compute the current intermediate hash value */
-    ihash[0] += a;
-    ihash[1] += b;
-    ihash[2] += c;
-    ihash[3] += d;
-    ihash[4] += e;
-    ihash[5] += f;
-    ihash[6] += g;
-    ihash[7] += h;
-}
-
-/* Read the next chunk of data and update the SHA256 computation */
-function sha256_update(data, inputLen) {
-    var i, index, curpos = 0;
-    /* Compute number of bytes mod 64 */
-    index = ((count[0] >> 3) & 0x3f);
-    var remainder = (inputLen & 0x3f);
-
-    /* Update number of bits */
-    if ((count[0] += (inputLen << 3)) < (inputLen << 3)) count[1]++;
-    count[1] += (inputLen >> 29);
-
-    /* Transform as many times as possible */
-    for(i=0; i+63<inputLen; i+=64) {
-	for(var j=index; j<64; j++)
-	    buffer[j] = data.charCodeAt(curpos++);
-	sha256_transform();
-	index = 0;
-    }
-
-    /* Buffer remaining input */
-    for(var j=0; j<remainder; j++)
-	buffer[j] = data.charCodeAt(curpos++);
-}
-
-/* Finish the computation by operations such as padding */
-function sha256_final() {
-    var index = ((count[0] >> 3) & 0x3f);
-    buffer[index++] = 0x80;
-    if(index <= 56) {
-	for(var i=index; i<56; i++)
-	    buffer[i] = 0;
-    } else {
-	for(var i=index; i<64; i++)
-	    buffer[i] = 0;
-	sha256_transform();
-	for(var i=0; i<56; i++)
-	    buffer[i] = 0;
-    }
-    buffer[56] = (count[1] >>> 24) & 0xff;
-    buffer[57] = (count[1] >>> 16) & 0xff;
-    buffer[58] = (count[1] >>> 8) & 0xff;
-    buffer[59] = count[1] & 0xff;
-    buffer[60] = (count[0] >>> 24) & 0xff;
-    buffer[61] = (count[0] >>> 16) & 0xff;
-    buffer[62] = (count[0] >>> 8) & 0xff;
-    buffer[63] = count[0] & 0xff;
-    sha256_transform();
-}
-
-/* Split the internal hash values into an array of bytes */
-function sha256_encode_bytes() {
-    var j=0;
-    var output = new Array(32);
-    for(var i=0; i<8; i++) {
-	output[j++] = ((ihash[i] >>> 24) & 0xff);
-	output[j++] = ((ihash[i] >>> 16) & 0xff);
-	output[j++] = ((ihash[i] >>> 8) & 0xff);
-	output[j++] = (ihash[i] & 0xff);
-    }
-    return output;
-}
-
-/* Get the internal hash as a hex string */
-function sha256_encode_hex() {
-    var output = new String();
-    for(var i=0; i<8; i++) {
-	for(var j=28; j>=0; j-=4)
-	    output += sha256_hex_digits.charAt((ihash[i] >>> j) & 0x0f);
-    }
-    return output;
-}
-
-/* Main function: returns a hex string representing the SHA256 value of the 
-   given data */
-function sha256_digest(data) {
-    sha256_init();
-    sha256_update(data, data.length);
-    sha256_final();
-    return sha256_encode_hex();
-}
-
-/* test if the JS-interpreter is working properly */
-function sha256_self_test()
-{
-    return sha256_digest("message digest") == 
-	"f7846f55cf23e14eebeab5b4e1550cad5b509e3348fbc4efa3a1413d393cb650";
-}
-
diff --git a/src/chrome/content/dev-popup.css b/src/chrome/content/dev-popup.css
deleted file mode 100644
index c5eb4a7f081d..000000000000
--- a/src/chrome/content/dev-popup.css
+++ /dev/null
@@ -1,19 +0,0 @@
-#dev-popup-dialog {
-  padding: 20px;
-}
-#wrapper {
-  background-color: #ffffff;
-  margin: 0 auto;
-  max-width: 700px;
-  padding: 20px;
-}
-#paragraph1, #paragraph2 {
-  font-size: 1.2em;
-  text-align: center;
-}
-button {
-  font-size: 1.2em;
-}
-button#revert-to-stable {
-  font-weight: bold;
-}
diff --git a/src/chrome/content/dev-popup.js b/src/chrome/content/dev-popup.js
deleted file mode 100644
index eb3fb8f83e2a..000000000000
--- a/src/chrome/content/dev-popup.js
+++ /dev/null
@@ -1,36 +0,0 @@
-const CI = Components.interfaces;
-const CC = Components.classes;
-
-// LOG LEVELS ---
-VERB=1;
-DBUG=2;
-INFO=3;
-NOTE=4;
-WARN=5;
-
-HTTPSEverywhere = CC["@eff.org/https-everywhere;1"]
-                      .getService(Components.interfaces.nsISupports)
-                      .wrappedJSObject;
-
-function dev_popup_done() {
-  HTTPSEverywhere.prefs.setBoolPref("dev_popup_shown", true);
-  window.close();
-}
-
-function handle_dev_popup_error() {
-  alert("OOPS! Automatic download failed; please go to https://www.eff.org/https-everywhere instead.");
-}
-
-function download_stable() {
-  try {
-    var tab = HTTPSEverywhere.tab_opener("https://www.eff.org/https-everywhere");
-    setTimeout(function(){
-      openUILinkIn("https://www.eff.org/files/https-everywhere-latest.xpi", 'current');
-      window.close();
-    }, 500);
-  } catch(e) {
-    handle_dev_popup_error();
-  } finally {
-    HTTPSEverywhere.prefs.setBoolPref("dev_popup_shown", true);
-  }
-}
diff --git a/src/chrome/content/dev-popup.xul b/src/chrome/content/dev-popup.xul
deleted file mode 100644
index f8f21be4f323..000000000000
--- a/src/chrome/content/dev-popup.xul
+++ /dev/null
@@ -1,44 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<?xml-stylesheet href="chrome://global/skin/" type="text/css"?>
-<?xml-stylesheet href="dev-popup.css" type="text/css"?>
-<!DOCTYPE window SYSTEM "chrome://https-everywhere/locale/https-everywhere.dtd">
-<window id="dev-popup-dialog" 
-  xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul" 
-  xmlns:html="http://www.w3.org/1999/xhtml" 
-  title="&https-everywhere.popup.title;" 
-  width="500" 
-  height="440" 
-  align="center"
-  onload="document.getElementById('keep-on-dev').focus()"
-  >
-    <html:div id="wrapper">
-        <image src="chrome://https-everywhere/skin/https-everywhere-banner.jpg" />
-        <script type="application/x-javascript" src="chrome://browser/content/utilityOverlay.js" />
-        <script type="application/x-javascript" src="dev-popup.js" />
-
-        <commandgroup>
-          <command id="revert" oncommand="download_stable();" />
-          <command id="keep" oncommand="dev_popup_done()" />
-        </commandgroup>
-
-        <vbox flex="1">
-          <separator class="thin"/>
-          <label id="paragraph1">&https-everywhere.popup.paragraph1;</label>
-          <separator class="thin"/>
-          <label id="paragraph2">&https-everywhere.popup.paragraph2;</label>
-          <separator class="thin"/>
-          <hbox>
-            <spacer flex="1" />
-            <button id="revert-to-stable" label="&https-everywhere.popup.revert;"
-                tabindex="1"
-                command='revert' />
-            <button id="keep-on-dev" label="&https-everywhere.popup.keep;" 
-                tabindex="2" 
-                command='keep'/>
-            <spacer flex="1" />
-          </hbox>
-          <separator class="thick"/>
-          <label id="paragraph3">&https-everywhere.popup.paragraph3;</label>
-        </vbox>
-    </html:div>
-</window>
diff --git a/src/chrome/content/fetch-source.js b/src/chrome/content/fetch-source.js
deleted file mode 100644
index a0220c82c3c2..000000000000
--- a/src/chrome/content/fetch-source.js
+++ /dev/null
@@ -1,161 +0,0 @@
-/* vim: set expandtab tabstop=2 shiftwidth=2 softtabstop=2 foldmethod=marker: */
-
-/**
- * HTTPS Everywhere Firefox Extension: https://www.eff.org/https-everywhere/
- *
- * Licensed under the GPL v3+.
- * 
- * @copyright Copyright (C) 2010-2013 Mike Perry <mikeperry@fscked.org> 
- *                                    Peter Eckersley <pde@eff.org>
- *                                    and many others.
- */
-
-// Define https everywhere variable object that will act as a namespace, so that 
-// global namespace pollution is avoided, although technically not required for
-// windows created by add-on.
-// See: https://developer.mozilla.org/en-US/docs/Security_best_practices_in_extensions#Code_wrapping
-if (!httpsEverywhere) { var httpsEverywhere = {}; }
-
-/**
- * JS Object for fetching the XML source of rulesets.
- *
- * @author Pavel Kazakov <nullishzero@gmail.com>
- */
-httpsEverywhere.fetchSource = {
-  // TODO: look into class constants
-  CC: Components.classes,
-  CI: Components.interfaces,
-
-  // Constants for generating URL from which source will be fetched 
-  BASE_SITE: 'https://gitweb.torproject.org/https-everywhere.git/blob_plain/',
-  DIRECTORY: '/src/chrome/content/rules/',
-  HEAD_STRING: 'HEAD',
-
-  /**
-   * Initializes the window to view source. 
-   */
-  init: function() {
-    var fs = httpsEverywhere.fetchSource;
-
-    if("arguments" in window && window.arguments.length > 0) {
-      var filename = window.arguments[0].xmlName;
-      var id = window.arguments[0].GITCommitID; //GIT commit ID
-      var URL = fs.getURL(filename, id);
-      var source = fs.getSource(URL, filename, false);
-    } else {
-      // Should never happen
-      throw 'Invalid window arguments.';
-    }
-  },
-
-  /**
-   * Generates a URL that can be used for viewing the ruleset source.
-   *
-   * @param filename    name of ruleset to view, such as EFF.xml
-   * @param GITCommitID revision of ruleset
-   * 
-   * @return string of URL
-   */
-  getURL: function(filename, GITCommitID) {
-    var fs = httpsEverywhere.fetchSource;
-    return fs.BASE_SITE + GITCommitID + ":" + fs.DIRECTORY + filename;
-  },
-
-  /**
-   * Sends HTTP request to view ruleset source and updates the window with the 
-   * ruleset source.
-   * 
-   * @param URL      HTTP request will be sent to this URL
-   * @param filename used for displaying ruleset source
-   * @param useHead  whether send request to latest revision of ruleset
-   */
-  getSource: function(URL, filename, useHead) {
-    var fs = httpsEverywhere.fetchSource;
-    fs.setFilenameText(filename);
-    fs.setPathText(URL);
-
-    var req = fs.CC["@mozilla.org/xmlextras/xmlhttprequest;1"]
-      .createInstance(fs.CI.nsIXMLHttpRequest);
-
-    // Use HTTP GET
-    req.open("GET", URL);
-
-    // Clear User-Agent so request is pseudo-anonymous
-    req.setRequestHeader("User-Agent", "");
-
-    // handle asynchronous request
-    req.onreadystatechange = function(params) {
-      if (req.readyState == 4) {
-        
-        // HTTP Request was successful
-        if (req.status == 200) {
-          fs.setSourceText(req.responseText);
-        } else if (!useHead) {
-          // HTTP request was not successful and the request wasn't sent to 
-          // get the latest revision. Therefore, if we can't fetch current 
-          // revision (this project's revision might newer than lastest, for 
-          // example), try to at least display the latest revision.
-          var URL = fs.getURL(filename, fs.HEAD_STRING);
-          fs.getSource(URL, filename, true);
-        } else {
-          // at least we tried...
-          fs.downloadFailed();
-        }
-      }
-    };
-
-    req.send();
-  },
-
-  /**
-   * Handle a download failure of ruleset.
-   */
-  downloadFailed: function() {
-    document.getElementById("source-text").hidden = true;
-    document.getElementById("failure-label").hidden = false;
-  },
-
-
-  /**
-   * Convenience method for setting ruleset source text.
-   *
-   * @param text ruleset source
-   */
-  setSourceText: function(text) {
-    var textBox = document.getElementById("source-text");
-    textBox.value = text;
-  },
-
-  /**
-   * Convenience method for setting filename text.
-   *
-   * @param text file name
-   */
-  setFilenameText: function (text) {
-    var textLabel = document.getElementById("filename-text");
-    textLabel.value = text;
-  },
-
-  /**
-   * Convenience method for setting the path (URL) that was used to fetch
-   * ruleset.
-   *
-   * @param text path text
-   */
-  setPathText: function(text) {
-    var textLabel = document.getElementById("path-text");
-    textLabel.value = text;
-  }
-};
-
-// TODO: Test resizing on mulitple platforms
-// adjust window resizing
-window.onresize = function() {
-  var textBox = document.getElementById("source-text");
-  // TODO: Move to constants
-  textBox.width = window.innerWidth - 100;
-  textBox.height = window.innerHeight - 150;
-};
-
-// hook event for init
-window.addEventListener("load", httpsEverywhere.fetchSource.init, false);
diff --git a/src/chrome/content/fetch-source.xul b/src/chrome/content/fetch-source.xul
deleted file mode 100644
index caa004872df1..000000000000
--- a/src/chrome/content/fetch-source.xul
+++ /dev/null
@@ -1,29 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<?xml-stylesheet href="chrome://global/skin/" type="text/css"?>
-
-<!DOCTYPE overlay SYSTEM "chrome://https-everywhere/locale/https-everywhere.dtd">
-
-<dialog id="https-everywhere-fetch-xml"
-        xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"
-        xmlns:html="http://www.w3.org/1999/xhtml"
-        title="&https-everywhere.prefs.view_xml_source;"
-        persist="screenX screenY width height"
-        style="height:80%; resize:both;"
-        buttons="accept"
-        height="600"
-        width="650">
-        
-    
-    <script type="application/x-javascript" src="fetch-source.js"/>
-    <box orient="horizontal">
-        <label id="filename-label" value="&https-everywhere.source.filename;:"/>
-        <label id="filename-text"/>
-    </box>
-    <box orient="horizontal">
-    	<label id="path-label" value="URL:"/>
-    	<label id="path-text"/>
-    </box>
-    <separator class="thin"/>
-    <textbox id="source-text" multiline="true" readonly="true" value="&https-everywhere.source.downloading;..."/>
-    <label id="failure-label" hidden="true" value="&https-everywhere.source.unable_to_download;"/>
-</dialog>
diff --git a/src/chrome/content/meta-preferences.xul b/src/chrome/content/meta-preferences.xul
deleted file mode 100644
index 3e48010c2cb7..000000000000
--- a/src/chrome/content/meta-preferences.xul
+++ /dev/null
@@ -1,30 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<?xml-stylesheet href="chrome://global/skin/" type="text/css"?>
-<?xml-stylesheet href="chrome://https-everywhere/content/preferences.css" type="text/css"?>
-
-<!DOCTYPE overlay SYSTEM "chrome://https-everywhere/locale/https-everywhere.dtd">
-
-<window id="https-everywhere-meta-prefs"
-        xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"
-        xmlns:html="http://www.w3.org/1999/xhtml"
-        title="&https-everywhere.prefs.title;"
-        persist="screenX screenY width height"
-        width="600" 
-        height="600">
-  <separator class="thin" />
-  <tabbox flex="1">
-    <tabs>
-      <tab label="HTTPS Everywhere" />
-      <tab label="SSL Observatory" />
-    </tabs>
-    <tabpanels flex="1">
-      <tabpanel flex="1" orient="vertical">
-        <browser src="chrome://https-everywhere/content/preferences.xul" flex="1"/>
-      </tabpanel>
-      <tabpanel flex="1" orient="vertical">
-        <browser src="chrome://https-everywhere/content/observatory-preferences.xul" flex="1"/>
-      </tabpanel>
-    </tabpanels>
-  </tabbox>
-
-</window>
diff --git a/src/chrome/content/observatory-popup.xul b/src/chrome/content/observatory-popup.xul
deleted file mode 100644
index 60da68fdc620..000000000000
--- a/src/chrome/content/observatory-popup.xul
+++ /dev/null
@@ -1,61 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<?xml-stylesheet href="chrome://global/skin/" type="text/css"?>
-<!DOCTYPE window SYSTEM "chrome://https-everywhere/locale/ssl-observatory.dtd">
-<window id="ssl-observatory-dialog" 
-  xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul" 
-  xmlns:html="http://www.w3.org/1999/xhtml" 
-  title="&ssl-observatory.popup.title;" 
-  width="500" 
-  height="440" 
-  align="center"
-  onload="document.getElementById('ask-me-later').focus()"
-  >
-    <script type="application/x-javascript" src="observatory-xul.js" />
-    <image src="chrome://https-everywhere/skin/ssl-observatory-messy.jpg" />
-    <label style="padding:25px;">&ssl-observatory.popup.text;</label>
-
-    <commandgroup>
-      <command id="enable" oncommand="enable_observatory() ; popup_done()" />
-      <command id="nope" oncommand="disable_observatory() ; popup_done()" />
-      <command id="later" oncommand="window.close()" />
-      <command id="more-info" 
-               oncommand='popup_done() ; 
-               window.open("chrome://https-everywhere/content/observatory-preferences.xul","obsprefs",
-               "chrome, centerscreen")'/>
-    </commandgroup>
-
-    <vbox flex="1">
-    <spacer flex="5" />
-    <separator class="thin"/>
-      <hbox>
-        <spacer flex="2" />
-        <button label="&ssl-observatory.popup.yes;" tabindex="2" accesskey="y" 
-                command='enable'/>
-        <spacer flex="1" />
-        <button label="&ssl-observatory.popup.no;" tabindex="3" accesskey="n"
-                command='nope'/>
-        <spacer flex="2" />
-      </hbox>
-    <separator class="thin"/>
-    <spacer flex="10" />
-      <hbox>
-        <spacer flex="2" />
-        <button label="&ssl-observatory.popup.details;" tabindex="4" accesskey="D" 
-                command='more-info'/>
-        <spacer flex="1" />
-        <button id="ask-me-later" label="&ssl-observatory.popup.later;" 
-                tabindex="1" accesskey="A" command='later'/>
-        <spacer flex="2" />
-      </hbox>
-    <separator class="thin"/>
-    <spacer flex="1" />
-    </vbox>
-
-    <!--
-    <hbox style="padding-top:10px;">
-      <label class="text-link" href="https://www.eff.org/" tabindex="3" value="&ssl-observatory.popup.details;" />
-      <spacer flex="1" />
-      <button label="&ssl-observatory.popup.later;" id="ask-me-later" tabindex="0" style="font-size:0.8em;" accesskey="l"
-              oncommand="doCancel()"/>-
-    </hbox>-->
-</window>
diff --git a/src/chrome/content/observatory-preferences.xul b/src/chrome/content/observatory-preferences.xul
deleted file mode 100644
index 96102d05bff7..000000000000
--- a/src/chrome/content/observatory-preferences.xul
+++ /dev/null
@@ -1,106 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<?xml-stylesheet href="chrome://global/skin/" type="text/css"?>
-
-<!DOCTYPE overlay SYSTEM "chrome://https-everywhere/locale/ssl-observatory.dtd">
-
-<dialog id="https-everywhere-prefs"
-  xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"
-  xmlns:html="http://www.w3.org/1999/xhtml"
-  buttons="accept"
-  buttonlabelaccept="&ssl-observatory.prefs.done;"
-  title="&ssl-observatory.prefs.title;"
-  width="800"
-  height="768"
-  persist="screenX screenY width height"
-  onload="observatory_prefs_init(document)"
-  ondialogaccept="observatory_prefs_accept()">
-  <script type="application/x-javascript" src="observatory-xul.js" />
-  <vbox flex="1" style="overflow:auto">
-    <spacer flex="1" />
-    <hbox flex="1">
-      <spacer flex="1" />
-      <image id="obs-title-logo"
-             src="chrome://https-everywhere/skin/ssl-observatory-messy.jpg" />
-      <spacer flex="1" />
-    </hbox>
-    <spacer flex="2" />
-    <label>&ssl-observatory.prefs.explanation;</label>
-    <separator class="thin" />
-    <label>&ssl-observatory.prefs.explanation2;</label>
-    <separator class="thin" />
-    <commandset>
-      <command id="toggle-enabled" oncommand="toggle_enabled()" />
-      <command id="use-obs-anon" oncommand="set_obs_anon(true)" />
-      <command id="use-obs-nonanon" oncommand="set_obs_anon(false)" />
-      <command id="toggle-alt-roots" oncommand="toggle_alt_roots()" />
-      <command id="toggle-send-asn" oncommand="toggle_send_asn()" />
-      <command id="toggle-priv-dns" oncommand="toggle_priv_dns()" />
-      <command id="toggle-self-signed" oncommand="toggle_self_signed()" />
-    </commandset>
-    <checkbox label="&ssl-observatory.prefs.use;" id="use-observatory"
-              command="toggle-enabled" style="font-size:1.5em;"/>
-    <separator class="thin"/>
-      <radiogroup style="margin-left:3em;" id="ssl-obs-how">
-        <radio label="&ssl-observatory.prefs.anonymous;" 
-               tooltiptext="&ssl-observatory.prefs.anonymous_tooltip;"
-               alt_label="&ssl-observatory.prefs.anonymous_unavailable;"
-               command="use-obs-anon" 
-               class="ssl-obs-conf" id="ssl-obs-anon"/>
-        <radio label="&ssl-observatory.prefs.nonanon;" 
-               tooltiptext="&ssl-observatory.prefs.nonanon_tooltip;"
-               command="use-obs-nonanon"
-               class="ssl-obs-conf" id="ssl-obs-nonanon"/>
-      </radiogroup>
-    <separator class="thin"/>
-    <tooltip id="asn-tip" noautohide="true">
-      <label>&ssl-observatory.prefs.asn_tooltip;</label>
-    </tooltip>
-    <checkbox label="&ssl-observatory.prefs.asn;" id="send-asn"
-              tooltip="asn-tip" class="ssl-obs-conf"
-              command="toggle-send-asn"/>
-    <spacer flex="2" />
-    <hbox>
-      <spacer flex="1" />
-      <button label="&ssl-observatory.prefs.show;" onclick="show_advanced()"
-              id="show-advanced-button" class="ssl-obs-conf"/>
-      <button label="&ssl-observatory.prefs.hide;" onclick="hide_advanced()"
-              id="hide-advanced-button" hidden="true" />
-      <spacer flex="1" />
-    </hbox>
-    <spacer flex="1" />
-    <vbox flex="2">
-      <tooltip id="alt-roots-tip" noautohide="true">
-        <label>&ssl-observatory.prefs.alt_roots_tooltip;</label>
-      </tooltip>
-      <tooltip id="priv-dns-tip" noautohide="true">
-        <label>&ssl-observatory.prefs.priv_dns_tooltip;</label>
-      </tooltip>
-      <tooltip id="self-signed-tip" noautohide="true">
-        <label>&ssl-observatory.prefs.self_signed_tooltip;</label>
-      </tooltip>
-      <vbox id="observatory-advanced-opts" hidden="true">
-
-        <groupbox hidden="true" tooltip="self-signed-tip">
-          <checkbox label="&ssl-observatory.prefs.self_signed;" 
-                    class="ssl-obs-conf" id="self-signed"
-                    command="toggle-self-signed"/>
-        </groupbox>
-
-        <groupbox hidden="true" tooltip="alt-roots-tip" >
-          <caption hidden="true" label="&ssl-observatory.prefs.adv_priv_opts1;"/>
-          <checkbox label="&ssl-observatory.prefs.alt_roots;" 
-                    command="toggle-alt-roots" class="ssl-obs-conf"
-                    id="alt-roots" />
-        </groupbox>
-        <groupbox hidden="true" tooltip="priv-dns-tip">
-          <caption hidden="true" label="&ssl-observatory.prefs.adv_priv_opts2;"/>
-          <checkbox label="&ssl-observatory.prefs.priv_dns;" 
-                    class="ssl-obs-conf" id="priv-dns"
-                    command="toggle-priv-dns"/>
-        </groupbox>
-      </vbox>
-    </vbox>
-    <spacer flex="5" />
-  </vbox>
-</dialog>
-
diff --git a/src/chrome/content/observatory-warning.xul b/src/chrome/content/observatory-warning.xul
deleted file mode 100644
index 1f64e128620e..000000000000
--- a/src/chrome/content/observatory-warning.xul
+++ /dev/null
@@ -1,49 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<?xml-stylesheet href="chrome://global/skin/" type="text/css"?>
-<!DOCTYPE window SYSTEM "chrome://https-everywhere/locale/ssl-observatory.dtd">
-<window id="ssl-observatory-dialog" 
-  xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul" 
-  xmlns:html="http://www.w3.org/1999/xhtml" 
-  title="&ssl-observatory.warning.title;" 
-  width="600"
-  height="500"
-  align="center"
-  onload="warning_populate(window.arguments[0])"
-  >
-    <script type="application/x-javascript" src="observatory-xul.js" />
-    <image src="chrome://https-everywhere/skin/ssl-observatory-messy.jpg" />
-    <vbox flex="1">
-      <vbox id="warning-container" flex="1">
-        <label style="padding:25px 25px 10px;">&ssl-observatory.warning.text;</label>
-        <spacer flex="1" />
-      </vbox>
-
-      <commandgroup>
-        <command id="showcert" oncommand="show_certs()" />
-        <command id="okay" oncommand='window.close()'
-        />
-      </commandgroup>
-
-      <spacer flex="1" />
-      <label style="padding:5px 25px 0px;">&ssl-observatory.warning.defense;</label>
-      <separator class="thin"/>
-      <hbox>
-        <spacer flex="2" />
-        <button label="&ssl-observatory.warning.showcert;" accesskey="S" 
-                id="show-certificate" command='showcert'/>
-        <spacer flex="1" />
-        <button label="&ssl-observatory.warning.okay;" accesskey="I"
-                command='okay'/>
-        <spacer flex="2" />
-      </hbox>
-      <separator class="thin" />
-    </vbox>
-
-    <!--
-    <hbox style="padding-top:10px;">
-      <label class="text-link" href="https://www.eff.org/" tabindex="3" value="&ssl-observatory.popup.details;" />
-      <spacer flex="1" />
-      <button label="&ssl-observatory.popup.later;" id="ask-me-later" tabindex="0" style="font-size:0.8em;" accesskey="l"
-              oncommand="doCancel()"/>-
-    </hbox>-->
-</window>
diff --git a/src/chrome/content/observatory-xul.js b/src/chrome/content/observatory-xul.js
deleted file mode 100644
index cc7ad8254c4d..000000000000
--- a/src/chrome/content/observatory-xul.js
+++ /dev/null
@@ -1,193 +0,0 @@
-const CC = Components.classes;
-const CI = Components.interfaces;
-VERB=1;
-DBUG=2;
-INFO=3;
-NOTE=4;
-WARN=5;
-
-var ssl_observatory = CC["@eff.org/ssl-observatory;1"]
-                    .getService(Components.interfaces.nsISupports)
-                    .wrappedJSObject;
-var obsprefs = ssl_observatory.prefs;
-
-const pref_prefix = "extensions.ssl_observatory.";
-
-function observatory_prefs_init(doc) {
-  // Is the Observatory on?
-  var enabled = obsprefs.getBoolPref("extensions.https_everywhere._observatory.enabled");
-  document.getElementById("use-observatory").checked = enabled;
-  set_observatory_configurability(enabled);
-  // Other settings
-  document.getElementById("alt-roots").checked = 
-    obsprefs.getBoolPref("extensions.https_everywhere._observatory.alt_roots");
-  document.getElementById("priv-dns").checked = 
-    obsprefs.getBoolPref("extensions.https_everywhere._observatory.priv_dns");
-  document.getElementById("self-signed").checked = 
-    obsprefs.getBoolPref("extensions.https_everywhere._observatory.self_signed");
-  document.getElementById("send-asn").checked = 
-    obsprefs.getBoolPref("extensions.https_everywhere._observatory.send_asn");
-
-  // More complicated: is it anonymised by Tor?
-  var obs_how = doc.getElementById("ssl-obs-how");
-  var anon_radio = document.getElementById("ssl-obs-anon");
-  var nonanon_radio = document.getElementById("ssl-obs-nonanon");
-  var anon = !obsprefs.getBoolPref(
-            "extensions.https_everywhere._observatory.use_custom_proxy");
-
-  // first set the radios to match the current settings variables
-  obs_how.selectedItem = (anon) ? anon_radio : nonanon_radio;
-
-  // But if the user hasn't turned the observatory on, 
-  // the default should be the maximally sensible one
-  var torbutton_avail = ssl_observatory.proxy_test_successful;
-  if (!enabled) {
-    set_obs_anon(torbutton_avail);
-    obs_how.selectedItem = (torbutton_avail) ? anon_radio : nonanon_radio;
-  }
-  //scale_title_logo();
-}
-
-// The user has responded to the popup in a final way; don't show it to them
-// again
-function popup_done() {
-  obsprefs.setBoolPref("extensions.https_everywhere._observatory.popup_shown", true);
-  window.close();
-}
-
-
-function scale_title_logo() {
-  // The image is naturally 500x207, but if it's shrunk we don't want it 
-  // distorted
-  var img = document.getElementById("obs-title-logo");
-  alert("ch is " + img.height);
-  if (img.height != "207")
-    img.width = (500.0/207.0) * img.height;
-}
-
-// grey/ungrey UI elements that control observatory operation
-function set_observatory_configurability(enabled) {
-  // the relevant widgets are tagged with class="ssl-obs-conf"
-  var ui_elements = document.querySelectorAll(".ssl-obs-conf");
-  for (var i =0; i < ui_elements.length; i++) 
-    ui_elements[i].disabled = !enabled;
-  // the "use tor" option can't be ungreyed unless tor is available
-  if (ssl_observatory.proxy_test_successful == false) {
-    var tor_opt = document.getElementById("ssl-obs-anon")
-    tor_opt.disabled = true;
-    tor_opt.label = tor_opt.getAttribute("alt_label");
-  }
-  if (!enabled) 
-    hide_advanced();
-}
-
-// show/hide advanced options in the preferences dialog
-function show_advanced() {
-  var enabled = obsprefs.getBoolPref("extensions.https_everywhere._observatory.enabled");
-  if (enabled) {
-    var adv_opts_box = document.getElementById("observatory-advanced-opts");
-    recursive_set(adv_opts_box, "hidden", "false");
-    document.getElementById("show-advanced-button").hidden = true;
-    document.getElementById("hide-advanced-button").hidden = false;
-  }
-  //scale_title_logo();
-}
-function hide_advanced() {
-  var adv_opts_box = document.getElementById("observatory-advanced-opts");
-  recursive_set(adv_opts_box, "hidden", "true");
-  document.getElementById("show-advanced-button").hidden = false;
-  document.getElementById("hide-advanced-button").hidden = true;
-}
-
-function recursive_set(node, attrib, value) {
-  node.setAttribute(attrib, value);
-  for (var i=0; i < node.childNodes.length; i++) 
-    recursive_set(node.childNodes[i], attrib, value)
-}
-
-
-function set_obs_anon(val) {
-  obsprefs.setBoolPref( "extensions.https_everywhere._observatory.use_custom_proxy", !val);
-}
-
-// called from the popup only
-function enable_observatory() {
-  obsprefs.setBoolPref("extensions.https_everywhere._observatory.enabled", true);
-  var torbutton_avail = ssl_observatory.proxy_test_successful;
-  set_obs_anon(torbutton_avail);
-}
-
-function disable_observatory() {
-  // default but be sure...
-  obsprefs.setBoolPref("extensions.https_everywhere._observatory.enabled", false);
-}
-
-// called from within the prefs window, we have more work to do:
-function toggle_enabled() {
-  var use_obs = document.getElementById("use-observatory").checked;
-  obsprefs.setBoolPref("extensions.https_everywhere._observatory.enabled", use_obs);
-  set_observatory_configurability(use_obs);
-}
-
-function toggle_send_asn() {
-  var send_asn = document.getElementById("send-asn").checked;
-  obsprefs.setBoolPref("extensions.https_everywhere._observatory.send_asn", send_asn);
-  if (send_asn) ssl_observatory.setupASNWatcher()
-  else          ssl_observatory.stopASNWatcher();
-}
-
-function toggle_alt_roots() {
-  var alt_roots = document.getElementById("alt-roots").checked;
-  obsprefs.setBoolPref("extensions.https_everywhere._observatory.alt_roots", alt_roots);
-}
-
-function toggle_priv_dns() {
-  var priv_dns = document.getElementById("priv-dns").checked;
-  obsprefs.setBoolPref("extensions.https_everywhere._observatory.priv_dns", priv_dns);
-}
-
-function toggle_self_signed() {
-  var self_signed = document.getElementById("self-signed").checked;
-  obsprefs.setBoolPref("extensions.https_everywhere._observatory.self_signed", self_signed);
-}
-
-function observatory_prefs_accept() {
-  // This is *horrid*, but
-  // https://developer.mozilla.org/en/working_with_windows_in_chrome_code#Accessing_the_elements_of_the_top-level_document_from_a_child_window
-  var outer = window.QueryInterface(Components.interfaces.nsIInterfaceRequestor)
-                   .getInterface(Components.interfaces.nsIWebNavigation)
-                   .QueryInterface(Components.interfaces.nsIDocShellTreeItem)
-                   .rootTreeItem
-                   .QueryInterface(Components.interfaces.nsIInterfaceRequestor)
-                   .getInterface(Components.interfaces.nsIDOMWindow); 
-
-  if (outer) outer.close()
-  else alert("no outer space");
-
-  return true;  // https://developer.mozilla.org/en/XUL/dialog#a-ondialogaccept
-                // also close things if there is no out meta prefs window
-}
-
-function warning_populate(warningObj) {
-  // Fill in the SSL Observatory Warning labels...
-  var container = document.getElementById("warning-container");
-  for (var hash in warningObj) {
-    var label=document.createElement("label");
-    label.setAttribute("style","padding:5px 25px 5px;");
-    label.textContent = warningObj[hash].long_desc;
-    container.appendChild(label);
-    //var spacer=document.createElement("spacer");
-    //separator.setAttribute("flex","1");
-    //container.appendChild(spacer);
-  }
-}
-
-function show_certs() {
-  var parent_win = window.arguments[1];
-  var cert = window.arguments[2];
-  if (!parent_win)
-    alert("no parent window trying to show certs");
-  CC["@mozilla.org/nsCertificateDialogs;1"]
-     .getService(CI.nsICertificateDialogs)
-     .viewCert(parent_win, cert);
-}
diff --git a/src/chrome/content/preferences.css b/src/chrome/content/preferences.css
deleted file mode 100644
index 6b35c00f85eb..000000000000
--- a/src/chrome/content/preferences.css
+++ /dev/null
@@ -1,11 +0,0 @@
-treechildren::-moz-tree-checkbox { /* css for unchecked cells */
-  list-style-image: url("chrome://https-everywhere/skin/cross.png");
-}
-
-treechildren::-moz-tree-checkbox(checked) { /* css for checked cells */
-  list-style-image: url("chrome://https-everywhere/skin/tick.png");
-}
-
-treechildren::-moz-tree-checkbox(undefined) { /* css for empty cells */
-  list-style-image: url("");
-}
diff --git a/src/chrome/content/preferences.js b/src/chrome/content/preferences.js
deleted file mode 100644
index 921ac477dbe6..000000000000
--- a/src/chrome/content/preferences.js
+++ /dev/null
@@ -1,267 +0,0 @@
-const CC = Components.classes;
-const CI = Components.interfaces;
-VERB=1;
-DBUG=2;
-INFO=3;
-NOTE=4;
-WARN=5;
-
-https_everywhere = CC["@eff.org/https-everywhere;1"]
-  .getService(Components.interfaces.nsISupports)
-  .wrappedJSObject;
-
-rulesets = Array.slice(https_everywhere.https_rules.rulesets);
-
-const id_prefix = "he_enable";
-const pref_prefix = "extensions.https_everywhere.";
-const GITID = https_everywhere.https_rules.GITCommitID;
-
-// Disable all rules.
-function disable_all() {
-	for (var i in rulesets) {
-		rulesets[i].disable();
-	}
-
-	treeView.treebox.invalidate();
-}
-
-// Reset all rules to their default state.
-function reset_defaults() {
-  https_everywhere.https_rules.resetRulesetsToDefaults()
-  treeView.treebox.invalidate();
-}
-
-function resetSelected() {
-  var start = {};
-  var end = {};
-  var st = document.getElementById('sites_tree');
-  var sel = st.view.selection;
-  var numRanges = sel.getRangeCount();
-
-  for (var t = 0; t < numRanges; t++){
-    sel.getRangeAt(t, start, end);
-    for (var v = start.value; v <= end.value; v++){
-      var rs = treeView.rules[v];
-      rs.clear();
-    }
-  }
-}
-
-function resetSelectedMenu() {
-  var start = {};
-  var end = {};
-  var st = document.getElementById('sites_tree');
-  var sel = st.view.selection;
-  var numRanges = sel.getRangeCount();
-  var menuitem = document.getElementById("revert_menuitem");
-
-  for (var t = 0; t < numRanges; t++){
-    sel.getRangeAt(t, start, end);
-    for (var v = start.value; v <= end.value; v++){
-      var rs = treeView.rules[v];
-      if (rs.active !== rs.on_by_default) {
-        menuitem.disabled = false;
-        return;
-      }
-    }
-  }
-  menuitem.disabled = true;
-}
-
-function toggleSelected() {
-  var start = {};
-  var end = {};
-  var st = document.getElementById('sites_tree');
-  var sel = st.view.selection;
-  var numRanges = sel.getRangeCount();
-  var menuitem = document.getElementById("revert_menuitem");
-
-  for (var t = 0; t < numRanges; t++){
-    sel.getRangeAt(t, start, end);
-    for (var v = start.value; v <= end.value; v++){
-      var rs = treeView.rules[v];
-      rs.toggle();
-      treeView.treebox.invalidateRow(v);
-    }
-  }
-}
-
-
-function viewXMLSource() {
-  var start = {};
-  var end = {};
-  var st = document.getElementById('sites_tree');
-  var sel = st.view.selection;
-  var numRanges = sel.getRangeCount();
-  var menuitem = document.getElementById("revert_menuitem");
-
-  for (var t = 0; t < numRanges; t++){
-    sel.getRangeAt(t, start, end);
-    for (var v = start.value; v <= end.value; v++){
-      var rs = treeView.rules[v];
-      
-      //This *should* not violate TorButton's State Control, but someone should double check
-      //this code just in case
-      var aWin = CC['@mozilla.org/appshell/window-mediator;1']
-      .getService(CI.nsIWindowMediator) 
-      .getMostRecentWindow('navigator:browser');
-      aWin.openDialog("chrome://https-everywhere/content/fetch-source.xul",
-              rs.xmlName, "chrome,centerscreen", 
-              {xmlName: rs.xmlName, GITCommitID: GITID} );
-    }
-  }
-}
-
-function getValue(row, col) {
-  switch (col.id) {
-    case "site_col":
-      return row.name;
-    case "note_col":
-      return row.notes;
-    case "enabled_col":
-      return https_everywhere.https_rules.rulesetsByName[row.name].active;
-      /*var ruleActive = false;
-      try {
-        if(https_everywhere.rule_toggle_prefs.getBoolPref(row.name))
-          ruleActive = true;
-      } catch(e) {
-        ruleActive = https_everywhere.https_rules.rulesetsByName[row.name].active;
-      }
-      return ruleActive;*/
-    default:
-      return;
-  }
-}
-
-function compareRules(a, b, col) {
-  var aval = getValue(a, col).toLowerCase();
-  var bval = getValue(b, col).toLowerCase();
-  var ret = 0;
-  if (aval < bval) {
-    ret = -1;
-  } else if (aval > bval) {
-      ret = 1;
-  } else {
-      ret = 0;
-  }
-  return ret;
-}
-
-function https_prefs_init(doc) {
-  var st = document.getElementById('sites_tree');
-  
-  // GLOBAL VARIABLE!
-  treeView = {
-    rules: rulesets,
-    rowCount: rulesets.length,
-    getCellValue: function(row, col) { // site names
-      if (!this.rules[row]) return;
-      return getValue(this.rules[row], col);
-    },
-    getCellText: function(row, col) { // activation indicator
-       return this.getCellValue(row, col);
-    },
-    setCellValue: function(row, col, val) { // toggle a rule's activation
-      var rule = this.rules[row];
-
-      if (val == "true") {
-        rule.enable();
-      } else {
-        rule.disable();
-      }
-
-      this.treebox.invalidateRow(row);
-    },
-    isEditable: function(row, col) {
-      return (col.id == "enabled_col");
-    },
-    setTree: function(treebox) {
-      this.treebox = treebox;
-    },
-    isContainer: function(row) { return false; },
-    isSeparator: function(row) { return false; },
-    isSorted: function() { return false; },
-    getRowProperties: function(row, props) {},
-    getColumnProperties: function(colid, col, props) {},
-    getCellProperties: function(row, col, props) {
-      if ( (col.id == "enabled_col") && !(this.rules[row]) ) {
-        var atomS = CC["@mozilla.org/atom-service;1"];
-        atomS = atomS.getService(CI.nsIAtomService);
-        // Starting with 22.0a1 there is no |props| available anymore. See:
-        // https://bugzilla.mozilla.org/show_bug.cgi?id=407956. Looking at the
-        // patch the following seems to work, though.
-        if (!props) {
-          return "undefined";
-        }
-        props.AppendElement( atomS.getAtom("undefined") );
-      }
-    },
-    getLevel: function(row) { return 0; },
-    getImageSrc: function(row, col) { return null; },
-    search: function(query) {
-      var new_rules = [];
-      query = query.value.toLowerCase().replace(/^\s+|\s+$/g, "");
-
-      for (var i in rulesets) {
-        var rule_name = rulesets[i].name.toLowerCase();
-        if ( rule_name.indexOf(query) != -1 ) {
-          new_rules.push(rulesets[i]);
-        }
-      }
-
-      this.rules = new_rules;
-      this.rowCount = new_rules.length;
-      this.treebox.invalidate();
-      this.treebox.scrollToRow(rulesets[0]);
-    },
-    cycleHeader: function (col) {
-	    var columnName;
-    	var order = (col.element.getAttribute("sortDirection") === "ascending" ? -1 : 1);
-    	
-    	var compare = function (a, b) {
-    	  return compareRules(a, b, col) * order;
-  	  };
-    	rulesets.sort(compare);
-    	this.rules.sort(compare);
-      
-      var cols = st.getElementsByTagName("treecol");
-      for (var i = 0; i < cols.length; i++) {
-    		cols[i].removeAttribute("sortDirection");
-    	}
-    	col.element.setAttribute("sortDirection", order === 1 ? "ascending" : "descending");
-	    this.treebox.invalidate();
-	  }
-  };
-
-  st.view = treeView;
-}
-
-function window_opener(uri) {
-  // we don't use window.open, because we need to work around TorButton's state control
-    if(typeof gBrowser == "undefined"){
-        var window = CC["@mozilla.org/appshell/window-mediator;1"].getService(Components.interfaces.nsIWindowMediator);
-        var browserWindow = window.getMostRecentWindow("navigator:browser").getBrowser();
-        var newTab = browserWindow.addTab(uri, null, null);
-        browserWindow.selectedTab = newTab;
-
-    }
-    else
-        gBrowser.selectedTab = gBrowser.addTab(uri);
-}
-
-function https_prefs_accept() {
-  // This is *horrid*, but
-  // https://developer.mozilla.org/en/working_with_windows_in_chrome_code#Accessing_the_elements_of_the_top-level_document_from_a_child_window
-  var outer = window.QueryInterface(Components.interfaces.nsIInterfaceRequestor)
-                   .getInterface(Components.interfaces.nsIWebNavigation)
-                   .QueryInterface(Components.interfaces.nsIDocShellTreeItem)
-                   .rootTreeItem
-                   .QueryInterface(Components.interfaces.nsIInterfaceRequestor)
-                   .getInterface(Components.interfaces.nsIDOMWindow); 
-
-  if (outer) outer.close();
-  else alert("no outer space");
-
-  return true;  // https://developer.mozilla.org/en/XUL/dialog#a-ondialogaccept
-                // also close things if there is no out meta prefs window
-}
diff --git a/src/chrome/content/preferences.xul b/src/chrome/content/preferences.xul
deleted file mode 100644
index ebde85b2cc00..000000000000
--- a/src/chrome/content/preferences.xul
+++ /dev/null
@@ -1,62 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<?xml-stylesheet href="chrome://global/skin/" type="text/css"?>
-<?xml-stylesheet href="chrome://https-everywhere/content/preferences.css" type="text/css"?>
-
-<!DOCTYPE overlay SYSTEM "chrome://https-everywhere/locale/https-everywhere.dtd">
-
-<dialog id="https-everywhere-prefs"
-        xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"
-        xmlns:html="http://www.w3.org/1999/xhtml"
-        buttons="accept,extra1,extra2"
-        buttonlabelextra1="&https-everywhere.prefs.disable_all;"
-        ondialogextra1="disable_all();"
-        buttonlabelextra2="&https-everywhere.prefs.reset_defaults;"
-        ondialogextra2="reset_defaults();"
-        title="&https-everywhere.prefs.title;"
-        persist="screenX screenY width height"
-        style="height:80%; resize:both;"
-        height="600"
-        width="650"
-        onload="https_prefs_init(document)"
-        ondialogaccept="https_prefs_accept()">
-    
-    <script type="application/x-javascript" src="preferences.js"/>
-    
-    <popupset>
-        <menupopup id="tree-contextmenu" onpopupshowing="resetSelectedMenu()">
-            <menuitem label="&https-everywhere.prefs.reset_default;" oncommand="resetSelected();" id="revert_menuitem"/>
-            <menuitem label="&https-everywhere.prefs.toggle;" oncommand="toggleSelected();"/>
-            <menuitem label="&https-everywhere.prefs.view_xml_source;" oncommand="viewXMLSource();"/>
-        </menupopup>
-    </popupset>
-    
-    <groupbox flex="1">
-        <caption label="&https-everywhere.prefs.list_caption;"
-               align="center"/>
-        <vbox>
-          &https-everywhere.prefs.search;: <textbox id="tree_search" oninput="treeView.search(this);" />
-	</vbox>
-        <tree id="sites_tree" editable="true" flex="1" context="tree-contextmenu">
-          <treecols>
-            <treecol id="enabled_col" type="checkbox" label="&https-everywhere.prefs.enabled;"
-                     editable="true" class="sortDirectionIndicator" persist="sortDirection width"/>
-            <splitter class="tree-splitter"/>
-            <treecol id="site_col" label="&https-everywhere.prefs.site;" flex="1" editable="false" class="sortDirectionIndicator" persist="sortDirection width"/>
-            <splitter class="tree-splitter"/>
-            <treecol id="note_col" label="&https-everywhere.prefs.notes;" flex="1" editable="false" class="sortDirectionIndicator"  persist="sortDirection width"/>
-          </treecols>
-          <treechildren/>
-        </tree>
-    </groupbox>
-    <separator class="thin"/>
-    <vbox>
-        &https-everywhere.prefs.ruleset_howto;
-        <separator class="thin"/>
-        <label id="ruleset link"
-          value="&https-everywhere.prefs.here_link;"
-          style="color: blue; cursor:hand; text-decoration:underline;"
-          onmouseover="event.target.style.cursor='pointer'"
-          onmouseout="event.target.style.cursor='default'"
-          onclick="window_opener('https://eff.org/https-everywhere/rulesets')"/>.
-    </vbox>
-</dialog>
diff --git a/src/chrome/content/rules/00f.net.xml b/src/chrome/content/rules/00f.net.xml
deleted file mode 100644
index 43f9e55d4ea5..000000000000
--- a/src/chrome/content/rules/00f.net.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="00f.net">
-
-	<target host="00f.net" />
-	<target host="*.00f.net" />
-
-
-	<!--	Cert doesn't match www.
-					-->
-	<rule from="^https?://(?:(f\.)|www\.)?00f\.net/"
-		to="https://$100f.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/01.org.xml b/src/chrome/content/rules/01.org.xml
deleted file mode 100644
index 7c7eab97706d..000000000000
--- a/src/chrome/content/rules/01.org.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	For other Intel coverage, see Intel.xml.
-
--->
-<ruleset name="01.org">
-
-	<target host="01.org" />
-	<target host="*.01.org" />
-
-
-	<rule from="^http://(lists\.|www\.)?01\.org/"
-		to="https://$101.org/" />
-
-	<rule from="^http://mx\.01\.org/"
-		to="https://lists.01.org/mailman/listinfo" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/02ch.su.xml b/src/chrome/content/rules/02ch.su.xml
new file mode 100644
index 000000000000..21b3eb364444
--- /dev/null
+++ b/src/chrome/content/rules/02ch.su.xml
@@ -0,0 +1,6 @@
+<ruleset name="02ch.su">
+	<target host="02ch.su" />
+	<target host="www.02ch.su" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/0bin.net.xml b/src/chrome/content/rules/0bin.net.xml
new file mode 100644
index 000000000000..59783a130616
--- /dev/null
+++ b/src/chrome/content/rules/0bin.net.xml
@@ -0,0 +1,16 @@
+<!--
+    Nonfunctional subdomains:
+        - www     -> wrong domain
+-->
+<ruleset name="0bin.net">
+    <target host="0bin.net" />
+    <target host="www.0bin.net" />
+
+    <securecookie host="^0bin\.net" name=".+" />
+
+    <rule from="^http://www\.0bin\.net/"
+            to="https://0bin.net/" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/0chan.one.xml b/src/chrome/content/rules/0chan.one.xml
new file mode 100644
index 000000000000..a5d94e8e6c65
--- /dev/null
+++ b/src/chrome/content/rules/0chan.one.xml
@@ -0,0 +1,6 @@
+<ruleset name="0chan.one">
+	<target host="0chan.one" />
+	<target host="www.0chan.one" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/0nl1ne.at.xml b/src/chrome/content/rules/0nl1ne.at.xml
new file mode 100644
index 000000000000..de2de8a6ac76
--- /dev/null
+++ b/src/chrome/content/rules/0nl1ne.at.xml
@@ -0,0 +1,25 @@
+<!--
+
+	Problematic hosts in *0nl1ne.at:
+
+		- www ᵐ
+		- mb ᵐ
+		- nblog ᵐ
+		- rss ᵐ
+		- tools ᵐ
+
+	ᵐ Mismatched
+
+-->
+<ruleset name="0nl1ne.at (partial)">
+
+	<target host="0nl1ne.at" />
+	<target host="www.0nl1ne.at" />
+
+	<rule from="^http://www\.0nl1ne\.at/"
+		to="https://0nl1ne.at/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/0p.no.xml b/src/chrome/content/rules/0p.no.xml
new file mode 100644
index 000000000000..43ab4b74cb9e
--- /dev/null
+++ b/src/chrome/content/rules/0p.no.xml
@@ -0,0 +1,15 @@
+
+<!--
+	Invalid Certificate:
+		www.0p.no
+-->
+<ruleset name="0p.no">
+	<target host="0p.no" />
+	<target host="www.0p.no" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://www\.0p\.no/" to="https://0p.no/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/0x.co.xml b/src/chrome/content/rules/0x.co.xml
new file mode 100644
index 000000000000..6439a8e10fc2
--- /dev/null
+++ b/src/chrome/content/rules/0x.co.xml
@@ -0,0 +1,13 @@
+<ruleset name="0x.co">
+
+	<target host="0x.co" />
+	<target host="www.0x.co" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/0x539-dev-group-mismatches.xml b/src/chrome/content/rules/0x539-dev-group-mismatches.xml
deleted file mode 100644
index 4ca45728958c..000000000000
--- a/src/chrome/content/rules/0x539-dev-group-mismatches.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	For rules that are on by default, see 0x539-dev-group.xml.
-
--->
-<ruleset name="0x539 dev group (mismatches)" default_off="mismatch">
-
-	<!--	Cert: hosting.0x539.de	-->
-	<target host="0x539.de" />
-	<!--	Cert: gobby.0x539.de	-->
-	<target host="www.0x539.de" />
-
-
-	<!--	- !www shows hosting's data over https
-		- !www redirects to www over http
-					-->
-	<rule from="^https?://(?:www\.)?0x539\.de/"
-		to="https://www.0x539.de/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/0x539-dev-group.xml b/src/chrome/content/rules/0x539-dev-group.xml
index e60589e682f2..a8a3538c5e62 100644
--- a/src/chrome/content/rules/0x539-dev-group.xml
+++ b/src/chrome/content/rules/0x539-dev-group.xml
@@ -1,16 +1,17 @@
 <!--
-	For problematic rules, see 0x539-dev-group-mismatches.xml.
-
 
 	Nonfunctional subdomains:
 
 		- releases	(shows hosting, CN: hosting)
 
 
-	Problematic subdomains:
+	Fully covered subdomains:
+
+		- gobby		(→ gobby.github.io)
+		- hosting
 
-		- ^		(shows hosting, CN: hosting)
-		- www		(works, CN: gobby)
+
+	(www.)? doesn't exist.
 
 -->
 <ruleset name="0x539 dev group (partial)">
@@ -18,11 +19,16 @@
 	<target host="hosting.0x539.de" />
 	<target host="gobby.0x539.de" />
 
+	<test url="http://gobby.0x539.de/download" />
+
+	<securecookie host="^\w+\.0x539\.de$" name=".+" />
 
-	<securecookie host="^\w+\.0x539\.de$" name=".*" />
 
+	<!--	Redirect drops path and args:      -->
+	<rule from="^http://gobby\.0x539\.de/.*"
+		to="https://gobby.github.io/" />
 
-	<rule from="^http://(gobby|hosting)\.0x539\.de/"
-		to="https://$1.0x539.de/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/0xbadc0de.be.xml b/src/chrome/content/rules/0xbadc0de.be.xml
new file mode 100644
index 000000000000..c3d0f0f31151
--- /dev/null
+++ b/src/chrome/content/rules/0xbadc0de.be.xml
@@ -0,0 +1,46 @@
+<!--
+	Problematic subdomains:
+
+		- (www.)? *
+
+	* Shows libssh.org
+
+
+	Fully covered subdomains:
+
+		- (www.)?	(→ blog)
+		- blog
+		- stats
+
+
+	Mixed content:
+
+		- Images, on blog from:
+
+			- $self ¹
+			- www.cryptosmith.com ²
+			- upload.wikimedia.org ¹
+
+		- Bugs on blog from stats ¹
+
+	¹ Secured by us
+	² Not secured by us <= mismatched
+
+-->
+<ruleset name="0xbadc0de.be">
+
+	<target host=      "0xbadc0de.be" />
+	<target host= "blog.0xbadc0de.be" />
+	<target host="stats.0xbadc0de.be" />
+	<target host=  "www.0xbadc0de.be" />
+
+	<test url=    "http://0xbadc0de.be/?p=67" />
+	<test url="http://www.0xbadc0de.be/?p=67" />
+
+	<rule from="^http://(www\.)?0xbadc0de\.be/"
+		to="https://blog.0xbadc0de.be/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/0xdb.org.xml b/src/chrome/content/rules/0xdb.org.xml
new file mode 100644
index 000000000000..eeebfc8cfacd
--- /dev/null
+++ b/src/chrome/content/rules/0xdb.org.xml
@@ -0,0 +1,59 @@
+<!--
+mail.0xdb.org ¹
+
+
+¹ mismatch
+-->
+<ruleset name="0xdb.org">
+	<target host="0xdb.org" />
+	<target host="www.0xdb.org" />
+	<target host="data.0xdb.org" />
+	<target host="dev.0xdb.org" />
+	<target host="media.0xdb.org" />
+	<target host="other.0xdb.org" />
+	<target host="video0.0xdb.org" />
+	<target host="video1.0xdb.org" />
+	<target host="video10.0xdb.org" />
+	<target host="video11.0xdb.org" />
+	<target host="video12.0xdb.org" />
+	<target host="video13.0xdb.org" />
+	<target host="video14.0xdb.org" />
+	<target host="video15.0xdb.org" />
+	<target host="video16.0xdb.org" />
+	<target host="video17.0xdb.org" />
+	<target host="video18.0xdb.org" />
+	<target host="video19.0xdb.org" />
+	<target host="video2.0xdb.org" />
+	<target host="video20.0xdb.org" />
+	<target host="video21.0xdb.org" />
+	<target host="video22.0xdb.org" />
+	<target host="video23.0xdb.org" />
+	<target host="video24.0xdb.org" />
+	<target host="video25.0xdb.org" />
+	<target host="video26.0xdb.org" />
+	<target host="video27.0xdb.org" />
+	<target host="video28.0xdb.org" />
+	<target host="video29.0xdb.org" />
+	<target host="video3.0xdb.org" />
+	<target host="video30.0xdb.org" />
+	<target host="video31.0xdb.org" />
+	<target host="video32.0xdb.org" />
+	<target host="video33.0xdb.org" />
+	<target host="video34.0xdb.org" />
+	<target host="video35.0xdb.org" />
+	<target host="video36.0xdb.org" />
+	<target host="video37.0xdb.org" />
+	<target host="video38.0xdb.org" />
+	<target host="video39.0xdb.org" />
+	<target host="video4.0xdb.org" />
+	<target host="video40.0xdb.org" />
+	<target host="video41.0xdb.org" />
+	<target host="video5.0xdb.org" />
+	<target host="video6.0xdb.org" />
+	<target host="video7.0xdb.org" />
+	<target host="video8.0xdb.org" />
+	<target host="video9.0xdb.org" />
+	<target host="wiki.0xdb.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/1-800courier.com.xml b/src/chrome/content/rules/1-800courier.com.xml
new file mode 100644
index 000000000000..fb31b46e5001
--- /dev/null
+++ b/src/chrome/content/rules/1-800courier.com.xml
@@ -0,0 +1,14 @@
+<!--
+	Invalid certificate:
+		- blog.1-800courier.com
+		- webmail.1-800courier.com
+
+	Wildcard DNS records:
+		- *.1-800courier.com
+-->
+
+<ruleset name="1-800courier.com">
+	<target host="1-800courier.com" />
+	<target host="www.1-800courier.com" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/1.0.0.1.xml b/src/chrome/content/rules/1.0.0.1.xml
new file mode 100644
index 000000000000..1d46eeb11c6b
--- /dev/null
+++ b/src/chrome/content/rules/1.0.0.1.xml
@@ -0,0 +1,12 @@
+<!--
+	Other Cloudflare rulesets:
+		- Cloudflare.com.xml
+-->
+
+<ruleset name="1.0.0.1">
+	<target host="1.0.0.1" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/1.1.1.1.xml b/src/chrome/content/rules/1.1.1.1.xml
new file mode 100644
index 000000000000..c6249f83c425
--- /dev/null
+++ b/src/chrome/content/rules/1.1.1.1.xml
@@ -0,0 +1,12 @@
+<!--
+	Other Cloudflare rulesets:
+		- Cloudflare.com.xml
+-->
+
+<ruleset name="1.1.1.1">
+	<target host="1.1.1.1" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/100-Gute-Gruende.de.xml b/src/chrome/content/rules/100-Gute-Gruende.de.xml
deleted file mode 100644
index d5e6dfe319be..000000000000
--- a/src/chrome/content/rules/100-Gute-Gruende.de.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="100-gute-gruende.de">
-  <target host="www.100-gute-gruende.de" />
-  <target host="100-gute-gruende.de" />
-
-  <rule from="^http://(www\.)?100-gute-gruende\.de/" to="https://www.100-gute-gruende.de/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/100R.org.xml b/src/chrome/content/rules/100R.org.xml
new file mode 100644
index 000000000000..f79f105d178d
--- /dev/null
+++ b/src/chrome/content/rules/100R.org.xml
@@ -0,0 +1,54 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cf1.100r.org/ => https://cf1.100r.org/: (35, 'error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure')
+Fetch error: http://cf2.100r.org/ => https://cf2.100r.org/: (35, 'error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure')
+Fetch error: http://cf3.100r.org/ => https://cf3.100r.org/: (35, 'error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure')
+Fetch error: http://cf4.100r.org/ => https://cf4.100r.org/: (35, 'error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure')
+Fetch error: http://cf5.100r.org/ => https://cf5.100r.org/: (51, "SSL: no alternative certificate subject name matches target host name 'cf5.100r.org'")
+Fetch error: http://cf6.100r.org/ => https://cf6.100r.org/: (51, "SSL: no alternative certificate subject name matches target host name 'cf6.100r.org'")
+Fetch error: http://cf7.100r.org/ => https://cf7.100r.org/: (51, "SSL: no alternative certificate subject name matches target host name 'cf7.100r.org'")
+Fetch error: http://cf8.100r.org/ => https://cf8.100r.org/: (51, "SSL: no alternative certificate subject name matches target host name 'cf8.100r.org'")
+Fetch error: http://cf9.100r.org/ => https://cf9.100r.org/: (51, "SSL: no alternative certificate subject name matches target host name 'cf9.100r.org'")
+
+	Insecure cookies are set for these hosts:
+
+		- 100r.org
+		- www.100r.org
+
+
+	Mixed content:
+
+		- Bugs on ^ from cdn.printfriendly.com *
+
+	* Secured by us
+
+-->
+<ruleset name="100R.org" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="100r.org" />
+	<target host="cf1.100r.org" />
+	<target host="cf2.100r.org" />
+	<target host="cf3.100r.org" />
+	<target host="cf4.100r.org" />
+	<target host="cf5.100r.org" />
+	<target host="cf6.100r.org" />
+	<target host="cf7.100r.org" />
+	<target host="cf8.100r.org" />
+	<target host="cf9.100r.org" />
+	<target host="www.100r.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?100r\.org$" name="^(?:PHPSESSID|wfvt_\d+)$" /-->
+
+	<securecookie host="^(?:www\.)?100r\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/100_Fans.org.de.xml b/src/chrome/content/rules/100_Fans.org.de.xml
new file mode 100644
index 000000000000..be89dda2c8eb
--- /dev/null
+++ b/src/chrome/content/rules/100_Fans.org.de.xml
@@ -0,0 +1,27 @@
+<!--
+	Insecure cookies are set for these domains and hosts:
+
+		- .100fans.de
+		- www.100fans.de
+
+-->
+<ruleset name="100 Fans.de">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="100fans.de" />
+	<target host="www.100fans.de" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.100fans\.de$" name="^_crowdfunding_session$" /-->
+	<!--securecookie host="^www\.100fans\.de$" name="^XSRF-TOKEN$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/101domain.com.xml b/src/chrome/content/rules/101domain.com.xml
new file mode 100644
index 000000000000..8fbcddd6549c
--- /dev/null
+++ b/src/chrome/content/rules/101domain.com.xml
@@ -0,0 +1,16 @@
+<!--
+	Refused:
+		- portuguese
+		- spanish
+-->
+<ruleset name="101domain.com (partial)">
+	<target host="101domain.com" />
+	<target host="www.101domain.com" />
+	<target host="blog.101domain.com" />
+	<target host="cdn.101domain.com" />
+	<target host="my.101domain.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/101domain.ru.xml b/src/chrome/content/rules/101domain.ru.xml
new file mode 100644
index 000000000000..dd0c68812fb9
--- /dev/null
+++ b/src/chrome/content/rules/101domain.ru.xml
@@ -0,0 +1,8 @@
+<ruleset name="101domain.ru">
+	<target host="101domain.ru" />
+	<target host="www.101domain.ru" />
+	<target host="my.101domain.ru" />
+	<target host="blog.101domain.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/101weiqi.xml b/src/chrome/content/rules/101weiqi.xml
new file mode 100644
index 000000000000..5cad4e7cf343
--- /dev/null
+++ b/src/chrome/content/rules/101weiqi.xml
@@ -0,0 +1,20 @@
+<!--
+	Mismatched:
+		demo.101weiqi.com
+-->
+<ruleset name="101weiqi.com">
+	<!--
+	101weiqi.com use the http://www.qiniu.com/ cloud for some files.
+	However, they do not support https directly and make some mixedcontent problem.
+	Lucky, the host owner has binded domain, so we can redirect them to the main host, which support https.
+	-->
+	<target host="7j1yxi.com1.z0.glb.clouddn.com" />
+	<rule from="^http://7j1yxi\.com1\.z0\.glb\.clouddn\.com/" to="https://www.101weiqi.com/" />
+		<test url="http://7j1yxi.com1.z0.glb.clouddn.com/file/head/2015/7/23/4882_56993_51_2.png" />
+
+	<target host="101weiqi.com" />
+	<target host="www.101weiqi.com" />
+		<test url="http://www.101weiqi.com/login" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/104.com.tw.xml b/src/chrome/content/rules/104.com.tw.xml
new file mode 100644
index 000000000000..5133450c3139
--- /dev/null
+++ b/src/chrome/content/rules/104.com.tw.xml
@@ -0,0 +1,45 @@
+<ruleset name="104.com.tw">
+
+	<target host="104.com.tw" />
+	<target host="www.104.com.tw" />
+	<target host="104learn.104.com.tw" />
+	<target host="ac.104.com.tw" />
+	<target host="accounts.104.com.tw" />
+	<target host="aidma.104.com.tw" />
+	<target host="an9.104.com.tw" />
+	<target host="area.104.com.tw" />
+	<target host="assessment.104.com.tw" />
+	<target host="auth.104.com.tw" />
+	<target host="bubble.104.com.tw" />
+	<target host="career.104.com.tw" />
+	<target host="case.104.com.tw" />
+	<target host="certify.104.com.tw" />
+	<target host="corp.104.com.tw" />
+	<target host="ehr.104.com.tw" />
+	<target host="ehrweb.104.com.tw" />
+	<target host="file.104.com.tw" />
+	<target host="graphicwb.104.com.tw" />
+	<target host="hi.104.com.tw" />
+	<target host="hrs.104.com.tw" />
+	<target host="hunter.104.com.tw" />
+	<target host="iqa.104.com.tw" />
+	<target host="learn.104.com.tw" />
+	<target host="login.104.com.tw" />
+	<target host="m.104.com.tw" />
+	<target host="payment.104.com.tw" />
+	<target host="pda.104.com.tw" />
+	<target host="plus.104.com.tw" />
+	<target host="ppush.104.com.tw" />
+	<target host="pro.104.com.tw" />
+	<target host="screw.104.com.tw" />
+	<target host="social.104.com.tw" />
+	<target host="static.104.com.tw" />
+	<target host="tutor.104.com.tw" />
+	<target host="vip.104.com.tw" />
+	<target host="wage.104.com.tw" />
+	<target host="wow.104.com.tw" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/108-Heroes.xml b/src/chrome/content/rules/108-Heroes.xml
deleted file mode 100644
index 7e340de62be3..000000000000
--- a/src/chrome/content/rules/108-Heroes.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	CN: page.ly
-
--->
-<ruleset name="108-Heroes" default_off="mismatched">
-
-	<target host="108-hero.com" />
-	<target host="www.108-hero.com" />
-
-
-	<securecookie host="^(?:.*\.)?108-hero\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?108-hero\.com/"
-		to="https://108-hero.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/10_Minute_Mail.com.xml b/src/chrome/content/rules/10_Minute_Mail.com.xml
index d7272427f2b4..6d86b1638451 100644
--- a/src/chrome/content/rules/10_Minute_Mail.com.xml
+++ b/src/chrome/content/rules/10_Minute_Mail.com.xml
@@ -1,29 +1,32 @@
 <!--
-	Mixed content:
+	Insecure cookies are set for these domains and hosts:
 
-		- css on ^ from ^ *
+		- 10minutemail.com
+		- .10minutemail.com
 
-		- Images on ^ from ^ *
 
-		- Web bugs, on ^ from:
+	Mixed content:
 
-			- d.delivery45.com **
-			- counter.delivery45.com via d.delivery45.com **
+		- Images on ^ from $self *
 
 	* Secured by us
-	** Unsecurable
 
 -->
-<ruleset name="10 Minute Mail.com (false MCB)" platform="mixedcontent">
+<ruleset name="10 Minute Mail.com">
 
 	<target host="10minutemail.com" />
-	<target host="*.10minutemail.com" />
+	<target host="www.10minutemail.com" />
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^10minutemail\.com$" name="^JSESSIONID$" /-->
+	<!--securecookie host="^\.10minutemail\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
 
 	<securecookie host="^\.?10minutemail\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?10minutemail\.com/"
-		to="https://$110minutemail.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/10antz.co.jp.xml b/src/chrome/content/rules/10antz.co.jp.xml
new file mode 100644
index 000000000000..8ccbde29823b
--- /dev/null
+++ b/src/chrome/content/rules/10antz.co.jp.xml
@@ -0,0 +1,13 @@
+<ruleset name="10antz.co.jp">
+
+	<target host="10antz.co.jp" />
+	<target host="www.10antz.co.jp" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/10dollar.ca.xml b/src/chrome/content/rules/10dollar.ca.xml
new file mode 100644
index 000000000000..2e8209c3eea9
--- /dev/null
+++ b/src/chrome/content/rules/10dollar.ca.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- 10dollar.ca
+		- www.10dollar.ca
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="10 Dollar.ca">
+
+	<target host="10dollar.ca" />
+	<target host="www.10dollar.ca" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?10dollar\.ca$" name="^(?:AWSELB$|PHPSESSID)" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/10gen.xml b/src/chrome/content/rules/10gen.xml
index 62b302a3f6e2..b44f671c38ee 100644
--- a/src/chrome/content/rules/10gen.xml
+++ b/src/chrome/content/rules/10gen.xml
@@ -1,23 +1,41 @@
 <!--
-	Nonfunctional subdomains:
+	Other 10gen rulesets:
 
-		- blog
+		- MongoDB.com.xml
+		- MongoDB.org.xml
+
+
+	Problematic hosts in *10gen.com:
+
+		- blog *
+
+	* Redirect from ($|\?) differs from http
 
 -->
-<ruleset name="10gen">
+<ruleset name="10gen.com">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="10gen.com" />
-	<target host="*.10gen.com" />
-	<target host="jira.mongodb.org" />
+	<target host="mms.10gen.com" />
+	<target host="www.10gen.com" />
 
+	<!--	Complications:
+				-->
+	<target host="blog.10gen.com" />
 
-	<securecookie host="^jira\.mongodb\.org$" name=".*" />
 
+	<!--	Redirect drops args and forward slash:
+							-->
+	<rule from="^http://blog\.10gen\.com/+(?:$|\?.*)"
+		to="https://www.mongodb.com/blog/" />
 
-	<rule from="^http://(mms\.|www\.)?10gen\.com/"
-		to="https://$110gen.com/" />
+		<test url="http://blog.10gen.com/?f" />
+		<test url="http://blog.10gen.com/?o" />
+		<test url="http://blog.10gen.com//?o" />
+		<test url="http://blog.10gen.com/?b" />
 
-	<rule from="^http://jira\.mongodb\.org/"
-		to="https://jira.mongodb.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/1105_Media.com.xml b/src/chrome/content/rules/1105_Media.com.xml
new file mode 100644
index 000000000000..4ff869a9a340
--- /dev/null
+++ b/src/chrome/content/rules/1105_Media.com.xml
@@ -0,0 +1,46 @@
+
+<!--
+The following targets have been disabled at 2020-04-17 18:38:06:
+
+Fetch error: http://www.1105media.com/ => https://www.1105media.com/: (60, 'SSL certificate problem: self signed certificate in certificate chain')
+
+	Other 1105 Media rulesets:
+
+		- ADTmag.com.xml
+		- AWSInsider.net.xml
+		- campustechnology.com.xml
+		- ESJ.com.xml
+		- FCW.com.xml
+		- MCPmag.com.xml
+		- RCPmag.com.xml
+		- Redmondmag.com.xml
+		- Virtualization_Review.com.xml
+
+
+	Insecure cookies are set for these hosts:
+
+		- 1105media.com
+		- design.1105media.com
+		- www.1105media.com
+
+-->
+<ruleset name="1105 Media.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="1105media.com" />
+	<target host="design.1105media.com" />
+	<!-- target host="www.1105media.com" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:design\.|www\.)?1105media\.com$" name="^BIGipServer" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/112-akersloot.nl.xml b/src/chrome/content/rules/112-akersloot.nl.xml
new file mode 100644
index 000000000000..6d7bb589b737
--- /dev/null
+++ b/src/chrome/content/rules/112-akersloot.nl.xml
@@ -0,0 +1,7 @@
+<ruleset name="112-akersloot.nl">
+	<target host="112-akersloot.nl" />
+	<target host="www.112-akersloot.nl" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/112-uitgeest.nl.xml b/src/chrome/content/rules/112-uitgeest.nl.xml
new file mode 100644
index 000000000000..17ba4c4f4589
--- /dev/null
+++ b/src/chrome/content/rules/112-uitgeest.nl.xml
@@ -0,0 +1,7 @@
+<ruleset name="112-uitgeest.nl">
+	<target host="112-uitgeest.nl" />
+	<target host="www.112-uitgeest.nl" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/112_Cafe.com.xml b/src/chrome/content/rules/112_Cafe.com.xml
new file mode 100644
index 000000000000..816d6e62f06d
--- /dev/null
+++ b/src/chrome/content/rules/112_Cafe.com.xml
@@ -0,0 +1,22 @@
+<!--
+	- Cert only matches www.112cafe.com
+	- www redirects to !www
+
+
+	Mixed content:
+
+		- Images from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="112 Cafe.com" default_off="mismatched, self-signed">
+
+	<target host="112cafe.com" />
+	<target host="www.112cafe.com" />
+
+
+	<rule from="^http://(?:www\.)?112cafe\.com/"
+		to="https://112cafe.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/115.com.xml b/src/chrome/content/rules/115.com.xml
new file mode 100644
index 000000000000..c714d24d7c2f
--- /dev/null
+++ b/src/chrome/content/rules/115.com.xml
@@ -0,0 +1,50 @@
+<!--
+	Issues after login:
+		Only http by server:
+			- ^115.com
+		Use Mismatch sources https://static.115cdn.com/static/pc/d_155.html
+			- home.115.com
+		Refresh home page continued:
+			- msg.115.com
+			- q.115.com
+
+	MCB:
+		help.115.com
+
+	Mismatch:
+		tj.data.115.com
+
+		static.115cdn.com
+
+	Time out:
+		tool.115.com
+
+		assets.115img.com
+		static.115img.com
+-->
+
+<ruleset name="115.com (partial)">
+	<target host="www.115.com" />
+	<target host="assets.115.com" />
+	<target host="avatar.115.com" />
+	<target host="b.115.com" />
+	<target host="data.115.com" />
+	<target host="down.115.com" />
+	<target host="feedback.115.com" />
+	<target host="go.115.com" />
+	<target host="im35.115.com" />
+	<target host="m.115.com" />
+	<target host="my.115.com" />
+	<target host="note.115.com" />
+	<target host="passport.115.com" />
+	<target host="pay.115.com" />
+	<target host="pc.115.com" />
+	<target host="static.115.com" />
+	<target host="thumb.115.com" />
+	<target host="thumbapi.115.com" />
+	<target host="vip.115.com" />
+	<target host="y.115.com" />
+	<target host="yun.115.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/1177.se.xml b/src/chrome/content/rules/1177.se.xml
index 8932d9a2b05c..bd41f6d2564f 100644
--- a/src/chrome/content/rules/1177.se.xml
+++ b/src/chrome/content/rules/1177.se.xml
@@ -1,14 +1,60 @@
-<!--
-	Cert only matches *.1177.se
+<!-- Problematic subdomains: 
+		
+		Certificate errors:
+			- blogg.1177.se
+			- personal.formular.1177.se
+			- professional.pep.1177.se
+			- sit.sob.1177.se
+			- acc.hogkostnadsskydd.1177.se
+		
+		Time-out:	
+			- kontaktkortsadmin.1177.se 
 
+		Connection refused:
+			- netscaler.beta.1177.se
+		
+		Redirects to non-working sites: 
+			- sit.personal.formular.1177.se 
+			- sit.formular.1177.se
 -->
-<ruleset name="1177.se">
-
-	<target host="1177.se" />
-	<target host="www.1177.se" />
-
-
-	<rule from="^http://(?:www\.)?1177\.se/"
-		to="https://www.1177.se/" />
 
+<ruleset name="1177.se">
+	<target host="1177.se"/>
+	<target host="www.1177.se"/>
+	<target host="e-tjanster.1177.se"/>
+	<target host="at.e-tjanster.1177.se"/>
+	<target host="dev.e-tjanster.1177.se"/>
+	<target host="st.e-tjanster.1177.se"/>
+	<target host="anatomiskatlas.1177.se"/>
+	<target host="arende.1177.se"/>
+	<target host="acc.arende.1177.se"/>
+	<target host="personal.arende.1177.se"/>
+	<target host="acc.personal.arende.1177.se"/>
+	<target host="sys.personal.arende.1177.se"/>
+	<target host="sys.arende.1177.se"/>
+	<target host="formular.1177.se"/>
+	<target host="qa.formular.1177.se"/>
+	<target host="hogkostnadsskydd.1177.se"/>
+	<target host="journalen.1177.se"/>
+	<target host="lakemedelsnara.1177.se"/>
+	<target host="media.1177.se"/>
+	<target host="pep.1177.se"/>
+	<target host="personal.1177.se"/>
+	<target host="redaktor.1177.se"/>
+	<target host="sob.1177.se"/>
+	<target host="at.sob.1177.se"/>
+	<target host="dv.at.sob.1177.se"/>
+	<target host="personal.at.sob.1177.se"/>
+	<target host="dv.personal.at.sob.1177.se"/>
+	<target host="personal2.at.sob.1177.se"/>
+	<target host="demo.sob.1177.se"/>
+	<target host="dv.sob.1177.se"/>
+	<target host="personal.sob.1177.se"/>
+	<target host="rokfri.1177.se"/>
+	<target host="selftest.1177.se"/>
+	<target host="tidbokning.1177.se"/>
+	<target host="acc.tidbokning.1177.se"/>
+	<target host="vaga-beratta.1177.se"/>
+	
+	<rule from="^http:" to="https:"/>
 </ruleset>
diff --git a/src/chrome/content/rules/118-Information.xml b/src/chrome/content/rules/118-Information.xml
index 94bfaf0e8bd5..0db459913b72 100644
--- a/src/chrome/content/rules/118-Information.xml
+++ b/src/chrome/content/rules/118-Information.xml
@@ -4,17 +4,17 @@
 		- (www.)my118information.co.uk	(times out)
 
 -->
-<ruleset name="118 Information (partial)" default_off="mismatch">
+<ruleset name="118 Information (partial)" default_off="mismatched">
 
 	<!--	Cert: *.hosts.co.uk	-->
 	<target host="118information.co.uk" />
 	<target host="www.118information.co.uk" />
 
 
-	<securecookie host="^118information\.co\.uk$" name=".*" />
+	<securecookie host="^118information\.co\.uk$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?118information\.co\.uk/"
+	<rule from="^http://(?:www\.)?118information\.co\.uk/"
 		to="https://118information.co.uk/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/11_Main.com.xml b/src/chrome/content/rules/11_Main.com.xml
new file mode 100644
index 000000000000..583a3d1e96e1
--- /dev/null
+++ b/src/chrome/content/rules/11_Main.com.xml
@@ -0,0 +1,31 @@
+<!--
+	Insecure cookies are set for these domains and hosts:
+
+		- .11main.com
+		- press.11main.com
+
+-->
+<ruleset name="11 Main.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="11main.com" />
+	<target host="careers.11main.com" />
+	<target host="images.11main.com" />
+	<target host="press.11main.com" />
+	<target host="windowshopping.11main.com" />
+	<target host="www.11main.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.11main\.com$" name="^(?:__RequestVerificationToken|gate|sessid)$" /-->
+	<!--securecookie host="^press\.11main\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/11footballclub.xml b/src/chrome/content/rules/11footballclub.xml
index 7075bef9a40b..44ad5fddb611 100644
--- a/src/chrome/content/rules/11footballclub.xml
+++ b/src/chrome/content/rules/11footballclub.xml
@@ -1,13 +1,21 @@
-<ruleset name="11footballclub">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://11footballclub.com/ => https://11footballclub.com/: (35, 'Unknown SSL protocol error in connection to 11footballclub.com:443 ')
+Fetch error: http://cdn.11footballclub.com/ => https://cdn.11footballclub.com/: (7, 'Failed to connect to cdn.11footballclub.com port 443: Connection refused')
+Fetch error: http://www.11footballclub.com/ => https://www.11footballclub.com/: (35, 'Unknown SSL protocol error in connection to www.11footballclub.com:443 ')
+
+-->
+<ruleset name="11footballclub" default_off="failed ruleset test">
 
 	<target host="11footballclub.com" />
-	<target host="*.11footballclub.com" />
+	<target host="cdn.11footballclub.com" />
+	<target host="www.11footballclub.com" />
 
 
 	<securecookie host="^\.11footballclub\.com$" name=".+" />
 
 
-	<rule from="^http://(cdn\.|www\.)?11footballclub\.com/"
-		to="https://$111footballclub.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/11street.my.xml b/src/chrome/content/rules/11street.my.xml
new file mode 100644
index 000000000000..1672cbf1f5e2
--- /dev/null
+++ b/src/chrome/content/rules/11street.my.xml
@@ -0,0 +1,40 @@
+<!--
+	Non-functional subdomains:
+		- apm	(t)
+		- blog	(t)
+		- ems	(t)
+		- jira	(t)
+		- res	(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+
+	Mixed content:
+		- Images from 11st.my *
+
+	* Secured by us
+-->
+<ruleset name="11street Malaysia">
+
+	<target host="11street.my" />
+	<target host="www.11street.my" />
+	<target host="cn-soffice.11street.my" />
+	<target host="enews.11street.my" />
+	<target host="image.11street.my" />
+	<target host="m.11street.my" />
+	<target host="promotion.11street.my" />
+	<target host="promotion-assets.11street.my" />
+	<target host="sellerzone.11street.my" />
+	<target host="soffice.11street.my" />
+	<target host="store.11street.my" />
+
+	<target host="image.11st.my" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/123-reg.xml b/src/chrome/content/rules/123-reg.xml
index 3b85b97b6f44..d29487376f73 100644
--- a/src/chrome/content/rules/123-reg.xml
+++ b/src/chrome/content/rules/123-reg.xml
@@ -1,11 +1,18 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://ssllin1.123-secure.com/ (200) => https://ssllin1.123-secure.com/ (404)
+
+-->
 <ruleset name="123-reg">
 
 	<target host="123-reg.co.uk" />
 	<target host="*.123-reg.co.uk" />
-	<target host="ssllin1.123-secure.com" />
-
+    <test url="http://pophost.123-reg.co.uk/" />
+    <test url="http://sso.123-reg.co.uk/" />
+    <test url="http://dav.123-reg.co.uk/" />
 
-	<securecookie host="^.*\.123-reg\.co\.uk$" name=".*" />
+	<securecookie host="^.*\.123-reg\.co\.uk$" name=".+" />
 
 
 	<!--	Cert: fusion.webfusion-secure.co.uk, redirects
@@ -15,21 +22,15 @@
 
 		NB: This rule must remain above the next one.
 				-->
-	<rule from="^https?://inside\.123-reg\.co\.uk/"
+	<rule from="^http://inside\.123-reg\.co\.uk/"
 		to="https://www.123-reg.co.uk/blog/" />
+    <test url="http://inside.123-reg.co.uk/blog/online-marketing/podcasts-vs-youtube-videos-business/" />
 
-	<!--	Observed subdomains:
-
-			- img1
-			- img2
-			- static
-			- webmail
-			- www
-				-->
-	<rule from="^http://(\w+\.)?123-reg\.co\.uk/"
-		to="https://$1123-reg.co.uk/" />
-
-	<rule from="^http://ssllin1\.123-secure\.com/"
+	<!--
+    Removed due to bad request on HTTPS
+    <rule from="^http://ssllin1\.123-secure\.com/"
 		to="https://ssllin1.123-secure.com/" />
+  -->
 
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/123ContactForm.com.xml b/src/chrome/content/rules/123ContactForm.com.xml
new file mode 100644
index 000000000000..69f4e95344f8
--- /dev/null
+++ b/src/chrome/content/rules/123ContactForm.com.xml
@@ -0,0 +1,14 @@
+<ruleset name="123ContactForm.com">
+
+	<target host="123contactform.com" />
+	<target host="www.123contactform.com" />
+
+
+	<securecookie host="^\." name="^_gat?$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/123Count.com.xml b/src/chrome/content/rules/123Count.com.xml
index f8965949917b..59423203ca8d 100644
--- a/src/chrome/content/rules/123Count.com.xml
+++ b/src/chrome/content/rules/123Count.com.xml
@@ -1,19 +1,42 @@
 <!--
-	Problematic subdomains:
+	^123count.com: Mismatched
 
-		- ^	(mismatched, CN: www.web-stat.com)
+
+	Insecure cookies are set for these domains:
+
+		- .123count.com
+
+
+	Mixed content:
+
+		- css from fonts.googleapis.com *
+		- Images from [\da-f-]+.r\d+.cf\d.rackcdn.com *
+
+	* Secured by us
 
 -->
 <ruleset name="123Count.com">
 
+	<!--	Direct rewrites:
+				-->
+	<target host="www.123count.com" />
+
+	<!--	Complications:
+				-->
 	<target host="123count.com" />
-	<target host="*.123count.com" />
 
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.123count\.com$" name="^(?:accept_cookies|wixmap_1)$" /-->
+
 	<securecookie host="^\.123count\.com$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?123count\.com/"
+	<rule from="^http://123count\.com/"
 		to="https://www.123count.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/123RF.xml b/src/chrome/content/rules/123RF.xml
index 44435ad6e4c4..afc97a790c86 100644
--- a/src/chrome/content/rules/123RF.xml
+++ b/src/chrome/content/rules/123RF.xml
@@ -8,19 +8,25 @@
 			- static.123rf.com
 
 -->
-<ruleset name="123RF">
+<ruleset name="123RF.com">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="123rf.com" />
-	<target host="*.123rf.com" />
+	<target host="www.123rf.com" />
 
+	<!--	Complications:
+				-->
+	<target host="static.123rf.com" />
 
-	<securecookie host="^.*\.123rf\.com$" name=".+" />
 
+	<securecookie host=".*\.123rf\.com$" name=".+" />
 
-	<rule from="^http://(www\.)?123rf\.com/"
-		to="https://$1123rf.com/" />
 
-	<rule from="^https?://static\.123rf\.com/"
+	<rule from="^http://static\.123rf\.com/"
 		to="https://d3klshmqqidl5x.cloudfront.net/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/123domain.eu.xml b/src/chrome/content/rules/123domain.eu.xml
new file mode 100644
index 000000000000..4334bee0ec97
--- /dev/null
+++ b/src/chrome/content/rules/123domain.eu.xml
@@ -0,0 +1,34 @@
+<!--
+  Refused:
+    - kz-hosting
+
+  Mismatched:
+    - smtp1.mail
+    - smtp2.mail
+
+  Timeout:
+    - qs
+    - www.qs
+
+  HTTP != HTTPS:
+    - relaunch
+
+  Incomplete certificate chain:
+    - whois
+-->
+<ruleset name="123domain.eu">
+	<target host="123domain.eu" />
+	<target host="www.123domain.eu" />
+	<target host="cloud.123domain.eu" />
+	<target host="demo.123domain.eu" />
+	<target host="imap.123domain.eu" />
+	<target host="mail.123domain.eu" />
+	<target host="my.123domain.eu" />
+	<target host="piwik.123domain.eu" />
+	<target host="pop.123domain.eu" />
+	<target host="service.123domain.eu" />
+	<target host="smtp.123domain.eu" />
+	<target host="webmail.123domain.eu" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/123eHost.com.xml b/src/chrome/content/rules/123eHost.com.xml
index 739ba06e7c9d..c8e7e7c98cbc 100644
--- a/src/chrome/content/rules/123eHost.com.xml
+++ b/src/chrome/content/rules/123eHost.com.xml
@@ -1,19 +1,58 @@
-<ruleset name="123eHost.com">
+<!--
+	^123ehost.com: Mismatched
+
+
+	Mixed content:
+
+		- Images on www from 123ehost.com *
+
+	* Secured by us
+
+-->
+<ruleset name="123eHost.com (partial)">
 
 	<target host="123ehost.com" />
 	<target host="www.123ehost.com" />
-	<target host="drive29.mywwwserver.com" />
-	<target host="drive7000.station030.com" />
 
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.123ehost\.com/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.123ehost\.com/+(?!(?:business-hosting-signup|support-ticket|website-design-quote)(?:$|[?/])|cpanel-webmailLogin\.html|favicon\.ico|passwordrecovery\.htm|wp-content/|wp-includes/)" />
 
-	<!--	Cert only matches www.	-->
-	<rule from="^https?://(?:www\.)?123ehost\.com/"
-		to="https://www.123ehost.com/" />
+			<!--	+ve:
+					-->
+			<test url="http://www.123ehost.com/about-us/" />
+			<test url="http://www.123ehost.com/contact-us/" />
+			<test url="http://www.123ehost.com/domain-registration/" />
+			<test url="http://www.123ehost.com/help/" />
+			<test url="http://www.123ehost.com/order-web-hosting/" />
+			<test url="http://www.123ehost.com/services/" />
+			<test url="http://www.123ehost.com/ssl-certs/" />
+			<test url="http://www.123ehost.com/video-tutorials/" />
+			<test url="http://www.123ehost.com/web-hosting-renewals/" />
+			<test url="http://www.123ehost.com/webhostingservices/" />
+			<test url="http://www.123ehost.com/website-design-services/" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.123ehost.com/business-hosting-signup" />
+			<test url="http://www.123ehost.com/cpanel-webmailLogin.html" />
+			<test url="http://www.123ehost.com/favicon.ico" />
+			<test url="http://www.123ehost.com/passwordrecovery.htm" />
+			<test url="http://www.123ehost.com/support-ticket" />
+			<test url="http://www.123ehost.com/website-design-quote" />
+			<test url="http://www.123ehost.com/wp-content/plugins/Ultimate_VC_Addons/assets/css/swatchbook.css" />
+			<test url="http://www.123ehost.com/wp-content/themes/resort/style.css" />
+			<test url="http://www.123ehost.com/wp-content/uploads/smile_fonts/Defaults/Defaults.css" />
 
-	<rule from="^http://drive29\.mywwwserver\.com/"
-		to="https://drive29.mywwwserver.com/" />
 
-	<rule from="^http://drive7000\.station030\.com/"
-		to="https://drive7000.station030.com/" />
+	<rule from="^http://123ehost\.com/"
+		to="https://www.123ehost.com/" />
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/123systems.xml b/src/chrome/content/rules/123systems.xml
index 15c048b453bc..dec65718a502 100644
--- a/src/chrome/content/rules/123systems.xml
+++ b/src/chrome/content/rules/123systems.xml
@@ -1,15 +1,42 @@
 <!--
-	There's no mixed content, with or without us.
+	Mixed content:
+
+		- css from fonts.googleapis.com *
+
+	* Secured by us
 
 -->
-<ruleset name="123systems">
-  <target host="123systems.net"/>
-  <target host="*.123systems.net"/>
+<ruleset name="123systems.net (partial)">
+
+	<target host="123systems.net" />
+	<target host="www.123systems.net" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://(www\.)?123systems\.net/($|css/|favicon\.ico|images/)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://(?:www\.)?123systems\.net/+(?!billing(?:$|[?/]))" />
+
+			<!--	-ve:
+					-->
+			<test url="http://123systems.net/favicon.ico" />
+			<test url="http://123systems.net/reseller.html" />
+			<test url="http://www.123systems.net/favicon.ico" />
+			<test url="http://www.123systems.net/reseller.html" />
+
+			<!--	-ve:
+					-->
+			<test url="http://123systems.net/billing" />
+			<test url="http://www.123systems.net/billing" />
+
 
+	<!--securecookie host="^\.?123systems\.net$" name=".+" /-->
 
-	<securecookie host="^\.?123systems\.net$" name=".+" />
 
+	<rule from="^http:"
+		to="https:" />
 
-  <rule from="^http://(www\.)?123systems\.net/" to="https://$1123systems.net/"/>
 </ruleset>
 <!-- Rule generated by HTTPS Finder 0.77 -->
diff --git a/src/chrome/content/rules/126.com.xml b/src/chrome/content/rules/126.com.xml
new file mode 100644
index 000000000000..da0c9639946c
--- /dev/null
+++ b/src/chrome/content/rules/126.com.xml
@@ -0,0 +1,20 @@
+<!--
+	MCB:
+		help.mail.126.com	(Only break ads)
+-->
+<ruleset name="126.com">
+	<target host="126.com" />
+	<target host="www.126.com" />
+	<target host="mail.126.com" />
+	<target host="cards.mail.126.com" />
+	<target host="help.mail.126.com" />
+	<target host="ssl.mail.126.com" />
+	<target host="ming.126.com" />
+	<target host="passport.126.com" />
+	<target host="vip.126.com" />
+	<target host="cards.vip.126.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/126.net.xml b/src/chrome/content/rules/126.net.xml
new file mode 100644
index 000000000000..b2a22113a66e
--- /dev/null
+++ b/src/chrome/content/rules/126.net.xml
@@ -0,0 +1,59 @@
+<!--
+	502: May avaiable in China, however get 502 errors by Tor.
+		imglf(\d).ph.126.net
+		imgsize.ph.126.net
+		lofter.ph.126.net			Equal to imglf\d+.ph.126.net
+
+	Mismatch:
+		s2.open.126.net				Equal to s2.open.163.com
+		img.ph.126.net				Equal to lofter.ph.126.net
+		imglf.ph.126.net
+		music.ph.126.net			https://music.ph.126.net/ph.js
+		file.ws.stu.126.net
+
+	Redirect to http:
+		easyread.ph.126.net
+
+	Refuse to connect:
+		m10.music.126.net			(Outside China)
+-->
+<ruleset name="126.net">
+	<target host="l.bst.126.net" />
+		<test url="http://l.bst.126.net/rsc/img/weibo.png" />
+	<target host="img3.126.net" />
+		<test url="http://img3.126.net/kaola/150512/js/jquery-1.4.2.js" />
+	<target host="img1.money.126.net" />
+		<test url="http://img1.money.126.net/data/hs/time/today/0000001.json" />
+	<target host="img2.money.126.net" />
+	<target host="d1.music.126.net" />
+	<target host="d2.music.126.net" />
+	<target host="p1.music.126.net" />
+		<test url="http://p1.music.126.net/5QxEuxegyf6w6A8xaH4fwA==/18732379604094419.jpg" />
+	<target host="p2.music.126.net" />
+	<target host="p3.music.126.net" />
+	<target host="p4.music.126.net" />
+	<target host="s1.music.126.net" />
+		<!-- too big to test url="http://s1.music.126.net/download/android/CloudMusic_official_3.8.0_166749.apk" /-->
+	<target host="s2.music.126.net" />
+	<target host="s3.music.126.net" />
+	<target host="s4.music.126.net" />
+	<target host="*.nosdn0.126.net" />
+		<test url="http://imglf3.nosdn0.126.net/img/WFU1VmZJa3UxeFltWTJ4ZDNOZDU4NXRmUFVLR1lXS1gySnpVQ2JObm95VjZjQjNGWVBjU2x3PT0.jpg" />
+		<test url="http://imglf4.nosdn0.126.net/img/WFU1VmZJa3UxeFltWTJ4ZDNOZDU4M2wwT05lSzRHZjZkN2RTOFMxOEFPVGRjTmlQdkRIcDlBPT0.jpg" />
+		<test url="http://imglf6.nosdn0.126.net/img/WFU1VmZJa3UxeFltWTJ4ZDNOZDU4K3VuTEdoMmZZcGJzR2YyMFdidWlsVFBlNWwzMlkzZTFnPT0.jpg" />
+	<target host="cst.stu.126.net" />
+		<test url="http://cst.stu.126.net/u/js/cms/reuglar.0.3.1.js" />
+	<target host="ct.stu.126.net" />
+	<target host="jdvodluwytr3t.vod.126.net" />
+	<target host="file.ws.126.net" />
+		<test url="http://file.ws.126.net/3g/client/netease_newsreader_android.apk" />
+	<target host="yuedust.yuedu.126.net" />
+
+	<!--	Mismatched:	-->
+	<target host="s2.open.126.net" />
+	<rule from="^http://s2\.open\.126\.net/"
+			to="https://s2.open.163.com/" />
+		<test url="http://s2.open.126.net/ocb/css/style.css" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/127.net.xml b/src/chrome/content/rules/127.net.xml
new file mode 100644
index 000000000000..afafbb9c6579
--- /dev/null
+++ b/src/chrome/content/rules/127.net.xml
@@ -0,0 +1,68 @@
+<!--
+	Cert error:
+		^
+		www.127.net
+
+		get test url in mail.163.com:
+			cp.127.net
+			ep.127.net
+			tp.127.net
+			gzcp.127.net
+			gzep.127.net
+			gztp.127.net
+			hzp.127.net
+-->
+
+<ruleset name="127.net">
+
+	<target host="mimg.127.net" />
+		<test url="http://mimg.127.net/index/lib/scripts/base_v5.min.js" />
+
+	<target host="cms-bucket.nosdn.127.net" />
+		<test url="http://cms-bucket.nosdn.127.net/9e1007e6ceb2443990fac196c10912dd20161002093223.jpeg" />
+
+	<target host="easyreadfs.nosdn.127.net" />
+		<test url="http://easyreadfs.nosdn.127.net/z4pNA0BvDRZE4kD_WDwQ5Q==/8796093023255353372" />
+
+	<target host="edu-image.nosdn.127.net" />
+		<test url="http://edu-image.nosdn.127.net/030b6873-0ccb-430d-a068-6a39f88abd11.jpg" />
+
+	<target host="imglf.nosdn.127.net" />
+		<test url="http://imglf.nosdn.127.net/img/T0VLUWtpQlNHSmVHYlM0QU01cElqRE0vM09ETzRKTEtjK3hROFpqSk9QMm1GWXlaL2EwQ1hBPT0.jpeg" />
+
+	<target host="imglf0.nosdn.127.net" />
+		<test url="http://imglf0.nosdn.127.net/img/SS9BOUErVTdaNTNOMi9hVk50U0t2cUZ2eVQvOWZRMFdsSElYV0o2ZDIxU2lxdkNZM25qMVl3PT0.jpg" />
+
+	<target host="imglf1.nosdn.127.net" />
+		<test url="http://imglf1.nosdn.127.net/img/Y0N3cWN5LzNBY3pPaGRhd3VTWFRqSCtSaER4MFNIT0paanBkRjQ3b251SkxUbnFoajkvN2xnPT0.jpg" />
+
+	<target host="imglf2.nosdn.127.net" />
+		<test url="http://imglf2.nosdn.127.net/img/dHpYYnhNNG03U1dybWdVN293WWZia25SNmhRaUNVOW8.jpg" />
+
+	<target host="lovepicture.nosdn.127.net" />
+		<test url="http://lovepicture.nosdn.127.net/2234303933346505348" />
+
+	<target host="mail-userthumb.nosdn.127.net" />
+		<test url="http://mail-userthumb.nosdn.127.net/f67aa1965c10333f78d75e98833c54d3.jpg" />
+
+	<target host="nisp-captcha.nosdn.127.net" />
+		<test url="http://nisp-captcha.nosdn.127.net/1470914761157_576050860" />
+
+	<target host="onegoods.nosdn.127.net" />
+		<test url="http://onegoods.nosdn.127.net/goods/2491/d0f896aac597931a5429d32d57267793.jpg" />
+
+	<target host="open-image.nosdn.127.net" />
+		<test url="http://open-image.nosdn.127.net/b16f89fd2e31407ab4dbf249243ce550.jpg" />
+
+	<target host="ursdoccdn.nosdn.127.net" />
+		<test url="http://ursdoccdn.nosdn.127.net/webzj_m163/message_2016072801.js" />
+
+	<target host="haitao.nosdn1.127.net" />
+	<target host="haitao.nosdn2.127.net" />
+	<target host="haitao.nosdn3.127.net" />
+	<target host="haitao.nosdn4.127.net" />
+	<target host="haitao.nosdn5.127.net" />
+		<test url="http://haitao.nosdn5.127.net/onlineipfe50u411092.jpg" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/12_Foot_Hedgehog.com.xml b/src/chrome/content/rules/12_Foot_Hedgehog.com.xml
deleted file mode 100644
index d836cdf70b26..000000000000
--- a/src/chrome/content/rules/12_Foot_Hedgehog.com.xml
+++ /dev/null
@@ -1,30 +0,0 @@
-<!--
-	12-Foot Hedgehog Productions
-
-
-	- Expired 2012-04-27
-	- Cert only matches www
-
-
-	Mixed content:
-
-		- css on www from www *
-		- images on www from www *
-
-	* Secured by us
-
-
-	NB: We secure all resources, and thus
-	platform should be removed with Ffx 24.
-
--->
-<ruleset name="12 Foot Hedgehog.com" default_off="expired, self-signed" platform="mixedcontent">
-
-	<target host="12foothedgehog.com" />
-	<target host="www.12foothedgehog.com" />
-
-
-	<rule from="^http://(?:www\.)?12foothedgehog\.com/"
-		to="https://www.12foothedgehog.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/131002.net.xml b/src/chrome/content/rules/131002.net.xml
index 0a6ad0826ac8..bd12e5baeacb 100644
--- a/src/chrome/content/rules/131002.net.xml
+++ b/src/chrome/content/rules/131002.net.xml
@@ -1,10 +1,12 @@
 <ruleset name="131002.net">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="131002.net" />
 	<target host="www.131002.net" />
 
 
-	<rule from="^http://(www\.)?131002\.net/"
-		to="https://$1131002.net/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/1337x.to.xml b/src/chrome/content/rules/1337x.to.xml
new file mode 100644
index 000000000000..04060f907fe0
--- /dev/null
+++ b/src/chrome/content/rules/1337x.to.xml
@@ -0,0 +1,32 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .1337x.to
+
+
+	Mixed content:
+
+		- Images from lx1.dyncdn.cc *
+
+	* Secured by us
+
+-->
+<ruleset name="1337x.to">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="1337x.to" />
+	<target host="www.1337x.to" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.1337x\.to$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.1337x\.to$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/1431am.org.xml b/src/chrome/content/rules/1431am.org.xml
new file mode 100644
index 000000000000..c047e970c5ff
--- /dev/null
+++ b/src/chrome/content/rules/1431am.org.xml
@@ -0,0 +1,20 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://1431am.org/ => https://1431am.org/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.1431am.org/ => https://www.1431am.org/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="1431am.org" default_off="failed ruleset test">
+
+	<target host="1431am.org" />
+	<target host="www.1431am.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/15Mcc.xml b/src/chrome/content/rules/15Mcc.xml
deleted file mode 100644
index 28a1986c6f64..000000000000
--- a/src/chrome/content/rules/15Mcc.xml
+++ /dev/null
@@ -1,5 +0,0 @@
-<ruleset name="Wiki.15m.cc">
-  <target host="wiki.15m.cc" />
-
-  <rule from="^http://wiki\.15m\.cc/" to="https://wiki.15m.cc/" />
-</ruleset>
diff --git a/src/chrome/content/rules/15Mpedia.xml b/src/chrome/content/rules/15Mpedia.xml
new file mode 100644
index 000000000000..676fafe4bf62
--- /dev/null
+++ b/src/chrome/content/rules/15Mpedia.xml
@@ -0,0 +1,11 @@
+<ruleset name="15Mpedia">
+
+	<target host="15mpedia.org" />
+	<target host="www.15mpedia.org" />
+
+  	<securecookie host="^(www\.)?15mpedia\.org$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/16163.com.xml b/src/chrome/content/rules/16163.com.xml
new file mode 100644
index 000000000000..47fef755bfd6
--- /dev/null
+++ b/src/chrome/content/rules/16163.com.xml
@@ -0,0 +1,27 @@
+<!--
+	Mismatch:
+		^	( equal to www. )
+
+	MCB:
+		(gamename).16163.com/$
+-->
+
+<ruleset name="16163.com">
+	<target host="16163.com" />
+
+	<rule from="^http://16163\.com/" to="https://www.16163.com/" />
+
+	<rule from="^http://(www|app|bbs|m)\.16163\.com/" to="https://$1.16163.com/" />
+
+	<!-- MCB: -->
+	<target host="*.16163.com" />
+		<test url="http://cc.16163.com/forum-10-1.html" />
+		<test url="http://cc.16163.com/?101873" />
+		<test url="http://mwsj.16163.com/static/js/common.js" />
+		<test url="http://stzb.16163.com/static/image/common/chart.png" />
+
+	<exclusion pattern="^http://cc\.16163\.com/forum\.php$" />
+		<test url="http://cc.16163.com/forum.php" />
+
+	<rule from="^http://(\w+)\.16163\.com/(\S+)" to="https://$1.16163.com/$2" />
+</ruleset>
diff --git a/src/chrome/content/rules/163.com-mixedcontent.xml b/src/chrome/content/rules/163.com-mixedcontent.xml
new file mode 100644
index 000000000000..891b9b795035
--- /dev/null
+++ b/src/chrome/content/rules/163.com-mixedcontent.xml
@@ -0,0 +1,9 @@
+<!--
+	For rules not causing problems, see 163.com.xml.
+-->
+<ruleset name="163.com-mixedcontent" platform="mixedcontent">
+	<target host="live.163.com" />
+	<target host="i.money.163.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/163.com.xml b/src/chrome/content/rules/163.com.xml
new file mode 100644
index 000000000000..872e04b916a6
--- /dev/null
+++ b/src/chrome/content/rules/163.com.xml
@@ -0,0 +1,134 @@
+<!--
+	For rules causing MCB, see 163.com-mixedcontent.xml.
+
+	503:
+		gamer.163.com
+		zh.163.com
+
+	Mixmatched:
+		support.dun.163.com
+		img.nie.163.com
+		res.nie.163.com
+		qiye.163.com
+		sitemap.163.com
+
+	Redirect to http:
+		developer.163.com
+		rec.g.163.com		http://rec.g.163.com/kaolaadclick/api/dsp/show.s
+		app.yuedu.163.com
+
+	Refused:
+		corp.163.com
+		gb.corp.163.com
+		data.163.com
+		digi.163.com
+		e.163.com
+		emarketing.163.com
+		ent.163.com
+		hr.game.163.com
+		home.163.com
+		men.163.com
+		news.163.com
+		pay.163.com
+		sports.163.com
+		tech.163.com
+		v.163.com
+		vhouse.163.com
+		view.163.com
+		yuehui.163.com
+
+	Timeout:
+		^					https://travis-ci.org/EFForg/https-everywhere/jobs/522370910#L639
+		fankui.163.com		https://travis-ci.org/github/EFForg/https-everywhere/jobs/666649722#L409
+		game.campus.163.com
+		18.mail.163.com		https://travis-ci.org/EFForg/https-everywhere/jobs/522370910#L640
+		pimg.163.com		https://travis-ci.org/EFForg/https-everywhere/jobs/522370910#L641
+		chat.study.163.com	https://travis-ci.org/EFForg/https-everywhere/jobs/522379611#L653
+-->
+<ruleset name="163.com">
+	<!-- Directly: -->
+	<target host="www.163.com" />
+	<target host="1.163.com" />
+	<target host="3g.163.com" />
+	<target host="adgeo.163.com" />
+	<target host="analytics.163.com" />
+	<target host="auto.163.com" />
+	<target host="biz.163.com" />
+	<target host="cc.163.com" />
+	<target host="mshare.cc.163.com" />
+	<target host="dun.163.com" />
+	<target host="cdn.easyread.163.com" />
+	<target host="email.163.com" />
+	<target host="email2.163.com" />
+	<target host="fm.163.com" />
+	<target host="help.163.com" />
+	<target host="iad.g.163.com" />
+		<test url="http://iad.g.163.com/wa/ad" />
+	<target host="game.163.com" />
+	<target host="gm.163.com" />
+		<target host="box.gm.163.com" />
+		<target host="epay.gm.163.com" />
+		<target host="gift.gm.163.com" />
+		<target host="bw.gm.163.com" />
+		<target host="dh2.gm.163.com" />
+		<target host="dtws.gm.163.com" />
+		<target host="ff.gm.163.com" />
+		<target host="jl.gm.163.com" />
+		<target host="lj.gm.163.com" />
+		<target host="tianyu.gm.163.com" />
+		<target host="tuji.gm.163.com" />
+		<target host="tx3.gm.163.com" />
+		<target host="wf.gm.163.com" />
+		<target host="wh2.gm.163.com" />
+		<target host="x3.gm.163.com" />
+		<target host="xc.gm.163.com" />
+		<target host="xqn.gm.163.com" />
+		<target host="xy2.gm.163.com" />
+		<target host="xy3.gm.163.com" />
+		<target host="xyq.gm.163.com" />
+		<target host="y3.gm.163.com" />
+		<target host="zmq.gm.163.com" />
+	<target host="lady.163.com" />
+	<target host="love.163.com" />
+	<target host="m.163.com" />
+	<target host="c.m.163.com" />
+		<test url="http://c.m.163.com/news/a/C2ADQI8H0524ADMM.html" />
+	<target host="mail.163.com" />
+	<target host="dm.mail.163.com" />
+	<target host="help.mail.163.com" />
+	<target host="pstat.mail.163.com" />
+	<target host="iplocator.mail.163.com" />
+		<test url="http://iplocator.mail.163.com/iplocator?callback=fGetLocator" />
+	<target host="msg.mail.163.com" />
+	<target host="mima.163.com" />
+	<target host="money.163.com" />
+	<target host="music.163.com" />
+	<target host="open.163.com" />
+	<target host="www.qiye.163.com" />
+	<target host="dl.reg.163.com" />
+	<target host="hc.reg.163.com" />
+	<target host="webzj.reg.163.com" />
+	<target host="yun.reg.163.com" />
+		<test url="http://yun.reg.163.com/cloud/versions/1.0.0/cloudstyle.css" />
+	<target host="study.163.com" />
+	<target host="vipmail.163.com" />
+	<target host="you.163.com" />
+	<target host="b.you.163.com" />
+	<target host="cps.you.163.com" />
+	<target host="open.you.163.com" />
+	<target host="m.you.163.com" />
+	<target host="yuedu.163.com" />
+
+	<!-- Complications: -->
+	<target host="163.com" />
+
+	<target host="reg.163.com" />
+		<!--	Redirect to http:	-->
+		<exclusion pattern="http://reg\.163\.com/update\.html?$" />
+		<test url="http://reg.163.com/update.htm" />
+		<test url="http://reg.163.com/update.html" />
+
+	<rule from="^http://163\.com/" to="https://www.163.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/1688.com.xml b/src/chrome/content/rules/1688.com.xml
index 0e2ad7a9c224..8d334db14439 100644
--- a/src/chrome/content/rules/1688.com.xml
+++ b/src/chrome/content/rules/1688.com.xml
@@ -1,18 +1,177 @@
 <!--
-	Nonfunctional subdomains:
 
-		- page	(refused)
+	Nonfunctional hosts in *1688.com:
+
+		- bmall *
+		- dmtracking ¹
+		- exodus *
+		- levit *
+
+	¹ Expired
+ 	* Dropped
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .1688.com
+		- live.1688.com
+
+
+	Mixed content:
+
+		- Images, on :
+
+			- 3g from pin.aliyun.com ¹
+			- chem, ec, ee, go, gys, light, s from img.china.alibaba.com ¹
+			- chem, go, gys, industry, peixun, page from i0[0-5].c.aliimg.com ¹
+			- go, gys, s, toutiao from cbu01.alicdn.com ¹
+			- jd from img.china.alibaba.com ¹
+			- ec, light from wd.alibaba-inc.com
+			- s from style.c.aliimg.com ¹
+			- wxb from gtms0\d.alicdn.com ¹
+
+		- Bug on toutiao from dmtracking.1688.com ¹
+
+	¹ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
 <ruleset name="1688.com (partial)">
 
-	<target host="*.1688.com" />
-
+	<target host="1688.com" />
+	<target host="114.1688.com" />
+	<target host="3c.1688.com" />
+	<target host="3g.1688.com" />
+	<target host="56.1688.com" />
+	<target host="8.1688.com" />
+	<target host="af.1688.com" />
+	<target host="aipaichina.1688.com" />
+	<target host="anyang.1688.com" />
+	<target host="apps.1688.com" />
+	<target host="auto.1688.com" />
+	<target host="assets.1688.com" />
+	<target host="baike.1688.com" />
+	<target host="bao.1688.com" />
+	<target host="blog.1688.com" />
+	<target host="bz.1688.com" />
+	<target host="cart.1688.com" />
+	<target host="chem.1688.com" />
+	<target host="club.1688.com" />
+	<target host="cxt.1688.com" />
+	<target host="daili.1688.com" />
+	<target host="daixiao.1688.com" />
+	<target host="danvr.1688.com" />
+	<target host="detail.1688.com" />
+	<target host="ding.1688.com" />
+	<target host="e56.1688.com" />
+	<target host="ec.1688.com" />
+	<target host="ee.1688.com" />
+	<target host="enjoy.1688.com" />
+	<target host="fangzhi.1688.com" />
+	<target host="fashion.1688.com" />
+	<target host="food.1688.com" />
+	<target host="free.1688.com" />
+	<target host="fushi.1688.com" />
+	<target host="fuzhuang.1688.com" />
+	<target host="go.1688.com" />
+	<target host="goods.1688.com" />
+	<target host="gudongchun.1688.com" />
+	<target host="gys.1688.com" />
+	<target host="hi.1688.com" />
+	<target host="hao.1688.com" />
+	<target host="hezuo.1688.com" />
+	<target host="home.1688.com" />
+	<target host="hot.1688.com" />
+	<target host="huopin.1688.com" />
+	<target host="hzzichi.1688.com" />
+	<target host="in.1688.com" />
+	<target host="industry.1688.com" />
+	<target host="info.1688.com" />
+	<target host="jankiz.1688.com" />
+	<target host="jd.1688.com" />
+	<target host="jia.1688.com" />
+	<target host="jingxi.1688.com" />
+	<target host="jinhua.1688.com" />
+	<target host="jinhuo.1688.com" />
+	<target host="kunming.1688.com" />
+	<target host="light.1688.com" />
+	<target host="linan.1688.com" />
+	<target host="lishui.1688.com" />
+	<target host="liuzhou.1688.com" />
+	<target host="live.1688.com" />
+	<target host="login.1688.com" />
+	<target host="ls.1688.com" />
+	<target host="luohe.1688.com" />
+	<target host="marketing.1688.com" />
+	<target host="me.1688.com" />
+	<target host="mei.1688.com" />
+	<target host="member.1688.com" />
+	<target host="mingqi.1688.com" />
+	<target host="mj.1688.com" />
+	<target host="muying.1688.com" />
+	<target host="myhome.1688.com" />
+	<target host="nanchang.1688.com" />
+	<target host="nanguosp.1688.com" />
+	<target host="o2o.1688.com" />
+	<target host="hnkjsc.ok.1688.com" />
+	<target host="sjq.ok.1688.com" />
+	<target host="open.1688.com" />
+	<target host="page.1688.com" />
+	<target host="pass.1688.com" />
+	<target host="pc.1688.com" />
+	<target host="peixun.1688.com" />
+	<target host="pigecheng.1688.com" />
+	<target host="pingce.1688.com" />
+	<target host="plas.1688.com" />
+	<target host="profile.1688.com" />
+	<target host="purchase.1688.com" />
+	<target host="qingfood.1688.com" />
+	<target host="quan.1688.com" />
+	<target host="rights.1688.com" />
+	<target host="rule.1688.com" />
+	<target host="s.1688.com" />
+	<target host="sample.1688.com" />
+	<target host="sanmenxia.1688.com" />
+	<target host="sec.1688.com" />
+	<target host="shangqiu.1688.com" />
+	<target host="shili.1688.com" />
+	<target host="shunde.1688.com" />
+	<target host="small.1688.com" />
+	<target host="smart.1688.com" />
+	<target host="sport.1688.com" />
+	<target host="steel.1688.com" />
+	<target host="sycm.1688.com" />
+	<target host="tao.1688.com" />
+	<target host="tgc.1688.com" />
+	<target host="tk.1688.com" />
+	<target host="tongcheng.1688.com" />
+	<target host="toutiao.1688.com" />
+	<target host="trade.1688.com" />
+	<target host="view.1688.com" />
+	<target host="vmd.1688.com" />
+	<target host="wangwang.1688.com" />
+	<target host="wenling.1688.com" />
+	<target host="wholesale.1688.com" />
+	<target host="work.1688.com" />
+	<target host="www.1688.com" />
+	<target host="wxb.1688.com" />
+	<target host="xian.1688.com" />
+	<target host="yang.1688.com" />
+	<target host="ye.1688.com" />
+	<target host="jiafang.ye.1688.com" />
+	<target host="yejin.1688.com" />
+	<target host="yiwu.1688.com" />
+	<target host="yueqing.1688.com" />
+	<target host="yy.1688.com" />
+	<target host="zhili.1688.com" />
 
-	<securecookie host="^\.1688\.com$" name="^ali_beacon_id$" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.1688\.com$" name="^(?:__cn_logon__|__cn_logon_id|_csrf_token|_csrf_token\.sig|_tmp_ck_0|JSESSIONID|cn_tmp|cn_user|ad_prefer|ali_ab|ali_beacon_id|aliBeacon_bcookie|h_keys|unb)$" /-->
+	<!--securecookie host="^live\.1688\.com$" name="^ali-session$" /-->
 
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://dmtracking\.1688\.com/"
-		to="https://dmtracking.1688.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/168qiquan.com.xml b/src/chrome/content/rules/168qiquan.com.xml
deleted file mode 100644
index 0beadaa22210..000000000000
--- a/src/chrome/content/rules/168qiquan.com.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	For other anyoption coverage, see Anyoption.com.xml.
-
-
-	Some pages redirect to http.
-
--->
-<ruleset name="168qiquan.com (partial)">
-
-	<target host="hk.168qiquan.com" />
-
-
-	<rule from="^http://hk\.168qiquan\.com/(?=bridge/|css/|favicon\.ico|images/|javax\.faces\.resource/|jsp?/|thickbox/|undefined/)"
-		to="https://hk.168qiquan.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/16personalities.com.xml b/src/chrome/content/rules/16personalities.com.xml
new file mode 100644
index 000000000000..310e1b445560
--- /dev/null
+++ b/src/chrome/content/rules/16personalities.com.xml
@@ -0,0 +1,17 @@
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://16personalities.com/ => https://www.16personalities.com/: Cycle detected - URL already encountered: https://www.16personalities.com/
+
+
+	(www.)?: Dropped
+
+-->
+<ruleset name="16personalities.com">
+    <target host="16personalities.com" />
+    <target host="*.16personalities.com" />
+
+    <rule from="^http://16personalities\.com/"
+        to="https://www.16personalities.com/" />
+    <rule from="^http://([^/:@]+)\.16personalities\.com/"
+        to="https://$1.16personalities.com/" />
+</ruleset>
diff --git a/src/chrome/content/rules/179.ru.xml b/src/chrome/content/rules/179.ru.xml
new file mode 100644
index 000000000000..14bd29d6180d
--- /dev/null
+++ b/src/chrome/content/rules/179.ru.xml
@@ -0,0 +1,35 @@
+<!--
+	HTTPS broken:
+		2011.179.ru
+		biobase.179.ru
+		v2017-b2.179.ru
+		vezdehod.179.ru
+
+	Mixed content:
+		2013.179.ru
+
+	There are a few domain names whose only purpose appears to be a redirect.
+	For example, http://wiki.179.ru/ redirects to https://server.179.ru/wiki/.
+	For those domain names, HTTPS does not work;
+	but non-root URLs like http://wiki.179.ru/foo simply give an error.
+		bak.179.ru
+		monitor.179.ru
+		sbory.179.ru
+		support.179.ru
+		t3.179.ru
+		wiki.179.ru
+-->
+<ruleset name="179.ru">
+	<target host="179.ru" />
+	<target host="www.179.ru" />
+	<target host="2012.179.ru" />
+	<target host="2015.179.ru" />
+	<target host="dop.179.ru" />
+	<target host="moodle.179.ru" />
+	<target host="open.179.ru" />
+	<target host="server.179.ru" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/17track.net.xml b/src/chrome/content/rules/17track.net.xml
index 704dc441b195..f5c0c2e364f8 100644
--- a/src/chrome/content/rules/17track.net.xml
+++ b/src/chrome/content/rules/17track.net.xml
@@ -1,6 +1,8 @@
-<ruleset name="17track.net" platform="mixedcontent">
-  <target host="17track.net" />
-  <target host="www.17track.net" />
+<ruleset name="17track.net (partial)">
+	<target host="17track.net" />
+	<target host="www.17track.net" />
 
-  <rule from="^http://(www\.)?17track\.net/" to="https://www.17track.net/" />
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/1823.gov.hk.xml b/src/chrome/content/rules/1823.gov.hk.xml
new file mode 100644
index 000000000000..b6cea30a346b
--- /dev/null
+++ b/src/chrome/content/rules/1823.gov.hk.xml
@@ -0,0 +1,17 @@
+<!--
+	For other HK government coverage, see GovHK.xml.
+
+	Invalid certificate:
+		1823.gov.hk
+-->
+<ruleset name="1823.gov.hk">
+	<target host="1823.gov.hk" />
+	<target host="www.1823.gov.hk" />
+	<target host="sc.1823.gov.hk" />
+	<target host="wcis.1823.gov.hk" />
+
+	<rule from="^http://1823\.gov\.hk/"
+		to="https://www.1823.gov.hk/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/1984.is.xml b/src/chrome/content/rules/1984.is.xml
index 8e648429c37b..0d53019744bf 100644
--- a/src/chrome/content/rules/1984.is.xml
+++ b/src/chrome/content/rules/1984.is.xml
@@ -1,12 +1,13 @@
+<!--
+	For other 1984 Hosting coverage, see 1984_Hosting.com.xml.
+-->
+
 <ruleset name="1984.is">
   <target host="1984.is" />
   <target host="www.1984.is" />
-  <target host="1984hosting.com" />
-  <target host="www.1984hosting.com" />
+  <target host="kb.1984.is" />
 
-  <securecookie host="^(www)?\.1984\.is$" name=".*" />
-  <securecookie host="^(www)?\.1984hosting\.com$" name=".*" />
+  <securecookie host=".+" name=".+" />
 
-  <rule from="^http://(?:www\.)?1984\.is/" to="https://1984.is/"/>
-  <rule from="^http://(?:www\.)?1984hosting\.com/" to="https://1984hosting.com/"/>
-</ruleset>
\ No newline at end of file
+  <rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/1984.live.xml b/src/chrome/content/rules/1984.live.xml
new file mode 100644
index 000000000000..73a099e153b9
--- /dev/null
+++ b/src/chrome/content/rules/1984.live.xml
@@ -0,0 +1,6 @@
+<ruleset name="1984.live">
+	<target host="1984.live" />
+	<target host="www.1984.live" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/1984_Hosting.com.xml b/src/chrome/content/rules/1984_Hosting.com.xml
new file mode 100644
index 000000000000..4a70ef16900a
--- /dev/null
+++ b/src/chrome/content/rules/1984_Hosting.com.xml
@@ -0,0 +1,24 @@
+<!--
+	Other 1984 Hosting rulesets:
+
+		- 1984.is.xml
+
+
+	Insecure cookies are set for these domains:
+
+		- 1984hosting.com
+		- www.1984hosting.com
+
+-->
+<ruleset name="1984 Hosting.com">
+  <target host="1984hosting.com" />
+  <target host="www.1984hosting.com" />
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?1984hosting\.com$" name="^(csrftoken|user_id)$" /-->
+
+  <securecookie host="^(?:\.|www\.)?1984hosting\.com$" name=".+" />
+
+  <rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/19h17.info.xml b/src/chrome/content/rules/19h17.info.xml
new file mode 100644
index 000000000000..7f3b4c45a2e3
--- /dev/null
+++ b/src/chrome/content/rules/19h17.info.xml
@@ -0,0 +1,8 @@
+<ruleset name="19h17.info">
+
+	<target host="19h17.info" />
+	<target host="www.19h17.info" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/1BTCXE.com.xml b/src/chrome/content/rules/1BTCXE.com.xml
new file mode 100644
index 000000000000..b2c496958b56
--- /dev/null
+++ b/src/chrome/content/rules/1BTCXE.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .1btcxe.com
+
+-->
+<ruleset name="1BTCXE.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="1btcxe.com" />
+	<target host="support.1btcxe.com" />
+	<target host="www.1btcxe.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.1btcxe\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.1btcxe\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/1Cart.xml b/src/chrome/content/rules/1Cart.xml
deleted file mode 100644
index 66938ed038c5..000000000000
--- a/src/chrome/content/rules/1Cart.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<ruleset name="1Cart">
-
-	<target host="1cart.com"/>
-	<target host="*.1cart.com"/>
-	<target host="1cart.co.nz"/>
-	<target host="www.1cart.co.nz"/>
-
-	<securecookie host="^resellers\.1cart\.com$" name=".*"/>
-	<securecookie host="^(www\.)?1cart\.co\.nz$" name=".*"/>
-
-	<rule from="^http://(www\.)?1cart\.co(?:m|\.nz)/"
-		to="https://$11cart.co.nz/"/>
-
-	<rule from="^http://resellers\.1cart\.com/"
-		to="https://resellers.1cart.com/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/1LotSTP.com.xml b/src/chrome/content/rules/1LotSTP.com.xml
deleted file mode 100644
index 57bfd92dc6ef..000000000000
--- a/src/chrome/content/rules/1LotSTP.com.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="1LotSTP.com">
-
-	<target host="1lotstp.com" />
-	<target host="*.1lotstp.com" />
-
-
-	<securecookie host="^\.1lotstp\.com$" name=".+" />
-
-
-	<rule from="^http://(new\.|www\.)?1lotstp\.com/"
-		to="https://$11lotstp.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/1PipFix.xml b/src/chrome/content/rules/1PipFix.xml
index 1888c8a16078..0c91ce8616af 100644
--- a/src/chrome/content/rules/1PipFix.xml
+++ b/src/chrome/content/rules/1PipFix.xml
@@ -1,13 +1,19 @@
-<ruleset name="1PipFix">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://1pipfix.com/ => https://1pipfix.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.1pipfix.com/ => https://www.1pipfix.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+-->
+<ruleset name="1PipFix" default_off="failed ruleset test">
 
 	<target host="1pipfix.com" />
-	<target host="*.1pipfix.com" />
+	<target host="www.1pipfix.com" />
 
 
 	<securecookie host="^(?:w*\.)?1pipfix\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?1pipfix\.com/"
-		to="https://$11pipfix.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/1ShoppingCart.com.xml b/src/chrome/content/rules/1ShoppingCart.com.xml
new file mode 100644
index 000000000000..9d7f2ed5f8c1
--- /dev/null
+++ b/src/chrome/content/rules/1ShoppingCart.com.xml
@@ -0,0 +1,44 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://1shoppingcart.com/ => https://1shoppingcart.com/: Too many redirects while fetching 'https://1shoppingcart.com/'
+
+	For other Web.com Group coverage, see Web.com.xml.
+
+-->
+<ruleset name="1ShoppingCart.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="1shoppingcart.com" />
+	<target host="www.1shoppingcart.com" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.1shoppingcart\.com/$" /-->
+		<!--
+			Redirects to 404:
+					-->
+		<!--exclusion pattern="^http://www\.1shoppingcart\.com/(?:1sc-images/|login$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.1shoppingcart\.com/+(?!app/adtrack\.asp|SecureCart/SecureCart\.aspx)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.1shoppingcart.com/1sc-images/logo.png" />
+			<test url="http://www.1shoppingcart.com/about-us" />
+			<test url="http://www.1shoppingcart.com/contact-us" />
+			<test url="http://www.1shoppingcart.com/login" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.1shoppingcart.com/app/adtrack.asp?AdID=" />
+			<test url="http://www.1shoppingcart.com/SecureCart/SecureCart.aspx?mid=&amp;pid=" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/1TW.org.xml b/src/chrome/content/rules/1TW.org.xml
new file mode 100644
index 000000000000..694430d8188e
--- /dev/null
+++ b/src/chrome/content/rules/1TW.org.xml
@@ -0,0 +1,20 @@
+<!--
+	(www.) is handled in Bit.ly_vanity_domains.xml.
+
+
+	CDN buckets:
+
+		- d2bj0t3lpy2azd.cloudfront.net
+
+			- c
+
+-->
+<ruleset name="1TW.org">
+
+	<target host="c.1tw.org" />
+
+
+	<rule from="^http://c\.1tw\.org/"
+		to="https://d2bj0t3lpy2azd.cloudfront.net/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/1WT.eu.xml b/src/chrome/content/rules/1WT.eu.xml
index 985ff0377677..447d3ec8b679 100644
--- a/src/chrome/content/rules/1WT.eu.xml
+++ b/src/chrome/content/rules/1WT.eu.xml
@@ -1,34 +1,47 @@
 <!--
-	Problematic subdomains:
+	Problematic hosts in *1wt.eu:
 
-		- static	(works; expired 2013-07-21, self-signed, mismatched, CN: www.formilux.org)
-		- www		(mismatched, CN: demo.1wt.eu)
+		- ^ ¹
+		- demo ¹
+		- haproxy ¹ ² ³
+		- static ¹ ² ³
+		- www ¹ ²
 
-
-	Fully covered subdomains:
-
-		- (www.)	(www → ^)
-		- demo
-		- static	(→ ^)
+	¹ Expired
+	² Mismatched
+	³ Self-signed
 
 
 	Mixed content:
 
-		- Images, on ^ from:
-
-			- static *
-			- www6
+		- Images on ^ from static.1wt.eu *
+		- Image on ^ from www6.1wt.eu
 
 	* Secured by us
 
 -->
-<ruleset name="1WT.eu">
+<ruleset name="1WT.eu (partial)" default_off="expired">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="1wt.eu" />
-	<target host="*.1wt.eu" />
+	<target host="demo.1wt.eu" />
+
+	<!--	Complications:
+				-->
+	<target host="static.1wt.eu" />
+	<target host="www.1wt.eu" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^haproxy\.1wt\.eu$" name="^sid$" /-->
+
 
+	<rule from="^http://(?:static|www)\.1wt\.eu/"
+		to="https://1wt.eu/" />
 
-	<rule from="^http://(?:(demo\.)|static\.|www\.)?1wt\.eu/"
-		to="https://$11wt.eu/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/1X.xml b/src/chrome/content/rules/1X.xml
index 3fe24bcebbcf..cfa766f3292b 100644
--- a/src/chrome/content/rules/1X.xml
+++ b/src/chrome/content/rules/1X.xml
@@ -1,25 +1,43 @@
-<!--
-	Cert doesn't match www.
 
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://autodiscover.1x.com/ => https://autodiscover.1x.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://owa.1x.com/ => https://owa.1x.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 
 	Problematic subdomains:
 
 		- mail		(interrupted)
+		- www ²
+
+	² Mismatched
 
 -->
-<ruleset name="1X">
+<ruleset name="1X.com" default_off="failed ruleset test">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="1x.com" />
-	<target host="*.1x.com" />
+	<target host="autodiscover.1x.com" />
+	<target host="owa.1x.com" />
 
+	<!--	Complications:
+				-->
+	<target host="mail.1x.com" />
+	<target host="www.1x.com" />
 
-	<securecookie host="^\.1x\.com$" name=".+" />
 
+	<securecookie host="^\.1x\.com$" name=".+" />
 
-	<rule from="^http://(?:(autodiscover\.|owa\.)|www\.)?1x\.com/"
-		to="https://$11x.com/" />
 
-	<rule from="^https?://mail\.1x\.com/(?:.*)"
+	<rule from="^http://mail\.1x\.com/.*"
 		to="https://mail.google.com/a/1x.com" />
 
-</ruleset>
\ No newline at end of file
+		<test url="http://mail.1x.com//" />
+
+	<rule from="^http://www\.1x\.com/"
+		to="https://1x.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/1_Deg.org.xml b/src/chrome/content/rules/1_Deg.org.xml
new file mode 100644
index 000000000000..ae7de6e4a9c3
--- /dev/null
+++ b/src/chrome/content/rules/1_Deg.org.xml
@@ -0,0 +1,15 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://1deg.org/ => https://1deg.org/: (28, 'Connection timed out after 20000 milliseconds')
+
+-->
+<ruleset name="1 Deg.org" default_off="failed ruleset test">
+
+	<target host="1deg.org" />
+	<target host="www.1deg.org" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/1and1-Internet.xml b/src/chrome/content/rules/1and1-Internet.xml
index fa8a5278df5c..5f6f32a58dcc 100644
--- a/src/chrome/content/rules/1and1-Internet.xml
+++ b/src/chrome/content/rules/1and1-Internet.xml
@@ -1,68 +1,81 @@
-<!--
-		- 1und1.ivwbox.de
-
-
-	Nonfunctional domains:
-
-		- piwik.1u1s.de		(403; mismatched, CN: corpimages.de)
-
--->
-<ruleset name="1&amp;1 Internet">
-
-	<target host="1and1.com" />
-	<target host="*.1and1.com" />
-	<target host="webmailcluster.perfora.net" />
-	<target host="uim.tifbs.net"/>
-
-
-	<securecookie host="^((admin|forum|mailxchange|mywebsite|mywebsitepersonal|order|password|redirect|shop|www)?\.)?1and1\.com$" name=".+" />
-	<securecookie host="^webmailcluster\.perfora\.net$" name=".+" />
-	<!--securecookie host="^\.web\.de$" name=".*"/-->
-
-
-	<rule from="^http://((?:admin|forum|mailxchange|mywebsite(?:personal)?|order|password|redirect|shop|www)\.)?1and1\.com/"
-		to="https://$11and1.com/" />
 
-	<rule from="^http://webmailcluster\.perfora\.net/"
-		to="https://webmailcluster.perfora.net/" />
-
-	<rule from="^http://uim\.tifbs\.net/"
-		to="https://uim.tifbs.net/" />
-
-
-
-
-	<target host="1and1.co.uk" />
-	<target host="*.1and1.co.uk" />
-
-
-	<securecookie host="^((admin|mailxchange|mywebsite(personal)?|online-office|order|password|redirect|shop|webmailcluster|www)?\.)?1and1\.co\.uk$" name=".+" />
-
-
-	<rule from="^https?://(?:www\.)?1and1\.co\.uk/"
-		to="https://order.1and1.co.uk/" />
-	<exclusion pattern="^https://www\.1and1\.(co\.uk|com|ca)/(xml/|\?__)"/>
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://webdesk.1and1.com/ => https://webdesk.1and1.com/: (7, 'Failed to connect to webdesk.1and1.com port 443: Connection refused')
 
-	<rule from="^http://(admin|mailxchange|mywebsite(?:personal)?|online-office|order|password|redirect|shop|webmailcluster)\.1and1\.co\.uk/"
-		to="https://$1.1and1.co.uk/" />
+	For other United Internet coverage, see United-Internet.xml.
 
 
+	Nonfunctional hosts in *1and1.com:
 
+		- devpartner ᵖ
+		- mirror ᵈ
+		- newsroom ʳ
+		- postmaster ᵈ
+		- press ʳ
 
-	<target host="1and1.ca" />
-	<target host="*.1and1.ca" />
+	ᵈ Dropped
+	ᵖ Plaintext reply
+	ʳ Refused
 
 
-	<securecookie host="^((admin|mywebsitepersonal|online-office|order|password|www)?\.)?1and1\.ca$" name=".+" />
+	Problematic hosts in *1and1.com:
 
+		- about ᵐ
+		- blog ᵐ
+		- faq ᵐ
+		- status ᴬ
+		- websitebuilder ᶜ
 
-	<rule from="^https?://(?:www\.)?1and1\.ca/"
-		to="https://order.1and1.ca/" />
+	ᴬ Akamai / mismatched
+	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
+	ᵐ Mismatched
 
-	<rule from="^http://(admin|mywebsitepersonal|online-office|order|password)\.1and1\.ca/"
-		to="https://$1.1and1.ca/" />
+-->
+<ruleset name="1and1.com" default_off="failed ruleset test">
 
-	<rule from="^http://mywebsite\.1and1\.ca/tariff($|;)"
-		to="https://mywebsite.1and1.ca/tariff$1" />
+	<!--	Direct rewrites:
+				-->
+	<target host="1and1.com" />
+	<target host="account.1and1.com" />
+	<target host="admin.1and1.com" />
+	<target host="analytics.1and1.com" />
+	<target host="community.1and1.com" />
+	<target host="email.1and1.com" />
+	<target host="emarketing2.1and1.com" />
+	<target host="exchange.1and1.com" />
+	<target host="xadmin.exchange.1and1.com" />
+	<target host="forum.1and1.com" />
+	<target host="help.1and1.com" />
+	<target host="m.help.1and1.com" />
+	<target host="mailxchange.1and1.com" />
+	<target host="my.1and1.com" />
+	<target host="mywebsite.1and1.com" />
+	<target host="mywebsitepersonal.1and1.com" />
+	<target host="order.1and1.com" />
+	<target host="password.1and1.com" />
+	<target host="redirect.1and1.com" />
+	<target host="search.1and1.com" />
+	<target host="shop.1and1.com" />
+	<target host="webdesk.1and1.com" />
+	<target host="webmail.1and1.com" />
+	<target host="website.1and1.com" />
+	<!--target host="websitebuilder.1and1.com" /-->
+	<target host="whstatic.1and1.com" />
+	<target host="www.1and1.com" />
+
+	<!--	Complications:
+				-->
+	<target host="faq.1and1.com" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://faq\.1and1\.com/"
+		to="https://help.1and1.com/" />
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/1and1.ca.xml b/src/chrome/content/rules/1and1.ca.xml
new file mode 100644
index 000000000000..5d0f43291d06
--- /dev/null
+++ b/src/chrome/content/rules/1and1.ca.xml
@@ -0,0 +1,51 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://forum.1and1.ca/ => https://forum.1and1.ca/: (6, 'Could not resolve host: forum.1and1.ca')
+Fetch error: http://www.forum.1and1.ca/ => https://www.forum.1and1.ca/: (6, 'Could not resolve host: www.forum.1and1.ca')
+
+	For other United Internet coverage, see United-Internet.xml.
+
+
+	Problematic hosts in *1and1.ca:
+
+		- ^ ᵐ
+		- analytics ᶜ
+		- online-office ᶜ
+		- websitebuilder ᶜ
+
+	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
+	ᵐ Mismatched
+
+-->
+<ruleset name="1and1.ca (partial)" default_off="failed ruleset test">
+
+	<!--target host="analytics.1and1.ca" /-->
+	<target host="account.1and1.ca" />
+	<target host="admin.1and1.ca" />
+	<target host="forum.1and1.ca" />
+	<target host="www.forum.1and1.ca" />
+	<target host="mywebsite.1and1.ca" />
+	<target host="mywebsitepersonal.1and1.ca" />
+	<!--target host="online-office.1and1.ca" /-->
+	<target host="order.1and1.ca" />
+	<target host="password.1and1.ca" />
+	<target host="website.1and1.ca" />
+	<!--target host="websitebuilder.1and1.ca" /-->
+	<target host="www.1and1.ca" />
+
+	<!--	Complications:
+				-->
+	<target host="1and1.ca" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://1and1\.ca/"
+		to="https://www.1and1.ca/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/1and1.co.uk.xml b/src/chrome/content/rules/1and1.co.uk.xml
new file mode 100644
index 000000000000..d4147373141e
--- /dev/null
+++ b/src/chrome/content/rules/1and1.co.uk.xml
@@ -0,0 +1,76 @@
+<!--
+	For other United Internet coverage, see United-Internet.xml.
+
+
+	Nonfunctional hosts in *1and1.co.uk:
+
+		- help ᵈ
+		- m.help ᵖ
+		- newsroom ʳ
+
+	ᵈ Dropped
+	ᵖ Plaintext reply
+	ʳ Refused
+
+
+	Problematic hosts in *1and1.co.uk:
+
+		- blog ᵐ
+		- community ᵐ
+
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these domains: ˢ
+
+		- .1and1.co.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="1and1.co.uk (partial)">
+
+	<target host="1and1.co.uk" />
+	<target host="account.1and1.co.uk" />
+	<target host="admin.1and1.co.uk" />
+	<target host="exchange.1and1.co.uk" />
+	<target host="mailxchange.1and1.co.uk" />
+	<target host="my.1and1.co.uk" />
+	<target host="mywebsite.1and1.co.uk" />
+	<target host="mywebsitepersonal.1and1.co.uk" />
+	<target host="navigation.1and1.co.uk" />
+	<target host="online-office.1and1.co.uk" />
+	<target host="order.1and1.co.uk" />
+	<target host="password.1and1.co.uk" />
+	<target host="shop.1and1.co.uk" />
+	<target host="redirect.1and1.co.uk" />
+	<target host="webmail.1and1.co.uk" />
+	<target host="webmailcluster.1and1.co.uk" />
+	<target host="website.1and1.co.uk" />
+	<target host="www.1and1.co.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="community.1and1.co.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.1and1\.co\.uk$" name="^chocolateChip$" /-->
+
+	<securecookie host="^\." name="^chocolateChip$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<!--	Redirect drops forward slash,
+		slash, path, and args:
+					-->
+	<rule from="^http://community\.1and1\.co\.uk/.*"
+		to="https://community.1and1.com/11-community/?pk_campaign=1and1UK&amp;pk_kwd=redirect" />
+
+		<test url="http://community.1and1.co.uk/index.php" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/1and1.es.xml b/src/chrome/content/rules/1and1.es.xml
new file mode 100644
index 000000000000..1c85957b91c7
--- /dev/null
+++ b/src/chrome/content/rules/1and1.es.xml
@@ -0,0 +1,54 @@
+<ruleset name="1and1.es">
+	<target host="1and1.es" />
+	<target host="www.1and1.es" />
+	<target host="account.1and1.es" />
+	<target host="admin.1and1.es" />
+	<target host="analitica.1and1.es" />
+	<target host="ayuda.1and1.es" />
+	<target host="www.ayuda.1and1.es" />
+	<target host="m.ayuda.1and1.es" />
+	<target host="buscadores.1and1.es" />
+	<target host="clientes.1and1.es" />
+	<target host="contabilidad-online.1and1.es" />
+	<target host="contacto.1and1.es" />
+	<target host="contrasena.1and1.es" />
+	<target host="contrato.1and1.es" />
+	<target host="digital-success.1and1.es" />
+	<target host="domain-center.1and1.es" />
+	<target host="domains-center.1and1.es" />
+	<target host="email.1and1.es" />
+	<target host="www.email.1and1.es" />
+	<target host="exchange.1and1.es" />
+	<target host="xadmin.1.exchange.1and1.es" />
+	<target host="xadmin.exchange.1and1.es" />
+	<target host="ias.1and1.es" />
+	<target host="listingcheck.1and1.es" />
+	<target host="listlocal.1and1.es" />
+	<target host="listlocalcheck.1and1.es" />
+	<target host="location-marketing.1and1.es" />
+	<target host="login.1and1.es" />
+	<target host="mailxchange.1and1.es" />
+	<target host="www.mailxchange.1and1.es" />
+	<target host="mbe.1and1.es" />
+	<target host="mbe-agent.1and1.es" />
+	<target host="microshop.1and1.es" />
+	<target host="navigation.1and1.es" />
+	<target host="online-office.1and1.es" />
+	<target host="phpmyadmin.1and1.es" />
+	<target host="platform.1and1.es" />
+	<target host="postmaster-contact.1and1.es" />
+	<target host="ratings.1and1.es" />
+	<target host="redes-sociales.1and1.es" />
+	<target host="registrar.1and1.es" />
+	<target host="server-services.1and1.es" />
+	<target host="telesales-hosting.1and1.es" />
+	<target host="tienda-clientes.1and1.es" />
+	<target host="www.upselling-hosting.1and1.es" />
+	<target host="webanalytics.1and1.es" />
+	<target host="webmail.1and1.es" />
+	<target host="webmail2.1and1.es" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/1anh.com.xml b/src/chrome/content/rules/1anh.com.xml
new file mode 100644
index 000000000000..3246ba264fcc
--- /dev/null
+++ b/src/chrome/content/rules/1anh.com.xml
@@ -0,0 +1,17 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://1anh.com/ => https://1anh.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.1anh.com/ => https://www.1anh.com/: (28, 'Connection timed out after 20000 milliseconds')
+
+-->
+<ruleset name="1anh.com" default_off="failed ruleset test">
+
+	<target host="1anh.com" />
+	<target host="www.1anh.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/1c-bitrix.ru.xml b/src/chrome/content/rules/1c-bitrix.ru.xml
index 160be81021a2..4903e992bcbb 100644
--- a/src/chrome/content/rules/1c-bitrix.ru.xml
+++ b/src/chrome/content/rules/1c-bitrix.ru.xml
@@ -13,7 +13,14 @@
 <ruleset name="1c-bitrix.ru (partial)">
 
 	<target host="1c-bitrix.ru" />
-	<target host="*.1c-bitrix.ru" />
+	<target host="www.1c-bitrix.ru" />
+	<target host="1c.1c-bitrix.ru" />
+	<target host="academy.1c-bitrix.ru" />
+	<target host="dev.1c-bitrix.ru" />
+	<target host="idea.1c-bitrix.ru" />
+	<target host="marketplace.1c-bitrix.ru" />
+	<target host="partners.1c-bitrix.ru" />
+	<target host="promo.1c-bitrix.ru" />
 
 
 	<securecookie host="^\.1c-bitrix\.ru$" name=".+" />
@@ -22,7 +29,6 @@
 	<rule from="^http://(?:www\.)?1c-bitrix\.ru/"
 		to="https://www.1c-bitrix.ru/" />
 
-	<rule from="^http://(1c|academy|dev|idea|marketplace|partners|promo)\.1c-bitrix\.ru/"
-		to="https://$1.1c-bitrix.ru/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/1d4.us.xml b/src/chrome/content/rules/1d4.us.xml
new file mode 100644
index 000000000000..0494998650df
--- /dev/null
+++ b/src/chrome/content/rules/1d4.us.xml
@@ -0,0 +1,23 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://1d4.us/ => https://1d4.us/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+
+	STS header includes includeSubdomains
+
+-->
+<ruleset name="1d4.us" default_off="failed ruleset test">
+
+	<target host="1d4.us" />
+	<target host="*.1d4.us" />
+
+		<test url="http://www.1d4.us/" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/1dedic.ru.xml b/src/chrome/content/rules/1dedic.ru.xml
new file mode 100644
index 000000000000..ab34933dbf8b
--- /dev/null
+++ b/src/chrome/content/rules/1dedic.ru.xml
@@ -0,0 +1,17 @@
+<!--
+www.1dedic.ru ¹
+mail.1dedic.ru ¹
+
+¹ mismatch
+-->
+<ruleset name="1dedic.ru">
+	<target host="1dedic.ru" />
+	<target host="my.1dedic.ru" />
+
+	<target host="www.1dedic.ru" />
+
+	<rule from="^http://www\.1dedic\.ru/"
+		to="https://1dedic.ru/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/1dmp.io.xml b/src/chrome/content/rules/1dmp.io.xml
new file mode 100644
index 000000000000..e22c2d47ef73
--- /dev/null
+++ b/src/chrome/content/rules/1dmp.io.xml
@@ -0,0 +1,12 @@
+<ruleset name="1dmp.io">
+
+	<target host="sync.1dmp.io" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/1f0.de.xml b/src/chrome/content/rules/1f0.de.xml
index b099763a9bb9..08339502780c 100644
--- a/src/chrome/content/rules/1f0.de.xml
+++ b/src/chrome/content/rules/1f0.de.xml
@@ -1,17 +1,14 @@
 <!--
-	Nonfunctional subdomains:
-
-		- files		(404s)
+	Expired:
+		- chaos.1f0.de
+		- xhmikosr.1f0.de
 
 -->
-<ruleset name="1f0.de (partial)" platform="cacert">
-
-	<target host="1f0.de"/>
-	<target host="www.1f0.de"/>
-
-	<!--	Cert isn't valid for !www
-		Pages redirect to !www		-->
-	<rule from="^http://(?:www\.)?1f0\.de/wp-content/"
-		to="https://www.1f0.de/wp-content/"/>
+<ruleset name="1f0.de">
+	<target host="1f0.de" />
+	<target host="www.1f0.de" />
+	<target host="files.1f0.de" />
+	<target host="git.1f0.de" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/1fichier.xml b/src/chrome/content/rules/1fichier.xml
new file mode 100644
index 000000000000..8d3fe557b874
--- /dev/null
+++ b/src/chrome/content/rules/1fichier.xml
@@ -0,0 +1,33 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://st-1.1fichier.com/ => https://st-1.1fichier.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+	All non-1fichier.com URLs are mirrors of https://1fichier.com/ .
+
+	Mismatch:
+	- dfichiers.com
+-->
+
+<ruleset name="1fichier" default_off="failed ruleset test">
+
+	<target host="1fichier.com" />
+	<target host="*.1fichier.com" />
+	<target host="alterupload.com" />
+	<target host="cjoint.net" />
+	<target host="desfichiers.com" />
+	<target host="megadl.fr" />
+	<target host="mesfichiers.org" />
+	<target host="piecejointe.net" />
+	<target host="pjointe.com" />
+	<target host="tenvoi.com" />
+	<target host="dl4free.com" />
+
+    	<test url="http://www.1fichier.com/" />
+    	<test url="http://img.1fichier.com/" />
+    	<test url="http://st-1.1fichier.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/1freehosting.com.xml b/src/chrome/content/rules/1freehosting.com.xml
new file mode 100644
index 000000000000..d894b26dc5e1
--- /dev/null
+++ b/src/chrome/content/rules/1freehosting.com.xml
@@ -0,0 +1,10 @@
+<!--
+	Mismatched:
+		cpanel.1freehosting.com
+-->
+<ruleset name="1freehosting.com">
+	<target host="1freehosting.com" />
+	<target host="www.1freehosting.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/1nightstandstory.xml b/src/chrome/content/rules/1nightstandstory.xml
deleted file mode 100644
index 3f38801d1768..000000000000
--- a/src/chrome/content/rules/1nightstandstory.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="1NightStandStory">
-  <target host="1nightstandstory.com" />
-  <target host="www.1nightstandstory.com" />
-
-  <rule from="^http://(?:www\.)?1nightstandstory\.com/" to="https://www.1nightstandstory.com/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/1nsk.ru-problematic.xml b/src/chrome/content/rules/1nsk.ru-problematic.xml
index a6975dde1b4e..20f974c0c941 100644
--- a/src/chrome/content/rules/1nsk.ru-problematic.xml
+++ b/src/chrome/content/rules/1nsk.ru-problematic.xml
@@ -5,7 +5,8 @@
 <ruleset name="1nsk.ru (problematic)" default_off="expired, self-signed">
 
 	<target host="1nsk.ru" />
-	<target host="*.1nsk.ru" />
+	<target host="www.1nsk.ru" />
+	<target host="b.1nsk.ru" />
 
 
 	<securecookie host="^b?\.1nsk\.ru$" name=".+" />
@@ -14,7 +15,6 @@
 	<rule from="^http://(?:www\.)?1nsk\.ru/"
 		to="https://www.1nsk.ru/" />
 
-	<rule from="^http://b\.1nsk\.ru/"
-		to="https://b.1nsk.ru/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/1nsk.ru.xml b/src/chrome/content/rules/1nsk.ru.xml
index 9fff6e79069e..3a86e6c1e5c3 100644
--- a/src/chrome/content/rules/1nsk.ru.xml
+++ b/src/chrome/content/rules/1nsk.ru.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://live.1nsk.ru/ => https://live.1nsk.ru/: (28, 'Connection timed out after 20000 milliseconds')
+
 	For problematic rules, see 1nsk.ru-problematic.xml.
 
 
@@ -11,7 +15,7 @@
 	* Works; expired 2012-02-28, self-signed
 
 -->
-<ruleset name="1nsk.ru (partial)">
+<ruleset name="1nsk.ru (partial)" default_off="failed ruleset test">
 
 	<target host="live.1nsk.ru" />
 
@@ -19,7 +23,6 @@
 	<securecookie host="^live\.1nsk\.ru$" name=".+" />
 
 
-	<rule from="^http://live\.1nsk\.ru/"
-		to="https://live.1nsk.ru/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/1over1.net.xml b/src/chrome/content/rules/1over1.net.xml
new file mode 100644
index 000000000000..77c1e327632e
--- /dev/null
+++ b/src/chrome/content/rules/1over1.net.xml
@@ -0,0 +1,13 @@
+<ruleset name="1over1">
+	<target host="1over1.net" />
+	<target host="www.1over1.net" />
+
+	<!--	MCB:	-->
+	<exclusion pattern="^http://(www\.)?1over1\.net/forum\.php" />
+		<test url="http://1over1.net/forum.php"/>
+		<test url="http://www.1over1.net/forum.php"/>
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/1phads.com.xml b/src/chrome/content/rules/1phads.com.xml
new file mode 100644
index 000000000000..c374b908d37b
--- /dev/null
+++ b/src/chrome/content/rules/1phads.com.xml
@@ -0,0 +1,17 @@
+<!--
+	www: cert only matches ^1phads.com
+
+-->
+<ruleset name="1phads.com">
+
+	<target host="1phads.com" />
+	<target host="www.1phads.com" />
+
+
+	<securecookie host="^1phads\.com$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?1phads\.com/"
+		to="https://1phads.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/1prime.ru.xml b/src/chrome/content/rules/1prime.ru.xml
new file mode 100644
index 000000000000..3800699fed09
--- /dev/null
+++ b/src/chrome/content/rules/1prime.ru.xml
@@ -0,0 +1,39 @@
+<!--
+disclosure.1prime.ru ⁴
+it-pro.1prime.ru ²
+m.1prime.ru ¹
+login.1prime.ru ²
+www.disclosure.1prime.ru ⁴
+bir.1prime.ru mixed content
+
+
+¹ mismatch
+² refused
+⁴ incomplete certificate chain
+
+
+	Insecure cookies are set for these domains: ᶜ
+
+		- .1prime.ru
+		- .www.1prime.ru
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="1prime.ru">
+	<target host="1prime.ru" />
+	<target host="www.1prime.ru" />
+	<target host="commerce.1prime.ru" />
+	<target host="emitent.1prime.ru" />
+	<target host="gold.1prime.ru" />
+	<target host="shop.1prime.ru" />
+	<target host="webservice.1prime.ru" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.(?:www\.)?1prime\.ru$" name="^__ddg_" /-->
+
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/1src.com.xml b/src/chrome/content/rules/1src.com.xml
new file mode 100644
index 000000000000..091811ed05a2
--- /dev/null
+++ b/src/chrome/content/rules/1src.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="1src.com">
+	<target host="1src.com" />
+	<target host="www.1src.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/1st-ART-Studio.xml b/src/chrome/content/rules/1st-ART-Studio.xml
deleted file mode 100644
index fd6ea61adb4a..000000000000
--- a/src/chrome/content/rules/1st-ART-Studio.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<ruleset name="1st ART Studio" default_off="mismatch">
-
-	<!--	*.edrive-hosting.cz	-->
-	<target host="1art.cz"/>
-	<target host="www.1art.cz"/>
-
-	<!--	!www redirects to www	-->
-	<rule from="^http://(?:www\.)?1art\.cz/"
-		to="https://www.1art.cz/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/1stWarning.com.xml b/src/chrome/content/rules/1stWarning.com.xml
new file mode 100644
index 000000000000..1fc53a466043
--- /dev/null
+++ b/src/chrome/content/rules/1stWarning.com.xml
@@ -0,0 +1,17 @@
+<!--
+	For other Net Applications coverage, see Net-Applications.xml.
+
+-->
+<ruleset name="1stWarning.com">
+
+	<target host="1stwarning.com" />
+	<target host="www.1stwarning.com" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/1stwebdesigner.com.xml b/src/chrome/content/rules/1stwebdesigner.com.xml
new file mode 100644
index 000000000000..5889ced5c57d
--- /dev/null
+++ b/src/chrome/content/rules/1stwebdesigner.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="1stwebdesigner.com">
+	<target host="1stwebdesigner.com" />
+	<target host="www.1stwebdesigner.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/1time.co.za.xml b/src/chrome/content/rules/1time.co.za.xml
deleted file mode 100644
index 4bcc195f9f64..000000000000
--- a/src/chrome/content/rules/1time.co.za.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="1time.co.za (Expired)" default_off="Expired">
-  <target host="1time.aero" />
-  <target host="www.1time.aero" />
-
-  <rule from="^http://(?:www\.)?1time\.aero/"
-          to="https://www.1time.aero/" />
-</ruleset>
diff --git a/src/chrome/content/rules/1tulatv.ru.xml b/src/chrome/content/rules/1tulatv.ru.xml
new file mode 100644
index 000000000000..decbd6147f3e
--- /dev/null
+++ b/src/chrome/content/rules/1tulatv.ru.xml
@@ -0,0 +1,8 @@
+<ruleset name="1tulatv.ru">
+	<target host="1tulatv.ru" />
+	<target host="www.1tulatv.ru" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/1tv.ru.xml b/src/chrome/content/rules/1tv.ru.xml
new file mode 100644
index 000000000000..1dca64357676
--- /dev/null
+++ b/src/chrome/content/rules/1tv.ru.xml
@@ -0,0 +1,72 @@
+<!--
+	CDN buckets:
+
+		- kino1tv-a.akamaihd.net
+
+
+	Nonfunctional hosts in *1tv.ru:
+
+		- edu ᵗ
+		- forum ʳ
+
+	ʳ Refused
+	ᵗ Reset
+
+
+	^1tv.ru: Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- stream.1tv.ru
+
+
+	Mixed content:
+
+		- Images on stream from $self ˢ
+
+		- Bugs, on:
+
+			- (www.)?, vsemmirom from top.list.ru ˢ
+			- (www.)? from (\w\d.){4}.top.mail.ru ˢ
+			- (www.)?, vsemmirom from counter.rambler.ru ˢ
+			- (www.)? from top100-images.rambler.ru
+			- (www.)? from www.tns-counter.ru ˢ
+			- (www.)? from awaps.yandex.ru ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="1tv.ru (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="beta.1tv.ru" />
+	<target host="img1.1tv.ru" />
+	<target host="img2.1tv.ru" />
+	<target host="kino.1tv.ru" />
+	<target host="static.1tv.ru" />
+	<target host="static2.1tv.ru" />
+	<target host="stream.1tv.ru" />
+	<target host="vsemmirom.1tv.ru" />
+	<target host="www.1tv.ru" />
+
+	<!--	Complications:
+				-->
+	<target host="1tv.ru" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^stream\.1tv\.ru$" name="^s$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://1tv\.ru/"
+		to="https://www.1tv.ru/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/1ty.me.xml b/src/chrome/content/rules/1ty.me.xml
new file mode 100644
index 000000000000..652c03f0ee75
--- /dev/null
+++ b/src/chrome/content/rules/1ty.me.xml
@@ -0,0 +1,9 @@
+<ruleset name="1ty.me">
+
+	<target host="1ty.me" />
+	<target host="www.1ty.me" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/1u1s.de.xml b/src/chrome/content/rules/1u1s.de.xml
new file mode 100644
index 000000000000..fef0179479fe
--- /dev/null
+++ b/src/chrome/content/rules/1u1s.de.xml
@@ -0,0 +1,46 @@
+<!--
+	For other United Internet coverage, see United-Internet.xml.
+
+
+	(www.)?1u1s.de: Shows blank page
+
+-->
+<ruleset name="1u1s.de (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="piwik.1u1s.de" />
+
+	<!--	Complications:
+				-->
+	<target host="1u1s.de" />
+	<target host="www.1u1s.de" />
+
+		<!--	Redirect for /\w.* differs
+						-->
+		<exclusion pattern="^http://(?:www\.)?1u1s\.de/+(?!$|\?)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://1u1s.de/do" />
+			<test url="http://1u1s.de/i" />
+			<test url="http://1u1s.de/404" />
+			<test url="http://www.1u1s.de/do" />
+			<test url="http://www.1u1s.de/i" />
+			<test url="http://www.1u1s.de/404" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.1u1s.de/?" />
+
+
+	<!--	Redirect drops args and
+		forward slash:
+				-->
+	<rule from="^http://(?:www\.)?1u1s\.de/.*"
+		to="https://www.1und1.de/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/1und1.de.xml b/src/chrome/content/rules/1und1.de.xml
index 841ddae76f92..cb1e00ca34df 100644
--- a/src/chrome/content/rules/1und1.de.xml
+++ b/src/chrome/content/rules/1und1.de.xml
@@ -5,94 +5,121 @@
 	CDN buckets:
 
 		- i0.1und1.de.edgesuite.net
-
-			- a1254.g.akamai.net
-
 		- 1und1.ivwbox.de
 
 
 	Nonfunctional subdomains:
 
-		- blog *
-		- erfolgscenter *
-		- jobs *
-		- press *
-		- service-center *
+		- apps ⁴
+		- login ⁴
+		- mirror ¹
+		- newsroom ²
+		- presse ²
+		- tv ³
 
-	* Refused
+	¹ Dropped
+	² Refused
+	³ 404
+	⁴ Invalid certificate
 
 
 	Problematic subdomains:
 
-		- ^	(works, cert only matches www)
-		- i0	(works, akamai)
-		- tv	(works; mismatched, CN: portal.gmx.net)
-
-
-	Fully covered subdomains:
-
-		- (www.)	(^ → www)
-		- apps
-		- dsl
-		- forum
-		- hilfe-center
-		- home
-		- homepage
-		- hosting
-		- i0		(→ akamai)
-		- ias
-		- img
-		- kunden
-		- login
-		- mein
-		- mobile
-		- pixel
-		- redirect
-		- sec-i0
-		- tt
-
-
-	Observed cookie domains:
-
-		- .
-		- apps
-		- dsl
-		- home
-		- homepage
-		- hosting
-		- ias
-		- jobs
-		- kunden
-		- mobile
-		- presse
-		- redirect
-		- service-center
-		- www
+		- ^ ¹
+		- erfolgscenter ¹
+		- i0 ²
+		- service-center ³
+
+	¹ Mismatched
+	² Akamai
+	³ Refused
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .1und1.de
+		- de-mail.1und1.de
+		- dsl.1und1.de
+		- hilfe-center.1und1.de
+		- hosting.1und1.de
+		- jobs.1und1.de
+		- mobile.1und1.de
+		- redirect.1und1.de
+		- www.1und1.de
 
 
 	Mixed content:
 
-		- Web bug on hilfe-center from status-1und1.de
+		- Images on jobs from img.youtube.com ¹
+		- Images on unternehmen from blog-network.1and1.com
+
+	¹ Secured by us
 
 -->
 <ruleset name="1und1.de (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="1und1.de" />
-	<target host="*.1und1.de" />
-		<!--exclusion pattern="^http://(blog|erfolgscenter|jobs|press|service-center|tv)\." /-->
+	<target host="account.1und1.de" />
+	<target host="blog.1und1.de" />
+	<target host="community.1und1.de" />
+	<target host="de-mail.1und1.de" />
+	<target host="dsl.1und1.de" />
+	<target host="forum.1und1.de" />
+	<target host="hilfe-center.1und1.de" />
+	<target host="m.hilfe-center.1und1.de" />
+	<target host="home.1und1.de" />
+	<target host="homepage.1und1.de" />
+	<target host="hosting.1und1.de" />
+	<target host="ias.1und1.de" />
+	<target host="jobs.1und1.de" />
+	<target host="kunden.1und1.de" />
+	<target host="mein.1und1.de" />
+	<target host="mobile.1und1.de" />
+	<target host="pixel.1und1.de" />
+	<target host="redirect.1und1.de" />
+	<target host="sec-i0.1und1.de" />
+	<target host="unternehmen.1und1.de" />
+	<target host="webmailer.1und1.de" />
+	<target host="www.1und1.de" />
+
+	<!--	Complications:
+				-->
+	<target host="erfolgscenter.1und1.de" />
+	<target host="service-center.1und1.de" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.1und1\.de$" name="^(?:ac-euepostclick-de|chocolateChip|uimid)$" /-->
+	<!--securecookie host="^de-mail\.1und1\.de$" name="^(?:De-Mail-1und1|TS[\da-f]{8})$" /-->
+	<!--securecookie host="^dsl\.1und1\.de$" name="^(?:__PFIX_SSL_|DPX|UT|vc)$" /-->
+	<!--securecookie host="^hilfe-center\.1und1\.de$" name="^[\da-f]{32}$" /-->
+	<!--securecookie host="^hosting\.1und1\.de$" name="^(?:DPX|UT|variant|variant\.configname)$" /-->
+	<!--securecookie host="^jobs\.1und1\.de$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^mobile\.1und1\.de$" name="^(?:GUD|UT|variant|variant\.configname)$" /-->
+	<!--securecookie host="^redirect\.1und1\.de$" name="^(?:__rd|PHPSESSID)$" /-->
+	<!--securecookie host="^www\.1und1\.de$" name="^(?:__PFIX_SSL_|__PFIX_TST_|DPX|variant|variant\.configname)$" /-->
 
-
-	<!--securecookie host="^\.1und1\.de$" name="^(chocolateChip|NG_USERID|uimid)$" /-->
 	<securecookie host=".*\.1und1\.de$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?1und1\.de/"
-		to="https://www.1und1.de/" />
+	<!--	Redirect keeps path, args,
+		and forward slash:
+					-->
+	<rule from="^http://erfolgscenter\.1und1\.de/"
+		to="https://blog.1und1.de/" />
+
+	<!--	Redirect drops path and forward
+		slash, but not args:
+					-->
+	<rule from="^http://service-center\.1und1\.de/[^?]*"
+		to="https://hilfe-center.1und1.de/" />
 
-	<rule from="^http://(apps|dsl|forum|hilfe-center|home|homepage|hosting|ias|img|kunden|login|mein|mobile|pixel|redirect|sec-i0|tt|webmailer)\.1und1\.de/"
-		to="https://$1.1und1.de/" />
+		<test url="http://service-center.1und1.de//" />
+		<test url="http://service-center.1und1.de/?" />
 
-	<rule from="^http://i0\.1und1\.de/"
-		to="https://a248.e.akamai.net/f/1254/284/7h/i0.1und1.de/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/1xbet.com.xml b/src/chrome/content/rules/1xbet.com.xml
deleted file mode 100644
index 8c4551523bec..000000000000
--- a/src/chrome/content/rules/1xbet.com.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<ruleset name="1xbet.com">
-
-	<target host="1xbet.com" />
-	<target host="www.1xbet.com" />
-	<target host="xbetsport.com" />
-	<target host="*.xbetsport.com" />
-
-
-	<securecookie host="^(?:w*\.)?(?:1xbe|xbetspor)t\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?(1xbe|xbetspor)t\.com/"
-		to="https://$1$2t.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/2020mobile.es.xml b/src/chrome/content/rules/2020mobile.es.xml
index bb3a882eb223..7ae5c8dd31c6 100644
--- a/src/chrome/content/rules/2020mobile.es.xml
+++ b/src/chrome/content/rules/2020mobile.es.xml
@@ -1,6 +1,16 @@
-<ruleset name="2020mobile">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.2020mobile.es/ => https://www.2020mobile.es/: (35, 'error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol')
+Fetch error: http://2020mobile.es/ => https://www.2020mobile.es/: (35, 'error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.2020mobile.es/ => https://www.2020mobile.es/: (35, 'error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol')
+Fetch error: http://2020mobile.es/ => https://www.2020mobile.es/: (35, 'error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol')
+-->
+<ruleset name="2020mobile" default_off="failed ruleset test">
   <target host="www.2020mobile.es"/>
   <target host="2020mobile.es"/>
 
-  <rule from="^http://(www\.)?2020mobile\.es/" to="https://www.2020mobile.es/"/>
+  <rule from="^http://(?:www\.)?2020mobile\.es/" to="https://www.2020mobile.es/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/20min-tv.ch.xml b/src/chrome/content/rules/20min-tv.ch.xml
new file mode 100644
index 000000000000..c700bc75e1ff
--- /dev/null
+++ b/src/chrome/content/rules/20min-tv.ch.xml
@@ -0,0 +1,27 @@
+<!--
+	For other 20min.ch coverage, see 20min.ch.xml.
+
+	Nonfunctional hosts in *.20min-tv.ch:
+		- (www.)?20min-tv.ch (m)
+		- feeds.20min-tv.ch (m)
+		- liveticker.20min-tv.ch (m)
+		- server\d+.20min-tv.ch (m)
+		- xupload.20min-tv.ch (m)
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="20min-tv.ch (partial)">
+	<target host="feedsfast.20min-tv.ch" />
+	<target host="podcast.20min-tv.ch" />
+	<target host="thumbnails.20min-tv.ch" />
+	<target host="thumbs.20min-tv.ch" />
+
+	<test url="http://feedsfast.20min-tv.ch/infinity/default_profile_badges_de.json" />
+	<test url="http://feedsfast.20min-tv.ch/infinity/default_profile_badges_fr.json" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/20min.ch.xml b/src/chrome/content/rules/20min.ch.xml
new file mode 100644
index 000000000000..0a0c49462bc4
--- /dev/null
+++ b/src/chrome/content/rules/20min.ch.xml
@@ -0,0 +1,24 @@
+<!--
+	Other 20min rulesets:
+		- 20min-tv.ch.xml
+		- 20minuti.ch.xml
+
+	20min.ch has both a wildcard DNS record and a wildcard certificate, so enumerating all subdomains is impossible.
+
+	Mismatched, different cert from rest of domains:
+		- secretescapes
+		- tilllate
+-->
+<ruleset name="20min.ch (partial)">
+	<target host="20min.ch" />
+	<target host="www.20min.ch" />
+	<target host="api.20min.ch" />
+	<target host="deal.20min.ch" />
+	<target host="m.20min.ch" />
+	<target host="mediadaten.20min.ch" />
+	<target host="mediakit.20min.ch" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/20minutes.fr.xml b/src/chrome/content/rules/20minutes.fr.xml
new file mode 100644
index 000000000000..8c6a79b02988
--- /dev/null
+++ b/src/chrome/content/rules/20minutes.fr.xml
@@ -0,0 +1,48 @@
+<!--
+	Time out:
+		20minutes.fr
+
+	Refused:
+		guide-shopping.20minutes.fr
+
+	Invalid certificate:
+		horoscope.20minutes.fr
+		sorties-cinema.20minutes.fr
+		stage-emploi.20minutes.fr
+		www.20minutes-media.com
+		www.panel20minutes.fr
+
+	Different content http/https:
+		club-shopping.20minutes.fr
+
+	Secure connection failed:
+		vosquestions.20minutes.fr
+
+-->
+<ruleset name="20minutes.fr">
+
+	<target host="20minutes.fr" />
+	<target host="www.20minutes.fr" />
+	<target host="cache.20minutes.fr" />
+		<test url="http://cache.20minutes.fr/img/laune/2017/05/19-PAR-preview.jpg" />
+	<target host="lacuisinedannie.20minutes.fr" />
+	<target host="m.20minutes.fr" />
+	<target host="mesnotices.20minutes.fr" />
+	<target host="pdf.20mn.fr" />
+		<test url="http://pdf.20mn.fr/2017/quotidien/20170519_PAR.pdf" />
+
+
+	<target host="assets.20mn.fr" />
+		<test url="http://assets.20mn.fr/front/css/styles.css?26f7d41" />
+	<target host="assets-fusion.20mn.fr" />
+		<test url="http://assets-fusion.20mn.fr/favicon.ico" />
+	<target host="img.20mn.fr" />
+		<test url="http://img.20mn.fr/PRpLd9MZSFW5hTewqB-E_A/120x78_velorue-strasbourg-12-mai-2017" />
+
+	<rule from="^http://20minutes\.fr/"
+		to="https://www.20minutes.fr/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/20minuti.ch.xml b/src/chrome/content/rules/20minuti.ch.xml
new file mode 100644
index 000000000000..4323316e18ca
--- /dev/null
+++ b/src/chrome/content/rules/20minuti.ch.xml
@@ -0,0 +1,13 @@
+<!--
+	For other 20min.ch coverage, see 20min.ch.xml.
+-->
+<ruleset name="20minuti.ch">
+	<target host="20minuti.ch" />
+	<target host="www.20minuti.ch" />
+	<target host="m.20minuti.ch" />
+	<target host="epaper.20minuti.ch" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/21.co.xml b/src/chrome/content/rules/21.co.xml
new file mode 100644
index 000000000000..6d75d4d28de6
--- /dev/null
+++ b/src/chrome/content/rules/21.co.xml
@@ -0,0 +1,32 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://slack.21.co/ (200) => https://slack.21.co/ (526)
+
+	Non-functional hosts
+		4xx client error:
+			 - files.21.co
+-->
+<ruleset name="21.co" default_off="failed ruleset test">
+	<target host="21.co" />
+	<target host="www.21.co" />
+	<target host="api.21.co" />
+		<test url="http://api.21.co/lists/" />
+	<target host="assets.21.co" />
+		<test url="http://assets.21.co/landing/img/landing_tasks/home-profile-sarahjones.png" />
+		<test url="http://assets.21.co/two1docs/bitfs_serve.py" />
+	<target host="bitcoinfees.21.co" />
+	<target host="bitnodes.21.co" />
+	<target host="controller.21.co" />
+	<target host="install.21.co" />
+		<test url="http://install.21.co/21-setup.py" />
+	<target host="mkt.21.co" />
+	<target host="sensor.21.co" />
+	<target host="slack.21.co" />
+	<target host="status.21.co" />
+	<target host="support.21.co" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/21_Century_Rims.xml b/src/chrome/content/rules/21_Century_Rims.xml
deleted file mode 100644
index 146844817a9b..000000000000
--- a/src/chrome/content/rules/21_Century_Rims.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="21 Century Rims">
-
-	<target host="21centuryrims.com" />
-	<target host="*.21centuryrims.com" />
-
-
-	<securecookie host="^(?:.*\.)?21centuryrims\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?21centuryrims\.com/"
-		to="https://$121centuryrims.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/21jingji.com.xml b/src/chrome/content/rules/21jingji.com.xml
new file mode 100644
index 000000000000..8a8c529e37ff
--- /dev/null
+++ b/src/chrome/content/rules/21jingji.com.xml
@@ -0,0 +1,20 @@
+<!--
+	MCB:
+		21jingji.com
+		www.21jingji.com
+
+	Mismatched:
+		epaper.21jingji.com
+-->
+<ruleset name="21jingji.com">
+	<target host="api.21jingji.com" />
+	<target host="app.21jingji.com" />
+	<target host="comment.21jingji.com" />
+	<target host="img.21jingji.com" />
+	<target host="m.21jingji.com" />
+	<target host="static.21jingji.com" />
+	<target host="user.21jingji.com" />
+	<target host="zhuanti.21jingji.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/220volt.hu.xml b/src/chrome/content/rules/220volt.hu.xml
index b30d24449d86..d3cabfc7ebb4 100644
--- a/src/chrome/content/rules/220volt.hu.xml
+++ b/src/chrome/content/rules/220volt.hu.xml
@@ -1,9 +1,16 @@
 <ruleset name="220Volt.hu">
-	<!-- Cert: media.220volt.hu -->
+
+	<!--	Direct rewrites:
+				-->
+	<target host="220volt.hu" />
 	<target host="media.220volt.hu" />
-	<!-- Cert: www.220volt.hu -->
 	<target host="www.220volt.hu" />
 
-	<securecookie host="^www\.220volt\.hu$" name=".*" />
-	<rule from="^http://([^@:/]*)\.220volt\.hu/" to="https://$1.220volt.hu/" />
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/22Fevrier2019.org.xml b/src/chrome/content/rules/22Fevrier2019.org.xml
new file mode 100644
index 000000000000..64371073a2d3
--- /dev/null
+++ b/src/chrome/content/rules/22Fevrier2019.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="22Fevrier2019.org">
+	<target host="22fevrier2019.org" />
+	<target host="www.22fevrier2019.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/2345.cn.xml b/src/chrome/content/rules/2345.cn.xml
new file mode 100644
index 000000000000..20b50c7264fd
--- /dev/null
+++ b/src/chrome/content/rules/2345.cn.xml
@@ -0,0 +1,24 @@
+<!--
+	Related:
+		2345.com.xml
+
+	403:
+		^2345.cn
+
+	Invalid cert:
+		jifendownload.2345.cn
+		tianqi.2345.cn
+		bbs.wan.2345.cn
+		www.2345.cn
+-->
+
+<ruleset name="2345.cn">
+	<target host="bbs.2345.cn" />
+	<target host="login.2345.cn" />
+	<target host="shoujibbs.2345.cn" />
+	<target host="sj.2345.cn" />
+	<target host="sj1.2345.cn" />
+	<target host="wangpai.2345.cn" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/2345.com.xml b/src/chrome/content/rules/2345.com.xml
new file mode 100644
index 000000000000..1cac12464eb9
--- /dev/null
+++ b/src/chrome/content/rules/2345.com.xml
@@ -0,0 +1,103 @@
+<!--
+	Related:
+		2345.cn.xml
+
+	Invalid cert:
+		buy.2345.com
+		chrome.2345.com.2345.com
+		day.2345.com
+		dianying.2345.com
+		dl.2345.com
+		dongman.2345.com
+		haozip.2345.com
+		huodong.2345.com
+		ie.2345.com
+		news.2345.com
+		thp.2345.com
+		tools.2345.com
+		tv.2345.com
+		v.2345.com
+		wan.2345.com
+		mall.wan.2345.com
+		zhushou.2345.com
+
+	MCB:
+		book.2345.com
+		danji.2345.com
+		houtai.2345.com	(break m.2345.com )
+		jifen.2345.com
+		m.2345.com	(break the pics at homepage to show.)
+		my.ie.2345.com
+		shouji.2345.com
+		wangyou.2345.com
+		xiaoyouxi.2345.com
+
+	Redirect to http:
+		www.2345.com.co
+-->
+
+<ruleset name="2345.com">
+	<target host="2345.com" />
+	<target host="www.2345.com" />
+	<target host="daikuan.2345.com" />
+	<target host="downloaddaikuan.2345.com" />
+	<target host="houtai.2345.com" />
+	<target host="img1.2345.com" />
+	<target host="img2.2345.com" />
+	<target host="img3.2345.com" />
+	<target host="img4.2345.com" />
+	<target host="img5.2345.com" />
+	<target host="img6.2345.com" />
+	<target host="imgwx1.2345.com" />
+	<target host="imgwx2.2345.com" />
+	<target host="imgwx3.2345.com" />
+	<target host="imgwx4.2345.com" />
+	<target host="imgwx5.2345.com" />
+	<target host="login.2345.com" />
+	<target host="mdaikuan.2345.com" />
+	<target host="my.2345.com" />
+	<target host="passport.2345.com" />
+	<target host="pay.2345.com" />
+	<target host="pic.2345.com" />
+	<target host="so.2345.com" />
+	<target host="tianqi.2345.com" />
+	<target host="waptianqi.2345.com" />
+
+	<!--	MCB:	-->
+	<target host="jifen.2345.com" />
+		<exclusion pattern="^http://jifen\.2345\.com/(?!api/|images/|jifenimg/|upload/)" />
+		<test url="http://jifen.2345.com/api/" />
+		<test url="http://jifen.2345.com/images/in_progress.gif" />
+		<test url="http://jifen.2345.com/jifenimg/images/zhuanti/app/QR_Code.png" />
+		<test url="http://jifen.2345.com/upload/7_s.jpg" />
+
+		<test url="http://jifen.2345.com/bangzhu" />
+		<test url="http://jifen.2345.com/index.php" />
+		<test url="http://jifen.2345.com/jifen/" />
+		<test url="http://jifen.2345.com/lipin/list" />
+
+	<target host="shouji.2345.com" />
+		<exclusion pattern="^http://shouji\.2345\.com/(?!api/|images/|shoujiimg/|upload/)" />
+		<test url="http://shouji.2345.com/api/" />
+		<test url="http://shouji.2345.com/images/in_progress.gif" />
+		<test url="http://shouji.2345.com/shoujiimg/img/resource/png60/baidu.png" />
+		<test url="http://shouji.2345.com/upload/propaganda/technicians_7205_1478257441.jpg" />
+
+		<test url="http://shouji.2345.com/index.php" />
+		<test url="http://shouji.2345.com/jifen/" />
+		<test url="http://shouji.2345.com/lipin/list" />
+		<test url="http://shouji.2345.com/romzone/" />
+
+	<target host="m.2345.com" />
+		<exclusion pattern="^http://m\.2345\.com/$" />
+		<test url="http://m.2345.com/pages/down.html" />
+		<test url="http://m.2345.com/pages/log.html" />
+
+		<test url="http://m.2345.com/css/common_20160519.css" />
+		<test url="http://m.2345.com/css/index_20160812.css" />
+		<test url="http://m.2345.com/images/flow_logo.png" />
+		<test url="http://m.2345.com/js/func_new.js" />
+		<test url="http://m.2345.com/js/jquery.cookie.js" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/23Systems.xml b/src/chrome/content/rules/23Systems.xml
index 1a292f58c21e..cefde1351ed3 100644
--- a/src/chrome/content/rules/23Systems.xml
+++ b/src/chrome/content/rules/23Systems.xml
@@ -1,13 +1,12 @@
 <ruleset name="23Systems">
 
 	<target host="23systems.net" />
-	<target host="*.23systems.net" />
+	<target host="www.23systems.net" />
 
 
 	<securecookie host="^(?:w*\.)?23systems\.net$" name=".+" />
 
 
-	<rule from="^http://(www\.)?23systems\.net/"
-		to="https://$123systems.net/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/23andMe.com.xml b/src/chrome/content/rules/23andMe.com.xml
index e59c0c945826..6a76ef026b30 100644
--- a/src/chrome/content/rules/23andMe.com.xml
+++ b/src/chrome/content/rules/23andMe.com.xml
@@ -1,20 +1,18 @@
-<!--
-	Note: server is configured for rc4 only.
-
--->
 <ruleset name="23andMe.com">
 
 	<target host="23andme.com" />
 	<target host="www.23andme.com" />
+	<target host="api.23andme.com" />
+	<target host="blog.23andme.com" />
+	<target host="customercare.23andme.com" />
+	<target host="store.23andme.com" />
 
 
+	<securecookie host="^\.23andme\.com$" name="^__cfduid$" />
 	<securecookie host="^(?:www\.)?23andme\.com$" name=".+" />
 
 
-	<!--	While ^ presents a valid cert, it drops
-		the path when redirecting to www.
-						-->
-	<rule from="^http://(?:www\.)?23andme\.com/"
-		to="https://www.23andme.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/24-7-Media-clients.xml b/src/chrome/content/rules/24-7-Media-clients.xml
deleted file mode 100644
index 91326ee927ce..000000000000
--- a/src/chrome/content/rules/24-7-Media-clients.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<!--
-	A ruleset for 24/7 Media clients that have no other rules on by default.
-
-
-	For 24/7 Media proper, see 24-7-Media.xml.
-
--->
-<ruleset name="24/7 Media clients">
-
-	<target host="oascentral.aviationweek.com" />
-	<target host="oascentral.bostonherald.com" />
-	<target host="oascentral.globalpost.com" />
-
-
-	<rule from="^http://oascentral\.bostonherald\.com/"
-		to="https://oasc08.247realmedia.com/" />
-
-	<rule from="^https?://oascentral\.aviationweek\.com/"
-		to="https://oasc10.247realmedia.com/" />
-
-	<rule from="^http://oascentral\.globalpost\.com/"
-		to="https://oasc11.247realmedia.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/24-7-Media.xml b/src/chrome/content/rules/24-7-Media.xml
index 0dab7f826dd7..ce9fbe17bcd9 100644
--- a/src/chrome/content/rules/24-7-Media.xml
+++ b/src/chrome/content/rules/24-7-Media.xml
@@ -1,7 +1,4 @@
 <!--
-	For client coverage, see 24-7-Media-clients.xml.
-
-
 	CDN buckets:
 
 		- imagec14.247realmedia.com.edgesuite.net
@@ -32,7 +29,7 @@
 		- openadstream-eu1.247realmedia.com
 
 
-	Nonexistant 247realmedia.com subdomains:
+	Nonexistent 247realmedia.com subdomains:
 
 		- oasc0[0-4]
 		- oasc1[39]
@@ -55,9 +52,6 @@
 	<rule from="^http://imagec14\.247realmedia\.com/"
 		to="https://oasc14.247realmedia.com/" />
 
-	<rule from="^http://imagec15\.247realmedia\.com/"
-		to="https://a248.e.akamai.net/f/229/1/5m/imagec15.247realmedia.com/" />
-
 	<rule from="^http://imageceu1\.247realmedia\.com/"
 		to="https://oasc-eu1.247realmedia.com/" />
 
@@ -71,7 +65,7 @@
 
 	<!--	Cert mismatch.
 				-->
-	<rule from="^https?://oasc([01]\d)(?:a|\d{1,3})\.247realmedia\.com/"
+	<rule from="^http://oasc([01]\d)(?:a|\d{1,3})\.247realmedia\.com/"
 		to="https://oasc$1.247realmedia.com/" />
 
 	<rule from="^http://network\.realmedia\.com/"
@@ -79,7 +73,7 @@
 
 	<!--	Cert mismatch.
 				-->
-	<rule from="^https?://oas-central\.realmedia\.com/"
+	<rule from="^http://oas-central\.realmedia\.com/"
 		to="https://oasc10.247realmedia.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/24-7_Customer.xml b/src/chrome/content/rules/24-7_Customer.xml
deleted file mode 100644
index 4eecdb6aa11d..000000000000
--- a/src/chrome/content/rules/24-7_Customer.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	Nonfunctional domains:
-
-		- (www.)247-inc.com
-
--->
-<ruleset name="24/7 Customer (partial)">
-
-	<target host="*.247ilabs.com" />
-
-
-	<rule from="^http://(cdn|psp)\.247ilabs\.com/"
-		to="https://$1.247ilabs.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/24-ways.xml b/src/chrome/content/rules/24-ways.xml
index 3a5884cb6f5e..f10a61ddcd31 100644
--- a/src/chrome/content/rules/24-ways.xml
+++ b/src/chrome/content/rules/24-ways.xml
@@ -1,24 +1,9 @@
-<!--
-	CDN buckets:
-
-		- d3dtvigi7xxd4v.cloudfront.net
-
-			- cloud
-
-		- media.24ways.org.s3.amazonaws.com
-
-			- media
-
--->
-<ruleset name="24 ways (partial)">
-
-	<target host="*.24ways.org" />
-
-
-	<rule from="^http://cloud\.24ways\.org/"
-		to="https://d3dtvigi7xxd4v.cloudfront.net/" />
-
-	<rule from="^http://media\.24ways\.org/"
-		to="https://s3.amazonaws.com/media.24ways.org/" />
-
+<ruleset name="24 ways">
+	<target host="24ways.org" />
+	<target host="cloud.24ways.org" />
+	<target host="media.24ways.org" />
+	<target host="www.24ways.org" />
+
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/247filmz.xml b/src/chrome/content/rules/247filmz.xml
index 2b46b36b937d..3817a6e5ddf1 100644
--- a/src/chrome/content/rules/247filmz.xml
+++ b/src/chrome/content/rules/247filmz.xml
@@ -1,4 +1,11 @@
-<ruleset name="247filmz">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://247filmz.com/ => https://247filmz.com/: (51, "SSL: no alternative certificate subject name matches target host name '247filmz.com'")
+Fetch error: http://www.247filmz.com/ => https://www.247filmz.com/: (6, 'Could not resolve host: www.247filmz.com')
+
+-->
+<ruleset name="247filmz" default_off="failed ruleset test">
 
 	<target host="247filmz.com" />
 	<target host="www.247filmz.com" />
@@ -7,7 +14,6 @@
 	<securecookie host="^(?:www\.)?247filmz\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?247filmz\.com/"
-		to="https://$1247filmz.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/24img.com.xml b/src/chrome/content/rules/24img.com.xml
new file mode 100644
index 000000000000..1f5092abe2a8
--- /dev/null
+++ b/src/chrome/content/rules/24img.com.xml
@@ -0,0 +1,27 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://search.24img.com/ => https://search.24img.com/: (6, 'Could not resolve host: search.24img.com')
+
+	Mixed content:
+
+		- Bug on search from c.statcounter.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="24img.com" default_off="failed ruleset test">
+
+	<target host="24img.com" />
+	<target host="search.24img.com" />
+	<target host="www.24img.com" />
+
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/24paybank.com.xml b/src/chrome/content/rules/24paybank.com.xml
new file mode 100644
index 000000000000..b75ac446040c
--- /dev/null
+++ b/src/chrome/content/rules/24paybank.com.xml
@@ -0,0 +1,21 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://24paybank.com/ => https://24paybank.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.24paybank.com/ => https://www.24paybank.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://support.24paybank.com/ => https://support.24paybank.com/: (6, 'Could not resolve host: support.24paybank.com')
+Fetch error: http://www.support.24paybank.com/ => https://www.support.24paybank.com/: (6, 'Could not resolve host: www.support.24paybank.com')
+
+support2.24paybank.com ¹
+
+
+¹ mismatch
+-->
+<ruleset name="24paybank.com" default_off="failed ruleset test">
+	<target host="24paybank.com" />
+	<target host="www.24paybank.com" />
+	<target host="support.24paybank.com" />
+	<target host="www.support.24paybank.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/254a.com.xml b/src/chrome/content/rules/254a.com.xml
deleted file mode 100644
index 55520d9a989c..000000000000
--- a/src/chrome/content/rules/254a.com.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="254a.com">
-
-	<target host="d.254a.com" />
-
-
-	<securecookie host="^d\.254a\.com$" name=".+" />
-
-
-	<rule from="^http://d\.254a\.com/"
-		to="https://d.254a.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/256.com.xml b/src/chrome/content/rules/256.com.xml
deleted file mode 100644
index 0fa1a7e03583..000000000000
--- a/src/chrome/content/rules/256.com.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	Problematic subdomains:
-
-		- www	(cert only matches ^256.com)
-
--->
-<ruleset name="256.com">
-
-	<target host="256.com" />
-	<target host="www.256.com" />
-
-
-	<rule from="^http://(?:www\.)?256\.com/"
-		to="https://256.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/256stuff.com.xml b/src/chrome/content/rules/256stuff.com.xml
new file mode 100644
index 000000000000..519d69ef2797
--- /dev/null
+++ b/src/chrome/content/rules/256stuff.com.xml
@@ -0,0 +1,14 @@
+<!--
+	Mismatched:
+		- www
+		- outside
+-->
+<ruleset name="256stuff.com">
+	<target host="256stuff.com" />
+	<target host="www.256stuff.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://www\.256stuff\.com/" to="https://256stuff.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/25thandclement.com.xml b/src/chrome/content/rules/25thandclement.com.xml
new file mode 100644
index 000000000000..dacc742d9b1f
--- /dev/null
+++ b/src/chrome/content/rules/25thandclement.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="25thandclement.com">
+	<target host="25thandclement.com" />
+	<target host="www.25thandclement.com" />
+	<target host="wilbur.25thandclement.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/2600.com.xml b/src/chrome/content/rules/2600.com.xml
new file mode 100644
index 000000000000..1bb8c5cf1cb7
--- /dev/null
+++ b/src/chrome/content/rules/2600.com.xml
@@ -0,0 +1,35 @@
+<!--
+	^2600.com: Dropped
+
+
+	Insecure cookies are set for these hosts:
+
+		- store.2600.com
+
+-->
+<ruleset name="2600.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="store.2600.com" />
+	<target host="www.2600.com" />
+
+	<!--	Complications:
+				-->
+	<target host="2600.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^store\.2600\.com$" name="^c(?:art|ustomer)_sig$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://2600\.com/"
+		to="https://www.2600.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/2Checkout-mismatches.xml b/src/chrome/content/rules/2Checkout-mismatches.xml
index e8d293e19e08..28b2a58c860a 100644
--- a/src/chrome/content/rules/2Checkout-mismatches.xml
+++ b/src/chrome/content/rules/2Checkout-mismatches.xml
@@ -2,13 +2,15 @@
 	For rules that are on by default, see 2Checkout.xml.
 
 -->
-<ruleset name="2Checkout (mismatches)" default_off="mismatch">
+<ruleset name="2Checkout.com (mismatches)" default_off="mismatched">
 
-	<!--	Cert: *.gridserver.com	-->
-	<target host="developers.2checkout.com" />
+	<target host="go.2checkout.com" />
 
 
-	<rule from="^http://developers\.2checkout\.com/"
-		to="https://developers.2checkout.com/" />
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/2Checkout.xml b/src/chrome/content/rules/2Checkout.xml
index a687b03202b7..6d19d56fe1e6 100644
--- a/src/chrome/content/rules/2Checkout.xml
+++ b/src/chrome/content/rules/2Checkout.xml
@@ -1,25 +1,55 @@
 <!--
 	For problematic rules, see 2Checkout-mismatches.xml.
 
+	Other 2Checkout rulesets:
+
+		- 2co.co.xml
+
+
+	Nonfunctional hosts in *2checkout.com:
+
+		- help ʰ
+
+	ʰ Salesforce / redirects to http
+
+
+	Problematic hosts in *2checkout.com:
+
+		- go ᵐ
+
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these domains: ᶜ
+
+		- .go.2checkout.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Images on go from img03.en25.com ˢ
+		- favicon on go from help.2checkout.com
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
 -->
-<ruleset name="2Checkout (partial)">
+<ruleset name="2Checkout.com (partial)">
 
-	<target host="*.2co.com" />
 	<target host="2checkout.com" />
-	<!--	* for cross-domain cookie.	-->
-	<target host="*.2checkout.com" />
+	<target host="sandbox.2checkout.com" />
+	<target host="www.2checkout.com" />
 
 
-	<securecookie host="^shopping\.2co\.com$" name=".*" />
-	<securecookie host="^\.2checkout\.com$" name=".*" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.go\.2checkout\.com$" name="^ELOQUA$" /-->
 
+	<securecookie host=".+" name=".+" />
 
-	<!--	Cert only matches www.	-->
-	<rule from="^https?://(?:www\.)?2checkout\.com/"
-		to="https://www.2checkout.com/" />
 
-	<!--	//2co.com shows sedo domain parking page.	-->
-	<rule from="^http://(shopping|www)\.2co\.com/"
-		to="https://$1.2co.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/2Dialog.com.xml b/src/chrome/content/rules/2Dialog.com.xml
index c7885f448e4f..04ca950d87fa 100644
--- a/src/chrome/content/rules/2Dialog.com.xml
+++ b/src/chrome/content/rules/2Dialog.com.xml
@@ -1,8 +1,16 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://2dialog.com/ => http://2dialog.com/: (7, 'Failed to connect to 2dialog.com port 80: Connection refused')
+Fetch error: http://www.2dialog.com/ => http://www.2dialog.com/: (7, 'Failed to connect to www.2dialog.com port 80: Connection refused')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://2dialog.com/ => http://2dialog.com/: Redirect for 'http://www.2dialog.com/' missing Location
+Fetch error: http://www.2dialog.com/ => http://www.2dialog.com/: Redirect for 'http://www.2dialog.com/' missing Location
 	Some pages redirect to http.../$
 
 -->
-<ruleset name="2Dialog.com (partial)">
+<ruleset name="2Dialog.com (partial)" default_off="failed ruleset test">
 
 	<target host="2dialog.com" />
 	<target host="www.2dialog.com" />
@@ -11,4 +19,4 @@
 	<rule from="^http://(www\.)?2dialog\.com/([\w-]+/admin\.php|(?:[\w-]+/)?(?:cs|image|j)s/|favicon\.ico)"
 		to="https://$12dialog.com/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/2GIS.ru.xml b/src/chrome/content/rules/2GIS.ru.xml
new file mode 100644
index 000000000000..2c34c624788a
--- /dev/null
+++ b/src/chrome/content/rules/2GIS.ru.xml
@@ -0,0 +1,30 @@
+<!--
+	Nonfunctional subdomains:
+
+		- dexp *
+		- info *
+		- redirect *
+
+	* Shops another domain
+
+
+	www: prints numbers
+
+
+	Fully covered subdomains:
+
+		- (www.)?	(www → ^)
+		- apps
+
+-->
+<ruleset name="2GIS.ru (partial)">
+
+	<target host="2gis.ru" />
+	<target host="app.2gis.ru" />
+	<target host="www.2gis.ru" />
+
+
+	<rule from="^http://(?:(app\.)|www\.)?2gis\.ru/"
+		to="https://$12gis.ru/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/2K.com.xml b/src/chrome/content/rules/2K.com.xml
new file mode 100644
index 000000000000..2cfdddc5fe11
--- /dev/null
+++ b/src/chrome/content/rules/2K.com.xml
@@ -0,0 +1,67 @@
+<!--
+	Other 2K Games rulesets:
+
+		- 2K_Games.xml
+		- 2K_Sports.xml
+		- BioShock_Infinite.xml
+
+
+	Nonfunctional hosts in *2k.com:
+
+		- forums ¹
+		- store ²
+		- support ³
+
+	¹ 404
+	² Digital River
+	³ Zendesk
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .2k.com
+		- www.2k.com
+
+-->
+<ruleset name="2K.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="2k.com" />
+	<target host="api.2k.com" />
+	<target host="blog.2k.com" />
+	<target host="store.2k.com" />
+	<target host="www.2k.com" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://store\.2k\.com/store\?Action=home" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://store\.2k\.com/+(?!Admin/|DRHM/|favicon\.io)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://store.2k.com/sale" />
+			<test url="http://store.2k.com/store" />
+			<test url="http://store.2k.com/store?Action=home" />
+
+			<!--	-ve:
+					-->
+			<test url="http://store.2k.com/favicon.ico" />
+
+
+	<!--	Not secure by server:
+					-->
+	<!--securecookie host="^\.2k\.com$" name="^(?:PHPSESSID|blog-2k_(?:last_activity|last_visit|tracker))$" /-->
+	<!--securecookie host="^www\.2k\.com$" name="^2K$" /-->
+
+	<securecookie host="^\.2k\.com$" name="^(?:PHPSESSID|blog-2k_(?:last_activity|last_visit|tracker))$" />
+	<securecookie host="^www\.2k\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/2K_Games.xml b/src/chrome/content/rules/2K_Games.xml
index 2578c7c024c8..f8620958fea3 100644
--- a/src/chrome/content/rules/2K_Games.xml
+++ b/src/chrome/content/rules/2K_Games.xml
@@ -1,38 +1,44 @@
 <!--
-	Other 2K Games rulesets:
-
-		- 2K_Sports.xml
-		- BioShock_Infinite.xml
-
-
-	Nonfunctional domains:
-
-		- forums.2kgames.com	(shows Citizen Skywatch website, CN: www.2kgames.com)
-
-
-	Problematic domains:
-
-		- 2kgames.com	(cert only matches www)
-
+	For other 2K Games coverage, see
+		+ 2K.com.xml
+
+	Non-functional hosts
+		Timeout was reached:
+		- cha.2kgames.com
+		- mx1.2kgames.com
+		- mx2.2kgames.com
+		- mxout1.2kgames.com
+		- staging.2kgames.com
+
+		SSL peer certificate was not OK:
+		- forums.2kgames.com
+		- support.2kgames.com
+		- wiki.2kgames.com
+
+		Incomplete certificate chain error:
+		- remote.2kgames.com
+
+		Different content:
+		- 2kgames.com
 -->
-<ruleset name="2K Games (partial)">
-
-	<target host="store.2k.com" />
-	<target host="2kgames.com" />
-	<target host="*.2kgames.com" />
-
-
-	<securecookie host="^store\.2k\.com$" name=".+" />
-	<securecookie host="^.+\.2kgames\.com" name=".+" />
-
-
-	<rule from="^http://store\.2k\.com/"
-		to="https://store.2k.com/" />
-
-	<rule from="^https?://(?:www\.)?2kgames\.com/"
-		to="https://www.2kgames.com/" />
-
-	<rule from="^http://downloads\.2kgames\.com/"
-		to="https://downloads.2kgames.com/" />
-
-</ruleset>
\ No newline at end of file
+<ruleset name="2K Games.com (partial)">
+	<!-- *2kgames.com -->
+	<target host="2kgbalsecfw1.2kgames.com" />
+	<target host="2kgnovsecfw1.2kgames.com" />
+	<target host="cdn.2kgames.com" />
+	<target host="downloads.2kgames.com" />
+	<target host="lync.2kgames.com" />
+	<target host="lyncdiscover.2kgames.com" />
+	<target host="mail.2kgames.com" />
+	<target host="mindlink.2kgames.com" />
+	<target host="share.2kgames.com" />
+	<target host="sip.2kgames.com" />
+	<target host="www.2kgames.com" />
+	<target host="xlocturbo.2kgames.com" />
+
+	<!-- *xcom.com -->
+	<target host="xcom.com" />
+	<target host="www.xcom.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/2K_Sports.xml b/src/chrome/content/rules/2K_Sports.xml
index fe28df1419d5..1e310410bdf5 100644
--- a/src/chrome/content/rules/2K_Sports.xml
+++ b/src/chrome/content/rules/2K_Sports.xml
@@ -1,17 +1,22 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://2ksports.com/ => https://2ksports.com/: (35, 'error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure')
+Fetch error: http://www.2ksports.com/ => https://www.2ksports.com/: (35, 'error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure')
+
 	For other 2K Games coverage, see 2K_Games.xml.
 
 -->
-<ruleset name="2K Sports">
+<ruleset name="2K Sports.com" default_off="failed ruleset test">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="2ksports.com" />
-	<target host="*.2ksports.com" />
-
-
-	<securecookie host="^(?:www\.)?2ksports\.com$" name=".+" />
+	<!--target host="\w.2k13-fb.2ksports.com" /-->
+	<target host="www.2ksports.com" />
 
 
-	<rule from="^http://(\w\.2k13-fb\.|www\.)?2ksports\.com/"
-		to="https://$12ksports.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/2PipFixed.xml b/src/chrome/content/rules/2PipFixed.xml
deleted file mode 100644
index 0b23ac4eb093..000000000000
--- a/src/chrome/content/rules/2PipFixed.xml
+++ /dev/null
@@ -1,26 +0,0 @@
-<!--
-	Mixed content:
-
-		- css on ^ from ^ *
-
-		- Images, on ^ from:
-
-			- ^ *
-			- 1lotstp.com *
-
-	* Secured by us
-
--->
-<ruleset name="2PipFixed (false MCB)" platform="mixedcontent">
-
-	<target host="2pipfixed.com" />
-	<target host="*.2pipfixed.com" />
-
-
-	<securecookie host="^(?:w*\.)?2pipfixed\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?2pipfixed\.com/"
-		to="https://$12pipfixed.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/2_Ton.com.au.xml b/src/chrome/content/rules/2_Ton.com.au.xml
new file mode 100644
index 000000000000..a16e58dff5d8
--- /dev/null
+++ b/src/chrome/content/rules/2_Ton.com.au.xml
@@ -0,0 +1,18 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.2ton.com.au/ => https://www.2ton.com.au/: (51, "SSL: no alternative certificate subject name matches target host name 'www.2ton.com.au'")
+
+-->
+<ruleset name="2 Ton.com.au" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="2ton.com.au" />
+	<target host="www.2ton.com.au" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/2buntu.com.xml b/src/chrome/content/rules/2buntu.com.xml
new file mode 100644
index 000000000000..6170844bc3b9
--- /dev/null
+++ b/src/chrome/content/rules/2buntu.com.xml
@@ -0,0 +1,25 @@
+<!--
+	www.2buntu.com: Mismatched
+
+-->
+<ruleset name="2buntu.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="2buntu.com" />
+
+	<!--	Complications:
+				-->
+	<target host="www.2buntu.com" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://www\.2buntu\.com/"
+		to="https://2buntu.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/2ch.cm.xml b/src/chrome/content/rules/2ch.cm.xml
new file mode 100644
index 000000000000..bf553e49f91a
--- /dev/null
+++ b/src/chrome/content/rules/2ch.cm.xml
@@ -0,0 +1,20 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://2ch.cm/ => https://2ch.cm/: (51, "SSL: no alternative certificate subject name matches target host name '2ch.cm'")
+Fetch error: http://www.2ch.cm/ => https://www.2ch.cm/: (51, "SSL: no alternative certificate subject name matches target host name 'www.2ch.cm'")
+
+-->
+<ruleset name="2ch.cm" default_off="failed ruleset test">
+
+	<target host="2ch.cm" />
+	<target host="www.2ch.cm" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/2ch.hk.xml b/src/chrome/content/rules/2ch.hk.xml
index 23a0227c69eb..37371279e5c7 100644
--- a/src/chrome/content/rules/2ch.hk.xml
+++ b/src/chrome/content/rules/2ch.hk.xml
@@ -1,12 +1,13 @@
 <ruleset name="2ch.hk">
 
 	<target host="2ch.hk" />
-	<target host="*.2ch.hk" />
+	<target host="www.2ch.hk" />
 
-	<securecookie host="^\.?2ch\.hk$" name=".+" />
 
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(www\.)?2ch\.hk/"
-		to="https://2ch.hk/" />
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/2ch.net.xml b/src/chrome/content/rules/2ch.net.xml
new file mode 100644
index 000000000000..ded17a2a59a9
--- /dev/null
+++ b/src/chrome/content/rules/2ch.net.xml
@@ -0,0 +1,246 @@
+<!--
+	Nonfunctional hosts in *2ch.net:
+
+		- headline ʳ
+
+	ʳ Refused
+
+
+	Mixed content:
+
+		- css on info, itest from $self ˢ
+		- Images on (www.)?, (board_name) from www.2ch.net ˢ
+
+		- Ads / bugs, on:
+
+			- (www.)? from img.bbchat.tv ᵈ
+			- www2 from vsc.send.microad.jp ᵈ
+
+	ᵈ Unsecurable <= dropped
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="2ch.net" platform="mixedcontent">
+
+	<target host="2ch.net" />
+	<target host="*.2ch.net" />
+
+		<exclusion pattern="^http://(?:headline\.|(?:[^./]+\.){2,})2ch\.net/" />
+
+			<!--	+ve:
+					-->
+			<test url="http://headline.2ch.net/" />
+			<test url="http://this.host.2ch.net/" />
+			<test url="http://exists.not.2ch.net/" />
+
+		<test url="http://1999.2ch.net/" />
+		<test url="http://2002a.2ch.net/" />
+		<test url="http://2chplus.2ch.net/" />
+		<test url="http://aa.2ch.net/" />
+		<test url="http://aa2.2ch.net/" />
+		<test url="http://aa3.2ch.net/" />
+		<test url="http://aa4.2ch.net/" />
+		<test url="http://aa5.2ch.net/" />
+		<test url="http://aa6.2ch.net/" />
+		<test url="http://academy.2ch.net/" />
+		<test url="http://academy2.2ch.net/" />
+		<test url="http://academy3.2ch.net/" />
+		<test url="http://academy4.2ch.net/" />
+		<test url="http://academy5.2ch.net/" />
+		<test url="http://academy6.2ch.net/" />
+		<test url="http://afox.2ch.net/" />
+		<test url="http://ai.2ch.net/" />
+		<test url="http://anchorage.2ch.net/" />
+		<test url="http://anime.2ch.net/" />
+		<test url="http://anime2.2ch.net/" />
+		<test url="http://anime3.2ch.net/" />
+		<test url="http://atlanta.2ch.net/" />
+		<test url="http://book.2ch.net/" />
+		<test url="http://book2.2ch.net/" />
+		<test url="http://book3.2ch.net/" />
+		<test url="http://book4.2ch.net/" />
+		<test url="http://bubble2.2ch.net/" />
+		<test url="http://bubble3.2ch.net/" />
+		<test url="http://bubble4.2ch.net/" />
+		<test url="http://bubble5.2ch.net/" />
+		<test url="http://bubble6.2ch.net/" />
+		<test url="http://c.2ch.net/" />
+		<test url="http://caramel.2ch.net/" />
+		<test url="http://carpenter.2ch.net/" />
+		<test url="http://changi.2ch.net/" />
+		<test url="http://cheese.2ch.net/" />
+		<test url="http://choco.2ch.net/" />
+		<test url="http://cocoa.2ch.net/" />
+		<test url="http://comic.2ch.net/" />
+		<test url="http://comic2.2ch.net/" />
+		<test url="http://comic3.2ch.net/" />
+		<test url="http://comic4.2ch.net/" />
+		<test url="http://comic5.2ch.net/" />
+		<test url="http://comic6.2ch.net/" />
+		<test url="http://comic7.2ch.net/" />
+		<test url="http://corn.2ch.net/" />
+		<test url="http://curry.2ch.net/" />
+		<test url="http://dig.2ch.net/" />
+		<test url="http://ebi.2ch.net/" />
+		<test url="http://echo.2ch.net/" />
+		<test url="http://etc.2ch.net/" />
+		<test url="http://etc2.2ch.net/" />
+		<test url="http://etc3.2ch.net/" />
+		<test url="http://etc4.2ch.net/" />
+		<test url="http://etc5.2ch.net/" />
+		<test url="http://etc6.2ch.net/" />
+		<test url="http://etc7.2ch.net/" />
+		<test url="http://ex.2ch.net/" />
+		<test url="http://ex2.2ch.net/" />
+		<test url="http://ex3.2ch.net/" />
+		<test url="http://ex4.2ch.net/" />
+		<test url="http://ex5.2ch.net/" />
+		<test url="http://ex6.2ch.net/" />
+		<test url="http://ex7.2ch.net/" />
+		<test url="http://ex8.2ch.net/" />
+		<test url="http://ex9.2ch.net/" />
+		<test url="http://ex10.2ch.net/" />
+		<test url="http://ex11.2ch.net/" />
+		<test url="http://ex12.2ch.net/" />
+		<test url="http://ex13.2ch.net/" />
+		<test url="http://ex14.2ch.net/" />
+		<test url="http://ex15.2ch.net/" />
+		<test url="http://ex16.2ch.net/" />
+		<test url="http://ex17.2ch.net/" />
+		<test url="http://ex18.2ch.net/" />
+		<test url="http://ex19.2ch.net/" />
+		<test url="http://ex20.2ch.net/" />
+		<test url="http://ex21.2ch.net/" />
+		<test url="http://ex23.2ch.net/" />
+		<test url="http://ex24.2ch.net/" />
+		<test url="http://ex25.2ch.net/" />
+		<test url="http://food.2ch.net/" />
+		<test url="http://food2.2ch.net/" />
+		<test url="http://food3.2ch.net/" />
+		<test url="http://food5.2ch.net/" />
+		<test url="http://food6.2ch.net/" />
+		<test url="http://food7.2ch.net/" />
+		<test url="http://food8.2ch.net/" />
+		<test url="http://fox.2ch.net/" />
+		<test url="http://gamble.2ch.net/" />
+		<test url="http://gamble2.2ch.net/" />
+		<test url="http://game.2ch.net/" />
+		<test url="http://game3.2ch.net/" />
+		<test url="http://game5.2ch.net/" />
+		<test url="http://game6.2ch.net/" />
+		<test url="http://game7.2ch.net/" />
+		<test url="http://game8.2ch.net/" />
+		<test url="http://game9.2ch.net/" />
+		<test url="http://game10.2ch.net/" />
+		<test url="http://game11.2ch.net/" />
+		<test url="http://game12.2ch.net/" />
+		<test url="http://game13.2ch.net/" />
+		<test url="http://game14.2ch.net/" />
+		<test url="http://gimpo.2ch.net/" />
+		<test url="http://hayabusa.2ch.net/" />
+		<test url="http://hayabusa8.2ch.net/" />
+		<test url="http://hideyoshi.2ch.net/" />
+		<test url="http://hobby.2ch.net/" />
+		<test url="http://hobby2.2ch.net/" />
+		<test url="http://hobby3.2ch.net/" />
+		<test url="http://hobby4.2ch.net/" />
+		<test url="http://hobby5.2ch.net/" />
+		<test url="http://hobby6.2ch.net/" />
+		<test url="http://hobby7.2ch.net/" />
+		<test url="http://hobby8.2ch.net/" />
+		<test url="http://hobby9.2ch.net/" />
+		<test url="http://hobby10.2ch.net/" />
+		<test url="http://hobby11.2ch.net/" />
+		<test url="http://human.2ch.net/" />
+		<test url="http://human2.2ch.net/" />
+		<test url="http://human5.2ch.net/" />
+		<test url="http://human6.2ch.net/" />
+		<test url="http://human7.2ch.net/" />
+		<test url="http://ikura.2ch.net/" />
+		<test url="http://img.2ch.net/" />
+		<test url="http://info.2ch.net/" />
+		<test url="http://invisible.2ch.net/" />
+		<test url="http://itest.2ch.net/" />
+		<test url="http://jbbs.2ch.net/" />
+		<test url="http://jfk.2ch.net/" />
+		<test url="http://kaba.2ch.net/" />
+		<test url="http://kamome.2ch.net/" />
+		<test url="http://kanae.2ch.net/" />
+		<test url="http://kitanet.2ch.net/" />
+		<test url="http://kohada.2ch.net/" />
+		<test url="http://life.2ch.net/" />
+		<test url="http://life2.2ch.net/" />
+		<test url="http://life3.2ch.net/" />
+		<test url="http://life4.2ch.net/" />
+		<test url="http://life5.2ch.net/" />
+		<test url="http://life6.2ch.net/" />
+		<test url="http://life7.2ch.net/" />
+		<test url="http://life8.2ch.net/" />
+		<test url="http://life9.2ch.net/" />
+		<test url="http://live.2ch.net/" />
+		<test url="http://live19.2ch.net/" />
+		<test url="http://live20.2ch.net/" />
+		<test url="http://love.2ch.net/" />
+		<test url="http://love2.2ch.net/" />
+		<test url="http://love3.2ch.net/" />
+		<test url="http://maguro.2ch.net/" />
+		<test url="http://mamono.2ch.net/" />
+		<test url="http://memories2.2ch.net/" />
+		<test url="http://mentai.2ch.net/" />
+		<test url="http://menu.2ch.net/" />
+		<test url="http://mint.2ch.net/" />
+		<test url="http://money.2ch.net/" />
+		<test url="http://money4.2ch.net/" />
+		<test url="http://music.2ch.net/" />
+		<test url="http://music2.2ch.net/" />
+		<test url="http://music8.2ch.net/" />
+		<test url="http://namidame.2ch.net/" />
+		<test url="http://natto.2ch.net/" />
+		<test url="http://news.2ch.net/" />
+		<test url="http://news2.2ch.net/" />
+		<test url="http://newsnavi.2ch.net/" />
+		<test url="http://o-o.2ch.net/" />
+		<test url="http://off.2ch.net/" />
+		<test url="http://off3.2ch.net/" />
+		<test url="http://ooo.2ch.net/" />
+		<test url="http://orpheus.2ch.net/" />
+		<test url="http://oyster.2ch.net/" />
+		<test url="http://pc.2ch.net/" />
+		<test url="http://penguin.2ch.net/" />
+		<test url="http://piza.2ch.net/" />
+		<test url="http://piza2.2ch.net/" />
+		<test url="http://potato.2ch.net/" />
+		<test url="http://premium.2ch.net/" />
+		<test url="http://pyon.2ch.net/" />
+		<test url="http://qa.2ch.net/" />
+		<test url="http://qb.2ch.net/" />
+		<test url="http://saki.2ch.net/" />
+		<test url="http://salad.2ch.net/" />
+		<test url="http://salami.2ch.net/" />
+		<test url="http://schiphol.2ch.net/" />
+		<test url="http://school.2ch.net/" />
+		<test url="http://school2.2ch.net/" />
+		<test url="http://science.2ch.net/" />
+		<test url="http://sports.2ch.net/" />
+		<test url="http://teri.2ch.net/" />
+		<test url="http://that.2ch.net/" />
+		<test url="http://that4.2ch.net/" />
+		<test url="http://tmp.2ch.net/" />
+		<test url="http://ton.2ch.net/" />
+		<test url="http://tv.2ch.net/" />
+		<test url="http://viper.2ch.net/" />
+		<test url="http://www.2ch.net/" />
+		<test url="http://www2.2ch.net/" />
+		<test url="http://wwwww.2ch.net/" />
+		<test url="http://yasai.2ch.net/" />
+		<test url="http://yomogi.2ch.net/" />
+
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/2chan.net.xml b/src/chrome/content/rules/2chan.net.xml
new file mode 100644
index 000000000000..286035cf107d
--- /dev/null
+++ b/src/chrome/content/rules/2chan.net.xml
@@ -0,0 +1,30 @@
+<!--
+	502 status code:
+		- mail.2chan.net
+
+	Insecure cookies are set for these domains:
+		- .2chan.net
+
+	Server not found:
+		- 2chan.net
+
+	Unable to connect:
+		- test.2chan.net
+-->
+<ruleset name="2chan.net">
+	<target host="www.2chan.net" />
+	<target host="cgi.2chan.net" />
+	<target host="dat.2chan.net" />
+	<target host="dec.2chan.net" />
+	<target host="img.2chan.net" />
+	<target host="ipv6.2chan.net" />
+	<target host="jun.2chan.net" />
+	<target host="may.2chan.net" />
+	<target host="nov.2chan.net" />
+	<target host="tmp.2chan.net" />
+	<target host="zip.2chan.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/2cnt.net.xml b/src/chrome/content/rules/2cnt.net.xml
new file mode 100644
index 000000000000..46bc9daba268
--- /dev/null
+++ b/src/chrome/content/rules/2cnt.net.xml
@@ -0,0 +1,31 @@
+<!--
+	Fully covered hosts in *2cnt.net:
+
+		- ssl-fromcs
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .2cnt.net
+		- ssl-fromcs.2cnt.net
+
+-->
+<ruleset name="2cnt.net">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ssl-fromcs.2cnt.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.2cnt\.net$" name="^i00$" /-->
+	<!--securecookie host="^ssl-fromcs\.2cnt\.net$" name="^srp$" /-->
+
+	<securecookie host="^ssl-fromcs\.2cnt\.net$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/2co.co.xml b/src/chrome/content/rules/2co.co.xml
new file mode 100644
index 000000000000..798e031df126
--- /dev/null
+++ b/src/chrome/content/rules/2co.co.xml
@@ -0,0 +1,30 @@
+<!--
+	For other 2Checkout coverage, see 2Checkout.xml.
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- 2co.com
+		- www.2co.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="2CO.com">
+
+	<target host="2co.com" />
+	<target host="support.2co.com" />
+	<target host="www.2co.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?2o\.com$" name="^selfservice_session$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/2cyr.com.xml b/src/chrome/content/rules/2cyr.com.xml
new file mode 100644
index 000000000000..67541316df25
--- /dev/null
+++ b/src/chrome/content/rules/2cyr.com.xml
@@ -0,0 +1,16 @@
+<!--
+www.2cyr.com ⁵
+
+
+⁵ expired
+-->
+<ruleset name="2cyr.com">
+	<target host="2cyr.com" />
+
+	<target host="www.2cyr.com" />
+
+	<rule from="^http://www\.2cyr\.com/"
+		to="https://2cyr.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/2dehands.be.xml b/src/chrome/content/rules/2dehands.be.xml
new file mode 100644
index 000000000000..273dccf81d7c
--- /dev/null
+++ b/src/chrome/content/rules/2dehands.be.xml
@@ -0,0 +1,38 @@
+<!--
+	Other related ruleset:
+		- 2ememain.be.xml
+
+	Non-functional subdomains:
+
+		- blog	(r)
+		- cars	(t)
+		- www.haddock	(r)
+		- hobbyswitch	(r)
+		- perskamer	(r)
+		- protool	(r)
+		- www.xp	(r)
+		- img.xp	(r)
+		- www.xp2	(r)
+		- img.xp2	(r)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+
+	Host has wildcard DNS
+-->
+<ruleset name="2dehands.be">
+
+	<target host="2dehands.be" />
+	<target host="www.2dehands.be" />
+	<target host="admarkt.2dehands.be" />
+	<target host="img.2dehands.be" />
+
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/2ememain.be.xml b/src/chrome/content/rules/2ememain.be.xml
new file mode 100644
index 000000000000..32ecae7faa52
--- /dev/null
+++ b/src/chrome/content/rules/2ememain.be.xml
@@ -0,0 +1,37 @@
+<!--
+	For other related ruleset, see 2dehands.be.xml
+
+	Non-functional subdomains:
+
+		- aide	(m)
+		- blog	(r)
+		- cars	(t)
+		- espace-presse	(r)
+		- www.haddock	(r)
+		- protool	(r)
+		- support	(m)
+		- www.xp	(r)
+		- img.xp	(r)
+		- www.xp2	(r)
+		- img.xp2	(r)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+
+	Host has wildcard DNS
+-->
+<ruleset name="2ememain.be">
+
+	<target host="2ememain.be" />
+	<target host="www.2ememain.be" />
+	<target host="admarkt.2ememain.be" />
+	<target host="img.2ememain.be" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/2ip.ru.xml b/src/chrome/content/rules/2ip.ru.xml
new file mode 100644
index 000000000000..a6f23359ebcc
--- /dev/null
+++ b/src/chrome/content/rules/2ip.ru.xml
@@ -0,0 +1,6 @@
+<ruleset name="2ip.ru">
+	<target host="2ip.ru" />
+	<target host="www.2ip.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/2kom.ru.xml b/src/chrome/content/rules/2kom.ru.xml
new file mode 100644
index 000000000000..87258edf931b
--- /dev/null
+++ b/src/chrome/content/rules/2kom.ru.xml
@@ -0,0 +1,16 @@
+<!--
+gazetauzao.2kom.ru self signed
+promo.2kom.ru mismatch
+dc.2kom.ru timed out
+old.2kom.ru mismatch
+radio.2kom.ru timed out
+forum.2kom.ru mismatch
+speedtest.2kom.ru timed out
+-->
+<ruleset name="2kom.ru">
+	<target host="2kom.ru" />
+	<target host="www.2kom.ru" />
+	<target host="portal.2kom.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/2mdn.net.xml b/src/chrome/content/rules/2mdn.net.xml
index 498a25cf7bd4..f9d314dc2268 100644
--- a/src/chrome/content/rules/2mdn.net.xml
+++ b/src/chrome/content/rules/2mdn.net.xml
@@ -5,9 +5,20 @@
 <ruleset name="2mdn.net">
 
 	<target host="s0.2mdn.net" />
+	<target host="s1.2mdn.net" />
 
+		<!--	https://trac.torproject.org/projects/tor/ticket/11755
 
-	<rule from="^http://s0\.2mdn\.net/"
-		to="https://s0.2mdn.net/" />
+			Breaks videos on http://www.bbc.co.uk/news/video_and_audio/video/ –
+			e.g., http://www.bbc.co.uk/news/uk-27275344.
+											-->
+		<exclusion pattern="http://s\d\.2mdn\.net/instream/flash/v3/" />
 
-</ruleset>
\ No newline at end of file
+			<test url="http://s0.2mdn.net/instream/flash/v3/" />
+			<test url="http://s1.2mdn.net/instream/flash/v3/" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/2nd_Vote.com.xml b/src/chrome/content/rules/2nd_Vote.com.xml
new file mode 100644
index 000000000000..93edbf0b5507
--- /dev/null
+++ b/src/chrome/content/rules/2nd_Vote.com.xml
@@ -0,0 +1,17 @@
+<!--
+	Mixed content:
+
+		- Images from s3.amazonaws.com *
+
+	* Secured by us
+
+-->
+<ruleset name="2nd Vote.com">
+
+	<target host="2ndvote.com" />
+	<target host="www.2ndvote.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/2o7.net.xml b/src/chrome/content/rules/2o7.net.xml
new file mode 100644
index 000000000000..a6aa5fa241d6
--- /dev/null
+++ b/src/chrome/content/rules/2o7.net.xml
@@ -0,0 +1,25 @@
+<!--
+	For other Adobe coverage, see Adobe.xml.
+
+-->
+<ruleset name="2o7.net">
+
+	<target host="112.2o7.net" />
+	<target host="*.112.2o7.net" />
+		<test url="http://www.112.2o7.net/optout.html" />
+		<test url="http://cewecolor.112.2o7.net/optout.html" />
+		<test url="http://truckstore.112.2o7.net/optout.html" />
+
+	<target host="122.2o7.net" />
+		<test url="http://122.2o7.net/optout.html" />
+	<target host="*.122.2o7.net" />
+		<test url="http://www.122.2o7.net/optout.html" />
+		<test url="http://independent.122.2o7.net/b/ss/indepdev/1/H.27.5--NS/0" />
+		<test url="http://truckstore.122.2o7.net/optout.html" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/2pay.ru.xml b/src/chrome/content/rules/2pay.ru.xml
new file mode 100644
index 000000000000..200d90c53664
--- /dev/null
+++ b/src/chrome/content/rules/2pay.ru.xml
@@ -0,0 +1,25 @@
+<!--
+	For other Xsolla coverage, see Xsolla.xml.
+
+
+	(www.)?2pay.ru: Mismatched
+
+-->
+<ruleset name="2pay.ru">
+
+	<!--	Complications:
+				-->
+	<target host="2pay.ru" />
+	<target host="www.2pay.ru" />
+
+
+	<!--	Redirect drops path and forward
+		slash, but not args:
+					-->
+	<rule from="^http://(?:www\.)?2pay\.ru/[^?]*"
+		to="https://www.xsolla.com/" />
+
+		<test url="http://2pay.ru//home.php" />
+		<test url="http://www.2pay.ru//home.php" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/2shared.xml b/src/chrome/content/rules/2shared.xml
index 00f93fc662bb..5fa1a3b29161 100644
--- a/src/chrome/content/rules/2shared.xml
+++ b/src/chrome/content/rules/2shared.xml
@@ -1,11 +1,11 @@
-<ruleset name="2shared" default_off="mismatch">
+<ruleset name="2shared.com">
 
-	<target host="2shared.com"/>
-	<target host="www.2shared.com"/>
+	<target host="2shared.com" />
+	<target host="www.2shared.com" />
 
-	<securecookie host="^(.*\.)?2shared\.com$" name=".*"/>
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(?:www\.)?2shared\.com/"
-		to="https://www.2shared.com/"/>
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/3.cn.xml b/src/chrome/content/rules/3.cn.xml
new file mode 100644
index 000000000000..a006043699dd
--- /dev/null
+++ b/src/chrome/content/rules/3.cn.xml
@@ -0,0 +1,24 @@
+<!--
+	Get most of them in item.jd.com/.*.html
+	Relate: JD.com.xml
+-->
+<ruleset name="3.cn">
+	<target host="3.cn" />
+	<target host="ad.3.cn" />
+	<target host="c.3.cn" />
+		<test url="http://c.3.cn/quality?callback=jQuery2109499&amp;skuId=10309761430&amp;cat=9987%2C653%2C655&amp;brand=12669&amp;venderId=124424&amp;_=1466600920610" />
+	<target host="c0.3.cn" />
+		<test url="http://c0.3.cn/stock?skuId=10309761430&amp;venderId=124424&amp;cat=9987,653,655&amp;area=1_72_2799_0&amp;buyNum=1&amp;extraParam={%22originid%22:%221%22}&amp;ch=1&amp;pduid=1292621468&amp;pdpin=&amp;callback=getStockCallback" />
+	<target host="d.3.cn" />
+	<target host="dc.3.cn" />
+		<test url="http://dc.3.cn/cathot/get2" />
+	<target host="p.3.cn" />
+		<test url="http://p.3.cn/prices/get?type=1&amp;area=1_72_2799&amp;pdtk=&amp;pduid=1292621468&amp;pdpin=&amp;pdbp=0&amp;skuid=J_10309761430&amp;callback=cnp" />
+	<target host="px.3.cn" />
+		<test url="http://px.3.cn/prices/mgets?skuids=J_3505686" />
+	<target host="yx.3.cn" />
+	<exclusion pattern="^http://yx\.3\.cn/$" /><!-- 404 -->
+		<test url="http://yx.3.cn/service/info.action?callback=_initLite&amp;id=1253759536&amp;area=2_2824_0&amp;u_source=qq&amp;t=0.15787275404425993" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/32Red_Online_Casino.xml b/src/chrome/content/rules/32Red_Online_Casino.xml
index 0ab17c90568b..4ec359e75102 100644
--- a/src/chrome/content/rules/32Red_Online_Casino.xml
+++ b/src/chrome/content/rules/32Red_Online_Casino.xml
@@ -17,7 +17,12 @@
 <ruleset name="32Red Online Casino">
 
 	<target host="32red.com" />
-	<target host="*.32red.com" />
+	<target host="www.32red.com" />
+	<target host="affiliates.32red.com" />
+	<target host="assets.32red.com" />
+	<target host="gamesarcade.32red.com" />
+	<target host="images.32red.com" />
+	<target host="livecasino.32red.com" />
 
 
 	<securecookie host="^(?:affiliates|gamesarcade|livecasino|www)?\.32red\.com$" name=".+" />
@@ -26,7 +31,6 @@
 	<rule from="^http://(?:www\.)?32red\.com/"
 		to="https://www.32red.com/" />
 
-	<rule from="^http://(affiliates|assets|gamesarcade|images|livecasino)\.32red\.com/"
-		to="https://$1.32red.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/33Across.xml b/src/chrome/content/rules/33Across.xml
index e960828ed6e4..ec1abf8e4b5b 100644
--- a/src/chrome/content/rules/33Across.xml
+++ b/src/chrome/content/rules/33Across.xml
@@ -32,7 +32,7 @@
 		<exclusion pattern="^http://socialdna\." />
 
 
-	<securecookie host="^(?:.*\.)?33across\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http://(\w+\.)?33across\.com/"
diff --git a/src/chrome/content/rules/33Bits.xml b/src/chrome/content/rules/33Bits.xml
deleted file mode 100644
index a7543b0a1cdb..000000000000
--- a/src/chrome/content/rules/33Bits.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="33Bits" default_off="Cert warning">
-  <target host="www.33bits.org" />
-  <target host="33bits.org" />
-
-  <rule from="^http://(?:www\.)?33bits\.org/" to="https://33bits.org/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/33option.com.xml b/src/chrome/content/rules/33option.com.xml
new file mode 100644
index 000000000000..d530e92b1f33
--- /dev/null
+++ b/src/chrome/content/rules/33option.com.xml
@@ -0,0 +1,23 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://33option.com/ => https://33option.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.33option.com/ => https://www.33option.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+-->
+<ruleset name="33option.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="33option.com" />
+	<target host="news.33option.com" />
+	<target host="www.33option.com" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/350.xml b/src/chrome/content/rules/350.xml
deleted file mode 100644
index 302fb63d3e44..000000000000
--- a/src/chrome/content/rules/350.xml
+++ /dev/null
@@ -1,32 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)
-		- local
-		- static.local
-		- math *
-		- world *
-
-	* Redirects to http, CN: *.wpengine.com
-
-
-	Problematic subdomains:
-
-		- pacific	(works, mismatched, CN: *.posterous.com)
-
--->
-<ruleset name="350 (partial)">
-
-	<target host="*.350.org" />
-
-
-	<securecookie host="^act\.350\.org$" name=".+" />
-
-
-	<rule from="^http://act\.350\.org/"
-		to="https://act.350.org/" />
-
-	<rule from="^https?://pacific\.350\.org/(bundl|imag)es/"
-		to="https://posterous.com/$1es/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/350zEvolution.com.xml b/src/chrome/content/rules/350zEvolution.com.xml
index 6fd98e50f311..19d1aff7c7a4 100644
--- a/src/chrome/content/rules/350zEvolution.com.xml
+++ b/src/chrome/content/rules/350zEvolution.com.xml
@@ -1,13 +1,16 @@
-<ruleset name="350zEvolution.com">
+<!--
+	(www.)?: Refused
+
+-->
+<ruleset name="350zEvolution.com" default_off="refused">
 
 	<target host="350zevolution.com" />
-	<target host="*.350zevolution.com" />
+	<target host="www.350zevolution.com" />
 
 
-	<securecookie host="^(?:.*\.)?350zevolution\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(www\.)?350zevolution\.com/"
-		to="https://$1350zevolution.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/360.cn.xml b/src/chrome/content/rules/360.cn.xml
new file mode 100644
index 000000000000..9db6a5f731ff
--- /dev/null
+++ b/src/chrome/content/rules/360.cn.xml
@@ -0,0 +1,98 @@
+<!--
+	Other Qihoo 360 Technology rulesets:
+		- 360_Safe.com.xml
+		- 360_Total_Security.com.xml
+		- Qihu_CDN.com.xml
+		- So.com.xml
+
+
+	Nonfunctional hosts in *360.cn:
+		- www.110.360.cn       ᵈ
+		- 12306-s.360.cn       ᴵ
+		- 360game.360.cn       ᵈ
+		- ace.360.cn           ᵖ
+		- huid.ad.360.cn       ᵈ
+		- huid-b.ad.360.cn     ᴵ
+		- apc.360.cn           ᵖ
+		- cdn.apc.360.cn       ᵖ
+		- client.apc.360.cn    ᴵ
+		- dl.apc.360.cn        ᴵ
+		- dynamic-b.apc.360.cn ᵖ
+		- static.apc.360.cn    ᴵ
+		- apc-b.360.cn         ᵖ
+		- bd.avc.360.cn        ᴵ
+		- b.360.cn             ᵈ
+		- bbs.360.cn           ᵈ
+		- new.caipiao.360.cn   ᴵ
+		- chart.cp.360.cn      ᵈ
+		- dev.360.cn           ᵈ
+		- upload.dev.360.cn    ᵈ
+		- dian.360.cn          ᵈ
+		- down.360.cn          ᴵ
+		- e.360.cn             ᵈ
+		- fuwu.360.cn          ᵈ
+		- home.360.cn          ᵖ
+		- index.360.cn         ᵈ
+		- lianmeng.360.cn      ⁴
+		- so.lianmeng.360.cn   ᴵ
+		- mobile.360.cn        ᵈ
+		- mse.360.cn           ᵈ
+		- msoftdl.360.cn       ᴵ
+		- open.360.cn          ᵈ
+		- renew.360.cn         ᵈ
+		- sd.360.cn            ᵈ
+		- tianji.360.cn        ⁴
+		- union.360.cn         ᵈ
+		- wan.360.cn           ᵈ
+		- xinyong.360.cn       ᵈ
+		- yasuo.360.cn         ᵈ
+		- wifi.yunpan.360.cn   ᶠ
+		- update.yunpan.360.cn ⁴
+		- zhuomian.360.cn      ᵖ
+	⁴ 404
+	ᵈ Dropped
+	ᵖ Protocol Error
+	ᴵ Invalid certificate
+	ᶠ Forbidden
+
+	Mixed content:
+		- Flash, on:
+			- shouji, c33.yunpan from yuntv.letv.com
+			- c33.yunpan from player.letvcdn.com
+		- Images, on:
+			- jiagu, shouji from p\d+.qhimg.com ˢ
+			- openapi from captcha.360.cn       ˢ
+			- openapi from dev.360.cn
+			- openapi from upload.dev.360.cn
+			- shouji from s\d.qhimg.com         ˢ
+	ˢ Secured by us
+-->
+<ruleset name="360.cn (partial)">
+	<target host="360.cn" />
+	<target host="www.360.cn" />
+	<target host="0kee.360.cn" />
+	<target host="1.360.cn" />
+	<target host="110.360.cn" />
+	<target host="baby.360.cn" />
+	<target host="cdata.browser.360.cn" />
+	<target host="butian.360.cn" />
+	<target host="captcha.360.cn" />
+	<target host="hao.360.cn" />
+	<target host="i.360.cn" />
+	<target host="jiagu.360.cn" />
+	<target host="kids.360.cn" />
+	<target host="openapi.360.cn" />
+	<target host="s.360.cn" />
+	<target host="shouji.360.cn" />
+	<target host="t.360.cn" />
+	<target host="t321.tianji.360.cn" />
+	<target host="wangzhan.360.cn" />
+	<target host="yunpan.360.cn" />
+	<target host="*.yunpan.360.cn" />
+		<test url="http://c2.yunpan.360.cn/" />
+		<test url="http://c12.yunpan.360.cn/" />
+		<test url="http://c13.yunpan.360.cn/" />
+	<target host="zhongce.360.cn" />
+
+	<rule from="^http:"	to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/360Cities.xml b/src/chrome/content/rules/360Cities.xml
index dfbdd03f354d..a61a0136ff17 100644
--- a/src/chrome/content/rules/360Cities.xml
+++ b/src/chrome/content/rules/360Cities.xml
@@ -1,25 +1,15 @@
-<!--
-	Nonfunctional subdomains:
-
-		- help
-
--->
 <ruleset name="360Cities (partial)">
 
 	<target host="360cities.net" />
-	<target host="*.360cities.net" />
+	<target host="www.360cities.net" />
+	<target host="cdn1.360cities.net" />
+	<target host="cdn2.360cities.net" />
+	<target host="help.360cities.net" />
 
 
 	<securecookie host="^www\.360cities\.net$" name=".+" />
 
 
-	<rule from="^http://(www\.)?360cities\.net/"
-		to="https://$1360cities.net/" />
-
-	<rule from="^https?://cdn1\.360cities\.net/"
-		to="https://d2dw0c606n9zn3.cloudfront.net/" />
-
-	<rule from="^https?://cdn2\.360cities\.net/"
-		to="https://d3tllcxe89i3i3.cloudfront.net/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/360_Safe.com.xml b/src/chrome/content/rules/360_Safe.com.xml
new file mode 100644
index 000000000000..a528dec3cfc0
--- /dev/null
+++ b/src/chrome/content/rules/360_Safe.com.xml
@@ -0,0 +1,15 @@
+<!--
+	For other Qihoo 360 Technology coverage, see 360.cn.xml.
+
+	Mismatched:
+		bbs
+-->
+<ruleset name="360_Safe.com">
+
+	<target host="dl.360safe.com" />
+	<target host="down.360safe.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/360_Total_Security.com.xml b/src/chrome/content/rules/360_Total_Security.com.xml
new file mode 100644
index 000000000000..2a00ba122805
--- /dev/null
+++ b/src/chrome/content/rules/360_Total_Security.com.xml
@@ -0,0 +1,29 @@
+<!--
+	For other Qihoo 360 Technology coverage, see 360.cn.xml.
+
+
+	Insecure cookies are set for these hosts:
+
+		- blog.360totalsecurity.com
+
+-->
+<ruleset name="360 Total Security.com">
+
+	<target host="360totalsecurity.com" />
+	<target host="blog.360totalsecurity.com" />
+	<target host="free.360totalsecurity.com" />
+	<target host="www.360totalsecurity.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^blog\.360totalsecurity\.com$" name="^pll_language$" /-->
+
+	<securecookie host="^\." name="^_gat?$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/360_Yield.xml b/src/chrome/content/rules/360_Yield.xml
index b862aef4071b..333312d6cc3b 100644
--- a/src/chrome/content/rules/360_Yield.xml
+++ b/src/chrome/content/rules/360_Yield.xml
@@ -1,52 +1,16 @@
 <!--
-	Ads and web bugs.
-
-
-	CDN buckets:
-
-		- improve.vo.llnwd.net
-
-			- .hs. does not exist
-			- creative
-
-
-	Nonfunctional subdomains:
-
-		- creative	(400; mismatched, CN: *.hs.llnwd.net)
-
-
-	Problematic subdomains:
-
-		- (www.)	(identical to admin; mismatched, CN: admin.360yield.com)
-
-
-	Fully covered subdomains:
-
-		- (www.)	(→ admin)
-		- ad
-		- admin
+	Non-functional hosts
+		SSL connect error:
+		- origin.360yield.com
 
+		SSL peer certificate was not OK:
+		- publisher.360yield.com
 -->
 <ruleset name="360 Yield">
-
 	<target host="360yield.com" />
-	<target host="*.360yield.com" />
-
-
-	<!--
-		Observed cookie domains:
-
-			- .
-			- ad
-			- .ad
-				-->
-	<securecookie host=".*\.360yield\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?360yield\.com/"
-		to="https://admin.360yield.com/" />
-
-	<rule from="^http://ad(min)?\.360yield\.com/"
-		to="https://ad$1.360yield.com/" />
+	<target host="www.360yield.com" />
+	<target host="ad.360yield.com" />
+	<target host="creative.360yield.com" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/360buy.com.xml b/src/chrome/content/rules/360buy.com.xml
new file mode 100644
index 000000000000..4ff7b0d251fd
--- /dev/null
+++ b/src/chrome/content/rules/360buy.com.xml
@@ -0,0 +1,76 @@
+<!--
+	For other Jingdong Mall coverage, see JD.com.xml.
+
+
+	Nonfunctional hosts in *360buy.com:
+
+		- help.en *
+
+	* Refused
+
+
+	Problematic hosts in *360buy.com:
+
+		- (www.)? *
+		- gw.api *
+		- book *
+		- club *
+		- jmall *
+		- mvd *
+
+	* Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- auth.360buy.com
+
+-->
+<ruleset name="360buy.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="auth.360buy.com" />
+
+	<!--	Complications:
+				-->
+	<target host="360buy.com" />
+	<target host="book.360buy.com" />
+	<target host="club.360buy.com" />
+	<target host="jmall.360buy.com" />
+	<target host="mvd.360buy.com" />
+	<target host="www.360buy.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^auth\.360buy\.com$" name="^JSESSIONID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<!--	Redirect keeps path and args,
+		but not forward slash:
+					-->
+	<rule from="^http://360buy\.com/+"
+		to="https://www.jd.com/" />
+
+		<test url="http://360buy.com//index.htm" />
+
+	<!--	Redirect keeps path and args,
+		but not forward slash:
+					-->
+	<rule from="^http://(?!auth\.)(\w+)\.360buy\.com/+"
+		to="https://$1.jd.com/" />
+
+		<test url="http://book.360buy.com//index.htm" />
+		<test url="http://club.360buy.com//index.htm" />
+		<test url="http://jmall.360buy.com//index.htm" />
+		<test url="http://mvd.360buy.com//index.htm" />
+		<test url="http://www.360buy.com//index.htm" />
+		<test url="http://www.360buy.com/favicon.ico" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/360buyimg.com.xml b/src/chrome/content/rules/360buyimg.com.xml
new file mode 100644
index 000000000000..7a213e0e3990
--- /dev/null
+++ b/src/chrome/content/rules/360buyimg.com.xml
@@ -0,0 +1,25 @@
+<!--
+	For other Jingdong Mall coverage, see JD.com.xml.
+-->
+
+<ruleset name="360buyimg.com">
+	<target host="img1.360buyimg.com" />
+		<test url="http://img1.360buyimg.com/da/jfs/t2176/38/116455295/2717/c576a8d2/55efcd1aN19509f1f.png" />
+	<target host="img10.360buyimg.com" />
+	<target host="img11.360buyimg.com" />
+	<target host="img12.360buyimg.com" />
+	<target host="img13.360buyimg.com" />
+	<target host="img14.360buyimg.com" />
+	<target host="img20.360buyimg.com" />
+	<target host="img30.360buyimg.com" />
+	<target host="misc.360buyimg.com" />
+	<target host="miscssl.360buyimg.com" />
+	<target host="static.360buyimg.com" />
+	<target host="static-alias-1.360buyimg.com" />
+		<test url="http://static-alias-1.360buyimg.com/jzt/temp/js/adPic.new.20150909.min.js" />
+	<target host="storage.360buyimg.com" />
+
+	<securecookie host="^\w" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/365_Tickets.co.uk.xml b/src/chrome/content/rules/365_Tickets.co.uk.xml
new file mode 100644
index 000000000000..9bdad5dd9cad
--- /dev/null
+++ b/src/chrome/content/rules/365_Tickets.co.uk.xml
@@ -0,0 +1,18 @@
+<!--
+	For other 365 Tickets coverage, see 365_Tickets_Global.com.xml.
+
+-->
+<ruleset name="365 Tickets.co.uk">
+
+	<target host="365tickets.co.uk" />
+	<target host="www.365tickets.co.uk" />
+
+
+	<!--	Server doesn't set Secure for:
+						-->
+	<securecookie host="^\.365tickets\.co\.uk$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/365_Tickets.com.xml b/src/chrome/content/rules/365_Tickets.com.xml
new file mode 100644
index 000000000000..53722f852254
--- /dev/null
+++ b/src/chrome/content/rules/365_Tickets.com.xml
@@ -0,0 +1,18 @@
+<!--
+	For other 365 Tickets coverage, see 365_Tickets_Global.com.xml.
+
+-->
+<ruleset name="365 Tickets.com">
+
+	<target host="365tickets.com" />
+	<target host="www.365tickets.com" />
+
+
+	<!--	Server doesn't set Secure for:
+						-->
+	<securecookie host="^\.365tickets\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/365_Tickets_Central.com.xml b/src/chrome/content/rules/365_Tickets_Central.com.xml
new file mode 100644
index 000000000000..1a566b2b3f89
--- /dev/null
+++ b/src/chrome/content/rules/365_Tickets_Central.com.xml
@@ -0,0 +1,23 @@
+<!--
+	For other 365 Tickets coverage, see 365_Tickets_Global.com.xml.
+
+
+	CDN buckets:
+
+		- d1kioxk2jrdjp.cloudfront.net
+
+-->
+<ruleset name="365 Tickets Central.com">
+
+	<target host="365ticketscentral.com" />
+	<target host="www.365ticketscentral.com" />
+
+
+	<!--	Server doesn't set Secure for:
+						-->
+	<securecookie host="^\.365ticketscentral\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/365_Tickets_Scotland.com.xml b/src/chrome/content/rules/365_Tickets_Scotland.com.xml
new file mode 100644
index 000000000000..0472289f0388
--- /dev/null
+++ b/src/chrome/content/rules/365_Tickets_Scotland.com.xml
@@ -0,0 +1,18 @@
+<!--
+	For other 365 Tickets coverage, see 365_Tickets_Global.com.xml.
+
+-->
+<ruleset name="365 Tickets Scotland.com">
+
+	<target host="365ticketsscotland.com" />
+	<target host="www.365ticketsscotland.com" />
+
+
+	<!--	Server doesn't set Secure for:
+						-->
+	<securecookie host="^\.365ticketsscotland\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/36Kr.xml b/src/chrome/content/rules/36Kr.xml
new file mode 100644
index 000000000000..34018363174f
--- /dev/null
+++ b/src/chrome/content/rules/36Kr.xml
@@ -0,0 +1,29 @@
+<!--
+	Mismatch:
+		download.36kr.com
+		events.36kr.com
+		qiye.36kr.com
+		research.36kr.com
+
+		krspace.cn
+-->
+
+<ruleset name="36Kr (partial)">
+
+	<target host="36kr.com" />
+	<target host="chuang.36kr.com" />
+	<target host="insight.36kr.com" />
+	<target host="next.36kr.com" />
+	<target host="passport.36kr.com" />
+	<target host="rong.36kr.com" />
+	<target host="www.36kr.com" />
+	<target host="z.36kr.com" />
+
+	<target host="a.36krcnd.com" />
+	<target host="pic.36krcnd.com" />
+	<target host="sta.36krcnd.com" />
+	<target host="sta1.36krcnd.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/37Signals.xml b/src/chrome/content/rules/37Signals.xml
index e0478eec8674..be544f3e0efd 100644
--- a/src/chrome/content/rules/37Signals.xml
+++ b/src/chrome/content/rules/37Signals.xml
@@ -5,7 +5,7 @@
 	<target host="launchpad.37signals.com" />
 	<target host="smiley.37signals.com" />
 
-	<securecookie host="^((www|gettingreal|launchpad|smiley)\.)?37signals\.com$" name=".*" />
+	<securecookie host="^(?:(?:www|gettingreal|launchpad|smiley)\.)?37signals\.com$" name=".+" />
 
 	<rule from="^http://(?:www\.)?37signals\.com/" to="https://37signals.com/"/>
 	<rule from="^http://(gettingreal|launchpad|smiley)\.37signals\.com/" to="https://$1.37signals.com/"/>
diff --git a/src/chrome/content/rules/38.de.xml b/src/chrome/content/rules/38.de.xml
index 3f125c09c1e6..3428213ee900 100644
--- a/src/chrome/content/rules/38.de.xml
+++ b/src/chrome/content/rules/38.de.xml
@@ -1,37 +1,38 @@
 <!--
-	Problematic subdomains:
+	NB: Server sends no certificate chain, see https://whatsmychaincert.com
 
-		- ^
 
-			- [^?].* redirects to login 
+	^38.de: Mismatched
 
 
-	Mixed content:
-
-		Videos from www.youtube-nocookie.com *
-
-	* Secured by us
-
-
-	NB: We secure all resources, and thus
-	platform should be removed with Ffx 24.
+	STS header includes includeSubdomains
 
 -->
-<ruleset name="38.de" platform="mixedcontent">
+<ruleset name="38.de" default_off="cert-chain">
 
-	<target host="38.de" />
+	<!--	Direct rewrites:
+				-->
 	<target host="*.38.de" />
 
+	<!--	Complications:
+				-->
+	<target host="38.de" />
+
+		<test url="http://www.38.de/" />
+
 
-	<securecookie host="^\.38\.de$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<!--	Server drops path:
+	<!--	Server drops path, args,
+		and forward slash:
 					-->
 	<rule from="^http://38\.de/.*"
 		to="https://www.38.de/" />
 
-	<rule from="^http://www\.38\.de/"
-		to="https://www.38.de/" />
+		<test url="http://38.de//index.php" />
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/38degrees.xml b/src/chrome/content/rules/38degrees.xml
new file mode 100644
index 000000000000..a707cc835528
--- /dev/null
+++ b/src/chrome/content/rules/38degrees.xml
@@ -0,0 +1,19 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- you
+
+-->
+<ruleset name="38degrees.org.uk">
+    <target host="secure.38degrees.org.uk" />
+    <target host="you.38degrees.org.uk" />
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^you\.38degrees\.org\.uk$" name="^_agra_session$" /-->
+
+    <securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/38north.org.xml b/src/chrome/content/rules/38north.org.xml
new file mode 100644
index 000000000000..ed2bf79139aa
--- /dev/null
+++ b/src/chrome/content/rules/38north.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="38north.org">
+	<target host="38north.org"/>
+	<target host="www.38north.org"/>
+	<target host="archive.38north.org"/>
+	<target host="staging.38north.org"/>
+
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/39dollarglasses.com.xml b/src/chrome/content/rules/39dollarglasses.com.xml
new file mode 100644
index 000000000000..1e3731d0eb54
--- /dev/null
+++ b/src/chrome/content/rules/39dollarglasses.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="39dollarglasses.com">
+  <target host="39dollarglasses.com" />
+  <target host="www.39dollarglasses.com" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/3Blue1Brown.com.xml b/src/chrome/content/rules/3Blue1Brown.com.xml
new file mode 100644
index 000000000000..3e1f7e72e86a
--- /dev/null
+++ b/src/chrome/content/rules/3Blue1Brown.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="3Blue1Brown.com">
+	<target host="3blue1brown.com" />
+	<target host="www.3blue1brown.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/3DCenter.org.xml b/src/chrome/content/rules/3DCenter.org.xml
new file mode 100644
index 000000000000..57b83cf6b455
--- /dev/null
+++ b/src/chrome/content/rules/3DCenter.org.xml
@@ -0,0 +1,26 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+			 - 3dcenter.org
+
+		4xx client error:
+			 - admin.3dcenter.org (Authorization required)
+
+		5xx server error:
+			 - cms.3dcenter.org
+			 - cms-m.3dcenter.org
+-->
+<ruleset name="3DCenter.org (partial)">
+	<target host="3dcenter.org" />
+	<target host="www.3dcenter.org" />
+	<target host="alt.3dcenter.org" />
+	<target host="m.3dcenter.org" />
+	<target host="mail.3dcenter.org" />
+	<target host="webmail.3dcenter.org" />
+
+	<rule from="^http://3dcenter\.org/"
+			to="https://www.3dcenter.org/" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/3DStats.xml b/src/chrome/content/rules/3DStats.xml
deleted file mode 100644
index f2370e8cc264..000000000000
--- a/src/chrome/content/rules/3DStats.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<ruleset name="3DStats">
-
-	<target host="3dstats.com"/>
-	<target host="www.3dstats.com"/>
-
-	<securecookie host="^(.*\.)?3dstats\.com$" name=".*"/>
-
-	<rule from="^http://(www\.)?3dstats\.com/"
-		to="https://$13dstats.com/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/3D_Robotics.com.xml b/src/chrome/content/rules/3D_Robotics.com.xml
new file mode 100644
index 000000000000..6b4c6a76482a
--- /dev/null
+++ b/src/chrome/content/rules/3D_Robotics.com.xml
@@ -0,0 +1,29 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.store.3drobotics.com/ => https://www.store.3drobotics.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.store.3drobotics.com'")
+
+	(www.)?: refused
+
+
+	Fully covered subdomains:
+
+		- (www.)?store
+
+
+	Mixed content:
+
+		- Images on store from s3.amazonaws.com *
+
+	* Secured by us
+
+-->
+<ruleset name="3D Robotics.com (partial)" default_off="failed ruleset test">
+
+	<target host="store.3drobotics.com" />
+	<target host="www.store.3drobotics.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/3D_Vision_Live.com.xml b/src/chrome/content/rules/3D_Vision_Live.com.xml
deleted file mode 100644
index e227d44717ef..000000000000
--- a/src/chrome/content/rules/3D_Vision_Live.com.xml
+++ /dev/null
@@ -1,48 +0,0 @@
-<!--
-	For other nVidia coverage, see NVidia.xml.
-
-
-	Nonfunctional subdomains:
-
-		- photos	(refused)
-
-
-	Problematic subdomains:
-
-		- ^		(dropped)
-		- api.photos	(shows api.beta; self-signed, CN: api.beta.phereo.com)
-		- www		(expired 2013-12-04)
-
-
-	Mixed content:
-
-		- Images, on www from:
-
-			- www *
-			- api.photos
-			- photos.3dvisionlive.s3.amazonaws.com via api.photos *
-			- www.fordela.com
-
-		- Web bugs, on www from omniture.nvidia.com *
-
-	* Secured by us
-
--->
-<ruleset name="3D Vision Live.com (partial)" default_off="expired">
-
-	<target host="3dvisionlive.com" />
-	<target host="*.3dvisionlive.com" />
-
-
-	<securecookie host="^\.3dvisionlive\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?3dvisionlive\.com/"
-		to="https://www.3dvisionlive.com/" />
-
-	<!--rule from="^http://api\.photos\.3dvisionlive\.com/imagestore/(\w{32})/thumb/square/208/"
-		to="https://s3.amazonaws.com/photos.3dvisionlive/$2/images/$1/cached.thumb.square.208.208.0.0" /-->
-	<!--
-		\2 is unpredictable; e.g. DarkStarSword, DaveAugust, Stuart, teface, etc.	-->
-
-</ruleset>
diff --git a/src/chrome/content/rules/3FM.nl.xml b/src/chrome/content/rules/3FM.nl.xml
new file mode 100644
index 000000000000..785cbc402f14
--- /dev/null
+++ b/src/chrome/content/rules/3FM.nl.xml
@@ -0,0 +1,24 @@
+<!--
+	Related ruleset: NPO3FM.nl.xml
+
+	Invalid certificate:
+		actie.3fm.nl
+		go.3fm.nl
+		kxradio.3fm.nl
+		m.3fm.nl
+		megatop50.3fm.nl
+		metmichiel.3fm.nl
+		michiel.3fm.nl
+		now.3fm.nl
+		radiomanager.3fm.nl
+		seriousrequest.3fm.nl (incomplete certificate chain)
+		stemmen.3fm.nl
+-->
+<ruleset name="3FM.nl">
+	<target host="3fm.nl" />
+	<target host="www.3fm.nl" />
+	<target host="kominactie.3fm.nl" />
+	<target host="veiling.3fm.nl" />
+
+	<rule from="^http:"	to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/3FM.xml b/src/chrome/content/rules/3FM.xml
deleted file mode 100644
index ebe8722737bc..000000000000
--- a/src/chrome/content/rules/3FM.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="3FM">
-
-	<target host="3fm.nl" />
-	<target host="www.3fm.nl" />
-
-
-	<rule from="^http://(www\.)?3fm\.nl/"
-		to="https://$13fm.nl/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/3M.com.xml b/src/chrome/content/rules/3M.com.xml
new file mode 100644
index 000000000000..6caa5297b33e
--- /dev/null
+++ b/src/chrome/content/rules/3M.com.xml
@@ -0,0 +1,52 @@
+<!--
+	3M Company
+
+
+	Partially covered subdomains:
+
+		- (www.) ¹
+		- solutions ²
+
+	¹ Some pages have mixed css, others 404
+	² Some paths 404
+
+
+	Fully covered subdomains:
+
+		- metricscst
+
+
+	Mixed content:
+
+		- css on www from solutions *
+
+		- Web bugs on www from metricscst *
+
+	* Secured by us
+
+-->
+<ruleset name="3M.com (partial)">
+
+	<target host="3m.com" />
+	<target host="metricscst.3m.com" />
+	<target host="solutions.3m.com" />
+	<target host="www.3m.com" />
+		<!--
+			- $ loads mixed stylesheets as described above
+			- us$ redirects to http
+							-->
+		<!--exclusion pattern="^http://(www\.)?3m\.com/+(us)?($|[/?])" /-->
+		<exclusion pattern="^http://(?:www\.)?3m\.com/+(?!product/)" />
+		<!--
+			innovation/en_US$ & innovation/assets/ 404
+									-->
+		<!--exclusion pattern="^http://solutions\.3m\.com/+innovation/" /-->
+		<!--
+			This is enough to secure resources on www.../$
+									-->
+		<exclusion pattern="^http://solutions\.3m\.com/+(?!3M/themes/|3MContentRetrievalAPI/|wps/)" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/3Play-Media.xml b/src/chrome/content/rules/3Play-Media.xml
index c35a761f5fbd..bb355d518705 100644
--- a/src/chrome/content/rules/3Play-Media.xml
+++ b/src/chrome/content/rules/3Play-Media.xml
@@ -7,7 +7,6 @@
 	<target host="account.3playmedia.com" />
 
 
-	<rule from="^http://account\.3playmedia\.com/"
-		to="https://account.3playmedia.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/3_News-mixedcontent.xml b/src/chrome/content/rules/3_News-mixedcontent.xml
deleted file mode 100644
index c1fd5605ebc0..000000000000
--- a/src/chrome/content/rules/3_News-mixedcontent.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	For rules without mixed conent, see 3_News.xml.
-
--->
-<ruleset name="3 News (mixedcontent)" platform="mixedcontent">
-
-	<target host="3news.co.nz" />
-	<target host="*.3news.co.nz" />
-
-
-	<securecookie host="^www\.3news\.co\.nz$" name=".+" />
-
-
-	<rule from="^https?://(?:www\.)?3news\.co\.nz/(?!Portals/)"
-		to="https://www.3news.co.nz/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/3_News.xml b/src/chrome/content/rules/3_News.xml
index ce54e171216e..da9ccfdff907 100644
--- a/src/chrome/content/rules/3_News.xml
+++ b/src/chrome/content/rules/3_News.xml
@@ -1,25 +1,22 @@
 <!--
-	For mixed content rules, see 3_News-mixedcontent.xml.
-
-
 	For other MediaWorks coverage, see MediaWorks.xml.
 
 
-	Nonfunctional domains:
+	Problematic domains:
 
-		- cdn.3news.co.nz
+		- (www.)? mismatch
 
-
-	!www 404s
+	* Secured by us
 
 -->
-<ruleset name="3 News (partial)">
+<ruleset name="3 News">
+
+	<target host="cdn.3news.co.nz" />
 
-	<target host="3news.co.nz" />
-	<target host="www.3news.co.nz" />
+	<test url="http://cdn.3news.co.nz/3news/Skins/2015/logos/newshub-logo.png?v=1" />
 
 
-	<rule from="^https?://(?:www\.)?3news\.co\.nz/Portals/"
-		to="https://www.3news.co.nz/Portals/" />
+	<rule from="^http://cdn\.3news\.co\.nz/"
+		to="https://cdn.mediaworks.nz/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/3bbwifi.com.xml b/src/chrome/content/rules/3bbwifi.com.xml
index f5b4a20c9f7e..1fb8eaca8f1a 100644
--- a/src/chrome/content/rules/3bbwifi.com.xml
+++ b/src/chrome/content/rules/3bbwifi.com.xml
@@ -1,6 +1,13 @@
-<ruleset name="3bbwifi.com">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://3bbwifi.com/ => https://www.3bbwifi.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.3bbwifi.com/ => https://www.3bbwifi.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+-->
+<ruleset name="3bbwifi.com" default_off="failed ruleset test">
   <target host="3bbwifi.com" />
   <target host="www.3bbwifi.com" />
 
-  <rule from="^http://(www\.)?3bbwifi\.com/" to="https://www.3bbwifi.com/" />
+  <rule from="^http://(?:www\.)?3bbwifi\.com/" to="https://www.3bbwifi.com/" />
 </ruleset>
diff --git a/src/chrome/content/rules/3cdn.net.xml b/src/chrome/content/rules/3cdn.net.xml
new file mode 100644
index 000000000000..b7b12ca0d598
--- /dev/null
+++ b/src/chrome/content/rules/3cdn.net.xml
@@ -0,0 +1,19 @@
+<ruleset name="3cdn">
+
+	<target host="*.3cdn.net" />
+		<test url="http://b.3cdn.net/advancement/cf54939bb16ba7cbc9_acm6vunw0.pdf" />
+		<test url="http://epi.3cdn.net/3d995382f3252362c7_ydm6bxl4u.pdf" />
+		<test url="http://ethanolrfa.3cdn.net/13ef8ec88a38b4d729_mlbrsd74v.pdf" />
+		<test url="http://naacp.3cdn.net/e5524b7d7cf40a3578_2rm6bn7vr.pdf" />
+		<test url="http://nelp.3cdn.net/7a4a37fd1b0127eb0e_erm6vu7c0.pdf" />
+		<test url="http://nurses.3cdn.net/96d9277cdd3156ef72_w5m6bxilr.pdf" />
+		<test url="http://obama.3cdn.net/d79ce3179db08c429b_afm6iy01e.pdf" />
+		<test url="http://otrans.3cdn.net/91c4161d9a30b3c7e3_8om6bn7za.pdf" />
+		<test url="http://unway.3cdn.net/18aa738557546fd7df_sqm6vd7l7.pdf" />
+		<test url="http://uwsemi.3cdn.net/3a53b4dfba4d18b0e3_kfm6bcoby.pdf" />
+		<test url="http://ymcachgo.3cdn.net/85d8f884cf90efd566_8vm6bg8we.pdf" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/3cdn.xml b/src/chrome/content/rules/3cdn.xml
deleted file mode 100644
index c129edf403ef..000000000000
--- a/src/chrome/content/rules/3cdn.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	CDN buckets:
-
-		- s3.amazonaws.com/epi.3cdn.net/
-
-		- bluestatedigital-001.map.fastly.net
-
-			- epi.3cdn.net
-
--->
-<ruleset name="3cdn">
-
-	<target host="*.3cdn.net" />
-
-
-	<!--	Example: http://epi.3cdn.net/1f22480f560a28aab3_b6gjmv8ht.gif
-			Found at www.epi.org
-						-->
-	<!--rule from="^http://(\w+)\.3cdn\.net/"
-		to="https://s3.amazonaws.com/$1.3cdn.net/" /-->
-
-	<rule from="^http://(\w+)\.3cdn\.net/"
-		to="https://$1.3cdn.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/3conline.com.xml b/src/chrome/content/rules/3conline.com.xml
new file mode 100644
index 000000000000..44e78147d47d
--- /dev/null
+++ b/src/chrome/content/rules/3conline.com.xml
@@ -0,0 +1,30 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://js.3conline.com/ => https://js.3conline.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+	Refused:
+		- ^
+		- auto
+		- mail
+		- r
+		- www
+-->
+
+<ruleset name="3conline.com (partial)" default_off="failed ruleset test">
+
+	<target host="i1.3conline.com" />
+	<target host="i2.3conline.com" />
+	<target host="i3.3conline.com" />
+	<target host="i4.3conline.com" />
+	<target host="i5.3conline.com" />
+	<target host="i6.3conline.com" />
+	<target host="i7.3conline.com" />
+	<target host="i8.3conline.com" />
+	<target host="i9.3conline.com" />
+	<target host="i10.3conline.com" />
+	<target host="js.3conline.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/3ders.org.xml b/src/chrome/content/rules/3ders.org.xml
new file mode 100644
index 000000000000..812016c74e73
--- /dev/null
+++ b/src/chrome/content/rules/3ders.org.xml
@@ -0,0 +1,11 @@
+<!--
+	Chain issue, missing intermediate:
+		- forum.3ders.org
+-->
+
+<ruleset name="3ders.org">
+	<target host="3ders.org" />
+	<target host="www.3ders.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/3dnews.ru.xml b/src/chrome/content/rules/3dnews.ru.xml
new file mode 100644
index 000000000000..1a4ea6f92ce2
--- /dev/null
+++ b/src/chrome/content/rules/3dnews.ru.xml
@@ -0,0 +1,42 @@
+<!--
+alexvd.3dnews.ru ¹
+ceta.3dnews.ru ¹
+club.3dnews.ru ¹
+mailadm.dizi.3dnews.ru ⁴
+echo.3dnews.ru ²
+ipmi.echo.3dnews.ru ³
+fg.3dnews.ru ³
+files.3dnews.ru ³
+forum.3dnews.ru ¹
+gazeta.3dnews.ru ¹
+m.3dnews.ru ¹
+manager.3dnews.ru ¹
+market.3dnews.ru ¹
+www.market.3dnews.ru ³
+matrix.3dnews.ru ¹
+mx.3dnews.ru ¹
+ns.3dnews.ru ⁴
+ns1.3dnews.ru ⁴
+qs.3dnews.ru ¹
+yeti.3dnews.ru ¹
+zoo.3dnews.ru ¹
+mail.3dnews.ru different content
+webmail.3dnews.ru different content
+
+
+¹ mismatch
+² refused
+³ timed out
+⁴ self signed
+-->
+<ruleset name="3dnews.ru">
+	<target host="3dnews.ru" />
+	<target host="www.3dnews.ru" />
+	<target host="ad.3dnews.ru" />
+	<target host="cp.3dnews.ru" />
+	<target host="mailadm.3dnews.ru" />
+	<target host="owebmail.3dnews.ru" />
+	<target host="rwebmail.3dnews.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/3dr.com.xml b/src/chrome/content/rules/3dr.com.xml
new file mode 100644
index 000000000000..8ec4c41ead92
--- /dev/null
+++ b/src/chrome/content/rules/3dr.com.xml
@@ -0,0 +1,54 @@
+<!--
+	Problematic hosts in *3dr.com:
+
+		- press *
+
+	* Redirect differs, preemptable
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- 3dr.com
+		- .3dr.com
+		- store.3dr.com
+		- www.3dr.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="3DR.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="3dr.com" />
+	<target host="store.3dr.com" />
+	<target host="www.3dr.com" />
+
+	<!--	Complications:
+				-->
+	<target host="press.3dr.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?3dr\.com$" name="^___utm[abv]\w+$" /-->
+	<!--securecookie host="^3dr\.com$" name="^_cms_session$" /-->
+	<!--securecookie host="^\.3dr\.com$" name="^(?:incap_ses_\d+|nlbi|visid_incap)_\d+$" /-->
+	<!--securecookie host="^store\.3dr\.com$" name="^(?:_store_v2_session|guest_token)$" /-->
+
+	<securecookie host="^\." name="^(?:_ga|incap_|nlbi_|visid_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<!--	Redirect keeps path and args,
+		but not forward slash:
+					-->
+	<rule from="^http://press\.3dr\.com/+"
+		to="https://www.3dr.com/contact/press/" />
+
+		<test url="http://press.3dr.com/index.htm" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/3dsupply.de.xml b/src/chrome/content/rules/3dsupply.de.xml
new file mode 100644
index 000000000000..2312be6fd952
--- /dev/null
+++ b/src/chrome/content/rules/3dsupply.de.xml
@@ -0,0 +1,15 @@
+<ruleset name="3dsupply.de">
+
+	<target host="3dsupply.de" />
+	<target host="media.3dsupply.de" />
+	<target host="static.3dsupply.de" />
+	<target host="www.3dsupply.de" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/3g2upl4pq6kufc4m.onion.xml b/src/chrome/content/rules/3g2upl4pq6kufc4m.onion.xml
new file mode 100644
index 000000000000..ad046cc1c13a
--- /dev/null
+++ b/src/chrome/content/rules/3g2upl4pq6kufc4m.onion.xml
@@ -0,0 +1,15 @@
+<!--
+	Other DuckDuckGo rulesets:
+		- DuckDuckGo.xml
+
+	This ruleset covers DuckDuckGo Onion service on Tor.
+-->
+
+<ruleset name="DuckDuckGo Onion Service">
+	<target host="3g2upl4pq6kufc4m.onion" />
+	<target host="www.3g2upl4pq6kufc4m.onion" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/3min.xml b/src/chrome/content/rules/3min.xml
deleted file mode 100644
index dc119f41a8c4..000000000000
--- a/src/chrome/content/rules/3min.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="3min" default_off="Invalid Certificate">
-  <target host="3min.de"/>
-  <target host="*.3min.de"/>
-  <target host="www.3min.de"/>
-
-  <securecookie host="^(.*\.)?3min\.de$" name=".*" />
-
-  <rule from="^http://(?:www\.)?3min\.de/" to="https://www.3min.de/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/3refe.com.xml b/src/chrome/content/rules/3refe.com.xml
new file mode 100644
index 000000000000..cca7b473c762
--- /dev/null
+++ b/src/chrome/content/rules/3refe.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="3refe.com" platform="mixedcontent">
+	<target host="3refe.com" />
+	<target host="www.3refe.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/3sat.xml b/src/chrome/content/rules/3sat.xml
new file mode 100644
index 000000000000..bccbd1b00f2c
--- /dev/null
+++ b/src/chrome/content/rules/3sat.xml
@@ -0,0 +1,35 @@
+<!--
+	Invalid certificate:
+		- www.pressetreff
+
+	Mismatch:
+		- webstory
+
+	Non-2xx HTTP code:
+		- player
+-->
+<ruleset name="3sat.de">
+
+	<target host="3sat.de"/>
+	<target host="www.3sat.de"/>
+	<target host="api.3sat.de" />
+	<target host="archiv.3sat.de" />
+	<target host="blog.3sat.de"/>
+	<target host="dev.3sat.de" />
+	<target host="forum.3sat.de"/>
+	<target host="hbbtv.3sat.de" />
+	<target host="kurz.3sat.de" />
+	<target host="ngp.3sat.de" />
+	<target host="origin.3sat.de" />
+	<target host="podcast.3sat.de" />
+	<target host="presse.3sat.de" />
+	<target host="pressetreff.3sat.de"/>
+	<target host="quiz.3sat.de" />
+	<target host="tmd.3sat.de" />
+	<target host="webapp.3sat.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"	to="https:"/>
+
+</ruleset>
diff --git a/src/chrome/content/rules/3scale.net.xml b/src/chrome/content/rules/3scale.net.xml
new file mode 100644
index 000000000000..38af47c4846c
--- /dev/null
+++ b/src/chrome/content/rules/3scale.net.xml
@@ -0,0 +1,21 @@
+<!--
+	For other Red Hat rulesets, see Red_Hat.xml.
+
+	New subdomains are created for each customer.
+
+-->
+<ruleset name="3scale">
+
+	<target host="3scale.net" />
+	<target host="*.3scale.net" />
+		<test url="http://www.3scale.net/" />
+		<test url="http://bookingapi.3scale.net/" />
+		<test url="http://m.3scale.net/" />
+		<test url="http://sentiment.3scale.net/" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/3scale.xml b/src/chrome/content/rules/3scale.xml
deleted file mode 100644
index 0926d5a4d6a2..000000000000
--- a/src/chrome/content/rules/3scale.xml
+++ /dev/null
@@ -1,33 +0,0 @@
-<!--
-	CDN buckets:
-
-		- enterprise-multitenant.3scale.net.3scale.net
-
-
-	Fully covered subdomains:
-
-		- (www.)
-		- multitenant-admin
-		- support
-		- *		(per-client subdomains)
-
--->
-<ruleset name="3scale">
-
-	<target host="3scale.net" />
-	<target host="*.3scale.net" />
-
-
-	<!--	Observed cookie domains:
-
-			- multitenant-admin
-			- support
-			- www
-						-->
-	<securecookie host=".+\.3scale\.net$" name=".+" />
-
-
-	<rule from="^http://([\w-]+\.)?3scale\.net/"
-		to="https://$13scale.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/3taps.xml b/src/chrome/content/rules/3taps.xml
index 8fc29d99b3a4..6ebb54a8ff55 100644
--- a/src/chrome/content/rules/3taps.xml
+++ b/src/chrome/content/rules/3taps.xml
@@ -1,13 +1,21 @@
-<ruleset name="3taps">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://3taps.com/ => https://3taps.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://developer.3taps.com/ => https://developer.3taps.com/: (51, "SSL: no alternative certificate subject name matches target host name 'developer.3taps.com'")
+Fetch error: http://www.3taps.com/ => https://www.3taps.com/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="3taps" default_off="failed ruleset test">
 
 	<target host="3taps.com" />
-	<target host="*.3taps.com" />
+	<target host="developer.3taps.com" />
+	<target host="www.3taps.com" />
 
 
 	<securecookie host="^developer\.3taps\.com$" name=".+" />
 
 
-	<rule from="^http://(developer\.|www\.)?3taps\.com/"
-		to="https://$13taps.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/3v1n0.net.xml b/src/chrome/content/rules/3v1n0.net.xml
new file mode 100644
index 000000000000..d3718ff44dab
--- /dev/null
+++ b/src/chrome/content/rules/3v1n0.net.xml
@@ -0,0 +1,48 @@
+<!--
+	Mixed content:
+
+		- css, on:
+
+			- blog from fonts.googleapis.com ˢ
+			- www from tumblelog.3v1n0.net ˢ
+			- www from www.3v1n0.net ˢ
+			- www from www.google.com ˢ
+
+		- Images, on:
+
+			- blog from ^3v1n0.net ˢ
+			- blog from static.flickr.com ˢ
+			- blog from farm\d.static.flickr.com ˢ
+			- blog from farm\d.staticflickr.com ˢ
+			- www from tumblelog.3v1n0.net ˢ
+			- www from www.3v1n0.net ˢ
+			- www from logo.tuxfamily.org ˢ
+
+		- Bugs, on:
+
+			- blog from pr.blogflux.com
+			- blog from www.blogtopsites.com ᵉ
+			- blog from digg.com ˢ
+			- blog from geo.digitalpoint.com ˢ
+			- www from www.ubuntu.com
+			- www from creativecommons.org ˢ
+
+	ᵉ Ruleset disabled by default <= expired
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="3v1n0.net" platform="mixedcontent">
+
+	<target host="3v1n0.net" />
+	<!--target host="go.3v1n0.net" />	handled in Bitly_branded_short_domains.xml -->
+	<target host="tumblelog.3v1n0.net" />
+	<target host="www.3v1n0.net" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/4.CN.xml b/src/chrome/content/rules/4.CN.xml
new file mode 100644
index 000000000000..928c23e0167f
--- /dev/null
+++ b/src/chrome/content/rules/4.CN.xml
@@ -0,0 +1,41 @@
+<!--
+	Nonfunctional hosts in *4.cn:
+
+		- 123 *
+
+	* Dropped
+
+
+	Problematic hosts in *4.cn:
+
+		- top *
+
+	* Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- top.4.cn
+		- www.4.cn
+
+-->
+<ruleset name="4.CN (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="4.cn" />
+	<target host="www.4.cn" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^top\.4\.cn$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^www\.4\.cn$" name="^(?:PHPSESSID|gn_lang)$" /-->
+
+	<securecookie host="^www\.4\.cn$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/419_Eater.com.xml b/src/chrome/content/rules/419_Eater.com.xml
new file mode 100644
index 000000000000..dc83a2b302dd
--- /dev/null
+++ b/src/chrome/content/rules/419_Eater.com.xml
@@ -0,0 +1,24 @@
+<!--
+	(www.): shows default Site5 page
+
+
+	These altnames don't exist:
+
+		- www.forum.419eater.com
+
+-->
+<ruleset name="419 Eater.com (partial)">
+
+	<target host="forum.419eater.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^forum\.419eater\.com$" name="^phpbbn_eater_(data|sid)$" /-->
+
+	<securecookie host="^forum\.419eater\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/42Floors.com.xml b/src/chrome/content/rules/42Floors.com.xml
new file mode 100644
index 000000000000..9f821890956b
--- /dev/null
+++ b/src/chrome/content/rules/42Floors.com.xml
@@ -0,0 +1,52 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://images.42floors.com/ => https://images.42floors.com/: (6, 'Could not resolve host: images.42floors.com')
+
+	Nonfunctional subdomains:
+
+		- blog *
+
+	* WP Engine
+
+
+	Insecure cookies are set for these hosts:
+
+		- 42floors.com
+		- www.42floors.com
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- ^ from blog.42floors.com ¹
+			- ^ from \d.gravatar.com ²
+
+	¹ Unsecurable <= WP Engine
+	² Secured by us
+
+-->
+<ruleset name="42Floors.com (partial)" default_off="failed ruleset test">
+
+	<target host="42floors.com" />
+	<target host="cdn.42floors.com" />
+	<target host="images.42floors.com" />
+	<target host="www.42floors.com" />
+
+		<!--	Mixed images:
+					-->
+		<test url="http://42floors.com/blog/cre/landlords-are-trying-not-to-rent-startups" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?42floors\.com$" name="^SERVERID$" /-->
+
+	<securecookie host="^(?:www\.)?42floors\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/435_by_MJC.com.xml b/src/chrome/content/rules/435_by_MJC.com.xml
new file mode 100644
index 000000000000..b12646d38f12
--- /dev/null
+++ b/src/chrome/content/rules/435_by_MJC.com.xml
@@ -0,0 +1,33 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://435bymjc.com/ => https://435bymjc.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.435bymjc.com/ => https://www.435bymjc.com/: (60, 'SSL certificate problem: certificate has expired')
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .435bymjc.com
+		- www.435bymjc.com
+
+-->
+<ruleset name="435 by MJC.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="435bymjc.com" />
+	<target host="www.435bymjc.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.435bymjc\.com$" name="^BIPSvr$" /-->
+	<!--securecookie host="^www\.435bymjc\.com$" name="^CustomerPortal$" /-->
+
+	<securecookie host="^(?:www)?\.435bymjc\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/43rumors.com.xml b/src/chrome/content/rules/43rumors.com.xml
new file mode 100644
index 000000000000..00522c9de72e
--- /dev/null
+++ b/src/chrome/content/rules/43rumors.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="43rumors.com">
+	<target host="43rumors.com" />
+	<target host="www.43rumors.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/444.hu.xml b/src/chrome/content/rules/444.hu.xml
new file mode 100644
index 000000000000..9f4926be453d
--- /dev/null
+++ b/src/chrome/content/rules/444.hu.xml
@@ -0,0 +1,44 @@
+<!--
+	Related: 4cdn.hu.xml
+
+-->
+<ruleset name="444.hu">
+	<target host="444.hu" />
+	<target host="barkacs.444.hu" />
+	<target host="britannia.444.hu" />
+	<target host="cimlap.444.hu" />
+		<test url="http://cimlap.444.hu/robots.txt" />
+	<target host="daazo.444.hu" />
+	<target host="ddd.444.hu" />
+	<target host="eszakinyitas.444.hu" />
+	<target host="ezerkolibri.444.hu" />
+	<target host="feminfo.444.hu" />
+	<target host="fortepan.444.hu" />
+	<target host="geccodejoakecod.444.hu" />
+	<target host="geekz.444.hu" />
+	<target host="hello90.444.hu" />
+	<target host="hetibeton.444.hu" />
+	<target host="img.444.hu" />
+		<test url="http://img.444.hu/volvo_jatekszabaly.pdf" />
+	<target host="kepek.444.hu" />
+	<target host="lathatatlangyerekek.444.hu" />
+	<target host="mivoltma.444.hu" />
+	<target host="nokedli.444.hu" />
+	<target host="pulispace.444.hu" />
+	<target host="q.444.hu" />
+		<test url="http://q.444.hu/assets/blog/error-1c49436dad6a90196315945c33df195b.css" />
+	<target host="resti.444.hu" />
+	<target host="sciencemeetup.444.hu" />
+	<target host="tldr.444.hu" />
+	<target host="tortenelem.444.hu" />
+	<target host="up.444.hu" />
+	<target host="velemenyvezer.444.hu" />
+	<target host="verde.444.hu" />
+	<target host="vifon.444.hu" />
+	<target host="yolovilag.444.hu" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/451-Group.xml b/src/chrome/content/rules/451-Group.xml
index 529e61fe1828..1e5017b81d8c 100644
--- a/src/chrome/content/rules/451-Group.xml
+++ b/src/chrome/content/rules/451-Group.xml
@@ -1,11 +1,11 @@
-<ruleset name="451 Group">
+<ruleset name="451 Research.com">
 
 	<target host="451research.com"/>
 	<target host="www.451research.com"/>
 
-	<securecookie host="^(.*\.)?451research\.com$" name=".*"/>
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(www\.)?451research\.com/"
-		to="https://$1451research.com/"/>
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/451Unavailable.org.xml b/src/chrome/content/rules/451Unavailable.org.xml
new file mode 100644
index 000000000000..ef3030326d8a
--- /dev/null
+++ b/src/chrome/content/rules/451Unavailable.org.xml
@@ -0,0 +1,16 @@
+<!--
+	For other Open Rights Group coverage, see Open_Rights_Group.xml.
+
+-->
+<ruleset name="451Unavailable.org">
+
+	<target host="451unavailable.org" />
+	<target host="www.451unavailable.org" />
+	<target host="wiki.451unavailable.org" />
+
+	<securecookie host="^(?:www\.)?451unavailable\.org$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/451_Unavailable.org.xml b/src/chrome/content/rules/451_Unavailable.org.xml
deleted file mode 100644
index 72592c846875..000000000000
--- a/src/chrome/content/rules/451_Unavailable.org.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	For other Open Rights Group coverage, see Open_Rights_Group.xml.
-
-
-	CN: *.openrightsgroup.org
-
--->
-<ruleset name="451 Unavailable.org" default_off="mismatched">
-
-	<target host="451unavailable.org" />
-	<target host="www.451unavailable.org" />
-
-
-	<securecookie host="^www\.451unavailable\.org$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?451unavailable\.org/"
-		to="https://www.451unavailable.org/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/45_Million_Voices.xml b/src/chrome/content/rules/45_Million_Voices.xml
deleted file mode 100644
index 5e28009ef038..000000000000
--- a/src/chrome/content/rules/45_Million_Voices.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	CN: *.powweb.com
-
--->
-<ruleset name="45 Million Voices" default_off="mismatched">
-
-	<target host="45millionvoices.org" />
-	<target host="www.45millionvoices.org" />
-
-
-	<rule from="^http://(?:www\.)?45millionvoices\.org/"
-		to="https://45millionvoices.org/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/48months.ie.xml b/src/chrome/content/rules/48months.ie.xml
new file mode 100644
index 000000000000..6f1a42a0fc40
--- /dev/null
+++ b/src/chrome/content/rules/48months.ie.xml
@@ -0,0 +1,30 @@
+<!--
+
+	Mixed content:
+
+		- Images on community from i.imgur.com
+
+
+	Insecure cookies are set for these hosts:
+
+		- community.48months.ie
+
+-->
+<ruleset name="48months.ie">
+
+	<target host="48months.ie" />
+	<target host="community.48months.ie" />
+	<target host="www.48months.ie" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^community\.48months\.ie$" name="^(LithiumUserInfo|LithiumUserSecure|LithiumVisitor|VISITORID)$" /-->
+
+	<securecookie host="^community\.48months\.ie$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/49gov.ru.xml b/src/chrome/content/rules/49gov.ru.xml
new file mode 100644
index 000000000000..b746dc6891c0
--- /dev/null
+++ b/src/chrome/content/rules/49gov.ru.xml
@@ -0,0 +1,66 @@
+<!--
+ais.49gov.ru ⁴
+aspm.49gov.ru ²
+budget.49gov.ru ⁴
+bus.49gov.ru ⁴
+disk.49gov.ru ⁴
+disp.49gov.ru ⁴
+investmap.49gov.ru ²
+help.mf.49gov.ru ⁴
+reg.mf.49gov.ru ⁴
+upd.mf.49gov.ru ⁴
+iis.minfin.49gov.ru ⁴
+mpsc.49gov.ru ⁴
+msp.49gov.ru ³
+ns.49gov.ru ³
+ns1.49gov.ru ³
+old.49gov.ru ³
+pmb.49gov.ru ⁴
+regulation.49gov.ru ⁴
+svod.49gov.ru ⁴
+wifiesia.49gov.ru ²
+zakupki.49gov.ru ¹
+
+
+¹ mismatch
+² refused
+³ timed out
+⁴ self signed
+-->
+<ruleset name="49gov.ru">
+	<target host="49gov.ru" />
+	<target host="www.49gov.ru" />
+	<target host="adm.49gov.ru" />
+	<target host="admdeptarif.49gov.ru" />
+	<target host="admmintrud.49gov.ru" />
+	<target host="apparat.49gov.ru" />
+	<target host="architect.49gov.ru" />
+	<target host="deptarif.49gov.ru" />
+	<target host="depvet.49gov.ru" />
+	<target host="dizo.49gov.ru" />
+	<target host="economy.49gov.ru" />
+	<target host="finkontrol.49gov.ru" />
+	<target host="gji.49gov.ru" />
+	<target host="gostehnadzor.49gov.ru" />
+	<target host="gubernator.49gov.ru" />
+	<target host="leshoz.49gov.ru" />
+	<target host="mgpr.49gov.ru" />
+	<target host="minfin.49gov.ru" />
+	<target host="minkult.49gov.ru" />
+	<target host="minobr.49gov.ru" />
+	<target host="minprirod.49gov.ru" />
+	<target host="minselhoz.49gov.ru" />
+	<target host="minstroy.49gov.ru" />
+	<target host="mintrans.49gov.ru" />
+	<target host="mintrud.49gov.ru" />
+	<target host="minzdrav.49gov.ru" />
+	<target host="oez.49gov.ru" />
+	<target host="ohotnadzor.49gov.ru" />
+	<target host="ombudsman.49gov.ru" />
+	<target host="opendata.49gov.ru" />
+	<target host="sevensk.49gov.ru" />
+	<target host="society.49gov.ru" />
+	<target host="sport.49gov.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/4D.com.xml b/src/chrome/content/rules/4D.com.xml
index e65eac2f5652..9cea66d66c22 100644
--- a/src/chrome/content/rules/4D.com.xml
+++ b/src/chrome/content/rules/4D.com.xml
@@ -6,13 +6,12 @@
 -->
 <ruleset name="4D.com (partial)">
 
-	<target host="*.4d.com" />
+	<target host="store.4d.com" />
 
 
 	<securecookie host="^\.store\.4d\.com$" name=".+" />
 
 
-	<rule from="^http://store\.4d\.com/"
-		to="https://store.4d.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/4DO.xml b/src/chrome/content/rules/4DO.xml
index e412d2f32532..fd1f5c59b2ce 100644
--- a/src/chrome/content/rules/4DO.xml
+++ b/src/chrome/content/rules/4DO.xml
@@ -1,18 +1,19 @@
-<ruleset name="4DO" default_off="mismatch">
+<ruleset name="4DO" default_off="mismatched">
 
 	<!--	Cert: *.ipage.com	-->
 	<target host="fourdo.com" />
-	<target host="*.fourdo.com" />
+	<target host="www.fourdo.com" />
+	<target host="forum.fourdo.com" />
+	<target host="wiki.fourdo.com" />
 
 
-	<securecookie host="^.*\.fourdo\.com$" name=".*" />
+	<securecookie host="^.*\.fourdo\.com$" name=".+" />
 
 
 	<!--	!www redirects to www.	-->
-	<rule from="^https?://(?:www\.)?fourdo\.com/"
+	<rule from="^http://(?:www\.)?fourdo\.com/"
 		to="https://www.fourdo.com/" />
 
-	<rule from="^http://(forum|wiki)\.fourdo\.com/"
-		to="https://$1.fourdo.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/4K_Download.com.xml b/src/chrome/content/rules/4K_Download.com.xml
new file mode 100644
index 000000000000..9b255a862bc1
--- /dev/null
+++ b/src/chrome/content/rules/4K_Download.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Nonfunctional hosts in *4kdownload.com:
+
+		- downloads *
+
+	* 404
+
+
+	These altnames don't exist:
+
+		- www.static.4kdownload.com
+
+-->
+<ruleset name="4K Download.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="4kdownload.com" />
+	<target host="static.4kdownload.com" />
+	<target host="www.4kdownload.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/4PDA.xml b/src/chrome/content/rules/4PDA.xml
new file mode 100644
index 000000000000..faae363b026d
--- /dev/null
+++ b/src/chrome/content/rules/4PDA.xml
@@ -0,0 +1,23 @@
+<!--
+	Expired:
+		m.4pda.uz
+
+	Incomplete cert chain:
+		s.4pda.to
+
+	Invalid cert:
+		4pda.info
+		www.4pda.info
+-->
+
+<ruleset name="4PDA">
+	<target host="4pda.ru" />
+	<target host="www.4pda.ru" />
+
+	<target host="4pda.to" />
+
+	<target host="4pda.uz" />
+	<target host="www.4pda.uz" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/4RX.com.xml b/src/chrome/content/rules/4RX.com.xml
deleted file mode 100644
index d15501163f52..000000000000
--- a/src/chrome/content/rules/4RX.com.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	Problematic subdomains:
-
-		- (www.)	(mismatched, CN: secure.4rx.com)
-
--->
-<ruleset name="4RX.com">
-
-	<target host="4rx.com" />
-	<target host="*.4rx.com" />
-
-
-	<securecookie host="^\.4rx\.com$" name=".+" />
-
-
-	<rule from="^http://(?:secure\.|www\.)?4rx\.com/"
-		to="https://secure.4rx.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/4RunnerForex.com.xml b/src/chrome/content/rules/4RunnerForex.com.xml
deleted file mode 100644
index 5b5fbee8ac54..000000000000
--- a/src/chrome/content/rules/4RunnerForex.com.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="4RunnerForex.com">
-
-	<target host="4runnerforex.com" />
-	<target host="*.4runnerforex.com" />
-
-
-	<securecookie host="^(?:w*\.)?4runnerforex\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?4runnerforex\.com/"
-		to="https://$14runnerforex.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/4Shared.xml b/src/chrome/content/rules/4Shared.xml
index ee5d1398331b..d826b7ca283a 100644
--- a/src/chrome/content/rules/4Shared.xml
+++ b/src/chrome/content/rules/4Shared.xml
@@ -1,18 +1,79 @@
 <!--
-	Needs a lot of work...
+	Problematic hosts in *4shared.com:
+
+		- forum ᵃ ᵐ ˢ
+		- help ʳ
+		- www.m ᵐ
+
+	ᵃ Shows another domain, preemptable redirect
+	ᵐ Mismatched
+	ˢ Self-signed
+	ʳ Refused
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- .4shared.com
+		- blog.4shared.com
+		- www.4shared.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- iframe on blog from www.youtube.com ˢ
+		- Images on blog, help from $self ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="4Shared (experimental)">
+<ruleset name="4Shared.com">
 
 	<target host="4shared.com" />
 	<target host="*.4shared.com" />
-		<exclusion pattern="^http://(blog|forum)\.4shared\.com/" />
+	<exclusion pattern="^http://help\.4shared\.com/" />
+
+		<test url="http://blog.4shared.com/" />
+		<test url="http://dc524.4shared.com/img/MqHOTUd8ce/1576faa6320/Hard_Carry" />
+		<test url="http://dc619.4shared.com/img/bHILmiaxce/156cbe984f0/Ezad_Lazim_-_Demi_Cinta" />
+		<test url="http://help.4shared.com/" />
+		<test url="http://m.4shared.com/" />
+		<test url="http://search.4shared.com/" />
+		<test url="http://static.4shared.com/images/spacer.gif" />
+		<test url="http://www.4shared.com/" />
+
+		<!--	Sets cookie without Secure:
+							-->
+		<!--test url="http://www.4shared.com/dir/1128256/59d20c03/sharing.html" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.4shared\.com$" name="^(?:classicView|day1host)$" /-->
+	<!--securecookie host="^blog\.4shared\.com$" name="^_icl_current_language$" /-->
+	<!--securecookie host="^www\.4shared\.com$" name="^JSESSIONID$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<!--	Redirect drops path and forward
+		slash, but not args:
+					-->
+	<rule from="^http://forum\.4shared\.com/[^?]*"
+		to="https://blog.4shared.com/" />
 
+		<test url="http://forum.4shared.com/about/" />
+		<test url="http://forum.4shared.com/index.htm" />
 
-	<securecookie host="^(.*\.)?4shared\.com$" name=".*" />
+	<!--	Redirect keeps all:
+					-->
+	<rule from="^http://www\.m\.4shared\.com/"
+		to="https://www.4shared.com/" />
 
+		<test url="http://www.m.4shared.com/privacy.jsp" />
 
-	<rule from="^http://([^/:@]*\.)?4shared\.com/"
-		to="https://$14shared.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/4Tulemar.xml b/src/chrome/content/rules/4Tulemar.xml
deleted file mode 100644
index 4261173884b2..000000000000
--- a/src/chrome/content/rules/4Tulemar.xml
+++ /dev/null
@@ -1,36 +0,0 @@
-<!--
-	Mixed content:
-
-		Scripts from:
-
-			- www.jscache.com *
-			- www.tripadvisor.com *
-
-		css from:
-
-			- c1.tacdn.com *
-
-		Image from:
-
-			- resources.4tulemar.com *
-
-	* Secured by us
-
-
-	NB: We secure all resources, and thus
-	platform should be removed with Ffx 24.
-
--->
-<ruleset name="4Tulemar" platform="mixedcontent">
-
-	<target host="4tulemar.com" />
-	<target host="*.4tulemar.com" />
-
-
-	<securecookie host=".*\.4tulemar\.com$" name=".+" />
-
-
-	<rule from="^http://(resources\.|www\.)?4tulemar\.com/"
-		to="https://$14tulemar.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/4_Free_Proxy.xml b/src/chrome/content/rules/4_Free_Proxy.xml
deleted file mode 100644
index 481f13072398..000000000000
--- a/src/chrome/content/rules/4_Free_Proxy.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="4 Free Proxy" default_off="self-signed">
-
-	<target host="4freeproxy.com" />
-	<target host="www.4freeproxy.com" />
-
-
-	<securecookie host="^4freeproxy\.com$" name=".+" />
-
-
-	<rule from="^https?://(?:www\.)?4freeproxy\.com/"
-		to="https://4freeproxy.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/4armed.com.xml b/src/chrome/content/rules/4armed.com.xml
new file mode 100644
index 000000000000..601784eff3a7
--- /dev/null
+++ b/src/chrome/content/rules/4armed.com.xml
@@ -0,0 +1,34 @@
+<!--
+	^4armed.com: Dropped
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.4armed.com
+
+-->
+<ruleset name="4armed.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.4armed.com" />
+
+	<!--	Complications:
+				-->
+	<target host="4armed.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.4armed\.com$" name="^(?:AWSELB|nf_wp_session)$" /-->
+
+	<securecookie host="^www\.4armed\.com$" name=".+" />
+
+
+	<rule from="^http://4armed\.com/"
+		to="https://www.4armed.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/4cdn.hu.xml b/src/chrome/content/rules/4cdn.hu.xml
new file mode 100644
index 000000000000..2eeb1668f53b
--- /dev/null
+++ b/src/chrome/content/rules/4cdn.hu.xml
@@ -0,0 +1,13 @@
+<!--
+	Related: 444.hu.xml
+
+-->
+<ruleset name="4cdn.hu">
+	<target host="4cdn.hu" />
+		<test url="http://4cdn.hu/kraken/image/upload/s--eJel3l4J--/c_limit,h_505,w_760/76LaOnDNJV70FUAJs.jpeg" />
+	<target host="www.4cdn.hu" />
+		<test url="http://www.4cdn.hu/kraken/image/upload/s--eJel3l4J--/c_limit,h_505,w_760/76LaOnDNJV70FUAJs.jpeg" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/4chan.xml b/src/chrome/content/rules/4chan.xml
index e21030462334..2fb4acd8e0f2 100644
--- a/src/chrome/content/rules/4chan.xml
+++ b/src/chrome/content/rules/4chan.xml
@@ -1,44 +1,41 @@
 <!--
-	Nonfunctional subdomains:
+	Incomplete cert chain:
+		engine.4chan-ads.org
 
-		- status	(Hosted on Blogger, shows Google 404 page)
+	Mismatched:
+		[01].t.4cdn.org
 
+		blog.4chan.org
+		\d.thumbs.4chan.org
+
+	Redirect to http:
+		status.4chan.org	(interrupted - blogger)
 -->
 <ruleset name="4chan (partial)">
+	<target host="4cdn.org" />
+	<target host="www.4cdn.org" />
+	<target host="i.4cdn.org" />
+	<target host="s.4cdn.org" />
+	<target host="t.4cdn.org" />
 
 	<target host="4chan.org" />
-	<target host="*.4chan.org" />
-		<!--
-			404
-					-->
-		<exclusion pattern="^http://status\." />
-	<target host="*.boards.4chan.org" />
-	<target host="*.thumbs.4chan.org" />
-	<target host="*.4channel.org" />
-
-
-	<securecookie host="^.*\.4chan(?:nel)?\.org$" name=".*" />
-
-
-	<!--	Observed domains:
-
-			- boards
-			- content
-			- dis
-			- images
-			- rs
-			- static
-			- sys
-			- thumbs
-			- \d.thumbs
-			- www
-				-->
-	<rule from="^http://([\w\.]+\.)?4chan\.org/"
-		to="https://$14chan.org/" />
-
-	<!--	!www doesn't exist.
-					-->
-	<rule from="^http://www\.4channel\.org/"
-		to="https://www.4channel.org/" />
+	<target host="www.4chan.org" />
+	<target host="boards.4chan.org" />
+	<target host="dis.4chan.org" />
+	<target host="images.4chan.org" />
+	<target host="rs.4chan.org" />
+	<target host="static.4chan.org" />
+	<target host="sys.4chan.org" />
+	<target host="thumbs.4chan.org" />
+
+	<target host="4chan-ads.org" />
+	<target host="www.4chan-ads.org" />
+
+	<target host="4channel.org" />
+	<target host="www.4channel.org" />
+	<target host="boards.4channel.org" />
+
+	<securecookie host=".+" name=".+" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/4dsply.com.xml b/src/chrome/content/rules/4dsply.com.xml
new file mode 100644
index 000000000000..bc524422f32d
--- /dev/null
+++ b/src/chrome/content/rules/4dsply.com.xml
@@ -0,0 +1,30 @@
+<!--
+	For other AdSupply coverage, see AdSupply.xml.
+
+
+	CDN buckets:
+
+		- wac.45EE.edgecastcdn.net/??45EE/
+
+
+	(www.)?4dsply.com: 404; CN: invalid.ssl.host.com
+
+
+	These altnames don't exist:
+
+		- www.engine.4dsply.com
+
+-->
+<ruleset name="4dsply.com (partial)">
+
+	<target host="engine.4dsply.com" />
+	<target host="cdn.engine.4dsply.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/4gamer.net.xml b/src/chrome/content/rules/4gamer.net.xml
index 9fb642a3ff72..03483c12eb68 100644
--- a/src/chrome/content/rules/4gamer.net.xml
+++ b/src/chrome/content/rules/4gamer.net.xml
@@ -16,4 +16,4 @@
 	<rule from="^http://(?:www\.)?4gamer\.net/(favicon\.ico|images/)"
 		to="https://www.4gamer.net/$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/4mlinux.com.xml b/src/chrome/content/rules/4mlinux.com.xml
new file mode 100644
index 000000000000..fa28035ba346
--- /dev/null
+++ b/src/chrome/content/rules/4mlinux.com.xml
@@ -0,0 +1,12 @@
+<!--
+4mlinux.com mixed content
+www.4mlinux.com mixed content
+bakandimgcd.4mlinux.com mixed content
+thesss.4mlinux.com mixed content
+antiviruslivecd.4mlinux.com mixed content
+devellivecd.4mlinux.com timed out
+-->
+<ruleset name="4mlinux.com (partial)">
+	<target host="server.4mlinux.com" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/4plebs.org.xml b/src/chrome/content/rules/4plebs.org.xml
new file mode 100644
index 000000000000..71b01abd0ce2
--- /dev/null
+++ b/src/chrome/content/rules/4plebs.org.xml
@@ -0,0 +1,17 @@
+<ruleset name="4plebs.org">
+
+	<target host="4plebs.org" />
+	<target host="archive.4plebs.org" />
+	<target host="www.4plebs.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^archive\.4plebs\.org$" name="^foolframe_\w+_csrf_token$" /-->
+
+	<securecookie host="^(?:archive)?\.4plebs\.org$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/4sevens.xml b/src/chrome/content/rules/4sevens.xml
index 65ead8e45a2a..7828e2b4d682 100644
--- a/src/chrome/content/rules/4sevens.xml
+++ b/src/chrome/content/rules/4sevens.xml
@@ -1,4 +1,14 @@
-<ruleset name="4sevens">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.4sevens.com/ => https://www.4sevens.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://4sevens.com/ => https://www.4sevens.com/: (60, 'SSL certificate problem: certificate has expired')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.4sevens.com/ => https://www.4sevens.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://4sevens.com/ => https://www.4sevens.com/: (60, 'SSL certificate problem: certificate has expired')
+-->
+<ruleset name="4sevens" default_off="failed ruleset test">
   <target host="www.4sevens.com" />
   <target host="4sevens.com" />
 
diff --git a/src/chrome/content/rules/4sqi.net.xml b/src/chrome/content/rules/4sqi.net.xml
new file mode 100644
index 000000000000..6fc5dd4bd04e
--- /dev/null
+++ b/src/chrome/content/rules/4sqi.net.xml
@@ -0,0 +1,23 @@
+<!--
+	For other Foursquare coverage, see Foursquare.com.xml.
+
+
+	Fully covered domains:
+
+		- irs\d.4sqi.net
+
+-->
+<ruleset name="4sqi.net">
+
+	<target host="*.4sqi.net" />
+
+		<test url="http://ss0.4sqi.net/img/devsite/fs8_shadow.png" />
+		<test url="http://ss1.4sqi.net/img/devsite/fs8_f.png" />
+		<test url="http://ss1.4sqi.net//img/devsite/fs8_f.png" />
+		<test url="http://ss3.4sqi.net/img/categories_v2/nightlife/beergarden_bg_88.png" />
+
+
+	<rule from="^http://(irs\d|is\d|ss[0-5l])\.4sqi\.net/"
+		to="https://$1.4sqi.net/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/4sysops.com.xml b/src/chrome/content/rules/4sysops.com.xml
new file mode 100644
index 000000000000..ee9e5a23e898
--- /dev/null
+++ b/src/chrome/content/rules/4sysops.com.xml
@@ -0,0 +1,22 @@
+<!--
+	www.4sysops.com: Mismatched
+
+-->
+<ruleset name="4sysops.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="4sysops.com" />
+
+	<!--	Complications:
+				-->
+	<target host="www.4sysops.com" />
+
+
+	<rule from="^http://www\.4sysops\.com/"
+		to="https://4sysops.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/500ish.com.xml b/src/chrome/content/rules/500ish.com.xml
new file mode 100644
index 000000000000..786d5c56e4dd
--- /dev/null
+++ b/src/chrome/content/rules/500ish.com.xml
@@ -0,0 +1,12 @@
+<!--
+	Mismatch
+		- www
+-->
+<ruleset name="500ish.com">
+	<target host="500ish.com" />
+	<target host="www.500ish.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/500px.com.xml b/src/chrome/content/rules/500px.com.xml
new file mode 100644
index 000000000000..43ec0ee6e664
--- /dev/null
+++ b/src/chrome/content/rules/500px.com.xml
@@ -0,0 +1,49 @@
+<!--
+	Other 500px rulesets:
+
+		- 500px.org.xml
+
+
+	Problematic hosts in *500px.com:
+
+		- developers *
+
+	* Mismatched
+
+
+	These altnames don't exist:
+
+		- www.support.500px.com
+
+
+	Insecure cookies are set for these domains:
+
+		- 500px.com
+		- .500px.com
+		- developers.500px.com
+
+-->
+<ruleset name="500px.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="500px.com" />
+	<!--target host="developers.500px.com" /-->
+	<target host="iso.500px.com" />
+	<target host="prime.500px.com" />
+	<target host="support.500px.com" />
+	<target host="www.500px.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(developers\.|www\.)?500px\.com$" name="^(landing_page|onboarding|referrer_type|upload_cta)$" /-->
+	<!--securecookie host="^\.500px\.com$" name="^_hpx1$" /-->
+
+	<securecookie host="^(?:(?:prime|www)\.)?500px\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/500px.org.xml b/src/chrome/content/rules/500px.org.xml
new file mode 100644
index 000000000000..7b8fc39a8167
--- /dev/null
+++ b/src/chrome/content/rules/500px.org.xml
@@ -0,0 +1,37 @@
+<!--
+	For other 500px coverage, see 500px.com.xml.
+
+	Invalid certificate:
+		500px.org
+		www.500px.org
+
+	Different content http/https:
+		assetcdn2.500px.org
+
+	No working URL known:
+		pgcdn.500px.org
+		prcdn.500px.org
+-->
+<ruleset name="500px.org (partial)">
+
+	<target host="assetcdn.500px.org" />
+		<test url="http://assetcdn.500px.org/assets/static_pages/home/home_feed-2cdb8fbf9e98212d61e977b0149c0b18.jpg" />
+	<target host="dlcdn.500px.org" />
+	<target host="drscdn.500px.org" />
+		<test url="http://drscdn.500px.org/user_avatar/2403507/q%3D85_w%3D100_h%3D100/v2?webp=true&amp;v=6&amp;sig=7d0ccb896d7d259e3bca7f573ff040c21dc18706e2e74b64e662c9105abe621a" />
+	<target host="mktcdn.500px.org" />
+	<target host="pacdn.500px.org" />
+		<test url="http://pacdn.500px.org/7414565/dcd94655030015b53af308862d328d74f0feb6e4/cover_2048.jpg" />
+	<target host="ppcdn.500px.org" />
+		<test url="http://ppcdn.500px.org/96496237/c4fed65b554428956caf9c1792fbe9ad88131b24/2048.jpg" />
+	<target host="primecdn.500px.org" />
+
+		<!--	404:
+				-->
+		<exclusion pattern="^http://(asset|drs|pa|pp)cdn\.500px\.org/$" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/508surveys.com.xml b/src/chrome/content/rules/508surveys.com.xml
deleted file mode 100644
index 22bedea4fde5..000000000000
--- a/src/chrome/content/rules/508surveys.com.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	Expired 2010-11-24
-
--->
-<ruleset name="508surveys.com" default_off="expired">
-
-	<target host="508surveys.com" />
-	<target host="www.508surveys.com" />
-
-
-	<securecookie host="^508surveys\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?508surveys\.com/"
-		to="https://508surveys.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/50gameslike.com.xml b/src/chrome/content/rules/50gameslike.com.xml
new file mode 100644
index 000000000000..80d3ebe20c9e
--- /dev/null
+++ b/src/chrome/content/rules/50gameslike.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="50gameslike.com">
+	<target host="50gameslike.com" />
+	<target host="www.50gameslike.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/511tactical.com.xml b/src/chrome/content/rules/511tactical.com.xml
new file mode 100644
index 000000000000..d30718f0d489
--- /dev/null
+++ b/src/chrome/content/rules/511tactical.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="511tactical.com">
+  <target host="511tactical.com" />
+  <target host="www.511tactical.com" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/512_Pixels.xml b/src/chrome/content/rules/512_Pixels.xml
index 031df2a27d7c..fdbff58ff261 100644
--- a/src/chrome/content/rules/512_Pixels.xml
+++ b/src/chrome/content/rules/512_Pixels.xml
@@ -1,13 +1,13 @@
-<ruleset name="512 Pixels">
+<ruleset name="512 Pixels.net">
 
 	<target host="512pixels.net" />
-	<target host="*.512pixels.net" />
+	<target host="www.512pixels.net" />
 
 
-	<securecookie host="^\.512pixels\.net$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(www\.)?512pixels\.net/"
-		to="https://$1512pixels.net/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/51fanli.net.xml b/src/chrome/content/rules/51fanli.net.xml
new file mode 100644
index 000000000000..5db79933ec03
--- /dev/null
+++ b/src/chrome/content/rules/51fanli.net.xml
@@ -0,0 +1,34 @@
+
+<!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Fetch error: http://static.51fanli.net/ => https://static.51fanli.net/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	For other Fanli coverage, see Fanli.com.xml.
+
+  Expired Certificate:
+    imagefile.51fanli.net
+-->
+
+<ruleset name="51fanli.net">
+	<target host="51fanli.net" />
+	<target host="imagefile2.51fanli.net" />
+	<target host="l0.51fanli.net" />
+	<target host="l1.51fanli.net" />
+	<target host="l2.51fanli.net" />
+	<target host="l3.51fanli.net" />
+	<target host="l4.51fanli.net" />
+	<target host="spic0.51fanli.net" />
+	<target host="spic1.51fanli.net" />
+	<target host="spic2.51fanli.net" />
+	<target host="spic3.51fanli.net" />
+	<target host="spic4.51fanli.net" />
+	<target host="spic5.51fanli.net" />
+	<!-- target host="static.51fanli.net" /-->
+	<target host="static2.51fanli.net" />
+	<target host="www.51fanli.net" />
+
+	<securecookie host="^\w" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/55ch.org.xml b/src/chrome/content/rules/55ch.org.xml
new file mode 100644
index 000000000000..d1bb32bf6765
--- /dev/null
+++ b/src/chrome/content/rules/55ch.org.xml
@@ -0,0 +1,19 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://55ch.org/ => https://55ch.org/: (35, 'error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure')
+Fetch error: http://www.55ch.org/ => https://www.55ch.org/: (7, 'Failed to connect to www.55ch.org port 443: Connection refused')
+
+-->
+<ruleset name="55ch.org" default_off="failed ruleset test">
+
+	<target host="55ch.org" />
+	<target host="www.55ch.org" />
+
+
+	<securecookie host="^\.55ch\.org$" name="^__cfduid$" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/55chan.org.xml b/src/chrome/content/rules/55chan.org.xml
new file mode 100644
index 000000000000..eafa00d4d218
--- /dev/null
+++ b/src/chrome/content/rules/55chan.org.xml
@@ -0,0 +1,12 @@
+<ruleset name="55chan.org">
+
+	<target host="55chan.org" />
+	<target host="www.55chan.org" />
+
+
+	<securecookie host="^\.55chan\.org$" name="^__cfduid$" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/58.com.xml b/src/chrome/content/rules/58.com.xml
new file mode 100644
index 000000000000..c3b56b8d1a20
--- /dev/null
+++ b/src/chrome/content/rules/58.com.xml
@@ -0,0 +1,57 @@
+<!--
+	MCB:
+		about.58.com	( https://about.58.com/info/del-menu.html )
+		down.58.com		( https://down.58.com/home.html )
+		jiaoyu.58.com
+		m.58.com
+		post.58.com
+		qy.58.com
+		weixin.58.com
+		zhaombiao.58.com	( only break track. )
+
+	Mismatched:
+		api.bangbang.58.com
+		pic2.58.com		( https://pic2.58.com/m58/app58/m_static/home.html )
+		api.wireless.58.com
+		api.wap.58.com
+    flash.bangbang.58.com
+
+	Redirects to 404 error page:
+		^58.com
+		www.58.com
+		e.58.com
+		jiaoyou.58.com
+		jing.58.com
+		verifycode.58.com
+		(city).58.com	( bj.58.com and so on. )
+
+  502
+    tracklog.58.com
+-->
+
+<ruleset name="58.com (partial)">
+	<target host="404.58.com" />
+	<target host="api.58.com" />
+		<test url="http://api.58.com/comm/nearCities-bj" />
+	<target host="cube.58.com" />
+		<test url="http://cube.58.com/cube/loadPromotionData" />
+	<target host="dk.58.com" />
+	<target host="auth.finance.58.com" />
+	<target host="jinrong.58.com" />
+	<target host="message.58.com" />
+		<test url="http://message.58.com/api/msgcount/" />
+	<target host="my.58.com" />
+	<target host="passport.58.com" />
+	<target host="static.58.com" />
+	<target host="status.58.com" />
+	<target host="tuiguang.58.com" />
+	<target host="refresh.vip.58.com" />
+		<test url="http://refresh.vip.58.com/common/novipprice" />
+	<target host="wap.58.com" />
+	<target host="zhaobiao.58.com" />
+		<test url="http://zhaobiao.58.com/app/download/index" />
+
+	<securecookie host="^\w" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/58CDN.com.cn.xml b/src/chrome/content/rules/58CDN.com.cn.xml
new file mode 100644
index 000000000000..fe2ff184a651
--- /dev/null
+++ b/src/chrome/content/rules/58CDN.com.cn.xml
@@ -0,0 +1,33 @@
+<!--
+	Incorrect cert chain:
+		sdl.58cdn.com.cn ( http://sdl.58cdn.com.cn/productor/2016/v7.6.5_batch/58client_v7.6.5_3.apk )
+-->
+
+<ruleset name="58CDN.com.cn">
+	<target host="c.58cdn.com.cn" />
+	<target host="img.58cdn.com.cn" />
+	<target host="j1.58cdn.com.cn" />
+	<target host="j2.58cdn.com.cn" />
+	<target host="j3.58cdn.com.cn" />
+	<target host="pic1.58cdn.com.cn" />
+	<target host="pic2.58cdn.com.cn" />
+	<target host="pic3.58cdn.com.cn" />
+	<target host="pic4.58cdn.com.cn" />
+	<target host="pic5.58cdn.com.cn" />
+	<target host="pic6.58cdn.com.cn" />
+	<target host="pic7.58cdn.com.cn" />
+	<target host="pic8.58cdn.com.cn" />
+	<target host="t1.58cdn.com.cn" />
+	<target host="t2.58cdn.com.cn" />
+	<target host="t3.58cdn.com.cn" />
+	<target host="t4.58cdn.com.cn" />
+		<test url="http://c.58cdn.com.cn/ds/other/tuiguang/base_v0.css" />
+		<test url="http://img.58cdn.com.cn/ds/other/tuiguang/e58_ico.png" />
+		<test url="http://j1.58cdn.com.cn/jxedt/import_inform.pdf" />
+		<test url="http://pic1.58cdn.com.cn/p1/big/n_v1bl2lwkm45sevpuuk6isq.jpg" />
+		<test url="http://t1.58cdn.com.cn/bidding/tiny/n_v1bj3gzr2u4ervr6x3j4aq.jpg" />
+
+	<securecookie host="^\w" name=".+" />
+
+	<rule from="^http:"	to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/5NINES.xml b/src/chrome/content/rules/5NINES.xml
index e801aa8a0c0f..3c9f0edad71e 100644
--- a/src/chrome/content/rules/5NINES.xml
+++ b/src/chrome/content/rules/5NINES.xml
@@ -1,19 +1,22 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://portal.5ninesdata.com/ => https://portal.5ninesdata.com/: (28, 'Connection timed out after 20001 milliseconds')
+
 	Nonfunctional domains:
 
 		- (www.)5nines.com		(rx_record_too_long)
 		- (www.)enjoy5nines.com		(ditto)
 
 -->
-<ruleset name="5NINES (partial)">
+<ruleset name="5NINES (partial)" default_off="failed ruleset test">
 
 	<target host="portal.5ninesdata.com" />
 
 
-	<securecookie host="^portal\.5ninesdata\.com$" name=".*" />
+	<securecookie host="^portal\.5ninesdata\.com$" name=".+" />
 
 
-	<rule from="^http://portal\.5ninesdata\.com/"
-		to="https://portal.5ninesdata.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/5_July.org.xml b/src/chrome/content/rules/5_July.org.xml
new file mode 100644
index 000000000000..03045fe68084
--- /dev/null
+++ b/src/chrome/content/rules/5_July.org.xml
@@ -0,0 +1,17 @@
+<ruleset name="5 July.org">
+
+	<target host="5july.org" />
+	<target host="hax.5july.org" />
+	<target host="www.5july.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^5july\.org$" name="^woocommerce_recently_viewed$" /-->
+
+	<securecookie host="^5july\.org$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/5ch.xml b/src/chrome/content/rules/5ch.xml
new file mode 100644
index 000000000000..dc7c80a0d85c
--- /dev/null
+++ b/src/chrome/content/rules/5ch.xml
@@ -0,0 +1,44 @@
+<ruleset name="5ch.net">
+	<target host="5ch.net" />
+	<target host="*.5ch.net" />
+	<test url="http://www2.5ch.net/" />
+	<test url="http://itest.5ch.net/" />
+	<test url="http://premium.5ch.net/" />
+	<test url="http://be.5ch.net/" />
+	<test url="http://i.5ch.net/" />
+	<test url="http://headline.5ch.net/" />
+	<test url="http://newsnavi.5ch.net/" />
+	<test url="http://info.5ch.net/" />
+	<test url="http://o.5ch.net/" />
+	<test url="http://stat.5ch.net/" />
+	<test url="http://find.5ch.net/" />
+	<test url="http://menu.5ch.net/" />
+	<test url="http://dig.5ch.net/" />
+	<test url="http://qb5.5ch.net/" />
+
+	<test url="http://agree.5ch.net/" />
+	<test url="http://asahi.5ch.net/" />
+	<test url="http://egg.5ch.net/" />
+	<test url="http://fate.5ch.net/" />
+	<test url="http://hayabusa9.5ch.net/" />
+	<test url="http://hebi.5ch.net/" />
+	<test url="http://himawari.5ch.net/" />
+	<test url="http://krsw.5ch.net/" />
+	<test url="http://lavender.5ch.net/" />
+	<test url="http://leia.5ch.net/" />
+	<test url="http://mao.5ch.net/" />
+	<test url="http://matsuri.5ch.net/" />
+	<test url="http://medaka.5ch.net/" />
+	<test url="http://mevius.5ch.net/" />
+	<test url="http://nhk2.5ch.net/" />
+	<test url="http://rio2016.5ch.net/" />
+	<test url="http://rosie.5ch.net/" />
+	<test url="http://swallow.5ch.net/" />
+	<test url="http://tanuki.5ch.net/" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/5dec.ru.xml b/src/chrome/content/rules/5dec.ru.xml
new file mode 100644
index 000000000000..838376b7c304
--- /dev/null
+++ b/src/chrome/content/rules/5dec.ru.xml
@@ -0,0 +1,6 @@
+<ruleset name="5dec.ru">
+	<target host="5dec.ru" />
+	<target host="www.5dec.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/5ka.ru.xml b/src/chrome/content/rules/5ka.ru.xml
new file mode 100644
index 000000000000..bdcaf98274dd
--- /dev/null
+++ b/src/chrome/content/rules/5ka.ru.xml
@@ -0,0 +1,9 @@
+<ruleset name="5ka.ru">
+	<target host="5ka.ru" />
+	<target host="www.5ka.ru" />
+	<target host="dev3000.5ka.ru" />
+	<target host="my.5ka.ru" />
+	<target host="new.5ka.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/5min.com.xml b/src/chrome/content/rules/5min.com.xml
index 45dcdbb2f776..b7fcc5b390e4 100644
--- a/src/chrome/content/rules/5min.com.xml
+++ b/src/chrome/content/rules/5min.com.xml
@@ -1,4 +1,19 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://spthumbnails.5min.com/10392461/519623035_3v1_300_170.jpg => https://spthumbnails.5min.com/10392461/519623035_3v1_300_170.jpg: (6, 'Could not resolve host: spthumbnails.5min.com')
+Fetch error: http://admin.5min.com/ => https://admin.5min.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://files.5min.com/ => https://files.5min.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://l.5min.com/ => https://l.5min.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://spthumbnails.5min.com/ => https://spthumbnails.5min.com/: (6, 'Could not resolve host: spthumbnails.5min.com')
+Fetch error: http://syn.5min.com/ => https://syn.5min.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://thumbnails.5min.com/ => https://thumbnails.5min.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://videos.5min.com/ => https://videos.5min.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.5min.com/ => https://www.5min.com/: (7, 'Failed to connect to www.5min.com port 443: Connection refused')
+Fetch error: http://5min.com/ => https://www.5min.com/: (7, 'Failed to connect to www.5min.com port 443: Connection refused')
+Fetch error: http://athumbnails.5min.com/ => https://thumbnails.5min.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://pthumbnails.5min.com/ => https://thumbnails.5min.com/: (60, 'SSL certificate problem: certificate has expired')
+
 	For other AOL coverage, see AOL.xml.
 
 
@@ -38,24 +53,51 @@
 
 	Problematic 5min.com subdomains:
 
+		- ^ ¹
 		- [ap]shared *
 		- [ap]thumbnails *
 
+	¹ Refused
 	* Akamai
 
 -->
-<ruleset name="5min (partial)">
+<ruleset name="5min.com (partial)" default_off="failed ruleset test">
 
+	<!--	Direct rewrites:
+				-->
+	<target host="admin.5min.com" />
+	<target host="api.5min.com" />
+	<target host="embed.5min.com" />
+	<target host="files.5min.com" />
+	<target host="l.5min.com" />
+	<target host="shared.5min.com" />
+	<target host="spthumbnails.5min.com" />
+	<target host="spvideos.5min.com" />
+	<target host="syn.5min.com" />
+	<target host="thumbnails.5min.com" />
+	<target host="videos.5min.com" />
+	<target host="www.5min.com" />
+
+		<test url="http://spthumbnails.5min.com/10392461/519623035_3v1_300_170.jpg" />
+
+	<!--	Complications:
+				-->
 	<target host="5min.com" />
-	<target host="*.5min.com" />
+	<target host="ashared.5min.com" />
+	<target host="athumbnails.5min.com" />
+	<target host="pshared.5min.com" />
+	<target host="pthumbnails.5min.com" />
 
 
-	<rule from="^http://((?:admin|api|embed|files|l|syn|videos|www)\.)?5min\.com/"
-		to="https://$15min.com/" />
+	<rule from="^http://5min\.com/"
+		to="https://www.5min.com/" />
 
 	<!--	shared: Ads
 				-->
-	<rule from="^https?://[ap]?(shared|thumbnails)\.5min\.com/"
+	<rule from="^http://[ap](shared|thumbnails)\.5min\.com/"
 		to="https://$1.5min.com/" />
 
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/5vpn.net.xml b/src/chrome/content/rules/5vpn.net.xml
deleted file mode 100644
index 28162f1587b2..000000000000
--- a/src/chrome/content/rules/5vpn.net.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="5vpn.net">
-
-	<target host="5vpn.net" />
-	<target host="www.5vpn.net" />
-
-
-	<securecookie host="^(?:www\.)?5vpn.net$" name=".+" />
-
-
-	<rule from="^http://(www\.)?5vpn\.net/"
-		to="https://$15vpn.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/64Px.com.xml b/src/chrome/content/rules/64Px.com.xml
new file mode 100644
index 000000000000..b010eaf9dbf6
--- /dev/null
+++ b/src/chrome/content/rules/64Px.com.xml
@@ -0,0 +1,26 @@
+<!--
+
+	Problematic hosts in *64Px.com:
+
+		- blog (mismatch)
+		- chrome (self-signed)
+		- fan (mismatch)
+		- gifts (expired)
+		- www.gifts (self-signed)
+		- instagram (self-signed)
+		- l (mismatch)
+		- notifications.extensions (self-signed)
+		- s3policy (self-signed)
+		- twitter (self-signed)
+		- update (http only)
+
+-->
+<ruleset name="64Px.com">
+
+	<target host="64px.com" />
+	<target host="www.64px.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/680news.com.xml b/src/chrome/content/rules/680news.com.xml
new file mode 100644
index 000000000000..a678585d2d54
--- /dev/null
+++ b/src/chrome/content/rules/680news.com.xml
@@ -0,0 +1,21 @@
+<!--
+	Active mixed content:
+		- player.680news.com
+		- pmd.680news.com
+
+	Invalid certificate:
+		- live.680news.com
+
+	Timed out:
+		- 680news.com, equivalent to www.680news.com
+-->
+
+<ruleset name="680news.com">
+	<target host="680news.com" />
+	<target host="www.680news.com" />
+
+	<rule from="^http://680news\.com/"
+		to="https://www.680news.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/6Wunderkinder.xml b/src/chrome/content/rules/6Wunderkinder.xml
index 73b1949be875..d6503316b982 100644
--- a/src/chrome/content/rules/6Wunderkinder.xml
+++ b/src/chrome/content/rules/6Wunderkinder.xml
@@ -1,10 +1,4 @@
-<!--
-	Other 6Wunderkinder rulesets:
-
-		- Wunderlist.xml
-
--->
-<ruleset name="6Wunderkinder (partial)" default_off="mismatch">
+<ruleset name="6Wunderkinder (partial)" default_off="mismatched">
 
 	<!--	*.gridlayer.net	-->
 	<target host="6wunderkinder.com" />
@@ -13,7 +7,7 @@
 
 	<!--	At least some pages redirect recursively.
 		!www doesn't work.	-->
-	<rule from="^https?://(?:www\.)?6wunderkinder\.com/(6-Wunderkinder-Logo\.png|favicon\.ico|wp-content/)"
+	<rule from="^http://(?:www\.)?6wunderkinder\.com/(6-Wunderkinder-Logo\.png|favicon\.ico|wp-content/)"
 		to="https://www.6wunderkinder.com/$1" />
 
 
diff --git a/src/chrome/content/rules/6connect.com.xml b/src/chrome/content/rules/6connect.com.xml
new file mode 100644
index 000000000000..346041c51c13
--- /dev/null
+++ b/src/chrome/content/rules/6connect.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="6connect.com">
+
+	<target host="6connect.com" />
+	<target host="www.6connect.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/6xq.net.xml b/src/chrome/content/rules/6xq.net.xml
index 0d7cc133cb9c..41c0554a742a 100644
--- a/src/chrome/content/rules/6xq.net.xml
+++ b/src/chrome/content/rules/6xq.net.xml
@@ -1,10 +1,16 @@
-<ruleset name="6xq.net (CAcert)" platform="cacert">
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+			 - ns.6xq.net
 
-	<target host="6xq.net"/>
-	<target host="www.6xq.net"/>
+    Connection refused:
+      - luna.6xq.net
 
-	<!--	cert !match www		-->
-	<rule from="^http://(?:www\.)?6xq\.net/"
-		to="https://6xq.net/"/>
+-->
+<ruleset name="6xq.net">
+	<target host="6xq.net" />
 
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/7-Eleven.com.xml b/src/chrome/content/rules/7-Eleven.com.xml
new file mode 100644
index 000000000000..cbbdbba3b91b
--- /dev/null
+++ b/src/chrome/content/rules/7-Eleven.com.xml
@@ -0,0 +1,22 @@
+<!--
+	Non-functional hosts
+		Timeout was reached:
+		- 7-eleven.com
+		- realestate.7-eleven.com
+		- www.realestate.7-eleven.com
+
+		SSL peer certificate was not OK:
+		- apply.7-eleven.com
+		- blog.franchise.7-eleven.com
+		- sites.7-eleven.com
+-->
+<ruleset name="7-Eleven.com (partial)">
+	<target host="www.7-eleven.com" />
+	<target host="careers.7-eleven.com" />
+	<target host="corp.7-eleven.com" />
+	<target host="franchise.7-eleven.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/7-Zip.org.xml b/src/chrome/content/rules/7-Zip.org.xml
new file mode 100644
index 000000000000..de74249a118c
--- /dev/null
+++ b/src/chrome/content/rules/7-Zip.org.xml
@@ -0,0 +1,12 @@
+<ruleset name="7-Zip.org">
+
+	<target host="7-zip.org" />
+	<target host="www.7-zip.org" />
+	<target host="d.7-zip.org" />
+	<target host="dl.7-zip.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/77777i.com.xml b/src/chrome/content/rules/77777i.com.xml
deleted file mode 100644
index 50ad7fc7c537..000000000000
--- a/src/chrome/content/rules/77777i.com.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="77777i.com">
-
-	<target host="77777i.com" />
-	<target host="*.77777i.com" />
-
-
-	<securecookie host="^(?:w*\.)?77777i\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?77777i\.com/"
-		to="https://$177777i.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/7_Elements.co.uk.xml b/src/chrome/content/rules/7_Elements.co.uk.xml
new file mode 100644
index 000000000000..682ff45af2dd
--- /dev/null
+++ b/src/chrome/content/rules/7_Elements.co.uk.xml
@@ -0,0 +1,30 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://7elements.co.uk/ (200) => https://7elements.co.uk/ (403)
+
+	Insecure cookies are set for these hosts:
+
+		- 7elements.co.uk
+		- www.7elements.co.uk
+
+-->
+<ruleset name="7 Elements.co.uk" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="7elements.co.uk" />
+	<target host="www.7elements.co.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?7elements\.co\.uk$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^(?:www\.)?7elements\.co\.uk$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/7_Springs.com.xml b/src/chrome/content/rules/7_Springs.com.xml
index 3f02044072e9..e664eb7b535e 100644
--- a/src/chrome/content/rules/7_Springs.com.xml
+++ b/src/chrome/content/rules/7_Springs.com.xml
@@ -1,4 +1,7 @@
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://7springs.com/ => https://7springs.com/: (7, 'Failed to connect to 7springs.com port 443: Connection refused')
+Fetch error: http://www.7springs.com/ => https://www.7springs.com/: (7, 'Failed to connect to www.7springs.com port 443: Connection refused')
 	Seven Springs Mountain Resort
 
 
@@ -21,7 +24,6 @@
 	<securecookie host="^(?:www\.)?7springs\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?7springs\.com/"
-		to="https://$17springs.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/7chan.xml b/src/chrome/content/rules/7chan.xml
index c66e1505d759..21add2a99dab 100644
--- a/src/chrome/content/rules/7chan.xml
+++ b/src/chrome/content/rules/7chan.xml
@@ -1,6 +1,25 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .7chan.org
+
+-->
 <ruleset name="7chan">
-  <target host="7chan.org" />
-  <target host="www.7chan.org" />
 
-  <rule from="^http://(?:www\.)?7chan\.org/" to="https://7chan.org/"/>
+	<!--	Direct rewrites:
+				-->
+	<target host="7chan.org" />
+	<target host="www.7chan.org" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.7chan\.org$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.7chan\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/7digital.xml b/src/chrome/content/rules/7digital.xml
index 493f95bbd855..08e22129a2fe 100644
--- a/src/chrome/content/rules/7digital.xml
+++ b/src/chrome/content/rules/7digital.xml
@@ -1,52 +1,48 @@
 <!--
-	CDN buckets:
+	Other 7digital rulesets:
 
-		- orig-10003.7digital.cotcdn.net
+		- 7static.com.xml
 
-		- orig-10010.7digital.cotcdn.net
 
-			- cdn22
+	CDN buckets:
 
+		- orig-10003.7digital.cotcdn.net
+		- orig-10010.7digital.cotcdn.net
 		- orig-10012.7digital.cotcdn.net
-
-			- css.cdn
-
 		- cdn.7static.com.global.prod.fastly.net
 
-			- cdn
-
-
-	Problematic domains:
 
-		- 7digital.com
+	Nonfunctional hosts in *7digital.com:
 
-		- 7static.com subdomains:
+		- about ¹
+		- developers ¹
+		- help ²
 
-			- cdn.7static.com		(mismatched, CN: *.a.ssl.fastly.net)
-			- css.cdn.7static.com *
-			- cdn22 *
+	¹ Refused
+	² Zendesk
 
-	* Reset
 
-
-	Partially covered domains:
-
-		- cdn.7static.com	(static/img/ redirects back)
+	^7digital.com: Dropped
 
 -->
-<ruleset name="7digital (partial)">
+<ruleset name="7digital.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="api.7digital.com" />
+	<target host="css-cdn.7digital.com" />
+	<target host="us.7digital.com" />
+	<target host="www.7digital.com" />
 
+	<!--	Complications:
+				-->
 	<target host="7digital.com" />
-	<target host="*.7digital.com" />
-		<exclusion pattern="^https?://(?:us\.|www\.)?7digital\.com/(?!(?:help|sign(?:in|up))(?:$|\?|/)|s/|static/)" />
-		<exclusion pattern="^https?://cdn\.7static\.com/static/img/" />
-	<target host="*.7static.com" />
 
 
-	<rule from="^https?://(?:(?:css\.)?cdn(?:22)?\.|www\.)?7(?:digital|static)\.com/"
+	<rule from="^http://7digital\.com/"
 		to="https://www.7digital.com/" />
 
-	<rule from="^http://(api|us)\.7digital\.com/"
-		to="https://$1.7digital.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/7eer.net.xml b/src/chrome/content/rules/7eer.net.xml
new file mode 100644
index 000000000000..b7832bd222a7
--- /dev/null
+++ b/src/chrome/content/rules/7eer.net.xml
@@ -0,0 +1,33 @@
+<!--
+	For other Impact Radius coverage, see Impact-Radius.xml.
+
+
+	Insecure cookies are set for these hosts:
+
+		- hilton.7eer.net
+
+
+	Included on 3rd-party websites.
+
+-->
+<ruleset name="7eer.net">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="7eer.net" />
+	<target host="hilton.7eer.net" />
+	<target host="manilla.7eer.net" />
+	<target host="www.7eer.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^hilton\.7eer\.net$" name="^AWSELB$" /-->
+
+	<securecookie host=".*\.7eer\.net$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/7static.com.xml b/src/chrome/content/rules/7static.com.xml
new file mode 100644
index 000000000000..377fc77a9f47
--- /dev/null
+++ b/src/chrome/content/rules/7static.com.xml
@@ -0,0 +1,15 @@
+<!--
+ 	For other 7digital coverage, see 7digital.xml.
+
+-->
+<ruleset name="7static.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="artwork-cdn.7static.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/7x7-journal.ru.xml b/src/chrome/content/rules/7x7-journal.ru.xml
new file mode 100644
index 000000000000..2ca082a1a489
--- /dev/null
+++ b/src/chrome/content/rules/7x7-journal.ru.xml
@@ -0,0 +1,10 @@
+<!-- www. mismatch
+old. mismatch -->
+<ruleset name="7x7-journal.ru">
+	<target host="7x7-journal.ru" />
+	<target host="www.7x7-journal.ru" />
+	<target host="static.7x7-journal.ru" />
+	<rule from="^http://www\.7x7-journal\.ru/"
+		to="https://7x7-journal.ru/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/80.lv.xml b/src/chrome/content/rules/80.lv.xml
new file mode 100644
index 000000000000..eb72f012fbd9
--- /dev/null
+++ b/src/chrome/content/rules/80.lv.xml
@@ -0,0 +1,10 @@
+<ruleset name="80.lv">
+	<target host="80.lv" />
+	<target host="www.80.lv" />
+	<target host="cdn.80.lv" />
+	<target host="beta.80.lv" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/800HelpFla.com.xml b/src/chrome/content/rules/800HelpFla.com.xml
new file mode 100644
index 000000000000..fd2086bee703
--- /dev/null
+++ b/src/chrome/content/rules/800HelpFla.com.xml
@@ -0,0 +1,20 @@
+<!--
+	Invalid certificate:
+		800helpfla.com
+		www.800helpfla.com
+
+	Secure connection failed:
+		app1.800helpfla.com
+
+-->
+<ruleset name="800HelpFla.com (partial)">
+	<target host="chat.800helpfla.com" />
+		<test url="http://chat.800helpfla.com/HPPC/hppcwis.dll?varUserRequest=REQ_WEBCHAT_MAIN" />
+	<target host="csapp.800helpfla.com" />
+		<test url="http://csapp.800helpfla.com/csrep/" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/80s_Purple.com.xml b/src/chrome/content/rules/80s_Purple.com.xml
index bda1a0ece3bd..0c6bb197559e 100644
--- a/src/chrome/content/rules/80s_Purple.com.xml
+++ b/src/chrome/content/rules/80s_Purple.com.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://80spurple.com/ => https://80spurple.com/: (28, 'Operation timed out after 15001 milliseconds with 0 bytes received')
+
 	CDN buckets:
 
 		- smhttp.11993.nexcesscdn.net
@@ -28,7 +32,9 @@
 <ruleset name="80s Purple.com">
 
 	<target host="80spurple.com" />
-	<target host="*.80spurple.com" />
+	<target host="smcdn.80spurple.com" />
+	<target host="news.80spurple.com" />
+	<target host="www.80spurple.com" />
 
 
 	<securecookie host=".*\.80spurple\.com$" name=".+" />
@@ -37,4 +43,4 @@
 	<rule from="^http://(?:smcdn\.|(news\.|www\.))?80spurple\.com/"
 		to="https://$180spurple.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/888173.net-falsemixed.xml b/src/chrome/content/rules/888173.net-falsemixed.xml
new file mode 100644
index 000000000000..fffe526cc5bd
--- /dev/null
+++ b/src/chrome/content/rules/888173.net-falsemixed.xml
@@ -0,0 +1,13 @@
+<!--
+	For rules not causing false/broken MCB, see 888173.net.xml.
+
+-->
+<ruleset name="888173.net (false MCB)" platform="mixedcontent">
+
+	<target host="www.888173.net" />
+
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/888173.net.xml b/src/chrome/content/rules/888173.net.xml
new file mode 100644
index 000000000000..70b4a871ac3d
--- /dev/null
+++ b/src/chrome/content/rules/888173.net.xml
@@ -0,0 +1,27 @@
+<!--
+	For rules causing false/broken MCB, see 888173.net-falsemixed.xml.
+
+
+	Mixed content:
+
+		- css from $self ¹
+		- Images from $self ¹
+		- Ads/bugs from various domains ²
+
+	¹ Secured by us
+	² Unsecurable
+
+-->
+<ruleset name="888173.net (partial)">
+
+	<target host="888173.net" />
+	<target host="www.888173.net" />
+		<!--
+			Avoid false/broken MCB:
+						-->
+		<exclusion pattern="^http://www\.888173\.net/+(?!favicon\.ico|wp-content/|wp-includes/)" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/888VoIP.com.xml b/src/chrome/content/rules/888VoIP.com.xml
index 1e4da445b5c6..b0824b616e25 100644
--- a/src/chrome/content/rules/888VoIP.com.xml
+++ b/src/chrome/content/rules/888VoIP.com.xml
@@ -1,13 +1,19 @@
-<ruleset name="888VoIP.com">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://888voip.com/ => https://888voip.com/: Too many redirects while fetching 'https://888voip.com/'
+Fetch error: http://www.888voip.com/ => https://www.888voip.com/: Too many redirects while fetching 'https://www.888voip.com/'
+
+-->
+<ruleset name="888VoIP.com" default_off="failed ruleset test">
 
 	<target host="888voip.com" />
-	<target host="*.888voip.com" />
+	<target host="www.888voip.com" />
 
 
 	<securecookie host="^(?:[w.]*\.)?888voip\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?888voip\.com/"
-		to="https://$1888voip.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/8ch.net.xml b/src/chrome/content/rules/8ch.net.xml
new file mode 100644
index 000000000000..24e9d5f9e353
--- /dev/null
+++ b/src/chrome/content/rules/8ch.net.xml
@@ -0,0 +1,28 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .8ch.net
+
+-->
+<ruleset name="8ch.net">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="8ch.net" />
+	<target host="banners.8ch.net" />
+	<target host="media.8ch.net" />
+	<target host="softserve.8ch.net" />
+	<target host="www.8ch.net" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.8ch\.net$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/8tracks.xml b/src/chrome/content/rules/8tracks.xml
index 65a12d744cde..308b6769ec64 100644
--- a/src/chrome/content/rules/8tracks.xml
+++ b/src/chrome/content/rules/8tracks.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.8tracks.com/ => https://www.8tracks.com/: (7, 'Failed to connect to www.8tracks.com port 443: Connection refused')
+
 	CDN buckets:
 
 		- dmuuhinfkryqs.cloudfront.net
@@ -8,16 +12,22 @@
 			- imgix.8tracks.com
 
 -->
-<ruleset name="8tracks">
+<ruleset name="8tracks.com" default_off="failed ruleset test">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="8tracks.com" />
-	<target host="*.8tracks.com" />
+	<target host="www.8tracks.com" />
 
+	<!--	Complications:
+				-->
+	<target host="imgix.8tracks.com" />
 
-	<rule from="^http://(www\.)?8tracks\.com/"
-		to="https://$18tracks.com/" />
 
 	<rule from="^http://imgix\.8tracks\.com/"
 		to="https://8tracks.imgix.net/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/8win88win.com.xml b/src/chrome/content/rules/8win88win.com.xml
deleted file mode 100644
index 570a9d0f32f8..000000000000
--- a/src/chrome/content/rules/8win88win.com.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="8win88win.com">
-
-	<target host="8win88win.com" />
-	<target host="*.8win88win.com" />
-
-
-	<securecookie host="^\.8win88win\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?8win88win\.com/"
-		to="https://$18win88win.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/91.com.xml b/src/chrome/content/rules/91.com.xml
new file mode 100644
index 000000000000..f54a1bdd2f9b
--- /dev/null
+++ b/src/chrome/content/rules/91.com.xml
@@ -0,0 +1,34 @@
+<!--
+	Nonfunctional hosts in *91.com:
+
+		- img1 ᵈ
+
+	ᵈ Dropped
+
+
+	Problematic hosts in *91.com:
+
+		- bcs ᵉ ᵐ ˢ
+		- bc1.img.r1 ᵉ ᵐ ˢ
+
+	ᵉ Expired
+	ᵐ Mismatched
+	ˢ Self-signed
+
+-->
+<ruleset name="91.com (partial)" default_off="expired, mismatched, self-signed">
+
+	<target host="bcs.91.com" />
+	<target host="bcs.img.r1.91.com" />
+
+		<test url="http://bcs.91.com/rbpiczy/soft/2014/10/8/c17097fd5849446b82bffcebfa5fac42/icon_c19454a2e4714f8f8c5d007d04df680d_65.png" />
+		<test url="http://bcs.img.r1.91.com/data/upload/2014/11_20/17/201411201751441776.png" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/95516.com.xml b/src/chrome/content/rules/95516.com.xml
new file mode 100644
index 000000000000..0fa0e5c1d607
--- /dev/null
+++ b/src/chrome/content/rules/95516.com.xml
@@ -0,0 +1,44 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://nmg.95516.com/ => https://nmg.95516.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	See also
+		UnionPay.com.xml
+
+	Mismatch
+		- m.95516.com
+		- mobile.95516.com
+
+	Incomplete certificate chain
+		- sxfs.95516.com
+
+	Refused
+		- air.95516.com
+		- benefits.95516.com
+		- csair.95516.com
+		- hotel.95516.com
+		- travel.95516.com
+
+	Timeout
+		- www.hngd.95516.com
+
+	502
+		- 62.95516.com
+-->
+<ruleset name="95516.com" default_off="failed ruleset test">
+	<target host="95516.com" />
+	<target host="www.95516.com" />
+	<target host="app.95516.com" />
+	<target host="cashier.95516.com" />
+	<target host="hyx.95516.com" />
+	<target host="nmg.95516.com" />
+	<target host="shenka.95516.com" />
+	<target host="resource.shenka.95516.com" />
+	<target host="static.95516.com" />
+	<target host="user.95516.com" />
+	<target host="wallet.95516.com" />
+	<target host="youhui.95516.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/95Bet.com.xml b/src/chrome/content/rules/95Bet.com.xml
deleted file mode 100644
index 39a56f60ca20..000000000000
--- a/src/chrome/content/rules/95Bet.com.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="95Bet.com (partial)">
-
-	<target host="cashier.95bet.com" />
-
-
-	<securecookie host="^cashier\.95bet\.com$" name=".+" />
-
-
-	<rule from="^http://cashier\.95bet\.com/"
-		to="https://cashier.95bet.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/96boards.org.xml b/src/chrome/content/rules/96boards.org.xml
new file mode 100644
index 000000000000..79b2ab8921fa
--- /dev/null
+++ b/src/chrome/content/rules/96boards.org.xml
@@ -0,0 +1,9 @@
+<ruleset name="96boards.org">
+	<target host="96boards.org" />
+	<target host="www.96boards.org" />
+  	<target host="builds.96boards.org" />
+	<target host="lists.96boards.org" />
+	<target host="bugs.96boards.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/972mag.com.xml b/src/chrome/content/rules/972mag.com.xml
new file mode 100644
index 000000000000..b998fcabe88f
--- /dev/null
+++ b/src/chrome/content/rules/972mag.com.xml
@@ -0,0 +1,36 @@
+<!--
+	CDN buckets:
+
+		- d2f1h9jpcesbx3.cloudfront.net
+
+			- (www.)
+
+
+	Mixed content:
+
+		- css from $self *
+
+		- Images from $self *
+
+		- Bugs, from:
+
+			- s7.addthis.com *
+			- www.reddit.com *
+
+	* Secured by us
+
+-->
+<ruleset name="972 Mag.com (partial)">
+
+	<target host="972mag.com" />
+	<target host="www.972mag.com" />
+		<!--
+			Avoid user-visible paths:
+							-->
+		<!--exclusion pattern="^http://(www\.)?972mag\.com/+(?=wp-content/|wp-includes/)" /-->
+
+
+	<rule from="^http://(?:www\.)?972mag\.com/(?=wp-content/|wp-includes/)"
+		to="https://d2f1h9jpcesbx3.cloudfront.net/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/99.se.xml b/src/chrome/content/rules/99.se.xml
deleted file mode 100644
index e4fd2a9ae2c3..000000000000
--- a/src/chrome/content/rules/99.se.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="99.se">
-	<target host="99.se" />
-	<target host="www.99.se" />
-
-	<rule from="^http://99\.se/" to="https://www.99.se/" />
-	<rule from="^http://www\.99\.se/" to="https://www.99.se/" />
-
-    <securecookie host="^www\.99\.se" name=".*" />
-</ruleset>
-
diff --git a/src/chrome/content/rules/99Bitcoins.com.xml b/src/chrome/content/rules/99Bitcoins.com.xml
new file mode 100644
index 000000000000..4289c3c18b54
--- /dev/null
+++ b/src/chrome/content/rules/99Bitcoins.com.xml
@@ -0,0 +1,20 @@
+<!--
+	CDN buckets:
+
+		- 3s1shj19s0di2dovmhkw15h1-wpengine.netdna-ssl.com
+
+-->
+<ruleset name="99Bitcoins.com">
+
+	<target host="99bitcoins.com" />
+	<target host="www.99bitcoins.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+	<securecookie host="^\." name="^_gat?$" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/9anime.to.xml b/src/chrome/content/rules/9anime.to.xml
new file mode 100644
index 000000000000..a364c0bf83f6
--- /dev/null
+++ b/src/chrome/content/rules/9anime.to.xml
@@ -0,0 +1,19 @@
+<ruleset name="9anime.to">
+	<target host="9anime.to" />
+	<target host="www.9anime.to" />
+	<target host="test.9anime.to" />
+	<target host="www1.9anime.to" />
+	<target host="www2.9anime.to" />
+	<target host="www3.9anime.to" />
+	<target host="www4.9anime.to" />
+	<target host="www5.9anime.to" />
+	<target host="www6.9anime.to" />
+	<target host="www7.9anime.to" />
+	<target host="www8.9anime.to" />
+	<target host="www9.9anime.to" />
+	<target host="www10.9anime.to" />
+	<target host="www11.9anime.to" />
+	<target host="www12.9anime.to" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/9gag.com.xml b/src/chrome/content/rules/9gag.com.xml
new file mode 100644
index 000000000000..44b89bcf123f
--- /dev/null
+++ b/src/chrome/content/rules/9gag.com.xml
@@ -0,0 +1,11 @@
+<ruleset name="9GAG.com (partial)">
+	<!-- *.9cache.com -->
+	<target host="*.9cache.com" />
+		<test url="http://assets-9gag-fun.9cache.com/s/fab0aa49/38c7a8cea6cf3426da879c8aef0bb6abae1a5d5e/static/dist/web6/css/gag.css" />
+		<test url="http://assets-comment-fun.9cache.com/s/9a6b6452/34e3af4a9a43f636de49dbcbaf95ca112326e256/static/dist/img/comment-action-sprite.png" />
+		<test url="http://miscmedia-9gag-fun.9cache.com/images/featured/1479170957.3638_dA7Yqe_300.jpg" />
+
+	<securecookie host="9cache\.com$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/9gag.xml b/src/chrome/content/rules/9gag.xml
deleted file mode 100644
index d6db2169b693..000000000000
--- a/src/chrome/content/rules/9gag.xml
+++ /dev/null
@@ -1,45 +0,0 @@
-<!--
-	CDN buckets:
-
-		- d1y9yo7q4hy8a7.cloudfront.net
-		- d24w6bsrhbeh9d.cloudfront.net
-
-
-	Problematic subdomains:
-
-		- t	(works; mismatched, CN: 9gag.com)
-
-
-	Partially covered subdomains:
-
-		- (www.) *
-		- m *
-
-	* Some pages redirect to http.
-
-
-	Fully covered subdomains:
-
-		- admin
-		- api
-		- comment
-
--->
-<ruleset name="9gag (partial)">
-
-	<target host="9gag.com" />
-	<target host="*.9gag.com" />
-		<!--exclusion pattern="^http://(www\.)?9gag\.com/+($|\?|(cute|fresh|gag/\w+|geeky|gif|hot|nsfw|trending)($|\?))" /-->
-		<!--exclusion pattern="^http://(www\.)?9gag\.com/+(?!(about|advertise|faq|login|privacy|recover|signup|tos)($|[?/])|favicon\.ico|img/)" /-->
-		<!--exclusion pattern="^http://m\.9gag\.com/+($|\?|gag/\w+($|\?))" /-->
-		<!--exclusion pattern="^http://m\.9gag\.com/+(?!favicon\.ico|img/|(login|recover|signup)($|\?))" /-->
-		<exclusion pattern="^http://(?:m\.|www\.)?9gag\.com/+(?!(?:about|advertise|faq|login|privacy|recover|signup|tos)(?:$|[?/])|favicon\.ico|img/)" />
-  
-  
-	<securecookie host="^admin\.9gag\.com$" name=".+" />
-
-
-	<rule from="^http://((?:admin|api|comment|m|www)\.)?9gag\.com/"
-		to="https://$19gag.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/9p.io.xml b/src/chrome/content/rules/9p.io.xml
new file mode 100644
index 000000000000..e6ccff92c248
--- /dev/null
+++ b/src/chrome/content/rules/9p.io.xml
@@ -0,0 +1,5 @@
+<ruleset name="9p.io">
+	<target host="9p.io" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/9seeds.xml b/src/chrome/content/rules/9seeds.xml
index 9a5bdfcacee0..40431ba03c0c 100644
--- a/src/chrome/content/rules/9seeds.xml
+++ b/src/chrome/content/rules/9seeds.xml
@@ -1,8 +1,58 @@
-<ruleset name="9seeds (partial)">
+<!--
+	CDN buckets:
 
+		- d3j03r5zbavjdk.cloudfront.net
+
+
+	^9seeds.com: WP Engine
+	www.9seeds.com: /$ Redirects to https://9.../$
+
+
+	Insecure cookies are set for these domains:
+
+		- .9seeds.com
+
+-->
+<ruleset name="9seeds.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.9seeds.com"/>
+
+	<!--	Complications:
+				-->
 	<target host="9seeds.com"/>
 
-	<rule from="^http://(?:www\.)?9seeds\.com/"
-		to="https://d3j03r5zbavjdk.cloudfront.net/"/>
+		<exclusion pattern="^http://(?:www\.)?9seeds\.com/+(?!favicon\.ico|wp-content/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://9seeds.com/about-us/" />
+			<test url="http://9seeds.com/checkout/" />
+			<test url="http://9seeds.com/news/" />
+			<test url="http://9seeds.com/plugins/" />
+			<test url="http://www.9seeds.com/services/" />
+
+			<!--	-ve:
+					-->
+			<test url="http://9seeds.com/favicon.ico" />
+			<test url="http://9seeds.com/wp-content/themes/9seeds2013/images/newsletter-bg.jpg" />
+			<test url="http://www.9seeds.com/favicon.ico" />
+			<test url="http://www.9seeds.com/wp-content/themes/9seeds2013/images/newsletter-bg.jpg" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.9seeds\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.9seeds\.com$" name="^(?:__cfduid|cf_clearance)$" />
+
+
+	<rule from="^http://9seeds\.com/"
+		to="https://www.9seeds.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
 
 </ruleset>
diff --git a/src/chrome/content/rules/9to5google.com.xml b/src/chrome/content/rules/9to5google.com.xml
new file mode 100644
index 000000000000..6658437739fe
--- /dev/null
+++ b/src/chrome/content/rules/9to5google.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="9to5google.com">
+	<target host="9to5google.com" />
+	<target host="www.9to5google.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/9to5mac.com.xml b/src/chrome/content/rules/9to5mac.com.xml
new file mode 100644
index 000000000000..61bdd464cfc1
--- /dev/null
+++ b/src/chrome/content/rules/9to5mac.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="9to5mac.com">
+	<target host="9to5mac.com" />
+	<target host="www.9to5mac.com" />
+	<target host="academy.9to5mac.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/9to5toys.com.xml b/src/chrome/content/rules/9to5toys.com.xml
new file mode 100644
index 000000000000..5aa16d930750
--- /dev/null
+++ b/src/chrome/content/rules/9to5toys.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="9to5toys.com">
+	<target host="9to5toys.com" />
+	<target host="www.9to5toys.com" />
+	<target host="specials.9to5toys.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/9tv.co.il.xml b/src/chrome/content/rules/9tv.co.il.xml
new file mode 100644
index 000000000000..001299cad4cd
--- /dev/null
+++ b/src/chrome/content/rules/9tv.co.il.xml
@@ -0,0 +1,35 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ad.9tv.co.il/ => https://ad.9tv.co.il/: (51, "SSL: no alternative certificate subject name matches target host name 'ad.9tv.co.il'")
+Fetch error: http://drp.9tv.co.il/ => https://drp.9tv.co.il/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://musketeers.9tv.co.il/ => https://musketeers.9tv.co.il/: (28, 'Connection timed out after 20000 milliseconds')
+
+astore.9tv.co.il ³
+bstore.9tv.co.il ³
+doska.9tv.co.il ¹
+mail.9tv.co.il ³
+mobile.9tv.co.il ¹
+relay.9tv.co.il ³
+zstore.9tv.co.il ³
+sultan.9tv.co.il mixed content
+vek.9tv.co.il mixed content
+
+
+¹ mismatch
+³ timed out
+-->
+<ruleset name="9tv.co.il" default_off="failed ruleset test">
+	<target host="9tv.co.il" />
+	<target host="www.9tv.co.il" />
+	<target host="ad.9tv.co.il" />
+	<target host="autodiscover.9tv.co.il" />
+	<target host="cpanel1.9tv.co.il" />
+	<target host="drp.9tv.co.il" />
+	<target host="food.9tv.co.il" />
+	<target host="golden.9tv.co.il" />
+	<target host="musketeers.9tv.co.il" />
+	<target host="oma.9tv.co.il" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/A-3.ru.xml b/src/chrome/content/rules/A-3.ru.xml
new file mode 100644
index 000000000000..6b738399a606
--- /dev/null
+++ b/src/chrome/content/rules/A-3.ru.xml
@@ -0,0 +1,25 @@
+<ruleset name="a-3.ru">
+	<target host="a-3.ru" />
+	<target host="www.a-3.ru" />
+	<target host="akado.a-3.ru" />
+	<target host="domru.a-3.ru" />
+	<target host="ds-exp.a-3.ru" />
+	<target host="gaz-pay.a-3.ru" />
+	<target host="gazbank.a-3.ru" />
+	<target host="gibdd.a-3.ru" />
+	<target host="inkomus.a-3.ru" />
+	<target host="lider-exp.a-3.ru" />
+	<target host="new.a-3.ru" />
+	<target host="old.a-3.ru" />
+	<target host="pay.a-3.ru" />
+	<target host="pfront.a-3.ru" />
+	<target host="prod.a-3.ru" />
+	<target host="russianpost.a-3.ru" />
+	<target host="shtrafy.a-3.ru" />
+	<target host="sputnik.a-3.ru" />
+	<target host="static.a-3.ru" />
+	<target host="tns-e.a-3.ru" />
+	<target host="tnsmob.a-3.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/A-Small-Orange.xml b/src/chrome/content/rules/A-Small-Orange.xml
index 8e61f1cfac34..992b6e322068 100644
--- a/src/chrome/content/rules/A-Small-Orange.xml
+++ b/src/chrome/content/rules/A-Small-Orange.xml
@@ -1,25 +1,49 @@
 <!--
-	Nonfunctional subdomains:
+	Problematic hosts in *asmallorange.com:
 
-		- blog		(rx_record_too_long)
-		- forums	(ditto)
-		- jobs		(cert: *.theresumator.com; pages 301s to http)
-			- as do they on asmallorange.theresumator.com
+		- forums ¹
+		- jobs ²
+
+	¹ Missing
+	² Shows ^asmallorange.com
 
 -->
-<ruleset name="A Small Orange (partial)">
+<ruleset name="A Small Orange.com">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="asmallorange.com" />
-	<target host="*.asmallorange.com" />
+	<target host="blog.asmallorange.com" />
+	<target host="customers.asmallorange.com" />
+	<target host="status.asmallorange.com" />
+	<target host="www.asmallorange.com" />
+
+	<!--	Complications:
+				-->
+	<target host="forums.asmallorange.com" />
+	<target host="jobs.asmallorange.com" />
 
 
 	<securecookie host="^customers\.asmallorange\.com$" name=".+" />
 
 
-	<rule from="^http://(customers\.|www\.)?asmallorange\.com/"
-		to="https://$1asmallorange.com/" />
+	<!--	Redirect keeps path and args,
+		but not forward slash:
+					-->
+	<rule from="^http://forums\.asmallorange\.com/+"
+		to="https://status.asmallorange.com/" />
+
+		<test url="http://forums.asmallorange.com//" />
+
+	<!--	Redirect keeps path and args,
+		but not forward slash:
+					-->
+	<rule from="^http://jobs\.asmallorange\.com/+"
+		to="https://asmallorange.com/jobs/" />
+
+		<test url="http://jobs.asmallorange.com//" />
 
-	<rule from="^https?://jobs\.asmallorange\.com/css/"
-		to="https://asmallorange.theresumator.com/css/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/A-ads.com.xml b/src/chrome/content/rules/A-ads.com.xml
index f4f126052dfa..98981c322bcf 100644
--- a/src/chrome/content/rules/A-ads.com.xml
+++ b/src/chrome/content/rules/A-ads.com.xml
@@ -6,19 +6,23 @@
 
 		- (www.)
 		- ad
+		- click
 		- static
 
 -->
 <ruleset name="a-ads.com">
 
 	<target host="a-ads.com" />
-	<target host="*.a-ads.com" />
+	<target host="ad.a-ads.com" />
+	<target host="click.a-ads.com" />
+	<target host="static.a-ads.com" />
+	<target host="www.a-ads.com" />
 
 
 	<securecookie host="^a-ads\.com$" name=".+" />
 
 
-	<rule from="^http://((?:ad|static|www)\.)?a-ads\.com/"
-		to="https://$1a-ads.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/A.fsdn.com.xml b/src/chrome/content/rules/A.fsdn.com.xml
deleted file mode 100644
index c542df6c4b70..000000000000
--- a/src/chrome/content/rules/A.fsdn.com.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<!-- slashdot stores most of their stuff here -->
-<ruleset name="FSDN.com">
-	<target host="*.fsdn.com" />
-	<rule from="^http://(a|c)\.fsdn\.com/" to="https://$1.fsdn.com/"/>
-</ruleset>
-
diff --git a/src/chrome/content/rules/A1-Telekom-Austria.xml b/src/chrome/content/rules/A1-Telekom-Austria.xml
index f075e1b9b424..d8bd5ed93666 100644
--- a/src/chrome/content/rules/A1-Telekom-Austria.xml
+++ b/src/chrome/content/rules/A1-Telekom-Austria.xml
@@ -6,35 +6,43 @@
 
 		- (www.)a1blog.net	(cert: www.bfi-stmk.at; shows that domain's data)
 
--->
-<ruleset name="A1 Telekom Austria">
 
-	<target host="a1.net" />
-	<target host="*.a1.net" />
-	<target host="a1community.net" />
-	<!--	* for cross-domain cookie.	-->
-	<target host="*.a1community.net" />
-	<target host="telekom.at" />
-	<target host="www.telekom.at" />
+	Problematic domains:
 
+		- a1community.net ¹
+		- (www.)?telekom.at *
 
-	<securecookie host="^.*\.a1(community)?\.net$" name=".*" />
+	¹ Expired
+	* Handshake fails
 
 
-	<!--	- !www times out over https
-		- !www 302s to http over http
-				-->
-	<rule from="^https?://(?:www\.)?a1\.net/"
-		to="https://www.a1.net/" />
+	Fully covered domains:
+
+		- (www.)?telekom.at	(→ www.a1.net)
 
-	<rule from="^http://(asmp|cdn[123]|mss|shop)\.a1\.net/"
-		to="https://$1.a1.net/" />
+-->
+<ruleset name="A1 Telekom Austria">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="asmp.a1.net" />
+	<target host="cdn1.a1.net" />
+	<target host="cdn2.a1.net" />
+	<target host="cdn3.a1.net" />
+	<target host="mss.a1.net" />
+	<target host="shop.a1.net" />
+	<target host="www.a1.net" />
+	<target host="www.a1community.net" />
+
+	<!--	Complications:
+				-->
+	<target host="a1community.net" />
 
-	<rule from="^http://(www\.)?a1community\.net/"
-		to="https://$1a1community.net/" />
+	<securecookie host="^.*\.a1(?:community)?\.net$" name=".+" />
 
-	<!--	!www doesn't work over https.	-->
-	<rule from="^https?://(?:www\.)?telekom\.at/"
-		to="https://www.telekom.at/" />
+	<rule from="^http://a1community\.net/"
+		to="https://www.a1community.net/" />
 
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/A14_Electronics.com.xml b/src/chrome/content/rules/A14_Electronics.com.xml
new file mode 100644
index 000000000000..d4328c44642b
--- /dev/null
+++ b/src/chrome/content/rules/A14_Electronics.com.xml
@@ -0,0 +1,20 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://a14electronics.com/ => https://a14electronics.com/: (51, "SSL: no alternative certificate subject name matches target host name 'a14electronics.com'")
+
+-->
+<ruleset name="A14 Electronics.com" default_off="failed ruleset test">
+
+	<target host="a14electronics.com" />
+	<target host="www.a14electronics.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<securecookie host="^(?:w*\.)?a14electronics\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/A16z.com.xml b/src/chrome/content/rules/A16z.com.xml
new file mode 100644
index 000000000000..b0bb238c53b2
--- /dev/null
+++ b/src/chrome/content/rules/A16z.com.xml
@@ -0,0 +1,17 @@
+<!--
+	Mixed content:
+
+		- Bugs from platform.twitter.com *
+
+	* Secured by us
+
+-->
+<ruleset name="A16z.com">
+
+	<target host="a16z.com" />
+	<target host="www.a16z.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/A1A_Fast_Cash.xml b/src/chrome/content/rules/A1A_Fast_Cash.xml
deleted file mode 100644
index 6132f206d634..000000000000
--- a/src/chrome/content/rules/A1A_Fast_Cash.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="A1A Fast Cash">
-
-	<target host="a1afastcash.com" />
-	<target host="*.a1afastcash.com" />
-
-
-	<securecookie host="^(?:www)?\.a1afastcash.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?a1afastcash\.com/"
-		to="https://$1a1afastcash.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/A1WebStats.com.xml b/src/chrome/content/rules/A1WebStats.com.xml
new file mode 100644
index 000000000000..fbf857b7ac9a
--- /dev/null
+++ b/src/chrome/content/rules/A1WebStats.com.xml
@@ -0,0 +1,18 @@
+<ruleset name="A1WebStats.com (partial)">
+
+	<target host="a1webstats.com" />
+	<target host="www.a1webstats.com" />
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="http://www\.a1webstats.com/+($|\?)" /-->
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="http://www\.a1webstats.com/+(?!stats/|wp-content/|wp-includes/)" /-->
+
+
+	<rule from="^http://(www\.)?a1webstats\.com/(?=stats/|wp-content/|wp-includes/)"
+		to="https://$1a1webstats.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/A2_Hosting.xml b/src/chrome/content/rules/A2_Hosting.xml
index 0b5b99e74bd2..3b6489623c03 100644
--- a/src/chrome/content/rules/A2_Hosting.xml
+++ b/src/chrome/content/rules/A2_Hosting.xml
@@ -3,17 +3,52 @@
 
 		- community	(no https)
 
+
+	Problematic hosts in *a2hosting.com:
+
+		- piwik *
+
+	* Untrusted root
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .a2hosting.com
+		- my.a2hosting.com
+		- partners.a2hosting.com
+		- www.a2hosting.com
+
+
+	Mixed content:
+
+		- Image on partners from www *
+
+	* Secured by us
+
 -->
-<ruleset name="A2 Hosting (partial)">
+<ruleset name="A2 Hosting.com (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="a2hosting.com" />
-	<target host="*.a2hosting.com" />
+	<target host="my.a2hosting.com" />
+	<target host="partners.a2hosting.com" />
+	<!--target host="piwik.a2hosting.com" /-->
+	<target host="www.a2hosting.com" />
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="\.a2hosting\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+	<!--securecookie host="my\.a2hosting\.com$" name="^WHMCS\w+$" /-->
+	<!--securecookie host="partners\.a2hosting\.com$" name="^_s$" /-->
+	<!--securecookie host="www\.a2hosting\.com$" name="^(?:PHPSESSID|exp_csrf_token|exp_last_activity|exp_last_visit|exp_tracker)$" /-->
 
+	<securecookie host="\.a2hosting\.com$" name="^(?:__cfduid|cf_clearance)$" />
 	<securecookie host=".+\.a2hosting\.com$" name=".+" />
 
 
-	<rule from="^http://(my\.|www\.)?a2hosting\.com/"
-		to="https://$1a2hosting.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/A2e.de.xml b/src/chrome/content/rules/A2e.de.xml
deleted file mode 100644
index 82dd474687f2..000000000000
--- a/src/chrome/content/rules/A2e.de.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="a2e.de">
-
-	<target host="a2e.de" />
-	<target host="www.a2e.de" />
-
-
-	<securecookie host="^a2e\.de$" name=".+" />
-
-
-	<rule from="^http://(www\.)?a2e\.de/"
-		to="https://$1a2e.de/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/A2z.xml b/src/chrome/content/rules/A2z.xml
index b3d13b735d51..51f91e0738ab 100644
--- a/src/chrome/content/rules/A2z.xml
+++ b/src/chrome/content/rules/A2z.xml
@@ -1,11 +1,54 @@
+<!--
+	Nonfunctional subdomains:
+
+		- blog *
+
+	* Mismatched
+
+
+	^: cert only matches www
+
+
+	Mixed content:
+
+		- Images on www from $self
+		- favicon  www from $self
+		- Bug www from s7.addthis.com
+
+-->
 <ruleset name="a2z, Inc (partial)">
 
-	<target host="*.a2zinc.net"/>
+	<target host="a2zinc.net"/>
+	<target host="libs.a2zinc.net"/>
+	<target host="www.a2zinc.net"/>
+
+		<!--exclusion pattern="^http://www\.a2zinc\.net/.+\.aspx$"/-->
+		<exclusion pattern="^http://www\.a2zinc\.net/(?!Show6/custom/newsletter/[\w-]+\.htm|show6/(?:css|custom/flexslider|[Cc]ustom/[Ii]mages|include)/)"/>
+
+			<!--	+ve:
+					-->
+			<test url="http://www.a2zinc.net/show6/public/Content210.aspx" />
+			<test url="http://www.a2zinc.net/show6/public/Content219.aspx" />
+			<test url="http://www.a2zinc.net/show6/public/Content233.aspx" />
+			<test url="http://www.a2zinc.net/show6/public/Content587.aspx" />
+			<test url="http://www.a2zinc.net/show6/public/enter.aspx" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.a2zinc.net/show6/Custom/Images/Interface/Masthead.png" />
+			<test url="http://www.a2zinc.net/show6/custom/css/1.css" />
+			<test url="http://www.a2zinc.net/show6/custom/flexslider/flexslider.css" />
+			<test url="http://www.a2zinc.net/show6/custom/images/interface/favicon.ico" />
+			<test url="http://www.a2zinc.net/Show6/custom/newsletter/a2z-Inc-Newsletter-February-2015.htm" />
+			<test url="http://www.a2zinc.net/show6/include/css/site.css" />
+
+		<test url="http://libs.a2zinc.net/common/assets/bs/css/bs.min.css" />
+
 
-		<exclusion pattern="http://www\..+/$"/>
-		<exclusion pattern=".+\.aspx$"/>
+	<rule from="^http://a2zinc\.net/"
+		to="https://www.a2zinc.net/" />
 
-	<rule from="^http://(\w+)\.a2zinc\.net/"
-		to="https://$1.a2zinc.net/"/>
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/A3li.li.xml b/src/chrome/content/rules/A3li.li.xml
new file mode 100644
index 000000000000..c56b943cabf1
--- /dev/null
+++ b/src/chrome/content/rules/A3li.li.xml
@@ -0,0 +1,34 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+		- shibireei.a3li.li
+
+		Timeout was reached:
+		- izu.a3li.li
+
+		SSL peer certificate was not OK:
+		- starfish.a3li.li
+
+		Peer certificate cannot be authenticated with given CA certificates:
+		- a3li.li
+		- www.a3li.li
+		- gen2.a3li.li
+		- git.a3li.li
+		- mail.a3li.li
+		- mail2.a3li.li
+		- redmine.a3li.li
+		- shoku.a3li.li
+-->
+<ruleset name="A3li.li" default_off="cert-invalid">
+	<target host="a3li.li" />
+	<target host="www.a3li.li" />
+	<target host="gen2.a3li.li" />
+	<target host="git.a3li.li" />
+	<target host="mail.a3li.li" />
+	<target host="mail2.a3li.li" />
+	<target host="redmine.a3li.li" />
+	<target host="shoku.a3li.li" />
+	<target host="starfish.a3li.li" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/A3li.xml b/src/chrome/content/rules/A3li.xml
deleted file mode 100644
index fe4a9eda23a4..000000000000
--- a/src/chrome/content/rules/A3li.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="a3li" platform="cacert">
-
-	<target host="a3li.li" />
-	<target host="www.a3li.li" />
-
-
-	<rule from="^http://(www\.)?a3li\.li/"
-		to="https://$1a3li.li/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/A4apphack-mismatches.xml b/src/chrome/content/rules/A4apphack-mismatches.xml
index 2b93518a39b6..08202c62838a 100644
--- a/src/chrome/content/rules/A4apphack-mismatches.xml
+++ b/src/chrome/content/rules/A4apphack-mismatches.xml
@@ -1,16 +1,13 @@
-<!--
-	For rules that are on by default, see a4apphack.xml.
-
--->
-<ruleset name="a4apphack (mismatches)" default_off="mismatch">
+<ruleset name="a4apphack (mismatches)" default_off="mismatched">
 
 	<!--	Cert: *.bluehost.com	-->
 	<target host="a4apphack.com" />
-	<target host="*.a4apphack.com" />
+	<target host="www.a4apphack.com" />
+	<target host="apps.a4apphack.com" />
 
 
 	<!--	At least some pages redirect recursively.	-->
-	<rule from="^https?://(?:www\.)?a4apphack\.com/blog/wp-content/"
+	<rule from="^http://(?:www\.)?a4apphack\.com/blog/wp-content/"
 		to="https://a4apphack.com/~afouapph/blog/wp-content/" />
 
 	<!--	Same data with or without subdomain, so minimize
diff --git a/src/chrome/content/rules/A4apphack.xml b/src/chrome/content/rules/A4apphack.xml
deleted file mode 100644
index b74f19706f9b..000000000000
--- a/src/chrome/content/rules/A4apphack.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<!--
-	For problematic rules, see A4apphack-mismatches.xml.
-
--->
-<ruleset name="a4apphack (partial)">
-
-	<target host="img.a4apphack.com" />
-
-
-	<rule from="^https?://img\.a4apphack\.com/"
-		to="https://s3.amazonaws.com/img.a4apphack.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/A4uexpo.com.xml b/src/chrome/content/rules/A4uexpo.com.xml
index 2b47c2710bfa..6c81d0a6a1dd 100644
--- a/src/chrome/content/rules/A4uexpo.com.xml
+++ b/src/chrome/content/rules/A4uexpo.com.xml
@@ -30,7 +30,7 @@
 <ruleset name="a4uexpo.com (false MCB)" default_off="expired" platform="mixedcontent">
 
 	<target host="a4uexpo.com" />
-	<target host="*.a4uexpo.com" />
+	<target host="www.a4uexpo.com" />
 
 
 	<securecookie host="^\.a4uexpo\.com$" name="^__utm\w$" />
@@ -39,4 +39,4 @@
 	<rule from="^http://(?:www\.)?a4uexpo\.com/"
 		to="https://www.a4uexpo.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/A8.net.xml b/src/chrome/content/rules/A8.net.xml
new file mode 100644
index 000000000000..578190266b39
--- /dev/null
+++ b/src/chrome/content/rules/A8.net.xml
@@ -0,0 +1,40 @@
+<!--
+
+	Nonfunctional subdomains:
+
+		- ad	(refused)
+
+	Problematic subdomains:
+
+		- staff	(invalid cert; expired)
+
+-->
+<ruleset name="A8.net">
+
+	<target host="a8.net" />
+	<target host="*.a8.net" />
+
+	<rule from="^http://a8\.net/"
+		to="https://a8.net/" />
+
+
+	<rule from="^http://(ad-api|direct|items|ow|pub|px|rot\d+|rpx|rws|statics|support|www|www\d+)\.a8\.net/"
+		to="https://$1.a8.net/" />
+
+		<test url="http://ad-api.a8.net/api/0/disagree/1ZKSCQ+D8DA8I+NA2+BWGDT" />
+		<test url="http://direct.a8.net/" />
+		<test url="http://items.a8.net/" />
+		<test url="http://ow.a8.net/s00000014283001/redirect.php" />
+		<test url="http://pub.a8.net/cgi-bin/a8/recommend/recom.cgi?rid=s00000000002007" />
+		<test url="http://px.a8.net/svt/ejp?a8mat=popopopop" />
+		<test url="http://rot6.a8.net/sbr/sb.js" />
+		<test url="http://rot8.a8.net/sbr/sb.js" />
+		<test url="http://rpx.a8.net/svt/ejp?a8mat=2BLWY6+2DQGNU+2HOM+BWGDT&amp;rakuten=y&amp;a8ejpredirect=http%3A%2F%2Fhb.afl.rakuten.co.jp%2Fhgc%2Fg00pzd84.2bo118eb.g00pzd84.2bo126c6%2Fa14043013482_2BLWY6_2DQGNU_2HOM_BWGDT%3Fpc%3Dhttp%253A%252F%252Fitem.rakuten.co.jp%252Fplywood%252F07140014%252F%26m%3Dhttp%253A%252F%252Fm.rakuten.co.jp%252Fplywood%252Fi%252F10002234%252F" />
+		<test url="http://rws.a8.net/rakuten/ranking.js" />
+		<test url="http://statics.a8.net/automad/automad.js" />
+		<test url="http://support.a8.net/" />
+		<test url="http://www.a8.net/" />
+		<test url="http://www20.a8.net/svt/bgt" />
+		<test url="http://www27.a8.net/svt/bgt" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AA.net.uk.xml b/src/chrome/content/rules/AA.net.uk.xml
index e5f41de6e9b6..8cea07fb1174 100644
--- a/src/chrome/content/rules/AA.net.uk.xml
+++ b/src/chrome/content/rules/AA.net.uk.xml
@@ -29,13 +29,15 @@
 -->
 <ruleset name="AA.net.uk (partial)">
 
-	<target host="*.aa.net.uk" />
+	<target host="accounts.aa.net.uk" />
+	<target host="clueless.aa.net.uk" />
+	<target host="order.aa.net.uk" />
+	<target host="status.aa.net.uk" />
 
 
 	<securecookie host="^(?:accounts|clueless|status)\.aa\.net\.uk$" name=".+" />
 
 
-	<rule from="^http://(accounts|clueless|order|status)\.aa\.net\.uk/"
-		to="https://$1.aa.net.uk/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/AA.xml b/src/chrome/content/rules/AA.xml
deleted file mode 100644
index cb5046d3062c..000000000000
--- a/src/chrome/content/rules/AA.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="American Airlines">
-
-	<target host="aa.com"/>
-	<target host="*.aa.com"/>
-	<target host="*.www.aa.com"/>
-
-	<securecookie host="^(.*\.)aa\.com$" name=".*"/>
-
-	<rule from="^http://(ox-d\.|www\.)aa\.com/"
-		to="https://$1aa.com/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/AAAI.org.xml b/src/chrome/content/rules/AAAI.org.xml
new file mode 100644
index 000000000000..3efc8e5868e5
--- /dev/null
+++ b/src/chrome/content/rules/AAAI.org.xml
@@ -0,0 +1,15 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+			 - new.aaai.org
+			 - pollen.aaai.org
+			 - vvvvw.aaai.org
+-->
+<ruleset name="AAAI.org (partial)">
+	<target host="aaai.org" />
+	<target host="www.aaai.org" />
+
+	<securecookie host="^(www\.)aaai\.org$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AAAS.org.xml b/src/chrome/content/rules/AAAS.org.xml
index c8a8be8a911c..3954f329da01 100644
--- a/src/chrome/content/rules/AAAS.org.xml
+++ b/src/chrome/content/rules/AAAS.org.xml
@@ -1,24 +1,59 @@
 <!--
-	Nonfunctional subdomains:
+	Other AAAS rulesets:
 
-		- (www.) *
-		- archives *
-		- vivo		(dropped)
+		- Science_Careers.org.xml
+		- Sciencemag.org.xml
 
-	* 403, valid cert
+	Problematic hosts in *aaas.org:
 
+		- ^ (timeout)
+		- archives (tls error)
+		- arctic (mismatch)
+		- atlas (tls error)
+		- case (tls error)
+		- hrdata (tls error)
+		- idp01 (mismatch)
+		- oascentral (mismatch)
+		- project2061 (expired)
+		- promo (different content)
+		- secureapps (cert chain)
+		- zserver (tls error)
 
-	Fully covered subdomains:
-
-		- pubs
+	There are a further 50+ subdomains that do not support HTTPS.
 
 -->
 <ruleset name="AAAS.org (partial)">
 
+	<target host="aaas.org" />
+	<target host="www.aaas.org" />
+	<target host="account.aaas.org" />
+	<target host="annualmeeting.aaas.org" />
+	<target host="careerdevelopment.aaas.org" />
+	<target host="communityfellows.aaas.org" />
+	<target host="doserjournalismaward.aaas.org" />
+	<target host="earlycareeraward.aaas.org" />
+	<target host="entersjawards.aaas.org" />
+	<target host="fellowshipapp.aaas.org" />
+	<target host="inventionambassadors.aaas.org" />
+	<target host="leshnerfellows.aaas.org" />
+	<target host="lorealfwis.aaas.org" />
+	<target host="masonaward.aaas.org" />
+	<target host="massmedia.aaas.org" />
+	<target host="myprofile.aaas.org" />
+	<target host="oncallscientists.aaas.org" />
+	<target host="owa.aaas.org" />
 	<target host="pubs.aaas.org" />
+	<target host="secure.aaas.org" />
+	<target host="shrstudentdigital.aaas.org" />
+	<target host="shrstudentessay.aaas.org" />
+	<target host="signin.aaas.org" />
+	<target host="sjawards.aaas.org" />
+	<target host="womenirc.aaas.org" />
 
+	<rule from="^http://aaas\.org/"
+		to="https://www.aaas.org/" />
 
-	<rule from="^http://pubs\.aaas\.org/"
-		to="https://pubs.aaas.org/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/AABEST.com.xml b/src/chrome/content/rules/AABEST.com.xml
new file mode 100644
index 000000000000..9d4ce04c3565
--- /dev/null
+++ b/src/chrome/content/rules/AABEST.com.xml
@@ -0,0 +1,11 @@
+<!--
+	For other AASTOCKS.com related rulesets, see AASTOCKS.com.xml.
+-->
+<ruleset name="AABEST.com">
+	<target host="aabest.com" />
+	<target host="www.aabest.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AACQA.gov.au.xml b/src/chrome/content/rules/AACQA.gov.au.xml
new file mode 100644
index 000000000000..36b23acc4ff0
--- /dev/null
+++ b/src/chrome/content/rules/AACQA.gov.au.xml
@@ -0,0 +1,28 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+			 - aacqa.gov.au
+
+		Status code mismatch:
+			 - myjob.aacqa.gov.au (HTTPS require auth)
+
+		4xx client error:
+			 - www.etivity.aacqa.gov.au
+-->
+<ruleset name="Australian Aged Care Quality Agency (AACQA)">
+	<target host="aacqa.gov.au" />
+	<target host="www.aacqa.gov.au" />
+	<target host="adfs.aacqa.gov.au" />
+	<target host="autodiscover.aacqa.gov.au" />
+	<target host="mailarchive.aacqa.gov.au" />
+	<target host="nat.aacqa.gov.au" />
+	<target host="remote.aacqa.gov.au" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://aacqa\.gov\.au/"
+			to="https://www.aacqa.gov.au/" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AAMC.org.xml b/src/chrome/content/rules/AAMC.org.xml
new file mode 100644
index 000000000000..1cc6ce90df4d
--- /dev/null
+++ b/src/chrome/content/rules/AAMC.org.xml
@@ -0,0 +1,14 @@
+<!--
+	^: cert only matches *.aamc.org
+
+-->
+<ruleset name="AAMC.org">
+
+	<target host="aamc.org" />
+	<target host="www.aamc.org" />
+
+
+	<rule from="^http://(?:www\.)?aamc\.org/"
+		to="https://www.aamc.org/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AARNet.xml b/src/chrome/content/rules/AARNet.xml
new file mode 100644
index 000000000000..8474567acc89
--- /dev/null
+++ b/src/chrome/content/rules/AARNet.xml
@@ -0,0 +1,9 @@
+<ruleset name="AARNet">
+	<target host="aarnet.edu.au" />
+	<target host="www.aarnet.edu.au" />
+	<target host="mirror.aarnet.edu.au" />
+	<target host="cloudstor.aarnet.edu.au" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AARP.org.xml b/src/chrome/content/rules/AARP.org.xml
new file mode 100644
index 000000000000..9064a50f6b58
--- /dev/null
+++ b/src/chrome/content/rules/AARP.org.xml
@@ -0,0 +1,118 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://discounts.aarp.org/static/css/GillSans/gillsans.svg => https://discounts.aarp.org/static/css/GillSans/gillsans.svg: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://action.aarp.org/ => https://action.aarp.org/: Too many redirects while fetching 'https://action.aarp.org/'
+
+	Nonfunctional hosts in *aarp.org:
+
+		- ^ ¹
+		- advertise ²
+		- blog ³
+		- games ¹
+		- giftplanning ⁴
+		- healthlawanswers ¹
+		- housingsolutionscenter ⁵
+		- local ²
+		- cdn.local ⁵
+		- member ⁶
+		- newsstand ¹
+		- possibilities ²
+		- travel ²
+		- video ²
+		- www ²
+		- www-s ¹
+
+	¹ Dropped
+	² Refused
+	³ WP Engine
+	⁴ Shows another domain
+	⁵ 404
+	⁶ Redirects to http
+
+
+	Problematic hosts in *aarp.org:
+
+		- aarpcares ¹ ²
+		- action ²
+		- endseniorhunger ³
+		- lifereimagined ⁴
+
+	¹ Mismatched
+	² Blocks Tor users
+	³ Expired
+	⁴ Server sends no certificate chain, see https://whatsmychaincert.com
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .aarp.org
+		- appsec.aarp.org
+		- lifereimagined.aarp.org
+		- secure.aarp.org
+		- services.share.aarp.org
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- community from cdn.aarp.net ¹
+			- endseniorhunger from $self ²
+
+	¹ Unsecurable <= 400
+	² Not secured by us <= expired
+
+-->
+<ruleset name="AARP.org (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<!--target host="aarpcares.aarp.org" /-->
+	<target host="action.aarp.org" />
+	<target host="appsec.aarp.org" />
+	<target host="assets.aarp.org" />
+	<target host="autos.aarp.org" />
+	<target host="community.aarp.org" />
+	<target host="discounts.aarp.org" />
+	<!--target host="endseniorhunger.aarp.org" /-->
+	<!--target host="lifereimagined.aarp.org" /-->
+	<target host="login.aarp.org" />
+	<target host="secure.aarp.org" />
+	<target host="services.share.aarp.org" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://discounts\.aarp\.org/$" /-->
+		<!--exclusion pattern="^http://member\.aarp\.org/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://discounts\.aarp\.org/+(?!static/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://discounts.aarp.org/app" />
+			<test url="http://discounts.aarp.org/sony3" />
+
+			<!--	-ve:
+					-->
+			<test url="http://discounts.aarp.org/static/css/GillSans/gillsans.svg" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.aarp\.org$" name="^u$" /-->
+	<!--securecookie host="^appsec\.aarp\.org$" name="^cookiesession1$" /-->
+	<!--securecookie host="^community\.aarp\.org$" name="^Lithium(?:UserInfo|UserSecure|Visitor)$" /-->
+	<!--securecookie host="^lifereimagined\.aarp\.org$" name="^(?:PHPSESSID|ab_version)$" /-->
+	<!--securecookie host="^(?:secure|services\.share)\.aarp\.org$" name="^AWSELB$" /-->
+
+	<securecookie host="^\.aarp\.org$" name="^u$" />
+	<securecookie host="^(?:appsec|community|secure|services\.share)\.aarp\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AAS.org.xml b/src/chrome/content/rules/AAS.org.xml
new file mode 100644
index 000000000000..f8c3550abe99
--- /dev/null
+++ b/src/chrome/content/rules/AAS.org.xml
@@ -0,0 +1,84 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://aj.aas.org// => https://iopscience.iop.org/1538-3881: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://apj.aas.org// => https://iopscience.iop.org/0004-637X: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://aj.aas.org/ => https://iopscience.iop.org/1538-3881: (28, 'Operation timed out after 30002 milliseconds with 0 bytes received')
+Fetch error: http://apj.aas.org/ => https://iopscience.iop.org/0004-637X: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+
+	Nonfunctional hosts in *aas.org:
+
+		- aer ¹
+		- csma ¹
+		- dda ¹
+		- dps ¹
+		- had ¹
+		- head ¹
+		- lad ¹
+		- solarnews ²
+		- spd ³
+
+	¹ Shows ^aas.org
+	² Plaintext reply
+	³ Refused
+
+
+	Problematic hosts in *aas.org:
+
+		- aj ¹
+		- apj ¹
+		- photos ²
+		- www ³
+
+	¹ Shows ^aas.org
+	² Mismatched, CN: *.smugmug.com
+	³ Mismatched, CN: jobregister.aas.org
+
+
+	Note that some paths appear to differ between ^ and www.
+
+
+	Insecure cookies are set for these hosts:
+
+		- members.aas.org
+
+-->
+<ruleset name="AAS.org (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="aas.org" />
+	<target host="jobregister.aas.org" />
+	<target host="members.aas.org" />
+
+	<!--	Complications:
+				-->
+	<target host="aj.aas.org" />
+	<target host="apj.aas.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^members\.aas\.org$" name="^(ASP\.NET_SessionId|AnonymousCartId)$" /-->
+
+	<securecookie host="^members\.aas\.org$" name=".+" />
+
+
+	<!--	Redirect keeps path and args:
+						-->
+	<rule from="^http://aj\.aas\.org/+"
+		to="https://iopscience.iop.org/1538-3881" />
+
+		<test url="http://aj.aas.org//" />
+
+	<!--	Redirect keeps path and args:
+						-->
+	<rule from="^http://apj\.aas\.org/+"
+		to="https://iopscience.iop.org/0004-637X" />
+
+		<test url="http://apj.aas.org//" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AASTOCKS.com.xml b/src/chrome/content/rules/AASTOCKS.com.xml
new file mode 100644
index 000000000000..3772da297842
--- /dev/null
+++ b/src/chrome/content/rules/AASTOCKS.com.xml
@@ -0,0 +1,152 @@
+<!--
+	Other AASTOCKS.com related rulesets:
+		+ AABEST.com.xml
+
+	Non-functional hosts
+		No working 200/3XX URL(s):
+			 - dl.aastocks.com
+			 - dpdata1.aastocks.com
+			 - icbc-web.aastocks.com
+			 - ims.aastocks.com
+			 - product3.aastocks.com
+			 - services5.aastocks.com
+			 - stanjson.aastocks.com
+			 - stanjson-uat.aastocks.com
+
+		Connection refused:
+			 - fpdata.aastocks.com
+			 - fxcharts.aastocks.com
+			 - hkg.aastocks.com
+			 - m.aastocks.com
+
+		Timeout was reached:
+			 - bb.aastocks.com
+			 - bochk.aastocks.com
+			 - cms.aastocks.com
+			 - cncharts.aastocks.com
+			 - cniis.aastocks.com
+			 - download-hk.aastocks.com
+			 - fdl.aastocks.com
+			 - fund.aastocks.com
+			 - fx.aastocks.com
+			 - payment.aastocks.com
+			 - tldata.aastocks.com
+			 - video.aastocks.com
+			 - ws2.aastocks.com
+			 - wss-uat.aastocks.com
+			 - wss1.aastocks.com
+			 - wss4.aastocks.com
+			 - wssf1.aastocks.com
+
+		SSL connect error:
+			 - uat1ntt.aastocks.com:8090
+			 - uat2.aastocks.com:8090
+
+		SSL peer certificate or SSH remote key was not OK:
+			 - ad.aastocks.com
+			 - cbproduct.aastocks.com
+			 - chartservices2.aastocks.com
+			 - cn.aastocks.com
+			 - corp.aastocks.com
+			 - data-uat.aastocks.com
+			 - freequote.aastocks.com
+			 - logon-uat.aastocks.com
+			 - my.aastocks.com
+			 - product2.aastocks.com
+			 - product2-uat.aastocks.com
+			 - services1-uat.aastocks.com
+			 - services2.aastocks.com
+			 - services3.aastocks.com
+			 - www.us.aastocks.com
+			 - wwwhk.aastocks.com
+
+		Peer certificate cannot be authenticated with given CA certificates:
+			 - iis.aastocks.com
+			 - comm1.internet.aastocks.com
+			 - mail.aastocks.com
+			 - preview.aastocks.com
+			 - pushweb2.aastocks.com
+			 - qs.aastocks.com
+			 - stat.aastocks.com
+			 - wss2.aastocks.com
+
+		Redirect to HTTP:
+			 - aastocks.com
+			 - www.aastocks.com
+
+		CORS Blocking:
+			- fdata.aastocks.com on www.aastocks.com
+
+-->
+<ruleset name="AASTOCKS.com (partial)">
+	<target host="accounts.aastocks.com" />
+	<test url="http://accounts.aastocks.com/tc/mainsite/registration.aspx" />
+
+	<target host="charts.aastocks.com" />
+	<target host="data1.aastocks.com" />
+	<test url="http://data1.aastocks.com/bkrIDEng.htm" />
+
+	<target host="fcadata.aastocks.com" />
+	<target host="fcsdata.aastocks.com" />
+	<target host="fctdata.aastocks.com" />
+	<target host="chartdata1.internet.aastocks.com" />
+	<!--
+		On Chromium browers, this will break the dynamic chart due to a
+		missing 'Access-Control-Allow-Origin' header; this do not affect
+		Firefox at the time of testing (Firefox 61+).
+	-->
+	<exclusion pattern="^http://chartdata1\.internet\.aastocks\.com/servlet/iDataServlet/" />
+	<test url="http://chartdata1.internet.aastocks.com/servlet/iDataServlet/getdaily?id=00005.HK&amp;type=24&amp;market=1&amp;level=1&amp;period=21&amp;encoding=utf8" />
+
+	<target host="hkg.aastocks.com" />
+	<test url="http://hkg.aastocks.com/cms/commentary/commentator_photo_chi_17.jpg" />
+	<test url="http://hkg.aastocks.com/cms/commentary/commentator_photo_chi_76.png" />
+	<target host="hkg1.aastocks.com" />
+	<target host="hkg3.aastocks.com" />
+	<target host="hkg8.aastocks.com" />
+	<test url="http://hkg.aastocks.com/cms/commentary/commentator_photo_chi_69.JPG" />
+	<test url="http://hkg1.aastocks.com/ad/images/5938/banner.htm" />
+	<test url="http://hkg3.aastocks.com/ad/imagesbanner/script/rvfl.js" />
+	<test url="http://hkg8.aastocks.com/ad/delivery/spc.php" />
+
+	<target host="logon.aastocks.com" />
+	<test url="http://logon.aastocks.com/payment/tc/termsconditions.aspx" />
+
+	<target host="m.aastocks.com" />
+	<target host="mpdata.aastocks.com" />
+
+	<target host="plib.aastocks.com" />
+	<test url="http://plib.aastocks.com/aafnnews/image/20150327111120156_s.jpg" />
+
+	<target host="product1.aastocks.com" />
+	<test url="http://product1.aastocks.com/snapshot/mebr/Portfolio.aspx?IsDelay=1" />
+
+	<target host="product1-uat.aastocks.com" />
+	<test url="http://product1-uat.aastocks.com/Snapshot/MEBR/MDetailQuote.aspx?symbol=00941" />
+
+	<target host="services1.aastocks.com" />
+	<test url="http://services1.aastocks.com/bchk/main.aspx?aalanguage=eng" />
+
+	<target host="wdata.aastocks.com" />
+	<test url="http://wdata.aastocks.com/web/images/videotype/pg6_s.png?ver=20181113170559" />
+	<target host="webchart.aastocks.com" />
+	<test url="http://webchart.aastocks.com/chart/indices/indexdailychart.aspx" />
+
+	<target host="pdata1.aastocks.com" />
+	<target host="secure.aastocks.com" />
+	<target host="st.aastocks.com" />
+	<target host="uat2.aastocks.com" />
+
+	<securecookie host="hkg\.aastocks\.com" name=".+" />
+	<securecookie host="hkg1\.aastocks\.com" name=".+" />
+	<securecookie host="hkg3\.aastocks\.com" name=".+" />
+	<securecookie host="hkg8\.aastocks\.com" name=".+" />
+
+	<securecookie host="logon\.aastocks\.com" name=".+" />
+	<securecookie host="secure\.aastocks\.com" name=".+" />
+
+	<rule from="^http://hkg\.aastocks\.com/"
+		to="https://hkg3.aastocks.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AAU.at.xml b/src/chrome/content/rules/AAU.at.xml
new file mode 100644
index 000000000000..13d4451b2a2c
--- /dev/null
+++ b/src/chrome/content/rules/AAU.at.xml
@@ -0,0 +1,8 @@
+<ruleset name="AAU.at (partial)">
+
+	<target host="pervasive.aau.at" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AB9IL.net.xml b/src/chrome/content/rules/AB9IL.net.xml
new file mode 100644
index 000000000000..5473f1b45291
--- /dev/null
+++ b/src/chrome/content/rules/AB9IL.net.xml
@@ -0,0 +1,9 @@
+<ruleset name="AB9IL.net">
+
+	<target host="ab9il.net" />
+	<target host="www.ab9il.net" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ABC-Music-Publishing.xml b/src/chrome/content/rules/ABC-Music-Publishing.xml
index 76fccbf13739..710d5943dd04 100644
--- a/src/chrome/content/rules/ABC-Music-Publishing.xml
+++ b/src/chrome/content/rules/ABC-Music-Publishing.xml
@@ -1,10 +1,4 @@
-<!--
-	Other ABC Digital rulesets:
-
-		- ABC-Digital.xml
-
--->
-<ruleset name="ABC Music Publishing" default_off="mismatch">
+<ruleset name="ABC Music Publishing" default_off="mismatched">
 
 	<!--	Cert: abccommercial.com		-->
 	<target host="abcmusicpublishing.com.au" />
diff --git a/src/chrome/content/rules/ABC-Online.xml b/src/chrome/content/rules/ABC-Online.xml
index 36d0b341a661..16ca8477add4 100644
--- a/src/chrome/content/rules/ABC-Online.xml
+++ b/src/chrome/content/rules/ABC-Online.xml
@@ -3,42 +3,21 @@
 
 		- ABC-Music-Publishing.xml
 
-
-	d1ros97qkrwjf5.cloudfront.net
-	d3mfbaa198drag.cloudfront.net
-	cp44823.edgefcs.net
-
-
-	Nonfunctional:
-
-		- mpegmedia.abc.net.au			(Akamai; "An error occurred")
-		- origin.abc.net.au			(times out; redirects to www via http)
-		- (www.)abc.net.au			(Akamai; "An error occurred")
-		- www2b.abc.net.au			(times out)
-		- (www.)abccommercial.com.au		(ditto)
-		- (www.)abccontentsales.com.au		(ditto)
-		- (www.)abcdigmusic.net.au
-		- (www.)radioaustralianews.net.au	(times out)
-		- (www.)triplejunearthed.com		(ditto)
-
+	Non-functional hosts in *.abc.net.au
+		Timeout:
+		- shop.abc.net.au
 -->
 <ruleset name="ABC Online (partial)">
 
-	<target host="shop.abc.net.au" />
-	<target host="abccommercial.com" />
-	<!--	* for cross-domain cookie.	-->
-	<target host="*.abccommercial.com" />
-
-
-	<securecookie host="^shop.abc.net.au$" name=".*" />
-	<securecookie host="^\.abccommercial\.com$" name=".*" />
+	<!-- *.abc.net.au -->
+	<target host="abc.net.au" />
+	<target host="www.abc.net.au" />
+	<target host="about.abc.net.au" />
 
+	<!-- *.abccommercial.com -->
+	<target host="abccommercial.com" />
+	<target host="www.abccommercial.com" />
 
-	<rule from="^http://shop\.abc\.net\.au/"
-		to="https://shop.abc.net.au/" />
-
-	<!--	Cert isn't valid for !www	-->
-	<rule from="^http://(?:www\.)?abccomercial\.com/"
-		to="https://abccomercial.com/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/ABCDTeam.ovh.xml b/src/chrome/content/rules/ABCDTeam.ovh.xml
new file mode 100644
index 000000000000..f608f8211e41
--- /dev/null
+++ b/src/chrome/content/rules/ABCDTeam.ovh.xml
@@ -0,0 +1,10 @@
+<ruleset name="ABCDTeam.ovh">
+	<target host="abcdteam.ovh" />
+	<target host="www.abcdteam.ovh" />
+	<target host="css.abcdteam.ovh" />
+	<target host="dns.abcdteam.ovh" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ABCNews.com.xml b/src/chrome/content/rules/ABCNews.com.xml
new file mode 100644
index 000000000000..2175b87535a2
--- /dev/null
+++ b/src/chrome/content/rules/ABCNews.com.xml
@@ -0,0 +1,28 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+		- abcnews.com
+		- feeds.abcnews.com
+		- liveblog.abcnews.com
+
+		SSL connect error:
+		- blogs.abcnews.com
+		- www.blogs.abcnews.com
+
+		SSL peer certificate was not OK:
+		- abclive.abcnews.com
+		- abcuni.abcnews.com
+		- i.abcnews.com
+-->
+<ruleset name="ABCNews.com">
+	<target host="abcnews.com" />
+	<target host="a.abcnews.com" />
+	<target host="media.abcnews.com" />
+	<target host="s.abcnews.com" />
+	<target host="video-cdn.abcnews.com" />
+
+	<rule from="^http://abcnews\.com/"
+		  	to="https://abcnews.go.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ABCNews.go.com.xml b/src/chrome/content/rules/ABCNews.go.com.xml
new file mode 100644
index 000000000000..e59f4b268340
--- /dev/null
+++ b/src/chrome/content/rules/ABCNews.go.com.xml
@@ -0,0 +1,12 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- liveblog.abcnews.go.com
+-->
+<ruleset name="ABCNews.go.com">
+	<target host="abcnews.go.com" />
+	<target host="a.abcnews.go.com" />
+	<target host="preview.abcnews.go.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ABC_News.xml b/src/chrome/content/rules/ABC_News.xml
deleted file mode 100644
index 8bbcc3017edf..000000000000
--- a/src/chrome/content/rules/ABC_News.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	Problematic domains:
-
-		- a.abcnews.com *
-		- a.abcnews.go.com *
-
-	* 503, akamai
-
--->
-<ruleset name="ABC News">
-
-	<target host="a.abcnews.com" />
-	<target host="abcnews.go.com" />
-	<target host="a.abcnews.go.com" />
-
-
-	<rule from="^https?://a(?:\.abcnews|(?:\.a)?bcnews\.go)\.com/"
-		to="https://abcnews.go.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/ABI.org.uk.xml b/src/chrome/content/rules/ABI.org.uk.xml
new file mode 100644
index 000000000000..349fc144046e
--- /dev/null
+++ b/src/chrome/content/rules/ABI.org.uk.xml
@@ -0,0 +1,35 @@
+<!--
+	Association of British Insurers
+
+
+	Nonfunctional hosts in *abi.org.uk:
+
+		- blog *
+
+	* Redirects to http
+
+
+	^abi.org.uk: Mismatched
+
+-->
+<ruleset name="ABI.org.uk (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.abi.org.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="abi.org.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://abi\.org\.uk/"
+		to="https://www.abi.org.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ABIS-studien.se.xml b/src/chrome/content/rules/ABIS-studien.se.xml
index 9e9b011beffb..ee6186dd274c 100644
--- a/src/chrome/content/rules/ABIS-studien.se.xml
+++ b/src/chrome/content/rules/ABIS-studien.se.xml
@@ -1,7 +1,6 @@
 <ruleset name="ABIS-Studien.se (default off)" default_off="expired certificate">
 	<target host="abis-studien.se" />
 	<target host="www.abis-studien.se" />
-	<rule from="^http://www\.abis-studien\.se/" to="https://www.abis-studien.se/"/>
-	<rule from="^http://abis-studien\.se/" to="https://abis-studien.se/"/>
+	<rule from="^http:" to="https:" />
 </ruleset>
 
diff --git a/src/chrome/content/rules/ABI_Research.xml b/src/chrome/content/rules/ABI_Research.xml
index d715b8ac294b..f226f9389f78 100644
--- a/src/chrome/content/rules/ABI_Research.xml
+++ b/src/chrome/content/rules/ABI_Research.xml
@@ -1,22 +1,21 @@
 <!--
-	CDN buckets:
+	Other ABI Research rulesets:
 
-		- 0d6ea3a143112fa73580-03f08f5fc1c22419d3b64e44df494fa7.ssl.cf1.rackcdn.com
-		- 9d6c24ff0c3bd452d0d2-b14128b74f17407672a107fc81462a5a.ssl.cf1.rackcdn.com
 
 
-	Problematic subdomains:
+	CDN buckets:
 
-		- ^	(cert only matches *.abiresearch.com)
+		- 0d6ea3a143112fa73580-03f08f5fc1c22419d3b64e44df494fa7.ssl.cf1.rackcdn.com
+		- 9d6c24ff0c3bd452d0d2-b14128b74f17407672a107fc81462a5a.ssl.cf1.rackcdn.com
 
 -->
-<ruleset name="ABI Research">
+<ruleset name="ABI Research.com">
 
 	<target host="abiresearch.com" />
 	<target host="www.abiresearch.com" />
 
 
-	<rule from="^http://(?:www\.)?abiresearch\.com/"
-		to="https://www.abiresearch.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ABNAMRO.xml b/src/chrome/content/rules/ABNAMRO.xml
index 29a8320544ff..521722787d60 100644
--- a/src/chrome/content/rules/ABNAMRO.xml
+++ b/src/chrome/content/rules/ABNAMRO.xml
@@ -1,8 +1,23 @@
+<!--
+	Rule created by Jeroen van der Gun.
+
+
+	^: 403, cert only matches www
+
+-->
 <ruleset name="ABN AMRO Bank">
-  <!-- Rule created by Jeroen van der Gun -->
 
-  <target host="www.abnamro.nl" />
-  <target host="abnamro.nl" />
+	<target host="abnamro.nl" />
+	<target host="www.abnamro.nl" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.abnamro\.nl$" name="^LBCSS$" /-->
+
+	<securecookie host="^www\.abnamro\.nl$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
 
-  <rule from="^http://(?:www\.)?abnamro\.nl/" to="https://www.abnamro.nl/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/ACCAN.xml b/src/chrome/content/rules/ACCAN.xml
new file mode 100644
index 000000000000..2e4e08a95249
--- /dev/null
+++ b/src/chrome/content/rules/ACCAN.xml
@@ -0,0 +1,6 @@
+<ruleset name="ACCAN">
+  <target host="accan.org.au" />
+	<target host="www.accan.org.au" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ACI-Europe.org.xml b/src/chrome/content/rules/ACI-Europe.org.xml
new file mode 100644
index 000000000000..d77851d3ab8c
--- /dev/null
+++ b/src/chrome/content/rules/ACI-Europe.org.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- www.aci-europe.org
+
+-->
+<ruleset name="ACI-Europe.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="aci-europe.org" />
+	<target host="www.aci-europe.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="www\.aci-europe\.org" name="^[\da-f]{32}$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ACLS.org.xml b/src/chrome/content/rules/ACLS.org.xml
index f82d7157961b..e602a9e41b4f 100644
--- a/src/chrome/content/rules/ACLS.org.xml
+++ b/src/chrome/content/rules/ACLS.org.xml
@@ -1,4 +1,9 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://acls.org/ => https://www.acls.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.acls.org/ => https://www.acls.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
 	American Council of Learned Societies
 
 
@@ -7,7 +12,7 @@
 		- ^	(dropped)
 
 -->
-<ruleset name="ACLS.org">
+<ruleset name="ACLS.org" default_off="failed ruleset test">
 
 	<target host="acls.org" />
 	<target host="www.acls.org" />
@@ -24,4 +29,4 @@
 	<rule from="^http://www\.acls\.org/"
 		to="https://www.acls.org/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ACLU-of-Arizona.xml b/src/chrome/content/rules/ACLU-of-Arizona.xml
new file mode 100644
index 000000000000..2b6d495317d5
--- /dev/null
+++ b/src/chrome/content/rules/ACLU-of-Arizona.xml
@@ -0,0 +1,18 @@
+<!--
+
+	For other ACLU coverage, see ACLU.xml
+
+	Problematic domains:
+	- owa.acluaz.org	(different HTTP/HTTPS content)
+
+-->
+<ruleset name="ACLU of Arizona">
+
+	<target host="acluaz.org" />
+	<target host="www.acluaz.org" />
+
+	<securecookie host="^www\.acluaz\.org$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ACLU-of-California.xml b/src/chrome/content/rules/ACLU-of-California.xml
new file mode 100644
index 000000000000..a58f0fdc9462
--- /dev/null
+++ b/src/chrome/content/rules/ACLU-of-California.xml
@@ -0,0 +1,16 @@
+<!--
+
+	For other ACLU coverage, see ACLU.xml
+
+-->
+<ruleset name="ACLU of California">
+
+	<target host="acluca.org" />
+	<target host="www.acluca.org" />
+	<target host="mobile-justice.acluca.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ACLU-of-Florida.xml b/src/chrome/content/rules/ACLU-of-Florida.xml
new file mode 100644
index 000000000000..35518a5a3607
--- /dev/null
+++ b/src/chrome/content/rules/ACLU-of-Florida.xml
@@ -0,0 +1,45 @@
+<!--
+
+	For other ACLU coverage, see ACLU.xml
+
+	Non-functional hosts:
+		Certificate expired:
+		- media.aclufl.org
+
+		Certificate mismatched:
+		- devespanol.aclufl.org
+		- northeast.aclufl.org
+		- panhandle.aclufl.org
+		- tallahassee.aclufl.org
+
+-->
+<ruleset name="ACLU of Florida">
+
+	<target host="aclufl.org" />
+	<target host="www.aclufl.org" />
+	<target host="espanol.aclufl.org" />
+	<target host="kreyol.aclufl.org" />
+
+	<!-- Domains for local chapters of the
+	ACLU of Florida -->
+	<target host="brevard.aclufl.org" />
+	<target host="broward.aclufl.org" />
+	<target host="central.aclufl.org" />
+	<target host="collier.aclufl.org" />
+	<target host="greaterbay.aclufl.org" />
+	<target host="keys.aclufl.org" />
+	<target host="lee.aclufl.org" />
+	<target host="miami.aclufl.org" />
+	<target host="northcentral.aclufl.org" />
+	<target host="palmbeach.aclufl.org" />
+	<target host="pinellas.aclufl.org" />
+	<target host="sarasota.aclufl.org" />
+	<target host="tampa.aclufl.org" />
+	<target host="treasurecoast.aclufl.org" />
+	<target host="volusiaflagler.aclufl.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ACLU-of-Georgia.xml b/src/chrome/content/rules/ACLU-of-Georgia.xml
new file mode 100644
index 000000000000..33b9c3d359d6
--- /dev/null
+++ b/src/chrome/content/rules/ACLU-of-Georgia.xml
@@ -0,0 +1,15 @@
+<!--
+
+	For other ACLU coverage, see ACLU.xml
+
+-->
+<ruleset name="ACLU of Georgia">
+
+	<target host="acluga.org" />
+	<target host="www.acluga.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ACLU-of-Kansas.xml b/src/chrome/content/rules/ACLU-of-Kansas.xml
new file mode 100644
index 000000000000..fcd2bd7b71c3
--- /dev/null
+++ b/src/chrome/content/rules/ACLU-of-Kansas.xml
@@ -0,0 +1,15 @@
+<!--
+
+	For other ACLU coverage, see ACLU.xml
+
+-->
+<ruleset name="ACLU of Kansas">
+
+	<target host="aclukansas.org" />
+	<target host="www.aclukansas.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ACLU-of-Louisiana.xml b/src/chrome/content/rules/ACLU-of-Louisiana.xml
index dd088c571972..bab3d2526fba 100644
--- a/src/chrome/content/rules/ACLU-of-Louisiana.xml
+++ b/src/chrome/content/rules/ACLU-of-Louisiana.xml
@@ -2,6 +2,6 @@
 	<target host="laaclu.org" />
 	<target host="www.laaclu.org" />
 
-	<rule from="^http://(www\.)?laaclu\.org/"
+	<rule from="^http://(?:www\.)?laaclu\.org/"
 		to="https://www.laaclu.org/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ACLU-of-Maine.xml b/src/chrome/content/rules/ACLU-of-Maine.xml
new file mode 100644
index 000000000000..75be52a3eee7
--- /dev/null
+++ b/src/chrome/content/rules/ACLU-of-Maine.xml
@@ -0,0 +1,15 @@
+<!--
+
+	For other ACLU coverage, see ACLU.xml
+
+-->
+<ruleset name="ACLU of Maine">
+
+	<target host="aclumaine.org" />
+	<target host="www.aclumaine.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ACLU-of-Mississippi.xml b/src/chrome/content/rules/ACLU-of-Mississippi.xml
new file mode 100644
index 000000000000..88e0cac9f449
--- /dev/null
+++ b/src/chrome/content/rules/ACLU-of-Mississippi.xml
@@ -0,0 +1,21 @@
+<!--
+
+	For other ACLU coverage, see ACLU.xml
+
+
+	Problematic domains:
+	- ^aclu-ms.org		(unable to connect)
+
+-->
+<ruleset name="ACLU of Mississippi">
+
+	<target host="aclu-ms.org" />
+	<target host="www.aclu-ms.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://aclu-ms\.org/"
+		to="https://www.aclu-ms.org/" />
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ACLU-of-Missouri.xml b/src/chrome/content/rules/ACLU-of-Missouri.xml
new file mode 100644
index 000000000000..605201f7ec72
--- /dev/null
+++ b/src/chrome/content/rules/ACLU-of-Missouri.xml
@@ -0,0 +1,21 @@
+<!--
+
+	For other ACLU coverage, see ACLU.xml
+
+
+	Problematic domains:
+	- ^aclu-mo.org		(unable to connect)
+
+-->
+<ruleset name="ACLU of Missouri">
+
+	<target host="aclu-mo.org" />
+	<target host="www.aclu-mo.org" />
+
+	<securecookie host="^www\.aclu-mo\.org$" name=".+" />
+
+	<rule from="^http://aclu-mo\.org/"
+		to="https://www.aclu-mo.org/" />
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ACLU-of-Montana.xml b/src/chrome/content/rules/ACLU-of-Montana.xml
new file mode 100644
index 000000000000..80831fe0b851
--- /dev/null
+++ b/src/chrome/content/rules/ACLU-of-Montana.xml
@@ -0,0 +1,15 @@
+<!--
+
+	For other ACLU coverage, see ACLU.xml
+
+-->
+<ruleset name="ACLU of Montana">
+
+	<target host="aclumontana.org" />
+	<target host="www.aclumontana.org" />
+
+	<securecookie host="^www\.aclumontana\.org$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ACLU-of-New-Mexico.xml b/src/chrome/content/rules/ACLU-of-New-Mexico.xml
new file mode 100644
index 000000000000..883faf13a090
--- /dev/null
+++ b/src/chrome/content/rules/ACLU-of-New-Mexico.xml
@@ -0,0 +1,21 @@
+<!--
+
+	For other ACLU coverage, see ACLU.xml
+
+
+	Problematic domains:
+	- ^aclu-nm.org		(broken redirect, example: https://aclu-nm.org/about > https://www.aclu-nm.orgabout/)
+
+-->
+<ruleset name="ACLU of New Mexico">
+
+	<target host="aclu-nm.org" />
+	<target host="www.aclu-nm.org" />
+
+	<securecookie host="^www\.aclu-nm\.org$" name=".+" />
+
+	<rule from="^http://aclu-nm\.org/"
+		to="https://www.aclu-nm.org/" />
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ACLU-of-North-Carolina.xml b/src/chrome/content/rules/ACLU-of-North-Carolina.xml
index 87db7f6bfac1..ae09f03a3115 100644
--- a/src/chrome/content/rules/ACLU-of-North-Carolina.xml
+++ b/src/chrome/content/rules/ACLU-of-North-Carolina.xml
@@ -4,42 +4,36 @@
 
 	Problematic domains:
 
-		- (www.)epo-rtal.org	(shows another domain; expired 2012-03-16, mismatched, CN: www.equalpeople.org)
+		- (www.)?acluofnc.org ¹
+		- (www.)?acluofnorthcarolina.org ²
 
+	¹ Mismatched
+	² Blocks Tor users
 
-	Fully covered domains:
-
-		- (www.)epo-rtal.org	(→ www.acluofnorthcarolina.org)
-
-
-	Mixed content:
-
-		- css from:
-
-			- fonts.googleapis.com *
-
-		- Image from:
-
-			- www.epo-rtal.org *
-
-	* Secured by us
 
+	Fully covered domains:
 
-	NB: We secure all resources, and thus
-	platform should be removed with Ffx 24.
+		- (www.)?acluofnc.org	(→ www.acluofnorthcarolina.org)
+		- (www.)?acluofnorthcarolina.org
 
 -->
-<ruleset name="ACLU of North Carolina" platform="mixedcontent">
+<ruleset name="ACLU of North Carolina.org" default_off="needs clearnet testing">
 
-	<target host="acluofnc.org" />
-	<target host="www.acluofnc.org" />
+	<!--	Direct rewrites:
+				-->
 	<target host="acluofnorthcarolina.org" />
 	<target host="www.acluofnorthcarolina.org" />
-	<target host="epo-rtal.org" />
-	<target host="www.epo-rtal.org" />
 
+	<!--	Complications:
+				-->
+	<target host="acluofnc.org" />
+	<target host="www.acluofnc.org" />
 
-	<rule from="^http://(?:www\.)?(?:acluofn(?:c|orthcarolina)|epo-rtal)\.org/"
+
+	<rule from="^http://(?:www\.)?acluofnc\.org/"
 		to="https://www.acluofnorthcarolina.org/" />
 
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/ACLU-of-San-Diego.xml b/src/chrome/content/rules/ACLU-of-San-Diego.xml
new file mode 100644
index 000000000000..1b262a28d893
--- /dev/null
+++ b/src/chrome/content/rules/ACLU-of-San-Diego.xml
@@ -0,0 +1,22 @@
+<!--
+
+	For other ACLU coverage, see ACLU.xml
+
+
+	Problematic domains:
+
+	- cdn.aclusandiego.org		(cert mismatch)
+	- database.aclusandiego.org	(time out)
+	- votersedge.aclusandiego.org	(cert mismatch)
+
+-->
+<ruleset name="ACLU of San Diego and Imperial Counties (partial)">
+
+	<target host="aclusandiego.org" />
+	<target host="www.aclusandiego.org" />
+
+	<securecookie host="^www\.aclusandiego\.org$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ACLU-of-Southern-California.xml b/src/chrome/content/rules/ACLU-of-Southern-California.xml
deleted file mode 100644
index 923ac265ca2d..000000000000
--- a/src/chrome/content/rules/ACLU-of-Southern-California.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="ACLU of Southern California">
-	<target host="aclu-sc.org" />
-	<target host="www.aclu-sc.org" />
-
-	<rule from="^http://(?:www\.)?aclu-sc\.org/" to="https://www.aclu-sc.org/" />
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/ACLU-of-Texas.xml b/src/chrome/content/rules/ACLU-of-Texas.xml
index f78e2ad1d774..b28775ab5f0e 100644
--- a/src/chrome/content/rules/ACLU-of-Texas.xml
+++ b/src/chrome/content/rules/ACLU-of-Texas.xml
@@ -1,13 +1,12 @@
 <ruleset name="ACLU of Texas">
 	<target host="aclutx.org" />
-	<target host="vpn.aclutx.org" />	
+	<target host="vpn.aclutx.org" />
 	<target host="www.aclutx.org" />
 
-	<securecookie host="^(vpn|www)\.aclutx\.org$"
-		name=".+" />
+	<securecookie host="^(?:vpn|www)\.aclutx\.org$" name=".+" />
 
-	<rule from="^http://(www\.)?aclutx\.org/"
+	<rule from="^http://(?:www\.)?aclutx\.org/"
 		to="https://www.aclutx.org/" />
 	<rule from="^http://vpn\.aclutx\.org/"
 		to="https://vpn.aclutx.org/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ACLU-of-Virginia.xml b/src/chrome/content/rules/ACLU-of-Virginia.xml
index fa3669f19cb1..3c898bad0cda 100644
--- a/src/chrome/content/rules/ACLU-of-Virginia.xml
+++ b/src/chrome/content/rules/ACLU-of-Virginia.xml
@@ -1,17 +1,41 @@
 <!--
+	ACLU of Virginia
+
 	For other ACLU coverage, see ACLU.xml.
 
+
+	Problematic hosts in *acluva.org:
+
+		- www.acluva.org *
+
+	* Mismatched
+
+
+	Mixed content:
+
+		- favicon from $self *
+
+	* Secured by us
+
 -->
-<ruleset name="ACLU of Virginia">
+<ruleset name="ACLU VA.org">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="acluva.org" />
-	<target host="*.acluva.org" />
+
+	<!--	Complications:
+				-->
+	<target host="www.acluva.org" />
 
 
 	<securecookie host="^\.?acluva\.org$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?acluva\.org/"
+	<rule from="^http://www\.acluva\.org/"
 		to="https://acluva.org/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ACLU-of-Washington.xml b/src/chrome/content/rules/ACLU-of-Washington.xml
index 694ec0ac4af0..b3f188e18f57 100644
--- a/src/chrome/content/rules/ACLU-of-Washington.xml
+++ b/src/chrome/content/rules/ACLU-of-Washington.xml
@@ -1,7 +1,13 @@
-<ruleset name="ACLU of Washington">
+<!--
+	ACLU of Washington
+
+	For other ACLU coverage, see ACLU.xml.
+
+-->
+<ruleset name="ACLU-WA.org">
 	<target host="aclu-wa.org" />
 	<target host="www.aclu-wa.org" />
 
-	<rule from="^((http://(www\.)?)|(https://www\.))aclu-wa\.org/"
-		to="https://aclu-wa.org/" />
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ACLU.xml b/src/chrome/content/rules/ACLU.xml
index 984731a2a262..e2421d90b3e1 100644
--- a/src/chrome/content/rules/ACLU.xml
+++ b/src/chrome/content/rules/ACLU.xml
@@ -1,49 +1,77 @@
+
 <!--
+The following targets have been disabled at 2020-04-17 18:38:06:
+
+Fetch error: http://bullhorn.aclu.org/ => https://bullhorn.aclu.org/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://ms.clicks.actions.aclu.org/ => https://ms.clicks.actions.aclu.org/: (7, 'Failed to connect to ms.clicks.actions.aclu.org port 443: Connection refused')
+Fetch error: http://affiliateshop.aclu.org/ => https://affiliateshop.aclu.org/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://mail.aclu.org/ => https://mail.aclu.org/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://survey.aclu.org/ => https://survey.aclu.org/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://login-msol-dc.vtv.aclu.org/ => https://login-msol-dc.vtv.aclu.org/: (6, 'Could not resolve host: login-msol-dc.vtv.aclu.org')
+Fetch error: http://login-msol-ny1.vtv.aclu.org/ => https://login-msol-ny1.vtv.aclu.org/: (28, 'Resolving timed out after 20533 milliseconds')
+
+
 	Other ACLU rulesets:
 
+		- ACLU-of-Arizona.xml
+		- ACLU-of-California.xml
+		- ACLU-of-Florida.xml
+		- ACLU-of-Georgia.xml
+		- ACLU-of-Kansas.xml
+		- ACLU-of-Louisiana.xml
+		- ACLU-of-Maine.xml
 		- ACLU_of_Massachusetts.xml
+		- ACLU-of-Mississippi.xml
+		- ACLU-of-Missouri.xml
+		- ACLU-of-Montana.xml
 		- ACLU_of_New_Jersey.xml
+		- ACLU-of-New-Mexico.xml
 		- ACLU-of-North-Carolina.xml
 		- ACLU_of_Northern_California.xml
+		- ACLU-of-San-Diego.xml
+		- ACLU-of-Texas.xml
 		- ACLU-of-Virginia.xml
+		- ACLU-of-Washington.xml
+		- ACLU_SoCal.org.xml
+		- Mi-ACLU.xml
 		- New_Hampshire_Civil_Liberties_Union.xml
+		- Privacy-SOS.xml
+		- The-ACLU-of-Idaho.xml
 
 
-	CDN buckets:
-
-		- d320ze5h7gg57a.cloudfront.net
-		- d3h9au4afozpag.cloudfront.net
-
-
-	Problematic subdomains:
-
-		- ^	(works, cert only matches www)
+	Problematic domains:
 
-
-	Fully covered subdomains:
-
-		- (www.)	(^ → www)
-		- secure
+		- metrics.aclu.org	(cert mismatch)
+		- privacyquiz.aclu.org	(redirects to HTTP)
+		- scorecard.aclu.org	(cert mismatch)
 
 -->
-<ruleset name="ACLU">
+<ruleset name="ACLU.org (partial)">
 
 	<target host="aclu.org" />
-	<target host="*.aclu.org" />
-		<!--
-			Not only does blanket https use work again, but appears to be forced, too.
-													-->
-		<!--exclusion pattern="^http://(www\.)?aclu\.org/(?!donate)(blog/|multimedia/|national-security/|prisoners-rights/)?[^/.]*$" /-->
-		<!--exclusion pattern="^http://(www\.)?aclu\.org/(?!donate($|[?/])|files/|secure/|sites/)" /-->
-
-
-	<securecookie host="^secure\.aclu\.org$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?aclu\.org/"
-		to="https://www.aclu.org/" />
-
-	<rule from="^http://secure\.aclu\.org/"
-		to="https://secure.aclu.org/" />
+	<target host="www.aclu.org" />
+	<target host="action.aclu.org" />
+	<!-- target host="bullhorn.aclu.org" /-->
+	<!-- target host="ms.clicks.actions.aclu.org" /-->
+	<!-- target host="affiliateshop.aclu.org" /-->
+	<target host="constitutionday.aclu.org" />
+	<target host="fbapp.aclu.org" />
+	<target host="filestorage.aclu.org" />
+	<!-- target host="mail.aclu.org" /-->
+	<target host="metrics.aclu.org" />
+	<target host="privacyapp.aclu.org" />
+	<target host="shop.aclu.org" />
+	<target host="smetrics.aclu.org" />
+	<!-- target host="survey.aclu.org" /-->
+	<!-- target host="login-msol-dc.vtv.aclu.org" /-->
+	<!-- target host="login-msol-ny1.vtv.aclu.org" /-->
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://metrics\.aclu\.org/"
+		to="https://smetrics.aclu.org/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/ACLU_SoCal.org.xml b/src/chrome/content/rules/ACLU_SoCal.org.xml
new file mode 100644
index 000000000000..9c8478f70f4f
--- /dev/null
+++ b/src/chrome/content/rules/ACLU_SoCal.org.xml
@@ -0,0 +1,31 @@
+<!--
+	For other ACLU coverage, see ACLU.xml.
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- aclusocal.org
+		- .aclusocal.org
+		- www.aclusocal.org
+
+-->
+<ruleset name="ACLU SoCal.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="aclusocal.org" />
+	<target host="www.aclusocal.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?aclusocal\.org$" name="^X-Mapping-fjhppofk$" /-->
+	<!--securecookie host="^\.aclusocal\.org$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ACLU_of_Massachusetts.xml b/src/chrome/content/rules/ACLU_of_Massachusetts.xml
index 253312cbde88..95c76f441b65 100644
--- a/src/chrome/content/rules/ACLU_of_Massachusetts.xml
+++ b/src/chrome/content/rules/ACLU_of_Massachusetts.xml
@@ -1,17 +1,19 @@
 <!--
+	ACLU of Massachusetts
+
 	For other ACLU coverage, see ACLU.xml.
 
 -->
-<ruleset name="ACLU of Massachusetts">
+<ruleset name="ACLUM.org">
 
 	<target host="aclum.org" />
-	<target host="*.aclum.org" />
+	<target host="www.aclum.org" />
 
 
 	<securecookie host="^\.aclum\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?aclum\.org/"
-		to="https://$1aclum.org/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ACLU_of_New_Jersey.xml b/src/chrome/content/rules/ACLU_of_New_Jersey.xml
index b5fa0e38bb50..7a5ffa3fae26 100644
--- a/src/chrome/content/rules/ACLU_of_New_Jersey.xml
+++ b/src/chrome/content/rules/ACLU_of_New_Jersey.xml
@@ -1,17 +1,39 @@
 <!--
+	ACLU of New Jersey
+
 	For other ACLU coverage, see ACLU.xml.
 
+
+	^aclu-nj.org: Dropped
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.aclu-nj.org
+
 -->
-<ruleset name="ACLU of New Jersey (partial)">
+<ruleset name="ACLU-NJ.org">
 
-	<target host="aclu-nj.org" />
+	<!--	Direct rewrites:
+				-->
 	<target host="www.aclu-nj.org" />
 
+	<!--	Complications:
+				-->
+	<target host="aclu-nj.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.aclu-nj\.org$" name="^(CONCRETE|CONCRETE5)$" /-->
+
+	<securecookie host="^www\.aclu-nj\.org$" name=".+" />
+
+
+	<rule from="^http://aclu-nj\.org/"
+		to="https://www.aclu-nj.org/" />
 
-	<!--	- !www times out
-		- Some pages 301 to http
-							-->
-	<rule from="^https?://(?:www\.)?aclu-nj\.org/(concrete/css|files|packages|secure|themes)/"
-		to="https://www.aclu-nj.org/$1/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ACLU_of_Northern_California.xml b/src/chrome/content/rules/ACLU_of_Northern_California.xml
index 6a5b022ed369..c196cf298dd1 100644
--- a/src/chrome/content/rules/ACLU_of_Northern_California.xml
+++ b/src/chrome/content/rules/ACLU_of_Northern_California.xml
@@ -1,17 +1,19 @@
 <!--
+	ACLU of Northern California
+
 	For other ACLU coverage, see ACLU.xml.
 
 -->
-<ruleset name="ACLU of Northern California">
+<ruleset name="ACLU NC.org">
 
 	<target host="aclunc.org" />
 	<target host="www.aclunc.org" />
 
 
-	<securecookie host="^(?:www\.)?aclunc\.org$" name=".+" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^http://(www\.)?aclunc\.org/"
-		to="https://$1aclunc.org/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ACM.org.xml b/src/chrome/content/rules/ACM.org.xml
index 4a7c9e9068ec..e764b43d69ed 100644
--- a/src/chrome/content/rules/ACM.org.xml
+++ b/src/chrome/content/rules/ACM.org.xml
@@ -1,93 +1,56 @@
 <!--
-	CDN buckets:
+	Invalid certificate:
+		authors.acm.org
+		delivery.acm.org
+		deliveryimages.acm.org
+		jobs.acm.org
+		portalparts.acm.org
+		technews.acm.org
 
-		- deliveryimages.acm.org.edgesuite.net
+	Different content http/https:
+		dev.acm.org
 
-			- a1907.g.akamai.net
-
-		- portalparts.acm.org.edgesuite.net
-
-			- a1896.g.akamai.net
-
-
-	acm.org lacks proper ssl for the following subdomains
-
-		- awards		<- stacktrace for coldfusion
-		- dev			<- shows www
-		- jobs			<- sends to jobtarget.com
-		- librarians		<- displays what appears to be
-					   an old version of the website.
-		- mags
-
-
-	Problematic subdomains:
-
-		- deliveryimages *
-		- portalparts *
-
-	* Works, akamai
-
-
-	Partially covered subdomains:
-
-		- cacm		(some pages redirect to http)
-
-
-	Fully covered subdomains:
-
-		- (www.)
-		- cacm
-		- campus
-		- deliveryimages *
-		- dl
-		- myacm
-		- plone
-		- portal
-		- portalparts *
-		- queue
-		- techpack
-
-	* → akamai
+	Time out:
+		librarians.acm.org
+		store.acm.org
 
+	Refused:
+		mags.acm.org
 
 	Mixed content:
-
-		- Scripts:
-
-			- on www from www *
-
-		- css:
-
-			- On www from www *
-
-		- Images:
-
-			- On campus from portalparts *
-
-	* Secured by us
-
-
-	NB: We secure all resources, and thus
-	platform should be removed with Ffx 24.
+		china.acm.org
+		plone.acm.org
+		queue.acm.org
+			<test url="http://queue.acm.org/detail.cfm?id=3043967" />
 
 -->
-<ruleset name="ACM.org (partial)" platform="mixedcontent">
+<ruleset name="ACM.org">
 
 	<target host="acm.org" />
-	<target host="*.acm.org" />
-		<exclusion pattern="^http://cacm.acm.org/(?!(?:accounts/(?:forgot-password|new)|login)/*(?:\?.*)?$|favicon\.ico|images/|javascripts/|stylesheets/|system/)" />
-
-
-	<securecookie host="^(?!cacm\.).*\.acm\.org$" name=".+" />
-
-
-	<rule from="^http://((?:cacm|campus|dl|myacm|plone|portal|queue|techpack|www)\.)?acm\.org/"
-		to="https://$1acm.org/" />
-
-	<rule from="^http://deliveryimages\.acm\.org/"
-		to="https://a248.e.akamai.net/f/1097/1823/7m/deliveryimages.acm.org/" />
-
-	<rule from="^http://portalparts\.acm\.org/"
-		to="https://a248.e.akamai.net/f/1896/8636/1d/portalparts.acm.org/" />
+	<target host="www.acm.org" />
+	<target host="acmeurope-conference.acm.org" />
+	<target host="amturing.acm.org" />
+	<target host="awards.acm.org" />
+	<target host="cacm.acm.org" />
+		<test url="http://cacm.acm.org/favicon.ico" />
+	<target host="campus.acm.org" />
+	<target host="dl.acm.org" />
+	<target host="learning.acm.org" />
+	<target host="librarians.acm.org" />
+	<target host="libraries.acm.org" />
+	<target host="myacm.acm.org" />
+	<target host="pd.acm.org" />
+	<target host="portal.acm.org" />
+	<target host="spam.acm.org" />
+	<target host="techpack.acm.org" />
+	<target host="techpolicy.acm.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://librarians\.acm\.org/"
+		to="https://libraries.acm.org/" />
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/ACMA.gov.au.xml b/src/chrome/content/rules/ACMA.gov.au.xml
new file mode 100644
index 000000000000..f17a97893ee1
--- /dev/null
+++ b/src/chrome/content/rules/ACMA.gov.au.xml
@@ -0,0 +1,123 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+		- mx1.aisi.acma.gov.au
+		- sidvm.aisi.acma.gov.au
+		- smtp.aisi.acma.gov.au
+		- apiuat.acma.gov.au
+		- archive.acma.gov.au
+		- archiveuat.acma.gov.au
+		- authenticate.acma.gov.au
+		- cagdev.acma.gov.au
+		- www.distmanageruat.acma.gov.au
+		- emergencycalls.acma.gov.au
+		- emr.acma.gov.au
+		- ftp.acma.gov.au
+		- greenit.acma.gov.au
+		- isoautodiscover.acma.gov.au
+		- kemp-test.acma.gov.au
+		- mobility.acma.gov.au
+		- nsdev.acma.gov.au
+		- sid.acma.gov.au
+		- smartauction.acma.gov.au
+		- submit3.spam.acma.gov.au
+		- submit4.spam.acma.gov.au
+		- test-myswitch.acma.gov.au
+		- testlists.acma.gov.au
+		- vpn.acma.gov.au
+
+		Timeout was reached:
+		- stats.aisi.acma.gov.au
+		- portal.aisi.acma.gov.au
+		- api.acma.gov.au
+		- authority.acma.gov.au
+		- cloud.acma.gov.au
+		- crm.acma.gov.au
+		- dropbox.acma.gov.au
+		- lists.acma.gov.au
+		- mdm.acma.gov.au
+		- rrlarchive.acma.gov.au
+		- prometheus.dev.spam.acma.gov.au
+		- sentry.dev.spam.acma.gov.au
+		- sid2.dev.spam.acma.gov.au
+		- mailsubmit.spam.acma.gov.au
+		- prometheus.ops.spam.acma.gov.au
+		- sentry.ops.spam.acma.gov.au
+		- smtp-outbound.spam.acma.gov.au
+		- submit.spam.acma.gov.au
+		- vcs.acma.gov.au
+
+		SSL connect error:
+		- av.acma.gov.au
+		- web.acma.gov.au
+
+		SSL peer certificate was not OK:
+		- www.beta.acma.gov.au
+		- test.channelfinder.acma.gov.au
+		- promo.acma.gov.au
+		- www.spam.acma.gov.au
+
+		Server returned nothing (no headers, no data):
+		- autodiscover.acma.gov.au
+		- complaintuat.acma.gov.au
+		- forms-uat.acma.gov.au
+		- hybrid.acma.gov.au
+		- payments.acma.gov.au
+		- payments-pp.acma.gov.au
+		- payments-test.acma.gov.au
+		- uat-eportal.acma.gov.au
+
+		Failure when receiving data from the peer:
+		- webconf.acma.gov.au
+
+		Peer certificate cannot be authenticated with given CA certificates:
+		- auction.acma.gov.au
+		- toolkit.acma.gov.au
+
+		Incomplete certificate chain error:
+		- da.acma.gov.au
+		- vcconf.acma.gov.au
+		- vcconf1.acma.gov.au
+		- vcconf2.acma.gov.au
+
+		Status code mismatch:
+		- eport.acma.gov.au
+		- forms.acma.gov.au
+
+		Mixed content blocking (MCB) triggered:
+		- beta.acma.gov.au
+		- channelfinder.acma.gov.au
+-->
+<ruleset name="Australian Communications and Media Authority">
+	<target host="acma.gov.au" />
+	<target host="www.acma.gov.au" />
+	<target host="adfs.acma.gov.au" />
+	<target host="authority-test.acma.gov.au" />
+	<target host="complaint-uat.acma.gov.au" />
+	<target host="complaint.acma.gov.au" />
+	<target host="csgdev.acma.gov.au" />
+	<target host="dialin.acma.gov.au" />
+	<target host="engage.acma.gov.au" />
+	<target host="www.engage.acma.gov.au" />
+	<target host="external-test.acma.gov.au" />
+	<target host="lodge.acma.gov.au" />
+	<target host="lodge-uat.acma.gov.au" />
+	<target host="lyncdiscover.acma.gov.au" />
+	<target host="lyncweb.acma.gov.au" />
+	<target host="meet.acma.gov.au" />
+	<target host="officewebapps.acma.gov.au" />
+	<target host="officewebapps-test.acma.gov.au" />
+	<target host="portal.acma.gov.au" />
+	<target host="portal-test.acma.gov.au" />
+	<target host="remote.acma.gov.au" />
+	<target host="sip.acma.gov.au" />
+	<target host="spam.acma.gov.au" />
+	<target host="submit.acma.gov.au" />
+	<target host="submit-uat.acma.gov.au" />
+	<target host="test.acma.gov.au" />
+	<target host="tlg.acma.gov.au" />
+	<target host="vision2020.acma.gov.au" />
+	<target host="webmail.acma.gov.au" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ACNC.gov.au.xml b/src/chrome/content/rules/ACNC.gov.au.xml
new file mode 100644
index 000000000000..6e1854f810f8
--- /dev/null
+++ b/src/chrome/content/rules/ACNC.gov.au.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- acnc.gov.au
+		- charity.acnc.gov.au
+		- www.acnc.gov.au
+
+-->
+<ruleset name="ACNC.gov.au">
+
+	<target host="acnc.gov.au" />
+	<target host="charity.acnc.gov.au" />
+	<target host="www.acnc.gov.au" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:charity\.|www\.)?acnc\.gov\.au$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ACPICA.org.xml b/src/chrome/content/rules/ACPICA.org.xml
deleted file mode 100644
index f2564e0e1522..000000000000
--- a/src/chrome/content/rules/ACPICA.org.xml
+++ /dev/null
@@ -1,27 +0,0 @@
-<!--
-	For other Intel coverage, see Intel.xml.
-
-
-	Fully covered subdomains:
-
-		- (www.)	(www → ^)
-		- bugs
-		- lists
-
--->
-<ruleset name="ACPICA.org">
-
-	<target host="acpica.org" />
-	<target host="*.acpica.org" />
-
-
-	<securecookie host="^(?:bugs\.)?acpica\.org$" name=".+" />
-
-
-	<!--	www redirects to ^ over http,
-		so copy that behavior:
-					-->
-	<rule from="^http://(?:(bugs\.|lists\.)|www\.)?acpica\.org/"
-		to="https://$1acpica.org/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/ACSAC.org.xml b/src/chrome/content/rules/ACSAC.org.xml
new file mode 100644
index 000000000000..b6a0fda4bd43
--- /dev/null
+++ b/src/chrome/content/rules/ACSAC.org.xml
@@ -0,0 +1,10 @@
+<ruleset name="ACSAC.org">
+
+	<target host="acsac.org" />
+	<target host="www.acsac.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ACTION_Kooperative.xml b/src/chrome/content/rules/ACTION_Kooperative.xml
index 4e5db4660aff..e51c28a9f031 100644
--- a/src/chrome/content/rules/ACTION_Kooperative.xml
+++ b/src/chrome/content/rules/ACTION_Kooperative.xml
@@ -1,4 +1,12 @@
-<ruleset name="A.C.T.I.O.N Kooperative (partial)">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://mail.action.at/ => https://mail.action.at/: (60, 'SSL certificate problem: certificate has expired')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://mail.action.at/ => https://mail.action.at/: (51, "SSL: no alternative certificate subject name matches target host name 'mail.action.at'")
+-->
+<ruleset name="A.C.T.I.O.N Kooperative (partial)" default_off="failed ruleset test">
 
 	<target host="mail.action.at" />
 
@@ -6,7 +14,6 @@
 	<securecookie host="^mail\.action\.at$" name=".+" />
 
 
-	<rule from="^http://mail\.action\.at/"
-		to="https://mail.action.at/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/AD4mat.xml b/src/chrome/content/rules/AD4mat.xml
new file mode 100644
index 000000000000..3d7b38983c89
--- /dev/null
+++ b/src/chrome/content/rules/AD4mat.xml
@@ -0,0 +1,39 @@
+<!--
+	Connection refused:
+		- ar.ad4mat.info
+		- at.ad4mat.info
+		- br.ad4mat.info
+		- cz.ad4mat.info
+		- de.ad4mat.info
+		- en.ad4mat.info
+		- es.ad4mat.info
+		- fr.ad4mat.info
+		- pl.ad4mat.info
+		- pt.ad4mat.info
+		- ru.ad4mat.info
+		- se.ad4mat.info
+		- tr.ad4mat.info
+
+	Cert expired:
+		- ad4mat.com"
+
+	Cert mismatch:
+		- gd.ad4mat.de
+
+	TimeOut:
+		- ch.ad4mat.info
+		- it.ad4mat.info
+-->
+<ruleset name="Ad4mat">
+
+	<target host="static.ad4mat.com"/>
+	<target host="ui.net.ad4mat.com"/>
+
+	<target host="www.ad4mat.com"/>
+	<target host="ad4mat.de"/>
+	<target host="www.ad4mat.de"/>
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ADCocktail.xml b/src/chrome/content/rules/ADCocktail.xml
index 20b59defd6d7..3a87a35d1df9 100644
--- a/src/chrome/content/rules/ADCocktail.xml
+++ b/src/chrome/content/rules/ADCocktail.xml
@@ -15,7 +15,6 @@
 	<securecookie host="^track\.adcocktail\.com$" name=".+" />
 
 
-	<rule from="^http://track\.adcocktail\.com/"
-		to="https://track.adcocktail.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ADD-Assoc-Southern-Region.xml b/src/chrome/content/rules/ADD-Assoc-Southern-Region.xml
index d53230d74e28..67386ac06618 100644
--- a/src/chrome/content/rules/ADD-Assoc-Southern-Region.xml
+++ b/src/chrome/content/rules/ADD-Assoc-Southern-Region.xml
@@ -1,6 +1,16 @@
-<ruleset name="Attention Deficit Disorders Association - Southern Region">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://adda-sr.org/ => https://www.adda-sr.org/: (7, 'Failed to connect to www.adda-sr.org port 443: Connection refused')
+Fetch error: http://www.adda-sr.org/ => https://www.adda-sr.org/: (7, 'Failed to connect to www.adda-sr.org port 443: Connection refused')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://adda-sr.org/ => https://www.adda-sr.org/: (7, 'Failed to connect to www.adda-sr.org port 443: Connection refused')
+Fetch error: http://www.adda-sr.org/ => https://www.adda-sr.org/: (7, 'Failed to connect to www.adda-sr.org port 443: Connection refused')
+-->
+<ruleset name="Attention Deficit Disorders Association - Southern Region" default_off="failed ruleset test">
 	<target host="adda-sr.org" />
 	<target host="www.adda-sr.org" />
 
-	<rule from="^http://(www\.)?adda-sr\.org/" to="https://www.adda-sr.org/" />
-</ruleset>
\ No newline at end of file
+	<rule from="^http://(?:www\.)?adda-sr\.org/" to="https://www.adda-sr.org/" />
+</ruleset>
diff --git a/src/chrome/content/rules/ADISC.org.xml b/src/chrome/content/rules/ADISC.org.xml
index 982266f5e791..b766fc22d806 100644
--- a/src/chrome/content/rules/ADISC.org.xml
+++ b/src/chrome/content/rules/ADISC.org.xml
@@ -1,13 +1,12 @@
 <ruleset name="ADISC.org">
 
 	<target host="adisc.org" />
-	<target host="*.adisc.org" />
+	<target host="www.adisc.org" />
 
 
 	<securecookie host="^\.adisc\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?adisc\.org/"
-		to="https://$1adisc.org/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/ADPLAN-DS.com.xml b/src/chrome/content/rules/ADPLAN-DS.com.xml
new file mode 100644
index 000000000000..e6e21e7708d5
--- /dev/null
+++ b/src/chrome/content/rules/ADPLAN-DS.com.xml
@@ -0,0 +1,16 @@
+<!--
+
+	Nonfunctional subdomains:
+
+		- www	(refused)
+
+-->
+<ruleset name="ADPLAN DS (partial)">
+
+	<target host="img.adplan-ds.com" />
+	<target host="www3.adplan-ds.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ADP_Retirement_Services.xml b/src/chrome/content/rules/ADP_Retirement_Services.xml
index e6ea9421a6b9..f4057bb2a8ae 100644
--- a/src/chrome/content/rules/ADP_Retirement_Services.xml
+++ b/src/chrome/content/rules/ADP_Retirement_Services.xml
@@ -1,20 +1,21 @@
+
 <!--
-	For other Automatic Data Processing coverage, see Automatic_Data_Processing.xml.
+Disabled by https-everywhere-checker because:
+Fetch error: http://mykplan.com/ => https://mykplan.com/: (51, "SSL: no alternative certificate subject name matches target host name 'mykplan.com'")
 
+-->
 
-	Cert only matches www.
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://mykplan.com/ => https://mykplan.com/: (51, "SSL: no alternative certificate subject name matches target host name 'mykplan.com'")
 
 -->
-<ruleset name="ADP Retirement Services">
-
+<ruleset name="ADP Retirement Services" default_off="failed ruleset test">
 	<target host="mykplan.com" />
 	<target host="www.mykplan.com" />
 
-
 	<securecookie host="^www\.mykplan\.com$" name=".+" />
 
-
-	<rule from="^https?://(?:www\.)?mykplan\.com/"
-		to="https://www.mykplan.com/" />
-
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ADP_Screening_and_Selection_Services.xml b/src/chrome/content/rules/ADP_Screening_and_Selection_Services.xml
index 724095bab106..f35f3d71d75e 100644
--- a/src/chrome/content/rules/ADP_Screening_and_Selection_Services.xml
+++ b/src/chrome/content/rules/ADP_Screening_and_Selection_Services.xml
@@ -11,7 +11,7 @@
 	<target host="www.adpselect.com" />
 
 
-	<rule from="^https?://(?:www\.)?adpselect\.com/"
+	<rule from="^http://(?:www\.)?adpselect\.com/"
 		to="https://www.adpselect.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ADP_VirtualEdge.xml b/src/chrome/content/rules/ADP_VirtualEdge.xml
deleted file mode 100644
index a020302f700b..000000000000
--- a/src/chrome/content/rules/ADP_VirtualEdge.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	For other Automatic Data Processing coverage, see Automatic_Data_Processing.xml.
-
-
-	Cert only matches www.
-
--->
-<ruleset name="ADP VirtualEdge">
-
-	<target host="virtualedge.com" />
-	<target host="www.virtualedge.com" />
-
-
-	<securecookie host="^www\.virtualedge\.com$" name=".+" />
-
-
-	<rule from="^https?://(?:www\.)?virtualedge\.com/"
-		to="https://www.virtualedge.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/ADTmag.com.xml b/src/chrome/content/rules/ADTmag.com.xml
new file mode 100644
index 000000000000..471ddb8d8d16
--- /dev/null
+++ b/src/chrome/content/rules/ADTmag.com.xml
@@ -0,0 +1,28 @@
+<!--
+	For other 1105 Media coverage, see 1105_Media.com.xml.
+
+
+	Insecure cookies are set for these hosts:
+
+		- adtmag.com
+
+-->
+<ruleset name="ADTmag.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="adtmag.com" />
+	<target host="www.adtmag.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^adtmag\.com$" name="^(ASP\.NET_SessionId|BIGipServerPool[\w-]+)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ADUM.fr.xml b/src/chrome/content/rules/ADUM.fr.xml
new file mode 100644
index 000000000000..6ed9d5088156
--- /dev/null
+++ b/src/chrome/content/rules/ADUM.fr.xml
@@ -0,0 +1,12 @@
+<!--
+	HTTP ≠ HTTPS:
+		- svn.adum.fr
+-->
+<ruleset name="ADUM.fr">
+	<target host="adum.fr" />
+	<target host="www.adum.fr" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AD_Security.org.xml b/src/chrome/content/rules/AD_Security.org.xml
new file mode 100644
index 000000000000..02a16fe5feb6
--- /dev/null
+++ b/src/chrome/content/rules/AD_Security.org.xml
@@ -0,0 +1,13 @@
+<ruleset name="AD Security.org">
+
+	<target host="adsecurity.org" />
+	<target host="www.adsecurity.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ADindex.xml b/src/chrome/content/rules/ADindex.xml
index 25a462f83e93..c95baa934c84 100644
--- a/src/chrome/content/rules/ADindex.xml
+++ b/src/chrome/content/rules/ADindex.xml
@@ -1,13 +1,12 @@
 <ruleset name="ADindex">
 
 	<target host="adindex.de" />
-	<target host="*.adindex.de" />
+	<target host="www.adindex.de" />
 
 
-	<securecookie host="^(?:.*\.)?adindex\.de$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(www\.)?adindex\.de/"
-		to="https://$1adindex.de/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/AEGEE-Enschede.nl.xml b/src/chrome/content/rules/AEGEE-Enschede.nl.xml
index 2fe975b56a7e..825ca0631e98 100644
--- a/src/chrome/content/rules/AEGEE-Enschede.nl.xml
+++ b/src/chrome/content/rules/AEGEE-Enschede.nl.xml
@@ -7,13 +7,12 @@
 <ruleset name="AEGEE-Enschede.nl (partial)">
 
 	<target host="aegee-enschede.nl" />
-	<target host="*.aegee-enschede.nl" />
+	<target host="www.aegee-enschede.nl" />
 
 
 	<securecookie host="^\.aegee-enschede\.nl$" name=".+" />
 
 
-	<rule from="^http://(www\.)?aegee-enschede\.nl/"
-		to="https://$1aegee-enschede.nl/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/AEI.org.xml b/src/chrome/content/rules/AEI.org.xml
new file mode 100644
index 000000000000..b74c131cb82e
--- /dev/null
+++ b/src/chrome/content/rules/AEI.org.xml
@@ -0,0 +1,27 @@
+<!--
+	Insecure cookies are set for these domains and hosts:
+
+		- .aei.org
+		- www.aei.org
+
+-->
+<ruleset name="AEI.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="aei.org" />
+	<target host="www.aei.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^aei\.org$" name="^wfvt_\d+$" /-->
+	<!--securecookie host="^\.aei\.org$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.?aei\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AEUP.eu.xml b/src/chrome/content/rules/AEUP.eu.xml
new file mode 100644
index 000000000000..d0de7a462eec
--- /dev/null
+++ b/src/chrome/content/rules/AEUP.eu.xml
@@ -0,0 +1,23 @@
+<!--
+	Association of European University Presses
+
+
+	Mixed content:
+
+		- css from $self *
+
+		- Images from blog.bibliothek.kit.edu
+
+	* Secured by us
+
+-->
+<ruleset name="AEUP.eu" platform="mixedcontent" default_off="self-signed">
+
+	<target host="aeup.eu" />
+	<target host="www.aeup.eu" />
+
+
+	<rule from="^http://(?:www\.)?aeup\.eu/"
+		to="https://www.aeup.eu/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AFCEA.xml b/src/chrome/content/rules/AFCEA.xml
index cec324232377..cf270bd43975 100644
--- a/src/chrome/content/rules/AFCEA.xml
+++ b/src/chrome/content/rules/AFCEA.xml
@@ -4,7 +4,7 @@
 	<target host="www.afcea.org" />
 
 
-	<securecookie host="^www\.afcea\.org$" name=".*" />
+	<securecookie host="^www\.afcea\.org$" name=".+" />
 
 
 	<!--	Cert only matches www.
diff --git a/src/chrome/content/rules/AFCOM.com.xml b/src/chrome/content/rules/AFCOM.com.xml
new file mode 100644
index 000000000000..711458996862
--- /dev/null
+++ b/src/chrome/content/rules/AFCOM.com.xml
@@ -0,0 +1,22 @@
+<!--
+	For other iNET Interactive coverage, see INet-Interactive.xml.
+
+
+	Mixed content:
+
+		- css from fonts.googleapis.com *
+
+		- Images from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="AFCOM.com">
+
+	<target host="afcom.com" />
+	<target host="www.afcom.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AFNIC.fr.xml b/src/chrome/content/rules/AFNIC.fr.xml
index 761dda12f3fc..d4a8673acb95 100644
--- a/src/chrome/content/rules/AFNIC.fr.xml
+++ b/src/chrome/content/rules/AFNIC.fr.xml
@@ -1,34 +1,19 @@
 <!--
-	Problematic subdomains:
-
-		- ^	(works; mismatched, CN: www.afnic.fr)
-
-
-	Fully covered subdomains:
-
-		- ^		(→ www)
-		- www.sandbox
-		- www
-
-
-	^sandbox.nic.fr does not exist
+	Refused:
+		operations.afnic.fr
 
 -->
 <ruleset name="AFNIC.fr">
 
 	<target host="afnic.fr" />
-	<target host="*.afnic.fr" />
-
+	<target host="www.afnic.fr" />
+	<target host="extranet.nic.fr" />
+	<target host="opendata.afnic.fr" />
+	<target host="www.sandbox.afnic.fr" />
 
 	<securecookie host="^www\.(?:sandbox\.)?afnic\.fr$" name=".+" />
 
+	<rule from="^http:"
+		to="https:" />
 
-	<!--	Server drops path:
-					-->
-	<rule from="^http://afnic\.fr/[^?]*(\?.*)?"
-		to="https://www.afnic.fr/$1" />
-
-	<rule from="^http://www\.(sandbox\.)?afnic\.fr/"
-		to="https://www.$1afnic.fr/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/AFRA-Berlin.de.xml b/src/chrome/content/rules/AFRA-Berlin.de.xml
new file mode 100644
index 000000000000..7eef09e09dc4
--- /dev/null
+++ b/src/chrome/content/rules/AFRA-Berlin.de.xml
@@ -0,0 +1,9 @@
+<ruleset name="AFRA-Berlin.de">
+
+	<target host="afra-berlin.de" />
+	<target host="www.afra-berlin.de" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AFS.xml b/src/chrome/content/rules/AFS.xml
new file mode 100644
index 000000000000..d232e543e238
--- /dev/null
+++ b/src/chrome/content/rules/AFS.xml
@@ -0,0 +1,286 @@
+<!--
+
+	Refused hosts in *afs.org:
+
+		- afssitedr
+		- archon
+		- suivol
+		- suivolfr
+		- wocadr
+
+	Certificate chain hosts in *afs.org:
+
+		- afssite1
+		- afssite2
+		- afssite3
+		- mbsa
+
+	Different content hosts in *afs.org:
+
+		- brandcenter
+		- icllibrary
+
+	Mismatched hosts:
+
+		- (www.)?afsindonesia.org
+		- (www.)?afskor.org
+		- (www.)?afs.org.pa
+		- (www.)?afsvlaanderen.be
+		- india.afs.org
+
+	Problematic hosts:
+
+		- afs.cz (TLS error)
+		- www.afs.ca (TLS error)
+		- (www.)?afs-ofie.co.ke (refused)
+		- (www.)?afsceaie.org.cn (timeout)
+
+-->
+<ruleset name="AFS">
+
+	<!-- International -->
+	<target host="afs.org" />
+	<target host="www.afs.org" />
+	<target host="centennial.afs.org" />
+	<target host="centennialbook.afs.org" />
+	<target host="cms.afs.org" />
+	<target host="efil.afs.org" />
+	<target host="egypt.afs.org" />
+	<target host="fin.afs.org" />
+	<target host="pol.afs.org" />
+	<target host="poland.afs.org" />
+	<target host="slovakia.afs.org" />
+	<target host="symposium.afs.org" />
+	<target host="thevolunteers.afs.org" />
+	<target host="woca.afs.org" />
+	<target host="wocatest.afs.org" />
+
+	<!-- Argentina -->
+	<target host="afs.org.ar" />
+	<target host="www.afs.org.ar" />
+
+	<!-- Australia -->
+	<target host="afs.org.au" />
+	<target host="www.afs.org.au" />
+
+	<!-- Austria -->
+	<target host="afs.at" />
+	<target host="www.afs.at" />
+
+	<!-- Belgium (Flanders) -->
+	<!--target host="afsvlaanderen.be" /-->
+	<!--target host="www.afsvlaanderen.be" /-->
+
+	<!-- Belgium (French) -->
+	<target host="afsbelgique.be" />
+	<target host="www.afsbelgique.be" />
+
+	<!-- Bolivia -->
+	<target host="afsbolivia.org" />
+	<target host="www.afsbolivia.org" />
+
+	<!-- Bosnia and Herzegovina -->
+	<target host="afs.ba" />
+	<target host="www.afs.ba" />
+
+	<!-- Brazil -->
+	<target host="afs.org.br" />
+	<target host="www.afs.org.br" />
+
+	<!-- Canada -->
+	<target host="afscanada.org" />
+	<target host="www.afscanada.org" />
+
+	<!-- China -->
+	<!--target host="afsceaie.org.cn" /-->
+	<!--target host="www.afsceaie.org.cn" /-->
+
+	<!-- Chile -->
+	<target host="afs.cl" />
+	<target host="www.afs.cl" />
+
+	<!-- Colombia -->
+	<target host="afs.org.co" />
+	<target host="www.afs.org.co" />
+
+	<!-- Costa Rica -->
+	<target host="afs.or.cr" />
+	<target host="www.afs.or.cr" />
+
+	<!-- Croatia -->
+	<target host="afs.hr" />
+	<target host="www.afs.hr" />
+
+	<!-- Czech Republic -->
+	<!--target host="afs.cz" /-->
+	<!--target host="www.afs.cz" /-->
+
+	<!-- Denmark -->
+	<target host="afs.dk" />
+	<target host="www.afs.dk" />
+
+	<!-- Dominican Republic -->
+	<target host="afs.do" />
+	<target host="www.afs.do" />
+
+	<!-- Ecuador -->
+	<target host="afsecuador.org" />
+	<target host="www.afsecuador.org" />
+
+	<!-- Egypt -->
+	<target host="afs-egypt.org" />
+	<target host="www.afs-egypt.org" />
+
+	<!-- Finland -->
+	<target host="afs.fi" />
+	<target host="www.afs.fi" />
+
+	<!-- France -->
+	<target host="afs.fr" />
+	<target host="www.afs.fr" />
+
+	<!-- Germany -->
+	<target host="afs.de" />
+	<target host="www.afs.de" />
+
+	<!-- Ghana -->
+	<target host="afs.org.gh" />
+	<target host="www.afs.org.gh" />
+
+	<!-- Guatemala -->
+	<target host="afs.org.gt" />
+	<target host="www.afs.org.gt" />
+
+	<!-- Honduras -->
+	<target host="afs.hn" />
+	<target host="www.afs.hn" />
+
+	<!-- Hong Kong -->
+	<target host="afs.hk" />
+	<target host="www.afs.hk" />
+
+	<!-- Hungary -->
+	<target host="afs.hu" />
+	<target host="www.afs.hu" />
+
+	<!-- Iceland -->
+	<target host="afs.is" />
+	<target host="www.afs.is" />
+
+	<!-- Indonesia -->
+	<!--target host="afsindonesia.org" /-->
+	<!--target host="www.afsindonesia.org" /-->
+
+	<!-- Italy -->
+	<target host="intercultura.it" />
+	<target host="www.intercultura.it" />
+
+	<!-- Japan -->
+	<target host="afs.or.jp" />
+	<target host="www.afs.or.jp" />
+
+	<!-- Kenya -->
+	<!--target host="afs-ofie.co.ke" /-->
+	<!--target host="www.afs-ofie.co.ke" /-->
+
+	<!-- Latvia -->
+	<target host="afs.lv" />
+	<target host="www.afs.lv" />
+
+	<!-- Malaysia -->
+	<target host="afsmas.org" />
+	<target host="www.afsmas.org" />
+
+	<!-- Mexico -->
+	<target host="afs.org.mx" />
+	<target host="www.afs.org.mx" />
+
+	<!-- Netherlands -->
+	<target host="afs.nl" />
+	<target host="www.afs.nl" />
+
+	<!-- New Zealand -->
+	<target host="afs.org.nz" />
+	<target host="www.afs.org.nz" />
+
+	<!-- Norway -->
+	<target host="afs.no" />
+	<target host="www.afs.no" />
+
+	<!-- Panama -->
+	<!--target host="afs.org.pa" /-->
+	<!--target host="www.afs.org.pa" /-->
+
+	<!-- Paraguay -->
+	<target host="afs.org.py" />
+	<target host="www.afs.org.py" />
+
+	<!-- Peru -->
+	<target host="afs.org.pe" />
+	<target host="www.afs.org.pe" />
+
+	<!-- Philippines -->
+	<target host="afs.ph" />
+	<target host="www.afs.ph" />
+
+	<!-- Portugal -->
+	<target host="intercultura-afs.pt" />
+	<target host="www.intercultura-afs.pt" />
+
+	<!-- Russia -->
+	<target host="afs.ru" />
+	<target host="www.afs.ru" />
+
+	<!-- Serbia -->
+	<target host="afs.org.rs" />
+	<target host="www.afs.org.rs" />
+
+	<!-- Slovenia -->
+	<target host="interkultura.si" />
+	<target host="www.interkultura.si" />
+
+	<!-- South Africa -->
+	<target host="afs.org.za" />
+	<target host="www.afs.org.za" />
+
+	<!-- South Korea -->
+	<!--target host="afskor.org" /-->
+	<!--target host="www.afskor.org" /-->
+
+	<!-- Spain -->
+	<target host="afs-intercultura.org" />
+	<target host="www.afs-intercultura.org" />
+
+	<!-- Sweden -->
+	<target host="afs.se" />
+	<target host="www.afs.se" />
+
+	<!-- Switzerland -->
+	<target host="afs.ch" />
+	<target host="www.afs.ch" />
+
+	<!-- Thailand -->
+	<target host="afsthailand.org" />
+	<target host="www.afsthailand.org" />
+
+	<!-- Tunisia -->
+	<target host="afs-tunisia.org" />
+	<target host="www.afs-tunisia.org" />
+
+	<!-- Turkey -->
+	<target host="afs.org.tr" />
+	<target host="www.afs.org.tr" />
+
+	<!-- Uruguay -->
+	<target host="afs.org.uy" />
+	<target host="www.afs.org.uy" />
+
+	<!-- Venezuela -->
+	<target host="afs.org.ve" />
+	<target host="www.afs.org.ve" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AFSP.org.xml b/src/chrome/content/rules/AFSP.org.xml
new file mode 100644
index 000000000000..51ad76c14e31
--- /dev/null
+++ b/src/chrome/content/rules/AFSP.org.xml
@@ -0,0 +1,21 @@
+<!--
+	Invalid certificate:
+		admin.ez.afsp.org
+
+	Private:
+		mail.afsp.org
+		rocket.afsp.org
+
+-->
+<ruleset name="American Foundation for Suicide Prevention">
+
+	<target host="afsp.org" />
+	<target host="www.afsp.org" />
+	<target host="store.afsp.org" />
+
+	<rule from="^http://www\.afsp\.org/"
+		to="https://afsp.org/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AFUL.org.xml b/src/chrome/content/rules/AFUL.org.xml
new file mode 100644
index 000000000000..f112319bfb8d
--- /dev/null
+++ b/src/chrome/content/rules/AFUL.org.xml
@@ -0,0 +1,20 @@
+<!--
+	Fully covered hosts in *aful.org:
+
+		- (www.)?
+		- listes
+
+-->
+<ruleset name="AFUL.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="aful.org" />
+	<target host="listes.aful.org" />
+	<target host="www.aful.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AGU.org.xml b/src/chrome/content/rules/AGU.org.xml
new file mode 100644
index 000000000000..04da98e0bc22
--- /dev/null
+++ b/src/chrome/content/rules/AGU.org.xml
@@ -0,0 +1,85 @@
+<!--
+	American Geophysical Union
+
+
+	Nonfunctional subdomains:
+
+		- (www.) ¹
+		- blogs ²
+		- fromtheprow ²
+		- ja ²
+
+	¹ Shows default RHEL page
+	² Redirects to sites
+
+
+	Partially covered subdomains:
+
+		- ethics *
+		- meetings *
+		- publications *
+		- sciencepolicy *
+		- sharingscience *
+		- sites *
+
+	* Avoiding false/broken MCB
+
+
+	Fully covered subdomains:
+
+		- (www.)
+		- about
+		- chapman
+		- education
+		- fallmeeting
+		- geocalendar
+		- giving
+		- honors
+		- membership
+		- news
+		- spc
+		- sites2
+
+
+	Mixed content:
+
+		- css on ethics, meetings, publications, sciencepolicy, sharingscience, and sites from sites *
+
+		- Images, on:
+
+			- about, education, ethics, geocalendar, honors, meetings, news, publications, and sites from sites *
+			- chapman from $self *
+			- spc from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="AGU.org (partial)">
+
+	<target host="about.agu.org" />
+	<target host="chapman.agu.org" />
+	<target host="education.agu.org" />
+	<target host="ethics.agu.org" />
+	<target host="fallmeeting.agu.org" />
+	<target host="geocalendar.agu.org" />
+	<target host="giving.agu.org" />
+	<target host="honors.agu.org" />
+	<target host="meetings.agu.org" />
+	<target host="membership.agu.org" />
+	<target host="news.agu.org" />
+	<target host="publications.agu.org" />
+	<target host="sciencepolicy.agu.org" />
+	<target host="sharingscience.agu.org" />
+	<target host="sites.agu.org" />
+	<target host="sites2.agu.org" />
+	<target host="spc.agu.org" />
+		<!--exclusion pattern="http://(blogs|fromtheprow|ja|www)\.agu\.org/" /-->
+		<!--
+			Avoid false/broken MCB:
+						-->
+		<exclusion pattern="^http://(?:ethics|meetings|publications|sciencepolicy|sharingscience|sites)\.agu\.org/+(?!favicon\.ico|(?:\w+/)?wp-(?:content|includes)/)" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AI-Radio.org.xml b/src/chrome/content/rules/AI-Radio.org.xml
new file mode 100644
index 000000000000..4d89e37f28e0
--- /dev/null
+++ b/src/chrome/content/rules/AI-Radio.org.xml
@@ -0,0 +1,19 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ai-radio.org/ => https://ai-radio.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.ai-radio.org/ => https://www.ai-radio.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+-->
+<ruleset name="AI-Radio.org" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ai-radio.org" />
+	<target host="www.ai-radio.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AIA-Surety.xml b/src/chrome/content/rules/AIA-Surety.xml
index 1799285163b8..54da7900484e 100644
--- a/src/chrome/content/rules/AIA-Surety.xml
+++ b/src/chrome/content/rules/AIA-Surety.xml
@@ -1,18 +1,15 @@
 <ruleset name="AIA Surety">
 
 	<target host="aiasurety.com" />
-	<target host="*.aiasurety.com" />
+	<target host="becomeanagent.aiasurety.com" />
+	<target host="www.aiasurety.com" />
 	<target host="expertbail.com" />
 	<target host="www.expertbail.com" />
 
 
-	<securecookie host="^(.*\.)?(aiasurety|expertbail)\.com$" name=".*" />
+	<securecookie host=".+" name=".+"/>
 
 
-	<rule from="^http://((?:becomeanagent|www)\.)?aiasurety\.com/"
-		to="https://$1aiasurety.com/" />
-
-	<rule from="^http://(www\.)?expertbail\.com/"
-		to="https://$1expertbail.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/AIIB.org.xml b/src/chrome/content/rules/AIIB.org.xml
new file mode 100644
index 000000000000..f43caf8b6f66
--- /dev/null
+++ b/src/chrome/content/rules/AIIB.org.xml
@@ -0,0 +1,20 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+			 - mail.aiib.org
+
+		Timeout was reached:
+			 - cnweb.aiib.org
+			 - cnweb1.aiib.org
+
+		SSL peer certificate was not OK:
+			 - euweb.aiib.org
+-->
+<ruleset name="Asian Infrastructure Investment Bank (AIIB)">
+	<target host="aiib.org" />
+	<target host="www.aiib.org" />
+
+	<securecookie host="^(www\.)?aiib\.org$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AIP.org.xml b/src/chrome/content/rules/AIP.org.xml
new file mode 100644
index 000000000000..ae751b49dc66
--- /dev/null
+++ b/src/chrome/content/rules/AIP.org.xml
@@ -0,0 +1,54 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://scitation.aip.org/css/v/5.2.1.5/aip/publisher_branding.css => https://scitation.aip.org/css/v/5.2.1.5/aip/publisher_branding.css: (51, "SSL: no alternative certificate subject name matches target host name 'scitation.aip.org'")
+Fetch error: http://scitation.aip.org/favicon.ico => https://scitation.aip.org/favicon.ico: (51, "SSL: no alternative certificate subject name matches target host name 'scitation.aip.org'")
+Fetch error: http://scitation.aip.org/images/aip/aip_logo_transparent.gif => https://scitation.aip.org/images/aip/aip_logo_transparent.gif: (51, "SSL: no alternative certificate subject name matches target host name 'scitation.aip.org'")
+
+	^aip.org: Mismatched
+
+-->
+<ruleset name="AIP.org (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="publishing.aip.org" />
+	<target host="scitation.aip.org" />
+	<target host="www.aip.org" />
+
+	<!--	Complications:
+				-->
+	<target host="aip.org" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://scitation\.aip\.org/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://scitation\.aip\.org/+(?!css/|favicon\.ico|images/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://scitation.aip.org/aip/physicstoday/info/follow/" />
+			<test url="http://scitation.aip.org/contact" />
+			<test url="http://scitation.aip.org/content/avs" />
+			<test url="http://scitation.aip.org/help/librarians" />
+
+			<!--	ve:
+					-->
+			<test url="http://scitation.aip.org/css/v/5.2.1.5/aip/publisher_branding.css" />
+			<test url="http://scitation.aip.org/favicon.ico" />
+			<test url="http://scitation.aip.org/images/aip/aip_logo_transparent.gif" />
+
+
+	<securecookie host="^(?!scitation\.)\w" name=".+" />
+
+
+	<rule from="^http://aip\.org/"
+		to="https://www.aip.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AIVD.nl.xml b/src/chrome/content/rules/AIVD.nl.xml
new file mode 100644
index 000000000000..f1208dd84efc
--- /dev/null
+++ b/src/chrome/content/rules/AIVD.nl.xml
@@ -0,0 +1,15 @@
+<!--
+	^aivd.nl doesn't exist.
+
+-->
+<ruleset name="AIVD.nl">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.aivd.nl" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AJC.com.xml b/src/chrome/content/rules/AJC.com.xml
index 352560eea382..e45f20f82011 100644
--- a/src/chrome/content/rules/AJC.com.xml
+++ b/src/chrome/content/rules/AJC.com.xml
@@ -1,14 +1,16 @@
 <!--
-	Nonfunctional domains:
-
-		- ajc.com	(CN: *.cmgdigital.com; 404)
-		- www.ajc.com	(Akamai; 404)
+	Other Atlanta Journal Constitution rulesets:
+		* MyAJC.com.xml
 
+	Numerous unsupported subdomains (>300 found by Sublist3r)
+	Mixed content on some www.ajc.com pages
 -->
-<ruleset name="AJC.com" default_off="Akamai">
+<ruleset name="AJC.com (partial)">
 	<target host="ajc.com" />
 	<target host="www.ajc.com" />
-	<rule from="^http://ajc\.com/" to="https://www.ajc.com/"/>
-	<rule from="^http://www\.ajc\.com/" to="https://www.ajc.com/"/>
-</ruleset>
+	<target host="myaccount.ajc.com" />
+	<target host="store.ajc.com" />
+	<target host="subscribe.ajc.com" />
 
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AJs_Ski_and_Sports.xml b/src/chrome/content/rules/AJs_Ski_and_Sports.xml
index aabfd3b3bfd7..eeb1614bde8d 100644
--- a/src/chrome/content/rules/AJs_Ski_and_Sports.xml
+++ b/src/chrome/content/rules/AJs_Ski_and_Sports.xml
@@ -1,13 +1,11 @@
 <ruleset name="AJ's Ski &amp; Sports">
 
 	<target host="stowesports.com" />
-	<target host="*.stowesports.com" />
+	<target host="www.stowesports.com" />
 
+	<securecookie host=".+" name=".+" />
 
-	<securecookie host="^\.stowesports\.com$" name=".+" />
+	<rule from="^http:"
+		to="https:" />
 
-
-	<rule from="^http://(www\.)?stowesports\.com/"
-		to="https://$1[stowesports.com/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/AK-Vorrat.de.xml b/src/chrome/content/rules/AK-Vorrat.de.xml
index d4d7af281ef2..325f0ef16767 100644
--- a/src/chrome/content/rules/AK-Vorrat.de.xml
+++ b/src/chrome/content/rules/AK-Vorrat.de.xml
@@ -1,13 +1,30 @@
-<ruleset name="AK-Vorrat" platform="cacert mixedcontent">
-
-	<target host="vorratsdatenspeicherung.de" />
-	<target host="*.vorratsdatenspeicherung.de" />
+<!--
+	Invalid certificate:
+		tiki.vorratsdatenspeicherung.de
+		badkreuznach.vorratsdatenspeicherung.de
+		berlin.vorratsdatenspeicherung.de
+		blogi.vorratsdatenspeicherung.de
+		duesseldorf.vorratsdatenspeicherung.de
+		erklaerung.vorratsdatenspeicherung.de
+		erklarung.vorratsdatenspeicherung.de
+		frankfurt.vorratsdatenspeicherung.de
+		leipzig.vorratsdatenspeicherung.de
+		mainz.vorratsdatenspeicherung.de
+		muenchen.vorratsdatenspeicherung.de
+		nuernberg.vorratsdatenspeicherung.de
+		tuebingen.vorratsdatenspeicherung.de
 
+-->
+<ruleset name="Vorratsdatenspeicherung.de" default_off="cert-chain">
 
-	<securecookie host="^(?:wiki\.|www\.)?vorratsdatenspeicherung\.de$" name=".+" />
+	<target host="vorratsdatenspeicherung.de" />
+	<target host="www.vorratsdatenspeicherung.de" />
+	<target host="blog.vorratsdatenspeicherung.de" />
+	<target host="wiki.vorratsdatenspeicherung.de" />
 
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(wiki\.|www\.)?vorratsdatenspeicherung\.de/"
-		to="https://$1vorratsdatenspeicherung.de/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/AKA.ms.xml b/src/chrome/content/rules/AKA.ms.xml
new file mode 100644
index 000000000000..3cb49cab2d2f
--- /dev/null
+++ b/src/chrome/content/rules/AKA.ms.xml
@@ -0,0 +1,27 @@
+<!--
+	For other Microsoft coverage, see Microsoft.xml.
+
+
+	Insecure cookies are set for these hosts:
+
+		- aka.ms
+		- www.aka.ms
+
+-->
+<ruleset name="AKA.ms">
+
+	<target host="aka.ms" />
+	<target host="www.aka.ms" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?aka\.ms$" name="^m0$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AKG.com.xml b/src/chrome/content/rules/AKG.com.xml
new file mode 100644
index 000000000000..587ccf16dfaa
--- /dev/null
+++ b/src/chrome/content/rules/AKG.com.xml
@@ -0,0 +1,44 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- br.akg.com
+		- static.akg.com
+
+		Incomplete certificate chain error:
+		- akg.com
+-->
+<ruleset name="AKG.com">
+	<target host="akg.com" />
+	<target host="www.akg.com" />
+	<target host="at.akg.com" />
+	<target host="au.akg.com" />
+	<target host="be.akg.com" />
+	<target host="ch.akg.com" />
+	<target host="cn.akg.com" />
+	<target host="de.akg.com" />
+	<target host="dk.akg.com" />
+	<target host="eu.akg.com" />
+	<target host="fi.akg.com" />
+	<target host="fr.akg.com" />
+	<target host="id.akg.com" />
+	<target host="jp.akg.com" />
+	<target host="kh.akg.com" />
+	<target host="kr.akg.com" />
+	<target host="my.akg.com" />
+	<target host="nl.akg.com" />
+	<target host="no.akg.com" />
+	<target host="ph.akg.com" />
+	<target host="pl.akg.com" />
+	<target host="ru.akg.com" />
+	<target host="se.akg.com" />
+	<target host="support.akg.com" />
+	<target host="th.akg.com" />
+	<target host="tw.akg.com" />
+	<target host="uk.akg.com" />
+	<target host="vn.akg.com" />
+
+	<rule from="^http://akg\.com/"
+		to="https://www.akg.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AK_Vorrat.org.xml b/src/chrome/content/rules/AK_Vorrat.org.xml
new file mode 100644
index 000000000000..af3a833e0464
--- /dev/null
+++ b/src/chrome/content/rules/AK_Vorrat.org.xml
@@ -0,0 +1,26 @@
+<!--
+	(www.)?akvorrat.org: Refused, redirect destination uses CAcert
+
+-->
+<ruleset name="AK Vorrat.org (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="listen.akvorrat.org" />
+
+	<!--	Complications:
+				-->
+	<!--target host="akvorrat.org" /-->
+	<!--target host="www.akvorrat.org" /-->
+
+
+	<!--	Redirects keeps path and args,
+		but not forward slash:
+					-->
+	<!--rule from="^http://(?:www\.)?akvorrat\.org/+"
+		to="https://wiki.vorratsdatenspeicherung.de/Mailinglisten/Listen/" /-->
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ALA.org.xml b/src/chrome/content/rules/ALA.org.xml
new file mode 100644
index 000000000000..7b84840c9a11
--- /dev/null
+++ b/src/chrome/content/rules/ALA.org.xml
@@ -0,0 +1,115 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://connect.ala.org/ => https://connect.ala.org/: Too many redirects while fetching 'https://connect.ala.org/'
+Fetch error: http://joblist.ala.org/ => https://joblist.ala.org/: (51, "SSL: no alternative certificate subject name matches target host name 'joblist.ala.org'")
+
+	American Library Association
+
+	Other American Library Association rulesets:
+
+		- chooseprivacyweek.org.xml
+
+
+	Nonfunctional hosts in *ala.org:
+
+		- ala14 *
+		- alaac15 *
+
+	* Shows another domain
+
+
+	Problematic hosts in *ala.org:
+
+		- alastore ¹
+		- login.connect ¹
+		- exhibitors ²
+		- idp ³
+
+	¹ Mismatched
+	² Expired
+	³ Server sends no certificate chain, see https://whatsmychaincert.com
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.alastore.ala.org
+		- idp.ala.org
+		- joblist.ala.org
+
+
+	Mixed content:
+
+		- css on connect from fonts.googleapis.com *
+		- Images on www.alastore from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="ALA.org (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ala.org" />
+	<target host="www.alastore.ala.org" />
+	<target host="connect.ala.org" />
+	<!--target host="login.connect.ala.org" /-->
+	<!--target host="exhibitors.ala.org" /-->
+	<!--target host="idp.ala.org" /-->
+	<target host="joblist.ala.org" />
+	<target host="www.ala.org" />
+
+	<!--	Complications:
+				-->
+	<target host="alastore.ala.org" />
+
+		<!--	Differs from http:
+						-->
+		<!--exclusion pattern="^http://ala\.org/$" /-->
+		<!--
+			Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.ala\.org/$" /-->
+		<!--
+			404:
+				-->
+		<!--exclusion pattern="^http://(?:www\.)?ala\.org/(?:sites/|membership/renew$|user/login$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://(?:www\.)?ala\.org/+(?!Security/|Template\.cfm)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://ala.org/aboutala/contactus/" />
+			<test url="http://www.ala.org/aboutala/donate" />
+			<test url="http://www.ala.org/membership/renew" />
+			<test url="http://www.ala.org/tools/" />
+			<test url="http://www.ala.org/user/login" />
+
+			<!--	-ve:
+					-->
+			<test url="http://ala.org/Template.cfm" />
+			<test url="http://ala.org/Security/Login.cfm" />
+			<test url="http://www.ala.org/Security/Shibboleth.sso/Login?target=" />
+			<test url="http://www.ala.org/Template.cfm" />
+
+		<!--test url="http://idp.ala.org/idp/profile/SAML2/Redirect/SSO?SAMLRequest=" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.alastore\.ala\.org$" name="^(?:ASP\.NET_SessionId|HttpReferer|Referer)$" /-->
+	<!--securecookie host="^idp\.ala\.org$" name="^_idp_authn_lc_key$" /-->
+	<!--securecookie host="^joblist\.ala\.org$" name="^(?:CFID|CFTOKEN)$" /-->
+
+	<securecookie host="^(?:www\.alastore|joblist)\.ala\.org$" name=".+" />
+
+
+	<rule from="^http://alastore\.ala\.org/"
+		to="https://www.alastore.ala.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ALDI.xml b/src/chrome/content/rules/ALDI.xml
index 2e26ce88d0f1..a3aec17cc9a1 100644
--- a/src/chrome/content/rules/ALDI.xml
+++ b/src/chrome/content/rules/ALDI.xml
@@ -1,22 +1,148 @@
-<ruleset name="Aldi - Germany">
-<!-- Hosts: Southern Aldi Germany -->
-  <target host="www.aldisued.de" />
-  <target host="www.aldi-sued.de" />
-  <target host="aldisued.de" />
-  <target host="aldi-sued.de" />
 
-<!-- Hosts: Northern Aldi Germany -->
-  <target host="www.aldi-nord.de" />
-  <target host="www.aldinord.de" />
-  <target host="aldi-nord.de" />
-  <target host="aldinord.de" />
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://corporate.aldi.co.uk/ => https://corporate.aldi.co.uk/: (6, 'Could not resolve host: corporate.aldi.co.uk')
+Fetch error: http://corporate.aldi.ie/ => https://corporate.aldi.ie/: (6, 'Could not resolve host: corporate.aldi.ie')
+Fetch error: http://nagradnaigra.hofer.si/ => https://nagradnaigra.hofer.si/: (7, 'Failed to connect to nagradnaigra.hofer.si port 443: Connection timed out')
 
-<!-- Rules: Southern Aldi Germany -->
-  <rule from="^https?://(?:www\.)?aldisued\.de/" to="https://www.aldi-sued.de/" />
-  <rule from="^http://(?:www\.)?aldi-sued\.de/" to="https://www.aldi-sued.de/" />
+Mismatch:
+	- games.aldi-sued.de
+	- games.aldi-suisse.ch
+	- inoc.aldi-suisse.ch
+	- games.aldi.co.uk
+	- games.aldi.com.au
+	- newsletter.aldi.dk
+	- newsletter.aldi.es
+	- haziasszonyok.aldi.hu
+	- games.aldi.hu
+	- games.aldi.us
+	- weeklyads.aldi.us
+	- games.hofer.at
+	- *gutaiderbichl.hofer.at
+	- games.hofer.si
 
-<!-- Rules: Northern Aldi Germany -->
-  <rule from="^http://(?:www\.)?aldi-nord\.de/" to="https://www.aldi-nord.de/" />
-  <rule from="^https?://(?:www\.)?aldinord\.de/" to="https://www.aldi-nord.de/" />
+No response:
+	- herkunft.aldi-sued.de
+	- aldi.es
 
+Refused:
+	- transparenz.aldi-nord.de
+	- *aldi.com
+-->
+<ruleset name="Aldi" default_off="failed ruleset test">
+	<target host="aldi-mobile.ch"/>
+	<target host="www.aldi-mobile.ch"/>
+	<target host="mypages.aldi-mobile.ch"/>
+	<target host="aldi-nord.de"/>
+	<target host="www.aldi-nord.de"/>
+	<target host="m.aldi-nord.de"/>
+	<target host="aldi-sued.de"/>
+	<target host="www.aldi-sued.de"/>
+	<target host="karriere.aldi-sued.de"/>
+	<target host="unternehmen.aldi-sued.de"/>
+	<target host="aldi-suisse.ch"/>
+	<target host="www.aldi-suisse.ch"/>
+	<target host="apps.aldi-suisse.ch"/>
+	<target host="unternehmen.aldi-suisse.ch"/>
+	<target host="aldi.be"/>
+	<target host="www.aldi.be"/>
+	<target host="de.aldi.be"/>
+	<target host="fr.aldi.be"/>
+	<target host="m.aldi.be"/>
+	<target host="nl.aldi.be"/>
+	<target host="aldi.co.uk"/>
+	<target host="www.aldi.co.uk"/>
+	<target host="corporate.aldi.co.uk"/>
+	<target host="customerservice.aldi.co.uk"/>
+	<target host="aldi.com.au"/>
+	<target host="www.aldi.com.au"/>
+	<target host="corporate.aldi.com.au"/>
+	<target host="customerservice.aldi.com.au"/>
+	<target host="ptp.aldi.com.au"/>
+	<target host="aldi.dk"/>
+	<target host="www.aldi.dk"/>
+	<target host="aldi.es"/>
+	<target host="www.aldi.es"/>
+	<target host="aldi.fr"/>
+	<target host="www.aldi.fr"/>
+	<target host="aldi.hu"/>
+	<target host="www.aldi.hu"/>
+	<target host="recruiting.aldi.hu"/>
+	<target host="avallalat.aldi.hu"/>
+	<target host="eletmodvaltok.aldi.hu"/>
+	<target host="borvilag.aldi.hu"/>
+	<target host="www.borvilag.aldi.hu"/>
+	<target host="hirlevel.aldi.hu"/>
+	<target host="www.hirlevel.aldi.hu"/>
+	<target host="aldi.ie"/>
+	<target host="www.aldi.ie"/>
+	<target host="corporate.aldi.ie"/>
+	<target host="listening.aldi.ie"/>
+	<target host="aldi.lu"/>
+	<target host="www.aldi.lu"/>
+	<target host="de.aldi.lu"/>
+	<target host="fr.aldi.lu"/>
+	<target host="aldi.nl"/>
+	<target host="www.aldi.nl"/>
+	<target host="aldi.pl"/>
+	<target host="www.aldi.pl"/>
+	<target host="aldi.pt"/>
+	<target host="www.aldi.pt"/>
+	<target host="aldi.us"/>
+	<target host="www.aldi.us"/>
+	<target host="blog.aldi.us"/>
+	<target host="corporate.aldi.us"/>
+	<target host="alditalk.de"/>
+	<target host="www.alditalk.de"/>
+	<target host="hofer.at"/>
+	<target host="www.hofer.at"/>
+	<target host="unternehmen.hofer.at"/>
+	<target host="s.hofer.at"/>
+	<target host="gewinnspiel.hofer.at"/>
+	<target host="karriere.hofer.at"/>
+	<target host="vinothek.hofer.at"/>
+	<target host="www.vinothek.hofer.at"/>
+	<target host="hofer.si"/>
+	<target host="www.hofer.si"/>
+	<target host="kariera.hofer.si"/>
+	<target host="daneszajutri.hofer.si"/>
+	<target host="nagradnaigra.hofer.si"/>
+	<target host="podjetje.hofer.si"/>
+	<target host="vinoteka.hofer.si"/>
+	<target host="www.vinoteka.hofer.si"/>
+
+	<rule from="^http://aldi-mobile\.ch/"
+		to="https://www.aldi-mobile.ch/"/>
+	<rule from="^http://aldi-sued\.de/"
+		to="https://www.aldi-sued.de/"/>
+	<rule from="^http://aldi-suisse\.ch/"
+		to="https://www.aldi-suisse.ch/"/>
+	<rule from="^http://aldi\.be/"
+		to="https://www.aldi.be/"/>
+	<rule from="^http://aldi\.co\.uk/"
+		to="https://www.aldi.co.uk/"/>
+	<rule from="^http://aldi\.es/"
+		to="https://www.aldi.es/"/>
+	<rule from="^http://aldi\.hu/"
+		to="https://www.aldi.hu/"/>
+	<rule from="^http://hirlevel\.aldi\.hu/"
+		to="https://www.hirlevel.aldi.hu/"/>
+	<rule from="^http://borvilag\.aldi\.hu/"
+		to="https://www.borvilag.aldi.hu/"/>
+	<rule from="^http://aldi\.ie/"
+		to="https://www.aldi.ie/"/>
+	<rule from="^http://aldi\.us/"
+		to="https://www.aldi.us/"/>
+	<rule from="^http://alditalk\.de/"
+		to="https://www.alditalk.de/"/>
+	<rule from="^http://hofer\.at/"
+		to="https://www.hofer.at/"/>
+	<rule from="^http://hofer\.si/"
+		to="https://www.hofer.si/"/>
+	<rule from="^http://vinothek\.hofer\.at/"
+		to="https://www.vinothek.hofer.at/"/>
+	<rule from="^http://vinoteka\.hofer\.si/"
+		to="https://www.vinoteka.hofer.si/"/>
+	<rule from="^http:"
+		to="https:"/>
 </ruleset>
diff --git a/src/chrome/content/rules/ALDImobile.com.au.xml b/src/chrome/content/rules/ALDImobile.com.au.xml
new file mode 100644
index 000000000000..c604db0486e0
--- /dev/null
+++ b/src/chrome/content/rules/ALDImobile.com.au.xml
@@ -0,0 +1,9 @@
+<ruleset name="ALDImobile.com.au">
+	<target host=    "aldimobile.com.au" />
+	<target host="www.aldimobile.com.au" />
+
+  	<securecookie host="^.*\.aldimobile\.com\.au$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ALPriorityUSA.com.xml b/src/chrome/content/rules/ALPriorityUSA.com.xml
new file mode 100644
index 000000000000..ed7d1ab4dd60
--- /dev/null
+++ b/src/chrome/content/rules/ALPriorityUSA.com.xml
@@ -0,0 +1,12 @@
+<!--
+	Mismatched:
+		- mail
+-->
+<ruleset name="ALPriorityUSA.com">
+	<target host="alpriorityusa.com" />
+	<target host="www.alpriorityusa.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ALSOActebis.xml b/src/chrome/content/rules/ALSOActebis.xml
index b37f61b809ce..22e9410d3707 100644
--- a/src/chrome/content/rules/ALSOActebis.xml
+++ b/src/chrome/content/rules/ALSOActebis.xml
@@ -2,7 +2,7 @@
   <target host="alsoactebis.com" />
   <target host="www.alsoactebis.com" />
 
-  <rule from="^http://(www\.)?alsoactebis\.com/" to="https://www.alsoactebis.com/" />
+  <rule from="^http://(?:www\.)?alsoactebis\.com/" to="https://www.alsoactebis.com/" />
   <!-- Prevent redirect loop on login -->
   <exclusion pattern="^http://www\.alsoactebis\.com/ec/cms3/[0-9]+/ShopStart\.do" />
 </ruleset>
diff --git a/src/chrome/content/rules/ALTS.Trade.xml b/src/chrome/content/rules/ALTS.Trade.xml
new file mode 100644
index 000000000000..08a6a2821c74
--- /dev/null
+++ b/src/chrome/content/rules/ALTS.Trade.xml
@@ -0,0 +1,39 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://alts.trade/ => https://alts.trade/: (7, 'Failed to connect to alts.trade port 443: Connection refused')
+Fetch error: http://www.alts.trade/ => https://alts.trade/: (7, 'Failed to connect to alts.trade port 443: Connection refused')
+
+	www.alts.trade: 526 (invalid origin cert)
+
+
+	Insecure cookies are set for these domains:
+
+		- .alts.trade
+
+-->
+<ruleset name="ALTS.Trade" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="alts.trade" />
+
+	<!--	Complications:
+				-->
+	<target host="www.alts.trade" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.alts\.trade$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.alts\.trade$" name=".+" />
+
+
+	<rule from="^http://www\.alts\.trade/"
+		to="https://alts.trade/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ALT_Linux.org-problematic.xml b/src/chrome/content/rules/ALT_Linux.org-problematic.xml
new file mode 100644
index 000000000000..3d1d070c9f4d
--- /dev/null
+++ b/src/chrome/content/rules/ALT_Linux.org-problematic.xml
@@ -0,0 +1,31 @@
+<!--
+	For rules that are on by default, see ALT_Linux.org.xml.
+
+
+	Server sends includeSubdomains in HSTS header.
+
+-->
+<ruleset name="ALT Linux.org (untrusted root)" default_off="cert-chain">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="altlinux.org" />
+	<target host="*.altlinux.org" />
+
+		<exclusion pattern="^http://packages\.altlinux\.org/" />
+
+			<test url="http://packages.altlinux.org/" />
+
+		<test url="http://books.altlinux.org/" />
+		<test url="http://bugzilla.altlinux.org/" />
+		<test url="http://en.altlinux.org/" />
+		<test url="http://faq.altlinux.org/" />
+		<test url="http://ru.altlinux.org/" />
+		<test url="http://uk.altlinux.org/" />
+		<test url="http://www.altlinux.org/" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ALT_Linux.org.xml b/src/chrome/content/rules/ALT_Linux.org.xml
new file mode 100644
index 000000000000..df3e86b3e6c7
--- /dev/null
+++ b/src/chrome/content/rules/ALT_Linux.org.xml
@@ -0,0 +1,35 @@
+<!--
+	For problematic rules, see ALT_Linux.org-problematic.xml.
+
+
+	Nonfunctional hosts in *altlinux.org:
+
+		- packages *
+
+	* Refused
+
+
+	Problematic hosts in *altlinux.org:
+
+		- (www.)? *
+		- books *
+		- bugzilla *
+		- en *
+		- faq *
+		- ru *
+		- uk *
+
+	* Untrusted root
+
+-->
+<ruleset name="ALT Linux.org (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="lists.altlinux.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AM-Best-Company.xml b/src/chrome/content/rules/AM-Best-Company.xml
deleted file mode 100644
index fdc4896992be..000000000000
--- a/src/chrome/content/rules/AM-Best-Company.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<ruleset name="A.M. Best Company (partial)">
-
-	<target host="ambest.com" />
-	<target host="*.ambest.com" />
-	<target host="dev-www3" />
-
-
-	<securecookie host="^www3\.ambest\.com$" name=".*" />
-
-
-	<rule from="^https?://(?:www\.)?ambest\.com/(CSS|SpryAssets)/"
-		to="https://www3.ambest.com/$1/" />
-
-	<rule from="^https?://(?:www\.)?ambest\.com/images/"
-		to="https://www3.ambest.com/simages/" />
-
-	<rule from="^http://www3\.ambest\.com/"
-		to="https://www3.ambest.com/" />
-
-	<!--	SpryAssets/ points to dev-www3 when rewritten to www3.	-->
-	<rule from="^https?://dev-www3/"
-		to="https://www3.ambest.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/AMC.xml b/src/chrome/content/rules/AMC.xml
index f077f6597b67..afe918873fd2 100644
--- a/src/chrome/content/rules/AMC.xml
+++ b/src/chrome/content/rules/AMC.xml
@@ -1,28 +1,57 @@
+
 <!--
-	Problematic domains:
+Disabled by https-everywhere-checker because:
+Fetch error: http://media.amctv.com/ => https://media.amctv.com/: (7, 'Failed to connect to media.amctv.com port 443: Connection timed out')
+
+	Other AMC Networks rulesets:
+
+		- amcnetworks.com.xml
+		- sundance.tv.xml
+
+
+	Nonfunctional domains:
 
 		- score.services.amcnets.com	(times out)
-		- press.amcnetworks.com		(times out)
 
-		- amctv.com subdomains:
 
-			- ^		(times out)
-			- blogs		(works; mismatched, CN: *.hs.llnwd.net)
+	^amctv.com: Dropped
+
+
+	Mixed content:
+
+		- css, on:
+
+			- www from $self ˢ
+			- www from fast.fonts.net ˢ
+
+		- Images, on:
+
+			- www from $self ˢ
+			- www from images.amcnetworks.com ˢ
+
+	ˢ Secured by us
 
 -->
-<ruleset name="AMC (partial)">
+<ruleset name="AMC TV.com (partial)" platform="mixedcontent" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="media.amctv.com" />
+	<target host="www.amctv.com" />
 
+	<!--	Complications:
+				-->
 	<target host="amctv.com" />
-	<target host="*.amctv.com" />
 
 
-	<securecookie host="^www\.amctv\.com$" name=".+" />
+	<securecookie host="^\." name="^_gat?$" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?amctv\.com/"
+	<rule from="^http://amctv\.com/"
 		to="https://www.amctv.com/" />
 
-	<rule from="^http://media\.amctv\.com/"
-		to="https://media.amctv.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/AMCTheatres.xml b/src/chrome/content/rules/AMCTheatres.xml
index aab0be98654d..14015ed51587 100644
--- a/src/chrome/content/rules/AMCTheatres.xml
+++ b/src/chrome/content/rules/AMCTheatres.xml
@@ -2,7 +2,7 @@
   <target host="amctheatres.com" />
   <target host="www.amctheatres.com" />
 
-  <securecookie host="^(www)?\.amctheatres\.com$" name=".*" />
+  <securecookie host="^(?:www)?\.amctheatres\.com$" name=".+" />
 
-  <rule from="^http://(?:www\.)?amctheatres\.com/" to="https://www.amctheatres.com/"/>
-</ruleset>
\ No newline at end of file
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AMI.com.xml b/src/chrome/content/rules/AMI.com.xml
index 3b7633942bc7..58c50f395f99 100644
--- a/src/chrome/content/rules/AMI.com.xml
+++ b/src/chrome/content/rules/AMI.com.xml
@@ -1,10 +1,26 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- ami.com
+		- www.ami.com
+
+-->
 <ruleset name="AMI.com">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="ami.com" />
 	<target host="www.ami.com" />
 
 
-	<rule from="^http://(www\.)?ami\.com/"
-		to="https://$1ami.com/" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?ami\.com$" name="^CFAUTHORIZATION_AMIWebPage$" /-->
+
+	<securecookie host="^(?:www\.)?ami\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/AMPR.org.xml b/src/chrome/content/rules/AMPR.org.xml
new file mode 100644
index 000000000000..b9a54fd51861
--- /dev/null
+++ b/src/chrome/content/rules/AMPR.org.xml
@@ -0,0 +1,20 @@
+<ruleset name="AMPR.org (partial)">
+
+	<target host="ampr.org" />
+	<target host="www.ampr.org" />
+	<target host="de.ampr.org" />
+	<target host="www.de.ampr.org" />
+	<target host="mailman.ampr.org" />
+	<target host="portal.ampr.org" />
+	<target host="wiki.ampr.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<!-- Invalid certificate on https://ampr.org/,
+	http://ampr.org/ redirects to https://www.ampr.org/ -->
+	<rule from="^http://ampr\.org/"
+		to="https://www.ampr.org/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AMR.xml b/src/chrome/content/rules/AMR.xml
new file mode 100644
index 000000000000..9dda5ea5bb78
--- /dev/null
+++ b/src/chrome/content/rules/AMR.xml
@@ -0,0 +1,36 @@
+<!--
+	Cert mismatch:
+		- beta.askmrrobot.com
+		- blog.askmrrobot.com
+		- e.askmrrobot.com
+		- email.askmrrobot.com
+		- ftp.askmrrobot.com
+		- mobilemail.askmrrobot.com
+		- pda.askmrrobot.com
+		- static.askmrrobot.com
+		- webmail.askmrrobot.com
+
+	Connection refused:
+		- mail.askmrrobot.com
+		- pop.askmrrobot.com
+
+	Timeout:
+		- imap.askmrrobot.com
+		- smtp.askmrrobot.com
+		- swtor.askmrrobot.com
+-->
+
+<ruleset name="AskMrRobot">
+
+	<target host="askmrrobot.com"/>
+	<target host="www.askmrrobot.com"/>
+
+	<target host="forums.askmrrobot.com"/>
+	<target host="static2.askmrrobot.com"/>
+
+	<target host="askmrrobot.discoursehosting.net"/>
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AMS.org.xml b/src/chrome/content/rules/AMS.org.xml
new file mode 100644
index 000000000000..ced1f5703c86
--- /dev/null
+++ b/src/chrome/content/rules/AMS.org.xml
@@ -0,0 +1,67 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+			 - eims.ams.org
+			 - emis.ams.org
+			 - www.emis.ams.org
+			 - ftp.ams.org
+			 - genealogy.ams.org
+			 - www.genealogy.ams.org
+			 - hosted.ams.org
+
+		SSL connect error:
+			 - staff.ams.org
+
+		SSL peer certificate was not OK:
+			 - bookstore.ams.org
+			 - community.ams.org
+
+		Peer certificate cannot be authenticated with given CA certificates:
+			 - blogs.ams.org
+			 - capps.ams.org
+
+		Status code mismatch:
+			 - autodiscover.ams.org
+			 - mail.ams.org
+
+		Secure connection redirects to plaintext:
+			 - www.ams.org
+
+		Different content:
+			 - download.ams.org
+-->
+<ruleset name="AMS.org">
+	<target host="ams.org" />
+	<target host="www.ams.org" />
+	<exclusion pattern="^http://www\.ams\.org/$" />
+
+	<target host="amsweb.ams.org" />
+	<target host="attach.ams.org" />
+	<target host="surveys.ams.org" />
+
+
+	<!-- Complications -->
+	<rule from="^http://www\.ams\.org/(css|images|js|journals|mathmoments)/"
+			to="https://www.ams.org/$1/" />
+
+		<!-- +ve -->
+		<test url="http://www.ams.org/css/aFinalCss.css" />
+		<test url="http://www.ams.org/images/homepageLogoUpperLeft.png" />
+		<test url="http://www.ams.org/journals/images/journal.cover.proc.gif" />
+		<test url="http://www.ams.org/js/ajax.js" />
+		<test url="http://www.ams.org/mathmoments/images/japan.gif" />
+
+	<rule from="^http://www\.ams\.org/(animated_favicon1\.gif|favicon\.ico)"
+			to="https://www.ams.org/$1"/>
+
+		<!-- +ve -->
+		<test url="http://www.ams.org/animated_favicon1.gif" />
+		<test url="http://www.ams.org/favicon.ico" />
+
+	<!-- Direct rewrites -->
+	<rule from="^http://ams\.org/"
+			to="https://ams.org/" />
+
+	<rule from="^http://(amsweb|attach|surveys)\.ams\.org/"
+			to="https://$1.ams.org/" />
+</ruleset>
diff --git a/src/chrome/content/rules/AMSl.com.xml b/src/chrome/content/rules/AMSl.com.xml
index 64ed9a749012..dae114106b73 100644
--- a/src/chrome/content/rules/AMSl.com.xml
+++ b/src/chrome/content/rules/AMSl.com.xml
@@ -1,10 +1,7 @@
 <ruleset name="AMSl.com">
-
 	<target host="amsl.com" />
 	<target host="www.amsl.com" />
 
-
-	<rule from="^http://(www\.)?amsl\.com/"
-		to="https://$1amsl.com/" />
-
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/AMStat.org.xml b/src/chrome/content/rules/AMStat.org.xml
new file mode 100644
index 000000000000..72af77eb008e
--- /dev/null
+++ b/src/chrome/content/rules/AMStat.org.xml
@@ -0,0 +1,23 @@
+<!--
+	Refused:
+		chance.amstat.org
+		jobs.amstat.org
+		magazine.amstat.org
+		stattrak.amstat.org
+
+	Invalid certificate:
+		community.amstat.org
+
+-->
+<ruleset name="Amstat.org">
+
+	<target host="amstat.org" />
+	<target host="www.amstat.org" />
+	<target host="ww2.amstat.org" />
+		<test url="http://ww2.amstat.org/meetings/ssi/2017/index.cfm" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AM_Best.com.xml b/src/chrome/content/rules/AM_Best.com.xml
new file mode 100644
index 000000000000..022bd84e3f44
--- /dev/null
+++ b/src/chrome/content/rules/AM_Best.com.xml
@@ -0,0 +1,72 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+			 - ambest.com
+			 - www.ambest.com
+			 - aw.ambest.com
+			 - conferences.ambest.com
+			 - crystalras.ambest.com
+			 - guides.ambest.com
+			 - ratefilings.ambest.com
+			 - relay.ambest.com
+			 - securemail.ambest.com
+			 - submit.ambest.com
+			 - www.submit.ambest.com
+
+		Timeout was reached:
+			 - njrdp.ambest.com
+			 - ntserv70.ambest.com
+			 - ntserv70r.ambest.com
+			 - relay1.ambest.com
+			 - relay2.ambest.com
+			 - relay3.ambest.com
+
+		SSL connect error:
+			 - agents.ambest.com
+			 - esp.ambest.com
+			 - espuk.ambest.com
+			 - krg.ambest.com
+			 - listee.ambest.com
+			 - reporting.ambest.com
+			 - reviewpreview.ambest.com
+			 - www.reviewpreview.ambest.com
+			 - srq.ambest.com
+			 - www.srq.ambest.com
+			 - support.ambest.com
+
+		SSL peer certificate was not OK:
+			 - bestday.ambest.com
+			 - journal.ambest.com
+			 - news.ambest.com
+
+		Peer certificate cannot be authenticated with given CA certificates:
+			 - ezp.ambest.com
+			 - login.ezp.ambest.com
+			 - ftp.ambest.com
+			 - ftp10.ambest.com
+
+		Incomplete certificate chain error:
+			 - corpvpn.ambest.com
+			 - email.ambest.com
+			 - hkvpn.ambest.com
+			 - sivpn.ambest.com
+			 - sslvpn02.ambest.com
+
+		4xx client error:
+			 - member.ambest.com
+			 - trvl.ambest.com
+			 - webservices.ambest.com
+-->
+<ruleset name="AM Best.com (partial)">
+	<target host="ambvpn.ambest.com" />
+	<target host="bestlink.ambest.com" />
+	<target host="ecom.ambest.com" />
+	<target host="pavpn.ambest.com" />
+	<target host="portal.ambest.com" />
+	<target host="testvpn.ambest.com" />
+	<target host="www3.ambest.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AMetSoc.org.xml b/src/chrome/content/rules/AMetSoc.org.xml
new file mode 100644
index 000000000000..d469d853050e
--- /dev/null
+++ b/src/chrome/content/rules/AMetSoc.org.xml
@@ -0,0 +1,70 @@
+<!--
+	Nonfunctional subdomains:
+
+		- blog *
+
+	* Refused
+
+
+	Problematic subdomains:
+
+		- (www.) ¹
+		- shib ²
+
+	¹ Mixed iframe
+	² Insecure renegotiation
+
+
+	Partially covered subdomains:
+
+		- (www.) ¹
+		- annual ²
+		- bookstore ²
+		- journals ²
+
+	¹ Avoiding broken MCB
+	² Some pages redirect to http
+
+
+	These altnames don't exist:
+
+		- www.shib.ametsoc.org
+
+
+	Mixed content:
+
+		- iframe on www from meltwaternews.com *
+
+	* Secured by us
+
+-->
+<ruleset name="AMetSoc.org (partial)">
+
+	<target host="ametsoc.org" />
+	<target host="annual.ametsoc.org" />
+	<target host="bookstore.ametsoc.org" />
+	<target host="journals.ametsoc.org" />
+	<target host="shib.ametsoc.org" />
+	<target host="www.ametsoc.org" />
+		<!--
+			Avoid broken MCB:
+						-->
+		<exclusion pattern="^http://(?:www\.)?ametsoc\.org/(?!favicon\.ico|.+(?:css|gif|jpg|png)(?:$|\?))" />
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="^http://annual\.ametsoc\.org/$" /-->
+		<!--exclusion pattern="^http://bookstore\.ametsoc\.org/($|catalog/book/[\w-]+|favicon\.ico)$" /-->
+		<!--exclusion pattern="^http://journals\.ametsoc\.org/doi/full/[\d.]+/[0-9A-Z.-]+$" /-->
+		<!--exclusion pattern="^http://www2\.ametsoc\.org/ams/index\.cfm/publications/subscription-information/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://annual\.ametsoc\.org/(?!\d{4}/includes/|cssfiles/|includes/)" />
+		<exclusion pattern="^http://bookstore\.ametsoc\.org/(?!(?:cart|user/login)(?:$|\?)|sites/)" />
+		<exclusion pattern="^http://journals\.ametsoc\.org/(?!action/showLogin|favicon\.ico|na101/home/literatum/publisher/\w+/journals/|templates/|userimages/)" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AMoAd.xml b/src/chrome/content/rules/AMoAd.xml
new file mode 100644
index 000000000000..3ce6c69a1b94
--- /dev/null
+++ b/src/chrome/content/rules/AMoAd.xml
@@ -0,0 +1,27 @@
+<!--
+
+	Nonfunctional domains:
+
+	Problematic domains:
+
+		- cdni.amoad.com	(akamai)
+		- tech.amoad.com	(times out)
+
+-->
+
+<ruleset name="AMoAd.com">
+
+	<target host="amoad.com" />
+	<target host="d.amoad.com" />
+	<target host="i.amoad.com" />
+	<target host="j.amoad.com" />
+	<target host="m.amoad.com" />
+	<target host="manage.amoad.com" />
+	<target host="p.amoad.com" />
+	<target host="v.amoad.com" />
+	<target host="www.amoad.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AMuseWiki.org.xml b/src/chrome/content/rules/AMuseWiki.org.xml
new file mode 100644
index 000000000000..8c5e4bd1b9d0
--- /dev/null
+++ b/src/chrome/content/rules/AMuseWiki.org.xml
@@ -0,0 +1,24 @@
+<!--
+	Login required:
+		anarchismo.amusewiki.org
+		falische.amusewiki.org
+		leletterescalatte.amusewiki.org
+		leletterescarlatte.amusewiki.org
+
+	Invalid certificate:
+		packages.amusewiki.org
+
+-->
+<ruleset name="A·Muse·Wiki">
+
+	<target host="amusewiki.org" />
+	<target host="www.amusewiki.org" />
+	<target host="atr.amusewiki.org" />
+	<target host="laltromondo.amusewiki.org" />
+	<target host="mk.amusewiki.org" />
+	<target host="sandbox.amusewiki.org" />
+	<target host="yu.amusewiki.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ANB.xml b/src/chrome/content/rules/ANB.xml
index ff4e524fe57a..dd067ee6eabe 100644
--- a/src/chrome/content/rules/ANB.xml
+++ b/src/chrome/content/rules/ANB.xml
@@ -1,9 +1,15 @@
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://anb.com.sa/ => https://www.anb.com.sa/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+-->
 <ruleset name="ANB">
   <target host="anb.com.sa" />
-  <target host="*.anb.com.sa" />
+  <target host="e.anb.com.sa" />
+  <target host="ebusiness.anb.com.sa" />
+  <target host="onlinebanking.anb.com.sa" />
+  <target host="www.anb.com.sa" />
 
   <rule from="^http://anb\.com\.sa/"
 	  to="https://www.anb.com.sa/" />
-  <rule from="^http://(e|ebusiness|onlinebanking|www)\.anb\.com\.sa/"
-	  to="https://$1.anb.com.sa/" />
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/ANU.edu.au.xml b/src/chrome/content/rules/ANU.edu.au.xml
new file mode 100644
index 000000000000..09e701064628
--- /dev/null
+++ b/src/chrome/content/rules/ANU.edu.au.xml
@@ -0,0 +1,1159 @@
+<!--
+	Timeout:
+		anu-infra-psc
+		anu-mms1-con
+		anuartcollection
+		anuauth10
+		anuauth11
+		anuauth8
+		anuauth9
+		anublogs
+		anulb01-mgmt
+		anulb02-mgmt
+		anumail-dev
+		anusf
+		anuvc01
+		anuvc02
+		apfrf
+		apicm-prod
+		apicm-uat
+		apicm1-p1
+		apicm1-p2
+		apicm1-t1
+		apicm1-t2
+		apicp-prod
+		apicp1-p1
+		apicp1-p2
+		apicp1-p3
+		apocrypha
+		apocrypha1-p1
+		argon
+		arts
+		atlantis2
+		atrium
+		auson
+		biorepository
+		biorepository-test
+		caldwell
+		atrium.cap
+		capdc01.cap
+		capdc02.cap
+		crawford03.cap
+		mdm.cap
+		tmosxs.cap
+		capture
+		capture-test
+		cassexg02
+		cassmail
+		cbe-hpc-head
+		orsee.cbenet
+		vcsvr01.cbenet
+		accoladedb.cecs
+		altiris.cecs
+		carrinas.cecs
+		cvr-eng.cecs
+		dev-cecs.cecs
+		dev-cs.cecs
+		dev-eng.cecs
+		dev-engn.cecs
+		dev-users.cecs
+		devolve.cecs
+		egw.cecs
+		escher.cecs
+		evolve.cecs
+		evolvepass.cecs
+		gserver.cecs
+		l4f-dev.cecs
+		limesurvey.cecs
+		lists.cecs
+		passwd.cecs
+		password.cecs
+		test-accolade.cecs
+		test-cecs.cecs
+		test-cs.cecs
+		test-eng.cecs
+		test-engn.cecs
+		test-mahara.cecs
+		test-users.cecs
+		tproxy.cecs
+		vlab.cecs
+		clearpass
+		comp-bio
+		dev.cs92acep
+		dev.cs92devl
+		dev.cs92int
+		dev.cs92sit
+		csadmin
+		csitsvr2
+		admin.csplay
+		datamining
+		dbmgmt
+		dev-emhprac
+		doihelpdesk
+		doiweb-repo
+		doohan
+		dragonlair
+		dspace-dev
+		dspace-test
+		eformsdevl
+		ehub
+		www.ehub
+		ehubassist
+		es-portal-dev
+		es-portal-uat
+		esb-dev
+		esb1-dp-p1
+		esb1-dp-p2
+		esftps
+		dev.esig
+		dev2.esig
+		esldap
+		espgw
+		espims01
+		espmx
+		eta.fec
+		admin.fin
+		finadmin
+		foa
+		forms-dev
+		dev.fs92acep
+		dev.fs92devl
+		dev.fs92int
+		dev.fs92sit
+		dev.fs92uat
+		fses60-102
+		admin.fsplay
+		geos
+		gislibrary
+		gislibrary-extreme-weather
+		grace
+		graphc-legacy
+		graphc-portal3
+		graphc-test
+		graphc2018
+		h1
+		app.hracep
+		dev.hracep
+		app.hrdevl
+		dev.hrdevl
+		dev.hrint
+		dev.hrmtp
+		hroffer-acep
+		identity6-z1
+		ippha
+		ipumsi
+		issisp
+		itsctx01
+		itsweb-repo
+		itsweb-repo3-p1
+		dnalims.jcs
+		jira-test
+		mail.johnxxiii
+		juggle-idrac
+		langevin
+		lawitinternal
+		lawlss
+		lawmedia2
+		lawprint
+		lawrems
+		lawsignage
+		leep
+		login
+		login-prod-1
+		login-test
+		mail
+		mail2-smtp-t1
+		acep.maximo
+		maxplay
+		medonline
+		missus
+		mrbspma
+		mso
+		mudslide
+		nacact
+		nagios-chm
+		ncig-archive
+		ncig-ihhr
+		nlc
+		olams
+		olams-dev
+		olams-test
+		onestop
+		panorama
+		admin.phire
+		dev.phiredev
+		plexus-beta
+		pravda-vm
+		press-files
+		printq
+		r-nceph
+		requests
+		rhsat2
+		rhsat2-p1
+		rims-cra-demo
+		rims-demo
+		riskassess
+		rpa
+		rpadevl
+		calendar.rsaa
+		intranetfiles.rsb
+		isr.rsbs
+		backuppc.rses
+		backuppc2.rses
+		backuppc3.rses
+		backuppc4.rses
+		backuppc5.rses
+		backuppc6.rses
+		backuppc7.rses
+		intranet.rses
+		jupyter.rses
+		jupyter2.rses
+		altiris.rsise
+		cups.rsise
+		egw.rsise
+		escher.rsise
+		mars.rsise
+		ntp1.rsise
+		passwd.rsise
+		password.rsise
+		printers.rsise
+		rsphymail
+		admin.sas
+		sca-lws01
+		sciencedev1
+		sciencedev2
+		sciencedev3
+		sciencedev4
+		scribe
+		sealevel
+		securityscanner
+		sf
+		shrimp
+		smtphost
+		sophosupdate
+		sshr92acep
+		sshracep
+		selfservice.sshracep
+		surat2-p1
+		svn
+		tectonics
+		test-clone
+		timetablescheduler
+		timetabling
+		traveller
+		honolulu.tuds
+		uds
+		anuvc01.uds
+		anuvc02.uds
+		anuvpsc01.uds
+		anuvpsc02.uds
+		udsdc01.uds
+		udsdc02.uds
+		udsdc03.uds
+		udsdc04.uds
+		udsdhg01.uds
+		udsexamweb99.uds
+		udssrwebd01.uds
+		udssrwebd02.uds
+		udssrwebp01.uds
+		udssrwebp02.uds
+		udsstaff.uds
+		udsts02.uds
+		udstsapp01.uds
+		udsicprint07
+		udspbgw101a
+		udsssweb99-a
+		udsstaff
+		varese
+		virtual-dev
+		virtualclinic
+		vision
+		voicemail
+		webct
+		webpublishing
+		wedge
+		wirelessprint
+
+	Connection refused:
+		www.anclas
+		apcd
+		www.aushons
+		bellschool
+		apcd.bellschool
+		dpa.bellschool
+		ir.bellschool
+		psc.bellschool
+		sdsc.bellschool
+		biol3157
+		jh.borevitzlab
+		bullfrog
+		cantabile
+		ips.cap
+		cdi.ips.cap
+		accolade.cecs
+		prod-repo.cecs
+		sdaas.cecs
+		techbroker.cecs
+		chelt
+		chinainstitute
+		chl
+		dhhdev
+		edmund
+		encore
+		epinet
+		es-cms
+		es-cms-internal
+		facilities-intranet
+		code.h1svr
+		hcc-workshop
+		library-login-dev
+		linguistics
+		macho
+		membrane
+		menzieshealthpolicy
+		confluence.mso
+		myanmar
+		nbac
+		origin
+		ourmobserved
+		pacificinstitute
+		philrsss
+		regnet
+		rses
+		www.rses
+		thairainbowarchive
+		autodiscover.tuds
+		mail.tuds
+		wwwrses
+
+	Mismatch:
+		www.acbee
+		aclf
+		acls
+		www.ada
+		ageing
+		amee
+		anff-act
+		graphc.aphcri
+		apnsrv01
+		www.archives
+		www.biology
+		www.bluepages
+		www.cama
+		janzdb-dev.cap
+		www.cdi
+		cornelius.cecs
+		docker.cecs
+		rproxy.cecs
+		svn.cecs
+		cs.club
+		mso.club
+		sailing.club
+		scuba.club
+		hhs.cmbe
+		cmbe-cpms
+		www.coombs
+		cos
+		calf.crawford
+		cpc.crawford
+		cses
+		demo.drupal
+		dspace
+		dspace-prod1
+		www.earlytraumagrief
+		www.ecocomm
+		economics
+		www.ecouch
+		eformsdlm
+		ehrenfest
+		engn
+		eportfolio-stage-1904
+		esb1-dp-d2
+		esproxy
+		www.eutrade
+		archive.evaluations
+		geography
+		graphc-p
+		graphcdev
+		dev.hr92acep
+		dev.hr92int
+		dev.hr92sit
+		impact
+		internaljobs
+		jcs
+		www.jcs
+		brf.jcs
+		jobs
+		lionelmurphy
+		math
+		www.math
+		www.maths
+		mgscap01
+		naturalhazards
+		programsandcourses-test
+		www.qc09
+		www.regnet
+		resourcebooker-rsb
+		rsa
+		rsabis
+		rscweb
+		rsm
+		rumici
+		www.science
+		www.services
+		sres-people
+		app.sshrdevl
+		tchpre
+		underbelly
+		unihouse
+		www.unihouse
+		vpn
+		web4-nci
+		legaloffice.weblogs
+		wwwmaths
+		youthinfocus
+
+	Invalid cert chain:
+		aes
+		andosl
+		appc87
+		apsa
+		archives-dev
+		archives-test
+		archivescollection
+		arm
+		arp
+		assda
+		assdaweb
+		assdawiki
+		axiom
+		intranet.biology
+		acr.cdhr
+		acrvis.cdhr
+		cdhr-linkeddata
+		cdhr-projects
+		cdhrdatasys
+		cdhrsys
+		cars.cecs
+		cm.cecs
+		cvpr.cecs
+		cvpr11.cecs
+		goolma.cecs
+		icaps08.cecs
+		levine.cecs
+		login.cecs
+		old-cecs.cecs
+		oldcecs.cecs
+		people.cecs
+		psi.cecs
+		rml.cecs
+		rooms.cecs
+		ssll.cecs
+		studentdb.cecs
+		template.cecs
+		changes
+		intranet.chemistry
+		clug
+		admin.cmbe-cpms
+		intranet.cmbe-cpms
+		contenthub
+		intranet.cpas
+		ctlab
+		www.ctlab
+		discus
+		dld-prod10
+		drwn
+		re100.eng
+		fusion17
+		gaskap
+		www.gemini
+		geminus
+		gh-residents
+		gwadw17
+		gwadw2017
+		hciss
+		healthstewardship
+		iraf
+		irsociety
+		jag
+		jagws01
+		jagws03
+		apf.jagws03
+		aphcri.jagws03
+		arm.jagws03
+		biology.jagws03
+		brf.jagws03
+		cba.jagws03
+		cci.jagws03
+		chemistry.jagws03
+		cpas.jagws03
+		crahw.jagws03
+		demo-drupal.jagws03
+		drupal.jagws03
+		earlytraumagrief.jagws03
+		energy.jagws03
+		fenner.jagws03
+		healthstewardship.jagws03
+		ihig.jagws03
+		intranet-jcsmr.jagws03
+		intranet-maths.jagws03
+		intranet-nceph.jagws03
+		intranet-psychology.jagws03
+		intranet-rsph.jagws03
+		jcmrf.jagws03
+		maths.jagws03
+		microscopy.jagws03
+		nceph.jagws03
+		ncig.jagws03
+		nimhr.jagws03
+		psychology.jagws03
+		rsaa.jagws03
+		rsph.jagws03
+		scienceshop.jagws03
+		intranet.jcsmr
+		mailman
+		mailman2-p1
+		mappings
+		archives.maths
+		intranet.maths
+		teaching.maths
+		maths-people
+		intranet.medicalschool
+		migrate
+		miocene
+		mplanet
+		www.mso
+		hg.mso
+		svn.mso
+		trac.mso
+		webmail.mso
+		msowww
+		msowwwtest
+		intranet.nceph
+		openingdoors
+		pandora
+		intranet.psychology
+		reqbook
+		rml
+		robotics
+		rsaart
+		abotea.rsise
+		andosl.rsise
+		cars.rsise
+		cecs.rsise
+		csl.rsise
+		ftp.rsise
+		goolma.rsise
+		itdb.rsise
+		login.rsise
+		loginsatie.rsise
+		lss.rsise
+		mlss.rsise
+		mlss08.rsise
+		mlss10.rsise
+		netdb.rsise
+		network.rsise
+		networktest.rsise
+		ptv.rsise
+		quail.rsise
+		quang.rsise
+		rooms.rsise
+		roomstest.rsise
+		satie.rsise
+		sql.rsise
+		studentdb.rsise
+		twb.rsise
+		users.rsise
+		usmc07.rsise
+		weather.rsise
+		weblogin.rsise
+		wws.rsise
+		wws2005.rsise
+		wws2006.rsise
+		intranet.rsph
+		sca-lws03
+		admin.science
+		intranet.science
+		web.science
+		scienceshop
+		www.scienceshop
+		scinet
+		serafina
+		skymapper
+		solar
+		solar-thermal
+		stg
+		mentors.stlc
+		stromlo
+		ftp.syseng
+		tosca
+		trust
+		vos
+		weblogs
+		anucs.weblogs
+		cahat.weblogs
+		cbeit.weblogs
+		dhg.weblogs
+		efs.weblogs
+		iodp.weblogs
+		ippa.weblogs
+		pmo.weblogs
+		tto.weblogs
+		wwwmacho
+
+	Self-signed:
+		adb
+		adbonline
+		baxter2015
+		bloch
+		cgp
+		cmtp
+		commad2010
+		cpss
+		gem2012
+		hccda
+		hias
+		ia
+		karri
+		labouraustralia
+		library-dev
+		ncta2011
+		oa
+		adb.online
+		pib
+		pma01
+		prl
+		sciencewise
+		tpsrv
+
+	Expired:
+		archives.cap
+		artofcomputing.cecs
+		chl-old
+		ciw
+		intersections
+		www.nsc
+		pacling
+		theanufund
+
+	Invalid route:
+		aus-cscap
+		bricc
+		cigj
+		cmhs
+		dynopta
+		eduroam
+		groundwater
+		jabberwocky
+		technegas.jcs
+		techserv.jcs
+		laserspark
+		moodle
+		netcomms
+		www.oef
+		osasc
+		osmium
+		plexus-staging
+		positron
+		rcsr
+		renew
+		rspas
+		www.rsphysse
+		rsphyweb
+		sdsadmin01
+		sdsc
+		sp3
+		surat
+		vuv14
+		wireless
+		xct
+
+	Invalid redirect:
+		archives
+		users.cecs
+		bbbutton.cecs
+
+	Connection issue:
+		anumc
+		graphcwiki.aphcri
+		artserve
+		asiapacificweek
+		cbeml01v.cbenet
+		aulus.cecs
+		engageasia
+		hipass
+		admin.hr
+		dev.hr92devl
+		hradmin
+		admin.hrplay
+		jira
+		marxists
+		pasifika
+		rubens
+		starrez-prod
+		test-style
+		wald
+		winwebacep
+-->
+<ruleset name="Australian National University">
+	<target host="anu.edu.au" />
+	<target host="www.anu.edu.au" />
+	<target host="3ai.anu.edu.au" />
+	<target host="3ainstitute.anu.edu.au" />
+	<target host="aat.anu.edu.au" />
+	<target host="abc.anu.edu.au" />
+	<target host="about.anu.edu.au" />
+	<target host="abrf.anu.edu.au" />
+	<target host="academicskills.anu.edu.au" />
+	<target host="acatlgn.anu.edu.au" />
+	<target host="acih.anu.edu.au" />
+	<target host="acthra.anu.edu.au" />
+	<target host="adsri.anu.edu.au" />
+	<target host="advancementservices.anu.edu.au" />
+	<target host="afec.anu.edu.au" />
+	<target host="alliance.anu.edu.au" />
+	<target host="alumni.anu.edu.au" />
+	<target host="alumniandfriends.anu.edu.au" />
+	<target host="alumniawards.anu.edu.au" />
+	<target host="anclas.anu.edu.au" />
+	<target host="andc.anu.edu.au" />
+	<target host="anip.anu.edu.au" />
+	<target host="anthropology.anu.edu.au" />
+	<target host="anu-int.anu.edu.au" />
+	<target host="anuadri.anu.edu.au" />
+	<target host="anuapartments.anu.edu.au" />
+	<target host="anuga.anu.edu.au" />
+	<target host="anulib.anu.edu.au" />
+	<target host="anumail.anu.edu.au" />
+	<target host="anums-sonia.anu.edu.au" />
+	<target host="anums-sonia-dev.anu.edu.au" />
+	<target host="anuvpn.anu.edu.au" />
+	<target host="apf.anu.edu.au" />
+	<target host="aphcri.anu.edu.au" />
+	<target host="api.anu.edu.au" />
+	<target host="apiuat.anu.edu.au" />
+	<target host="apneg.anu.edu.au" />
+	<target host="apntest2.anu.edu.au" />
+	<target host="apollo.anu.edu.au" />
+	<target host="apply-asa.anu.edu.au" />
+	<target host="www.apply-asa.anu.edu.au" />
+	<target host="www.apply-international.anu.edu.au" />
+	<target host="arcgis.anu.edu.au" />
+	<target host="archaeology.anu.edu.au" />
+	<target host="archanth.anu.edu.au" />
+	<target host="aries.anu.edu.au" />
+	<target host="asa2017.anu.edu.au" />
+	<target host="asiapacific.anu.edu.au" />
+	<target host="ask.anu.edu.au" />
+	<target host="atomlaser.anu.edu.au" />
+	<target host="aurj.anu.edu.au" />
+	<target host="ausi.anu.edu.au" />
+	<target host="aussa.anu.edu.au" />
+	<target host="autodiscover.anu.edu.au" />
+	<target host="bandg.anu.edu.au" />
+	<target host="bblmci.anu.edu.au" />
+	<target host="beacon.anu.edu.au" />
+	<target host="www.beacon.anu.edu.au" />
+	<target host="biology.anu.edu.au" />
+	<target host="biology-assets.anu.edu.au" />
+	<target host="bluepages.anu.edu.au" />
+	<target host="bookbrf.anu.edu.au" />
+	<target host="borevitzlab.anu.edu.au" />
+	<target host="gvm.borevitzlab.anu.edu.au" />
+	<target host="brf.anu.edu.au" />
+	<target host="request.brf.anu.edu.au" />
+	<target host="brucehall.anu.edu.au" />
+	<target host="burgmann.anu.edu.au" />
+	<target host="www.burgmann.anu.edu.au" />
+	<target host="mail.burgmann.anu.edu.au" />
+	<target host="burgmannportal.anu.edu.au" />
+	<target host="caepr.anu.edu.au" />
+	<target host="cais.anu.edu.au" />
+	<target host="cam.anu.edu.au" />
+	<target host="cama.anu.edu.au" />
+	<target host="campusmap.anu.edu.au" />
+	<target host="camstorage.anu.edu.au" />
+	<target host="careerhub.anu.edu.au" />
+	<target host="cass.anu.edu.au" />
+	<target host="www.cass.anu.edu.au" />
+	<target host="archanth.cass.anu.edu.au" />
+	<target host="caepr.cass.anu.edu.au" />
+	<target host="cais.cass.anu.edu.au" />
+	<target host="cdhr.cass.anu.edu.au" />
+	<target host="csrm.cass.anu.edu.au" />
+	<target host="demography.cass.anu.edu.au" />
+	<target host="history.cass.anu.edu.au" />
+	<target host="hrc.cass.anu.edu.au" />
+	<target host="music.cass.anu.edu.au" />
+	<target host="philosophy.cass.anu.edu.au" />
+	<target host="planner.cass.anu.edu.au" />
+	<target host="politicsir.cass.anu.edu.au" />
+	<target host="rsha.cass.anu.edu.au" />
+	<target host="rsss.cass.anu.edu.au" />
+	<target host="slll.cass.anu.edu.au" />
+	<target host="soad.cass.anu.edu.au" />
+	<target host="sociology.cass.anu.edu.au" />
+	<target host="cba.anu.edu.au" />
+	<target host="cbe.anu.edu.au" />
+	<target host="www.cbe.anu.edu.au" />
+	<target host="blog.cbe.anu.edu.au" />
+	<target host="cbevirtual.cbenet.anu.edu.au" />
+	<target host="cce.anu.edu.au" />
+	<target host="ccep.anu.edu.au" />
+	<target host="cci.anu.edu.au" />
+	<target host="cdhr.anu.edu.au" />
+	<target host="cecs.anu.edu.au" />
+	<target host="www.cecs.anu.edu.au" />
+	<target host="3ainstitute.cecs.anu.edu.au" />
+	<target host="3ai.cecs.anu.edu.au" />
+	<target host="aecilius.cecs.anu.edu.au" />
+	<target host="cims.cecs.anu.edu.au" />
+	<target host="cims-dev.cecs.anu.edu.au" />
+	<target host="codebench.cecs.anu.edu.au" />
+	<target host="cyber.cecs.anu.edu.au" />
+	<target host="cyberinstitute.cecs.anu.edu.au" />
+	<target host="cybersecurity.cecs.anu.edu.au" />
+	<target host="discourse.cecs.anu.edu.au" />
+	<target host="f2.cecs.anu.edu.au" />
+	<target host="gchallenges.cecs.anu.edu.au" />
+	<target host="gitlab.cecs.anu.edu.au" />
+	<target host="l4f.cecs.anu.edu.au" />
+	<target host="mattermost.cecs.anu.edu.au" />
+	<target host="ohioh.cecs.anu.edu.au" />
+	<target host="orthoapp.cecs.anu.edu.au" />
+	<target host="redmine.cecs.anu.edu.au" />
+	<target host="certifieddocs.anu.edu.au" />
+	<target host="ces.anu.edu.au" />
+	<target host="chemistry.anu.edu.au" />
+	<target host="choose.anu.edu.au" />
+	<target host="cims.anu.edu.au" />
+	<target host="climate.anu.edu.au" />
+	<target host="cmbe.anu.edu.au" />
+	<target host="cmhr.anu.edu.au" />
+	<target host="www.cmhr.anu.edu.au" />
+	<target host="cms.anu.edu.au" />
+	<target host="api.cms.anu.edu.au" />
+	<target host="cnnd.anu.edu.au" />
+	<target host="cognitivehealth.anu.edu.au" />
+	<target host="commons.anu.edu.au" />
+	<target host="consciousness.anu.edu.au" />
+	<target host="copyright.anu.edu.au" />
+	<target host="costing.anu.edu.au" />
+	<target host="counselling.anu.edu.au" />
+	<target host="cpas.anu.edu.au" />
+	<target host="www.cpas.anu.edu.au" />
+	<target host="cpms.anu.edu.au" />
+	<target host="crahw.anu.edu.au" />
+	<target host="crawford.anu.edu.au" />
+	<target host="www.crawford.anu.edu.au" />
+	<target host="acbee.crawford.anu.edu.au" />
+	<target host="acde.crawford.anu.edu.au" />
+	<target host="ajrc.crawford.anu.edu.au" />
+	<target host="apps.crawford.anu.edu.au" />
+	<target host="asiaandthepacificpolicystudies.crawford.anu.edu.au" />
+	<target host="cama.crawford.anu.edu.au" />
+	<target host="ccep.crawford.anu.edu.au" />
+	<target host="cnnd.crawford.anu.edu.au" />
+	<target host="coombs-forum.crawford.anu.edu.au" />
+	<target host="dev.crawford.anu.edu.au" />
+	<target host="devpolicy.crawford.anu.edu.au" />
+	<target host="nsc.crawford.anu.edu.au" />
+	<target host="taxpolicy.crawford.anu.edu.au" />
+	<target host="tric.crawford.anu.edu.au" />
+	<target host="creativearts.anu.edu.au" />
+	<target host="cres.anu.edu.au" />
+	<target host="cs.anu.edu.au" />
+	<target host="cweep.anu.edu.au" />
+	<target host="cyber.anu.edu.au" />
+	<target host="cyberinstitute.anu.edu.au" />
+	<target host="cybersecurity.anu.edu.au" />
+	<target host="datacommons.anu.edu.au" />
+	<target host="ddca.anu.edu.au" />
+	<target host="ddca-staging.anu.edu.au" />
+	<target host="demography.anu.edu.au" />
+	<target host="dev-dri.anu.edu.au" />
+	<target host="devpolicy.anu.edu.au" />
+	<target host="dhg.anu.edu.au" />
+	<target host="dhh.anu.edu.au" />
+	<target host="digitalcollections.anu.edu.au" />
+	<target host="disability.anu.edu.au" />
+	<target host="dmm.anu.edu.au" />
+	<target host="dri.anu.edu.au" />
+	<target host="drss.anu.edu.au" />
+	<target host="drupal.anu.edu.au" />
+	<target host="eah.anu.edu.au" />
+	<target host="earlytraumagrief.anu.edu.au" />
+	<target host="ecouch.anu.edu.au" />
+	<target host="eeme.anu.edu.au" />
+	<target host="eforms.anu.edu.au" />
+	<target host="eformscd.anu.edu.au" />
+	<target host="eformsci.anu.edu.au" />
+	<target host="emhprac.anu.edu.au" />
+	<target host="energy.anu.edu.au" />
+	<target host="eng.anu.edu.au" />
+	<target host="eportfolio.anu.edu.au" />
+	<target host="eportfolio-cldev.anu.edu.au" />
+	<target host="eportfolio-stage.anu.edu.au" />
+	<target host="eportfolio-test.anu.edu.au" />
+	<target host="eportfolio-test-1810.anu.edu.au" />
+	<target host="eportfolio-test-1904.anu.edu.au" />
+	<target host="epress.anu.edu.au" />
+	<target host="era.anu.edu.au" />
+	<target host="era-test.anu.edu.au" />
+	<target host="erms.anu.edu.au" />
+	<target host="esincludes.anu.edu.au" />
+	<target host="espfin.anu.edu.au" />
+	<target host="esweb.anu.edu.au" />
+	<target host="evaluations.anu.edu.au" />
+	<target host="dev.evaluations.anu.edu.au" />
+	<target host="events.anu.edu.au" />
+	<target host="eview.anu.edu.au" />
+	<target host="exams.anu.edu.au" />
+	<target host="exams-dev.anu.edu.au" />
+	<target host="experts.anu.edu.au" />
+	<target host="extension.anu.edu.au" />
+	<target host="facilities.anu.edu.au" />
+	<target host="fenner-school.anu.edu.au" />
+	<target host="fennerhall.anu.edu.au" />
+	<target host="fennerschool.anu.edu.au" />
+	<target host="fennerschool-associated.anu.edu.au" />
+	<target host="fennerschool-internal.anu.edu.au" />
+	<target host="fennerschool-people.anu.edu.au" />
+	<target host="fennerschool-research.anu.edu.au" />
+	<target host="fennerweb.anu.edu.au" />
+	<target host="find.anu.edu.au" />
+	<target host="foi.anu.edu.au" />
+	<target host="freilich.anu.edu.au" />
+	<target host="gambling.anu.edu.au" />
+	<target host="gitlab.anu.edu.au" />
+	<target host="givingonline.anu.edu.au" />
+	<target host="gnosia.anu.edu.au" />
+	<target host="gpportal.anu.edu.au" />
+	<target host="grandchallenges.anu.edu.au" />
+	<target host="graphc.anu.edu.au" />
+	<target host="graphc-atlas.anu.edu.au" />
+	<target host="graphc-dev.anu.edu.au" />
+	<target host="graphc-gis.anu.edu.au" />
+	<target host="graphc-portal1.anu.edu.au" />
+	<target host="graphc-portal2.anu.edu.au" />
+	<target host="graphcls.anu.edu.au" />
+	<target host="graphcred.anu.edu.au" />
+	<target host="graphcwiki.anu.edu.au" />
+	<target host="greenict.anu.edu.au" />
+	<target host="griffinhall.anu.edu.au" />
+	<target host="health.anu.edu.au" />
+	<target host="history.anu.edu.au" />
+	<target host="hmi.anu.edu.au" />
+	<target host="www.hmi.anu.edu.au" />
+	<target host="horus.anu.edu.au" />
+	<target host="selfservice.horus.anu.edu.au" />
+	<target host="housingonline.anu.edu.au" />
+	<target host="hr.anu.edu.au" />
+	<target host="hrc.anu.edu.au" />
+	<target host="humanities.anu.edu.au" />
+	<target host="i2s.anu.edu.au" />
+	<target host="www.i2s.anu.edu.au" />
+	<target host="icam.anu.edu.au" />
+	<target host="icfbookings-jcsmr.anu.edu.au" />
+	<target host="icprintadmin.anu.edu.au" />
+	<target host="identity.anu.edu.au" />
+	<target host="idp-dev.anu.edu.au" />
+	<target host="idp2.anu.edu.au" />
+	<target host="idtc-ci01.anu.edu.au" />
+	<target host="idtc-d01.anu.edu.au" />
+	<target host="idtc-p01.anu.edu.au" />
+	<target host="iguide.anu.edu.au" />
+	<target host="ihig.anu.edu.au" />
+	<target host="ilp.anu.edu.au" />
+	<target host="imagebank.anu.edu.au" />
+	<target host="indigenous.anu.edu.au" />
+	<target host="info.anu.edu.au" />
+	<target host="information.anu.edu.au" />
+	<target host="innovation.anu.edu.au" />
+	<target host="inspace.anu.edu.au" />
+	<target host="ippa.anu.edu.au" />
+	<target host="isis.anu.edu.au" />
+	<target host="itservicedesk.anu.edu.au" />
+	<target host="itservices.anu.edu.au" />
+	<target host="jagws02.anu.edu.au" />
+	<target host="jcmrf.anu.edu.au" />
+	<target host="jcsmr.anu.edu.au" />
+	<target host="jikesrvm.anu.edu.au" />
+	<target host="johnxxiii.anu.edu.au" />
+	<target host="kambri.anu.edu.au" />
+	<target host="kioloa.anu.edu.au" />
+	<target host="kioloa-vfa.anu.edu.au" />
+	<target host="languages.anu.edu.au" />
+	<target host="law.anu.edu.au" />
+	<target host="www.law.anu.edu.au" />
+	<target host="flr.law.anu.edu.au" />
+	<target host="lawschool.anu.edu.au" />
+	<target host="lcms.anu.edu.au" />
+	<target host="lcms-test.anu.edu.au" />
+	<target host="learn.anu.edu.au" />
+	<target host="legalpractice.anu.edu.au" />
+	<target host="libguides.anu.edu.au" />
+	<target host="library.anu.edu.au" />
+	<target host="library-admin.anu.edu.au" />
+	<target host="lifecourse.anu.edu.au" />
+	<target host="linkr.anu.edu.au" />
+	<target host="linux.anu.edu.au" />
+	<target host="livingknowledge.anu.edu.au" />
+	<target host="llewellynhall.anu.edu.au" />
+	<target host="makerspace.anu.edu.au" />
+	<target host="marketing.anu.edu.au" />
+	<target host="maths.anu.edu.au" />
+	<target host="maths-intranet.anu.edu.au" />
+	<target host="matlab.anu.edu.au" />
+	<target host="mattermost.anu.edu.au" />
+	<target host="medicalschool.anu.edu.au" />
+	<target host="microscopy.anu.edu.au" />
+	<target host="mimo.anu.edu.au" />
+	<target host="moodgym.anu.edu.au" />
+	<target host="www.moodgym.anu.edu.au" />
+	<target host="music.anu.edu.au" />
+	<target host="myfiles.anu.edu.au" />
+	<target host="naru.anu.edu.au" />
+	<target host="ncb.anu.edu.au" />
+	<target host="nceph.anu.edu.au" />
+	<target host="ncig.anu.edu.au" />
+	<target host="ncis.anu.edu.au" />
+	<target host="nectar.anu.edu.au" />
+	<target host="neuroscience.anu.edu.au" />
+	<target host="news.anu.edu.au" />
+	<target host="nimhr.anu.edu.au" />
+	<target host="www.nimhr.anu.edu.au" />
+	<target host="online.anu.edu.au" />
+	<target host="openresearch.anu.edu.au" />
+	<target host="openresearch-repository.anu.edu.au" />
+	<target host="orientation.anu.edu.au" />
+	<target host="ovumkc.anu.edu.au" />
+	<target host="oxfordaustraliascholarships.anu.edu.au" />
+	<target host="parsa.anu.edu.au" />
+	<target host="persianlanguage.anu.edu.au" />
+	<target host="philanthropy.anu.edu.au" />
+	<target host="philosophy.anu.edu.au" />
+	<target host="photonics.anu.edu.au" />
+	<target host="physics.anu.edu.au" />
+	<target host="www.physics.anu.edu.au" />
+	<target host="git.physics.anu.edu.au" />
+	<target host="people.physics.anu.edu.au" />
+	<target host="plexus.anu.edu.au" />
+	<target host="policies.anu.edu.au" />
+	<target host="politics.anu.edu.au" />
+	<target host="polsir-prod.anu.edu.au" />
+	<target host="pop-up.anu.edu.au" />
+	<target host="preference.anu.edu.au" />
+	<target host="press.anu.edu.au" />
+	<target host="programsandcourses.anu.edu.au" />
+	<target host="admin.programsandcourses.anu.edu.au" />
+	<target host="admin.programsandcourses-test.anu.edu.au" />
+	<target host="projects.anu.edu.au" />
+	<target host="psychology.anu.edu.au" />
+	<target host="publicpolicy.anu.edu.au" />
+	<target host="qrng.anu.edu.au" />
+	<target host="rcc.anu.edu.au" />
+	<target host="conference.rcc.anu.edu.au" />
+	<target host="devconference.rcc.anu.edu.au" />
+	<target host="devportal.rcc.anu.edu.au" />
+	<target host="devsrweb.rcc.anu.edu.au" />
+	<target host="portal.rcc.anu.edu.au" />
+	<target host="srweb.rcc.anu.edu.au" />
+	<target host="recharge.anu.edu.au" />
+	<target host="reporter.anu.edu.au" />
+	<target host="research.anu.edu.au" />
+	<target host="researchers.anu.edu.au" />
+	<target host="researchstudents.anu.edu.au" />
+	<target host="www.rsa.anu.edu.au" />
+	<target host="rsaa.anu.edu.au" />
+	<target host="www.rsaa.anu.edu.au" />
+	<target host="www.rsabis.anu.edu.au" />
+	<target host="rsbbox.anu.edu.au" />
+	<target host="rsc.anu.edu.au" />
+	<target host="rse.anu.edu.au" />
+	<target host="www.rse.anu.edu.au" />
+	<target host="rsfas.anu.edu.au" />
+	<target host="www.rsfas.anu.edu.au" />
+	<target host="rsha.anu.edu.au" />
+	<target host="www.rsm.anu.edu.au" />
+	<target host="rspepeople.anu.edu.au" />
+	<target host="rsph.anu.edu.au" />
+	<target host="rss.anu.edu.au" />
+	<target host="rsss.anu.edu.au" />
+	<target host="samba.anu.edu.au" />
+	<target host="sari.anu.edu.au" />
+	<target host="sca-lws02.anu.edu.au" />
+	<target host="scapa.anu.edu.au" />
+	<target host="scholarships.anu.edu.au" />
+	<target host="scholarships-test.anu.edu.au" />
+	<target host="scholarskeep.anu.edu.au" />
+	<target host="science.anu.edu.au" />
+	<target host="scienceinternships.anu.edu.au" />
+	<target host="scienceprod1.anu.edu.au" />
+	<target host="scienceprod2.anu.edu.au" />
+	<target host="scinews.anu.edu.au" />
+	<target host="scu.anu.edu.au" />
+	<target host="scu-dev.anu.edu.au" />
+	<target host="search.anu.edu.au" />
+	<target host="secondarycollege.anu.edu.au" />
+	<target host="servicedesk.anu.edu.au" />
+	<target host="services.anu.edu.au" />
+	<target host="shop.anu.edu.au" />
+	<target host="sig.anu.edu.au" />
+	<target host="slc.anu.edu.au" />
+	<target host="slll.anu.edu.au" />
+	<target host="soa.anu.edu.au" />
+	<target host="soa-dev.anu.edu.au" />
+	<target host="sociology.anu.edu.au" />
+	<target host="solinvictus.anu.edu.au" />
+	<target host="specicount.anu.edu.au" />
+	<target host="sres.anu.edu.au" />
+	<target host="srr.anu.edu.au" />
+	<target host="srwfoundation.anu.edu.au" />
+	<target host="staff-iguide.anu.edu.au" />
+	<target host="stg-06.anu.edu.au" />
+	<target host="stlc.anu.edu.au" />
+	<target host="sts.anu.edu.au" />
+	<target host="student.anu.edu.au" />
+	<target host="studentjournals.anu.edu.au" />
+	<target host="students.anu.edu.au" />
+	<target host="students-prod.anu.edu.au" />
+	<target host="studyat.anu.edu.au" />
+	<target host="tch.anu.edu.au" />
+	<target host="tgn.anu.edu.au" />
+	<target host="www.tgn.anu.edu.au" />
+	<target host="timetable.anu.edu.au" />
+	<target host="toadhall.anu.edu.au" />
+	<target host="toast.anu.edu.au" />
+	<target host="training.anu.edu.au" />
+	<target host="transport.anu.edu.au" />
+	<target host="tto.anu.edu.au" />
+	<target host="tuckwell.anu.edu.au" />
+	<target host="tulgey.anu.edu.au" />
+	<target host="autodiscover.uds.anu.edu.au" />
+	<target host="mail.uds.anu.edu.au" />
+	<target host="udsexamweb01.uds.anu.edu.au" />
+	<target host="udspbgw101.uds.anu.edu.au" />
+	<target host="udsadfs.anu.edu.au" />
+	<target host="unistats.anu.edu.au" />
+	<target host="unistats-dev.anu.edu.au" />
+	<target host="ursula.anu.edu.au" />
+	<target host="vc-courses.anu.edu.au" />
+	<target host="vcdesk.anu.edu.au" />
+	<target host="virtual.anu.edu.au" />
+	<target host="virtual-dev1.anu.edu.au" />
+	<target host="virtualopenday.anu.edu.au" />
+	<target host="voteparsa.anu.edu.au" />
+	<target host="wattle.anu.edu.au" />
+	<target host="wattlecourses.anu.edu.au" />
+	<target host="webmango.anu.edu.au" />
+	<target host="webmango-staging.anu.edu.au" />
+	<target host="wiltshire.anu.edu.au" />
+	<target host="wirelessprinting.anu.edu.au" />
+	<target host="www-acep.anu.edu.au" />
+	<target host="www-dev1.anu.edu.au" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ANXBTC.com.xml b/src/chrome/content/rules/ANXBTC.com.xml
new file mode 100644
index 000000000000..379607bbbb6a
--- /dev/null
+++ b/src/chrome/content/rules/ANXBTC.com.xml
@@ -0,0 +1,16 @@
+<ruleset name="ANXBTC.com">
+
+	<target host="anxbtc.com" />
+	<target host="www.anxbtc.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?anxbtc\.com$" name="^(org\.springframework\.web\.servlet\.i18n\.CookieLocaleResolver\.LOCALE|settlementCcy|tradedCcy)$" /-->
+
+	<securecookie host="^(?:\.|www\.)?anxbtc\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ANZ.co.nz.xml b/src/chrome/content/rules/ANZ.co.nz.xml
new file mode 100644
index 000000000000..0a3e376e9563
--- /dev/null
+++ b/src/chrome/content/rules/ANZ.co.nz.xml
@@ -0,0 +1,142 @@
+<!--
+
+	For other ANZ coverage, see ANZ.com.xml
+
+
+	Non-functional subdomains:
+
+		- 3dsecure	(t)
+		- design.apps	(e)
+		- b2b	(t)
+		- b2b-a	(t)
+		- businessoutlook	(t)
+		- chat	(e)
+		- collect	(i)
+		- collect-oat	(i)
+		- comms		(r)
+		- customer	(i)
+		- digitaloatb	(m)
+		- digitaloatc	(m)
+		- digitaloatd	(m)
+		- digitalsit1	(r)
+		- ematching1	(t)
+		- ematching2	(t)
+		- fastpay-oat	(t)
+		- game	(t)
+		- game-oat	(t)
+		- gomoneymobile	(t)
+		- trn.insurance	(t)
+		- uat.insurance	(t)
+		- ks	(t)
+		- ks-a	(t)
+		- ks-b	(t)
+		- m	(t)
+		- moretooffer	(i)
+		- my	(r)
+		- myphotocard	(t)
+		- www.nonprod-staging-www	(r)
+		- ns1	(t)
+		- ns2	(t)
+		- onlinestore-oat	(t)
+		- onlinestore-oat2	(m)
+		- onlinestoreoat	(m)
+		- privatebank	(m)
+		- accountant.requestfinancials	(i)
+		- oat.accountant.requestfinancials	(i)
+		- sit.accountant.requestfinancials	(i)
+		- banker.requestfinancials	(i)
+		- oat.banker.requestfinancials	(i)
+		- sit.banker.requestfinancials	(i)
+		- customer.requestfinancials	(i)
+		- oat.customer.requestfinancials	(i)
+		- sit.customer.requestfinancials	(i)
+		- lending-api.requestfinancials	(i)
+		- oat.login.requestfinancials	(i)
+		- sit.intuit-qbo-api-v3.requestfinancials	(i)
+		- oat.lending-api.requestfinancials	(i)
+		- sit.lending-api.requestfinancials	(i)
+		- login.requestfinancials	(i)
+		- sit.login.requestfinancials	(i)
+		- sit.myob-accountright-live-v2.requestfinancials	(i)
+		- sit.xero-xro-api-v2.requestfinancials	(i)
+		- salesadmin	(r)
+		- secureoatc	(m)
+		- secureoatd	(r)
+		- securesit1	(SSL error)
+		- tools-oat		(t)
+		- tools-oat2	(m)
+		- toolsuat	(r)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+
+-->
+<ruleset name="ANZ.co.nz">
+
+	<target host="anz.co.nz" />
+	<target host="www.anz.co.nz" />
+	<target host="akxmpl3-www.anz.co.nz" />
+	<target host="anzstafffoundation.anz.co.nz" />
+	<target host="admin.anzstafffoundation.anz.co.nz" />
+	<target host="apps.anz.co.nz" />
+	<target host="bizhub.anz.co.nz" />
+	<target host="bizhubuat.anz.co.nz" />
+	<target host="businessbanker.anz.co.nz" />
+	<target host="www.businessbanker.anz.co.nz" />
+	<target host="admin.businessbanker.anz.co.nz" />
+	<target host="www.admin.businessbanker.anz.co.nz" />
+	<target host="m.businessbanker.anz.co.nz" />
+	<target host="digital.anz.co.nz" />
+	<target host="digitalmediaapi.anz.co.nz" />
+	<target host="digitaloat.anz.co.nz" />
+	<target host="fastpay.anz.co.nz" />
+	<target host="fund.anz.co.nz" />
+	<target host="futurewise.anz.co.nz" />
+	<target host="futurewiseuat.anz.co.nz" />
+	<target host="help.anz.co.nz" />
+	<target host="insurance.anz.co.nz" />
+	<target host="www.internalpilot.anz.co.nz" />
+	<target host="investments.anz.co.nz" />
+	<target host="www.investments.anz.co.nz" />
+	<target host="merchandise.anz.co.nz" />
+	<target host="mmm.anz.co.nz" />
+	<target host="mmmoat.anz.co.nz" />
+	<target host="myfuture.anz.co.nz" />
+	<target host="myfuture-oat.anz.co.nz" />
+	<target host="www.nonprod-dev1-www.anz.co.nz" />
+	<target host="www.nonprod-dev2-www.anz.co.nz" />
+	<target host="www.nonprod-sandpit-www.anz.co.nz" />
+	<target host="www.nonprod-test1-www.anz.co.nz" />
+	<target host="www.nonprod-test2-www.anz.co.nz" />
+	<target host="www.nonprod-test3-www.anz.co.nz" />
+	<target host="www.nonprod-test4-www.anz.co.nz" />
+	<target host="www.nonprod-training-www.anz.co.nz" />
+	<target host="www.nonprod-www.anz.co.nz" />
+	<target host="oatapps.anz.co.nz" />
+	<target host="onlinestore.anz.co.nz" />
+	<target host="www.privatebank.anz.co.nz" />
+	<target host="propertyunlocked.anz.co.nz" />
+	<target host="propertyunlockeduat.anz.co.nz" />
+	<target host="rural-manager.anz.co.nz" />
+	<target host="rural-manageruat.anz.co.nz" />
+	<target host="search.anz.co.nz" />
+	<target host="secure.anz.co.nz" />
+	<target host="secureoat.anz.co.nz" />
+	<target host="secureoatb.anz.co.nz" />
+	<target host="staging-www.anz.co.nz" />
+	<target host="www.staging-www.anz.co.nz" />
+	<target host="tools.anz.co.nz" />
+	<target host="yoursay.anz.co.nz" />
+	<target host="www.yoursay.anz.co.nz" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ANZ.com.au.xml b/src/chrome/content/rules/ANZ.com.au.xml
new file mode 100644
index 000000000000..8a9742b66fa1
--- /dev/null
+++ b/src/chrome/content/rules/ANZ.com.au.xml
@@ -0,0 +1,47 @@
+<!--
+	For other ANZ coverage, see ANZ.com.xml
+
+
+	Non-functional subdomains:
+
+		- appointments	(m)
+		- www.borrowingpower	(r)
+		- buyready	(r)
+		- www.cxdesign	(s)
+		- invest	(t)
+		- www.nonprod-staging-www	(HTTP 503 error)
+		- unsubscribe	(t)
+		- www.unsubscribe	(r)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="ANZ.com.au">
+
+	<target host="anz.com.au" />
+	<target host="www.anz.com.au" />
+	<target host="www.internalpilot.anz.com.au" />
+	<target host="www.nonprod-dev1-www.anz.com.au" />
+	<target host="www.nonprod-dev2-www.anz.com.au" />
+	<target host="www.nonprod-sandpit-www.anz.com.au" />
+	<target host="www.nonprod-test1-www.anz.com.au" />
+	<target host="www.nonprod-test2-www.anz.com.au" />
+	<target host="www.nonprod-test3-www.anz.com.au" />
+	<target host="www.nonprod-test4-www.anz.com.au" />
+	<target host="www.nonprod-training-www.anz.com.au" />
+	<target host="www.nonprod-www.anz.com.au" />
+	<target host="propertyprofilereport.anz.com.au" />
+	<target host="www.propertyprofilereport.anz.com.au" />
+	<target host="staging-www.anz.com.au" />
+	<target host="www.staging-www.anz.com.au" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/ANZ.com.xml b/src/chrome/content/rules/ANZ.com.xml
new file mode 100644
index 000000000000..ad4891717d8f
--- /dev/null
+++ b/src/chrome/content/rules/ANZ.com.xml
@@ -0,0 +1,402 @@
+<!--
+
+	Other related rulesets:
+		- ANZ.com.au.xml
+		- ANZ.co.nz.xml
+
+
+	Non-functional subdomains:
+
+		- accessedge	(r)
+		- affamexaccept	(t)
+		- www.affamexaccept	(t)
+		- anzinvestorinsights	(s)
+		- www.anzinvestorinsights	(s)
+		- l1.ocsp.anzpki	(t)
+		- d1.l1.ocsp.anzpki	(r)
+		- d2.l1.ocsp.anzpki	(r)
+		- qa.l1.ocsp.anzpki	(t)
+		- root.ocsp.anzpki	(t)
+		- d1.root.ocsp.anzpki	(r)
+		- d2.root.ocsp.anzpki	(r)
+		- qa.root.ocsp.anzpki	(t)
+		- www.anzprimehub	(t)
+		- anzsmartchoicesuperupdates	(m)
+		- www.anztransactive	(m)
+		- www.anzwealthinsights	(r)
+		- www.apexinsights	(r)
+		- api1	(t)
+		- api2	(t)
+		- apib	(t)
+		- apib2	(t)
+		- apibstage1	(t)
+		- apibstage2	(t)
+		- applepay	(m)
+		- apply1	(i)
+		- apply2	(i)
+		- applyonline	(s)
+		- appnz001aklp002	(r)
+		- apps	(e)
+		- av	(r)
+		- banking2poc	(e)
+		- banking3		(i)
+		- banking4		(i)
+		- betradeready	(m)
+		- www.betterinternetbanking	(t)
+		- betterways	(r)
+		- www.betterways	(r)
+		- ftp1.bluenotes	(t)
+		- ftp2.bluenotes	(t)
+		- ftp3.bluenotes	(t)
+		- www.borrowingpower	(r)
+		- brochures	(s)
+		- www.brochures	(s)
+		- business	(r)
+		- www.business	(r)
+		- m.businessadvice	(e)
+		- www.businessloans	(r)
+		- www.businessone	(t)
+		- businessready	(r)
+		- buyready	(r)
+		- www.buyready	(r)
+		- camapi	(t)
+		- campaign	(r)
+		- campaigns	(r)
+		- www.capitalnotes	(t)
+		- www.capitalnotes2	(r)
+		- capitalnotes3	(r)
+		- capitalnotes4	(r)
+		- capitalnotes5	(r)
+		- cardsecurity	(r)
+		- cardsinvite	(r)
+		- www.cardsinvite	(r)
+		- www.carloans	(r)
+		- control.cashactive	(t)
+		- virtual.cashactive	(r)
+		- changemycard	(t)
+		- www.changemycard	(t)
+		- www.coldplaycompetition	(t)
+		- commcardsupport	(t)
+		- www.commercialbrokerhub	(s)
+		- www.commercialbrokerhubtest	(s)
+		- connectivity	(r)
+		- corporatepartner	(t)
+		- www.corporatepartner	(t)
+		- debtinvestors	(r)
+		- www.debtinvestors	(r)
+		- depositcode	(t)
+		- www.depositcode	(t)
+		- discover	(t)
+		- www.discover	(t)
+		- documents	(t)
+		- www.dti	(t)
+		- ecardmessages	(t)
+		- www.ecardmessages	(t)
+		- communication.ecomm	(m)
+		- links.ecomm	(m)
+		- ecomms	(m)
+		- ecommunication	(m)
+		- ematching1	(t)
+		- ematching2	(t)
+		- encryptedwebmail	(r)
+		- nonprod-mail.nonprod-qa.enotify	(t)
+		- nonprod-web.nonprod-qa.enotify	(s)
+		- www.nonprod-web.nonprod-qa.enotify	(s)
+		- nonprod-mail.nonprod-sit1.enotify	(t)
+		- nonprod-web.nonprod-sit1.enotify	(r)
+		- www.nonprod-web.nonprod-sit1.enotify	(r)
+		- expertise	(r)
+		- extmailinboundedge	(t)
+		- www.fastpaydev	(m)
+		- dev.fastpayportal		(m)
+		- demo1.fxonline	(t)
+		- demo2.fxonline	(HTTP 403 error)
+		- fxonline1	(s)
+		- fxonline2	(s)
+		- girebatescalculator	(t)
+		- www.girebatescalculator	(t)
+		- globalwealthpresentation	(t)
+		- www.globalwealthpresentation	(t)
+		- www.gomoney	(r)
+		- www.growapp	(t)
+		- growcentre	(t)
+		- www.growcentre	(t)
+		- hkib	(t)
+		- homeloanequity	(m)
+		- ib4bdemo	(t)
+		- www.ib4bdemo	(t)
+		- id	(r)
+		- www.indepth	(r)
+		- indigenousculturalawareness	(r)
+		- info	(m)
+		- www.institutional	(m)
+		- institutionaldigital	(t)
+		- www.institutionaldigital	(t)
+		- insurance-declaration	(t)
+		- www.insurance-declaration	(t)
+		- www.integrity	(t)
+		- investments1	(e)
+		- investments1	(e)
+		- investments2	(e)
+		- investments2	(e)
+		- inwardproxywealthb2b	(t)
+		- live	(m)
+		- www.live	(m)
+		- www.locate	(m)
+		- lowrateplatinumupgrade	(t)
+		- www.lowrateplatinumupgrade	(t)
+		- lyncdiscover	(m)
+		- marketrankings	(r)
+		- marketrates	(r)
+		- seg.mdm		(SSL connection error)
+		- magr.mdmqa	(s)
+		- awcm.mdmqa2	(t)
+		- pav.mdmqa2	(r)
+		- seg.mdmqa2	(t)
+		- www.media	(m)
+		- meet		(t)
+		- www.moneytransfer	(r)
+		- movingtoaustralia	(r)
+		- myplan	(t)
+		- www.myplan	(t)
+		- mywork	(t)
+		- securebvfrm.next	(m)
+		- securebvhwt.next	(m)
+		- nonprod-inwardproxywealthb2bsit	(t)
+		- nonprod-inwardunauthb2bqa	(t)
+		- www.nz	(m)
+		- www.online	(r)
+		- lifeclaims.online		(e)
+		- corporateportal1.online	(r)
+		- corporateportal2.online	(r)
+		- ematchingau1.online	(s)
+		- ematchingau2.online	(s)
+		- ematchingnbnz1.online	(t)
+		- ematchingnbnz2.online	(t)
+		- ematchingnz.online	(t)
+		- ematchingnz1.online	(s)
+		- ematchingnz2.online	(s)
+		- www.fileactive.online	(m)
+		- lqmtransactive.online		(SSL connection error)
+		- transact.online	(e)
+		- tsc.online	(t)
+		- tscid.online	(t)
+		- online-declaration-asa	(t)
+		- www.online-declaration-asa	(t)
+		- online-declaration-integra	(t)
+		- www.online-declaration-integra	(t)
+		- openbanking	(t)
+		- www.openbanking	(t)
+		- payments	(t)
+		- d1.pkimgmt	(r)
+		- d2.pkimgmt	(r)
+		- qa.pkimgmt	(t)
+		- primehub	(t)
+		- www.primehub	(t)
+		- priorityinsights	(t)
+		- www.priorityinsights	(t)
+		- (www.)private		(SSL error)
+		- aemauthor1.aws.privdmz	(r)
+		- promo	(r)
+		- propertytracker	(m)
+		- www.propertytracker	(m)
+		- www.rallyforgood	(r)
+		- retirementready	(t)
+		- www.retirementready	(t)
+		- rewardsamexaccept	(t)
+		- www.rewardsamexaccept	(t)
+		- secure	(s)
+		- msl.secure1	(t)
+		- msl.secure2	(t)
+		- sellready	(m)
+		- www.sellready	(m)
+		- stage.sellready	(r)
+		- services1	(e)
+		- sg	(e)
+		- sgib	(t)
+		- www.shareholder	(m)
+		- taxtools.shareinvesting	(i)
+		- smallbusiness	(r)
+		- www.social	(e)
+		- spendinsights		(r)
+		- sponsorship	(t)
+		- www.sponsorship	(m)
+		- supercalculator	(t)
+		- www.supercalculator	(t)
+		- sustainability	(r)
+		- taxii	(t)
+		- tell-us	(e)
+		- content.theedge	(m)
+		- transactive	(m)
+		- www.transactive	(m)
+		- www.transtasman.transactive	(m)
+		- www.transactivetrade	(r)
+		- travelcard	(r)
+		- tw	(m)
+		- twcardsonline	(t)
+		- twmail1	(r)
+		- updatemydetails	(t)
+		- www.updatemydetails	(t)
+		- video	(r)
+		- vis	(e)
+		- wac01		(t)
+		- warrants	(t)
+		- auth.wealth	(t)
+		- www.test1.wealth	(t)
+		- www.test2.wealth	(t)
+		- wealthemployee	(t)
+		- www.wealthemployee	(t)
+		- wealthhealthcheck	(t)
+		- www.wealthhealthcheck	(t)
+		- webconf	(r)
+		- webext01	(t)
+		- webext02	(t)
+		- webscheduler	(t)
+		- www.women	(r)
+		- www.yourgift	(r)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+
+-->
+<ruleset name="Australia and New Zealand Banking">
+
+	<target host="anz.com" />
+	<target host="www.anz.com" />
+	<target host="ebanking.americansamoa.anz.com" />
+	<target host="anzappinsights.anz.com" />
+	<target host="www.anzappinsights.anz.com" />
+	<target host="anzprimehub.anz.com" />
+	<target host="apib1.anz.com" />
+	<target host="appnz001aklp003.anz.com" />
+	<target host="appnz002aklp002.anz.com" />
+	<target host="appnz002aklp003.anz.com" />
+	<target host="bladepay.anz.com" />
+	<target host="bluenotes.anz.com" />
+	<target host="www.bluenotes.anz.com" />
+	<target host="www.businessadvice.anz.com" />
+	<target host="businessrewards.anz.com" />
+	<target host="www.businessrewards.anz.com" />
+	<target host="www.cashactive.anz.com" />
+	<target host="fusionmatch.cashactive.anz.com" />
+	<target host="celebratewomeninit.anz.com" />
+	<target host="config.anz.com" />
+	<target host="coveredonline.anz.com" />
+	<target host="www.coveredonline.anz.com" />
+	<target host="ctmdx.anz.com" />
+	<target host="currency.anz.com" />
+	<target host="exclusives.anz.com" />
+	<target host="www.exclusives.anz.com" />
+	<target host="www.expensemanager.anz.com" />
+	<target host="fastpay.anz.com" />
+	<target host="www.fastpay.anz.com" />
+	<target host="dev.fastpay.anz.com" />
+	<target host="fastpaydev.anz.com" />
+	<target host="fastpayportal.anz.com" />
+	<target host="www.fileactive.anz.com" />
+	<target host="forms.anz.com" />
+	<target host="gamesavematch.anz.com" />
+	<target host="www.gamesavematch.anz.com" />
+	<target host="globalinsights.anz.com" />
+	<target host="www.globalinsights.anz.com" />
+	<target host="secure.grow.anz.com" />
+	<target host="growinsights.anz.com" />
+	<target host="www.growinsights.anz.com" />
+	<target host="growmore.anz.com" />
+	<target host="www.growmore.anz.com" />
+	<target host="ebanking.guam.anz.com" />
+	<target host="health.anz.com" />
+	<target host="www.health.anz.com" />
+	<target host="homeloanapply.anz.com" />
+	<target host="infos.anz.com" />
+	<target host="institutional.anz.com" />
+	<target host="onepath.investorinsights.anz.com" />
+	<target host="www.onepath.investorinsights.anz.com" />
+	<target host="jmbl.anz.com" />
+	<target host="magr.mdm.anz.com" />
+	<target host="tunnelr.mdmqa2.anz.com" />
+	<target host="mfa-access.anz.com" />
+	<target host="mobilelending.anz.com" />
+	<target host="www.mobilelending.anz.com" />
+	<target host="mobilepayments.anz.com" />
+	<target host="www.mobilepayments.anz.com" />
+	<target host="mstcl3.anz.com" />
+	<target host="au.corp.mydesk.anz.com" />
+	<target host="nz.corp.mydesk.anz.com" />
+	<target host="sg.corp.mydesk.anz.com" />
+	<target host="mymeeting.anz.com" />
+	<target host="myportfolio.anz.com" />
+	<target host="myportfoliosim.anz.com" />
+	<target host="newperspectives.anz.com" />
+	<target host="www.newperspectives.anz.com" />
+	<target host="anztransactive.online.anz.com" />
+	<target host="anzweblink.online.anz.com" />
+	<target host="caasutila.online.anz.com" />
+	<target host="caasutilb.online.anz.com" />
+	<target host="cashactive.online.anz.com" />
+	<target host="cmnres7.online.anz.com" />
+	<target host="fileactive.online.anz.com" />
+	<target host="gcptransactive.online.anz.com" />
+	<target host="imgbg5.online.anz.com" />
+	<target host="logon.online.anz.com" />
+	<target host="markets.online.anz.com" />
+	<target host="olb.online.anz.com" />
+	<target host="pcm.online.anz.com" />
+	<target host="selfservice.online.anz.com" />
+	<target host="sfxanzweblink.online.anz.com" />
+	<target host="trade.online.anz.com" />
+	<target host="transactive.online.anz.com" />
+	<target host="transtasman.online.anz.com" />
+	<target host="transtasmanadmin.online.anz.com" />
+	<target host="transtasmaniphone.online.anz.com" />
+	<target host="transtasmaniphone2.online.anz.com" />
+	<target host="tscportal.online.anz.com" />
+	<target host="tscportalid.online.anz.com" />
+	<target host="onlineapps.anz.com" />
+	<target host="www.pcmapp.anz.com" />
+	<target host="propertyprofilereport.anz.com" />
+	<target host="www.propertyprofilereport.anz.com" />
+	<target host="recovery.anz.com" />
+	<target host="www.recovery.anz.com" />
+	<target host="selfmanagedsuper.anz.com" />
+	<target host="www.selfmanagedsuper.anz.com" />
+	<target host="sfe.anz.com" />
+	<target host="shareholder.anz.com" />
+	<target host="shareinvesting.anz.com" />
+	<target host="sstats.shareinvesting.anz.com" />
+	<target host="smartchoice.anz.com" />
+	<target host="superinsights.anz.com" />
+	<target host="www.superinsights.anz.com" />
+	<target host="admin.superregional.anz.com" />
+	<target host="asaemployer.superrenovation.anz.com" />
+	<target host="www.asaemployer.superrenovation.anz.com" />
+	<target host="asamember.superrenovation.anz.com" />
+	<target host="www.asamember.superrenovation.anz.com" />
+	<target host="tennisgrants.anz.com" />
+	<target host="www.tennisgrants.anz.com" />
+	<target host="www.theedge.anz.com" />
+	<target host="twib.anz.com" />
+	<target host="verify.anz.com" />
+	<target host="waf1x.anz.com" />
+	<target host="wealth.anz.com" />
+	<target host="www.wealth.anz.com" />
+	<target host="webauthecc.anz.com" />
+		<test url="http://webauthecc.anz.com/OracleHTTPServer12c_files/footer.gif" />
+	<target host="wrap.anz.com" />
+	<target host="apply.wrap.anz.com" />
+	<target host="yourgift.anz.com" />
+	<target host="yoursay.anz.com" />
+	<target host="yourworld.anz.com" />
+	<target host="www.yourworld.anz.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ANZ.xml b/src/chrome/content/rules/ANZ.xml
deleted file mode 100644
index d97a92a361b2..000000000000
--- a/src/chrome/content/rules/ANZ.xml
+++ /dev/null
@@ -1,58 +0,0 @@
-<!--
-		- anz.com.102.112.2o7.net
-
-			- infos
-
-		- anz.demdex.net
-		- australianewzealandb.tt.omtrdc.net
-
-
-	Mixed content:
-
-		- Web bugs on www:
-
-			- from www.adadvisor.net via adadvisor.net *
-			- from ak1.abmr.net via pixel.mathtag.com *
-			- from tag.admeld.com **
-			- from pixel.mathtag.com via ak1.abmr.net *
-			- from pixel.mathtag.com via p.acxiom-online.com *
-
-			- via fls.doubleclick.net, from:
-
-				- p.acxiom-online.com *
-				- su.addthis.com *
-				- tracking.adjug.com *
-				- dis.criteo.com *
-				- y.one.impact-ad.jp *
-				- pixel.mathtag.com *
-				- e.nexac.com  *
-				- u.optorb.com *
-				- idsync.rlcdn.com *
-				- cs.specificclick.net *
-				- ad.yieldmanager.com *
-				- sync.zenoviaexchange.com **
-
-	* Secured by us
-	** Unsecurable
-
-
-	We don't care whether web bugs work, thus
-	don't mark this rulesets as mixedcontent.
-
--->
-<ruleset name="ANZ">
-
-	<target host="anz.com" />
-	<target host="*.anz.com" />
-
-
-	<securecookie host=".*\.anz\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?anz\.com/"
-		to="https://www.anz.com/" />
-
-	<rule from="^http://infos\.anz\.com/"
-		to="https://infos.anz.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/AOE.com.xml b/src/chrome/content/rules/AOE.com.xml
new file mode 100644
index 000000000000..06ff40fa07da
--- /dev/null
+++ b/src/chrome/content/rules/AOE.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="AOE.com (partial)">
+
+	<target host="aoe.com" />
+	<target host="www.aoe.com" />
+	<target host="cdn1.aoe.com" />
+	<target host="cdn2.aoe.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AOK.de.xml b/src/chrome/content/rules/AOK.de.xml
index 69bc9a647795..dea5416056ec 100644
--- a/src/chrome/content/rules/AOK.de.xml
+++ b/src/chrome/content/rules/AOK.de.xml
@@ -1,5 +1,75 @@
-<ruleset name="AOK">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.familie.aok.de/ => https://familie.aok.de/: (6, 'Could not resolve host: familie.aok.de')
+Fetch error: http://familie.aok.de/ => https://familie.aok.de/: (6, 'Could not resolve host: familie.aok.de')
+Fetch error: http://www.familie.bw.aok.de/ => https://familie.bw.aok.de/: (7, 'Failed to connect to familie.bw.aok.de port 443: Connection refused')
+Fetch error: http://familie.bw.aok.de/ => https://familie.bw.aok.de/: (7, 'Failed to connect to familie.bw.aok.de port 443: Connection refused')
+Fetch error: http://www.familie.bayern.aok.de/ => https://familie.bayern.aok.de/: (7, 'Failed to connect to familie.bayern.aok.de port 443: Connection refused')
+Fetch error: http://familie.bayern.aok.de/ => https://familie.bayern.aok.de/: (7, 'Failed to connect to familie.bayern.aok.de port 443: Connection refused')
+Fetch error: http://www.familie.bremen.aok.de/ => https://familie.bremen.aok.de/: (7, 'Failed to connect to familie.bremen.aok.de port 443: Connection refused')
+Fetch error: http://familie.bremen.aok.de/ => https://familie.bremen.aok.de/: (7, 'Failed to connect to familie.bremen.aok.de port 443: Connection refused')
+Fetch error: http://www.familie.hessen.aok.de/ => https://familie.hessen.aok.de/: (7, 'Failed to connect to familie.hessen.aok.de port 443: Connection refused')
+Fetch error: http://familie.hessen.aok.de/ => https://familie.hessen.aok.de/: (7, 'Failed to connect to familie.hessen.aok.de port 443: Connection refused')
+Fetch error: http://www.familie.niedersachsen.aok.de/ => https://familie.niedersachsen.aok.de/: (7, 'Failed to connect to familie.niedersachsen.aok.de port 443: Connection refused')
+Fetch error: http://familie.niedersachsen.aok.de/ => https://familie.niedersachsen.aok.de/: (7, 'Failed to connect to familie.niedersachsen.aok.de port 443: Connection refused')
+Fetch error: http://www.familie.nordost.aok.de/ => https://familie.nordost.aok.de/: (7, 'Failed to connect to familie.nordost.aok.de port 443: Connection refused')
+Fetch error: http://familie.nordost.aok.de/ => https://familie.nordost.aok.de/: (7, 'Failed to connect to familie.nordost.aok.de port 443: Connection refused')
+Fetch error: http://www.familie.nordwest.aok.de/ => https://familie.nordwest.aok.de/: (7, 'Failed to connect to familie.nordwest.aok.de port 443: Connection refused')
+Fetch error: http://familie.nordwest.aok.de/ => https://familie.nordwest.aok.de/: (7, 'Failed to connect to familie.nordwest.aok.de port 443: Connection refused')
+Fetch error: http://www.familie.plus.aok.de/ => https://familie.plus.aok.de/: (7, 'Failed to connect to familie.plus.aok.de port 443: Connection refused')
+Fetch error: http://familie.plus.aok.de/ => https://familie.plus.aok.de/: (7, 'Failed to connect to familie.plus.aok.de port 443: Connection refused')
+Fetch error: http://www.familie.rh.aok.de/ => https://familie.rh.aok.de/: (7, 'Failed to connect to familie.rh.aok.de port 443: Connection refused')
+Fetch error: http://familie.rh.aok.de/ => https://familie.rh.aok.de/: (7, 'Failed to connect to familie.rh.aok.de port 443: Connection refused')
+Fetch error: http://www.familie.rps.aok.de/ => https://familie.rps.aok.de/: (7, 'Failed to connect to familie.rps.aok.de port 443: Connection refused')
+Fetch error: http://familie.rps.aok.de/ => https://familie.rps.aok.de/: (7, 'Failed to connect to familie.rps.aok.de port 443: Connection refused')
+Fetch error: http://www.familie.san.aok.de/ => https://familie.san.aok.de/: (7, 'Failed to connect to familie.san.aok.de port 443: Connection refused')
+Fetch error: http://familie.san.aok.de/ => https://familie.san.aok.de/: (7, 'Failed to connect to familie.san.aok.de port 443: Connection refused')
+
+-->
+<ruleset name="AOK.de" default_off="failed ruleset test">
 <target host="www.aok.de" />
 <target host="aok.de" />
-<rule from="^http://(?:www\.)?aok\.de/" to="https://www.aok.de/"/>
+<target host="www.familie.aok.de" />
+<target     host="familie.aok.de" />
+<target host="www.familie.bw.aok.de" />
+<target     host="familie.bw.aok.de" />
+<target host="www.familie.bayern.aok.de" />
+<target     host="familie.bayern.aok.de" />
+<target host="www.familie.bremen.aok.de" />
+<target     host="familie.bremen.aok.de" />
+<target host="www.familie.hessen.aok.de" />
+<target     host="familie.hessen.aok.de" />
+<target host="www.familie.niedersachsen.aok.de" />
+<target     host="familie.niedersachsen.aok.de" />
+<target host="www.familie.nordost.aok.de" />
+<target     host="familie.nordost.aok.de" />
+<target host="www.familie.nordwest.aok.de" />
+<target     host="familie.nordwest.aok.de" />
+<target host="www.familie.plus.aok.de" />
+<target     host="familie.plus.aok.de" />
+<target host="www.familie.rh.aok.de" />
+<target     host="familie.rh.aok.de" />
+<target host="www.familie.rps.aok.de" />
+<target     host="familie.rps.aok.de" />
+<target host="www.familie.san.aok.de" />
+<target     host="familie.san.aok.de" />
+<target host="www.aokplus-online.de" />
+<target     host="aokplus-online.de" />
+<target host="www.aok-gesundheitspartner.de" />
+<target     host="aok-gesundheitspartner.de" />
+<securecookie host="aok\.de$" name=".+" />
+<securecookie host="aokplus-online\.de$" name=".+" />
+<rule from="^http://aok\.de/"
+	to="https://www.aok.de/"/>
+<rule from="^http://www\.familie\.aok\.de/"
+	to="https://familie.aok.de/" />
+<rule from="^http://www\.familie\.(bw|bayern|bremen|hessen|niedersachsen|nordost|nordwest|plus|rh|rps|san)\.aok\.de/"
+	to="https://familie.$1.aok.de/" />
+<rule from="^http://aokplus-online\.de/"
+	to="https://www.aokplus-online.de/" />
+<rule from="^http://aok-gesundheitspartner\.de/"
+	to="https://www.aok-gesundheitspartner.de/" />
+<rule from="^http:"
+	to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/AOL-Advertising.xml b/src/chrome/content/rules/AOL-Advertising.xml
index 46eae9ad15b9..a0c12c0322ac 100644
--- a/src/chrome/content/rules/AOL-Advertising.xml
+++ b/src/chrome/content/rules/AOL-Advertising.xml
@@ -1,4 +1,11 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://tacoda.at.atwola.com/ => https://tacoda.at.atwola.com/: (7, 'Failed to connect to tacoda.at.atwola.com port 443: Connection refused')
+Fetch error: http://px.at.atwola.com/ => https://px.at.atwola.com/: (6, 'Could not resolve host: px.at.atwola.com')
+
+	AOL Advertising
+
 	For other AOL coverage, see AOL.xml.
 
 
@@ -6,34 +13,21 @@
 
 		- an.tacoda.net.edgesuite.net
 
-
-	Problematic domains:
-
-		- adsonar.com			(cert only matches www)
-		- js.adsonar.com		(akamai)
-
 -->
-<ruleset name="AOL Advertising">
-
-	<target host="adsonar.com" />
-	<target host="*.adsonar.com" />
-	<target host="*.atwola.com" />
-	<target host="anrtx.tacoda.net" />
-
+<ruleset name="Atwola.com" default_off="failed ruleset test">
 
-	<securecookie host="^\.atwola\.com$" name=".+" />
+	<target host="ar.atwola.com" />
+	<target host="tacoda.at.atwola.com" />
+	<target host="px.at.atwola.com" />
+	<target host="uk.at.atwola.com" />
 
+		<!--test url="http://px.at.atwola.com/px/aolus-hp/" /-->
 
-	<rule from="^http://(?:www\.)?adsonar\.com/"
-		to="https://www.adsonar.com/" />
 
-	<rule from="^http://(?:secure-)?js\.adsonar\.com/"
-		to="https://secure-js.adsonar.com/" />
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(ar|tacoda\.at)\.atwola\.com/"
-		to="https://$1.atwola.com/" />
 
-	<rule from="^http://anrtx\.tacoda\.net/"
-		to="https://anrtx.tacoda.net/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/AOL-mismatches.xml b/src/chrome/content/rules/AOL-mismatches.xml
index 955b2e6fefe1..02684029af22 100644
--- a/src/chrome/content/rules/AOL-mismatches.xml
+++ b/src/chrome/content/rules/AOL-mismatches.xml
@@ -1,75 +1,20 @@
 <!--
-	Other AOL rulesets:
-
-		- AOL.xml
-		- AOL-Advertising.xml
+	For rules that are on by default, see AOL.xml.
 
 
 	ToDo: find Akamai buckets.
 
 -->
-<ruleset name="AOL (mismatches)" default_off="mismatch">
-
-	<!--	Akamai	-->
-	<target host="adinfo.aol.com" />
-	<!--	cert: misc.blogsmith.aol.com	-->
-	<target host="corp.aol.com" />
-	<target host="dev.aol.com" />
-	<target host="legal.aol.com" />
-	<target host="privacy.aol.com" />
-	<!--	Cert: misc.blogsmith.aol.com	-->
-	<target host="mobile.aol.com" />
-	<target host="translogic.aolautos.com" />
-	<target host="aolcdn.com" />
-	<target host="vivad.aolcdn.com" />
-	<target host="www.aolcdn.com" />
-	<target host="console.aolonnetwork.com" />
-	<target host="blogsmithmedia.com" />
-	<target host="www.blogsmithmedia.com" />
+<ruleset name="AOL (mismatches)" default_off="mismatched">
 	<!--
 		Moved to Akamai and broke.
 	<target host="mydaily.co.uk" />
 	<target host="www.mydaily.co.uk" /-->
 	<target host="an.tacoda.net" />
 
-
-	<securecookie host="^(corp|dev|privacy)\.aol\.com$" name=".*" />
-	<securecookie host="^translogic\.aolautos\.com$" name=".*" />
-	<securecookie host="^console\.aolonnetwork\.com$" name=".+" />
-	<!--securecookie host="^(.*\.)?mydaily\.co\.uk$" name=".*" /-->
-
-
-	<rule from="^http://(adinfo|corp|dev|legal|mobile|privacy)\.aol\.com/"
-		to="https://$1.aol.com/" />
-
-	<rule from="^http://translogic\.aolautos\.com/"
-		to="https://translogic.aolautos.com/" />
-
-	<rule from="^https?://(?:vivad|www)?aolcdn\.com/"
-		to="https://www.aolcdn.com/"/>
-
-	<rule from="^http://console\.aolonnetwork\.com/"
-		to="https://console.aolonnetwork.com/" />
-
-	<!--	- !www doesn't work.
-		- Images throw "Service Unavailable".
-	
-		Two examples of working paths:
-
-			- blogsmithmedia.com/corp.aol.com/media/jquery-fancybox_1-3-1.css
-			- blogsmithmedia.com/corp.aol.com/media/screen.css?v=1
-										-->
-	<rule from="^https?://(?:www\.)?blogsmithmedia\.com/corp\.aol\.com/media/([\w\-\.]+)\.css(\?v=\d)?$"
-		to="https://www.blogsmithmedia.com/corp.aol.com/media/$1.css$2" />
-
-	<rule from="^https?://(?:www\.)?blogsmithmedia\.com/translogic\.aolautos\.com/media/"
-		to="https://translogic.aolautos.com/media/" />
-
 	<!--	Moved to Akamai and broke: "An error occurred"
-	<rule from="^https?://(?:www\.)?mydaily\.co\.uk/"
+	<rule from="^http://(?:www\.)?mydaily\.co\.uk/"
 		to="https://www.mydaily.co.uk/" /-->
 
-	<rule from="^http://an\.tacoda\.net/"
-		to="https://an.tacoda.net/" />
-
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/AOL.co.uk.xml b/src/chrome/content/rules/AOL.co.uk.xml
new file mode 100644
index 000000000000..72b211311c22
--- /dev/null
+++ b/src/chrome/content/rules/AOL.co.uk.xml
@@ -0,0 +1,102 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://uktools.aol.co.uk/media/email-sign-out-rwd.css => https://uktools.aol.co.uk/media/email-sign-out-rwd.css: (7, 'Failed to connect to uktools.aol.co.uk port 443: Connection refused')
+Fetch error: http://rs.aol.co.uk/ => https://rs.aol.co.uk/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	For other AOL coverage, see AOL.xml.
+
+
+	Nonfunctional hosts in *aol.co.uk:
+
+		- ^ ¹
+		- corp ¹
+		- games ²
+		- money ¹
+		- privacy ¹
+		- search ¹
+		- sportinglife ²
+		- weather ¹
+		- www ³
+
+	¹ Refused
+	² Dropped
+	³ Redirects to http
+
+
+	Problematic hosts in *aol.co.uk:
+
+		- help *
+		- on *
+
+	* Mismatched
+
+
+	Fully covered hosts in *aol.co.uk:
+
+		- mail
+		- rs
+
+
+	Insecure cookies are set for these hosts:
+
+		- on.aol.co.uk
+
+
+	Mixed content:
+
+		- iframe on on from embed.5min.com *
+
+		- css, on:
+
+			- on from as.on.aol.com *
+			- on from fonts.googleapis.com *
+
+		- Images, on:
+
+			- on from pfiles.5min.com *
+			- on from at.on.aol.com *
+
+		- Bugs on on from b.scorecardresearch.com *
+
+	* Secured by us
+
+-->
+<ruleset name="AOL.co.uk (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<!--target host="help.aol.co.uk" /-->
+	<target host="mail.aol.co.uk" />
+	<!--target host="on.aol.co.uk" /-->
+	<target host="rs.aol.co.uk" />
+	<target host="uktools.aol.co.uk" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.aol\.co\.uk/($|ads/load_v7\.html)" /-->
+		<!--exclusion pattern="^http://uktools\.aol\.co\.uk/($|api/word-of-the-day\.html)" /-->
+
+		<!--	Exceptions:
+					-->
+		<exclusion pattern="^http://uktools\.aol\.co\.uk/(?!media/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://uktools.aol.co.uk/api/word-of-the-day.html" />
+
+			<!--	-ve:
+					-->
+			<test url="http://uktools.aol.co.uk/media/email-sign-out-rwd.css" />
+			<test url="http://uktools.aol.co.uk//media/email-sign-out-rwd.css" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^on\.aol\.co\.uk$" name="^watchpage$" /-->
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AOL.xml b/src/chrome/content/rules/AOL.xml
index 67ece4b543d0..739e8f0a35bf 100644
--- a/src/chrome/content/rules/AOL.xml
+++ b/src/chrome/content/rules/AOL.xml
@@ -1,23 +1,47 @@
+
 <!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Fetch error: http://cdn.komentary.aol.com/confab/1/styles/confab.css => https://cdn.komentary.aol.com/confab/1/styles/confab.css: (6, 'Could not resolve host: cdn.komentary.aol.com')
+Fetch error: http://account.aol.com/ => https://account.aol.com/: (6, 'Could not resolve host: account.aol.com')
+Fetch error: http://captcha.aol.com/ => https://captcha.aol.com/: (6, 'Could not resolve host: captcha.aol.com')
+Fetch error: http://idgfm.corp.aol.com/ => https://idgfm.corp.aol.com/: (6, 'Could not resolve host: idgfm.corp.aol.com')
+Fetch error: http://i.aol.com/ => https://i.aol.com/: (6, 'Could not resolve host: i.aol.com')
+Fetch error: http://cdn.komentary.aol.com/ => https://cdn.komentary.aol.com/: (6, 'Could not resolve host: cdn.komentary.aol.com')
+Fetch error: http://account.login.aol.com/ => https://account.login.aol.com/: (6, 'Could not resolve host: account.login.aol.com')
+Fetch error: http://api.mail.aol.com/ => https://api.mail.aol.com/: (6, 'Could not resolve host: api.mail.aol.com')
+Fetch error: http://cdn.mail.aol.com/ => https://cdn.mail.aol.com/: (6, 'Could not resolve host: cdn.mail.aol.com')
+Fetch error: http://new.aol.com/ => https://new.aol.com/: (6, 'Could not resolve host: new.aol.com')
+Fetch error: http://openid.aol.com/ => https://openid.aol.com/: (6, 'Could not resolve host: openid.aol.com')
+Fetch error: http://api.oscar.aol.com/ => https://api.oscar.aol.com/: (6, 'Could not resolve host: api.oscar.aol.com')
+Fetch error: http://s2c.aol.com/ => https://s2c.aol.com/: (6, 'Could not resolve host: s2c.aol.com')
+Fetch error: http://dashboard.voice.aol.com/ => https://dashboard.voice.aol.com/: (6, 'Could not resolve host: dashboard.voice.aol.com')
+Fetch error: http://expapi.oscar.aol.com/ => https://api.oscar.aol.com/: (6, 'Could not resolve host: api.oscar.aol.com')
+
+
 	For problematic coverage, see AOL-mismatches.xml.
 
 
 	Other AOL rulesets:
 
-		- 5min.xml
 		- AboutMe.xml
+		- AdSonar.com.xml
+		- Adap.TV.xml
 		- Adtech.de.xml
 		- Adtechus.com.xml
 		- Advertising.com.xml
+		- AOL.co.uk.xml
 		- AOL-Advertising.xml
+		- AOL_On_Network.com.xml
+		- Auto_Blog.com.xml
+		- blogsmithmedia.com.xml
+		- CrunchBoard.com.xml
 		- Engadget.com.xml
 		- Huffington-Post.xml
-		- Joystiq.com.xml
 		- Moviefone.xml
+		- Netscape.com.xml
 
 
-	Much of CrunchBoard is handled in PersonForce-clients.xml.
-
 	TechCrunch is handled in WordPress-blogs.xml.
 
 
@@ -36,21 +60,51 @@
 
 	Nonfunctional domains:
 
-		- aol.com subdomains:
-
-			- advertising
+		- in *aol.com:
+
+			- ^ ʳ
+			- about ʳ
+			- advertising ᶠ
+			- autos ʰ
+			- dev.sandbox.autos ʳ
+			- misc.blogsmith ʳ
+			- browsers ʳ
+			- canada ʳ
+			- help.channels ʳ
+			- (www.)?corp ᵃ
+			- daol ʳ
+			- dev ʳ
+			- downloaded ʰ
+			- features ʳ
+			- heroes ʰ
 			- hss-prod.hss
+			- ipad ʰ
+			- legal ʳ
+			- m ʰ
+			- mobile ʳ
 			- music
+			- on ʰ
+
+			- s.on ᵉ
 			- stg.s.on
 			- stg.on
+			- support.on ᵉ
 			- stg.support.on
+			- t.on ᵉ
 			- stg.t.on
 
-		- euportal.aolcdn.com		(503, Akamai)
-		- myfeeds.aolcdn.com		(ditto)
-		- stg.support.aolonnetwork.com
-		- media.blogcdn.com
-		- blogsmithmedia.com		(ditto)
+			- netscape ʰ
+			- oscars ʳ
+			- privacy ʳ
+			- realestate ʳ
+			- share ʳ
+			- startpage ʳ
+			- thevoiceof ʰ
+			- toshiba ʰ
+			- weather ʳ
+			- webmail ʳ
+			- welcome ʰ
+
 		- (www.)joystiq.com
 		- massively.joystiq.com
 		- tuaw.com
@@ -58,87 +112,148 @@
 		- www.winamp.com
 		- blog.winamp.com
 
+	ᵃ Shows another domain
+	ᶠ Content fails to load
+	ʳ Refused
+	ʰ Redirects to http
+	ᵉ Cert expired
+	³ 503, Akamai
 
-	Problematic domains:
 
-		- aim.com
-		- cdn.aim.com		(akamai)
+	Problematic hosts in *aol.com:
 
-		- aol.com subdomains:
+		- expapi.oscar ᵐ
+		- webmail ᵑ
 
-			- as.on		(works, akamai)
-			- at.on		(works, akamai)
-			- support.on
-			- expapi.oscar	(cert only matches api.oscar)
-			- privacy	(works, mismatched, CN: misc.blogsmith.aol.com)
+	ᵐ Cert only matches api.oscar.aol.com
+	ᵑ Refused
 
-		- console.aolonnetwork.com	(works, mismatched)
 
--->
-<ruleset name="AOL (partial)">
+	Partially covered hosts in *aol.com:
 
-	<target host="aim.com" />
-	<target host="*.aim.com" />
-	<target host="aol.com" />
-	<target host="*.aol.com" />
-		<!--
-			Added by AOL, required for http logout.
-								-->
-		<exclusion pattern="^http://my\.screenname\.aol\.com/_cqr/logout/" />
-	<target host="aol.co.uk" />
-	<target host="*.aol.co.uk" />
-	<target host="*.aolcdn.com" />
-		<exclusion pattern="^http://o\.aolcdn\.com/(?:dims-global|mars|myfeeds|portaleu|winamp/dp)/" />
-	<target host="support.aolonnetwork.com" />
-	<target host="crunchboard.com" />
-	<target host="www.crunchboard.com" />
-	<target host="netscape.com" />
-	<target host="*.netscape.com" />
+		- my.screenname *
 
+	* Logout excluded
 
-	<!--	.my.screenname.aol.com		-->
-	<securecookie host="^(?:dev\.sandbox\.autos|new)\.aol\.com$" name=".+" />
-	<securecookie host="^www\.aol\.co\.uk$" name=".+" />
-	<securecookie host="^support\.aolonnetwork\.com$" name=".+" />
 
+	These altnames don't exist:
 
-	<rule from="^http://(?:cdn\.|www\.)?aim\.com/"
-		to="https://www.aim.com/" />
+		- holiday.aol.com
 
-	<rule from="^http://(?:www\.)?aol\.com/(favicon\.ico|video/)"
-		to="https://www.aol.com/$1" />
 
-	<rule from="^http://((?:dev\.sandbox\.)?autos|bill|misc\.blogsmith|contactus|account\.login|(?:api\.|cdn\.web)mail|myaccount|netscape|new|on|openid|pki-info|aolctoftp\.red|s2c|(?:api|my)\.screenname|dashboard\.voice)\.aol\.com/"
-		to="https://$1.aol.com/" />
+	Insecure cookies are set for these domains and hosts: ᶜ
 
-	<rule from="^http://a?(s|t)\.on\.aol\.com/"
-		to="https://$1.on.aol.com/" />
+		- .aol.com
+		- account.aol.com
+		- autos.aol.com
+		- .autos.aol.com
+		- bill.aol.com
+		- .bill.aol.com
+		- ui.comet.aol.com
+		- discover.aol.com
+		- feedback.aol.com
+		- .feedback.aol.com
+		- help.aol.com
+		- .mail.aol.com
+		- myaccount.aol.com
+		- .myaccount.aol.com
+		- .my.screenname.aol.com
+		- .search.aol.com
+		- dashboard.voice.aol.com
 
-	<rule from="^http://support\.(?:on\.aol|aolonnetwork)\.com/"
-		to="https://support.aolonnetwork.com/" />
+	ᶜ See https://owasp.org/index.php/SecureFlag
 
-	<rule from="^http://(?:exp)?api\.oscar\.aol\.com/"
-		to="https://api.oscar.aol.com/" />
 
-	<rule from="^http://(?:www\.)?aol\.co\.uk/"
-		to="https://www.aol.co.uk/" />
+	Mixed content:
 
-	<rule from="^http://rs\.aol\.co\.uk/"
-		to="https://rs.aol.co.uk/" />
+		- Image on adinfo from media.blogcdn.com
+		- favicon on adinfo from www.aol.com
 
-	<rule from="^http://(?:o3?|s(ns-static)?)\.aolcdn\.com/"
-		to="https://s$1.aolcdn.com/" />
+-->
+<ruleset name="AOL.com (partial)">
 
-	<rule from="^http://(?:www\.)?crunchboard\.com/(build|images3?|include)/"
-		to="https://secure.personforce.com/$1/" />
+	<!--	Direct rewrites:
+				-->
+	<target host="aol.com" />
+	<target host="www.aol.com" />
+	<!-- target host="account.aol.com" /-->
+	<target host="adinfo.aol.com" />
+	<target host="bill.aol.com" />
+	<target host="build.aol.com" />
+	<!-- target host="captcha.aol.com" /-->
+	<target host="ui.comet.aol.com" />
+	<target host="contactus.aol.com" />
+	<!-- target host="idgfm.corp.aol.com" /-->
+	<target host="discover.aol.com" />
+	<target host="feedback.aol.com" />
+	<!-- target host="i.aol.com" /-->
+	<target host="help.aol.com" />
+	<!-- target host="cdn.komentary.aol.com" /-->
+	<target host="mail.latino.aol.com" />
+	<!-- target host="account.login.aol.com" /-->
+
+	<target host="mail.aol.com" />
+	<!-- target host="api.mail.aol.com" /-->
+	<target host="beta.mail.aol.com" />
+	<!-- target host="cdn.mail.aol.com" /-->
+	<target host="rpc.mail.aol.com" />
+	<target host="rpc1.mail.aol.com" />
+	<target host="webmail1.mail.aol.com" />
+
+	<target host="membernotifications.aol.com" />
+	<target host="myaccount.aol.com" />
+	<target host="mybenefits.aol.com" />
+	<!-- target host="new.aol.com" /-->
+	<!-- target host="openid.aol.com" /-->
+	<!-- target host="api.oscar.aol.com" /-->
+	<target host="portfolios.aol.com" />
+	<target host="postmaster.aol.com" />
+	<!-- target host="s2c.aol.com" /-->
+	<target host="my.screenname.aol.com" />
+	<target host="search.aol.com" />
+	<target host="shop.aol.com" />
+	<!-- target host="dashboard.voice.aol.com" /-->
+
+	<!--	Complications:
+				-->
+	<!-- target host="expapi.oscar.aol.com" /-->
+	<target host="webmail.aol.com" />
+
+		<!--	Added by AOL, required for http logout.
+								-->
+		<exclusion pattern="^http://my\.screenname\.aol\.com/_cqr/logout/" />
 
-	<!--	- Doesn't work over https.
-		- Redirects as so.
-					-->
-	<rule from="^http://(?:(?:home|www)\.)?netscape\.com/"
-		to="https://netscape.aol.com/" />
+			<test url="http://my.screenname.aol.com/_cqr/logout/" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://(heroes|m|netscape|on|toshiba|welcome|www)\.aol\.com/$" /-->
+		<!--exclusion pattern="^http://www.aol.com/(favicon\.ico|mod_pagespeed_static/)" /-->
 
-	<rule from="^http://(?:web)?mail\.netscape\.com/"
-		to="https://my.screenname.aol.com/_cqr/login/login.psp?sitedomain=sns.webmail.aol.com" />
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.aol\.com$" name="^(?:RSP_CHECK_PORTAL_SEARCH\.AOL\.COM|newHelpSite)$" /-->
+	<!--securecookie host="^(bill|myaccount|\.myaccount)?\.aol\.com$" name="^MC_UNAUTH$" /-->
+	<!--securecookie host="^(autos|\.autos)?\.aol\.com$" name="^RSP_CHECK_PORTAL_AUTOS\.AOL\.COM$" /-->
+	<!--securecookie host="^(bill|\.bill)?\.aol\.com$" name="(RSP_CHECK_PORTAL_BILL\.AOL\.COM|RSP_LOCAL_BILL\.AOL\.COM)$" /-->
+	<!--securecookie host="^(feedback|\.feedback)?\.aol\.com$" name="^(RSP_CHECK_PORTAL_FEEDBACK\.AOL\.COM|mcAuth)$" /-->
+	<!--securecookie host="^(myaccount|\.myaccount)?\.aol\.com$" name="^(RSP_CHECK_PORTAL_MYACCOUNT\.AOL\.COM|RSP_LOCAL_MYACCOUNT\.AOL\.COM|RSP_TRACK_MYACCOUNT\.AOL\.COM)$" /-->
+	<!--securecookie host="^account\.aol\.com$" name="^L$" /-->
+	<!--securecookie host="^ui\.comet\.aol\.com$" name="^AMPMV-40$" /-->
+	<!--securecookie host="^discover\.aol\.com$" name="^AWSELB$" /-->
+	<!--securecookie host="^(help|dashboard\.voice)\.aol\.com" name="^session$" /-->
+	<!--securecookie host="^\.mail\.aol\.com$" name="^(Context|L7Id)$" /-->
+	<!--securecookie host="^\.my\.screenname\.aol\.com$" name="^(SNS_LDC|SNS_SC)$" /-->
+	<!--securecookie host="^\.search\.aol\.com$" name="^(?:MVT_TB[PV]|RSP_CHECK_PORTAL_SEARCH\.AOL\.COM|s_guid)$" /-->
+
+	<securecookie host="^\." name="^(?:_ga|optimizely)" />
+	<securecookie host="(^|\.)(bill|build|discover|i|myaccount|mybenefits|new|portfolios|postmaster|dashboard\.voice)\.aol\.com$" name=".+" />
+
+	<rule from="^http://webmail\.aol\.com/"
+		to="https://mail.aol.com/" />
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/AOL_CDN.com-problematic.xml b/src/chrome/content/rules/AOL_CDN.com-problematic.xml
new file mode 100644
index 000000000000..6d98961c9bca
--- /dev/null
+++ b/src/chrome/content/rules/AOL_CDN.com-problematic.xml
@@ -0,0 +1,23 @@
+<!--
+	For rules that are on by default, see AOL_CDN.com.xml.
+
+-->
+<ruleset name="AOL CDN.com (mismatched)" default_off="mismatched">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.aolcdn.com" />
+
+	<!--	Complications:
+				-->
+	<target host="aolcdn.com" />
+	<target host="vivad.aolcdn.com" />
+
+
+	<rule from="^http://(?:vivad\.)?aolcdn\.com/"
+		to="https://www.aolcdn.com/"/>
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AOL_On_Network.com.xml b/src/chrome/content/rules/AOL_On_Network.com.xml
new file mode 100644
index 000000000000..d35b503ef5f8
--- /dev/null
+++ b/src/chrome/content/rules/AOL_On_Network.com.xml
@@ -0,0 +1,53 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://console.aolonnetwork.com/ => https://console.aolonnetwork.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://support.aolonnetwork.com/ => https://support.aolonnetwork.com/: (60, 'SSL certificate problem: certificate has expired')
+
+	For other AOL coverage, see AOL.xml.
+
+
+	Nonfunctional hosts in *aolonnetwork.com:
+
+		- stg.support
+		- help ¹
+		- translogic ²
+
+	¹ Zendesk
+	² Refused
+
+
+	Problematic hosts in *aolonnetwork.com:
+
+
+
+	Fully covered hosts in *aolonnetwork.com:
+
+		- console
+		- support
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- console.aolonnetwork.com
+
+-->
+<ruleset name="AOL On Network.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="console.aolonnetwork.com" />
+	<target host="support.aolonnetwork.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^console\.aolonnetwork\.com$" name="^(ASP\.NET_SessionId|Guest)$" /-->
+
+	<securecookie host="^console\.aolonnetwork\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AOMedia.org.xml b/src/chrome/content/rules/AOMedia.org.xml
new file mode 100644
index 000000000000..e9dec1c79c7f
--- /dev/null
+++ b/src/chrome/content/rules/AOMedia.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="AOMedia.org">
+	<target host="aomedia.org" />
+	<target host="www.aomedia.org" />
+	<target host="build.aomedia.org" />
+	<target host="groups.aomedia.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AOptix.xml b/src/chrome/content/rules/AOptix.xml
index 664dd978071f..746892436261 100644
--- a/src/chrome/content/rules/AOptix.xml
+++ b/src/chrome/content/rules/AOptix.xml
@@ -6,7 +6,7 @@
 	<target host="www.aoptix.com" />
 
 
-	<rule from="^https?://(?:www\.)?aoptix\.com(?::7081)?/"
+	<rule from="^http://(?:www\.)?aoptix\.com(?::7081)?/"
 		to="https://www.aoptix.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/AP.org.xml b/src/chrome/content/rules/AP.org.xml
new file mode 100644
index 000000000000..124ee57b9b02
--- /dev/null
+++ b/src/chrome/content/rules/AP.org.xml
@@ -0,0 +1,51 @@
+<!--
+	Non-functional hosts
+		Timeout was reached:
+		- aphelp.ap.org
+		- apimages.ap.org
+		- discover.ap.org
+		- geomancer.ap.org
+		- hosted2admin.ap.org
+		- markets.ap.org
+		- roam.ap.org
+		- www.roam.ap.org
+		- sbmaster.ap.org
+		- webmail.ap.org
+
+		SSL connect error:
+		- feeds.ap.org
+
+		SSL peer certificate was not OK:
+		- aptndirect.ap.org
+		- customersupport.ap.org
+		- stream.labs.ap.org
+		- www.summergames.ap.org
+		- surveys.ap.org
+		- video.ap.org
+-->
+<ruleset name="AP.org">
+	<target host="ap.org" />
+	<target host="www.ap.org" />
+	<target host="bigstory.ap.org" />
+	<target host="binaryapi.ap.org" />
+	<target host="blog.ap.org" />
+	<target host="careers.ap.org" />
+	<target host="collegebasketball.ap.org" />
+	<target host="www.collegebasketball.ap.org" />
+	<target host="collegefootball.ap.org" />
+	<target host="www.collegefootball.ap.org" />
+	<target host="developer.ap.org" />
+	<target host="elections.ap.org" />
+	<target host="hosted.ap.org" />
+	<target host="inside.ap.org" />
+	<target host="insights.ap.org" />
+	<target host="pro32.ap.org" />
+	<target host="racing.ap.org" />
+	<target host="www.racing.ap.org" />
+	<target host="store.ap.org" />
+	<target host="sunshine.ap.org" />
+	<target host="wfm.ap.org" />
+	<target host="wintergames.ap.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/APA.org.xml b/src/chrome/content/rules/APA.org.xml
index 23dc38fbfca6..4becd0cd96eb 100644
--- a/src/chrome/content/rules/APA.org.xml
+++ b/src/chrome/content/rules/APA.org.xml
@@ -1,9 +1,41 @@
-<ruleset name="APA.org (partial)" platform="mixedcontent">
+<!--
 
-	<target host="my.apa.org"/>
+	Nonfunctional hosts in *apa.org:
+		Redirects to http:
+			- psycnet
+		Refused:
+			- doi
+		Unable to get local issuer certificate (Travis error):
+			- join
+		Numerous other nonfunctional subdomains (~140 found with Sublist3r)
 
-	<rule from="^http://my\.apa\.org/" to="https://my.apa.org/"/>
+	Redirects:
+		* on.apa.org
+			* bit.ly vanity domain
+			* target located in Bitly_branded_short_domains.xml
+		* staging.psyctherapy.apa.org
+			* Redirects to mytest.apa.org
+		* psyctherapyalpha.apa.org
+			* Redirects to mytest.apa.org
+-->
+<ruleset name="APA.org (partial)">
+	<target host="apa.org" />
+	<target host="www.apa.org" />
+	<target host="books.apa.org" />
+	<target host="coaportal.apa.org" />
+	<target host="fs.apa.org" />
+	<target host="memforms.apa.org" />
+	<target host="mfpapp.apa.org" />
+	<target host="my.apa.org" />
+	<target host="mytest.apa.org" />
+	<target host="myweb.apa.org" />
+	<target host="pages.apa.org" />
+	<target host="securenet.apa.org" />
+	<target host="www2.apa.org" />
 
-	<securecookie host="^my\.apa\.org$" name=".*"/>
+	<securecookie host="^\w" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/APAN.net.xml b/src/chrome/content/rules/APAN.net.xml
new file mode 100644
index 000000000000..09d951342f64
--- /dev/null
+++ b/src/chrome/content/rules/APAN.net.xml
@@ -0,0 +1,36 @@
+<!--
+	Asia-Pacific Advanced Network
+
+
+	Nonfunctional hosts:
+
+		- www.jp.apan.net *
+
+	* Refused
+
+
+	Insecure cookies are set for these hosts:
+
+		- apan.net
+		- master.apan.net
+		- www.apan.net
+
+-->
+<ruleset name="APAN.net (partial)">
+
+	<target host="apan.net" />
+	<target host="master.apan.net" />
+	<target host="www.apan.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(master\.|www\.)?apan\.net$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^(?:master\.|www\.)?apan\.net$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/APAN.org.xml b/src/chrome/content/rules/APAN.org.xml
new file mode 100644
index 000000000000..4b75578d7ecc
--- /dev/null
+++ b/src/chrome/content/rules/APAN.org.xml
@@ -0,0 +1,17 @@
+<ruleset name="APAN.org (partial)">
+	<target host="apan.org" />
+	<target host="chat.apan.org" />
+	<target host="community.apan.org" />
+	<target host="connect.apan.org" />
+	<target host="lite.apan.org" />
+	<target host="m.apan.org" />
+	<target host="mail.apan.org" />
+	<target host="map.apan.org" />
+	<target host="passport.apan.org" />
+	<target host="ronna.apan.org" />
+	<target host="translate.apan.org" />
+	<target host="wss.apan.org" />
+	<target host="www.apan.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/APC-Magazine.xml b/src/chrome/content/rules/APC-Magazine.xml
index 86059871f1ab..ff649f12f6af 100644
--- a/src/chrome/content/rules/APC-Magazine.xml
+++ b/src/chrome/content/rules/APC-Magazine.xml
@@ -4,12 +4,10 @@
 	<target host="www.apcmag.com" />
 
 
-	<securecookie host="^apcmag\.com$" name=".*" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<!--	Cert only matches //apcmag.com.
-					-->
-	<rule from="^http://(?:www\.)?apcmag\.com/"
-		to="https://apcmag.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/APM.com.xml b/src/chrome/content/rules/APM.com.xml
index 4eae9406ea33..b91da56916a9 100644
--- a/src/chrome/content/rules/APM.com.xml
+++ b/src/chrome/content/rules/APM.com.xml
@@ -1,18 +1,30 @@
+
 <!--
-	Nonfunctional subdomains:
+Disabled by https-everywhere-checker because:
+Fetch error: http://myapm.apm.com/ => https://myapm.apm.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	Insecure cookies are set for these domains:
 
-		- (www.)	(504)
+		- myapm
+		- www
 
 -->
-<ruleset name="APM.com (partial)">
+<ruleset name="APM.com" default_off="failed ruleset test">
 
+	<target host="apm.com" />
 	<target host="myapm.apm.com" />
+	<target host="www.apm.com" />
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(myapm|www)\.apm\.com$" name="^(exp_last_activity|exp_last_visit|exp_tracker)$" /-->
+	<!--securecookie host="^myapm\.apm\.com$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^www\.apm\.com$" name="^exp_stashid$" /-->
 
-	<securecookie host="^myapm\.apm\.com$" name=".+" />
+	<securecookie host="^(?:myapm|www)\.apm\.com$" name=".+" />
 
 
-	<rule from="^http://myapm\.apm\.com/"
-		to="https://myapm.apm.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/APN_News_and_Media.xml.xml b/src/chrome/content/rules/APN_News_and_Media.xml.xml
deleted file mode 100644
index a66c8f9dfc1a..000000000000
--- a/src/chrome/content/rules/APN_News_and_Media.xml.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	Other APN News & Media rulesets:
-
-		- Food_Hub.xml
-		- New_Zealand_Herald.xml
-
--->
-<ruleset name="APN News &amp; Media (partial)">
-
-	<target host="media2.apnonline.com.au" />
-
-
-	<rule from="^http://media2\.apnonline\.com\.au/"
-		to="https://d159yll7hxyh2o.cloudfront.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/APNews.com.xml b/src/chrome/content/rules/APNews.com.xml
new file mode 100644
index 000000000000..909f9f0f78bc
--- /dev/null
+++ b/src/chrome/content/rules/APNews.com.xml
@@ -0,0 +1,21 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+			 - 868.apnews.com
+			 - cox.apnews.com
+			 - es.apnews.com
+			 - espanol.apnews.com
+			 - m.apnews.com
+			 - mobile.apnews.com
+			 - spanish.apnews.com
+			 - uscc.apnews.com
+-->
+<ruleset name="Associated Press News">
+	<target host="apnews.com" />
+	<target host="www.apnews.com" />
+	<target host="blog.apnews.com" />
+
+	<securecookie host="^(www\.)?apnews\.com$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/APO_Box.com.xml b/src/chrome/content/rules/APO_Box.com.xml
new file mode 100644
index 000000000000..01e66c0fa42c
--- /dev/null
+++ b/src/chrome/content/rules/APO_Box.com.xml
@@ -0,0 +1,19 @@
+<ruleset name="APO Box.com">
+
+	<target host="apobox.com" />
+	<target host="www.apobox.com" />
+	<target host="support.apobox.com" />
+
+
+	<!--	Server doesn't set Secure for:
+						-->
+	<securecookie host="^\.apobox\.com$" name=".+" />
+
+
+	<rule from="^http://(www\.)?apobox\.com/"
+		to="https://$1apobox.com/" />
+
+	<rule from="^http://support\.apobox\.com/(?=favicon\.ico|generated/|images/|system/)"
+		to="https://apobox.zendesk.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/APSJobs.xml b/src/chrome/content/rules/APSJobs.xml
new file mode 100644
index 000000000000..5838e7b7c492
--- /dev/null
+++ b/src/chrome/content/rules/APSJobs.xml
@@ -0,0 +1,17 @@
+<ruleset name="APS Jobs.gov.au">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.apsjobs.gov.au" />
+
+	<!--	Complications:
+				-->
+	<target host="apsjobs.gov.au" />
+
+
+	<rule from="^http://apsjobs\.gov\.au/"
+		to="https://www.apsjobs.gov.au/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AP_Schedule.com.xml b/src/chrome/content/rules/AP_Schedule.com.xml
new file mode 100644
index 000000000000..b6b130eb3809
--- /dev/null
+++ b/src/chrome/content/rules/AP_Schedule.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- apschedule.com
+		- www.apschedule.com
+
+-->
+<ruleset name="AP Schedule.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="apschedule.com" />
+	<target host="www.apschedule.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?apschedule\.com$" name="^(?:ap_schedule_(?:company|language)_id|session)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AR-conference.org.xml b/src/chrome/content/rules/AR-conference.org.xml
new file mode 100644
index 000000000000..a5f57afeed1f
--- /dev/null
+++ b/src/chrome/content/rules/AR-conference.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="IARC">
+
+	<target host="ar-conference.org" />
+	<target host="www.ar-conference.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AR15.com.xml b/src/chrome/content/rules/AR15.com.xml
new file mode 100644
index 000000000000..abdd3f435706
--- /dev/null
+++ b/src/chrome/content/rules/AR15.com.xml
@@ -0,0 +1,44 @@
+<!--
+	These altnames don't exist:
+
+		- www.store.ar15.com
+
+
+	Insecure cookies are set for these domains:
+
+		- .ar15.com
+
+
+	Mixed content:
+
+		- iframe on www from www.youtube.com
+
+		- Images, on:
+
+			- www from $self
+			- www from i\d+.photobucket.com
+			- www from s\d+.postimg.org ˢ
+
+		- favicon on www from $self
+
+	ˢ Secured by us
+
+-->
+<ruleset name="AR15.com">
+
+	<target host="ar15.com" />
+	<target host="store.ar15.com" />
+	<target host="www.ar15.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.ar15\.com$" name="^sessionID$" /-->
+
+	<securecookie host="^\.ar15\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ARDMediathek.de.xml b/src/chrome/content/rules/ARDMediathek.de.xml
new file mode 100644
index 000000000000..7b19a8cd5725
--- /dev/null
+++ b/src/chrome/content/rules/ARDMediathek.de.xml
@@ -0,0 +1,39 @@
+<!--
+	Invalid certificate:
+		cai.ardmediathek.de
+		hbbtv.ardmediathek.de
+		m.ardmediathek.de
+		programm.ardmediathek.de
+
+	Timeout:
+		audiothek-origin-tua.ardmediathek.de
+		cai-tua.ardmediathek.de
+		exp.ardmediathek.de
+		exp-origin.ardmediathek.de
+		exp-tua.ardmediathek.de
+		www.m.ardmediathek.de
+		www-origin-personal-tua.ardmediathek.de
+-->
+<ruleset name="ARDMediathek.de">
+
+	<target host="ardmediathek.de" />
+	<target host="www.ardmediathek.de" />
+	<target host="appdata.ardmediathek.de" />
+	<target host="appdata-staging.ardmediathek.de" />
+	<target host="appdata-tua.ardmediathek.de" />
+	<target host="audiothek.ardmediathek.de" />
+	<target host="audiothek-tua.ardmediathek.de" />
+	<target host="img.ardmediathek.de" />
+	<target host="img-staging.ardmediathek.de" />
+	<target host="img-tua.ardmediathek.de" />
+	<target host="www-staging.ardmediathek.de" />
+	<target host="www-tua.ardmediathek.de" />
+
+	<!-- Invalid certificate on https://ardmediathek.de/,
+	http://ardmediathek.de/ redirects to http://www.ardmediathek.de/ -->
+	<rule from="^http://ardmediathek\.de/"
+		to="https://www.ardmediathek.de/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AREWEFASTYET.com.xml b/src/chrome/content/rules/AREWEFASTYET.com.xml
new file mode 100644
index 000000000000..3f4dc9209818
--- /dev/null
+++ b/src/chrome/content/rules/AREWEFASTYET.com.xml
@@ -0,0 +1,11 @@
+<ruleset name="ARE WE FAST YET.com">
+
+	<target host="arewefastyet.com" />
+	<target host="www.arewefastyet.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ARICR.org.xml b/src/chrome/content/rules/ARICR.org.xml
new file mode 100644
index 000000000000..693dadf7679a
--- /dev/null
+++ b/src/chrome/content/rules/ARICR.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="ARICR.org">
+	<target host="aricr.org" />
+	<target host="www.aricr.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ARIN.net.xml b/src/chrome/content/rules/ARIN.net.xml
index 030daa185f2f..5934255c677c 100644
--- a/src/chrome/content/rules/ARIN.net.xml
+++ b/src/chrome/content/rules/ARIN.net.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://updown-pilot.arin.net/ => https://updown-pilot.arin.net/: (6, 'Could not resolve host: updown-pilot.arin.net')
+
 	American Registry for Internet Numbers
 
 
@@ -25,17 +29,17 @@
 		- www
 
 -->
-<ruleset name="ARIN.net (partial)">
+<ruleset name="ARIN.net (partial)" default_off="failed ruleset test">
 
 	<target host="arin.net" />
-	<target host="*.arin.net" />
+	<target host="updown-pilot.arin.net" />
+	<target host="www.arin.net" />
 
 
 	<!--securecookie host="^\.arin\.net$" name="^__utm\w$" /-->
 	<securecookie host="^(?:updown-pilot\.|w*\.)?arin\.net$" name=".+" />
 
 
-	<rule from="^http://(updown-pilot\.|www\.)?arin\.net/"
-		to="https://$1arin.net/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ARIVA.DE.xml b/src/chrome/content/rules/ARIVA.DE.xml
new file mode 100644
index 000000000000..d1156e80a907
--- /dev/null
+++ b/src/chrome/content/rules/ARIVA.DE.xml
@@ -0,0 +1,65 @@
+<!--
+	Invalid certificate:
+		ac2010.ariva.de
+		acmobil.ariva.de
+		ag.ariva.de
+		six-structured-products.ariva.de
+		stwdepot.ariva.de
+
+	Non-2xx HTTP code:
+		files.ariva.de
+
+	Timeout:
+		product-read.easygov.ariva.de
+		product-write.easygov.ariva.de
+		ens[1-2].ariva.de
+		ns[1-2]?.ariva.de
+		push-portal.ariva.de
+-->
+<ruleset name="ARIVA.DE">
+
+	<target host="ariva.de" />
+	<target host="www.ariva.de" />
+	<target host="aaa.ariva.de" />
+	<target host="aktiencheck.ariva.de" />
+	<target host="anleihencheck.ariva.de" />
+	<target host="ars.ariva.de" />
+	<target host="bd2011.ariva.de" />
+	<target host="bfrank.ariva.de" />
+	<target host="bo.ariva.de" />
+	<target host="boersede.ariva.de" />
+	<target host="bondboard.ariva.de" />
+	<target host="data.ariva.de" />
+	<target host="donnerstag.ariva.de" />
+	<target host="www.easygov.ariva.de" />
+	<target host="api.easygov.ariva.de" />
+	<target host="services.easygov.ariva.de" />
+	<target host="www.test.easygov.ariva.de" />
+	<target host="fc2011.ariva.de" />
+	<target host="finanzen.ariva.de" />
+	<target host="finneu.ariva.de" />
+	<target host="ftp.ariva.de" />
+	<target host="futureforum.ariva.de" />
+	<target host="irpaket.ariva.de" />
+	<target host="m.ariva.de" />
+	<target host="newratings.ariva.de" />
+	<target host="notifications.ariva.de" />
+	<target host="onvista.ariva.de" />
+	<target host="optionsscheinecheck.ariva.de" />
+	<target host="pda.ariva.de" />
+	<target host="projekt.ariva.de" />
+	<target host="push.ariva.de" />
+	<target host="rohstoffecheck.ariva.de" />
+	<target host="sbroker.ariva.de" />
+	<target host="stockworld.ariva.de" />
+	<target host="streaming.ariva.de" />
+	<target host="ttz.ariva.de" />
+	<target host="webmail.ariva.de" />
+	<target host="za.ariva.de" />
+	<target host="zc.ariva.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ARM.com.xml b/src/chrome/content/rules/ARM.com.xml
new file mode 100644
index 000000000000..371168934f88
--- /dev/null
+++ b/src/chrome/content/rules/ARM.com.xml
@@ -0,0 +1,56 @@
+<!--
+	Non-functional hosts
+		Timeout was reached:
+		- designstart.arm.com
+		- infocenter.arm.com
+
+		SSL peer certificate was not OK:
+		- dr.community.arm.com
+		- forums.arm.com
+		- info.arm.com
+		- ir.arm.com
+		- license.arm.com
+		- malideveloper.arm.com
+		- mobile.arm.com
+
+		Incomplete certificate chain error:
+		- collaborate.code.arm.com
+		- static.docs.arm.com
+		- login.arm.com
+
+		5xx server error:
+		- www.qa.arm.com
+-->
+<ruleset name="ARM.com">
+	<target host="arm.com" />
+	<target host="www.arm.com" />
+
+	<target host="my.account.arm.com" />
+
+	<target host="sslvpn1.cambridge.arm.com" />
+	<target host="cmsis.arm.com" />
+	<target host="community.arm.com" />
+	<target host="qa.community.arm.com" />
+	<target host="www.community.arm.com" />
+
+	<target host="developer.arm.com" />
+	<target host="store.developer.arm.com" />
+	<target host="support.developer.arm.com" />
+	<target host="training.developer.arm.com" />
+	<target host="ds.arm.com" />
+
+	<target host="learn.arm.com" />
+
+	<target host="oils.arm.com" />
+	<target host="orgchart.arm.com" />
+
+	<target host="pages.arm.com" />
+
+	<target host="silver.arm.com" />
+
+	<target host="schedule.techcon.arm.com" />
+
+	<target host="usagereport.arm.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ARM.xml b/src/chrome/content/rules/ARM.xml
deleted file mode 100644
index 7cc560269b55..000000000000
--- a/src/chrome/content/rules/ARM.xml
+++ /dev/null
@@ -1,31 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.) *
-		- forums *
-		- infocenter	(times out)
-		- mobile *
-
-	* $ redirects to products...-standard.php, other paths 404; mismatched, CN: cmsis.arm.com
-
-
-	Problematic subdomains:
-
-		- ir	(works, akamai)
-
--->
-<ruleset name="ARM (partial)">
-
-	<target host="*.arm.com" />
-
-
-	<securecookie host="^(?:cmsis|login)\.arm\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?arm\.com/(cs|image)s/"
-		to="https://cmsis.arm.com/$1s/" />
-
-	<rule from="^http://(cmsis|login|silver)\.arm\.com/"
-		to="https://$1.arm.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/ARPNetworks.com.xml b/src/chrome/content/rules/ARPNetworks.com.xml
index c04aa83ced7e..ecf8995b7457 100644
--- a/src/chrome/content/rules/ARPNetworks.com.xml
+++ b/src/chrome/content/rules/ARPNetworks.com.xml
@@ -5,16 +5,18 @@
 <ruleset name="ARPNetworks.com (partial)">
 
 	<target host="arpnetworks.com" />
-	<target host="*.arpnetworks.com" />
+	<target host="portal.arpnetworks.com" />
+	<target host="www.arpnetworks.com" />
+	<target host="support.arpnetworks.com" />
 
 
-	<securecookie host="^(.*\.)?arpnetworks\.com$" name=".*" />
+	<securecookie host=".+" name=".+"/>
 
 
 	<rule from="^http://(portal\.|www\.)?arpnetworks\.com/"
 		to="https://$1arpnetworks.com/" />
 
-	<rule from="^https?://support\.arpnetworks\.com/(help|pkg|stylesheets)/"
+	<rule from="^http://support\.arpnetworks\.com/(help|pkg|stylesheets)/"
 		to="https://asset-2.tenderapp.com/$1/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/ARRL.xml b/src/chrome/content/rules/ARRL.xml
index ee635dfdb8a2..ba3adc7eb1ab 100644
--- a/src/chrome/content/rules/ARRL.xml
+++ b/src/chrome/content/rules/ARRL.xml
@@ -8,7 +8,7 @@
 	<target host="www.arrl.org" />
 
 
-	<rule from="^http://(www\.)?arrl\.org/(css/|img/|shop(?:$|\?|/))"
-		to="https://$1arrl.org/$2" />
+	<rule from="^http://(www\.)?arrl\.org/(?=css/|favicon\.ico|img/|shop(?:$|[?/]))"
+		to="https://$1arrl.org/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/AS112.net.xml b/src/chrome/content/rules/AS112.net.xml
new file mode 100644
index 000000000000..a70207e7aba4
--- /dev/null
+++ b/src/chrome/content/rules/AS112.net.xml
@@ -0,0 +1,22 @@
+<!--
+	^as112.net: Mismatched
+
+-->
+<ruleset name="AS112.net">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.as112.net" />
+
+	<!--	Complications:
+				-->
+	<target host="as112.net" />
+
+
+	<rule from="^http://as112\.net/"
+		to="https://www.as112.net/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AS200651.net.xml b/src/chrome/content/rules/AS200651.net.xml
new file mode 100644
index 000000000000..ff94e2e16494
--- /dev/null
+++ b/src/chrome/content/rules/AS200651.net.xml
@@ -0,0 +1,33 @@
+<!--
+	Mismatched:
+		- ftp
+		- whm
+-->
+<ruleset name="as200651.net">
+	<target host="as200651.net" />
+	<target host="www.as200651.net" />
+	<target host="cpanel.as200651.net" />
+	<target host="fi.as200651.net" />
+	<target host="www.fi.as200651.net" />
+	<target host="cpanel.fi.as200651.net" />
+	<target host="mail.fi.as200651.net" />
+	<target host="webdisk.fi.as200651.net" />
+	<target host="webmail.fi.as200651.net" />
+	<target host="is.as200651.net" />
+	<target host="www.is.as200651.net" />
+	<target host="cpanel.is.as200651.net" />
+	<target host="mail.is.as200651.net" />
+	<target host="webdisk.is.as200651.net" />
+	<target host="webmail.is.as200651.net" />
+	<target host="mail.as200651.net" />
+	<target host="ro.as200651.net" />
+	<target host="www.ro.as200651.net" />
+	<target host="cpanel.ro.as200651.net" />
+	<target host="mail.ro.as200651.net" />
+	<target host="webdisk.ro.as200651.net" />
+	<target host="webmail.ro.as200651.net" />
+	<target host="webdisk.as200651.net" />
+	<target host="webmail.as200651.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ASACP.org.xml b/src/chrome/content/rules/ASACP.org.xml
new file mode 100644
index 000000000000..037cf0cbc9fc
--- /dev/null
+++ b/src/chrome/content/rules/ASACP.org.xml
@@ -0,0 +1,32 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- www.asacp.org
+
+
+	Mixed content:
+
+		- Bug on www from c23.statcounter.com *
+
+	* Secured by us
+
+-->
+<ruleset name="ASACP.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="asacp.org" />
+	<target host="www.asacp.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.asacp\.org$" name="^(PHPSESSID|t)$" /-->
+
+	<securecookie host="^www\.asacp\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ASADA.xml b/src/chrome/content/rules/ASADA.xml
new file mode 100644
index 000000000000..1c625d72e705
--- /dev/null
+++ b/src/chrome/content/rules/ASADA.xml
@@ -0,0 +1,7 @@
+<ruleset name="Australian Sports Anti-Doping Authority">
+	<target host="asada.gov.au" />
+	<target host="www.asada.gov.au" />
+
+	<rule from="^http://(?:www\.)?asada\.gov\.au/"
+		to="https://www.asada.gov.au/" />
+</ruleset>
diff --git a/src/chrome/content/rules/ASC_Trust.com.xml b/src/chrome/content/rules/ASC_Trust.com.xml
new file mode 100644
index 000000000000..cd6a07cd3a2a
--- /dev/null
+++ b/src/chrome/content/rules/ASC_Trust.com.xml
@@ -0,0 +1,34 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- asctrust.com
+		- www.asctrust.com
+
+
+	Mixed content:
+
+		- css from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="ASC Trust.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="asctrust.com" />
+	<target host="www.asctrust.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^asctrust\.com$" name="^dnn_IsMobile$" /-->
+	<!--securecookie host="^www\.asctrust\.com$" name="^(?:__RequestVerificationToken|\.ASPXANONYMOUS|ASP\.NET_SessionId|language)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ASDA.xml b/src/chrome/content/rules/ASDA.xml
index 9fc8e7332b8c..ca73bd774aae 100644
--- a/src/chrome/content/rules/ASDA.xml
+++ b/src/chrome/content/rules/ASDA.xml
@@ -1,64 +1,200 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://email.asda.com/fancybox/jquery.fancybox-1.3.4.css => https://email.asda.com/fancybox/jquery.fancybox-1.3.4.css: (6, 'Could not resolve host: email.asda.com')
+Fetch error: http://email.asda.com/ => https://email.asda.com/: (6, 'Could not resolve host: email.asda.com')
+Fetch error: http://omniture.groceries.asda.com/ => https://groceries.asda.com.d2.sc.omtrdc.net/: (51, "SSL: no alternative certificate subject name matches target host name 'groceries.asda.com.d2.sc.omtrdc.net'")
 
-	asda.ugc.bazaarvoice.com
+	For rules covering resources which do not secure
+	mixed content, see asda.com-resources.xml.
 
+	For other Wal-Mart coverage, see Walmart.com.xml.
 
-	Nonfunctional subdomains:
 
-		- greenroom *
-		- reviews		(redirects to http, akamai)
-		- shop			(shows walmart.com, mismatched, CN: cap-hosting.walmart.com)
-		- storelocator		(shows imp-facebook.i6a.co.uk, mismatched)
-		- your *
+	CDN buckets:
 
-	* Shows impuploader.i6a.co.uk, mismatched)
+		- asda.ugc.bazaarvoice.com
+		- d2shgyxr5r9niq.cloudfront.net
+		- asda.scene7.com
 
 
-	Problematic subdomains:
+	Nonfunctional hosts in *asda.com:
 
-		- credit-card		(shows credit-cardapply, mismatched)
-		- giftguide		(interrupted)
-		- omniture.groceries	(mismatched, CN: *.d2.sc.omtrdc.net)
-		- survey
+		- money ᵈ
+		- reviews ʰ
+		- survey ʳ
+		- tradein ᵃ
 
+	ᵃ Shows another domain
+	ᵈ Dropped
+	ʰ Redirects to http
+	ʳ Refused
 
-	Fully covered subdomains:
 
-		- cards
-		- credit-card			(→ apply.creation.co.uk)
-		- direct
-		- ipadkiosk.direct
-		- i.groceries
-		- omniture.groceries		(→ groceries.asda.com.d2.sc.omtrdc.net)
-		- groceries-qa2
-		- i\d-groceries
-		- money
-		- online-account-manager
-		- pulse
-		- tradein
+	Problematic hosts in *asda.com:
 
--->
-<ruleset name="ASDA (partial)">
+		- ^ ᵈ
+		- credit-card ᵃ
+		- ipadkiosk.direct ᵐ
+		- giftguide ᵈ
+		- greenroom ᵐ
+		- omniture.groceries ᵐ
+		- storelocator ᵐ
+		- www ᴬ
+		- your ᵐ
 
-	<target host="*.asda.com" />
+	ᵃ Shows credit-cardapply, equivalent to another domain
+	ᴬ Akamai / mismatched
+	ᵈ Dropped, preemptable redirect
+	ᵐ Mismatched
 
 
-	<securecookie host="^.+\.asda\.com$" name=".+" />
+	Partially covered hosts in *asda.com:
 
+		- direct ʰ
 
-	<rule from="^https?://credit-card\.asda\.com/$"
-		to="https://apply.creation.co.uk/apply/index.html?brandCode=asda_colleague" />
+	ʰ Some pages redirect to http
 
-	<rule from="^https?://credit-card\.asda\.com/(?!$)"
-		to="https://apply.creation.co.uk/" />
 
-	<rule from="^http://(cards|(?:ipadkiosk\.)?direct|email|i(?:\.|\d-)groceries|grocieries-qa2|money|online-account-manager|pulse|tradein)\.asda\.com/"
-		to="https://$1.asda.com/" />
+	These altnames do not exist:
+
+		- priceguarantee.asda.com
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- .asda.com
+		- cards.asda.com
+		- groceries.asda.com
+		- .groceries.asda.com
+		- home-insurance.asda.com
+		- mobile.asda.com
+		- storelocator.asda.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- direct from asda.scene7.com
+			- your from pbs.twimg.com ˢ
+			- www from $self
+
+		- favicon on www from $self
+		- Bug on storelocator from dev.virtualearth.net ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="ASDA.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="cards.asda.com" />
+	<target host="credit-cardapply.asda.com" />
+	<target host="direct.asda.com" />
+	<target host="email.asda.com" />
+	<target host="groceries.asda.com" />
+	<target host="apg.groceries.asda.com" />
+	<target host="i.groceries.asda.com" />
+	<target host="service.groceries.asda.com" />
+	<target host="groceries-qa2.asda.com" />
+	<target host="home-insurance.asda.com" />
+	<target host="i1-groceries.asda.com" />
+	<target host="i2-groceries.asda.com" />
+	<target host="i3-groceries.asda.com" />
+	<target host="low-prices.asda.com" />
+	<target host="mobile.asda.com" />
+	<target host="online-account-manager.asda.com" />
+	<target host="opticians.asda.com" />
+	<target host="pulse.asda.com" />
+	<target host="sustainability.asda.com" />
+	<target host="travelinsurance.asda.com" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://direct\.asda\.com/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="^http://direct\.asda\.com/(?!/*(?:favicon\.ico|on/demandware\.static/|on/demandware.store/Sites-ASDA-Site/default/(?:Login-Show|NewsletterSignup-Form|Order-Track)(?:$|[?/])))" /-->
+		<!--
+			Avoid potential XHR problems:
+							-->
+		<!--exclusion pattern="^http://direct\.asda\.com/(?!.+\.js(?:$|\?))" /-->
+		<!--
+			In sum:
+							-->
+		<!--exclusion pattern="^http://direct\.asda\.com/(?!/*(?:favicon\.ico|on/demandware\.static/(?!.+\.js(?:$|\?))|on/demandware.store/Sites-ASDA-Site/default/(?:Login-Show|NewsletterSignup-Form|Order-Track)(?:$|[?/])))" /-->
+		<!--
+			Do not incease non-Tor distinguishability:
+									-->
+		<exclusion pattern="^http://direct\.asda\.com/(?!/*on/demandware.store/Sites-ASDA-Site/default/(?:Login-Show|NewsletterSignup-Form|Order-Track)(?:$|[?/]))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://direct.asda.com/george/clothing/10,default,sc.html" />
+			<test url="http://direct.asda.com/on/demandware.static/-/Sites-ASDA-Library/default/v1469264129481/Beaconing/beacon_adapter_v1.04.js" />
+			<test url="http://direct.asda.com/on/demandware.static/-/Sites-ASDA-Library/default/v1469264129481/GeorgeJavascript/Fancybox/jquery.fancybox.min.js" />
+			<test url="http://direct.asda.com/on/demandware.static/-/Sites-ASDA-Library/default/v1469264129481/GeorgeJavascript/bxslider/jquery.bxslider.min.js" />
+			<test url="http://direct.asda.com/on/demandware.static/Sites-ASDA-Site/-/default/v1469264129481/internal/jscript/dwac-14.8.js" />
+			<test url="http://direct.asda.com/on/demandware.static/Sites-ASDA-Site/-/default/v1469264129481/internal/jscript/dwanalytics.js" />
+			<!--
+			<test url="http://direct.asda.com/on/demandware.static/Sites-ASDA-Site/-/default/v1469264129481/js/george.body.libraries.min.js" />
+			<test url="http://direct.asda.com/on/demandware.static/Sites-ASDA-Site/-/default/v1469264129481/js/george.libraries.min.js" />
+			-->
+
+			<!--	-ve:
+					-->
+			<!--
+			<test url="http://direct.asda.com/on/demandware.static/Sites-ASDA-Site/-/default/dw2daeaa8b/img/blank.gif" />
+			-->
+			<!--	Mixed image: -->
+			<test url="http://direct.asda.com/on/demandware.store/Sites-ASDA-Site/default/NewsletterSignup-Form" />
+			<test url="http://direct.asda.com/on/demandware.store/Sites-ASDA-Site/default/Order-Track" />
+			<test url="http://direct.asda.com/on/demandware.store/Sites-ASDA-Site/default/Login-Show" />
+
+		<!--	$ redirects to another domain, so:
+								-->
+		<test url="http://email.asda.com/fancybox/jquery.fancybox-1.3.4.css" />
+
+		<!--	Sets cookies without Secure:
+							-->
+		<!--test url="http://groceries.asda.com/api/user/view?responsegroup=extended&amp;addressload=none&amp;requestorigin=gi&amp;nextorder=false&amp;_=1" /-->
+
+		<test url="http://i.groceries.asda.com/g/086/045/5013026086045_500000_IDShot_3.jpeg" />
+		<test url="http://i1-groceries.asda.com/g/014/851/4069600014851_21000_IDShot_2.jpeg" />
+		<test url="http://i2-groceries.asda.com/g/209/273/5015116209273_500000_IDShot_3.jpeg" />
+		<test url="http://i3-groceries.asda.com/g/571/820/5052449571820_21000_IDShot_2.jpeg" />
+
+	<!--	Complications:
+				-->
+	<target host="credit-card.asda.com" />
+	<target host="omniture.groceries.asda.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.asda\.com$" name="^dtCookie$" /-->
+	<!--securecookie host="^cards\.asda\.com$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^groceries\.asda\.com$" name="^(?:ASDACOOKIECHECK$|DCENV$|JSESSIONID$|MTEP_EXISTING_SESSION$|NSC_|akaau_P[12]$)" /-->
+	<!--securecookie host="^\.groceries\.asda\.com$" name="^(?:SSID|SSLB|SSPV|SSRT|SSSC)$" /-->
+	<!--securecookie host="^home-insurance\.asda\.com$" name="^(?:\.Star|ASP\.NET_SessionId)$" /-->
+	<!--securecookie host="^(?:mobile|storelocator)\.asda\.com$" name="_session$" /-->
+
+	<securecookie host="^\." name="^(?:__cfduid$|_gat?$|_gat_|optimizely|s_v)" />
+	<securecookie host="^(?!direct\.).+\.asda\.com$" name=".+" />
+
+
+	<rule from="^http://credit-card\.asda\.com/"
+		to="https://apply.creation.co.uk/" />
 
-	<rule from="^https?://omniture\.groceries\.asda\.com/"
+	<rule from="^http://omniture\.groceries\.asda\.com/"
 		to="https://groceries.asda.com.d2.sc.omtrdc.net/" />
 
-	<rule from="^https?://survey\.asda\.com/(?:\?.*)?$"
-		to="https://www.emailvision.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ASIC.xml b/src/chrome/content/rules/ASIC.xml
new file mode 100644
index 000000000000..fe299f2a8b59
--- /dev/null
+++ b/src/chrome/content/rules/ASIC.xml
@@ -0,0 +1,12 @@
+<ruleset name="ASIC">
+	<target host="asic.gov.au" />
+	<target host="www.asic.gov.au" />
+	<target host="insolvencynotices.asic.gov.au" />
+	<target host="www.insolvencynotices.asic.gov.au" />
+
+	<rule from="^http://(?:www\.)?asic\.gov\.au/"
+		to="https://www.asic.gov.au/" />
+
+	<rule from="^http://(?:www\.)?insolvencynotices\.asic\.gov\.au/"
+		to="https://insolvencynotices.asic.gov.au/" />
+</ruleset>
diff --git a/src/chrome/content/rules/ASI_robots.com.xml b/src/chrome/content/rules/ASI_robots.com.xml
index 8fd528c29ff8..f889e97acc26 100644
--- a/src/chrome/content/rules/ASI_robots.com.xml
+++ b/src/chrome/content/rules/ASI_robots.com.xml
@@ -9,13 +9,12 @@
 <ruleset name="ASI robots.com">
 
 	<target host="asirobots.com" />
-	<target host="*.asirobots.com" />
+	<target host="www.asirobots.com" />
 
 
 	<securecookie host="^\.asirobots\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?asirobots\.com/"
-		to="https://$1asirobots.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/ASL19.org.xml b/src/chrome/content/rules/ASL19.org.xml
new file mode 100644
index 000000000000..2dd590cc6051
--- /dev/null
+++ b/src/chrome/content/rules/ASL19.org.xml
@@ -0,0 +1,20 @@
+<!--
+	Mixed content:
+
+		- css from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="ASL19.org">
+
+	<target host="asl19.org" />
+	<target host="www.asl19.org" />
+
+
+	<securecookie host="^\.asl19\.org$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ASN_Bank.nl.xml b/src/chrome/content/rules/ASN_Bank.nl.xml
new file mode 100644
index 000000000000..00d6562e6a72
--- /dev/null
+++ b/src/chrome/content/rules/ASN_Bank.nl.xml
@@ -0,0 +1,13 @@
+<ruleset name="ASN Bank.nl (partial)">
+
+	<target host="asnbank.nl" />
+	<target host="www.asnbank.nl" />
+	<target host="nieuws.asnbank.nl" />
+
+	<securecookie host="^\.www\.asnbank\.nl$" name=".+" />
+	<securecookie host="^nieuws\.asnbank\.nl$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ASP.NET.xml b/src/chrome/content/rules/ASP.NET.xml
deleted file mode 100644
index d472379042f9..000000000000
--- a/src/chrome/content/rules/ASP.NET.xml
+++ /dev/null
@@ -1,29 +0,0 @@
-<!--
-	For other Microsoft coverage, see Microsoft.xml.
-
-
-	Nonfunctional subdomains:
-
-		- (www.) *
-		- weblogs *
-
-	* Redirects to http
-
-
-	Problematic subdomains:
-
-		- i[123]	(works, akamai)
-
--->
-<ruleset name="ASP.NET (partial)">
-
-	<target host="login.asp.net" />
-
-
-	<securecookie host="^login\.asp\.net$" name=".+" />
-
-
-	<rule from="^http://login\.asp\.net/"
-		to="https://login.asp.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/ASPNETcdn.com.xml b/src/chrome/content/rules/ASPNETcdn.com.xml
index 2617d0b1c3fb..75ea14c95531 100644
--- a/src/chrome/content/rules/ASPNETcdn.com.xml
+++ b/src/chrome/content/rules/ASPNETcdn.com.xml
@@ -7,7 +7,7 @@
 	<target host="ajax.aspnetcdn.com" />
 
 
-	<rule from="^http://ajax\.aspnetcdn\.com/"
-		to="https://ajax.aspnetcdn.com/"/>
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ASPPlayground.NET.xml b/src/chrome/content/rules/ASPPlayground.NET.xml
index 4a8d74c41fb5..c9d9a6f889e7 100644
--- a/src/chrome/content/rules/ASPPlayground.NET.xml
+++ b/src/chrome/content/rules/ASPPlayground.NET.xml
@@ -1,13 +1,42 @@
+<!--
+	^aspplayground.net: 404
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.aspplayground.net
+
+
+	Mixed content:
+
+		- css from fonts.googleapis.com *
+		- Images from www.gravatar.com *
+
+	* Secured by us
+
+-->
 <ruleset name="ASPPlayground.NET">
 
-	<target host="aspplayground.net" />
+	<!--	Direct rewrites:
+				-->
 	<target host="www.aspplayground.net" />
 
+	<!--	Complications:
+				-->
+	<target host="aspplayground.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.aspplayground\.net$" name="^(ASPPG\.ASPPGSession|ASPPGbackURL|ASPPGpreURL)$" /-->
+
+	<securecookie host="^www\.aspplayground\.net$" name=".+" />
 
-	<securecookie host="^(?:www\.)?aspplayground\.net$" name=".+" />
 
+	<rule from="^http://aspplayground\.net/"
+		to="https://www.aspplayground.net/" />
 
-	<rule from="^http://(www\.)?aspplayground\.net/"
-		to="https://$1aspplayground.net/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ASUS.com.xml b/src/chrome/content/rules/ASUS.com.xml
new file mode 100644
index 000000000000..c45c85c3e1e8
--- /dev/null
+++ b/src/chrome/content/rules/ASUS.com.xml
@@ -0,0 +1,72 @@
+<!--
+	404:
+		- autodiscover
+		- csr
+		- press
+		- sonicmaster
+
+	Dropped:
+		- ^ (fixed by this ruleset)
+		- promos
+		- service
+		- www.service
+		- zenbook
+
+	Incomplete certificate chain:
+		- dlsvr04
+		- press
+		- qr
+
+	Mismatched:
+		- advantage
+		- dlcdnet
+		- eee
+		- emditpison
+		- support
+		- event
+
+	Mixed content:
+		- store
+
+	Redirect to HTTP:
+		- shop
+
+	Refused:
+		- myzen
+
+	SSL protocol error:
+		- commercialsupport
+		- www.commercialsupport
+-->
+
+<ruleset name="ASUS.com (partial)">
+	<target host="asus.com" />
+	<target host="www.asus.com" />
+	<target host="account.asus.com" />
+	<target host="advantage.asus.com" />
+	<target host="apps.asus.com" />
+	<target host="asuscontrolcenter.asus.com" />
+	<target host="ca.estore.asus.com" />
+	<target host="csr.asus.com" />
+	<target host="demeter.asus.com" />
+	<target host="dlcdnimgs.asus.com" />
+	<target host="edgeup.asus.com" />
+	<target host="eshop.asus.com" />
+	<target host="etrk.asus.com" />
+	<target host="event.asus.com" />
+	<target host="mymail.asus.com" />
+	<target host="pcdiy.asus.com" />
+	<target host="rog.asus.com" />
+	<target host="serviceshop.asus.com" />
+	<target host="talent.asus.com" />
+	<target host="techinstyle.asus.com" />
+	<target host="vip.asus.com" />
+	<target host="zenbo.asus.com" />
+	<target host="zenui.asus.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://asus\.com/" to="https://www.asus.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ASUS.xml b/src/chrome/content/rules/ASUS.xml
deleted file mode 100644
index 9378796a1298..000000000000
--- a/src/chrome/content/rules/ASUS.xml
+++ /dev/null
@@ -1,120 +0,0 @@
-<!--
-	CDN buckets:
-
-		- dlcdnet.asus.com.edgesuite.net
-
-			- a1828.b.akamai.net
-
-		- eee.asus.com.edgesuite.net
-		- event.asus.com.edgesuite.net
-
-		- press.asus.com.edgesuite.net
-
-			- a1479.g.akamai.net
-
-		- rog.asus.com.edgesuite.net
-		- support.asus.com.edgesuite.net
-
-		- zenbook.asus.com.edgesuite.net
-
-			- a1778.b.akamai.net
-
-
-	Nonfunctional subdomains:
-
-		- csr *
-		- eee **
-		- event		(403, akamai)
-		- rog		(503, akamai)
-		- (www.)service	(refused)
-		- sonicmaster *
-		- support **
-
-	* 404, valid cert
-	** 404, akamai
-
-
-	Problematic subdomains:
-
-		- ^ *
-		- autodiscover *
-		- dlcdnet **
-		- mail *
-		- press **
-		- zenbook **
-
-	* 404, valid cert
-	** Works, akamai
-
-
-	Partially covered subdomains:
-
-		- press *
-		- zenbook *
-
-	* → akamai, avoiding user-visible paths
-
-
-	Fully covered subdomains:
-
-		- (www.)	(^ → www)
-		- autodiscover	(→ mymail)
-		- account
-		- dlcdnet	(→ akamai)
-		- mail		(→ mymail)
-		- mymail
-		- serviceshop
-		- vip
-
-
-	Observed cookie domains:
-
-		- account
-		- mymail
-		- press
-		- serviceshop
-		- sonicmaster
-		- vip
-
--->
-<ruleset name="ASUS (partial)">
-
-	<target host="asus.com" />
-	<target host="*.asus.com" />
-		<!--exclusion pattern="^http://(csr|eee|event|rog|sonicmaster|support)\." /-->
-		<!--
-			Avoid user-visible paths:
-							-->
-		<!--exclusion pattern="^http://press\.asus\.com/(?!favicon\.ico|\w+/files/|wp-content/|wp-includes/)" /-->
-		<!--exclusion pattern="^http://zenbook\.asus\.com/(?!favicon\.ico|imgs/|rsc/)" /-->
-		<!--
-			Links images relative to /
-							-->
-		<!--exclusion pattern="^http://press\.asus\.com/wp-content/plugins/(auto-thickbox-plus/thickbox\.min\.css|easy-fancybox/easy-fancybox\.css\.php|shadowbox-js/shadowbox/shadowbox\.css)" /-->
-		<!--exclusion pattern="^http://zenbook\.asus\.com/rsc/all\.css" /-->
-
-
-	<securecookie host=".+\.asus\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?asus\.com/"
-		to="https://www.asus.com/" />
-
-	<rule from="^http://(account|mymail|serviceshop|vip)\.asus\.com/"
-		to="https://$1.asus.com/" />
-
-	<!--	Server drops path:
-					-->
-	<rule from="^http://(?:autodiscover|mail)\.asus\.com/.*"
-		to="https://mymail.asus.com/owa/" />
-
-	<rule from="^http://dlcdnet\.asus\.com/"
-		to="https://a248.e.akamai.net/f/1828/2290/9f/dlcdnet.asus.com/" />
-
-	<rule from="^http://press\.asus\.com/(?=favicon\.ico|\w+/files/|wp-content/(?!plugins/(?:auto-thickbox-plus|easy-fancybox|shadowbox-js/shadowbox)/[\w.-]+\.css)|wp-includes/)"
-		to="https://a248.e.akamai.net/f/1479/3611/4f/press.asus.com/" />
-
-	<rule from="^http://zenbook\.asus\.com/(?=favicon\.ico|imgs/|rsc/(?!all\.css))"
-		to="https://a248.e.akamai.net/f/1778/5348/10h/zenbook.asus.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/ATBank.xml b/src/chrome/content/rules/ATBank.xml
index 9a254cd3f709..29625fe0ea3c 100644
--- a/src/chrome/content/rules/ATBank.xml
+++ b/src/chrome/content/rules/ATBank.xml
@@ -1,8 +1,9 @@
 <ruleset name="ATBank">
-  <!-- Rule created by Jeroen van der Gun -->
+	<!-- Rule created by Jeroen van der Gun -->
 
-  <target host="www.atbank.nl" />
-  <target host="atbank.nl" />
+	<target host="www.atbank.nl" />
+	<target host="atbank.nl" />
 
-  <rule from="^http://(?:www\.)?atbank\.nl/" to="https://www.atbank.nl/"/>
+ 	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/ATG_Web_Commerce.xml b/src/chrome/content/rules/ATG_Web_Commerce.xml
deleted file mode 100644
index 33785eda8b9d..000000000000
--- a/src/chrome/content/rules/ATG_Web_Commerce.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	For other Oracle coverage, see Oracle.xml.
-
--->
-<ruleset name="ATG Web Commerce">
-
-	<target host="*.instantservice.com" />
-
-
-	<securecookie host="^[gr]s\.instantservice\.com$" name=".+" />
-
-
-	<rule from="^http://(g|r)s\.instantservice\.com/"
-		to="https://$1s.instantservice.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/ATNAME.xml b/src/chrome/content/rules/ATNAME.xml
index 911b89d66ad6..d80fdf6158dc 100644
--- a/src/chrome/content/rules/ATNAME.xml
+++ b/src/chrome/content/rules/ATNAME.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(?:www\.)?atname\.ru/"
 		to="https://atname.ru/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ATS.aq.xml b/src/chrome/content/rules/ATS.aq.xml
new file mode 100644
index 000000000000..09b86e4f9aab
--- /dev/null
+++ b/src/chrome/content/rules/ATS.aq.xml
@@ -0,0 +1,22 @@
+<!--
+	Nonfunctional hosts in *ats.aq:
+
+		- (www.)? ᵃ
+		- forum ᵈ
+
+	ᵃ Shows another domain
+	ᵈ Dropped
+
+-->
+<ruleset name="ATS.aq (partial)">
+
+	<target host="contacts.ats.aq" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ATV.hu.xml b/src/chrome/content/rules/ATV.hu.xml
index 84e3508d620b..8b3c127c4237 100644
--- a/src/chrome/content/rules/ATV.hu.xml
+++ b/src/chrome/content/rules/ATV.hu.xml
@@ -1,9 +1,15 @@
-<!-- Nonfunctional subdomains:
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://static.atv.hu/ => https://static.atv.hu/: (6, 'Could not resolve host: static.atv.hu')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://static.atv.hu/ => https://static.atv.hu/: (6, 'Could not resolve host: static.atv.hu') Nonfunctional subdomains:
 	 - www.atv.hu cert mismatch
 	 - atv.hu cert mismatch
 -->
-<ruleset name="ATV.hu (partial)">
+<ruleset name="ATV.hu (partial)" default_off="failed ruleset test">
 	<target host="static.atv.hu" />
 
-	<rule from="^http://static\.atv\.hu/" to="https://static.atv.hu/" />
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/AT_Internet_Solutions.xml b/src/chrome/content/rules/AT_Internet_Solutions.xml
index be9552273137..60022d59104f 100644
--- a/src/chrome/content/rules/AT_Internet_Solutions.xml
+++ b/src/chrome/content/rules/AT_Internet_Solutions.xml
@@ -1,19 +1,111 @@
 <!--
-	Problematic subdomains:
+	Cert expired:
+		- nxsqlstd.atinternet-solutions.com
+		- protogeode.atinternet-solutions.com
 
-		- ^	(cert only matches *.atinternet-solutions.com)
+	Cert mismatch:
+		- ^
+		- helpcenter.atinternet-solutions.com
+		- ulsecure.atinternet-solutions.com
 
+
+	Connection refused:
+		- appschina.atinternet-solutions.com
+		- atnotifier.atinternet-solutions.com
+		- static-aws-bdx.atinternet-solutions.com
+		- tests.atinternet-solutions.com
+
+	No route to host:
+		- apipreprod-019.atinternet-solutions.com
+		- masterproxy.atinternet-solutions.com
+		- nx-prodfix-005.atinternet-solutions.com
+		- nx-prodfix-005-internal.atinternet-solutions.com
+		- nx005.atinternet-solutions.com
+		- nx005-internal.atinternet-solutions.com
+		- nxpreprod005.atinternet-solutions.com
+
+	Timeout:
+		- apipreprod-020.atinternet-solutions.com
+		- apirestbouygues.atinternet-solutions.com
+		- dws2-k.atinternet-solutions.com
+		- dws2preprod-k.atinternet-solutions.com
+		- geode-devbordeaux.atinternet-solutions.com
+		- geode-devbordeaux2.atinternet-solutions.com
+		- geode-devbordeaux3.atinternet-solutions.com
+		- restdev.atinternet-solutions.com
+		- soa11.atinternet-solutions.com
+
+	TLS error:
+		- geode-fullcloudaws.atinternet-solutions.com
 -->
 <ruleset name="AT Internet Solutions">
 
 	<target host="atinternet-solutions.com" />
 	<target host="www.atinternet-solutions.com" />
+	<target host="api.atinternet-solutions.com" />
+	<target host="apiflow.atinternet-solutions.com" />
+	<target host="apipreprod-009.atinternet-solutions.com" />
+	<target host="apirest.atinternet-solutions.com" />
+	<target host="apirest-soa025.atinternet-solutions.com" />
+	<target host="app.atinternet-solutions.com" />
+	<target host="apps.atinternet-solutions.com" />
+	<target host="apps-009.atinternet-solutions.com" />
+	<target host="apps-prodfix-009.atinternet-solutions.com" />
+	<target host="apps1.atinternet-solutions.com" />
+	<target host="apps2.atinternet-solutions.com" />
+	<target host="apps3.atinternet-solutions.com" />
+	<target host="assets.atinternet-solutions.com" />
+	<target host="dashboardapi-prod.atinternet-solutions.com" />
+	<target host="dataflow.atinternet-solutions.com" />
+	<target host="developers.atinternet-solutions.com" />
+	<target host="docs75.atinternet-solutions.com" />
+	<target host="dws2.atinternet-solutions.com" />
+	<target host="dws2-009.atinternet-solutions.com" />
+	<target host="dws2-prodfix-009.atinternet-solutions.com" />
+	<target host="exportsproxy.atinternet-solutions.com" />
+	<target host="geode-dev.atinternet-solutions.com" />
+	<target host="geode-divorce.atinternet-solutions.com" />
+	<target host="geode-prodfix.atinternet-solutions.com" />
+	<target host="geode-prodfix1.atinternet-solutions.com" />
+	<target host="geode-prodfix2.atinternet-solutions.com" />
+	<target host="geode-prodfix3.atinternet-solutions.com" />
+	<target host="geode-prodfix4.atinternet-solutions.com" />
+	<target host="help.atinternet-solutions.com" />
+	<target host="help-006.atinternet-solutions.com" />
+	<target host="help-007.atinternet-solutions.com" />
+	<target host="help-009.atinternet-solutions.com" />
+	<target host="helpcentre.atinternet-solutions.com" />
+	<target host="livetagging.atinternet-solutions.com" />
+	<target host="notif-dtc-bod.atinternet-solutions.com" />
+	<target host="nx-009.atinternet-solutions.com" />
+	<target host="nx-dev.atinternet-solutions.com" />
+	<target host="nx-prodfix.atinternet-solutions.com" />
+	<target host="nx-prodfix-006.atinternet-solutions.com" />
+	<target host="nx-prodfix-006-internal.atinternet-solutions.com" />
+	<target host="nx-prodfix-007.atinternet-solutions.com" />
+	<target host="nx-prodfix-007-internal.atinternet-solutions.com" />
+	<target host="nx-prodfix-009.atinternet-solutions.com" />
+	<target host="nx006.atinternet-solutions.com" />
+	<target host="nx006-internal.atinternet-solutions.com" />
+	<target host="nx007.atinternet-solutions.com" />
+	<target host="nx007-internal.atinternet-solutions.com" />
+	<target host="nxpreprod006.atinternet-solutions.com" />
+	<target host="nxpreprod006-internal.atinternet-solutions.com" />
+	<target host="nxpreprod007.atinternet-solutions.com" />
+	<target host="nxpreprod007-internal.atinternet-solutions.com" />
+	<target host="proxy-vip-1.atinternet-solutions.com" />
+	<target host="sat-dtc-bod.atinternet-solutions.com" />
+	<target host="secure.atinternet-solutions.com" />
+	<target host="sso.atinternet-solutions.com" />
+	<target host="static-aws.atinternet-solutions.com" />
+	<target host="static-aws-dev.atinternet-solutions.com" />
+	<target host="static-aws-preprod.atinternet-solutions.com" />
 
+	<target host="tag.aticdn.net" />
 
 	<securecookie host="^www\.atinternet-solutions\.com$" name=".+" />
 
+	<rule from="^http:"
+		to="https:" />
 
-	<rule from="^http://(?:www\.)?atinternet-solutions\.com/"
-		to="https://www.atinternet-solutions.com/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ATandT.xml b/src/chrome/content/rules/ATandT.xml
index 6d83390f364a..bb476a5ed9fa 100644
--- a/src/chrome/content/rules/ATandT.xml
+++ b/src/chrome/content/rules/ATandT.xml
@@ -1,86 +1,63 @@
 <!--
 	Other AT&T rulesets:
-
 		- BellSouth.xml
 		- Sslcert35.com.xml
 
-
 	CDN buckets:
-
 		- cng.i.lithium.com
 
+	Connection refused:
+		- blogs.att.net
+		- preview.att.net
+		- repair.att.com
+		- www.research.att.com
 
-	Nonfunctional domains:
-
-		- att.com subdomains:
-
-			- repair		(times out)
-			- (www.)research	(prints "this is a test")
-			- savings
-			- att.uc		(http & https data differ)
-
-		- blogs.att.net *
-		- preview.att.net *
-		- (www.)attpublicpolicy.com	(shows RHEL default page, CN: localhost.localdomain)
-
-	* Times out
-
-
-	Problematic domains:
-
-		- att.com subdomains:
-
-			- (www.)business	(reset)
-			- uc			(works; mismatched, CN: *.sslcert35.com)
-
-
-	Fully covered domains:
-
-		- att.com subdomains:
-
-			- (www.)
-			- connect
-			- www.corp
-			- cprodmasx
-			- developer
-			- www.e-access
-			- forums
-			- localization
-			- networkingexchangeblog
-			- rewardcenter
-			- smb
-			- trial.uc
-			- ufix
-			- uversecentral[3]
-			- webhosting
-			- www.wireless
-
-		- [013].ecom.attccc.com
-
+	Invalid certificate:
+		- uc.att.com, equivalent to www.uc.att.com
 -->
-<ruleset name="AT&amp;T (partial)">
 
+<ruleset name="AT&amp;T (partial)">
+	<!-- att.com -->
 	<target host="att.com" />
-	<target host="*.att.com" />
-	<target host="*.ecom.attccc.com" />
-
+	<target host="www.att.com" />
+	<target host="about.att.com" />
+	<target host="business.att.com" />
+	<target host="www.business.att.com" />
+	<target host="www.corp.att.com" />
+	<target host="cprodmasx.att.com" />
+	<target host="developer.att.com" />
+	<target host="www.e-access.att.com" />
+	<target host="forums.att.com" />
+	<target host="localization.att.com" />
+	<target host="networkingexchangeblog.att.com" />
+	<target host="rewardcenter.att.com" />
+	<target host="smb.att.com" />
+	<target host="uc.att.com" />
+	<target host="www.uc.att.com" />
+	<target host="ufix.att.com" />
+	<target host="uversecentral.att.com" />
+	<target host="uversecentral1.att.com" />
+	<target host="uversecentral2.att.com" />
+	<target host="uversecentral3.att.com" />
+	<target host="webhosting.att.com" />
+	<target host="wireless.att.com" />
+	<target host="www.wireless.att.com" />
+
+	<!-- attccc.com -->
+	<target host="0.ecom.attccc.com" />
+	<target host="1.ecom.attccc.com" />
+	<target host="2.ecom.attccc.com" />
+	<target host="3.ecom.attccc.com" />
+
+	<!-- attpublicpolicy.com -->
+	<target host="attpublicpolicy.com" />
+	<target host="www.attpublicpolicy.com" />
 
 	<securecookie host="^.*\.att\.com$" name=".+" />
 
 
-	<rule from="^http://((?:connect|www\.corp|cprodmasx|developer|www\.e-access|forums|localization|networkingexchangeblog|rewardcenter|smb|trial\.uc|ufix|uversecentral\d|webhosting|www\.wireless|www)\.)?att\.com/"
-		to="https://$1att.com/" />
-
-	<rule from="^https?://(?:www\.)?business\.att\.com/(?:enterprise/)?(?:\?.*)?$"
-		to="https://www.att.com/gen/landing-pages?pid=9214" />
-
-	<!--	https://wireless redirects to login, while
-		http://wireless redirects like so.
-							-->
-	<rule from="^http://wireless\.att\.com/($|\?)"
-		to="https://www.att.com/shop/wireless/$1" />
-
-	<rule from="^http://(\d)\.ecom\.attccc\.com/"
-		to="https://$1.ecom.attccc.com/" />
+	<rule from="^http://uc\.att\.com/"
+		to="https://www.uc.att.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/ATbar.xml b/src/chrome/content/rules/ATbar.xml
index 76ab5e87f6eb..51ca62f66252 100644
--- a/src/chrome/content/rules/ATbar.xml
+++ b/src/chrome/content/rules/ATbar.xml
@@ -13,7 +13,6 @@
 	<target host="ssl.atbar.org" />
 
 
-	<rule from="^http://ssl\.atbar\.org/"
-		to="https://ssl.atbar.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ATech.io.xml b/src/chrome/content/rules/ATech.io.xml
new file mode 100644
index 000000000000..9f29f133e3f2
--- /dev/null
+++ b/src/chrome/content/rules/ATech.io.xml
@@ -0,0 +1,42 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cacti.atech.io/ => https://cacti.atech.io/: (7, 'Failed to connect to cacti.atech.io port 443: Connection refused')
+
+	For other aTech Media coverage, see ATech_Media.xml.
+
+
+	(www.)?atech.io: Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- cacti.atech.io
+
+-->
+<ruleset name="aTech.io" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="cacti.atech.io" />
+
+	<!--	Complications:
+				-->
+	<target host="atech.io" />
+	<target host="www.atech.io" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^cacti\.atech\.io$" name="^Cacti$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?atech\.io/"
+		to="https://atechmedia.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ATech_Media.xml b/src/chrome/content/rules/ATech_Media.xml
index f2f3f37b0b75..f629ce66a871 100644
--- a/src/chrome/content/rules/ATech_Media.xml
+++ b/src/chrome/content/rules/ATech_Media.xml
@@ -1,33 +1,86 @@
 <!--
-	Nonfunctional domains:
+	For rules causing false/broken MCB, see ATech_Media.com-falsemixed.xml.
 
-		- cloud.atechmedia.com		(http reply)
-		- status.atechmedia.com		(refused)
+	Other aTech Media rulesets:
 
+		- ATech.io.xml
+		- Codebase_HQ.com.xml
 
-	Problematic domains:
 
-		- (www.)atech.io	(mismatched, CN: *.atechmedia.com)
+	Nonfunctional hosts in *atechmedia.com:
 
+		- cloud ¹
+		- status ²
 
-	Fully covered domains:
+	¹ Shows another domain
+	² Refused
 
-		- (www.)atech.io	(→ atechmedia.com)
-		- (www.)atechmedia.com
+
+	Problematic hosts in *atechmedia.com:
+
+		- send ¹
+		- www ²
+
+	¹ Mixed css
+	² Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- atechmedia.com
+		- apns.atechmedia.com
+		- gcm.atechmedia.com
+		- identity.atechmedia.com
+		- send.atechmedia.com
+		- suggest.atechmedia.com
+
+
+	Mixed content:
+
+		- css on send from $self *
+
+		- Images, on :
+
+			- send from $self *
+			- send from i2.wp.com *
+
+	* Secured by us
 
 -->
-<ruleset name="aTech Media (partial)">
+<ruleset name="aTech Media.com (partial)">
 
-	<target host="atech.io" />
-	<target host="www.atech.io" />
+	<!--	Direct rewrites:
+				-->
 	<target host="atechmedia.com" />
+	<target host="apns.atechmedia.com" />
+	<target host="blog.atechmedia.com" />
+	<target host="gcm.atechmedia.com" />
+	<target host="identity.atechmedia.com" />
+	<!--target host="send.atechmedia.com" /-->
+	<target host="suggest.atechmedia.com" />
+
+	<!--	Complications:
+				-->
 	<target host="www.atechmedia.com" />
 
 
-	<securecookie host="^(?:www\.)?atechmedia\.com$" name=".+" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^atechmedia\.com$" name="^(?:_atech-website_session|browser_id)$" /-->
+	<!--securecookie host="^apns\.atechmedia\.com$" name="^_apns-proxy_session$" /-->
+	<!--securecookie host="^community\.atechmedia\.com$" name="^session_id$" /-->
+	<!--securecookie host="^gcm\.atechmedia\.com$" name="^_gcm_proxy_session$" /-->
+	<!--securecookie host="^identity\.atechmedia\.com$" name="^(?:_identity2_session|browser_id)$" /-->
+	<!--securecookie host="^send\.atechmedia\.com$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^suggest\.atechmedia\.com$" name="^(?:_suggest_session|browser_id)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
 
+	<rule from="^http://www\.atechmedia\.com/"
+		to="https://atechmedia.com/" />
 
-	<rule from="^http://(www\.)?atech(?:\.io|media\.com)/"
-		to="https://$1atechmedia.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ATrpms.net.xml b/src/chrome/content/rules/ATrpms.net.xml
index 1c3c3dfdb60c..c6bd2b7c73b9 100644
--- a/src/chrome/content/rules/ATrpms.net.xml
+++ b/src/chrome/content/rules/ATrpms.net.xml
@@ -17,4 +17,4 @@
 	<rule from="^http://(?:www\.)?atrpms\.net/"
 		to="https://atrpms.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/AV-Comparatives.org.xml b/src/chrome/content/rules/AV-Comparatives.org.xml
new file mode 100644
index 000000000000..02b03d895fc2
--- /dev/null
+++ b/src/chrome/content/rules/AV-Comparatives.org.xml
@@ -0,0 +1,30 @@
+<!--
+	Related domain without HTTPS support: av-comparatives.info
+
+
+	Time out:
+		feedbacksystem.av-comparatives.org
+
+	No working URL known:
+		spammap.av-comparatives.org
+
+	Redirect to http:
+		undroid.av-comparatives.org
+
+-->
+<ruleset name="AV-Comparatives">
+
+	<target host="av-comparatives.org" />
+	<target host="www.av-comparatives.org" />
+	<target host="chart.av-comparatives.org" />
+	<target host="clipping.av-comparatives.org" />
+	<target host="forum.av-comparatives.org" />
+	<target host="weblog.av-comparatives.org" />
+	<target host="wp.av-comparatives.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AV-Comparatives.xml b/src/chrome/content/rules/AV-Comparatives.xml
deleted file mode 100644
index d40d615235bf..000000000000
--- a/src/chrome/content/rules/AV-Comparatives.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	CN: webserver.ispgateway.de
-
--->
-<ruleset name="AV-Comparatives" default_off="mismatched, self-signed">
-
-	<target host="av-comparatives.org" />
-	<target host="www.av-comparatives.org" />
-
-
-	<securecookie host="^av-comparatives\.org$" name=".+" />
-
-
-	<rule from="^https?://(?:www\.)?av-comparatives\.org/"
-		to="https://av-comparatives.org/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/AVG.com.xml b/src/chrome/content/rules/AVG.com.xml
new file mode 100644
index 000000000000..ccc60c2f814e
--- /dev/null
+++ b/src/chrome/content/rules/AVG.com.xml
@@ -0,0 +1,35 @@
+<!--
+	CDN buckets;
+
+		- www-cn.avg.com.edgesuite.net
+
+			www
+
+
+	Nonfunctional subdomains:
+
+		- ^	(dropped)
+		- www	(redirects to http)
+
+
+	Fully covered subdomains:
+
+		- inst
+
+		- *.inst:
+
+			- c04
+
+-->
+<ruleset name="AVG.com (partial)">
+
+	<target host="*.avg.com" />
+
+
+	<securecookie host="^(?:\w+\.)?inst\.avg\.com$" name=".+" />
+
+
+	<rule from="^http://(\w+\.)?inst\.avg\.com/"
+		to="https://$1inst.avg.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AVHT.org.xml b/src/chrome/content/rules/AVHT.org.xml
new file mode 100644
index 000000000000..ad292896c51d
--- /dev/null
+++ b/src/chrome/content/rules/AVHT.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="AVHT.org">
+
+	<target host="avht.org" />
+	<target host="www.avht.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AVON.cz.xml b/src/chrome/content/rules/AVON.cz.xml
new file mode 100644
index 000000000000..c749753d5a7f
--- /dev/null
+++ b/src/chrome/content/rules/AVON.cz.xml
@@ -0,0 +1,13 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://avon.cz/ => https://avon.cz/: (51, "SSL: no alternative certificate subject name matches target host name 'avon.cz'")
+
+-->
+<ruleset name="AVON.cz" default_off="failed ruleset test">
+    <target host="avon.cz" />
+    <target host="www.avon.cz" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AWSCloud.com.xml b/src/chrome/content/rules/AWSCloud.com.xml
new file mode 100644
index 000000000000..78fb3d1fa935
--- /dev/null
+++ b/src/chrome/content/rules/AWSCloud.com.xml
@@ -0,0 +1,16 @@
+<!--
+	For other Amazon coverage, see Amazon.xml.
+
+	Refused:
+		- email
+-->
+
+<ruleset name="AWSCloud.com">
+	<target host="awscloud.com" />
+	<target host="www.awscloud.com" />
+	<target host="pages.awscloud.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AWSInsider.net.xml b/src/chrome/content/rules/AWSInsider.net.xml
new file mode 100644
index 000000000000..15811c841308
--- /dev/null
+++ b/src/chrome/content/rules/AWSInsider.net.xml
@@ -0,0 +1,28 @@
+<!--
+	For other 1105 Media coverage, see 1105_Media.com.xml.
+
+
+	Insecure cookies are set for these hosts:
+
+		- awsinsider.net
+
+-->
+<ruleset name="AWSInsider.net">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="awsinsider.net" />
+	<target host="www.awsinsider.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^awsinsider\.net$" name="^(ASP\.NET_SessionId|BIGipServerPool[\w-]+)$" /-->
+
+	<securecookie host="^awsinsider\.net$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AWS_Trust.com.xml b/src/chrome/content/rules/AWS_Trust.com.xml
new file mode 100644
index 000000000000..8119734bcb90
--- /dev/null
+++ b/src/chrome/content/rules/AWS_Trust.com.xml
@@ -0,0 +1,31 @@
+<!--
+	For other Amazon coverage, see Amazon.xml.
+
+
+	^awstrust.com: 502
+
+-->
+<ruleset name="AWS Trust.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.awstrust.com" />
+
+	<!--	Complications:
+				-->
+	<target host="awstrust.com" />
+
+
+	<!--	Redirect keeps path and forward
+		slash, but not args:
+					-->
+	<rule from="^http://awstrust\.com/([^?]*).*"
+		to="https://www.amazontrust.com/$1" />
+
+		<test url="http://awstrust.com/index.htm" />
+		<test url="http://awstrust.com/index.php" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AWcloud.net.xml b/src/chrome/content/rules/AWcloud.net.xml
deleted file mode 100644
index 33dfd89d6feb..000000000000
--- a/src/chrome/content/rules/AWcloud.net.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)	(data differ; expired 2012-12-04, mismatched, CN: givemesomesugar.inkstonehq.com)
-
--->
-<ruleset name="AWcloud.net">
-
-	<target host="*.awcloud.net" />
-
-
-	<rule from="^http://(projecta|stats)\.awcloud\.net/"
-		to="https://$1.awcloud.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/AWeber-Communications.xml b/src/chrome/content/rules/AWeber-Communications.xml
deleted file mode 100644
index aec21b56f2b6..000000000000
--- a/src/chrome/content/rules/AWeber-Communications.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="AWeber Communications (partial)">
-	<target host="forms.aweber.com" />
-	<target host="help.aweber.com" />
-	<target host="labs.aweber.com" />
-
-	<securecookie host="^(forms|help|labs)\.aweber\.com$" name=".+" />
-
-	<rule from="^http://(forms|help|labs)\.aweber\.com/"
-		to="https://$1.aweber.com/" />
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/AWeber-static.com.xml b/src/chrome/content/rules/AWeber-static.com.xml
new file mode 100644
index 000000000000..43eb18005f54
--- /dev/null
+++ b/src/chrome/content/rules/AWeber-static.com.xml
@@ -0,0 +1,24 @@
+<!--
+	For other AWeber.com related rulesets, see AWeber.com.xml
+
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- www.aweber-static.com
+		- awas2.aweber-static.com
+		- blog-can.aweber-static.com
+		- blog-cdn.aweber-static.com
+		- hostedimages.aweber-static.com
+		- hostmaster.aweber-static.com
+-->
+<ruleset name="AWeber-static.com (partial)">
+	<target host="aweber-static.com" />
+	<target host="assets.aweber-static.com" />
+	<target host="cdn1.aweber-static.com" />
+	<target host="cdn2.aweber-static.com" />
+	<target host="cdn3.aweber-static.com" />
+	<target host="cdn4.aweber-static.com" />
+	<target host="cdn5.aweber-static.com" />
+	<target host="hostedimages-cdn.aweber-static.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AWeber.com.xml b/src/chrome/content/rules/AWeber.com.xml
new file mode 100644
index 000000000000..a187687b922b
--- /dev/null
+++ b/src/chrome/content/rules/AWeber.com.xml
@@ -0,0 +1,31 @@
+<!--
+	Other AWeber.com related rulesets:
+	+ AWeber-static.com.xml
+-->
+<ruleset name="AWeber.com">
+	<target host="aweber.com" />
+	<target host="www.aweber.com" />
+	<target host="aikidoroll.aweber.com" />
+	<target host="api.aweber.com" />
+	<target host="archive.aweber.com" />
+	<target host="analytics.aweber.com" />
+	<target host="blog.aweber.com" />
+	<target host="clicks.aweber.com" />
+	<target host="emailmasterminds.aweber.com" />
+	<target host="engineering.aweber.com" />
+	<target host="erickgamio.aweber.com" />
+	<target host="forms.aweber.com" />
+	<target host="help.aweber.com" />
+	<target host="labs.aweber.com" />
+	<target host="mindlessmarketing.aweber.com" />
+	<target host="nieuwsbriefsysteem.aweber.com" />
+	<target host="orms.aweber.com" />
+	<target host="services.aweber.com" />
+	<target host="status.aweber.com" />
+	<target host="stephenesketzis.aweber.com" />
+	<target host="webhooks.aweber.com" />
+	<target host="webmazter.aweber.com" />
+	<target host="wu.aweber.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AWeber.xml b/src/chrome/content/rules/AWeber.xml
deleted file mode 100644
index 1b3e6485b2fe..000000000000
--- a/src/chrome/content/rules/AWeber.xml
+++ /dev/null
@@ -1,72 +0,0 @@
-<!--
-
-	CDN buckets:
-
-		- hostedimages.aweber-static.com.s3.amazonaws.com
-		- blogcontent.awebercommunicat.netdna-cdn.com
-			- blog-cdn.aweber-static.com
-			- blogcontent-awebercommunicat.netdna-ssl.com doesn't exist
-
-	aweber.zendesk.com
-
-
-	Nonfunctional domains:
-
-		- blog-cdn.aweber-static.com	(cert: netdna-ssl.com; 404)
-
-
-	Targets solely for wildcard cookies:
-
-		- *.forms.aweber.com
-
--->
-<ruleset name="AWeber (partial)">
-
-	<target host="aweber.com" />
-	<target host="*.aweber.com" />
-		<!--
-			Some paths 302 to http.
-
-			These do:
-
-				- $
-				- affiliates.htm
-				- antispam.htm
-				- blog/
-				- email-marketing-features.htm
-				- pricing.htm
-				- privacy.htm
-
-			These don't:
-
-				- contact-us.htm
-				- images/
-				- img/
-				- login.htm
-				- order.htm
-
-		<exclusion pattern="^http://(?:www\.)?aweber\.com/(((affiliates|antispam|email-marketing-features|priving|privacy)\.htm)?($|\?)|blog(/|\?|/))" /-->
-	<target host="*.forms.aweber.com" />
-	<target host="*.aweber-static.com" />
-
-
-	<securecookie host="^(?:\.?forms|help|labs)\.aweber\.com$" name=".+" />
-	<securecookie host="^.*\.aweber-static\.com$" name=".+" />
-
-
-	<!--	Cert is valid for !www, but doesn't
-		work even over http (blank page).
-							-->
-	<rule from="^http://(?:www\.)?aweber\.com/(banners/|blog(?:$|\?|/)|(?:(?:contact-us|login|order)\.htm)(?:$|\?)|images/|img/)"
-		to="https://www.aweber.com/$1"/>
-
-	<rule from="^http://(analytics|forms|help|labs)\.aweber\.com/"
-		to="https://$1s.aweber.com/" />
-
-	<rule from="^http://cdn([1-5])\.aweber-static\.com/"
-		to="https://cdn$1.weber-static.com/" />
-
-	<rule from="^https?://hostedimages\.aweber-static\.com/"
-		to="https://s3.amazonaws.com/hostedimages.aweber-static.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/AXA.xml b/src/chrome/content/rules/AXA.xml
index 30448946e7a0..b17581b781c4 100644
--- a/src/chrome/content/rules/AXA.xml
+++ b/src/chrome/content/rules/AXA.xml
@@ -1,23 +1,12 @@
 <!--
-	Nonfunctional subdomains:
-
-		- (www.) *
-		- annualreport *
-		- channel *
-		- longevity *
-
-	* Times out
-
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- annualreport.axa.com
+		- channel.axa.com
 -->
 <ruleset name="AXA (partial)">
+	<target host="axa.com" />
+	<target host="www.axa.com" />
 
-	<target host="creativegallery.axa.com" />
-
-
-	<securecookie host="^creativegallery\.axa\.com$" name=".+" />
-
-
-	<rule from="^http://creativegallery\.axa\.com/"
-		to="https://creativegallery.axa.com/" />
-
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AXA_Winterthur.xml b/src/chrome/content/rules/AXA_Winterthur.xml
index e035ae332b00..532ca9036316 100644
--- a/src/chrome/content/rules/AXA_Winterthur.xml
+++ b/src/chrome/content/rules/AXA_Winterthur.xml
@@ -2,7 +2,7 @@
     <target host="axa-winterthur.ch" />
     <target host="*.axa-winterthur.ch" />
 
-    <rule from="^https?://axa-winterthur\.ch/"
+    <rule from="^http://axa-winterthur\.ch/"
         to="https://www.axa-winterthur.ch/"/>
     <rule from="^http://([^/:@]+)?\.axa-winterthur\.ch/"
         to="https://$1.axa-winterthur.ch/" />
diff --git a/src/chrome/content/rules/AZHCA.org.xml b/src/chrome/content/rules/AZHCA.org.xml
index feeaa83f37e6..fe20a8dc163c 100644
--- a/src/chrome/content/rules/AZHCA.org.xml
+++ b/src/chrome/content/rules/AZHCA.org.xml
@@ -1,17 +1,26 @@
 <!--
-	^azhca.org shows blank page over http
+	Invalid certificate:
+		azhca.org
+		disasterready.azhca.org
+
+	Time out:
+		affiliates.azhca.org
+		facilityfinder.azhca.org
+
+	Secure connection failed:
+		ceu.azhca.org
+		resources.azhca.org
+		tradeshows.azhca.org
 
 -->
 <ruleset name="AZHCA.org">
 
 	<target host="azhca.org" />
-	<target host="*.azhca.org" />
-
-
-	<securecookie host="^(?:www)?\.azhca\.org$" name=".+" />
+	<target host="www.azhca.org" />
 
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(?:www\.)?azhca\.org/"
+	<rule from="^http://(www\.)?azhca\.org/"
 		to="https://www.azhca.org/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/A_1000_Words.com.xml b/src/chrome/content/rules/A_1000_Words.com.xml
index c64bf0bd04a0..0490eb9e8771 100644
--- a/src/chrome/content/rules/A_1000_Words.com.xml
+++ b/src/chrome/content/rules/A_1000_Words.com.xml
@@ -5,7 +5,7 @@
 <ruleset name="A 1000 Words.com">
 
 	<target host="a1000words.com" />
-	<target host="*.a1000words.com" />
+	<target host="www.a1000words.com" />
 
 
 	<securecookie host="^\.a1000words\.com$" name=".+" />
diff --git a/src/chrome/content/rules/A_Bigger_Society.com.xml b/src/chrome/content/rules/A_Bigger_Society.com.xml
new file mode 100644
index 000000000000..d629c46fbe0c
--- /dev/null
+++ b/src/chrome/content/rules/A_Bigger_Society.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Mixed content:
+
+		- css from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="A Bigger Society.com" default_off="522">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="abiggersociety.com" />
+	<target host="www.abiggersociety.com" />
+
+
+	<!--	Server doesn't set Secure for:
+						-->
+	<securecookie host="^(?:w*\.)?abiggersociety\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/A_Plus_Flint_River_Ranch.xml b/src/chrome/content/rules/A_Plus_Flint_River_Ranch.xml
index 97f7ee083e83..db50637f447e 100644
--- a/src/chrome/content/rules/A_Plus_Flint_River_Ranch.xml
+++ b/src/chrome/content/rules/A_Plus_Flint_River_Ranch.xml
@@ -1,10 +1,14 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://aplus-flint-river-ranch.com/ => https://aplus-flint-river-ranch.com/: (60, 'SSL certificate problem: certificate has expired')
+
 	Problematic subdomains:
 
 		- cats		(mismatched, CN: www.aplus-flint-river-ranch.com)
 
 -->
-<ruleset name="A+ Flint River Ranch">
+<ruleset name="A+ Flint River Ranch" default_off="failed ruleset test">
 
 	<target host="aplus-flint-river-ranch.com" />
 	<target host="*.aplus-flint-river-ranch.com" />
@@ -16,7 +20,7 @@
 	<rule from="^http://(www\.)?aplus-flint-river-ranch\.com/"
 		to="https://$1aplus-flint-river-ranch.com/" />
 
-	<rule from="^https?://cats\.aplus-flint-river-ranch\.com/(?:\?.*)?$"
+	<rule from="^http://cats\.aplus-flint-river-ranch\.com/(?:\?.*)?$"
 		to="https://www.aplus-flint-river-ranch.com/index-cat.php?" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/A_Voice_for_Men.com.xml b/src/chrome/content/rules/A_Voice_for_Men.com.xml
new file mode 100644
index 000000000000..0ffa40540783
--- /dev/null
+++ b/src/chrome/content/rules/A_Voice_for_Men.com.xml
@@ -0,0 +1,14 @@
+<!--
+Automatically by https-everywhere-checker because:
+Fetch error: http://avoiceformen.com/ => https://avoiceformen.com/: Cycle detected - URL already encountered: https://avoiceformen.com/
+Fetch error: http://www.avoiceformen.com/ => https://www.avoiceformen.com/: Cycle detected - URL already encountered: https://www.avoiceformen.com/
+-->
+<ruleset name="A Voice for Men.com">
+
+	<target host="avoiceformen.com" />
+	<target host="www.avoiceformen.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/A_Weird_Imagination.net.xml b/src/chrome/content/rules/A_Weird_Imagination.net.xml
new file mode 100644
index 000000000000..d08bf8a4c81e
--- /dev/null
+++ b/src/chrome/content/rules/A_Weird_Imagination.net.xml
@@ -0,0 +1,12 @@
+<ruleset name="A Weird Imagination.net">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="aweirdimagination.net" />
+	<target host="www.aweirdimagination.net" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Aaai.org.xml b/src/chrome/content/rules/Aaai.org.xml
deleted file mode 100644
index c9d680755d6b..000000000000
--- a/src/chrome/content/rules/Aaai.org.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	Mixed content:
-
-		- Scripts:
-
-			- on www from www *
-			- on www from www.google.com *
-
-		- css:
-
-			- on www from www *
-
-	* Secured by us
-
-
-	NB: We secure all resources, and thus
-	platform should be removed with Ffx 24.
-
--->
-<ruleset name="Aaai.org" platform="mixedcontent">
-  <target host="aaai.org" />
-  <target host="www.aaai.org" />
-
-  <rule from="^http://(?:www\.)?aaai\.org/" to="https://www.aaai.org/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Aachener_Zeitung.de.xml b/src/chrome/content/rules/Aachener_Zeitung.de.xml
new file mode 100644
index 000000000000..e98db9092f42
--- /dev/null
+++ b/src/chrome/content/rules/Aachener_Zeitung.de.xml
@@ -0,0 +1,17 @@
+<!--
+	Invalid certificate:
+		aachener-zeitung.de
+		alt.aachener-zeitung.de
+		live.aachener-zeitung.de
+		live-www.aachener-zeitung.de
+		paten.aachener-zeitung.de
+		piwik.aachener-zeitung.de
+		ticker.aachener-zeitung.de
+-->
+<ruleset name="Aachener Zeitung.de">
+	<target host="www.aachener-zeitung.de" />
+
+	<securecookie host="^www\.aachener-zeitung\.de$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Aalborg_University.xml b/src/chrome/content/rules/Aalborg_University.xml
index dd21e4b913bb..5baf364cbd2c 100644
--- a/src/chrome/content/rules/Aalborg_University.xml
+++ b/src/chrome/content/rules/Aalborg_University.xml
@@ -26,13 +26,14 @@
 -->
 <ruleset name="Aalborg University (partial)">
 
+	<target host="bugsy.grid.aau.dk" />
 	<target host="login.aau.dk" />
 
 
-	<securecookie host="^login\.aau\.dk$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://login\.aau\.dk/"
-		to="https://login.aau.dk/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Aalto.fi.xml b/src/chrome/content/rules/Aalto.fi.xml
new file mode 100644
index 000000000000..3079280ca18c
--- /dev/null
+++ b/src/chrome/content/rules/Aalto.fi.xml
@@ -0,0 +1,158 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://artcoordination.aalto.fi/fi/midcom-serveattachmentguid-1e4ef07b0d5a132ef0711e4839cfb1aca4b21862186/2014_symposium_report-1.jpg => https://artcoordination.aalto.fi/fi/midcom-serveattachmentguid-1e4ef07b0d5a132ef0711e4839cfb1aca4b21862186/2014_symposium_report-1.jpg: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	Nonfunctional hosts in *aalto.fi:
+
+		- avoin
+		- becs ¹
+		- cs
+		- design ²
+		- elec
+		- gim ¹
+		- libguides
+		- mediafactory ¹
+		- nbe
+		- www.servicefactory ¹
+
+	¹ Refused
+	² Redirects to http
+
+
+	Problematic hosts in *aalto.fi:
+
+		- ^ ¹ ²
+		- aaltofimedia1 ¹ ²
+		- architecture ²
+		- arts ²
+		- eea ²
+		- elo ²
+		- lib ²
+		- stats.lib ²
+		- lounasmaalab ²
+		- mathsys ¹ ²
+		- metsahovi ²
+		- nano ²
+		- radio ²
+		- sci ²
+		- spa ²
+		- smarad ¹ ²
+		- tuta ¹ ²
+		- www ²
+		- wwwcms ²
+
+	¹ Mismatched
+	² Server sends no certificate chain, see https://whatsmychaincert.com
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .aalto.fi
+		- booking.aalto.fi
+		- mail.aalto.fi
+		- math.aalto.fi
+		- oodi.aalto.fi
+		- shop.aalto.fi
+		- www.aalto.fi
+		- wwwcms.aalto.fi
+
+-->
+<ruleset name="Aalto.fi (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="aaltodoc.aalto.fi" />
+	<!--target host="architecture.aalto.fi" /-->
+	<target host="artcoordination.aalto.fi" />
+	<!--target host="arts.aalto.fi" /-->
+	<target host="blogs.aalto.fi" />
+	<target host="booking.aalto.fi" />
+	<!--target host="eea.aalto.fi" /-->
+	<!--target host="elo.aalto.fi" /-->
+	<target host="idp.aalto.fi" />
+	<target host="into.aalto.fi" />
+	<!--target host="lib.aalto.fi" /-->
+	<!--target host="stats.lib.aalto.fi" /-->
+	<target host="web.lib.aalto.fi" />
+	<target host="libproxy.aalto.fi" />
+	<target host="login.libproxy.aalto.fi" />
+	<!--target host="lounasmaalab.aalto.fi" /-->
+	<target host="mail.aalto.fi" />
+	<target host="math.aalto.fi" />
+	<!--target host="metsahovi.aalto.fi" /-->
+	<!--target host="nano.aalto.fi" /-->
+	<target host="oma.aalto.fi" />
+	<target host="oodi.aalto.fi" />
+	<target host="diario.org.aalto.fi" />
+	<!--target host="radio.aalto.fi" /-->
+	<!--target host="sci.aalto.fi" /-->
+	<target host="shop.aalto.fi" />
+	<!--target host="spa.aalto.fi" /-->
+	<!--target host="tuta.aalto.fi" /-->
+	<target host="wiki.aalto.fi" />
+	<!--target host="www.aalto.fi" /-->
+	<!--target host="wwwcms.aalto.fi" /-->
+
+	<!--	Complications:
+				-->
+	<!--target host="aalto.fi" /-->
+	<target host="mathsys.aalto.fi" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://(?:architecture|artcoordination|arts|eea|elo|lib|lounasmaalab|metsahovi|nano|radio|spa|sci|tuta|www)\.aalto\.fi/(?:$|fi/$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="^http://(?:architecture|artcoordination|arts|eea|elo|lib|lounasmaalab|metsahovi|nano|radio|spa|tuta|www)\.aalto\.fi/(?!fi/midcom-serveattachmentguid-[\da-f]{32}/\w+\.(?:jp|pn)g)" /-->
+		<exclusion pattern="^http://artcoordination\.aalto\.fi/(?!fi/midcom-serveattachmentguid-)" />
+
+			<!--	+ve:
+					-->
+			<!--test url="http://architecture.aalto.fi/fi/" /-->
+			<test url="http://artcoordination.aalto.fi/fi/" />
+			<test url="http://artcoordination.aalto.fi/fi/projects/" />
+			<!--test url="http://arts.aalto.fi/fi/" /-->
+			<!--test url="http://eea.aalto.fi/fi/" /-->
+			<!--test url="http://elo.aalto.fi/fi/" /-->
+			<!--test url="http://lib.aalto.fi/fi/" /-->
+			<!--test url="http://lounasmaalab.aalto.fi/fi/" /-->
+			<!--test url="http://metsahovi.aalto.fi/fi/" /-->
+			<!--test url="http://nano.aalto.fi/fi/" /-->
+			<!--test url="http://radio.aalto.fi/fi/" /-->
+			<!--test url="http://spa.aalto.fi/fi/" /-->
+			<!--test url="http://sci.aalto.fi/fi/" /-->
+			<!--test url="http://tuta.aalto.fi/fi/" /-->
+			<!--test url="http://www.aalto.fi/fi/" /-->
+
+			<!--	-ve:
+					-->
+			<test url="http://artcoordination.aalto.fi/fi/midcom-serveattachmentguid-1e4ef07b0d5a132ef0711e4839cfb1aca4b21862186/2014_symposium_report-1.jpg" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.aalto\.fi$" name="^(?:incap_ses_\d+|visid_incap)_\d+$" /-->
+	<!--securecookie host="^booking\.aalto\.fi$" name="^(?:__asio_login_uri|__asio_relogin_uri|PHPSESSID)$" /-->
+	<!--securecookie host="^mail\.aalto\.fi$" name="^(?:cadata|sessionid)$" /-->
+	<!--securecookie host="^math\.aalto\.fi$" name="^ses$" /-->
+	<!--securecookie host="^oodi\.aalto\.fi$" name="^(?:Kieli|MD5)$" /-->
+	<!--securecookie host="^shop\.aalto\.fi$" name="^(?:csrftoken|sessionid)$" /-->
+	<!--securecookie host="^www\.aalto\.fi$" name="^___utmv[abm]\w+$" /-->
+	<!--securecookie host="^wwwcms\.aalto\.fi$" name="^_shibstate_\d+_\d+$" /-->
+
+	<securecookie host="^\.aalto\.fi$" name="^(?:incap_ses_\d+|visid_incap)_\d+$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<!--rule from="^http://aalto\.fi/"
+		to="https://www.aalto.fi/" /-->
+
+	<rule from="^http://mathsys\.aalto\.fi/"
+		to="https://math.aalto.fi/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Aan.sh.xml b/src/chrome/content/rules/Aan.sh.xml
new file mode 100644
index 000000000000..820fa6fd6e59
--- /dev/null
+++ b/src/chrome/content/rules/Aan.sh.xml
@@ -0,0 +1,19 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://aan.sh/ => https://aan.sh/: (7, 'Failed to connect to aan.sh port 443: Connection refused')
+Fetch error: http://www.aan.sh/ => https://www.aan.sh/: (7, 'Failed to connect to www.aan.sh port 443: Connection refused')
+
+-->
+<ruleset name="aan.sh" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="aan.sh" />
+	<target host="www.aan.sh" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Aarhus.dk.xml b/src/chrome/content/rules/Aarhus.dk.xml
new file mode 100644
index 000000000000..a54d9db2f78d
--- /dev/null
+++ b/src/chrome/content/rules/Aarhus.dk.xml
@@ -0,0 +1,11 @@
+<ruleset name="Aarhus.dk">
+
+	<target host="aarhus.dk" />
+	<target host="www.aarhus.dk" />
+
+	<securecookie host="^www\.aarhus\.dk$" name=".+" />
+
+	<rule from="^http://(www\.)?aarhus\.dk/"
+		to="https://www.aarhus.dk/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Aaron_Brothers.xml b/src/chrome/content/rules/Aaron_Brothers.xml
deleted file mode 100644
index 657245e34df5..000000000000
--- a/src/chrome/content/rules/Aaron_Brothers.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Aaron Brothers">
-
-	<target host="aaronbrotherscircular.com" />
-	<target host="*.aaronbrotherscircular.com" />
-
-
-	<securecookie host="^(?:w*\.)?aaronbrotherscircular.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?aaronbrotherscircular\.com/"
-		to="https://$1aaronbrotherscircular.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Aaron_D_Campbell.com.xml b/src/chrome/content/rules/Aaron_D_Campbell.com.xml
new file mode 100644
index 000000000000..eb59159eb16e
--- /dev/null
+++ b/src/chrome/content/rules/Aaron_D_Campbell.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="Aaron D Campbell.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="aarondcampbell.com" />
+	<target host="www.aarondcampbell.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Aaron_Lindsay.com.xml b/src/chrome/content/rules/Aaron_Lindsay.com.xml
new file mode 100644
index 000000000000..7c4f121a5687
--- /dev/null
+++ b/src/chrome/content/rules/Aaron_Lindsay.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="Aaron Lindsay.com" default_off="expired">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="aaronlindsay.com" />
+	<target host="www.aaronlindsay.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Aaronparecki.com.xml b/src/chrome/content/rules/Aaronparecki.com.xml
new file mode 100644
index 000000000000..1b241095b902
--- /dev/null
+++ b/src/chrome/content/rules/Aaronparecki.com.xml
@@ -0,0 +1,5 @@
+<ruleset name="Aaronparecki.com">
+<target host="aaronparecki.com"/>
+
+<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Aart_de_Vos.xml b/src/chrome/content/rules/Aart_de_Vos.xml
index 91a13e18f553..dc531fc231df 100644
--- a/src/chrome/content/rules/Aart_de_Vos.xml
+++ b/src/chrome/content/rules/Aart_de_Vos.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(www\.)?aartdevos\.dk/(_css/|file/|_grafix/|konto(?:$|\?|/))"
 		to="https://$1aartdevos.dk/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Aaspring.com.xml b/src/chrome/content/rules/Aaspring.com.xml
new file mode 100644
index 000000000000..3c7009a57525
--- /dev/null
+++ b/src/chrome/content/rules/Aaspring.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="aaspring.com">
+
+	<target host="aaspring.com" />
+	<target host="www.aaspring.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Aastatus.net.xml b/src/chrome/content/rules/Aastatus.net.xml
new file mode 100644
index 000000000000..77f13140b139
--- /dev/null
+++ b/src/chrome/content/rules/Aastatus.net.xml
@@ -0,0 +1,12 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.aastatus.net/ => https://www.aastatus.net/: (51, "SSL: no alternative certificate subject name matches target host name 'www.aastatus.net'")
+
+-->
+<ruleset name="Aastatus.net" default_off="failed ruleset test">
+	<target host="aastatus.net" />
+	<target host="www.aastatus.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Aaulan.dk.xml b/src/chrome/content/rules/Aaulan.dk.xml
new file mode 100644
index 000000000000..2de79afa8acf
--- /dev/null
+++ b/src/chrome/content/rules/Aaulan.dk.xml
@@ -0,0 +1,16 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://aaulan.dk/ => https://aaulan.dk/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.aaulan.dk/ => https://www.aaulan.dk/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="Aaulan.dk" default_off="failed ruleset test">
+
+	<target host="aaulan.dk" />
+	<target host="www.aaulan.dk" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Abacus.com.xml b/src/chrome/content/rules/Abacus.com.xml
new file mode 100644
index 000000000000..53b2d6d73fe9
--- /dev/null
+++ b/src/chrome/content/rules/Abacus.com.xml
@@ -0,0 +1,30 @@
+<!--
+	Nonfunctional subdomains:
+
+		- blog *
+
+	* Tumblr
+
+
+	Problematic subdomains:
+
+		- support *
+
+	* Help Scout
+
+
+	These altnames don't exist:
+
+		- ub.abacus.com
+
+-->
+<ruleset name="Abacus.com (partial)">
+
+	<target host="abacus.com" />
+	<target host="www.abacus.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Abbo-Shop.xml b/src/chrome/content/rules/Abbo-Shop.xml
index d50690d4e040..6d8d2a42c721 100644
--- a/src/chrome/content/rules/Abbo-Shop.xml
+++ b/src/chrome/content/rules/Abbo-Shop.xml
@@ -1,8 +1,9 @@
-<ruleset name="Abbo-shop.ch">
-        <target host="abbo-shop.ch" />
-        <target host="www.abbo-shop.ch" />
-        <securecookie host="^(.*\.)?abbo-shop\.ch$" name=".*" />
+<ruleset name="Abbo-shop.ch" default_off="redirect to http">
+	<target host="abbo-shop.ch" />
+	<target host="www.abbo-shop.ch" />
 
-        <rule from="^http://(?:www\.)?abbo-shop\.ch/" to="https://www.abbo-shop.ch/"/>
-</ruleset>
+	<securecookie host=".+" name=".+" />
 
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Abbott-Laboratories.xml b/src/chrome/content/rules/Abbott-Laboratories.xml
deleted file mode 100644
index 9099659bb3aa..000000000000
--- a/src/chrome/content/rules/Abbott-Laboratories.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Abbott Laboratories">
-
-	<target host="abbott.com" />
-	<target host="www.abbott.com" />
-
-
-	<securecookie host="^(www\.)?abbott\.com$" name=".*" />
-
-
-	<rule from="^http://(www\.)?abbott\.com/"
-		to="https://$1abbott.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Abc.xyz.xml b/src/chrome/content/rules/Abc.xyz.xml
new file mode 100644
index 000000000000..2941845aed71
--- /dev/null
+++ b/src/chrome/content/rules/Abc.xyz.xml
@@ -0,0 +1,16 @@
+<!--
+	For other Google coverage, see GoogleServices.xml
+
+-->
+<ruleset name="abc.xyz">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="abc.xyz" />
+	<target host="www.abc.xyz" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AbcLinuxu.cz.xml b/src/chrome/content/rules/AbcLinuxu.cz.xml
index ba0ae01c0b5a..24f12c14fd6e 100644
--- a/src/chrome/content/rules/AbcLinuxu.cz.xml
+++ b/src/chrome/content/rules/AbcLinuxu.cz.xml
@@ -4,41 +4,43 @@
 		* frontend.argonit.cz	-	tracking code to check how many people block ads (NoScript solves this)
 
 
-	Mixed content:
+	Insecure cookies are set for these hosts:
+
+		- www.abclinuxu.cz
 
-		- Frames:
 
-			- on www from frontend.argonit.cz *
+	Mixed content:
 
-		- Scripts:
+		- Frames on www from frontend.argonit.cz *
 
-			- on www from ajax.googleapis.com **
+		- Images, on:
 
-		- Web bugs:
+			- www from linkbox.argonit.cz ***
+			- www from go.cz.bbelements.com **
 
-			- on www from spir.hit.gemius.pl **
-			- on www from www.argonit.cz ***
-			- on www from administrace.hosting90.cz **
+		- Web bugs on www from www.itbiz.cz
 
 	* Unsecurable, 404s anyway
 	** Secured by us
-	*** Unsecurable
-
-
-	NB: We secure all resources aside from web bugs,
-	and thus platform should be removed with Ffx 24.
+	*** Rule disabled by default <= mismatched
 
 -->
-<ruleset name="AbcLinuxu" platform="mixedcontent">
+<ruleset name="AbcLinuxu.cz">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="abclinuxu.cz" />
-	<target host="*.abclinuxu.cz" />
+	<target host="www.abclinuxu.cz" />
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.abclinuxu\.cz$" name="^JSESSIONID$" /-->
 
 	<securecookie host="^(?:w*\.)?abclinuxu\.cz$" name=".+" />
 
 
-	<rule from="^http://(www\.)?abclinuxu\.cz/"
-		to="https://$1abclinuxu.cz/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Abdn.ac.uk.xml b/src/chrome/content/rules/Abdn.ac.uk.xml
new file mode 100644
index 000000000000..7a10fbbaf6de
--- /dev/null
+++ b/src/chrome/content/rules/Abdn.ac.uk.xml
@@ -0,0 +1,32 @@
+<!--
+	University of Aberdeen
+
+
+	Nonfunctional subdomains:
+
+		- (www.)erg ¹
+		- eden-feed.erg ²
+
+	¹ Refused
+	² Dropped
+
+
+	^: cert only matches www
+
+
+	Mixed content:
+
+		- Images on www from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Abdn.ac.uk (partial)">
+
+	<target host="abdn.ac.uk" />
+	<target host="www.abdn.ac.uk" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Abdullah-ocalan.com.xml b/src/chrome/content/rules/Abdullah-ocalan.com.xml
new file mode 100644
index 000000000000..5372de4ca429
--- /dev/null
+++ b/src/chrome/content/rules/Abdullah-ocalan.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="Abdullah-ocalan.com" >
+	<target host="abdullah-ocalan.com" />
+	<target host="www.abdullah-ocalan.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Abdussamad.com.xml b/src/chrome/content/rules/Abdussamad.com.xml
new file mode 100644
index 000000000000..c62177eee31b
--- /dev/null
+++ b/src/chrome/content/rules/Abdussamad.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="Abdussamad.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="abdussamad.com" />
+	<target host="www.abdussamad.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AbeBooks.co.uk.xml b/src/chrome/content/rules/AbeBooks.co.uk.xml
new file mode 100644
index 000000000000..bd70252f7504
--- /dev/null
+++ b/src/chrome/content/rules/AbeBooks.co.uk.xml
@@ -0,0 +1,96 @@
+<!--
+	For other Amazon coverage, see Amazon.xml.
+
+
+	Problematic hosts in *abebooks.co.uk:
+
+		- ^ *
+		- forums *
+
+	* Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- forums.abebooks.co.uk
+		- www.abebooks.co.uk
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- www from $self ¹
+			- www from www.abebooks.com ¹
+			- www from isbn.abebooks.com ²
+
+		- Ad/bug on www from www.googleadservices.com ¹
+
+	¹ Secured by us
+	² Unsecurable <= 404
+-->
+<ruleset name="AbeBooks.co.uk (partial)">
+
+	<!--	Direct rewrites:
+				-->
+  <target host="www.abebooks.co.uk" />
+
+	<!--	Complications:
+				-->
+  <target host="abebooks.co.uk" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.abebooks\.co\.uk/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.abebooks\.co\.uk/(?!(?:affiliate-programme|bestbuys|customer-support|sell-books)/?(?:$|\?)|docs/|favicon\.ico|images/|servlet/(?:CSActionRequest|LoginDirector|SignOn|SignOnPL)(?:$|\?))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.abebooks.co.uk/blog/" />
+			<test url="http://www.abebooks.co.uk/book-search/kw/existentialism/" />
+			<test url="http://www.abebooks.co.uk/books/scrapbooks.shtml" />
+			<test url="http://www.abebooks.co.uk/books/search-number-code-10-13-digit/ISBN.shtml" />
+			<test url="http://www.abebooks.co.uk/booksellers/" />
+			<test url="http://www.abebooks.co.uk/customer-service/self-service/" />
+			<test url="http://www.abebooks.co.uk/find-books/" />
+			<test url="http://www.abebooks.co.uk/find-books/medical.shtml" />
+			<test url="http://www.abebooks.co.uk/homebase/" />
+			<test url="http://www.abebooks.co.uk/products/isbn/9780140620184/10801183412" />
+			<test url="http://www.abebooks.co.uk/servlet/FrameBase" />
+			<test url="http://www.abebooks.co.uk/servlet/SearchEntry" />
+			<test url="http://www.abebooks.co.uk/servlet/SearchResults" />
+			<test url="http://www.abebooks.co.uk/servlet/ShopBasketPL" />
+			<test url="http://www.abebooks.co.uk/titles/" />
+			<test url="http://www.abebooks.co.uk/UsedBooks.shtml" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.abebooks.co.uk/affiliate-programme/" />
+			<test url="http://www.abebooks.co.uk/bestbuys/" />
+			<test url="http://www.abebooks.co.uk/customer-support/" />
+			<test url="http://www.abebooks.co.uk/docs/CSS/homepage-ab.css" />
+			<test url="http://www.abebooks.co.uk/docs/HelpCentral/buyerIndex.shtml" />
+			<test url="http://www.abebooks.co.uk/favicon.ico" />
+			<test url="http://www.abebooks.co.uk/images/Shared/red_button_bg_right.gif" />
+			<test url="http://www.abebooks.co.uk/sell-books/" />
+			<test url="http://www.abebooks.co.uk/servlet/CSActionRequest" />
+			<test url="http://www.abebooks.co.uk/servlet/LoginDirector" />
+			<test url="http://www.abebooks.co.uk/servlet/SignOn" />
+			<test url="http://www.abebooks.co.uk/servlet/SignOnPL" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^forums\.abebooks\.co\.uk$" name="^(LOGIN|PTG2005)$" /-->
+	<!--securecookie host="^www\.abebooks\.com$" name="^(abertfs|tempSession)$" /-->
+
+	<!--securecookie host="^www\.abebooks\.com$" name=".+" /-->
+
+
+  <rule from="^http://abebooks\.co\.uk/" to="https://www.abebooks.co.uk/" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AbeBooks.xml b/src/chrome/content/rules/AbeBooks.xml
index 9ec1c87b0cf8..9456d9443a84 100644
--- a/src/chrome/content/rules/AbeBooks.xml
+++ b/src/chrome/content/rules/AbeBooks.xml
@@ -1,9 +1,101 @@
-<ruleset name="AbeBooks" platform="mixedcontent">
-  <target host="abebooks.co.uk" />
-  <target host="www.abebooks.co.uk" />
-  <target host="abebooks.com" />
+<!--
+	For other Amazon coverage, see Amazon.xml.
+
+
+	Nonfunctional hosts in *abebooks.com:
+
+		- isbn *
+
+	* Shows www.abebooks.com
+
+
+	Problematic hosts in *abebooks.com:
+
+		- ^ ¹ ²
+		- forums ¹
+		- help ³
+
+	¹ Mismatched
+	² Untrusted root
+	³ Self-signed
+
+
+	Insecure cookies are set for these hosts:
+
+		- forums.abebooks.com
+		- www.abebooks.com
+
+
+	Mixed content:
+
+		- css on forums.abebooks.com from osbxdc2.mzinga.com ¹
+		- Image on forums.abebooks.com, help.abebooks.com from www.abebooks.com ²
+
+	¹ Not secured by us <= mismatched
+	² Secured by us
+
+-->
+<ruleset name="AbeBooks.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
   <target host="www.abebooks.com" />
 
-  <rule from="^http://(?:www\.)?abebooks\.co\.uk/" to="https://www.abebooks.co.uk/" />
-  <rule from="^http://(?:www\.)?abebooks\.com/" to="https://www.abebooks.com/" />
+	<!--	Complications:
+				-->
+  <target host="abebooks.com" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.abebooks\.com/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.abebooks\.com/(?!(?:bestbuys|careers|customer-support|help)/?(?:$|\?)|docs/|favicon\.ico|images/|servlet/(?:CSActionRequest|LoginDirector|SignOn|SignOnPL)(?:$|\?))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.abebooks.com/blog/" />
+			<test url="http://www.abebooks.com/book-search/author/dickens/" />
+			<test url="http://www.abebooks.com/book-search/isbn/0486285758/" />
+			<test url="http://www.abebooks.com/books/AffiliateProgram/" />
+			<test url="http://www.abebooks.com/books/Community/" />
+			<test url="http://www.abebooks.com/books/CompanyInformation/" />
+			<test url="http://www.abebooks.com/books/find/games.shtml" />
+			<test url="http://www.abebooks.com/books/find/transportation.shtml" />
+			<test url="http://www.abebooks.com/books2anywhere-fairford/190245/sf" />
+			<test url="http://www.abebooks.com/booksellers/" />
+			<test url="http://www.abebooks.com/eclecticbooks-bolton/53123385/sf" />
+			<test url="http://www.abebooks.com/products/isbn/9781853260537/14934035453" />
+			<test url="http://www.abebooks.com/rare-books/abaa.shtml" />
+			<test url="http://www.abebooks.com/servlet/BookDetailsPL" />
+			<test url="http://www.abebooks.com/servlet/SearchEntry" />
+			<test url="http://www.abebooks.com/titles/" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.abebooks.com/bestbuys/" />
+			<test url="http://www.abebooks.com/careers/" />
+			<test url="http://www.abebooks.com/customer-support/" />
+			<test url="http://www.abebooks.com/docs/CSS/homepage-ab.css" />
+			<test url="http://www.abebooks.com/favicon.ico" />
+			<test url="http://www.abebooks.com/help" />
+			<test url="http://www.abebooks.com/images/Shared/red_button_bg_right.gif" />
+			<test url="http://www.abebooks.com/servlet/CSActionRequest" />
+			<test url="http://www.abebooks.com/servlet/LoginDirector" />
+			<test url="http://www.abebooks.com/servlet/SignOn" />
+			<test url="http://www.abebooks.com/servlet/SignOnPL" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^forums\.abebooks\.com$" name="^(LOGIN|PTG2005)$" /-->
+	<!--securecookie host="^www\.abebooks\.com$" name="^(abertfs|tempSession)$" /-->
+
+	<!--securecookie host="^www\.abebooks\.com$" name=".+" /-->
+
+
+  <rule from="^http://abebooks\.com/" to="https://www.abebooks.com/" />
+
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Abendblatt.de.xml b/src/chrome/content/rules/Abendblatt.de.xml
new file mode 100644
index 000000000000..fda906bc67ab
--- /dev/null
+++ b/src/chrome/content/rules/Abendblatt.de.xml
@@ -0,0 +1,118 @@
+<!--
+	Connection closed:
+		kundenservice.abendblatt.de
+		nl.abendblatt.de
+		wetter.abendblatt.de
+
+	Invalid certificate:
+		motoso.abendblatt.de
+		personalmarkt.abendblatt.de
+		sonderthemen.region.abendblatt.de
+
+	SSL: no alternative certificate subject name matches target host name:
+		abgeordnetenwatch.abendblatt.de
+		*.apps.abendblatt.de
+		css.abendblatt.de
+		hotels.abendblatt.de
+		www.m.abendblatt.de
+		www.mediahafen.abendblatt.de
+		medikamentenpreise.abendblatt.de
+		parship.abendblatt.de
+		spiele.abendblatt.de
+		www.spiele.abendblatt.de
+		stayfriends.abendblatt.de
+		treueprogramm.abendblatt.de
+		images.treueprogramm.abendblatt.de
+		www.veranstaltungen.abendblatt.de
+		vertrieb.abendblatt.de
+		images.vertrieb.abendblatt.de
+
+	Timeout:
+		www.abo.abendblatt.de
+		aboservice.abendblatt.de
+		aboservice1.abendblatt.de
+		anzeigen.abendblatt.de
+		www.anzeigen.abendblatt.de
+		(cue|dev[1-5]).aws.abendblatt.de
+		empfehlungen.abendblatt.de
+		www.empfehlungen.abendblatt.de
+		foto.abendblatt.de
+		funke-cms.abendblatt.de
+		mobilejoker.abendblatt.de
+		stepstone.abendblatt.de
+		trauer.abendblatt.de
+		www.trauer.abendblatt.de
+		virtualnights.abendblatt.de
+
+	Too many redirects while fetching:
+		interaktiv.abendblatt.de
+-->
+<ruleset name="Abendblatt.de">
+
+	<target host="abendblatt.de" />
+	<target host="www.abendblatt.de" />
+	<target host="abo.abendblatt.de" />
+	<target host="aboshop.abendblatt.de" />
+	<target host="anzeigen-neu.abendblatt.de" />
+	<target host="anzeigen-test.abendblatt.de" />
+	<target host="auf-reisen.abendblatt.de" />
+	<target host="auto.abendblatt.de" />
+	<target host="autodiscover.abendblatt.de" />
+	<target host="automarkt.abendblatt.de" />
+	<target host="uat.aws.abendblatt.de" />
+	<target host="becker-heller.abendblatt.de" />
+	<target host="blog.abendblatt.de" />
+	<target host="branchenbuch.abendblatt.de" />
+	<target host="china-trifft-hamburg.abendblatt.de" />
+	<target host="edu.abendblatt.de" />
+	<target host="emag.abendblatt.de" />
+	<target host="energie.abendblatt.de" />
+	<target host="epaper.abendblatt.de" />
+	<target host="facebook-blog.abendblatt.de" />
+	<target host="fbia.abendblatt.de" />
+	<target host="festival-blog.abendblatt.de" />
+	<target host="hochzeit.abendblatt.de" />
+	<target host="hsv-blog.abendblatt.de" />
+	<target host="img.abendblatt.de" />
+	<target host="immonet.abendblatt.de" />
+	<target host="job.abendblatt.de" />
+	<target host="kino.abendblatt.de" />
+	<target host="leserreisen.abendblatt.de" />
+	<target host="liveticker.abendblatt.de" />
+	<target host="m.abendblatt.de" />
+	<target host="magazinwelten.abendblatt.de" />
+	<target host="mediahafen.abendblatt.de" />
+	<target host="medizin.abendblatt.de" />
+	<target host="mein-quartier.abendblatt.de" />
+	<target host="mobil.abendblatt.de" />
+	<target host="niemalszweiteliga.abendblatt.de" />
+	<target host="raetsel.abendblatt.de" />
+	<target host="reader.abendblatt.de" />
+	<target host="rettet-den-hsv.abendblatt.de" />
+	<target host="server.abendblatt.de" />
+	<target host="shop.abendblatt.de" />
+	<target host="sonderthemen.abendblatt.de" />
+	<target host="sso.abendblatt.de" />
+	<target host="st-pauli-blog.abendblatt.de" />
+	<target host="stadtteilreporter-eimsbuettel.abendblatt.de" />
+	<target host="stadtteilreporter-eppendorf.abendblatt.de" />
+	<target host="stadtteilreporter-grindel.abendblatt.de" />
+	<target host="stadtteilreporter-ottensen.abendblatt.de" />
+	<target host="stadtteilreporter-schanzenviertel.abendblatt.de" />
+	<target host="stadtteilreporter-st-pauli.abendblatt.de" />
+	<target host="stadtteilreporter-winterhude.abendblatt.de" />
+	<target host="staticak-apps.abendblatt.de" />
+	<target host="straubhaar-blog.abendblatt.de" />
+	<target host="suche.abendblatt.de" />
+	<target host="telekommunikation.abendblatt.de" />
+	<target host="themenwelten.abendblatt.de" />
+	<target host="tv.abendblatt.de" />
+	<target host="vesseltracker.abendblatt.de" />
+	<target host="wissenschafts-blog.abendblatt.de" />
+	<target host="www2.abendblatt.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Abercrombie.xml b/src/chrome/content/rules/Abercrombie.xml
new file mode 100644
index 000000000000..da02ae8d2122
--- /dev/null
+++ b/src/chrome/content/rules/Abercrombie.xml
@@ -0,0 +1,71 @@
+<!--
+	Invalid certificate:
+		- corporate.abercrombie.com
+		- m.sg.abercrombie.com
+		- www.uk.abercrombie.com
+-->
+
+<ruleset name="Abercrombie">
+	<!-- abercrombie.ca -->
+	<target host="abercrombie.ca" />
+	<target host="www.abercrombie.ca" />
+	<target host="fr-ca.abercrombie.ca" />
+	<target host="m.abercrombie.ca" />
+	<target host="cert.m.abercrombie.ca" />
+	<target host="cert-fr-ca.m.abercrombie.ca" />
+
+	<!-- abercrombie.cn -->
+	<target host="abercrombie.cn" />
+	<target host="m.abercrombie.cn" />
+
+	<!-- abercrombie.com -->
+	<target host="abercrombie.com" />
+	<target host="www.abercrombie.com" />
+	<target host="careers.abercrombie.com" />
+	<target host="cn-hk.abercrombie.com" />
+	<target host="m.cn-hk.abercrombie.com" />
+	<target host="de-eu.abercrombie.com" />
+	<target host="m.de-eu.abercrombie.com" />
+	<target host="e.abercrombie.com" />
+	<target host="es.abercrombie.com" />
+	<target host="m.es.abercrombie.com" />
+	<target host="es-eu.abercrombie.com" />
+	<target host="m.es-eu.abercrombie.com" />
+	<target host="eu.abercrombie.com" />
+	<target host="m.eu.abercrombie.com" />
+	<target host="fr-eu.abercrombie.com" />
+	<target host="m.fr-eu.abercrombie.com" />
+	<target host="hk.abercrombie.com" />
+	<target host="m.hk.abercrombie.com" />
+	<target host="it-eu.abercrombie.com" />
+	<target host="m.it-eu.abercrombie.com" />
+	<target host="ja-jp.abercrombie.com" />
+	<target host="m.ja-jp.abercrombie.com" />
+	<target host="jp.abercrombie.com" />
+	<target host="m.jp.abercrombie.com" />
+	<target host="m.abercrombie.com" />
+	<target host="cert.m.abercrombie.com" />
+	<target host="nl-eu.abercrombie.com" />
+	<target host="m.nl-eu.abercrombie.com" />
+	<target host="sg.abercrombie.com" />
+
+	<!-- abercrombie.com.hk -->
+	<target host="abercrombie.com.hk" />
+
+	<!-- abercrombie.co.jp -->
+	<target host="abercrombie.co.jp" />
+
+	<!-- abercrombie.sg -->
+	<target host="abercrombie.sg" />
+
+	<!-- abercrombie.com.tw -->
+	<target host="abercrombie.com.tw" />
+
+	<!-- abercrombie.co.uk -->
+	<target host="abercrombie.co.uk" />
+	<target host="www.abercrombie.co.uk" />
+	<target host="m.abercrombie.co.uk" />
+	<target host="cert.m.abercrombie.co.uk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AberdeenMosque.org.xml b/src/chrome/content/rules/AberdeenMosque.org.xml
new file mode 100644
index 000000000000..1bfb9c0f3adb
--- /dev/null
+++ b/src/chrome/content/rules/AberdeenMosque.org.xml
@@ -0,0 +1,14 @@
+<!--
+	Secure connection failed:
+	- ct.aberdeenmosque.org
+
+-->
+<ruleset name="AberdeenMosque.org">
+	<target host="aberdeenmosque.org" />
+	<target host="www.aberdeenmosque.org" />
+	<target host="qa.aberdeenmosque.org" />
+
+	<securecookie host="^(www|qa)\.aberdeenmosque\.org$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Aberdeen_City.gov.uk-falsemixed.xml b/src/chrome/content/rules/Aberdeen_City.gov.uk-falsemixed.xml
new file mode 100644
index 000000000000..eea8b000a150
--- /dev/null
+++ b/src/chrome/content/rules/Aberdeen_City.gov.uk-falsemixed.xml
@@ -0,0 +1,17 @@
+<!--
+	For rules not causing false/broken MCB, see Aberdeen_City.gov.uk.xml.
+
+-->
+<ruleset name="Aberdeen City.gov.uk (false MCB)" platform="mixedcontent">
+
+	<target host="aberdeencity.gov.uk" />
+	<target host="www.aberdeencity.gov.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Aberdeen_City.gov.uk.xml b/src/chrome/content/rules/Aberdeen_City.gov.uk.xml
new file mode 100644
index 000000000000..c93ca5e29e6a
--- /dev/null
+++ b/src/chrome/content/rules/Aberdeen_City.gov.uk.xml
@@ -0,0 +1,43 @@
+<!--
+	Aberdeen City Council
+
+	For rules causing false/broken MCB, see Aberdeen_City.gov.uk-falsemixed.xml.
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- aberdeencity.gov.uk
+		- .aberdeencity.gov.uk
+		- www.aberdeencity.gov.uk
+
+
+	Mixed content:
+
+		- css on (www.)? from www.aberdeencity.gov.uk ˢ
+		- Images on (www.)? from www.aberdeencity.gov.uk ˢ
+		- Bugs on (www.)? from socitm.govmetric.com
+
+	ˢ Secured by us
+
+-->
+<ruleset name="Aberdeen City.gov.uk (partial)">
+
+	<!--target host="aberdeencity.gov.uk" /-->
+	<target host="online.aberdeencity.gov.uk" />
+	<!--target host="www.aberdeencity.gov.uk" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?aberdeencity\.gov\.uk$" name="^ASPSESSIONID[A-Z]{8}$" /-->
+	<!--securecookie host="^\.aberdeencity\.gov\.uk$" name="^AcceptedCookies$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Aberdeenshire.gov.uk.xml b/src/chrome/content/rules/Aberdeenshire.gov.uk.xml
new file mode 100644
index 000000000000..bfaeaf6841fc
--- /dev/null
+++ b/src/chrome/content/rules/Aberdeenshire.gov.uk.xml
@@ -0,0 +1,37 @@
+<!--
+	Aberdeenshire Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+	Non-functional hosts
+		Couldn't connect to server:
+		- bookings.aberdeenshire.gov.uk
+
+		Timeout was reached:
+		- search.aberdeenshire.gov.uk
+
+		SSL peer certificate was not OK:
+		- aldo.aberdeenshire.gov.uk
+		- arcadialite.aberdeenshire.gov.uk
+		- worksmart.aberdeenshire.gov.uk
+
+		Status code mismatch:
+		- aberdeenshire.gov.uk
+		- host1.aberdeenshire.gov.uk
+-->
+<ruleset name="Aberdeenshire.gov.uk">
+	<target host="aberdeenshire.gov.uk" />
+	<target host="www.aberdeenshire.gov.uk" />
+	<target host="committees.aberdeenshire.gov.uk" />
+	<target host="host1.aberdeenshire.gov.uk" />
+	<target host="online.aberdeenshire.gov.uk" />
+	<target host="upa.aberdeenshire.gov.uk" />
+
+	<rule from="^http://aberdeenshire\.gov\.uk/"
+			to="https://www.aberdeenshire.gov.uk/" />
+
+	<rule from="^http://host1\.aberdeenshire\.gov\.uk/"
+			to="https://www.aberdeenshire.gov.uk/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Aberystwyth-University-mismatches.xml b/src/chrome/content/rules/Aberystwyth-University-mismatches.xml
deleted file mode 100644
index 2b47288d443f..000000000000
--- a/src/chrome/content/rules/Aberystwyth-University-mismatches.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	For rules that are on by default, see Aberystwyth-University.xml.
-
--->
-<ruleset name="Aberystwyth University (mismatches)" default_off="expired, self-signed">
-
-	<target host="connect.aber.ac.uk" />
-
-
-	<securecookie host="^connect\.aber\.ac\.uk$" name=".+" />
-
-
-	<rule from="^http://connect\.aber\.ac\.uk/"
-		to="https://connect.aber.ac.uk/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Aberystwyth-University.xml b/src/chrome/content/rules/Aberystwyth-University.xml
index 9419b6e29413..3b7655256b07 100644
--- a/src/chrome/content/rules/Aberystwyth-University.xml
+++ b/src/chrome/content/rules/Aberystwyth-University.xml
@@ -1,89 +1,53 @@
 <!--
-	For problematic rules, see Aberystwyth-University-mismatches.xml.
-
-
-	aber-ac-uk.campuspack.eu
-
-
-	Problematic subdomains:
-
-		- ^
-		- arun		(CN: primo; same as primo)
-		- beta
-		- connect	(self-signed)
-
-
-	Nonfunctional subdomains:
-
-		- www.inf
-		- jump		(rx_record_too_long)
-		- nexus
-		- users
-
-
-	Partially covered subdomains:
-
-		- cadair
-
-			- Many paths redirect to http
-			- These don't:
-
-				- dspace/ldap-login
-
-		- primo
-
-			- These paths 404:
-
-				- primo_library/libweb/
-
-			- These don't:
-
-				- $
-				- goto/logon/
-				- pds
-
-
-	Fully covered subdomains:
-
-		- ^		(→ www)
-		- adfs
-		- beta		(→ www)
-		- blackboard
-		- careers
-		- exchange
-		- myaccount
-		- outlook
-		- blackboardtest.psv
-		- qmpsum
-		- share
-		- shibboleth
-		- shop
-		- staffrecord
-		- studentrecord
-		- voyager
-		- webmail
-		- wordpress
-		- www
-
+	Non-functional hosts
+		Couldn't connect to server:
+		- users.aber.ac.uk
+
+		Timeout was reached:
+		- abw.aber.ac.uk
+		- www.catering.aber.ac.uk
+		- cms.aber.ac.uk
+		- meq.aber.ac.uk
+		- qmpsum.aber.ac.uk
+		- sams.aber.ac.uk
+
+		SSL peer certificate was not OK:
+		- aspire.aber.ac.uk
+		- www.inf.aber.ac.uk
+		- webmail.aber.ac.uk
+
+		Mixed content blocking (MCB) triggered:
+		- cadair.aber.ac.uk
+		- wordpress.aber.ac.uk
 -->
 <ruleset name="Aberystwyth University (partial)">
-
 	<target host="aber.ac.uk" />
-	<target host="*.aber.ac.uk" />
-		<exclusion pattern="^http://cadair\.aber\.ac\.uk/(?!dspace/ldap-login)" />
-		<exclusion pattern="^http://(?:connect|www\.inf|jump|nexus|users)\." />
-		<exclusion pattern="^http://primo\.aber\.ac\.uk(?:80)?/primo_library/libweb/" />
-
-
-	<!--	^c & ^p to avoid cadair & primo.
-							-->
-	<securecookie host="^[^cp][\w\.]+\.aber\.ac\.uk$" name=".+" />
-
-
-	<rule from="^https?://(?:beta\.)?aber\.ac\.uk/"
-		to="https://www.aber.ac.uk/" />
-
-	<rule from="^http://([\w\.]+)\.aber\.ac\.uk/"
-		to="https://$1.aber.ac.uk/" />
-
+	<target host="www.aber.ac.uk" />
+	<target host="accommodation.aber.ac.uk" />
+	<target host="ap.aber.ac.uk" />
+	<target host="www.bis.aber.ac.uk" />
+	<target host="blackboard.aber.ac.uk" />
+	<target host="careers.aber.ac.uk" />
+	<target host="courses.aber.ac.uk" />
+	<target host="cyrsiau.aber.ac.uk" />
+	<target host="jobs.aber.ac.uk" />
+	<target host="jump.aber.ac.uk" />
+	<target host="myaccount.aber.ac.uk" />
+	<target host="nexus.aber.ac.uk" />
+	<target host="outlook.aber.ac.uk" />
+	<target host="primo.aber.ac.uk" />
+	<target host="share.aber.ac.uk" />
+	<target host="sharepoint.aber.ac.uk" />
+	<target host="shibboleth.aber.ac.uk" />
+	<target host="shop.aber.ac.uk" />
+	<target host="studentrecord.aber.ac.uk" />
+	<target host="voyager.aber.ac.uk" />
+
+	<securecookie host="^www\.aber\.ac\.uk$" name=".+" />
+	<securecookie host="^careers\.aber\.ac\.uk$" name=".+" />
+	<securecookie host="^jobs\.aber\.ac\.uk$" name=".+" />
+	<securecookie host="^myaccount\.aber\.ac\.uk$" name=".+" />
+
+	<rule from="^http:"
+			to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Abhayagiri.org.xml b/src/chrome/content/rules/Abhayagiri.org.xml
new file mode 100644
index 000000000000..76ff19ba290b
--- /dev/null
+++ b/src/chrome/content/rules/Abhayagiri.org.xml
@@ -0,0 +1,9 @@
+<ruleset name="Abhayagiri Buddhist Monastery">
+    <target host="abhayagiri.org" />
+    <target host="www.abhayagiri.org" />
+
+    <securecookie host="^www\.abhayagiri\.org$" name=".+" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Abila.com.xml b/src/chrome/content/rules/Abila.com.xml
deleted file mode 100644
index 548be47a9f93..000000000000
--- a/src/chrome/content/rules/Abila.com.xml
+++ /dev/null
@@ -1,26 +0,0 @@
-<!--
-	CN: acquia-sites.com
-
-
-	Mixed content:
-
-		- css on www from fonts.googleapis.com *
-
-		- Images on www from www *
-
-	* Secured by us
-
--->
-<ruleset name="Abila.com" default_off="mismatched">
-
-	<target host="abila.com" />
-	<target host="*.abila.com" />
-
-
-	<securecookie host="^\.abila\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?abila\.com/"
-		to="https://www.abila.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Abiliba.xml b/src/chrome/content/rules/Abiliba.xml
deleted file mode 100644
index de644f44d317..000000000000
--- a/src/chrome/content/rules/Abiliba.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<ruleset name="Abiliba" platform="mixedcontent">
-
-	<target host="abiliba.net"/>
-	<target host="*.abiliba.net"/>
-
-	<securecookie host="^secure\.abiliba\.net$" name=".*"/>
-
-	<rule from="^http://(?:secure\.|www\.)?abiliba\.net/"
-		to="https://secure.abiliba.net/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Abine.xml b/src/chrome/content/rules/Abine.xml
index 80406078302d..1d00da323361 100644
--- a/src/chrome/content/rules/Abine.xml
+++ b/src/chrome/content/rules/Abine.xml
@@ -1,13 +1,27 @@
-<ruleset name="Abine">
-
-	<target host="abine.com" />
-	<target host="*.abine.com" />
-
-
-	<securecookie host="^(?:w*\.)?abine\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?abine\.com/"
-		to="https://$1abine.com/" />
-
-</ruleset>
+<!--
+	Insecure cookies are set for these hosts:
+
+		- abine.com
+		- www.abine.com
+
+-->
+<ruleset name="Abine.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="abine.com" />
+	<target host="dnt.abine.com" />
+	<target host="www.abine.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?abine\.com$" name="^SERVERID$" /-->
+
+	<securecookie host="^(?:w*\.)?abine\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AbleGamers.xml b/src/chrome/content/rules/AbleGamers.xml
index 792b2a61dc24..464b44862dde 100644
--- a/src/chrome/content/rules/AbleGamers.xml
+++ b/src/chrome/content/rules/AbleGamers.xml
@@ -7,7 +7,6 @@
 	<securecookie host="^www\.ablegamers\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?ablegamers\.com/"
-		to="https://$1ablegamers.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Abma.de.xml b/src/chrome/content/rules/Abma.de.xml
deleted file mode 100644
index e416f0f79792..000000000000
--- a/src/chrome/content/rules/Abma.de.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="Abma.de" default_off="Expired">
-
-	<target host="abma.de"/>
-	<target host="ssl.abma.de"/>
-	<target host="www.abma.de"/>
-
-	<rule from="^http://(ssl\.|www\.)?abma\.de/" to="https://abma.de/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Abosgratis.de.xml b/src/chrome/content/rules/Abosgratis.de.xml
new file mode 100644
index 000000000000..0c02c0e97fb6
--- /dev/null
+++ b/src/chrome/content/rules/Abosgratis.de.xml
@@ -0,0 +1,6 @@
+<ruleset name="Abosgratis.de">
+  <target host="abosgratis.de" />
+  <target host="www.abosgratis.de" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/About-Ads.xml b/src/chrome/content/rules/About-Ads.xml
index eea631ee4c42..902bbd009933 100644
--- a/src/chrome/content/rules/About-Ads.xml
+++ b/src/chrome/content/rules/About-Ads.xml
@@ -1,15 +1,31 @@
-<ruleset name="About Ads (partial)">
 
-	<target host="aboutads.info" />
-	<target host="*.aboutads.info" />
-		<exclusion pattern="^http://(?:www\.)?aboutads\.info/(choices)/" />
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://staging.aboutads.info/ => https://staging.aboutads.info/: Too many redirects while fetching 'https://staging.aboutads.info/'
 
-        <!-- comment this out so that www.aboutads.info/choices page
-	     will not throw a "First Party Cookies Not Enabled" error 
-	<securecookie host="^(?:.*\.)?aboutads\.info$" name=".+" /> -->
+	Expired:
+		- jasperserver.aboutads.info
 
+	Mixed JS:
+		- www.aboutads.info/choices/
+-->
+<ruleset name="About Ads (partial)" default_off="failed ruleset test">
+	<target host="aboutads.info" />
+	<target host="www.aboutads.info" />
+		<exclusion pattern="^http://(www\.)?aboutads\.info/choices/" />
+			<test url="http://aboutads.info/choices/" />
+			<test url="http://www.aboutads.info/choices/" />
+		<!-- XMLHttpRequest cannot load https://www.aboutads.info/actionlog/post/.
+			No 'Access-Control-Allow-Origin' header is present on the requested resource.
+			Origin 'http://www.aboutads.info' is therefore not allowed access. -->
+		<exclusion pattern="^http://(www\.)?aboutads\.info/actionlog/post/" />
+			<test url="http://aboutads.info/actionlog/post/" />
+			<test url="http://www.aboutads.info/actionlog/post/" />
+	<target host="staging.aboutads.info" />
 
-	<rule from="^http://(?:www\.)?aboutads\.info/"
-		to="https://www.aboutads.info/" />
+	<!-- comment this out so that www.aboutads.info/choices page
+			will not throw a "First Party Cookies Not Enabled" error
+	<securecookie host="^(?:.*\.)?aboutads\.info$" name=".+" /-->
 
+	<rule from="^http:"	to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/AboutMe.xml b/src/chrome/content/rules/AboutMe.xml
index cabca577b1c6..0b2988db1893 100644
--- a/src/chrome/content/rules/AboutMe.xml
+++ b/src/chrome/content/rules/AboutMe.xml
@@ -8,10 +8,9 @@
 	<target host="www.about.me" />
 
 
-	<securecookie host="^(.*\.)?about.me$" name=".*" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(www\.)?about\.me/"
-		to="https://$1about.me/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/AboutUs-problematic.xml b/src/chrome/content/rules/AboutUs-problematic.xml
deleted file mode 100644
index 2e9c94c6cfa4..000000000000
--- a/src/chrome/content/rules/AboutUs-problematic.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	For rules that are on by default, see AboutUs.xml
-
--->
-<ruleset name="AboutUs (problematic)" default_off="expired">
-
-	<target host="aboutus.org" />
-	<target host="www.aboutus.org" />
-
-
-	<!--	All pages, even login and signup pages,
-		redirect to http.	-->
-	<rule from="^http://(www\.)?aboutus\.org/(favicon\.ico|Special/)"
-		to="https://$1aboutus.org/$2" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/AboutUs.xml b/src/chrome/content/rules/AboutUs.xml
index f0330357bb5e..372ed71a5363 100644
--- a/src/chrome/content/rules/AboutUs.xml
+++ b/src/chrome/content/rules/AboutUs.xml
@@ -1,34 +1,14 @@
 <!--
-	For problematic rules, see AboutUs-problematic.xml.
-
-
-	CDN buckets:
-
-		- s3.amazonaws.com/au-site-images/"
-			Equivalent to d3v8bt6u4b7hzw.cloudfront.net
-		- s3.amazonaws.com/au-site-logos/
-		- s3.amazonaws.com/au-site-portraits/
-			Equivalent to d1wyc67tysray3.cloudfront.net
-		- s3.amazonaws.com/au-site-thumb-images
-			Equivalent to d2a3uviy5jmupq.cloudfront.net
-
-
-	Nonfunctional:
-
-		- (www.)aboutus.com	(ssl_error_rx_record_too_long)
-
-
-	Problematic domains:
-
-		- (www.)aboutus.org	(expired 2013-03-06)
-
+	aboutus.com has both a wildcard DNS record and a wildcard certificate, so enumerating all subdomains is impossible.
 -->
-<ruleset name="AboutUs (partial)" platform="mixedcontent">
-
-	<target host="static.aboutus.org" />
+<ruleset name="AboutUs">
+	<target host="aboutus.org" />
+	<target host="www.aboutus.org" />
 
+	<target host="aboutus.com" />
+	<target host="www.aboutus.com" />
 
-	<rule from="^http://static\.aboutus\.org/"
-		to="https://s3.amazonaws.com/au-site-static-assets/" />
+	<securecookie host=".+" name=".+" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/About_My_Vote.co.uk.xml b/src/chrome/content/rules/About_My_Vote.co.uk.xml
new file mode 100644
index 000000000000..4ad205662b0d
--- /dev/null
+++ b/src/chrome/content/rules/About_My_Vote.co.uk.xml
@@ -0,0 +1,46 @@
+<!--
+	^aboutmyvote.co.uk: 404
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- aboutmyvote.co.uk
+		- www.aboutmyvote.co.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Fonts from $self *
+		- Images from $self *
+
+	* Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="About My Vote.co.uk">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.aboutmyvote.co.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="aboutmyvote.co.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?aboutmyvote\.co\.uk$" name="^SQ_SYSTEM_SESSION$" /-->
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://aboutmyvote\.co\.uk/"
+		to="https://www.aboutmyvote.co.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/About_the_Data.com.xml b/src/chrome/content/rules/About_the_Data.com.xml
new file mode 100644
index 000000000000..62584df2c4f0
--- /dev/null
+++ b/src/chrome/content/rules/About_the_Data.com.xml
@@ -0,0 +1,12 @@
+<!--
+-->
+<ruleset name="About the Data.com">
+
+	<target host="aboutthedata.com" />
+	<target host="www.aboutthedata.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Above.com.xml b/src/chrome/content/rules/Above.com.xml
index e692e2596349..354a771ec68e 100644
--- a/src/chrome/content/rules/Above.com.xml
+++ b/src/chrome/content/rules/Above.com.xml
@@ -26,7 +26,6 @@
 	<securecookie host="^(?:www\.)?above\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?above\.com/"
-		to="https://$1above.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Abs.ch.xml b/src/chrome/content/rules/Abs.ch.xml
new file mode 100644
index 000000000000..e3eba99dfafd
--- /dev/null
+++ b/src/chrome/content/rules/Abs.ch.xml
@@ -0,0 +1,33 @@
+<!--
+	Nonfunctional hosts in *.abs.ch:
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Alternative Bank Switzerland">
+	<target host="abs.ch" />
+	<target host="www.abs.ch" />
+	<target host="bas.ch" />
+	<target host="www.bas.ch" />
+
+	<!-- E-Banking -->
+	<target host="wwwsec.abs.ch" />
+
+	<!-- Redirection domains -->
+	<target host="alternativebankswitzerland.ch" />
+	<target host="www.alternativebankswitzerland.ch" />
+	<target host="banquealternativesuisse.ch" />
+	<target host="www.banquealternativesuisse.ch" />
+	<target host="alternativebankschweiz.ch" />
+	<target host="www.alternativebankschweiz.ch" />
+	<target host="bancaalternativasvizzera.ch" />
+	<target host="www.bancaalternativasvizzera.ch" />
+
+	<rule from="^http:"
+		to="https:" />
+
+	<securecookie host=".+" name=".+" />
+</ruleset>
diff --git a/src/chrome/content/rules/AbuAminaElias.com.xml b/src/chrome/content/rules/AbuAminaElias.com.xml
new file mode 100644
index 000000000000..007a8fa183f8
--- /dev/null
+++ b/src/chrome/content/rules/AbuAminaElias.com.xml
@@ -0,0 +1,10 @@
+<!--
+	Invalid Certificate:
+		dailyhadith.abuaminaelias.com
+-->
+<ruleset name="AbuAminaElias.com">
+	<target host="abuaminaelias.com" />
+	<target host="www.abuaminaelias.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Abuse.ch.xml b/src/chrome/content/rules/Abuse.ch.xml
deleted file mode 100644
index 06aa7d4860e9..000000000000
--- a/src/chrome/content/rules/Abuse.ch.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="Abuse.ch">
-
-	<target host="*.abuse.ch" />
-
-
-	<securecookie host="^.*\.abuse\.ch$" name=".*" />
-
-
-	<rule from="^http://(spyeyetracker|www|zeustracker)\.abuse\.ch/"
-		to="https://$1.abuse.ch/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/AbuseIPDB.com.xml b/src/chrome/content/rules/AbuseIPDB.com.xml
new file mode 100644
index 000000000000..bfcd782a5949
--- /dev/null
+++ b/src/chrome/content/rules/AbuseIPDB.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="AbuseIPDB.com">
+	<target host="abuseipdb.com" />
+	<target host="www.abuseipdb.com" />
+
+	<test url="http://abuseipdb.com/check/208.180.231.139" />
+	<test url="http://www.abuseipdb.com/whois/69.50.232.54" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Abusix.com.xml b/src/chrome/content/rules/Abusix.com.xml
new file mode 100644
index 000000000000..60cbc4866d73
--- /dev/null
+++ b/src/chrome/content/rules/Abusix.com.xml
@@ -0,0 +1,37 @@
+<!--
+
+	Problematic hosts in *abusix.com:
+
+		- abusehq ᵐ
+		- api ᵐ
+		- blackholemx ᵐ
+		- drive ᵐ
+		- fbl ᵐ
+		- feed01 ᵐ
+		- feed02 ᵐ
+		- feed03 ᵐ
+		- feed04 ᵐ
+		- feed05 ᵐ
+		- globalreport
+		- inject-feeds ᵐ
+		- leakdb ᵐ
+		- shot01 ᵐ
+		- shot02 ᵐ
+		- shot03 ᵐ
+		- shot04 ᵐ
+		- shot05 ᵐ
+
+	ᵐ Mismatched
+
+-->
+<ruleset name="Abusix.com">
+
+	<target host="abusix.com" />
+	<target host="www.abusix.com" />
+	<target host="feeds.abusix.com" />
+	<target host="spamfeedme.abusix.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Abysmal.nl.xml b/src/chrome/content/rules/Abysmal.nl.xml
index 54c67485459a..62465e5e0e58 100644
--- a/src/chrome/content/rules/Abysmal.nl.xml
+++ b/src/chrome/content/rules/Abysmal.nl.xml
@@ -1,13 +1,18 @@
-<ruleset name="abysmal.nl">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.abysmal.nl/ => https://www.abysmal.nl/: (35, 'error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure')
+
+-->
+<ruleset name="abysmal.nl" default_off="failed ruleset test">
 
 	<target host="abysmal.nl" />
-	<target host="*.abysmal.nl" />
+	<target host="www.abysmal.nl" />
 
 
 	<securecookie host="^\.abysmal.nl$" name=".+" />
 
 
-	<rule from="^http://(www\.)?abysmal\.nl/"
-		to="https://$1abysmal.nl/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Academia-Press.xml b/src/chrome/content/rules/Academia-Press.xml
deleted file mode 100644
index 87e61cf7c838..000000000000
--- a/src/chrome/content/rules/Academia-Press.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<ruleset name="Academia Press" default_off="expired, self-signed">
-
-	<!--	Cert: plesk	-->
-	<target host="academiapress.be" />
-	<target host="www.academiapress.be" />
-	<!--	* for cross-subdomain cookie.	-->
-	<target host="*.www.academiapress.be" />
-
-
-	<securecookie host="^(.*\.)?academiapress\.be$" name=".*" />
-
-
-	<!--	!www doesn't work over https.	-->
-	<rule from="^https?://(?:www\.)?academiapress\.be/"
-		to="https://www.academiapress.be/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Academia-assets.com.xml b/src/chrome/content/rules/Academia-assets.com.xml
new file mode 100644
index 000000000000..a8c8822f58f6
--- /dev/null
+++ b/src/chrome/content/rules/Academia-assets.com.xml
@@ -0,0 +1,10 @@
+<!--
+	For other Academia.edu coverage, see Academia.edu.xml.
+-->
+<ruleset name="Academia-assets.com">
+	<target host="a.academia-assets.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Academia.edu.xml b/src/chrome/content/rules/Academia.edu.xml
index b29aabd7c5bb..37c13aac554f 100644
--- a/src/chrome/content/rules/Academia.edu.xml
+++ b/src/chrome/content/rules/Academia.edu.xml
@@ -1,15 +1,42 @@
-<!--	There's a bucket at s3.amazonaws.com/academia/
+<!--
+	Other Academia.edu rulesets:
+
+		- Academia-assets.com.xml
+
+
+	There's a bucket at s3.amazonaws.com/academia/
 
 	s3.amazonaws.com/academia.edu.(assets|images)/
 
 	!functional:
-		(assets[012].|www.)academia\.edu
+		assets[012].academia\.edu
+
+
+	Nearly all subdomains (with two exceptions) are covered using a wildcard:
+	The Academia.edu website has SSL enabled for subdomains www and of the form
+ 	<university name>.academia.edu.
+
+
+	Exceptions:
+
+		- mail
+		- support
+
 -->
 <ruleset name="Academia.edu (partial)">
-
+	<target host="academia.edu" />
 	<target host="*.academia.edu"/>
 
-	<rule from="^http://(assets|images|photos)\.academia\.edu/"
-		to="https://s3.amazonaws.com/academia.edu.$1/"/>
+	<test url="http://princeton.academia.edu/" />
+	<test url="http://columbia.academia.edu/" />
+	<test url="http://oxford.academia.edu/" />
+	<test url="http://mail.academia.edu/" />
+	<test url="http://support.academia.edu/" />
+
+	<exclusion pattern="^http://support\.academia\.edu/"/>
+	<exclusion pattern="^http://mail\.academia\.edu/"/>
+
+	<securecookie host=".+" name=".+" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/AcademiaPress.be.xml b/src/chrome/content/rules/AcademiaPress.be.xml
new file mode 100644
index 000000000000..9bd0c85ba466
--- /dev/null
+++ b/src/chrome/content/rules/AcademiaPress.be.xml
@@ -0,0 +1,17 @@
+<!--
+	Non-functional hosts:
+		Mismatched:
+		- files.academiapress.be
+
+		Incomplete certificate chain:
+		- academiapress.be
+		- www.academiapress.be
+-->
+<ruleset name="AcademiaPress.be (partial)" default_off="cert-chain">
+	<target host="academiapress.be" />
+	<target host="www.academiapress.be" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Academics.de.xml b/src/chrome/content/rules/Academics.de.xml
new file mode 100644
index 000000000000..99ccca587016
--- /dev/null
+++ b/src/chrome/content/rules/Academics.de.xml
@@ -0,0 +1,23 @@
+<!--
+	Mixed Content:
+		zeit.academics.de
+-->
+<ruleset name="Academics.de">
+	<target host="academics.de" />
+	<target host="www.academics.de" />
+	<target host="cms.academics.de" />
+	<target host="m.academics.de" />
+
+	<!--	Secured by server:
+					-->
+	<!--securecookie host="^www\.academics\.de$" name="^JSESSIONID$" /-->
+	<!--
+		Not secured by server:
+					-->
+	<!--securecookie host="^\.academics\.de$" name="^academics-tracking-cookie$" /-->
+	<!--securecookie host="^www\.academics\.de$" name="^WANT_SSL$" /-->
+
+	<securecookie host="^(?:www)?\.academics\.de$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Academy-of-Model-Aeronautics.xml b/src/chrome/content/rules/Academy-of-Model-Aeronautics.xml
index 2c535708217f..df9ea33bf601 100644
--- a/src/chrome/content/rules/Academy-of-Model-Aeronautics.xml
+++ b/src/chrome/content/rules/Academy-of-Model-Aeronautics.xml
@@ -14,7 +14,7 @@
 			- xla*
 				- Set by advertising/.
 					-->
-	<securecookie host="^(www\.)?modelaircraft\.org$" name=".*" />
+	<securecookie host="^(?:www\.)?modelaircraft\.org$" name=".+" />
 
 
 	<!--	Pages redirect to www, but files don't.
diff --git a/src/chrome/content/rules/Academy_Credit_online.com.xml b/src/chrome/content/rules/Academy_Credit_online.com.xml
deleted file mode 100644
index b4d9cc8a5ac9..000000000000
--- a/src/chrome/content/rules/Academy_Credit_online.com.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Academy Credit online.com">
-
-	<target host="academycreditonline.com" />
-	<target host="*.academycreditonline.com" />
-
-
-	<securecookie host="^(?:\w*\.)?academycreditonline\.com$" name=".+" />
-
-
-	<rule from="^http://(secure\.|www\.)?academycreditonline\.com/"
-		to="https://$1academycreditonline.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Acalog.xml b/src/chrome/content/rules/Acalog.xml
deleted file mode 100644
index a7684e398219..000000000000
--- a/src/chrome/content/rules/Acalog.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="Acalog">
-
-	<target host="*.acalogadmin.com" />
-
-
-	<securecookie host=".+\.acalogadmin\.com$" name=".+" />
-
-
-	<rule from="^http://([\w-]+)\.acalogadmin\.com/"
-		to="https://$1.acalogadmin.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/AcalogAdmin.com.xml b/src/chrome/content/rules/AcalogAdmin.com.xml
new file mode 100644
index 000000000000..c774318ef80e
--- /dev/null
+++ b/src/chrome/content/rules/AcalogAdmin.com.xml
@@ -0,0 +1,15 @@
+<ruleset name="Acalog">
+
+	<target host="*.acalogadmin.com" />
+
+		<test url="http://calvin.acalogadmin.com/login.php" />
+		<test url="http://edcc.acalogadmin.com/login.php" />
+		<test url="http://life.acalogadmin.com/login.php" />
+		<test url="http://limcollege.acalogadmin.com/login.php" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Accela-Communications.xml b/src/chrome/content/rules/Accela-Communications.xml
deleted file mode 100644
index 018c81e934cd..000000000000
--- a/src/chrome/content/rules/Accela-Communications.xml
+++ /dev/null
@@ -1,39 +0,0 @@
-<!--
-	Nonfunctional:
-
-		- (www.)?kitd.com
-
-
-	Mismatches:
-
-		- help.accelaworks.com (cert: *.hoster909.com;)
-
--->
-<ruleset name="Accela Communications (partial)">
-
-	<target host="accelacomm.com" />
-	<target host="*.accelacomm.com" />
-	<target host="accelaworks.com" />
-	<target host="www.accelaworks.com" />
-
-
-	<!--	Observed cookie domains:
-
-			- ^\.
-			- ^reg
-				-->
-	<securecookie host="^.*\.accelacomm\.com$" name=".*" />
-	<securecookie host="^(.*\.)?accelaworks\.com$" name=".*" />
-
-
-	<!--	Cert doesn't match !www.	-->
-	<rule from="^https?://accelacomm\.com/"
-		to="https://www.accelacomm.com/" />
-
-	<rule from="^http://(reg|www)\.accelacomm\.com/"
-		to="https://$1.accelacomm.com/" />
-
-	<rule from="^http://(www\.)?accelaworks\.com/"
-		to="https://$1accelaworks.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Accelerate.lgbt.xml b/src/chrome/content/rules/Accelerate.lgbt.xml
new file mode 100644
index 000000000000..7ac1f58cad3d
--- /dev/null
+++ b/src/chrome/content/rules/Accelerate.lgbt.xml
@@ -0,0 +1,8 @@
+<ruleset name="Accelerate.lgbt">
+	<target host="accelerate.lgbt" />
+	<target host="www.accelerate.lgbt" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Accellion.xml b/src/chrome/content/rules/Accellion.xml
index 6885c5f40f2e..d0f38cd4a9be 100644
--- a/src/chrome/content/rules/Accellion.xml
+++ b/src/chrome/content/rules/Accellion.xml
@@ -1,12 +1,20 @@
-<ruleset name="Accellion" platform="mixedcontent">
+<ruleset name="Accellion (partial)">
+	<target host="accellion.com" />
+	<target host="www.accellion.com" />
+	<target host="kiteworks.accellion.com" />
+	<target host="kiteworks-eu.accellion.com" />
+	<target host="kiteworks-hc2.accellion.com" />
+	<target host="kiteworks-h1.accellion.com" />
+	<target host="kiteworks-sg.accellion.com" />
+	<target host="kiteworks-usw.accellion.com" />
+	<target host="info.accellion.com" />
+	<target host="www.info.accellion.com" />
+	<target host="community.accellion.com" />
+	<target host="support.accellion.com" />
+	<target host="signature.accellion.com" />
+	<target host="webmail.accellion.com" />
 
-	<target host="accellion.com"/>
-	<!--	* for cross-domain cookie	-->
-	<target host="*.accellion.com"/>
-
-	<securecookie host="^(.*\.)accellion\.com$" name=".*"/>
-
-	<rule from="^http://(www\.)?accellion\.com/"
-		to="https://$1accellion.com/"/>
+	<securecookie host=".+" name=".+" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Acceptiva.com.xml b/src/chrome/content/rules/Acceptiva.com.xml
index d48e2c2746bb..96ee52cefaec 100644
--- a/src/chrome/content/rules/Acceptiva.com.xml
+++ b/src/chrome/content/rules/Acceptiva.com.xml
@@ -9,7 +9,6 @@
 	<target host="secure.acceptiva.com" />
 
 
-	<rule from="^http://secure\.acceptiva\.com/"
-		to="https://secure.acceptiva.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Access-kaiseki-tools.com.xml b/src/chrome/content/rules/Access-kaiseki-tools.com.xml
new file mode 100644
index 000000000000..3c2828a8b4fa
--- /dev/null
+++ b/src/chrome/content/rules/Access-kaiseki-tools.com.xml
@@ -0,0 +1,13 @@
+<!--
+	Web bugs.
+
+-->
+<ruleset name="access-kaiseki-tools.com">
+
+	<target host="access-kaiseki-tools.com" />
+	<target host="www.access-kaiseki-tools.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AccessGuardian.com.xml b/src/chrome/content/rules/AccessGuardian.com.xml
index ade6b3c81539..1a0e29ea383a 100644
--- a/src/chrome/content/rules/AccessGuardian.com.xml
+++ b/src/chrome/content/rules/AccessGuardian.com.xml
@@ -1,4 +1,11 @@
-<ruleset name="AccessGuardian.com">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://accessguardian.com/ => https://accessguardian.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.accessguardian.com/ => https://www.accessguardian.com/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="AccessGuardian.com" default_off="failed ruleset test">
 
 	<target host="accessguardian.com" />
 	<target host="www.accessguardian.com" />
@@ -7,7 +14,6 @@
 	<securecookie host="^(?:www\.)?accessguardian\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?accessguardian\.com/"
-		to="https://$1accessguardian.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/AccessLabs.xml b/src/chrome/content/rules/AccessLabs.xml
deleted file mode 100644
index edd930c18409..000000000000
--- a/src/chrome/content/rules/AccessLabs.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<ruleset name="AccessLabs">
-
-	<target host="accesslabs.net" />
-	<target host="*.accesslabs.net" />
-	<target host="accesslabs.org" />
-	<target host="www.accesslabs.org" />
-
-
-	<securecookie host="^(www\.)?accesslabs\.(net|org)$" name=".*" />
-
-
-	<rule from="^http://(ext\.|www\.)?accesslabs\.net/"
-		to="https://$1accesslabs.net/" />
-
-	<rule from="^http://(www\.)?accesslabs\.org/"
-		to="https://$1accesslabs.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/AccessNow.xml b/src/chrome/content/rules/AccessNow.xml
index 6627dd52dc62..50c556ea9033 100644
--- a/src/chrome/content/rules/AccessNow.xml
+++ b/src/chrome/content/rules/AccessNow.xml
@@ -1,13 +1,47 @@
-<ruleset name="AccessNow.org" platform="mixedcontent">
+<!--
+	Other Access rulesets:
 
+		- Stop_Cyber_Spying.com.xml
+
+
+	CDN buckets:
+
+		- s3.amazonaws.com/access.3cdn.net/
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .accessnow.org
+		- .donate.accessnow.org
+		- www.accessnow.org
+
+
+	Mixed content:
+
+		- Bug on www from piwik.accessnow.org *
+
+	* Secured by us
+
+-->
+<ruleset name="AccessNow.org">
+
+	<!--	Direct rewrites:
+				-->
 	<target host="accessnow.org" />
-	<target host="*.accessnow.org" />
+	<target host="donate.accessnow.org" />
+	<target host="fakedomains.accessnow.org" />
+	<target host="piwik.accessnow.org" />
+	<target host="www.accessnow.org" />
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^fakedomains\.accessnow\.org$" name="^token$" /-->
 
-	<securecookie host="^.*\.accessnow\.org$" name=".*" />
+	<securecookie host=".*\.accessnow\.org$" name=".+" />
 
 
-	<rule from="^http://(donate\.|www\.)?accessnow\.org/"
-		to="https://$1accessnow.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/AccessPress_Themes.com.xml b/src/chrome/content/rules/AccessPress_Themes.com.xml
new file mode 100644
index 000000000000..74d0ae9ee7d5
--- /dev/null
+++ b/src/chrome/content/rules/AccessPress_Themes.com.xml
@@ -0,0 +1,24 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- accesspressthemes.com
+		- www.accesspressthemes.com
+
+-->
+<ruleset name="AccessPress Themes.com">
+
+	<target host="accesspressthemes.com" />
+	<target host="www.accesspressthemes.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?accesspressthemes\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AccessPrivacy.ca.xml b/src/chrome/content/rules/AccessPrivacy.ca.xml
new file mode 100644
index 000000000000..afeec9a9206a
--- /dev/null
+++ b/src/chrome/content/rules/AccessPrivacy.ca.xml
@@ -0,0 +1,28 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://accessprivacy.ca/ => https://accessprivacy.ca/: (7, 'Failed to connect to accessprivacy.ca port 443: Connection refused')
+Fetch error: http://www.accessprivacy.ca/ => https://www.accessprivacy.ca/: (7, 'Failed to connect to www.accessprivacy.ca port 443: Connection refused')
+
+	For other Access Privacy coverage, see Access_Privacy.com.xml.
+
+
+	Mixed content:
+
+		- Web bugs from img.constantcontact.com *
+
+	* Secured by us
+
+-->
+<ruleset name="AccessPrivacy.ca" default_off="failed ruleset test">
+
+	<target host="accessprivacy.ca" />
+	<target host="www.accessprivacy.ca" />
+
+
+	<securecookie host="^(?:w*\.)?accessprivacy\.ca$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Access_Office_Products.xml b/src/chrome/content/rules/Access_Office_Products.xml
index aed3aa00db27..a93d1f8764af 100644
--- a/src/chrome/content/rules/Access_Office_Products.xml
+++ b/src/chrome/content/rules/Access_Office_Products.xml
@@ -1,13 +1,21 @@
-<ruleset name="Access Office Products">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://accessofficeproducts.com/ => https://accessofficeproducts.com/: (51, "SSL: no alternative certificate subject name matches target host name 'accessofficeproducts.com'")
+Fetch error: http://www.accessofficeproducts.com/ => https://www.accessofficeproducts.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.accessofficeproducts.com'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://accessofficeproducts.com/ => https://accessofficeproducts.com/: (51, "SSL: no alternative certificate subject name matches target host name 'accessofficeproducts.com'")
+-->
+<ruleset name="Access Office Products" default_off="failed ruleset test">
 
 	<target host="accessofficeproducts.com" />
-	<target host="*.accessofficeproducts.com" />
+	<target host="www.accessofficeproducts.com" />
 
 
 	<securecookie host="^\.accessofficeproducts\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?accessofficeproducts\.com/"
-		to="https://$1accessofficeproducts.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Access_Privacy.com.xml b/src/chrome/content/rules/Access_Privacy.com.xml
new file mode 100644
index 000000000000..600a1e4f33f0
--- /dev/null
+++ b/src/chrome/content/rules/Access_Privacy.com.xml
@@ -0,0 +1,30 @@
+<!--
+	Other Access Privacy rulesets:
+
+		- AccessPrivacy.ca.xml
+
+
+	CDN buckets:
+
+		- accessprivacy.s3.amazonaws.com
+
+
+	Mixed content:
+
+		- Images from accessprivacy.s3.amazonaws.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Access Privacy.com">
+
+	<target host="accessprivacy.com" />
+	<target host="www.accessprivacy.com" />
+
+
+	<securecookie host="^(?:w*\.)?accessprivacy\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AccessibilityNL.xml b/src/chrome/content/rules/AccessibilityNL.xml
index 148fc1c9cb51..de4889581dfe 100644
--- a/src/chrome/content/rules/AccessibilityNL.xml
+++ b/src/chrome/content/rules/AccessibilityNL.xml
@@ -4,5 +4,5 @@
   <target host="www.accessibility.nl" />
   <target host="accessibility.nl" />
 
-  <rule from="^http://(?:www\.)?accessibility\.nl/" to="https://www.accessibility.nl/"/>
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Accessible-Information-Management.xml b/src/chrome/content/rules/Accessible-Information-Management.xml
index 699b95a47922..eb8d7a7757d7 100644
--- a/src/chrome/content/rules/Accessible-Information-Management.xml
+++ b/src/chrome/content/rules/Accessible-Information-Management.xml
@@ -1,9 +1,15 @@
-<ruleset name="Accessible Information Management (gunadiframework.com)">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://gunadiframework.com/ => https://gunadiframework.com/: (51, "SSL: no alternative certificate subject name matches target host name 'gunadiframework.com'")
+
+-->
+<ruleset name="Accessible Information Management (gunadiframework.com)" default_off="failed ruleset test">
 	<target host="gunadiframework.com" />
 	<target host="*.gunadiframework.com" />
 
-	<securecookie host="^(([a-zA-Z0-9\-]*)\.)?gunadiframework.com$" name=".+" />
+	<securecookie host="^(?:(?:[a-zA-Z0-9\-]*)\.)?gunadiframework.com$" name=".+" />
 
 	<rule from="^http://gunadiframework\.com/" to="https://gunadiframework.com/" />
 	<rule from="^http://([a-zA-Z0-9\-]+)\.gunadiframework\.com/" to="https://$1.gunadiframework.com/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Accessorize.xml b/src/chrome/content/rules/Accessorize.xml
index 7a31aa88c0d6..07fa31358141 100644
--- a/src/chrome/content/rules/Accessorize.xml
+++ b/src/chrome/content/rules/Accessorize.xml
@@ -6,4 +6,4 @@
 	<rule from="^http://uk\.accessorize\.com/(medias/|monsoon/|registerSession\.gif)"
 		to="https://uk.accessorize.com/$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Accesstrade.net.xml b/src/chrome/content/rules/Accesstrade.net.xml
index 9736a971da7d..4d588eeee07f 100644
--- a/src/chrome/content/rules/Accesstrade.net.xml
+++ b/src/chrome/content/rules/Accesstrade.net.xml
@@ -18,7 +18,6 @@
 	<securecookie host="^member\.accesstrade\.net$" name=".+" />
 
 
-	<rule from="^http://member\.accesstrade\.net/"
-		to="https://member.accesstrade.net/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Accordance_Bible.com.xml b/src/chrome/content/rules/Accordance_Bible.com.xml
new file mode 100644
index 000000000000..9ef0d4d36c32
--- /dev/null
+++ b/src/chrome/content/rules/Accordance_Bible.com.xml
@@ -0,0 +1,20 @@
+<!--
+	Some pages redirect to http.
+
+-->
+<ruleset name="Accordance Bible.com (partial)">
+
+	<target host="accordancebible.com" />
+	<target host="www.accordancebible.com" />
+
+
+	<!--	__utm\w+: google urchin
+		newsession_id: forum
+					-->
+	<securecookie host="^\.accordancebible\.com$" name="^(?:__utm\w+|newsession_id)$" />
+
+
+	<rule from="^http://(www\.)?accordancebible\.com/(?=archive/|(?:custom_)?content/|errors/|files/|(?:forums|site/thirdparty|store/(?:checkout_info|gift_card))(?:$|[?/])|thirdparty/)"
+		to="https://$1accordancebible.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Account3000.com.xml b/src/chrome/content/rules/Account3000.com.xml
new file mode 100644
index 000000000000..d1c857b2328c
--- /dev/null
+++ b/src/chrome/content/rules/Account3000.com.xml
@@ -0,0 +1,22 @@
+<!--
+	These altnames don't exist:
+
+		- www.dr.account3000.com
+
+-->
+<ruleset name="account3000.com">
+
+	<target host="account3000.com" />
+	<target host="www.account3000.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?account3000\.com$" name="^JSESSIONID$" /-->
+
+	<securecookie host="^(?:www\.)?account3000\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AccountKiller.com.xml b/src/chrome/content/rules/AccountKiller.com.xml
new file mode 100644
index 000000000000..865559acd464
--- /dev/null
+++ b/src/chrome/content/rules/AccountKiller.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- www.accountkiller.com
+
+-->
+<ruleset name="AccountKiller.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="accountkiller.com" />
+	<target host="www.accountkiller.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.accountkiller\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^www\.accountkiller\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AccountSupport.com.xml b/src/chrome/content/rules/AccountSupport.com.xml
index 406965a5cc6d..dcde9bc41a19 100644
--- a/src/chrome/content/rules/AccountSupport.com.xml
+++ b/src/chrome/content/rules/AccountSupport.com.xml
@@ -7,13 +7,13 @@
 <ruleset name="AccountSupport.com">
 
 	<target host="accountsupport.com" />
-	<target host="*.accountsupport.com" />
+	<target host="secure.accountsupport.com" />
+	<target host="www.accountsupport.com" />
 
 
 	<securecookie host="^\.accountsupport\.com$" name=".+" />
 
 
-	<rule from="^http://(secure\.|www\.)?accountsupport\.com/"
-		to="https://$1accountsupport.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Account_Chooser.xml b/src/chrome/content/rules/Account_Chooser.xml
index fff91e070693..fe33f0f2af73 100644
--- a/src/chrome/content/rules/Account_Chooser.xml
+++ b/src/chrome/content/rules/Account_Chooser.xml
@@ -4,7 +4,6 @@
 	<target host="www.accountchooser.com" />
 
 
-	<rule from="^http://(www\.)?accountchooser\.com/"
-		to="https://$1accountchooser.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Account_Online.com.xml b/src/chrome/content/rules/Account_Online.com.xml
index a3ab9facb518..1f8b1f4f5c92 100644
--- a/src/chrome/content/rules/Account_Online.com.xml
+++ b/src/chrome/content/rules/Account_Online.com.xml
@@ -22,4 +22,4 @@
 	<rule from="^http://(?:www\.)?accountonline\.com/"
 		to="https://www.accountonline.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Accountservergroup.com.xml b/src/chrome/content/rules/Accountservergroup.com.xml
index e13b1de836eb..2c406d29aa29 100644
--- a/src/chrome/content/rules/Accountservergroup.com.xml
+++ b/src/chrome/content/rules/Accountservergroup.com.xml
@@ -6,4 +6,4 @@
 	<rule from="^http://(?!www\.)([\w-]+)\.accountservergroup\.com/"
 		to="https://$1accountservergroup.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Accredible.com.xml b/src/chrome/content/rules/Accredible.com.xml
new file mode 100644
index 000000000000..e839d93d299c
--- /dev/null
+++ b/src/chrome/content/rules/Accredible.com.xml
@@ -0,0 +1,14 @@
+<ruleset name="Accredible.com">
+
+	<target host="accredible.com" />
+	<target host="www.accredible.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+	<securecookie host="^\." name="^__utm" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AccuWeather.xml b/src/chrome/content/rules/AccuWeather.xml
index faa3c7d47c50..5005e66fff11 100644
--- a/src/chrome/content/rules/AccuWeather.xml
+++ b/src/chrome/content/rules/AccuWeather.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://wwwl.accuweather.com/ (200) => https://wwwl.accuweather.com/ (403)
+
 	CDN buckets:
 
 		- motox.accu-weather.com.cdngc.net
@@ -21,37 +25,26 @@
 
 		- enterprisesolutions.accuweather.com	(works; self-signed, CN: Parallels Panel)
 
-
-	Fully covered domains:
-
-		- accuweather.com subdomains:
-
-			- api
-			- apidev
-			- enterpriseportal
-			- wwwl
-
-		- accu-weather.com subdomains:
-
-			- htc2
-			- motox
-			- samsu
-			- samsungmobile
-
 -->
-<ruleset name="AccuWeather (partial)">
+<ruleset name="AccuWeather (partial)" default_off="failed ruleset test">
 
-	<target host="*.accuweather.com" />
-	<target host="*.accu-weather.com" />
+	<!--	Direct rewrites:
+				-->
+	<target host="api.accuweather.com" />
+	<target host="apidev.accuweather.com" />
+	<target host="enterpriseportal.accuweather.com" />
+	<target host="wwwl.accuweather.com" />
 
+	<target host="htc2.accu-weather.com" />
+	<target host="motox.accu-weather.com" />
+	<target host="samsu.accu-weather.com" />
+	<target host="samsungmobile.accu-weather.com" />
 
-	<securecookie host="^enterpriseportal\.accuweather\.com$" name=".+" />
 
+	<securecookie host="^enterpriseportal\.accuweather\.com$" name=".+" />
 
-	<rule from="^http://(api|apidev|enterpriseportal|wwwl)\.accuweather\.com/"
-		to="https://$1.accuweather.com/" />
 
-	<rule from="^http://(htc2|motox|samsu|samsungmobile)\.accu-weather\.com/"
-		to="https://$1.accu-weather.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Accuen-problematic.xml b/src/chrome/content/rules/Accuen-problematic.xml
index a5cccc813240..f6f136ea8fc9 100644
--- a/src/chrome/content/rules/Accuen-problematic.xml
+++ b/src/chrome/content/rules/Accuen-problematic.xml
@@ -2,15 +2,13 @@
 	For rules that are on by default, see Accuen.xml.
 
 -->
-<ruleset name="Accuen (problematic)" default_off="mismatched">
+<ruleset name="Accuen (problematic)" default_off="refused">
 
 	<target host="accuenmedia.com" />
 	<target host="www.accuenmedia.com" />
 
 
-	<!--	CN: *.oneomg.com
-				-->
-	<rule from="^https?://(?:www\.)?accuenmedia\.com/"
-		to="https://www.accuenmedia.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Accuen.xml b/src/chrome/content/rules/Accuen.xml
index 4116a0fca2da..c25f8e43442a 100644
--- a/src/chrome/content/rules/Accuen.xml
+++ b/src/chrome/content/rules/Accuen.xml
@@ -1,14 +1,16 @@
 <!--
 	For problematic rules, see Accuen-problematic.xml.
+
+
+	d: Included on 3rd-party websites.
+
 -->
-<ruleset name="Accuen (partial)">
+<ruleset name="Accuen (partial)" default_off="refused">
 
 	<target host="d.p-td.com" />
 
 
-	<!--	Included on 3rd-party websites.
-						-->
-	<rule from="^http://d\.p-td\.com/"
-		to="https://d.p-td.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Accuvant.com.xml b/src/chrome/content/rules/Accuvant.com.xml
new file mode 100644
index 000000000000..2dc0ffe85993
--- /dev/null
+++ b/src/chrome/content/rules/Accuvant.com.xml
@@ -0,0 +1,48 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://accuvant.com/ => https://accuvant.com/: (60, 'SSL certificate problem: self signed certificate')
+
+	CDN buckets:
+
+		- accuvantstorage.blob.core.windows.net
+
+			- files
+
+
+	Problematic subdomains:
+
+		- files *
+
+	* Mismatched, CN: *.blob.core.windows.net
+
+
+	Mixed content:
+
+		 css on blog from fast.fonts.com *
+
+		- Images on www from files *
+
+		- Bug on www from www.reddit.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Accuvant.com" default_off="failed ruleset test">
+
+	<target host="accuvant.com" />
+	<target host="www.accuvant.com" />
+	<target host="blog.accuvant.com" />
+	<target host="files.accuvant.com" />
+
+
+	<securecookie host="^(?:www)?\.accuvant\.com$" name=".+" />
+
+
+
+
+	<rule from="^http://files\.accuvant\.com/"
+		to="https://accuvantstorage.blob.core.windows.net/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ace-book.net.xml b/src/chrome/content/rules/Ace-book.net.xml
new file mode 100644
index 000000000000..c9710e2f8e45
--- /dev/null
+++ b/src/chrome/content/rules/Ace-book.net.xml
@@ -0,0 +1,16 @@
+<!--
+	Mismatched:
+		- autodiscover
+
+	Redirects to NXDOMAIN:
+		- mail (redirects to www.mail)
+-->
+<ruleset name="Ace-book.net">
+	<target host="ace-book.net" />
+	<target host="www.ace-book.net" />
+	<target host="cpanel.ace-book.net" />
+	<target host="webdisk.ace-book.net" />
+	<target host="webmail.ace-book.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ace_Hotel.com.xml b/src/chrome/content/rules/Ace_Hotel.com.xml
new file mode 100644
index 000000000000..7f5128e5a09e
--- /dev/null
+++ b/src/chrome/content/rules/Ace_Hotel.com.xml
@@ -0,0 +1,25 @@
+<ruleset name="Ace Hotel.com (partial)">
+
+	<target host="acehotel.com" />
+	<target host="shop.acehotel.com" />
+	<target host="www.acehotel.com" />
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="^http://shop\.acehotel\.com/($|cart/$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://shop\.acehotel\.com/+(?!media/)" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.acehotel\.com$" name="^csrftoken$" /-->
+
+	<securecookie host="^www\.acehotel\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Acenet.xml b/src/chrome/content/rules/Acenet.xml
index 91687092779a..f1a2fdac6e1e 100644
--- a/src/chrome/content/rules/Acenet.xml
+++ b/src/chrome/content/rules/Acenet.xml
@@ -3,17 +3,14 @@
 	<target host="ace-host.net"/>
 	<target host="*.ace-host.net"/>
 		<!--	redirect to http	-->
-		<exclusion pattern="http://billing\.ace-host\.net/(announcements|index)\.php$"/>
+		<exclusion pattern="http://billing\.ace-host\.net/(?:announcements|index)\.php$"/>
 		<!--	ssl_error_rx_record_too_long	-->
-		<exclusion pattern="http://(demos|testimonials)\.ace-host\.net/"/>
+		<exclusion pattern="http://(?:demos|testimonials)\.ace-host\.net/"/>
 	<target host="acenet-inc.net"/>
 	<target host="*.acenet-inc.net"/>
 	<!--	for cross-domain cookie	-->
-	<target host="*.esupport.acenet-inc.net"/>
-
-	<securecookie host="^(.*\.)?ace-host\.net$" name=".*"/>
 	<!--	no cookies needed for excluded pages	-->
-	<securecookie host="^(.*\.)?acenet-inc\.net$" name=".*"/>
+	<securecookie host=".+" name=".+"/>
 
 	<rule from="^http://(\w+\.)?ace-host\.net/"
 		to="https://$1ace-host.net/"/>
diff --git a/src/chrome/content/rules/Acer.com.xml b/src/chrome/content/rules/Acer.com.xml
new file mode 100644
index 000000000000..246b2a8a0da3
--- /dev/null
+++ b/src/chrome/content/rules/Acer.com.xml
@@ -0,0 +1,20 @@
+<!--
+    Acer Care Center Updater
+    mitigates https://duo.com/assets/pdf/out-of-box-exploitation_oem-updaters.pdf
+	Nonfunctional hosts in *.acer.com:
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Acer.com">
+  <target host="global-download.acer.com"/>
+    <test url="http://global-download.acer.com/GDFiles/BIOS/BIOS/BIOS_Acer_1.17_A_A.zip?acerid=636451121852159624" />
+  <target host="ws.gtm.acer.com"/>
+    <test url="http://ws.gtm.acer.com/ServerInfo/EN/ALU_APP/ALU_APP_10M1_EN.xml" />
+  <target host="wstw.gtm.acer.com"/>
+    <test url="http://wstw.gtm.acer.com/ServerInfo/EN/ALU_APP/ALU_APP_10M1_EN.xml" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Acessa.xml b/src/chrome/content/rules/Acessa.xml
new file mode 100644
index 000000000000..b0641dae0429
--- /dev/null
+++ b/src/chrome/content/rules/Acessa.xml
@@ -0,0 +1,22 @@
+<!--
+	Refused:
+		usuarios.acessa.com
+
+	Self-signed:
+		aol.acessa.com
+		banner.acessa.com
+		hdvirtual.acessa.com
+		webmail.acessa.com
+
+	Mismatch:
+		crcmg.acessa.com
+		discovirtual.acessa.com
+		estevao.acessa.com
+-->
+<ruleset name="Acessa">
+	<target host="acessa.com" />
+	<target host="www.acessa.com" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Acessoseguro.net.xml b/src/chrome/content/rules/Acessoseguro.net.xml
index 3398fa15b23c..07c48354c49b 100644
--- a/src/chrome/content/rules/Acessoseguro.net.xml
+++ b/src/chrome/content/rules/Acessoseguro.net.xml
@@ -3,10 +3,10 @@
 	<target host="*.acessoseguro.net" />
 
 
-	<securecookie host=".+\.acessoseguro\.net$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http://([\w-]+)\.acessoseguro\.net/"
 		to="https://$1.acessoseguro.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Achelem.org.xml b/src/chrome/content/rules/Achelem.org.xml
deleted file mode 100644
index 69071b02e05d..000000000000
--- a/src/chrome/content/rules/Achelem.org.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)	(404)
-
--->
-<ruleset name="Achelem.org (partial)" default_off="self-signed">
-
-	<target host="mail.achelem.org" />
-
-
-	<securecookie host="^mail\.achelem\.org$" name=".+" />
-
-
-	<rule from="^http://mail\.achelem\.org/"
-		to="https://mail.achelem.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Achievementstats.com.xml b/src/chrome/content/rules/Achievementstats.com.xml
new file mode 100644
index 000000000000..3a4c704ba1cb
--- /dev/null
+++ b/src/chrome/content/rules/Achievementstats.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Achievementstats.com">
+	<target host="achievementstats.com" />
+	<target host="www.achievementstats.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Acik_Akademi.com.xml b/src/chrome/content/rules/Acik_Akademi.com.xml
index bf529594e524..3324a4ab3ef1 100644
--- a/src/chrome/content/rules/Acik_Akademi.com.xml
+++ b/src/chrome/content/rules/Acik_Akademi.com.xml
@@ -4,23 +4,27 @@
 	For other Microsoft coverage, see Microsoft.xml.
 
 
-	Problematic domains:
-
-		- acikakademi.com *
-
-	* Cert only matches www
+	^acikakademi.com: Cert only matches www
 
 -->
 <ruleset name="Acik Akademi.com">
 
-	<target host="acikakademi.com" />
+	<!--	Direct rewrites:
+				-->
 	<target host="www.acikakademi.com" />
 
+	<!--	Complications:
+				-->
+	<target host="acikakademi.com" />
+
 
-	<securecookie host="^www\.acikakademi\.com$" name=".+" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?acikakademi\.com/"
+	<rule from="^http://acikakademi\.com/"
 		to="https://www.acikakademi.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Acorns.com.xml b/src/chrome/content/rules/Acorns.com.xml
new file mode 100644
index 000000000000..1b8998ce78b9
--- /dev/null
+++ b/src/chrome/content/rules/Acorns.com.xml
@@ -0,0 +1,20 @@
+<!--
+	Nonfunctional subdomains:
+
+		- blog *
+
+	* Tumblr
+
+
+	^: cert only matches *.acorns.com
+
+-->
+<ruleset name="Acorns.com (partial)">
+
+	<target host="acorns.com" />
+	<target host="www.acorns.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AcoustID.xml b/src/chrome/content/rules/AcoustID.xml
index a549796e7d36..20b3f6592017 100644
--- a/src/chrome/content/rules/AcoustID.xml
+++ b/src/chrome/content/rules/AcoustID.xml
@@ -1,10 +1,12 @@
-<ruleset name="AcoustID">
+<ruleset name="AcoustID.org">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="acoustid.org" />
 	<target host="www.acoustid.org" />
 
 
-	<rule from="^http://(www\.)?acoustid\.org/"
-		to="https://$1acoustid.org/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Acoustics.org.xml b/src/chrome/content/rules/Acoustics.org.xml
index ccea3f155689..2f9af077e828 100644
--- a/src/chrome/content/rules/Acoustics.org.xml
+++ b/src/chrome/content/rules/Acoustics.org.xml
@@ -1,10 +1,16 @@
-<ruleset name="Acoustics.org">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://acoustics.org/ => https://acoustics.org/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.acoustics.org/ => https://www.acoustics.org/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="Acoustics.org" default_off="failed ruleset test">
 
 	<target host="acoustics.org" />
 	<target host="www.acoustics.org" />
 
 
-	<rule from="^http://(www\.)?acoustics\.org/"
-		to="https://$1acoustics.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Acquia.xml b/src/chrome/content/rules/Acquia.xml
index 4368a2dfeb8f..20de2c9376cd 100644
--- a/src/chrome/content/rules/Acquia.xml
+++ b/src/chrome/content/rules/Acquia.xml
@@ -1,13 +1,64 @@
-<ruleset name="Acquia">
+<!--
 
-	<target host="acquia.com" />
-	<target host="*.acquia.com" />
+	Problematic hosts in *acquia.com:
+
+		- commons ᵐ
+		- go ᵐ
+		- events ᵐ
+		- network (no https)
+		- notifications ᵐ
+		- usability ᵐ
+		- u ᵐ
 
+	ᵐ Mismatched
 
-	<securecookie host="^.*\.acquia\.com$" name=".+" />
+-->
+<ruleset name="Acquia">
+
+	<target host="acquia.com" />
+	<target host="www.acquia.com" />
+	<target host="accounts.acquia.com" />
+	<target host="api.acquia.com" />
+	<target host="apjengage.acquia.com" />
+	<target host="assets.acquia.com" />
+	<target host="backlog.acquia.com" />
+	<target host="bin.acquia.com" />
+	<target host="certification.acquia.com" />
+	<target host="cloud.acquia.com" />
+	<target host="cloudapi.acquia.com" />
+	<target host="cloudflare.acquia.com" />
+	<target host="confluence.acquia.com" />
+	<target host="design.acquia.com" />
+	<target host="dev.acquia.com" />
+	<target host="docs.acquia.com" />
+	<target host="edit.acquia.com" />
+	<target host="engage.acquia.com" />
+	<target host="engage2014.acquia.com" />
+	<target host="engage2015.acquia.com" />
+	<target host="engage2016.acquia.com" />
+	<target host="forums.acquia.com" />
+	<target host="i.acquia.com" />
+	<target host="insight.acquia.com" />
+	<target host="kbv2.acquia.com" />
+	<target host="library.acquia.com" />
+	<target host="lift.acquia.com" />
+	<target host="lightning.acquia.com" />
+	<target host="logstream.acquia.com" />
+	<target host="love.acquia.com" />
+	<target host="nspi.acquia.com" />
+	<target host="partners.acquia.com" />
+	<target host="questionnaire.acquia.com" />
+	<target host="rpc.acquia.com" />
+	<target host="showcase.acquia.com" />
+	<target host="status.acquia.com" />
+	<target host="support.acquia.com" />
+	<target host="svn.acquia.com" />
+	<target host="ticket.acquia.com" />
+	<target host="training.acquia.com" />
 
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://((?:api|docs|insight|library|network|showcase|www)\.)?acquia\.com/"
-		to="https://$1acquia.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Acrobat.com.xml b/src/chrome/content/rules/Acrobat.com.xml
new file mode 100644
index 000000000000..3bd4770b165a
--- /dev/null
+++ b/src/chrome/content/rules/Acrobat.com.xml
@@ -0,0 +1,50 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://admin.na5.acrobat.com/system/login?domain=bpd.na5.acrobat.com&next=%2Fadmin%3Fdomain%3Dbpd.na5.acrobat.com&set-lang=en => https://admin.na5.acrobat.com/system/login?domain=bpd.na5.acrobat.com&next=%2Fadmin%3Fdomain%3Dbpd.na5.acrobat.com&set-lang=en: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://admin.na5.acrobat.com/ => https://admin.na5.acrobat.com/: (28, 'Connection timed out after 20000 milliseconds')
+
+	For other Adobe coverage, see Adobe.xml.
+
+
+	Problematic subdomains:
+
+		- success *
+
+	* Mismatched
+
+
+	These altnames don't exist:
+
+		- ak-www.stage.acrobat.com
+
+-->
+<ruleset name="Acrobat.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="acrobat.com" />
+	<target host="formscentral.acrobat.com" />
+	<target host="admin.na5.acrobat.com" />
+	<target host="workspaces.acrobat.com" />
+	<target host="www.acrobat.com" />
+
+	<!--	Special cases:
+				-->
+	<target host="success.acrobat.com" />
+
+		<test url="http://admin.na5.acrobat.com/system/login?domain=bpd.na5.acrobat.com&amp;next=%2Fadmin%3Fdomain%3Dbpd.na5.acrobat.com&amp;set-lang=en" />
+
+
+	<!--	Redirect keeps path and args,
+		but not forward slash:
+					-->
+	<rule from="^http://success\.acrobat\.com/+"
+		to="https://success.adobe.com/" />
+
+		<test url="http://success.acrobat.com//" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Acrobat_Users.com.xml b/src/chrome/content/rules/Acrobat_Users.com.xml
new file mode 100644
index 000000000000..7da48e65309d
--- /dev/null
+++ b/src/chrome/content/rules/Acrobat_Users.com.xml
@@ -0,0 +1,30 @@
+<!--
+	For other Adobe coverage, see Adobe.xml.
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- rarediseases.org
+		- .rarediseases.org
+
+-->
+<ruleset name="Acrobat Users.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="acrobatusers.com" />
+	<target host="www.acrobatusers.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^rarediseases\.org$" name="^exp_(?:last_activity|last_visit|tracker)$" /-->
+	<!--securecookie host="^\.rarediseases\.org$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Acronymfinder.com.xml b/src/chrome/content/rules/Acronymfinder.com.xml
new file mode 100644
index 000000000000..d0f3265d44eb
--- /dev/null
+++ b/src/chrome/content/rules/Acronymfinder.com.xml
@@ -0,0 +1,14 @@
+<!--
+    Nonfunctional subdomains:
+		- blog
+		- w1     -> wrong domain
+-->
+<ruleset name="Acronymfinder.com">
+    <target host="acronymfinder.com" />
+    <target host="www.acronymfinder.com" />
+
+    <securecookie host="^(www\.)?acronymfinder\.com$" name=".+" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AcrylicDepot.com.xml b/src/chrome/content/rules/AcrylicDepot.com.xml
new file mode 100644
index 000000000000..aa0bc6f62785
--- /dev/null
+++ b/src/chrome/content/rules/AcrylicDepot.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="AcrylicDepot.com">
+	<target host="acrylicdepot.com" />
+	<target host="www.acrylicdepot.com" />
+	<target host="mail.acrylicdepot.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Act-On-Software.xml b/src/chrome/content/rules/Act-On-Software.xml
index 339d7dd40421..bffcb2062cd8 100644
--- a/src/chrome/content/rules/Act-On-Software.xml
+++ b/src/chrome/content/rules/Act-On-Software.xml
@@ -21,11 +21,11 @@
 
 			- ACTON		(www)
 			- wpNNNN	(*)
-				- Set by 
+				- Set by
 				actonsoftware.com/acton/attachment/NNNN/
 				e.g. acton/attachment/1205/f-0005/0/-/-/-/-/file.pdf
 					-->
-	<securecookie host="^(?:.*\.)?actonsoftware\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http://(ci\d*\.|mktg\.|www\.)?actonsoftware\.com/"
diff --git a/src/chrome/content/rules/Act-On.com.xml b/src/chrome/content/rules/Act-On.com.xml
new file mode 100644
index 000000000000..316a6dab7dc3
--- /dev/null
+++ b/src/chrome/content/rules/Act-On.com.xml
@@ -0,0 +1,22 @@
+<!--
+	Other Act-On Software rulesets:
+		- Act-On-Software.xml
+
+	Mismatched:
+		- video
+-->
+<ruleset name="Act-On.com (partial)">
+	<target host="act-on.com" />
+	<target host="www.act-on.com" />
+	<target host="blog.act-on.com" />
+	<target host="developer.act-on.com" />
+	<target host="interactive.act-on.com" />
+	<target host="mktg.act-on.com" />
+	<target host="success.act-on.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://blog\.act-on\.com/" to="https://www.act-on.com/blog/" />
+	<rule from="^http://interactive\.act-on\.com/" to="https://www.act-on.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Act.demandprogress.org.xml b/src/chrome/content/rules/Act.demandprogress.org.xml
deleted file mode 100644
index 8d56ac39850d..000000000000
--- a/src/chrome/content/rules/Act.demandprogress.org.xml
+++ /dev/null
@@ -1,5 +0,0 @@
-<ruleset name="Act.demandprogress.org">
-  <target host="act.demandprogress.org" />
-
-  <rule from="^http://act\.demandprogress\.org/" to="https://act.demandprogress.org/" />
-</ruleset>
diff --git a/src/chrome/content/rules/ActBlue.com.xml b/src/chrome/content/rules/ActBlue.com.xml
new file mode 100644
index 000000000000..0b9446c2861e
--- /dev/null
+++ b/src/chrome/content/rules/ActBlue.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="ActBlue.com">
+
+	<target host="actblue.com" />
+	<target host="www.actblue.com" />
+	<target host="blog.actblue.com" />
+	<target host="secure.actblue.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ActBlue.xml b/src/chrome/content/rules/ActBlue.xml
deleted file mode 100644
index 58ea08664521..000000000000
--- a/src/chrome/content/rules/ActBlue.xml
+++ /dev/null
@@ -1,35 +0,0 @@
-<!--
-	CDN buckets:
-
-		- s3.amazonaws.com/i.actblue.com/
-		- d1gjqyr9cva5pi.cloudfront.net
-		- d1q85vn0sl19b5.cloudfront.net
-		- d2f8x7hc613baw.cloudfront.net
-		- dopnrkrjwe62k.cloudfront.net
-
-
-	Nonfunctional subdomains:
-
-		- blog	(hosted at actblue.typepad.com; doesn't redirect
-			 back, but that doesn't support https either.)
-
--->
-<ruleset name="ActBlue (partial)">
-
-	<target host="actblue.com" />
-	<target host="*.actblue.com" />
-	<target host="s.secure.actblue.com" />
-
-
-	<securecookie host="^\.actblue\.com$" name=".*" />
-
-
-	<!--	Server actually redirects from (www.) to secure.
-							-->
-	<rule from="^http://(?:(?:s\.)?secure\.|www\.)?actblue\.com/"
-		to="https://secure.actblue.com/" />
-
-	<rule from="^https?://(i|public)\.actblue\.com/"
-		to="https://s3.amazonaws.com/$1.actblue.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Actel.com.xml b/src/chrome/content/rules/Actel.com.xml
deleted file mode 100644
index 955ed878b640..000000000000
--- a/src/chrome/content/rules/Actel.com.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="Actel.com">
-  <target host="actel.com" />
-  <target host="www.actel.com" />
-
-  <rule from="^http://actel\.com/" to="https://www.actel.com/" />
-  <rule from="^http://www\.actel\.com/" to="https://www.actel.com/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Action-Auto-Wreckers.xml b/src/chrome/content/rules/Action-Auto-Wreckers.xml
index 61e9316870da..7c8e627808e2 100644
--- a/src/chrome/content/rules/Action-Auto-Wreckers.xml
+++ b/src/chrome/content/rules/Action-Auto-Wreckers.xml
@@ -1,14 +1,36 @@
+<!--
+	(www.)?actionsalvage.com: Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.actionautowreckers.com
+
+-->
 <ruleset name="Action Auto Wreckers">
 
+	<!--	Direct rewrites:
+				-->
+	<target host="actionautowreckers.com" />
+	<target host="www.actionautowreckers.com" />
+
+	<!--	Complications:
+				-->
 	<target host="actionsalvage.com" />
 	<target host="www.actionsalvage.com" />
 
 
-	<securecookie host="^www\.actionsalvage\.com$" name=".*" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.actionautowreckers\.com$" name="^ASPSESSIONID[A-Z]{8}$" /-->
+
+	<securecookie host="^www\.actionautowreckers\.com$" name=".+" />
+
 
+	<rule from="^http://(?:www\.)?actionsalvage\.com/"
+		to="https://www.actionautowreckers.com/" />
 
-	<!--	Cert only matches www.	-->
-	<rule from="^https?://(?:www\.)?actionsalvage\.com/"
-		to="https://www.actionsalvage.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/ActionKit.com.xml b/src/chrome/content/rules/ActionKit.com.xml
new file mode 100644
index 000000000000..54dcd088cf5a
--- /dev/null
+++ b/src/chrome/content/rules/ActionKit.com.xml
@@ -0,0 +1,21 @@
+<!--
+	(www.): refused
+
+-->
+<ruleset name="ActionKit.com (partial)">
+
+	<target host="*.actionkit.com" />
+		<exclusion pattern="^http://www\." />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^couragecampaign\.actionkit\.com$" name="^sid$" /-->
+
+	<securecookie host="^\w+\.actionkit\.com$" name=".+" />
+
+
+	<rule from="^http://(\w+)\.actionkit\.com/"
+		to="https://$1.actionkit.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Actionable_Intelligence.xml b/src/chrome/content/rules/Actionable_Intelligence.xml
index 2c27c4ac89f2..d242c7bc6520 100644
--- a/src/chrome/content/rules/Actionable_Intelligence.xml
+++ b/src/chrome/content/rules/Actionable_Intelligence.xml
@@ -11,7 +11,6 @@
 	<target host="www.action-intell.com" />
 
 
-	<rule from="^http://(?:www\.)?action-intell\.com/"
-		to="https://www.action-intell.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Actionallocator.com.xml b/src/chrome/content/rules/Actionallocator.com.xml
deleted file mode 100644
index 0d40c756cc71..000000000000
--- a/src/chrome/content/rules/Actionallocator.com.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	Problematic subdomains:
-
-		- ^	(cert only matches www)
-
-	Web bugs.
-
--->
-<ruleset name="actionallocator.com">
-
-	<target host="actionallocator.com" />
-	<target host="*.actionallocator.com" />
-
-
-	<securecookie host="^(?:www)?\.actionallocator\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?actionallocator\.com/"
-		to="https://www.actionallocator.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Activatejavascript.xml b/src/chrome/content/rules/Activatejavascript.xml
index dcb78064e1f3..c6155cec7682 100644
--- a/src/chrome/content/rules/Activatejavascript.xml
+++ b/src/chrome/content/rules/Activatejavascript.xml
@@ -2,12 +2,12 @@
 	CN: secure.syllabushare.com
 
 -->
-<ruleset name="activatejavascript.org" default_off="mismatch">
+<ruleset name="activatejavascript.org" default_off="mismatched">
 
 	<target host="activatejavascript.org"/>
 	<target host="www.activatejavascript.org"/>
 
-	<securecookie host="^(.*\.)?activatejavascript\.org$" name=".*"/>
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http://(?:www\.)?activatejavascript\.org/"
 		to="https://activatejavascript.org/"/>
diff --git a/src/chrome/content/rules/Active-Events.xml b/src/chrome/content/rules/Active-Events.xml
index 15d187bb7443..6e5f2c231547 100644
--- a/src/chrome/content/rules/Active-Events.xml
+++ b/src/chrome/content/rules/Active-Events.xml
@@ -1,13 +1,14 @@
+<!--
+	For other Active Network coverage, see Active_Network.com.xml.
+
+-->
 <ruleset name="Active Events (partial)">
 
 	<target host="*.activeevents.com" />
 		<!--
 			Cert: affiliate.activenetwork.com
 					-->
-		<exclusion pattern="^http://www\." />
-
-
-	<securecookie host="^.+\.activenetwork\.com$" name=".+" />
+		<exclusion pattern="^http://www\.activeevents\.com/" />
 
 
 	<rule from="^http://([\w\-]+)\.activeevents\.com/"
diff --git a/src/chrome/content/rules/Active-srv02.de.xml b/src/chrome/content/rules/Active-srv02.de.xml
index ba59924872dc..f3758990d989 100644
--- a/src/chrome/content/rules/Active-srv02.de.xml
+++ b/src/chrome/content/rules/Active-srv02.de.xml
@@ -5,13 +5,12 @@
 <ruleset name="active-srv02.de">
 
 	<target host="active-srv02.de" />
-	<target host="*.active-srv02.de" />
+	<target host="www.active-srv02.de" />
 
 
 	<securecookie host="^\.active-srv02\.de$" name=".+" />
 
 
-	<rule from="^http://(www\.)?active-srv02\.de/"
-		to="https://$1active-srv02.de/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Active.com.xml b/src/chrome/content/rules/Active.com.xml
index 94c3e5f59c9e..5a40bf7e127b 100644
--- a/src/chrome/content/rules/Active.com.xml
+++ b/src/chrome/content/rules/Active.com.xml
@@ -1,28 +1,82 @@
 <!--
+	For other Active Network coverage, see Active_Network.com.xml.
+
+
 	CDN buckets:
 
 		- gcs-assets.s3.amazonaws.com
 
+
+	Nonfunctional subdomains:
+
+		- developer *
+
+	* Mashery
+
+
+	Partially covered subdomains:
+
+		- schwaggle *
+
+	* Some pages redirect to http
+
+
+	Fully covered subdomains:
+
+		- (www.)
+		- assets-results2
+		- community
+		- m
+		- mobile
+		- myevents
+		- results
+		- roleassets
+		- sites
+		- sso
+
+
+	Insecure cookies are set for these domains:
+
+		- .active.com
+		- mobile.active.com
+		- myevents.active.com
+		- sites.active.com
+		- www.active.com
+
 -->
 <ruleset name="Active.com (partial)">
 
 	<target host="active.com" />
-	<target host="*.active.com" />
-	<target host="activestatic.net" />
-	<target host="www.activestatic.net" />
-	<target host="regonline.com" />
-	<target host="www.regonline.com" />
+	<target host="assets-results2.active.com" />
+	<target host="community.active.com" />
+	<target host="m.active.com" />
+	<target host="mobile.active.com" />
+	<target host="myevents.active.com" />
+	<target host="results.active.com" />
+	<target host="rolassets.active.com" />
+	<target host="sites.active.com" />
+	<target host="sso.active.com" />
+	<target host="www.active.com" />
+	<target host="schwaggle.active.com" />
 
 
-	<securecookie host="^(community\.|sso\.|www\.)?active\.com$" name=".*" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.active\.com$" name="^(a3userLocation|lat_lon)$" /-->
+	<!--securecookie host="^mobile\.active\.com$" name="^BIGipServer~SPORTS~acmpool5_http$" /-->
+	<!--securecookie host="^myevents\.active\.com$" name="^(BIGipServer~Platform_Services~aw_prod_myeventsui_pool|JSESSIONID)$" /-->
+	<!--securecookie host="^sites\.active\.com$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^www\.active\.com$" name="^(_A3_session|BIGipServer~Platform_Services~a3core\.active\.com_http)$" /-->
 
+	<securecookie host="^(?:(?:community|mobile|myevents|sso|sites|www)\.)?active\.com$" name=".+" />
 
-	<rule from="^http://((?:assets-results2|community|results|rolassets|sso|www)\.)?active\.com/"
+
+	<rule from="^http://((?:assets-results2|community|m|mobile|myevents|results|rolassets|sites|sso|www)\.)?active\.com/"
 		to="https://$1active.com/" />
 
 	<!--	help/faq/$ 302s to http.
 					-->
-	<rule from="^http://schwaggle\.active\.com/help/faq/?"
+	<rule from="^http://schwaggle\.active\.com/help/faq/?(?=$|\?)"
 		to="https://schwaggle.active.com/help/faq" />
 
 	<!--	More pages 302 to http.
@@ -30,15 +84,4 @@
 	<rule from="^http://schwaggle\.active\.com/content/"
 		to="https://schwaggle.active.com/content/" />
 
-	<rule from="^http://(www\.)?activestatic\.net/"
-		to="https://$1activestatic.net/" />
-
-	<!--	Register/Checkin.aspx?EventID=\d+$ 301s to http.
-					-->
-	<rule from="^http://(www\.)?regonline\.com/([rR])egister/([cC])heckin\.aspx\?EventID=(\d+)$"
-		to="https://$1regonline.com/$2egister/$3heckin.aspx?EventID=$4&amp;MethodId=0&amp;EventSessionId=&amp;startnewreg=1" />
-
-	<rule from="^http://(www\.)?regonline\.com/((?:__404|privacy|[rR]egister/(?:[cC]heckin|dialogs/passwordReset|login))\.aspx|Builder/WebResource\.axd|__images/|RadControls/|registrations/|__styles/)"
-		to="https://$1regonline.com/$2" />
-
 </ruleset>
diff --git a/src/chrome/content/rules/ActiveDataX.com.xml b/src/chrome/content/rules/ActiveDataX.com.xml
new file mode 100644
index 000000000000..fcf1856161c0
--- /dev/null
+++ b/src/chrome/content/rules/ActiveDataX.com.xml
@@ -0,0 +1,27 @@
+<!--
+	(www.)?activedatax.com: WP Engine
+
+
+	Insecure cookies are set for these hosts:
+
+		- calendar.activedatax.com
+
+-->
+<ruleset name="ActiveDataX.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="calendar.activedatax.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^calendar\.activedatax\.com$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^calendar\.activedatax\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ActiveState-Software.xml b/src/chrome/content/rules/ActiveState-Software.xml
index c338ceed37f9..f9c7dfab442a 100644
--- a/src/chrome/content/rules/ActiveState-Software.xml
+++ b/src/chrome/content/rules/ActiveState-Software.xml
@@ -1,20 +1,41 @@
 <!--
 	Nonfunctional subdomains:
 
-		- community	(valid cert; "your request didn't properly supply an HTTP Host header")
-		- docs		(ditto)
+		- community *
+		- docs *
+
+	* Redirects to http, valid cert
+
+
+	Fully covered subdomains:
+
+		- (www.)
+		- account
+		- code
+		- store
+		- templates
+
+
+	Observed cookie domains:
+
+		- account
+		- community
+		- .store
 
 -->
 <ruleset name="ActiveState Software (partial)">
 
 	<target host="activestate.com" />
-	<target host="*.activestate.com" />
+	<target host="account.activestate.com" />
+	<target host="code.activestate.com" />
+	<target host="store.activestate.com" />
+	<target host="templates.activestate.com" />
+	<target host="www.activestate.com" />
 
 
-	<securecookie host="^.*\.activestate\.com$" name=".*" />
+	<securecookie host=".*\.activestate\.com$" name=".+" />
 
 
-	<rule from="^http://((?:account|code|store|www)\.)?activestate\.com/"
-		to="https://$1activestate.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Active_Melody.xml b/src/chrome/content/rules/Active_Melody.xml
index 5c3a8feb6f50..f461b3ea45ce 100644
--- a/src/chrome/content/rules/Active_Melody.xml
+++ b/src/chrome/content/rules/Active_Melody.xml
@@ -1,13 +1,43 @@
-<ruleset name="Active Melody">
+<!--
+	Insecure cookies are set for these domains:
 
+		- .activemelody.com
+
+-->
+<ruleset name="Active Melody.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
 	<target host="activemelody.com" />
-	<target host="*.activemelody.com" />
+	<target host="www.activemelody.com" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://(?:www\.)?activemelody\.com/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://(?:www\.)?activemelody\.com/+(?!assets/|images/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.activemelody.com/lessons" />
+			<test url="http://www.activemelody.com/lessons/free_lesson_content/acoustic_blues_guitar_lesson" />
+			<test url="http://www.activemelody.com/register" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.activemelody.com/images/ui/logo.png" />
+
 
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.activemelody\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
 
-	<securecookie host="^\.activemelody\.com$" name=".+" />
+	<securecookie host="^\.activemelody\.com$" name="^__cfduid$" />
 
 
-	<rule from="^http://(www\.)?activemelody\.com/"
-		to="https://$1activemelody.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Active_Network.com.xml b/src/chrome/content/rules/Active_Network.com.xml
new file mode 100644
index 000000000000..7ba366800975
--- /dev/null
+++ b/src/chrome/content/rules/Active_Network.com.xml
@@ -0,0 +1,48 @@
+<!--
+	Other Active Network rulesets:
+
+		- Active.com.xml
+		- Active-Events.xml
+		- RegOnline.com.xml
+
+
+	CDN buckets:
+
+		- www.activenetwork.com.edgesuite.net
+
+
+	Problematic subdomains:
+
+		- ^ ¹
+		- www ²
+
+	¹ Mismatched
+	² Akamai
+
+
+	Mixed content:
+
+		- css on www from www
+
+-->
+<ruleset name="Active Network.com (partial)">
+
+	<target host="regonlineportal.activenetwork.com" />
+		<!--
+			Avoid user-visible paths:
+							-->
+		<!--exclusion pattern="http://www\.activenetwork\.com/+(?!asset\d+\.aspx|[Aa]ssets/|favicon\.ico|sites/)" /-->
+		<!--
+			References resources relative to root:
+								-->
+		<!--exclusion pattern="https://www\.activenetwork\.com/assets/global/stylesheets/(activenetwork-global|corporate-b2b-bootstrap)\.css" /-->
+		<!--
+			In sum:
+				-->
+		<exclusion pattern="http://(?:www\.)?activenetwork\.com/+(?![Aa]ssets/(?!.+\.css(?:$|\?))|asset\d+\.aspx|favicon\.ico|sites/)" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Active_static.net.xml b/src/chrome/content/rules/Active_static.net.xml
new file mode 100644
index 000000000000..5099738e25b7
--- /dev/null
+++ b/src/chrome/content/rules/Active_static.net.xml
@@ -0,0 +1,18 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://activestatic.net/ => https://activestatic.net/: (56, 'SSL read: error:00000000:lib(0):func(0):reason(0), errno 104')
+Fetch error: http://www.activestatic.net/ => https://www.activestatic.net/: (56, 'SSL read: error:00000000:lib(0):func(0):reason(0), errno 104')
+
+	For other Active Network coverage, see Active_Network.com.xml.
+
+-->
+<ruleset name="Active static.net" default_off="failed ruleset test">
+
+	<target host="activestatic.net" />
+	<target host="www.activestatic.net" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Activision.xml b/src/chrome/content/rules/Activision.xml
new file mode 100644
index 000000000000..0d762454c870
--- /dev/null
+++ b/src/chrome/content/rules/Activision.xml
@@ -0,0 +1,30 @@
+<!--
+	Using an invalid certificate:
+		* ambassador.activision.com
+		* jobs.activision.com
+
+	Server not found:
+		* eupcareers.activision.com
+
+	Timeout:
+		* investor.activision.com
+-->
+<ruleset name="Activision">
+
+	<target host="activision.com" />
+
+	<target host="assets.activision.com" />
+	<target host="blog.activision.com" />
+	<target host="community.activision.com" />
+	<target host="mail.activision.com" />
+	<target host="mail2.activision.com" />
+	<target host="press.activision.com" />
+	<target host="s.activision.com" />
+	<target host="support.activision.com" />
+	<target host="webmail.activision.com" />
+	<target host="www.activision.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Activision_Blizzard.com.xml b/src/chrome/content/rules/Activision_Blizzard.com.xml
index 14ec40d1f05d..7765d3c3c2ca 100644
--- a/src/chrome/content/rules/Activision_Blizzard.com.xml
+++ b/src/chrome/content/rules/Activision_Blizzard.com.xml
@@ -11,16 +11,13 @@
 -->
 <ruleset name="Activision Blizzard.com (partial)">
 
-	<target host="*.activisionblizzard.com" />
+	<target host="investor.activisionblizzard.com" />
 		<!--
 			Images linked relative to /
 							-->
 		<!--exclusion pattern="^http://www\.activisionblizzard\.com/etc/designs/atvi(/activision-blizzard/design-web/static|-ui/clientlibs-atvi/clientlibs-atvi-ui-main|-ui/clientlibs-atvi/clientlibs-atvi-ui-plugins)\.css" /-->
 
 
-	<rule from="^http://www\.activisionblizzard\.com/(?=content/|etc/(?!designs/atvi(?:/activision-blizzard/design-web/static|-ui/clientlibs-atvi/clientlibs-atvi-ui-(?:main|plugins)))\.css)"
-		to="https://a248.e.akamai.net/f/1896/3621/9/www.activisionblizzard.com/" />
-
 	<rule from="^http://investor\.activisionblizzard\.com/common/"
 		to="https://investor.shareholder.com/common/" />
 
diff --git a/src/chrome/content/rules/Actix.rs.xml b/src/chrome/content/rules/Actix.rs.xml
new file mode 100644
index 000000000000..7cd85ecbb21a
--- /dev/null
+++ b/src/chrome/content/rules/Actix.rs.xml
@@ -0,0 +1,10 @@
+<!--
+	www doesn't exist.
+-->
+<ruleset name="Actix.rs">
+	<target host="actix.rs" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Acuity_Scheduling.com.xml b/src/chrome/content/rules/Acuity_Scheduling.com.xml
new file mode 100644
index 000000000000..784a920209aa
--- /dev/null
+++ b/src/chrome/content/rules/Acuity_Scheduling.com.xml
@@ -0,0 +1,46 @@
+<!--
+	Problematic hosts in *acuityscheduling.com:
+
+		- help ¹
+		- status ²
+
+	¹ Server sends no certificate chain, see https://whatsmychaincert.com
+	² StatusPage.io
+
+
+	Insecure cookies are set for these hosts:
+
+		- developers.acuityscheduling.com
+		- help.acuityscheduling.com
+
+-->
+<ruleset name="Acuity Scheduling.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="acuityscheduling.com" />
+	<target host="developers.acuityscheduling.com" />
+	<!--target host="help.acuityscheduling.com" /-->
+	<target host="secure.acuityscheduling.com" />
+	<target host="www.acuityscheduling.com" />
+
+	<!--	Complications:
+				-->
+	<target host="status.acuityscheduling.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^developers\.acuityscheduling\.com$" name="^(?:XSRF-TOKEN|connect\.sid)$" /-->
+	<!--securecookie host="^help\.acuityscheduling\.com$" name="^(?:_session_id|current_user_language)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://status\.acuityscheduling\.com/"
+		to="https://acuityscheduling.statuspage.io/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Acuity_platform.com.xml b/src/chrome/content/rules/Acuity_platform.com.xml
index 00aa2c110083..c39cbb1db1e1 100644
--- a/src/chrome/content/rules/Acuity_platform.com.xml
+++ b/src/chrome/content/rules/Acuity_platform.com.xml
@@ -5,13 +5,13 @@
 <ruleset name="Acuity platform.com">
 
 	<target host="acuityplatform.com" />
-	<target host="*.acuityplatform.com" />
+	<target host="click-west.acuityplatform.com" />
+	<target host="www.acuityplatform.com" />
 
 
 	<securecookie host="^\.acuityplatform\.com$" name=".+" />
 
 
-	<rule from="^http://(click-west\.|www\.)?acuityplatform\.com/"
-		to="https://$1acuityplatform.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Aculab.com.xml b/src/chrome/content/rules/Aculab.com.xml
index cd73825d84f5..0dd01bfefc15 100644
--- a/src/chrome/content/rules/Aculab.com.xml
+++ b/src/chrome/content/rules/Aculab.com.xml
@@ -12,7 +12,6 @@
 	<securecookie host="^cloud\.aculab\.com$" name=".+" />
 
 
-	<rule from="^http://cloud\.aculab\.com/"
-		to="https://cloud.aculab.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Acunetix.com.xml b/src/chrome/content/rules/Acunetix.com.xml
deleted file mode 100644
index e45bf881d57f..000000000000
--- a/src/chrome/content/rules/Acunetix.com.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	Problematic subdomains:
-
-		- ^	(cert only matches www)
-
-
-	Mixed content:
-
-		- Images on www from www *
-
-	* Secured by us, doesn't trip MCB
-
--->
-<ruleset name="Acunetix.com">
-
-	<target host="acunetix.com" />
-	<target host="www.acunetix.com" />
-
-
-	<rule from="^http://(?:www\.)?acunetix\.com/"
-		to="https://www.acunetix.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Acxiom-online.com.xml b/src/chrome/content/rules/Acxiom-online.com.xml
index 9f6d57d013a7..57688b915fbf 100644
--- a/src/chrome/content/rules/Acxiom-online.com.xml
+++ b/src/chrome/content/rules/Acxiom-online.com.xml
@@ -1,16 +1,34 @@
+
 <!--
-	(www.) do not exist.
 
+	Other Acxiom coverage:
+
+		- acxiom.com.xml
+		- About_the_Data.com.xml
+
+	Problematic hosts in *acxiom-online.com:
 
-	Web bugs.
+		- ^ (expired)
+		- www (expired)
+		- t (sha1)
+		- documentation (no https)
+		- addthis (mismatched)
+		- l-eu (timeout)
+		- p-eu (timeout)
+		- t-cn (handshake error)
 
 -->
-<ruleset name="Acxiom-online.com">
+<ruleset name="Acxiom-online.com (partial)">
 
-	<target host="p.acxiom-online.com" />
+	<target host="acxiom-online.com" />
+	<target host="www.acxiom-online.com" />
+	<target host="g.acxiom-online.com" />
+	<target host="p-cn.acxiom-online.com" />
 
+	<rule from="^http://(www\.)?acxiom-online\.com/"
+		to="https://www.acxiom.com/" />
 
-	<rule from="^http://p\.acxiom-online\.com/"
-		to="https://p.acxiom-online.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Acxiom.xml b/src/chrome/content/rules/Acxiom.xml
deleted file mode 100644
index 0fe4fa722a8d..000000000000
--- a/src/chrome/content/rules/Acxiom.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="Acxiom (partial)">
-
-	<target host="infobaselistexpress.com" />
-	<target host="www.infobaselistexpress.com" />
-
-
-	<!--	Cert only matches !www
-					-->
-	<rule from="^https?://(?:www\.)?infobaselistexpress\.com/"
-		to="https://infobaselistexpress.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Acyba.com.xml b/src/chrome/content/rules/Acyba.com.xml
new file mode 100644
index 000000000000..1989846b8228
--- /dev/null
+++ b/src/chrome/content/rules/Acyba.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- www.acyba.com
+
+-->
+<ruleset name="Acyba.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="acyba.com" />
+	<target host="www.acyba.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.acyba\.com$" name="^[\da-f]{32}$" /-->
+
+	<securecookie host="^www\.acyba\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ad-Center.com.xml b/src/chrome/content/rules/Ad-Center.com.xml
new file mode 100644
index 000000000000..f88bd169a464
--- /dev/null
+++ b/src/chrome/content/rules/Ad-Center.com.xml
@@ -0,0 +1,17 @@
+<!--
+	Nonfunctional subdomains:
+
+		- (www.)	(refused)
+
+-->
+<ruleset name="Ad-Center.com (partial)">
+
+	<target host="ads.ad-center.com" />
+
+
+	<securecookie host="^ads\.ad-center\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ad-Juster.xml b/src/chrome/content/rules/Ad-Juster.xml
index 30c50d1167a5..ec6fdc1d720a 100644
--- a/src/chrome/content/rules/Ad-Juster.xml
+++ b/src/chrome/content/rules/Ad-Juster.xml
@@ -1,13 +1,14 @@
 <ruleset name="Ad-Juster (partial)">
 
 	<target host="ad-juster.com" />
-	<target host="*.ad-juster.com" />
+	<target host="tagscan.ad-juster.com" />
+	<target host="www.ad-juster.com" />
 
 
 	<securecookie host="^tagscan\.ad-juster\.com$" name=".+" />
 
 
-	<rule from="^http://(tagscan\.|www\.)?ad-juster\.com/"
+	<rule from="^http://(?:tagscan\.|www\.)?ad-juster\.com/"
 		to="https://ad-juster.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Ad-Stir.com.xml b/src/chrome/content/rules/Ad-Stir.com.xml
new file mode 100644
index 000000000000..e99bd276450e
--- /dev/null
+++ b/src/chrome/content/rules/Ad-Stir.com.xml
@@ -0,0 +1,45 @@
+<!--
+	Nonfunctional hosts in *ad-stir.com:
+
+		- wiki *
+
+	* Redirects to news
+
+
+	Fully covered hosts in *ad-stir.com:
+
+		- (www.)?
+		- js
+		- en
+		- news
+		- sync
+
+
+	Insecure cookies are set for these domains:
+
+		- .ad-stir.com
+
+-->
+<ruleset name="Ad-Stir.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ad-stir.com" />
+	<target host="en.ad-stir.com" />
+	<target host="js.ad-stir.com" />
+	<target host="news.ad-stir.com" />
+	<target host="sync.ad-stir.com" />
+	<target host="www.ad-stir.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.ad-stir\.com$" name="^(adstir_app_session|uid)$" /-->
+
+	<securecookie host="^\.ad-stir\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ad4Game.xml b/src/chrome/content/rules/Ad4Game.xml
index dc1355d5ad04..42dce51db9ec 100644
--- a/src/chrome/content/rules/Ad4Game.xml
+++ b/src/chrome/content/rules/Ad4Game.xml
@@ -3,11 +3,11 @@
 -->
 <ruleset name="Ad4Game (partial)">
 
-	<target host="*.ad4game.com"/>
+	<target host="ads.ad4game.com" />
+	<target host="traffic.ad4game.com" />
 
-	<securecookie host="\.?ads\.ad4game\.com$" name=".*"/>
+	<securecookie host="\.?ads\.ad4game\.com$" name=".+" />
 
-	<rule from="^http://(ads|traffic)\.ad4game\.com/"
-		to="https://$1.ad4game.com/"/>
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Ad6media.xml b/src/chrome/content/rules/Ad6media.xml
index 5997e94f495b..4f03b4d47b63 100644
--- a/src/chrome/content/rules/Ad6media.xml
+++ b/src/chrome/content/rules/Ad6media.xml
@@ -19,7 +19,6 @@
 	<target host="r.ad6media.fr" />
 
 
-	<rule from="^http://r\.ad6media\.fr/"
-		to="https://r.ad6media.fr/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/AdAlliance.io.xml b/src/chrome/content/rules/AdAlliance.io.xml
new file mode 100644
index 000000000000..29362840df0f
--- /dev/null
+++ b/src/chrome/content/rules/AdAlliance.io.xml
@@ -0,0 +1,42 @@
+<!--
+	Cert expired:
+		- adalliance.io
+		- www.adalliance.io
+		- ftp.adalliance.io
+		- irc.adalliance.io
+		- lightning.adalliance.io
+		- susi.adalliance.io
+		- wiki.adalliance.io
+
+	TLS Error:
+		- mms1.adalliance.io
+-->
+<ruleset name="AdAlliance.io (partial)">
+
+	<target host="aqt.adalliance.io"/>
+	<target host="box.adalliance.io"/>
+	<target host="data.adalliance.io"/>
+	<target host="data1.adalliance.io"/>
+	<target host="datahub.adalliance.io"/>
+	<target host="dmpstorage.adalliance.io"/>
+	<target host="engagement.adalliance.io"/>
+	<target host="hello.adalliance.io"/>
+	<target host="help.adalliance.io"/>
+	<target host="mms.adalliance.io"/>
+	<target host="native.adalliance.io"/>
+	<target host="optout.adalliance.io"/>
+	<target host="proxy.adalliance.io"/>
+	<target host="rota.adalliance.io"/>
+	<target host="ssl.adalliance.io"/>
+	<target host="survey.adalliance.io"/>
+	<target host="tracking.adalliance.io"/>
+	<target host="video.adalliance.io"/>
+	<target host="weather.adalliance.io"/>
+	<target host="wom.adalliance.io"/>
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AdAstraArms.com.xml b/src/chrome/content/rules/AdAstraArms.com.xml
new file mode 100644
index 000000000000..2efbc4cbfc5c
--- /dev/null
+++ b/src/chrome/content/rules/AdAstraArms.com.xml
@@ -0,0 +1,15 @@
+<!--
+	Mismatched:
+		- ftp
+-->
+<ruleset name="AdAstraArms.com">
+	<target host="adastraarms.com" />
+	<target host="www.adastraarms.com" />
+	<target host="autodiscover.adastraarms.com" />
+	<target host="cpanel.adastraarms.com" />
+	<target host="mail.adastraarms.com" />
+	<target host="webdisk.adastraarms.com" />
+	<target host="webmail.adastraarms.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AdBit.co.xml b/src/chrome/content/rules/AdBit.co.xml
new file mode 100644
index 000000000000..249841f7e4af
--- /dev/null
+++ b/src/chrome/content/rules/AdBit.co.xml
@@ -0,0 +1,32 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://adbit.co/ => https://adbit.co/: (35, 'error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error')
+Fetch error: http://www.adbit.co/ => https://www.adbit.co/: (35, 'error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error')
+
+	Insecure cookies are set for these domains and hosts:
+
+		- adbit.co
+		- .adbit.co
+
+-->
+<ruleset name="AdBit.co" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="adbit.co" />
+	<target host="www.adbit.co" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^adbit\.co$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^\.adbit\.co$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.?adbit\.co$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AdBlock.xml b/src/chrome/content/rules/AdBlock.xml
new file mode 100644
index 000000000000..4512ae67c147
--- /dev/null
+++ b/src/chrome/content/rules/AdBlock.xml
@@ -0,0 +1,29 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+			 - catblock.getadblock.com
+			 - code.getadblock.com
+			 - old-support.getadblock.com
+			 - search.getadblock.com
+			 - support.getadblock.com
+			 - translate.getadblock.com
+
+		Peer certificate cannot be authenticated with given CA certificates:
+			 - campaign.getadblock.com
+
+		4xx client error:
+			 - log.getadblock.com
+-->
+<ruleset name="AdBlock">
+	<!-- getadblock.com -->
+	<target host="getadblock.com" />
+	<target host="www.getadblock.com" />
+	<target host="blog.getadblock.com" />
+	<target host="data.getadblock.com" />
+		<test url="http://data.getadblock.com/filters/adblock_custom.txt" />
+	<target host="help.getadblock.com" />
+	<target host="ping.getadblock.com" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AdButler.xml b/src/chrome/content/rules/AdButler.xml
index c50843a43200..a526d4b40786 100644
--- a/src/chrome/content/rules/AdButler.xml
+++ b/src/chrome/content/rules/AdButler.xml
@@ -10,7 +10,7 @@
 <ruleset name="AdBulter">
 
 	<target host="adbutler.com" />
-	<target host="*.adbutler.com" />
+	<target host="www.adbutler.com" />
 	<target host="servedbyadbutler.com" />
 	<target host="www.servedbyadbutler.com" />
 
@@ -27,4 +27,4 @@
 	<rule from="^http://(?:www\.)?servedbyadbutler\.com/"
 		to="https://servedbyadbutler.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/AdCap.biz.xml b/src/chrome/content/rules/AdCap.biz.xml
new file mode 100644
index 000000000000..59059fd68af4
--- /dev/null
+++ b/src/chrome/content/rules/AdCap.biz.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .adcap.biz
+
+-->
+<ruleset name="AdCap.biz">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="adcap.biz" />
+	<target host="www.adcap.biz" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.adcap\.biz$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.adcap\.biz$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AdExcite.xml b/src/chrome/content/rules/AdExcite.xml
deleted file mode 100644
index 20c123379277..000000000000
--- a/src/chrome/content/rules/AdExcite.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	CDN buckets:
-
-		- adexcite.s3.amazonaws.com
-			- equivalent to d6ccerq7yhhu9.cloudfront.net
-		- c405038.r38.cf1.rackcdn.com
-
-
-	Nonfunctional subdomains:
-
-		- (www.)
-		- admin
-
--->
-<ruleset name="AdExcite (partial)">
-
-	<target host="cdn.adexcite.com" />
-
-
-	<rule from="^https?://cdn\.adexcite\.com/"
-		to="https://adexcite.s3.amazonaws.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/AdExtent.com-problematic.xml b/src/chrome/content/rules/AdExtent.com-problematic.xml
deleted file mode 100644
index 509e193bd1a9..000000000000
--- a/src/chrome/content/rules/AdExtent.com-problematic.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	For rules that are on by default, see AdExtent.com.xml.
-
--->
-<ruleset name="AdExtent.com (problematic)" default_off="mismatched">
-
-	<target host="appv2.adextent.com" />
-		<!--
-			Handled in AdExtent.com.xml:
-							-->
-		<!--exclusion pattern="^http://appv2\.adextent\.com/(favicon\.ico|Frontend/bootstrap/|Frontend/scripts/|Frontend/theme/)" /-->
-
-
-	<rule from="^http://appv2\.adextent\.com/(?!favicon\.ico|Frontend/(?:bootstrap|scripts|theme)/)"
-		to="https://appv2.adextent.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/AdExtent.com.xml b/src/chrome/content/rules/AdExtent.com.xml
deleted file mode 100644
index a595d1bc222b..000000000000
--- a/src/chrome/content/rules/AdExtent.com.xml
+++ /dev/null
@@ -1,68 +0,0 @@
-<!--
-	For problematic rules, see AdExtent.com-problematic.xml.
-
-
-	CDN buckets:
-
-		- appv2.adextent.com.s3.amazonaws.com
-
-		- d2dxlvlyoblbme.cloudfront.net
-
-			- dynads
-
-		- adextent.freshdesk.com
-
-			- support
-
-
-	Nonfunctional subdomains:
-
-		- (www.)	(dropped)
-
-
-	Problematic subdomains:
-
-		- appv2		(amazonws)
-		- dynads	(cloudfront)
-		- support	(freshdesk)
-
-
-	Partially covered subdomains:
-
-		- appv2		(→ s3.amazonaws.com, avoiding user-visible paths)
-
-
-	Fully covered subdomains:
-
-		- dynads	(→ d2dxlvlyoblbme.cloudfront.net)
-		- ssl
-		- support	(→ adextent.freshdesk.com)
-
--->
-<ruleset name="AdExtent.com (partial)">
-
-	<target host="*.adextent.com" />
-		<!--
-			Avoid user-visible paths:
-							-->
-		<!--exclusion pattern="^http://appv2\.adextent\.com/(?!favicon\.ico|Frontend/bootstrap/|Frontend/scripts/|Frontend/theme/)" /-->
-
-
-	<!--	Tracking cookies:
-					-->
-	<securecookie host="^\.appv2\.adextent\.com$" name=".+" />
-
-
-	<rule from="^http://appv2\.adextent\.com/(?=favicon\.ico|Frontend/(?:bootstrap|scripts|theme)/)"
-		to="https://s3.amazonaws.com/appv2.adextent.com/" />
-
-	<rule from="^http://dynads\.adextent\.com/"
-		to="https://d2dxlvlyoblbme.cloudfront.net/" />
-
-	<rule from="^http://ssl\.adextent\.com/"
-		to="https://ssl.adextent.com/" />
-
-	<rule from="^http://support\.adextent\.com/"
-		to="https://adextent.freshdesk.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/AdF.ly.xml b/src/chrome/content/rules/AdF.ly.xml
index 74e253c27083..04cf93f04b15 100644
--- a/src/chrome/content/rules/AdF.ly.xml
+++ b/src/chrome/content/rules/AdF.ly.xml
@@ -1,24 +1,45 @@
 <!--
-	Nonfunctiona subdomains:
+	Non-functional hosts in *.ay.gy
+		Mixed content blocking (MCB) tiggered:
+			 - api.ay.gy
 
-		- forum	(cert mismatch; 404)
-		- kb	(ditto)
+	Non-functional hosts in *.adf.ly
+		Couldn't connect to server:
+			 - mail.adf.ly
 
--->
-<ruleset name="AdF.ly (buggy)" default_off="trips on its own referrers">
+		Peer certificate cannot be authenticated with given CA certificates:
+			 - custom.adf.ly
 
+		Mixed content blocking (MCB) tiggered:
+			 - api.adf.ly
+			 - kb.adf.ly
+			 - v2.adf.ly
+-->
+<ruleset name="AdF.ly (partial)">
+	<!-- *.sl-adfly.com -->
+	<target host="s1-adfly.com" />
+	<target host="www.s1-adfly.com" />
+
+	<!-- *.ay.gy -->
+	<target host="ay.gy" />
+	<target host="www.ay.gy" />
+	<target host="cdn.ay.gy" />
+	<target host="login.ay.gy" />
+
+	<!-- *.adf.ly -->
 	<target host="adf.ly" />
-	<target host="*.adf.ly" />
-
-
-	<securecookie host="^adf\.ly$" name=".+" />
-	<securecookie host="^\.adf\.ly$" name="^(?:adf[12]|__cfduid|FLYSESSID)$" />
-
-
-	<rule from="^http://(www\.)?adf\.ly/"
-		to="https://$1adf.ly/" />
-
-	<rule from="^https?://cdn\.adf\.ly/"
-		to="https://adf.ly/" />
-
+	<target host="www.adf.ly" />
+	<target host="cdn.adf.ly" />
+	<target host="dmca.adf.ly" />
+	<target host="forum.adf.ly" />
+	<target host="login.adf.ly" />
+	<target host="logo.adf.ly" />
+	<target host="static.adf.ly" />
+	<target host="support.adf.ly" />
+	<target host="v1.adf.ly" />
+	<target host="web1.adf.ly" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/AdFox.ru.xml b/src/chrome/content/rules/AdFox.ru.xml
new file mode 100644
index 000000000000..07a842306be8
--- /dev/null
+++ b/src/chrome/content/rules/AdFox.ru.xml
@@ -0,0 +1,46 @@
+<!--
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- adfox.ru
+		- .adfox.ru
+		- auth.adfox.ru
+		- login.adfox.ru
+		- specs.adfox.ru
+		- www.adfox.ru
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="AdFox.ru">
+
+	<target host="adfox.ru" />
+	<target host="ads.adfox.ru" />
+	<target host="auth.adfox.ru" />
+	<target host="content.adfox.ru" />
+	<target host="help.adfox.ru" />
+	<target host="login.adfox.ru" />
+	<target host="specs.adfox.ru" />
+	<target host="www.adfox.ru" />
+
+		<!--	Set cookie without Secure:
+							-->
+		<test url="http://ads.adfox.ru/1/getCode?p1=&amp;p2=&amp;ptrc=&amp;pfc=&amp;pfb=&amp;puid1=&amp;pr=" />
+		<test url="http://ads.adfox.ru/1/getCodeTest?yandexuid=&amp;sign=&amp;p1=&amp;p2=&amp;p3=&amp;p4=&amp;pct=&amp;plp=&amp;pli=&amp;pop=&amp;pfc=&amp;pfb=&amp;puid1=" />
+		<test url="http://ads.adfox.ru/1/tracePointTest?p7=&amp;p8=" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?adfox\.ru$" name="^(?:csrftoken|sessionid)$" /-->
+	<!--securecookie host="^\.adfox\.ru$" name="^(?:cryptouid|cryptouid_actual|cryptouid_sign|luid1|luid1_ts)$" /-->
+	<!--securecookie host="^auth\.adfox\.ru$" name="^lang$" /-->
+	<!--securecookie host="^login\.adfox\.ru$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^specs\.adfox\.ru$" name="^ci_session$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AdHands.ru.xml b/src/chrome/content/rules/AdHands.ru.xml
new file mode 100644
index 000000000000..afb3da99374e
--- /dev/null
+++ b/src/chrome/content/rules/AdHands.ru.xml
@@ -0,0 +1,25 @@
+<!--
+	Nonfunctional subdomains:
+
+		- support ¹
+		- www ²
+
+	¹ 404
+	² Shows api
+
+
+	Fully covered subdomains:
+
+		- api
+		- sedu
+
+-->
+<ruleset name="AdHands.ru (partial)">
+
+	<target host="api.adhands.ru" />
+	<target host="sedu.adhands.ru" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AdJug.com.xml b/src/chrome/content/rules/AdJug.com.xml
index a561fc51e3cc..51bb403ee722 100644
--- a/src/chrome/content/rules/AdJug.com.xml
+++ b/src/chrome/content/rules/AdJug.com.xml
@@ -1,4 +1,18 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://hosting.de.adjug.com/ => https://hosting.de.adjug.com/: (51, "SSL: no alternative certificate subject name matches target host name 'hosting.de.adjug.com'")
+Fetch error: http://view.de.adjug.com/ => https://view.de.adjug.com/: (6, 'Could not resolve host: view.de.adjug.com')
+Fetch error: http://www.de.adjug.com/ => https://www.de.adjug.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.de.adjug.com'")
+Fetch error: http://hosting.adjug.com/ => https://hosting.adjug.com/: (51, "SSL: no alternative certificate subject name matches target host name 'hosting.adjug.com'")
+Fetch error: http://hosting.uk.adjug.com/ => https://hosting.uk.adjug.com/: (51, "SSL: no alternative certificate subject name matches target host name 'hosting.uk.adjug.com'")
+Fetch error: http://view.uk.adjug.com/ => https://view.uk.adjug.com/: (6, 'Could not resolve host: view.uk.adjug.com')
+Fetch error: http://www.uk.adjug.com/ => https://www.uk.adjug.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.uk.adjug.com'")
+Fetch error: http://view.us.adjug.com/ => https://view.us.adjug.com/: (6, 'Could not resolve host: view.us.adjug.com')
+Fetch error: http://www.us.adjug.com/ => https://www.us.adjug.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.us.adjug.com'")
+Fetch error: http://www.adjug.com/ => https://www.adjug.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.adjug.com'")
+Fetch error: http://adjug.com/ => https://www.adjug.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.adjug.com'")
+
 	CDN buckets:
 
 		- vast.adjug.com.edgesuite.net
@@ -19,45 +33,50 @@
 		- vast	(works, akamai)
 
 
-	Fully covered subdomains:
+	Insecure cookies are set for these domains:
 
-		- (www.)	(^ → www)
+		- .adjug.com
 
-		- hosting subdomains:
+-->
+<ruleset name="AdJug.com (partial)" default_off="failed ruleset test">
 
-			- ^
-			- de
-			- uk
+	<!--	Direct rewrites:
+				-->
+	<target host="hosting.de.adjug.com" />
+	<target host="view.de.adjug.com" />
+	<target host="www.de.adjug.com" />
 
-		- hosting.de
-		- www.de
-		- image
-		- tracking
-		- hosting.uk
-		- www.uk
-		- www.us
-		- vast		(→ akamai)
+	<target host="hosting.adjug.com" />
+	<target host="de.hosting.adjug.com" />
+	<target host="uk.hosting.adjug.com" />
 
-		- view subdomains:
+	<target host="image.adjug.com" />
+	<target host="tracking.adjug.com" />
 
-			- de
-			- uk
-			- us
+	<target host="hosting.uk.adjug.com" />
+	<target host="view.uk.adjug.com" />
+	<target host="www.uk.adjug.com" />
 
--->
-<ruleset name="AdJug.com (partial)">
+	<target host="view.us.adjug.com" />
+	<target host="www.us.adjug.com" />
+	<target host="www.adjug.com" />
 
+	<!--	Complications:
+				-->
 	<target host="adjug.com" />
-	<target host="*.adjug.com" />
 
 
-	<rule from="^http://(?:www\.)?adjug\.com/"
-		to="https://www.adjug.com/" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.adjug\.com$" name="^AJUserGUID$" /-->
+
+	<securecookie host="^\.adjug\.com$" name="^AJUserGUID$" />
 
-	<rule from="^http://((?:hosting|www)\.(?:de|uk)|hosting|(?:de|uk)\.hosting|image|tracking|www\.us|view\.(?:de|uk|us))\.adjug\.com/"
-		to="https://$1.adjug.com/" />
 
-	<rule from="^http://vast\.adjug\.com/"
-		to="https://a248.e.akamai.net/f/1051/7225/4f/vast.adjug.com/" />
+	<rule from="^http://adjug\.com/"
+		to="https://www.adjug.com/" />
+
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/AdJuggler-problematic.xml b/src/chrome/content/rules/AdJuggler-problematic.xml
index 0e1c8e579aac..d809975da498 100644
--- a/src/chrome/content/rules/AdJuggler-problematic.xml
+++ b/src/chrome/content/rules/AdJuggler-problematic.xml
@@ -8,7 +8,7 @@
 	<target host="www.adjuggler.com" />
 
 
-	<rule from="^https?://(?:www\.)?adjuggler\.com/"
+	<rule from="^http://(?:www\.)?adjuggler\.com/"
 		to="https://adjuggler.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/AdJuggler.xml b/src/chrome/content/rules/AdJuggler.xml
index 46a7459289cc..6d13e8a9fa40 100644
--- a/src/chrome/content/rules/AdJuggler.xml
+++ b/src/chrome/content/rules/AdJuggler.xml
@@ -20,7 +20,7 @@
 		<!--
 			Unknown as to whether anything but banners/ is identical
 											-->
-		<exclusion pattern="^https?://hwcdn\.hadj[147]\.adjuggler\.net/banners/" />
+		<exclusion pattern="^http://hwcdn\.hadj[147]\.adjuggler\.net/banners/" />
 
 
 	<securecookie host="^rotator\.hadj7\.adjuggler\.net$" name=".+" />
@@ -28,10 +28,10 @@
 
 	<!--	Banners on 3rd-party websites.
 						-->
-	<rule from="^https?://(?:rotator\.adjuggler\.(?:com|net)|hwcdn\.hadj[14]\.adjuggler\.net)/"
+	<rule from="^http://(?:rotator\.adjuggler\.(?:com|net)|hwcdn\.hadj[14]\.adjuggler\.net)/"
 		to="https://rotator.adjuggler.com/" />
 
-	<rule from="^https?://((?:\w+\.)?rotator|hwcdn)\.hadj7\.adjuggler\.net/"
+	<rule from="^http://(?:(?:\w+\.)?rotator|hwcdn)\.hadj7\.adjuggler\.net/"
 		to="https://rotator.hadj7.adjuggler.net/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/AdMarvel.com.xml b/src/chrome/content/rules/AdMarvel.com.xml
new file mode 100644
index 000000000000..ec30299ec048
--- /dev/null
+++ b/src/chrome/content/rules/AdMarvel.com.xml
@@ -0,0 +1,20 @@
+<!--
+	For other Opera coverage, see Opera.xml.
+
+
+	www.admarvel.com: Refused
+
+	^admarvel.com doesn't exist.
+
+-->
+<ruleset name="AdMarvel.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ads.admarvel.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AdMaster.com.cn.xml b/src/chrome/content/rules/AdMaster.com.cn.xml
new file mode 100644
index 000000000000..9afed6cadf82
--- /dev/null
+++ b/src/chrome/content/rules/AdMaster.com.cn.xml
@@ -0,0 +1,69 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://e.admaster.com.cn/ => https://e.admaster.com.cn/: (6, 'Could not resolve host: e.admaster.com.cn')
+
+	Nonfunctional hosts:
+
+		- (www.)? ¹
+		- c ²
+		- \w+.vyk ¹
+
+	¹ Refused
+	² 404
+
+
+	Problematic hosts:
+
+		- sec *
+
+	* Mismatched
+
+
+	Fully covered hosts:
+
+		- e
+		- s
+		- smt
+		- survey
+		- v
+
+
+	Insecure cookies are set for these domains:
+
+		-  .admaster.com.cn
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- survey from 8cu07a.vyk.admaster.com.cn ¹
+			- survey from 8cxu7a.v.planmaster.com.cn ²
+
+	¹ Unsecurable <= refused
+	² Unsecurable <= 404
+
+-->
+<ruleset name="AdMaster.com.cn (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="e.admaster.com.cn" />
+	<target host="s.admaster.com.cn" />
+	<target host="smt.admaster.com.cn" />
+	<target host="survey.admaster.com.cn" />
+	<target host="v.admaster.com.cn" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.admaster\.com\.cn$" name="^(admckid|mapping_host|viewlist)$" /-->
+
+	<securecookie host="^\.admaster\.com\.cn$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AdMatrix.jp.xml b/src/chrome/content/rules/AdMatrix.jp.xml
new file mode 100644
index 000000000000..2789a5975526
--- /dev/null
+++ b/src/chrome/content/rules/AdMatrix.jp.xml
@@ -0,0 +1,30 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+			 - dash01.admatrix.jp
+
+		Timeout was reached:
+			 - send-dmp.admatrix.jp
+
+-->
+<ruleset name="AdMatrix.jp">
+	<target host="admatrix.jp" />
+	<target host="*.admatrix.jp" />
+
+	<test url="http://www.admatrix.jp/" />
+	<test url="http://acq-3pas.admatrix.jp/" />
+	<test url="http://api-fsefo.admatrix.jp/" />
+	<test url="http://creative-3pas.admatrix.jp/" />
+	<test url="http://eventd-cro.admatrix.jp/" />
+	<test url="http://fso-tapi.admatrix.jp/" />
+	<test url="http://lib-3pas.admatrix.jp/" />
+	<test url="http://lib-fsefo.admatrix.jp/" />
+	<test url="http://optout-3pas.admatrix.jp/" />
+	<test url="http://serving-3pas.admatrix.jp/" />
+	<test url="http://src-fsefo.admatrix.jp/" />
+	<test url="http://sync-tapi.admatrix.jp/" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AdMob-mismatches.xml b/src/chrome/content/rules/AdMob-mismatches.xml
deleted file mode 100644
index 4782397ba14d..000000000000
--- a/src/chrome/content/rules/AdMob-mismatches.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	For rules that are on by default, see AdMob.xml.
-
--->
-<ruleset name="AdMob (mismatches)" default_off="mismatch">
-
-	<!--	Akamai	-->
-	<target host="mmv.admob.com" />
-
-
-	<!--	Included on 3rd-party websites.	-->
-	<rule from="^http://mmv\.admob\.com/"
-		to="https://mmv.admob.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/AdMob.xml b/src/chrome/content/rules/AdMob.xml
index dd451831d980..2dee87ed629b 100644
--- a/src/chrome/content/rules/AdMob.xml
+++ b/src/chrome/content/rules/AdMob.xml
@@ -1,24 +1,17 @@
 <!--
-	For problematic rules, see AdMob-mismatches.xml.
-
-
-	CDN buckets:
-
-		- mmv.admob.com.edgesuite.net/.../
-			- a1051.w10.akamai.net/.../
+	For other Google coverage, see GoogleServices.xml.
 
 -->
-<ruleset name="AdMob (partial)">
+<ruleset name="AdMob.com">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="admob.com" />
-	<target host="*.admob.com" />
-
+	<target host="apps.admob.com" />
+	<target host="www.admob.com" />
 
-	<!--	Cert only matches *.admob.com.	-->
-	<rule from="^https?://(?:www\.)?admob\.com/"
-		to="https://www.admob.com/" />
 
-	<rule from="^http://secure\.admob\.com/"
-		to="https://secure.admob.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/AdNow.com.xml b/src/chrome/content/rules/AdNow.com.xml
new file mode 100644
index 000000000000..362765fb0c86
--- /dev/null
+++ b/src/chrome/content/rules/AdNow.com.xml
@@ -0,0 +1,424 @@
+<!--
+	Cert expired:
+		- st.ad.adnow.com
+		- dev-self-service.adnow.com
+		- dev-self-service-adm.adnow.com
+		- dev-self-service-pay.adnow.com
+
+	Cert mismatch:
+		- (*.)build.adnow.com
+		- (*.)samuilson.adnow.com
+		- (*.)vsl.adnow.com
+		- ads.adnow.com
+		- www.and07.adnow.com
+		- st-n.ads5.adnow.com
+		- fa.allupl.adnow.com
+		- fr.boo.adnow.com
+		- br.adnow.com
+		- com.adnow.com
+		- cdn.adnow.com
+		- cpa.adnow.com
+		- ja.crash.adnow.com
+		- www.dev.adnow.com
+		- devself-service-pay.adnow.com
+		- mail.devself-service-pay.adnow.com
+		- mail2.devself-service-pay.adnow.com
+		- feed.adnow.com
+		- vi.g.adnow.com
+		- ru.goliaff.adnow.com
+		- gr.adnow.com
+		- cs.ja.globa.adnow.com
+		- fr.ja.adnow.com
+		- ja.m.adnow.com
+		- mige.adnow.com
+		- vi.m.adnow.com
+		- mg.adnow.com
+		- nick.adnow.com
+		- vi.oo.adnow.com
+		- vi.openr.adnow.com
+		- promo-td.adnow.com
+		- th.quicklo.adnow.com
+		- en.r.adnow.com
+		- rasul.adnow.com
+		- rs.adnow.com
+		- ru.rustavely.adnow.com
+		- th.sti.adnow.com
+		- vi.p.t.adnow.com
+		- test.adnow.com
+		- www.video.adnow.com
+		- www.vshkanov.adnow.com
+		- www.build.vshkanov.adnow.com
+		- zh.www.adnow.com
+
+	Connection refused:
+		- preprod.adnow.com
+		- static.adnow.com
+
+	Self-signed cert:
+		- st.n.adnow.com
+		- st.adnow.com
+
+	TLS error:
+		- admtd.adnow.com
+		- advpn.adnow.com
+		- offvpn.adnow.com
+		- payvpn.adnow.com
+		- pcvpn.adnow.com
+-->
+
+<ruleset name="AdNow.com">
+
+	<target host="adnow.com" />
+	<target host="www.adnow.com" />
+
+	<target host="ad.adnow.com" />
+
+	<target host="akl.adnow.com" />
+	<target host="ar.akl.adnow.com" />
+	<target host="bg.akl.adnow.com" />
+	<target host="build.akl.adnow.com" />
+	<target host="ar.build.akl.adnow.com" />
+	<target host="adm-td.adnow.com" />
+	<target host="agency.adnow.com" />
+	<target host="bg.build.akl.adnow.com" />
+	<target host="cs.build.akl.adnow.com" />
+	<target host="de.build.akl.adnow.com" />
+	<target host="el.build.akl.adnow.com" />
+	<target host="en.build.akl.adnow.com" />
+	<target host="es.build.akl.adnow.com" />
+	<target host="fr.build.akl.adnow.com" />
+	<target host="hi.build.akl.adnow.com" />
+	<target host="hr.build.akl.adnow.com" />
+	<target host="id.build.akl.adnow.com" />
+	<target host="it.build.akl.adnow.com" />
+	<target host="ja.build.akl.adnow.com" />
+	<target host="ms.build.akl.adnow.com" />
+	<target host="pl.build.akl.adnow.com" />
+	<target host="pt.build.akl.adnow.com" />
+	<target host="ro.build.akl.adnow.com" />
+	<target host="ru.build.akl.adnow.com" />
+	<target host="sr.build.akl.adnow.com" />
+	<target host="tr.build.akl.adnow.com" />
+	<target host="th.build.akl.adnow.com" />
+	<target host="zh.build.akl.adnow.com" />
+	<target host="vi.build.akl.adnow.com" />
+	<target host="de.akl.adnow.com" />
+	<target host="el.akl.adnow.com" />
+	<target host="cs.akl.adnow.com" />
+	<target host="en.akl.adnow.com" />
+	<target host="es.akl.adnow.com" />
+	<target host="fr.akl.adnow.com" />
+	<target host="hi.akl.adnow.com" />
+	<target host="hr.akl.adnow.com" />
+	<target host="id.akl.adnow.com" />
+	<target host="it.akl.adnow.com" />
+	<target host="ja.akl.adnow.com" />
+	<target host="ms.akl.adnow.com" />
+	<target host="pl.akl.adnow.com" />
+	<target host="pt.akl.adnow.com" />
+	<target host="ro.akl.adnow.com" />
+	<target host="ru.akl.adnow.com" />
+	<target host="sr.akl.adnow.com" />
+	<target host="th.akl.adnow.com" />
+	<target host="tr.akl.adnow.com" />
+	<target host="vi.akl.adnow.com" />
+	<target host="zh.akl.adnow.com" />
+	<target host="and07.adnow.com" />
+	<target host="ar.and07.adnow.com" />
+	<target host="bg.and07.adnow.com" />
+	<target host="build.and07.adnow.com" />
+	<target host="ar.build.and07.adnow.com" />
+	<target host="cs.build.and07.adnow.com" />
+	<target host="bg.build.and07.adnow.com" />
+	<target host="de.build.and07.adnow.com" />
+	<target host="el.build.and07.adnow.com" />
+	<target host="en.build.and07.adnow.com" />
+	<target host="es.build.and07.adnow.com" />
+	<target host="fr.build.and07.adnow.com" />
+	<target host="hr.build.and07.adnow.com" />
+	<target host="hi.build.and07.adnow.com" />
+	<target host="id.build.and07.adnow.com" />
+	<target host="pl.build.and07.adnow.com" />
+	<target host="pt.build.and07.adnow.com" />
+	<target host="it.build.and07.adnow.com" />
+	<target host="ja.build.and07.adnow.com" />
+	<target host="ms.build.and07.adnow.com" />
+	<target host="ro.build.and07.adnow.com" />
+	<target host="ru.build.and07.adnow.com" />
+	<target host="sr.build.and07.adnow.com" />
+	<target host="th.build.and07.adnow.com" />
+	<target host="tr.build.and07.adnow.com" />
+	<target host="vi.build.and07.adnow.com" />
+	<target host="zh.build.and07.adnow.com" />
+	<target host="cs.and07.adnow.com" />
+	<target host="de.and07.adnow.com" />
+	<target host="el.and07.adnow.com" />
+	<target host="en.and07.adnow.com" />
+	<target host="fr.and07.adnow.com" />
+	<target host="es.and07.adnow.com" />
+	<target host="hr.and07.adnow.com" />
+	<target host="ja.and07.adnow.com" />
+	<target host="hi.and07.adnow.com" />
+	<target host="id.and07.adnow.com" />
+	<target host="it.and07.adnow.com" />
+	<target host="ms.and07.adnow.com" />
+	<target host="pt.and07.adnow.com" />
+	<target host="pl.and07.adnow.com" />
+	<target host="ru.and07.adnow.com" />
+	<target host="ro.and07.adnow.com" />
+	<target host="th.and07.adnow.com" />
+	<target host="sr.and07.adnow.com" />
+	<target host="vi.and07.adnow.com" />
+	<target host="tr.and07.adnow.com" />
+	<target host="zh.and07.adnow.com" />
+	<target host="anti-adblock.adnow.com" />
+	<target host="api-super.adnow.com" />
+	<target host="bitbucket.adnow.com" />
+	<target host="bamboo.adnow.com" />
+	<target host="bg.adnow.com" />
+	<target host="ar.adnow.com" />
+	<target host="blog.adnow.com" />
+	<target host="www.blog.adnow.com" />
+	<target host="api-td.adnow.com" />
+	<target host="confluence.adnow.com" />
+	<target host="cs.adnow.com" />
+	<target host="de.adnow.com" />
+	<target host="dev.adnow.com" />
+	<target host="ar.dev.adnow.com" />
+	<target host="bg.dev.adnow.com" />
+	<target host="build.dev.adnow.com" />
+	<target host="ar.build.dev.adnow.com" />
+	<target host="bg.build.dev.adnow.com" />
+	<target host="cs.build.dev.adnow.com" />
+	<target host="de.build.dev.adnow.com" />
+	<target host="el.build.dev.adnow.com" />
+	<target host="en.build.dev.adnow.com" />
+	<target host="es.build.dev.adnow.com" />
+	<target host="fr.build.dev.adnow.com" />
+	<target host="hi.build.dev.adnow.com" />
+	<target host="crm.adnow.com" />
+	<target host="hr.build.dev.adnow.com" />
+	<target host="ja.build.dev.adnow.com" />
+	<target host="it.build.dev.adnow.com" />
+	<target host="id.build.dev.adnow.com" />
+	<target host="pt.build.dev.adnow.com" />
+	<target host="ms.build.dev.adnow.com" />
+	<target host="pl.build.dev.adnow.com" />
+	<target host="ru.build.dev.adnow.com" />
+	<target host="ro.build.dev.adnow.com" />
+	<target host="sr.build.dev.adnow.com" />
+	<target host="th.build.dev.adnow.com" />
+	<target host="tr.build.dev.adnow.com" />
+	<target host="vi.build.dev.adnow.com" />
+	<target host="zh.build.dev.adnow.com" />
+	<target host="cs.dev.adnow.com" />
+	<target host="de.dev.adnow.com" />
+	<target host="el.dev.adnow.com" />
+	<target host="en.dev.adnow.com" />
+	<target host="es.dev.adnow.com" />
+	<target host="fr.dev.adnow.com" />
+	<target host="id.dev.adnow.com" />
+	<target host="ja.dev.adnow.com" />
+	<target host="pl.dev.adnow.com" />
+	<target host="hi.dev.adnow.com" />
+	<target host="it.dev.adnow.com" />
+	<target host="hr.dev.adnow.com" />
+	<target host="pt.dev.adnow.com" />
+	<target host="ms.dev.adnow.com" />
+	<target host="ro.dev.adnow.com" />
+	<target host="ru.dev.adnow.com" />
+	<target host="sr.dev.adnow.com" />
+	<target host="th.dev.adnow.com" />
+	<target host="tr.dev.adnow.com" />
+	<target host="vi.dev.adnow.com" />
+	<target host="zh.dev.adnow.com" />
+	<target host="dpominov.adnow.com" />
+	<target host="bg.build.dpominov.adnow.com" />
+	<target host="ar.dpominov.adnow.com" />
+	<target host="bg.dpominov.adnow.com" />
+	<target host="cs.build.dpominov.adnow.com" />
+	<target host="build.dpominov.adnow.com" />
+	<target host="de.build.dpominov.adnow.com" />
+	<target host="ar.build.dpominov.adnow.com" />
+	<target host="en.build.dpominov.adnow.com" />
+	<target host="es.build.dpominov.adnow.com" />
+	<target host="el.build.dpominov.adnow.com" />
+	<target host="fr.build.dpominov.adnow.com" />
+	<target host="hi.build.dpominov.adnow.com" />
+	<target host="hr.build.dpominov.adnow.com" />
+	<target host="id.build.dpominov.adnow.com" />
+	<target host="it.build.dpominov.adnow.com" />
+	<target host="ja.build.dpominov.adnow.com" />
+	<target host="ms.build.dpominov.adnow.com" />
+	<target host="pl.build.dpominov.adnow.com" />
+	<target host="ro.build.dpominov.adnow.com" />
+	<target host="pt.build.dpominov.adnow.com" />
+	<target host="th.build.dpominov.adnow.com" />
+	<target host="sr.build.dpominov.adnow.com" />
+	<target host="ru.build.dpominov.adnow.com" />
+	<target host="zh.build.dpominov.adnow.com" />
+	<target host="vi.build.dpominov.adnow.com" />
+	<target host="tr.build.dpominov.adnow.com" />
+	<target host="cs.dpominov.adnow.com" />
+	<target host="de.dpominov.adnow.com" />
+	<target host="el.dpominov.adnow.com" />
+	<target host="en.dpominov.adnow.com" />
+	<target host="fr.dpominov.adnow.com" />
+	<target host="hi.dpominov.adnow.com" />
+	<target host="es.dpominov.adnow.com" />
+	<target host="id.dpominov.adnow.com" />
+	<target host="hr.dpominov.adnow.com" />
+	<target host="it.dpominov.adnow.com" />
+	<target host="ja.dpominov.adnow.com" />
+	<target host="ms.dpominov.adnow.com" />
+	<target host="pt.dpominov.adnow.com" />
+	<target host="ru.dpominov.adnow.com" />
+	<target host="ro.dpominov.adnow.com" />
+	<target host="sr.dpominov.adnow.com" />
+	<target host="tokenad.dpominov.adnow.com" />
+	<target host="tr.dpominov.adnow.com" />
+	<target host="th.dpominov.adnow.com" />
+	<target host="pl.dpominov.adnow.com" />
+	<target host="vi.dpominov.adnow.com" />
+	<target host="zh.dpominov.adnow.com" />
+	<target host="el.adnow.com" />
+	<target host="en.adnow.com" />
+	<target host="es.adnow.com" />
+	<target host="fa.adnow.com" />
+	<target host="dev.findep.adnow.com" />
+	<target host="fr.adnow.com" />
+	<target host="findep.adnow.com" />
+	<target host="hi.adnow.com" />
+	<target host="hr.adnow.com" />
+	<target host="id.adnow.com" />
+	<target host="it.adnow.com" />
+	<target host="ja.adnow.com" />
+	<target host="jira.adnow.com" />
+	<target host="ksamokhin.adnow.com" />
+	<target host="ar.ksamokhin.adnow.com" />
+	<target host="bg.ksamokhin.adnow.com" />
+	<target host="build.ksamokhin.adnow.com" />
+	<target host="ar.build.ksamokhin.adnow.com" />
+	<target host="bg.build.ksamokhin.adnow.com" />
+	<target host="cs.build.ksamokhin.adnow.com" />
+	<target host="de.build.ksamokhin.adnow.com" />
+	<target host="el.build.ksamokhin.adnow.com" />
+	<target host="en.build.ksamokhin.adnow.com" />
+	<target host="hi.build.ksamokhin.adnow.com" />
+	<target host="hr.build.ksamokhin.adnow.com" />
+	<target host="es.build.ksamokhin.adnow.com" />
+	<target host="fr.build.ksamokhin.adnow.com" />
+	<target host="id.build.ksamokhin.adnow.com" />
+	<target host="it.build.ksamokhin.adnow.com" />
+	<target host="ja.build.ksamokhin.adnow.com" />
+	<target host="ms.build.ksamokhin.adnow.com" />
+	<target host="pl.build.ksamokhin.adnow.com" />
+	<target host="pt.build.ksamokhin.adnow.com" />
+	<target host="ro.build.ksamokhin.adnow.com" />
+	<target host="sr.build.ksamokhin.adnow.com" />
+	<target host="ru.build.ksamokhin.adnow.com" />
+	<target host="th.build.ksamokhin.adnow.com" />
+	<target host="tr.build.ksamokhin.adnow.com" />
+	<target host="vi.build.ksamokhin.adnow.com" />
+	<target host="zh.build.ksamokhin.adnow.com" />
+	<target host="cs.ksamokhin.adnow.com" />
+	<target host="de.ksamokhin.adnow.com" />
+	<target host="el.ksamokhin.adnow.com" />
+	<target host="en.ksamokhin.adnow.com" />
+	<target host="hi.ksamokhin.adnow.com" />
+	<target host="es.ksamokhin.adnow.com" />
+	<target host="fr.ksamokhin.adnow.com" />
+	<target host="hr.ksamokhin.adnow.com" />
+	<target host="id.ksamokhin.adnow.com" />
+	<target host="it.ksamokhin.adnow.com" />
+	<target host="ja.ksamokhin.adnow.com" />
+	<target host="ms.ksamokhin.adnow.com" />
+	<target host="pl.ksamokhin.adnow.com" />
+	<target host="pt.ksamokhin.adnow.com" />
+	<target host="ro.ksamokhin.adnow.com" />
+	<target host="ru.ksamokhin.adnow.com" />
+	<target host="sr.ksamokhin.adnow.com" />
+	<target host="th.ksamokhin.adnow.com" />
+	<target host="tr.ksamokhin.adnow.com" />
+	<target host="vi.ksamokhin.adnow.com" />
+	<target host="zh.ksamokhin.adnow.com" />
+	<target host="lk-td.adnow.com" />
+	<target host="ms.adnow.com" />
+	<target host="n.adnow.com" />
+	<target host="oauth-super.adnow.com" />
+	<target host="pay-td.adnow.com" />
+	<target host="pl.adnow.com" />
+	<target host="ro.adnow.com" />
+	<target host="ru.adnow.com" />
+	<target host="self-service.adnow.com" />
+	<target host="self-service-adm.adnow.com" />
+	<target host="self-service-pay.adnow.com" />
+	<target host="sr.adnow.com" />
+	<target host="ssp.adnow.com" />
+	<target host="st-n.adnow.com" />
+	<target host="stprev.adnow.com" />
+	<target host="super.adnow.com" />
+	<target host="moderation.super.adnow.com" />
+	<target host="panel.super.adnow.com" />
+	<target host="th.adnow.com" />
+	<target host="td.adnow.com" />
+	<target host="tmw.adnow.com" />
+	<target host="tr.adnow.com" />
+	<target host="vi.adnow.com" />
+	<target host="video.adnow.com" />
+	<target host="vshkanov.adnow.com" />
+	<target host="ar.vshkanov.adnow.com" />
+	<target host="bg.vshkanov.adnow.com" />
+	<target host="build.vshkanov.adnow.com" />
+	<target host="ar.build.vshkanov.adnow.com" />
+	<target host="bg.build.vshkanov.adnow.com" />
+	<target host="de.build.vshkanov.adnow.com" />
+	<target host="cs.build.vshkanov.adnow.com" />
+	<target host="el.build.vshkanov.adnow.com" />
+	<target host="en.build.vshkanov.adnow.com" />
+	<target host="fr.build.vshkanov.adnow.com" />
+	<target host="es.build.vshkanov.adnow.com" />
+	<target host="hi.build.vshkanov.adnow.com" />
+	<target host="hr.build.vshkanov.adnow.com" />
+	<target host="id.build.vshkanov.adnow.com" />
+	<target host="it.build.vshkanov.adnow.com" />
+	<target host="ja.build.vshkanov.adnow.com" />
+	<target host="ms.build.vshkanov.adnow.com" />
+	<target host="pl.build.vshkanov.adnow.com" />
+	<target host="pt.build.vshkanov.adnow.com" />
+	<target host="ro.build.vshkanov.adnow.com" />
+	<target host="ru.build.vshkanov.adnow.com" />
+	<target host="th.build.vshkanov.adnow.com" />
+	<target host="sr.build.vshkanov.adnow.com" />
+	<target host="tr.build.vshkanov.adnow.com" />
+	<target host="vi.build.vshkanov.adnow.com" />
+	<target host="zh.build.vshkanov.adnow.com" />
+	<target host="cs.vshkanov.adnow.com" />
+	<target host="de.vshkanov.adnow.com" />
+	<target host="el.vshkanov.adnow.com" />
+	<target host="en.vshkanov.adnow.com" />
+	<target host="es.vshkanov.adnow.com" />
+	<target host="fr.vshkanov.adnow.com" />
+	<target host="hi.vshkanov.adnow.com" />
+	<target host="id.vshkanov.adnow.com" />
+	<target host="hr.vshkanov.adnow.com" />
+	<target host="it.vshkanov.adnow.com" />
+	<target host="ja.vshkanov.adnow.com" />
+	<target host="ms.vshkanov.adnow.com" />
+	<target host="pl.vshkanov.adnow.com" />
+	<target host="pt.vshkanov.adnow.com" />
+	<target host="ro.vshkanov.adnow.com" />
+	<target host="sr.vshkanov.adnow.com" />
+	<target host="th.vshkanov.adnow.com" />
+	<target host="ru.vshkanov.adnow.com" />
+	<target host="tr.vshkanov.adnow.com" />
+	<target host="vi.vshkanov.adnow.com" />
+	<target host="zh.vshkanov.adnow.com" />
+	<target host="wp.adnow.com" />
+	<target host="xkey.adnow.com" />
+	<target host="build.xkey.adnow.com" />
+	<target host="zh.adnow.com" />
+
+	<rule from="^http:" to="https:"/>
+
+</ruleset>
diff --git a/src/chrome/content/rules/AdPerfect.xml b/src/chrome/content/rules/AdPerfect.xml
deleted file mode 100644
index 9eadded56d1e..000000000000
--- a/src/chrome/content/rules/AdPerfect.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- oasads	(ads included on 3rd-party websites)
-
--->
-<ruleset name="AdPerfect (partial)">
-
-	<target host="adperfect.com" />
-	<target host="www.adperfect.com" />
-
-
-	<!--	Cert only matches *.adperfect.com	-->
-	<rule from="^https?://(?:www\.)?adperfect\.com/"
-		to="https://www.adperfect.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/AdReactor.xml b/src/chrome/content/rules/AdReactor.xml
index 33dfc8fd4516..3af548a8db56 100644
--- a/src/chrome/content/rules/AdReactor.xml
+++ b/src/chrome/content/rules/AdReactor.xml
@@ -9,7 +9,6 @@
 	<target host="adserver.adreactor.com" />
 
 
-	<rule from="^http://adserver\.adreactor\.com/"
-		to="https://adserver.adreactor.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/AdRiver.xml b/src/chrome/content/rules/AdRiver.xml
index 61b0d245efab..a8494955e79f 100644
--- a/src/chrome/content/rules/AdRiver.xml
+++ b/src/chrome/content/rules/AdRiver.xml
@@ -1,3 +1,11 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ads.adriver.ru/ => https://ads.adriver.ru/: (7, 'Failed to connect to ads.adriver.ru port 443: Connection timed out')
+Fetch error: http://masterh3.adriver.ru/ => https://masterh3.adriver.ru/: (28, 'Connection timed out after 20000 milliseconds')
+
+-->
+
 <!--
 	Problematic subdomains:
 
@@ -13,12 +21,53 @@
 		- edp[12]
 		- masterh[1-8]
 
+
+	Insecure cookies are set for these domains:
+
+		- .adriver.ru
+
+
+	Mixed content:
+
+		- css on content from masterh1.adriver.ru *
+		- Image on content from masterh1.adriver.ru *
+
+	* Secured by us
+
 -->
-<ruleset name="AdRiver">
+<ruleset name="AdRiver.ru (partial)" default_off="failed ruleset test">
 
 	<target host="adriver.ru" />
-	<target host="*.adriver.ru" />
+	<target host="ad.adriver.ru" />
+	<target host="adr.adriver.ru" />
+	<target host="ads.adriver.ru" />
+	<target host="content.adriver.ru" />
+	<target host="edp1.adriver.ru" />
+	<target host="edp2.adriver.ru" />
+	<target host="masterh1.adriver.ru" />
+	<target host="masterh2.adriver.ru" />
+	<target host="masterh3.adriver.ru" />
+	<target host="masterh4.adriver.ru" />
+	<target host="masterh5.adriver.ru" />
+	<target host="masterh6.adriver.ru" />
+	<target host="masterh7.adriver.ru" />
+	<target host="masterh8.adriver.ru" />
+
+		<exclusion pattern="^http://content\.adriver\.ru/+(?:$|\?)" />
+
+			<test url="http://content.adriver.ru/?" />
+			<test url="http://content.adriver.ru//" />
+			<test url="http://content.adriver.ru//?" />
+
+	<!-- Flash-based players fails load ads if detect redirects. It can issue lower video quality on videohostings like on rutube.ru -->
+	<exclusion pattern="^http://ad\.adriver\.ru/crossdomain.xml" />
+
+		<test url="http://ad.adriver.ru/crossdomain.xml" />
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.adriver\.ru$" name="^(cid|uid)$" /-->
 
 	<!--	Tracking cookies:
 
@@ -27,12 +76,12 @@
 	<securecookie host="^\.adriver\.ru$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?adriver\.ru/"
+	<rule from="^http://adriver\.ru/"
 		to="https://www.adriver.ru/" />
 
 	<!--	Included on 3rd-party websites.
 						-->
-	<rule from="^http://(ad[rs]?|content|edp[12]|masterh\d)\.adriver\.ru/"
-		to="https://$1.adriver.ru/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/AdRoll-problematic.xml b/src/chrome/content/rules/AdRoll-problematic.xml
deleted file mode 100644
index 2213f49e7bb0..000000000000
--- a/src/chrome/content/rules/AdRoll-problematic.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<!--
-	For rules that are on by default, see AdRoll.xml.
-
--->
-<ruleset name="AdRoll (problematic)" default_off="mismatched">
-
-	<target host="feedback.adroll.com" />
-
-
-	<rule from="^http://feedback\.adroll\.com/(?!s/)"
-		to="https://feedback.adroll.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/AdRoll.xml b/src/chrome/content/rules/AdRoll.xml
index 9156e4713fdd..d2a405a3bb36 100644
--- a/src/chrome/content/rules/AdRoll.xml
+++ b/src/chrome/content/rules/AdRoll.xml
@@ -1,57 +1,26 @@
 <!--
-	For problematic rules, see AdRoll-problematic.xml
+	Refused:
+		- ^
 
+	Timeout:
+		- support
 
-	CDN buckets:
-
-		- adroll-2081128421.us-west-1.elb.amazonaws.com
-
-		- wildcard.adroll.com.edgekey.net
-
-			- s.adroll.com
-
-		- a.adroll.com.edgesuite.net
-
-		- adroll.userecho.com
-
-			- feedback.adroll.com
-
-		- adroll.wpengine.com		(redirects to blog.adroll)
-
-			- blog.adroll.com
-
-
-	Nonfunctional subdomains:
-
-		- blog *
-		- support *
-
-	* Redirects to http, mismatched, CN: *.wpengine.com)
-
-
-	Problematic subdomains:
-
-		- a		(akamai)
-		- feedback	(works, mismatched, CN: userecho.com)
-
-
-	s.adroll.com sets __ar_v4 and _te_ wildcard cookies
-	on whichever domain it is loaded from.
-
+	Mismatched:
+		- a
 -->
 <ruleset name="AdRoll (partial)">
-
 	<target host="adroll.com" />
-	<target host="*.adroll.com" />
-
-
-	<rule from="^http://(d\.|www\.)?adroll\.com/"
-		to="https://$1adroll.com/" />
-
-	<rule from="^http://[as]\.adroll\.com/"
-		to="https://s.adroll.com/" />
-
-	<rule from="^http://feedback\.adroll\.com/s/"
-		to="https://userecho.com/s/" />
-
-</ruleset>
\ No newline at end of file
+	<target host="www.adroll.com" />
+	<target host="blog.adroll.com" />
+	<target host="d.adroll.com" />
+	<target host="feedback.adroll.com" />
+	<target host="help.adroll.com" />
+	<target host="s.adroll.com" />
+	<target host="support.adroll.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://adroll\.com/" to="https://www.adroll.com/" />
+	<rule from="^http://support\.adroll\.com/" to="https://help.adroll.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AdSafe.xml b/src/chrome/content/rules/AdSafe.xml
index fd821658e1d6..5f6615119361 100644
--- a/src/chrome/content/rules/AdSafe.xml
+++ b/src/chrome/content/rules/AdSafe.xml
@@ -1,28 +1,33 @@
+
 <!--
-	Nonfunctional domains:
+Disabled by https-everywhere-checker because:
+Fetch error: http://adsafecontrol.com/ => https://adsafecontrol.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.adsafecontrol.com/ => https://www.adsafecontrol.com/: (60, 'SSL certificate problem: certificate has expired')
+
+	Other AdSafe rulesets:
 
-		- (www.)adsafemedia.com		(CN: *.adsafecontrol.com; shows CentOS default page)
+		- AdSafe_protected.com.xml
 
 
-	Fully covered domains:
+	Nonfunctional domains:
+
+		- (www.)?adsafemedia.com *
 
-		- static.adsafeprotected.com
+	* Shows default page
 
 -->
-<ruleset name="AdSafe (partial)">
+<ruleset name="AdSafe control.com" default_off="failed ruleset test">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="adsafecontrol.com" />
 	<target host="www.adsafecontrol.com" />
-	<target host="*.adsafeprotected.com" />
-
 
-	<securecookie host="^adsafecontrol\.com$" name=".+" />
 
+	<securecookie host="^\w" name=".+" />
 
-	<rule from="^http://(www\.)?adsafecontrol\.com/"
-		to="https://$1adsafecontrol.com/" />
 
-	<rule from="^http://(pixel|static)\.adsafeprotected\.com/"
-		to="https://$1.adsafeprotected.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/AdSafe_protected.com.xml b/src/chrome/content/rules/AdSafe_protected.com.xml
new file mode 100644
index 000000000000..4fe193ab3363
--- /dev/null
+++ b/src/chrome/content/rules/AdSafe_protected.com.xml
@@ -0,0 +1,20 @@
+<!--
+	For other AdSafe coverage, see AdSafe_protected.com.xml.
+
+
+	(www.)?adsafeprotected.com doesn't exist.
+
+-->
+<ruleset name="AdSafe protected.com">
+
+	<target host="fw.adsafeprotected.com" />
+	<target host="pixel.adsafeprotected.com" />
+	<target host="static.adsafeprotected.com" />
+
+		<test url="http://static.adsafeprotected.com/skeleton.gif" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AdSonar.com.xml b/src/chrome/content/rules/AdSonar.com.xml
new file mode 100644
index 000000000000..340db42a9b1d
--- /dev/null
+++ b/src/chrome/content/rules/AdSonar.com.xml
@@ -0,0 +1,63 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://sl-retargeting.adsonar.com/process/roi/leadback.jsp?lb= => https://sl-retargeting.adsonar.com/process/roi/leadback.jsp?lb=: (7, 'Failed to connect to sl-retargeting.adsonar.com port 443: Connection refused')
+Fetch error: http://secure-js.adsonar.com/ => https://secure-js.adsonar.com/: (6, 'Could not resolve host: secure-js.adsonar.com')
+Fetch error: http://sl-retargeting.adsonar.com/ => https://sl-retargeting.adsonar.com/: (7, 'Failed to connect to sl-retargeting.adsonar.com port 443: Connection refused')
+Fetch error: http://ssl-sl-retargeting.adsonar.com/ => https://ssl-sl-retargeting.adsonar.com/: (7, 'Failed to connect to ssl-sl-retargeting.adsonar.com port 443: Connection refused')
+Fetch error: http://www.adsonar.com/ => https://www.adsonar.com/: (6, 'Could not resolve host: www.adsonar.com')
+Fetch error: http://adsonar.com/ => https://www.adsonar.com/: (6, 'Could not resolve host: www.adsonar.com')
+Fetch error: http://js.adsonar.com/ => https://secure-js.adsonar.com/: (6, 'Could not resolve host: secure-js.adsonar.com')
+
+	For other AOL coverage, see AOL.xml.
+
+
+	Problematic hosts in *adsonar.com:
+
+		- ^ ¹
+		- js ²
+
+	¹ Mismatched
+	² Akamai
+
+
+	Insecure cookies are set for these domains:
+
+		- .adsonar.com
+
+-->
+<ruleset name="AdSonar.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="secure-js.adsonar.com" />
+	<target host="sl-retargeting.adsonar.com" />
+	<target host="ssl-sl-retargeting.adsonar.com" />
+	<target host="www.adsonar.com" />
+
+	<!--	Complications:
+				-->
+	<target host="adsonar.com" />
+	<target host="js.adsonar.com" />
+
+		<test url="http://sl-retargeting.adsonar.com/process/roi/leadback.jsp?lb=" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.adsonar\.com$" name="^ASLLB$" /-->
+
+	<securecookie host="^\.adsonar\.com$" name=".+" />
+
+
+	<rule from="^http://adsonar\.com/"
+		to="https://www.adsonar.com/" />
+
+	<rule from="^http://js\.adsonar\.com/"
+		to="https://secure-js.adsonar.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+
+</ruleset>
diff --git a/src/chrome/content/rules/AdSpeed.biz.xml b/src/chrome/content/rules/AdSpeed.biz.xml
new file mode 100644
index 000000000000..6f950ef3dafb
--- /dev/null
+++ b/src/chrome/content/rules/AdSpeed.biz.xml
@@ -0,0 +1,33 @@
+<!--
+	For other AdSpeed coverage, see AdSpeed.xml.
+
+
+	Problematic domains:
+
+		- (www.)adspeed.biz	Refused
+		- \w\d+.adspeed.biz *
+
+	* Mismatched
+
+-->
+<ruleset name="AdSpeed.biz">
+
+	<!--	Complications:
+				-->
+	<target host="adspeed.biz" />
+	<target host="*.adspeed.biz" />
+
+		<test url="http://i1.adspeed.biz/" />
+		<test url="http://i1.adspeed.biz/ad.php?do=&amp;aid=&amp;zid=&amp;t=&amp;auth=" />
+		<test url="http://www.adspeed.biz/" />
+
+
+	<rule from="^http://(?:www\.)?adspeed\.biz/.*"
+		to="https://www.adspeed.com/?src=dotbiz" />
+
+		<test url="http://www.adspeed.biz/index.php" />
+
+	<rule from="^http://\w\d+\.adspeed\.biz/"
+		to="https://g.adspeed.net/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AdSpeed.net.xml b/src/chrome/content/rules/AdSpeed.net.xml
new file mode 100644
index 000000000000..04c24bb884af
--- /dev/null
+++ b/src/chrome/content/rules/AdSpeed.net.xml
@@ -0,0 +1,31 @@
+<!--
+	For other AdSpeed coverage, see AdSpeed.xml.
+
+
+	(www.)?adspeed.net: Mismatched
+
+-->
+<ruleset name="AdSpeed.net">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="g.adspeed.net" />
+
+	<!--	Complications:
+				-->
+	<target host="adspeed.net" />
+	<target host="www.adspeed.net" />
+
+		<test url="http://g.adspeed.net/ad.php?do=&amp;aid=&amp;zid=&amp;t=&amp;auth=" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?adspeed\.net/"
+		to="https://adspeed.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AdSpeed.xml b/src/chrome/content/rules/AdSpeed.xml
index 9249d61f129a..061e80a648e0 100644
--- a/src/chrome/content/rules/AdSpeed.xml
+++ b/src/chrome/content/rules/AdSpeed.xml
@@ -1,38 +1,36 @@
 <!--
-	Problematic domains:
+	Other AdSpeed rulesets:
 
-		- (www.)adspeed.biz
-		- \w\d+.adspeed.biz	(cert only matches g.adspeed.net)
-		- m.adpseed.com		(redirects to adspeed.com)
-		- www.adspeed.com *
-		- (www.)adspeed.net *
+		- AdSpeed.biz.xml
+		- AdSpeed.net.xml
 
-	* Cert only matches adspeed.com
+
+	CDN buckets:
+
+		- cdn-adspeedcom.netdna-ssl.com
+
+
+	Nonfunctional hosts in *adspeed.com:
+
+		- m *
+
+	* Redirects to adspeed.com
 
 -->
-<ruleset name="AdSpeed (partial)">
+<ruleset name="AdSpeed.com (partial)">
 
-	<target host="adspeed.biz" />
-	<target host="*.adspeed.biz" />
 	<target host="adspeed.com" />
 	<target host="www.adspeed.com" />
-	<target host="adspeed.net" />
-	<target host="*.adspeed.net" />
-
-
-	<securecookie host="^\.adspeed\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?adspeed\.biz/(?:.*)"
-		to="https://adspeed.com/?src=dotbiz" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.adspeed\.com$" name="^PHPSESSID$" /-->
 
-	<rule from="^https?://(?:www\.)?adspeed\.com/"
-		to="https://adspeed.com/" />
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^https?://(?:\w\d+\.adspeed\.biz|g\.adspeed\.net)/"
-		to="https://g.adspeed.net/" />
 
-	<rule from="^https?://(?:www\.)?adspeed\.net/"
-		to="https://adspeed.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/AdSpirit.xml b/src/chrome/content/rules/AdSpirit.xml
index 303fe16be337..0fc912afffa3 100644
--- a/src/chrome/content/rules/AdSpirit.xml
+++ b/src/chrome/content/rules/AdSpirit.xml
@@ -1,15 +1,28 @@
+
 <!--
-	Nonfunctional subdomains:
+Disabled by https-everywhere-checker because:
+Fetch error: http://cdn6.adspirit.de/banner/_default/728x90.jpg => https://cdn6.adspirit.de/banner/_default/728x90.jpg: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://cdn6.adspirit.de/banner/1x1.gif => https://cdn6.adspirit.de/banner/1x1.gif: (28, 'Connection timed out after 20001 milliseconds')
 
-		- (www.)
+	^adspirit.de: Refused
+	www.adspirit.de: Shows default page
 
 -->
-<ruleset name="AdSpirit (partial)">
+<ruleset name="AdSpirit.de (partial)" default_off="failed ruleset test">
 
 	<target host="*.adspirit.de" />
 
+		<exclusion pattern="http://www\.adspirit\.de/" />
+
+			<test url="http://www.adspirit.de/" />
+
+		<test url="http://cdn.adspirit.de/banner/1x1.gif" />
+		<test url="http://cdn6.adspirit.de/banner/_default/728x90.jpg" />
+		<test url="http://cdn6.adspirit.de/banner/1x1.gif" />
+		<test url="http://urban.adspirit.de/adnoclick.php?pid=" />
+
 
-	<rule from="^http://(?!www\.)?([\w-]+)\.adspirit\.de/"
+	<rule from="^http://([\w-]+)\.adspirit\.de/"
 		to="https://$1.adspirit.de/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/AdSupply.xml b/src/chrome/content/rules/AdSupply.xml
index 00d30c39c5ff..04a8d9657860 100644
--- a/src/chrome/content/rules/AdSupply.xml
+++ b/src/chrome/content/rules/AdSupply.xml
@@ -1,56 +1,30 @@
 <!--
-	CDN buckets:
+	Other AdSupply rulesets:
 
-		- wac.45EE.edgecastcdn.net/??45EE/
+		- 4dsply.com.xml
+		- Trklnks.com.xml
 
-			- cdn.engine.4dsply.com
 
+	Problematic hosts in *adsupply.com:
 
-	Nonfunctional domains:
+		- affiliates *
 
-		- (www.)4dsply.com	(cert: invalid.ssl.host.com; 404)
-		- (www.)adsupply.com	(ditto)
-
-
-	Problematic domains:
-
-		- cdn.engine.4dsply.com		(404; mismatched, CN: gp1.wac.edgecastcdn.net)
-
-
-	Fully covered domains:
-
-		- engine.4dsply.com
-		- cdn.engine.4dsply.com		(→ engine)
-
-		- adsupply.com subdomains:
-
-			- affiliates
-			- engine
-			- ui
-
-		- trklnks.com		(→ engine.trklnks.com)
-		- engine.trklnks.com
+	* Mismatched
 
 -->
-<ruleset name="AdSupply (partial)">
-
-	<target host="*.4dsply.com" />
-	<target host="*.adsupply.com" />
-	<target host="trklnks.com" />
-	<target host="engine.trklnks.com" />
-
+<ruleset name="AdSupply.com (partial)">
 
-	<securecookie host="^engine\.(?:4dsply|trklnks)\.com$" name=".+" />
-	<securecookie host="^.+\.adsupply\.com$" name=".+" />
+	<target host="adsupply.com" />
+	<target host="engine.adsupply.com" />
+	<target host="cdn.engine.adsupply.com" />
+	<target host="ui.adsupply.com" />
+	<target host="www.adsupply.com" />
 
 
-	<rule from="^http://(?:cdn\.)?engine\.4dsply\.com/"
-		to="https://engine.4dsply.com/" />
+	<securecookie host="^(?!\.adsupply\.com$)" name=".+" />
 
-	<rule from="^http://(affiliates|engine|ui)\.adsupply\.com/"
-		to="https://$1.adsupply.com/" />
 
-	<rule from="^http://(?:engine\.)?trklnks\.com/"
-		to="https://engine.trklnks.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/AdXpansion.com.xml b/src/chrome/content/rules/AdXpansion.com.xml
deleted file mode 100644
index dd0718a835dc..000000000000
--- a/src/chrome/content/rules/AdXpansion.com.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- help		(dropped)
-		- marketing	(shows www; mismatched, CN: www.adxpansion.com)
-
--->
-<ruleset name="AdXpansion.com (partial)">
-
-	<target host="adxpansion.com" />
-	<target host="*.adxpansion.com" />
-
-
-	<securecookie host="^(?:w*\.)?adxpansion\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?adxpansion\.com/"
-		to="https://$1adxpansion.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Ad_Peeps_hosted.com.xml b/src/chrome/content/rules/Ad_Peeps_hosted.com.xml
index 5e9a7569e8b9..d5922e2f4168 100644
--- a/src/chrome/content/rules/Ad_Peeps_hosted.com.xml
+++ b/src/chrome/content/rules/Ad_Peeps_hosted.com.xml
@@ -13,7 +13,6 @@
 	<securecookie host="^(?:www\.)?adpeepshosted\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?adpeepshosted\.com/"
-		to="https://$1adpeepshosted.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Ada.lt.xml b/src/chrome/content/rules/Ada.lt.xml
index 53becd3d0615..8a8fde71195c 100644
--- a/src/chrome/content/rules/Ada.lt.xml
+++ b/src/chrome/content/rules/Ada.lt.xml
@@ -16,7 +16,6 @@
 	<securecookie host="^(?:www\.)?ada\.lt$" name=".+" />
 
 
-	<rule from="^http://(www\.)?ada\.lt/"
-		to="https://$1ada.lt/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/AdaCore.xml b/src/chrome/content/rules/AdaCore.xml
index a683ce82e201..6f6872000ffc 100644
--- a/src/chrome/content/rules/AdaCore.xml
+++ b/src/chrome/content/rules/AdaCore.xml
@@ -1,20 +1,9 @@
-<ruleset name="AdaCore" platform="mixedcontent">
+<ruleset name="AdaCore (partial)">
+	<target host="adacore.com" />
+	<target host="www.adacore.com" />
+	<target host="libre.adacore.com" />
 
-	<target host="adacore.com"/>
-	<target host="*.adacore.com"/>
-
-
-	<securecookie host="^www\.adacore\.com$" name=".*"/>
-
-
-	<!--	Matches:
-
-			- libre
-			- www
-      Other subdomains may not work:
-      https://trac.torproject.org/projects/tor/ticket/7219
-				-->
-	<rule from="^http://(www\.|libre\.)?adacore\.com/"
-		to="https://$1adacore.com/"/>
+	<securecookie host=".+" name=".+" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Adactio.com.xml b/src/chrome/content/rules/Adactio.com.xml
new file mode 100644
index 000000000000..c5c1b7f090d5
--- /dev/null
+++ b/src/chrome/content/rules/Adactio.com.xml
@@ -0,0 +1,22 @@
+<!--
+	www.adactio.com: Refused
+
+-->
+<ruleset name="Adactio.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="adactio.com" />
+
+	<!--	Complications:
+				-->
+	<target host="www.adactio.com" />
+
+
+	<rule from="^http://www\.adactio\.com/"
+		to="https://adactio.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Adafruit.xml b/src/chrome/content/rules/Adafruit.xml
index 1ab44c3efe7a..542ee9ed2be9 100644
--- a/src/chrome/content/rules/Adafruit.xml
+++ b/src/chrome/content/rules/Adafruit.xml
@@ -1,22 +1,19 @@
-<!--
-	Nonfunctional subdomains:
-
-		- forums *
-		- learn *
-
-	* Shows www
-
--->
-<ruleset name="AdaFruit (partial)">
+<ruleset name="AdaFruit.com">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="adafruit.com" />
-	<target host="*.adafruit.com" />
+	<target host="accounts.adafruit.com" />
+	<target host="blog.adafruit.com" />
+	<target host="forums.adafruit.com" />
+	<target host="learn.adafruit.com" />
+	<target host="www.adafruit.com" />
 
 
 	<securecookie host="^\.?www\.adafruit\.com$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?adafruit\.com/"
-		to="https://www.adafruit.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Adagio.com.xml b/src/chrome/content/rules/Adagio.com.xml
new file mode 100644
index 000000000000..cd2a6587127f
--- /dev/null
+++ b/src/chrome/content/rules/Adagio.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Adagio.com">
+  <target host="adagio.com" />
+  <target host="www.adagio.com" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Adam-Barth.xml b/src/chrome/content/rules/Adam-Barth.xml
new file mode 100644
index 000000000000..771fe0bce9db
--- /dev/null
+++ b/src/chrome/content/rules/Adam-Barth.xml
@@ -0,0 +1,7 @@
+<ruleset name="Adam Barth">
+	<target host="adambarth.com"/>
+	<target host="www.adambarth.com"/>
+	
+	<rule from="^http:"
+		to="https:"/>
+</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Adam_Caudill.com.xml b/src/chrome/content/rules/Adam_Caudill.com.xml
new file mode 100644
index 000000000000..878781a26f21
--- /dev/null
+++ b/src/chrome/content/rules/Adam_Caudill.com.xml
@@ -0,0 +1,40 @@
+<!--
+	NB: Tor users cannot view* this website due to CloudFlare settings.
+
+	See:
+
+		- https://blog.torproject.org/blog/call-arms-helping-internet-services-accept-anonymous-users
+		- https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block-Tor-
+		- https://support.cloudflare.com/hc/en-us/articles/200170206-How-do-I-turn-I-m-Under-Attack-mode-on-
+
+	* without enabling javascript, for security and privacy implications see e.g.:
+
+		- https://www.mozilla.org/security/known-vulnerabilities/firefox.html
+		- https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-fingerprinting
+		- https://panopticlick.eff.org
+
+
+	Insecure cookies are set for these domains:
+
+		- .adamcaudill.com
+
+-->
+<ruleset name="Adam Caudill.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="adamcaudill.com" />
+	<target host="www.adamcaudill.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.adamcaudill\.com$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Adap.TV.xml b/src/chrome/content/rules/Adap.TV.xml
index 7f0e83abc996..6883a9e781b0 100644
--- a/src/chrome/content/rules/Adap.TV.xml
+++ b/src/chrome/content/rules/Adap.TV.xml
@@ -1,17 +1,64 @@
-<ruleset name="Adap.TV">
 
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://adap.tv/ => https://adap.tv/: (7, 'Failed to connect to adap.tv port 443: Connection refused')
+Fetch error: http://www.adap.tv/ => https://adap.tv/: (7, 'Failed to connect to adap.tv port 443: Connection refused')
+
+	For other AOL coverage, see AOL.xml.
+
+
+	Nonfunctioanl hosts in *adap.tv:
+
+		- adaptv *
+
+	* 404
+
+
+	Problematic hosts in *adap.tv:
+
+		- redir ¹
+		- www ²
+
+	¹ Akamai
+	² Mismatched
+
+
+	Fully covered hosts in *adap.tv:
+
+		- (www.)?	(www → ^)
+		- ads
+		- my
+		- redir		(→ ads)
+		- segments
+		- sync
+
+-->
+<ruleset name="Adap.TV (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
 	<target host="adap.tv" />
-	<target host="*.adap.tv" />
+	<target host="ads.adap.tv" />
+	<target host="my.adap.tv" />
+	<target host="segments.adap.tv" />
+	<target host="sync.adap.tv" />
 
+	<!--	Complications:
+				-->
+	<target host="redir.adap.tv" />
+	<target host="www.adap.tv" />
 
-	<securecookie host="^\.adap\.tv$" name=".*" />
 
+	<securecookie host="^\.adap\.tv$" name=".+" />
 
-	<rule from="^http://((?:ads|my|segments|www)\.)?adap\.tv/"
-		to="https://$1adap.tv/" />
 
-	<!--	Akamai	-->
-	<rule from="^https?://redir\.adap\.tv/"
+	<rule from="^http://redir\.adap\.tv/"
 		to="https://ads.adap.tv/" />
 
+	<rule from="^http://www\.adap\.tv/"
+		to="https://adap.tv/" />
+
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/Adaptavist.com.xml b/src/chrome/content/rules/Adaptavist.com.xml
new file mode 100644
index 000000000000..87d9e47a9d6d
--- /dev/null
+++ b/src/chrome/content/rules/Adaptavist.com.xml
@@ -0,0 +1,18 @@
+<ruleset name="Adaptavist.com (partial)">
+
+	<target host="adaptavist.com" />
+	<target host="tracker.adaptavist.com" />
+	<target host="www.adaptavist.com" />
+		<!--
+			Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.adaptavist\.com/($|download/attachments/|favicon\.ico|images/icons/|plugins/builder/layout-resources\.action\?|plugins/shop/(acquire|form)\.action|w/assets/|w/media/|w/plugins/|w/wp-content/)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.adaptavist\.com/+(?!s/\d{4}/\d\d/[\d.]{1,2}/)" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Adaptec.com.xml b/src/chrome/content/rules/Adaptec.com.xml
index e5abb491bf1d..be63b4b6bfb0 100644
--- a/src/chrome/content/rules/Adaptec.com.xml
+++ b/src/chrome/content/rules/Adaptec.com.xml
@@ -1,4 +1,9 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://adaptec.com/ => https://www.adaptec.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.adaptec.com/ => https://www.adaptec.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
 	CDN buckets:
 
 		- wac.131d.edgecastcdn.net/??131D/
@@ -26,7 +31,7 @@
 	** Secured by us
 
 -->
-<ruleset name="Adaptec.com (partial)">
+<ruleset name="Adaptec.com (partial)" default_off="failed ruleset test">
 
 	<target host="adaptec.com" />
 	<target host="www.adaptec.com" />
diff --git a/src/chrome/content/rules/Adapteva.com.xml b/src/chrome/content/rules/Adapteva.com.xml
index 8536e0ebce57..db5fa193ef43 100644
--- a/src/chrome/content/rules/Adapteva.com.xml
+++ b/src/chrome/content/rules/Adapteva.com.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://shop.adapteva.com/ (200) => https://adapteva.myshopify.com/ (404)
+
 	CDN buckets:
 
 		- adapteva.myshopify.com
@@ -16,7 +20,7 @@
 		- (www.)	(http reply)
 
 -->
-<ruleset name="Adapteva.com (partial)">
+<ruleset name="Adapteva.com (partial)" default_off="failed ruleset test">
 
 	<target host="shop.adapteva.com" />
 
@@ -24,4 +28,4 @@
 	<rule from="^http://shop\.adapteva\.com/"
 		to="https://adapteva.myshopify.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Adaptive_Computing.xml b/src/chrome/content/rules/Adaptive_Computing.xml
index f756ba54f1c9..5ca61de18444 100644
--- a/src/chrome/content/rules/Adaptive_Computing.xml
+++ b/src/chrome/content/rules/Adaptive_Computing.xml
@@ -1,13 +1,37 @@
-<ruleset name="Adaptive Computing">
 
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://adaptivecomputing.com/ => https://adaptivecomputing.com/: (51, "SSL: no alternative certificate subject name matches target host name 'adaptivecomputing.com'")
+
+-->
+<ruleset name="Adaptive Computing (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
 	<target host="adaptivecomputing.com" />
 	<target host="www.adaptivecomputing.com" />
 
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.adaptivecomputing\.com/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.adaptivecomputing\.com/+(?!wp-content/|wp-login\.php)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.adaptivecomputing.com/blog" />
+			<test url="http://www.adaptivecomputing.com/products/" />
+			<test url="http://www.adaptivecomputing.com/support-login" />
 
-	<securecookie host="^www\.adaptivecomputing\.com$" name=".+" />
+			<!--	-ve:
+					-->
+			<test url="http://www.adaptivecomputing.com/wp-content/themes/AdaptiveComputing/img/nav-gif.gif" />
+			<test url="http://www.adaptivecomputing.com/wp-login.php" />
 
 
-	<rule from="^http://(www\.)?adaptivecomputing\.com/"
-		to="https://$1adaptivecomputing.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Adara-Media.xml b/src/chrome/content/rules/Adara-Media.xml
index c47c2deb8d66..0c24a893c3f6 100644
--- a/src/chrome/content/rules/Adara-Media.xml
+++ b/src/chrome/content/rules/Adara-Media.xml
@@ -1,23 +1,25 @@
 <!--
+	Other Adara Media rulesets:
+
+		- Yieldoptimizer.com.xml
+
+
 	Nonfunctional domains:
 
 		- (www.)adaramedia.com	(times out)
 
 -->
-<ruleset name="Adara Media (partial)">
+<ruleset name="Adara Media.com (partial)" default_off="mismatched">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="login.adaramedia.com" />
-	<target host="tag.yieldoptimizer.com" />
-
 
-	<securecookie host="^login\.adaramedia\.com$" name=".*" />
 
+	<securecookie host="^login\.adaramedia\.com$" name=".+" />
 
-	<rule from="^http://login\.adaramedia\.com/"
-		to="https://login.adaramedia.com/" />
 
-	<!--	Included on 3rd-party websites.	-->
-	<rule from="^http://tag\.yieldoptimizer\.com/"
-		to="https://tag.yieldoptimizer.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Adaway.org.xml b/src/chrome/content/rules/Adaway.org.xml
new file mode 100644
index 000000000000..ec436613dca3
--- /dev/null
+++ b/src/chrome/content/rules/Adaway.org.xml
@@ -0,0 +1,6 @@
+<ruleset name="Adaway.org">
+	<target host="adaway.org" />
+	<target host="www.adaway.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Adblade.xml b/src/chrome/content/rules/Adblade.xml
index 9b6af4240cbf..94a339a12fe6 100644
--- a/src/chrome/content/rules/Adblade.xml
+++ b/src/chrome/content/rules/Adblade.xml
@@ -1,41 +1,70 @@
 <!--
-	Nonfunctional:
+	Nonfunctional hosts in *adblade.com:
 
-        - https://(www.)adblade.com
-		- (pwik.|www.)adiant.com
+		- blog *
 
-			- Cert: savegeorge.com.
-			- Display savegeorge.com data (i.e., a blank page).
+	* Dropped
+
+
+	Nonfunctional hosts in *adblade.com:
+
+		- blog ˣ
+		- static ᵐ
+
+	ᵐ Mismatched
+	ˣ Mixed css, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+
+	Insecure cookies are set for these domains: ᶜ
+
+		- .adblade.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css on blog from $self
+
+		- Images, on:
+
+			- blog from echidnainc.com ⁴
+			- blog from www.mdgadvertising.com ʳ
+
+	⁴ Unsecurable <= 404
+	ʳ Unsecurable <= refused
 
 -->
-<ruleset name="Adblade (partial)">
+<ruleset name="Adblade.com (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="adblade.com" />
-	<target host="*.adblade.com" />
-	<target host="reachmode.com" />
-	<target host="*.reachmode.com" />
+	<target host="pixel.adblade.com" />
+	<target host="web.adblade.com" />
+	<target host="www.adblade.com" />
 
+		<!--	Previously redirected to http:
+							-->
+		<test url="http://adblade.com/adblade-adspecs" />
+		<test url="http://adblade.com/doc/about" />
+		<test url="http://adblade.com/doc/contact" />
+		<test url="http://www.adblade.com/adblade-adspecs" />
+		<test url="http://www.adblade.com/doc/about" />
+		<test url="http://www.adblade.com/doc/contact" />
 
-	<securecookie host="^web\.reachmode\.com$" name=".*" />
+		<test url="http://pixel.adblade.com/imps.php?sgms=" />
 
 
-	<!--	Registration pages are polluted by unsecurable
-		beacons from piwik.adiant.com.  Tut tut.	-->
-	<rule from="^http://(www\.)?adblade\.com/(css|images|img|registration)/"
-		to="https://$1adblade.com/$2/" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.adblade\.com$" name="^__sgs$" /-->
 
-	<rule from="^http://(pixel|web)\.adblade\.com/"
-		to="https://$1.adblade.com/" />
+	<securecookie host="^\." name="^__(?:qca|sgs$)" />
+	<securecookie host="^\w" name=".+" />
 
-	<!--	Redirects as so, sans-https.	-->
-    <!-- No longer works.
-	<rule from="^http://(?:www\.)?reachmode\.com/"
-		to="https://www.adblade.com/" />
-        -->
 
-	<!--	This domain is used for advertising
-		on third-party websites.	-->
-	<rule from="^http://web\.reachmode\.com/"
-		to="https://web.reachmode.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/AdblockPlus.xml b/src/chrome/content/rules/AdblockPlus.xml
index 870f8bfe36ff..95fa5dbaeb53 100644
--- a/src/chrome/content/rules/AdblockPlus.xml
+++ b/src/chrome/content/rules/AdblockPlus.xml
@@ -5,20 +5,27 @@
 		- easylist
 		- easylist-downloads
 		- hg
+		- issues
 		- notification
 		- reports
 
 -->
-<ruleset name="AdblockPlus">
+<ruleset name="AdblockPlus.org">
 
 	<target host="adblockplus.org"/>
-	<target host="*.adblockplus.org"/>
+	<target host="easylist.adblockplus.org" />
+	<target host="easylist-downloads.adblockplus.org" />
+	<target host="hg.adblockplus.org" />
+	<target host="issues.adblockplus.org" />
+	<target host="notification.adblockplus.org" />
+	<target host="reports.adblockplus.org" />
+	<target host="www.adblockplus.org" />
 
 
-	<securecookie host="^(?:.*\.)?adblockplus\.org$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://((?:easylist(?:-downloads)?|hg|notification|reports|www)\.)?adblockplus\.org/"
-		to="https://$1adblockplus.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Adbooth.net.xml b/src/chrome/content/rules/Adbooth.net.xml
index 89334c06fafd..52552796a526 100644
--- a/src/chrome/content/rules/Adbooth.net.xml
+++ b/src/chrome/content/rules/Adbooth.net.xml
@@ -34,11 +34,13 @@
 -->
 <ruleset name="Adbooth.net">
 
-	<target host="*.adbooth.net" />
+	<target host="cdn.adbooth.net" />
+	<target host="help.adbooth.net" />
+	<target host="yieldmanager.adbooth.net" />
 
 
 	<rule from="^http://cdn\.adbooth\.net/"
-		to="https://s3.amazonaws.com/cdn.adbooth.net/" />
+		to="https://cdn.adbooth.net/" />
 
 	<rule from="^http://help\.adbooth\.net/track\.gif"
 		to="https://cdn.uservoice.com/track.gif" />
@@ -46,4 +48,4 @@
 	<rule from="^http://yieldmanager\.adbooth\.net/"
 		to="https://ad.yieldmanager.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Adbrite-expired.xml b/src/chrome/content/rules/Adbrite-expired.xml
index 9333bb3385cd..446463e00496 100644
--- a/src/chrome/content/rules/Adbrite-expired.xml
+++ b/src/chrome/content/rules/Adbrite-expired.xml
@@ -2,12 +2,12 @@
 	For rules that are on by default, see Adbrite.xml.
 
 -->
-<ruleset name="AdBrite (expired)" default_off="expired">
+<ruleset name="AdBrite.com (expired)" default_off="expired">
 
 	<target host="help.adbrite.com" />
 
 
-	<rule from="^http://help\.adbrite\.com/"
-		to="https://help.adbrite.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Adbrite.xml b/src/chrome/content/rules/Adbrite.xml
index fa548f99c056..4a94f2e0502c 100644
--- a/src/chrome/content/rules/Adbrite.xml
+++ b/src/chrome/content/rules/Adbrite.xml
@@ -1,4 +1,18 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.adbrite.com/ => https://www.sitescout.com/adbrite/?utm_source=adbrite: (51, "SSL: no alternative certificate subject name matches target host name 'www.sitescout.com'")
+Fetch error: http://adbrite.com/ => https://www.sitescout.com/adbrite/?utm_source=adbrite: (51, "SSL: no alternative certificate subject name matches target host name 'www.sitescout.com'")
+Fetch error: http://files.adbrite.com/ => https://www.adbrite.com/: (28, 'Connection timed out after 20000 milliseconds')
+
+-->
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.adbrite.com/ => https://www.sitescout.com/adbrite/?utm_source=adbrite: (7, 'Failed to connect to www.sitescout.com port 443: Connection refused')
+Fetch error: http://adbrite.com/ => https://www.sitescout.com/adbrite/?utm_source=adbrite: (7, 'Failed to connect to www.sitescout.com port 443: Connection refused')
+Fetch error: http://files.adbrite.com/ => https://www.adbrite.com/: (6, 'Could not resolve host: files.adbrite.com')
+
 	For problematic rules, see Adbrite-expired.xml.
 
 
@@ -7,18 +21,24 @@
 		- press		(times out)
 
 -->
-<ruleset name="AdBrite (partial)">
+<ruleset name="AdBrite.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.adbrite.com" />
 
+	<!--	Complications:
+				-->
 	<target host="adbrite.com" />
-	<target host="*.adbrite.com" />
+	<target host="files.adbrite.com" />
 
 
-	<rule from="^http://ads(2)?\.adbrite\.com/"
-		to="https://ads$1.adbrite.com/" />
+	<rule from="^http://(?:www\.)?adbrite\.com/"
+		to="https://www.sitescout.com/adbrite/?utm_source=adbrite" />
 
 	<!--	files: reset
-		!www: Shows blank page.	-->
-	<rule from="^https?://(?:files\.|www\.)?adbrite\.com/"
+				-->
+	<rule from="^http://files\.adbrite\.com/"
 		to="https://www.adbrite.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Adbusters.org.xml b/src/chrome/content/rules/Adbusters.org.xml
new file mode 100644
index 000000000000..40d6bf8d1868
--- /dev/null
+++ b/src/chrome/content/rules/Adbusters.org.xml
@@ -0,0 +1,22 @@
+<!--
+	Invalid certificate:
+		campaigns.adbusters.org
+		featured.adbusters.org
+		kickitover.adbusters.org
+
+	521 error (sometimes):
+		adbusters.org
+
+-->
+<ruleset name="Adbusters.org">
+
+	<target host="adbusters.org" />
+	<target host="www.adbusters.org" />
+	<target host="subscribe.adbusters.org" />
+
+	<rule from="^http://adbusters\.org/"
+		to="https://www.adbusters.org/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Adbuyer.com.xml b/src/chrome/content/rules/Adbuyer.com.xml
index df1c0e33a5e8..114c008d637b 100644
--- a/src/chrome/content/rules/Adbuyer.com.xml
+++ b/src/chrome/content/rules/Adbuyer.com.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://adbuyer.com/ => https://app.mbuy.com/: (7, 'Failed to connect to app.mbuy.com port 443: No route to host')
+
 	Problematic subdomains:
 
 		- (www.)	(shows app.mbuy.com; mismatched, CN: *.mbuy.com)
@@ -11,7 +15,7 @@
 		- pixel
 
 -->
-<ruleset name="adbuyer.com">
+<ruleset name="adbuyer.com" default_off="failed ruleset test">
 
 	<target host="adbuyer.com" />
 	<target host="*.adbuyer.com" />
@@ -26,4 +30,4 @@
 	<rule from="^http://(gbid|pixel)\.adbuyer\.com/"
 		to="https://$1.adbuyer.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Adcash.xml b/src/chrome/content/rules/Adcash.xml
index 97aa2d798669..be3e34f4d9ed 100644
--- a/src/chrome/content/rules/Adcash.xml
+++ b/src/chrome/content/rules/Adcash.xml
@@ -4,10 +4,9 @@
 	<target host="www.adcash.com" />
 
 
-	<securecookie host="^(www\.)?adcash\.com$" name=".*" />
+	<securecookie host="^(?:www\.)?adcash\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?adcash\.com/"
-		to="https://$1adcash.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Add2Net-mismatches.xml b/src/chrome/content/rules/Add2Net-mismatches.xml
index 7aede6bbbf26..5a707cf05d38 100644
--- a/src/chrome/content/rules/Add2Net-mismatches.xml
+++ b/src/chrome/content/rules/Add2Net-mismatches.xml
@@ -1,10 +1,9 @@
-<ruleset name="Add2Net (mismatches)" default_off="mismatch">
+<ruleset name="Add2Net (mismatches)" default_off="mismatched">
 
 	<target host="marketing.lunarpages.com"/>
 
-	<securecookie host="^marketing\.lunarpages\.com$" name=".*"/>
+	<securecookie host="^marketing\.lunarpages\.com$" name=".+" />
 
-	<rule from="^http://marketing\.lunarpages\.com/"
-		to="https://marketing.lunarpages.com/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Add2Net.xml b/src/chrome/content/rules/Add2Net.xml
index 0cf12e3974aa..ef58c038d0cb 100644
--- a/src/chrome/content/rules/Add2Net.xml
+++ b/src/chrome/content/rules/Add2Net.xml
@@ -1,4 +1,26 @@
-<ruleset name="Add2Net (partial)">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://lpdedicated.com/ => https://lpdedicated.com/: (51, "SSL: no alternative certificate subject name matches target host name 'lpdedicated.com'")
+Fetch error: http://www.lpdedicated.com/ => https://www.lpdedicated.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.lpdedicated.com'")
+Fetch error: http://lunarpages.com.mx/ => https://lunarpages.com.mx/: (7, 'Failed to connect to lunarpages.com.mx port 443: Connection refused')
+Fetch error: http://www.lunarpages.com.mx/ => https://www.lunarpages.com.mx/: (7, 'Failed to connect to www.lunarpages.com.mx port 443: Connection refused')
+Fetch error: http://lunarpages.co.uk/ => https://lunarpages.co.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'lunarpages.co.uk'")
+Fetch error: http://www.lunarpages.co.uk/ => https://www.lunarpages.co.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'www.lunarpages.co.uk'")
+Fetch error: http://tremendesk.com/ => https://tremendesk.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://lpdedicated.com/ => https://lpdedicated.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.lpdedicated.com/ => https://www.lpdedicated.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://lunarmods.com/ => https://lunarpages.com/: (28, 'Connection timed out after 10000 milliseconds')
+Fetch error: http://www.lunarmods.com/ => https://www.lunarpages.com/: (28, 'Connection timed out after 10000 milliseconds')
+Fetch error: http://lunarpages.com.mx/ => https://lunarpages.com.mx/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.lunarpages.com.mx/ => https://www.lunarpages.com.mx/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://lunarpages.co.uk/ => https://lunarpages.co.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'lunarpages.co.uk'")
+Fetch error: http://www.lunarpages.co.uk/ => https://www.lunarpages.co.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'www.lunarpages.co.uk'")
+Fetch error: http://tremendesk.com/ => https://tremendesk.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+-->
+<ruleset name="Add2Net (partial)" default_off="failed ruleset test">
 
 	<target host="lpdedicated.com"/>
 	<target host="www.lpdedicated.com"/>
@@ -7,22 +29,23 @@
 	<target host="lunarmods.com"/>
 	<target host="www.lunarmods.com"/>
 	<target host="lunarpages.com"/>
-	<target host="*.lunarpages.com"/>
+	<target host="www.lunarpages.com" />
+	<target host="account.lunarpages.com" />
+	<target host="secure.lunarpages.com" />
+	<target host="support.lunarpages.com" />
 	<target host="lunarpages.com.mx"/>
 	<target host="www.lunarpages.com.mx"/>
 	<target host="lunarpages.co.uk"/>
 	<target host="www.lunarpages.co.uk"/>
 	<target host="tremendesk.com"/>
-	<target host="*.tremendesk.com"/>
+	<target host="www.tremendesk.com" />
 
 
-	<securecookie host="^www\.lunarmods\.com$" name=".*"/>
-	<securecookie host="^(account|secure|support|www)?\.lunarpages\.com$" name=".*"/>
-	<securecookie host="^(www)?\.tremendesk\.com$" name=".*"/>
+	<securecookie host="^www\.lunarmods\.com$" name=".+" />
+	<securecookie host="^(?:account|secure|support|www)?\.lunarpages\.com$" name=".+" />
+	<securecookie host="^(?:www)?\.tremendesk\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?lpdedicated\.com/"
-		to="https://$1lpdedicated.com/"/>
 
 	<rule from="^http://(?:www\.)?lplogin\.com/"
 		to="https://account.lunarpages.com/"/>
@@ -30,13 +53,8 @@
 	<rule from="^http://(www\.)?lunar(mod|page)s\.com/"
 		to="https://$1lunarpages.com/"/>
 
-	<rule from="^http://(account|secure|support)\.lunarpages\.com/"
-		to="https://$1.lunarpages.com/"/>
 
-	<rule from="^http://(www\.)?lunarpages\.co(m\.mx|\.uk)/"
-		to="https://$1lunarpages.co$2/"/>
 
-	<rule from="^http://(www\.)?tremendesk\.com/"
-		to="https://$1tremendesk.com/"/>
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/AddBooks.se.xml b/src/chrome/content/rules/AddBooks.se.xml
index 4cad905b6ff6..ea854f18f989 100644
--- a/src/chrome/content/rules/AddBooks.se.xml
+++ b/src/chrome/content/rules/AddBooks.se.xml
@@ -1,7 +1,13 @@
-<ruleset name="AddBooks.se" platform="mixedcontent">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.addbooks.se/ => https://www.addbooks.se/: (7, 'Failed to connect to www.addbooks.se port 443: Connection timed out')
+Fetch error: http://addbooks.se/ => https://addbooks.se/: (7, 'Failed to connect to addbooks.se port 443: Connection timed out')
+
+-->
+<ruleset name="AddBooks.se" platform="mixedcontent" default_off="failed ruleset test">
   <target host="www.addbooks.se" />
   <target host="addbooks.se" />
-  <rule from="^http://www\.addbooks\.se/" to="https://www.addbooks.se/"/>
-  <rule from="^http://addbooks\.se/" to="https://addbooks.se/"/>
+  <rule from="^http:" to="https:" />
 </ruleset>
 
diff --git a/src/chrome/content/rules/AddThis.xml b/src/chrome/content/rules/AddThis.xml
index cc986d43cf02..dd6824d7e14a 100644
--- a/src/chrome/content/rules/AddThis.xml
+++ b/src/chrome/content/rules/AddThis.xml
@@ -1,98 +1,49 @@
 <!--
-	Other Clearspring rulesets:
-
-		- AddThisedge.com.xml
-		- XGraph.xml
-
+	For other Oracle coverage, see Oracle.xml.
 
 	CDN buckets:
-
 		- wildcard.addthis.com.edgekey.net
-		- wildcard.addthiscdn.com.edgekey.net
-
-
-	Nonfunctional domains:
-
-		- s4.addthis.com	(shows empty tree, mismatched, CN: xiaomufwq.com)
-
-		- support.addthis.com	(redirects to http, CN: *.assistly.com)
-
-			- So does addthis.assistly.com  & addthis.desk.com
-
-
-	Partially covered domains:
-
-		- (www.)addthis.com	(some pages redirect to http)
-
 
-	Fully covered domains:
+	Insecure cookies are set for these domains and hosts, see https://owasp.org/index.php/SecureFlag:
+		- .addthis.com
+		- www.addthis.com
 
-		- addthis.com subdomains:
-
-			- api
-			- cache
-			- cf
-			- ct[01345]
-			- ds
-			- m
-			- s[3579]
-			- secure
-			- su
-
-		- cache.addthiscdn.com
+	Invalid certificate:
+		- go.addthis.com
 
+	Timed out:
+		- s4.addthis.com
 -->
-<ruleset name="AddThis (partial)">
 
+<ruleset name="AddThis.com (partial)">
 	<target host="addthis.com" />
-	<target host="*.addthis.com" />
-	<!--
-		These paths 302 to http:
-
-			- about$
-			- about/team$
-			- advertising-choices$
-			- browser-extensions$
-			- careers$
-			- contact$
-			- get$
-			- get/welcome$
-			- logos$
-			- privacy/opt-out$
-			- privacy/partners$
-			- privacy/privacy-policy$
-			- technology$
-			- technology/web-intents$
-			- tos$
-
-		These paths don't:
-
-			- blog$
-			- blog/
-			- download/
-			- get/just-analytics
-			- get/sharing
-			- get/trending
-			- images/
-			- landing$
-			- login
-			- press$
-			- register
-					-->
-		<exclusion pattern="^http://(?:www\.)?addthis\.com/(?!bookmark\.php|blog(?:$|\?|/)|download/|images/|(?:get(?:/just-analytics|/sharing|/trending)?|landing|login|press|register)(?:$|\?))" />
-	<target host="cache.addthiscdn.com" />
-
-
-	<securecookie host="^\.addthis.com$" name="^(?:__atuvc|di|uid|xtc)$" />
-
-
-	<rule from="^http://(www\.)?addthis\.com/get($|\?)"
-		to="https://$1addthis.com/get/sharing$2" />
-
-	<rule from="^http://((?:api|cache|cf|ct\d|ds|m|s[3579u]|secure|www)\.)?addthis\.com/"
-		to="https://$1addthis.com/" />
-
-	<rule from="^http://cache\.addthiscdn\.com/"
-		to="https://cache.addthiscdn.com/" />
-
+	<target host="www.addthis.com" />
+	<target host="api.addthis.com" />
+	<target host="api-public.addthis.com" />
+	<target host="cache.addthis.com" />
+	<target host="cf.addthis.com" />
+		<test url="http://cf.addthis.com/red/p.png" />
+	<target host="ct0.addthis.com" />
+	<target host="ct1.addthis.com" />
+		<test url="http://ct1.addthis.com/static/r07/widget/css/widget007.old.css" />
+	<target host="ct3.addthis.com" />
+	<target host="ct5.addthis.com" />
+	<target host="dashcache.addthis.com" />
+		<test url="http://dashcache.addthis.com/images/logo-reversed-lg.png" />
+	<target host="m.addthis.com" />
+	<target host="s3.addthis.com" />
+	<target host="s5.addthis.com" />
+	<target host="s7.addthis.com" />
+	<target host="s9.addthis.com" />
+	<target host="secure.addthis.com" />
+	<target host="su.addthis.com" />
+	<target host="support.addthis.com" />
+
+	<!-- Not secured by server -->
+	<!--securecookie host="^\.addthis.com$" name="^km_ai$" /-->
+	<!--securecookie host="^www\.addthis\.com$" name="^(ana_svc|bb2_screener|siteaud)$" /-->
+	<securecookie host="^\." name="^(__atuvc|__cfduid|di|uid|xtc)$" />
+	<securecookie host="^[^.w]" name=".+" />
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/AddThisedge.com.xml b/src/chrome/content/rules/AddThisedge.com.xml
index ee2722858dfa..930a51dd1924 100644
--- a/src/chrome/content/rules/AddThisedge.com.xml
+++ b/src/chrome/content/rules/AddThisedge.com.xml
@@ -1,5 +1,5 @@
 <!--
-	For other AddThis coverage, see AddThis.xml.
+	For other Oracle coverage, see Oracle.xml.
 
 
 	Web bugs.
@@ -14,7 +14,7 @@
 	<target host="m.addthisedge.com" />
 
 
-	<rule from="^http://m\.addthisedge\.com/"
-		to="https://m.addthisedge.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/AddToAny.xml b/src/chrome/content/rules/AddToAny.xml
deleted file mode 100644
index 8f13a438c262..000000000000
--- a/src/chrome/content/rules/AddToAny.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<ruleset name="AddToAny">
-
-	<target host="*.addtoany.com" />
-
-
-	<!--	Set by static:
-				-->
-	<securecookie host="^\.addtoany\.com$" name="^uvc$" />
-	<securecookie host="^\.static\.addtoany\.com$" name=".+" />
-
-
-	<rule from="^http://static\.addtoany\.com/"
-		to="https://static.addtoany.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Addgene.org.xml b/src/chrome/content/rules/Addgene.org.xml
new file mode 100644
index 000000000000..1efa073a30b6
--- /dev/null
+++ b/src/chrome/content/rules/Addgene.org.xml
@@ -0,0 +1,24 @@
+<!--
+	Different content http/https:
+		api.addgene.org
+		info.addgene.org
+
+	Invalid certificate:
+		blog.addgene.org
+
+-->
+<ruleset name="Addgene">
+
+	<target host="addgene.org" />
+	<target host="www.addgene.org" />
+	<target host="cn.addgene.org" />
+	<target host="electrum.addgene.org" />
+	<target host="help.addgene.org" />
+	<target host="media.addgene.org" />
+		<test url="http://media.addgene.org/data/easy-thumbnails/filer_public/cms/filer_public/f1/1d/f11d47f5-2963-4f27-bf8b-c87895de6889/blugene_globe_homepage.jpg__550x319_q85_crop_subsampling-2.png" />
+	<target host="media-dev.addgene.org" />
+		<test url="http://media-dev.addgene.org/data/easy-thumbnails/filer_public/cms/filer_public/f1/1d/f11d47f5-2963-4f27-bf8b-c87895de6889/blugene_globe_homepage.jpg__550x319_q85_crop_subsampling-2.png" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Addictech.xml b/src/chrome/content/rules/Addictech.xml
index a6fa215b703d..67028c8534df 100644
--- a/src/chrome/content/rules/Addictech.xml
+++ b/src/chrome/content/rules/Addictech.xml
@@ -1,9 +1,23 @@
-<ruleset name="Addictech">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://addictech.com/ => https://www.addictech.com/: Too many redirects while fetching 'https://www.addictech.com/'
+Fetch error: http://www.addictech.com/ => https://www.addictech.com/: Too many redirects while fetching 'https://www.addictech.com/'
+
+-->
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://addictech.com/ => https://www.addictech.com/: Too many redirects while fetching 'https://www.addictech.com/'
+Fetch error: http://www.addictech.com/ => https://www.addictech.com/: Too many redirects while fetching 'https://www.addictech.com/'
+
+-->
+<ruleset name="Addictech" default_off="failed ruleset test">
   <target host="addictech.com" />
   <target host="www.addictech.com" />
   <target host="assets.musicwindow.com" />
 
-  <rule from="^http://(www\.)?addictech\.com/" to="https://www.addictech.com/" />
+  <rule from="^http://(?:www\.)?addictech\.com/" to="https://www.addictech.com/" />
   <rule from="^http://assets\.musicwindow\.com/public/" to="https://www.addictech.com/shared/assetlink.php?file=public/" />
   <!-- Streaming is done from www.addictech.fm, which does not have a valid certificate! -->
 </ruleset>
diff --git a/src/chrome/content/rules/Addiction_Help.xml b/src/chrome/content/rules/Addiction_Help.xml
deleted file mode 100644
index 1f6d0708ad0d..000000000000
--- a/src/chrome/content/rules/Addiction_Help.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	www: mismatched
-
--->
-<ruleset name="Addiction Help">
-
-	<target host="addictionhelpchat.com" />
-	<target host="www.addictionhelpchat.com" />
-
-
-	<securecookie host="^addictionhelpchat\.com$" name=".+" />
-
-
-	<rule from="^https?://(?:www\.)?addictionhelpchat\.com/"
-		to="https://addictionhelpchat.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Addison.com.hk.xml b/src/chrome/content/rules/Addison.com.hk.xml
index eaef1f403b0a..62f539ea5d31 100644
--- a/src/chrome/content/rules/Addison.com.hk.xml
+++ b/src/chrome/content/rules/Addison.com.hk.xml
@@ -13,4 +13,4 @@
 	<rule from="^http://(www\.)?addison\.com\.hk/(?=(?:contact_us|what_we_do)(?:$|[?/])|favicon\.ico|images/|libraries/|media/|templates/|wp-content/|wp-includes/)"
 		to="https://$1addison.com.hk/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Addison_Lee.xml b/src/chrome/content/rules/Addison_Lee.xml
index cd57737d99a4..3247931c3464 100644
--- a/src/chrome/content/rules/Addison_Lee.xml
+++ b/src/chrome/content/rules/Addison_Lee.xml
@@ -1,10 +1,16 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://addisonlee.com/ => https://www.addisonlee.com/: Too many redirects while fetching 'https://www.addisonlee.com/'
+
+-->
 <ruleset name="Addison Lee">
     <target host="addisonlee.com" />
     <target host="*.addisonlee.com" />
 
-    <securecookie host="^(.*\.)?addisonlee\.com$" name=".+" />
+    <securecookie host=".+" name=".+"/>
 
-    <rule from="^https?://addisonlee\.com/"
+    <rule from="^http://addisonlee\.com/"
         to="https://www.addisonlee.com/"/>
     <rule from="^http://([^/:@]+)?\.addisonlee\.com/"
         to="https://$1.addisonlee.com/" />
diff --git a/src/chrome/content/rules/Address_Picker.io.xml b/src/chrome/content/rules/Address_Picker.io.xml
new file mode 100644
index 000000000000..4951a41bfaf5
--- /dev/null
+++ b/src/chrome/content/rules/Address_Picker.io.xml
@@ -0,0 +1,28 @@
+<!--
+	Insecure cookies are set for these domains and hosts:
+
+		- .addresspicker.io
+		- www.addresspicker.io
+
+-->
+<ruleset name="Address Picker.io">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="addresspicker.io" />
+	<target host="api.addresspicker.io" />
+	<target host="www.addresspicker.io" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.addresspicker\.io$" name="^(?:__cfduid|cf_clearance)$" /-->
+	<!--securecookie host="^www\.addresspicker\.io$" name="^(?:XSRF-TOKEN|connect\.sid)$" /-->
+
+	<securecookie host="^(?:www)?\.addresspicker\.io$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Adecco_Way_to_Work.xml b/src/chrome/content/rules/Adecco_Way_to_Work.xml
index 47306436f553..ac26b427ff3f 100644
--- a/src/chrome/content/rules/Adecco_Way_to_Work.xml
+++ b/src/chrome/content/rules/Adecco_Way_to_Work.xml
@@ -4,7 +4,6 @@
 	<target host="www.adeccowaytowork.com" />
 
 
-	<rule from="^http://(www\.)?adeccowaytowork\.com/"
-		to="https://$1adeccowaytowork.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Adelaide.edu.au.xml b/src/chrome/content/rules/Adelaide.edu.au.xml
new file mode 100644
index 000000000000..f6fa37c480a0
--- /dev/null
+++ b/src/chrome/content/rules/Adelaide.edu.au.xml
@@ -0,0 +1,99 @@
+<!--
+	The University of Adelaide
+
+
+	Nonfunctional subdomains:
+
+		- alumni ¹
+		- www.alumni ²
+
+	¹ Dropped
+	² Refused
+
+
+	Fully covered subdomains:
+
+		- (www.)
+		- apps
+		- auth
+		- blogs
+		- cas-prd.auth
+		- global
+		- international
+		- login
+		- m
+		- myuni
+		- orbit
+		- password
+		- shop
+		- unified
+
+
+	These altnames don't exist:
+
+		- blitzwing.auth.adelaide.edu.au
+		- blurr.auth.adelaide.edu.au
+		- casappprd1.auth.adelaide.edu.au
+		- casappprd2.auth.adelaide.edu.au
+		- cas-prd.adelaide.edu.au
+		- cas1.login.adelaide.edu.au
+		- cas2.login.adelaide.edu.au
+		- www.password.adelaide.edu.au
+		- blitzwing.services.adelaide.edu.au
+		- blurr.services.adelaide.edu.au
+		- cas-prd1.services.adelaide.edu.au
+		- cas-prd2.services.adelaide.edu.au
+		- www.shop.adelaide.edu.au
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- blog from media
+			- m from $self *
+
+		- Bugs on www from s7.addthis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Adelaide.edu.au (partial)">
+
+	<target host="adelaide.edu.au" />
+	<target host="apps.adelaide.edu.au" />
+	<target host="auth.adelaide.edu.au" />
+	<target host="cas-prd.auth.adelaide.edu.au" />
+	<target host="blogs.adelaide.edu.au" />
+	<target host="global.adelaide.edu.au" />
+	<target host="international.adelaide.edu.au" />
+	<target host="login.adelaide.edu.au" />
+	<target host="m.adelaide.edu.au" />
+	<target host="myuni.adelaide.edu.au" />
+	<target host="orbit.adelaide.edu.au" />
+	<target host="password.adelaide.edu.au" />
+	<target host="shop.adelaide.edu.au" />
+	<target host="unified.adelaide.edu.au" />
+	<target host="www.adelaide.edu.au" />
+		<!--exclusion pattern="http://(www\.)?alumni\.adelaide\.edu\.au/" /-->
+
+
+	<!--	Secured by server:
+					-->
+	<!--securecookie host="^(auth|cas-prd\.auth|login|password|unified)\.adelaide\.edu\.au$" name="^JSESSIONID$" /-->
+	<!--securecookie host="^myuni\.adelaide\.edu\.au" name="^(JSESSIONID|s_session_id)$" /-->
+	<!--
+		Not secured by server:
+					-->
+	<!--securecookie host="^apps\.adelaide\.edu\.au$" name="^(RAILS-PRD-ACE|_gmail_session|_session_id)$" /-->
+	<!--securecookie host="^blogs\.adelaide\.edu\.au$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^myuni\.adelaide\.edu\.au" name="^session_id$" /-->
+	<!--securecookie host="^orbit\.adelaide\.edu\.au" name="^_StudentProfiles_session$" /-->
+	<!--securecookie host="^shop\.adelaide\.edu\.au$" name="^(CUSTOMER_UUID|JSESSIONID|KONAKART-PRD-80-ST-ACE)$" /-->
+
+	<securecookie host="^(?:apps|blogs|myuni|orbit|shop)\.adelaide\.edu\.au$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Adelphi.de.xml b/src/chrome/content/rules/Adelphi.de.xml
new file mode 100644
index 000000000000..6fe1342eeae4
--- /dev/null
+++ b/src/chrome/content/rules/Adelphi.de.xml
@@ -0,0 +1,43 @@
+<!--
+	Login required:
+		ecc-news.adelphi.de
+		news.adelphi.de
+		nextcloud.adelphi.de
+
+	Refused:
+		jobs.adelphi.de
+
+	No working URL known:
+		konsum.adelphi.de
+		multisite.adelphi.de
+		vorlage.adelphi.de
+
+	Broken certificate chain:
+		sow2016.adelphi.de
+		web.adelphi.de
+
+-->
+<ruleset name="adelphi.de">
+
+	<target host="adelphi.de" />
+	<target host="www.adelphi.de" />
+	<target host="americalatina.adelphi.de" />
+	<target host="careers.adelphi.de" />
+	<target host="chemicalsbeyond2020.adelphi.de" />
+	<target host="das-foerderprogramm.adelphi.de" />
+	<target host="energy-dialogue.adelphi.de" />
+	<target host="experts.adelphi.de" />
+	<target host="icca.adelphi.de" />
+	<target host="nachhaltigkeit2030.adelphi.de" />
+	<target host="piwik.adelphi.de" />
+	<target host="re-source.adelphi.de" />
+	<target host="sozialvertraeglicher-klimaschutz.adelphi.de" />
+	<target host="surveys.adelphi.de" />
+	<target host="waste-concepts.adelphi.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Adentifi.com.xml b/src/chrome/content/rules/Adentifi.com.xml
new file mode 100644
index 000000000000..ca93eba2b687
--- /dev/null
+++ b/src/chrome/content/rules/Adentifi.com.xml
@@ -0,0 +1,11 @@
+<ruleset name="Adentifi.com">
+	<target host="bm.adentifi.com" />
+	<target host="imps.adentifi.com" />
+	<target host="pixel.adentifi.com" />
+	<target host="rtb.adentifi.com" />
+	<target host="wins.adentifi.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Adestra.xml b/src/chrome/content/rules/Adestra.xml
index 5bc284a1cf7f..a15672e8c1ce 100644
--- a/src/chrome/content/rules/Adestra.xml
+++ b/src/chrome/content/rules/Adestra.xml
@@ -10,11 +10,9 @@
 	<target host="cup.msgfocus.com" />
 
 
-	<rule from="^http://new\.adestra\.com/"
-		to="https://new.adestra.com/" />
+	<rule from="^http:" to="https:" />
 
 	<!--	Included on 3rd-party websites.	-->
-	<rule from="^http://cup\.msgfocus\.com/"
-		to="https://cup.msgfocus.com/" />
+
 
 </ruleset>
diff --git a/src/chrome/content/rules/Adform.net.xml b/src/chrome/content/rules/Adform.net.xml
new file mode 100644
index 000000000000..5a09e14c47e3
--- /dev/null
+++ b/src/chrome/content/rules/Adform.net.xml
@@ -0,0 +1,47 @@
+<!--
+	For other Adform.com related ruleset, see Adform.xml
+
+	Connection refused:
+		- a2-38-65-20-18.adform.net
+		- a2-38-65-20-19.adform.net
+		- adback.adform.net
+
+		Mismatch:
+		- bannerflow.adform.net
+		- big-files.adform.net
+		- cp.adform.net
+		- czc.adform.net
+
+	Timeout:
+		- pipe.adform.net
+
+-->
+<ruleset name="Adform.net">
+
+	<target host="a1.adform.net" />
+	<target host="a2.adform.net" />
+	<target host="adx.adform.net" />
+	<target host="adx2.adform.net" />
+	<target host="asia.adform.net" />
+	<target host="c1.adform.net" />
+	<target host="cm.adform.net" />
+	<target host="cm2.adform.net" />
+	<target host="dmp.adform.net" />
+	<target host="edc.adform.net" />
+	<target host="files.adform.net" />
+	<target host="files5.adform.net" />
+	<target host="global.adform.net" />
+	<target host="hb.adx.adform.net" />
+	<target host="hb.adx2.adform.net" />
+	<target host="isobar.adform.net" />
+	<target host="rtb.adform.net" />
+	<target host="s1.adform.net" />
+	<target host="s2.adform.net" />
+	<target host="server.adform.net" />
+	<target host="track.adform.net" />
+	<target host="us.adform.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Adform.xml b/src/chrome/content/rules/Adform.xml
index ab8dc9df0091..6a10b351e238 100644
--- a/src/chrome/content/rules/Adform.xml
+++ b/src/chrome/content/rules/Adform.xml
@@ -1,56 +1,28 @@
 <!--
-	Problematic domains:
-
-		- adform.com	(cert only matches www)
-
-
-	Fully covered domains:
-
-		- (www.)adform.com	(^ → www)
-
-		- adform.net subdomains:
-
-			- a1
-			- asia
-			- cp
-			- files
-			- s[12]
-			- server
-			- track
-			- us
-
-		- s[12].adformdsp.net
-		- server.adformdsp.net
-
+	Other Adform.com related ruleset:
+	+ Adform.net.xml
+	+ Adformdsp.net.xml
 -->
-<ruleset name="Adform">
-
+<ruleset name="Adform.com">
 	<target host="adform.com" />
 	<target host="www.adform.com" />
-	<target host="*.adform.net" />
-	<target host="*.adformdsp.net" />
-
-
-	<securecookie host="^www\.adform\.com$" name=".+" />
-	<!--
-		name="^(GCM|TPC|uid)$"
-					-->
-	<securecookie host="^\.adform\.net$" name=".+" />
-	<securecookie host="^track\.adform\.net$" name=".+" />
-	<!--
-		name="^uid$"
-				-->
-	<securecookie host="^\.adformdsp\.net$" name=".+" />
-	<securecookie host="^server\.adformdsp\.net$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?adform\.com/"
-		to="https://www.adform.com/" />
-
-	<rule from="^http://(a1|asia|cp|files|s1|s2|server|track|us)\.adform\.net/"
-		to="https://$1.adform.net/" />
-
-	<rule from="^http://s(1|2|erver)\.adformdsp\.net/"
-		to="https://s$1.adformdsp.net/" />
-
-</ruleset>
\ No newline at end of file
+	<target host="academy.adform.com" />
+	<target host="blog.adform.com" />
+	<target host="brandsolutions.adform.com" />
+	<target host="creative.adform.com" />
+	<target host="engineering.adform.com" />
+	<target host="events.adform.com" />
+	<target host="getcertified.adform.com" />
+	<target host="join.adform.com" />
+	<target host="pr-old.adform.com" />
+		<test url="http://pr-old.adform.com/torifi-production-guides/advertising-formats/" />
+	<target host="showroom.adform.com" />
+	<target host="site.adform.com" />
+	<target host="studio.adform.com" />
+	<target host="support.adform.com" />
+	<target host="tools-tracking.adform.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Adformdsp.net.xml b/src/chrome/content/rules/Adformdsp.net.xml
new file mode 100644
index 000000000000..0758197847e4
--- /dev/null
+++ b/src/chrome/content/rules/Adformdsp.net.xml
@@ -0,0 +1,19 @@
+<!--
+	For other Adform.com related ruleset, see Adform.xml
+
+	Mismatch:
+		files.adformdsp.net
+		rtb.adformdsp.net
+-->
+<ruleset name="Adformdsp.net">
+	<target host="a2.adformdsp.net" />
+	<target host="asia.adformdsp.net" />
+	<target host="c1.adformdsp.net" />
+	<target host="s1.adformdsp.net" />
+	<target host="s2.adformdsp.net" />
+	<target host="server.adformdsp.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Adhocracy.de.xml b/src/chrome/content/rules/Adhocracy.de.xml
new file mode 100644
index 000000000000..6c6e4b9e697e
--- /dev/null
+++ b/src/chrome/content/rules/Adhocracy.de.xml
@@ -0,0 +1,32 @@
+<!--
+	Problematic hosts in *adhocracy.de:
+
+		- code *
+
+	* Mismatched
+
+
+	Insecure cookies are set for these domains:
+
+		- .adhocracy.de
+
+-->
+<ruleset name="Adhocracy.de (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="adhocracy.de" />
+	<target host="www.adhocracy.de" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.adhocracy\.de$" name="^adhocracy_session$" /-->
+
+	<securecookie host="^\.adhocracy\.de$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Adicio.com.xml b/src/chrome/content/rules/Adicio.com.xml
new file mode 100644
index 000000000000..bc530cc538bb
--- /dev/null
+++ b/src/chrome/content/rules/Adicio.com.xml
@@ -0,0 +1,29 @@
+<!--
+	Nonfunctional subdomains:
+
+		- slb *
+
+	* Dropped
+
+
+	These altnames don't exist:
+
+		- www.sitemanager2.adicio.com
+
+-->
+<ruleset name="Adicio.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="sitemanager2.adicio.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<securecookie host="^sitemanager2\.adicio\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Adidas.ca.xml b/src/chrome/content/rules/Adidas.ca.xml
new file mode 100644
index 000000000000..d6453c5936b9
--- /dev/null
+++ b/src/chrome/content/rules/Adidas.ca.xml
@@ -0,0 +1,30 @@
+
+<!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Fetch error: http://adidas.ca/ => https://adidas.ca/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://www.adidas.ca/ => https://www.adidas.ca/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://www.miteam.fr.adidas.ca/ => https://www.miteam.fr.adidas.ca/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://m.adidas.ca/ => https://m.adidas.ca/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://www.miteam.adidas.ca/ => https://www.miteam.adidas.ca/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://shop.miteam.adidas.ca/ => https://shop.miteam.adidas.ca/: (28, 'Operation timed out after 30002 milliseconds with 0 bytes received')
+
+	Active mixed content:
+		- discover.adidas.ca
+-->
+
+<ruleset name="Adidas.ca">
+	<!-- target host="adidas.ca" /-->
+	<!-- target host="www.adidas.ca" /-->
+	<target host="cfg.adidas.ca" />
+	<!-- <target host="cp.adidas.ca" />
+
+    Fails because website identity is cp.reebok.ca
+		<test url="http://cp.adidas.ca/idp/startSSO.ping?PartnerSpId=sp:demandware" />
+		<test url="http://cp.adidas.ca/web/rbkeCom/en_CA/loadsignin" /> -->
+	<!-- target host="www.miteam.fr.adidas.ca" /-->
+	<!-- target host="m.adidas.ca" /-->
+	<!-- target host="www.miteam.adidas.ca" /-->
+	<!-- target host="shop.miteam.adidas.ca" /-->
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Adify.xml b/src/chrome/content/rules/Adify.xml
deleted file mode 100644
index 8f5a1edff2e1..000000000000
--- a/src/chrome/content/rules/Adify.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="Adify">
-
-	<target host="ad.afy11.net" />
-
-
-	<rule from="^http://ad\.afy11\.net/"
-		to="https://ad.afy11.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Adigital.xml b/src/chrome/content/rules/Adigital.xml
deleted file mode 100644
index 7a4e05946353..000000000000
--- a/src/chrome/content/rules/Adigital.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	- Cert only matches www
-	- Some (most?) pages redirect to http
-
--->
-<ruleset name="adigital (partial)">
-
-	<target host="adigital.org" />
-	<target host="www.adigital.org" />
-
-
-	<rule from="^https?://(?:www\.)?adigital\.org/(misc/|registrate/?(?:$|\?)|sites/|user(?:$|\?|/))"
-		to="https://www.adigital.org/$1" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Adility.xml b/src/chrome/content/rules/Adility.xml
new file mode 100644
index 000000000000..40791d17a9e7
--- /dev/null
+++ b/src/chrome/content/rules/Adility.xml
@@ -0,0 +1,12 @@
+<!-- TLS not supported on:
+	- (www.)adrtx.net
+-->
+<ruleset name="Adility Gmbh">
+	<target host="adstax-match.adrtx.net" />
+	<target host="api.adrtx.net" />
+	<target host="cdn.adrtx.net" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Adingo.jp.xml b/src/chrome/content/rules/Adingo.jp.xml
new file mode 100644
index 000000000000..e93cfd003ebd
--- /dev/null
+++ b/src/chrome/content/rules/Adingo.jp.xml
@@ -0,0 +1,70 @@
+<!--
+	Non-functional hosts
+		Couldn't resolve host name:
+			 - search.j-cast.com.adingo.jp
+			 - fluct80.adingo.jp
+			 - sp.kotobank.jp.adingo.jp
+			 - search.micke.adingo.jp
+			 - okodukai.adingo.jp
+			 - cdn.sh.adingo.jp
+			 - cnn.ss.adingo.jp
+
+		Couldn't connect to server:
+			 - sh.adingo.jp
+
+		SSL peer certificate or SSH remote key was not OK:
+			 - netcafe.a-cafe.adingo.jp
+			 - blog.adingo.jp
+			 - c.adingo.jp
+			 - netcafe.clich.adingo.jp
+			 - dr.adingo.jp
+			 - netcafe.hotheart.adingo.jp
+			 - netcafe.iicomcom.adingo.jp
+			 - search.imagineer.adingo.jp
+			 - kanagawa-kankou.adingo.jp
+			 - lab.adingo.jp
+			 - m.adingo.jp
+			 - gws.cybozu.net.adingo.jp
+			 - netcafe.newnew.adingo.jp
+			 - search.plushome.adingo.jp
+			 - point-land.adingo.jp
+			 - www.point-stadium.adingo.jp
+			 - pressrelease.adingo.jp
+			 - rd.adingo.jp
+			 - ss.adingo.jp
+			 - d-assist.ss.adingo.jp
+			 - dot.ss.adingo.jp
+			 - isenp.ss.adingo.jp
+			 - netcafe.yamanba.adingo.jp
+
+		Peer certificate cannot be authenticated with given CA certificates:
+			 - fluct.adingo.jp
+
+		4xx client error:
+			 - b.adingo.jp
+			 - contact.adingo.jp
+			 - cs.adingo.jp
+			 - c.dr.adingo.jp
+			 - d.dr.adingo.jp
+			 - cdn-fluct.sh.adingo.jp
+-->
+<ruleset name="Adingo.jp">
+	<target host="adingo.jp" />
+	<target host="www.adingo.jp" />
+	<target host="contract.adingo.jp" />
+	<target host="cs.dr.adingo.jp" />
+	<target host="p.dr.adingo.jp" />
+	<target host="i.adingo.jp" />
+	<target host="partner.adingo.jp" />
+	<target host="payment.adingo.jp" />
+	<target host="product.adingo.jp" />
+	<target host="s.sh.adingo.jp" />
+	<target host="spap.adingo.jp" />
+	<target host="vi.adingo.jp" />
+
+	<securecookie host="contract\.adingo\.jp" name=".+" />
+	<securecookie host="payment\.adingo\.jp" name=".+" />
+	<securecookie host="product\.adingo\.jp" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Adingo.xml b/src/chrome/content/rules/Adingo.xml
deleted file mode 100644
index a54eb0d34219..000000000000
--- a/src/chrome/content/rules/Adingo.xml
+++ /dev/null
@@ -1,31 +0,0 @@
-<!--
-	CDN buckets:
-
-		- product.adingo.jp.eimg.jp	(cert: jpssl.cdngc.net; 403)
-
-
-	Nonfunctional subdomains:
-
-		- pressrelease	(times out)
-
--->
-<ruleset name="adingo (partial)">
-
-	<target host="adingo.jp" />
-	<target host="*.adingo.jp" />
-	<target host="product.adingo.jp.eimg.jp" />
-
-
-	<securecookie host="^product\.adingo\.jp$" name=".+" />
-
-
-	<!--	www: cert only matches ^adingo\.jp.
-						-->
-	<rule from="^https?://(?:www\.)?adingo.jp/"
-		to="https://adingo.jp/" />
-
-
-	<rule from="^http://product\.adingo\.jp(?:\.eimg\.jp)?/"
-		to="https://product.adingo.jp/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Adis.ws.xml b/src/chrome/content/rules/Adis.ws.xml
new file mode 100644
index 000000000000..a774bda39d27
--- /dev/null
+++ b/src/chrome/content/rules/Adis.ws.xml
@@ -0,0 +1,15 @@
+<!--
+	For other Amplience coverage, see amplience.com.xml.
+
+-->
+<ruleset name="adis.ws">
+
+	<target host="i1.adis.ws" />
+
+		<test url="http://i1.adis.ws/i/annsummers/01BRUWAS1092088_Z?$lister-thumbnail-desktop$" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Adition.com.xml b/src/chrome/content/rules/Adition.com.xml
index 8537960fae1d..42ec73fdd760 100644
--- a/src/chrome/content/rules/Adition.com.xml
+++ b/src/chrome/content/rules/Adition.com.xml
@@ -1,32 +1,37 @@
 <!--
-	Nonfunctional subdomains:
+	Insecure cookies are set for these domains and hosts: ᶜ
 
-		- ^
-		- en
-		- www
+		- adition.com
+		- .adition.com
+		- www.adition.com
+		- .www.adition.com
 
+	ᶜ See https://owasp.org/index.php/SecureFlag
 
-	Fully covered subdomains:
-
-		- adfarm1
-
-		- *.adfarm1:
+-->
+<ruleset name="adition.com">
 
-			- ad[123]
+	<target host="adition.com" />
+	<target host="*.adition.com" />
 
-		- imagesrv
+		<test url="http://adfarm1.adition.com/js?wp_id=" />
+		<test url="http://ad1.adfarm1.adition.com/js?wp_id=" />
+		<test url="http://ad2.adfarm1.adition.com/js?wp_id=" />
+		<test url="http://ad3.adfarm1.adition.com/js?wp_id=" />
+		<test url="http://en.adition.com/" />
+		<test url="http://imagesrv.adition.com/js/adition.js" />
+		<test url="http://www.adition.com/" />
 
--->
-<ruleset name="adition.com (partial)">
 
-	<target host="*.adition.com" />
-		<exclusion pattern="^http://(?:en|www)\.adition\.com/" />
-	
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?adition\.com$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^\.(?:www\.)?adition\.com$" name="^qtrans_cookie_test$" /-->
 
-	<securecookie host="^(?:ad1)?\.adfarm1\.adition\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://([\w+\.-]+)\.adition\.com/"
-		 to="https://$1.adition.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Adium.im.xml b/src/chrome/content/rules/Adium.im.xml
new file mode 100644
index 000000000000..49534ecb0acc
--- /dev/null
+++ b/src/chrome/content/rules/Adium.im.xml
@@ -0,0 +1,29 @@
+<!--
+	Mixed content:
+
+		- Images on ^ from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Adium.im">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="adium.im" />
+	<target host="forum.adium.im" />
+	<target host="trac.adium.im" />
+	<target host="www.adium.im" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^trac\.adium\.im$" name="^(trac_form_token|trac_session)" /-->
+
+	<securecookie host="^trac\.adium\.im$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Adjust-net.jp.xml b/src/chrome/content/rules/Adjust-net.jp.xml
index 5d239206c376..356059fdcddd 100644
--- a/src/chrome/content/rules/Adjust-net.jp.xml
+++ b/src/chrome/content/rules/Adjust-net.jp.xml
@@ -1,9 +1,9 @@
 <ruleset name="adjust-net.jp">
 
-	<target host="*.adjust-net.jp" />
+	<target host="ads.adjust-net.jp" />
+	<target host="ifr.adjust-net.jp" />
 
 
-	<rule from="^http://(ads|ifr)\.adjust-net\.jp/"
-		to="https://$1.adjust-net.jp/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Adjust.com.xml b/src/chrome/content/rules/Adjust.com.xml
new file mode 100644
index 000000000000..e5652639ee39
--- /dev/null
+++ b/src/chrome/content/rules/Adjust.com.xml
@@ -0,0 +1,11 @@
+<ruleset name="adjust.com">
+
+	<target host="adjust.com" />
+	<target host="app.adjust.com" />
+	<target host="www.adjust.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Adk2.xml b/src/chrome/content/rules/Adk2.xml
index 2011d27d500e..39f07a335ba6 100644
--- a/src/chrome/content/rules/Adk2.xml
+++ b/src/chrome/content/rules/Adk2.xml
@@ -1,4 +1,10 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://adk2.com/ => https://adk2.com/: (7, 'Failed to connect to adk2.com port 443: Connection refused')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://adk2.com/ => https://adk2.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 	For other PLYmedia coverage, see PLYmedia.com.xml.
 
 
@@ -15,21 +21,22 @@
 		- cpmrocket
 
 -->
-<ruleset name="adk2 (partial)">
+<ruleset name="adk2 (partial)" default_off="failed ruleset test">
 
 	<target host="adk2.com" />
-	<target host="*.adk2.com" />
+	<target host="ads.adk2.com" />
+	<target host="adstract.adk2.com" />
+	<target host="cpmrocket.adk2.com" />
+	<target host="cdn.adk2.com" />
 
 
 	<securecookie host="^\.?ads\.adk2\.com$" name=".+" />
 
 
-	<rule from="^http://((?:ads|adstract|cpmrocket)\.)?adk2\.com/"
-		to="https://$1adk2.com/" />
+	<rule from="^http:" to="https:" />
 
 	<!--	Included on 3rd-party websites.
 						-->
-	<rule from="^http://cdn\.adk2\.com/"
-		to="https://d38cp5x90nxyo0.cloudfront.net/" />
+
 
 </ruleset>
diff --git a/src/chrome/content/rules/Adknowledge.xml b/src/chrome/content/rules/Adknowledge.xml
deleted file mode 100644
index 9be2220727b4..000000000000
--- a/src/chrome/content/rules/Adknowledge.xml
+++ /dev/null
@@ -1,30 +0,0 @@
-<!--
-	Other Adknowledge rulesets:
-
-		- Cubics.xml
-
-
-	Nonfunctional domains:
-
-		- (www.)adknowledge.com		(redirects to http, valid cert)
-		- docs.adknowledge.com		(no https)
-
--->
-<ruleset name="Adknowledge (partial)">
-
-	<target host="advertiser.adknowledge.com" />
-	<target host="bidsystem.com" />
-	<target host="*.bidsystem.com" />
-
-
-	<securecookie host="^advertiser\.adknowledge\.com$" name=".+" />
-	<securecookie host="^(?:www\.)?bidsystem\.com$" name=".+" />
-
-
-	<rule from="^http://advertiser\.adknowledge\.com/"
-		to="https://advertiser.adknowledge.com/" />
-
-	<rule from="^http://(tracker\.|www\.)?bidsystem\.com/"
-		to="https://$1bidsystem.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Adkontekst.pl-problematic.xml b/src/chrome/content/rules/Adkontekst.pl-problematic.xml
index be8f2346bd44..8afc6c47a2cf 100644
--- a/src/chrome/content/rules/Adkontekst.pl-problematic.xml
+++ b/src/chrome/content/rules/Adkontekst.pl-problematic.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(?:www\.)?adkontekst\.pl/"
 		to="https://www.adkontekst.pl/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Adkontekst.pl.xml b/src/chrome/content/rules/Adkontekst.pl.xml
index d0350a9df57e..318e2fa31449 100644
--- a/src/chrome/content/rules/Adkontekst.pl.xml
+++ b/src/chrome/content/rules/Adkontekst.pl.xml
@@ -15,13 +15,14 @@
 -->
 <ruleset name="Adkontekst.pl (partial)">
 
-	<target host="*.adkontekst.pl" />
+	<target host="adsearch.adkontekst.pl" />
+	<target host="www.adsearch.adkontekst.pl" />
+	<target host="wydawcy.panel.adkontekst.pl" />
 
 
 	<securecookie host="^wydawcy\.panel\.adkontekst\.pl$" name=".+" />
 
 
-	<rule from="^http://((?:www\.)?adsearch|wydawcy\.panel)\.adkontekst\.pl/"
-		to="https://$1.adkontekst.pl/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Adlibris.xml b/src/chrome/content/rules/Adlibris.xml
index 8c9a9a734670..2b19535d6273 100644
--- a/src/chrome/content/rules/Adlibris.xml
+++ b/src/chrome/content/rules/Adlibris.xml
@@ -1,9 +1,19 @@
-<ruleset name="Adlibris/Capris" platform="mixedcontent">
-  <target host="www.adlibris.com" />
-  <target host="adlibris.com" />
-  <target host="www.capris.no" />
-  <target host="capris.no" />
-
-  <rule from="^http://(?:www\.)?(adlibris\.com|capris\.no)/"
-          to="https://www.$1/"/>
+<!--
+	Expired:
+		- capris.no
+
+	Mismatched:
+		- www.capris.no
+-->
+<ruleset name="Adlibris">
+	<target host="adlibris.com" />
+	<target host="www.adlibris.com" />
+
+	<target host="capris.no" />
+	<target host="www.capris.no" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://(www\.)?capris\.no/" to="https://www.adlibris.com/" />
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Adlink.net.xml b/src/chrome/content/rules/Adlink.net.xml
index bc4f7869b409..d1815a714d57 100644
--- a/src/chrome/content/rules/Adlink.net.xml
+++ b/src/chrome/content/rules/Adlink.net.xml
@@ -1,9 +1,14 @@
-<ruleset name="adlink.net">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://js.adlink.net/ => https://js.adlink.net/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="adlink.net" default_off="failed ruleset test">
 
 	<target host="js.adlink.net" />
 
 
-	<rule from="^http://js\.adlink\.net/"
-		to="https://js.adlink.net/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Admatic.xml b/src/chrome/content/rules/Admatic.xml
index c32736525500..0aeb33cee2c9 100644
--- a/src/chrome/content/rules/Admatic.xml
+++ b/src/chrome/content/rules/Admatic.xml
@@ -1,13 +1,12 @@
 <ruleset name="Admatic">
 
 	<target host="admatic.com.br" />
-	<target host="*.admatic.com.br" />
+	<target host="www.admatic.com.br" />
 
 
 	<securecookie host="^\.admatic\.com\.br$" name=".+" />
 
 
-	<rule from="^http://(www\.)?admatic\.com\.br/"
-		to="https://$1admatic.com.br/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Adme.ru.xml b/src/chrome/content/rules/Adme.ru.xml
new file mode 100644
index 000000000000..55e3df05c608
--- /dev/null
+++ b/src/chrome/content/rules/Adme.ru.xml
@@ -0,0 +1,19 @@
+<!--
+	Fully covered hosts in *adme.ru:
+
+		- ^
+		- files8
+
+-->
+<ruleset name="adme.ru (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="adme.ru" />
+	<target host="files8.adme.ru" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Admeld.xml b/src/chrome/content/rules/Admeld.xml
index 45e7031db684..0c05ffecd6a4 100644
--- a/src/chrome/content/rules/Admeld.xml
+++ b/src/chrome/content/rules/Admeld.xml
@@ -1,39 +1,17 @@
 <!--
 	For other Google coverage, see GoogleServices.xml.
-
-
-	CDN buckets:
-
-		- tag.admeld.com.edgesuite.net
-
-
-	Nonfunctional subdomains:
-
-		- (www.)	(times out)
-		- origin-tag	(refused)
-		- tag		(503, akamai)
-
-
-	Problematic subdomains:
-
-		- js *
-
-	* Akamai
-
 -->
 <ruleset name="Admeld">
 
 	<target host="admeld.com" />
-	<target host="*.admeld.com" />
-
+	<target host="www.admeld.com" />
+	<target host="portal.admeld.com" />
 
-	<securecookie host="^portal\.admeld\.com$" name=".+" />
 
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(?:www\.)?admeld\.com/images/interface/masthead_bk\.jpg$"
-		to="https://portal.admeld.com/images/bg.jpg" />
 
-	<rule from="^http://portal\.admeld\.com/"
-		to="https://portal.admeld.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Admeta-Aktiebolag.xml b/src/chrome/content/rules/Admeta-Aktiebolag.xml
deleted file mode 100644
index a2393d20fbf1..000000000000
--- a/src/chrome/content/rules/Admeta-Aktiebolag.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	orig-10001.admeta.cotcdn.net
--->
-<ruleset name="Admeta Aktiebolag (partial)">
-
-	<target host="atemda.com"/>
-	<!--	* for cross-domain cookie	-->
-	<target host="*.atemda.com"/>
-
-	<securecookie host="^\.atemda\.com$" name=".*"/>
-
-	<rule from="^http://(www\.)?atemda\.com/"
-		to="https://$1atemda.com/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Admiringlight.com.xml b/src/chrome/content/rules/Admiringlight.com.xml
new file mode 100644
index 000000000000..95bc1bf54f26
--- /dev/null
+++ b/src/chrome/content/rules/Admiringlight.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Admiringlight.com">
+	<target host="admiringlight.com" />
+	<target host="www.admiringlight.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Admission.com.xml b/src/chrome/content/rules/Admission.com.xml
new file mode 100644
index 000000000000..06baeed2265b
--- /dev/null
+++ b/src/chrome/content/rules/Admission.com.xml
@@ -0,0 +1,23 @@
+<!--
+	Refused:
+		admission.com
+
+	Invalid certificate:
+		aide.admission.com
+		ams3pxy.admission.com
+		commentairesdesinternautes.admission.com
+		help.admission.com
+
+-->
+<ruleset name="Admission.com">
+
+	<target host="admission.com" />
+	<target host="www.admission.com" />
+
+	<rule from="^http://admission\.com/"
+		to="https://www.admission.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Admissions.com.xml b/src/chrome/content/rules/Admissions.com.xml
new file mode 100644
index 000000000000..637cd5c61a3d
--- /dev/null
+++ b/src/chrome/content/rules/Admissions.com.xml
@@ -0,0 +1,24 @@
+<!--
+	For other Monster coverage, see Monster.xml.
+
+
+	(www.)?admissions.com: Mismatched
+
+-->
+<ruleset name="Admissions.com">
+
+	<!--	Complications:
+				-->
+	<target host="admissions.com" />
+	<target host="www.admissions.com" />
+
+
+	<!--	Redirect keeps path and args,
+		but not forward slash:
+					-->
+	<rule from="^http://(?:www\.)?admissions\.com/+"
+		to="https://www.fastweb.com/" />
+
+		<test url="http://www.admissions.com//" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Admitad.com.xml b/src/chrome/content/rules/Admitad.com.xml
new file mode 100644
index 000000000000..cc48cfd7ffd9
--- /dev/null
+++ b/src/chrome/content/rules/Admitad.com.xml
@@ -0,0 +1,16 @@
+<!--
+	Fully covered subdomains:
+
+		- ad
+		- cdn
+
+-->
+<ruleset name="admitad.com">
+
+	<target host="ad.admitad.com" />
+	<target host="cdn.admitad.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Adnet.xml b/src/chrome/content/rules/Adnet.xml
deleted file mode 100644
index 7bac98e8e5ab..000000000000
--- a/src/chrome/content/rules/Adnet.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	Nonfunctional domains:
-
-		- (www.)adnetdigitalmedia.com
-
--->
-<ruleset name="Adnet (partial)">
-
-	<target host="cdn.adnet-media.net" />
-
-
-	<rule from="^http://cdn\.adnet-media\.net/"
-		to="https://cdn.adnet-media.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Adnxs.com.xml b/src/chrome/content/rules/Adnxs.com.xml
new file mode 100644
index 000000000000..ea7ce78279e5
--- /dev/null
+++ b/src/chrome/content/rules/Adnxs.com.xml
@@ -0,0 +1,31 @@
+<!--
+	For other AppNexus coverage, see AppNexus.xml
+
+	Insecure cookies are set for these domains and hosts (see https://owasp.org/index.php/SecureFlag):
+		- .adnxs.com
+		- www.adnxs.com
+
+	Invalid certificate:
+		- www.adnxs.com
+-->
+
+<ruleset name="Adnxs.com">
+	<target host="cdn.adnxs.com" />
+	<target host="ib.adnxs.com" />
+		<test url="http://ib.adnxs.com/bounce" />
+		<test url="http://ib.adnxs.com/click" />
+		<test url="http://ib.adnxs.com/seg" />
+	<target host="oas-c18.adnxs.com" />
+	<target host="cdn.oas-c18.adnxs.com" />
+	<target host="secure.adnxs.com" />
+		<test url="http://secure.adnxs.com/bounce" />
+		<test url="http://secure.adnxs.com/click" />
+		<test url="http://secure.adnxs.com/pxj" />
+
+	<!-- Not secured by server -->
+	<!--securecookie host="^\.adnxs\.com$" name="^(anj|sess|uuid2)$" /-->
+	<!--securecookie host="^www\.adnxs\.com$" name="^([A-Z]+$|BIGipServer)" /-->
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Adobe-Digital-Marketing.xml b/src/chrome/content/rules/Adobe-Digital-Marketing.xml
index 5d76dd3968bd..d70e6009560d 100644
--- a/src/chrome/content/rules/Adobe-Digital-Marketing.xml
+++ b/src/chrome/content/rules/Adobe-Digital-Marketing.xml
@@ -2,65 +2,24 @@
 	For other Adobe coverage, see Adobe.xml.
 
 
-	CDN buckets:
-
-		- a248.e.akamai.net/demdex.download.akamai.com/
-
-
-	Fully covered domains:
-
-		- *.sbx1.2o7.net
-		- *.demdex.net		(per-client subdomains serving web bugs)
-
-
 	If we are going to include ads and tracking info, let's at least do it by https.
 
 -->
 <ruleset name="Adobe Digital Marketing">
 
-	<target host="*.2o7.net" />
-	<target host="*.demdex.com" />
-	<target host="*.demdex.net" />
-	<target host="omniture.com" />
-	<target host="*.omniture.com" />
-	<target host="omniture-static.com" />
-	<target host="www.omniture-static.com" />
-	<target host="*.omtrdc.net" />
 	<target host="worldsecuresystems.com" />
-	<target host="*.worldsecuresystems.com" />
-
-
-	<securecookie host="^(?:.*\.)?2o7\.net$" name=".+" />
-	<securecookie host=".*\.demdex\.(?:com|net)$" name=".+" />
-	<securecookie host="^(?:.*\.)?om(?:niture\.com|trdc\.net)$" name=".+" />
-	<securecookie host="^(?:.*\.)?worldsecuresystems\.com$" name=".+" />
-
-
-	<rule from="^http://([^/:@\.]+)(\.1[12]2|\.sbx1)?\.2o7\.net/"
-		to="https://$1$2.2o7.net/" />
-
-	<rule from="^http://bank\.demdex\.com/"
-		to="https://bank.demdex.com/" />
-
-	<rule from="^http://cdn\.demdex\.net/"
-		to="https://a248.e.akamai.net/demdex.download.akamai.com/" />
-
-	<rule from="^http://([\w-]+)\.demdex\.net/"
-		to="https://$1.demdex.net/" />
+	<target host="www.worldsecuresystems.com" />
 
-	<rule from="^http://(?:www\.)?omniture\.com/"
-		to="https://www.omniture.com/" />
 
-	<rule from="^http://(assets|my|publish|sc-css-1|scripts|searchandpromote|(?:admin\.)?testandtarget|style)\.omniture\.com/"
-		to="https://$1.omniture.com/" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?worldsecuresystems\.com$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^\.worldsecuresystems\.com$" name="^(ANONID-3|ANONID_FS-3|VISID-3)$" /-->
 
-	<rule from="^http://(?:www\.)?omniture-static\.com/"
-		to="https://www.omniture-static.com/" />
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(\w+)\.(d[12]\.sc|tt)\.omtrdc\.net/"
-		to="https://$1.$2.omtrdc.net/" />
 
-	<rule from="^http://worldsecuresystems\.com/"
-		to="https://worldsecuresystems.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Adobe-mismatches.xml b/src/chrome/content/rules/Adobe-mismatches.xml
deleted file mode 100644
index 74569f2adce3..000000000000
--- a/src/chrome/content/rules/Adobe-mismatches.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	For rules that are on by default, see Adobe.xml.
-
--->
-<ruleset name="Adobe (mismatches)" default_off="mismatched">
-
-	<target host="airdownload.adobe.com" />
-	<target host="gaming.adobe.com" />
-	<target host="html.adobe.com" />
-
-
-	<rule from="^http://(airdownload|gaming|html)\.adobe\.com/"
-		to="https://$1.adobe.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Adobe.xml b/src/chrome/content/rules/Adobe.xml
index 3ef1ce743c7a..da5652c11f21 100644
--- a/src/chrome/content/rules/Adobe.xml
+++ b/src/chrome/content/rules/Adobe.xml
@@ -1,16 +1,27 @@
+
 <!--
-	For problematic rules, see Adobe-mismatches.xml.
+The following targets have been disabled at 2020-09-25 16:20:22:
 
+Time: 2020-09-25 16:20:22
+ Fetch error: http://edexchange.adobe.com/pages/home => https://edex.adobe.com/: (6, 'Could not resolve host: edexchange.adobe.com')
+Time: 2020-09-25 16:20:22
+ Fetch error: http://edexchange.adobe.com/ => https://edex.adobe.com/: (6, 'Could not resolve host: edexchange.adobe.com')
 
 	Other Adobe rulesets:
 
+		- 2o7.net.xml
+		- Acrobat.com.xml
 		- Adobe_Connect.xml
 		- Adobe-Digital-Marketing.xml
+		- Adobe_Exchange.com.xml
+		- Adobe_login.com.xml
 		- Adobetag.com.xml
-		- Hitbox.com.xml
+		- Acrobat_Users.com.xml
+		- Macromedia.com.xml
 		- Offermatica.com.xml
 		- Scene7.xml
 		- Typekit.xml
+		- Typekit.net.xml
 
 
 	CDN buckets:
@@ -19,186 +30,268 @@
 		- wwwimages2.adobe.com.edgekey.net
 
 		- airdownload.adobe.com.edgesuite.net
-
-			- a1396.b.akamai.net
-
 		- new-tv.adobe.com.edgesuite.net
-
-			- a1355.d.akamai.net
-			- thumbnails.tv
-
 		- wwwimages.adobe.com.edgesuite.net
 
-			- a1953.x.akamai.net
-
 		- adobe.com.d1.sc.omtrdc.net
-
-			- stats.adobe.com
-
 		- adobe.com.ssl.d1.sc.omtrdc.net
 
-			- sstats.adobe.com
-
 
 	Nonfunctional subdomains:
 
-		- experiencedelivers	(redirects to www; mismatched, CN: *.day.com)
-		- forums		(dropped)
-		- labs *
-		- training *
+		- c00 ²
+		- community **
+		- acroeng **
+		- experiencedelivers ¹
+		- feeds *
+		- training ²
+
+	** Dropped
+	¹ Redirects to www; mismatched, CN: *.day.com
+	* 404
+	² Refused
+
+
+	Problematic subdomains:
+
+		- demand.assets (mismatched)
+		- community	(Dropped)
+		- cookbooks	(404)
+		- discoverwem (timeout)
+		- edex ***
+		- cem.events	(Shows discoverwem.adobe.com)
+		- forums *
+		- gaming ¹
+		- groups **
+		- images.groups ***
+		- html ¹
+		- kb2 ¹
+		- labs ¹
+		- max (redirect to http)
+		- stats ⁶
+		- techlive	(404)
+		- thumbnails.tv ²
+		- webplatform	(Github)
+
+	¹ Works, mismatched, CN: www.adobe.com
+	* Blocks Tor users
+	² Works, akamai
+	⁴ Mismatched, CN: get.adobe.com
+	** Server sends no certificate chain
+	*** Mismatched
+	⁶ Mismatched, CN: *.d1.sc.omtrdc.net
 
-	* Refused
 
+	Partially covered subdomains:
 
-	Problematic domains:
-
-		- adobe.com subdomains:
+		- community ¹
+		- fpdownload ³
+
+	¹ /+[^?] 404s
+	³ crossdomain.xml excluded
+
+
+	Fully covered subdomains:
+
+		- (www.)
+		- entitlement.auth
+		- sp.auth
+		- blogs
+		- cookbooks	(→ forums)
+		- bugbase
+		- communities
+		- creative
+
+		- *.creative:
+
+			- ap
+			- d[0-3]
+			- eu
+			- us
+
+		- download
+		- www.echosign
+		- edex
+		- edexchange	(→ edex.adobe.com)
+		- cem.events	(→ www.adobe.com)
+		- forums
+		- get
+		- get3
+		- helpx
+		- images-tv
+		- kuler
+		- adobeid-na1.services
+		- sstats
+		- stats		(→ mxmacromedia.d1.sc.omtrdc.net)
+		- store1
+		- success
+		- techlive	(→ www.adobe.com)
+		- thumbnails-tv
+		- tv
+		- thumbnails.tv *
+		- verify
 
-			- ^ *
-			- airdownload **
-			- gaming *
-			- get2		(mismatched, CN: get.adobe.com)
-			- html *
-			- kb2 *
-			- ns		(404; mismatched, CN: www.adobe.com)
-			- stats		(mismatched, CN: *.d1.sc.omtrdc.net)
-			- thumbnails.tv **
-			- wwwimages **
+	* → akamai
 
-		- macromedia.com	(cert only matches www)
 
-	* Works, mismatched, CN: www.adobe.com
-	** Works, akamai
+	These altnames don't exist:
 
+		- scs.adobe.com
 
-	Partially covered subdomains:
 
-		- blogs		(webplatform blog redirects to http)
-		- fpdownload	(crossdomain.xml excluded)
-		- ns		(→ www)
-
-
-	Fully covered domains:
-
-		- adobe.com subdomains:
-
-			- (www.)
-			- entitlement.auth
-			- sp.auth
-			- bugbase
-			- community
-			- cookbooks
-			- creative
-
-			- \w\w.creative:
-
-				- ap
-				- d[0-3]
-				- eu
-				- us
-
-			- edexchange
-			- cem.events
-			- get
-			- get2		(→ get)
-			- get3
-			- helpx
-			- images-tv
-			- kuler
-			- max
-			- adobeid-na1.services
-			- sstats
-			- stats		(→ mxmacromedia.d1.sc.omtrdc.net)
-			- store1
-			- success
-			- thumbnails-tv
-			- tv
-			- thumbnails.tv *
-			- verify
-			- wwwimages *
-			- wwwimages2
-
-		- macromedia.com subdomains:
-
-			- (www.)		(^ → www)
-			- download
-			- fpdownload
+	Insecure cookies are set for these domains and hosts:
 
-	* → akamai
+		- .adobe.com
+		- communities.adobe.com
+		- edex.adobe.com
+		- forums.adobe.com
+		- www.adobe.com
 
 
 	Mixed content:
 
-		- Images, on
+		- css, on:
+
+			- blogs from use.typekit.com *
+			- labs from wwwimages.adobe.com *
 
+		- Images, on:
+
+			- blogs from $self *
+			- blogs from dev.w3.org
+			- groups from $self
+			- groups from images.groups *
 			- tv from thumbnails.tv *
-			- www from wwwimages *
+			- labs, www from wwwimages *
+
+		- favicon on blogs from html
 
 		- Ads/web bugs, on:
 
 			- get from stats *
 			- helpx from events.foreseeresults.com *
+			- labs from stats.adobe.com *
 			- tv from www.facebook.com *
+			- www from stats.adobe.com *
 			- www from wwwimages *
 
 	* Secured by us
 
 -->
-<ruleset name="Adobe">
+<ruleset name="Adobe.com">
 
 	<target host="adobe.com" />
-	<target host="*.adobe.com" />
-		<!--
-			Some pages redirect to http:
-
-				https://trac.torproject.org/projects/tor/ticket/8604
-											-->
-		<exclusion pattern="^http://blogs\.adobe\.com/webplatform(?:$|[?/])" />
-		<!--exclusion pattern="^http://blogs\.adobe\.com/(?!$|\?|(?:acrobat|adobe(connect|ingovernment|life)|aftereffects|captivate|conversations|creativelayer|digital(marketing|dmedia|publishing)|dreamweaver|educationleaders|experiencedelivers|globalization|gunar|indesigndocs|iwamoto|lightroomjournal|photoshopdotcom|premierepro|presenter|readermobile|vikrant)($|\?|/)|wp-content/)" /-->
+	<target host="airdownload.adobe.com" />
+	<target host="entitlement.auth.adobe.com" />
+	<target host="sp.auth.adobe.com" />
+	<target host="blogs.adobe.com" />
+	<target host="bugbase.adobe.com" />
+	<target host="communities.adobe.com" />
+	<target host="creative.adobe.com" />
+	<target host="*.creative.adobe.com" />
+	<test url="http://ap.creative.adobe.com/" />
+	<test url="http://eu.creative.adobe.com/" />
+	<test url="http://us.creative.adobe.com/" />
+	<target host="download.adobe.com" />
+	<target host="www.echosign.adobe.com" />
+	<target host="edex.adobe.com" />
+	<target host="forums.adobe.com" />
+	<target host="fpdownload.adobe.com" />
+	<target host="get.adobe.com" />
+	<target host="get2.adobe.com" />
+	<target host="get3.adobe.com" />
+	<target host="helpx.adobe.com" />
+	<target host="images-tv.adobe.com" />
+	<target host="kuler.adobe.com" />
+	<target host="adobeid-na1.services.adobe.com" />
+	<target host="sstats.adobe.com" />
+	<target host="store1.adobe.com" />
+	<target host="success.adobe.com" />
+	<target host="thumbnails-tv.adobe.com" />
+	<target host="tv.adobe.com" />
+	<target host="verify.adobe.com" />
+	<target host="www.adobe.com" />
+	<target host="wwwimages.adobe.com" />
+	<target host="wwwimages2.adobe.com" />
+
+	<!--	Complications:
+				-->
+	<target host="community.adobe.com" />
+	<target host="cookbooks.adobe.com" />
+	<!-- target host="edexchange.adobe.com" /-->
+	<target host="cem.events.adobe.com" />
+	<target host="stats.adobe.com" />
+	<target host="techlive.adobe.com" />
+
+		<!--	/+[^?] 404s:
+					-->
+		<exclusion pattern="^http://community\.adobe\.com/+(?!$|\?)" />
+
+			<test url="http://community.adobe.com/f" />
+			<test url="http://community.adobe.com/o" />
+			<test url="http://community.adobe.com//o" />
+			<test url="http://community.adobe.com/b" />
+			<test url="http://community.adobe.com/a" />
 		<!--
 			https://mail1.eff.org/pipermail/https-everywhere-rules/2013-May/001605.html
 
 			Breaks video playback:
 						-->
 		<exclusion pattern="^http://fpdownload\.adobe\.com/(?:pub/swz/)?crossdomain\.xml$" />
-	<target host="macromedia.com" />
-	<target host="*.macromedia.com" />
 
+			<test url="http://fpdownload.adobe.com/crossdomain.xml" />
+			<test url="http://fpdownload.adobe.com/pub/swz/crossdomain.xml" />
 
-	<securecookie host=".*\.adobe\.com$" name=".+" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.adobe\.com$" name="^(ITEMSINCART|TID|UID)$" /-->
+	<!--securecookie host="^communities\.adobe\.com$" name="^MDPCush-Cookie$" /-->
+	<!--securecookie host="^edex\.adobe\.com$" name="^(CFID|CFTOKEN|DEFAULTLOCALE|EDEXLOCALE)$" /-->
+	<!--securecookie host="^forums\.adobe\.com$" name="^BIGipServer[\w-]+$" /-->
+	<!--securecookie host="^www\.adobe\.com$" name="^(CFID|CFTOKEN|DYLANSESSIONID|DylanApp-BigIP)$" /-->
 
+	<securecookie host=".+\.adobe\.com$" name=".+" />
 
-	<rule from="^http://adobe\.com/"
-		to="https://www.adobe.com/" />
 
-	<rule from="^http://((?:entitlement|sp)\.auth|blogs|bugbase|community|cookbooks|(?:\w\w\.)?creative|edexchange|cem\.events|fpdownload|get3?|helpx|images-tv|kuler|max|adobeid-na1\.services|sstats|store1|success|thumbnails-tv|tv|verify|www|wwwimages2)\.adobe\.com/"
-		to="https://$1.adobe.com/" />
+	<!--	Redirect drops forward slash
+		but not args:
+				-->
+	<rule from="^http://community\.adobe\.com/+"
+		to="https://www.adobe.com/communities" />
 
-	<rule from="^http://get2\.adobe\.com/"
-		to="https://get.adobe.com/" />
+		<test url="http://community.adobe.com/?" />
+		<test url="http://community.adobe.com//" />
 
-	<rule from="^http://ns\.adobe\.com/$"
-		to="https://www.adobe.com/" />
+	<!--	Redirect drops forward slash
+		and path, but not args:
+					-->
+	<rule from="^http://cookbooks\.adobe\.com/[^?]*"
+		to="https://forums.adobe.com/" />
 
-	<rule from="^http://ns\.adobe\.com/xap/"
-		to="https://www.adobe.com/products/xmp/" />
+		<test url="http://cookbooks.adobe.com/livecycle" />
+		<test url="http://cookbooks.adobe.com/post_AIR_Encrypted_SQLite_Database-16250.html" />
 
-	<rule from="^http://stats\.adobe\.com/"
-		to="https://mxmacromedia.d1.sc.omtrdc.net/" />
+	<!--	Redirect drops forward slash
+		and path, but not args:
+					-->
+	<rule from="^http://cem\.events\.adobe\.com/[^?]*"
+		to="https://www.adobe.com/solutions/web-experience-management.html" />
 
-	<rule from="^http://thumbnails\.tv\.adobe\.com/"
-		to="https://a248.e.akamai.net/f/1355/4224/3m/thumbnails.tv.adobe.com/" />
+		<test url="http://cem.events.adobe.com/?" />
+		<test url="http://cem.events.adobe.com//" />
 
-	<!--rule from="^http://wwwimages\.adobe\.com/www\.adobe\.com/"
-		to="https://www.adobe.com/" /-->
+	<rule from="^http://stats\.adobe\.com/"
+		to="https://mxmacromedia.d1.sc.omtrdc.net/" />
 
-	<rule from="^http://wwwimages\.adobe\.com/"
-		to="https://a248.e.akamai.net/f/1953/8974/2h/wwwimages.adobe.com/" />
+	<!--	Redirect drops path but not args:
+							-->
+	<rule from="^http://techlive\.adobe\.com/[^?]*"
+		to="https://www.adobe.com/devnet/archive/techlive.html" />
 
-	<rule from="^http://(?:www\.)?macromedia\.com/"
-		to="https://www.macromedia.com/" />
+		<test url="http://techlive.adobe.com/?foo" />
+		<test url="http://techlive.adobe.com/foo" />
 
-	<rule from="^http://(fp)?download\.macromedia\.com/"
-		to="https://$1download.macromedia.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Adobe_Connect.xml b/src/chrome/content/rules/Adobe_Connect.xml
index c46e74d06a3f..8afd17c66962 100644
--- a/src/chrome/content/rules/Adobe_Connect.xml
+++ b/src/chrome/content/rules/Adobe_Connect.xml
@@ -1,29 +1,42 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://adobeconnect.com/ => https://adobeconnect.com/: (28, 'Connection timed out after 20005 milliseconds')
+
 	For other Adobe coverage, see Adobe.xml.
 
 
-	Problematic subdomains:
+	Fully covered subdomains:
 
-		- (www.)	(mismatched, CN: *.acrobat.com)
+		- (www.)
+		- bridges
 
+		- events-emea\d+:
 
-	Fully covered subdomains:
+			- events-emea2
 
-		- (www.)		(→ www.adobe.com)
 		- events-na[1-9]
 		- events-na1[01]
+		- na\d+cps
 
 -->
-<ruleset name="Adobe Connect">
+<ruleset name="Adobe Connect.com" default_off="failed ruleset test">
 
 	<target host="adobeconnect.com" />
 	<target host="*.adobeconnect.com" />
 
+		<test url="http://bridges.adobeconnect.com/" />
+		<test url="http://events-emea2.adobeconnect.com/" />
+		<test url="http://events-na1.adobeconnect.com/" />
+		<test url="http://events-na5.adobeconnect.com/" />
+		<test url="http://events-na9.adobeconnect.com/" />
+		<test url="http://events-na10.adobeconnect.com/" />
+		<test url="http://events-na11.adobeconnect.com/" />
+		<test url="http://experts.adobeconnect.com/" />
+		<test url="http://www.adobeconnect.com/" />
 
-	<rule from="^http://(?:www\.)?adobeconnect\.com/[^\?]*(\?.*)?"
-		to="https://www.adobe.com/products/adobeconnect.html$1" />
 
-	<rule from="^http://events-na(\d+)\.adobeconnect\.com/"
-		to="https://events-na$1.adobeconnect.com/" />
+	<rule from="^http://((?:bridges|events-(?:emea\d+|na\d+)|experts|na\d+cps|www)\.)?adobeconnect\.com/"
+		to="https://$1adobeconnect.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Adobe_Exchange.com.xml b/src/chrome/content/rules/Adobe_Exchange.com.xml
new file mode 100644
index 000000000000..11728fdf43a8
--- /dev/null
+++ b/src/chrome/content/rules/Adobe_Exchange.com.xml
@@ -0,0 +1,16 @@
+<!--
+	For other Adobe coverage, see Adobe.xml.
+
+
+	^: 404
+
+-->
+<ruleset name="Adobe Exchange.com">
+
+	<target host="www.adobeexchange.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Adobe_login.com.xml b/src/chrome/content/rules/Adobe_login.com.xml
new file mode 100644
index 000000000000..5aefe3da28ad
--- /dev/null
+++ b/src/chrome/content/rules/Adobe_login.com.xml
@@ -0,0 +1,29 @@
+<!--
+	For other Adobe coverage, see Adobe.xml.
+
+
+	(www.): mismatched, CN: www.adobe.com
+
+-->
+<ruleset name="Adobe login.com">
+
+	<target host="adobelogin.com" />
+	<target host="*.adobelogin.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^ims-na1\.adobelogin\.com$" name="^relay$" /-->
+
+	<securecookie host="^ims-na1\.adobelogin\.com$" name=".+" />
+
+
+	<!--	Redirect keeps path and args:
+						-->
+	<rule from="^http://(?:www\.)?adobelogin\.com/+"
+		to="https://www.adobe.com/" />
+
+	<rule from="^http://ims-na1\.adobelogin\.com/"
+		to="https://ims-na1.adobelogin.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Adobetag.com.xml b/src/chrome/content/rules/Adobetag.com.xml
index e4dcef154987..bb0abcb694d6 100644
--- a/src/chrome/content/rules/Adobetag.com.xml
+++ b/src/chrome/content/rules/Adobetag.com.xml
@@ -13,12 +13,22 @@
 <ruleset name="Adobetag.com">
 
 	<target host="www.adobetag.com" />
-
-
+	<target host="assets.adobedtm.com" />
+	<!--delivery.d2.sv.omtrdc.net
+	demand.assets.adobe.com
+	survey.112.2o7.net
+	survey.122.2o7.net
+	success.acrobat.com
+	www.omniture-static.com
+	delivery.d1.sv.omtrdc.net
+	www.echosign.adobe.com
+	www.everestads.net
+	ak-www.stage.acrobat.com
+	ak-stage.echosign.adobe.com
+	-->
 	<securecookie host="^www\.adobetag\.com$" name=".+" />
 
+	<rule from="^http:"
+		to="https:" />
 
-	<rule from="^http://www\.adobetag\.com/"
-		to="https://www.adobetag.com/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Adometry.xml b/src/chrome/content/rules/Adometry.xml
deleted file mode 100644
index 1cd72d3e9004..000000000000
--- a/src/chrome/content/rules/Adometry.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	Nonfunctional domains:
-
-		- (www.)adometry.com		(times out)
-		- veracity.adometry.com
-
--->
-<ruleset name="Adometry (partial)">
-
-	<target host="attribute.adometry.com" />
-	<target host="*.dmtry.com" />
-
-
-	<rule from="^http://attribute\.adometry\.com/"
-		to="https://attribute.adometry.com/" />
-
-	<rule from="^http://(js|log)\.dmtry\.com/"
-		to="https://$1.dmtry.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/AdoredTV.com.xml b/src/chrome/content/rules/AdoredTV.com.xml
new file mode 100644
index 000000000000..a829d406b468
--- /dev/null
+++ b/src/chrome/content/rules/AdoredTV.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="AdoredTV.com">
+	<target host="adoredtv.com" />
+	<target host="www.adoredtv.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Adoyacademy.se.xml b/src/chrome/content/rules/Adoyacademy.se.xml
deleted file mode 100644
index 119e5eea1232..000000000000
--- a/src/chrome/content/rules/Adoyacademy.se.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="Adoyacademy.se">
-  <target host="www.adoyacademy.se" />
-  <target host="adoyacademy.se" />
-  <rule from="^http://www\.adoyacademy\.se/" to="https://adoyacademy.se/"/>
-  <rule from="^http://adoyacademy\.se/" to="https://adoyacademy.se/"/>
-</ruleset>
-
diff --git a/src/chrome/content/rules/Adpay.com.xml b/src/chrome/content/rules/Adpay.com.xml
index a8d4a8880e4e..36dbd2bd577b 100644
--- a/src/chrome/content/rules/Adpay.com.xml
+++ b/src/chrome/content/rules/Adpay.com.xml
@@ -12,16 +12,14 @@
 -->
 <ruleset name="Adpay.com (partial)">
 
-	<target host="*.adpay.com" />
+	<target host="secure.adpay.com" />
+	<target host="staging.adpay.com" />
 		<!--exclusion pattern="^http://secure\.adpay\.com/(default\.aspx|/searchresults\.aspx)" /-->
 		<exclusion pattern="^http://secure\.adpay\.com/(?!ajaxpro/|[bB]randing/|favicon\.ico|[iI]mages/|Includes/|RadControls/|WebResource\.axd)" />
 		<exclusion pattern="^http://staging\.adpay\.com//searchresults\.aspx" />
 
 
-	<securecookie host="^\.adpay\.com$" name="^adpay$" />
 
+	<rule from="^http:" to="https:" />
 
-	<rule from="^http://s(ecure|taging)\.adpay\.com/"
-		to="https://s$1.adpay.com/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Adperio.com.xml b/src/chrome/content/rules/Adperio.com.xml
deleted file mode 100644
index 9c14d7170c4a..000000000000
--- a/src/chrome/content/rules/Adperio.com.xml
+++ /dev/null
@@ -1,30 +0,0 @@
-<!--
-	Adperio Incorporated
-
-
-	Othe Adperio rulesets:
-
-		- Media970.com.xml
-
-
-	Mixed content:
-
-		- css on (www.) from fonts.googleapis.com *
-		- favicon on (www.) from www *
-
-	* Secured by us
-
--->
-<ruleset name="Adperio.com">
-
-	<target host="adperio.com" />
-	<target host="www.adperio.com" />
-
-
-	<securecookie host="^(?:www\.)?adperio\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?adperio\.com/"
-		to="https://$1adperio.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Adperium.com.xml b/src/chrome/content/rules/Adperium.com.xml
new file mode 100644
index 000000000000..6d66e3f7135f
--- /dev/null
+++ b/src/chrome/content/rules/Adperium.com.xml
@@ -0,0 +1,19 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://appnexus.adperium.com/ => https://appnexus.adperium.com/: (6, 'Could not resolve host: appnexus.adperium.com')
+
+-->
+<ruleset name="Adperium.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="adperium.com" />
+	<target host="appnexus.adperium.com" />
+	<target host="www.adperium.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Adrolays.xml b/src/chrome/content/rules/Adrolays.xml
index bb3060b9159f..7b036410ce94 100644
--- a/src/chrome/content/rules/Adrolays.xml
+++ b/src/chrome/content/rules/Adrolays.xml
@@ -4,12 +4,15 @@
 		- cdn.adrolays.de	(akamai)
 
 -->
-<ruleset name="adrolays (partial)">
+<ruleset name="adrolays.de (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="a.adrolays.de" />
+	<target host="d.adrolays.de" />
+	<target host="rtt.adrolays.de" />
 
+	<rule from="^http:"
+		to="https:" />
 
-	<rule from="^http://a\.adrolays\.de/"
-		to="https://a.adrolays.de/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Adscale.xml b/src/chrome/content/rules/Adscale.xml
index 5d64769171a8..ec1f8dc91b1a 100644
--- a/src/chrome/content/rules/Adscale.xml
+++ b/src/chrome/content/rules/Adscale.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://adscale.de/ => https://www.adscale.de/: (60, 'SSL certificate problem: certificate has expired')
+
 	Nonfunctional subdomains:
 
 		- blog
@@ -17,10 +21,13 @@
 		- rh
 
 -->
-<ruleset name="adscale">
+<ruleset name="adscale" default_off="failed ruleset test">
 
 	<target host="adscale.de" />
-	<target host="*.adscale.de" />
+	<target host="www.adscale.de" />
+	<target host="ih.adscale.de" />
+	<target host="js.adscale.de" />
+	<target host="rh.adscale.de" />
 
 
 	<!--securecookie host="^\.adscale\.de$" name="^uu$" /-->
@@ -32,7 +39,6 @@
 
 	<!--	Included on 3rd-party websites:
 						-->
-	<rule from="^http://(ih|js|rh)\.adscale\.de/"
-		to="https://$1.adscale.de/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Adscend-Media.xml b/src/chrome/content/rules/Adscend-Media.xml
index 653fca62eb3a..e0d23776a714 100644
--- a/src/chrome/content/rules/Adscend-Media.xml
+++ b/src/chrome/content/rules/Adscend-Media.xml
@@ -1,13 +1,11 @@
-<ruleset name="Adscend Media" platform="mixedcontent">
-
+<!--
+	adscendmedia.com has both a wildcard DNS record and a wildcard certificate, so enumerating all subdomains is impossible.
+-->
+<ruleset name="Adscend Media">
 	<target host="adscendmedia.com" />
 	<target host="www.adscendmedia.com" />
 
+	<securecookie host=".+" name=".+" />
 
-	<securecookie host="^adscendmedia\.com$" name=".*" />
-
-
-	<rule from="^http://(www\.)?adscendmedia\.com/"
-		to="https://$1adscendmedia.com/" />
-
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Adserver01.de.xml b/src/chrome/content/rules/Adserver01.de.xml
index 79a6da6ac119..0744fd78532c 100644
--- a/src/chrome/content/rules/Adserver01.de.xml
+++ b/src/chrome/content/rules/Adserver01.de.xml
@@ -1,12 +1,11 @@
 <ruleset name="adserver01.de">
 
-	<target host="*.adserver01.de" />
+	<target host="ad2.adserver01.de" />
 
 
 	<securecookie host="^ad2\.adserver01\.de$" name=".+" />
 
 
-	<rule from="^http://(ad|r)2\.adserver01\.de/"
-		to="https://$12.adserver01.de/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Adshostnet.com.xml b/src/chrome/content/rules/Adshostnet.com.xml
deleted file mode 100644
index 70cdb820e61b..000000000000
--- a/src/chrome/content/rules/Adshostnet.com.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="adshostnet.com">
-
-	<target host="n5.adshostnet.com" />
-
-
-	<rule from="^http://n5\.adshostnet\.com/"
-		to="https://n5.adshostnet.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Adsimilis.xml b/src/chrome/content/rules/Adsimilis.xml
deleted file mode 100644
index aef2a7dec627..000000000000
--- a/src/chrome/content/rules/Adsimilis.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Adsimilis" platform="mixedcontent">
-
-	<target host="adsimilis.com" />
-	<target host="*.adsimilis.com" />
-
-
-	<securecookie host="^(.*\.)?adsimilis\.com$" name=".*" />
-
-
-	<rule from="^http://(www\.)?adsimilis\.com/"
-		to="https://$1adsimilis.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Adspdbl.com.xml b/src/chrome/content/rules/Adspdbl.com.xml
new file mode 100644
index 000000000000..f5cde3f06f21
--- /dev/null
+++ b/src/chrome/content/rules/Adspdbl.com.xml
@@ -0,0 +1,22 @@
+<!--
+	Web bugs.
+
+
+	CDN buckets:
+
+		- d3ijm230svej28.cloudfront.net
+
+			- files
+
+
+	(www.): dropped
+
+-->
+<ruleset name="adspdbl.com (partial)">
+
+	<target host="files.adspdbl.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Adsrvmedia.com.xml b/src/chrome/content/rules/Adsrvmedia.com.xml
index 5286c60a5bc5..19f4aaf615bd 100644
--- a/src/chrome/content/rules/Adsrvmedia.com.xml
+++ b/src/chrome/content/rules/Adsrvmedia.com.xml
@@ -18,7 +18,8 @@
 -->
 <ruleset name="adsrvmedia.com">
 
-	<target host="*.adsrvmedia.com" />
+	<target host="ads.adsrvmedia.com" />
+	<target host="cdn.adsrvmedia.com" />
 
 
 	<rule from="^http://ads\.adsrvmedia\.com/"
@@ -27,4 +28,4 @@
 	<rule from="^http://cdn\.adsrvmedia\.com/"
 		to="https://d3vg9hiogk70qz.cloudfront.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Adsrvmedia.net.xml b/src/chrome/content/rules/Adsrvmedia.net.xml
new file mode 100644
index 000000000000..f642fb856f35
--- /dev/null
+++ b/src/chrome/content/rules/Adsrvmedia.net.xml
@@ -0,0 +1,19 @@
+<!--
+	Problematic hosts in *adsrvmedia.net:
+
+		- cdn *
+
+	* Cloudfront
+
+-->
+<ruleset name="adsrvmedia.net" default_off="mismatched">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="cdn.adsrvmedia.net" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Adsrvr.org.xml b/src/chrome/content/rules/Adsrvr.org.xml
index a8350d167c32..9db8704f7f00 100644
--- a/src/chrome/content/rules/Adsrvr.org.xml
+++ b/src/chrome/content/rules/Adsrvr.org.xml
@@ -1,15 +1,93 @@
 <!--
-	Nonfunctional subdomains:
+	(www.)?adsrvr.org: Refused
 
-		- (www.)	(refused)
 
+	Insecure cookies are set for these domains: ᶜ
+
+		- .adsrvr.org
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+	Cert mismatch:
+		- euw.fb
+		- sin.fb
+		- use.fb
+		- usw.fb
+		- aps.insight
+		- apt.insight
+		- eua.insight
+		- apa.match
+		- apt.match
+		- cna.rtb
+		- lax.rtb
+		- lon.rtb
+		- tor.rtb
+		- ukp.rtb
+
+	Timeout:
+		- pixel
+		- test.rtb
+		- view
 -->
 <ruleset name="adsrvr.org (partial)">
 
+	<target host="a.adsrvr.org" />
+	<target host="ad.adsrvr.org" />
+	<target host="ads.adsrvr.org" />
+	<target host="aps-insight.adsrvr.org" />
+	<target host="apt-insight.adsrvr.org" />
+	<target host="chef.adsrvr.org" />
+	<target host="data.adsrvr.org" />
+	<target host="direct.adsrvr.org" />
+	<target host="eur-ukp.adsrvr.org" />
+	<target host="euwfb.adsrvr.org" />
+	<target host="euwvideo.adsrvr.org" />
+	<target host="fb.adsrvr.org" />
+	<target host="html5.adsrvr.org" />
+	<target host="innocean-insight.adsrvr.org" />
 	<target host="insight.adsrvr.org" />
+	<target host="js.adsrvr.org" />
+	<target host="match.adsrvr.org" />
+	<target host="mogointeractive-insight.adsrvr.org" />
+	<target host="opsplatform.adsrvr.org" />
+	<target host="ox-data.adsrvr.org" />
+	<target host="r-data.adsrvr.org" />
+	<target host="rtb.adsrvr.org" />
+	<target host="sindirect.adsrvr.org" />
+	<target host="sinfb.adsrvr.org" />
+	<target host="sinvideo.adsrvr.org" />
+	<target host="test1-tor.adsrvr.org" />
+	<target host="test1-ukp.adsrvr.org" />
+	<target host="test2-lax.adsrvr.org" />
+	<target host="test2-tor.adsrvr.org" />
+	<target host="tokfb.adsrvr.org" />
+	<target host="tokvideo.adsrvr.org" />
+	<target host="upsight.adsrvr.org" />
+	<target host="use-data.adsrvr.org" />
+	<target host="use-tor.adsrvr.org" />
+	<target host="usedirect.adsrvr.org" />
+	<target host="usefb.adsrvr.org" />
+	<target host="usevideo.adsrvr.org" />
+	<target host="usw-ads.adsrvr.org" />
+	<target host="usw-lax.adsrvr.org" />
+	<target host="usw-lax2.adsrvr.org" />
+	<target host="uswfb.adsrvr.org" />
+	<target host="uswvideo.adsrvr.org" />
+	<target host="v.adsrvr.org" />
+	<target host="video.adsrvr.org" />
+
+		<!--	Sets cookies without Secure:
+							-->
+		<test url="http://insight.adsrvr.org/track/conv/?adv=" />
+		<test url="http://match.adsrvr.org/track/cmf/generic?ttd_pid=&amp;ttd_tpi=&amp;ttd_puid=" />
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.adsrvr\.org$" name="^(TDCPM|TDID)$" /-->
 
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://insight\.adsrvr\.org/"
-		to="https://insight.adsrvr.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Adsurve.com.xml b/src/chrome/content/rules/Adsurve.com.xml
deleted file mode 100644
index 7732f2fbb44d..000000000000
--- a/src/chrome/content/rules/Adsurve.com.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- www01		(refused)
-
-
-	Expired 2013-11-20
-
--->
-<ruleset name="adsurve.com (partial)" default_off="expired">
-
-	<target host="adsurve.com" />
-	<target host="www.adsurve.com" />
-
-
-	<securecookie host="^adsurve\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?adsurve\.com/"
-		to="https://adsurve.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Adtarget.me.xml b/src/chrome/content/rules/Adtarget.me.xml
index 999bc394b0ef..235e839d2f97 100644
--- a/src/chrome/content/rules/Adtarget.me.xml
+++ b/src/chrome/content/rules/Adtarget.me.xml
@@ -15,7 +15,8 @@
 -->
 <ruleset name="adtarget.me">
 
-	<target host="*.adtarget.me" />
+	<target host="static.trackers.adtarget.me" />
+	<target host="static-trackers.adtarget.me" />
 
 
 	<rule from="^http://static[.-]trackers\.adtarget\.me/"
diff --git a/src/chrome/content/rules/Adtech.de.xml b/src/chrome/content/rules/Adtech.de.xml
index 64e0779761c4..ccc5be03180e 100644
--- a/src/chrome/content/rules/Adtech.de.xml
+++ b/src/chrome/content/rules/Adtech.de.xml
@@ -1,54 +1,33 @@
 <!--
 	For other AOL coverage, see AOL.xml.
 
-
 	Banner network.
 
-
 	CDN buckets:
-
 		- aka-cdn-ns.adtech.de.edgesuite.net
 
+	Invalid certificate:
+		- ad.dc2.adtech.de, equivalent to adserver.adtech.de
 
-	Problematic domains:
-
-		- aka-cdn-ns.adtech.de		(works, akamai)
-		- ad.dc2.adtech.de		(works; mismatched, CN: *.adtech.de)
-
-
-	Fully covered subdomains:
-
-		- adserver
-		- adserverams
-		- adserver-sb-fra
-		- aka-cdn
-		- aka-cdn-ns	(→ aka-cdn)
-		- ad.dc2	(→ adserver)
-		- secserv
-		- ums
-
+	Insecure cookies are set for these domains:
+		- .adtech.de
 -->
-<ruleset name="Adtech.de (partial)">
-
-	<target host="*.adtech.de" />
-		<!--
-			Breaks videos:
-
-				https://trac.torproject.org/projects/tor/ticket/7670
-											-->
-		<exclusion pattern="http://(?:adserver\.)?adtech\.de/(?:\?adrawdata/|crossdomain\.xml)" />
-
 
+<ruleset name="Adtech.de (partial)">
+	<target host="adserver.adtech.de" />
+	<target host="adserverams.adtech.de" />
+	<target host="aka-cdn.adtech.de" />
+	<target host="aka-cdn-ns.adtech.de" />
+	<target host="ad.dc2.adtech.de" />
+	<target host="secserv.adtech.de" />
+	<target host="ums.adtech.de" />
+
+	<!-- Not secured by server -->
+	<!--securecookie host="^\.adtech\.de" name="^CfP$" /-->
 	<securecookie host="^\.adtech\.de" name=".+" />
 
-
-	<rule from="^http://(adserver(?:ams|-sb-fra)?|aka-cdn|secserv|ums)\.adtech\.de/"
-		to="https://$1.adtech.de/" />
-
-	<rule from="^http://aka-cdn-ns\.adtech\.de/"
-		to="https://aka-cdn.adtech.de/" />
-
 	<rule from="^http://ad\.dc2\.adtech\.de/"
 		to="https://adserver.adtech.de/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Adtechus.com.xml b/src/chrome/content/rules/Adtechus.com.xml
index 210643d6d82a..d318acc62427 100644
--- a/src/chrome/content/rules/Adtechus.com.xml
+++ b/src/chrome/content/rules/Adtechus.com.xml
@@ -16,7 +16,8 @@
 
 		- adserver
 		- adserverec
-		- adserveriwc
+		- adserverwc
+		- aka-cdn
 		- aka-cdn-ns	(→ aka-cdn)
 		- glb
 		- heliosiq
@@ -30,21 +31,34 @@
 -->
 <ruleset name="Adtechus.com (partial)">
 
-	<target host="*.adtechus.com" />
+	<!--	Direct rewrites:
+				-->
+	<target host="adserver.adtechus.com" />
+	<target host="adserverec.adtechus.com" />
+	<target host="adserverwc.adtechus.com" />
+	<target host="aka-cdn.adtechus.com" />
+	<target host="glb.adtechus.com" />
+	<target host="heliosiq.adtechus.com" />
+	<target host="iq.adtechus.com" />
+	<target host="ums.adtechus.com" />
 
+	<!--	Complications:
+				-->
+	<target host="aka-cdn-ns.adtechus.com" />
+	<target host="ad.us-ec.adtechus.com" />
 
-	<!--securecookie host="^\.adtechus\.com$" name="^(CfP|JEB2)" /-->
-	<securecookie host=".*\.adtechus\.com$" name=".+" />
 
+	<!--securecookie host="^\.adtechus\.com$" name="^(CfP|JEB2)" /-->
+	<securecookie host=".+" name=".+"/>
 
-	<rule from="^http://(adserver(?:ec|wc)?|glb|(?:helios)?iq|ums)\.adtechus\.com/"
-		to="https://$1.adtechus.com/" />
 
 	<rule from="^http://aka-cdn-ns\.adtechus\.com/"
 		to="https://aka-cdn.adtechus.com/" />
 
-	<rule from="^http://ad\.us-ec\.adserverus\.com/"
-		to="https://adserverec.adserverus.com/" />
+	<rule from="^http://ad\.us-ec\.adtechus\.com/"
+		to="https://adserverec.adtechus.com/" />
 
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Adtile.me.xml b/src/chrome/content/rules/Adtile.me.xml
new file mode 100644
index 000000000000..e098a2bc4b21
--- /dev/null
+++ b/src/chrome/content/rules/Adtile.me.xml
@@ -0,0 +1,33 @@
+<!--
+	Problematic hosts in *adtile.me:
+
+		- ^ ¹
+		- blog ²
+		- www ²
+
+	¹ Refused
+	² Mismatched
+
+
+	Mixed content:
+
+		- iframe on blog from www.youtube.com ¹
+		- Images on blog from $self ²
+
+	¹ Secured by us
+	² Not secured by us <= mismatched
+
+-->
+<ruleset name="Adtile.me (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="dashboard.adtile.me" />
+	<target host="motion-docs.adtile.me" />
+	<target host="motion-store.adtile.me" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Adtraxx.de.xml b/src/chrome/content/rules/Adtraxx.de.xml
deleted file mode 100644
index e71c9716bc39..000000000000
--- a/src/chrome/content/rules/Adtraxx.de.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	Web bugs.
-
--->
-<ruleset name="adtraxx.de">
-
-	<target host="*.adtraxx.de" />
-
-
-	<securecookie host="^\.adtraxx\.de$" name=".+" />
-
-
-	<rule from="^http://view\.adtraxx\.de/"
-		to="https://view.adtraxx.de/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Adult-Ad-World.xml b/src/chrome/content/rules/Adult-Ad-World.xml
deleted file mode 100644
index d9aaf11ffb4e..000000000000
--- a/src/chrome/content/rules/Adult-Ad-World.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- cluster
-
--->
-<ruleset name="Adult Ad World (partial)">
-
-	<target host="*.adultadworld.com" />
-
-
-	<!--	- newt2 cert: hippo
-		- newt7: Akamai
-			-->
-	<rule from="^https://(?:newt[27]|hippo)\.adultadworld\.com/"
-		to="https://hippo.adultadworld.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Adult-FriendFinder.xml b/src/chrome/content/rules/Adult-FriendFinder.xml
index ec71cffab000..dac849596773 100644
--- a/src/chrome/content/rules/Adult-FriendFinder.xml
+++ b/src/chrome/content/rules/Adult-FriendFinder.xml
@@ -4,35 +4,56 @@
 
 	CDN buckets:
 
-		 - cs77.wac.edgecastcdn.net
+		 - cs77.wac.edgecastcdn.net	← graphics
 
-			- graphics.adultfriendfinder.com
 
+	Problematic hosts in *adultfriendfinder.com:
 
-	Problematic subdomains:
+		- (www.)? ᵐ
+		- graphics ᵐ
 
-		- (www.)	(works, mismatched, CN: secure.adultfriendfinder.com)
-		- graphics	(works, mismatched, CN: *.securedataimages.com)
+	ᵐ Mismatched
 
 
-	Fully covered subdomains:
+	Insecure cookies are set for these domains: ᶜ
 
-		- (www.)	(→ secure)
-		- banners	(→ secure)
-		- graphics	(→ secureimage.securedataimages.com)
-		- secure
+		- .adultfriendfinder.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="Adult FriendFinder (partial)">
+<ruleset name="Adult FriendFinder.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="secure.adultfriendfinder.com" />
 
+	<!--	Complications:
+				-->
 	<target host="adultfriendfinder.com" />
-	<target host="*.adultfriendfinder.com" />
+	<target host="banners.adultfriendfinder.com" />
+	<target host="graphics.adultfriendfinder.com" />
+	<target host="www.adultfriendfinder.com" />
 
+		<!--	Sets cookies without Secure:
+							-->
+		<!--test url="http://secure.adultfriendfinder.com/go/p1" /-->
 
-	<rule from="^https?://graphics\.adultfriendfinder\.com/"
-		to="https://secureimage.securedataimages.com/" />
 
-	<rule from="^https?://(?:(?:banners|secure|www)\.)?adultfriendfinder\.com/"
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.adultfriendfinder\.com$" name="^(?:AB_TRACKING|ALPO|HISTORY|IP_COUNTRY|LOCATION_FROM_IP|REFERRAL_URL|click_id_time|ffadult_apr|ffadult_apr_session|ffadult_tr|ffadult_who|v_hash)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://(?:banners\.|www\.)?adultfriendfinder\.com/"
 		to="https://secure.adultfriendfinder.com/" />
 
+	<rule from="^http://graphics\.adultfriendfinder\.com/"
+		to="https://secureimage.securedataimages.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/AdultShopping.com.xml b/src/chrome/content/rules/AdultShopping.com.xml
new file mode 100644
index 000000000000..075bdc16a374
--- /dev/null
+++ b/src/chrome/content/rules/AdultShopping.com.xml
@@ -0,0 +1,15 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- admin.adultshopping.com
+		- affiliates.adultshopping.com
+		- checkout.adultshopping.com
+		- secure.adultshopping.com
+		- store.adultshopping.com
+-->
+<ruleset name="AdultShopping.com (partial)">
+	<target host="adultshopping.com" />
+	<target host="www.adultshopping.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AdultSwim.com.xml b/src/chrome/content/rules/AdultSwim.com.xml
new file mode 100644
index 000000000000..bfd793e8fd7c
--- /dev/null
+++ b/src/chrome/content/rules/AdultSwim.com.xml
@@ -0,0 +1,24 @@
+<!--
+	Mismatched:
+		- stats
+-->
+<ruleset name="AdultSwim.com">
+	<target host="adultswim.com" />
+	<target host="www.adultswim.com" />
+	<target host="as-embed-player.adultswim.com" />
+	<target host="bea4.adultswim.com" />
+	<target host="static.cdn.adultswim.com" />
+	<target host="dev.adultswim.com" />
+	<target host="games.adultswim.com" />
+	<target host="i.adultswim.com" />
+	<target host="press.adultswim.com" />
+	<target host="audience.qa.adultswim.com" />
+	<target host="signin.adultswim.com" />
+	<target host="staging.adultswim.com" />
+	<target host="sw1mpr355adm1n.adultswim.com" />
+	<target host="twitch.adultswim.com" />
+	<target host="api.twitch.adultswim.com" />
+	<target host="cdn.twitch.adultswim.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AdultWork.com.xml b/src/chrome/content/rules/AdultWork.com.xml
new file mode 100644
index 000000000000..2e7fe9c133a6
--- /dev/null
+++ b/src/chrome/content/rules/AdultWork.com.xml
@@ -0,0 +1,43 @@
+<!--
+	Nonfunctional hosts in *adultwork.com:
+
+		- refer ᶠ
+
+	ᶠ Handshake fails
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- adultwork.com
+		- developers.adultwork.com
+		- www.adultwork.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="AdultWork.com (partial)">
+
+	<target host="adultwork.com" />
+	<target host="cdn.adultwork.com" />
+	<target host="developers.adultwork.com" />
+	<target host="www.adultwork.com" />
+
+		<test url="http://cdn.adultwork.com/platform/images/Plugins/LoginButton/btnUL_register_M.png" />
+
+		<!--	Sets cookie without Secure:
+							-->
+		<!--test url="http://developers.adultwork.com/User/Register" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?adultwork\.com$" name="^ReferralID$" /-->
+	<!--securecookie host="^developer\.adultwork\.com$" name="^__RequestVerificationToken$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Adult_Toys_4_U.com.xml b/src/chrome/content/rules/Adult_Toys_4_U.com.xml
new file mode 100644
index 000000000000..0852a7e00d24
--- /dev/null
+++ b/src/chrome/content/rules/Adult_Toys_4_U.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .www.adulttoys4u.com.au
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Adult Toys 4 U.com.au">
+
+	<target host="adulttoys4u.com.au" />
+	<target host="www.adulttoys4u.com.au" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.www\.adulttoys4u\.com\.au$" name="^zenid$" /-->
+
+	<securecookie host="^\.w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Adult_Webmaster_Empire.xml b/src/chrome/content/rules/Adult_Webmaster_Empire.xml
index 5866d46f16bb..96869a64aad3 100644
--- a/src/chrome/content/rules/Adult_Webmaster_Empire.xml
+++ b/src/chrome/content/rules/Adult_Webmaster_Empire.xml
@@ -1,22 +1,56 @@
 <!--
-	Expired 2011-08-17
+	Adult Webmaster Empire
 
 
-	Nonfunctional subdomains:
+	Insecure cookies are set for these domains: ᶜ
 
-		- static
+		- .awempire.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="Adult Webmaster Empire" default_off="expired" platform="mixedcontent">
+<ruleset name="AWEmpire.com (partial)">
 
 	<target host="awempire.com" />
+	<target host="auth.awempire.com" />
+	<target host="promo.awempire.com" />
+	<target host="resource.awempire.com" />
+	<target host="static.awempire.com" />
 	<target host="www.awempire.com" />
 
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.awempire\.com/(?:$|blog$|contact$|privacy-policy$|promo-tool$|sites$|whitelabel$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://(?:www\.)?awempire\.com/(?!/*(?:\w+/css/|favicon\.ico))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.awempire.com/blog" />
+			<test url="http://www.awempire.com/contact" />
+			<test url="http://www.awempire.com/privacy-policy" />
+			<test url="http://www.awempire.com/promo-tool" />
+			<test url="http://www.awempire.com/sites" />
+			<test url="http://www.awempire.com/whitelabel" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.awempire.com/favicon.ico" />
+			<test url="http://www.awempire.com/vd860a01b/css/common_min.css" />
+
+		<test url="http://static.awempire.com/imgs/awe/dot.gif" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.awempire\.com$" name="^awesec_session$" /-->
 
-	<securecookie host="^awempire\.com$" name=".+" />
+	<securecookie host="^\." name="^(?:_gat?$|_gat_|awesec_session$)" />
 
 
-	<rule from="^https?://(?:www\.)?awempire\.com/"
-		to="https://awempire.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Advance_Digital.xml b/src/chrome/content/rules/Advance_Digital.xml
deleted file mode 100644
index ff694a22cb33..000000000000
--- a/src/chrome/content/rules/Advance_Digital.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)	(no https)
-
--->
-<ruleset name="Advance Digital (partial)">
-
-	<target host="blog.advance.net" />
-
-
-	<rule from="^http://blog\.advance\.net/"
-		to="https://blog.advance.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Advanced-Micro-Devices-mismatches.xml b/src/chrome/content/rules/Advanced-Micro-Devices-mismatches.xml
deleted file mode 100644
index 57c62e73caca..000000000000
--- a/src/chrome/content/rules/Advanced-Micro-Devices-mismatches.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="Advanced Micro Devices (mismatches)" default_off="expired, mismatch">
-
-	<target host="developer.amd.com"/>
-		<exclusion pattern="^http://developer\.amd\.com/(?!_layouts/|afds/|Assets/|(?:Lists/Rotating|Publishing|SiteCollection)Images/|Style%20Library/|WebResource\.axd)" />
-	<target host="forums.amd.com" />
-	<target host="ssl-developer.amd.com"/>
-
-
-	<rule from="^http://((?:ssl-)?developer|forums)\.amd\.com/"
-		to="https://$1.amd.com/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Advanced-Micro-Devices.xml b/src/chrome/content/rules/Advanced-Micro-Devices.xml
deleted file mode 100644
index 0e46a8a95db2..000000000000
--- a/src/chrome/content/rules/Advanced-Micro-Devices.xml
+++ /dev/null
@@ -1,76 +0,0 @@
-<!--
-	See Advanced-Micro-Devices-mismatches.xml for problematic rules.
-
-
-	CDN buckets:
-
-		- shop.amd.com.edgesuite.net
-		- sites.amd.com.edgesuite.net
-
-		- support.amd.com.edgesuite.net
-
-			- a1982.b.akamai.net
-
-		- amd-dev.wpengine.netdna-cdn.com
-		- amd.wpengine.com
-
-
-	Nonfunctional domains:
-
-		- amd.com subdomains:
-
-			- developer	(wpengine)
-			- devgurus ¹
-			- feeds		(interrupted)
-			- game ¹
-			- shop ²
-			- sites ²
-
-		- (www.)amd-member.com ¹
-
-	¹ Dropped
-	² 504, akamai
-
-
-	Problematic subdomains:
-
-		- forums	(works; mismatched, CN: blueshieldca.fusetalkcommunity.com)
-		- ssl-developer	(expired 2013-08-15)
-		- support	(works, akamai)
-
-
-	Fully covered subdomains:
-
-		- metrics	(→ amdvglobal.122.2o7.net)
-		- secure
-		- sso
-
-
-	Mixed content:
-
-		- Web bug on support from metrics *
-
-	* Secured by us
-
--->
-<ruleset name="Advanced Micro Devices (partial)">
-
-	<target host="*.amd.com" />
-
-
-	<securecookie host="^s(?:ecure|so)\.amd\.com$" name=".+" />
-
-
-	<rule from="^http://(?:support|www)\.amd\.com/(?:PublishingImages/Restricted/Graphic/HighResolutionJPEG/(www_background\.jpg)|Style%20Library/Images/AMD/((?:amd_logo|main(?:_content_bottom|content_top)|mast_head)\.png|spacer\.gif))"
-		to="https://sso.amd.com/Registration/Images/$1$2"/>
-
-	<rule from="^http://metrics\.amd\.com/"
-		to="https://amdvglobal.122.2o7.net/" />
-
-	<rule from="^http://s(ecure|so)\.amd\.com/"
-		to="https://s$1.amd.com/" />
-
-	<rule from="^http://support\.amd\.com/Style%20Library/Images/AMD/AMD_logo\.png"
-		to="https://sso.amd.com/Registration/Images/amd_logo.png" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Advantage-Business-Media.xml b/src/chrome/content/rules/Advantage-Business-Media.xml
deleted file mode 100644
index 7d0dd5f578bd..000000000000
--- a/src/chrome/content/rules/Advantage-Business-Media.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="Advantage Business Media">
-
-	<target host="advantagemedia.com" />
-	<target host="www.advantagemedia.com" />
-
-
-	<rule from="^http://(www\.)?advantagemedia\.com/"
-		to="https://$1advantagemedia.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Advantage.xml b/src/chrome/content/rules/Advantage.xml
index bc87f8435d15..2a93df353216 100644
--- a/src/chrome/content/rules/Advantage.xml
+++ b/src/chrome/content/rules/Advantage.xml
@@ -1,27 +1,35 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://advantageseoservices.com/ => https://advantageseoservices.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.advantageseoservices.com/ => https://www.advantageseoservices.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://discountclick.com/ => https://www.advantageseoservices.com/: (60, 'SSL certificate problem: certificate has expired')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://advantageseoservices.com/ => https://advantageseoservices.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.advantageseoservices.com/ => https://www.advantageseoservices.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://discountclick.com/ => https://www.advantageseoservices.com/: (60, 'SSL certificate problem: certificate has expired')
 	Problematic domains:
 
 		- (www.)discontclick.com	(cert mismatch)
 
 -->
-<ruleset name="Advantage">
+<ruleset name="Advantage" default_off="failed ruleset test">
 
 	<target host="advantageseoservices.com" />
 	<target host="www.advantageseoservices.com" />
 	<target host="discountclick.com" />
-	<target host="*.discountclick.com" />
+	<target host="www.discountclick.com" />
+	<target host="click.discountclick.com" />
 
 
 	<securecookie host="^click\.discountclick\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?advantageseoservices\.com/"
-		to="https://$1advantageseoservices.com/" />
 
-	<rule from="^https?://(?:www\.)?discountclick\.com/"
+	<rule from="^http://(?:www\.)?discountclick\.com/"
 		to="https://www.advantageseoservices.com/" />
 
-	<rule from="^http://click\.discountclick\.com/"
-		to="https://click.discountclick.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Advconversion.com.xml b/src/chrome/content/rules/Advconversion.com.xml
new file mode 100644
index 000000000000..4659b85ac483
--- /dev/null
+++ b/src/chrome/content/rules/Advconversion.com.xml
@@ -0,0 +1,11 @@
+<ruleset name="Advconversion.com">
+
+	<target host="advconversion.com" />
+	<target host="www.advconversion.com" />
+		<test url="http://www.advconversion.com/ads-conversiontrack/conversion/track.do?type=img&amp;advertiserId=" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Advel.xml b/src/chrome/content/rules/Advel.xml
index 4e956cbc48b1..2984c17f36e3 100644
--- a/src/chrome/content/rules/Advel.xml
+++ b/src/chrome/content/rules/Advel.xml
@@ -1,9 +1,9 @@
 <ruleset name="Advel" default_off="self-signed">
 
 	<target host="advel.cz"/>
-	<target host="*.advel.cz"/>
+	<target host="www.advel.cz" />
 
-	<securecookie host="^(.*\.)?advel\.cz$" name=".*"/>
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http://(?:www\.)?advel\.cz/"
 		to="https://www.advel.cz/"/>
diff --git a/src/chrome/content/rules/Advent.com.xml b/src/chrome/content/rules/Advent.com.xml
new file mode 100644
index 000000000000..3d4ef8e22143
--- /dev/null
+++ b/src/chrome/content/rules/Advent.com.xml
@@ -0,0 +1,54 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://advent.com/ => https://advent.com/: (51, "SSL: no alternative certificate subject name matches target host name 'advent.com'")
+Fetch error: http://start.advent.com/ => https://start.advent.com/: (6, 'Could not resolve host: start.advent.com')
+
+	Nonfunctional subdomains:
+
+		- blog *
+
+	* Plaintext reply
+
+
+	Fully covered subdomains:
+
+		- (www.)?
+		- engage
+		- login
+		- start
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- advent.com
+		- .advent.com
+		- engage.advent.com
+		- login.advent.com
+		- www.advent.com
+
+-->
+<ruleset name="Advent.com (partial)" default_off="failed ruleset test">
+
+	<target host="advent.com" />
+	<target host="engage.advent.com" />
+	<target host="login.advent.com" />
+	<target host="start.advent.com" />
+	<target host="www.advent.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?advent\.com$" name="^(FIRMTYPE_COOKIE|OFFICE_COOKIE|REGION_COOKIE)$"/-->
+	<!--securecookie host="^\.advent\.com$" name="^VISITORID$"/-->
+	<!--securecookie host="^engage\.advent\.com$" name="^(LithiumUserInfo|LithiumUserSecure|LithiumVisitor)$"/-->
+	<!--securecookie host="^login\.advent\.com$" name="^AWSELB$"/-->
+
+	<securecookie host="^\.advent\.com$" name="^VISITORID$" />
+	<securecookie host="^(?:engage\.|login\.|www\.)?advent\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AdventOfCode.com.xml b/src/chrome/content/rules/AdventOfCode.com.xml
new file mode 100644
index 000000000000..e14b1a7fbf76
--- /dev/null
+++ b/src/chrome/content/rules/AdventOfCode.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="AdventOfCode.com">
+
+	<target host="adventofcode.com" />
+	<target host="www.adventofcode.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Adventori.com.xml b/src/chrome/content/rules/Adventori.com.xml
new file mode 100644
index 000000000000..b83809cc997d
--- /dev/null
+++ b/src/chrome/content/rules/Adventori.com.xml
@@ -0,0 +1,60 @@
+<!--
+		Connection refused:
+			- backup
+			- central
+			- newstats
+			- statsv3
+			- statsv4
+			- statsv5
+
+		TimeOut:
+			- d01
+			- d02
+			- d03
+			- d04
+			- d05
+			- d06
+-->
+<ruleset name="Adventori.com">
+
+	<target host="adventori.com" />
+	<target host="www.adventori.com" />
+
+	<target host="b00.adventori.com" />
+	<target host="b01.adventori.com" />
+	<target host="bo.adventori.com" />
+	<target host="bov3.adventori.com" />
+	<target host="build.adventori.com" />
+	<target host="dynastar.adventori.com" />
+	<target host="f00.adventori.com" />
+	<target host="f11.adventori.com" />
+	<target host="f12.adventori.com" />
+	<target host="f13.adventori.com" />
+	<target host="f14.adventori.com" />
+	<target host="f15.adventori.com" />
+	<target host="f16.adventori.com" />
+	<target host="f17.adventori.com" />
+	<target host="f18.adventori.com" />
+	<target host="f19.adventori.com" />
+	<target host="f20.adventori.com" />
+	<target host="f21.adventori.com" />
+	<target host="f22.adventori.com" />
+	<target host="hap1.adventori.com" />
+	<target host="hap2.adventori.com" />
+	<target host="lange.adventori.com" />
+	<target host="look.adventori.com" />
+	<target host="monitor.adventori.com" />
+	<target host="odlo.adventori.com" />
+	<target host="rossignol.adventori.com" />
+	<target host="s.adventori.com" />
+	<target host="seat-leon-itech.adventori.com" />
+	<target host="static.adventori.com" />
+	<target host="sync.adventori.com" />
+	<target host="u.adventori.com" />
+	<target host="u01.adventori.com" />
+	<target host="u02.adventori.com" />
+	<target host="v3.adventori.com" />
+
+	<rule from="^http:" to="https:"/>
+
+</ruleset>
diff --git a/src/chrome/content/rules/Adversary.org.xml b/src/chrome/content/rules/Adversary.org.xml
deleted file mode 100644
index 7d2ef1991561..000000000000
--- a/src/chrome/content/rules/Adversary.org.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="Adversary" default_off="self-signed">
-  <target host="www.adversary.org" />
-  <target host="adversary.org" />
-
-  <rule from="^http://(?:www\.)?adversary\.org/" to="https://www.adversary.org/" />
-</ruleset>
diff --git a/src/chrome/content/rules/AdvertServe.com.xml b/src/chrome/content/rules/AdvertServe.com.xml
new file mode 100644
index 000000000000..e95f74ca3512
--- /dev/null
+++ b/src/chrome/content/rules/AdvertServe.com.xml
@@ -0,0 +1,34 @@
+<!--
+	Problematic subdomains:
+
+		- (www.) *
+
+	* Shows RHEL default page; mismatched, CN: secure.advertpro.com
+
+
+	Fully covered subdomains:
+
+		- (www.)?	(→ secure)
+		- secure
+		- tradefx
+		- [\w-]+ *
+
+	* Per-client domains serving bugs
+
+-->
+<ruleset name="AdvertServe.com">
+
+	<target host="advertserve.com" />
+	<target host="*.advertserve.com" />
+
+
+	<securecookie host="^tradefx\.advertserve\.com$" name=".+" />
+
+
+	<rule from="^http://(?:secure\.|www\.)?advertserve\.com/"
+		to="https://secure.advertserve.com/" />
+
+	<rule from="^http://([\w-]+)\.advertserve\.com/"
+		to="https://$1.advertserve.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Advert_Stream.xml b/src/chrome/content/rules/Advert_Stream.xml
deleted file mode 100644
index fe0a5f5975b3..000000000000
--- a/src/chrome/content/rules/Advert_Stream.xml
+++ /dev/null
@@ -1,28 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.) *
-		- blog *
-
-	* Refused
-
-
-	Fully covered subdomains:
-
-		- ad
-		- adaccess
-		- d
-
--->
-<ruleset name="Advert Stream (partial)">
-
-	<target host="*.advertstream.com" />
-
-
-	<securecookie host="^\.adaccess\.advertstream\.com$" name=".+" />
-
-
-	<rule from="^http://(a?d|adaccess)\.advertstream\.com/"
-		to="https://$1.advertstream.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Advertise.com.xml b/src/chrome/content/rules/Advertise.com.xml
index fb7f85aaa2e7..2b713f21eff6 100644
--- a/src/chrome/content/rules/Advertise.com.xml
+++ b/src/chrome/content/rules/Advertise.com.xml
@@ -7,16 +7,16 @@
 -->
 <ruleset name="Advertise.com (partial)">
 
-	<target host="*.advertise.com" />
+	<target host="ad.advertise.com" />
+	<target host="admin.advertise.com" />
 
 
 	<securecookie host="^admin\.advertise\.com$" name=".+" />
 
 
-	<rule from="^https?://ad\.advertise\.com/"
+	<rule from="^http://ad\.advertise\.com/"
 		to="https://ad.rmxads.com/" />
 
-	<rule from="^http://admin\.advertise\.com/"
-		to="https://admin.advertise.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Advertisers-OpenX.com.xml b/src/chrome/content/rules/Advertisers-OpenX.com.xml
index 12d588a88a84..0b63c95498d3 100644
--- a/src/chrome/content/rules/Advertisers-OpenX.com.xml
+++ b/src/chrome/content/rules/Advertisers-OpenX.com.xml
@@ -1,19 +1,30 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://d3.advertisers-openx.com/ => https://d3.advertisers-openx.com/: (60, 'SSL certificate problem: certificate has expired')
+
 	For other OpenX coverage, see OpenX.xml.
 
 
+	Fully covered hosts in *advertisers-openx.com:
+
+		- d3
+
+
 	Web bugs.
 
 -->
-<ruleset name="advertisers-OpenX.com">
+<ruleset name="advertisers-OpenX.com" default_off="failed ruleset test">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="d3.advertisers-openx.com" />
 
 
 	<securecookie host="^d3\.advertisers-openx\.com$" name=".+" />
 
 
-	<rule from="^http://d3\.advertisers-openx\.com/"
-		to="https://d3.advertisers-openx.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Advertising.com-mismatches.xml b/src/chrome/content/rules/Advertising.com-mismatches.xml
index e1d03603ec14..4711d6bb6d1b 100644
--- a/src/chrome/content/rules/Advertising.com-mismatches.xml
+++ b/src/chrome/content/rules/Advertising.com-mismatches.xml
@@ -7,7 +7,7 @@
 	<target host="cte.ace.beta.advertising.com" />
 
 
-	<rule from="^http://cte\.ace\.beta\.advertising\.com/"
-		to="https://cte.ace.beta.advertising.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Advertising.com.xml b/src/chrome/content/rules/Advertising.com.xml
index 0cfed503f76e..437a2074dd10 100644
--- a/src/chrome/content/rules/Advertising.com.xml
+++ b/src/chrome/content/rules/Advertising.com.xml
@@ -1,57 +1,223 @@
 <!--
 	For problematic rules, see Advertising.com-mismatches.xml.
-
-
 	For other AOL coverage, see AOL.xml.
 
-
-	Problematic subdomains:
-
-		- ace-tag *
-		- cte.ace.beta		(mismatched, CN: servedby.advertising.com)
-		- leadback *
-
-	* Cert only matches secure.foo
-
-
-	Fully covered subdomains:
-
-		- *.ace	(→ secure):
-
-			- beta
-			- cs
-			- cte
-			- p
-			- r1
-			- r1-ads
-			- r2
-			- secure
-			- sr-r3
-
-		- ace-tag		(→ secure.ace-tag)
-		- secure.ace-tag
-		- leadback		(→ secure.leadback)
-		- secure.leadback
-		- servedby
-		- uac		(→ secure.uac)
-		- secure.uac
+		Cert expired:
+			- jp.advertising.com
+
+		Cert mismatch:
+			- cmap.adt.ace.advertising.com
+			- cmap.am.ace.advertising.com
+			- cmap.an.ace.advertising.com
+			- extmap.an.ace.advertising.com
+			- cmap.at.ace.advertising.com
+			- r1.beta.ace.advertising.com
+			- an-imp.bid.ace.advertising.com
+			- imp.bid.ace.advertising.com
+			- cmap.dc.ace.advertising.com
+			- cmap.fb.ace.advertising.com
+			- cmap.ox.ace.advertising.com
+			- cmap.pub.ace.advertising.com
+			- cmap.rm.ace.advertising.com
+			- cmap.rub.ace.advertising.com
+			- extmap.rub.ace.advertising.com
+			- cmap.uac.ace.advertising.com
+			- ace-lb.advertising.com
+			- ace2.advertising.com
+			- adlearnop.advertising.com
+			- jp.adlearnop.advertising.com
+			- uk.adlearnop.advertising.com
+			- ags.beta.advertising.com
+			- dbs.advertising.com
+			- help.advertising.com
+			- helpcenter.advertising.com
+			- stage-secure.leadback.advertising.com
+			- sr.mads.advertising.com
+			- one.advertising.com
+			- oneapi-qa.advertising.com
+			- servedby1.advertising.com
+			- servedby2.advertising.com
+			- servedby3.advertising.com
+
+	Connection refused:
+			- advertising.com
+			- www.advertising.com
+			- beta.mobile.ace.advertising.com
+			- ads.mtc.ace.advertising.com
+			- ads.ntc.ace.advertising.com
+			- optout.adaptv.advertising.com
+			- adportal.advertising.com
+			- blog.advertising.com
+			- clients.advertising.com
+			- secure-leadback.asda.db.advertising.com
+			- secure-leadback.buycom.db.advertising.com
+			- secure-leadback.callme.db.advertising.com
+			- dbs.charter2.db.advertising.com
+			- leadback.daysinn.db.advertising.com
+			- secure-leadback.drugstore.db.advertising.com
+			- leadback.firstchoice.db.advertising.com
+			- secure-leadback.fossil.db.advertising.com
+			- dbs.hotelsjp.db.advertising.com
+			- leadback.hotelsjp.db.advertising.com
+			- leadback.hotwire.db.advertising.com
+			- dbs.ihg.db.advertising.com
+			- leadback.ihg.db.advertising.com
+			- secure-leadback.ihg.db.advertising.com
+			- leadback.ihg2.db.advertising.com
+			- leadback.jetsetter.db.advertising.com
+			- dbs.nestle2.db.advertising.com
+			- dbs.nestle3.db.advertising.com
+			- secure-leadback.pccity.db.advertising.com
+			- leadback.petmeds.db.advertising.com
+			- secure-leadback.petmeds.db.advertising.com
+			- secure-leadback.rumbo.db.advertising.com
+			- secure-leadback.stubhub.db.advertising.com
+			- leadback.ticketsnow.db.advertising.com
+			- secure-leadback.ticketsnow.db.advertising.com
+			- leadback.tmobile.db.advertising.com
+			- leadback.tradera.db.advertising.com
+			- secure-leadback.tradera.db.advertising.com
+			- dbs.transunionbt.db.advertising.com
+			- dbs.transuniongeo.db.advertising.com
+			- leadback.tui.db.advertising.com
+			- leadback.wellpack.db.advertising.com
+			- dbs.zipcar.db.advertising.com
+			- de.advertising.com
+			- www.de.advertising.com
+			- es.advertising.com
+			- email.advertising.com
+			- fr.advertising.com
+			- fi.advertising.com
+			- ftp.advertising.com
+			- inventory.advertising.com
+			- jobs.advertising.com
+			- mads.advertising.com
+			- admarvel.mads.advertising.com
+			- nexage.mads.advertising.com
+			- smaato.mads.advertising.com
+			- madseu.advertising.com
+			- msg.advertising.com
+			- nl.advertising.com
+			- no.advertising.com
+			- optout.advertising.com
+			- se.advertising.com
+			- storm.advertising.com
+			- software.advertising.com
+			- uk.advertising.com
+			- web.advertising.com
+			- wireless.advertising.com
+
+		Timeout:
+			- barracuda.advertising.com
+			- creative.advertising.com
+			- demo.advertising.com
+			- ns2.advertising.com
+
+		TLS errors:
+			dialup.advertising.com
+			mail.advertising.com
+			mailhost.advertising.com
+			meeting.advertising.com
+			owa.advertising.com
+			testvpn.advertising.com
+			vpn.advertising.com
+			vpn-backup.advertising.com
+			vpn2.advertising.com
+			webvpn.advertising.com
 
 -->
 <ruleset name="Advertising.com (partial)">
 
-	<target host="*.advertising.com" />
-
-
-	<securecookie host="^\.advertising\.com$" name=".+" />
-
-
-	<rule from="^https?://(?:[\w-]+\.)?ace\.advertising\.com/"
+	<target host="ace.advertising.com" />
+	<target host="adservingbase.ace.advertising.com" />
+	<target host="bannerfarm.ace.advertising.com" />
+	<target host="secure.bannerfarm.ace.advertising.com" />
+	<target host="conversion.ace.advertising.com" />
+	<target host="beta2.ace.advertising.com" />
+	<target host="cmap.ace.advertising.com" />
+	<target host="cs.ace.advertising.com" />
+	<target host="fb-clk.ace.advertising.com" />
+	<target host="p.ace.advertising.com" />
+	<target host="pxl.ace.advertising.com" />
+	<target host="adt.pxl.ace.advertising.com" />
+	<target host="an.pxl.ace.advertising.com" />
+	<target host="brx.pxl.ace.advertising.com" />
+	<target host="bsw.pxl.ace.advertising.com" />
+	<target host="cas.pxl.ace.advertising.com" />
+	<target host="dc.pxl.ace.advertising.com" />
+	<target host="li.pxl.ace.advertising.com" />
+	<target host="mobile.ace.advertising.com" />
+	<target host="mmex.pxl.ace.advertising.com" />
+	<target host="moat.pxl.ace.advertising.com" />
+	<target host="ox.pxl.ace.advertising.com" />
+	<target host="pub.pxl.ace.advertising.com" />
+	<target host="rm.pxl.ace.advertising.com" />
+	<target host="rmx.pxl.ace.advertising.com" />
+	<target host="rub.pxl.ace.advertising.com" />
+	<target host="triplelift.pxl.ace.advertising.com" />
+	<target host="r1.ace.advertising.com" />
+	<target host="sr-r3.ace.advertising.com" />
+	<target host="r1-ads.ace.advertising.com" />
+	<target host="r2.ace.advertising.com" />
+	<target host="secure.ace.advertising.com" />
+	<target host="secure.ace-lb.advertising.com" />
+	<target host="ace-tag.advertising.com" />
+	<target host="secure.ace-tag.advertising.com" />
+	<target host="ads.adaptv.advertising.com" />
+	<target host="ads-ap.adaptv.advertising.com" />
+	<target host="ads-eu.adaptv.advertising.com" />
+	<target host="ads-direct-wc.adaptv.advertising.com" />
+	<target host="ads-ec.adaptv.advertising.com" />
+	<target host="ads-test.adaptv.advertising.com" />
+	<target host="cdn.adaptv.advertising.com" />
+	<target host="conversions.adaptv.advertising.com" />
+	<target host="log.adaptv.advertising.com" />
+	<target host="ads-wc.adaptv.advertising.com" />
+	<target host="log-wc-b.adaptv.advertising.com" />
+	<target host="optout3.adaptv.advertising.com" />
+	<target host="segments.adaptv.advertising.com" />
+	<target host="sync.adaptv.advertising.com" />
+	<target host="video.adaptv.advertising.com" />
+	<target host="video-stage.adaptv.advertising.com" />
+	<target host="post.update.wtag.adaptv.advertising.com" />
+	<target host="s.update.wtag.adaptv.advertising.com" />
+	<target host="adserver.adtech.advertising.com" />
+	<target host="adserver-eu.adtech.advertising.com" />
+	<target host="adserver-us.adtech.advertising.com" />
+	<target host="hb-us.adtech.advertising.com" />
+	<target host="adserver-as.adtech.advertising.com" />
+	<target host="hb-as.adtech.advertising.com" />
+	<target host="eu.content.cmp.advertising.com" />
+	<target host="eu.event.cmp.advertising.com" />
+	<target host="us.content.cmp.advertising.com" />
+	<target host="us.event.cmp.advertising.com" />
+	<target host="services.cmp.advertising.com" />
+	<target host="dtm.advertising.com" />
+	<target host="getcoding.advertising.com" />
+	<target host="ingest.advertising.com" />
+	<target host="leadback.advertising.com" />
+	<target host="secure.leadback.advertising.com" />
+	<target host="mobileapi.advertising.com" />
+	<target host="tearsheet.onevideo.advertising.com" />
+	<target host="optout3.advertising.com" />
+	<target host="pixel.advertising.com" />
+	<target host="edge2.pixel.advertising.com" />
+	<target host="servedby.advertising.com" />
+	<target host="smrtpxl.advertising.com" />
+	<target host="uac.advertising.com" />
+	<target host="secure.uac.advertising.com" />
+	<target host="origin.uac.advertising.com" />
+	<target host="vlibs.advertising.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://(?:[\w-]+\.)?ace\.advertising\.com/"
 		to="https://secure.ace.advertising.com/" />
 
-	<rule from="^https?://(?:secure\.)?(ace-tag|leadback|uac)\.advertising\.com/"
+	<rule from="^http://(ace-tag|leadback|uac)\.advertising\.com/"
 		to="https://secure.$1.advertising.com/" />
 
-	<rule from="^http://servedby\.advertising\.com/"
-		to="https://servedby.advertising.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Adverts.ie.xml b/src/chrome/content/rules/Adverts.ie.xml
index 391be57d3609..5bec2e2f5bd8 100644
--- a/src/chrome/content/rules/Adverts.ie.xml
+++ b/src/chrome/content/rules/Adverts.ie.xml
@@ -17,4 +17,4 @@
 	<rule from="^http://(c\d\.|www\.)?adverts\.ie/"
 		to="https://$1adverts.ie/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Advg.jp.xml b/src/chrome/content/rules/Advg.jp.xml
index f9719f0d2229..0ff409cd1a0c 100644
--- a/src/chrome/content/rules/Advg.jp.xml
+++ b/src/chrome/content/rules/Advg.jp.xml
@@ -3,7 +3,6 @@
 	<target host="r.advg.jp" />
 
 
-	<rule from="^http://r\.advg\.jp/"
-		to="https://r.advg.jp/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Adviceguide.xml b/src/chrome/content/rules/Adviceguide.xml
index 77c2dc0bfc84..f4bb83dda9b9 100644
--- a/src/chrome/content/rules/Adviceguide.xml
+++ b/src/chrome/content/rules/Adviceguide.xml
@@ -1,12 +1,36 @@
-<ruleset name="Adviceguide (partial)">
+<!--
+	^adviceguide.org.uk: Dropped
 
-	<target host="adviceguide.org.uk" />
+
+	Insecure cookies are set for these hosts:
+
+		- forms.adviceguide.org.uk
+
+-->
+<ruleset name="Adviceguide.org.uk">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="budgetplanner.adviceguide.org.uk" />
+	<target host="forms.adviceguide.org.uk" />
 	<target host="www.adviceguide.org.uk" />
-	<target host="consumerdirect.gov.uk" />
-	<target host="www.consumerdirect.gov.uk" />
 
+	<!--	Complications:
+				-->
+	<target host="adviceguide.org.uk" />
 
-	<rule from="^http://(?:www\.)?(?:adviceguide\.org|consumerdirect\.gov)\.uk/"
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^forms\.adviceguide\.org\.uk$" name="^AWSELB$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://adviceguide\.org\.uk/"
 		to="https://www.adviceguide.org.uk/" />
 
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/Adview.pl.xml b/src/chrome/content/rules/Adview.pl.xml
new file mode 100644
index 000000000000..660d5c914d17
--- /dev/null
+++ b/src/chrome/content/rules/Adview.pl.xml
@@ -0,0 +1,42 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://adview.pl/ => https://adview.pl/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.adview.pl/ => https://adview.pl/: (60, 'SSL certificate problem: certificate has expired')
+
+	www.adview.pl: Dropped
+
+
+	Insecure cookies are set for these domains:
+
+		- .adview.pl
+
+-->
+<ruleset name="adview.pl" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="adview.pl" />
+	<target host="ad.adview.pl" />
+	<target host="bi.adview.pl" />
+
+	<!--	Complications:
+				-->
+	<target host="www.adview.pl" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.adview\.pl$" name="^AdViewPIBann$" /-->
+
+	<securecookie host="^\." name="^AdViewPIBann$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://www\.adview\.pl/"
+		to="https://adview.pl/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AdvocateAndDemocrat.com.xml b/src/chrome/content/rules/AdvocateAndDemocrat.com.xml
new file mode 100644
index 000000000000..30b5bc1c6e5b
--- /dev/null
+++ b/src/chrome/content/rules/AdvocateAndDemocrat.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="AdvocateAndDemocrat.com">
+	<target host="advocateanddemocrat.com" />
+	<target host="www.advocateanddemocrat.com" />
+	<target host="m.advocateanddemocrat.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Advocates_for_Youth.xml b/src/chrome/content/rules/Advocates_for_Youth.xml
index 439493f63f50..3d701b2342f4 100644
--- a/src/chrome/content/rules/Advocates_for_Youth.xml
+++ b/src/chrome/content/rules/Advocates_for_Youth.xml
@@ -11,13 +11,13 @@
 -->
 <ruleset name="Advocates for Youth (partial)">
 
-	<target host="*.advocatesforyouth.org" />
+	<target host="secure.advocatesforyouth.org" />
+	<target host="shop.advocatesforyouth.org" />
 
 
 	<securecookie host="^\.?s(?:ecure|hop)\.advocatesforyouth\.org$" name=".+" />
 
 
-	<rule from="^http://s(ecure|hop)\.advocatesforyouth\.org/"
-		to="https://s$1.advocatesforyouth.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Advolution.de.xml b/src/chrome/content/rules/Advolution.de.xml
index dba1eb1d64fa..c38fbc1de739 100644
--- a/src/chrome/content/rules/Advolution.de.xml
+++ b/src/chrome/content/rules/Advolution.de.xml
@@ -1,12 +1,9 @@
 <ruleset name="advolution.de">
 
-	<target host="*.advolution.de" />
+	<target host="asn.advolution.de" />
 
 
-	<securecookie host="^\.advolution\.de$" name=".+" />
 
+	<rule from="^http:" to="https:" />
 
-	<rule from="^http://asn\.advolution\.de/"
-		to="https://asn.advolution.de/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Adweek.xml b/src/chrome/content/rules/Adweek.xml
index 567bd18a3b76..cf40ba9825b9 100644
--- a/src/chrome/content/rules/Adweek.xml
+++ b/src/chrome/content/rules/Adweek.xml
@@ -4,7 +4,7 @@
 		- talent	(cert: *.behance.net; redirects to www.behance.net)
 
 -->
-<ruleset name="Adweek (partial)" default_off="mismatch">
+<ruleset name="Adweek (partial)" default_off="mismatched">
 
 	<!--	Cert: *.adweek.com	-->
 	<target host="adweek.com" />
@@ -14,7 +14,7 @@
 	<target host="www.adweek.com" />
 
 
-	<securecookie host="^jobs\.adweek\.com$" name=".*" />
+	<securecookie host="^jobs\.adweek\.com$" name=".+" />
 
 
 	<!--	!www redirects to www.	-->
diff --git a/src/chrome/content/rules/AdyAdvantage.com.xml b/src/chrome/content/rules/AdyAdvantage.com.xml
new file mode 100644
index 000000000000..52129882ef84
--- /dev/null
+++ b/src/chrome/content/rules/AdyAdvantage.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="AdyAdvantage.com">
+	<target host="adyadvantage.com" />
+	<target host="www.adyadvantage.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Adyen.com.xml b/src/chrome/content/rules/Adyen.com.xml
new file mode 100644
index 000000000000..b40eae7232db
--- /dev/null
+++ b/src/chrome/content/rules/Adyen.com.xml
@@ -0,0 +1,36 @@
+<!--
+	Non-functional subdomains:
+		- $host		(i)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Adyen">
+
+	<target host="adyen.com" />
+	<target host="www.adyen.com" />
+	<target host="ca-live.adyen.com" />
+	<target host="ca-test.adyen.com" />
+	<target host="checkoutshopper-test.adyen.com" />
+	<target host="demos.adyen.com" />
+	<target host="docs.adyen.com" />
+	<target host="live.adyen.com" />
+	<target host="mattermost.adyen.com" />
+	<target host="pal-live.adyen.com" />
+	<target host="pal-test.adyen.com" />
+	<target host="support.adyen.com" />
+	<target host="test.adyen.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://adyen\.com/"
+		to="https://www.adyen.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Adzerk.net.xml b/src/chrome/content/rules/Adzerk.net.xml
new file mode 100644
index 000000000000..c7c3c20e23aa
--- /dev/null
+++ b/src/chrome/content/rules/Adzerk.net.xml
@@ -0,0 +1,51 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://secure.adzerk.net/ => https://secure.adzerk.net/: (51, "SSL: no alternative certificate subject name matches target host name 'secure.adzerk.net'")
+
+	For other Adzerk coverage, see Adzerk.xml.
+
+
+	CDN buckets:
+
+		- d36aw3ue2ntmsq.cloudfront.net
+		- adzerk-static.clients.turbobytes.com
+
+
+	Nonfunctional hosts:
+
+		- (www.)? *
+
+	* Refused
+
+
+	Fully covered hosts:
+
+		- engine
+		- secure
+		- static
+
+
+	Insecure cookies are set for these domains:
+
+		- .adzerk.net
+
+-->
+<ruleset name="Adzerk.net (partial)" default_off="failed ruleset test">
+
+	<target host="engine.adzerk.net" />
+	<target host="secure.adzerk.net" />
+	<target host="static.adzerk.net" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.adzerk\.net$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^(?:engine)?\.adzerk\.net$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Adzerk.xml b/src/chrome/content/rules/Adzerk.xml
index 4d57515e39d4..03755525764d 100644
--- a/src/chrome/content/rules/Adzerk.xml
+++ b/src/chrome/content/rules/Adzerk.xml
@@ -1,4 +1,9 @@
 <!--
+	Other Adzerk rulesets:
+
+		- Adzerk.net.xml
+
+
 	CDN buckets:
 
 		- adzerk-www.s3.amazonaws.com
@@ -8,40 +13,22 @@
 
 		- adzerkweb.wpengine.netdna-cdn.com
 
-		- adzerk-static.clients.turbobytes.com
-
-			- static.adzerk.net
-
-
-	Problematic domains:
 
-		- static.adzerk.net	(404; mismatched, CN: gp1.wac.edgecastcdn.net)
+	Nonfunctioanl hosts:
 
+		- (www.)? ¹
+		- help ²
 
-	Fully covered domains:
-
-		- adzerk.net subdomains:
-
-			- secure
-			- static	(→ d36aw3ue2ntmsq.cloudfront.net)
+	¹ Refused
+	² Zendesk
 
 -->
-<ruleset name="Adzerk (partial)">
-
-	<target host="*.adzerk.com" />
-	<target host="*.adzerk.net" />
+<ruleset name="Adzerk.com (partial)">
 
+	<target host="static.adzerk.com" />
 
-	<securecookie host="^engine\.adzerk\.net$" name=".+" />
 
-
-	<rule from="^http://help\.adzerk\.com/images/"
-		to="https://billing.helpjuice.com/images/" />
-
-	<rule from="^http://static\.adzerk\.(?:com|net)/"
+	<rule from="^http://static\.adzerk\.com/"
 		to="https://d36aw3ue2ntmsq.cloudfront.net/" />
 
-	<rule from="^http://(engine|secure)\.adzerk\.net/"
-		to="https://$1.adzerk.net/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Adzip.co.xml b/src/chrome/content/rules/Adzip.co.xml
index 5924addc3da4..99275da119eb 100644
--- a/src/chrome/content/rules/Adzip.co.xml
+++ b/src/chrome/content/rules/Adzip.co.xml
@@ -3,7 +3,6 @@
 	<target host="metrics.adzip.co" />
 
 
-	<rule from="^http://metrics\.adzip\.co/"
-		to="https://metrics.adzip.co/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/AeXp-static.com.xml b/src/chrome/content/rules/AeXp-static.com.xml
new file mode 100644
index 000000000000..ecb45ee13baa
--- /dev/null
+++ b/src/chrome/content/rules/AeXp-static.com.xml
@@ -0,0 +1,44 @@
+<!--
+	For other American Express coverage, see AmericanExpress.xml.
+
+
+	Partially covered hosts in *aexp-static.com:
+
+		- qwww *
+
+	* $ 404s
+
+
+	Fully covered subdomains:
+
+		- icm
+		- web
+		- www
+
+-->
+<ruleset name="AeXp-static.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="icm.aexp-static.com" />
+	<target host="qwww.aexp-static.com" />
+	<target host="web.aexp-static.com" />
+
+	<!--	Complications:
+				-->
+	<target host="www.aexp-static.com" />
+
+		<!--	404:
+				-->
+		<exclusion pattern="^http://qwww\.aexp-static\.com/$" />
+
+
+	<!--	$ 404s:
+			-->
+	<rule from="^http://www\.aexp-static\.com/$"
+		to="https://www.americanexpress.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Aea.se.xml b/src/chrome/content/rules/Aea.se.xml
index cd8711a7b97f..22055f6433ea 100644
--- a/src/chrome/content/rules/Aea.se.xml
+++ b/src/chrome/content/rules/Aea.se.xml
@@ -1,7 +1,9 @@
-<ruleset name="Aea.se" platform="mixedcontent">
-  <target host="www.aea.se" />
-  <target host="aea.se" />
-  <rule from="^http://www\.aea\.se/" to="https://www.aea.se/"/>
-  <rule from="^http://aea\.se/" to="https://aea.se/"/>
-</ruleset>
+<ruleset name="Aea.se">
+	<target host="aea.se" />
+	<target host="www.aea.se" />
+	<target host="aeaintrade.aea.se" />
+	<target host="aeauttrade.aea.se" />
+	<target host="formularforbund.aea.se" />
 
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Aeinstein.org.xml b/src/chrome/content/rules/Aeinstein.org.xml
new file mode 100644
index 000000000000..e45c4bf9092f
--- /dev/null
+++ b/src/chrome/content/rules/Aeinstein.org.xml
@@ -0,0 +1,6 @@
+<ruleset name="Aeinstein.org">
+	<target host="aeinstein.org" />
+	<target host="www.aeinstein.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Aeolus.xml b/src/chrome/content/rules/Aeolus.xml
deleted file mode 100644
index d140007e25a3..000000000000
--- a/src/chrome/content/rules/Aeolus.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="Aeolus">
-
-	<target host="aeolusproject.org" />
-	<target host="www.aeolusproject.org" />
-
-
-	<rule from="^http://(www\.)?aeolusproject\.org/"
-		to="https://$1aeolusproject.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/AerLingus.xml b/src/chrome/content/rules/AerLingus.xml
deleted file mode 100644
index 542b61b5e1d9..000000000000
--- a/src/chrome/content/rules/AerLingus.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="Aer Lingus (testing)" default_off="broken?">
-  <target host="aerlingus.com" />
-  <target host="*.aerlingus.com" />
-
-  <rule from="^http://aerlingus\.com/"
-          to="https://aerlingus.com/" />
-  <rule from="^http://(portal|training|www)\.aerlingus\.com/"
-          to="https://$1.aerlingus.com/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Aer_Lingus.com.xml b/src/chrome/content/rules/Aer_Lingus.com.xml
new file mode 100644
index 000000000000..d83fd609204c
--- /dev/null
+++ b/src/chrome/content/rules/Aer_Lingus.com.xml
@@ -0,0 +1,22 @@
+<!--
+	Non-functional hosts
+		Timeout was reached:
+		- corporate.aerlingus.com
+
+		SSL peer certificate was not OK:
+		- hotels.aerlingus.com
+-->
+<ruleset name="Aer Lingus.com (partial)">
+	<target host="aerlingus.com" />
+	<target host="www.aerlingus.com" />
+	<target host="classic.aerlingus.com" />
+	<target host="discovery.aerlingus.com" />
+	<target host="new.aerlingus.com" />
+	<target host="owa.aerlingus.com" />
+	<target host="portal.aerlingus.com" />
+	<target host="spectrum.aerlingus.com" />
+	<target host="training.aerlingus.com" />
+	<target host="webcheckin.aerlingus.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Aera.net.xml b/src/chrome/content/rules/Aera.net.xml
index cb05d8e9a938..a568ec62ed67 100644
--- a/src/chrome/content/rules/Aera.net.xml
+++ b/src/chrome/content/rules/Aera.net.xml
@@ -11,13 +11,12 @@
 <ruleset name="Aera.net">
 
 	<target host="aera.at" />
-	<target host="*.aera.at" />
+	<target host="www.aera.at" />
 
 
 	<securecookie host="^(?:w*\.)?aera\.net$" name=".+" />
 
 
-	<rule from="^http://(www\.)?aera\.at/"
-		to="https://$1aera.at/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Aereo.com-problematic.xml b/src/chrome/content/rules/Aereo.com-problematic.xml
index e400216229b1..348c2934f05c 100644
--- a/src/chrome/content/rules/Aereo.com-problematic.xml
+++ b/src/chrome/content/rules/Aereo.com-problematic.xml
@@ -7,7 +7,6 @@
 	<target host="blog.aereo.com" />
 
 
-	<rule from="^http://blog\.aereo\.com/"
-		to="https://blog.aereo.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Aereo.com.xml b/src/chrome/content/rules/Aereo.com.xml
index 9867aa88563d..c7b9a7ea9376 100644
--- a/src/chrome/content/rules/Aereo.com.xml
+++ b/src/chrome/content/rules/Aereo.com.xml
@@ -1,4 +1,14 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://aereo.com/ => https://aereo.com/: (51, "SSL: no alternative certificate subject name matches target host name 'aereo.com'")
+
+-->
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://aereo.com/ => https://aereo.com/: (6, 'Could not resolve host: aereo.com')
+
 	For problematic rules, see Aereo.com-problematic.xml.
 
 
@@ -17,10 +27,11 @@
 		- blog		(works; expired 2013-04-08; mismatched, CN: *.bamboom.com)
 
 -->
-<ruleset name="Aereo.com (partial)">
+<ruleset name="Aereo.com (partial)" default_off="failed ruleset test">
 
 	<target host="aereo.com" />
-	<target host="*.aereo.com" />
+	<target host="www.aereo.com" />
+	<target host="support.aereo.com" />
 
 
 	<securecookie host="^\.aereo\.com$" name=".+" />
@@ -32,4 +43,4 @@
 	<rule from="^http://support\.aereo\.com/favicon\.ico"
 		to="https://d3jyn100am7dxp.cloudfront.net/favicon.ico" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Aeriagames.xml b/src/chrome/content/rules/Aeriagames.xml
index 663c4c20a7da..c6b659c61b25 100644
--- a/src/chrome/content/rules/Aeriagames.xml
+++ b/src/chrome/content/rules/Aeriagames.xml
@@ -1,34 +1,16 @@
 <!--
-	CDN buckets:
-
-		- wildcard.aeriastatic.com.edgekey.net
-
-			- c.aeriastatic.com
-
-		- static.aeriagames.com.edgesuite.net
-
-			- s.aeriastatic.com
-
-
-	Problematic domains:
-
-		- s.aeriastatic.com	(works, akamai)
+	CDN buckets
 
+		Updated CDN
+			- cms-content.s.aeriastatic.co
 -->
 <ruleset name="Aeriagames">
-<target host="www.aeriagames.com" />
-<target host="aeriagames.com" />
-	<target host="*.aeriastatic.com" />
-
-<rule from="^http://(?:www\.)?aeriagames\.com/" to="https://www.aeriagames.com/"/>
-
-	<!--	We must rewrite from https://s to c due to protocol-relative
-		links on www.aeriagames.com:
-
-			- https://mail1.eff.org/pipermail/https-everywhere-rules/2013-July/001650.html
-			- https://bugzilla.mozilla.org/show_bug.cgi?id=879072#c1
-							-->
-	<rule from="^https?://[cs]\.aeriastatic\.com/"
-		to="https://c.aeriastatic.com/" />
-
+	<target host="www.aeriagames.com" />
+	<target host="aeriagames.com" />
+	<target host="c.aeriastatic.com" />
+		<test url="http://c.aeriastatic.com/modules/js/AG/version1/assets/signupVerifier.css" />
+	<target host="cms-content.s.aeriastatic.com" />
+		<test url="http://cms-content.s.aeriastatic.com/82de179009b2505fcc419f60f4d98ab7/files/aurakingdom/image/F/Featured_Shinobi.jpg" />
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/AerisWeather.com.xml b/src/chrome/content/rules/AerisWeather.com.xml
new file mode 100644
index 000000000000..b8c51898a0c3
--- /dev/null
+++ b/src/chrome/content/rules/AerisWeather.com.xml
@@ -0,0 +1,68 @@
+<!--
+	Non-functional subdomains:
+
+		- aerisweather.com
+			- hosted	(e)
+			- status	(m)
+			- wx-orig	(e)
+			- wx-origin	(e)
+
+		- aerisapi.com	(t)
+		- www.aerisapi.com	(r)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="AerisWeather">
+
+	<target host="aerisweather.com" />
+	<target host="www.aerisweather.com" />
+	<target host="beta.aerisweather.com" />
+	<target host="cdn.aerisweather.com" />
+	<target host="helpdesk.aerisweather.com" />
+	<target host="support.aerisweather.com" />
+	<target host="uat.aerisweather.com" />
+	<target host="www-origin.aerisweather.com" />
+	<target host="wx.aerisweather.com" />
+	<target host="wx-legacy.aerisweather.com" />
+	<target host="wx-origin.aerisweather.com" />
+
+	<target host="api.aerisapi.com" />
+	<target host="cdn.aerisapi.com" />
+	<target host="contours-legacy.aerisapi.com" />
+	<target host="img.aerisapi.com" />
+	<target host="iwx.aerisapi.com" />
+	<target host="js.aerisapi.com" />
+	<target host="js-origin.aerisapi.com" />
+	<target host="js-secure.aerisapi.com" />
+	<target host="legends.aerisapi.com" />
+	<target host="maps.aerisapi.com" />
+	<target host="maps1.aerisapi.com" />
+	<target host="maps2.aerisapi.com" />
+	<target host="maps3.aerisapi.com" />
+	<target host="maps4.aerisapi.com" />
+	<target host="rads-legacy.aerisapi.com" />
+	<target host="sats-legacy.aerisapi.com" />
+	<target host="tile.aerisapi.com" />
+	<target host="tile1.aerisapi.com" />
+	<target host="tile2.aerisapi.com" />
+	<target host="tile3.aerisapi.com" />
+	<target host="tile4.aerisapi.com" />
+	<target host="video.aerisapi.com" />
+	<target host="warnings-legacy.aerisapi.com" />
+	<target host="wxblox.aerisapi.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<!-- expired certificate -->
+	<rule from="^http://wx-origin\.aerisweather\.com/"
+		to="https://wx.aerisweather.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AeroFS.xml b/src/chrome/content/rules/AeroFS.xml
index 42c223630eed..d21d9aa81eff 100644
--- a/src/chrome/content/rules/AeroFS.xml
+++ b/src/chrome/content/rules/AeroFS.xml
@@ -1,4 +1,9 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://blog.aerofs.com/ => https://blog.aerofs.com/: (52, 'Empty reply from server')
+Fetch error: http://my.aerofs.com/ => https://my.aerofs.com/: (6, 'Could not resolve host: my.aerofs.com')
+
 	CDN buckets:
 
 		- d2w483fi6el07z.cloudfront.net
@@ -6,26 +11,29 @@
 	aerofs.uservoice.com
 
 
-	Much of support.aerofs.com is handled in Uservoice-clients.xml.
+	Fully covered hosts in *aerofs.com:
+
+		- (www.)?
+		- blog
+		- my
+		- support
 
 -->
-<ruleset name="AeroFS (partial)">
+<ruleset name="AeroFS.com" default_off="failed ruleset test">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="aerofs.com" />
-	<target host="*.aerofs.com" />
-
+	<target host="blog.aerofs.com" />
+	<target host="my.aerofs.com" />
+	<target host="support.aerofs.com" />
+	<target host="www.aerofs.com" />
 
-	<securecookie host="^.+\.aerofs\.com$" name=".+" />
 
+	<securecookie host=".+\.aerofs\.com$" name=".+" />
 
-	<rule from="^http://(blog\.|my\.|www\.)?aerofs\.com/"
-		to="https://$1aerofs.com/" />
 
-	<!--	Pages redirect back.
-			All other non-page paths
-		appear to point to cdn.uservoice.
-							-->
-	<rule from="^https?://support\.aerofs\.com/track\.gif"
-		to="https://aerofs.uservoice.com/track.gif" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/AeroHosting.cz.xml b/src/chrome/content/rules/AeroHosting.cz.xml
new file mode 100644
index 000000000000..f8ef19dd87ef
--- /dev/null
+++ b/src/chrome/content/rules/AeroHosting.cz.xml
@@ -0,0 +1,12 @@
+<ruleset name="AeroHosting.cz">
+    <target host="aerohosting.cz" />
+    <target host="www.aerohosting.cz" />
+    <target host="mail.aerohosting.cz" />
+    <target host="admin.aerohosting.cz" />
+    <target host="webftp.aerohosting.cz" />
+    <target host="domeny.aerohosting.cz" />
+    <target host="arteus.aerohosting.cz" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Aeroports_de_Montreal.xml b/src/chrome/content/rules/Aeroports_de_Montreal.xml
index 3d6a8ef48ef7..2853d7f13962 100644
--- a/src/chrome/content/rules/Aeroports_de_Montreal.xml
+++ b/src/chrome/content/rules/Aeroports_de_Montreal.xml
@@ -1,9 +1,26 @@
-<ruleset name="Aéroports de Montréal">
+<!--
+	SSL error:
+		admnet.admtl.com
+	Unable to get local issuer certificate:
+		developpementdurable.admtl.com
+		eservice.admtl.com
+		office365.admtl.com
+		sustainability.admtl.com
+-->
+<ruleset name="Aéroports de Montréal" >
     <target host="admtl.com" />
-    <target host="*.admtl.com" />
+	<target host="www.admtl.com" />
+	<target host="autodiscover.admtl.com" />
+	<target host="bap.admtl.com" />
+	<target host="cdn.admtl.com" />
+	<target host="extranet.admtl.com" />
+	<target host="mail.admtl.com" />
+	<target host="mgmt.admtl.com" />
+	<target host="sftp.admtl.com" />
+	<target host="stationnement.admtl.com" />
+	<target host="yulsatisfaction.admtl.com" />
 
-    <rule from="^https?://admtl\.com/"
-        to="https://www.admtl.com/"/>
-    <rule from="^http://([^/:@]+)?\.admtl\.com/"
-        to="https://$1.admtl.com/" />
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Aeryon_Labs.xml b/src/chrome/content/rules/Aeryon_Labs.xml
index 6b629dfde180..f6f76a1bb172 100644
--- a/src/chrome/content/rules/Aeryon_Labs.xml
+++ b/src/chrome/content/rules/Aeryon_Labs.xml
@@ -7,7 +7,6 @@
 	<securecookie host="^(?:www\.)?aeryon\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?aeryon\.com/"
-		to="https://$1aeryon.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/AetherFlyff.com.xml b/src/chrome/content/rules/AetherFlyff.com.xml
new file mode 100644
index 000000000000..dc48c306c40b
--- /dev/null
+++ b/src/chrome/content/rules/AetherFlyff.com.xml
@@ -0,0 +1,23 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://aetherflyff.com/ => https://aetherflyff.com/: (28, 'Operation timed out after 30007 milliseconds with 0 bytes received')
+Fetch error: http://basilisk.aetherflyff.com/ => https://basilisk.aetherflyff.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://www.aetherflyff.com/ => https://www.aetherflyff.com/: (28, 'Operation timed out after 30002 milliseconds with 0 bytes received')
+
+-->
+<ruleset name="Aether Flyff.com" default_off="failed ruleset test">
+
+	<target host="aetherflyff.com" />
+	<target host="basilisk.aetherflyff.com" />
+	<target host="www.aetherflyff.com" />
+
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AfB-Group.xml b/src/chrome/content/rules/AfB-Group.xml
new file mode 100644
index 000000000000..9ec6b28a1482
--- /dev/null
+++ b/src/chrome/content/rules/AfB-Group.xml
@@ -0,0 +1,15 @@
+<ruleset name="AfB Social &amp; Green IT">
+
+	<target host="afb-group.de" />
+	<target host="www.afb-group.de" />
+	<target host="ch.afb-group.de" />
+	<target host="fr.afb-group.de" />
+	<target host="oe.afb-group.de" />
+
+	<target host="afbshop.de" />
+	<target host="www.afbshop.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Aff.biz.xml b/src/chrome/content/rules/Aff.biz.xml
new file mode 100644
index 000000000000..8c1553136174
--- /dev/null
+++ b/src/chrome/content/rules/Aff.biz.xml
@@ -0,0 +1,12 @@
+<ruleset name="Aff.biz">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="aff.biz" />
+	<target host="www.aff.biz" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AffUtd.com.xml b/src/chrome/content/rules/AffUtd.com.xml
index 346750591d96..a86bcebbcec9 100644
--- a/src/chrome/content/rules/AffUtd.com.xml
+++ b/src/chrome/content/rules/AffUtd.com.xml
@@ -1,21 +1,29 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://affutd.com/ => https://www.affutd.com/: (35, 'Unknown SSL protocol error in connection to www.affutd.com:443 ')
+Fetch error: http://www.affutd.com/ => https://www.affutd.com/: (35, 'Unknown SSL protocol error in connection to www.affutd.com:443 ')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://affutd.com/ => https://www.affutd.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.affutd.com/ => https://www.affutd.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 	Affiliates United
 
 
 	For other William Hill coverage, see William-Hill.xml.
 
 -->
-<ruleset name="AffUtd.com">
+<ruleset name="AffUtd.com" default_off="failed ruleset test">
 
 	<target host="affutd.com" />
 	<target host="www.affutd.com" />
 
 
-	<securecookie host="^www\.affutd\.com$" name=".*" />
+	<securecookie host="^www\.affutd\.com$" name=".+" />
 
 
 	<!--	Cert only matches www.	-->
 	<rule from="^http://(?:www\.)?affutd\.com/"
 		to="https://www.affutd.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/AffaireRelig.net.xml b/src/chrome/content/rules/AffaireRelig.net.xml
new file mode 100644
index 000000000000..5ebf6d3fc5ef
--- /dev/null
+++ b/src/chrome/content/rules/AffaireRelig.net.xml
@@ -0,0 +1,8 @@
+<ruleset name="AffaireRelig.net">
+	<target host="affairerelig.net" />
+	<target host="www.affairerelig.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Affec.tv.xml b/src/chrome/content/rules/Affec.tv.xml
new file mode 100644
index 000000000000..991eef619dbd
--- /dev/null
+++ b/src/chrome/content/rules/Affec.tv.xml
@@ -0,0 +1,39 @@
+<!--
+	(www.): Refused, destination doesn't support tls
+
+
+	Problematic hosts in *affec.tv:
+
+		- an ᵐ
+
+	ᵐ Mismatched
+
+-->
+<ruleset name="Affec.tv (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="go.affec.tv" />
+
+	<!--	Complications:
+				-->
+	<target host="an.affec.tv" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.go\.affec\.tv$" name="^(ck|oo|pt)" /-->
+
+	<securecookie host="^\.go\." name=".+" />
+
+
+	<!--rule from="^http://(www\.)?affec\.tv/+"
+		to="https://affectv.co.uk/" /-->
+
+	<rule from="^http://an\.affec\.tv/"
+		to="https://ib.adnxs.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Affili.net.xml b/src/chrome/content/rules/Affili.net.xml
index 68c7cb0087a1..959b1ed8ba3a 100644
--- a/src/chrome/content/rules/Affili.net.xml
+++ b/src/chrome/content/rules/Affili.net.xml
@@ -17,7 +17,7 @@
 		<exclusion pattern="^http://(?:www\.)?affili\.net/(?:\w\w/defaultdesktop|de/Startseite)\.aspx" />
 
 
-	<securecookie host="^www\.affili\.net$" name=".*"/>
+	<securecookie host="^www\.affili\.net$" name=".+" />
 
 
 	<rule from="^http://(?:www\.)?affili\.net/"
@@ -26,4 +26,4 @@
 	<rule from="^http://(?:www\.)?affili\.de/"
 		to="https://www.affili.net/de/"/>
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Affiliate-B.com.xml b/src/chrome/content/rules/Affiliate-B.com.xml
new file mode 100644
index 000000000000..1b8f1ee20b4c
--- /dev/null
+++ b/src/chrome/content/rules/Affiliate-B.com.xml
@@ -0,0 +1,28 @@
+<!--
+	^: cert only matches www
+
+
+	Mixed content:
+
+		- Ad on www from oz-affiliate.com
+
+-->
+<ruleset name="Affiliate-B.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="track.affiliate-b.com" />
+	<target host="www.affiliate-b.com" />
+
+	<!--	Complications:
+				-->
+	<target host="affiliate-b.com" />
+
+
+	<rule from="^http://affiliate-b\.com/"
+		to="https://www.affiliate-b.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AffiliateTracking.com.xml b/src/chrome/content/rules/AffiliateTracking.com.xml
index 004ef19b7361..b20541004d58 100644
--- a/src/chrome/content/rules/AffiliateTracking.com.xml
+++ b/src/chrome/content/rules/AffiliateTracking.com.xml
@@ -1,19 +1,43 @@
 <!--
-	Problematic subdomains:
+	www.affiliatetracking.com: Mismatched
 
-		- www	(cert only matches ^affiliatetracking.com)
+
+	Insecure cookies are set for these domains: ᶜ
+
+		- .affiliatetracking.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Bug from roia.biz ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
 <ruleset name="AffiliateTracking.com">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="affiliatetracking.com" />
-	<target host="*.affiliatetracking.com" />
+
+	<!--	Complications:
+				-->
+	<target host="www.affiliatetracking.com" />
 
 
-	<securecookie host="^\.affiliatetracking\.com$" name=".+" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.affiliatetracking\.com$" name="^SESS[\da-f]{32}$" /-->
 
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(?:www\.)?affiliatetracking\.com/"
+
+	<rule from="^http://www\.affiliatetracking\.com/"
 		to="https://affiliatetracking.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Affility.com.xml b/src/chrome/content/rules/Affility.com.xml
new file mode 100644
index 000000000000..c4a0db000945
--- /dev/null
+++ b/src/chrome/content/rules/Affility.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Nonfunctional hosts in *affility.com:
+
+		- (www.)? *
+		- prism *
+
+	* Differs from http
+
+
+	Fully covered hosts in *:
+
+		- tracker
+
+-->
+<ruleset name="affility.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="tracker.affility.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Affinity.store.xml b/src/chrome/content/rules/Affinity.store.xml
new file mode 100644
index 000000000000..f8d16d24c578
--- /dev/null
+++ b/src/chrome/content/rules/Affinity.store.xml
@@ -0,0 +1,8 @@
+<ruleset name="Affinity.store">
+	<target host="affinity.store" />
+	<target host="www.affinity.store" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Afford.com.xml b/src/chrome/content/rules/Afford.com.xml
index b1a89d6d76a0..7bda27f97d57 100644
--- a/src/chrome/content/rules/Afford.com.xml
+++ b/src/chrome/content/rules/Afford.com.xml
@@ -3,8 +3,8 @@
 	<target host="borrowsmart.afford.com" />
 	<target host="www.afford.com" />
 
-	<securecookie host="(^|\.)afford\.com$" name=".+" />
+	<securecookie host="(?:^|\.)afford\.com$" name=".+" />
 
 	<rule from="^http://borrowsmart\.afford\.com/" to="https://borrowsmart.afford.com/" />
-	<rule from="^http://(www\.)?afford\.com/" to="https://www.afford.com/" />
-</ruleset>
\ No newline at end of file
+	<rule from="^http://(?:www\.)?afford\.com/" to="https://www.afford.com/" />
+</ruleset>
diff --git a/src/chrome/content/rules/Afiestas.org.xml b/src/chrome/content/rules/Afiestas.org.xml
new file mode 100644
index 000000000000..78b027e9adb2
--- /dev/null
+++ b/src/chrome/content/rules/Afiestas.org.xml
@@ -0,0 +1,37 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://afiestas.org/ => https://afiestas.org/: (51, "SSL: no alternative certificate subject name matches target host name 'afiestas.org'")
+Fetch error: http://www.afiestas.org/ => https://www.afiestas.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.afiestas.org'")
+
+	Insecure cookies are set for these domains:
+
+		- .afiestas.org
+
+
+	Mixed content;
+
+		- css from fonts.googleapis.com *
+		- Fonts from fonts.gstatic.com *
+		- Images from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Afiestas.org" default_off="failed ruleset test">
+
+	<target host="afiestas.org" />
+	<target host="www.afiestas.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.afiestas\.org$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.afiestas\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Afilias.xml b/src/chrome/content/rules/Afilias.xml
index b71353eb62b1..98f2daf97011 100644
--- a/src/chrome/content/rules/Afilias.xml
+++ b/src/chrome/content/rules/Afilias.xml
@@ -1,13 +1,12 @@
 <ruleset name="Afilias">
 
 	<target host="afilias.info" />
-	<target host="*.afilias.info" />
+	<target host="www.afilias.info" />
 
 
 	<securecookie host="^\.afilias\.info$" name=".+" />
 
 
-	<rule from="^http://(www\.)?afilias\.info/"
-		to="https://$1afilias.info/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Afraid.org.xml b/src/chrome/content/rules/Afraid.org.xml
index a5e4c9e5f041..179528c11781 100644
--- a/src/chrome/content/rules/Afraid.org.xml
+++ b/src/chrome/content/rules/Afraid.org.xml
@@ -1,5 +1,5 @@
 <ruleset name="FreeDNS.Afraid.org">
 	<target host="freedns.afraid.org" />
-	<rule from="^http://freedns\.afraid\.org/"
-		to="https://freedns.afraid.org/" />
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/African-Network-Information-Center.xml b/src/chrome/content/rules/African-Network-Information-Center.xml
index f7b641d2841e..0ecb53440062 100644
--- a/src/chrome/content/rules/African-Network-Information-Center.xml
+++ b/src/chrome/content/rules/African-Network-Information-Center.xml
@@ -1,15 +1,10 @@
-<ruleset name="African Network Information Center" platform="mixedcontent">
-
+<ruleset name="African Network Information Center">
 	<target host="afrinic.net" />
-	<target host="*.afrinic.net" />
-	<!--	* for cross-domain cookie.	-->
-	<target host="*.meeting.afrinic.net" />
-
-
-	<securecookie host="^(.*\.)?afrinic\.net$" name=".*" />
-
+	<target host="www.afrinic.net" />
+	<target host="meeting.afrinic.net" />
+	<target host="my.afrinic.net" />
 
-	<rule from="^http://((?:meeting|my|www2?)\.)?afrinic\.net/"
-		to="https://$1afrinic.net/" />
+	<securecookie host=".+" name=".+" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/African_Grey_Parrot_Centre.xml b/src/chrome/content/rules/African_Grey_Parrot_Centre.xml
index ccb1a7b73276..8d66ca630d65 100644
--- a/src/chrome/content/rules/African_Grey_Parrot_Centre.xml
+++ b/src/chrome/content/rules/African_Grey_Parrot_Centre.xml
@@ -1,13 +1,19 @@
-<ruleset name="African Grey Parrot Centre">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://africangreyparrotcentre.co.uk/ => https://africangreyparrotcentre.co.uk/: (60, 'SSL certificate problem: self signed certificate')
+Fetch error: http://www.africangreyparrotcentre.co.uk/ => https://www.africangreyparrotcentre.co.uk/: (60, 'SSL certificate problem: self signed certificate')
+
+-->
+<ruleset name="African Grey Parrot Centre" default_off="failed ruleset test">
 
 	<target host="africangreyparrotcentre.co.uk" />
-	<target host="*.africangreyparrotcentre.co.uk" />
+	<target host="www.africangreyparrotcentre.co.uk" />
 
 
 	<securecookie host="^(?:www)?\.africangreyparrotcentre\.co\.uk$" name=".+" />
 
 
-	<rule from="^http://(www\.)?africangreyparrotcentre\.co\.uk/"
-		to="https://$1africangreyparrotcentre.co.uk/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Aftenbladet.no.xml b/src/chrome/content/rules/Aftenbladet.no.xml
new file mode 100644
index 000000000000..a164f7587fa4
--- /dev/null
+++ b/src/chrome/content/rules/Aftenbladet.no.xml
@@ -0,0 +1,95 @@
+<!--
+	Cert expired:
+		- lisa1.aftenbladet.no
+		- mm1.aftenbladet.no
+		- mm2.aftenbladet.no
+		- multimedia1.aftenbladet.no
+		- sommer.aftenbladet.no
+
+	Cert mismatch:
+		- arkiv.aftenbladet.no
+		- bil.aftenbladet.no
+		- m.atorget.aftenbladet.no
+		- fotball.aftenbladet.no
+		- godetilbud.aftenbladet.no
+		- widget.godetilbud.aftenbladet.no
+		- quiz.i.aftenbladet.no
+		- helios.aftenbladet.no
+		- konkurranse.aftenbladet.no
+		- iphone.aftenbladet.no
+		- kundesenter.aftenbladet.no
+		- kundeservice.aftenbladet.no
+		- leserpanel.aftenbladet.no
+		- livestudio.aftenbladet.no
+		- marked.aftenbladet.no
+		- mat.aftenbladet.no
+		- mediahash3.aftenbladet.no
+		- mobile.aftenbladet.no
+		- mobilehelios.aftenbladet.no
+		- respons.aftenbladet.no
+		- reise.aftenbladet.no
+		- skatt.aftenbladet.no
+		- vip.aftenbladet.no
+		- web3.aftenbladet.no
+		- wap.aftenbladet.no
+
+	Redirect to plain:
+		- live.aftenbladet.no
+
+	Self-signed cert:
+		- 2017.aftenbladet.no
+
+	Timeout:
+		- adportal.aftenbladet.no
+		- annonse1.aftenbladet.no
+		- adventskalender.aftenbladet.no
+		- blogg.aftenbladet.no
+		- ftp.aftenbladet.no
+
+	Redirects to an non existing host:
+		- m.aftenbladet.no  has a permanent redirect to www.m.aftenbladet.no , which does not resolve
+-->
+<ruleset name="AftenBladet.no">
+
+	<target host="aftenbladet.no" />
+	<target host="www.aftenbladet.no" />
+
+	<target host="a.aftenbladet.no" />
+	<target host="annonse.aftenbladet.no" />
+	<target host="atorget.aftenbladet.no" />
+	<target host="cache1.aftenbladet.no" />
+	<target host="cache2.aftenbladet.no" />
+	<target host="cache3.aftenbladet.no" />
+	<target host="cache4.aftenbladet.no" />
+	<target host="cis.aftenbladet.no" />
+	<target host="detskjer.aftenbladet.no" />
+	<target host="www.detskjer.aftenbladet.no" />
+	<target host="api.detskjer.aftenbladet.no" />
+	<target host="red.detskjer.aftenbladet.no" />
+	<target host="dinmat.aftenbladet.no" />
+	<target host="fast.aftenbladet.no" />
+	<target host="go.aftenbladet.no" />
+	<target host="hvaskjer.aftenbladet.no" />
+	<target host="www.hvaskjer.aftenbladet.no" />
+	<target host="api.hvaskjer.aftenbladet.no" />
+	<target host="red.hvaskjer.aftenbladet.no" />
+	<target host="static.hvaskjer.aftenbladet.no" />
+	<target host="i.aftenbladet.no" />
+	<target host="mm.i.aftenbladet.no" />
+	<target host="kraft.aftenbladet.no" />
+	<target host="kundeportal.aftenbladet.no" />
+	<target host="kundeweb.aftenbladet.no" />
+	<target host="kundewebtest.aftenbladet.no" />
+	<target host="lisa.aftenbladet.no" />
+	<target host="lisacache.aftenbladet.no" />
+	<target host="mm.aftenbladet.no" />
+	<target host="multimedia.aftenbladet.no" />
+	<target host="salg.aftenbladet.no" />
+	<target host="test.salg.aftenbladet.no" />
+	<target host="sport.aftenbladet.no" />
+	<target host="stream.aftenbladet.no" />
+
+	<rule from="^http:"
+		to="https:"/>
+
+</ruleset>
diff --git a/src/chrome/content/rules/Aftenposten.xml b/src/chrome/content/rules/Aftenposten.xml
index 163a61f92533..4c75de46f2f9 100644
--- a/src/chrome/content/rules/Aftenposten.xml
+++ b/src/chrome/content/rules/Aftenposten.xml
@@ -1,58 +1,28 @@
 <!--
-	Nonfunctional subdomains:
-
-		- bedrift *
-		- papp2 *
-		- sport		(times out)
-
-	* Revoked
-
-
-	Problematic subdomains:
-
-		- atorget *
-		- bedriftfiles		(self-signed, mismatched, CN: hotelladmin.aftenposten.no)
-		- bil *
-		- godetilbud *
-		- kundeservice		(revoked)
-		- reise *
-		- rubrikkcache *
-
-	* Works; mismatched, CN: www.aftenposten.no
-
-
-	Partially covered subdomains:
-
-		- kundeservice		(→ a)
-
+	Mismatched:
+		- leserpanel
+		- sport
 -->
-<ruleset name="Aftenposten" platform="mixedcontent">
-        <target host="*.aftenposten.no" />
-        <target host="aftenposten.no" />
-	<target host="ap.mnocdn.no" />
-
-
-	<!--securecookie host="^\.aftenposten\.no$" name="^environment$" /-->
-	<securecookie host="^(?:a|kundeweb|onlinesos)\.aftenposten\.no$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?aftenposten\.no/" to="https://www.aftenposten.no/"/>
-
-	<rule from="^http://(a|kundeweb|onlinesos)\.aftenposten\.no/"
-		to="https://$1.aftenposten.no/" />
-
-	<rule from="^http://kundeservice\.aftenposten\.no/(\?.*)?$"
-		to="https://a.aftenposten.no/kundeservice/$1" />
-
-	<!-- The following rules will generate SSL warnings by default because
-	the cert is only valid for www.aftenposten.no -->
-	<!--
-	<rule from="^http://lisacache\.aftenposten\.no/" to="https://lisacache.aftenposten.no/"/>
-	<rule from="^http://media\.aftenposten\.no/" to="https://media.aftenposten.no/"/>
-	<rule from="^http://oslopuls\.aftenposten\.no/" to="https://oslopuls.aftenposten.no/"/>
-	-->
-
-	<rule from="^http://ap\.mnocdn\.no/"
-		to="https://www.aftenposten.no/" />
-
+<ruleset name="Aftenposten (partial)">
+	<target host="aftenposten.no" />
+	<target host="www.aftenposten.no" />
+	<target host="bedrift.aftenposten.no" />
+	<target host="bil.aftenposten.no" />
+	<target host="kundesenter.aftenposten.no" />
+	<target host="kundeportal.aftenposten.no" />
+	<target host="kundeweb.aftenposten.no" />
+	<target host="lisacache.aftenposten.no" />
+	<target host="media.aftenposten.no" />
+	<target host="onlinesos.aftenposten.no" />
+	<target host="oslopuls.aftenposten.no" />
+	<target host="reise.aftenposten.no" />
+	<target host="rubrikkcache.aftenposten.no" />
+	<target host="sport.aftenposten.no" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://sport\.aftenposten\.no/.*" to="https://www.aftenposten.no/100Sport/" />
+	<test url="http://sport.aftenposten.no/index.html" />
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/AfterShip.com.xml b/src/chrome/content/rules/AfterShip.com.xml
new file mode 100644
index 000000000000..ffc5eb5a9939
--- /dev/null
+++ b/src/chrome/content/rules/AfterShip.com.xml
@@ -0,0 +1,16 @@
+<ruleset name="AfterShip.com">
+
+	<target host="aftership.com" />
+	<target host="www.aftership.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.aftership\.com$" name="^(connect\.sid|lang)$" /-->
+
+	<securecookie host="^www\.aftership\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Afterdawn.com.xml b/src/chrome/content/rules/Afterdawn.com.xml
new file mode 100644
index 000000000000..d3080c2c1b62
--- /dev/null
+++ b/src/chrome/content/rules/Afterdawn.com.xml
@@ -0,0 +1,30 @@
+<!--
+	Nonfunctional hosts in *.afterdawn.com:
+
+		- feeds (n)
+		- fin.lw (m)
+
+	h: http redirect
+	m: certificate mismatch
+	n: no peer certificate
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Afterdawn.com">
+	<target host="afterdawn.com" />
+	<target host="www.afterdawn.com" />
+	<target host="es.afterdawn.com" />
+	<target host="fin.afterdawn.com" />
+	<target host="forums.afterdawn.com" />
+	<target host="keskustelu.afterdawn.com" />
+	<target host="login.afterdawn.com" />
+	<target host="m.afterdawn.com" />
+	<target host="nl.afterdawn.com" />
+	<target host="no.afterdawn.com" />
+	<target host="rss.afterdawn.com" />
+	<target host="sv.afterdawn.com" />
+
+	<rule from="^http://afterdawn\.com/" to="https://www.afterdawn.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Afterpay.co.nz.xml b/src/chrome/content/rules/Afterpay.co.nz.xml
new file mode 100644
index 000000000000..92a38fa1bd1b
--- /dev/null
+++ b/src/chrome/content/rules/Afterpay.co.nz.xml
@@ -0,0 +1,13 @@
+<!--
+	For other Afterpay coverage, see Afterpay.com.xml
+-->
+<ruleset name="Afterpay.co.nz">
+
+	<target host="afterpay.co.nz" />
+	<target host="www.afterpay.co.nz" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Afterpay.com.au.xml b/src/chrome/content/rules/Afterpay.com.au.xml
new file mode 100644
index 000000000000..8ae9dfead234
--- /dev/null
+++ b/src/chrome/content/rules/Afterpay.com.au.xml
@@ -0,0 +1,15 @@
+<!--
+	For other Afterpay coverage, see Afterpay.com.xml
+-->
+<ruleset name="Afterpay.com.au">
+
+	<target host="afterpay.com.au" />
+	<target host="www.afterpay.com.au" />
+	<target host="docs.afterpay.com.au" />
+	<target host="shop.afterpay.com.au" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Afton_Trial_Run.xml b/src/chrome/content/rules/Afton_Trial_Run.xml
index 8b58e4233a55..3759c1aca8e9 100644
--- a/src/chrome/content/rules/Afton_Trial_Run.xml
+++ b/src/chrome/content/rules/Afton_Trial_Run.xml
@@ -7,7 +7,6 @@
 	<securecookie host="^(?:www\.)?aftontrailrun\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?aftontrailrun\.com/"
-		to="https://$1aftontrailrun.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Aftonbladet-CDN.se.xml b/src/chrome/content/rules/Aftonbladet-CDN.se.xml
new file mode 100644
index 000000000000..85700bf5bf3c
--- /dev/null
+++ b/src/chrome/content/rules/Aftonbladet-CDN.se.xml
@@ -0,0 +1,31 @@
+<!--
+
+	For other Aftonbladet coverage, see Aftonbladet.xml.
+
+
+	Problematic domains:
+
+		- gfx.aftonbladet-cdn.se *
+		- gfx2.aftonbladet-cdn.se *
+
+	* Times out
+
+
+	Fully covered domains:
+
+		- gfx.aftonbladet-cdn.se	(→ www.aftonbladet.se)
+		- gfx2.aftonbladet-cdn.se	(→ www.aftonbladet.se)
+
+-->
+<ruleset name="Aftonbladet-CDN.se">
+
+	<!--	Special cases:
+				-->
+	<target host="gfx.aftonbladet-cdn.se" />
+	<target host="gfx2.aftonbladet-cdn.se" />
+
+
+	<rule from="^http://gfx2?\.aftonbladet-cdn\.se/"
+		to="https://www.aftonbladet.se/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Aftonbladet.xml b/src/chrome/content/rules/Aftonbladet.xml
index 0e14e5248d9a..f8e087d298a6 100644
--- a/src/chrome/content/rules/Aftonbladet.xml
+++ b/src/chrome/content/rules/Aftonbladet.xml
@@ -1,39 +1,51 @@
 <!--
+	Other Aftonbladet rulesets:
+
+		- Aftonbladet-CDN.se.xml
+
 	Problematic domains:
 
-		- aftonbladet.se		(cert only matches www)
-		- gfx.aftonbladet-cdn.se *
-		- gfx2.aftonbladet-cdn.se *
+		- metrics.aftonbladet.se ¹
 
-	* Times out
+	¹ Mismatched
 
 
 	Fully covered domains:
 
 		- aftonbladet.se subdomains:
 
-			- ads
-
+			- (www.)?	(^ → www)
+			- metrics	(→ smetrics.aftonbladet.se)
+			- smetrics
 
-	Observed cookie domains:
+	Insecure cookies are set for these hosts:
 
 		- ads.aftonbladet.se
 
 -->
-<ruleset name="Aftonbladet">
 
-	<target host="aftonbladet.se" />
-	<target host="*.aftonbladet.se" />
-	<target host="*.aftonbladet-cdn.se" />
+<ruleset name="Aftonbladet.se (partial)">
+
+	<!--	Direct rewrites: -->
 
+	<target host="aftonbladet.se" />
+	<target host="www.aftonbladet.se" />
+	<target host="bloggar.aftonbladet.se" />
+	<target host="login.aftonbladet.se" />
+	<target host="smetrics.aftonbladet.se" />
+	<target host="granskning.aftonbladet.se" />
+	<target host="hemma.aftonbladet.se" />
+	<target host="myhome.aftonbladet.se" />
 
-	<securecookie host="^(?:ads|\.smetrics)?\.aftonbladet\.se$" name=".+" />
+	<!--	Special cases: -->
 
+	<target host="metrics.aftonbladet.se" />
 
-	<rule from="^http://(?:(?:www\.)?aftonbladet|gfx2?\.aftonbladet-cdn)\.se/"
-		to="https://www.aftonbladet.se/" />
+	<securecookie host="^(?:ads|\.smetrics)\.aftonbladet\.se$" name=".+" />
 
-	<rule from="^http://(ads|login|smetrics)\.aftonbladet\.se/"
-		to="https://$1.aftonbladet.se/" />
+	<rule from="^http://metrics\.aftonbladet\.se/"
+		to="https://smetrics.aftonbladet.se/" />
 
+	
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Afx.ms.xml b/src/chrome/content/rules/Afx.ms.xml
new file mode 100644
index 000000000000..70567b73952c
--- /dev/null
+++ b/src/chrome/content/rules/Afx.ms.xml
@@ -0,0 +1,36 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://dub110.afx.ms/ => https://dub110.afx.ms/: (6, 'Could not resolve host: dub110.afx.ms')
+Fetch error: http://dub120.afx.ms/ => https://dub120.afx.ms/: (6, 'Could not resolve host: dub120.afx.ms')
+Fetch error: http://dub127.afx.ms/ => https://dub127.afx.ms/: (6, 'Could not resolve host: dub127.afx.ms')
+Fetch error: http://bay176.afx.ms/ => https://bay176.afx.ms/: (6, 'Could not resolve host: bay176.afx.ms')
+
+	For other Microsoft coverage, see Microsoft.xml.
+
+
+	Fully covered domains:
+
+		- dub*.afx.ms:
+
+			- dub10[2-9]
+			- dub11\d
+			- dub12[0-4]
+
+-->
+<ruleset name="afx.ms" default_off="failed ruleset test">
+
+	<target host="*.afx.ms" />
+
+		<!--	Direct rewrites:
+					-->
+		<test url="http://dub110.afx.ms/" />
+		<test url="http://dub120.afx.ms/" />
+		<test url="http://dub127.afx.ms/" />
+		<test url="http://bay176.afx.ms/" />
+
+
+	<rule from="^http://(bay|dub)(\d+)\.afx\.ms/"
+		to="https://$1$2.afx.ms/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AgKn.com.xml b/src/chrome/content/rules/AgKn.com.xml
new file mode 100644
index 000000000000..8ab3b3d0f3d8
--- /dev/null
+++ b/src/chrome/content/rules/AgKn.com.xml
@@ -0,0 +1,33 @@
+<!--
+	For other Neustar coverage, see NeuStar.xml.
+
+
+	Insecure cookies are set for these domains:
+
+		- .agkn.com
+
+-->
+<ruleset name="AgKn.com (partial)">
+
+	<target host="d.agkn.com" />
+
+		<!--	Work around broken fetch tester:
+							-->
+		<exclusion pattern="^http://d\.agkn\.com/$" />
+
+			<!--	-ve:
+					-->
+			<test url="http://d.agkn.com/iframe" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.agkn\.com$" name="^(u|uuid)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AgaKhanMuseum.org.xml b/src/chrome/content/rules/AgaKhanMuseum.org.xml
new file mode 100644
index 000000000000..36cc66d5701e
--- /dev/null
+++ b/src/chrome/content/rules/AgaKhanMuseum.org.xml
@@ -0,0 +1,11 @@
+<ruleset name="AgaKhanMuseum.org">
+	<target host="agakhanmuseum.org" />
+	<target host="www.agakhanmuseum.org" />
+	<target host="shop.agakhanmuseum.org" />
+	<target host="ticketing.agakhanmuseum.org" />
+	<target host="us-donate.agakhanmuseum.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Agar.io.xml b/src/chrome/content/rules/Agar.io.xml
new file mode 100644
index 000000000000..599201405e06
--- /dev/null
+++ b/src/chrome/content/rules/Agar.io.xml
@@ -0,0 +1,13 @@
+<ruleset name="Agar.io">
+	<target host="agar.io" />
+	<target host="www.agar.io" />
+
+	<target host="gc.agar.io" />
+	<target host="m.agar.io" />
+
+	<rule from="^http://(?:www\.)?agar\.io/"
+		to="https://agar.io/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Agari.xml b/src/chrome/content/rules/Agari.xml
index 2fd0de122eaa..595a69a75de4 100644
--- a/src/chrome/content/rules/Agari.xml
+++ b/src/chrome/content/rules/Agari.xml
@@ -1,4 +1,6 @@
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://agari.com/ => https://agari.com/: (51, "SSL: no alternative certificate subject name matches target host name 'agari.com'")
 	Problematic domains:
 
 		- dev	(mismatched, CN: agari.com)
@@ -7,7 +9,9 @@
 <ruleset name="Agari">
 
 	<target host="agari.com" />
-	<target host="*.agari.com" />
+	<target host="app.agari.com" />
+	<target host="www.agari.com" />
+	<target host="dev.agari.com" />
 
 
 	<securecookie host="^(?:w*\.)?agari\.com$" name=".+" />
@@ -19,4 +23,4 @@
 	<rule from="^http://dev\.agari\.com/wp-content/"
 		to="https://agari.com/wp-content/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Agariomods.com.xml b/src/chrome/content/rules/Agariomods.com.xml
new file mode 100644
index 000000000000..61c2d24bed25
--- /dev/null
+++ b/src/chrome/content/rules/Agariomods.com.xml
@@ -0,0 +1,19 @@
+<!--
+	Problematic subdomains:
+
+		- chat ¹
+
+	¹: Refused
+-->
+<ruleset name="Agariomods.com">
+
+	<target host="agariomods.com" />
+	<target host="www.agariomods.com" />
+
+	<target host="connect.agariomods.com" />
+	<target host="skins.agariomods.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Agava.ru.xml b/src/chrome/content/rules/Agava.ru.xml
new file mode 100644
index 000000000000..3d4ceb6ee71a
--- /dev/null
+++ b/src/chrome/content/rules/Agava.ru.xml
@@ -0,0 +1,159 @@
+<!--
+2012.agava.ru ¹
+2013.agava.ru ¹
+2048.agava.ru ²
+7.agava.ru ¹
+71.7.agava.ru ¹
+108.71.7.agava.ru ¹
+89.108.71.7.agava.ru ¹
+ad.agava.ru ¹
+www.ad.agava.ru ¹
+adv.agava.ru ²
+aik.agava.ru ²
+airwar.agava.ru ¹
+andrei.agava.ru ²
+anekdot.agava.ru ¹
+aptechka.agava.ru ²
+atlantida.agava.ru ²
+auth.agava.ru ³
+b9gqkpxna3.agava.ru ¹
+barbarian.agava.ru ²
+www.barbarian.agava.ru ¹
+bars.agava.ru ³
+bukinist.agava.ru ²
+client.agava.ru ¹
+code.agava.ru ²
+www.code.agava.ru ¹
+kkmanagment.comhosting.agava.ru ¹
+borisovlaw.comwww.agava.ru ¹
+contest.agava.ru ⁴
+coolmoney.agava.ru ¹
+www.coolmoney.agava.ru ¹
+crowd.agava.ru ²
+ctg.agava.ru ¹
+db52.agava.ru ³
+dhls.agava.ru ²
+disign.agava.ru ²
+dominus.agava.ru ²
+www.dominus.agava.ru ³
+ecology.agava.ru ¹
+econom.agava.ru ¹
+edge.agava.ru ³
+ek-lit.agava.ru ²
+entropy.agava.ru ¹
+evidence.agava.ru ³
+expired.agava.ru ¹
+ns1.expired.agava.ru ¹
+ns2.expired.agava.ru ¹
+foundation.agava.ru ³
+fsvh.agava.ru ⁴
+ftp.agava.ru ³
+glance.agava.ru ¹
+gone.agava.ru ³
+health2000.agava.ru ²
+hedge.agava.ru ²
+homesoft.agava.ru ²
+host102.agava.ru ¹
+register.hosting.agava.ru ¹
+hosting-order.agava.ru ¹
+humidri.agava.ru ⁴
+i.agava.ru ³
+jobnet.agava.ru ¹
+ad.jobnet.agava.ru ⁴
+kozel.agava.ru ²
+www.lawtech.agava.ru ¹
+letter.agava.ru ²
+likbeztur.agava.ru ²
+listopad.agava.ru ²
+love.agava.ru ²
+luck.agava.ru ¹
+mama.agava.ru ²
+messe.agava.ru ¹
+www.messe.agava.ru ¹
+mh.agava.ru ³
+www.mvmgroup.agava.ru ¹
+navigators.agava.ru ²
+nclients.agava.ru ¹
+newgame.agava.ru ¹
+newwiki.agava.ru ³
+ningma.agava.ru ²
+ns1.agava.ru ³
+ns2.agava.ru ³
+odhinn.agava.ru ¹
+pandemon.agava.ru ¹
+parents.agava.ru ²
+ns1.partner.agava.ru ²
+ns2.partner.agava.ru ²
+pasta.agava.ru ²
+www.pasta.agava.ru ¹
+pivo.agava.ru ²
+podarok.agava.ru ¹
+www.podarok.agava.ru ¹
+pp-crm.agava.ru ³
+pp-fo.agava.ru ³
+pride.agava.ru ³
+rb.agava.ru ²
+reality.agava.ru ¹
+reflinks.agava.ru ²
+retrocar.agava.ru ²
+revplus.agava.ru ²
+rgp.agava.ru ³
+rostov.agava.ru ¹
+roulette-job.agava.ru ³
+rrh.agava.ru ²
+www.rrh.agava.ru ¹
+runet.agava.ru ⁷
+rus.agava.ru ²
+www.rusounds.agava.ru ¹
+s.agava.ru ²
+s-club.agava.ru ²
+sb-gallery.agava.ru ³
+seo.agava.ru ²
+sergib.agava.ru ²
+server.agava.ru ¹
+short.agava.ru ³
+sik.agava.ru ²
+smb.agava.ru ⁴
+socionics.agava.ru ¹
+sprohotnik.agava.ru ³
+swisoft.agava.ru ²
+t.agava.ru ⁴
+www.tio.agava.ru ¹
+tommi.agava.ru ²
+www.topik.agava.ru ¹
+www.toplinks.agava.ru ¹
+upst.agava.ru ²
+ural.agava.ru ²
+www.urgent.agava.ru ¹
+vidahl.agava.ru ¹
+www.vidahl.agava.ru ¹
+web-bl.agava.ru ³
+web-expired.agava.ru ³
+webmastery.agava.ru ²
+welldesign.agava.ru ³
+wiki.agava.ru ⁴
+wildlife.agava.ru ²
+err.agava.ru different content
+domains.agava.ru mixed content
+
+
+¹ mismatch
+² refused
+³ timed out
+⁴ self signed
+⁷ protocol error
+-->
+<ruleset name="agava.ru">
+	<target host="agava.ru" />
+	<target host="www.agava.ru" />
+	<target host="blog.agava.ru" />
+	<target host="clients.agava.ru" />
+	<target host="www.clients.agava.ru" />
+	<target host="files.agava.ru" />
+	<target host="hosting.agava.ru" />
+	<target host="www.hosting.agava.ru" />
+	<target host="servers.agava.ru" />
+	<target host="www.servers.agava.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Age_of_Mine.com.xml b/src/chrome/content/rules/Age_of_Mine.com.xml
new file mode 100644
index 000000000000..35675863aff4
--- /dev/null
+++ b/src/chrome/content/rules/Age_of_Mine.com.xml
@@ -0,0 +1,19 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ageofmine.com/ => https://ageofmine.com/: (28, 'Operation timed out after 30004 milliseconds with 0 bytes received')
+Fetch error: http://www.ageofmine.com/ => https://www.ageofmine.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+
+-->
+<ruleset name="Age of Mine.com" default_off="failed ruleset test">
+
+	<target host="ageofmine.com" />
+	<target host="www.ageofmine.com" />
+
+
+	<securecookie host="^\.ageofmine\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Agence-France-Presse.xml b/src/chrome/content/rules/Agence-France-Presse.xml
index 3a0dd4bc60b4..d145d43f256d 100644
--- a/src/chrome/content/rules/Agence-France-Presse.xml
+++ b/src/chrome/content/rules/Agence-France-Presse.xml
@@ -1,13 +1,12 @@
-<ruleset name="Agence France-Presse (partial)" default_off="mismatch">
+<ruleset name="Agence France-Presse (partial)" default_off="mismatched">
 
 	<!--	Cert: *.cloudcontrolled.com	-->
 	<target host="ediplomacy.afp.com" />
 
 
-	<securecookie host="^ediplomacy\.afp\.com$" name=".*" />
+	<securecookie host="^ediplomacy\.afp\.com$" name=".+" />
 
 
-	<rule from="^http://ediplomacy\.afp\.com/"
-		to="https://ediplomacy.afp.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Agendaless.com.xml b/src/chrome/content/rules/Agendaless.com.xml
new file mode 100644
index 000000000000..d7a20dcc4bd4
--- /dev/null
+++ b/src/chrome/content/rules/Agendaless.com.xml
@@ -0,0 +1,13 @@
+<!--
+	www: cert only matches ^agendaless.com
+
+-->
+<ruleset name="Agendaless.com">
+
+	<target host="agendaless.com" />
+	<target host="www.agendaless.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Agentbot.net.xml b/src/chrome/content/rules/Agentbot.net.xml
new file mode 100644
index 000000000000..9990239dcb3f
--- /dev/null
+++ b/src/chrome/content/rules/Agentbot.net.xml
@@ -0,0 +1,66 @@
+<!--
+	Cert expired:
+		- widget-host
+
+	Cert mismatch:
+		- ^ & www
+
+	Chain issues:
+		- activity.agentbot.net
+		- dev-activity.agentbot.net
+		- devaws-activity.agentbot.net
+-->
+<ruleset name="Agentbot.net (partial)">
+
+	<target host="algartech.agentbot.net" />
+	<target host="my.alpha.agentbot.net" />
+	<target host="apibot.agentbot.net" />
+	<target host="apibot-suggest.agentbot.net" />
+	<target host="apibot2.agentbot.net" />
+	<target host="apiform.agentbot.net" />
+	<target host="apsa-admin.agentbot.net" />
+	<target host="ar-movistar.agentbot.net" />
+	<target host="ar-telefonica.agentbot.net" />
+	<target host="bancogalicia.agentbot.net" />
+	<target host="blog.agentbot.net" />
+	<target host="bbvaarg.agentbot.net" />
+	<target host="buenosaires.agentbot.net" />
+	<target host="cdn.agentbot.net" />
+	<target host="chevrolet-ec.agentbot.net" />
+	<target host="claro-ar.agentbot.net" />
+	<target host="core.agentbot.net" />
+	<target host="demo.agentbot.net" />
+	<target host="my.dev.agentbot.net" />
+	<target host="easynvest-br.agentbot.net" />
+	<target host="ecomm01.agentbot.net" />
+	<target host="edenor.agentbot.net" />
+	<target host="gigalink-br.agentbot.net" />
+	<target host="hotelurbano.agentbot.net" />
+	<target host="info.agentbot.net" />
+	<target host="ingresse-br.agentbot.net" />
+	<target host="intellimortgage.agentbot.net" />
+	<target host="iq-falabella-ar.agentbot.net" />
+	<target host="iqmiddleware.agentbot.net" />
+	<target host="lg-br.agentbot.net" />
+	<target host="lingerie-br.agentbot.net" />
+	<target host="locaweb.agentbot.net" />
+	<target host="montecable.agentbot.net" />
+	<target host="mp-br.agentbot.net" />
+	<target host="mx-movistar.agentbot.net" />
+	<target host="my.agentbot.net" />
+	<target host="personal-ar.agentbot.net" />
+	<target host="prod-agentim.agentbot.net" />
+	<target host="proteccion-co.agentbot.net" />
+	<target host="siglo21.agentbot.net" />
+	<target host="sla.agentbot.net" />
+	<target host="my.stage.agentbot.net" />
+	<target host="tcc.agentbot.net" />
+	<target host="uffmovil.agentbot.net" />
+	<target host="wibe.agentbot.net" />
+	<target host="wideo.agentbot.net" />
+	<target host="widget-lb.agentbot.net" />
+	<target host="wiki.agentbot.net" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Aggemam.dk.xml b/src/chrome/content/rules/Aggemam.dk.xml
new file mode 100644
index 000000000000..13caaeb01b47
--- /dev/null
+++ b/src/chrome/content/rules/Aggemam.dk.xml
@@ -0,0 +1,6 @@
+<ruleset name="Aggemam.dk">
+	<target host="aggemam.dk" />
+	<target host="www.aggemam.dk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Aggregate_Knowledge.xml b/src/chrome/content/rules/Aggregate_Knowledge.xml
index 172f86741579..da849e397d43 100644
--- a/src/chrome/content/rules/Aggregate_Knowledge.xml
+++ b/src/chrome/content/rules/Aggregate_Knowledge.xml
@@ -1,4 +1,15 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://aggregateknowledge.com// => https://www.aggregateknowledge.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.aggregateknowledge.com/ => https://www.aggregateknowledge.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://aggregateknowledge.com/ => https://www.aggregateknowledge.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://creative.aggregateknowledge.com/ => https://www.aggregateknowledge.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www-stage.aggregateknowledge.com/ => https://www.aggregateknowledge.com/: (60, 'SSL certificate problem: certificate has expired')
+
+	For other Neustar coverage, see NeuStar.xml.
+
+
 	CDN buckets:
 
 		- d37f3s04rhujtb.cloudfront.net
@@ -17,39 +28,63 @@
 
 	Problematic aggregateknowledge.com subdomains:
 
-		- content	(cloudfront)
+		- ^ *
 		- creative *
-		- ticket	(mismatched, CN: marketplace.atlassian.com)
 		- www-stage *
 
-	* Seems the same as www, mismatched, CN: www
+	* Mismatched
+
+
+	images: Drop
+
+
+	Insecure cookies are set for these domains:
+
+		- .aggregateknowledge.com
 
 -->
-<ruleset name="Aggregate Knowledge">
+<ruleset name="Aggregate Knowledge.com" default_off="failed ruleset test">
+
+	<target host="content.aggregateknowledge.com" />
+	<target host="dashboard.aggregateknowledge.com" />
+	<target host="data.aggregateknowledge.com" />
+	<target host="ui.aggregateknowledge.com" />
+	<target host="www.aggregateknowledge.com" />
 
+	<!--	Complications:
+				-->
 	<target host="aggregateknowledge.com" />
-	<target host="*.aggregateknowledge.com" />
-	<target host="*.agkn.com" />
+	<target host="creative.aggregateknowledge.com" />
+	<target host="www-stage.aggregateknowledge.com" />
+
+		<!--	$ redirects to www.404.html, so appease fetch tester.
+
+			Obviously this makes us stand out more, but
+			preventing @jsha from disabling the ruleset is
+			more important than blending in.
+									-->
+		<exclusion pattern="^http://data\.aggregateknowledge\.com/$" />
 
 
-	<!--	name="^(u|uuid)$"
+	<!--	Not secured by server:
 					-->
-	<securecookie host="^\.agkn\.com$" name=".+" />
+	<!--securecookie host="^\.aggregateknowledge\.com$" name="(?:u|uuid)$" /-->
 
+	<securecookie host="^\.aggregateknowledge\.com$" name=".+" />
 
-	<rule from="^http://((?:dashboard|data|images|ui|www)\.)?aggregateknowledge\.com/"
-		to="https://$1aggregateknowledge.com/" />
 
-	<rule from="^http://content\.aggregateknowledge\.com/"
-		to="https://d37f3s04rhujtb.cloudfront.net/" />
+	<!--	Redirect keeps path and args,
+		but not forward slash:
+					-->
+	<rule from="^http://aggregateknowledge\.com/+"
+		to="https://www.aggregateknowledge.com/" />
+
+		<test url="http://aggregateknowledge.com//" />
 
 	<rule from="^http://(?:creative|www-stage)\.aggregateknowledge\.com/"
 		to="https://www.aggregateknowledge.com/" />
 
-	<rule from="^http://ticket\.aggregateknowledge\.com/"
-		to="https://marketplace.atlassian.com/" />
-
-	<rule from="^http://d\.agkn\.com/"
-		to="https://d.agkn.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/AgileBits.xml b/src/chrome/content/rules/AgileBits.xml
deleted file mode 100644
index 5d380a2e92e7..000000000000
--- a/src/chrome/content/rules/AgileBits.xml
+++ /dev/null
@@ -1,32 +0,0 @@
-<!--
-	s3.amazonaws.com/agilewebsolutions.com/
-		- Equivalent to da9ipfiyfnxgu.cloudfront.net
-
-
-	Nonfunctional subdomains:
-
-		- cdn
-
--->
-<ruleset name="AgileBits (partial)">
-
-	<target host="agilebits.com" />
-	<target host="www.agilebits.com" />
-	<target host="agilewebsolutions.com" />
-	<target host="www.agilewebsolutions.com" />
-	<target host="tooagile.wpengine.com.netdna-cdn.com" />
-
-
-	<securecookie host="^agilebits\.com$" name=".*" />
-
-
-	<!--	- Cert doesn't match www nor websolutions
-		- *websolutions redirects to bits
-						-->
-	<rule from="^https?://(?:www\.)?agile(?:bits|websolutions)\.com/"
-		to="https://agilebits.com/" />
-
-	<rule from="^https?://(?:blog\.agilebits|tooagile\.wpengine\.netdna-cdn)\.com/"
-		to="https://tooagile.wpengine.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/AgileU.com.xml b/src/chrome/content/rules/AgileU.com.xml
new file mode 100644
index 000000000000..cda07ea4ee30
--- /dev/null
+++ b/src/chrome/content/rules/AgileU.com.xml
@@ -0,0 +1,28 @@
+<!--
+	For other Rally coverage, see Rally_Dev.com.xml.
+
+
+	Insecure cookies are set for these domains:
+
+		- .agileu.com
+
+-->
+<ruleset name="AgileU.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="agileu.com" />
+	<target host="www.agileu.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.agileu\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.agileu\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Agmk.net.xml b/src/chrome/content/rules/Agmk.net.xml
index 14a6b2e74efb..a5c6ec2bda09 100644
--- a/src/chrome/content/rules/Agmk.net.xml
+++ b/src/chrome/content/rules/Agmk.net.xml
@@ -1,13 +1,13 @@
 <ruleset name="agmk.net">
 
 	<target host="agmk.net" />
-	<target host="*.agmk.net" />
+	<target host="poczta.agmk.net" />
+	<target host="www.agmk.net" />
 
 
-	<securecookie host="^(?:.+\.)?agmk\.net$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(poczta\.|www\.)?agmk\.net/"
-		to="https://$1agmk.net/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Agnitum.com.xml b/src/chrome/content/rules/Agnitum.com.xml
deleted file mode 100644
index 1275dadb4f38..000000000000
--- a/src/chrome/content/rules/Agnitum.com.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<!-- Av vendor. -->
-<ruleset name="Agnitum">
-	<target host="agnitum.com" />
-	<target host="www.agnitum.com" />
-	<rule from="^http://www\.agnitum\.com/" to="https://www.agnitum.com/"/>
-	<rule from="^http://agnitum\.com/" to="https://www.agnitum.com/"/>
-</ruleset>
-
diff --git a/src/chrome/content/rules/Agol.dk.xml b/src/chrome/content/rules/Agol.dk.xml
new file mode 100644
index 000000000000..43d7a069718b
--- /dev/null
+++ b/src/chrome/content/rules/Agol.dk.xml
@@ -0,0 +1,14 @@
+<!--
+	Different content http/https:
+		gombert.agol.dk
+
+-->
+<ruleset name="Agol.dk">
+
+	<target host="agol.dk" />
+	<target host="www.agol.dk" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Agora_Voting.com.xml b/src/chrome/content/rules/Agora_Voting.com.xml
new file mode 100644
index 000000000000..aebc7bd31dd2
--- /dev/null
+++ b/src/chrome/content/rules/Agora_Voting.com.xml
@@ -0,0 +1,26 @@
+<!--
+
+	Insecure cookies are set for these domains:
+
+		- .agoravoting.com
+
+-->
+<ruleset name="Agora Voting.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="agoravoting.com" />
+	<target host="www.agoravoting.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.agoravoting\.com$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.agoravoting\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Agra-net.com.xml b/src/chrome/content/rules/Agra-net.com.xml
new file mode 100644
index 000000000000..3d5e540231dd
--- /dev/null
+++ b/src/chrome/content/rules/Agra-net.com.xml
@@ -0,0 +1,59 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://store.agra-net.com/ => https://store.agra-net.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	For other Informa coverage, see Informa.xml.
+
+
+	Nonfunctional hosts in *agra-net.com:
+
+		- lidenquiry *
+
+	* Plaintext reply
+
+
+	Fully covered hosts in *agra-net.com:
+
+		- (www.)?
+		- fertecon
+		- store
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .agra-net.com
+		- .store.agra-net.com
+		- www.agra-net.com
+
+
+	Mixed content:
+
+		- Images on fertecon from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="agra-net.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="agra-net.com" />
+	<target host="fertecon.agra-net.com" />
+	<target host="store.agra-net.com" />
+	<target host="www.agra-net.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.agra-net\.com$" name="^(__cfduid|cf_clearance)$" /-->
+	<!--securecookie host="^\.store\.agra-net\.com$" name="^(CUSTOMER|CUSTOMER_INFO|NEWMESSAGE|frontend)$" /-->
+	<!--securecookie host="^www\.agra-net\.com$" name="^(JSESSIONID|cookie)$" /-->
+
+	<securecookie host="^(?:\.store|www)?\.agra-net\.net$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Agra-net.net.xml b/src/chrome/content/rules/Agra-net.net.xml
new file mode 100644
index 000000000000..56a44885a37d
--- /dev/null
+++ b/src/chrome/content/rules/Agra-net.net.xml
@@ -0,0 +1,44 @@
+<!--
+	For other Informa coverage, see Informa.xml.
+
+
+	Nonfunctional hosts in *agra-net.net:
+
+		- foodnews *
+
+	* 521
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .agra-net.net
+		- www.agra-net.net
+
+
+	Mixed content:
+
+		- Images on www from foodnews.agra-net.net *
+
+	* Unsecurable <= 521
+
+-->
+<ruleset name="agra-net.net (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="agra-net.net" />
+	<target host="www.agra-net.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.agra-net\.net$" name="^(__cfduid|cf_clearance)$" /-->
+	<!--securecookie host="^www\.agra-net\.net$" name="^(JSESSIONID|cookie)$" /-->
+
+	<securecookie host="^(?:www)?\.agra-net\.net$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Agri_Supply.com.xml b/src/chrome/content/rules/Agri_Supply.com.xml
index 29f9dcda10a1..2e192d4aa95c 100644
--- a/src/chrome/content/rules/Agri_Supply.com.xml
+++ b/src/chrome/content/rules/Agri_Supply.com.xml
@@ -13,4 +13,4 @@
 	<rule from="^http://(?:www\.)?agrisupply\.com/((?:editaccount|signin)\.aspx|favicon\.ico|images/|Java[sS]cript/|Styles/)"
 		to="https://www.agrisupply.com/$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Agwa.name.xml b/src/chrome/content/rules/Agwa.name.xml
new file mode 100644
index 000000000000..a7c14d238063
--- /dev/null
+++ b/src/chrome/content/rules/Agwa.name.xml
@@ -0,0 +1,10 @@
+<ruleset name="Agwa.name">
+
+	<target host="agwa.name" />
+	<target host="www.agwa.name" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AhadithNotes.com.xml b/src/chrome/content/rules/AhadithNotes.com.xml
new file mode 100644
index 000000000000..eb756a773105
--- /dev/null
+++ b/src/chrome/content/rules/AhadithNotes.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="AhadithNotes.com">
+	<target host="ahadithnotes.com" />
+	<target host="www.ahadithnotes.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ahegao.online.xml b/src/chrome/content/rules/Ahegao.online.xml
new file mode 100644
index 000000000000..79a538440c6a
--- /dev/null
+++ b/src/chrome/content/rules/Ahegao.online.xml
@@ -0,0 +1,6 @@
+<ruleset name="Ahegao.online" platform="mixedcontent">
+	<target host="ahegao.online" />
+	<target host="www.ahegao.online" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AhlalHdeeth.com.xml b/src/chrome/content/rules/AhlalHdeeth.com.xml
new file mode 100644
index 000000000000..ff05777196e9
--- /dev/null
+++ b/src/chrome/content/rules/AhlalHdeeth.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="AhlalHdeeth.com">
+	<target host="ahlalhdeeth.com" />
+	<target host="www.ahlalhdeeth.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ahm.com.au.xml b/src/chrome/content/rules/Ahm.com.au.xml
new file mode 100644
index 000000000000..89a28b119520
--- /dev/null
+++ b/src/chrome/content/rules/Ahm.com.au.xml
@@ -0,0 +1,26 @@
+<ruleset name="ahm.com.au (partial)">
+
+	<target host="ahm.com.au" />
+	<target host="members.ahm.com.au" />
+	<target host="providers.ahm.com.au" />
+	<target host="www.ahm.com.au" />
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="^http://(providers|www)\.ahm\.com\.au/+($|\?|favicon\.ico)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://(?:providers|www)\.ahm\.com\.au/+(?!assets/)" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^members\.ahm\.com\.au$" name="^__RequestVerificationToken$" /-->
+
+	<securecookie host="^members\.ahm\.com\.au$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ahmia.fi.xml b/src/chrome/content/rules/Ahmia.fi.xml
new file mode 100644
index 000000000000..bebbe546c387
--- /dev/null
+++ b/src/chrome/content/rules/Ahmia.fi.xml
@@ -0,0 +1,18 @@
+
+<!--
+	Invalid Certificate:
+		www.ahmia.fi
+	Unable to Connect:
+		campaigns.ahmia.fi
+		manager.ahmia.fi
+-->
+<ruleset name="ahmia.fi">
+	<target host="ahmia.fi" />
+	<target host="www.ahmia.fi" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://www\.ahmia\.fi/" to="https://ahmia.fi/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AhnLab.com.xml b/src/chrome/content/rules/AhnLab.com.xml
new file mode 100644
index 000000000000..e56f5778b17a
--- /dev/null
+++ b/src/chrome/content/rules/AhnLab.com.xml
@@ -0,0 +1,16 @@
+<!--
+	Connection refused:
+		- ^
+		- download
+-->
+<ruleset name="AhnLab.com">
+	<target host="ahnlab.com" />
+	<target host="www.ahnlab.com" />
+	<target host="global.ahnlab.com" />
+	<target host="image.ahnlab.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://ahnlab\.com/" to="https://www.ahnlab.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ahnlab.com.xml b/src/chrome/content/rules/Ahnlab.com.xml
deleted file mode 100644
index ec9f1d9fc1cb..000000000000
--- a/src/chrome/content/rules/Ahnlab.com.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<!-- av vendor -->
-<ruleset name="Ahnlab" platform="mixedcontent">
-	<target host="image.ahnlab.com" />
-	<target host="global.ahnlab.com" />
-	<rule from="^http://global\.ahnlab\.com/" to="https://global.ahnlab.com/"/>
-	<rule from="^http://image\.ahnlab\.com/" to="https://image.ahnlab.com/"/>
-</ruleset>
-
diff --git a/src/chrome/content/rules/Ahosting.cz.xml b/src/chrome/content/rules/Ahosting.cz.xml
new file mode 100644
index 000000000000..283f813835a2
--- /dev/null
+++ b/src/chrome/content/rules/Ahosting.cz.xml
@@ -0,0 +1,35 @@
+<!--
+	Mismatched:
+		- webmail.c1.ahosting.cz
+		- webmail2.c1.ahosting.cz
+		- webmail2.c2.ahosting.cz
+		- 301.ahosting.cz
+	Expired cert:
+		- imap.ahosting.cz
+		- titan.ahosting.cz
+		- mail.ahosting.cz
+		- admin.ahosting.cz
+		- smtp.ahosting.cz
+		- pop.ahosting.cz
+		- webmail2.ahosting.cz
+		- cluster3.ahosting.cz
+	 Incomplete certificate chain:
+		- domeny.ahosting.cz
+		- webmail.ahosting.cz
+	Problematic customer subdomains e.g.:
+		- uvt.ahosting.cz
+		- 1.ahosting.cz
+		- octaviaclub2.ahosting.cz
+-->
+<ruleset name="Ahosting.cz">
+    <target host="ahosting.cz" />
+    <target host="www.ahosting.cz" />
+    <target host="pku.ahosting.cz" />
+    <target host="c2.ahosting.cz" />
+    <target host="c3.ahosting.cz" />
+    <target host="dmcargo.ahosting.cz" />
+    <target host="cluster1.ahosting.cz" />
+    <target host="cluster2.ahosting.cz" />
+
+    <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Aidsmap.com.xml b/src/chrome/content/rules/Aidsmap.com.xml
new file mode 100644
index 000000000000..da604b40392f
--- /dev/null
+++ b/src/chrome/content/rules/Aidsmap.com.xml
@@ -0,0 +1,37 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://images.aidsmap.com/ => https://images.aidsmap.com/: (35, 'Unknown SSL protocol error in connection to images.aidsmap.com:443 ')
+Fetch error: http://www.aidsmap.com/ => https://www.aidsmap.com/: (35, 'Unknown SSL protocol error in connection to www.aidsmap.com:443 ')
+Fetch error: http://aidsmap.com/ => https://www.aidsmap.com/: (35, 'Unknown SSL protocol error in connection to www.aidsmap.com:443 ')
+
+	^: 404
+
+
+	Mixed content:
+
+		- Images from maps.google.com *
+		- Bug from www.facebook.com *
+
+	* Secured by us
+
+-->
+<ruleset name="aidsmap.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="images.aidsmap.com" />
+	<target host="www.aidsmap.com" />
+
+	<!--	Complications:
+				-->
+	<target host="aidsmap.com" />
+
+
+	<rule from="^http://aidsmap\.com/"
+		to="https://www.aidsmap.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Aim4Media.com.xml b/src/chrome/content/rules/Aim4Media.com.xml
index 2b6833944250..486bd32e7021 100644
--- a/src/chrome/content/rules/Aim4Media.com.xml
+++ b/src/chrome/content/rules/Aim4Media.com.xml
@@ -1,4 +1,10 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://ad.aim4media.com/ (200) => https://ad.yieldmanager.com/ (502)
+
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://ad.aim4media.com/ (200) => https://ad.yieldmanager.com/ (404)
 	Nonfunctional subdomains:
 
 		- (www.)	(refused)
@@ -15,7 +21,7 @@
 		- ad	(→ ad.yieldmanager.com)
 
 -->
-<ruleset name="Aim4Media.com (partial)">
+<ruleset name="Aim4Media.com (partial)" default_off="failed ruleset test">
 
 	<target host="ad.aim4media.com" />
 
@@ -23,4 +29,4 @@
 	<rule from="^http://ad\.aim4media\.com/"
 		to="https://ad.yieldmanager.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Aimatch.com.xml b/src/chrome/content/rules/Aimatch.com.xml
index eb2b5207551f..48e4f743f451 100644
--- a/src/chrome/content/rules/Aimatch.com.xml
+++ b/src/chrome/content/rules/Aimatch.com.xml
@@ -4,20 +4,31 @@
 
 	Problematic subdomains:
 
-		- ^	(mismatched, CN: www.buyfacefx.com)
-		- www	(mismatched, CN: *.sas.com)
+		- (www.)? *
+
+	* Dropped
 
 -->
 <ruleset name="aimatch.com">
 
+	<!--	Direct rewrites:
+				-->
+	<target host="content.aimatch.com" />
+	<target host="crtl.aimatch.com" />
+
+	<!--	Complications:
+				-->
 	<target host="aimatch.com" />
-	<target host="*.aimatch.com" />
+	<target host="www.aimatch.com" />
+
 
+	<rule from="^http://(?:www\.)?aimatch\.com/[^?]*"
+		to="https://www.sas.com/software/customer-intelligence/intelligent-advertising.html" />
 
-	<rule from="^http://(?:www\.)?aimatch\.com/[^?]*(\?.*)?"
-		to="https://www.sas.com/software/customer-intelligence/intelligent-advertising.html$1" />
+		<test url="http://aimatch.com/?" />
+		<test url="http://www.aimatch.com/?" />
 
-	<rule from="^http://crtl\.aimatch\.com/"
-		to="https://crtl.aimatch.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Aimpulse.com.xml b/src/chrome/content/rules/Aimpulse.com.xml
new file mode 100644
index 000000000000..36a7c9cbf6fb
--- /dev/null
+++ b/src/chrome/content/rules/Aimpulse.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="Aimpulse.com">
+  <target host="aimpulse.com" />
+  <target host="www.aimpulse.com" />
+  <target host="api.aimpulse.com" />
+  <target host="developer.aimpulse.com" />
+  <target host="maps.aimpulse.com" />
+  <target host="ssl.aimpulse.com" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Aioe.org.xml b/src/chrome/content/rules/Aioe.org.xml
index baecd2531918..c0eb8387019e 100644
--- a/src/chrome/content/rules/Aioe.org.xml
+++ b/src/chrome/content/rules/Aioe.org.xml
@@ -1,14 +1,18 @@
 <!--
-	Expired 2013-02-13
+	Invalid certificate:
+		blog.aioe.org
+		web.aioe.org
+
+	Refused:
+		webmail.aioe.org
 
 -->
-<ruleset name="Aioe.org" default_off="expired">
+<ruleset name="Aioe.org">
 
-	<target host="aioe.org" />
 	<target host="www.aioe.org" />
+	<target host="news.aioe.org" />
 
+	<rule from="^http:"
+		to="https:" />
 
-	<rule from="^http://(?:www\.)?aioe\.org/"
-		to="https://aioe.org/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Air-Canada-Pilots-Association.xml b/src/chrome/content/rules/Air-Canada-Pilots-Association.xml
index c06d35e22e34..b5b059396517 100644
--- a/src/chrome/content/rules/Air-Canada-Pilots-Association.xml
+++ b/src/chrome/content/rules/Air-Canada-Pilots-Association.xml
@@ -1,7 +1,13 @@
-<!--	secure.... homepage redirects to www
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://secure.acpa.ca/ => https://secure.acpa.ca/: (35, 'error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://secure.acpa.ca/ => https://secure.acpa.ca/: (51, "SSL: no alternative certificate subject name matches target host name 'www.acpa.ca'")	secure.... homepage redirects to www
 	other pages redirect to http://secure...
 -->
-<ruleset name="Air Canada Pilot's Association (partial)">
+<ruleset name="Air Canada Pilot's Association (partial)" default_off="failed ruleset test">
 
 	<target host="acpa.ca"/>
 	<target host="secure.acpa.ca"/>
diff --git a/src/chrome/content/rules/AirAsia.xml b/src/chrome/content/rules/AirAsia.xml
index 43657f2a87c2..856919e9833b 100644
--- a/src/chrome/content/rules/AirAsia.xml
+++ b/src/chrome/content/rules/AirAsia.xml
@@ -1,13 +1,52 @@
-<ruleset name="Air Asia (broken)" default_off="currently broken">
-  <target host="airasia.com" />
-  <target host="*.airasia.com" />
-  <target host="airasiamegastore.com" />
-  <target host="www.airasiamegastore.com" />
-
-  <rule from="^http://(?:www\.)?airasia\.com/"
-	  to="https://www.airasia.com/" />
-  <rule from="^http://(booking|booking2|goholiday|mobile|origin-www|redtix-tickets)\.airasia\.com/"
-	  to="https://$1.airasia.com/" />
-  <rule from="^http://(?:www\.)?airasiamegastore\.com/"
-	  to="https://www.airasiamegastore.com/" />
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+		- airasia.com
+		- blog.airasia.com
+		- cms.airasia.com
+		- goholiday.airasia.com
+		- origin-www.airasia.com
+
+		Timeout was reached:
+		- cargo.airasia.com
+		- facebook.airasia.com
+		- stgsfcms.airasia.com
+
+		SSL peer certificate was not OK:
+		- qz8501.airasia.com
+		- redemption.airasia.com
+
+		Incomplete certificate chain error:
+		- hris.airasia.com
+
+		4xx client error:
+		- selfservice.airasia.com
+		- stgmember.airasia.com
+-->
+<ruleset name="AirAsia (partial)">
+	<target host="airasia.com" />
+	<target host="www.airasia.com" />
+	<target host="allstarsbooking.airasia.com" />
+	<target host="aseanpass.airasia.com" />
+	<target host="assistive.airasia.com" />
+	<target host="booking.airasia.com" />
+	<target host="booking2.airasia.com" />
+	<target host="checkin.airasia.com" />
+	<target host="eform.airasia.com" />
+	<target host="giftvoucher.airasia.com" />
+	<target host="itinportal.airasia.com" />
+	<target host="member.airasia.com" />
+	<target host="mobile.airasia.com" />
+	<target host="people.airasia.com" />
+	<target host="redcrew.airasia.com" />
+	<target host="redicons.airasia.com" />
+	<target host="redtix.airasia.com" />
+	<target host="redtix-tickets.airasia.com" />
+	<target host="taxinvoice.airasia.com" />
+
+	<rule from="^http://airasia\.com/"
+			to="https://www.airasia.com/" />
+
+	<rule from="^http:"
+			to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/AirMalta.com.xml b/src/chrome/content/rules/AirMalta.com.xml
new file mode 100644
index 000000000000..694d10608882
--- /dev/null
+++ b/src/chrome/content/rules/AirMalta.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="AirMalta.com (partial)">
+	<target host="airmalta.com" />
+	<target host="www.airmalta.com" />
+
+	<!-- https://airmalta.com -> http://www.airmalta.com http redirect -->
+	<rule from="^http://airmalta\.com/" to="https://www.airmalta.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AirMap.xml b/src/chrome/content/rules/AirMap.xml
new file mode 100644
index 000000000000..6f55a6ea0555
--- /dev/null
+++ b/src/chrome/content/rules/AirMap.xml
@@ -0,0 +1,29 @@
+<!--
+        Time out:
+                developers.airmap.io
+                sdk.airmap.io
+
+-->
+<ruleset name="AirMap">
+	<target host="airmap.com" />
+	<target host="www.airmap.com" />
+	<target host="api.airmap.com" />
+	<target host="app.airmap.com" />
+	<target host="cdn.airmap.com" />
+	<target host="dashboard.airmap.com" />
+	<target host="developers.airmap.com" />
+	<target host="sdk.airmap.com" />
+	<target host="support.airmap.com" />
+	<target host="airmap.io" />
+	<target host="www.airmap.io" />
+	<target host="api.airmap.io" />
+	<target host="app.airmap.io" />
+	<target host="cdn.airmap.io" />
+	<target host="dashboard.airmap.io" />
+	<target host="sso.airmap.io" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AirPair.com.xml b/src/chrome/content/rules/AirPair.com.xml
new file mode 100644
index 000000000000..9a22001134df
--- /dev/null
+++ b/src/chrome/content/rules/AirPair.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="AirPair.com">
+
+	<target host="airpair.com" />
+	<target host="www.airpair.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AirVPN.xml b/src/chrome/content/rules/AirVPN.xml
deleted file mode 100644
index 1b248d8d2ea6..000000000000
--- a/src/chrome/content/rules/AirVPN.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<ruleset name="Air VPN">
-
-	<target host="airvpn.org"/>
-	<target host="www.airvpn.org"/>
-
-	<securecookie host="^(.*\.)?airvpn\.org$" name=".*"/>
-
-	<rule from="^http://(www\.)?airvpn\.org/"
-		to="https://$1airvpn.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Airbnb.xml b/src/chrome/content/rules/Airbnb.xml
deleted file mode 100644
index e0c501ecee9c..000000000000
--- a/src/chrome/content/rules/Airbnb.xml
+++ /dev/null
@@ -1,80 +0,0 @@
-<!--
-	Nonfunctional domains:
-
-		- blog.airbnb.com	(refused)
-
-
-	Problematic domains:
-
-		- airbnb.ca *
-		- airbnb.co.kr *
-		- airbnb.co.uk *
-		- tv.airbnb.com		(works; mismatched, CN: *.vidcaster.com)
-		- airbnb.de *
-		- airbnb.com.au *
-		- airbnb.com.br *
-		- airbnb.es *
-		- airbnb.fr *
-		- airbnb.it *
-		- airbnb.jp *
-		- airbnb.ru *
-
-	* Works; mismatched, CN: *.airbnb.com
-
-
-	Fully covered domains:
-
-		- (www.)airbnb.ca *
-		- (www.)airbnb.co.kr *
-		- (www.)airbnb.co.uk *
-		- (www.)airbnb.com
-		- m.airbnb.com
-		- (www.)airbnb.com.au *
-		- (www.)airbnb.com.br *
-		- (www.)airbnb.de *
-		- (www.)airbnb.es *
-		- (www.)airbnb.fr *
-		- (www.)airbnb.it *
-		- (www.)airbnb.jp *
-		- (www.)airbnb.ru *
-		- a0.muscache.com
-		- a1.muscache.com
-
-	* ^ → www
-
-
--->
-<ruleset name="Airbnb (partial)">
-
-	<target host="airbnb.*" />
-	<target host="www.airbnb.*" />
-	<target host="*.airbnb.ca" />
-	<target host="airbnb.co.*" />
-	<target host="*.airbnb.co.kr" />
-	<target host="*.airbnb.co.uk" />
-	<target host="*.airbnb.com" />
-	<target host="www.airbnb.com.*" />
-	<target host="*.airbnb.com.au" />
-	<target host="*.airbnb.com.br" />
-	<target host="*.airbnb.de" />
-	<target host="*.airbnb.es" />
-	<target host="*.airbnb.fr" />
-	<target host="*.airbnb.it" />
-	<target host="*.airbnb.jp" />
-	<target host="*.airbnb.ru" />
-	<target host="*.muscache.com" />
-
-
-	<securecookie host="^\.airbnb\.(?:ca|co\.kr|co\.uk|com|com\.au|com\.br|de|es|fr|it|jp|ru)$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?airbnb\.(ca|co\.kr|co\.uk|com|com\.au|com\.br|de|es|fr|it|jp|ru)/"
-		to="https://www.airbnb.$1/" />
-
-	<rule from="^http://(m\.|www\.)?airbnb\.com/"
-		to="https://$1airbnb.com/" />
-
-	<rule from="^http://a(0|1)\.muscache\.com/"
-		to="https://a$1.muscache.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Aircrack-ng.xml b/src/chrome/content/rules/Aircrack-ng.xml
deleted file mode 100644
index 7045d034247d..000000000000
--- a/src/chrome/content/rules/Aircrack-ng.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	CN: ssl2.ovh.net
-
--->
-<ruleset name="Aircrack-ng" default_off="mismatched">
-
-	<target host="aircrack-ng.org" />
-	<target host="www.aircrack-ng.org" />
-
-
-	<securecookie host="^aircrack-ng\.org$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?aircrack-ng\.org/"
-		to="https://aircrack-ng.org/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/AirportBanking.com.xml b/src/chrome/content/rules/AirportBanking.com.xml
new file mode 100644
index 000000000000..d44beaf6d458
--- /dev/null
+++ b/src/chrome/content/rules/AirportBanking.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="AirportBanking.com">
+	<target host="airportbanking.com" />
+	<target host="www.airportbanking.com" />
+	<target host="cpanel.airportbanking.com" />
+	<target host="mail.airportbanking.com" />
+	<target host="webdisk.airportbanking.com" />
+	<target host="webmail.airportbanking.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Airs.com.xml b/src/chrome/content/rules/Airs.com.xml
new file mode 100644
index 000000000000..96c0a0351d22
--- /dev/null
+++ b/src/chrome/content/rules/Airs.com.xml
@@ -0,0 +1,20 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+			 - dns.airs.com
+			 - road.airs.com
+
+		Timeout was reached:
+			 - marvin.airs.com
+
+		SSL peer certificate was not OK:
+			 - sam.airs.com
+-->
+<ruleset name="Airs.com">
+	<target host="airs.com" />
+	<target host="www.airs.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Airs.xml b/src/chrome/content/rules/Airs.xml
deleted file mode 100644
index b5e841b39c4b..000000000000
--- a/src/chrome/content/rules/Airs.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	- Expired 2003-12-07
-	- CN: localhost.localdomain
-
--->
-<ruleset name="Airs" default_off="expired, self-signed">
-
-	<target host="airs.com" />
-	<target host="www.airs.com" />
-
-
-	<rule from="^http://(?:www\.)?airs\.com/"
-		to="https://airs.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/AirshipVentures.xml b/src/chrome/content/rules/AirshipVentures.xml
index 720b91fb5cff..e809b2642ab9 100644
--- a/src/chrome/content/rules/AirshipVentures.xml
+++ b/src/chrome/content/rules/AirshipVentures.xml
@@ -1,4 +1,14 @@
-<ruleset name="AirshipVentures">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.airshipventures.com/ => https://www.airshipventures.com/: (35, 'Unknown SSL protocol error in connection to www.airshipventures.com:443 ')
+Fetch error: http://airshipventures.com/ => https://www.airshipventures.com/: (35, 'Unknown SSL protocol error in connection to www.airshipventures.com:443 ')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.airshipventures.com/ => https://www.airshipventures.com/: (35, 'Unknown SSL protocol error in connection to www.airshipventures.com:443 ')
+Fetch error: http://airshipventures.com/ => https://www.airshipventures.com/: (35, 'Unknown SSL protocol error in connection to www.airshipventures.com:443 ')
+-->
+<ruleset name="AirshipVentures" default_off="failed ruleset test">
   <target host="www.airshipventures.com" />
   <target host="airshipventures.com" />
 
diff --git a/src/chrome/content/rules/Airshow-Journal.xml b/src/chrome/content/rules/Airshow-Journal.xml
index 44b04c0beef6..811430b70884 100644
--- a/src/chrome/content/rules/Airshow-Journal.xml
+++ b/src/chrome/content/rules/Airshow-Journal.xml
@@ -1,4 +1,4 @@
-<ruleset name="Airshow Journal" default_off="mismatch">
+<ruleset name="Airshow Journal" default_off="mismatched">
 
 	<!--	Cert: www.astronomicaltours.net	-->
 	<target host="*.airshowjournal.com" />
diff --git a/src/chrome/content/rules/AirsoftGI.com.xml b/src/chrome/content/rules/AirsoftGI.com.xml
index 0d2d2071711f..c25e69f6a97f 100644
--- a/src/chrome/content/rules/AirsoftGI.com.xml
+++ b/src/chrome/content/rules/AirsoftGI.com.xml
@@ -1,13 +1,18 @@
-<ruleset name="AirsoftGI.com">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://airsoftgi.com/ => https://airsoftgi.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+-->
+<ruleset name="AirsoftGI.com" default_off="failed ruleset test">
 
 	<target host="airsoftgi.com" />
-	<target host="*.airsoftgi.com" />
+	<target host="www.airsoftgi.com" />
 
 
 	<securecookie host="^\.airsoftgi\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?airsoftgi\.com/"
-		to="https://$1airsoftgi.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Airtime.pro.xml b/src/chrome/content/rules/Airtime.pro.xml
new file mode 100644
index 000000000000..7cc14c84224a
--- /dev/null
+++ b/src/chrome/content/rules/Airtime.pro.xml
@@ -0,0 +1,16 @@
+<!--
+	For other Sourcefabric coverage, see Sourcefabric.org.xml.
+
+-->
+<ruleset name="Airtime.pro">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="airtime.pro" />
+	<target host="www.airtime.pro" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Airtop-pc.com.xml b/src/chrome/content/rules/Airtop-pc.com.xml
new file mode 100644
index 000000000000..a53ca0dcfee3
--- /dev/null
+++ b/src/chrome/content/rules/Airtop-pc.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="Airtop-pc.com">
+	<target host="airtop-pc.com" />
+	<target host="www.airtop-pc.com" />
+	<rule from="^http://www\.airtop-pc\.com/"
+	to="https://airtop-pc.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Airtricity.xml b/src/chrome/content/rules/Airtricity.xml
deleted file mode 100644
index 45344cae11f0..000000000000
--- a/src/chrome/content/rules/Airtricity.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="Airtricity" platform="mixedcontent">
-  <target host="www.airtricity.com" />
-  <target host="airtricity.com" />
-  <target host="*.airtricity.com" />
-
-  <rule from="^http://airtricity\.com/" to="https://www.airtricity.com/"/>
-  <rule from="^http://([^/:@\.]+)\.airtricity\.com/" to="https://$1.airtricity.com/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/Aist.go.jp.xml b/src/chrome/content/rules/Aist.go.jp.xml
new file mode 100644
index 000000000000..32593bf484a0
--- /dev/null
+++ b/src/chrome/content/rules/Aist.go.jp.xml
@@ -0,0 +1,53 @@
+<!--
+	Different HTTP/HTTPS content:
+		www.dh.aist.go.jp
+
+	Invalid certificate:
+		www.airc.aist.go.jp
+		rs-seminar.cons.aist.go.jp
+		etlcdb.db.aist.go.jp
+		riscad.db.aist.go.jp
+		rise.db.aist.go.jp
+		scdb.db.aist.go.jp
+		ikourenkei.forum.aist.go.jp
+		www.fukushima.aist.go.jp
+		green.aist.go.jp
+		riodb.ibase.aist.go.jp
+		riodb01.ibase.aist.go.jp
+		riodb02.ibase.aist.go.jp
+		irc3.aist.go.jp
+		m.aist.go.jp
+		md-guidelines.pj.aist.go.jp
+		md-network.pj.aist.go.jp
+		metese-blog.pj.aist.go.jp
+		o-gear.pj.aist.go.jp
+		scc.pj.aist.go.jp
+		scc.pr.aist.go.jp
+		sdbs.riodb.aist.go.jp
+
+	Redirect to HTTP:
+		www.aist.go.jp
+
+	Timeout:
+		explosion-safety.db.aist.go.jp
+		idea.db.aist.go.jp
+		rrpdb.db.aist.go.jp
+		rschrdb.db.aist.go.jp
+		scf-s.db.aist.go.jp
+		sdbs.db.aist.go.jp
+		ssnmr-sd.db.aist.go.jp
+		tpds.db.aist.go.jp
+		kaiji.aist.go.jp
+
+-->
+<ruleset name="aist.go.jp (partial)">
+	<target host="a.aist.go.jp" />
+	<target host="www.ith.aist.go.jp" />
+	<target host="www.itri.aist.go.jp" />
+	<target host="www.rcis.aist.go.jp" />
+	<target host="www.risec.aist.go.jp" />
+	<target host="staff.aist.go.jp" />
+	<target host="unit.aist.go.jp" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AkademikerForsakring.se.xml b/src/chrome/content/rules/AkademikerForsakring.se.xml
index b5b95306e7bb..44c71a7899f7 100644
--- a/src/chrome/content/rules/AkademikerForsakring.se.xml
+++ b/src/chrome/content/rules/AkademikerForsakring.se.xml
@@ -1,7 +1,16 @@
-<ruleset name="AkademikerFörsäkring.se">
+<!--
+	ERR_SSL_UNRECOGNIZED_NAME_ALERT:
+ 		- akademikerforsakring.se
+ 		- xn-\-akademikerfrskring-xtb17a.se
+		- www.xn-\-akademikerfrskring-xtb17a.se
+-->
+<ruleset name="AkademikerForsakring.se">
 	<target host="akademikerforsakring.se" />
 	<target host="www.akademikerforsakring.se" />
-	<target host="akademikerförsäkring.se" />
-	<target host="www.akademikerförsäkring.se" />
-	<rule from="^http://(?:www\.)?akademikerf[oö]rs[aä]kring\.se/" to="https://www.akademikerforsakring.se/"/>
+	<target host="xn--akademikerfrskring-xtb17a.se" />
+	<target host="www.xn--akademikerfrskring-xtb17a.se" />
+
+	<rule from="^http://(akademikerforsakring|(www\.)?xn--akademikerfrskring-xtb17a)\.se/" 
+		  to="https://www.akademikerforsakring.se/" />
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/AkademiskaHus.se.xml b/src/chrome/content/rules/AkademiskaHus.se.xml
index 7fb3b3a8ce50..b3f86bb825e9 100644
--- a/src/chrome/content/rules/AkademiskaHus.se.xml
+++ b/src/chrome/content/rules/AkademiskaHus.se.xml
@@ -1,18 +1,50 @@
 <!--
-	Nonfunctional subdomains:
-
-		- (www.)	(times out)
-
+	Invalid certificate:
+
+		- albanocam1.akademiskahus.se
+		- albanocam2.akademiskahus.se
+		- albanocam3.akademiskahus.se
+		- ul111.akahus.akademiskahus.se
+		- un180.akahus.akademiskahus.se
+		- un184.akahus.akademiskahus.se
+		- forettklokaresverige.akademiskahus.se
+		- gate.akademiskahus.se
+		- lyncdiscover.akademiskahus.se
+		- sip.akademiskahus.se
+		- admin.studbo.akademiskahus.se
+
+	Bad redirect:
+		- mobil.akademiskahus.se
+		- mobiltest.akademiskahus.se
+
+	HTTP only:
+		
+		- framtidsmodellen.akademiskahus.se
+		- arsredovisning.akademiskahus.se
 -->
-<ruleset name="AkademiskaHus.se (partial)">
-
-	<target host="*.akademiskahus.se" />
-
-
-	<securecookie host="^(?:portal|vpn)\.akademiskahus\.se$" name=".+" />
-
-
-	<rule from="^http://(portal|vpn)\.akademiskahus\.se/"
-		to="https://$1.akademiskahus.se/" />
-
-</ruleset>
\ No newline at end of file
+<ruleset name="AkademiskaHus.se">
+	<target host="akademiskahus.se"/>
+	<target host="www.akademiskahus.se"/>
+	<target host="aha.akademiskahus.se" />
+	<target host="ahaapi.akademiskahus.se" />
+	<target host="awl.akademiskahus.se" />
+	<target host="boka.akademiskahus.se" />
+	<target host="desktop.akademiskahus.se" />
+	<target host="navet.akademiskahus.se" />
+	<target host="portal.akademiskahus.se" />
+	<target host="ra.akademiskahus.se" />
+	<target host="rdweb.akademiskahus.se" />
+	<target host="vcfdmz02.akademiskahus.se" />
+	<target host="e03.video.akademiskahus.se" />
+	<target host="e03-1.video.akademiskahus.se" />
+	<target host="e03-2.video.akademiskahus.se" />
+	<target host="vmr.akademiskahus.se" />
+	<target host="e03.vmr.akademiskahus.se" />
+	<target host="e03-1.vmr.akademiskahus.se" />
+	<target host="e03-2.vmr.akademiskahus.se" />
+	<target host="www2.akademiskahus.se" />
+
+	<securecookie host=".+" name=".+"/>
+
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/Akamai-mismatches.xml b/src/chrome/content/rules/Akamai-mismatches.xml
index df7f672c4c35..6a915e418a50 100644
--- a/src/chrome/content/rules/Akamai-mismatches.xml
+++ b/src/chrome/content/rules/Akamai-mismatches.xml
@@ -2,7 +2,7 @@
 	For rules that are on by default, see Akamai.xml.
 
 -->
-<ruleset name="Edgesuite (mismatches)" default_off="mismatch">
+<ruleset name="Edgesuite (mismatches)" default_off="mismatched">
 
 	<target host="*.biz.edgesuite.net" />
 	<target host="*.com.edgesuite.net" />
diff --git a/src/chrome/content/rules/Akamai.com.xml b/src/chrome/content/rules/Akamai.com.xml
new file mode 100644
index 000000000000..5c32e8a73c4f
--- /dev/null
+++ b/src/chrome/content/rules/Akamai.com.xml
@@ -0,0 +1,68 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://apps-community.akamai.com/ (200) => https://apps-community.akamai.com/ (403)
+Non-2xx HTTP code: http://community-uat.akamai.com/ (200) => https://community-uat.akamai.com/ (403)
+
+	For other Akamai coverage, see Akamai.xml.
+
+
+	CDN buckets:
+
+		- /=/529/248063/9999d/blaze-cdn.s3.amazonaws.com/Z/i/	← 1.kc.blz.io
+
+
+	Nonfunctional hosts in *akamai.com:
+
+		- apps-community-uat ¹
+
+	¹ 503
+
+
+	Problematic hosts in *akamai.com:
+
+		- www.ir ᵐ
+		- it ᵐ
+		- spanish ᵐ
+
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- .akamai.com
+		- community.akamai.com
+		- community-uat.akamai.com
+		- it.akamai.com
+		- www.akamai.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Akamai.com (partial)" default_off="failed ruleset test">
+
+	<target host="akamai.com" />
+	<target host="apps-community.akamai.com" />
+	<target host="blogs.akamai.com" />
+	<target host="community.akamai.com" />
+	<target host="community-uat.akamai.com" />
+	<target host="control.akamai.com" />
+	<target host="developer.akamai.com" />
+	<target host="http2.akamai.com" />
+	<target host="www.akamai.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.akamai\.com$" name="^ak_bmsc$" /-->
+	<!--securecookie host="^community(-uat)?\.akamai\.com$" name="^(BIGipServer[\w-]+|jive\.login\.ts|jive\.security\.context)$" /-->
+	<!--securecookie host="^(it|www)\.akamai\.com$" name="^cm_sessionid$" /-->
+
+	<securecookie host="^\." name="^_(?:_qca$|gat?$|gat_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Akamai.xml b/src/chrome/content/rules/Akamai.xml
index a04a631a51c1..37f258c766b8 100644
--- a/src/chrome/content/rules/Akamai.xml
+++ b/src/chrome/content/rules/Akamai.xml
@@ -4,55 +4,106 @@
 
 	Other Akamai rulesets:
 
-		- Edgeboss.net.xml
+		- Akamai.com.xml
 
 
 	Nonfunctional domains:
 
 		- http14432.storage.akadns.net		(CN: contentstorage.akamai.com)
+		- imagesmtv-a.akamaihd.net		("An error occurred while processing your request.")
 		- cp44823.edgefcs.net			(reset)
 
+
+	Problematic domains:
+
+		- *.akamaihd.net *
+
+	* Insecure renegotiation
+
 -->
 <ruleset name="Akamai">
 
-	<target host="*.abmr.net" />
-	<target host="*.e.akamai.net" />
+	<target host="ak1.abmr.net" />
+	<target host="ak1s.abmr.net" />
 	<target host="*.akamaihd.net" />
+		<!--	Kill problematic implicit test	-->
+		<exclusion pattern="^http://ak1\.abmr\.net/$" />
+
 		<!--
 			Causes many streams to 403 and region restriction to trip inappropriately.
 
-			https://mail1.eff.org/pipermail/https-everywhere-rules/2012-October/001324.html
+			https://lists.eff.org/pipermail/https-everywhere-rules/2012-October/001322.html
 			https://trac.torproject.org/projects/tor/ticket/6557
 			https://trac.torproject.org/projects/tor/ticket/6871
 			https://trac.torproject.org/projects/tor/ticket/7080
 		 	https://trac.torproject.org/projects/tor/ticket/7198
 			https://trac.torproject.org/projects/tor/ticket/7577
 										-->
-		<exclusion pattern="^http://[\w-]+-(?:f|i|s|lh|vh)\.akamaihd\.net/" />
-                <!--
+		<exclusion pattern="^http://[\w_-]+-(?:f|i|s|lh|vh)\.akamaihd\.net/" />
+		<!--	Random URLs from VirusTotal	-->
+		<test url="http://svtarchive4a-f.akamaihd.net/crossdomain.xml" />
+		<test url="http://elpaishls-i.akamaihd.net/" />
+		<test url="http://a611avodslnsus-s.akamaihd.net/" />
+		<test url="http://radio_wlyk-lh.akamaihd.net/" />
+		<test url="http://yahoo7p-vh.akamaihd.net/" />
+
+		<!--
+			Breaks Titanfall
+
+			https://github.com/EFForg/https-everywhere/issues/390
+										-->
+		<exclusion pattern="^http://eaassets-a\.akamaihd\.net/" />
+
+		<!--
+			Breaks images on http://www.mtv.com/news/
+
+			https://github.com/EFForg/https-everywhere/pull/2651
+										-->
+		<exclusion pattern="^http://imagesmtv-a\.akamaihd\.net/" />
+		<test url="http://imagesmtv-a.akamaihd.net/uri/mgid:uma:image:mtv.com:10737537?quality=0.8&amp;format=jpg&amp;width=110&amp;height=110" />
+
+		<!--
+			Steamcommunity.com Some Functionality is Broken due to CSP
+
+			https://github.com/EFForg/https-everywhere/issues/909
+										-->
+		<exclusion pattern="^http://steamcommunity-a\.akamaihd\.net/" />
+		<test url="http://steamcommunity-a.akamaihd.net/" />
+
+		<!--
 			Apparently causes some Zynga games to fail to load.
 
 			https://trac.torproject.org/projects/tor/ticket/7090
 										-->
 		<exclusion pattern="^http://zynga\d-a.akamaihd\.net/" />
 
+		<!-- Fixing problem with Ted.com -->
+		<exclusion pattern="^http://tedcdnpb-a\.akamaihd\.net/" />
 
-	<!--securecooie host="^\.abmr\.net$" name="^01AI$" /-->
+		<!-- Fixing problem with ausopen.com -->
+		<exclusion pattern="^http://hlsak-a\.akamaihd\.net/" />
+
+	<!--securecookie host="^\.abmr\.net$" name="^01AI$" /-->
 	<securecookie host=".*\.abmr\.net$" name=".+" />
 
 
 	<rule from="^http://ak1s\.abmr\.net/"
 		to="https://ak1s.abmr.net/" />
-
-	<rule from="^http://a248\.e\.akamai\.net/"
-		to="https://a248.e.akamai.net/" />
+	<!--	Just use an URL from the ak1.abmr.net rule below	-->
+	<test url="http://ak1s.abmr.net/is/pixel.mathtag.com?U=/sync/js&amp;V=3-Z%2fH%2fr0WN0ZYjakDDxKo0khM8NMHcJc8atNMBjTJyWU5qDSjB7759WA%3d%3d&amp;I=E33624F6D7AF512&amp;D=mathtag.com&amp;01AD=1&amp;sync=auto&amp;mt_lim=5" />
 
 	<rule from="^http://([^@:/\.]+)\.akamaihd\.net/"
 		to="https://$1.akamaihd.net/" />
+	<!--	Facebook favicon, random dog picture	-->
+	<test url="http://fbstatic-a.akamaihd.net/rsrc.php/yl/r/H3nktOa7ZMg.ico" />
+	<test url="http://igcdn-photos-e-a.akamaihd.net/hphotos-ak-xaf1/t51.2885-15/11377989_454064614773572_1348139679_n.jpg" />
 
 	<!--	This secures some web bugs:
 						-->
 	<rule from="^http://ak1\.abmr\.net/is/(www.imiclk|pixel\.mathtag)\.com(?=$|\?)"
 		to="https://ak1s.abmr.net/is/$1.com" />
+	<!--	URLs from VirusTotal logs	-->
+	<test url="http://ak1.abmr.net/is/www.imiclk.com?U=/cgi/r.cgi&amp;V=3-tN8HyxniOqgs9sXSs1oQAeDmaU+wHxXRMcQxYf408a0m1hiIZDE2DY1Gni9Uk4d2&amp;I=67CD51D18E7F617&amp;D=www.imiclk.com&amp;01AD=1&amp;did=email&amp;m=3&amp;mid=CuCACD9s&amp;sp=1" />
+	<test url="http://ak1.abmr.net/is/pixel.mathtag.com?U=/sync/js&amp;V=3-Z%2fH%2fr0WN0ZYjakDDxKo0khM8NMHcJc8atNMBjTJyWU5qDSjB7759WA%3d%3d&amp;I=E33624F6D7AF512&amp;D=mathtag.com&amp;01AD=1&amp;sync=auto&amp;mt_lim=5" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Akamaized.net.xml b/src/chrome/content/rules/Akamaized.net.xml
new file mode 100644
index 000000000000..d920ddb25f62
--- /dev/null
+++ b/src/chrome/content/rules/Akamaized.net.xml
@@ -0,0 +1,7 @@
+<ruleset name="Akamaized.net">
+	<target host="untappd.akamaized.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Akb.ch.xml b/src/chrome/content/rules/Akb.ch.xml
new file mode 100644
index 000000000000..374d8948a605
--- /dev/null
+++ b/src/chrome/content/rules/Akb.ch.xml
@@ -0,0 +1,26 @@
+<!--
+	Nonfunctional hosts in *.akb.ch:
+		- 100jahre.akb.ch (m)
+		- www.100jahre.akb.ch (m)
+		- mobilebanking.akb.ch (m)
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Akb.ch">
+	<target host="akb.ch" />
+	<target host="www.akb.ch" />
+	<target host="boerse.akb.ch" />
+	<target host="eb.akb.ch" />
+	<target host="events.akb.ch" />
+	<target host="mobile.akb.ch" />
+	<target host="portal.akb.ch" />
+	<target host="staging.akb.ch" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Akban.org.xml b/src/chrome/content/rules/Akban.org.xml
new file mode 100644
index 000000000000..e2ee72d0f1b2
--- /dev/null
+++ b/src/chrome/content/rules/Akban.org.xml
@@ -0,0 +1,20 @@
+<!--
+	CDN buckets:
+
+		- c3198132.r32.cf0.rackcdn.com
+
+			- images
+
+
+	(www.): dropped
+
+-->
+<ruleset name="Akban.org">
+
+	<target host="images.akban.org" />
+
+
+	<rule from="^http://images\.akban\.org/"
+		to="https://c3198132.ssl.cf0.rackcdn.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Akinator.com.xml b/src/chrome/content/rules/Akinator.com.xml
new file mode 100644
index 000000000000..8cc12b09da6e
--- /dev/null
+++ b/src/chrome/content/rules/Akinator.com.xml
@@ -0,0 +1,23 @@
+<ruleset name="Akinator.com">
+	<target host="akinator.com" />
+	<target host="www.akinator.com" />
+	<target host="ar.akinator.com" />
+	<target host="cgu.akinator.com" />
+	<target host="cn.akinator.com" />
+	<target host="de.akinator.com" />
+	<target host="en.akinator.com" />
+	<target host="es.akinator.com" />
+	<target host="films.akinator.com" />
+	<target host="fr.akinator.com" />
+	<target host="il.akinator.com" />
+	<target host="it.akinator.com" />
+	<target host="jp.akinator.com" />
+	<target host="kr.akinator.com" />
+	<target host="nl.akinator.com" />
+	<target host="pl.akinator.com" />
+	<target host="pt.akinator.com" />
+	<target host="ru.akinator.com" />
+	<target host="tr.akinator.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Akira.org.xml b/src/chrome/content/rules/Akira.org.xml
index 24bdca3c52ae..beccce20b3e9 100644
--- a/src/chrome/content/rules/Akira.org.xml
+++ b/src/chrome/content/rules/Akira.org.xml
@@ -8,7 +8,6 @@
 	<target host="www.akira.org" />
 
 
-	<rule from="^http://(www\.)?akira\.org/"
-		to="https://$1akira.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Akismet.xml b/src/chrome/content/rules/Akismet.xml
index df4b3e41e56c..fc0611c5b96d 100644
--- a/src/chrome/content/rules/Akismet.xml
+++ b/src/chrome/content/rules/Akismet.xml
@@ -1,6 +1,23 @@
-<ruleset name="Akismet" platform="mixedcontent">
-  <target host="akismet.com" />
-  <target host="www.akismet.com" />
+<!--
+	Mixed content:
+
+		- css from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Akismet">
+
+
+	<target host="akismet.com" />
+	<target host="www.akismet.com" />
+
+
+	<!--	Secured by server:
+					-->
+	<!--securecookie host="^akismet\.com$" name="^__wpcc$" /-->
+
+
+	<rule from="^http:" to="https:" />
 
-  <rule from="^http://(?:www\.)?akismet\.com/" to="https://akismet.com/" />
 </ruleset>
diff --git a/src/chrome/content/rules/Aklamio.com.xml b/src/chrome/content/rules/Aklamio.com.xml
new file mode 100644
index 000000000000..bea0c4618f96
--- /dev/null
+++ b/src/chrome/content/rules/Aklamio.com.xml
@@ -0,0 +1,18 @@
+<ruleset name="aklamio.com">
+
+	<target host="aklamio.com" />
+	<target host="www.aklamio.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?aklamio\.com$" name="^locale$" /-->
+	<!--securecookie host="^www\.aklamio\.com$" name="^_aklamio_v3_session$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AkolaProject.org.xml b/src/chrome/content/rules/AkolaProject.org.xml
new file mode 100644
index 000000000000..598490da46a0
--- /dev/null
+++ b/src/chrome/content/rules/AkolaProject.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="AkolaProject.org">
+	<target host="akolaproject.org" />
+	<target host="www.akolaproject.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Aktion-Deutschland-Hilft.de.xml b/src/chrome/content/rules/Aktion-Deutschland-Hilft.de.xml
index f88ac9358693..bafdae6b040a 100644
--- a/src/chrome/content/rules/Aktion-Deutschland-Hilft.de.xml
+++ b/src/chrome/content/rules/Aktion-Deutschland-Hilft.de.xml
@@ -18,7 +18,8 @@
 <ruleset name="Aktion-Deutschland-Hilft.de (partial)">
 
 	<target host="aktion-deutschland-hilft.de" />
-	<target host="*.aktion-deutschland-hilft.de" />
+	<target host="www.aktion-deutschland-hilft.de" />
+	<target host="media.aktion-deutschland-hilft.de" />
 
 
 	<rule from="^http://(?:www\.)?aktion-deutschland-hilft\.de/(css/|favicon\.ico|fileadmin/|index\.php\?eID=adh_banner|typo3(?:conf|temp)/|uploads/)"
@@ -27,4 +28,4 @@
 	<rule from="^http://media\.aktion-deutschland-hilft\.de/"
 		to="https://d3c57cw0c70g44.cloudfront.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Aktivix.org.xml b/src/chrome/content/rules/Aktivix.org.xml
new file mode 100644
index 000000000000..1e6691e18525
--- /dev/null
+++ b/src/chrome/content/rules/Aktivix.org.xml
@@ -0,0 +1,47 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://lists.aktivix.org/ => https://lists.aktivix.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	www.aktivix.org: mismatched, CN: newyear.aktivix.org
+
+
+	These altnames don't exist:
+
+		- www.lists.aktivix.org
+		- www.owncloud.aktivix.org
+
+
+	Insecure cookies are set for these hosts:
+
+		- owncloud.aktivix.org
+
+-->
+<ruleset name="Aktivix.org" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="aktivix.org" />
+	<target host="lists.aktivix.org" />
+	<target host="newyear.aktivix.org" />
+	<target host="owncloud.aktivix.org" />
+
+	<!--	Complications:
+				-->
+	<target host="www.aktivix.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^owncloud\.aktivix\.org$" name="^[\da-f]+$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://www\.aktivix\.org/"
+		to="https://aktivix.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Al-Islam.org.xml b/src/chrome/content/rules/Al-Islam.org.xml
new file mode 100644
index 000000000000..e8394927f47d
--- /dev/null
+++ b/src/chrome/content/rules/Al-Islam.org.xml
@@ -0,0 +1,16 @@
+<!--
+	Invalid certificate:
+	- beta.al-islam.org
+	- blog.al-islam.org
+	- quran.al-islam.org
+	- supplications.al-islam.org
+
+-->
+<ruleset name="Al-Islam.org">
+	<target host="al-islam.org" />
+	<target host="www.al-islam.org" />
+
+	<securecookie host="^www\.al-islam\.org$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Al-Madina.com.xml b/src/chrome/content/rules/Al-Madina.com.xml
new file mode 100644
index 000000000000..af1d93dbd0de
--- /dev/null
+++ b/src/chrome/content/rules/Al-Madina.com.xml
@@ -0,0 +1,13 @@
+<!--
+	Mismatched:
+		- madina
+		- waseet
+-->
+<ruleset name="Al-Madina.com">
+	<target host="al-madina.com" />
+	<target host="www.al-madina.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Al-Maktaba.org.xml b/src/chrome/content/rules/Al-Maktaba.org.xml
new file mode 100644
index 000000000000..ed0598a21fc6
--- /dev/null
+++ b/src/chrome/content/rules/Al-Maktaba.org.xml
@@ -0,0 +1,14 @@
+<!--
+	Invalid Certificate:
+		www.al-maktaba.org
+-->
+<ruleset name="al-Maktaba.org">
+	<target host="al-maktaba.org" />
+	<target host="www.al-maktaba.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://www\.al-maktaba\.org/" to="https://al-maktaba.org/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Al-Mostafa.info.xml b/src/chrome/content/rules/Al-Mostafa.info.xml
new file mode 100644
index 000000000000..f3cfc1c385ef
--- /dev/null
+++ b/src/chrome/content/rules/Al-Mostafa.info.xml
@@ -0,0 +1,6 @@
+<ruleset name="al-Mostafa.info">
+	<target host="al-mostafa.info" />
+	<target host="www.al-mostafa.info" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Al-Quran.info.xml b/src/chrome/content/rules/Al-Quran.info.xml
new file mode 100644
index 000000000000..7c1b1b0e9fde
--- /dev/null
+++ b/src/chrome/content/rules/Al-Quran.info.xml
@@ -0,0 +1,8 @@
+<ruleset name="Al-Quran.info">
+	<target host="al-quran.info" />
+	<target host="feedback.al-quran.info" />
+	<target host="oqp.al-quran.info" />
+	<target host="oqp2.al-quran.info" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Al-Sabeel.net.xml b/src/chrome/content/rules/Al-Sabeel.net.xml
new file mode 100644
index 000000000000..b511470fcbe2
--- /dev/null
+++ b/src/chrome/content/rules/Al-Sabeel.net.xml
@@ -0,0 +1,8 @@
+<ruleset name="Al-Sabeel.net">
+	<target host="al-sabeel.net" />
+	<target host="www.al-sabeel.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Al-Shia.org.xml b/src/chrome/content/rules/Al-Shia.org.xml
new file mode 100644
index 000000000000..6069d5445a89
--- /dev/null
+++ b/src/chrome/content/rules/Al-Shia.org.xml
@@ -0,0 +1,155 @@
+<!--
+	Invalid certificate:
+	- al-shia.org
+	- www.al-shia.org
+	- mail.al-shia.org
+
+	- arabi.al-shia.org
+
+	- bn.al-shia.org
+	- www.bn.al-shia.org
+
+	- en.al-shia.org
+	- www.en.al-shia.org
+
+	- fr.al-shia.org
+	- www.fr.al-shia.org
+
+	- ps.al-shia.org
+	- www.ps.al-shia.org
+
+-->
+<ruleset name="Al-Shia.org">
+	<target host="quran.al-shia.org" />
+	<target host="www.quran.al-shia.org" />
+	<target host="mail.quran.al-shia.org" />
+
+	<target host="ara.al-shia.org" />
+	<target host="mail.ara.al-shia.org" />
+	<!-- Mixed content blocking -->
+	<target host="arabic.al-shia.org" />
+	<target host="www.arabic.al-shia.org" />
+
+	<target host="azr.al-shia.org" />
+	<target host="www.azr.al-shia.org" />
+	<target host="mail.azr.al-shia.org" />
+
+	<target host="ben.al-shia.org" />
+	<target host="www.ben.al-shia.org" />
+	<target host="mail.ben.al-shia.org" />
+
+	<target host="bos.al-shia.org" />
+	<target host="www.bos.al-shia.org" />
+	<target host="mail.bos.al-shia.org" />
+
+	<target host="bul.al-shia.org" />
+	<target host="www.bul.al-shia.org" />
+	<target host="mail.bul.al-shia.org" />
+
+	<target host="bur.al-shia.org" />
+	<target host="www.bur.al-shia.org" />
+	<target host="mail.bur.al-shia.org" />
+
+	<target host="chi.al-shia.org" />
+	<target host="www.chi.al-shia.org" />
+	<target host="mail.chi.al-shia.org" />
+
+	<target host="eng.al-shia.org" />
+	<target host="www.eng.al-shia.org" />
+	<target host="mail.eng.al-shia.org" />
+
+	<target host="far.al-shia.org" />
+	<target host="mail.far.al-shia.org" />
+	<!-- Mixed content blocking -->
+	<target host="farsi.al-shia.org" />
+	<target host="www.farsi.al-shia.org" />
+
+	<target host="fre.al-shia.org" />
+	<target host="www.fre.al-shia.org" />
+	<target host="mail.fre.al-shia.org" />
+
+	<target host="ful.al-shia.org" />
+	<target host="www.ful.al-shia.org" />
+	<target host="mail.ful.al-shia.org" />
+
+	<target host="ger.al-shia.org" />
+	<target host="www.ger.al-shia.org" />
+	<target host="mail.ger.al-shia.org" />
+
+	<target host="hau.al-shia.org" />
+	<target host="www.hau.al-shia.org" />
+	<target host="mail.hau.al-shia.org" />
+
+	<target host="hin.al-shia.org" />
+	<target host="www.hin.al-shia.org" />
+	<target host="mail.hin.al-shia.org" />
+
+	<target host="id.al-shia.org" />
+	<target host="www.id.al-shia.org" />
+	<target host="mail.id.al-shia.org" />
+
+	<target host="ita.al-shia.org" />
+	<target host="www.ita.al-shia.org" />
+	<target host="mail.ita.al-shia.org" />
+
+	<target host="kura.al-shia.org" />
+	<target host="www.kura.al-shia.org" />
+	<target host="mail.kura.al-shia.org" />
+
+	<target host="kure.al-shia.org" />
+	<target host="www.kure.al-shia.org" />
+	<target host="mail.kure.al-shia.org" />
+
+	<target host="ozb.al-shia.org" />
+	<target host="www.ozb.al-shia.org" />
+	<target host="mail.ozb.al-shia.org" />
+
+	<target host="pash.al-shia.org" />
+	<target host="www.pash.al-shia.org" />
+	<target host="mail.pash.al-shia.org" />
+
+	<target host="pur.al-shia.org" />
+	<target host="www.pur.al-shia.org" />
+	<target host="mail.pur.al-shia.org" />
+
+	<target host="ru.al-shia.org" />
+	<target host="www.ru.al-shia.org" />
+	<target host="mail.ru.al-shia.org" />
+
+	<target host="spa.al-shia.org" />
+	<target host="www.spa.al-shia.org" />
+	<target host="mail.spa.al-shia.org" />
+
+	<target host="swa.al-shia.org" />
+	<target host="www.swa.al-shia.org" />
+	<target host="mail.swa.al-shia.org" />
+
+	<target host="taj.al-shia.org" />
+	<target host="www.taj.al-shia.org" />
+	<target host="mail.taj.al-shia.org" />
+
+	<target host="tam.al-shia.org" />
+	<target host="www.tam.al-shia.org" />
+	<target host="mail.tam.al-shia.org" />
+
+	<target host="thi.al-shia.org" />
+	<target host="www.thi.al-shia.org" />
+	<target host="mail.thi.al-shia.org" />
+
+	<target host="tur.al-shia.org" />
+	<target host="www.tur.al-shia.org" />
+	<target host="mail.tur.al-shia.org" />
+
+	<target host="urd.al-shia.org" />
+	<target host="www.urd.al-shia.org" />
+	<target host="mail.urd.al-shia.org" />
+
+	<!-- Related domain, see contact email at https://eng.al-shia.org/index.php -->
+	<target host="aalulbayt.org" />
+	<target host="www.aalulbayt.org" />
+	<target host="mail.aalulbayt.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Al-akhbar.xml b/src/chrome/content/rules/Al-akhbar.xml
index ce701c4d15a5..c01ccb8b97b4 100644
--- a/src/chrome/content/rules/Al-akhbar.xml
+++ b/src/chrome/content/rules/Al-akhbar.xml
@@ -1,13 +1,13 @@
 <ruleset name="al-akhbar">
 
 	<target host="al-akhbar.com" />
-	<target host="*.al-akhbar.com" />
+	<target host="english.al-akhbar.com" />
+	<target host="www.al-akhbar.com" />
 
 
 	<securecookie host="^(?:english)?\.al-akhbar\.com$" name=".+" />
 
 
-	<rule from="^http://(english\.|www\.)?al-akhbar\.com/"
-		to="https://$1al-akhbar.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/AlAdhan.com.xml b/src/chrome/content/rules/AlAdhan.com.xml
new file mode 100644
index 000000000000..5f96beb6e597
--- /dev/null
+++ b/src/chrome/content/rules/AlAdhan.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="AlAdhan.com">
+	<target host="aladhan.com" />
+	<target host="www.aladhan.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AlDiwan.net.xml b/src/chrome/content/rules/AlDiwan.net.xml
new file mode 100644
index 000000000000..65dce1f20310
--- /dev/null
+++ b/src/chrome/content/rules/AlDiwan.net.xml
@@ -0,0 +1,8 @@
+<ruleset name="AlDiwan.net">
+	<target host="aldiwan.net" />
+	<target host="www.aldiwan.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AlFaseeh.com.xml b/src/chrome/content/rules/AlFaseeh.com.xml
new file mode 100644
index 000000000000..2c7dc33e4e68
--- /dev/null
+++ b/src/chrome/content/rules/AlFaseeh.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="AlFaseeh.com">
+	<target host="alfaseeh.com" />
+	<target host="www.alfaseeh.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AlFeker.net.xml b/src/chrome/content/rules/AlFeker.net.xml
new file mode 100644
index 000000000000..cf79081b2a4d
--- /dev/null
+++ b/src/chrome/content/rules/AlFeker.net.xml
@@ -0,0 +1,8 @@
+<ruleset name="AlFeker.net">
+	<target host="alfeker.net" />
+	<target host="www.alfeker.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AlImam.ws.xml b/src/chrome/content/rules/AlImam.ws.xml
new file mode 100644
index 000000000000..1db7ac07c4ff
--- /dev/null
+++ b/src/chrome/content/rules/AlImam.ws.xml
@@ -0,0 +1,8 @@
+<ruleset name="AlImam.ws">
+	<target host="alimam.ws" />
+	<target host="www.alimam.ws" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AlIslam.org.xml b/src/chrome/content/rules/AlIslam.org.xml
new file mode 100644
index 000000000000..9a5ce4a7d804
--- /dev/null
+++ b/src/chrome/content/rules/AlIslam.org.xml
@@ -0,0 +1,14 @@
+<!--
+	Invalid certificate:
+	- store.alislam.org
+
+-->
+<ruleset name="AlIslam.org">
+	<target host="alislam.org" />
+	<target host="www.alislam.org" />
+	<target host="upload.alislam.org" />
+
+	<securecookie host="^www\.alislam\.org$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AlJamaa.net.xml b/src/chrome/content/rules/AlJamaa.net.xml
new file mode 100644
index 000000000000..c5a1b084fab8
--- /dev/null
+++ b/src/chrome/content/rules/AlJamaa.net.xml
@@ -0,0 +1,8 @@
+<ruleset name="AlJamaa.net">
+	<target host="aljamaa.net" />
+	<target host="www.aljamaa.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AlJazeera.com.xml b/src/chrome/content/rules/AlJazeera.com.xml
new file mode 100644
index 000000000000..8e7cdb8487b4
--- /dev/null
+++ b/src/chrome/content/rules/AlJazeera.com.xml
@@ -0,0 +1,63 @@
+<!--
+	Time out:
+		aljazeera.com
+		america.aljazeera.com
+			<test url="http://america.aljazeera.com/tools/faq.html" />
+		arabhistory.aljazeera.com
+		canvas.aljazeera.com
+		projects.aljazeera.com
+		login.stream.aljazeera.com
+		staff.stream.aljazeera.com
+		studio.aljazeera.com
+
+	No working URL known:
+		ajnsearch.aljazeera.com
+		login.america.aljazeera.com
+		bc05.aljazeera.com
+		interactive.aljazeera.com
+		login.aljazeera.com
+
+	Invalid certificate:
+		iforgot.aljazeera.com
+		live.america.aljazeera.com
+		live.aljazeera.com
+		pr.aljazeera.com
+		namestories.projects.aljazeera.com
+
+	Refused:
+		schedule.america.aljazeera.com
+		balkans.aljazeera.com
+		static.balkans.aljazeera.com
+		blogs.aljazeera.com
+		liberties.aljazeera.com
+		lifeonhold.aljazeera.com
+		listen.aljazeera.com
+		m.aljazeera.com
+		stream.aljazeera.com
+		www.stream.aljazeera.com
+		static.video.aljazeera.com
+
+	Different content http/https:
+		video.aljazeera.com
+
+-->
+<ruleset name="Al Jazeera">
+
+	<target host="aljazeera.com" />
+	<target host="www.aljazeera.com" />
+	<target host="staff.balkans.aljazeera.com" />
+	<target host="interactive.aljazeera.com" />
+		<test url="http://interactive.aljazeera.com/aje/2017/rohingya-footsteps-vr-audio/index.html" />
+	<target host="leaderssummit.aljazeera.com" />
+	<target host="staff.liberties.aljazeera.com" />
+	<target host="mediaview.aljazeera.com" />
+	<target host="syhacked.aljazeera.com" />
+
+	<target host="iforgot.aljazeera.net" />
+
+	<rule from="^http://(m\.)?aljazeera\.com/"
+		to="https://www.aljazeera.com/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AlMasdarNews.com.xml b/src/chrome/content/rules/AlMasdarNews.com.xml
new file mode 100644
index 000000000000..02195f8ab05c
--- /dev/null
+++ b/src/chrome/content/rules/AlMasdarNews.com.xml
@@ -0,0 +1,15 @@
+<ruleset name="AlMasdarNews.com">
+	<target host="almasdarnews.com" />
+	<target host="www.almasdarnews.com" />
+	<target host="ads.almasdarnews.com" />
+	<target host="cdn.almasdarnews.com" />
+		<test url="http://cdn.almasdarnews.com/robots.txt" />
+	<target host="forum.almasdarnews.com" />
+	<target host="mail.almasdarnews.com" />
+	<target host="media.almasdarnews.com" />
+	<target host="mobile.almasdarnews.com" />
+	<target host="test.almasdarnews.com" />
+	<target host="webmail.almasdarnews.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AlMohawer.com.xml b/src/chrome/content/rules/AlMohawer.com.xml
new file mode 100644
index 000000000000..790e7e07fe72
--- /dev/null
+++ b/src/chrome/content/rules/AlMohawer.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="AlMohawer.com">
+	<target host="almohawer.com" />
+	<target host="www.almohawer.com" />
+	<target host="webmail.almohawer.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AlMostaneer.com.xml b/src/chrome/content/rules/AlMostaneer.com.xml
new file mode 100644
index 000000000000..2c0c75128951
--- /dev/null
+++ b/src/chrome/content/rules/AlMostaneer.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="AlMostaneer.com">
+	<target host="almostaneer.com" />
+	<target host="www.almostaneer.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AlNawawiForty.com.xml b/src/chrome/content/rules/AlNawawiForty.com.xml
new file mode 100644
index 000000000000..c823a98f7c14
--- /dev/null
+++ b/src/chrome/content/rules/AlNawawiForty.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="AlNawawiForty.com">
+	<target host="alnawawiforty.com" />
+	<target host="www.alnawawiforty.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AlRadNet.com.xml b/src/chrome/content/rules/AlRadNet.com.xml
new file mode 100644
index 000000000000..b9bcd58142a7
--- /dev/null
+++ b/src/chrome/content/rules/AlRadNet.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="AlRadNet.com">
+	<target host="alradnet.com" />
+	<target host="www.alradnet.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AlRo7.net.xml b/src/chrome/content/rules/AlRo7.net.xml
new file mode 100644
index 000000000000..d2e7ca8be1fe
--- /dev/null
+++ b/src/chrome/content/rules/AlRo7.net.xml
@@ -0,0 +1,14 @@
+<!--
+	Mismatch:
+		ww.w.alro7.net
+-->
+<ruleset name="AlRo7.net">
+	<target host="alro7.net" />
+	<target host="www.alro7.net" />
+	<target host="m.alro7.net" />
+	<target host="ww.alro7.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AlTadabbur.com.xml b/src/chrome/content/rules/AlTadabbur.com.xml
new file mode 100644
index 000000000000..0bde512e4832
--- /dev/null
+++ b/src/chrome/content/rules/AlTadabbur.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="AlTadabbur.com">
+	<target host="altadabbur.com" />
+	<target host="www.altadabbur.com" />
+	<target host="m.altadabbur.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AlTafsir.com.xml b/src/chrome/content/rules/AlTafsir.com.xml
new file mode 100644
index 000000000000..d2750d0ec9af
--- /dev/null
+++ b/src/chrome/content/rules/AlTafsir.com.xml
@@ -0,0 +1,17 @@
+<!--
+	Wildcard DNS but without wildcard certificate
+
+	Unable to Connect:
+		main.altafsir.com
+	Invalid Certificate:
+		m.altafsir.com
+		mobile.altafsir.com
+-->
+<ruleset name="AlTafsir.com">
+	<target host="altafsir.com" />
+	<target host="www.altafsir.com" />
+
+	<securecookie host="^(www)\.altafsir\.com$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Alaalam.org.xml b/src/chrome/content/rules/Alaalam.org.xml
new file mode 100644
index 000000000000..439cefbfa32b
--- /dev/null
+++ b/src/chrome/content/rules/Alaalam.org.xml
@@ -0,0 +1,7 @@
+<ruleset name="Alaalam.org">
+	<target host="alaalam.org" />
+	<target host="www.alaalam.org" />
+	<target host="mail.alaalam.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Alamo-Drafthouse.xml b/src/chrome/content/rules/Alamo-Drafthouse.xml
new file mode 100644
index 000000000000..27588dd9b67b
--- /dev/null
+++ b/src/chrome/content/rules/Alamo-Drafthouse.xml
@@ -0,0 +1,10 @@
+<ruleset name="Alamo Drafthouse">
+	<target host=    "drafthouse.com" />
+	<target host="www.drafthouse.com" />
+	<target host= "s3.drafthouse.com" />
+
+  	<securecookie host="^drafthouse\.com$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Alamy.xml b/src/chrome/content/rules/Alamy.xml
index 1da3cc69c453..a290d54f6c44 100644
--- a/src/chrome/content/rules/Alamy.xml
+++ b/src/chrome/content/rules/Alamy.xml
@@ -1,13 +1,13 @@
 <ruleset name="Alamy">
 
 	<target host="alamy.com" />
-	<target host="*.alamy.com" />
+	<target host="secure.alamy.com" />
+	<target host="www.alamy.com" />
 
 
 	<securecookie host="^\.alamy\.com$" name=".+" />
 
 
-	<rule from="^http://(secure\.|www\.)?alamy\.com/"
-		to="https://$1alamy.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/AlanWalker.com.xml b/src/chrome/content/rules/AlanWalker.com.xml
new file mode 100644
index 000000000000..0636587eabfb
--- /dev/null
+++ b/src/chrome/content/rules/AlanWalker.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="AlanWalker.com">
+	<target host="alanwalker.com" />
+	<target host="www.alanwalker.com" />
+	<target host="mail.alanwalker.com" />
+	<target host="webdisk.alanwalker.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Alandroidnet.com.xml b/src/chrome/content/rules/Alandroidnet.com.xml
new file mode 100644
index 000000000000..31fda1fcc2e8
--- /dev/null
+++ b/src/chrome/content/rules/Alandroidnet.com.xml
@@ -0,0 +1,16 @@
+<ruleset name="alandroidnet.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="alandroidnet.com" />
+	<target host="www.alandroidnet.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Alaska-Robotics.xml b/src/chrome/content/rules/Alaska-Robotics.xml
index 377b58c958e8..2b36325cbe7a 100644
--- a/src/chrome/content/rules/Alaska-Robotics.xml
+++ b/src/chrome/content/rules/Alaska-Robotics.xml
@@ -1,14 +1,14 @@
-<ruleset name="Alaska Robotics" default_off="mismatch">
+<ruleset name="Alaska Robotics" default_off="mismatched">
 
 	<!--	Cert: lrcd.com	-->
 	<target host="alaskarobotics.com" />
 	<target host="www.alaskarobotics.com" />
 
 
-	<securecookie host="^alaskarobotics\.com$" name=".*" />
+	<securecookie host="^alaskarobotics\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?alaskarobotics\.com/"
+	<rule from="^http://(?:www\.)?alaskarobotics\.com/"
 		to="https://alaskarobotics.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Alaska.edu.xml b/src/chrome/content/rules/Alaska.edu.xml
new file mode 100644
index 000000000000..3e003ecab6d0
--- /dev/null
+++ b/src/chrome/content/rules/Alaska.edu.xml
@@ -0,0 +1,49 @@
+<!--
+	Non-functional hosts
+		Timeout was reached:
+		- cirt.alaska.edu
+		- email.alaska.edu
+		- biotech.inbre.alaska.edu
+
+		SSL connect error:
+		- lists.alaska.edu
+		- techsupport.uaa.alaska.edu
+		- uaonline.alaska.edu
+		- www.uas.alaska.edu
+		- swf-1.vpn.alaska.edu
+		- uaf-1.vpn.alaska.edu
+		- webmail.alaska.edu
+
+		SSL peer certificate was not OK:
+		- greenandgold.uaa.alaska.edu
+		- lib.uaa.alaska.edu
+		- webaccess.uaa.alaska.edu
+		- webmail.uaa.alaska.edu
+
+		Mixed content blocking (MCB) triggered:
+		- fpgis.uaa.alaska.edu
+-->
+<ruleset name="Alaska.edu (partial)">
+	<target host="alaska.edu" />
+	<target host="www.alaska.edu" />
+	<target host="avo.alaska.edu" />
+	<target host="www.avo.alaska.edu" />
+	<target host="edit.alaska.edu" />
+	<target host="elmo.alaska.edu" />
+	<target host="service.alaska.edu" />
+	<target host="uaa.alaska.edu" />
+	<target host="classes.uaa.alaska.edu" />
+	<target host="coe.uaa.alaska.edu" />
+	<target host="hosting.uaa.alaska.edu" />
+	<target host="krua.uaa.alaska.edu" />
+	<target host="me.uaa.alaska.edu" />
+	<target host="moodle.uaa.alaska.edu" />
+	<target host="owa.uaa.alaska.edu" />
+	<target host="technology.uaa.alaska.edu" />
+	<target host="womens.uaa.alaska.edu" />
+	<target host="www.uaa.alaska.edu" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AlaskaAirlines.xml b/src/chrome/content/rules/AlaskaAirlines.xml
index 15a7fca3a90d..dbff470f12ba 100644
--- a/src/chrome/content/rules/AlaskaAirlines.xml
+++ b/src/chrome/content/rules/AlaskaAirlines.xml
@@ -1,9 +1,10 @@
-<ruleset name="Alaska Airlines" platform="mixedcontent">
-  <target host="alaskaair.com" />
-  <target host="*.alaskaair.com" />
+<ruleset name="Alaska Airlines (partial)">
+	<target host="alaskaair.com" />
+	<target host="www.alaskaair.com" />
+	<target host="careers.alaskaair.com" />
+	<target host="easybiz.alaskaair.com" />
 
-  <rule from="^http://alaskaair\.com/"
-          to="https://www.alaskaair.com/" />
-  <rule from="^http://(careers|easybiz|myeagle|webselfservice|www)\.alaskaair\.com/"
-          to="https://$1.alaskaair.com/" />
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
 </ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Alastairs-Place.xml b/src/chrome/content/rules/Alastairs-Place.xml
deleted file mode 100644
index 73b1c62f0c55..000000000000
--- a/src/chrome/content/rules/Alastairs-Place.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="Alastair’s Place" platform="mixedcontent">
-
-	<target host="alastairs-place.net"/>
-	<target host="www.alastairs-place.net"/>
-
-	<rule from="^http://(www\.)?alastairs-place\.net/"
-		to="https://$1alastairs-place.net/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Albalagh.net.xml b/src/chrome/content/rules/Albalagh.net.xml
new file mode 100644
index 000000000000..298b0c13d329
--- /dev/null
+++ b/src/chrome/content/rules/Albalagh.net.xml
@@ -0,0 +1,13 @@
+<!--
+	Related: AlbalaghBooks.com.xml.
+
+-->
+<ruleset name="Albalagh.net">
+	<target host="albalagh.net" />
+	<target host="www.albalagh.net" />
+	<target host="secure.albalagh.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AlbalaghBooks.com.xml b/src/chrome/content/rules/AlbalaghBooks.com.xml
new file mode 100644
index 000000000000..0d1e4045e5c1
--- /dev/null
+++ b/src/chrome/content/rules/AlbalaghBooks.com.xml
@@ -0,0 +1,12 @@
+<!--
+	Related: Albalagh.net.xml.
+
+-->
+<ruleset name="AlbalaghBooks.com">
+	<target host="albalaghbooks.com" />
+	<target host="www.albalaghbooks.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Albennet.com.xml b/src/chrome/content/rules/Albennet.com.xml
new file mode 100644
index 000000000000..bb0834b7ed27
--- /dev/null
+++ b/src/chrome/content/rules/Albennet.com.xml
@@ -0,0 +1,13 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://alb.albennet.com/ => https://alb.albennet.com/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="Albennet Hosting Provider" default_off="failed ruleset test">
+	<target host="albennet.com" />
+	<target host="www.albennet.com" />
+	<target host="alb.albennet.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Albinoloverats.xml b/src/chrome/content/rules/Albinoloverats.xml
index 4c3e0c8ca57a..ca071298fdbe 100644
--- a/src/chrome/content/rules/Albinoloverats.xml
+++ b/src/chrome/content/rules/Albinoloverats.xml
@@ -4,7 +4,6 @@
 	<target host="www.albinoloverats.net" />
 
 
-	<rule from="^http://(www\.)?albinoloverats\.net/"
-		to="https://$1albinoloverats.net/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/AlbumArsiv.com.xml b/src/chrome/content/rules/AlbumArsiv.com.xml
deleted file mode 100644
index 35731049f457..000000000000
--- a/src/chrome/content/rules/AlbumArsiv.com.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="AlbumArsiv.com">
-
-	<target host="albumarsiv.com" />
-	<target host="*.albumarsiv.com" />
-
-
-	<securecookie host="^(?:w*\.)?albumarsiv\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?albumarsiv\.com/"
-		to="https://$1albumarsiv.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Alcatel-Lucent.com.xml b/src/chrome/content/rules/Alcatel-Lucent.com.xml
index 8437bc33f391..f2df8e7c011d 100644
--- a/src/chrome/content/rules/Alcatel-Lucent.com.xml
+++ b/src/chrome/content/rules/Alcatel-Lucent.com.xml
@@ -1,4 +1,9 @@
 <!--
+	Other Alcatel-Lucent rulesets:
+
+		- Bell-Labs.com.xml
+
+
 	CDN buckets:
 
 		- now.eloqua.com.edgesuite.net
@@ -22,6 +27,7 @@
 		- webform	(works; mismatched, CN: *.us.neolane.net)
 		- www1		(data differs, valid cert)
 		- www2		("site is unavailable for maintenance purposes"; expired 2006-08-30, invalid, self-signed)
+			conversation-images	(→ akamai)
 
 
 	Partially covered subdomains:
@@ -37,7 +43,6 @@
 			- (www.)		(^ → www)
 			- applicationpartner
 			- businessportal
-			- conversation-images	(→ akamai)
 			- corporatereporting	(→ www3)
 			- service.esd
 			- market
@@ -75,9 +80,6 @@
 	<rule from="^http://(?:www\.)?alcatel-lucent\.com/"
 		to="https://www.alcatel-lucent.com/" />
 
-	<rule from="^http://conversation-images\.alcatel-lucent\.com/"
-		to="https://a248.e.akamai.net/f/578/177/3m/conversation-images.alcatel-lucent.com/" />
-
 	<!--	Server drops path:
 					-->
 	<rule from="^http://corporatereporting\.alcatel-lucent\.com/.*"
@@ -94,4 +96,4 @@
 	<rule from="^http://(market|services\.support)\.lucent\.com/"
 		to="https://$1.lucent.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Alchemistowl.org.xml b/src/chrome/content/rules/Alchemistowl.org.xml
new file mode 100644
index 000000000000..b2abeb69ebf1
--- /dev/null
+++ b/src/chrome/content/rules/Alchemistowl.org.xml
@@ -0,0 +1,13 @@
+<!--
+	^alchemistowl.org doesn't exist.
+
+-->
+<ruleset name="alchemistowl.org">
+
+	<target host="www.alchemistowl.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Alchemy_Global.com.xml b/src/chrome/content/rules/Alchemy_Global.com.xml
new file mode 100644
index 000000000000..568f60645877
--- /dev/null
+++ b/src/chrome/content/rules/Alchemy_Global.com.xml
@@ -0,0 +1,30 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- www.alchemyglobal.com
+
+
+	Mixed content:
+
+		- css from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Alchemy Global.com">
+
+	<target host="alchemyglobal.com" />
+	<target host="www.alchemyglobal.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.alchemyglobal\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Alcuda.xml b/src/chrome/content/rules/Alcuda.xml
index 69ab091129dd..6cb2a7514e55 100644
--- a/src/chrome/content/rules/Alcuda.xml
+++ b/src/chrome/content/rules/Alcuda.xml
@@ -1,4 +1,12 @@
-<ruleset name="Alcuda (partial)">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://whitelabeldating.alcuda.com/ => https://whitelabeldating.upforitnetworks.com/: (7, 'Failed to connect to whitelabeldating.upforitnetworks.com port 443: No route to host')
+Fetch error: http://wl.easydategroup.com/ => http://wl.easydategroup.com/: (6, 'Could not resolve host: wl.easydategroup.com')
+Fetch error: http://cdn.wl.easydategroup.com/ => http://cdn.wl.easydategroup.com/: (6, 'Could not resolve host: cdn.wl.easydategroup.com')
+
+-->
+<ruleset name="Alcuda (partial)" default_off="failed ruleset test">
 
 	<target host="whitelabeldating.alcuda.com"/>
 	<target host="wl.easydategroup.com"/>
@@ -8,12 +16,13 @@
 	<target host="www.shagaholic.com"/>
 	<target host="upforit.com"/>
 	<target host="www.upforit.com"/>
-	<target host="*.upforitnetworks.com"/>
+	<target host="whitelabeldating.upforitnetworks.com" />
+	<target host="affiliates.upforitnetworks.com" />
 	<target host="xhamster.biz"/>
 	<target host="www.xhamster.biz"/>
 
 
-	<securecookie host="^affiliates\.upforitnetworks\.com$" name=".*"/>
+	<securecookie host="^affiliates\.upforitnetworks\.com$" name=".+" />
 
 
 	<rule from="^http://whitelabeldating\.(?:alcuda|upforitnetworks)\.com/"
diff --git a/src/chrome/content/rules/Aldergrove-Credit-Union.xml b/src/chrome/content/rules/Aldergrove-Credit-Union.xml
new file mode 100644
index 000000000000..00b60912154b
--- /dev/null
+++ b/src/chrome/content/rules/Aldergrove-Credit-Union.xml
@@ -0,0 +1,9 @@
+<ruleset name="Aldergrove Credit Union">
+	<target host="aldergrovecu.ca" />
+	<target host="www.aldergrovecu.ca" />
+	<target host="mdws.aldergrovecu.ca" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Aleavia.xml b/src/chrome/content/rules/Aleavia.xml
index 005a7b36abc2..c4d1eae2f0d2 100644
--- a/src/chrome/content/rules/Aleavia.xml
+++ b/src/chrome/content/rules/Aleavia.xml
@@ -1,18 +1,20 @@
 <!--
 	Nonfunctional subdomains:
 
-		- (www.)	(refused)
+		- (www.)? *
+
+	* Refused
 
 
 	Some pages redirect to http
 
 -->
-<ruleset name="Aleavia (partial)">
+<ruleset name="Aleavia.com (partial)">
 
 	<target host="*.aleavia.com" />
 
 
-	<rule from="^http://(www\.)?shop\.aleavia\.com/(\w+_\d+\.css|checkout\.sc|images/|media/|qsctemplates/|static/)"
-		to="https://$1shop.aleavia.com/$2" />
+	<rule from="^http://(www\.)?shop\.aleavia\.com/(?=\w+_\d+\.css|checkout\.sc|images/|media/|qsctemplates/|static/)"
+		to="https://$1shop.aleavia.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Alecomm.com.xml b/src/chrome/content/rules/Alecomm.com.xml
new file mode 100644
index 000000000000..cb5f72f18c84
--- /dev/null
+++ b/src/chrome/content/rules/Alecomm.com.xml
@@ -0,0 +1,21 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://alecomm.com/ => https://alecomm.com/: (51, "SSL: no alternative certificate subject name matches target host name 'alecomm.com'")
+Fetch error: http://www.alecomm.com/ => https://www.alecomm.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.alecomm.com'")
+
+-->
+<ruleset name="Alecomm.com" default_off="failed ruleset test">
+
+	<target host="alecomm.com" />
+	<target host="www.alecomm.com" />
+
+
+	<!--	Server sets Secure for:
+					-->
+	<!--securecookie host="^www\.alecomm\.com$" name=".+" /-->
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AlertBot.com.xml b/src/chrome/content/rules/AlertBot.com.xml
new file mode 100644
index 000000000000..30e592a7ceac
--- /dev/null
+++ b/src/chrome/content/rules/AlertBot.com.xml
@@ -0,0 +1,32 @@
+<!--
+	Time out:
+		alertbot.com
+		dialog.alertbot.com
+
+	Invalid certificate:
+		help.billing.alertbot.com
+		email.alertbot.com
+
+	Private subdomain:
+		centralpass.alertbot.com
+		manager.alertbot.com
+
+	No working URL known:
+		images.alertbot.com
+
+-->
+<ruleset name="AlertBot.com">
+
+	<target host="alertbot.com" />
+	<target host="www.alertbot.com" />
+	<target host="blog.alertbot.com" />
+	<target host="signup.alertbot.com" />
+
+	<securecookie host="^w*\.alertbot\.com$" name=".+" />
+
+	<rule from="^http://alertbot\.com/"
+		  to="https://www.alertbot.com/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AlertBot.xml b/src/chrome/content/rules/AlertBot.xml
deleted file mode 100644
index 0b3b70f28e21..000000000000
--- a/src/chrome/content/rules/AlertBot.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	!www doesn't work.
-
--->
-<ruleset name="AlertBot">
-
-	<target host="alertbot.com" />
-	<target host="*.alertbot.com" />
-
-
-	<securecookie host="^w*\.alertbot\.com$" name=".+" />
-
-
-	<rule from="^https?://(?:www\.)?alertbot\.com/"
-		to="https://www.alertbot.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Alert_Investor_Relations.xml b/src/chrome/content/rules/Alert_Investor_Relations.xml
index 57d286602391..eccd7d47c4f3 100644
--- a/src/chrome/content/rules/Alert_Investor_Relations.xml
+++ b/src/chrome/content/rules/Alert_Investor_Relations.xml
@@ -19,4 +19,4 @@
 	<rule from="^http://vp(\d+)\.alertir\.com/"
 		to="https://vp$1.alertir.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Alert_Logic.com.xml b/src/chrome/content/rules/Alert_Logic.com.xml
new file mode 100644
index 000000000000..559d480b06e3
--- /dev/null
+++ b/src/chrome/content/rules/Alert_Logic.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="Alert Logic.com">
+
+	<target host="alertlogic.com" />
+	<target host="www.alertlogic.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Alestic.com.xml b/src/chrome/content/rules/Alestic.com.xml
new file mode 100644
index 000000000000..fbfb7d7b48f0
--- /dev/null
+++ b/src/chrome/content/rules/Alestic.com.xml
@@ -0,0 +1,32 @@
+<!--
+	Problematic hosts in *alestic.com:
+
+		- feeds ¹
+		- www ²
+
+	¹ Feedburner/handshake fails
+	² Refused
+
+-->
+<ruleset name="Alestic.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="alestic.com" />
+
+	<!--	Complications:
+				-->
+	<target host="feeds.alestic.com" />
+	<target host="www.alestic.com" />
+
+
+	<rule from="^http://feeds\.alestic\.com/"
+		to="https://feeds.feedburner.com/" />
+
+	<rule from="^http://www\.alestic\.com/"
+		to="https://alestic.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Alex.se.xml b/src/chrome/content/rules/Alex.se.xml
index 559957ac8152..e75c89fbc621 100644
--- a/src/chrome/content/rules/Alex.se.xml
+++ b/src/chrome/content/rules/Alex.se.xml
@@ -1,7 +1,19 @@
-<ruleset name="Alex.se" platform="mixedcontent">
-  <target host="www.alex.se" />
-  <target host="alex.se" />
-  <rule from="^http://www\.alex\.se/" to="https://www.alex.se/"/>
-  <rule from="^http://alex\.se/" to="https://alex.se/"/>
+<!--
+	Mixed content:
+
+		- Bug from tifo.btj.se *
+
+	* Unsecurable <= dropped
+
+-->
+<ruleset name="Alex.se">
+
+	<target host="alex.se" />
+	<target host="www.alex.se" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
 
diff --git a/src/chrome/content/rules/Alex_Cabal.com.xml b/src/chrome/content/rules/Alex_Cabal.com.xml
index 35d400d1fee5..a029de5eaf97 100644
--- a/src/chrome/content/rules/Alex_Cabal.com.xml
+++ b/src/chrome/content/rules/Alex_Cabal.com.xml
@@ -4,7 +4,7 @@
 	<target host="www.alexcabal.com" />
 
 
-	<rule from="^http://(www\.)?alexcabal\.com/"
-		to="https://$1alexcabal.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Alexa.xml b/src/chrome/content/rules/Alexa.xml
index ef804d4d846d..72c5f4c95d50 100644
--- a/src/chrome/content/rules/Alexa.xml
+++ b/src/chrome/content/rules/Alexa.xml
@@ -1,45 +1,43 @@
 <!--
-	There's a bucket at s3.amazonaws.com/alexa/.
-
-
-	CDN buckets:
-
-	- s3.amazonaws.com/com.alexa.pcache/ | d1d024ntqri789.cloudfront.net | d1uki75gjpelap.cloudfront.net
-	- s3.amazonaws.com/com.alexametrics.pixel/ | d5nxst8fruw4z.cloudfront.net
-	- alexa-sitestats.s3.amazonaws.com | d1loejjcvv1d9m.cloudfront.net
-	- d31qbv1cthcecs.cloudfront.net
-
-
-	Nonfunctional subdomains:
-
-		- traffic *
-		- xsltcache *
-
-	* Refused
+	No working URL known:
+		cfdata.alexa.com
+		data.alexa.com
+		gesualdo.alexa.com
+		scache.alexa.com
+		widgets.alexa.com
+		xml.alexa.com
+
+	Invalid certificate:
+		pcache1.alexa.com
+		tbar.alexa.com
+		search.toolbars.alexa.com
+		xslt.alexa.com
+
+		pixel.alexametrics.com
+
+	Broken over both http and https:
+		traffic.alexa.com
+		xsltcache.alexa.com
 
 -->
-<ruleset name="Alexa (partial)">
+<ruleset name="Alexa">
 
 	<target host="alexa.com" />
-	<target host="*.alexa.com" />
-		<!--
-			Rewriting css to AmaonAWS breaks images.
-			(images/ points to s3.amazonaws.com/images/)
-
-		<exclusion pattern="^http://pcache.alexa.com/css/" /-->
-	<target host="pixel.alexametrics.com" />
-
-
-	<rule from="^http://(www\.)?alexa\.com/(favicon\.ico|css/|images/|secure/|\w+/wp-content/)"
-		to="https://$1alexa.com/$2" />
-
-	<rule from="^http://pcache\.alexa\.com/"
-		to="https://d1uki75gjpelap.cloudfront.net/" />
-
-	<rule from="^http://xslt\.alexa\.com/"
-		to="https://d1loejjcvv1d9m.cloudfront.net/" />
-
-	<rule from="^http://pixel\.alexametrics\.com/"
-		to="https://d5nxst8fruw4z.cloudfront.net/" />
+	<target host="www.alexa.com" />
+	<target host="blog.alexa.com" />
+	<target host="cn.alexa.com" />
+	<target host="download.alexa.com" />
+	<target host="lb-front.alexa.com" />
+	<target host="log.alexa.com" />
+	<target host="pcache.alexa.com" />
+	<target host="preview.alexa.com" />
+	<target host="secure.alexa.com" />
+	<target host="support.alexa.com" />
+	<target host="toolbar.alexa.com" />
+	<target host="try.alexa.com" />
+	<target host="websearch.alexa.com" />
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Alexander-Interactive.xml b/src/chrome/content/rules/Alexander-Interactive.xml
index 24281e732a9a..12ef9f0c21c6 100644
--- a/src/chrome/content/rules/Alexander-Interactive.xml
+++ b/src/chrome/content/rules/Alexander-Interactive.xml
@@ -11,7 +11,10 @@
 -->
 <ruleset name="Alexander Interactive (partial)">
 
-	<target host="*.at.ai" />
+	<!--	Complications:
+				-->
+	<target host="cdn.at.ai" />
+	<target host="origin.at.ai" />
 
 
 	<rule from="^http://(?:cdn|origin)\.at\.ai/"
diff --git a/src/chrome/content/rules/AlexanderCoward.com.xml b/src/chrome/content/rules/AlexanderCoward.com.xml
new file mode 100644
index 000000000000..15e7549ea965
--- /dev/null
+++ b/src/chrome/content/rules/AlexanderCoward.com.xml
@@ -0,0 +1,11 @@
+<ruleset name="AlexanderCoward.com">
+
+    <target host="alexandercoward.com" />
+    <target host="www.alexandercoward.com" />
+
+    <securecookie host=".+" name=".+" />
+
+    <rule from="^http:"
+            to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Alexandras_Angel_Gifts.co.uk.xml b/src/chrome/content/rules/Alexandras_Angel_Gifts.co.uk.xml
new file mode 100644
index 000000000000..adcb79e9b154
--- /dev/null
+++ b/src/chrome/content/rules/Alexandras_Angel_Gifts.co.uk.xml
@@ -0,0 +1,40 @@
+<!--
+	Mixed content:
+
+		- Ad from banners.copyscape.com *
+
+	* Unsecurable
+
+-->
+<ruleset name="Alexandras Angel Gifts.co.uk (partial)" default_off="expired">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="alexandrasangelgifts.co.uk" />
+	<target host="www.alexandrasangelgifts.co.uk" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://alexandrasangelgifts\.co\.uk/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://alexandrasangelgifts\.co\.uk/+(?!wp-content/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://alexandrasangelgifts.co.uk/about-us-2-3/" />
+			<test url="http://alexandrasangelgifts.co.uk/contact-us-3/" />
+
+			<!--	-ve:
+					-->
+			<test url="http://alexandrasangelgifts.co.uk/wp-content/uploads/2014/09/artisteer-facebook-312.png" />
+
+
+	<!--securecookie host="^\.alexandrasangelgifts\.co\.uk$" name=".+" /-->
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Alexis_Hair.xml b/src/chrome/content/rules/Alexis_Hair.xml
deleted file mode 100644
index ac2fc71b190f..000000000000
--- a/src/chrome/content/rules/Alexis_Hair.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	Some pages redirect to http
-
--->
-<ruleset name="Alexis Hair (partial)">
-
-	<target host="alexishair.com" />
-	<target host="www.alexishair.com" />
-
-
-	<rule from="^http://(www\.)?alexishair\.com/(checkout(?:$|\?|/)|wp-content/|wp-includes/)"
-		to="https://$1alexishair.com/$2" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Alfa-Media-Partner.xml b/src/chrome/content/rules/Alfa-Media-Partner.xml
index 5a67a725de97..a153c7bd6bf2 100644
--- a/src/chrome/content/rules/Alfa-Media-Partner.xml
+++ b/src/chrome/content/rules/Alfa-Media-Partner.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://sso.alfa-openmedia.de/ => https://sso.alfa-openmedia.de/: (7, 'Failed to connect to sso.alfa-openmedia.de port 443: Connection refused')
+
 	Nonfunctional domains:
 
 		- www-ecms.alfa.de	(cert: sso.alfa-openmedia.de; shows that domain's data)
@@ -10,10 +14,6 @@
 	<target host="sso.alfa-openmedia.de" />
 
 
-	<rule from="^http://owa\.alfa\.de/"
-		to="https://owa.alfa.de/" />
-
-	<rule from="^http://sso\.alfa-openmedia\.de/"
-		to="https://sso.alfa-openmedia.de/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Alfa.cz.xml b/src/chrome/content/rules/Alfa.cz.xml
new file mode 100644
index 000000000000..625b892213f2
--- /dev/null
+++ b/src/chrome/content/rules/Alfa.cz.xml
@@ -0,0 +1,10 @@
+<!--
+	For other T.S.BOHEMIA a.s. coverage, see tsbohemia.cz.xml.
+-->
+<ruleset name="Alfa.cz">
+    <target host="alfa.cz" />
+    <target host="www.alfa.cz" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Alfabank.ru.xml b/src/chrome/content/rules/Alfabank.ru.xml
new file mode 100644
index 000000000000..4acb042f447c
--- /dev/null
+++ b/src/chrome/content/rules/Alfabank.ru.xml
@@ -0,0 +1,62 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://slolpcf.alfabank.ru/ => https://slolpcf.alfabank.ru/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://sslcheck.alfabank.kz/ => https://sslcheck.alfabank.kz/: (6, 'Could not resolve host: sslcheck.alfabank.kz')
+
+job.alfabank.ru mismatch
+learn.alfabank.ru mismatch
+opp.alfabank.ru mismatch
+activity.alfabank.ru timed out
+shop.alfabank.ru mismatch
+start.alfabank.ru self signed
+market.alfabank.ru self signed
+alfacamp.alfabank.ru self signed
+ecard.alfabank.ru mismatch
+docs.alfabank.ru self signed
+mancard.alfabank.ru self signed
+aclub.alfabank.ru self signed
+leads.alfabank.ru mismatch
+idea.alfabank.ru timed out
+stock.alfabank.ru self signed
+marafon.alfabank.ru mismatch
+alfabank.kz protocol error
+www.alfabank.kz protocol error
+alfaportal.kz mismatch
+www.alfaportal.kz mismatch -->
+<ruleset name="Alfabank.ru" default_off="failed ruleset test">
+	<target host="alfabank.ru" />
+	<target host="www.alfabank.ru" />
+	<target host="anketa.alfabank.ru" />
+	<target host="click.alfabank.ru" />
+	<target host="club.alfabank.ru" />
+	<target host="ibank.alfabank.ru" />
+	<target host="link.alfabank.ru" />
+	<target host="potok.alfabank.ru" />
+	<target host="sense.alfabank.ru" />
+	<target host="zp.alfabank.ru" />
+	<target host="scf.alfabank.ru" />
+	<target host="pay.alfabank.ru" />
+	<target host="agent.alfabank.ru" />
+	<target host="slolpcf.alfabank.ru" />
+	<target host="flecs.alfabank.ru" />
+	<target host="reg-alfabank.ru" />
+	<target host="www.reg-alfabank.ru" />
+	<target host="click.alfabank.kz" />
+	<target host="ibank.alfabank.kz" />
+	<target host="p2p.alfabank.kz" />
+	<target host="sslcheck.alfabank.kz" />
+	<target host="alfaportal.kz" />
+	<target host="www.alfaportal.kz" />
+	<target host="p2p.alfaportal.kz" />
+
+	<rule from="^http://alfaportal\.ru/"
+		to="https://www.alfaportal.ru/" />
+
+	<test url="http://alfaportal.ru/" />
+
+	<rule from="^http://(?:www\.)?alfaportal\.kz/"
+		to="https://p2p.alfaportal.kz/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Alfresco.com.xml b/src/chrome/content/rules/Alfresco.com.xml
index 62feea3816e7..82af7d04cfb6 100644
--- a/src/chrome/content/rules/Alfresco.com.xml
+++ b/src/chrome/content/rules/Alfresco.com.xml
@@ -1,16 +1,47 @@
-<!-- This rule was automatically generated based on an HSTS
-     preload rule in the Chromium browser.  See
-     https://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.h
-     for the list of preloads.  Sites are added to the Chromium HSTS
-     preload list on request from their administrators, so HTTPS should
-     work properly everywhere on this site.
 
-     Because Chromium and derived browsers automatically force HTTPS for
-     every access to this site, this rule applies only to Firefox. -->
-<ruleset name="Alfresco.com" platform="firefox">
-<target host="my.alfresco.com" />
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://blogs.alfresco.com/ => https://blogs.alfresco.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://forums.alfresco.com/ => https://forums.alfresco.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://wiki.alfresco.com/ => https://wiki.alfresco.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 
-<securecookie host="^my\.alfresco\.com$" name=".+" />
+	Problematic hosts:
+		- forums *
 
-<rule from="^http://my\.alfresco\.com/" to="https://my.alfresco.com/" />
+	* Blocks Tor users
+
+	Mismatch:
+		- chat
+		- pages
+		- www2
+
+	Wrong content:
+		- dev
+-->
+<ruleset name="Alfresco.com" default_off="failed ruleset test">
+	<target host="alfresco.com" />
+	<target host="www.alfresco.com" />
+	<target host="activiti.alfresco.com" />
+	<target host="addons.alfresco.com" />
+	<target host="artifacts.alfresco.com" />
+	<target host="blogs.alfresco.com" />
+	<target host="cmis.alfresco.com" />
+	<target host="developer.alfresco.com" />
+	<target host="docs.alfresco.com" />
+	<target host="forums.alfresco.com" />
+	<target host="issues.alfresco.com" />
+	<target host="maven.alfresco.com" />
+	<target host="my.alfresco.com" />
+	<target host="partners.alfresco.com" />
+	<target host="summit.alfresco.com" />
+	<target host="svn.alfresco.com" />
+	<target host="testdrive.alfresco.com" />
+	<target host="translation.alfresco.com" />
+	<target host="university.alfresco.com" />
+	<target host="wiki.alfresco.com" />
+
+	<securecookie host="^my\.alfresco\.com$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Alftwa.com.xml b/src/chrome/content/rules/Alftwa.com.xml
new file mode 100644
index 000000000000..253566c2d69d
--- /dev/null
+++ b/src/chrome/content/rules/Alftwa.com.xml
@@ -0,0 +1,14 @@
+<!--
+	Invalid Certificate:
+		alftwa.com
+-->
+<ruleset name="Alftwa.com" platform="mixedcontent">
+	<target host="alftwa.com" />
+	<target host="www.alftwa.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://alftwa\.com/" to="https://www.alftwa.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Algonquin-College.xml b/src/chrome/content/rules/Algonquin-College.xml
new file mode 100644
index 000000000000..826c255c904e
--- /dev/null
+++ b/src/chrome/content/rules/Algonquin-College.xml
@@ -0,0 +1,18 @@
+<ruleset name="Algonquin College">
+	<target host="*.algonquincollege.com" />
+
+	<securecookie host="^([\w.-]+)\.algonquincollege\.com$" name=".+" />
+
+	<test url="http://www.algonquincollege.com/" />
+	<test url="http://www.algonquincollege.com/studentfeedback/" />
+	<test url="http://www.algonquincollege.com/library/" />
+	<test url="http://liveac.algonquincollege.com/" />
+	<test url="http://m.algonquincollege.com/" />
+	<test url="http://myalgonquin2.algonquincollege.com/" />
+
+	<rule from="^http://([\w.-]+)\.algonquincollege\.com/"
+		to="https://$1.algonquincollege.com/" />
+
+	<!-- Does not reply with any content to HTTPS. -->
+	<exclusion pattern="^http://myalgonquin2\.algonquincollege\.com/" />
+</ruleset>
diff --git a/src/chrome/content/rules/Algorithmwatch.org.xml b/src/chrome/content/rules/Algorithmwatch.org.xml
new file mode 100644
index 000000000000..96e62bd34acd
--- /dev/null
+++ b/src/chrome/content/rules/Algorithmwatch.org.xml
@@ -0,0 +1,5 @@
+<ruleset name="Algorithmwatch.org">
+	<target host="algorithmwatch.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Alhaqlah.com.xml b/src/chrome/content/rules/Alhaqlah.com.xml
new file mode 100644
index 000000000000..c975b80fad96
--- /dev/null
+++ b/src/chrome/content/rules/Alhaqlah.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="Alhaqlah.com">
+	<target host="alhaqlah.com" />
+	<target host="www.alhaqlah.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AliCDN.com.xml b/src/chrome/content/rules/AliCDN.com.xml
new file mode 100644
index 000000000000..543ab6b7bd3d
--- /dev/null
+++ b/src/chrome/content/rules/AliCDN.com.xml
@@ -0,0 +1,154 @@
+<!--
+	For other Alibaba coverage, see Alibaba.xml.
+
+
+	CDN buckets:
+
+		- gd[1-4].alicdn.com.danuoyi.tbcache.com
+		- gju1.alicdn.com.danuoyi.tbcache.com
+		- gw[123].alicdn.com.danuoyi.tbcache.com
+		- gi3.md.alicdn.com.danuoyi.tbcache.com
+
+
+	Nonfunctional hosts in *alicdn.com:
+
+		- f0[1-3].s
+		- gi3.md ¹
+		- g.search ¹
+		- g.search[123] ¹
+
+	¹ 504, akamai
+
+
+	Problematic hosts in *alicdn.com:
+
+		- g0[1-4].a ¹
+		- atms0[12] ²
+		- g0[1-4].s ¹
+		- g0[1-4].t ²
+
+	¹ Mismatched
+	² Akamai / mismatched
+
+	Time out:
+		- im
+
+	Check encoding error:
+		- static-src
+
+-->
+<ruleset name="AliCDN.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ae01.alicdn.com" />
+	<target host="ae02.alicdn.com" />
+	<target host="ae03.alicdn.com" />
+	<target host="ae04.alicdn.com" />
+	<target host="af.alicdn.com" />
+	<target host="alinw.alicdn.com" />
+	<target host="alp.alicdn.com" />
+	<target host="amos.alicdn.com" />
+	<target host="asearch.alicdn.com" />
+	<target host="assets.alicdn.com" />
+	<target host="astatic.alicdn.com" />
+	<target host="astyle.alicdn.com" />
+	<target host="astyle-src.alicdn.com" />
+	<target host="atbk.alicdn.com" />
+	<target host="atp.alicdn.com" />
+	<target host="at.alicdn.com" />
+	<target host="cbu01.alicdn.com" />
+	<target host="cbu02.alicdn.com" />
+	<target host="cbu03.alicdn.com" />
+	<target host="cbu04.alicdn.com" />
+	<target host="download.alicdn.com" />
+	<target host="g.alicdn.com" />
+	<target host="gaitaobao1.alicdn.com" />
+	<target host="gd1.alicdn.com" />
+	<target host="gd2.alicdn.com" />
+	<target host="gd3.alicdn.com" />
+	<target host="gd4.alicdn.com" />
+	<target host="gdp.alicdn.com" />
+	<target host="gju1.alicdn.com" />
+	<target host="gju2.alicdn.com" />
+	<target host="gju3.alicdn.com" />
+	<target host="gju4.alicdn.com" />
+	<target host="gqrcode.alicdn.com" />
+	<target host="gtms01.alicdn.com" />
+	<target host="gtms02.alicdn.com" />
+	<target host="gtms03.alicdn.com" />
+	<target host="gtms04.alicdn.com" />
+	<target host="gtd.alicdn.com" />
+	<target host="gw.alicdn.com" />
+	<target host="gw1.alicdn.com" />
+	<target host="gw2.alicdn.com" />
+	<target host="gw3.alicdn.com" />
+	<target host="gwebmail4f.alicdn.com" />
+	<target host="i.alicdn.com" />
+	<target host="img.alicdn.com" />
+	<target host="is.alicdn.com" />
+	<target host="m.alicdn.com" />
+	<target host="medici.alicdn.com" />
+	<target host="osdsc.alicdn.com" />
+	<target host="sc01.alicdn.com" />
+	<target host="sc02.alicdn.com" />
+	<target host="sc03.alicdn.com" />
+	<target host="sc04.alicdn.com" />
+	<target host="tms.alicdn.com" />
+	<target host="tongji.alicdn.com" />
+	<target host="u.alicdn.com" />
+	<target host="wwc.alicdn.com" />
+
+		<test url="http://alp.alicdn.com/1472160912042.png" />
+		<test url="http://g.alicdn.com/ilw/lib/1.7.8/widget/wukong/highlight.css" />
+		<test url="http://gtms01.alicdn.com/tps/i1/T1JT1SFq8iXXaeHbsb-100-100.png" />
+		<test url="http://gtms02.alicdn.com/tps/i2/T1d25RFhxXXXcwAHbb-196-2.jpg" />
+		<test url="http://gtms03.alicdn.com/tps/i3/TB1QfpUGFXXXXc.aXXXomyfHXXX-50-62.png" />
+		<test url="http://gtms04.alicdn.com/tps/i4/T1BdpMFxVkXXaeHbsb-100-100.png" />
+		<test url="http://gtms04.alicdn.com/tps/i4/TB1gOTqHFXXXXcSXXXXPM.1.VXX-13-9.png" />
+		<test url="http://gw.alicdn.com/tps/TB1LInkKpXXXXX_XXXXXXXXXXXX-363-601.png" />
+		<test url="http://i.alicdn.com/ae-footer/20150916140500/common/img/android.png" />
+		<test url="http://img.alicdn.com/tps/TB1Ft5WKpXXXXbpaXXXXXXXXXXX-105-62.png" />
+		<test url="http://img.alicdn.com/tps/i2/TB10urlMXXXXXcGXXXXktKu3VXX-1920-20.jpg" />
+		<test url="http://is.alicdn.com/images/eng/wholesale/icon/loading-middle.gif" />
+
+	<!--	Complications:
+				-->
+	<target host="g01.a.alicdn.com" />
+	<target host="g02.a.alicdn.com" />
+	<target host="g03.a.alicdn.com" />
+	<target host="g04.a.alicdn.com" />
+
+	<target host="atms01.alicdn.com" />
+	<target host="atms02.alicdn.com" />
+
+	<target host="g01.s.alicdn.com" />
+	<target host="g02.s.alicdn.com" />
+	<target host="g03.s.alicdn.com" />
+	<target host="g04.s.alicdn.com" />
+
+	<target host="g01.t.alicdn.com" />
+	<target host="g02.t.alicdn.com" />
+	<target host="g03.t.alicdn.com" />
+	<target host="g04.t.alicdn.com" />
+
+
+	<rule from="^http://atms0(\d)\.alicdn\.com/"
+		to="https://gtms0$1.alicdn.com/" />
+
+	<rule from="^http://g0(\d)\.[ast]\.alicdn\.com/"
+		to="https://sc0$1.alicdn.com/" />
+
+		<test url="http://g01.a.alicdn.com/kf/HTB1DfoKLpXXXXaUXVXXq6xXFXXXW/Best-Quality-free-shipping-havana-braids-havana-twist-braids-havana-crochet-braids-havana-mambo-twist-braiding.jpg_50x50.jpg" />
+		<test url="http://g02.a.alicdn.com/kf/HTB12XEVLpXXXXa_XFXXq6xXFXXXp/Best-Quality-free-shipping-havana-braids-havana-twist-braids-havana-crochet-braids-havana-mambo-twist-braiding.jpg_50x50.jpg" />
+		<test url="http://g03.a.alicdn.com/kf/HTB1Ce7XKVXXXXcQXFXXq6xXFXXXH/Best-Quality-free-shipping-havana-braids-havana-twist-braids-havana-crochet-braids-havana-mambo-twist-braiding.jpg_50x50.jpg" />
+		<test url="http://g04.a.alicdn.com/kf/HTB1XjsCLpXXXXaRaXXXq6xXFXXXf/Best-Quality-free-shipping-havana-braids-havana-twist-braids-havana-crochet-braids-havana-mambo-twist-braiding.jpg_50x50.jpg" />
+		<test url="http://g01.t.alicdn.com/kf/UT8W8zPXztXXXagOFbXi.jpg_220x10000.jpg" />
+		<test url="http://g02.t.alicdn.com/kf/UT8C2bRXE0XXXagOFbXy.jpg_220x10000.jpg" />
+		<test url="http://g03.t.alicdn.com/kf/UT8I8YNXERaXXagOFbXf.jpg_120x120.jpg" />
+		<test url="http://g04.t.alicdn.com/kf/UT8KLzYXbXXXXagOFbXs.jpg_120x120.jpg" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AliExpress.com.xml b/src/chrome/content/rules/AliExpress.com.xml
new file mode 100644
index 000000000000..14cd496bd84d
--- /dev/null
+++ b/src/chrome/content/rules/AliExpress.com.xml
@@ -0,0 +1,179 @@
+<!--
+	For rules causing MCB, see aliexpress.com-mixedcontent.xml.
+
+	For other Alibaba coverage, see Alibaba.xml.
+
+
+	Nonfunctional hosts in *aliexpress.com:
+
+		- bbs.seller ¹
+		- escrow
+		- m.fulfillment ²
+
+	¹ Dropped
+	² Invalid certificate
+
+
+	Problematic hosts in *aliexpress.com:
+
+		- $self ˣ
+		- www ˣ
+		- activities ˣ
+		- daxue ˣ
+		- fulfillment ˣ
+		- open ˣ
+		- seller ˣ
+
+	ˣ Active mixed content, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- .aliexpress.com
+		- www.aliexpress.com
+		- best.aliexpress.com
+		- coupon.aliexpress.com
+		- group.aliexpress.com
+		- my.aliexpress.com
+		- promotion.aliexpress.com
+		- shoppingcart.aliexpress.com
+		- university.aliexpress.com
+		- (locale_vhost).aliexpress.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- iframe on seller from $self ˢ
+
+		- css, on:
+
+			- www from style.aliunicorn.com
+			- activities, daxue, open, th from style.aliunicorn.com ˢ
+			- fulfillment from style.alibaba.com ˢ
+			- seller from style.alibaba.com
+			- sale from i0\d.i.aliimg.com ˢ
+
+		- js, on:
+
+			- seller from style.alibaba.com
+			- www, seller from style.aliexpress.com
+			- www, open from style.aliunicorn.com
+
+		- Images, on:
+
+			- activities, open from img.alibaba.com ˢ
+			- activities, fulfillment, seller from i0\d.i.aliimg.com ˢ
+			- activities from style.aliunicorn.com ˢ
+			- fulfillment, hz from img.alibaba.com ˢ
+			- open from gtms01.alicdn.com
+			- university from gtms04.alicdn.com ˢ
+
+		- Bug on activities, daxue, fulfillment, open, seller from dmtracking2.alibaba.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="AliExpress.com (partial)">
+
+	<!--target host="aliexpress.com" /-->
+	<!--target host="www.aliexpress.com" /-->
+	<!--target host="activities.aliexpress.com" /-->
+	<target host="us.ae.aliexpress.com" />
+	<target host="ar.aliexpress.com" />
+	<target host="m.ar.aliexpress.com" />
+	<target host="best.aliexpress.com" />
+	<target host="brands.aliexpress.com" />
+	<target host="s.click.aliexpress.com" />
+	<target host="collections.aliexpress.com" />
+	<target host="compare.aliexpress.com" />
+	<target host="coupon.aliexpress.com" />
+	<!--target host="daxue.aliexpress.com" /-->
+	<target host="de.aliexpress.com" />
+	<target host="m.de.aliexpress.com" />
+	<target host="es.aliexpress.com" />
+	<target host="m.es.aliexpress.com" />
+	<target host="flashdeals.aliexpress.com" />
+	<target host="fr.aliexpress.com" />
+	<target host="m.fr.aliexpress.com" />
+	<!--target host="fulfillment.aliexpress.com" /-->
+	<target host="fuwu.aliexpress.com" />
+	<target host="gaga.aliexpress.com" />
+	<target host="group.aliexpress.com" />
+	<target host="he.aliexpress.com" />
+	<target host="help.aliexpress.com" />
+	<target host="home.aliexpress.com" />
+	<target host="hz.aliexpress.com" />
+	<target host="id.aliexpress.com" />
+	<target host="m.id.aliexpress.com" />
+	<target host="it.aliexpress.com" />
+	<target host="m.it.aliexpress.com" />
+	<target host="ja.aliexpress.com" />
+	<target host="m.ja.aliexpress.com" />
+	<target host="ko.aliexpress.com" />
+	<target host="m.ko.aliexpress.com" />
+	<target host="login.aliexpress.com" />
+	<target host="m.aliexpress.com" />
+	<target host="mai.aliexpress.com" />
+	<target host="my.aliexpress.com" />
+	<target host="nl.aliexpress.com" />
+	<target host="m.nl.aliexpress.com" />
+	<!--target host="open.aliexpress.com" /-->
+	<target host="page.aliexpress.com" />
+	<target host="pl.aliexpress.com" />
+	<target host="promotion.aliexpress.com" />
+	<target host="pt.aliexpress.com" />
+	<target host="m.pt.aliexpress.com" />
+	<target host="report.aliexpress.com" />
+	<target host="sale.aliexpress.com" />
+	<!--target host="seller.aliexpress.com" /-->
+	<target host="marketplace.seller.aliexpress.com" />
+	<target host="shoppingcart.aliexpress.com" />
+	<target host="superdeals.aliexpress.com" />
+	<target host="ru.aliexpress.com" />
+	<target host="m.ru.aliexpress.com" />
+	<target host="th.aliexpress.com" />
+	<target host="m.th.aliexpress.com" />
+	<target host="tr.aliexpress.com" />
+	<target host="m.tr.aliexpress.com" />
+	<target host="trade.aliexpress.com" />
+	<target host="u.aliexpress.com" />
+	<target host="university.aliexpress.com" />
+	<target host="vi.aliexpress.com" />
+	<target host="m.vi.aliexpress.com" />
+	<target host="track.aliexpress.com" />
+	<target host="lighthouse.aliexpress.com" />
+	<target host="message.aliexpress.com" />
+
+		<!--	Mixed css:
+					-->
+		<!--test url="http://aliexpress.com/buyerprotection/overview.html" /-->
+		<!--test url="http://www.aliexpress.com/buyerprotection/overview.html" /-->
+		<!--test url="http://daxue.aliexpress.com/goodseller.php" /-->
+		<!--test url="http://open.aliexpress.com/shopmarket/index.htm" /-->
+		<!--test url="http://page.aliexpress.com/tips-for-new-users.htm" /-->
+		<!--test url="http://seller.aliexpress.com/trad.html" /-->
+
+		<!--	Mixed js:
+					-->
+		<!--test url="http://aliexpress.com/buyerprotection/overview.html" /-->
+		<!--test url="http://www.aliexpress.com/buyerprotection/overview.html" /-->
+		<!--test url="http://open.aliexpress.com/shopmarket/index.htm" /-->
+		<!--test url="http://seller.aliexpress.com/trad.html" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.aliexpress\.com$" name="^(?:aep_usuc_f|ali_apache_track|ali_apache_tracktmp|intl_common_forever|intl_locale|xman_us_f)$" /-->
+	<!--securecookie host="^(?:ar|best|de|my|group|he|id|it|ja|ko|nl|pl|promotion|pt|ru|shoppingcart|th|tr|vi|www)\.aliexpress\.com$" name="^JSESSIONID$" /-->
+	<!--securecookie host="^(?:coupon|university)\.aliexpress\.com$" name="^(?:_mle_tmp0|JSESSIONID)$" /-->
+
+	<securecookie host="^\." name="^ali_apache_track(?:tmp)?$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Alianza.xml b/src/chrome/content/rules/Alianza.xml
index 8ba690b444ed..2694c63038ca 100644
--- a/src/chrome/content/rules/Alianza.xml
+++ b/src/chrome/content/rules/Alianza.xml
@@ -1,13 +1,12 @@
 <ruleset name="Alianza">
 
 	<target host="alianza.tv" />
-	<target host="*.alianza.tv" />
+	<target host="www.alianza.tv" />
 
 
 	<securecookie host="\.alianza\.tv$" name=".+" />
 
 
-	<rule from="^http://(www\.)?alianza\.tv/"
-		to="https://$1alianza.tv/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Alias.io.xml b/src/chrome/content/rules/Alias.io.xml
new file mode 100644
index 000000000000..bccd36cf11a3
--- /dev/null
+++ b/src/chrome/content/rules/Alias.io.xml
@@ -0,0 +1,9 @@
+<ruleset name="alias.io">
+
+	<target host="alias.io" />
+	<target host="www.alias.io" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Alibaba.xml b/src/chrome/content/rules/Alibaba.xml
index ea4fd5f812ac..b2f12135f9ee 100644
--- a/src/chrome/content/rules/Alibaba.xml
+++ b/src/chrome/content/rules/Alibaba.xml
@@ -1,8 +1,30 @@
 <!--
 	Other Alibaba rulesets:
 
+		- alibaba-inc.com.xml
+		- AliCDN.com.xml
+		- AliExpress.com.xml
+		- Aliimg.com.xml
+		- aliloan.com.xml
+		- Alimama.com.xml
 		- Alipay.com.xml
+		- Alitrip.com.xml
+		- Aliunicorn.com.xml
 		- Aliyun.com.xml
+		- aliyun-inc.com.xml
+		- aliyuncs.com.xml
+		- antsdaq.com.xml
+		- dingtalk.com.xml
+		- ETAO.com.xml
+		- itao.com.xml
+		- Kanbox.com.xml
+		- laiwang.com.xml
+		- Mmstat.com.xml
+		- mybank.cn.xml
+		- net.cn.xml
+		- Tb.cn.xml
+		- Tmall.HK.xml
+		- YunOS.com.xml
 
 
 	CDN buckets:
@@ -11,17 +33,9 @@
 
 			- style.alibaba.com
 
-		- gd[1-4].alicdn.com.danuoyi.tbcache.com
 
-		- gju1.alicdn.com.danuoyi.tbcache.com
-
-		- gw[123].alicdn.com.danuoyi.tbcache.com
-
-		- gi3.md.alicdn.com.danuoyi.tbcache.com
-
-		- i0[123].i.aliimg.com.edgesuite.net
-
-		- style.aliunicorn.com.edgesuite.net
+	Invalid certificates:
+		- portal.manjushri.alibaba.com (expired)
 
 
 	Nonfunctional domains:
@@ -31,109 +45,311 @@
 
 		- alibaba.com subdomains:
 
-			- (www.) ¹
-			- activities ¹
-			- buyer ¹
-			- campus ³
+			- ask ³
 			- china ¹
-			- chinasuppliers ¹
-			- credit ¹
-			- creditma ¹
-			- customs ¹
+			- creditma ³
 			- dmtracking ²
-			- expo ¹
-			- us.favorite ¹
+			- expo ³
+			- us.favorite ³
+			- hindi ³
 			- download.im ¹
-			- img ⁴
-			- importer ¹
-			- inspection ¹
-			- legal ¹
+			- jubao ³
 			- us.my ³
-			- news ¹
-			- notification ³
+			- oak *
 			- us.enmatch.p4p ¹
-			- sa ¹
-			- seller ¹
-			- sourcing ¹
 			- hz.sourcing ¹
+			- static ³
 			- style ⁴
-			- trademanager ¹
-
-		- alicdn.com subdomains:
-
-			- gd[1-4] ¹
-			- gju1 ¹
-			- gqrcode ¹
-			- gtms0[1-4] ¹
-			- gw[123] ¹
-			- gi3.md ¹
-			- g.search ¹
-			- g.search[123] ¹
-
-		- aliexpress.com subdomains:
-
-			- ^ ³
-			- compare ³
-			- de ¹
-			- es ¹
-			- fr ¹
-			- gaga ¹
-			- it ¹
-			- ja ¹
-			- ko ¹
-			- m ¹
-			- nl ¹
-			- promotion ¹
-			- pt ¹
-			- ru ¹
-			- seller ³
-			- www ¹
-
-		- aliimg.com subdomains:
-
-			- static.c ³
-			- stat.gmonitor ¹
-			- i0[0123].i ⁴
-
-		- style.aliunicorn.com ⁴
+			- sh.vip ³
+			- waimaoquan ³
 
 		- x.limgs.cn ¹
 
+	** Redirects to 200 error2.html
 	¹ Refused
 	² Reset
 	³ Dropped
 	⁴ 504, akamai
 
 
-	Fully covered domains:
-
-		- alibaba.com subdomains:
-
-			- 102
-			- job
-			- login
-			- style		(→ stylessl)
-			- stylessl
-
-		- login.aliexpress.com
+	Problematic hosts in *alibaba.com:
+
+		- gw.api ˣ
+		- www.bd *
+		- img.china *
+		- www.[^.]+.en *
+		- www.[^.]+.fm *
+		- img ²
+		- www.ir *
+
+	* Mismatched
+	² Akamai / mismatched
+	ˣ Mixed css, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- .alibaba.com
+		- accounts.alibaba.com
+		- ads.alibaba.com
+		- bns.alibaba.com
+		- biz.alibaba.com
+		- campus.alibaba.com
+		- channel.alibaba.com
+		- cluster.alibaba.com
+		- dai.alibaba.com
+		- data.alibaba.com
+		- fuwu.alibaba.com
+		- globalexpo.alibaba.com
+		- hzmy.alibaba.com
+		- job.alibaba.com
+		- login.alibaba.com
+		- logistics.alibaba.com
+		- m.alibaba.com
+		- portal.manjushri.alibaba.com
+		- message.alibaba.com
+		- news.alibaba.com
+		- onetouch.alibaba.com
+		- peixun.alibaba.com
+		- resources.alibaba.com
+		- rfq.alibaba.com
+		- rule.alibaba.com
+		- sa.alibaba.com
+		- security.alibaba.com
+		- seller.alibaba.com
+		- service.alibaba.com
+		- sourcing.alibaba.com
+		- tradeassurance.alibaba.com
+		- trademanager.alibaba.com
+		- wholesaler.alibaba.com
+		- www.alibaba.com
+		- www2.alibaba.com
+		- (locale_vhost).alibaba.com
+		- m.(locale_vhost).alibaba.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css, on:
+			- gw.api from style.c.aliimg.com ˢ
+			- india from style.aliunicorn.com ˢ
+
+		- Images, on:
+
+			- chnwh.en, resources from g0\d.s.alicdn.com ˢ
+			- gw.api, ggs from img.alibaba.com ˢ
+			- potal.manjushri from $self ˢ
+			- potal.manjushri from crm-kms.alibaba-inc.com
+			- potal.manjushri, open, resources, security, seller from gtms0\d.alicdn.com ˢ
+			- open from img01.taobaocdn.com ˢ
+			- www from i0\d.i.aliimg.com ˢ
+
+		- Ads/bugs, on:
+
+			- error from dmtracking2.alibaba.com ˢ
+			- portal.manjushri from activities.alibaba.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="Alibaba (partial)">
-
-	<target host="login.aliexpress.com" />
-	<target host="*.alibaba.com" />
-
-
-	<securecookie host="^(?:102|escrow|job)\.alibaba\.com$" name=".*" />
-
-
-	<rule from="^http://login\.aliexpress\.com/"
-		to="https://login.aliexpress.com/" />
-
-	<rule from="^http://(102|escrow|job|login)\.alibaba\.com/"
-		to="https://$1.alibaba.com/" />
-
-	<rule from="^http://style(?:ssl)?\.alibaba\.com/"
+<ruleset name="Alibaba.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="alibaba.com" />
+	<target host="102.alibaba.com" />
+	<target host="accounts.alibaba.com" />
+	<target host="activities.alibaba.com" />
+		<test url="http://activities.alibaba.com/alibaba/wholesale_success.php" />
+	<target host="ads.alibaba.com" />
+	<target host="us.ae.alibaba.com" />
+	<!--target host="gw.api.alibaba.com" /-->
+	<target host="app.alibaba.com" />
+	<target host="arabic.alibaba.com" />
+	<target host="m.arabic.alibaba.com" />
+	<target host="bd.alibaba.com" />
+	<target host="biz.alibaba.com" />
+	<target host="bns.alibaba.com" />
+	<target host="buyer.alibaba.com" />
+	<target host="campus.alibaba.com" />
+	<target host="channel.alibaba.com" />
+	<target host="chinasuppliers.alibaba.com" />
+	<target host="cluster.alibaba.com" />
+	<target host="community.alibaba.com" />
+	<target host="credit.alibaba.com" />
+	<target host="customs.alibaba.com" />
+	<target host="dai.alibaba.com" />
+	<target host="data.alibaba.com" />
+	<target host="dutch.alibaba.com" />
+	<target host="m.dutch.alibaba.com" />
+	<target host="error.alibaba.com" />
+	<target host="escrow.alibaba.com" />
+	<target host="exporter.alibaba.com" />
+	<target host="french.alibaba.com" />
+	<target host="m.french.alibaba.com" />
+	<target host="fuwu.alibaba.com" />
+	<target host="german.alibaba.com" />
+	<target host="m.german.alibaba.com" />
+	<target host="ggs.alibaba.com" />
+	<target host="globalexpo.alibaba.com" />
+	<target host="guide.alibaba.com" />
+	<target host="hebrew.alibaba.com" />
+	<target host="m.hebrew.alibaba.com" />
+	<target host="hzmy.alibaba.com" />
+	<target host="ibp.alibaba.com" />
+	<target host="importer.alibaba.com" />
+	<target host="india.alibaba.com" />
+	<target host="indonesian.alibaba.com" />
+	<target host="m.indonesian.alibaba.com" />
+	<target host="inspection.alibaba.com" />
+	<target host="ir.alibaba.com" />
+	<target host="italian.alibaba.com" />
+	<target host="japanese.alibaba.com" />
+	<target host="m.japanese.alibaba.com" />
+	<target host="jaq.alibaba.com" />
+	<target host="job.alibaba.com" />
+	<target host="korean.alibaba.com" />
+	<target host="m.korean.alibaba.com" />
+	<target host="legal.alibaba.com" />
+	<target host="login.alibaba.com" />
+	<target host="logistics.alibaba.com" />
+	<target host="m.alibaba.com" />
+	<!--target host="portal.manjushri.alibaba.com" /-->
+	<target host="message.alibaba.com" />
+	<target host="mlma.alibaba.com" />
+	<target host="news.alibaba.com" />
+	<target host="notification.alibaba.com" />
+	<target host="onetouch.alibaba.com" />
+	<target host="open.alibaba.com" />
+	<target host="p4p.alibaba.com" />
+	<target host="passport.alibaba.com" />
+	<target host="peixun.alibaba.com" />
+	<target host="portuguese.alibaba.com" />
+	<target host="m.portuguese.alibaba.com" />
+	<target host="qd.alibaba.com" />
+	<target host="resources.alibaba.com" />
+	<target host="rfq.alibaba.com" />
+	<target host="rule.alibaba.com" />
+	<target host="russian.alibaba.com" />
+	<target host="m.russian.alibaba.com" />
+	<target host="sa.alibaba.com" />
+	<target host="security.alibaba.com" />
+	<target host="selection.alibaba.com" />
+	<target host="seller.alibaba.com" />
+	<target host="service.alibaba.com" />
+	<target host="sourcing.alibaba.com" />
+	<target host="spanish.alibaba.com" />
+	<target host="m.spanish.alibaba.com" />
+	<target host="stylessl.alibaba.com" />
+	<target host="survey.alibaba.com" />
+	<target host="th.alibaba.com" />
+	<target host="thai.alibaba.com" />
+	<target host="m.thai.alibaba.com" />
+	<target host="tradeassurance.alibaba.com" />
+	<target host="trademanager.alibaba.com" />
+	<target host="tradeshow.alibaba.com" />
+	<target host="*.trustpass.alibaba.com" />
+	<target host="turkish.alibaba.com" />
+	<target host="m.turkish.alibaba.com" />
+	<target host="vietnamese.alibaba.com" />
+	<target host="m.vietnamese.alibaba.com" />
+	<target host="wholesale.alibaba.com" />
+	<target host="wholesaler.alibaba.com" />
+	<target host="trustpass.alibaba.com" />
+	<target host="www.alibaba.com" />
+	<target host="www2.alibaba.com" />
+
+		<!--	Mixed css:
+					-->
+		<!--test url="http://gw.api.alibaba.com/dev/doc/intl/sys_description.htm?ns=aliexpress.open" /-->
+
+
+	<!--	Complications:
+				-->
+	<target host="www.bd.alibaba.com" />
+	<target host="img.china.alibaba.com" />
+	<target host="*.en.alibaba.com" />
+	<target host="*.fm.alibaba.com" />
+	<target host="img.alibaba.com" />
+	<target host="style.alibaba.com" />
+
+		<exclusion pattern="^http://(?!www\.)(?:[^./]+\.){2,}(?:en|fm)\.alibaba\.com/" />
+
+			<!--	+ve:
+					-->
+			<test url="http://this.host.en.alibaba.com/" />
+			<test url="http://exists.not.en.alibaba.com/" />
+			<test url="http://this.host.fm.alibaba.com/" />
+			<test url="http://exists.not.fm.alibaba.com/" />
+
+			<!--	-ve:
+					-->
+			<test url="http://chnwh.en.alibaba.com/" />
+			<test url="http://e-show.en.alibaba.com/" />
+			<test url="http://elego.en.alibaba.com/" />
+			<test url="http://gdvcl.en.alibaba.com/" />
+			<test url="http://higee.en.alibaba.com/" />
+			<test url="http://honren.en.alibaba.com/" />
+			<test url="http://hyxcables.en.alibaba.com/" />
+			<test url="http://jnbest.en.alibaba.com/" />
+			<test url="http://kfelectric.en.alibaba.com/" />
+			<test url="http://kpanda.en.alibaba.com/" />
+			<test url="http://saidfactory.en.alibaba.com/" />
+			<test url="http://sandoobags.en.alibaba.com/" />
+			<test url="http://szwst.en.alibaba.com/" />
+			<test url="http://tuoshi.en.alibaba.com/" />
+			<test url="http://yihay.en.alibaba.com/" />
+
+			<test url="http://balifurnish.fm.alibaba.com/" />
+			<test url="http://brightflexcoltd.fm.alibaba.com/" />
+			<test url="http://ckinterbiz.fm.alibaba.com/" />
+			<test url="http://dahsheng.fm.alibaba.com/" />
+			<test url="http://inge1999.fm.alibaba.com/" />
+			<test url="http://jscymz.fm.alibaba.com/" />
+
+		<exclusion pattern="^http://(?:[^./]+\.){2,}trustpass\.alibaba\.com/" />
+
+			<!--	+ve:
+					-->
+			<test url="http://this.host.trustpass.alibaba.com/" />
+			<test url="http://exists.not.trustpass.alibaba.com/" />
+
+			<!--	-ve:
+					-->
+			<test url="http://anindofurniture.trustpass.alibaba.com/" />
+			<test url="http://atec.trustpass.alibaba.com/" />
+			<test url="http://saidfactory.trustpass.alibaba.com/" />
+			<test url="http://tokyobelt.trustpass.alibaba.com/" />
+
+		<!--	$ 404s, so:
+					-->
+		<test url="http://bns.alibaba.com/info_detail.htm?id=1003120&amp;subjectId=14550508" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://www\.bd\.alibaba\.com/"
+		to="https://bd.alibaba.com/" />
+
+	<rule from="^http://img\.china\.alibaba\.com/"
+		to="https://cbu01.alicdn.com/" />
+
+	<rule from="^http://www\.([^.]+)\.(en|fm)\.alibaba\.com/"
+		to="https://$1.$2.alibaba.com/" />
+
+		<test url="http://www.forever-lasting.en.alibaba.com/" />
+		<test url="http://www.fsiusa.fm.alibaba.com/" />
+		<test url="http://www.raphael.fm.alibaba.com/" />
+		<test url="http://www.senlips.fm.alibaba.com/" />
+		<test url="http://www.tador.fm.alibaba.com/" />
+
+	<rule from="^http://img\.alibaba\.com/"
+		to="https://is.alicdn.com/" />
+
+	<rule from="^http://style\.alibaba\.com/"
 		to="https://stylessl.alibaba.com/" />
 
+	<rule from="^http:"	to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/AliceDSL.xml b/src/chrome/content/rules/AliceDSL.xml
index 8514f35992b9..40da09b5cc2d 100644
--- a/src/chrome/content/rules/AliceDSL.xml
+++ b/src/chrome/content/rules/AliceDSL.xml
@@ -1,11 +1,22 @@
-<ruleset name="AliceDSL">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://alice.de/ => https://www.alice-dsl.de/: (7, 'Failed to connect to www.alice-dsl.de port 443: No route to host')
+Fetch error: http://alice-dsl.de/ => https://www.alice-dsl.de/: (7, 'Failed to connect to www.alice-dsl.de port 443: No route to host')
+Fetch error: http://www.alice-dsl.de/ => https://www.alice-dsl.de/: (7, 'Failed to connect to www.alice-dsl.de port 443: No route to host')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://alice.de/ => https://www.alice-dsl.de/: (7, 'Failed to connect to www.alice-dsl.de port 443: No route to host')
+Fetch error: http://alice-dsl.de/ => https://www.alice-dsl.de/: (7, 'Failed to connect to www.alice-dsl.de port 443: No route to host')
+Fetch error: http://www.alice-dsl.de/ => https://www.alice-dsl.de/: (7, 'Failed to connect to www.alice-dsl.de port 443: No route to host')
+-->
+<ruleset name="AliceDSL" default_off="failed ruleset test">
   <target host="alice.de"/>
-  <target host="*.alice.de"/>
+  <target host="www.alice.de" />
   <target host="alice-dsl.de"/>
-  <target host="*.alice-dsl.de"/>
-  <target host="www.alice-dsl.de"/>
+  <target host="www.alice-dsl.de" />
 
-  <securecookie host="^(.*\.)?alice-dsl\.de$" name=".*" />
+  <securecookie host="^(?:.*\.)?alice-dsl\.de$" name=".+" />
 
   <rule from="^http://(?:www\.)?alice\.de/" to="https://www.alice-dsl.de/"/>
   <rule from="^http://alice\.de/" to="https://www.alice-dsl.de/"/>
diff --git a/src/chrome/content/rules/Alien.net.au.xml b/src/chrome/content/rules/Alien.net.au.xml
new file mode 100644
index 000000000000..58106913b7c5
--- /dev/null
+++ b/src/chrome/content/rules/Alien.net.au.xml
@@ -0,0 +1,18 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://alien.net.au/ => https://alien.net.au/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="Alien.net.au" default_off="failed ruleset test">
+
+	<target host="alien.net.au" />
+	<target host="www.alien.net.au" />
+
+
+	<securecookie host="^\.alien\.net\.au$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AlienVault.xml b/src/chrome/content/rules/AlienVault.xml
index 4ac003f18b38..b88087028d5e 100644
--- a/src/chrome/content/rules/AlienVault.xml
+++ b/src/chrome/content/rules/AlienVault.xml
@@ -8,23 +8,26 @@
 <ruleset name="AlienVault (partial)">
 
 	<target host="alienvault.com" />
-	<target host="*.alienvault.com" />
+	<target host="www.alienvault.com" />
+	<target host="cloud.alienvault.com" />
+	<target host="communities.alienvault.com" />
+	<target host="resources.alienvault.com" />
+	<target host="forums.alienvault.com" />
 
 
-	<securecookie host="^.*\.alienvault\.com$" name=".*" />
+	<securecookie host="^.*\.alienvault\.com$" name=".+" />
 
 
 	<!--	!www 301s recursively.
 					-->
-	<rule from="^https?://(?:www\.)?alienvault\.com/"
+	<rule from="^http://(?:www\.)?alienvault\.com/"
 		to="https://www.alienvault.com/" />
 
-	<rule from="^http://(cloud|communities|resources)\.alienvault\.com/"
-		to="https://$1.alienvault.com/" />
 
 	<!--	Doesn't redirect back, w00p.
 						-->
-	<rule from="^https?://forums\.alienvault\.com/"
+	<rule from="^http://forums\.alienvault\.com/"
 		to="https://alienvault.vanillaforums.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Aliimg.com.xml b/src/chrome/content/rules/Aliimg.com.xml
new file mode 100644
index 000000000000..fb6bd15bde50
--- /dev/null
+++ b/src/chrome/content/rules/Aliimg.com.xml
@@ -0,0 +1,85 @@
+<!--
+	For other Alibaba Group coverage, see Alibaba.xml.
+
+
+	CDN buckets:
+
+		- i0[123].i.aliimg.com.edgesuite.net
+
+
+	Nonfunctional hosts in *aliimg.com:
+
+		- static.c ¹
+		- stat.gmonitor ²
+
+	¹ Dropped
+	² Refused
+
+
+	Problematic hosts in *aliimg.com:
+
+		- i0[0-5].c *
+		- style.c ᴬ
+		- i0[23].i ᴬ
+		- kfdown.s ᵈ
+
+	ᴬ Akamai / mismatched
+	ᵈ Dropped, equivalent to another domain
+	* Mismatched
+
+-->
+<ruleset name="Aliimg.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="i01.lw.aliimg.com" />
+
+		<test url="http://i01.lw.aliimg.com/tfs/TB1_9_jIFXXXXXsXVXXj4DYOVXXLAIWANGo_1_560_560.60x60.jpg" />
+
+	<!--	Complications:
+				-->
+	<target host="i00.c.aliimg.com" />
+	<target host="i01.c.aliimg.com" />
+	<target host="i02.c.aliimg.com" />
+	<target host="i03.c.aliimg.com" />
+	<target host="i04.c.aliimg.com" />
+	<target host="i05.c.aliimg.com" />
+	<target host="style.c.aliimg.com" />
+
+	<target host="i02.i.aliimg.com" />
+	<target host="i03.i.aliimg.com" />
+	<target host="kfdown.s.aliimg.com" />
+
+
+	<rule from="^http://i0[05]\.c\.aliimg\.com/"
+		to="https://cbu01.alicdn.com/" />
+
+		<test url="http://i00.c.aliimg.com/img/ibank/2015/659/325/2305523956.jpg" />
+		<test url="http://i05.c.aliimg.com/img/ibank/2016/143/957/2926759341.jpg" />
+
+	<rule from="^http://i0(\d)\.c\.aliimg\.com/"
+		to="https://cbu0$1.alicdn.com/" />
+
+		<test url="http://i01.c.aliimg.com/img/ibank/2014/118/169/1150961811.jpg" />
+		<test url="http://i02.c.aliimg.com/img/ibank/2014/343/762/1476267343.jpg" />
+		<test url="http://i03.c.aliimg.com/img/ibank/2015/306/321/2360123603.jpg" />
+		<test url="http://i04.c.aliimg.com/img/ibank/2015/824/400/2410004428.jpg" />
+
+	<rule from="^http://style\.c\.aliimg\.com/"
+		to="https://astyle.alicdn.com/" />
+
+		<test url="http://style.c.aliimg.com/app/wholesale/css/subsite/module/alibar-v0.css" />
+
+	<rule from="^http://i0(\d)\.i\.aliimg\.com/"
+		to="https://sc0$1.alicdn.com/" />
+
+		<test url="http://i02.i.aliimg.com/images/cms/upload/icon/maintain_tool.png" />
+		<test url="http://i03.i.aliimg.com/images/cms/upload/fulfillment/banner_0_6_392x300.png" />
+
+	<rule from="^http://kfdown\.s\.aliimg\.com/"
+		to="https://is.alicdn.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Alimama.com.xml b/src/chrome/content/rules/Alimama.com.xml
new file mode 100644
index 000000000000..e1018721bf14
--- /dev/null
+++ b/src/chrome/content/rules/Alimama.com.xml
@@ -0,0 +1,74 @@
+<!--
+	For other Alibaba Group coverage, see Alibaba.xml.
+
+
+	Nonfunctional hosts in *alimama.com:
+
+		- ad *
+		- brand *
+		- c *
+		- club *
+		- dmp *
+		- help *
+		- m *
+		- majibao *
+		- media		Redirects to err.taobao.com
+		- pub *
+		- rule *
+		- ruyitou *
+
+	* Dropped
+
+
+	Problematic hosts in *alimama.com:
+
+		- ^ ¹
+		- open ¹
+		- taoke ²
+		- u ²
+
+	¹ Mismatched
+	² Server sends no certificate chain, see https://whatsmychaincert.com
+
+
+	Insecure cookies are set for these domains:
+
+		- .alimama.com
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- open from img.alimama.cn ¹
+			- taoke from gtms0\d.alicdn.com ²
+			- taoke from img0\d.taobaocdn.com ²
+
+	¹ Not secured by us <= mismatched
+	² Secured by us
+
+-->
+<ruleset name="Alimama.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<!--target host="u.alimama.com" /-->
+	<target host="www.alimama.com" />
+
+	<!--	Complications:
+				-->
+	<target host="alimama.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.alimama\.com$" name="^(?:_tb_token|cookie2|t|v)$" /-->
+
+
+	<rule from="^http://alimama\.com/"
+		to="https://www.alimama.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Alionet.org.xml b/src/chrome/content/rules/Alionet.org.xml
new file mode 100644
index 000000000000..58f57cd45c50
--- /dev/null
+++ b/src/chrome/content/rules/Alionet.org.xml
@@ -0,0 +1,17 @@
+<!--
+	Mixed content:
+
+		- Images from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Alionet.org">
+
+	<target host="alionet.org" />
+	<target host="www.alionet.org" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AliorBank.pl.xml b/src/chrome/content/rules/AliorBank.pl.xml
new file mode 100644
index 000000000000..57ea761623e4
--- /dev/null
+++ b/src/chrome/content/rules/AliorBank.pl.xml
@@ -0,0 +1,161 @@
+<!--
+	Self-signed:
+		- gateway.api
+
+	Connection reset:
+		- static.kantor
+
+	Mismatched:
+		- www.trader
+
+	Refused:
+		- cii
+		- akcept.kantor.de
+		- akcept.m.kantor.de
+		- test.m.kantor.de
+		- www.test.m.kantor.de
+		- akcept.static.kantor.de
+		- test.static.kantor.de
+		- test.kantor.de
+		- www.test.kantor.de
+		- facebook
+		- formularze
+		- www.fuzja
+		- identyfikacja
+		- www.kz
+		- m
+		- malware
+		- mfp
+		- test.mfp
+		- www.test.mfp
+		- najlepszy
+		- native
+		- native1
+		- online
+		- akcept.online
+		- test.online
+		- oszczednosci
+		- fuzja.aliorbank.pl
+		- pomoc-dla-haiti
+		- portale
+		- pozytywy
+		- private-banking
+		- privatebanking
+		- przywileje
+		- sowa
+		- www.sowa
+		- test.das.tmro
+
+	Timeout:
+		- production.developer
+		- emu
+		- ethereum
+		- www.ethereum
+		- fuzja
+		- guestaccess01
+		- guestaccess02
+		- ns1
+		- ns2
+		- online-fuzja
+		- partnerzy
+		- www.schumacher
+		- services
+		- f.video-oddzial
+		- vpn
+		- vpnmobile
+		- wah
+
+	Incomplete certificate chain:
+		- gateway.developer
+		- oauthdemo.developer
+		- gielda
+		- konto-internetowe
+		- link4
+		- pzu
+-->
+<ruleset name="AliorBank.pl">
+	<target host="aliorbank.pl" />
+	<target host="www.aliorbank.pl" />
+	<target host="4x4.aliorbank.pl" />
+	<target host="accelerator.aliorbank.pl" />
+	<target host="analityka.aliorbank.pl" />
+	<target host="ares.aliorbank.pl" />
+	<target host="auth.aliorbank.pl" />
+	<target host="autoryzacja.aliorbank.pl" />
+	<target host="wnioski.bm.aliorbank.pl" />
+	<target host="broker.aliorbank.pl" />
+	<target host="chatbot.aliorbank.pl" />
+	<target host="developer.aliorbank.pl" />
+	<target host="www.developer.aliorbank.pl" />
+	<target host="dokumenty.aliorbank.pl" />
+	<target host="demo.efx.aliorbank.pl" />
+	<target host="et.aliorbank.pl" />
+	<target host="feniks.aliorbank.pl" />
+	<target host="firma.aliorbank.pl" />
+	<target host="gotowka.aliorbank.pl" />
+	<target host="innowacje.aliorbank.pl" />
+	<target host="internetnowa.aliorbank.pl" />
+	<target host="inwestycje.aliorbank.pl" />
+	<target host="www.inwestycje.aliorbank.pl" />
+	<target host="kalkulator-kredytowy.aliorbank.pl" />
+	<target host="m.kantor.aliorbank.pl" />
+	<target host="kantor-online.aliorbank.pl" />
+	<target host="kantor-online2.aliorbank.pl" />
+	<target host="karta-paliwowa.aliorbank.pl" />
+	<target host="kiosk.aliorbank.pl" />
+	<target host="komunikat.aliorbank.pl" />
+	<target host="konsolidacja.aliorbank.pl" />
+	<target host="www.konsolidacja.aliorbank.pl" />
+	<target host="konto.aliorbank.pl" />
+	<target host="konto-dla-firm.aliorbank.pl" />
+	<target host="konto-firmowe.aliorbank.pl" />
+	<target host="konto-mocno-oszczednosciowe.aliorbank.pl" />
+	<target host="www.konto-mocno-oszczednosciowe.aliorbank.pl" />
+	<target host="kredyt.aliorbank.pl" />
+	<target host="kredyt-biznesowy.aliorbank.pl" />
+	<target host="kredyt-dla-firm.aliorbank.pl" />
+	<target host="kredyt-firmowy.aliorbank.pl" />
+	<target host="kredyt-kalkulator.aliorbank.pl" />
+	<target host="kredyt-konsolidacyjny.aliorbank.pl" />
+	<target host="www.kredyt-konsolidacyjny.aliorbank.pl" />
+	<target host="kredyt-na-firme.aliorbank.pl" />
+	<target host="raty.mobile.aliorbank.pl" />
+	<target host="nol.aliorbank.pl" />
+	<target host="nolweb.aliorbank.pl" />
+	<target host="nowy-sezon.aliorbank.pl" />
+	<target host="www.nowy-sezon.aliorbank.pl" />
+	<target host="ofertydlalink4.aliorbank.pl" />
+	<target host="ofertydlapzu.aliorbank.pl" />
+	<target host="partner.aliorbank.pl" />
+	<target host="phishingstop.aliorbank.pl" />
+	<target host="pozyczka.aliorbank.pl" />
+	<target host="pozyczka-bank.aliorbank.pl" />
+	<target host="pozyczka-online.aliorbank.pl" />
+	<target host="pozyczka-przez-internet.aliorbank.pl" />
+	<target host="rachunek-firmowy.aliorbank.pl" />
+	<target host="raty.aliorbank.pl" />
+	<target host="rynek.aliorbank.pl" />
+	<target host="www.rynek.aliorbank.pl" />
+	<target host="system.aliorbank.pl" />
+	<target host="systemkantor.aliorbank.pl" />
+	<target host="www.systemkantor.aliorbank.pl" />
+	<target host="static.systemkantor.aliorbank.pl" />
+	<target host="tpp.aliorbank.pl" />
+	<target host="trader.aliorbank.pl" />
+	<target host="video-oddzial.aliorbank.pl" />
+	<target host="w.video-oddzial.aliorbank.pl" />
+	<target host="witamy.aliorbank.pl" />
+	<target host="wniosekonline.aliorbank.pl" />
+	<target host="www.wniosekonline.aliorbank.pl" />
+	<target host="wnioski.aliorbank.pl" />
+	<target host="wygraj-bilet.aliorbank.pl" />
+	<target host="wygraj-bon.aliorbank.pl" />
+	<target host="wygrajbilet.aliorbank.pl" />
+	<target host="www.wygrajbilet.aliorbank.pl" />
+	<target host="www.wygrajbon.aliorbank.pl" />
+	<target host="wynagrodzenie.aliorbank.pl" />
+	<target host="zafirmowani.aliorbank.pl" />
+	<target host="www.zafirmowani.aliorbank.pl" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Alipay.com.xml b/src/chrome/content/rules/Alipay.com.xml
index 252b796e93b7..979e930055c0 100644
--- a/src/chrome/content/rules/Alipay.com.xml
+++ b/src/chrome/content/rules/Alipay.com.xml
@@ -1,102 +1,95 @@
 <!--
 	For other Alibaba coverage, see Alibaba.xml.
 
+	Non-functional hosts in *.alipay.com
+		Couldn't connect to server:
+			 - alipay.com
 
-	Nonfunctional domains:
-
-		- alipay.com subdomains:
-
-			- blog *
-			- club *
-			- help *
-			- help.lab *
-			- home *
-			- qudao *
-
-	* Refused
-
-
-	Problematic domains:
-
-		- job.alipay.com	(works; mismatched, CN: *.alibaba.com)
-
-		- pic.alipayobjects.com *
-		- static.alipayobjects.com *
-
-	* Refused
-
-
-	Fully covered domains:
-
-		- *.alipay.com:
-
-			- (www.)
-			- ab
-			- abc
-			- accounts
-			- apimg
-			- app
-			- auth
-			- b
-			- ccprod
-			- download
-			- ebppprod
-			- egg
-			- financeprod
-			- fun
-			- hi
-			- hongbao
-			- img
-			- jf
-			- jiaofei
-			- job		(→ job.alibaba.com)
-			- kuai
-			- lab
-			- mbuf
-			- memberprod
-			- mobile
-			- my
-			- omeo
-			- overseas
-			- passport
-			- securitycenter
-			- self
-			- shanghu
-			- shenghuo
-			- static
-			- tfsimg
-			- ynuf
-			- zht
-
-		- alipayobjects.com subdomains:
-
-			- a
-			- i
-			- pic		(→ i)
-			- static	(→ a)
-
+		SSL peer certificate was not OK:
+			 - help.lab.alipay.com
 -->
 <ruleset name="Alipay.com (partial)">
-
+	<!-- *alipay.com -->
 	<target host="alipay.com" />
-	<target host="*.alipay.com" />
-		<!--exclusion pattern="^http://(blog|club|help|help\.lab|home|qudao)\.alipay\.com/" /-->
-	<target host="*.alipayobjects.com" />
-
-
-	<securecookie host=".*\.alipay\.com$" name=".+" />
-
-
-	<rule from="^http://job\.alipay\.com/"
-		to="https://job.alibaba.com/" />
-
-	<rule from="^http://(?!(?:blog|club|help|home|qudao)\.)(\w+\.)?alipay\.com/"
-		to="https://$1alipay.com/" />
-
-	<rule from="^http://(?:a|static)\.alipayobjects\.com/"
-		to="https://a.alipayobjects.com/" />
-
-	<rule from="^http://(?:i|pic)\.alipayobjects\.com/"
-		to="https://i.alipayobjects.com/" />
-
+	<target host="www.alipay.com" />
+	<target host="110.alipay.com" />
+	<target host="ab.alipay.com" />
+	<target host="abc.alipay.com" />
+	<target host="accounts.alipay.com" />
+	<target host="alipass.alipay.com" />
+	<target host="apimg.alipay.com" />
+	<target host="app.alipay.com" />
+	<target host="appstore.alipay.com" />
+	<target host="auth.alipay.com" />
+	<target host="authzth.alipay.com" />
+	<target host="b.alipay.com" />
+	<target host="bao.alipay.com" />
+	<target host="blog.alipay.com" />
+	<target host="cmspromo.alipay.com" />
+	<target host="cshall.alipay.com" />
+	<target host="download.alipay.com" />
+	<target host="ebppprod.alipay.com" />
+	<target host="egg.alipay.com" />
+	<target host="financeprod.alipay.com" />
+	<target host="fun.alipay.com" />
+	<target host="fuwu.alipay.com" />
+	<target host="global.alipay.com" />
+	<target host="goldetfprod.alipay.com" />
+	<target host="hi.alipay.com" />
+	<target host="hongbao.alipay.com" />
+	<target host="huabei.alipay.com" />
+	<target host="img.alipay.com" />
+	<target host="intl.alipay.com" />
+	<target host="jf.alipay.com" />
+	<target host="jiaofei.alipay.com" />
+	<target host="job.alipay.com" />
+	<target host="kcart.alipay.com" />
+	<target host="kuai.alipay.com" />
+	<target host="lab.alipay.com" />
+	<target host="life.alipay.com" />
+	<target host="memberprod.alipay.com" />
+	<target host="mp.alipay.com" />
+	<target host="my.alipay.com" />
+	<target host="omeo.alipay.com" />
+		<test url="http://omeo.alipay.com/service/checkcode?sessionID=0" />
+	<target host="open.alipay.com" />
+	<target host="openhome.alipay.com" />
+	<target host="passport.alipay.com" />
+	<target host="payservice.alipay.com" />
+	<target host="pcreditprod.alipay.com" />
+	<target host="personalweb.alipay.com" />
+	<target host="securitycenter.alipay.com" />
+	<target host="self.alipay.com" />
+	<target host="shanghu.alipay.com" />
+	<target host="shenghuo.alipay.com" />
+	<target host="static.alipay.com" />
+	<target host="tfsimg.alipay.com" />
+		<test url="http://tfsimg.alipay.com/images/partner/T1gq0fXfJlXXbMsGbX.html" />
+	<target host="wifi.alipay.com" />
+		<test url="http://wifi.alipay.com/platform/index.htm" />
+	<target host="yebprod.alipay.com" />
+	<target host="ynuf.alipay.com" />
+	<target host="us.ynuf.alipay.com" />
+	<target host="zhaocaibao.alipay.com" />
+	<target host="zht.alipay.com" />
+
+	<!-- *alipayobjects.com -->
+	<target host="a.alipayobjects.com" />
+	<target host="as.alipayobjects.com" />
+	<target host="d.alipayobjects.com" />
+	<target host="h.alipayobjects.com" />
+	<target host="i.alipayobjects.com" />
+	<target host="os.alipayobjects.com" />
+	<target host="pic.alipayobjects.com" />
+	<target host="static.alipayobjects.com" />
+	<target host="t.alipayobjects.com" />
+		<test url="http://t.alipayobjects.com/images/rmsweb/T1VrNgXhxvXXXXXXXX.png" />
+
+	<securecookie host="^(?!fun\.)." name=".+" />
+
+	<rule from="^http://alipay\.com/"
+			to="https://www.alipay.com/" />
+
+	<rule from="^http:"
+			to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Alitrip.com.xml b/src/chrome/content/rules/Alitrip.com.xml
new file mode 100644
index 000000000000..cfd44cd13f10
--- /dev/null
+++ b/src/chrome/content/rules/Alitrip.com.xml
@@ -0,0 +1,50 @@
+<!--
+	For other Alibaba Group coverage, see Alibaba.xml.
+
+
+	^alitrip.com: Mismatched
+
+
+	Fully covered hosts in *alitrip.com:
+
+		- (www.)?	(^ → www)
+		- bangpai
+		- items
+		- jipiao
+		- pass
+		- temai
+		- zhaoshang
+
+
+	Insecure cookies are set for these domains:
+
+		- .alitrip.com
+
+-->
+<ruleset name="Alitrip.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="items.alitrip.com" />
+	<target host="jipiao.alitrip.com" />
+	<target host="pass.alitrip.com" />
+	<target host="temai.alitrip.com" />
+	<target host="www.alitrip.com" />
+	<target host="zhaoshang.alitrip.com" />
+
+	<!--	Complications:
+				-->
+	<target host="alitrip.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.alitrip\.com$" name="^(?:_tb_token_|cookie2|t)$" /-->
+
+	<securecookie host="^\.alitrip\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Aliunicorn.com.xml b/src/chrome/content/rules/Aliunicorn.com.xml
new file mode 100644
index 000000000000..c6b940d4bc05
--- /dev/null
+++ b/src/chrome/content/rules/Aliunicorn.com.xml
@@ -0,0 +1,38 @@
+<!--
+	For other Alibaba coverage, see Alibaba.xml.
+
+
+	CDN buckets:
+
+		- style.aliunicorn.com.edgesuite.net
+
+
+	Problematic hosts in *aliunicorn.com:
+
+		- style *
+
+	* Akamai / mismatched
+
+-->
+<ruleset name="Aliunicorn.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="stylessl.aliunicorn.com" />
+
+		<test url="http://stylessl.aliunicorn.com/wimg/site/group-en/en/buyer/single/android.png" />
+
+	<!--	Complications:
+				-->
+	<target host="style.aliunicorn.com" />
+
+
+	<rule from="^http://style\.aliunicorn\.com/"
+		to="https://stylessl.aliunicorn.com/" />
+
+		<test url="http://style.aliunicorn.com/wimg/site/group-en/en/buyer/single/apple.png" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Alivenotdead.com.xml b/src/chrome/content/rules/Alivenotdead.com.xml
deleted file mode 100644
index 80f52bf17202..000000000000
--- a/src/chrome/content/rules/Alivenotdead.com.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	Problematic subdomains:
-
-		^		(mismatched, CN: mysql.in.alivenotdead.com)
-		mysql.in	(expired 2008-12-06, self-signed)
-
--->
-<ruleset name="alivenotdead.com">
-
-	<target host="alivenotdead.com" />
-	<target host="*.alivenotdead.com" />
-
-
-	<securecookie host="^(?:www)?\.alivenotdead\.com$" name=".+" />
-
-
-	<rule from="^https?://(?:www\.)?alivenotdead\.com/"
-		to="https://www.alivenotdead.com/" />
-
-	<rule from="^http://s3\.alivenotdead\.com/"
-		to="https://s3.alivenotdead.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Aliyun.com.xml b/src/chrome/content/rules/Aliyun.com.xml
index 306642553b46..63b469d7ea1f 100644
--- a/src/chrome/content/rules/Aliyun.com.xml
+++ b/src/chrome/content/rules/Aliyun.com.xml
@@ -1,13 +1,155 @@
 <!--
 	For other Alibaba coverage, see Alibaba.xml.
 
+
+	Nonfunctional hosts in *aliyun.com:
+
+		- blog ²
+		- domain ²
+		- hitest ²
+		- mailhelp ²
+		- zijian ²
+
+	² Dropped
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .aliyun.com
+		- account.aliyun.com
+		- ak-console.aliyun.com
+		- bbs.aliyun.com
+		- beian.aliyun.com
+		- buy.aliyun.com
+
+		- .console.aliyun.com
+		- account.console.aliyun.com
+		- .billing.console.aliyun.com
+		- bsn.console.aliyun.com
+		- .expense.console.aliyun.com
+		- finance.console.aliyun.com
+		- .netcn.console.aliyun.com
+		- .notifications.console.aliyun.com
+		- workorder.console.aliyun.com
+
+		- .data.aliyun.com
+		- .dataplus.aliyun.com
+		- develop.aliyun.com
+		- finance.aliyun.com
+		- help.aliyun.com
+		- intl.aliyun.com
+		- m.aliyun.com
+		- mail.aliyun.com
+		- market.aliyun.com
+		- partner.aliyun.com
+		- sale.aliyun.com
+		- .shujia.aliyun.com
+		- .shuju.aliyun.com
+		- workorder.aliyun.com
+		- www.aliyun.com
+		- yq.aliyun.com
+		- yunqi.aliyun.com
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- bbs from $self ˢ
+			- beian, help from gtms0\d.alicdn.com ˢ
+			- data from dataplus-logo.cn-shanghai.oss.aliyun-inc.com
+
+	ˢ Secured by us
+
 -->
 <ruleset name="Aliyun.com (partial)">
 
+	<target host="aliyun.com" />
+	<target host="account.aliyun.com" />
+	<target host="acjs.aliyun.com" />
+	<target host="ak-console.aliyun.com" />
+	<target host="awdc.aliyun.com" />
+	<target host="bbs.aliyun.com" />
+	<target host="beian.aliyun.com" />
+	<target host="buy.aliyun.com" />
+	<target host="click.aliyun.com" />
+	<target host="console.aliyun.com" />
+
+	<target host="account.console.aliyun.com" />
+	<target host="billing.console.aliyun.com" />
+	<target host="bsn.console.aliyun.com" />
+	<target host="expense.console.aliyun.com" />
+	<target host="home.console.aliyun.com" />
+	<target host="notifications.console.aliyun.com" />
+	<target host="netcn.console.aliyun.com" />
+	<target host="workorder.console.aliyun.com" />
+
+	<target host="data.aliyun.com" />
+	<target host="dataplus.aliyun.com" />
+	<target host="develop.aliyun.com" />
+	<target host="docs.aliyun.com" />
+	<target host="finance.aliyun.com" />
+	<target host="help.aliyun.com" />
+	<target host="intl.aliyun.com" />
+	<target host="lingyun.aliyun.com" />
+	<target host="m.aliyun.com" />
+	<target host="mail.aliyun.com" />
+	<target host="market.aliyun.com" />
+	<target host="order.aliyun.com" />
+	<target host="partner.aliyun.com" />
 	<target host="pin.aliyun.com" />
+	<target host="promotion.aliyun.com" />
+	<target host="sale.aliyun.com" />
+	<target host="static.aliyun.com" />
+	<target host="wanwang.aliyun.com" />
+	<target host="workorder.aliyun.com" />
+	<target host="www.aliyun.com" />
+	<target host="yq.aliyun.com" />
+	<target host="yunqi.aliyun.com" />
+
+		<!--	Set cookie without Secure:
+							-->
+		<!--test url="http://intl.aliyun.com/forum/" /-->
+		<!--test url="http://click.aliyun.com/m/3873/" /-->
+		<!--test url="http://yq.aliyun.com/webinar/play/4" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.aliyun\.com$" name="^(?:announcementJsonpCallToken|channel|console_user_localization|jsonpCallToken|login_aliyunid_csrf|noticeStatusJsonpCallToken|topbarJsonpCallToken)$" /-->
+	<!--securecookie host="^account\.aliyun\.com$" name="^JSESSIONID$" /-->
+	<!--securecookie host="^ak-console\.aliyun\.com$" name="^(?:JSESSIONID|aliyun_ak_console0)$" /-->
+	<!--securecookie host="^beian\.aliyun\.com$" name="^SERVERID$" /-->
+	<!--securecookie host="^bbs\.aliyun\.com$" name="^(?:[\da-f]+_(?:lastpos|lastvisit|readlog|winduser)|PHPSESSID)$" /-->
+	<!--securecookie host="^buy\.aliyun\.com$" name="^(?:buy_session_id|buy0)$" /-->
+	<!--securecookie host="^\.console\.aliyun\.com$" name="^(?:HOME_JSESSIONID|console_token|home_console0)$" /-->
+	<!--securecookie host="^account\.console\.aliyun\.com$" name="^(?:_account_console_session0|ACCOUNT_CONSOLE_JSESSIONID)$" /-->
+	<!--securecookie host="^\.billing\.console\.aliyun\.com$" name="^(?:_expense_session0|EXPENSE_JSESSIONID)$" /-->
+	<!--securecookie host="^bsn\.console\.aliyun\.com$" name="^(?:JSESSIONID|bsn0)$" /-->
+	<!--securecookie host="^\.netcn\.console\.aliyun\.com$" name="^netcn_login$" /-->
+	<!--securecookie host="^\.notifications\.console\.aliyun\.com$" name="^(?:_msc_session0|MSC_JSESSIONID)$" /-->
+	<!--securecookie host="^workorder\.console\.aliyun\.com$" name="^(?:gongdan0|workorder_session_id)$" /-->
+	<!--securecookie host="^\.data\.aliyun\.com$" name="^dataplussid(?:_brief)?$" /-->
+	<!--securecookie host="^\.(?:data|dataplus|shujia|shuju)\.aliyun\.com$" name="^dataplussid(?:_brief)?$" /-->
+	<!--securecookie host="^develop\.aliyun\.com$" name="^SERVERID$" /-->
+	<!--securecookie host="^\.expense\.aliyun\.com$" name="^(?:_expense_session0|EXPENSE_JSESSIONID)$" /-->
+	<!--securecookie host="^finance\.aliyun\.com$" name="^(?:SERVERID|sails\.sid)$" /-->
+	<!--securecookie host="^help\.aliyun\.com$" name="^(?:JSESSIONID|help_tmp0)$" /-->
+	<!--securecookie host="^intl\.aliyun\.com$" name="^(?:csrf_token|dZb_lastvisit|dZb_visitor)$" /-->
+	<!--securecookie host="^m\.aliyun\.com$" name="^(?:JSESSIONID|maliyun_temporary_console0)$" /-->
+	<!--securecookie host="^mail\.aliyun\.com$" name="^(?:_csrf_token_|alimail_\w+|at|havana_heart_beat|havana_session_id)$" /-->
+	<!--securecookie host="^market\.aliyun\.com$" name="^mplace(?:_session_id|0)$" /-->
+	<!--securecookie host="^partner\.aliyun\.com$" name="^SERVERID$" /-->
+	<!--securecookie host="^sale\.aliyun\.com$" name="^(?:buy0|sale_session_id)$" /-->
+	<!--securecookie host="^workorder\.aliyun\.com$" name="^(?:gongdan0|workorder_session_id)$" /-->
+	<!--securecookie host="^www\.aliyun\.com$" name="^SERVERID$" /-->
+	<!--securecookie host="^yq\.aliyun\.com$" name="^(?:SERVERID|aliyung_tc)$" /-->
+	<!--securecookie host="^yunqi\.aliyun\.com$" name="^SERVERID$" /-->
+
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^http://pin\.aliyun\.com/"
-		to="https://pin.aliyun.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Alkalm.net.xml b/src/chrome/content/rules/Alkalm.net.xml
new file mode 100644
index 000000000000..72a0bb92d79f
--- /dev/null
+++ b/src/chrome/content/rules/Alkalm.net.xml
@@ -0,0 +1,8 @@
+<ruleset name="Alkalm.net">
+	<target host="alkalm.net" />
+	<target host="www.alkalm.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Alkohol.cz.xml b/src/chrome/content/rules/Alkohol.cz.xml
new file mode 100644
index 000000000000..0688dbfaf1ab
--- /dev/null
+++ b/src/chrome/content/rules/Alkohol.cz.xml
@@ -0,0 +1,7 @@
+<ruleset name="Alkohol.cz">
+    <target host="alkohol.cz" />
+    <target host="www.alkohol.cz" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/All-About-Security.de.xml b/src/chrome/content/rules/All-About-Security.de.xml
new file mode 100644
index 000000000000..9655645a9c84
--- /dev/null
+++ b/src/chrome/content/rules/All-About-Security.de.xml
@@ -0,0 +1,8 @@
+<ruleset name="All-About-Security.de">
+	<target host="all-about-security.de" />
+	<target host="www.all-about-security.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/All-Above-Offers.xml b/src/chrome/content/rules/All-Above-Offers.xml
deleted file mode 100644
index a487544a0610..000000000000
--- a/src/chrome/content/rules/All-Above-Offers.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<ruleset name="All Above Offers" platform="mixedcontent">
-
-	<target host="abovealloffers.com" />
-	<target host="www.abovealloffers.com" />
-
-
-	<!--	Cert only matches www.	-->
-	<rule from="^http://(?:www\.)?abovealloffers\.com/"
-		to="https://www.abovealloffers.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/All-Inkl.xml b/src/chrome/content/rules/All-Inkl.xml
index 7161b104810b..eab93a2e89db 100644
--- a/src/chrome/content/rules/All-Inkl.xml
+++ b/src/chrome/content/rules/All-Inkl.xml
@@ -1,9 +1,95 @@
+<!--
+	No working URL known:
+		all-inkl.es
+		www.all-inkl.es
+
+	For sale:
+		all-inkl.cn
+		all-inkl.fm
+		all-inkl.ph
+		all-inkl.vg
+		all-inkl.ws
+
+	No content:
+		all-inkl.pw
+		all-inkl.sy
+
+	Different owner:
+		all-inkl.tk
+
+	Invalid certificate:
+		(www.)?all-inkl.ag
+		(www.)?all-inkl.ch
+		(www.)?all-inkl.co
+		(www.)?all-inkl.de
+		(www.)?all-inkl.eu
+		(www.)?all-inkl.it
+		(www.)?all-inkl.li
+		(www.)?all-inkl.me
+		(www.)?all-inkl.nl
+		(www.)?all-inkl.ru
+		(www.)?all-inkl.uk
+		(www.)?all-inkl.pl (doesn't redirect to all-inkl.com)
+
+	all-inkl.com has wildcard DNS and certificate
+
+-->
 <ruleset name="All-inkl.com">
-  <target host="*.all-inkl.com" />
-  <target host="all-inkl.*" />
-  <target host="www.all-inkl.*" />
 
-  <rule from="^http://all-inkl\.com/" to="https://all-inkl.com/" />
-  <rule from="^http://([^/:@\.]+)\.all-inkl\.com/" to="https://$1.all-inkl.com/" />
-  <rule from="^http://(?:www\.)?all-inkl\.[^/:@][^/:@]/" to="https://all-inkl.com/" />
+	<target host="all-inkl.com" />
+	<target host="*.all-inkl.com" />
+
+		<test url="http://testurl1.all-inkl.com/" />
+		<test url="http://testurl2.all-inkl.com/" />
+		<test url="http://testurl3.all-inkl.com/" />
+		<test url="http://testurl4.all-inkl.com/" />
+
+		<test url="http://kas.all-inkl.com/" />
+		<test url="http://webftp.all-inkl.com/" />
+		<test url="http://mmail.all-inkl.com/" />
+		<test url="http://webmail.all-inkl.com/" />
+		<test url="http://www.all-inkl.com/" />
+
+	<target host="all-inkl.ag" />
+	<target host="www.all-inkl.ag" />
+
+	<target host="all-inkl.ch" />
+	<target host="www.all-inkl.ch" />
+
+	<target host="all-inkl.co" />
+	<target host="www.all-inkl.co" />
+
+	<target host="all-inkl.de" />
+	<target host="www.all-inkl.de" />
+
+	<target host="all-inkl.eu" />
+	<target host="www.all-inkl.eu" />
+
+	<target host="all-inkl.it" />
+	<target host="www.all-inkl.it" />
+
+	<target host="all-inkl.li" />
+	<target host="www.all-inkl.li" />
+
+	<target host="all-inkl.me" />
+	<target host="www.all-inkl.me"/>
+
+	<target host="all-inkl.nl" />
+	<target host="www.all-inkl.nl" />
+
+	<target host="all-inkl.ru" />
+	<target host="www.all-inkl.ru" />
+
+	<target host="all-inkl.uk" />
+	<target host="www.all-inkl.uk" />
+
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://(www\.)?all-inkl\.(ag|ch|co|de|eu|it|li|me|nl|ru|uk)/"
+		to="https://all-inkl.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/All4xs.net.xml b/src/chrome/content/rules/All4xs.net.xml
index 3b6e34745e1d..f155d0abc5b1 100644
--- a/src/chrome/content/rules/All4xs.net.xml
+++ b/src/chrome/content/rules/All4xs.net.xml
@@ -4,10 +4,9 @@
 	<target host="www.all4xs.net" />
 
 
-	<securecookie host="^(www\.)?all4xs\.net$" name=".*" />
+	<securecookie host="^(?:www\.)?all4xs\.net$" name=".+" />
 
 
-	<rule from="^http://(www\.)?all4xs\.net/"
-		to="https://$1all4xs.net/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/AllClearid.com.xml b/src/chrome/content/rules/AllClearid.com.xml
new file mode 100644
index 000000000000..2a1614c3e5c1
--- /dev/null
+++ b/src/chrome/content/rules/AllClearid.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="AllClear ID.com">
+
+	<target host="allclearid.com" />
+	<target host="enroll.allclearid.com" />
+	<target host="www.allclearid.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AllCrypt.com.xml b/src/chrome/content/rules/AllCrypt.com.xml
new file mode 100644
index 000000000000..c169518110ce
--- /dev/null
+++ b/src/chrome/content/rules/AllCrypt.com.xml
@@ -0,0 +1,50 @@
+<!--
+	Note: This site blocks Tor users
+
+
+	Problematic hosts in *allcrypt.com:
+
+		- support *
+
+	* Zendesk
+
+
+	Fully covered hosts in *allcrypt.com:
+
+		- (www.)?
+		- support	(→ allcrypt.zendesk.com)
+
+
+	Insecure cookies are set for these domains:
+
+		- .allcrypt.com
+
+-->
+<ruleset name="AllCrypt.com" default_off="needs clearnet testing">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="allcrypt.com" />
+	<target host="www.allcrypt.com" />
+
+	<!--	Complications:
+				-->
+	<target host="support.allcrypt.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.allcrypt\.com$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.allcrypt\.com$" name=".+" />
+
+
+	<rule from="^http://support\.allcrypt\.com/.*"
+		to="https://allcrypt.zendesk.com/hc" />
+
+		<test url="http://support.allcrypt.com//" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AllDebrid.com.xml b/src/chrome/content/rules/AllDebrid.com.xml
index f7179c7ab434..09da24ce1c08 100644
--- a/src/chrome/content/rules/AllDebrid.com.xml
+++ b/src/chrome/content/rules/AllDebrid.com.xml
@@ -1,24 +1,44 @@
 <!--
-	Nonfunctional domains:
+	Other AllDebrid rulesets:
 
-		- blog.alldebrid.com	(refused)
+		- AllDebrid.fr.xml
 
 
-	Mixed images on www.alldebrid.fr from blog.alldebrid.com
+	Nonfunctional hosts in alldebrid.com:
+
+		- forum *
+		- stats ⁴
+
+	⁴ 403
+	* Refused
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- alldebrid.com
+		- .alldebrid.com
+		- www.alldebrid.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
 <ruleset name="AllDebrid.com (partial)">
 
 	<target host="alldebrid.com" />
-	<target host="*.alldebrid.com" />
-	<target host="alldebrid.fr" />
-	<target host="www.alldebrid.fr" />
+	<target host="cdn.alldebrid.com" />
+	<target host="www.alldebrid.com" />
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?alldebrid\.com$" name="^lang" /-->
+	<!--securecookie host="^\.alldebrid\.com$" name="^(__cfduid|cf_clearance)" /-->
+	<!--securecookie host="^www\.alldebrid\.com$" name="^domain$" /-->
 
-	<securecookie host="^(?:w*\.)?alldebrid\.(?:com|fr)$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(cdn\.|www\.)?alldebrid\.(com|fr)/"
-		to="https://$1alldebrid.$2/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/AllDebrid.fr.xml b/src/chrome/content/rules/AllDebrid.fr.xml
new file mode 100644
index 000000000000..9deaa12779c6
--- /dev/null
+++ b/src/chrome/content/rules/AllDebrid.fr.xml
@@ -0,0 +1,15 @@
+<!--
+	For other AllDebrid coverage, see AllDebrid.com.xml.
+
+-->
+<ruleset name="AllDebrid.fr">
+
+	<target host="alldebrid.fr" />
+	<target host="www.alldebrid.fr" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AllJoyn.org.xml b/src/chrome/content/rules/AllJoyn.org.xml
deleted file mode 100644
index 510769a89fbd..000000000000
--- a/src/chrome/content/rules/AllJoyn.org.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	For other Qualcomm coverage, see Qualcomm.xml.
-
--->
-<ruleset name="AllJoyn.org">
-
-	<target host="alljoyn.org" />
-	<target host="*.alljoyn.org" />
-
-
-	<rule from="^http://(www\.|wwwtst\.)?alljoyn\.org/"
-		to="https://$1alljoyn.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/AllMyChanges.com.xml b/src/chrome/content/rules/AllMyChanges.com.xml
new file mode 100644
index 000000000000..21100ffd993f
--- /dev/null
+++ b/src/chrome/content/rules/AllMyChanges.com.xml
@@ -0,0 +1,27 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.allmychanges.com/ => https://www.allmychanges.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.allmychanges.com'")
+
+	Insecure cookies are set for these hosts:
+
+		- allmychanges.com
+
+-->
+<ruleset name="AllMyChanges.com" default_off="failed ruleset test">
+
+	<target host="allmychanges.com" />
+	<target host="www.allmychanges.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^allmychanges\.com$" name="^light_user_id$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AllPlayers.com.xml b/src/chrome/content/rules/AllPlayers.com.xml
deleted file mode 100644
index 5c9d039552b5..000000000000
--- a/src/chrome/content/rules/AllPlayers.com.xml
+++ /dev/null
@@ -1,40 +0,0 @@
-<!--
-	CDN buckets:
-
-		- d2xe74i6zxd0fz.cloudfront.net
-
-
-	Fully covered subdomains:
-
-		- (www.)
-		- f
-		- m
-		- platform
-		- store
-		- usarugbystats
-
-
-	Observed cookie domains:
-
-		- .
-		- .f
-		- .m
-		- .platform
-		- store
-		- usarugbystats
-		- www
-
--->
-<ruleset name="AllPlayers.com">
-
-	<target host="allplayers.com" />
-	<target host="*.allplayers.com" />
-
-
-	<securecookie host=".*\.allplayers\.com$" name=".+" />
-
-
-	<rule from="^http://((?:f|m|platform|store|usarugbystats|www)\.)?allplayers\.com/"
-		to="https://$1allplayers.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/AllPosters.com.xml b/src/chrome/content/rules/AllPosters.com.xml
new file mode 100644
index 000000000000..e87f8593692d
--- /dev/null
+++ b/src/chrome/content/rules/AllPosters.com.xml
@@ -0,0 +1,81 @@
+<!--
+	Other AllPosters rulesets:
+
+		- AllPosters_images.com.xml
+
+
+	Nonfunctional hosts in *allposters.com:
+
+		- blog ¹
+		- corporate ²
+
+	¹ Shows blog.art.com
+	² Refused
+
+
+	Problematic hosts in *allposters.com:
+
+		- ^ ¹
+		- imagecache ²
+		- imagecache2 ²
+
+	¹ Dropped
+	² Akamai
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .allposters.com
+		- affiliates.allposters.com
+		- .atrack.allposters.com
+
+
+	Mixed content:
+
+		- Images, from:
+
+			- cache1.allpostersimages.com *
+			- cache1.artprintimages.com
+
+		- Ads from cache1.allpostersimages.com *
+
+	* Secured by us
+
+-->
+<ruleset name="AllPosters.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="affiliates.allposters.com" />
+	<target host="atrack.allposters.com" />
+	<target host="imagesource.allposters.com" />
+	<target host="secureimg.allposters.com" />
+	<target host="secureimg2.allposters.com" />
+	<target host="www.allposters.com" />
+
+	<!--	Complications:
+				-->
+	<target host="allposters.com" />
+	<target host="imagecache.allposters.com" />
+	<target host="imagecache2.allposters.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.allposters\.com$" name="^(?:AKAI|ap)$" /-->
+	<!--securecookie host="^affiliates\.allposters\.com$" name="^(?:ASP\.NET_SessionId|NSC_[\w.]+)$" /-->
+	<!--securecookie host="^\.atrack\.allposters\.com$" name="^E8L9$" /-->
+
+	<securecookie host="^(?:\.|affiliates\.|\.atrack\.)?allposters\.com$" name=".+" />
+
+
+	<rule from="^http://allposters\.com/"
+		to="https://www.allposters.com/" />
+
+	<rule from="^http://imagecache(2)?\.allposters\.com/"
+		to="https://secureimg$1.allposters.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AllPosters_images.com.xml b/src/chrome/content/rules/AllPosters_images.com.xml
new file mode 100644
index 000000000000..edfa74c74bc4
--- /dev/null
+++ b/src/chrome/content/rules/AllPosters_images.com.xml
@@ -0,0 +1,22 @@
+<!--
+	For other AllPosters coverage, see AllPosters.com.xml.
+
+
+	Problematic hosts in *allpostersimages.com:
+
+		- cache1 *
+
+	* Akamai
+
+-->
+<ruleset name="AllPosters images.com">
+
+	<!--	Complications:
+				-->
+	<target host="cache1.allpostersimages.com" />
+
+
+	<rule from="^http://cache1\.allpostersimages\.com/"
+		to="https://secureimg.allposters.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AllShare_Play.xml b/src/chrome/content/rules/AllShare_Play.xml
index 2c4685a6ef4a..193c1acc5ffc 100644
--- a/src/chrome/content/rules/AllShare_Play.xml
+++ b/src/chrome/content/rules/AllShare_Play.xml
@@ -1,31 +1,38 @@
-<!--
-	For other Samsung coverage, see Samsung.xml.
-
-
-	Problematic subdomains:
-
-		- ^	(cert only matches *.allshareplay.com)
-
-
-	Fully covered subdomains:
-
-		- (www.)	(^ → www)
-		- m
 
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://m.allshareplay.com/pc/main/photoAlbumCreate.html => https://m.allshareplay.com/pc/main/photoAlbumCreate.html: (6, 'Could not resolve host: m.allshareplay.com')
+Fetch error: http://allshareplay.com/ => https://link.samsung.com/: (6, 'Could not resolve host: link.samsung.com')
+Fetch error: http://www.allshareplay.com/pc/common/css/camera.css => https://www.allshareplay.com/pc/common/css/camera.css: (6, 'Could not resolve host: www.allshareplay.com')
+Fetch error: http://m.allshareplay.com/pc/error/underconstruction.html => https://m.allshareplay.com/pc/error/underconstruction.html: (6, 'Could not resolve host: m.allshareplay.com')
+Fetch error: http://allshareplay.com/ => https://link.samsung.com/: (6, 'Could not resolve host: link.samsung.com')
+Fetch error: http://www.allshareplay.com/ => https://www.allshareplay.com/: (6, 'Could not resolve host: www.allshareplay.com')
+Fetch error: http://fwk.allshareplay.com/ => https://fwk.allshareplay.com/: (6, 'Could not resolve host: fwk.allshareplay.com')
+
+	For other Samsung coverage, see Samsung.com.xml.
+
+	Mismatch:
+		sw.*
 -->
-<ruleset name="AllShare Play">
-
-	<target host="allshareplay.com" />
-	<target host="*.allshareplay.com" />
-
-
-	<securecookie host="^.*\.allshareplay\.com$" name=".+" />
 
+<ruleset name="AllShare_Play" default_off="failed ruleset test">
 
-	<rule from="^https?://(?:www\.)?allshareplay\.com/"
-		to="https://www.allshareplay.com/" />
-
-	<rule from="^http://(fwk|m)\.allshareplay\.com/"
-		to="https://$1.allshareplay.com/" />
-
-</ruleset>
\ No newline at end of file
+	<target host="allshareplay.com" />
+	<target host="www.allshareplay.com" />
+	<target host="fwk.allshareplay.com" />
+	<target host="m.allshareplay.com" />
+		<test url="http://m.allshareplay.com/pc/main/photoAlbumCreate.html" />
+	<!--	403 in https://m.allshareplay.com/$	-->
+	<exclusion pattern="^http://m\.allshareplay\.com/$" />
+		<test url="http://m.allshareplay.com/" />
+
+	<!--	403 in https://allshareplay.com/$	-->
+	<rule from="^http://allshareplay\.com/$"
+		to="https://link.samsung.com/" />
+		<test url="http://allshareplay.com/" />
+
+	<rule from="^http:" to="https:" />
+		<test url="http://www.allshareplay.com/pc/common/css/camera.css" />
+		<test url="http://m.allshareplay.com/pc/error/underconstruction.html" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AllThingsD.com-problematic.xml b/src/chrome/content/rules/AllThingsD.com-problematic.xml
new file mode 100644
index 000000000000..ca9ef6605fc7
--- /dev/null
+++ b/src/chrome/content/rules/AllThingsD.com-problematic.xml
@@ -0,0 +1,14 @@
+<!--
+	For rules that are on by default, see AllThingsD.xml.
+
+-->
+<ruleset name="AllThingsD.com (mismatched)" default_off="mismatched">
+
+	<target host="mediamemo.allthingsd.com" />
+	<target host="voices.allthingsd.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AllThingsD.xml b/src/chrome/content/rules/AllThingsD.xml
index 72712fe0c319..4ba9f83b1fb1 100644
--- a/src/chrome/content/rules/AllThingsD.xml
+++ b/src/chrome/content/rules/AllThingsD.xml
@@ -1,30 +1,53 @@
 <!--
-	CDN buckets:
+	For problematic rules, see AllThingsD.com-problematic.xml.
 
-		- i[01].wp.com/allthingsd.com/
 
+	CDN buckets:
 
-	Partially covered subdomains:
+		- i[01].wp.com/allthingsd.com/
 
-		- (www.)	(some pages redirect to http)
 
+	Problematic hosts in *allthingsd.com:
 
-	Fully covered subdomains:
+		- mediamemo *
+		- voices *
 
-		- profiles
+	* Mismatched
 
 -->
-<ruleset name="AllThingsD (partial)">
+<ruleset name="AllThingsD.com (partial)">
 
 	<target host="allthingsd.com" />
-	<target host="*.allthingsd.com" />
-		<exclusion pattern="^http://(?:www\.)?allthingsd\.com/(?!favicon\.ico|files/|theme/|wp-content/|wp-includes/)" />
-
-
-	<!--securecookie host="^(.*\.)?allthingsd\.com$" name=".+" /-->
-
-
-	<rule from="^http://((?:mediamemo|profiles|voices|www)\.)?allthingsd\.com/"
-		to="https://$1allthingsd.com/" />
+	<target host="www.allthingsd.com" />
+
+		<!--	Redirects to http:
+					-->
+		<!--exclusion pattern="^http://allthingsd\.com/\d+/[\w-]/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://allthingsd\.com/(?!/*(?:favicon\.ico|files/|theme/|wp-content/|wp-includes/))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://allthingsd.com/20110103/27544/" />
+			<test url="http://allthingsd.com/20131023/whymavericksisfree/" />
+			<test url="http://allthingsd.com/comments/" />
+			<test url="http://allthingsd.com/conferences/" />
+			<test url="http://allthingsd.com/faq/" />
+			<test url="http://allthingsd.com/mobile/" />
+			<test url="http://allthingsd.com/tips/" />
+
+			<!--	-ve:
+					-->
+
+			<test url="http://allthingsd.com/favicon.ico" />
+			<test url="http://allthingsd.com/files/2013/12/space-monkey-150x150.jpg" />
+			<test url="http://allthingsd.com/wp-content/plugins/wp-pagenavi/pagenavi-css.css?ver=2.70" />
+			<test url="http://allthingsd.com/wp-content/themes/atd-2.0/img/bg-nav.png" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/AllYou.net.xml b/src/chrome/content/rules/AllYou.net.xml
new file mode 100644
index 000000000000..65355fa76da7
--- /dev/null
+++ b/src/chrome/content/rules/AllYou.net.xml
@@ -0,0 +1,19 @@
+<!--
+	CDN buckets:
+
+		- allyou-live-static.s3-eu-west-1.amazonaws.com
+
+-->
+<ruleset name="AllYou.net">
+
+	<target host="allyou.net" />
+	<target host="media.allyou.net" />
+	<target host="www.allyou.net" />
+
+
+	<securecookie host="^(?:www)?\.allyou\.net$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AllYouCanArcade.com.xml b/src/chrome/content/rules/AllYouCanArcade.com.xml
new file mode 100644
index 000000000000..4b4c24163c68
--- /dev/null
+++ b/src/chrome/content/rules/AllYouCanArcade.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="AllYouCanArcade.com">
+
+	<target host="allyoucanarcade.com" />
+	<target host="www.allyoucanarcade.com" />
+	<target host="blog.allyoucanarcade.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/All_About_Security.xml b/src/chrome/content/rules/All_About_Security.xml
deleted file mode 100644
index fa0d9345f5fb..000000000000
--- a/src/chrome/content/rules/All_About_Security.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	CN: webserver.ispgateway.de
-
--->
-<ruleset name="All About Security" default_off="mismatched, self-signed">
-
-	<target host="all-about-security.de" />
-	<target host="www.all-about-security.de" />
-
-
-	<securecookie host="^www\.all-about-security\.de$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?all-about-security\.de/"
-		to="https://www.all-about-security.de/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/All_American_Trains.xml b/src/chrome/content/rules/All_American_Trains.xml
index d0699200fa36..2179f7a92418 100644
--- a/src/chrome/content/rules/All_American_Trains.xml
+++ b/src/chrome/content/rules/All_American_Trains.xml
@@ -1,13 +1,12 @@
 <ruleset name="All American Trains">
 
 	<target host="aat-net.de" />
-	<target host="*.aat-net.de" />
+	<target host="www.aat-net.de" />
 
 
 	<securecookie host="^\.(?:www\.)?aat-net\.de$" name=".+" />
 
 
-	<rule from="^http://(www\.)?aat-net\.de/"
-		to="https://$1aat-net.de/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/All_Day_Calm.xml b/src/chrome/content/rules/All_Day_Calm.xml
index 9cfa42faebc1..17d0694564c7 100644
--- a/src/chrome/content/rules/All_Day_Calm.xml
+++ b/src/chrome/content/rules/All_Day_Calm.xml
@@ -4,7 +4,6 @@
 	<target host="www.alldaycalm.com" />
 
 
-	<rule from="^http://(www\.)?alldaycalm\.com/"
-		to="https://$1alldaycalm.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/All_My_Base.com.xml b/src/chrome/content/rules/All_My_Base.com.xml
new file mode 100644
index 000000000000..ecba61ba07bf
--- /dev/null
+++ b/src/chrome/content/rules/All_My_Base.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="All My Base.com">
+
+	<target host="allmybase.com" />
+	<target host="www.allmybase.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/All_Star_Tire.xml b/src/chrome/content/rules/All_Star_Tire.xml
index 43ba14ebbe00..33d5f1aa6efd 100644
--- a/src/chrome/content/rules/All_Star_Tire.xml
+++ b/src/chrome/content/rules/All_Star_Tire.xml
@@ -1,13 +1,12 @@
 <ruleset name="All Star Tire">
 
 	<target host="allstartire.com" />
-	<target host="*.allstartire.com" />
+	<target host="www.allstartire.com" />
 
 
-	<securecookie host="^(?:.*\.)?allstartire\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(www\.)?allstartire\.com/"
-		to="https://$1allstartire.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/All_You_Can_Arcade.com.xml b/src/chrome/content/rules/All_You_Can_Arcade.com.xml
deleted file mode 100644
index 3641ace75f28..000000000000
--- a/src/chrome/content/rules/All_You_Can_Arcade.com.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	Problematic subdomains:
-
-		- blog	(mismatched, CN: *.bluehost.com)
-
--->
-<ruleset name="All You Can Arcade.com (partial)">
-
-	<target host="allyoucanarcade.com" />
-	<target host="*.allyoucanarcade.com" />
-
-
-	<securecookie host="^www\.allyoucanarcade\.com$$" name=".+" />
-
-
-	<!--	^ redirects to www over http,
-		so copy that behavior:
-					-->
-	<rule from="^http://(?:www\.)?allyoucanarcade\.com/"
-		to="https://www.allyoucanarcade.com/" />
-
-	<rule from="^http://blog\.allyoucanarcade\.com/wp-content/"
-		to="https://secure.bluehost.com/~findmymi/allyoucanarcadeblog/wp-content/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/AllahsQuran.com.xml b/src/chrome/content/rules/AllahsQuran.com.xml
new file mode 100644
index 000000000000..aad69665860e
--- /dev/null
+++ b/src/chrome/content/rules/AllahsQuran.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="AllahsQuran.com">
+	<target host="allahsquran.com" />
+	<target host="www.allahsquran.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Allegro.pl.xml b/src/chrome/content/rules/Allegro.pl.xml
new file mode 100644
index 000000000000..e81b36ab94f3
--- /dev/null
+++ b/src/chrome/content/rules/Allegro.pl.xml
@@ -0,0 +1,19 @@
+<ruleset name="Allegro.pl">
+	<target host="allegro.pl" />
+	<target host="www.allegro.pl" />
+	<target host="ads.allegro.pl" />
+	<target host="archiwum.allegro.pl" />
+	<target host="charytatywni.allegro.pl" />
+	<target host="dlakupujacych.allegro.pl" />
+	<target host="kupony.allegro.pl" />
+	<target host="magazyn.allegro.pl" />
+	<target host="ms.allegro.pl" />
+	<target host="na.allegro.pl" />
+	<target host="podarujmisia.allegro.pl" />
+	<target host="polandrock.allegro.pl" />
+	<target host="reklama.allegro.pl" />
+	<target host="ssl.allegro.pl" />
+	<target host="wystawna.allegro.pl" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Allegro.xml b/src/chrome/content/rules/Allegro.xml
deleted file mode 100644
index fc4bec30e895..000000000000
--- a/src/chrome/content/rules/Allegro.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<!-- NOTE: A user reports that this rule doesn't work and breaks the
-     site. -->
-
-<ruleset name="Allegro" default_off="reported broken">
-  <target host="www.allegro.pl" />
-  <target host="allegro.pl" />
-
-  <rule from="^http://(?:www\.)?allegro\.pl/" to="https://ssl.allegro.pl/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/Allegrolokalnie.pl.xml b/src/chrome/content/rules/Allegrolokalnie.pl.xml
new file mode 100644
index 000000000000..3d11e088ead2
--- /dev/null
+++ b/src/chrome/content/rules/Allegrolokalnie.pl.xml
@@ -0,0 +1,6 @@
+<ruleset name="AllegroLokalnie.pl">
+	<target host="allegrolokalnie.pl" />
+	<target host="www.allegrolokalnie.pl" />
+	<target host="zobacz.allegrolokalnie.pl" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AllemandFacile.com.xml b/src/chrome/content/rules/AllemandFacile.com.xml
new file mode 100644
index 000000000000..3ddc1d4ba0f4
--- /dev/null
+++ b/src/chrome/content/rules/AllemandFacile.com.xml
@@ -0,0 +1,11 @@
+<!--
+	See for related rulesets: FrancaisFacile.com.xml
+-->
+<ruleset name="AllemandFacile.com">
+	<target host="allemandfacile.com" />
+	<target host="www.allemandfacile.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Alliance-90-The-Greens.xml b/src/chrome/content/rules/Alliance-90-The-Greens.xml
index 56186eb19f8d..4be9397af5dd 100644
--- a/src/chrome/content/rules/Alliance-90-The-Greens.xml
+++ b/src/chrome/content/rules/Alliance-90-The-Greens.xml
@@ -10,10 +10,9 @@
 	<target host="www.gruene.de" />
 
 
-	<securecookie host="^www\.gruene\.de$" name=".*" />
+	<securecookie host="^www\.gruene\.de$" name=".+" />
 
 
-	<rule from="^http://(www\.)?gruene\.de/"
-		to="https://$1gruene.de/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/AllianceBernstein.xml b/src/chrome/content/rules/AllianceBernstein.xml
index 766b02454801..fd833ee4a394 100644
--- a/src/chrome/content/rules/AllianceBernstein.xml
+++ b/src/chrome/content/rules/AllianceBernstein.xml
@@ -1,7 +1,6 @@
 <!--
 	Other AllianceBernstein rulesets:
 
-		- CollegeBoundfund.xml
 
 
 	Nonfunctional domains:
@@ -20,7 +19,6 @@
 	<securecookie host="^(?:www\.)?alliancebernstein\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?(alliance)?bernstein\.com/"
-		to="https://$1$2bernstein.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Allianz_fur_Cyber-Sicherheit.xml b/src/chrome/content/rules/Allianz_fur_Cyber-Sicherheit.xml
index 802311a5d4a3..8c4ad6bf66f0 100644
--- a/src/chrome/content/rules/Allianz_fur_Cyber-Sicherheit.xml
+++ b/src/chrome/content/rules/Allianz_fur_Cyber-Sicherheit.xml
@@ -27,4 +27,4 @@
 	<rule from="^http://(?:www\.)?(allianz-?fuer-?cybersicherheit\.(?:de|org)|cybersicherheits-allianz\.de)/"
 		to="https://www.$1/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/AlliedMods.xml b/src/chrome/content/rules/AlliedMods.xml
index 03c773ad5835..c346c9e65c0b 100644
--- a/src/chrome/content/rules/AlliedMods.xml
+++ b/src/chrome/content/rules/AlliedMods.xml
@@ -1,6 +1,11 @@
-<ruleset name="AlliedModders forum">
-  <target host="forums.alliedmods.net" />
+<ruleset name="AlliedModders">
+	<target host="alliedmods.net" />
+	<target host="*.alliedmods.net" />
 
-  <securecookie host="^forums\.alliedmods\.net$" name=".*" />
-  <rule from="^http://forums\.alliedmods\.net/" to="https://forums.alliedmods.net/"/>
+	<securecookie host=".+" name=".+"/>
+
+	<rule from="^http://([^/@:\.]+)\.alliedmods\.net/"
+		to="https://$1.alliedmods.net/" />
+
+	<rule from="^http://alliedmods\.net/" to="https://alliedmods.net/" />
 </ruleset>
diff --git a/src/chrome/content/rules/Allied_Media.org.xml b/src/chrome/content/rules/Allied_Media.org.xml
new file mode 100644
index 000000000000..0fda6116a85e
--- /dev/null
+++ b/src/chrome/content/rules/Allied_Media.org.xml
@@ -0,0 +1,41 @@
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://alliedmedia.org/ => https://alliedmedia.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+	Fully covered subdomains:
+
+		- (www.)
+		- amc
+		- store
+		- talk
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- (www.) from ^ *
+			- amc from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Allied Media.org">
+
+	<target host="alliedmedia.org" />
+	<!--target host="amc.alliedmedia.org" /-->
+	<target host="store.alliedmedia.org" />
+	<!--target host="talk.alliedmedia.org" /-->
+	<target host="www.alliedmedia.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.store\.alliedmedia\.org$" name="^frontend$" /-->
+	<!--securecookie host="^\.talk\.alliedmedia\.org$" name="^SESS[0-9a-f]{32}$" /-->
+
+	<securecookie host="^\.(?:store|talk)\.alliedmedia\.org$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Allingsas.se.xml b/src/chrome/content/rules/Allingsas.se.xml
deleted file mode 100644
index bd26034f1414..000000000000
--- a/src/chrome/content/rules/Allingsas.se.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="Allingsas.se">
-  <target host="www.allingsas.se" />
-  <target host="allingsas.se" />
-  <rule from="^http://www\.allingsas\.se/" to="https://www.allingsas.se/"/>
-  <rule from="^http://allingsas\.se/" to="https://allingsas.se/"/>
-</ruleset>
-
diff --git a/src/chrome/content/rules/Allistene.fr.xml b/src/chrome/content/rules/Allistene.fr.xml
index c87a52679d98..1bc811f3bbea 100644
--- a/src/chrome/content/rules/Allistene.fr.xml
+++ b/src/chrome/content/rules/Allistene.fr.xml
@@ -1,4 +1,7 @@
 <!--
+	^allistene.fr: Mismatched
+
+
 	Mixed content:
 
 		- Images on www from www *
@@ -8,14 +11,19 @@
 -->
 <ruleset name="Allistene.fr">
 
-	<target host="allistene.fr" />
+	<!--	Direct rewrites:
+				-->
 	<target host="www.allistene.fr" />
 
-	<securecookie host="^$" name=".+" />
+	<!--	Complications:
+				-->
+	<target host="allistene.fr" />
+
 
-    <rule from="^https?://allistene\.fr/"
-        to="https://www.allistene.fr/" />
-	<rule from="^http://(?:www\.)?allistene\.fr/"
+	<rule from="^http://allistene\.fr/"
 		to="https://www.allistene.fr/" />
 
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/Allizom.org.xml b/src/chrome/content/rules/Allizom.org.xml
new file mode 100644
index 000000000000..64265c2c4b66
--- /dev/null
+++ b/src/chrome/content/rules/Allizom.org.xml
@@ -0,0 +1,43 @@
+<!--
+	For other Mozilla coverage, see Mozilla.xml.
+
+	Refused:
+		whatsdeployed.paas.allizom.org
+		phonedash-dev.allizom.org
+
+	Invalid certificate:
+		m.wiki.allizom.org
+		download-sha1.allizom.org
+
+	Different content HTTP/HTTPS:
+		developer-dev.allizom.org
+		docs-pub-build.allizom.org
+
+-->
+<ruleset name="Allizom.org (partial)">
+
+	<target host="allizom.org" />
+	<target host="www.allizom.org" />
+	<target host="activations-dev.allizom.org" />
+	<target host="air.allizom.org" />
+	<target host="air-dev.allizom.org" />
+	<target host="bugzilla-dev.allizom.org" />
+	<target host="careers.allizom.org" />
+	<target host="dxr.allizom.org" />
+	<target host="fhr-dev.allizom.org" />
+	<target host="hardware.metrics.allizom.org" />
+	<target host="itisatrap-dev.allizom.org" />
+	<target host="mozillalabs.allizom.org" />
+	<target host="snippets.allizom.org" />
+	<target host="support.allizom.org" />
+	<target host="telemetry-experiment-dev.allizom.org" />
+	<target host="treeherder.allizom.org" />
+	<target host="wiki.allizom.org" />
+	<target host="wiki-dev.allizom.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Allmend.ch.xml b/src/chrome/content/rules/Allmend.ch.xml
new file mode 100644
index 000000000000..c9cafa6824fb
--- /dev/null
+++ b/src/chrome/content/rules/Allmend.ch.xml
@@ -0,0 +1,14 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+			 - blog.allmend.ch
+			 - wiki.allmend.ch
+-->
+<ruleset name="Allmend.ch (partial)">
+	<target host="allmend.ch" />
+	<target host="www.allmend.ch" />
+
+	<securecookie host="^(www\.)?allmend\.ch$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Allmystery.de.xml b/src/chrome/content/rules/Allmystery.de.xml
new file mode 100644
index 000000000000..8c3b7f14198d
--- /dev/null
+++ b/src/chrome/content/rules/Allmystery.de.xml
@@ -0,0 +1,10 @@
+<ruleset name="Allmystery.de">
+
+	<target host="allmystery.de" />
+	<target host="www.allmystery.de" />
+	<target host="static.allmystery.de" />
+	<target host="ts.allmystery.de" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Allmyvideos.net.xml b/src/chrome/content/rules/Allmyvideos.net.xml
new file mode 100644
index 000000000000..fb8e5d937412
--- /dev/null
+++ b/src/chrome/content/rules/Allmyvideos.net.xml
@@ -0,0 +1,54 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://allmyvideos.net/ => https://allmyvideos.net/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://api.allmyvideos.net/ => https://api.allmyvideos.net/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.allmyvideos.net/ => https://www.allmyvideos.net/: (60, 'SSL certificate problem: certificate has expired')
+
+	Nonfunctional subdomains:
+
+		- d\d+...:182 ¹
+		- nagios ²
+
+	¹ Refused
+	² Shows adtrace.org, expired 2013-07-31
+
+
+	These altnames don't exist:
+
+		- secure.allmyvideos.net
+
+
+	Mixed content:
+
+		- Images, on (www.)? from d\d+ *
+
+	* Unsecurable
+
+-->
+<ruleset name="allmyvideos.net (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="allmyvideos.net" />
+	<target host="api.allmyvideos.net" />
+	<target host="cacti.allmyvideos.net" />
+	<target host="wiki.allmyvideos.net" />
+	<target host="www.allmyvideos.net" />
+
+		<!--exclusion pattern="^http://(d\d+|nagios)\.allmyvideos\.net/" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.allmyvideos\.net$" name="^lang$" /-->
+	<!--securecookie host="^api\.allmyvideos\.net$" name="^dancer\.session$" /-->
+	<!--securecookie host="^cacti\.allmyvideos\.net" name="^Cacti$" /-->
+
+	<securecookie host="^(?:api|cacti)?\.allmyvideos\.net$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Alloscomp.com.xml b/src/chrome/content/rules/Alloscomp.com.xml
index 75f9c58524cb..bae6d3fe9301 100644
--- a/src/chrome/content/rules/Alloscomp.com.xml
+++ b/src/chrome/content/rules/Alloscomp.com.xml
@@ -1,5 +1,18 @@
-<ruleset name="Alloscomp.com" platform="cacert" default_off="expired">
-  <target host="alloscomp.com" />
-  <target host="www.alloscomp.com" />
-  <rule from="^http://(www\.)?alloscomp\.com/" to="https://www.alloscomp.com/"/>
-</ruleset>
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+			 - www.alloscomp.com
+-->
+<ruleset name="Alloscomp.com">
+	<target host="alloscomp.com" />
+	<target host="www.alloscomp.com" />
+	<target host="tron.alloscomp.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://www\.alloscomp\.com/"
+			to="https://alloscomp.com/" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Alloy_Digital.xml b/src/chrome/content/rules/Alloy_Digital.xml
index fdeeea579ab9..cd29b05b85fa 100644
--- a/src/chrome/content/rules/Alloy_Digital.xml
+++ b/src/chrome/content/rules/Alloy_Digital.xml
@@ -1,4 +1,17 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://cdn.b5media.com/ (200) => https://d36nwfv100lk1n.cloudfront.net/ (403)
+Non-2xx HTTP code: http://cdn.crushable.com/ (200) => https://d1r0ty19i0gtvo.cloudfront.net/ (403)
+Fetch error: http://cdn.thegrindstone.com/ => https://d176o63igdzvgd.cloudfront.net/: (6, 'Could not resolve host: d176o63igdzvgd.cloudfront.net')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://cdn.b5media.com/ => https://d36nwfv100lk1n.cloudfront.net/: (28, 'Resolving timed out after 10519 milliseconds')
+Non-2xx HTTP code: http://cdn.blisstree.com/ (200) => https://d2oiv51wjnj5wa.cloudfront.net/ (403)
+Non-2xx HTTP code: http://cdn.crushable.com/ (200) => https://d1r0ty19i0gtvo.cloudfront.net/ (403)
+Non-2xx HTTP code: http://cdn.mommyish.com/ (200) => https://dkuyan05fvz6l.cloudfront.net/ (403)
+Non-2xx HTTP code: http://cdn.thegloss.com/ (200) => https://daispricmon6s.cloudfront.net/ (403)
+Fetch error: http://cdn.thegrindstone.com/ => https://d176o63igdzvgd.cloudfront.net/: (6, 'Could not resolve host: d176o63igdzvgd.cloudfront.net')
 	CDN buckets:
 
 		- d176o63igdzvgd.cloudfront.net
@@ -43,7 +56,7 @@
 		- (www.)thegrindstone.com	(ditto)
 
 -->
-<ruleset name="Alloy Digital (partial)">
+<ruleset name="Alloy Digital (partial)" default_off="failed ruleset test">
 
 	<target host="cdn.b5media.com" />
 	<target host="cdn.blisstree.com" />
@@ -53,22 +66,22 @@
 	<target host="cdn.thegrindstone.com" />
 
 
-	<rule from="^https?://cdn\.b5media\.com/"
+	<rule from="^http://cdn\.b5media\.com/"
 		to="https://d36nwfv100lk1n.cloudfront.net/" />
 
-	<rule from="^https?://cdn\.blisstree\.com/"
+	<rule from="^http://cdn\.blisstree\.com/"
 		to="https://d2oiv51wjnj5wa.cloudfront.net/" />
 
-	<rule from="^https?://cdn\.crushable\.com/"
+	<rule from="^http://cdn\.crushable\.com/"
 		to="https://d1r0ty19i0gtvo.cloudfront.net/" />
 
-	<rule from="^https?://cdn\.mommyish\.com/"
+	<rule from="^http://cdn\.mommyish\.com/"
 		to="https://dkuyan05fvz6l.cloudfront.net/" />
 
-	<rule from="^https?://cdn\.thegloss\.com/"
+	<rule from="^http://cdn\.thegloss\.com/"
 		to="https://daispricmon6s.cloudfront.net/" />
 
-	<rule from="^https?://cdn\.thegrindstone\.com/"
+	<rule from="^http://cdn\.thegrindstone\.com/"
 		to="https://d176o63igdzvgd.cloudfront.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Allpoetry.xml b/src/chrome/content/rules/Allpoetry.xml
index e0583a138f3c..e2365c5f8a8b 100644
--- a/src/chrome/content/rules/Allpoetry.xml
+++ b/src/chrome/content/rules/Allpoetry.xml
@@ -1,14 +1,18 @@
 <!--
+
+	Disabled due to https://github.com/EFForg/https-everywhere/issues/1549
+
 	Fully covered subdomains:
 
 		- (www.)	(www → ^)
 		- a
 
 -->
-<ruleset name="Allpoetry">
+<ruleset name="Allpoetry" default_off="breaks login">
 
 	<target host="allpoetry.com" />
-	<target host="*.allpoetry.com" />
+	<target host="a.allpoetry.com" />
+	<target host="www.allpoetry.com" />
 
 
 	<securecookie host="^\.?allpoetry\.com$" name=".+" />
@@ -19,4 +23,4 @@
 	<rule from="^http://(?:(a\.)|www\.)?allpoetry\.com/"
 		to="https://$1allpoetry.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Alltop.com.xml b/src/chrome/content/rules/Alltop.com.xml
new file mode 100644
index 000000000000..4e7a0795b8fb
--- /dev/null
+++ b/src/chrome/content/rules/Alltop.com.xml
@@ -0,0 +1,17 @@
+<!--
+	Remark: *.alltop.com has a wildcard DNS record and
+		a wildcard certificate.
+-->
+<ruleset name="AllTop.com">
+	<target host="alltop.com" />
+	<target host="*.alltop.com" />
+		<test url="http://advertising.alltop.com/" />
+		<test url="http://anime.alltop.com/" />
+		<test url="http://answers.alltop.com/" />
+		<test url="http://bitcoin.alltop.com/" />
+		<test url="http://www.alltop.com/" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Alltop.xml b/src/chrome/content/rules/Alltop.xml
deleted file mode 100644
index e7837096b400..000000000000
--- a/src/chrome/content/rules/Alltop.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	- Expired 2012-11-01
-	- CN: plesk
-
--->
-<ruleset name="Alltop" default_off="expired, self-signed">
-
-	<target host="alltop.com" />
-	<target host="www.alltop.com" />
-
-
-	<rule from="^http://(?:www\.)?alltop\.com/"
-		to="https://alltop.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Allure.com.xml b/src/chrome/content/rules/Allure.com.xml
new file mode 100644
index 000000000000..3138edf85ba1
--- /dev/null
+++ b/src/chrome/content/rules/Allure.com.xml
@@ -0,0 +1,41 @@
+<!--
+	Mixed content:
+		apps.allure.com
+
+	No working URL known:
+		newsletters.allure.com
+		try-it.allure.com
+
+	Login required:
+		blog.allure.com
+
+	Invalid certificate:
+		aws.blog.allure.com
+		downloads.allure.com
+		in.allure.com
+		li.allure.com
+		links.newsletters.allure.com
+		reply.newsletters.allure.com
+		www.pay.allure.com
+
+	Different content http/https:
+		result.allure.com
+
+-->
+<ruleset name="Allure.com">
+
+	<target host="allure.com" />
+	<target host="www.allure.com" />
+	<target host="blogger-awards.allure.com" />
+	<target host="media.allure.com" />
+		<test url="http://media.allure.com/photos/5771a7c88d432b9e20f91bbb/master/pass/hair-ideas-2014-10-comb-wet-hair-th.jpg" />
+	<target host="pay.allure.com" />
+	<target host="renew.allure.com" />
+	<target host="stag.allure.com" />
+	<target host="sweeps.allure.com" />
+	<target host="subscriptions.allure.com" />
+	<target host="video.allure.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Alluremedia.com.xml b/src/chrome/content/rules/Alluremedia.com.xml
new file mode 100644
index 000000000000..5550b054d859
--- /dev/null
+++ b/src/chrome/content/rules/Alluremedia.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="Alluremedia.com">
+	<target host="alluremedia.com" />
+	<target host="www.alluremedia.com" />
+	<target host="carmen-saison2.alluremedia.com" />
+	<target host="grace.alluremedia.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Alluremedia.xml b/src/chrome/content/rules/Alluremedia.xml
deleted file mode 100644
index 30af80e86b54..000000000000
--- a/src/chrome/content/rules/Alluremedia.xml
+++ /dev/null
@@ -1,30 +0,0 @@
-<!--
-	CDN buckets:
-
-		- wac.4AFA.edgecastcdn.net/...
-			- edge.alluremedia.com.au
-
-
-	Nonfunctional domains:
-
-		- (www.)alluremedia.com		(reset)
-
-
-	Problematic domains:
-
-		- (www.)alluremedia.com.au	($ redirects to www, wp-content/ works; mismatched, CN: secure.alluremedia.com.au)
-		- edge.alluremedia.com.au	(cert: gp1.wac.edgecastcdn.net; 404)
-
--->
-<ruleset name="Alluremedia (partial)">
-
-	<target host="*.alluremedia.com.au" />
-
-
-	<rule from="^https?://edge\.alluremedia\.com\.au/(assets/img|m)/"
-		to="https://i0.wp.com/edge.alluremedia.com.au/$1/" />
-
-	<rule from="^http://(?:edge|secure)\.alluremedia\.com/"
-		to="https://secure.alluremedia.com.au/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Ally_Financial-problematic.xml b/src/chrome/content/rules/Ally_Financial-problematic.xml
index 5df8ec1c3a09..09145d05960e 100644
--- a/src/chrome/content/rules/Ally_Financial-problematic.xml
+++ b/src/chrome/content/rules/Ally_Financial-problematic.xml
@@ -7,7 +7,6 @@
 	<target host="community.ally.com" />
 
 
-	<rule from="^http://community\.ally\.com/"
-		to="https://community.ally.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Ally_Financial.xml b/src/chrome/content/rules/Ally_Financial.xml
index be3babaed1b5..a2b4583967db 100644
--- a/src/chrome/content/rules/Ally_Financial.xml
+++ b/src/chrome/content/rules/Ally_Financial.xml
@@ -1,4 +1,14 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.smartauction.biz/ => https://www.smartauction.biz/: (6, 'Could not resolve host: www.smartauction.biz')
+
+-->
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.smartauction.biz/ => https://www.smartauction.biz/: (60, 'SSL certificate problem: certificate has expired')
+
 	For problematic rules, see Ally_Financial-problematic.xml.
 
 
@@ -29,10 +39,16 @@
 		- www.smartauction.biz
 
 -->
-<ruleset name="Ally Financial (partial)">
+<ruleset name="Ally Financial (partial)" default_off="failed ruleset test">
 
 	<target host="ally.com" />
-	<target host="*.ally.com" />
+	<target host="billpay.ally.com" />
+	<target host="chat.ally.com" />
+	<target host="m.ally.com" />
+	<target host="online-application.ally.com" />
+	<target host="secure.ally.com" />
+	<target host="survey.ally.com" />
+	<target host="www.ally.com" />
 	<target host="allybank.com" />
 	<target host="www.allybank.com" />
 	<target host="www.smartauction.biz" />
@@ -41,13 +57,10 @@
 	<securecookie host=".*\.ally\.com$" name=".+" />
 
 
-	<rule from="^http://((?:billpay|chat|m|online-application|secure|survey|www)\.)?ally\.com/"
-		to="https://$1ally.com/" />
 
 	<rule from="^http://(?:www\.)?allybank\.com/"
 		to="https://www.ally.com/" />
 
-	<rule from="^http://www\.smartauction\.biz/"
-		to="https://www.smartauction.biz/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Alonetone.xml b/src/chrome/content/rules/Alonetone.xml
deleted file mode 100644
index a494c38cbaae..000000000000
--- a/src/chrome/content/rules/Alonetone.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)
--->
-<ruleset name="alonetone (partial)">
-
-	<target host="stash.alonetone.com" />
-
-
-	<rule from="^https?://stash\.alonetone\.com/"
-		to="https://s3.amazonaws.com/stash.alonetone.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/AlphaSSL.xml b/src/chrome/content/rules/AlphaSSL.xml
index bd5c5401f9ec..3ee86fc959d0 100644
--- a/src/chrome/content/rules/AlphaSSL.xml
+++ b/src/chrome/content/rules/AlphaSSL.xml
@@ -1,10 +1,10 @@
 <ruleset name="AlphaSSL">
 
 	<target host="alphassl.com" />
-	<target host="*.alphassl.com" />
+	<target host="seal.alphassl.com" />
+	<target host="www.alphassl.com" />
 
 
-	<rule from="^http://(seal\.|www\.)?alphassl\.com/"
-		to="https://$1alphassl.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Alpha_Dominche.xml b/src/chrome/content/rules/Alpha_Dominche.xml
index 0662f6175d26..7324a2cb7c5c 100644
--- a/src/chrome/content/rules/Alpha_Dominche.xml
+++ b/src/chrome/content/rules/Alpha_Dominche.xml
@@ -1,15 +1,10 @@
-<!--
-	- www redirects to !www
-	- CN: Parallels Panel
-
--->
-<ruleset name="Alpha Dominche" default_off="self-signed">
+<ruleset name="Alpha Dominche.com" default_off="404">
 
 	<target host="alphadominche.com" />
 	<target host="www.alphadominche.com" />
 
 
-	<rule from="^http://(?:www\.)?alphadominche\.com/"
-		to="https://alphadominche.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/AlpineLinux.org.xml b/src/chrome/content/rules/AlpineLinux.org.xml
new file mode 100644
index 000000000000..6efe18dcc27a
--- /dev/null
+++ b/src/chrome/content/rules/AlpineLinux.org.xml
@@ -0,0 +1,75 @@
+<!--
+	Nonfunctional hosts in *.alpinelinux.org:
+
+		- dl-1.alpinelinux.org (e)
+		- dl-2.alpinelinux.org (r)
+		- dl-3.alpinelinux.org (m)
+		- dl-6.alpinelinux.org (t)
+		- dl-7.alpinelinux.org (r)
+		- dl-8.alpinelinux.org (t)
+		- dl-cdn.alpinelinux.org (m)
+		- docs.alpinelinux.org (m) (multiple certificates provided)
+		- infra.alpinelinux.org (m)
+		- mail.alpinelinux.org (m)
+		- mail.alpinelinux.org (m)
+		- no.alpinelinux.org (s)
+		- ns1.alpinelinux.org (m)
+		- ns2.alpinelinux.org (e)
+
+	e: certificate expired
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+
+
+	Insecure cookies are set for these hosts:
+
+		- bugs.alpinelinux.org
+-->
+<ruleset name="Alpinelinux.org">
+
+	<target host="alpinelinux.org" />
+	<target host="www.alpinelinux.org" />
+	<target host="api.alpinelinux.org" />
+	<target host="boot.alpinelinux.org" />
+	<target host="bugs.alpinelinux.org" />
+	<target host="build.alpinelinux.org" />
+	<target host="cz.alpinelinux.org" />
+	<target host="dev.alpinelinux.org" />
+	<target host="distfiles.alpinelinux.org" />
+	<target host="dl-4.alpinelinux.org" />
+	<target host="dl-5.alpinelinux.org" />
+	<target host="dl.alpinelinux.org" />
+	<target host="beta.docs.alpinelinux.org" />
+	<target host="git.alpinelinux.org" />
+	<target host="gitlab.alpinelinux.org" />
+	<target host="gitlabtest.alpinelinux.org" />
+	<target host="lists.alpinelinux.org" />
+	<target host="mirrors.alpinelinux.org" />
+	<target host="msg.alpinelinux.org" />
+	<target host="nl.alpinelinux.org" />
+	<target host="nl3.alpinelinux.org" />
+	<target host="nld3.alpinelinux.org" />
+	<target host="patchwork.alpinelinux.org" />
+	<target host="phabtest.alpinelinux.org" />
+	<target host="pkgs.alpinelinux.org" />
+	<target host="pkt1-lxc2.alpinelinux.org" />
+	<target host="redmine.alpinelinux.org" />
+	<target host="uk.alpinelinux.org" />
+	<target host="wiki.alpinelinux.org" />
+	<target host="wwwtest.alpinelinux.org" />
+	<target host="zabbix.alpinelinux.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^bugs\.alpinelinux\.org$" name="^_redmine_session" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Alpine_Linux.org.xml b/src/chrome/content/rules/Alpine_Linux.org.xml
deleted file mode 100644
index e4d038031973..000000000000
--- a/src/chrome/content/rules/Alpine_Linux.org.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- git	(refused)
-		- wiki	(dropped)
-
--->
-<ruleset name="Alpine Linux.org (partial)">
-
-	<target host="alpinelinux.org" />
-	<target host="*.alpinelinux.org" />
-
-
-	<securecookie host="^bugs\.alpinelinux\.org$" name=".+" />
-
-
-	<rule from="^http://(bugs\.|www\.)?alpinelinux\.org/"
-		to="https://$1alpinelinux.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Alpnames.com.xml b/src/chrome/content/rules/Alpnames.com.xml
new file mode 100644
index 000000000000..af04f234fe17
--- /dev/null
+++ b/src/chrome/content/rules/Alpnames.com.xml
@@ -0,0 +1,14 @@
+<!-- Problematic domains:
+	- r.promo.alpnames.com: Certificate only valid for (*.)sendinblue.com
+	- ski.alpnames.com: Certificate only valid for (www.)secureclientlogin.org
+-->
+
+<ruleset name="Alpnames.com">
+	<target host="alpnames.com" />
+	<target host="marketplace.alpnames.com" />
+	<target host="my.alpnames.com" />
+	<target host="support.alpnames.com" />
+	<target host="www.alpnames.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AlreadyHosting.com.xml b/src/chrome/content/rules/AlreadyHosting.com.xml
deleted file mode 100644
index f36c52557cec..000000000000
--- a/src/chrome/content/rules/AlreadyHosting.com.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="AlreadyHosting.com (partial)" default_off="mismatch">
-
-	<!--	*.fatcow.com	-->
-	<target host="bestwebhostinggeek.com"/>
-	<target host="*.bestwebhostinggeek.com"/>
-
-	<securecookie host="^(.*\.)?bestwebhostinggeek\.com$" name=".*"/>
-
-	<rule from="^http://(?:www\.)?bestwebhostinggeek\.com/"
-		to="https://www.bestwebhostinggeek.com/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Alt-Sheff.org.xml b/src/chrome/content/rules/Alt-Sheff.org.xml
new file mode 100644
index 000000000000..f51f1992af7a
--- /dev/null
+++ b/src/chrome/content/rules/Alt-Sheff.org.xml
@@ -0,0 +1,12 @@
+<ruleset name="Alt-Sheff.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="alt-sheff.org" />
+	<target host="www.alt-sheff.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AltQuick.co.xml b/src/chrome/content/rules/AltQuick.co.xml
new file mode 100644
index 000000000000..0b7412bd5f39
--- /dev/null
+++ b/src/chrome/content/rules/AltQuick.co.xml
@@ -0,0 +1,10 @@
+<ruleset name="AltQuick.co">
+
+	<target host="altquick.co" />
+	<target host="www.altquick.co" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Alta_Ski_Area.xml b/src/chrome/content/rules/Alta_Ski_Area.xml
index 7fe410f402b0..47b62b6a5800 100644
--- a/src/chrome/content/rules/Alta_Ski_Area.xml
+++ b/src/chrome/content/rules/Alta_Ski_Area.xml
@@ -5,16 +5,16 @@
 <ruleset name="Alta Ski Area">
 
 	<target host="alta.com" />
-	<target host="*.alta.com" />
+	<target host="www.alta.com" />
+	<target host="shop.alta.com" />
 
 
 	<securecookie host="^shop\.alta\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?alta\.com/"
+	<rule from="^http://(?:www\.)?alta\.com/"
 		to="https://www.alta.com/" />
 
-	<rule from="^http://shop\.alta\.com/"
-		to="https://shop.alta.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Alteeve.ca.xml b/src/chrome/content/rules/Alteeve.ca.xml
new file mode 100644
index 000000000000..85b03c80aa80
--- /dev/null
+++ b/src/chrome/content/rules/Alteeve.ca.xml
@@ -0,0 +1,13 @@
+<!--
+	Connection refused:
+		- plan.alteeve.ca
+-->
+
+<ruleset name="Alteeve.ca">
+	<target host="alteeve.ca" />
+	<target host="www.alteeve.ca" />
+
+	<securecookie host="^\w" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AlterNet.xml b/src/chrome/content/rules/AlterNet.xml
index 3be479b1c948..84211c400a64 100644
--- a/src/chrome/content/rules/AlterNet.xml
+++ b/src/chrome/content/rules/AlterNet.xml
@@ -1,27 +1,24 @@
 <!--
-	Nonfunctional subdomains:
+	Website is misconfigured and many subdomains fail to load even
+	over http because of broken redirects (eg. blogs.alternet.org)
 
-		- dev	(times out)
+	Different content http/https:
+		files.alternet.org
+			<test url="http://files.alternet.org/css/slimbox2.css" />
+			<test url="https://files.alternet.org/css/slimbox2.css" />
+			(but website sometimes links to https even though it is
+			 broken.)
 
 -->
-<ruleset name="AlterNet (partial)">
+<ruleset name="AlterNet.org">
 
 	<target host="alternet.org" />
-	<target host="*.alternet.org" />
+	<target host="www.alternet.org" />
+	<target host="act.alternet.org" />
+	<target host="donate.alternet.org" />
+	<target host="img.alternet.org" />
 
-
-	<!--	At least the homepage 301s to http.
-				-->
-	<rule from="^http://(www\.)?alternet\.org/images/"
-		to="https://$1alternet.org/images/" />
-
-	<!--	- 404s over https
-		- 301s like so over http
-					-->
-	<rule from="^http://blogs\.alternet\.org/speakeasy/wp-content/avatars/"
-		to="https://images.alternet.org/images/avatars/" />
-
-	<rule from="^http://(fil|imag)es\.alternet\.org/"
-		to="https://$1es.alternet.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Altera.com.xml b/src/chrome/content/rules/Altera.com.xml
index 93ce705a8d89..b5b2dd1f2d99 100644
--- a/src/chrome/content/rules/Altera.com.xml
+++ b/src/chrome/content/rules/Altera.com.xml
@@ -21,4 +21,4 @@
 	<rule from="^http://(?:www\.)?altera\.com/(?=common/|favicon\.ico|js\.lib/|myaltera(?:$|[?/]))"
 		to="https://www.altera.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/AlternC.xml b/src/chrome/content/rules/AlternC.xml
index c10a8f590391..a175519cdfbc 100644
--- a/src/chrome/content/rules/AlternC.xml
+++ b/src/chrome/content/rules/AlternC.xml
@@ -1,19 +1,24 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://demo.alternc.org/ => https://demo.alternc.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.alternc.org/ => https://www.alternc.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.alternc.org'")
+
 	Nonfunctional subdomains:
 
 		- mail.demo	(redirects to demo)
 
 -->
-<ruleset name="AlternC (partial)">
+<ruleset name="AlternC (partial)" default_off="failed ruleset test">
 
 	<target host="alternc.org" />
-	<target host="*.alternc.org" />
+	<target host="demo.alternc.org" />
+	<target host="www.alternc.org" />
 
 
 	<securecookie host="^(?:www\.)?alternc\.org$" name=".+" />
 
 
-	<rule from="^http://(demo\.|www\.)?alternc\.org/"
-		to="https://$1alternc.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/AlternaLabs.xml b/src/chrome/content/rules/AlternaLabs.xml
deleted file mode 100644
index d6128e7d0cf7..000000000000
--- a/src/chrome/content/rules/AlternaLabs.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	Some pages redirect to http
-
--->
-<ruleset name="AlternaLabs (partial)">
-
-	<target host="alternalabs.com" />
-	<target host="www.alternalabs.com" />
-
-
-	<rule from="^http://(www\.)?alternalabs\.com/(assets/|favicon\.ico|wp-content/)"
-		to="https://$1alternalabs.com/$2" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Alternate.xml b/src/chrome/content/rules/Alternate.xml
index 58657564645a..f7c5e734db9c 100644
--- a/src/chrome/content/rules/Alternate.xml
+++ b/src/chrome/content/rules/Alternate.xml
@@ -1,4 +1,10 @@
-<ruleset name="Alternate" platform="mixedcontent">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://alternate-b2b.nl/ => https://alternate-b2b.nl/: (51, "SSL: no alternative certificate subject name matches target host name 'alternate-b2b.nl'")
+
+-->
+<ruleset name="Alternate" platform="mixedcontent" default_off="failed ruleset test">
   <target host="*.alternate.be"/>
   <target host="alternate.be"/>
   <target host="*.alternate.nl"/>
diff --git a/src/chrome/content/rules/Alternatiba.eu.xml b/src/chrome/content/rules/Alternatiba.eu.xml
new file mode 100644
index 000000000000..896951b22fb8
--- /dev/null
+++ b/src/chrome/content/rules/Alternatiba.eu.xml
@@ -0,0 +1,16 @@
+<!--
+	Redirect to mismatched domain:
+		campclimat2017.alternatiba.eu
+
+	Invalid certificate:
+		listes.alternatiba.eu
+
+-->
+<ruleset name="Alternatiba">
+
+	<target host="alternatiba.eu" />
+	<target host="alternatv-rhone.alternatiba.eu" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Alternatif_Bilisim.org.xml b/src/chrome/content/rules/Alternatif_Bilisim.org.xml
new file mode 100644
index 000000000000..7f746e999fbf
--- /dev/null
+++ b/src/chrome/content/rules/Alternatif_Bilisim.org.xml
@@ -0,0 +1,21 @@
+<!--
+
+	Mixed content:
+
+		- Images on www from $self *
+
+		- Bugs on www from i.creativecommons.org *
+
+	* Secured by us
+
+-->
+<ruleset name="Alternatif Bilisim.org">
+
+	<target host="alternatifbilisim.org" />
+	<target host="iuf.alternatifbilisim.org" />
+	<target host="www.alternatifbilisim.org" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AlternativeLibertaire.org.xml b/src/chrome/content/rules/AlternativeLibertaire.org.xml
new file mode 100644
index 000000000000..50c312c52292
--- /dev/null
+++ b/src/chrome/content/rules/AlternativeLibertaire.org.xml
@@ -0,0 +1,26 @@
+<!--
+	Invalid certificate:
+		www.alsace.alternativelibertaire.org
+		intranet.alternativelibertaire.org
+
+	Redirect to http:
+		boutique.alternativelibertaire.org
+		www.boutique.alternativelibertaire.org
+
+	No working URL known:
+		essentiel.alternativelibertaire.org (404)
+		www.essentiel.alternativelibertaire.org (404)
+
+	Private subdomain:
+		www.intranet.alternativelibertaire.org
+
+-->
+<ruleset name="Alternative Libertaire">
+
+	<target host="alternativelibertaire.org" />
+	<target host="www.alternativelibertaire.org" />
+	<target host="alsace.alternativelibertaire.org" />
+
+	<rule from="^http:"	to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AlternativeTo.net.xml b/src/chrome/content/rules/AlternativeTo.net.xml
new file mode 100644
index 000000000000..ef82f10c5b00
--- /dev/null
+++ b/src/chrome/content/rules/AlternativeTo.net.xml
@@ -0,0 +1,16 @@
+<!--
+		Redirects:
+		m.alternativeto.net → alternativeto.net
+-->
+<ruleset name="AlternativeTo.net">
+	<target host="alternativeto.net" />
+	<target host="www.alternativeto.net" />
+	<target host="api.alternativeto.net" />
+	<target host="blog.alternativeto.net" />
+	<target host="d2.alternativeto.net" />
+	<target host="m.alternativeto.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Alternatives-Economiques.fr.xml b/src/chrome/content/rules/Alternatives-Economiques.fr.xml
new file mode 100644
index 000000000000..48453b6275e5
--- /dev/null
+++ b/src/chrome/content/rules/Alternatives-Economiques.fr.xml
@@ -0,0 +1,20 @@
+<!--
+	Invalid certificate:
+		formation.alternatives-economiques.fr
+		info.alternatives-economiques.fr
+		ipe.alternatives-economiques.fr
+
+-->
+<ruleset name="Alternatives Economiques">
+
+	<target host="alternatives-economiques.fr" />
+	<target host="www.alternatives-economiques.fr" />
+	<target host="abo.alternatives-economiques.fr" />
+	<target host="blogs.alternatives-economiques.fr" />
+	<target host="data.alternatives-economiques.fr" />
+		<test url="http://data.alternatives-economiques.fr/2017/10/newsgame-budget/" />
+	<target host="lpl.alternatives-economiques.fr" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Alternatives.ca.xml b/src/chrome/content/rules/Alternatives.ca.xml
new file mode 100644
index 000000000000..7554dd3846a0
--- /dev/null
+++ b/src/chrome/content/rules/Alternatives.ca.xml
@@ -0,0 +1,6 @@
+<ruleset name="Alternatives.ca">
+  <target host="alternatives.ca" />
+  <target host="www.alternatives.ca" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Alternativet.dk.xml b/src/chrome/content/rules/Alternativet.dk.xml
new file mode 100644
index 000000000000..320aa9ae9bbe
--- /dev/null
+++ b/src/chrome/content/rules/Alternativet.dk.xml
@@ -0,0 +1,22 @@
+<!--
+	A few style sheets are hardcoded as http:// and
+	considered mixed content in Firefox and friends.
+	This does not break the design though.
+
+	Problematic domains:
+
+		- tv ¹
+
+	¹ Bad CN in cert
+
+-->
+
+<ruleset name="Alternativet (partial)">
+
+	<target host="alternativet.dk" />
+	<target host="www.alternativet.dk" />
+
+	<rule from="^http:"
+		to="https:"/>
+
+</ruleset>
diff --git a/src/chrome/content/rules/Alternativlos.org.xml b/src/chrome/content/rules/Alternativlos.org.xml
new file mode 100644
index 000000000000..1852055f3429
--- /dev/null
+++ b/src/chrome/content/rules/Alternativlos.org.xml
@@ -0,0 +1,13 @@
+<ruleset name="Alternativlos.org">
+
+	<target host="alternativlos.org" />
+	<target host="www.alternativlos.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Altex.ro.xml b/src/chrome/content/rules/Altex.ro.xml
new file mode 100644
index 000000000000..67d134f2417d
--- /dev/null
+++ b/src/chrome/content/rules/Altex.ro.xml
@@ -0,0 +1,60 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cdn.altex.ro/ => https://d2qpxedcu5ji30.cloudfront.net/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+
+	CDN buckets:
+
+		- d2qpxedcu5ji30.cloudfront.net ← cdn.altex.ro
+
+
+	Nonfunctional hosts in *altex.ro:
+
+		- admin *
+
+	* Plaintext reply
+
+
+	Problematic hosts in *altex.ro:
+
+		- cdn *
+
+	* Cloudfront/mismatched
+
+
+	Mixed content:
+
+		- css on www from cdn.altex.ro *
+
+		- Images, on:
+
+			- www from admin.altex.ro
+			- www from cdn.altex.ro *
+
+	* Secured by us
+
+-->
+<ruleset name="Altex.ro (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="altex.ro" />
+	<target host="www.altex.ro" />
+
+	<!--	Complications:
+				-->
+	<target host="cdn.altex.ro" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.altex\.ro$" name="^frontend$" /-->
+	<!--securecookie host="^www\.altex\.ro$" name="^uid$" /-->
+
+	<securecookie host="^\." name="^_gat$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Alticore-mismatches.xml b/src/chrome/content/rules/Alticore-mismatches.xml
deleted file mode 100644
index 753c9775fb0b..000000000000
--- a/src/chrome/content/rules/Alticore-mismatches.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--	Bucket at s7d5.scene7.com
--->
-<ruleset name="Alticore (mismatches)" default_off="Akamai certificate, expired">
-
-	<target host="amwaygrand.com"/>
-	<target host="www.amwaygrand.com"/>
-	<target host="lauramercier.ugc.bazaarvoice.com"/>
-
-	<securecookie host="^(.*\.)?amwaygrand\.com$" name=".*"/>
-
-	<rule from="^http://(?:www\.)?amwaygrand\.com/"
-		to="https://www.amwaygrand.com/"/>
-
-	<rule from="^http://lauramercier\.ugc\.bazaarvoice\.com/"
-		to="https://lauramercier.ugc.bazaarvoice.com/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Altii.de.xml b/src/chrome/content/rules/Altii.de.xml
new file mode 100644
index 000000000000..098c5624d09f
--- /dev/null
+++ b/src/chrome/content/rules/Altii.de.xml
@@ -0,0 +1,9 @@
+<ruleset name="altii.de">
+
+	<target host="altii.de" />
+	<target host="www.altii.de" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Altimate_Wellness.xml b/src/chrome/content/rules/Altimate_Wellness.xml
deleted file mode 100644
index 58c6deceae99..000000000000
--- a/src/chrome/content/rules/Altimate_Wellness.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	Some pages redirect to http.
-
--->
-<ruleset name="Altimate Wellness (partial)">
-
-	<target host="altimatewellness.com" />
-	<target host="www.altimatewellness.com" />
-
-
-	<rule from="^http://(www\.)?altimatewellness\.com/wp-(admin(?:/|\.php)|content/|includes/)"
-		to="https://$1altimatewellness.com/wp-$2" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Altinget.dk.xml b/src/chrome/content/rules/Altinget.dk.xml
new file mode 100644
index 000000000000..b8a2422e867d
--- /dev/null
+++ b/src/chrome/content/rules/Altinget.dk.xml
@@ -0,0 +1,18 @@
+<!--
+	Notes:
+		- Some fonts are not included in browsers that block
+		  mixed content.
+		- https://s.spindoktor.dk provides a certificate for
+		  altinget.dk and www.altinget.dk, for some, probably
+		  historical, reason.
+
+	Not included:
+		banner.altinget.dk (not in cert)
+-->
+<ruleset name="Altinget.dk (partial)">
+	<target host="altinget.dk" />
+	<target host="www.altinget.dk" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Altmetric.com.xml b/src/chrome/content/rules/Altmetric.com.xml
new file mode 100644
index 000000000000..01e94e89e3b5
--- /dev/null
+++ b/src/chrome/content/rules/Altmetric.com.xml
@@ -0,0 +1,33 @@
+<!--
+	Mismatch:
+		status.altmetric.com
+
+	Redirect to http:
+		metricstoolkit.altmetric.com
+-->
+<ruleset name="Altmetric.com">
+	<target host="altmetric.com" />
+	<target host="*.altmetric.com" />
+		<test url="http://agingalbanyny.altmetric.com/" />
+		<test url="http://alt.altmetric.com/" />
+		<test url="http://bmj.altmetric.com/" />
+		<test url="http://bookalytics.altmetric.com/" />
+		<test url="http://cdc.altmetric.com/" />
+		<test url="http://cell.altmetric.com/" />
+		<test url="http://dovemedicalpress.altmetric.com/" />
+		<test url="http://elsevier.altmetric.com/" />
+		<test url="http://help.altmetric.com/" />
+		<test url="http://jamanetwork.altmetric.com/" />
+		<test url="http://nature.altmetric.com/" />
+		<test url="http://norden.altmetric.com/" />
+		<test url="http://oxfordjournals.altmetric.com/" />
+		<test url="http://springerlink.altmetric.com/" />
+		<test url="http://support.altmetric.com/" />
+		<test url="http://wiley.altmetric.com/" />
+
+	<exclusion pattern="^http://(metricstoolkit|status)\.altmetric\.com/" />
+		<test url="http://metricstoolkit.altmetric.com/" />
+		<test url="http://status.altmetric.com/" />
+
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/AltonTowers.xml b/src/chrome/content/rules/AltonTowers.xml
index 1022ae06cae8..d2eb5389c829 100644
--- a/src/chrome/content/rules/AltonTowers.xml
+++ b/src/chrome/content/rules/AltonTowers.xml
@@ -1,8 +1,20 @@
-<ruleset name="AltonTowers (broken)" default_off="broken">
-  <target host="altontowers.com" />
-  <target host="www.altontowers.com" />
-  
-  <securecookie host="^(.+\.)?altontowers\.com$" name=".*"/>
-  
-  <rule from="^http://(?:www\.)?altontowers\.com/" to="https://www.altontowers.com/"/>
+<!--
+	For other Merlin Entertainments coverage, see Merlin-Entertainments.xml.
+
+	Non-functional subdomain:
+		- www2		(timeout)
+-->
+<ruleset name="Alton Towers Resort">
+	<target host="altontowers.com" />
+	<target host="secure.altontowers.com" />
+	<target host="www.altontowers.com" />
+
+	<securecookie host="www\.altontowers\.com$" name=".+" />
+
+	<!-- Timeout: -->
+	<rule from="^http://altontowers\.com/"
+		to="https://www.altontowers.com/" />
+
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Altoona-Mirror.xml b/src/chrome/content/rules/Altoona-Mirror.xml
index acf54507728c..0cca40e21767 100644
--- a/src/chrome/content/rules/Altoona-Mirror.xml
+++ b/src/chrome/content/rules/Altoona-Mirror.xml
@@ -1,30 +1,59 @@
 <!--
 	Nonfunctional altoonamirror.com subdomains:
 
-		- extras	(interrupted)
-		- jobs		(ditto)
+		- jobs ᶠ
+
+	ᶠ Handshake fails
+
+
+	Problematic hosts in *altoonamirror.com:
+
+		- ^ ᵐ
+		- mobile ᵐ
+
+	ᵐ Mismatched
+
+
+	Mixed content:
+
+		- Images on:
+
+			- www from extras.altoonamirror.com ˢ
+			- www from $self ˢ
+
+		- Ads/bugs, on:
+
+			- www from www.facebook.com ˢ
+			- www from embed.newsinc.com ˢ
+			- www from legacy.newsinc.com ˢ
+			- www from panewsmedia.org
+
+	ˢ Secured by us
 
 -->
-<ruleset name="Altoona Mirror (partial)">
+<ruleset name="Altoona Mirror.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="extras.altoonamirror.com" />
+	<target host="www.altoonamirror.com" />
 
+	<!--	Complications:
+				-->
 	<target host="altoonamirror.com" />
-	<target host="*.altoonamirror.com" />
-	<target host="intellnews.net" />
-	<target host="www.intellnews.net" />
+	<target host="mobile.altoonamirror.com" />
+
 
+	<securecookie host="^\w" name=".+" />
 
-	<securecookie host="^www\.altoonamirror\.com$" name=".*" />
-	<securecookie host="^www\.intellnews\.net$" name=".*" />
 
+	<rule from="^http://mobile\.altoonamirror\.com/$"
+		to="https://www.altoonamirror.com/page/wap.frontPage/" />
 
-	<!--	Cert only matches www.
-					-->
-	<rule from="^https?://(?:mobile\.|www\.)?altoonamirror\.com/"
+	<rule from="^http://(?:mobile\.)?altoonamirror\.com/"
 		to="https://www.altoonamirror.com/" />
 
-	<!--	Ditto.
-			-->
-	<rule from="^https?://(?:www\.)?intellnews\.net/"
-		to="https://www.intellnews.net/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Alukah.net.xml b/src/chrome/content/rules/Alukah.net.xml
new file mode 100644
index 000000000000..c73a54768dd7
--- /dev/null
+++ b/src/chrome/content/rules/Alukah.net.xml
@@ -0,0 +1,17 @@
+<!--
+	Timeout:
+		en.alukah.net
+		majles.alukah.net
+	Refused:
+		fatawa.alukah.net
+		radio.alukah.net
+-->
+<ruleset name="Alukah.net" >
+	<target host="alukah.net" />
+	<target host="www.alukah.net" />
+	<target host="api.alukah.net" />
+
+	<securecookie host="^(www|api)\.alukah\.net$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AlumFX.com.xml b/src/chrome/content/rules/AlumFX.com.xml
index c2471499a39a..b9f387ef5022 100644
--- a/src/chrome/content/rules/AlumFX.com.xml
+++ b/src/chrome/content/rules/AlumFX.com.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(www\.)?alumfx\.com/images/"
 		to="https://$1alumfx.com/images/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Alumniconnections.com.xml b/src/chrome/content/rules/Alumniconnections.com.xml
index bae47ea3a4e1..298ef27607e0 100644
--- a/src/chrome/content/rules/Alumniconnections.com.xml
+++ b/src/chrome/content/rules/Alumniconnections.com.xml
@@ -1,17 +1,21 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://alumniconnections.com/ => https://alumniconnections.com/: (28, 'Connection timed out after 20001 milliseconds')
+
 	For other iModules coverage, see IModules.xml.
 
 -->
-<ruleset name="alumniconnections.com">
+<ruleset name="alumniconnections.com" default_off="failed ruleset test">
 
 	<target host="alumniconnections.com" />
-	<target host="*.alumniconnections.com" />
+	<target host="secure.www.alumniconnections.com" />
+	<target host="www.alumniconnections.com" />
 
 
 	<securecookie host="^secure\.www\.alumniconnections\.com$" name=".+" />
 
 
-	<rule from="^http://(secure\.www\.|www\.)?alumniconnections\.com/"
-		to="https://$1alumniconnections.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Alwaysdata.com.xml b/src/chrome/content/rules/Alwaysdata.com.xml
new file mode 100644
index 000000000000..c14b7163d666
--- /dev/null
+++ b/src/chrome/content/rules/Alwaysdata.com.xml
@@ -0,0 +1,26 @@
+<ruleset name="Alwaysdata.com">
+
+	<target host="alwaysdata.com" />
+	<target host="www.alwaysdata.com" />
+	<target host="admin.alwaysdata.com" />
+	<target host="analytics.alwaysdata.com" />
+	<target host="blog.alwaysdata.com" />
+	<target host="changelog.alwaysdata.com" />
+	<target host="forum.alwaysdata.com" />
+	<target host="help.alwaysdata.com" />
+	<target host="net2ftp.alwaysdata.com" />
+	<target host="phpmyadmin.alwaysdata.com" />
+	<target host="phppgadmin.alwaysdata.com" />
+	<target host="static.alwaysdata.com" />
+	<target host="stats.alwaysdata.com" />
+	<target host="status.alwaysdata.com" />
+	<target host="translate.alwaysdata.com" />
+	<target host="webmail.alwaysdata.com" />
+	<target host="wiki.alwaysdata.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Alzforum.org.xml b/src/chrome/content/rules/Alzforum.org.xml
new file mode 100644
index 000000000000..79fe472f8055
--- /dev/null
+++ b/src/chrome/content/rules/Alzforum.org.xml
@@ -0,0 +1,14 @@
+<!--
+	Some pages redirect to http.
+
+-->
+<ruleset name="Alzforum.org (partial)">
+
+	<target host="alzforum.org" />
+	<target host="www.alzforum.org" />
+
+
+	<rule from="^http://(www\.)?alzforum\.org/(?=favicon\.ico|(?:login|my-alzforum|password-recovery|registration)(?:$|[?/])|sites/)"
+		to="https://$1alzforum.org/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Alzheimers_Association.xml b/src/chrome/content/rules/Alzheimers_Association.xml
index 4ca03281c67d..610b46b226f8 100644
--- a/src/chrome/content/rules/Alzheimers_Association.xml
+++ b/src/chrome/content/rules/Alzheimers_Association.xml
@@ -1,19 +1,50 @@
 <!--
+	Nonfunctional subdomains:
+
+		- shop *
+
+	* Dropped
+
+
 	Problematic subdomains:
 
-		- ^	(cert only matches www)
+		- blog *
+
+	* Works; expired, self-signed
+
+
+	act: some pages redirect to http
+
+
+	Mixed content:
+
+		- Images on (www.) from (www.) *
+
+	* Secured by us
 
 -->
-<ruleset name="Alzheimer's Association">
+<ruleset name="Alzheimer's Association (partial)">
 
 	<target host="alz.org" />
+	<target host="sdc.alz.org" />
+	<target host="shop.alz.org" />
 	<target host="www.alz.org" />
+		<!--exclusion pattern="^http://act\.alz\.org/+(PageServer;|TR/Walk/General\?)" /-->
+		<exclusion pattern="^http://act\.alz\.org/+(?!$|\?|\w+/images/|css/|favicon\.ico|images/)" />
+
 
+	<!--	Secured by server:
+					-->
+	<!--securecookie host="^(www\.)?alz\.org$" name="^ASPSESSIONID\w{8}$" /-->
+	<!--
+		Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?alz\.org$" name="^alz%5Fgoogle$" /-->
+	<!--securecookie host="^sdc\.alz\.org$" name="^(ACOOKIE|WEBTRENDS_ID)$" /-->
 
-	<securecookie host="^www\.alz\.org$" name=".+" />
+	<securecookie host="^(?:sdc\.|www\.)?alz\.org$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?alz\.org/"
-		to="https://www.alz.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Alzheimers_Society.xml b/src/chrome/content/rules/Alzheimers_Society.xml
index ed0677ae1bd4..9b1d6368d7a1 100644
--- a/src/chrome/content/rules/Alzheimers_Society.xml
+++ b/src/chrome/content/rules/Alzheimers_Society.xml
@@ -1,4 +1,6 @@
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://alzheimers.org.uk/ => https://www.alzheimers.org.uk/: (60, 'SSL certificate problem: certificate has expired')
 	Nonfunctional subdomains:
 
 		- forum		(shows default plesk page)
@@ -11,7 +13,8 @@
 <ruleset name="Alzheimer's Society (partial)">
 
 	<target host="alzheimers.org.uk" />
-	<target host="*.alzheimers.org.uk" />
+	<target host="www.alzheimers.org.uk" />
+	<target host="shop.alzheimers.org.uk" />
 
 
 	<securecookie host="^(?:www)?\.alzheimers\.org\.uk$" name=".+" />
@@ -23,4 +26,4 @@
 	<rule from="^http://shop\.alzheimers\.org\.uk/(checkout(?:$|\?|/)|_css/|images/|_img/|_js/)"
 		to="https://shop.alzheimers.org.uk/$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Am_I_unique.org.xml b/src/chrome/content/rules/Am_I_unique.org.xml
new file mode 100644
index 000000000000..94986cd6d0a6
--- /dev/null
+++ b/src/chrome/content/rules/Am_I_unique.org.xml
@@ -0,0 +1,20 @@
+<!--
+	www: Refused
+
+-->
+<ruleset name="Am I unique.org">
+
+	<target host="amiunique.org" />
+
+	<!--	Complications:
+				-->
+	<target host="www.amiunique.org" />
+
+
+	<rule from="^http://www\.amiunique\.org/"
+		to="https://amiunique.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Amadeu-Antonio-Stiftung.de.xml b/src/chrome/content/rules/Amadeu-Antonio-Stiftung.de.xml
new file mode 100644
index 000000000000..250d7076ecdc
--- /dev/null
+++ b/src/chrome/content/rules/Amadeu-Antonio-Stiftung.de.xml
@@ -0,0 +1,22 @@
+<!--
+	^amadeu-antonio-stiftung.de: 404
+
+-->
+<ruleset name="Amadeu-Antonio-Stiftung.de">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.amadeu-antonio-stiftung.de" />
+
+	<!--	Complications:
+				-->
+	<target host="amadeu-antonio-stiftung.de" />
+
+
+	<rule from="^http://amadeu-antonio-stiftung\.de/"
+		to="https://www.amadeu-antonio-stiftung.de/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Amahi.org.xml b/src/chrome/content/rules/Amahi.org.xml
index 7f0507251071..3c62463a1d02 100644
--- a/src/chrome/content/rules/Amahi.org.xml
+++ b/src/chrome/content/rules/Amahi.org.xml
@@ -1,9 +1,56 @@
+<!--
+	Invalid certificate:
+		amahi.org
+		acs.amahi.org
+		docs.amahi.org
+		help.amahi.org
+		static.amahi.org
+		store.amahi.org
+		talk.amahi.org
+		transparent.amahi.org
+
+	Different content http/https:
+		api.amahi.org
+			<test url="http://api.amahi.org/assets/audio-9da276ef9eee60aab3c591e4a658600b016bfc02e5c77802e973d4d5e71e81c4.png" />
+
+	Mixed content:
+		blog.amahi.org (ads)
+
+	Login required:
+		gitlab.amahi.org
+		grinder.amahi.org
+
+	No working URL known:
+		shop.amahi.org (500)
+
+-->
 <ruleset name="Amahi.org">
-  <target host="www.amahi.org" />
-  <target host="wiki.amahi.org" />
-  <target host="amahi.org" />
-  <rule from="^http://www\.amahi\.org/" to="https://www.amahi.org/"/>
-  <rule from="^http://wiki\.amahi\.org/" to="https://wiki.amahi.org/"/>
-  <rule from="^http://amahi\.org/" to="https://amahi.org/"/>
-</ruleset>
 
+	<target host="amahi.org" />
+	<target host="www.amahi.org" />
+	<target host="assets.amahi.org" />
+	<target host="blog.amahi.org" />
+	<target host="bugs.amahi.org" />
+	<target host="forums.amahi.org" />
+	<target host="talk.amahi.org" />
+	<target host="wiki.amahi.org" />
+	<target host="wtp.amahi.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<!--	Redirect drops path and args:
+						-->
+	<rule from="^http://talk\.amahi\.org/.*"
+		to="https://webchat.freenode.net/?channels=amahi" />
+
+		<test url="http://talk.amahi.org/test1" />
+		<test url="http://talk.amahi.org/test2" />
+		<test url="http://talk.amahi.org/test3" />
+
+	<rule from="^http://amahi\.org/"
+		to="https://www.amahi.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AmamiyaSora.jp.xml b/src/chrome/content/rules/AmamiyaSora.jp.xml
new file mode 100644
index 000000000000..53cf18a4c833
--- /dev/null
+++ b/src/chrome/content/rules/AmamiyaSora.jp.xml
@@ -0,0 +1,6 @@
+<ruleset name="AmamiyaSora.jp">
+	<target host="amamiyasora.jp" />
+	<target host="www.amamiyasora.jp" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Amara.org.xml b/src/chrome/content/rules/Amara.org.xml
new file mode 100644
index 000000000000..885bb9143757
--- /dev/null
+++ b/src/chrome/content/rules/Amara.org.xml
@@ -0,0 +1,28 @@
+<!--
+	No working URL known:
+		m.amara.org
+
+	Time out:
+		labs.amara.org
+
+	Invalid certificate:
+		ted-support.amara.org
+		vimeo.amara.org
+
+-->
+<ruleset name="amara.org">
+
+	<target host="amara.org" />
+	<target host="www.amara.org" />
+	<target host="about.amara.org" />
+	<target host="beta.amara.org" />
+	<target host="blog.amara.org" />
+	<target host="pro.amara.org" />
+	<target host="staging.amara.org" />
+	<target host="store.amara.org" />
+	<target host="support.amara.org" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Amara.xml b/src/chrome/content/rules/Amara.xml
deleted file mode 100644
index 482e98e7174f..000000000000
--- a/src/chrome/content/rules/Amara.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	Problematic subdomains:
-
-		- about		(works, wordpress)
-		- support	(works; mismatched, CN: *.freshdesk.com)
-
--->
-<ruleset name="Amara">
-
-	<target host="amara.org" />
-	<target host="www.amara.org" />
-
-
-	<securecookie host="^www\.amara\.org$" name=".+" />
-
-
-	<rule from="^http://(www\.)?amara\.org/"
-		to="https://$1amara.org/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Amazingweb.xml b/src/chrome/content/rules/Amazingweb.xml
index 8ec27b553baa..21d95feeb956 100644
--- a/src/chrome/content/rules/Amazingweb.xml
+++ b/src/chrome/content/rules/Amazingweb.xml
@@ -4,7 +4,6 @@
 	<target host="www.amazingweb.co" />
 
 
-	<rule from="^http://(www\.)?amazingweb\.co/"
-		to="https://$1amazingweb.co/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Amazon-Adsystem.com.xml b/src/chrome/content/rules/Amazon-Adsystem.com.xml
new file mode 100644
index 000000000000..af4b57af2f8f
--- /dev/null
+++ b/src/chrome/content/rules/Amazon-Adsystem.com.xml
@@ -0,0 +1,84 @@
+<!--
+	For other Amazon coverage, see Amazon.xml.
+
+
+	CDN buckets:
+
+		- d1ykf07e75w7ss.cloudfront.net
+
+			- c
+
+
+	Problematic hosts in *amazon-adsystem.com:
+
+		- ps-us *
+
+	* Cloudfront
+
+
+	Insecure cookies are set for these domains: ᶜ
+
+		- .amazon-adsystem.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	ps-us.amazon-adsystem.com sets aps-trtmnt cookie
+	on whichever domain it is loaded from.
+
+-->
+<ruleset name="Amazon-Adsystem.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="aax.amazon-adsystem.com" />
+	<target host="aax-eu.amazon-adsystem.com" />
+	<target host="aax-fe.amazon-adsystem.com" />
+	<target host="aax-fe-pek.amazon-adsystem.com" />
+	<target host="aax-fe-sin.amazon-adsystem.com" />
+	<target host="aax-us-east.amazon-adsystem.com" />
+	<target host="c.amazon-adsystem.com" />
+	<target host="fls-eu.amazon-adsystem.com" />
+	<target host="fls-fe.amazon-adsystem.com" />
+	<target host="fls-na.amazon-adsystem.com" />
+	<target host="ir-de.amazon-adsystem.com" />
+	<target host="ir-jp.amazon-adsystem.com" />
+	<target host="ir-na.amazon-adsystem.com" />
+	<target host="rcm-eu.amazon-adsystem.com" />
+	<target host="rcm-fe.amazon-adsystem.com" />
+	<target host="rcm-na.amazon-adsystem.com" />
+	<target host="s.amazon-adsystem.com" />
+	<target host="wms-eu.amazon-adsystem.com" />
+	<target host="wms-fe.amazon-adsystem.com" />
+	<target host="wms-na.amazon-adsystem.com" />
+	<target host="ws-eu.amazon-adsystem.com" />
+	<target host="ws-fe.amazon-adsystem.com" />
+	<target host="ws-na.amazon-adsystem.com" />
+
+	<!--	Complications:
+				-->
+	<target host="ps-us.amazon-adsystem.com" />
+
+		<!--	Sets cookie without Secure:
+							-->
+		<!--test url="http://aax-eu.amazon-adsystem.com/s/iu3?d=&amp;slot=&amp;a2=&amp;old_oo=&amp;cb=" /-->
+
+		<test url="http://ir-de.amazon-adsystem.com/e/ir?t=&amp;l=&amp;o=" />
+		<test url="http://wms-eu.amazon-adsystem.com/panda/20070822/DE/img/a-logo-amazon.png" />
+		<test url="http://ws-eu.amazon-adsystem.com/widgets/q?ServiceVersion=&amp;OneJS=&amp;Operation=GetAdHtml&amp;MarketPlace=&amp;source=&amp;ref=&amp;ad_type=&amp;tracking_id=&amp;marketplace=amazon&amp;region=&amp;placement=&amp;asins&amp;linkId=&amp;show_border=&amp;link_opens_in_new_window=" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.amazon-adsystem\.com$" name="^ad-id$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://ps-us\.amazon-adsystem\.com/"
+		to="https://dnd1av4y9k5gc.cloudfront.net/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Amazon-Associates.xml b/src/chrome/content/rules/Amazon-Associates.xml
deleted file mode 100644
index 0ddb408fc84d..000000000000
--- a/src/chrome/content/rules/Amazon-Associates.xml
+++ /dev/null
@@ -1,104 +0,0 @@
-<!--
-	For other Amazon coverage, see Amazon.xml.
-
-
-	CDN buckets:
-
-		- associates-amazon.s3.amazonaws.com
-
-
-	Nonfunctional domains:
-
-		- affiliate-blog.amazon.de	(hosted on Typepad)
-		- cls.assoc-amazon.co.uk
-
-
-	Certs also cover:
-
-		- ws.amazon.cn
-
-
-	amazonassociates.typepad.com
-
-
-	Problematic domains:
-
-		- rcm-de.amazon.de	(expired 2013-08-23)
-
-
-	Fully covered domains:
-
-		- amazon.co.uk subdomains:
-
-			- completion
-			- payments
-
-		- amazon-adsystem.com subdomains:
-
-			- aax-eu
-			- aax-us-east
-			- ir-na
-			- ps-us
-			- ws-na
-
-
-	ps-us.amazon-adsystem.com sets aps-trtmnt cookie
-	on whichever domain it is loaded from.
-
--->
-<ruleset name="Amazon Associates">
-
-	<target host="affiliate-program.amazon.com" />
-	<target host="astore.amazon.com" />
-	<target host="pda-bes.amazon.com" />
-	<target host="rcm.amazon.com" />
-	<target host="rcm-images.amazon.com" />
-	<target host="sellercentral.amazon.com" />
-	<target host="ws.amazon.*" />
-	<target host="ws.amazon.co.*" />
-	<target host="completion.amazon.co.uk" />
-	<target host="payments.amazon.co.uk" />
-	<target host="rcm-uk.amazon.co.uk" />
-	<target host="sellercentral.amazon.co.uk" />
-	<target host="partnernet.amazon.de" />
-	<target host="*.amazon-adsystem.com" />
-	<target host="assoc-amazon.*" />
-	<target host="wms.assoc-amazon.*" />
-	<target host="www.assoc-amazon.*" />
-	<target host="assoc-amazon.co.uk" />
-	<target host="*.assoc-amazon.co.uk" />
-
-
-	<securecookie host="^\.amazon-adsystem\.com$" name=".+" />
-
-
-	<rule from="^http://ws\.amazon\.(ca|co\.jp|com|co\.uk|de|fr)/"
-		to="https://ws.amazon.$1/" />
-
-	<rule from="^http://(affiliate-program|astore|pda-bes|rcm|sellercentral)\.amazon\.com/"
-		to="https://$1.amazon.com/" />
-
-	<rule from="^https?://rcm-images\.amazon\.com/"
-		to="https://images-na.ssl-images-amazon.com/" />
-
-	<rule from="^http://(completion|payments|rcm-uk|sellercentral)\.amazon\.co\.uk/"
-		to="https://$1.amazon.co.uk/" />
-
-	<rule from="^http://partnernet\.amazon\.de/"
-		to="https://partnernet.amazon.de/" />
-
-	<rule from="^http://(aax-eu|aax-us-east|fls-na|ir-na|ps-us|s|ws-na)\.amazon-adsystem\.com/"
-		to="https://$1.amazon-adsystem.com/" />
-
-	<!--	.co.jp doesn't exist.
-					-->
-	<rule from="^http://wms\.assoc-amazon\.(ca|com|co\.uk|de|fr)/"
-		to="https://wms.assoc-amazon.$1/" />
-
-	<!--	- Cert only matches www
-		- .co.jp doesn't exist
-					-->
-	<rule from="^https?://(?:www\.)?assoc-amazon\.(ca|com|co\.uk|de|fr)/"
-		to="https://www.assoc-amazon.$1/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Amazon.jobs.xml b/src/chrome/content/rules/Amazon.jobs.xml
new file mode 100644
index 000000000000..b74812d3aad5
--- /dev/null
+++ b/src/chrome/content/rules/Amazon.jobs.xml
@@ -0,0 +1,21 @@
+<!--
+	For other Amazon coverage, see Amazon.xml.
+
+	Non-functional hosts
+		Couldn't connect to server:
+		- legacy.amazon.jobs
+
+		SSL peer certificate was not OK:
+		- cdn.amazon.jobs
+		- hcd.amazon.jobs
+-->
+<ruleset name="Amazon.jobs">
+	<target host="amazon.jobs" />
+	<target host="www.amazon.jobs" />
+	<target host="beta.amazon.jobs" />
+	<target host="static.amazon.jobs" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Amazon.xml b/src/chrome/content/rules/Amazon.xml
index 2187760a31e6..f44786bb19f0 100644
--- a/src/chrome/content/rules/Amazon.xml
+++ b/src/chrome/content/rules/Amazon.xml
@@ -1,124 +1,112 @@
-<!--
-	Other Amazon rulesets:
 
-		- Amazon-Associates.xml
-		- AmazonAWS.xml
-		- Amazon_EU.xml
-		- Amazon_JP.xml
+<!--
+The following targets have been disabled at 2020-04-17 18:38:06:
 
+Fetch error: http://kindlescout.amazon.com/ => https://kindlescout.amazon.com/: (28, 'Resolving timed out after 20530 milliseconds')
+Fetch error: http://storywriter.amazon.com/ => https://storywriter.amazon.com/: (7, 'Failed to connect to storywriter.amazon.com port 443: Connection refused')
+Fetch error: http://vendorexpress.amazon.com/ => https://vendorexpress.amazon.com/: (28, 'Resolving timed out after 20528 milliseconds')
+Fetch error: http://widgets.amazon.com/ => https://widgets.amazon.com/: (35, 'error:14171102:SSL routines:tls_process_server_hello:unsupported protocol')
 
-	This rule is off by default because it caused so many aspects of the
-	Amazon site to break; see the mailing list archives for details.
-	Currently being fixed...
+	Other Amazon rulesets:
+		- AWS_Trust.com.xml
+		- AbeBooks.co.uk.xml
+		- AbeBooks.xml
+		- Amazon-Adsystem.com.xml
+		- Amazon.jobs.xml
+		- AmazonAWS.com.xml
+		- AmazonWebServices.com.xml
+		- AmazonSupply.com.xml
+		- Amazon_Trust.com.xml
+		- Amazon_blogs.com.xml
+		- Assoc-Amazon.ca.xml
+		- Assoc-Amazon.co.jp.xml
+		- Assoc-Amazon.co.uk.xml
+		- Assoc-Amazon.com.xml
+		- Assoc-Amazon.de.xml
+		- Assoc-Amazon.fr.xml
+		- AWSCloud.com.xml
+		- BeautyBar.com.xml
+		- ComiXology.com.xml
+		- CreateSpace.xml
+		- Images-Amazon.com.xml
+		- MTurk.com.xml
+		- Soap.com.xml
+		- SSL-Images-Amazon.com.xml
+		- amazon.ca.xml
+		- amazon.cn.xml
+		- amazon.co.jp.xml
+		- amazon.co.uk.xml
+		- amazon.com.au.xml
+		- amazon.com.br.xml
+		- amazon.com.mx.xml
+		- amazon.de.xml
+		- amazon.es.xml
+		- amazon.fr.xml
+		- amazon.in.xml
+		- amazon.it.xml
+		- amazon.nl.xml
+		- casa.com.xml
+		- diapers.com.xml
+		- eastdane.com.xml
+		- quidsi.com.xml
+		- shopbop.com.xml
+		- wag.com.xml
+		- yoyo.com.xml
+
+	Non-functional hosts
+		Timeout was reached:
+			- pda-bes.amazon.com
 
 	Amazon appears to operate in 7 countries, and does not hold the domains
 	for some others, like .se or .be.  In other cases there is an http-only site
 	that redirects to one of these 7 countries.
-
-
-	amazon.com:
-
-		Does work:
-
-			- ap/		(appears to be purchase-management related)
-			- ([\w-]+/)?dp/	(i.e. dp/ possibly preceeded by title)
-			- e/\w{10,10}/	(i.e. e/ followed by ASIN)
-			- gp/cart
-			- gp/css
-			- gp/feature.html
-			- gp/redirect.html
-			- gp/registry/wishlist
-
-		Doesn't work:
-
-			- $			(i.e. homepage)
-			- ([\w-]+/)?b/	 	(i.e. b/ preceeded by category)
-			- exec/obidos/ASIN/
-			- ([\w-]+/)gp/		(i.e. gp/ possibly preceeded by title)
-			- gp/goldbox($|\?)
-			- gp/kindle/pc($|\?)
-			- gp/pdp/profile($|\?)
-			- gp/product/
-			- gp/richpub/syltguides/byauthor($|\?)
-			- Help/
-			- l/
-			- s/
-
-
-	amazon.cn:
-
-		Doesn't work:
-
-			- Everything?
-
-	amazon.ca:
-
-		Does work:
-
-			everything except...
-
-		Doesn't work:
-
-			/mn/search/
-				
-
-	Partially covered domains:
-
-		- askville.amazon.com	(pages redirect to SendToHttp.do)
-
 -->
-<ruleset name="Amazon (broken)" default_off="breaks Look Inside the Book">
-
-	<target host="amazon.ca" />
-	<target host="www.amazon.ca" />
+<ruleset name="Amazon.com">
 	<target host="amazon.com" />
-	<target host="askville.amazon.com" />
-		<exclusion pattern="^http://askville\.amazon\.com/(?!css/)" />
+	<target host="advertising.amazon.com" />
+	<target host="affiliate-program.amazon.com" />
+	<target host="authorcentral.amazon.com" />
+	<target host="aws.amazon.com" />
+	<target host="docs.aws.amazon.com" />
+	<target host="forums.aws.amazon.com" />
+	<target host="status.aws.amazon.com" />
+	<target host="aws-portal.amazon.com" />
+	<target host="catalyst.amazon.com" />
 	<target host="developer.amazon.com" />
+	<target host="fls-eu.amazon.com" />
+	<target host="fls-na.amazon.com" />
+	<target host="g-images.amazon.com" />
+	<target host="images.amazon.com" />
+	<target host="images-jp.amazon.com" />
+	<target host="kdp.amazon.com" />
+	<!-- target host="kindlescout.amazon.com" /-->
 	<target host="local.amazon.com" />
-	<target host="www.amazon.com" />
-		<!--
-			These pages don't work on .com:
-							-->
-		<exclusion pattern="^http://www\.amazon\.com/(?:$|\?|exec/obidos/|gp/(?:(?:goldbox|kindle/pc|pdp/profile|richpub/syltguides/byauthor)(?:$|\?)|product/)|l/|(?:[\w\-]+/)?(?:b|dp|Help)/)" />
-		<!--
-			- ajaxv2: Breaks adding to basket for products with options
-			- dynamic-update: Breaks image zoom
-								-->
-		<exclusion pattern="^http://(?:www\.)?amazon\.com/gp/twister/(?:ajaxv2|dynamic-update/)" />
-		<!--
-			Search redirects to http, for all sites.
-									-->
-		<exclusion pattern="^http://www\.amazon\.[\w\.]+/(?:gp/search\?|mn/search(?:$|\?)|s(?:/|\?rh=))" />
-
-
-	<!--	Verified as working for UK, ca appears to function identically.
-
-		Unfortunately, navigating to an unsecured page wipes one's shopping basket :(
-			This is problem with our handling of secure cookies, wherein we treat
-		secure and non-secure cookies with the same ID as one cookie, instead of two.
-			If our handling were correct, this securecookie rule would have only
-		one problem, namely that basket information would be missing on search pages.
-
-	<securecookie host="^(www)?\.amazon\.ca$" name=".+" />
-
-		These cookies are set all over .com:
-
-	<securecookie host="^\.amazon\.com$" name="^session-id(-time)?$" />
-
-		These cookies are set by gp/cart/view.html
-
-	<securecookie host="\.amazon\.com$" name="^(session-token|ubid-main)$"/-->
-	<securecookie host="^local\.amazon\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?amazon\.c(a|om)/mn/search/uedata/"
-		to="https://www.amazon.c$1/uedata/" />
-
-	<rule from="^http://(?:www\.)?amazon\.c(a|om)/"
-		to="https://www.amazon.c$1/" />
-
-	<rule from="^http://(askville|developer|local)\.amazon\.com/"
-		to="https://$1.amazon.com/" />
-
+	<target host="payments.amazon.com" />
+	<target host="rcm.amazon.com" />
+	<target host="sellercentral.amazon.com" />
+	<target host="services.amazon.com" />
+	<target host="smile.amazon.com" />
+	<!-- target host="storywriter.amazon.com" /-->
+	<target host="studios.amazon.com" />
+	<target host="uedata.amazon.com" />
+	<!-- target host="vendorexpress.amazon.com" /-->
+	<target host="videodirect.amazon.com" />
+	<target host="webservices.amazon.com" />
+		<test url="http://webservices.amazon.com/scratchpad/index.html" />
+	<target host="whispercast.amazon.com" />
+	<!-- target host="widgets.amazon.com" /-->
+	<target host="ws.amazon.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://g-images\.amazon\.com/"
+		to="https://d1ge0kk1l5kms0.cloudfront.net/" />
+		<test url="http://g-images.amazon.com/images/G/01/dvd/sony/casinoroyale/CR13lrg._VNONE_FOUND_.jpg" />
+
+	<rule from="^http://images(-jp)?\.amazon\.com/"
+		to="https://images-na.ssl-images-amazon.com/" />
+		<test url="http://images.amazon.com/images/P/B000067Q2B.01._SCLZZZZZZZ_.jpg" />
+		<test url="http://images-jp.amazon.com/images/P/B000067Q2B.01._SCLZZZZZZZ_.jpg" />
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/AmazonAWS.com.xml b/src/chrome/content/rules/AmazonAWS.com.xml
new file mode 100644
index 000000000000..00b8a2e63ffd
--- /dev/null
+++ b/src/chrome/content/rules/AmazonAWS.com.xml
@@ -0,0 +1,28 @@
+<!--
+	For other Amazon coverage, see Amazon.xml.
+
+	Nonfunctional domains:
+
+		- cloudfront-labs.amazonaws.com		(refused)
+    - any s3.amazonaws.com (V1) will be nonfunctional after Sept 30, 2020
+
+	Problematic domains:
+
+		- (.+.)s3-website-eu-west-1.amazonaws.com
+		- (.+.)s3-website-us-east-1.amazonaws.com
+-->
+<ruleset name="AmazonWebServices">
+
+  <target host="*.s3.amazonaws.com" />
+    <test url="http://book.s3.amazonaws.com/" />
+    <test url="http://visualise.s3.amazonaws.com/" />
+    <test url="http://jamcfiles.s3.amazonaws.com/" />
+    <test url="http://siterepository.s3.amazonaws.com/" />
+    <test url="http://dealerinspire-brochure.s3.amazonaws.com/" />
+    <test url="http://webjam-upload.s3.amazonaws.com/" />
+    <test url="http://rstudio-pubs-static.s3.amazonaws.com/" />
+    <test url="http://homeq-media.s3.amazonaws.com/" />
+
+  	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AmazonAWS.xml b/src/chrome/content/rules/AmazonAWS.xml
deleted file mode 100644
index d11509d43733..000000000000
--- a/src/chrome/content/rules/AmazonAWS.xml
+++ /dev/null
@@ -1,198 +0,0 @@
-<!--
-	For other Amazon coverage, see Amazon.xml.
-
-
-	CDN buckets:
-
-		- ec7.images-amazon.com.cdn20.com
-
-			- ec7.images-amazon.com
-
-		- ec4.images-amazon.chinacache.net
-
-			- ec4.images-amazon.com
-
-		- d1ge0kk1l5kms0.cloudfront.net
-
-			- ec[5x].images-amazon.com
-			- g-ecx.images-amazon.com 
-
-		- d36cz9buwru1tt.cloudfront.net
-		- s3.amazonaws.com/awsmedia/
-		- s3.amazonaws.com/rodica-work/
-		- images-(eu|fe|na).ssl-images-amazon.com.edgekey.net
-
-		- ecx.images-amazon.com.c.footprint.net
-
-			- images.amazon.com
-			- images-jp.amazon.com
-			- rcm-images.amazon.com
-
-		- ec2.images-amazon.com.edgesuite.net
-
-			- ec2.images.amazon.com
-
-		- ec8.images-amazon.com.edgesuite.net
-
-			- ec8.images-amazon.com
-
-		- ec3.images-amazon.com.c.footprint.net
-
-			- ec[13].images-amazon.com
-
-		- g-ecx.images-amazon.com.c.footprint.net 
-
-			- g-images.amazon.com
-
-		- z-ecx.images-amazon.com.edgesuite.net
-
-			- z-ak.images-amazon.com
-
-		- amazonrtl.vo.llnwd.net
-
-			- ec6.images-amazon.com
-
-
-	Nonfunctional domains:
-
-		- cloudfront-labs.amazonaws.com		(refused)
-
-
-	Problematic domains:
-
-		- z-ak.images-amazon.com			(503, akamai)
-		- (.+.)s3-website-eu-west-1.amazonaws.com
-		- (.+.)s3-website-us-east-1.amazonaws.com
-
-
-	Fully covered domains:
-
-		- images-jp.amazon.com				(→ images-na.ssl-images-amazon.com)
-		- g-images.amazon.com				(→ d1ge0kk1l5kms0.cloudfront.net)
-		- webservices.amazon.com
-
-		- amazonaws.com subdomains:
-
-			- (.+.)s3
-			- (.+.)s3-ap-northeast-1
-			- (.+.)s3-ap-southeast-1
-			- (.+.)s3-external-[123]
-			- (.+.)s3-eu-west-1
-			- (.+.)s3-sa-east-1
-			- (.+.)s3-us-west-1
-			- (.+.)s3-us-west-2
-			- (.+.)s3-website-eu-west-1		(→ s3-eu-west-1)
-			- (.+.)s3-website-us-east-1		(→ s3)
-
-		- g-ecx.images-amazon.com			(→ d1ge0kk1l5kms0.cloudfront.net)
-		- z-ak.images-amazon.com
-
--->
-<ruleset name="Amazon Web Services">
-
-	<target host="fls-eu.amazon.co.uk" />
-	<target host="aws.amazon.com" />
-	<target host="signin.aws.amazon.com" />
-	<target host="aws-portal.amazon.com" />
-	<target host="fls-eu.amazon.com" />
-	<target host="fls-na.amazon.com" />
-	<target host="images.amazon.com" />
-	<target host="images-jp.amazon.com" />
-	<target host="payments.amazon.com" />
-	<target host="sis.amazon.com" />
-	<target host="webservices.amazon.com" />
-	<target host="*.amazonaws.com" />
-		<!--
-			Bloody forced redirection:
-
-			https://mail1.eff.org/pipermail/https-everywhere-rules/2012-April/001100.html
- 			https://trac.torproject.org/projects/tor/ticket/4199
-											-->
-		<exclusion pattern="^http://(?:static\.via\.me|img\.wired\.co\.uk|s3\.sandbaguk\.com|spiegeltv-ivms2-restapi|www\.mercyships\.org|www-prod-storage\.cloud\.caltech\.edu)\.s3\.amazonaws\.com/" />
-		<!--
-			Breaks soundsjustlike.com audio:
-							-->
-		<exclusion pattern="^http://badracket-website\.s3\.amazonaws\.com/swf/soundmanager\d_flash\d\.swf" />
-		<!--
-			https://trac.torproject.org/projects/tor/ticket/7857
-
-			Breaks images:
-					-->
-		<exclusion pattern="^http://em\.css\.s3\.amazonaws\.com/style\.css" />
-		<exclusion pattern="^http://s3\.lbrcdn\.net\.s3-external-3\.amazonaws.com/" />
-   		<!--
-			This one looks slightly different:
- 
-				https://trac.torproject.org/projects/tor/ticket/7608 
-											 -->
-		<exclusion pattern="^http://charts-datawrapper\.s3\.amazonaws\.com/" />
-	<target host="amazonwebservices.com" />
-	<target host="*.amazonwebservices.com" />
-	<target host="*.images-amazon.com" />
-  <!-- Zeitgeist MP3 player https://trac.torproject.org/projects/tor/ticket/7594 -->
-  <exclusion pattern="^http://g-ecx\.images-amazon\.com/.*([mM][pP]3|zeitgeist|digital/music)" />
-  <!-- https://trac.torproject.org/projects/tor/ticket/7539 -->
-  <exclusion pattern="^http://ecx\.images-amazon\.com/" />
-	<target host="*.ssl-images-amazon.com" />
-
-
-	<!--	Forced redirect:
-					-->
-	<rule from="^http://cms\.kiva\.org\.s3\.amazonaws\.com/"
-		to="https://s3-us-west-1.amazonaws.com/cms.kiva.org/" />
-
-	<rule from="^http://fls-eu\.amazon\.co\.uk/"
-		to="https://fls-eu.amazon.co.uk/" />
-
-	<rule from="^http://(signin\.aws|aws|aws-portal|fls-eu|fls-na|payments|sis|webservices)\.amazon\.com/"
-		to="https://$1.amazon.com/" />
-
-	<rule from="^http://s3(?:-website)?(-ap-(?:nor|sou)theast-1|-(?:eu|us)-west-\d|-external-\d|-sa-east-1)?\.amazonaws\.com/"
-		to="https://s3$1.amazonaws.com/" />
-
-	<rule from="^http://([^@:\.]+)\.s3(?:-website)?(-ap-(?:nor|sou)theast-1|-(?:eu|us)-west-\d|-external-\d|-sa-east-1)?\.amazonaws\.com/"
-		to="https://$1.s3$2.amazonaws.com/" />
-
-	<rule from="^http://([^@:\.]+)\.([^@:/]+)\.s3(?:-website)?(-ap-(?:nor|sou)theast-1|-(?:eu|us)-west-\d|-external-\d|-sa-east-1)?\.amazonaws\.com/"
-		to="https://s3$3.amazonaws.com/$1.$2/" />
-
-	<rule from="^http://s3-website-us-east-1\.amazonaws\.com/"
-		to="https://s3.amazonaws.com/" />
-
-	<rule from="^http://([^@:\.]+)\.s3-website-us-east-1\.amazonaws\.com/"
-		to="https://$1.s3.amazonaws.com/" />
-
-	<rule from="^http://([^@:\.]+)\.([^@:/]+)\.s3-website-us-east-1\.amazonaws\.com/"
-		to="https://s3.amazonaws.com/$1.$2/" />
-
-	<rule from="^http://(?:www\.)?amazonwebservices\.com/"
-		to="https://aws.amazon.com/" />
-
-	<rule from="^http://developer\.amazonwebservices\.com/"
-		to="https://developer.amazonwebservices.com/" />
-
-	<rule from="^http://media\.amazonwebservices\.com/"
-		to="https://s3.amazonaws.com/awsmedia/" />
-
-	<rule from="^http://(?:g-images\.|(?:ec[5x]|g-ecx)\.images-)amazon\.com/"
-		to="https://d1ge0kk1l5kms0.cloudfront.net/" />
-
-	<rule from="^http://(?:(?:(?:\w-)?ec[1-8x]|z-ak)\.images-|images(?:-jp)?\.)amazon\.com/"
-		to="https://images-na.ssl-images-amazon.com/" />
-
-	  	<!--
-			Exclusions for Amazon's Zeitgeist MP3 Player:
-
-				https://trac.torproject.org/projects/tor/ticket/7000
-
-		note that the second exclusion can't be scoped to
-		the ssl-images-amazon domain, though it could have
-		copied the crazy pattern from the rule above.
-									-->
-		<exclusion pattern="^http://amazon-zg\.s3\.amazonaws.com/" />
-		<exclusion pattern="^http://[^@:/]+images[^@:/]+/images/G/01/zeitgeist/mp3player" />
-
-	<rule from="^http://images-(eu|fe|na)\.ssl-images-amazon\.com/"
-		to="https://images-$1.ssl-images-amazon.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/AmazonSupply.com.xml b/src/chrome/content/rules/AmazonSupply.com.xml
new file mode 100644
index 000000000000..c503edb0da4c
--- /dev/null
+++ b/src/chrome/content/rules/AmazonSupply.com.xml
@@ -0,0 +1,42 @@
+<!--
+	For other Amazon coverage, see Amazon.xml.
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- .amazonsupply.com
+		- staging.amazonsupply.com
+		- www.amazonsupply.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Images on staging, www from g-ecx.images-amazon.com
+
+-->
+<ruleset name="AmazonSupply.com">
+
+	<target host="amazonsupply.com" />
+	<target host="staging.amazonsupply.com" />
+	<target host="www.amazonsupply.com" />
+
+		<test url="http://www.amazonsupply.com/contactus" />
+		<test url="http://www.amazonsupply.com/help" />
+		<test url="http://www.amazonsupply.com/myaccount" />
+		<test url="http://www.amazonsupply.com/orc/manage-returns" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.amazonsupply\.com$" name="^(session-id|session-id-time|session-token|ubid-main)$" /-->
+	<!--securecookie host="^(staging|www)\.amazonsupply\.com$" name="^JSESSIONID$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AmazonWebServices.com.xml b/src/chrome/content/rules/AmazonWebServices.com.xml
new file mode 100644
index 000000000000..7885f44a79c8
--- /dev/null
+++ b/src/chrome/content/rules/AmazonWebServices.com.xml
@@ -0,0 +1,31 @@
+<!--
+	Refused:
+		amazonwebservices.com
+		www.amazonwebservices.com
+		docs.amazonwebservices.com
+
+	Invalid certificate:
+		pear.amazonwebservices.com
+		solutions.amazonwebservices.com
+		tvm-anonymous.amazonwebservices.com
+		vstoolkit.amazonwebservices.com
+
+-->
+<ruleset name="AmazonWebServices.com">
+
+	<target host="amazonwebservices.com" />
+	<target host="www.amazonwebservices.com" />
+	<target host="aws-sdk-configurations.amazonwebservices.com" />
+	<target host="developer.amazonwebservices.com" />
+	<target host="media.amazonwebservices.com" />
+	<target host="sdk-for-android.amazonwebservices.com" />
+	<target host="sdk-for-ios.amazonwebservices.com" />
+	<target host="sdk-for-java.amazonwebservices.com" />
+	<target host="sdk-for-net.amazonwebservices.com" />
+
+	<rule from="^http://(www\.)?amazonwebservices\.com/"
+		to="https://aws.amazon.com/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Amazon_EU.xml b/src/chrome/content/rules/Amazon_EU.xml
deleted file mode 100644
index efbd76e6b70d..000000000000
--- a/src/chrome/content/rules/Amazon_EU.xml
+++ /dev/null
@@ -1,59 +0,0 @@
-<!--
-	For other Amazon coverage, see Amazon.xml.
-
-
-	Amazon appears to operate in 7 countries, and does not hold the domains
-	for some others, like .se or .be.  In other cases there is an http-only site
-	that redirects to one of these 7 countries.
-
-
-	amazon.*:
-
-		Does work:
-
-			- Everything except...
-
-		Doesn't work:
-
-			- gp/search\?
-			- lm/
-			- /mn/search/
-			- s/
-			- s\?ie=
-			- s\?rh=	(i.e. search pages and files)
-				
--->
-<ruleset name="Amazon EU" default_off="testing">
-
-	<target host="amazon.*" />
-	<target host="www.amazon.*" />
-	<target host="amazon.co.uk" />
-	<target host="*.amazon.co.uk" />
-		<!--
-			Search redirects to http, for all sites.
-									-->
-		<exclusion pattern="^http://www\.amazon\.[\w.]+/(?:gp/search\?|lm/|mn/search(?:$|\?)|s[?/])" />
-
-
-	<!--	Verified as working for UK, other sites matched appear to function identically.
-
-		Unfortunately, navigating to an unsecured page wipes one's shopping basket :(
-			This is problem with our handling of secure cookies, wherein we treat
-		secure and non-secure cookies with the same ID as one cookie, instead of two.
-			If our handling were correct, this securecookie rule would have only
-		one problem, namely that basket information would be missing on search pages.
-												-->
-	<!--securecookie host="^(www)?\.amazon\.(co\.uk|de|es|fr|it)$" name=".+" /-->
-	<securecookie host="^local\.amazon\.co\.uk$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?amazon\.(co\.uk|de|es|fr|it)/mn/search/uedata/"
-		to="https://www.amazon.$1/uedata/" />
-
-	<rule from="^http://(?:www\.)?amazon\.(co\.uk|de|es|fr|it)/"
-		to="https://www.amazon.$1/" />
-
-	<rule from="^http://(aan|local)\.amazon\.co\.uk/"
-		to="https://$1.amazon.co.uk/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Amazon_JP.xml b/src/chrome/content/rules/Amazon_JP.xml
deleted file mode 100644
index 254c90cecc51..000000000000
--- a/src/chrome/content/rules/Amazon_JP.xml
+++ /dev/null
@@ -1,32 +0,0 @@
-<!--
-	For other Amazon coverage, see Amazon.xml.
-
-
-	Does work:
-
-		- /ap/
-		- a few pages under gp/
-
-	Doesn't work:
-
-		- Everything else
-
--->
-<ruleset name="Amazon Japan (partial)">
-
-	<target host="amazon.co.jp" />
-	<target host="www.amazon.co.jp" />
-		<!--
-			Search redirects to http.
-
-		<exclusion pattern="^http://www\.amazon\.[\w\.]+/(?:gp/search\?|mn/search(?:$|\?)|s(?:/|\?rh=))" /-->
-
-
-	<!--	There is very little support on JP website.
-
-		Possibly more than is covered in this rule, though.
-									-->
-	<rule from="^http://(?:www\.)?amazon\.co\.jp/(ap|gp/(?:bestsellers|cart|cobrandcard|registry|uedata))/"
-		to="https://www.amazon.co.jp/$1/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Amazon_Trust.com.xml b/src/chrome/content/rules/Amazon_Trust.com.xml
new file mode 100644
index 000000000000..365070543a81
--- /dev/null
+++ b/src/chrome/content/rules/Amazon_Trust.com.xml
@@ -0,0 +1,31 @@
+<!--
+	For other Amazon coverage, see Amazon.xml.
+
+
+	^amazontrust.com: 502
+
+-->
+<ruleset name="Amazon Trust.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.amazontrust.com" />
+
+	<!--	Complications:
+				-->
+	<target host="amazontrust.com" />
+
+
+	<!--	Redirect keeps path and forward
+		slash, but not args:
+					-->
+	<rule from="^http://amazontrust\.com/([^?]*).*"
+		to="https://www.amazontrust.com/$1" />
+
+		<test url="http://amazontrust.com/index.htm" />
+		<test url="http://amazontrust.com/index.php" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Amazon_blogs.com.xml b/src/chrome/content/rules/Amazon_blogs.com.xml
new file mode 100644
index 000000000000..80eb8c263540
--- /dev/null
+++ b/src/chrome/content/rules/Amazon_blogs.com.xml
@@ -0,0 +1,20 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cdn.amazonblogs.com/blog_amazon_in/images/amy.jpg => https://cdn.amazonblogs.com/blog_amazon_in/images/amy.jpg: (6, 'Could not resolve host: cdn.amazonblogs.com')
+Fetch error: http://cdn.amazonblogs.com/ => https://cdn.amazonblogs.com/: (6, 'Could not resolve host: cdn.amazonblogs.com')
+
+	For other Amazon coverage, see Amazon.xml.
+
+-->
+<ruleset name="Amazon blogs.com" default_off="failed ruleset test">
+
+	<target host="cdn.amazonblogs.com" />
+
+		<test url="http://cdn.amazonblogs.com/blog_amazon_in/images/amy.jpg" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Amber_Swann_Publishing.xml b/src/chrome/content/rules/Amber_Swann_Publishing.xml
index cc5e6cae47fb..23d2f294dd77 100644
--- a/src/chrome/content/rules/Amber_Swann_Publishing.xml
+++ b/src/chrome/content/rules/Amber_Swann_Publishing.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(www\.)?amberswann\.com/(components/|favicon\.ico|images/|libraries/|media/|modules/|plugins/|templates/)"
 		to="https://$1amberswann.com/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Ambotis.ru.xml b/src/chrome/content/rules/Ambotis.ru.xml
new file mode 100644
index 000000000000..c6d60d748a0b
--- /dev/null
+++ b/src/chrome/content/rules/Ambotis.ru.xml
@@ -0,0 +1,24 @@
+<!--
+Nonfunctional hosts in *.ambotis.ru:
+	online2.ambotis.ru (m)
+	www.online2.ambotis.ru (m)
+	search.ambotis.ru (m)
+	sportweeks.ambotis.ru (m)
+	tours.ambotis.ru (d)
+	www.tours.ambotis.ru (d)
+
+h: http redirect
+m: certificate mismatch
+r: connection refused
+s: self-signed certificate
+t: timeout on https
+d: temporarily or permanently taken down
+-->
+<ruleset name="Ambotis.ru">
+	<target host="ambotis.ru" />
+	<target host="www.ambotis.ru" />
+	<target host="online.ambotis.ru" />
+	<target host="www.online.ambotis.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ambx.com.xml b/src/chrome/content/rules/Ambx.com.xml
index 8033107820b5..231cc0386926 100644
--- a/src/chrome/content/rules/Ambx.com.xml
+++ b/src/chrome/content/rules/Ambx.com.xml
@@ -1,6 +1,10 @@
-<ruleset name="Ambx.com" platform="mixedcontent">
-  <target host="ambx.com" />
-  <target host="www.ambx.com" />
+<ruleset name="amBX.com" default_off="expired">
+
+	<target host="ambx.com" />
+	<target host="www.ambx.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
-  <rule from="^http://(?:www\.)?ambx\.com/" to="https://www.ambx.com/" />
 </ruleset>
diff --git a/src/chrome/content/rules/Amd.co.at.xml b/src/chrome/content/rules/Amd.co.at.xml
new file mode 100644
index 000000000000..aece83e43a0d
--- /dev/null
+++ b/src/chrome/content/rules/Amd.co.at.xml
@@ -0,0 +1,44 @@
+<!--
+	Nonfunctional subdomains:
+
+		- blogs *
+
+	* Shows ^; mismatched, CN: tokamak.amd.co.at
+
+
+	Problematic subdomains:
+
+		- mail ¹
+		- www ²
+
+	¹ $ differs from http, valid cert
+	² Works; mismatched, CN: tokamak.amd.co.at
+
+
+	These altnames don't exist:
+
+		- tokamak.amd.co.at
+
+-->
+<ruleset name="amd.co.at (partial)">
+
+	<target host="amd.co.at" />
+	<target host="diebold.amd.co.at" />
+	<target host="mail.amd.co.at" />
+	<target host="www.amd.co.at" />
+		<!--
+			^ differs:
+					-->
+		<exclusion pattern="^http://mail\.amd\.co\.at/+(?!(?:phpmyadmin|roundcube)(?:$|[?/]))" />
+
+
+	<!--	Secured by server:
+					-->
+	<!--securecookie host="^diebold\.amd\.co\.at$" name="^PIWIK_SESSID$" /-->
+	<!--securecookie host="^mail\.amd\.co\.at$" name="^(phpMyAdmin|pma_collation_connection|pma_lang|pma_mcrypt_iv|roundcube_sessid)$" /-->
+
+
+	<rule from="^http://(?:(diebold\.|mail\.)|www\.)?amd\.co\.at/"
+		to="https://$1amd.co.at/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Amd.com.xml b/src/chrome/content/rules/Amd.com.xml
new file mode 100644
index 000000000000..ac9e36d10c28
--- /dev/null
+++ b/src/chrome/content/rules/Amd.com.xml
@@ -0,0 +1,53 @@
+
+<!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Fetch error: http://amd.com/en/graphics/radeon-rx-graphics => https://www.amd.com/en/graphics/radeon-rx-graphics: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://amd.com/ => https://www.amd.com/: (28, 'Operation timed out after 30000 milliseconds with 0 bytes received')
+Fetch error: http://www.amd.com/ => https://www.amd.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://atlsso.amd.com/ => https://atlsso.amd.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://nda.amd.com/ => https://nda.amd.com/: (6, 'Could not resolve host: nda.amd.com')
+Fetch error: http://sso.amd.com/ => https://sso.amd.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://support.amd.com/ => https://support.amd.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://wwwd.amd.com/ => https://wwwd.amd.com/: (6, 'Could not resolve host: wwwd.amd.com')
+
+	HTTP redirect:
+		developer.amd.com (static files work)
+
+	Mismatch:
+		download.amd.com
+		experience.amd.com
+		forums.amd.com
+		ir.amd.com
+		links.em.experience.amd.com
+		partner.amd.com
+		quarterlyearnings.amd.com
+		search.amd.com
+		shop.amd.com
+		subscriptions.amd.com
+
+	Refused:
+		dv2.amd.com
+
+	Timeout:
+		amdsnv.amd.com
+		ati.amd.com
+		products.amd.com
+
+	Weak security algorithm (invalid certificate):
+		amd.com
+
+-->
+<ruleset name="Amd.com">
+	<!-- target host="amd.com" /-->
+	<!-- target host="www.amd.com" /-->
+	<!-- target host="atlsso.amd.com" /-->
+	<target host="community.amd.com" />
+	<target host="federation.amd.com" />
+	<!-- target host="nda.amd.com" /-->
+	<!-- target host="sso.amd.com" /-->
+	<!-- target host="support.amd.com" /-->
+	<!-- target host="wwwd.amd.com" /-->
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ameba.xml b/src/chrome/content/rules/Ameba.xml
index 44fb71f58819..8742344f7081 100644
--- a/src/chrome/content/rules/Ameba.xml
+++ b/src/chrome/content/rules/Ameba.xml
@@ -1,29 +1,60 @@
 <!--
-	Nonfunctional domains:
+	For rules causing false/broken MCB, see ameba.jp-falsemixed.xml.
 
-		- link.ameba.jp	(times out)
-		- vc.ameba.jp	(times out)
+
+	Nonfunctional hosts in *ameba.jp:
+
+		- helps ᵈ
+		- link ᵈ
+		- vc ᵈ
+
+	ᵈ Dropped
+
+
+	^ameba.jp: Mismatched
+
+
+	Mixed content:
+
+		- css on www from stat100.ameba.jp ˢ
+		- Images on www from stat100.ameba.jp ˢ
+		- Bug on www from vc.ameba.jp ᵈ
+
+	ᵈ Unsecurable <= dropped
+	ˢ Secured by us
 
 -->
-<ruleset name="Ameba (partial)" platform="mixedcontent">
+<ruleset name="Ameba.jp (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="api.curation.ameba.jp" />
+	<target host="astat.brave.pigg.ameba.jp" />
+	<target host="brave.pigg.ameba.jp" />
+	<target host="stat.ameba.jp" />
+	<target host="stat100.ameba.jp" />
+	<target host="user.ameba.jp" />
+	<!--target host="www.ameba.jp" /-->
+
+	<!--	Complications:
+				-->
+	<!--target host="ameba.jp" /-->
 
-	<target host="ameba.jp" />
-	<target host="*.ameba.jp" />
 		<exclusion pattern="^http://stat\.ameba\.jp/user_images/" />
 
+			<!--	+ve:
+					-->
+			<test url="http://stat.ameba.jp/user_images/" />
 
-	<securecookie host="^.*\.ameba\.jp$" name=".*" />
 
+	<!--securecookie host="." name="." /-->
+	<securecookie host="^\w" name=".+" />
 
-	<!--	Cert is only valid for www.	-->
-	<rule from="^https?://(?:www\.)?ameba\.jp/"
-		to="https://www.ameba.jp/" />
 
-	<!--	stat: Akamai	-->
-	<rule from="^https?://(?:ssl|stat)\.ameba\.jp/"
-		to="https://ssl.ameba.jp/" />
+	<!--rule from="^http://ameba\.jp/"
+		to="https://www.ameba.jp/" /-->
 
-	<rule from="^http://user\.ameba\.jp/"
-		to="https://user.ameba.jp/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Amelia_Andersdotter.eu.xml b/src/chrome/content/rules/Amelia_Andersdotter.eu.xml
new file mode 100644
index 000000000000..2e3be28d5a2f
--- /dev/null
+++ b/src/chrome/content/rules/Amelia_Andersdotter.eu.xml
@@ -0,0 +1,12 @@
+<ruleset name="Amelia Andersdotter.eu">
+
+	<target host="ameliaandersdotter.eu" />
+	<target host="www.ameliaandersdotter.eu" />
+
+
+	<!--	www redirects to !www over http,
+		so copy that behavior:
+					-->
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AmeriMark.com.xml b/src/chrome/content/rules/AmeriMark.com.xml
new file mode 100644
index 000000000000..c5456889a8bd
--- /dev/null
+++ b/src/chrome/content/rules/AmeriMark.com.xml
@@ -0,0 +1,17 @@
+<!--
+	Invalid certificate:
+		- search.amerimark.com, equivalent to amerimark.com
+-->
+
+<ruleset name="AmeriMark.com">
+	<target host="amerimark.com" />
+	<target host="www.amerimark.com" />
+	<target host="m.amerimark.com" />
+	<target host="search.amerimark.com" />
+	<target host="origin-www.amerimark.com" />
+
+	<rule from="^http://search\.amerimark\.com/"
+		  to="https://amerimark.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/American-Association-of-Neurological-Surgeons.xml b/src/chrome/content/rules/American-Association-of-Neurological-Surgeons.xml
index 0608232d14ff..1f2d2fafc8f8 100644
--- a/src/chrome/content/rules/American-Association-of-Neurological-Surgeons.xml
+++ b/src/chrome/content/rules/American-Association-of-Neurological-Surgeons.xml
@@ -1,4 +1,10 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://aans.org/ => https://aans.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://aans.org/ => https://aans.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 	Nonfunctional domains:
 
 		- aansconnect.org	(times out)
@@ -7,13 +13,13 @@
 		- www.aansneurosurgeon.org
 
 -->
-<ruleset name="American Association of Neurological Surgeons">
+<ruleset name="American Association of Neurological Surgeons" default_off="failed ruleset test">
 
 	<target host="aans.org" />
 	<target host="*.aans.org" />
 
 
-	<securecookie host="^(.*\.)?aans\.org$" name=".*" />
+	<securecookie host=".+" name=".+" />
 
 
 	<!--	Observed subdomains:
diff --git a/src/chrome/content/rules/American-Chemical-Society.xml b/src/chrome/content/rules/American-Chemical-Society.xml
index 83a1d6d27412..9c35abf164b9 100644
--- a/src/chrome/content/rules/American-Chemical-Society.xml
+++ b/src/chrome/content/rules/American-Chemical-Society.xml
@@ -1,82 +1,195 @@
+
 <!--
-	For problematic rules, see American_Chemical_Society-problematic.xml.
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.profed.acs.org/ => https://www.profed.acs.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.profed.acs.org'")
 
+	American Chemical Society
+
+	For problematic rules, see American_Chemical_Society-problematic.xml.
 
 	Other American Chemical Society rulesets:
 
 		- Chemical_Abstracts_Service.xml
 
 
-	Nonfunctional domains:
+	CDN buckets:
 
-		- cenm.ag	(replies with http)
+		- assets.acs.org.s3-website-us-east-1.amazonaws.com
 
 
-	Problematic subdomains:
+	Nonfunctional hosts in *acs.org:
 
-		- chemistryjobs		(mismatched, CN: secure.boxwoodtech.com)
-		- ewebtest		(mismatched)
+		- cenm.ag ¹
+		- tog ²
 
+	¹ Plaintext reply
+	² Shows another domain
 
-	Partially covered subdomains:
 
-		- pubs			(most pages redirect to http)
+	Problematic hosts in *acs.org:
 
+		- bulkdocsapp ¹
+		- cvapp ¹
+		- renew ²
+		- webanalytics ²
 
-	Fully covered subdomains:
+	¹ Missing certificate chain
+	² Mismatched
 
-		- (www.)
-		- assets
-		- www.awards
-		- www.awardstest
-		- www.akzonobel
-		- www.ccedlookup
-		- cen
-		- communities
-		- communitiestest
-		- www.donate
-		- (www.)emailpref
-		- eweb
-		- (www.)ewebtest	(^ → www)
-		- www.fellowselection
-		- www.fellowselectiontest
-		- www.giving
-		- www.givingtest
-		- portal
-		- (www.)join
-		- www.meetings
-		- www.membernumberlookup
-		- www.ncwlookup
-		- www.nominate
-		- www.nominatefellow
-		- www.nominatetest
-		- www.profed
-		- www.profedtest
-		- www.pubsbenefits
-		- www.register
-		- www.registertest
-		- www.renew
-		- www.store
-		- www.yellowbook
 
--->
-<ruleset name="American Chemical Society (partial)">
+	These altnames don't exist:
+
+		- www.awardstest.acs.org
+		- apps.communities.acs.org
+		- www.communities.acs.org
+		- apps.communitiestest.acs.org
+		- www.donatetest.acs.org
+		- www.emailpreftest.acs.org
+		- www.eweb.acs.org
+		- www.ewebtest.acs.org
+		- www.fellowselectiontest.acs.org
+		- www.givingtest.acs.org
+		- www.global.acs.org
+		- jointest.acs.org
+		- www.jointest.acs.org
+		- www.meetingstest.acs.org
+		- www.profed.acs.org
+		- www.ncwlookuptest.acs.org
+		- www.nominatetest.acs.org
+		- www.register.acs.org
+		- studentchaptersreview.acs.org
+		- www.studentchaptersreview.acs.org
+		- studentgrantreviewtest.acs.org
+		- www.studentgrantreviewtest.acs.org
+		- www.yellowbooktest.acs.org
 
-	<target host="acs.org" />
-	<target host="*.acs.org" />
-		<exclusion pattern="^http://pubs\.acs\.org/(?!appl/|action/showLogin|sda/|templates/)" />
 
+	Insecure cookies are set for these hosts: ᶜ
 
-	<securecookie host="^(?!pu)(?:.*\.)?acs\.org$" name=".+" />
+		- .acs.org
+		- chemistryjobs.acs.org
+		- cvapp.acs.org
 
+	ᶜ See https://owasp.org/index.php/SecureFlag
 
-	<rule from="^http://((?:cen|communities(?:test)?|eweb|(?:www\.)?(?:emailpref|join)|portal|pubs|www(?:(?:(?:awards|fellowselection|giving|nominate|profed|register)(?:test)?|akzonobel|ccedlookup|donate|meetings|membernumberlookup|ncwlookup|nominatefellow|pubsbenefits|renew|store|yellowbook)\.)?)\.)?acs\.org/"
-		to="https://$1acs.org/" />
 
-	<rule from="^https?://assets(?:test)?\.acs\.org/"
-		to="https://assets.acs.org/" />
+	Mixed content:
 
-	<rule from="^https?://(?:www\.)?ewebtest\.acs\.org/"
-		to="https://www.ewebtest.acs.org/" />
+		Images, on:
 
-</ruleset>
\ No newline at end of file
+			- cen from $self *
+
+		- Ads/bugs, on:
+
+			- cen from ad.doubleclick.net
+			- cen from pagead2.googlesyndication.com *
+			- communities from achsportal.122.2o7.net *
+			- (www.)?join from webanalytics.acs.org *
+
+	* Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="ACS.org (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="acs.org" />
+	<target host="acswebcontent.acs.org" />
+	<target host="www.akzonobel.acs.org" />
+	<target host="assets.acs.org" />
+	<target host="assetstest.acs.org" />
+	<target host="www.awards.acs.org" />
+	<!--target host="bulkdocsapp.acs.org" /-->
+	<target host="www.ccedlookup.acs.org" />
+	<target host="cen.acs.org" />
+	<target host="chemistryjobs.acs.org" />
+	<target host="communities.acs.org" />
+	<target host="communitiestest.acs.org" />
+	<!--target host="cvapp.acs.org" /-->
+	<target host="www.donate.acs.org" />
+	<target host="emailcenter.acs.org" />
+	<target host="www.emailcenter.acs.org" />
+	<target host="emailpref.acs.org" />
+	<target host="www.emailpref.acs.org" />
+	<target host="eweb.acs.org" />
+	<target host="www.fellowselection.acs.org" />
+	<target host="www.giving.acs.org" />
+	<target host="global.acs.org" />
+	<target host="join.acs.org" />
+	<target host="www.join.acs.org" />
+	<target host="www.meetings.acs.org" />
+	<target host="www.membernumberlookup.acs.org" />
+	<target host="www.ncwlookup.acs.org" />
+	<target host="www.nominate.acs.org" />
+	<target host="www.nominatefellow.acs.org" />
+	<target host="portal.acs.org" />
+	<target host="www.profed.acs.org" />
+	<!--target host="pubs.acs.org" />	<- needs ruleset tests	-->
+	<target host="www.pubsbenefits.acs.org" />
+	<target host="www.register.acs.org" />
+	<target host="www.renew.acs.org" />
+	<target host="sso.acs.org" />
+	<target host="www.store.acs.org" />
+	<target host="studentchaptergrants.acs.org" />
+	<target host="www.studentchaptergrants.acs.org" />
+	<target host="www.studentchaptersonline.acs.org" />
+	<target host="studentchaptersreview.acs.org" />
+	<target host="www.studentchaptersreview.acs.org" />
+	<target host="studentgrantreview.acs.org" />
+	<target host="www.studentgrantreview.acs.org" />
+	<target host="www.acs.org" />
+	<target host="www.yellowbook.acs.org" />
+
+	<!--	Complications:
+				-->
+	<target host="renew.acs.org" />
+	<target host="webanalytics.acs.org" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://pubs\.acs\.org/(?:$|page/subscribe\.html)" /-->
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="^http://pubs\.acs\.org/+(?!appl/|action/(?:clickThrough|showLogin)|sda/|subscribe/covers/|templates/|userimages/)" /-->
+
+			<!--	+ve:
+					-->
+			<!--test url="http://pubs.acs.org/page/subscribe.html" /-->
+
+			<!--	-ve:
+					-->
+			<!--test url="http://pubs.acs.org/action/clickThrough?id=" /-->
+			<!--test url="http://pubs.acs.org/appl/literatum/publisher/achs/journals/covergifs/cmatex/title.gif" /-->
+			<!--test url="http://pubs.acs.org/sda/1199984/atypon-logo.png" /-->
+			<!--test url="http://pubs.acs.org/subscribe/covers/cen/cencover_h.jpg" /-->
+			<!--test url="http://pubs.acs.org/templates/jsp/_style2/_achs/css/atypon-print.css" /-->
+			<!--test url="http://pubs.acs.org/templates/jsp/_style2/_achs/images/acsLogo.png" /-->
+			<!--test url="http://pubs.acs.org/userimages/ContentEditor/1324074653607/subscription-institutional.png" /-->
+
+
+		<test url="http://www.acs.org/content/acs/en.html" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.acs\.org$" name="^s_vi$" /-->
+	<!--securecookie host="^chemistryjobs\.acs\.org$" name="(?:^AWSELB|^AnonId|_JobSeekerSiteSession)$" /-->
+	<!--securecookie host="^assetstest\.acs\.org$" name="^TS[\da-f]{8}$" /-->
+	<!--securecookie host="^communities\.acs\.org$" name="^(?:BIGipServer.*|jive\.login\.ts|jive\.security\.context)$" /-->
+	<!--securecookie host="^cvapp\.acs\.org$" name="^GEAR$" /-->
+
+	<securecookie host="^\." name="^s_v" />
+	<securecookie host="^(?!pubs\.)\w" name=".+" />
+
+
+	<rule from="^http://renew\.acs\.org/"
+		to="https://www.renew.acs.org/" />
+
+	<rule from="^http://webanalytics\.acs\.org/"
+		to="https://achsportal.122.2o7.net/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/American-Epilepsy-Society.xml b/src/chrome/content/rules/American-Epilepsy-Society.xml
index 653350c631f2..f558455d4528 100644
--- a/src/chrome/content/rules/American-Epilepsy-Society.xml
+++ b/src/chrome/content/rules/American-Epilepsy-Society.xml
@@ -1,6 +1,35 @@
-<ruleset name="American Epilepsy Society (partial)">
+<!--
+	American Epilepsy Society
+
+
+	Nonfunctional hosts in *aesnet.org:
+
+		- careers ʳ
+
+	ʳ Refused
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- my.aesnet.org
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+-->
+<ruleset name="AESnet.org (partial)">
+
 	<target host="aesnet.org" />
+	<target host="my.aesnet.org" />
 	<target host="www.aesnet.org" />
 
-	<rule from="^http://(?:www\.)?aesnet\.org/erc/" to="https://www.aesnet.org/erc/" />
-</ruleset>
\ No newline at end of file
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^my\.aesnet\.org$" name="^(?:__RequestVerificationToken|\.ASPXANONYMOUS|language)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/American-Foundation-Suicide-Prevention.xml b/src/chrome/content/rules/American-Foundation-Suicide-Prevention.xml
deleted file mode 100644
index af1e8b8937da..000000000000
--- a/src/chrome/content/rules/American-Foundation-Suicide-Prevention.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="American Foundation for Suicide Prevention">
-	<target host="afsp.org" />
-	<target host="www.afsp.org" />
-
-	<exclusion pattern="^http://(?:www\.)?afsp\.org/indiana$" />
-
-	<rule from="^((http://(?:www\.)?)|https://)afsp\.org/" to="https://www.afsp.org/" />
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/American-Physical-Society.xml b/src/chrome/content/rules/American-Physical-Society.xml
index 4612ca178b5f..b41661d51df9 100644
--- a/src/chrome/content/rules/American-Physical-Society.xml
+++ b/src/chrome/content/rules/American-Physical-Society.xml
@@ -1,56 +1,117 @@
 <!--
+	American Physical Society
+
+
 	CDNs:
 
+		- d22izw7byeupn1.cloudfront.net
 		- cdn.physorg.com	(voxcdn.com)
 		- s.ph-cdn.com		(voxcdn.com)
 
 
-	Nonfunctional subdomains:
+	Nonfunctional hosts in *aps.org:
+
+		- counter ⁴
+		- feeds ᵈ
+
+	⁴ 404
+	⁴ Dropped
+
+
+	Problematic hosts in *aps.org:
+
+		- careers ᵐ
+
+	ᵐ Mismatched
 
-		- counter
-		- feeds
-		- physics
-		- pr[bel]
-		- prola
 
+	Insecure cookies are set for these domains and hosts: ᶜ
 
-	Partially covered subdomains:
+		- .aps.org
+		- authors.aps.org
+		- journals.aps.org
+		- librarians.aps.org
+		- physics.aps.org
+		- referees.aps.org
+		- store.aps.org
+		- www.aps.org
 
-		- (www.)
-		- publish
+	ᶜ See https://owasp.org/index.php/SecureFlag
 
 
-	Fully covered subdomains:
+	Mixed content:
 
-		- authors
-		- referees
-		- tesseract-assets		
+		- Images, on:
+
+			- careers, www from ^aps.org ˢ
+			- careers from www.aps.org ˢ
+			- www from $self ˢ
+
+		- favicon on link from publish.aps.org ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="American Physical Society (partial)" platform="mixedcontent">
+<ruleset name="APS.org (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="aps.org" />
-	<target host="*.aps.org" />
-		<exclusion pattern="^http://(?:counter|feeds|physics|pr[bel]|prola)\." />
-		<!--
-			404 over https.
+	<target host="authors.aps.org" />
+	<target host="journals.aps.org" />
+	<target host="librarians.aps.org" />
+	<target host="link.aps.org" />
+	<target host="physics.aps.org" />
+	<target host="prb.aps.org" />
+	<target host="pre.aps.org" />
+	<target host="prl.aps.org" />
+	<target host="prola.aps.org" />
+	<target host="publish.aps.org" />
+	<target host="referees.aps.org" />
+	<target host="store.aps.org" />
+	<target host="www.aps.org" />
+
+		<!--	Sets cookie without Secure
+							-->
+		<!--test url="http://authors.aps.org/Submissions/login/new" /-->
+
+	<!--	Complications:
+				-->
+	<target host="feeds.aps.org" />
+
+		<!--	[/\w]$ 404s:
+					-->
+		<exclusion pattern="^http://feeds\.aps\.org/(?!$|\?)" />
+
+			<!--	+ve:
 					-->
-		<exclusion pattern="^http://publish\.aps\.org/(?:image|stylesheet)s/" />
+			<test url="http://feeds.aps.org/favicon.ico" />
+			<test url="http://feeds.aps.org/index.htm" />
+			<test url="http://feeds.aps.org/index.html" />
+			<test url="http://feeds.aps.org/index.php" />
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.aps\.org$" name="^aps_session_id$" /-->
+	<!--securecookie host="^authors\.aps\.org$" name="^_submissions_session$" /-->
+	<!--securecookie host="^(?:journals|librarians)\.aps\.org$" name="^rack\.session$" /-->
+	<!--securecookie host="^physics\.aps\.org$" name="^physics_session$" /-->
+	<!--securecookie host="^referees\.aps\.org$" name="^_Referrals_session$" /-->
+	<!--securecookie host="^store\.aps\.org$" name="^(?:_landing_page|_orig_referrer|cart_sig)$" /-->
+	<!--securecookie host="^www\.aps\.org$" name="^(?:APSSRV|CFID|CFTOKEN)$" /-->
 
-	<rule from="^http://(?:www\.)?aps\.org/(commonspot|elementadmin|[\w_/-]+images|style|templates)/"
-		to="https://www.aps.org/$1" />
+	<securecookie host="^(?!feeds\.)\w" name=".+" />
 
-	<rule from="^http://(\w+)\.aps\.org/(files|images|misc|sites/[\w\.-]+themes|style(?:sheets)?)/"
-		to="https://$1.aps.org/$2" />
 
-	<rule from="^http://(author|referee|tesseract-asset)s\.aps\.org/"
-		to="https://$1s.aps.org/" />
+	<!--	Redirect drops args:
+					-->
+	<rule from="^http://feeds\.aps\.org/.*"
+		to="https://journals.aps.org/feeds" />
 
-	<rule from="^http://publish\.aps\.org/(login|signup)"
-		to="https://publish.aps.org/$1" />
+		<test url="http://feeds.aps.org/?" />
 
-	<rule from="^http://publish\.aps\.org/favicon\.ico"
-		to="https://www.aps.org/favicon.ico/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/American-Postal-Workers-Union.xml b/src/chrome/content/rules/American-Postal-Workers-Union.xml
index 6cdb0cb207e2..ec922063cdf8 100644
--- a/src/chrome/content/rules/American-Postal-Workers-Union.xml
+++ b/src/chrome/content/rules/American-Postal-Workers-Union.xml
@@ -6,16 +6,16 @@
 	<target host="www.apwustore.org" />
 
 
-	<securecookie host="^www\.apwu\.org$" name=".*" />
+	<securecookie host="^www\.apwu\.org$" name=".+" />
 
 
 	<!--	Cert only matches www.	-->
-	<rule from="^https?://(?:www\.)?apwu\.org/"
+	<rule from="^http://(?:www\.)?apwu\.org/"
 		to="https://www.apwu.org/" />
 
 	<!--	Cert doesn't match.
 		/ redirects to /apwu/. -->
-	<rule from="^https?://(?:www\.)?apwustore\.org/(?:apwu/)?"
+	<rule from="^http://(?:www\.)?apwustore\.org/(?:apwu/)?"
 		to="https://www.costore.com/apwu/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/American-University.xml b/src/chrome/content/rules/American-University.xml
index e2fc20c17ada..06b1c2f6cf6f 100644
--- a/src/chrome/content/rules/American-University.xml
+++ b/src/chrome/content/rules/American-University.xml
@@ -1,41 +1,64 @@
 <!--
-	lgimages.s3.amazonaws.com/data/imagemanager/17756/
+	Non-functional hosts
+		Timeout was reached:
+		- alumniassociation.american.edu
 
+		SSL peer certificate was not OK:
+		- accelerator.american.edu
+		- www.admissions.american.edu
+		- incircle.alumni.american.edu
+		- auapps.american.edu
+		- fs2.american.edu
+		- www.my.american.edu
+		- nw08.american.edu
+		- niwaplibrary.wcl.american.edu
 
-	Nonfunctional domains:
-
-		- bender.library		(ssl_error_rx_record_too_long)
-		- subjectguides.library		(cert: libguides.com; displays
-						another domain's data)
-
+		Incomplete certificate chain error:
+		- auaccess.american.edu
+		- dra.american.edu
+		- gurukul.american.edu
+		- answers.library.american.edu
+		- blogs.library.american.edu
+		- subjectguides.library.american.edu
+		- www1.american.edu
 -->
 <ruleset name="American University (partial)">
-
 	<target host="american.edu" />
-	<target host="*.american.edu" />
-	<target host="*.wcl.american.edu" />
-
-
-	<!--	Doesn't work over https.
-		Redirects like so.
-					-->
-	<rule from="^https?://library\.american\.edu/"
-		to="https://www.american.edu/library/" />
-
-	<!--	Observed subdomains:
-
-			- $
-			- my
-			- myau
-			- wcl
-			- leagle.wcl
-			- library.wcl
-			- my.wcl
-			- proxy.wcl
-			- www.wcl
-			- www
-				-->
-	<rule from="^http://([\w\.]+\.)?american\.edu/"
-		to="https://$1american.edu/" />
+	<target host="www.american.edu" />
+	<target host="applynowsoc.american.edu" />
+	<target host="auabroad.american.edu" />
+	<target host="au.blogs.american.edu" />
+	<target host="socdeansintern.blogs.american.edu" />
+	<target host="careers.american.edu" />
+	<target host="eaglefinances.american.edu" />
+		<test url="http://eaglefinances.american.edu/Student/Account/Login?ReturnUrl=%2fStudent" />
+	<target host="edspace.american.edu" />
+	<target host="goed.american.edu" />
+	<target host="ironline.american.edu" />
+	<target host="my.american.edu" />
+	<target host="myau.american.edu" />
+	<target host="teams.myau.american.edu" />
+	<target host="offcampus.american.edu" />
+	<target host="programs.online.american.edu" />
+	<target host="onlinebusiness.american.edu" />
+	<target host="soeonline.american.edu" />
+	<target host="status.american.edu" />
+	<target host="subversion.american.edu" />
+	<target host="w.american.edu" />
+		<test url="http://w.american.edu/cas/economics/gaussres/GAUSSIDX.HTM" />
+		<test url="http://w.american.edu/cas/sampta/papers/a1-nguyen.pdf" />
+		<test url="http://w.american.edu/carmel/study-abroad.shtml" />
+	<target host="wcl.american.edu" />
+	<target host="www.wcl.american.edu" />
+	<target host="digitalcommons.wcl.american.edu" />
+	<target host="leagle.wcl.american.edu" />
+	<target host="my.wcl.american.edu" />
+	<target host="news.wcl.american.edu" />
+	<target host="pathways.wcl.american.edu" />
+	<target host="proxy.wcl.american.edu" />
+	<target host="login.proxy.wcl.american.edu" />
+	<target host="tenley.wcl.american.edu" />
+	<target host="viewbook.wcl.american.edu" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/AmericanDreamCoalition.org.xml b/src/chrome/content/rules/AmericanDreamCoalition.org.xml
new file mode 100644
index 000000000000..3f8c03b20820
--- /dev/null
+++ b/src/chrome/content/rules/AmericanDreamCoalition.org.xml
@@ -0,0 +1,10 @@
+<!--
+	Related rulesets:
+-->
+<ruleset name="AmericanDreamCoalition.org">
+	<target host="americandreamcoalition.org" />
+	<target host="www.americandreamcoalition.org" />
+	<target host="mail.americandreamcoalition.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AmericanExpress.xml b/src/chrome/content/rules/AmericanExpress.xml
index 483147bce6e5..a364ee38fde3 100644
--- a/src/chrome/content/rules/AmericanExpress.xml
+++ b/src/chrome/content/rules/AmericanExpress.xml
@@ -1,11 +1,127 @@
+
+<!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Fetch error: http://search.americanexpress.com/ => https://search.americanexpress.com/: (6, 'Could not resolve host: search.americanexpress.com')
+Fetch error: http://sync.americanexpress.com/ => https://sync.americanexpress.com/: (6, 'Could not resolve host: sync.americanexpress.com')
+Fetch error: http://www209.americanexpress.com/ => https://www209.americanexpress.com/: (56, 'OpenSSL SSL_read: SSL_ERROR_SYSCALL, errno 104')
+Fetch error: http://www262.americanexpress.com/ => https://www262.americanexpress.com/: (56, 'OpenSSL SSL_read: SSL_ERROR_SYSCALL, errno 104')
+Fetch error: http://www295.americanexpress.com/ => https://www295.americanexpress.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www304.americanexpress.com/ => https://www304.americanexpress.com/: (56, 'OpenSSL SSL_read: SSL_ERROR_SYSCALL, errno 104')
+
+	Other American Express rulesets:
+
+		- AeXp-static.com.xml
+		- Bluebird.com.xml
+		- Membership_Rewards.com.xml
+		- Serve.com.xml
+
+
+	Nonfunctional hosts in *americanexpress.com:
+
+		- atwork ¹
+		- ir ²
+		- travelspecialists ³
+
+	¹ Dropped
+	² Refused
+	³ Handshake fails
+
+
+	Problematic hosts in *americanexpress.com:
+
+		- about ¹ ²
+		- axptravel ³
+
+	¹ Akamai
+	² Mixed iframe
+	³ $ 404s
+
+
+	These altnames don't exist:
+
+		- www.business.americanexpress.com
+		- home.americanexpress.com
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .americanexpress.com
+		- about.americanexpress.com
+		- www01.extra.americanexpress.com
+		- online.americanexpress.com
+		- rewards.americanexpress.com
+		- search.americanexpress.com
+		- travel.americanexpress.com
+		- www209.americanexpress.com
+		- www262.americanexpress.com
+		- www295.americanexpress.com
+		- www304.americanexpress.com
+
+
+	Mixed content:
+
+		- iframe on about from $self ¹
+		- Bug on careers from seg.sharethis.com ²
+
+	¹ Not secured by us <= mismatched
+	² Secured by us
+
+-->
 <!-- Thanks to ForceTLS -->
 <!-- Note that there are lots of subdomains and some are still unprotected,
      but some don't work properly in HTTPS anyway.  This is kind of a mess. -->
-<ruleset name="AmericanExpress">
+<ruleset name="AmericanExpress.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
   <target host="www.americanexpress.com" />
   <target host="americanexpress.com" />
-  <target host="home.americanexpress.com" />
+	<target host="business.americanexpress.com" />
+	<target host="careers.americanexpress.com" />
+	<target host="secure.cmax.americanexpress.com" />
+	<target host="www01.extra.americanexpress.com" />
+	<target host="omns.americanexpress.com" />
+	<target host="online.americanexpress.com" />
+	<target host="personalsavings.americanexpress.com" />
+	<target host="www.personalsavings.americanexpress.com" />
+	<target host="rewards.americanexpress.com" />
+	<!-- target host="search.americanexpress.com" /-->
+	<target host="sso.americanexpress.com" />
+	<!-- target host="sync.americanexpress.com" /-->
+	<target host="travel.americanexpress.com" />
+	<target host="travelinsiders.americanexpress.com" />
+	<!-- target host="www209.americanexpress.com" /-->
+	<!-- target host="www262.americanexpress.com" /-->
+	<!-- target host="www295.americanexpress.com" /-->
+	<!-- target host="www304.americanexpress.com" /-->
+	<target host="www347.americanexpress.com" />
+
+	<!--	Complications:
+				-->
+	<target host="axptravel.americanexpress.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.americanexpress\.com$" name="^(AB_FILTER|FHR_DB_PERCENT|FHR_RANDOM_NUMBER|SaneID)$" /-->
+	<!--securecookie host="^(about|online|travel|www209|www262|www304)\.americanexpress\.com$" name="^BIGipServer[\w-]+$" /-->
+	<!--securecookie host="^rewards\.americanexpress\.com$" name="^DataCenter$" /-->
+	<!--securecookie host="^search\.americanexpress\.com$" name="^cp_session$" /-->
+	<!--securecookie host="^travel\.americanexpress\.com$" name="^sroute$" /-->
+	<!--securecookie host="^www01\.extra\.americanexpress\.com$" name="^(\.ASPXAUTH|ASP\.NET_SessionId|Initial|NumberOfCartItems|NumberOfSavedItems|ReturnPage|ism)$" /-->
+	<!--securecookie host="^www209\.americanexpress\.com$" name="^TS[\da-f]{8}$" /-->
+	<!--securecookie host="^www295\.americanexpress\.com$" name="^[a-z]+__JSESSIONID$" /-->
+
+	<securecookie host="^(?:www01\.extra|online|rewards|search|travel|www209|www295|www304)\.americanexpress\.com$" name=".+" />
+
+
+	<!--	$ 404s
+			-->
+	<rule from="^http://axptravel\.americanexpress\.com/$"
+		to="https://axptravel.americanexpress.com/consumertravel/travel.do" />
+
+	<rule from="^http:"
+		to="https:" />
 
-  <rule from="^http://(?:www\.)?americanexpress\.com/" to="https://www.americanexpress.com/"/>
-  <rule from="^http://home\.americanexpress\.com/" to="https://home.americanexpress.com/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/AmericanOrnithology.org.xml b/src/chrome/content/rules/AmericanOrnithology.org.xml
new file mode 100644
index 000000000000..14b533696cad
--- /dev/null
+++ b/src/chrome/content/rules/AmericanOrnithology.org.xml
@@ -0,0 +1,19 @@
+<!--
+	Refused:
+		americanornithology.org
+
+	Active mixed content from fonts.googleapis.com
+
+-->
+<ruleset name="AmericanOrnithology.org">
+
+	<target host="americanornithology.org" />
+	<target host="www.americanornithology.org" />
+
+	<rule from="^http://americanornithology\.org/"
+		to="https://www.americanornithology.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AmericanScientist.org.xml b/src/chrome/content/rules/AmericanScientist.org.xml
new file mode 100644
index 000000000000..eac8a2f5fe20
--- /dev/null
+++ b/src/chrome/content/rules/AmericanScientist.org.xml
@@ -0,0 +1,15 @@
+<!--
+	Invalid certificate:
+		estlive.americanscientist.org
+
+-->
+<ruleset name="AmericanScientist.org">
+
+	<target host="americanscientist.org" />
+	<target host="www.americanscientist.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/American_Academy_of_Neurology.xml b/src/chrome/content/rules/American_Academy_of_Neurology.xml
index 1b8cf06d982a..441e4d1f0c85 100644
--- a/src/chrome/content/rules/American_Academy_of_Neurology.xml
+++ b/src/chrome/content/rules/American_Academy_of_Neurology.xml
@@ -10,16 +10,17 @@
 <ruleset name="American Academy of Neurology (partial)">
 
 	<target host="aan.com" />
-	<target host="*.aan.com" />
+	<target host="www.aan.com" />
+	<target host="patients.aan.com" />
 
 
 	<securecookie host="^patients\.aan\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?aan\.com/(CFFileServlet/|contact/|globals/|go/|(?:index\.cfm)?\?axon=user\.(?:login|profile)|skins/)"
+	<rule from="^http://(?:www\.)?aan\.com/(CFFileServlet/|contact/|globals/|go/|(?:index\.cfm)?\?axon=user\.(?:login|profile)|skins/)"
 		to="https://www.aan.com/$1" />
 
 	<rule from="^http://patients\.aan\.com/"
 		to="https://patients.aan.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/American_Airlines.xml b/src/chrome/content/rules/American_Airlines.xml
new file mode 100644
index 000000000000..1f1cd6ec799c
--- /dev/null
+++ b/src/chrome/content/rules/American_Airlines.xml
@@ -0,0 +1,15 @@
+<!--
+	Non-functional hosts:
+		Certificate mismatched:
+		- metrics.aa.com
+-->
+<ruleset name="American Airlines (partial)">
+
+	<target host="aa.com" />
+	<target host="www.aa.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/American_Ancestors.org.xml b/src/chrome/content/rules/American_Ancestors.org.xml
new file mode 100644
index 000000000000..1d7d153fae52
--- /dev/null
+++ b/src/chrome/content/rules/American_Ancestors.org.xml
@@ -0,0 +1,19 @@
+<ruleset name="American Ancestors.org (partial)">
+
+	<target host="americanancestors.org" />
+	<target host="www.americanancestors.org" />
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="http://www\.americanancestors\.org/+(home\.html|Product\.aspx\?id=108)" /-->
+
+		<!--exclusion pattern="http://www\.americanancestors\.org/+(?!css/|favicon\.ico|images/|membershipproduct\.aspx|uploadedImages/|WebResource\.axd|WorkArea/)" /-->
+
+
+	<securecookie host="^www\.americanancestors\.org$" name="^EkAnalytics$" />
+
+
+	<rule from="^http://(www\.)?americanancestors\.org/(?=css/|favicon\.ico|images/|membershipproduct\.aspx|uploadedImages/|WebResource\.axd|WorkArea/)"
+		to="https://$1americanancestors.org/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/American_Bar_Association.xml b/src/chrome/content/rules/American_Bar_Association.xml
index 7af71678bd92..0790e91bb7aa 100644
--- a/src/chrome/content/rules/American_Bar_Association.xml
+++ b/src/chrome/content/rules/American_Bar_Association.xml
@@ -1,11 +1,56 @@
-<ruleset name="American Bar Assocation">
+<!--
+	Problematic domains:
 
+		- www.abanet.org *
+
+	* Expired 2012-02-09
+
+
+	Observed cookie domains:
+
+		- americanbar.org *
+		- apps.americanbar.org *
+		- www.americanbar.org *
+
+	* Secured by us <= not secured by server
+
+
+	Mixed content:
+
+		- Images, on apps from:
+
+			- $self *
+			- www.abanet.org *
+
+		- Web bugs, on www from:
+
+			- webstats *
+			- seal-chicago.bbb.org *
+
+	* Secured by us
+
+-->
+<ruleset name="American Bar Association">
+
+	<target host="www.abanet.org" />
 	<target host="americanbar.org" />
 	<target host="*.americanbar.org" />
 
 
-	<securecookie host="^.*\.americanbar\.org$" name=".+" />
+	<securecookie host="^(?:.*\.)?americanbar\.org$" name=".+" />
+
+
+	<rule from="^http://www\.abanet\.org/+(?=search/+common/+img/)"
+		to="https://apps.americanbar.org/" />
+
+	<!--	Some paths redirect as so, but at least some others do not,
+		so be cautious until we determine all of the latter:
+									-->
+	<rule from="^http://www\.abanet\.org/+(?=$|\?)"
+		to="https://www.americanbar.org/content/aba/" />
 
+	<rule from="^http://www\.abanet\.org/+rppt(?:(?:/[^?]*)?(\?.*)?)$"
+		to="https://www.americanbar.org/publications/probate_property_magazine_home.html$1" />
 
 	<rule from="^http://(apps\.|www\.)?americanbar\.org/"
 		to="https://$1americanbar.org/" />
@@ -13,4 +58,4 @@
 	<rule from="^http://webstats\.americanbar\.org/"
 		to="https://americanbar-org.d1.sc.omtrdc.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/American_Center_for_Law_and_Justice.xml b/src/chrome/content/rules/American_Center_for_Law_and_Justice.xml
index b46e9f582d67..ac6cced5dee7 100644
--- a/src/chrome/content/rules/American_Center_for_Law_and_Justice.xml
+++ b/src/chrome/content/rules/American_Center_for_Law_and_Justice.xml
@@ -30,7 +30,10 @@
 <ruleset name="American Center for Law and Justice (partial)">
 
 	<target host="aclj.org" />
-	<target host="*.aclj.org" />
+	<target host="www.aclj.org" />
+	<target host="action.aclj.org" />
+	<target host="images.aclj.org" />
+	<target host="media.aclj.org" />
 
 
 	<securecookie host="^aclj\.org$" name=".+" />
@@ -49,4 +52,4 @@
 	<rule from="^http://media\.aclj\.org/"
 		to="https://c391070.ssl.cf2.rackcdn.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/American_Chemical_Society-problematic.xml b/src/chrome/content/rules/American_Chemical_Society-problematic.xml
deleted file mode 100644
index ffe27c7a1075..000000000000
--- a/src/chrome/content/rules/American_Chemical_Society-problematic.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	For rules that are on by default, see American-Chemical-Society.xml.
-
-
-	Cookies are handled there.
-
--->
-<ruleset name="American Chemistry Society (problematic)" default_off="mismatched">
-
-	<target host="chemistryjobs.acs.org" />
-
-
-	<rule from="^http://chemistryjobs\.acs\.org/"
-		to="https://chemistryjobs.acs.org/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/American_College_of_Radiology.xml b/src/chrome/content/rules/American_College_of_Radiology.xml
index c96f5a5aee49..e89500dde543 100644
--- a/src/chrome/content/rules/American_College_of_Radiology.xml
+++ b/src/chrome/content/rules/American_College_of_Radiology.xml
@@ -18,16 +18,18 @@
 <ruleset name="American College of Radiology (partial)">
 
 	<target host="acr.org" />
-	<target host="*.acr.org" />
+	<target host="www.acr.org" />
+	<target host="login.acr.org" />
+	<target host="shop.acr.org" />
 
 
 	<securecookie host="^(?:login|shop)\.acr\.org$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?acr\.org/(~|css|images|js|Login)($|\?|/)"
+	<rule from="^http://(?:www\.)?acr\.org/(~|css|images|js|Login)($|\?|/)"
 		to="https://www.acr.org/$1$2" />
 
 	<rule from="^http://(login|shop)\.acr\.org/"
 		to="https://$1.acr.org/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/American_Flyer_Trains.com.xml b/src/chrome/content/rules/American_Flyer_Trains.com.xml
new file mode 100644
index 000000000000..71916527e04c
--- /dev/null
+++ b/src/chrome/content/rules/American_Flyer_Trains.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="American Flyer Trains.com">
+
+	<target host="americanflyertrains.com" />
+	<target host="www.americanflyertrains.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/American_Freedom.com.xml b/src/chrome/content/rules/American_Freedom.com.xml
index f9da184019d3..0741d469897a 100644
--- a/src/chrome/content/rules/American_Freedom.com.xml
+++ b/src/chrome/content/rules/American_Freedom.com.xml
@@ -1,8 +1,16 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://americanfreedom.com/ => https://americanfreedom.com/: (51, "SSL: no alternative certificate subject name matches target host name 'americanfreedom.com'")
+Fetch error: http://www.americanfreedom.com/ => https://www.americanfreedom.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.americanfreedom.com'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://americanfreedom.com/ => https://americanfreedom.com/: (51, "SSL: no alternative certificate subject name matches target host name 'americanfreedom.com'")
+Fetch error: http://www.americanfreedom.com/ => https://www.americanfreedom.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.americanfreedom.com'")
 	Center for American Freedom
 
 -->
-<ruleset name="American Freedom.com">
+<ruleset name="American Freedom.com" default_off="failed ruleset test">
 
 	<target host="americanfreedom.com" />
 	<target host="www.americanfreedom.com" />
@@ -11,7 +19,6 @@
 	<securecookie host="^americanfreedom\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?americanfreedom\.com/"
-		to="https://$1americanfreedom.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/American_Future_Fund.xml b/src/chrome/content/rules/American_Future_Fund.xml
index 281d4e27f80c..d92993351644 100644
--- a/src/chrome/content/rules/American_Future_Fund.xml
+++ b/src/chrome/content/rules/American_Future_Fund.xml
@@ -4,10 +4,9 @@
 	<target host="www.americanfuturefund.com" />
 
 
-	<securecookie host="^(www\.)?americanfuturefund\.com$" name=".+" />
+	<securecookie host="^(?:www\.)?americanfuturefund\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?americanfuturefund\.com/"
-		to="https://$1americanfuturefund.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/American_Heart.org.xml b/src/chrome/content/rules/American_Heart.org.xml
new file mode 100644
index 000000000000..19a22049595e
--- /dev/null
+++ b/src/chrome/content/rules/American_Heart.org.xml
@@ -0,0 +1,41 @@
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://americanheart.org/ => https://www.heart.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+	Other American Heart Foundation rulesets:
+
+		- Heart.org.xml
+
+
+	(www.): expired, mismatched, CN: handsonlycpr.org
+
+-->
+<ruleset name="American Heart.org (partial)">
+
+	<target host="americanheart.org" />
+	<target host="*.americanheart.org" />
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="^http://my\.americanheart\.org/professional/(index\.jsp|registration/resetPassword\.jsp)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://my\.americanheart\.org/(?!\w+/(?:imag|theme)es/|favicon\.ico)" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^donate\.americanheart\.org$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^donate\.americanheart\.org$" name=".+" />
+
+
+	<!--	Redirect drops path and args:
+						-->
+	<rule from="^http://(?:www\.)?americanheart\.org/.*"
+		to="https://www.heart.org/" />
+
+	<rule from="^http://(donate|my)\.americanheart\.org/"
+		to="https://$1.americanheart.org/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/American_Society_of_Media_Photographers.xml b/src/chrome/content/rules/American_Society_of_Media_Photographers.xml
index 307a23eae96b..1e663d5d3672 100644
--- a/src/chrome/content/rules/American_Society_of_Media_Photographers.xml
+++ b/src/chrome/content/rules/American_Society_of_Media_Photographers.xml
@@ -1,14 +1,20 @@
-<ruleset name="American Society of Media Photographers">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.admin.asmp.org/ => https://www.admin.asmp.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.admin.asmp.org'")
+
+-->
+<ruleset name="American Society of Media Photographers" default_off="failed ruleset test">
 
 	<target host="asmp.org" />
-	<target host="*.asmp.org" />
+	<target host="admin.asmp.org" />
+	<target host="www.asmp.org" />
 	<target host="www.admin.asmp.org" />
 
 
 	<securecookie host="^.*\.asmp\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?(admin\.)?asmp\.org/"
-		to="https://$1$2asmp.org/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AmericanaExchange.xml b/src/chrome/content/rules/AmericanaExchange.xml
index fce7cb98dc85..38d7ec1dfaf6 100644
--- a/src/chrome/content/rules/AmericanaExchange.xml
+++ b/src/chrome/content/rules/AmericanaExchange.xml
@@ -1,6 +1,16 @@
-<ruleset name="Americana Exchange">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://americanaexchange.com/ => https://www.americanaexchange.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.americanaexchange.com'")
+Fetch error: http://www.americanaexchange.com/ => https://www.americanaexchange.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.americanaexchange.com'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://americanaexchange.com/ => https://www.americanaexchange.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.americanaexchange.com'")
+Fetch error: http://www.americanaexchange.com/ => https://www.americanaexchange.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.americanaexchange.com'")
+-->
+<ruleset name="Americana Exchange" default_off="failed ruleset test">
   <target host="americanaexchange.com" />
   <target host="www.americanaexchange.com" />
 
   <rule from="^http://(?:www\.)?americanaexchange\.com/" to="https://www.americanaexchange.com/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Americans_United.xml b/src/chrome/content/rules/Americans_United.xml
index 49217127a8e9..1f1fa8469cc1 100644
--- a/src/chrome/content/rules/Americans_United.xml
+++ b/src/chrome/content/rules/Americans_United.xml
@@ -10,7 +10,6 @@
 	<target host="www.au.org" />
 
 
-	<rule from="^http://(www\.)?au\.org/"
-		to="https://$1au.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Americas_Longest_War.xml b/src/chrome/content/rules/Americas_Longest_War.xml
index 6465c5718819..4e3034e0399b 100644
--- a/src/chrome/content/rules/Americas_Longest_War.xml
+++ b/src/chrome/content/rules/Americas_Longest_War.xml
@@ -1,10 +1,9 @@
-<ruleset name="America's Longest War">
+<ruleset name="America's Longest War" default_off="mismatched">
 
 	<target host="americaslongestwar.com" />
 	<target host="www.americaslongestwar.com" />
 
 
-	<rule from="^http://(www\.)?americaslongestwar\.com/"
-		to="https://$1americaslongestwar.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Amerika21.de.xml b/src/chrome/content/rules/Amerika21.de.xml
index 915e320eb88c..7acb8a6af74b 100644
--- a/src/chrome/content/rules/Amerika21.de.xml
+++ b/src/chrome/content/rules/Amerika21.de.xml
@@ -1,7 +1,7 @@
-<ruleset name="Amerika21.de" default_off="self-signed">
+<ruleset name="Amerika21.de">
   <target host="www.amerika21.de" />
   <target host="amerika21.de" />
 
-  <rule from="^http://(www\.)?amerika21\.de/" to="https://amerika21.de/"/>
+  <rule from="^http:" to="https:" />
 </ruleset>
 
diff --git a/src/chrome/content/rules/Amgdgt.com.xml b/src/chrome/content/rules/Amgdgt.com.xml
index 63e448a68e7b..040aa1e024b9 100644
--- a/src/chrome/content/rules/Amgdgt.com.xml
+++ b/src/chrome/content/rules/Amgdgt.com.xml
@@ -9,21 +9,29 @@
 		- cdn	(works, akamai)
 
 
+	Insecure cookies are set for these domains: ᶜ
+
+		- .amgdgt.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
 	Web bugs.
 
 -->
 <ruleset name="amgdgt.com">
 
-	<target host="*.amgdgt.com" />
-
+	<target host="ad.amgdgt.com" />
+	<target host="at.amgdgt.com" />
 
-	<securecookie host="^\.amgdgt\.com$" name=".+" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.amgdgt\.com$" name="^(ID|LO|UA)$" /-->
 
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://ad\.amgdgt\.com/"
-		to="https://ad.amgdgt.com/" />
 
-	<rule from="^http://cdn\.amgdgt\.com/"
-		to="https://a248.e.akamai.net/f/1075/1/5m/cdn.amgdgt.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Amherst.edu.xml b/src/chrome/content/rules/Amherst.edu.xml
new file mode 100644
index 000000000000..3d02a1e0c129
--- /dev/null
+++ b/src/chrome/content/rules/Amherst.edu.xml
@@ -0,0 +1,16 @@
+<!--
+	Amherst College
+
+
+	^: refused
+
+-->
+<ruleset name="Amherst.edu">
+
+	<target host="amherst.edu" />
+	<target host="www.amherst.edu" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Amiami.jp.xml b/src/chrome/content/rules/Amiami.jp.xml
new file mode 100644
index 000000000000..0d0a47f766bc
--- /dev/null
+++ b/src/chrome/content/rules/Amiami.jp.xml
@@ -0,0 +1,22 @@
+<!--
+	Non-functional hosts:
+		Invalid Certificate:
+			- media.amiami.jp
+			- news.amiami.jp
+
+		Timeout:
+			- www.amiami.jp
+			- product.amiami.jp
+			- slist.amiami.jp
+-->
+<ruleset name="Amiami.jp (partial)">
+	<target host="img.amiami.jp" />
+	<test url="http://img.amiami.jp/images/product/review/164/FIGURE-026139_02.jpg" />
+
+	<target host="secure.amiami.jp" />
+	<test url="http://secure.amiami.jp/top/cloud/asp/index.asp" />
+
+	<securecookie host="^secure\.amiami\.jp$" name=".+" />
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Amiando.xml b/src/chrome/content/rules/Amiando.xml
index 44af1e3084c7..d622e7aaea1f 100644
--- a/src/chrome/content/rules/Amiando.xml
+++ b/src/chrome/content/rules/Amiando.xml
@@ -19,10 +19,10 @@
 	<securecookie host=".*\.amiando\.com$" name=".+" />
 
 
-	<rule from="^https?://amiando\.com/"
+	<rule from="^http://amiando\.com/"
 		to="https://www.amiando.com/" />
 
 	<rule from="^http://(?!blog\.|info\.)(\w+)\.amiando\.com/"
 		to="https://$1.amiando.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Amica.com.xml b/src/chrome/content/rules/Amica.com.xml
new file mode 100644
index 000000000000..b6b1e448212f
--- /dev/null
+++ b/src/chrome/content/rules/Amica.com.xml
@@ -0,0 +1,16 @@
+<!--
+	Non-functional hosts:
+		Connection refused:
+		- m.amica.com
+
+		Timeout was reached:
+		- amica.com
+		- futureleaders.amica.com
+-->
+<ruleset name="Amica.com">
+	<target host="careers.amica.com" />
+	<target host="securemail.amica.com" />
+	<target host="www.amica.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Amigaroms.com.xml b/src/chrome/content/rules/Amigaroms.com.xml
new file mode 100644
index 000000000000..ceed92b0a1d5
--- /dev/null
+++ b/src/chrome/content/rules/Amigaroms.com.xml
@@ -0,0 +1,19 @@
+<!--
+	Mismatched:
+	- autoconfig.amigaroms.com
+	- ftp.amigaroms.com
+
+	Non-functional:
+	- autodiscover.amigaroms.com
+-->
+<ruleset name="Amigaroms.com">
+    <target host="amigaroms.com" />
+    <target host="www.amigaroms.com" />
+    <target host="cpanel.amigaroms.com" />
+    <target host="es.amigaroms.com" />
+    <target host="mail.amigaroms.com" />
+
+    <securecookie host=".+" name=".+" />
+
+    <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Amnesty-International-mismatches.xml b/src/chrome/content/rules/Amnesty-International-mismatches.xml
deleted file mode 100644
index 7a5530a4376d..000000000000
--- a/src/chrome/content/rules/Amnesty-International-mismatches.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	For rules that are on by default, see Amnesty-International.xml.
-
--->
-<ruleset name="Amnesty International (mismatches)" default_off="mismatched" platform="mixedcontent">
-
-	<target host="action.amnesty.org.uk" />
-
-
-	<!--	Cookies are handled in the main ruleset.	-->
-
-
-	<rule from="^http://action\.amnesty\.org\.uk/"
-		to="https://action.amnesty.org.uk/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Amnesty-International.xml b/src/chrome/content/rules/Amnesty-International.xml
index 11fda09078b5..9d3c2c872599 100644
--- a/src/chrome/content/rules/Amnesty-International.xml
+++ b/src/chrome/content/rules/Amnesty-International.xml
@@ -1,12 +1,32 @@
-<!--
-	For problematic rules, see Amnesty-International-mismatches.xml.
-
-	For rules subject to JS redirects, see Amnesty_International-nojs.xml.
 
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://action.amnesty.org/ => https://action.amnesty.org/: (6, 'Could not resolve host: action.amnesty.org')
+Fetch error: http://livewire.amnesty.org/ => https://livewire.amnesty.org/: (6, 'Could not resolve host: livewire.amnesty.org')
 
 	Other Amnesty International rulesets:
 
+		- Amnesty.at.xml
+		- Amnesty.ch.xml
+		- Amnesty.de.xml
+		- Amnesty.fi.xml
+		- Amnesty.fr.xml
+		- Amnesty.gr.xml
+		- Amnesty.it.xml
+		- Amnesty.or.jp.xml
+		- Amnesty.org.nz.xml
+		- Amnesty.org.pl.xml
+		- Amnesty.org.ru.xml
+		- Amnesty.org.tr.xml
+		- Amnesty.org.uk.xml
+		- Amnesty.se.xml
+		- Amnesty.tw.xml
+		- Amnesty-in-Bewegung.de.xml
 		- Amnesty_International_Norway.xml
+		- Amnesty_USA.org.xml
+		- Amnistia.cl.xml
+		- Amnistia.org.mx.xml
+		- Amnistia.org.pe.xml
 
 
 	CDN buckets:
@@ -14,65 +34,39 @@
 		- d3soxcs9eo85xz.cloudfront.net
 
 
-	Nonfunctional domains:
-
-		- web.amnesty.org	(http reply)
-		- pthblog.amnesty.org.uk
-		- tv.amnesty.org.uk
-
-
-	Problematic domains:
-
-		- livewire.amnesty.org		(JS redirect to http)
-		- action.amnesty.org.uk		(mismatched, CN: action.amnesty.org.uk)
+	Nonfunctional hosts in *amnesty.org:
 
+		- web	(http reply)
+		- files (connections refused on 443)
 
-	Partially covered domains:
 
-		- livewire.amnesty.org		(complete coverage in -nojs.xml)
+	Insecure cookies are set for these domains:
 
-
-	Fully covered domains:
-
-		- amnesty.org subdomains:
-
-			- (www.)
-			- adam
-			- files
-
-		- amnesty.org.uk subdomains:
-
-			- (www.)
-			- blogs		(→ d3soxcs9eo85xz.cloudfront.net)
-			- protectthehuman
-			- www2
+		- .amnesty.org
+		- .action.amnesty.org
+		- .www.amnesty.org
 
 -->
-<ruleset name="Amnesty International (partial)" platform="mixedcontent">
+<ruleset name="Amnesty.org (partial)" default_off="failed ruleset test">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="amnesty.org" />
-	<target host="*.amnesty.org" />
-		<!--
-			JS redirect to http:
-						-->
-		<exclusion pattern="^http://livewire\.amnesty\.org/(?:.+/)?(?:\?.*)?$" />
-	<target host="amnesty.org.uk" />
-	<target host="*.amnesty.org.uk" />
-
-
-	<securecookie host="^\.amnesty\.org\.uk$" name="^__utm\w$" />
-	<securecookie host="^(?:.*\.)?amnesty\.org\.uk$" name=".+" />
+	<target host="action.amnesty.org" />
+	<target host="adam.amnesty.org" />
+	<target host="es.amnesty.org" />
+	<target host="www.es.amnesty.org" />
+	<target host="livewire.amnesty.org" />
+	<target host="www.amnesty.org" />
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.(action\.|www\.)?amnesty\.org$" name="^ARRAffinity$" /-->
 
-	<rule from="^http://((?:adam|files|livewire|www)\.)?amnesty\.org/"
-		to="https://$1amnesty.org/" />
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(protectthehuman\.|www2?\.)?amnesty\.org\.uk/"
-		to="https://$1amnesty.org.uk/" />
 
-	<!--	blogs has a valid certificate, but pages redirect to http.
-								-->
-	<rule from="^http://blogs\.amnesty\.org\.uk/"
-		to="https://d3soxcs9eo85xz.cloudfront.net/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Amnesty-in-Bewegung.de.xml b/src/chrome/content/rules/Amnesty-in-Bewegung.de.xml
new file mode 100644
index 000000000000..3bec32be2a06
--- /dev/null
+++ b/src/chrome/content/rules/Amnesty-in-Bewegung.de.xml
@@ -0,0 +1,26 @@
+<!--
+	For other Amnesty International coverage, see Amnesty-International.xml.
+
+
+	Insecure cookies are set for these domains:
+
+		- .amnesty-in-bewegung.de
+
+-->
+<ruleset name="Amnesty-in-Bewegung.de">
+
+	<target host="amnesty-in-bewegung.de" />
+	<target host="www.amnesty-in-bewegung.de" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.amnesty-in-bewegung\.de$" name="^SESS[\da-f]{32}$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Amnesty.at.xml b/src/chrome/content/rules/Amnesty.at.xml
new file mode 100644
index 000000000000..032d207e09e4
--- /dev/null
+++ b/src/chrome/content/rules/Amnesty.at.xml
@@ -0,0 +1,29 @@
+<!--
+	For other Amnesty International coverage, see Amnesty-International.xml.
+
+
+	Insecure cookies are set for these hosts:
+
+		- amnesty.at
+		- academy.amnesty.at
+		- www.amnesty.at
+
+-->
+<ruleset name="Amnesty.at">
+
+	<target host="amnesty.at" />
+	<target host="academy.amnesty.at" />
+	<target host="www.amnesty.at" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:academy\.|www\.)?amnesty\.at$" name="^PHPSESSID$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Amnesty.ch.xml b/src/chrome/content/rules/Amnesty.ch.xml
new file mode 100644
index 000000000000..6d8e1eda72d5
--- /dev/null
+++ b/src/chrome/content/rules/Amnesty.ch.xml
@@ -0,0 +1,37 @@
+<!--
+	For other Amnesty International coverage, see Amnesty-International.xml.
+
+
+	Nonfunctional hosts in *amnesty.ch:
+
+		- extranet ᵃ
+		- ua ᵃ
+		- youth ᵃ
+
+	ᵃ Shows another domain
+
+
+	Insecure cookies are set for these hosts:
+
+		- amnesty.ch
+		- www.amnesty.ch
+
+-->
+<ruleset name="Amnesty.ch (partial)">
+
+	<target host="amnesty.ch" />
+	<target host="shop.amnesty.ch" />
+	<target host="www.amnesty.ch" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?amnesty\.ch$" name="^serverid$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Amnesty.de.xml b/src/chrome/content/rules/Amnesty.de.xml
new file mode 100644
index 000000000000..6f2a971bf1cf
--- /dev/null
+++ b/src/chrome/content/rules/Amnesty.de.xml
@@ -0,0 +1,48 @@
+<!--
+	For other Amnesty International coverage, see Amnesty-International.xml.
+
+
+	Problematic hosts in *amnesty.de:
+
+		- blog ᵐ ˢ
+
+	ᵐ Mismatched
+	ˢ Self-signed
+
+
+	Insecure cookies are set for these domains:
+
+		- .amnesty.de
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- blog from $self
+			- www from $self ˢ
+			- blog from preview.amnesty50.de
+
+		- Bug on blog from www.facebook.com ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="Amnesty.de (partial)">
+
+	<target host="amnesty.de" />
+	<target host="shop.amnesty.de" />
+	<target host="www.amnesty.de" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.amnesty\.de$" name="^(?:MODsid|SESS[\da-f]{32})$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Amnesty.fi.xml b/src/chrome/content/rules/Amnesty.fi.xml
new file mode 100644
index 000000000000..54424fd94de1
--- /dev/null
+++ b/src/chrome/content/rules/Amnesty.fi.xml
@@ -0,0 +1,37 @@
+<!--
+	For other Amnesty International coverage, see Amnesty-International.xml.
+
+
+	^amnesty.fi: Refused
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.amnesty.fi
+
+-->
+<ruleset name="Amnesty.fi">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.amnesty.fi" />
+
+	<!--	Complications:
+				-->
+	<target host="amnesty.fi" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.amnesty\.fi$" name="^pll_language$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://amnesty\.fi/"
+		to="https://www.amnesty.fi/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Amnesty.fr.xml b/src/chrome/content/rules/Amnesty.fr.xml
new file mode 100644
index 000000000000..668233ca513e
--- /dev/null
+++ b/src/chrome/content/rules/Amnesty.fr.xml
@@ -0,0 +1,73 @@
+<!--
+	For other Amnesty International coverage, see Amnesty-International.xml.
+
+
+	Mismatched:
+		60dudh.amnesty.fr
+		boutique.amnesty.fr
+		envoigroupes.amnesty.fr
+		forums.amnesty.fr
+		legs.amnesty.fr
+		m.amnesty.fr
+		siteslocaux.amnesty.fr
+
+	Private subdomain:
+		extranet.amnesty.fr
+
+	Refused:
+		marathon.amnesty.fr
+
+	Time out:
+		webmail.amnesty.fr
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- amnesty.fr
+		- .extranet.amnesty.fr
+		- soutenir.amnesty.fr
+		- stories.amnesty.fr
+		- www.amnesty.fr
+
+
+	Mixed content:
+
+		- css, on:
+
+			- extranet from fonts.googleapis.com *
+			- stories from fast.fonts.net *
+
+	* Secured by us
+
+-->
+<ruleset name="Amnesty.fr">
+
+	<target host="amnesty.fr" />
+	<target host="www.amnesty.fr" />
+	<target host="m.amnesty.fr" />
+	<target host="marathon.amnesty.fr" />
+	<target host="siteslocaux.amnesty.fr" />
+	<target host="soutenir.amnesty.fr" />
+	<target host="stories.amnesty.fr" />
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?amnesty\.fr$" name="^BIGipServer" /-->
+	<!--securecookie host="^\.extranet\.amnesty\.fr$" name="^SESS[\da-f]{32}$" /-->
+	<!--securecookie host="^soutenir\.amnesty\.fr$" name="^DntSession$" /-->
+	<!--securecookie host="^stories\.amnesty\.fr$" name="^(OVHCDN|xxlplanBAK|xxlplanD)$" /-->
+
+	<!--securecookie host="^(?!www\.)\w" name="." /-->
+	<!--securecookie host="^\w" name="^BIGipServer" /-->
+	<securecookie host="^\w" name=".+" />
+
+	<rule from="^http://marathon\.amnesty\.fr/"
+		to="https://www.amnesty.fr/personnes" />
+
+	<rule from="^http://(m|siteslocaux)\.amnesty\.fr/"
+		to="https://www.amnesty.fr/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Amnesty.gr.xml b/src/chrome/content/rules/Amnesty.gr.xml
new file mode 100644
index 000000000000..30812cdb8bb2
--- /dev/null
+++ b/src/chrome/content/rules/Amnesty.gr.xml
@@ -0,0 +1,28 @@
+<!--
+	For other Amnesty International coverage, see Amnesty-International.xml.
+
+
+	^amnesty.gr: 404
+
+-->
+<ruleset name="Amnesty.gr">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.amnesty.gr" />
+
+	<!--	Complications:
+				-->
+	<target host="amnesty.gr" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://amnesty\.gr/"
+		to="https://www.amnesty.gr/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Amnesty.it.xml b/src/chrome/content/rules/Amnesty.it.xml
new file mode 100644
index 000000000000..25fa667bac85
--- /dev/null
+++ b/src/chrome/content/rules/Amnesty.it.xml
@@ -0,0 +1,65 @@
+<!--
+	For other Amnesty International coverage, see Amnesty-International.xml.
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .amnesty.it
+		- appelli.amnesty.it
+
+
+	Mixed content:
+
+		- favicon on appelli from www.amnesty.it ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="Amnesty.it (partial)">
+
+	<target host="appelli.amnesty.it" />
+	<target host="www.amnesty.it" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.amnesty\.it/index\.html" /-->
+		<!--
+			Redirects to p://.../flex/$
+							-->
+		<!--exclusion pattern="^http://www\.amnesty\.it/flex/cm/pages/ServeCSSsn\.php/" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.amnesty\.it/+(?!flex/(?:Extensions/templates|FixedPages|TemplatesUSR|cm/pages/ServeCSS\.php|images)/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.amnesty.it/apostasia-condanna-a-morte-arabia-saudita" />
+			<test url="http://www.amnesty.it/campagne/" />
+			<test url="http://www.amnesty.it/favicon.ico" />
+			<test url="http://www.amnesty.it/flex/cm/pages/ServeCSSsn.php/L/IT/N/carouselHome/M/-/BF/MOZILLA/BV/38.0/P/TemplatesUSR:modules:IT:BLOBTpl:BLOBElementVCO-CarouselHome.assets:/PU/1" />
+			<test url="http://www.amnesty.it/impunitainrussia/" />
+			<test url="http://www.amnesty.it/index.html" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.amnesty.it/flex/Extensions/templates/css/DonaAmnesty.css" />
+			<test url="http://www.amnesty.it/flex/FixedPages/IT/SostieniAmnesty.php/L/IT" />
+			<test url="http://www.amnesty.it/flex/TemplatesUSR/Site/IT/TemplatesUSR-Site-img/Oggetti/puntino.gif" />
+			<test url="http://www.amnesty.it/flex/cm/pages/ServeCSS.php/L/IT/N/Stampa.css/M/-/BF/MOZILLA/BV/38.0" />
+			<test url="http://www.amnesty.it/flex/images/c/7/5/D.e8d510f646465d3e0bbb/Angola_15_Graphic_70.jpg" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.amnesty\.it$" name="^ubvt$" /-->
+	<!--securecookie host="^appelli\.amnesty\.it$" name="^(?:ubpv|ubvs)$" /-->
+
+	<securecookie host="^\." name="^ubvt$" />
+	<securecookie host="^(?!www\.)\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Amnesty.or.jp.xml b/src/chrome/content/rules/Amnesty.or.jp.xml
new file mode 100644
index 000000000000..fb33ec17f65a
--- /dev/null
+++ b/src/chrome/content/rules/Amnesty.or.jp.xml
@@ -0,0 +1,35 @@
+<!--
+	For other Amnesty International coverage, see Amnesty-International.xml.
+
+
+	^amnesty.or.jp: Expired
+
+
+	Mixed content:
+
+		- Images on www from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Amnesty.or.jp">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.amnesty.or.jp" />
+
+	<!--	Complications:
+				-->
+	<target host="amnesty.or.jp" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://amnesty\.or\.jp/"
+		to="https://www.amnesty.or.jp/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Amnesty.org.nz.xml b/src/chrome/content/rules/Amnesty.org.nz.xml
new file mode 100644
index 000000000000..0bfd92a3135d
--- /dev/null
+++ b/src/chrome/content/rules/Amnesty.org.nz.xml
@@ -0,0 +1,33 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://supporterservices.amnesty.org.nz/ => https://supporterservices.amnesty.org.nz/: (6, 'Could not resolve host: supporterservices.amnesty.org.nz')
+
+	For other Amnesty International coverage, see Amnesty-International.xml.
+
+
+	^amnesty.org.nz: Mismatched
+
+-->
+<ruleset name="Amnesty.org.nz" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="supporterservices.amnesty.org.nz" />
+	<target host="www.amnesty.org.nz" />
+
+	<!--	Complications:
+				-->
+	<target host="amnesty.org.nz" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://amnesty\.org\.nz/"
+		to="https://www.amnesty.org.nz/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Amnesty.org.pl.xml b/src/chrome/content/rules/Amnesty.org.pl.xml
new file mode 100644
index 000000000000..adc4eea22388
--- /dev/null
+++ b/src/chrome/content/rules/Amnesty.org.pl.xml
@@ -0,0 +1,37 @@
+<!--
+	For other Amnesty International coverage, see Amnesty-International.xml.
+
+
+	www.amnesty.org.pl: Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- amnesty.org.pl
+
+-->
+<ruleset name="Amnesty.org.pl">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="amnesty.org.pl" />
+
+	<!--	Complications:
+				-->
+	<target host="www.amnesty.org.pl" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^amnesty\.org\.pl$" name="^fe_typo_user$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://www\.amnesty\.org\.pl/"
+		to="https://amnesty.org.pl/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Amnesty.org.ru.xml b/src/chrome/content/rules/Amnesty.org.ru.xml
new file mode 100644
index 000000000000..6fd14faf3af7
--- /dev/null
+++ b/src/chrome/content/rules/Amnesty.org.ru.xml
@@ -0,0 +1,17 @@
+<!--
+	For other Amnesty International coverage, see Amnesty-International.xml.
+
+-->
+<ruleset name="Amnesty.org.ru">
+
+	<target host="amnesty.org.ru" />
+	<target host="www.amnesty.org.ru" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Amnesty.org.tr.xml b/src/chrome/content/rules/Amnesty.org.tr.xml
new file mode 100644
index 000000000000..d558e9637c6d
--- /dev/null
+++ b/src/chrome/content/rules/Amnesty.org.tr.xml
@@ -0,0 +1,48 @@
+<!--
+	For other Amnesty International coverage, see Amnesty-International.xml.
+
+
+	Nonfunctional hosts in *amnesty.org.tr:
+
+		- (www.)?destek ᵃ
+
+	ᵃ Shows another domain
+
+
+	Problematic hosts in *amnesty.org.tr:
+
+		- amn ˢ
+
+	ˢ Self-signed
+
+
+	Insecure cookies are set for these hosts:
+
+		- amnesty.org.tr
+		- www.amnesty.org.tr
+
+
+	Mixed content:
+
+		- Images on (www.)? from ^amnesty.org.tr ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="Amnesty.org.tr (partial)">
+
+	<target host="amnesty.org.tr" />
+	<target host="www.amnesty.org.tr" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?amnesty\.org\.tr$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Amnesty.org.uk.xml b/src/chrome/content/rules/Amnesty.org.uk.xml
new file mode 100644
index 000000000000..ae9baf71828c
--- /dev/null
+++ b/src/chrome/content/rules/Amnesty.org.uk.xml
@@ -0,0 +1,43 @@
+<!--
+	For other Amnesty International coverage, see Amnesty-International.xml.
+
+
+	CDN buckets:
+
+		- d3soxcs9eo85xz.cloudfront.net
+
+
+	Nonfunctional hosts in *amnesty.org.uk:
+
+		- tv ʳ
+
+	ʳ Refused
+
+-->
+<ruleset name="Amnesty.org.uk (partial)">
+
+	<target host="amnesty.org.uk" />
+	<target host="action.amnesty.org.uk" />
+	<target host="blogs.amnesty.org.uk" />
+	<target host="protectthehuman.amnesty.org.uk" />
+	<target host="pthblog.amnesty.org.uk" />
+	<target host="www.amnesty.org.uk" />
+	<target host="www2.amnesty.org.uk" />
+
+		<!--	Formerly redirected to http:
+							-->
+		<test url="http://www.amnesty.org.uk/blogs/yes-minister-it-human-rights-issue/why-uk-government-spying-amnesty-international-surveillance-gchq" />
+		<test url="http://www.amnesty.org.uk/donate" />
+		<test url="http://www.amnesty.org.uk/get-involved" />
+		<test url="http://www.amnesty.org.uk/giving" />
+		<test url="http://www.amnesty.org.uk/jobs" />
+		<test url="http://www.amnesty.org.uk/join" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Amnesty.se.xml b/src/chrome/content/rules/Amnesty.se.xml
new file mode 100644
index 000000000000..2ada5d96f37b
--- /dev/null
+++ b/src/chrome/content/rules/Amnesty.se.xml
@@ -0,0 +1,48 @@
+<!--
+	For other Amnesty International coverage, see Amnesty-International.xml.
+
+
+	Nonfunctional hosts in *amnesty.se:
+
+		- butik ⁴
+		- butiken ⁴
+		- medlemsforum ʳ
+		- skola ⁴
+		- www2 ᵈ
+
+	ᵈ Dropped
+	ʳ Refused
+
+
+	Insecure cookies are set for these hosts:
+
+		- medlem.amnesty.se
+		- www.amnesty.se
+
+
+	Mixed content:
+
+		- Bug on www from api.flattr.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Amnesty.se (partial)">
+
+	<target host="amnesty.se" />
+	<target host="kontakt.amnesty.se" />
+	<target host="medlem.amnesty.se" />
+	<target host="www.amnesty.se" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:medlem|www)\.amnesty\.se$" name="^csrftoken$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Amnesty.tw.xml b/src/chrome/content/rules/Amnesty.tw.xml
new file mode 100644
index 000000000000..ce18a67fd718
--- /dev/null
+++ b/src/chrome/content/rules/Amnesty.tw.xml
@@ -0,0 +1,33 @@
+<!--
+	For other Amnesty International coverage, see Amnesty-International.xml.
+
+
+	Nonfunctional hosts in *amnesty.tw:
+
+		- marathon ᵖ
+
+	ᵖ Shows default page
+
+
+	Insecure cookies are set for these domains:
+
+		- .amnesty.tw
+
+-->
+<ruleset name="Amnesty.tw (partial)">
+
+	<target host="amnesty.tw" />
+	<target host="www.amnesty.tw" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.amnesty\.tw$" name="^SESS[\da-f]{32}$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Amnesty_International-nojs.xml b/src/chrome/content/rules/Amnesty_International-nojs.xml
deleted file mode 100644
index 65de2a0df4b2..000000000000
--- a/src/chrome/content/rules/Amnesty_International-nojs.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	For rules not subject to JS redirects, see Amnesty-International.xml.
-
-
-	Hopefully few HTTPSE users enable JS, anyway....
-
--->
-<ruleset name="Amnesty International (no javascript)" default_off="javascript redirect to http">
-
-	<target host="livewire.amnesty.org" />
-		<!--
-			Handled in Amnesty-International.xml:
-								-->
-		<exclusion pattern="^http://livewire\.amnesty\.org/(?!(?:.+/)?(?:\?.*)?$)" />
-
-
-	<securecookie host="^livewire\.amnesty\.org$" name=".+" />
-
-
-	<rule from="^http://livewire\.amnesty\.org/"
-		to="https://livewire.amnesty.org/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Amnesty_International_Norway.xml b/src/chrome/content/rules/Amnesty_International_Norway.xml
index e7e12d4a7d0f..d71895b615c2 100644
--- a/src/chrome/content/rules/Amnesty_International_Norway.xml
+++ b/src/chrome/content/rules/Amnesty_International_Norway.xml
@@ -1,22 +1,66 @@
 <!--
-	For other Amnesty International coverage, see Amnesty-Internationa.xml.
+	Amnesty International Norway
 
+	For other Amnesty International coverage, see Amnesty-International.xml.
 
-	Nonfunctional subdomains:
 
-		- blogg		(redirects to www, valid cert)
+	Nonfunctional hosts in *amnesty.no:
+
+		- blogg *
+
+	* Redirects to www, valid cert
+
+
+	Insecure cookie are set for these domains and hosts:
+
+		- .amnesty.no
+		- minside.amnesty.no
+
+
+	Mixed content:
+
+		- Image on minside from www.amnesty.no *
+
+	* Secured by us
 
 -->
-<ruleset name="Amnesty International Norway (partial)">
+<ruleset name="Amnesty.no (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="amnesty.no" />
-	<target host="*.amnesty.no" />
+	<target host="minside.amnesty.no" />
+	<target host="www.amnesty.no" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.amnesty\.no/$" /-->
+
+		<!--	Exceptions:
+					-->
+		<exclusion pattern="^http://www\.amnesty\.no/+(?!sites/)" />
+
+			<!--	+ve:
+						-->
+			<test url="http://www.amnesty.no/LHBTI" />
+			<test url="http://www.amnesty.no/PussyRiot" />
+			<test url="http://www.amnesty.no/kontakt" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.amnesty.no/sites/all/themes/amnesty_desktop/images/bli_meldem_340x114.png" />
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.amnesty\.no$" name="^SESS[\da-f]{32}$" /-->
+	<!--securecookie host="^minside\.amnesty\.no$" name="^ASP\.NET_SessionId$" /-->
 
-	<securecookie host="^(?:w*\.)?amnesty\.no$" name=".+" />
+	<!--securecookie host="^(?:w*\.)?amnesty\.no$" name=".+" /-->
+	<securecookie host="^minside\.amnesty\.no$" name=".+" />
 
 
-	<rule from="^http://(www\.)?amnesty\.no/"
-		to="https://$1amnesty.no/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Amnesty_USA.org.xml b/src/chrome/content/rules/Amnesty_USA.org.xml
new file mode 100644
index 000000000000..386bee30c454
--- /dev/null
+++ b/src/chrome/content/rules/Amnesty_USA.org.xml
@@ -0,0 +1,34 @@
+<!--
+	For other Amnesty International coverage, see Amnesty-International.xml.
+
+
+	Nonfunctional subdomains:
+
+		- blog ¹
+		- shop ²
+
+	¹ Redirects to www
+	² Amazon.com (refused)
+
+
+	Mixed content:
+
+		- css on www from fast.fonts.net *
+
+	* Secured by us
+
+-->
+<ruleset name="Amnesty USA.org (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="amnestyusa.org" />
+	<target host="www.amnestyusa.org" />
+
+		<!--exclusion pattern="^http://(blog|shop)\.amnestyusa\.org/" /-->
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Amnistia.cl.xml b/src/chrome/content/rules/Amnistia.cl.xml
new file mode 100644
index 000000000000..8479fb7f8fc0
--- /dev/null
+++ b/src/chrome/content/rules/Amnistia.cl.xml
@@ -0,0 +1,24 @@
+<!--
+	For other Amnesty International coverage, see Amnesty-International.xml.
+
+
+	Mixed content:
+
+		- css from fonts.googleapis.com ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="Amnistia.cl" platform="mixedcontent">
+
+	<target host="amnistia.cl" />
+	<target host="www.amnistia.cl" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Amnistia.org.mx.xml b/src/chrome/content/rules/Amnistia.org.mx.xml
new file mode 100644
index 000000000000..479340642ff8
--- /dev/null
+++ b/src/chrome/content/rules/Amnistia.org.mx.xml
@@ -0,0 +1,36 @@
+<!--
+	For other Amnesty International coverage, see Amnesty-International.xml.
+
+
+	Mixed content:
+
+		- iframes from www.amnistia.org.mx ˢ
+
+		- css, from:
+
+			- www.amistia.org.mx ˢ
+			- fast.fonts.com ˢ
+
+		- Images, from:
+
+			- www.amnestyusa.org ˢ
+			- amnistia.org.mx ˢ
+			- www.amnistia.org.mx ˢ
+			- i.imgur.com ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="Amnistia.org.mx (false MCB)" platform="mixedcontent">
+
+	<target host="amnistia.org.mx" />
+	<target host="www.amnistia.org.mx" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Amnistia.org.pe.xml b/src/chrome/content/rules/Amnistia.org.pe.xml
new file mode 100644
index 000000000000..40dd6b9a5c32
--- /dev/null
+++ b/src/chrome/content/rules/Amnistia.org.pe.xml
@@ -0,0 +1,27 @@
+<!--
+	For other Amnesty International coverage, see Amnesty-International.xml.
+
+
+	Mixed content:
+
+		- css from media.obilabs.com ᵉ
+		- Image from media.obilabs.com ᵉ
+		- favicon from www.amnistia.org.pe ˢ
+
+	ᵉ Not secured by us <= expired
+	ˢ Secured by us
+
+-->
+<ruleset name="Amnistia.org.pe" platform="mixedcontent">
+
+	<target host="amnistia.org.pe" />
+	<target host="www.amnistia.org.pe" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Amoena.xml b/src/chrome/content/rules/Amoena.xml
new file mode 100644
index 000000000000..faae90f41507
--- /dev/null
+++ b/src/chrome/content/rules/Amoena.xml
@@ -0,0 +1,53 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://amoena.fr/ => https://www.amoena.fr/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.amoena.fr/ => https://www.amoena.fr/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://amoena.fr/ => https://www.amoena.fr/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.amoena.fr/ => https://www.amoena.fr/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://amoena.us/ => https://www.amoena.us/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.amoena.us/ => https://www.amoena.us/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+-->
+<ruleset name="Amoena" default_off="failed ruleset test">
+
+	<target host="amoena.com"/>
+	<target host="www.amoena.com"/>
+	<target host="amoena.de"/>
+	<target host="www.amoena.de"/>
+	<target host="amoena.fr"/>
+	<target host="b2b.amoena.fr"/>
+	<target host="www.amoena.fr"/>
+	<target host="amoena.us"/>
+	<target host="b2b.amoena.us"/>
+	<target host="www.amoena.us"/>
+	<!-- not secured:
+		- (www.)amoena.eu
+		- (www.)amoenabg.com
+		- (www.)amoena.ca
+		- (www.)amoena.com.au
+		- (www.)amoena.cz
+		- (www.)amoena.dk
+		- (www.)amoena.es
+		- (www.)amoena.fi
+		- (www.)amoena.hu
+		- (www.)amoena.pt
+		- (www.)amoena.ru
+		- (www.)amoena.se
+	-->
+	<test url="http://amoena.com/" />
+	<test url="http://amoena.de/" />
+	<test url="http://amoena.fr/" />
+	<test url="http://b2b.amoena.fr/" />
+	<test url="http://b2b.amoena.us/" />
+	<test url="http://www.amoena.com/" />
+	<test url="http://www.amoena.de/" />
+	<test url="http://www.amoena.fr/" />
+
+	<rule from="^http://(www\.)?amoena\.com/" to="https://www.amoena.com/"/>
+	<rule from="^http://(www\.)?amoena\.de/" to="https://www.amoena.de/"/>
+	<rule from="^http://(www\.)?amoena\.fr/" to="https://www.amoena.fr/"/>
+	<rule from="^http://(www\.)?amoena\.us/" to="https://www.amoena.us/"/>
+	<rule from="^http://b2b\.amoena\.(fr|us)/" to="https://b2b.amoena.$1/"/>
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ampatico.com.xml b/src/chrome/content/rules/Ampatico.com.xml
deleted file mode 100644
index 585d74074d70..000000000000
--- a/src/chrome/content/rules/Ampatico.com.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	CN: www.klayx.com
-
--->
-<ruleset name="ampatico.com" default_off="mismatched">
-
-	<target host="ampatico.com" />
-	<target host="www.ampatico.com" />
-
-
-	<rule from="^http://(?:www\.)?ampatico\.com/"
-		to="https://ampatico.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Ampersandjs.com.xml b/src/chrome/content/rules/Ampersandjs.com.xml
new file mode 100644
index 000000000000..804a96b412c7
--- /dev/null
+++ b/src/chrome/content/rules/Ampersandjs.com.xml
@@ -0,0 +1,21 @@
+<!--
+	Nonfunctional subdomains:
+
+		- amp ¹
+		- blog ²
+
+	¹ GitHub
+	² Shows another domain
+
+
+	www doesn't exist.
+
+-->
+<ruleset name="Ampersandjs.com (partial)">
+
+	<target host="ampersandjs.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ampush.com.xml b/src/chrome/content/rules/Ampush.com.xml
deleted file mode 100644
index ec8a4d140398..000000000000
--- a/src/chrome/content/rules/Ampush.com.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Ampush.com">
-
-	<target host="ampush.com" />
-	<target host="*.ampush.com" />
-
-
-	<securecookie host="^(?:w*\.)?ampush\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?ampush\.com/"
-		to="https://$1ampush.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Amsterdam_Internet_Exchange.xml b/src/chrome/content/rules/Amsterdam_Internet_Exchange.xml
index 2b6e21b19e6e..468438938439 100644
--- a/src/chrome/content/rules/Amsterdam_Internet_Exchange.xml
+++ b/src/chrome/content/rules/Amsterdam_Internet_Exchange.xml
@@ -1,13 +1,21 @@
-<ruleset name="Amsterdam Internet Exchange">
+<!--
+	Amsterdam Internet Exchange
 
+-->
+<ruleset name="AMS-IX.net">
+
+	<!--	Direct rewrites:
+				-->
 	<target host="ams-ix.net" />
-	<target host="*.ams-ix.net" />
+	<target host="my.ams-ix.net" />
+	<target host="stats.ams-ix.net" />
+	<target host="www.ams-ix.net" />
 
 
 	<securecookie host="^(?:w*\.)?ams-ix\.net$" name=".+" />
 
 
-	<rule from="^http://(my\.|stats\.|www\.)?ams-ix\.net/"
-		to="https://$1ams-ix.net/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Amtel.xml b/src/chrome/content/rules/Amtel.xml
index 9bb898997135..b294faa9d34a 100644
--- a/src/chrome/content/rules/Amtel.xml
+++ b/src/chrome/content/rules/Amtel.xml
@@ -4,7 +4,7 @@
 		- www	(Akamai; "An error occurred")
 
 -->
-<ruleset name="Amtel (partial)" default_off="mismatch">
+<ruleset name="Amtel (partial)" default_off="mismatched">
 
 	<target host="ir.amtel.com" />
 	<target host="store.atmel.com" />
diff --git a/src/chrome/content/rules/An.de.xml b/src/chrome/content/rules/An.de.xml
new file mode 100644
index 000000000000..9aa04cad6669
--- /dev/null
+++ b/src/chrome/content/rules/An.de.xml
@@ -0,0 +1,13 @@
+<!--
+    Non-functional subdomains:
+        - www
+        - forum
+-->
+<ruleset name="An.de">
+    <target host="pk.an.de" />
+
+    <securecookie host="^pk\.an\.de$" name=".+" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AnPost.xml b/src/chrome/content/rules/AnPost.xml
index b72bd671d77a..38f6d704fa97 100644
--- a/src/chrome/content/rules/AnPost.xml
+++ b/src/chrome/content/rules/AnPost.xml
@@ -1,6 +1,56 @@
-<ruleset name="An Post">
-  <target host="www.anpost.ie" />
-  <target host="anpost.ie" />
+<!--
+	Nonfunctional hosts in anpost.ie:
 
-  <rule from="^http://(?:www\.)?anpost\.ie/" to="https://www.anpost.ie/"/>
+		- locator *
+		- postage *
+		- track *
+
+	* Handshake fails
+
+
+	^: cert only matches www
+
+
+	Fully covered hosts in *anpost.ie:
+
+		- (www.)?	(^ → www)
+		- edocket
+
+
+	Mixed content:
+
+		- favicons on edocket and www from www *
+
+		- Ads/bugs, on:
+
+			- www from s7.addthis.com *
+			- www from www.tripadvisor.com *
+
+	* Secured by us
+
+-->
+<ruleset name="An Post.ie (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="edocket.anpost.ie" />
+	<target host="www.anpost.ie" />
+
+	<!--	Complications:
+				-->
+	<target host="anpost.ie" />
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(edocket|www)\.anpost\.ie$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^www\.anpost\.ie$" name="^ASPSESSIONID\w{8}$" /-->
+
+	<securecookie host="^(?:edocket|www)\.anpost\.ie$" name=".+" />
+
+
+	<rule from="^http://anpost\.ie/"
+		to="https://www.anpost.ie/" />
+
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Anadolu.edu.tr.xml b/src/chrome/content/rules/Anadolu.edu.tr.xml
new file mode 100644
index 000000000000..83490d7c6764
--- /dev/null
+++ b/src/chrome/content/rules/Anadolu.edu.tr.xml
@@ -0,0 +1,147 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://kayit.anadolu.edu.tr/ => https://kayit.anadolu.edu.tr/: (6, 'Could not resolve host: kayit.anadolu.edu.tr')
+Fetch error: http://marketing.anadolu.edu.tr/ => https://marketing.anadolu.edu.tr/: (6, 'Could not resolve host: marketing.anadolu.edu.tr')
+Fetch error: http://odeturusorgu.anadolu.edu.tr/ => https://odeturusorgu.anadolu.edu.tr/: (6, 'Could not resolve host: odeturusorgu.anadolu.edu.tr')
+Fetch error: http://ogrenci.anadolu.edu.tr/ => https://ogrenci.anadolu.edu.tr/: (6, 'Could not resolve host: ogrenci.anadolu.edu.tr')
+
+	Ruleset for anadolu.edu.tr, the Anadolu University website.
+	See <https://en.wikipedia.org/wiki/Anadolu_University>.
+
+	Not supporting HTTPS or using an invalid certificate:
+		* a.anadolu.edu.tr
+		* abp.anadolu.edu.tr
+		* anaper.anadolu.edu.tr
+		* anasis.anadolu.edu.tr
+		* anawebtest.anadolu.edu.tr
+		* aofportal.anadolu.edu.tr
+		* app.uib.anadolu.edu.tr
+		* arinkom.anadolu.edu.tr
+		* aueob.anadolu.edu.tr
+		* baumweb1.anadolu.edu.tr
+		* bia.anadolu.edu.tr
+		* bildiri.anadolu.edu.tr
+		* btd.anadolu.edu.tr
+		* canvas.anadolu.edu.tr
+		* ceng.anadolu.edu.tr
+		* cim.anadolu.edu.tr
+		* cpanel.anadolu.edu.tr
+		* dergi.anadolu.edu.tr
+		* dersler.anadolu.edu.tr
+		* design.anadolu.edu.tr
+		* e-abdep.anadolu.edu.tr
+		* eae.anadolu.edu.tr
+		* ebys-login.anadolu.edu.tr
+		* ecas.anadolu.edu.tr
+		* e-gazete.anadolu.edu.tr
+		* egazete.anadolu.edu.tr
+		* ekampus.anadolu.edu.tr
+		* ekon.anadolu.edu.tr
+		* eportfolyo.oolp.anadolu.edu.tr
+		* eseminer.anadolu.edu.tr
+		* e-sertifika.anadolu.edu.tr
+		* esertifika.anadolu.edu.tr
+		* format.anadolu.edu.tr
+		* ftp.anadolu.edu.tr
+		* harita.anadolu.edu.tr
+		* home.anadolu.edu.tr
+		* ibfak.anadolu.edu.tr
+		* iibf.anadolu.edu.tr
+		* ikinciuniversite.anadolu.edu.tr
+		* isgb.anadolu.edu.tr
+		* kcm.anadolu.edu.tr
+		* ki.anadolu.edu.tr
+		* lyncedge.porsuk.anadolu.edu.tr
+		* maillist.porsuk.anadolu.edu.tr
+		* mezun.anadolu.edu.tr
+		* mooc.anadolu.edu.tr
+		* nsx-birimweb.anadolu.edu.tr
+		* orgun.anadolu.edu.tr
+		* phone.anadolu.edu.tr
+		* phpserver4.anadolu.edu.tr
+		* phpserver6.anadolu.edu.tr
+		* portal.anadolu.edu.tr
+		* rock.anadolu.edu.tr
+		* sam.anadolu.edu.tr
+		* sanalkampus.anadolu.edu.tr
+		* sanalsinif4.anadolu.edu.tr
+		* sbd.anadolu.edu.tr
+		* seramik.anadolu.edu.tr
+		* sgdb.anadolu.edu.tr
+		* sinav.eogrenme.anadolu.edu.tr
+		* sip.anadolu.edu.tr
+		* sosbilens.anadolu.edu.tr
+		* tojde.anadolu.edu.tr
+		* tv.anadolu.edu.tr
+		* ue.anadolu.edu.tr
+		* uib.anadolu.edu.tr
+		* uze.anadolu.edu.tr
+		* video.anadolu.edu.tr
+		* w2.anadolu.edu.tr
+		* wasweb.anadolu.edu.tr
+		* webct.anadolu.edu.tr
+		* web.porsuk.anadolu.edu.tr
+		* wifi.anadolu.edu.tr
+		* wtgcpanel1.anadolu.edu.tr
+		* www.cocuk.anadolu.edu.tr
+		* www.dilkom.anadolu.edu.tr
+		* www.ebe.anadolu.edu.tr
+		* www.ecas.anadolu.edu.tr
+		* www.eczfak.anadolu.edu.tr
+		* www.eem.anadolu.edu.tr
+		* www.ekm.anadolu.edu.tr
+		* www.endustri.anadolu.edu.tr
+		* www.farabidegisim.anadolu.edu.tr
+		* www.fenbilens.anadolu.edu.tr
+		* www.gse.anadolu.edu.tr
+		* www.ikinciuniversite.anadolu.edu.tr
+		* www.insaat.anadolu.edu.tr
+		* www.kdm.anadolu.edu.tr
+		* www.radyoa.anadolu.edu.tr
+		* www.temizhava.anadolu.edu.tr
+		* www.yillik.eogrenme.anadolu.edu.tr
+		* yemekhane.anadolu.edu.tr
+-->
+<ruleset name="Anadolu University" default_off="failed ruleset test">
+
+	<target host="anadolu.edu.tr" />
+
+	<target host="academy.anadolu.edu.tr" />
+	<target host="aof.anadolu.edu.tr" />
+	<target host="asecu2016.anadolu.edu.tr" />
+	<target host="baum.anadolu.edu.tr" />
+	<target host="casarray.anadolu.edu.tr" />
+	<target host="cas.porsuk.anadolu.edu.tr" />
+	<target host="ebys.anadolu.edu.tr" />
+	<target host="itunes.anadolu.edu.tr" />
+	<target host="itunesu.anadolu.edu.tr" />
+	<target host="kayit.anadolu.edu.tr" />
+	<target host="kitapsatis.anadolu.edu.tr" />
+	<target host="login.anadolu.edu.tr" />
+	<target host="mail2.anadolu.edu.tr" />
+	<target host="mail.anadolu.edu.tr" />
+	<target host="maillist.anadolu.edu.tr" />
+	<target host="marketing.anadolu.edu.tr" />
+	<target host="mdk.anadolu.edu.tr" />
+	<target host="odeturusorgu.anadolu.edu.tr" />
+	<target host="ogr.anadolu.edu.tr" />
+	<target host="ogrenci.anadolu.edu.tr" />
+	<target host="onlinesinav6.anadolu.edu.tr" />
+	<target host="pedagoji.anadolu.edu.tr" />
+	<target host="phpserver115.anadolu.edu.tr" />
+	<target host="phpserver5.anadolu.edu.tr" />
+	<target host="pop.anadolu.edu.tr" />
+	<target host="pyyk2016.anadolu.edu.tr" />
+	<target host="sbe.anadolu.edu.tr" />
+	<target host="sinav.anadolu.edu.tr" />
+	<target host="smtp.anadolu.edu.tr" />
+	<target host="url.anadolu.edu.tr" />
+	<target host="w3.anadolu.edu.tr" />
+	<target host="web018.anadolu.edu.tr" />
+	<target host="www.anadolu.edu.tr" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Analyst_One.com.xml b/src/chrome/content/rules/Analyst_One.com.xml
index 261d946e450d..57b326891877 100644
--- a/src/chrome/content/rules/Analyst_One.com.xml
+++ b/src/chrome/content/rules/Analyst_One.com.xml
@@ -20,7 +20,7 @@
 <ruleset name="Analyst One.com (false MCB)" default_off="mismatched" platform="mixedcontent">
 
 	<target host="analystone.com" />
-	<target host="*.analystone.com" />
+	<target host="www.analystone.com" />
 
 
 	<securecookie host="^\.analystone\.com$" name=".+" />
diff --git a/src/chrome/content/rules/Analytics.edgesuite.net.xml b/src/chrome/content/rules/Analytics.edgesuite.net.xml
index c3d7f532a556..cecf55d014a3 100644
--- a/src/chrome/content/rules/Analytics.edgesuite.net.xml
+++ b/src/chrome/content/rules/Analytics.edgesuite.net.xml
@@ -1,13 +1,9 @@
 <ruleset name="analytics.edgesuite.net">
 
 	<target host="*.analytics.edgekey.net" />
-	<target host="*.analytics.edgesuite.net" />
 
 
 	<rule from="^http://([\w-]+)\.analytics\.edgekey\.net/"
 		to="https://$1.analytics.edgekey.net/" />
 
-	<rule from="^http://([\w-]+)\.analytics\.edgesuite\.net/"
-		to="https://a248.e.akamai.net/f/307/4345/10m/$1.analytics.edgesuite.net/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/AnandTech.com.xml b/src/chrome/content/rules/AnandTech.com.xml
new file mode 100644
index 000000000000..1fb6b84cbcac
--- /dev/null
+++ b/src/chrome/content/rules/AnandTech.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="AnandTech.com">
+	<target host="anandtech.com" />
+	<target host="www.anandtech.com" />
+	<target host="forums.anandtech.com" />
+	<target host="images.anandtech.com" />
+		<test url="http://images.anandtech.com/graphs/graph12678/97779.png" />
+	<target host="redirect.anandtech.com" />
+	<target host="staging.anandtech.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ananda_Sangha.xml b/src/chrome/content/rules/Ananda_Sangha.xml
index 9391c634a142..f722e46c313f 100644
--- a/src/chrome/content/rules/Ananda_Sangha.xml
+++ b/src/chrome/content/rules/Ananda_Sangha.xml
@@ -1,13 +1,45 @@
-<ruleset name="Ananda Sangha">
+<!--
+	Ananda Sangha
+
+
+	Problematic subdomains:
+
+		- ^ ¹
+		- cdn ²
+
+	¹ Refused
+	² 404, NetDNA
+
+-->
+<ruleset name="Ananda.org (partial)">
 
 	<target host="ananda.org" />
 	<target host="www.ananda.org" />
+		<!--
+			Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.ananda\.org/($|prayers/[\w-]+/$|shop/$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.ananda\.org/+(?!support-ananda/|wp-content/|wp-includes/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.ananda.org//" />
+			<test url="http://www.ananda.org/favicon.ico" />
+			<test url="http://www.ananda.org/prayers/" />
+			<test url="http://www.ananda.org/shop/" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.ananda.org/support-ananda/" />
 
 
-	<securecookie host="^(?:www\.)?ananda\.org$" name=".+" />
+	<!--securecookie host="^www\.ananda\.org$" name=".+" /-->
 
 
-	<rule from="^http://(www\.)?ananda\.org/"
-		to="https://$1ananda.org/" />
+	<rule from="^http://(?:www\.)?ananda\.org/"
+		to="https://www.ananda.org/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/AnarchistNews.xml b/src/chrome/content/rules/AnarchistNews.xml
deleted file mode 100644
index 0a8bd5812864..000000000000
--- a/src/chrome/content/rules/AnarchistNews.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="AnarchistNews.org" default_off="self-signed">
-  <target host="www.anarchistnews.org" />
-  <target host="anarchistnews.org" />
-  <securecookie host="^anarchistnews.org$" name=".*" />
-
-  <rule from="^http://(?:www\.)?anarchistnews\.org/" to="https://anarchistnews.org/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/Anarplex.net.xml b/src/chrome/content/rules/Anarplex.net.xml
new file mode 100644
index 000000000000..a73840117628
--- /dev/null
+++ b/src/chrome/content/rules/Anarplex.net.xml
@@ -0,0 +1,15 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.anarplex.net/ => https://www.anarplex.net/: (51, "SSL: no alternative certificate subject name matches target host name 'www.anarplex.net'")
+
+-->
+<ruleset name="Anarplex.net" default_off="failed ruleset test">
+
+	<target host="anarplex.net" />
+	<target host="www.anarplex.net" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Anaxago.com.xml b/src/chrome/content/rules/Anaxago.com.xml
new file mode 100644
index 000000000000..66597066d3a4
--- /dev/null
+++ b/src/chrome/content/rules/Anaxago.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="anaxago.com">
+	<target host="anaxago.com" />
+	<target host="www.anaxago.com" />
+	<target host="immobilier.anaxago.com" />
+	<target host="pages.anaxago.com" />
+		<test url="http://pages.anaxago.com/robots.txt" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ancestry.xml b/src/chrome/content/rules/Ancestry.xml
index 17f6f9e704e3..3ece664ed963 100644
--- a/src/chrome/content/rules/Ancestry.xml
+++ b/src/chrome/content/rules/Ancestry.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://help.ancestry.com/ => https://help.ancestry.com/: (60, 'SSL certificate problem: certificate has expired')
+
 	CDN buckets:
 
 		- c.ancestry.com.edgesuite.net
@@ -8,49 +12,42 @@
 
 		- (www.)ancestry.co.uk *
 		- (www.)ancestry.com *
+		- blog.ancestry.com *
+		- blogs.ancestry.com ¹
+		- boards.ancestry.com *
+		- community.ancestry.com *
+		- home.ancestry.com *
+		- rootsweb.ancestry.com *
+		- search.ancestry.com *
+		- trees.ancestry.com *
 
 	* Refused
+	¹ Mismatch
 
 
 	Problematic domains:
 
-		- c.ancestry.com	(akamai)
-
-
-	Fully covered domains:
-
-		- secure.ancestry.co.uk
-		- c.ancestry.com	(→ c.mfcreative.com)
-		- c.mfcreative.com
+		- c.ancestry.com		(akamai)
+		- corporate.ancestry.com	(redirects to HTTP)
+		- c.mfccreative.com		(causes CORS issues)
 
 -->
-<ruleset name="Ancestry.com (partial)">
+<ruleset name="Ancestry.com (partial)" default_off="failed ruleset test">
 
 	<target host="secure.ancestry.co.uk" />
-	<target host="*.ancestry.com" />
-	<target host="c.mfcreative.com" />
-	<target host="mycanvas.com" />
-	<target host="*.mycanvas.com" />
+
+	<target host="health.ancestry.com" />
+	<target host="help.ancestry.com" />
+	<target host="dna.ancestry.com" />
+	<target host="store.ancestry.com" />
+	<target host="support.ancestry.com" />
 
 
 	<securecookie host="^secure\.ancestry\.co\.uk$" name=".+" />
 	<securecookie host="^dna\.ancestry\.com$" name=".+" />
-	<securecookie host="^(?:.*\.)?mycanvas\.com$" name=".+" />
-
-
-	<rule from="^http://secure\.ancestry\.co\.uk/"
-		to="https://secure.ancestry.co.uk/" />
-
-	<rule from="^http://dna\.ancestry\.com/"
-		to="https://dna.ancestry.com/" />
-
-	<rule from="^http://(?:secure\.)?store\.ancestry\.com/"
-		to="https://secure.store.ancestry.com/" />
 
-	<rule from="^http://c\.(?:ancestry|mfcreative)\.com/"
-		to="https://c.mfcreative.com/" />
 
-	<rule from="^http://(?:secure\.|www\.)?mycanvas\.com/"
-		to="https://secure.mycanvas.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Anchor.xml b/src/chrome/content/rules/Anchor.xml
index 85bc64e4235f..c2cac707a082 100644
--- a/src/chrome/content/rules/Anchor.xml
+++ b/src/chrome/content/rules/Anchor.xml
@@ -1,24 +1,45 @@
 <!--
-	Problematic domains:
+	Other Anchor rulesets:
 
-		- www.anchor.net.au	(mismatched, CN: www.anchor.com.au)
+		- anchor.net.au
 
 -->
-<ruleset name="Anchor">
+<ruleset name="Anchor.com.au (partial)">
 
 	<target host="anchor.com.au" />
-	<target host="*.anchor.com.au" />
-	<target host="anchor.net.au" />
-	<target host="*.anchor.net.au" />
-
-
-	<securecookie host="^\.anchor\.net\.au$" name=".+" />
-
-
-	<rule from="^http://(control\.|www\.)?anchor\.com\.au/"
-		to="https://$1anchor.com.au/" />
-
-	<rule from="^http://(?:www\.)?anchor\.net\.au/"
-		to="https://anchor.net.au/" />
-
-</ruleset>
\ No newline at end of file
+	<target host="control.anchor.com.au" />
+	<target host="mcp.anchor.com.au" />
+	<target host="www.anchor.com.au" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.anchor\.com\.au/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.anchor\.com\.au/+(?!forms(?:$|[?/])|wp-content/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.anchor.com.au/anchorcloud/" />
+			<test url="http://www.anchor.com.au/contact-us/" />
+			<test url="http://www.anchor.com.au/domain-names/" />
+			<test url="http://www.anchor.com.au/hosting/" />
+			<test url="http://www.anchor.com.au/pricing/" />
+			<!--test url="http://www.anchor.com.au/servers/" /-->
+
+			<!--	-ve:
+					-->
+			<test url="http://www.anchor.com.au/forms/account-cancellation/" />
+			<test url="http://www.anchor.com.au/forms/pay-account/" />
+			<test url="http://www.anchor.com.au/wp-content/plugins/contact-form-7/includes/css/styles.css" />
+			<test url="http://www.anchor.com.au/wp-content/themes/salient/img/icons/nectar-loading.gif" />
+
+
+	<securecookie host="^\." name="^__cfduid$" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AnchorFree.xml b/src/chrome/content/rules/AnchorFree.xml
index cf247091526a..56b1babbec9f 100644
--- a/src/chrome/content/rules/AnchorFree.xml
+++ b/src/chrome/content/rules/AnchorFree.xml
@@ -23,7 +23,6 @@
 	<target host="rpt.anchorfree.net" />
 
 
-	<rule from="^http://rpt\.anchorfree\.net/"
-		to="https://rpt.anchorfree.net/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Ancud.de.xml b/src/chrome/content/rules/Ancud.de.xml
index 1c90013ee0e9..4567fb1a9a27 100644
--- a/src/chrome/content/rules/Ancud.de.xml
+++ b/src/chrome/content/rules/Ancud.de.xml
@@ -1,11 +1,4 @@
-<!--
-	Ancud IT-Beratung
-
-
-	Cert only matches www
-
--->
-<ruleset name="Ancud.de" default_off="self-signed">
+<ruleset name="Ancud.de">
 
 	<target host="ancud.de" />
 	<target host="www.ancud.de" />
@@ -14,7 +7,7 @@
 	<securecookie host="^www\.ancud\.de$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?ancud\.de/"
-		to="https://www.ancud.de/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Andalucia_Property_Rentals.com.xml b/src/chrome/content/rules/Andalucia_Property_Rentals.com.xml
deleted file mode 100644
index 015f0be95348..000000000000
--- a/src/chrome/content/rules/Andalucia_Property_Rentals.com.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	- CN: Parallels Panel
-	- Expired 2012-06-28
-
--->
-<ruleset name="Andalucia Property Rentals" default_off="expired, self-signed">
-
-	<target host="andaluciapropertyrentals.com" />
-	<target host="www.andaluciapropertyrentals.com" />
-
-
-	<securecookie host="^andaluciapropertyrentals\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?andaluciapropertyrentals\.com/"
-		to="https://andaluciapropertyrentals.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Andaluspress.com.xml b/src/chrome/content/rules/Andaluspress.com.xml
new file mode 100644
index 000000000000..b14869d5606a
--- /dev/null
+++ b/src/chrome/content/rules/Andaluspress.com.xml
@@ -0,0 +1,15 @@
+<!--
+	Not Found (404):
+		forja.andaluspress.com
+		tv.andaluspress.com
+		video.andaluspress.com
+		videos.andaluspress.com
+-->
+<ruleset name="Andaluspress.com (partial)">
+	<target host="andaluspress.com" />
+	<target host="www.andaluspress.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Anders.com.xml b/src/chrome/content/rules/Anders.com.xml
new file mode 100644
index 000000000000..e5777749fe49
--- /dev/null
+++ b/src/chrome/content/rules/Anders.com.xml
@@ -0,0 +1,29 @@
+<!--
+	- Expired 2010-03-12
+	- Cert only matches www.anders.com
+
+
+	Mixed content:
+
+		- Videos from www.youtube.com *
+
+		- fonts from fonts.googleapis.com *
+
+		- Images from ^ *
+
+	* Secured by us
+
+-->
+<ruleset name="Anders.com" default_off="expired, self-signed">
+
+	<target host="anders.com" />
+	<target host="www.anders.com" />
+
+
+	<securecookie host="^www\.anders\.com$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?anders\.com/"
+		to="https://www.anders.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Andor.com.xml b/src/chrome/content/rules/Andor.com.xml
new file mode 100644
index 000000000000..c3c48f542dec
--- /dev/null
+++ b/src/chrome/content/rules/Andor.com.xml
@@ -0,0 +1,29 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://andor.com/ => https://andor.com/: (51, "SSL: no alternative certificate subject name matches target host name 'andor.com'")
+
+	Mixed content:
+
+		- css from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Andor.com" default_off="failed ruleset test">
+
+	<target host="andor.com" />
+	<target host="www.andor.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?andor\.com$" name="^\.ASPXANONYMOUS$" /-->
+	<!--securecookie host="^\.andor\.com$" name="^(AndorSID|language)$" /-->
+
+	<securecookie host="^(?:\.|www\.)?andor\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Andrea_Fabrizi.it.xml b/src/chrome/content/rules/Andrea_Fabrizi.it.xml
new file mode 100644
index 000000000000..840a8c43f31b
--- /dev/null
+++ b/src/chrome/content/rules/Andrea_Fabrizi.it.xml
@@ -0,0 +1,28 @@
+<!--
+	Insecure cookies are set for these domains and hosts:
+
+		- andreafabrizi.it
+		- .andreafabrizi.it
+		- www.andreafabrizi.it
+
+-->
+<ruleset name="Andrea Fabrizi.it">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="andreafabrizi.it" />
+	<target host="www.andreafabrizi.it" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?andreafabrizi\.it$" name="^SESSION$" /-->
+	<!--securecookie host="^\.andreafabrizi\.it$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Andrew-Blum.xml b/src/chrome/content/rules/Andrew-Blum.xml
index cebdc6e016b3..b8f09b673abc 100644
--- a/src/chrome/content/rules/Andrew-Blum.xml
+++ b/src/chrome/content/rules/Andrew-Blum.xml
@@ -1,11 +1,11 @@
-<ruleset name="Andrew Blum" default_off="mismatch">
+<ruleset name="Andrew Blum" default_off="mismatched">
 
 	<!--	Cert: *.gridserver.com	-->
 	<target host="andrewblum.net" />
 	<target host="www.andrewblum.net" />
 
 
-	<rule from="^https?://(?:www\.)?andrewblum\.net/"
+	<rule from="^http://(?:www\.)?andrewblum\.net/"
 		to="https://andrewblum.net/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Andrew-Munsell.xml b/src/chrome/content/rules/Andrew-Munsell.xml
new file mode 100644
index 000000000000..71d2d2a7d634
--- /dev/null
+++ b/src/chrome/content/rules/Andrew-Munsell.xml
@@ -0,0 +1,8 @@
+<ruleset name="Andrew Munsell">
+
+	<target host="andrewmunsell.com" />
+	<target host="www.andrewmunsell.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Andrew_Brookins.com.xml b/src/chrome/content/rules/Andrew_Brookins.com.xml
new file mode 100644
index 000000000000..3792adb51039
--- /dev/null
+++ b/src/chrome/content/rules/Andrew_Brookins.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="Andrew Brookins.com">
+
+	<target host="andrewbrookins.com" />
+	<target host="www.andrewbrookins.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Android-Arsenal.com.xml b/src/chrome/content/rules/Android-Arsenal.com.xml
new file mode 100644
index 000000000000..41ef0735f655
--- /dev/null
+++ b/src/chrome/content/rules/Android-Arsenal.com.xml
@@ -0,0 +1,25 @@
+<!--
+	www: Cert only matches ^android-arsenal.com
+
+
+	Insecure cookies are set for these domains:
+
+		- android-arsenal.com
+
+-->
+<ruleset name="Android-Arsenal.com">
+
+	<target host="android-arsenal.com" />
+	<target host="www.android-arsenal.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^android-arsenal\.com$" name="^ci_session$" /-->
+
+	<securecookie host="^android-arsenal\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Android-Port.de.xml b/src/chrome/content/rules/Android-Port.de.xml
new file mode 100644
index 000000000000..2a42fc85cc70
--- /dev/null
+++ b/src/chrome/content/rules/Android-Port.de.xml
@@ -0,0 +1,12 @@
+<ruleset name="Android-Port.de">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="android-port.de" />
+	<target host="www.android-port.de" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Android.xml b/src/chrome/content/rules/Android.xml
index 1e58ed161da1..50ab3683302e 100644
--- a/src/chrome/content/rules/Android.xml
+++ b/src/chrome/content/rules/Android.xml
@@ -1,25 +1,24 @@
 <!--
-	Nonfunctional subdomains:
-
-		- (www.)	(404, valid cert)
-
-
-	Fully covered subdomains:
-
-		- developer
-		- market
-		- source
+	For other Google coverage, see GoogleServices.xml.
 
 -->
-<ruleset name="Android (partial)">
-
-	<target host="*.android.com" />
+<ruleset name="Android.com">
 
+	<target host="android.com" />
+	<target host="www.android.com" />
+	<target host="developer.android.com" />
+	<target host="market.android.com" />
+	<target host="messages.android.com" />
+	<target host="partner.android.com" />
+	<target host="source.android.com" />
+	<target host="tools.android.com" />
 
-	<securecookie host=".+\.android\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
+	<rule from="^http://tools\.android\.com/"
+		to="https://sites.google.com/a/android.com/tools/" />
 
-	<rule from="^http://(developer|market|source)\.android\.com/"
-		to="https://$1.android.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/AndroidPolice.xml b/src/chrome/content/rules/AndroidPolice.xml
index 9975ca762e35..7b184ae8c79e 100644
--- a/src/chrome/content/rules/AndroidPolice.xml
+++ b/src/chrome/content/rules/AndroidPolice.xml
@@ -1,6 +1,6 @@
-<ruleset name="Androidpolice">
+
+<ruleset name="AndroidPolice.com">
   <target host="www.androidpolice.com"/>
   <target host="androidpolice.com"/>
-  <rule from="^http://(www\.)?androidpolice\.com/" to="https://www.androidpolice.com/"/>
+  <rule from="^http:" to="https:"/>
 </ruleset>
-<!-- Rule generated by HTTPS Finder 0.77 -->
diff --git a/src/chrome/content/rules/Androidfilehost.com.xml b/src/chrome/content/rules/Androidfilehost.com.xml
index eb4df18b6fea..3127462c9211 100644
--- a/src/chrome/content/rules/Androidfilehost.com.xml
+++ b/src/chrome/content/rules/Androidfilehost.com.xml
@@ -1,6 +1,28 @@
-<ruleset name="Androidfilehost.com">
-<target host="www.androidfilehost.com"/>
-<target host="androidfilehost.com"/>
-<rule from="^http://(www\.)?androidfilehost\.com/" to="https://www.androidfilehost.com/"/>
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- androidfilehost.com
+		- www.androidfilehost.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Android File Host.com">
+
+	<target host="androidfilehost.com" />
+	<target host="www.androidfilehost.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?androidfilehost\.com$" name="^(?:GCLB|afh)$" /-->
+
+	<securecookie host="^\." name="^(?:_gat?$|_gat_|aps-trtmnt)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
- 
+
diff --git a/src/chrome/content/rules/Androidpit.xml b/src/chrome/content/rules/Androidpit.xml
new file mode 100644
index 000000000000..9933e7954b0e
--- /dev/null
+++ b/src/chrome/content/rules/Androidpit.xml
@@ -0,0 +1,27 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://fs01.androidpit.info/ => https://fs01.androidpit.info/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.fs01.androidpit.info/ => https://www.fs01.androidpit.info/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://fs02.androidpit.info/ => https://fs02.androidpit.info/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.fs02.androidpit.info/ => https://www.fs02.androidpit.info/: (28, 'Connection timed out after 20001 milliseconds')
+
+    Nonfunctional subdomains:
+	    - androidpit.de
+	        - jobs    -> wrong domain
+-->
+<ruleset name="Androidpit" default_off="failed ruleset test">
+    <target host="androidpit.de" />
+    <target host="www.androidpit.de" />
+    <target host="fs01.androidpit.info" />
+    <target host="www.fs01.androidpit.info" />
+    <target host="fs02.androidpit.info" />
+    <target host="www.fs02.androidpit.info" />
+    <target host="static.androidpit.info" />
+    <target host="www.static.androidpit.info" />
+
+    <securecookie host="^(www\.)?androidpit\.de" name=".+" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Andy_Tyson.com.xml b/src/chrome/content/rules/Andy_Tyson.com.xml
new file mode 100644
index 000000000000..4b1eab07f804
--- /dev/null
+++ b/src/chrome/content/rules/Andy_Tyson.com.xml
@@ -0,0 +1,22 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://andytyson.com/ => https://andytyson.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.andytyson.com/ => https://www.andytyson.com/: (28, 'Connection timed out after 20000 milliseconds')
+
+-->
+<ruleset name="Andy Tyson.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="andytyson.com" />
+	<target host="www.andytyson.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Andy_Walsh.com.xml b/src/chrome/content/rules/Andy_Walsh.com.xml
new file mode 100644
index 000000000000..faa7035822b8
--- /dev/null
+++ b/src/chrome/content/rules/Andy_Walsh.com.xml
@@ -0,0 +1,22 @@
+<!--
+	Mixed content:
+
+		- favicon from $self *
+
+		- Images from farm\d.staticflickr.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Andy Walsh.com">
+
+	<target host="andywalsh.com" />
+	<target host="www.andywalsh.com" />
+
+
+	<securecookie host="^(?:www)?\.andywalsh\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Andyet.com.xml b/src/chrome/content/rules/Andyet.com.xml
new file mode 100644
index 000000000000..3a5c7a5fe29f
--- /dev/null
+++ b/src/chrome/content/rules/Andyet.com.xml
@@ -0,0 +1,40 @@
+<!--
+	Nonfunctional subdomains:
+
+		- community *
+
+	* Dropped
+
+
+	www: mismatched, CN: *.anyet.net
+
+
+	Fully covered subdomains:
+
+		- (www.)	(www → ^)
+		- blog
+		- labs
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- blog from a[25].mzstatic.com *
+			- labs from ^ *
+
+	* Secured by us
+
+-->
+<ruleset name="andyet.com (partial)">
+
+	<target host="andyet.com" />
+	<target host="blog.andyet.com" />
+	<target host="labs.andyet.com" />
+	<target host="www.andyet.com" />
+
+
+	<rule from="^http://(?:(blog\.|labs\.)|www\.)?andyet\.com/"
+		to="https://$1andyet.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Aneros.com.xml b/src/chrome/content/rules/Aneros.com.xml
new file mode 100644
index 000000000000..f1b92540dc3b
--- /dev/null
+++ b/src/chrome/content/rules/Aneros.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- aneros.com
+		- www.aneros.com
+
+-->
+<ruleset name="Aneros.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="aneros.com" />
+	<target host="www.aneros.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?aneros\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^(?:www\.)?aneros\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AngelList.xml b/src/chrome/content/rules/AngelList.xml
index 6ba7768c82e8..f36d1d3f1c3f 100644
--- a/src/chrome/content/rules/AngelList.xml
+++ b/src/chrome/content/rules/AngelList.xml
@@ -1,10 +1,35 @@
-<ruleset name="AngelList">
+<!--
+	AngelList
 
+
+	CDN buckets:
+
+		- s3.amazonaws.com/screenshots.angel.co/
+
+
+	Nonfunctional subdomains:
+
+		- blog *
+
+	* Tumblr
+
+-->
+<ruleset name="Angel.co (partial)">
+
+	<!--	Direct rewrites:
+				-->
 	<target host="angel.co" />
 	<target host="www.angel.co" />
 
 
-	<rule from="^http://(www\.)?angel\.co/"
-		to="https://$1angel.co/" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^angel\.co$" name="^_angellist$" /-->
+
+	<securecookie host="^angel\.co$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Angelika_Film_Center.com.xml b/src/chrome/content/rules/Angelika_Film_Center.com.xml
new file mode 100644
index 000000000000..27ec14d4a75e
--- /dev/null
+++ b/src/chrome/content/rules/Angelika_Film_Center.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="Angelika Film Center.com">
+
+	<target host="angelikafilmcenter.com" />
+	<target host="www.angelikafilmcenter.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AnglaisFacile.com.xml b/src/chrome/content/rules/AnglaisFacile.com.xml
new file mode 100644
index 000000000000..fa3a60c507f8
--- /dev/null
+++ b/src/chrome/content/rules/AnglaisFacile.com.xml
@@ -0,0 +1,11 @@
+<!--
+	See for related rulesets: FrancaisFacile.com.xml
+-->
+<ruleset name="AnglaisFacile.com">
+	<target host="anglaisfacile.com" />
+	<target host="www.anglaisfacile.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Anglomedia.net.xml b/src/chrome/content/rules/Anglomedia.net.xml
index f0fdc816ebe3..35db8d97f31e 100644
--- a/src/chrome/content/rules/Anglomedia.net.xml
+++ b/src/chrome/content/rules/Anglomedia.net.xml
@@ -18,7 +18,8 @@
 <ruleset name="anglomedia.net">
 
 	<target host="anglomedia.net" />
-	<target host="*.anglomedia.net" />
+	<target host="www.anglomedia.net" />
+	<target host="cdn.anglomedia.net" />
 
 
 	<securecookie host="^www\.anglomedia\.net$" name=".+" />
@@ -30,4 +31,4 @@
 	<rule from="^http://cdn\.anglomedia\.net/"
 		to="https://3024-iamnoonesolution.netdna-ssl.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Angreifer.org.xml b/src/chrome/content/rules/Angreifer.org.xml
new file mode 100644
index 000000000000..9f7d5e73708b
--- /dev/null
+++ b/src/chrome/content/rules/Angreifer.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="Angreifer.org">
+	<target host="angreifer.org" />
+	<target host="www.angreifer.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Angular-Gantt.com.xml b/src/chrome/content/rules/Angular-Gantt.com.xml
new file mode 100644
index 000000000000..b281586fda6e
--- /dev/null
+++ b/src/chrome/content/rules/Angular-Gantt.com.xml
@@ -0,0 +1,40 @@
+<!--
+	NB: Tor users cannot view* this website due to CloudFlare settings.
+
+	See:
+
+		- https://blog.torproject.org/blog/call-arms-helping-internet-services-accept-anonymous-users
+		- https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block-Tor-
+		- https://support.cloudflare.com/hc/en-us/articles/200170206-How-do-I-turn-I-m-Under-Attack-mode-on-
+
+	* without enabling javascript, for security and privacy implications see e.g.:
+
+		- https://www.mozilla.org/security/known-vulnerabilities/firefox.html
+		- https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-fingerprinting
+		- https://panopticlick.eff.org
+
+
+	Insecure cookies are set for these domains:
+
+		- .angular-gantt.com
+
+-->
+<ruleset name="Angular-Gantt.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="angular-gantt.com" />
+	<target host="www.angular-gantt.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.angular-gantt\.com$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Angular.io.xml b/src/chrome/content/rules/Angular.io.xml
new file mode 100644
index 000000000000..c7a44ba7e8a9
--- /dev/null
+++ b/src/chrome/content/rules/Angular.io.xml
@@ -0,0 +1,41 @@
+<!--
+	Mismatched (CN: firebaseapp.com):
+		- algry
+		- augary
+		- https
+		- v1
+-->
+
+<ruleset name="Angular.io">
+	<target host="angular.io" />
+	<target host="www.angular.io" />
+	<target host="angury.angular.io" />
+	<target host="augury.angular.io" />
+	<target host="blog.angular.io" />
+	<target host="cli.angular.io" />
+	<target host="cloud.angular.io" />
+	<target host="code.angular.io" />
+	<target host="community.angular.io" />
+	<target host="docs.angular.io" />
+	<target host="files.angular.io" />
+	<target host="m.angular.io" />
+	<target host="materia.angular.io" />
+	<target host="material.angular.io" />
+	<target host="material2.angular.io" />
+	<target host="materials.angular.io" />
+	<target host="mobile.angular.io" />
+	<target host="next.angular.io" />
+	<target host="oc.angular.io" />
+	<target host="owncloud.angular.io" />
+	<target host="protractor.angular.io" />
+	<target host="share.angular.io" />
+	<target host="test.angular.io" />
+	<target host="universal.angular.io" />
+	<target host="v2.angular.io" />
+	<target host="ww.w.angular.io" />
+	<target host="wwww.angular.io" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Angus.gov.uk.xml b/src/chrome/content/rules/Angus.gov.uk.xml
new file mode 100644
index 000000000000..ce331aaced45
--- /dev/null
+++ b/src/chrome/content/rules/Angus.gov.uk.xml
@@ -0,0 +1,81 @@
+<!--
+	Angus Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *angus.gov.uk:
+
+		- www.fosteringandadoption *
+
+	* 200 blank page
+
+
+	Problematic hosts in *angus.gov.uk:
+
+		- ahead ᵐ
+		- library ⁴
+
+	⁴ 404
+	ᵐ Mismatched
+
+
+	^angus.gov.uk: Dropped over http & https
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- ahead.angus.gov.uk
+		- .ahead.angus.gov.uk
+		- archive.angus.gov.uk
+		- planning.angus.gov.uk
+		- services.angus.gov.uk
+		- .services.angus.gov.uk
+		- www.angus.gov.uk
+		- .www.angus.gov.uk
+
+
+	Mixed content:
+
+		- css on ahead from fonts.googleapis.com ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="Angus.gov.uk (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="archive.angus.gov.uk" />
+	<target host="planning.angus.gov.uk" />
+	<target host="services.angus.gov.uk" />
+	<target host="www.angus.gov.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="library.angus.gov.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:ahead|services|www)\.angus\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^\.(?:ahead|services|www)\.angus\.gov\.uk$" name="^TestCookie$" /-->
+	<!--securecookie host="^archive\.angus\.gov\.uk$" name="^CF(?:ID|TOKEN)$" /-->
+	<!--securecookie host="^planning\.angus\.gov\.uk$" name="^JSESSIONID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+	<securecookie host="^\.(?:archive|services|www)\." name=".+" />
+
+
+	<!--	Redirect drops forward slash
+		and path, but not args:
+					-->
+	<rule from="^http://library\.angus\.gov\.uk/[^?]*"
+		to="https://angus.spydus.co.uk/" />
+
+		<test url="http://library.angus.gov.uk/index.htm" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AniList.co.xml b/src/chrome/content/rules/AniList.co.xml
new file mode 100644
index 000000000000..c6a10453c86f
--- /dev/null
+++ b/src/chrome/content/rules/AniList.co.xml
@@ -0,0 +1,11 @@
+<ruleset name="AniList.co">
+	<target host="anilist.co" />
+	<target host="www.anilist.co" />
+
+	<!-- not working:
+		nginx.anilist.co (mismatch)
+	-->
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AniRena.xml b/src/chrome/content/rules/AniRena.xml
index 1098243cb7f2..936f0af96c15 100644
--- a/src/chrome/content/rules/AniRena.xml
+++ b/src/chrome/content/rules/AniRena.xml
@@ -1,13 +1,12 @@
 <ruleset name="AniRena">
 
 	<target host="anirena.com" />
-	<target host="*.anirena.com" />
+	<target host="www.anirena.com" />
 
 
 	<securecookie host="^\.(?:www\.)?anirena\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?anirena\.com/"
-		to="https://$1anirena.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Anidb.net.xml b/src/chrome/content/rules/Anidb.net.xml
new file mode 100644
index 000000000000..4158a12e413c
--- /dev/null
+++ b/src/chrome/content/rules/Anidb.net.xml
@@ -0,0 +1,30 @@
+<!--
+	Mismatch:
+		- api.anidb.net
+
+	Redirect:
+		- sig.anidb.net
+-->
+<ruleset name="AniDB.net">
+	<target host="anidb.net"/>
+	<target host="www.anidb.net"/>
+	<target host="anidb2.anidb.net"/>
+	<target host="anidb3.anidb.net"/>
+	<target host="anidb5.anidb.net"/>
+	<target host="anidb6.anidb.net"/>
+	<target host="anidb7.anidb.net"/>
+	<target host="apidump.anidb.net"/>
+	<target host="devint.anidb.net"/>
+	<target host="export.anidb.net"/>
+	<target host="forum.anidb.net"/>
+	<target host="git.anidb.net"/>
+	<target host="img7.anidb.net"/>
+	<target host="intwiki.anidb.net"/>
+	<target host="ircquotes.anidb.net"/>
+	<target host="static.anidb.net"/>
+	<target host="static2.anidb.net"/>
+	<target host="tracker.anidb.net"/>
+	<target host="wiki.anidb.net"/>
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Animal_Law.info.xml b/src/chrome/content/rules/Animal_Law.info.xml
new file mode 100644
index 000000000000..05695c989477
--- /dev/null
+++ b/src/chrome/content/rules/Animal_Law.info.xml
@@ -0,0 +1,16 @@
+<!--
+	For other Michigan State University coverage, see msu.edu.xml.
+
+-->
+<ruleset name="Animal Law.info">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="animallaw.info" />
+	<target host="www.animallaw.info" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Anime-Planet.com.xml b/src/chrome/content/rules/Anime-Planet.com.xml
new file mode 100644
index 000000000000..fd615f47b99f
--- /dev/null
+++ b/src/chrome/content/rules/Anime-Planet.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Anime-Planet">
+	<target host="anime-planet.com" />
+	<target host="www.anime-planet.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Animeanime.jp.xml b/src/chrome/content/rules/Animeanime.jp.xml
new file mode 100644
index 000000000000..838bea458d07
--- /dev/null
+++ b/src/chrome/content/rules/Animeanime.jp.xml
@@ -0,0 +1,24 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- ftp.animeanime.jp
+		- mail.animeanime.jp
+		- wp.animeanime.jp
+
+		Status code mismatch:
+		- cms.animeanime.jp
+
+		4xx client error:
+		- feed.animeanime.jp
+-->
+<ruleset name="Animeanime.jp">
+	<target host="animeanime.jp" />
+	<target host="www.animeanime.jp" />
+	<target host="cdn.animeanime.jp" />
+	<target host="img.animeanime.jp" />
+	<target host="s.animeanime.jp" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Animenfo.com.xml b/src/chrome/content/rules/Animenfo.com.xml
deleted file mode 100644
index 68a5555dbb21..000000000000
--- a/src/chrome/content/rules/Animenfo.com.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="Animenfo.com" platform="mixedcontent">
-  <target host="animenfo.com" />
-  <target host="www.animenfo.com" />
-
-  <rule from="^http://(?:www\.)?animenfo\.com/" to="https://www.animenfo.com/" />
-  <securecookie host="\.animenfo\.com$" name="PHPSESSID" />
-  <securecookie host="\.animenfo\.com$" name="anforadio_(user|hash)" />
-</ruleset>
diff --git a/src/chrome/content/rules/Aniview.com.xml b/src/chrome/content/rules/Aniview.com.xml
new file mode 100644
index 000000000000..fbeefbb988f2
--- /dev/null
+++ b/src/chrome/content/rules/Aniview.com.xml
@@ -0,0 +1,46 @@
+<!--
+	Cert mismatch:
+		- d41751.aniview.com
+		- data1.aniview.com/
+		- data2.aniview.com
+
+	TLS error:
+		- aniview.com
+-->
+
+<ruleset name="Aniview.com">
+
+	<target host="aniview.com" />
+	<target host="www.aniview.com" />
+
+	<target host="add1.aniview.com" />
+	<target host="cdn1.aniview.com" />
+	<target host="cdn2.aniview.com" />
+	<target host="data.aniview.com" />
+	<target host="data3.aniview.com" />
+	<target host="go.aniview.com" />
+	<target host="go1.aniview.com" />
+	<target host="gov.aniview.com" />
+	<target host="hwdata1.aniview.com" />
+	<target host="hwdata2.aniview.com" />
+	<target host="manage.aniview.com" />
+	<target host="outstreamedia.aniview.com" />
+	<target host="play.aniview.com" />
+	<target host="play1.aniview.com" />
+	<target host="player.aniview.com" />
+	<target host="player1.aniview.com" />
+	<target host="s2s.aniview.com" />
+	<target host="track.aniview.com" />
+	<target host="track1.aniview.com" />
+	<target host="urlhandler.aniview.com" />
+	<target host="wl.aniview.com" />
+	<target host="wlplay.aniview.com" />
+	<target host="vtrack.aniview.com" />
+	<target host="wlplayer.aniview.com" />
+
+	<rule from="^http://aniview\.com/"
+		to="https://www.aniview.com/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Anker.xml b/src/chrome/content/rules/Anker.xml
deleted file mode 100644
index c0d863bc75e9..000000000000
--- a/src/chrome/content/rules/Anker.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	For other NHN Corporation coverage, see NHN-Corporation.xml.
-
--->
-<ruleset name="Anker">
-
-	<target host="anker.to" />
-
-
-	<securecookie host="^anker\.to$" name=".+" />
-
-
-	<!--	www prints "It works!"
-					-->
-	<rule from="^http://anker\.to/"
-		to="https://anker.to/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Ann_Summers.xml b/src/chrome/content/rules/Ann_Summers.xml
index 188040ca2863..fd0cf260c717 100644
--- a/src/chrome/content/rules/Ann_Summers.xml
+++ b/src/chrome/content/rules/Ann_Summers.xml
@@ -1,30 +1,74 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.annsummers.com/webapp/wcs/stores/servlet/OrderItemDisplay => https://www.annsummers.com/webapp/wcs/stores/servlet/OrderItemDisplay: Too many redirects while fetching 'https://www.annsummers.com/webapp/wcs/stores/servlet/OrderItemDisplay'
+
 	Other Ann Summers rulesets:
 
 		- Ann_Summers_Jobs.xml
 
 
+	Most pages redirect to http.
+
+
 	Problematic subdomains:
 
-		- ^		(cert only matches www)
 		- careers	(works; mismatched, CN: *.gridserver.com)
 
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.annsummers.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
 -->
-<ruleset name="Ann Summers (partial)">
+<ruleset name="Ann Summers.com (partial)" default_off="failed ruleset test">
 
 	<target host="annsummers.com" />
-	<target host="*.annsummers.com" />
+	<target host="www.annsummers.com" />
 
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.annsummers\.com/+($|\?|c/|page/)" /-->
+		<!--
+			404:
+				-->
+		<!--exclusion pattern="^http://www\.annsummers\.com/+(store/|storelocator)" /-->
+		<!--
+			In sum:
+				-->
+		<exclusion pattern="^http://(?:www\.)?annsummers\.com/+(?:$|\?|c/|page/|store)" />
 
-	<securecookie host="^(?:www)?\.annsummers\.com$" name=".+" />
+			<!--	Not sensitive info, no sirree:
+								-->
+			<test url="http://www.annsummers.com/?" />
+			<test url="http://www.annsummers.com//" />
+			<test url="http://www.annsummers.com/c/bondage/gags" />
+			<test url="http://www.annsummers.com/c/dress-up/schoolgirls" />
+			<test url="http://www.annsummers.com/c/sex-toys/for-anal" />
+			<test url="http://www.annsummers.com/c/sex-toys/rampant-rabbits" />
+			<test url="http://www.annsummers.com/page/ContactUs" />
+			<test url="http://www.annsummers.com/store/newcastle-upon-tyne" />
+			<test url="http://www.annsummers.com/storelocator" />
 
+			<!--	-ve:
+					-->
+			<test url="http://www.annsummers.com/favicon.ico" />
+			<test url="http://www.annsummers.com/html/css/header.css" />
+			<test url="http://www.annsummers.com/html/images/cc-deliver-white.png" />
+			<test url="http://www.annsummers.com/wcsstore/SharedStoreFront/Custom/css/site.css" />
+			<test url="http://www.annsummers.com/webapp/wcs/stores/servlet/OrderItemDisplay" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.annsummers\.com$" name="^(?:cqcid|(?:dwac|dwanonymous|personalization)_[\da-f]{32}|dwsid|sid)$" /-->
+
+	<!--securecookie host="^(?:www)?\.annsummers\.com$" name=".+" /-->
 
-	<!--	Server drops path like so, sans trailing-slash:
-								-->
-	<rule from="^http://annsummers\.com/[^\?]*(\?.*)?"
-		to="https://www.annsummers.com/$1" />
 
-	<rule from="^http://www\.annsummers\.com/"
-		to="https://www.annsummers.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Ann_Summers_Jobs.xml b/src/chrome/content/rules/Ann_Summers_Jobs.xml
index 93a1a20d1435..95f21b3297a2 100644
--- a/src/chrome/content/rules/Ann_Summers_Jobs.xml
+++ b/src/chrome/content/rules/Ann_Summers_Jobs.xml
@@ -5,12 +5,12 @@
 	CN: *.gridserver.com
 
 -->
-<ruleset name="Anne Summers Jobs" default_off="mismatched">
+<ruleset name="Anne Summers.com Jobs" default_off="mismatched">
 
 	<target host="careers.annsummers.com" />
 
 
-	<rule from="^http://careers\.annsummers\.com/"
-		to="https://careers.annsummers.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Annihil.us.xml b/src/chrome/content/rules/Annihil.us.xml
index cdf6a9cbfbf8..90989f161851 100644
--- a/src/chrome/content/rules/Annihil.us.xml
+++ b/src/chrome/content/rules/Annihil.us.xml
@@ -2,6 +2,11 @@
 	For other Marvel coverage, see Marvel.com.xml.
 
 
+	CDN buckets:
+
+		- annihilusssl.sslcs.cdngc.net
+
+
 	Problematic subdomains:
 
 		- x	(400; mismatched, CN: i.annihil.us)
@@ -9,10 +14,16 @@
 -->
 <ruleset name="annihil.us">
 
-	<target host="*.annihil.us" />
+	<!--	Direct rewrites:
+				-->
+	<target host="i.annihil.us" />
+
+	<!--	Complications:
+				-->
+	<target host="x.annihil.us" />
 
 
 	<rule from="^http://[ix]\.annihil\.us/"
 		to="https://i.annihil.us/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Annonce.cz.xml b/src/chrome/content/rules/Annonce.cz.xml
new file mode 100644
index 000000000000..3d57e6b32214
--- /dev/null
+++ b/src/chrome/content/rules/Annonce.cz.xml
@@ -0,0 +1,7 @@
+<ruleset name="Annonce.cz">
+    <target host="annonce.cz" />
+    <target host="www.annonce.cz" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AnnualCreditReport.com.xml b/src/chrome/content/rules/AnnualCreditReport.com.xml
index d2196de754ab..89b216f27660 100644
--- a/src/chrome/content/rules/AnnualCreditReport.com.xml
+++ b/src/chrome/content/rules/AnnualCreditReport.com.xml
@@ -1,9 +1,17 @@
-<ruleset name="AnnualCreditReport.com" platform="mixedcontent">
+<ruleset name="AnnualCreditReport.com">
+
 	<target host="annualcreditreport.com" />
 	<target host="*.annualcreditreport.com" />
 
-	<securecookie host="^(.*\.)?annualcreditreport\.com$" name=".+" />
 
-	<rule from="^https?://annualcreditreport\.com/" to="https://www.annualcreditreport.com/" />
-	<rule from="^http://([A-Za-z0-9\-]+)\.annualcreditreport\.com/" to="https://$1.annualcreditreport.com/" />
-</ruleset>
\ No newline at end of file
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.www\.annualcreditreport\.com$" name="^app-type$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://([\w-]+\.)?annualcreditreport\.com/"
+		to="https://$1annualcreditreport.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Anomos.xml b/src/chrome/content/rules/Anomos.xml
deleted file mode 100644
index efdab821c3e1..000000000000
--- a/src/chrome/content/rules/Anomos.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="Anomos (CAcert)" platform="cacert">
-
-	<target host="anomos.info"/>
-	<target host="*.anomos.info"/>
-
-	<rule from="^http://(git\.|www\.)?anomos\.info/"
-		to="https://$1anomos.info/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Anon-IB.com.xml b/src/chrome/content/rules/Anon-IB.com.xml
new file mode 100644
index 000000000000..72e758982c6d
--- /dev/null
+++ b/src/chrome/content/rules/Anon-IB.com.xml
@@ -0,0 +1,38 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://anon-ib.com/ => https://anon-ib.com/: (7, 'Failed to connect to anon-ib.com port 443: Connection refused')
+Fetch error: http://www.anon-ib.com/ => https://www.anon-ib.com/: (7, 'Failed to connect to www.anon-ib.com port 443: Connection refused')
+
+	Insecure cookies are set for these domains:
+
+		- .anon-ib.com
+
+
+	Mixed content:
+
+		- css from fonts.googleapis.com *
+		- Image from anon-ib.co
+
+	* Secured by us
+
+-->
+<ruleset name="Anon-IB.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="anon-ib.com" />
+	<target host="www.anon-ib.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.anon-ib\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.anon-ib\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AnonFiles.com.xml b/src/chrome/content/rules/AnonFiles.com.xml
new file mode 100644
index 000000000000..2287284cfdbc
--- /dev/null
+++ b/src/chrome/content/rules/AnonFiles.com.xml
@@ -0,0 +1,18 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://anonfiles.com/ => https://anonfiles.com/: (7, 'Failed to connect to anonfiles.com port 443: Connection refused')
+Fetch error: http://cdn.anonfiles.com/ => https://cdn.anonfiles.com/: (7, 'Failed to connect to cdn.anonfiles.com port 443: Connection refused')
+Fetch error: http://www.anonfiles.com/ => https://www.anonfiles.com/: (7, 'Failed to connect to www.anonfiles.com port 443: Connection refused')
+
+-->
+<ruleset name="AnonFiles.com" default_off="failed ruleset test">
+
+	<target host="anonfiles.com" />
+	<target host="cdn.anonfiles.com" />
+	<target host="www.anonfiles.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AnonOps.com.xml b/src/chrome/content/rules/AnonOps.com.xml
new file mode 100644
index 000000000000..ece0cdcf7265
--- /dev/null
+++ b/src/chrome/content/rules/AnonOps.com.xml
@@ -0,0 +1,41 @@
+<!--
+	NB: Tor users cannot view* this website due to CloudFlare settings.
+
+	See:
+
+		- https://blog.torproject.org/blog/call-arms-helping-internet-services-accept-anonymous-users
+		- https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block-Tor-
+		- https://support.cloudflare.com/hc/en-us/articles/200170206-How-do-I-turn-I-m-Under-Attack-mode-on-
+
+	* without enabling javascript, for security and privacy implications see e.g.:
+
+		- https://www.mozilla.org/security/known-vulnerabilities/firefox.html
+		- https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-fingerprinting
+		- https://panopticlick.eff.org
+
+
+	Insecure cookies are set for these domains:
+
+		- .anonops.com
+
+-->
+<ruleset name="AnonOps.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="anonops.com" />
+	<target host="newblood.anonops.com" />
+	<target host="www.anonops.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.anonops\.com$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Anon_Imag.es.xml b/src/chrome/content/rules/Anon_Imag.es.xml
new file mode 100644
index 000000000000..efd7d4dd6507
--- /dev/null
+++ b/src/chrome/content/rules/Anon_Imag.es.xml
@@ -0,0 +1,27 @@
+<!--
+	Insecure cookies are set for these domains and hosts:
+
+		- anonimag.es
+		- .anonimag.es
+
+-->
+<ruleset name="Anon Imag.es">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="anonimag.es" />
+	<target host="www.anonimag.es" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^anonimag\.es$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^\.anonimag\.es$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.?anonimag\.es$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Anonabox.com.xml b/src/chrome/content/rules/Anonabox.com.xml
new file mode 100644
index 000000000000..70c1b9cec79d
--- /dev/null
+++ b/src/chrome/content/rules/Anonabox.com.xml
@@ -0,0 +1,24 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://anonabox.com/ => https://anonabox.com/: (51, "SSL: no alternative certificate subject name matches target host name 'anonabox.com'")
+
+	Mixed content:
+
+		- css from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Anonabox.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="anonabox.com" />
+	<target host="www.anonabox.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Anonbox.net.xml b/src/chrome/content/rules/Anonbox.net.xml
index f976d32656dd..1d0500f5a79d 100644
--- a/src/chrome/content/rules/Anonbox.net.xml
+++ b/src/chrome/content/rules/Anonbox.net.xml
@@ -1,14 +1,17 @@
 <!--
-	Cert only matches ^anonbox.net.
+	Invalid certificate:
+		ns1.anonbox.net
+
+	Secure connection failed
+		ns2.anonbox.net
 
 -->
-<ruleset name="anonbox.net" platform="cacert">
+<ruleset name="anonbox.net">
 
 	<target host="anonbox.net" />
 	<target host="www.anonbox.net" />
 
-
-	<rule from="^http://(?:www\.)?anonbox\.net/"
-		to="https://anonbox.net/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Anonine.com.xml b/src/chrome/content/rules/Anonine.com.xml
new file mode 100644
index 000000000000..0509e313619a
--- /dev/null
+++ b/src/chrome/content/rules/Anonine.com.xml
@@ -0,0 +1,18 @@
+<!--
+	No working URL known:
+		stg.anonine.com
+
+-->
+<ruleset name="Anonine.com">
+
+	<target host="anonine.com" />
+	<target host="www.anonine.com" />
+	<target host="api.anonine.com" />
+	<target host="help.anonine.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AnonySurfer.com.xml b/src/chrome/content/rules/AnonySurfer.com.xml
new file mode 100644
index 000000000000..d7fd8c4220e9
--- /dev/null
+++ b/src/chrome/content/rules/AnonySurfer.com.xml
@@ -0,0 +1,16 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://anonysurfer.com/ => https://anonysurfer.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.anonysurfer.com/ => https://www.anonysurfer.com/: (28, 'Connection timed out after 20008 milliseconds')
+
+-->
+<ruleset name="AnonySurfer.com" default_off="failed ruleset test">
+
+	<target host="anonysurfer.com" />
+	<target host="www.anonysurfer.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Anonymix.io.xml b/src/chrome/content/rules/Anonymix.io.xml
new file mode 100644
index 000000000000..13b9463306d9
--- /dev/null
+++ b/src/chrome/content/rules/Anonymix.io.xml
@@ -0,0 +1,6 @@
+<ruleset name="Anonymix.io">
+	<target host="anonymix.io" />
+	<target host="www.anonymix.io" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Anonymizer.xml b/src/chrome/content/rules/Anonymizer.xml
index 27e0a9392d26..b10c09fd3fff 100644
--- a/src/chrome/content/rules/Anonymizer.xml
+++ b/src/chrome/content/rules/Anonymizer.xml
@@ -1,10 +1,10 @@
 <ruleset name="Anonymizer">
 
 	<target host="anonymizer.com" />
-	<target host="*.anonymizer.com" />
+	<target host="www.anonymizer.com" />
+	<target host="www1.anonymizer.com" />
 
 
-	<rule from="^http://(www1?\.)?anonymizer\.com/"
-		to="https://$1anonymizer.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/AnonymoX.xml b/src/chrome/content/rules/AnonymoX.xml
index c866e695cc92..256ee683ee74 100644
--- a/src/chrome/content/rules/AnonymoX.xml
+++ b/src/chrome/content/rules/AnonymoX.xml
@@ -1,13 +1,12 @@
 <ruleset name="anonymoX">
 
 	<target host="anonymox.net" />
-	<target host="*.anonymox.net" />
+	<target host="www.anonymox.net" />
 
 
-	<securecookie host="^(?:.*\.)?anonymox\.net$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(www\.)?anonymox\.net/"
-		to="https://$1anonymox.net/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/AnonymousForTheVoiceless.org.xml b/src/chrome/content/rules/AnonymousForTheVoiceless.org.xml
new file mode 100644
index 000000000000..46fa642cdb2d
--- /dev/null
+++ b/src/chrome/content/rules/AnonymousForTheVoiceless.org.xml
@@ -0,0 +1,10 @@
+<ruleset name="Anonymous for the Voiceless">
+
+	<target host="anonymousforthevoiceless.org" />
+	<target host="www.anonymousforthevoiceless.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AnonymousSpeech.com.xml b/src/chrome/content/rules/AnonymousSpeech.com.xml
new file mode 100644
index 000000000000..9e1bf2cbbd98
--- /dev/null
+++ b/src/chrome/content/rules/AnonymousSpeech.com.xml
@@ -0,0 +1,16 @@
+<ruleset name="AnonymousSpeech.com">
+
+	<target host="anonymousspeech.com" />
+	<target host="www.anonymousspeech.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?anonymousspeech\.com$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^(?:www\.)?anonymousspeech\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Anonymousads.com.xml b/src/chrome/content/rules/Anonymousads.com.xml
index b39b9066db46..4066f968e4f1 100644
--- a/src/chrome/content/rules/Anonymousads.com.xml
+++ b/src/chrome/content/rules/Anonymousads.com.xml
@@ -1,6 +1,6 @@
-<ruleset name="Anonymousads.com">
+<ruleset name="Anonymousads.com" default_off="refused">
   <target host="anonymousads.com" />
   <target host="www.anonymousads.com" />
 
-  <rule from="^http://(www\.)?anonymousads\.com/" to="https://anonymousads.com/" />
-</ruleset>
\ No newline at end of file
+  <rule from="^http://(?:www\.)?anonymousads\.com/" to="https://anonymousads.com/" />
+</ruleset>
diff --git a/src/chrome/content/rules/Anonymouse.xml b/src/chrome/content/rules/Anonymouse.xml
deleted file mode 100644
index ce738509001c..000000000000
--- a/src/chrome/content/rules/Anonymouse.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	CN: ssl15.ovh.net
-
--->
-<ruleset name="Anonymouse" default_off="mismatched">
-
-	<target host="anonymouse.me" />
-	<target host="www.anonymouse.me" />
-
-
-	<securecookie host="^anonymouse\.me$" name=".+" />
-
-
-	<rule from="^https?://(?:www\.)?anonymouse\.me/"
-		to="https://anonymouse.me/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Anpdm.com.xml b/src/chrome/content/rules/Anpdm.com.xml
new file mode 100644
index 000000000000..f9b4a29fbe32
--- /dev/null
+++ b/src/chrome/content/rules/Anpdm.com.xml
@@ -0,0 +1,22 @@
+<!--
+	For other Apsis coverage, see Apsis_Lead.com.xml.
+
+
+	Mixed content:
+
+		- Bug on www from tr.prospecteye.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Anpdm.com">
+
+	<target host="anpdm.com" />
+	<target host="customers.anpdm.com" />
+	<target host="www.anpdm.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ansa.it.xml b/src/chrome/content/rules/Ansa.it.xml
index 4b0af4b046f0..e08d66f12156 100644
--- a/src/chrome/content/rules/Ansa.it.xml
+++ b/src/chrome/content/rules/Ansa.it.xml
@@ -2,6 +2,6 @@
   <target host="www.ansa.it" />
   <target host="ansa.it" />
 
-  <rule from="^http://(?:www\.)?ansa\.it/" to="https://www.ansa.it/"/>
+  <rule from="^http:" to="https:" />
 </ruleset>
 
diff --git a/src/chrome/content/rules/Ansible.com.xml b/src/chrome/content/rules/Ansible.com.xml
new file mode 100644
index 000000000000..3b0e11bd5e9a
--- /dev/null
+++ b/src/chrome/content/rules/Ansible.com.xml
@@ -0,0 +1,54 @@
+<!--
+	Other Ansible rulesets:
+
+		- Ansible_works.com.xml
+
+
+	CDN buckets:
+
+		- 330046.group46.sites.hubspot.net
+
+
+	^ansible.com: Dropped
+
+
+	These altnames don't exist:
+
+		- www.galaxy.ansible.com
+
+
+	Insecure cookies are set for these hosts:
+
+		- galaxy.ansible.com
+
+-->
+<ruleset name="Ansible.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="docs.ansible.com" />
+	<target host="galaxy.ansible.com" />
+	<target host="releases.ansible.com" />
+	<target host="support.ansible.com" />
+	<target host="www.ansible.com" />
+
+	<!--	Complications:
+				-->
+	<target host="ansible.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^galaxy\.ansible\.com$" name="^sessionid$" /-->
+
+	<securecookie host="^\." name="^(?:__cfduid|_gat?|_gat_|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://ansible\.com/"
+		to="https://www.ansible.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ansible_works.com.xml b/src/chrome/content/rules/Ansible_works.com.xml
new file mode 100644
index 000000000000..ed96914dbfc0
--- /dev/null
+++ b/src/chrome/content/rules/Ansible_works.com.xml
@@ -0,0 +1,36 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ansibleworks.com/ => https://ansibleworks.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://galaxy.ansibleworks.com/ => https://galaxy.ansibleworks.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.ansibleworks.com/ => https://www.ansibleworks.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+	For other Ansible coverage, see Ansible.com.xml.
+
+
+	Nonfunctional hosts in *ansibleworks.com:
+
+		- blog *
+
+	* Dropped
+
+
+	These altnames don't exist:
+
+		- www.galaxy.ansibleworks.com
+
+-->
+<ruleset name="Ansible works.com (partial)" default_off="failed ruleset test">
+
+	<target host="ansibleworks.com" />
+	<target host="galaxy.ansibleworks.com" />
+	<target host="www.ansibleworks.com" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AnswCDN.com.xml b/src/chrome/content/rules/AnswCDN.com.xml
new file mode 100644
index 000000000000..2527e30388a5
--- /dev/null
+++ b/src/chrome/content/rules/AnswCDN.com.xml
@@ -0,0 +1,37 @@
+<!--
+	For other Answers Corporation coverage, see Answers.com.xml.
+
+
+	Problematic hosts in *answcdn.com:
+
+		- en.site1 *
+
+	* Mismatched
+
+-->
+<ruleset name="AnswCDN.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="file.answcdn.com" />
+	<target host="file1.answcdn.com" />
+	<target host="file2.answcdn.com" />
+	<target host="file3.answcdn.com" />
+	<target host="rxf1.answcdn.com" />
+	<target host="rxs1.answcdn.com" />
+	<target host="rxs2.answcdn.com" />
+	<target host="rxs3.answcdn.com" />
+	<target host="sitecdn.answcdn.com" />
+
+	<!--	Complications:
+				-->
+	<target host="en.site1.answcdn.com" />
+
+
+	<rule from="^http://en\.site1\.answcdn\.com/"
+		to="https://sitecdn.answcdn.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Answers.com.xml b/src/chrome/content/rules/Answers.com.xml
new file mode 100644
index 000000000000..1c9d83a17b71
--- /dev/null
+++ b/src/chrome/content/rules/Answers.com.xml
@@ -0,0 +1,57 @@
+<!--
+	Other Answers Corporation rulesets:
+
+		- AnswCDN.com.xml
+		- Answers_Cloud.com.xml
+		- Vast_Interactive.xml
+
+
+	Nonfunctional hosts in *answers.com:
+
+		- answers *
+		- coupons *
+		- de *
+
+	* Refused
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .answers.com
+		- wiki.answers.com
+		- www.answers.com
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- wiki from en.site1.answcdn.com *
+			- wiki from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Answers.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="answers.com" />
+	<target host="wiki.answers.com" />
+	<target host="www.answers.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.answers\.com$" name="^(?:__qca|PHPSESSID|mode_id|wab_test)$" /-->
+	<!--securecookie host="^wiki\.answers\.com$" name="^(?:PHPSESSID|answ_lt_persist)$" /-->
+	<!--securecookie host="^www\.answers\.com$" name="^(?:ANSW-persist-cookie|uvx)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+	<securecookie host="^\.answers\.com$" name="^__qca$" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Answers_Cloud.com.xml b/src/chrome/content/rules/Answers_Cloud.com.xml
new file mode 100644
index 000000000000..251ddc1a96fc
--- /dev/null
+++ b/src/chrome/content/rules/Answers_Cloud.com.xml
@@ -0,0 +1,15 @@
+<!--
+	For other Answers Corporation coverage, see Answers.com.xml.
+
+-->
+<ruleset name="Answers Cloud.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="gateway.answerscloud.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AntennaPod.org.xml b/src/chrome/content/rules/AntennaPod.org.xml
new file mode 100644
index 000000000000..b2946d2b85d6
--- /dev/null
+++ b/src/chrome/content/rules/AntennaPod.org.xml
@@ -0,0 +1,11 @@
+<!--
+	Mismatched:
+		- www
+-->
+<ruleset name="AntennaPod.org">
+	<target host="antennapod.org" />
+	<target host="www.antennapod.org" />
+
+	<rule from="^http://www\.antennapod\.org/" to="https://antennapod.org/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Antevenio.xml b/src/chrome/content/rules/Antevenio.xml
index 0f0e76eb0fed..17967c42fdeb 100644
--- a/src/chrome/content/rules/Antevenio.xml
+++ b/src/chrome/content/rules/Antevenio.xml
@@ -1,10 +1,16 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://reachandrich.antevenio.com/ => https://reachandrich.antevenio.com/: (51, "SSL: no alternative certificate subject name matches target host name 'reachandrich.antevenio.com'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://reachandrich.antevenio.com/ => https://reachandrich.antevenio.com/: (28, 'Operation timed out after 0 milliseconds with 0 out of 0 bytes received')
 	Nonfunctional subdomains:
 
 		- (www.)	(times out)
 
 -->
-<ruleset name="Antevenio (partial)">
+<ruleset name="Antevenio (partial)" default_off="failed ruleset test">
 
 	<target host="reachandrich.antevenio.com" />
 
@@ -12,7 +18,6 @@
 	<securecookie host="^reachandrich\.antevenio\.com$" name=".+" />
 
 
-	<rule from="^http://reachandrich\.antevenio\.com/"
-		to="https://reachandrich.antevenio.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Anthony_Cameron.com.xml b/src/chrome/content/rules/Anthony_Cameron.com.xml
new file mode 100644
index 000000000000..54549e14fe77
--- /dev/null
+++ b/src/chrome/content/rules/Anthony_Cameron.com.xml
@@ -0,0 +1,35 @@
+<!--
+	Problematic hosts in *anthonycameron.com:
+
+		- blog ¹
+		- www ²
+
+	¹ Doesn't redirect
+	² Mismatched
+
+
+	Fully covered hosts in *anthonycameron.com:
+
+		- (www.)?	(www → ^)
+		- blog		(→ anthonycameron.com)
+
+-->
+<ruleset name="Anthony Cameron.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="anthonycameron.com" />
+
+	<!--	Complications:
+				-->
+	<target host="blog.anthonycameron.com" />
+	<target host="www.anthonycameron.com" />
+
+
+	<rule from="^http://(?:blog|www)\.anthonycameron\.com/"
+		to="https://anthonycameron.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Anthrocon.xml b/src/chrome/content/rules/Anthrocon.xml
index 04ea75d06df8..08b8ed980e1d 100644
--- a/src/chrome/content/rules/Anthrocon.xml
+++ b/src/chrome/content/rules/Anthrocon.xml
@@ -5,7 +5,7 @@
   <securecookie host="^\.anthrocon\.org$" name=".+" />
   <securecookie host="^www\.anthrocon\.org$" name=".+" />
 
-  <rule from="^http://(www\.)?anthrocon\.org/" to="https://www.anthrocon.org/" />
+  <rule from="^http:" to="https:" />
 
 
 </ruleset>
diff --git a/src/chrome/content/rules/Anti-Phishing_Working_Group.xml b/src/chrome/content/rules/Anti-Phishing_Working_Group.xml
index 019c8b94abb0..b4f966153fcc 100644
--- a/src/chrome/content/rules/Anti-Phishing_Working_Group.xml
+++ b/src/chrome/content/rules/Anti-Phishing_Working_Group.xml
@@ -1,26 +1,56 @@
 <!--
+	Other Anti-Phishing Working Group rulesets:
+
+		- ECrime_Research.org.xml
+
+
 	Problematic domains:
 
-		- (www.)antiphishing.org *
+		- (www.)?antiphishing.org *
 
 	* Mismatched, CN: apwg.org
 
+
+	Fully covered domains:
+
+		- (www.)?antiphishing.org	[→ (www.)?apwg.org]
+
+		- apwg.org subdomains:
+
+			- (www.)?
+			- docs
+			- education
+			- info
+			- members
+
+
+	Mixed content:
+
+		- css on  (www.)?apwg.org, education.apwg.org from fonts.googleapis.com *
+
+		- Bug on (www.)?apwg.org from www.facebook.com *
+
+	* Secured by us
+
 -->
-<ruleset name="Anti-Phishing Working Group">
+<ruleset name="APWG.org">
 
 	<target host="antiphishing.org" />
 	<target host="www.antiphishing.org" />
 	<target host="apwg.org" />
-	<target host="*.apwg.org" />
+	<target host="docs.apwg.org" />
+	<target host="education.apwg.org" />
+	<target host="info.apwg.org" />
+	<target host="members.apwg.org" />
+	<target host="www.apwg.org" />
 
 
 	<securecookie host="^(?:.+\.)?apwg\.org$" name=".+" />
 
 
-	<rule from="^https?://(www\.)?a(?:ntiphishin|pw)g\.org/"
+	<rule from="^http://(www\.)?antiphishing\.org/"
 		to="https://$1apwg.org/" />
 
-	<rule from="^http://(education|info|members)\.apwg\.org/"
-		to="https://$1.apwg.org/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AntiPolygraph.org.xml b/src/chrome/content/rules/AntiPolygraph.org.xml
deleted file mode 100644
index d07164e24f56..000000000000
--- a/src/chrome/content/rules/AntiPolygraph.org.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="AntiPolygraph.org">
-
-	<target host="antipolygraph.org" />
-	<target host="www.antipolygraph.org" />
-
-
-	<rule from="^http://(www\.)?antipolygraph\.org/"
-		to="https://$1antipolygraph.org/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/AntiPornGroup.com.xml b/src/chrome/content/rules/AntiPornGroup.com.xml
new file mode 100644
index 000000000000..3183cf5ed2de
--- /dev/null
+++ b/src/chrome/content/rules/AntiPornGroup.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="AntiPornGroup.com">
+	<target host="antiporngroup.com" />
+	<target host="www.antiporngroup.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Antifa.cz.xml b/src/chrome/content/rules/Antifa.cz.xml
index 1dfcf13e6476..180478494e3f 100644
--- a/src/chrome/content/rules/Antifa.cz.xml
+++ b/src/chrome/content/rules/Antifa.cz.xml
@@ -2,5 +2,5 @@
   <target host="www.antifa.cz" />
   <target host="antifa.cz" />
 
-  <rule from="^http://(www\.)?antifa\.cz/" to="https://www.antifa.cz/"/>
+  <rule from="^http://(?:www\.)?antifa\.cz/" to="https://www.antifa.cz/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/AntiqueAppliances.com.xml b/src/chrome/content/rules/AntiqueAppliances.com.xml
new file mode 100644
index 000000000000..b68e9887f85a
--- /dev/null
+++ b/src/chrome/content/rules/AntiqueAppliances.com.xml
@@ -0,0 +1,12 @@
+<!--
+	Invalid certificate:
+		- autodiscover.antiqueappliances.com
+-->
+
+<ruleset name="AntiqueAppliances.com">
+	<target host="antiqueappliances.com" />
+	<target host="www.antiqueappliances.com" />
+	<target host="store.antiqueappliances.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AntiqueMotorcycle.org.xml b/src/chrome/content/rules/AntiqueMotorcycle.org.xml
new file mode 100644
index 000000000000..d2cf1717e2ca
--- /dev/null
+++ b/src/chrome/content/rules/AntiqueMotorcycle.org.xml
@@ -0,0 +1,7 @@
+<ruleset name="AntiqueMotorcycle.org">
+	<target host="antiquemotorcycle.org" />
+	<target host="www.antiquemotorcycle.org" />
+	<target host="merchandise.antiquemotorcycle.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Antispam.de.xml b/src/chrome/content/rules/Antispam.de.xml
index e8519bba55b5..083f9c593301 100644
--- a/src/chrome/content/rules/Antispam.de.xml
+++ b/src/chrome/content/rules/Antispam.de.xml
@@ -1,10 +1,9 @@
 <ruleset name="AntiSpam e.V." platform="mixedcontent">
 
 	<target host="antispam-ev.de" />
-	<target host="www.antispam-ev.de" />  
-  
+	<target host="www.antispam-ev.de" />
 
-	<rule from="^http://(www\.)?antispam-ev\.de/"
-		to="https://$1antispam-ev.de/" />
+
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Antivigilancia.org.xml b/src/chrome/content/rules/Antivigilancia.org.xml
new file mode 100644
index 000000000000..72510a322b0d
--- /dev/null
+++ b/src/chrome/content/rules/Antivigilancia.org.xml
@@ -0,0 +1,25 @@
+<!--
+	www.antivigilancia.org: Mismatched
+
+-->
+<ruleset name="Antivigilancia.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="antivigilancia.org" />
+
+	<!--	Complications:
+				-->
+	<target host="www.antivigilancia.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://www\.antivigilancia\.org/"
+		to="https://antivigilancia.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Antiwar.com.xml b/src/chrome/content/rules/Antiwar.com.xml
new file mode 100644
index 000000000000..d5a0c4474f62
--- /dev/null
+++ b/src/chrome/content/rules/Antiwar.com.xml
@@ -0,0 +1,12 @@
+<!--
+	Refused:
+		- news.antiwar.com
+		- original.antiwar.com
+
+-->
+<ruleset name="Antiwar.com">
+	<target host="antiwar.com" />
+	<target host="www.antiwar.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Antizapret.info.xml b/src/chrome/content/rules/Antizapret.info.xml
new file mode 100644
index 000000000000..369556a1ec3b
--- /dev/null
+++ b/src/chrome/content/rules/Antizapret.info.xml
@@ -0,0 +1,7 @@
+<ruleset name="Antizapret.info">
+	<target host="antizapret.info" />
+	<target host="www.antizapret.info" />
+	<target host="api.antizapret.info" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Antpool.com.xml b/src/chrome/content/rules/Antpool.com.xml
new file mode 100644
index 000000000000..615d1e8adc87
--- /dev/null
+++ b/src/chrome/content/rules/Antpool.com.xml
@@ -0,0 +1,19 @@
+<!--
+	For other Bitmain Tech coverage, see Bitmain_Tech.com.xml.
+
+-->
+<ruleset name="Antpool.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="antpool.com" />
+	<target host="www.antpool.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AnubisNetworks.com.xml b/src/chrome/content/rules/AnubisNetworks.com.xml
new file mode 100644
index 000000000000..02eca874e1d3
--- /dev/null
+++ b/src/chrome/content/rules/AnubisNetworks.com.xml
@@ -0,0 +1,36 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://support.anubisnetworks.com/ => https://support.anubisnetworks.com/: Too many redirects while fetching 'https://support.anubisnetworks.com/'
+
+	For other BitSight coverage, see BitSight_Tech.com.xml.
+
+
+	Problematic hosts in *anubisnetworks.com:
+
+		- ^ ¹
+		- blog ²
+
+	¹ Refused
+	² Akamai/mismatched
+
+-->
+<ruleset name="AnubisNetworks.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="support.anubisnetworks.com" />
+	<target host="www.anubisnetworks.com" />
+
+	<!--	Complications:
+				-->
+	<target host="anubisnetworks.com" />
+
+
+	<rule from="^http://anubisnetworks\.com/"
+		to="https://www.anubisnetworks.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Anunciou.com.xml b/src/chrome/content/rules/Anunciou.com.xml
new file mode 100644
index 000000000000..939d0a0719c5
--- /dev/null
+++ b/src/chrome/content/rules/Anunciou.com.xml
@@ -0,0 +1,14 @@
+<ruleset name="Anunciou.com" default_off="522">
+
+	<target host="anunciou.com" />
+	<target host="www.anunciou.com" />
+
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Anxpro.com.xml b/src/chrome/content/rules/Anxpro.com.xml
new file mode 100644
index 000000000000..8305f8722707
--- /dev/null
+++ b/src/chrome/content/rules/Anxpro.com.xml
@@ -0,0 +1,29 @@
+<!--
+	Nonfunctional subdomains:
+
+		- support *
+
+	* Desk.com
+
+
+	Insecure cookies are set for these domains:
+
+		- anxpro.com
+
+-->
+<ruleset name="anxpro.com (partial)">
+
+	<target host="anxpro.com" />
+	<target host="www.anxpro.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^anxpro\.com$" name="^org\.springframework\.web\.servlet\.i18n\.CookieLocaleResolver\.LOCALE$" /-->
+
+	<securecookie host="^\.?anxpro\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AnyBrowser.org.xml b/src/chrome/content/rules/AnyBrowser.org.xml
new file mode 100644
index 000000000000..f48a753cc82d
--- /dev/null
+++ b/src/chrome/content/rules/AnyBrowser.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="AnyBrowser.org">
+	<target host="anybrowser.org" />
+	<target host="www.anybrowser.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Anybalance.com.xml b/src/chrome/content/rules/Anybalance.com.xml
new file mode 100644
index 000000000000..13d531c1de66
--- /dev/null
+++ b/src/chrome/content/rules/Anybalance.com.xml
@@ -0,0 +1,16 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://anybalance.com/ => https://anybalance.com/: (6, 'Could not resolve host: anybalance.com')
+Fetch error: http://www.anybalance.com/ => https://www.anybalance.com/: (6, 'Could not resolve host: www.anybalance.com')
+
+-->
+<ruleset name="Anybalance.com" default_off="failed ruleset test">
+	<target host="anybalance.com" />
+	<target host="www.anybalance.com" />
+	<target host="support.anybalance.ru" />
+	<target host="anybalance.ru" />
+	<target host="www.anybalance.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Anybeat.com.xml b/src/chrome/content/rules/Anybeat.com.xml
deleted file mode 100644
index f4a7c9ff816a..000000000000
--- a/src/chrome/content/rules/Anybeat.com.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="Anybeat" platform="mixedcontent">
-  <target host="www.anybeat.com"/>
-  <target host="anybeat.com"/>
-
-  <rule from="^http://(www\.)?anybeat\.com/" to="https://www.anybeat.com/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/Anyfi.net.xml b/src/chrome/content/rules/Anyfi.net.xml
index 610dfb587a13..a754615da935 100644
--- a/src/chrome/content/rules/Anyfi.net.xml
+++ b/src/chrome/content/rules/Anyfi.net.xml
@@ -1,14 +1,24 @@
-<ruleset name="Anyfi.net">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://anyfi.net/ => https://anyfi.net/: (35, 'error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol')
+Fetch error: http://www.anyfi.net/ => https://anyfi.net/: (35, 'error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://anyfi.net/ => https://anyfi.net/: Cycle detected - URL already encountered: https://anyfi.net/
+Fetch error: http://www.anyfi.net/ => https://anyfi.net/: Cycle detected - URL already encountered: https://anyfi.net/
+-->
+<ruleset name="Anyfi.net" default_off="failed ruleset test">
 
 	<target host="anyfi.net" />
 	<target host="www.anyfi.net" />
 
 
-	<securecookie host="^anyfi\.net$" name=".*" />
+	<securecookie host="^anyfi\.net$" name=".+" />
 
 
 	<!--	Cert only matches //anyfi.	-->
-	<rule from="^https?://(?:www\.)?anyfi\.net/"
+	<rule from="^http://(?:www\.)?anyfi\.net/"
 		to="https://anyfi.net/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Anyoption.com.xml b/src/chrome/content/rules/Anyoption.com.xml
deleted file mode 100644
index 3bd5805864e0..000000000000
--- a/src/chrome/content/rules/Anyoption.com.xml
+++ /dev/null
@@ -1,37 +0,0 @@
-<!--
-	Other anyoption rulesets:
-
-		- 168qiquan.com.xml
-
-
-	CDN buckets:
-
-		- ls.anyoption.com.srip.net
-
-
-	Nonfunctional subdomains:
-
-		- affiliates	(reset)
-
-
-	Problematic subdomains:
-
-		- ^	(dropped)
-
-
-	Some pages redirect to http.
-
--->
-<ruleset name="anyoption.com (partial)">
-
-	<target host="anyoption.com" />
-	<target host="*.anyoption.com" />
-
-
-	<rule from="^http://(?:www\.)?anyoption\.com/(?=bridge/|css/|favicon\.ico|images/|javax\.faces\.resource/|jsp?/|thickbox/)"
-		to="https://www.anyoption.com/" />
-
-	<rule from="^http://(image|l)s\.anyoption\.com/"
-		to="https://$1s.anyoption.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Anyproz.xml b/src/chrome/content/rules/Anyproz.xml
index 3debd6b78100..9943abbfd250 100644
--- a/src/chrome/content/rules/Anyproz.xml
+++ b/src/chrome/content/rules/Anyproz.xml
@@ -1,13 +1,19 @@
-<ruleset name="Anyproz">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://anonyproz.com/ => https://anonyproz.com/: (7, 'Failed to connect to anonyproz.com port 443: Connection refused')
+Fetch error: http://www.anonyproz.com/ => https://www.anonyproz.com/: (7, 'Failed to connect to www.anonyproz.com port 443: Connection refused')
+
+-->
+<ruleset name="Anyproz" default_off="failed ruleset test">
 
 	<target host="anonyproz.com" />
 	<target host="www.anonyproz.com" />
 
 
-	<securecookie host="^www\.anonyproz\.com$" name=".*" />
+	<securecookie host="^www\.anonyproz\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?anonyproz\.com/"
-		to="https://$1anonyproz.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Anzen.org.uk.xml b/src/chrome/content/rules/Anzen.org.uk.xml
deleted file mode 100644
index 0a1821f5e803..000000000000
--- a/src/chrome/content/rules/Anzen.org.uk.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Anzen.org.uk">
-
-	<target host="anzen.org.uk" />
-	<target host="*.anzen.org.uk" />
-
-
-	<securecookie host="^(?:w*\.)?anzen\.org\.uk$" name=".+" />
-
-
-	<rule from="^http://(www\.)?anzen\.org\.uk/"
-		to="https://$1anzen.org.uk/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Ao2.it.xml b/src/chrome/content/rules/Ao2.it.xml
deleted file mode 100644
index 2746f1a49bfa..000000000000
--- a/src/chrome/content/rules/Ao2.it.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="ao2.it (CAcert)" platform="cacert">
-
-	<target host="www.ao2.it"/>
-
-	<securecookie host="(.*\.)ao2\.it$" name=".*"/>
-
-	<rule from="^http://(www\.)?ao2\.it/"
-		to="https://$1.ao2.it/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/AoSABook.org.xml b/src/chrome/content/rules/AoSABook.org.xml
new file mode 100644
index 000000000000..015e522f3591
--- /dev/null
+++ b/src/chrome/content/rules/AoSABook.org.xml
@@ -0,0 +1,10 @@
+<!--
+	Nonfunctional hosts in *.aosabook.org:
+		- webmail
+-->
+<ruleset name="AoSABook.org">
+	<target host="aosabook.org" />
+	<target host="www.aosabook.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Apa.at.xml b/src/chrome/content/rules/Apa.at.xml
new file mode 100644
index 000000000000..3a02e3c82565
--- /dev/null
+++ b/src/chrome/content/rules/Apa.at.xml
@@ -0,0 +1,203 @@
+<!--
+	Cert mismatch:
+		- basb.cms.apa.at
+		- bmsk2.cms.apa.at
+		- fit2work.cms.apa.at
+		- prod.epaper.apa.at
+		- epub.apa.at
+		- www.finance.apa.at
+		- gutenmorgen.apa.at
+		- www.gutenmorgen.apa.at
+		- www.hektor.apa.at
+		- info.apa.at
+		- web01.medialab.apa.at
+		- ots.apa.at
+		- rms.apa.at
+		- vapaors01.apa.at
+		- www.webselect.apa.at
+		- abm.apa.at
+		- classic.aomweb.apa.at
+		- apacrslnxe1.apa.at
+		- apampsprd04.apa.at
+		- www.auftragsservices.apa.at
+
+	Chain issues:
+		- apacms01.apa.at
+		- www.branchentreff.apa.at
+		- bmg.cms.apa.at
+		- bmwa.cms.apa.at
+		- journale.cms.apa.at
+		- service.cms.apa.at
+		- noz.diginews.apa.at
+		- mdhl.diginews-admin.apa.at
+		- historisch.apa.at
+		- www.historisch.apa.at
+		- journale.apa.at
+		- www.journale.apa.at
+		- apa3cx.pbx.apa.at
+		- regxp01.apa.at
+		- sslvpn.apa.at
+		- termine.apa.at
+		- www.termine.apa.at
+		- www.zukunftwissen.apa.at
+
+	Connection refused:
+		- collaboration.apa.at
+		- insite.apa.at
+
+	Self-signed cert:
+		- offline.apa.at
+		- apapwd.tst01.apa.at
+
+	Timeout:
+		- apasffr02.sf.apa.at
+		- vrm.sf.apa.at
+		- vpn.apa.at
+
+
+	TLS Handshake error:
+		- apamacnode1.apa.at
+		- apasam01.apa.at
+		- hipchat.apa.at
+		- is.apa.at
+		- search.apa.at
+		- search2.apa.at
+
+		-->
+<ruleset name="Apa.at">
+	<target host="apa.at" />
+	<target host="www.apa.at" />
+
+	<target host="a.apa.at" />
+	<target host="aktion.apa.at" />
+	<target host="aom.apa.at" />
+	<target host="www.aom.apa.at" />
+	<target host="login1.aom.apa.at" />
+	<target host="login2.aom.apa.at" />
+	<target host="login3.aom.apa.at" />
+	<target host="wsportal1.aom.apa.at" />
+	<target host="wsportal2.aom.apa.at" />
+	<target host="wsportal3.aom.apa.at" />
+	<target host="aomlibrary.apa.at" />
+	<target host="aommobile.apa.at" />
+	<target host="www.aomweb.apa.at" />
+	<target host="apainfostat01.apa.at" />
+	<target host="apamaweb01.apa.at" />
+	<target host="apaonlinemanager.apa.at" />
+	<target host="apapses5.apa.at" />
+	<target host="apapwd01.apa.at" />
+	<target host="apapwd02.apa.at" />
+	<target host="apasense01.apa.at" />
+	<target host="auftragsservices.apa.at" />
+	<target host="autodiscover.apa.at" />
+	<target host="bewerbung.apa.at" />
+	<target host="ssltest.bmw.apa.at" />
+	<target host="cee.apa.at" />
+	<target host="cirrus.apa.at" />
+	<target host="rss.crs.apa.at" />
+	<target host="cumulus.apa.at" />
+	<target host="allgaeuer.diginews.apa.at" />
+	<target host="augsburger.diginews.apa.at" />
+	<target host="automobilwoche.diginews.apa.at" />
+	<target host="bonn.diginews.apa.at" />
+	<target host="derstandard.diginews.apa.at" />
+	<target host="falter.diginews.apa.at" />
+	<target host="krone.diginews.apa.at" />
+	<target host="mainpost.diginews.apa.at" />
+	<target host="mdhl.diginews.apa.at" />
+	<target host="tt.diginews.apa.at" />
+	<target host="mittelbayerische.diginews-service.apa.at" />
+	<target host="vn.diginews-service.apa.at" />
+	<target host="www.diz.apa.at" />
+	<target host="ebc.apa.at" />
+	<target host="epaper.apa.at" />
+	<target host="falsum01.apa.at" />
+	<target host="falsum01beta.apa.at" />
+	<target host="filebox.apa.at" />
+	<target host="finance.apa.at" />
+	<target host="flash.apa.at" />
+	<target host="go.apa.at" />
+	<target host="grafik-chat.apa.at" />
+	<target host="apa.grafik-chat.apa.at" />
+	<target host="hektor.apa.at" />
+	<target host="infografik.apa.at" />
+	<target host="infographics.apa.at" />
+	<target host="inno1.apa.at" />
+	<target host="insighteu.apa.at" />
+	<target host="itrpredirect.apa.at" />
+	<target host="jira.apa.at" />
+	<target host="mars.apa.at" />
+	<target host="media.apa.at" />
+	<target host="medialab.apa.at" />
+	<target host="mps.apa.at" />
+	<target host="epub.mps.apa.at" />
+	<target host="msvpn.apa.at" />
+	<target host="oaw.apa.at" />
+	<target host="outlook.apa.at" />
+	<target host="owa.apa.at" />
+	<target host="www.psp.apa.at" />
+	<target host="apotheker.psp.apa.at" />
+	<target host="bmwfw.psp.apa.at" />
+	<target host="kommunalkredit.psp.apa.at" />
+	<target host="manner.psp.apa.at" />
+	<target host="rbinternational.psp.apa.at" />
+	<target host="shire.psp.apa.at" />
+	<target host="siemens.psp.apa.at" />
+	<target host="strabag.psp.apa.at" />
+	<target host="pstest.apa.at" />
+	<target host="science.apa.at" />
+	<target host="www.science.apa.at" />
+	<target host="apapublisher.sf.apa.at" />
+	<target host="apasffr21.sf.apa.at" />
+	<target host="apasfoe24l.sf.apa.at" />
+	<target host="apasfwltest.sf.apa.at" />
+	<target host="kf-apapublisher.sf.apa.at" />
+	<target host="kf-cineplexx.sf.apa.at" />
+	<target host="kf-dpa.sf.apa.at" />
+	<target host="kf-mmlines.sf.apa.at" />
+	<target host="kf-ooen.sf.apa.at" />
+	<target host="kf-standard.sf.apa.at" />
+	<target host="kf-tt.sf.apa.at" />
+	<target host="kf-tvc.sf.apa.at" />
+	<target host="kf-vn.sf.apa.at" />
+	<target host="kf-vrm.sf.apa.at" />
+	<target host="oe24.sf.apa.at" />
+	<target host="parlament.sf.apa.at" />
+	<target host="sdo-rca.sf.apa.at" />
+	<target host="uvp-aaz.sf.apa.at" />
+	<target host="uvp-apapublisher.sf.apa.at" />
+	<target host="uvp-derstandard.sf.apa.at" />
+	<target host="uvp-diepresse.sf.apa.at" />
+	<target host="uvp-fm1today.sf.apa.at" />
+	<target host="uvp-kleinezeitung.sf.apa.at" />
+	<target host="uvp-neues-volksblatt.sf.apa.at" />
+	<target host="uvp-ooen.sf.apa.at" />
+	<target host="uvp-prod-6-flash.sf.apa.at" />
+	<target host="uvp-prod-6-html5.sf.apa.at" />
+	<target host="uvp-prod-7-html5.sf.apa.at" />
+	<target host="uvp-promedia.sf.apa.at" />
+	<target host="uvp-rma.sf.apa.at" />
+	<target host="uvp-salzburgernachrichten.sf.apa.at" />
+	<target host="uvp-tele.sf.apa.at" />
+	<target host="uvp-tt.sf.apa.at" />
+	<target host="var01.sf.apa.at" />
+	<target host="var02.sf.apa.at" />
+	<target host="vs-pd-apapublisher.sf.apa.at" />
+	<target host="vs-pd-oe24.sf.apa.at" />
+	<target host="sport.apa.at" />
+	<target host="support.apa.at" />
+	<target host="svn.apa.at" />
+	<target host="team.apa.at" />
+	<target host="epaper.test.apa.at" />
+	<target host="ubuntu.apa.at" />
+	<target host="uvp.apa.at" />
+	<target host="value.apa.at" />
+	<target host="videoservice.apa.at" />
+	<target host="visual.apa.at" />
+	<target host="wahlen.apa.at" />
+	<target host="wp.apa.at" />
+	<target host="www2.apa.at" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Apache-OpenOffice.xml b/src/chrome/content/rules/Apache-OpenOffice.xml
index 8d129d20bc5d..f12ca49ae52d 100644
--- a/src/chrome/content/rules/Apache-OpenOffice.xml
+++ b/src/chrome/content/rules/Apache-OpenOffice.xml
@@ -3,17 +3,45 @@
 
 		- Apache.xml
 
--->
-<ruleset name="Apache OpenOffice (mismatches)" default_off="cert mismatch">
 
-	<!--	Cert: *.apache.org	-->
+	Nonfunctional subdomains:
+
+		- extensions.services ¹
+		- templates.services ¹
+		- survey ²
+
+	¹ Refused
+	² http reply
+
+
+	Fully covered subdomains:
+
+		- (www.)
+		- download
+		- forum
+		- forums
+		- wiki
+
+
+	Mixed content:
+
+		- Images on www from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="OpenOffice.org (partial)">
 
 	<target host="openoffice.org" />
+	<target host="download.openoffice.org" />
+	<target host="forum.openoffice.org" />
+	<target host="forums.openoffice.org" />
+	<target host="wiki.openoffice.org" />
 	<target host="www.openoffice.org" />
+		<!--exclusion pattern="^http://(extensions\.services|templates\.services|survey)\.openoffice\.org/" /-->
 
 
-	<!--	!www redirects to www.	-->
-	<rule from="^https?://(?:www\.)?openoffice\.org/"
-		to="https://www.openoffice.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Apache.org-falsemixed.xml b/src/chrome/content/rules/Apache.org-falsemixed.xml
new file mode 100644
index 000000000000..fe1f8028b36d
--- /dev/null
+++ b/src/chrome/content/rules/Apache.org-falsemixed.xml
@@ -0,0 +1,16 @@
+<!--
+	For rules not causing false/broken MCB, see Apache.xml.
+
+-->
+<ruleset name="Apache.org (false MCB)" platform="mixedcontent">
+
+	<target host="activemq.apache.org" />
+	<target host="aries.apache.org" />
+	<target host="geronimo.apache.org" />
+	<target host="oodt.apache.org" />
+	<target host="santuario.apache.org" />
+	<target host="tuscany.apache.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Apache.xml b/src/chrome/content/rules/Apache.xml
index bb24b273d060..0b2dcbface6c 100644
--- a/src/chrome/content/rules/Apache.xml
+++ b/src/chrome/content/rules/Apache.xml
@@ -1,21 +1,516 @@
 <!--
+	For rules causing false/broken MCB, see Apache.org-falsemixed.xml.
+
+
 	Other Apache rulesets:
 
+		- ApacheCon.com.xml
 		- Apache-OpenOffice.xml
 
+
+	Nonfunctional subdomains:
+
+		- feathercast ʳ
+		- ooo-forums ʳ
+		- vmgump ʳ
+
+	ʳ Refused
+
+
+	Problematic subdomains:
+
+		- ^ ᵐ
+		- activemq ˣ
+		- aries ˣ
+		- geronimo ˣ
+		- mail-archives (incomplete cert chain)
+		- santuario ˣ
+		- tuscany ˣ
+		- www.us ᵐ
+
+	ᵐ Cert only matches *.apache.org
+	ˣ Mixed css
+
+
+	Partially covered subdomains:
+
+		- activemq ˣ
+		- aries ˣ
+		- geronimo ˣ
+		- santuario ˣ
+		- tuscany ˣ
+
+	ˣ Avoiding false/broken MCB
+
+
+	Fully covered domains:
+
+		- (www.)apache.org	(^ → www)
+
+		- *.apache.org:
+
+			- accumulo
+			- abdera
+			- ace
+			- airavata
+			- allura
+			- ambari
+			- ant
+			- any23
+			- apr
+			- archiva
+			- archive
+			- attic
+			- avro
+			- axis
+			- bigtop
+			- blogs
+			- bloodhound
+			- buildr
+			- builds
+			- bval
+			- camel
+			- cassandra
+			- cayenne
+			- chemistry
+			- chukwa
+			- clerezza
+			- climate
+			- cloudstack
+			- cocoon
+			- comments
+			- commons
+			- community
+			- continuum
+			- couchdb
+			- creadur
+			- crunch
+			- ctakes
+			- curator
+			- cwiki
+			- cxf
+			- db
+			- deltacloud
+			- directmemory
+			- directory
+			- drill
+			- empire-db
+			- etch
+			- felix
+			- flex
+			- flume
+			- forge-allura
+			- forrest
+			- giraph
+			- git-wip-us
+			- gora
+			- gump
+			- hadoop
+			- hama
+			- hbase
+			- hc
+			- helix
+			- hive
+			- httpd
+			- incubator
+			- spark.incubator
+			- tez.incubator
+			- isis
+			- issues
+			- jackrabbit
+			- jakarta
+			- james
+			- jclouds
+			- jena
+			- jmeter
+			- jspwiki
+			- jspwiki-wiki
+			- juddi
+			- kafka
+			- knox
+			- labs
+			- lenya
+			- libcloud
+			- logging
+			- lucene
+			- lucenenet
+			- lucy
+			- mahout
+			- manifoldcf
+			- marmotta
+			- maven
+			- repo.maven
+			- mesos
+			- mina
+			- mrunit
+			- myfaces
+			- nutch
+			- ode
+			- ofbiz
+			- olingo
+			- oltu
+			- onami
+			- oozie
+			- openjpa
+			- openmeetings
+			- opennlp
+			- openoffice
+			- openwebbeans
+			- pdfbox
+			- people
+			- perl
+			- pig
+			- pivot
+			- poi
+			- portals
+			- qpid
+			- rave
+			- reviews
+			- river
+			- roller
+			- s
+			- servicemix
+			- shindig
+			- shiro
+			- sis
+			- sling
+			- spamassassin
+			- spark
+			- sqoop
+			- stanbol
+			- steve
+			- struts
+			- svn
+			- subversion
+			- synapse
+			- syncope
+			- tajo
+			- tapestry
+			- tcl
+			- tez
+			- thrift
+			- tika
+			- tiles
+			- tomcat
+			- tomee
+			- trafficserver
+			- turbine
+			- uima
+			- www.us	(→ ^www.apache.org)
+			- vcl
+			- velocity
+			- vxquery
+			- whirr
+			- wicket
+			- wiki
+			- wink
+			- wookie
+			- ws
+			- xalan
+			- xerces
+			- xml
+			- xmlbeans
+			- xmlgraphics
+			- zookeeper
+
+
+	Mixed content:
+
+		- iframes, on:
+
+			- archiva, shiro, and tomee from www.youtube.com ¹
+			- gora and nutch from prezi.com ¹
+			- gora from www.slideshare.net ¹
+
+		- css, on:
+
+			- activemq from $self ¹
+			- aries from $self ¹
+			- creadur, drill, kafka, marmotta, synapse, trafficserver, www from fonts.googleapis.com ¹
+			- geronimo from $self ¹
+			- santuario from cxf ¹
+			- sis and xmlgraphics from www ¹
+			- tuscany from $self ¹
+
+		- Images, on:
+
+			- ant, any23, bigtop, bloodhound, commons, continuum, creadur, ctakes, flex, forrest, gump, hc, lenya, nutch, oltu, oozie, openwebbeans, projects, shindig, sqoop, trafficserver, whir, www, and xerces from www ¹
+			- archiva from $self ¹
+			- aries from $self ¹
+			- blogs from people ¹
+			- builds and sling from incubator ¹
+			- camel from $self ¹
+			- commons, hc, and tajo from maven ¹
+			- crunch from hadoop ¹
+			- curator and tajo from ^ ¹
+			- cxf from $self ¹
+			- geronimo from $self ¹
+			- karaf from $self ¹
+			- knox from $self ¹
+			- mahout from $self ¹
+			- openoffice from www.openoffice.org ¹
+			- santuario from activemq ¹
+			- tajo from maven ¹
+			- tapestry from $self ¹
+			- tika from $self ¹
+			- tiles from struts ¹
+			- tuscany from $self ¹
+
+		- favicon on mahout from $self ¹
+
+		- Ads/bugs, on:
+
+			- archiva, bigtop, buildr, directmemory, giraph, onami, oozie, openwebbeans, sqoop, tajo, and ws from www.google.com ¹
+			- bloodhound from ghbtns.com ¹
+			- buildr from www.jetbrains.com ¹
+			- cayenne from $self ¹
+			- geronimo from static.delicious.com
+			- geronimo from digg.com ¹
+			- gora from www.datastax.com ²
+			- nutch from apachecon.com ³
+			- nutch from typo3.org ¹
+			- ofbiz from go.linuxfoundation.org ¹
+			- openwebbeans from twitter.github.com ¹
+			- tuscany from www.google-analytics.com ¹
+			- tuscany from c26.statcounter.com ¹
+			- xmlgraphics from www.apache.org ¹
+
+	¹ Secured by us
+	² Unsecurable <= refused
+	³ Not secured by us <= mismatched
+
 -->
-<ruleset name="Apache">
-  <target host="apache.org" />
-  <target host="*.apache.org" />
-  <target host="apache-ssl.org" />
-  <target host="www.apache-ssl.org" />
+<ruleset name="Apache.org (partial)">
+
+	<target host="apache.org" />
+	<target host="*.apache.org" />
+
+		<exclusion pattern="^http://(?:feathercast|ooo-forums|vmgump)\.apache\.org/" />
+
+			<!--	+ve:
+					-->
+			<test url="http://feathercast.apache.org/" />
+			<test url="http://ooo-forums.apache.org/" />
+			<test url="http://vmgump.apache.org/" />
+
+		<!--	Avoid false/broken MCB:
+						-->
+		<!--exclusion pattern="^http://activemq\.apache\.org/+(?!favicon\.ico|style/)" /-->
+		<!--exclusion pattern="^http://aries\.apache\.org/+(?!favicon\.ico|images/|resources/)" /-->
+		<!--exclusion pattern="^http://geronimo\.apache\.org/+(?!favicon\.ico|images/|style/)" /-->
+		<!--exclusion pattern="^http://santuario\.apache\.org/+(?!favicon\.ico)" /-->
+		<!--exclusion pattern="^http://tuscany\.apache\.org/+(?!favicon\.ico|images/|stylesheets/)" /-->
+		<!--
+			In sum:
+				-->
+		<exclusion pattern="^http://(?:activemq|aries|geronimo|santuario|tuscany)\.apache\.org/(?!/*(?:css/|favicon\.ico|images/|style/|stylesheets/))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://activemq.apache.org/cms/" />
+			<test url="http://aries.apache.org/development/ReleaseProcessRequirements.html" />
+			<test url="http://geronimo.apache.org/events.html" />
+			<test url="http://santuario.apache.org/faq.html" />
+			<test url="http://tuscany.apache.org/getting-involved.html" />
+
+			<!--	-ve:
+					-->
+			<test url="http://activemq.apache.org/favicon.ico" />
+			<test url="http://aries.apache.org/favicon.ico" />
+			<test url="http://geronimo.apache.org/favicon.ico" />
+			<test url="http://santuario.apache.org/favicon.ico" />
+			<test url="http://tuscany.apache.org/favicon.ico" />
+			<test url="http://tuscany.apache.org/home.html" />
+
+		<test url="http://accumulo.apache.org/" />
+		<test url="http://abdera.apache.org/" />
+		<test url="http://ace.apache.org/" />
+		<test url="http://activemq.apache.org/" />
+		<test url="http://airavata.apache.org/" />
+		<test url="http://allura.apache.org/" />
+		<test url="http://ambari.apache.org/" />
+		<test url="http://ant.apache.org/" />
+		<test url="http://any23.apache.org/" />
+		<test url="http://apr.apache.org/" />
+		<test url="http://archiva.apache.org/" />
+		<test url="http://archive.apache.org/" />
+		<test url="http://aries.apache.org/" />
+		<test url="http://attic.apache.org/" />
+		<test url="http://avro.apache.org/" />
+		<test url="http://axis.apache.org/" />
+		<test url="http://bigtop.apache.org/" />
+		<test url="http://blogs.apache.org/" />
+		<test url="http://bloodhound.apache.org/" />
+		<test url="http://buildr.apache.org/" />
+		<test url="http://builds.apache.org/" />
+		<test url="http://bval.apache.org/" />
+		<test url="http://camel.apache.org/" />
+		<test url="http://cassandra.apache.org/" />
+		<test url="http://cayenne.apache.org/" />
+		<test url="http://chemistry.apache.org/" />
+		<test url="http://chukwa.apache.org/" />
+		<test url="http://ci.apache.org/" />
+		<test url="http://clerezza.apache.org/" />
+		<test url="http://climate.apache.org/" />
+		<test url="http://cloudstack.apache.org/" />
+		<test url="http://cocoon.apache.org/" />
+		<test url="http://comments.apache.org/" />
+		<test url="http://commons.apache.org/" />
+		<test url="http://community.apache.org/" />
+		<test url="http://continuum.apache.org/" />
+		<test url="http://couchdb.apache.org/" />
+		<test url="http://creadur.apache.org/" />
+		<test url="http://crunch.apache.org/" />
+		<test url="http://ctakes.apache.org/" />
+		<test url="http://curator.apache.org/" />
+		<test url="http://cwiki.apache.org/" />
+		<test url="http://cxf.apache.org/" />
+		<test url="http://db.apache.org/" />
+		<test url="http://deltacloud.apache.org/" />
+		<test url="http://directmemory.apache.org/" />
+		<test url="http://directory.apache.org/" />
+		<test url="http://drill.apache.org/" />
+		<test url="http://empire-db.apache.org/" />
+		<test url="http://etch.apache.org/" />
+		<test url="http://felix.apache.org/" />
+		<test url="http://flex.apache.org/" />
+		<test url="http://flume.apache.org/" />
+		<test url="http://forge-allura.apache.org/" />
+		<test url="http://forrest.apache.org/" />
+		<test url="http://geronimo.apache.org/" />
+		<test url="http://giraph.apache.org/" />
+		<test url="http://git.apache.org/" />
+		<test url="http://git-wip-us.apache.org/" />
+		<test url="http://gora.apache.org/" />
+		<test url="http://gump.apache.org/" />
+		<test url="http://hadoop.apache.org/" />
+		<test url="http://hama.apache.org/" />
+		<test url="http://hbase.apache.org/" />
+		<test url="http://hc.apache.org/" />
+		<test url="http://helix.apache.org/" />
+		<test url="http://hive.apache.org/" />
+		<test url="http://httpd.apache.org/" />
+		<test url="http://incubator.apache.org/" />
+		<test url="http://spark.incubator.apache.org/" />
+		<test url="http://tez.incubator.apache.org/" />
+		<test url="http://isis.apache.org/" />
+		<test url="http://issues.apache.org/" />
+		<test url="http://jackrabbit.apache.org/" />
+		<test url="http://jakarta.apache.org/" />
+		<test url="http://james.apache.org/" />
+		<test url="http://jclouds.apache.org/" />
+		<test url="http://jena.apache.org/" />
+		<test url="http://jmeter.apache.org/" />
+		<test url="http://jspwiki.apache.org/" />
+		<test url="http://jspwiki-wiki.apache.org/" />
+		<test url="http://juddi.apache.org/" />
+		<test url="http://kafka.apache.org/" />
+		<test url="http://knox.apache.org/" />
+		<test url="http://labs.apache.org/" />
+		<test url="http://lenya.apache.org/" />
+		<test url="http://libcloud.apache.org/" />
+		<test url="http://logging.apache.org/" />
+		<test url="http://lucene.apache.org/" />
+		<test url="http://lucenenet.apache.org/" />
+		<test url="http://lucy.apache.org/" />
+		<test url="http://mahout.apache.org/" />
+		<test url="http://manifoldcf.apache.org/" />
+		<test url="http://marmotta.apache.org/" />
+		<test url="http://maven.apache.org/" />
+		<test url="http://repo.maven.apache.org/" />
+		<test url="http://mesos.apache.org/" />
+		<test url="http://mina.apache.org/" />
+		<test url="http://mrunit.apache.org/" />
+		<test url="http://myfaces.apache.org/" />
+		<test url="http://nutch.apache.org/" />
+		<test url="http://ode.apache.org/" />
+		<test url="http://ofbiz.apache.org/" />
+		<test url="http://olingo.apache.org/" />
+		<test url="http://oltu.apache.org/" />
+		<test url="http://onami.apache.org/" />
+		<test url="http://oodt.apache.org/" />
+		<test url="http://oozie.apache.org/" />
+		<test url="http://openjpa.apache.org/" />
+		<test url="http://openmeetings.apache.org/" />
+		<test url="http://opennlp.apache.org/" />
+		<test url="http://openoffice.apache.org/" />
+		<test url="http://openwebbeans.apache.org/" />
+		<test url="http://pdfbox.apache.org/" />
+		<test url="http://people.apache.org/" />
+		<test url="http://perl.apache.org/" />
+		<test url="http://pig.apache.org/" />
+		<test url="http://pivot.apache.org/" />
+		<test url="http://poi.apache.org/" />
+		<test url="http://portals.apache.org/" />
+		<test url="http://qpid.apache.org/" />
+		<test url="http://rave.apache.org/" />
+		<test url="http://reviews.apache.org/" />
+		<test url="http://river.apache.org/" />
+		<test url="http://roller.apache.org/" />
+		<test url="http://s.apache.org/" />
+		<test url="http://santuario.apache.org/" />
+		<test url="http://servicemix.apache.org/" />
+		<test url="http://shindig.apache.org/" />
+		<test url="http://shiro.apache.org/" />
+		<test url="http://sis.apache.org/" />
+		<test url="http://sling.apache.org/" />
+		<test url="http://spamassassin.apache.org/" />
+		<test url="http://spark.apache.org/" />
+		<test url="http://sqoop.apache.org/" />
+		<test url="http://stanbol.apache.org/" />
+		<test url="http://steve.apache.org/" />
+		<test url="http://struts.apache.org/" />
+		<test url="http://svn.apache.org/" />
+		<test url="http://subversion.apache.org/" />
+		<test url="http://synapse.apache.org/" />
+		<test url="http://syncope.apache.org/" />
+		<test url="http://tajo.apache.org/" />
+		<test url="http://tapestry.apache.org/" />
+		<test url="http://tcl.apache.org/" />
+		<test url="http://tez.apache.org/" />
+		<test url="http://thrift.apache.org/" />
+		<test url="http://tika.apache.org/" />
+		<test url="http://tiles.apache.org/" />
+		<test url="http://tomcat.apache.org/" />
+		<test url="http://tomee.apache.org/" />
+		<test url="http://trafficserver.apache.org/" />
+		<test url="http://turbine.apache.org/" />
+		<test url="http://tuscany.apache.org/" />
+		<test url="http://uima.apache.org/" />
+		<test url="http://vcl.apache.org/" />
+		<test url="http://velocity.apache.org/" />
+		<test url="http://vxquery.apache.org/" />
+		<test url="http://whirr.apache.org/" />
+		<test url="http://wicket.apache.org/" />
+		<test url="http://wiki.apache.org/" />
+		<test url="http://wink.apache.org/" />
+		<test url="http://wookie.apache.org/" />
+		<test url="http://ws.apache.org/" />
+		<test url="http://www.apache.org/" />
+		<test url="http://xalan.apache.org/" />
+		<test url="http://xerces.apache.org/" />
+		<test url="http://xml.apache.org/" />
+		<test url="http://xmlbeans.apache.org/" />
+		<test url="http://xmlgraphics.apache.org/" />
+		<test url="http://zookeeper.apache.org/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(builds|cwiki|jspwiki-wiki)\.apache\.org$" name="^JSESSIONID$" /-->
+
+	<securecookie host="^(?:.+\.)?apache\.org$" name=".+" />
+
+
+	<rule from="^http://apache\.org/"
+		to="https://www.apache.org/" />
+
+	<rule from="^http://www\.us\.apache\.org/"
+		to="https://www.apache.org/" />
 
-  <securecookie host="^(.+\.)?apache(-ssl)?\.org$" name=".*"/>
+		<test url="http://www.us.apache.org/" />
 
-  <exclusion pattern="^http://ooo-forums\.apache\.org/" />
-  <exclusion pattern="^http://git\.apache\.org/" />
+	<rule from="^http:"
+		to="https:" />
 
-  <rule from="^http://(?:www\.)?apache\.org/" to="https://www.apache.org/"/>
-  <rule from="^http://([^/:@]+)?\.apache\.org/" to="https://$1.apache.org/"/>
-  <rule from="^http://(?:www\.)?apache-ssl\.org/" to="https://www.apache-ssl.org/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/ApacheCon.com.xml b/src/chrome/content/rules/ApacheCon.com.xml
new file mode 100644
index 000000000000..647c32349401
--- /dev/null
+++ b/src/chrome/content/rules/ApacheCon.com.xml
@@ -0,0 +1,25 @@
+<!--
+	For other Apache coverage, see Apache.xml.
+
+	Mismatched hosts in *apachecon.com:
+
+		- na
+		- www.na
+		- eu
+		- eu12
+		- na11
+		- na13
+		- us
+		- www.us
+
+-->
+<ruleset name="ApacheCon.com">
+
+	<target host="apachecon.com" />
+	<target host="www.apachecon.com" />
+	<target host="archive.apachecon.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Apereo.org.xml b/src/chrome/content/rules/Apereo.org.xml
new file mode 100644
index 000000000000..f8db1fd69e46
--- /dev/null
+++ b/src/chrome/content/rules/Apereo.org.xml
@@ -0,0 +1,22 @@
+<!--
+	^apereo.org: Refused
+
+-->
+<ruleset name="Apereo.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.apereo.org" />
+
+	<!--	Complications:
+				-->
+	<target host="apereo.org" />
+
+
+	<rule from="^http://apereo\.org/"
+		to="https://www.apereo.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Apester.com.xml b/src/chrome/content/rules/Apester.com.xml
new file mode 100644
index 000000000000..d49f83310fc0
--- /dev/null
+++ b/src/chrome/content/rules/Apester.com.xml
@@ -0,0 +1,55 @@
+<!--
+	Invalid certificate:
+		- fangpuddle-fly.demo
+		- editor
+		- lp
+		- meta-templator.stg
+
+	Timeout:
+		- blog
+-->
+<ruleset name="Apester.com">
+
+	<target host="apester.com" />
+	<target host="www.apester.com" />
+	<target host="app.apester.com" />
+	<target host="backoffice.apester.com" />
+	<target host="campaign.apester.com" />
+	<target host="campaign-api.apester.com" />
+	<target host="console.apester.com" />
+	<target host="content.apester.com" />
+	<target host="create.apester.com" />
+	<target host="discover.apester.com" />
+	<target host="discover-api.apester.com" />
+	<target host="display.apester.com" />
+	<target host="display-origin.apester.com" />
+	<target host="events.apester.com" />
+	<target host="faststrip.apester.com" />
+	<target host="flags.apester.com" />
+	<target host="gcp-analytics.apester.com" />
+	<target host="geoip.apester.com" />
+	<target host="handbook.apester.com" />
+	<target host="help.apester.com" />
+	<target host="images.apester.com" />
+	<target host="img.apester.com" />
+	<target host="interaction.apester.com" />
+	<target host="leads.apester.com" />
+	<target host="media.apester.com" />
+	<target host="payments.apester.com" />
+	<target host="plans.apester.com" />
+	<target host="pulse.apester.com" />
+	<target host="recommendation.apester.com" />
+	<target host="renderer.apester.com" />
+	<target host="static.apester.com" />
+	<target host="stats.apester.com" />
+	<target host="discover.stg.apester.com" />
+	<target host="static.stg.apester.com" />
+	<target host="story.apester.com" />
+	<target host="users.apester.com" />
+	<target host="vremini.apester.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Aphyr.com.xml b/src/chrome/content/rules/Aphyr.com.xml
new file mode 100644
index 000000000000..5fa4094536be
--- /dev/null
+++ b/src/chrome/content/rules/Aphyr.com.xml
@@ -0,0 +1,18 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.aphyr.com/ => https://www.aphyr.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.aphyr.com'")
+
+-->
+<ruleset name="Aphyr.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="aphyr.com" />
+	<target host="www.aphyr.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Api.sh.xml b/src/chrome/content/rules/Api.sh.xml
deleted file mode 100644
index c7eb82e13acf..000000000000
--- a/src/chrome/content/rules/Api.sh.xml
+++ /dev/null
@@ -1,26 +0,0 @@
-<!--
-	CDN buckets:
-
-		- api-sh.herokuapp.com
-
-			- www
-
-
-	Problematic subdomains:
-
-		- www	(mismatched, CN: *.herokuapp.com)
-
--->
-<ruleset name="api.sh">
-
-	<target host="api.sh" />
-	<target host="*.api.sh" />
-
-
-	<securecookie host="^\.?api\.sh$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?api\.sh/"
-		to="https://api.sh/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Apica.xml b/src/chrome/content/rules/Apica.xml
index 662762204302..159d61d07308 100644
--- a/src/chrome/content/rules/Apica.xml
+++ b/src/chrome/content/rules/Apica.xml
@@ -5,16 +5,16 @@
 <ruleset name="Apica">
 
 	<target host="apicasystem.com" />
-	<target host="*.apicasystem.com" />
+	<target host="www.apicasystem.com" />
+	<target host="webtracker.apicasystem.com" />
 
 
 	<securecookie host="^.+\.apicasystem\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?apicasystem\.com/"
+	<rule from="^http://(?:www\.)?apicasystem\.com/"
 		to="https://www.apicasystem.com/" />
 
-	<rule from="^http://webtracker\.apicasystem\.com/"
-		to="https://webtracker.apicasystem.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Apigee.xml b/src/chrome/content/rules/Apigee.xml
index ea92b547ec89..2f758949c84c 100644
--- a/src/chrome/content/rules/Apigee.xml
+++ b/src/chrome/content/rules/Apigee.xml
@@ -9,13 +9,14 @@
 <ruleset name="Apigee (partial)">
 
 	<target host="apigee.com" />
-	<target host="*.apigee.com" />
+	<target host="accounts.apigee.com" />
+	<target host="dev.apigee.com" />
+	<target host="www.apigee.com" />
 
 
 	<securecookie host="^(?:accounts\.)?apigee\.com$" name=".+" />
 
 
-	<rule from="^http://(accounts\.|dev\.|www\.)?apigee\.com/"
-		to="https://$1apigee.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Apigility.org.xml b/src/chrome/content/rules/Apigility.org.xml
new file mode 100644
index 000000000000..fa451259c5cc
--- /dev/null
+++ b/src/chrome/content/rules/Apigility.org.xml
@@ -0,0 +1,14 @@
+<!--
+	For other Zend coverage, see Zend.xml.
+
+-->
+<ruleset name="Apigility.org">
+
+	<target host="apigility.org" />
+	<target host="www.apigility.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Apkmirror.com.xml b/src/chrome/content/rules/Apkmirror.com.xml
new file mode 100644
index 000000000000..28f86fa12a1f
--- /dev/null
+++ b/src/chrome/content/rules/Apkmirror.com.xml
@@ -0,0 +1,16 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://apkmirror.com/ => https://apkmirror.com/: Too many redirects while fetching 'https://apkmirror.com/'
+
+
+-->
+<ruleset name="Apkmirror.com" default_off="failed ruleset test">
+    <target host="apkmirror.com" />
+    <target host="www.apkmirror.com" />
+
+    <securecookie host="^(www\.)?apkmirror\.com" name=".+" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Apna_India.xml b/src/chrome/content/rules/Apna_India.xml
index ade38b34820d..d3d57c8356b8 100644
--- a/src/chrome/content/rules/Apna_India.xml
+++ b/src/chrome/content/rules/Apna_India.xml
@@ -1,13 +1,21 @@
-<ruleset name="Apna India">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://media.apnaindia.com/ => https://media.apnaindia.com/: (6, 'Could not resolve host: media.apnaindia.com')
+Fetch error: http://yellowpages.apnaindia.com/ => https://yellowpages.apnaindia.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+
+-->
+<ruleset name="Apna India" default_off="failed ruleset test">
 
 	<target host="apnaindia.com" />
-	<target host="*.apnaindia.com" />
+	<target host="media.apnaindia.com" />
+	<target host="www.apnaindia.com" />
+	<target host="yellowpages.apnaindia.com" />
 
 
 	<securecookie host="^\.apnaindia\.com$" name=".+" />
 
 
-	<rule from="^http://(media\.|www\.|yellowpages\.)?apnaindia\.com/"
-		to="https://$1apnaindia.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Apollo-auto.com.xml b/src/chrome/content/rules/Apollo-auto.com.xml
deleted file mode 100644
index 464ae20220a4..000000000000
--- a/src/chrome/content/rules/Apollo-auto.com.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!-- This rule was automatically generated based on an HSTS
-     preload rule in the Chromium browser.  See
-     https://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.h
-     for the list of preloads.  Sites are added to the Chromium HSTS
-     preload list on request from their administrators, so HTTPS should
-     work properly everywhere on this site.
-
-     Because Chromium and derived browsers automatically force HTTPS for
-     every access to this site, this rule applies only to Firefox. -->
-<ruleset name="Apollo-auto.com" platform="firefox">
-<target host="www.apollo-auto.com" />
-
-<securecookie host="^www\.apollo-auto\.com$" name=".+" />
-
-<rule from="^http://www\.apollo-auto\.com/" to="https://www.apollo-auto.com/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Apomedifot.de.xml b/src/chrome/content/rules/Apomedifot.de.xml
new file mode 100644
index 000000000000..779d73a89400
--- /dev/null
+++ b/src/chrome/content/rules/Apomedifot.de.xml
@@ -0,0 +1,24 @@
+<!--
+	Nonfunctional subdomains:
+
+		- shop *
+
+	* Shows www
+
+
+	Mixed content:
+
+		- css from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Apomedifot.de (partial)">
+
+	<target host="apomedifot.de" />
+	<target host="www.apomedifot.de" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Apotea.se.xml b/src/chrome/content/rules/Apotea.se.xml
new file mode 100644
index 000000000000..faf42f0d373b
--- /dev/null
+++ b/src/chrome/content/rules/Apotea.se.xml
@@ -0,0 +1,7 @@
+<ruleset name="Apotea.se">
+  <target host="apotea.se" />
+  <target host="www.apotea.se" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
+
diff --git a/src/chrome/content/rules/Apoteket.se.xml b/src/chrome/content/rules/Apoteket.se.xml
index 012cf1418de0..6ab789419d63 100644
--- a/src/chrome/content/rules/Apoteket.se.xml
+++ b/src/chrome/content/rules/Apoteket.se.xml
@@ -1,8 +1,13 @@
-<!-- pharmacy. medical info should be private -->
 <ruleset name="Apoteket.se">
 	<target host="apoteket.se" />
 	<target host="www.apoteket.se" />
-	<rule from="^http://apoteket\.se/" to="https://www.apoteket.se/"/>
-	<rule from="^http://www\.apoteket\.se/" to="https://www.apoteket.se/"/>
-</ruleset>
+	<target host="apoteksombud.apoteket.se" />
+	<target host="id.apoteket.se" />
+	<target host="idx.apoteket.se" />
+	<target host="officewebapps-test.apoteket.se" />
+	<target host="samarbetsytor.apoteket.se" />
+	<target host="testid.apoteket.se" />
+	<target host="webbabest.apoteket.se" />
 
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Apotheke_de.xml b/src/chrome/content/rules/Apotheke_de.xml
new file mode 100644
index 000000000000..561075d0141c
--- /dev/null
+++ b/src/chrome/content/rules/Apotheke_de.xml
@@ -0,0 +1,6 @@
+<ruleset name="Apotheke.de">
+    <target host="apotheke.de" />
+    <target host="www.apotheke.de" />
+
+    <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/App-Coding.de.xml b/src/chrome/content/rules/App-Coding.de.xml
new file mode 100644
index 000000000000..5db1896abb6a
--- /dev/null
+++ b/src/chrome/content/rules/App-Coding.de.xml
@@ -0,0 +1,9 @@
+<ruleset name="AppCoding" >
+
+	<target host="app-coding.de" />
+	<target host="www.app-coding.de" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/App.net.xml b/src/chrome/content/rules/App.net.xml
deleted file mode 100644
index b6ea7e2cdc73..000000000000
--- a/src/chrome/content/rules/App.net.xml
+++ /dev/null
@@ -1,41 +0,0 @@
-<!--
-	CDN buckets:
-
-		- d2c01jv13s9if1.cloudfront.net
-		- d2rfichhc2fb9n.cloudfront.net
-		- d39zheejy3ckol.cloudfront.net
-
-
-	Partially covered subdomains:
-
-		- (www.)
-
-
-	Fully covered subdomains:
-
-		- account
-
--->
-<ruleset name="App.net">
-
-	<target host="app.net" />
-	<target host="*.app.net" />
-		<exclusion pattern="^http://(?:www\.)?app\.net/(?!$|\?|favicon\.ico|w/|wakea/widget/)" />
-
-
-	<!--	Are these safe to secure?
-						-->
-	<!--securecookie host="^app\.net$" name="^csrftoken$" /-->
-	<!--securecookie host="^\.app\.net$" name="^mt_uic$" /-->
-	<securecookie host="^(?:account|alpha|\.?join)\.app\.net$" name=".+" />
-
-
-	<!--	Redirects to http first:
-						-->
-	<rule from="^http://(?:www\.)?app\.net/(?:\?.*)?$"
-		to="https://join.app.net/" />
-
-	<rule from="^http://((?:account|alpha|files|join|www)\.)?app\.net/"
-		to="https://$1app.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/AppCanary.com.xml b/src/chrome/content/rules/AppCanary.com.xml
new file mode 100644
index 000000000000..dffb3745435d
--- /dev/null
+++ b/src/chrome/content/rules/AppCanary.com.xml
@@ -0,0 +1,16 @@
+<!--
+	blog: Tumblr
+
+-->
+<ruleset name="appCanary.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="appcanary.com" />
+	<target host="www.appcanary.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AppDynamics.xml b/src/chrome/content/rules/AppDynamics.xml
index 4c256a7e9cd2..dc40414529cf 100644
--- a/src/chrome/content/rules/AppDynamics.xml
+++ b/src/chrome/content/rules/AppDynamics.xml
@@ -4,7 +4,6 @@
 	<target host="www.appdynamics.com" />
 
 
-	<rule from="^http://(www\.)?appdynamics\.com/"
-		to="https://$1appdynamics.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/AppGratis.xml b/src/chrome/content/rules/AppGratis.xml
index 009dd9a16aed..839954ceafcb 100644
--- a/src/chrome/content/rules/AppGratis.xml
+++ b/src/chrome/content/rules/AppGratis.xml
@@ -1,10 +1,16 @@
-<ruleset name="AppGratis">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://appgratis.com/ => https://appgratis.com/: (7, 'Failed to connect to appgratis.com port 443: Connection refused')
+Fetch error: http://www.appgratis.com/ => https://www.appgratis.com/: (7, 'Failed to connect to www.appgratis.com port 443: Connection refused')
+
+-->
+<ruleset name="AppGratis" default_off="failed ruleset test">
 
 	<target host="appgratis.com" />
 	<target host="www.appgratis.com" />
 
 
-	<rule from="^http://(www\.)?appgratis\.com/"
-		to="https://$1appgratis.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/AppGuru.com.xml b/src/chrome/content/rules/AppGuru.com.xml
new file mode 100644
index 000000000000..7d5383e3fc8c
--- /dev/null
+++ b/src/chrome/content/rules/AppGuru.com.xml
@@ -0,0 +1,54 @@
+<!--
+	For other LogMeIn coverage, see LogMeIn_Inc.com.xml.
+
+
+	Problematic hosts in *appguru.com:
+
+		- ^ *
+
+	* Mismatched
+
+
+	Fully covered hosts in *appguru.com:
+
+		- (www.)?	(^ → www)
+		- data
+
+
+	These altnames don't exist:
+
+		- secure.appguru.com
+
+
+	Insecure cookies are set for these hosts:
+
+		- data.appguru.com
+		- www.appguru.com
+
+-->
+<ruleset name="AppGuru.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="data.appguru.com" />
+	<target host="www.appguru.com" />
+
+	<!--	Complications:
+				-->
+	<target host="appguru.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(data|www)\.appguru\.com$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^(?:data|www)\.appguru\.com$" name=".+" />
+
+
+	<rule from="^http://appguru\.com/"
+		to="https://www.appguru.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AppHub.io.xml b/src/chrome/content/rules/AppHub.io.xml
new file mode 100644
index 000000000000..405c9e200f42
--- /dev/null
+++ b/src/chrome/content/rules/AppHub.io.xml
@@ -0,0 +1,27 @@
+<!--
+	www.apphub.io: 521
+
+
+	Insecure cookies are set for these domains:
+
+		- .apphub.io
+
+-->
+<ruleset name="AppHub.io (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="apphub.io" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.apphub\.io$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.apphub\.io$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AppMifile.com.xml b/src/chrome/content/rules/AppMifile.com.xml
new file mode 100644
index 000000000000..06371442235c
--- /dev/null
+++ b/src/chrome/content/rules/AppMifile.com.xml
@@ -0,0 +1,21 @@
+<!--
+	For other domains belong to xiaomi, see Xiaomi.com.xml
+
+	Invalid Certificate:
+		- bbs.appmifile.com
+		- download.appmifile.com
+		- u01.appmifile.com
+-->
+<ruleset name="appmifile.com (partial)">
+	<target host="i01.appmifile.com" />
+		<test url="http://i01.appmifile.com/v1/MI_18455B3E4DA706226CF7535A58E875F0267/T1R7dvByCv1RXrhCrK.jpg" />
+
+	<target host="s01.appmifile.com" />
+	<target host="s02.appmifile.com" />
+		<test url="http://s02.appmifile.com/css/en_pandora/en.p.index.css" />
+
+	<target host="s03.appmifile.com" />
+		<test url="http://s03.appmifile.com/js/in/xm.base.js" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AppNexus.xml b/src/chrome/content/rules/AppNexus.xml
index 8871883acc5b..fe25f07a7795 100644
--- a/src/chrome/content/rules/AppNexus.xml
+++ b/src/chrome/content/rules/AppNexus.xml
@@ -1,38 +1,63 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ux-eco.corp.appnexus.com/ => https://ux-eco.corp.appnexus.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+	Other AppNexus rulesets:
+
+		- Adnxs.com.xml
+
+
 	CDN buckets:
 
 		- a248.e.akamai.net/appnexus.download.akamai.com/
+		- anxconsole-a.akamaihd.net
+
+
+	Nonfunctional hosts in *appnexus.com:
+
+		- blog ᵃ
+		- support ʳ
+		- techblog ʳ
+
+	ᵃ Shows ux-eco.corp.appnexus.com
+	ʳ Refused
 
 
-	Nonfunctional domains:
+	Insecure cookies are set for these hosts:
 
-		- (www.)appnexus.com
+		- console.appnexus.com
+		- wiki.appnexus.com
 
 
-	Problematic domains:
+	Mixed content:
 
-		- cdn.adnxs.com		(akamai)
+		- Bug on www from instansive.com
 
 -->
-<ruleset name="AppNexus (partial)">
+<ruleset name="AppNexus.com (partial)" default_off="failed ruleset test">
 
-	<target host="adnxs.com" />
-	<target host="*.adnxs.com" />
+	<target host="appnexus.com" />
+	<target host="careers.appnexus.com" />
 	<target host="console.appnexus.com" />
+	<target host="ux-eco.corp.appnexus.com" />
+	<target host="wiki.appnexus.com" />
+	<target host="www.appnexus.com" />
 
+		<!--	Mixed bug:
+					-->
+		<!--test url="http://www.appnexus.com/en/company/careers" /-->
 
-	<!--securecookie host="^\.adnxs\.com$" name="^(sess|uuid2)$" /-->
-	<securecookie host="^(?:.*\.)?adnxs\.com$" name=".+" />
-	<securecookie host="^console\.appnexus\.com$" name=".+" />
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^console\.appnexus\.com$" name="^(?:BIGipServer|secure_bucket$)" /-->
+	<!--securecookie host="^wiki\.appnexus\.com$" name="^JSESSIONID$" /-->
 
-	<rule from="^http://cdn\.adnxs\.com/"
-		to="https://secure.adnxs.com/" />
+	<securecookie host="^\w" name=".+" />
 
-	<rule from="^http://(\w+\.)?adnxs\.com/"
-		to="https://$1adnxs.com/" />
 
-	<rule from="^http://console\.appnexus\.com/"
-		to="https://console.appnexus.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/AppThemes.com.xml b/src/chrome/content/rules/AppThemes.com.xml
new file mode 100644
index 000000000000..e286951da860
--- /dev/null
+++ b/src/chrome/content/rules/AppThemes.com.xml
@@ -0,0 +1,37 @@
+<!--
+	Fully covered subdomains:
+
+		- (www.)
+		- cdn
+		- demos
+		- docs
+		- forums
+		- ideas
+		- marketplace
+		- my
+
+
+	Mixed content:
+
+		- Images on forums from $self *
+		- Images on forums from cdn *
+
+	* Secured by us
+
+-->
+<ruleset name="AppThemes.com">
+
+	<target host="appthemes.com" />
+	<target host="cdn.appthemes.com" />
+	<target host="demos.appthemes.com" />
+	<target host="docs.appthemes.com" />
+	<target host="forums.appthemes.com" />
+	<target host="ideas.appthemes.com" />
+	<target host="marketplace.appthemes.com" />
+	<target host="my.appthemes.com" />
+	<target host="www.appthemes.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AppVault.xml b/src/chrome/content/rules/AppVault.xml
index cf2a97fff562..fbe5f7795f67 100644
--- a/src/chrome/content/rules/AppVault.xml
+++ b/src/chrome/content/rules/AppVault.xml
@@ -14,16 +14,15 @@
 	<target host="appvault.com" />
 	<target host="www.appvault.com" />
 	<target host="skilldrum.com" />
-	<target host="*.skilldrum.com" />
+	<target host="www.skilldrum.com" />
 
 
 	<securecookie host="^(?:www)?\.skilldrum\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?appvault\.com/"
+	<rule from="^http://(?:www\.)?appvault\.com/"
 		to="https://appvault.com/" />
 
-	<rule from="^http://(www\.)?skilldrum\.com/"
-		to="https://$1skilldrum.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/App_Developer_Magazine.com.xml b/src/chrome/content/rules/App_Developer_Magazine.com.xml
new file mode 100644
index 000000000000..63106d492200
--- /dev/null
+++ b/src/chrome/content/rules/App_Developer_Magazine.com.xml
@@ -0,0 +1,18 @@
+<!--
+	Fully covered hosts in *appdevelopermagazine.com:
+
+		- (www.)?
+
+-->
+<ruleset name="App Developer Magazine.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="appdevelopermagazine.com" />
+	<target host="www.appdevelopermagazine.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Appadvice.com.xml b/src/chrome/content/rules/Appadvice.com.xml
new file mode 100644
index 000000000000..e2f4e0a80a32
--- /dev/null
+++ b/src/chrome/content/rules/Appadvice.com.xml
@@ -0,0 +1,58 @@
+<!--
+	Nonfunctional hosts in *.appadvice.com:
+	    mages.agf.appadvice.com (Server not found)
+	    api.appadvice.com (Server not found)
+	    cdn.apps.appadvice.com (HTTPS connection refused)
+	    cdn.appsgonefree.appadvice.com (HTTPS connection refused)
+	    appstore.appadvice.com (Error 502 - Bad Gateway)
+	    cdn.assets.appadvice.com (Error 1000 - DNS points to prohibited IP)
+    	    author.appadvice.com (HTTPS connection refused)
+	    beta.appadvice.com (HTTPS connection refused)
+	    chipman.cdn.appadvice.com (HTTPS connection refused)
+	    chomp.cdn.appadvice.com (HTTPS connection refused)
+	    freemium.cdn.appadvice.com (HTTPS connection refused)
+	    genius.cdn.appadvice.com (HTTPS connection refused)
+	    handoff.cdn.appadvice.com (HTTPS connection refused)
+ 	    ping.cdn.appadvice.com (HTTPS connection refused)
+	    platformer.cdn.appadvice.com (HTTPS connection refused)
+	    siri.cdn.appadvice.com (HTTPS connection refused)
+	    springboard.cdn.appadvice.com (HTTPS connection refused)
+	    topcharts.cdn.appadvice.com (HTTPS connection refused)
+	    cdn-assets.appadvice.com (Error 1000 - DNS points to progibited IP)
+	    chipman-cdn.appadvice.com (HTTPS connection refused)
+	    news.couch.appadvice.com (Not found - missing)
+	    cdn.search.gateway.appadvice.com (Not found - missing)
+	    cdn.sponsors.images.appadvice.com (HTTPS connection refused)
+	    live.appadvice.com (Server not found)
+	    news.appadvice.com (HTTPS connection refused)
+	    pushregistration.appadvice.com (HTTPS connection refused)
+	    agf.schema.appadvice.com (HTTPS connection refused)
+	    schemabackup.appadvice.com (HTTPS connection refused)
+	    store.appadvice.com (Error 1000 - DNS points to prohibited IP)
+	    useracct.appadvice.com (Takes too long to respond)
+	    www.useracct.appadvice.com (Takes too long to respond)
+	    users.appadvice.com (Not found)
+	    wpjson.appadvice.com (HTTPS connection refused)
+-->
+<ruleset name="Appadvice">
+
+	<target host="appadvice.com" />
+	<target host="www.appadvice.com" />
+	<target host="appstickers-cdn.appadvice.com" />
+	<target host="authors.appadvice.com" />
+	<target host="cdn-search-gateway.appadvice.com" />
+	<target host="chomp-cdn.appadvice.com" />
+	<target host="freemium-cdn.appadvice.com" />
+	<target host="genius-cdn.appadvice.com" />
+	<target host="handoff-cdn.appadvice.com" />
+	<target host="ping-cdn.appadvice.com" />
+	<target host="platformer-cdn.appadvice.com" />
+	<target host="schema.appadvice.com" />
+	<target host="siri-cdn.appadvice.com" />
+	<target host="sponsors.appadvice.com" />
+	<target host="wp.appadvice.com" />
+	<target host="wpuploads.appadvice.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Appcache-mismatches.xml b/src/chrome/content/rules/Appcache-mismatches.xml
deleted file mode 100644
index b56159045d56..000000000000
--- a/src/chrome/content/rules/Appcache-mismatches.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="Appache (mismatches)" default_off="tender certificate">
-
-	<target host="help.5apps.com"/>
-
-	<securecookie host="^help\.5apps\.com$" name=".*"/>
-
-	<rule from="^http://help\.5apps\.com/"
-		to="https://help.5apps.com/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Appcache.xml b/src/chrome/content/rules/Appcache.xml
deleted file mode 100644
index 9015084c863d..000000000000
--- a/src/chrome/content/rules/Appcache.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<!--
-	Fully covered subdomains:
-
-		- (www.)	(www → ^)
-		- develop
-		- libs
-
--->
-<ruleset name="Appache (partial)">
-
-	<target host="5apps.com" />
-	<target host="*.5apps.com" />
-
-
-	<securecookie host="^5apps\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?5apps\.com/"
-		to="https://5apps.com/" />
-
-	<rule from="^http://(develop|libs)\.5apps\.com/"
-		to="https://$1.5apps.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Appcelerator.xml b/src/chrome/content/rules/Appcelerator.xml
index 29fd0e345d2a..0dfee058a341 100644
--- a/src/chrome/content/rules/Appcelerator.xml
+++ b/src/chrome/content/rules/Appcelerator.xml
@@ -1,17 +1,93 @@
+
 <!--
-	^appcelerator.com times out
+Disabled by https-everywhere-checker because:
+Fetch error: http://thinkmobile.appcelerator.com/ => https://thinkmobile.appcelerator.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+	CDN buckets:
+
+		- www.appcelerator.com.s3.amazonaws.com
+
+
+	Problematic hosts in *appcelerator.com:
+
+		- www.marketplace ¹
+		- training ²
+
+	¹ Mismatched
+	² Mixed css
+
+
+	Fully covered hosts in *appcelerator.com:
+
+		- (www.)?
+		- community
+		- developer
+		- docs
+		- marketplace
+		- my
+		- platform
+		- static
+		- thinkmobile
+		- university
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .appcelerator.com
+		- community.appcelerator.com
+		- developer.appcelerator.com
+		- marketplace.appcelerator.com
+		- www.appcelerator.com
+
+
+	Mixed content:
+
+		- css, on:
+
+			- training from static.appcelerator.com *
+			- training, www from fonts.googleapis.com *
+
+		- Fonts on training from static.appcelerator.com *
+
+		- Images, on:
+
+			- training from www.appcelerator.com.s3.amazonaws.com
+			- training from static.appcelerator.com *
+
+		- Bug on training from pixel.quantserve.com *
+
+	* Secured by us
 
 -->
-<ruleset name="Appcelerator">
+<ruleset name="Appcelerator.com (partial)" default_off="failed ruleset test">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="appcelerator.com" />
+	<target host="community.appcelerator.com" />
+	<target host="developer.appcelerator.com" />
+	<target host="docs.appcelerator.com" />
+	<target host="marketplace.appcelerator.com" />
+	<target host="my.appcelerator.com" />
+	<target host="platform.appcelerator.com" />
+	<target host="static.appcelerator.com" />
+	<target host="thinkmobile.appcelerator.com" />
+	<target host="university.appcelerator.com" />
 	<target host="www.appcelerator.com" />
 
 
-	<securecookie host="^www\.appcelerator\.com$" name=".+" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.appcelerator\.com$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^community\.appcelerator\.com$" name="^express\.sid$" /-->
+	<!--securecookie host="^developer\.appcelerator\.com$" name="^_icl_current_language$" /-->
+	<!--securecookie host="^marketplace\.appcelerator\.com$" name="^AWSELB$" /-->
+	<!--securecookie host="^www\.appcelerator\.com$" name="^(?:appc_visor|appc_visor_sig)$" /-->
+
+	<securecookie host="^(?:community|developer|marketplace|www)?\.appcelerator\.com$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?appcelerator\.com/"
-		to="https://www.appcelerator.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Appear.in.xml b/src/chrome/content/rules/Appear.in.xml
new file mode 100644
index 000000000000..a50e5c3af40d
--- /dev/null
+++ b/src/chrome/content/rules/Appear.in.xml
@@ -0,0 +1,37 @@
+<!--
+	Nonfunctional hosts in *appear.in:
+
+		- blog *
+
+	* Tumblr
+
+
+	Insecure cookies are set for these hosts:
+
+		- appear.in
+		- www.appear.in
+
+-->
+<ruleset name="Appear.in (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="appear.in" />
+	<target host="api.appear.in" />
+	<target host="developer.appear.in" />
+	<target host="tech.appear.in" />
+	<target host="turn.appear.in" />
+	<target host="www.appear.in" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?appear\.in$" name="^django_language$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Appenzeller_Kantonalbank.xml b/src/chrome/content/rules/Appenzeller_Kantonalbank.xml
deleted file mode 100644
index d6b2221f86d6..000000000000
--- a/src/chrome/content/rules/Appenzeller_Kantonalbank.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<ruleset name="Appenzeller Kantonalbank">
-    <target host="appkb.ch" />
-    <target host="*.appkb.ch" />
-
-    <securecookie host="^(.*\.)?appkb\.ch$" name=".+" />
-
-    <rule from="^https?://appkb\.ch/"
-        to="https://www.appkb.ch/"/>
-    <rule from="^http://([^/:@]+)?\.appkb\.ch/"
-        to="https://$1.appkb.ch/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Appetize.io.xml b/src/chrome/content/rules/Appetize.io.xml
new file mode 100644
index 000000000000..290a7f7fe14a
--- /dev/null
+++ b/src/chrome/content/rules/Appetize.io.xml
@@ -0,0 +1,9 @@
+<ruleset name="Appetize.io">
+
+	<target host="appetize.io" />
+	<target host="www.appetize.io" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Appie_Hein.com.xml b/src/chrome/content/rules/Appie_Hein.com.xml
new file mode 100644
index 000000000000..66bc7f77ce9e
--- /dev/null
+++ b/src/chrome/content/rules/Appie_Hein.com.xml
@@ -0,0 +1,22 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://appiehein.com/ => https://appiehein.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.appiehein.com/ => https://www.appiehein.com/: (60, 'SSL certificate problem: certificate has expired')
+
+	Mixed content:
+
+		- Bugs from www.shopmania.es *
+
+	* Secured by us
+
+-->
+<ruleset name="Appie Hein.com" default_off="failed ruleset test">
+
+	<target host="appiehein.com" />
+	<target host="www.appiehein.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Appkb.ch.xml b/src/chrome/content/rules/Appkb.ch.xml
new file mode 100644
index 000000000000..5000f150158d
--- /dev/null
+++ b/src/chrome/content/rules/Appkb.ch.xml
@@ -0,0 +1,25 @@
+<!--
+	Nonfunctional hosts in *.appkb.ch:
+		- appkb.ch (m)
+		- host01.appkb.ch (m)
+		- host02.appkb.ch (m)
+		- mobile.appkb.ch (m)
+		- node1.appkb.ch (m)
+		- node2.appkb.ch (m)
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Appkb.ch">
+	<target host="appkb.ch" />
+	<target host="www.appkb.ch" />
+	<target host="inba.appkb.ch" />
+
+	<rule from="^http://appkb\.ch/"
+		to="https://www.appkb.ch/"/>
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Apple-MapKit.com.xml b/src/chrome/content/rules/Apple-MapKit.com.xml
new file mode 100644
index 000000000000..4094a38e2112
--- /dev/null
+++ b/src/chrome/content/rules/Apple-MapKit.com.xml
@@ -0,0 +1,10 @@
+<!--
+	For other Apple coverage, see Apple.com.xml.
+-->
+
+<ruleset name="Apple-MapKit.com">
+	<target host="cdn.apple-mapkit.com" />
+		<test url="http://cdn.apple-mapkit.com/mk/1/mapkit.js" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Apple-falsemixed.xml b/src/chrome/content/rules/Apple-falsemixed.xml
deleted file mode 100644
index 922660d63ec2..000000000000
--- a/src/chrome/content/rules/Apple-falsemixed.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	For rules not causing false/broken MCB, see Apple.xml.
-
--->
-<ruleset name="Apple (false MCB)" platform="mixedcontent">
-
-	<target host="support.apple.com" />
-
-
-	<securecookie host="^support\.apple\.com$" name=".+" />
-
-	<rule from="^http://support\.apple\.com/"
-		to="https://support.apple.com/" />
-
-
-</ruleset>
diff --git a/src/chrome/content/rules/Apple-mismatches.xml b/src/chrome/content/rules/Apple-mismatches.xml
deleted file mode 100644
index c1d5f7e191be..000000000000
--- a/src/chrome/content/rules/Apple-mismatches.xml
+++ /dev/null
@@ -1,37 +0,0 @@
-<!--
-	For rules that are on by default, see Apple.xml.
-
--->
-<ruleset name="Apple (mismatches)" default_off="Akamai certificate">
-
-	<target host="adcdownload.apple.com" />
-	<target host="appldnld.apple.com" />
-	<target host="*.info.apple.com" />
-	<target host="*.phobos.apple.com" />
-	<target host="static-mynews.apple.com" />
-	<target host="trailers.apple.com" />
-	<target host="r1.mzstatic.com" />
-	<target host="r2.mzstatic.com" />
-	<target host="r3.mzstatic.com" />
-	<target host="r4.mzstatic.com" />
-	<target host="r5.mzstatic.com" />
-	<target host="r6.mzstatic.com" />
-	<target host="r7.mzstatic.com" />
-	<target host="r8.mzstatic.com" />
-	<target host="r9.mzstatic.com" />
-	<target host="store.mzstatic.com" />
-
-
-	<rule from="^https?://a\d+\.phobos\.apple\.com/"
-		to="https://a1.mzstatic.com/" />
-
-	<rule from="^http://(adcdownload|appldnld|static-mynews|trailers)\.apple\.com/"
-		to="https://$1.apple.com/" />
-
-	<rule from="^https?://www0?\.info\.apple\.com/"
-		to="https://www.info.apple.com/" />
-
-	<rule from="^http://(r\d|store)\.mzstatic\.com/"
-		to="https://$1.mzstatic.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Apple.com.cn.xml b/src/chrome/content/rules/Apple.com.cn.xml
new file mode 100644
index 000000000000..a54c269e8b33
--- /dev/null
+++ b/src/chrome/content/rules/Apple.com.cn.xml
@@ -0,0 +1,18 @@
+<!--
+	For other Apple coverage, see Apple.com.xml.
+
+	Mismatch:
+		www.apple.com.cn
+-->
+
+<ruleset name="Apple.com.cn">
+	<target host="apple.com.cn" />
+	<target host="www.apple.com.cn" />
+
+	<rule from="^http://www\.apple\.com\.cn/"
+			to="https://www.apple.com/cn/" />
+		<test url="http://www.apple.com.cn/icloud/" />
+		<test url="http://www.apple.com.cn/stevejobs/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Apple.com.xml b/src/chrome/content/rules/Apple.com.xml
new file mode 100644
index 000000000000..a4ed3ecb4602
--- /dev/null
+++ b/src/chrome/content/rules/Apple.com.xml
@@ -0,0 +1,241 @@
+<!--
+	Other Apple rulesets:
+		- Apple-MapKit.com.xml
+		- Apple.com.cn.xml
+		- Apple_CDN_buckets.xml
+		- Appsto.re.xml
+		- CDN-Apple.com.xml
+		- iTunes.com.xml
+		- iWork.com.xml
+		- ME.com.xml
+		- Mzstatic.com.xml
+
+	CDN buckets:
+		- a248.e.akamai.net/7/248/51/20120908/swdlp.apple.com/
+		- a772.g.akamai.net/7/772/51/\w+/www.apple.com/
+		- a771.da1.akamai.net/L/771/82810/5m/init.itunes.apple.com/ | ax.init.itunes.apple.com.edgesuite.net
+		- appldnld.apple.com.akadns.net
+		- devimages.apple.com.edgekey.net
+		- init.ess.apple.com.edgesuite.net
+		- ping.itunes.apple.com.edgesuite.net
+			- a1755.b.akamai.net
+		- static-uptodate.apple.com.edgekey.net
+		- storeimages.apple.com.edgekey.net
+		- km.support.apple.com.edgekey.net
+		- images.apple.com.edgesuite.net
+		- ax.init.itunes.apple.com.edgesuite.net
+		- legacy-support.apple.com.edgesuite.net
+			- docs.info.apple.com
+			- www0.info.apple.com
+		- ax.phobos.apple.com.edgesuite.net
+		- a\d+.phobos.apple.com.edgesuite.net
+
+	Nonfunctional hosts in *apple.com:
+		- daw  (timeout)
+		- onetoone  (timeout)
+		- deimos3	(403/404, akamai)
+		- init.ess	(503, akamai)
+		- genius-upload.itunes.apple.com (403/404)
+		- userprofile.itunes *
+		- rss.lists	(shows lists; mismatched, CN: lists.apple.com)
+		- rss.itunes (redirects to HTTP for Travis)
+		- mynews *
+		- reseller (timeout)
+		- ssl (timeout)
+		- supportprofile (timeout)
+		- uptodate  (timeout)
+	* Refused
+
+	Problematic hosts in *apple.com:
+		- adcdownload
+		- advertising *
+		- appldnld		(insecure cipher or protocol[?])
+		- concierge		(Blocks Tor users)
+		- devimages *
+		- getsupport		(Blocks Tor users)
+		- images *
+		- manuals.info *
+		- docs.info *
+		- signin.info *
+		- www.info *
+		- www0.info *
+		- c.itunes ³
+		- dzc.itunes		(data differ)
+		- ping.itunes *
+		- lists (cert-chain)
+		- prod.lists (cert-chain)
+		- www.lists (cert-chain)
+		- mypage        (incomplete cert chain)
+		- a1.phobos *
+		- a1721.phobos *
+		- a1980.phobos *
+		- reportingitsc2 (cert-chain)
+		- service.ess		(self-signed cert in chain)
+		- service[12].ess	(self-signed cert in chain)
+		- static-mynews *
+		- storeimages *
+		- support		(Blocks Tor users)
+		- wsidecar	( The certificate expired on 2017/03/10 23:59 )
+	* Akamai
+	³ Mismatched
+
+	At least some pages redirect to http:
+		- www
+
+	These altnames don't exist:
+		- imix.itunes.apple.com
+
+	Insecure cookies are set for these hosts and domains:
+		- .apple.com
+		- consultants.apple.com
+		- locate.apple.com
+		- .store.apple.com
+
+	Mixed content:
+		- css, on:
+			- trailers from images *
+			- trailers from $self *
+		- Images, on:
+			- autolinkmaker.itunes, banners.itunes, trailers from images *
+			- itunes from images *
+			- itunes from ax.phobos.apple.com.edgesuite.net *
+			- itunes from a[1-5].mzstatic.com *
+			- rss.itunes from images *
+			- trailers from trailers *
+	* Secured by us
+-->
+<ruleset name="Apple.com">
+	<!--	Direct rewrites:	-->
+	<target host="apple.com" />
+	<target host="www.apple.com" />
+	<target host="albert.apple.com" />
+	<target host="appleid.apple.com" />
+	<target host="appleseed.apple.com" />
+	<target host="appleseedcdn.apple.com" />
+	<target host="nc-as-images.apple.com" />
+	<target host="beta.apple.com" />
+	<target host="bugreport.apple.com" />
+	<target host="buyiphone.apple.com" />
+	<target host="certifications.apple.com" />
+	<target host="checkcoverage.apple.com" />
+	<target host="checkrepair.apple.com" />
+	<target host="concierge.apple.com" />
+	<target host="configuration.apple.com" />
+	<target host="consultants.apple.com" />
+	<target host="developer.apple.com" />
+	<target host="devforums.apple.com" />
+	<target host="discussions.apple.com" />
+	<target host="discussionsjapan.apple.com" />
+	<target host="ecommerce.apple.com" />
+	<target host="expresslane.apple.com" />
+	<target host="getsupport.apple.com" />
+	<target host="gsx.apple.com" />
+	<target host="gsxapp.apple.com" />
+	<target host="help.apple.com" />
+	<target host="hrweb.apple.com" />
+	<target host="iad.apple.com" />
+	<target host="id.apple.com" />
+	<target host="idmsa.apple.com" />
+	<target host="iforgot.apple.com" />
+	<target host="images.apple.com" />
+	<target host="itunes.apple.com" />
+	<target host="affiliate.itunes.apple.com" />
+	<target host="api.itunes.apple.com" />
+	<target host="autolinkmaker.itunes.apple.com" />
+	<target host="banners.itunes.apple.com" />
+	<target host="bookkeeper.itunes.apple.com" />
+	<target host="buy.itunes.apple.com" />
+	<target host="client-api.itunes.apple.com" />
+	<target host="collection.itunes.apple.com" />
+	<target host="du.itunes.apple.com" />
+	<target host="feeds.itunes.apple.com" />
+	<target host="files.itunes.apple.com" />
+	<target host="genius.itunes.apple.com" />
+	<target host="genius-2.itunes.apple.com" />
+	<target host="genius-download-2.itunes.apple.com" />
+	<target host="geo.itunes.apple.com" />
+	<target host="homesharing.itunes.apple.com" />
+	<target host="init.itunes.apple.com" />
+	<target host="itunesu.itunes.apple.com" />
+	<target host="ld-1.itunes.apple.com" />
+	<target host="ld-2.itunes.apple.com" />
+	<target host="ld-3.itunes.apple.com" />
+	<target host="ld-4.itunes.apple.com" />
+	<target host="ld-5.itunes.apple.com" />
+	<target host="ld-6.itunes.apple.com" />
+	<target host="ld-7.itunes.apple.com" />
+	<target host="ld-8.itunes.apple.com" />
+	<target host="ld-nk11.itunes.apple.com" />
+	<target host="ld-st11.itunes.apple.com" />
+	<target host="linkmaker.itunes.apple.com" />
+	<target host="metadata.itunes.apple.com" />
+	<target host="my.itunes.apple.com" />
+	<target host="myapp.itunes.apple.com" />
+	<!--target host="p\d+-buy.itunes.apple.com" />	← needs enumerating -->
+	<target host="p100-sandbox.itunes.apple.com" />
+	<target host="p1-u.itunes.apple.com" />
+	<target host="p2-u.itunes.apple.com" />
+	<target host="partiality.itunes.apple.com" />
+	<target host="pd-nk.itunes.apple.com" />
+	<target host="pd-st.itunes.apple.com" />
+	<target host="play.itunes.apple.com" />
+	<target host="redeem.itunes.apple.com" />
+	<target host="sandbox.itunes.apple.com" />
+	<target host="se.itunes.apple.com" />
+	<target host="search.itunes.apple.com" />
+	<target host="sitemanager.itunes.apple.com" />
+	<target host="sp.itunes.apple.com" />
+	<target host="static.itunes.apple.com" />
+	<target host="stations.itunes.apple.com" />
+	<target host="su.itunes.apple.com" />
+	<target host="upp.itunes.apple.com" />
+	<target host="userpub.itunes.apple.com" />
+	<target host="volume.itunes.apple.com" />
+	<target host="vpp.itunes.apple.com" />
+	<target host="widgets.itunes.apple.com" />
+	<target host="itunesconnect.apple.com" />
+	<target host="jobs.apple.com" />
+	<target host="jointventure.apple.com" />
+	<target host="locate.apple.com" />
+	<target host="mfi.apple.com" />
+	<target host="nc-unbrick1.apple.com" />
+	<target host="nwk-unbrick1.apple.com" />
+	<target host="nwk-unbrick2.apple.com" />
+	<target host="opensource.apple.com" />
+	<target host="www.opensource.apple.com" />
+	<target host="portal.apple.com" />
+	<target host="remoteadvisor.apple.com" />
+	<target host="securemetrics.apple.com" />
+	<target host="selfsolve.apple.com" />
+	<target host="store.apple.com" />
+	<target host="banners.store.apple.com" />
+	<target host="secure.store.apple.com" />
+	<target host="secure1.store.apple.com" />
+	<target host="secure2.store.apple.com" />
+	<target host="support.apple.com" />
+	<target host="km.support.apple.com" />
+	<target host="swdlp.apple.com" />
+	<target host="trailers.apple.com" />
+	<target host="wdg2.apple.com" />
+		<test url="http://trailers.apple.com/app/" />
+		<test url="http://trailers.apple.com/ca/" />
+		<test url="http://trailers.apple.com/trailers/wb/thehobbit/" />
+
+
+	<!--	Complications:	-->
+	<target host="metrics.apple.com" />
+	<rule from="^http://metrics\.apple\.com/"
+			to="https://securemetrics.apple.com/" />
+
+
+	<target host="*.phobos.apple.com" />
+	<rule from="^http://a\d+\.phobos\.apple\.com/"
+			to="https://s1.mzstatic.com/" />
+		<test url="http://a1.phobos.apple.com/us/r30/CobaltPublic/v4/37/72/a2/3772a292-10d0-b32a-6928-464f7c3ee867/206-3521510896464870564-1128711b_1.pdf" />
+		<test url="http://a1980.phobos.apple.com/us/r30/CobaltPublic/v4/37/72/a2/3772a292-10d0-b32a-6928-464f7c3ee867/206-3521510896464870564-1128711b_1.pdf" />
+		<test url="http://a758.phobos.apple.com/us/r30/CobaltPublic3/v4/16/02/46/160246b7-53d4-f37e-5997-b38d97371d68/313-7457261601664988450-Vie___Saint_Andr__n96.pdf" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Apple.xml b/src/chrome/content/rules/Apple.xml
deleted file mode 100644
index 57d8e663a17b..000000000000
--- a/src/chrome/content/rules/Apple.xml
+++ /dev/null
@@ -1,381 +0,0 @@
-<!--
-	For rules causing false/broken MCB, see Apple-falsemixed.xml.
-
-	For problematic rules, see Apple-mismatches.xml.
-
-
-	Other Apple rulesets:
-
-		- Apple_China.xml
-
-
-	CDN buckets:
-
-		- a248.e.akamai.net/7/248/51/20120908/swdlp.apple.com/
-		- a772.g.akamai.net/7/772/51/ef865529940b9e/www.apple.com/
-		- a771.da1.akamai.net/L/771/82810/5m/init.itunes.apple.com/ | ax.init.itunes.apple.com.edgesuite.net
-		- appldnld.apple.com.akadns.net
-		- devimages.apple.com.edgekey.net
-		- init.ess.apple.com.edgesuite.net
-
-		- ping.itunes.apple.com.edgesuite.net
-
-			- a1755.b.akamai.net
-
-		- static-uptodate.apple.com.edgekey.net
-		- storeimages.apple.com.edgekey.net
-		- km.support.apple.com.edgekey.net
-		- images.apple.com.edgesuite.net
-		- ax.init.itunes.apple.com.edgesuite.net
-
-		- legacy-support.apple.com.edgesuite.net
-
-			- docs.info.apple.com
-			- www0.info.apple.com
-
-		- ax.phobos.apple.com.edgesuite.net
-		- a\d+.phobos.apple.com.edgesuite.net
-
-		- a([1-5]).mzstatic.com.edgesuite.net/...
-
-			- a$1.da1.akamai.net/...
-
-
-	Nonfunctional domains:
-
-		- apple.com subdomains:
-
-			- deimos3	(403/404, akamai)
-			- init.ess	(503, akamai)
-			- userprofile.itunes *
-			- rss.lists	(shows lists; mismatched, CN: lists.apple.com)
-			- mynews *
-
-		- dzc-metrics.mzstatic.com **
-
-	* Refused
-	** Data differ between http & https
-
-
-	Problematic domains:
-
-		- apple.com subdomains:
-
-			- adcdownload *
-			- appldnld *
-			- devimages *
-			- images *
-			- manuals.info *
-			- docs.info *
-			- www.info *
-			- www0.info *
-			- dzc.itunes		(data differ)
-			- ping.itunes *
-			- www.lists		(mismatched, CN: lists.apple.com)
-			- a1.phobos *
-			- a1721.phobos *
-			- a1980.phobos *
-			- static-mynews *
-			- storeimages *
-			- km.support *
-			- trailers *
-
-		- store.storeimages.cdn-apple.com *
-		- iwork.com				(cert only matches www)
-
-		- mzstatic.com subdomains:
-
-			- (www.)	(refused)
-			- a\d *
-			- r *
-			- r[1-8] *
-			- store *
-
-	* Akamai
-
-
-	Partially covered domains:
-
-		- concierge *
-		- store *
-
-	* At least some pages redirect to http
-
-
-	Fully covered domains:
-
-		- apple.com subdomains:
-
-			- (www.)
-			- albert
-			- appldnld		(→ akamai)
-			- appleid
-			- application
-			- as-images
-			- bugreport
-			- buyiphone
-			- buyiphone[1-4]
-			- certifications
-			- configuration
-			- connect
-			- csat
-			- daw
-			- developer
-			- devforums
-			- devimages		(→ devimages.apple.com.edgekey.net)
-			- discussions
-			- discussionsjapan
-			- ecommerce
-			- service.ess
-			- service[12].ess
-			- expresslane
-			- gsx
-			- gsxapp
-			- help
-			- hrweb
-			- iad
-			- id
-			- idmsa
-			- iforgot
-			- images		(→ ssl)
-			- docs.info		(→ akamai)
-			- manuals.info		(→ akamai)
-			- www0.info		(→ akamai)
-
-			- itunes subdomains:
-
-				- ^
-				- affiliate
-				- api
-				- autolinkmaker
-				- banners
-				- bookkeeper
-				- buy
-				- c
-				- client-api
-				- du
-				- feeds
-				- files
-				- genius
-				- genius-2
-				- genius-download
-				- genius-download-2
-				- genius-upload
-				- genius-upload-2
-				- homesharing
-				- init
-				- itunesu
-				- ld-[1-8]
-				- ld-nk11
-				- ld-st11
-				- linkmaker
-				- my
-				- myapp
-				- p\d+-buy
-				- p100-sandbox
-				- p1-u
-				- p2-u
-				- partiality
-				- pd-nk
-				- pd-st
-				- play
-				- rss
-				- s
-				- sandbox
-				- sc
-				- se
-				- search
-				- sidebar
-				- sitemanager
-				- sp
-				- static
-				- stations
-				- su
-				- tl
-				- tl-activity
-				- upp
-				- userpub
-				- volume
-				- vpp
-				- widgets
-
-			- itunesconnect
-			- jobs
-			- jointventure
-			- (www.)lists		(www → ^)
-			- prod.lists
-			- locate
-			- mypage
-			- nc-as-images
-			- nc-buyiphone
-			- nc-unbrick1
-			- nwk-as-images
-			- nwk-buyiphone
-			- nwk-unbrick[12]
-			- onetoone
-			- opensource
-			- www.opensource
-			- phobos
-			- portal
-			- register
-			- remoteadvisor
-			- reportingitc
-			- securemetrics
-			- reseller
-			- reserve
-			- salestraining
-			- selfsolve
-			- ssl
-			- secure.store
-			- secure\d.store
-			- storeimages		(→ storeimages.apple.com.edgekey.net)
-			- km.support		(→ km.support.apple.com.edgekey.net)
-			- supportprofile
-			- swdlp
-			- uptodate
-			- wdg2
-
-		- hrweb.cdn-apple.com
-		- store.storeimages.cdn-apple.com	(→ storeimages.apple.com.edgekey.net)
-		- ax.phobos.apple.com.edgesuite.net	(→ s.mzstatic.com)
-		- (www.)iwork.com			(^ → www)
-		- (www.)me.com
-
-		- mzstatic.com subdomains:
-
-			- (www.)	(→ ssl.apple.com)
-			- a[1-5]	(→ s[1-5])
-			- accertify
-			- itc
-			- metrics
-			- r		(→ s)
-			- s
-			- s[1-5]
-
-
-	Observed cookie domains:
-
-		- .
-		- genius-download.itunes
-		- genius-upload.itunes
-		- sitemanager.itunes
-		- vpp.itunes
-		- store
-		- .store
-		- support
-		- supportprofile
-
-
-	Mixed content:
-
-		- Scripts, on:
-
-			- support from images *
-			- support from km.support *
-
-		- css, on:
-
-			- support from images *
-
-		- Images, on:
-
-			- itunes from images *
-			- itunes from ax.phobos.apple.com.edgesuite.net *
-			- itunes from a[1-5].mzstatic.com *
-			- support from images *
-			- support from km.support *
-
-	* Secured by us
-
-
-	NB: We secure all resources, and thus
-	-falsemixed should be merged for Ffx 24.
-
--->
-<ruleset name="Apple.com (parial)">
-
-	<target host="apple.com" />
-	<target host="*.apple.com" />
-		<exclusion pattern="^http://concierge\.apple\.com/(?!resources/)" />
-		<exclusion pattern="^http://store\.apple\.com/(?!Catalog/|[\w/]+/css/|rs/)" />
-	<target host="*.cdn-apple.com" />
-	<target host="ax.phobos.apple.com.edgesuite.net" />
-	<target host="iwork.com" />
-	<target host="www.iwork.com" />
-	<target host="me.com" />
-	<target host="www.me.com" />
-	<target host="mzstatic.com" />
-	<target host="*.mzstatic.com" />
-
-
-	<!--	Tracking cookies:
-					-->
-	<securecookie host="^\.apple\.com$" name="^s_.+$" />
-	<!--
-		Can we secured any of these safely?
-							-->
-	<!--securecookie host="^\.apple\.com$" name="^(ccl|dslang|dssid2|dz_in_cookie|geo|itspod|mzf_in|mzf_odc|ns-mzf-inst|Pod|POD|wosid-lite)$" /-->
-	<!--
-		No known problems, just being cautious:
-							-->
-	<securecookie host="^(?!\.?(?:concierg|stor)e\.apple\.com).+\.apple\.com$" name=".+" />
-
-	<rule from="^http://((?:albert|appleid|application|(?:nc-|nwk-)?as-images|bugreport|buyiphone\d?|certifications|concierge|configuration|connect|csat|daw|developer|devforums|discussions(?:japan)?|ecommerce|service\d?\.ess|expresslane|gsx|gsxapp|help|hrweb|ia?d|idmsa|iforgot|(?:(?:affiliate|api|autolinkmaker|banners|bookkeeper|buy|c|client-api|du|feeds|files|genius(?:-download|-upload)?(?:-2)?|homesharing|init|itunesu|ld-(?:\d|nk11|st11)|linkmaker|my|myapp|p\d+-buy|p100-sandbox|p[12]-u|partiality|pd-nk|pd-st|play|rss|s|sandbox|sc|se|search|sidebar|sitemanager|sp|static|stations|su|tl|tl-activity|upp|userpub|volume|vpp|widgets)\.)?itunes|itunesconnect|jointventure|jobs|prod\.lists|locate|mypage|n(?:c|wk)-(?:buyiphone|unbrick1)|nwk-unbrick2|onetoone|(www\.)?opensource|phobos|portal|register|remoteadvisor|reportingitc|reseller|reserve|salestraining|securemetrics|selfsolve|store|secure\d?\.store|supportprofile|swdlp|uptodate|wdg2|www)\.)?apple\.com/"
-		to="https://$1apple.com/" />
-
-	<rule from="^http://appldnld\.apple\.com/"
-		to="https://a248.e.akamai.net/7/248/51/20120908/appldnld.apple.com/" />
-
-	<rule from="^http://devimages\.apple\.com/"
-		to="https://devimages.apple.com.edgekey.net/" />
-
-	<rule from="^http://(?:images|ssl)\.apple\.com/"
-		to="https://ssl.apple.com/" />
-
-	<rule from="^http://docs\.info\.apple\.com/"
-		to="https://a248.e.akamai.net/7/248/51/20120908/docs.info.apple.com/" />
-
-	<rule from="^http://manuals\.info\.apple\.com/"
-		to="https://a248.e.akamai.net/7/248/51/20120908/manuals.info.apple.com/" />
-
-	<rule from="^http://www0\.info\.apple\.com/"
-		to="https://a248.e.akamai.net/7/1300/51/20120908/www0.info.apple.com/" />
-
-	<rule from="^http://(?:www\.)?lists\.apple\.com/"
-		to="https://lists.apple.com/" />
-
-	<rule from="^http://store(?:images\.|\.storeimages\.cdn-)apple\.com/"
-		to="https://storeimages.apple.com.edgekey.net/" />
-
-	<rule from="^http://hrweb\.cdn-apple\.com/"
-		to="https://hrweb.cdn-apple.com/" />
-
-	<rule from="^http://ax\.phobos\.apple\.com\.edgesuite\.net/"
-		to="https://s.mzstatic.com/" />
-
-	<rule from="^http://km\.support\.apple\.com/"
-		to="https://km.support.apple.com.edgekey.net/" />
-
-	<rule from="^http://(?:www\.)?iwork\.com/"
-		to="https://www.iwork.com/" />
-
-	<rule from="^http://(www\.)?me\.com/"
-		to="https://$1me.com/" />
-
-	<!--	Redirects over http to www.apple.com
-							-->
-	<rule from="^http://(?:www\.)?mzstatic\.com/"
-		to="https://www.apple.com/" />
-
-	<rule from="^http://a(\d)\.mzstatic\.com/"
-		to="https://s$1.mzstatic.com/" />
-
-	<rule from="^http://(accertify|itc|metrics|s\d?)\.mzstatic\.com/"
-		to="https://$1.mzstatic.com/" />
-
-	<rule from="^http://r\.mzstatic\.com/"
-		to="https://s.mzstatic.com/" />
-
-	<rule from="^https?://trailers\.apple\.com/"
-		to="http://trailers.apple.com/" downgrade="1" />
-</ruleset>
diff --git a/src/chrome/content/rules/Apple_CDN_buckets.xml b/src/chrome/content/rules/Apple_CDN_buckets.xml
new file mode 100644
index 000000000000..d80a64ddebe2
--- /dev/null
+++ b/src/chrome/content/rules/Apple_CDN_buckets.xml
@@ -0,0 +1,21 @@
+<!--
+	For other Apple coverage, see Apple.com.xml.
+-->
+<ruleset name="Apple_CDN_buckets">
+
+	<target host="ax.phobos.apple.com.edgesuite.net" />
+	<rule from="^http://ax\.phobos\.apple\.com\.edgesuite\.net/"
+			to="https://s.mzstatic.com/" />
+		<test url="http://ax.phobos.apple.com.edgesuite.net/images/badgeitunes61x15dark.gif" />
+
+	<target host="a772.g.akamai.net" />
+	<exclusion pattern="^http://a772\.g\.akamai\.net/$" />
+	<rule from="^http://a772\.g\.akamai\.net/7/772/51/\w+/www\.apple\.com/"
+			to="https://www.apple.com/" />
+		<test url="http://a772.g.akamai.net/7/772/51/10cd5e491f8714/www.apple.com/se/afs/pdf/villkor-student.pdf" />
+		<test url="http://a772.g.akamai.net/7/772/51/2f6e5c1b535fea/www.apple.com/t/2002/us/en/i/5bg.gif" />
+		<test url="http://a772.g.akamai.net/7/772/51/bd4f33c8351fd3/www.apple.com/support/products/pdf/AppleCare_PST_TC-b.pdf" />
+		<test url="http://a772.g.akamai.net/7/772/51/d833c88a53ed1a/www.apple.com/es/usb/pdf/usbfactsheet.pdf" />
+		<test url="http://a772.g.akamai.net/7/772/51/ef865529940b9e/www.apple.com/main/elements/spacer.gif" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Apple_China.xml b/src/chrome/content/rules/Apple_China.xml
deleted file mode 100644
index 795c0ecac325..000000000000
--- a/src/chrome/content/rules/Apple_China.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	For other Apple coverage, see Apple.xml.
-
-
-	- !www: no https
-	- www:	akamai
-
--->
-<ruleset name="Apple China" default_off="mismatched">
-
-	<target host="apple.com.cn" />
-	<target host="www.apple.com.cn" />
-
-
-	<rule from="^http://(?:www\.)?apple\.com\.cn/"
-		to="https://www.apple.com.cn/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Apple_Parts_Store.xml b/src/chrome/content/rules/Apple_Parts_Store.xml
index 001ced3e1ee8..94131f1d5cec 100644
--- a/src/chrome/content/rules/Apple_Parts_Store.xml
+++ b/src/chrome/content/rules/Apple_Parts_Store.xml
@@ -1,29 +1,34 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://applepartsstore.com/ => https://applepartsstore.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://re-pear.com/ => https://www.re-pear.com/: (60, 'SSL certificate problem: certificate has expired')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://re-pear.com/ => https://www.re-pear.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.re-pear.com'")
 	Problematic domains:
 
 		- www.applepartsstore.com
 		- re-pear.com			(mismatched, CN: www.applepartsstore.com)
 
-
-	Pages redirect to http.../$
-
 -->
-<ruleset name="Apple Parts Store (partial)">
+<ruleset name="Apple Parts Store (partial)" default_off="failed ruleset test">
 
 	<target host="applepartsstore.com" />
 	<target host="www.applepartsstore.com" />
 	<target host="re-pear.com" />
-	<target host="*.re-pear.com" />
+	<target host="www.re-pear.com" />
 
 
+	<securecookie host="^\.(?:www\.)?applepartsstore\.com$" name=".+" />
 	<securecookie host="^\.re-pear\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?applepartsstore\.com/(favicon\.ico|media/|skin/)"
-		to="https://applepartsstore.com/$1" />
+	<rule from="^http://(?:www\.)?applepartsstore\.com/"
+		to="https://applepartsstore.com/" />
 
 
-	<rule from="^https?://(?:www\.)?re-pear\.com/"
+	<rule from="^http://(?:www\.)?re-pear\.com/"
 		to="https://www.re-pear.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Applebees.xml b/src/chrome/content/rules/Applebees.xml
index 2da893008521..fbcd687b6ee3 100644
--- a/src/chrome/content/rules/Applebees.xml
+++ b/src/chrome/content/rules/Applebees.xml
@@ -1,9 +1,7 @@
 <ruleset name="Applebee's" platform="mixedcontent">
   <target host="applebees.com" />
-  <target host="*.applebees.com" />
+  <target host="my.applebees.com" />
+  <target host="www.applebees.com" />
 
-  <rule from="^http://applebees\.com/"
-          to="https://applebees.com/" />
-  <rule from="^http://(my|www)\.applebees\.com/"
-          to="https://$1.applebees.com/" />
-</ruleset>
\ No newline at end of file
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Appledaily.com.hk.xml b/src/chrome/content/rules/Appledaily.com.hk.xml
new file mode 100644
index 000000000000..dec72cc6dccb
--- /dev/null
+++ b/src/chrome/content/rules/Appledaily.com.hk.xml
@@ -0,0 +1,30 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- appledaily.com.hk
+-->
+<ruleset name="Appledaily.com.hk">
+	<target host="64.appledaily.com.hk" />
+	<target host="mlprd.api.appledaily.com.hk" />
+	<target host="as.appledaily.com.hk" />
+	<target host="auth.appledaily.com.hk" />
+	<target host="charity.appledaily.com.hk" />
+	<target host="goodest-api.appledaily.com.hk" />
+	<target host="goodest-cms.appledaily.com.hk" />
+	<target host="luckydraw-100k.appledaily.com.hk" />
+	<target host="mldev-api.appledaily.com.hk" />
+	<target host="mlprd-api.appledaily.com.hk" />
+	<target host="mluat-api.appledaily.com.hk" />
+	<target host="news.appledaily.com.hk" />
+	<target host="racing.appledaily.com.hk" />
+	<target host="statefarm.appledaily.com.hk" />
+	<target host="travelseed-cms.appledaily.com.hk" />
+	<target host="uat-racing.appledaily.com.hk" />
+	<target host="mlprd.ugcapi.appledaily.com.hk" />
+	<target host="vdo.appledaily.com.hk" />
+	<target host="video.appledaily.com.hk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Appledaily.com.tw.xml b/src/chrome/content/rules/Appledaily.com.tw.xml
new file mode 100644
index 000000000000..ceab129c6f0f
--- /dev/null
+++ b/src/chrome/content/rules/Appledaily.com.tw.xml
@@ -0,0 +1,32 @@
+<!--
+	Non-functional hosts
+		SSL connect error:
+		- appledaily.com.tw
+-->
+<ruleset name="Appledaily.com.tw">
+	<target host="www.appledaily.com.tw" />
+	<target host="applehouse.appledaily.com.tw" />
+	<target host="applepie-api.appledaily.com.tw" />
+	<target host="applevr.appledaily.com.tw" />
+	<target host="auth.appledaily.com.tw" />
+	<target host="dev-pay.appledaily.com.tw" />
+	<target host="dgadobe.appledaily.com.tw" />
+	<target host="ent.appledaily.com.tw" />
+	<target host="fashion.appledaily.com.tw" />
+	<target host="home.appledaily.com.tw" />
+	<target host="img.appledaily.com.tw" />
+	<target host="infographic.appledaily.com.tw" />
+	<target host="inv.appledaily.com.tw" />
+	<target host="m.appledaily.com.tw" />
+	<target host="pay.appledaily.com.tw" />
+	<target host="rtnaudio.appledaily.com.tw" />
+	<target host="rtnvideo1.appledaily.com.tw" />
+	<target host="search.appledaily.com.tw" />
+	<target host="theme.appledaily.com.tw" />
+	<target host="ticket.appledaily.com.tw" />
+	<target host="video.appledaily.com.tw" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Appledaily.com.xml b/src/chrome/content/rules/Appledaily.com.xml
new file mode 100644
index 000000000000..d6d45219b59a
--- /dev/null
+++ b/src/chrome/content/rules/Appledaily.com.xml
@@ -0,0 +1,90 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- 71.appledaily.com
+		- www.appledaily.com
+-->
+<ruleset name="Appledaily.com">
+	<target host="appledaily.com" />
+	<target host="20.appledaily.com" />
+	<target host="64.appledaily.com" />
+	<target host="add.appledaily.com" />
+	<target host="arc-static.appledaily.com" />
+	<target host="as.appledaily.com" />
+	<target host="auth.appledaily.com" />
+	<target host="breastcancer.appledaily.com" />
+	<target host="cmpg.appledaily.com" />
+	<target host="cms-privilegehk.appledaily.com" />
+	<target host="corporationplan.appledaily.com" />
+	<target host="dce2019.appledaily.com" />
+	<target host="dev-arc-static.appledaily.com" />
+	<target host="dev-cmpg.appledaily.com" />
+	<target host="dev-evt.appledaily.com" />
+	<target host="dev-policy.appledaily.com" />
+	<target host="dev-vtrk.appledaily.com" />
+	<target host="hk.entertainment.appledaily.com" />
+	<target host="qa-tw.entertainment.appledaily.com" />
+	<target host="tw.entertainment.appledaily.com" />
+	<target host="uat-tw.entertainment.appledaily.com" />
+	<target host="events.appledaily.com" />
+	<target host="evt.appledaily.com" />
+	<target host="dev-tw.feature.appledaily.com" />
+	<target host="hk.feature.appledaily.com" />
+	<target host="qa-hk.feature.appledaily.com" />
+	<target host="tw.feature.appledaily.com" />
+	<target host="uat-hk.feature.appledaily.com" />
+	<target host="uat-tw.feature.appledaily.com" />
+	<target host="hk.finance.appledaily.com" />
+	<target host="qa-tw.finance.appledaily.com" />
+	<target host="tw.finance.appledaily.com" />
+	<target host="uat-tw.finance.appledaily.com" />
+	<target host="fruitgym.appledaily.com" />
+	<target host="gift.appledaily.com" />
+	<target host="green.appledaily.com" />
+	<target host="hk.appledaily.com" />
+	<target host="imp.appledaily.com" />
+	<target host="tw.inv.appledaily.com" />
+	<target host="hk.lifestyle.appledaily.com" />
+	<target host="qa-tw.lifestyle.appledaily.com" />
+	<target host="tw.lifestyle.appledaily.com" />
+	<target host="uat-tw.lifestyle.appledaily.com" />
+	<target host="luckydraw-100k.appledaily.com" />
+	<target host="myqrcode.appledaily.com" />
+	<target host="news.appledaily.com" />
+	<target host="hk.news.appledaily.com" />
+	<target host="qa-tw.news.appledaily.com" />
+	<target host="tw.news.appledaily.com" />
+	<target host="uat-tw.news.appledaily.com" />
+	<target host="policy.appledaily.com" />
+	<target host="privilegehk.appledaily.com" />
+	<target host="privilegehk-static.appledaily.com" />
+	<target host="privilegetw.appledaily.com" />
+	<target host="privilegetw-static.appledaily.com" />
+	<target host="qa-policy.appledaily.com" />
+	<target host="quote.appledaily.com" />
+	<target host="realtime.appledaily.com" />
+	<target host="reporter.appledaily.com" />
+	<target host="hk.sports.appledaily.com" />
+	<target host="qa-tw.sports.appledaily.com" />
+	<target host="tw.sports.appledaily.com" />
+	<target host="uat-tw.sports.appledaily.com" />
+	<target host="student.appledaily.com" />
+	<target host="tw.ticket.appledaily.com" />
+	<target host="tw.appledaily.com" />
+	<target host="tw-survey.appledaily.com" />
+	<target host="uat-arc-static.appledaily.com" />
+	<target host="uat-auth.appledaily.com" />
+	<target host="uat-corporationplan.appledaily.com" />
+	<target host="uat-fruitgym.appledaily.com" />
+	<target host="uat-policy.appledaily.com" />
+	<target host="uat-student.appledaily.com" />
+	<target host="hk.video.appledaily.com" />
+	<target host="tw.video.appledaily.com" />
+	<target host="vtrk.appledaily.com" />
+	<target host="worldcup2014.appledaily.com" />
+	<target host="xinjiangcamps.appledaily.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Applianceshop.eu.xml b/src/chrome/content/rules/Applianceshop.eu.xml
new file mode 100644
index 000000000000..9297b42b086b
--- /dev/null
+++ b/src/chrome/content/rules/Applianceshop.eu.xml
@@ -0,0 +1,22 @@
+<!--
+	Mixed content:
+
+		- Images from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Applianceshop.eu">
+
+	<target host="applianceshop.eu" />
+	<target host="www.applianceshop.eu" />
+
+
+	<!--	Not secured by server:
+					-->
+	<securecookie host="^\.www\.applianceshop\.eu$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Applicom.xml b/src/chrome/content/rules/Applicom.xml
index 361d413faf5e..a056c87eb31d 100644
--- a/src/chrome/content/rules/Applicom.xml
+++ b/src/chrome/content/rules/Applicom.xml
@@ -3,7 +3,7 @@
 	<target host="apollohq.com"/>
 	<target host="*.apollohq.com"/>
 
-	<securecookie host="^launchpad\.apollohq\.com$" name=".*"/>
+	<securecookie host="^launchpad\.apollohq\.com$" name=".+" />
 
 	<rule from="^http://(?:www\.)?apollohq\.com/img/favicon(\d\d)\.png$"
 		to="https://launchpad.apollohq.com/js/__dojo__1332519149/res/img/common/icon$1.png"/>
diff --git a/src/chrome/content/rules/AppliedPrivacy.net.xml b/src/chrome/content/rules/AppliedPrivacy.net.xml
new file mode 100644
index 000000000000..9a1cb71a8c86
--- /dev/null
+++ b/src/chrome/content/rules/AppliedPrivacy.net.xml
@@ -0,0 +1,25 @@
+<!--
+	Non-2xx HTTP code:
+		- mta-sts.appliedprivacy.net
+
+	Timeout:
+		- dot1.appliedprivacy.net
+		- dot2.appliedprivacy.net
+-->
+<ruleset name="AppliedPrivacy.net">
+
+	<target host="appliedprivacy.net" />
+	<target host="www.appliedprivacy.net" />
+	<target host="doh.appliedprivacy.net" />
+	<target host="donate.appliedprivacy.net" />
+	<target host="m.appliedprivacy.net" />
+	<target host="spenden.appliedprivacy.net" />
+	<target host="status.appliedprivacy.net" />
+	<target host="t.appliedprivacy.net" />
+	<target host="w.appliedprivacy.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Apply2Jobs.com.xml b/src/chrome/content/rules/Apply2Jobs.com.xml
new file mode 100644
index 000000000000..baa4b660120b
--- /dev/null
+++ b/src/chrome/content/rules/Apply2Jobs.com.xml
@@ -0,0 +1,26 @@
+<!--
+	For other Automatic Data Processing coverage, see Automatic_Data_Processing.xml.
+
+
+	^: cert only matches www.apply2jobs.com
+
+
+	Fully covered subdomains:
+
+		- (www.)?	(^ → www)
+		- www.llcampus
+
+-->
+<ruleset name="Apply2Jobs.com">
+
+	<target host="apply2jobs.com" />
+	<target host="www.apply2jobs.com" />
+	<target host="www.llcampus.apply2jobs.com" />
+
+
+	<rule from="^http://(?:www\.)?apply2jobs\.com/"
+		to="https://www.apply2jobs.com/" />
+
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ApplyTracking.com.xml b/src/chrome/content/rules/ApplyTracking.com.xml
new file mode 100644
index 000000000000..7dc22fd5436f
--- /dev/null
+++ b/src/chrome/content/rules/ApplyTracking.com.xml
@@ -0,0 +1,32 @@
+<!--
+	For other SmashFly coverage, see SmashFly.com.
+
+
+	These altnames don't exist:
+
+		- applytracking.com
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.applytracking.com
+
+-->
+<ruleset name="ApplyTracking.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.applytracking.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.applytracking\.com$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^www\.applytracking\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ApplyWeb.com.xml b/src/chrome/content/rules/ApplyWeb.com.xml
new file mode 100644
index 000000000000..e40a37449743
--- /dev/null
+++ b/src/chrome/content/rules/ApplyWeb.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="ApplyWeb.com">
+
+	<target host="applyweb.com" />
+	<target host="www.applyweb.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ApplyYourself.xml b/src/chrome/content/rules/ApplyYourself.xml
index c23742614c18..d63f8421e242 100644
--- a/src/chrome/content/rules/ApplyYourself.xml
+++ b/src/chrome/content/rules/ApplyYourself.xml
@@ -6,7 +6,6 @@
 	<securecookie host="^app\.applyyourself\.com$" name=".+" />
 
 
-	<rule from="^http://app\.applyyourself\.com/"
-		to="https://app.applyyourself.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Appolicious.com.xml b/src/chrome/content/rules/Appolicious.com.xml
new file mode 100644
index 000000000000..f4e75cb40df1
--- /dev/null
+++ b/src/chrome/content/rules/Appolicious.com.xml
@@ -0,0 +1,15 @@
+<!--
+	Nonfunctional hosts in *.appolicious.com:
+
+	Server not found:
+	    developer.appolicious.com
+	    login.appolicious.com
+-->
+<ruleset name="Appolicious">
+
+	<target host="appolicious.com" />
+	<target host="www.appolicious.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AppsFlyer.com.xml b/src/chrome/content/rules/AppsFlyer.com.xml
new file mode 100644
index 000000000000..f25aff283cf9
--- /dev/null
+++ b/src/chrome/content/rules/AppsFlyer.com.xml
@@ -0,0 +1,37 @@
+<!--
+	Nonfunctional hosts in *appsflyer.com:
+
+		- ^ ¹
+		- support ²
+		- www ³
+
+	¹ Refused
+	² Dropped
+	³ WP Engine
+
+
+	Insecure cookies are set for these hosts:
+
+		- hq.appsflyer.com
+		- partners.appsflyer.com
+
+-->
+<ruleset name="AppsFlyer.com (partial)">
+
+	<target host="app.appsflyer.com" />
+	<target host="hq.appsflyer.com" />
+	<target host="partners.appsflyer.com" />
+	<target host="support.appsflyer.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(hq|partners)\.appsflyer\.com$" name="^AWSELB$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Appsec_USA.xml b/src/chrome/content/rules/Appsec_USA.xml
index cd480678e0f5..8ad871d57412 100644
--- a/src/chrome/content/rules/Appsec_USA.xml
+++ b/src/chrome/content/rules/Appsec_USA.xml
@@ -11,13 +11,15 @@
 <ruleset name="Appsec USA (partial)" default_off="mismatched, self-signed">
 
 	<target host="appsecusa.org" />
-	<target host="*.appsecusa.org" />
+	<target host="videos.2012.appsecusa.org" />
+	<target host="next-year.appsecusa.org" />
+	<target host="www.appsecusa.org" />
 
 
 	<securecookie host="^(?:\.2012\.)?appsecusa\.org$" name=".+" />
 
 
-	<rule from="^https?://(?:(videos\.2012\.|next-year\.)|www\.)?appsecusa\.org/"
+	<rule from="^http://(?:(videos\.2012\.|next-year\.)|www\.)?appsecusa\.org/"
 		to="https://$1appsecusa.org/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Appseccalifornia.org.xml b/src/chrome/content/rules/Appseccalifornia.org.xml
index 17e472a2ebc6..3505e2d48b54 100644
--- a/src/chrome/content/rules/Appseccalifornia.org.xml
+++ b/src/chrome/content/rules/Appseccalifornia.org.xml
@@ -1,16 +1,31 @@
-<!-- This rule was automatically generated based on an HSTS
-     preload rule in the Chromium browser.  See
-     https://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.h
-     for the list of preloads.  Sites are added to the Chromium HSTS
-     preload list on request from their administrators, so HTTPS should
-     work properly everywhere on this site.
 
-     Because Chromium and derived browsers automatically force HTTPS for
-     every access to this site, this rule applies only to Firefox. -->
-<ruleset name="Appseccalifornia.org" platform="firefox">
-<target host="appseccalifornia.org" />
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://2016.appseccalifornia.org/ => https://2016.appseccalifornia.org/: (60, 'SSL certificate problem: certificate has expired')
 
-<securecookie host="^appseccalifornia\.org$" name=".+" />
+	www.appseccalifornia.org: Mismatched
 
-<rule from="^http://appseccalifornia\.org/" to="https://appseccalifornia.org/" />
+-->
+<ruleset name="AppSec California.org" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="appseccalifornia.org" />
+	<target host="2014.appseccalifornia.org" />
+	<target host="2015.appseccalifornia.org" />
+	<target host="2016.appseccalifornia.org" />
+
+	<!--	Complications:
+				-->
+	<target host="www.appseccalifornia.org" />
+
+
+	<securecookie host="^appseccalifornia\.org$" name=".+" />
+
+
+	<rule from="^http://www\.appseccalifornia\.org/"
+		to="https://appseccalifornia.org/" />
+
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Appsecute.xml b/src/chrome/content/rules/Appsecute.xml
index 6a8254eab4af..78ed3ce9cbfb 100644
--- a/src/chrome/content/rules/Appsecute.xml
+++ b/src/chrome/content/rules/Appsecute.xml
@@ -1,13 +1,21 @@
-<ruleset name="Appsecute">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://appsecute.com/ => https://appsecute.com/: (51, "SSL: no alternative certificate subject name matches target host name 'appsecute.com'")
+Fetch error: http://www.appsecute.com/ => https://www.appsecute.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.appsecute.com'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://appsecute.com/ => https://appsecute.com/: (6, 'Could not resolve host: appsecute.com')
+-->
+<ruleset name="Appsecute" default_off="failed ruleset test">
 
 	<target host="appsecute.com" />
-	<target host="*.appsecute.com" />
+	<target host="www.appsecute.com" />
 
 
 	<securecookie host="^\.appsecute\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?appsecute\.com/"
-		to="https://$1appsecute.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Appsto.re.xml b/src/chrome/content/rules/Appsto.re.xml
new file mode 100644
index 000000000000..5cd18335f823
--- /dev/null
+++ b/src/chrome/content/rules/Appsto.re.xml
@@ -0,0 +1,19 @@
+<!--
+	For other Apple coverage, see Apple.com.xml.
+
+	www.appsto.re: Refused, different from ^appsto.re
+-->
+<ruleset name="appsto.re">
+	<target host="appsto.re" />
+	<target host="www.appsto.re" />
+
+	<!--	Redirect drops path and forward
+		slash, but not args:
+					-->
+	<rule from="^http://www\.appsto\.re/[^?]*"
+			to="https://www.apple.com/" />
+		<test url="http://www.appsto.re/?" />
+		<test url="http://www.appsto.re//" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Appuio.ch.xml b/src/chrome/content/rules/Appuio.ch.xml
new file mode 100644
index 000000000000..7a9a1865ced1
--- /dev/null
+++ b/src/chrome/content/rules/Appuio.ch.xml
@@ -0,0 +1,30 @@
+<!--
+	Non-functional hosts:
+		Certificate mismatch:
+			- docs.appuio.ch
+			- logging.lab.appuio.ch
+			- registry.lab.appuio.ch
+			- lb1.prod.zrh.appuio.ch
+			- lb2.prod.zrh.appuio.ch
+		Connection refused:
+			- masterlb1.prod.zrh.appuio.ch
+			- masterlb2.prod.zrh.appuio.ch
+		Unexpected http status code:
+			- metrics.lab.appuio.ch
+-->
+<ruleset name="Appuio.ch">
+	<target host="appuio.ch" />
+	<target host="www.appuio.ch" />
+	<target host="community.appuio.ch" />
+	<target host="console.appuio.ch" />
+	<target host="forum.appuio.ch" />
+	<target host="console.lab.appuio.ch" />
+	<target host="logging.appuio.ch" />
+	<target host="registry.appuio.ch" />
+	<target host="status.appuio.ch" />
+	<target host="test.appuio.ch" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Apress.com.xml b/src/chrome/content/rules/Apress.com.xml
new file mode 100644
index 000000000000..82131de5555f
--- /dev/null
+++ b/src/chrome/content/rules/Apress.com.xml
@@ -0,0 +1,29 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://apress.com/ => https://apress.com/: (51, "SSL: no alternative certificate subject name matches target host name 'apress.com'")
+
+	Insecure cookies are set for these domains:
+
+		- .www.apress.com
+
+
+	Mixed content:
+
+		- Images from springeruploads.com
+
+-->
+<ruleset name="Apress.com" default_off="failed ruleset test">
+  <target host="apress.com" />
+  <target host="www.apress.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.www\.apress.com$" name="^frontend$" /-->
+
+	<securecookie host="^\.www\.apress.com$" name=".+" />
+
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Apricorn.com.xml b/src/chrome/content/rules/Apricorn.com.xml
new file mode 100644
index 000000000000..90909367ef98
--- /dev/null
+++ b/src/chrome/content/rules/Apricorn.com.xml
@@ -0,0 +1,17 @@
+<!--
+	Mixed content:
+
+		- Image from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Apricorn.com">
+
+	<target host="apricorn.com" />
+	<target host="www.apricorn.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/April.org.xml b/src/chrome/content/rules/April.org.xml
index 3d1820e666ca..01e8692d84ad 100644
--- a/src/chrome/content/rules/April.org.xml
+++ b/src/chrome/content/rules/April.org.xml
@@ -1,21 +1,50 @@
 <!--
-	Observed subdomains:
-
-		- adherents
-		- wiki
-		- www
+	No working URL known:
+		agenda-du-libre.april.org
+		calamus.april.org
+		drac.april.org
+		ee.april.org
+		galanga.april.org (403)
+		gnu.april.org
+		ns1.april.org
+		ns3.april.org (401)
+		storm.april.org
+		virola.april.org
+		vortex.april.org
+		dns.vortex.april.org
 
 -->
-<ruleset name="April.org" platform="mixedcontent">
+<ruleset name="April.org">
 
 	<target host="april.org" />
-	<target host="*.april.org" />
-
+	<target host="www.april.org" />
+	<target host="adherents.april.org" />
+	<target host="agir.april.org" />
+	<target host="audio.april.org" />
+	<target host="boutique.april.org" />
+	<target host="candidats.april.org" />
+	<target host="corp.april.org" />
+	<target host="drupal7.april.org" />
+	<target host="evenement.april.org" />
+	<target host="expolibre.april.org" />
+	<target host="listes.april.org" />
+	<target host="media.april.org" />
+	<target host="mx.april.org" />
+	<target host="pad.april.org" />
+	<target host="pavot.april.org" />
+	<target host="photos.april.org" />
+	<target host="piwik.april.org" />
+	<target host="planet.april.org" />
+	<target host="planete.april.org" />
+	<target host="proximite.april.org" />
+	<target host="redmine.april.org" />
+	<target host="vip.april.org" />
+	<target host="wiki.april.org" />
 
 	<securecookie host="^.*\.april\.org$" name=".+" />
 
 
-	<rule from="^http://([^/:@]+\.)?april\.org/"
-		to="https://$1april.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Apsis_Lead.com.xml b/src/chrome/content/rules/Apsis_Lead.com.xml
new file mode 100644
index 000000000000..5ebf678fb1fe
--- /dev/null
+++ b/src/chrome/content/rules/Apsis_Lead.com.xml
@@ -0,0 +1,39 @@
+<!--
+	Other Apsis rulesets:
+
+		- Anpdm.com.xml
+		- ProspectEye.com.xml
+
+
+	Insecure cookies are set for these hosts:
+
+		- tr.apsislead.com
+
+
+	Mixed content:
+
+		- Bug on www from tr.apsislead.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Apsis Lead.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="apsislead.com" />
+	<target host="tr.apsislead.com" />
+	<target host="www.apsislead.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^tr\.apsislead\.com$" name="^[\da-f]{12}$" /-->
+
+	<securecookie host="^tr\.apsislead\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AptDeco.com.xml b/src/chrome/content/rules/AptDeco.com.xml
new file mode 100644
index 000000000000..b564693be037
--- /dev/null
+++ b/src/chrome/content/rules/AptDeco.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- www.aptdeco.com
+
+-->
+<ruleset name="AptDeco.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="aptdeco.com" />
+	<target host="www.aptdeco.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.aptdeco\.com$" name="^aptdecofrontend$" /-->
+
+	<securecookie host="^www\.aptdeco\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Apture.com.xml b/src/chrome/content/rules/Apture.com.xml
new file mode 100644
index 000000000000..76a78d82c513
--- /dev/null
+++ b/src/chrome/content/rules/Apture.com.xml
@@ -0,0 +1,12 @@
+<!--
+	For other Google rulesets, see GoogleServices.xml
+
+-->
+<ruleset name="Apture.com">
+
+	<target host="apture.com" />
+	<target host="www.apture.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Aqicn.org.xml b/src/chrome/content/rules/Aqicn.org.xml
new file mode 100644
index 000000000000..7b7c96f1f400
--- /dev/null
+++ b/src/chrome/content/rules/Aqicn.org.xml
@@ -0,0 +1,53 @@
+<!--
+	Other related ruleset:
+		- Waqi.info.xml
+
+	Mismatched:
+		- www
+		- api
+		- feedback
+		- geo
+		- ios
+		- jp2
+		- jp3
+		- mail
+		- mapi
+		- mapi3
+		- mapidroid
+		- scs
+		- sg1
+		- static
+		- sw3
+		- waqi
+		- wgt
+		- winwgt
+
+	Connection refused:
+		- d
+		- ftp
+		- stat
+		- sw2
+
+	Expired:
+		- jp1
+		- tiles
+		- widget
+
+	Connection error:
+		- sg
+-->
+<ruleset name="Aqicn.org">
+	<target host="aqicn.org" />
+	<target host="www.aqicn.org" />
+	<target host="feed.aqicn.org" />
+	<target host="res.aqicn.org" />
+	<target host="sensor.aqicn.org" />
+	<target host="tiles.aqicn.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://www\.aqicn\.org/"
+		to="https://aqicn.org/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AquaBounty.com.xml b/src/chrome/content/rules/AquaBounty.com.xml
new file mode 100644
index 000000000000..10e49d4f92f7
--- /dev/null
+++ b/src/chrome/content/rules/AquaBounty.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- aquabounty.com
+		- www.aquabounty.com
+
+-->
+<ruleset name="AquaBounty.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="aquabounty.com" />
+	<target host="www.aquabounty.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?aquabounty\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AquaGear.xml b/src/chrome/content/rules/AquaGear.xml
new file mode 100644
index 000000000000..b1cb11727531
--- /dev/null
+++ b/src/chrome/content/rules/AquaGear.xml
@@ -0,0 +1,16 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://img1.aquagear.com/ (200) => https://img1.aquagear.com/ (403)
+
+-->
+<ruleset name="AquaGear" default_off="failed ruleset test">
+	<target host=     "aquagear.com" />
+	<target host= "www.aquagear.com" />
+	<target host="img1.aquagear.com" />
+
+  	<securecookie host="^(www\.)?aquagear\.com$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Aquafina.com.xml b/src/chrome/content/rules/Aquafina.com.xml
new file mode 100644
index 000000000000..3cf55acabe99
--- /dev/null
+++ b/src/chrome/content/rules/Aquafina.com.xml
@@ -0,0 +1,11 @@
+<!--
+	Invalid certificate:
+		- policy.aquafina.com
+-->
+
+<ruleset name="Aquafina.com">
+	<target host="aquafina.com" />
+	<target host="www.aquafina.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Aquapel.ca.xml b/src/chrome/content/rules/Aquapel.ca.xml
new file mode 100644
index 000000000000..98d2fc44e013
--- /dev/null
+++ b/src/chrome/content/rules/Aquapel.ca.xml
@@ -0,0 +1,11 @@
+<ruleset name="Aquapel.ca">
+	<target host="aquapel.ca" />
+	<target host="www.aquapel.ca" />
+	<target host="cpanel.aquapel.ca" />
+	<target host="ipv6.aquapel.ca" />
+	<target host="mail.aquapel.ca" />
+	<target host="webdisk.aquapel.ca" />
+	<target host="webmail.aquapel.ca" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Aquent.xml b/src/chrome/content/rules/Aquent.xml
index 969dca79e3d4..8fe1201e0480 100644
--- a/src/chrome/content/rules/Aquent.xml
+++ b/src/chrome/content/rules/Aquent.xml
@@ -2,11 +2,11 @@
 
 	<target host="aquent.com"/>
 	<!--	* for cross-domain cookie	-->
-	<target host="*.aquent.com"/>
+	<target host="www.aquent.com" />
 	<target host="aquent.us"/>
 	<target host="www.aquent.us"/>
 
-	<securecookie host="^(.*\.)?aquent\.com$" name=".*"/>
+	<securecookie host="^(?:.*\.)?aquent\.com$" name=".+" />
 
 	<rule from="^http://(www\.)?aquent\.com/"
 		to="https://$1aquent.com/"/>
diff --git a/src/chrome/content/rules/AqueousVapor.com.xml b/src/chrome/content/rules/AqueousVapor.com.xml
new file mode 100644
index 000000000000..99a5f1afcafc
--- /dev/null
+++ b/src/chrome/content/rules/AqueousVapor.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="Aqueous Vapor.com">
+
+	<target host="aqueousvapor.com" />
+	<target host="www.aqueousvapor.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Aqueous_Vapor.com.xml b/src/chrome/content/rules/Aqueous_Vapor.com.xml
deleted file mode 100644
index 5af2cfa09f57..000000000000
--- a/src/chrome/content/rules/Aqueous_Vapor.com.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	Some pages redirect to http.
-
--->
-<ruleset name="Aqueous Vapor.com (partial)">
-
-	<target host="aqueousvapor.com" />
-	<target host="www.aqueousvapor.com" />
-		<!--exclusion pattern="^http://(www\.)?aqueousvapor.com/(?!favicon\.ico|my-account($|[?/])|wp-content/|wp-includes/)" /-->
-
-
-	<rule from="^http://(www\.)?aqueousvapor\.com/(?=favicon\.ico|my-account(?:$|[?/])|wp-content/|wp-includes/)"
-		to="https://$1aqueousvapor.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/AquilaClothing.co.uk.xml b/src/chrome/content/rules/AquilaClothing.co.uk.xml
new file mode 100644
index 000000000000..2d2950aeff1a
--- /dev/null
+++ b/src/chrome/content/rules/AquilaClothing.co.uk.xml
@@ -0,0 +1,13 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://aquilaclothing.co.uk/ => https://aquilaclothing.co.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'aquilaclothing.co.uk'")
+Fetch error: http://www.aquilaclothing.co.uk/ => https://www.aquilaclothing.co.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'www.aquilaclothing.co.uk'")
+
+-->
+<ruleset name="AquilaClothing.co.uk" default_off="failed ruleset test">
+  <target host="aquilaclothing.co.uk" />
+  <target host="www.aquilaclothing.co.uk" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Aquiss.xml b/src/chrome/content/rules/Aquiss.xml
index 94b3dd4aa589..6fd7ca2bd6e8 100644
--- a/src/chrome/content/rules/Aquiss.xml
+++ b/src/chrome/content/rules/Aquiss.xml
@@ -17,13 +17,13 @@
 -->
 <ruleset name="Aquiss (partial)">
 
-	<target host="*.aquiss.net"/>
+	<target host="ebilling.aquiss.net" />
+	<target host="secure.aquiss.net" />
 		<exclusion pattern="^http://ebilling\.aquiss\.net/(?!css/|templates/)" />
 
 
-	<securecookie host="^secure\.aquiss\.net$" name=".*"/>
+	<securecookie host="^secure\.aquiss\.net$" name=".+" />
 
-	<rule from="^http://(ebilling|secure)\.aquiss\.net/"
-		to="https://$1.aquiss.net/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/ArXiv.xml b/src/chrome/content/rules/ArXiv.xml
index e617392e220e..61bacec28736 100644
--- a/src/chrome/content/rules/ArXiv.xml
+++ b/src/chrome/content/rules/ArXiv.xml
@@ -2,32 +2,53 @@
 	For other Cornell University coverage, see Cornell.xml
 
 
-	CDN buckets:
+	Nonfunctional hosts in *arxiv.org:
 
-		- s3.amazonaws.com/arxiv.org/
+		- lanl ʳ
+
+	ʳ Refused
 
 
 	Problematic subdomains:
 
-		- www	(mismatched)
+		- de ¹
+		- fr ²
+		- xxx ²
+		- www ²
+
+	¹: Timeout
+	²: Mismatched (CN=arxiv.org)
+
+
+	Insecure cookies are set for these domains: ᶜ
+
+		- .arxiv.org
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="arXiv (partial) (default off)" default_off="default off by site request">
+<ruleset name="arXiv.org">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="arxiv.org" />
-	<target host="*.arxiv.org" />
+	<target host="static.arxiv.org" />
 
+	<!--	Complications:
+				-->
+	<target host="www.arxiv.org" />
+	<target host="xxx.arxiv.org" />
 
-	<rule from="^http://www\.arxiv\.org/"
-		to="https://arxiv.org/" />
 
-	<rule from="^http://arxiv\.org/(css/|favicon\.ico)"
-		to="https://arxiv.org/$1" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.arxiv\.org$" name="^browser$" /-->
 
-	<rule from="^http://arxiv\.org/icons/"
-		to="https://s3.amazonaws.com/arxiv-web-static1/icons/" />
 
-	<rule from="^http://static\.arxiv\.org/"
-		to="https://s3.amazonaws.com/arxiv-web-static1/" />
+	<rule from="^http://(?:www|xxx)\.arxiv\.org/"
+		to="https://arxiv.org/" />
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/ArXiv2Bibtex.org.xml b/src/chrome/content/rules/ArXiv2Bibtex.org.xml
new file mode 100644
index 000000000000..af9c00c305b3
--- /dev/null
+++ b/src/chrome/content/rules/ArXiv2Bibtex.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="ArXiv2Bibtex.org">
+	<target host="arxiv2bibtex.org" />
+	<target host="www.arxiv2bibtex.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Arachnys.xml b/src/chrome/content/rules/Arachnys.xml
index a7a09395536e..0b4af44ba339 100644
--- a/src/chrome/content/rules/Arachnys.xml
+++ b/src/chrome/content/rules/Arachnys.xml
@@ -1,13 +1,13 @@
 <ruleset name="Arachnys">
 
 	<target host="arachnys.com" />
-	<target host="*.arachnys.com" />
+	<target host="app.arachnys.com" />
+	<target host="www.arachnys.com" />
 
 
 	<securecookie host="^(?:app)?\.arachnys\.com$" name=".+" />
 
 
-	<rule from="^http://(app\.|www\.)?arachnys\.com/"
-		to="https://$1arachnys.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Aral_Balkan.com.xml b/src/chrome/content/rules/Aral_Balkan.com.xml
new file mode 100644
index 000000000000..b112eadbfc3a
--- /dev/null
+++ b/src/chrome/content/rules/Aral_Balkan.com.xml
@@ -0,0 +1,19 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://aralbalkan.com/ => https://aralbalkan.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.aralbalkan.com/ => https://www.aralbalkan.com/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="Aral Balkan.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="aralbalkan.com" />
+	<target host="www.aralbalkan.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ArangoDB.com.xml b/src/chrome/content/rules/ArangoDB.com.xml
new file mode 100644
index 000000000000..9bf6c30df297
--- /dev/null
+++ b/src/chrome/content/rules/ArangoDB.com.xml
@@ -0,0 +1,27 @@
+<!--
+	Fully covered hosts in *arangodb.com:
+
+		- (www.)?
+		- docs
+
+
+	Mixed content:
+
+		- Bug on docs from www.arangodb.com *
+
+	* Secured by us
+
+-->
+<ruleset name="ArangoDB.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="arangodb.com" />
+	<target host="docs.arangodb.com" />
+	<target host="www.arangodb.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Arbeitsagentur.xml b/src/chrome/content/rules/Arbeitsagentur.xml
index 64e2e1c43928..c01b934abfc2 100644
--- a/src/chrome/content/rules/Arbeitsagentur.xml
+++ b/src/chrome/content/rules/Arbeitsagentur.xml
@@ -1,8 +1,11 @@
-<ruleset name="Arbeitsagentur.de" platform="mixedcontent">
-  <target host="arbeitsagentur.de" />
-  <target host="www.arbeitsagentur.de" />
-  <target host="jobboerse.arbeitsagentur.de" />
+<ruleset name="Arbeitsagentur.de (partial)">
+
+	<target host="arbeitsagentur.de" />
+	<target host="www.arbeitsagentur.de" />
+	<target host="jobboerse.arbeitsagentur.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
 
-  <rule from="^http://(?:www\.)?arbeitsagentur\.de/" to="https://www.arbeitsagentur.de/"/>
-  <rule from="^http://jobboerse\.arbeitsagentur\.de/" to="https://jobboerse.arbeitsagentur.de/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/Arbor-Netscout.xml b/src/chrome/content/rules/Arbor-Netscout.xml
new file mode 100644
index 000000000000..6c1cc51b444b
--- /dev/null
+++ b/src/chrome/content/rules/Arbor-Netscout.xml
@@ -0,0 +1,89 @@
+
+<!--
+	Problematic domains:
+
+		- (www.)?arbor.net ¹
+		- atlas.arbornetworks.com ¹
+		- ddos.arbornetworks.com ²
+		- partner.arbornetworks.com
+
+	¹ Redirect differs
+	² Shows www
+
+
+	These altnames don't exist:
+
+		- www.atlas.arbor.net
+		- www.partner.arbornetworks.com
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.arbornetworks.com
+
+
+	Mixed content:
+
+		- Bug on blog from assets.cookieconsent.silktide.com ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="Arbor Networks">
+
+	<target host="atlas.arbor.net" />
+
+	<target host="arbornetworks.com" />
+	<target host="asert.arbornetworks.com" />
+	<target host="blog.arbornetworks.com" />
+	<target host="pages.arbornetworks.com" />
+	<target host="partner.arbornetworks.com" />
+	<target host="partnercenter.arbornetworks.com" />
+	<target host="www.arbornetworks.com" />
+
+	<!--	Complications:
+				-->
+	<target host="arbor.net" />
+	<target host="www.arbor.net" />
+
+	<target host="atlas.arbornetworks.com" />
+	<target host="ddos.arbornetworks.com" />
+
+	<target host="netscout.com" />
+	<target host="www.netscout.com" />
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.arbornetworks\.com$" name="^[\da-f]{32}$" /-->
+
+	<securecookie host="^\." name="^_gat?$" />
+	<securecookie host="^\w" name=".+" />
+
+	<!--	Redirect keeps path and args:
+						-->
+	<rule from="^http://atlas\.arbornetworks\.com/+"
+		to="https://atlas.arbor.net/" />
+
+		<test url="http://atlas.arbornetworks.com/home.htm" />
+
+	<rule from="^http://blog\.arbornetworks\.com/"
+                to="https://www.arbornetworks.com/blog/insight/" />
+
+	<!--	Redirect keeps path and args:
+						-->
+	<rule from="^http://ddos\.arbornetworks\.com/+"
+		to="https://www.arbornetworks.com/asert/" />
+
+		<test url="http://ddos.arbornetworks.com/home.htm" />
+	
+		<!--	Redirect keeps path and args:
+						-->
+	<rule from="^http://partner\.arbornetworks\.com/+"
+		to="https://partnercenter.arbornetworks.com/" />
+	
+		<test url="http://partner.arbornetworks.com/et.cfm" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Arbor-Networks.xml b/src/chrome/content/rules/Arbor-Networks.xml
deleted file mode 100644
index 44eb343e4b85..000000000000
--- a/src/chrome/content/rules/Arbor-Networks.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<!--
-	Nonfunctional domains:
-
-		- ddos.arbornetworks.com
-
--->
-<ruleset name="Arbor Networks (partial)">
-
-	<target host="arbor.net" />
-	<target host="*.arbor.net" />
-	<target host="arbornetworks.com" />
-	<target host="www.arbornetworks.com" />
-
-
-	<!--	- Cert only matches www.arbornetworks.com
-		- (www.)arbor.net 301s like so
-					-->
-	<rule from="^https?://(?:www\.)?arbor(?:\.net|networks\.com)/"
-		to="https://www.arbornetworks.com/" />
-
-	<rule from="^http://atlas\.arbor\.net/"
-		to="https://atlas.arbor.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/ArcGIS.xml b/src/chrome/content/rules/ArcGIS.xml
index fb024dbce5d8..697a9af1a586 100644
--- a/src/chrome/content/rules/ArcGIS.xml
+++ b/src/chrome/content/rules/ArcGIS.xml
@@ -1,28 +1,212 @@
 <!--
-	Nonfunctional domains:
+	Other ArcGIS rulesets:
 
-		- forums.arcgis.com *
-		- help.arcgis.com	(prints "we have encountered an error", akamai)
-		- resources.arcgis.com *
-		- video.arcgis.com	($ redirects to http, other paths 404; self-signed, CN: 1-84-2b-2b-3-4e-20)
+		- ArcGIS_online.com.xml
+
+
+	Nonfunctional hosts in *arcgis.com:
+
+		- forums *
+		- resources *
+		- video	($ redirects to http, other paths 404; self-signed, CN: 1-84-2b-2b-3-4e-20)
 
 	* Prints "our servers are currently busy"; mismatched, CN: www.ersi.com
 
+	maps.arcgis.com has 841 subdomains, so we use a wildcard here
+	opendata.arcgis.com has 340 subdomains, so we use a wildcard here
+
+	Cert expired:
+		- geo-airbusds1.arcgis.com
+		- geo-airbusds2.arcgis.com
+
+	Cert mismatch:
+		- bon.arcgis.com
+		- bonusers.arcgis.com
+		- features.arcgis.com
+		- help.arcgis.com
+		- tryitlive.arcgis.com
+
+	Connection refused:
+		- blogs.arcgis.com
+		- ideas.arcgis.com
+		- tasksqa.arcgis.com
+		- trust.arcgis.co
+
+	No route to host:
+		- aobeta.arcgis.com
+		- Cabeta.arcgis.com
+		- castest.arcgis.com
+		- sharepointbeta.arcgis.co
+
+	Redirect to plain:
+		- communitymaps.arcgis.com
+
+	Timeout:
+		- SampleTrackingServer1.arcgis.com
+		- afmcloud.arcgis.com
+		- ecoexplorer.arcgis.com
+		- historicalmaps.arcgis.com
+		- storymapsdev2.arcgis.com
+		- sampletrackingserver1.arcgis.com
+		- tasks.arcgis.com
+
 -->
-<ruleset name="ArcGIS (partial)">
+<ruleset name="ArcGIS.com (partial)">
 
 	<target host="arcgis.com" />
-	<target host="*.arcgis.com" />
-	<target host="serverapi.arcgisonline.com" />
+	<target host="www.arcgis.com" />
+	<target host="*.maps.arcgis.com" />
+	<target host="*.opendata.arcgis.com" />
+	<target host="3dcampus.arcgis.com" />
+	<target host="accounts.arcgis.com" />
+	<target host="accounts-dev.arcgis.com" />
+	<target host="accounts-stg.arcgis.com" />
+	<target host="activitydashboard.arcgis.com" />
+	<target host="analysis.arcgis.com" />
+	<target host="analysis1.arcgis.com" />
+	<target host="analysis2.arcgis.com" />
+	<target host="analysis3.arcgis.com" />
+	<target host="analysis5.arcgis.com" />
+	<target host="analysis6.arcgis.com" />
+	<target host="apps.arcgis.com" />
+	<target host="appsdevext.arcgis.com" />
+	<target host="appsqa.arcgis.com" />
+	<target host="appstudio.arcgis.com" />
+	<target host="asmdevext.arcgis.com" />
+	<target host="bao.arcgis.com" />
+	<target host="basemapsbeta.arcgis.com" />
+	<target host="billing.arcgis.com" />
+	<target host="cdn.arcgis.com" />
+	<target host="codesharing.arcgis.com" />
+	<target host="csm.arcgis.com" />
+	<target host="csmdev.arcgis.com" />
+	<target host="csmqa.arcgis.com" />
+	<target host="demographics1.arcgis.com" />
+	<target host="demographics2.arcgis.com" />
+	<target host="demographics3.arcgis.com" />
+	<target host="demographics4.arcgis.com" />
+	<target host="demographics5.arcgis.com" />
+	<target host="desktop.arcgis.com" />
+	<target host="developers.arcgis.com" />
+	<target host="devext.arcgis.com" />
+	<target host="doc.arcgis.com" />
+	<target host="downloads.arcgis.com" />
+	<target host="earthobs1.arcgis.com" />
+	<target host="earthobs2.arcgis.com" />
+	<target host="elevation.arcgis.com" />
+	<target host="elevation2.arcgis.com" />
+	<target host="elevation3d.arcgis.com" />
+	<target host="explorer.arcgis.com" />
+	<target host="explorerdevext.arcgis.com" />
+	<target host="explorerqa.arcgis.com" />
+	<target host="featuresdev.arcgis.com" />
+	<target host="featuresqa.arcgis.com" />
+	<target host="forums.arcgis.com" />
+	<target host="geocode.arcgis.com" />
+	<target host="geocodedev.arcgis.com" />
+	<target host="geocodedev1.arcgis.com" />
+	<target host="geoenrich.arcgis.com" />
+	<target host="geoplanner.arcgis.com" />
+	<target host="geotrigger.arcgis.com" />
+	<target host="historical1.arcgis.com" />
+	<target host="hub.arcgis.com" />
+	<target host="hubdev.arcgis.com" />
+	<target host="hubqa.arcgis.com" />
+	<target host="hydro.arcgis.com" />
+	<target host="js.arcgis.com" />
+	<target host="jso.arcgis.com" />
+	<target host="jsqa.arcgis.com" />
+	<target host="la.arcgis.com" />
+	<target host="lacdn.arcgis.com" />
+	<target host="landsat.arcgis.com" />
+	<target host="landsat2.arcgis.com" />
+	<target host="landscape1.arcgis.com" />
+	<target host="landscape2.arcgis.com" />
+	<target host="landscape3.arcgis.com" />
+	<target host="landscape4.arcgis.com" />
+	<target host="landscape5.arcgis.com" />
+	<target host="landscape6.arcgis.com" />
+	<target host="landscape7.arcgis.com" />
+	<target host="landscapemodeler.arcgis.com" />
+	<target host="learn.arcgis.com" />
+	<target host="listingdetailsdev.arcgis.com" />
+	<target host="livefeeds.arcgis.com" />
+	<target host="livefeeds2.arcgis.com" />
+	<target host="livingatlas.arcgis.com" />
+	<target host="location-analytics.arcgis.com" />
+	<target host="logistics.arcgis.com" />
+	<target host="maps.arcgis.com" />
+	<target host="mapsqa.arcgis.com" />
+	<target host="team.mapsqa.arcgis.com" />
+	<target host="wi.maptiles.arcgis.com" />
+	<target host="wtb.maptiles.arcgis.com" />
+	<target host="marketplace.arcgis.com" />
+	<target host="modis.arcgis.com" />
+	<target host="nadev.arcgis.com" />
+	<target host="naip.arcgis.com" />
+	<target host="oceans1.arcgis.com" />
+	<target host="oceans2.arcgis.com" />
+	<target host="opendata.arcgis.com" />
+	<target host="opendatadev.arcgis.com" />
+	<target host="opendataqa.arcgis.com" />
+	<target host="pro.arcgis.com" />
+	<target host="pub.arcgis.com" />
+	<target host="pubdev.arcgis.com" />
+	<target host="pubqa.arcgis.com" />
+	<target host="qaext.arcgis.com" />
+	<target host="resources.arcgis.com" />
+	<target host="resourcesbeta.arcgis.com" />
+	<target host="route.arcgis.com" />
+	<target host="scene.arcgis.com" />
+	<target host="sceneserverdev1.arcgis.com" />
+	<target host="seattle2-elevation3d.arcgis.com" />
+	<target host="server.arcgis.com" />
+	<target host="services.arcgis.com" />
+	<target host="services1.arcgis.com" />
+	<target host="services2.arcgis.com" />
+	<target host="services3.arcgis.com" />
+	<target host="services4.arcgis.com" />
+	<target host="services5.arcgis.com" />
+	<target host="services6.arcgis.com" />
+	<target host="services7.arcgis.com" />
+	<target host="servicesdev.arcgis.com" />
+	<target host="servicesqa.arcgis.com" />
+	<target host="solutions.arcgis.com" />
+	<target host="workforce.stage.arcgis.com" />
+	<target host="static.arcgis.com" />
+	<target host="storymaps.arcgis.com" />
+	<target host="developerscorner.storymaps.arcgis.com" />
+	<target host="survey123.arcgis.com" />
+	<target host="tiledbasemaps.arcgis.com" />
+	<target host="tiles.arcgis.com" />
+	<target host="tiles1.arcgis.com" />
+	<target host="tiles2.arcgis.com" />
+	<target host="tiles3.arcgis.com" />
+	<target host="tiles4.arcgis.com" />
+	<target host="traffic.arcgis.com" />
+	<target host="trial.arcgis.com" />
+	<target host="utilitydevext.arcgis.com" />
+	<target host="utilityqa.arcgis.com" />
+	<target host="video.arcgis.com" />
+	<target host="webaccounts.arcgis.com" />
+	<target host="workforce.arcgis.com" />
+
+		<test url="http://js.arcgis.com/3.13/dijit/themes/claro/claro.css" />
 
+		<test url="http://acogis.maps.arcgis.com/" />
+		<test url="http://brooklynpark.maps.arcgis.com/" />
+		<test url="http://lra-cha.maps.arcgis.com/" />
+		<test url="http://rws.maps.arcgis.com/" />
 
-	<securecookie host="^www\.arcgis\.com$" name=".+" />
+		<test url="http://aampo-mpo.opendata.arcgis.com/" />
+		<test url="http://data-npdc.opendata.arcgis.com/" />
+		<test url="http://parcels-lunacountynm.opendata.arcgis.com/" />
+		<test url="http://valuelab.opendata.arcgis.com/" />
 
+	<securecookie host="^\w" name=".+" />
 
-	<rule from="^http://(developers\.|webaccounts\.|www\.)?arcgis\.com/"
-		to="https://$1arcgis.com/" />
 
-	<rule from="^http://serverapi\.arcgisonline\.com/"
-		to="https://serverapi.arcgisonline.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ArcGIS_online.com.xml b/src/chrome/content/rules/ArcGIS_online.com.xml
new file mode 100644
index 000000000000..6c84c1a40f02
--- /dev/null
+++ b/src/chrome/content/rules/ArcGIS_online.com.xml
@@ -0,0 +1,107 @@
+<!--
+	For other ArcGIS coverage, see ArcGIS.xml.
+
+	Cert expired:
+	- www.arcgisonline.com
+	- imagerystg.arcgisonline.com
+	- redlands-imagery1.arcgisonline.com
+	- redlands-imagery2.arcgisonline.com
+	- redlands-imagery3.arcgisonline.com
+	- seattle-imagery1.arcgisonline.com
+	- seattle-imagery2.arcgisonline.com
+	- seattle-imagery5.arcgisonline.com
+
+	Cert mismatch:
+		- arcgisonline.com
+		- qaext.arcgisonline.com
+
+	Chain incomplete:
+		- conservation1.arcgisonline.com
+		- conservation2.arcgisonline.com
+
+	Connection refused:
+		- tasksqa.arcgisonline.com
+
+	No route to host:
+		- accountstg.arcgisonline.com
+		- imagery10.arcgisonline.com
+		- premiumtasksstg.arcgisonline.com
+
+	Timeout:
+		- conservation.arcgisonline.com
+		- conservation3.arcgisonline.com
+		- dev.arcgisonline.com
+		- events1.arcgisonline.com
+		- events2.arcgisonline.com
+		- goto.arcgisonline.com
+		- maps8.arcgisonline.com
+		- mesa1-services.arcgisonline.com
+		- mesa2-services.arcgisonline.com
+		- mobilesampleserver.arcgisonline.com
+		- premiumtasks.arcgisonline.com
+		- sampleserver1a.arcgisonline.com
+		- sampleserver1b.arcgisonline.com
+		- sampleserver1c.arcgisonline.com
+		- sampleserver2b.arcgisonline.com
+		- sampleserver3a.arcgisonline.com
+		- sampleserver3b.arcgisonline.com
+		- sampleserver4dev.arcgisonline.com
+		- services2.arcgisonline.com
+		- services4.arcgisonline.com
+		- services5.arcgisonline.com
+		- tiles.arcgisonline.com
+
+	TLS errors:
+		- account.arcgisonline.com
+-->
+
+<ruleset name="ArcGIS online.com">
+
+	<target host="appssampleserver.arcgisonline.com" />
+	<target host="arclogistics.arcgisonline.com" />
+	<target host="datareviewer.arcgisonline.com" />
+	<target host="edit.arcgisonline.com" />
+	<target host="events.arcgisonline.com" />
+	<target host="geocodedev.arcgisonline.com" />
+	<target host="imagery.arcgisonline.com" />
+	<target host="jmakarkklfrvdvg.arcgisonline.com" />
+	<target host="maps1.arcgisonline.com" />
+	<target host="maps1a.arcgisonline.com" />
+	<target host="maps1b.arcgisonline.com" />
+	<target host="maps2.arcgisonline.com" />
+	<target host="maps3.arcgisonline.com" />
+	<target host="maps4.arcgisonline.com" />
+	<target host="maps5.arcgisonline.com" />
+	<target host="maps6.arcgisonline.com" />
+	<target host="maps7.arcgisonline.com" />
+	<target host="origin-services.arcgisonline.com" />
+	<target host="raster.arcgisonline.com" />
+	<target host="redlands-imagery.arcgisonline.com" />
+	<target host="sampleserver1.arcgisonline.com" />
+	<target host="sampleserver2.arcgisonline.com" />
+	<target host="sampleserver3.arcgisonline.com" />
+	<target host="sampleserver4.arcgisonline.com" />
+	<target host="sampleserver5.arcgisonline.com" />
+	<target host="sampleserver5a.arcgisonline.com" />
+	<target host="sampleserver6.arcgisonline.com" />
+	<target host="seattle-imagery.arcgisonline.com" />
+	<target host="seattle1-services.arcgisonline.com" />
+	<target host="server.arcgisonline.com" />
+	<target host="serverapi.arcgisonline.com" />
+	<target host="services.arcgisonline.com" />
+	<target host="servicesbeta.arcgisonline.com" />
+	<target host="servicesdev.arcgisonline.com" />
+	<target host="tasks.arcgisonline.com" />
+	<target host="ucevents.arcgisonline.com" />
+	<target host="utility.arcgisonline.com" />
+	<target host="utility1.arcgisonline.com" />
+	<target host="utilitydev.arcgisonline.com" />
+	<target host="utilityqa.arcgisonline.com" />
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Arch.xml b/src/chrome/content/rules/Arch.xml
deleted file mode 100644
index e4f829b55e00..000000000000
--- a/src/chrome/content/rules/Arch.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Arch Linux">
-
-	<target host="archlinux.org" />
-	<target host="*.archlinux.org" />
-
-
-	<securecookie host="^.*\.archlinux\.org$" name=".*" />
-
-
-	<rule from="^http://([^/:@\.]+\.)?archlinux\.org/"
-		to="https://$1archlinux.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/ArchBang.org.xml b/src/chrome/content/rules/ArchBang.org.xml
new file mode 100644
index 000000000000..0867a90b3847
--- /dev/null
+++ b/src/chrome/content/rules/ArchBang.org.xml
@@ -0,0 +1,23 @@
+<!--
+	CN: *.secure-secure.co.uk
+
+-->
+<ruleset name="ArchBang.org" default_off="mismatched">
+
+	<target host="archbang.org" />
+	<target host="bbs.archbang.org" />
+	<target host="wiki.archbang.org" />
+	<target host="www.archbang.org" />
+
+
+	<!--	Secured by server:
+					-->
+	<!--securecookie host="^wiki\.archbang\.org$" name="^web\d+-wiki_session$" /-->
+
+
+	<!--	wiki appends port number onto redirects.
+							-->
+	<rule from="^http://((?:bbs|wiki|www)\.)?archbang\.org(?::80)?/"
+		to="https://$1archbang.org/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Arch_Linux.fr.xml b/src/chrome/content/rules/Arch_Linux.fr.xml
new file mode 100644
index 000000000000..e3436b7bcf50
--- /dev/null
+++ b/src/chrome/content/rules/Arch_Linux.fr.xml
@@ -0,0 +1,16 @@
+<ruleset name="Arch Linux.fr">
+
+	<target host="archlinux.fr" />
+	<target host="forums.archlinux.fr" />
+	<target host="planet.archlinux.fr" />
+	<target host="wiki.archlinux.fr" />
+	<target host="www.archlinux.fr" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Archaic_Binary.net.xml b/src/chrome/content/rules/Archaic_Binary.net.xml
new file mode 100644
index 000000000000..95a5cf676b92
--- /dev/null
+++ b/src/chrome/content/rules/Archaic_Binary.net.xml
@@ -0,0 +1,13 @@
+<ruleset name="Archaic Binary.net">
+
+	<target host="archaicbinary.net" />
+	<target host="www.archaicbinary.net" />
+
+
+	<securecookie host="^\.archaicbinary\.net$" name="^__cfduid$" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Archi-Strasbourg.xml b/src/chrome/content/rules/Archi-Strasbourg.xml
index 108c720aa4a0..fb7a237bf37a 100644
--- a/src/chrome/content/rules/Archi-Strasbourg.xml
+++ b/src/chrome/content/rules/Archi-Strasbourg.xml
@@ -1,6 +1,16 @@
-<ruleset name="Archi-Strasbourg">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://archi-strasbourg.org/ => https://archi-strasbourg.org/: (51, "SSL: no alternative certificate subject name matches target host name 'archi-strasbourg.org'")
+Fetch error: http://www.archi-strasbourg.org/ => https://archi-strasbourg.org/: (51, "SSL: no alternative certificate subject name matches target host name 'archi-strasbourg.org'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://archi-strasbourg.org/ => https://archi-strasbourg.org/: Cycle detected - URL already encountered: https://archi-strasbourg.org/
+Fetch error: http://www.archi-strasbourg.org/ => https://archi-strasbourg.org/: Cycle detected - URL already encountered: https://archi-strasbourg.org/
+-->
+<ruleset name="Archi-Strasbourg" default_off="failed ruleset test">
   <target host="archi-strasbourg.org"/>
   <target host="www.archi-strasbourg.org"/>
 
-  <rule from="^http://(www\.)?archi-strasbourg\.org/" to="https://archi-strasbourg.org/"/>
+  <rule from="^http://(?:www\.)?archi-strasbourg\.org/" to="https://archi-strasbourg.org/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/Architects_Journal.xml b/src/chrome/content/rules/Architects_Journal.xml
index f4c182fa4f36..9457230ff947 100644
--- a/src/chrome/content/rules/Architects_Journal.xml
+++ b/src/chrome/content/rules/Architects_Journal.xml
@@ -24,4 +24,4 @@
 	<rule from="^http://(?:www\.)?(?:architectsjournal|theaj)\.co\.uk/"
 		to="https://www.architectsjournal.co.uk/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Archive-It.org.xml b/src/chrome/content/rules/Archive-It.org.xml
new file mode 100644
index 000000000000..54cb1b1430fe
--- /dev/null
+++ b/src/chrome/content/rules/Archive-It.org.xml
@@ -0,0 +1,31 @@
+<!--
+	For other Internet Archive coverage, see Internet-Archive.xml.
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- archive-it.org
+		- .partner.archive-it.org
+		- www.archive-it.org
+
+-->
+<ruleset name="Archive-It.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="archive-it.org" />
+	<target host="partner.archive-it.org" />
+	<target host="www.archive-it.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:\.partner|www\.)?archive-it\.org$" name="^JSESSIONID-archive-it\.org$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Archive.is.xml b/src/chrome/content/rules/Archive.is.xml
new file mode 100644
index 000000000000..0164e2e4d9ea
--- /dev/null
+++ b/src/chrome/content/rules/Archive.is.xml
@@ -0,0 +1,24 @@
+<ruleset name="Archive.is">
+
+	<target host="archive.today" />
+	<target host="www.archive.today" />
+	<target host="blog.archive.today" />
+	<target host="archive.fo" />
+	<target host="www.archive.fo" />
+	<target host="archive.is" />
+	<target host="www.archive.is" />
+	<target host="blog.archive.is" />
+	<target host="archive.li" />
+	<target host="www.archive.li" />
+	<target host="blog.archive.li" />
+	<target host="archive.ph" />
+	<target host="www.archive.ph" />
+	<target host="blog.archive.ph" />
+	<target host="archive.vn" />
+	<target host="www.archive.vn" />
+	<target host="blog.archive.vn" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Archive.org_Way_Back_Machine.xml b/src/chrome/content/rules/Archive.org_Way_Back_Machine.xml
index 3bfd15aba5da..28e1637ee495 100644
--- a/src/chrome/content/rules/Archive.org_Way_Back_Machine.xml
+++ b/src/chrome/content/rules/Archive.org_Way_Back_Machine.xml
@@ -2,15 +2,25 @@
 	For other Internet Archive coverage, see Internet-Archive.xml.
 
 -->
-<ruleset name="Archive.org Way Back Machine" default_off="webmaster request">
+<ruleset name="Archive.org Way Back Machine">
 
 	<target host="web.archive.org" />
+	<target host="web-beta.archive.org" />
+	<target host="wayback.archive.org" />
+	<target host="waybackmachine.org" />
 
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.archive\.org$" name="^wayback_server$" /-->
+	<!--securecookie host="^web\.archive\.org$" name="^(JSESSIONID|wb_total_perf)$" /-->
+
 	<securecookie host="^web\.archive\.org$" name=".+" />
 
 
-	<rule from="^http://web\.archive\.org/"
-		to="https://web.archive.org/" />
+    <rule from="^http://waybackmachine\.org/"
+        to="https://web.archive.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/ArchiveOfOurOwn.xml b/src/chrome/content/rules/ArchiveOfOurOwn.xml
index e0d9c90aa35f..84903bb2bfb5 100644
--- a/src/chrome/content/rules/ArchiveOfOurOwn.xml
+++ b/src/chrome/content/rules/ArchiveOfOurOwn.xml
@@ -1,5 +1,32 @@
-<ruleset name="ArchiveOfOurOwn">
+<!--
+	www.archiveofourown.org: Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- archiveofourown.org
+
+-->
+<ruleset name="ArchiveOfOurOwn.org">
+	<!--	Direct rewrites:
+				-->
   <target host="archiveofourown.org"/>
+	<!--	Complications:
+				-->
   <target host="www.archiveofourown.org"/>
-  <rule from="^http://(www\.)?archiveofourown\.org/" to="https://archiveofourown.org/"/>
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^archiveofourown\.org$" name="^(?:_otwarchive_session|flash_is_set)$" /-->
+
+	<securecookie host="^archiveofourown\.org$" name=".+" />
+
+
+	<rule from="^http://www\.archiveofourown\.org/"
+		to="https://archiveofourown.org/"/>
+
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/ArchiveTeam.org.xml b/src/chrome/content/rules/ArchiveTeam.org.xml
new file mode 100644
index 000000000000..af07d07549fc
--- /dev/null
+++ b/src/chrome/content/rules/ArchiveTeam.org.xml
@@ -0,0 +1,17 @@
+<!--
+    Refused:
+        - digitize
+        - fileformats
+        - justsolve
+        - iabak
+        - iabackup
+-->
+<ruleset name="ArchiveTeam.org">
+	<target host="archiveteam.org" />
+	<target host="www.archiveteam.org" />
+	<target host="internetarchive.archiveteam.org" />
+	<target host="tracker.archiveteam.org" />
+	<target host="warriorhq.archiveteam.org" />
+
+    <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Archives-ouvertes.fr.xml b/src/chrome/content/rules/Archives-ouvertes.fr.xml
new file mode 100644
index 000000000000..788e0dcb41c7
--- /dev/null
+++ b/src/chrome/content/rules/Archives-ouvertes.fr.xml
@@ -0,0 +1,33 @@
+<ruleset name="Archives-ouvertes.fr">
+
+	<target host="archives-ouvertes.fr" />
+	<target host="*.archives-ouvertes.fr" />
+		<test url="http://www.archives-ouvertes.fr/" />
+		<test url="http://api.archives-ouvertes.fr/" />
+		<test url="http://aurehal.archives-ouvertes.fr/" />
+		<test url="http://aurehal-preprod.archives-ouvertes.fr/" />
+		<test url="http://cel.archives-ouvertes.fr/" />
+		<test url="http://cv.archives-ouvertes.fr/" />
+		<test url="http://doc.archives-ouvertes.fr/" />
+		<test url="http://hal.archives-ouvertes.fr/" />
+		<test url="http://halshs.archives-ouvertes.fr/" />
+		<test url="http://medihal.archives-ouvertes.fr/" />
+		<test url="http://pastel.archives-ouvertes.fr/" />
+		<test url="http://tel.archives-ouvertes.fr/" />
+		<test url="http://telearn.archives-ouvertes.fr/" />
+
+		<!-- Per-institution subdomains -->
+		<test url="http://hal-ens.archives-ouvertes.fr/" />
+		<test url="http://hal-pasteur.archives-ouvertes.fr/" />
+		<test url="http://hal-pjse.archives-ouvertes.fr/" />
+		<test url="http://hal-supelec.archives-ouvertes.fr/" />
+
+	<securecookie host="^tel\.archives-ouvertes\.fr$" name=".+" />
+
+	<rule from="^http://archives-ouvertes\.fr/"
+		to="https://archives-ouvertes.fr/" />
+
+	<rule from="^http://(api|aurehal|aurehal-preprod|cel|cv|doc|hal|hal-\w+|halshs|medihal|pastel|tel|telearn|www)\.archives-ouvertes\.fr/"
+		to="https://$1.archives-ouvertes.fr/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Archomedia.xml b/src/chrome/content/rules/Archomedia.xml
index eb6df3686c75..bbc6bbcfa095 100644
--- a/src/chrome/content/rules/Archomedia.xml
+++ b/src/chrome/content/rules/Archomedia.xml
@@ -14,4 +14,4 @@
 	<rule from="^http://(?:www\.)?archomedia\.com/"
 		to="https://archomedia.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Archos.com.xml b/src/chrome/content/rules/Archos.com.xml
index beb47f0a8aeb..9bc3d2f6ac8e 100644
--- a/src/chrome/content/rules/Archos.com.xml
+++ b/src/chrome/content/rules/Archos.com.xml
@@ -2,5 +2,5 @@
   <target host="archos.com" />
   <target host="www.archos.com" />
 
-  <rule from="^http://(?:www\.)?archos\.com/" to="https://www.archos.com/" />
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Arciszewski.me.xml b/src/chrome/content/rules/Arciszewski.me.xml
new file mode 100644
index 000000000000..130ec4c2a52a
--- /dev/null
+++ b/src/chrome/content/rules/Arciszewski.me.xml
@@ -0,0 +1,27 @@
+<!--
+	(www.)?arciszewski.me: 526
+
+
+	Insecure cookies are set for these domains:
+
+		- .arciszewski.me
+
+-->
+<ruleset name="Arciszewski.me (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="scott.arciszewski.me" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.arciszewski\.me$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.arciszewski\.me$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ardamis.com.xml b/src/chrome/content/rules/Ardamis.com.xml
new file mode 100644
index 000000000000..73e6c9060e7f
--- /dev/null
+++ b/src/chrome/content/rules/Ardamis.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="Ardamis.com">
+
+	<target host="ardamis.com" />
+	<target host="www.ardamis.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ardis.ru.xml b/src/chrome/content/rules/Ardis.ru.xml
new file mode 100644
index 000000000000..e29109909f58
--- /dev/null
+++ b/src/chrome/content/rules/Ardis.ru.xml
@@ -0,0 +1,7 @@
+<ruleset name="Ardis.ru">
+	<target host="ardis.ru" />
+	<target host="www.ardis.ru" />
+	<target host="my.ardis.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ardour.xml b/src/chrome/content/rules/Ardour.xml
index ba78e387a93b..3d8c1d8bc3e4 100644
--- a/src/chrome/content/rules/Ardour.xml
+++ b/src/chrome/content/rules/Ardour.xml
@@ -15,13 +15,14 @@
 <ruleset name="Ardour (partial)">
 
 	<target host="ardour.org" />
-	<target host="*.ardour.org" />
+	<target host="community.ardour.org" />
+	<target host="www.ardour.org" />
+	<target host="www.community.ardour.org" />
 
 
 	<securecookie host="^\.community\.ardour\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?(community\.)?ardour\.org/"
-		to="https://$1$2ardour.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Arduino.cc.xml b/src/chrome/content/rules/Arduino.cc.xml
new file mode 100644
index 000000000000..04b838c8d70f
--- /dev/null
+++ b/src/chrome/content/rules/Arduino.cc.xml
@@ -0,0 +1,25 @@
+<!--
+	Nonfunctional subdomains:
+        - www.id (wrong cert)
+        - casajasmina.arduino.cc (refused)
+
+    Latest test: 11.11.2017
+-->
+<ruleset name="Arduino.cc (partial)">
+	<target host="arduino.cc" />
+	<target host="www.arduino.cc" />
+
+	<!--<target host="auth.arduino.cc" />--><!-- breaks test script -->
+	<target host="blog.arduino.cc" />
+	<target host="cdn.arduino.cc" />
+	<target host="create.arduino.cc" />
+	<target host="cloud.arduino.cc" />
+	<target host="day.arduino.cc" />
+	<target host="downloads.arduino.cc" />
+	<target host="forum.arduino.cc" />
+	<target host="id.arduino.cc" />
+	<target host="playground.arduino.cc" />
+	<target host="store.arduino.cc" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AreWeCompressedYet.com.xml b/src/chrome/content/rules/AreWeCompressedYet.com.xml
new file mode 100644
index 000000000000..eb91705ce62b
--- /dev/null
+++ b/src/chrome/content/rules/AreWeCompressedYet.com.xml
@@ -0,0 +1,16 @@
+<!--
+	For other Xiph rulesets, see Xiph.org.xml.
+
+	Invalid certificate:
+		www.arewecompressedyet.com
+
+-->
+<ruleset name="AreWeCompressedYet.com">
+
+	<target host="arewecompressedyet.com" />
+	<target host="beta.arewecompressedyet.com" />
+	<target host="two.arewecompressedyet.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AreWeFluentYet.com.xml b/src/chrome/content/rules/AreWeFluentYet.com.xml
new file mode 100644
index 000000000000..6e2582d8e5b0
--- /dev/null
+++ b/src/chrome/content/rules/AreWeFluentYet.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="AreWeFluentYet.com">
+	<target host="arewefluentyet.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AreWeLearningYet.com.xml b/src/chrome/content/rules/AreWeLearningYet.com.xml
new file mode 100644
index 000000000000..3f953934d6a9
--- /dev/null
+++ b/src/chrome/content/rules/AreWeLearningYet.com.xml
@@ -0,0 +1,9 @@
+<!--
+	Nonfunctional hosts in *.arewelearningyet.com:
+		- arewelearningyet.com:
+-->
+<ruleset name="AreWeLearningYet.com">
+	<target host="www.arewelearningyet.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AreWeWebYet.org.xml b/src/chrome/content/rules/AreWeWebYet.org.xml
new file mode 100644
index 000000000000..acfcc5c1d295
--- /dev/null
+++ b/src/chrome/content/rules/AreWeWebYet.org.xml
@@ -0,0 +1,9 @@
+ <!--
+	Nonfunctional hosts in *.arewewebyet.org:
+		- arewewebyet.org:
+-->
+<ruleset name="AreWeWebYet.org">
+	<target host="www.arewewebyet.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Area_17.com.xml b/src/chrome/content/rules/Area_17.com.xml
new file mode 100644
index 000000000000..8a63e8097c7d
--- /dev/null
+++ b/src/chrome/content/rules/Area_17.com.xml
@@ -0,0 +1,51 @@
+<!--
+	Problematic hosts in *area17.com:
+
+		- ^ ¹
+		- assets ²
+
+	¹ Prints "area17-new"
+	² Cloudfront
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.area17.com
+
+
+	Mixed content:
+
+		- Images on www from assets.area17.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Area 17.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.area17.com" />
+
+	<!--	Complications:
+				-->
+	<target host="area17.com" />
+	<target host="assets.area17.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.area17\.com$" name="^_area17_redux$" /-->
+
+	<securecookie host="^www\.area17\.com$" name=".+" />
+
+
+	<rule from="^http://area17\.com/"
+		to="https://www.area17.com/" />
+
+	<rule from="^http://assets\.area17\.com/"
+		to="https://d6115e0oaclnc.cloudfront.net/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ArenaVC.com.xml b/src/chrome/content/rules/ArenaVC.com.xml
new file mode 100644
index 000000000000..32d4c38ff5ee
--- /dev/null
+++ b/src/chrome/content/rules/ArenaVC.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- arenavc.com
+
+-->
+<ruleset name="ArenaVC.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="arenavc.com" />
+	<target host="www.arenavc.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^arenavc\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^arenavc\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ArenaofValor.com.xml b/src/chrome/content/rules/ArenaofValor.com.xml
new file mode 100644
index 000000000000..268f423cdabd
--- /dev/null
+++ b/src/chrome/content/rules/ArenaofValor.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="ArenaofValor.com">
+
+	<target host="www.arenaofvalor.com" />
+	<target host="forum.arenaofvalor.com" />
+	<target host="ue.arenaofvalor.com" />
+		<test url="http://ue.arenaofvalor.com/mur/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Argeweb.nl.xml b/src/chrome/content/rules/Argeweb.nl.xml
new file mode 100644
index 000000000000..04111f64ee9c
--- /dev/null
+++ b/src/chrome/content/rules/Argeweb.nl.xml
@@ -0,0 +1,15 @@
+<!--
+	Other Argeweb rulesets:
+
+		- Argeweb_hosting.nl.xml
+
+-->
+<ruleset name="Argeweb.nl">
+
+	<target host="argeweb.nl" />
+	<target host="www.argeweb.nl" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Argeweb_hosting.nl.xml b/src/chrome/content/rules/Argeweb_hosting.nl.xml
new file mode 100644
index 000000000000..e7da891a3af0
--- /dev/null
+++ b/src/chrome/content/rules/Argeweb_hosting.nl.xml
@@ -0,0 +1,12 @@
+<!--
+	For other Argeweb coverage, see Argeweb.nl.xml.
+
+-->
+<ruleset name="Argeweb hosting.nl">
+
+	<target host="webmail.argewebhosting.nl" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Argonit.cz.xml b/src/chrome/content/rules/Argonit.cz.xml
deleted file mode 100644
index a6e9675fb08a..000000000000
--- a/src/chrome/content/rules/Argonit.cz.xml
+++ /dev/null
@@ -1,32 +0,0 @@
-<!--
-	Problematic subdomains:
-
-		- (www.) *
-		- linkbox *
-		- massmail *
-		- wiki *
-
-	* Works; mismatched, CN: www.abclinuxu.cz
-
-
-	Fully covered subdomains:
-
-		- (www.)	(www → ^)
-		- linkbox
-		- massmail
-		- wiki
-
--->
-<ruleset name="Argonit.cz" default_off="mismatched">
-
-	<target host="argonit.cz" />
-	<target host="*.argonit.cz" />
-
-
-	<securecookie host=".+\.argonit\.cz$" name=".+" />
-
-
-	<rule from="^http://(?:((?:linkbox|massmail|wiki)\.)|www\.)?argonit\.cz/"
-		to="https://$1argonit.cz/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Argonne-National-Laboratory.xml b/src/chrome/content/rules/Argonne-National-Laboratory.xml
index 4391fd46d20d..d1fb50e87ac9 100644
--- a/src/chrome/content/rules/Argonne-National-Laboratory.xml
+++ b/src/chrome/content/rules/Argonne-National-Laboratory.xml
@@ -13,20 +13,26 @@
 -->
 <ruleset name="Argonne National Laboratory (partial)">
 
-	<target host="*.anl.gov" />
-	<target host="www.*.anl.gov" />
+	<target host="cels.anl.gov" />
+	<target host="evs.anl.gov" />
+	<target host="mcs.anl.gov" />
+	<target host="www.cels.anl.gov" />
+	<target host="www.evs.anl.gov" />
+	<target host="www.mcs.anl.gov" />
+	<target host="aps.anl.gov" />
+	<target host="www.aps.anl.gov" />
 
 
 	<!--	- cels: Cert only matches www.cels
 		- Others unchecked
 		-->
-	<rule from="^https?://(?:www\.)?(cels|evs|mcs)\.anl\.gov/"
+	<rule from="^http://(?:www\.)?(cels|evs|mcs)\.anl\.gov/"
 		to="https://www.$1.anl.gov/" />
 
 	<!--	- Cert only matches www.aps
 		- $ 403s
 			-->
-	<rule from="^https?://(?:www\.)?aps\.anl\.gov/(css/|img/)"
+	<rule from="^http://(?:www\.)?aps\.anl\.gov/(css/|img/)"
 		to="https://www.aps.anl.gov/$1" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Argos-mismatches.xml b/src/chrome/content/rules/Argos-mismatches.xml
index d9ba86dc00e4..6c4497345f54 100644
--- a/src/chrome/content/rules/Argos-mismatches.xml
+++ b/src/chrome/content/rules/Argos-mismatches.xml
@@ -5,7 +5,7 @@
 	argos.ugc.bazaarvoice.com/answers/
 
 -->
-<ruleset name="Argos (mismatches)" default_off="mismatch">
+<ruleset name="Argos (mismatches)" default_off="mismatched">
 
 	<target host="answers.argos.co.uk" />
 	<target host="reviews.argos.co.uk" />
@@ -19,7 +19,6 @@
 
 
 		Akamai	-->
-	<rule from="^http://(answer|review)s\.argos\.(co\.uk|ie)/"
-		to="https://$1s.argos.$2/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Argos.xml b/src/chrome/content/rules/Argos.xml
index b1841da01827..8c893658e7b8 100644
--- a/src/chrome/content/rules/Argos.xml
+++ b/src/chrome/content/rules/Argos.xml
@@ -1,12 +1,39 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://argoscareers.com/ => https://www.argoscareers.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.argoscareers.com/ => https://www.argoscareers.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://argosonline.es/ => https://www.argosonline.es/: Too many redirects while fetching 'https://www.argosonline.es/'
+Fetch error: http://www.argosonline.es/ => https://www.argosonline.es/: Too many redirects while fetching 'https://www.argosonline.es/'
+Fetch error: http://www.greatcareers.co.uk/ => https://www.greatcareers.co.uk/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://wearechoosy.com/ => https://www.wearechoosy.com/: (28, 'Connection timed out after 20004 milliseconds')
+Fetch error: http://www.wearechoosy.com/ => https://www.wearechoosy.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://argosonline.es/ => https://www.argosonline.es/: (28, 'Operation timed out after 15001 milliseconds with 0 bytes received')
+Fetch error: http://www.argosonline.es/ => https://www.argosonline.es/: Cycle detected - URL already encountered: https://www.argosonline.es/
+Fetch error: http://www.greatcareers.co.uk/ => https://www.greatcareers.co.uk/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://wearechoosy.com/ => https://www.wearechoosy.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.wearechoosy.com/ => https://www.wearechoosy.com/: (60, 'SSL certificate problem: certificate has expired')
 	For problematic rules, see Argos-mismatches.
 
+
+	Problematic domains:
+
+		- (www.)?argos-spain.co.uk *
+
+	* Handshake fails
+
+
+	Fully covered domains:
+
+		- (www.)?argos-spain.co.uk	(→ www.argosonline.es)
+
 -->
-<ruleset name="Argos (partial)" platform="mixedcontent">
+<ruleset name="Argos (partial)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="argos.co.uk" />
 	<target host="*.argos.co.uk" />
-	<target host="image.email.argos.co.uk" />
 	<target host="argos.ie" />
 	<target host="*.argos.ie" />
 	<target host="argoscareers.com" />
@@ -22,35 +49,40 @@
 	<target host="www.wearechoosy.com" />
 
 
-	<securecookie host="^.*\.argos\.co\.uk$" name=".*" />
-	<securecookie host="^www\.argos\.ie$" name=".*" />
-	<securecookie host="^www\.argoscareers\.com$" name=".*" />
-	<securecookie host="^www\.argosemails\.co\.uk$" name=".*" />
-	<securecookie host="^www\.argosonline\.es$" name=".*" />
-	<securecookie host="^www\.greatcareers\.co\.uk$" name=".*" />
-	<securecookie host="^www\.wearechoosy\.com$" name=".*" />
+	<securecookie host="^.*\.argos\.co\.uk$" name=".+" />
+	<securecookie host="^www\.argos\.ie$" name=".+" />
+	<securecookie host="^www\.argoscareers\.com$" name=".+" />
+	<securecookie host="^www\.argosemails\.co\.uk$" name=".+" />
+	<securecookie host="^www\.argosonline\.es$" name=".+" />
+	<securecookie host="^www\.greatcareers\.co\.uk$" name=".+" />
+	<securecookie host="^www\.wearechoosy\.com$" name=".+" />
 
 
-	<!--	Certs only match www.	-->
-	<rule from="^https?://(?:www\.)?argos(emails|-spain)?\.co\.uk/"
-		to="https://www.argos$1.co.uk/" />
+	<!--	Cert only matches www.	-->
+	<rule from="^http://(?:www\.)?argosemails\.co\.uk/"
+		to="https://www.argosemails.co.uk/" />
 
 	<rule from="^http://image\.email\.argos\.co\.uk/"
 		to="https://image.email.argos.co.uk/" />
 
 	<!--	Cert only matches www.	-->
-	<rule from="^https?://(?:www\.)?argos\.ie/"
+	<rule from="^http://(?:www\.)?argos\.ie/"
 		to="https://www.argos.ie/" />
 
 	<rule from="^http://competitions\.argos\.ie/"
 		to="https://competitions.argos.ie/" />
 
+	<!--	Redirect drops path and args:
+						-->
+	<rule from="^http://(?:www\.)?argos-spain\.co\.uk/.*"
+		to="https://www.argosonline.es/webapp/wcs/stores/servlet/LogonForm" />
+
 	<!--	!www: interrupted	-->
-	<rule from="^https?://(?:www\.)?argoscareers\.com/"
+	<rule from="^http://(?:www\.)?argoscareers\.com/"
 		to="https://www.argoscareers.com/" />
 
 	<!--	Cert only matches www.	-->
-	<rule from="^https?://(?:www\.)?argosonline\.es/"
+	<rule from="^http://(?:www\.)?argosonline\.es/"
 		to="https://www.argosonline.es/" />
 
 	<!--	!www doesn't exist.	-->
@@ -58,7 +90,7 @@
 		to="https://www.greatcareers.co.uk/" />
 
 	<!--	Cert only matches www.	-->
-	<rule from="^https?://(?:www\.)?wearechoosy\.com/"
+	<rule from="^http://(?:www\.)?wearechoosy\.com/"
 		to="https://www.wearechoosy.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Argus_Leader.xml b/src/chrome/content/rules/Argus_Leader.xml
index 04100a27aeae..762def4bb052 100644
--- a/src/chrome/content/rules/Argus_Leader.xml
+++ b/src/chrome/content/rules/Argus_Leader.xml
@@ -1,23 +1,34 @@
 <!--
-	For other Gannett Company coverage, see Gannet-Company.xml.
+	For other Gannett Company coverage, see Gannett-Company.xml.
 
+	Note: *.argusleader.com has a wildcard DNS record.
 
-	Problematic subdomains:
+	Non-functional hosts
+		Timeout was reached:
+		- classifieds.argusleader.com
 
-		- ^
-		- cmsimg	(503, akamai)
+		SSL peer certificate was not OK:
+		- cmsimg.argusleader.com
 
--->
-<ruleset name="The Argus Leader">
+		Mixed content blocking (MCB) triggered:
+		- realestate.argusleader.com
 
+-->
+<ruleset name="ArgusLeader.com (partial)">
 	<target host="argusleader.com" />
-	<target host="*.argusleader.com" />
-
-
-	<securecookie host="^www\.argusleader\.com$" name=".+" />
-
-
-	<rule from="^https?://(?:cmsimg\.|www\.)argusleader\.com/"
-		to="https://www.argusleader.com/" />
-
-</ruleset>
\ No newline at end of file
+	<target host="www.argusleader.com" />
+	<target host="amp.argusleader.com" />
+	<target host="data.argusleader.com" />
+	<target host="eu.argusleader.com" />
+	<target host="jobs.argusleader.com" />
+	<target host="static.argusleader.com" />
+		<test url="http://static.argusleader.com/terms/" />
+		<test url="http://static.argusleader.com/community/" />
+	<target host="user.argusleader.com" />
+		<test url="http://user.argusleader.com/user/enewspaper" />
+	<target host="ux.argusleader.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Argyle-Social-mismatches.xml b/src/chrome/content/rules/Argyle-Social-mismatches.xml
index c01d30df2450..45bef942e34e 100644
--- a/src/chrome/content/rules/Argyle-Social-mismatches.xml
+++ b/src/chrome/content/rules/Argyle-Social-mismatches.xml
@@ -1,9 +1,8 @@
-<ruleset name="Argyle Social (mismatches)" default_off="mismatch">
+<ruleset name="Argyle Social (mismatches)" default_off="mismatched">
 
 	<!--	pardot.com	-->
 	<target host="www2.argylesocial.com"/>
 
-	<rule from="^http://www2\.argylesocial\.com/"
-		to="https://www2.argylesocial.com/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Argyle-Social.xml b/src/chrome/content/rules/Argyle-Social.xml
deleted file mode 100644
index d8eb3ce53c36..000000000000
--- a/src/chrome/content/rules/Argyle-Social.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="Argyle Social (partial)">
-
-	<target host="goals.ar.gy"/>
-
-	<rule from="^http://goals\.ar\.gy/"
-		to="https://goals.ar.gy/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Ariejan.net.xml b/src/chrome/content/rules/Ariejan.net.xml
index 6361aff29935..a60146f89914 100644
--- a/src/chrome/content/rules/Ariejan.net.xml
+++ b/src/chrome/content/rules/Ariejan.net.xml
@@ -1,14 +1,11 @@
-<ruleset name="Ariejan.net (partial)">
+<ruleset name="Ariejan.net">
 
 	<target host="ariejan.net"/>
-	<target host="www.ariejan.net"/>
+	<target host="spock.ariejan.net" />
+	<target host="www.ariejan.net" />
 
 	<!--	cert doesn't match www		-->
-	<rule from="^http://www\.ariejan\.net/"
-		to="https://ariejan.net/"/>
-
-	<!--	pages redirect to http		-->
-	<rule from="^http://ariejan\.net/assets/"
-		to="https://ariejan.net/assets/"/>
+	<rule from="^http://(?:(spock\.)|www\.)?ariejan\.net/"
+		to="https://$1ariejan.net/"/>
 
 </ruleset>
diff --git a/src/chrome/content/rules/Arizona-State-University.xml b/src/chrome/content/rules/Arizona-State-University.xml
index 1149167541d4..4dd12471e347 100644
--- a/src/chrome/content/rules/Arizona-State-University.xml
+++ b/src/chrome/content/rules/Arizona-State-University.xml
@@ -1,4 +1,10 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://secure.asufoundation.org/ => https://secure.asufoundation.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://geodacenter.org/ => https://geodacenter.org/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.geodacenter.org/ => https://www.geodacenter.org/: (28, 'Connection timed out after 20000 milliseconds')
+
 	For problematic rules, see Arizona_State_University-problematic.xml.
 
 
@@ -88,7 +94,7 @@
 			- housing ⁶
 			- hpn ⁶
 			- iho ⁶
-			- impact
+			- impact		(refused)
 			- invsee
 			- jaie ⁶
 			- reporter.jmc		(shows default cPanel page)
@@ -222,11 +228,11 @@
 		- libguides		(→ libguides.com, $ redirects to http)
 
 -->
-<ruleset name="Arizona State University (partial)">
+<ruleset name="Arizona State University (partial)" default_off="failed ruleset test">
 
 	<target host="asu.edu" />
 	<target host="*.asu.edu" />
-		<exclusion pattern="^https?://(?:www\.)?herbergercollege\.asu\.edu/images/" />
+		<exclusion pattern="^http://(?:www\.)?herbergercollege\.asu\.edu/images/" />
 		<exclusion pattern="^http://lib\.asu\.edu/(?!misc/|sites/)" />
 	<target host="secure.asufoundation.org" />
 	<target host="geodacenter.org" />
@@ -249,46 +255,46 @@
 	<securecookie host="^secure\.asufoundation\.org$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?asu\.edu/"
+	<rule from="^http://(?:www\.)?asu\.edu/"
 		to="https://www.asu.edu/" />
 
 	<rule from="^http://(articulation|artsandsciences|asu(?:events(?:-dev)?|news|research|webdevilarchive)|aztransmac2|bmi|(?:www\.)?cabhp|caliper|catalog|ccj|cfo|chemistry|chem-webtools|(?:shprs\.|sst\.|www\.)?clas|commguide|commons|connect|contact|copp|cronkite|csid|cubic|docs|drupal|eadvisor|email|ex2010|flexdisplay|forms|global|geoda(?:center)?|graduation|havasu|healthsolutions|herbergeronline2?|hpchelp|humanities|labs|(?:www\.)?law|lists|lodestar|lsi|(?:drupal|jmars|viewer)\.mars|mathpost|mayo|morrisoninstitute|mslgoee|my|myasucourses|(?:crm\.|hrsa\.)?oasis|ocw|outreach|prehealth|scholarships|search|selfsub|shibboleth2?|sls|spa|studyabroad|syshealth|uresearch|sirc|ssw|uto|vcweb|visit|secure\.vpsa|washingtoncenter|web(?:app\d?|consulting|login|work2?)?|(?:www\.)?west|wpcareyonline|yourfuture)\.asu\.edu/"
 		to="https://$1.asu.edu/" />
 
-	<rule from="^https?://budget\.asu\.edu/"
+	<rule from="^http://budget\.asu\.edu/"
 		to="https://cfo.asu.edu/budget" />
 
-	<rule from="^https?://(?:www\.)?(asuonline|pgs\.clas|digitalculture|geoplan|graduate|lib|newcollege|nursingandhealth|opendoor|origins|researchadmin|shesc|sols|student(?:succes|venture)?s|technology|wpcarey)\.asu\.edu/"
+	<rule from="^http://(?:www\.)?(asuonline|pgs\.clas|digitalculture|geoplan|graduate|lib|newcollege|nursingandhealth|opendoor|origins|researchadmin|shesc|sols|student(?:succes|venture)?s|technology|wpcarey)\.asu\.edu/"
 		to="https://$1.asu.edu/" />
 
-	<rule from="^https?://career\.asu\.edu/(?:index\.htm)?(?:$|\?.*)"
+	<rule from="^http://career\.asu\.edu/(?:index\.htm)?(?:$|\?.*)"
 		to="https://students.asu.edu/career/" />
 
-	<rule from="^https?://cronkitenews\.(?:jmc\.)?asu\.edu/"
+	<rule from="^http://cronkitenews\.(?:jmc\.)?asu\.edu/"
 		to="https://cronkitenews.jmc.asu.edu/" />
 
-	<rule from="^https?://geo(?:graphy|plan)\.asu\.edu/"
+	<rule from="^http://geo(?:graphy|plan)\.asu\.edu/"
 		to="https://geoplan.asu.edu/" />
 
-	<rule from="^https?://(?:www\.)?prod\.gios\.asu\.edu/"
+	<rule from="^http://(?:www\.)?prod\.gios\.asu\.edu/"
 		to="https://www.prod.gios.asu.edu/" />
 
-	<rule from="^https?://(?:www\.)?herberger(?:college|institute)\.asu\.edu/"
+	<rule from="^http://(?:www\.)?herberger(?:college|institute)\.asu\.edu/"
 		to="https://herbergerinstitute.asu.edu/" />
 
-	<rule from="^https?://web\.hida\.asu\.edu/(?:$|\?.*)"
+	<rule from="^http://web\.hida\.asu\.edu/(?:$|\?.*)"
 		to="https://herbergerinstitute.asu.edu/" />
 
-	<rule from="^https?://libguides\.asu\.edu/(css\d*|data|js)/"
+	<rule from="^http://libguides\.asu\.edu/(css\d*|data|js)/"
 		to="https://libguides.com/$1/" />
 
-	<rule from="^https?://marsed\.(?:mars\.)?asu\.edu/"
+	<rule from="^http://marsed\.(?:mars\.)?asu\.edu/"
 		to="https://marsed.mars.asu.edu/" />
 
-	<rule from="^https?://technology\.poly\.asu\.edu/(?:$|\?.*)"
+	<rule from="^http://technology\.poly\.asu\.edu/(?:$|\?.*)"
 		to="https://technology.asu.edu/" />
 
-	<rule from="^https?://(?:www\.)?wikispaces\.asu\.edu/i/"
+	<rule from="^http://(?:www\.)?wikispaces\.asu\.edu/i/"
 		to="https://ssl.wikicdn.com/i/" />
 
 	<rule from="^http://secure\.asufoundation\.org/"
diff --git a/src/chrome/content/rules/Arizona_State_University-problematic.xml b/src/chrome/content/rules/Arizona_State_University-problematic.xml
index b6cfe0842306..1de4b791f581 100644
--- a/src/chrome/content/rules/Arizona_State_University-problematic.xml
+++ b/src/chrome/content/rules/Arizona_State_University-problematic.xml
@@ -19,10 +19,10 @@
 	<rule from="^http://(parents|themis|webhost355)\.asu\.edu/"
 		to="https://$1.asu.edu/" />
 
-	<rule from="^https?://(?:www\.)?sustainability\.asu\.edu/"
+	<rule from="^http://(?:www\.)?sustainability\.asu\.edu/"
 		to="https://sustainability.asu.edu/" />
 
-	<rule from="^https?://(?:www\.)?wikispaces\.asu\.edu/(?!i/)"
+	<rule from="^http://(?:www\.)?wikispaces\.asu\.edu/(?!i/)"
 		to="https://www.wikispaces.asu.edu/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Arkane-Studios.com.xml b/src/chrome/content/rules/Arkane-Studios.com.xml
new file mode 100644
index 000000000000..4744bcc9bc72
--- /dev/null
+++ b/src/chrome/content/rules/Arkane-Studios.com.xml
@@ -0,0 +1,16 @@
+<!--
+	For other ZeniMax Media coverage, see ZeniMax.com.xml.
+
+	Invalid certificate:
+		arkane-studios.com
+
+-->
+<ruleset name="Arkane Studios">
+
+	<target host="arkane-studios.com" />
+	<target host="www.arkane-studios.com" />
+
+	<rule from="^http://(www\.)?arkane-studios\.com/"
+		to="https://www.arkane-studios.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Arkane-Studios.xml b/src/chrome/content/rules/Arkane-Studios.xml
deleted file mode 100644
index 3af6e81a022b..000000000000
--- a/src/chrome/content/rules/Arkane-Studios.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	For other ZeniMax Media coverage, see ZeniMax-Media.xml.
-
--->
-<ruleset name="Arkane Studios" default_off="mismatch">
-
-	<!--	Cert: *.bethsoft.com	-->
-	<target host="arkane-studios.com" />
-	<target host="www.arkane-studios.com" />
-
-
-	<!--	!www 301s to www.
-					-->
-	<rule from="^https?://(?:www\.)?arkane-studios\.com/"
-		to="https://www.arkane-studios.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Arlanda.se.xml b/src/chrome/content/rules/Arlanda.se.xml
index e7a67eea03de..8958473e3429 100644
--- a/src/chrome/content/rules/Arlanda.se.xml
+++ b/src/chrome/content/rules/Arlanda.se.xml
@@ -1,8 +1,9 @@
-<!-- swedish airport webpage -->
 <ruleset name="Arlanda.se">
 	<target host="arlanda.se" />
 	<target host="www.arlanda.se" />
-	<rule from="^http://arlanda\.se/" to="https://www.arlanda.se/"/>
-	<rule from="^http://www\.arlanda\.se/" to="https://www.arlanda.se/"/>
-</ruleset>
+	<target host="taxfree.arlanda.se" />
+
+	<securecookie host=".+" name=".+" />
 
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Arlt.com.xml b/src/chrome/content/rules/Arlt.com.xml
new file mode 100644
index 000000000000..ed1e62fa3297
--- /dev/null
+++ b/src/chrome/content/rules/Arlt.com.xml
@@ -0,0 +1,14 @@
+<!--
+	Different HTTP/HTTPS content:
+		ebay.arlt.com
+	Invalid certificate:
+		smartfinder.arlt.com
+	Secure connection failed:
+		blog.arlt.com
+-->
+<ruleset name="Arlt.com">
+	<target host="arlt.com" />
+	<target host="www.arlt.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Arma3.com.xml b/src/chrome/content/rules/Arma3.com.xml
new file mode 100644
index 000000000000..00f3ae1e3ac0
--- /dev/null
+++ b/src/chrome/content/rules/Arma3.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="Arma3.com">
+	<target host="arma3.com" />
+	<target host="www.arma3.com" />
+	<target host="dev.arma3.com" />
+	<target host="feedback.arma3.com" />
+	<target host="helicopters.arma3.com" />
+	<target host="karts.arma3.com" />
+	<target host="units.arma3.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Armed_Forces_Day.org.uk.xml b/src/chrome/content/rules/Armed_Forces_Day.org.uk.xml
new file mode 100644
index 000000000000..63b64d1ba910
--- /dev/null
+++ b/src/chrome/content/rules/Armed_Forces_Day.org.uk.xml
@@ -0,0 +1,12 @@
+<ruleset name="Armed Forces Day.org.uk">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="armedforcesday.org.uk" />
+	<target host="www.armedforcesday.org.uk" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Armorgames.com.xml b/src/chrome/content/rules/Armorgames.com.xml
new file mode 100644
index 000000000000..31c29f0cf79f
--- /dev/null
+++ b/src/chrome/content/rules/Armorgames.com.xml
@@ -0,0 +1,15 @@
+<ruleset name="Armorgames.com">
+	<target host="armorgames.com" />
+	<target host="www.armorgames.com" />
+	<target host="cache.armorgames.com" />
+	<target host="developers.armorgames.com" />
+	<target host="employment.armorgames.com" />
+	<target host="mobile.armorgames.com" />
+	<target host="origin.armorgames.com" />
+	<target host="presskits.armorgames.com" />
+	<target host="stage.armorgames.com" />
+	<target host="store.armorgames.com" />
+	<target host="support.armorgames.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ArmoryBids.com.xml b/src/chrome/content/rules/ArmoryBids.com.xml
index cc1fe5019830..d48934c5499f 100644
--- a/src/chrome/content/rules/ArmoryBids.com.xml
+++ b/src/chrome/content/rules/ArmoryBids.com.xml
@@ -1,4 +1,11 @@
-<ruleset name="ArmoryBids.com">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://armorybids.com/ => https://armorybids.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.armorybids.com/ => https://www.armorybids.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+-->
+<ruleset name="ArmoryBids.com" default_off="failed ruleset test">
 
 	<target host="armorybids.com" />
 	<target host="www.armorybids.com" />
@@ -7,7 +14,6 @@
 	<securecookie host="^www\.armorybids\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?armorybids\.com/"
-		to="https://$1armorybids.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/ArmsWiki.org.xml b/src/chrome/content/rules/ArmsWiki.org.xml
new file mode 100644
index 000000000000..1a398861ad77
--- /dev/null
+++ b/src/chrome/content/rules/ArmsWiki.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="ArmsWiki.org">
+	<target host="armswiki.org" />
+	<target host="www.armswiki.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Armscontrolcenter.org.xml b/src/chrome/content/rules/Armscontrolcenter.org.xml
new file mode 100644
index 000000000000..e5bdd7f303b6
--- /dev/null
+++ b/src/chrome/content/rules/Armscontrolcenter.org.xml
@@ -0,0 +1,6 @@
+<ruleset name="Armscontrolcenter.org">
+	<target host="armscontrolcenter.org" />
+	<target host="www.armscontrolcenter.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ArmyTimes.com.xml b/src/chrome/content/rules/ArmyTimes.com.xml
new file mode 100644
index 000000000000..d8df93eb2168
--- /dev/null
+++ b/src/chrome/content/rules/ArmyTimes.com.xml
@@ -0,0 +1,48 @@
+<!--
+	For other Gannett Company coverage, see Gannett-Company.xml.
+
+	Non-functional hosts
+		Couldn't connect to server:
+		- armytimes.com
+
+		SSL connect error:
+		- account.armytimes.com
+		- accountsolution.armytimes.com
+		- archive.armytimes.com
+		- awi.armytimes.com
+		- cmsimg.armytimes.com
+		- content-static.armytimes.com
+		- www.hub.armytimes.com
+		- www.link.armytimes.com
+		- mobile.armytimes.com
+		- mocux.armytimes.com
+		- www.offers.armytimes.com
+		- static.armytimes.com
+		- staticassets.armytimes.com
+		- ux.armytimes.com
+
+		SSL peer certificate was not OK:
+		- horizon.armytimes.com
+		- members.armytimes.com
+		- outsidethewire.armytimes.com
+		- repdata.armytimes.com
+		- rssfeeds.armytimes.com
+		- verify.armytimes.com
+-->
+<ruleset name="ArmyTimes.com (partial)">
+	<target host="armytimes.com" />
+	<target host="www.armytimes.com" />
+	<target host="hub.armytimes.com" />
+		<test url="http://hub.armytimes.com/robots.txt" />
+	<target host="offers.armytimes.com" />
+		<test url="http://offers.armytimes.com/robots.txt" />
+	<target host="link.armytimes.com" />
+	<target host="subscribe.armytimes.com" />
+	<target host="t2.armytimes.com" />
+		<test url="http://t2.armytimes.com/robots.txt" />
+
+	<rule from="^http://armytimes\.com/"
+		to="https://www.armytimes.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Army_Times.xml b/src/chrome/content/rules/Army_Times.xml
deleted file mode 100644
index cc031f62103a..000000000000
--- a/src/chrome/content/rules/Army_Times.xml
+++ /dev/null
@@ -1,29 +0,0 @@
-<!--
-	For other Gannett Company coverage, see Gannett-Company.xml.
-
-
-	Nonfunctional subdomains:
-
-		- ^ *
-		- cmsimg *
-		- www		(503, akamai)
-
-	* No https
-
--->
-<ruleset name="Army Times (partial)">
-
-	<target host="*.armytimes.com" />
-
-
-	<!--	Tracking cookies set by gntbcstglobal.112.2o7.net
-
-		Careful: s_pers & s_sess appear to be login cookies.
-									-->
-	<securecookie host="^\.armytimes\.com" name="^s_(?!p|s)\w+$" />
-
-
-	<rule from="^http://(awi|projects)\.armytimes\.com/"
-		to="https://$1.armytimes.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Armyoutlet.de.xml b/src/chrome/content/rules/Armyoutlet.de.xml
new file mode 100644
index 000000000000..56df2bb7b7e5
--- /dev/null
+++ b/src/chrome/content/rules/Armyoutlet.de.xml
@@ -0,0 +1,6 @@
+<ruleset name="Armyoutlet.de">
+  <target host="armyoutlet.de" />
+  <target host="www.armyoutlet.de" />
+
+  <rule from="^http://(?:www\.)?armyoutlet\.de/" to="https://www.armyoutlet.de/" />
+</ruleset>
diff --git a/src/chrome/content/rules/Arne.schuldt.info.xml b/src/chrome/content/rules/Arne.schuldt.info.xml
new file mode 100644
index 000000000000..aad79f0e05a6
--- /dev/null
+++ b/src/chrome/content/rules/Arne.schuldt.info.xml
@@ -0,0 +1,6 @@
+<ruleset name="Arne.schuldt.info">
+  <target host="arne.schuldt.info" />
+  <target host="www.arne.schuldt.info" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Arozus.xml b/src/chrome/content/rules/Arozus.xml
index 7a8a68f9c67d..9a93b06f1d5f 100644
--- a/src/chrome/content/rules/Arozus.xml
+++ b/src/chrome/content/rules/Arozus.xml
@@ -16,7 +16,6 @@
 	<target host="content.azorus.com" />
 
 
-	<rule from="^http://content\.azorus\.com/"
-		to="https://content.azorus.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Arpxs.com.xml b/src/chrome/content/rules/Arpxs.com.xml
new file mode 100644
index 000000000000..80cd7ad62433
--- /dev/null
+++ b/src/chrome/content/rules/Arpxs.com.xml
@@ -0,0 +1,31 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.arpxs.com/ => https://www.arpxs.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.arpxs.com'")
+
+	^arpxs.com doesn't exist.
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.arpxs.com
+
+-->
+<ruleset name="arpxs.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.arpxs.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.arpxs\.com$" name="^sb_ac$" /-->
+
+	<securecookie host="^www\.arpxs\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Arq_Backup.com.xml b/src/chrome/content/rules/Arq_Backup.com.xml
new file mode 100644
index 000000000000..b62c59c9a82c
--- /dev/null
+++ b/src/chrome/content/rules/Arq_Backup.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="Arq Backup.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="arqbackup.com" />
+	<target host="www.arqbackup.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Arquetype.org.xml b/src/chrome/content/rules/Arquetype.org.xml
new file mode 100644
index 000000000000..7c1f010168e4
--- /dev/null
+++ b/src/chrome/content/rules/Arquetype.org.xml
@@ -0,0 +1,22 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://arquetype.org/ => https://arquetype.org/: (60, 'SSL certificate problem: self signed certificate')
+Fetch error: http://www.arquetype.org/ => https://www.arquetype.org/: (60, 'SSL certificate problem: self signed certificate')
+
+-->
+<ruleset name="arquetype.org" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="arquetype.org" />
+	<target host="www.arquetype.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Arranca.org.xml b/src/chrome/content/rules/Arranca.org.xml
index 15f55418e0cc..eae06af00312 100644
--- a/src/chrome/content/rules/Arranca.org.xml
+++ b/src/chrome/content/rules/Arranca.org.xml
@@ -1,18 +1,28 @@
 <!--
 	CN: *.so36.net
 
+
+	Insecure cookies are set for these domains: ᶜ
+
+		- .arranca.org
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
 -->
 <ruleset name="arranca.org" default_off="mismatched">
 
 	<target host="arranca.org" />
-	<target host="*.arranca.org" />
-	<target host="arranca.nadir.org" />
+	<target host="www.arranca.org" />
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.arranca\.org$" name="^SESS[\da-f]{32}$" /-->
 
-	<securecookie host="^\.arranca\.org$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(?:(?:www\.)?arranca|arranca\.nadir)\.org/"
-		to="https://arranca.org/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Arris.com.xml b/src/chrome/content/rules/Arris.com.xml
new file mode 100644
index 000000000000..c015ce4880bf
--- /dev/null
+++ b/src/chrome/content/rules/Arris.com.xml
@@ -0,0 +1,30 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- www.arris.com
+
+
+	Mixed content:
+
+		- css on www from fonts.googleapis.com ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="Arris.com">
+
+	<target host="arris.com" />
+	<target host="www.arris.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.arris\.com$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Arrisi.com.xml b/src/chrome/content/rules/Arrisi.com.xml
new file mode 100644
index 000000000000..e9cc32c5740a
--- /dev/null
+++ b/src/chrome/content/rules/Arrisi.com.xml
@@ -0,0 +1,40 @@
+<!--
+	Problematic hosts in *arrisi.com:
+
+		- ir *
+
+	* Akamai
+
+
+	Insecure cookies are set for these hosts:
+
+		- arrisi.com
+		- www.arrisi.com
+
+
+	Mixed content:
+
+		- css on (www.)? from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Arrisi.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="arrisi.com" />
+	<target host="www.arrisi.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?arrisi\.com$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Arriva.xml b/src/chrome/content/rules/Arriva.xml
index d8f839b030fd..2d94348e8078 100644
--- a/src/chrome/content/rules/Arriva.xml
+++ b/src/chrome/content/rules/Arriva.xml
@@ -4,12 +4,11 @@
 	<target host="www.arrivabus.co.uk" />
 
 
-	<securecookie host="^www\.arrivabus\.co\.uk$" name=".*" />
+	<securecookie host="^www\.arrivabus\.co\.uk$" name=".+" />
 
 
 	<!--	Cert only matches www.
 					-->
-	<rule from="^https?://(?:www\.)?arrivabus\.co\.uk/"
-		to="https://www.arrivabus.co.uk/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Ars-Technica.xml b/src/chrome/content/rules/Ars-Technica.xml
deleted file mode 100644
index 4b41eb761c10..000000000000
--- a/src/chrome/content/rules/Ars-Technica.xml
+++ /dev/null
@@ -1,80 +0,0 @@
-<!--
-	For other Condé Nast coverage, see Conde-Nast.xml.
-
-
-	CDN buckets:
-
-		- condenast.112.2o7.net
-
-			- stats2.arstechnica.com
-
-		- arstechnica.cachefly.net
-
-		- arstechnicarp.cachefly.net
-
-			- media.arstechnica.com
-			- origin.arstechnica.com
-			- cdn.arstechnica.net
-			- static.arstechnica.net
-
-
-	Nonfunctional arstechnica.com subdomains:
-
-		- archive *
-		- live		(refused)
-		- origin.cdn *
-
-	* Times out
-
-
-	Problematic domains:
-
-		- ars.to			(times out)
-
-		- arstechnica.com subdomains:
-
-			- episteme	(works; mismatched, CN: arstechnica.com)
-			- feeds		(interrupted)
-			- media		(cachefly)
-			- stats2	(2o7.net)
-
-
-	Partially covered arstechnica.com subdomains:
-
-		- (www.)	(most pages redirect to http)
-		- feeds		(→ feedburner.google.com)
-
--->
-<ruleset name="Ars Technica (partial)">
-
-	<target host="ars.to" />
-	<target host="arstechnica.com" />
-	<target host="*.arstechnica.com" />
-		<exclusion pattern="^http://(?:www\.)?arstechnica\.com/(?!ads/|civis/ucp\.php|favicon\.ico|public-shared/|services/incr\.php|subscriptions(?:$|[?/])|wp-content/)" />
-	<target host="*.arstechnica.net" />
-
-
-	<!--	Tracking cookies:
-						-->
-	<securecookie host="^\.arstechnica\.com$" name="^(?:mbox|s_\w+|timeSpent|__utm\w)$" />
-
-
-	<rule from="^http://ars\.to/"
-		to="https://bit.ly/" />
-
-	<rule from="^http://((?:cms|hq|www)\.)?arstechnica\.com/"
-		to="https://$1arstechnica.com/" />
-
-	<rule from="^http://feeds\.arstechnica\.com/(?:\?.*)$"
-		to="https://feedburner.google.com/fb/a/home" />
-
-	<rule from="^http://stats2\.arstechnica\.com/"
-		to="https://condenast.112.2o7.net/" />
-
-	<rule from="^http://api\.arstechnica\.net/"
-		to="https://api.arstechnica.net/" />
-
-	<rule from="^http://(?:(?:media|origin)\.arstechnica\.com|(?:cdn|static)\.arstechnica\.net)/"
-		to="https://cdn.arstechnica.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/ArsMathematica.net.xml b/src/chrome/content/rules/ArsMathematica.net.xml
new file mode 100644
index 000000000000..57a3c9365d96
--- /dev/null
+++ b/src/chrome/content/rules/ArsMathematica.net.xml
@@ -0,0 +1,6 @@
+<ruleset name="ArsMathematica.net">
+	<target host="arsmathematica.net" />
+	<target host="www.arsmathematica.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ArsTechnica.co.uk.xml b/src/chrome/content/rules/ArsTechnica.co.uk.xml
new file mode 100644
index 000000000000..17ca26df542c
--- /dev/null
+++ b/src/chrome/content/rules/ArsTechnica.co.uk.xml
@@ -0,0 +1,11 @@
+<!--
+	For other Condé Nast coverage, see Conde-Nast.xml.
+-->
+<ruleset name="ArsTechnica.co.uk (partial)">
+	<target host="arstechnica.co.uk" />
+	<target host="www.arstechnica.co.uk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ArsTechnica.com.xml b/src/chrome/content/rules/ArsTechnica.com.xml
new file mode 100644
index 000000000000..a72caf50bdf8
--- /dev/null
+++ b/src/chrome/content/rules/ArsTechnica.com.xml
@@ -0,0 +1,58 @@
+<!--
+	For other Condé Nast coverage, see Conde-Nast.xml.
+
+	Non-functional hosts
+		Couldn't connect to server:
+		- irc.arstechnica.com
+		- irc-nyc.arstechnica.com
+		- irc-sfo.arstechnica.com
+		- staging.arstechnica.com
+
+		Timeout was reached:
+		- origin.cdn.arstechnica.com
+		- live.arstechnica.com
+		- uk.live.arstechnica.com
+		- util.arstechnica.com
+
+		SSL connect error:
+		- feeds.arstechnica.com
+
+		SSL peer certificate was not OK:
+		- www.coins.arstechnica.com
+		- www.irc.arstechnica.com
+
+		Mixed content blocking (MCB) triggered:
+		- archive.arstechnica.com
+-->
+<ruleset name="ArsTechnica.com (partial)">
+	<target host="arstechnica.com" />
+	<target host="www.arstechnica.com" />
+	<target host="apps.arstechnica.com" />
+	<target host="cardboard.arstechnica.com" />
+	<target host="civis.arstechnica.com" />
+	<target host="cms.arstechnica.com" />
+	<target host="coins.arstechnica.com" />
+	<target host="dev.arstechnica.com" />
+	<target host="episteme.arstechnica.com" />
+	<target host="hq.arstechnica.com" />
+	<target host="jobs.arstechnica.com" />
+	<target host="link.arstechnica.com" />
+	<target host="m.arstechnica.com" />
+	<target host="media.arstechnica.com" />
+	<target host="origin.arstechnica.com" />
+	<target host="sstats.arstechnica.com" />
+	<target host="static.arstechnica.com" />
+		<test url="http://static.arstechnica.com/staff-directory/" />
+		<test url="http://static.arstechnica.com/store/" />
+	<target host="stats.arstechnica.com" />
+	<target host="stats2.arstechnica.com" />
+	<target host="store.arstechnica.com" />
+	<target host="video.arstechnica.com" />
+		<test url="http://video.arstechnica.com/genres/technology" />
+		<test url="http://video.arstechnica.com/watch/a-celebration-of-cassini/" />
+	<target host="write.arstechnica.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ArsTechnica.net.xml b/src/chrome/content/rules/ArsTechnica.net.xml
new file mode 100644
index 000000000000..534e88851bbc
--- /dev/null
+++ b/src/chrome/content/rules/ArsTechnica.net.xml
@@ -0,0 +1,14 @@
+<!--
+	For other Condé Nast coverage, see Conde-Nast.xml.
+
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- static.arstechnica.net
+-->
+<ruleset name="ArsTechnica.net (partial)">
+	<target host="cdn.arstechnica.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Art-Practical.xml b/src/chrome/content/rules/Art-Practical.xml
index 9837a0463ab3..2e67f621baad 100644
--- a/src/chrome/content/rules/Art-Practical.xml
+++ b/src/chrome/content/rules/Art-Practical.xml
@@ -1,9 +1,19 @@
-<ruleset name="Art Practical" platform="mixedcontent">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://artpractical.com/ => https://artpractical.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.artpractical.com/ => https://artpractical.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://artpractical.com/ (200) => https://artpractical.com/ (404)
+Non-2xx HTTP code: http://www.artpractical.com/ (200) => https://artpractical.com/ (404)
+-->
+<ruleset name="Art Practical" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="artpractical.com" />
 	<target host="www.artpractical.com" />
 
-	<rule from="^http://(www\.)?artpractical\.com/"
+	<rule from="^http://(?:www\.)?artpractical\.com/"
 		to="https://artpractical.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Art.com.xml b/src/chrome/content/rules/Art.com.xml
new file mode 100644
index 000000000000..0729abdf7b8c
--- /dev/null
+++ b/src/chrome/content/rules/Art.com.xml
@@ -0,0 +1,54 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://art.com/ => https://art.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+	Other Art.com rulesets:
+
+		- Art_print_images.com.xml
+
+
+	Nonfunctional hosts in *art.com:
+
+		- blog ¹
+		- go ²
+
+	¹ Redirects to http
+	¹ Refused
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .art.com
+		- .atrack.art.com
+		- eu.art.com
+
+
+	Mixed content:
+
+		- Images on eu from cache1.artprintimages.com
+		- Ads on eu from cache1.artprintimages.com
+
+-->
+<ruleset name="Art.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="art.com" />
+	<target host="eu.art.com" />
+	<target host="www.art.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.art\.com$" name="^(?:CustSessionID|sessionid)$" /-->
+	<!--securecookie host="^\.atrack\.art\.com$" name="^E8L9$" /-->
+	<!--securecookie host="^eu\.art\.com$" name="^ipCountryCode$" /-->
+
+	<securecookie host="^(?:\.atrack|eu)?\.art\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Art2pO.com.xml b/src/chrome/content/rules/Art2pO.com.xml
deleted file mode 100644
index 00293852ce51..000000000000
--- a/src/chrome/content/rules/Art2pO.com.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<!--
-	Mixed content:
-
-		- css on (www.) from fonts.googleapis.com *
-
-		- Images, on (www.) from:
-
-			- (www.) *
-			- www.google.com *
-
--->
-<ruleset name="Art2pO.com">
-
-	<target host="art2po.com" />
-	<target host="*.art2po.com" />
-
-
-	<securecookie host="^(?:w*\.)?art2po\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?art2po\.com/"
-		to="https://$1art2po.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/ArtChristina.xml b/src/chrome/content/rules/ArtChristina.xml
index 01b1af1fd359..64374c8bab9a 100644
--- a/src/chrome/content/rules/ArtChristina.xml
+++ b/src/chrome/content/rules/ArtChristina.xml
@@ -12,4 +12,4 @@
 	<rule from="^http://(?:www\.)?artchristina\.com/"
 		to="https://artchristina.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ArtOfProblemSolving.com.xml b/src/chrome/content/rules/ArtOfProblemSolving.com.xml
new file mode 100644
index 000000000000..6b86a84a7bf5
--- /dev/null
+++ b/src/chrome/content/rules/ArtOfProblemSolving.com.xml
@@ -0,0 +1,11 @@
+<ruleset name="ArtOfProblemSolving.com">
+	<target host="artofproblemsolving.com" />
+	<target host="www.artofproblemsolving.com" />
+	<target host="data.artofproblemsolving.com" />
+	<target host="latex.artofproblemsolving.com" />
+	<target host="services.artofproblemsolving.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ArtSkills.xml b/src/chrome/content/rules/ArtSkills.xml
index 01c44ac18d2a..9edc1f563479 100644
--- a/src/chrome/content/rules/ArtSkills.xml
+++ b/src/chrome/content/rules/ArtSkills.xml
@@ -1,13 +1,13 @@
 <ruleset name="ArtSkills">
 
 	<target host="artskills.com" />
-	<target host="*.artskills.com" />
+	<target host="static.artskills.com" />
+	<target host="www.artskills.com" />
 
 
 	<securecookie host="^(?:w*\.)?artskills\.com$" name=".+" />
 
 
-	<rule from="^http://(static\.|www\.)?artskills\.com/"
-		to="https://$1artskills.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ArtStation.com.xml b/src/chrome/content/rules/ArtStation.com.xml
new file mode 100644
index 000000000000..f361e3a81921
--- /dev/null
+++ b/src/chrome/content/rules/ArtStation.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="ArtStation">
+	<target host="artstation.com" />
+	<!-- Wildcard needed to handle user-created subdomains -->
+	<target host="*.artstation.com" />
+
+	<test url="http://www.artstation.com/" />
+	<test url="http://brunowerneck.artstation.com/" />
+	<test url="http://josephacross.artstation.com/" />
+	<test url="http://cdnb.artstation.com/p/assets/images/images/004/555/223/large/dimitar-marinski-rat.jpg" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Art_Lebedev.ru.xml b/src/chrome/content/rules/Art_Lebedev.ru.xml
index 8b2d817a5ba1..d2693fc2f770 100644
--- a/src/chrome/content/rules/Art_Lebedev.ru.xml
+++ b/src/chrome/content/rules/Art_Lebedev.ru.xml
@@ -1,15 +1,57 @@
 <!--
 	Nonfunctional subdomains:
 
-		- img	(dropped)
+		- cafe *
+
+	* Dropped
+
+
+	Partially covered subdomains:
+
+		- (www.)? *
+		- store *
+		- web *
+
+	* Avoiding broken MCB
+
+
+	Fully covered subdomains:
+
+		- img
+
+
+	Insecure cookies are set for these domains:
+
+		- store.artlebedev.ru
+
+
+	Mixed content:
+
+		- css on store, web, www from img *
+		- Images on store, web, www from img *
+
+	* Secured by us
 
 -->
-<ruleset name="Art Lebedev.ru (partial)" default_off="self-signed">
+<ruleset name="Art Lebedev.ru (partial)">
 
+	<target host="artlebedev.ru" />
+	<target host="img.artlebedev.ru" />
+	<target host="store.artlebedev.ru" />
 	<target host="web.artlebedev.ru" />
+	<target host="www.artlebedev.ru" />
+		<!--
+			Avoid broken MCB:
+						-->
+		<exclusion pattern="^http://(?:www\.)?artlebedev\.ru/+(?!everything/|favicon\.ico|svalka/)" />
+		<exclusion pattern="^http://store\.artlebedev\.ru/+(?!_i/|favicon\.ico|products/images/|themes/)" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^store\.artlebedev\.ru$" name="^sid$" /-->
 
 
-	<rule from="^http://web\.artlebedev\.ru/"
-		to="https://web.artlebedev.ru/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Art_print_images.com.xml b/src/chrome/content/rules/Art_print_images.com.xml
new file mode 100644
index 000000000000..51f9c84d3709
--- /dev/null
+++ b/src/chrome/content/rules/Art_print_images.com.xml
@@ -0,0 +1,22 @@
+<!--
+	For other Art.com coverage, see Art.com.xml.
+
+
+	Problematic hosts in *artprintimages.com:
+
+		- cache1 *
+
+	* Akamai
+
+-->
+<ruleset name="Art print images.com" default_off="mismatched">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="cache1.artprintimages.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Artday.xml b/src/chrome/content/rules/Artday.xml
index 837fb13fc50e..eb23b557f4aa 100644
--- a/src/chrome/content/rules/Artday.xml
+++ b/src/chrome/content/rules/Artday.xml
@@ -1,13 +1,18 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://artday.co.kr/ => https://auction.artday.co.kr/: (51, "SSL: no alternative certificate subject name matches target host name 'auction.artday.co.kr'")
+
 	Problematic subdomains:
 
 		- (www.)	(expired 2013-04-06)
 
 -->
-<ruleset name="Artday">
+<ruleset name="Artday" default_off="failed ruleset test">
 
 	<target host="artday.co.kr" />
-	<target host="*.artday.co.kr" />
+	<target host="auction.artday.co.kr" />
+	<target host="www.artday.co.kr" />
 
 
 	<securecookie host="^auction\.artday\.co\.kr$" name=".+" />
@@ -18,4 +23,4 @@
 	<rule from="^http://(?:auction\.|www\.)?artday\.co\.kr/"
 		to="https://auction.artday.co.kr/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Arte_do_Lar.com.br.xml b/src/chrome/content/rules/Arte_do_Lar.com.br.xml
new file mode 100644
index 000000000000..7fc594435151
--- /dev/null
+++ b/src/chrome/content/rules/Arte_do_Lar.com.br.xml
@@ -0,0 +1,13 @@
+<ruleset name="Arte do Lar.com.br" default_off="plaintext reply">
+
+	<target host="artedolar.com.br" />
+	<target host="www.artedolar.com.br" />
+
+
+	<securecookie host="^\.(?:www\.)?artedolar\.com\.br$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Artemis-IA.eu.xml b/src/chrome/content/rules/Artemis-IA.eu.xml
index cf30d34dc796..fca56eeb5849 100644
--- a/src/chrome/content/rules/Artemis-IA.eu.xml
+++ b/src/chrome/content/rules/Artemis-IA.eu.xml
@@ -1,18 +1,49 @@
 <!--
-	Nonfunctional subdomains:
+	Problematic hosts in *artemis-ia.eu:
 
-		- (www.)	(http reply)
+		- community *
+		- www *
+
+	* Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- artemis-ia.eu
 
 -->
-<ruleset name="Artemis-IA.eu (partial)">
+<ruleset name="Artemis-IA.eu">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="artemis-ia.eu" />
 
+	<!--	Complications:
+				-->
 	<target host="community.artemis-ia.eu" />
+	<target host="www.artemis-ia.eu" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^artemis-ia\.eu$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^artemis-ia\.eu$" name=".+" />
+
 
+	<!--	Redirect drops path and forward
+		slash, but not args:
+					-->
+	<rule from="^http://community\.artemis-ia\.eu/[^?]*"
+		to="https://artemis-ia.eu/community" />
 
-	<securecookie host="^community\.artemis-ia\.eu$" name=".+" />
+		<test url="http://community.artemis-ia.eu/?foo" />
+		<test url="http://community.artemis-ia.eu/index" />
 
+	<rule from="^http://www\.artemis-ia\.eu/"
+		to="https://artemis-ia.eu/" />
 
-	<rule from="^http://community\.artemis-ia\.eu/"
-		to="https://community.artemis-ia.eu/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Artemis.net.xml b/src/chrome/content/rules/Artemis.net.xml
new file mode 100644
index 000000000000..a968b8766660
--- /dev/null
+++ b/src/chrome/content/rules/Artemis.net.xml
@@ -0,0 +1,21 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://artemis.net/ => https://artemis.net/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://artemisinternet.com/ => https://artemisinternet.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+-->
+<ruleset name="Artemis.net" default_off="failed ruleset test">
+
+	<target host="artemis.net" />
+	<target host="artemisinternet.com" />
+	<target host="www.artemis.net" />
+	<target host="www.artemisinternet.com" />
+
+
+	<securecookie host="^\.artemis(?:\.net|internet\.com)$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Artfiles_New_Media.xml b/src/chrome/content/rules/Artfiles_New_Media.xml
index 215b2a6dff70..f6eb946257c6 100644
--- a/src/chrome/content/rules/Artfiles_New_Media.xml
+++ b/src/chrome/content/rules/Artfiles_New_Media.xml
@@ -1,10 +1,49 @@
-<ruleset name="Artfiles New Media">
-  <target host="artfiles.de" />
-  <target host="www.artfiles.de" />
-  <target host="dcp.c.artfiles.de" />
-  <target host="webmail.artfiles.de" />
-  <target host="www.webmail.artfiles.de" />
-
-  <rule from="^http://(?:www\.)?(webmail\.)?artfiles\.de/" to="https://$1artfiles.de/" />
-  <rule from="^http://dcp\.c\.artfiles\.de/" to="https://dcp.c.artfiles.de/" />
+<!--
+	Nonfunctional subdomains:
+
+		- board *
+		- status *
+
+	* Refused
+
+
+	Problematic subdomains:
+
+		- www.webmail *
+
+	* Cert only matches *.artfiles.de
+
+
+	Fully covered subdomains:
+
+		- (www.)
+		- dcp.c
+		- documents
+		- (www.)webmail		(www → ^)
+
+-->
+<ruleset name="Artfiles New Media (partial)">
+
+	<target host="artfiles.de" />
+	<target host="dcp.c.artfiles.de" />
+	<target host="documents.artfiles.de" />
+	<target host="www.artfiles.de" />
+	<target host="webmail.artfiles.de" />
+	<target host="www.webmail.artfiles.de" />
+
+
+	<!--	Not secured by server:
+						-->
+	<!--securecookie host="^\.artfiles\.de$" name="^HSID$" /-->
+	<!--securecookie host="^webmail\.artfiles\.de$" name="^SQMSESSID$" /-->
+	<!--securecookie host="^www\.artfiles\.de$" name="^(PHPSESSID|fe_typo_user)$" /-->
+
+	<securecookie host="^(?:webmail|www)?\.artfiles\.de$" name=".+" />
+
+
+
+	<rule from="^http://(?:www\.)?webmail\.artfiles\.de/"
+		to="https://webmail.artfiles.de/" />
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Article_19.org.xml b/src/chrome/content/rules/Article_19.org.xml
new file mode 100644
index 000000000000..47f776997a19
--- /dev/null
+++ b/src/chrome/content/rules/Article_19.org.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- www.article19.org
+
+-->
+<ruleset name="Article 19.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="article19.org" />
+	<target host="www.article19.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.article19\.org$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^www\.article19\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Articulate.com.xml b/src/chrome/content/rules/Articulate.com.xml
new file mode 100644
index 000000000000..0c6d19415642
--- /dev/null
+++ b/src/chrome/content/rules/Articulate.com.xml
@@ -0,0 +1,63 @@
+<!--
+	Login required:
+		account.articulate.com
+		ci.articulate.com
+		rise.articulate.com
+		workshops.articulate.com
+
+	No working URL known:
+		activation.articulate.com
+		avatars.articulate.com
+		cdn.articulate.com
+		diagnostics.articulate.com
+		download.articulate.com
+		images.articulate.com
+		metrics.articulate.com
+
+	Invalid certificate:
+		articulate-insiders.articulate.com
+		drops.articulate.com
+		how-to-email.articulate.com
+		learn.articulate.com
+		tempshare.storyline.articulate.com
+
+	Time out:
+		assets.articulate.com
+		demos.articulate.com
+
+	Refused:
+		go.articulate.com
+
+	Secure connection failed:
+		tempshare.articulate.com
+
+-->
+<ruleset name="Articulate.com">
+
+	<target host="articulate.com" />
+	<target host="www.articulate.com" />
+	<target host="360.articulate.com" />
+	<target host="archives.articulate.com" />
+	<target host="blog.articulate.com" />
+	<target host="blogs.articulate.com" />
+	<target host="ch.articulate.com" />
+	<target host="community.articulate.com" />
+	<target host="cn.articulate.com" />
+	<target host="de.articulate.com" />
+	<target host="en-au.articulate.com" />
+	<target host="en-uk.articulate.com" />
+	<target host="es.articulate.com" />
+	<target host="fr.articulate.com" />
+	<target host="ipc.articulate.com" />
+	<target host="kb.articulate.com" />
+	<target host="life.articulate.com" />
+	<target host="shush.articulate.com" />
+	<target host="store.articulate.com" />
+	<target host="support.articulate.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Artizone.xml b/src/chrome/content/rules/Artizone.xml
deleted file mode 100644
index 70dc244752bc..000000000000
--- a/src/chrome/content/rules/Artizone.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	Some (most?) pages redirect to http.
-
--->
-<ruleset name="Artizone (partial)">
-
-	<target host="artizone.com" />
-	<target host="*.artizone.com" />
-		<exclusion pattern="^http://(?:www\.)?artizone\.com/(?!Content/|favicon\.ico|Scripts/|Shipping/(?:Account/LogOn|Help/ContactUs))" />
-
-
-	<securecookie host="^\.artizone\.com$" name="^__utm\w$" />
-	<securecookie host="^www\.artizone\.com$" name="^artizoneStat$" />
-
-
-	<rule from="^http://(image\.|www\.)?artizone\.com/"
-		to="https://$1artizone.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Artsy.net.xml b/src/chrome/content/rules/Artsy.net.xml
new file mode 100644
index 000000000000..cd08fce873e6
--- /dev/null
+++ b/src/chrome/content/rules/Artsy.net.xml
@@ -0,0 +1,43 @@
+<!--
+	Fully covered hosts:
+
+		- (www.)?
+		- admin
+		- api
+		- cms
+
+
+	These altnames don't exist:
+
+		- secure.artsy.net
+
+
+	Insecure cookies are set for these hosts:
+
+		- admin.artsy.net
+		- www.artsy.net
+
+-->
+<ruleset name="Artsy.net">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="artsy.net" />
+	<target host="admin.artsy.net" />
+	<target host="api.artsy.net" />
+	<target host="cms.artsy.net" />
+	<target host="www.artsy.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^admin\.artsy\.net$" name="^connect\.sess$" /-->
+	<!--securecookie host="^www\.artsy\.net$" name="^(hide-welcome-hero|split_test-(spaceforgrammar)-artist_works_view_mode|split_test-(spaceforgrammar)-gallery_partnerships_apply)$" /-->
+
+	<securecookie host="^(?:admin|www)\.artsy\.net$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ArturKim.xml b/src/chrome/content/rules/ArturKim.xml
deleted file mode 100644
index 36776f3595d5..000000000000
--- a/src/chrome/content/rules/ArturKim.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="ArturKim (partial)" default_off="mismatch">
-
-	<!--	gridserver.com	-->
-	<target host="arturkim.com"/>
-	<target host="www.arturkim.com"/>
-
-	<rule from="^http://(?:www\.)?arturkim\.com/wp-content/"
-		to="https://arturkim.com/wp-content/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Arukereso.xml b/src/chrome/content/rules/Arukereso.xml
index 6e49a1588d32..a546425f8183 100644
--- a/src/chrome/content/rules/Arukereso.xml
+++ b/src/chrome/content/rules/Arukereso.xml
@@ -1,86 +1,66 @@
-<!-- Nonfunctional subdomains:
+<!--
+	Other Arukereso rulesets:
 
-	- tablet-pc.arukereso.hu/pazaruvaj.com
-	- e-book-olvaso.arukereso.hu
-	- lego.arukereso.hu
-	- asztali-multimedia-lejatszo.arukereso.hu
-	- belteri-egyseg.arukereso.hu
-	- konyv.arukereso.hu
-	- garancia.arukereso.hu
-	- beepitheto-suto.arukereso.hu
-	- kulso-haz.arukereso.hu
-	- kabel-csatlakozo.arukereso.hu
-	- wlan-antenna.arukereso.hu
-	- nas-meghajto-arukereso.hu
-	- eger.arukereso.hu
-	- ipad.arukereso.hu
-	- termosztat.arukereso.hu
-	- noi-csizma-bakancs.arukereso.hu
-	- irodai-forgoszek.arukereso.hu
-	- divat-es-ruhazat.arukereso.hu
-	- kezi-mixer.arukereso.hu
-	- edeny-kukta.arukereso.hu
-	- lancfuresz.arukereso.hu
-	- jelmez.arukereso.hu
-	- feherje.arukereso.hu
-	- elektronna-cigara.pazaruvaj.com
-	- mishki.pazaruvaj.com
-	- chetec-za-e.pazaruvaj.con
-	- blenderi.pazaruvaj.com
-	- elektricheska-chetka-za-zybi.pazaruvaj.com
-	- akumulator-za-prenosimi-kompjutri.pazaruvaj.com
-	- maquinas-de-lavar-roupa.precos.com.pt
-	- televisores.precos.com.pt
-	- frigorificos.precos.com.pt
-	- perfumes.precos.com.pt
-	- disco-rigido.precos.com.pt
-	- tablet-pc.precos.com.pt
-	- affiliation.precos.com.pt
-	- static.precos.com.pt
-	- image.precos.com.pt
-	- tablet-pc.compari.ro
-	- masina-de-uscat-rufe.compari.ro
-	- scaun-de-masa-bebelusi.compari.ro
-	- chiuveta.compari.ro
-	- periuta-de-dinti-electrica.compari.ro
-	- tensiometru.compari.ro
-	- interfon.compari.ro
-	- tablet-pc.ucuzu.com
-	- kitap.ucuzu.com
-	- blog.ucuzu.com
-	- uydu-alicisi.ucuzu.com
-	- yuz-kremi.ucuzu.com
-	- is-guvenlik-akkayabisi-botu.ucuzu.com
-	- mikrofon.ucuzu.com
+		- Compari.ro.xml
+		- Pazaruvaj.com.xml
+		- Ucuzu.com.xml
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .hu
+		- .arukereso.hu
+		- ipad.arukereso.hu
+		- lego.arukereso.hu
+		- . . .
+		- www.arukereso.hu
 
 -->
-<ruleset name="&#193;rukeres&#337;">
-	<!-- Cert: *.arukereso.hu -->
+<ruleset name="Arukereso.hu">
+
 	<target host="arukereso.hu" />
-	<target host="affiliation.arukereso.hu" />
-	<target host="image.arukereso.hu" />
-	<target host="static.arukereso.hu" />
-	<!-- Cert: www.arukereso.hu -->
-	<target host="www.arukereso.hu" />
-	<target host="www.pazaruvaj.com" />
-	<target host="www.precos.com.pt" />
-	<target host="www.compari.ro" />
-	<!-- Cert: *.pazaruvaj.com -->
-	<target host="pazaruvaj.com" />
-	<target host="affiliation.pazaruvaj.com" />
-	<target host="image.pazaruvaj.com" />
-	<target host="static.pazaruvaj.com" />
-	<!-- Cert: *.compari.ro -->
-	<target host="compari.ro" />
-	<target host="affiliation.compari.ro" />
-	<target host="image.compari.ro" />
-	<target host="static.compari.ro" />
-	<!-- Cert: *.ucuzu.com -->
-	<target host="ucuzu.com" />
-	<target host="www.ucuzu.com" />
-	<target host="image.ucuzu.com" />
-	<target host="static.ucuzu.com" />
+	<target host="*.arukereso.hu" />
+
+
+		<test url="http://affiliation.arukereso.hu/" />
+		<test url="http://asztali-multimedia-lejatszo.arukereso.hu/" />
+		<test url="http://beepitheto-suto.arukereso.hu/" />
+		<test url="http://belteri-egyseg.arukereso.hu/" />
+		<test url="http://divat-es-ruhazat.arukereso.hu/" />
+		<test url="http://e-book-olvaso.arukereso.hu/" />
+		<test url="http://edeny-kukta.arukereso.hu/" />
+		<test url="http://eger.arukereso.hu/" />
+		<test url="http://image.arukereso.hu/" />
+		<test url="http://ipad.arukereso.hu/" />
+		<test url="http://feherje.arukereso.hu/" />
+		<test url="http://garancia.arukereso.hu/" />
+		<test url="http://irodai-forgoszek.arukereso.hu/" />
+		<test url="http://jelmez.arukereso.hu/" />
+		<test url="http://kabel-csatlakozo.arukereso.hu/" />
+		<test url="http://kezi-mixer.arukereso.hu/" />
+		<test url="http://konyv.arukereso.hu/" />
+		<test url="http://lancfuresz.arukereso.hu/" />
+		<test url="http://kulso-haz.arukereso.hu/" />
+		<test url="http://lego.arukereso.hu/" />
+		<test url="http://nas-meghajto.arukereso.hu/" />
+		<test url="http://noi-csizma-bakancs.arukereso.hu/" />
+		<test url="http://p1-ssl.arukereso.hu/" />
+		<test url="http://static.arukereso.hu/" />
+		<test url="http://tablet-pc.arukereso.hu/" />
+		<test url="http://termosztat.arukereso.hu/" />
+		<test url="http://wlan-antenna.arukereso.hu/" />
+		<test url="http://www.arukereso.hu/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.hu$" name="^LongExpireUserId$" /-->
+	<!--securecookie host="^\.arukereso\.hu$" name="^(?:ARUKERESO_SESSION|LongExpireUserId)$" /-->
+	<!--securecookie host="^(?:ipad|lego|www)\.arukereso\.hu$" name="^UniqueUserId$" /-->
+
+	<securecookie host=".*\.arukereso\.hu$" name=".+" />
+
 
-	<securecookie host="^(www)?\.(arukereso\.hu|pazaruvaj\.com|precos\.com\.pt|compari\.ro|ucuzu\.com)$" name=".+" />
-	<rule from="^http://([^@:/]*)\.(arukereso\.hu|pazaruvaj\.com|precos\.com\.pt|compari\.ro|ucuzu\.com)/" to="https://$1.$2/" />
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Arun.gov.uk.xml b/src/chrome/content/rules/Arun.gov.uk.xml
new file mode 100644
index 000000000000..930264a81f72
--- /dev/null
+++ b/src/chrome/content/rules/Arun.gov.uk.xml
@@ -0,0 +1,65 @@
+
+<!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Fetch error: http://eastergate.arun.gov.uk/ => https://eastergate.arun.gov.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'eastergate.arun.gov.uk'")
+Fetch error: http://hamnet.arun.gov.uk/ => https://hamnet.arun.gov.uk/: (35, 'error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol')
+
+	Reset:
+		- aldingbourne
+		- burpham
+		- clapham
+		- claphamandpatching
+		- eastpreston
+		- findon
+		- ford
+		- kingston
+		- mailtest
+		- patching
+
+	Timeout:
+		- hamnet
+
+	Mismatched:
+		- eh
+		- eastergate
+		- ferring
+		- walberton
+
+	Self-signed:
+		- accesscc
+		- daccess
+-->
+<ruleset name="Arun.gov.uk">
+	<target host="arun.gov.uk" />
+	<target host="www.arun.gov.uk" />
+	<target host="www1.arun.gov.uk" />
+	<target host="aldingbourne.arun.gov.uk" />
+	<target host="burpham.arun.gov.uk" />
+	<target host="barnham.arun.gov.uk" />
+	<target host="clapham.arun.gov.uk" />
+	<target host="democracy.arun.gov.uk" />
+	<!-- target host="eastergate.arun.gov.uk" /-->
+	<target host="eastpreston.arun.gov.uk" />
+	<target host="ferring.arun.gov.uk" />
+	<target host="findon.arun.gov.uk" />
+	<target host="ford.arun.gov.uk" />
+	<!-- target host="hamnet.arun.gov.uk" /-->
+	<target host="kingston.arun.gov.uk" />
+	<target host="patching.arun.gov.uk" />
+	<target host="sts.arun.gov.uk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://aldingbourne\.arun\.gov\.uk/" to="https://aldingbourne-pc.gov.uk/" />
+	<rule from="^http://burpham\.arun\.gov\.uk/" to="https://burphamandwepham.org.uk/" />
+	<rule from="^http://clapham\.arun\.gov\.uk/" to="https://clapham.claphamandpatching-pc.gov.uk/" />
+	<rule from="^http://eastpreston\.arun\.gov\.uk/" to="https://eastpreston-pc.gov.uk/" />
+	<rule from="^http://ferring\.arun\.gov\.uk/" to="https://www.ferringparishcouncil.org.uk/" />
+	<rule from="^http://findon\.arun\.gov\.uk/" to="https://findonparishcouncil.gov.uk/" />
+	<rule from="^http://ford\.arun\.gov\.uk/" to="https://fordwestsussex-pc.gov.uk/" />
+	<rule from="^http://kingston\.arun\.gov\.uk/" to="https://kingston-wsx-pc.gov.uk/" />
+	<rule from="^http://patching\.arun\.gov\.uk/" to="https://patching.claphamandpatching-pc.gov.uk/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Arvixe.xml b/src/chrome/content/rules/Arvixe.xml
index 2c6be81aa041..ecc88514923e 100644
--- a/src/chrome/content/rules/Arvixe.xml
+++ b/src/chrome/content/rules/Arvixe.xml
@@ -1,17 +1,45 @@
-<ruleset name="Arvixe">
+<!--
+	Problematic subdomains:
 
-	<target host="arvixe.com" />
-	<target host="*.arvixe.com" />
+		- mail *
+
+	* Mismatched, CN: postoffice.arvixe.com
+
+
+	Fully covered subdomains:
+
+		- affiliates
+		- support
+
+
+	Insecure cookies are set for these domains:
+
+		- .arvixe.com
 
 
-	<securecookie host="^(.*\.)?arvixe\.com$" name=".*" />
+	Mixed content:
 
+		- Images on affiliates from www *
 
-	<rule from="^http://(affiliate\.|postoffice\.|www\.)?arvixe\.com/"
-		to="https://$1arvixe.com/" />
+	* Secured by us
 
-	<!--	Cert : postoffice.arvixe.com	-->
-	<rule from="^https?://mail\.arvixe\.com/"
+-->
+<ruleset name="Arvixe.com">
+
+	<target host="arvixe.com" />
+	<target host="mail.arvixe.com" />
+	<target host="affiliates.arvixe.com" />
+	<target host="postoffice.arvixe.com" />
+	<target host="support.arvixe.com" />
+	<target host="www.arvixe.com" />
+
+
+	<securecookie host=".+" name=".+"/>
+
+
+	<rule from="^http://mail\.arvixe\.com/"
 		to="https://postoffice.arvixe.com/" />
 
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Arvm.de.xml b/src/chrome/content/rules/Arvm.de.xml
deleted file mode 100644
index 93495b16a2db..000000000000
--- a/src/chrome/content/rules/Arvm.de.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="arvm.de">
-
-	<target host="i.arvm.de" />
-
-
-	<rule from="^http://i\.arvm\.de/"
-		to="https://i.arvm.de/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Arxiv-Vanity.com.xml b/src/chrome/content/rules/Arxiv-Vanity.com.xml
new file mode 100644
index 000000000000..fc3e82aa53ba
--- /dev/null
+++ b/src/chrome/content/rules/Arxiv-Vanity.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="arxiv-vanity.com">
+	<target host="arxiv-vanity.com" />
+	<target host="www.arxiv-vanity.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Asahi_Shimbun.xml b/src/chrome/content/rules/Asahi_Shimbun.xml
index 14ecdc199fe1..36e9405eea6b 100644
--- a/src/chrome/content/rules/Asahi_Shimbun.xml
+++ b/src/chrome/content/rules/Asahi_Shimbun.xml
@@ -19,14 +19,13 @@
 -->
 <ruleset name="Asahi Shimbun (partial)">
 
-	<target host="*.asahi.com" />
+	<target host="digital.asahi.com" />
 		<exclusion pattern="^http://digital\.asahi\.com/(?!css/|img/|login)" />
 
 
 	<securecookie host="^ajw\.asahi\.com$" name=".+" />
 
 
-	<rule from="^http://(ajw|digital)\.asahi\.com/"
-		to="https://$1.asahi.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Asana.xml b/src/chrome/content/rules/Asana.xml
deleted file mode 100644
index e28b474b7594..000000000000
--- a/src/chrome/content/rules/Asana.xml
+++ /dev/null
@@ -1,48 +0,0 @@
-<!--
-	CDN buckets:
-
-		- asana_static.s3.amazonaws.com
-		- d1gwm4cf8hecp4.cloudfront.net
-
-		- asanablog.wpengine.com
-
-			- blog.asana.com
-
-		- asanadev.wpengine.com
-
-			- developer.asana.com
-			- developers.asana.com
-
-
-	Problematic subdomains:
-
-		- blog *
-		- connect	(mismatched, CN: t.trackedlink.net)
-		- developer *
-		- developers *
-
-	* Mismatched, CN: *.wpengine.com
-
--->
-<ruleset name="Asana (partial)">
-
-	<target host="asana.com" />
-	<target host="*.asana.com" />
-
-
-	<securecookie host="^(?:app\.)?asana\.com$" name=".*" />
-
-
-	<rule from="^http://((?:app|beta|help|www)\.)?asana\.com/"
-		to="https://$1asana.com/" />
-
-	<rule from="^https?://blog\.asana\.com/"
-		to="https://asanablog.wpengine.com/" />
-
-	<rule from="^https?://connect\.asana\.com/"
-		to="https://t.trackedlink.net/" />
-
-	<rule from="^https?://developers?\.asana\.com/"
-		to="https://asanadev.wpengine.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/AsbestosSafetyandEradicationAgency.xml b/src/chrome/content/rules/AsbestosSafetyandEradicationAgency.xml
new file mode 100644
index 000000000000..c0ee57d6bcd6
--- /dev/null
+++ b/src/chrome/content/rules/AsbestosSafetyandEradicationAgency.xml
@@ -0,0 +1,7 @@
+<ruleset name="Asbestos Safety and Eradication Agency">
+	<target host="asbestossafety.gov.au" />
+	<target host="www.asbestossafety.gov.au" />
+
+	<rule from="^http://(?:www\.)?asbestossafety\.gov\.au/"
+		to="https://asbestossafety.gov.au/" />
+</ruleset>
diff --git a/src/chrome/content/rules/Asbury_Park_Press.xml b/src/chrome/content/rules/Asbury_Park_Press.xml
index 11b95a3fd980..f7810f173e6b 100644
--- a/src/chrome/content/rules/Asbury_Park_Press.xml
+++ b/src/chrome/content/rules/Asbury_Park_Press.xml
@@ -16,13 +16,14 @@
 <ruleset name="Asbury Park Press (partial)">
 
 	<target host="app.com" />
-	<target host="*.app.com" />
+	<target host="cmsimg.app.com" />
+	<target host="www.app.com" />
 
 
 	<securecookie host="^www\.app\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:cmsimg\.|www\.)?app\.com/"
+	<rule from="^http://(?:cmsimg\.|www\.)?app\.com/"
 		to="https://www.app.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Ascend_app.com.xml b/src/chrome/content/rules/Ascend_app.com.xml
new file mode 100644
index 000000000000..395440e8728a
--- /dev/null
+++ b/src/chrome/content/rules/Ascend_app.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="Ascend app.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ascendapp.com" />
+	<target host="www.ascendapp.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Asciinema.org.xml b/src/chrome/content/rules/Asciinema.org.xml
new file mode 100644
index 000000000000..8963103c2c8c
--- /dev/null
+++ b/src/chrome/content/rules/Asciinema.org.xml
@@ -0,0 +1,14 @@
+<ruleset name="Asciinema.org">
+
+	<target host="asciinema.org" />
+	<target host="www.asciinema.org" />
+	<target host="blog.asciinema.org" />
+	<target host="discourse.asciinema.org" />
+	<target host="staging.asciinema.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ascio.com.xml b/src/chrome/content/rules/Ascio.com.xml
index 9f961bc96ba1..e0d021f0389a 100644
--- a/src/chrome/content/rules/Ascio.com.xml
+++ b/src/chrome/content/rules/Ascio.com.xml
@@ -12,7 +12,6 @@
 	<securecookie host="^portal\.ascio\.com$" name=".+" />
 
 
-	<rule from="^http://portal\.ascio\.com/"
-		to="https://portal.ascio.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Asecus.xml b/src/chrome/content/rules/Asecus.xml
deleted file mode 100644
index abe117dae12c..000000000000
--- a/src/chrome/content/rules/Asecus.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	- Expired 2010-05-04
-	- CN: localhost.localdomain
-
--->
-<ruleset name="Asecus" default_off="expired, self-signed">
-
-	<target host="asecus.ch" />
-	<target host="www.asecus.ch" />
-
-
-	<securecookie host="^asecus\.ch$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?asecus\.ch/"
-		to="https://asecus.ch/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Asfar.org.uk.xml b/src/chrome/content/rules/Asfar.org.uk.xml
new file mode 100644
index 000000000000..2c68e672cfc6
--- /dev/null
+++ b/src/chrome/content/rules/Asfar.org.uk.xml
@@ -0,0 +1,8 @@
+<ruleset name="Asfar">
+	<target host="asfar.org.uk" />
+	<target host="www.asfar.org.uk" />
+	<target host="resolve.asfar.org.uk" />
+	<target host="mesap.asfar.org.uk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ashampoo.com.xml b/src/chrome/content/rules/Ashampoo.com.xml
new file mode 100644
index 000000000000..12220fee99ee
--- /dev/null
+++ b/src/chrome/content/rules/Ashampoo.com.xml
@@ -0,0 +1,77 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://sharing.ashampoo.com/ => https://sharing.ashampoo.com/: (6, 'Could not resolve host: sharing.ashampoo.com')
+Fetch error: http://vpn.ashampoo.com/ => https://vpn.ashampoo.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	Nonfunctional hosts in *ashampoo.com:
+
+		- cms *
+		- mxroot *
+
+	* Handshake fails
+
+
+	Problematic hosts in *ashampoo.com:
+
+		- cloud *
+		- isdev *
+		- nagios *
+		- owa *
+
+	* Server sends no certificate chain, see https://whatsmychaincert.com
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- ashampoo.com
+		- api.ashampoo.com
+		- blog.ashampoo.com
+		- cloud.ashampoo.com
+		- owa.ashampoo.com
+		- sharing.ashampoo.com
+		- .shop.ashampoo.com
+		- www.ashampoo.com
+
+
+	These altnames don't exist:
+
+		- ashsrvex01.ashampoo.com
+		- ashsrvvmavast.ashampoo.com
+		- awstats.ashampoo.com
+
+-->
+<ruleset name="Ashampoo.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ashampoo.com" />
+	<target host="api.ashampoo.com" />
+	<target host="blog.ashampoo.com" />
+	<!--target host="cloud.ashampoo.com" /-->
+	<target host="dev.ashampoo.com" />
+	<target host="img.ashampoo.com" />
+	<!--target host="isdev.ashampoo.com" /-->
+	<target host="login.ashampoo.com" />
+	<!--target host="nagios.ashampoo.com" /-->
+	<!--target host="owa.ashampoo.com" /-->
+	<target host="sharing.ashampoo.com" />
+	<target host="shop.ashampoo.com" />
+	<target host="vpn.ashampoo.com" />
+	<target host="www.ashampoo.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:api\.|blog\.|sharing\.|www\.)?ashampoo\.com$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^cloud\.ashampoo\.com$" name="^oc\w+$" /-->
+	<!--securecookie host="^owa\.ashampoo\.com$" name="^(?:cadata|sessionid)$" /-->
+	<!--securecookie host="^\.shop\.ashampoo\.com$" name="^(?:purl-\d+|cbsession[12])$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Asheville_Citizen-Times.xml b/src/chrome/content/rules/Asheville_Citizen-Times.xml
index c51788405e25..8f0bdf0016dd 100644
--- a/src/chrome/content/rules/Asheville_Citizen-Times.xml
+++ b/src/chrome/content/rules/Asheville_Citizen-Times.xml
@@ -11,13 +11,14 @@
 <ruleset name="Asheville Citizen-Times">
 
 	<target host="citizen-times.com" />
-	<target host="*.citizen-times.com" />
+	<target host="cmsimg.citizen-times.com" />
+	<target host="www.citizen-times.com" />
 
 
 	<securecookie host="^www\.citizen-times\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:cmsimg\.|www\.)?citizen-times\.com/"
+	<rule from="^http://(?:cmsimg\.|www\.)?citizen-times\.com/"
 		to="https://www.citizen-times.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Ashford.com.xml b/src/chrome/content/rules/Ashford.com.xml
index b2f0a5400fd9..bba6780cd6fc 100644
--- a/src/chrome/content/rules/Ashford.com.xml
+++ b/src/chrome/content/rules/Ashford.com.xml
@@ -1,4 +1,6 @@
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.ashford.com/ => http://www.ashford.com/: (28, 'Operation timed out after 15001 milliseconds with 0 bytes received')
 	At least some pages redirect to http
 
 
@@ -11,7 +13,7 @@
 	<target host="www.ashford.com" />
 
 
-	<rule from="^https?://(?:www\.)?ashford\.com/(css_compressed/|images/|global/util/loginRedirect\.jsp|marketing/|myaccount/)"
+	<rule from="^http://(?:www\.)?ashford\.com/(css_compressed/|images/|global/util/loginRedirect\.jsp|marketing/|myaccount/)"
 		to="https://www.ashford.com/$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Ashland_Fiber.net.xml b/src/chrome/content/rules/Ashland_Fiber.net.xml
index f92e6f0cdfc9..a81b5d57e2dd 100644
--- a/src/chrome/content/rules/Ashland_Fiber.net.xml
+++ b/src/chrome/content/rules/Ashland_Fiber.net.xml
@@ -1,5 +1,4 @@
 <!--
-	For other U.S. government coverage, see US-government.xml.
 
 
 	Nonfunctional subdomains:
@@ -13,7 +12,6 @@
 	<target host="www.ashlandfiber.net" />
 
 
-	<rule from="^http://(www\.)?ashlandfiber\.net/"
-		to="https://$1ashlandfiber.net/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Ashlands.net.xml b/src/chrome/content/rules/Ashlands.net.xml
new file mode 100644
index 000000000000..ff48105866b5
--- /dev/null
+++ b/src/chrome/content/rules/Ashlands.net.xml
@@ -0,0 +1,12 @@
+<!--
+	For other MonkeysAudio.com related rulesets, see MonkeysAudio.com.xml
+-->
+<ruleset name="Ashlands.net">
+	<target host="ashlands.net"/>
+	<target host="www.ashlands.net"/>
+	<target host="audio.ashlands.net"/>
+	<target host="www.audio.ashlands.net" />
+
+	<rule from="^http:" to="https:"/>
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ashleymadison.com.xml b/src/chrome/content/rules/Ashleymadison.com.xml
deleted file mode 100644
index e88b44039f2e..000000000000
--- a/src/chrome/content/rules/Ashleymadison.com.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- static-cdn	(404, valid cert)
-
--->
-<ruleset name="ashleymadison.com (partial)">
-
-	<target host="static.ashleymadison.com" />
-
-
-	<rule from="^http://static\.ashleymadison\.com/"
-		to="https://static.ashleymadison.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Asia-Pacific-Network-Information-Centre-mismatches.xml b/src/chrome/content/rules/Asia-Pacific-Network-Information-Centre-mismatches.xml
deleted file mode 100644
index 056dd8a796e6..000000000000
--- a/src/chrome/content/rules/Asia-Pacific-Network-Information-Centre-mismatches.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	For rules that are on by default, see Asia-Pacific-Network-Information-Centre.xml.
-
--->
-<ruleset name="Asia-Pacific Network Information Centre (mismatches)" default_off="mismatch">
-
-	<target host="conference.apnic.net" />
-
-
-	<!--	Cert: www.apnic.net	-->
-	<rule from="^http://conference\.apnic\.net/"
-		to="https://conference.apnic.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Asia-Pacific-Network-Information-Centre.xml b/src/chrome/content/rules/Asia-Pacific-Network-Information-Centre.xml
index 86566b38f161..07d985905f5b 100644
--- a/src/chrome/content/rules/Asia-Pacific-Network-Information-Centre.xml
+++ b/src/chrome/content/rules/Asia-Pacific-Network-Information-Centre.xml
@@ -1,33 +1,29 @@
 <!--
-	For problematic rules, see Asia-Pacific-Network-Information-Centre-mismatches.xml.
-
-
-	Nonfunctional subdomains:
-
-		- wq	(times out)
-
+	Incomplete certificate chain:
+		- labs
+		- stats.labs
 -->
-<ruleset name="Asia-Pacific Network Information Centre (partial)">
+<ruleset name="Asia Pacific Network Information Centre (partial)">
 
 	<target host="apnic.net" />
-	<target host="*.apnic.net" />
+	<target host="www.apnic.net" />
+	<target host="academy.apnic.net" />
+	<target host="blog.apnic.net" />
+	<target host="conference.apnic.net" />
+	<target host="directory.apnic.net" />
+	<target host="ftp.apnic.net" />
+	<target host="my.apnic.net" />
+	<target host="netox.apnic.net" />
+	<target host="stats.apnic.net" />
+	<target host="submit.apnic.net" />
+	<target host="training.apnic.net" />
+	<target host="wq.apnic.net" />
 	<target host="myapnic.net" />
 	<target host="www.myapnic.net" />
 
+	<securecookie host="^\.apnic\.net$" name=".+" />
 
-	<securecookie host="^\.apnic\.net$" name=".*" />
-
-
-	<!--	!www Cert: submit.apnic.net
-					-->
-	<rule from="^https?://(?:www\.)?apnic\.net/"
-		to="https://www.apnic.net/" />
-
-	<rule from="^http://submit\.apnic\.net/"
-		to="https://submit.apnic.net/" />
-
-	<!--	Cert only matches //myapnic.net.	-->
-	<rule from="^https?://(?:www\.)?myapnic\.net/"
-		to="https://myapnic.net/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/AsiaBSDCon.org.xml b/src/chrome/content/rules/AsiaBSDCon.org.xml
new file mode 100644
index 000000000000..384bb5a5af3d
--- /dev/null
+++ b/src/chrome/content/rules/AsiaBSDCon.org.xml
@@ -0,0 +1,31 @@
+<!--
+	Fully covered hosts in *asiabsdcon.org:
+
+		- (www.)?
+		- 200[7-9]
+		- 201[45]
+		- lists
+
+-->
+<ruleset name="AsiaBSDCon.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="asiabsdcon.org" />
+	<target host="2007.asiabsdcon.org" />
+	<target host="2008.asiabsdcon.org" />
+	<target host="2009.asiabsdcon.org" />
+	<target host="2010.asiabsdcon.org" />
+	<target host="2011.asiabsdcon.org" />
+	<target host="2012.asiabsdcon.org" />
+	<target host="2013.asiabsdcon.org" />
+	<target host="2014.asiabsdcon.org" />
+	<target host="2015.asiabsdcon.org" />
+	<target host="lists.asiabsdcon.org" />
+	<target host="www.asiabsdcon.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Asianfanfics.xml b/src/chrome/content/rules/Asianfanfics.xml
index d05f90d199e2..168ccb046a27 100644
--- a/src/chrome/content/rules/Asianfanfics.xml
+++ b/src/chrome/content/rules/Asianfanfics.xml
@@ -1,13 +1,12 @@
 <ruleset name="Asianfanfics">
 
 	<target host="asianfanfics.com" />
-	<target host="*.asianfanfics.com" />
+	<target host="www.asianfanfics.com" />
 
 
 	<securecookie host="^\.asianfanfics\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?asianfanfics\.com/"
-		to="https://$1asianfanfics.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Asjo.org.xml b/src/chrome/content/rules/Asjo.org.xml
new file mode 100644
index 000000000000..917c2e6848b8
--- /dev/null
+++ b/src/chrome/content/rules/Asjo.org.xml
@@ -0,0 +1,13 @@
+<!--
+    Problematic domains:
+
+        - mail ¹
+
+    ¹: Mismatch
+-->
+<ruleset name="Asjo.org">
+	<target host="asjo.org" />
+	<target host="www.asjo.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ask.com.xml b/src/chrome/content/rules/Ask.com.xml
new file mode 100644
index 000000000000..90ecd1740034
--- /dev/null
+++ b/src/chrome/content/rules/Ask.com.xml
@@ -0,0 +1,53 @@
+<!--
+	Nonfunctional hosts in *.ask.com:
+		- at.ask.com (m)
+		- ca.ask.com (m)
+		- feedback.ask.com (m)
+		- in.ask.com (m)
+		- jp.ask.com (m)
+		- mx.ask.com (m)
+		- pt.ask.com (m)
+		- ru.ask.com (m)
+		- safesearch.ask.com (m)
+		- search.ask.com (m)
+			- nortonsafe.search.ask.com (mixed content)
+			- secure.search.ask.com (m)
+			- www.search.ask.com (mixed content)
+		- social.ask.com (expired)
+		- tb.ask.com (m)
+			- home.tb.ask.com (m)
+			- akd.search.tb.ask.com (m)
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Ask.com">
+	<target host="ask.com" />
+	<target host="www.ask.com" />
+	<target host="about.ask.com" />
+	<target host="br.ask.com" />
+	<target host="de.ask.com" />
+	<target host="dp.tb.ask.com" />
+	<target host="es.ask.com" />
+	<target host="ext.ask.com" />
+	<target host="fr.ask.com" />
+	<target host="help.ask.com" />
+	<target host="hp.ask.com" />
+	<target host="it.ask.com" />
+		<target host="www.safesearch.ask.com" />
+	<target host="saservice.ask.com" />
+		<target host="avira.search.ask.com" />
+		<target host="config.search.ask.com" />
+		<target host="ss-sym.search.ask.com" />
+		<target host="ss-wtt.search.ask.com" />
+		<target host="www1.search.ask.com" />
+		<target host="config.tb.ask.com" />
+		<target host="search.tb.ask.com" />
+	<target host="int.search.tb.ask.com" />
+	<target host="uk.ask.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ask.fm.xml b/src/chrome/content/rules/Ask.fm.xml
new file mode 100644
index 000000000000..a917da1905a3
--- /dev/null
+++ b/src/chrome/content/rules/Ask.fm.xml
@@ -0,0 +1,23 @@
+<!--
+	Remark: *.ask.fm have a wildcard DNS Record.
+-->
+<ruleset name="Ask.fm">
+	<target host="ask.fm" />
+	<target host="www.ask.fm" />
+	<target host="about.ask.fm" />
+	<target host="akimg0.ask.fm" />
+	<target host="akimg1.ask.fm" />
+	<target host="akimg2.ask.fm" />
+	<target host="akimg3.ask.fm" />
+	<target host="akimg4.ask.fm" />
+	<target host="l.ask.fm" />
+	<target host="link.ask.fm" />
+	<target host="m.ask.fm" />
+	<target host="safety.ask.fm" />
+	<target host="static.ask.fm" />
+	<target host="support.ask.fm" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AskAMathematician.com.xml b/src/chrome/content/rules/AskAMathematician.com.xml
new file mode 100644
index 000000000000..8aeb6675a2e3
--- /dev/null
+++ b/src/chrome/content/rules/AskAMathematician.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="AskAMathematician.com">
+	<target host="askamathematician.com" />
+	<target host="www.askamathematician.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AskAhmadiyyat.org.xml b/src/chrome/content/rules/AskAhmadiyyat.org.xml
new file mode 100644
index 000000000000..b91a4913842d
--- /dev/null
+++ b/src/chrome/content/rules/AskAhmadiyyat.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="AskAhmadiyyat.org">
+	<target host="askahmadiyyat.org" />
+	<target host="www.askahmadiyyat.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AskMonty.xml b/src/chrome/content/rules/AskMonty.xml
index 06b58ba7970b..1759e44f22d1 100644
--- a/src/chrome/content/rules/AskMonty.xml
+++ b/src/chrome/content/rules/AskMonty.xml
@@ -1,22 +1,50 @@
 <!--
-	For other Monty Program coverage, see Monty_Program.xml.
+	For other MariaDB Corporation coverage, see MariaDB.com.xml.
 
 
 	Nonfunctional subdomains:
 
 		- ircstats	(redirects to askmonty.org/wiki/)
 
+
+	Problematic hosts in *askmonty.org:
+
+		- (www.)? *
+		- downloads *
+
+	* Server sends no certificate chain, see https://whatsmychaincert.com
+
 -->
-<ruleset name="AskMonty (partial)">
+<ruleset name="AskMonty.org (partial)">
 
+	<!--	Direct rewrites:
+				-->
+	<target host="kb.askmonty.org" />
+
+	<!--	Complications:
+				-->
 	<target host="askmonty.org" />
-	<target host="*.askmonty.org" />
+	<target host="downloads.askmonty.org" />
+	<target host="www.askmonty.org" />
+
+
+	<!--	Redirect keeps path and args,
+		but not forward slash:
+					-->
+	<rule from="^http://(?:www\.)?askmonty\.org/+"
+		to="https://mariadb.com/about/" />
 
+		<test url="http://askmonty.org//" />
 
-	<securecookie host="^(?:kb\.)?askmonty\.org$" name=".+" />
+	<!--	Redirect keeps path and args,
+		but not forward slash:
+					-->
+	<rule from="^http://downloads\.askmonty\.org/+"
+		to="https://downloads.mariadb.com/" />
 
+		<test url="http://downloads.askmonty.org//" />
 
-	<rule from="^http://(downloads\.|kb\.|www\.)?askmonty\.org/"
-		to="https://$1askmonty.org/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/AskWoody.com.xml b/src/chrome/content/rules/AskWoody.com.xml
new file mode 100644
index 000000000000..8a64eecb5ece
--- /dev/null
+++ b/src/chrome/content/rules/AskWoody.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="AskWoody.com">
+	<target host="askwoody.com" />
+	<target host="www.askwoody.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ask_Leo.com.xml b/src/chrome/content/rules/Ask_Leo.com.xml
new file mode 100644
index 000000000000..e45413d9cf41
--- /dev/null
+++ b/src/chrome/content/rules/Ask_Leo.com.xml
@@ -0,0 +1,16 @@
+<!--
+	Other Ask Leo rulesets:
+
+		- Ask_Leo_media.com.xml
+
+-->
+<ruleset name="Ask Leo.com">
+
+	<target host="askleo.com" />
+	<target host="www.askleo.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ask_Leo_media.com.xml b/src/chrome/content/rules/Ask_Leo_media.com.xml
new file mode 100644
index 000000000000..e908e69a0ed0
--- /dev/null
+++ b/src/chrome/content/rules/Ask_Leo_media.com.xml
@@ -0,0 +1,20 @@
+<!--
+	For other Ask Leo coverage, see Ask_Leo.com.xml.
+
+
+	Fully covered subdomains:
+
+		- alssl
+		- img
+
+-->
+<ruleset name="Ask Leo media.com">
+
+	<target host="alssl.askleomedia.com" />
+	<target host="img.askleomedia.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ask_a_Patient.xml b/src/chrome/content/rules/Ask_a_Patient.xml
index 59645294008c..4915f68a99bd 100644
--- a/src/chrome/content/rules/Ask_a_Patient.xml
+++ b/src/chrome/content/rules/Ask_a_Patient.xml
@@ -11,7 +11,7 @@
 	<securecookie host="^(?:www\.)?askapatient\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?askapatient\.com/"
+	<rule from="^http://(?:www\.)?askapatient\.com/"
 		to="https://www.askapatient.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Ask_the_Builder.com.xml b/src/chrome/content/rules/Ask_the_Builder.com.xml
new file mode 100644
index 000000000000..d8af8490085e
--- /dev/null
+++ b/src/chrome/content/rules/Ask_the_Builder.com.xml
@@ -0,0 +1,34 @@
+<!--
+	Nonfunctional hosts in *askthebuilder.com:
+
+		- (www.)? ᵃ
+		- go ᵃ
+
+	ᵃ Shows another domain
+
+
+	Problematic hosts in *askthebuilder.com:
+
+		- sod1 ˢ
+
+	ˢ Self-signed
+
+
+	Insecure cookies are set for these domains:
+
+		- .shop.askthebuilder.com
+
+-->
+<ruleset name="Ask the Builder.com (partial)">
+
+	<target host="shop.askthebuilder.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+	<securecookie host="^\.shop\." name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Askives.com.xml b/src/chrome/content/rules/Askives.com.xml
new file mode 100644
index 000000000000..15d6aa1ac1e5
--- /dev/null
+++ b/src/chrome/content/rules/Askives.com.xml
@@ -0,0 +1,41 @@
+<!--
+	NB: Tor users cannot view* this website due to CloudFlare settings.
+
+	See:
+
+		- https://blog.torproject.org/blog/call-arms-helping-internet-services-accept-anonymous-users
+		- https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block-Tor-
+		- https://support.cloudflare.com/hc/en-us/articles/200170206-How-do-I-turn-I-m-Under-Attack-mode-on-
+
+	* without enabling javascript, for security and privacy implications see e.g.:
+
+		- https://www.mozilla.org/security/known-vulnerabilities/firefox.html
+		- https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-fingerprinting
+		- https://panopticlick.eff.org
+
+
+	Insecure cookies are set for these domains:
+
+		- .askives.com
+
+-->
+<ruleset name="Askives.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="askives.com" />
+	<target host="docs.askives.com" />
+	<target host="www.askives.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.askives\.com$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Asknet.xml b/src/chrome/content/rules/Asknet.xml
index 3dfd15b5a0f1..ff2803a54417 100644
--- a/src/chrome/content/rules/Asknet.xml
+++ b/src/chrome/content/rules/Asknet.xml
@@ -15,7 +15,6 @@
 	<target host="srv.cdn-asknet.de" />
 
 
-	<rule from="^http://srv\.(cdn-)?asknet\.(com|de)/"
-		to="https://srv.$1asknet.$2/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Asmc.de.xml b/src/chrome/content/rules/Asmc.de.xml
new file mode 100644
index 000000000000..1f95f604a443
--- /dev/null
+++ b/src/chrome/content/rules/Asmc.de.xml
@@ -0,0 +1,6 @@
+<ruleset name="Asmc.de">
+  <target host="asmc.de" />
+  <target host="www.asmc.de" />
+
+  <rule from="^http://(?:www\.)?asmc\.de/" to="https://www.asmc.de/" />
+</ruleset>
diff --git a/src/chrome/content/rules/Asnetworks.com.xml b/src/chrome/content/rules/Asnetworks.com.xml
index cafb7638308f..d8978019bc66 100644
--- a/src/chrome/content/rules/Asnetworks.com.xml
+++ b/src/chrome/content/rules/Asnetworks.com.xml
@@ -8,7 +8,6 @@
 	<target host="ads.asnetworks.de" />
 
 
-	<rule from="^http://ads\.asnetworks\.de/"
-		to="https://ads.asnetworks.de/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Aspect-Security.xml b/src/chrome/content/rules/Aspect-Security.xml
index b364d0134e4e..c2d8a3e478d7 100644
--- a/src/chrome/content/rules/Aspect-Security.xml
+++ b/src/chrome/content/rules/Aspect-Security.xml
@@ -1,9 +1,13 @@
+<!--
+	^: Refused
+
+-->
 <ruleset name="Aspect Security">
 
 	<target host="aspectsecurity.com"/>
 	<target host="www.aspectsecurity.com"/>
 
-	<rule from="^http://(www\.)?aspectsecurity\.com/"
-		to="https://$1aspectsecurity.com/"/>
+	<rule from="^http://(?:www\.)?aspectsecurity\.com/"
+		to="https://www.aspectsecurity.com/"/>
 
 </ruleset>
diff --git a/src/chrome/content/rules/Aspen.com.xml b/src/chrome/content/rules/Aspen.com.xml
index 289edf686db0..2532f62e44d7 100644
--- a/src/chrome/content/rules/Aspen.com.xml
+++ b/src/chrome/content/rules/Aspen.com.xml
@@ -17,7 +17,7 @@
 <ruleset name="Aspen.com (partial)">
 
 	<target host="aspen.com" />
-	<target host="*.aspen.com" />
+	<target host="www.aspen.com" />
 		<!--
 			Avoid user-visible paths:
 							-->
@@ -32,4 +32,4 @@
 	<rule from="^http://(?:www\.)?aspen\.com/"
 		to="https://secure.bluehost.com/~aspenco3/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Aspiration_Tech.org.xml b/src/chrome/content/rules/Aspiration_Tech.org.xml
new file mode 100644
index 000000000000..a71b3391d43b
--- /dev/null
+++ b/src/chrome/content/rules/Aspiration_Tech.org.xml
@@ -0,0 +1,15 @@
+<ruleset name="Aspiration Tech.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="aspirationtech.org" />
+	<target host="www.aspirationtech.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Aspsys.com.xml b/src/chrome/content/rules/Aspsys.com.xml
new file mode 100644
index 000000000000..86c8f813f668
--- /dev/null
+++ b/src/chrome/content/rules/Aspsys.com.xml
@@ -0,0 +1,19 @@
+<!--
+	STS header includes includeSubdomains
+
+-->
+<ruleset name="Aspsys.com">
+
+	<target host="aspsys.com" />
+	<target host="*.aspsys.com" />
+
+		<test url="http://www.aspsys.com/" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Asrock.com.xml b/src/chrome/content/rules/Asrock.com.xml
new file mode 100644
index 000000000000..c35bb6ed1c65
--- /dev/null
+++ b/src/chrome/content/rules/Asrock.com.xml
@@ -0,0 +1,22 @@
+<!--
+        Nonfunctional hosts in *.asrock.com:
+			- europe.asrock.com (t)
+			- forum.asrock.com (r)
+			- oc.asrock.com (m)
+			- tw.asrock.com (r)
+
+        h: http redirect
+        m: certificate mismatch
+        r: connection refused
+        s: self-signed certificate
+        t: timeout on https
+-->
+<ruleset name="Asrock.com">
+	<target host="asrock.com" />
+	<target host="www.asrock.com" />
+	<target host="download.asrock.com" />
+	<target host="event.asrock.com" />
+		<test url="http://event.asrock.com/Inquiry/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Assakina.com.xml b/src/chrome/content/rules/Assakina.com.xml
new file mode 100644
index 000000000000..03b9a19cea84
--- /dev/null
+++ b/src/chrome/content/rules/Assakina.com.xml
@@ -0,0 +1,11 @@
+<!--
+	Different HTTP/HTTPS content:
+		ru.assakina.com
+		tr.assakina.com
+-->
+<ruleset name="Assakina.com">
+	<target host="assakina.com" />
+	<target host="www.assakina.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Assayassured.co.uk.xml b/src/chrome/content/rules/Assayassured.co.uk.xml
index 8dcb85884857..349ba68cd7bc 100644
--- a/src/chrome/content/rules/Assayassured.co.uk.xml
+++ b/src/chrome/content/rules/Assayassured.co.uk.xml
@@ -15,4 +15,4 @@
 	<rule from="^http://(www\.)?assayassured\.co\.uk/(?!$|\?|index\.php|site/*(?:$|[?/]))"
 		to="https://$1assayassured.co.uk/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Asseenonresponsetv.com.xml b/src/chrome/content/rules/Asseenonresponsetv.com.xml
index 2906f01fe345..91340f2fcc55 100644
--- a/src/chrome/content/rules/Asseenonresponsetv.com.xml
+++ b/src/chrome/content/rules/Asseenonresponsetv.com.xml
@@ -1,4 +1,14 @@
-<ruleset name="asseenonresponsetv.com">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://asseenonresponsetv.com/ => https://asseenonresponsetv.com/: (60, 'SSL certificate problem: self signed certificate')
+Fetch error: http://www.asseenonresponsetv.com/ => https://www.asseenonresponsetv.com/: (60, 'SSL certificate problem: self signed certificate')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://asseenonresponsetv.com/ => https://asseenonresponsetv.com/: (60, 'SSL certificate problem: self signed certificate')
+Fetch error: http://www.asseenonresponsetv.com/ => https://www.asseenonresponsetv.com/: (60, 'SSL certificate problem: self signed certificate')
+-->
+<ruleset name="asseenonresponsetv.com" default_off="failed ruleset test">
 
 	<target host="asseenonresponsetv.com" />
 	<target host="www.asseenonresponsetv.com" />
@@ -7,7 +17,6 @@
 	<securecookie host="^www\.asseenonresponsetv\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?asseenonresponsetv\.com/"
-		to="https://$1asseenonresponsetv.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Assembla-mismatches.xml b/src/chrome/content/rules/Assembla-mismatches.xml
index 32dcc1a71630..3cad6154ceb9 100644
--- a/src/chrome/content/rules/Assembla-mismatches.xml
+++ b/src/chrome/content/rules/Assembla-mismatches.xml
@@ -11,7 +11,6 @@
 	<!--	Cookies are handled in Assembla.xml.	-->
 
 
-	<rule from="^http://(blog|feedback)\.assembla\.com/"
-		to="https://$1.assembla.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Assembla.xml b/src/chrome/content/rules/Assembla.xml
index 1c49eab6ece9..7cc616c5e30f 100644
--- a/src/chrome/content/rules/Assembla.xml
+++ b/src/chrome/content/rules/Assembla.xml
@@ -36,13 +36,13 @@
 	<target host="*.assembla.com" />
 
 
-	<securecookie host="^(?:.*\.)?assembla\.com$" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
 
 	<rule from="^http://((?:assets\d|nooku|(?:scala-ide-)?portfolio|svn2|trac2?|www)\.)?assembla\.com/"
 		to="https://$1assembla.com/" />
 
-	<rule from="^https?://feedback\.assembla\.com/track\.gif"
+	<rule from="^http://feedback\.assembla\.com/track\.gif"
 		to="https://assembla.uservoice.com/track.gif" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Assemble.me.xml b/src/chrome/content/rules/Assemble.me.xml
new file mode 100644
index 000000000000..629b4b232145
--- /dev/null
+++ b/src/chrome/content/rules/Assemble.me.xml
@@ -0,0 +1,40 @@
+<!--
+	NB: Tor users cannot view* this website due to CloudFlare settings.
+
+	See:
+
+		- https://blog.torproject.org/blog/call-arms-helping-internet-services-accept-anonymous-users
+		- https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block-Tor-
+		- https://support.cloudflare.com/hc/en-us/articles/200170206-How-do-I-turn-I-m-Under-Attack-mode-on-
+
+	* without enabling javascript, for security and privacy implications see e.g.:
+
+		- https://www.mozilla.org/security/known-vulnerabilities/firefox.html
+		- https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-fingerprinting
+		- https://panopticlick.eff.org
+
+
+	Insecure cookies are set for these domains:
+
+		- .assemble.me
+
+-->
+<ruleset name="Assemble.me">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="assemble.me" />
+	<target host="www.assemble.me" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.assemble\.me$" name="^(__cfduid|cf_clearance|ci_session_subdomain)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Assembly.Wales.xml b/src/chrome/content/rules/Assembly.Wales.xml
new file mode 100644
index 000000000000..935e87e9d812
--- /dev/null
+++ b/src/chrome/content/rules/Assembly.Wales.xml
@@ -0,0 +1,35 @@
+<!--
+	For other UK government coverage, see GOV.UK.xml.
+
+-->
+<ruleset name="Assembly.Wales (partial)">
+
+	<target host="assembly.wales" />
+	<target host="www.assembly.wales" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.assembly\.wales/en/(?:Pages/Home|help/contact-the-assembly/Pages/contact-the-assembly)\.aspx" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://(?:www\.)?assembly\.wales/+(?!en/help/contact-the-assembly/Pages/enquiryform\.aspx|SiteCollectionImages/|Style%20Library/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://assembly.wales/en/Pages/Home.aspx" />
+			<test url="http://www.assembly.wales/en/help/Pages/Social-media.aspx" />
+			<test url="http://www.assembly.wales/en/help/contact-the-assembly/Pages/contact-the-assembly.aspx" />
+			<test url="http://www.assembly.wales/en/help/contact-the-assembly/con-complaint/Pages/con-complaint.aspx" />
+
+			<!--	-ve:
+					-->
+			<test url="http://assembly.wales/SiteCollectionImages/About%20the%20Assembly%20images/seneddtv.PNG" />
+			<test url="http://www.assembly.wales/Style%20Library/Images/chevron_grey.gif" />
+			<test url="http://www.assembly.wales/en/help/contact-the-assembly/Pages/enquiryform.aspx" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Assembly.com.xml b/src/chrome/content/rules/Assembly.com.xml
new file mode 100644
index 000000000000..c7730c66ceac
--- /dev/null
+++ b/src/chrome/content/rules/Assembly.com.xml
@@ -0,0 +1,21 @@
+<!--
+	blog: Github
+	www: refused
+
+
+	Fully covered subdomains:
+
+		- treasure
+
+-->
+<ruleset name="Assembly.com (partial)">
+
+	<target host="assembly.com" />
+	<target host="treasure.assembly.com" />
+	<target host="www.assembly.com" />
+
+
+	<rule from="^http://(?:(treasure\.)|www\.)?assembly\.com/"
+		to="https://$1assembly.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Asset_Insight.xml b/src/chrome/content/rules/Asset_Insight.xml
deleted file mode 100644
index bb3bce451f9d..000000000000
--- a/src/chrome/content/rules/Asset_Insight.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Asset Insight">
-
-	<target host="assetinsightinc.com" />
-	<target host="*.assetinsightinc.com" />
-
-
-	<securecookie host="^\.assetinsightinc.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?assetinsightinc\.com/"
-		to="https://$1assetinsightinc.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Assets-Yammer.com.xml b/src/chrome/content/rules/Assets-Yammer.com.xml
new file mode 100644
index 000000000000..041d0c176ed2
--- /dev/null
+++ b/src/chrome/content/rules/Assets-Yammer.com.xml
@@ -0,0 +1,15 @@
+<!--
+	For other Yammer coverage, see Yammer.xml.
+
+-->
+<ruleset name="assets-Yammer.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="c64.assets-yammer.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Assistance-Multimedia.fr.xml b/src/chrome/content/rules/Assistance-Multimedia.fr.xml
new file mode 100644
index 000000000000..dd4bd3bb32e9
--- /dev/null
+++ b/src/chrome/content/rules/Assistance-Multimedia.fr.xml
@@ -0,0 +1,10 @@
+<ruleset name="Assistance-Multimedia.fr" default_off="refused">
+
+	<target host="assistance-multimedia.fr" />
+	<target host="www.assistance-multimedia.fr" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Assoc-Amazon.ca.xml b/src/chrome/content/rules/Assoc-Amazon.ca.xml
new file mode 100644
index 000000000000..4cdbda837e2b
--- /dev/null
+++ b/src/chrome/content/rules/Assoc-Amazon.ca.xml
@@ -0,0 +1,26 @@
+<!--
+	For other Amazon coverage, see Amazon.xml.
+
+
+	^assoc-amazon.ca: Dropped over http & https
+
+-->
+<ruleset name="Assoc-Amazon.ca">
+
+	<!--	Direct rewrites:
+					-->
+	<target host="wms.assoc-amazon.ca" />
+	<target host="www.assoc-amazon.ca" />
+
+	<!--	Complications:
+				-->
+	<!--target host="assoc-amazon.ca" /-->
+
+
+	<!--rule from="^http://assoc-amazon\.ca/"
+		to="https://www.assoc-amazon.ca/" /-->
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Assoc-Amazon.co.jp.xml b/src/chrome/content/rules/Assoc-Amazon.co.jp.xml
new file mode 100644
index 000000000000..74150e09b6c7
--- /dev/null
+++ b/src/chrome/content/rules/Assoc-Amazon.co.jp.xml
@@ -0,0 +1,15 @@
+<!--
+	For other Amazon coverage, see Amazon.xml.
+
+-->
+<ruleset name="Assoc-Amazon.co.jp">
+
+	<!--	Direct rewrites:
+					-->
+	<target host="ws.amazon.co.jp" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Assoc-Amazon.co.uk.xml b/src/chrome/content/rules/Assoc-Amazon.co.uk.xml
new file mode 100644
index 000000000000..8cf8653f4e2d
--- /dev/null
+++ b/src/chrome/content/rules/Assoc-Amazon.co.uk.xml
@@ -0,0 +1,20 @@
+<!--
+	For other Amazon coverage, see Amazon.xml.
+
+
+	Nonfunctional hosts in *assoc-amazon.co.uk:
+
+		- cls
+
+-->
+<ruleset name="Assoc-Amazon.co.uk">
+
+	<target host="wms.assoc-amazon.co.uk" />
+	<target host="ws.assoc-amazon.co.uk" />
+	<target host="www.assoc-amazon.co.uk" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Assoc-Amazon.com.xml b/src/chrome/content/rules/Assoc-Amazon.com.xml
new file mode 100644
index 000000000000..83e8bebe2918
--- /dev/null
+++ b/src/chrome/content/rules/Assoc-Amazon.com.xml
@@ -0,0 +1,46 @@
+<!--
+	For other Amazon coverage, see Amazon.xml.
+
+
+	CDN buckets:
+
+		- associates-amazon.s3.amazonaws.com
+
+	amazonassociates.typepad.com
+
+
+	Fully covered domains:
+
+		- assoc-amazon.com subdomains:
+
+			- rcm-na
+			- wms
+			- wms-na
+			- ws-na
+
+
+	^assoc-amazon.com: Dropped over http & https
+
+-->
+<ruleset name="Assoc-Amazon.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="rcm-na.assoc-amazon.com" />
+	<target host="wms.assoc-amazon.com" />
+	<target host="wms-na.assoc-amazon.com" />
+	<target host="ws-na.assoc-amazon.com" />
+	<target host="www.assoc-amazon.com" />
+
+	<!--	Complications:
+				-->
+	<!--target host="assoc-amazon.com" /-->
+
+
+	<!--rule from="^http://assoc-amazon\.com/"
+		to="https://www.assoc-amazon.com/" /-->
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Assoc-Amazon.de.xml b/src/chrome/content/rules/Assoc-Amazon.de.xml
new file mode 100644
index 000000000000..c4dc691c0c44
--- /dev/null
+++ b/src/chrome/content/rules/Assoc-Amazon.de.xml
@@ -0,0 +1,25 @@
+<!--
+	For other Amazon coverage, see Amazon.xml.
+
+-->
+<ruleset name="Assoc-Amazon.de">
+
+	<!--	Direct rewrites:
+					-->
+	<target host="wms.assoc-amazon.de" />
+	<target host="www.assoc-amazon.de" />
+
+	<!--	Complications:
+				-->
+	<target host="assoc-amazon.de" />
+
+
+	<!--	- Cert only matches www
+					-->
+	<rule from="^http://assoc-amazon\.de/"
+		to="https://www.assoc-amazon.de/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Assoc-Amazon.fr.xml b/src/chrome/content/rules/Assoc-Amazon.fr.xml
new file mode 100644
index 000000000000..e344fa9349ba
--- /dev/null
+++ b/src/chrome/content/rules/Assoc-Amazon.fr.xml
@@ -0,0 +1,26 @@
+<!--
+	For other Amazon coverage, see Amazon.xml.
+
+
+	^assoc-amazon.fr: Dropped over http & https
+
+-->
+<ruleset name="Assoc-Amazon.fr">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="wms.assoc-amazon.fr" />
+	<target host="www.assoc-amazon.fr" />
+
+	<!--	Complications:
+				-->
+	<!--target host="assoc-amazon.fr" /-->
+
+
+	<!--rule from="^http://assoc-amazon\.fr/"
+		to="https://www.assoc-amazon.fr" /-->
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Associated_Press.xml b/src/chrome/content/rules/Associated_Press.xml
deleted file mode 100644
index 2f8c312e7932..000000000000
--- a/src/chrome/content/rules/Associated_Press.xml
+++ /dev/null
@@ -1,40 +0,0 @@
-<!--
-	CDN buckets:
-
-		- ap.org.edgesuite.net
-
-			- hosted
-
-		- www.ap.org.edgesuite.net
-
-		 - corpcommap.wordpress.com
-
-			- blog
-
-
-	Nonfunctional subdomains:
-
-		- ^ *
-		- aphelp *
-		- customersupport *
-		- hosted **
-		- www **
-
-	* Dropped
-	** 504, akamai
-
-
-	Problematic subdomains:
-
-		- blog	(wordpress)
-
--->
-<ruleset name="Associated Press (partial)">
-
-	<target host="binaryapi.ap.org" />
-
-
-	<rule from="^http://binaryapi\.ap\.org/"
-		to="https://d3obzbnzikmki9.cloudfront.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Associated_Whistleblowing_Press.xml b/src/chrome/content/rules/Associated_Whistleblowing_Press.xml
index 2ac8f5cf04ec..2ce34d8508f8 100644
--- a/src/chrome/content/rules/Associated_Whistleblowing_Press.xml
+++ b/src/chrome/content/rules/Associated_Whistleblowing_Press.xml
@@ -1,18 +1,41 @@
 <!--
-	- Cert only matches *.awp.is
-	- www redirects to !www
+	Associated Whistleblowing Press
+
+
+	Fully covered subdomains:
+
+		- (www.)?
+		- data
+
+
+	Insecure cookies are set for these domains:
+
+		- .awp.is
+
+
+	Mixed content:
+
+		- Bugs on (www.)? from i.creativecommons.org *
+
+	* Secured by us
 
 -->
-<ruleset name="Associated Whisleblowing Press" default_off="mismatched, self-signed">
+<ruleset name="AWP.is">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="awp.is" />
-	<target host="*.awp.is" />
+	<target host="data.awp.is" />
+	<target host="www.awp.is" />
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.awp\.is$" name="(__cfduid|cf_clearance)$" /-->
 
+	<securecookie host="^\.awp\.is$" name=".+" />
 
-	<rule from="^http://(?:www\.)?awp\.is/"
-		to="https://awp.is/" />
 
-	<rule from="^http://(cablegate|dropbox)\.awp\.is/"
-		to="https://$1.awp.is/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Associatedcontent.com.xml b/src/chrome/content/rules/Associatedcontent.com.xml
index 45dada5e947f..3483bb1cee84 100644
--- a/src/chrome/content/rules/Associatedcontent.com.xml
+++ b/src/chrome/content/rules/Associatedcontent.com.xml
@@ -1,5 +1,11 @@
-<!-- uses data from i.acdn.us that doesnt allow https. -->
-<ruleset name="associatedcontent.com">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://associatedcontent.com/ => https://www.associatedcontent.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.associatedcontent.com'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://associatedcontent.com/ => https://www.associatedcontent.com/: (28, 'Connection timed out after 10000 milliseconds') uses data from i.acdn.us that doesnt allow https. -->
+<ruleset name="associatedcontent.com" default_off="failed ruleset test">
 	<target host="associatedcontent.com" />
 	<rule from="^http://associatedcontent\.com/" to="https://www.associatedcontent.com/"/>
 	<rule from="^http://www\.associatedcontent\.com/" to="https://www.associatedcontent.com/"/>
diff --git a/src/chrome/content/rules/Association-for-Progressive-Communications.xml b/src/chrome/content/rules/Association-for-Progressive-Communications.xml
index 3fdf78e455c2..093d909c938a 100644
--- a/src/chrome/content/rules/Association-for-Progressive-Communications.xml
+++ b/src/chrome/content/rules/Association-for-Progressive-Communications.xml
@@ -1,21 +1,81 @@
-<ruleset name="Association for Progressive Communications">
 
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://lists.apc.org/ => https://lists.apc.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	Association for Progressive Communications
+
+
+	Nonfunctional hosts in *apc.org:
+
+		- erotics *
+
+	* Shows another domain
+
+
+	Problematic subdomains:
+
+		- flossprize ¹
+		- gn ²
+
+	¹ Redirect differs
+	² Cert only matches *.gn
+
+
+	Insecure cookies are set for these domains:
+
+		- .apc.org
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- www.gn from $self *
+			- www from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="APC.org (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
 	<target host="apc.org" />
-	<!--	* for cross-domain cookie.	-->
-	<target host="*.apc.org" />
+	<target host="www.gn.apc.org" />
+	<target host="lists.apc.org" />
+	<target host="www.apc.org" />
+
+	<!--	Complications:
+				-->
+	<target host="flossprize.apc.org" />
 	<target host="gn.apc.org" />
-	<!--	* for cross-subdomain cookie.	-->
-	<target host="*.gn.apc.org" />
 
 
-	<securecookie host="^\.(?:www\.gn\.)?apc\.org$" name=".*" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.apc\.org$" name="^SESS[\da-f]{32}$" /-->
+
+	<securecookie host="^\.(?:www\.gn\.)?apc\.org$" name=".+" />
+
+
+	<!--	Redirect drops path but not args:
+							-->
+	<rule from="^http://flossprize\.apc\.org/[^?]*"
+		to="https://www.apc.org/en/node/1786" />
+
+		<test url="http://flossprize.apc.org/?" />
+		<test url="http://flossprize.apc.org//" />
 
+	<!--	Redirect drops path but not args:
+							-->
+	<rule from="^http://gn\.apc\.org/[^?]*"
+		to="https://www.gn.apc.org/" />
 
-	<rule from="^http://(www\.)?apc\.org/"
-		to="https://$1apc.org/" />
+		<test url="http://gn.apc.org/?" />
+		<test url="http://gn.apc.org//" />
 
-	<!--	Cert only matches *.gc.apc.org	-->
-	<rule from="^https?://(?:www\.)?gc\.apc\.org/"
-		to="https://www.gc.apc.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Association_for_Learning_Technology.xml b/src/chrome/content/rules/Association_for_Learning_Technology.xml
index 63c8b9677ee9..259f4383f41a 100644
--- a/src/chrome/content/rules/Association_for_Learning_Technology.xml
+++ b/src/chrome/content/rules/Association_for_Learning_Technology.xml
@@ -17,4 +17,4 @@
 	<rule from="^http://(www\.)?alt\.ac\.uk/((?:civicrm|user)(?:$|\?|/)|modules/|sites/|themes/)"
 		to="https://$1alt.ac.uk/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Association_for_Psychological_Science.xml b/src/chrome/content/rules/Association_for_Psychological_Science.xml
deleted file mode 100644
index 661f87cd8c87..000000000000
--- a/src/chrome/content/rules/Association_for_Psychological_Science.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<ruleset name="Association for Psychological Science">
-
-	<target host="psychologicalscience.org" />
-	<target host="*.psychologicalscience.org" />
-
-
-	<securecookie host="^.+\.psychologicalscience\.org$" name=".+" />
-
-
-	<!--	Cert only matches www.
-					-->
-	<rule from="^https?://(?:www\.)?psychologicalscience\.org/"
-		to="https://www.psychologicalscience.org/" />
-
-	<rule from="^http://aps\.psychologicalscience\.org/"
-		to="https://aps.psychologicalscience.org/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Association_of_National_Advertisers.xml b/src/chrome/content/rules/Association_of_National_Advertisers.xml
index 92ae9679d590..55a5f59aec0c 100644
--- a/src/chrome/content/rules/Association_of_National_Advertisers.xml
+++ b/src/chrome/content/rules/Association_of_National_Advertisers.xml
@@ -1,7 +1,7 @@
 <ruleset name="Association of National Advertisers">
 
 	<target host="ana.net" />
-	<target host="*.ana.net" />
+	<target host="www.ana.net" />
 
 
 	<securecookie host="^\.ana\.net$" name=".+" />
@@ -9,7 +9,7 @@
 
 	<!--	Cert only matches www.
 					-->
-	<rule from="^https?://(?:www\.)?ana\.net/"
+	<rule from="^http://(?:www\.)?ana\.net/"
 		to="https://www.ana.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Astaro.com.xml b/src/chrome/content/rules/Astaro.com.xml
new file mode 100644
index 000000000000..6250163f858a
--- /dev/null
+++ b/src/chrome/content/rules/Astaro.com.xml
@@ -0,0 +1,44 @@
+<!--
+	For other Sophos coverage, see Sophos.xml.
+
+
+	Problematic hosts in *astaro.com:
+
+		- feature *
+
+	* Uservoice
+
+
+	Insecure cookies are set for these domains:
+
+		- .astaro.com
+
+-->
+<ruleset name="Astaro.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="astaro.com" />
+	<target host="my.astaro.com" />
+	<target host="support.astaro.com" />
+	<target host="www.astaro.com" />
+
+	<!--	Complications:
+				-->
+	<target host="feature.astaro.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.astaro\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://feature\.astaro\.com/"
+		to="https://astaro.uservoice.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Asterisk.xml b/src/chrome/content/rules/Asterisk.xml
index cca3dfa979b6..8aeed593f280 100644
--- a/src/chrome/content/rules/Asterisk.xml
+++ b/src/chrome/content/rules/Asterisk.xml
@@ -1,22 +1,45 @@
 <!--
 	For other Digium coverage, see Digium.xml.
 
-
-	Nonfunctional subdomains:
-
-		- (www.)
-		- forge		(403, CN: *.digium.com)
-
+	Invalid certificate:
+		- answers.asterisk.org
+		- forge.asterisk.org
+		- git.asterisk.org
+		- svn.asterisk.org
 -->
-<ruleset name="Asterisk (partial)">
-
+<ruleset name="Asterisk.org">
+
+	<target host="asterisk.org" />
+	<target host="www.asterisk.org" />
+	<target host="ari.asterisk.org" />
+	<target host="asterisknow.asterisk.org" />
+	<target host="bamboo.asterisk.org" />
+	<target host="blog.asterisk.org" />
+	<target host="blogs.asterisk.org" />
+	<target host="code.asterisk.org" />
+	<target host="community.asterisk.org" />
+	<target host="crowd.asterisk.org" />
+	<target host="downloads.asterisk.org" />
+	<target host="doxygen.asterisk.org" />
+	<target host="forum.asterisk.org" />
+	<target host="forums.asterisk.org" />
+	<target host="gerrit.asterisk.org" />
+	<target host="issues.asterisk.org" />
+	<target host="jenkins.asterisk.org" />
+	<target host="jenkins2.asterisk.org" />
+	<target host="login.asterisk.org" />
+	<target host="myth.asterisk.org" />
+	<target host="openid.asterisk.org" />
+	<target host="packages.asterisk.org" />
+	<target host="profiles.asterisk.org" />
+	<target host="reviewboard.asterisk.org" />
+	<target host="shooty.asterisk.org" />
+	<target host="signup.asterisk.org" />
+	<target host="stats.asterisk.org" />
 	<target host="wiki.asterisk.org" />
 
+	<securecookie host=".+" name=".+" />
 
-	<securecookie host="^wiki\.asterisk\.org$" name=".+" />
-
-
-	<rule from="^http://wiki\.asterisk\.org/"
-		to="https://wiki.asterisk.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Asterisk_Exchange.xml b/src/chrome/content/rules/Asterisk_Exchange.xml
index c60957f43c8a..2b23f46a4ccb 100644
--- a/src/chrome/content/rules/Asterisk_Exchange.xml
+++ b/src/chrome/content/rules/Asterisk_Exchange.xml
@@ -14,4 +14,4 @@
 	<rule from="^http://(www\.)?asteriskexchange\.com/(images|stylesheets|system)/"
 		to="https://$1asteriskexchange.com/$2/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Astra.io.xml b/src/chrome/content/rules/Astra.io.xml
new file mode 100644
index 000000000000..a92f89f290dc
--- /dev/null
+++ b/src/chrome/content/rules/Astra.io.xml
@@ -0,0 +1,19 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://astra.io/ => https://astra.io/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.astra.io/ => https://astra.io/: (28, 'Connection timed out after 20000 milliseconds')
+
+	www: cert only matches ^astra.io
+
+-->
+<ruleset name="Astra.io" default_off="failed ruleset test">
+
+	<target host="astra.io" />
+	<target host="www.astra.io" />
+
+
+	<rule from="^http://(?:www\.)?astra\.io/"
+		to="https://astra.io/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Astrill.com.xml b/src/chrome/content/rules/Astrill.com.xml
new file mode 100644
index 000000000000..cb446b10652f
--- /dev/null
+++ b/src/chrome/content/rules/Astrill.com.xml
@@ -0,0 +1,17 @@
+<!--
+	Fully covered subdomains:
+
+		- (www.)?
+		- support
+
+-->
+<ruleset name="Astrill.com">
+
+	<target host="astrill.com" />
+	<target host="support.astrill.com" />
+	<target host="www.astrill.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Astrobotic.com.xml b/src/chrome/content/rules/Astrobotic.com.xml
new file mode 100644
index 000000000000..f759134275dd
--- /dev/null
+++ b/src/chrome/content/rules/Astrobotic.com.xml
@@ -0,0 +1,20 @@
+<!--
+	^: plaintext reply
+
+-->
+<ruleset name="Astrobotic.com">
+
+	<target host="astrobotic.com" />
+	<target host="www.astrobotic.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.astrobotic\.com$" name="^_astrobotic-web_session$" /-->
+
+	<securecookie host="^www\.astrobotic\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AstronomicalTours.xml b/src/chrome/content/rules/AstronomicalTours.xml
index 7a485a57cfa6..bdafe5f2bc94 100644
--- a/src/chrome/content/rules/AstronomicalTours.xml
+++ b/src/chrome/content/rules/AstronomicalTours.xml
@@ -1,14 +1,13 @@
-<ruleset name="AstronomicalTours">
+<ruleset name="AstronomicalTours.net" default_off="mismatched">
 
 	<target host="astronomicaltours.net" />
 	<target host="www.astronomicaltours.net" />
 
 
-	<securecookie host="^www\.astronomicaltours\.net$" name=".*" />
+	<securecookie host="^www\.astronomicaltours\.net$" name=".+" />
 
 
-	<!--	Cert only matches www.	-->
-	<rule from="^https?://(?:www\.)?astronomicaltours\.net/"
-		to="https://www.astronomicaltours.net/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Astronomy_Now.com.xml b/src/chrome/content/rules/Astronomy_Now.com.xml
new file mode 100644
index 000000000000..f2b9ff939898
--- /dev/null
+++ b/src/chrome/content/rules/Astronomy_Now.com.xml
@@ -0,0 +1,21 @@
+<!--
+	Mixed content:
+
+		- Images on ^ from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Astronomy Now.com">
+
+	<target host="astronomynow.com" />
+	<target host="www.astronomynow.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Aswirlgirl.com.xml b/src/chrome/content/rules/Aswirlgirl.com.xml
index 58d57311db21..3defd68fe0a7 100644
--- a/src/chrome/content/rules/Aswirlgirl.com.xml
+++ b/src/chrome/content/rules/Aswirlgirl.com.xml
@@ -1,4 +1,11 @@
-<ruleset name="aswirlgirl.com (partial)">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://aswirlgirl.com/ => http://aswirlgirl.com/: (6, 'Could not resolve host: aswirlgirl.com')
+Fetch error: http://www.aswirlgirl.com/ => http://www.aswirlgirl.com/: (6, 'Could not resolve host: www.aswirlgirl.com')
+
+-->
+<ruleset name="aswirlgirl.com (partial)" default_off="failed ruleset test">
 
 	<target host="aswirlgirl.com" />
 	<target host="www.aswirlgirl.com" />
diff --git a/src/chrome/content/rules/Asymmetric-Publications.xml b/src/chrome/content/rules/Asymmetric-Publications.xml
index 9c465c4b90f3..f80097dcffdb 100644
--- a/src/chrome/content/rules/Asymmetric-Publications.xml
+++ b/src/chrome/content/rules/Asymmetric-Publications.xml
@@ -1,12 +1,35 @@
-<ruleset name="Asymmetric Publications (broken)" default_off="causes redirect loop on KoL site">
+<!--
+	Nonfunctional hosts in *kingdomofloathing.com:
 
+		- forums *
+
+	* Refused
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.kingdomofloathing.com
+
+-->
+<ruleset name="Kingdom of Loathing.com (testing)" default_off="needs testing">
+
+	<!--	Direct rewrites:
+				-->
 	<target host="kingdomofloathing.com"/>
-	<target host="*.kingdomofloathing.com"/>
+	<target host="images.kingdomofloathing.com"/>
+	<target host="radio.kingdomofloathing.com"/>
+	<target host="shows.kingdomofloathing.com"/>
+	<target host="www.kingdomofloathing.com"/>
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.kingdomofloathing\.com$" name="^appserver$" /-->
+
+	<securecookie host="^www\.kingdomofloathing\.com$" name=".+" />
 
-	<rule from="^http://kingdomofloathing\.com/"
-		to="https://www.kingdomofloathing.com/"/>
 
-	<rule from="^http://(images|radio|shows|www)?\.kingdomofloathing\.com/"
-		to="https://$1.kingdomofloathing.com/"/>
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Atagar.com.xml b/src/chrome/content/rules/Atagar.com.xml
new file mode 100644
index 000000000000..158a198ce2e8
--- /dev/null
+++ b/src/chrome/content/rules/Atagar.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="atagar.com">
+
+	<target host="atagar.com" />
+	<target host="www.atagar.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AtariAge.xml b/src/chrome/content/rules/AtariAge.xml
index 48b490b72ce5..cdac056d5633 100644
--- a/src/chrome/content/rules/AtariAge.xml
+++ b/src/chrome/content/rules/AtariAge.xml
@@ -1,11 +1,11 @@
 <ruleset name="AtariAge">
 
 	<target host="atariage.com"/>
-	<target host="*.atariage.com"/>
+	<target host="www.atariage.com" />
 
-	<securecookie host="^(.*\.)?atariage\.com$" name=".*"/>
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(www\.)?atariage\.com/"
+	<rule from="^http://(?:www\.)?atariage\.com/"
 		to="https://atariage.com/"/>
 
 </ruleset>
diff --git a/src/chrome/content/rules/Atarnotes.com.xml b/src/chrome/content/rules/Atarnotes.com.xml
new file mode 100644
index 000000000000..560a86243dca
--- /dev/null
+++ b/src/chrome/content/rules/Atarnotes.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="ATAR Notes">
+	<target host="atarnotes.com" />
+	<target host="www.atarnotes.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Atgsvcs.com.xml b/src/chrome/content/rules/Atgsvcs.com.xml
index 42e8436d7b7d..fd0f48e5a7fa 100644
--- a/src/chrome/content/rules/Atgsvcs.com.xml
+++ b/src/chrome/content/rules/Atgsvcs.com.xml
@@ -4,10 +4,10 @@
 -->
 <ruleset name="atgsvcs.com">
 
-	<target host="*.atgsvcs.com" />
+	<target host="rules.atgsvcs.com" />
+	<target host="static.atgsvcs.com" />
 
 
-	<rule from="^http://(rules|static)\.atgsvcs\.com/"
-		to="https://$1.atgsvcs.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Athaliasoft.xml b/src/chrome/content/rules/Athaliasoft.xml
deleted file mode 100644
index d7b6ec5e72ed..000000000000
--- a/src/chrome/content/rules/Athaliasoft.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<ruleset name="Athaliasoft (partial)" default_off="self-signed">
-
-	<target host="agenda.athaliasoft.fr"/>
-	<target host="*.agenda.athaliasoft.fr"/>
-
-	<securecookie host="^(.*\.)?agenda\.athaliasoft\.fr$" name=".*"/>
-
-	<rule from="^http://agenda\.athaliasoft\.fr/"
-		to="https://agenda.athaliasoft.fr/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Atheists.xml b/src/chrome/content/rules/Atheists.xml
index a2b2ca33efa6..41455da41222 100644
--- a/src/chrome/content/rules/Atheists.xml
+++ b/src/chrome/content/rules/Atheists.xml
@@ -1,11 +1,21 @@
-<ruleset name="Atheists.org">
-  <target host="atheists.org" />
-  <target host="www.atheists.org" />
-	<!--	302s to http.	-->
-	<exclusion pattern="^http://atheists\.org/$" />
+<!--
+	American Atheists
 
 
-  <securecookie host="^(.+\.)?atheists\.org$" name=".*"/>
+	Nonfunctional subdomains:
+
+		- news	(redirects to ^atheists.org)
+
+-->
+<ruleset name="Atheists.org (partial)">
+
+	<target host="atheists.org" />
+	<target host="www.atheists.org" />
+
+
+	<securecookie host="^(?:w*\.)?atheists\.org$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
 
-  <rule from="^http://(?:www\.)?atheists\.org/" to="https://atheists.org/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/Athleticum.ch.xml b/src/chrome/content/rules/Athleticum.ch.xml
new file mode 100644
index 000000000000..a8f229f74a24
--- /dev/null
+++ b/src/chrome/content/rules/Athleticum.ch.xml
@@ -0,0 +1,16 @@
+<!--
+	Nonfunctional hosts in *.athleticum.ch:
+		- nlred.athleticum.ch (r)
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Athleticum.ch">
+	<target host="athleticum.ch" />
+	<target host="www.athleticum.ch" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Atipso.com.xml b/src/chrome/content/rules/Atipso.com.xml
new file mode 100644
index 000000000000..19820a123a00
--- /dev/null
+++ b/src/chrome/content/rules/Atipso.com.xml
@@ -0,0 +1,29 @@
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://atipso.com/ => https://atipso.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+	Mixed content:
+
+		- css on www from fonts.googleapis.com *
+
+		- Images on www from $self *
+
+		- Web bugs on app from piwik *
+
+	* Secured by us
+
+-->
+<ruleset name="atipso.com">
+
+	<target host="atipso.com" />
+	<target host="app.atipso.com" />
+	<target host="piwik.atipso.com" />
+	<target host="static.atipso.com" />
+	<target host="www.atipso.com" />
+
+
+	<securecookie host="^\.app\.atipso\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ativismo.org.br.xml b/src/chrome/content/rules/Ativismo.org.br.xml
new file mode 100644
index 000000000000..ce8f7627a9f6
--- /dev/null
+++ b/src/chrome/content/rules/Ativismo.org.br.xml
@@ -0,0 +1,9 @@
+<ruleset name="Ativismo.org.br">
+	<target host="ativismo.org.br" />
+	<target host="www.ativismo.org.br" />
+	<target host="wiki.ativismo.org.br" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Atlantic-Media-problematic.xml b/src/chrome/content/rules/Atlantic-Media-problematic.xml
deleted file mode 100644
index 775afef04f5c..000000000000
--- a/src/chrome/content/rules/Atlantic-Media-problematic.xml
+++ /dev/null
@@ -1,27 +0,0 @@
-<!--
-	For rules that are on by default, see Atlantic-Media.xml.
-
--->
-<ruleset name="Atlantic Media (problematic)" default_off="probably breaks administration">
-
-	<target host="theatlanticcities.com" />
-	<target host="admin.theatlanticcities.com" />
-	<target host="www.theatlanticcities.com" />
-	<target host="theatlanticwire.com" />
-	<target host="*.theatlanticwire.com" />
-
-
-	<!--	- !www 301s to www
-		- (www.) cert: admin.theatlantic(cities|wire).com
-		- $ shows admin's data
-					-->
-	<rule from="^https?://(?:www\.)?theatlantic(cities|wire)\.com/([\w\-]+)/"
-		to="https://admin.theatlantic$1.com/$2/" />
-
-	<!--	With the above rule, www.../$ points to
-		admin.../$, which isn't identical.
-							-->
-	<rule from="^https://admin\.theatlantic(cities|wire)\.com/($|\?)"
-		to="http://www.theatlantic$1.com/$2" downgrade="1" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Atlantic-Media.xml b/src/chrome/content/rules/Atlantic-Media.xml
index 483f1db1ec63..e5a9c42f1d86 100644
--- a/src/chrome/content/rules/Atlantic-Media.xml
+++ b/src/chrome/content/rules/Atlantic-Media.xml
@@ -1,6 +1,23 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://secure.nationaljournal.com/ => https://secure.nationaljournal.com/: (7, 'Failed to connect to secure.nationaljournal.com port 443: Connection refused')
+Fetch error: http://admin.theatlanticwire.com/ => https://admin.theatlanticwire.com/: (6, 'Could not resolve host: admin.theatlanticwire.com')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://govexec.com/ => https://www.govexec.com/: Cycle detected - URL already encountered: https://www.govexec.com/
+Fetch error: http://secure.nationaljournal.com/ => https://secure.nationaljournal.com/: (28, 'Connection timed out after 10000 milliseconds')
+Fetch error: http://admin.theatlanticwire.com/ => https://admin.theatlanticwire.com/: (51, "SSL: no alternative certificate subject name matches target host name 'admin.theatlanticwire.com'")
 	For problematic rules, see Atlantic-Media-problematic.xml.
 
+	theatln.tc is handled in Bit.ly_vanity_domains.xml.
+
+
+	Other Atlantic Media rulesets:
+
+		- Defense_One.com.xml
+		- The_Atlantic.com.xml
+
 
 	CDN buckets:
 
@@ -15,52 +32,42 @@
 		- cdn.govexec.com		(cert: gp1.wac.edgecastcdn.net)
 		- (www.)nationaljournal.com	(timeout)
 		- media.nationaljournal.com	(ditto)
-		- www.theatlantic.com		(cert: ssl.theatlantic.com)
-		- advertising.theatlantic.com	(ditto)
 
 
 	Problematic domains:
 
-		- cdn.theatlantic.com		(404, cert: gp1.wac.edgecastcdn.net)
+		- theatln.tc ¹
 		- cdn.theatlanticcities.com	(cert: gp1.wac.edgecastcdn.net; 404)
 
-
-	Fully covered domains:
-
-		- cdn.theatlantic.com	(→ ssl.theatlantic.com)
+	¹ Refused
 
 -->
-<ruleset name="Atlantic Media (partial)">
+<ruleset name="Atlantic Media (partial)" default_off="failed ruleset test">
 
 	<target host="govexec.com" />
-	<target host="*.govexec.com" />
+	<target host="cdn.govexec.com" />
+	<target host="www.govexec.com" />
 	<target host="secure.nationaljournal.com" />
-	<target host="*.theatlantic.com" />
-	<target host="*.theatlanticcities.com" />
+	<target host="admin.theatlanticcities.com" />
+	<target host="cdn.theatlanticcities.com" />
 	<target host="admin.theatlanticwire.com" />
 
 
-	<securecookie host="\.govexec\.com$" name=".*" />
-	<securecookie host="^admin\.theatlantic(cities|wire)$" name=".*" />
+	<securecookie host="\.govexec\.com$" name=".+" />
+	<securecookie host="^admin\.theatlantic(?:cities|wire)$" name=".+" />
 
 
 	<!--	- Cert is not valid for !www
 		- cdn is hosted on edgecast
 		- cdn 404s as-is
 					-->
-	<rule from="^https?://(?:cdn\.|www\.)?govexec\.com/"
+	<rule from="^http://(?:cdn\.|www\.)?govexec\.com/"
 		to="https://www.govexec.com/" />
 
-	<rule from="^http://secure\.nationaljournal\.com/"
-		to="https://secure.nationaljournal.com/" />
-
-	<rule from="^http://(?:cdn|ssl)\.theatlantic\.com/"
-		to="https://ssl.theatlantic.com/" />
 
-	<rule from="^http://admin\.theatlantic(cities|wire)\.com/"
-		to="https://admin.theatlantic$1.com/" />
 
 	<rule from="^http://cdn\.theatlanticcities\.com/"
 		to="https://admin.theatlanticcities.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Atlantic-Metro-Communications.xml b/src/chrome/content/rules/Atlantic-Metro-Communications.xml
index ea2434f0594c..b22f6d6c7724 100644
--- a/src/chrome/content/rules/Atlantic-Metro-Communications.xml
+++ b/src/chrome/content/rules/Atlantic-Metro-Communications.xml
@@ -1,15 +1,33 @@
-<!--	!functional:
-		- blog.my.atlanticmetro.net	(shows admin page)
--->
-<ruleset name="Atlantic Metro Communications (partial)" platform="mixedcontent">
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+		- losangeles-speedtest.atlanticmetro.net
+
+		Timeout was reached:
+		- images.atlanticmetro.net
+		- partners.atlanticmetro.net
 
-	<target host="atlanticmetro.net"/>
-	<target host="*.atlanticmetro.net"/>
-		<exclusion pattern="^http://blog\."/>
+		SSL connect error:
+		- revive.atlanticmetro.net
 
-	<securecookie host="^(.*\.)?atlanticmetro\.net$" name=".*"/>
+		SSL peer certificate was not OK:
+		- blogcdn.atlanticmetro.net
 
-	<rule from="^http://(my\.|www\.)?atlanticmetro\.net/"
-		to="https://$1my.atlanticmetro.net/"/>
+		Peer certificate cannot be authenticated with given CA certificates:
+		- blog.atlanticmetro.net
+		- mirror.atlanticmetro.net
+		- newyork-speedtest.atlanticmetro.net
+		- reflect.atlanticmetro.net
+
+		Incomplete certificate chain error:
+		- vh2.atlanticmetro.net
+-->
+<ruleset name="Atlantic Metro Communications (partial)">
+	<target host="atlanticmetro.net" />
+	<target host="www.atlanticmetro.net" />
+	<target host="eng.atlanticmetro.net" />
+	<target host="my.atlanticmetro.net" />
+	<target host="oss.atlanticmetro.net" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Atlantic.net.xml b/src/chrome/content/rules/Atlantic.net.xml
new file mode 100644
index 000000000000..71f77f519431
--- /dev/null
+++ b/src/chrome/content/rules/Atlantic.net.xml
@@ -0,0 +1,35 @@
+<!--
+	Fully covered domains:
+
+		- atlantic.net
+
+		- *.atlantic.net:
+
+			- cloud
+			- www
+
+
+	Mixed content:
+
+		- css on cloud from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Atlantic.net">
+
+	<target host="atlantic.net" />
+	<target host="*.atlantic.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^cloud\.atlantic\.net$" name="^(PHPSESSID|Referrer_URL)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://([^/:@]+\.)?atlantic\.net/"
+		to="https://$1atlantic.net/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Atlantis.sk.xml b/src/chrome/content/rules/Atlantis.sk.xml
index 48bc47b14d35..22333530290b 100644
--- a/src/chrome/content/rules/Atlantis.sk.xml
+++ b/src/chrome/content/rules/Atlantis.sk.xml
@@ -5,13 +5,13 @@
 <ruleset name="Atlantis.sk">
 
 	<target host="atlantis.sk" />
-	<target host="*.atlantis.sk" />
+	<target host="webmail.atlantis.sk" />
+	<target host="www.atlantis.sk" />
 
 
-	<securecookie host="^(?:.+\.)?atlantis\.sk$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(webmail\.|www\.)?atlantis\.sk/"
-		to="https://$1atlantis.sk/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Atlas.cz.xml b/src/chrome/content/rules/Atlas.cz.xml
new file mode 100644
index 000000000000..746086b48050
--- /dev/null
+++ b/src/chrome/content/rules/Atlas.cz.xml
@@ -0,0 +1,67 @@
+<!--
+	Other Centrum.cz rulesets:
+		- Atlas.sk
+		- Centrum.sk
+
+	Nonfunctional hosts in *.atlas.cz:
+
+	timeout on https:
+		- amapy.atlas.cz
+		- aukce.atlas.cz
+		- auto.atlas.cz
+		- cestovani.atlas.cz
+		- extra.atlas.cz
+		- irak.atlas.cz
+		- horoskopy.atlas.cz
+		- mujweb.atlas.cz
+		- pomoc.atlas.cz
+		- reklama.atlas.cz
+		- slovniky.atlas.cz
+		- registrace.atlas.cz
+		- utulne.atlas.cz
+
+	Error 404 Not found:
+		- prodej.auto.atlas.cz
+
+	HTTP redirect:
+		- jizdnirady.atlas.cz
+		- pocasi.atlas.cz
+		- prace.atlas.cz
+		- www.prace.atlas.cz
+		- prepni.atlas.cz
+		- reality.atlas.cz
+		- tv.atlas.cz
+		- www.tv.atlas.cz
+		- volby.atlas.cz
+-->
+<ruleset name="Atlas.cz">
+	<target host="atlas.cz" />
+	<target host="www.atlas.cz" />
+
+	<target host="filmpub.atlas.cz" />
+	<target host="finance.atlas.cz" />
+	<target host="live.atlas.cz" />
+	<target host="obchody.atlas.cz" />
+	<target host="sex.atlas.cz" />
+	<target host="supermapy.atlas.cz" />
+	<target host="zajezdy.atlas.cz" />
+	<target host="zena.atlas.cz" />
+	<target host="www.zena.atlas.cz" />
+
+	<rule from="^http://filmpub\.atlas\.cz/"
+		to="https://magazin.aktualne.cz/kultura/film/" />
+        <rule from="^http://finance\.atlas\.cz/"
+		to="https://zpravy.aktualne.cz/finance/" />
+	<rule from="^http://live\.atlas\.cz/"
+		to="https://magazin.aktualne.cz/kultura/hudba/" />
+	<rule from="^http://obchody\.atlas\.cz/"
+		to="https://najisto.centrum.cz/internetove-obchody-a-sluzby/on-line-obchody/" />
+	<rule from="^http://sex\.atlas\.cz/"
+		to="https://najisto.centrum.cz/erotika/" />
+	<rule from="^http://zajezdy\.atlas\.cz/"
+		to="https://najisto.centrum.cz/?what=zajezdy" />
+	<rule from="^http://(www\.)?zena\.atlas\.cz/"
+		to="https://www.zena.cz/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Atlas_of_Prejudice.com.xml b/src/chrome/content/rules/Atlas_of_Prejudice.com.xml
new file mode 100644
index 000000000000..f76ed57b5be4
--- /dev/null
+++ b/src/chrome/content/rules/Atlas_of_Prejudice.com.xml
@@ -0,0 +1,15 @@
+<ruleset name="Atlas of Prejudice.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="atlasofprejudice.com" />
+	<target host="www.atlasofprejudice.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Atlassian.net.xml b/src/chrome/content/rules/Atlassian.net.xml
deleted file mode 100644
index bcff00a0a3d1..000000000000
--- a/src/chrome/content/rules/Atlassian.net.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!-- This rule was automatically generated based on an HSTS
-     preload rule in the Chromium browser.  See
-     https://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.h
-     for the list of preloads.  Sites are added to the Chromium HSTS
-     preload list on request from their administrators, so HTTPS should
-     work properly everywhere on this site.
-
--->
-<ruleset name="Atlassian.net">
-<target host="*.atlassian.net" />
-
-<securecookie host="^(?:bro-tracker|ecosystem)\.atlassian\.net$" name=".+" />
-
-<rule from="^http://(bro-tracker|ecosystem)\.atlassian\.net/" to="https://$1.atlassian.net/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Atlassian.xml b/src/chrome/content/rules/Atlassian.xml
index a6793cda8082..a852e969fc77 100644
--- a/src/chrome/content/rules/Atlassian.xml
+++ b/src/chrome/content/rules/Atlassian.xml
@@ -1,7 +1,8 @@
 <!--
 	Other Atlassian rulesets:
 
-		- BitBucket.xml
+		- HipChat.com.xml
+		- SourceTree_app.com.xml
 
 
 	CDN buckets:
@@ -12,40 +13,32 @@
 
 			- downloads
 
--->
-<ruleset name="Atlassian">
 
-	<target host="atlassian.com" />
-	<target host="*.atlassian.com" />
-	<target host="*.extranet.atlassian.com" />
-	<target host="atlassian.wpengine.netdna-cdn.com" />
+	Nonfunctional subdomains:
 
+		- go *
 
-  <!-- excluding downloads. and disabling the securecookie clause in response to 
-       https://trac.torproject.org/projects/tor/ticket/7206
-       with further research this might be improvable -->
+	* Google
 
-	<!-- 
-      <securecookie host="^(.*\.)?atlassian\.com$" name=".*" /> 
 
+	Problematic subdomains:
 
-	UPDATE: looks like downloads is properly configured now.
-								-->
-  <!--exclusion pattern="http://downloads\.atlassian\.com/" /-->
+		- status *
 
+	* StatusPage.io
 
-	<securecookie host="^(?:ace|answers|aug|confluence|developer|jira|marketplace|my)\.atlassian\.com$" name=".+" />
 
+	Fully covered subdomains:
 
-	<!--	!www 404s	-->
-	<rule from="^http://(?:www\.)?atlassian\.com/"
-		to="https://www.atlassian.com/"/>
+		- atlassian.com
+		- status.atlassian.com		(→ atlassian.statuspage.io)
 
-	<!--	Matches:
+		- *.atlassian.com: *
 
 			- ace
 			- answers
 			- aug
+			- aui-cdn
 			- blogs
 			- confluence
 			- developer
@@ -53,6 +46,7 @@
 			- downloads
 			- extranet
 			- bamboo.extranet
+			- id
 			- jira
 			- marketplace
 			- my
@@ -61,18 +55,80 @@
 			- summit
 			- support
 
-		There doesn't appear to be any unsupported domains.	-->
-	<rule from="^http://([\w\.]+)\.atlassian\.com/"
-		to="https://$1.atlassian.com/" />
+	* Except where excluded below
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .atlassian.com
+
+	Mixed content:
+
+		- Web bugs on confluence from ace *
+
+	* Secured by us
+
+-->
+<ruleset name="Atlassian.com (partial)">
+
+	<target host="atlassian.com" />
+	<target host="*.atlassian.com" />
+
+	<!--target host="atlassian.wpengine.netdna-cdn.com" /-->
+
+		<exclusion pattern="http://(?:click\.mailer|status\.marketplace|swag|support-mail-links)\.atlassian\.com/" />
+
+			<test url="http://click.mailer.atlassian.com/" />
+			<test url="http://status.marketplace.atlassian.com/" />
+			<test url="http://swag.atlassian.com/" />
+			<test url="http://support-mail-links.atlassian.com/" />
+
+		<!--	Added by Atlassian:
+						-->
+		<exclusion pattern="^http://(?:.+\.(?:ams|dyn\.syd|inf|internal|intsys|sf|office)|go)\.atlassian\.com" />
+
+			<test url="http://x.ams.atlassian.com/" />
+			<test url="http://eg.ams.atlassian.com/" />
+			<test url="http://eg.dyn.syd.atlassian.com/" />
+			<test url="http://eg.inf.atlassian.com/" />
+			<test url="http://eg.internal.atlassian.com/" />
+			<test url="http://eg.internal.atlassian.com:81/" />
+			<test url="http://eg.intsys.atlassian.com/" />
+			<test url="http://eg.intsys.atlassian.com:81/" />
+			<test url="http://eg.sf.atlassian.com/" />
+			<test url="http://go.atlassian.com/" />
+			<test url="http://eg.office.atlassian.com/" />
+
+		<!--exclusion pattern="^http://wac\.29c4\.edgecastcdn\.net/(?!8029C4/wac-small//wac/)" /-->
+
+		<!--	Direct rewrites:
+					-->
+		<test url="http://answers.atlassian.com/" />
+		<test url="http://developer.atlassian.com/" />
+		<test url="http://jira.atlassian.com/" />
+		<test url="http://marketplace.atlassian.com/" />
+		<test url="http://support.atlassian.com/" />
+		<test url="http://www.atlassian.com/" />
+
+		<!--	Complications:
+					-->
+		<test url="http://status.atlassian.com/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.atlassian\.com$" name="^_(?:_atl_path|OAVARS\[[\da-f]{8}\])$" /-->
+
+	<securecookie host="^(?:ace|answers|aug|confluence|developer|id|jira|marketplace|my|openid|support)\.atlassian\.com$" name=".+" />
+
 
-	<!--	Cert: *.userzoom.com
-		/$ 403s, rest 404s.	-->
-	<rule from="^https?://atlassian\.wpengine\.netdna-cdn\.com/"
-		to="https://blogs.atlassian.com/" />
+	<rule from="^http://status\.atlassian\.com/"
+		to="https://atlassian.statuspage.io/" />
 
-	<!--	Cert: gp1.wac.edgecastcdn.net
-		Actually redirects as so.	-->
-	<rule from="^https?://wac\.29c4\.edgecastcdn\.net/8029C4/wac-small//wac/"
-		to="https://summit.atlassian.com/" />
+	<!--	Actually redirects as so.	-->
+	<!--rule from="^http://wac\.29c4\.edgecastcdn\.net/8029C4/wac-small//wac/"
+		to="https://summit.atlassian.com/" /-->
 
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Atlatszo.hu.xml b/src/chrome/content/rules/Atlatszo.hu.xml
new file mode 100644
index 000000000000..369ed29a85c2
--- /dev/null
+++ b/src/chrome/content/rules/Atlatszo.hu.xml
@@ -0,0 +1,76 @@
+<!--
+	Nonfunctional hosts in *atlatszo.hu:
+
+		- abi ⁵
+		- asimov ⁵
+		- fizettem ⁵
+		- kimittud ʳ
+		- services ⁵
+
+	⁵ 500
+	ʳ Refused
+
+
+	Problematic hosts in *atlatszo.hu:
+
+		- mail * ᵐ
+
+	* CAcert
+	ᵐ Mismatched
+
+
+	Mixed content:
+
+		- Ads/bugs, on:
+
+			- ^, 230, adatujsagiras, annyit, blog, crbc, darvasbela, erdely, falramentaparlament, globalvoices, igyirnankmi, kornyezetvedelem, mutyimondo, occrp, oktatas, pcblog, pogiblog, slejm, szakirodalom, szocio, torvenygyartok, transparency, video, vilagterkep from www.oltonyhazak.hu ᵈ
+			- annyit, vastagbor c\d.gostats.com ⁴
+			- dron from ^atlatszo.hu ˢ
+			- dron from journalism.cmpf.eui.eu ⁴
+			- dron from www.visegradgroup.eu ᵐ
+
+	⁴ Unsecurable <= 404
+	ᵈ Unsecurable <= dropped
+	ᵐ Not secured by us <= mismatched
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Atlatszo.hu (partial)">
+
+	<target host="atlatszo.hu" />
+	<target host="230.atlatszo.hu" />
+	<target host="adat.atlatszo.hu" />
+	<target host="adatujsagiras.atlatszo.hu" />
+	<target host="annyit.atlatszo.hu" />
+	<target host="blog.atlatszo.hu" />
+	<target host="crbc.atlatszo.hu" />
+	<target host="darvasbela.atlatszo.hu" />
+	<target host="english.atlatszo.hu" />
+	<target host="erdely.atlatszo.hu" />
+	<target host="falramentaparlament.atlatszo.hu" />
+	<target host="globalvoices.atlatszo.hu" />
+	<target host="igyirnankmi.atlatszo.hu" />
+	<target host="kornyezetvedelem.atlatszo.hu" />
+	<target host="mutyimondo.atlatszo.hu" />
+	<target host="occrp.atlatszo.hu" />
+	<target host="oktatas.atlatszo.hu" />
+	<target host="pcblog.atlatszo.hu" />
+	<target host="pogiblog.atlatszo.hu" />
+	<target host="slejm.atlatszo.hu" />
+	<target host="szakirodalom.atlatszo.hu" />
+	<target host="szocio.atlatszo.hu" />
+	<target host="torvenygyartok.atlatszo.hu" />
+	<target host="transparency.atlatszo.hu" />
+	<target host="vastagbor.atlatszo.hu" />
+	<target host="video.atlatszo.hu" />
+	<target host="vilagterkep.atlatszo.hu" />
+	<target host="www.atlatszo.hu" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Atmail.xml b/src/chrome/content/rules/Atmail.xml
index 7e0d607e0616..06c968fade88 100644
--- a/src/chrome/content/rules/Atmail.xml
+++ b/src/chrome/content/rules/Atmail.xml
@@ -1,14 +1,14 @@
 <ruleset name="Atmail">
 
 	<target host="atmail.com" />
+	<target host="www.atmail.com" />
 	<!--	* for cross-domain cookie.	-->
-	<target host="*.atmail.com" />
 
 
-	<securecookie host="^\.atmail\.com$" name=".*" />
 
+	<securecookie host="^\.atmail\.com$" name=".+" />
 
-	<rule from="^http://(www\.)?atmail\.com/"
-		to="https://$1atmail.com/" />
+
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Atom.io.xml b/src/chrome/content/rules/Atom.io.xml
new file mode 100644
index 000000000000..dfffd3dbc6dc
--- /dev/null
+++ b/src/chrome/content/rules/Atom.io.xml
@@ -0,0 +1,13 @@
+<ruleset name="Atom.io">
+	<target host="atom.io" />
+	<target host="www.atom.io" />
+	<target host="blog.atom.io" />
+	<target host="electron.atom.io" />
+	<target host="discuss.atom.io" />
+	<target host="flight-manual.atom.io" />
+	<target host="github.atom.io" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Atomic-Cowlick.xml b/src/chrome/content/rules/Atomic-Cowlick.xml
deleted file mode 100644
index ae9f792f18c3..000000000000
--- a/src/chrome/content/rules/Atomic-Cowlick.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<ruleset name="Atomic Cowlick">
-
-	<target host="atomiccowlick.com"/>
-	<target host="www.atomiccowlick.com"/>
-
-	<securecookie host="^(www\.)?atomiccowlick\.com$" name=".*"/>
-
-	<rule from="^http://(www\.)?atomiccowlick\.com/"
-		to="https://$1atomiccowlick.com/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Atomic-Insights.xml b/src/chrome/content/rules/Atomic-Insights.xml
deleted file mode 100644
index 31cd6fffa018..000000000000
--- a/src/chrome/content/rules/Atomic-Insights.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<ruleset name="Atomic Insights" default_off="self-signed">
-
-	<!--	Cert: plesk	-->
-	<target host="atomicinsights.com" />
-	<target host="www.atomicinsights.com" />
-
-
-	<securecookie host="^atomicinsights\.com$" name=".*" />
-
-
-	<rule from="^https?://(?:www\.)?atomicinsights\.com/"
-		to="https://atomicinsights.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Atomic_Insights.com.xml b/src/chrome/content/rules/Atomic_Insights.com.xml
new file mode 100644
index 000000000000..3a7cd2e31156
--- /dev/null
+++ b/src/chrome/content/rules/Atomic_Insights.com.xml
@@ -0,0 +1,14 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+			 - ns40.atomicinsights.com
+			 - ns50.atomicinsights.com
+-->
+<ruleset name="Atomic Insights.com">
+	<target host="atomicinsights.com" />
+	<target host="www.atomicinsights.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Atomic_Object.com.xml b/src/chrome/content/rules/Atomic_Object.com.xml
new file mode 100644
index 000000000000..d5f0e363a229
--- /dev/null
+++ b/src/chrome/content/rules/Atomic_Object.com.xml
@@ -0,0 +1,55 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://craft-staging.atomicobject.com/ => https://craft-staging.atomicobject.com/: (6, 'Could not resolve host: craft-staging.atomicobject.com')
+
+	Nonfuctional subdomains:
+
+		- spin *
+
+	* Redirects to http
+
+
+	Insecure cookies are set for these hosts:
+
+		- craft-staging.atomicobject.com
+		- www.atomicobject.com
+
+-->
+<ruleset name="Atomic Object.com (partial)" default_off="failed ruleset test">
+
+	<target host="atomicobject.com" />
+	<target host="craft-staging.atomicobject.com" />
+	<target host="spin.atomicobject.com" />
+	<target host="www.atomicobject.com" />
+
+		<!--	Redirects to http:
+
+						-->
+		<!--test url="http://spin\.atomicobject\.com/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://spin\.atomicobject\.com/+(?!wp-content/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://spin.atomicobject.com/author/erickson/" />
+			<test url="http://spin.atomicobject.com/page/2/" />
+
+			<!--	-ve:
+					-->
+			<test url="http://spin.atomicobject.com/wp-content/themes/atomic-spin-wordpress-theme/images/careers.jpg" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(craft-staging|www)\.atomicobject\.com$" name="^CraftSessionId$" /-->
+
+	<securecookie host="^(?:craft-staging|www)\.atomicobject\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Atomicorp.xml b/src/chrome/content/rules/Atomicorp.xml
index f1e144061e3f..1f82c7b8451b 100644
--- a/src/chrome/content/rules/Atomicorp.xml
+++ b/src/chrome/content/rules/Atomicorp.xml
@@ -1,6 +1,58 @@
-<ruleset name="Atomicorp" platform="mixedcontent">
-  <target host="www.atomicorp.com"/>
-  <target host="atomicorp.com"/>
+<!--
+	Nonfunctional hosts in *atomicorp.com:
+
+		- www7 ʳ
+
+	ʳ Refused
+
+
+	Problematic hosts in *atomicorp.com:
+
+		- ns1 ᵐ
+
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these domains: ᶜ
+
+		- .atomicorp.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css on ^ from fonts.googleapis.com ˢ
+		- Images on updates from www.atomicorp.com ˢ
+		- favicons on updates, www[2-68] from ^atomicorp.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Atomicorp.com (partial)">
+
+	<target host="atomicorp.com" />
+	<target host="forums.atomicorp.com" />
+	<target host="updates.atomicorp.com" />
+	<target host="wiki.atomicorp.com" />
+	<target host="www.atomicorp.com" />
+	<target host="www2.atomicorp.com" />
+	<target host="www3.atomicorp.com" />
+	<target host="www4.atomicorp.com" />
+	<target host="www5.atomicorp.com" />
+	<target host="www6.atomicorp.com" />
+	<target host="www8.atomicorp.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.atomicorp\.com$" name="^phpbb3_\w+_(?:k|sid|u)$" /-->
+
+	<securecookie host="^\." name="^(?:__qca$|phpbb3_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
-  <rule from="^http://(www\.)?atomicorp\.com/" to="https://www.atomicorp.com/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/Atomz.xml b/src/chrome/content/rules/Atomz.xml
index fe64db8f8155..5d9e98e538b9 100644
--- a/src/chrome/content/rules/Atomz.xml
+++ b/src/chrome/content/rules/Atomz.xml
@@ -1,10 +1,20 @@
-<ruleset name="Atomz">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://atomz.com/ => https://atomz.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.atomz.com/ => https://www.atomz.com/: (6, 'Could not resolve host: www.atomz.com')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://atomz.com/ => https://atomz.com/: (56, 'Recv failure: Connection reset by peer')
+-->
+<ruleset name="Atomz" default_off="failed ruleset test">
 
 	<target host="atomz.com" />
-	<target host="*.atomz.com" />
+	<target host="center.atomz.com" />
+	<target host="content.atomz.com" />
+	<target host="www.atomz.com" />
 
 
-	<rule from="^http://(center\.|content\.|www\.)?atomz\.com/"
-		to="https://$1atomz.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Atos.net.xml b/src/chrome/content/rules/Atos.net.xml
new file mode 100644
index 000000000000..1a1aced4f4c3
--- /dev/null
+++ b/src/chrome/content/rules/Atos.net.xml
@@ -0,0 +1,103 @@
+<!--
+	Fully covered subdomains:
+
+		- (www.)
+		- ae
+		- ap
+		- ar
+		- ascentlookout
+		- at
+		- au
+		- be
+		- bg
+		- br
+		- ch
+		- cms
+		- cn
+		- cz
+		- de
+		- dk
+		- eg
+		- es
+		- fi
+		- fr
+		- hr
+		- in
+		- it
+		- jp
+		- mx
+		- na
+		- nl
+		- nz
+		- ph
+		- pl
+		- prd
+		- pt
+		- ro
+		- rs
+		- ru
+		- se
+		- sk
+		- th
+		- tr
+		- tw
+		- uk
+		- za
+
+
+	Every domain covered thus far sets cookies.
+
+-->
+<ruleset name="Atos.net">
+
+	<target host="atos.net" />
+	<target host="ae.atos.net" />
+	<target host="ap.atos.net" />
+	<target host="ar.atos.net" />
+	<target host="at.atos.net" />
+	<target host="au.atos.net" />
+	<target host="ascentlookout.atos.net" />
+	<target host="be.atos.net" />
+	<target host="bg.atos.net" />
+	<target host="br.atos.net" />
+	<target host="ch.atos.net" />
+	<target host="cn.atos.net" />
+	<target host="cz.atos.net" />
+	<target host="cms.atos.net" />
+	<target host="de.atos.net" />
+	<target host="dk.atos.net" />
+	<target host="eg.atos.net" />
+	<target host="es.atos.net" />
+	<target host="fi.atos.net" />
+	<target host="fr.atos.net" />
+	<target host="hr.atos.net" />
+	<target host="in.atos.net" />
+	<target host="it.atos.net" />
+	<target host="jp.atos.net" />
+	<target host="mx.atos.net" />
+	<target host="na.atos.net" />
+	<target host="nl.atos.net" />
+	<target host="nz.atos.net" />
+	<target host="ph.atos.net" />
+	<target host="pl.atos.net" />
+	<target host="pt.atos.net" />
+	<target host="prd.atos.net" />
+	<target host="ro.atos.net" />
+	<target host="rs.atos.net" />
+	<target host="ru.atos.net" />
+	<target host="se.atos.net" />
+	<target host="sk.atos.net" />
+	<target host="th.atos.net" />
+	<target host="tr.atos.net" />
+	<target host="tw.atos.net" />
+	<target host="uk.atos.net" />
+	<target host="www.atos.net" />
+	<target host="za.atos.net" />
+
+
+	<securecookie host="^(?:\w+\.)?atos\.net$" name=".+" />
+
+
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Atrativa.com.br.xml b/src/chrome/content/rules/Atrativa.com.br.xml
new file mode 100644
index 000000000000..91d49abfd57a
--- /dev/null
+++ b/src/chrome/content/rules/Atrativa.com.br.xml
@@ -0,0 +1,28 @@
+<!--
+	Problematic subdomains:
+
+		- (www.) *
+
+	* Works; mismatched, CN: secure.atrativa.com.br
+
+
+	These altnames don't exist:
+
+		- www.secure.atrativa.com.br
+
+-->
+<ruleset name="Atrativa.com.br (partial)">
+
+	<target host="atrativa.com.br" />
+	<target host="secure.atrativa.com.br" />
+	<target host="www.atrativa.com.br" />
+		<!--
+			At least some in css/.* and js/.* is not equivalent:
+										-->
+		<exclusion pattern="^http://(?:www\.)?atrativa\.com\.br/+(?!img/)" />
+
+
+	<rule from="^http://(?:secure\.|www\.)?atrativa\.com\.br/"
+		to="https://secure.atrativa.com.br/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Atsec.com.xml b/src/chrome/content/rules/Atsec.com.xml
new file mode 100644
index 000000000000..840e66665d89
--- /dev/null
+++ b/src/chrome/content/rules/Atsec.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="atsec.com">
+
+	<target host="atsec.com" />
+	<target host="www.atsec.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Atstuff.xml b/src/chrome/content/rules/Atstuff.xml
index 3b8389a6f3e6..8e1587876454 100644
--- a/src/chrome/content/rules/Atstuff.xml
+++ b/src/chrome/content/rules/Atstuff.xml
@@ -1,13 +1,12 @@
 <ruleset name="@stuff">
 
 	<target host="atstuff.com" />
-	<target host="*.atstuff.com" />
+	<target host="www.atstuff.com" />
 
 
 	<securecookie host="^\.atstuff\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?atstuff\.com/"
-		to="https://$1atstuff.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Attac.at.xml b/src/chrome/content/rules/Attac.at.xml
new file mode 100644
index 000000000000..30abfd42b46c
--- /dev/null
+++ b/src/chrome/content/rules/Attac.at.xml
@@ -0,0 +1,58 @@
+<!--
+	Nonfunctional hosts in *attac.at:
+
+		- community *
+
+	* Plaintext reply
+
+
+	Insecure cookies are set for these hosts:
+
+		- attac.at
+		- www.attac.at
+
+-->
+<ruleset name="Attac.at (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="attac.at" />
+	<target host="www.attac.at" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.attac\.at/($|index\.php$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.attac\.at/+(?!fileadmin/|index\.php\?eID=fontsizer|piwik/|typo3conf/|typo3temp/)" />
+
+			<test url="http://www.attac.at/engagieren.html" />
+			<test url="http://www.attac.at/index.php" />
+			<test url="http://www.attac.at/impressum.html" />
+			<test url="http://www.attac.at/nc/news.html" />
+			<test url="http://www.attac.at/kontakt.html" />
+			<test url="http://www.attac.at/nc/presse/kontakt-aussendungen.html" />
+			<test url="http://www.attac.at/shop/neuerscheinungen.html" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.attac.at/index.php?eID=fontsizer" />
+			<test url="http://www.attac.at/fileadmin/template_dateien/stylesheets/print.css" />
+			<test url="http://www.attac.at/piwik/piwik.php" />
+			<test url="http://www.attac.at/typo3conf/ext/wt_gallery/files/css/wtgallery_main.css" />
+			<test url="http://www.attac.at/typo3temp/_processed_/csm_TTIP-bonovo-2014-02-27-v3-02_20_05d284fc84.jpg" />
+			<test url="http://www.attac.at/typo3temp/stylesheet_179e3619b8.css" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?attac\.at$" name="^fe_typo_user$" /-->
+
+	<securecookie host="^attac\.at$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Attachmate-Group.xml b/src/chrome/content/rules/Attachmate-Group.xml
index 1d44751c1b6c..0b7ecbf1ca6c 100644
--- a/src/chrome/content/rules/Attachmate-Group.xml
+++ b/src/chrome/content/rules/Attachmate-Group.xml
@@ -1,29 +1,45 @@
+
 <!--
-	Other Attachmate Group rulesets:
+Disabled by https-everywhere-checker because:
+Fetch error: http://esp.attachmategroup.com/ => https://esp.attachmategroup.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://login.attachmategroup.com/ => https://login.attachmategroup.com/: (6, 'Could not resolve host: login.attachmategroup.com')
+
+	The Attachmate Group
 
-		- Attachmate.xml
-		- NetIQ.xml
-		- Novell.xml
-		- OpenSUSE.xml
-		- SUSE.xml
+	For other Micro Focus coverage, see Micro_Focus.com.xml.
 
 
 	Nonfunctional domains:
 
-		- attachmategroup.com		(no https)
-		- www.attachmategroup.com	(times out)
+		- attachmategroup.com ¹
+		- www.attachmategroup.com ²
+
+	¹ Refused
+	² Dropped
+
+
+	Insecure cookies are set for these domains:
+
+		- .attachmategroup.com
+		- esp.attachmategroup.com
+		- login.attachmategroup.com
 
 -->
-<ruleset name="The Attachmate Group (partial)">
+<ruleset name="Attachmate Group.com (partial)" default_off="failed ruleset test">
 
-	<target host="*.attachmategroup.com" />
+	<target host="esp.attachmategroup.com" />
+	<target host="login.attachmategroup.com" />
 
 
+	<!--	Not secured by server:
+					-->
 	<!--securecookie host="^\.attachmategroup\.com$" name="IPCZQX\w{10}$" /-->
+	<!--securecookie host="^(esp|login)\.attachmategroup\.com$" name="^(UrnNovellNidpClusterMemberId|lb_esp|urn:novell:nidp:cluster:member:id)$" /-->
+
 	<securecookie host="^(?:esp|login)\.attachmategroup\.com$" name=".+" />
 
 
-	<rule from="^http://(esp|login)\.attachmategroup\.com/"
-		to="https://$1.attachmategroup.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Attachmate.xml b/src/chrome/content/rules/Attachmate.xml
index c6750dc7a521..8b3cba99abdb 100644
--- a/src/chrome/content/rules/Attachmate.xml
+++ b/src/chrome/content/rules/Attachmate.xml
@@ -1,5 +1,9 @@
+
 <!--
-	For other Attachmate Group coverage, see Attachmate-Group.xml.
+Disabled by https-everywhere-checker because:
+Fetch error: http://download.attachmate.com/ => https://download.attachmate.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	For other Micro Focus coverage, see Micro_Focus.com.xml.
 
 
 	Nonfunctional subdomains:
@@ -8,15 +12,16 @@
 		- support	(no https)
 
 -->
-<ruleset name="Attachmate (partial)">
+<ruleset name="Attachmate.com (partial)" default_off="failed ruleset test">
 
-	<target host="*.attachmate.com" />
+	<target host="download.attachmate.com" />
+	<target host="mysupport.attachmate.com" />
 
 
 	<securecookie host="^download\.attachmate\.com$" name=".+" />
 
 
-	<rule from="^http://(download|mysupport)\.attachmate\.com/"
-		to="https://$1.attachmate.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Attendesource.com.xml b/src/chrome/content/rules/Attendesource.com.xml
new file mode 100644
index 000000000000..2b5285e51c5c
--- /dev/null
+++ b/src/chrome/content/rules/Attendesource.com.xml
@@ -0,0 +1,5 @@
+<ruleset name="Attendesource.com">
+	<target host="attendesource.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Attendesource.xml b/src/chrome/content/rules/Attendesource.xml
deleted file mode 100644
index 6af3c4d270b3..000000000000
--- a/src/chrome/content/rules/Attendesource.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="Attendesource.com" default_off="Appears to break certain registration pages when JavaScript scripting is enabled.">
-	<target host="attendesource.com" />
-	<target host="www.attendesource.com" />
-
-	<rule from="^http://(www\.)?attendesource\.com/" to="https://$1attendesource.com/" />
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Attic-backup.org.xml b/src/chrome/content/rules/Attic-backup.org.xml
new file mode 100644
index 000000000000..00afd70c57d4
--- /dev/null
+++ b/src/chrome/content/rules/Attic-backup.org.xml
@@ -0,0 +1,9 @@
+<ruleset name="Attic-backup.org">
+
+	<target host="attic-backup.org" />
+	<target host="www.attic-backup.org" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AtticTV.com.xml b/src/chrome/content/rules/AtticTV.com.xml
new file mode 100644
index 000000000000..b5a8cc2a36b7
--- /dev/null
+++ b/src/chrome/content/rules/AtticTV.com.xml
@@ -0,0 +1,40 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://attictv.com/ => https://attictv.com/: (6, 'Could not resolve host: attictv.com')
+
+	Other AtticTV rulesets:
+
+
+
+	Insecure cookies are set for these domains:
+
+		- .attictv.com
+
+
+	Mixed content:
+
+		- css from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="AtticTV.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="attictv.com" />
+	<target host="www.attictv.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.attictv\.com$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.attictv\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Attorney-GeneralsDepartment.xml b/src/chrome/content/rules/Attorney-GeneralsDepartment.xml
new file mode 100644
index 000000000000..612eb607331a
--- /dev/null
+++ b/src/chrome/content/rules/Attorney-GeneralsDepartment.xml
@@ -0,0 +1,7 @@
+<ruleset name="Attorney-General's Department">
+	<target host="ag.gov.au" />
+	<target host="www.ag.gov.au" />
+
+	<rule from="^http://(?:www\.)?ag\.gov\.au/"
+		to="https://www.ag.gov.au/" />
+</ruleset>
diff --git a/src/chrome/content/rules/AttorneySteveLee.com.xml b/src/chrome/content/rules/AttorneySteveLee.com.xml
new file mode 100644
index 000000000000..62054057e9fe
--- /dev/null
+++ b/src/chrome/content/rules/AttorneySteveLee.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="AttorneySteveLee.com">
+	<target host="attorneystevelee.com" />
+	<target host="www.attorneystevelee.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Attracta.xml b/src/chrome/content/rules/Attracta.xml
index 3ad4bf703916..deca3d32a15e 100644
--- a/src/chrome/content/rules/Attracta.xml
+++ b/src/chrome/content/rules/Attracta.xml
@@ -16,7 +16,7 @@
 	<target host="*.attracta.com" />
 
 
-	<securecookie host="^(?:.*\.)?attracta\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http://(\w+\.)?attracta\.com/"
diff --git a/src/chrome/content/rules/Attraqt.com.xml b/src/chrome/content/rules/Attraqt.com.xml
new file mode 100644
index 000000000000..04bbfd67ee8f
--- /dev/null
+++ b/src/chrome/content/rules/Attraqt.com.xml
@@ -0,0 +1,51 @@
+<!--
+	Cert expired:
+		- lists.attraqt.com
+		- mr1.attraqt.com
+
+	Cert mismatch:
+		- chris.attraqt.com
+		- lyncdiscover.attraqt.com
+		- msoid.attraqt.com
+		- sip.attraqt.com
+
+	Chain issues:
+		- repos.attraqt.com
+	TLS error:
+		- tab.attraqt.com
+
+-->
+<ruleset name="Attraqt (partial)">
+	<target host="www.attraqt.com" />
+
+	<target host="blog.attraqt.com" />
+	<target host="fsm-fmag.attraqt.com" />
+	<target host="fsm-bb.attraqt.com" />
+	<target host="fsm.attraqt.com" />
+	<target host="fsm-mf.attraqt.com" />
+	<target host="fsm-cp.attraqt.com" />
+	<target host="fsm-tk.attraqt.com" />
+	<target host="content.attraqt.com" />
+	<target host="fsm-us.attraqt.com" />
+	<target host="fsm-us-eb.attraqt.com" />
+	<target host="fsm-vfc.attraqt.com" />
+	<target host="fsm-us2.attraqt.com" />
+	<target host="fsm-wip-us.attraqt.com" />
+	<target host="fsm1-cdn.attraqt.com" />
+	<target host="fsm2.attraqt.com" />
+	<target host="fsm1-lon5.attraqt.com" />
+	<target host="fsm-wilko.attraqt.com" />
+	<target host="fsm2-bh.attraqt.com" />
+	<target host="fsm-wip.attraqt.com" />
+	<target host="fsm3.attraqt.com" />
+	<target host="fsm5.attraqt.com" />
+	<target host="fsm5-cdn.attraqt.com" />
+	<target host="fsm6.attraqt.com" />
+	<target host="fsm6-bnh.attraqt.com" />
+	<target host="fsm8.attraqt.com" />
+	<target host="mc.attraqt.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Atypon.xml b/src/chrome/content/rules/Atypon.xml
index b006a3ec5cd7..0aeef440af08 100644
--- a/src/chrome/content/rules/Atypon.xml
+++ b/src/chrome/content/rules/Atypon.xml
@@ -1,12 +1,12 @@
 <ruleset name="Atypon" platform="mixedcontent">
 
-	<target host="atypon.com"/>
+	<target host="atypon.com" />
+	<target host="www.atypon.com" />
 	<!--	* for cross-domain cookie	-->
-	<target host="*.atypon.com"/>
 
-	<securecookie host="^(.*\.)?atypon\.com$" name=".*"/>
 
-	<rule from="^http://(www\.)?atypon\.com/"
-		to="https://$1atypon.com/"/>
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Au.dk.xml b/src/chrome/content/rules/Au.dk.xml
new file mode 100644
index 000000000000..6aae6f3a67e5
--- /dev/null
+++ b/src/chrome/content/rules/Au.dk.xml
@@ -0,0 +1,875 @@
+<!--
+	Invalid certificate:
+		www.addition.au.dk
+		www.akhphd.au.dk
+		www.alumni.au.dk
+		www.anis.au.dk
+		www.arctic.au.dk
+		www.ase.au.dk
+		www.auhe.au.dk
+		www.badm.au.dk
+		www.balticgas.au.dk
+		www.bb.au.dk
+		lyncdiscover.bcom.au.dk
+		www.cah.au.dk
+		www.cdna.au.dk
+		www.cfem.au.dk
+		www.cfin.au.dk
+		www.chem.au.dk
+		www.cju.au.dk
+		www.clin.au.dk
+		www.conamore.au.dk
+		www.creates.au.dk
+		www.crf.au.dk
+		www.auinstallation28.cs.au.dk
+		faccesurplus.auinstallation35.cs.au.dk
+		grilldyr.cs.au.dk
+		grillhost.cs.au.dk
+		www.cse.au.dk
+		www.css.au.dk
+		lyncdiscover.dac.au.dk
+		www.dagmar.au.dk
+		cgi-www.daimi.au.dk
+		www.darwin.au.dk
+		www.dce.au.dk
+		www.dcl.au.dk
+		www.depons.au.dk
+		www.dna18.au.dk
+		www.dramaturgi.au.dk
+		web.lmdg.econ.au.dk
+		www.econ.au.dk
+		www.ecosense.au.dk
+		www.edu.au.dk
+		www.eksamen.au.dk
+		www.eng.au.dk
+		www.engelsk.au.dk
+		www.femtolab.au.dk
+		www.fetotox.au.dk
+		www.folkesundhed.au.dk
+		folkeuniversitetet.au.dk
+		www.funktionellelidelser.au.dk
+		www.geomaps.au.dk
+		www.gerda.au.dk
+		www.hermes.au.dk
+		www.hgg.au.dk
+		hi.au.dk
+		www.hi.au.dk
+		www.hih.au.dk
+		www.hum.au.dk
+		www.ias.au.dk
+		www.icon.au.dk
+		www.imv.au.dk
+		www.inano.au.dk
+		www.inanoschool.au.dk
+		www.international.au.dk
+		www.into-cps.au.dk
+		www.ipsych.au.dk
+		www.ivs.au.dk
+		www.lacua.au.dk
+		www.law.au.dk
+		www.madalgo.au.dk
+		www.mangrove.au.dk
+		www.masters.au.dk
+		www.mbg.au.dk
+		www.medarbejdere.au.dk
+		www.medialab.au.dk
+		www.memory.au.dk
+		www.mgmt.au.dk
+		www.mr.au.dk
+		www.ncrr.au.dk
+		www.nera2012.au.dk
+		www.neurocampus.au.dk
+		www.nmr.au.dk
+		www.nnpe.au.dk
+		www.nordisk.au.dk
+		www.nsae.au.dk
+		www.odont.au.dk
+		www.odontologi.au.dk
+		lyncdiscover.orion.au.dk
+		www.pet.au.dk
+		www.ph.au.dk
+		www.phys.au.dk
+		astro.phys.au.dk
+		kern.phys.au.dk
+		song.phys.au.dk
+		demo.ss1n1.phys.au.dk
+		www.progeuro.au.dk
+		www.ps.au.dk
+		www.psy.au.dk
+		www.pumpkin.au.dk
+		www.qgm.au.dk
+		www.religiousroots.au.dk
+		www.rr2017.au.dk
+		www.ruml.au.dk
+		www.sac.au.dk
+		www.sagaconference.au.dk
+		www.sam.au.dk
+		www.sanord.au.dk
+		www.scitech.au.dk
+		www.slk.au.dk
+		www.socialsciences.au.dk
+		prodekanus.studorg.au.dk
+		www.techne.au.dk
+		www.tgf.au.dk
+		www.ulandslaere.au.dk
+		www.unike.au.dk
+		www.verso.au.dk
+		www.wia.au.dk
+
+	Missing certificate chain:
+		applemdm.auit.au.dk
+		vipomat.hum.au.dk
+		maillist.au.dk
+		vc.au.dk
+
+	Connection refused:
+		odk.agro.au.dk
+		www.ambitprocesses.au.dk
+		arkit.au.dk
+		bioxray.au.dk
+		www.bioxray.au.dk
+		brand.au.dk
+		kis.cc.au.dk
+		bionmr.chem.au.dk
+		www.bionmr.chem.au.dk
+		bionmr1.chem.au.dk
+		old.chem.au.dk
+		www.old.chem.au.dk
+		www.cki.au.dk
+		legolab.cs.au.dk
+		sutherland.cs.au.dk
+		www.ctqm.au.dk
+		bircwww.daimi.au.dk
+		legolab.daimi.au.dk
+		www.legolab.daimi.au.dk
+		www.daimi.au.dk
+		wima2.daimi.au.dk
+		danbif.au.dk
+		galleri.au.dk
+		idraet.au.dk
+		www.idraet.au.dk
+		imf.au.dk
+		www.imf.au.dk
+		data.imf.au.dk
+		home.imf.au.dk
+		innox-db.au.dk
+		www.intermedia.au.dk
+		it.au.dk
+		moma.ki.au.dk
+		home.math.au.dk
+		mfsr.au.dk
+		mpclounge.au.dk
+		natphd.au.dk
+		www.natphd.au.dk
+		tsm.nfit.au.dk
+		kasoc.phys.au.dk
+		valgdata.ps.au.dk
+		media.qgm.au.dk
+		spsp2015.au.dk
+
+	Other HTTPS errors:
+		mit.biology.au.dk
+		wiki.eng.au.dk
+		www.isa.au.dk
+
+	Mixed content:
+		addition.au.dk
+		aestheticpolitics.au.dk
+		aestheticsreloaded.au.dk
+		agro.au.dk
+		aias.au.dk
+		aie.au.dk
+		ak.au.dk
+		akutforskning.au.dk
+		anis.au.dk
+		anthropocene.au.dk
+		antikmuseet.au.dk
+		arctic.au.dk
+		arts.au.dk
+		asca.au.dk
+		ase.au.dk
+		audiovisuality.au.dk
+		auff.au.dk
+		balticgas.au.dk
+		barneticentrum.au.dk
+		bbsupport.au.dk
+		bias.au.dk
+		bilingualism.au.dk
+		bioculture.au.dk
+		biodesign.au.dk
+		biomed.au.dk
+		bion.au.dk
+		bios.au.dk
+		biostat.au.dk
+		www.biostat.au.dk
+		birc.au.dk
+		blogs.au.dk
+		bss.au.dk
+		btech.au.dk
+		c3net.au.dk
+		cah.au.dk
+		canadianstudies.au.dk
+		cap.au.dk
+		cardnetwork.au.dk
+		careercentre.au.dk
+		cas.au.dk
+		casa.au.dk
+		cavi.au.dk
+		auinstallation30.cs.au.dk
+		auinstallation31.cs.au.dk
+		auinstallation32.cs.au.dk
+		auinstallation33.cs.au.dk
+		auinstallation34.cs.au.dk
+		auinstallation35.cs.au.dk
+		auinstallation36.cs.au.dk
+		auinstallation40.cs.au.dk
+		auinstallation42.cs.au.dk
+		auinstallation43.cs.au.dk
+		auinstallation44.cs.au.dk
+		ddlab.projects.cavi.au.dk
+		organicity.projects.cavi.au.dk
+		cbio.au.dk
+		cbn.au.dk
+		cc.au.dk
+		cctd.au.dk
+		cdna.au.dk
+		ceh.au.dk
+		cei.au.dk
+		census.au.dk
+		cesau.au.dk
+		cesu.au.dk
+		cfb.au.dk
+		cfi.au.dk
+		cfin.au.dk
+		chem.au.dk
+		childresearch.au.dk
+		cirrau.au.dk
+		cisa.au.dk
+		cisca.au.dk
+		climate-kic.au.dk
+		clin.au.dk
+		conferences.au.dk
+		contemporaneity.au.dk
+		cs.au.dk
+		aucommon.cs.au.dk
+		csac.au.dk
+		css.au.dk
+		ctn.au.dk
+		dagmar.au.dk
+		dandrite.au.dk
+		darc.au.dk
+		dca.au.dk
+		dcl.au.dk
+		dedx.au.dk
+		deleuranlab.au.dk
+		dent.au.dk
+		derma.au.dk
+		designmanual.au.dk
+		dlrc.au.dk
+		dls.au.dk
+		dna18.au.dk
+		dream.au.dk
+		dyrefaciliteter.au.dk
+		ebooks.au.dk
+		econ.au.dk
+		edu.au.dk
+		eduroam.au.dk
+		energy.au.dk
+		eng.au.dk
+		futurecropping-ssl.eng.au.dk
+		opentele.eng.au.dk
+		envs.au.dk
+		epicenter.au.dk
+		eship.au.dk
+		eurowheat.au.dk
+		facs.au.dk
+		fallingwallslab.au.dk
+		feap.au.dk
+		fetotox.au.dk
+		fictionality.au.dk
+		food.au.dk
+		food4being.au.dk
+		foodplatform.au.dk
+		forensic.au.dk
+		genome.au.dk
+		geo.au.dk
+		globalaesthetics.au.dk
+		gnosis.au.dk
+		goodsociety.au.dk
+		grundtvigcenteret.au.dk
+		hci.au.dk
+		hcs.au.dk
+		health.au.dk
+		phd.health.au.dk
+		hermes.au.dk
+		hgg.au.dk
+		hollsberglab.au.dk
+		humanfutures.au.dk
+		ias.au.dk
+		iclimate.au.dk
+		icon.au.dk
+		icsru.au.dk
+		ida.au.dk
+		idnc.au.dk
+		idrres.au.dk
+		ifood.au.dk
+		imat.au.dk
+		inano.au.dk
+		ingenioer.au.dk
+		innox.au.dk
+		interactingminds.au.dk
+		interfacekultur.au.dk
+		interpret.au.dk
+		ipsych.au.dk
+		iseq.au.dk
+		jobsys.au.dk
+		jysk.au.dk
+		kandidat.au.dk
+		kea.au.dk
+		koll.au.dk
+		lacua.au.dk
+		law.au.dk
+		library.au.dk
+		loegstrup.au.dk
+		math.au.dk
+		mbg.au.dk
+		agro.medarbejdere.au.dk
+		ase.medarbejdere.au.dk
+		biomed.medarbejdere.au.dk
+		btech.medarbejdere.au.dk
+		cas.medarbejdere.au.dk
+		cc.medarbejdere.au.dk
+		chem.medarbejdere.au.dk
+		clin.medarbejdere.au.dk
+		dca.medarbejdere.au.dk
+		econ.medarbejdere.au.dk
+		edu.medarbejdere.au.dk
+		eng.medarbejdere.au.dk
+		food.medarbejdere.au.dk
+		geo.medarbejdere.au.dk
+		health.medarbejdere.au.dk
+		inano.medarbejdere.au.dk
+		law.medarbejdere.au.dk
+		math.medarbejdere.au.dk
+		mbg.medarbejdere.au.dk
+		ph.medarbejdere.au.dk
+		phys.medarbejdere.au.dk
+		ps.medarbejdere.au.dk
+		psy.medarbejdere.au.dk
+		qgm.medarbejdere.au.dk
+		scitech.medarbejdere.au.dk
+		tdm.medarbejdere.au.dk
+		membranes.au.dk
+		memorianovelada.au.dk
+		memory.au.dk
+		mentalnet.au.dk
+		meprica.au.dk
+		metodeguiden.au.dk
+		mgmt.au.dk
+		mind.au.dk
+		mindfulness.au.dk
+		mindhood.au.dk
+		motion.au.dk
+		mr.au.dk
+		museologi.au.dk
+		musicinthebrain.au.dk
+		nck.au.dk
+		ncs.au.dk
+		nera2012.au.dk
+		neurocampus.au.dk
+		neurodin.au.dk
+		newsroom.au.dk
+		nordisknet.au.dk
+		nsae.au.dk
+		nt.au.dk
+		nuas15.au.dk
+		nuaskom.au.dk
+		nyegaardlab.au.dk
+		offentlighed.au.dk
+		omnibus.au.dk
+		ph.au.dk
+		phd.au.dk
+		phys.au.dk
+		pimas.au.dk
+		pit.au.dk
+		pnes.au.dk
+		posthuman.au.dk
+		prme-leaders20.au.dk
+		progeuro.au.dk
+		projekter.au.dk
+		promemo.au.dk
+		ps.au.dk
+		psy.au.dk
+		psys.au.dk
+		qgm.au.dk
+		radisurf.au.dk
+		rcc.au.dk
+		readingslavery.au.dk
+		redcap.au.dk
+		redoxlab.au.dk
+		religiousroots.au.dk
+		relnorm.au.dk
+		researchmanager.au.dk
+		ruml.au.dk
+		runsafe.au.dk
+		sa3-paludan.au.dk
+		sac.au.dk
+		sagaconference.au.dk
+		samtalegrammatik.au.dk
+		samtidsreligion.au.dk
+		sanord.au.dk
+		schoolofperfusion.au.dk
+		scitech.au.dk
+		sexualitystudies.au.dk
+		shs.au.dk
+		sins.au.dk
+		smartcities.au.dk
+		smk.au.dk
+		sociologikongres.au.dk
+		song.au.dk
+		soundacts.au.dk
+		spin-in.au.dk
+		sportmigration.au.dk
+		cs.staff.au.dk
+		mgmt.staff.au.dk
+		stll.au.dk
+		sts.au.dk
+		studypedia.au.dk
+		sufism.au.dk
+		susa.au.dk
+		tdm.au.dk
+		techne.au.dk
+		thiele.au.dk
+		tnu.au.dk
+		trykkeri.au.dk
+		undervisermetro.au.dk
+		unike.au.dk
+		upnet.au.dk
+		urbnet.au.dk
+		usesofthepast.au.dk
+		verso.au.dk
+		vikingoldnorse.au.dk
+		watec.au.dk
+		wia.au.dk
+
+	Different content on HTTPS:
+		mangrove.au.dk
+		cloud.phys.au.dk
+
+	Invalid redirect:
+		neptun.phys.au.dk
+		neptun-in-spe.phys.au.dk
+
+	Redirect to HTTP:
+		alumne.au.dk
+		asem.au.dk
+		badm.au.dk
+		besenbacher.au.dk
+		bibliotek.au.dk
+		cafe.au.dk
+		carb.au.dk
+		careerevents.au.dk
+		media.cavi.au.dk
+		digitalexperience.projects.cavi.au.dk
+		ccc.au.dk
+		cfem.au.dk
+		cem.chem.au.dk
+		cmc.chem.au.dk
+		cir.au.dk
+		cocoa.au.dk
+		conamore.au.dk
+		cpl.au.dk
+		creates.au.dk
+		crf.au.dk
+		www.cs.au.dk
+		auinstallation28.cs.au.dk
+		soil.auinstallation31.cs.au.dk
+		cns.auinstallation34.cs.au.dk
+		cio.cs.au.dk
+		ctic.au.dk
+		cul.au.dk
+		darwin.au.dk
+		dce.au.dk
+		dce-conference.au.dk
+		doping.au.dk
+		ecamp11.au.dk
+		nenet.econ.au.dk
+		ecora.au.dk
+		ecosense.au.dk
+		epdic14.au.dk
+		executive.au.dk
+		femtolab.au.dk
+		forens.au.dk
+		forskningsskib.au.dk
+		gensap.au.dk
+		geomicrobiology.au.dk
+		gerda.au.dk
+		go4baltic.au.dk
+		grads.au.dk
+		graduatestudies.au.dk
+		herbarium.au.dk
+		td.hih.au.dk
+		icoa.au.dk
+		icpms.au.dk
+		inanoschool.au.dk
+		into-cps.au.dk
+		isms.au.dk
+		ivs.au.dk
+		katrinebjerg.au.dk
+		konferencer.au.dk
+		bartholin.library.au.dk
+		fuglesang.library.au.dk
+		herning.library.au.dk
+		linor.au.dk
+		madalgo.au.dk
+		mapp.au.dk
+		marslab.au.dk
+		masters.au.dk
+		auhe.medarbejdere.au.dk
+		badm.medarbejdere.au.dk
+		cs.medarbejdere.au.dk
+		cudim.medarbejdere.au.dk
+		dac.medarbejdere.au.dk
+		forens.medarbejdere.au.dk
+		inanoschool.medarbejdere.au.dk
+		odont.medarbejdere.au.dk
+		skt.medarbejdere.au.dk
+		medu.au.dk
+		mfps-2016.au.dk
+		monitech.au.dk
+		mrnp.au.dk
+		nanomed.au.dk
+		ncrr.au.dk
+		nenet.au.dk
+		news.au.dk
+		nmr.au.dk
+		nnpe.au.dk
+		odont.au.dk
+		odontologi.au.dk
+		orgnano.au.dk
+		palms2015.au.dk
+		perfusionistskolen.au.dk
+		person.au.dk
+		oro.phys.au.dk
+		pumpkin.au.dk
+		qleap.au.dk
+		retsmedicin.au.dk
+		samfundsvidenskab.au.dk
+		semiotics.au.dk
+		skt.au.dk
+		badm.staff.au.dk
+		inano.staff.au.dk
+		students.au.dk
+		oecon.studerende.au.dk
+		studieguide.au.dk
+		studiemetro.au.dk
+		talent.au.dk
+		tgf.au.dk
+		tilvalg.au.dk
+		tribct2014.au.dk
+		tto.au.dk
+		unity.au.dk
+		voltres.au.dk
+		webshop.au.dk
+		wifi.au.dk
+		yourniversity.au.dk
+
+	Not user facing:
+		lyncdiscover.agro.au.dk
+		lyncdiscover.aias.au.dk
+		lyncdiscover.anis.au.dk
+		lyncdiscover.ase.au.dk
+		lyncdiscover.biomed.au.dk
+		lyncdiscover.bios.au.dk
+		lyncdiscover.birc.au.dk
+		lyncdiscover.btech.au.dk
+		lyncdiscover.cas.au.dk
+		lyncdiscover.cavi.au.dk
+		lyncdiscover.cc.au.dk
+		lyncdiscover.cfin.au.dk
+		lyncdiscover.chem.au.dk
+		lyncdiscover.clin.au.dk
+		lyncdiscover.cs.au.dk
+		lyncdiscover.css.au.dk
+		lyncdiscover.dandrite.au.dk
+		lyncdiscover.dca.au.dk
+		lyncdiscover.dce.au.dk
+		lyncdiscover.dent.au.dk
+		lyncdiscover.econ.au.dk
+		lyncdiscover.edu.au.dk
+		lyncdiscover.eng.au.dk
+		lyncdiscover.envs.au.dk
+		lyncdiscover.food.au.dk
+		lyncdiscover.forens.au.dk
+		lyncdiscover.geo.au.dk
+		lyncdiscover.icoa.au.dk
+		lyncdiscover.inano.au.dk
+		lyncdiscover.innox.au.dk
+		lyncdiscover.koll.au.dk
+		lyncdiscover.law.au.dk
+		lyncdiscover.au.dk
+		lyncdiscover.madalgo.au.dk
+		lyncdiscover.math.au.dk
+		lyncdiscover.mbg.au.dk
+		lyncdiscover.mgmt.au.dk
+		lyncdiscover.oncology.au.dk
+		lyncdiscover.ph.au.dk
+		lyncdiscover.phys.au.dk
+		lyncdiscover.ps.au.dk
+		lyncdiscover.psy.au.dk
+		lyncdiscover.qgm.au.dk
+		lyncdiscover.sm.au.dk
+		lyncdiscover.stll.au.dk
+		lyncdiscover.tdm.au.dk
+		lyncdiscover.uni.au.dk
+-->
+
+<ruleset name="au.dk">
+	<target host="au.dk" />
+	<target host="www.au.dk" />
+	<target host="www.acl.au.dk" />
+	<target host="adgangskontrol.au.dk" />
+	<target host="web01.agro.au.dk" />
+	<target host="web01t.agro.au.dk" />
+	<target host="web02.agro.au.dk" />
+	<target host="web04.agro.au.dk" />
+	<target host="web05.agro.au.dk" />
+	<target host="agrsci.au.dk" />
+	<target host="booking-katrinebjerg.ase.au.dk" />
+	<target host="booking-navitas.ase.au.dk" />
+	<target host="stockmanager.ase.au.dk" />
+	<target host="arts.augo.au.dk" />
+	<target host="bss.augo.au.dk" />
+	<target host="infrastruktur-services.auit.au.dk" />
+	<target host="bachelor.au.dk" />
+	<target host="aestetik.bibliotek.au.dk" />
+	<target host="moesgaard.bibliotek.au.dk" />
+	<target host="archive.bilingualism.au.dk" />
+	<target host="kl01.bios.au.dk" />
+	<target host="kw01.bios.au.dk" />
+	<target host="kw02.bios.au.dk" />
+	<target host="kw03.bios.au.dk" />
+	<target host="kw04.bios.au.dk" />
+	<target host="sciurus.bios.au.dk" />
+	<target host="shiny.bios.au.dk" />
+	<target host="xylaria.bios.au.dk" />
+	<target host="services.birc.au.dk" />
+	<target host="blackboard.au.dk" />
+	<target host="www.blackboard.au.dk" />
+	<target host="cbd.btech.au.dk" />
+	<target host="projects.cavi.au.dk" />
+	<target host="designspace.projects.cavi.au.dk" />
+	<target host="design-space.projects.cavi.au.dk" />
+	<target host="designspaceanalysistool.projects.cavi.au.dk" />
+	<target host="design-space-analysis-tool.projects.cavi.au.dk" />
+	<target host="designspaceschema.projects.cavi.au.dk" />
+	<target host="dsanalysistool.projects.cavi.au.dk" />
+	<target host="ds-analysis-tool.projects.cavi.au.dk" />
+	<target host="libraries.projects.cavi.au.dk" />
+	<target host="login.projects.cavi.au.dk" />
+	<target host="mysql.projects.cavi.au.dk" />
+	<target host="tm-resource.projects.cavi.au.dk" />
+	<target host="digitalliteracy.cc.au.dk" />
+	<target host="illuminate.cc.au.dk" />
+	<target host="cmc-old.chem.au.dk" />
+	<target host="kiros.chem.au.dk" />
+	<target host="www.kiros.chem.au.dk" />
+	<target host="vdr.chem.au.dk" />
+	<target host="trialpartner.clin.au.dk" />
+	<target host="cpw.au.dk" />
+	<target host="43aui02.cs.au.dk" />
+	<target host="43aui03.cs.au.dk" />
+	<target host="43aui04.cs.au.dk" />
+	<target host="43aui05.cs.au.dk" />
+	<target host="43aui06.cs.au.dk" />
+	<target host="43aui07.cs.au.dk" />
+	<target host="43aui08.cs.au.dk" />
+	<target host="adasb.cs.au.dk" />
+	<target host="agrsci.cs.au.dk" />
+	<target host="aucms.cs.au.dk" />
+	<target host="test.aucommon.cs.au.dk" />
+	<target host="aucommon-opgr.cs.au.dk" />
+	<target host="auinstallation01.cs.au.dk" />
+	<target host="auinstallation02.cs.au.dk" />
+	<target host="auinstallation03.cs.au.dk" />
+	<target host="auinstallation04.cs.au.dk" />
+	<target host="auinstallation05.cs.au.dk" />
+	<target host="auinstallation06.cs.au.dk" />
+	<target host="auinstallation07.cs.au.dk" />
+	<target host="auinstallation08.cs.au.dk" />
+	<target host="auinstallation09.cs.au.dk" />
+	<target host="auinstallation10.cs.au.dk" />
+	<target host="auinstallation10i.cs.au.dk" />
+	<target host="auinstallation11.cs.au.dk" />
+	<target host="auinstallation12.cs.au.dk" />
+	<target host="auinstallation13.cs.au.dk" />
+	<target host="auinstallation14.cs.au.dk" />
+	<target host="auinstallation14test.cs.au.dk" />
+	<target host="auinstallation15.cs.au.dk" />
+	<target host="auinstallation16.cs.au.dk" />
+	<target host="auinstallation17.cs.au.dk" />
+	<target host="auinstallation18.cs.au.dk" />
+	<target host="auinstallation18test.cs.au.dk" />
+	<target host="auinstallation19.cs.au.dk" />
+	<target host="auinstallation20.cs.au.dk" />
+	<target host="auinstallation21.cs.au.dk" />
+	<target host="auinstallation22.cs.au.dk" />
+	<target host="auinstallation23.cs.au.dk" />
+	<target host="auinstallation24.cs.au.dk" />
+	<target host="auinstallation25.cs.au.dk" />
+	<target host="auinstallation26.cs.au.dk" />
+	<target host="auinstallation27.cs.au.dk" />
+	<target host="auinstallation28.cs.au.dk" />
+	<target host="auinstallation36test.cs.au.dk" />
+	<target host="auinstallation37.cs.au.dk" />
+	<target host="auinstallation38.cs.au.dk" />
+	<target host="auinstallation39.cs.au.dk" />
+	<target host="auinstallation41.cs.au.dk" />
+	<target host="auinstallation45.cs.au.dk" />
+	<target host="auinstallation46.cs.au.dk" />
+	<target host="auinstallation47.cs.au.dk" />
+	<target host="auinstallationd.cs.au.dk" />
+	<target host="auinstallationpers.cs.au.dk" />
+	<target host="auit-test.cs.au.dk" />
+	<target host="aukurser.cs.au.dk" />
+	<target host="aumodel.cs.au.dk" />
+	<target host="aunewsconfig.cs.au.dk" />
+	<target host="autest2.cs.au.dk" />
+	<target host="autest453.cs.au.dk" />
+	<target host="cct.cs.au.dk" />
+	<target host="cctt.cs.au.dk" />
+	<target host="challenge.cs.au.dk" />
+	<target host="daimi.cs.au.dk" />
+	<target host="damrte.cs.au.dk" />
+	<target host="directmail.cs.au.dk" />
+	<target host="djf.cs.au.dk" />
+	<target host="djftest.cs.au.dk" />
+	<target host="dovs.cs.au.dk" />
+	<target host="dummy1.cs.au.dk" />
+	<target host="dummy2.cs.au.dk" />
+	<target host="i13test.cs.au.dk" />
+	<target host="i26test.cs.au.dk" />
+	<target host="i32test.cs.au.dk" />
+	<target host="newsdevprod.cs.au.dk" />
+	<target host="newsroomkursus.cs.au.dk" />
+	<target host="newstest.cs.au.dk" />
+	<target host="aucommon.nfitdev.cs.au.dk" />
+	<target host="aumodel.nfitdev.cs.au.dk" />
+	<target host="nystudieguide.cs.au.dk" />
+	<target host="old.cs.au.dk" />
+	<target host="omnibustest.cs.au.dk" />
+	<target host="phdassociation.cs.au.dk" />
+	<target host="smatest.cs.au.dk" />
+	<target host="au.test.cs.au.dk" />
+	<target host="testbrugerinterface.cs.au.dk" />
+	<target host="tinyop.cs.au.dk" />
+	<target host="tnystudieguide.cs.au.dk" />
+	<target host="tradostest.cs.au.dk" />
+	<target host="typo3-opgr.cs.au.dk" />
+	<target host="utf8test.cs.au.dk" />
+	<target host="webtest.cs.au.dk" />
+	<target host="cse.au.dk" />
+	<target host="dial.au.dk" />
+	<target host="dime.au.dk" />
+	<target host="driftstatus.au.dk" />
+	<target host="www.driftstatus.au.dk" />
+	<target host="eksamen.au.dk" />
+	<target host="fieldbabel.eng.au.dk" />
+	<target host="harvestlog.eng.au.dk" />
+	<target host="tiipwilab.eng.au.dk" />
+	<target host="vision.eng.au.dk" />
+	<target host="engelsk.au.dk" />
+	<target host="admin.evacuate.au.dk" />
+	<target host="old.geomicrobiology.au.dk" />
+	<target host="gitlab.au.dk" />
+	<target host="service.health.au.dk" />
+	<target host="hires.au.dk" />
+	<target host="ifi.au.dk" />
+	<target host="imv.au.dk" />
+	<target host="pov.imv.au.dk" />
+	<target host="vdr.inano.au.dk" />
+	<target host="international.au.dk" />
+	<target host="italiensk.au.dk" />
+	<target host="itbib.au.dk" />
+	<target host="jobbank.au.dk" />
+	<target host="konvloop.au.dk" />
+	<target host="ws.konvloop.au.dk" />
+	<target host="kursuskatalog.au.dk" />
+	<target host="labbook.au.dk" />
+	<target host="bssdb.library.au.dk" />
+	<target host="litteraturhistorie.au.dk" />
+	<target host="lotus.au.dk" />
+	<target host="ludomani.au.dk" />
+	<target host="data.math.au.dk" />
+	<target host="medarbejdere.au.dk" />
+	<target host="bss.medarbejdere.au.dk" />
+	<target host="mindlab.au.dk" />
+	<target host="www.mindlab.au.dk" />
+	<target host="mit.au.dk" />
+	<target host="mitstudie.au.dk" />
+	<target host="mrbooking.au.dk" />
+	<target host="nfit.au.dk" />
+	<target host="cmsphpmyadmin.nfit.au.dk" />
+	<target host="ipure.nfit.au.dk" />
+	<target host="pureredirect.nfit.au.dk" />
+	<target host="ssl.nfit.au.dk" />
+	<target host="svn.nfit.au.dk" />
+	<target host="testpureredirect.nfit.au.dk" />
+	<target host="ofn.au.dk" />
+	<target host="open-tdm.au.dk" />
+	<target host="orbitlab.au.dk" />
+	<target host="build.orbitlab.au.dk" />
+	<target host="identity.orbitlab.au.dk" />
+	<target host="overture.au.dk" />
+	<target host="build.overture.au.dk" />
+	<target host="pages-tdm.au.dk" />
+	<target host="amp.phys.au.dk" />
+	<target host="astroparticle.phys.au.dk" />
+	<target host="dars.phys.au.dk" />
+	<target host="soda.phys.au.dk" />
+	<target host="pinkode.au.dk" />
+	<target host="post.au.dk" />
+	<target host="projects.au.dk" />
+	<target host="pure.au.dk" />
+	<target host="remote.au.dk" />
+	<target host="resourcebooker.au.dk" />
+	<target host="www.resourcebooker.au.dk" />
+	<target host="schedule.au.dk" />
+	<target host="www.schedule.au.dk" />
+	<target host="contract2018.scitech.au.dk" />
+	<target host="kontrakt.scitech.au.dk" />
+	<target host="secureaware.au.dk" />
+	<target host="secureresearchmanager.au.dk" />
+	<target host="serviceinfo.au.dk" />
+	<target host="www.serviceinfo.au.dk" />
+	<target host="sider2013.au.dk" />
+	<target host="slk.au.dk" />
+	<target host="software.au.dk" />
+	<target host="st-bygningsservice.au.dk" />
+	<target host="studentervaeksthus.au.dk" />
+	<target host="studerende.au.dk" />
+	<target host="arts.studyabroad.au.dk" />
+	<target host="health.studyabroad.au.dk" />
+	<target host="support.au.dk" />
+	<target host="support-agent.au.dk" />
+	<target host="surveyinfo.au.dk" />
+	<target host="tand.au.dk" />
+	<target host="www.tand.au.dk" />
+	<target host="teo.au.dk" />
+	<target host="treat.au.dk" />
+	<target host="www.treat.au.dk" />
+	<target host="typo3.au.dk" />
+	<target host="pexipservers.video.au.dk" />
+	<target host="vmeet.au.dk" />
+	<target host="pexipservers.vmeet.au.dk" />
+	<target host="pxextdmz01.vmeet.au.dk" />
+	<target host="pxextdmz02.vmeet.au.dk" />
+	<target host="webmail.au.dk" />
+	<target host="dna-robotics.wiki.au.dk" />
+
+	<!-- CDN -->
+	<target host="www.aucdn.dk" />
+		<test url="http://www.aucdn.dk/2016/assets/img/logos.svg" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Auchan.ru.xml b/src/chrome/content/rules/Auchan.ru.xml
new file mode 100644
index 000000000000..c8089dcb5e48
--- /dev/null
+++ b/src/chrome/content/rules/Auchan.ru.xml
@@ -0,0 +1,7 @@
+<ruleset name="Auchan.ru">
+	<target host="auchan.ru" />
+	<target host="www.auchan.ru" />
+	<target host="extranet.auchan.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Aucklandairport.co.nz.xml b/src/chrome/content/rules/Aucklandairport.co.nz.xml
new file mode 100644
index 000000000000..0eceeecc4f9b
--- /dev/null
+++ b/src/chrome/content/rules/Aucklandairport.co.nz.xml
@@ -0,0 +1,6 @@
+<ruleset name="Aucklandairport.co.nz">
+  <target host="aucklandairport.co.nz" />
+  <target host="www.aucklandairport.co.nz" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Auctionbunker.xml b/src/chrome/content/rules/Auctionbunker.xml
deleted file mode 100644
index a41bed9eaeb7..000000000000
--- a/src/chrome/content/rules/Auctionbunker.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Auctionbunker">
-
-	<target host="auctionbunker.com" />
-	<target host="*.auctionbunker.com" />
-
-
-	<securecookie host="^(?:w*\.)?auctionbunker\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?auctionbunker\.com/"
-		to="https://$1auctionbunker.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Auctionthing.net.xml b/src/chrome/content/rules/Auctionthing.net.xml
new file mode 100644
index 000000000000..fac22830f52e
--- /dev/null
+++ b/src/chrome/content/rules/Auctionthing.net.xml
@@ -0,0 +1,9 @@
+<ruleset name="auctionthing.net">
+
+	<target host="auctionthing.net" />
+	<target host="www.auctionthing.net" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Auctiva.com.xml b/src/chrome/content/rules/Auctiva.com.xml
new file mode 100644
index 000000000000..7d37f62d7f9f
--- /dev/null
+++ b/src/chrome/content/rules/Auctiva.com.xml
@@ -0,0 +1,35 @@
+<!--
+	Invalid certificate:
+		betatest.auctiva.com
+		l.e.auctiva.com
+		eduimg.auctiva.com
+		livechat.auctiva.com (broken chain)
+		status.auctiva.com
+
+	Refused:
+		emporium.auctiva.com
+		store.auctiva.com
+		storefilter.auctiva.com
+
+-->
+<ruleset name="Auctiva.com">
+
+	<target host="auctiva.com" />
+	<target host="www.auctiva.com" />
+	<target host="asw.auctiva.com" />
+	<target host="community.auctiva.com" />
+	<target host="counters.auctiva.com" />
+		<test url="http://counters.auctiva.com/aucount/0" />
+	<target host="www.community.auctiva.com" />
+	<target host="img.auctiva.com" />
+	<target host="support.auctiva.com" />
+	<target host="scimg.auctiva.com" />
+		<test url="http://scimg.auctiva.com/imgsc/0/0/0/0/0/8/sc/110024537942.jpg" />
+	<target host="scrollinggallery.auctiva.com" />
+		<test url="http://scrollinggallery.auctiva.com/gallery/redirect/AUCTIVA/1302906/0/6" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Audemars_Piguet.com.xml b/src/chrome/content/rules/Audemars_Piguet.com.xml
index 666e1f1adbc2..d5ccc4e0ea69 100644
--- a/src/chrome/content/rules/Audemars_Piguet.com.xml
+++ b/src/chrome/content/rules/Audemars_Piguet.com.xml
@@ -14,7 +14,7 @@
 <ruleset name="Audemars Piguet.com">
 
 	<target host="audemarspiguet.com" />
-	<target host="*.audemarspiguet.com" />
+	<target host="www.audemarspiguet.com" />
 
 
 	<securecookie host="^\.audemarspiguet\.com$" name=".+" />
@@ -23,4 +23,4 @@
 	<rule from="^http://(?:www\.)?audemarspiguet\.com/"
 		to="https://www.audemarspiguet.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Audentio.com.xml b/src/chrome/content/rules/Audentio.com.xml
new file mode 100644
index 000000000000..ff84fd9e60b8
--- /dev/null
+++ b/src/chrome/content/rules/Audentio.com.xml
@@ -0,0 +1,16 @@
+<ruleset name="Audentio.com">
+
+	<target host="audentio.com" />
+	<target host="www.audentio.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.audentio\.com$" name="^ci_session$" /-->
+
+	<securecookie host="^www\.audentio\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Audible.de.xml b/src/chrome/content/rules/Audible.de.xml
index aecd7241dbdd..727b62d3cdf6 100644
--- a/src/chrome/content/rules/Audible.de.xml
+++ b/src/chrome/content/rules/Audible.de.xml
@@ -1,8 +1,12 @@
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://audible.de/ => https://www.audible.de/: Cycle detected - URL already encountered: https://www.audible.de/
+-->
 <ruleset name="Audible.de" platform="mixedcontent">
   <target host="audible.de"/>
-  <target host="*.audible.de"/>
+  <target host="www.audible.de" />
 
-  <securecookie host="^(.*\.)?audible\.de$" name=".*" />
+  <securecookie host=".+" name=".+"/>
 
   <rule from="^http://(?:www\.)?audible\.de/" to="https://www.audible.de/"/>
   <rule from="^http://audible\.de/" to="https://www.audible.de/"/>
diff --git a/src/chrome/content/rules/Audicon.net.xml b/src/chrome/content/rules/Audicon.net.xml
new file mode 100644
index 000000000000..acf6350f3e00
--- /dev/null
+++ b/src/chrome/content/rules/Audicon.net.xml
@@ -0,0 +1,16 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://audicon.net/ => https://audicon.net/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.audicon.net/ => https://www.audicon.net/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+-->
+<ruleset name="Audicon.net" default_off="failed ruleset test">
+  <target host="audicon.net" />
+  <target host="www.audicon.net" />
+
+  <securecookie host=".+" name=".+" />
+
+  <rule from="^http:"
+          to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Audience-Ad-Network.xml b/src/chrome/content/rules/Audience-Ad-Network.xml
index 71900de214d2..c12f922c5e5b 100644
--- a/src/chrome/content/rules/Audience-Ad-Network.xml
+++ b/src/chrome/content/rules/Audience-Ad-Network.xml
@@ -1,4 +1,12 @@
-<ruleset name="Audience Ad Network (partial)" platform="mixedcontent">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://manage.audienceadnetwork.com/ => https://manage.audienceadnetwork.com/: (6, 'Could not resolve host: manage.audienceadnetwork.com')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://manage.audienceadnetwork.com/ => https://manage.audienceadnetwork.com/: (28, 'Resolving timed out after 10520 milliseconds')
+-->
+<ruleset name="Audience Ad Network (partial)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="manage.audienceadnetwork.com"/>
 	<target host="*.qwobl.net"/>
@@ -9,7 +17,7 @@
 	<rule from="^http://(\w+)\.qwobl\.net/"
 		to="https://$1.qwobl.net/"/>
 
-	<securecookie host="^manage\.audienceadnetwork\.com$" name=".*"/>
-	<securecookie host="^\.qwobl\.net$" name=".*"/>
+	<securecookie host="^manage\.audienceadnetwork\.com$" name=".+" />
+	<securecookie host="^\.qwobl\.net$" name=".+" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Audience-Discovery.com.xml b/src/chrome/content/rules/Audience-Discovery.com.xml
deleted file mode 100644
index 3143e5d58569..000000000000
--- a/src/chrome/content/rules/Audience-Discovery.com.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	For other nPario coverage, see nPario.xml.
-
--->
-<ruleset name="Audience-Discovery.com">
-
-	<target host="audience-discovery.com" />
-	<target host="*.audience-discovery.com" />
-
-
-	<securecookie host="^(?:w*\.)?audience-discovery\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?audience-discovery\.com/"
-		to="https://$1audience-discovery.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/AudienceScience.xml b/src/chrome/content/rules/AudienceScience.xml
index ab6c56d34a7f..b7d3d4791d23 100644
--- a/src/chrome/content/rules/AudienceScience.xml
+++ b/src/chrome/content/rules/AudienceScience.xml
@@ -4,44 +4,44 @@
 		- Audience_Targeting.xml
 
 
-	Nonfunctional domains:
+	Nonfunctional subdomains:
 
-		- (www.)audiencescience.com
+		- (www.) ¹
+		- login ²
+    - gateway
 
--->
-<ruleset name="AudienceScience">
+	¹ Shows default page
+	² Reset
 
-	<target host="login.audiencescience.com" />
-	<target host="*.revsci.net" />
-	<target host="ad.targetingmarketplace.com" />
-	<target host="wunderloop.net" />
-	<target host="*.wunderloop.net" />
-	<target host="req.connect.wunderloop.net" />
 
+	Problematic subdomains:
 
-	<securecookie host="^login\.audiencescience\.com$" name=".*" />
-	<securecookie host="^\.revsci\.net$" name=".*" />
-	<securecookie host="^.+\.wunderloop\.net$" name=".+" />
+		- demand *
 
+	* Mismatched
 
-	<rule from="^http://login\.audiencescience\.com/"
-		to="https://login.audiencescience.com/" />
 
-	<rule from="^http://(ads|js|pix|pix0[124])\.revsci\.net/"
-		to="https://$1.revsci.net/" />
+	Insecure cookies are set for these hosts:
 
-	<rule from="^https?://ad.targetingmarketplace.com/"
-		to="https://ad.yieldmanager.com/" />
+		- gateway.audiencescience.com
+
+
+	Mixed content:
+
+		- css on demand from fonts.googleapis.com *
 
-	<!--	- (www.) doesn't work over https
-		- 301s over http
-					-->
-	<rule from="^https?://(?:connect\.|www\.)?wunderloop\.net/"
-		to="https://connect.wunderloop.net/" />
+	* Secured by us
 
-	<!--	req: included on 3rd-party websites.
-							-->
-	<rule from="^http://req\.connect\.wunderloop\.net/"
-		to="https://req.connect.wunderloop.net/" />
+-->
+<ruleset name="AudienceScience">
+
+	<!--	Complications -->
+	<target host="ad.targetingmarketplace.com" />
+
+	<!--	Not secured by server: -->
+	<securecookie host="^demand\.audiencescience\.com$" name="^hsPagesViewedThisSession$" />
+
+	<rule from="^http://ad\.targetingmarketplace\.com/"
+		to="https://ad.yieldmanager.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Audience_Amplify.com.xml b/src/chrome/content/rules/Audience_Amplify.com.xml
deleted file mode 100644
index 0f2d64c66b1f..000000000000
--- a/src/chrome/content/rules/Audience_Amplify.com.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)	(404; mismatched, CN: *.websitewelcome.com)
-		- blog		(tumblr)
-
-
-	Problematic subdomains:
-
-		- ads		(mismatched, CN: *.adnxs.com)
-		- console	(works; mismatched, CN: console.appnexus.com)
-
--->
-<ruleset name="Audience Amplify.com (partial)">
-
-	<target host="ads.audienceamplify.com" />
-
-
-	<rule from="^http://ads\.audienceamplify\.com/"
-		to="https://ib.adnxs.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Audience_IQ.com.xml b/src/chrome/content/rules/Audience_IQ.com.xml
new file mode 100644
index 000000000000..ea1096b96e97
--- /dev/null
+++ b/src/chrome/content/rules/Audience_IQ.com.xml
@@ -0,0 +1,28 @@
+<!--
+	For other Experian coverage, see Experian.xml.
+
+
+	^audienceiq.com doesn't exist.
+
+-->
+<ruleset name="Audience IQ.com">
+
+	<target host="*.audienceiq.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.audienceiq\.com$" name="^uid$" /-->
+
+	<securecookie host="^\.audienceiq\.com$" name=".+" />
+
+
+	<!--	Redirect drops path and args:
+						-->
+	<rule from="^http://www\.audienceiq\.com/.*"
+		to="https://www.experian.com/business-services/digital-advertising.html?cat1=marketing-services" />
+
+	<rule from="^http://d\.audienceiq\.com/"
+		to="https://d.audienceiq.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Audience_Targeting.xml b/src/chrome/content/rules/Audience_Targeting.xml
index 1e657e0767b5..1230373a2b8c 100644
--- a/src/chrome/content/rules/Audience_Targeting.xml
+++ b/src/chrome/content/rules/Audience_Targeting.xml
@@ -5,7 +5,7 @@
 	This ruleset is separate only because it is off by default.
 
 -->
-<ruleset name="Audience Targeting" default_off="mismatch">
+<ruleset name="Audience Targeting" default_off="mismatched">
 
 	<target host="audiencetargeting.com" />
 	<target host="www.audiencetargeting.com" />
@@ -16,7 +16,7 @@
 
 	<!--	cert: *.audiencescience.com
 						-->
-	<rule from="^https?://(?:www\.)?audiencescience\.com/"
+	<rule from="^http://(?:www\.)?audiencescience\.com/"
 		to="https://audiencescience.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Audiko.net.xml b/src/chrome/content/rules/Audiko.net.xml
new file mode 100644
index 000000000000..a14de8891dd6
--- /dev/null
+++ b/src/chrome/content/rules/Audiko.net.xml
@@ -0,0 +1,21 @@
+<!--
+	Non-functional hosts:
+		Certifcate mismatched:
+		- s4.audiko.net
+		- s5.audiko.net
+		- www.audiko.net
+-->
+<ruleset name="Audiko.net">
+
+	<target host="audiko.net" />
+	<target host="www.audiko.net" />
+	<target host="css.cdn.audiko.net" />
+	<target host="jpg.st.audiko.net" />
+
+	<rule from="^http://www\.audiko\.net/"
+		to="https://audiko.net/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Audiko.xml b/src/chrome/content/rules/Audiko.xml
deleted file mode 100644
index afa7cdac0e64..000000000000
--- a/src/chrome/content/rules/Audiko.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<ruleset name="Audiko" platform="mixedcontent">
-
-	<target host="audiko.net" />
-	<target host="*.audiko.net" />
-	<target host="css.cdn.audiko.net" />
-	<target host="jpg.st.audiko.net" />
-
-
-	<rule from="^http://(s[45]\.|www\.)?audiko\.net/"
-		to="https://$1audiko.net/" />
-
-	<rule from="^https?://css\.cdn\.audiko\.net/"
-		to="https://d21bsjqmai8lm5.cloudfront.net/" />
-
-	<rule from="^https?://jpg\.st\.audiko\.net/"
-		to="https://s4.audiko.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/AudioBooks.com.xml b/src/chrome/content/rules/AudioBooks.com.xml
new file mode 100644
index 000000000000..c67ce833bc4c
--- /dev/null
+++ b/src/chrome/content/rules/AudioBooks.com.xml
@@ -0,0 +1,19 @@
+<ruleset name="AudioBooks.com">
+	<target host="audiobooks.com" />
+	<target host="www.audiobooks.com" />
+	<target host="affiliates.audiobooks.com" />
+	<target host="api.audiobooks.com" />
+	<target host="au.audiobooks.com" />
+	<target host="blog.audiobooks.com" />
+	<target host="ca.audiobooks.com" />
+	<target host="covers.audiobooks.com" />
+		<test url="http://covers.audiobooks.com/images/covers/full/9781529010756.jpg" />
+	<target host="images.audiobooks.com" />
+		<test url="http://images.audiobooks.com/cds/home-press-logos/forbes-white.png" />
+	<target host="m.audiobooks.com" />
+	<target host="uk.audiobooks.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AudioGO.xml b/src/chrome/content/rules/AudioGO.xml
index 158f0639f372..e6948037f8c8 100644
--- a/src/chrome/content/rules/AudioGO.xml
+++ b/src/chrome/content/rules/AudioGO.xml
@@ -1,11 +1,17 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://audiogo.com/ => https://www.audiogo.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://audiogo.com/ => https://www.audiogo.com/: (7, 'Failed to connect to www.audiogo.com port 443: Connection refused')
 	!www: times out
 
 -->
-<ruleset name="AudioGO">
+<ruleset name="AudioGO" default_off="failed ruleset test">
 
 	<target host="audiogo.com" />
-	<target host="*.audiogo.com" />
+	<target host="www.audiogo.com" />
 
 
 	<securecookie host="^\.?www\.audiogo\.com$" name=".+" />
@@ -14,4 +20,4 @@
 	<rule from="^http://(?:www\.)?audiogo\.com/"
 		to="https://www.audiogo.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Audioboo.fm.xml b/src/chrome/content/rules/Audioboo.fm.xml
new file mode 100644
index 000000000000..816e19c9a41f
--- /dev/null
+++ b/src/chrome/content/rules/Audioboo.fm.xml
@@ -0,0 +1,18 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://www.audioboo.fm/ (200) => https://www.audioboo.fm/ (503)
+
+	support: zendesk
+
+-->
+<ruleset name="Audioboo.fm (partial)" default_off="failed ruleset test">
+
+	<target host="audioboo.fm" />
+	<target host="www.audioboo.fm" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Audioscrobbler.com.xml b/src/chrome/content/rules/Audioscrobbler.com.xml
new file mode 100644
index 000000000000..7c209fcb4c7b
--- /dev/null
+++ b/src/chrome/content/rules/Audioscrobbler.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="Audioscrobbler.com">
+
+	<target host="audioscrobbler.com" />
+	<target host="www.audioscrobbler.com" />
+
+	<target host="post.audioscrobbler.com" />
+	<target host="post2.audioscrobbler.com" />
+	<target host="ws.audioscrobbler.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Audioz.download.xml b/src/chrome/content/rules/Audioz.download.xml
new file mode 100644
index 000000000000..e8be1627f9f6
--- /dev/null
+++ b/src/chrome/content/rules/Audioz.download.xml
@@ -0,0 +1,6 @@
+<ruleset name="Audioz.download">
+	<target host="audioz.download" />
+	<target host="www.audioz.download" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Audubon.org.xml b/src/chrome/content/rules/Audubon.org.xml
new file mode 100644
index 000000000000..a5bf35870586
--- /dev/null
+++ b/src/chrome/content/rules/Audubon.org.xml
@@ -0,0 +1,33 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://secure.audubon.org/ => https://secure.audubon.org/: (51, "SSL: no alternative certificate subject name matches target host name 'audubon.org'")
+Fetch error: http://www.audubon.org/ => https://www.audubon.org/: Too many redirects while fetching 'https://www.audubon.org/'
+Fetch error: http://audubon.org/ => https://www.audubon.org/: Too many redirects while fetching 'https://www.audubon.org/'
+
+	^audubon.org: Mismatched
+
+-->
+<ruleset name="Audubon.org" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="secure.audubon.org" />
+	<target host="www.audubon.org" />
+
+	<!--	Complications:
+				-->
+	<target host="audubon.org" />
+
+
+	<securecookie host="^\." name="^_gat?$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://audubon\.org/"
+		to="https://www.audubon.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Aufbau.org.xml b/src/chrome/content/rules/Aufbau.org.xml
new file mode 100644
index 000000000000..a40a4507df8e
--- /dev/null
+++ b/src/chrome/content/rules/Aufbau.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="Aufbau.org">
+	<target host="aufbau.org" />
+	<target host="www.aufbau.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Aufbix.org-problematic.xml b/src/chrome/content/rules/Aufbix.org-problematic.xml
index 191fa670541f..7290a529c1b2 100644
--- a/src/chrome/content/rules/Aufbix.org-problematic.xml
+++ b/src/chrome/content/rules/Aufbix.org-problematic.xml
@@ -10,7 +10,6 @@
 	<securecookie host="^tnt\.aufbix\.org$" name=".+" />
 
 
-	<rule from="^http://tnt\.aufbix\.org/"
-		to="https://tnt.aufbix.org/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Aufbix.org.xml b/src/chrome/content/rules/Aufbix.org.xml
index fd0e08204d9e..0e651074aeb9 100644
--- a/src/chrome/content/rules/Aufbix.org.xml
+++ b/src/chrome/content/rules/Aufbix.org.xml
@@ -20,7 +20,6 @@
 	<securecookie host="^hydra\.aufbix\.org$" name=".+" />
 
 
-	<rule from="^http://hydra\.aufbix\.org/"
-		to="https://hydra.aufbix.org/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Augur.io.xml b/src/chrome/content/rules/Augur.io.xml
new file mode 100644
index 000000000000..ca27de2c96e1
--- /dev/null
+++ b/src/chrome/content/rules/Augur.io.xml
@@ -0,0 +1,16 @@
+<ruleset name="Augur.io">
+
+	<target host="augur.io" />
+	<target host="api.augur.io" />
+	<target host="auspice.augur.io" />
+	<target host="cdn.augur.io" />
+	<target host="request.augur.io" />
+	<target host="www.augur.io" />
+
+	<securecookie host="^\w" name=".+" />
+
+	<rule from="^http:" to="https:"/>
+
+</ruleset>
+
+
diff --git a/src/chrome/content/rules/August.com.xml b/src/chrome/content/rules/August.com.xml
new file mode 100644
index 000000000000..f4f8b47ae608
--- /dev/null
+++ b/src/chrome/content/rules/August.com.xml
@@ -0,0 +1,14 @@
+<!--
+	Invalid certificate:
+		- blog.august.com
+-->
+
+<ruleset name="August.com">
+	<target host="august.com" />
+	<target host="www.august.com" />
+	<target host="partners.august.com" />
+	<target host="store.august.com" />
+	<target host="support.august.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Aulo.in.xml b/src/chrome/content/rules/Aulo.in.xml
index 2538ad6bf28d..cf84b4ef3ea6 100644
--- a/src/chrome/content/rules/Aulo.in.xml
+++ b/src/chrome/content/rules/Aulo.in.xml
@@ -1,9 +1,20 @@
-<ruleset name="Aulo.in" default_off="Certificate mismatch">
+<!--
+
+	Problematic hosts in *aulo.in:
+
+		- bigfatlanyards ᵛ
+		- ulminfo ᵛ
+
+	ᵛ Revoked
+
+-->
+<ruleset name="Aulo.in">
 
 	<target host="aulo.in" />
+	<target host="pns.aulo.in" />
 	<target host="www.aulo.in" />
 
-	<rule from="^http://(www\.)?aulo\.in/"
-		to="https://aulo.in/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Aunggo.com.xml b/src/chrome/content/rules/Aunggo.com.xml
deleted file mode 100644
index fc89f1388b88..000000000000
--- a/src/chrome/content/rules/Aunggo.com.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="aunggo.com">
-
-	<target host="tracking.aunggo.com" />
-
-
-	<rule from="^http://tracking\.aunggo\.com/"
-		to="https://gunggo.go2cloud.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Auphonic.com.xml b/src/chrome/content/rules/Auphonic.com.xml
new file mode 100644
index 000000000000..5cf85ce4c2c2
--- /dev/null
+++ b/src/chrome/content/rules/Auphonic.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="Auphonic.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="auphonic.com" />
+	<target host="www.auphonic.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Aurous.me.xml b/src/chrome/content/rules/Aurous.me.xml
new file mode 100644
index 000000000000..5c97c42e7e98
--- /dev/null
+++ b/src/chrome/content/rules/Aurous.me.xml
@@ -0,0 +1,25 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://aurous.me/ => https://aurous.me/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.aurous.me/ => https://www.aurous.me/: (60, 'SSL certificate problem: certificate has expired')
+
+	Nonfunctional hosts in *aurous.me:
+
+		- blog *
+
+	* Tumblr
+
+-->
+<ruleset name="Aurous.me (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="aurous.me" />
+	<target host="www.aurous.me" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AusCERT.org.xml b/src/chrome/content/rules/AusCERT.org.xml
index dd9f9206fd81..59ed7a79ae9e 100644
--- a/src/chrome/content/rules/AusCERT.org.xml
+++ b/src/chrome/content/rules/AusCERT.org.xml
@@ -4,7 +4,6 @@
 	<target host="www.auscert.org.au" />
 
 
-	<rule from="^http://(www\.)?auscert\.org\.au/"
-		to="https://$1auscert.org.au/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/AusGamers.com.xml b/src/chrome/content/rules/AusGamers.com.xml
index ba59cfaffe56..81c8af65cd54 100644
--- a/src/chrome/content/rules/AusGamers.com.xml
+++ b/src/chrome/content/rules/AusGamers.com.xml
@@ -1,14 +1,26 @@
-<!--	functional:
-		- au1cdn.ausgamers.com	(!on www)
-		- video.ausgamers.com	(ditto)
+<!--
+
+	Problematic hosts in *ausgamers.com:
+
+		- au1cdn (mismatched)
+		- files (mismatched)
+		- mail (mismatched)
+		- mail1 (mismatched)
+		- network (expired)
+		- qmailadmin (mismatched)
+		- syd1 (mismatched)
+		- us3cdn (mismatched)
+		- video (mismatched)
+		- whisper (mismatched)
+
 -->
-<ruleset name="AusGamers.com (buggy)" default_off="breaks CSS">
+<ruleset name="AusGamers.com">
 
-	<target host="ausgamers.com"/>
-	<target host="www.ausgamers.com"/>
+	<target host="ausgamers.com" />
+	<target host="www.ausgamers.com" />
+	<target host="test.ausgamers.com" />
 
-	<!--	images/ redirects to http	-->
-	<rule from="^http://(www\.)?ausgamers\.com/(account|ajax|res)/"
-		to="https://$1ausgamers.com/$1/"/>
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/AusPost.com.au.xml b/src/chrome/content/rules/AusPost.com.au.xml
new file mode 100644
index 000000000000..c92e997ade17
--- /dev/null
+++ b/src/chrome/content/rules/AusPost.com.au.xml
@@ -0,0 +1,289 @@
+<!--
+	Other related ruleset:
+		- StarTrack.com.au.xml
+
+	Nonfunctional subdomains:
+
+		- addsdev	²
+		- apex		¹
+		- ata	(mismatch hostname, CN: wfa.auspost.com.au)
+		- auspostcards	¹
+		- av1	(mismatch hostname, CN: lyncedge.auspost.com.au)
+		- b2b	¹
+		- test.b2b	(connection error)
+		- bcard		³
+		- businessconversation	¹
+		- campaigns	⁴
+		- catalogue	(mismatch hostname, CN: *.dynamiccatalogue.com.au)
+		- bamboo.cd	¹
+		- nexus.cd	¹
+		- stash.cd	¹
+		- citrixportal-d	¹
+		- cognosbi	³
+		- competitions	¹
+		- connect	⁵
+		- connect8	⁵
+		- contactus	⁵
+		- conversation	¹
+		- admin.deliveryclub	¹
+		- api.deliveryclub	¹
+		- devconnect	⁴
+		- dialin	²
+		- www.digitalmailbox	¹
+		- apccc.digitalmailbox	¹
+		- api.digitalmailbox	¹
+		- beta.digitalmailbox	¹
+		- customers.digitalmailbox	¹
+		- elms	²
+		- click.email	¹
+		- image.email	(mismatch hostname, CN: a248.e.akamai.net)
+		- pages.email	¹
+		- view.email	⁴
+		- esb		¹
+		- etendering	⁵
+		- exttibcosms	¹
+		- fireflow	¹
+		- geopaf	(invalid certificate chain)
+		- giftcard	¹
+		- greeting-cards	⁴
+		- smarteform.gslb	(mismatch hostname, CN: smarteform.auspost.com.au)
+		- guestportal	¹
+		- ice	¹
+		- ids	⁵
+		- inboxrewards		¹
+		- itops		¹
+		- lyncdiscover	²
+		- mail		¹
+		- maps	⁵
+		- meet	(invalid certificate chain)
+		- msg	(mismatch hostname, CN: *.au.whispir.com)
+		- myholidayflashback	(mismatch hostname, CN: *.gpyrdigital.com.au)
+		- myonlineshop		¹
+		- click.notifications		¹
+		- adfs.npe		¹
+		- cognosbi.npe		³
+		- customerportal-stest.npe		¹
+		- autodiscover.dev.npe	³
+		- elms-ptest.npe	(invalid certificate chain)
+		- elms-stest.npe	(invalid certificate chain)
+		- elms-training.npe	(invalid certificate chain)
+		- eparcel-pdev.npe	¹
+		- eparcel-ptest.npe	(invalid certificate chain)
+		- eparcel-sdev.npe	¹
+		- eparcel-svt.npe	(invalid certificate chain)
+		- esb-pdev.npe		¹
+		- esb-ptest.npe		¹
+		- esb-stest.npe		¹
+		- esb-svt.npe		¹
+		- extppapps.npe		(self-signed cert)
+		- extpsapps.npe		(mismatch hostname, CN: elms-stest.npe.auspost.com.au)
+		- extsitapps.npe	³
+		- extsvtapps.npe	³
+		- exttrnapps.npe	(invalid certificate chain)
+		- exttesttibcosms.npe	¹
+		- geopaf-pdev.npe	(unknown SSL protocol)
+		- geopaf-ptest.npe	(redirects to sso-ptest-local.npe)
+		- id-sit.npe		(redirects to sso-ptestext.npe)
+		- leap-stest.npe	²
+		- poslite-poc.npe	³
+		- poslite-ptesttext.npe		¹
+		- poslite-stesttext.npe		¹
+		- m.ptest.npe	³
+		- admin.ptest-deliveryclub.npe	¹
+		- api.ptest-deliveryclub.npe	¹
+		- roambi.npe	(invalid certificate chain)
+		- roambid.npe	¹
+		- salesforce-bw-pdev.npe	¹
+		- salesforce-bw-ptest.npe	¹
+		- salesforce-bw-stest.npe	¹
+		- salesforce-bw-svt.npe		¹
+		- shop-systest.npe		⁴
+		- soln-sit.npe			(redirects to sso-ptestext.npe)
+		- soln-stest.npe		(redirects to sso-stest-ext.npe)
+		- soln-stest-static.npe		(redirects to sso-stest-ext.npe)
+		- soln-pdev-local.npe		(invalid certificate chain
+		- sso-pdev-local.npe		(invalid certificate chain
+		- sso-stest-ext.npe		²
+		- static-uatwebpost01.npe	⁴
+		- m.stest.npe		³
+		- stest-deliveryclub.npe	⁵
+		- admin.stest-deliveryclub.npe		¹
+		- api.stest-deliveryclub.npe		¹
+		- autodiscover.test.npe		(SSL connection error)
+		- smtp.test.npe		¹
+		- test.npe		(redirects to http)
+		- webapi-testext.npe		¹
+		- o	(hostname mismatch, CN: *.d2.sc.omtrdc.net)
+		- soap.online	(invalid certificate chain)
+		- platinum	(hostname mismatch, CN: *.startrack.com.au)
+		- poslite	³
+		- preview	(hostname mismatch, CN: auspost.com.au)
+		- promotion	⁴
+		- pstamps	¹
+		- ptest-deliveryclub	(mismatch hostname, CN: deliveryclub.npe.auspost.com.au)
+		- qr	¹
+		- remotedev	(invalid certificate chain)
+		- roambi	¹
+		- salesforce-bw		¹
+		- saperp	¹
+		- sendme	³
+		- www.shop	¹
+		- shoppingcard	¹
+		- dev.smarteform	¹
+		- test.smarteform	(invalid certificate chain)
+		- uat.smarteform	(invalid certificate chain)
+		- smsf-test	(invalid certificate chain)
+		- smsf-uat	(invalid certificate chain)
+		- smtp		¹
+		- st-remote	(invalid certificate chain)
+		- st-remotedev	⁵
+		- st2	(connection error)
+		- stest-deliveryclub		(mismatch hostname, CN: deliveryclub.npe)
+		- tableau-sf-dev	(invalid certificate chain)
+		- tableau-sf-test	(invalid certificate chain)
+		- telegram	(mismatch hostname, CN: *.fxa.com.au)
+		- test403a	¹
+		- test403d	³
+		- test404a	³
+		- test603a	³
+		- visalondon	¹
+		- webcon1	⁵
+		- webconf	⁵
+		- webmail-legacy	⁵
+		- webmetrics	¹
+		- westfieldcompetition	¹
+		- wfa	(invalid certificate chain)
+		- wfaess	(invalid certificate chain)
+		- wlclogon	¹
+		- crimtrac.workforcechecks	¹
+		- ptest-crimtrack.npe.workforcechecks	¹
+		- stest-crimtrack.npe.workforcechecks	¹
+		- workforceconversation		(mismatch hostname, CN: haveyoursay.translink.com.au)
+		- www1		(SSL connection failed)
+		- yourcareer	(mismatch hostname, CN: *pageuppeople.com)
+
+	¹ Timeout
+	² Unknown issuer cert
+	³ Expired cert
+	⁴ Connection refused
+	⁵ SSL handshake failed
+
+-->
+<ruleset name="Australia Post">
+
+	<target host="auspost.com.au" />
+	<target host="www.auspost.com.au" />
+	<target host="adds.auspost.com.au" />
+	<target host="adfs.auspost.com.au" />
+	<target host="sslvpn.apdm.auspost.com.au" />
+	<target host="api.auspost.com.au" />
+	<target host="appointments.auspost.com.au" />
+	<target host="support.appointments.auspost.com.au" />
+	<target host="test.appointments.auspost.com.au" />
+	<target host="training.appointments.auspost.com.au" />
+	<target host="authors.auspost.com.au" />
+	<target host="autodiscover.auspost.com.au" />
+	<target host="bianalytics.auspost.com.au" />
+	<target host="bpm-apms.auspost.com.au" />
+	<target host="cardmanager.auspost.com.au" />
+	<target host="careers.auspost.com.au" />
+	<target host="citrixportal.auspost.com.au" />
+	<target host="community.auspost.com.au" />
+	<target host="compass.auspost.com.au" />
+	<target host="cpvregister.auspost.com.au" />
+	<target host="api.cpvregister.auspost.com.au" />
+	<target host="customerportal.auspost.com.au" />
+	<target host="deliveryclub.auspost.com.au" />
+	<target host="developers.auspost.com.au" />
+	<target host="status.developers.auspost.com.au" />
+	<target host="digitalmailbox.auspost.com.au" />
+	<target host="eparcel.auspost.com.au" />
+	<target host="eparceltrack.auspost.com.au" />
+	<target host="id.auspost.com.au" />
+	<target host="id-static.auspost.com.au" />
+	<target host="leap.auspost.com.au" />
+	<target host="loadandgo.auspost.com.au" />
+	<target host="loadandgotravel.auspost.com.au" />
+	<target host="lyncedge.auspost.com.au" />
+	<target host="m.auspost.com.au" />
+	<target host="cardmanager.m.auspost.com.au" />
+	<target host="myloadandgo.auspost.com.au" />
+	<target host="netposadmin.auspost.com.au" />
+	<target host="ppamdev.npe.auspost.com.au" />
+	<target host="api-sit.npe.auspost.com.au" />
+	<target host="api-stest.npe.auspost.com.au" />
+	<target host="dev.npe.auspost.com.au" />
+	<target host="webmail.dev.npe.auspost.com.au" />
+	<target host="digitalapi-pdev.npe.auspost.com.au" />
+	<target host="digitalapi-ptest.npe.auspost.com.au" />
+	<target host="pdev.npe.auspost.com.au" />
+	<target host="m.pdev.npe.auspost.com.au" />
+	<target host="ptest.npe.auspost.com.au" />
+	<target host="receipts.ptest.npe.auspost.com.au" />
+	<target host="api.receipts.ptest.npe.auspost.com.au" />
+	<target host="sdv.ptest.npe.auspost.com.au" />
+	<target host="api.sdv.ptest.npe.auspost.com.au" />
+	<target host="ptest-deliveryclub.npe.auspost.com.au" />
+	<target host="returns.npe.auspost.com.au" />
+	<target host="shop-sit.npe.auspost.com.au" />
+	<target host="shop-stage.npe.auspost.com.au" />
+	<target host="pp.smbtest.npe.auspost.com.au" />
+	<target host="soln-dev.npe.auspost.com.au" />
+	<target host="soln-ist.npe.auspost.com.au" />
+	<target host="stest.npe.auspost.com.au" />
+	<target host="receipts.stest.npe.auspost.com.au" />
+	<target host="api.receipts.stest.npe.auspost.com.au" />
+	<target host="sdv.stest.npe.auspost.com.au" />
+	<target host="api.sdv.stest.npe.auspost.com.au" />
+	<target host="webmail.test.npe.auspost.com.au" />
+	<target host="uatwebpost01.npe.auspost.com.au" />
+	<target host="webapi-pdevext.npe.auspost.com.au" />
+	<target host="webapi-ptestext.npe.auspost.com.au" />
+	<target host="ssl.o.auspost.com.au" />
+	<target host="online.auspost.com.au" />
+	<target host="payitatpost.auspost.com.au" />
+	<target host="eval.payitatpost.auspost.com.au" />
+	<target host="postcode.auspost.com.au" />
+	<target host="ppam.auspost.com.au" />
+	<target host="prepaid.auspost.com.au" />
+	<target host="qc.auspost.com.au" />
+	<target host="receipts.auspost.com.au" />
+	<target host="api.receipts.auspost.com.au" />
+	<target host="remote.auspost.com.au" />
+	<target host="remotetest.auspost.com.au" />
+	<target host="returns.auspost.com.au" />
+	<target host="sdd.auspost.com.au" />
+	<target host="sdv.auspost.com.au" />
+	<target host="api.sdv.auspost.com.au" />
+	<target host="shop.auspost.com.au" />
+	<target host="shopmate.auspost.com.au" />
+	<target host="smarteform.auspost.com.au" />
+	<target host="smp.auspost.com.au" />
+	<target host="smsf.auspost.com.au" />
+	<target host="solutions.auspost.com.au" />
+	<target host="solutions-static.auspost.com.au" />
+	<target host="sso.auspost.com.au" />
+	<target host="sso-local.auspost.com.au" />
+	<target host="st.auspost.com.au" />
+	<target host="st-remotetest.auspost.com.au" />
+	<target host="static.auspost.com.au" />
+	<target host="stationery.auspost.com.au" />
+	<target host="stdev.auspost.com.au" />
+	<target host="stories.auspost.com.au" />
+	<target host="survey.auspost.com.au" />
+	<target host="testeparceltrack.auspost.com.au" />
+	<target host="umonline.auspost.com.au" />
+	<target host="webapi.auspost.com.au" />
+	<target host="webmail.auspost.com.au" />
+	<target host="workforcechecks.auspost.com.au" />
+	<target host="login.workforcechecks.auspost.com.au" />
+	<target host="pdev-crimtrac.npe.workforcechecks.auspost.com.au" />
+	<target host="pdev-login.npe.workforcechecks.auspost.com.au" />
+	<target host="ptest-login.npe.workforcechecks.auspost.com.au" />
+	<target host="stest-login.npe.workforcechecks.auspost.com.au" />
+
+	<securecookie host="^auspost\.com\.au$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AusRegistry.xml b/src/chrome/content/rules/AusRegistry.xml
index 7c7dd20a46b3..1e834b8b6e0e 100644
--- a/src/chrome/content/rules/AusRegistry.xml
+++ b/src/chrome/content/rules/AusRegistry.xml
@@ -11,10 +11,9 @@
 	<target host="www.ausregistry.com.au" />
 
 
-	<securecookie host="^(www\.)?ausregistry\.com\.au$" name=".*" />
+	<securecookie host="^(?:www\.)?ausregistry\.com\.au$" name=".+" />
 
 
-	<rule from="^http://(www\.)?ausregistry\.com\.au/"
-		to="https://$1ausregistry.com.au/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/AusinfoTech.xml b/src/chrome/content/rules/AusinfoTech.xml
index bfc9f6633ac8..a8797fe22860 100644
--- a/src/chrome/content/rules/AusinfoTech.xml
+++ b/src/chrome/content/rules/AusinfoTech.xml
@@ -1,13 +1,26 @@
-<ruleset name="AusinfoTech">
+<!--
+	Insecure cookies are set for these domains and hosts:
+
+		- ausinfotech.net
+		- .ausinfotech.net
+		- www.ausinfotech.net
+
+-->
+<ruleset name="AusinfoTech.net">
 
 	<target host="ausinfotech.net" />
-	<target host="*.ausinfotech.net" />
+	<target host="www.ausinfotech.net" />
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?ausinfotech\.net$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^\.ausinfotech\.net$" name="^(?:__cfduid|cf_clearance)$" /-->
 
-	<securecookie host="^\.ausinfotech\.net$" name=".+" />
+	<securecookie host="^(?:\.|www\.)?ausinfotech\.net$" name=".+" />
 
 
-	<rule from="^http://(www\.)?ausinfotech\.net/"
-		to="https://$1ausinfotech.net/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Aussie-Perth-Tours.xml b/src/chrome/content/rules/Aussie-Perth-Tours.xml
new file mode 100644
index 000000000000..9733c5fdb995
--- /dev/null
+++ b/src/chrome/content/rules/Aussie-Perth-Tours.xml
@@ -0,0 +1,9 @@
+<ruleset name="Aussie Perth Tours">
+	<target host=    "aussieperthtours.com.au" />
+	<target host="www.aussieperthtours.com.au" />
+
+	<securecookie host="aussieperthtours\.com\.au$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Austin_Fit_Magazine.com.xml b/src/chrome/content/rules/Austin_Fit_Magazine.com.xml
deleted file mode 100644
index f80a188c176c..000000000000
--- a/src/chrome/content/rules/Austin_Fit_Magazine.com.xml
+++ /dev/null
@@ -1,41 +0,0 @@
-<!--
-	CDN buckets:
-
-		- afm.papermud.netdna-cdn.com
-
-			- -ssl doesn't exist
-			- static[12]
-
-
-	Mixed content:
-
-		- css on www from fonts.googleapis.com *
-
-		- Images on www from www *
-
-		- Web bugs, on www from:
-
-			- ox-d.runningnetwork.com
-			- b.scorecardresearch.com *
-
-	* Secured by us
-
--->
-<ruleset name="Austin Fit Magazine.com">
-
-	<target host="austinfitmagazine.com" />
-	<target host="*.austinfitmagazine.com" />
-
-
-	<securecookie host="^(?:w*\.)?austinfitmagazine\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?austinfitmagazine\.com/"
-		to="https://$1austinfitmagazine.com/" />
-
-	<!--	Protocol-relative links exist on www:
-							-->
-	<rule from="^https?://static\d\.austinfitmagazine\.com/"
-		to="https://www.austinfitmagazine.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Austiners.com.xml b/src/chrome/content/rules/Austiners.com.xml
index 94fefd581055..04e80e664edd 100644
--- a/src/chrome/content/rules/Austiners.com.xml
+++ b/src/chrome/content/rules/Austiners.com.xml
@@ -11,7 +11,7 @@
 <ruleset name="Austiners.com (false MCB)" platform="mixedcontent">
 
 	<target host="austiners.com" />
-	<target host="*.austiners.com" />
+	<target host="www.austiners.com" />
 
 
 	<securecookie host="^(?:www)?\.austiners\.com$" name=".+" />
diff --git a/src/chrome/content/rules/Austrade.xml b/src/chrome/content/rules/Austrade.xml
new file mode 100644
index 000000000000..7a23dd7f65c8
--- /dev/null
+++ b/src/chrome/content/rules/Austrade.xml
@@ -0,0 +1,7 @@
+<ruleset name="Austrade">
+	<target host="austrade.gov.au" />
+	<target host="www.austrade.gov.au" />
+
+	<rule from="^http://(?:www\.)?austrade\.gov\.au/"
+		to="https://www.austrade.gov.au/" />
+</ruleset>
diff --git a/src/chrome/content/rules/Australia.gov.au.xml b/src/chrome/content/rules/Australia.gov.au.xml
new file mode 100644
index 000000000000..049c0ebf869d
--- /dev/null
+++ b/src/chrome/content/rules/Australia.gov.au.xml
@@ -0,0 +1,12 @@
+<!--
+	Invalid certificate:
+		- test.australia.gov.au
+-->
+
+<ruleset name="Australia.gov.au">
+	<target host="australia.gov.au" />
+	<target host="www.australia.gov.au" />
+	<target host="media.australia.gov.au" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Australian-Koala-Foundation.xml b/src/chrome/content/rules/Australian-Koala-Foundation.xml
index 2600d90784ab..4072db5d866a 100644
--- a/src/chrome/content/rules/Australian-Koala-Foundation.xml
+++ b/src/chrome/content/rules/Australian-Koala-Foundation.xml
@@ -1,6 +1,16 @@
+<!--
+	Mixed content:
+		koalamap.savethekoala.com
+
+	HTTP 521:
+		m.savethekoala.com
+
+-->
 <ruleset name="Australian Koala Foundation">
+
 	<target host="savethekoala.com" />
 	<target host="www.savethekoala.com" />
 
-	<rule from="^http://(?:www\.)?savethekoala\.com/" to="https://www.savethekoala.com/" />
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AustralianBusinessRegister.xml b/src/chrome/content/rules/AustralianBusinessRegister.xml
new file mode 100644
index 000000000000..966ccc85c409
--- /dev/null
+++ b/src/chrome/content/rules/AustralianBusinessRegister.xml
@@ -0,0 +1,7 @@
+<ruleset name="Australian Business Register">
+	<target host="abr.gov.au" />
+	<target host="www.abr.gov.au" />
+
+	<rule from="^http://(?:www\.)?abr\.gov\.au/"
+		to="https://abr.gov.au/" />
+</ruleset>
diff --git a/src/chrome/content/rules/AustralianCompetitionandConsumerCommission.xml b/src/chrome/content/rules/AustralianCompetitionandConsumerCommission.xml
new file mode 100644
index 000000000000..28d4d0680667
--- /dev/null
+++ b/src/chrome/content/rules/AustralianCompetitionandConsumerCommission.xml
@@ -0,0 +1,7 @@
+<ruleset name="Australian Competition and Consumer Commission">
+	<target host="accc.gov.au" />
+	<target host="www.accc.gov.au" />
+
+	<rule from="^http://(?:www\.)?accc\.gov\.au/"
+		to="https://www.accc.gov.au/" />
+</ruleset>
diff --git a/src/chrome/content/rules/AustralianCrimeCommission.xml b/src/chrome/content/rules/AustralianCrimeCommission.xml
new file mode 100644
index 000000000000..bc34242e2c89
--- /dev/null
+++ b/src/chrome/content/rules/AustralianCrimeCommission.xml
@@ -0,0 +1,13 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://crimecommission.gov.au/ => https://www.crimecommission.gov.au/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="Australian Crime Commission" default_off="failed ruleset test">
+	<target host="crimecommission.gov.au" />
+	<target host="www.crimecommission.gov.au" />
+
+	<rule from="^http://(?:www\.)?crimecommission\.gov\.au/"
+		to="https://www.crimecommission.gov.au/" />
+</ruleset>
diff --git a/src/chrome/content/rules/AustralianDataArchive.xml b/src/chrome/content/rules/AustralianDataArchive.xml
new file mode 100644
index 000000000000..3f43302d2d4e
--- /dev/null
+++ b/src/chrome/content/rules/AustralianDataArchive.xml
@@ -0,0 +1,13 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ada.edu.au/ => https://www.ada.edu.au/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+-->
+<ruleset name="Australian Data Archive" default_off="failed ruleset test">
+	<target host="ada.edu.au" />
+	<target host="www.ada.edu.au" />
+
+	<rule from="^http://(?:www\.)?ada\.edu\.au/"
+		to="https://www.ada.edu.au/" />
+</ruleset>
diff --git a/src/chrome/content/rules/AustralianEarlyDevelopmentCensus.xml b/src/chrome/content/rules/AustralianEarlyDevelopmentCensus.xml
new file mode 100644
index 000000000000..3a6dce2317b5
--- /dev/null
+++ b/src/chrome/content/rules/AustralianEarlyDevelopmentCensus.xml
@@ -0,0 +1,7 @@
+<ruleset name="Australian Early Development Census">
+	<target host="aedc.gov.au" />
+	<target host="www.aedc.gov.au" />
+
+	<rule from="^http://(?:www\.)?aedc\.gov\.au/"
+		to="https://www.aedc.gov.au/" />
+</ruleset>
diff --git a/src/chrome/content/rules/AustralianEmergencyManagement.xml b/src/chrome/content/rules/AustralianEmergencyManagement.xml
new file mode 100644
index 000000000000..be1929048bbe
--- /dev/null
+++ b/src/chrome/content/rules/AustralianEmergencyManagement.xml
@@ -0,0 +1,19 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://em.gov.au/ => https://www.em.gov.au/: (6, 'Could not resolve host: www.em.gov.au')
+Fetch error: http://emknowledge.gov.au/ => https://www.emknowledge.gov.au/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="Australian Emergency Management" default_off="failed ruleset test">
+	<target host="em.gov.au" />
+	<target host="www.em.gov.au" />
+	<target host="emknowledge.gov.au" />
+	<target host="www.emknowledge.gov.au" />
+
+	<rule from="^http://(?:www\.)?em\.gov\.au/"
+		to="https://www.em.gov.au/" />
+
+	<rule from="^http://(?:www\.)?emknowledge\.gov\.au/"
+		to="https://www.emknowledge.gov.au/" />
+</ruleset>
diff --git a/src/chrome/content/rules/AustralianEnergyRegulator.xml b/src/chrome/content/rules/AustralianEnergyRegulator.xml
new file mode 100644
index 000000000000..01fef7193478
--- /dev/null
+++ b/src/chrome/content/rules/AustralianEnergyRegulator.xml
@@ -0,0 +1,7 @@
+<ruleset name="Australian Energy Regulator">
+	<target host="aer.gov.au" />
+	<target host="www.aer.gov.au" />
+
+	<rule from="^http://(?:www\.)?aer\.gov\.au/"
+		to="https://www.aer.gov.au/" />
+</ruleset>
diff --git a/src/chrome/content/rules/AustralianExportAwards.xml b/src/chrome/content/rules/AustralianExportAwards.xml
new file mode 100644
index 000000000000..74b237ad513f
--- /dev/null
+++ b/src/chrome/content/rules/AustralianExportAwards.xml
@@ -0,0 +1,7 @@
+<ruleset name="Australian Export Awards">
+	<target host="exportawards.gov.au" />
+	<target host="www.exportawards.gov.au" />
+
+	<rule from="^http://(?:www\.)?exportawards\.gov\.au/"
+		to="https://www.exportawards.gov.au/" />
+</ruleset>
diff --git a/src/chrome/content/rules/AustralianFinancialSecurityAuthority.xml b/src/chrome/content/rules/AustralianFinancialSecurityAuthority.xml
new file mode 100644
index 000000000000..7c0bb0bec9be
--- /dev/null
+++ b/src/chrome/content/rules/AustralianFinancialSecurityAuthority.xml
@@ -0,0 +1,7 @@
+<ruleset name="Australian Financial Security Authority">
+	<target host="afsa.gov.au" />
+	<target host="www.afsa.gov.au" />
+
+	<rule from="^http://(?:www\.)?afsa\.gov\.au/"
+		to="https://www.afsa.gov.au/" />
+</ruleset>
diff --git a/src/chrome/content/rules/AustralianHealthPractitionerRegulationAgency.xml b/src/chrome/content/rules/AustralianHealthPractitionerRegulationAgency.xml
new file mode 100644
index 000000000000..aaef95c946c7
--- /dev/null
+++ b/src/chrome/content/rules/AustralianHealthPractitionerRegulationAgency.xml
@@ -0,0 +1,7 @@
+<ruleset name="Australian Health Practitioner Regulation Agency">
+	<target host="ahpra.gov.au" />
+	<target host="www.ahpra.gov.au" />
+
+	<rule from="^http://(?:www\.)?ahpra\.gov\.au/"
+		to="https://www.ahpra.gov.au/" />
+</ruleset>
diff --git a/src/chrome/content/rules/AustralianHumanRightsCommission.xml b/src/chrome/content/rules/AustralianHumanRightsCommission.xml
new file mode 100644
index 000000000000..c62ad65e3571
--- /dev/null
+++ b/src/chrome/content/rules/AustralianHumanRightsCommission.xml
@@ -0,0 +1,7 @@
+<ruleset name="Australian Human Rights Commission">
+	<target host="humanrights.gov.au" />
+	<target host="www.humanrights.gov.au" />
+
+	<rule from="^http://(?:www\.)?humanrights\.gov\.au/"
+		to="https://www.humanrights.gov.au/" />
+</ruleset>
diff --git a/src/chrome/content/rules/AustralianLawReformCommission.xml b/src/chrome/content/rules/AustralianLawReformCommission.xml
new file mode 100644
index 000000000000..7a4c14cb0fed
--- /dev/null
+++ b/src/chrome/content/rules/AustralianLawReformCommission.xml
@@ -0,0 +1,7 @@
+<ruleset name="Australian Law Reform Commission">
+	<target host="alrc.gov.au" />
+	<target host="www.alrc.gov.au" />
+
+	<rule from="^http://(?:www\.)?alrc\.gov\.au/"
+		to="https://www.alrc.gov.au/" />
+</ruleset>
diff --git a/src/chrome/content/rules/AustralianMaritimeSafetyAuthority.xml b/src/chrome/content/rules/AustralianMaritimeSafetyAuthority.xml
new file mode 100644
index 000000000000..729e5506c4ab
--- /dev/null
+++ b/src/chrome/content/rules/AustralianMaritimeSafetyAuthority.xml
@@ -0,0 +1,7 @@
+<ruleset name="Australian Maritime Safety Authority">
+	<target host="amsa.gov.au" />
+	<target host="www.amsa.gov.au" />
+
+	<rule from="^http://(?:www\.)?amsa\.gov\.au/"
+		to="https://www.amsa.gov.au/" />
+</ruleset>
diff --git a/src/chrome/content/rules/AustralianPassportOffice.xml b/src/chrome/content/rules/AustralianPassportOffice.xml
new file mode 100644
index 000000000000..f59ffc8b34f6
--- /dev/null
+++ b/src/chrome/content/rules/AustralianPassportOffice.xml
@@ -0,0 +1,7 @@
+<ruleset name="Australian Passport Office">
+	<target host="passports.gov.au" />
+	<target host="www.passports.gov.au" />
+
+	<rule from="^http://(?:www\.)?passports\.gov\.au/"
+		to="https://www.passports.gov.au/" />
+</ruleset>
diff --git a/src/chrome/content/rules/AustralianPlantsBotanyandHorticulture.xml b/src/chrome/content/rules/AustralianPlantsBotanyandHorticulture.xml
new file mode 100644
index 000000000000..b445a7dfa21b
--- /dev/null
+++ b/src/chrome/content/rules/AustralianPlantsBotanyandHorticulture.xml
@@ -0,0 +1,7 @@
+<ruleset name="Australian Plants, Botany and Horticulture">
+	<target host="anbg.gov.au" />
+	<target host="www.anbg.gov.au" />
+
+	<rule from="^http://(?:www\.)?anbg\.gov\.au/"
+		to="https://www.anbg.gov.au/" />
+</ruleset>
diff --git a/src/chrome/content/rules/AustralianSportsCommissionLearningPortal.xml b/src/chrome/content/rules/AustralianSportsCommissionLearningPortal.xml
new file mode 100644
index 000000000000..32cd1ae77a11
--- /dev/null
+++ b/src/chrome/content/rules/AustralianSportsCommissionLearningPortal.xml
@@ -0,0 +1,6 @@
+<ruleset name="Australian Sports Commission Learning Portal">
+	<target host="learning.ausport.gov.au" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AustralianStrategicPolicyInstitute.xml b/src/chrome/content/rules/AustralianStrategicPolicyInstitute.xml
new file mode 100644
index 000000000000..0fb2791cc2ba
--- /dev/null
+++ b/src/chrome/content/rules/AustralianStrategicPolicyInstitute.xml
@@ -0,0 +1,7 @@
+<ruleset name="Australian Strategic Policy Institute">
+	<target host="aspi.org.au" />
+	<target host="www.aspi.org.au" />
+
+	<rule from="^http://(?:www\.)?aspi\.org\.au/"
+		to="https://www.aspi.org.au/" />
+</ruleset>
diff --git a/src/chrome/content/rules/AustralianTaxationOffice.xml b/src/chrome/content/rules/AustralianTaxationOffice.xml
new file mode 100644
index 000000000000..d44689601825
--- /dev/null
+++ b/src/chrome/content/rules/AustralianTaxationOffice.xml
@@ -0,0 +1,7 @@
+<ruleset name="Australian Taxation Office">
+	<target host="ato.gov.au" />
+	<target host="www.ato.gov.au" />
+
+	<rule from="^http://(?:www\.)?ato\.gov\.au/"
+		to="https://www.ato.gov.au/" />
+</ruleset>
diff --git a/src/chrome/content/rules/AustralianTransportSafetyBureau.xml b/src/chrome/content/rules/AustralianTransportSafetyBureau.xml
new file mode 100644
index 000000000000..1482f7ca80b5
--- /dev/null
+++ b/src/chrome/content/rules/AustralianTransportSafetyBureau.xml
@@ -0,0 +1,7 @@
+<ruleset name="Australian Transport Safety Bureau">
+	<target host="atsb.gov.au" />
+	<target host="www.atsb.gov.au" />
+
+	<rule from="^http://(?:www\.)?atsb\.gov\.au/"
+		to="https://www.atsb.gov.au/" />
+</ruleset>
diff --git a/src/chrome/content/rules/AustralianWarMemorial.xml b/src/chrome/content/rules/AustralianWarMemorial.xml
new file mode 100644
index 000000000000..4ac8f296a517
--- /dev/null
+++ b/src/chrome/content/rules/AustralianWarMemorial.xml
@@ -0,0 +1,7 @@
+<ruleset name="Australian War Memorial">
+	<target host="awm.gov.au" />
+	<target host="www.awm.gov.au" />
+
+	<rule from="^http://(?:www\.)?awm\.gov\.au/"
+		to="https://www.awm.gov.au/" />
+</ruleset>
diff --git a/src/chrome/content/rules/AustrianAirlines.xml b/src/chrome/content/rules/AustrianAirlines.xml
index c747fdeac6b3..3ece0489150a 100644
--- a/src/chrome/content/rules/AustrianAirlines.xml
+++ b/src/chrome/content/rules/AustrianAirlines.xml
@@ -2,6 +2,5 @@
   <target host="austrian.com" />
   <target host="www.austrian.com" />
 
-  <rule from="^http://(?:www\.)?austrian\.com/"
-          to="https://www.austrian.com/" />
-</ruleset>
\ No newline at end of file
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Auth0.com.xml b/src/chrome/content/rules/Auth0.com.xml
new file mode 100644
index 000000000000..1bfc4bcc0691
--- /dev/null
+++ b/src/chrome/content/rules/Auth0.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="Auth0.com">
+	<target host="auth0.com" />
+	<target host="www.auth0.com" />
+	<target host="cdn.auth0.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Authbox.io.xml b/src/chrome/content/rules/Authbox.io.xml
new file mode 100644
index 000000000000..e7a13bff87ce
--- /dev/null
+++ b/src/chrome/content/rules/Authbox.io.xml
@@ -0,0 +1,33 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://authbox.io/ => https://authbox.io/: (51, "SSL: no alternative certificate subject name matches target host name 'authbox.io'")
+Fetch error: http://api.authbox.io/ => https://api.authbox.io/: (51, "SSL: no alternative certificate subject name matches target host name 'api.authbox.io'")
+Fetch error: http://www.authbox.io/ => https://www.authbox.io/: (51, "SSL: no alternative certificate subject name matches target host name 'www.authbox.io'")
+
+	Fully covered hosts in *authbox.io:
+
+		- (www.)?
+		- api
+
+
+	Mixed content:
+
+		- css on (www.)? from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="authbox.io" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="authbox.io" />
+	<target host="api.authbox.io" />
+	<target host="www.authbox.io" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Authorea.com.xml b/src/chrome/content/rules/Authorea.com.xml
new file mode 100644
index 000000000000..456578012c8b
--- /dev/null
+++ b/src/chrome/content/rules/Authorea.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="Authorea.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="authorea.com" />
+	<target host="www.authorea.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Authorize.com.xml b/src/chrome/content/rules/Authorize.com.xml
new file mode 100644
index 000000000000..032289f48bcd
--- /dev/null
+++ b/src/chrome/content/rules/Authorize.com.xml
@@ -0,0 +1,12 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- authorize.com
+		- www.authorize.com
+-->
+<ruleset name="Authorize.com" default_off="cert-invalid">
+	<target host="authorize.com" />
+	<target host="www.authorize.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Authorize.net.xml b/src/chrome/content/rules/Authorize.net.xml
index 9443cca4e54b..a2392bd45850 100644
--- a/src/chrome/content/rules/Authorize.net.xml
+++ b/src/chrome/content/rules/Authorize.net.xml
@@ -1,43 +1,44 @@
 <!--
-	Nonfunctional domains:
-
-		- welcome.authorize.net		(no https)
-
-
-	Problematic domains:
-
-		- authorize.net		(cert only matches www)
+	Non-functional hosts
+		Timeout was reached:
+		- authorize.net
 
+		Certificate mismatched:
+		- payment.authorize.net
 -->
-<ruleset name="Authorize.Net">
-
+<ruleset name="Authorize.net">
 	<target host="authorize.net" />
-	<target host="*.authorize.net" />
-	<target host="authorizenet.com" />
-	<target host="www.authorizenet.com" />
-	<!--	The fuzeqna.com domain is included to avoid possible
-		issues with mixed content. Also, from what one remembers,
-		using the Authorize.Net site may involve accessing the
-		fuzeqna.com/www.fuzeqna.com domains.
-							-->
-	<target host="fuzeqna.com" />
-	<target host="www.fuzeqna.com" />
-
-
-
-	<securecookie host="^(?:.*\.)?authorize\.net$" name=".+" />
-
+	<target host="www.authorize.net" />
+	<target host="account.authorize.net" />
+	<target host="api.authorize.net" />
+	<test url="http://api.authorize.net/soap/v1/service.asmx" />
+	<target host="api2.authorize.net" />
+	<test url="http://api2.authorize.net/soap/v1/service.asmx" />
+	<target host="captcha.authorize.net" />
+	<target host="content.authorize.net" />
+	<target host="developer.authorize.net" />
+	<target host="community.developer.authorize.net" />
+	<target host="ems.authorize.net" />
+	<target host="login.authorize.net" />
+	<target host="partner.authorize.net" />
+	<target host="sandbox.authorize.net" />
+	<target host="secure.authorize.net" />
+	<target host="simplecheckout.authorize.net" />
+	<target host="aircharge.vpos.authorize.net" />
+	<target host="anet.vpos.authorize.net" />
+	<target host="bbt.vpos.authorize.net" />
+	<target host="chargeeasy.vpos.authorize.net" />
+	<target host="cirfin.vpos.authorize.net" />
+	<target host="cocard.vpos.authorize.net" />
+	<target host="pivotalpayments.vpos.authorize.net" />
+	<target host="quickcommerce.vpos.authorize.net" />
+	<target host="totalpayment.vpos.authorize.net" />
+	<target host="tsys.vpos.authorize.net" />
+	<target host="ucsd.vpos.authorize.net" />
+	<target host="vpos2.authorize.net" />
 
 	<rule from="^http://authorize\.net/"
 		to="https://www.authorize.net/" />
 
-	<rule from="^http://(account|captcha|content|(?:community\.)?developer|ems|simplecheckout|support|verify|www)\.authorize\.net/"
-		to="https://$1.authorize.net/" />
-
-	<rule from="^https?://(?:www\.)?authorizenet\.com/"
-		to="https://www.authorize.net/" />
-	
-	<rule from="^http://(?:www\.)?fuzeqna\.com/"
-		to="https://www.fuzeqna.com/" />
-
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Authy.com.xml b/src/chrome/content/rules/Authy.com.xml
new file mode 100644
index 000000000000..a9b8e5a9a461
--- /dev/null
+++ b/src/chrome/content/rules/Authy.com.xml
@@ -0,0 +1,32 @@
+<!--
+	Nonfunctional hosts in *.authy.com:
+
+		- blog *
+
+	* 526
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- authy.com
+		- .authy.com
+
+-->
+<ruleset name="Authy.com (partial)">
+
+	<target host="authy.com" />
+	<target host="www.authy.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.authy\.com$" name="^(__cfduid|cf_clearance)$" /-->
+	<!--securecookie host="^www\.authy\.com$" name="^_authy_session$" /-->
+
+	<securecookie host="^(?:www)?\.authy\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Autistic_Self-Advocacy_Network.xml b/src/chrome/content/rules/Autistic_Self-Advocacy_Network.xml
index caf6d91f8191..4c285248db56 100644
--- a/src/chrome/content/rules/Autistic_Self-Advocacy_Network.xml
+++ b/src/chrome/content/rules/Autistic_Self-Advocacy_Network.xml
@@ -11,7 +11,6 @@
 	<securecookie host="^autisticadvocacy\.org$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?autisticadvocacy\.org/"
-		to="https://autisticadvocacy.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Autistici-Inventati.xml b/src/chrome/content/rules/Autistici-Inventati.xml
index 264c454d3e2e..5b9893a2cc69 100644
--- a/src/chrome/content/rules/Autistici-Inventati.xml
+++ b/src/chrome/content/rules/Autistici-Inventati.xml
@@ -1,24 +1,41 @@
-<ruleset name="Autistici/inventati" default_off="self-signed">
+<!--
+	500 status code (Internal server error):
+		- stats.autistici.org
 
-	<target host="autistici.org" />
-	<target host="*.autistici.org" />
-	<target host="inventati.org" />
-	<target host="*.inventati.org" />
-	<target host="*.noblogs.org" />
-		<exclusion pattern="^http://stats\.noblogs\.org/" />
+	Invalid security certificate:
+		- mail.l.autistici.org
+		- smtp.l.autistici.org
+		- www.l.autistici.org
 
+	Mixed content:
+		- noise.autistici.org
 
-	<securecookie host="^www\.autistici\.org$" name=".+" />
-	<securecookie host="^\.noblogs\.org$" name=".+" />
+	Redirects:
+		- git.autistici.org → login.autistici.org
+		- logs.autistici.org → login.autistici.org
+		- monitor.autistici.org → login.autistici.org
 
+	Secure connection failed:
+		- gw.vpn.autistici.org
 
-	<!--	All seem identical, aside from ^inventati which redirects to
-		www.inventati. Avoid having to add four different exceptions.
-										-->
-	<rule from="^https?://(?:www\.)?(?:autistic|inventat)i\.org/"
-		to="https://www.autistici.org/" />
+	Timeout was reached:
+		- build.autistici.org
+		- ci.autistici.org
+-->
+<ruleset name="Autistici/Inventati">
+	<target host="autistici.org" />
+	<target host="www.autistici.org" />
+	<target host="git.autistici.org" />
+	<target host="helpdesk.autistici.org" />
+	<target host="login.autistici.org" />
+	<target host="logs.autistici.org" />
+	<target host="monitor.autistici.org" />
+	<target host="noise.autistici.org" />
+
+	<target host="inventati.org" />
+	<target host="www.inventati.org" />
 
-	<rule from="^http://([^/:@\.]+)\.(autistici|inventati|noblogs)\.org/"
-		to="https://$1.$2.org/" />
+	<securecookie host=".+" name=".+" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"	to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Auto.ro.xml b/src/chrome/content/rules/Auto.ro.xml
new file mode 100644
index 000000000000..b6bbaf86f01c
--- /dev/null
+++ b/src/chrome/content/rules/Auto.ro.xml
@@ -0,0 +1,90 @@
+<!--
+	Nonfunctional subdomains:
+
+		- cdn.anunt *
+		- cdn *
+
+	* Refused
+
+
+	Problematic subdomains:
+
+		- (www.)? ¹
+		- anvelope ²
+		- chestionare ²
+		- dealer ²
+		- parcuri ²
+		- service ²
+		- targuri ²
+
+	¹ Server sends no cert chain, mixed css
+	² Mismatched
+
+
+	Insecure cookies are set for these domains:
+
+		- auto.ro
+		- .auto.ro
+		- anvelope.auto.ro
+		- chestionare.auto.ro
+		- dealer.auto.ro
+		- parcuri.auto.ro
+		- service.auto.ro
+		- targuri.auto.ro
+		- www.auto.ro
+
+
+	Mixed content:
+
+		- css, on:
+
+			- (www.)?, chestionare, dealer, parcuri, service, targuri from www ¹
+			- anvelope, service, from fonts.googleapis.com ¹
+
+		- Images, on:
+
+			- (www.)?, anvelope, chestionare, dealer, parcuri, service, targuri from www ¹
+			- (www.)?, anvelope, chestionare from cdn.anunt ²
+			- (www.)?, dealer, parcuri, service from cdn ²
+			- anvelope from $self ³
+			- service from $self ³
+
+		- favicon on (www.)? from $self ¹
+		- Bugs on service from log.trafic.ro ²
+
+	¹ Secured by us
+	² Unsecurable <= refused
+	³ Not secured by us <= mismatched
+
+-->
+<ruleset name="Auto.ro (partial)" default_off="cert-chain">
+
+	<target host="auto.ro" />
+	<target host="www.auto.ro" />
+		<!--
+			Avoid broken MCB:
+						-->
+		<exclusion pattern="^http://(?:www\.)?auto\.ro/+(?!favicon\.ico|resize\.php|resources/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.auto.ro/adauga-anunt" />
+			<test url="http://www.auto.ro/contact" />
+			<test url="http://www.auto.ro/deschide-cont" />
+			<test url="http://www.auto.ro/login-auto" />
+			<test url="http://www.auto.ro/rss" />
+
+		<test url="http://www.auto.ro/favicon.ico" />
+		<test url="http://www.auto.ro/resize.php" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.auto\.ro$" name="^no_mobile" /-->
+	<!--securecookie host="^((anvelope|chestionare|dealer|parcuri|service|targuri|www)\.)?auto\.ro$" name="^PHPSESSID$" /-->
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AutoBuzz.my.xml b/src/chrome/content/rules/AutoBuzz.my.xml
new file mode 100644
index 000000000000..711544fb107e
--- /dev/null
+++ b/src/chrome/content/rules/AutoBuzz.my.xml
@@ -0,0 +1,14 @@
+<!--
+	Active mixed content:
+		- autobuzz.my
+
+	Invalid certificate:
+		- dev.autobuzz.my
+-->
+
+<ruleset name="AutoBuzz.my" platform="mixedcontent">
+	<target host="autobuzz.my" />
+	<target host="www.autobuzz.my" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AutoDraw.com.xml b/src/chrome/content/rules/AutoDraw.com.xml
new file mode 100644
index 000000000000..e2b41eb31ebc
--- /dev/null
+++ b/src/chrome/content/rules/AutoDraw.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="AutoDraw.com">
+	<target host="autodraw.com" />
+	<target host="www.autodraw.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AutoHits.vn.xml b/src/chrome/content/rules/AutoHits.vn.xml
index f278feaf826a..40c69208ee47 100644
--- a/src/chrome/content/rules/AutoHits.vn.xml
+++ b/src/chrome/content/rules/AutoHits.vn.xml
@@ -11,7 +11,7 @@
 <ruleset name="AutoHits.vn" default_off="expired, mismatched, self-signed">
 
 	<target host="autohits.vn" />
-	<target host="*.autohits.vn" />
+	<target host="www.autohits.vn" />
 
 
 	<securecookie host="^\.autohits\.vn$" name=".+" />
diff --git a/src/chrome/content/rules/AutoIt-CDN.com.xml b/src/chrome/content/rules/AutoIt-CDN.com.xml
new file mode 100644
index 000000000000..2c68f717dce5
--- /dev/null
+++ b/src/chrome/content/rules/AutoIt-CDN.com.xml
@@ -0,0 +1,16 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://static1.autoit-cdn.com/ => https://static1.autoit-cdn.com/: (51, "SSL: no alternative certificate subject name matches target host name 'static1.autoit-cdn.com'")
+
+	For other AutoIt coverage, see AutoIt_script.com.xml.
+
+-->
+<ruleset name="AutoIt CDN.com" default_off="failed ruleset test">
+
+	<target host="static1.autoit-cdn.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AutoIt_script.com.xml b/src/chrome/content/rules/AutoIt_script.com.xml
new file mode 100644
index 000000000000..a4aebc9f708c
--- /dev/null
+++ b/src/chrome/content/rules/AutoIt_script.com.xml
@@ -0,0 +1,15 @@
+<!--
+	Other AutoIt rulesets:
+
+		- AutoIt-CDN.com.xml
+
+-->
+<ruleset name="AutoIt script.com">
+
+	<target host="autoitscript.com" />
+	<target host="www.autoitscript.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AutoNavody.cz.xml b/src/chrome/content/rules/AutoNavody.cz.xml
deleted file mode 100644
index 70f46fa17754..000000000000
--- a/src/chrome/content/rules/AutoNavody.cz.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	CN: www.abclinuxu.cz
-
--->
-<ruleset name="AutoNavody.cz" default_off="mismatched">
-
-	<target host="autonavody.cz" />
-	<target host="www.autonavody.cz" />
-
-
-	<securecookie host="^autonavody\.cz$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?autonavody\.cz/"
-		to="https://autonavody.cz/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/AutoTrack.nl.xml b/src/chrome/content/rules/AutoTrack.nl.xml
new file mode 100644
index 000000000000..90a103431dd0
--- /dev/null
+++ b/src/chrome/content/rules/AutoTrack.nl.xml
@@ -0,0 +1,19 @@
+<!--
+	Fully covered subdomains:
+
+		- (www.)
+		- assets
+		- media
+
+-->
+<ruleset name="AutoTrack.nl">
+
+	<target host="autotrack.nl" />
+	<target host="assets.autotrack.nl" />
+	<target host="media.autotrack.nl" />
+	<target host="www.autotrack.nl" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AutoTrader.com.xml b/src/chrome/content/rules/AutoTrader.com.xml
index 15909cd9651d..76e7786a6d69 100644
--- a/src/chrome/content/rules/AutoTrader.com.xml
+++ b/src/chrome/content/rules/AutoTrader.com.xml
@@ -1,26 +1,21 @@
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://autotraderstatic.com/ => https://www.autotraderstatic.com/: (6, 'Could not resolve host: autotraderstatic.com')
+-->
 <ruleset name="AutoTrader.com (partial)">
 
 	<target host="autotrader.com" />
-	<target host="*.autotrader.com" />
-	<target host="autotraderstatic.com" />
+	<target host="ads.autotrader.com" />
+	<target host="www.autotrader.com" />
+	<!-- <target host="autotraderstatic.com" /> -->
 	<!--	* for cross-domain cookie.	-->
-	<target host="*.autotraderstatic.com" />
-
-
-	<securecookie host="^\.autotraderstatic\.com$" name=".*" />
+	<target host="www.autotraderstatic.com" />
 
+	<securecookie host="^\.autotraderstatic\.com$" name=".+" />
 
 	<rule from="^http://(ads\.)?autotrader\.com/"
 		to="https://$1autotrader.com/" />
 
-	<!--	Homepage redirects to http.	-->
-	<rule from="^http://www\.autotrader\.com/(no_cache/)"
-		to="https://www.autotrader.com/$1" />
-
-	<!--	- !www doesn't work over https
-		- !www redirects to www over http
-			-->
-	<rule from="^https?://(?:www\.)?autotraderstatic\.com/"
-		to="https://www.autotraderstatic.com/" />
+  <rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Auto_Ad_Manager.com.xml b/src/chrome/content/rules/Auto_Ad_Manager.com.xml
index 33954a864412..4ea7cf7a0681 100644
--- a/src/chrome/content/rules/Auto_Ad_Manager.com.xml
+++ b/src/chrome/content/rules/Auto_Ad_Manager.com.xml
@@ -7,13 +7,12 @@
 <ruleset name="Auto Ad Manager.com (partial)">
 
 	<target host="autoadmanager.com" />
-	<target host="*.autoadmanager.com" />
+	<target host="www.autoadmanager.com" />
 
 
 	<securecookie host="^\.autoadmanager\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?autoadmanager\.com/"
-		to="https://$1autoadmanager.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Auto_Blog.com.xml b/src/chrome/content/rules/Auto_Blog.com.xml
new file mode 100644
index 000000000000..3a981c340ab2
--- /dev/null
+++ b/src/chrome/content/rules/Auto_Blog.com.xml
@@ -0,0 +1,49 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.autoblog.com/ => https://www.autoblog.com/: Too many redirects while fetching 'https://www.autoblog.com/'
+Fetch error: http://autoblog.com/ => https://www.autoblog.com/: Too many redirects while fetching 'https://www.autoblog.com/'
+
+	For other AOL coverage, see AOL.xml.
+
+
+	Problematic hosts in *autoblog.com:
+
+		- ^ *
+
+	* Refused
+
+
+	Fully covered hosts in *autoblog.com:
+
+		- (www.)?	(^ → www)
+
+
+	Mixed content:
+
+		- css from www.blogsmithmedia.com
+
+		- Images, from:
+
+			- o.aolcdn.com
+			- www.blogsmithmedia.com
+
+-->
+<ruleset name="Auto Blog.com" platform="mixedcontent" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.autoblog.com" />
+
+	<!--	Complications:
+				-->
+	<target host="autoblog.com" />
+
+
+	<rule from="^http://autoblog\.com/"
+		to="https://www.autoblog.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Auto_Rims_and_Accessories.xml b/src/chrome/content/rules/Auto_Rims_and_Accessories.xml
deleted file mode 100644
index 3f3e552af857..000000000000
--- a/src/chrome/content/rules/Auto_Rims_and_Accessories.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Auto Rims &amp; Accessories">
-
-	<target host="autorimsandaccessories.com" />
-	<target host="*.autorimsandaccessories.com" />
-
-
-	<securecookie host="^(?:.*\.)?autorimsandaccessories\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?autorimsandaccessories\.com/"
-		to="https://$1autorimsandaccessories.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Autobytel.com-falsemixed.xml b/src/chrome/content/rules/Autobytel.com-falsemixed.xml
new file mode 100644
index 000000000000..c003636b0314
--- /dev/null
+++ b/src/chrome/content/rules/Autobytel.com-falsemixed.xml
@@ -0,0 +1,36 @@
+<!--
+	For rules not causing broken MCB, see Autobytel.com.xml.
+
+-->
+<ruleset name="Autobytel.com (false MCB)" platform="mixedcontent">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="new.autobytel.com" />
+	<target host="www.autobytel.com" />
+
+	<!--	Complications:
+				-->
+	<target host="autobytel.com" />
+	<target host="hybrid.autobytel.com" />
+
+
+	<securecookie host="^(?:new|www)\.autobytel\.com$" name=".+" />
+
+
+	<rule from="^http://autobytel\.com/"
+		to="https://www.autobytel.com/" />
+
+	<!--	Redirect drops path and forward
+		slash, but not args:
+					-->
+	<rule from="^http://hybrid\.autobytel\.com/[^?]*"
+		to="https://www.autobytel.com/green-cars/" />
+
+		<test url="http://hybrid.autobytel.com//" />
+		<test url="http://hybrid.autobytel.com/?" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Autobytel.com.xml b/src/chrome/content/rules/Autobytel.com.xml
new file mode 100644
index 000000000000..8768bf8d2755
--- /dev/null
+++ b/src/chrome/content/rules/Autobytel.com.xml
@@ -0,0 +1,101 @@
+<!--
+	For rules causing broken MCB, see Autobytel.com-falsemixed.xml.
+
+
+	Nonfunctional hosts in *autobytel.com:
+
+		- dealer ¹
+		- investor ²
+
+	¹ 403
+	² Dropped
+
+
+	Problematic hosts in *autobytel.com:
+
+		- ^ ¹
+		- hybrid ¹
+		- new ²
+		- test-www ³
+		- www ²
+
+	¹ Handshake fails
+	² Mixed css
+	³ Mismatched
+
+
+	These altnames don't exist:
+
+		- test-img.autobytel.com
+		- test-static.autobytel.com
+
+
+	Insecure cookies are set for these hosts:
+
+		- new.autobytel.com
+		- www.autobytel.com
+
+
+	Mixed content:
+
+		- css, on:
+
+			- new from new.autobytel.com ¹
+			- www from static.autobytel.com ¹
+			- www from fonts.googleapis.com ¹
+			- www from yui.yahooapis.com ²
+
+		- Images, on:
+
+			- new from images.autobytel.com ¹
+			- www from img.autobytel.com ¹
+			- new from new.autobytel.com ¹
+			- www from img.youtube.com
+
+		- Bugs, on:
+
+			- www from tags.bluekai.com ¹
+			- www from b.scorecardresearch.com ¹
+
+	¹ Secured by us
+	² Unsecurable
+
+-->
+<ruleset name="Autobytel.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="images.autobytel.com" />
+	<target host="img.autobytel.com" />
+	<!--target host="new.autobytel.com" /-->
+	<target host="static.autobytel.com" />
+	<!--target host="www.autobytel.com" /-->
+
+	<!--	Complications:
+				-->
+	<!--target host="autobytel.com" /-->
+	<!--target host="hybrid.autobytel.com" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^new\.autobytel\.com$" name="^(\.ASPXANONYMOUS|ASP\.NET_SessionId|atpweb|device_detect)$" /-->
+	<!--securecookie host="^www\.autobytel\.com$" name="^(af_id|m_detect|s_dom)$" /-->
+
+
+	<!--rule from="^http://autobytel\.com/"
+		to="https://www.autobytel.com/" /-->
+
+	<!--	Redirect drops path and forward
+		slash, but not args:
+					-->
+	<!--rule from="^http://hybrid\.autobytel\.com/[^?]*"
+		to="https://www.autobytel.com/green-cars/" /-->
+
+		<!--test url="http://hybrid.autobytel.com//" /-->
+		<!--test url="http://hybrid.autobytel.com/?" /-->
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Automatak.net.xml b/src/chrome/content/rules/Automatak.net.xml
deleted file mode 100644
index 099790630968..000000000000
--- a/src/chrome/content/rules/Automatak.net.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="Automatak.net">
-
-	<target host="automatak.net" />
-	<target host="www.automatak.net" />
-
-
-	<rule from="^http://(www\.)?automatak\.net/"
-		to="https://$1automatak.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/AutomaticChickenCoopDoor.com.xml b/src/chrome/content/rules/AutomaticChickenCoopDoor.com.xml
new file mode 100644
index 000000000000..c603bf53fc60
--- /dev/null
+++ b/src/chrome/content/rules/AutomaticChickenCoopDoor.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="AutomaticChickenCoopDoor.com">
+	<target host="automaticchickencoopdoor.com" />
+	<target host="www.automaticchickencoopdoor.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Automatic_Data_Processing.xml b/src/chrome/content/rules/Automatic_Data_Processing.xml
index 47d29d90e2c7..f0f8a0ac883b 100644
--- a/src/chrome/content/rules/Automatic_Data_Processing.xml
+++ b/src/chrome/content/rules/Automatic_Data_Processing.xml
@@ -1,12 +1,13 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://adp.com/ => https://www.adp.com/: (28, 'Operation timed out after 0 milliseconds with 0 out of 0 bytes received')
 	Other Automatic Data Processing rulesets:
 
 		- ADP_Retirement_Services.xml
 		- ADP_Screening_and_Selection_Services.xml
-		- ADP_VirtualEdge.xml
+		- Apply2Jobs.com.xml
 		- ELabor.xml
-		- Employease.xml
-		- Payrollapp.com.xml
 
 
 	Problematic subdomains:
@@ -77,35 +78,19 @@
 
 	<target host="adp.com" />
 	<target host="*.adp.com" />
-	<target host="adpe.csod.com" />
-
-
-	<securecookie host=".*\.adp\.com$" name=".+" />
-	<securecookie host="^adpe\.csod\.com$" name=".+" />
-
+    <test url="http://ipay.adp.com/" />
+    <test url="http://adpvantage.adp.com/" />
+    <test url="http://virtualaccess.adp.com/" />
 
-	<rule from="^https?://(?:www\.)?(edu\.|flexdirect\.)?adp\.com/"
+	<rule from="^http://(?:www\.)?(edu\.|flexdirect\.)?adp\.com/"
 		to="https://www.$1adp.com/" />
 
-	<rule from="^http://([ac]gateway|clientcenter|(?:checkprint|yearend)\.pss|downtime2|eetime1|ewallet|glinterface|payexag|resource-secure|runpayroll|www\.tlm|totalsource)\.adp\.com/"
-		to="https://$1.adp.com/" />
-
-	<rule from="^http://(www\.)?(adpvantage|documax|etime|ezlm|ipay(?:admin)?|ireports|netsecure|paystatements|payex|portal|quickview|reporting|select|support|timesaver)\.adp\.com/"
-		to="https://$1$2.adp.com/" />
-
-	<rule from="^https?://(?:www\.)?(adp4me|easynet|smallbusiness)\.adp\.com/"
-		to="https://$1.adp.com/" />
-
-	<rule from="^https?://(?:www\.)?dataaccessregistration\.adp\.com/(?:.*)"
+	<rule from="^http://(?:www\.)?dataaccessregistration\.adp\.com/(?:.*)"
 		to="https://runpayroll.adp.com/default.aspx?action=newclient&amp;RAP=1" />
 
-	<rule from="^https?://(?:www\.)?ilearn\.adp\.com/\?*$"
-		to="https://adpe.csod.com/" />
-
-	<rule from="^https?://(?:www\.)?virtualedge\.adp\.com/(?:.*)"
+	<rule from="^http://(?:www\.)?virtualedge\.adp\.com/(?:.*)"
 		to="https://www.adp.com/solutions/employer-services/pre-employment-services.aspx" />
 
-	<rule from="^http://adpe\.csod\.com/"
-		to="https://adpe.csod.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Automattic.xml b/src/chrome/content/rules/Automattic.xml
new file mode 100644
index 000000000000..cd1c086dad82
--- /dev/null
+++ b/src/chrome/content/rules/Automattic.xml
@@ -0,0 +1,32 @@
+<!--
+	Problematic subdomains:
+
+		- bbpress	(shows svn.automattic.com)
+		- lists		(timeout)
+		- status	(hostname mismatch, CN: status.io.watchmouse.com)
+-->
+<ruleset name="Automattic">
+
+	<target host="automattic.com" />
+	<target host="bbpress.automattic.com" />
+	<target host="fieldguide.automattic.com" />
+	<target host="help.automattic.com" />
+	<target host="lounge.automattic.com" />
+	<target host="museum.automattic.com" />
+	<target host="publisherblog.automattic.com" />
+	<target host="subversion.automattic.com" />
+	<target host="svn.automattic.com" />
+	<target host="win8.svn.automattic.com" />
+	<target host="wpcom-i18n.svn.automattic.com" />
+	<target host="wpcom-themes.svn.automattic.com" />
+	<target host="transparency.automattic.com" />
+	<target host="www.automattic.com" />
+
+
+	<rule from="^http://bbpress\.automattic\.com/"
+		to="https://bbpress.trac.wordpress.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Automotive-Industries.xml b/src/chrome/content/rules/Automotive-Industries.xml
index c7975a916477..89dfe381421f 100644
--- a/src/chrome/content/rules/Automotive-Industries.xml
+++ b/src/chrome/content/rules/Automotive-Industries.xml
@@ -5,7 +5,7 @@
 	<target host="ai-online.com"/>
 	<target host="www.ai-online.com"/>
 
-	<securecookie host="^(.*\.)?ai-online\.com$" name=".*"/>
+	<securecookie host="^(?:.*\.)?ai-online\.com$" name=".+" />
 
 	<rule from="^http://(www\.)?ai(?:\.ai|-online\.com)/"
 		to="https://$1ai-online.com/"/>
diff --git a/src/chrome/content/rules/Automotive_Linux.org.xml b/src/chrome/content/rules/Automotive_Linux.org.xml
new file mode 100644
index 000000000000..c4999411b8c7
--- /dev/null
+++ b/src/chrome/content/rules/Automotive_Linux.org.xml
@@ -0,0 +1,17 @@
+<!--
+	For other Linux Foundation coverage, see LinuxFoundation.xml.
+
+-->
+<ruleset name="Automotive Linux.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="automotivelinux.org" />
+	<target host="wiki.automotivelinux.org" />
+	<target host="www.automotivelinux.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Automotivelocksmiths.com.xml b/src/chrome/content/rules/Automotivelocksmiths.com.xml
new file mode 100644
index 000000000000..775d59086140
--- /dev/null
+++ b/src/chrome/content/rules/Automotivelocksmiths.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Automotivelocksmiths.com" platform="mixedcontent">
+	<target host="automotivelocksmiths.com" />
+	<target host="www.automotivelocksmiths.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Automx.org.xml b/src/chrome/content/rules/Automx.org.xml
new file mode 100644
index 000000000000..e6dbafd7c00c
--- /dev/null
+++ b/src/chrome/content/rules/Automx.org.xml
@@ -0,0 +1,29 @@
+<!--
+	For other sys4 coverage, see Sys4.de.xml
+
+
+	Nunfunctional hosts in *automx.org:
+
+		- mobileconfig
+
+
+	(www.)?automx.org: Server sends no certificate chain, see https://whatsmychaincert.com
+
+
+	These altnames don't exist:
+
+		- autoconfig.automx.org
+		- autodiscover.automx.org
+		- mail.automx.org
+
+-->
+<ruleset name="automx.org (partial)" default_off="cert-chain">
+
+	<target host="automx.org" />
+	<target host="www.automx.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Autopilot_HQ.com.xml b/src/chrome/content/rules/Autopilot_HQ.com.xml
new file mode 100644
index 000000000000..dd716c55af4e
--- /dev/null
+++ b/src/chrome/content/rules/Autopilot_HQ.com.xml
@@ -0,0 +1,47 @@
+<!--
+	Problematic hosts in *autopilothq.com:
+
+		- (www.)? ¹
+		- blog ¹
+		- developers ᴳ ᵐ ˣ
+		- flightschool ¹
+		- status ²
+
+	¹ Tor users blocked by CloudFlare settings
+	² StatusPage.io
+	ᴳ Github
+	ᵐ Mismatched
+	ˣ Mixed css
+
+
+	Insecure cookies are set for these hosts:
+
+		- .autopilothq.com
+
+
+	Mixed content:
+
+		- css on developers from $self ᵐ
+		- Images on developers from $self ᵐ
+
+	ᵐ Not secured by us <= mismatched
+
+-->
+<ruleset name="Autopilot HQ.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<!--target host="autopilothq.com" />	Needs clearnet testing	-->
+	<target host="api.autopilothq.com" />
+	<!--target host="blog.autopilothq.com" /-->
+	<!--target host="flightschool.autopilothq.com" /-->
+	<!--target host="www.autopilothq.com" /-->
+
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Autoscout24.ch.xml b/src/chrome/content/rules/Autoscout24.ch.xml
new file mode 100644
index 000000000000..e04b3a081a7e
--- /dev/null
+++ b/src/chrome/content/rules/Autoscout24.ch.xml
@@ -0,0 +1,52 @@
+<!--
+	Cert mismatch:
+		- int.admin
+		- int.api
+		- int.backoffice
+		- int.images
+		- int.stats
+		- news
+		- tour
+		- www.backoffice
+
+	HTTP redirect:
+		- (www.)
+		- backoffice
+		- ftp
+		- int
+		- int-images
+		- int-m
+		- m
+		- stage
+		- stage-admin
+		- stage-backoffice
+		- stage-m
+		- stage-stats
+
+	Timeout:
+		- autoweb03
+		- cms
+		- cms-stage
+		- cubeteamweb
+		- int-identity01
+		- mta
+		- picturepooltest
+		- reporting
+		- test-identity
+-->
+<ruleset name="Autoscout24.ch (partial)">
+	<target host="admin.autoscout24.ch" />
+	<target host="api.autoscout24.ch" />
+	<target host="cas01.autoscout24.ch" />
+	<target host="cas01-int.autoscout24.ch" />
+	<target host="content.autoscout24.ch" />
+	<target host="dynimages.autoscout24.ch" />
+	<target host="identity.autoscout24.ch" />
+	<target host="images.autoscout24.ch" />
+	<target host="int2.autoscout24.ch" />
+	<target host="newapi.autoscout24.ch" />
+	<target host="stage-api.autoscout24.ch" />
+	<target host="stats.autoscout24.ch" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Autoscout24.de.xml b/src/chrome/content/rules/Autoscout24.de.xml
new file mode 100644
index 000000000000..5184f83dbc26
--- /dev/null
+++ b/src/chrome/content/rules/Autoscout24.de.xml
@@ -0,0 +1,111 @@
+<!--
+		Cert mismatch:
+			- adobe
+			- b2bmarketplace
+			- beta
+			- click
+			- cms
+			- community
+			- motosharing.cs1
+			- dsl
+			- elektro
+			- glossar
+			- click.mails
+			- image.mails
+			- view.mails
+			- mobil
+			- ww2.motoscout24
+			- m1
+			- neuwagen
+			- newsletter
+			- www.suchen
+			- tanken
+			- view
+			- waschanlagen
+			- werkstatt
+			- demo.werkstatt
+			- ref.werkstatt
+			- secure.ref.werkstatt
+			- secure.werkstatt
+			- www.werkstatt
+			- ww2.werkstatt
+			- ww2
+			- ww4
+			- wwk
+
+		Connection Refused:
+			- adac
+			- www.adac
+			- angebote
+			- asp
+			- autokatalog
+			- autowissen
+			- www.autowissen
+			- contentregional
+			- counters
+			- detail
+			- ersatzteile
+			- fahrgestellt
+			- faircar
+			- www.faircar
+			- finden
+			- hackathon
+			- home
+			- images
+			- inno
+			- kamel4baku
+			- magazin
+			- www.motorpresse
+			- www.motoscout24
+			- www2.motoscout24
+			- muenchen
+			- newcar
+			- partner
+			- portale
+			- preise
+			- stock-reporter
+			- suche
+			- suchen
+			- t-online
+			- tat
+			- themen
+			- www.themen
+			- trucksblog
+			- unfallservice
+
+		Timeout:
+			- administration
+			- as-gw
+			- as24mail
+			- b2b.werkstatt
+			- carsharing
+			- gateway
+			- gw-office
+			- mails
+			- www.b2b.werkstatt
+-->
+
+<ruleset name="Autoscout24.de">
+
+	<target host="www.autoscout24.de" />
+	<target host="angebot.autoscout24.de" />
+	<target host="data.api.autoscout24.de" />
+	<target host="fahrzeuge.autoscout24.de" />
+	<target host="haendler.autoscout24.de" />
+	<target host="leadmanagement.autoscout24.de" />
+	<target host="m.autoscout24.de" />
+	<target host="secure.magazin.autoscout24.de" />
+	<target host="meinauto.autoscout24.de" />
+	<target host="secure.meinauto.autoscout24.de" />
+	<target host="myarea.autoscout24.de" />
+	<target host="secure.neuwagen.autoscout24.de" />
+	<target host="sadobe.autoscout24.de" />
+	<target host="secure.autoscout24.de" />
+	<target host="services.autoscout24.de" />
+	<target host="testfahrer.autoscout24.de" />
+	<target host="ut.autoscout24.de" />
+	<target host="secure.ww2.autoscout24.de" />
+	<target host="ww3.autoscout24.de" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Autosite.com.xml b/src/chrome/content/rules/Autosite.com.xml
new file mode 100644
index 000000000000..b5987032659d
--- /dev/null
+++ b/src/chrome/content/rules/Autosite.com.xml
@@ -0,0 +1,46 @@
+<!--
+	Problematic hosts in *autosite.com:
+
+		- dealers *
+
+	* Mixed css
+
+
+	Insecure cookies are set for these hosts:
+
+		- dealers.autosite.com
+
+-->
+<ruleset name="Autosite.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="dealers.autosite.com" />
+		<!--
+			Avoid broken MCB:
+						-->
+		<exclusion pattern="^http://dealers\.autosite\.com/+(?![Cc]ontent/|favicon\.ico)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://dealers.autosite.com/ppc/mazda/mazda3" />
+			<test url="http://dealers.autosite.com/privacy" />
+			<test url="http://dealers.autosite.com/subaru/xv.crosstrek" />
+
+			<!--	-ve:
+					-->
+			<test url="http://dealers.autosite.com/content/images/autosite/userimages/get-started-button.png" />
+			<test url="http://dealers.autosite.com/favicon.ico" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^dealers\.autosite\.com$" name="^(\.ASPXANONYMOUS|ASP\.NET_SessionId|atpweb|device_detect)$" /-->
+
+	<!--securecookie host="^dealers\.autosite\.com$" name=".+" /-->
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Autotools.io.xml b/src/chrome/content/rules/Autotools.io.xml
new file mode 100644
index 000000000000..69f9f97ecc69
--- /dev/null
+++ b/src/chrome/content/rules/Autotools.io.xml
@@ -0,0 +1,9 @@
+<ruleset name="Autotools.io">
+
+	<target host="autotools.io" />
+	<target host="www.autotools.io" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Av18mov.com.xml b/src/chrome/content/rules/Av18mov.com.xml
deleted file mode 100644
index d4e4615e458b..000000000000
--- a/src/chrome/content/rules/Av18mov.com.xml
+++ /dev/null
@@ -1,62 +0,0 @@
-<!--
-	Mixed content:
-
-		- Images on www, from:
-
-			- ^ *
-			- 108.imagebam.com **
-			- thumbnails10\d.imagebam.com **
-			- www.picdee.com **
-			- www.picloader3.com **
-			- (www.)picloader4.com **
-			- s22.postimg.org
-			- postto.me
-			- th.upic.me
-			- img100.xvideos.com **
-			- i\d.ytimg.com *
-
-		- Ads/web bugs on www, from:
-
-			- www.affxx.com **
-			- www.affzzz.com **
-			- www.auto-ping.com **
-			- backlinks.vn **
-			- www.backlinksthai.com **
-			- www.bretagne-web.eu
-			- www.cpm-banner.com **
-			- www.cárdenas.net **
-			- sstatic1.histats.com **
-			- www.imagescream.com **
-			- www.lbacklink.com **
-			- www.likeyed.com
-			- www.movzeed.com
-			- www.nisit69.com
-			- www.ping-fast.com
-			- www.textbacklinkexchanges.com **
-			- s2.thstats.com **
-			- www.upx69.com
-			- www.ursula1.de **
-			- kodsana.vdoth.com
-			- bucklink.xtgem.com
-			- www.ybacklink.com
-			- yoursav.com
-			- www.zeedpic69.com *
-			- zeedzeed.com **
-
-	* Secured by us
-	** Unsecurable
-
--->
-<ruleset name="av18mov.com">
-
-	<target host="av18mov.com" />
-	<target host="*.av18mov.com" />
-
-
-	<securecookie host="^(?:w*\.)?av18mov\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?av18mov\.com/"
-		to="https://$1av18mov.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/AvaDomains.com.xml b/src/chrome/content/rules/AvaDomains.com.xml
deleted file mode 100644
index 490b1813b530..000000000000
--- a/src/chrome/content/rules/AvaDomains.com.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	- Expired 2010-07-11
-	- !www: cert only matches www
-
--->
-<ruleset name="AvaDomains.com" default_off="expired">
-
-	<target host="avadomains.com" />
-	<target host="www.avadomains.com" />
-
-
-	<rule from="^https?://(?:www\.)?avadomains\.com/"
-		to="https://www.avadomains.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/AvaHost.xml b/src/chrome/content/rules/AvaHost.xml
index c0db042d64fc..2baf205e3d3e 100644
--- a/src/chrome/content/rules/AvaHost.xml
+++ b/src/chrome/content/rules/AvaHost.xml
@@ -1,15 +1,18 @@
-<!--
-	Other AvaHost rulesets:
 
-		- AvaDomains.com.xml
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.secure.avahost.net/ => https://www.secure.avahost.net/: (51, "SSL: no alternative certificate subject name matches target host name 'www.secure.avahost.net'")
 
+Disabled by https-everywhere-checker because:
+Fetch error: http://secure.avahost.net/ => https://secure.avahost.net/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.secure.avahost.net/ => https://www.secure.avahost.net/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 
 	Nonfunctional subdomains:
 
 		- (www.)	(shows an old revision; mismatched, CN: www.avadomains.com)
 
 -->
-<ruleset name="AvaHost (partial)">
+<ruleset name="AvaHost (partial)" default_off="failed ruleset test">
 
 	<target host="secure.avahost.net" />
 	<target host="www.secure.avahost.net" />
@@ -18,7 +21,6 @@
 	<securecookie host="^(?:www\.)?secure\.avahost\.net$" name=".+" />
 
 
-	<rule from="^http://(www\.)?secure\.avahost\.net/"
-		to="https://$1secure.avahost.net/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Avaaz.xml b/src/chrome/content/rules/Avaaz.xml
deleted file mode 100644
index 690e26ae3ce8..000000000000
--- a/src/chrome/content/rules/Avaaz.xml
+++ /dev/null
@@ -1,28 +0,0 @@
-<!--
-	CDN buckets:
-
-		- avaaz_images.s3.amazonaws.com
-
-
-	Problematic subdomains:
-
-		- static	(reset)
-		- www		(mismatched, CN: ssl.cdngc.net)
-
--->
-<ruleset name="Avaaz">
-
-	<target host="avaaz.org" />
-	<target host="*.avaaz.org" />
-
-
-	<securecookie host="^\.avaaz\.org$" name=".+" />
-
-
-	<rule from="^http://(?:secure\.|static\.|www\.)?avaaz\.org/"
-		to="https://secure.avaaz.org/" />
-
-	<rule from="^http://(en|stats)\.avaaz\.org/"
-		to="https://$1.avaaz.org/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Avadirect.com.xml b/src/chrome/content/rules/Avadirect.com.xml
index 95ad247e67c2..63ca45d7a85f 100644
--- a/src/chrome/content/rules/Avadirect.com.xml
+++ b/src/chrome/content/rules/Avadirect.com.xml
@@ -1,5 +1,46 @@
-<ruleset name="Avadirect">
+<!--
+	Insecure cookies are set for these hosts:
+
+		- www.avadirect.com
+
+-->
+<ruleset name="AVADirect.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+  <target host="avadirect.com"/>
   <target host="www.avadirect.com"/>
-  <rule from="^http://(www\.)?avadirect\.com/" to="https://www.avadirect.com/"/>
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.avadirect\.com/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.avadirect\.com/+(?!(?:[Aa]ccount|[Ff]orum|[Ll]ogin)(?:$|[?/]))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.avadirect.com/About-Us" />
+			<test url="http://www.avadirect.com/Cart" />
+			<test url="http://www.avadirect.com/Press-Release" />
+			<test url="http://www.avadirect.com/Reviews" />
+			<test url="http://www.avadirect.com/Showroom" />
+			<test url="http://www.avadirect.com/blog" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.avadirect.com/Account" />
+			<test url="http://www.avadirect.com/Login" />
+			<test url="http://www.avadirect.com/forum" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.avadirect\.com$" name="^(?:\.ASPPG|ASPPG\.ASPPGSession)$" /-->
+
+
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
 
diff --git a/src/chrome/content/rules/Avahi.org.xml b/src/chrome/content/rules/Avahi.org.xml
new file mode 100644
index 000000000000..62d24f66e946
--- /dev/null
+++ b/src/chrome/content/rules/Avahi.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="Avahi.org">
+	<target host="avahi.org" />
+	<target host="www.avahi.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Avangard.ru.xml b/src/chrome/content/rules/Avangard.ru.xml
new file mode 100644
index 000000000000..e94aaeb216ae
--- /dev/null
+++ b/src/chrome/content/rules/Avangard.ru.xml
@@ -0,0 +1,12 @@
+<!--cards. timed out
+demo. mismatch
+corporate. timed out-->
+<ruleset name="Avangard.ru">
+	<target host="avangard.ru" />
+	<target host="www.avangard.ru" />
+
+	<rule from="^http://avangard\.ru/"
+		to="https://www.avangard.ru/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Avangate.xml b/src/chrome/content/rules/Avangate.xml
index 84e0ab673053..d12e71bc8864 100644
--- a/src/chrome/content/rules/Avangate.xml
+++ b/src/chrome/content/rules/Avangate.xml
@@ -5,17 +5,22 @@
 <ruleset name="Avangate (partial)">
 
 	<target host="avangate.com" />
-	<target host="*.avangate.com" />
+	<target host="www.avangate.com" />
+	<target host="cdn.avangate.com" />
+	<target host="arms.avangate.com" />
+	<target host="download.avangate.com" />
+	<target host="download2.avangate.com" />
+	<target host="secure.avangate.com" />
 	<target host="edge.avangate.net" />
 
 
-	<securecookie host="^secure\.avangate\.com$" name=".*" />
+	<securecookie host="^secure\.avangate\.com$" name=".+" />
 
 
 	<rule from="^http://www\.avangate\.com/(docs/|favicon\.ico|images/|template_new/)"
 		to="https://www.avangate.com/$1" />
 
-	<rule from="^https?://cdn\.avangate\.com/web/"
+	<rule from="^http://cdn\.avangate\.com/web/"
 		to="https://www.avangate.com/" />
 
 	<rule from="^http://((?:arms|download2?|secure)\.)?avangate\.com/"
diff --git a/src/chrome/content/rules/Avantar.com.xml b/src/chrome/content/rules/Avantar.com.xml
new file mode 100644
index 000000000000..85cfdb2ff2ae
--- /dev/null
+++ b/src/chrome/content/rules/Avantar.com.xml
@@ -0,0 +1,17 @@
+<!--
+	NB: Server sends no certificate chain, see https://whatsmychaincert.com
+
+-->
+<ruleset name="Avantar.com" default_off="cert-chain">
+
+	<target host="avantar.com" />
+	<target host="www.avantar.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Avanticdn.xml b/src/chrome/content/rules/Avanticdn.xml
deleted file mode 100644
index d68761bc62ca..000000000000
--- a/src/chrome/content/rules/Avanticdn.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="avanticdn (partial)">
-
-	<target host="cdn.avanti247.com" />
-
-
-	<rule from="^http://cdn\.avanti247\.com/"
-		to="https://cdn.avanti247.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Avanza.se.xml b/src/chrome/content/rules/Avanza.se.xml
index 70d42fda023f..1a06794b0735 100644
--- a/src/chrome/content/rules/Avanza.se.xml
+++ b/src/chrome/content/rules/Avanza.se.xml
@@ -1,8 +1,8 @@
 <!-- already enforces SSL. adding to prevent ssl strip attacks -->
 <ruleset name="Avanza.se">
-  <target host="www.Avanza.se" />
-  <target host="Avanza.se" />
-  <rule from="^http://www\.avanza\.se/" to="https://www.avanza.se/"/>
-  <rule from="^http://avanza\.se/" to="https://www.avanza.se/"/>
+	<target host="avanza.se" />
+	<target host="www.avanza.se" />
+
+	<rule from="^http:" to="https:"/>
 </ruleset>
 
diff --git a/src/chrome/content/rules/Avast.com-falsemixed.xml b/src/chrome/content/rules/Avast.com-falsemixed.xml
deleted file mode 100644
index f828d334e78a..000000000000
--- a/src/chrome/content/rules/Avast.com-falsemixed.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<!--
-	For rules not causing false/broken MCB, see Avast.com.xml.
-
--->
-<ruleset name="Avast.com (false MCB)" platform="mixedcontent">
-
-	<target host="forum.avast.com" />
-
-
-	<rule from="^http://forum\.avast\.com/"
-		to="https://forum.avast.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Avast.com.xml b/src/chrome/content/rules/Avast.com.xml
index bffe7a57063a..fdba321d76de 100644
--- a/src/chrome/content/rules/Avast.com.xml
+++ b/src/chrome/content/rules/Avast.com.xml
@@ -1,90 +1,59 @@
 <!--
-	For rules causing false/broken MCB, see Avast.com-falsemixed.xml.
-
-
 	CDN buckets:
-
 		- avast.com.edgesuite.net
-
-			- a1639.g1.akamai.net
 			- sf0.iavs.net
-
 		- avast.co.jp.ldc.d3.sc.omtrdc.net
-
 			- an.avast.com
 
+	Redirects to http:
+		- foundation.avast.com
 
-	Nonfunctional subdomains:
-
-		- ^		(403, valid cert)
-		- www		(redirects to http, valid cert)
-
-
-	Problematic domains:
-
-		- sf0.iavs.net	(works, akamai)
-
-
-	Fully covered domains:
-
-		- avast.com subdomains:
-
-			- an	(→ avast-co-jp-ldc.d3.sc.omtrdc.net)
-			- ans
-			- blog
-			- id
-			- my
-			- static
-			- support
-
-		- sf0.iavs.net	(→ akamai)
-
-
-	Mixed content:
-
-		- css on forum from sf0.iavs.net *
-		- Images on forum from sf0.iavs.net *
-		- Web bug on forum from an *
-
-	* Secured by us
-
-
-	forum is in a separate falsemixed ruleset
-	due to css from sf0.iavs.net.
-
-	NB: We secure all resources, and thus
-	falsemixed should be merged for Ffx 24.
+	Invalid certificate:
+		- an.avast.com
+		- ans.avast.com
+		- ts.avast.com
+		- *.u.avast.com
 
+	Insecure cookies are set for these domains and hosts:
+		- .avast.com
+		- id.avast.com
+		- press.avast.com
+		- www.avast.com
 -->
-<ruleset name="Avast (partial)">
-
-	<!--	Avast has started reditecting HTTPS to HTTP on its main site :(
-
-			https://trac.torproject.org/projects/tor/ticket/3779
 
-	<target host="avast.com" /-->
-	<target host="*.avast.com" />
-		<!--
-			Avoid false/broken MCB:
-						-->
-		<exclusion pattern="^http://forum\." />
-	<target host="sf0.iavs.net" />
+<ruleset name="Avast.com (partial)">
 
-
-	<securecookie host="^\.avast\.com$" name="^s_vi$" />
-	<securecookie host="^(?:blog|my)\.avast\.com$" name=".+" />
-
-
-	<!--rule from="^http://(?:www\.)?avast\.com/"
-		to="https://www.avast.com/" /-->
-
-	<rule from="^http://an\.avast\.com/"
+	<!--	Complications:
+				-->
+	<target host="an.avast.com" />
+	<target host="ans.avast.com" />
+	<rule from="^http://ans?\.avast\.com/"
 		to="https://avast-co-jp-ldc.d3.sc.omtrdc.net/" />
-
-	<rule from="^http://(ans|blog|forum|id|my|static|support)\.avast\.com/"
-		to="https://$1.avast.com/" />
-
-	<rule from="^http://sf0\.iavs\.net/"
-		to="https://a248.e.akamai.net/f/1639/9783/9m/sf0.iavs.net/" />
-
+		<test url="http://an.avast.com/robots.txt" />
+		<test url="http://ans.avast.com/robots.txt" />
+
+	<!--	Direct rewrites:
+				-->
+	<target host="avast.com" />
+	<target host="www.avast.com" />
+	<target host="blog.avast.com" />
+	<target host="files.avast.com" />
+	<target host="forum.avast.com" />
+	<target host="help.avast.com" />
+	<target host="id.avast.com" />
+	<target host="my.avast.com" />
+	<target host="press.avast.com" />
+	<target host="static.avast.com" />
+	<target host="static2.avast.com" />
+	<target host="support.avast.com" />
+
+	<target host="*.support.avast.com" />
+		<test url="http://cs.support.avast.com/" />
+		<test url="http://fr.support.avast.com/" />
+		<test url="http://ru.support.avast.com/" />
+
+	<securecookie host="^\." name="^s_vi$" />
+	<securecookie host="^\w" name=".+" />
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Avaxhome.ws.xml b/src/chrome/content/rules/Avaxhome.ws.xml
deleted file mode 100644
index d14d14281a08..000000000000
--- a/src/chrome/content/rules/Avaxhome.ws.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="Avaxhome.ws (partial)">
-  <target host="avaxhome.ws"/>
-  <target host="www.avaxhome.ws"/>
-  <rule from="^http://(www\.)?avaxhome\.ws/" to="https://avaxhome.ws/"/>
-</ruleset>
-<!-- Rule generated by HTTPS Finder 0.85 -->
\ No newline at end of file
diff --git a/src/chrome/content/rules/Avaya.xml b/src/chrome/content/rules/Avaya.xml
index bb66f6b8f0de..d92beec7172f 100644
--- a/src/chrome/content/rules/Avaya.xml
+++ b/src/chrome/content/rules/Avaya.xml
@@ -1,7 +1,12 @@
 <ruleset name="Avaya (partial)">
 
 	<target host="avaya.com" />
-	<target host="*.avaya.com" />
+	<target host="www.avaya.com" />
+	<target host="downloads.avaya.com" />
+	<target host="grt.avaya.com" />
+	<target host="sso.avaya.com" />
+	<target host="support.avaya.com" />
+	<target host="supportbetasite-stg.avaya.com" />
 
 
 	<securecookie host="^.+\.avaya\.com$" name=".+" />
@@ -10,10 +15,10 @@
 	<!--	- Cert only matches www
 		- At least some pages 30 to http
 						-->
-	<rule from="^https?://(?:www\.)?avaya\.com/(_assets/|PremiumIcon\.asp|uk/ResourceWriter\.ashx|uk/RtImage\.aspx)"
+	<rule from="^http://(?:www\.)?avaya\.com/(_assets/|PremiumIcon\.asp|uk/ResourceWriter\.ashx|uk/RtImage\.aspx)"
 		to="https://www.avaya.com/$1" />
 
 	<rule from="^http://(downloads|grt|sso|support(?:betasite-stg)?)\.avaya\.com/"
 		to="https://$1.avaya.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Avectra.com.xml b/src/chrome/content/rules/Avectra.com.xml
deleted file mode 100644
index 10a38b3e2b5f..000000000000
--- a/src/chrome/content/rules/Avectra.com.xml
+++ /dev/null
@@ -1,33 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.) *
-		- blog *
-		- fundraising *
-		- support	(interrupted)
-
-	* Refused
-
-
-	Mixed content:
-
-		- Images on www2 from www2 *
-
-	* Secured by us
-
--->
-<ruleset name="Avectra.com (partial)">
-
-	<target host="*.avectra.com" />
-
-
-	<securecookie host="^www2\.avectra\.com$" name=".+" />
-
-
-	<rule from="^http://success\.avectra\.com/(?=css/|images/|js/|rs/)"
-		to="https://na-abk.marketo.com/" />
-
-	<rule from="^http://www2\.avectra\.com/"
-		to="https://www2.avectra.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Avenatti.com.xml b/src/chrome/content/rules/Avenatti.com.xml
new file mode 100644
index 000000000000..65c0443a5e24
--- /dev/null
+++ b/src/chrome/content/rules/Avenatti.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="Avenatti.com">
+	<target host="avenatti.com" />
+	<target host="www.avenatti.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AvenirClimatique.org.xml b/src/chrome/content/rules/AvenirClimatique.org.xml
new file mode 100644
index 000000000000..cdff72eb29bc
--- /dev/null
+++ b/src/chrome/content/rules/AvenirClimatique.org.xml
@@ -0,0 +1,13 @@
+<ruleset name="AvenirClimatique.org">
+
+	<target host="avenirclimatique.org" />
+	<target host="www.avenirclimatique.org" />
+	<target host="bcptransparent.avenirclimatique.org" />
+	<target host="www.bcptransparent.avenirclimatique.org" />
+	<target host="conferences.avenirclimatique.org" />
+	<target host="gestes.avenirclimatique.org" />
+	<target host="wiki.avenirclimatique.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Avid.com.xml b/src/chrome/content/rules/Avid.com.xml
new file mode 100644
index 000000000000..85efc563123c
--- /dev/null
+++ b/src/chrome/content/rules/Avid.com.xml
@@ -0,0 +1,34 @@
+<!--
+	403 status code:
+		resources.avid.com
+
+	Invalid certificate:
+		cdn.avid.com
+		duc.avid.com
+		learn-cdn.avid.com
+
+	MCB:
+		community.avid.com
+
+	Redirects:
+		account.avid.com → my.avid.com
+		apps.avid.com → www.avid.com
+		esd.avid.com → my.avid.com
+
+	Timeout was reached:
+		euphonix.avid.com
+-->
+<ruleset name="Avid.com">
+	<target host="avid.com" />
+	<target host="www.avid.com" />
+	<target host="account.avid.com" />
+	<target host="apps.avid.com" />
+	<target host="community.avid.com" />
+	<target host="esd.avid.com" />
+	<target host="my.avid.com" />
+	<target host="shop.avid.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Avidemux.org.xml b/src/chrome/content/rules/Avidemux.org.xml
new file mode 100644
index 000000000000..e560d791960c
--- /dev/null
+++ b/src/chrome/content/rules/Avidemux.org.xml
@@ -0,0 +1,15 @@
+<!--
+	Active mixed content:
+		- avidemux.org
+
+	Invalid certificate:
+		- bugs.avidemux.org
+		- smtp.avidemux.org
+-->
+
+<ruleset name="Avidemux.org">
+	<target host="avidemux.org" />
+	<target host="www.avidemux.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Avinc.com.xml b/src/chrome/content/rules/Avinc.com.xml
index 3d44a7d726d5..bb2a6e55ebbd 100644
--- a/src/chrome/content/rules/Avinc.com.xml
+++ b/src/chrome/content/rules/Avinc.com.xml
@@ -28,7 +28,9 @@
 <ruleset name="Avinc.com">
 
 	<target host="avinc.com" />
-	<target host="*.avinc.com" />
+	<target host="avportal.avinc.com" />
+	<target host="www.avinc.com" />
+	<target host="investor.avinc.com" />
 
 
 	<securecookie host="^(?:\.avportal|www)?\.avinc\.com$" name=".+" />
@@ -40,4 +42,4 @@
 	<rule from="^http://investor\.avinc\.com/common/"
 		to="https://investor.shareholder.com/common/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Avios.com.xml b/src/chrome/content/rules/Avios.com.xml
new file mode 100644
index 000000000000..f992a6552330
--- /dev/null
+++ b/src/chrome/content/rules/Avios.com.xml
@@ -0,0 +1,54 @@
+<!--
+	Non-functional subdomains:
+		- www.aviosandaway	(t)
+		- avioslocal	(e)
+		- aws	(t)
+		- dropple	(t)
+		- content.email	(m)
+		- links.emails	(m)
+		- m	(t)
+		- magic	(m)
+		- partnermanager	(r)
+		- partnermanageruat	(e)
+		- share	(t)
+		- shoppingtest	(m)
+		- survey	(i)
+		- www.survey	(t)
+		- wfm	(invalid redirect)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Avios">
+
+	<target host="avios.com" />
+	<target host="www.avios.com" />
+	<target host="adfs.avios.com" />
+	<target host="aglctx.avios.com" />
+	<target host="api.avios.com" />
+	<target host="cardregistration.avios.com" />
+	<target host="chat.avios.com" />
+	<target host="collectonhotelscarsandmore.avios.com" />
+	<target host="creative.avios.com" />
+	<target host="developer.avios.com" />
+	<target host="hotelscarsandmore.avios.com" />
+	<target host="jobs.avios.com" />
+	<target host="mobile.avios.com" />
+	<target host="more-for-africa.avios.com" />
+	<target host="mumsnet.avios.com" />
+	<target host="partnerservices.avios.com" />
+	<target host="pay.avios.com" />
+	<target host="shopping.avios.com" />
+	<target host="testpay.avios.com" />
+	<target host="wine.avios.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Avira.xml b/src/chrome/content/rules/Avira.xml
index de3e926b0d68..6c60d9c7c131 100644
--- a/src/chrome/content/rules/Avira.xml
+++ b/src/chrome/content/rules/Avira.xml
@@ -1,17 +1,52 @@
-<ruleset name="Avira">
 
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://forum.avira.com/ => https://forum.avira.com/: (51, "SSL: no alternative certificate subject name matches target host name 'forum.avira.com'")
+Fetch error: http://myaccount.avira.com/ => https://myaccount.avira.com/: (6, 'Could not resolve host: myaccount.avira.com')
+Fetch error: http://www.forum.avira.com/ => https://forum.avira.com/: (51, "SSL: no alternative certificate subject name matches target host name 'forum.avira.com'")
+Fetch error: http://www.license.avira.com/ => https://license.avira.com/: Too many redirects while fetching 'https://license.avira.com/'
+Fetch error: http://www.myaccount.avira.com/ => https://myaccount.avira.com/: (6, 'Could not resolve host: myaccount.avira.com')
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .avira.com
+		- www.avira.com
+
+-->
+<ruleset name="Avira.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
 	<target host="avira.com" />
-	<target host="*.avira.com" />
+	<target host="analysis.avira.com" />
+	<target host="forum.avira.com" />
+	<target host="license.avira.com" />
+	<target host="myaccount.avira.com" />
+	<target host="partnernet.avira.com" />
+	<target host="www.avira.com" />
 
+	<!--	Complications:
+				-->
+	<target host="www.analysis.avira.com" />
+	<target host="www.forum.avira.com" />
+	<target host="www.license.avira.com" />
+	<target host="www.myaccount.avira.com" />
+	<target host="www.partnernet.avira.com" />
 
-	<!--securecookie host="^\.avira\.com$" name="^av_cid$" /-->
-	<securecookie host="^www\.avira\.com$" name=".+" />
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.avira\.com$" name="^(?:__qca|av_cid|avr_pp|country|language)$" /-->
+	<!--securecookie host="^www\.avira\.com$" name="^(?:PHPSESSID|passthrough|permpassthrough)$" /-->
+
+	<securecookie host="^\.avira\.com$" name="^__qca$" />
+	<securecookie host="^www\.avira\.com$" name=".+" />
 
-	<rule from="^http://(?:www\.)?avira\.com/"
-		to="https://www.avira.com/" />
 
-	<rule from="^http://(?:www\.)?(analysis|forum|license|myaccount|partnernet)\.avira\.com/"
+	<rule from="^http://www\.(analysis|forum|license|myaccount|partnernet)\.avira\.com/"
 		to="https://$1.avira.com/" />
 
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/Avis-Japan.com.xml b/src/chrome/content/rules/Avis-Japan.com.xml
new file mode 100644
index 000000000000..21ea07d9f108
--- /dev/null
+++ b/src/chrome/content/rules/Avis-Japan.com.xml
@@ -0,0 +1,29 @@
+<!--
+	For other Avis related rulesets, see Avis.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(m)
+		- (www.)blog.staff		(s)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Avis-Japan.com">
+
+	<target host="avis-japan.com" />
+	<target host="www.avis-japan.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://avis-japan\.com/"
+		to="https://www.avis-japan.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Avis-Tahiti.com.xml b/src/chrome/content/rules/Avis-Tahiti.com.xml
new file mode 100644
index 000000000000..074b455e4d9d
--- /dev/null
+++ b/src/chrome/content/rules/Avis-Tahiti.com.xml
@@ -0,0 +1,28 @@
+<!--
+	For other Avis related rulesets, see Avis.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(HTTP 404 error)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Avis-Tahiti.com">
+
+	<target host="avis-tahiti.com" />
+	<target host="www.avis-tahiti.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://avis-tahiti\.com/"
+		to="https://www.avis-tahiti.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Avis-Taiwan.com.xml b/src/chrome/content/rules/Avis-Taiwan.com.xml
new file mode 100644
index 000000000000..914b7f5a677b
--- /dev/null
+++ b/src/chrome/content/rules/Avis-Taiwan.com.xml
@@ -0,0 +1,26 @@
+<!--
+	For other Avis related rulesets, see Avis.com.xml
+
+
+	Non-functional subdomains:
+		- partner	(t)
+		- sys		(i)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Avis-Taiwan.com">
+
+	<target host="avis-taiwan.com" />
+	<target host="www.avis-taiwan.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Avis-sxm.com.xml b/src/chrome/content/rules/Avis-sxm.com.xml
new file mode 100644
index 000000000000..a8354563b6e2
--- /dev/null
+++ b/src/chrome/content/rules/Avis-sxm.com.xml
@@ -0,0 +1,13 @@
+<!--
+	For other Avis related rulesets, see Avis.com.xml
+-->
+<ruleset name="Avis-sxm.com">
+
+	<target host="avis-sxm.com" />
+	<target host="www.avis-sxm.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Avis.at.xml b/src/chrome/content/rules/Avis.at.xml
new file mode 100644
index 000000000000..840ce8b9b35d
--- /dev/null
+++ b/src/chrome/content/rules/Avis.at.xml
@@ -0,0 +1,30 @@
+<!--
+	For other Avis related rulesets, see Avis.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Avis.at">
+
+	<target host="avis.at" />
+	<target host="www.avis.at" />
+	<target host="mirror.avis.at" />
+	<target host="secure.avis.at" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://avis\.at/"
+		to="https://www.avis.at/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Avis.be.xml b/src/chrome/content/rules/Avis.be.xml
new file mode 100644
index 000000000000..9b7c0aebecbf
--- /dev/null
+++ b/src/chrome/content/rules/Avis.be.xml
@@ -0,0 +1,30 @@
+<!--
+	For other Avis related rulesets, see Avis.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Avis.be">
+
+	<target host="avis.be" />
+	<target host="www.avis.be" />
+	<target host="mirror.avis.be" />
+	<target host="secure.avis.be" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://avis\.be/"
+		to="https://www.avis.be/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Avis.ca.xml b/src/chrome/content/rules/Avis.ca.xml
new file mode 100644
index 000000000000..0c5b96cc0b81
--- /dev/null
+++ b/src/chrome/content/rules/Avis.ca.xml
@@ -0,0 +1,26 @@
+<!--
+	For other Avis related rulesets, see Avis.com.xml
+
+
+	Non-functional subdomains:
+		- locations		(e)
+		- qa		(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Avis.ca">
+
+	<target host="avis.ca" />
+	<target host="www.avis.ca" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Avis.ch.xml b/src/chrome/content/rules/Avis.ch.xml
new file mode 100644
index 000000000000..508f2ce03707
--- /dev/null
+++ b/src/chrome/content/rules/Avis.ch.xml
@@ -0,0 +1,30 @@
+<!--
+	For other Avis related rulesets, see Avis.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(m)
+		- m		(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Avis.ch">
+
+	<target host="avis.ch" />
+	<target host="www.avis.ch" />
+	<target host="secure.avis.ch" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://avis\.ch/"
+		to="https://www.avis.ch/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Avis.cl.xml b/src/chrome/content/rules/Avis.cl.xml
new file mode 100644
index 000000000000..3e49399b99fb
--- /dev/null
+++ b/src/chrome/content/rules/Avis.cl.xml
@@ -0,0 +1,29 @@
+<!--
+	For other Avis related rulesets, see Avis.com.xml
+
+
+	Non-functional subdomains:
+		- consultas		(r)
+		- locations		(e)
+		- mail		(i)
+		- pehuen	(i)
+		- webmail	(i)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Avis.cl">
+
+	<target host="avis.cl" />
+	<target host="www.avis.cl" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Avis.co.il.xml b/src/chrome/content/rules/Avis.co.il.xml
new file mode 100644
index 000000000000..7be09fce7f20
--- /dev/null
+++ b/src/chrome/content/rules/Avis.co.il.xml
@@ -0,0 +1,40 @@
+<!--
+	For other Avis related rulesets, see Avis.com.xml
+
+
+	Non-functional subdomains:
+		- book	(i)
+		- carsale	(t)
+		- lead	(t)
+		- order	(t)
+		- outgoing	(h)
+		- rent	(h)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Avis.co.il">
+
+	<target host="avis.co.il" />
+	<target host="www.avis.co.il" />
+	<target host="agent.avis.co.il" />
+		<test url="http://agent.avis.co.il/favicon.ico" />
+	<target host="api.avis.co.il" />
+	<target host="dev.avis.co.il" />
+	<target host="incoming.avis.co.il" />
+	<target host="leasing.avis.co.il" />
+	<target host="m.avis.co.il" />
+
+	<securecookie host=".+" name=".+" />
+
+	<!-- Redirects to http -->
+	<exclusion pattern="^http://agent.avis.co.il/$" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Avis.co.nz.xml b/src/chrome/content/rules/Avis.co.nz.xml
new file mode 100644
index 000000000000..98046691f32d
--- /dev/null
+++ b/src/chrome/content/rules/Avis.co.nz.xml
@@ -0,0 +1,31 @@
+<!--
+	For other Avis related rulesets, see Avis.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(m)
+		- locations		(e)
+		- qa		(HTTP 503 error)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Avis.co.nz">
+
+	<target host="avis.co.nz" />
+	<target host="www.avis.co.nz" />
+	<target host="pages.e.avis.co.nz" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://avis\.co\.nz/"
+		to="https://www.avis.co.nz/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Avis.co.uk.xml b/src/chrome/content/rules/Avis.co.uk.xml
new file mode 100644
index 000000000000..a3b39ae12100
--- /dev/null
+++ b/src/chrome/content/rules/Avis.co.uk.xml
@@ -0,0 +1,33 @@
+<!--
+	For other Avis related rulesets, see Avis.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(m)
+		- lufthansa		(i)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Avis.co.uk">
+
+	<target host="avis.co.uk" />
+	<target host="www.avis.co.uk" />
+	<target host="blog.avis.co.uk" />
+	<target host="mirror.avis.co.uk" />
+	<target host="reporting.avis.co.uk" />
+	<target host="secure.avis.co.uk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://avis\.co\.uk/"
+		to="https://www.avis.co.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Avis.co.za.xml b/src/chrome/content/rules/Avis.co.za.xml
new file mode 100644
index 000000000000..7176222d3456
--- /dev/null
+++ b/src/chrome/content/rules/Avis.co.za.xml
@@ -0,0 +1,45 @@
+<!--
+	For other Avis related rulesets, see Avis.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(m)
+		- edmscc	(t)
+		- flysaa	(m)
+		- mm		(t)
+		- online	(i)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Avis.co.za">
+
+	<target host="avis.co.za" />
+	<target host="www.avis.co.za" />
+	<target host="alc.avis.co.za" />
+	<target host="alcluxury.avis.co.za" />
+	<target host="book.avis.co.za" />
+	<target host="edms.avis.co.za" />
+	<target host="inbound.avis.co.za" />
+	<target host="mirror.avis.co.za" />
+	<target host="momentum.avis.co.za" />
+	<target host="reporting.avis.co.za" />
+	<target host="secure.avis.co.za" />
+	<target host="secure-mirror.avis.co.za" />
+	<target host="sitecoreforms.avis.co.za" />
+	<target host="sitecoreinv.avis.co.za" />
+	<target host="t.avis.co.za" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://avis\.co\.za/"
+		to="https://www.avis.co.za/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Avis.com.ar.xml b/src/chrome/content/rules/Avis.com.ar.xml
new file mode 100644
index 000000000000..b304e9a7afba
--- /dev/null
+++ b/src/chrome/content/rules/Avis.com.ar.xml
@@ -0,0 +1,27 @@
+<!--
+	For other Avis related rulesets, see Avis.com.xml
+
+
+	Non-functional subdomains:
+		- budget		(t)
+		- desa		(t)
+		- mail		(i)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Avis.com.ar">
+
+	<target host="avis.com.ar" />
+	<target host="www.avis.com.ar" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Avis.com.au.xml b/src/chrome/content/rules/Avis.com.au.xml
new file mode 100644
index 000000000000..1200a1f13821
--- /dev/null
+++ b/src/chrome/content/rules/Avis.com.au.xml
@@ -0,0 +1,32 @@
+<!--
+	For other Avis related rulesets, see Avis.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(m)
+		- locations		(m)
+		- qa			(HTTP 503 error)
+		- qa[1-3]		(HTTP 503 error)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Avis.com.au">
+
+	<target host="avis.com.au" />
+	<target host="www.avis.com.au" />
+	<target host="pages.e.avis.com.au" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://avis\.com\.au/"
+		to="https://www.avis.com.au/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Avis.com.co.xml b/src/chrome/content/rules/Avis.com.co.xml
new file mode 100644
index 000000000000..63368b91f641
--- /dev/null
+++ b/src/chrome/content/rules/Avis.com.co.xml
@@ -0,0 +1,28 @@
+<!--
+	For other Avis related rulesets, see Avis.com.xml
+
+
+	Non-functional subdomains:
+		- www		(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Avis.com.co">
+
+	<target host="avis.com.co" />
+	<target host="www.avis.com.co" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://www\.avis\.com\.co/"
+		to="https://avis.com.co/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Avis.com.do.xml b/src/chrome/content/rules/Avis.com.do.xml
new file mode 100644
index 000000000000..444f11877a3f
--- /dev/null
+++ b/src/chrome/content/rules/Avis.com.do.xml
@@ -0,0 +1,13 @@
+<!--
+	For other Avis related rulesets, see Avis.com.xml
+-->
+<ruleset name="Avis.com.do">
+
+	<target host="avis.com.do" />
+	<target host="www.avis.com.do" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Avis.com.ec.xml b/src/chrome/content/rules/Avis.com.ec.xml
new file mode 100644
index 000000000000..f2ad477bd6b3
--- /dev/null
+++ b/src/chrome/content/rules/Avis.com.ec.xml
@@ -0,0 +1,31 @@
+<!--
+	For other Avis related rulesets, see Avis.com.xml
+
+
+	Non-functional subdomains:
+		- www		(m)
+		- apps		(m)
+		- portalflota		(m)
+		- test		(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Avis.com.ec">
+
+	<target host="avis.com.ec" />
+	<target host="www.avis.com.ec" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://www\.avis\.com\.ec/"
+		to="https://avis.com.ec/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Avis.com.hk.xml b/src/chrome/content/rules/Avis.com.hk.xml
new file mode 100644
index 000000000000..695eeea935c8
--- /dev/null
+++ b/src/chrome/content/rules/Avis.com.hk.xml
@@ -0,0 +1,13 @@
+<!--
+	For other Avis related rulesets, see Avis.com.xml
+-->
+<ruleset name="Avis.com.hk">
+
+	<target host="avis.com.hk" />
+	<target host="www.avis.com.hk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Avis.com.hr.xml b/src/chrome/content/rules/Avis.com.hr.xml
new file mode 100644
index 000000000000..a1d993d3ff4a
--- /dev/null
+++ b/src/chrome/content/rules/Avis.com.hr.xml
@@ -0,0 +1,14 @@
+<!--
+	For other Avis related rulesets, see Avis.com.xml
+-->
+<ruleset name="Avis.com.hr">
+
+	<target host="avis.com.hr" />
+	<target host="www.avis.com.hr" />
+	<target host="redesign.avis.com.hr" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Avis.com.jm.xml b/src/chrome/content/rules/Avis.com.jm.xml
new file mode 100644
index 000000000000..083192681bba
--- /dev/null
+++ b/src/chrome/content/rules/Avis.com.jm.xml
@@ -0,0 +1,26 @@
+<!--
+	For other Avis related rulesets, see Avis.com.xml
+
+
+	Non-functional subdomains:
+		- mail		(m)
+		- mail2		(s)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Avis.com.jm">
+
+	<target host="avis.com.jm" />
+	<target host="www.avis.com.jm" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Avis.com.lb.xml b/src/chrome/content/rules/Avis.com.lb.xml
new file mode 100644
index 000000000000..7f1f49b8dc65
--- /dev/null
+++ b/src/chrome/content/rules/Avis.com.lb.xml
@@ -0,0 +1,28 @@
+<!--
+	For other Avis related rulesets, see Avis.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Avis.com.lb">
+
+	<target host="avis.com.lb" />
+	<target host="www.avis.com.lb" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://avis\.com\.lb/"
+		to="https://www.avis.com.lb/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Avis.com.pa.xml b/src/chrome/content/rules/Avis.com.pa.xml
new file mode 100644
index 000000000000..6939be0b148b
--- /dev/null
+++ b/src/chrome/content/rules/Avis.com.pa.xml
@@ -0,0 +1,25 @@
+<!--
+	For other Avis related rulesets, see Avis.com.xml
+
+
+	Non-functional subdomains:
+		- mail		(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Avis.com.pa">
+
+	<target host="avis.com.pa" />
+	<target host="www.avis.com.pa" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Avis.com.ph.xml b/src/chrome/content/rules/Avis.com.ph.xml
new file mode 100644
index 000000000000..ceb2cc893755
--- /dev/null
+++ b/src/chrome/content/rules/Avis.com.ph.xml
@@ -0,0 +1,13 @@
+<!--
+	For other Avis related rulesets, see Avis.com.xml
+-->
+<ruleset name="Avis.com.ph">
+
+	<target host="avis.com.ph" />
+	<target host="www.avis.com.ph" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Avis.com.pt.xml b/src/chrome/content/rules/Avis.com.pt.xml
new file mode 100644
index 000000000000..4a8edb590bdb
--- /dev/null
+++ b/src/chrome/content/rules/Avis.com.pt.xml
@@ -0,0 +1,28 @@
+<!--
+	For other Avis related rulesets, see Avis.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Avis.com.pt">
+
+	<target host="avis.com.pt" />
+	<target host="www.avis.com.pt" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://avis\.com\.pt/"
+		to="https://www.avis.com.pt/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Avis.com.sa.xml b/src/chrome/content/rules/Avis.com.sa.xml
new file mode 100644
index 000000000000..00815ad2a694
--- /dev/null
+++ b/src/chrome/content/rules/Avis.com.sa.xml
@@ -0,0 +1,29 @@
+<!--
+	For other Avis related rulesets, see Avis.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Avis.com.sa">
+
+	<target host="avis.com.sa" />
+	<target host="www.avis.com.sa" />
+	<target host="secure.avis.com.sa" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://avis\.com\.sa/"
+		to="https://www.avis.com.sa/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Avis.com.sg.xml b/src/chrome/content/rules/Avis.com.sg.xml
new file mode 100644
index 000000000000..7d740302f30b
--- /dev/null
+++ b/src/chrome/content/rules/Avis.com.sg.xml
@@ -0,0 +1,26 @@
+<!--
+	For other Avis related rulesets, see Avis.com.xml
+
+
+	Non-functional subdomains:
+		- m		(t)
+		- mail		(i)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Avis.com.sg">
+
+	<target host="avis.com.sg" />
+	<target host="www.avis.com.sg" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Avis.com.tr.xml b/src/chrome/content/rules/Avis.com.tr.xml
new file mode 100644
index 000000000000..8eeeb9dd233a
--- /dev/null
+++ b/src/chrome/content/rules/Avis.com.tr.xml
@@ -0,0 +1,31 @@
+<!--
+	For other Avis related rulesets, see Avis.com.xml
+
+
+	Non-functional subdomains:
+		- www.m		(m)
+		- www.mobile	(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Avis.com.tr">
+
+	<target host="avis.com.tr" />
+	<target host="www.avis.com.tr" />
+	<target host="beta.avis.com.tr" />
+	<target host="kiosk.avis.com.tr" />
+	<target host="m.avis.com.tr" />
+	<target host="mobile.avis.com.tr" />
+	<target host="soforlukiralama.avis.com.tr" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Avis.com.ua.xml b/src/chrome/content/rules/Avis.com.ua.xml
new file mode 100644
index 000000000000..a37bfa60a7cc
--- /dev/null
+++ b/src/chrome/content/rules/Avis.com.ua.xml
@@ -0,0 +1,29 @@
+<!--
+	For other Avis related rulesets, see Avis.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Avis.com.ua">
+
+	<target host="avis.com.ua" />
+	<target host="www.avis.com.ua" />
+	<target host="secure.avis.com.ua" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://avis\.com\.ua/"
+		to="https://www.avis.com.ua/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Avis.com.xml b/src/chrome/content/rules/Avis.com.xml
index de6bba14f24c..0454e445a305 100644
--- a/src/chrome/content/rules/Avis.com.xml
+++ b/src/chrome/content/rules/Avis.com.xml
@@ -1,26 +1,92 @@
+
 <!--
-	Other Avis rulesets:
+The following targets have been disabled at 2020-04-17 18:38:06:
 
-		- Avisservices.com.xml
+Fetch error: http://drive.avis.com/ => https://drive.avis.com/: (51, "SSL: no alternative certificate subject name matches target host name 'drive.avis.com'")
 
+	Other related rulesets:
+		- Avis-Japan.com.xml
+		- Avis-sxm.com.xml
+		- Avis-Tahiti.com.xml
+		- Avis-Taiwan.com.xml
+		- Avis.at.xml
+		- Avis.be.xml
+		- Avis.ca.xml
+		- Avis.ch.xml
+		- Avis.cl.xml
+		- Avis.co.il.xml
+		- Avis.co.nz.xml
+		- Avis.co.uk.xml
+		- Avis.co.za.xml
+		- Avis.com.ar.xml
+		- Avis.com.au.xml
+		- Avis.com.co.xml
+		- Avis.com.do.xml
+		- Avis.com.ec.xml
+		- Avis.com.hk.xml
+		- Avis.com.hr.xml
+		- Avis.com.jm.xml
+		- Avis.com.lb.xml
+		- Avis.com.pa.xml
+		- Avis.com.ph.xml
+		- Avis.com.pt.xml
+		- Avis.com.sa.xml
+		- Avis.com.sg.xml
+		- Avis.com.tr.xml
+		- Avis.com.ua.xml
+		- Avis.de.xml
+		- Avis.dk.xml
+		- Avis.es.xml
+		- Avis.fi.xml
+		- Avis.fr.xml
+		- Avis.ie.xml
+		- Avis.ma.xml
+		- Avis.nl.xml
+		- Avis.no.xml
+		- Avis.pl.xml
+		- Avis.se.xml
+		- Avis.tc.xml
+		- Avisautonoleggio.it.xml
+		- Avissuriname.com.xml
 
-	Observed cookie subdomains:
 
-		- .
-		- www
-		- .www
+	Non-functional subdomains:
+		- afo	(m)
+		- atlanta	(m)
+		- dallas	(m)
+		- detroit	(m)
+		- ft-lauderdale	(m)
+		- houston	(m)
+		- locations	(m)
+		- miami	(m)
+		- mobile	(m)
+		- www.mobile	(m)
+		- new-york	(m)
+		- philadelphia	(m)
+		- phoenix	(m)
+		- redirect	(m)
+		- san-francisco	(m)
 
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
 -->
 <ruleset name="Avis.com">
 
 	<target host="avis.com" />
-	<target host="*.avis.com" />
-
-
-	<securecookie host=".*\.avis\.com$" name=".+" />
-
+	<target host="www.avis.com" />
+	<!-- target host="drive.avis.com" /-->
+	<target host="click.e.avis.com" />
+	<target host="uat.avis.com" />
+	<target host="wizardgui.avis.com" />
+	<target host="wizardgui-x.avis.com" />
 
-	<rule from="^http://(www\.)?avis\.com/"
-		to="https://$1avis.com/" />
+	<securecookie host=".+" name=".+" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Avis.de.xml b/src/chrome/content/rules/Avis.de.xml
new file mode 100644
index 000000000000..1d5502e467bc
--- /dev/null
+++ b/src/chrome/content/rules/Avis.de.xml
@@ -0,0 +1,34 @@
+<!--
+	For other Avis related rulesets, see Avis.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(m)
+		- lufthansapartnerplus		(i)
+		- www.miles-and-more		(i)
+		- (www.)touristikpartner		(i)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Avis.de">
+
+	<target host="avis.de" />
+	<target host="www.avis.de" />
+	<target host="blog.avis.de" />
+	<target host="mirror.avis.de" />
+	<target host="secure.avis.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://avis\.de/"
+		to="https://www.avis.de/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Avis.dk.xml b/src/chrome/content/rules/Avis.dk.xml
new file mode 100644
index 000000000000..e07b3aa07514
--- /dev/null
+++ b/src/chrome/content/rules/Avis.dk.xml
@@ -0,0 +1,30 @@
+<!--
+	For other Avis related rulesets, see Avis.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(m)
+		- m		(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Avis.dk">
+
+	<target host="avis.dk" />
+	<target host="www.avis.dk" />
+	<target host="secure.avis.dk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://avis\.dk/"
+		to="https://www.avis.dk/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Avis.es.xml b/src/chrome/content/rules/Avis.es.xml
new file mode 100644
index 000000000000..8714e85ab3de
--- /dev/null
+++ b/src/chrome/content/rules/Avis.es.xml
@@ -0,0 +1,31 @@
+<!--
+	For other Avis related rulesets, see Avis.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(m)
+		- mirror	(r)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Avis.es">
+
+	<target host="avis.es" />
+	<target host="www.avis.es" />
+	<target host="reporting.avis.es" />
+	<target host="secure.avis.es" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://avis\.es/"
+		to="https://www.avis.es/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Avis.fi.xml b/src/chrome/content/rules/Avis.fi.xml
new file mode 100644
index 000000000000..bd619082e070
--- /dev/null
+++ b/src/chrome/content/rules/Avis.fi.xml
@@ -0,0 +1,29 @@
+<!--
+	For other Avis related rulesets, see Avis.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Avis.fi">
+
+	<target host="avis.fi" />
+	<target host="www.avis.fi" />
+	<target host="secure.avis.fi" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://avis\.fi/"
+		to="https://www.avis.fi/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Avis.fr.xml b/src/chrome/content/rules/Avis.fr.xml
new file mode 100644
index 000000000000..89cc0f7fcfb6
--- /dev/null
+++ b/src/chrome/content/rules/Avis.fr.xml
@@ -0,0 +1,32 @@
+<!--
+	For other Avis related rulesets, see Avis.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(m)
+		- pubs		(m)
+		- secure	(HTTP 403 error)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Avis.fr">
+
+	<target host="avis.fr" />
+	<target host="www.avis.fr" />
+	<target host="mirror.avis.fr" />
+	<target host="reporting.avis.fr" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://avis\.fr/"
+		to="https://www.avis.fr/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Avis.ie.xml b/src/chrome/content/rules/Avis.ie.xml
new file mode 100644
index 000000000000..9539c40dcd93
--- /dev/null
+++ b/src/chrome/content/rules/Avis.ie.xml
@@ -0,0 +1,14 @@
+<!--
+	For other Avis related rulesets, see Avis.com.xml
+-->
+<ruleset name="Avis.ie">
+
+	<target host="avis.ie" />
+	<target host="www.avis.ie" />
+	<target host="reporting.avis.ie" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Avis.ma.xml b/src/chrome/content/rules/Avis.ma.xml
new file mode 100644
index 000000000000..a886f67d54a2
--- /dev/null
+++ b/src/chrome/content/rules/Avis.ma.xml
@@ -0,0 +1,29 @@
+<!--
+	For other Avis related rulesets, see Avis.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Avis.ma">
+
+	<target host="avis.ma" />
+	<target host="www.avis.ma" />
+	<target host="secure.avis.ma" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://avis\.ma/"
+		to="https://www.avis.ma/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Avis.nl.xml b/src/chrome/content/rules/Avis.nl.xml
new file mode 100644
index 000000000000..0d544a5ba471
--- /dev/null
+++ b/src/chrome/content/rules/Avis.nl.xml
@@ -0,0 +1,30 @@
+<!--
+	For other Avis related rulesets, see Avis.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Avis.nl">
+
+	<target host="avis.nl" />
+	<target host="www.avis.nl" />
+	<target host="mirror.avis.nl" />
+	<target host="secure.avis.nl" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://avis\.nl/"
+		to="https://www.avis.nl/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Avis.no.xml b/src/chrome/content/rules/Avis.no.xml
new file mode 100644
index 000000000000..4cb72488de98
--- /dev/null
+++ b/src/chrome/content/rules/Avis.no.xml
@@ -0,0 +1,30 @@
+<!--
+	For other Avis related rulesets, see Avis.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(m)
+		- m			(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Avis.no">
+
+	<target host="avis.no" />
+	<target host="www.avis.no" />
+	<target host="secure.avis.no" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://avis\.no/"
+		to="https://www.avis.no/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Avis.pl.xml b/src/chrome/content/rules/Avis.pl.xml
new file mode 100644
index 000000000000..b84895c8789c
--- /dev/null
+++ b/src/chrome/content/rules/Avis.pl.xml
@@ -0,0 +1,31 @@
+<!--
+	For other Avis related rulesets, see Avis.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(m)
+		- m			(t)
+		- www.miles-and-more		(i)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Avis.pl">
+
+	<target host="avis.pl" />
+	<target host="www.avis.pl" />
+	<target host="secure.avis.pl" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://avis\.pl/"
+		to="https://www.avis.pl/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Avis.se.xml b/src/chrome/content/rules/Avis.se.xml
new file mode 100644
index 000000000000..6b579c03a4d3
--- /dev/null
+++ b/src/chrome/content/rules/Avis.se.xml
@@ -0,0 +1,30 @@
+<!--
+	For other Avis related rulesets, see Avis.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(m)
+		- m		(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Avis.se">
+
+	<target host="avis.se" />
+	<target host="www.avis.se" />
+	<target host="secure.avis.se" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://avis\.se/"
+		to="https://www.avis.se/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Avis.tc.xml b/src/chrome/content/rules/Avis.tc.xml
new file mode 100644
index 000000000000..f03b79d6d66b
--- /dev/null
+++ b/src/chrome/content/rules/Avis.tc.xml
@@ -0,0 +1,15 @@
+<!--
+	For other Avis related rulesets, see Avis.com.xml
+
+	Host has wildcard DNS.
+-->
+<ruleset name="Avis.tc">
+
+	<target host="avis.tc" />
+	<target host="www.avis.tc" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Avisautonoleggio.it.xml b/src/chrome/content/rules/Avisautonoleggio.it.xml
new file mode 100644
index 000000000000..1286f1602759
--- /dev/null
+++ b/src/chrome/content/rules/Avisautonoleggio.it.xml
@@ -0,0 +1,30 @@
+<!--
+	For other Avis related rulesets, see Avis.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(m)
+		- reporting		(HTTP 404 error)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Avisautonoleggio.it">
+
+	<target host="avisautonoleggio.it" />
+	<target host="www.avisautonoleggio.it" />
+	<target host="secure.avisautonoleggio.it" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://avisautonoleggio\.it/"
+		to="https://www.avisautonoleggio.it/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Avisservices.com.xml b/src/chrome/content/rules/Avisservices.com.xml
deleted file mode 100644
index fba745b9d2ba..000000000000
--- a/src/chrome/content/rules/Avisservices.com.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	For other Avis coverage, see Avis.com.xml.
-
--->
-<ruleset name="Avisservices.com">
-
-	<target host="*.avisservices.com" />
-
-
-	<securecookie host="^(?:\.?snap)?\.avisservices\.com$" name=".+" />
-
-
-	<rule from="^http://snap\.avisservices\.com/"
-		to="https://snap.avisservices.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Avissuriname.com.xml b/src/chrome/content/rules/Avissuriname.com.xml
new file mode 100644
index 000000000000..dd39b84a9f3d
--- /dev/null
+++ b/src/chrome/content/rules/Avissuriname.com.xml
@@ -0,0 +1,13 @@
+<!--
+	For other Avis related rulesets, see Avis.com.xml
+-->
+<ruleset name="Avissuriname.com">
+
+	<target host="avissuriname.com" />
+	<target host="www.avissuriname.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Avm.de.xml b/src/chrome/content/rules/Avm.de.xml
new file mode 100644
index 000000000000..215dee8218b7
--- /dev/null
+++ b/src/chrome/content/rules/Avm.de.xml
@@ -0,0 +1,89 @@
+<!--
+	Connection failed:
+		boxplugin.avm.de
+		ci.hulk.avm.de
+		labor.avm.de
+		mail.avm.de
+		ns[1|2].avm.de
+		update.avm.de
+		webgw.avm.de
+		wizzard.avm.de
+
+	Content mismatch:
+		blog.avm.de
+
+	Invalid certificate:
+		cmrelay.avm.de
+		shop.avm.de
+
+	Redirect loop:
+		benl.avm.de
+		ww.avm.de
+		wwww.avm.de
+
+	Timeout:
+		argo.avm.de
+		(\d+\.)?jws.avm.de
+
+	Unbale to get local issuer certificate:
+		assets.avm.de
+		scope.avm.de
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- partner.avm.de
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+-->
+<ruleset name="AVM.de">
+
+	<target host="avm.de"/>
+	<target host="www.avm.de"/>
+	<target host="at.avm.de"/>
+	<target host="be.avm.de"/>
+	<target host="bingo.avm.de" />
+	<target host="ch.avm.de"/>
+	<target host="clickonce.avm.de" />
+	<target host="download.avm.de"/>
+	<target host="en.avm.de"/>
+	<target host="es.avm.de" />
+	<target host="fritzbox-finder.avm.de" />
+	<target host="ftp.avm.de"/>
+	<target host="help.avm.de" />
+	<target host="it.avm.de"/>
+	<target host="jobs.avm.de"/>
+	<target host="lu.avm.de"/>
+	<target host="myfritz-beta.avm.de" />
+	<target host="news.avm.de" />
+	<target host="at.news.avm.de" />
+	<target host="be-fr.news.avm.de" />
+	<target host="ch.news.avm.de" />
+	<target host="ch-fr.news.avm.de" />
+	<target host="en.news.avm.de" />
+	<target host="es.news.avm.de" />
+	<target host="it.news.avm.de" />
+	<target host="lu.news.avm.de" />
+	<target host="lu-fr.news.avm.de" />
+	<target host="nl.news.avm.de" />
+	<target host="partner.news.avm.de" />
+	<target host="pl.news.avm.de" />
+	<target host="nl.avm.de"/>
+	<target host="partner.avm.de"/>
+	<target host="piwik.avm.de"/>
+	<target host="pl.avm.de"/>
+	<target host="service.avm.de"/>
+	<target host="support.avm.de" />
+	<target host="training.avm.de" />
+	<target host="tv.avm.de" />
+	<target host="xmas.avm.de" />
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^partner\.avm\.de$" name="^_web\d+_session$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Avogadr.io.xml b/src/chrome/content/rules/Avogadr.io.xml
new file mode 100644
index 000000000000..7ee0bfc537cd
--- /dev/null
+++ b/src/chrome/content/rules/Avogadr.io.xml
@@ -0,0 +1,8 @@
+<ruleset name="Avogadr.io">
+	<target host="avogadr.io" />
+	<target host="www.avogadr.io" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AvonandSomersetConstabulary.xml b/src/chrome/content/rules/AvonandSomersetConstabulary.xml
new file mode 100644
index 000000000000..79c40cc6ffa6
--- /dev/null
+++ b/src/chrome/content/rules/AvonandSomersetConstabulary.xml
@@ -0,0 +1,6 @@
+<ruleset name="Avon and Somerset Constabulary">
+	<target host="avonandsomerset.police.uk" />
+	<target host="www.avonandsomerset.police.uk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Avonmaquiagem.com.br.xml b/src/chrome/content/rules/Avonmaquiagem.com.br.xml
index be2ad7dc56f3..67f92980e11a 100644
--- a/src/chrome/content/rules/Avonmaquiagem.com.br.xml
+++ b/src/chrome/content/rules/Avonmaquiagem.com.br.xml
@@ -1,13 +1,21 @@
-<ruleset name="avonmaquiagem.com.br">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://avonmaquiagem.com.br/ => https://avonmaquiagem.com.br/: (6, 'Could not resolve host: avonmaquiagem.com.br')
+Fetch error: http://static5.avonmaquiagem.com.br/ => https://static5.avonmaquiagem.com.br/: (6, 'Could not resolve host: static5.avonmaquiagem.com.br')
+Fetch error: http://www.avonmaquiagem.com.br/ => https://www.avonmaquiagem.com.br/: (28, 'Connection timed out after 20005 milliseconds')
+
+-->
+<ruleset name="avonmaquiagem.com.br" default_off="failed ruleset test">
 
 	<target host="avonmaquiagem.com.br" />
-	<target host="*.avonmaquiagem.com.br" />
+	<target host="static5.avonmaquiagem.com.br" />
+	<target host="www.avonmaquiagem.com.br" />
 
 
 	<securecookie host="^(?:w*\.)?avonmaquiagem\.com\.br$" name=".+" />
 
 
-	<rule from="^http://(static5\.|www\.)?avonmaquiagem\.com\.br/"
-		to="https://$1avonmaquiagem.com.br/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Avropa.se.xml b/src/chrome/content/rules/Avropa.se.xml
index bb6a04919085..e267e86605a2 100644
--- a/src/chrome/content/rules/Avropa.se.xml
+++ b/src/chrome/content/rules/Avropa.se.xml
@@ -1,7 +1,6 @@
 <ruleset name="Avropa.se">
-  <target host="www.avropa.se" />
-  <target host="avropa.se" />
-  <rule from="^http://www\.avropa\.se/" to="https://www.avropa.se/"/>
-  <rule from="^http://avropa\.se/" to="https://avropa.se/"/>
-</ruleset>
+	<target host="avropa.se" />
+	<target host="www.avropa.se" />
 
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Avue_Central.xml b/src/chrome/content/rules/Avue_Central.xml
index 99d63a64a7b0..8e86b70d7596 100644
--- a/src/chrome/content/rules/Avue_Central.xml
+++ b/src/chrome/content/rules/Avue_Central.xml
@@ -10,7 +10,6 @@
 	<target host="www.avuecentral.com" />
 
 
-	<rule from="^https?://(?:www\.)?avuecentral\.com/"
-		to="https://www.avuecentral.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Avue_Digital_Services.xml b/src/chrome/content/rules/Avue_Digital_Services.xml
index dd08e4dbb3ba..2e3126283939 100644
--- a/src/chrome/content/rules/Avue_Digital_Services.xml
+++ b/src/chrome/content/rules/Avue_Digital_Services.xml
@@ -10,7 +10,7 @@
 	<target host="www.avuedigitalservices.com" />
 
 
-	<rule from="^https?://(?:www\.)?avuedigitalservices\.com/"
+	<rule from="^http://(?:www\.)?avuedigitalservices\.com/"
 		to="https://www.avuedigitalservices.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Avv.de.xml b/src/chrome/content/rules/Avv.de.xml
new file mode 100644
index 000000000000..e06374b484db
--- /dev/null
+++ b/src/chrome/content/rules/Avv.de.xml
@@ -0,0 +1,27 @@
+<!--
+	Nonfunctional hosts in *.avv.de:
+		- fahrplan.avv.de (mixed content)
+		- m.avv.de (m)
+		- netzplan.avv.de (m)
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Avv.de">
+	<target host="avv.de" />
+	<target host="www.avv.de" />
+	<target host="backup.avv.de" />
+	<target host="blog.avv.de" />
+	<target host="dev.avv.de" />
+	<target host="download.avv.de" />
+		<test url="http://download.avv.de/Sonstiges/onlinebestellungagb.pdf" />
+	<target host="newsroom.avv.de" />
+	<target host="next.avv.de" />
+	<target host="opendata.avv.de" />
+	<target host="sdnet.avv.de" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Awe.sm.xml b/src/chrome/content/rules/Awe.sm.xml
new file mode 100644
index 000000000000..6d1b6334b6a8
--- /dev/null
+++ b/src/chrome/content/rules/Awe.sm.xml
@@ -0,0 +1,69 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://awe.sm/ => https://awe.sm/: (51, "SSL: no alternative certificate subject name matches target host name 'awe.sm'")
+Fetch error: http://blog.awe.sm/ => https://blog.awe.sm/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://so.awe.sm/ => https://so.awe.sm/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://totally.awe.sm/ => https://totally.awe.sm/: (28, 'Connection timed out after 20008 milliseconds')
+Fetch error: http://www.awe.sm/ => https://www.awe.sm/: (51, "SSL: no alternative certificate subject name matches target host name 'www.awe.sm'")
+Fetch error: http://widgets.awe.sm/ => https://totally.awe.sm/: (28, 'Connection timed out after 20000 milliseconds')
+
+	For other Unified Social coverage, see Unified_Social.com.xml.
+
+
+	Nonfunctional subdomains:
+
+		- developers ¹
+		- support ²
+
+	¹ Refused
+	² Desk.com
+
+
+	Fully covered subdomains:
+
+		- (www.)?
+		- blog
+		- so
+		- totally
+		- widgets
+
+
+	Insecure cookies are set for these domains:
+
+		- .awe.sm
+
+-->
+<ruleset name="awe.sm (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="awe.sm" />
+	<target host="blog.awe.sm" />
+	<!--target host="developers.awe.sm" /-->
+	<target host="so.awe.sm" />
+	<!--target host="support.awe.sm" /-->
+	<target host="totally.awe.sm" />
+	<target host="www.awe.sm" />
+
+	<!--	Complications:
+				-->
+	<target host="widgets.awe.sm" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.awe\.sm$" name="^snowball$" /-->
+
+	<securecookie host="^\.awe\.sm$" name=".+" />
+
+
+	<!--	$ redirects to http:
+					-->
+	<rule from="^http://widgets\.awe\.sm/$"
+		to="https://totally.awe.sm/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Awesome-it.de.xml b/src/chrome/content/rules/Awesome-it.de.xml
new file mode 100644
index 000000000000..01937422bbd8
--- /dev/null
+++ b/src/chrome/content/rules/Awesome-it.de.xml
@@ -0,0 +1,22 @@
+<!--
+	Fully covered hosts in *awesome-it.de:
+
+		- (www.)?
+		- gitlab
+		- wiki
+
+-->
+<ruleset name="awesome-it.de">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="awesome-it.de" />
+	<target host="gitlab.awesome-it.de" />
+	<target host="wiki.awesome-it.de" />
+	<target host="www.awesome-it.de" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AwesomeJar.xml b/src/chrome/content/rules/AwesomeJar.xml
index edede4605d94..c870f960acd5 100644
--- a/src/chrome/content/rules/AwesomeJar.xml
+++ b/src/chrome/content/rules/AwesomeJar.xml
@@ -3,7 +3,6 @@
 	<target host="awesomejar.com" />
 	<target host="www.awesomejar.com" />
 
-	<rule from="^http://(www\.)?awesomejar\.com/"
-		to="https://awesomejar.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/AwesomeStuffToBuy.com.xml b/src/chrome/content/rules/AwesomeStuffToBuy.com.xml
new file mode 100644
index 000000000000..373e8f617993
--- /dev/null
+++ b/src/chrome/content/rules/AwesomeStuffToBuy.com.xml
@@ -0,0 +1,11 @@
+<ruleset name="AwesomeStuffToBuy.com">
+	<target host="awesomestufftobuy.com" />
+	<target host="www.awesomestufftobuy.com" />
+	<target host="assets.awesomestufftobuy.com" />
+	<target host="nitro.awesomestufftobuy.com" />
+	<target host="nitro1.awesomestufftobuy.com" />
+	<target host="nitro2.awesomestufftobuy.com" />
+	<target host="quick.awesomestufftobuy.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Awio-Web-Services-mismatches.xml b/src/chrome/content/rules/Awio-Web-Services-mismatches.xml
index 63b14bde4713..4b24b26087d8 100644
--- a/src/chrome/content/rules/Awio-Web-Services-mismatches.xml
+++ b/src/chrome/content/rules/Awio-Web-Services-mismatches.xml
@@ -1,10 +1,10 @@
-<ruleset name="Awio Web Services (mismatches)" default_off="mismatch">
+<ruleset name="Awio Web Services (mismatches)" default_off="mismatched">
 
 	<!--	app.dialshield.com	-->
 	<target host="dialshield.com"/>
 	<target host="www.dialshield.com"/>
 
-	<securecookie host="^(.*\.)?dialshield\.com$" name=".*"/>
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http://(?:www\.)?dialshield\.com/"
 		to="https://www.dialshield.com/"/>
diff --git a/src/chrome/content/rules/Awio-Web-Services.xml b/src/chrome/content/rules/Awio-Web-Services.xml
index 5a262758bab2..20ff96b3ca6c 100644
--- a/src/chrome/content/rules/Awio-Web-Services.xml
+++ b/src/chrome/content/rules/Awio-Web-Services.xml
@@ -1,4 +1,11 @@
-<!--	Problematic domain handled in Awio-Web-Services-mismatches.xml
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://app.dialshield.com/ => https://app.dialshield.com/: (6, 'Could not resolve host: app.dialshield.com')
+Fetch error: http://w3roi.com/ => https://w3roi.com/: (6, 'Could not resolve host: w3roi.com')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://app.dialshield.com/ => https://app.dialshield.com/: (51, "SSL: no alternative certificate subject name matches target host name 'app.dialshield.com'")	Problematic domain handled in Awio-Web-Services-mismatches.xml
 
 
 	Other Awio Web Services rulesets:
@@ -7,24 +14,21 @@
 		- Improvely.com.xml
 
 -->
-<ruleset name="Awio Web Services (partial)">
+<ruleset name="Awio Web Services (partial)" default_off="failed ruleset test">
 
 	<target host="app.dialshield.com"/>
 	<target host="visitorboost.com"/>
-	<target host="*.visitorboost.com"/>
+	<target host="www.visitorboost.com" />
 	<target host="w3roi.com"/>
-	<target host="*.w3roi.com"/>
+	<target host="www.w3roi.com" />
 
-	<securecookie host="^app\.dialshield\.com$" name=".*"/>
-	<securecookie host="^(.*\.)?(visitorboost|w3roi)\.com$" name=".*"/>
+	<securecookie host="^app\.dialshield\.com$" name=".+" />
+	<securecookie host="^(?:.*\.)?(?:visitorboost|w3roi)\.com$" name=".+" />
 
-	<rule from="^http://app\.dialshield\.com/"
-		to="https://app.dialshield.com/"/>
 
 	<rule from="^http://(?:www\.)?visitorboost\.com/"
 		to="https://www.visitorboost.com/"/>
 
-	<rule from="^http://(www\.)?w3roi\.com/"
-		to="https://$1w3roi.com/"/>
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/AwkwardZombie.com.xml b/src/chrome/content/rules/AwkwardZombie.com.xml
new file mode 100644
index 000000000000..d9fe0312c68b
--- /dev/null
+++ b/src/chrome/content/rules/AwkwardZombie.com.xml
@@ -0,0 +1,16 @@
+<!--
+	Mismatched:
+		- ftp
+
+	Redirects to NXDOMAIN:
+		- mail
+-->
+<ruleset name="AwkwardZombie.com">
+	<target host="awkwardzombie.com" />
+	<target host="www.awkwardzombie.com" />
+	<target host="cpanel.awkwardzombie.com" />
+	<target host="webdisk.awkwardzombie.com" />
+	<target host="webmail.awkwardzombie.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Awxcnx.xml b/src/chrome/content/rules/Awxcnx.xml
index c495ea0e9e6f..8e339f26bd49 100644
--- a/src/chrome/content/rules/Awxcnx.xml
+++ b/src/chrome/content/rules/Awxcnx.xml
@@ -1,10 +1,14 @@
-<ruleset name="awxcnx">
+<!--
+	Shows default Parallels page, CN: Parallels Panel
+
+-->
+<ruleset name="awxcnx.de" default_off="broken">
 
 	<target host="awxcnx.de" />
 	<target host="www.awxcnx.de" />
 
 
-	<rule from="^http://(www\.)?awxcnx\.de/"
-		to="https://$1awxcnx.de/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Axamba.xml b/src/chrome/content/rules/Axamba.xml
index ffc372340d4a..1d5f53955da4 100644
--- a/src/chrome/content/rules/Axamba.xml
+++ b/src/chrome/content/rules/Axamba.xml
@@ -1,10 +1,17 @@
-<ruleset name="Axamba (partial)">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://my.webtapestry.net/ => https://my.webtapestry.net/: (28, 'Connection timed out after 20001 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://my.webtapestry.net/ => https://my.webtapestry.net/: (28, 'Connection timed out after 10000 milliseconds')
+-->
+<ruleset name="Axamba (partial)" default_off="failed ruleset test">
 
 	<target host="my.webtapestry.net"/>
 
-	<securecookie host="^my\.webtapestry\.net$" name=".*"/>
+	<securecookie host="^my\.webtapestry\.net$" name=".+" />
 
-	<rule from="^http://my\.webtapestry\.net/"
-		to="https://my.webtapestry.net/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Axantum.com.xml b/src/chrome/content/rules/Axantum.com.xml
new file mode 100644
index 000000000000..b2a73ae9d9e5
--- /dev/null
+++ b/src/chrome/content/rules/Axantum.com.xml
@@ -0,0 +1,22 @@
+<!--
+	^: refused
+
+-->
+<ruleset name="Axantum.com (partial)">
+
+	<target host="axantum.com" />
+	<target host="www.axantum.com" />
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="http://www\.axantum\.com/((AxCrypt/Downloads|Default)\.(aspx|html)|Xecrets/(Unregister|Subscribe|default)\.aspx)" /-->
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="http://www\.axantum\.com/(?!Xecrets/(LogOn|LoggedOff)\.aspx|favicon\.ico)" /-->
+
+
+	<rule from="^http://(?:www\.)?axantum\.com/(?=Xecrets/Log(On|gedOff)\.aspx|favicon\.ico)"
+		to="https://www.axantum.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Axboe.xml b/src/chrome/content/rules/Axboe.xml
index 55e8705fefc4..db1a932a719d 100644
--- a/src/chrome/content/rules/Axboe.xml
+++ b/src/chrome/content/rules/Axboe.xml
@@ -1,18 +1,23 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://webmail.axboe.dk/ => https://webmail.axboe.dk/: (6, 'Could not resolve host: webmail.axboe.dk')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://webmail.axboe.dk/ => https://webmail.axboe.dk/: (60, 'SSL certificate problem: certificate has expired')
 	Nonfunctional:
 
 		(www.)	(cert valid for !www; shows webmail)
 
 -->
-<ruleset name="Axboe (partial)">
+<ruleset name="Axboe (partial)" default_off="failed ruleset test">
 
 	<target host="webmail.axboe.dk" />
 
 
-	<securecookie host="^webmail\.axboe\.dk$" name=".*" />
+	<securecookie host="^webmail\.axboe\.dk$" name=".+" />
 
 
-	<rule from="^http://webmail\.axboe\.dk/"
-		to="https://webmail.axboe.dk/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Axel-Springer.xml b/src/chrome/content/rules/Axel-Springer.xml
index 16bb946d76fd..6fd7929466b6 100644
--- a/src/chrome/content/rules/Axel-Springer.xml
+++ b/src/chrome/content/rules/Axel-Springer.xml
@@ -15,7 +15,7 @@
 
 	<target host="aufeminin.com"/>
 	<target host="*.aufeminin.com"/>
-		<exclusion pattern="^http://www\.aufeminin\.com/.+(\.asp$|/)"/>
+		<exclusion pattern="^http://www\.aufeminin\.com/.+(?:\.asp$|/)"/>
 
 
 	<!--	pages redirect to http	-->
diff --git a/src/chrome/content/rules/Axel_Arnbak.nl.xml b/src/chrome/content/rules/Axel_Arnbak.nl.xml
new file mode 100644
index 000000000000..094e71c10925
--- /dev/null
+++ b/src/chrome/content/rules/Axel_Arnbak.nl.xml
@@ -0,0 +1,13 @@
+<!--
+	^axelarnbak.nl doesn't exist.
+
+-->
+<ruleset name="Axel Arnbak.nl">
+
+	<target host="www.axelarnbak.nl" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Axeso5.com.xml b/src/chrome/content/rules/Axeso5.com.xml
new file mode 100644
index 000000000000..6df71c1ac54a
--- /dev/null
+++ b/src/chrome/content/rules/Axeso5.com.xml
@@ -0,0 +1,40 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+		- tkts.axeso5.com
+
+		Incomplete certificate chain error:
+		- cdn.axeso5.com
+		- imagenes.axeso5.com
+
+		4xx client error:
+		- mbws.axeso5.com
+		- res.axeso5.com
+
+		5xx server error:
+		- oauth2.axeso5.com
+
+		Mixed content blocking (MCB) triggered:
+		- audition.axeso5.com
+		- foro.axeso5.com
+		- runescape.axeso5.com
+-->
+<ruleset name="Axeso5.com (partial)">
+	<target host="axeso5.com" />
+	<target host="www.axeso5.com" />
+	<target host="aceonline.axeso5.com" />
+	<target host="axesofest.axeso5.com" />
+	<target host="billing.axeso5.com" />
+	<target host="brickforce.axeso5.com" />
+	<target host="dirtybomb.axeso5.com" />
+	<target host="karos-rosh.axeso5.com" />
+	<target host="minimundos.axeso5.com" />
+	<target host="operation7.axeso5.com" />
+	<target host="suddenattack.axeso5.com" />
+	<target host="wia.axeso5.com" />
+	<target host="zmr.axeso5.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Axios.com.xml b/src/chrome/content/rules/Axios.com.xml
new file mode 100644
index 000000000000..dfcc06865417
--- /dev/null
+++ b/src/chrome/content/rules/Axios.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Nonfunctional hosts in *.axios.com:
+
+	ads.axios.com t
+	link.axios.com m
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Axios">
+	<target host="axios.com" />
+	<target host="www.axios.com" />
+	<target host="editor.axios.com" />
+	<target host="eventsdata.axios.com" />
+	<target host="graphics.axios.com" />
+	<target host="jira.axios.com" />
+	<target host="static.axios.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AxisBank.co.in.xml b/src/chrome/content/rules/AxisBank.co.in.xml
new file mode 100644
index 000000000000..82207855f389
--- /dev/null
+++ b/src/chrome/content/rules/AxisBank.co.in.xml
@@ -0,0 +1,26 @@
+<!--
+	For other Axis Bank related rulesets, see AxisBank.com.xml
+
+	Non-functional hosts
+		SSL error:
+		- scfconnect.axisbank.co.in
+-->
+<ruleset name="AxisBank.co.in (partial)">
+
+	<target host="allpay.axisbank.co.in" />
+	<target host="application.axisbank.co.in" />
+	<target host="corporate.axisbank.co.in" />
+	<target host="cms.axisbank.co.in" />
+	<target host="digital.axisbank.co.in" />
+	<target host="easypay.axisbank.co.in" />
+	<target host="edgerewards.axisbank.co.in" />
+	<target host="payhub.axisbank.co.in" />
+	<target host="retail.axisbank.co.in" />
+	<target host="transit.axisbank.co.in" />
+	<target host="www.axisbank.co.in" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AxisBank.com.xml b/src/chrome/content/rules/AxisBank.com.xml
new file mode 100644
index 000000000000..65fe4528a914
--- /dev/null
+++ b/src/chrome/content/rules/AxisBank.com.xml
@@ -0,0 +1,22 @@
+<!--
+	Other Axis Bank related rulesets:
+	+ AxisBank.co.in.xml
+
+	Non-functional hosts:
+		Expired:
+		- myconnect.axisbank.com
+
+		Weak Encryption:
+		- sftp.axisbank.com
+-->
+<ruleset name="AxisBank.com (partial)">
+
+	<target host="axisbank.com" />
+	<target host="www.axisbank.com" />
+	<target host="branch.axisbank.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Axis_Bank.xml b/src/chrome/content/rules/Axis_Bank.xml
deleted file mode 100644
index e8723d0453e8..000000000000
--- a/src/chrome/content/rules/Axis_Bank.xml
+++ /dev/null
@@ -1,32 +0,0 @@
-<!--
-	Nonfunctional domains:
-
-		- home.axisdirect.co.in		(times out)
-		- hindi.axisbank.com		(shows aps; mismatched, CN: aps.axisbank.com)
-
-
-	Problematic domains:
-
-		- axisbank.com		(cert only matches www)
-
-
-	^axisbank.co.in doesn't exist
-
--->
-<ruleset name="Axis Bank (partial)">
-
-	<target host="www.axisbank.co.in" />
-	<target host="axisbank.com" />
-	<target host="*.axisbank.com" />
-
-
-	<securecookie host="^.+\.axisbank\.co(?:\.in|m)$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?axisbank\.co(\.in|m)/"
-		to="https://www.axisbank.co$1/" />
-
-	<rule from="^http://aps\.axisbank\.com/"
-		to="https://aps.axisbank.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Axonify.com.xml b/src/chrome/content/rules/Axonify.com.xml
new file mode 100644
index 000000000000..1120ba645a7a
--- /dev/null
+++ b/src/chrome/content/rules/Axonify.com.xml
@@ -0,0 +1,66 @@
+<!--
+	Non-functional hosts
+		Timeout was reached:
+			 - demo-capability.axonify.com
+
+		SSL peer certificate was not OK:
+			 - education.axonify.com
+			 - know.axonify.com
+
+		5xx server error:
+			 - qa1.axonify.com
+			 - support.axonify.com
+-->
+<ruleset name="Axonify.com">
+	<target host="axonify.com" />
+	<target host="www.axonify.com" />
+	<target host="altardstate.axonify.com" />
+	<target host="athome.axonify.com" />
+	<target host="bbu.axonify.com" />
+	<target host="biz-group.axonify.com" />
+	<target host="bloomingdales.axonify.com" />
+	<target host="bmw.axonify.com" />
+	<target host="btnet.axonify.com" />
+	<target host="ceridian.axonify.com" />
+	<target host="coca-cola.axonify.com" />
+	<target host="dogfood.axonify.com" />
+	<target host="e-funi.axonify.com" />
+	<target host="ed.axonify.com" />
+	<target host="edenu.axonify.com" />
+	<target host="edwardsu.axonify.com" />
+	<target host="esentire.axonify.com" />
+	<target host="ethicon.axonify.com" />
+	<target host="evolve.axonify.com" />
+	<target host="expert.axonify.com" />
+	<target host="festfoods.axonify.com" />
+	<target host="fgb.axonify.com" />
+	<target host="firstrand.axonify.com" />
+	<target host="foremost.axonify.com" />
+	<target host="fxf.axonify.com" />
+	<target host="geem.axonify.com" />
+	<target host="gnome.axonify.com" />
+	<target host="hpesw.axonify.com" />
+	<target host="kruger.axonify.com" />
+	<target host="leap-leapj.axonify.com" />
+	<target host="lixillearn.axonify.com" />
+	<target host="lyricau.axonify.com" />
+	<target host="mercksafebychoice.axonify.com" />
+	<target host="midco-test.axonify.com" />
+	<target host="mohrretail.axonify.com" />
+	<target host="northgatemarkets.axonify.com" />
+	<target host="pccpartners.axonify.com" />
+	<target host="pjm.axonify.com" />
+	<target host="pointclickcare.axonify.com" />
+	<target host="stubhub.axonify.com" />
+	<target host="tbc.axonify.com" />
+	<target host="theone.axonify.com" />
+	<target host="toyota.axonify.com" />
+	<target host="trainretainsell.axonify.com" />
+	<target host="trubru.axonify.com" />
+	<target host="twe.axonify.com" />
+	<target host="wm.axonify.com" />
+	<target host="wmcc.axonify.com" />
+	<target host="woolworths.axonify.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Axonify.xml b/src/chrome/content/rules/Axonify.xml
deleted file mode 100644
index 934ca79a1eae..000000000000
--- a/src/chrome/content/rules/Axonify.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)
-
--->
-<ruleset name="Axonify (partial)">
-
-	<target host="cdn.axonify.com" />
-
-
-	<rule from="^http://cdn\.axonify\.com/"
-		to="https://cdn.axonify.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Axonix.com.xml b/src/chrome/content/rules/Axonix.com.xml
new file mode 100644
index 000000000000..07200319d034
--- /dev/null
+++ b/src/chrome/content/rules/Axonix.com.xml
@@ -0,0 +1,13 @@
+<!--
+	(www.)?: WP Engine
+
+-->
+<ruleset name="Axonix.com (partial)">
+
+	<target host="developer.axonix.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Axosoft.com.xml b/src/chrome/content/rules/Axosoft.com.xml
index 67cea14591d4..67327acdad16 100644
--- a/src/chrome/content/rules/Axosoft.com.xml
+++ b/src/chrome/content/rules/Axosoft.com.xml
@@ -1,39 +1,48 @@
+
 <!--
-	Other Axosoft rulesets:
+Disabled by https-everywhere-checker because:
+Fetch error: http://iloyal.axosoft.com/ => https://iloyal.axosoft.com/: (6, 'Could not resolve host: iloyal.axosoft.com')
 
+	Other Axosoft rulesets:
 		- Pure_Chat.com.xml
 
-
-	Nonfunctional subdomains:
-
-		- help	(refused)
-
-
-	Partially covered subdomains:
-
-		- (www.)	(some pages redirect to http)
-
-
-	Fully covered subdomains:
-
-		- store
-
-
-	Observed cookie domains:
-
-		- help
-		- www
-
+	Mismatched:
+		- promos.axosoft.com
+		- blog.axosoft.com
 -->
-<ruleset name="Axosoft.com (partial)">
-
+<ruleset name="Axosoft.com" default_off="failed ruleset test">
 	<target host="axosoft.com" />
-	<target host="*.axosoft.com" />
-		<!--exclusion pattern="^http://(www\.)?axosoft\.com/+($|\?|careers($|[?/]))" /-->
-		<exclusion pattern="^http://(?:www\.)?axosoft\.com/+(?!css/|favicon\.ico|font/|img/|js/)" />
-
-
-	<rule from="^http://(store\.|www\.)?axosoft\.com/"
-		to="https://$1axosoft.com/" />
-
+	<target host="www.axosoft.com" />
+	<target host="store.axosoft.com" />
+	<target host="socialconnect.axosoft.com" />
+	<target host="developer.axosoft.com" />
+	<target host="autographicsportal.axosoft.com" />
+	<target host="migrate.axosoft.com" />
+	<target host="cgsinc.axosoft.com" />
+	<target host="eslabon.axosoft.com" />
+	<target host="bmsoft.axosoft.com" />
+	<target host="iloyal.axosoft.com" />
+	<target host="connectiveportal.axosoft.com" />
+	<target host="gudly.axosoft.com" />
+	<target host="cweb.axosoft.com" />
+	<target host="schoolpro.axosoft.com" />
+	<target host="dynabrainsportal.axosoft.com" />
+	<target host="mozaik.axosoft.com" />
+	<target host="atlanticsoft.axosoft.com" />
+	<target host="fischerportal.axosoft.com" />
+	<target host="bernardportal.axosoft.com" />
+	<target host="jumpinformatiqueportal.axosoft.com" />
+	<target host="sysysportal.axosoft.com" />
+	<target host="accelogixportal.axosoft.com" />
+	<target host="roadiq.axosoft.com" />
+	<target host="purechat.axosoft.com" />
+	<target host="sysys.axosoft.com" />
+	<target host="pmisportal.axosoft.com" />
+	<target host="practicesightssupportportal.axosoft.com" />
+	<target host="help.axosoft.com" />
+	<target host="amt-softwareportal.axosoft.com" />
+	<target host="iecisa-ift.axosoft.com" />
+	<target host="smg.axosoft.com" />
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Ay_Yildiz.xml b/src/chrome/content/rules/Ay_Yildiz.xml
index ebfbebe45d7a..fe42db940b95 100644
--- a/src/chrome/content/rules/Ay_Yildiz.xml
+++ b/src/chrome/content/rules/Ay_Yildiz.xml
@@ -14,7 +14,6 @@
 	<securecookie host="^www\.ayyildiz\.de$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?ayyildiz\.de/"
-		to="https://www.ayyildiz.de/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Azahera.net.xml b/src/chrome/content/rules/Azahera.net.xml
new file mode 100644
index 000000000000..49941d84fb78
--- /dev/null
+++ b/src/chrome/content/rules/Azahera.net.xml
@@ -0,0 +1,9 @@
+<ruleset name="Azahera.net">
+	<target host="azahera.net" />
+	<target host="www.azahera.net" />
+	<target host="mail.azahera.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Azcentral.com.xml b/src/chrome/content/rules/Azcentral.com.xml
index dc519e3b32d9..44a8c30cc144 100644
--- a/src/chrome/content/rules/Azcentral.com.xml
+++ b/src/chrome/content/rules/Azcentral.com.xml
@@ -1,4 +1,10 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://azcentral.com/ => https://azcentral.com/: (60, 'SSL certificate problem: certificate has expired')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://azcentral.com/ => https://azcentral.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.azcentral.com'")
 	For other Gannett coverage, see Gannett-Company.xml
 
 
@@ -22,16 +28,18 @@
 		- l		(→ ^)
 
 -->
-<ruleset name="azcentral.com (partial)">
+<ruleset name="azcentral.com (partial)" default_off="failed ruleset test">
 
 	<target host="azcentral.com" />
-	<target host="*.azcentral.com" />
+	<target host="i.azcentral.com" />
+	<target host="l.azcentral.com" />
+	<target host="www.azcentral.com" />
 
 
 	<securecookie host="^\.azcentral\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:[il]\.|(www\.))?azcentral\.com/"
+	<rule from="^http://(?:[il]\.|(www\.))?azcentral\.com/"
 		to="https://$1azcentral.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Azet.sk.xml b/src/chrome/content/rules/Azet.sk.xml
index a0c476ccb8d4..c98a2f260332 100644
--- a/src/chrome/content/rules/Azet.sk.xml
+++ b/src/chrome/content/rules/Azet.sk.xml
@@ -1,18 +1,106 @@
 <!--
-   Azet.sk
+	Refused:
+	- kalendar.azet.sk
+	- adam.azet.sk
+	- horoskopy.azet.sk
+	- mapy.azet.sk
+	- meteo.azet.sk
+	- minihry.azet.sk
+	- referaty.aktuality.sk
+	- zivot.azet.sk
+	- zoznamka.azet.sk
+	- badman.azet.sk
+	- lesk.azet.sk
+
+	Mismatch:
+	- mobilmania.azet.sk
+	- img.aktuality.sk
+	- inzercia.azet.sk
+	- sport.azet.sk
+	- tivi.azet.sk
+	- forum.mobilmania.azet.sk
+
+	Redirect:
+	- www.azet.sk
+	- casprezeny.azet.sk
+	- mdiva.aktuality.sk
+
+	404:
+	- pomoc.azet.sk
+	- pocasie.aktuality.sk
+	- badman.aktuality.sk
+	- mbadman.aktuality.sk
+
+	Mixed Content:
+	- dobruchut.azet.sk
+	- slovnik.azet.sk
+	- onas.azet.sk
+	- najmama.aktuality.sk
+	- videoalbumy.azet.sk
 -->
 <ruleset name="Azet.sk">
-  <target host="prihlasenie.azet.sk"/>
-  <target host="mail.azet.sk"/>
-  <target host="pokec.azet.sk"/>
-  <target host="emailnew.azet.sk"/>
-  <target host="fotoalbumy.azet.sk"/>
-  <target host="registracia.azet.sk"/>
+	<target host="aktuality.sk" />
+	<target host="azet.sk" />
+	<target host="bistro.sk" />
+	<target host="cas.sk" />
+	<target host="www.aktuality.sk" />
+	<target host="www.azet.sk" />
+	<target host="www.bistro.sk" />
+	<target host="www.cas.sk" />
+	<target host="aktualne-temy.aktuality.sk" />
+	<target host="autobild.cas.sk" />
+	<target host="autor.aktuality.sk" />
+	<target host="casprezeny.azet.sk" />
+	<target host="cestovanie.aktuality.sk" />
+	<target host="cestovanie.azet.sk" />
+	<target host="diva.aktuality.sk" />
+	<target host="dobruchut.aktuality.sk" />
+	<target host="dobruchut.azet.sk" />
+	<target host="domace.aktuality.sk" />
+	<target host="dopravny-servis.aktuality.sk" />
+	<target host="ekonomika.aktuality.sk" />
+	<target host="emailnew.azet.sk" />
+	<target host="europa.aktuality.sk" />
+	<target host="eva.cas.sk" />
+	<target host="firma.azet.sk" />
+	<target host="firmavpn.azet.sk" />
+	<target host="fotoalbumy.azet.sk" />
+	<target host="horoskopy.aktuality.sk" />
+	<target host="kalendar.aktuality.sk" />
+	<target host="koktejl.aktuality.sk" />
+	<target host="komunalne-volby.aktuality.sk" />
+	<target host="konto.aktuality.sk" />
+	<target host="komentare.aktuality.sk" />
+	<target host="krimi.aktuality.sk" />
+	<target host="kultura.aktuality.sk" />
+	<target host="kurzy.aktuality.sk" />
+	<target host="lifestyle.aktuality.sk" />
+	<target host="link.azet.sk" />
+	<target host="mail.azet.sk" />
+	<target host="m.azet.sk" />
+	<target host="mpokec.azet.sk" />
+	<target host="ncms.azet.sk" />
+	<target host="noizz.aktuality.sk" />
+	<target host="obchod.aktuality.sk" />
+	<target host="osobnost.aktuality.sk" />
+	<target host="osobnosti.aktuality.sk" />
+	<target host="pocasie.aktuality.sk" />
+	<target host="pokec.azet.sk" />
+	<target host="prihlasenie.azet.sk" />
+	<target host="recepty.aktuality.sk" />
+	<target host="regiony.aktuality.sk" />
+	<target host="registracia.azet.sk" />
+	<target host="rs.azet.sk" />
+	<target host="slovnik.azet.sk" />
+	<target host="spravy.aktuality.sk" />
+	<target host="sport.aktuality.sk" />
+	<target host="tech.aktuality.sk" />
+	<target host="tema.aktuality.sk" />
+	<target host="tivi.cas.sk" />
+	<target host="tv-program.aktuality.sk" />
+	<target host="veda.aktuality.sk" />
+	<target host="zahranicne.aktuality.sk" />
+	<target host="zdravie.aktuality.sk" />
 
-  <rule from="^http://prihlasenie\.azet\.sk/" to="https://prihlasenie.azet.sk/"/>
-  <rule from="^http://mail\.azet\.sk/" to="https://mail.azet.sk/"/>
-  <rule from="^http://pokec\.azet\.sk/" to="https://pokec.azet.sk/"/>
-  <rule from="^http://emailnew\.azet\.sk/" to="https://emailnew.azet.sk/"/>
-  <rule from="^http://fotoalbumy\.azet\.sk/" to="https://fotoalbumy.azet.sk/"/>
-  <rule from="^http://registracia\.azet\.sk/" to="https://registracia.azet.sk/"/>
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Azingsport.se.xml b/src/chrome/content/rules/Azingsport.se.xml
deleted file mode 100644
index 4d4d859efa45..000000000000
--- a/src/chrome/content/rules/Azingsport.se.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="Azingsport.se">
-  <target host="www.azingsport.se" />
-  <target host="azingsport.se" />
-  <rule from="^http://www\.azingsport\.se/" to="https://www.azingsport.se/"/>
-  <rule from="^http://azingsport\.se/" to="https://azingsport.se/"/>
-</ruleset>
-
diff --git a/src/chrome/content/rules/Azure.com.xml b/src/chrome/content/rules/Azure.com.xml
new file mode 100644
index 000000000000..759a0f3de4ae
--- /dev/null
+++ b/src/chrome/content/rules/Azure.com.xml
@@ -0,0 +1,22 @@
+<!--
+	For other Microsoft coverage, see Microsoft.xml.
+
+
+	Problematic hosts in *azure.com:
+
+		- status *
+
+	* Mismatched
+
+-->
+<ruleset name="Azure.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="portal.azure.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Azure_websites.net.xml b/src/chrome/content/rules/Azure_websites.net.xml
new file mode 100644
index 000000000000..43191c80b988
--- /dev/null
+++ b/src/chrome/content/rules/Azure_websites.net.xml
@@ -0,0 +1,34 @@
+<!--
+	For other Microsoft coverage, see Microsoft.xml.
+
+
+	Insecure cookies are set for these domains:
+
+		- .oauthplay.azurewebsites.net
+
+
+	Mixed content:
+
+		- bug on oauthplay from c.microsoft.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Azure websites.net">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="oauthplay.azurewebsites.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.oauthplay\.azurewebsites\.net$" name="^ARRAffinity$" /-->
+
+	<securecookie host="^\.oauthplay\.azurewebsites\.net$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AzurecomCDN.net.xml b/src/chrome/content/rules/AzurecomCDN.net.xml
new file mode 100644
index 000000000000..1434f06014a7
--- /dev/null
+++ b/src/chrome/content/rules/AzurecomCDN.net.xml
@@ -0,0 +1,15 @@
+<!--
+	For other Microsoft coverage, see Microsoft.xml.
+
+-->
+<ruleset name="AzurecomCDN.net">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="acom.azurecomcdn.net" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/B-static.net.xml b/src/chrome/content/rules/B-static.net.xml
new file mode 100644
index 000000000000..fca4ab35eb3a
--- /dev/null
+++ b/src/chrome/content/rules/B-static.net.xml
@@ -0,0 +1,14 @@
+<!--
+	No working URL known:
+		www.b-static.net
+
+-->
+<ruleset name="B-static.net">
+
+	<target host="b-static.net" />
+	<target host="avatar.b-static.net" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/B2bmediaportal.com.xml b/src/chrome/content/rules/B2bmediaportal.com.xml
index c3f6f5e7a0d8..0339e5d69aac 100644
--- a/src/chrome/content/rules/B2bmediaportal.com.xml
+++ b/src/chrome/content/rules/B2bmediaportal.com.xml
@@ -13,7 +13,6 @@
 	<securecookie host="^www\.b2bmediaportal\.com$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?b2bmediaportal\.com/"
-		to="https://www.b2bmediaportal.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/B3n.org.xml b/src/chrome/content/rules/B3n.org.xml
new file mode 100644
index 000000000000..a5ade7577c9e
--- /dev/null
+++ b/src/chrome/content/rules/B3n.org.xml
@@ -0,0 +1,9 @@
+<ruleset name="b3n.org">
+
+	<target host="b3n.org" />
+	<target host="www.b3n.org" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BA.xml b/src/chrome/content/rules/BA.xml
deleted file mode 100644
index 23f77262dc2c..000000000000
--- a/src/chrome/content/rules/BA.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<ruleset name="BritishAirways" platform="mixedcontent">
-
-	<target host="shopping.ba.com"/>
-	<target host="britishairways.com"/>
-	<target host="www.britishairways.com"/>
-
-	<securecookie host="^(.*\.)?britishairways.com$" name=".*"/>
-
-	<rule from="^http://shopping\.ba\.com/"
-		to="https://www.britishairways.com/"/>
-
-	<rule from="^http://(?:www\.)?britishairways\.com/"
-		to="https://www.britishairways.com/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/BAG-Jugendschutz.de.xml b/src/chrome/content/rules/BAG-Jugendschutz.de.xml
new file mode 100644
index 000000000000..2bc52d046475
--- /dev/null
+++ b/src/chrome/content/rules/BAG-Jugendschutz.de.xml
@@ -0,0 +1,12 @@
+<!--
+	Refused:
+		newsletter.bag-jugendschutz.de
+-->
+<ruleset name="BAG-Jugendschutz.de">
+
+	<target host="bag-jugendschutz.de" />
+	<target host="www.bag-jugendschutz.de" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BAGKJS.de.xml b/src/chrome/content/rules/BAGKJS.de.xml
new file mode 100644
index 000000000000..2f60cdcfb247
--- /dev/null
+++ b/src/chrome/content/rules/BAGKJS.de.xml
@@ -0,0 +1,14 @@
+<!--
+	Invalid certificate:
+		collab.bagkjs.de
+		news.bagkjs.de
+		statistik.bagkjs.de
+-->
+<ruleset name="BAGKJS.de">
+
+	<target host="bagkjs.de" />
+	<target host="www.bagkjs.de" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BALPA.org.xml b/src/chrome/content/rules/BALPA.org.xml
new file mode 100644
index 000000000000..88097d0d968b
--- /dev/null
+++ b/src/chrome/content/rules/BALPA.org.xml
@@ -0,0 +1,27 @@
+<!--
+	Different content HTTP/HTTPS:
+		balpa.org
+		wakeup.balpa.org
+
+	Invalid certificate:
+		newsletter.balpa.org
+
+-->
+<ruleset name="BALPA.org">
+
+	<target host="balpa.org" />
+	<target host="www.balpa.org" />
+	<target host="blog.balpa.org" />
+	<target host="forum.balpa.org" />
+	<target host="mail.balpa.org" />
+	<target host="passwordreset.balpa.org" />
+	<target host="testwebsite.balpa.org" />
+	<target host="webmail.balpa.org" />
+
+	<rule from="^http://balpa\.org/"
+		to="https://www.balpa.org/"/>
+
+    <rule from="^http:"
+        to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BAM-Agency.xml b/src/chrome/content/rules/BAM-Agency.xml
deleted file mode 100644
index 21cb70811077..000000000000
--- a/src/chrome/content/rules/BAM-Agency.xml
+++ /dev/null
@@ -1,27 +0,0 @@
-<!--
-	Nonfunctional domains:
-
-		- (www.)bamcommercial.co.uk	(Cert: www.bamsecure.com; shows that domain's
-						data [i.e. redirects to bamshop.co.uk])
-		- (www.)bamuk.com		(ditto)
-		- (www.)quotemeprint.com	(self-signed; shows CentOS Apache test page)
-
--->
-<ruleset name="BAM Agency (partial)">
-
-	<target host="bamsecure.com" />
-	<target host="www.bamsecure.com" />
-	<target host="bamshop.co.uk" />
-	<target host="www.bamshop.co.uk" />
-
-
-	<securecookie host="^(www\.)?bams(ecure\.com|hop\.co\.uk)$" name=".*" />
-
-
-	<rule from="^http://(www\.)?bamsecure\.com/"
-		to="https://$1bamsecure.com/" />
-
-	<rule from="^http://(www\.)?bamshop\.co\.uk/"
-		to="https://$1bamshop.co.uk/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/BAM.de.xml b/src/chrome/content/rules/BAM.de.xml
new file mode 100644
index 000000000000..c0a2604a2677
--- /dev/null
+++ b/src/chrome/content/rules/BAM.de.xml
@@ -0,0 +1,91 @@
+<!--
+	Content mismatch:
+		agw2.bam.de
+
+	Invalid certificate:
+		www.accta2013.bam.de
+		www.accta2016.bam.de
+		www.afr.bam.de
+		www.ake.bam.de
+		www.akkreditierungsbeirat.bam.de
+		www.amf.bam.de
+		www.artist.bam.de
+		www.atr.bam.de
+		www.betoscan.bam.de
+		www.biocides.bam.de
+		www.biozide.bam.de
+		www.ceqat-dghs.bam.de
+		www.chef.bam.de
+		www.ct.bam.de
+		www.dir.bam.de
+		www.drg.bam.de
+		www.ecasia03.bam.de
+		www.ermp-surfchem.bam.de
+		www.ermp-waterframeworkdirective.bam.de
+		www.evpg.bam.de
+		www.frpm05.bam.de
+		www.frpm2015.bam.de
+		www.h2sense.bam.de
+		www.icatt.bam.de
+		www.kb.bam.de
+		www.mod.bam.de
+		www.mosytraf.bam.de
+		www.nano-refmat.bam.de
+		www.ndte-training.bam.de
+		www.pcp.bam.de
+		www.perebar.bam.de
+		www.profile.bam.de
+		www.ps.bam.de
+		publica.bam.de
+		www.recarc.bam.de
+		www.recdemo.bam.de
+		www.resolved.bam.de
+		www.rm-certificates.bam.de
+		www.spin.bam.de
+		www.susan.bam.de
+		www.technart2011.bam.de
+		www.tmf-workshop.bam.de
+		www.tts.bam.de
+
+	Timeout:
+		dnssrv1.bam.de
+		ftp.bam.de
+		mdm.bam.de
+
+	Unable to get local issuer certificate:
+		www.ak-gkm.bam.de
+		cvpn.bam.d
+		redaktion-stage.bam.de
+		wmrif.bam.de
+		www.wmrif.bam.de
+-->
+<ruleset name="BAM.de">
+
+	<target host="www.bam.de" />
+	<target host="agw1.bam.de" />
+	<target host="agw3.bam.de" />
+	<target host="agw4.bam.de" />
+	<target host="www.akb.bam.de" />
+	<target host="autodiscover.bam.de" />
+	<target host="www.comar.bam.de" />
+	<target host="dgg.bam.de" />
+	<target host="www.dgg.bam.de" />
+	<target host="www.ebpg.bam.de" />
+	<target host="www.eptis.bam.de" />
+	<target host="exchange.bam.de" />
+	<target host="www.fraktographie.bam.de" />
+	<target host="git.bam.de" />
+	<target host="netzwerke.bam.de" />
+	<target host="redaktion.netzwerke.bam.de" />
+	<target host="www.nike.bam.de" />
+	<target host="redaktion.bam.de" />
+	<target host="rrr.bam.de" />
+	<target host="silverback.bam.de" />
+	<target host="www.suffos.bam.de" />
+	<target host="www.tes.bam.de" />
+	<target host="webshop.bam.de" />
+	<target host="www.webshop.bam.de" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BANAN.cz.xml b/src/chrome/content/rules/BANAN.cz.xml
new file mode 100644
index 000000000000..5444ec457547
--- /dev/null
+++ b/src/chrome/content/rules/BANAN.cz.xml
@@ -0,0 +1,10 @@
+<ruleset name="BANAN.CZ">
+    <target host="banan.cz" />
+    <target host="www.banan.cz" />
+    <target host="admin.banan.cz" />
+    <target host="webmail.banan.cz" />
+    <target host="b20.banan.cz" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/BAPCo.com.xml b/src/chrome/content/rules/BAPCo.com.xml
new file mode 100644
index 000000000000..06b066598c47
--- /dev/null
+++ b/src/chrome/content/rules/BAPCo.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="BAPCo.com">
+
+	<target host="bapco.com" />
+	<target host="www.bapco.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BASE.xml b/src/chrome/content/rules/BASE.xml
index c362ff8999a5..59c9196c305e 100644
--- a/src/chrome/content/rules/BASE.xml
+++ b/src/chrome/content/rules/BASE.xml
@@ -1,4 +1,6 @@
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://base.de/ => https://www.base.de/: Cycle detected - URL already encountered: https://www.base.de/base/
 	For other E-Plus Gruppe coverage, see E-Plus_Gruppe.xml.
 
 
@@ -34,16 +36,16 @@
 		<!--
 			?.* redirects to www for promotion, but not for infos
 										-->
-		<exclusion pattern="^https?://infos\.base\.de/\?" />
+		<exclusion pattern="^http://infos\.base\.de/\?" />
 
 
 	<securecookie host="^.*\.base\.de$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?base\.de/"
+	<rule from="^http://(?:www\.)?base\.de/"
 		to="https://www.base.de/" />
 
-	<rule from="^https?://(?:www\.)?angebote\.base\.de/"
+	<rule from="^http://(?:www\.)?angebote\.base\.de/"
 		to="https://angebote.base.de/" />
 
 	<rule from="^http://(chatsurvey|m|proactive2?|tracking)\.base\.de/"
@@ -53,10 +55,10 @@
 
 		No harm in fixing things ourselves.
 							-->
-	<rule from="^https?://facebook\.base\.de/"
+	<rule from="^http://facebook\.base\.de/"
 		to="https://angebote.base.de/" />
 
-	<rule from="^https?://(?:infos|promotion)\.base\.de/(?:$|\?.*)"
+	<rule from="^http://(?:infos|promotion)\.base\.de/(?:$|\?.*)"
 		to="https://www.base.de/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/BASt.de.xml b/src/chrome/content/rules/BASt.de.xml
new file mode 100644
index 000000000000..57cc26ba916e
--- /dev/null
+++ b/src/chrome/content/rules/BASt.de.xml
@@ -0,0 +1,31 @@
+<!--
+	Content mismatch:
+		rws.bast.de
+		svz-online.bast.de
+
+	Invalid certificate:
+		itzeb.bast.de
+
+	Refused:
+		deufrako.bast.de
+		ripcord.bast.de
+		verdi.bast.de
+		visustrplanung.bast.de
+
+	Unable to get local issuer certificate:
+		bisstra-upload.bast.de
+		dbstreum.bast.de
+-->
+<ruleset name="BASt.de">
+
+	<target host="www.bast.de" />
+	<target host="bisstraerf.bast.de" />
+	<target host="esret.bast.de" />
+	<target host="login.bast.de" />
+	<target host="makau.bast.de" />
+	<target host="owa.bast.de" />
+	<target host="ssi.bast.de" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BATS_Exchange.xml b/src/chrome/content/rules/BATS_Exchange.xml
index e2834f3e00f4..27602522e593 100644
--- a/src/chrome/content/rules/BATS_Exchange.xml
+++ b/src/chrome/content/rules/BATS_Exchange.xml
@@ -7,7 +7,6 @@
 	<securecookie host="^(?:www\.)?batstrading\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?batstrading\.com/"
-		to="https://$1batstrading.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/BAW.de.xml b/src/chrome/content/rules/BAW.de.xml
new file mode 100644
index 000000000000..420b697b305a
--- /dev/null
+++ b/src/chrome/content/rules/BAW.de.xml
@@ -0,0 +1,51 @@
+<!--
+	Invalid certificate:
+		www.hamburg.baw.de
+		columba.ilmenau.baw.de
+		kfki-neu.baw.de
+		pianc.vzb.baw.de
+
+	Refused:
+		bildarchiv.baw.de
+		comrisk.hosted-by-kfki.baw.de
+		kodiba.hosted-by-kfki.baw.de
+		mdi-de.hosted-by-kfki.baw.de
+		morwin.hosted-by-kfki.baw.de
+		nokis.hosted-by-kfki.baw.de
+		wimo.hosted-by-kfki.baw.de
+		icce2008.baw.de
+		iche2014.baw.de
+		www.iche2014.baw.de
+		www.mashcon2016.baw.de
+		mdi-de.baw.de
+		mdi-dienste.baw.de
+		medienarchiv.baw.de
+		scour-and-erosion.baw.de
+		ufersicherung.baw.de
+		wiki.baw.de
+
+	Timeout:
+		blog.baw.de
+		ftp.hamburg.baw.de
+		idp.baw.de
+		wsvmap-extern.ilmenau.baw.de
+
+	Unable to get local issuer certificate:
+		wm.baw.de
+-->
+<ruleset name="BAW.de">
+
+	<target host="www.baw.de" />
+	<target host="henry.baw.de" />
+	<target host="izw.baw.de" />
+	<target host="mc.baw.de" />
+	<target host="mc-test.baw.de" />
+	<target host="ox.baw.de" />
+	<target host="ox3.baw.de" />
+	<target host="oxt.baw.de" />
+	<target host="vzb.baw.de" />
+	<target host="webmail.baw.de" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BAWSI.org.xml b/src/chrome/content/rules/BAWSI.org.xml
index 304b258ddbc5..129a1db6a76c 100644
--- a/src/chrome/content/rules/BAWSI.org.xml
+++ b/src/chrome/content/rules/BAWSI.org.xml
@@ -8,7 +8,6 @@
 	<target host="www.bawsi.org" />
 
 
-	<rule from="^http://(www\.)?bawsi\.org/"
-		to="https://$1bawsi.org/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/BAuA.de.xml b/src/chrome/content/rules/BAuA.de.xml
new file mode 100644
index 000000000000..c8f65da0f63e
--- /dev/null
+++ b/src/chrome/content/rules/BAuA.de.xml
@@ -0,0 +1,15 @@
+<!--
+	Invalid certificate:
+		anmeldung-dd.baua.de
+		anmeldung-do[1|2].baua.de
+		www.shop.baua.de
+-->
+<ruleset name="BAuA.de">
+
+	<target host="baua.de" />
+	<target host="www.baua.de" />
+	<target host="shop.baua.de" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BBB_Online.org.xml b/src/chrome/content/rules/BBB_Online.org.xml
new file mode 100644
index 000000000000..c46b98098795
--- /dev/null
+++ b/src/chrome/content/rules/BBB_Online.org.xml
@@ -0,0 +1,32 @@
+<!--
+	For other Better Business Bureau coverage, see Better-Business-Bureau.xml.
+
+
+	(www.)?bbbonline.org: Mismatched
+
+-->
+<ruleset name="BBB Online.org (partial)">
+
+	<!--	Complications:
+				-->
+	<target host="bbbonline.org"/>
+	<target host="www.bbbonline.org"/>
+
+		<exclusion pattern="^http://(?:www\.)?bbbonline\.org/(?!cks\.asp\?id=\d)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://bbbonline.org//foo" />
+			<test url="http://www.bbbonline.org//foo" />
+
+			<!--	-ve:
+					-->
+			<test url="http://bbbonline.org/cks.asp?id=1" />
+			<test url="http://bbbonline.org/cks.asp?id=10" />
+			<test url="http://www.bbbonline.org/cks.asp?id=100" />
+
+
+	<rule from="^http://(?:www\.)?bbbonline\.org/cks\.asp"
+		to="https://www.bbb.org/us/bbb-online-business/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BBB_Silicon.org.xml b/src/chrome/content/rules/BBB_Silicon.org.xml
new file mode 100644
index 000000000000..929c1c80a712
--- /dev/null
+++ b/src/chrome/content/rules/BBB_Silicon.org.xml
@@ -0,0 +1,41 @@
+<!--
+	For other Better Business Bureau coverage, see Better-Business-Bureau.xml.
+
+
+	(www.)?bbbsilicon.org: Shows default page
+
+-->
+<ruleset name="BBB Silicon.org (partial)">
+
+	<!--	Complications:
+				-->
+	<target host="bbbsilicon.org" />
+	<target host="www.bbbsilicon.org" />
+
+		<!--	(?!$|\?) doesn't redirect
+							-->
+		<exclusion pattern="http://(?:www\.)?bbbsilicon\.org/+(?!$|\?)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://bbbsilicon.org/commonreport.html" />
+			<test url="http://bbbsilicon.org/espanol/" />
+			<test url="http://bbbsilicon.org/news-events/" />
+			<test url="http://bbbsilicon.org/programs-services/" />
+			<test url="http://www.bbbsilicon.org/commonreport.html" />
+			<test url="http://www.bbbsilicon.org/espanol/" />
+			<test url="http://www.bbbsilicon.org/news-events/" />
+			<test url="http://www.bbbsilicon.org/programs-services/" />
+
+			<!--	-ve:
+					-->
+			<test url="http://bbbsilicon.org/?" />
+			<test url="http://bbbsilicon.org/?foo" />
+			<test url="http://www.bbbsilicon.org/?" />
+			<test url="http://www.bbbsilicon.org/?foo" />
+
+
+	<rule from="^http://(?:www\.)?bbbsilicon\.org/+(?:\?.*)?"
+		to="https://sanjose.bbb.org/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BBC-mismatches.xml b/src/chrome/content/rules/BBC-mismatches.xml
deleted file mode 100644
index f69161284907..000000000000
--- a/src/chrome/content/rules/BBC-mismatches.xml
+++ /dev/null
@@ -1,30 +0,0 @@
-<!--
-	For rules that are on by default, see BBC.xml.
-
--->
-<ruleset name="BBC (self-signed)" default_off="mismatch, self-signed">
-
-	<!--target host="bbc.com" />
-	<target host="www.bbc.com" />
-	<target host="bbc.co.uk" /-->
-	<target host="electradl.iplayer.bbc.co.uk" />
-	<!--target host="www.bbc.co.uk" />
-	<target host="www.bbc.net.uk" />
-		<exclusion pattern="^http://(www\.)?bbc\.(co|net)\.uk/(media|nol|shared|static)/" /-->
-
-
-	<!--	Cert mismatch.
-
-		Some pages look different.
-
-	<rule from="^http://(?:www\.)?bbc\.com/"
-		to="https://www.bbc.com/" />
-
-	<rule from="^http://(?:www\.)?bbc\.(?:co|net)\.uk/"
-		to="https://www.bbc.net.uk/" /-->
-
-	<!--	Akamai.
-				-->
-	<rule from="^http://electradl\.iplayer\.bbc\.co\.uk/"
-		to="https://electradl.iplayer.bbc.co.uk/" />
-</ruleset>
diff --git a/src/chrome/content/rules/BBC.co.uk.xml b/src/chrome/content/rules/BBC.co.uk.xml
new file mode 100644
index 000000000000..4dd798d0876c
--- /dev/null
+++ b/src/chrome/content/rules/BBC.co.uk.xml
@@ -0,0 +1,42 @@
+<!--
+	Other BBC rulesets:
+		- BBC.com.xml
+		- BBC_Children_In_Need.xml
+		- bbci.co.uk.xml
+		- bbcimg.co.uk.xml
+
+	Mismatched:
+		- cdnedge
+		- ftp.kw
+
+	SSL error:
+		- confluence.dev
+		- newsbeta
+		- newsforums
+		- newsvote
+
+	Mixed content:
+		- playlists
+		- downloads
+-->
+<ruleset name="BBC.co.uk (partial)">
+	<target host="bbc.co.uk" />
+	<target host="www.bbc.co.uk" />
+	<target host="ssc.api.bbc.co.uk" />
+	<target host="careershub.bbc.co.uk" />
+	<target host="careerssearch.bbc.co.uk" />
+	<target host="iplayerhelp.external.bbc.co.uk" />
+	<target host="www.live.bbc.co.uk" />
+	<target host="open.live.bbc.co.uk" />
+	<target host="m.bbc.co.uk" />
+	<target host="newsimg.bbc.co.uk" />
+	<target host="polling.bbc.co.uk" />
+	<target host="sa.bbc.co.uk" />
+	<target host="ssl.bbc.co.uk" />
+	<target host="static.bbc.co.uk" />
+	<target host="stats.bbc.co.uk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/BBC.com.xml b/src/chrome/content/rules/BBC.com.xml
new file mode 100644
index 000000000000..e43d47971ce5
--- /dev/null
+++ b/src/chrome/content/rules/BBC.com.xml
@@ -0,0 +1,47 @@
+<!--
+	Non-functional hosts
+		Timeout was reached:
+		- help.store.bbc.com
+
+		SSL peer certificate was not OK:
+		- pages.email.bbc.com
+		- pages.emails.bbc.com
+		- pages.storeuk.bbc.com
+
+		Incomplete certificate chain error:
+		- dialin.bbc.com
+		- meet.bbc.com
+		- r1.bbc.com
+		- webmail.bbc.com
+
+		Redirect to HTTP:
+		- www.bbc.com
+			- /culture/
+			- /travel/
+-->
+<ruleset name="BBC.com (partial)">
+	<target host="bbc.com" />
+	<target host="www.bbc.com" />
+	<!-- See #19012 -->
+	<exclusion pattern="^http://www\.bbc\.com/culture/" />
+		<test url="http://www.bbc.com/culture/story/20200227-japans-unexpected-relationship-with-reggae" />
+		<test url="http://www.bbc.com/culture/story/20200301-nine-tv-shows-to-watch-in-march" />
+		<test url="http://www.bbc.com/culture/story/20200309-the-soft-power-roots-of-k-pop" />
+	<exclusion pattern="^http://www\.bbc\.com/travel/" />
+		<test url="http://www.bbc.com/travel/" />
+		<test url="http://www.bbc.com/travel/story/20200308-japans-ancient-way-to-save-the-planet" />
+		<test url="http://www.bbc.com/travel/story/20200309-ogopogo-the-monster-lurking-in-okanagan-lake" />
+	<target host="information-syndication.api.bbc.com" />
+	<target host="ssc.api.bbc.com" />
+	<target host="beta.bbc.com" />
+	<target host="developer.bbc.com" />
+	<target host="emp.bbc.com" />
+	<target host="player.bbc.com" />
+	<target host="ssl.bbc.com" />
+	<target host="shop.bbc.com" />
+	<target host="ca.shop.bbc.com" />
+	<target host="store.bbc.com" />
+	<target host="www.test.bbc.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/BBC.xml b/src/chrome/content/rules/BBC.xml
deleted file mode 100644
index 4b997fa84459..000000000000
--- a/src/chrome/content/rules/BBC.xml
+++ /dev/null
@@ -1,222 +0,0 @@
-<!--
-	For problematic rules, see BBC-mismatches.xml.
-
-
-	CDN buckets:
-
-		- cdnedge.bbc.co.uk.edgesuite.net
-		- electradl.iplayer.bbc.co.uk.edgesuite.net
-		- news.bbc.co.uk.edgesuite.net
-			- newsimg.bbc.co.uk
-			- feeds.bbci.co.uk
-			- news.bbcimg.co.uk
-			- tile[1-4].bbcimg.co.uk
-		- emp.bbci.co.uk.edgesuite.net
-		- ichef.bbci.co.uk.edgesuite.net
-		- node1.bbcimg.co.uk.edgesuite.net
-		- bbcmedia.fcod.llnwd.net
-
-
-	Problematic domains:
-
-		- sa.bbc.com		(mismatched, CN: *.112.2o7.net)
-		- polling.bbc.co.uk	(akamai)
-		- wwwimg.bbc.co.uk	(redirects to http)
-		- ichef.bbci.co.uk *
-		- news.bbcimg.co.uk *
-		- tile[1-4].bbcimg.co.uk	(works, akamai)
-
-	* 503, akamai
-
-
-	Nonfunctional domains:
-
-		- bbc.co.uk subdomains:
-
-			- cdnedge *
-			- confluence.dev	(handshake error)
-			- ftp.kw	(401, self-signed)
-			- open.live
-			- m **
-
-
-			- newsbeta	(no https)
-
-			- newsforums
-
-			- newsimg
-				- When rewritten news, doesn't redirect back to newsimg..
-				- When rewritten to www, redirects to http =(
-				- Not on static.
-
-			- newsvote
-			- playlists **
-
-			- stats **
-
-		- (www.)bbcamerica.com	(reset)
-		- feeds.bbci.co.uk *
-		- open.bbci.co.uk *
-
-	* 503, akamai
-	** Refused
-
-
-	Problematic domains:
-
-		- news.bbc.co.uk	(refused)
-					When rewritten to www, redirects back to news
-		- emp.bbci.co.uk *
-		- feeds.bbci.co.uk *
-		- node1.bbcimg.co.uk	(works, akamai)
-
-	* 503, akamai
-
-
-	Partially covered domains:
-
-		- open.live.bbc.co.uk
-
-			- crossdomain.xml causes videos to fail; "media selection request failed"
-
-		- news.bbc.co.uk	(→ beta.bbc.co.uk)
-
-		- emp.bbci.co.uk	(→ www.bbc.co.uk)
-		- feeds.bbci.co.uk	(→ www.bbc.co.uk)
-
-
-	Fully covered domains:
-
-		- www.live.bbc.co.uk
-
-
-	Mixed content:
-
-		- Flash on www from airdownload.adobe.com
-
-		- Scripts:
-
-			- On www from www *
-			- On www from static.bbci.co.uk *
-			- On www from node1.bbcimg.co.uk *
-
-		- css:
-
-			- On www from static.bbci.co.uk *
-			- On www from node1.bbcimg.co.uk *
-
-		- Images:
-
-			- On www from ichef.bbci.co.uk *
-			- On www from static.bbci.co.uk *
-
-		- Web bug on www from stats.bbc.co.uk **
-
-	* Secured by us
-	** Unsecurable, good riddance for MCB
-
-
-	NB: iplayer has been excluded so as to work around broken MCB.
-
--->
-<ruleset name="BBC (partial)">
-
-	<target host="sa.bbc.com" />
-	<target host="bbc.co.uk" />
-	<target host="*.bbc.co.uk" />
-		<!--
-			Causes censorship bypass to fail.
-								-->
-		<exclusion pattern="^http://www\.bbc\.co\.uk/iplayer/episode/\w+/(?:hd/)?\w+/?(?:$|\?)" />
-		<!--
-			Avoid false mixed content until MCB works properly:
-										-->
-		<exclusion pattern="^http://(?:www\.)?bbc\.co\.uk/iplayer(?:/?\?|/?$|/radio(?:$|[?/]))" />
-		<!--
-			https://trac.torproject.org/projects/tor/ticket/9136
-
-			Breaks archived radio streams:
-
-				"This content doesn't seem to be working"
-										-->
-		<exclusion pattern="^http://www\.bbc\.co\.uk/iplayer/playlist/\w+$" />
-		<exclusion pattern="^http://open\.live\.bbc\.co\.uk/(?!mediaselector/|wurfldemi/(?:network|useragent)\.jsonp|weather/feeds/\w\w/maps/forecast\.json)" />
-	<target host="iplayerhelp.external.bbc.co.uk" />
-	<target host="*.bbci.co.uk" />
-	<!--	Akamai	-->
-	<target host="*.bbcimg.co.uk" />
-
-
-	<!--	Tracking cookie set by sa	-->
-	<securecookie host="^\.bbc\.co\.uk$" name="^s1$" />
-	<!--
-		Can any of these be secured safely?
-							-->
-	<!--securecookie host="^\.bbc\.co\.uk$" name="^(BBC-UID|ckns_policy|BGUID|sa_labels|X-AB-iplayer-emp31|X-AB-iplayer-qunit1)" /-->
-	<securecookie host="^(?:iplayerhelp\.external|ssl)\.bbc\.co\.uk$" name=".+" />
-
-
-	<rule from="^http://sa\.bbc\.com/"
-		to="https://bbc.112.2o7.net/" />
-
-	<rule from="^http://(?:www(?:img)?\.)?bbc\.co\.uk/(aboutthebbc/override\.css|a-z/style|cbbc/(?:all/homepage-background|img|structure)|help/404_img|inc|nfp/holepunched/api|news/special/shared|player/emp|survey/pulse|tv/js|weather/locales)/"
-		to="https://beta.bbc.co.uk/$1/" />
-
-	<rule from="^http://feeds\.bbc\.co\.uk/modules/comments/"
-		to="https://www.bbc.co.uk/modules/comments/" />
-
-	<!--	ichef: Images.
-					-->
-	<rule from="^http://(ichef|www\.live|sa|static)\.bbci?\.co\.uk/"
-		to="https://$1.bbc.co.uk/" />
-
-	<rule from="^http://(?:www\.)?bbc\.co\.uk/(emp/|favicon\.ico$|glow/|guidance/|iplayer/|podcasts/assets/)"
-		to="https://www.bbc.co.uk/$1" />
-
-	<rule from="^http://(?:www\.)?bbc\.co\.uk/programmes/branding/"
-		to="https://ssl.bbc.co.uk/programmes/branding/" />
-
-	<rule from="^http://www\.bbc\.co\.uk/webwise/static/"
-		to="https://static.bbc.co.uk/webwise/" />
-
-	<rule from="^http://(beta|careers|downloads|iplayerhelp\.external|id|ssl)\.bbc\.co\.uk/"
-		to="https://$1.bbc.co.uk/" />
-
-	<rule from="^http://open\.live\.bbc\.co\.uk/"
-		to="https://open.live.bbc.co.uk/" />
-
-	<rule from="^http://news\.bbc\.co\.uk/(css|furniture|stylesheets|js/app/av/emp)/"
-		to="https://beta.bbc.co.uk/$1/" />
-
-	<rule from="^http://newsimg\.bbc\.co\.uk/(media/images|shared/img)/"
-		to="https://beta.bbc.co.uk/$1/" />
-
-	<rule from="^http://node[12]\.bbcimg\.co\.uk/(crossdomain\.xml$|glow/|iplayer/)"
-		to="https://www.bbc.co.uk/$1" />
-
-	<rule from="^http://node\d\.bbcimg\.co\.uk/(podcasts|tv/p2)/"
-		to="https://beta.bbc.co.uk/$1/" />
-
-	<rule from="^http://polling\.bbc\.co\.uk/modules/onairpanel/include/"
-		to="https://ssl.bbc.co.uk/modules/onairpanel/include/" />
-
-	<!--	This may be needed again in the future:
-							-->
-	<!--rule from="^https://www\.bbc\.co\.uk/iplayer/episode/(\w+/(?:hd/)?[\w\.]+/?(?:$|\?))"
-		to="http://www.bbc.co.uk/iplayer/episode/$1" downgrade="1" /-->
-
-	<rule from="^http://emp\.bbci\.co\.uk/emp/(bump|releases)/"
-		to="https://www.bbc.co.uk/emp/$1/" />
-
-        <!--    iPlayer points here, but only when fetched via https.
-
-	<rule from="^https://open\.bbci\.co\.uk/buzz/shares($|\?)"
-		to="http://open.bbci.co.uk/buzz/shares$1" downgrade="1" /-->
-
-	<rule from="^http://news\.bbcimg\.co\.uk/"
-		to="https://beta.bbc.co.uk/" />
-
-	<rule from="^http://tile\d\.bbcimg\.co\.uk/"
-		to="https://static.bbc.co.uk/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/BBC_Children_In_Need.xml b/src/chrome/content/rules/BBC_Children_In_Need.xml
new file mode 100644
index 000000000000..a9eab0cab62e
--- /dev/null
+++ b/src/chrome/content/rules/BBC_Children_In_Need.xml
@@ -0,0 +1,11 @@
+<ruleset name="BBC Children In Need">
+
+	<target host="bbcchildreninneed.co.uk" />
+	<target host="www.bbcchildreninneed.co.uk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BBacon.org.xml b/src/chrome/content/rules/BBacon.org.xml
new file mode 100644
index 000000000000..d06ac5637e64
--- /dev/null
+++ b/src/chrome/content/rules/BBacon.org.xml
@@ -0,0 +1,17 @@
+<!--
+	Active mixed content:
+		- bbacon.org, e.g. http://bbacon.org/An-Introductory-Guide-to-the-IMSLP
+		- www.bbacon.org, e.g. http://www.bbacon.org/An-Introductory-Guide-to-the-IMSLP
+-->
+
+<ruleset name="BBacon.org" platform="mixedcontent">
+	<target host="bbacon.org" />
+		<test url="http://bbacon.org/About" />
+	<target host="www.bbacon.org" />
+		<test url="http://www.bbacon.org/About" />
+
+	<!-- Root path redirects to HTTP -->
+	<exclusion pattern="^http://(www\.)?bbacon\.org/$" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/BC.edu-mixedcontent.xml b/src/chrome/content/rules/BC.edu-mixedcontent.xml
new file mode 100644
index 000000000000..bee9b0ae5c1e
--- /dev/null
+++ b/src/chrome/content/rules/BC.edu-mixedcontent.xml
@@ -0,0 +1,16 @@
+<!--
+	For rules not causing valid or false MCB, see BC.edu.xml.
+
+-->
+<ruleset name="BC.edu (MCB)" platform="mixedcontent">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="dlib.bc.edu" />
+	<target host="events.bc.edu" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BC.edu.xml b/src/chrome/content/rules/BC.edu.xml
new file mode 100644
index 000000000000..eaf72689b4fb
--- /dev/null
+++ b/src/chrome/content/rules/BC.edu.xml
@@ -0,0 +1,77 @@
+<!--
+	Boston College
+
+	For rules causing valid or false MCB, see BC.edu-mixedcontent.xml.
+
+
+	Nonfunctional hosts in *bc.edu:
+
+		- at ¹
+		- bcm ¹
+		- dcollections ²
+		- frontrow ³
+		- lawmagazine ⁴
+
+	¹ Redirects to http
+	² Redirects to dlib
+	³ Refused
+	⁴ Dropped
+
+
+	Problematic hosts in *bc.edu:
+
+		- dlib ¹
+		- events ¹
+		- libguides ²
+		- library ³
+
+	¹ Mixed css
+	² Mismatched
+	³ Missing cert chain
+
+
+	These altnames don't exist:
+
+		- www.at.bc.edu
+		- www.bcm.bc.edu
+		- www.ejournals.bc.edu
+		- www.events.bc.edu
+		- www.library.bc.edu
+
+
+	Mixed content:
+
+		- css, on:
+
+			- dlib from openfontlibrary.org
+			- events from ajax.aspnetcdn.com ²
+			- events from www.bc.edu ²
+			- events from fonts.googleapis.com ²
+
+		- Images, on:
+
+			- events, www from www.bc.edu ²
+			- libguides from library.bc.edu ³
+			- www from bc.edu ²
+
+	² Secured by us
+	³ Not secured by us <= missing certificate chain
+
+-->
+<ruleset name="BC.edu (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="bc.edu" />
+	<!--target host="dlib.bc.edu" /-->
+	<target host="ejournals.bc.edu" />
+	<!--target host="events.bc.edu" /-->
+	<!--target host="libguides.bc.edu" /-->
+	<!--target host="library.bc.edu" /-->
+	<target host="www.bc.edu" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BCAA.xml b/src/chrome/content/rules/BCAA.xml
new file mode 100644
index 000000000000..bef131eed653
--- /dev/null
+++ b/src/chrome/content/rules/BCAA.xml
@@ -0,0 +1,7 @@
+<ruleset name="BC Automobile Association">
+    <target host="bcaa.com" />
+    <target host="www.bcaa.com" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/BCCLA.org.xml b/src/chrome/content/rules/BCCLA.org.xml
new file mode 100644
index 000000000000..41c9142dc672
--- /dev/null
+++ b/src/chrome/content/rules/BCCLA.org.xml
@@ -0,0 +1,20 @@
+<!--
+	BC Civil Liberties Association
+
+-->
+<ruleset name="BCCLA.org">
+
+	<target host="bccla.org" />
+	<target host="www.bccla.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?bccla\.org$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^(?:www\.)?bccla\.org$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BCGolf.com-mismatches.xml b/src/chrome/content/rules/BCGolf.com-mismatches.xml
index b338fac7f534..6cf169b2ce6e 100644
--- a/src/chrome/content/rules/BCGolf.com-mismatches.xml
+++ b/src/chrome/content/rules/BCGolf.com-mismatches.xml
@@ -1,11 +1,11 @@
-<ruleset name="BCGolf.com (mismatches)" default_off="mismatch">
+<ruleset name="BCGolf.com (mismatches)" default_off="mismatched">
 
 	<!--	cert:	bcgolf.com	-->
 	<target host="*.golf2go.net"/>
 		<!--	handled in main ruleset		-->
 		<exclusion pattern="^http://www\."/>
 
-	<securecookie host="^.*\.golf2go\.net$" name=".*"/>
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http://([\w\-]+)\.golf2go\.net/"
 		to="https://$1.golf2go.net/"/>
diff --git a/src/chrome/content/rules/BCGolf.com.xml b/src/chrome/content/rules/BCGolf.com.xml
deleted file mode 100644
index 26de10c39717..000000000000
--- a/src/chrome/content/rules/BCGolf.com.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<ruleset name="BCGolf.com">
-
-	<target host="bcgolf.com"/>
-	<target host="www.bcgolf.com"/>
-	<target host="golf2go.net"/>
-	<target host="www.golf2go.net"/>
-
-	<rule from="^http://(www\.)?bcgolf\.com/"
-		to="https://$1bcgolf.com/"/>
-
-	<rule from="^http://(www\.)?golf2go\.net/"
-		to="https://$1golf2go.net/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/BCIX.de.xml b/src/chrome/content/rules/BCIX.de.xml
new file mode 100644
index 000000000000..be1df16f1a5f
--- /dev/null
+++ b/src/chrome/content/rules/BCIX.de.xml
@@ -0,0 +1,13 @@
+<!--
+	Timeout:
+		ns[0|2].bcix.de
+-->
+<ruleset name="BCIX.de">
+
+	<target host="bcix.de" />
+	<target host="www.bcix.de" />
+	<target host="members.bcix.de" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BCLA_Connect.ca.xml b/src/chrome/content/rules/BCLA_Connect.ca.xml
new file mode 100644
index 000000000000..3241ed110dbb
--- /dev/null
+++ b/src/chrome/content/rules/BCLA_Connect.ca.xml
@@ -0,0 +1,25 @@
+<!--
+	www.bclaconnect.ca: Mismatched
+
+-->
+<ruleset name="BCLA Connect.ca">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="bclaconnect.ca" />
+
+	<!--	Complications:
+				-->
+	<target host="www.bclaconnect.ca" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://www\.bclaconnect\.ca/"
+		to="https://bclaconnect.ca/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BC_Hydro.xml b/src/chrome/content/rules/BC_Hydro.xml
new file mode 100644
index 000000000000..65a302b49810
--- /dev/null
+++ b/src/chrome/content/rules/BC_Hydro.xml
@@ -0,0 +1,9 @@
+<ruleset name="BC Hydro">
+    <target host="bchydro.com" />
+    <target host="www.bchydro.com" />
+
+    <securecookie host="^(?:www)?(?:\.)?bchydro\.com$" name=".+" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/BDBOS.bund.de.xml b/src/chrome/content/rules/BDBOS.bund.de.xml
new file mode 100644
index 000000000000..8d7adbd79d74
--- /dev/null
+++ b/src/chrome/content/rules/BDBOS.bund.de.xml
@@ -0,0 +1,12 @@
+<!--
+	For other bund.de coverages, see Verwaltung_Online.xml.
+-->
+<ruleset name="BDBOS.bund.de">
+	<!-- Federal Agency for Public Safety Digital Radio -->
+
+	<target host="bdbos.bund.de" />
+	<target host="www.bdbos.bund.de" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BDOCodex.com.xml b/src/chrome/content/rules/BDOCodex.com.xml
new file mode 100644
index 000000000000..f3cfef8dc94b
--- /dev/null
+++ b/src/chrome/content/rules/BDOCodex.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="BDO Codex.com">
+
+	<target host="bdocodex.com" />
+	<target host="www.bdocodex.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BECU.xml b/src/chrome/content/rules/BECU.xml
new file mode 100644
index 000000000000..14bfd3d98750
--- /dev/null
+++ b/src/chrome/content/rules/BECU.xml
@@ -0,0 +1,22 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://accessassistant.becu.org/ => https://accessassistant.becu.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	Refused:
+		- news
+		- ppwww
+
+	Mismatched:
+		- locatorsearch
+-->
+<ruleset name="Becu.org" default_off="failed ruleset test">
+	<target host="becu.org" />
+	<target host="www.becu.org" />
+	<target host="onlinebanking.becu.org" />
+	<target host="onlineappointments.becu.org" />
+	<target host="accessassistant.becu.org" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/BEL-Solutions.xml b/src/chrome/content/rules/BEL-Solutions.xml
deleted file mode 100644
index 546792a52d00..000000000000
--- a/src/chrome/content/rules/BEL-Solutions.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<ruleset name="BEL Solution" default_off="self-signed">
-
-	<!--	Cert: zeus.bel.fi	-->
-	<target host="bel.fi" />
-	<target host="*.bel.fi" />
-
-
-	<!--	- Cert only matches zeus.bel.fi
-		- All appear identical
-			-->
-	<rule from="^https?://(?:www\.|zeus\.)?bel\.fi/"
-		to="https://zeus.bel.fi/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/BEL.fi.xml b/src/chrome/content/rules/BEL.fi.xml
new file mode 100644
index 000000000000..0d0e58ef77cd
--- /dev/null
+++ b/src/chrome/content/rules/BEL.fi.xml
@@ -0,0 +1,29 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://bacchus.bel.fi/ => https://bacchus.bel.fi/: (7, 'Failed to connect to bacchus.bel.fi port 443: Connection refused')
+
+	Non-functional hosts
+		Connection refused:
+			 - asp2.bel.fi
+			 - gw.bel.fi
+
+		Timeout:
+			 - dionysos.bel.fi
+
+		Invalid certificates:
+			 - asp.bel.fi
+-->
+<ruleset name="BEL Solutions Oy" default_off="failed ruleset test">
+	<target host="bel.fi" />
+	<target host="www.bel.fi" />
+	<target host="bacchus.bel.fi" />
+	<target host="integraatio.bel.fi" />
+	<target host="rj.bel.fi" />
+	<target host="saas.bel.fi" />
+	<target host="smtp.bel.fi" />
+	<target host="test.bel.fi" />
+	<target host="zeus.bel.fi" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/BEM.info.xml b/src/chrome/content/rules/BEM.info.xml
new file mode 100644
index 000000000000..6270529e398a
--- /dev/null
+++ b/src/chrome/content/rules/BEM.info.xml
@@ -0,0 +1,24 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.bem.info/ => https://www.bem.info/: (60, 'SSL certificate problem: self signed certificate in certificate chain')
+
+	For other Yandex coverage, see Yandex.xml.
+
+
+	Fully covered subdomains:
+
+		- (www.)?
+		- ru
+
+-->
+<ruleset name="BEM.info" default_off="failed ruleset test">
+
+	<target host="bem.info" />
+	<target host="ru.bem.info" />
+	<target host="www.bem.info" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BEV.bund.de.xml b/src/chrome/content/rules/BEV.bund.de.xml
new file mode 100644
index 000000000000..67b082839834
--- /dev/null
+++ b/src/chrome/content/rules/BEV.bund.de.xml
@@ -0,0 +1,15 @@
+<!--
+	For other bund.de coverages, see Verwaltung_Online.xml.
+-->
+<ruleset name="BEV.bund.de">
+
+	<target host="www.bev.bund.de" />
+	<target host="auth.bev.bund.de" />
+	<target host="nsc.bev.bund.de" />
+	<target host="owa.bev.bund.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BGPStream.com.xml b/src/chrome/content/rules/BGPStream.com.xml
new file mode 100644
index 000000000000..848862bdc0af
--- /dev/null
+++ b/src/chrome/content/rules/BGPStream.com.xml
@@ -0,0 +1,17 @@
+<!--
+	For other OpenDNS coverage, see OpenDNS.xml.
+
+-->
+<ruleset name="BGPStream.com">
+
+	<target host="bgpstream.com" />
+	<target host="www.bgpstream.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BGPView.io.xml b/src/chrome/content/rules/BGPView.io.xml
new file mode 100644
index 000000000000..e9523ac129e0
--- /dev/null
+++ b/src/chrome/content/rules/BGPView.io.xml
@@ -0,0 +1,9 @@
+<ruleset name="BGPView.io">
+	<target host="bgpview.io" />
+	<target host="www.bgpview.io" />
+	<target host="api.bgpview.io" />
+	<target host="es.bgpview.io" />
+	<target host="whois.bgpview.io" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/BGPmon.net.xml b/src/chrome/content/rules/BGPmon.net.xml
new file mode 100644
index 000000000000..0f907c11f87d
--- /dev/null
+++ b/src/chrome/content/rules/BGPmon.net.xml
@@ -0,0 +1,28 @@
+<!--
+	Mixed content:
+
+		- css on www from fonts.googleapis.com *
+
+		- Images on www from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="BGPmon.net">
+	<target host="bgpmon.net" />
+	<target host="portal.bgpmon.net" />
+	<target host="www.bgpmon.net" />
+	<target host="bgpmon.com" />
+	<target host="portal.bgpmon.com" />
+	<target host="www.bgpmon.com" />
+
+	<!-- Not secured by server: -->
+	<securecookie host="^portal\.bgpmon\.net$" name=".+" />
+
+    <rule from="^http://bgpmon\.(?:com|net)/"
+        to="https://www.bgpmon.net/" />
+
+	<rule from="^http://(portal\.|www\.)?bgpmon\.com/"
+		to="https://$1bgpmon.net/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/BGR.bund.de.xml b/src/chrome/content/rules/BGR.bund.de.xml
new file mode 100644
index 000000000000..815468088ced
--- /dev/null
+++ b/src/chrome/content/rules/BGR.bund.de.xml
@@ -0,0 +1,11 @@
+<!--
+	For other bund.de coverages, see Verwaltung_Online.xml.
+-->
+<ruleset name="BGR.bund.de">
+	<!-- Federal Institute for Geosciences and Natural Resources -->
+
+	<target host="www.bgr.bund.de" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BGR.com.xml b/src/chrome/content/rules/BGR.com.xml
new file mode 100644
index 000000000000..8f18b235d500
--- /dev/null
+++ b/src/chrome/content/rules/BGR.com.xml
@@ -0,0 +1,56 @@
+<!--
+	Connection closed:
+		- mail.bgr.com
+
+	Invalid certificate:
+		- cdn.bgr.com, equivalent to boygeniusreport.files.wordpress.com
+		- c2.bgr.com, equivalent to boygeniusreport.files.wordpress.com
+		- de.bgr.com, equivalent to bgr.com
+		- www.de.bgr.com, equivalent to bgr.com
+		- m.de.bgr.com, equivalent to bgr.com
+		- image.email.bgr.com
+		- horizon.bgr.com
+		- link.bgr.com
+		- m.bgr.com, equivalent to bgr.com
+		- www.m.bgr.com, equivalent to bgr.com
+		- qa.bgr.com
+		- *.qa.bgr.com
+		- static.bgr.com
+		- store.bgr.com
+		- video-cdn.bgr.com, equivalent to content.jwplatform.com
+-->
+
+<ruleset name="BGR.com">
+	<target host="bgr.com" />
+	<target host="www.bgr.com" />
+	<target host="academy.bgr.com" />
+	<target host="c2.bgr.com" />
+	<target host="cdn.bgr.com" />
+	<target host="de.bgr.com" />
+	<target host="www.de.bgr.com" />
+	<target host="m.de.bgr.com" />
+	<target host="click.email.bgr.com" />
+	<target host="pages.email.bgr.com" />
+	<target host="view.email.bgr.com" />
+	<target host="m.bgr.com" />
+	<target host="www.m.bgr.com" />
+	<target host="mail.bgr.com" />
+	<target host="video-cdn.bgr.com" />
+
+	<rule from="^http://(c2|cdn)\.bgr\.com/"
+		to="https://boygeniusreport.files.wordpress.com/" />
+		<test url="http://c2.bgr.com/2012/08/samsung-internal-memo-jkshin.pdf" />
+		<test url="http://cdn.bgr.com/2012/08/samsung-internal-memo-jkshin.pdf" />
+
+	<rule from="^http://(de|www\.de|m\.de|m|www\.m)\.bgr\.com/"
+		to="https://bgr.com/" />
+
+	<rule from="^http://mail\.bgr\.com/$"
+		to="https://mail.google.com/a/bgr.com" />
+
+	<rule from="^http://video-cdn\.bgr\.com/"
+		to="https://content.jwplatform.com/" />
+		<test url="http://video-cdn.bgr.com/libraries/1fryQI3F.js" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/BGR.de.xml b/src/chrome/content/rules/BGR.de.xml
new file mode 100644
index 000000000000..3e6d8c43cb9f
--- /dev/null
+++ b/src/chrome/content/rules/BGR.de.xml
@@ -0,0 +1,49 @@
+<!--
+	Invalid certificate:
+		rdg.bgr.de
+		eida.szgrf.bgr.de
+
+	Refused:
+		bzax04.bgr.de
+		crl.bgr.de
+		mdm04.bgr.de
+		opac.bgr.de
+		uranus.bgr.de
+
+	Timeout:
+		ftp.hannover.bgr.de
+		mail.hannover.bgr.de
+		sdac.bgr.de
+		www.seisonline.bgr.de
+		mags.szgrf.bgr.de
+-->
+<ruleset name="BGR.de">
+
+	<target host="www.bgr.de" />
+	<target host="ausschreibungen.bgr.de" />
+	<target host="boreholemap.bgr.de" />
+	<target host="rosys.dera.bgr.de" />
+	<target host="download.bgr.de" />
+	<target host="eida.bgr.de" />
+	<target host="fisbo.bgr.de" />
+	<target host="fisbopw.bgr.de" />
+	<target host="fishy.bgr.de" />
+	<target host="geoviewer.bgr.de" />
+	<target host="gzhgw.bgr.de" />
+	<target host="hydroscripts.bgr.de" />
+	<target host="www.kernwaffenteststopp.bgr.de" />
+	<target host="litholex.bgr.de" />
+	<target host="mdm.bgr.de" />
+	<target host="mdm01.bgr.de" />
+	<target host="produktcenter.bgr.de" />
+	<target host="rohstoffportal-sgd.bgr.de" />
+	<target host="www.seismologie.bgr.de" />
+	<target host="services.bgr.de" />
+	<target host="servicestest.bgr.de" />
+	<target host="www.szgrf.bgr.de" />
+	<target host="teambeam.bgr.de" />
+	<target host="zsn.bgr.de" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BGamed.de.xml b/src/chrome/content/rules/BGamed.de.xml
index 7a12701c2f17..757afc378e07 100644
--- a/src/chrome/content/rules/BGamed.de.xml
+++ b/src/chrome/content/rules/BGamed.de.xml
@@ -29,7 +29,6 @@
 	<securecookie host="^bgamed\.de$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?bgamed\.de/"
-		to="https://bgamed.de/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/BHW.de.xml b/src/chrome/content/rules/BHW.de.xml
index 76bd4d7896e6..acbb2c81a464 100644
--- a/src/chrome/content/rules/BHW.de.xml
+++ b/src/chrome/content/rules/BHW.de.xml
@@ -5,13 +5,14 @@
 <ruleset name="BHW.de">
 
 	<target host="bhw.de" />
-	<target host="*.bhw.de" />
+	<target host="apps.bhw.de" />
+	<target host="www.bhw.de" />
 
 
 	<securecookie host="^apps\.bhw\.de$" name=".+" />
 
 
-	<rule from="^http://(apps\.|www\.)?bhw\.de/"
-		to="https://$1bhw.de/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/BHosted.nl.xml b/src/chrome/content/rules/BHosted.nl.xml
deleted file mode 100644
index e8873a7b5084..000000000000
--- a/src/chrome/content/rules/BHosted.nl.xml
+++ /dev/null
@@ -1,39 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- status	(refused)
-
-
-	Problematic subdomains:
-
-		- ^	(shows klant)
-
-
-	Partially covered subdomains:
-
-		- (www.)	(some pages redirect to http)
-
-
-	Fully covered subdomains:
-
-		- admin
-		- klant
-		- webmail
-
--->
-<ruleset name="bHosted.nl (partial)">
-
-	<target host="bhosted.nl" />
-	<target host="*.bhosted.nl" />
-
-
-	<securecookie host="^webmail\.bhosted\.nl$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?bhosted\.nl/(css/|favicon\.ico|images/|js/|webmail(?:$|\?|/))"
-		to="https://www.bhosted.nl/$1" />
-
-	<rule from="^http://(admin|klant|webmail)\.bhosted\.nl/"
-		to="https://$1.bhosted.nl/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/BHosting.ru.xml b/src/chrome/content/rules/BHosting.ru.xml
index adce66231989..bd89e807a2f0 100644
--- a/src/chrome/content/rules/BHosting.ru.xml
+++ b/src/chrome/content/rules/BHosting.ru.xml
@@ -14,4 +14,4 @@
 	<rule from="^http://(?:www\.)?bhosting\.ru/"
 		to="https://www.bhosting.ru/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/BIBB.de.xml b/src/chrome/content/rules/BIBB.de.xml
new file mode 100644
index 000000000000..610f3fe84a6a
--- /dev/null
+++ b/src/chrome/content/rules/BIBB.de.xml
@@ -0,0 +1,47 @@
+<!--
+	Federal Institute for Vocational Education and Training
+
+	Invalid certificate:
+		europass.bibb.de (common name: Let's Encrypt Authority X3)
+		exanda.bibb.de (common name: GeoTrust SSL CA - G3)
+		good-practice.bibb.de (common name: GeoTrust SSL CA - G3)
+		ldbb.bibb.de (common name: GeoTrust SSL CA - G3)
+		www.ldbb.bibb.de (common name: GeoTrust SSL CA - G3)
+		na.bibb.de (common name: GeoTrust SHA256 SSL CA)
+		www.na.bibb.de (common name: GeoTrust SHA256 SSL CA)
+
+	Non-2xx HTTP code:
+		bbne.bibb.de
+		eldoc.bibb.de
+		fdz.bibb.de
+		indikatorik.bibb.de
+-->
+<ruleset name="BIBB.de">
+
+	<target host="bibb.de" />
+	<target host="www.bibb.de" />
+	<target host="anerkennungsbefragung.bibb.de" />
+	<target host="ausbildungplus.bibb.de" />
+	<target host="aweb-intern.bibb.de" />
+	<target host="cloud.bibb.de" />
+	<target host="datenreport.bibb.de" />
+	<target host="expertenmonitor.bibb.de" />
+	<target host="foraus.bibb.de" />
+	<target host="kongress2018.bibb.de" />
+	<target host="login.bibb.de" />
+	<target host="metadaten.bibb.de" />
+	<target host="naa309.bibb.de" />
+	<target host="preview.nl.bibb.de" />
+	<target host="opac.bibb.de" />
+	<target host="prueferportal.bibb.de" />
+	<target host="stats.bibb.de" />
+	<target host="umfrage.bibb.de" />
+	<target host="wbmonitor.bibb.de" />
+	<target host="workspace.bibb.de" />
+	<target host="www2.bibb.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BIGO.xml b/src/chrome/content/rules/BIGO.xml
new file mode 100644
index 000000000000..131d44ae7772
--- /dev/null
+++ b/src/chrome/content/rules/BIGO.xml
@@ -0,0 +1,7 @@
+<ruleset name="Breitbandinfrastrukturgesellschaft Oberhessen">
+<target host="www.bigo.net" />
+
+<rule from="^http:" to="https:" />
+
+
+</ruleset>
diff --git a/src/chrome/content/rules/BIKT.xml b/src/chrome/content/rules/BIKT.xml
index 767e2af346df..d2b012d72c80 100644
--- a/src/chrome/content/rules/BIKT.xml
+++ b/src/chrome/content/rules/BIKT.xml
@@ -14,4 +14,4 @@
 	<rule from="^http://(?:www\.)?bikt\.de/"
 		to="https://bikt.de/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/BIO-International-Convention.xml b/src/chrome/content/rules/BIO-International-Convention.xml
index 12eb37004200..c9161b68a769 100644
--- a/src/chrome/content/rules/BIO-International-Convention.xml
+++ b/src/chrome/content/rules/BIO-International-Convention.xml
@@ -1,22 +1,63 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://bio.org/ => https://bio.org/: (51, "SSL: no alternative certificate subject name matches target host name 'bio.org'")
+
+	BIO International Convention
+
+
 	mybio.zerista.com
 
 
 	Nonfunctional subdomains:
 
-		- (www.)		(reset)
+		- bbs ¹
+		- members *
 		- oneononepartnering	(reset)
 
+	¹ Redirects to www.bio.org
+	* Handshake fails
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .bio.org
+		- convention.bio.org
+		- jobs.bio.org
+
+
+	Mixed content:
+
+		- Ads, on:
+
+			- convention from www.googleadservices.com *
+			- jobs from adserver.adtechus.com
+			- jobs from pixel.quantserve.com *
+
+	* Secured by us
+
 -->
-<ruleset name="BIO International Convention" default_off="expired">
+<ruleset name="BIO.org (partial)" default_off="failed ruleset test">
 
+	<!--	Direct rewrites:
+				-->
+	<target host="bio.org" />
 	<target host="convention.bio.org" />
+	<!--target host="jobs.bio.org" /-->
+	<target host="www.bio.org" />
+	<target host="www3.bio.org" />
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.bio\.org$" name="^SESS[\da-f]{32}$" /-->
+	<!--securecookie host="^convention\.bio\.org$" name="^(?:ASP\.NET_SessionId|EkAnalytics|EktGUID|ecm)$" /-->
+	<!--securecookie host="^jobs\.bio\.org$" name="BIGipServer\w+$" /-->
 
-	<securecookie host="^convention\.bio\.org$" name=".*" />
+	<securecookie host="^convention\.bio\.org$" name=".+" />
 
 
-	<rule from="^http://convention\.bio\.org/"
-		to="https://convention.bio.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/BIT.nl.xml b/src/chrome/content/rules/BIT.nl.xml
new file mode 100644
index 000000000000..91fc6391dccd
--- /dev/null
+++ b/src/chrome/content/rules/BIT.nl.xml
@@ -0,0 +1,36 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- bit.nl
+		- wipik.bit.nl
+		- www.bit.nl
+
+
+	Mixed content:
+
+		- Bug on www from wipik.bit.nl *
+
+	* Secured by us
+
+-->
+<ruleset name="BIT.nl">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="bit.nl" />
+	<target host="wipik.bit.nl" />
+	<target host="www.bit.nl" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:wipik\.|www\.)?bit\.nl$" name="^BIGipServer.*" /-->
+	<!--securecookie host="^www\.bit\.nl$" name="^(?:CMSSESSID[\da-f]+|mobile|language)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BKA.de.xml b/src/chrome/content/rules/BKA.de.xml
new file mode 100644
index 000000000000..b4756a5adbee
--- /dev/null
+++ b/src/chrome/content/rules/BKA.de.xml
@@ -0,0 +1,18 @@
+<!--
+	Timeout:
+		- iuk.bka.de
+		- tesit.bka.de
+-->
+<ruleset name="BKA.de">
+
+	<target host="bka.de" />
+	<target host="www.bka.de" />
+	<target host="bewerberportal.bka.de" />
+	<target host="bewerbung.bka.de" />
+	<target host="bewerbung-prep.bka.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BKGE.de.xml b/src/chrome/content/rules/BKGE.de.xml
new file mode 100644
index 000000000000..45f43dec68a6
--- /dev/null
+++ b/src/chrome/content/rules/BKGE.de.xml
@@ -0,0 +1,14 @@
+<!--
+	This domain contains a wildcard DNS record.
+-->
+<ruleset name="BKGE.de">
+	<!-- Federal Institute for Culture and History of the Germans in Eastern Europe -->
+
+	<target host="bkge.de" />
+	<target host="www.bkge.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BKK-Advita.xml b/src/chrome/content/rules/BKK-Advita.xml
index 3bf2ae445b04..62bcda702a6b 100644
--- a/src/chrome/content/rules/BKK-Advita.xml
+++ b/src/chrome/content/rules/BKK-Advita.xml
@@ -1,5 +1,5 @@
 <ruleset name="BKK-Advita" platform="mixedcontent">
 <target host="www.bkk-advita.de" />
 <target host="bkk-advita.de" />
-<rule from="^http://(?:www\.)?bkk-advita\.de/" to="https://www.bkk-advita.de/"/>
+<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/BKW-FMB.ch.xml b/src/chrome/content/rules/BKW-FMB.ch.xml
deleted file mode 100644
index 7729492ae553..000000000000
--- a/src/chrome/content/rules/BKW-FMB.ch.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="BKW-FMB.ch">
-        <target host="bkw-fmb.ch" />
-        <target host="www.bkw-fmb.ch" />
-
-        <rule from="^http://(?:www\.)?bkw-fmb\.ch/" to="https://www.bkw-fmb.ch/"/>
-        <securecookie host="^(.*\.)?bkw-fmb\.ch$" name=".*" />
-</ruleset>
diff --git a/src/chrome/content/rules/BLOX.xml b/src/chrome/content/rules/BLOX.xml
index d72aeaa4426b..5d9c40708aca 100644
--- a/src/chrome/content/rules/BLOX.xml
+++ b/src/chrome/content/rules/BLOX.xml
@@ -6,4 +6,4 @@
 	<rule from="^http://([\w\-]+)\.bloxcms\.com/"
 		to="https://$1.bloxcms.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/BLS.xml b/src/chrome/content/rules/BLS.xml
new file mode 100644
index 000000000000..7692b1303e19
--- /dev/null
+++ b/src/chrome/content/rules/BLS.xml
@@ -0,0 +1,22 @@
+<!--
+	Mismatch:
+		- zweiklicks
+
+	Refused:
+		- (www.)blscargo.ch
+-->
+<ruleset name="bls.ch">
+	<target host="bls.ch"/>
+	<target host="www.bls.ch"/>
+	<target host="etutor.bls.ch"/>
+	<target host="evsweb.bls.ch"/>
+	<target host="extranet.bls.ch"/>
+	<target host="fisz.bls.ch"/>
+	<target host="jira.bls.ch"/>
+	<target host="topdesk.bls.ch"/>
+
+	<rule from="^http://bls\.ch/"
+		to="https://www.bls.ch/"/>
+	<rule from="^http:"
+		to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/BMAS.de.xml b/src/chrome/content/rules/BMAS.de.xml
new file mode 100644
index 000000000000..7eba2e0490d2
--- /dev/null
+++ b/src/chrome/content/rules/BMAS.de.xml
@@ -0,0 +1,35 @@
+<!--
+	Invalid certificate:
+		- www.ausstellung.bmas.de
+		- budget.bmas.de
+		- m.budget.bmas.de
+		- mobil.budget.bmas.de
+		- csr-konferenz.bmas.de
+		- www.csr-konferenz.bmas.de
+		- gesetze.bmas.de
+
+	Refused:
+		- adressen.bmas.de
+		- www.adressen.bmas.de
+		- bildungspaket.bmas.de
+		- www.bildungspaket.bmas.de
+
+	Timeout:
+		- anmeldung.bmas.de
+		- www.anmeldung.bmas.de
+-->
+<ruleset name="BMAS.de">
+	<!-- Federal Ministry of Labour and Social Affairs -->
+
+	<target host="bmas.de" />
+	<target host="www.bmas.de" />
+	<target host="www.budget.bmas.de" />
+	<target host="doku.bmas.de" />
+	<target host="reg.bmas.de" />
+	<target host="streaming.bmas.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BMC.com.xml b/src/chrome/content/rules/BMC.com.xml
new file mode 100644
index 000000000000..5e4e952716c4
--- /dev/null
+++ b/src/chrome/content/rules/BMC.com.xml
@@ -0,0 +1,56 @@
+<!--
+	Other BMC Software rulesets:
+
+		- BMC_Logo_Store.com.xml
+
+
+	Problematic subdomains:
+
+		- ^ ¹
+		- go ²
+
+	¹ Refused
+	² Works; mismatched, CN: secure.eloqua.com
+
+
+	Fully covered subdomains:
+
+		- media.cms
+		- communities
+		- docs
+		- webapps
+
+-->
+<ruleset name="BMC.com (partial)">
+
+	<target host="bmc.com" />
+	<target host="www.bmc.com" />
+	<target host="media.cms.bmc.com" />
+	<target host="communities.bmc.com" />
+	<target host="docs.bmc.com" />
+	<target host="webapps.bmc.com" />
+		<!--exclusion pattern="^http://go\.bmc\.com/" /-->
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="^http://www\.bmc\.com/+($|\?)" /-->
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="^http://www\.bmc\.com/+(?!include/|s\?action=doLogin)" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^communities\.bmc\.com$" name="^(BIGipServerm\w{5}-\d-pool|JSESSIONID|jive\.security\.context)$" /-->
+
+	<securecookie host="^communities\.bmc\.com$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?bmc\.com/(?=includes/|s\?action=doLogin)"
+		to="https://www.bmc.com/" />
+
+	<rule from="^http://(media\.cms|communities|docs|webapps)\.bmc\.com/"
+		to="https://$1.bmc.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BMC_Logo_Store.com.xml b/src/chrome/content/rules/BMC_Logo_Store.com.xml
new file mode 100644
index 000000000000..11e7791cb7a1
--- /dev/null
+++ b/src/chrome/content/rules/BMC_Logo_Store.com.xml
@@ -0,0 +1,20 @@
+<!--
+	For other BMC Software coverage, see BMC.com.xml.
+
+-->
+<ruleset name="BMC Logo Store.com">
+
+	<target host="bmclogostore.com" />
+	<target host="www.bmclogostore.com" />
+
+
+	<!--	Not secured by  server:
+					-->
+	<!--securecookie host="^www\.bmclogostore\.com$" name="^symfony$" /-->
+
+	<securecookie host="^www\.bmclogostore\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BMF-Steuerrechner.de.xml b/src/chrome/content/rules/BMF-Steuerrechner.de.xml
new file mode 100644
index 000000000000..ab9812537b4a
--- /dev/null
+++ b/src/chrome/content/rules/BMF-Steuerrechner.de.xml
@@ -0,0 +1,12 @@
+<ruleset name="BMF-Steuerrechner.de">
+  <target host="bmf-steuerrechner.de" />
+  <target host="www.bmf-steuerrechner.de" />
+
+  <securecookie host=".+" name=".+" />
+
+  <rule from="^http://bmf-steuerrechner\.de/"
+	  to="https://www.bmf-steuerrechner.de/" />
+
+  <rule from="^http:"
+          to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/BMFSFJ.de.xml b/src/chrome/content/rules/BMFSFJ.de.xml
new file mode 100644
index 000000000000..7b6821af518b
--- /dev/null
+++ b/src/chrome/content/rules/BMFSFJ.de.xml
@@ -0,0 +1,23 @@
+<!--
+	Invalid certificate:
+		- daten.bmfsfj.de
+		- www.daten.bmfsfj.de
+-->
+<ruleset name="BMFSFJ.de">
+	<!-- Federal Ministry for Family Affairs, Senior Citizens, Women and Youth -->
+
+	<target host="bmfsfj.de" />
+	<target host="www.bmfsfj.de" />
+	<target host="studio-stage.bmfsfj.de" />
+	<target host="preview.studio-stage.bmfsfj.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<!-- Invalid certificate on https://bmfsfj.de/,
+	http://bmfsfj.de/ redirects to https://www.bmfsfj.de/ -->
+	<rule from="^http://bmfsfj\.de/"
+		to="https://www.bmfsfj.de/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BMU.de.xml b/src/chrome/content/rules/BMU.de.xml
new file mode 100644
index 000000000000..b963dfe41770
--- /dev/null
+++ b/src/chrome/content/rules/BMU.de.xml
@@ -0,0 +1,25 @@
+<!--
+	Invalid certificate:
+		- mobil.bmu.de
+		- secure.mobil.bmu.de
+
+	Timeout:
+		- kronos.bmu.de
+-->
+<ruleset name="BMU.de">
+	<!-- Federal Ministry for the Environment, Nature Conservation and Nuclear Safety -->
+
+	<target host="bmu.de" />
+	<target host="www.bmu.de" />
+	<target host="m.bmu.de" />
+	<target host="secure.m.bmu.de" />
+	<target host="nl.bmu.de" />
+	<target host="owa.bmu.de" />
+	<target host="secure.bmu.de" />
+	<target host="vpc.bmu.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BMVg.de.xml b/src/chrome/content/rules/BMVg.de.xml
new file mode 100644
index 000000000000..c47836be48cd
--- /dev/null
+++ b/src/chrome/content/rules/BMVg.de.xml
@@ -0,0 +1,20 @@
+<!--
+	For other bund.de coverages, see Verwaltung_Online.xml.
+
+	Rejected:
+		eng.bmvg.de
+		www.eng.bmvg.de
+		seminare.bmvg.de
+		www.seminare.bmvg.de
+-->
+<ruleset name="BMVg.de">
+	<!-- Federal Ministry of Defense. -->
+
+	<target host="bmvg.de" />
+	<target host="www.bmvg.de" />
+	<target host="afrika.bmvg.de" />
+	<target host="piwik.bmvg.de" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BMW-China-Custom-Login.xml b/src/chrome/content/rules/BMW-China-Custom-Login.xml
deleted file mode 100644
index bbbedd59bb6a..000000000000
--- a/src/chrome/content/rules/BMW-China-Custom-Login.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	For other Kanvar coverage, see TNS-Global.xml.
-
--->
-<ruleset name="BMW China Custom Login" platform="mixedcontent">
-
-	<target host="cardealerstudy.com" />
-	<target host="*.cardealerstudy.com" />
-
-
-	<securecookie host="^.*\.cardealerstudy\.com$" name=".*" />
-
-
-	<!--	!www doesn't work over https,
-		redirects to www over http.	-->
-	<rule from="^http://(?:www\.)?cardealerstudy\.com/"
-		to="https://www.cardealerstudy.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/BMWi.de.xml b/src/chrome/content/rules/BMWi.de.xml
new file mode 100644
index 000000000000..077ba79fef27
--- /dev/null
+++ b/src/chrome/content/rules/BMWi.de.xml
@@ -0,0 +1,40 @@
+<!--
+	Invalid certificate:
+		- exportinitiative.bmwi.de
+		- lexikon.bmwi.de
+
+	Refused:
+		- preview6gsb.bmwi.de
+
+	Timeout:
+		- db.bmwi.de
+		- www.exportinitiative.bmwi.de
+		- forum.bmwi.de
+		- m.bmwi.de
+		- preview6-digital.bmwi.de
+		- redaktion.bmwi.de
+
+	Unable to get local issuer certificate:
+		- adfs.exportinitiative.bmwi.de
+		- db-energie.exportinitiative.bmwi.de
+		- energie.exportinitiative.bmwi.de
+-->
+<ruleset name="BMWi.de">
+	<!-- Federal Ministry for Economic Affairs and Energy -->
+
+	<target host="bmwi.de" />
+	<target host="www.bmwi.de" />
+	<target host="info.bmwi.de" />
+	<target host="karten.bmwi.de" />
+	<target host="www.karten.bmwi.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<!-- Invalid certificate on https://bmwi.de/,
+	http://bmwi.de/ redirects to https://www.bmwi.de/ -->
+	<rule from="^http://bmwi\.de/"
+		to="https://www.bmwi.de/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BMZ.de.xml b/src/chrome/content/rules/BMZ.de.xml
new file mode 100644
index 000000000000..286da2935230
--- /dev/null
+++ b/src/chrome/content/rules/BMZ.de.xml
@@ -0,0 +1,29 @@
+<!--
+	Invalid certificate:
+		- www.health.bmz.de
+
+	Non-2xx HTTP code:
+		- stream.bmz.de
+-->
+<ruleset name="BMZ.de">
+	<!-- Federal Ministry for Economic Cooperation and Development -->
+
+	<target host="bmz.de" />
+	<target host="www.bmz.de" />
+	<target host="cms.bmz.de" />
+	<target host="facebook.bmz.de" />
+	<target host="googleplus.bmz.de" />
+	<target host="grde.bmz.de" />
+	<target host="health.bmz.de" />
+	<target host="piwik.bmz.de" />
+	<target host="stage.bmz.de" />
+	<target host="statistik.bmz.de" />
+	<target host="teamwork.bmz.de" />
+	<target host="twitter.bmz.de" />
+	<target host="youtube.bmz.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BM_Pharmacy.xml b/src/chrome/content/rules/BM_Pharmacy.xml
deleted file mode 100644
index 995f8b765126..000000000000
--- a/src/chrome/content/rules/BM_Pharmacy.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="BM Pharmacy">
-
-	<target host="bmpharmacy.com" />
-	<target host="*.bmpharmacy.com" />
-
-
-	<securecookie host="^\.bmpharmacy\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?bmpharmacy\.com/"
-		to="https://$1bmpharmacy.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/BN-static.com.xml b/src/chrome/content/rules/BN-static.com.xml
new file mode 100644
index 000000000000..73bb572c787f
--- /dev/null
+++ b/src/chrome/content/rules/BN-static.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="BN-static.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="static.bn-static.com" />
+
+		<test url="http://static.bn-static.com/img-38559/desktop/transparent.png" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BNN.de.xml b/src/chrome/content/rules/BNN.de.xml
new file mode 100644
index 000000000000..a8bd9f58a263
--- /dev/null
+++ b/src/chrome/content/rules/BNN.de.xml
@@ -0,0 +1,54 @@
+<!--
+	Invalid certificate:
+		test.dev.bnn.de
+		www.test.dev.bnn.de
+		tracker.dev.bnn.de
+		www.tracker.dev.bnn.de
+		iapp.bnn.de
+		upload.bnn.de
+
+	Timeout:
+		eigentuemertelefon.bnn.de
+		www.eigentuemertelefon.bnn.de
+		iapp-sso.bnn.de
+		immo.bnn.de
+		www.immo.bnn.de
+		kleinanzeigen.bnn.de
+		mail01.bnn.de
+		mail02.bnn.de
+
+	Unable to get local issuer certificate:
+		dev.bnn.de
+-->
+<ruleset name="BNN.de">
+
+	<target host="bnn.de" />
+	<target host="www.bnn.de" />
+	<target host="appapi.bnn.de" />
+	<target host="appapi-elb.bnn.de" />
+	<target host="appapi-qa.bnn.de" />
+	<target host="appapi-qa-elb.bnn.de" />
+	<target host="ebook.bnn.de" />
+	<target host="fahrradtouren.bnn.de" />
+	<target host="jobs.bnn.de" />
+	<target host="selbsteingabe.jobs.bnn.de" />
+	<target host="kino.bnn.de" />
+	<target host="leserreisen.bnn.de" />
+	<target host="magazine.bnn.de" />
+	<target host="pageflow.bnn.de" />
+	<target host="printportal.bnn.de" />
+	<target host="qa.bnn.de" />
+	<target host="service.bnn.de" />
+	<target host="stage.service.bnn.de" />
+	<target host="sandbox.service.bnn.de" />
+	<target host="tickets.bnn.de" />
+	<target host="trauer.bnn.de" />
+	<target host="veranstaltungen.bnn.de" />
+	<target host="web.bnn.de" />
+	<target host="zurueckgespult.bnn.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BNZ.xml b/src/chrome/content/rules/BNZ.xml
index 11f969fffa7d..ccbce5026dcc 100644
--- a/src/chrome/content/rules/BNZ.xml
+++ b/src/chrome/content/rules/BNZ.xml
@@ -1,8 +1,21 @@
-<ruleset name="BankOfNewZeland">
-  <target host="bnz.co.nz" />
-  <target host="www.bnz.co.nz" />
+<!--
+	Bank of New Zeland
 
-  <securecookie host="^(.+\.)?bnz\.co\.nz$" name=".*"/>
+-->
+<ruleset name="BNZ.co.nz">
+
+	<target host="bnz.co.nz" />
+	<target host="collection.bnz.co.nz" />
+	<target host="internetbanking.bnz.co.nz" />
+	<target host="m.bnz.co.nz" />
+	<target host="www.bnz.co.nz" />
+
+
+	<securecookie host="^\." name="^(?:_gat?|incap_ses_\d+_\d+|visid_incap_\d+)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
-  <rule from="^http://(?:www\.)?bnz\.co\.nz/" to="https://www.bnz.co.nz/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/BOALT.xml b/src/chrome/content/rules/BOALT.xml
index 162f575f12ec..405104a67010 100644
--- a/src/chrome/content/rules/BOALT.xml
+++ b/src/chrome/content/rules/BOALT.xml
@@ -7,17 +7,16 @@
 <ruleset name="BOALT">
 
 	<target host="boalt.com" />
-	<target host="*.boalt.com" />
+	<target host="www.boalt.com" />
 	<target host="adamboalt.wpengine.netdna-cdn.com" />
 
 
 	<securecookie host="^\.boalt\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?boalt\.com/"
-		to="https://$1boalt.com/" />
 
-	<rule from="^https?://adamboalt\.wpengine\.netdna-cdn\.com/"
+	<rule from="^http://adamboalt\.wpengine\.netdna-cdn\.com/"
 		to="https://boalt.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/BOE.es.xml b/src/chrome/content/rules/BOE.es.xml
new file mode 100644
index 000000000000..14d989b69c7c
--- /dev/null
+++ b/src/chrome/content/rules/BOE.es.xml
@@ -0,0 +1,22 @@
+<!--
+	Login required:
+		extrademo.boe.es
+		extranet.boe.es
+		idp.boe.es
+		pim.boe.es
+
+	Invalid certificate:
+		webmail.boe.es
+
+-->
+<ruleset name="Boe.es">
+
+	<target host="boe.es" />
+	<target host="www.boe.es" />
+	<target host="publicacionesoficiales.boe.es" />
+	<target host="subastas.boe.es" />
+	<target host="tienda.boe.es" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BOE.xml b/src/chrome/content/rules/BOE.xml
deleted file mode 100644
index c305a6b1f698..000000000000
--- a/src/chrome/content/rules/BOE.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="Boe.es">
-  <target host="boe.es" />
-  <target host="*.boe.es" />
-
-  <rule from="^http://boe\.es/" to="https://www.boe.es/"/>
-  <rule from="^http://([^/:@\.]+)\.boe\.es/" to="https://$1.boe.es/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/BOF.nl.xml b/src/chrome/content/rules/BOF.nl.xml
index 0d18302e6d77..dd4d27089d18 100644
--- a/src/chrome/content/rules/BOF.nl.xml
+++ b/src/chrome/content/rules/BOF.nl.xml
@@ -1,6 +1,23 @@
-<ruleset name="Bits of Freedom">
-  <target host="bof.nl" />
-  <target host="www.bof.nl" />
+<!--
+	Bits of Freedom
+
+
+	Fully covered hosts in *bof.nl:
+
+		- (www.)?
+		- pim
+
+-->
+<ruleset name="BoF.nl">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="bof.nl" />
+	<target host="pim.bof.nl" />
+	<target host="www.bof.nl" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
-  <rule from="^http://(www\.)?bof\.nl/" to="https://$1bof.nl/" />
 </ruleset>
diff --git a/src/chrome/content/rules/BPS.xml b/src/chrome/content/rules/BPS.xml
index 731abc22f4fa..3f64e9b56ee6 100644
--- a/src/chrome/content/rules/BPS.xml
+++ b/src/chrome/content/rules/BPS.xml
@@ -1,17 +1,49 @@
-<ruleset name="BPS (partial)">
+<!--
+	Other BPS rulesets:
 
-	<target host="bps.org.uk"/>
-	<target host="*.bps.org.uk"/>
-	<target host="bpsshop.org.uk"/>
-	<target host="www.bpsshop.org.uk"/>
+		- bpsshop.org.uk.xml
 
-	<rule from="^http://(?:www\.)?bps\.org\.uk/sites/default/(files/cs|theme)s/"
-		to="https://www.bps.org.uk/sites/default/$1s/"/>
 
-	<rule from="^http://login\.bps\.org\.uk/"
-		to="https://login.bps.org.uk/"/>
+	Nonfunctional hosts in *bps.org.uk:
 
-	<rule from="^http://(?:www\.)?bpsshop\.org\.uk/((?:App_Theme|Asset|image)s/|login\.aspx)"
-		to="https://www.bpsshop.org.uk/$1"/>
+		- cpd ⁴
+		- psychsource ʳ
+		- www ʰ
+		- www1 ᵃ
+
+	⁴ 404
+	ᵃ Shows another domain
+	ʰ Redirects to http
+	ʳ Refused
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- .bps.org.uk
+		- login2.bps.org.uk
+		- .shop.bps.org.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="BPS.org.uk (partial)">
+
+	<target host="beta.bps.org.uk"/>
+	<target host="digest.bps.org.uk"/>
+	<target host="login2.bps.org.uk"/>
+	<target host="shop.bps.org.uk"/>
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.bps\.org\.uk$" name="^EU_COMPLIANCE_NOTICE_GIVEN$" /-->
+	<!--securecookie host="^login2\.bps\.org\.uk$" name="^(?:CFID|CFTOKEN|TESTBPSLOGIN)$" /-->
+	<!--securecookie host="^\.shop\.bps\.org\.uk$" name="^frontend$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/BR.xml b/src/chrome/content/rules/BR.xml
new file mode 100644
index 000000000000..55250ca304ad
--- /dev/null
+++ b/src/chrome/content/rules/BR.xml
@@ -0,0 +1,40 @@
+<!--
+	No valid Cert for:
+	bayern3-liveblog.br.de
+	liveblog.br.de
+-->
+
+<ruleset name="Bayrischer Rundfunk">
+
+	<target host="br.de"/>
+	<target host="www.br.de"/>
+	<target host="blog.br.de"/>
+	<target host="cdn-storage.br.de" />
+	<target host="franken-tatort.br.de"/>
+	<target host="frequenzsuche.br.de"/>
+	<target host="jazzwoche-burghausen.br.de"/>
+	<target host="jobs.br.de"/>
+	<target host="mannfrau.br.de"/>
+	<target host="medienundschule.br.de"/>
+	<target host="schnee-von-morgen.br.de"/>
+	<target host="schulkonzert.br.de"/>
+	<target host="story.br.de"/>
+	<target host="tippspiel.br.de"/>
+	<target host="web.br.de"/>
+	<target host="wettermelder.br.de"/>
+	<target host="zuendfunk-netzteil.br.de"/>
+
+	<target host="brreisen.de"/>
+	<target host="www.brreisen.de"/>
+	<target host="br-ticket.de" />
+	<target host="www.br-ticket.de" />
+	<target host="shop.br-ticket.de" />
+	<target host="www.shop.br-ticket.de" />
+
+	<rule from="^http://(www\.)?shop\.br-ticket\.de/"
+		to="https://br-ticket.muenchenticket.net/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BRChan.xml b/src/chrome/content/rules/BRChan.xml
new file mode 100644
index 000000000000..f11a7a49580e
--- /dev/null
+++ b/src/chrome/content/rules/BRChan.xml
@@ -0,0 +1,7 @@
+<ruleset name="BRChan">
+	<target host="brchan.org" />
+	<target host="www.brchan.org" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/BRSM.xml b/src/chrome/content/rules/BRSM.xml
index cdae21be3d2b..323f5a9e690b 100644
--- a/src/chrome/content/rules/BRSM.xml
+++ b/src/chrome/content/rules/BRSM.xml
@@ -1,11 +1,11 @@
-<ruleset name="B.R.S.M." default_off="mismatch">
+<ruleset name="B.R.S.M." default_off="mismatched">
 
 	<!--	Cert: *.loopiasecure.com	-->
 	<target host="brsmblog.com" />
 	<target host="www.brsmblog.com" />
 
 
-	<rule from="^https?://(?:www\.)?brsmblog\.com/"
+	<rule from="^http://(?:www\.)?brsmblog\.com/"
 		to="https://brsmblog.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/BSD.lv.xml b/src/chrome/content/rules/BSD.lv.xml
new file mode 100644
index 000000000000..92897f4c0dcf
--- /dev/null
+++ b/src/chrome/content/rules/BSD.lv.xml
@@ -0,0 +1,20 @@
+<!--
+	Mismatched:
+		- mail.mandoc.bsd.lv
+		- mail.mdocml.bsd.lv
+		- schwarze.bsd.lv
+-->
+<ruleset name="BSD.lv">
+	<target host="bsd.lv" />
+	<target host="www.bsd.lv" />
+	<target host="cvsweb.bsd.lv" />
+	<target host="kristaps.bsd.lv" />
+	<target host="man.bsd.lv" />
+	<target host="mandoc.bsd.lv" />
+	<target host="manpages.bsd.lv" />
+	<target host="mdocml.bsd.lv" />
+	<target host="multiplicity.bsd.lv" />
+	<target host="vmrc.bsd.lv" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/BSD.net.xml b/src/chrome/content/rules/BSD.net.xml
index 72b1eca2be6d..f368488cff75 100644
--- a/src/chrome/content/rules/BSD.net.xml
+++ b/src/chrome/content/rules/BSD.net.xml
@@ -4,10 +4,12 @@
 -->
 <ruleset name="BSD.net (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="s.bsd.net" />
 
 
-	<rule from="^http://s\.bsd\.net/"
-		to="https://s.bsd.net/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/BSDCan.org.xml b/src/chrome/content/rules/BSDCan.org.xml
new file mode 100644
index 000000000000..9ae0b5fe9641
--- /dev/null
+++ b/src/chrome/content/rules/BSDCan.org.xml
@@ -0,0 +1,18 @@
+<!--
+	Nonfunctional hosts in *bsdcan.org:
+
+		- lists *
+
+	* Plaintext reply
+
+-->
+<ruleset name="BSD Can.org (partial)">
+
+	<target host="bsdcan.org" />
+	<target host="www.bsdcan.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BSD_Consulting.co.jp.xml b/src/chrome/content/rules/BSD_Consulting.co.jp.xml
new file mode 100644
index 000000000000..dacfe2e9f0b1
--- /dev/null
+++ b/src/chrome/content/rules/BSD_Consulting.co.jp.xml
@@ -0,0 +1,16 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.bsdconsulting.co.jp/ => https://www.bsdconsulting.co.jp/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	^bsdconsulting.co.jp doesn't exist.
+
+-->
+<ruleset name="BSD Consulting.co.jp" default_off="failed ruleset test">
+
+	<target host="www.bsdconsulting.co.jp" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BSH.de.xml b/src/chrome/content/rules/BSH.de.xml
new file mode 100644
index 000000000000..efef9a2a61e6
--- /dev/null
+++ b/src/chrome/content/rules/BSH.de.xml
@@ -0,0 +1,24 @@
+<!--
+	For other bund.de coverages, see Verwaltung_Online.xml.
+
+	Unable to get local issuer certificate:
+		gdiwiki.bsh.de
+-->
+<ruleset name="Bundesamt für Seeschifffahrt und Hydrographie (Partial)">
+	<!-- Federal Maritime and Hydrographic Agency of Germany -->
+
+	<target host="www.bsh.de" />
+	<target host="anker.bsh.de" />
+	<target host="data.bsh.de" />
+	<target host="opendata.bsh.de" />
+	<target host="seadata.bsh.de" />
+	<target host="serviceportal.bsh.de" />
+	<target host="verzeichnis.bsh.de" />
+	<target host="vpn.bsh.de" />
+	<target host="www2.bsh.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+	
+</ruleset>
diff --git a/src/chrome/content/rules/BSidesLV.org.xml b/src/chrome/content/rules/BSidesLV.org.xml
new file mode 100644
index 000000000000..70b0400f7592
--- /dev/null
+++ b/src/chrome/content/rules/BSidesLV.org.xml
@@ -0,0 +1,34 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- bsideslv.org
+		- www.bsideslv.org
+
+
+	Mixed content:
+
+		- Images, from:
+
+			- bsideslv.com
+			- www.bsideslv.org
+
+-->
+<ruleset name="BSidesLV.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="bsideslv.org" />
+	<target host="www.bsideslv.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?bsideslv\.org$" name="^PHPSESSID$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BSidesSLC.org.xml b/src/chrome/content/rules/BSidesSLC.org.xml
new file mode 100644
index 000000000000..b04a8c899c4f
--- /dev/null
+++ b/src/chrome/content/rules/BSidesSLC.org.xml
@@ -0,0 +1,28 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://bsidesslc.org/ => https://bsidesslc.org/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.bsidesslc.org/ => https://www.bsidesslc.org/: (60, 'SSL certificate problem: certificate has expired')
+
+	Mixed content:
+
+		- css from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="BSidesSLC.org" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="bsidesslc.org" />
+	<target host="www.bsidesslc.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BT-Group.xml b/src/chrome/content/rules/BT-Group.xml
index b6f3a6e4e3ae..6d2e311c9cb0 100644
--- a/src/chrome/content/rules/BT-Group.xml
+++ b/src/chrome/content/rules/BT-Group.xml
@@ -1,38 +1,47 @@
 <!--
+	BT Group
+
 	Other BT Group rulesets:
 
 		- BT.xml
+		- BT.co.uk.xml
+		- btinstallershop.com.xml
 		- BT_Sport.xml
 		- BT_Sport_for_Business.xml
+		- BT_Wholesale.com.xml
 		- BT_Wi-fi.xml
 		- Dabs.xml
+		- Openreach.co.uk.xml
+		- redcare.com.xml
+		- Superfast-Openreach.co.uk.xml
+
+
+	Mixed content:
+
+		- Images, on:
 
+			- (www.)? from www.btplc.com ˢ
+			- (www.)? from ucmsv2.unitech.net
 
-	Fully covered domains:
+		- Bug on (www.)? from fls.doubleclick.net
 
-		- www.btplc.com
-		- www.openreach.co.uk
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="BT Group (partial)">
+<ruleset name="BT PLC.com">
 
+	<target host="btplc.com" />
 	<target host="www.btplc.com" />
-	<!--
-		* for cross-domain cookie.
-						-->
-	<target host="*.openreach.co.uk" />
 
+		<!--	Mixed content:
+					-->
+		<!--test url="http://www.btplc.com/mydonate/index.aspx" /-->
 
-	<securecookie host="^www\.btplc\.com$" name=".+" />
-	<securecookie host="^\.openreach\.co\.uk$" name=".+" />
 
+	<securecookie host="^\w" name=".+" />
 
-	<rule from="^http://www\.btplc\.com/"
-		to="https://www.btplc.com/" />
 
-	<!--	!www doesn't appear to exist.
-						-->
-	<rule from="^http://www\.openreach\.co\.uk/"
-		to="https://www.openreach.co.uk/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/BT.co.uk.xml b/src/chrome/content/rules/BT.co.uk.xml
new file mode 100644
index 000000000000..bb9386d2378e
--- /dev/null
+++ b/src/chrome/content/rules/BT.co.uk.xml
@@ -0,0 +1,31 @@
+<!--
+	For other BT Group coverage, see BT-Group.xml.
+
+
+	CDN buckets:
+
+		- btgroupvdo.vo.llnwd.net	← vid01
+
+
+	Problematic hosts in *bt.co.uk:
+
+		- vid01 ᵐ
+
+	ᵐ Mismatched
+
+-->
+<ruleset name="BT.co.uk (partial)">
+
+	<target host="img01.bt.co.uk" />
+	<target host="t2rknowledge.bt.co.uk" />
+
+		<test url="http://img01.bt.co.uk/s/assets/180315/images/uni-bg.png" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BT.xml b/src/chrome/content/rules/BT.xml
index 8ba9c45c3fb0..4221d0d43668 100644
--- a/src/chrome/content/rules/BT.xml
+++ b/src/chrome/content/rules/BT.xml
@@ -1,62 +1,175 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://btbsecure.business.bt.com/ (200) => https://btbsecure.business.bt.com/ (404)
+Fetch error: http://itservices.bt.com/ => https://itservices.bt.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.itservices.bt.com/ => https://www.itservices.bt.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.itservices.bt.com'")
+Fetch error: http://signin1.bt.com/ => https://signin1.bt.com/: (52, 'Empty reply from server')
+Fetch error: http://support.bt.com/ => https://support.bt.com/: (52, 'Empty reply from server')
+Fetch error: http://www.vouchers.bt.com/ => https://www.vouchers.bt.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://redcare.bt.com/ => https://www.redcare.com/: (7, 'Failed to connect to www.redcare.com port 443: Connection refused')
+Fetch error: http://www.redcare.bt.com/ => https://www.redcare.com/: (7, 'Failed to connect to www.redcare.com port 443: Connection refused')
+
 	For other BT Group coverage, see BT-Group.xml.
 
 
 	btbusiness.custhelp.com
 
 
-	Nonfunctional subdomains:
+	Nonfunctional hosts in *bt.com:
 
-		- (www.)btlife *
-		- (www.)btvision *
-		- (www.)business	(data differs from http, valid cert)
-		- (www.)insight		(times out)
+		- www.benevolent ᵃ
+		- (www.)?btlife ᵖ
+		- (www.)?btvision ᵖ
+		- www.digitalarchives ʰ
+		- (www.)?insight ᵈ
+		- www.selling2bt ᵃ
+		- www.sinet ᵃ
+		- www.trainingsolutions ʳ
+		- www.thephonebook ⁴
+		- www.wifiinourcommunity ᵃ
 
-	* http reply
+	⁴ 400
+	ᵃ Shows another domain
+	ᵈ Dropped
+	ʰ Redirects to http
+	ᵖ Plaintext reply
+	ʳ Refused
 
 
-	Problematic subdomains:
+	Problematic hosts in *bt.com:
 
-		- globalservices *
-		- productsandservices *
-		- shop			(times out)
+		- diagnostics ᵐ
+		- dslchecker ᵐ
+		- btexvip05.extra ᶜ ᵐ
+		- globalservices ᵈ
+		- (www.)?redcare ᵐ
+		- shop ᵈ
+		- www.tvpurchaseshome ᶜ
 
-	* Cert only matches www.foo
+	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
+	ᵈ Dropped, preemptable redirect
+	ᵐ Mismatched
+	ʳ Refused, preemptable redirect
 
 
-	Fully covered subdomains:
+	^vouchers.bt.com does not exist
 
-		- (www.)			(^ → www)
-		- secure.business
-		- (www.)globalservices		(^ → www)
-		- (www.)productsandservices	(^ → www)
-		- (www.)shop			(^ → www)
-		- www.vouchers
-		- www2
 
+	Insecure cookies are set for these domains and hosts: ᶜ
 
-	^vouchers.bt.com doesn't exist
+		- .bt.com
+		- business.bt.com
+		- business.forums.bt.com
+		- home.bt.com
+		- myoffice.bt.com
+		- www.shop.bt.com
+		- .www.shop.bt.com
+		- www.tvpurchaseshome.bt.com
 
--->
-<ruleset name="BT (partial)">
+	ᶜ See https://owasp.org/index.php/SecureFlag
 
-	<target host="bt.com" />
-	<target host="*.bt.com" />
-		<exclusion pattern="^http://business\.bt\.com/" />
 
+	Mixed content:
+
+		- Images, on:
 
-	<securecookie host="^.*\.bt\.com$" name=".+" />
+			- (www.)?home, (www.)?sport from vid01.bt.co.uk
+			- (www.)?home from home.bt.com ˢ
+			- (www.)?sport from sport.bt.com ˢ
+			- tv from assets.bt.com ˢ
+			- tv from home.bt.com ˢ
 
+		- Bugs, on:
 
-	<rule from="^https?://(?:www\.)?((?:global|productsand)services\.)?bt\.com/"
-		to="https://www.$1bt.com/" />
+			- (www.)?home, signin1, (www.)?sport, tv from britishtelecom.112.2o7.net ˢ
 
-	<rule from="^http://(secure\.business|www\.(?:shop|vouchers)|www2)\.bt\.com/"
-		to="https://$1.bt.com/" />
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="BT.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="bt.com" />
+	<target host="api.bt.com" />
+	<target host="assets.bt.com" />
+	<target host="www.broadband.bt.com" />
+	<target host="business.bt.com" />
+
+	<target host="btbsecure.business.bt.com" />
+	<target host="secure.business.bt.com" />
+	<target host="www.business.bt.com" />
+
+	<target host="www.businessdirect.bt.com" />
+	<target host="community.bt.com" />
+	<target host="www.dslchecker.bt.com" />
+	<target host="business.forums.bt.com" />
+	<target host="letstalk.globalservices.bt.com" />
+	<target host="www.globalservices.bt.com" />
+	<target host="home.bt.com" />
+	<target host="www.home.bt.com" />
+	<target host="itservices.bt.com" />
+	<target host="www.itservices.bt.com" />
+	<target host="mydonate.bt.com" />
+	<target host="myoffice.bt.com" />
+	<target host="productsandservices.bt.com" />
+	<target host="www.productsandservices.bt.com" />
+	<target host="search.bt.com" />
+	<target host="www.shop.bt.com" />
+	<target host="signin1.bt.com" />
+	<target host="sport.bt.com" />
+	<target host="www.sport.bt.com" />
+	<target host="support.bt.com" />
+	<target host="tv.bt.com" />
+	<!--target host="www.tvpurchaseshome.bt.com" /-->
+	<target host="www.vouchers.bt.com" />
+	<target host="www.bt.com" />
+	<target host="www2.bt.com" />
+
+	<!--	Complications:
+				-->
+	<target host="dslchecker.bt.com" />
+	<target host="globalservices.bt.com" />
+	<target host="redcare.bt.com" />
+	<target host="www.redcare.bt.com" />
+	<target host="shop.bt.com" />
+
+		<test url="http://assets.bt.com/v1/btcomd/privacy/css/reset.css" />
+		<test url="http://support.bt.com/fix/landline/?view=landlinetroubleshooter&amp;s_intcid=help_9941" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.bt\.com$" name="^(?:BTMAIL$|BTTVSESSION$|JSESSIONID_|SA-ID$|SMSESSION$|XLOGIN$|avs_cookie$|btcom\.isLoggedIn$|btcom\.userName$|btcomsite$|btsite$|elbc$|s$|s_vi$|sportproduct$|uList$|ytoken$|ytokentmp$)" /-->
+	<!--securecookie host="^business\.bt\.com$" name="^AWSELB$" /-->
+	<!--securecookie host="^www\.businessdirect\.bt\.com$" name="^(?:ARPT|ASP\.NET_SessionId|ReferrerId|UniqueSessionGuid|btbus_visitorid)$" /-->
+	<!--securecookie host="^business\.forums\.bt\.com$" name="^Lithium(?:UserInfo|UserSecure|Visitor)$" /-->
+	<!--securecookie host="^(?:home|signin1|sport)\.bt\.com$" name="JSESSIONID" /-->
+	<!--securecookie host="^(?:home|signin1|sport|support)\.bt\.com$" name="^X-Mapping-\w+$" /-->
+	<!--securecookie host="^myoffice\.bt\.com$" name="^(?:\.DBANON|ASP\.NET_SessionId)$" /-->
+	<!--securecookie host="^\.search\.bt\.com$" name="^search" /-->
+	<!--securecookie host="^www\.shop\.bt\.com$" name="^(?:ABTest|ARPT|ASP\.NET_SessionId|ShowExVAT|UniqueSessionGuid|btshop_visitorid)$" /-->
+	<!--securecookie host="^\.www\.shop\.bt\.com$" name="^ARRAffinity$" /-->
+	<!--securecookie host="^www\.tvpurchaseshome\.bt\.com$" name="^session" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://(dslchecker|globalservices)\.bt\.com/"
+		to="https://www.$1.bt.com/" />
+
+	<rule from="^http://(?:www\.)?redcare\.bt\.com/"
+		to="https://www.redcare.com/" />
 
 	<!--	Server drops path like so:
 						-->
 	<rule from="^http://shop\.bt\.com/.*"
 		to="https://www.shop.bt.com/" />
 
-</ruleset>
\ No newline at end of file
+		<test url="http://shop.bt.com/Default.aspx" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BTC-Buy.xml b/src/chrome/content/rules/BTC-Buy.xml
deleted file mode 100644
index f728b013f36b..000000000000
--- a/src/chrome/content/rules/BTC-Buy.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="BTC Buy">
-
-	<target host="btcbuy.info" />
-	<target host="www.btcbuy.info" />
-
-	<rule from="^http://(www\.)?btcbuy\.info/"
-		to="https://$1btcbuy.info/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/BTC-E.xml b/src/chrome/content/rules/BTC-E.xml
deleted file mode 100644
index 1e8fd783ae37..000000000000
--- a/src/chrome/content/rules/BTC-E.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="BTC-E">
-
-	<target host="btc-e.com" />
-	<target host="*.btc-e.com" />
-
-
-	<securecookie host="^\.?btc-e\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?btc-e\.com/"
-		to="https://$1btc-e.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/BTC-Trade.ru.xml b/src/chrome/content/rules/BTC-Trade.ru.xml
deleted file mode 100644
index d499baeff377..000000000000
--- a/src/chrome/content/rules/BTC-Trade.ru.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<ruleset name="BTC-Trade.ru">
-
-	<target host="btc-trade.ru" />
-	<target host="*.btc-trade.ru" />
-
-
-	<securecookie host="^\.btc-trade\.ru$" name=".+" />
-
-
-	<!--	^ redirects to www over http,
-		so copy that behavior:
-					-->
-	<rule from="^http://(?:www\.)?btc-trade\.ru/"
-		to="https://www.btc-trade.ru/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/BTC100.com.xml b/src/chrome/content/rules/BTC100.com.xml
new file mode 100644
index 000000000000..505742cae28c
--- /dev/null
+++ b/src/chrome/content/rules/BTC100.com.xml
@@ -0,0 +1,14 @@
+<!--
+	NB: Server sends no certificate chain, see https://whatsmychaincert.com
+
+-->
+<ruleset name="BTC100.com" default_off="cert-chain">
+
+	<target host="btc100.com" />
+	<target host="www.btc100.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BTCGreece.com.xml b/src/chrome/content/rules/BTCGreece.com.xml
new file mode 100644
index 000000000000..4c31f0f6a476
--- /dev/null
+++ b/src/chrome/content/rules/BTCGreece.com.xml
@@ -0,0 +1,31 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://btcgreece.com/ => https://btcgreece.com/: (35, 'error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol')
+Fetch error: http://www.btcgreece.com/ => https://www.btcgreece.com/: (35, 'error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol')
+
+	Insecure cookies are set for these domains: ᶜ
+
+		- .btcgreece.com
+		- .www.btcgreece.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="BTCGreece.com" default_off="failed ruleset test">
+
+	<target host="btcgreece.com" />
+	<target host="www.btcgreece.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.(?:www\.)?btcgreece\.com$" name="^ARRAffinity$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BTCGuild.xml b/src/chrome/content/rules/BTCGuild.xml
deleted file mode 100644
index 3576851f1398..000000000000
--- a/src/chrome/content/rules/BTCGuild.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="BTCGuild.com" platform="mixedcontent">
-  <target host="btcguild.com" />
-  <target host="www.btcguild.com" />
-
-  <rule from="^http://(?:www\.)?btcguild\.com/" to="https://www.btcguild.com/" />
-</ruleset>
diff --git a/src/chrome/content/rules/BTCJam.com.xml b/src/chrome/content/rules/BTCJam.com.xml
new file mode 100644
index 000000000000..283e9e2e36ad
--- /dev/null
+++ b/src/chrome/content/rules/BTCJam.com.xml
@@ -0,0 +1,17 @@
+<!--
+btcjam is now closed however they are sitll running one sub domain - blog.btcjam.com
+
+	Nonfunctional hosts in *btcjam.com:
+
+	Does not resolve
+        www.blog.btcjam.com
+		btcjam.com
+
+-->
+<ruleset name="BTCJam.com">
+	<target host="blog.btcjam.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BTCKan.com.xml b/src/chrome/content/rules/BTCKan.com.xml
new file mode 100644
index 000000000000..f78c07d01b59
--- /dev/null
+++ b/src/chrome/content/rules/BTCKan.com.xml
@@ -0,0 +1,23 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://btckan.com/ => https://btckan.com/: (51, "SSL: no alternative certificate subject name matches target host name 'btckan.com'")
+Fetch error: http://www.btckan.com/ => https://www.btckan.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.btckan.com'")
+
+-->
+<ruleset name="BTCKan.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="btckan.com" />
+	<target host="api.btckan.com" />
+	<target host="www.btckan.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BTCS.com.xml b/src/chrome/content/rules/BTCS.com.xml
new file mode 100644
index 000000000000..baf89eeda170
--- /dev/null
+++ b/src/chrome/content/rules/BTCS.com.xml
@@ -0,0 +1,46 @@
+<!--
+	For other BitcoinShop.US coverage, see BitcoinShop.US.xml.
+
+
+	Fully covered hosts in *btcs.com:
+
+		- (www.)?
+		- investors
+		- shop
+		- wallet
+
+
+	Insecure cookies are set for these domains:
+
+		- .shop.btcs.com
+
+
+	Mixed content:
+
+		- css on investors from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="BTCS.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="btcs.com" />
+	<target host="investors.btcs.com" />
+	<target host="shop.btcs.com" />
+	<target host="wallet.btcs.com" />
+	<target host="www.btcs.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.shop\.btcs\.com$" name="^frontend$" /-->
+
+	<securecookie host="^\.shop\.btcs\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BTCSportsBet.xml b/src/chrome/content/rules/BTCSportsBet.xml
deleted file mode 100644
index f967cbc97337..000000000000
--- a/src/chrome/content/rules/BTCSportsBet.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="BTCSportsBet" platform="mixedcontent">
-
-	<target host="btcsportsbet.com" />
-	<target host="www.btcsportsbet.com" />
-
-
-	<securecookie host="^(www\.)?btcsportsbet\.com$" name=".*" />
-
-
-	<rule from="^http://(www\.)?btcsportsbet\.com/"
-		to="https://$1btcsportsbet.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/BTCTrader.com.xml b/src/chrome/content/rules/BTCTrader.com.xml
new file mode 100644
index 000000000000..770c76c94fe7
--- /dev/null
+++ b/src/chrome/content/rules/BTCTrader.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- .btctrader.com
+		- .www.btctrader.com
+
+-->
+<ruleset name="BTCTrader.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="btctrader.com" />
+	<target host="www.btctrader.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.(?:www\.)?btctrader\.com$" name="^ARRAffinity$" /-->
+
+	<securecookie host="^\.(?:www\.)?btctrader\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BTCTurk.com.xml b/src/chrome/content/rules/BTCTurk.com.xml
new file mode 100644
index 000000000000..b37d912a0408
--- /dev/null
+++ b/src/chrome/content/rules/BTCTurk.com.xml
@@ -0,0 +1,32 @@
+<!--
+	Problematic hosts in *btcturk.com:
+
+		- blog *
+
+	* Mismatched
+
+
+	Insecure cookies are set for these domains:
+
+		- .btcturk.com
+		- .www.btcturk.com
+
+-->
+<ruleset name="BTCTurk.com (partial)">
+
+	<target host="btcturk.com" />
+	<!--target host="blog.btcturk.com" /-->
+	<target host="www.btcturk.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.(?:www\.)?btcturk\.com$" name="^ARRAffinity$" /-->
+
+	<securecookie host="^\.(?:www\.)?btcturk\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BTCZone.xml b/src/chrome/content/rules/BTCZone.xml
deleted file mode 100644
index c2814f97c413..000000000000
--- a/src/chrome/content/rules/BTCZone.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="BTCZone">
-
-	<target host="btczone.com" />
-	<target host="www.btczone.com" />
-
-
-	<securecookie host="^(www\.)?btczone\.com$" name=".*" />
-
-
-	<rule from="^http://(www\.)?btczone\.com/"
-		to="https://$1btczone.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/BTC_Gear.com.xml b/src/chrome/content/rules/BTC_Gear.com.xml
index 073312fac18e..cbd23ae20bc3 100644
--- a/src/chrome/content/rules/BTC_Gear.com.xml
+++ b/src/chrome/content/rules/BTC_Gear.com.xml
@@ -1,4 +1,11 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://btcgear.com/ => https://btcgear.com/: (51, "SSL: no alternative certificate subject name matches target host name 'btcgear.com'")
+Fetch error: http://www.btcgear.com/ => https://www.btcgear.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.btcgear.com'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://btcgear.com/ => https://btcgear.com/: (60, 'SSL certificate problem: certificate has expired')
 	Mixed content:
 
 		- Image on (www.) from www *
@@ -6,16 +13,15 @@
 	* Secured by us
 
 -->
-<ruleset name="BTC Gear.com">
+<ruleset name="BTC Gear.com" default_off="failed ruleset test">
 
 	<target host="btcgear.com" />
-	<target host="*.btcgear.com" />
+	<target host="www.btcgear.com" />
 
 
 	<securecookie host="^(?:w*\.)?btcgear\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?btcgear\.com/"
-		to="https://$1btcgear.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/BTC_Markets.net.xml b/src/chrome/content/rules/BTC_Markets.net.xml
new file mode 100644
index 000000000000..aee1c7c80b24
--- /dev/null
+++ b/src/chrome/content/rules/BTC_Markets.net.xml
@@ -0,0 +1,28 @@
+<!--
+	Insecure cookies are set for these domains and hosts:
+
+		- btcmarkets.net
+		- .btcmarkets.net
+		- www.btcmarkets.net
+
+-->
+<ruleset name="BTC Markets.net">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="btcmarkets.net" />
+	<target host="www.btcmarkets.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?btcmarkets\.net$" name="^(?:AWSELB|JSESSIONID)$" /-->
+	<!--securecookie host="^\.btcmarkets\.net$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^(?:\.|www\.)?btcmarkets\.net$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BTC_Media.org.xml b/src/chrome/content/rules/BTC_Media.org.xml
new file mode 100644
index 000000000000..700428b81f4c
--- /dev/null
+++ b/src/chrome/content/rules/BTC_Media.org.xml
@@ -0,0 +1,38 @@
+<!--
+	Other BTC Media rulesets:
+
+		- YBitcoin_Magazine.com.xml
+
+
+	Nonfunctional hosts in *btcmedia.org:
+
+		- blog *
+
+	* Pingdom
+
+
+	Insecure cookies are set for these hosts:
+
+		- btcmedia.org
+		- www.btcmedia.org
+
+-->
+<ruleset name="BTC Media.org (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="btcmedia.org" />
+	<target host="www.btcmedia.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?btcmedia\.org$" name="^btc$" /-->
+
+	<securecookie host="^(?:www\.)?btcmedia\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BTC_Store.eu.xml b/src/chrome/content/rules/BTC_Store.eu.xml
new file mode 100644
index 000000000000..98a82cdd81c9
--- /dev/null
+++ b/src/chrome/content/rules/BTC_Store.eu.xml
@@ -0,0 +1,12 @@
+<ruleset name="BTC Store.eu">
+
+	<target host="btcstore.eu" />
+	<target host="www.btcstore.eu" />
+
+
+	<securecookie host="^\.btcstore\.eu$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BTDB.to.xml b/src/chrome/content/rules/BTDB.to.xml
new file mode 100644
index 000000000000..424b62baadc7
--- /dev/null
+++ b/src/chrome/content/rules/BTDB.to.xml
@@ -0,0 +1,23 @@
+<ruleset name="BTDB BitTorrent Database">
+
+	<target host="btdb.to"/>
+	<target host="www.btdb.to"/>
+	<target host="ru.btdb.to"/>
+	<target host="fr.btdb.to"/>
+	<target host="en.btdb.to"/>
+	<target host="zh.btdb.to"/>
+	<target host="pt.btdb.to"/>
+	<target host="tw.btdb.to"/>
+	<target host="hi.btdb.to"/>
+	<target host="ko.btdb.to"/>
+	<target host="ja.btdb.to"/>
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:"/>
+
+	<test url="http://www.btdb.to/about"/>
+	<test url="http://btdb.to/torrent/579qo3wbbYfQq36b8xwBFDdQbv4l1mf8on.html"/>
+
+</ruleset>
+
diff --git a/src/chrome/content/rules/BTDigg.xml b/src/chrome/content/rules/BTDigg.xml
index 7feaf2dca107..e1ce5017071a 100644
--- a/src/chrome/content/rules/BTDigg.xml
+++ b/src/chrome/content/rules/BTDigg.xml
@@ -2,10 +2,10 @@
 
 	<target host="btdigg.org" />
 	<!--	* for cross-domain cookie.	-->
-	<target host="*.btdigg.org" />
+	<target host="www.btdigg.org" />
 
 
-	<securecookie host="^\.?btdigg\.org$" name=".*" />
+	<securecookie host="^\.?btdigg\.org$" name=".+" />
 
 
 	<rule from="^http://(?:www\.)?btdigg\.org/"
diff --git a/src/chrome/content/rules/BTGuard.com.xml b/src/chrome/content/rules/BTGuard.com.xml
index 94decb15a6f3..ba8d8d97a234 100644
--- a/src/chrome/content/rules/BTGuard.com.xml
+++ b/src/chrome/content/rules/BTGuard.com.xml
@@ -1,9 +1,11 @@
 <ruleset name="BTGuard.com">
 
 	<target host="btguard.com" />
-	<target host="*.btguard.com"/>
+	<target host="affiliate.btguard.com" />
+	<target host="www.btguard.com" />
+	<target host="www.affiliate.btguard.com" />
 
-	<securecookie host="^(.*\.)?btguard\.com$" name=".*"/>
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http://(?:www\.)?(affiliate\.)?btguard\.com/"
 		to="https://$1btguard.com/"/>
diff --git a/src/chrome/content/rules/BTR_CDN.com.xml b/src/chrome/content/rules/BTR_CDN.com.xml
new file mode 100644
index 000000000000..ba02245a9640
--- /dev/null
+++ b/src/chrome/content/rules/BTR_CDN.com.xml
@@ -0,0 +1,20 @@
+<!--
+	For other BlogTalkRadio coverage, see BlogTalkRadio.xml.
+
+
+	Problematic subdomains:
+
+		- cdn *
+
+	* 400
+
+-->
+<ruleset name="BTR CDN.com">
+
+	<target host="cdn.btrcdn.com" />
+
+
+	<rule from="^http://cdn\.btrcdn\.com/"
+		to="https://cdn2.btrstatic.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BTR_static.com.xml b/src/chrome/content/rules/BTR_static.com.xml
new file mode 100644
index 000000000000..40646876640d
--- /dev/null
+++ b/src/chrome/content/rules/BTR_static.com.xml
@@ -0,0 +1,19 @@
+<!--
+	For other BlogTalkRadio coverage, see BlogTalkRadio.xml.
+
+
+	Fully covered subdomains:
+
+		- cdn[1-3]
+
+-->
+<ruleset name="BTR static.com">
+
+	<target host="cdn1.btrstatic.com" />
+	<target host="cdn2.btrstatic.com" />
+	<target host="cdn3.btrstatic.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BTToronto.ca.xml b/src/chrome/content/rules/BTToronto.ca.xml
new file mode 100644
index 000000000000..7a670dd3831e
--- /dev/null
+++ b/src/chrome/content/rules/BTToronto.ca.xml
@@ -0,0 +1,18 @@
+<!--
+	Invalid certificate:
+		- live.bttoronto.ca
+
+	Timed out:
+		- bttoronto.ca, equivalent to www.bttoronto.ca
+		- blogs.bttoronto.ca
+-->
+
+<ruleset name="BTToronto.ca">
+	<target host="bttoronto.ca" />
+	<target host="www.bttoronto.ca" />
+
+	<rule from="^http://bttoronto\.ca/"
+		  to="https://www.bttoronto.ca/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/BTXIndia.com.xml b/src/chrome/content/rules/BTXIndia.com.xml
new file mode 100644
index 000000000000..60c38c26b930
--- /dev/null
+++ b/src/chrome/content/rules/BTXIndia.com.xml
@@ -0,0 +1,35 @@
+<!--
+	Problematic hosts in btcxindia.com:
+
+		- blog *
+
+	* Revoked cert
+
+
+	Insecure cookies are set for these hosts:
+
+		- btcxindia.com
+
+-->
+<ruleset name="BTXIndia.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="btcxindia.com" />
+	<target host="bangalore.btcxindia.com" />
+	<!--target host="blog.btcxindia.com" /-->
+	<target host="m.btcxindia.com" />
+	<target host="www.btcxindia.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^btcxindia\.com$" name="^connect\.sid$" /-->
+
+	<securecookie host="^btcxindia\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BT_Sport.xml b/src/chrome/content/rules/BT_Sport.xml
index 21967bbeb6ad..6d130f308ee9 100644
--- a/src/chrome/content/rules/BT_Sport.xml
+++ b/src/chrome/content/rules/BT_Sport.xml
@@ -2,27 +2,27 @@
 	For other BT Group coverage, see BT-Group.xml.
 
 
-	Problematic subdomains:
+	Problematic hosts in *btsport.com:
 
-		- ^	(cert only matches www)
+		- register *
+
+	* Expired
 
 
 	^register.btsport.com doesn't exist.
 
 -->
-<ruleset name="BT Sport">
+<ruleset name="BT Sport.com (partial)">
 
 	<target host="btsport.com" />
-	<target host="*.btsport.com" />
-
+	<!--target host="www.register.btsport.com" /-->
+	<target host="www.btsport.com" />
 
-	<securecookie host="^www\.register\.btsport\.com$" name=".+" />
 
+	<securecookie host="^\w" name=".+" />
 
-	<rule from="^http://(?:www\.)?btsport\.com/"
-		to="https://www.btsport.com/" />
 
-	<rule from="^http://www\.register\.btsport\.com/"
-		to="https://www.register.btsport.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/BT_Sport_for_Business.xml b/src/chrome/content/rules/BT_Sport_for_Business.xml
index b8b7f4b7c80c..0759e11e0ccc 100644
--- a/src/chrome/content/rules/BT_Sport_for_Business.xml
+++ b/src/chrome/content/rules/BT_Sport_for_Business.xml
@@ -1,20 +1,17 @@
 <!--
 	For other BT Group coverage, see BT-Group.xml.
 
-
-	www: cert only matches ^btsportbusiness.com
-
 -->
-<ruleset name="BT Sport for Business">
+<ruleset name="BT Sport Business.com">
 
 	<target host="btsportbusiness.com" />
 	<target host="www.btsportbusiness.com" />
 
 
-	<securecookie host="^btsportbusiness\.com$" name=".+" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?btsportbusiness\.com/"
-		to="https://btsportbusiness.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/BT_Wholesale.com.xml b/src/chrome/content/rules/BT_Wholesale.com.xml
new file mode 100644
index 000000000000..c842069da200
--- /dev/null
+++ b/src/chrome/content/rules/BT_Wholesale.com.xml
@@ -0,0 +1,21 @@
+<!--
+	For other BT Group coverage, see BT-Group.xml.
+
+-->
+<ruleset name="BT Wholesale.com">
+
+	<target host="btwholesale.com" />
+	<target host="www.btwholesale.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.btwholesale\.com$" name="^VS:www\.btwholesale\.com\(SSL\):80:cookie$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BT_Wi-fi.xml b/src/chrome/content/rules/BT_Wi-fi.xml
index a31bbc2806b2..4628bd7abdc2 100644
--- a/src/chrome/content/rules/BT_Wi-fi.xml
+++ b/src/chrome/content/rules/BT_Wi-fi.xml
@@ -1,32 +1,17 @@
 <!--
-	For other BT Group coverage, see BT-Group.xml.
-
-
-	Fully covered domains:
-
-		- (www.)btwifi.co.uk
-		- (www.)btwifi.com
-		- my.btwifi.com
-
+	For other BT Group coverage, see BT-Group.xml
 -->
-<ruleset name="BT Wi-fi">
+<ruleset name="BT Wi-Fi (partial)">
+	<!-- *.btwifi.com -->
+	<target host="btwifi.com" />
+	<target host="my.btwifi.com" />
+	<target host="www.btwifi.com" />
 
+	<!-- *.btwifi.co.uk -->
 	<target host="btwifi.co.uk" />
 	<target host="www.btwifi.co.uk" />
-	<target host="btwifi.com" />
-	<target host="*.btwifi.com" />
-
-
-	<!--	Observed cookie domains:
-
-			- (www.)btwifi.co.uk
-			- (www.)btwifi.com
-			- my.btwifi.com
-					-->
-	<securecookie host="^(?:.+\.)?btwifi\.co(?:\.uk|m)$" name=".+" />
-
 
-	<rule from="^http://(my\.|www\.)?btwifi\.co(\.uk|m)/"
-		to="https://$1btwifi.co$2/" />
+	<securecookie host=".+" name=".+" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/BTstatic.com.xml b/src/chrome/content/rules/BTstatic.com.xml
new file mode 100644
index 000000000000..7bab3a4bac6c
--- /dev/null
+++ b/src/chrome/content/rules/BTstatic.com.xml
@@ -0,0 +1,15 @@
+<!--
+	For other BrightTag coverage, see BrightTag.xml.
+
+-->
+<ruleset name="BTstatic.com (partial)">
+
+	<target host="s.btstatic.com" />
+	<target host="s-eu.btstatic.com" />
+	<target host="t.btstatic.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BTunnel.xml b/src/chrome/content/rules/BTunnel.xml
index 0b7afa9efc39..d51f36d1cd3d 100644
--- a/src/chrome/content/rules/BTunnel.xml
+++ b/src/chrome/content/rules/BTunnel.xml
@@ -1,8 +1,15 @@
-<ruleset name="BTunnel" platform="mixedcontent">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://btunnel.com/ => https://btunnel.com/: (51, "SSL: no alternative certificate subject name matches target host name 'btunnel.com'")
+Fetch error: http://www.btunnel.com/ => https://btunnel.com/: (51, "SSL: no alternative certificate subject name matches target host name 'btunnel.com'")
+
+-->
+<ruleset name="BTunnel" platform="mixedcontent" default_off="failed ruleset test">
   <target host="btunnel.com" />
   <target host="www.btunnel.com" />
 
-  <securecookie host="^(.+\.)?btunnel\.com$" name=".*"/>
+  <securecookie host=".+" name=".+" />
 
   <rule from="^http://(?:www\.)?btunnel\.com/" to="https://btunnel.com/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/BU.edu.xml b/src/chrome/content/rules/BU.edu.xml
new file mode 100644
index 000000000000..9e5460d1a755
--- /dev/null
+++ b/src/chrome/content/rules/BU.edu.xml
@@ -0,0 +1,57 @@
+<!--
+	Refused:
+		bu.edu
+		agni.bu.edu
+		blackboard.bu.edu
+		collaborate.bu.edu
+
+	Login required:
+		inspir.bu.edu
+
+	No working URL known:
+		shib.bu.edu
+
+	Invalid certificate:
+		activistlab.bu.edu
+		ai.bu.edu
+		smg.bu.edu
+		sphweb.bumc.bu.edu (revoked)
+		bumc.bu.edu
+		g2pc1.bu.edu
+		onlinemsw.bu.edu
+
+	Broken cert chain:
+		medlib.bu.edu
+
+	Time out:
+		mark.bu.edu
+
+	Securing the cookies on this domain can cause issues with proxy access to academic publications (#17838).
+
+-->
+<ruleset name="Boston University (partial)">
+
+	<target host="bu.edu" />
+	<target host="www.bu.edu" />
+	<target host="bumc.bu.edu" />
+	<target host="www.bumc.bu.edu" />
+	<target host="www.cs.bu.edu" />
+		<test url="http://www.cs.bu.edu/teaching/c/file-io/intro/" />
+	<target host="cs-people.bu.edu" />
+	<target host="financialplanningonline.bu.edu" />
+	<target host="genealogyonline.bu.edu" />
+	<target host="onlineprofundraising.bu.edu" />
+	<target host="paralegalonline.bu.edu" />
+	<target host="physics.bu.edu" />
+	<target host="professional.bu.edu" />
+	<target host="questromtools.bu.edu" />
+	<target host="search.bu.edu" />
+	<target host="tandem.bu.edu" />
+
+	<rule from="^http://(bumc\.)?bu\.edu/"
+		to="https://www.$1bu.edu/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BUNTE.de.xml b/src/chrome/content/rules/BUNTE.de.xml
new file mode 100644
index 000000000000..9fb55ac5d417
--- /dev/null
+++ b/src/chrome/content/rules/BUNTE.de.xml
@@ -0,0 +1,41 @@
+<!--
+	SSL: no alternative certificate subject name matches target host name:
+		- buzz.bunte.de
+		- go.bunte.de
+		- *.go.bunte.de
+		- goto.bunte.de
+
+	Timeout:
+		- autodiscover.bunte.de
+		- viplounge.bunte.de
+		- wohnideen.bunte.de
+-->
+<ruleset name="BUNTE.de">
+
+	<target host="bunte.de" />
+	<target host="www.bunte.de" />
+	<target host="cdn-video.bunte.de" />
+	<target host="develop.bunte.de" />
+	<target host="edit.bunte.de" />
+	<target host="fbia.bunte.de" />
+	<target host="inside-api.bunte.de" />
+	<target host="inside-api-develop.bunte.de" />
+	<target host="link.bunte.de" />
+	<target host="login.bunte.de" />
+	<target host="m.bunte.de" />
+	<target host="mobil.bunte.de" />
+	<target host="preview.bunte.de" />
+	<target host="promo.bunte.de" />
+	<target host="static.bunte.de" />
+	<target host="static-assets.bunte.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<!-- Timeout on https://bunte.de/,
+	http://bunte.de/ redirects to https://www.bunte.de/.-->
+	<rule from="^http://bunte\.de/"
+		to="https://www.bunte.de/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BVG.de.xml b/src/chrome/content/rules/BVG.de.xml
new file mode 100644
index 000000000000..1e4f42a59c02
--- /dev/null
+++ b/src/chrome/content/rules/BVG.de.xml
@@ -0,0 +1,28 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ssltor.bvg.de/ => https://ssltor.bvg.de/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://track.bvg.de/ => https://track.bvg.de/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	Problematic subdomains:
+		- mobil.bvg.de (different page on https)
+		- owa.bvg.de (not working)
+		- unternehmen.prelive.bvg.de (cert mismatch)
+-->
+<ruleset name="BVG.de" default_off="failed ruleset test">
+	<target host="bvg.de" />
+	<target host="ap2.bvg.de" />
+	<target host="bewerbungen.bvg.de" />
+	<target host="fahrinfo.bvg.de" />
+	<target host="lp.bvg.de" />
+	<target host="monitor.bvg.de" />
+	<target host="prelive.bvg.de" />
+	<target host="shop.bvg.de" />
+	<target host="ssltor.bvg.de" />
+	<target host="test.bvg.de" />
+	<target host="track.bvg.de" />
+	<target host="unternehmen.bvg.de" />
+	<target host="www.bvg.de" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/BVI_Photo_Video.com.xml b/src/chrome/content/rules/BVI_Photo_Video.com.xml
deleted file mode 100644
index 6b2e2e76e14b..000000000000
--- a/src/chrome/content/rules/BVI_Photo_Video.com.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="BVI Photo Video.com">
-
-	<target host="bviphotovideo.com" />
-	<target host="*.bviphotovideo.com" />
-
-
-	<securecookie host="^(?:www)\.bviphotovideo\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?bviphotovideo\.com/"
-		to="https://$1bviphotovideo.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/BW.com.xml b/src/chrome/content/rules/BW.com.xml
new file mode 100644
index 000000000000..c99b6c4670a2
--- /dev/null
+++ b/src/chrome/content/rules/BW.com.xml
@@ -0,0 +1,29 @@
+<!--
+	^: Dropped
+
+
+	Fully covered subdomains:
+
+		- (www.)?	(^ → www)
+		- m
+
+-->
+<ruleset name="BW.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="m.bw.com" />
+	<target host="www.bw.com" />
+
+	<!--	Special cases:
+				-->
+	<target host="bw.com" />
+
+
+	<rule from="^http://bw\.com/"
+		to="https://www.bw.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BWurst.org.xml b/src/chrome/content/rules/BWurst.org.xml
new file mode 100644
index 000000000000..90ce1c4f3096
--- /dev/null
+++ b/src/chrome/content/rules/BWurst.org.xml
@@ -0,0 +1,19 @@
+<!--
+	Mixed content:
+
+		- Images from ^ ¹
+		- Ad from www.uberwach.de ²
+
+	¹ Secured by us
+	² Unsecurable <= redirects to http
+
+-->
+<ruleset name="BWurst.org">
+
+	<target host="bwurst.org" />
+	<target host="www.bwurst.org" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BYO.com.xml b/src/chrome/content/rules/BYO.com.xml
new file mode 100644
index 000000000000..9df3caa203dd
--- /dev/null
+++ b/src/chrome/content/rules/BYO.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="Brew Your Own">
+
+	<target host="byo.com"/>
+	<target host="www.byo.com"/>
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BYU.edu.xml b/src/chrome/content/rules/BYU.edu.xml
new file mode 100644
index 000000000000..981ab818610e
--- /dev/null
+++ b/src/chrome/content/rules/BYU.edu.xml
@@ -0,0 +1,172 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+			 - studio1030.byu.edu
+			 - thewall.byu.edu
+			 - visualarts.byu.edu
+
+		Timeout was reached:
+			 - anthropology.byu.edu
+			 - ctl.byu.edu
+			 - facultycenter.byu.edu
+			 - finserve.byu.edu
+			 - www.geology.byu.edu
+			 - health.byu.edu
+			 - learningsuite.byu.edu
+			 - lib.byu.edu
+			 - nursing.byu.edu
+
+		SSL connect error:
+			 - www.chem.byu.edu
+			 - dvagalleries.byu.edu
+
+		SSL peer certificate was not OK:
+			 - asiane.byu.edu
+			 - cal.byu.edu
+			 - english.byu.edu
+			 - frenital.byu.edu
+			 - germslav.byu.edu
+			 - giving.byu.edu
+			 - intramurals.byu.edu
+			 - linguistics.byu.edu
+			 - och.byu.edu
+			 - philosophy.byu.edu
+			 - president.byu.edu
+			 - rmyl.byu.edu
+			 - spanport.byu.edu
+			 - sustainability.byu.edu
+			 - womensstudies.byu.edu
+			 - xplorit.byu.edu
+
+		Peer certificate cannot be authenticated with given CA certificates:
+			 - afrotc.byu.edu
+			 - unicomm.byu.edu
+				<test url="http://unicomm.byu.edu/directories/" />
+
+		Incomplete certificate chain error:
+			 - www.law.byu.edu
+			 - studentratings.byu.edu
+			 - education.byu.edu
+			 - ece.byu.edu
+			 - www.ece.byu.edu
+			 - ee.byu.edu
+			 - www.ee.byu.edu
+
+		Status code mismatch:
+			 - econ.byu.edu
+			 - mpc.byu.edu
+			 - geography.byu.edu
+
+		Different content:
+			 - core.byu.edu
+			 - dining.byu.edu
+			 - extramuralsports.byu.edu
+			 - freshmanmentoring.byu.edu
+			 - housing.byu.edu
+			 - socialwork.byu.edu
+			 - ue.byu.edu
+
+		Mixed content blocking (MCB) triggered:
+			 - honors.byu.edu
+			 - humanities.byu.edu
+			 - map.byu.edu
+-->
+<ruleset name="Brigham Young University (partial)">
+	<target host="byu.edu" />
+	<target host="www.byu.edu" />
+	<target host="aims.byu.edu" />
+	<target host="academiccalendar.byu.edu" />
+	<target host="admissions.byu.edu" />
+	<target host="advisement.byu.edu" />
+	<target host="alumni.byu.edu" />
+	<target host="alumnicareers.byu.edu" />
+	<target host="art.byu.edu" />
+	<target host="arts.byu.edu" />
+	<target host="bgs.byu.edu" />
+	<target host="biology.byu.edu" />
+	<target host="booklist.byu.edu" />
+	<target host="byuonline.byu.edu" />
+	<target host="byusa.byu.edu" />
+	<target host="calendar.byu.edu" />
+	<target host="cas.byu.edu" />
+	<target host="catalog.byu.edu" />
+	<target host="ccc.byu.edu" />
+	<target host="cdn.byu.edu" />
+	<target host="ce.byu.edu" />
+	<target host="cfac.byu.edu" />
+	<target host="chemicalengineering.byu.edu" />
+	<target host="classschedule.byu.edu" />
+	<target host="clubs.byu.edu" />
+	<target host="cpms.byu.edu" />
+	<target host="cs.byu.edu" />
+	<target host="accounts.cs.byu.edu" />
+	<target host="docs.cs.byu.edu" />
+	<target host="students.cs.byu.edu" />
+	<target host="support.cs.byu.edu" />
+	<target host="designdept.byu.edu" />
+	<target host="economics.byu.edu" />
+	<target host="ceen.et.byu.edu" />
+	<target host="sot.et.byu.edu" />
+	<target host="www.et.byu.edu" />
+	<target host="eveningclasses.byu.edu" />
+	<target host="exercisesciences.byu.edu" />
+	<target host="familylife.byu.edu" />
+	<target host="fhss.byu.edu" />
+	<target host="financialaid.byu.edu" />
+	<target host="fp.byu.edu" />
+	<target host="gamma.byu.edu" />
+	<target host="graduatestudies.byu.edu" />
+	<target host="healthscience.byu.edu" />
+	<target host="history.byu.edu" />
+	<target host="home.byu.edu" />
+	<target host="honorcode.byu.edu" />
+	<target host="hrms.byu.edu" />
+	<target host="hs.byu.edu" />
+	<target host="intern.byu.edu" />
+	<target host="is.byu.edu" />
+	<target host="jobs.byu.edu" />
+	<target host="kennedy.byu.edu" />
+	<target host="lambda.byu.edu" />
+	<target host="learningoutcomes.byu.edu" />
+	<target host="lifesciences.byu.edu" />
+	<target host="link.byu.edu" />
+	<target host="marriottschool.byu.edu" />
+	<target host="math.byu.edu" />
+	<target host="mathed.byu.edu" />
+	<target host="me.byu.edu" />
+	<target host="mlbean.byu.edu" />
+	<target host="mmbio.byu.edu" />
+	<target host="moa.byu.edu" />
+	<target host="ndfs.byu.edu" />
+	<target host="neuroscience.byu.edu" />
+	<target host="news.byu.edu" />
+	<target host="onestop.byu.edu" />
+	<target host="orca.byu.edu" />
+	<target host="outdoors.byu.edu" />
+	<target host="pam.byu.edu" />
+	<target host="pdbio.byu.edu" />
+	<target host="www.physics.byu.edu" />
+	<target host="police.byu.edu" />
+	<target host="politicalscience.byu.edu" />
+	<target host="psychology.byu.edu" />
+	<target host="pws.byu.edu" />
+	<target host="rbfacilities.byu.edu" />
+	<target host="registrar.byu.edu" />
+	<target host="religion.byu.edu" />
+	<target host="saasta.byu.edu" />
+	<target host="sociology.byu.edu" />
+	<target host="speeches.byu.edu" />
+	<target host="statistics.byu.edu" />
+	<target host="studentjobs.byu.edu" />
+	<target host="studentwellness.byu.edu" />
+	<target host="testing.byu.edu" />
+	<target host="titleix.byu.edu" />
+	<target host="transfer.byu.edu" />
+	<target host="uac.byu.edu" />
+	<target host="wsr.byu.edu" />
+	<target host="y.byu.edu" />
+	<target host="yjobs.byu.edu" />
+	<target host="yserve.byu.edu" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/BYU.xml b/src/chrome/content/rules/BYU.xml
deleted file mode 100644
index b98ac4c324d5..000000000000
--- a/src/chrome/content/rules/BYU.xml
+++ /dev/null
@@ -1,35 +0,0 @@
-<ruleset name="Brigham Young University (partial)" platform="mixedcontent">
-
-	<target host="byu.edu" />
-	<target host="*.byu.edu" />
-		<exclusion pattern="^http://cpms\.byu\.edu/(content/|ESM($|/)|newsletters/StudentNews/)" />
-		<exclusion pattern="^http://(www\.)?byu\.edu/(family|o(n|ff)campus)?housing($|/)" />
-	<target host="*.groups.et.byu.net" />
-		<!--	For some reason, using the "PREV" or "NEXT" buttons in the
-			"Featured Research" box causes the category menu at the top of
-			the page to incorrectly change from the "Graduate" heading to a
-			different heading when a URL in the two patterns below is
-			accessed via HTTPS, as of July 5, 2011.	-->
-		<exclusion pattern="^http://www\.physics\.byu\.edu/Graduate(/?$|/[dD]efault\.aspx(\?|$))" />
-
-
-
-	<!--	Handle domains for which the subdomain should not be preceeded by www.	-->
-	<rule from="^http(?:://(?:www\.)?|s://www\.)(alumni[23]|animation|asme|assess|at|barbershop|blackboard|bookexchange|booklist|byuems|byusa|cac|calendar|ccr|cheme|chemicalengineering|cles|clsupport|comd|cougarprints|coursemanagement|cpms|creativeworks|(?:(?:(?:accounts|docs|faculty|facwiki|help|labs|students|tick)\.)?cs)|delegate|developer|education|edward|eroom|(?:(?:org|pml)\.et)|events|examstat|facultyprofile|finserve|finserve-dev|gamescenter|gamma|gamma-stg|gardner|globalcareer|go|gradebook|home|honorcode|hrms|inshop|internationalservices|irbtutorial|it|itmedia|ittest|jobs|kennedy|kronprod|lambda|leadershiped|lockers|lodges|login|map|marylou|(?:mail01\.)?math|mathed|multicultural|news|newsnet|oit|online[12]?|orca|(?:mail\.physics)|pmpc|pmpcapps|police|printandmail|purchasing|redefineservice|remedy|risk|ry|sa|saas|sasapps|scheduling|software|spiral|stab|stleader|stokes|studentratings|testing|tutoring|uac|unicomm|volta|webmail|wilk|www|y|yfacts|yjobs|yscience)\.byu\.edu/"
-		to="https://$1.byu.edu/" />
-
-	<!--	Handle domains for which the subdomain should be
-		preceeded by www (including the situation where
-		there is the byu.edu domain with no subdomain.)	-->
-	<rule from="^http(?:://(?:www\.)?|s://)((?:acerc|et|chem|physics)\.)?byu\.edu/"
-		to="https://www.$1byu.edu/" />
-
-	<!--	Handle certain special cases.	-->
-	<rule from="^http://((?:secure\.chem)|(?:support\.cheme)|(?:(?:contentdm|listserver)\.lib))\.byu\.edu/"
-		to="https://$1.byu.edu/" />
-
-	<!--	Handle subdomains for the groups.et.byu.net domain.	-->
-	<rule from="^http://([a-zA-Z\d\-]+)\.groups\.et\.byu\.net/"
-		to="https://$1.groups.et.byu.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/BZ-Berlin.de.xml b/src/chrome/content/rules/BZ-Berlin.de.xml
new file mode 100644
index 000000000000..b3977294059f
--- /dev/null
+++ b/src/chrome/content/rules/BZ-Berlin.de.xml
@@ -0,0 +1,38 @@
+<!--
+	Invalid certificate:
+		nachtleben.bz-berlin.de
+		ww251.bz-berlin.de
+
+	Non-2xx HTTP code:
+		aboservice.bz-berlin.de
+
+	Refused:
+		branchenbuch.bz-berlin.de
+
+	Timeout:
+		blogs.bz-berlin.de
+		fileserver.bz-berlin.de
+		immonet.bz-berlin.de
+		ors.bz-berlin.de
+		preview.bz-berlin.de
+
+	Unable to get local issuer certificate:
+		service.bz-berlin.de
+-->
+<ruleset name="BZ-Berlin.de">
+
+	<target host="bz-berlin.de" />
+	<target host="www.bz-berlin.de" />
+	<target host="www.aboservice.bz-berlin.de" />
+	<target host="aboservice1.bz-berlin.de" />
+	<target host="event.bz-berlin.de" />
+	<target host="ivw-amp.bz-berlin.de" />
+	<target host="www.sonderthemen.bz-berlin.de" />
+	<target host="static.bz-berlin.de" />
+	<target host="willy.bz-berlin.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/B_E_Smith.xml b/src/chrome/content/rules/B_E_Smith.xml
index 8b3d13e8abd1..d44cbcad48aa 100644
--- a/src/chrome/content/rules/B_E_Smith.xml
+++ b/src/chrome/content/rules/B_E_Smith.xml
@@ -1,4 +1,6 @@
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://besmith.com/ => https://besmith.com/: (51, "SSL: no alternative certificate subject name matches target host name 'besmith.com'")
 	Problematic subdomains:
 
 		- autodiscover		(no https)
@@ -7,16 +9,19 @@
 <ruleset name="B. E. Smith">
 
 	<target host="besmith.com" />
-	<target host="*.besmith.com" />
+	<target host="ex1.besmith.com" />
+	<target host="mail.besmith.com" />
+	<target host="thebridge.besmith.com" />
+	<target host="www.besmith.com" />
+	<target host="autodiscover.besmith.com" />
 
 
 	<securecookie host=".+\.besmith\.com$" name=".+" />
 
 
-	<rule from="^http://((?:ex1|mail|thebridge|www)\.)?besmith\.com/"
-		to="https://$1besmith.com/" />
 
 	<rule from="^http://autodiscover\.besmith\.com/"
 		to="https://autodiscover-s.outlook.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Babbel.com-falsemixed.xml b/src/chrome/content/rules/Babbel.com-falsemixed.xml
new file mode 100644
index 000000000000..bf455972a66a
--- /dev/null
+++ b/src/chrome/content/rules/Babbel.com-falsemixed.xml
@@ -0,0 +1,16 @@
+<!--
+	For rules not causing false/broken MCB, see Babbel.com.xml.
+
+-->
+<ruleset name="Babbel.com (false MCB)" platform="mixedcontent">
+
+	<target host="blog.babbel.com" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Babbel.com.xml b/src/chrome/content/rules/Babbel.com.xml
new file mode 100644
index 000000000000..3645b1122e37
--- /dev/null
+++ b/src/chrome/content/rules/Babbel.com.xml
@@ -0,0 +1,42 @@
+<!--
+	For rules causing false/broken MCB, see Babbel.com-falsemixed.xml.
+
+
+	Problematic hosts in *babbel.com:
+
+		- about ᵐ
+		- blog ˣ
+		- bytes ᵐ
+		- jobs ᵐ
+		- press ᵐ
+
+	ᵐ Mismatched
+	ˣ Mixed css
+
+
+	Mixed content:
+
+		- css on blog from $self *
+		- Images on blog from $self *
+		- Bug on blog from c.statcounter.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Babbel.com (partial)">
+
+	<target host="babbel.com" />
+	<target host="accounts.babbel.com" />
+	<!--target host="blog.babbel.com" /-->
+	<target host="go.babbel.com" />
+	<target host="www.babbel.com" />
+
+
+	<securecookie host="^\." name="^_gat?$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BabelZilla.org.xml b/src/chrome/content/rules/BabelZilla.org.xml
new file mode 100644
index 000000000000..4ed1360a912e
--- /dev/null
+++ b/src/chrome/content/rules/BabelZilla.org.xml
@@ -0,0 +1,35 @@
+<!--
+	Invalid certificate:
+		api.babelzilla.org
+		babelwiki.babelzilla.org
+		bag.babelzilla.org
+		beta.babelzilla.org
+		cloud.babelzilla.org
+		dev.babelzilla.org
+		framadate.babelzilla.org
+		mail.babelzilla.org
+		survey.babelzilla.org
+		translate.babelzilla.org
+		webmail.babelzilla.org
+		wtd.babelzilla.org
+		wts.babelzilla.org
+
+	Refused:
+		status.babelzilla.org
+
+	No working URL known:
+		cms.babelzilla.org
+
+-->
+<ruleset name="BabelZilla">
+
+	<target host="babelzilla.org" />
+	<target host="www.babelzilla.org" />
+	<target host="blog.babelzilla.org" />
+
+	<securecookie host="^\.?babelzilla\.org$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BabelZilla.xml b/src/chrome/content/rules/BabelZilla.xml
deleted file mode 100644
index 78f579469fe7..000000000000
--- a/src/chrome/content/rules/BabelZilla.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- babelwiki *
-		- blog *
-
-	* Shows www
-
--->
-<ruleset name="BabelZilla" default_off="expired">
-
-	<target host="babelzilla.org" />
-	<target host="*.babelzilla.org" />
-
-
-	<securecookie host="^\.?babelzilla\.org$" name=".+" />
-
-
-	<rule from="^https?://(?:www\.)?babelzilla\.org/"
-		to="https://babelzilla.org/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Babeljs.io.xml b/src/chrome/content/rules/Babeljs.io.xml
new file mode 100644
index 000000000000..352ebdb1fb5a
--- /dev/null
+++ b/src/chrome/content/rules/Babeljs.io.xml
@@ -0,0 +1,6 @@
+<ruleset name="Babeljs.io">
+  <target host="babeljs.io" />
+  <target host="www.babeljs.io" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/BabyDiscuss.com.xml b/src/chrome/content/rules/BabyDiscuss.com.xml
new file mode 100644
index 000000000000..32324ea17ccd
--- /dev/null
+++ b/src/chrome/content/rules/BabyDiscuss.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="BabyDiscuss.com">
+	<target host="babydiscuss.com" />
+	<target host="www.babydiscuss.com" />
+	<target host="demo2020.babydiscuss.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/BabyMed.com.xml b/src/chrome/content/rules/BabyMed.com.xml
index 2992eda07e1c..0fc8fd74f9c6 100644
--- a/src/chrome/content/rules/BabyMed.com.xml
+++ b/src/chrome/content/rules/BabyMed.com.xml
@@ -16,4 +16,4 @@
 	<rule from="^http://(?:www\.)?babymed\.com/(favicon\.ico|sites/|themes/|user(?:$|\?/))"
 		to="https://www.babymed.com/$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Babylon.xml b/src/chrome/content/rules/Babylon.xml
index 5920d4b27d9a..20da1492870c 100644
--- a/src/chrome/content/rules/Babylon.xml
+++ b/src/chrome/content/rules/Babylon.xml
@@ -1,4 +1,3 @@
-
 <!--
 	Nonfunctional subdomains:
 
@@ -9,13 +8,14 @@
 -->
 <ruleset name="Babylon (partial)">
 
-	<target host="*.babylon.com" />
+	<target host="img.babylon.com" />
+	<target host="store.babylon.com" />
+	<target host="utils.babylon.com" />
 
 
-	<securecookie host="^store\.babylon\.com$" name=".*" />
+	<securecookie host="^store\.babylon\.com$" name=".+" />
 
 
-	<rule from="^http://(img|store|utils)\.babylon\.com/"
-		to="https://$1.babylon.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Backblaze.com.xml b/src/chrome/content/rules/Backblaze.com.xml
new file mode 100644
index 000000000000..8ed4942f596d
--- /dev/null
+++ b/src/chrome/content/rules/Backblaze.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="Backblaze">
+	<target host="backblaze.com" />
+	<target host="www.backblaze.com" />
+	<target host="secure.backblaze.com" />
+
+  	<securecookie host="^(www|secure)\.backblaze\.com$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Backbone-Security.xml b/src/chrome/content/rules/Backbone-Security.xml
index 4219cf445d16..b592c72426a0 100644
--- a/src/chrome/content/rules/Backbone-Security.xml
+++ b/src/chrome/content/rules/Backbone-Security.xml
@@ -1,9 +1,10 @@
-<ruleset name="Backbone Security" platform="mixedcontent">
+<ruleset name="Backbone Security.com">
 
 	<target host="backbonesecurity.com" />
 	<target host="www.backbonesecurity.com" />
 
-	<rule from="^http://(www\.)?backbonesecurity\.com/"
-		to="https://$1backbonesecurity.com/" />
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Backbox.org.xml b/src/chrome/content/rules/Backbox.org.xml
new file mode 100644
index 000000000000..2d98340f20bc
--- /dev/null
+++ b/src/chrome/content/rules/Backbox.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="Backbox.org">
+	<target host="backbox.org" />
+	<target host="www.backbox.org" />
+	<target host="forum.backbox.org" />
+	<target host="wiki.backbox.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Backcountry.com.xml b/src/chrome/content/rules/Backcountry.com.xml
index fb4de7907d93..cbb98722788a 100644
--- a/src/chrome/content/rules/Backcountry.com.xml
+++ b/src/chrome/content/rules/Backcountry.com.xml
@@ -12,19 +12,24 @@
 <ruleset name="Backcountry.com (partial)">
 
 	<target host="backcountry.com" />
-	<target host="*.backcountry.com" />
+	<target host="www.backcountry.com" />
+	<target host="api.backcountry.com" />
+	<target host="beta.backcountry.com" />
+	<target host="m.backcountry.com" />
+	<target host="content.backcountry.com" />
+	<target host="promoimages.backcountry.com" />
 
 
 	<securecookie host="^m\.backcountry\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?backcountry\.com/(css|images|promo_upload)/"
+	<rule from="^http://(?:www\.)?backcountry\.com/(css|images|promo_upload)/"
 		to="https://www.backcountry.com/$1/" />
 
 	<rule from="^http://(api|beta|m)\.backcountry\.com/"
 		to="https://$1.backcountry.com/" />
 
-	<rule from="^https?://(?:content|promoimages)\.backcountry\.com/"
+	<rule from="^http://(?:content|promoimages)\.backcountry\.com/"
 		to="https://www.backcountry.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Backdrift.org.xml b/src/chrome/content/rules/Backdrift.org.xml
new file mode 100644
index 000000000000..f0a4d5903673
--- /dev/null
+++ b/src/chrome/content/rules/Backdrift.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="Backdrift.org">
+	<target host="backdrift.org" />
+	<target host="www.backdrift.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Backlift.com.xml b/src/chrome/content/rules/Backlift.com.xml
deleted file mode 100644
index 461d1b6fc275..000000000000
--- a/src/chrome/content/rules/Backlift.com.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	Fully covered subdomains:
-
-		- (www.)
-		- blog
-		- docs
-
--->
-<ruleset name="Backlift.com">
-
-	<target host="backlift.com" />
-	<target host="*.backlift.com" />
-
-
-	<securecookie host="^(?:\w+\.)?backlift\.com$" name=".+" />
-
-
-	<rule from="^http://((?:blog|docs|www)\.)?backlift\.com/"
-		to="https://$1backlift.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Backloggery.com.xml b/src/chrome/content/rules/Backloggery.com.xml
new file mode 100644
index 000000000000..5733417218c5
--- /dev/null
+++ b/src/chrome/content/rules/Backloggery.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="Backloggery.com" platform="mixedcontent">
+	<target host="backloggery.com" />
+	<target host="www.backloggery.com" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Backpack.tf.xml b/src/chrome/content/rules/Backpack.tf.xml
new file mode 100644
index 000000000000..7ef43779efcf
--- /dev/null
+++ b/src/chrome/content/rules/Backpack.tf.xml
@@ -0,0 +1,11 @@
+<ruleset name="Backpack.tf">
+	<target host="backpack.tf" />
+	<target host="www.backpack.tf" />
+	<target host="csgo.backpack.tf" />
+	<target host="dota2.backpack.tf" />
+	<target host="forums.backpack.tf" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/BackpackersLucerne.ch.xml b/src/chrome/content/rules/BackpackersLucerne.ch.xml
new file mode 100644
index 000000000000..c8c96b708b33
--- /dev/null
+++ b/src/chrome/content/rules/BackpackersLucerne.ch.xml
@@ -0,0 +1,11 @@
+<ruleset name="Backpackers Lucerne">
+
+	<target host="backpackerslucerne.ch" />
+	<target host="www.backpackerslucerne.ch" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Backpage.com.xml b/src/chrome/content/rules/Backpage.com.xml
new file mode 100644
index 000000000000..963b9ecdd183
--- /dev/null
+++ b/src/chrome/content/rules/Backpage.com.xml
@@ -0,0 +1,31 @@
+<!--
+	Nonfunctional hosts in *backpage.com:
+
+		- (www.)? ¹
+		- posting.www ²
+
+	¹ 404
+	² Redirects to www.backpage.com
+
+
+	Insecure cookies are set for these domains:
+
+		- .backpage.com
+
+-->
+<ruleset name="Backpage.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="my.backpage.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.backpage\.com$" name="^my$" /-->
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Backstreet-International-Merchandise.xml b/src/chrome/content/rules/Backstreet-International-Merchandise.xml
index 3e2fc032b31f..95a347ae5cb6 100644
--- a/src/chrome/content/rules/Backstreet-International-Merchandise.xml
+++ b/src/chrome/content/rules/Backstreet-International-Merchandise.xml
@@ -1,13 +1,42 @@
+<!--
+	Problematic hosts:
+
+		- (www.)?backstreet-merch.com ¹ ²
+
+	¹ Expired
+	² Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.backstreetmerch.com
+
+-->
 <ruleset name="Backstreet International Merchandise">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="backstreetmerch.com"/>
+	<target host="images.backstreetmerch.com"/>
 	<target host="www.backstreetmerch.com"/>
+
+	<!--	Complications:
+				-->
 	<target host="backstreet-merch.com"/>
 	<target host="www.backstreet-merch.com"/>
 
-	<securecookie host="^(.*\.)?backstreet-?merch\.com$" name=".*"/>
 
-	<rule from="^http://(www\.)?backstreet(-)?merch\.com/"
-		to="https://$1backstreet$2merch.com/"/>
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.backstreetmerch\.com$" name="^BSI_StoreFront_SessionID_v2$" /-->
+
+	<securecookie host="^(?:.*\.)?backstreetmerch\.com$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?backstreet-merch\.com/"
+		to="https://www.backstreetmerch.com/"/>
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Backupify.xml b/src/chrome/content/rules/Backupify.xml
index cbb57c1dbccf..56ad1b99d241 100644
--- a/src/chrome/content/rules/Backupify.xml
+++ b/src/chrome/content/rules/Backupify.xml
@@ -2,7 +2,7 @@
   <target host="backupify.com" />
   <target host="www.backupify.com" />
 
-  <securecookie host="^(.*\.)?backupify\.com$" name=".*" />
+  <securecookie host=".+" name=".+" />
 
-  <rule from="^http://(?:www\.)?backupify\.com/" to="https://www.backupify.com/"/>
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/BadgeKit.org.xml b/src/chrome/content/rules/BadgeKit.org.xml
new file mode 100644
index 000000000000..efa0ad0f4504
--- /dev/null
+++ b/src/chrome/content/rules/BadgeKit.org.xml
@@ -0,0 +1,46 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://api.badgekit.org/ => https://api.badgekit.org/: (6, 'Could not resolve host: api.badgekit.org')
+
+	For other Mozilla coverage, see Mozilla.xml.
+
+
+	Fully covered hosts in *badgekit.org:
+
+		- (www.)?
+		- api
+
+
+	These altnames don't exist:
+
+		- backpack.badgekit.org
+		- badges.badgekit.org
+		- openbadges.badgekit.org
+
+
+	Insecure cookies are set for these hosts:
+
+		- badgekit.org
+
+-->
+<ruleset name="BadgeKit.org" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="badgekit.org" />
+	<target host="api.badgekit.org" />
+	<target host="www.badgekit.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^badgekit\.org$" name="^(AWSELB|session)$" /-->
+
+	<securecookie host="^badgekit\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Badgeville.com-problematic.xml b/src/chrome/content/rules/Badgeville.com-problematic.xml
index 872794e1d0b5..db0830936ff2 100644
--- a/src/chrome/content/rules/Badgeville.com-problematic.xml
+++ b/src/chrome/content/rules/Badgeville.com-problematic.xml
@@ -5,7 +5,8 @@
 <ruleset name="Badgeville.com (problematic)" default_off="expired, self-signed">
 
 	<target host="badgeville.com" />
-	<target host="*.badgeville.com" />
+	<target host="community.badgeville.com" />
+	<target host="www.badgeville.com" />
 
 
 	<securecookie host="^\.?badgeville\.com$" name=".+" />
@@ -14,4 +15,4 @@
 	<rule from="^http://(?:(community\.)|www\.)?badgeville\.com/"
 		to="https://$1badgeville.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Badgeville.com.xml b/src/chrome/content/rules/Badgeville.com.xml
deleted file mode 100644
index b885031bf18d..000000000000
--- a/src/chrome/content/rules/Badgeville.com.xml
+++ /dev/null
@@ -1,40 +0,0 @@
-<!--
-	For problematic rules, see Badgeville.com-problematic.xml.
-
-
-	CDN buckets:
-
-		- s3.amazonaws.com/badgeville-production-styles/
-
-		- badgeville.wpengine.com
-
-			- blog
-
-
-	Nonfunctional subdomains:
-
-		- blog	(redirects to http, wpengine)
-
-
-	Problematic subdomains:
-
-		- (www.)	(works; expired 2010-09-02, self-signed, CN: *.acquia-sties.com)
-		- community	(works, expired 2013-07-21)
-
-
-	Fully covered subdomains:
-
-		- users.admin
-		- api.v2
-
--->
-<ruleset name="Badgeville.com (partial)">
-
-	<target host="users.admin.badgeville.com" />
-	<target host="api.v2.badgeville.com" />
-
-
-	<rule from="^http://(users\.admin|api\.v2)\.badgeville\.com/"
-		to="https://$1.badgeville.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Badische-zeitung.de.xml b/src/chrome/content/rules/Badische-zeitung.de.xml
new file mode 100644
index 000000000000..6ea6b5bac8ee
--- /dev/null
+++ b/src/chrome/content/rules/Badische-zeitung.de.xml
@@ -0,0 +1,25 @@
+<!--
+	HTTP redirect:
+		- badische-zeitung.de
+		- www.badische-zeitung.de
+		- anzeigen.badische-zeitung.de
+
+	Refused:
+		- handelsregister.badische-zeitung.de
+
+	Mismatch:
+		- jobs.badische-zeitung.de
+
+	Timeout:
+		- blogs.badische-zeitung.de
+-->
+<ruleset name="Badische-zeitung.de (partial)">
+	<target host="ais.badische-zeitung.de" />
+	<target host="ezeitung.badische-zeitung.de" />
+	<target host="flirt.badische-zeitung.de" />
+	<target host="img.badische-zeitung.de" />
+	<target host="inserieren.badische-zeitung.de" />
+	<target host="media.badische-zeitung.de" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Badongo.xml b/src/chrome/content/rules/Badongo.xml
deleted file mode 100644
index 600b81b2f47b..000000000000
--- a/src/chrome/content/rules/Badongo.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--	ToDo: find edgecastcdn buckets
--->
-<ruleset name="Badongo (partial)">
-
-	<target host="badongo.com"/>
-	<target host="*.badongo.com"/>
-
-	<rule from="^http://(?:www\.)?badongo\.com/(inc/|(?:imag|styl)es/|login)"
-		to="https://www.badongo.com/$1"/>
-
-	<rule from="^http://cdn\d\w\.badongo\.com/\w{1,6}/(imag|styl)es/"
-		to="https://www.badongo.com/$1es/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Badoo.com.xml b/src/chrome/content/rules/Badoo.com.xml
deleted file mode 100644
index cab02eb4a409..000000000000
--- a/src/chrome/content/rules/Badoo.com.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="Badoo.com">
-  <target host="www.badoo.com" />
-  <target host="badoo.com" />
-  <rule from="^http://www\.badoo\.com/" to="https://www.badoo.com/"/>
-  <rule from="^http://badoo\.com/" to="https://www.badoo.com/"/>
-</ruleset>
-
diff --git a/src/chrome/content/rules/Badosoft.com.xml b/src/chrome/content/rules/Badosoft.com.xml
new file mode 100644
index 000000000000..50cf82a0b6d0
--- /dev/null
+++ b/src/chrome/content/rules/Badosoft.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- www.badosoft.com
+
+-->
+<ruleset name="Badosoft.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="badosoft.com" />
+	<target host="www.badosoft.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.badosoft\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^www\.badosoft\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Badssl.com.xml b/src/chrome/content/rules/Badssl.com.xml
new file mode 100644
index 000000000000..87f77e38b609
--- /dev/null
+++ b/src/chrome/content/rules/Badssl.com.xml
@@ -0,0 +1,13 @@
+<!--
+    Not secured subdomains:
+        - All subdomains except of the HTTPS Everywhere test are not secured, because this can
+          influence tests and cause unexpected results.
+-->
+<ruleset name="Badssl.com">
+    <target host="badssl.com" />
+    <!-- see https://github.com/lgarron/badssl.com/issues/80 -->
+    <target host="https-everywhere.badssl.com" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Badwarebusters.org.xml b/src/chrome/content/rules/Badwarebusters.org.xml
index d66aef7f49c0..894c05d7b372 100644
--- a/src/chrome/content/rules/Badwarebusters.org.xml
+++ b/src/chrome/content/rules/Badwarebusters.org.xml
@@ -1,6 +1,14 @@
 <ruleset name="Badwarebusters.org">
-  <target host="badwarebusters.org" />
-  <target host="www.badwarebusters.org" />
 
-  <rule from="^http://(?:www\.)?badwarebusters\.org/" to="https://badwarebusters.org/" />
+	<target host="badwarebusters.org" />
+	<target host="www.badwarebusters.org" />
+
+
+	<!--	Server doesn't set Secure for:
+						-->
+	<securecookie host="^(?:www)?\.badwarebusters\.org$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/Baekdal.xml b/src/chrome/content/rules/Baekdal.xml
index 802bef09884a..5367c2dc4c45 100644
--- a/src/chrome/content/rules/Baekdal.xml
+++ b/src/chrome/content/rules/Baekdal.xml
@@ -21,18 +21,9 @@
 
 	<target host="baekdal.com" />
 	<target host="www.baekdal.com" />
-		<exclusion pattern="^http://(?:www\.)?baekdal\.com/(?:about|analysis|insights|notes|opinion|plus|trends)" />
-
 
 	<!--securecookie host="^www\.baekdal\.com$" name=".+" /-->
 
+	<rule from="^http:" to="https:" />
 
-	<rule from="^http://(?:www\.)?baekdal\.com/"
-		to="https://www.baekdal.com/" />
-
-	<!--	Protocol-relative links:
-						-->
-	<rule from="^https://(?:www\.)?baekdal\.com/(about|analysis|insights|notes|opinion|plus|trends)"
-		to="http://www.baekdal.com/$1" downgrade="1" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Bagatoo.se.xml b/src/chrome/content/rules/Bagatoo.se.xml
index 2e2097513808..01cb8fcde661 100644
--- a/src/chrome/content/rules/Bagatoo.se.xml
+++ b/src/chrome/content/rules/Bagatoo.se.xml
@@ -1,7 +1,16 @@
-<ruleset name="Bagatoo.se">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.bagatoo.se/ => https://www.bagatoo.se/: Too many redirects while fetching 'https://www.bagatoo.se/'
+Fetch error: http://bagatoo.se/ => https://bagatoo.se/: Too many redirects while fetching 'https://bagatoo.se/'
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.bagatoo.se/ => https://www.bagatoo.se/: Cycle detected - URL already encountered: https://bagatoo.se/
+Fetch error: http://bagatoo.se/ => https://bagatoo.se/: Cycle detected - URL already encountered: https://bagatoo.se/
+-->
+<ruleset name="Bagatoo.se" default_off="failed ruleset test">
   <target host="www.bagatoo.se" />
   <target host="bagatoo.se" />
-  <rule from="^http://www\.bagatoo\.se/" to="https://www.bagatoo.se/"/>
-  <rule from="^http://bagatoo\.se/" to="https://bagatoo.se/"/>
+  <rule from="^http:" to="https:" />
 </ruleset>
 
diff --git a/src/chrome/content/rules/Bagnet.org.xml b/src/chrome/content/rules/Bagnet.org.xml
new file mode 100644
index 000000000000..25dbd83dfbfd
--- /dev/null
+++ b/src/chrome/content/rules/Bagnet.org.xml
@@ -0,0 +1,45 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.bagnet.org/skin/v2/css/reset.css => https://www.bagnet.org/skin/v2/css/reset.css: (7, 'Failed to connect to www.bagnet.org port 443: Connection refused')
+Fetch error: http://bagnet.org/ => https://bagnet.org/: (7, 'Failed to connect to bagnet.org port 443: Connection refused')
+
+	Nonfunctional subdomains:
+
+		- cdn *
+
+	* Shows www
+
+-->
+<ruleset name="Bagnet.org (partial)" default_off="failed ruleset test">
+
+	<target host="bagnet.org" />
+	<target host="www.bagnet.org" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.bagnet\.org/($|login$|news/\w+/\d+$|register$|remind$)" /-->
+		<!--
+			404:
+				-->
+		<!--exclusion pattern="^http://www\.bagnet\.org/favicon\.ico" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.bagnet\.org/(?!skin/|vendor/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.bagnet.org/favicon.ico" />
+			<test url="http://www.bagnet.org/login" />
+			<test url="http://www.bagnet.org/register" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.bagnet.org/skin/v2/css/reset.css" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bahiaoui.net.xml b/src/chrome/content/rules/Bahiaoui.net.xml
new file mode 100644
index 000000000000..3f462e285d7f
--- /dev/null
+++ b/src/chrome/content/rules/Bahiaoui.net.xml
@@ -0,0 +1,8 @@
+<ruleset name="Bahiaoui.net">
+	<target host="bahiaoui.net" />
+	<target host="www.bahiaoui.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Bahn.de.xml b/src/chrome/content/rules/Bahn.de.xml
index 7b30da390d70..e705dbafbb14 100644
--- a/src/chrome/content/rules/Bahn.de.xml
+++ b/src/chrome/content/rules/Bahn.de.xml
@@ -1,7 +1,24 @@
+<!--
+	Incomplete certificate chain:
+	- ^
+-->
+
 <ruleset name="Bahn.de">
-<target host="*.bahn.de" />
-  <target host="bahn.de" />
+	<target host="bahn.de" />
+	<target host="www.bahn.de" />
+	<target host="fahrkarten.bahn.de" />
+	<target host="grosskunden.bahn.de" />
+	<target host="mobile.bahn.de" />
+	<target host="ps.bahn.de" />
+	<target host="reiseauskunft.bahn.de" />
+
+	<target host="bahnshop.de" />
+	<target host="www.bahnshop.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://bahn\.de/"
+		  to="https://www.bahn.de/" />
 
-  <rule from="^http://bahn\.de/" to="https://www.bahn.de/"/>
-  <rule from="^http://(fahrkarten|grosskunden|mobile|ps|reisauskunft|reisauskunft-iat|www)\.bahn\.de/" to="https://$1.bahn.de/"/>
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Bahnhof.se.xml b/src/chrome/content/rules/Bahnhof.se.xml
new file mode 100644
index 000000000000..d762a5e6c983
--- /dev/null
+++ b/src/chrome/content/rules/Bahnhof.se.xml
@@ -0,0 +1,25 @@
+<!--
+	Nonfunctional hosts in *.bahnhof.se:
+		- tptest.bahnhof.se (t)
+		- user.bahnhof.se (e)
+		- web1.bahnhof.se (e)
+		- web2.bahnhof.se (e)
+
+	Customercontrolled subdomains:
+		- *.cust.bahnhof.se
+		- *.priv.bahnhof.se
+		- *.user.bahnhof.se
+
+	e: expired certificate
+	t: timeout on https
+-->
+<ruleset name="Bahnhof.se">
+	<target host="bahnhof.se" />
+	<target host="www.bahnhof.se" />
+	<target host="dhcp.bahnhof.se" />
+	<target host="ecs.bahnhof.se" />
+	<target host="epost.bahnhof.se" />
+	<target host="privat.bahnhof.se" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Baidu.xml b/src/chrome/content/rules/Baidu.xml
index 03504a5133a1..d0900b9850d7 100644
--- a/src/chrome/content/rules/Baidu.xml
+++ b/src/chrome/content/rules/Baidu.xml
@@ -1,56 +1,290 @@
 <!--
+	Other Baidu rulesets:
+		- baidustatic.com.xml
+		- bcebos.com.xml
+		- Bdimg.com.xml
+		- bdstatic.com.xml
+		- Hao123.com.xml
 
-	Nonfunctional domains:
+	500:
+		adscdn.baidu.com
+		pay.baidu.com
 
+	Equal to https hosts:
+		financestatic.baidu.com	=>	8.baidu.com
+		tb.himg.baidu.com		=>	himg.baidu.com
+		*.hiphotos.baidu.com	=>	hiphotos.baidu.com
+		static.tieba.baidu.com	=>	tieba.baidu.com
 
-		- baidu.com subdomains:
+		dq.tieba.com			=>	tieba.baidu.com
 
-			- eiv *
-			- gimg *
-			- img *
-			- imgsrc *
-			- bdimg.share *
-			- tieba *
-			- static.tieba *
-			- wap *
+	Handshake fails:
+		en.browser.baidu.com
+		m.site.baidu.com
+		sparksecurity.baidu.com
+		baishi.baidu.com
 
-		- cdn.iknow.bdimg.com *
-		- tb[12].bdstatic.com *
+	MCB：
+		share.baidu.com
+		shouji.baidu.com
+		top.baidu.com
 
-	* Times out
+	Redirect to http:
+		ir.baidu.com
+		musicdata.baidu.com
+		research.baidu.com
+		tieba.baidu.com			some pages
+		usa.baidu.com
+		v.baidu.com				https on v.baidu.com/$ but redirect to http on other pages
+		www.video.baidu.com
+		list.video.baidu.com
 
+	Shows another domain:
+		downpack.baidu.com		http://downpack.baidu.com/doctorthumb_AndroidPhone_1012469d.apk
 
-	Problematic domains:
+	Timeout:
+		adm.baidu.com
+		apistore.baidu.com
+		bbs.apistore.baidu.com
+		appsearchcdn.baidu.com
+		xuxuhong.baijia.baidu.com
+		zhengshangcanyue.baijia.baidu.com
+		ticket.bce.baidu.com
+		bdl.baidu.com
+		datax.baidu.com			https://travis-ci.org/github/EFForg/https-everywhere/jobs/577122408#L678
+		dl.browser.baidu.com
+		dl2.browser.baidu.com
+		dida.baidu.com
+		duokoo.baidu.com
+		e.baidu.com
+		echarts.baidu.com
+		eiv.baidu.com
+		finance.baidu.com
+		global.baidu.com
+		italk.baidu.com
+		jp.baidu.com
+		lbsyun.baidu.com
+		bbs.lbsyun.baidu.com
+		libs.baidu.com
+		licai.baidu.com
+		r.m.baidu.com
+		mo.baidu.com
+		mp3.baidu.com
+		music.baidu.com
+		shehui.news.baidu.com
+		op.baidu.com
+		ours.baidu.com
+		pcappstore.baidu.com
+		pos.baidu.com
+		cm.pos.baidu.com
+		wn.pos.baidu.com
+		qianbao.baidu.com
+		r.baidu.com
+		rj.baidu.com
+		bdimg.share.baidu.com
+		siteapp.baidu.com
+		m.siteapp.baidu.com
+		t[012].baidu.com
+		talent.baidu.com
+		utility.baidu.com
+		wanba.baidu.com
+		wangmeng.baidu.com
+		wapmap.baidu.com
+		wubi.baidu.com
+		xteam.baidu.com
+		yunjiasu.baidu.com
+		yuqing.baidu.com
 
-		- developer.baidu.com	(mismatched, CN: openapi.baidu.com)
-		- apps.bdimg.com *
-		- apps[123].bdimg.com *
+	Timeout on Tor and travis:
+		bce.baidu.com			https://travis-ci.org/github/EFForg/https-everywhere/jobs/681011123#L429
+		cloud.baidu.com			https://travis-ci.org/github/EFForg/https-everywhere/jobs/443982887#L662
+		flight.baidu.com		https://travis-ci.org/github/EFForg/https-everywhere/jobs/681011123#L430
+		mbd.baidu.com			https://travis-ci.org/github/EFForg/https-everywhere/jobs/681011123#L432
+		c.pcs.baidu.com			https://travis-ci.org/github/EFForg/https-everywhere/jobs/446459580#L707
+		shoujiweishi.baidu.com
+		ss0.baidu.com			https://travis-ci.org/github/EFForg/https-everywhere/jobs/685629313#L430
+		translate.baidu.com		https://travis-ci.org/github/EFForg/https-everywhere/jobs/681011123#L434
+-->
+<ruleset name="Baidu (partial)">
+	<!--	Direct rewrites:	-->
+	<target host="baidu.com" />
+	<target host="www.baidu.com" />
+	<target host="8.baidu.com" />
+	<target host="baifubao.baidu.com" />
+	<target host="baike.baidu.com" />
+	<!-- <target host="baishi.baidu.com" /> -->
+	<target host="login.bce.baidu.com" />
+	<target host="cas.baidu.com" />
+	<target host="ce.baidu.com" />
+	<target host="cpro.baidu.com" />
+	<target host="developer.baidu.com" />
+	<target host="downapp.baidu.com" />
+	<target host="eclick.baidu.com" />
+		<test url="http://eclick.baidu.com/rs.jpg" />
+	<target host="fanyi.baidu.com" />
+	<target host="gaokao.baidu.com" />
+	<target host="gate.baidu.com" />
+	<target host="gsp0.baidu.com" />
+	<target host="gsp1.baidu.com" />
+	<target host="gsp2.baidu.com" />
+	<target host="gsp3.baidu.com" />
+	<target host="gss0.baidu.com" />
+		<test url="http://gss0.baidu.com/6qVTsjikBxIFlNKl8IuM_a/browse_static/https/index/widget/video/videoItem_change/getmore_d9e112a.gif" />
+	<target host="gss1.baidu.com" />
+	<target host="gss2.baidu.com" />
+	<target host="gss3.baidu.com" />
+	<target host="haoma.baidu.com" />
+	<target host="help.baidu.com" />
+	<target host="hi.baidu.com" />
+	<target host="himg.baidu.com" />
+	<target host="hiphotos.baidu.com" />
+	<target host="hm.baidu.com" />
+		<test url="http://hm.baidu.com/h.js" />
+	<target host="home.baidu.com" />
+	<target host="image.baidu.com" />
+	<target host="imgsrc.baidu.com" />
+		<test url="http://imgsrc.baidu.com/forum/pic/item/dcee74d9f2d3572c4d7770b68d13632763d0c387.jpg" />
+	<target host="index.baidu.com" />
+	<target host="indexrcv.baidu.com" />
+	<target host="jingyan.baidu.com" />
+	<target host="m.baidu.com" />
+	<target host="m1.baidu.com" />
+	<target host="m2.baidu.com" />
+	<target host="m3.baidu.com" />
+	<target host="m4.baidu.com" />
+	<target host="m5.baidu.com" />
+	<target host="m6.baidu.com" />
+	<target host="m7.baidu.com" />
+	<target host="m8.baidu.com" />
+	<target host="m9.baidu.com" />
+	<target host="m10.baidu.com" />
+	<target host="m11.baidu.com" />
+	<target host="m12.baidu.com" />
+	<target host="m13.baidu.com" />
+	<target host="map.baidu.com" />
+	<target host="api.map.baidu.com" />
+	<target host="muzhi.baidu.com" />
+	<target host="news.baidu.com" />
+	<target host="open2.baidu.com" />
+	<target host="pan.baidu.com" />
+	<target host="passport.baidu.com" />
+	<target host="pcs.baidu.com" />
+	<target host="d.pcs.baidu.com" />
+	<target host="pda.baidu.com" />
+	<target host="qianbao.baidu.com" />
+	<target host="qingting.baidu.com" />
+	<target host="sp0.baidu.com" />
+	<target host="ss0.baidu.com" />
+		<test url="http://ss0.baidu.com/6ONWsjip0QIZ8tyhnq/it/u=741647934,3418479157&amp;fm=173" />
+	<target host="su.baidu.com" />
+	<target host="tbmsg.baidu.com" />
+	<target host="tousu.baidu.com" />
+	<target host="trends.baidu.com" />
+	<target host="wallet.baidu.com" />
+	<target host="wap.baidu.com" />
+	<target host="wapbaike.baidu.com" />
+	<target host="wapp.baidu.com" />
+	<target host="wenku.baidu.com" />
+	<target host="xueshu.baidu.com" />
+	<target host="yingxiao.baidu.com"/>
+	<target host="youke.baidu.com"/>
+	<target host="yun.baidu.com"/>
+	<target host="zhanzhang.baidu.com" />
+	<target host="zhitongche.baidu.com" />
+	<target host="ziyuan.baidu.com" />
 
-	* Times out
+	<!--	Complications:	-->
 
+	<target host="financestatic.baidu.com" />
+	<rule from="^http://financestatic\.baidu\.com/"
+		to="https://8.baidu.com/" />
 
-	Fully covered domains:
+	<target host="gimg.baidu.com" />
+	<target host="img.baidu.com" />
+	<!--	404:	-->
+	<exclusion pattern="^http://g?img\.baidu\.com/$" />
+		<test url="http://gimg.baidu.com/img/gs.gif" />
+		<test url="http://img.baidu.com/hunter/alog/alog.min.js" />
 
-		- baidu.com subdomains:
+	<target host="tb.himg.baidu.com" />
+	<rule from="^http://tb\.himg\.baidu\.com/"
+		to="https://himg.baidu.com/" />
+		<test url="http://tb.himg.baidu.com/sys/portrait/item/1a1a48725fe88ba5e58db3e88ba5e7a6bbd4a2" />
 
-			- developer	(→ openapi)
-			- openapi
-			- passport
+	<target host="*.hiphotos.baidu.com" />
+	<rule from="^http://\S+\.hiphotos\.baidu\.com/"
+		to="https://hiphotos.baidu.com/" />
+		<test url="http://a.hiphotos.baidu.com/album/pic/item/b3fb43166d224f4a42c293870bf790529922d1cf.jpg" />
+		<test url="http://h.hiphotos.baidu.com/album/pic/item/b3fb43166d224f4a42c293870bf790529922d1cf.jpg" />
+		<test url="http://123.h.hiphotos.baidu.com/album/pic/item/b3fb43166d224f4a42c293870bf790529922d1cf.jpg" />
 
-		- apps.bdimg.com	(→ openapi.baidu.com)
-		- apps\d.bdimg.com	(→ openapi.baidu.com)
+	<target host="openapi.baidu.com" />
+	<rule from="^http://openapi\.baidu\.com/"
+		to="https://developer.baidu.com/" />
 
--->
-<ruleset name="Baidu (partial)">
+	<!--	Tieba mirrors and imgs	-->
+	<target host="tieba.baidu.com" />
+		<test url="http://tieba.baidu.com/f/index" />
+		<test url="http://tieba.baidu.com/mo/" />
+		<test url="http://tieba.baidu.com/mo_wowap_pb/" />
+		<test url="http://tieba.baidu.com/acer" />
+		<test url="http://tieba.baidu.com/firefox" />
+		<test url="http://tieba.baidu.com/skype" />
+		<test url="http://tieba.baidu.com/f/search/res?qw=firefox" />
+	<rule from="^http://tieba\.baidu\.com/f/index/"
+		to="https://jump2.bdimg.com/f/index/" />
+		<test url="http://tieba.baidu.com/f/index/" />
+		<test url="http://tieba.baidu.com/f/index/forumclass" />
+	<rule from="^http://tieba\.baidu\.com/hottopic"
+		to="https://jump2.bdimg.com/hottopic" />
+		<test url="http://tieba.baidu.com/hottopic" />
+		<test url="http://tieba.baidu.com/hottopic/" />
+		<test url="http://tieba.baidu.com/hottopic/browse/hottopic" />
+		<test url="http://tieba.baidu.com/hottopic/browse/hottopic?topic_id=277661&amp;topic_name=%E9%97%B7%E6%AD%BB%E8%80%81%E4%BA%BA%E4%BF%9D%E5%A7%86%E8%A2%AB%E5%88%91%E6%8B%98" />
+
+	<target host="c.tieba.baidu.com" />
+	<rule from="^http://c\.tieba\.baidu\.com/"
+		to="https://tieba.baidu.com/" />
+		<test url="http://c.tieba.baidu.com/p/6234958717" />
 
-	<target host="*.baidu.com" />
-	<target host="*.bdimg.com" />
+	<target host="dq.tieba.com" />
+	<rule from="^http://dq\.tieba\.com/"
+		to="https://tieba.baidu.com/" />
 
+	<target host="m.tiebaimg.com" />
+	<exclusion pattern="^http://m\.tiebaimg\.com/(?!timg\?(\S+)?src=http%3A%2F%2Fimgsrc.baidu.com%2Fforum%2Fpic%2Fitem%2F\w+)" />
+		<test url="http://m.tiebaimg.com/timg" />
+		<test url="http://m.tiebaimg.com/timg?wapp" />
+		<test url="http://m.tiebaimg.com/timg?wapp&amp;quality=80" />
+		<test url="http://m.tiebaimg.com/timg?wapp&amp;quality=80&amp;size=b150_150" />
+		<test url="http://m.tiebaimg.com/timg?wapp&amp;quality=80&amp;size=b150_150&amp;subsize=20480" />
+	<rule from="^http://m\.tiebaimg\.com/timg\?(\S+)?src=http%3A%2F%2Fimgsrc.baidu.com%2Fforum%2Fpic%2Fitem%2F(\w+)"
+		to="https://imgsrc.baidu.com/forum/pic/item/$2" />
+		<test url="http://m.tiebaimg.com/timg?src=http%3A%2F%2Fimgsrc.baidu.com%2Fforum%2Fpic%2Fitem%2Fcdbf6c81800a19d86b057b6638fa828ba61e464b.jpg" />
+		<test url="http://m.tiebaimg.com/timg?quality=80&amp;size=b150_150&amp;subsize=20480&amp;cut_x=0&amp;cut_w=0&amp;cut_y=0&amp;cut_h=0&amp;sec=1369815402&amp;srctrace&amp;di=41deebab9305fb8fdfbe3879f0fe1a82&amp;wh_rate=null&amp;src=http%3A%2F%2Fimgsrc.baidu.com%2Fforum%2Fpic%2Fitem%2Fcdbf6c81800a19d86b057b6638fa828ba61e464b.jpg" />
+		<test url="http://m.tiebaimg.com/timg?wapp&amp;quality=80&amp;size=b150_150&amp;subsize=20480&amp;cut_x=0&amp;cut_w=0&amp;cut_y=0&amp;cut_h=0&amp;sec=1369815402&amp;srctrace&amp;di=41deebab9305fb8fdfbe3879f0fe1a82&amp;wh_rate=null&amp;src=http%3A%2F%2Fimgsrc.baidu.com%2Fforum%2Fpic%2Fitem%2Fcdbf6c81800a19d86b057b6638fa828ba61e464b.jpg" />
 
-	<rule from="^https?://(?:(?:developer|openapi)\.baidu|apps\d?\.bdimg)\.com/"
-		to="https://openapi.baidu.com/" />
+	<target host="static.tieba.baidu.com" />
+	<rule from="^http://static\.tieba\.baidu\.com/"
+		to="https://tieba.baidu.com/" />
+		<test url="http://static.tieba.baidu.com/tb/editor/images/client/image_emoticon25.png" />
 
-	<rule from="^http://passport\.baidu\.com/"
-		to="https://passport.baidu.com/" />
+	<!--	MCB:	-->
+	<target host="zhidao.baidu.com" />
+		<exclusion pattern="^http://zhidao\.baidu\.com/api/proxy" />
+		<exclusion pattern="^http://zhidao\.baidu\.com/s/" />
+		<exclusion pattern="^http://zhidao\.baidu\.com/zhima/" />
+		<exclusion pattern="^http://zhidao\.baidu\.com/zt/" />
+		<test url="http://zhidao.baidu.com/api/proxy" />
+		<test url="http://zhidao.baidu.com/api/proxy?url=/s/zhidaodata1.html" />
+		<test url="http://zhidao.baidu.com/s/8year/#home" />
+		<test url="http://zhidao.baidu.com/s/activity/index.html" />
+		<test url="http://zhidao.baidu.com/s/gglft/" />
+		<test url="http://zhidao.baidu.com/s/quality/" />
+		<test url="http://zhidao.baidu.com/zhima/" />
+		<test url="http://zhidao.baidu.com/s/zhidaodata1.html" />
+		<test url="http://zhidao.baidu.com/zt/ikapp/index.html" />
+		<test url="http://zhidao.baidu.com/zt/liulanqi/index.html" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Baidupcs.com.xml b/src/chrome/content/rules/Baidupcs.com.xml
new file mode 100644
index 000000000000..b1355c80d428
--- /dev/null
+++ b/src/chrome/content/rules/Baidupcs.com.xml
@@ -0,0 +1,16 @@
+<!--
+	Not exesit:
+		- ^
+-->
+
+<ruleset name="Baidupcs.com">
+
+	<target host="nbct01.baidupcs.com" />
+	<target host="nbct02.baidupcs.com" />
+	<target host="nj02all01.baidupcs.com" />
+	<target host="nj02all02.baidupcs.com" />
+	<target host="www.baidupcs.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bakabt.me.xml b/src/chrome/content/rules/Bakabt.me.xml
new file mode 100644
index 000000000000..eb8be69fabb6
--- /dev/null
+++ b/src/chrome/content/rules/Bakabt.me.xml
@@ -0,0 +1,11 @@
+<!--
+    Not covered:
+        wiki.bakabt.me
+-->
+<ruleset name="Bakabt.me">
+  <target host="bakabt.me" />
+  <target host="forums.bakabt.me" />
+  <target host="www.bakabt.me" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Baker-and-Taylor.xml b/src/chrome/content/rules/Baker-and-Taylor.xml
index 2a34ebc9ebac..49204177ce98 100644
--- a/src/chrome/content/rules/Baker-and-Taylor.xml
+++ b/src/chrome/content/rules/Baker-and-Taylor.xml
@@ -1,10 +1,19 @@
-<ruleset name="Baker &amp; Taylor (minimal)">
+<!--
+	Baker & Taylor
+
+-->
+<ruleset name="BTol.com (minimal)">
+
 	<target host="contentcafe2.btol.com" />
 	<target host="imagesa.btol.com" />
 	<target host="imagesb.btol.com" />
 	<target host="imagesc.btol.com" />
 
-	<securecookie host="^(contentcafe2|images[abc])\.btol\.com$" name=".+" />
 
-	<rule from="^http://(contentcafe2|images[abc])\.btol\.com/" to="https://$1.btol.com/" />
-</ruleset>
\ No newline at end of file
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bakerlab.org.xml b/src/chrome/content/rules/Bakerlab.org.xml
new file mode 100644
index 000000000000..fed47107b05c
--- /dev/null
+++ b/src/chrome/content/rules/Bakerlab.org.xml
@@ -0,0 +1,30 @@
+<!--
+	Timeout:
+		- (d)?ns[\d].bakerlab.org
+
+	Protocol error:
+		- gremlin.bakerlab.org
+
+	Invalid certificate:
+		- robetta.bakerlab.org
+		- rosettaserver.bakerlab.org
+-->
+<ruleset name="bakerlab.org">
+	<target host="bakerlab.org" />
+	<target host="www.bakerlab.org" />
+	<target host="boinc.bakerlab.org" />
+	<target host="gremlin2.bakerlab.org" />
+	<target host="mail.bakerlab.org" />
+	<target host="ralph.bakerlab.org" />
+	<target host="rt.bakerlab.org" />
+	<target host="srv0.bakerlab.org" />
+	<target host="srv1.bakerlab.org" />
+	<target host="srv2.bakerlab.org" />
+	<target host="srv3.bakerlab.org" />
+	<target host="srv4.bakerlab.org" />
+	<target host="srv5.bakerlab.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/BalaBit.com.xml b/src/chrome/content/rules/BalaBit.com.xml
index 9bb5d033b1fb..263d461fba44 100644
--- a/src/chrome/content/rules/BalaBit.com.xml
+++ b/src/chrome/content/rules/BalaBit.com.xml
@@ -1,25 +1,54 @@
 <!--
-	Problematic subdomains:
+	Other BalaBit rulesets:
 
-		- blog	(works; mismatched, CN: ssl2944.cloudflare.com)
+		- balabit.hu.xml
 
 
-	Fully covered subdomains:
+	These altnames don't exist:
 
-		- (www.)
-		- support
+		- www.pages.balabit.com
+
+
+	Insecure cookies are set for these hosts:
+
+		- pages.balabit.com
+		- support.balabit.com
+
+
+	Mixed content:
+
+		- Bug on www from link-page.info ᶜ
+
+	ᶜ Ruleset disabled by default <= missing certificate chain
 
 -->
-<ruleset name="BalaBit.com (partial)">
+<ruleset name="BalaBit.com">
 
 	<target host="balabit.com" />
-	<target host="*.balabit.com" />
+	<target host="blogs.balabit.com" />
+	<target host="*.blogs.balabit.com" />
+	<target host="career.balabit.com" />
+	<target host="my.balabit.com" />
+	<target host="pages.balabit.com" />
+	<target host="support.balabit.com" />
+	<target host="www.balabit.com" />
+
+		<test url="http://unsupervised.blogs.balabit.com/" />
+
+		<!--	Mixed bug:
+					-->
+		<!--test url="http://www.balabit.com/hu/" /-->
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^pages\.balabit\.com$" name="^RSMKTO1$" /-->
+	<!--securecookie host="^support\.balabit\.com$" name="^SWIFT_(?:client|sessionid40)$" /-->
 
-	<securecookie host="^support\.balabit\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(support\.|www\.)?balabit\.com/"
-		to="https://$1balabit.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Balaghah.net.xml b/src/chrome/content/rules/Balaghah.net.xml
new file mode 100644
index 000000000000..8aa399fcac36
--- /dev/null
+++ b/src/chrome/content/rules/Balaghah.net.xml
@@ -0,0 +1,13 @@
+<ruleset name="Balaghah.net">
+	<target host="balaghah.net" />
+	<target host="www.balaghah.net" />
+	<target host="arabic.balaghah.net" />
+	<target host="www.arabic.balaghah.net" />
+	<target host="farsi.balaghah.net" />
+	<target host="www.farsi.balaghah.net" />
+	<target host="mail.balaghah.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Balatarin.xml b/src/chrome/content/rules/Balatarin.xml
index 2ec6b72aa46e..ab8d7bf4188d 100644
--- a/src/chrome/content/rules/Balatarin.xml
+++ b/src/chrome/content/rules/Balatarin.xml
@@ -1,6 +1,10 @@
+<!--
+	^: Refused
+
+-->
 <ruleset name="Balatarin" platform="mixedcontent">
   <target host="balatarin.com" />
   <target host="www.balatarin.com" />
 
-  <rule from="^http://(?:www\.)?balatarin\.com/" to="https://balatarin.com/" />
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Baldershage.se.xml b/src/chrome/content/rules/Baldershage.se.xml
index 95fe35498875..fbeec94c6c3f 100644
--- a/src/chrome/content/rules/Baldershage.se.xml
+++ b/src/chrome/content/rules/Baldershage.se.xml
@@ -1,7 +1,12 @@
-<ruleset name="Baldershage.se" platform="mixedcontent">
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://baldershage.se/ (200) => https://baldershage.se/ (404)
+
+-->
+<ruleset name="Baldershage.se" platform="mixedcontent" default_off="failed ruleset test">
   <target host="www.baldershage.se" />
   <target host="baldershage.se" />
-  <rule from="^http://www\.baldershage\.se/" to="https://www.baldershage.se/"/>
-  <rule from="^http://baldershage\.se/" to="https://baldershage.se/"/>
+  <rule from="^http:" to="https:" />
 </ruleset>
 
diff --git a/src/chrome/content/rules/Balkan_Leaks.xml b/src/chrome/content/rules/Balkan_Leaks.xml
index 11f2660c02b5..22641a042587 100644
--- a/src/chrome/content/rules/Balkan_Leaks.xml
+++ b/src/chrome/content/rules/Balkan_Leaks.xml
@@ -1,4 +1,13 @@
-<ruleset name="Balkan Leaks">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.balkanleaks.eu/ => https://www.balkanleaks.eu/: (51, "SSL: no alternative certificate subject name matches target host name 'www.balkanleaks.eu'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://balkanleaks.eu/ => https://balkanleaks.eu/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.balkanleaks.eu/ => https://www.balkanleaks.eu/: (60, 'SSL certificate problem: certificate has expired')
+-->
+<ruleset name="Balkan Leaks" default_off="failed ruleset test">
 
 	<target host="balkanleaks.eu" />
 	<target host="www.balkanleaks.eu" />
@@ -7,7 +16,6 @@
 	<securecookie host="^www\.balkanleaks\.eu$" name=".+" />
 
 
-	<rule from="^http://(www\.)?balkanleaks\.eu/"
-		to="https://$1balkanleaks.eu/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Balkongshoppen.se.xml b/src/chrome/content/rules/Balkongshoppen.se.xml
index ff271067490a..ed0e7676262e 100644
--- a/src/chrome/content/rules/Balkongshoppen.se.xml
+++ b/src/chrome/content/rules/Balkongshoppen.se.xml
@@ -1,7 +1,6 @@
 <ruleset name="Balkongshoppen.se">
   <target host="www.balkongshoppen.se" />
   <target host="balkongshoppen.se" />
-  <rule from="^http://www\.balkongshoppen\.se/" to="https://www.balkongshoppen.se/"/>
-  <rule from="^http://balkongshoppen\.se/" to="https://balkongshoppen.se/"/>
+  <rule from="^http:" to="https:" />
 </ruleset>
 
diff --git a/src/chrome/content/rules/Ballerup.dk.xml b/src/chrome/content/rules/Ballerup.dk.xml
new file mode 100644
index 000000000000..1a3c7b4d1b86
--- /dev/null
+++ b/src/chrome/content/rules/Ballerup.dk.xml
@@ -0,0 +1,11 @@
+<ruleset name="Ballerup.dk">
+
+	<target host="ballerup.dk" />
+	<target host="www.ballerup.dk" />
+
+	<securecookie host="^www\.ballerup\.dk$" name=".+" />
+
+	<rule from="^http://(www\.)?ballerup\.dk/"
+		to="https://www.ballerup.dk/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ballicom.xml b/src/chrome/content/rules/Ballicom.xml
index 0005ddcd5ef3..979e07a74f3c 100644
--- a/src/chrome/content/rules/Ballicom.xml
+++ b/src/chrome/content/rules/Ballicom.xml
@@ -7,7 +7,6 @@
 	<securecookie host="^www\.ballicom\.co\.uk$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?ballicom\.co\.uk/"
-		to="https://www.ballicom.co.uk/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/BallotReady.xml b/src/chrome/content/rules/BallotReady.xml
new file mode 100644
index 000000000000..66460ed87a26
--- /dev/null
+++ b/src/chrome/content/rules/BallotReady.xml
@@ -0,0 +1,20 @@
+<!--
+
+	Problematic domains:
+
+	- ^ballotready.org	(time out)
+
+-->
+<ruleset name="BallotReady">
+
+	<target host="ballotready.org" />
+	<target host="www.ballotready.org" />
+	<target host="blog.ballotready.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://ballotready\.org/"
+		to="https://www.ballotready.org/" />
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ballot_Measure_Domains.xml b/src/chrome/content/rules/Ballot_Measure_Domains.xml
index 6fd301c6313d..771ac1f395d3 100644
--- a/src/chrome/content/rules/Ballot_Measure_Domains.xml
+++ b/src/chrome/content/rules/Ballot_Measure_Domains.xml
@@ -1,4 +1,14 @@
-<ruleset name="Ballot Measure Domains">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ballotmeasuredomains.com/ => https://ballotmeasuredomains.com/: (28, 'Connection timed out after 20011 milliseconds')
+Fetch error: http://www.ballotmeasuredomains.com/ => https://www.ballotmeasuredomains.com/: (28, 'Connection timed out after 20006 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://ballotmeasuredomains.com/ => https://ballotmeasuredomains.com/: (28, 'Connection timed out after 10001 milliseconds')
+Fetch error: http://www.ballotmeasuredomains.com/ => https://www.ballotmeasuredomains.com/: (28, 'Connection timed out after 10000 milliseconds')
+-->
+<ruleset name="Ballot Measure Domains" default_off="failed ruleset test">
 
 	<target host="ballotmeasuredomains.com" />
 	<target host="www.ballotmeasuredomains.com" />
@@ -7,7 +17,6 @@
 	<securecookie host="^(?:www\.)?ballotmeasuredomains\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?ballotmeasuredomains\.com/"
-		to="https://$1ballotmeasuredomains.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Ballou.xml b/src/chrome/content/rules/Ballou.xml
index f6496b4a6393..c90c652c6eeb 100644
--- a/src/chrome/content/rules/Ballou.xml
+++ b/src/chrome/content/rules/Ballou.xml
@@ -32,16 +32,23 @@
 <ruleset name="Ballou (partial)">
 
 	<target host="ballou.se" />
-	<target host="*.ballou.se" />
+	<target host="autodiscover.ballou.se" />
+	<target host="mail.ballou.se" />
+	<target host="mailadministration.ballou.se" />
+	<target host="minasidor.ballou.se" />
+	<target host="websally.ballou.se" />
+	<target host="wiki.ballou.se" />
+	<target host="www.ballou.se" />
+	<target host="registrar.ballou.se" />
+	<target host="support.ballou.se" />
 
 
 	<securecookie host="^(?:mail|mailadministration|minasidor|www)\.ballou\.se$" name=".+" />
 
 
-	<rule from="^http://((?:autodiscover|mail|mailadministration|minasidor|websally|wiki|www)\.)?ballou\.se/"
-		to="https://$1ballou.se/" />
 
 	<rule from="^http://(?:registrar|support)\.ballou\.se/"
 		to="https://minasidor.ballou.se/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Bamsoftware.com.xml b/src/chrome/content/rules/Bamsoftware.com.xml
new file mode 100644
index 000000000000..a508055857f3
--- /dev/null
+++ b/src/chrome/content/rules/Bamsoftware.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="Bamsoftware.com">
+
+	<target host="bamsoftware.com" />
+	<target host="www.bamsoftware.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bananian.org.xml b/src/chrome/content/rules/Bananian.org.xml
new file mode 100644
index 000000000000..059f654ce4fa
--- /dev/null
+++ b/src/chrome/content/rules/Bananian.org.xml
@@ -0,0 +1,12 @@
+<ruleset name="Bananian.org">
+    <target host="bananian.org" />
+    <target host="dev.bananian.org" />
+    <target host="dl.bananian.org" />
+    <target host="webmail.bananian.org" />
+    <target host="www.bananian.org" />
+
+    <securecookie host="^(dev\.|webmail\.|www\.)?bananian\.org" name=".+" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Banca-Intesa-Beograd.xml b/src/chrome/content/rules/Banca-Intesa-Beograd.xml
new file mode 100644
index 000000000000..a85a38261dcd
--- /dev/null
+++ b/src/chrome/content/rules/Banca-Intesa-Beograd.xml
@@ -0,0 +1,17 @@
+<!--
+	Invalid certificate:
+		bancaintesa.rs
+		meet.bancaintesa.rs
+
+	Redirect to HTTP:
+		www.bancaintesa.rs
+-->
+<ruleset name="Banca Intesa Beograd">
+
+	<target host="online.bancaintesa.rs" />
+	<target host="secure.bancaintesa.rs" />
+	<target host="with.bancaintesa.rs" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bancomer.com.xml b/src/chrome/content/rules/Bancomer.com.xml
new file mode 100644
index 000000000000..0faddd48ef8f
--- /dev/null
+++ b/src/chrome/content/rules/Bancomer.com.xml
@@ -0,0 +1,13 @@
+<!--
+	Mismatch:
+		imagen.bancomer.com
+-->
+<ruleset name="Bancomer.com">
+	<target host="bancomer.com" />
+	<target host="www.bancomer.com" />
+	<target host="bancadigital.bancomer.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Bancopastor.es.xml b/src/chrome/content/rules/Bancopastor.es.xml
new file mode 100644
index 000000000000..42be61f4c333
--- /dev/null
+++ b/src/chrome/content/rules/Bancopastor.es.xml
@@ -0,0 +1,18 @@
+<!--
+	Ruleset for bancopastor.es, Spanish bank.
+	See <https://en.wikipedia.org/wiki/Banco_Pastor>.
+
+	Not supporting HTTPS or using an invalid certificate:
+		* bancopastor.es
+		* corporativa.bancopastor.es (timeout)
+		* www.bancopastor.es
+-->
+<ruleset name="BancoPastor.es">
+
+	<target host="stats.bancopastor.es" />
+	<target host="www2.bancopastor.es" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bandcamp.xml b/src/chrome/content/rules/Bandcamp.xml
index f65afc5f4383..862f031afe0b 100644
--- a/src/chrome/content/rules/Bandcamp.xml
+++ b/src/chrome/content/rules/Bandcamp.xml
@@ -1,50 +1,35 @@
 <!--
-	For artists, see Bandcamp-artists.xml.
+	Wildcard DNS and certificate.
 
-	blog.bandcamp.com is handled in WordPress-blogs.xml.
-
-
-	Problematic domains:
-
-		- blog.bandcamp.com	(wordpress)
-		- (www.)bandcamp.mu	(mismatched, CN: *.bandcamp.com)
-
-
-	Fully covered domains:
-
-		- bandcamp.com subdomains:
-
-			- (www.)
-			- f
-			- s
-			- *	(per-artist subdomains)
-
-		- (www.)bandcamp.mu	(→ (www.)bandcamp.com)
-
-		- f0.bcbits.com
-		- s0.bcbits.com
+	Invalid certificate:
+		bandcamp.mu
+		*.bandcamp.mu
 
 -->
 <ruleset name="Bandcamp">
 
 	<target host="bandcamp.com" />
 	<target host="*.bandcamp.com" />
-		<exclusion pattern="^http://blog\." />
+		<test url="http://testurl1.bandcamp.com/" />
+		<test url="http://testurl2.bandcamp.com/" />
+		<test url="http://testurl3.bandcamp.com/" />
+		<test url="http://testurl4.bandcamp.com/" />
+
 	<target host="bandcamp.mu" />
 	<target host="www.bandcamp.mu" />
-	<target host="*.bcbits.com" />
 
+	<target host="*.bcbits.com" />
+		<test url="http://s1.bcbits.com/img/bc_favicon.ico" />
+		<test url="http://s4.bcbits.com/img/bc_favicon.ico" />
+		<test url="http://f1.bcbits.com/img/0010600821_0" />
+		<test url="http://f4.bcbits.com/img/0010600821_0" />
 
 	<securecookie host="^\.bandcamp\.com$" name=".+" />
 
-
-	<rule from="^http://([\w-]+\.)?bandcamp\.com/"
-		to="https://$1bandcamp.com/" />
-
 	<rule from="^http://(www\.)?bandcamp\.mu/"
-		to="https://$1bandcamp.com/" />
+		to="https://bandcamp.com/" />
 
-	<rule from="^http://(f|s)0\.bcbits\.com/"
-		to="https://$10.bcbits.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset> 
+</ruleset>
diff --git a/src/chrome/content/rules/Bandinelli.net.xml b/src/chrome/content/rules/Bandinelli.net.xml
new file mode 100644
index 000000000000..a2d0c963da6e
--- /dev/null
+++ b/src/chrome/content/rules/Bandinelli.net.xml
@@ -0,0 +1,28 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://bandinelli.net/ => https://bandinelli.net/: (51, "SSL: no alternative certificate subject name matches target host name 'bandinelli.net'")
+Fetch error: http://www.bandinelli.net/ => https://www.bandinelli.net/: (51, "SSL: no alternative certificate subject name matches target host name 'www.bandinelli.net'")
+
+	Mixed content:
+
+		- Bug on (www.)?, pa from piwik.bandinelli.net *
+
+	* Secured by us
+
+-->
+<ruleset name="Bandinelli.net" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="bandinelli.net" />
+	<target host="blog.bandinelli.net" />
+	<target host="pa.bandinelli.net" />
+	<target host="piwik.bandinelli.net" />
+	<target host="www.bandinelli.net" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bandisoft.xml b/src/chrome/content/rules/Bandisoft.xml
new file mode 100644
index 000000000000..685303b4fb7b
--- /dev/null
+++ b/src/chrome/content/rules/Bandisoft.xml
@@ -0,0 +1,26 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://static.bandisoft.com/ => https://static.bandisoft.com/: (6, 'Could not resolve host: static.bandisoft.com')
+Fetch error: http://bandisoft-dl.bandicam.cn/ => https://bandisoft-dl.bandicam.cn/: (51, "SSL: no alternative certificate subject name matches target host name 'bandisoft-dl.bandicam.cn'")
+	Mismatch:
+	- blog.
+-->
+
+<ruleset name="Bandisoft" default_off="failed ruleset test">
+
+	<target host="bandisoft.com" />
+	<target host="dl.bandisoft.com" />
+	<target host="forum.bandisoft.com" />
+	<target host="ssl.bandisoft.com" />
+	<target host="static.bandisoft.com" />
+	<target host="www.bandisoft.com" />
+
+	<target host="bandicam.cn" />
+	<target host="bandisoft-dl.bandicam.cn" />
+
+	<securecookie host="^\w" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Banggood.com.xml b/src/chrome/content/rules/Banggood.com.xml
new file mode 100644
index 000000000000..ec6abe9ebe2e
--- /dev/null
+++ b/src/chrome/content/rules/Banggood.com.xml
@@ -0,0 +1,58 @@
+<!--
+	Non-functional subdomains:
+
+		- banggood.com
+			- contest	(t)
+			- enews		(SSL connection error)
+			- info		(m)
+			- mailserver	(r)
+			- news	(m)
+			- survey	(m)
+
+		- banggood.cn	(r)
+			- mail		(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Banggood.com">
+
+	<target host="banggood.com" />
+	<target host="www.banggood.com" />
+	<target host="api.banggood.com" />
+	<target host="ar.banggood.com" />
+	<target host="blog.banggood.com" />
+	<target host="ccnew.banggood.com" />
+	<target host="checkout.banggood.com" />
+	<target host="deals.banggood.com" />
+	<target host="dealsbeta.banggood.com" />
+	<target host="eu.banggood.com" />
+	<target host="files.banggood.com" />
+	<target host="forum.banggood.com" />
+	<target host="help.banggood.com" />
+	<target host="www.help.banggood.com" />
+	<target host="img.banggood.com" />
+	<target host="imgmgr.banggood.com" />
+	<target host="m.banggood.com" />
+	<target host="mbeta.banggood.com" />
+	<target host="mpre.banggood.com" />
+	<target host="myos.banggood.com" />
+	<target host="new.banggood.com" />
+	<target host="newbg.banggood.com" />
+	<target host="newbg2.banggood.com" />
+	<target host="os.banggood.com" />
+	<target host="pwa.banggood.com" />
+	<target host="rec.banggood.com" />
+	<target host="social.banggood.com" />
+	<target host="us.banggood.com" />
+
+	<target host="img.staticbg.com" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Bangor-University-self-signed.xml b/src/chrome/content/rules/Bangor-University-self-signed.xml
index c20dec341e5d..03d650dfd1cc 100644
--- a/src/chrome/content/rules/Bangor-University-self-signed.xml
+++ b/src/chrome/content/rules/Bangor-University-self-signed.xml
@@ -8,7 +8,6 @@
 
 
 	<!--	!www doesn't exist.	-->
-	<rule from="^http://www\.undeb\.bangor\.ac\.uk/"
-		to="https://www.undeb.bangor.ac.uk/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Bangor-University.xml b/src/chrome/content/rules/Bangor-University.xml
index 28d466ccb71b..3669157bff32 100644
--- a/src/chrome/content/rules/Bangor-University.xml
+++ b/src/chrome/content/rules/Bangor-University.xml
@@ -21,6 +21,13 @@
 			- repository
 			- studyskills		(cert: www.bangor.ac.uk; shows www's data)
 
+    Connection Refused
+      - bangorportal.bangor
+      - forum
+      - inside
+      - intranet
+      - webmail
+
 		- (www.)edeandravenscroft.co.uk	(ssl_error_rx_record_too_long)
 		- (www.)www.pontio.co.uk	(cert: www.bangor.ac.uk; shows that domain's data)
 
@@ -32,21 +39,19 @@
 <ruleset name="Bangor University (partial)">
 
 	<target host="bangor.ac.uk" />
-	<target host="*.bangor.ac.uk" />
-
-
-		<!--	Don't handle ^www cookies, just in case they're used on unsecureable pages.
-				All webmail cookies appear to be cross-domain.	-->
-		<securecookie host="^[^w]\w+\.bangor\.ac\.uk$" name=".*" />
+	<target host="www.bangor.ac.uk" />
+	<target host="blackboard.bangor.ac.uk" />
 
+  <!--	Don't handle ^www cookies, just in case they're used on unsecureable pages.
+      All webmail cookies appear to be cross-domain.	-->
+  <securecookie host="^[^w]\w+\.bangor\.ac\.uk$" name=".+" />
 
 	<!--	- NB: Data differ between http & https
 		- Cert only matches www
 				-->
-	<rule from="^https?://(?:www\.)?bangor\.ac\.uk/itservices/user($|/)"
-		to="https://www.bangor.ac.uk/itservices/user$1" />
-
-	<rule from="^http://(bangorportal|blackboard|forum|inside|intranet|webmail)\.bangor\.ac\.uk/"
-		to="https://$1.bangor.ac.uk/" />
+	<rule from="^http://(?:www\.)?bangor\.ac\.uk/"
+		to="https://www.bangor.ac.uk/" />
+    <test url="http://www.bangor.ac.uk/international/about.php.en" />
 
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/BangorDailyNews.com.xml b/src/chrome/content/rules/BangorDailyNews.com.xml
new file mode 100644
index 000000000000..96ff6aa7f047
--- /dev/null
+++ b/src/chrome/content/rules/BangorDailyNews.com.xml
@@ -0,0 +1,16 @@
+<!--
+	Secure connection failed:
+		jobs.bangordailynews.com
+
+-->
+<ruleset name="BangorDailyNews.com">
+
+	<target host="bangordailynews.com" />
+	<target host="www.bangordailynews.com" />
+	<target host="chrisbusby.bangordailynews.com" />
+	<target host="classifieds.bangordailynews.com" />
+	<target host="static.bangordailynews.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bangor_Daily_News.xml b/src/chrome/content/rules/Bangor_Daily_News.xml
deleted file mode 100644
index 6848c6b622af..000000000000
--- a/src/chrome/content/rules/Bangor_Daily_News.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	Problematic subdomains:
-
-		- static	(404, CN: gp1.wac.edgecastcdn.net)
-
-
-	NB: Some blogs' homepages, which have unique subdomains, 404 when fetched via https.
-
--->
-<ruleset name="Bangor Daily News (partial)">
-
-	<target host="bangordailynews.com" />
-	<target host="*.bangordailynews.com" />
-	<target host="bdnpull.bangorpublishing.netdna-cdn.com" />
-
-
-	<rule from="^http://(chrisbusby\.|www\.)?bangordailynews\.com/"
-		to="https://$1bangordailynews.com/" />
-
-	<rule from="^https?://(?:static\.bangordailynews|bdnpull\.bangorpublishing\.netdna-cdn)\.com/"
-		to="https://bangordailynews.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/BankID.no.xml b/src/chrome/content/rules/BankID.no.xml
index 0de3d31ddf93..fbc7f7097bfd 100644
--- a/src/chrome/content/rules/BankID.no.xml
+++ b/src/chrome/content/rules/BankID.no.xml
@@ -14,7 +14,6 @@
 	<!--	^ redirects to www over http,
 		so copy that behavior:
 					-->
-	<rule from="^http://(?:www\.)?bankid\.no/"
-		to="https://www.bankid.no/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Bank_of_America.com.xml b/src/chrome/content/rules/Bank_of_America.com.xml
new file mode 100644
index 000000000000..914681f038f9
--- /dev/null
+++ b/src/chrome/content/rules/Bank_of_America.com.xml
@@ -0,0 +1,72 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+			 - foreclosures.bankofamerica.com
+
+		Timeout was reached:
+			 - staticweb.bankofamerica.com
+
+		SSL connect error:
+			 - careers.bankofamerica.com
+			 - militarytransition.bankofamerica.com
+
+		SSL peer certificate was not OK:
+			 - communityvolunteers.bankofamerica.com
+			 - healthaccounts.bankofamerica.com
+			 - infocenter.bankofamerica.com
+			 - learn.bankofamerica.com
+			 - mynewcard.bankofamerica.com
+			 - social.bankofamerica.com
+			 - wealthmanagement.bankofamerica.com
+			 - webmedia.bankofamerica.com
+
+		4xx client error:
+			 - mynewcard2.bankofamerica.com
+			 - personalize.bankofamerica.com
+
+		Secure connection redirects to plaintext:
+			 - about.bankofamerica.com
+			 - promo.bankofamerica.com
+
+		Mixed content blocking (MCB) tiggered:
+			 - homeloanhelp.bankofamerica.com
+-->
+<ruleset name="Bank of America.com (partial)">
+	<target host="bankofamerica.com" />
+	<target host="www.bankofamerica.com" />
+	<target host="autodealer.bankofamerica.com" />
+	<target host="baml.bankofamerica.com" />
+	<target host="benefitsolutions.bankofamerica.com" />
+	<target host="bettermoneyhabits.bankofamerica.com" />
+	<target host="campus.bankofamerica.com" />
+	<target host="cashproonline.bankofamerica.com" />
+	<target host="checks.bankofamerica.com" />
+	<target host="corp.bankofamerica.com" />
+	<target host="dealer-network.bankofamerica.com" />
+	<target host="downpaymentcenter.bankofamerica.com" />
+	<target host="preferences.em.bankofamerica.com" />
+		<test url="http://preferences.em.bankofamerica.com/prefs/emailoptout.aspx" />
+	<target host="epassauth.bankofamerica.com" />
+	<target host="es-locators.bankofamerica.com" />
+	<target host="info.bankofamerica.com" />
+	<target host="loans.bankofamerica.com" />
+	<target host="locators.bankofamerica.com" />
+	<target host="www.managerewardsonline.bankofamerica.com" />
+	<target host="merch.bankofamerica.com" />
+	<target host="merchant.bankofamerica.com" />
+	<target host="message.bankofamerica.com" />
+	<target host="practiceheartbeat.bankofamerica.com" />
+	<target host="www.practiceheartbeat.bankofamerica.com" />
+	<target host="prepaid.bankofamerica.com" />
+	<target host="promotions.bankofamerica.com" />
+	<target host="realestatecenter.bankofamerica.com" />
+	<target host="red.bankofamerica.com" />
+	<target host="rvdealer.bankofamerica.com" />
+	<target host="secure.bankofamerica.com" />
+	<target host="services.secure.bankofamerica.com" />
+	<target host="winsso-prd.sm.bankofamerica.com" />
+	<target host="smallbusinessonlinecommunity.bankofamerica.com" />
+	<target host="ustrust.bankofamerica.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Bank_of_England.co.uk.xml b/src/chrome/content/rules/Bank_of_England.co.uk.xml
new file mode 100644
index 000000000000..f3c8c9ba9756
--- /dev/null
+++ b/src/chrome/content/rules/Bank_of_England.co.uk.xml
@@ -0,0 +1,13 @@
+<!--
+	(www.)?bankofengland.co.uk: Dropped
+
+-->
+<ruleset name="Bank of England.co.uk (partial)">
+
+	<target host="keys.bankofengland.co.uk" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Banki.ru.xml b/src/chrome/content/rules/Banki.ru.xml
new file mode 100644
index 000000000000..bd2a624d4cd3
--- /dev/null
+++ b/src/chrome/content/rules/Banki.ru.xml
@@ -0,0 +1,14 @@
+<!--
+	Banki.ru
+
+	finparty.prod. mismatch
+-->
+<ruleset name="Banki.ru">
+	<target host="banki.ru" />
+	<target host="www.banki.ru" />
+	<target host="terminal.banki.ru" />
+	<target host="card2card.banki.ru" />
+	<target host="static1.banki.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Banking.co.at.xml b/src/chrome/content/rules/Banking.co.at.xml
new file mode 100644
index 000000000000..2afc4a94e0f4
--- /dev/null
+++ b/src/chrome/content/rules/Banking.co.at.xml
@@ -0,0 +1,11 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://banking.co.at/ => https://banking.co.at/: (6, 'Could not resolve host: banking.co.at')
+
+-->
+<ruleset name="Banking.co.at" default_off="failed ruleset test">
+	<target host="banking.co.at" />
+	<target host="www.banking.co.at" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Bankinter.com.xml b/src/chrome/content/rules/Bankinter.com.xml
new file mode 100644
index 000000000000..232fe9039c40
--- /dev/null
+++ b/src/chrome/content/rules/Bankinter.com.xml
@@ -0,0 +1,42 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.gneis.bankinter.com/ => https://www.gneis.bankinter.com/: (7, 'Failed to connect to www.gneis.bankinter.com port 443: Connection timed out')
+
+	Ruleset for bankinter.com, Spanish bank.
+	See <https://en.wikipedia.org/wiki/Bankinter>.
+
+	Not supporting HTTPS or using an invalid certificate:
+
+		* bankinter.com
+
+		* bankinter.bankinter.com
+		* bcavirtual.bankinter.com
+		* labs.bankinter.com
+		* mail.bankinter.com
+		* portal.bankinter.com
+		* stats.bankinter.com
+		* transicion.bankinter.com
+		* validator.bankinter.com
+		* www.masterclassoceanosazules.bankinter.com
+-->
+<ruleset name="Bankinter.com" default_off="failed ruleset test">
+
+	<target host="bancaonline.bankinter.com" />
+	<target host="blog.bankinter.com" />
+	<target host="broker.bankinter.com" />
+	<target host="docs.bankinter.com" />
+	<target host="empresas.bankinter.com" />
+	<target host="foroaccionistas.bankinter.com" />
+	<target host="inmuebles.bankinter.com" />
+	<target host="marca.bankinter.com" />
+	<target host="saladecomunicacion.bankinter.com" />
+	<target host="track.bankinter.com" />
+	<target host="webcorporativa.bankinter.com" />
+	<target host="www.bankinter.com" />
+	<target host="www.gneis.bankinter.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BankofAmerica.xml b/src/chrome/content/rules/BankofAmerica.xml
deleted file mode 100644
index 45dbfbf81b90..000000000000
--- a/src/chrome/content/rules/BankofAmerica.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<!-- Thanks to ForceTLS -->
-<ruleset name="BofA (buggy)" default_off="breaks some URLs">
-  <target host="www.bankofamerica.com" />
-  <target host="bankofamerica.com" />
-
-  <rule from="^http://(?:www\.)?bankofamerica\.com/" to="https://www.bankofamerica.com/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/Bankrate.com.xml b/src/chrome/content/rules/Bankrate.com.xml
index b7bd4f394952..fc76ebec1bff 100644
--- a/src/chrome/content/rules/Bankrate.com.xml
+++ b/src/chrome/content/rules/Bankrate.com.xml
@@ -1,9 +1,19 @@
-<ruleset name="bankrate.com">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://bankrate.com/ => https://origin.bankrate.com/: Too many redirects while fetching 'https://origin.bankrate.com/'
+Fetch error: http://www.bankrate.com/ => https://origin.bankrate.com/: Too many redirects while fetching 'https://origin.bankrate.com/'
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://bankrate.com/ => https://origin.bankrate.com/: Cycle detected - URL already encountered: https://origin.bankrate.com/
+Fetch error: http://www.bankrate.com/ => https://origin.bankrate.com/: Cycle detected - URL already encountered: https://origin.bankrate.com/
+-->
+<ruleset name="bankrate.com" default_off="failed ruleset test">
 
 	<target host="bankrate.com"/>
 	<target host="www.bankrate.com"/>
 
-	<securecookie host="^(.*\.)?bankrate\.com$" name=".*"/>
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http://(?:www\.)?bankrate\.com/"
 		to="https://origin.bankrate.com/"/>
diff --git a/src/chrome/content/rules/BannerSnack.com.xml b/src/chrome/content/rules/BannerSnack.com.xml
index 4e46d03d7a17..6d6738b83d49 100644
--- a/src/chrome/content/rules/BannerSnack.com.xml
+++ b/src/chrome/content/rules/BannerSnack.com.xml
@@ -1,39 +1,16 @@
 <!--
 	For other SnackTools coverage, see SnackTools.com.xml.
 
-
-	CDN buckets:
-
-		- files.bannersnack.com.s3.amazonaws.com
-
-			- files
-
-
-	Fully covered subdomains:
-
-		- (www.)
-
-
-	Mixed content:
-
-		- Ad on www from www.googleadservices.com *
-
-	* Secured by us
+	Non-functional hosts:
+		Mismatched:
+		- files.bannersnack.com
 
 -->
 <ruleset name="BannerSnack.com">
-
 	<target host="bannersnack.com" />
-	<target host="*.bannersnack.com" />
-
-
-	<securecookie host="^(?:www\.)?bannersnack\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?bannersnack\.com/"
-		to="https://$1bannersnack.com/" />
+	<target host="www.bannersnack.com" />
 
-	<rule from="^http://files\.bannersnack\.com/"
-		to="https://s3.amazonaws.com/files.bannersnack.com/" />
+	<securecookie host=".+" name=".+" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Banque_CIC.xml b/src/chrome/content/rules/Banque_CIC.xml
index 19de91b2bb03..94954d0bdbfe 100644
--- a/src/chrome/content/rules/Banque_CIC.xml
+++ b/src/chrome/content/rules/Banque_CIC.xml
@@ -2,9 +2,9 @@
     <target host="cic.fr" />
     <target host="*.cic.fr" />
 
-    <securecookie host="^(.*\.)?cic\.fr$" name=".+" />
+    <securecookie host=".+" name=".+"/>
 
-    <rule from="^https?://cic\.fr/"
+    <rule from="^http://cic\.fr/"
         to="https://www.cic.fr/"/>
     <rule from="^http://([^/:@]+)?\.cic\.fr/"
         to="https://$1.cic.fr/" />
diff --git a/src/chrome/content/rules/Banque_CIC_Suisse.xml b/src/chrome/content/rules/Banque_CIC_Suisse.xml
index f527a60df13c..184729d33b3b 100644
--- a/src/chrome/content/rules/Banque_CIC_Suisse.xml
+++ b/src/chrome/content/rules/Banque_CIC_Suisse.xml
@@ -1,11 +1,10 @@
 <ruleset name="Banque CIC (Suisse)">
-    <target host="cic.ch" />
-    <target host="*.cic.ch" />
+	<target host="cic.ch" />
+	<target host="ebanking.cic.ch" />
+	<target host="www.cic.ch" />
 
-    <securecookie host="^(.*\.)?cic\.ch$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
-    <rule from="^https?://cic\.ch/"
-        to="https://www.cic.ch/"/>
-    <rule from="^http://([^/:@]+)?\.cic\.ch/"
-        to="https://$1.cic.ch/" />
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Banque_Cantonale_Vaudoise.xml b/src/chrome/content/rules/Banque_Cantonale_Vaudoise.xml
deleted file mode 100644
index 164dcacd2f9d..000000000000
--- a/src/chrome/content/rules/Banque_Cantonale_Vaudoise.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<ruleset name="Banque Cantonale Vaudoise">
-    <target host="bcv.ch" />
-    <target host="*.bcv.ch" />
-
-    <securecookie host="^(.*\.)?bcv\.ch$" name=".+" />
-
-    <rule from="^https?://bcv\.ch/"
-        to="https://www.bcv.ch/"/>
-    <rule from="^http://([^/:@]+)?\.bcv\.ch/"
-        to="https://$1.bcv.ch/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Banque_Cantonale_de_Geneve.xml b/src/chrome/content/rules/Banque_Cantonale_de_Geneve.xml
deleted file mode 100644
index ccab8936c75c..000000000000
--- a/src/chrome/content/rules/Banque_Cantonale_de_Geneve.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<ruleset name="Banque Cantonale de Genève (BCGE)">
-    <target host="bcge.ch" />
-    <target host="*.bcge.ch" />
-
-    <securecookie host="^(.*\.)?bcge\.ch$" name=".+" />
-
-    <rule from="^https?://bcge\.ch/"
-        to="https://www.bcge.ch/"/>
-    <rule from="^http://([^/:@]+)?\.bcge\.ch/"
-        to="https://$1.bcge.ch/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Banque_Cantonale_du_Jura.xml b/src/chrome/content/rules/Banque_Cantonale_du_Jura.xml
deleted file mode 100644
index a39171e4bb35..000000000000
--- a/src/chrome/content/rules/Banque_Cantonale_du_Jura.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<ruleset name="Banque Cantonale du Jura (BCJ)">
-    <target host="bcj.ch" />
-    <target host="*.bcj.ch" />
-
-    <securecookie host="^(.*\.)?bcj\.ch$" name=".+" />
-
-    <rule from="^https?://bcj\.ch/"
-        to="https://www.bcj.ch/"/>
-    <rule from="^http://([^/:@]+)?\.bcj\.ch/"
-        to="https://$1.bcj.ch/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Banque_Cantonale_du_Valais.xml b/src/chrome/content/rules/Banque_Cantonale_du_Valais.xml
index 6c92b0902d87..316a6f7355b5 100644
--- a/src/chrome/content/rules/Banque_Cantonale_du_Valais.xml
+++ b/src/chrome/content/rules/Banque_Cantonale_du_Valais.xml
@@ -1,17 +1,35 @@
+<!--
+	Mismatching certificate:
+		- wkb.ch
+		- mybcvs.ch
+		- www.mybcvs.ch
+
+	Handshake failure:
+		- mobileapp.bcvs.ch
+-->
 <ruleset name="Banque Cantonale du Valais">
-    <target host="bcvs.ch" />
-    <target host="*.bcvs.ch" />
-    <target host="mybcvs.ch" />
-    <target host="*.mybcvs.ch" />
+	<target host="bcvs.ch" />
+	<target host="www.bcvs.ch" />
+	<target host="art.bcvs.ch" />
+	<target host="e-banking-a.bcvs.ch" />
+	<target host="e-banking.bcvs.ch" />
+	<target host="mobile.bcvs.ch" />
+	<target host="www.art.bcvs.ch" />
+
+	<target host="mybcvs.ch" />
+	<target host="www.mybcvs.ch" />
+
+	<target host="wkb.ch" />
+	<target host="www.wkb.ch" />
+	<target host="mobile.wkb.ch" />
 
-    <securecookie host="^(.*\.)?bcvs\.ch$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
-    <rule from="^https?://bcvs\.ch/"
-        to="https://www.bcvs.ch/"/>
-    <rule from="^http://([^/:@]+)?\.bcvs\.ch/"
-        to="https://$1.bcvs.ch/" />
-    <rule from="^https?://mybcvs\.ch/"
-        to="https://www.mybcvs.ch/"/>
-    <rule from="^http://([^/:@]+)?\.mybcvs\.ch/"
-        to="https://$1.mybcvs.ch/" />
+	<!-- All sites redirect to the same page -->
+	<rule from="^http://(www\.)?mybcvs\.ch/.*"
+		to="https://www.bcvs.ch/fr/clientele-privee/concours.html"/>
+	<rule from="^http://wkb\.ch/"
+		to="https://www.wkb.ch/"/>
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Banu.com.xml b/src/chrome/content/rules/Banu.com.xml
index 3d4d41f22aba..a5bac6d35b91 100644
--- a/src/chrome/content/rules/Banu.com.xml
+++ b/src/chrome/content/rules/Banu.com.xml
@@ -1,4 +1,6 @@
 <!--
+Automatically by https-everywhere-checker because:
+Fetch error: http://banu.com/ => https://banu.com/: (28, 'Connection timed out after 10000 milliseconds')
 	Banu Systems Private Limited
 
 
@@ -27,13 +29,17 @@
 <ruleset name="Banu.com">
 
 	<target host="banu.com" />
-	<target host="*.banu.com" />
+	<target host="bugzilla.banu.com" />
+	<target host="git.banu.com" />
+	<target host="mail.banu.com" />
+	<target host="staff.banu.com" />
+	<target host="wiki.banu.com" />
+	<target host="www.banu.com" />
 
 
-	<securecookie host="^(?:.*\.)?banu\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://((?:bugzilla|git|mail|staff|wiki|www)\.)?banu\.com/"
-		to="https://$1banu.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Banyen-Books-and-Sound.xml b/src/chrome/content/rules/Banyen-Books-and-Sound.xml
new file mode 100644
index 000000000000..71fbab7bc77c
--- /dev/null
+++ b/src/chrome/content/rules/Banyen-Books-and-Sound.xml
@@ -0,0 +1,9 @@
+<ruleset name="Banyen Books and Sound">
+    <target host="banyen.com" />
+    <target host="www.banyen.com" />
+
+    <securecookie host="^www\.banyen\.com$" name=".+" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Banym.de.xml b/src/chrome/content/rules/Banym.de.xml
new file mode 100644
index 000000000000..690fbac12317
--- /dev/null
+++ b/src/chrome/content/rules/Banym.de.xml
@@ -0,0 +1,9 @@
+<ruleset name="Banym.de">
+
+	<target host="banym.de" />
+	<target host="www.banym.de" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Baomoi.com.xml b/src/chrome/content/rules/Baomoi.com.xml
new file mode 100644
index 000000000000..0f042bfc7a5b
--- /dev/null
+++ b/src/chrome/content/rules/Baomoi.com.xml
@@ -0,0 +1,14 @@
+<!--
+	Problematic domains:
+
+		- baomoi.com			(mismatched, CN: *.zing.vn, zing.vn)
+-->
+<ruleset name="Baomoi.com" default_off="mismatched">
+	<target host="baomoi.com" />
+	<target host="www.baomoi.com" />
+
+	<test url="http://m.baomoi.com/" />
+	<test url="http://www.baomoi.com/tim-kiem/12th.epi" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Barbican.xml b/src/chrome/content/rules/Barbican.xml
index 678d855fb2d8..aab67b5eb111 100644
--- a/src/chrome/content/rules/Barbican.xml
+++ b/src/chrome/content/rules/Barbican.xml
@@ -11,7 +11,6 @@
 	<securecookie host="^www\.barbican\.org\.uk$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?barbican\.org\.uk/"
-		to="https://www.barbican.org.uk/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Barclays.co.uk.xml b/src/chrome/content/rules/Barclays.co.uk.xml
new file mode 100644
index 000000000000..57b08001092a
--- /dev/null
+++ b/src/chrome/content/rules/Barclays.co.uk.xml
@@ -0,0 +1,28 @@
+<!--
+	Other Barclays rulesets:
+		- Barcleycard.co.uk.xml
+		- Barclays_Corporate.com.xml
+
+
+	Preloaded:
+		bank.barclays.co.uk
+
+	Broken cert chain:
+		jobs.barclays.co.uk
+		www.jobs.barclays.co.uk
+
+-->
+<ruleset name="Barclays.co.uk">
+
+	<target host="barclays.co.uk" />
+	<target host="www.barclays.co.uk" />
+	<target host="ask.barclays.co.uk" />
+	<target host="personalisedcard.barclays.co.uk" />
+	<target host="smetrics.barclays.co.uk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Barclays.xml b/src/chrome/content/rules/Barclays.xml
deleted file mode 100644
index 5f56c18d0ac7..000000000000
--- a/src/chrome/content/rules/Barclays.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<ruleset name="Barclays" platform="mixedcontent">
-  <target host="www.barclays.co.uk" />
-  <target host="barclays.co.uk" />
-  <target host="ask.barclays.co.uk" />
-  <target host="barclayscorporate.com" />
-  <target host="www.barclayscorporate.com" />
-
-  <target host="barclaycard.co.uk" />
-  <target host="*.barclaycard.co.uk" />
-  <target host="*.secure.barclaycard.co.uk" />  
-
-  <securecookie host="^(.+\.)?(barclays|barclayscorporate)\.(com|co\.uk)$" name=".*"/>
-
-  <rule from="^http://(?:www\.)?barclays\.co\.uk/" to="https://www.barclays.co.uk/"/>
-  <rule from="^http://ask\.barclays\.co\.uk/" to="https://ask.barclays.co.uk/"/>
-  <rule from="^http://(?:www\.)?barclayscorporate\.com/" to="https://www.barclayscorporate.com/"/>
-  <rule from="^http://(?:secure\.)?barclaycard\.co\.uk/" to="https://www.barclaycard.co.uk/"/>
-  <rule from="^http://(www|bcol|letmechoose|ask|spendmanagement)\.(?:secure\.)?barclaycard\.co\.uk/" to="https://$1.barclaycard.co.uk/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/Barclays_Corporate.com.xml b/src/chrome/content/rules/Barclays_Corporate.com.xml
new file mode 100644
index 000000000000..c9fe2507f277
--- /dev/null
+++ b/src/chrome/content/rules/Barclays_Corporate.com.xml
@@ -0,0 +1,35 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ask.barclayscorporate.com/ => https://ask.barclayscorporate.com/: (6, 'Could not resolve host: ask.barclayscorporate.com')
+Fetch error: http://www.barclayscorporate.com/ => https://www.barclayscorporate.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://barclayscorporate.com/ => https://www.barclayscorporate.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	For other Barclays coverage, see Barclays.xml.
+
+
+	^barclayscorporate.com: Mismatched
+
+-->
+<ruleset name="Barclays Corporate.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ask.barclayscorporate.com" />
+  <target host="www.barclayscorporate.com" />
+
+	<!--	Complications:
+				-->
+  <target host="barclayscorporate.com" />
+
+
+	<securecookie host="^(?:.+\.)?barclayscorporate\.com$" name=".+" />
+
+
+	<rule from="^http://barclayscorporate\.com/"
+		to="https://www.barclayscorporate.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Barcleycard.co.uk.xml b/src/chrome/content/rules/Barcleycard.co.uk.xml
new file mode 100644
index 000000000000..e8a394873ab3
--- /dev/null
+++ b/src/chrome/content/rules/Barcleycard.co.uk.xml
@@ -0,0 +1,55 @@
+<!--
+	For other Barclays coverage, see Barclays.xml.
+
+
+	Insecure cookies are set for these hosts:
+
+		- bcol.barclaycard.co.uk
+		- letmechoose.barclaycard.co.uk
+		- secure.barclaycard.co.uk
+
+
+	Mixed content:
+
+		Ads/bugs, on:
+
+			- ask, help from statse.webtrendslive.com *
+			- www from img-cdn.mediaplex.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Barclaycard.co.uk">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ask.barclaycard.co.uk" />
+	<target host="bcol.barclaycard.co.uk" />
+	<target host="help.barclaycard.co.uk" />
+	<target host="letmechoose.barclaycard.co.uk" />
+	<target host="secure.barclaycard.co.uk" />
+	<target host="spendmanagement.barclaycard.co.uk" />
+	<target host="www.barclaycard.co.uk" />
+
+
+	<!--	Complications:
+				-->
+  <target host="barclaycard.co.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^bcol\.barclaycard\.co\.uk$" name="^(?:BIGipServer\w+|PHPSESSID)$" /-->
+	<!--securecookie host="^letmechoose\.barclaycard\.co\.uk$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^secure\.barclaycard\.co\.uk$" name="^BIGipServer\w+$" /-->
+
+	<securecookie host="^(?:.+\.)?barclaycard\.co\.uk$" name=".+" />
+
+
+	<rule from="^http://barclaycard\.co\.uk/"
+		to="https://www.barclaycard.co.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bardwil_Home.xml b/src/chrome/content/rules/Bardwil_Home.xml
index 9b2c939ddbfa..823682dfa93b 100644
--- a/src/chrome/content/rules/Bardwil_Home.xml
+++ b/src/chrome/content/rules/Bardwil_Home.xml
@@ -1,4 +1,6 @@
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://bardwilhome.com/ => http://bardwilhome.com/: Redirect for 'http://bardwilhome.com/' missing Location
 	Some pages redirect to http.
 
 -->
@@ -11,4 +13,4 @@
 	<rule from="^http://(?:www\.)?bardwilhome\.com/(cdn-cgi/ping|Controller/User_Session/CallTryCookie|css/|photos/|Public/|store_image/|Styles/)"
 		to="https://www.bardwilhome.com/$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/BareMetal.xml b/src/chrome/content/rules/BareMetal.xml
index 118d1ac36c49..62f6015ad4d4 100644
--- a/src/chrome/content/rules/BareMetal.xml
+++ b/src/chrome/content/rules/BareMetal.xml
@@ -7,13 +7,13 @@
 <ruleset name="BareMetal" platform="mixedcontent">
 
 	<target host="baremetal.com" />
-	<target host="*.baremetal.com" />
+	<target host="www.baremetal.com" />
+	<target host="swww.baremetal.com" />
 
 
-	<securecookie host="^swww\.baremetal\.com$" name=".*" />
+	<securecookie host="^swww\.baremetal\.com$" name=".+" />
 
 
-	<rule from="^http://(proxy\.|s?www\.)?baremetal\.com/"
-		to="https://$1baremetal.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Baremetrics.io.xml b/src/chrome/content/rules/Baremetrics.io.xml
index b1c220fe7af7..babab4eb9a5e 100644
--- a/src/chrome/content/rules/Baremetrics.io.xml
+++ b/src/chrome/content/rules/Baremetrics.io.xml
@@ -1,13 +1,12 @@
 <ruleset name="Baremetrics.io">
 
 	<target host="baremetrics.io" />
-	<target host="*.baremetrics.io" />
+	<target host="www.baremetrics.io" />
 
 
 	<securecookie host="^(?:www)?\.baremetrics\.io$" name=".+" />
 
 
-	<rule from="^http://(www\.)?baremetrics\.io/"
-		to="https://$1baremetrics.io/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Bareos.xml b/src/chrome/content/rules/Bareos.xml
index ab6ab2333301..860751ca7d75 100644
--- a/src/chrome/content/rules/Bareos.xml
+++ b/src/chrome/content/rules/Bareos.xml
@@ -11,7 +11,6 @@
 	<securecookie host="^www\.bareos\.org$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?bareos\.org/"
-		to="https://www.bareos.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Bargains_4_Business.xml b/src/chrome/content/rules/Bargains_4_Business.xml
index ff842996f5e5..13a043af1b42 100644
--- a/src/chrome/content/rules/Bargains_4_Business.xml
+++ b/src/chrome/content/rules/Bargains_4_Business.xml
@@ -1,13 +1,16 @@
-<ruleset name="Bargains 4 Business">
+<!--
+	(www.)?: Refused
+
+-->
+<ruleset name="Bargains 4 Business" default_off="refused">
 
 	<target host="bargains4business.com.au" />
-	<target host="*.bargains4business.com.au" />
+	<target host="www.bargains4business.com.au" />
 
 
 	<securecookie host="^(?:w*\.)?bargains4business\.com\.au$" name=".+" />
 
 
-	<rule from="^http://(www\.)?bargains4business\.com\.au/"
-		to="https://$1bargains4business.com.au/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/BarkBox.com.xml b/src/chrome/content/rules/BarkBox.com.xml
new file mode 100644
index 000000000000..c3da57396e10
--- /dev/null
+++ b/src/chrome/content/rules/BarkBox.com.xml
@@ -0,0 +1,37 @@
+<!--
+	Nonfunctional hosts in *barkbox.com:
+
+		- faq *
+
+	* Desk.com
+
+
+	Fully covered hosts in *barkbox.com:
+
+		- (www.)?
+
+
+	Insecure cookies are set for these domains:
+
+		- .barkbox.com
+
+-->
+<ruleset name="BarkBox.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="barkbox.com" />
+	<target host="www.barkbox.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.barkbox\.com$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.barkbox\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BarkerJr.net.xml b/src/chrome/content/rules/BarkerJr.net.xml
new file mode 100644
index 000000000000..6c821a722b8f
--- /dev/null
+++ b/src/chrome/content/rules/BarkerJr.net.xml
@@ -0,0 +1,16 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.barkerjr.net/ => https://www.barkerjr.net/: (51, "SSL: no alternative certificate subject name matches target host name 'www.barkerjr.net'")
+
+	^barkerjr.net doesn't exist.
+
+-->
+<ruleset name="BarkerJr.net" default_off="failed ruleset test">
+
+	<target host="www.barkerjr.net" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Barlamane.com.xml b/src/chrome/content/rules/Barlamane.com.xml
new file mode 100644
index 000000000000..a383d37b35c6
--- /dev/null
+++ b/src/chrome/content/rules/Barlamane.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="Barlamane.com">
+	<target host="barlamane.com" />
+	<target host="www.barlamane.com" />
+	<target host="riadalive.barlamane.com" />
+	<target host="wadifa.barlamane.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Barmer-GEK.xml b/src/chrome/content/rules/Barmer-GEK.xml
index 5d6a65ebffc0..f85d7c4ab735 100644
--- a/src/chrome/content/rules/Barmer-GEK.xml
+++ b/src/chrome/content/rules/Barmer-GEK.xml
@@ -1,5 +1,5 @@
 <ruleset name="Barmer-GEK">
 <target host="www.barmer-gek.de" />
 <target host="barmer-gek.de" />
-<rule from="^http://(?:www\.)?barmer-gek\.de/" to="https://www.barmer-gek.de/"/>
+<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Barna.org.xml b/src/chrome/content/rules/Barna.org.xml
new file mode 100644
index 000000000000..ec3094969741
--- /dev/null
+++ b/src/chrome/content/rules/Barna.org.xml
@@ -0,0 +1,31 @@
+<!--
+	Problematic hosts in *barna.org:
+
+		- cities *
+		- hispanics *
+
+	* Mismatched
+
+
+	Insecure cookies are set for these domains:
+
+		- .www.barna.org
+
+-->
+<ruleset name="Barna.org (partial)">
+
+	<target host="barna.org" />
+	<target host="www.barna.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.www\.barna\.org$" name="^[\da-f]{32}$" /-->
+
+	<securecookie host="^\.www\.barna\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Barnard_College.xml b/src/chrome/content/rules/Barnard_College.xml
index faebe250942c..e4b60229897c 100644
--- a/src/chrome/content/rules/Barnard_College.xml
+++ b/src/chrome/content/rules/Barnard_College.xml
@@ -4,7 +4,6 @@
 	<target host="www.barnard.edu" />
 
 
-	<rule from="^http://(www\.)?barnard\.edu/"
-		to="https://$1barnard.edu/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Barnebys.co.uk.xml b/src/chrome/content/rules/Barnebys.co.uk.xml
new file mode 100644
index 000000000000..3a0dec106b1f
--- /dev/null
+++ b/src/chrome/content/rules/Barnebys.co.uk.xml
@@ -0,0 +1,13 @@
+<!--
+	For other Barnebys coverage, see Barnebys.com.xml.
+
+-->
+<ruleset name="Barnebys.co.uk">
+
+	<target host="barnebys.co.uk" />
+	<target host="www.barnebys.co.uk" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Barnebys.com.xml b/src/chrome/content/rules/Barnebys.com.xml
new file mode 100644
index 000000000000..639cd4ec5683
--- /dev/null
+++ b/src/chrome/content/rules/Barnebys.com.xml
@@ -0,0 +1,34 @@
+<!--
+	Other Barnebys rulesets;
+
+		- Barnebys.co.uk.xml
+
+
+	CDN buckets:
+
+		- d3dvc13yhtcxbb.cloudfront.net	← widget
+		- d3rcpf2t2jhvw0.cloudfront.net
+
+
+	Problematic subdomains:
+
+		- widget *
+
+	* Cloudfront
+
+-->
+<ruleset name="Barnebys.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="barnebys.com" />
+	<target host="www.barnebys.com" />
+
+	<!--	Complications:
+				-->
+	<target host="widget.barnebys.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Barnes-Jewish_Hospital.xml b/src/chrome/content/rules/Barnes-Jewish_Hospital.xml
index cd40450681bb..703a50375aab 100644
--- a/src/chrome/content/rules/Barnes-Jewish_Hospital.xml
+++ b/src/chrome/content/rules/Barnes-Jewish_Hospital.xml
@@ -1,4 +1,9 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://barnesjewish.org/ => http://barnesjewish.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.barnesjewish.org/ => http://www.barnesjewish.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
 	Problematic domains:
 
 		- ^		("application error", valid cert)
@@ -8,7 +13,7 @@
 	Some pages redirect to http
 
 -->
-<ruleset name="Barnes-Jewish Hospital (partial)">
+<ruleset name="Barnes-Jewish Hospital (partial)" default_off="failed ruleset test">
 
 	<target host="barnesjewish.org" />
 	<target host="www.barnesjewish.org" />
@@ -17,4 +22,4 @@
 	<rule from="^http://(?:www\.)?barnesjewish\.org/(BJHControls/|favicon\.ico|images/|MediaGallery/|skins/|styles/|[uU]pload/)"
 		to="https://www.barnesjewish.org/$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/BarnesandNoble.xml b/src/chrome/content/rules/BarnesandNoble.xml
index 11d24f1b5ecf..537108d32e97 100644
--- a/src/chrome/content/rules/BarnesandNoble.xml
+++ b/src/chrome/content/rules/BarnesandNoble.xml
@@ -1,4 +1,13 @@
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://barnesandnoble.com/ => https://www.barnesandnoble.com/: Cycle detected - URL already encountered: https://www.barnesandnoble.com/
+Fetch error: http://bn.com/ => https://www.barnesandnoble.com/: Cycle detected - URL already encountered: https://www.barnesandnoble.com/
+Fetch error: http://www.bn.com/ => https://www.barnesandnoble.com/: Cycle detected - URL already encountered: https://www.barnesandnoble.com/
+	Other Barnes and Noble rulesets:
+
+		- ImagesBN.com.xml
+
+
 	Problematic domains:
 
 		- images.barnesandnoble.com	(akamai)
@@ -19,21 +28,14 @@
 			- mynook
 			- pnr
 
-		- imagesbn.com subdomains:
-
-			- img[12]	(→ simg[12])
-			- img3
-			- simg[12]
-
 -->
-<ruleset name="Barnes and Noble (partial)">
+<ruleset name="Barnes and Noble (partial)" platform="mixedcontent">
 
 	<target host="barnesandnoble.com" />
 	<target host="*.barnesandnoble.com" />
 		<exclusion pattern="^http://www\.barnesandnoble\.com/(?:google/ad\?url=|p/[\w-]+|[sw]/)" />
 	<target host="bn.com" />
 	<target host="www.bn.com" />
-	<target host="*.imagesbn.com" />
 
 
 	<securecookie host="^(?:cart\d|my|\.?mynook)\.barnesandnoble\.com$" name=".+" />
@@ -48,17 +50,5 @@
 	<rule from="^http://images\.barnesandnoble\.com/"
 		to="https://simg1.imagesbn.com/" />
 
-	<!--	s?img[12] appear identical, but copy what
-		the server does as closely as is feasible:
-							-->
-	<rule from="^http://s?img([12])\.imagesbn\.com/"
-		to="https://simg$1.imagesbn.com/" />
-
-	<!--	simg3 doesn't exist, and unlike
-		1 & 2, the cert matches img3:
-						-->
-	<rule from="^http://img3\.imagesbn\.com/"
-		to="https://img3.imagesbn.com/" />
-
 </ruleset>
 <!--	Rule generated by HTTPS Finder 0.77	-->
diff --git a/src/chrome/content/rules/Barnskospecialisten.se.xml b/src/chrome/content/rules/Barnskospecialisten.se.xml
index 9122784b6e69..0f2e10206440 100644
--- a/src/chrome/content/rules/Barnskospecialisten.se.xml
+++ b/src/chrome/content/rules/Barnskospecialisten.se.xml
@@ -1,7 +1,8 @@
-<ruleset name="Barnskospecialisten.se" platform="mixedcontent">
-  <target host="www.barnskospecialisten.se" />
-  <target host="barnskospecialisten.se" />
-  <rule from="^http://www\.barnskospecialisten\.se/" to="https://www.barnskospecialisten.se/"/>
-  <rule from="^http://barnskospecialisten\.se/" to="https://barnskospecialisten.se/"/>
-</ruleset>
+<ruleset name="Barnskospecialisten.se" >
+	<target host="barnskospecialisten.se" />
+	<target host="www.barnskospecialisten.se" />
+
+	<securecookie host=".+" name=".+" />
 
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Barnsley.gov.uk.xml b/src/chrome/content/rules/Barnsley.gov.uk.xml
new file mode 100644
index 000000000000..5c26f3a87c4b
--- /dev/null
+++ b/src/chrome/content/rules/Barnsley.gov.uk.xml
@@ -0,0 +1,48 @@
+<!--
+	Barnsley Metropolitan Borough Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+	Non-functional hosts
+		Timeout was reached:
+		- externalaccess.barnsley.gov.uk
+		- mailhost.barnsley.gov.uk
+		- mailhost1.barnsley.gov.uk
+		- mailworking2007.barnsley.gov.uk
+		- portal1.barnsley.gov.uk
+		- portal1c4c.barnsley.gov.uk
+		- sapmamdev.barnsley.gov.uk
+
+		SSL peer certificate was not OK:
+		- consult.barnsley.gov.uk
+		- enterpriseregistration.barnsley.gov.uk
+		- fsd.barnsley.gov.uk
+		- mylimehouse.barnsley.gov.uk
+		- new.barnsley.gov.uk
+
+		Status code mismatch:
+		- wwwdev.barnsley.gov.uk
+
+		Different content:
+		- wwwapplications.barnsley.gov.uk
+		- wwwtest.barnsley.gov.uk
+-->
+<ruleset name="Barnsley.gov.uk">
+	<target host="barnsley.gov.uk" />
+	<target host="www.barnsley.gov.uk" />
+	<target host="adfs.barnsley.gov.uk" />
+	<target host="applications.barnsley.gov.uk" />
+	<target host="education.barnsley.gov.uk" />
+	<target host="employeeportal.barnsley.gov.uk" />
+	<target host="homeworking.barnsley.gov.uk" />
+	<target host="maccs.barnsley.gov.uk" />
+	<target host="mailworking.barnsley.gov.uk" />
+	<target host="maps.barnsley.gov.uk" />
+	<target host="mapstest.barnsley.gov.uk" />
+	<target host="remotesupport.barnsley.gov.uk" />
+	<target host="shibboleth.barnsley.gov.uk" />
+	<target host="socialcare.barnsley.gov.uk" />
+	<target host="www2.barnsley.gov.uk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Barracuda.com.xml b/src/chrome/content/rules/Barracuda.com.xml
index dbe6fd0b824d..026b64ac7180 100644
--- a/src/chrome/content/rules/Barracuda.com.xml
+++ b/src/chrome/content/rules/Barracuda.com.xml
@@ -6,14 +6,18 @@
 
 		- (www.)barracuda.com
 		- login.barracuda.com
+		- (www.)barracudanetworks.com
 		- login.barracudanetworks.com
 
 -->
 <ruleset name="Barracuda.com">
 
 	<target host="barracuda.com" />
-	<target host="*.barracuda.com" />
+	<target host="login.barracuda.com" />
+	<target host="www.barracuda.com" />
+	<target host="barracudanetworks.com" />
 	<target host="login.barracudanetworks.com" />
+	<target host="www.barracudanetworks.com" />
 
 
 	<securecookie host="^www\.barracuda\.com$" name=".+" />
@@ -23,10 +27,6 @@
 	<!--securecookie host="^\.login\.barracudanetworks\.com$" name=".+" /-->
 
 
-	<rule from="^http://(login\.|www\.)?barracuda\.com/"
-		to="https://$1barracuda.com/" />
+	<rule from="^http:" to="https:" />
 
-	<rule from="^http://login\.barracudanetworks\.com/"
-		to="https://login.barracudanetworks.com/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Bart.gov.xml b/src/chrome/content/rules/Bart.gov.xml
new file mode 100644
index 000000000000..44ee0adb265e
--- /dev/null
+++ b/src/chrome/content/rules/Bart.gov.xml
@@ -0,0 +1,33 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ws8.bart.gov/ => https://ws8.bart.gov/: (35, 'Unknown SSL protocol error in connection to ws8.bart.gov:443 ')
+
+
+	Unsupported domains:
+
+	- bartable.bart.gov	(cert mismatch)
+	- ws15.bart.gov		(incomplete certificate chain)
+
+-->
+<ruleset name="Bart.gov" default_off="failed ruleset test">
+
+	<target host="bart.gov" />
+	<target host="www.bart.gov" />
+	<target host="api.bart.gov" />
+	<target host="ess.bart.gov" />
+	<target host="ezrider.bart.gov" />
+	<target host="jobs.bart.gov" />
+	<target host="m.bart.gov" />
+	<target host="suppliers.bart.gov" />
+	<target host="telestaff.bart.gov" />
+	<target host="webapps.bart.gov" />
+	<target host="ws8.bart.gov" />
+	<target host="ws20.bart.gov" />
+	<target host="ws26.bart.gov" />
+
+	<securecookie host="^(www|api|ess|ezrider|jobs|m|suppliers|telestaff|webapps|ws(8|20|26))\.bart\.gov$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bart_Bania.com.xml b/src/chrome/content/rules/Bart_Bania.com.xml
new file mode 100644
index 000000000000..4975d8d13a34
--- /dev/null
+++ b/src/chrome/content/rules/Bart_Bania.com.xml
@@ -0,0 +1,27 @@
+<!--
+	Problematic subdomains:
+
+		- about *
+
+	* Mismatched
+
+
+	Fully covered subdomains:
+
+		- (www.)?
+		- blog
+		- weather
+
+-->
+<ruleset name="Bart Bania.com (partial)">
+
+	<target host="bartbania.com" />
+	<target host="blog.bartbania.com" />
+	<target host="weather.bartbania.com" />
+	<target host="www.bartbania.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bartleby.com.xml b/src/chrome/content/rules/Bartleby.com.xml
index 07cdbadb1956..3d2216162625 100644
--- a/src/chrome/content/rules/Bartleby.com.xml
+++ b/src/chrome/content/rules/Bartleby.com.xml
@@ -7,7 +7,7 @@
 	<securecookie host="^bartleby\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?bartleby\.com/"
+	<rule from="^http://(?:www\.)?bartleby\.com/"
 		to="https://bartleby.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Barvaux.org.xml b/src/chrome/content/rules/Barvaux.org.xml
new file mode 100644
index 000000000000..89b14f8d7844
--- /dev/null
+++ b/src/chrome/content/rules/Barvaux.org.xml
@@ -0,0 +1,18 @@
+<!--
+	Invalid certificate:
+		heka.barvaux.org
+		mail.barvaux.org
+		mout.barvaux.org
+		photos.barvaux.org
+
+-->
+<ruleset name="Barvaux.org">
+
+	<target host="barvaux.org" />
+	<target host="www.barvaux.org" />
+	<target host="webmail.barvaux.org" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Base_INC.xml b/src/chrome/content/rules/Base_INC.xml
deleted file mode 100644
index 3aaba9d2afff..000000000000
--- a/src/chrome/content/rules/Base_INC.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Base INC!">
-
-	<target host="base-valid.com" />
-	<target host="*.base-valid.com" />
-
-
-	<securecookie host="^(?:www)?\.base-valid\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?base-valid\.com/"
-		to="https://$1base-valid.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Basecamp.com.xml b/src/chrome/content/rules/Basecamp.com.xml
new file mode 100644
index 000000000000..2ce28a2d5ddb
--- /dev/null
+++ b/src/chrome/content/rules/Basecamp.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="Basecamp.com">
+
+	<target host="basecamp.com" />
+	<target host="www.basecamp.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bash.im.xml b/src/chrome/content/rules/Bash.im.xml
new file mode 100644
index 000000000000..5f5057be0c64
--- /dev/null
+++ b/src/chrome/content/rules/Bash.im.xml
@@ -0,0 +1,12 @@
+<!--
+	Does not connect over HTTPS:
+		lol.bash.im
+-->
+<ruleset name="Bash.im">
+	<target host="bash.im" />
+	<target host="www.bash.im" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Bashy.io.xml b/src/chrome/content/rules/Bashy.io.xml
new file mode 100644
index 000000000000..bece358e6aeb
--- /dev/null
+++ b/src/chrome/content/rules/Bashy.io.xml
@@ -0,0 +1,16 @@
+<!--
+	Nonfunctional hosts in *.bashy.io:
+		- bashy.io
+		- clippy
+		- dokku
+-->
+<ruleset name="Bashy.io">
+	<target host="bashy.io" />
+	<target host="www.bashy.io" />
+	<target host="canvas.bashy.io" />
+	<target host="ghost.bashy.io" />
+	<target host="launchpage.bashy.io" />
+
+	<rule from="^http://bashy\.io/" to="https://www.bashy.io/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Basilisk-Browser.org.xml b/src/chrome/content/rules/Basilisk-Browser.org.xml
new file mode 100644
index 000000000000..22c507b7611c
--- /dev/null
+++ b/src/chrome/content/rules/Basilisk-Browser.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="Basilisk Browser">
+
+	<target host="basilisk-browser.org" />
+	<target host="www.basilisk-browser.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bassetlaw.gov.uk.xml b/src/chrome/content/rules/Bassetlaw.gov.uk.xml
new file mode 100644
index 000000000000..45295e2ec5d1
--- /dev/null
+++ b/src/chrome/content/rules/Bassetlaw.gov.uk.xml
@@ -0,0 +1,58 @@
+<!--
+	Bassetlaw District Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *bassetlaw.gov.uk:
+
+		- publicaccess ᵈ
+
+	ᵈ Dropped
+
+
+	Problematic hosts in *bassetlaw.gov.uk:
+
+		- remote ᶜ
+
+	ᶜ
+
+
+	These altnames don't exist:
+
+		- bassetlaw.gov.uk
+
+
+	Insecure cookies are set for these hosts:
+
+		- data.bassetlaw.gov.uk
+		- selfservice.bassetlaw.gov.uk
+		- webaccess.bassetlaw.gov.uk
+		- www.bassetlaw.gov.uk
+
+-->
+<ruleset name="Bassetlaw.gov.uk (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="aeis.bassetlaw.gov.uk" />
+	<target host="autodiscover.bassetlaw.gov.uk" />
+	<target host="data.bassetlaw.gov.uk" />
+	<!--target host="remote.bassetlaw.gov.uk" /-->
+	<target host="selfservice.bassetlaw.gov.uk" />
+	<target host="webaccess.bassetlaw.gov.uk" />
+	<target host="www.bassetlaw.gov.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:data|selfservice|www)\.bassetlaw\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^webaccess\.bassetlaw\.gov\.uk$" name="^cadata[\dA-F]{32}$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bassh.net.xml b/src/chrome/content/rules/Bassh.net.xml
deleted file mode 100644
index ce09a2e092b6..000000000000
--- a/src/chrome/content/rules/Bassh.net.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!-- This rule was automatically generated based on an HSTS
-     preload rule in the Chromium browser.  See
-     https://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.h
-     for the list of preloads.  Sites are added to the Chromium HSTS
-     preload list on request from their administrators, so HTTPS should
-     work properly everywhere on this site.
-
-     Because Chromium and derived browsers automatically force HTTPS for
-     every access to this site, this rule applies only to Firefox. -->
-<ruleset name="Bassh.net" platform="firefox">
-<target host="bassh.net" />
-
-<securecookie host="^bassh\.net$" name=".+" />
-
-<rule from="^http://bassh\.net/" to="https://bassh.net/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Bathnes.gov.uk.xml b/src/chrome/content/rules/Bathnes.gov.uk.xml
new file mode 100644
index 000000000000..3249601d1884
--- /dev/null
+++ b/src/chrome/content/rules/Bathnes.gov.uk.xml
@@ -0,0 +1,100 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://bathnes.gov.uk/misc/menu-leaf.png => https://bathnes.gov.uk/misc/menu-leaf.png: (35, 'error:14077458:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 unrecognized name')
+Fetch error: http://capita.bathnes.gov.uk/ => https://capita.bathnes.gov.uk/: (28, 'Connection timed out after 20001 milliseconds')
+
+	Bath and North East Somerset Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *bathnes.gov.uk:
+
+		- bathhacked ᵇ
+		- cicalc ᵃ
+		- thehub ᵃ
+
+	ᵃ Shows another domain
+	ᵇ Shows default page
+
+
+	Problematic hosts in *bathnes.gov.uk:
+
+		- ess ᶜ
+		- mss ᶜ
+
+	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
+
+
+	Partially covered hosts in *bathnes.gov.uk:
+
+		- (www.)? ʰ
+		- idox ʰ
+
+	ʰ Some pages redirect to http
+
+
+	These altnames don't exist:
+
+		- www.ess.bathnes.gov.uk
+
+
+	Insecure cookies are set for these hosts:
+
+		- art.bathnes.gov.uk
+		- democracy.bathnes.gov.uk
+		- isharemaps.bathnes.gov.uk
+		- secure.bathnes.gov.uk
+
+-->
+<ruleset name="Bathnes.gov.uk (partial)" default_off="failed ruleset test">
+
+	<target host="bathnes.gov.uk" />
+	<target host="art.bathnes.gov.uk" />
+	<target host="capita.bathnes.gov.uk" />
+	<target host="democracy.bathnes.gov.uk" />
+	<target host="ess.bathnes.gov.uk" />
+	<target host="filetransfer.bathnes.gov.uk" />
+	<target host="idox.bathnes.gov.uk" />
+	<target host="isharemaps.bathnes.gov.uk" />
+	<target host="jobs.bathnes.gov.uk" />
+	<!--target host="mss.bathnes.gov.uk" /-->
+	<target host="secure.bathnes.gov.uk" />
+	<target host="www.bathnes.gov.uk" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://(?:idox\.|www\.)?bathnes\.gov\.uk/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://(?:idox\.|www\.)?bathnes\.gov\.uk/+(?!misc/|sites/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.bathnes.gov.uk/jobs" />
+			<test url="http://www.bathnes.gov.uk/pay" />
+			<test url="http://www.bathnes.gov.uk/records" />
+
+			<!--	-ve:
+					-->
+			<test url="http://bathnes.gov.uk/misc/menu-leaf.png" />
+			<test url="http://idox.bathnes.gov.uk/misc/menu-leaf.png" />
+			<test url="http://idox.bathnes.gov.uk/sites/all/themes/banes7/css/images/bg_carousel_blue.png" />
+			<test url="http://www.bathnes.gov.uk/sites/all/themes/banes7/css/images/bg_carousel_blue.png" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^art\.bathnes\.gov\.uk$" name="^JSESSIONID$" /-->
+	<!--securecookie host="^(?:democracy|secure)\.bathnes\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^isharemaps\.bathnes\.gov\.uk$" name="^(?:ASP\.NET_SessionId|atLocation|atMyCouncil|astun)$" /-->
+
+	<securecookie host="^(?!(?:idox\.|www\.)?bathnes\.gov\.uk$)\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Batmanarkhamorigins.com.xml b/src/chrome/content/rules/Batmanarkhamorigins.com.xml
new file mode 100644
index 000000000000..f1a2e2ccfc6c
--- /dev/null
+++ b/src/chrome/content/rules/Batmanarkhamorigins.com.xml
@@ -0,0 +1,13 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://batmanarkhamorigins.com/ => https://www.batmanarkhamorigins.com/: (7, 'Failed to connect to www.batmanarkhamorigins.com port 443: Connection timed out')
+Fetch error: http://www.batmanarkhamorigins.com/ => https://www.batmanarkhamorigins.com/: (7, 'Failed to connect to www.batmanarkhamorigins.com port 443: Connection timed out')
+
+-->
+<ruleset name="Batmanarkhamorigins.com" default_off="failed ruleset test">
+  <target host="batmanarkhamorigins.com" />
+  <target host="www.batmanarkhamorigins.com" />
+
+  <rule from="^http://(?:www\.)?batmanarkhamorigins\.com/" to="https://www.batmanarkhamorigins.com/" />
+</ruleset>
diff --git a/src/chrome/content/rules/Battelle.xml b/src/chrome/content/rules/Battelle.xml
index 4c1e739ce55f..cab7d92b5931 100644
--- a/src/chrome/content/rules/Battelle.xml
+++ b/src/chrome/content/rules/Battelle.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(www\.)?battelle\.org/(careers/(?:benefits|current-openings|our-culture)(?:$|\?)|docs/|doing-business-with-us/commercial-clients(?:$|\?)|favicon\.ico|feeds/|images/|Sitefinity/|Telerik\.Web\.UI\.WebResource\.axd)"
 		to="https://$1battelle.org/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Battle.net.xml b/src/chrome/content/rules/Battle.net.xml
index 3887420710f5..94dd383e5439 100644
--- a/src/chrome/content/rules/Battle.net.xml
+++ b/src/chrome/content/rules/Battle.net.xml
@@ -32,17 +32,23 @@
 <ruleset name="Battle.net (partial)">
 
 	<target host="battle.net" />
-	<target host="*.battle.net" />
+	<target host="eu.battle.net" />
+	<target host="forums.battle.net" />
+	<target host="kr.battle.net" />
+	<target host="sea.battle.net" />
+	<target host="tw.battle.net" />
+	<target host="us.battle.net" />
+	<target host="www.battle.net" />
+	<target host="us.media3.battle.net" />
 		<exclusion pattern="^http://(?:(?:eu|kr|sea|tw|us|www)\.)?battle\.net/(?!(?:account|d3|login)(?:$|\?|/)|favicon\.ico|static(?:-render)?/|.+/static/)" />
 
 
 	<securecookie host="^forums\.battle\.net$" name=".+" />
 
 
-	<rule from="^http://((?:eu|forums|kr|sea|tw|us|www)\.)?battle\.net/"
-		to="https://$1battle.net/" />
 
 	<rule from="^http://us\.media3\.battle\.net/"
 		to="https://bnetcmsus-a.akamaihd.net/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Battle_Creek_Enquirer.xml b/src/chrome/content/rules/Battle_Creek_Enquirer.xml
index bb523808eb9f..f2dc1483b1a1 100644
--- a/src/chrome/content/rules/Battle_Creek_Enquirer.xml
+++ b/src/chrome/content/rules/Battle_Creek_Enquirer.xml
@@ -11,13 +11,14 @@
 <ruleset name="Battle Creek Enquirer">
 
 	<target host="battlecreekenquirer.com" />
-	<target host="*.battlecreekenquirer.com" />
+	<target host="cmsimg.battlecreekenquirer.com" />
+	<target host="www.battlecreekenquirer.com" />
 
 
 	<securecookie host="^www\.battlecreekenquirer\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:cmsimg\.|www\.)?battlecreekenquirer\.com/"
+	<rule from="^http://(?:cmsimg\.|www\.)?battlecreekenquirer\.com/"
 		to="https://www.battlecreekenquirer.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Battle_for_the_Net.com.xml b/src/chrome/content/rules/Battle_for_the_Net.com.xml
new file mode 100644
index 000000000000..3b86c6b271f9
--- /dev/null
+++ b/src/chrome/content/rules/Battle_for_the_Net.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .battleforthenet.com
+
+-->
+<ruleset name="Battle for the Net.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="battleforthenet.com" />
+	<target host="www.battleforthenet.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.battleforthenet\.com$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.battleforthenet\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bauhaus-University_Weimar.xml b/src/chrome/content/rules/Bauhaus-University_Weimar.xml
index 3bc10e308d11..2086bed02b0e 100644
--- a/src/chrome/content/rules/Bauhaus-University_Weimar.xml
+++ b/src/chrome/content/rules/Bauhaus-University_Weimar.xml
@@ -9,14 +9,13 @@
 -->
 <ruleset name="Bauhaus-University Weimar (partial)">
 
-	<target host="*.uni-weimar.de" />
-	<target host="*.webmail.uni-weimar.de" />
+	<target host="webmail.uni-weimar.de" />
+	<target host="www.uni-weimar.de" />
 
 
-	<securecookie host="^.+\.uni-weimar\.de$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://w(ebmail|ww)\.uni-weimar\.de/"
-		to="https://w$1.uni-weimar.de/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Baxter_Bulletin.xml b/src/chrome/content/rules/Baxter_Bulletin.xml
index 731c4cefd570..4df02e1268ca 100644
--- a/src/chrome/content/rules/Baxter_Bulletin.xml
+++ b/src/chrome/content/rules/Baxter_Bulletin.xml
@@ -11,13 +11,14 @@
 <ruleset name="The Baxter Bulletin">
 
 	<target host="baxterbulletin.com" />
-	<target host="*.baxterbulletin.com" />
+	<target host="cmsimg.baxterbulletin.com" />
+	<target host="www.baxterbulletin.com" />
 
 
 	<securecookie host="^www\.baxterbulletin\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:cmsimg\.|www\.)?baxterbulletin\.com/"
+	<rule from="^http://(?:cmsimg\.|www\.)?baxterbulletin\.com/"
 		to="https://www.baxterbulletin.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/BayFiles.xml b/src/chrome/content/rules/BayFiles.xml
index 0730ef970fc2..76a3eb40ceb8 100644
--- a/src/chrome/content/rules/BayFiles.xml
+++ b/src/chrome/content/rules/BayFiles.xml
@@ -1,11 +1,29 @@
-<ruleset name="BayFiles">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://bayfiles.com/ => https://bayfiles.net/: (7, 'Failed to connect to bayfiles.net port 443: Connection refused')
+Fetch error: http://www.bayfiles.com/ => https://bayfiles.net/: (7, 'Failed to connect to bayfiles.net port 443: Connection refused')
+Fetch error: http://bayfiles.net/ => https://bayfiles.net/: (7, 'Failed to connect to bayfiles.net port 443: Connection refused')
+Fetch error: http://www.bayfiles.net/ => https://www.bayfiles.net/: (7, 'Failed to connect to www.bayfiles.net port 443: Connection refused')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://bayfiles.com/ => https://bayfiles.net/: (28, 'Resolving timed out after 10517 milliseconds')
+Fetch error: http://www.bayfiles.com/ => https://bayfiles.net/: (28, 'Resolving timed out after 10518 milliseconds')
+Fetch error: http://bayfiles.net/ => https://bayfiles.net/: (28, 'Resolving timed out after 10519 milliseconds')
+Fetch error: http://www.bayfiles.net/ => https://www.bayfiles.net/: (28, 'Resolving timed out after 10518 milliseconds')
+-->
+<ruleset name="BayFiles" default_off="failed ruleset test">
 
 	<target host="bayfiles.com" />
 	<target host="www.bayfiles.com" />
+	<target host="bayfiles.net" />
+	<target host="www.bayfiles.net" />
 
 
-	<!--	Cert doesn't match !www.	-->
 	<rule from="^http://(?:www\.)?bayfiles\.com/"
-		to="https://bayfiles.com/" />
+		to="https://bayfiles.net/" />
+
+	<rule from="^http://(www\.)?bayfiles\.net/"
+		to="https://$1bayfiles.net/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/BayLeaks.com.xml b/src/chrome/content/rules/BayLeaks.com.xml
new file mode 100644
index 000000000000..359699fc42df
--- /dev/null
+++ b/src/chrome/content/rules/BayLeaks.com.xml
@@ -0,0 +1,16 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://bayleaks.com/ => https://bayleaks.com/: (7, 'Failed to connect to bayleaks.com port 443: Connection refused')
+Fetch error: http://www.bayleaks.com/ => https://www.bayleaks.com/: (7, 'Failed to connect to www.bayleaks.com port 443: Connection refused')
+
+-->
+<ruleset name="BayLeaks.com" default_off="failed ruleset test">
+
+	<target host="bayleaks.com" />
+	<target host="www.bayleaks.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BayLibre.com.xml b/src/chrome/content/rules/BayLibre.com.xml
new file mode 100644
index 000000000000..2e319d073463
--- /dev/null
+++ b/src/chrome/content/rules/BayLibre.com.xml
@@ -0,0 +1,35 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.baylibre.com/ => https://www.baylibre.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.baylibre.com'")
+
+	Insecure cookies are set for these hosts:
+
+		- baylibre.com
+		- www.baylibre.com
+
+
+	Mixed content:
+
+		- Images on ^ from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="BayLibre.com" default_off="failed ruleset test">
+
+	<target host="baylibre.com" />
+	<target host="www.baylibre.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?baylibre\.com$" name="^(PHPSESSID|mediaplan|mediaplanBAK)$" /-->
+
+	<securecookie host="^(?:www\.)?baylibre\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bay_Area_Amusements.xml b/src/chrome/content/rules/Bay_Area_Amusements.xml
index 4cc7d3bfc8a9..421835b5fa07 100644
--- a/src/chrome/content/rules/Bay_Area_Amusements.xml
+++ b/src/chrome/content/rules/Bay_Area_Amusements.xml
@@ -7,7 +7,6 @@
 	<securecookie host="^(?:www\.)?bayareaamusements\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?bayareaamusements\.com/"
-		to="https://$1bayareaamusements.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Bay_Citizen.org.xml b/src/chrome/content/rules/Bay_Citizen.org.xml
new file mode 100644
index 000000000000..81df65ff5900
--- /dev/null
+++ b/src/chrome/content/rules/Bay_Citizen.org.xml
@@ -0,0 +1,26 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://baycitizen.org/ => https://www.baycitizen.org/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.baycitizen.org/ => https://www.baycitizen.org/: (60, 'SSL certificate problem: certificate has expired')
+
+	^: dropped
+
+-->
+<ruleset name="Bay Citizen.org" default_off="failed ruleset test">
+
+	<target host="baycitizen.org" />
+	<target host="www.baycitizen.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.baycitizen\.org$" name="^(csrftoken|sessionid)$" /-->
+
+	<securecookie host="^www\.baycitizen\.org$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?baycitizen\.org/"
+		to="https://www.baycitizen.org/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bayan.ir-expired.xml b/src/chrome/content/rules/Bayan.ir-expired.xml
new file mode 100644
index 000000000000..4863e0c54eca
--- /dev/null
+++ b/src/chrome/content/rules/Bayan.ir-expired.xml
@@ -0,0 +1,12 @@
+<!--
+	For rules that are on by default, see Bayan.ir.xml.
+
+-->
+<ruleset name="Bayan.ir (expired)" default_off="expired">
+
+	<target host="cdn.bayan.ir" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bayan.ir.xml b/src/chrome/content/rules/Bayan.ir.xml
new file mode 100644
index 000000000000..8eb15faee8e6
--- /dev/null
+++ b/src/chrome/content/rules/Bayan.ir.xml
@@ -0,0 +1,27 @@
+<!--
+	For problematic rules, see Bayan.ir-expired.xml.
+
+
+	Problematic subdomains:
+
+		- cdn *
+
+	* Works, expired
+
+-->
+<ruleset name="Bayan.ir (partial)">
+
+	<target host="bayan.ir" />
+	<target host="www.bayan.ir" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^bayan\.ir$" name="^use_https$" /-->
+
+	<securecookie host="^bayan\.ir$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Baylor.edu.xml b/src/chrome/content/rules/Baylor.edu.xml
new file mode 100644
index 000000000000..d018a88d9bf3
--- /dev/null
+++ b/src/chrome/content/rules/Baylor.edu.xml
@@ -0,0 +1,44 @@
+<!--
+	Baylor University
+
+
+	^: refused
+
+
+	Fully covered subdomains:
+
+		- (www.)	(^ → www)
+		- m
+		- www1
+
+
+	Insecure cookies are set for these domains:
+
+		- .m
+		- .www
+		- www1
+		- .www1
+
+-->
+<ruleset name="Baylor.edu (partial)">
+
+	<target host="baylor.edu" />
+	<target host="www.baylor.edu" />
+	<target host="m.baylor.edu" />
+	<target host="www1.baylor.edu" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.(m|www)\.baylor\.edu$" name="^BUARRAffinity\w+$" /-->
+	<!--securecookie host="^www1\.baylor\.edu$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^\.(?:m|www)\.baylor\.edu$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?baylor\.edu/"
+		to="https://www.baylor.edu/" />
+
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Bayphoto.com.xml b/src/chrome/content/rules/Bayphoto.com.xml
new file mode 100644
index 000000000000..0dbfe442ae54
--- /dev/null
+++ b/src/chrome/content/rules/Bayphoto.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="Bayphoto.com">
+	<target host="bayphoto.com" />
+	<target host="www.bayphoto.com" />
+
+	<target host="designer.bayphoto.com" />
+	<target host="dl.bayphoto.com" />
+	<target host="my.bayphoto.com" />
+	<target host="order.bayphoto.com" />
+	<target host="support.bayphoto.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Bayyinah.com.xml b/src/chrome/content/rules/Bayyinah.com.xml
new file mode 100644
index 000000000000..d6924994e36e
--- /dev/null
+++ b/src/chrome/content/rules/Bayyinah.com.xml
@@ -0,0 +1,15 @@
+<ruleset name="Bayyinah.com">
+	<target host="bayyinah.com" />
+	<target host="www.bayyinah.com" />
+	<target host="arabic.bayyinah.com" />
+	<target host="blog.bayyinah.com" />
+	<target host="dream.bayyinah.com" />
+	<target host="events.bayyinah.com" />
+	<target host="id.bayyinah.com" />
+	<target host="live.bayyinah.com" />
+	<target host="oldsite.bayyinah.com" />
+	<target host="podcast.bayyinah.com" />
+	<target host="quran.bayyinah.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Bazaar.tf.xml b/src/chrome/content/rules/Bazaar.tf.xml
new file mode 100644
index 000000000000..a3e16da0d741
--- /dev/null
+++ b/src/chrome/content/rules/Bazaar.tf.xml
@@ -0,0 +1,6 @@
+<ruleset name="Bazaar.tf">
+	<target host="bazaar.tf" />
+	<target host="www.bazaar.tf" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Bazaarbay.org.xml b/src/chrome/content/rules/Bazaarbay.org.xml
new file mode 100644
index 000000000000..9e06c03ded96
--- /dev/null
+++ b/src/chrome/content/rules/Bazaarbay.org.xml
@@ -0,0 +1,6 @@
+<ruleset name="Bazaarbay.org">
+	<target host="bazaarbay.org" />
+	<target host="www.bazaarbay.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Bazaarvoice-problematic.xml b/src/chrome/content/rules/Bazaarvoice-problematic.xml
index 3eb17a735dd3..bb1638c27e52 100644
--- a/src/chrome/content/rules/Bazaarvoice-problematic.xml
+++ b/src/chrome/content/rules/Bazaarvoice-problematic.xml
@@ -2,13 +2,12 @@
 	For rules that are on by default, see Bazaarvoice.xml.
 
 -->
-<ruleset name="Bazaarvoice (problematic)" default_off="mismatch">
+<ruleset name="Bazaarvoice.com (problematic)" default_off="mismatched">
 
-	<target host="*.ugc.bazaarvoice.com" />
+	<target host="media2.bazaarvoice.com" />
 
 
-	<!--	Unique subdomains included on 3rd-party websites.	-->
-	<rule from="^http://(\w+)\.ugc\.bazaarvoice\.com/"
-		to="https://$1.ugc.bazaarvoice.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Bazaarvoice.xml b/src/chrome/content/rules/Bazaarvoice.xml
index c1643f11d577..fea1339bf7e5 100644
--- a/src/chrome/content/rules/Bazaarvoice.xml
+++ b/src/chrome/content/rules/Bazaarvoice.xml
@@ -1,45 +1,109 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://resources.bazaarvoice.com/css/mktLPSupport.css (200) => https://na-aba.marketo.com/css/mktLPSupport.css (403)
+Non-2xx HTTP code: http://resources.bazaarvoice.com/images/forms/backRequiredGray.gif (200) => https://na-aba.marketo.com/images/forms/backRequiredGray.gif (403)
+Non-2xx HTTP code: http://resources.bazaarvoice.com/rs/bazaarvoice/images/logo_bv_sub.png (200) => https://na-aba.marketo.com/rs/bazaarvoice/images/logo_bv_sub.png (403)
+
 	For problematic rules, see Bazaarvoice-problematic.xml.
 
 
+	Nonfunctional hosts in *bazaarvoice.com:
+
+		- ^ ʳ
+		- investors ᵈ
+		- resources ᴹ
+		- status ᵈ
+		- www ³
+
+	³ 503
+	ᴹ Marketo
+	ᵈ Dropped
+	ʳ Refused
+
+
 	Problematic domains:
 
-		- bazaarvoice.com subdomains:
+		- in *bazaarvoice.com:
+
+			- media2 ᴬ ᵐ
+			- spark	ᵐ	(CN: slotmatching6.salesforce.com)
+
+		- resources.bazaarvoicecampaigns.com ˢ
+
+	ᴬ Akamai
+	ᵐ Mismatched
+	ˢ Self-signed
+
 
-			- ^			(expired, self-signed)
-			- bvlabs-hvr-web-staging.aws
-			- resources		($ redirects to app-a.marketo.com; mismatched, CN: *.marketo.com)
-			- spark			(mismatched, CN: slotmatching6.salesforce.com)
-			- *.ugc			(works, akamai)
-	
-		- resources.bazaarvoicecampaigns.com	(works, self-signed)
+	Partially covered hosts in *bazaarvoice.com:
 
+		- resources ᴹ
 
-	Partially covered domains:
+	ᴹ Marketo
 
-		- dashboard.bazaarvoice.com	(some pages redirect to http)
+
+	Insecure cookies are set for these hosts:
+
+		- login.bazaarvoice.com
 
 -->
-<ruleset name="Bazaarvoice">
+<ruleset name="Bazaarvoice.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="login.bazaarvoice.com" />
+	<target host="*.ugc.bazaarvoice.com" />
+
+		<test url="http://topshop.ugc.bazaarvoice.com/static/6025-en_us/bazaarvoice.css" />
+
+	<!--	Complications:
+				-->
+	<!--target host="media2.bazaarvoice.com" /-->
+	<target host="resources.bazaarvoice.com" />
+	<target host="spark.bazaarvoice.com" />
 
-	<target host="bazaarvoice.com" />
-	<target host="*.bazaarvoice.com" />
-		<exclusion pattern="^http://dashboard\.bazaarvoice\.com/(?!css/|images/)" />
+		<exclusion pattern="^http://resources\.bazaarvoice\.com/+(?!css/|images/|rs/)" />
 
+			<!--	+ve:
+					-->
+			<test url="http://resources.bazaarvoice.com/RequestADemo1.html" />
+			<test url="http://resources.bazaarvoice.com/RequestADemo1.html?utm_campaign=&amp;utm_content=&amp;utm_source=&amp;utm_medium=&amp;utm_term=&amp;utm_nooverride=&amp;gclid=" />
+			<test url="http://resources.bazaarvoice.com/fy14-retail.html" />
+			<test url="http://resources.bazaarvoice.com/fy14-retail.html?utm_campaign=&amp;utm_content=&amp;utm_source=&amp;utm_medium=&amp;utm_term=&amp;utm_nooverride=&amp;gclid=" />
 
-	<securecookie host="^(?!dashboard\.).*\.bazaarvoice\.com$" name=".+" />
+			<!--	-ve:
+					-->
+			<test url="http://resources.bazaarvoice.com/css/mktLPSupport.css" />
+			<test url="http://resources.bazaarvoice.com/images/forms/backRequiredGray.gif" />
+			<test url="http://resources.bazaarvoice.com/rs/bazaarvoice/images/logo_bv_sub.png" />
 
+		<test url="http://walmart.ugc.bazaarvoice.com/1336/164648/photoThumb.jpg" />
+		<test url="http://walmart.ugc.bazaarvoice.com/1336/165983/photoThumb.jpg" />
+		<test url="http://walmart.ugc.bazaarvoice.com/1336/165984/photoThumb.jpg" />
 
-	<rule from="^https?://(?:www\.)?bazaarvoice\.com/"
-		to="https://www.bazaarvoice.com/" />
 
-	<rule from="^http://(dashboard|login)\.bazaarvoice\.com/"
-		to="https://$1.bazaarvoice.com/" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^login\.bazaarvoice\.com$" name="^BIGipServer" /-->
+	<!--securecookie host="^(?!dashboard\.)." name="." /-->
 
-	<rule from="^https?://resources\.bazaarvoice\.com/images/"
-		to="https://na-a.bazaarvoice.com/images/" />
+	<securecookie host="^\." name="^_gat?$" />
+	<securecookie host="^login\." name=".+" />
 
-	<rule from="^https?://spark\.bazaarvoice\.com/"
+
+	<!--rule from="^http://media2\.bazaarvoice\.com/"
+		to="https://???-a.akamaihd.net/" /-->
+
+		<!--test url="http://media2.bazaarvoice.com/images/lexus-featured.jpg" /-->
+
+	<rule from="^http://spark\.bazaarvoice\.com/"
 		to="https://bazaarvoice.secure.force.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http://resources\.bazaarvoice\.com/"
+		to="https://na-aba.marketo.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bazar.sk.xml b/src/chrome/content/rules/Bazar.sk.xml
new file mode 100644
index 000000000000..1ff89e841921
--- /dev/null
+++ b/src/chrome/content/rules/Bazar.sk.xml
@@ -0,0 +1,32 @@
+<!--
+	e-commerce site Bazar.sk
+-->
+<ruleset name="Bazar.sk">
+	<target host="bazar.sk" />
+	<target host="*.bazar.sk" />
+
+	<test url="http://auto.bazar.sk/" />
+	<test url="http://deti.bazar.sk/" />
+	<test url="http://dom.bazar.sk/" />
+	<test url="http://elektro.bazar.sk/" />
+	<test url="http://hudba.bazar.sk/" />
+	<test url="http://knihy.bazar.sk/" />
+	<test url="http://m.bazar.sk/" />
+	<test url="http://mobily.bazar.sk/" />
+	<test url="http://motorky.bazar.sk/" />
+	<test url="http://nabytok.bazar.sk/" />
+	<test url="http://oblecenie.bazar.sk/" />
+	<test url="http://ostatne.bazar.sk/" />
+	<test url="http://pocitace.bazar.sk/" />
+	<test url="http://praca.bazar.sk/" />
+	<test url="http://reality.bazar.sk/" />
+	<test url="http://sluzby.bazar.sk/" />
+	<test url="http://sport.bazar.sk/" />
+	<test url="http://starozitnosti.bazar.sk/" />
+	<test url="http://stroje.bazar.sk/" />
+	<test url="http://www.bazar.sk/" />
+	<test url="http://zdravie.bazar.sk/" />
+	<test url="http://zvierata.bazar.sk/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Baztab.net.xml b/src/chrome/content/rules/Baztab.net.xml
index f33594908ba5..57b7435d312c 100644
--- a/src/chrome/content/rules/Baztab.net.xml
+++ b/src/chrome/content/rules/Baztab.net.xml
@@ -1,13 +1,21 @@
-<ruleset name="baztab.net">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://baztab.net/ => https://baztab.net/: (28, 'Connection timed out after 20005 milliseconds')
+Fetch error: http://www.baztab.net/ => https://www.baztab.net/: (28, 'Connection timed out after 20001 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://baztab.net/ => https://baztab.net/: (6, 'Could not resolve host: baztab.net')
+-->
+<ruleset name="baztab.net" default_off="failed ruleset test">
 
 	<target host="baztab.net" />
-	<target host="*.baztab.net" />
+	<target host="www.baztab.net" />
 
 
 	<securecookie host="^\.baztab\.net$" name=".+" />
 
 
-	<rule from="^http://(www\.)?baztab\.net/"
-		to="https://$1baztab.net/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/BazzApp.xml b/src/chrome/content/rules/BazzApp.xml
deleted file mode 100644
index 561233f125aa..000000000000
--- a/src/chrome/content/rules/BazzApp.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	www CN: homolog
-
--->
-<ruleset name="BazzApp">
-
-	<target host="bazzapp.com" />
-	<target host="www.bazzapp.com" />
-
-
-	<securecookie host="^bazzapp\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?bazapp\.com/"
-		to="https://bazapp.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/BbPress.org.xml b/src/chrome/content/rules/BbPress.org.xml
new file mode 100644
index 000000000000..59694f3cc276
--- /dev/null
+++ b/src/chrome/content/rules/BbPress.org.xml
@@ -0,0 +1,17 @@
+<!--
+	Fully covered subdomains:
+
+		- (www.)?
+		- codex
+
+-->
+<ruleset name="bbPress.org">
+
+	<target host="bbpress.org" />
+	<target host="codex.bbpress.org" />
+	<target host="www.bbpress.org" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bbcshop.com.xml b/src/chrome/content/rules/Bbcshop.com.xml
new file mode 100644
index 000000000000..fddc7873c8c6
--- /dev/null
+++ b/src/chrome/content/rules/Bbcshop.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Bbcshop.com" platform="mixedcontent">
+<target host="www.bbcshop.com"/>
+<!-- http://media.venda.com/bbcshop/ can't be secured, TLS times out -->
+
+<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Bbelements.com.xml b/src/chrome/content/rules/Bbelements.com.xml
index 114e5b171322..e4f617c6d363 100644
--- a/src/chrome/content/rules/Bbelements.com.xml
+++ b/src/chrome/content/rules/Bbelements.com.xml
@@ -1,18 +1,61 @@
+
 <!--
-	Problematic subdomains:
+Disabled by https-everywhere-checker because:
+Fetch error: http://go.pol.bbelements.com/ => https://go.pol.bbelements.com/: (6, 'Could not resolve host: go.pol.bbelements.com')
+
+	(www.)?bbelements.com: Refused
+
+
+	Problematic hosts in *bbelements.com:
+
+		- go.arbopl ¹
+		- go.cz		(mismatched, CN: go.eu.bbelements.com)
+		- go.evolutionmedia ²
+		- go.pl ²
+
+	¹ Mismatched, CN: go.goldbachpoland.bbelements.com
+	² Mismatched, CN: go.eu.bbelements.com
+	³ Untrusted root
 
-		- go.gz		(mismatched, CN: go.eu.bbelements.com)
+
+	Insecure cookies are set for these domains:
+
+		- .go.eu.bbelements.com
+		- .go.goldbachpoland.bbelements.com
+		- .go.pol.bbelements.com
+		- . . .
 
 -->
-<ruleset name="bbelements.com">
+<ruleset name="bbelements.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="go.eu.bbelements.com" />
+	<target host="go.goldbachpoland.bbelements.com" />
+	<target host="go.idmnet.bbelements.com" />
+	<target host="go.pol.bbelements.com" />
 
-	<target host="*.bbelements.com" />
+	<!--	Complications:
+				-->
+	<target host="go.arbopl.bbelements.com" />
+	<target host="go.cz.bbelements.com" />
+	<target host="go.pl.bbelements.com" />
 
 
-	<securecookie host="^\.go\.eu\.bbelements\.com$" name=".+" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.go\.\w+\.bbelements\.com$" name="^(?:bm2|bm2uu|bmsaw1)$" /-->
 
+	<securecookie host="^\.go\." name=".+" />
 
-	<rule from="^http://go\.(?:cz|eu)\.bbelements\.com/"
+
+	<rule from="^http://go\.arbopl\.bbelements\.com/"
+		to="https://go.goldbachpoland.bbelements.com/" />
+
+	<rule from="^http://go\.(?:cz|pl)\.bbelements\.com/"
 		to="https://go.eu.bbelements.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bbsey.es.xml b/src/chrome/content/rules/Bbsey.es.xml
new file mode 100644
index 000000000000..6e8161c7cb45
--- /dev/null
+++ b/src/chrome/content/rules/Bbsey.es.xml
@@ -0,0 +1,32 @@
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://bbseyes.com/ => http://bbseyes.com/: (28, 'Connection timed out after 10000 milliseconds')
+Fetch error: http://www.bbseyes.com/ => http://www.bbseyes.com/: (28, 'Connection timed out after 10000 milliseconds')
+	Problematic domains:
+
+		- (www.)bbseyes.com	(dropped)
+
+
+	Some pages redirect to http.
+
+-->
+<ruleset name="bbsey.es (partial)">
+
+	<target host="bbsey.es" />
+	<target host="www.bbsey.es" />
+	<target host="bbseyes.com" />
+	<target host="www.bbseyes.com" />
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="^http://(www\.)?bbseye(\.es|es\.com)/+($|\?)" /-->
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="^http://(www\.)?bbseye(\.es|es\.com)/+(?!favicon\.ico|wp-content/|wp-includes/)" /-->
+
+
+	<rule from="^http://(www\.)?bbsey(?:\.es|es\.com)/(?=favicon\.ico|wp-content/|wp-includes/)"
+		to="https://$1bbseye.es/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bbva.es.xml b/src/chrome/content/rules/Bbva.es.xml
new file mode 100644
index 000000000000..b9628cac0d00
--- /dev/null
+++ b/src/chrome/content/rules/Bbva.es.xml
@@ -0,0 +1,42 @@
+<!--
+	Website of the Spanish bank BBVA (bbva.es).
+	See <https://en.wikipedia.org/wiki/Banco_Bilbao_Vizcaya_Argentaria>.
+
+	There are many domain names related to bbva.es which have not been studied yet.
+	Some of them are:
+		* bancaresponsable.com
+		* bancomer.com
+		* bbvacib.com
+		* bbva.com
+		* bbvaopenmind.com
+		* bbvaresearch.com
+		* bbvasocialmedia.com
+		* centrodeinnovacionbbva.com
+		* coleccionbbva.com
+		* fbbva.es
+		* fundacionbbvaprovincial.com
+		* fundacionmicrofinanzasbbva.org
+		* ligabbva.com
+		* rutaquetzalbbva.com
+
+	Subdomains of bbva.es that do not support HTTPS or use an invalid certificate:
+		* blog.bbva.es
+		* info.bbva.es
+		* tpvvirtual.bbva.es (redirects to w3.grupobbva.com)
+
+-->
+<ruleset name="BBVA.es">
+
+	<target host="bbva.es" />
+	<target host="www.bbva.es" />
+
+	<target host="descinet.bbva.es" />
+	<target host="m.bbva.es" />
+	<target host="movil.bbva.es" />
+	<target host="office.bbva.es" />
+	<target host="recuperaciones.bbva.es" />
+	<target host="w3.grupobbva.com" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Bcash.com.br.xml b/src/chrome/content/rules/Bcash.com.br.xml
new file mode 100644
index 000000000000..477d2b81d25c
--- /dev/null
+++ b/src/chrome/content/rules/Bcash.com.br.xml
@@ -0,0 +1,22 @@
+<!--
+	^bcash.com.br: Cloudfront
+
+-->
+<ruleset name="Bcash.com.br (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.bcash.com.br" />
+
+	<!--	Complications:
+				-->
+	<!--target host="bcash.com.br" /-->
+
+		<test url="http://www.bcash.com.br/login/acessar/" />
+		<test url="http://www.bcash.com.br/pagamento/reemitir-boleto/" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bccx.com.xml b/src/chrome/content/rules/Bccx.com.xml
deleted file mode 100644
index c4c8c89fbcf2..000000000000
--- a/src/chrome/content/rules/Bccx.com.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!-- This rule was automatically generated based on an HSTS
-     preload rule in the Chromium browser.  See
-     https://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.h
-     for the list of preloads.  Sites are added to the Chromium HSTS
-     preload list on request from their administrators, so HTTPS should
-     work properly everywhere on this site.
-
-     Because Chromium and derived browsers automatically force HTTPS for
-     every access to this site, this rule applies only to Firefox. -->
-<ruleset name="Bccx.com" platform="firefox">
-<target host="bccx.com" />
-
-<securecookie host="^bccx\.com$" name=".+" />
-
-<rule from="^http://bccx\.com/" to="https://bccx.com/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Bcobandits.com.xml b/src/chrome/content/rules/Bcobandits.com.xml
deleted file mode 100644
index 892f51d55611..000000000000
--- a/src/chrome/content/rules/Bcobandits.com.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="bcobandits.com">
-
-	<target host="bcobandits.com" />
-	<target host="*.bcobandits.com" />
-
-
-	<securecookie host="^\.bcobandits\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?bcobandits\.com/"
-		to="https://$1bcobandits.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Bcove.me.xml b/src/chrome/content/rules/Bcove.me.xml
new file mode 100644
index 000000000000..33262cb79a1b
--- /dev/null
+++ b/src/chrome/content/rules/Bcove.me.xml
@@ -0,0 +1,12 @@
+<!--
+	For other Brightcove coverage, see Bcove.me.xml.
+
+-->
+<ruleset name="Bcove.me">
+
+	<target host="bcove.me" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bcrook.com.xml b/src/chrome/content/rules/Bcrook.com.xml
deleted file mode 100644
index 3df1a53f6ac4..000000000000
--- a/src/chrome/content/rules/Bcrook.com.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!-- This rule was automatically generated based on an HSTS
-     preload rule in the Chromium browser.  See
-     https://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.h
-     for the list of preloads.  Sites are added to the Chromium HSTS
-     preload list on request from their administrators, so HTTPS should
-     work properly everywhere on this site.
-
-     Because Chromium and derived browsers automatically force HTTPS for
-     every access to this site, this rule applies only to Firefox. -->
-<ruleset name="Bcrook.com" platform="firefox">
-<target host="bcrook.com" />
-
-<securecookie host="^bcrook\.com$" name=".+" />
-
-<rule from="^http://bcrook\.com/" to="https://bcrook.com/" />
-</ruleset>
diff --git a/src/chrome/content/rules/BdAdam.com.xml b/src/chrome/content/rules/BdAdam.com.xml
new file mode 100644
index 000000000000..d8d95800cc63
--- /dev/null
+++ b/src/chrome/content/rules/BdAdam.com.xml
@@ -0,0 +1,11 @@
+<!--
+	Wildcard DNS:
+		- bdadam.com
+-->
+
+<ruleset name="BdAdam.com">
+	<target host="bdadam.com" />
+	<target host="www.bdadam.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Bdimg.com.xml b/src/chrome/content/rules/Bdimg.com.xml
new file mode 100644
index 000000000000..85f45b300c59
--- /dev/null
+++ b/src/chrome/content/rules/Bdimg.com.xml
@@ -0,0 +1,53 @@
+<!--
+	For other Baidu coverage, see Baidu.xml.
+
+	Mismatched:
+		*.hiphotos.bdimg.com
+		cdn.iknow.bdimg.com	( https://cdn.iknow.bdimg.com/static/common/widget/lib/swfupload/swfupload_b24a26d.js )
+		static.muzhi.bdimg.com
+		newpc2.nuomi.bdimg.com
+		s0.nuomi.bdimg.com
+
+	SSL_ERROR_NO_CYPHER_OVERLAP:
+		- iknow0[1-5].bosstatic.bdimg.com	( http://iknow01.bosstatic.bdimg.com/tuiguangwei/jingyan270170.jpeg )
+-->
+<ruleset name="Bdimg.com (partial)">
+	<target host="apps.bdimg.com" />
+	<target host="apps1.bdimg.com" />
+	<target host="apps2.bdimg.com" />
+	<target host="apps3.bdimg.com" />
+	<target host="baike.bdimg.com" />
+	<target host="bkssl.bdimg.com" />
+	<target host="himg.bdimg.com" />
+		<test url="http://himg.bdimg.com/sys/portrait/item/e999e992b1c2b7e58588e7949f7b16.jpg" />
+	<target host="hiphotos.bdimg.com" />
+		<test url="http://hiphotos.bdimg.com/album/pic/item/b3fb43166d224f4a42c293870bf790529922d1cf.jpg" />
+	<target host="iknow.bdimg.com" />
+	<target host="jump2.bdimg.com" />
+	<target host="sjws.bdimg.com" />
+	<target host="su.bdimg.com" />
+	<target host="wkstatic.bdimg.com" />
+
+	<target host="*.hiphotos.bdimg.com" />
+	<rule from="^http://\S+\.hiphotos\.bdimg\.com/"
+		to="https://hiphotos.bdimg.com/" />
+		<test url="http://a.hiphotos.bdimg.com/album/pic/item/b3fb43166d224f4a42c293870bf790529922d1cf.jpg" />
+		<test url="http://123.abc.hiphotos.bdimg.com/album/pic/item/b3fb43166d224f4a42c293870bf790529922d1cf.jpg" />
+		<test url="http://23456789.abcdefg.hiphotos.bdimg.com/album/pic/item/b3fb43166d224f4a42c293870bf790529922d1cf.jpg" />
+
+	<target host="cdn.iknow.bdimg.com" />
+	<rule from="^http://cdn\.iknow\.bdimg\.com/"
+		to="https://iknow.bdimg.com/" />
+		<test url="http://cdn.iknow.bdimg.com/static/common/widget/lib/swfupload/swfupload_b24a26d.js" />
+
+	<!-- 404
+ 		 jump and jump2 equal to tieba.baidu.com
+ 		 Redirect them while tieba.baidu.com been fixed in Baidu.xml
+		 -->
+	<target host="jump.bdimg.com" />
+	<rule from="^http://jump\.bdimg\.com/"
+		to="https://jump2.bdimg.com/" />
+		<test url="http://jump.bdimg.com/p/3584519008" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Bdone.hu.xml b/src/chrome/content/rules/Bdone.hu.xml
deleted file mode 100644
index 0ac7f9741fd9..000000000000
--- a/src/chrome/content/rules/Bdone.hu.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="Bdone.hu">
-  <target host="bdone.hu" />
-  <target host="www.bdone.hu" />
-
-  <rule from="^http://(www\.)?bdone\.hu/" to="https://www.bdone.hu/" />
-</ruleset>
diff --git a/src/chrome/content/rules/BeNaughty.com.xml b/src/chrome/content/rules/BeNaughty.com.xml
index 90d32f660ff8..340e5a6bc049 100644
--- a/src/chrome/content/rules/BeNaughty.com.xml
+++ b/src/chrome/content/rules/BeNaughty.com.xml
@@ -17,17 +17,18 @@
 <ruleset name="BeNaughty.com (partial)">
 
 	<target host="benaughty.com"/>
-	<target host="*.benaughty.com"/>
+	<target host="www.benaughty.com" />
+	<target host="cdn.benaughty.com" />
+	<target host="ed.benaughty.com" />
 		<exclusion pattern="^http://ed\.benaughty\.com/(?!ext\.php)" />
 
 
-	<securecookie host="^(.*\.)?benaughty\.com$" name=".*"/>
+	<securecookie host=".+" name=".+"/>
 
 
 	<rule from="^http://(?:www\.)?benaughty\.com/"
 		to="https://www.benaughty.com/"/>
 
-	<rule from="^http://(cdn|ed)\.benaughty\.com/"
-		to="https://$1.benaughty.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Be_Diff.com.br.xml b/src/chrome/content/rules/Be_Diff.com.br.xml
new file mode 100644
index 000000000000..a5e7ad6ea25e
--- /dev/null
+++ b/src/chrome/content/rules/Be_Diff.com.br.xml
@@ -0,0 +1,18 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://bediff.com.br/ => https://bediff.com.br/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+
+-->
+<ruleset name="Be Diff.com.br" default_off="failed ruleset test">
+
+	<target host="bediff.com.br" />
+	<target host="www.bediff.com.br" />
+
+
+	<securecookie host="^(?:w*\.)?bediff\.com\.br$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Be_Mobile.ua.xml b/src/chrome/content/rules/Be_Mobile.ua.xml
new file mode 100644
index 000000000000..a5fd47f3c218
--- /dev/null
+++ b/src/chrome/content/rules/Be_Mobile.ua.xml
@@ -0,0 +1,38 @@
+<!--
+	NB: Server sends no certificate chain, see https://whatsmychaincert.com
+
+
+	Insecure cookies are set for these hosts:
+
+		- bemobile.ua
+
+
+	Mixed content:
+
+		- Bugs, on:
+
+			- ^ from juke.mmi.bemobile.ua ¹
+			- ^ from c.hit.ua ²
+
+	¹ Secured by us
+	² Unsecurable <= refused
+
+-->
+<ruleset name="Be Mobile.ua" default_off="cert-chain">
+
+	<target host="bemobile.ua" />
+	<target host="juke.mmi.bemobile.ua" />
+	<target host="www.bemobile.ua" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^bemobile\.ua$" name="^(?:[\da-f]{32}|jfcookie|jfcookie\[lang\]|lang)$" /-->
+
+	<securecookie host="^bemobile\.ua$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Be_quiet.com.xml b/src/chrome/content/rules/Be_quiet.com.xml
index 93ed5dde8dea..971fa1954bab 100644
--- a/src/chrome/content/rules/Be_quiet.com.xml
+++ b/src/chrome/content/rules/Be_quiet.com.xml
@@ -23,7 +23,6 @@
 	<securecookie host="^www\.bequiet\.com$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?bequiet\.com/"
-		to="https://www.bequiet.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Beacon_Initiative.xml b/src/chrome/content/rules/Beacon_Initiative.xml
index 9c1dd64fb42a..6e1ebe80b5ac 100644
--- a/src/chrome/content/rules/Beacon_Initiative.xml
+++ b/src/chrome/content/rules/Beacon_Initiative.xml
@@ -1,13 +1,25 @@
-<ruleset name="Beacon Initiative">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://beaconinitiative.com/ => https://beaconinitiative.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://www.beaconinitiative.com/ => https://www.beaconinitiative.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+
+-->
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://beaconinitiative.com/ => https://beaconinitiative.com/: (28, 'Operation timed out after 15001 milliseconds with 0 bytes received')
+
+-->
+<ruleset name="Beacon Initiative" default_off="failed ruleset test">
 
 	<target host="beaconinitiative.com" />
-	<target host="*.beaconinitiative.com" />
+	<target host="www.beaconinitiative.com" />
 
 
 	<securecookie host="^\.beaconinitiative\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?beaconinitiative\.com/"
-		to="https://$1beaconinitiative.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/BeagleBoard.org.xml b/src/chrome/content/rules/BeagleBoard.org.xml
new file mode 100644
index 000000000000..295329fbcbb2
--- /dev/null
+++ b/src/chrome/content/rules/BeagleBoard.org.xml
@@ -0,0 +1,15 @@
+<!--
+	No working URL known:
+		builds.beagleboard.org
+		debexpo.beagleboard.org
+
+-->
+<ruleset name="BeagleBoard.org">
+
+	<target host="beagleboard.org" />
+	<target host="www.beagleboard.org" />
+	<target host="debian.beagleboard.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Beagle_Street.xml b/src/chrome/content/rules/Beagle_Street.xml
index f69a754d0d0d..aafe17d7706c 100644
--- a/src/chrome/content/rules/Beagle_Street.xml
+++ b/src/chrome/content/rules/Beagle_Street.xml
@@ -13,7 +13,6 @@
 	<securecookie host="^quotes\.beaglestreet\.com$" name=".+" />
 
 
-	<rule from="^http://quotes\.beaglestreet\.com/"
-		to="https://quotes.beaglestreet.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Beaker-Project.org.xml b/src/chrome/content/rules/Beaker-Project.org.xml
new file mode 100644
index 000000000000..c478a8297b08
--- /dev/null
+++ b/src/chrome/content/rules/Beaker-Project.org.xml
@@ -0,0 +1,27 @@
+<!--
+	For other Red Hat coverage, see Red_Hat.xml.
+
+
+	Fully covered hosts in *beaker-project.org:
+
+		- (www.)?
+		- gerrit
+		- git
+		- stage
+
+-->
+<ruleset name="Beaker-Project.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="beaker-project.org" />
+	<target host="gerrit.beaker-project.org" />
+	<target host="git.beaker-project.org" />
+	<target host="stage.beaker-project.org" />
+	<target host="www.beaker-project.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BeamYourScreen.xml b/src/chrome/content/rules/BeamYourScreen.xml
index 5e3c8233b5f1..549bb206faa5 100644
--- a/src/chrome/content/rules/BeamYourScreen.xml
+++ b/src/chrome/content/rules/BeamYourScreen.xml
@@ -1,10 +1,20 @@
-<ruleset name="BeamYourScreen">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://beamyourscreen.de/ => https://beamyourscreen.de/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://admin.beamyourscreen.de/ => https://admin.beamyourscreen.de/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.beamyourscreen.de/ => https://www.beamyourscreen.de/: (60, 'SSL certificate problem: certificate has expired')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://beamyourscreen.de/ => https://beamyourscreen.de/: (60, 'SSL certificate problem: certificate has expired')
+-->
+<ruleset name="BeamYourScreen" default_off="failed ruleset test">
 
 	<target host="beamyourscreen.de" />
-	<target host="*.beamyourscreen.de" />
+	<target host="admin.beamyourscreen.de" />
+	<target host="www.beamyourscreen.de" />
 
 
-	<rule from="^http://(admin\.|www\.)?beamyourscreen\.de/"
-		to="https://$1beamyourscreen.de/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Beanbag_Inc.com.xml b/src/chrome/content/rules/Beanbag_Inc.com.xml
new file mode 100644
index 000000000000..51782f832d32
--- /dev/null
+++ b/src/chrome/content/rules/Beanbag_Inc.com.xml
@@ -0,0 +1,16 @@
+<!--
+	Other Beanbag, Inc rulesets:
+
+		- RBCommons.com.xml
+		- Review_Board.org.xml
+
+-->
+<ruleset name="Beanbag Inc.com">
+
+	<target host="beanbaginc.com" />
+	<target host="www.beanbaginc.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Beanstalk_Data.xml b/src/chrome/content/rules/Beanstalk_Data.xml
index 95190373a60d..0a9ae01d1429 100644
--- a/src/chrome/content/rules/Beanstalk_Data.xml
+++ b/src/chrome/content/rules/Beanstalk_Data.xml
@@ -1,7 +1,7 @@
 <!--
 	Nonfunctional subdomains:
 
-		- (www.)	(shows default IIS7 page)
+		- (www.)	(refused)
 		- new		(times out)
 
 -->
@@ -13,7 +13,6 @@
 	<securecookie host="^app\.beanstalkdata\.com$" name=".+" />
 
 
-	<rule from="^http://app\.beanstalkdata\.com/"
-		to="https://app.beanstalkdata.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Beanstock_Media.xml b/src/chrome/content/rules/Beanstock_Media.xml
deleted file mode 100644
index 51f3109edbbe..000000000000
--- a/src/chrome/content/rules/Beanstock_Media.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	Nonfunctional domains:
-
-		- (www.)beanstockmedia.com	(http reply)
-
-
-	Problematic domains:
-
-		- tag.beanstock.co	(mismatched, CN: *.adnxs.com)
-		- ui.beanstock.co	(works; mismatched, CN: console.appnexus.com)
-
--->
-<ruleset name="Beanstock Media (partial)">
-
-	<target host="tag.beanstock.co" />
-
-
-	<rule from="^http://tag\.beanstock\.co/"
-		to="https://ib.adnxs.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Bear.im.xml b/src/chrome/content/rules/Bear.im.xml
new file mode 100644
index 000000000000..b2774407b8ed
--- /dev/null
+++ b/src/chrome/content/rules/Bear.im.xml
@@ -0,0 +1,18 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.bear.im/ => https://www.bear.im/: (51, "SSL: no alternative certificate subject name matches target host name 'www.bear.im'")
+
+-->
+<ruleset name="bear.im" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="bear.im" />
+	<target host="www.bear.im" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Beardoholic.com.xml b/src/chrome/content/rules/Beardoholic.com.xml
new file mode 100644
index 000000000000..7b2b13d1e40a
--- /dev/null
+++ b/src/chrome/content/rules/Beardoholic.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="Beardoholic.com">
+	<target host="beardoholic.com" />
+	<target host="www.beardoholic.com" />
+	<target host="shop.beardoholic.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/BeastNode-problematic.xml b/src/chrome/content/rules/BeastNode-problematic.xml
index 62f970206169..c6eae1996ac1 100644
--- a/src/chrome/content/rules/BeastNode-problematic.xml
+++ b/src/chrome/content/rules/BeastNode-problematic.xml
@@ -7,7 +7,6 @@
 	<target host="cp.beastnode.com" />
 
 
-	<rule from="^http://cp\.beastnode\.com/"
-		to="https://cp.beastnode.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/BeastNode.xml b/src/chrome/content/rules/BeastNode.xml
index 07292c864739..09b836de5565 100644
--- a/src/chrome/content/rules/BeastNode.xml
+++ b/src/chrome/content/rules/BeastNode.xml
@@ -5,13 +5,12 @@
 <ruleset name="BeastNode (partial)">
 
 	<target host="beastnode.com" />
-	<target host="*.beastnode.com" />
+	<target host="www.beastnode.com" />
 
 
 	<securecookie host="^.*\.beastnode\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?beastnode\.com/"
-		to="https://$1beastnode.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Beatport.com.xml b/src/chrome/content/rules/Beatport.com.xml
new file mode 100644
index 000000000000..261682620471
--- /dev/null
+++ b/src/chrome/content/rules/Beatport.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Non-functional hosts:
+		Redirect to HTTP:
+		- classic.beatport.com
+		- sounds.beatport.com
+-->
+<ruleset name="Beatport.com">
+
+	<target host="beatport.com" />
+	<target host="www.beatport.com" />
+	<target host="accounts.beatport.com" />
+	<target host="baseware.beatport.com" />
+	<target host="dj.beatport.com" />
+	<target host="embed.beatport.com" />
+	<target host="geo-media.beatport.com" />
+	<test url="http://geo-media.beatport.com/image/2d4b4b06-d0a6-4d8d-b7d1-b68ed3bb6708.jpg" />
+	<target host="geo-pro.beatport.com" />
+	<test url="http://geo-pro.beatport.com/static/a48a3070545f4f6a5a266ab4624bdf348adc3401/images/apple-touch-icon-57x57.png" />
+	<target host="mixes.beatport.com" />
+	<target host="news.beatport.com" />
+	<target host="play.beatport.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Beatport.xml b/src/chrome/content/rules/Beatport.xml
deleted file mode 100644
index 24fd2e358ef8..000000000000
--- a/src/chrome/content/rules/Beatport.xml
+++ /dev/null
@@ -1,52 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- dj	(redirects to http)
-
-
-	Problematic subdomains:
-
-		- embed		(redirects to http)
-
-
-	Partially covered subdomains:
-
-		- embed		(→ www)
-
-
-	Fully covered domains:
-
-		- beatport.com subdomains:
-
-			- (www.)
-			- accounts
-			- baseware
-			- geo-media
-			- mixes
-			- news
-			- play
-			- sounds
-
-		- static.bpddn.com
-
--->
-<ruleset name="Beatport (buggy)" default_off="JS redirection loop">
-
-	<target host="beatport.com" />
-	<target host="*.beatport.com" />
-	<target host="static.bpddn.com" />
-
-
-	<securecookie host="^(?:baseware)?\.beatport\.com$" name=".+" />
-
-
-	<rule from="^http://((?:accounts|baseware|geo-media|mixes|news|play|sounds|www)\.)?beatport\.com/"
-		to="https://$1beatport.com/" />
-
-	<rule from="^http://embed\.beatport\.com/(?:$|\?)"
-		to="https://www.beatport.com/" />
-
-	<rule from="^http://static\.bpddn\.com/"
-		to="https://static.bpddn.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Beatsmedia.xml b/src/chrome/content/rules/Beatsmedia.xml
index d7e83cdf5132..329c40c1ffd8 100644
--- a/src/chrome/content/rules/Beatsmedia.xml
+++ b/src/chrome/content/rules/Beatsmedia.xml
@@ -1,9 +1,18 @@
-<ruleset name="Beatsmedia">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://beatsmedia.com/ => https://beatsmedia.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.beatsmedia.com/ => https://www.beatsmedia.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://beatsmedia.com/ => https://beatsmedia.com/: (35, 'error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol')
+Fetch error: http://www.beatsmedia.com/ => https://www.beatsmedia.com/: (35, 'error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol')
+-->
+<ruleset name="Beatsmedia" default_off="failed ruleset test">
 
 	<target host="beatsmedia.com"/>
 	<target host="www.beatsmedia.com"/>
 
-	<rule from="^http://(www\.)?beatsmedia\.com/"
-		to="https://$1beatsmedia.com/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Beauteprivee.fr.xml b/src/chrome/content/rules/Beauteprivee.fr.xml
new file mode 100644
index 000000000000..c8052f773d23
--- /dev/null
+++ b/src/chrome/content/rules/Beauteprivee.fr.xml
@@ -0,0 +1,60 @@
+<!--
+	Nonfunctional hosts in *beauteprivee.fr:
+
+		- images ʳ
+
+	ʳ Refused
+
+
+	Problematic hosts in *beauteprivee.fr:
+
+		- ^ ʳ
+		- statics1 ʳ
+		- statics2 ʳ
+
+	ʳ Refused
+
+
+	Insecure cookies are set for these domains:
+
+		- .beauteprivee.fr
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- www from images.beauteprivee.fr ʳ
+			- www from www.beauteprivee.fr ˢ
+
+	ʳ Unsecurable <= refused
+	ˢ Secured by us
+
+-->
+<ruleset name="Beauteprivee.fr">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.beauteprivee.fr" />
+
+	<!--	Complications:
+				-->
+	<target host="beauteprivee.fr" />
+	<target host="statics1.beauteprivee.fr" />
+	<target host="statics2.beauteprivee.fr" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.beauteprivee\.fr$" name="^bpSession$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://(?:statics\d\.)?beauteprivee\.fr/"
+		to="https://www.beauteprivee.fr/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BeautifulDecay.com.xml b/src/chrome/content/rules/BeautifulDecay.com.xml
new file mode 100644
index 000000000000..b15551033e1e
--- /dev/null
+++ b/src/chrome/content/rules/BeautifulDecay.com.xml
@@ -0,0 +1,39 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://beautifuldecay.com/ => https://beautifuldecay.com/: (60, 'SSL certificate problem: self signed certificate')
+Fetch error: http://www.beautifuldecay.com/ => https://www.beautifuldecay.com/: (60, 'SSL certificate problem: self signed certificate')
+
+	Nonfunctional subdomains:
+
+		- shop *
+
+	* Redirects to http
+
+
+	Mixed content:
+
+		- css, from:
+
+			- fonts.googleapis.com *
+
+		- Ads/web bugs, from:
+
+			- widgets.outbrain.com *
+			- platform.tumblr.com *
+
+	* Secured by us
+
+-->
+<ruleset name="BeautifulDecay.com (partial)" default_off="failed ruleset test">
+
+	<target host="beautifuldecay.com" />
+	<target host="www.beautifuldecay.com" />
+
+
+	<securecookie host="^\.beautifuldecay\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BeautifulMosque.com.xml b/src/chrome/content/rules/BeautifulMosque.com.xml
new file mode 100644
index 000000000000..89513d0834c9
--- /dev/null
+++ b/src/chrome/content/rules/BeautifulMosque.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="BeautifulMosque.com">
+	<target host="beautifulmosque.com" />
+	<target host="www.beautifulmosque.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/BeautyBar.com.xml b/src/chrome/content/rules/BeautyBar.com.xml
index 9a7ad14bbd7d..bab20213d9b2 100644
--- a/src/chrome/content/rules/BeautyBar.com.xml
+++ b/src/chrome/content/rules/BeautyBar.com.xml
@@ -1,25 +1,48 @@
 <!--
-	Other Quidsi rulesets:
+	For other Amazon coverage, see Amazon.xml.
 
-		- Soap.com.xml
+
+	CDN buckets:
+
+		- beautybar.q-assets.com
+
+
+	^beautybar.com: Refused
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- .beautybar.com
+		- www.beautybar.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="BeautyBar.com (partial)">
+<ruleset name="BeautyBar.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.beautybar.com" />
 
+	<!--	Complications:
+				-->
 	<target host="beautybar.com" />
-		<!--	Redirects to http.
-		<exclusion pattern="^http://www\.beautybar\.com/($|aboutus/|cat=|p/|redeem$)" /-->
-	<target host="*.beautybar.com" />
 
 
-	<!--	c[1-4]: Akamai
-		!www: cert is only valid for www.	-->
-	<rule from="^https?://(?:c\d\.)?beautybar\.com/"
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.beautybar\.com$" name="^(?:cookie-check|session-id|ubid-main)$" /-->
+	<!--securecookie host="^www\.beautybar\.com$" name="^(?:GEO_COUNTRYCODE|GEO_ZIPCODE|VISITOR_ID|cookie-check)$" /-->
+
+	<securecookie host=".+" name="^aps-trtmnt$" />
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://beautybar\.com/"
 		to="https://www.beautybar.com/" />
 
-	<!--	Many paths redirect to http,
-		so work by inclusing for now.	-->
-	<rule from="^http://www\.beautybar\.com/(app/|(?:checkout|login)\.qs|[iI]mages/|giftcertificate/|helpcenter/|myaccount/|SampleSociety/|(?:App_)?Themes/|[\w\-]+\.aspx)"
-		to="https://www.beautybar.com/$1" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Beaverbrooks.co.uk.xml b/src/chrome/content/rules/Beaverbrooks.co.uk.xml
index 0ffad8b56e83..eee5b8af8fcd 100644
--- a/src/chrome/content/rules/Beaverbrooks.co.uk.xml
+++ b/src/chrome/content/rules/Beaverbrooks.co.uk.xml
@@ -39,7 +39,8 @@
 <ruleset name="Beaverbrooks.co.uk (partial)">
 
 	<target host="beaverbrooks.co.uk" />
-	<target host="*.beaverbrooks.co.uk" />
+	<target host="www.beaverbrooks.co.uk" />
+	<target host="content.beaverbrooks.co.uk" />
 		<!--
 			Redirects to http:
 						-->
@@ -58,4 +59,4 @@
 	<rule from="^http://content\.beaverbrooks\.co\.uk/"
 		to="https://content.beaverbrooks.co.uk/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Beck_PC.ch.xml b/src/chrome/content/rules/Beck_PC.ch.xml
new file mode 100644
index 000000000000..75780e1d8fd1
--- /dev/null
+++ b/src/chrome/content/rules/Beck_PC.ch.xml
@@ -0,0 +1,32 @@
+<!--
+	For other PCP coverage, see PCP.com.xml.
+
+
+	Server sends no certificate chain *
+
+	*See https://whatsmychaincert.com
+
+
+	Insecure cookies are set for these domains:
+
+		- .pcp.ch
+
+-->
+<ruleset name="Beck PC.ch" default_off="cert-chain">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="beckpc.ch"/>
+	<target host="www.beckpc.ch"/>
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^.beckpc\.ch$" name="^XTCsid$" /-->
+
+	<securecookie host="^\.beckpc\.ch$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/BedfordshirePolice.xml b/src/chrome/content/rules/BedfordshirePolice.xml
new file mode 100644
index 000000000000..03df4f67e3fc
--- /dev/null
+++ b/src/chrome/content/rules/BedfordshirePolice.xml
@@ -0,0 +1,6 @@
+<ruleset name="Bedfordshire Police">
+	<target host="bedfordshire.police.uk" />
+	<target host="www.bedfordshire.police.uk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Bedis.eu.xml b/src/chrome/content/rules/Bedis.eu.xml
new file mode 100644
index 000000000000..4e78bb5d8e95
--- /dev/null
+++ b/src/chrome/content/rules/Bedis.eu.xml
@@ -0,0 +1,34 @@
+<!--
+	stats, www: mismatched, CN: ecc.bedis9.net
+
+-->
+<ruleset name="Bedis.eu" default_off="expired">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="bedis.eu" />
+	<target host="wiki.bedis.eu" />
+
+	<!--	Complications:
+				-->
+	<target host="stats.bedis.eu" />
+	<target host="www.bedis.eu" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^bedis\.eu$" name="^DocuWiki$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://stats\.bedis\.eu/"
+		to="https://wiki.bedis.eu/" />
+
+	<rule from="^http://www\.bedis\.eu/"
+		to="https://bedis.eu/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BeeFree.io.xml b/src/chrome/content/rules/BeeFree.io.xml
new file mode 100644
index 000000000000..a55f8bfa542d
--- /dev/null
+++ b/src/chrome/content/rules/BeeFree.io.xml
@@ -0,0 +1,16 @@
+<ruleset name="BeeFree.io">
+
+	<target host="beefree.io" />
+	<target host="www.beefree.io" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?beefree\.io$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^(?:www\.)?beefree\.io$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Beefy_Miracle.org.xml b/src/chrome/content/rules/Beefy_Miracle.org.xml
new file mode 100644
index 000000000000..625db054e8a4
--- /dev/null
+++ b/src/chrome/content/rules/Beefy_Miracle.org.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .beefymiracle.org
+
+-->
+<ruleset name="Beefy Miracle.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="beefymiracle.org" />
+	<target host="www.beefymiracle.org" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.beefymiracle\.org$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.beefymiracle\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Beeg.com.xml b/src/chrome/content/rules/Beeg.com.xml
new file mode 100644
index 000000000000..a585125301d4
--- /dev/null
+++ b/src/chrome/content/rules/Beeg.com.xml
@@ -0,0 +1,33 @@
+<!--
+	Invalid certificate:
+		i.cams.beeg.com
+		img.cams.beeg.com
+		promo.cams.beeg.com
+		promo-m.cams.beeg.com
+
+	Refused connection:
+		cams.beeg.com
+
+	Secure connection failed:
+		upload.beeg.com
+-->
+<ruleset name="Beeg.com">
+	<target host="beeg.com"/>
+	<target host="www.beeg.com"/>
+	<target host="2.beeg.com"/>
+		<test url="http://2.beeg.com/robots.txt"/>
+	<target host="img.beeg.com"/>
+		<test url="http://img.beeg.com/cdn-cgi/scripts/cf.common.js"/>
+	<target host="static.beeg.com"/>
+		<test url="http://static.beeg.com/js/ads/ads.js"/>
+	<target host="two.beeg.com"/>
+		<test url="http://two.beeg.com/robots.txt"/>
+	<!-- Test URLs for video.beeg.com can be found by clicking a thumbnail at
+		https://beeg.com/ -->
+	<target host="video.beeg.com"/>
+	<target host="vp.beeg.com"/>
+		<test url="http://vp.beeg.com/264x198/4653889.jpg"/>
+	<target host="webmasters.beeg.com"/>
+
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/Beego.me.xml b/src/chrome/content/rules/Beego.me.xml
new file mode 100644
index 000000000000..f5b3f2a4125e
--- /dev/null
+++ b/src/chrome/content/rules/Beego.me.xml
@@ -0,0 +1,24 @@
+<!--
+	Nonfunctional hosts in *.beego.me:
+
+	Problematic domains:
+
+	Invalid certificate:
+		- zh.beego.me
+
+	Timeout:
+		- www.beego.me
+		- fanyi.beego.me
+-->
+
+<ruleset name="Beego.me">
+	<target host="beego.me" />
+	<target host="www.beego.me" />
+
+	<target host="fanyi.beego.me" />
+	<target host="zh.beego.me" />
+
+	<rule from="^http://(www|fanyi|zh)\.beego\.me/" to="https://beego.me/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Beeimg.com.xml b/src/chrome/content/rules/Beeimg.com.xml
new file mode 100644
index 000000000000..14744273885b
--- /dev/null
+++ b/src/chrome/content/rules/Beeimg.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Beeimg.com">
+	<target host="beeimg.com" />
+	<target host="www.beeimg.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Beeld_en_Geluid.nl.xml b/src/chrome/content/rules/Beeld_en_Geluid.nl.xml
new file mode 100644
index 000000000000..5033ecba3638
--- /dev/null
+++ b/src/chrome/content/rules/Beeld_en_Geluid.nl.xml
@@ -0,0 +1,17 @@
+<!--
+	Nonfunctional subdomains:
+
+		- experience *
+
+	* Refused
+
+-->
+<ruleset name="Beeld en Geluid.nl (partial)">
+
+	<target host="beeldengeluid.nl" />
+	<target host="www.beeldengeluid.nl" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Beeline.ru.xml b/src/chrome/content/rules/Beeline.ru.xml
new file mode 100644
index 000000000000..f8ff7f9fb500
--- /dev/null
+++ b/src/chrome/content/rules/Beeline.ru.xml
@@ -0,0 +1,290 @@
+<!--www.promo. nonexist
+www.kvartplata. mismatch
+www.money. mismatch
+www.my. mismatch-->
+<ruleset name="Beeline.ru">
+	<target host="beeline.ru" />
+	<target host="www.beeline.ru" />
+	<target host="family.beeline.ru" />
+	<target host="about.beeline.ru" />
+	<target host="job.beeline.ru" />
+	<target host="my.beeline.ru" />
+	<target host="maps.beeline.ru" />
+	<target host="static.beeline.ru" />
+	<target host="prosto.beeline.ru" />
+	<target host="tvplay.beeline.ru" />
+	<target host="consultant.beeline.ru" />
+	<target host="support-chat.beeline.ru" />
+	<target host="widgetpay1.beeline.ru" />
+	<target host="moskva.beeline.ru" />
+	<target host="spb.beeline.ru" />
+	<target host="omsk.beeline.ru" />
+	<target host="novosibirsk.beeline.ru" />
+	<target host="krasnoyarsk.beeline.ru" />
+	<target host="yaroslavl.beeline.ru" />
+	<target host="tula.beeline.ru" />
+	<target host="bryansk.beeline.ru" />
+	<target host="ekaterinburg.beeline.ru" />
+	<target host="chelyabinsk.beeline.ru" />
+	<target host="nizhniy-novgorod.beeline.ru" />
+	<target host="krasnodar.beeline.ru" />
+	<target host="rostov-na-donu.beeline.ru" />
+	<target host="vladivostok.beeline.ru" />
+	<target host="zheleznogorsk-kurskaya-obl.beeline.ru" />
+	<target host="kazan.beeline.ru" />
+	<target host="sochi.beeline.ru" />
+	<target host="abakan.beeline.ru" />
+	<target host="aleksin.beeline.ru" />
+	<target host="altayskiy-kr.beeline.ru" />
+	<target host="amurskaya-obl.beeline.ru" />
+	<target host="anadyr.beeline.ru" />
+	<target host="arkhangelsk.beeline.ru" />
+	<target host="arkhangelskaya-obl.beeline.ru" />
+	<target host="astrakhanskaya-obl.beeline.ru" />
+	<target host="astrakhan.beeline.ru" />
+	<target host="balakovo.beeline.ru" />
+	<target host="balashikha.beeline.ru" />
+	<target host="balashikha-22-mr.beeline.ru" />
+	<target host="balashov.beeline.ru" />
+	<target host="barnaul.beeline.ru" />
+	<target host="bataysk.beeline.ru" />
+	<target host="belgorod.beeline.ru" />
+	<target host="belgorodskaya-obl.beeline.ru" />
+	<target host="birobidzhan.beeline.ru" />
+	<target host="blagoveshchensk.beeline.ru" />
+	<target host="bryanskaya-obl.beeline.ru" />
+	<target host="velikiy-novgorod.beeline.ru" />
+	<target host="verkhnee-dubrovo.beeline.ru" />
+	<target host="v-temernitsky.beeline.ru" />
+	<target host="verkhnyaya-pyshma.beeline.ru" />
+	<target host="vidyaevo.beeline.ru" />
+	<target host="vladikavkaz.beeline.ru" />
+	<target host="vladimir.beeline.ru" />
+	<target host="vladimirskaya-obl.beeline.ru" />
+	<target host="volgograd.beeline.ru" />
+	<target host="volgogradskaya-obl.beeline.ru" />
+	<target host="volgorechensk.beeline.ru" />
+	<target host="volzhsky.beeline.ru" />
+	<target host="vologda.beeline.ru" />
+	<target host="vologodskaya-obl.beeline.ru" />
+	<target host="voronezh.beeline.ru" />
+	<target host="voronezhskaya-obl.beeline.ru" />
+	<target host="voskresensk.beeline.ru" />
+	<target host="vsevolozhsk.beeline.ru" />
+	<target host="georgievsk.beeline.ru" />
+	<target host="gorelovo.beeline.ru" />
+	<target host="gorno-altaysk.beeline.ru" />
+	<target host="groznyy.beeline.ru" />
+	<target host="desnogorsk.beeline.ru" />
+	<target host="dzerzhinsk.beeline.ru" />
+	<target host="dimitrovgrad.beeline.ru" />
+	<target host="dmitrov.beeline.ru" />
+	<target host="dolgoprudnyy.beeline.ru" />
+	<target host="domodedovo.beeline.ru" />
+	<target host="evreyskaya-ao.beeline.ru" />
+	<target host="zheleznovodsk.beeline.ru" />
+	<target host="zheleznodorozhnyy.beeline.ru" />
+	<target host="zhigulevsk.beeline.ru" />
+	<target host="zabaykalskiy-kr.beeline.ru" />
+	<target host="zarechye.beeline.ru" />
+	<target host="zelenograd.beeline.ru" />
+	<target host="zelenodolsk.beeline.ru" />
+	<target host="ivanovo.beeline.ru" />
+	<target host="ivanovskaya-obl.beeline.ru" />
+	<target host="ivanteevka.beeline.ru" />
+	<target host="izhevsk.beeline.ru" />
+	<target host="irkutsk.beeline.ru" />
+	<target host="irkutskaya-obl.beeline.ru" />
+	<target host="yoshkar-ola.beeline.ru" />
+	<target host="kabardino-balkariya.beeline.ru" />
+	<target host="kaliningrad.beeline.ru" />
+	<target host="kaliningradskaya-obl.beeline.ru" />
+	<target host="kaluga.beeline.ru" />
+	<target host="kaluzhskaya-obl.beeline.ru" />
+	<target host="kamchatskiy-kr.beeline.ru" />
+	<target host="karavaevo.beeline.ru" />
+	<target host="karachaevo-cherkesiya.beeline.ru" />
+	<target host="kashira.beeline.ru" />
+	<target host="kemerovo.beeline.ru" />
+	<target host="kemerovskaya-obl.beeline.ru" />
+	<target host="kineshma.beeline.ru" />
+	<target host="kirov.beeline.ru" />
+	<target host="kirovskaya-obl.beeline.ru" />
+	<target host="kislovodsk.beeline.ru" />
+	<target host="klin.beeline.ru" />
+	<target host="kola.beeline.ru" />
+	<target host="kolpino.beeline.ru" />
+	<target host="komsomolsk-na-amure.beeline.ru" />
+	<target host="kondratovo.beeline.ru" />
+	<target host="kostroma.beeline.ru" />
+	<target host="kostromskaya-obl.beeline.ru" />
+	<target host="kokhma.beeline.ru" />
+	<target host="krasnogorsk.beeline.ru" />
+	<target host="adygeya.beeline.ru" />
+	<target host="krasnoe-na-volge.beeline.ru" />
+	<target host="krasnoe-selo.beeline.ru" />
+	<target host="krasnoyarskiy-kr.beeline.ru" />
+	<target host="kronshtadt.beeline.ru" />
+	<target host="kurgan.beeline.ru" />
+	<target host="kurganskaya-obl.beeline.ru" />
+	<target host="kursk.beeline.ru" />
+	<target host="kurskaya-obl.beeline.ru" />
+	<target host="kurchatov.beeline.ru" />
+	<target host="kyzyl.beeline.ru" />
+	<target host="leningradskaya-obl.beeline.ru" />
+	<target host="likino-dulevo.beeline.ru" />
+	<target host="lipetsk.beeline.ru" />
+	<target host="lipetskaya-obl.beeline.ru" />
+	<target host="lyubertsy.beeline.ru" />
+	<target host="magadan.beeline.ru" />
+	<target host="magadanskaya-obl.beeline.ru" />
+	<target host="magnitogorsk.beeline.ru" />
+	<target host="malechkino.beeline.ru" />
+	<target host="makhachkala.beeline.ru" />
+	<target host="mendeleevo.beeline.ru" />
+	<target host="metallostroy.beeline.ru" />
+	<target host="mineralnye-vody.beeline.ru" />
+	<target host="mikhaylovsk.beeline.ru" />
+	<target host="moskovskaya-obl.beeline.ru" />
+	<target host="moskovskiy.beeline.ru" />
+	<target host="murmansk.beeline.ru" />
+	<target host="murmanskaya-obl.beeline.ru" />
+	<target host="murmashi.beeline.ru" />
+	<target host="mtsensk.beeline.ru" />
+	<target host="mytishchi.beeline.ru" />
+	<target host="nazran.beeline.ru" />
+	<target host="nalchik.beeline.ru" />
+	<target host="naro-fominsk.beeline.ru" />
+	<target host="nakhabino.beeline.ru" />
+	<target host="nerekhta.beeline.ru" />
+	<target host="nizhegorodskaya-obl.beeline.ru" />
+	<target host="tagil.beeline.ru" />
+	<target host="novaya-usman.beeline.ru" />
+	<target host="novgorodskaya-obl.beeline.ru" />
+	<target host="novodvinsk.beeline.ru" />
+	<target host="novokuznetsk.beeline.ru" />
+	<target host="novomoskovsk.beeline.ru" />
+	<target host="novorossiysk.beeline.ru" />
+	<target host="novosibirskaya-obl.beeline.ru" />
+	<target host="novouralsk.beeline.ru" />
+	<target host="noginsk.beeline.ru" />
+	<target host="norilsk.beeline.ru" />
+	<target host="noyabrsk.beeline.ru" />
+	<target host="odintsovo.beeline.ru" />
+	<target host="oktyabrskiy.beeline.ru" />
+	<target host="omskaya-obl.beeline.ru" />
+	<target host="orel.beeline.ru" />
+	<target host="orenburg.beeline.ru" />
+	<target host="orenburgskaya-obl.beeline.ru" />
+	<target host="orekhovo-zuevo.beeline.ru" />
+	<target host="orlovskaya-obl.beeline.ru" />
+	<target host="pavlovsk.beeline.ru" />
+	<target host="pavlovskiy-posad.beeline.ru" />
+	<target host="penza.beeline.ru" />
+	<target host="penzenskaya-obl.beeline.ru" />
+	<target host="pervomayskiy.beeline.ru" />
+	<target host="pervouralsk.beeline.ru" />
+	<target host="permskiy-kr.beeline.ru" />
+	<target host="perm.beeline.ru" />
+	<target host="petergof.beeline.ru" />
+	<target host="petrozavodsk.beeline.ru" />
+	<target host="petropavlovsk-kamchatskiy.beeline.ru" />
+	<target host="primorskiy-kr.beeline.ru" />
+	<target host="pskov.beeline.ru" />
+	<target host="pskovskaya-obl.beeline.ru" />
+	<target host="pushkin.beeline.ru" />
+	<target host="pushkino.beeline.ru" />
+	<target host="pushchino.beeline.ru" />
+	<target host="pyatigorsk.beeline.ru" />
+	<target host="revda.beeline.ru" />
+	<target host="altay.beeline.ru" />
+	<target host="bashkortostan.beeline.ru" />
+	<target host="buryatiya.beeline.ru" />
+	<target host="dagestan.beeline.ru" />
+	<target host="ingushetiya.beeline.ru" />
+	<target host="kalmykiya.beeline.ru" />
+	<target host="kareliya.beeline.ru" />
+	<target host="komi.beeline.ru" />
+	<target host="mariy-el.beeline.ru" />
+	<target host="mordoviya.beeline.ru" />
+	<target host="yakutiya.beeline.ru" />
+	<target host="severnaya-osetiya.beeline.ru" />
+	<target host="kazan-tatarstan.beeline.ru" />
+	<target host="tyva.beeline.ru" />
+	<target host="khakasiya.beeline.ru" />
+	<target host="rostovskaya-obl.beeline.ru" />
+	<target host="russko-vysotskoe.beeline.ru" />
+	<target host="rybinsk.beeline.ru" />
+	<target host="ryazanskaya-obl.beeline.ru" />
+	<target host="ryazan.beeline.ru" />
+	<target host="salekhard.beeline.ru" />
+	<target host="samara.beeline.ru" />
+	<target host="samarskaya-obl.beeline.ru" />
+	<target host="saransk.beeline.ru" />
+	<target host="saratov.beeline.ru" />
+	<target host="saratovskaya-obl.beeline.ru" />
+	<target host="sarov.beeline.ru" />
+	<target host="safonovo.beeline.ru" />
+	<target host="sakhalinskaya-obl.beeline.ru" />
+	<target host="sverdlovskaya-obl.beeline.ru" />
+	<target host="severodvinsk.beeline.ru" />
+	<target host="severomorsk.beeline.ru" />
+	<target host="semiluki.beeline.ru" />
+	<target host="sergiev-posad.beeline.ru" />
+	<target host="serpukhov.beeline.ru" />
+	<target host="sertolovo.beeline.ru" />
+	<target host="sestroretsk.beeline.ru" />
+	<target host="smolensk.beeline.ru" />
+	<target host="smolenskaya.beeline.ru" />
+	<target host="sredneuralsk.beeline.ru" />
+	<target host="stavropol.beeline.ru" />
+	<target host="stavropolskiy-kr.beeline.ru" />
+	<target host="surgut.beeline.ru" />
+	<target host="syktyvkar.beeline.ru" />
+	<target host="taymyrskiy-mr.beeline.ru" />
+	<target host="tambov.beeline.ru" />
+	<target host="tambovskaya-obl.beeline.ru" />
+	<target host="tverskaya-obl.beeline.ru" />
+	<target host="tver.beeline.ru" />
+	<target host="tolyatti.beeline.ru" />
+	<target host="tomsk.beeline.ru" />
+	<target host="tomskaya-obl.beeline.ru" />
+	<target host="tonshalovo.beeline.ru" />
+	<target host="tulskaya-obl.beeline.ru" />
+	<target host="tutaev.beeline.ru" />
+	<target host="tyumenskaya-obl.beeline.ru" />
+	<target host="tyumen.beeline.ru" />
+	<target host="udmurtiya.beeline.ru" />
+	<target host="uzlovaya.beeline.ru" />
+	<target host="ulan-ude.beeline.ru" />
+	<target host="ulyanovsk.beeline.ru" />
+	<target host="ulyanovskaya-obl.beeline.ru" />
+	<target host="ufa.beeline.ru" />
+	<target host="khabarovsk.beeline.ru" />
+	<target host="khabarovsk-kr.beeline.ru" />
+	<target host="khanty-mansiysk.beeline.ru" />
+	<target host="khmao.beeline.ru" />
+	<target host="khimki.beeline.ru" />
+	<target host="cheboksary.beeline.ru" />
+	<target host="chelyabinskaya-obl.beeline.ru" />
+	<target host="cherepovets.beeline.ru" />
+	<target host="cherkessk.beeline.ru" />
+	<target host="chekhov.beeline.ru" />
+	<target host="chechnya.beeline.ru" />
+	<target host="chita.beeline.ru" />
+	<target host="chuvashiya.beeline.ru" />
+	<target host="chukotskiy-ao.beeline.ru" />
+	<target host="shatura.beeline.ru" />
+	<target host="sholokhovo.beeline.ru" />
+	<target host="shuya.beeline.ru" />
+	<target host="shchekino.beeline.ru" />
+	<target host="elektrostal.beeline.ru" />
+	<target host="elista.beeline.ru" />
+	<target host="engels.beeline.ru" />
+	<target host="yuzhno-sakhalinsk.beeline.ru" />
+	<target host="yakutsk.beeline.ru" />
+	<target host="yanao.beeline.ru" />
+	<target host="yaroslavskaya-obl.beeline.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/BeenVerified.xml b/src/chrome/content/rules/BeenVerified.xml
index 0c2bb72b1b6a..fe0aaab60233 100644
--- a/src/chrome/content/rules/BeenVerified.xml
+++ b/src/chrome/content/rules/BeenVerified.xml
@@ -22,7 +22,12 @@
 <ruleset name="BeenVerified (partial)">
 
 	<target host="beenverified.com" />
-	<target host="*.beenverified.com" />
+	<target host="api.beenverified.com" />
+	<target host="sor.api.beenverified.com" />
+	<target host="www.sor.api.beenverified.com" />
+	<target host="m.beenverified.com" />
+	<target host="www.beenverified.com" />
+	<target host="support.beenverified.com" />
 		<exclusion pattern="^http://(?:www\.)?beenverified\.com/(?!(?:\?.*)?$|sitemap\.html)" />
 
 
@@ -32,7 +37,7 @@
 	<rule from="^http://(api\.|(?:www\.)?sor\.api\.|m\.|www\.)?beenverified\.com/"
 		to="https://$1beenverified.com/" />
 
-	<rule from="^https?://support\.beenverified\.com/(generated|images)/"
+	<rule from="^http://support\.beenverified\.com/(generated|images)/"
 		to="https://assets.zendesk.com/$1/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Beetailer.com.xml b/src/chrome/content/rules/Beetailer.com.xml
index 75c5dfcfee39..da91d95b17f4 100644
--- a/src/chrome/content/rules/Beetailer.com.xml
+++ b/src/chrome/content/rules/Beetailer.com.xml
@@ -27,16 +27,16 @@
 <ruleset name="Beetailer.com">
 
 	<target host="beetailer.com" />
-	<target host="*.beetailer.com" />
+	<target host="www.beetailer.com" />
+	<target host="support.beetailer.com" />
 
 
 	<securecookie host="^www\.beetailer\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?beetailer\.com/"
-		to="https://$1beetailer.com/" />
 
 	<rule from="^http://support\.beetailer\.com/"
 		to="https://beetailer.tenderapp.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Beget.ru.xml b/src/chrome/content/rules/Beget.ru.xml
new file mode 100644
index 000000000000..ecd4a872f1d7
--- /dev/null
+++ b/src/chrome/content/rules/Beget.ru.xml
@@ -0,0 +1,27 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- beget.ru
+		- www.beget.ru
+
+-->
+<ruleset name="Beget.ru">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="beget.ru" />
+	<target host="www.beget.ru" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^beget\.ru$" name="^_csrf$" /-->
+	<!--securecookie host="^(?:www\.)?beget\.ru$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^(?:www\.)?beget\.ru$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BeginLinux.com.xml b/src/chrome/content/rules/BeginLinux.com.xml
new file mode 100644
index 000000000000..4feb47cb84ef
--- /dev/null
+++ b/src/chrome/content/rules/BeginLinux.com.xml
@@ -0,0 +1,33 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- beginlinux.com
+		- www.beginlinux.com
+
+
+	Mixed content:
+
+		- Images from ^ *
+
+	* Secured by us
+
+-->
+<ruleset name="BeginLinux.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="beginlinux.com" />
+	<target host="www.beginlinux.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?beginlinux\.com$" name="^[\da-f]{32}$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Beginner_Triathlete.xml b/src/chrome/content/rules/Beginner_Triathlete.xml
index 0a4e61513176..123f27a0f9e1 100644
--- a/src/chrome/content/rules/Beginner_Triathlete.xml
+++ b/src/chrome/content/rules/Beginner_Triathlete.xml
@@ -1,10 +1,18 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://beginnertriathlete.com/ => https://beginnertriathlete.com/: Too many redirects while fetching 'https://beginnertriathlete.com/'
+Fetch error: http://www.beginnertriathlete.com/ => https://www.beginnertriathlete.com/: Too many redirects while fetching 'https://www.beginnertriathlete.com/'
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://beginnertriathlete.com/ => https://beginnertriathlete.com/: Cycle detected - URL already encountered: https://beginnertriathlete.com/
+Fetch error: http://www.beginnertriathlete.com/ => https://www.beginnertriathlete.com/: Cycle detected - URL already encountered: https://www.beginnertriathlete.com/
 	Nonfunctional subdomains:
 
 		- ox	(shows www; mismatched, CN: ox.beginnertriathlete.com)
 
 -->
-<ruleset name="Beginner Triathlete (partial)">
+<ruleset name="Beginner Triathlete (partial)" default_off="failed ruleset test">
 
 	<target host="beginnertriathlete.com" />
 	<target host="www.beginnertriathlete.com" />
@@ -13,7 +21,6 @@
 	<securecookie host="^(?:www\.)?beginnertriathlete\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?beginnertriathlete\.com/"
-		to="https://$1beginnertriathlete.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Begun.xml b/src/chrome/content/rules/Begun.xml
index 777597a071fd..6b032a5aae06 100644
--- a/src/chrome/content/rules/Begun.xml
+++ b/src/chrome/content/rules/Begun.xml
@@ -1,14 +1,47 @@
-<ruleset name="Begun">
+<!--
+	Fully covered subdomains:
+
+		- (www.)?
+		- autocontext
+		- my
+		- my2
+		- smart
+
+		-
+	Insecure cookies are set for these domains and hosts:
+
+		- .begun.ru
+		- www.begun.ru
+
+
+	Mixed content:
+
+		- css on www from fonts.googleapis.com *
+
+		- fonts on my2 from themes.googleusercontent.com
+
+	* Secured by us
+
+-->
+<ruleset name="Begun.ru">
 
 	<target host="begun.ru" />
-	<target host="*.begun.ru" />
+	<target host="autocontext.begun.ru" />
+	<target host="my.begun.ru" />
+	<target host="my2.begun.ru" />
+	<target host="smart.begun.ru" />
+	<target host="www.begun.ru" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.begun\.ru$" name="^(PHPSESSID|SESSION)$" /-->
+	<!--securecookie host="^www\.begun\.ru$" name="^(BITRIX_SM_GUEST_ID|BITRIX_SM_LAST_VISIT)$" /-->
 
+	<securecookie host="^(?:www)?\.begun\.ru$" name=".+" />
 
-	<!--	Cert only matches *.begun.ru.	-->
-	<rule from="^https?://(?:www\.)?begun\.ru/"
-		to="https://www.begun.ru/" />
 
-	<rule from="^http://(autocontext|my2)\.begun\.ru/"
-		to="https://$1.begun.ru/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Behance.xml b/src/chrome/content/rules/Behance.xml
index 53727e7a45d1..783a70149053 100644
--- a/src/chrome/content/rules/Behance.xml
+++ b/src/chrome/content/rules/Behance.xml
@@ -11,15 +11,25 @@
 
 	<target host="behance.net" />
 	<target host="www.behance.net" />
-		<!--	Pages have started redirecting to http :(	-->
-		<exclusion pattern="^http://www\.behance\.net/(gallery/[\w\-]+/\d+)?$" />
+	<target host="a2.behance.net" />
+	<target host="help.behance.net" />
 
 
-	<securecookie host="^www\.behance\.net$" name=".*" />
+	<!--	Secured by server:
+					-->
+	<!--securecookie host="^help\.behance\.net$" name="^(_zendesk_session|_zendesk_shared_session)$" /-->
+	<!--
+		Not secured by server:
+					-->
+	<!--securecookie host="^(a2|www)\.behance\.net$" name="^BehanceLLC$" /-->
+
+	<securecookie host="^(?:a2|www)\.behance\.net$" name=".+" />
 
 
 	<!--	Cert doesn't match !www.	-->
-	<rule from="^https?://(?:www\.)?behance\.net/"
+	<rule from="^http://(?:www\.)?behance\.net/"
 		to="https://www.behance.net/" />
 
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/BehavEcol.com.xml b/src/chrome/content/rules/BehavEcol.com.xml
new file mode 100644
index 000000000000..56567f4fdb82
--- /dev/null
+++ b/src/chrome/content/rules/BehavEcol.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="BehavEcol.com">
+
+	<target host="behavecol.com" />
+	<target host="www.behavecol.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Behavioral_Policy.org.xml b/src/chrome/content/rules/Behavioral_Policy.org.xml
new file mode 100644
index 000000000000..2e7158086590
--- /dev/null
+++ b/src/chrome/content/rules/Behavioral_Policy.org.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- behavioralpolicy.org
+		- www.behavioralpolicy.org
+
+-->
+<ruleset name="Behavioral Policy.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="behavioralpolicy.org" />
+	<target host="www.behavioralpolicy.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?behavioralpolicy\.org$" name="^(?:PHPSESSID|issuem_issue)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Behr.xml b/src/chrome/content/rules/Behr.xml
index 3e63b2322397..9004b8836e43 100644
--- a/src/chrome/content/rules/Behr.xml
+++ b/src/chrome/content/rules/Behr.xml
@@ -1,10 +1,20 @@
-<ruleset name="Behr">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://behr.com/ => https://behr.com/: (7, 'Failed to connect to behr.com port 443: Connection refused')
+Fetch error: http://m.behr.com/ => https://m.behr.com/: (51, "SSL: no alternative certificate subject name matches target host name 'm.behr.com'")
+Fetch error: http://www.behr.com/ => https://www.behr.com/: Too many redirects while fetching 'https://www.behr.com/'
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://behr.com/ => https://behr.com/: Cycle detected - URL already encountered: https://www.behr.com/
+-->
+<ruleset name="Behr" default_off="failed ruleset test">
 
 	<target host="behr.com" />
-	<target host="*.behr.com" />
+	<target host="m.behr.com" />
+	<target host="www.behr.com" />
 
 
-	<rule from="^http://(m\.|www\.)?behr\.com/"
-		to="https://$1behr.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Beijing_Qianfendian.xml b/src/chrome/content/rules/Beijing_Qianfendian.xml
deleted file mode 100644
index 32bfb1263fd7..000000000000
--- a/src/chrome/content/rules/Beijing_Qianfendian.xml
+++ /dev/null
@@ -1,35 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- passport	(no https)
-
-
-	Problematic subdomains:
-
-		- ^	(403)
-
-
-	Fully covered subdomains:
-
-		- (www.)	(^ → www)
-		- ds5.api
-		- ssl-ds5-api
-		- ssl-rec5-api
-		- ssl-static
-		- ssl-static5
-
-
--->
-<ruleset name="Beijing Qianfendian (partial)">
-
-	<target host="baifendian.com" />
-	<target host="*.baifendian.com" />
-
-
-	<rule from="^http://baifendian\.com/"
-		to="https://www.baifendian.com/" />
-
-	<rule from="^http://(\w+\.api|ssl-[\w\-]+|www)\.baifendian\.com/"
-		to="https://$1.baifendian.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Beleza_na_Web.xml b/src/chrome/content/rules/Beleza_na_Web.xml
index c723e0694da0..92f78d8150c2 100644
--- a/src/chrome/content/rules/Beleza_na_Web.xml
+++ b/src/chrome/content/rules/Beleza_na_Web.xml
@@ -1,4 +1,10 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://belezanaweb.net.br/ => http://belezanaweb.net.br/: (28, 'Connection timed out after 20000 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://belezanaweb.net.br/ => http://belezanaweb.net.br/: (28, 'Connection timed out after 10001 milliseconds')
 	CDN buckets:
 
 		- d33827d8ipi614.cloudfront.net
@@ -18,7 +24,7 @@
 		- static[123]	(→ d33827d8ipi614.cloudfront.net)
 
 -->
-<ruleset name="Beleza na Web (partial)">
+<ruleset name="Beleza na Web (partial)" default_off="failed ruleset test">
 
 	<target host="belezanaweb.net.br" />
 	<target host="*.belezanaweb.net.br" />
@@ -35,4 +41,4 @@
 	<rule from="^http://static\d?\.belezanaweb\.net\.br/"
 		to="https://d33827d8ipi614.cloudfront.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Belgacoin.com.xml b/src/chrome/content/rules/Belgacoin.com.xml
new file mode 100644
index 000000000000..bfb4a2a45681
--- /dev/null
+++ b/src/chrome/content/rules/Belgacoin.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Belgacoin.com">
+  <target host="belgacoin.com" />
+  <target host="www.belgacoin.com" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Belkin.xml b/src/chrome/content/rules/Belkin.xml
index 5cab829f6d3b..c96e25c0c7b6 100644
--- a/src/chrome/content/rules/Belkin.xml
+++ b/src/chrome/content/rules/Belkin.xml
@@ -12,4 +12,4 @@
 	<rule from="^http://(?:www\.)?belkin\.com/(favicon\.ico|images/|\w\w/login(?:$|\?|/)|medias/|resources/|_ui/|\w\w/_ui/)"
 		to="https://www.belkin.com/$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Bell-Canada.xml b/src/chrome/content/rules/Bell-Canada.xml
new file mode 100644
index 000000000000..252b64ff1778
--- /dev/null
+++ b/src/chrome/content/rules/Bell-Canada.xml
@@ -0,0 +1,18 @@
+<ruleset name="Bell Canada (partial)">
+    <target host="bell.ca" />
+    <target host="www.bell.ca" />
+    <target host="mybell.bell.ca" />
+    <target host="www.ges.bell.ca" />
+    <target host="business.bell.ca" />
+    <target host="www.interaction.bell.ca" />
+    <target host="jobs.bce.ca" />
+    <target host="data1.bell.ca" />
+    <target host="webmail.bell.net" />
+
+    <securecookie host="^(?:www|business|mybell)?(?:\.)?bell\.ca$" name=".+" />
+    <securecookie host="^jobs\.bce\.ca$" name=".+" />
+    <securecookie host="^webmail\.bell\.net$" name=".+" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Bell-Labs.com.xml b/src/chrome/content/rules/Bell-Labs.com.xml
new file mode 100644
index 000000000000..42b7fbe9f1cc
--- /dev/null
+++ b/src/chrome/content/rules/Bell-Labs.com.xml
@@ -0,0 +1,22 @@
+<!--
+	For other Alcatel-Lucent coverage, see Alcatel-Lucent.com.xml.
+
+	^: cert only matches www
+
+-->
+<ruleset name="Bell-Labs.com">
+
+	<target host="bell-labs.com" />
+	<target host="www.bell-labs.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.bell-labs\.com$" name="^csrftoken$" /-->
+
+	<securecookie host="^www\.bell-labs\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BellSouth.xml b/src/chrome/content/rules/BellSouth.xml
index 2aae67f727af..83555f14993c 100644
--- a/src/chrome/content/rules/BellSouth.xml
+++ b/src/chrome/content/rules/BellSouth.xml
@@ -1,4 +1,10 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://bellsouth.com/ => https://www.bellsouth.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.bellsouth.com'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://bellsouth.com/ => https://www.bellsouth.com/: (35, 'Unknown SSL protocol error in connection to www.bellsouth.com:443 ')
 	For other AT&T coverage, see ATandT.xml.
 
 
@@ -7,19 +13,19 @@
 		- $	(cert only matches www)
 
 -->
-<ruleset name="BellSouth (partial)">
+<ruleset name="BellSouth (partial)" default_off="failed ruleset test">
 
 	<target host="bellsouth.com" />
-	<target host="*.bellsouth.com" />
+	<target host="www.bellsouth.com" />
+	<target host="smallbusiness.bellsouth.com" />
 
 
 	<securecookie host="^smallbusiness\.bellsouth\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?bellsouth\.com/"
+	<rule from="^http://(?:www\.)?bellsouth\.com/"
 		to="https://www.bellsouth.com/" />
 
-	<rule from="^http://smallbusiness\.bellsouth\.com/"
-		to="https://smallbusiness.bellsouth.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Bellazon.com.xml b/src/chrome/content/rules/Bellazon.com.xml
new file mode 100644
index 000000000000..84073043243e
--- /dev/null
+++ b/src/chrome/content/rules/Bellazon.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="Bellazon.com">
+	<target host="bellazon.com" />
+	<target host="www.bellazon.com" />
+	<target host="dev.bellazon.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Bellingcat.xml b/src/chrome/content/rules/Bellingcat.xml
new file mode 100644
index 000000000000..357ef2155214
--- /dev/null
+++ b/src/chrome/content/rules/Bellingcat.xml
@@ -0,0 +1,10 @@
+<ruleset name="Bellingcat.com">
+
+	<target host="bellingcat.com" />
+	<target host="www.bellingcat.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bellingham_School_District.xml b/src/chrome/content/rules/Bellingham_School_District.xml
index 4076758cb475..a05a7338f053 100644
--- a/src/chrome/content/rules/Bellingham_School_District.xml
+++ b/src/chrome/content/rules/Bellingham_School_District.xml
@@ -11,10 +11,9 @@
 <ruleset name="Bellingham School District (partial)">
 
 	<target host="bellinghamschools.org" />
-	<target host="*.bellinghamschools.org" />
+	<target host="sehome.bellinghamschools.org" />
+	<target host="www.bellinghamschools.org" />
 
+  <rule from="^http:" to="https:" />
 
-	<rule from="^http://(sehome\.|www\.)?bellinghamschools\.org/(misc|sites)/"
-		to="https://$1bellinghamschools.org/$2/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Belly_Button_Biodiversity.xml b/src/chrome/content/rules/Belly_Button_Biodiversity.xml
index 79087d15f3aa..dbe3e71686dc 100644
--- a/src/chrome/content/rules/Belly_Button_Biodiversity.xml
+++ b/src/chrome/content/rules/Belly_Button_Biodiversity.xml
@@ -9,7 +9,7 @@
 	<target host="www.wildlifeofyourbody.org" />
 
 
-	<rule from="^https?://(?:www\.)?wildlifeofyourbody\.org/"
+	<rule from="^http://(?:www\.)?wildlifeofyourbody\.org/"
 		to="https://wildlifeofyourbody.org/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Belpino.se.xml b/src/chrome/content/rules/Belpino.se.xml
index 7a0a82513318..d327a58002f7 100644
--- a/src/chrome/content/rules/Belpino.se.xml
+++ b/src/chrome/content/rules/Belpino.se.xml
@@ -1,7 +1,16 @@
-<ruleset name="Belpino.se">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.belpino.se/ => https://www.belpino.se/: (28, 'Connection timed out after 20006 milliseconds')
+Fetch error: http://belpino.se/ => https://belpino.se/: (28, 'Connection timed out after 20000 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.belpino.se/ => https://www.belpino.se/: (28, 'Connection timed out after 10001 milliseconds')
+Fetch error: http://belpino.se/ => https://belpino.se/: (28, 'Connection timed out after 10001 milliseconds')
+-->
+<ruleset name="Belpino.se" default_off="failed ruleset test">
   <target host="www.belpino.se" />
   <target host="belpino.se" />
-  <rule from="^http://www\.belpino\.se/" to="https://www.belpino.se/"/>
-  <rule from="^http://belpino\.se/" to="https://belpino.se/"/>
+  <rule from="^http:" to="https:" />
 </ruleset>
 
diff --git a/src/chrome/content/rules/Belspo.be.xml b/src/chrome/content/rules/Belspo.be.xml
index 31644243e880..6e81f7de3df8 100644
--- a/src/chrome/content/rules/Belspo.be.xml
+++ b/src/chrome/content/rules/Belspo.be.xml
@@ -19,7 +19,6 @@
 	<target host="www.belspo.be" />
 
 
-	<rule from="^http://www\.belspo\.be/"
-		to="https://www.belspo.be/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Belwue.de.xml b/src/chrome/content/rules/Belwue.de.xml
new file mode 100644
index 000000000000..8927db7bc141
--- /dev/null
+++ b/src/chrome/content/rules/Belwue.de.xml
@@ -0,0 +1,38 @@
+<!--
+	Invalid certificate:
+	  www.stadtbuecherei.bc.belwue.de
+	  www.dai.hd.bib.belwue.de
+	  ftp.belwue.de
+	  www.joerg-rudolf.lehrer.belwue.de
+	  www.mohr.lehrer.belwue.de
+	  moodle.dh.maz.belwue.de
+	  gus.ha.maz.belwue.de
+	  mpc.belwue.de
+	  www.mpc.belwue.de
+	  pubwww1.belwue.de
+	  pubwww5.belwue.de
+	  pubwww7.belwue.de
+	  www1.belwue.de
+
+	Refused:
+	  www.biss.belwue.de
+	  www4.biss.belwue.de
+
+	Timeout:
+	  route-server.belwue.de
+-->
+<ruleset name="BelWü">
+
+	<target host="belwue.de" />
+	<target host="www.belwue.de" />
+	<target host="fex.belwue.de" />
+	<target host="www.intern.belwue.de" />
+	<target host="irc.belwue.de" />
+	<target host="www.kundeninfo.belwue.de" />
+	<target host="mbox1.belwue.de" />
+	<target host="autodiscover.mbox1.belwue.de" />
+
+	<rule from="^http://belwue\.de/" to="https://www.belwue.de/"/>
+	<rule from="^http:" to="https:"/>
+
+</ruleset>
diff --git a/src/chrome/content/rules/BenTasker.co.uk.xml b/src/chrome/content/rules/BenTasker.co.uk.xml
new file mode 100644
index 000000000000..8121685e6f65
--- /dev/null
+++ b/src/chrome/content/rules/BenTasker.co.uk.xml
@@ -0,0 +1,18 @@
+<!--
+	^: Shows default page
+
+-->
+<ruleset name="BenTasker.co.uk">
+
+	<target host="bentasker.co.uk" />
+	<target host="static1.bentasker.co.uk" />
+	<target host="www.bentasker.co.uk" />
+
+
+	<rule from="^http://bentasker\.co\.uk/"
+		to="https://www.bentasker.co.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ben_Marshall.me.xml b/src/chrome/content/rules/Ben_Marshall.me.xml
new file mode 100644
index 000000000000..7ad107c2dcf5
--- /dev/null
+++ b/src/chrome/content/rules/Ben_Marshall.me.xml
@@ -0,0 +1,12 @@
+<ruleset name="Ben Marshall.me">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="benmarshall.me" />
+	<target host="www.benmarshall.me" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BendigoBank.xml b/src/chrome/content/rules/BendigoBank.xml
index 506df7fc09da..22e5612aaae3 100644
--- a/src/chrome/content/rules/BendigoBank.xml
+++ b/src/chrome/content/rules/BendigoBank.xml
@@ -1,9 +1,11 @@
 <ruleset name="Bendigo Bank">
   <target host="bendigobank.com.au" />
-  <target host="*.bendigobank.com.au" />
+  <target host="edroom.bendigobank.com.au" />
+  <target host="m.bendigobank.com.au" />
+  <target host="shop.bendigobank.com.au" />
+  <target host="www.bendigobank.com.au" />
 
   <rule from="^http://bendigobank\.com\.au/"
           to="https://www.bendigobank.com.au/" />
-  <rule from="^http://(edroom|m|shop|www)\.bendigobank\.com\.au/"
-          to="https://$1.bendigobank.com.au/" />
-</ruleset>
\ No newline at end of file
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Benedikt-Bitterli.me.xml b/src/chrome/content/rules/Benedikt-Bitterli.me.xml
new file mode 100644
index 000000000000..808de615f3ed
--- /dev/null
+++ b/src/chrome/content/rules/Benedikt-Bitterli.me.xml
@@ -0,0 +1,13 @@
+<ruleset name="Benedikt-Bitterli.me">
+
+	<target host="benedikt-bitterli.me" />
+	<target host="www.benedikt-bitterli.me" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Benefitsweb.com.xml b/src/chrome/content/rules/Benefitsweb.com.xml
index 898ea4c86191..73f219507472 100644
--- a/src/chrome/content/rules/Benefitsweb.com.xml
+++ b/src/chrome/content/rules/Benefitsweb.com.xml
@@ -5,7 +5,7 @@
 <ruleset name="benefitsweb.com" platform="mixedcontent">
 
 	<target host="benefitsweb.com" />
-	<target host="*.benefitsweb.com" />
+	<target host="www.benefitsweb.com" />
 
 
 	<securecookie host="^(?:www)?\.benefitsweb\.com$" name=".+" />
@@ -14,4 +14,4 @@
 	<rule from="^http://(?:www\.)?benefitsweb\.com/"
 		to="https://www.benefitsweb.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Benetech.xml b/src/chrome/content/rules/Benetech.xml
index 72463f3cfa27..47caa49bb050 100644
--- a/src/chrome/content/rules/Benetech.xml
+++ b/src/chrome/content/rules/Benetech.xml
@@ -4,7 +4,6 @@
 	<target host="www.benetech.org" />
 
 
-	<rule from="^http://(www\.)?benetech\.org/"
-		to="https://$1benetech.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Bennetts.xml b/src/chrome/content/rules/Bennetts.xml
index a5abc8760943..dff421e9471d 100644
--- a/src/chrome/content/rules/Bennetts.xml
+++ b/src/chrome/content/rules/Bennetts.xml
@@ -1,4 +1,6 @@
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://bennetts.co.uk/ => http://bennetts.co.uk/: Redirect for 'http://bennetts.co.uk/' missing Location
 	- ^ times out
 	- At least some pages redirect to http
 
@@ -6,17 +8,18 @@
 <ruleset name="Bennetts (partial)">
 
 	<target host="bennetts.co.uk" />
-	<target host="*.bennetts.co.uk" />
-	<target host="*.quotes.bennetts.co.uk" />
+	<target host="www.bennetts.co.uk" />
+	<target host="classifieds.bennetts.co.uk" />
+	<target host="quotes.bennetts.co.uk" />
 
 
 	<securecookie host="^\.?quotes\.bennets\.co\.uk$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?bennetts\.co\.uk/(assets/|bikesocial/signin|Global/|PageFiles/|[tT]emplates/)"
+	<rule from="^http://(?:www\.)?bennetts\.co\.uk/(assets/|bikesocial/signin|Global/|PageFiles/|[tT]emplates/)"
 		to="https://www.bennetts.co.uk/$1" />
 
 	<rule from="^http://(classified|quote)s\.bennetts\.co\.uk/"
 		to="https://$1s.bennetts.co.uk/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Benthams_Gaze.org.xml b/src/chrome/content/rules/Benthams_Gaze.org.xml
new file mode 100644
index 000000000000..0e45af5b093c
--- /dev/null
+++ b/src/chrome/content/rules/Benthams_Gaze.org.xml
@@ -0,0 +1,12 @@
+<ruleset name="Benthams Gaze.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="benthamsgaze.org" />
+	<target host="www.benthamsgaze.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bentley_University.xml b/src/chrome/content/rules/Bentley_University.xml
deleted file mode 100644
index 97668185c85f..000000000000
--- a/src/chrome/content/rules/Bentley_University.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	Some pages redirect to http
-
--->
-<ruleset name="Bentley Univerity (partial)">
-
-	<target host="bentley.edu" />
-	<target host="*.bentley.edu" />
-		<exclusion pattern="^http://(?:www\.)?bentley\.edu/(?!favicon\.ico|files/|sites/)" />
-
-
-	<securecookie host="^\.secureforms\.bentley\.edu$" name=".+" />
-
-
-	<rule from="^http://((?:secureforms|www)\.)?bentley\.edu/"
-		to="https://$1bentley.edu/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Benzinga.com.xml b/src/chrome/content/rules/Benzinga.com.xml
new file mode 100644
index 000000000000..c93c357b3a06
--- /dev/null
+++ b/src/chrome/content/rules/Benzinga.com.xml
@@ -0,0 +1,28 @@
+<!--
+	Mixed content:
+
+		- css on jobs from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Benzinga.com (partial)">
+
+	<target host="benzinga.com" />
+	<target host="*.benzinga.com" />
+		<!--
+			Redirects to http:
+						-->
+		<!--exclusion pattern="^http://pro\.benzinga\.com/$" /-->
+		<!--exclusion pattern="^http://www\.benzinga\.com/($|contact$|\w+/\w+/\d\d/\d\d/\d+/[\w-]+$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://pro\.benzinga\.com/+(?!sites/)" />
+		<exclusion pattern="^http://www\.benzinga\.com/+(?!favicon\.ico)" />
+
+
+	<rule from="^http://((?:cdn\d|jobs|pro|www)\.)?benzinga\.com/"
+		to="https://$1benzinga.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bepo.fr.xml b/src/chrome/content/rules/Bepo.fr.xml
new file mode 100644
index 000000000000..67e684149450
--- /dev/null
+++ b/src/chrome/content/rules/Bepo.fr.xml
@@ -0,0 +1,15 @@
+<!--
+	Refused:
+		- dactylotest
+
+	Self-signed:
+		- www.dactylotest
+-->
+<ruleset name="Bepo.fr">
+	<target host="bepo.fr" />
+	<target host="www.bepo.fr" />
+	<target host="forum.bepo.fr" />
+	<target host="www.forum.bepo.fr" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Bepress.xml b/src/chrome/content/rules/Bepress.xml
index 3ac0e8a0cf0a..4b110f70b3bd 100644
--- a/src/chrome/content/rules/Bepress.xml
+++ b/src/chrome/content/rules/Bepress.xml
@@ -1,11 +1,44 @@
-<ruleset name="bepress" platform="mixedcontent">
+<!--
+	Problematic hosts in *bepress.com:
 
-	<target host="bepress.com"/>
-	<target host="*.bepress.com"/>
+		- blog.digitalcommons *
 
-	<securecookie host="^(.*\.)?bepress\.com$" name=".*"/>
+	* Mismatched
 
-	<rule from="^http://(\w+\.)?bepress\.com/"
-		to="https://$1bepress.com/"/>
+
+	Mixed content:
+
+		- css on digitalcommons, law, www from fonts.googleapis.com *
+		- Images on digitalcommons from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="bepress.com (partial)">
+
+	<target host="bepress.com" />
+	<target host="*.bepress.com" />
+
+		<exclusion pattern="^http://[^/]+\.[^/]+\.bepress\.com/" />
+
+			<!--	+ve:
+					-->
+			<test url="http://blog.digitalcommons.bepress.com/" />
+			<test url="http://blog.digitalcommons.bepress.com/index.htm" />
+			<test url="http://blog.digitalcommons.bepress.com/index.php" />
+
+		<test url="http://assets.bepress.com/" />
+		<test url="http://digitalcommons.bepress.com/" />
+		<test url="http://law.bepress.com/" />
+		<test url="http://network.bepress.com/" />
+		<test url="http://works.bepress.com/" />
+		<test url="http://www.bepress.com/" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/BergensTidende.xml b/src/chrome/content/rules/BergensTidende.xml
index a39b94f9c834..32e12b7970c8 100644
--- a/src/chrome/content/rules/BergensTidende.xml
+++ b/src/chrome/content/rules/BergensTidende.xml
@@ -1,5 +1,181 @@
-<ruleset name="Bergens Tidende" default_off="certificate problem">
-  <target host="www.bt.no" />
-  <target host="bt.no" />
-  <rule from="^http://(?:www\.)?bt\.no/" to="https://www.bt.no/" />
+<!--
+	Bergens Tidende
+
+	Cert chain issue:
+		- scenario.bt.no
+
+	Cert expired:
+		- nyhetsbrev.bt.no
+		- pust.bt.no
+
+	Cert mismatch:
+		- a.bt.no
+		- a.dev.ai.bt.no
+		- bergenpuls.bt.no
+		- bil.bt.no
+		- cache1.bt.no
+		- cache2.bt.no
+		- cache3.bt.no
+		- cache4.bt.no
+		- dinmat.bt.no
+		- fast.bt.no
+		- fotball.bt.no
+		- gallup.bt.no
+		- go.bt.no
+		- widget.godetilbud.bt.no
+		- graf.bt.no
+		- cm.i.bt.no
+		- festspillene.i.bt.no
+		- xmas.i.bt.no
+		- m.bt.no
+		- beta.m.bt.no
+		- marked.bt.no
+		- mat.bt.no
+		- minbt.bt.no
+		- mobile.bt.no
+		- mobilehelios.bt.no
+		- ny.bt.no
+		- m.nyttig.bt.no
+		- respons.bt.no
+		- skatt.bt.no
+		- sport.bt.no
+		- m.sprek.bt.no
+		- tur.bt.no
+		- turcache.bt.no
+		- vip.bt.no
+		- wap.bt.no
+		- www1.bt.no
+		- wwwnew.bt.no
+
+	Connection refused:
+		- innsikt.bt.no
+		- lisa1.bt.no
+		- multimedia1.bt.no
+		- redir.bt.no
+		- skatt-b.bt.no
+		- statisk1.bt.no
+
+	Self-signed cert:
+		- 2017.bt.no
+		- drvik.bt.no
+
+	Timeout:
+		- 112.bt.no
+		- abo.bt.no
+		- app.bt.no
+		- ariel.bt.no
+		- autodiscover.bt.no
+		- beatrice.bt.no
+		- bugs.bt.no
+		- citrix.bt.no
+		- citrix1.bt.no
+		- citrix2.bt.no)
+		- cwa.bt.no
+		- as.cwa.bt.no
+		- download.cwa.bt.no
+		- datest.bt.no
+		- deling.bt.no
+		- dns01.bt.no
+		- finch.bt.no
+		- folk.bt.no
+		- ftp01.bt.no
+		- ftp1.bt.no
+		- ftp2.bt.no
+		- ftp3.bt.no
+		- gentoo.bt.no
+		- gis.bt.no
+		- i.bt.no
+		- anmelderfesten.i.bt.no
+		- iago.bt.no
+		- images1.bt.no
+		- images2.bt.no
+		- images3.bt.no
+		- images4.bt.no
+		- k.bt.no
+		- laertes.bt.no
+		- lyncdiscover.bt.no
+		- mat2.bt.no
+		- miranda.bt.no
+		- mittabonnement.bt.no
+		- mittabotest.bt.no
+		- ntp1.bt.no
+		- ntp2.bt.no
+		- ocscontent.bt.no
+		- oma.bt.no
+		- pat.bt.no
+		- profil.bt.no
+		- puck.bt.no
+		- sip.bt.no
+		- smtp01.bt.no
+		- sudoku.bt.no
+		- supporter.bt.no
+		- sw.bt.no
+		- tv.bt.no
+		- vpn.bt.no
+		- webad.bt.no
+		- webdev.bt.no
+		- webdev2.bt.no
+		- webmail.bt.no
+		- webtest2.bt.no
+		- wlc.bt.no
+		- wsus.bt.no
+		- www2.bt.no
+
+	TLS error:
+		- bonansa.dev.bt.no
+		- btpodcasts.dev.bt.no
+		- plants.dev.bt.no
+		- widgets.dev.bt.no
+-->
+<ruleset name="BT.no (partial)">
+
+	<target host="bt.no" />
+	<target host="www.bt.no" />
+
+	<target host="adportal.bt.no" />
+	<target host="annonser.bt.no" />
+	<target host="bedriftsabo.bt.no" />
+	<target host="beta.bt.no" />
+	<target host="blogg.bt.no" />
+	<target host="cis.bt.no" />
+	<target host="godetilbud.bt.no" />
+	<target host="helios.bt.no" />
+	<target host="cmmnts.i.bt.no" />
+	<target host="cmmnts-api.i.bt.no" />
+	<target host="comments.i.bt.no" />
+	<target host="comments-api.i.bt.no" />
+	<target host="quiz.i.bt.no" />
+	<target host="images.bt.no" />
+	<target host="iphone.bt.no" />
+	<target host="junior.bt.no" />
+	<target host="kundeportal.bt.no" />
+	<target host="kundesenter.bt.no" />
+	<target host="kundeweb.bt.no" />
+	<target host="kundewebtest.bt.no" />
+	<target host="lisa.bt.no" />
+	<target host="live.bt.no" />
+	<target host="mediahash1.bt.no" />
+	<target host="mediahash2.bt.no" />
+	<target host="mediahash3.bt.no" />
+	<target host="mobil.bt.no" />
+	<target host="multimedia.bt.no" />
+	<target host="nyttig.bt.no" />
+	<target host="old.bt.no" />
+	<target host="reise.bt.no" />
+	<target host="statisk.bt.no" />
+	<target host="webkamera.bt.no" />
+
+		<exclusion pattern="^http://www\.bt\.no/tv/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+	<test url="http://statisk.bt.no/icon/hjerte_1.png" />
+
+	<test url="http://www.bt.no/external/drfront/css/front-4.css" />
+	<test url="http://www.bt.no/public/xiti/index@1461404756.js" />
+	<test url="http://www.bt.no/resources/js/mno/tns/unispring.js" />
+	<test url="http://www.bt.no/skins/global/gfx/schibsted.png" />
+	<test url="http://www.bt.no/skins/global/print.css" />
+	<test url="http://www.bt.no/tv/" />
 </ruleset>
diff --git a/src/chrome/content/rules/Berkeley_LUG.com.xml b/src/chrome/content/rules/Berkeley_LUG.com.xml
index d0e8006f697f..43a930069eb4 100644
--- a/src/chrome/content/rules/Berkeley_LUG.com.xml
+++ b/src/chrome/content/rules/Berkeley_LUG.com.xml
@@ -1,4 +1,5 @@
 <!--
+
 	^: mismatched, CN: jdeslip.com
 
 -->
@@ -11,7 +12,6 @@
 	<securecookie host="^www\.berkeleylug\.com$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?berkeleylug\.com/"
-		to="https://www.berkeleylug.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Berkeleyside.com.xml b/src/chrome/content/rules/Berkeleyside.com.xml
new file mode 100644
index 000000000000..31df48e999ea
--- /dev/null
+++ b/src/chrome/content/rules/Berkeleyside.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Redirect to http:
+		berkeleyside.com
+
+	Mixed content:
+		invest.berkeleyside.com
+		realestate.berkeleyside.com
+
+	Invalid certificate:
+		votersedge.berkeleyside.com
+
+	Wildcard DNS but no wildcard certificate
+
+-->
+<ruleset name="Berkeleyside">
+
+	<target host="berkeleyside.com" />
+	<target host="www.berkeleyside.com" />
+
+	<rule from="^http://berkeleyside\.com/"
+		to="https://www.berkeleyside.com/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Berkely-Chess-School.xml b/src/chrome/content/rules/Berkely-Chess-School.xml
deleted file mode 100644
index 0604cd63f475..000000000000
--- a/src/chrome/content/rules/Berkely-Chess-School.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<ruleset name="Berkeley Chess School (partial)">
-
-	<target host="berkeleychessschool.org"/>
-	<target host="www.berkeleychessschool.org"/>
-
-	<securecookie host="^(.*\.)?berkeleychessschool\.org$" name=".*"/>
-
-	<rule from="^http://(www\.)?berkeleychessschool\.org/(imgs|images|stylesheets)/"
-		to="https://$1berkeleychessschool.org/$2/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Berklee.edu.xml b/src/chrome/content/rules/Berklee.edu.xml
index d40c42fe0cad..97f9b765ef17 100644
--- a/src/chrome/content/rules/Berklee.edu.xml
+++ b/src/chrome/content/rules/Berklee.edu.xml
@@ -1,5 +1,5 @@
 <ruleset name="Berklee College of Music">
   <target host="apply.berklee.edu" />
 
-  <rule from="^http://apply\.berklee\.edu/" to="https://apply.berklee.edu/"/>
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Berkshire-Hathaway.xml b/src/chrome/content/rules/Berkshire-Hathaway.xml
index 9d858db06402..1b481905b1a9 100644
--- a/src/chrome/content/rules/Berkshire-Hathaway.xml
+++ b/src/chrome/content/rules/Berkshire-Hathaway.xml
@@ -6,6 +6,15 @@
 	<target host="businesswire.com"/>
 	<target host="*.businesswire.com"/>
 
+	<test url="http://connect.businesswire.com/" />
+	<test url="http://secure.businesswire.com/" />
+	<test url="http://mms.businesswire.com/" />
+
+
+	<test url="http://www.businesswire.com/css/style.css" />
+	<test url="http://www.businesswire.com/images/bwlogo_extreme.png" />
+	<test url="http://www.businesswire.com/images/home/feature_smp_01.jpg" />
+
 	<!-- cert:: *.businesswire.com	-->
 	<rule from="^http://businesswire\.com/"
 		to="https://www.businesswire.com/"/>
@@ -14,15 +23,7 @@
 	<rule from="^http://(?:www\.)?businesswire\.com/(css/|images/|portal/(?:binary|site/home/(?:template\.LOGIN|index\.jsp\?epi-content=[\w&amp;=]+wizardName=userreg)))"
 		to="https://www.businesswire.com/$1"/>
 
-	<rule from="^http://(connect|secure)\.businesswire\.com/"
+	<rule from="^http://(connect|secure|mms)\.businesswire\.com/"
 		to="https://$1.businesswire.com/"/>
 
-	<!--	cert for connect, data missing at connect	-->
-	<rule from="^http://cts\.businesswire\.com/ct/CT\?id="
-		to="https://www.businesswire.com/images/spacer.gif"/>
-
-	<!--	cert for connect, data identical	-->
-	<rule from="^http://mms\.businesswire\.com/bwapps/mediaserver/"
-		to="https://connect.businesswire.com/bwapps/mediaserver/"/>
-
 </ruleset>
diff --git a/src/chrome/content/rules/BerliOS.xml b/src/chrome/content/rules/BerliOS.xml
deleted file mode 100644
index 68b96fb2c1d3..000000000000
--- a/src/chrome/content/rules/BerliOS.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="BerliOS" default_off="self-signed">
-
-	<target host="*.berlios.de" />
-
-
-	<securecookie host="^.+\.berlios\.de$" name=".*" />
-
-
-	<rule from="^http://([^/:@\.]+)\.berlios\.de/"
-		to="https://$1.berlios.de/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Berlin-Airport.de.xml b/src/chrome/content/rules/Berlin-Airport.de.xml
index c90667b65f72..603087b8f476 100644
--- a/src/chrome/content/rules/Berlin-Airport.de.xml
+++ b/src/chrome/content/rules/Berlin-Airport.de.xml
@@ -1,8 +1,16 @@
-<ruleset name="Berlin Airport">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://berlin-airport.de/ => https://www.berlin-airport.de/: Too many redirects while fetching 'https://www.berlin-airport.de/'
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://berlin-airport.de/ => https://www.berlin-airport.de/: Redirect for 'http://www.berlin-airport.de/' missing Location
+-->
+<ruleset name="Berlin Airport" default_off="failed ruleset test">
     <target host="berlin-airport.de" />
     <target host="*.berlin-airport.de" />
 
-    <rule from="^https?://berlin-airport\.de/"
+    <rule from="^http://berlin-airport\.de/"
         to="https://www.berlin-airport.de/"/>
     <rule from="^http://([^/:@]+)?\.berlin-airport\.de/"
         to="https://$1.berlin-airport.de/" />
diff --git a/src/chrome/content/rules/Berlin.de.xml b/src/chrome/content/rules/Berlin.de.xml
index ca7e0515ac98..3fb165e32fb0 100644
--- a/src/chrome/content/rules/Berlin.de.xml
+++ b/src/chrome/content/rules/Berlin.de.xml
@@ -1,12 +1,38 @@
-<ruleset name="Berlin.de">
-  <target host="www.berlin.de" />
-  <target host="*.berlin.de" />
+<!--
+	Nonfunctional hosts in *berlin.de:
 
-  <exclusion pattern="^http://action\.berlin\.de/"/>
-  <exclusion pattern="^http://daten\.berlin\.de/"/>
+		- www.be ᵇ
+		- www.sei ᵇ
+		- (www.)?stadtentwicklung ʳ
+
+	ᵇ Shows default page
+	ʳ Refused
+
+
+	^berlin.de does not exist.
+
+
+	Mixed content:
+
+		- Image on viz from vmz-kameras.verwalt-berlin.de
+		- Bug on viz from webstat.viz-info.de ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Berlin.de (partial)">
+
+	<target host="service.berlin.de" />
+	<target host="viz.berlin.de" />
+	<target host="www.viz.berlin.de" />
+	<target host="www.berlin.de" />
+
+	<!--
+	<exclusion pattern="^http://action\.berlin\.de/"/>
+	<exclusion pattern="^http://daten\.berlin\.de/"/>
+	-->
+
+	<rule from="^http:"
+		to="https:" />
 
-  <rule from="^https?://berlin\.de/"
-    to="https://www.berlin.de/" />
-  <rule from="^http://([^/:@]+)?\.berlin\.de/"
-    to="https://$1.berlin.de/" />
 </ruleset>
diff --git a/src/chrome/content/rules/Berliner-Energietisch.xml b/src/chrome/content/rules/Berliner-Energietisch.xml
index 092f8e9c5a5f..82345b6a40ed 100644
--- a/src/chrome/content/rules/Berliner-Energietisch.xml
+++ b/src/chrome/content/rules/Berliner-Energietisch.xml
@@ -3,7 +3,7 @@
 	<target host="berliner-energietisch.net"/>
 	<target host="www.berliner-energietisch.net"/>
 
-	<securecookie host="^berliner-energietisch\.net$" name=".*"/>
+	<securecookie host="^berliner-energietisch\.net$" name=".+" />
 
 	<rule from="^http://(?:www\.)?berliner-energietisch\.net/"
 		to="https://berliner-energietisch.net/"/>
diff --git a/src/chrome/content/rules/Berliner-Zeitung.de.xml b/src/chrome/content/rules/Berliner-Zeitung.de.xml
new file mode 100644
index 000000000000..59f939d1a6fb
--- /dev/null
+++ b/src/chrome/content/rules/Berliner-Zeitung.de.xml
@@ -0,0 +1,65 @@
+<!--
+	Invalid certificate:
+		030.berliner-zeitung.de
+		abinizoellner.berliner-zeitung.de
+		boerse.berliner-zeitung.de
+		farmerama.berliner-zeitung.de
+		ipadapp.berliner-zeitung.de
+		maltewelding.berliner-zeitung.de
+		mannekenpis.berliner-zeitung.de
+		mauerfall.berliner-zeitung.de
+		pobplog.berliner-zeitung.de
+		stg.service.berliner-zeitung.de
+		tippspiel.berliner-zeitung.de
+		video.berliner-zeitung.de
+		wm-tippspiel.berliner-zeitung.de
+		www3.berliner-zeitung.de
+
+	Refused:
+		shop.berliner-zeitung.de
+		m.shop.berliner-zeitung.de
+		sporttabellen.berliner-zeitung.de
+
+	Timeout:
+		abo.berliner-zeitung.de
+		abo-shop.berliner-zeitung.de
+		ac.berliner-zeitung.de
+		app.berliner-zeitung.de
+		bar.berliner-zeitung.de
+		golf.berliner-zeitung.de
+		mp.berliner-zeitung.de
+		tvprogramm.berliner-zeitung.de
+-->
+<ruleset name="Berliner-Zeitung.de">
+
+	<target host="berliner-zeitung.de" />
+	<target host="www.berliner-zeitung.de" />
+	<target host="aboshop.berliner-zeitung.de" />
+	<target host="test.aboshop.berliner-zeitung.de" />
+	<target host="amp.berliner-zeitung.de" />
+	<target host="archiv.berliner-zeitung.de" />
+	<target host="biallo.berliner-zeitung.de" />
+	<target host="consent.berliner-zeitung.de" />
+	<target host="epages.berliner-zeitung.de" />
+	<target host="fbia.berliner-zeitung.de" />
+	<target host="gruss-vom-bosporus.berliner-zeitung.de" />
+	<target host="horoskope.berliner-zeitung.de" />
+	<target host="leogutsch.berliner-zeitung.de" />
+	<target host="leserreisen.berliner-zeitung.de" />
+	<target host="login.berliner-zeitung.de" />
+	<target host="lp.berliner-zeitung.de" />
+	<target host="mms.berliner-zeitung.de" />
+	<target host="mobil.berliner-zeitung.de" />
+	<target host="mobil-archiv.berliner-zeitung.de" />
+	<target host="service.berliner-zeitung.de" />
+	<target host="static.berliner-zeitung.de" />
+	<target host="story.berliner-zeitung.de" />
+	<target host="track.berliner-zeitung.de" />
+	<target host="wahlomat.berliner-zeitung.de" />
+	<target host="wetter.berliner-zeitung.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Berlinonline.de.xml b/src/chrome/content/rules/Berlinonline.de.xml
index 223453f28c54..56c5253f111d 100644
--- a/src/chrome/content/rules/Berlinonline.de.xml
+++ b/src/chrome/content/rules/Berlinonline.de.xml
@@ -3,11 +3,10 @@
     <target host="boss.berlinonline.de" />
     <target host="berlinonline.de" />
 
-    <rule from="^http://(www|boss)\.berlinonline\.de/"
-        to="https://$1.berlinonline.de/" />
     <rule from="^http://berlinonline\.de/"
         to="https://www.berlinonline.de/" />
 
-    <securecookie host="^boss\.berlinonline\.de" name=".*" />
-    <securecookie host="www\.berlinonline\.de" name=".*" />
+	<rule from="^http:"
+		to="https:" />
+    <securecookie host="^\w" name=".+" />
 </ruleset>
diff --git a/src/chrome/content/rules/Bernal_Bucks.xml b/src/chrome/content/rules/Bernal_Bucks.xml
index e8b8daf7cb9c..5f5de36af62a 100644
--- a/src/chrome/content/rules/Bernal_Bucks.xml
+++ b/src/chrome/content/rules/Bernal_Bucks.xml
@@ -1,13 +1,12 @@
 <ruleset name="Bernal Bucks">
 
 	<target host="bernalbucks.org" />
-	<target host="*.bernalbucks.org" />
+	<target host="www.bernalbucks.org" />
 
 
 	<securecookie host="^\.?bernalbucks\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?bernalbucks\.org/"
-		to="https://$1bernalbucks.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Bernard_Hodes_Group.xml b/src/chrome/content/rules/Bernard_Hodes_Group.xml
index 8270081ec066..e0cd0428f86e 100644
--- a/src/chrome/content/rules/Bernard_Hodes_Group.xml
+++ b/src/chrome/content/rules/Bernard_Hodes_Group.xml
@@ -1,10 +1,16 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://jobmatcher.hodesiq.com/ => https://jobmatcher.hodesiq.com/: (6, 'Could not resolve host: jobmatcher.hodesiq.com')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://jobmatcher.hodesiq.com/ => https://jobmatcher.hodesiq.com/: (28, 'Connection timed out after 10001 milliseconds')
 	Nonfunctional domains:
 
 		- (www.)hodes.co.uk	(times out)
 
 -->
-<ruleset name="Bernard Hodes Group (partial)">
+<ruleset name="Bernard Hodes Group (partial)" default_off="failed ruleset test">
 
 	<target host="*.sc.hodesdigital.com" />
 	<target host="jobmatcher.hodesiq.com" />
@@ -19,4 +25,4 @@
 	<rule from="^http://jobmatcher\.hodesiq\.com/"
 		to="https://jobmatcher.hodesiq.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Berner_Kantonalbank.xml b/src/chrome/content/rules/Berner_Kantonalbank.xml
deleted file mode 100644
index eb99066fa28b..000000000000
--- a/src/chrome/content/rules/Berner_Kantonalbank.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<ruleset name="Berner Kantonalbank">
-    <target host="bekb.ch" />
-    <target host="*.bekb.ch" />
-
-    <securecookie host="^(.*\.)?bekb\.ch$" name=".+" />
-
-    <rule from="^https?://bekb\.ch/"
-        to="https://www.bekb.ch/"/>
-    <rule from="^http://([^/:@]+)?\.bekb\.ch/"
-        to="https://$1.bekb.ch/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Bernie_Sanders.com.xml b/src/chrome/content/rules/Bernie_Sanders.com.xml
new file mode 100644
index 000000000000..5df514c24bbb
--- /dev/null
+++ b/src/chrome/content/rules/Bernie_Sanders.com.xml
@@ -0,0 +1,34 @@
+<!--
+	Fully covered hosts in *berniesanders.com:
+
+		- (www.)?
+		- go
+		- store
+
+
+	Insecure cookies are set for these domains:
+
+		- .berniesanders.com
+
+-->
+<ruleset name="Bernie Sanders.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="berniesanders.com" />
+	<target host="go.berniesanders.com" />
+	<target host="store.berniesanders.com" />
+	<target host="www.berniesanders.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.berniesanders\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.berniesanders\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bernina.xml b/src/chrome/content/rules/Bernina.xml
new file mode 100644
index 000000000000..5c62070853f3
--- /dev/null
+++ b/src/chrome/content/rules/Bernina.xml
@@ -0,0 +1,102 @@
+<!--
+	Secure connection failed:
+		- registrierung.bernina.com
+		- sk.bernina.com
+		- www.youngfashion.bernina.com
+
+	mismatch:
+		- 3series.bernina.com
+		- 5series.bernina.com
+		- bsr.bernina.com
+		- ca.bernina.com
+		- ch.bernina.com
+		- challenge.bernina.com
+		- de.bernina.com
+		- dk.bernina.com
+		- es.bernina.com
+		- factory.bernina.com
+		- fr.bernina.com
+		- in.bernina.com
+		- nz.bernina.com
+		- shop.bernina.com
+		- survey.bernina.com
+		- us.bernina.com
+
+		- bernina-chur.ch
+		- bernina-lausanne.ch
+		- bernina-lugano.ch
+		- bernina-mels.ch
+		- bernina-solothurn.ch
+		- bernina-wil.ch
+		- bernina-zürich.ch
+
+	self-signed:
+		- (www\.)?bernina-zuerich.ch
+
+	No working URL known:
+		- secure.bernina.com (403)
+
+	Different content:
+		- adfs.bernina.com (https://adfs.bernina.com/adfs/portal/logo/logo.png)
+-->
+<ruleset name="Bernina">
+	<target host="bernina.com"/>
+	<target host="www.bernina.com"/>
+	<target host="blog.bernina.com"/>
+	<target host="checkout.bernina.com"/>
+	<target host="newsletter.bernina.com"/>
+	<target host="registration.bernina.com"/>
+	<target host="service.bernina.com"/>
+	<target host="sm.bernina.com"/>
+	<target host="weallsew.bernina.com"/>
+	<target host="webmail.bernina.com"/>
+
+	<!-- too many redirects for fetch tests -->
+	<exclusion pattern="^http://bernina\.com/$"/>
+	<exclusion pattern="^http://www\.bernina\.com/$"/>
+	<test url="http://bernina.com/Bernina/img/r-logo-bernina.svg"/>
+	<test url="http://www.bernina.com/Bernina/img/r-logo-bernina.svg"/>
+
+	<target host="bernina-chur.ch"/>
+	<target host="www.bernina-chur.ch"/>
+	<target host="bernina-lausanne.ch"/>
+	<target host="www.bernina-lausanne.ch"/>
+	<target host="bernina-lugano.ch"/>
+	<target host="www.bernina-lugano.ch"/>
+	<target host="bernina-mels.ch"/>
+	<target host="www.bernina-mels.ch"/>
+	<target host="bernina-solothurn.ch"/>
+	<target host="www.bernina-solothurn.ch"/>
+	<target host="bernina-wil.ch"/>
+	<target host="www.bernina-wil.ch"/>
+	<target host="bernina-zuerich.ch"/>
+	<target host="www.bernina-zuerich.ch"/>
+
+	<!-- punycode to solve unicode problems in tests -->
+	<target host="xn--bernina-zrich-4ob.ch"/>
+	<target host="www.xn--bernina-zrich-4ob.ch"/>
+
+	<!-- cert only matches www -->
+	<rule from="^http://bernina-chur\.ch/"
+		to="https://www.bernina-chur.ch/"/>
+	<rule from="^http://bernina-lausanne\.ch/"
+		to="https://www.bernina-lausanne.ch/"/>
+	<rule from="^http://bernina-lugano\.ch/"
+		to="https://www.bernina-lugano.ch/"/>
+	<rule from="^http://bernina-mels\.ch/"
+		to="https://www.bernina-mels.ch/"/>
+	<rule from="^http://bernina-solothurn\.ch/"
+		to="https://www.bernina-solothurn.ch/"/>
+	<rule from="^http://bernina-wil\.ch/"
+		to="https://www.bernina-wil.ch/"/>
+	<rule from="^http://xn--bernina-zrich-4ob\.ch/"
+		to="https://www.xn--bernina-zrich-4ob.ch/"/>
+
+	<!-- cert only matches www.bernina-zürich.ch
+	page shows broken frame, so we just redirect it -->
+	<rule from="^http://(www\.)?bernina-zuerich\.ch/"
+		to="https://www.xn--bernina-zrich-4ob.ch/"/>
+
+	<rule from="^http:"
+		to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/Berniw.org.xml b/src/chrome/content/rules/Berniw.org.xml
index 2b235fb9af79..25ecfd4a9309 100644
--- a/src/chrome/content/rules/Berniw.org.xml
+++ b/src/chrome/content/rules/Berniw.org.xml
@@ -1,14 +1,14 @@
-<ruleset name="berniw.org" default_off="mismatch">
+<ruleset name="berniw.org" default_off="mismatched">
 
 	<!--	Cert: *.hostcenter.com	-->
 	<target host="berniw.org" />
 	<target host="www.berniw.org" />
 
 
-	<securecookie host="^berniw\.org$" name=".*" />
+	<securecookie host="^berniw\.org$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?berniw\.org/"
+	<rule from="^http://(?:www\.)?berniw\.org/"
 		to="https://berniw.org/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/BerryReview.com.xml b/src/chrome/content/rules/BerryReview.com.xml
index 0c3fe5d02712..b0184488462c 100644
--- a/src/chrome/content/rules/BerryReview.com.xml
+++ b/src/chrome/content/rules/BerryReview.com.xml
@@ -1,4 +1,5 @@
 <!--
+
 	Mixed content:
 
 		- css on www from 1-ps.googleusercontent.com *
@@ -15,13 +16,12 @@
 <ruleset name="BerryReview.com (false MCB)" platform="mixedcontent">
 
 	<target host="berryreview.com" />
-	<target host="*.berryreview.com" />
+	<target host="www.berryreview.com" />
 
 
 	<securecookie host="^(?:\.?www\.)?berryreview\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?berryreview\.com/"
-		to="https://$1berryreview.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Bertrand_Meyer.com.xml b/src/chrome/content/rules/Bertrand_Meyer.com.xml
new file mode 100644
index 000000000000..a1ce2d9efa0b
--- /dev/null
+++ b/src/chrome/content/rules/Bertrand_Meyer.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="Bertrand Meyer.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="bertrandmeyer.com" />
+	<target host="www.bertrandmeyer.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bespied-ons-niet.nl.xml b/src/chrome/content/rules/Bespied-ons-niet.nl.xml
new file mode 100644
index 000000000000..6da925218686
--- /dev/null
+++ b/src/chrome/content/rules/Bespied-ons-niet.nl.xml
@@ -0,0 +1,13 @@
+<!--
+	www: cert only matches ^bespied-ons-niet.nl
+
+-->
+<ruleset name="Bespied-ons-niet.nl">
+
+	<target host="bespied-ons-niet.nl" />
+	<target host="www.bespied-ons-niet.nl" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Best-Buy.xml b/src/chrome/content/rules/Best-Buy.xml
index 68d67b551313..bbd9ad2e1f42 100644
--- a/src/chrome/content/rules/Best-Buy.xml
+++ b/src/chrome/content/rules/Best-Buy.xml
@@ -3,27 +3,35 @@
 
 		- images-ssl.bestbuy.com.edgekey.net
 		- css.bbystatic.com.edgesuite.net
+
+		- espanol.bestbuy.com.edgesuite.net
+
+			- a1135.b.akamai.net
+
 		- images.bestbuy.com.edgesuite.net
 
 -->
 <ruleset name="Best Buy (partial)">
 
 	<target host="bestbuy.ugc.bazaarvoice.com" />
-	<target host="*.bestbuy.com" />
+	<target host="www-ssl.bestbuy.com" />
+	<target host="images.bestbuy.com" />
+	<target host="images-ssl.bestbuy.com" />
+		<!--
+			Avoid user-visible paths:
+							-->
+		<!--exclusion pattern="^http://espanol\.bestbuy\.com/(?!favicon\.ico|img/|simages/)" /-->
 
 
 	<securecookie host="^www-ssl\.bestbuy\.com$" name=".+" />
 
 
-	<rule from="^http://bestbuy\.ugc\.bazaarvoice\.com/"
-		to="https://bestbuy.ugc.bazaarvoice.com/" />
 
-	<rule from="^http://www-ssl\.bestbuy\.com/"
-		to="https://www-ssl.bestbuy.com/" />
 
 	<!--	images: Akamai
 				-->
-	<rule from="^https?://images(?:-ssl)?.bestbuy.com/"
+	<rule from="^http://images(?:-ssl)?\.bestbuy\.com/"
 		to="https://images-ssl.bestbuy.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Best-Lawyers.xml b/src/chrome/content/rules/Best-Lawyers.xml
index 0a98c4fbf6be..e53bdd981309 100644
--- a/src/chrome/content/rules/Best-Lawyers.xml
+++ b/src/chrome/content/rules/Best-Lawyers.xml
@@ -4,11 +4,10 @@
 	<target host="www.bestlawyers.com" />
 
 
-	<securecookie host="^www\.bestlawyers\.com$" name=".*" />
+	<securecookie host="^www\.bestlawyers\.com$" name=".+" />
 
 
 	<!--	Cert doesn't match !www.	-->
-	<rule from="^http://(?:www\.)?bestlawyers\.com/"
-		to="https://www.bestlawyers.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Best-Masters-Degrees.xml b/src/chrome/content/rules/Best-Masters-Degrees.xml
index 761a8fdddeed..6ef03fed9f23 100644
--- a/src/chrome/content/rules/Best-Masters-Degrees.xml
+++ b/src/chrome/content/rules/Best-Masters-Degrees.xml
@@ -1,10 +1,10 @@
-<ruleset name="Best Master's Degrees" default_off="mismatch">
+<ruleset name="Best Master's Degrees" default_off="mismatched">
 
 	<!--	*.gridserver.com	-->
 	<target host="bestmastersdegrees.com"/>
 	<target host="www.bestmastersdegrees.com"/>
 
-	<securecookie host="^www\.bestmastersdegrees\.com$" name=".*"/>
+	<securecookie host="^www\.bestmastersdegrees\.com$" name=".+" />
 
 	<!--	!www redirects to www	-->
 	<rule from="^http://(?:www\.)?bestmastersdegrees\.com/"
diff --git a/src/chrome/content/rules/BestChange.org.xml b/src/chrome/content/rules/BestChange.org.xml
new file mode 100644
index 000000000000..e708872dab15
--- /dev/null
+++ b/src/chrome/content/rules/BestChange.org.xml
@@ -0,0 +1,23 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- www.bestchange.org
+
+-->
+<ruleset name="BestChange.org">
+
+	<target host="bestchange.org" />
+	<target host="www.bestchange.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.bestchange\.org$" name="^(PHPSESSID|userid)$" /-->
+
+	<securecookie host="^www\.bestchange\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BestOfferBuy.com.xml b/src/chrome/content/rules/BestOfferBuy.com.xml
new file mode 100644
index 000000000000..d9591d70383c
--- /dev/null
+++ b/src/chrome/content/rules/BestOfferBuy.com.xml
@@ -0,0 +1,23 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://bestofferbuy.com/ => https://www.bestofferbuy.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.bestofferbuy.com'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://bestofferbuy.com/ => https://www.bestofferbuy.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+	^: cert only matches www
+
+-->
+<ruleset name="BestOfferBuy.com" default_off="failed ruleset test">
+
+	<target host="bestofferbuy.com" />
+	<target host="www.bestofferbuy.com" />
+
+
+	<securecookie host="^\.(?:www\.)?bestofferbuy\.com$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?bestofferbuy\.com/"
+		to="https://www.bestofferbuy.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Best_Olive_Oils.xml b/src/chrome/content/rules/Best_Olive_Oils.xml
deleted file mode 100644
index 0d28171255bd..000000000000
--- a/src/chrome/content/rules/Best_Olive_Oils.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	CDN buckets:
-
-		- d2j28hyghlzp.cloudfront.net
-
-			- [1-4].bestoliveoils.com
-
-
-	Nonfunctional subdomains:
-
-		- (www.)	(record_too_long)
-
--->
-<ruleset name="Best Olive Oils (partial)">
-
-	<target host="*.bestoliveoils.com" />
-
-
-	<rule from="^https?://\d\.bestoliveoils\.com/"
-		to="https://d2j28hyghlzp.cloudfront.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Best_Practical.com.xml b/src/chrome/content/rules/Best_Practical.com.xml
new file mode 100644
index 000000000000..23c0abb04e9d
--- /dev/null
+++ b/src/chrome/content/rules/Best_Practical.com.xml
@@ -0,0 +1,17 @@
+<!--
+	Nonfunctional subdomains:
+
+		- blog		(dropped, typepad)
+		- static	(shows www)
+
+-->
+<ruleset name="Best Practical.com (partial)">
+
+	<target host="bestpractical.com" />
+	<target host="shop.bestpractical.com" />
+	<target host="www.bestpractical.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Best_VPN.com.xml b/src/chrome/content/rules/Best_VPN.com.xml
new file mode 100644
index 000000000000..188a55df63ec
--- /dev/null
+++ b/src/chrome/content/rules/Best_VPN.com.xml
@@ -0,0 +1,35 @@
+<!--
+	Insecure cookies are set for these domains and hosts:
+
+		- bestvpn.com
+		- .bestvpn.com
+		- www.bestvpn.com
+
+
+	Mixed content:
+
+		- Image from www.bestvpn-china.com *
+
+	* Unsecurable <= WP Engine
+
+-->
+<ruleset name="Best VPN.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="bestvpn.com" />
+	<target host="www.bestvpn.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?bestvpn\.com$" name="^X-Mapping-[a-z]{8}$" /-->
+	<!--securecookie host="^\.bestvpn\.com$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^(?:\.|www\.)?bestvpn\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bestcovery.com.xml b/src/chrome/content/rules/Bestcovery.com.xml
index 86429e59259d..1cbea82868ba 100644
--- a/src/chrome/content/rules/Bestcovery.com.xml
+++ b/src/chrome/content/rules/Bestcovery.com.xml
@@ -34,7 +34,14 @@
 <ruleset name="Bestcovery.com (partial)">
 
 	<target host="bestcovery.com" />
-	<target host="*.bestcovery.com" />
+	<target host="www.bestcovery.com" />
+	<target host="cdn.bestcovery.com" />
+	<target host="cdn1.bestcovery.com" />
+	<target host="cdn2.bestcovery.com" />
+	<target host="cdn3.bestcovery.com" />
+	<target host="cdn4.bestcovery.com" />
+	<target host="cdn5.bestcovery.com" />
+	<target host="cdn6.bestcovery.com" />
 
 
 	<!--	Tracking cookies:
@@ -48,4 +55,4 @@
 	<rule from="^http://cdn[1-6]?\.bestcovery\.com/"
 		to="https://d20no9q7bar3sq.cloudfront.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Bestmx.ru.xml b/src/chrome/content/rules/Bestmx.ru.xml
deleted file mode 100644
index 2e17d02a5b76..000000000000
--- a/src/chrome/content/rules/Bestmx.ru.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="bestmx.ru (partial)" default_off="self-signed">
-
-	<!--	www shows mail	-->
-	<target host="mail.bestmx.ru"/>
-
-	<rule from="^http://mail\.bestmx\.ru/"
-		to="https://mail.bestmx.ru/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Bet365-Group.xml b/src/chrome/content/rules/Bet365-Group.xml
index 0bfc50cdc403..1ed83bc76c14 100644
--- a/src/chrome/content/rules/Bet365-Group.xml
+++ b/src/chrome/content/rules/Bet365-Group.xml
@@ -1,23 +1,52 @@
-<!--	!functional:
-		- imstore	(banners included on 3rd-party websites)
+<!--
+	Other bet365 Group rulesets:
+
+		- bet365affiliates.com.xml
+
+
+	Nonfunctional hosts in *bet365.com:
+
+		- casino ʳ
+		- poker ʳ
+		- vegas ʳ
+
+	ʳ Refused
+
+
+	Insecure cookies are set for these hosts and domains: ᶜ
+
+		- .bet365.com
+		- www.bet365.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
 -->
-<ruleset name="bet365 Group (partial)">
+<ruleset name="bet365.com (partial)">
 
 	<target host="bet365.com"/>
-	<target host="*.bet365.com"/>
-	<target host="bet365affiliates.com"/>
-	<target host="www.bet365affiliates.com"/>
+	<target host="content001.bet365.com" />
+	<target host="games.bet365.com" />
+	<target host="members.bet365.com" />
+	<target host="www.bet365.com"/>
+
+		<!--	403 vs 200 blank page => fetch test would fail.
+									-->
+		<exclusion pattern="^http://members\.bet365\.com/$" />
+
+			<!--	-ve:
+					-->
+			<test url="http://members.bet365.com/Members/Helpers/site.aspx" />
+
 
-	<securecookie host="^(.*\.)?bet365\.com$" name=".*"/>
-	<securecookie host="^www.bet365affiliates.com$" name=".*"/>
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.bet365\.com$" name="^pstk$" /-->
+	<!--securecookie host="^www\.bet365\.com$" name="^(?:aps03|rmbs)$" /-->
 
-	<rule from="^http://bet365\.com/"
-		to="https://www.bet365.com/"/>
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(members|www)\.bet365\.com/"
-		to="https://members.bet365.com/"/>
 
-	<rule from="^http://(?:www\.)?bet365affiliates\.com/"
-		to="https://www.bet365affiliates.com/"/>
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Bet555.xml b/src/chrome/content/rules/Bet555.xml
deleted file mode 100644
index 808f635a7f34..000000000000
--- a/src/chrome/content/rules/Bet555.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Bet555">
-
-	<target host="bet555.eu" />
-	<target host="*.bet555.eu" />
-
-
-	<securecookie host="^(?:w*\.)?bet555\.eu$" name=".+" />
-
-
-	<rule from="^http://(www\.)?bet555\.eu/"
-		to="https://$1bet555.eu/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/BetCoin.tm.xml b/src/chrome/content/rules/BetCoin.tm.xml
new file mode 100644
index 000000000000..a07e744b265c
--- /dev/null
+++ b/src/chrome/content/rules/BetCoin.tm.xml
@@ -0,0 +1,31 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://luck.betcoin.tm/ => https://luck.betcoin.tm/: (6, 'Could not resolve host: luck.betcoin.tm')
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .betcoin.tm
+		- luck.betcoin.tm
+		- www.betcoin.tm
+
+-->
+<ruleset name="BetCoin.tm" default_off="failed ruleset test">
+
+	<target host="betcoin.tm" />
+	<target host="luck.betcoin.tm" />
+	<target host="www.betcoin.tm" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--ssecurecookie host="^\.betcoin\.tm$" name="^(incap_ses_\d+_\d+|nlbi_\d+|visid_incap_\d+)$" /-->
+	<!--ssecurecookie host="^(luck|www)\.betcoin\.tm$" name="^__utmv[a-zA-Z]+$" /-->
+
+	<securecookie host="^(?:luck|www)?\.betcoin\.tm$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Beta-and-Cie-mismatches.xml b/src/chrome/content/rules/Beta-and-Cie-mismatches.xml
index 271838c5acc4..ad9540e0a9d7 100644
--- a/src/chrome/content/rules/Beta-and-Cie-mismatches.xml
+++ b/src/chrome/content/rules/Beta-and-Cie-mismatches.xml
@@ -1,9 +1,8 @@
-<ruleset name="Beta &amp; Cie (mismatches)" default_off="mismatch">
+<ruleset name="Beta &amp; Cie (mismatches)" default_off="mismatched">
 
 	<!--	EdgeCast CDN	-->
 	<target host="img.tweetimag.es"/>
 
-	<rule from="^http://img\.tweetimag\.es/"
-		to="https://img.tweetimag.es/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Beta-and-Cie.xml b/src/chrome/content/rules/Beta-and-Cie.xml
index 0f422e4f2168..f33e76113cbd 100644
--- a/src/chrome/content/rules/Beta-and-Cie.xml
+++ b/src/chrome/content/rules/Beta-and-Cie.xml
@@ -1,4 +1,12 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cdn.betacie.com/ => https://cdn.betacie.net/: (51, "SSL: no alternative certificate subject name matches target host name 'cdn.betacie.net'")
+Fetch error: http://cdn.betacie.net/ => https://cdn.betacie.net/: (51, "SSL: no alternative certificate subject name matches target host name 'cdn.betacie.net'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://cdn.betacie.com/ => https://cdn.betacie.net/: (51, "SSL: no alternative certificate subject name matches target host name 'cdn.betacie.net'")
+Fetch error: http://cdn.betacie.net/ => https://cdn.betacie.net/: (51, "SSL: no alternative certificate subject name matches target host name 'cdn.betacie.net'")
 	Other Beta & Cie rulesets:
 
 		-FMyLife.com.xml
@@ -11,7 +19,7 @@
 		cdn.betacie.com		(cert: betaci.net)
 		img.tweetimg.se		(CDNetworks)
 -->
-<ruleset name="Beta &amp; Cie (partial)" platform="mixedcontent">
+<ruleset name="Beta &amp; Cie (partial)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="cdn.betacie.com"/>
 	<target host="cdn.betacie.net"/>
diff --git a/src/chrome/content/rules/Betanews.xml b/src/chrome/content/rules/Betanews.xml
deleted file mode 100644
index 36fcd95a9e8d..000000000000
--- a/src/chrome/content/rules/Betanews.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="Betanews (partial)" default_off="self-signed">
-
-	<target host="store.fileforum.com"/>
-
-	<rule from="^http://store\.fileforum\.com/"
-		to="https://store.fileforum.com/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Bethcodes.com.xml b/src/chrome/content/rules/Bethcodes.com.xml
new file mode 100644
index 000000000000..028eb3cecfef
--- /dev/null
+++ b/src/chrome/content/rules/Bethcodes.com.xml
@@ -0,0 +1,13 @@
+<!--
+	Invalid certificate:
+		bethcodes.com
+		www.bethcodes.com
+
+-->
+<ruleset name="Bethcodes.com">
+
+	<target host="blog.bethcodes.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bethesignal.org.xml b/src/chrome/content/rules/Bethesignal.org.xml
new file mode 100644
index 000000000000..c3bfaf74fb00
--- /dev/null
+++ b/src/chrome/content/rules/Bethesignal.org.xml
@@ -0,0 +1,7 @@
+<ruleset name="Bethesignal.org">
+        <target host="bethesignal.org" />
+        <target host="www.bethesignal.org" />
+
+        <rule from="^http:"
+                to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Bethsoft.com-falsemixed.xml b/src/chrome/content/rules/Bethsoft.com-falsemixed.xml
index b977d46e1abc..de4f62f29728 100644
--- a/src/chrome/content/rules/Bethsoft.com-falsemixed.xml
+++ b/src/chrome/content/rules/Bethsoft.com-falsemixed.xml
@@ -4,22 +4,18 @@
 -->
 <ruleset name="Bethsoft.com (false MCB)" platform="mixedcontent">
 
-	<target host="bethsoft.com" />
-	<target host="*.bethsoft.com" />
-		<!--
-			Handled in Bethsoft.com.xml:
-							-->
-		<exclusion pattern="^http://(?:www\.)?bethsoft\.com/(?:assets/|css/|favicon\.ico)" />
-		<exclusion pattern="^http://bgs\.bethsoft\.com/(?:[\w-]+\.css|favicon\.ico|images/)" />
-		<exclusion pattern="^http://(?:cdn|cdnstatic|content|fallout|geck|store)\." />
-		<exclusion pattern="^http://forums\.bethsoft\.com/(?:cache/|favicon\.ico|public/|uploads/)" />
-		<exclusion pattern="^http://support\.bethsoft\.com/(?:assets/|favicon\.ico|themes/)" />
+	<target host="adam.bethsoft.com" />
+	<target host="be3showcase.bethsoft.com" />
+	<target host="doom.bethsoft.com" />
+	<target host="eulas.bethsoft.com" />
+	<target host="forums.bethsoft.com" />
+	<target host="manuals.bethsoft.com" />
+	<target host="patches.bethsoft.com" />
+	<target host="wolfforums.bethsoft.com" />
 
+	<securecookie host=".+" name=".+" />
 
-	<securecookie host="^(?:.*\.)?bethsoft\.com$" name=".+" />
+	<rule from="^http:"
+		to="https:" />
 
-
-	<rule from="^http://(\w+\.)?bethsoft\.com/"
-		to="https://$1bethsoft.com/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Bethsoft.com.xml b/src/chrome/content/rules/Bethsoft.com.xml
index 461f624ffb76..6e236423d315 100644
--- a/src/chrome/content/rules/Bethsoft.com.xml
+++ b/src/chrome/content/rules/Bethsoft.com.xml
@@ -3,139 +3,73 @@
 
 	For other ZeniMax media coverage, see ZeniMax-Media.xml.
 
-
-	CDN buckets:
-
-		- d1ys1uetzexz61.cloudfront.net
-			- cdnstatic.bethsoft.com
-
-		- d1bjnur3wbumt5.cloudfront.net
-			- cdn.bethsoft.com
-
-		- d3o0v0yx1apq2.cloudfront.net
-			- content.bethsoft.com
-
-
-	Nonfunctional domains:
-
-		- geck.bethsoft.com	(shows login page)
-
-
-	Fully covered domains:
-
-		- *.bethsoft.com:
-
-			- cdn
-			- cdnstatic
-			- content
-			- fallout
-			- store
-
-
-	Partially covered subdomains:
-
-		- (www.) *
-		- bgs *
-		- forums *
-		- support *
-
-	* Avoiding false/broken MCB, rest handled in Bethsoft.com-falsemixed.xml
-
-
-	Observed cookie domains:
-
-		- ^
-		- .
-		- .bgs *
-		- fallout
-		- .fallout *
-		- .forums *
-		- store
-		- .store
-		- .support *
-
-	* Just tracking cookies
-
-
 	Mixed content:
 
 		- Scripts, on:
 
-			- bgs from cloud.github.com *
-			- bgs from ajax.googleapis.com *
-			- bgs from use.typekit.com *
 			- forums from static.zenimax.com *
-			- support from cdnstatic *
-			- www from cdn *
-			- www from use.typekit.com *
-
-		- css, on:
-
-			- store from cdnstatic *
-			- store from use.typekit.com *
-			- www from cdn *
 
 		- Images, on:
 
-			- fallout from cdnstatic *
 			- forums from cdnstatic *
 			- forums from static.zenimax.com *
-			- support from cdnstatic *
-			- support from content *
-			- www from cdnstatic *
-			- www from content *
-
-
-		- Web bugs, on:
-
-			- fallout from switch.atdmt.com *
-			- fallout from b.scorecardresearch.com *
-			- fallout from bp.specificclick.net *
-			- www from w.sharethis.com *
-
-	* Secured by us 
 
 
-	NB: We secure all resources, and thus
-	-falsemixed should be merged for Ffx 24.
+	* Secured by us
+
+	Mixed content (secured in Bethsoft.com-falsemixed.xml):
+		adam.bethsoft.com
+		be3showcase.bethsoft.com
+		doom.bethsoft.com
+		eulas.bethsoft.com
+		forums.bethsoft.com
+		manuals.bethsoft.com
+		patches.bethsoft.com
+		wolfforums.bethsoft.com
+
+	Invalid certificate:
+		aide.bethsoft.com
+		aiuto.bethsoft.com
+		ayuda.bethsoft.com
+		download.bethsoft.com
+		help.bethsoft.com
+		hilfe.bethsoft.com
+		ihra.bethsoft.com
+		jobs.bethsoft.com
+		rage.bethsoft.com
+		static.bethsoft.com
+		support.bethsoft.com
+		wet.bethsoft.com
+		wolfenstein.bethsoft.com
+
+	Refused:
+		anzbe3showcase.bethsoft.com
+
+	No working URL known:
+		content.bethsoft.com
+		facebook.bethsoft.com
+		meet.bethsoft.com
 
 -->
-<ruleset name="Bethsoft.com (partial)">
+<ruleset name="Bethsoft.com">
 
 	<target host="bethsoft.com" />
-	<target host="*.bethsoft.com" />
-		<exclusion pattern="^http://geck\." />
-		<!--
-			Avoid false/broken MCB:
-						-->
-		<exclusion pattern="^http://(?:www\.)?bethsoft\.com/(?!assets/|css/|favicon\.ico)" />
-		<exclusion pattern="^http://bgs\.bethsoft\.com/(?![\w-]+\.css|favicon\.ico|images/)" />
-		<exclusion pattern="^http://forums\.bethsoft\.com/(?!cache/|favicon\.ico|public/|uploads/)" />
-		<exclusion pattern="^http://support\.bethsoft\.com/(?!assets/|favicon\.ico|themes/)" />
-		
-
-	<!--securecookie host="^\.bethsoft\.com$" name="^(main_modtids|main_session_id|__unam|__utm\w)$" /-->
-	<!--
-		Uncomment this when -falsemixed.xml is merged back:
-									-->
-	<!--securecookie host="^(?:.*\.)?bethsoft\.com$" name=".+" /-->
-	<!--
-		Must avoid forums cookies while separate:
-							-->
-	<securecookie host="^\.bethsoft\.com$" name="__u\w+$" />
-	<securecookie host=".+\.bethsoft\.com$" name=".+" />
-
-
-	<rule from="^http://cdn\.bethsoft\.com/"
-		to="https://d1bjnur3wbumt5.cloudfront.net/" />
-
-	<rule from="^http://cdnstatic\.bethsoft\.com/"
-		to="https://d1ys1uetzexz61.cloudfront.net/" />
-
-	<rule from="^http://content\.bethsoft\.com/"
-		to="https://d3o0v0yx1apq2.cloudfront.net/" />
-
-	<rule from="^http://(\w+\.)?bethsoft\.com/"
-		to="https://$1bethsoft.com/" />
-
-</ruleset>
\ No newline at end of file
+	<target host="www.bethsoft.com" />
+	<target host="bgs.bethsoft.com" />
+	<target host="cdn.bethsoft.com" />
+		<test url="http://cdn.bethsoft.com/quake/dopa.rar" />
+	<target host="cdnstatic.bethsoft.com" />
+		<test url="http://cdnstatic.bethsoft.com/bethblog.com/wp-content/uploads/2013/02/Rage%20Tool%20Kit%20FAQ.pdf" />
+	<target host="fallout.bethsoft.com" />
+	<target host="geck.bethsoft.com" />
+	<target host="insiders.bethsoft.com" />
+	<target host="playtest.bethsoft.com" />
+	<target host="press.bethsoft.com" />
+	<target host="store.bethsoft.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Betnet.fr.xml b/src/chrome/content/rules/Betnet.fr.xml
deleted file mode 100644
index 35c1d994af1a..000000000000
--- a/src/chrome/content/rules/Betnet.fr.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!-- This rule was automatically generated based on an HSTS
-     preload rule in the Chromium browser.  See 
-     https://src.chromium.org/viewvc/chrome/trunk/src/net/base/transport_security_state.cc
-     for the list of preloads.  Sites are added to the Chromium HSTS
-     preload list on request from their administrators, so HTTPS should
-     work properly everywhere on this site.
- 
-     Because Chromium and derived browsers automatically force HTTPS for
-     every access to this site, this rule applies only to Firefox. -->
-<ruleset name="Betnet.fr" platform="firefox">
-  <target host="betnet.fr" />
-  <target host="www.betnet.fr" />
-
-  <securecookie host="^betnet\.fr$" name=".+" />
-  <securecookie host="^www\.betnet\.fr$" name=".+" />
-
-  <rule from="^http://(www\.)?betnet\.fr/" to="https://www.betnet.fr/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Betram-Trading.xml b/src/chrome/content/rules/Betram-Trading.xml
index ecd5eee1ffcc..4391648a5d80 100644
--- a/src/chrome/content/rules/Betram-Trading.xml
+++ b/src/chrome/content/rules/Betram-Trading.xml
@@ -1,8 +1,21 @@
-<ruleset name="Betram Trading (partial)">
+<!--
+	Betram Trading
 
+	Other Betram Trading rulesets:
+
+		- Dawsonera.xml
+
+-->
+<ruleset name="Betrams.com (partial)">
+
+	<target host="bertrams.com"/>
+	<target host="betabls.bertrams.com"/>
 	<target host="images.bertrams.com"/>
+	<target host="libraryservices.bertrams.com"/>
+	<target host="www.bertrams.com"/>
+
 
-	<rule from="^http://images\.bertrams\.com/"
-		to="https://images.bertrams.com/"/>
+	<rule from="^http:"
+		to="https:"/>
 
 </ruleset>
diff --git a/src/chrome/content/rules/Better-Business-Bureau-mismatches.xml b/src/chrome/content/rules/Better-Business-Bureau-mismatches.xml
deleted file mode 100644
index 1eb07095a831..000000000000
--- a/src/chrome/content/rules/Better-Business-Bureau-mismatches.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="Better Business Bureau (mismatches)" default_off="mismatches">
-
-	<target host="seflorida.bbb.org"/>
-	<target host="www.seflorida.bbb.org"/>
-
-	<rule from="^http://(?:www\.)?seflorida\.bbb\.org/"
-		to="https://seflorida.bbb.org/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Better-Business-Bureau.xml b/src/chrome/content/rules/Better-Business-Bureau.xml
index 6f9879f40ff3..070f0f109e24 100644
--- a/src/chrome/content/rules/Better-Business-Bureau.xml
+++ b/src/chrome/content/rules/Better-Business-Bureau.xml
@@ -1,48 +1,133 @@
-<ruleset name="Better Business Bureau (partial)" platform="mixedcontent">
+<!--
+	Better Business Bureau
 
-	<target host="bbb.org"/>
-	<target host="hurdman.app.bbb.org"/>
-	<target host="*.bbb.org"/>
-		<!--	expired, self-signed, shows "domain has just been registered" page
-			(www.)dcbbb.org redirects here		-->
-		<exclusion pattern="^http://(?:www\.)?dc\."/>
-		<exclusion pattern="http://(?:www\.)?seflorida\."/>
-	<target host="www.*.bbb.org"/>
-	<target host="bbbonline.org"/>
-	<target host="www.bbbonline.org"/>
-	<target host="bbbsilicon.org" />
-	<target host="www.bbbsilicon.org" />
-	<target host="labbb.org"/>
-	<target host="www.labbb.org"/>
+	Other Better Business Bureau rulesets:
 
+		- BBB_Online.org.xml
+		- BBB_Silicon.org.xml
 
-	<securecookie host="^.*\.bbb\.org$" name=".*" />
-	<securecookie host="^(.*\.)?bbbsilicon\.org$" name=".*" />
-	<securecookie host="^www\.labbb\.org$" name=".*"/>
 
+	Nonfunctional domains:
 
-	<!--	cert invalid	-->
-	<rule from="^https?://(?:www\.)?la\.?bbb\.org/"
-		to="https://www.labbb.org/"/>
+		- (www.)?labbb.org *
 
-	<rule from="^http://bbb\.org/"
-		to="https://www.bbb.org/"/>
+	* Refused
 
-	<rule from="^http://(?:www\.)?([\w\-]+)\.bbb\.org/"
-		to="https://$1.bbb.org/"/>
 
-	<rule from="^http://hurdman\.app\.bbb\.org/"
-		to="https://hurdman.app.bbb.org/"/>
+	Problematic hosts in *bbb.org:
+
+		- www.dc *
+		- www.la *
+		- www.sanjose *
+		- www.setflorida *
+		- www.us *
+
+	* Mismatched
+
+
+	Fully covered domains:
+
+		- hurdman.app.bbb.org
+		- sanjose.app.bbb.org
+
+		- (www.)?[\w-]+.bbb.org:	(www → ^)
+
+			- assets
+			- charityreports
+			- (www.)?dc
+			- (www.)?la
+			- (www.)?sanjose
+			- (www.)?seflorida
+			- seal-centralalabama
+			- seal-goldengate
+			- seal-newyork
+			- us
+			- www
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .bbb.org
+		- (area).app.bbb.org
+		- assets.bbb.org
+		- charityreports.bbb.org
+		- .goldengate.bbb.org
+		- seal-(area).bbb.org
+
+
+	Mixed content:
+
+		- Images, on:
 
-	<!--	cert doesn't match 	-->
-	<rule from="^https?://(?:www\.)?bbbonline\.org/cks\.asp\?id=(\d+)"
-		to="https://www.bbb.org/us/bbb-online-business/?id=$1"/>
+			- charityreports from assets.bbb.org *
+			- www from $self *
 
-	<rule from="^http://(www\.)?bbbsilicon\.org/"
-		to="https://$1bbbsilicon.org/" />
+	* Secured by us
+
+-->
+<ruleset name="BBB.org">
+
+	<target host="bbb.org" />
+	<target host="*.bbb.org" />
+
+	<!--target host="labbb.org"/-->
+	<!--target host="www.labbb.org"/-->
+
+		<!--	Redirects to (200) unavailable.html
+								-->
+		<exclusion pattern="^http://www\.bbb\.org/\w+/business-reviews/\w+/\w" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.bbb.org/kitchener/business-reviews/movers/kingsway-van-lines-in-markham-on-1297240" />
+			<test url="http://www.bbb.org/kitchener/business-reviews/movers/megacity-storage-in-north-york-on-1136682" />
+			<test url="http://www.bbb.org/kitchener/business-reviews/movers/metropolitan-movers-durham-in-oshawa-on-1332540" />
+
+		<!--	Direct rewrites:
+					-->
+		<test url="http://hurdman.app.bbb.org/abs/login.html" />
+		<test url="http://sanjose.app.bbb.org/abs/login.html" />
+		<test url="http://assets.bbb.org/" />
+		<test url="http://assets.bbb.org/images/seals/aC-seal-horizontal.png" />
+		<test url="http://charityreports.bbb.org/" />
+		<test url="http://charityreports.bbb.org/public/seal.aspx?ID=34521032010" />
+		<test url="http://dc.bbb.org/" />
+		<test url="http://la.bbb.org/" />
+		<test url="http://mwco.bbb.org/" />
+		<test url="http://sanjose.bbb.org/" />
+		<test url="http://seal-newyork.bbb.org/seals/black-seal-200-42-whitetxt-dashlane-1.png" />
+		<test url="http://seflorida.bbb.org/" />
+		<test url="http://us.bbb.org/" />
+
+		<!--	Complications:
+					-->
+		<test url="http://www.dc.bbb.org/" />
+		<test url="http://www.la.bbb.org/" />
+		<test url="http://www.sanjose.bbb.org/" />
+		<test url="http://www.seflorida.bbb.org/" />
+		<test url="http://www.us.bbb.org/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.bbb\.org$" name="^(__qca|BBBLocationName|BBBSite|PHPSESSID)$" /-->
+	<!--securecookie host="^\.(goldengate\.)?bbb\.org$" name="^logolink$" /-->
+	<!--securecookie host="^(hurdman|sanjose)\.app\.bbb\.org$" name="^bbb$" /-->
+	<!--securecookie host="^assets\.bbb\.org$" name="^NSC_.*" /-->
+	<!--securecookie host="^sanjose\.app\.bbb\.org$" name="^(before|current|previous)$" /-->
+	<!--securecookie host="^charityreports\.bbb\.org$" name="^(ASP\.NET_SessionId|BBB_Cookie)$" /-->
+	<!--securecookie host="seal-area\.bbb\.org$" name="^BBB_Cookie$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<!--rule from="^http://(?:www\.)?labbb\.org/"
+		to="https://www.labbb.org/"/-->
+
+	<rule from="^http://www\.([\w-]+)\.bbb\.org/"
+		to="https://$1.bbb.org/"/>
 
-	<!--	Cert doens't match.	-->
-	<rule from="^https?://(?:www\.)?sanjose\.bbb\.org/"
-		to="https://bbbsilicon.org/" />
+	<rule from="^http://((?:[\w-]+|(?:hurdman|sanjose)\.app)\.)?bbb\.org/"
+		to="https://$1bbb.org/"/>
 
 </ruleset>
diff --git a/src/chrome/content/rules/BetterBills.com.au.xml b/src/chrome/content/rules/BetterBills.com.au.xml
new file mode 100644
index 000000000000..c05258b1037a
--- /dev/null
+++ b/src/chrome/content/rules/BetterBills.com.au.xml
@@ -0,0 +1,13 @@
+<!--
+	^: mismatched
+
+-->
+<ruleset name="BetterBills.com.au">
+
+	<target host="betterbills.com.au" />
+	<target host="www.betterbills.com.au" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BetterBills.com.xml b/src/chrome/content/rules/BetterBills.com.xml
new file mode 100644
index 000000000000..ca676a9d4ae9
--- /dev/null
+++ b/src/chrome/content/rules/BetterBills.com.xml
@@ -0,0 +1,16 @@
+<ruleset name="BetterBills.com">
+
+	<target host="betterbills.com" />
+	<target host="www.betterbills.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.betterbills\.com$" name="^_splitit_session$" /-->
+
+	<securecookie host="^www\.betterbills\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BetterExplained.com.xml b/src/chrome/content/rules/BetterExplained.com.xml
new file mode 100644
index 000000000000..c59ab72981a5
--- /dev/null
+++ b/src/chrome/content/rules/BetterExplained.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="BetterExplained.com">
+	<target host="betterexplained.com" />
+	<target host="www.betterexplained.com" />
+	<target host="aha.betterexplained.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/BetterFap.com.xml b/src/chrome/content/rules/BetterFap.com.xml
new file mode 100644
index 000000000000..5437885e63a4
--- /dev/null
+++ b/src/chrome/content/rules/BetterFap.com.xml
@@ -0,0 +1,16 @@
+<!--
+	No working URL known:
+		i.betterfap.com
+
+-->
+<ruleset name="BetterFap.com">
+	<target host="betterfap.com"/>
+	<target host="www.betterfap.com"/>
+	<target host="m.betterfap.com"/>
+	<target host="status.betterfap.com"/>
+	<target host="test.betterfap.com"/>
+	<target host="thumb.betterfap.com"/>
+		<test url="http://thumb.betterfap.com/BF%20Rank.png"/>
+
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/Better_Place.org.xml b/src/chrome/content/rules/Better_Place.org.xml
new file mode 100644
index 000000000000..d757a1f3657e
--- /dev/null
+++ b/src/chrome/content/rules/Better_Place.org.xml
@@ -0,0 +1,13 @@
+<ruleset name="Better Place.org">
+
+	<target host="betterplace.org" />
+	<target host="asset1.betterplace.org" />
+	<target host="www.betterplace.org" />
+
+		<test url="http://asset1.betterplace.org/uploads/organisation/profile_picture/000/028/334/fill_100x100_logo.png" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Better_Sales.se.xml b/src/chrome/content/rules/Better_Sales.se.xml
index 16bf8c5007df..d5886925f570 100644
--- a/src/chrome/content/rules/Better_Sales.se.xml
+++ b/src/chrome/content/rules/Better_Sales.se.xml
@@ -14,4 +14,4 @@
 	<rule from="^http://(?:www\.)?bettersales\.se/"
 		to="https://bettersales.se/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Betts.xml b/src/chrome/content/rules/Betts.xml
new file mode 100644
index 000000000000..81b2f4dbaf8c
--- /dev/null
+++ b/src/chrome/content/rules/Betts.xml
@@ -0,0 +1,14 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://betts.com.au/ => https://betts.com.au/: (51, "SSL: no alternative certificate subject name matches target host name 'betts.com.au'")
+Fetch error: http://www.betts.com.au/ => https://www.betts.com.au/: Too many redirects while fetching 'https://www.betts.com.au/'
+
+-->
+<ruleset name="Betts" default_off="failed ruleset test">
+	<target host="betts.com.au" />
+	<target host="www.betts.com.au" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Beuc.net.xml b/src/chrome/content/rules/Beuc.net.xml
new file mode 100644
index 000000000000..e032046751ca
--- /dev/null
+++ b/src/chrome/content/rules/Beuc.net.xml
@@ -0,0 +1,11 @@
+<ruleset name="Beuc.net">
+	<target host="beuc.net" />
+	<target host="www.beuc.net" />
+	<target host="android-rebuilds.beuc.net" />
+	<target host="blog.beuc.net" />
+	<target host="dink-translation.beuc.net" />
+	<target host="renpy.beuc.net" />
+	<target host="sdl.beuc.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Beyond-Security.xml b/src/chrome/content/rules/Beyond-Security.xml
index 1a7fab654116..9407bbb81546 100644
--- a/src/chrome/content/rules/Beyond-Security.xml
+++ b/src/chrome/content/rules/Beyond-Security.xml
@@ -1,26 +1,70 @@
-<ruleset name="Beyond Security">
+<!--
+	Other Beyond Security rulesets:
+
+		- ScanMyServer.com.xml
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- cloud2.beyondsecurity.com
+		- cloud3.beyondsecurity.com
+		- sp-us.beyondsecurity.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Beyond Security.com (partial)">
 
 	<target host="beyondsecurity.com" />
 	<target host="*.beyondsecurity.com" />
+
+		<exclusion pattern="^http://(?:[^./]+\.){2,}beyondsecurity\.com/" />
+
+			<!--	+ve:
+					-->
+			<test url="http://this.host.beyondsecurity.com/" />
+			<test url="http://exists.not.beyondsecurity.com/" />
+
+		<!--	Pages started redirecting to http.
+								-->
+		<!--exclusion pattern="^http://www\.beyondsecurity\.com/(?:.+\.html)?(?:$|\?)" /-->
 		<!--
-			Pages started redirecting to http.
+			Now others have started to 404...:
 								-->
-		<exclusion pattern="^http://(?:www\.)?beyondsecurity\.com/(?:.+\.html)?(?:$|\?)" />
-
+		<!--exclusion pattern="^http://www\.beyondsecurity\.com/scan_pentest_network_vulnerabilities_web_server_cross_site_scripting$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.beyondsecurity\.com/(?!/*assets/)" />
 
-	<!--	Observed cookies:
+			<!--	+ve:
+					-->
+			<test url="http://www.beyondsecurity.com/2logins.html" />
+			<test url="http://www.beyondsecurity.com/network_scanner.html" />
+			<test url="http://www.beyondsecurity.com/network_security.html" />
+			<test url="http://www.beyondsecurity.com/pen_testing.html" />
+			<test url="http://www.beyondsecurity.com/scan_pentest_network_vulnerabilities_web_server_cross_site_scripting" />
 
-			- sp-us
+			<!--	-ve:
 					-->
-	<securecookie host="^.*\.beyondsecurity\.com$" name=".*" />
+			<test url="http://www.beyondsecurity.com/assets/css/default/default.css" />
+			<test url="http://www.beyondsecurity.com/assets/img/beyond-security-logo.png" />
 
-	<!--	Observed subdomains:
+		<test url="http://cloud2.beyondsecurity.com/" />
+		<test url="http://cloud3.beyondsecurity.com/" />
+		<test url="http://seal.beyondsecurity.com/verification-images/scanmyserver.com/vulnerability-scanner-8.gif" />
+		<test url="http://secure.beyondsecurity.com/verification-images/forum-tc.msi.com/vulnerability-scanner-2.gif" />
+		<test url="http://sp-us.beyondsecurity.com/my_account" />
 
-			- secure
-			- sp-us
-			- www
+
+	<!--	Not secured by server:
 					-->
-	<rule from="^http://(\w+\.)?beyondsecurity\.com/"
-		to="https://$1beyondsecurity.com/" />
+	<!--securecookie host="^(?:cloud[23]|sp-us)\.beyondsecurity\.com$" name="^CGISESSID$" /-->
+
+	<securecookie host="^(?!www\.)." name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Bezeq_International.xml b/src/chrome/content/rules/Bezeq_International.xml
index 759b0f01023b..0e16cc2ff1dd 100644
--- a/src/chrome/content/rules/Bezeq_International.xml
+++ b/src/chrome/content/rules/Bezeq_International.xml
@@ -1,21 +1,57 @@
+
 <!--
-	Nonfunctional domains:
+Disabled by https-everywhere-checker because:
+Fetch error: http://bcontrol.bezeqint.net/ => https://bcontrol.bezeqint.net/: (28, 'Connection timed out after 20003 milliseconds')
+Fetch error: http://newchat.bezeqint.net/ => https://newchat.bezeqint.net/: (6, 'Could not resolve host: newchat.bezeqint.net')
 
-		- (www.)bezeqint.co.il *
-		- (www.)bezeqint.net *
+	Bezeq International
 
-	* Times out
+	For other Bezeq coverage, see bezeq.co.il.xml.
 
--->
-<ruleset name="Bezeq International (partial)">
 
+	Nonfunctional hosts in *bezeqint.net:
+
+		- ikeeper ᵈ
+		- routers ᵈ
+		- speedtest ʳ
+
+	ᵈ Dropped
+	ʳ Refused
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- bezeqint.net
+		- hos.bezeqint.net
+		- online.bezeqint.net
+		- pbu.bezeqint.net
+		- www.bezeqint.net
+
+-->
+<ruleset name="BezeqInt.net (partial)" default_off="failed ruleset test">
+
+	<target host="bezeqint.net" />
+	<target host="bcontrol.bezeqint.net" />
+	<target host="campaign.bezeqint.net" />
+	<target host="portal.cloudisc.bezeqint.net" />
+	<target host="hos.bezeqint.net" />
+	<target host="newchat.bezeqint.net" />
 	<target host="online.bezeqint.net" />
+	<target host="pbu.bezeqint.net" />
+	<target host="www.bezeqint.net" />
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:hos)?\.bezeqint\.net$" name="^TS[\da-f]{8}$" /-->
+	<!--securecookie host="^online\.bezeqint\.net$" name="^(?:JSESSIONID|TS[\da-f]{8})$" /-->
+	<!--securecookie host="^pbu\.bezeqint\.net$" name="^BIGipServer" /-->
+	<!--securecookie host="^www\.bezeqint\.net$" name="^(?:BIGipServer|TS[\da-f]{8}$)" /-->
 
-	<securecookie host="^online\.bezeqint\.net$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://online\.bezeqint\.net/"
-		to="https://online.bezeqint.net/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Bezos_Expeditions.xml b/src/chrome/content/rules/Bezos_Expeditions.xml
index 7605637ae058..36e8653e1070 100644
--- a/src/chrome/content/rules/Bezos_Expeditions.xml
+++ b/src/chrome/content/rules/Bezos_Expeditions.xml
@@ -1,14 +1,22 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://bezosexpeditions.com/ => https://www.bezosexpeditions.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.bezosexpeditions.com'")
+Fetch error: http://www.bezosexpeditions.com/ => https://www.bezosexpeditions.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.bezosexpeditions.com'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://bezosexpeditions.com/ => https://www.bezosexpeditions.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.bezosexpeditions.com'")
+Fetch error: http://www.bezosexpeditions.com/ => https://www.bezosexpeditions.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.bezosexpeditions.com'")
 	!www doesn't work.
 
 -->
-<ruleset name="Bezos Expeditions">
+<ruleset name="Bezos Expeditions" default_off="failed ruleset test">
 
 	<target host="bezosexpeditions.com" />
 	<target host="www.bezosexpeditions.com" />
 
 
-	<rule from="^https?://(?:www\.)?bezosexpeditions\.com/"
+	<rule from="^http://(?:www\.)?bezosexpeditions\.com/"
 		to="https://www.bezosexpeditions.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/BfArM.de.xml b/src/chrome/content/rules/BfArM.de.xml
new file mode 100644
index 000000000000..523bdc31f52c
--- /dev/null
+++ b/src/chrome/content/rules/BfArM.de.xml
@@ -0,0 +1,31 @@
+<!--
+	Federal Institute for Drugs and Medical Devices
+
+	Refused:
+		bfarm-connect2.bfarm.de
+
+	Timeout:
+		nebenwirkung.bfarm.de
+		shuttle.bfarm.de
+		smail.bfarm.de
+
+	Unable to get local issuer certificate:
+		bfarm-connect.bfarm.de
+-->
+<ruleset name="BfArM.de">
+
+	<target host="www.bfarm.de" />
+	<target host="awbdb.bfarm.de" />
+	<target host="customer-survey.bfarm.de" />
+	<target host="mail.bfarm.de" />
+	<target host="paracelsus.bfarm.de" />
+	<target host="extranet.public.bfarm.de" />
+	<target host="webapps.public.bfarm.de" />
+	<target host="servicedesk.bfarm.de" />
+	<target host="www2.bfarm.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BfDI.bund.de.xml b/src/chrome/content/rules/BfDI.bund.de.xml
new file mode 100644
index 000000000000..deb4d88c8376
--- /dev/null
+++ b/src/chrome/content/rules/BfDI.bund.de.xml
@@ -0,0 +1,18 @@
+<!--
+	For other bund.de coverages, see Verwaltung_Online.xml.
+
+	Timeout:
+		info
+		service
+-->
+<ruleset name="BfDI.bund.de">
+	<!-- Federal Commissioner for Data Protection and Freedom of Information -->
+
+	<target host="bfdi.bund.de" />
+	<target host="www.bfdi.bund.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BfR.bund.de.xml b/src/chrome/content/rules/BfR.bund.de.xml
new file mode 100644
index 000000000000..044f1e3d5b18
--- /dev/null
+++ b/src/chrome/content/rules/BfR.bund.de.xml
@@ -0,0 +1,41 @@
+<!--
+	For other bund.de coverages, see Verwaltung_Online.xml.
+
+	Invalid certificate:
+		- evaluation.bfr.bund.de
+		- mobil.bfr.bund.de
+		- www.mobil.bfr.bund.de
+
+	Refused:
+		- shiny.bfr.bund.de
+
+	Timeout:
+		- ns.bfr.bund.de
+
+	Unable to get local issuer certificate:
+		- webservice.bfr.bund.de
+-->
+<ruleset name="BfR.bund.de">
+
+	<target host="bfr.bund.de" />
+	<target host="www.bfr.bund.de" />
+	<target host="app-vergiftungen.bfr.bund.de" />
+	<target host="apps.bfr.bund.de" />
+	<target host="datasync.bfr.bund.de" />
+	<target host="download.bfr.bund.de" />
+	<target host="foodrisklabs.bfr.bund.de" />
+	<target host="liquidtabs.bfr.bund.de" />
+	<target host="silebat.bfr.bund.de" />
+	<target host="softlabs.bfr.bund.de" />
+	<target host="webmail.bfr.bund.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<!-- Invalid certificate on https://bfr.bund.de/,
+	http://bfr.bund.de/ redirects to http://www.bfr.bund.de/ -->
+	<rule from="^http://bfr\.bund\.de/"
+		to="https://www.bfr.bund.de/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bgentry.io.xml b/src/chrome/content/rules/Bgentry.io.xml
new file mode 100644
index 000000000000..92b6ab3ef15a
--- /dev/null
+++ b/src/chrome/content/rules/Bgentry.io.xml
@@ -0,0 +1,40 @@
+<!--
+	NB: Tor users cannot view* this website due to CloudFlare settings.
+
+	See:
+
+		- https://blog.torproject.org/blog/call-arms-helping-internet-services-accept-anonymous-users
+		- https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block-Tor-
+		- https://support.cloudflare.com/hc/en-us/articles/200170206-How-do-I-turn-I-m-Under-Attack-mode-on-
+
+	* without enabling javascript, for security and privacy implications see e.g.:
+
+		- https://www.mozilla.org/security/known-vulnerabilities/firefox.html
+		- https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-fingerprinting
+		- https://panopticlick.eff.org
+
+
+	Insecure cookies are set for these domains:
+
+		- .bgentry.io
+
+-->
+<ruleset name="bgentry.io">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="bgentry.io" />
+	<target host="www.bgentry.io" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.bgentry\.io$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bgm.tv.xml b/src/chrome/content/rules/Bgm.tv.xml
new file mode 100644
index 000000000000..d8fbef93bdfb
--- /dev/null
+++ b/src/chrome/content/rules/Bgm.tv.xml
@@ -0,0 +1,20 @@
+<!--
+	Mismatch:
+		doujin.chii.in
+		doujin.bangumi.tv
+-->
+<ruleset name="Bgm.tv">
+	<target host="bangumi.tv" />
+	<target host="www.bangumi.tv" />
+	<target host="bgm.tv" />
+	<target host="www.bgm.tv" />
+	<target host="doujin.bgm.tv" />
+	<target host="lain.bgm.tv" />
+	<target host="navi.bgm.tv" />
+	<target host="chii.in" />
+	<target host="www.chii.in" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Bhiab.se.xml b/src/chrome/content/rules/Bhiab.se.xml
deleted file mode 100644
index 41e3afc36db8..000000000000
--- a/src/chrome/content/rules/Bhiab.se.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="Bhiab.se">
-  <target host="www.bhiab.se" />
-  <target host="bhiab.se" />
-  <rule from="^http://www\.bhiab\.se/" to="https://www.bhiab.se/"/>
-  <rule from="^http://bhiab\.se/" to="https://bhiab.se/"/>
-</ruleset>
-
diff --git a/src/chrome/content/rules/BiB.bund.de.xml b/src/chrome/content/rules/BiB.bund.de.xml
new file mode 100644
index 000000000000..c423e07fb595
--- /dev/null
+++ b/src/chrome/content/rules/BiB.bund.de.xml
@@ -0,0 +1,14 @@
+<!--
+	For other bund.de coverages, see Verwaltung_Online.xml.
+-->
+<ruleset name="BiB.bund.de">
+	<!-- Federal Institute for Population Research -->
+
+	<target host="bib.bund.de" />
+	<target host="www.bib.bund.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bia2.com.xml b/src/chrome/content/rules/Bia2.com.xml
new file mode 100644
index 000000000000..be9017d72af9
--- /dev/null
+++ b/src/chrome/content/rules/Bia2.com.xml
@@ -0,0 +1,35 @@
+<!--
+	Fully covered hosts in *bia2.com:
+
+		- (www.)?
+		- staging
+		- static
+
+
+	Insecure cookies are set for these hosts:
+
+		- staging.bia2.com
+		- www.bia2.com
+
+-->
+<ruleset name="Bia2.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="bia2.com" />
+	<target host="staging.bia2.com" />
+	<target host="static.bia2.com" />
+	<target host="www.bia2.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(staging|www)\.bia2\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^(?:staging|www)\.bia2\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Biallo.de.xml b/src/chrome/content/rules/Biallo.de.xml
new file mode 100644
index 000000000000..311497d5ee25
--- /dev/null
+++ b/src/chrome/content/rules/Biallo.de.xml
@@ -0,0 +1,17 @@
+<!--
+	Mixed content:
+
+		- Images from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Biallo.de">
+
+	<target host="biallo.de" />
+	<target host="www.biallo.de" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Biapy.fr.xml b/src/chrome/content/rules/Biapy.fr.xml
index 945b1b80ae4f..6f5221dcb2aa 100644
--- a/src/chrome/content/rules/Biapy.fr.xml
+++ b/src/chrome/content/rules/Biapy.fr.xml
@@ -1,4 +1,14 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://biapy.fr/ => https://biapy.fr/: (51, "SSL: no alternative certificate subject name matches target host name 'biapy.fr'")
+
+-->
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://biapy.fr/ => https://biapy.fr/: (51, "SSL: no alternative certificate subject name matches target host name 'biapy.fr'")
+
 	Fully covered subdomains:
 
 		- (www.)
@@ -13,13 +23,14 @@
 	* Secured by us
 
 -->
-<ruleset name="Biapy.fr">
+<ruleset name="Biapy.fr" default_off="failed ruleset test">
 
 	<target host="biapy.fr" />
-	<target host="*.biapy.fr" />
+	<target host="piwik.biapy.fr" />
+	<target host="rss.biapy.fr" />
+	<target host="www.biapy.fr" />
 
 
-	<rule from="^http://((?:piwik|rss|www)\.)?biapy\.fr/"
-		to="https://$1biapy.fr/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Bibbitec.xml b/src/chrome/content/rules/Bibbitec.xml
index 85684087d64c..51d5339982a3 100644
--- a/src/chrome/content/rules/Bibbitec.xml
+++ b/src/chrome/content/rules/Bibbitec.xml
@@ -1,13 +1,19 @@
-<ruleset name="bibbitec">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://bibbitec.com/ => https://bibbitec.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.bibbitec.com/ => https://www.bibbitec.com/: (28, 'Connection timed out after 20008 milliseconds')
+
+-->
+<ruleset name="bibbitec" default_off="failed ruleset test">
 
 	<target host="bibbitec.com" />
-	<target host="*.bibbitec.com" />
+	<target host="www.bibbitec.com" />
 
 
 	<securecookie host="^\.www\.bibbitec\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?bibbitec\.com/"
-		to="https://$1bibbitec.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Bible.com.xml b/src/chrome/content/rules/Bible.com.xml
new file mode 100644
index 000000000000..e1dd6575262d
--- /dev/null
+++ b/src/chrome/content/rules/Bible.com.xml
@@ -0,0 +1,18 @@
+<!--
+	Non-functional hosts
+		Timeout was reached:
+		- share.bible.com
+
+		SSL peer certificate was not OK:
+		- free.bible.com
+-->
+<ruleset name="Bible.com">
+	<target host="bible.com" />
+	<target host="www.bible.com" />
+	<target host="app.bible.com" />
+	<target host="events.bible.com" />
+	<target host="nodejs.bible.com" />
+	<test url="http://nodejs.bible.com/assets/style.main.4e4c1183999a10efd085c69bc1cf27d0.css" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/BibleSociety.co.za.xml b/src/chrome/content/rules/BibleSociety.co.za.xml
new file mode 100644
index 000000000000..25276761b305
--- /dev/null
+++ b/src/chrome/content/rules/BibleSociety.co.za.xml
@@ -0,0 +1,6 @@
+<ruleset name="BibleSociety.co.za" platform="mixedcontent">
+	<target host="biblesociety.co.za" />
+	<target host="www.biblesociety.co.za" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Bible_Gateway.com.xml b/src/chrome/content/rules/Bible_Gateway.com.xml
new file mode 100644
index 000000000000..9fdad21a910d
--- /dev/null
+++ b/src/chrome/content/rules/Bible_Gateway.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="Bible Gateway.com">
+
+	<target host="biblegateway.com" />
+	<target host="www.biblegateway.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BiblioCommons.com.xml b/src/chrome/content/rules/BiblioCommons.com.xml
new file mode 100644
index 000000000000..a01521f9b144
--- /dev/null
+++ b/src/chrome/content/rules/BiblioCommons.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Invalid certificate:
+		careers.bibliocommons.com
+
+-->
+<ruleset name="BiblioCommons">
+	<target host="bibliocommons.com" />
+	<target host="*.bibliocommons.com" />
+		<test url="http://austin.bibliocommons.com/" />
+		<test url="http://bpl.bibliocommons.com/" />
+		<test url="http://calgary.bibliocommons.com/" />
+		<test url="http://hpl.bibliocommons.com/" />
+		<test url="http://logan.bibliocommons.com/" />
+		<test url="http://marinet.bibliocommons.com/" />
+		<test url="http://partnerportal.bibliocommons.com/" />
+		<test url="http://portlandlibrary.bibliocommons.com/" />
+		<test url="http://seattle.bibliocommons.com/" />
+		<test url="http://sfpl.bibliocommons.com/" />
+		<test url="http://vpl.bibliocommons.com/" />
+		<exclusion pattern="^http://careers\.bibliocommons\.com" />
+			<test url="http://careers.bibliocommons.com/" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Biciperros.org.xml b/src/chrome/content/rules/Biciperros.org.xml
new file mode 100644
index 000000000000..12ca3c5652b4
--- /dev/null
+++ b/src/chrome/content/rules/Biciperros.org.xml
@@ -0,0 +1,17 @@
+<!--
+	CN: localhost
+
+-->
+<ruleset name="Biciperros.org" default_off="self-signed">
+
+	<target host="biciperros.org" />
+	<target host="www.biciperros.org" />
+
+
+	<securecookie host="^(?:www\.)?biciperros\.org$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?biciperros\.org/"
+		to="https://biciperros.org/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BidBubble.com.xml b/src/chrome/content/rules/BidBubble.com.xml
index 385c9301e335..5faa856fc4f9 100644
--- a/src/chrome/content/rules/BidBubble.com.xml
+++ b/src/chrome/content/rules/BidBubble.com.xml
@@ -1,4 +1,12 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://bidbubble.com/ => https://bidbubble.com/: (51, "SSL: no alternative certificate subject name matches target host name 'bidbubble.com'")
+Fetch error: http://nz.bidbubble.com/ => https://nz.bidbubble.com/: (51, "SSL: no alternative certificate subject name matches target host name 'nz.bidbubble.com'")
+Fetch error: http://www.bidbubble.com/ => https://www.bidbubble.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.bidbubble.com'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://bidbubble.com/ => https://bidbubble.com/: (51, "SSL: no alternative certificate subject name matches target host name 'bidbubble.com'")
 	Mixed content:
 
 		- css, on:
@@ -15,16 +23,16 @@
 	* Secured by us
 
 -->
-<ruleset name="BidBubble.com (false MCB)" platform="mixedcontent">
+<ruleset name="BidBubble.com (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="bidbubble.com" />
-	<target host="*.bidbubble.com" />
+	<target host="nz.bidbubble.com" />
+	<target host="www.bidbubble.com" />
 
 
 	<securecookie host="^\.bidbubble\.com$" name=".+" />
 
 
-	<rule from="^http://(nz\.|www\.)?bidbubble\.com/"
-		to="https://$1bidbubble.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/BidCactus.com.xml b/src/chrome/content/rules/BidCactus.com.xml
deleted file mode 100644
index 9e3cc80fe80e..000000000000
--- a/src/chrome/content/rules/BidCactus.com.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="BidCactus.com">
-
-	<target host="bidcactus.com" />
-	<target host="*.bidcactus.com" />
-
-
-	<securecookie host="^\.bidcactus\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?bidcactus\.com/"
-		to="https://$1bidcactus.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/BidItBob.com.xml b/src/chrome/content/rules/BidItBob.com.xml
index afc1e9bb63f3..289dd8848feb 100644
--- a/src/chrome/content/rules/BidItBob.com.xml
+++ b/src/chrome/content/rules/BidItBob.com.xml
@@ -5,13 +5,12 @@
 <ruleset name="BidItBob.com">
 
 	<target host="biditbob.com" />
-	<target host="*.biditbob.com" />
+	<target host="www.biditbob.com" />
 
 
 	<securecookie host="^(?:w*\.)?biditbob\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?biditbob\.com/"
-		to="https://$1biditbob.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Biddeal.xml b/src/chrome/content/rules/Biddeal.xml
index a9fe5ed6b528..1fa27895b08a 100644
--- a/src/chrome/content/rules/Biddeal.xml
+++ b/src/chrome/content/rules/Biddeal.xml
@@ -1,8 +1,12 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.biddeal.com/ => https://www.biddeal.com/: (60, 'SSL certificate problem: certificate has expired')
+
 	^biddeal.com redirects to notset.com over http
 
 -->
-<ruleset name="Biddeal">
+<ruleset name="Biddeal" default_off="failed ruleset test">
 
 	<target host="www.biddeal.com" />
 
@@ -10,7 +14,6 @@
 	<securecookie host="^\.(?:www\.)?biddeal\.com$" name=".+" />
 
 
-	<rule from="^http://www\.biddeal\.com/"
-		to="https://www.biddeal.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Bidswitch.net.xml b/src/chrome/content/rules/Bidswitch.net.xml
new file mode 100644
index 000000000000..a276dfd39867
--- /dev/null
+++ b/src/chrome/content/rules/Bidswitch.net.xml
@@ -0,0 +1,29 @@
+<!--
+	Fully covered hosts in *bidswitch.net:
+
+		- x
+
+
+	Insecure cookies are set for these domains:
+
+		- .bidswitch.net
+
+-->
+<ruleset name="bidswitch.net">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="x.bidswitch.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.bidswitch\.net$" name="^tuuid$" /-->
+
+	<securecookie host="^\.bidswitch\.net$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bidtellect.com.xml b/src/chrome/content/rules/Bidtellect.com.xml
new file mode 100644
index 000000000000..0f2bfef1570a
--- /dev/null
+++ b/src/chrome/content/rules/Bidtellect.com.xml
@@ -0,0 +1,39 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://bidtellect.com/ => https://bidtellect.com/: (7, 'Failed to connect to bidtellect.com port 443: Connection refused')
+
+	Other Bidtellect rulesets:
+
+		- Bttrack.com.xml
+
+
+	Mixed content:
+
+		- css, on:
+
+			- dsp from fonts.googleapis.com ˢ
+			- www from maxcdn.bootstrapcdn.com ˢ
+
+		- Images, on:
+
+			- dsp from $self ˢ
+			- www from ^bidtellect.com ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="Bidtellect.com" default_off="failed ruleset test">
+
+	<target host="bidtellect.com" />
+	<target host="dsp.bidtellect.com" />
+	<target host="www.bidtellect.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bidz.com.xml b/src/chrome/content/rules/Bidz.com.xml
index 141410d9868d..45be60c69ea9 100644
--- a/src/chrome/content/rules/Bidz.com.xml
+++ b/src/chrome/content/rules/Bidz.com.xml
@@ -1,10 +1,14 @@
-<ruleset name="Bidz.com (partial)">
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://bidz.com/ => https://www.bidz.com/: (7, 'Failed to connect to www.bidz.com port 443: Connection refused')
+-->
+<ruleset name="Bidz.com (partial)" default_off="refused">
 
 	<target host="bidz.com"/>
 	<target host="*.bidz.com"/>
 		<exclusion pattern="^http://blog\."/>
 
-	<securecookie host=".*bidz\.com$" name=".*"/>
+	<securecookie host=".*\.bidz\.com$" name=".+" />
 
 	<rule from="^http://bidz\.com/"
 		to="https://www.bidz.com/"/>
diff --git a/src/chrome/content/rules/Big-Change.xml b/src/chrome/content/rules/Big-Change.xml
index 717e137c572f..c12aaf230b52 100644
--- a/src/chrome/content/rules/Big-Change.xml
+++ b/src/chrome/content/rules/Big-Change.xml
@@ -1,14 +1,14 @@
 <ruleset name="Big Change">
 
 	<target host="bigchangeuk.co.uk" />
+	<target host="www.bigchangeuk.co.uk" />
 	<!--	* for cross-domain cookie.	-->
-	<target host="*.bigchangeuk.co.uk" />
 
 
-	<securecookie host="^\.bigchangeuk\.co\.uk$" name=".*" />
 
+	<securecookie host="^\.bigchangeuk\.co\.uk$" name=".+" />
 
-	<rule from="^http://(www\.)?bigchangeuk\.co\.uk/"
-		to="https://$1bigchangeuk.co.uk/" />
+
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/BigBrotherAwards.de.xml b/src/chrome/content/rules/BigBrotherAwards.de.xml
index 167071e1d50b..c7984b916b15 100644
--- a/src/chrome/content/rules/BigBrotherAwards.de.xml
+++ b/src/chrome/content/rules/BigBrotherAwards.de.xml
@@ -2,9 +2,14 @@
 	<target host="bigbrotherawards.de" />
 	<target host="www.bigbrotherawards.de" />
 
-	<rule from="^http://(?:www\.)?bigbrotherawards\.de/" to="https://www.bigbrotherawards.de/" />
 
-	<!-- Invoking https://bigbrotherawards.de/ produces a certificate error, so redirect
-	https://bigbrotherawards.de/ to https://www.bigbrotherawards.de/ -->
-	<rule from="^https://bigbrotherawards\.de/" to="https://www.bigbrotherawards.de/" />
-</ruleset>
\ No newline at end of file
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.bigbrotherawards\.de$" name="^I18N_LANGUAGE$" /-->
+
+	<securecookie host="^www\.bigbrotherawards\.de$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BigCartel.com.xml b/src/chrome/content/rules/BigCartel.com.xml
new file mode 100644
index 000000000000..b017f64dfd67
--- /dev/null
+++ b/src/chrome/content/rules/BigCartel.com.xml
@@ -0,0 +1,21 @@
+<ruleset name="BigCartel.com">
+
+	<target host="bigcartel.com" />
+	<target host="*.bigcartel.com" />
+	
+		<test url="http://www.bigcartel.com/" />
+		<test url="http://blog.bigcartel.com/" />
+		<test url="http://status.bigcartel.com/" />
+	
+		<exclusion pattern="^http://shop\.bigcartel\.com/" />
+			<test url="http://shop.bigcartel.com/" />
+	
+		<!-- Each user gets its own subdomain -->
+		<test url="http://josearoda.bigcartel.com/" />
+		<test url="http://marcmartin.bigcartel.com/" />
+		<test url="http://palaeoiris.bigcartel.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BigCommerce.xml b/src/chrome/content/rules/BigCommerce.xml
index 5b3cbcfb50ed..e80373b7951e 100644
--- a/src/chrome/content/rules/BigCommerce.xml
+++ b/src/chrome/content/rules/BigCommerce.xml
@@ -15,6 +15,10 @@
 		<exclusion pattern="^http://www\.mybigcommerce\.com/$" />
 
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="\.client_domain\.mybigcommerce\.com$" name="^(SHOP_SESSION_TOKEN|fornax_anonymousId|fornax_lastIdentify)$" /-->
+
 	<securecookie host="^(?:account|support|www)\.bigcommerce\.com$" name=".+" />
 	<securecookie host="^www\.interspire\.com$" name=".+" />
 	<securecookie host=".*\.mybigcommerce\.com$" name=".+" />
@@ -23,7 +27,7 @@
 	<rule from="^http://(?:my)?bigcommerce\.com/"
 		to="https://www.bigcommerce.com/" />
 
-	<rule from="^http://(account|apps|cdn[12]|support|www)\.bigcommerce\.com/"
+	<rule from="^http://(account|apps|cdn\d*|support|www)\.bigcommerce\.com/"
 		to="https://$1.bigcommerce.com/" />
 
 	<rule from="^http://(?:www\.)?interspire\.com/"
diff --git a/src/chrome/content/rules/BigHugeLabs.xml b/src/chrome/content/rules/BigHugeLabs.xml
index 73bfd172bbea..4dc9a38d6488 100644
--- a/src/chrome/content/rules/BigHugeLabs.xml
+++ b/src/chrome/content/rules/BigHugeLabs.xml
@@ -5,13 +5,13 @@
 <ruleset name="BigHugeLabs">
 
 	<target host="bighugelabs.com" />
-	<target host="*.bighugelabs.com" />
+	<target host="www.bighugelabs.com" />
 
 
 	<securecookie host="^\.bighugelabs\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?bighugelabs\.com/"
+	<rule from="^http://(?:www\.)?bighugelabs\.com/"
 		to="https://bighugelabs.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/BigV.io.xml b/src/chrome/content/rules/BigV.io.xml
new file mode 100644
index 000000000000..23957a698444
--- /dev/null
+++ b/src/chrome/content/rules/BigV.io.xml
@@ -0,0 +1,22 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://manager.bigv.io/ => https://manager.bigv.io/: (7, 'Failed to connect to manager.bigv.io port 443: No route to host')
+
+	For other Bytemark Hosting coverage, see Bytemark.co.uk.xml.
+
+-->
+<ruleset name="BigV.io" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="bigv.io" />
+	<target host="manager.bigv.io" />
+	<target host="signup.bigv.io" />
+	<target host="www.bigv.io" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Big_Brother_Watch.xml b/src/chrome/content/rules/Big_Brother_Watch.xml
index 081913d9f136..3d3e6abdac7a 100644
--- a/src/chrome/content/rules/Big_Brother_Watch.xml
+++ b/src/chrome/content/rules/Big_Brother_Watch.xml
@@ -1,17 +1,28 @@
 <!--
 	!www cert: www.taxpayersalliance.com
 
+
+	Mixed content:
+
+		- Images from $self *
+
+	* Secured by us
+
 -->
-<ruleset name="Big Brother Watch">
+<ruleset name="Big Brother Watch.org.uk">
 
 	<target host="bigbrotherwatch.org.uk" />
-	<target host="*.bigbrotherwatch.org.uk" />
+	<target host="www.bigbrotherwatch.org.uk" />
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.bigbrotherwatch\.org\.uk$" name="^w3tc_referrer$" /-->
 
 	<securecookie host="^(?:www)?\.bigbrotherwatch\.org\.uk$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?bigbrotherwatch\.org\.uk/"
+	<rule from="^http://(?:www\.)?bigbrotherwatch\.org\.uk/"
 		to="https://www.bigbrotherwatch.org.uk/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Big_Cartel.xml b/src/chrome/content/rules/Big_Cartel.xml
deleted file mode 100644
index 549d2b89ceb2..000000000000
--- a/src/chrome/content/rules/Big_Cartel.xml
+++ /dev/null
@@ -1,36 +0,0 @@
-<!--
-	CDN buckets:
-
-		- d3m7eij7f8iwln.cloudfront.net
-			- cache[01].bigcartel.com
-
-
-	Nonfunctional subdomains:
-
-		- (www.) *
-		- directory *
-		- help
-		- \w+ *		(unique subdomains for clients)
-
-	* At least some pages redirect to http
-
-
-	Fully covered subdomains:
-
-		- assets
-		- assets\d+
-		- cache[01]
-
--->
-<ruleset name="Big Cartel (partial)">
-
-	<target host="*.bigcartel.com" />
-
-
-	<rule from="^http://assets(\d+)?\.bigcartel\.com/"
-		to="https://assets$1.bigcartel.com/" />
-
-	<rule from="^https?://cache[01]\.bigcartel\.com/"
-		to="https://d3m7eij7f8iwln.cloudfront.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Big_Live.com.xml b/src/chrome/content/rules/Big_Live.com.xml
deleted file mode 100644
index 5cd50d602609..000000000000
--- a/src/chrome/content/rules/Big_Live.com.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Big Live.com">
-
-	<target host="biglive.com" />
-	<target host="*.biglive.com" />
-
-
-	<securecookie host="^(?:www)?\.biglive\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?biglive\.com/"
-		to="https://$1biglive.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Big_Nerd_Ranch.xml b/src/chrome/content/rules/Big_Nerd_Ranch.xml
index b0611ee89ded..5e7e12835fce 100644
--- a/src/chrome/content/rules/Big_Nerd_Ranch.xml
+++ b/src/chrome/content/rules/Big_Nerd_Ranch.xml
@@ -1,9 +1,7 @@
-<!--
-	Cert only matches www
-
--->
-<ruleset name="Big Nerd Ranch">
+<ruleset name="Big Nerd Ranch.com">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="bignerdranch.com" />
 	<target host="www.bignerdranch.com" />
 
@@ -11,7 +9,7 @@
 	<securecookie host="^www\.bignerdranch\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?bignerdranch\.com/"
-		to="https://www.bignerdranch.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Bigboxsave.xml b/src/chrome/content/rules/Bigboxsave.xml
deleted file mode 100644
index d81f788e977d..000000000000
--- a/src/chrome/content/rules/Bigboxsave.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Bigboxsave.com">
-
-	<target host="bigboxsave.com" />
-	<target host="*.bigboxsave.com" />
-
-
-	<securecookie host="^.*\.bigboxsave\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?bigboxsave\.com/"
-		to="https://$1bigboxsave.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Bigdinosaur.org.xml b/src/chrome/content/rules/Bigdinosaur.org.xml
deleted file mode 100644
index e3d65cd1a4e9..000000000000
--- a/src/chrome/content/rules/Bigdinosaur.org.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<ruleset name="Bigdinosaur.org">
-
-	<target host="bigdinosaur.org" />
-	<target host="*.bigdinosaur.org" />
-
-
-	<!--	!www presents Google certificate.
-							-->
-	<rule from="^https?://(?:www\.)?bigdinosaur\.org/"
-		to="https://www.bigdinosaur.org/" />
-
-	<rule from="^http://blog\.bigdinosaur\.org/"
-		to="https://blog.bigdinoosaur.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Biggest_Loser_Club.com.xml b/src/chrome/content/rules/Biggest_Loser_Club.com.xml
new file mode 100644
index 000000000000..0ec06dc5d92d
--- /dev/null
+++ b/src/chrome/content/rules/Biggest_Loser_Club.com.xml
@@ -0,0 +1,21 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://biggestloserclub.com/ => https://www.biggestloserclub.com/: (60, 'SSL certificate problem: self signed certificate')
+
+	^: refused
+
+-->
+<ruleset name="Biggest Loser Club.com" default_off="failed ruleset test">
+
+	<target host="biggestloserclub.com" />
+	<target host="www.biggestloserclub.com" />
+
+
+	<securecookie host="^[.w]*\.biggestloserclub\.com$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?biggestloserclub\.com/"
+		to="https://www.biggestloserclub.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bigjocker.com.xml b/src/chrome/content/rules/Bigjocker.com.xml
new file mode 100644
index 000000000000..715a2bed9ff9
--- /dev/null
+++ b/src/chrome/content/rules/Bigjocker.com.xml
@@ -0,0 +1,28 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://bigjocker.com/ => https://bigjocker.com/: (7, 'Failed to connect to bigjocker.com port 443: Connection refused')
+Fetch error: http://www.bigjocker.com/ => https://www.bigjocker.com/: (7, 'Failed to connect to www.bigjocker.com port 443: Connection refused')
+
+-->
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://bigjocker.com/ => https://bigjocker.com/: (35, 'error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol')
+Fetch error: http://www.bigjocker.com/ => https://www.bigjocker.com/: (35, 'error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol')
+
+-->
+<ruleset name="bigjocker.com" default_off="failed ruleset test">
+
+	<target host="bigjocker.com" />
+	<target host="www.bigjocker.com" />
+
+
+	<!--	Secured by server:
+					-->
+	<!--securecookie host="^(www\.)?bigjocker\.com$" name="^JSESSIONID$" /-->
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Biglobe.xml b/src/chrome/content/rules/Biglobe.xml
index cd28ebad29f3..ecda74e0606a 100644
--- a/src/chrome/content/rules/Biglobe.xml
+++ b/src/chrome/content/rules/Biglobe.xml
@@ -10,7 +10,6 @@
 	<target host="api.sso.biglobe.ne.jp" />
 
 
-	<rule from="^http://api\.sso\.biglobe\.ne\.jp/"
-		to="https://api.sso.biglobe.ne.jp/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Bigmir.net-falsemixed.xml b/src/chrome/content/rules/Bigmir.net-falsemixed.xml
new file mode 100644
index 000000000000..306449b5b62e
--- /dev/null
+++ b/src/chrome/content/rules/Bigmir.net-falsemixed.xml
@@ -0,0 +1,44 @@
+<!--
+	For rules not causing false/broken MCB, see Bigmirnet.xml.
+
+
+	Fully covered subdomains:
+
+		- antivirus
+		- auto
+		- cards
+		- dnevnik
+		- games
+		- goroskop
+		- info
+		- mail
+		- map
+		- perevod
+		- photo
+		- search
+		- sport
+		- top
+
+-->
+<ruleset name="bigmir.net (false MCB)" platform="mixedcontent">
+
+	<!--target host="antivirus.bigmir.net" /-->
+	<target host="auto.bigmir.net" />
+	<!--target host="cards.bigmir.net" /-->
+	<!--target host="dnevnik.bigmir.net" /-->
+	<!--target host="games.bigmir.net" /-->
+	<!--target host="goroskop.bigmir.net" /-->
+	<!--target host="info.bigmir.net" /-->
+	<target host="mail.bigmir.net" />
+	<!--target host="map.bigmir.net" /-->
+	<!--target host="perevod.bigmir.net" /-->
+	<!--target host="photo.bigmir.net" /-->
+	<!--target host="search.bigmir.net" /-->
+	<target host="sport.bigmir.net" />
+	<!--target host="top.bigmir.net" /-->
+
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bigmirnet.xml b/src/chrome/content/rules/Bigmirnet.xml
index bc4d8a31ce5a..b48b34056a53 100644
--- a/src/chrome/content/rules/Bigmirnet.xml
+++ b/src/chrome/content/rules/Bigmirnet.xml
@@ -1,11 +1,140 @@
-<ruleset name="Bigmirnet (partial)" platform="mixedcontent">
 
-	<target host="auto.bigmir.net"/>
-	<target host="dnevnik.bigmir.net"/>
-	<target host="i.bigmir.net"/>
-	<target host="ivona.bigmir.net"/>
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://s.bigmir.net/ => https://s.bigmir.net/: (7, 'Failed to connect to info.bigmir.net port 443: Connection refused')
 
-	<rule from="^http://(auto|dnevnik|i|ivona)\.bigmir\.net/"
-		to="https://$1.bigmir.net/"/>
+	For rules causing false/broken MCB, see Bigmir.net-falsemixed.xml.
+
+	Other bigmir rulesets:
+
+		- MPort.ua.xml
+
+
+	Nonfunctional subdomains:
+
+		- autosale ¹
+		- c ²
+		- finance ³
+		- ivona ³
+		- prikol ³
+		- techno ³
+		- tour ³
+
+	¹ 403
+	² Handshake fails
+	³ Dropped
+
+
+	Problematic subdomains:
+
+		- afisha ¹
+		- antivirus ¹
+		- auto ¹
+		- cards ¹
+		- dnevnik ¹
+		- games ¹
+		- goroskop ¹
+		- info ¹
+		- mail ¹
+		- map ¹
+		- market ²
+		- perevod ¹
+		- photo ¹
+		- search ¹
+		- top ¹
+		- weather ¹
+
+	¹ Mixed css
+	² Mismatched, CN: technoportal.ua
+
+
+	Fully covered subdomains:
+
+		- i
+		- id
+		- m
+		- passport
+		- s
+
+
+	Insecure cookies are set for these domains:
+
+		- .bigmir.net
+
+
+	Mixed content:
+
+
+		- Flash on afisha from bm.img.com.ua ¹
+
+		- iframe on mail from id ¹
+
+		- css, on:
+
+			- afisha, antivirus, auto, cards, games, goroskop, info, mail, map, market, perevod, photo, search, sport, top, weather from bm.img.com.ua ¹
+			- map from asset1.mapia.au ²
+
+		- Fonts on afisha, auto, cards, games, goroskop, mail, market, perevod, photo, sport, top, weather from www.bigmir.net ³
+
+		- Images, on:
+
+			- afisha from www.adobe.com ¹
+			- afisha, antivirus, auto, cards, dnevnik, games, goroskop, info, m, mail, map, market, perevod, photo, search, sport, top, weather from bm.img.com.ua ¹
+			- afisha from v.img.com.ua ³
+			- antivirus, cards, dnevnik, photo from i ¹
+			- auto, sport from sport.img.com.ua ³
+			- map from mapia.au ⁴
+			- map from asset1.mapia.au ²
+			- market from i.technoportal.ua ¹
+			- photo from os1.img.com.ua ³
+
+		- favicon on antivirus, auto, cards, dnevnik, games, goroskop, mail, map, market, perevod, photo, search, sport, top, weather from bm.img.com.ua ¹
+
+		- Ads/bugs, on:
+
+			- afisha, auto, cards, dnevnik, games, goroskop, m, mail, map, market, perevod, photo, sport, weather from c ⁵
+			- auto from market ¹
+			- auto, cards, games, goroskop, id, mail, passport, perevod, photo, search, sport, top, weather from juke.mmi.bemobile.ua ¹
+			- dnevnik from www.facebook.com ¹
+			- dnevnik from platform.twitter.com ¹
+			- goroskop from h.holder.com.ua
+			- map from counter.rambler.ru ¹
+			- map from c1.web-visor.com
+			- market from i.technoportal.ua ¹
+			- search from ad.adriver.ru ¹
+	¹ Secured by us
+	² Unsecurable <= refused
+	³ Unsecurable <= dropped
+	⁴ Unsecurable <= 400
+	⁵ Unsecurable <= reset
+
+-->
+<ruleset name="bigmir.net (partial)" default_off="failed ruleset test">
+
+	<target host="i.bigmir.net" />
+	<target host="id.bigmir.net" />
+	<target host="market.bigmir.net" />
+		<!--
+			Differs from technoportal:
+							-->
+		<!--exclusion pattern="^http://market\.bigmir\.net/+($|\?|cnt/)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://market\.bigmir\.net/+(?!css/|i/|/img/)" />
+	<target host="passport.bigmir.net" />
+	<target host="s.bigmir.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.bigmir\.net$" name="^(BMPS|bm_geo_location_id|weather_geo_location_\d+)$" /-->
+
+
+	<rule from="^http://market\.bigmir\.net/"
+		to="https://technoportal.ua/" />
+
+	<rule from="^http://(id?|m|passport|s)\.bigmir\.net/"
+		to="https://$1.bigmir.net/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Bigstock.xml b/src/chrome/content/rules/Bigstock.xml
index 60e957fe7b9f..21b9a0e2400f 100644
--- a/src/chrome/content/rules/Bigstock.xml
+++ b/src/chrome/content/rules/Bigstock.xml
@@ -1,41 +1,55 @@
 <!--
-	CDN buckets:
-
-		- static.bigstockphoto.com.edgesuite.net
-
-		- static2.bigstockphoto.com.edgesuite.net
-
-			- static[2-9].bigstockphoto.com
-
-
-	Problematic domains:
-
-		- help.bigstockphoto.com	(redirects to http; mismatched, CN: *.zendesk.com)
-		- static.bigstockphoto.com	(akamai)
-
-
-	Some pages redirect to http.
+	No working URL known:
+		static.bigstockphoto.com
+		ssl.bigstockimages.com
+
+	Invalid certificate:
+		p.bigstockphoto.com
+			<test url="http://p.bigstockphoto.com\/aNu3ntp8TsmenTiR0wcn_34291184.jpg" />
+		static0.bigstockphoto.com
+			<test url="http://static0.bigstockphoto.com/thumbs/7/6/1/large1500/16724738.jpg" />
+		static1.bigstockphoto.com
+			<test url="http://static1.bigstockphoto.com/thumbs/7/6/1/large1500/16724738.jpg" />
+		static2.bigstockphoto.com
+			<test url="http://static2.bigstockphoto.com/thumbs/7/6/1/large1500/16724738.jpg" />
+		static3.bigstockphoto.com
+			<test url="http://static3.bigstockphoto.com/thumbs/7/6/1/large1500/16724738.jpg" />
+		static4.bigstockphoto.com
+			<test url="http://static4.bigstockphoto.com/thumbs/7/6/1/large1500/16724738.jpg" />
+		static5.bigstockphoto.com
+			<test url="http://static5.bigstockphoto.com/thumbs/7/6/1/large1500/16724738.jpg" />
+		static6.bigstockphoto.com
+			<test url="http://static6.bigstockphoto.com/thumbs/7/6/1/large1500/16724738.jpg" />
+		static7.bigstockphoto.com
+			<test url="http://static7.bigstockphoto.com/thumbs/7/6/1/large1500/16724738.jpg" />
+		static8.bigstockphoto.com
+			<test url="http://static8.bigstockphoto.com/thumbs/7/6/1/large1500/16724738.jpg" />
+		static9.bigstockphoto.com
+			<test url="http://static9.bigstockphoto.com/thumbs/7/6/1/large1500/16724738.jpg" />
+		t5.bigstockimages.com
+
+	Redirect to http:
+		blog.bigstockphoto.com
 
 -->
-<ruleset name="Bigstock (partial)">
+<ruleset name="Bigstock">
 
-	<target host="bigstockimages.com" />
-	<target host="*.bigstockimages.com" />
 	<target host="bigstockphoto.com" />
-	<target host="*.bigstockphoto.com" />
-		<exclusion pattern="^http://(?:www\.)?bigstockphoto\.com/(?!(?:cart|login|subscribe)(?:$|\?|/)|css/|files/|images/|javascript/|js_translation/|serverside/login\.php|thumbs/)" />
+	<target host="www.bigstockphoto.com" />
+		<exclusion pattern="^http://www\.bigstockphoto\.com/blog/" />
+			<test url="http://www.bigstockphoto.com/blog//" />
+	<target host="affiliate.bigstockphoto.com" />
+	<target host="affiliates.bigstockphoto.com" />
+	<target host="api.bigstockphoto.com" />
+	<target host="free.bigstockphoto.com" />
+	<target host="help.bigstockphoto.com" />
 
+	<target host="bigstockimages.com" />
+	<target host="www.bigstockimages.com" />
 
 	<securecookie host="^\.bigstockimages\.com$" name=".+" />
 
-
-	<rule from="^http://(www\.)?bigstockimages\.com/"
-		to="https://$1bigstockimages.com/" />
-
-	<rule from="^http://(?:static\d*\.|(www\.))?bigstockphoto\.com/"
-		to="https://$1bigstockphoto.com/" />
-
-	<rule from="^https?://help\.bigstockphoto\.com/(generated|system)/"
-		to="https://assets.zendesk.com/$1/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Bihira.com.xml b/src/chrome/content/rules/Bihira.com.xml
index 94143b1a000b..ccd881d49486 100644
--- a/src/chrome/content/rules/Bihira.com.xml
+++ b/src/chrome/content/rules/Bihira.com.xml
@@ -7,7 +7,6 @@
 	<securecookie host="^www\.bihira\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?bihira\.com/"
-		to="https://$1bihira.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Biicode.com.xml b/src/chrome/content/rules/Biicode.com.xml
new file mode 100644
index 000000000000..9be480f5df34
--- /dev/null
+++ b/src/chrome/content/rules/Biicode.com.xml
@@ -0,0 +1,19 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://biicode.com/ => https://www.biicode.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.biicode.com/ => https://www.biicode.com/: (28, 'Connection timed out after 20000 milliseconds')
+
+	^: Refused
+
+-->
+<ruleset name="Biicode.com" default_off="failed ruleset test">
+
+	<target host="biicode.com" />
+	<target host="www.biicode.com" />
+
+
+	<rule from="^http://(?:www\.)?biicode\.com/"
+		to="https://www.biicode.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bike24.com.xml b/src/chrome/content/rules/Bike24.com.xml
new file mode 100644
index 000000000000..90b09d5e5381
--- /dev/null
+++ b/src/chrome/content/rules/Bike24.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="Bike24.com">
+  <target host="www.bike24.com" />
+
+  <securecookie host="^\.bike24\.com$" name=".+" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Bike24.de.xml b/src/chrome/content/rules/Bike24.de.xml
new file mode 100644
index 000000000000..d5762b6bc359
--- /dev/null
+++ b/src/chrome/content/rules/Bike24.de.xml
@@ -0,0 +1,6 @@
+<ruleset name="Bike24.de">
+  <target host="bike24.de" />
+  <target host="www.bike24.de" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Bikeji.com.xml b/src/chrome/content/rules/Bikeji.com.xml
new file mode 100644
index 000000000000..0a6dd5888c84
--- /dev/null
+++ b/src/chrome/content/rules/Bikeji.com.xml
@@ -0,0 +1,22 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://bikeji.com/ => https://bikeji.com/: (7, 'Failed to connect to bikeji.com port 443: Connection refused')
+Fetch error: http://www.bikeji.com/ => https://www.bikeji.com/: (7, 'Failed to connect to www.bikeji.com port 443: Connection refused')
+
+-->
+<ruleset name="bikeji.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="bikeji.com" />
+	<target host="www.bikeji.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BilBasen.dk.xml b/src/chrome/content/rules/BilBasen.dk.xml
new file mode 100644
index 000000000000..fc6797075152
--- /dev/null
+++ b/src/chrome/content/rules/BilBasen.dk.xml
@@ -0,0 +1,38 @@
+<!--
+	Non-functional subdomains:
+
+		- admin	(m)
+		- auktion	(t)
+		- blog	(h)
+		- forhandlere	(t)
+		- mail	(m)
+		- mktg	(m)
+		- support	(i)
+		- vpn	(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+
+
+	Host has wildcard DNS.
+-->
+<ruleset name="BilBasen">
+
+	<target host="bilbasen.dk" />
+	<target host="www.bilbasen.dk" />
+	<target host="api.bilbasen.dk" />
+	<target host="banner.bilbasen.dk" />
+	<target host="billeder.bilbasen.dk" />
+	<target host="gw.bilbasen.dk" />
+	<target host="resources.bilbasen.dk" />
+	<target host="static.bilbasen.dk" />
+	<target host="umbracoadmin.bilbasen.dk" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Bild.de-mixed.xml b/src/chrome/content/rules/Bild.de-mixed.xml
new file mode 100644
index 000000000000..37ac021c381b
--- /dev/null
+++ b/src/chrome/content/rules/Bild.de-mixed.xml
@@ -0,0 +1,13 @@
+<!--
+	For rules not causing MCB, see Bild.de.xml.
+
+-->
+<ruleset name="Bild.de (valid MCB)" platform="mixedcontent">
+
+	<target host="email.bild.de" />
+
+
+	<rule from="^http://email\.bild\.de/"
+		to="https://www.fagms.net/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bild.de.xml b/src/chrome/content/rules/Bild.de.xml
new file mode 100644
index 000000000000..b7bda52e1627
--- /dev/null
+++ b/src/chrome/content/rules/Bild.de.xml
@@ -0,0 +1,74 @@
+<!--
+	For rules causing valid MCB, see Bild.de-mixed.xml.
+
+
+	CDN buckets:
+
+		- bilder.bild.de.edgesuite.net
+		- wetter.bild.de.edgesuite.net
+		- www.bild.de.edgesuite.net
+
+
+	Nonfunctional subdomains:
+
+		^ ¹
+		- epaper ³
+		- impressum ¹
+		- www ²
+
+	¹ Dropped
+	² 504, akamai
+	³ Redirects to http; expired 2012-06-01, mismatched, CN: shop.fussball.de
+
+	Problematic subdomains:
+
+		- email *
+
+	* Works; mismatched, CN: www.fagms.net
+
+	Partially covered subdomains:
+
+		- email *	(→ www.fagms.net)
+
+	* Embeds css from an unsecurable domain, namely www.bild.de.
+	  The rest, causing valid MCB, is handled in Bild.de-mixedcontent.xml.
+
+	Mixed content:
+
+		- css on email from www ¹
+
+		- Images, on email from:
+
+			- $self ²
+
+	¹ Unsecurable
+	² Secured by us
+
+-->
+<ruleset name="Bild.de (partial)">
+
+	<target host="bilder.bild.de" />
+	<target host="don.bild.de" />
+	<target host="email.bild.de" />
+	<target host="json.bild.de" />
+	<target host="offer.bild.de" />
+	<target host="pixel.bild.de" />
+	<target host="rem-track.bild.de" />
+	<target host="wetter.bild.de" />
+
+	<target host="code.bildstatic.de" />
+		<test url="http://code.bildstatic.de/3.22.4-cats-release--17.22/min/targets/bild/default/js/simple/de.bild.slider.js" />
+
+	<!--	Server secures:
+				-->
+	<securecookie host="^don\.bild\.de$" name=".+" />
+
+	<!--	Appears to behave exactly the same:
+							-->
+	<rule from="^http://email\.bild\.de/(?!/*host/)"
+		to="https://www.fagms.net/" />
+
+	<rule from="^http:" to="https:"/>
+
+
+</ruleset>
diff --git a/src/chrome/content/rules/BiliGame.xml b/src/chrome/content/rules/BiliGame.xml
new file mode 100644
index 000000000000..e632b092f05e
--- /dev/null
+++ b/src/chrome/content/rules/BiliGame.xml
@@ -0,0 +1,87 @@
+<!--
+	Relate ruleset:
+		Bilibili.com.xml
+
+	MCB:
+		www.biligame.com	( https://www.biligame.com/gift.html )
+		aezj.biligame.com
+		bbs.biligame.com
+		cb.biligame.com
+		czqst.biligame.com
+		fgo.biligame.com	( https://fgo.biligame.com/dy/ )
+		hhth.biligame.com
+		ichu.biligame.com
+		li.biligame.com	( https://li.biligame.com/zl.html )
+		ma.biligame.com	( https://ma.biligame.com/code.html )
+		mlk.biligame.com
+		sj2.biligame.com
+		teos2.biligame.com
+		wpg.biligame.com
+		yuyue.biligame.com	( https://yuyue.biligame.com/zdbmgj/ the green button "点击预约" is broken.)
+
+	Mismatch:
+		99j.biligame.com
+		account.biligame.com
+		teos2.bbs.biligame.com
+		xwy.bbs.biligame.com
+		d.biligame.com
+		game-infoc.biligame.com
+		xsqst.biligame.com
+-->
+
+<ruleset name="BiliGame">
+
+	<target host="www.biligame.com" />
+		<exclusion pattern="^http://www\.biligame\.com/gift\.html" />
+		<test url="http://www.biligame.com/gift.html" />
+	<target host="100p.biligame.com" />
+	<target host="activity.biligame.com" />
+	<target host="ag.biligame.com" />
+	<target host="api.biligame.com" />
+	<target host="realtime.api.biligame.com" />
+	<target host="b-gift.biligame.com" />
+	<target host="bh3.biligame.com" />
+	<target host="bilibili.biligame.com" />
+	<target host="bnj.biligame.com" />
+	<target host="boxing.biligame.com" />
+	<target host="cyzr.biligame.com" />
+	<target host="dhh.biligame.com" />
+	<target host="djsy.biligame.com" />
+	<target host="eva.biligame.com" />
+	<target host="gf.biligame.com" />
+	<target host="gfxm.biligame.com" />
+	<target host="gtsn.biligame.com" />
+	<target host="hb.biligame.com" />
+	<target host="hlj.biligame.com" />
+	<target host="hxzj.biligame.com" />
+	<target host="hylr.biligame.com" />
+	<target host="hywz.biligame.com" />
+	<target host="jxsj.biligame.com" />
+	<target host="ka.biligame.com" />
+	<target host="kfq.biligame.com" />
+	<target host="madoka.biligame.com" />
+	<target host="ntdgm.biligame.com" />
+	<target host="oxmhj.biligame.com" />
+	<target host="passport.biligame.com" />
+	<target host="pkg.biligame.com" />
+	<target host="ro.biligame.com" />
+	<target host="sdmht.biligame.com" />
+	<target host="sglms.biligame.com" />
+	<target host="swqsl.biligame.com" />
+	<target host="tank.biligame.com" />
+	<target host="uosdk.biligame.com" />
+	<target host="wpg-api.biligame.com" />
+	<target host="xmds.biligame.com" />
+	<target host="ydsnywl.biligame.com" />
+	<target host="yjdyc.biligame.com" />
+	<target host="yzr2.biligame.com" />
+	<target host="zcsmw.biligame.com" />
+	<target host="zjsn.biligame.com" />
+	<target host="zwfz.biligame.com" />
+	<target host="zwhxq.biligame.com" />
+
+	<target host="ad.api.biligame.net" />
+	<target host="static.biligame.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Bilibili.com.xml b/src/chrome/content/rules/Bilibili.com.xml
new file mode 100644
index 000000000000..391ea8359138
--- /dev/null
+++ b/src/chrome/content/rules/Bilibili.com.xml
@@ -0,0 +1,104 @@
+<!--
+	Relate ruleset:
+		BiliGame.xml
+
+	CORS:
+		- www.bilibili.com
+			( No functional breakage. Test: https://bangumi.bilibili.com/22/ )
+		- api.bilibili.com
+			( Comments are not displaying properly. Test: http://h.bilibili.com/dy\d+ )
+		- data.bilibili.com
+			( No functional breakage. Test: http://h.bilibili.com/dy\d+ or http://bml.bilibili.com/index2016/ )
+
+	MCB:
+		- app.bilibili.com
+		- bangumi.bilibili.com
+		- big.bilibili.com	*
+		- bmall.bilibili.com	( css from static.hdslb.com , seems no Broken.)
+		- bml.bilibili.com
+		- h.bilibili.com
+	*	Test in https://big.bilibili.com/site/big.html , click the blue button "积分兑换大会员", requested an insecure resource 'http://vip.bilibili.com/site/vip-exchange-plugin.html?'. This request has been blocked, and now all buttons in the page are broken.
+
+	Mismatch:
+		- ^bilibili.com
+		- live-api.bilibili.com
+		- yoo.bilibili.com
+-->
+
+<ruleset name="Bilibili.com (partial)">
+
+	<!--	CORS:	-->
+	<target host="api.bilibili.com" />
+		<exclusion pattern="^http://api\.bilibili\.com/$" />
+		<test url="http://api.bilibili.com/x/web-show/res/loc?pf=0&#x26;id=142" />
+		<exclusion pattern="^http://api\.bilibili\.com/x/reply\?jsonp=jsonp" />
+		<test url="http://api.bilibili.com/x/reply?jsonp=jsonp&#x26;oid=190003&#x26;type=3" />
+		<test url="http://api.bilibili.com/x/reply?jsonp=jsonp&#x26;oid=191437&#x26;type=3" />
+
+	<!--	MCB:	-->
+	<target host="app.bilibili.com" />
+		<exclusion pattern="^http://app\.bilibili\.com/(?!images/)" />
+		<test url="http://app.bilibili.com/images/android.html" />
+		<test url="http://app.bilibili.com/mobile/android.html" />
+
+	<target host="bangumi.bilibili.com" />
+		<exclusion pattern="^http://bangumi\.bilibili\.com/moe/2016/" />
+		<test url="http://bangumi.bilibili.com/moe/2016/jp/index" />
+		<test url="http://bangumi.bilibili.com/moe/2016/jp/character/list" />
+
+		<test url="http://bangumi.bilibili.com/22/" />
+		<test url="http://bangumi.bilibili.com/anime/1111" />
+		<test url="http://bangumi.bilibili.com/sponsor/rankweb/get_sponsor_week_list" />
+		<test url="http://bangumi.bilibili.com/web_api/user_area" />
+
+	<target host="bml.bilibili.com" />
+		<exclusion pattern="^http://bml\.bilibili\.com/(?!bml_intro)" />
+		<test url="http://bml.bilibili.com/bml_intro" />
+		<test url="http://bml.bilibili.com/bml_intro?bid=13" />
+
+		<test url="http://bml.bilibili.com/index2016/" />
+		<test url="http://bml.bilibili.com/micro2015/" />
+
+	<target host="h.bilibili.com" />
+		<exclusion pattern="^http://h\.bilibili\.com/(?!css/|js/|images/|img/)" />
+		<test url="http://h.bilibili.com/css/draw_yoo.css" />
+		<test url="http://h.bilibili.com/js/picwall.js" />
+		<test url="http://h.bilibili.com/images/ra.js" />
+		<test url="http://h.bilibili.com/img/Icons2.png" />
+
+		<test url="http://h.bilibili.com/nav.js" />
+		<test url="http://h.bilibili.com/dy190003" />
+		<test url="http://h.bilibili.com/dy191437" />
+		<test url="http://h.bilibili.com/index/pic_banner.json" />
+		<test url="http://h.bilibili.com/login" />
+		<test url="http://h.bilibili.com/member?mod=addbanner&#x26;id=41" />
+
+	<!--	Directly:	-->
+	<target host="www.bilibili.com" />
+	<target host="account.bilibili.com" />
+		<test url="http://account.bilibili.com/site/nameplate.html" />
+	<target host="bmall.bilibili.com" />
+	<target host="comment.bilibili.com" />
+	<target host="data.bilibili.com" />
+		<exclusion pattern="^http://data\.bilibili\.com/$" />
+		<test url="http://data.bilibili.com/a/access.js" />
+	<target host="game.bilibili.com" />
+	<target host="interface.bilibili.com" />
+		<test url="http://interface.bilibili.com/msg.xml" />
+	<target host="live.bilibili.com" />
+	<target host="api.live.bilibili.com" />
+		<test url="http://api.live.bilibili.com/feed/v1/feed/heartBeat" />
+	<target host="live-feed.bilibili.com" />
+	<target host="live-trace.bilibili.com" />
+	<target host="message.bilibili.com" />
+	<target host="news.bilibili.com" />
+	<target host="pay.bilibili.com" />
+	<target host="passport.bilibili.com" />
+	<target host="search.bilibili.com" />
+	<target host="space.bilibili.com" />
+	<target host="static-s.bilibili.com" />
+	<target host="vip.bilibili.com" />
+	<target host="zb.bilibili.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Bilio.com.xml b/src/chrome/content/rules/Bilio.com.xml
new file mode 100644
index 000000000000..50ba4e76e01a
--- /dev/null
+++ b/src/chrome/content/rules/Bilio.com.xml
@@ -0,0 +1,63 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.bilio.com/Content/img/preloader.gif => https://www.bilio.com/Content/img/preloader.gif: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.bilio.com/Global/Ucuzu/Content/img/icons/logo-bilio.svg => https://www.bilio.com/Global/Ucuzu/Content/img/icons/logo-bilio.svg: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://image.bilio.com/ => https://image.bilio.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://image2.bilio.com/ => https://image2.bilio.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://m.bilio.com/ => https://m.bilio.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://magaza.bilio.com/ => https://magaza.bilio.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://magazakayit.bilio.com/ => https://magazakayit.bilio.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://bilio.com/ => https://www.bilio.com/: (60, 'SSL certificate problem: certificate has expired')
+
+	Problematic hosts in *bilio.com:
+
+		- ^ *
+		- info *
+
+	* Mismatched
+
+-->
+<ruleset name="Bilio.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="image.bilio.com" />
+	<target host="image2.bilio.com" />
+	<target host="m.bilio.com" />
+	<target host="magaza.bilio.com" />
+	<target host="magazakayit.bilio.com" />
+	<target host="www.bilio.com" />
+
+	<!--	Complications:
+				-->
+	<target host="bilio.com" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.bilio\.com/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.bilio\.com/+(?!Content/|Global/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.bilio.com/bilgisayar-c3067/" />
+			<test url="http://www.bilio.com/bisiklet-c104/" />
+			<test url="http://www.bilio.com/inverter-c5572/" />
+			<test url="http://www.bilio.com/markalar/apple/" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.bilio.com/Content/img/preloader.gif" />
+			<test url="http://www.bilio.com/Global/Ucuzu/Content/img/icons/logo-bilio.svg" />
+
+
+	<rule from="^http://bilio\.com/"
+		to="https://www.bilio.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BillDesk.com.xml b/src/chrome/content/rules/BillDesk.com.xml
new file mode 100644
index 000000000000..22ffe96d6325
--- /dev/null
+++ b/src/chrome/content/rules/BillDesk.com.xml
@@ -0,0 +1,35 @@
+<!--
+	Problematic hosts:
+
+		- connect.billdesk.com ¹
+		- m.billdesk.com ²
+		- services.billdesk.com ²
+
+	¹ Mismatched
+	² 504 error
+
+	Fully covered hosts:
+
+		- (www.)?
+		- online
+		- payments
+		- pgi
+		- uat
+
+-->
+<ruleset name="BillDesk.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="billdesk.com" />
+	<target host="online.billdesk.com" />
+	<target host="payments.billdesk.com" />
+	<target host="pgi.billdesk.com" />
+	<target host="uat.billdesk.com" />
+	<target host="www.billdesk.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BillPay.de.xml b/src/chrome/content/rules/BillPay.de.xml
new file mode 100644
index 000000000000..4e63982f7e56
--- /dev/null
+++ b/src/chrome/content/rules/BillPay.de.xml
@@ -0,0 +1,30 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://logon.billpay.de/ => https://logon.billpay.de/: (51, "SSL: no alternative certificate subject name matches target host name 'logon.billpay.de'")
+
+	Insecure cookies are set for these hosts:
+
+		- login.billpay.de
+
+-->
+<ruleset name="BillPay.de" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="billpay.de" />
+	<target host="logon.billpay.de" />
+	<target host="www.billpay.de" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^login\.billpay\.de$" name="^JSESSIONID$" /-->
+
+	<securecookie host="^login\.billpay\.de$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bill_Maher.com.xml b/src/chrome/content/rules/Bill_Maher.com.xml
new file mode 100644
index 000000000000..e5487a76b01d
--- /dev/null
+++ b/src/chrome/content/rules/Bill_Maher.com.xml
@@ -0,0 +1,19 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://billmaher.com/ => https://billmaher.com/: (51, "SSL: no alternative certificate subject name matches target host name 'billmaher.com'")
+Fetch error: http://www.billmaher.com/ => https://www.billmaher.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.billmaher.com'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://billmaher.com/ => https://billmaher.com/: (28, 'Connection timed out after 10001 milliseconds')
+Fetch error: http://www.billmaher.com/ => https://www.billmaher.com/: (28, 'Connection timed out after 10000 milliseconds')
+-->
+<ruleset name="Bill Maher.com" default_off="failed ruleset test">
+
+	<target host="billmaher.com" />
+	<target host="www.billmaher.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Billboard.com.xml b/src/chrome/content/rules/Billboard.com.xml
new file mode 100644
index 000000000000..f9ad19da02bd
--- /dev/null
+++ b/src/chrome/content/rules/Billboard.com.xml
@@ -0,0 +1,42 @@
+<!--
+	No working URL known:
+		amp.billboard.com
+		app1.billboard.com
+		app2.billboard.com
+		bbs.billboard.com
+		charts-static.billboard.com
+		dev.billboard.com (401)
+		editbbma.billboard.com
+		mobileapi.billboard.com
+		pro.billboard.com
+		qa.billboard.com
+
+	Invalid certificate:
+		features.billboard.com
+		link.billboard.com
+		tickets.billboard.com
+		video.billboard.com
+
+	Time out:
+		m.billboard.com
+
+	Refused:
+		mobile.billboard.com
+
+	Different content http/https:
+		realtime.billboard.com
+
+-->
+<ruleset name="Billboard.com (partial)">
+
+	<target host="billboard.com" />
+	<target host="www.billboard.com" />
+	<target host="edit.billboard.com" />
+	<target host="shop.billboard.com" />
+	<target host="store.billboard.com" />
+	<target host="subscribe.billboard.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Billetten.dk.xml b/src/chrome/content/rules/Billetten.dk.xml
new file mode 100644
index 000000000000..e1cabc84e461
--- /dev/null
+++ b/src/chrome/content/rules/Billetten.dk.xml
@@ -0,0 +1,8 @@
+<ruleset name="BillettenDK">
+	<target host="billetten.dk" />
+	<target host="www.billetten.dk" />
+
+	<securecookie host="^www\.billetten\.dk" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Billiger.de.xml b/src/chrome/content/rules/Billiger.de.xml
index 4e7a7c6f706a..68cd498dc1e6 100644
--- a/src/chrome/content/rules/Billiger.de.xml
+++ b/src/chrome/content/rules/Billiger.de.xml
@@ -11,6 +11,7 @@
 
 	<target host="billiger.de" />
 	<target host="www.billiger.de" />
+	<target host="api-img.billiger.de" />
 
 
 	<!--	Tracking cookies:
@@ -22,4 +23,5 @@
 	<rule from="^http://(www\.)?billiger\.de/(combine/|favicon\.ico|img/|vnt_gc/img/|js/|stats/graphite\.gif)"
 		to="https://$1billiger.de/$2" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http://api-img\.billiger\.de/" to="https://api-img.billiger.de/" />
+</ruleset>
diff --git a/src/chrome/content/rules/BillingsBridge.com.xml b/src/chrome/content/rules/BillingsBridge.com.xml
new file mode 100644
index 000000000000..7445fd5b7d94
--- /dev/null
+++ b/src/chrome/content/rules/BillingsBridge.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="BillingsBridge.com">
+	<target host="billingsbridge.com" />
+	<target host="www.billingsbridge.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/BillionDigital.com.xml b/src/chrome/content/rules/BillionDigital.com.xml
new file mode 100644
index 000000000000..ead32a838f16
--- /dev/null
+++ b/src/chrome/content/rules/BillionDigital.com.xml
@@ -0,0 +1,69 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://anwers.billiondigital.com/ => https://anwers.billiondigital.com/: (6, 'Could not resolve host: anwers.billiondigital.com')
+
+	Other BillionDigital rulesets:
+
+		- Themler.com.xml
+
+
+	Nonfunctional hosts in *billiondigital.com:
+
+		- attachments.answers *
+
+	* 404
+
+
+	www.billiondigital.com: 400
+
+
+	Fully covered hosts in *billiondigital.com:
+
+		- (www.)?	(www → ^)
+		- account
+		- answers
+		- uploads
+
+
+	Insecure cookies are set for these hosts:
+
+		- billiondigital.com
+		- account.billiondigital.com
+
+
+	Mixed content:
+
+		- Images on ^ from uploads.billionphotos.com *
+
+	* Secured by us
+
+-->
+<ruleset name="BillionDigital.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="billiondigital.com" />
+	<target host="account.billiondigital.com" />
+	<target host="anwers.billiondigital.com" />
+	<target host="uploads.billiondigital.com" />
+
+	<!--	Complications:
+				-->
+	<target host="www.billiondigital.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(account\.)?billionphotos\.com$" name="^CheckCookie$" /-->
+
+	<securecookie host="^(?:account\.)?billionphotos\.com$" name=".+" />
+
+
+	<rule from="^http://www\.billiondigital\.com/"
+		to="https://billiondigital.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Billiongraves.com.xml b/src/chrome/content/rules/Billiongraves.com.xml
new file mode 100644
index 000000000000..dc270578f085
--- /dev/null
+++ b/src/chrome/content/rules/Billiongraves.com.xml
@@ -0,0 +1,51 @@
+<!--
+	covered subdomains:
+		- $
+		- www
+		- language specific subdomains
+
+	Nonfunctional subdomains:
+		- blog          -> redirects to HTTP
+		- store         -> cert expired
+		- community     -> only partial, sometimes redirects to HTTP
+
+	Cookies needed for authentication on non-HTTPS:
+		- bguid
+		- bgue
+-->
+<ruleset name="Billiongraves.com">
+	<target host="billiongraves.com" />
+	<target host="*.billiongraves.com" />
+	<!-- <target host="store.billiongraves.com" /> -->
+
+	<test url="http://www.billiongraves.com/" />
+	<test url="http://ca.billiongraves.com/" />
+	<test url="http://de.billiongraves.com/" />
+	<test url="http://es.billiongraves.com/" />
+	<test url="http://nl.billiongraves.com/" />
+	<test url="http://ar.billiongraves.com/" />
+
+	<!-- https://regex101.com/r/uD1iE1/1 -->
+	<exclusion pattern="^http://(blog|store|community)\.billiongraves\.com" />
+	<test url="http://blog.billiongraves.com/" />
+	<test url="http://store.billiongraves.com/" />
+	<test url="http://community.billiongraves.com/" />
+
+	<!--
+		Cookie from [https://]billiongraves.com is needed for login on
+		http://community.billiongraves.com
+	-->
+	  <!-- <securecookie host="^(www\.)?billiongraves\.com$" name=".+" /> -->
+
+	<!--
+		Securecookie for all billiongraves domains, for all cookies expect of
+		bguid and bgue
+
+		host: https://regex101.com/r/wN7wU2/2
+		name: https://regex101.com/r/fO3pB4/3
+	-->
+	<securecookie host="^(www\.|\w{2}\.)?billiongraves\.com$" name="^(?!bguid|bgue).+" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Billund.dk.xml b/src/chrome/content/rules/Billund.dk.xml
new file mode 100644
index 000000000000..bf30e1b7b23f
--- /dev/null
+++ b/src/chrome/content/rules/Billund.dk.xml
@@ -0,0 +1,25 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.billund.dk/ => https://www.billund.dk/: Too many redirects while fetching 'https://www.billund.dk/'
+
+
+	Not covered:
+
+		- vibygger¹
+
+	¹ Bad CN in cert/no content
+
+-->
+
+<ruleset name="Billund.dk" default_off="failed ruleset test">
+
+	<target host="billund.dk" />
+	<target host="www.billund.dk" />
+
+	<securecookie host="^\.?billund\.dk$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Billy_Creative.xml b/src/chrome/content/rules/Billy_Creative.xml
index 0c0fe2f8925a..84f950fd8523 100644
--- a/src/chrome/content/rules/Billy_Creative.xml
+++ b/src/chrome/content/rules/Billy_Creative.xml
@@ -3,8 +3,6 @@
 	<target host="billycreative.com" />
 	<target host="www.billycreative.com" />
 
+	<rule from="^http:" to="https:" />
 
-	<rule from="^http://(www\.)?billycreative\.com/"
-		to="https://$1billycreative.com/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Bin-Store.com.xml b/src/chrome/content/rules/Bin-Store.com.xml
index 77bc43b2edc4..1e8b6b63949d 100644
--- a/src/chrome/content/rules/Bin-Store.com.xml
+++ b/src/chrome/content/rules/Bin-Store.com.xml
@@ -1,13 +1,13 @@
 <ruleset name="Bin-Store.com">
 
 	<target host="bin-store.com" />
-	<target host="*.bin-store.com" />
+	<target host="secure.bin-store.com" />
+	<target host="www.bin-store.com" />
 
 
 	<securecookie host="^\.bin-store\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?(secure\.)?bin-store\.com/"
-		to="https://$1$2bin-store.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/BinBayyah.net.xml b/src/chrome/content/rules/BinBayyah.net.xml
new file mode 100644
index 000000000000..a22481f46643
--- /dev/null
+++ b/src/chrome/content/rules/BinBayyah.net.xml
@@ -0,0 +1,23 @@
+<!--
+	Mismatch:
+		autoconfig.binbayyah.net
+		autodiscover.binbayyah.net
+		cpanel.binbayyah.net
+		ftp.binbayyah.net
+		imap.binbayyah.net
+		mail.binbayyah.net
+		pop.binbayyah.net
+		smtp.binbayyah.net
+		webdisk.binbayyah.net
+		webmail.binbayyah.net
+		whm.binbayyah.net
+-->
+<ruleset name="BinBayyah.net" platform="mixedcontent">
+	<target host="binbayyah.net" />
+	<target host="www.binbayyah.net" />
+	<target host="mail.binbayyah.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/BinBaz.org.sa.xml b/src/chrome/content/rules/BinBaz.org.sa.xml
new file mode 100644
index 000000000000..97d670aad0c8
--- /dev/null
+++ b/src/chrome/content/rules/BinBaz.org.sa.xml
@@ -0,0 +1,13 @@
+<ruleset name="BinBaz.org.sa">
+	<target host="binbaz.org.sa" />
+	<target host="www.binbaz.org.sa" />
+	<target host="beta.binbaz.org.sa" />
+	<target host="maserah.binbaz.org.sa" />
+
+	<target host="ibnbaz.org.sa" />
+	<target host="www.ibnbaz.org.sa" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/BinRev.xml b/src/chrome/content/rules/BinRev.xml
index 5f0a5a793ead..5317bfdcf294 100644
--- a/src/chrome/content/rules/BinRev.xml
+++ b/src/chrome/content/rules/BinRev.xml
@@ -1,6 +1,8 @@
-<ruleset name="BinRev" default_off="Invalid Certificate">
-  <target host="www.binrev.com" />
-  <target host="binrev.com" />
+<ruleset name="BinRev">
+	<target host="binrev.com" />
+	<target host="www.binrev.com" />
+	<target host="forums.binrev.com" />
+	<target host="radio.binrev.com" />
 
-  <rule from="^http://(?:www\.)?binrev\.com/" to="https://binrev.com/"/>
+	<rule from="^http:" to="https:"/>
 </ruleset>
diff --git a/src/chrome/content/rules/BinSearch.xml b/src/chrome/content/rules/BinSearch.xml
index af6415a1f88d..faebb1f13b9f 100644
--- a/src/chrome/content/rules/BinSearch.xml
+++ b/src/chrome/content/rules/BinSearch.xml
@@ -1,12 +1,21 @@
+<!--
+	Redirect to http:
+		binsearch.net
+
+-->
 <ruleset name="BinSearch">
 
 	<target host="binsearch.info" />
 	<target host="www.binsearch.info" />
+
 	<target host="binsearch.net" />
 	<target host="www.binsearch.net" />
+	<target host="rss.binsearch.net" />
 
+	<rule from="^http://binsearch\.net/"
+		to="https://www.binsearch.info/" />
 
-	<rule from="^http://(www\.)?binsearch\.(?:info|net)/" 
-		to="https://$1binsearch.info/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Binary-Biz.xml b/src/chrome/content/rules/Binary-Biz.xml
index 7ad40856a723..277f1b7e1fb0 100644
--- a/src/chrome/content/rules/Binary-Biz.xml
+++ b/src/chrome/content/rules/Binary-Biz.xml
@@ -5,7 +5,7 @@
 	<target host="totalrecall.com"/>
 	<target host="www.totalrecall.com"/>
 
-	<securecookie host="^www\.(binarybiz|totalrecall)\.com$" name=".*"/>
+	<securecookie host="^www\.(?:binarybiz|totalrecall)\.com$" name=".+" />
 
 	<rule from="^http://(www\.)?binarybiz\.com/"
 		to="https://$1binarybiz.com/"/>
diff --git a/src/chrome/content/rules/BinaryTurf.xml b/src/chrome/content/rules/BinaryTurf.xml
index 24bf88c7000d..53983aaf3f4e 100644
--- a/src/chrome/content/rules/BinaryTurf.xml
+++ b/src/chrome/content/rules/BinaryTurf.xml
@@ -1,10 +1,19 @@
-<ruleset name="BinaryTurf">
+<!--
+	Insecure cookies are set for these hosts:
+
+		- www.binaryturf.com
+
+-->
+<ruleset name="BinaryTurf.com">
   <target host="binaryturf.com" />
   <target host="www.binaryturf.com" />
-  <target host="forums.binaryturf.com" />
 
-  <securecookie host="^(.+\.)?binaryturf\.com$" name=".*"/>
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.binaryturf\.com$" name="^(?:PHPSESSID|bb2_screener_)$" /-->
+
+  <securecookie host=".+" name=".+" />
 
-  <rule from="^http://(?:www\.)?binaryturf\.com/" to="https://www.binaryturf.com/"/>
-  <rule from="^http://forums\.binaryturf\.com/" to="https://www.binaryturf.com/forum/"/>
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Binary_Defense.com.xml b/src/chrome/content/rules/Binary_Defense.com.xml
new file mode 100644
index 000000000000..868f7b1881d0
--- /dev/null
+++ b/src/chrome/content/rules/Binary_Defense.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="Binary Defense.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="binarydefense.com" />
+	<target host="www.binarydefense.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Binbank.ru.xml b/src/chrome/content/rules/Binbank.ru.xml
new file mode 100644
index 000000000000..debefa5d66d5
--- /dev/null
+++ b/src/chrome/content/rules/Binbank.ru.xml
@@ -0,0 +1,21 @@
+<!--premium. mismatch
+energy. mismatch
+www.tver. mismatch
+junior. mismatch
+murmansk. timed out
+www.murmansk. timed out
+smolensk. timed out
+tver. timed out-->
+<ruleset name="Binbank.ru">
+	<target host="binbank.ru" />
+	<target host="www.binbank.ru" />
+	<target host="online.binbank.ru" />
+	<target host="falcon.binbank.ru" />
+	<target host="direct.binbank.ru" />
+	<target host="eng.binbank.ru" />
+	<target host="anketa.binbank.ru" />
+	<target host="app.binbank.ru" />
+	<target host="icabinet.binbank.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Binbox.io.xml b/src/chrome/content/rules/Binbox.io.xml
new file mode 100644
index 000000000000..6dc5909be12b
--- /dev/null
+++ b/src/chrome/content/rules/Binbox.io.xml
@@ -0,0 +1,24 @@
+<!--
+	Nonfunctional subdomains:
+
+		- blog *
+
+	* Dropped
+
+-->
+<ruleset name="Binbox.io (partial)">
+
+	<target host="binbox.io" />
+	<target host="www.binbox.io" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^binbox\.io$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^binbox\.io$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bing.net.xml b/src/chrome/content/rules/Bing.net.xml
new file mode 100644
index 000000000000..5e48d3d90a8b
--- /dev/null
+++ b/src/chrome/content/rules/Bing.net.xml
@@ -0,0 +1,45 @@
+<!--
+	For other Microsoft coverage, see Microsoft.xml.
+
+	CDN buckets:
+		- a134.lm.akamai.net
+			- akam.bing.com
+			- *.mm.bing.net
+
+	Mismatch:
+		api.bing.net
+		cn.bing.net
+		s*.cn.bing.net
+		mm.bing.net
+-->
+
+<ruleset name="Bing.net">
+
+	<!-- Complications: -->
+	<!-- Other s\d+.cn.bing.net will be redirected by server. -->
+	<target host="s.cn.bing.net" />
+	<target host="s1.cn.bing.net" />
+	<target host="s2.cn.bing.net" />
+	<target host="s3.cn.bing.net" />
+	<target host="s4.cn.bing.net" />
+	<rule from="^http://s(1|2|3|4)?\.cn\.bing\.net/" to="https://www.bing.com/" />
+		<test url="http://s.cn.bing.net/th?id=OJ.UuemwLeP4z7lGw" />
+		<test url="http://s1.cn.bing.net/th?id=OJ.UuemwLeP4z7lGw" />
+		<test url="http://s2.cn.bing.net/th?id=OJ.Uf8GrmH1VCytyw" />
+		<test url="http://s3.cn.bing.net/th?id=OJ.1CkJTlB3n1ysOA" />
+		<test url="http://s4.cn.bing.net/th?id=OJ.UuemwLeP4z7lGw" />
+
+	<!-- Directly: -->
+	<target host="*.explicit.bing.net" />
+		<test url="http://ts1.explicit.bing.net/th?id=H.5001696577127141" />
+		<test url="http://ts2.explicit.bing.net/th?id=H.5001696577127141" />
+		<test url="http://ts3.explicit.bing.net/th?id=H.5001696577127141" />
+		<test url="http://ts4.explicit.bing.net/th?id=H.5001696577127141" />
+
+	<target host="*.mm.bing.net" />
+		<test url="http://tse1.mm.bing.net/th?id=HN.608047359268358256" />
+		<test url="http://tse2.mm.bing.net/th?id=OIP.M5ce5495530c4f5a2e6f5d8aeff8be138o0" />
+		<test url="http://ts3.mm.bing.net/th?id=H.4577916612379634" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Bing.xml b/src/chrome/content/rules/Bing.xml
index 208f9550be36..fa62f923143d 100644
--- a/src/chrome/content/rules/Bing.xml
+++ b/src/chrome/content/rules/Bing.xml
@@ -7,79 +7,66 @@
 		- a134.lm.akamai.net
 
 			- akam.bing.com
-			- ts[1-4].mm.bing.net
+			- *.mm.bing.net
 
-		- ssl.bing.com.edgekey.net
 
-			- ssl.bing.com
+	Nonfunctional hosts in *bing.com:
 
+		- m2.cn
+		- origin.bj1
 
-	Nonfunctional domains:
 
-		- bing.com:
+	bat, c: Tracking beacons
 
-			images/ *
-			notifications/ *	not in fd/
-			thumb/ *
 
-		- api.bing.com			(404, akamai)
-		- db3.api.bing.com		(404; mismatched, CN: bedrock.msn.com)
+	Insecure cookies are set for these domains and hosts:
 
-	* Redirects to http
+		- .bing.com
+		- .bat.bing.com
+		- www.bing.com
 
 
-	Problematic domains:
+	Mixed content:
 
-		- www.bing.com		(redirects to http, akamai)
-		- ts[1-4].mm.bing.net	(akamai)
+		- Images on blogs from bingblog.blob.core.windows.net *
+		- Bug on blogs from c.microsoft.com *
 
-
-	Partially covered domains:
-
-		- (www.)bing.com	(→ ssl.bing.com)
-
-
-	Fully covered domains:
-
-		- bing.com subdomains:
-
-			- c.bing		(tracking beacons)
-			- h.bing
-			- ssl.bing
-			- udc.bing
-
-		- ts[1-4].mm.bing.net
+	* Secured by us
 
 -->
-<ruleset name="Bing (partial, buggy)" default_off="breaks points dashboard" platform="mixedcontent">
+<ruleset name="Bing.com">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="bing.com" />
-	<target host="*.bing.com" />
-	<target host="*.mm.bing.net" />
-		<!--
-			Breaks login menu
-
-				https://trac.torproject.org/projects/tor/ticket/7092
-										-->
-		<exclusion pattern="^https?://(?:www\.)?bing\.com/fd/fb/mulmfg" />
+	<target host="bat.bing.com" />
+	<target host="blog.bing.com" />
+	<target host="blogs.bing.com" />
+	<target host="c.bing.com" />
+	<target host="cn.bing.com" />
+	<target host="h.bing.com" />
+	<target host="ssl.bing.com" />
+	<target host="testfamilysafety.bing.com" />
+	<target host="udc.bing.com" />
+	<target host="www.bing.com" />
+	<target host="*.api.bing.com" />
 
 
-	<securecookie host="^(?:\.c|ssl)\.bing\.com$" name=".+" />
+	<test url="http://db1.api.bing.com/" />
+	<test url="http://db2.api.bing.com/" />
+	<test url="http://db3.api.bing.com/" />
 
 
-	<rule from="^http://(?:www\.)?bing\.com/(az/|fd/|HPImageArchive\.aspx|mm/|news/s/|s/as/|sa/|th(?:$|\?))"
-		to="https://ssl.bing.com/$1" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.bing\.com$" name="^(?:_EDGE_V|_FS|_SS|MUID|SRCHD|SRCHUSR)$" /-->
+	<!--securecookie host="^\.bat\.bing\.com$" name="^MR$" /-->
+	<!--securecookie host="^www\.bing\.com$" name="^(?:MUIDB|SRCHUID)$" /-->
 
-	<!--	- fd/s/ is equivalent and fd/ seems to work always, so redirect there
-		- /bing and /ssl.bing are the same here, but ssl has an EV
-								-->
-	<rule from="^http://(?:www\.)?bing\.com/s/"
-		to="https://ssl.bing.com/fd/s/" />
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(c|h|ssl|udc)\.bing\.com/"
-		to="https://$1.bing.com/" />
 
-	<rule from="^http://ts[1-4]\.mm\.bing\.net/"
-		to="https://ssl.bing.com/"/>
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Bing_Places.com.xml b/src/chrome/content/rules/Bing_Places.com.xml
new file mode 100644
index 000000000000..509a108f420c
--- /dev/null
+++ b/src/chrome/content/rules/Bing_Places.com.xml
@@ -0,0 +1,28 @@
+<!--
+	For other Microsoft coverage, see Microsoft.xml.
+
+
+	^bingplaces.com: Dropped
+
+-->
+<ruleset name="Bing Places.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.bingplaces.com" />
+
+	<!--	Complications:
+				-->
+	<target host="bingplaces.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://bingplaces\.com/"
+		to="https://www.bingplaces.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bintray.com.xml b/src/chrome/content/rules/Bintray.com.xml
new file mode 100644
index 000000000000..0010627378b9
--- /dev/null
+++ b/src/chrome/content/rules/Bintray.com.xml
@@ -0,0 +1,36 @@
+<!--
+	For other JFrog coverage, see JFrog.com.xml.
+
+
+	Problematic hosts in *bintray.com:
+
+		- blog *
+		- status *
+
+	* Mismatched
+
+-->
+<ruleset name="Bintray.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="bintray.com" />
+	<target host="api.bintray.com" />
+	<target host="dl.bintray.com" />
+	<target host="www.bintray.com" />
+
+	<!--	Complications:
+				-->
+	<target host="status.bintray.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://status\.bintray\.com/"
+		to="https://bintray.statuspage.io/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BioInfo.pl.xml b/src/chrome/content/rules/BioInfo.pl.xml
new file mode 100644
index 000000000000..319c3cf6e81b
--- /dev/null
+++ b/src/chrome/content/rules/BioInfo.pl.xml
@@ -0,0 +1,26 @@
+<!--
+	For more BioInfoBank.com related ruleset, see BioInfoBank.com.xml
+
+	Non-functional hosts
+		Timeout was reached:
+			 - dns2.bioinfo.pl
+			 - morasko.bioinfo.pl
+
+		SSL peer certificate was not OK:
+			 - dns1.bioinfo.pl
+			 - dns3.bioinfo.pl
+			 - ia.bioinfo.pl
+			 - seed.bioinfo.pl
+
+		Incomplete certificate chain error:
+			 - mail.bioinfo.pl
+			 - thc.bioinfo.pl
+-->
+<ruleset name="BioInfo.pl (partial)">
+	<target host="bioinfo.pl" />
+	<target host="www.bioinfo.pl" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/BioInfoBank.com.xml b/src/chrome/content/rules/BioInfoBank.com.xml
new file mode 100644
index 000000000000..079c45853188
--- /dev/null
+++ b/src/chrome/content/rules/BioInfoBank.com.xml
@@ -0,0 +1,22 @@
+<!--
+	BioInfoBank.com related ruleset:
+		 - BioInfo.pl.xml
+		 - PicoStocks.com.xml
+
+	Non-functional hosts
+		Timeout was reached:
+			 - dns2.bioinfobank.com
+
+		SSL peer certificate was not OK:
+			 - dns1.bioinfobank.com
+			 - dns3.bioinfobank.com
+			 - mail.bioinfobank.com
+-->
+<ruleset name="BioInfoBank.com (partial)">
+	<target host="bioinfobank.com" />
+	<target host="www.bioinfobank.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/BioMed-Central.xml b/src/chrome/content/rules/BioMed-Central.xml
deleted file mode 100644
index 236cbdd9262d..000000000000
--- a/src/chrome/content/rules/BioMed-Central.xml
+++ /dev/null
@@ -1,76 +0,0 @@
-<!--
-	For other Springer coverage, see Springer.xml.
-
-
-	CDN buckets:
-
-		- oas000359.247realmedia.com
-
-			- oas.biomedcentral.com
-
-
-	Nonfunctional domains:
-
-		- (www.)chemistrycentral.com *
-		- (www.)springeropen.com *
-
-	* Dropped
-
-
-	Problematic subdomains:
-
-		- oas	(mismatched, CN: openadstream-eu1.247realmedia.com)
-		- w01 *
-		- w13 *
-
-	* Mismatched
-
-
-	Fully covered subdomains:
-
-		- (www.)
-		- oas		(→ oasc-eu1.247realmedia.com)
-		- w\d\d		(→ ^)
-
-
-	Mixed content:
-
-		- Video on www from www.youtube.com *
-
-		- css on www from www *
-
-		- Images on www from www *
-
-		- Web bugs on www from oas *
-
-	* Secured by us
-
--->
-<ruleset name="BioMed Central (false MCB)" platform="mixedcontent">
-
-	<target host="biomedcentral.com" />
-	<target host="*.biomedcentral.com" />
-
-
-	<securecookie host="^(.*\.)?biomedcentral\.com$" name=".*" />
-
-
-	<rule from="^https?://(?:w\d\d\.|(www\.))?biomedcentral\.com/"
-		to="https://$1biomedcentral.com/" />
-
- 	<rule from="^https?://(?:w\d\d\.|(www\.))?biomedcentral\.com/"
- 		to="https://$1biomedcentral.com/" />
- 
-        <!-- This is really ugly, but some (not all!) BiomedCentral
-             HTTPS URLs generate an incorrect 302 redirect from the
-             site to http://www.biomedcentral.com:443/somepath
-             which then produces an error; we can apparently fix the
-             effects of this 302 ourselves with a rewrite rule.
-								-->
-	<rule from="^http://(?:w\d\d\.|(www\.))?biomedcentral\.com:443/"
-                to="https://$1biomedcentral.com/" />
-
-	<rule from="^http://oas\.biomedcentral\.com/"
-		to="https://oasc-eu1.247realmedia.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/BioMedCentral.com.xml b/src/chrome/content/rules/BioMedCentral.com.xml
new file mode 100644
index 000000000000..db711003f364
--- /dev/null
+++ b/src/chrome/content/rules/BioMedCentral.com.xml
@@ -0,0 +1,375 @@
+<!--
+	For other Springer coverage, see Springer.xml.
+
+	CDN buckets:
+		- oas000359.247realmedia.com
+		- oas.biomedcentral.com
+
+	Refused:
+		biomedcentral.com
+
+	Invalid certificate:
+		events.biomedcentral.com
+		oas.biomedcentral.com
+		databases.biomedcentral.com
+
+	No working URL known:
+		payment.biomedcentral.com
+		secure.biomedcentral.com
+
+-->
+<ruleset name="BioMedCentral.com">
+
+	<target host="biomedcentral.com" />
+	<target host="www.biomedcentral.com" />
+	<target host="aacijournal.biomedcentral.com" />
+	<target host="actaneurocomms.biomedcentral.com" />
+	<target host="actavetscand.biomedcentral.com" />
+	<target host="advancesinsimulation.biomedcentral.com" />
+	<target host="aejournal.biomedcentral.com" />
+	<target host="agricultureandfoodsecurity.biomedcentral.com" />
+	<target host="aidsrestherapy.biomedcentral.com" />
+	<target host="almob.biomedcentral.com" />
+	<target host="alzres.biomedcentral.com" />
+	<target host="animalbiotelemetry.biomedcentral.com" />
+	<target host="ann-clinmicrob.biomedcentral.com" />
+	<target host="annals-general-psychiatry.biomedcentral.com" />
+	<target host="anzhealthpolicy.biomedcentral.com" />
+	<target host="aoemj.biomedcentral.com" />
+	<target host="apfmj.biomedcentral.com" />
+	<target host="appliedcr.biomedcentral.com" />
+	<target host="aquaticbiosystems.biomedcentral.com" />
+	<target host="archivesphysiotherapy.biomedcentral.com" />
+	<target host="archpublichealth.biomedcentral.com" />
+	<target host="aricjournal.biomedcentral.com" />
+	<target host="arthritis-research.biomedcentral.com" />
+	<target host="ascpjournal.biomedcentral.com" />
+	<target host="asir-journal.biomedcentral.com" />
+	<target host="asthmarp.biomedcentral.com" />
+	<target host="avianres.biomedcentral.com" />
+	<target host="bacandrology.biomedcentral.com" />
+	<target host="bdataanalytics.biomedcentral.com" />
+	<target host="behavioralandbrainfunctions.biomedcentral.com" />
+	<target host="beta.biomedcentral.com" />
+	<target host="biodatamining.biomedcentral.com" />
+	<target host="biolmoodanxietydisord.biomedcentral.com" />
+	<target host="biologicalproceduresonline.biomedcentral.com" />
+	<target host="biologydirect.biomedcentral.com" />
+	<target host="biolres.biomedcentral.com" />
+	<target host="biomarkerres.biomedcentral.com" />
+	<target host="biomaterialsres.biomedcentral.com" />
+	<target host="biomedical-engineering-online.biomedcentral.com" />
+	<target host="biosignaling.biomedcentral.com" />
+	<target host="biotechnologyforbiofuels.biomedcentral.com" />
+	<target host="blogs.biomedcentral.com" />
+	<target host="bmcanesthesiol.biomedcentral.com" />
+	<target host="bmcbiochem.biomedcentral.com" />
+	<target host="bmcbioinformatics.biomedcentral.com" />
+	<target host="bmcbiol.biomedcentral.com" />
+	<target host="bmcbiophys.biomedcentral.com" />
+	<target host="bmcbiotechnol.biomedcentral.com" />
+	<target host="bmccancer.biomedcentral.com" />
+	<target host="bmccardiovascdisord.biomedcentral.com" />
+	<target host="bmccellbiol.biomedcentral.com" />
+	<target host="bmcchembiol.biomedcentral.com" />
+	<target host="bmcclinpathol.biomedcentral.com" />
+	<target host="bmccomplementalternmed.biomedcentral.com" />
+	<target host="bmcdermatol.biomedcentral.com" />
+	<target host="bmcdevbiol.biomedcentral.com" />
+	<target host="bmcearnosethroatdisord.biomedcentral.com" />
+	<target host="bmcecol.biomedcentral.com" />
+	<target host="bmcemergmed.biomedcentral.com" />
+	<target host="bmcendocrdisord.biomedcentral.com" />
+	<target host="bmcevolbiol.biomedcentral.com" />
+	<target host="bmcfampract.biomedcentral.com" />
+	<target host="bmcgastroenterol.biomedcentral.com" />
+	<target host="bmcgenet.biomedcentral.com" />
+	<target host="bmcgenomics.biomedcentral.com" />
+	<target host="bmchealthservres.biomedcentral.com" />
+	<target host="bmchematol.biomedcentral.com" />
+	<target host="bmcimmunol.biomedcentral.com" />
+	<target host="bmcinfectdis.biomedcentral.com" />
+	<target host="bmcinthealthhumrights.biomedcentral.com" />
+	<target host="bmcmededuc.biomedcentral.com" />
+	<target host="bmcmedgenet.biomedcentral.com" />
+	<target host="bmcmedgenomics.biomedcentral.com" />
+	<target host="bmcmedicine.biomedcentral.com" />
+	<target host="bmcmedimaging.biomedcentral.com" />
+	<target host="bmcmedinformdecismak.biomedcentral.com" />
+	<target host="bmcmedphys.biomedcentral.com" />
+	<target host="bmcmedresmethodol.biomedcentral.com" />
+	<target host="bmcmicrobiol.biomedcentral.com" />
+	<target host="bmcmolbiol.biomedcentral.com" />
+	<target host="bmcmusculoskeletdisord.biomedcentral.com" />
+	<target host="bmcnephrol.biomedcentral.com" />
+	<target host="bmcneurol.biomedcentral.com" />
+	<target host="bmcneurosci.biomedcentral.com" />
+	<target host="bmcnurs.biomedcentral.com" />
+	<target host="bmcnutr.biomedcentral.com" />
+	<target host="bmcophthalmol.biomedcentral.com" />
+	<target host="bmcoralhealth.biomedcentral.com" />
+	<target host="bmcpalliatcare.biomedcentral.com" />
+	<target host="bmcpediatr.biomedcentral.com" />
+	<target host="bmcpharmacoltoxicol.biomedcentral.com" />
+	<target host="bmcplantbiol.biomedcentral.com" />
+	<target host="bmcpregnancychildbirth.biomedcentral.com" />
+	<target host="bmcproc.biomedcentral.com" />
+	<target host="bmcpsychiatry.biomedcentral.com" />
+	<target host="bmcpsychology.biomedcentral.com" />
+	<target host="bmcpublichealth.biomedcentral.com" />
+	<target host="bmcpulmmed.biomedcentral.com" />
+	<target host="bmcresnotes.biomedcentral.com" />
+	<target host="bmcstructbiol.biomedcentral.com" />
+	<target host="bmcsurg.biomedcentral.com" />
+	<target host="bmcurol.biomedcentral.com" />
+	<target host="bmcvetres.biomedcentral.com" />
+	<target host="bmcwomenshealth.biomedcentral.com" />
+	<target host="bmczool.biomedcentral.com" />
+	<target host="bpded.biomedcentral.com" />
+	<target host="bpsmedicine.biomedcentral.com" />
+	<target host="breast-cancer-research.biomedcentral.com" />
+	<target host="bsd.biomedcentral.com" />
+	<target host="burnstrauma.biomedcentral.com" />
+	<target host="cancerandmetabolism.biomedcentral.com" />
+	<target host="cancerci.biomedcentral.com" />
+	<target host="cancerimagingjournal.biomedcentral.com" />
+	<target host="cancersheadneck.biomedcentral.com" />
+	<target host="capmh.biomedcentral.com" />
+	<target host="cardiab.biomedcentral.com" />
+	<target host="cardiooncologyjournal.biomedcentral.com" />
+	<target host="cardiothoracicsurgery.biomedcentral.com" />
+	<target host="cardiovascularultrasound.biomedcentral.com" />
+	<target host="casesjournal.biomedcentral.com" />
+	<target host="ccforum.biomedcentral.com" />
+	<target host="cellandbioscience.biomedcentral.com" />
+	<target host="celldiv.biomedcentral.com" />
+	<target host="cellregenerationjournal.biomedcentral.com" />
+	<target host="cerebellumandataxias.biomedcentral.com" />
+	<target host="cgejournal.biomedcentral.com" />
+	<target host="chiromt.biomedcentral.com" />
+	<target host="ciliajournal.biomedcentral.com" />
+	<target host="cjcjournal.biomedcentral.com" />
+	<target host="climatechangeresponses.biomedcentral.com" />
+	<target host="clindiabetesendo.biomedcentral.com" />
+	<target host="clinicalepigeneticsjournal.biomedcentral.com" />
+	<target host="clinicalhypertension.biomedcentral.com" />
+	<target host="clinicalmolecularallergy.biomedcentral.com" />
+	<target host="clinicalmovementdisorders.biomedcentral.com" />
+	<target host="clinicalproteomicsjournal.biomedcentral.com" />
+	<target host="clinicalsarcomaresearch.biomedcentral.com" />
+	<target host="cmbl.biomedcentral.com" />
+	<target host="cmjournal.biomedcentral.com" />
+	<target host="cnjournal.biomedcentral.com" />
+	<target host="comparative-hepatology.biomedcentral.com" />
+	<target host="conflictandhealth.biomedcentral.com" />
+	<target host="contraceptionmedicine.biomedcentral.com" />
+	<target host="copdrp.biomedcentral.com" />
+	<target host="coughjournal.biomedcentral.com" />
+	<target host="cpementalhealth.biomedcentral.com" />
+	<target host="ctajournal.biomedcentral.com" />
+	<target host="darujps.biomedcentral.com" />
+	<target host="diagnosticpathology.biomedcentral.com" />
+	<target host="diagnprognres.biomedcentral.com" />
+	<target host="disastermilitarymedicine.biomedcentral.com" />
+	<target host="dmsjournal.biomedcentral.com" />
+	<target host="dynamic-med.biomedcentral.com" />
+	<target host="eandv.biomedcentral.com" />
+	<target host="ehjournal.biomedcentral.com" />
+	<target host="ehoonline.biomedcentral.com" />
+	<target host="environmentalevidencejournal.biomedcentral.com" />
+	<target host="epigeneticsandchromatin.biomedcentral.com" />
+	<target host="epmajournal.biomedcentral.com" />
+	<target host="equityhealthj.biomedcentral.com" />
+	<target host="ete-online.biomedcentral.com" />
+	<target host="ethnobiomed.biomedcentral.com" />
+	<target host="etsmjournal.biomedcentral.com" />
+	<target host="eurapa.biomedcentral.com" />
+	<target host="eurjmedres.biomedcentral.com" />
+	<target host="evodevojournal.biomedcentral.com" />
+	<target host="exrna.biomedcentral.com" />
+	<target host="extremephysiolmed.biomedcentral.com" />
+	<target host="fas.biomedcentral.com" />
+	<target host="fertilityresearchandpractice.biomedcentral.com" />
+	<target host="fibrogenesis.biomedcentral.com" />
+	<target host="flavourjournal.biomedcentral.com" />
+	<target host="fluidsbarrierscns.biomedcentral.com" />
+	<target host="frontiersinzoology.biomedcentral.com" />
+	<target host="fungalbiolbiotech.biomedcentral.com" />
+	<target host="genesandnutrition.biomedcentral.com" />
+	<target host="genesenvironment.biomedcentral.com" />
+	<target host="genomebiology.biomedcentral.com" />
+	<target host="genomemedicine.biomedcentral.com" />
+	<target host="ghrp.biomedcentral.com" />
+	<target host="gigascience.biomedcentral.com" />
+	<target host="globalizationandhealth.biomedcentral.com" />
+	<target host="gsejournal.biomedcentral.com" />
+	<target host="gutpathogens.biomedcentral.com" />
+	<target host="gynoncrp.biomedcentral.com" />
+	<target host="harmreductionjournal.biomedcentral.com" />
+	<target host="hccpjournal.biomedcentral.com" />
+	<target host="head-face-med.biomedcentral.com" />
+	<target host="health-policy-systems.biomedcentral.com" />
+	<target host="hereditasjournal.biomedcentral.com" />
+	<target host="hissjournal.biomedcentral.com" />
+	<target host="hmap.biomedcentral.com" />
+	<target host="hmr.biomedcentral.com" />
+	<target host="hqlo.biomedcentral.com" />
+	<target host="human-resources-health.biomedcentral.com" />
+	<target host="humgenomics.biomedcentral.com" />
+	<target host="idpjournal.biomedcentral.com" />
+	<target host="ij-healthgeographics.biomedcentral.com" />
+	<target host="ijbnpa.biomedcentral.com" />
+	<target host="ijhpr.biomedcentral.com" />
+	<target host="ijmhs.biomedcentral.com" />
+	<target host="ijpeonline.biomedcentral.com" />
+	<target host="ijponline.biomedcentral.com" />
+	<target host="immunityageing.biomedcentral.com" />
+	<target host="immunome-research.biomedcentral.com" />
+	<target host="implementationscience.biomedcentral.com" />
+	<target host="infectagentscancer.biomedcentral.com" />
+	<target host="inflammregen.biomedcentral.com" />
+	<target host="intarchmed.biomedcentral.com" />
+	<target host="internationalbreastfeedingjournal.biomedcentral.com" />
+	<target host="investigativegenetics.biomedcentral.com" />
+	<target host="irishvetjournal.biomedcentral.com" />
+	<target host="issoonline.biomedcentral.com" />
+	<target host="janimscitechnol.biomedcentral.com" />
+	<target host="jasbsci.biomedcentral.com" />
+	<target host="jautoimdis.biomedcentral.com" />
+	<target host="jbiol.biomedcentral.com" />
+	<target host="jbioleng.biomedcentral.com" />
+	<target host="jbiolres.biomedcentral.com" />
+	<target host="jbiomedsci.biomedcentral.com" />
+	<target host="jbiomedsem.biomedcentral.com" />
+	<target host="jcircadianrhythms.biomedcentral.com" />
+	<target host="jclinbioinformatics.biomedcentral.com" />
+	<target host="jcmr-online.biomedcentral.com" />
+	<target host="jcompassionatehc.biomedcentral.com" />
+	<target host="jcongenitalcardiology.biomedcentral.com" />
+	<target host="jdmdonline.biomedcentral.com" />
+	<target host="jeatdisord.biomedcentral.com" />
+	<target host="jeccr.biomedcentral.com" />
+	<target host="jecoenv.biomedcentral.com" />
+	<target host="jehse.biomedcentral.com" />
+	<target host="jfootankleres.biomedcentral.com" />
+	<target host="jhoonline.biomedcentral.com" />
+	<target host="jhpn.biomedcentral.com" />
+	<target host="jibtherapies.biomedcentral.com" />
+	<target host="jintensivecare.biomedcentral.com" />
+	<target host="jissn.biomedcentral.com" />
+	<target host="jitc.biomedcentral.com" />
+	<target host="jmedicalcasereports.biomedcentral.com" />
+	<target host="jmolecularpsychiatry.biomedcentral.com" />
+	<target host="jnanobiotechnology.biomedcentral.com" />
+	<target host="jneurodevdisorders.biomedcentral.com" />
+	<target host="jneuroengrehab.biomedcentral.com" />
+	<target host="jneuroinflammation.biomedcentral.com" />
+	<target host="jnrbm.biomedcentral.com" />
+	<target host="joppp.biomedcentral.com" />
+	<target host="josr-online.biomedcentral.com" />
+	<target host="journal-inflammation.biomedcentral.com" />
+	<target host="journalotohns.biomedcentral.com" />
+	<target host="journalretinavitreous.biomedcentral.com" />
+	<target host="jphcs.biomedcentral.com" />
+	<target host="jphysiolanthropol.biomedcentral.com" />
+	<target host="jtultrasound.biomedcentral.com" />
+	<target host="jvat.biomedcentral.com" />
+	<target host="kidneydistransplant.biomedcentral.com" />
+	<target host="lipidworld.biomedcentral.com" />
+	<target host="longevityandhealthspan.biomedcentral.com" />
+	<target host="malariajournal.biomedcentral.com" />
+	<target host="mbr.biomedcentral.com" />
+	<target host="medicalgasresearch.biomedcentral.com" />
+	<target host="mhnpjournal.biomedcentral.com" />
+	<target host="microbialcellfactories.biomedcentral.com" />
+	<target host="microbialinformaticsj.biomedcentral.com" />
+	<target host="microbiomejournal.biomedcentral.com" />
+	<target host="mmrjournal.biomedcentral.com" />
+	<target host="mobilednajournal.biomedcentral.com" />
+	<target host="molcelltherapies.biomedcentral.com" />
+	<target host="molecular-cancer.biomedcentral.com" />
+	<target host="molecularautism.biomedcentral.com" />
+	<target host="molecularbrain.biomedcentral.com" />
+	<target host="molecularcytogenetics.biomedcentral.com" />
+	<target host="molecularneurodegeneration.biomedcentral.com" />
+	<target host="molecularpain.biomedcentral.com" />
+	<target host="movementecologyjournal.biomedcentral.com" />
+	<target host="mrmjournal.biomedcentral.com" />
+	<target host="msddjournal.biomedcentral.com" />
+	<target host="neuraldevelopment.biomedcentral.com" />
+	<target host="npepjournal.biomedcentral.com" />
+	<target host="nutrirejournal.biomedcentral.com" />
+	<target host="nutritionandmetabolism.biomedcentral.com" />
+	<target host="nutritionj.biomedcentral.com" />
+	<target host="nvijournal.biomedcentral.com" />
+	<target host="oas.biomedcentral.com" />
+	<target host="occup-med.biomedcentral.com" />
+	<target host="ojrd.biomedcentral.com" />
+	<target host="old.biomedcentral.com" />
+	<target host="ovarianresearch.biomedcentral.com" />
+	<target host="parasitesandvectors.biomedcentral.com" />
+	<target host="particleandfibretoxicology.biomedcentral.com" />
+	<target host="ped-rheum.biomedcentral.com" />
+	<target host="peh-med.biomedcentral.com" />
+	<target host="perioperativemedicinejournal.biomedcentral.com" />
+	<target host="pilotfeasibilitystudies.biomedcentral.com" />
+	<target host="plantmethods.biomedcentral.com" />
+	<target host="pneumonia.biomedcentral.com" />
+	<target host="pophealthmetrics.biomedcentral.com" />
+	<target host="porcinehealthmanagement.biomedcentral.com" />
+	<target host="proteomesci.biomedcentral.com" />
+	<target host="pssjournal.biomedcentral.com" />
+	<target host="publichealthreviews.biomedcentral.com" />
+	<target host="rbej.biomedcentral.com" />
+	<target host="reproductive-health-journal.biomedcentral.com" />
+	<target host="researchintegrityjournal.biomedcentral.com" />
+	<target host="resource-allocation.biomedcentral.com" />
+	<target host="respiratory-research.biomedcentral.com" />
+	<target host="retrovirology.biomedcentral.com" />
+	<target host="revchilhistnat.biomedcentral.com" />
+	<target host="ro-journal.biomedcentral.com" />
+	<target host="rrtjournal.biomedcentral.com" />
+	<target host="safetyinhealth.biomedcentral.com" />
+	<target host="scfbm.biomedcentral.com" />
+	<target host="scoliosisjournal.biomedcentral.com" />
+	<target host="silencejournal.biomedcentral.com" />
+	<target host="sjtrem.biomedcentral.com" />
+	<target host="skeletalmusclejournal.biomedcentral.com" />
+	<target host="sleep.biomedcentral.com" />
+	<target host="standardsingenomics.biomedcentral.com" />
+	<target host="stemcellres.biomedcentral.com" />
+	<target host="substanceabusepolicy.biomedcentral.com" />
+	<target host="systematicreviewsjournal.biomedcentral.com" />
+	<target host="tbiomed.biomedcentral.com" />
+	<target host="tdtmvjournal.biomedcentral.com" />
+	<target host="thrombosisjournal.biomedcentral.com" />
+	<target host="thyroidresearchjournal.biomedcentral.com" />
+	<target host="tobaccoinduceddiseases.biomedcentral.com" />
+	<target host="translational-medicine.biomedcentral.com" />
+	<target host="translationalneurodegeneration.biomedcentral.com" />
+	<target host="transmedcomms.biomedcentral.com" />
+	<target host="transplantationresearch.biomedcentral.com" />
+	<target host="traumamanagement.biomedcentral.com" />
+	<target host="trialsjournal.biomedcentral.com" />
+	<target host="tropmedhealth.biomedcentral.com" />
+	<target host="vascularcell.biomedcentral.com" />
+	<target host="veterinaryresearch.biomedcentral.com" />
+	<target host="virologyj.biomedcentral.com" />
+	<target host="waojournal.biomedcentral.com" />
+	<target host="wjes.biomedcentral.com" />
+	<target host="wjso.biomedcentral.com" />
+	<target host="womensmidlifehealthjournal.biomedcentral.com" />
+	<target host="zoologicalletters.biomedcentral.com" />
+
+	<securecookie host=".+" name=".+"/>
+
+	<rule from="^http://biomedcentral\.com/"
+		to="https://www.biomedcentral.com/" />
+
+	<rule from="^http://oas\.biomedcentral\.com/"
+		to="https://oasc-eu1.247realmedia.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BioOne.org.xml b/src/chrome/content/rules/BioOne.org.xml
new file mode 100644
index 000000000000..54127ae6302f
--- /dev/null
+++ b/src/chrome/content/rules/BioOne.org.xml
@@ -0,0 +1,34 @@
+<!--
+	Invalid certificate:
+		about.bioone.org
+		careercenter.bioone.org
+		complete.bioone.org
+		el.bioone.org
+
+	Some pages redirect to HTTP:
+		bioone.org
+		www.bioone.org
+
+	Time out:
+		maint.bioone.org
+
+-->
+<ruleset name="BioOne.org (partial)">
+
+	<target host="bioone.org" />
+	<target host="www.bioone.org" />
+
+	<!-- Exclude implicit test urls -->
+	<exclusion pattern="^http://(www\.)?bioone\.org/$" />
+
+	<rule from="^http://(www\.)?bioone\.org/(templates|na101)/"
+		to="https://$1bioone.org/$2/" />
+
+		<test url="http://bioone.org/templates/jsp/style.css" />
+		<test url="http://www.bioone.org/templates/jsp/style.css" />
+		<test url="http://www.bioone.org/templates/jsp/_style2/_AP/_bioone/apple-touch-icon.png" />
+		<test url="http://www.bioone.org/templates/jsp/_style2/_AP/_bioone/images/bioOne_logo.gif" />
+		<test url="http://www.bioone.org/templates/jsp/_style2/_AP/_bioone/images/button_minus_green.gif" />
+		<test url="http://www.bioone.org/na101/home/literatum/publisher/bioone/journals/content/tauk/2018/00048038-135.2/00048038-135.2/20180115-01/00048038-135.2.cover.jpg" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BioShock_Infinite.xml b/src/chrome/content/rules/BioShock_Infinite.xml
index 478a3f320f6f..341689fa9ba2 100644
--- a/src/chrome/content/rules/BioShock_Infinite.xml
+++ b/src/chrome/content/rules/BioShock_Infinite.xml
@@ -1,28 +1,49 @@
 <!--
 	For other 2K Games coverage, see 2K_Games.xml.
 
+
+	Problematic domains:
+
+		- (www.)?finkmanufacturing.com *
+
+	* Mismatched
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.bioshockinfinite.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
 -->
 <ruleset name="BioShock Infinite">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="bioshockinfinite.com" />
 	<target host="www.bioshockinfinite.com" />
+
+	<!--	Complications:
+				-->
 	<target host="finkmanufacturing.com" />
 	<target host="www.finkmanufacturing.com" />
 
 
-	<securecookie host="^www\.bioshockinfinite\.com$" name=".+" />
-	<securecookie host="^(?:www\.)?finkmanufacturing\.com$" name=".+" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.bioshockinfinite\.com$" name="^(?:PHPSESSID|exp_last_activity|exp_last_visit|exp_tracker|exp_transcribe)$" /-->
 
+	<securecookie host="^\w" name=".+" />
 
-	<rule from="^http://(www\.)?bioshockinfinite\.com/"
-		to="https://$1bioshockinfinite.com/" />
 
-	<!--	Fails to redirect
+	<!--	Redirects like so:
 					-->
-	<rule from="^http://finkmanufacturing\.com/(?:\?.*)?$"
-		to="https://www.finkmanufacturing.com/" />
+	<rule from="^http://(?:www\.)?finkmanufacturing\.com/+([^?/]*).*"
+		to="https://www.bioshockinfinite.com/faq$1" />
+
+		<test url="http://www.finkmanufacturing.com/dlc1/adjust-difficulty" />
 
-	<rule from="^http://(www\.)?finkmanufacturing\.com/"
-		to="https://$1finkmanufacturing.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/BioVendor.cz.xml b/src/chrome/content/rules/BioVendor.cz.xml
new file mode 100644
index 000000000000..2ca2f5ec6fe1
--- /dev/null
+++ b/src/chrome/content/rules/BioVendor.cz.xml
@@ -0,0 +1,11 @@
+<ruleset name="BioVendor.cz">
+    <target host="biovendor.cz" />
+    <target host="www.biovendor.cz" />
+    <target host="mail.biovendor.cz" />
+    <target host="modrice.biovendor.cz" />
+    <target host="it.biovendor.cz" />
+    <target host="kp.biovendor.cz" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/BioWare.xml b/src/chrome/content/rules/BioWare.xml
index 46aa39aadbb6..851b20d84a81 100644
--- a/src/chrome/content/rules/BioWare.xml
+++ b/src/chrome/content/rules/BioWare.xml
@@ -1,42 +1,21 @@
 <!--
 	For other Electronic Arts coverage, see Electronic-Arts.xml.
 
-
 	CDN buckets:
-
 		- ea-039.vo.llnwd.net
 			- na.llnet.bioware.cdn.ea.com
 			- ea-039.hs doesn't exist
 
-
-	Nonfunctional domains:
-
-		- na.llnet.bioware.cdn.ea.com	(cert: *.hs.llnwd.net; 400)
-
+	Connection refused:
+		- na.llnet.bioware.cdn.ea.com
 -->
-<ruleset name="BioWare (partial)">
 
-	<target host="na.llnet.bioware.cdn.ea.com" />
+<ruleset name="BioWare (partial)">
 	<target host="social.bioware.com" />
 	<target host="biowarestore.com" />
-	<target host="*.biowarestore.com" />
-
+	<target host="www.biowarestore.com" />
 
 	<securecookie host="^\.biowarestore\.com$" name=".+" />
 
-
-
-	<rule from="^https?://na\.llnet\.bioware\.cdn\.ea\.com/u/f/eagames/bioware/social/"
-		to="https://social.bioware.com/" />
-
-	<!--	At least some pages 302 to http.
-						-->
-	<rule from="^http://social\.bioware\.com/(images/|packer\.php|templates/)"
-		to="https://social.bioware.com/$1" />
-
-	<!--	Cert only matches ^biowarestore.com.
-							-->
-	<rule from="^https?://(?:www\.)?biowarestore\.com/"
-		to="https://biowarestore.com/" />
-
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Bioconductor.org.xml b/src/chrome/content/rules/Bioconductor.org.xml
new file mode 100644
index 000000000000..fbd7f7c07b87
--- /dev/null
+++ b/src/chrome/content/rules/Bioconductor.org.xml
@@ -0,0 +1,24 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- support.bioconductor.org
+
+-->
+<ruleset name="Bioconductor.org">
+
+	<target host="bioconductor.org" />
+	<target host="support.bioconductor.org" />
+	<target host="www.bioconductor.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^support\.bioconductor\.org$" name="^biostar2$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Biocubafarma.cu.xml b/src/chrome/content/rules/Biocubafarma.cu.xml
new file mode 100644
index 000000000000..de11abe32f62
--- /dev/null
+++ b/src/chrome/content/rules/Biocubafarma.cu.xml
@@ -0,0 +1,28 @@
+<!--
+	^ does not exist.
+
+	Refused:
+		- atlantis.oc
+
+	Timeout:
+		- ba
+		- mba
+
+	Mismatched:
+		- comas
+		- directorio
+		- ocs
+		- www.cdc
+-->
+<ruleset name="Biocubafarma.cu" default_off="cert-chain">
+	<target host="www.biocubafarma.cu" />
+	<target host="www.8marzo.biocubafarma.cu" />
+	<target host="capital.biocubafarma.cu" />
+	<target host="combiomed.biocubafarma.cu" />
+	<target host="pci.biocubafarma.cu" />
+	<target host="www.sigestic.biocubafarma.cu" />
+	<target host="vc.biocubafarma.cu" />
+	<target host="webmail.biocubafarma.cu" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Biofitt.com.xml b/src/chrome/content/rules/Biofitt.com.xml
index c01819108c63..1c9b860029e8 100644
--- a/src/chrome/content/rules/Biofitt.com.xml
+++ b/src/chrome/content/rules/Biofitt.com.xml
@@ -1,13 +1,12 @@
 <ruleset name="biofitt.com">
 
 	<target host="biofitt.com" />
-	<target host="*.biofitt.com" />
+	<target host="www.biofitt.com" />
 
 
 	<securecookie host="^(?:www)?\.biofitt\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?biofitt\.com/"
-		to="https://$1biofitt.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Biologo.ru.xml b/src/chrome/content/rules/Biologo.ru.xml
new file mode 100644
index 000000000000..4f196d02d838
--- /dev/null
+++ b/src/chrome/content/rules/Biologo.ru.xml
@@ -0,0 +1,11 @@
+<!--
+	Mismatched:
+		- www
+-->
+<ruleset name="Biologo.ru">
+	<target host="biologo.ru" />
+	<target host="www.biologo.ru" />
+
+	<rule from="^http://www\.biologo\.ru/" to="https://biologo.ru/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Bios-Mods.com.xml b/src/chrome/content/rules/Bios-Mods.com.xml
new file mode 100644
index 000000000000..a8c746f15fcf
--- /dev/null
+++ b/src/chrome/content/rules/Bios-Mods.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- bios-mods.com
+		- www.bios-mods.com
+
+-->
+<ruleset name="Bios-Mods.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="bios-mods.com" />
+	<target host="www.bios-mods.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^(?:www\.)?bios-mods\.com$" name="^biosmods_wiki_medwiki(?:LoggedOut|Token|UserID)$" /-->
+
+	<securecookie host="^(?:www\.)?bios-mods\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Biostars.org.xml b/src/chrome/content/rules/Biostars.org.xml
new file mode 100644
index 000000000000..7f2f78b6853e
--- /dev/null
+++ b/src/chrome/content/rules/Biostars.org.xml
@@ -0,0 +1,23 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- www.biostars.org
+
+-->
+<ruleset name="Biostars.org">
+
+	<target host="biostars.org" />
+	<target host="www.biostars.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.biostars\.org$" name="^(biostar2|csrftoken)$" /-->
+
+	<securecookie host="^www\.biostars\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Biotrim_Labs.com.xml b/src/chrome/content/rules/Biotrim_Labs.com.xml
index a081a24e2a96..88cca3d3531f 100644
--- a/src/chrome/content/rules/Biotrim_Labs.com.xml
+++ b/src/chrome/content/rules/Biotrim_Labs.com.xml
@@ -1,13 +1,108 @@
-<ruleset name="Biotrim Labs.com">
+<ruleset name="Biotrim Labs.com (partial)">
 
 	<target host="biotrimlabs.com" />
-	<target host="*.biotrimlabs.com" />
+	<target host="de.biotrimlabs.com" />
+	<target host="es.biotrimlabs.com" />
+	<target host="fr.biotrimlabs.com" />
+	<target host="www.biotrimlabs.com" />
 
+		<!--	Redirect to http:
+					-->
+		<!--exclusion pattern="^http://(?:de|es|fr|www)\.biotrimlabs\.com/(?:contact|health-vault)?\?ysid=[\da-f]" /-->
+		<!--exclusion pattern="^http://(?:de|fr|www)\.biotrimlabs\.com/products$" /-->
+		<!--exclusion pattern="^http://es\.biotrimlabs\.com/health-muscle-products$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://(?:(?:de|fr|www)\.)?biotrimlabs\.com/(?!/*(?:(?:asset|j)s/.+\.css(?:$|\?)|css/|images/|(?:health-muscle-products|privacy-policy|store|terms-conditions)(?:$|[?/])))" />
+		<exclusion pattern="^http://es\.biotrimlabs\.com/(?!/*(?:(?:asset|j)s/.+\.css(?:$|\?)|css/|images/|(?:privacy-policy|products|store|terms-conditions)(?:$|[?/])))" />
 
-	<securecookie host="^(?:w*\.)?biotrimlabs\.com$" name=".+" />
+			<!--	+ve:
+					-->
+			<test url="http://de.biotrimlabs.com/contact" />
+			<test url="http://de.biotrimlabs.com/health-vault" />
+			<test url="http://de.biotrimlabs.com/premier" />
+			<test url="http://de.biotrimlabs.com/products" />
 
+			<test url="http://es.biotrimlabs.com/404.html" />
+			<test url="http://es.biotrimlabs.com/contact" />
+			<test url="http://es.biotrimlabs.com/health-vault" />
+			<test url="http://es.biotrimlabs.com/premier" />
+			<test url="http://es.biotrimlabs.com/favicon.ico" />
+			<test url="http://es.biotrimlabs.com/default.aspx" />
+			<test url="http://es.biotrimlabs.com/index.cgi" />
+			<test url="http://es.biotrimlabs.com/index.chm" />
+			<test url="http://es.biotrimlabs.com/index.htm" />
+			<test url="http://es.biotrimlabs.com/index.html" />
+			<test url="http://es.biotrimlabs.com/index.jsp" />
+			<test url="http://es.biotrimlabs.com/index.php" />
+			<test url="http://es.biotrimlabs.com/index.xhml" />
+			<test url="http://es.biotrimlabs.com/index.xml" />
 
-	<rule from="^http://(www\.)?biotrimlabs\.com/"
-		to="https://$1biotrimlabs.com/" />
+			<test url="http://fr.biotrimlabs.com/contact" />
+			<test url="http://fr.biotrimlabs.com/health-vault" />
+			<test url="http://fr.biotrimlabs.com/premier" />
+			<test url="http://fr.biotrimlabs.com/products" />
+
+			<test url="http://www.biotrimlabs.com/contact" />
+			<test url="http://www.biotrimlabs.com/favicon.ico" />
+			<test url="http://www.biotrimlabs.com/health-vault" />
+			<test url="http://www.biotrimlabs.com/premier" />
+			<test url="http://www.biotrimlabs.com/products" />
+
+			<!--	-ve:
+					-->
+			<test url="http://de.biotrimlabs.com/css/form.css" />
+			<test url="http://de.biotrimlabs.com/health-muscle-products" />
+			<test url="http://de.biotrimlabs.com/images/selectLangArrow.png" />
+			<test url="http://de.biotrimlabs.com/js/libs/fancybox/jquery.fancybox.css" />
+			<test url="http://de.biotrimlabs.com/terms-conditions" />
+
+			<test url="http://es.biotrimlabs.com/css/form.css" />
+			<test url="http://es.biotrimlabs.com/images/homeBg.png" />
+			<test url="http://es.biotrimlabs.com/js/libs/fancybox/jquery.fancybox.css" />
+			<test url="http://es.biotrimlabs.com/privacy-policy" />
+			<test url="http://es.biotrimlabs.com/products/control-de-peso/acai-ultra-lean" />
+			<test url="http://es.biotrimlabs.com/store/cart" />
+			<test url="http://es.biotrimlabs.com/store/checkout" />
+			<test url="http://es.biotrimlabs.com/store/member/forgotpassword" />
+			<test url="http://es.biotrimlabs.com/store/member/login" />
+			<test url="http://es.biotrimlabs.com/store/products" />
+			<test url="http://es.biotrimlabs.com/terms-conditions" />
+
+			<test url="http://fr.biotrimlabs.com/assets/d44eb32a/pager.css" />
+			<test url="http://fr.biotrimlabs.com/css/form.css" />
+			<test url="http://fr.biotrimlabs.com/health-muscle-products" />
+			<test url="http://fr.biotrimlabs.com/health-muscle-products/nettoie/pure-life-cleanse" />
+			<test url="http://fr.biotrimlabs.com/images/ddArrow.png" />
+			<test url="http://fr.biotrimlabs.com/js/libs/fancybox/jquery.fancybox.css" />
+			<test url="http://fr.biotrimlabs.com/privacy-policy" />
+			<test url="http://fr.biotrimlabs.com/store/cart" />
+			<test url="http://fr.biotrimlabs.com/store/checkout" />
+			<test url="http://fr.biotrimlabs.com/store/member/forgotpassword" />
+			<test url="http://fr.biotrimlabs.com/store/member/login" />
+			<test url="http://fr.biotrimlabs.com/store/products" />
+			<test url="http://fr.biotrimlabs.com/terms-conditions" />
+
+			<test url="http://www.biotrimlabs.com/css/fonts/OpenSans-Bold-webfont.eot" />
+			<test url="http://www.biotrimlabs.com/css/form.css" />
+			<test url="http://www.biotrimlabs.com/health-muscle-products" />
+			<test url="http://www.biotrimlabs.com/health-muscle-products/cleanses/pure-life-cleanse" />
+			<test url="http://www.biotrimlabs.com/images/homeBg.png" />
+			<test url="http://www.biotrimlabs.com/js/libs/fancybox/jquery.fancybox.css" />
+			<test url="http://www.biotrimlabs.com/privacy-policy" />
+			<test url="http://www.biotrimlabs.com/store/cart" />
+			<test url="http://www.biotrimlabs.com/store/checkout" />
+			<test url="http://www.biotrimlabs.com/store/member/forgotpassword" />
+			<test url="http://www.biotrimlabs.com/store/member/login" />
+			<test url="http://www.biotrimlabs.com/terms-conditions" />
+			<test url="http://www.biotrimlabs.com/userfiles/store/products/images/10/thumb_premier.png" />
+
+
+	<securecookie host="^\." name="^__cfduid$" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Biqle.com.xml b/src/chrome/content/rules/Biqle.com.xml
new file mode 100644
index 000000000000..297284b3a0bf
--- /dev/null
+++ b/src/chrome/content/rules/Biqle.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="biqle.com">
+	<target host="biqle.com"/>
+	<target host="www.biqle.com"/>
+
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/Bircko.com.xml b/src/chrome/content/rules/Bircko.com.xml
index ecf6dac8c043..624052de544b 100644
--- a/src/chrome/content/rules/Bircko.com.xml
+++ b/src/chrome/content/rules/Bircko.com.xml
@@ -1,13 +1,12 @@
 <ruleset name="Bircko.com">
 
 	<target host="bircko.com" />
-	<target host="*.bircko.com" />
+	<target host="www.bircko.com" />
 
 
 	<securecookie host="^(?:w*\.)?bircko\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?bircko\.com/"
-		to="https://$1bircko.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/BirdLife.org-problematic.xml b/src/chrome/content/rules/BirdLife.org-problematic.xml
new file mode 100644
index 000000000000..a855f45e6044
--- /dev/null
+++ b/src/chrome/content/rules/BirdLife.org-problematic.xml
@@ -0,0 +1,17 @@
+<!--
+	For rules that are on by default, see BirdLife.org.xml
+
+-->
+<ruleset name="BirdLife.org (problematic)" default_off="cert-chain">
+
+	<target host="climatechange.birdlife.org" />
+	<target host="www.climatechange.birdlife.org" />
+	<target host="penguin.birdlife.org" />
+
+	<rule from="^http://www\.climatechange\.birdlife\.org/"
+		to="https://climatechange.birdlife.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BirdLife.org.xml b/src/chrome/content/rules/BirdLife.org.xml
new file mode 100644
index 000000000000..a354c9ef0033
--- /dev/null
+++ b/src/chrome/content/rules/BirdLife.org.xml
@@ -0,0 +1,48 @@
+<!--
+	For rules that are off by default, see BirdLife.org-problematic.xml
+
+	Invalid certificate:
+		www.climatechange.birdlife.org
+		www.datazone.birdlife.org
+		magazine.birdlife.org
+		www.magazine.birdlife.org
+		www.migratorysoaringbirds.birdlife.org
+		tokyo.birdlife.org
+		migratorysoaringbirds.undp.birdlife.org
+		vintageairrally.birdlife.org
+
+	Broken cert chain:
+		climatechange.birdlife.org
+		penguin.birdlife.org
+
+	Time out:
+		cloud1.birdlife.org
+
+	Redirect to broken target:
+		datazone.birdlife.org
+		migratorysoaringbirds.birdlife.org
+		seabirds.birdlife.org
+
+	Mixed content:
+		globally-threatened-bird-forums.birdlife.org
+		sociable-lapwing.birdlife.org
+
+	No working URL known:
+		maps.birdlife.org
+
+-->
+<ruleset name="BirdLife.org">
+
+	<target host="birdlife.org" />
+	<target host="www.birdlife.org" />
+	<target host="caribbean.birdlife.org" />
+	<target host="europe.birdlife.org" />
+	<target host="extranet.birdlife.org" />
+	<target host="flywayfriends.birdlife.org" />
+	<target host="pacific.birdlife.org" />
+	<target host="partnership.birdlife.org" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Birds-Are-Nice.me.xml b/src/chrome/content/rules/Birds-Are-Nice.me.xml
new file mode 100644
index 000000000000..4ea302705210
--- /dev/null
+++ b/src/chrome/content/rules/Birds-Are-Nice.me.xml
@@ -0,0 +1,13 @@
+<!--
+	Invalid certificate:
+		www.birds-are-nice.me
+
+-->
+<ruleset name="Birds-Are-Nice.me">
+
+	<target host="birds-are-nice.me" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Birdtree.org.xml b/src/chrome/content/rules/Birdtree.org.xml
new file mode 100644
index 000000000000..1510742b7d30
--- /dev/null
+++ b/src/chrome/content/rules/Birdtree.org.xml
@@ -0,0 +1,9 @@
+<ruleset name="Birdtree.org">
+
+	<target host="birdtree.org" />
+	<target host="www.birdtree.org" />
+	<target host="blog.birdtree.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Birthday_in_a_Box.xml b/src/chrome/content/rules/Birthday_in_a_Box.xml
index 25af8023cc14..ab363b8236b8 100644
--- a/src/chrome/content/rules/Birthday_in_a_Box.xml
+++ b/src/chrome/content/rules/Birthday_in_a_Box.xml
@@ -7,7 +7,7 @@
 	<!--	- Cert only matches www
 		- At least some pages redirect to http.
 							-->
-	<rule from="^https?://(?:www\.)?birthdayinabox\.com/(csc_inc|css|images)"
+	<rule from="^http://(?:www\.)?birthdayinabox\.com/(csc_inc|css|images)"
 		to="https://www.birthdayinabox.com/$1/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Birthprint.xml b/src/chrome/content/rules/Birthprint.xml
deleted file mode 100644
index 93f9469621a4..000000000000
--- a/src/chrome/content/rules/Birthprint.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="Birthprint">
-	<target host="birthprint.com" />
-	<target host="www.birthprint.com" />
-
-	<securecookie host="^((www)?\.)?birthprint\.com" name=".+" />
-
-	<rule from="^http://(www\.)?birthprint\.com/" to="https://www.birthprint.com/" />
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/BisaQuran.com.xml b/src/chrome/content/rules/BisaQuran.com.xml
new file mode 100644
index 000000000000..27c04980d7ef
--- /dev/null
+++ b/src/chrome/content/rules/BisaQuran.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="BisaQuran.com">
+	<target host="bisaquran.com" />
+	<target host="www.bisaquran.com" />
+	<target host="mail.bisaquran.com" />
+	<target host="wp-admin.bisaquran.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Bisente.com.xml b/src/chrome/content/rules/Bisente.com.xml
new file mode 100644
index 000000000000..9826c6ee1dc4
--- /dev/null
+++ b/src/chrome/content/rules/Bisente.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="Bisente.com">
+
+	<target host="bisente.com" />
+	<target host="www.bisente.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bishop_Fox.com.xml b/src/chrome/content/rules/Bishop_Fox.com.xml
new file mode 100644
index 000000000000..7fcb304c50b7
--- /dev/null
+++ b/src/chrome/content/rules/Bishop_Fox.com.xml
@@ -0,0 +1,35 @@
+<!--
+	Insecure cookies are set for these domains and hosts:
+
+		- bishopfox.com
+		- .bishopfox.com
+		- www.bishopfox.com
+
+
+	Mixed content:
+
+		- css from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Bishop Fox.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="bishopfox.com" />
+	<target host="www.bishopfox.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?bishopfox\.com$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^\.bishopfox\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^(?:\.|www\.)?bishopfox\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bishop_Interactive-mismatches.xml b/src/chrome/content/rules/Bishop_Interactive-mismatches.xml
index 8859c79793a5..2d034b75007f 100644
--- a/src/chrome/content/rules/Bishop_Interactive-mismatches.xml
+++ b/src/chrome/content/rules/Bishop_Interactive-mismatches.xml
@@ -2,7 +2,7 @@
 	For rules that are on by default, see Bishop_Interactive.xml & Rigzone.xml.
 
 -->
-<ruleset name="Bishop Interactive (problematic)" default_off="mismatches">
+<ruleset name="Bishop Interactive (problematic)" default_off="mismatched">
 
 	<target host="riglogix.com" />
 	<target host="www.riglogix.com" />
@@ -14,10 +14,10 @@
 	<!--	Rigzone cookies are handled in Rigzone.xml.	-->
 
 
-	<rule from="^https?://(?:www\.)?riglogix\.com/"
+	<rule from="^http://(?:www\.)?riglogix\.com/"
 		to="https://riglogix.com/" />
 
 	<rule from="^http://(comptracker|noblewin)\.rigzone\.com/"
 		to="https://$1.rigzone.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Bishop_Interactive.xml b/src/chrome/content/rules/Bishop_Interactive.xml
index f4797e653072..8d15f6c1f2f4 100644
--- a/src/chrome/content/rules/Bishop_Interactive.xml
+++ b/src/chrome/content/rules/Bishop_Interactive.xml
@@ -64,10 +64,10 @@
 	<rule from="^http://(\w+\.)?bishopi\.com/"
 		to="https://$1bishopi.com/" />
 
-	<rule from="^https?://(media\.|www\.)?bishopinteractive\.com/"
+	<rule from="^http://(media\.|www\.)?bishopinteractive\.com/"
 		to="https://$1bishopi.com/" />
 
 	<rule from="^http://cdn\.bishopinteractive\.com/"
 		to="https://cdn.bishopinteractive.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Bisnow.com.xml b/src/chrome/content/rules/Bisnow.com.xml
new file mode 100644
index 000000000000..526285f2209c
--- /dev/null
+++ b/src/chrome/content/rules/Bisnow.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- www.bisnow.com
+
+-->
+<ruleset name="Bisnow.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="bisnow.com" />
+	<target host="www.bisnow.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.bisnow\.com$" name="^bisnow_session$" /-->
+
+	<securecookie host="^www\.bisnow\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bison-Fute.gouv.fr.xml b/src/chrome/content/rules/Bison-Fute.gouv.fr.xml
new file mode 100644
index 000000000000..aff271c5c56e
--- /dev/null
+++ b/src/chrome/content/rules/Bison-Fute.gouv.fr.xml
@@ -0,0 +1,19 @@
+<!--
+	Mixed content:
+		m.bison-fute.gouv.fr
+
+	Connection reset:
+		tipi.bison-fute.gouv.fr
+
+-->
+<ruleset name="Bison Futé">
+
+	<target host="www.bison-fute.gouv.fr" /><!-- MCB from ad domain -->
+	<target host="www1.bison-fute.gouv.fr" />
+	<target host="www2.bison-fute.gouv.fr" />
+	<target host="www3.bison-fute.gouv.fr" />
+	<target host="www4.bison-fute.gouv.fr" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bit2c.co.il.xml b/src/chrome/content/rules/Bit2c.co.il.xml
new file mode 100644
index 000000000000..39aebd3e70b5
--- /dev/null
+++ b/src/chrome/content/rules/Bit2c.co.il.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- bit2c.co.il
+		- www.bit2c.co.il
+
+-->
+<ruleset name="Bit2c.co.il">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="bit2c.co.il" />
+	<target host="www.bit2c.co.il" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?bit2c\.co\.il$" name="^__RequestVerificationToken$" /-->
+
+	<securecookie host="^(?:www\.)?bit2c\.co\.il$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bit9.xml b/src/chrome/content/rules/Bit9.xml
index 2bf1bc2e72b6..b62e327f4786 100644
--- a/src/chrome/content/rules/Bit9.xml
+++ b/src/chrome/content/rules/Bit9.xml
@@ -1,10 +1,13 @@
-<ruleset name="Bit9 (partial)">
+<ruleset name="Bit9.com">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="bit9.com" />
-	<target host="*.bit9.com" />
+	<target host="blog.bit9.com" />
+	<target host="www.bit9.com" />
 
 
-	<rule from="^http://(blog\.|www\.)?bit9\.com/"
-		to="https://$1bit9.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/BitBalloon.com.xml b/src/chrome/content/rules/BitBalloon.com.xml
new file mode 100644
index 000000000000..f1034c6d2280
--- /dev/null
+++ b/src/chrome/content/rules/BitBalloon.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="BitBalloon.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="bitballoon.com" />
+	<target host="www.bitballoon.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BitBay.net.xml b/src/chrome/content/rules/BitBay.net.xml
new file mode 100644
index 000000000000..a64c4afb570d
--- /dev/null
+++ b/src/chrome/content/rules/BitBay.net.xml
@@ -0,0 +1,34 @@
+<!--
+	Fully covered subdomains:
+
+		- (www.)?
+		- affiliate
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- bitbay.net
+		- .bitbay.net
+
+-->
+<ruleset name="BitBay.net">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="bitbay.net" />
+	<target host="affiliate.bitbay.net" />
+	<target host="www.bitbay.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^bitbay\.net$" name="^userLangC" /-->
+	<!--securecookie host="^\.bitbay\.net$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.?bitbay\.net$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BitBucket-mismatches.xml b/src/chrome/content/rules/BitBucket-mismatches.xml
deleted file mode 100644
index 9e72305ad49a..000000000000
--- a/src/chrome/content/rules/BitBucket-mismatches.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<!--
-	For rules that are on by default, see BitBucket.xml.
-
--->
-<ruleset name="BitBucket (mismatches)" default_off="mismatched">
-
-	<target host="portix.bitbucket.org" />
-
-
-	<rule from="^http://portix\.bitbucket\.org/"
-		to="https://portix.bitbucket.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/BitBucket.xml b/src/chrome/content/rules/BitBucket.xml
deleted file mode 100644
index c946c67fe2ce..000000000000
--- a/src/chrome/content/rules/BitBucket.xml
+++ /dev/null
@@ -1,36 +0,0 @@
-<!--
-	For problematic rules, see BitBucket-mismatches.xml.
-
-	For other Atlassian coverage, see Atlassian.xml.
-
-
-	CDN buckets:
-
-		- s3.amazonaws.com/bitbucket-assetroot/
-		- dwz7u9t8u8usb.cloudfront.net
-
-
-	Nonfunctional subdomains:
-
-		- blog		(redirects to http, wpengine)
-		- status	(refused)
-
-
-	Problematic subdomains:
-
-		- portix	(works; mismatched, CN: bitbucket.org)
-
--->
-<ruleset name="BitBucket (partial)">
-
-	<target host="bitbucket.org" />
-	<target host="*.bitbucket.org" />
-
-
-	<securecookie host="^\.?bitbucket\.org$" name=".+" />
-
-
-	<rule from="^http://(www\.)?bitbucket\.org/"
-		to="https://$1bitbucket.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/BitCalm.com.xml b/src/chrome/content/rules/BitCalm.com.xml
new file mode 100644
index 000000000000..fe85ff0b297f
--- /dev/null
+++ b/src/chrome/content/rules/BitCalm.com.xml
@@ -0,0 +1,30 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://bitcalm.com/ => https://bitcalm.com/: (7, 'Failed to connect to bitcalm.com port 443: Connection refused')
+Fetch error: http://www.bitcalm.com/ => https://www.bitcalm.com/: (6, 'Could not resolve host: www.bitcalm.com')
+
+	Insecure cookies are set for these hosts:
+
+		- bitcalm.com
+
+-->
+<ruleset name="BitCalm.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="bitcalm.com" />
+	<target host="www.bitcalm.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^bitcalm\.com$" name="^(?:csrftoken|django_language|login|sessionid)$" /-->
+
+	<securecookie host="^bitcalm\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BitCard.xml b/src/chrome/content/rules/BitCard.xml
index 24a670f30125..46a574d87e21 100644
--- a/src/chrome/content/rules/BitCard.xml
+++ b/src/chrome/content/rules/BitCard.xml
@@ -1,10 +1,14 @@
-<ruleset name="BitCard">
+<ruleset name="BitCard.org">
+
+	<!--	Direct rewrites:
+				-->
   <target host="bitcard.org" />
   <target host="www.bitcard.org" />
   <!-- The cookie is not secured.
        See http://git.develooper.com/?p=bitcard.git;a=blob;f=TODO;h=41aca0fc95be177864b689ac8365f7ca8ef78362;hb=HEAD#l7 -->
   <securecookie host="^(?:www\.)?bitcard\.org$" name="c" />
 
-  <rule from="^http://bitcard\.org/" to="https://bitcard.org/"/>
-  <rule from="^http://www\.bitcard\.org/" to="https://www.bitcard.org/"/>
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/BitCasino.io.xml b/src/chrome/content/rules/BitCasino.io.xml
new file mode 100644
index 000000000000..5ef24c0cef41
--- /dev/null
+++ b/src/chrome/content/rules/BitCasino.io.xml
@@ -0,0 +1,27 @@
+<!--
+	Insecure cookies are set for these domains and hosts:
+
+		- bitcasino.io
+		- .bitcasino.io
+
+-->
+<ruleset name="BitCasino.io">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="bitcasino.io" />
+	<target host="www.bitcasino.io" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^bitcasino\.io$" name="^JSESSIONID$" /-->
+	<!--securecookie host="^\.bitcasino\.io$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.?bitcasino\.io$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BitCoin.xml b/src/chrome/content/rules/BitCoin.xml
deleted file mode 100644
index 8320e3d219fd..000000000000
--- a/src/chrome/content/rules/BitCoin.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)	(refused)
-
-
-	Problematic subdomains:
-
-		- forum		(works; mismatched, CN: www.bitcointalk.org)
-
--->
-<ruleset name="Bitcoin (partial)">
-
-	<target host="forum.bitcoin.org" />
-
-
-	<rule from="^http://forum\.bitcoin\.org/"
-		to="https://bitcointalk.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/BitFlyer.jp.xml b/src/chrome/content/rules/BitFlyer.jp.xml
new file mode 100644
index 000000000000..03f284643032
--- /dev/null
+++ b/src/chrome/content/rules/BitFlyer.jp.xml
@@ -0,0 +1,51 @@
+<!--
+	Problematic hosts in *bitflyer.jp:
+
+		- fundflyer *
+
+	* Mismatched
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- bitflyer.jp
+		- .bitflyer.jp
+		- chainflyer.bitflyer.jp
+		- .fundflyer.bitflyer.jp
+		- lightning.bitflyer.jp
+		- www.bitflyer.jp
+
+
+	Mixed content:
+
+		- css on fundflyer from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="bitFlyer.jp (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="bitflyer.jp" />
+	<target host="chainflyer.bitflyer.jp" />
+	<!--target host="fundflyer.bitflyer.jp" /-->
+	<target host="lightning.bitflyer.jp" />
+	<target host="www.bitflyer.jp" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?bitflyer\.jp$" name="^(?:___utm[abv]\w+|ASP\.NET_SessionId)$" /-->
+	<!--securecookie host="^\.bitflyer\.jp$" name="^(?:incap_ses_\d+|nlbi|visid_incap)\d+$" /-->
+	<!--securecookie host="^chainflyer\.bitflyer\.jp$" name="^(?:___utm[abv]\w+||language)$" /-->
+	<!--securecookie host="^\.fundflyer\.bitflyer\.jp$" name="^ARRAffinity$" /-->
+	<!--securecookie host="^lightning\.bitflyer\.jp$" name="^___utm[abv]\w+$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BitGravity.xml b/src/chrome/content/rules/BitGravity.xml
index 07fda30068b7..7c0818234189 100644
--- a/src/chrome/content/rules/BitGravity.xml
+++ b/src/chrome/content/rules/BitGravity.xml
@@ -12,7 +12,6 @@
 	<securecookie host="^dashboard\.bitgravity\.com$" name=".+" />
 
 
-	<rule from="^http://dashboard\.bitgravity\.com/"
-		to="https://dashboard.bitgravity.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/BitHubLab.org.xml b/src/chrome/content/rules/BitHubLab.org.xml
new file mode 100644
index 000000000000..f3e7a4ee389c
--- /dev/null
+++ b/src/chrome/content/rules/BitHubLab.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="BitHubLab.org">
+	<target host="bithublab.org" />
+	<target host="www.bithublab.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/BitInstant.xml b/src/chrome/content/rules/BitInstant.xml
index 412a1c4432cf..e40cb78a4d72 100644
--- a/src/chrome/content/rules/BitInstant.xml
+++ b/src/chrome/content/rules/BitInstant.xml
@@ -1,20 +1,26 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://bitinstant.com/ => https://bitinstant.com/: (7, 'Failed to connect to bitinstant.com port 443: Connection refused')
+Fetch error: http://www.bitinstant.com/ => https://www.bitinstant.com/: (7, 'Failed to connect to www.bitinstant.com port 443: Connection refused')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://bitinstant.com/ => https://bitinstant.com/: (6, 'Could not resolve host: bitinstant.com')
 	Partially covered subdomains:
 
 		- blog		(some [most?] pages redirect to http)
 
 -->
-<ruleset name="BitInstant (partial)" platform="mixedcontent">
+<ruleset name="BitInstant (partial)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="bitinstant.com" />
-	<target host="*.bitinstant.com" />
+	<target host="www.bitinstant.com" />
 		<exclusion pattern="^http://blog\.bitinstant\.com/(?!contributor/|display/|layout/|storage/|universal/)" />
 
 
 	<securecookie host="^\.bitinstant\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?bitinstant\.com/"
-		to="https://$1bitinstant.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/BitKeeper.org.xml b/src/chrome/content/rules/BitKeeper.org.xml
new file mode 100644
index 000000000000..c78a08e7106d
--- /dev/null
+++ b/src/chrome/content/rules/BitKeeper.org.xml
@@ -0,0 +1,9 @@
+<ruleset name="BitKeeper.org">
+	<target host="bitkeeper.org" />
+	<target host="www.bitkeeper.org" />
+	<target host="users.bitkeeper.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/BitLendingClub.com.xml b/src/chrome/content/rules/BitLendingClub.com.xml
new file mode 100644
index 000000000000..aa3b70397e69
--- /dev/null
+++ b/src/chrome/content/rules/BitLendingClub.com.xml
@@ -0,0 +1,53 @@
+<!--
+	Nonfunctional hosts in *bitlendingclub.com:
+
+		- forum ¹
+		- support ²
+
+	¹ Redirects to ^bitlendingclub.com
+	² Zendesk
+
+
+	Fully covered hosts in *bitlendingclub.com:
+
+		- (www.)?
+		- blog
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- bitlendingclub.com
+		- .bitlendingclub.com
+		- www.bitlendingclub.com
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- ^ from blc.avatars.bucket.s3-us-west-2.amazonaws.com
+			- blog from $self
+
+-->
+<ruleset name="BitLendingClub.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="bitlendingclub.com" />
+	<target host="blog.bitlendingclub.com" />
+	<target host="www.bitlendingclub.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(blog\.|www\.)?bitlendingclub\.com$" name="^___utmv\w+$" /-->
+	<!--securecookie host="^bitlendingclub\.com$" name="(__ab_[\da-f]{32}|PHPSESSID)$" /-->
+	<!--securecookie host="^\.bitlendingclub\.com$" name="^(incap_ses_\d+_\d+|visid_incap_\d+)$" /-->
+
+	<securecookie host="^(?:\.|blog\.|www\.)?bitlendingclub\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BitMEX.com.xml b/src/chrome/content/rules/BitMEX.com.xml
new file mode 100644
index 000000000000..2ebc053ac277
--- /dev/null
+++ b/src/chrome/content/rules/BitMEX.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="BitMEX.com">
+
+	<target host="bitmex.com" />
+	<target host="www.bitmex.com" />
+        <target host="blog.bitmex.com" />
+        <target host="testnet.bitmex.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BitMissile-mismatches.xml b/src/chrome/content/rules/BitMissile-mismatches.xml
index e6a039babb26..ab970b728de4 100644
--- a/src/chrome/content/rules/BitMissile-mismatches.xml
+++ b/src/chrome/content/rules/BitMissile-mismatches.xml
@@ -2,7 +2,7 @@
 	For rules that are on by default, see BitMissile.xml.
 
 -->
-<ruleset name="BitMissile (mismatches)" default_off="mismatch">
+<ruleset name="BitMissile (mismatches)" default_off="mismatched">
 
 	<!--	Cert: live.bitmissile.com	-->
 	<target host="mirror.bitmissile.com" />
@@ -12,7 +12,6 @@
 	<!--	Cookies are handled in BitMissile.xml.	-->
 
 
-	<rule from="^http://(mirror|www)\.bitmissile\.com/"
-		to="https://$1.bitmissile.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/BitMissile.xml b/src/chrome/content/rules/BitMissile.xml
index 807f036d7604..5476c2f99f64 100644
--- a/src/chrome/content/rules/BitMissile.xml
+++ b/src/chrome/content/rules/BitMissile.xml
@@ -1,17 +1,24 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://bitmissile.com/ => https://bitmissile.com/: (6, 'Could not resolve host: bitmissile.com')
+Fetch error: http://live.bitmissile.com/ => https://live.bitmissile.com/: (6, 'Could not resolve host: live.bitmissile.com')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://bitmissile.com/ => https://bitmissile.com/: (51, "SSL: no alternative certificate subject name matches target host name 'bitmissile.com'")
+Fetch error: http://live.bitmissile.com/ => https://live.bitmissile.com/: (6, 'Could not resolve host: live.bitmissile.com')
 	For problematic rules, see BitMissile-mismatches.xml.
 
 -->
-<ruleset name="BitMissile (partial)">
+<ruleset name="BitMissile (partial)" default_off="failed ruleset test">
 
 	<target host="bitmissile.com" />
 	<target host="live.bitmissile.com" />
 
 
-	<securecookie host="^.*\.bitmissile\.com$" name=".*" />
+	<securecookie host="^.*\.bitmissile\.com$" name=".+" />
 
 
-	<rule from="^http://(live\.)?bitmissile\.com/"
-		to="https://$1bitmissile.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/BitMitigate.com.xml b/src/chrome/content/rules/BitMitigate.com.xml
new file mode 100644
index 000000000000..d1bcd56b9d48
--- /dev/null
+++ b/src/chrome/content/rules/BitMitigate.com.xml
@@ -0,0 +1,14 @@
+<!--
+	Invalid Certificate:
+		www.bitmitigate.com
+-->
+<ruleset name="bitmitigate.com">
+	<target host="bitmitigate.com" />
+	<target host="www.bitmitigate.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://www\.bitmitigate\.com/" to="https://bitmitigate.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/BitNZ.com.xml b/src/chrome/content/rules/BitNZ.com.xml
new file mode 100644
index 000000000000..6c4a46d7cdb4
--- /dev/null
+++ b/src/chrome/content/rules/BitNZ.com.xml
@@ -0,0 +1,31 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://bitnz.com/ => https://bitnz.com/: (28, 'Connection timed out after 20008 milliseconds')
+Fetch error: http://www.bitnz.com/ => https://www.bitnz.com/: (28, 'Connection timed out after 20000 milliseconds')
+
+	Insecure cookies are set for these hosts:
+
+		- bitnz.com
+		- www.bitnz.com
+
+-->
+<ruleset name="bitNZ.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="bitnz.com" />
+	<target host="www.bitnz.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?bitnz\.com$" name="^sessionid$" /-->
+
+	<securecookie host="^(?:www\.)?bitnz\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BitPay.xml b/src/chrome/content/rules/BitPay.xml
index 59efaa49695e..7c50e86a1742 100644
--- a/src/chrome/content/rules/BitPay.xml
+++ b/src/chrome/content/rules/BitPay.xml
@@ -1,13 +1,19 @@
-<ruleset name="BitPay">
+<ruleset name="BitPay.com">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="bitpay.com" />
-	<target host="*.bitpay.com" />
+	<target host="www.bitpay.com" />
 
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^bitpay\.com$" name="^connect\.sid$" /-->
+
 	<securecookie host="^\.?bitpay\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?bitpay\.com/"
-		to="https://$1bitpay.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/BitQuick.xml b/src/chrome/content/rules/BitQuick.xml
new file mode 100644
index 000000000000..aa385cdfddfd
--- /dev/null
+++ b/src/chrome/content/rules/BitQuick.xml
@@ -0,0 +1,40 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://bitquick.in/ => https://bitquick.in/: (6, 'Could not resolve host: bitquick.in')
+Fetch error: http://www.bitquick.in/ => https://www.bitquick.in/: (6, 'Could not resolve host: www.bitquick.in')
+Fetch error: http://bitquick.tw/ => https://bitquick.tw/: (7, 'Failed to connect to bitquick.tw port 443: Connection refused')
+Fetch error: http://www.bitquick.tw/ => https://www.bitquick.tw/: (6, 'Could not resolve host: www.bitquick.tw')
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .bitquick.co
+		- www.bitquick.co
+
+-->
+<ruleset name="BitQuick" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="bitquick.co" />
+	<target host="www.bitquick.co" />
+	<target host="bitquick.in" />
+	<target host="www.bitquick.in" />
+	<target host="bitquick.tw" />
+	<target host="www.bitquick.tw" />
+
+		<test url="http://www.bitquick.co/?a=" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.bitquick\.co$" name="^(?:__cfduid|cf_clearance)$" /-->
+	<!--securecookie host="^www\.bitquick\.co$" name="^(?:PHPSESSID|a)$" /-->
+
+	<securecookie host="^(?:www)?\.bitquick\.co$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BitRock-mismatches.xml b/src/chrome/content/rules/BitRock-mismatches.xml
index 73e6fb335e02..9bd00128ced7 100644
--- a/src/chrome/content/rules/BitRock-mismatches.xml
+++ b/src/chrome/content/rules/BitRock-mismatches.xml
@@ -1,7 +1,8 @@
 <ruleset name="BitRock (mismatches)" default_off="expired, mismatch, self-signed">
 
 	<target host="bitnami.org"/>
-	<target host="*.bitnami.org"/>
+	<target host="www.bitnami.org" />
+	<target host="helpdesk.bitnami.org" />
 
 	<rule from="^http://(?:www\.)?bitnami\.org/(favicon\.ico|images/|stylesheets/)"
 		to="https://bitnami.org/$1"/>
diff --git a/src/chrome/content/rules/BitRock.xml b/src/chrome/content/rules/BitRock.xml
index e9523259975a..766585176f87 100644
--- a/src/chrome/content/rules/BitRock.xml
+++ b/src/chrome/content/rules/BitRock.xml
@@ -1,14 +1,22 @@
-<ruleset name="BitRock (partial)">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://bitnamihosting.com/ => https://bitnamihosting.com/: (51, "SSL: no alternative certificate subject name matches target host name 'bitnamihosting.com'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://bitnamihosting.com/ => https://bitnamihosting.com/: (51, "SSL: no alternative certificate subject name matches target host name 'bitnamihosting.com'")
+-->
+<ruleset name="BitRock (partial)" default_off="failed ruleset test">
 
 	<target host="bitnamihosting.com"/>
-	<target host="*.bitnamihosting.com"/>
+	<target host="www.bitnamihosting.com" />
+	<target host="app.bitnamihosting.com" />
 
-	<securecookie host="^(app\.)?bitnamihosting\.com$" name=".*"/>
+	<securecookie host="^(?:app\.)?bitnamihosting\.com$" name=".+" />
 
 	<rule from="^http://www\.bitnamihosting\.com/"
 		to="https://app.bitnamihosting.com/"/>
 
-	<rule from="^http://(app\.)?bitnamihosting\.com/"
-		to="https://$1bitnamihosting.com/"/>
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/BitShares.org.xml b/src/chrome/content/rules/BitShares.org.xml
new file mode 100644
index 000000000000..18eb04a20a24
--- /dev/null
+++ b/src/chrome/content/rules/BitShares.org.xml
@@ -0,0 +1,27 @@
+<!--
+	Nonfunctional hosts in *bitshares.org:
+
+		- wiki *
+
+	* Refused
+
+
+	Problematic hosts in *bitshares.org:
+
+		- docs *
+
+	* Mismatched
+
+-->
+<ruleset name="BitShares.org (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="bitshares.org" />
+	<target host="www.bitshares.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BitSight_Tech.com.xml b/src/chrome/content/rules/BitSight_Tech.com.xml
new file mode 100644
index 000000000000..5aac2daddff6
--- /dev/null
+++ b/src/chrome/content/rules/BitSight_Tech.com.xml
@@ -0,0 +1,39 @@
+<!--
+	Other BitSight rulesets:
+
+		- AnubisNetworks.com.xml
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .bitsighttech.com
+		- blog.bitsighttech.com
+		- info.bitsighttech.com
+		- service.bitsighttech.com
+		- www.bitsighttech.com
+
+-->
+<ruleset name="BitSight Tech.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="bitsighttech.com" />
+	<target host="blog.bitsighttech.com" />
+	<target host="service.bitsighttech.com" />
+	<target host="info.bitsighttech.com" />
+	<target host="www.bitsighttech.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.bitsighttech\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+	<!--securecookie host="^(?:blog|info|www)\.bitsighttech\.com$" name="^hsPagesViewedThisSession$" /-->
+	<!--securecookie host="^service\.bitsighttech\.com$" name="^idp_sha1$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BitTorrent.xml b/src/chrome/content/rules/BitTorrent.xml
index abfbcc378b47..46270e0f0b4a 100644
--- a/src/chrome/content/rules/BitTorrent.xml
+++ b/src/chrome/content/rules/BitTorrent.xml
@@ -1,38 +1,128 @@
 <!--
+
 	Other BitTorrent rulesets:
 
 		- uTorrent.xml
 
-	CDN buckets:
-
-		- s3.amazonaws.com/live-installer-autoupdate/
-		- s3.amazonaws.com/bittorrent-live-thumbnail/
-
-		- bittorrent.vo.llnwd.net
-			- bittorent.hs doesn't exist
-
-		- bittorrent.gyre.wpengine.com
-
-
-	Partially covered subdomains:
-
-		- live	(some pages redirect to http)
-
-
-	Nonfunctional subdomains:
-
-		- blog	(cert: *.wpengine.com; 301s to http)
-		- bundles	(no https)
-		- www	(cert: *.hs.llnwd.net; 400)
-
+	Non-functional hosts
+		Couldn't connect to server:
+			 - dns-02.bittorrent.com
+			 - dns-03.bittorrent.com
+			 - ens-05.bittorrent.com
+			 - ens-06.bittorrent.com
+			 - ip-208-72-192-177.bittorrent.com
+			 - logs.bittorrent.com
+			 - message.bittorrent.com
+			 - orders-staging.bittorrent.com
+			 - report.bittorrent.com
+			 - router.bittorrent.com
+			 - update.bittorrent.com
+
+		Timeout was reached:
+			 - ll.ads.bittorrent.com
+			 - bleepdl.bittorrent.com
+			 - o1.bleepem.bittorrent.com
+			 - optimizely-testing.browser.bittorrent.com
+			 - bundles2.bittorrent.com
+			 - 961cbe23.generator.dna.bittorrent.com
+			 - dnagen.bittorrent.com
+			 - o1.em5.bittorrent.com
+			 - images.bittorrent.com
+			 - intranet.bittorrent.com
+			 - ip-208-72-192-3.bittorrent.com
+			 - ip-208-72-192-4.bittorrent.com
+			 - ip-208-72-192-5.bittorrent.com
+			 - ip-208-72-192-6.bittorrent.com
+			 - ip-208-72-192-7.bittorrent.com
+			 - ip-208-72-192-8.bittorrent.com
+			 - ip-208-72-192-9.bittorrent.com
+			 - labs.bittorrent.com
+			 - new.bittorrent.com
+			 - svn.bittorrent.com
+			 - sync-server.bittorrent.com
+			 - syncapp.bittorrent.com
+			 - ui.bittorrent.com
+			 - s8201.up.bittorrent.com
+			 - webres.bittorrent.com
+			 - webui.bittorrent.com
+
+		SSL connect error:
+			 - mail.bittorrent.com
+
+		SSL peer certificate was not OK:
+			 - cdn.ap.bittorrent.com
+			 - download.ap.bittorrent.com
+			 - static.ap.bittorrent.com
+			 - apps.bittorrent.com
+			 - pr.apps.bittorrent.com
+			 - yogi.apps.bittorrent.com
+			 - b.bittorrent.com
+			 - bench.bittorrent.com
+			 - bleep-help.bittorrent.com
+			 - bleepem.bittorrent.com
+			 - blog.bittorrent.com
+			 - browser-help.bittorrent.com
+			 - btapps-sdk.bittorrent.com
+			 - bundle-help.bittorrent.com
+			 - tracker.bundles.bittorrent.com
+			 - staging.content.bittorrent.com
+			 - devices.bittorrent.com
+			 - engineering.bittorrent.com
+			 - help.bittorrent.com
+			 - inclient.bittorrent.com
+			 - macreleasenotes.bittorrent.com
+			 - offers-i.bittorrent.com
+			 - releasenotes.bittorrent.com
+			 - update.sdk.bittorrent.com
+			 - update.server.bittorrent.com
+			 - sync-help.bittorrent.com
+			 - ll.www.bittorrent.com
+
+		Peer certificate cannot be authenticated with given CA certificates:
+			 - engine.ap.bittorrent.com
+			 - content.bittorrent.com
+			 - shop.bittorrent.com
+			 - torque.bittorrent.com
+
+		Incomplete certificate chain error:
+			 - platform.bittorrent.com
+
+		Status code mismatch:
+			 - ads.bittorrent.com
+
+		4xx client error:
+			 - bundles.biz.bittorrent.com
+			 - bleeposx.bittorrent.com
+			 - download-01.browser.bittorrent.com
+			 - install.browser.bittorrent.com
+			 - ops.bittorrent.com
+
+		5xx server error:
+			 - beta.bundles.bittorrent.com
+			 - website-callisto.bittorrent.com
+
+		Mixed content blocking (MCB) tiggered:
+			 - bittorrent.com
+			 - www.bittorrent.com
+			 - project-maelstrom.bittorrent.com
+			 - regserver.bittorrent.com
+			 - search.bittorrent.com
 -->
-<ruleset name="BitTorrent (partial)">
-
-	<target host="*.bittorrent.com" />
-		<exclusion pattern="^http://live\.bittorrent\.com/(?!create|css/|img/|js/|login|styles/)" />
-
-
-	<rule from="^http://(forum|live|remote|torque)\.bittorrent\.com/"
-		to="https://$1.bittorrent.com/" />
-
+<ruleset name="BitTorrent (partial)" >
+	<target host="bleepwin.bittorrent.com" />
+	<target host="bundles.bittorrent.com" />
+	<target host="mobile.bundles.bittorrent.com" />
+	<target host="cherryui.bittorrent.com" />
+	<target host="forum.bittorrent.com" />
+	<target host="live.bittorrent.com" />
+	<target host="orders.bittorrent.com" />
+	<target host="remote.bittorrent.com" />
+	<target host="remote-staging.bittorrent.com" />
+	<target host="store.bittorrent.com" />
+	<target host="try.bittorrent.com" />
+		<test url="http://try.bittorrent.com/form/" />
+
+	<securecookie host="^forum\.bittorrent\.com$" name=".+" />
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/BitVC.com.xml b/src/chrome/content/rules/BitVC.com.xml
new file mode 100644
index 000000000000..f4302e66d237
--- /dev/null
+++ b/src/chrome/content/rules/BitVC.com.xml
@@ -0,0 +1,32 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://bitvc.com/ => https://bitvc.com/: (7, 'Failed to connect to bitvc.com port 443: Connection refused')
+
+	Insecure cookies are set for these domains and hosts:
+
+		- www.bitvc.com
+		- .www.bitvc.com
+
+-->
+<ruleset name="BitVC.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="bitvc.com" />
+	<target host="static.bitvc.com" />
+	<target host="www.bitvc.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.bitvc\.com$" name="^__jsluid$" /-->
+	<!--securecookie host="^\.www\.bitvc\.com$" name="^(BITVCPRODSESSID|i_str|lang|source|zh_cn)$" /-->
+
+	<securecookie host="^\.?www\.bitvc\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BitVisor.org.xml b/src/chrome/content/rules/BitVisor.org.xml
new file mode 100644
index 000000000000..7e8276eb9b7e
--- /dev/null
+++ b/src/chrome/content/rules/BitVisor.org.xml
@@ -0,0 +1,10 @@
+<ruleset name="BitVisor.org">
+
+	<target host="bitvisor.org" />
+	<target host="www.bitvisor.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BitX.co.xml b/src/chrome/content/rules/BitX.co.xml
new file mode 100644
index 000000000000..d62baa18486a
--- /dev/null
+++ b/src/chrome/content/rules/BitX.co.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these domains and hosts:
+
+		- bitx.co
+		- .bitx.co
+
+-->
+<ruleset name="BitX.co">
+
+	<target host="bitx.co" />
+	<target host="www.bitx.co" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^bitx\.co$" name="^campaign$" /-->
+	<!--securecookie host="^\.bitx\.co$" name="^(?:__cfduid|cf_clearance)" /-->
+
+	<securecookie host="^\.?bitx\.co$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BitYes.com.xml b/src/chrome/content/rules/BitYes.com.xml
new file mode 100644
index 000000000000..cdcf1996eb10
--- /dev/null
+++ b/src/chrome/content/rules/BitYes.com.xml
@@ -0,0 +1,35 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://bityes.com/ => https://bityes.com/: (51, "SSL: no alternative certificate subject name matches target host name 'bityes.com'")
+Fetch error: http://static.bityes.com/ => https://static.bityes.com/: (6, 'Could not resolve host: static.bityes.com')
+Fetch error: http://www.bityes.com/ => https://www.bityes.com/: (60, 'SSL certificate problem: self signed certificate')
+
+	Fully covered subdomains:
+
+		- (www.)?
+		- static
+
+
+	Insecure cookies are set for these domains:
+
+		- .bityes.com
+
+-->
+<ruleset name="BitYes.com" default_off="failed ruleset test">
+
+	<target host="bityes.com" />
+	<target host="static.bityes.com" />
+	<target host="www.bityes.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.bityes\.com$" name="^(BITYESPRODSESSID|lang|source)$" /-->
+
+	<securecookie host="^\.bityes\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bit_Stampede.com.xml b/src/chrome/content/rules/Bit_Stampede.com.xml
index d1d00903dbed..63c5d766a505 100644
--- a/src/chrome/content/rules/Bit_Stampede.com.xml
+++ b/src/chrome/content/rules/Bit_Stampede.com.xml
@@ -1,4 +1,5 @@
 <!--
+
 	Mixed content:
 
 		- Images on www from www *
@@ -17,7 +18,6 @@
 	<securecookie host="^(?:www\.)?bitstampede\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?bitstampede\.com/"
-		to="https://$1bitstampede.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Bitaddress.org.xml b/src/chrome/content/rules/Bitaddress.org.xml
new file mode 100644
index 000000000000..187b3720e973
--- /dev/null
+++ b/src/chrome/content/rules/Bitaddress.org.xml
@@ -0,0 +1,12 @@
+<ruleset name="bitaddress.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="bitaddress.org" />
+	<target host="www.bitaddress.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bitch_Magazine.org.xml b/src/chrome/content/rules/Bitch_Magazine.org.xml
index 40f706aa4b89..6a549cd4514d 100644
--- a/src/chrome/content/rules/Bitch_Magazine.org.xml
+++ b/src/chrome/content/rules/Bitch_Magazine.org.xml
@@ -1,25 +1,59 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://bitchmagazine.org/ => https://bitchmagazine.org/: (51, "SSL: no alternative certificate subject name matches target host name 'bitchmagazine.org'")
+Fetch error: http://www.bitchmagazine.org/ => https://bitchmagazine.org/: (51, "SSL: no alternative certificate subject name matches target host name 'bitchmagazine.org'")
+
 	Nonfunctional subdomains:
 
-		- images	(502, valid cert)
+		- images *
+
+	* 522
+
+
+	Insecure cookies are set for these domains:
+
+		- .bitchmagazine.org
+
 
+	Mixed content:
 
-	Mixed images on www from images
+		- iframe on www from 8tracks.com ¹
+
+		- Images, on www from:
+
+			- bitchmagazine.org ¹
+			- images.bitchmagazine.org ²
+
+	¹ Secured by us
+	² Unsecurable <= 522
 
 -->
-<ruleset name="Bitch Magazine.org (partial)">
+<ruleset name="Bitch Magazine.org (partial)" default_off="failed ruleset test">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="bitchmagazine.org" />
-	<target host="*.bitchmagazine.org" />
+
+	<!--	Complications:
+				-->
+	<target host="www.bitchmagazine.org" />
 
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.bitchmagazine\.org$" name="^(__cfduid|SESS[\da-f]{32}|cf_clearance)$" /-->
+
 	<securecookie host="^\.bitchmagazine\.org$" name=".+" />
 
 
 	<!--	www redirects to ^ over http,
 		so copy that behavior:
 					-->
-	<rule from="^http://(?:www\.)?bitchmagazine\.org/"
+	<rule from="^http://www\.bitchmagazine\.org/"
 		to="https://bitchmagazine.org/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bitcoin-Borse.xml b/src/chrome/content/rules/Bitcoin-Borse.xml
index 194be6811377..b834dc49a24c 100644
--- a/src/chrome/content/rules/Bitcoin-Borse.xml
+++ b/src/chrome/content/rules/Bitcoin-Borse.xml
@@ -1,10 +1,14 @@
-<ruleset name="Bitcoin Börse">
+<!--
+	(www.)?: Refused
+
+-->
+<ruleset name="Bitcoin Börse" default_off="refused">
 
 	<target host="mybitcointrade.com" />
 	<target host="www.mybitcointrade.com" />
 
 
-	<securecookie host="^mybitcointrade\.com$" name=".*" />
+	<securecookie host="^mybitcointrade\.com$" name=".+" />
 
 
 	<!--	Cert doesn't match www.	-->
diff --git a/src/chrome/content/rules/Bitcoin-Central.xml b/src/chrome/content/rules/Bitcoin-Central.xml
index 4253a3bf3454..ef00a553035e 100644
--- a/src/chrome/content/rules/Bitcoin-Central.xml
+++ b/src/chrome/content/rules/Bitcoin-Central.xml
@@ -1,10 +1,16 @@
-<ruleset name="Bitcoin-Central">
+<!--
+	(www.)?: Expired
 
+-->
+<ruleset name="Bitcoin-Central.net" default_off="expired">
+
+	<!--	Direct rewrites:
+				-->
 	<target host="bitcoin-central.net" />
 	<target host="www.bitcoin-central.net" />
 
 
-	<rule from="^http://(www\.)?bitcoin-central\.net/"
-		to="https://$1bitcoin-central.net/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Bitcoin-Contact.org.xml b/src/chrome/content/rules/Bitcoin-Contact.org.xml
index 35d6b9279605..698e7eb87d59 100644
--- a/src/chrome/content/rules/Bitcoin-Contact.org.xml
+++ b/src/chrome/content/rules/Bitcoin-Contact.org.xml
@@ -1,17 +1,19 @@
+
 <!--
-	Expired 2012-11-17
+Disabled by https-everywhere-checker because:
+Fetch error: http://bitcoin-contact.org/ => https://bitcoin-contact.org/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.bitcoin-contact.org/ => https://www.bitcoin-contact.org/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://mail.bitcoin-contact.org/ => https://mail.bitcoin-contact.org/: (6, 'Could not resolve host: mail.bitcoin-contact.org')
 
+	Mixed Content Blocking (MCB) tiggered:
+		- bitcoin-contact.org
 -->
-<ruleset name="Bitcoin-Contact.org" default_off="expired" platform="cacert">
-
+<ruleset name="Bitcoin-Contact.org" default_off="failed ruleset test">
 	<target host="bitcoin-contact.org" />
 	<target host="www.bitcoin-contact.org" />
+	<target host="mail.bitcoin-contact.org" />
 
+	<securecookie host=".+" name=".+" />
 
-	<securecookie host="^bitcoin-contact\.org$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?bitcoin-contact\.org/"
-		to="https://bitcoin-contact.org/" />
-
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Bitcoin-Forum.xml b/src/chrome/content/rules/Bitcoin-Forum.xml
index bf4a632bf913..a5fa3c38bde5 100644
--- a/src/chrome/content/rules/Bitcoin-Forum.xml
+++ b/src/chrome/content/rules/Bitcoin-Forum.xml
@@ -1,11 +1,21 @@
-<ruleset name="Bitcoin Forum">
+<!--
+	Fully covered hosts in *bitcointalk.org:
 
+		- (www.)?
+		- ip
+
+-->
+<ruleset name="Bitcoin Talk.org">
+
+	<!--	Direct rewrites:
+				-->
 	<target host="bitcointalk.org"/>
+	<target host="ip.bitcointalk.org"/>
 	<target host="www.bitcointalk.org"/>
 
-	<securecookie host="^bitcointalk\.org$" name=".*"/>
+	<securecookie host="^bitcointalk\.org$" name=".+" />
 
-	<rule from="^http://(www\.)?bitcointalk\.org/"
-		to="https://$1bitcointalk.org/"/>
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Bitcoin-Market-24.xml b/src/chrome/content/rules/Bitcoin-Market-24.xml
deleted file mode 100644
index 23cfda6646c6..000000000000
--- a/src/chrome/content/rules/Bitcoin-Market-24.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Bitcoin Market 24">
-
-	<target host="bitcoinmarket24.com" />
-	<target host="www.bitcoinmarket24.com" />
-
-
-	<securecookie host="^(www\.)?bitcoinmarket24\.com$" name=".*" />
-
-
-	<rule from="^http://(www\.)?bitcoinmarket24\.com/"
-		to="https://$1bitcoinmarket24.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Bitcoin-VPS.xml b/src/chrome/content/rules/Bitcoin-VPS.xml
deleted file mode 100644
index dbed465680e1..000000000000
--- a/src/chrome/content/rules/Bitcoin-VPS.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		(www.)
-
--->
-<ruleset name="Bitcoin VPS (partial)">
-
-	<target host="client.bitvps.com" />
-
-
-	<rule from="^http://client\.bitvps\.com/"
-		to="https://client.bitvps.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Bitcoin-Wiki.xml b/src/chrome/content/rules/Bitcoin-Wiki.xml
index c3664a7334d1..1ca523c430a2 100644
--- a/src/chrome/content/rules/Bitcoin-Wiki.xml
+++ b/src/chrome/content/rules/Bitcoin-Wiki.xml
@@ -1,4 +1,21 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://bitcoin.at/ => https://bitcoin.at/: (6, 'Could not resolve host: bitcoin.at')
+Fetch error: http://www.bitcoin.at/ => https://www.bitcoin.at/: (6, 'Could not resolve host: www.bitcoin.at')
+Fetch error: http://bitcoin.in/ => https://bitcoin.in/: (6, 'Could not resolve host: bitcoin.in')
+Fetch error: http://www.bitcoin.in/ => https://www.bitcoin.in/: (6, 'Could not resolve host: www.bitcoin.in')
+Fetch error: http://dump.bitcoin.it/ => https://dump.bitcoin.it/: Too many redirects while fetching 'https://dump.bitcoin.it/'
+
+-->
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://bitcoin.at/ => https://bitcoin.at/: (28, 'Connection timed out after 10000 milliseconds')
+Fetch error: http://www.bitcoin.at/ => https://www.bitcoin.at/: (28, 'Connection timed out after 10000 milliseconds')
+Fetch error: http://bitcoin.in/ => https://bitcoin.in/: (28, 'Connection timed out after 10000 milliseconds')
+Fetch error: http://www.bitcoin.in/ => https://www.bitcoin.in/: (28, 'Connection timed out after 10000 milliseconds')
+
 	Fully covered domains:
 
 		- (www.)bitcoin.at
@@ -11,23 +28,22 @@
 			- en
 
 -->
-<ruleset name="Bitcoin Wiki">
+<ruleset name="Bitcoin Wiki" default_off="failed ruleset test">
 
 	<target host="bitcoin.at" />
 	<target host="www.bitcoin.at" />
 	<target host="bitcoin.in" />
 	<target host="www.bitcoin.in" />
 	<target host="bitcoin.it" />
-	<target host="*.bitcoin.it" />
-
+	<target host="dump.bitcoin.it" />
+	<target host="en.bitcoin.it" />
+	<target host="www.bitcoin.it" />
 
-	<securecookie host=".*\.bitcoin\.it$" name=".*" />
 
+	<securecookie host=".*\.bitcoin\.it$" name=".+" />
 
-	<rule from="^http://(www\.)?bitcoin\.(at|in)/"
-		to="https://$1bitcoin.$1/" />
 
-	<rule from="^http://((?:dump|en|www)\.)?bitcoin\.it/"
-		to="https://$1bitcoin.it/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Bitcoin-laundry.com.xml b/src/chrome/content/rules/Bitcoin-laundry.com.xml
new file mode 100644
index 000000000000..0bafe950fcba
--- /dev/null
+++ b/src/chrome/content/rules/Bitcoin-laundry.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Bitcoin-laundry.com">
+	<target host="bitcoin-laundry.com" />
+	<target host="www.bitcoin-laundry.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Bitcoin-otc.com.xml b/src/chrome/content/rules/Bitcoin-otc.com.xml
new file mode 100644
index 000000000000..0c2ffdd79a5e
--- /dev/null
+++ b/src/chrome/content/rules/Bitcoin-otc.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="Bitcoin-otc.com">
+  <target host="bitcoin-otc.com" />
+  <target host="www.bitcoin-otc.com" />
+  <target host="wiki.bitcoin-otc.com" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Bitcoin.Co.th.xml b/src/chrome/content/rules/Bitcoin.Co.th.xml
deleted file mode 100644
index cdbe9391864b..000000000000
--- a/src/chrome/content/rules/Bitcoin.Co.th.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Bitcoin.Co.th">
-
-	<target host="bitcoin.co.th" />
-	<target host="www.bitcoin.co.th" />
-
-
-	<securecookie host="^bitcoin\.co\.th$" name=".+" />
-
-
-	<rule from="^http://(www\.)?bitcoin\.co\.th/"
-		to="https://$1bitcoin.co.th/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Bitcoin.co.id.xml b/src/chrome/content/rules/Bitcoin.co.id.xml
new file mode 100644
index 000000000000..d6c110d88e9b
--- /dev/null
+++ b/src/chrome/content/rules/Bitcoin.co.id.xml
@@ -0,0 +1,35 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- .bitcoin.co.id
+		- newsletter.bitcoin.co.id
+		- www.bitcoin.co.id
+
+-->
+<ruleset name="Bitcoin.co.id">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="bitcoin.co.id" />
+	<target host="forum.bitcoin.co.id" />
+	<target host="indonesia.bitcoin.co.id" />
+	<target host="newsletter.bitcoin.co.id" />
+	<target host="vip.bitcoin.co.id" />
+	<target host="www.bitcoin.co.id" />
+	<target host="x.bitcoin.co.id" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.bitcoin\.co\.id$" name="^(__cfduid|btcid|cf_clearance)$" /-->
+	<!--securecookie host="^newsletter\.bitcoin\.co\.id$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^www\.bitcoin\.co\.id$" name="^btcindo_s3$" /-->
+
+
+	<securecookie host="^(?:newsletter|www)?\.bitcoin\.co\.id$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bitcoin.de.xml b/src/chrome/content/rules/Bitcoin.de.xml
deleted file mode 100644
index e30536c14549..000000000000
--- a/src/chrome/content/rules/Bitcoin.de.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<ruleset name="Bitcoin.de">
-
-	<target host="bitcoin.de" />
-	<target host="*.bitcoin.de" />
-	<target host="*.blog.bitcoin.de" />
-
-
-	<securecookie host="^.*\.bitcoin\.de$" name=".+" />
-
-
-	<rule from="^http://(blog\.|forum\.|www\.)?bitcoin\.de/"
-		to="https://$1bitcoin.de/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Bitcoin.pl.xml b/src/chrome/content/rules/Bitcoin.pl.xml
new file mode 100644
index 000000000000..508a8f797590
--- /dev/null
+++ b/src/chrome/content/rules/Bitcoin.pl.xml
@@ -0,0 +1,68 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://bitcoin.pl/components/com_jcomments/tpl/default/style.css => https://bitcoin.pl/components/com_jcomments/tpl/default/style.css: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://bitcoin.pl/images/headers/logo-bitcoin-v1.png => https://bitcoin.pl/images/headers/logo-bitcoin-v1.png: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://bitcoin.pl/login => https://bitcoin.pl/login: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://bitcoin.pl/media/modals/css/bootstrap.min.css => https://bitcoin.pl/media/modals/css/bootstrap.min.css: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://bitcoin.pl/modules/mod_facebook_slide_likebox/tmpl/css/style1.css => https://bitcoin.pl/modules/mod_facebook_slide_likebox/tmpl/css/style1.css: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://bitcoin.pl/templates/jm-hot-news/images/search.png => https://bitcoin.pl/templates/jm-hot-news/images/search.png: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.forum.bitcoin.pl/ => https://www.forum.bitcoin.pl/: (51, "SSL: no alternative certificate subject name matches target host name 'www.forum.bitcoin.pl'")
+Fetch error: http://www.bitcoin.pl/ => https://www.bitcoin.pl/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	(www.)?: Some pages redirect to http
+
+
+	Insecure cookies are set for these domains:
+
+		- .forum.bitcoin.pl
+
+-->
+<ruleset name="Bitcoin.pl (partial)" default_off="failed ruleset test">
+
+	<target host="bitcoin.pl" />
+	<target host="forum.bitcoin.pl" />
+	<target host="www.forum.bitcoin.pl" />
+	<target host="www.bitcoin.pl" />
+		<!--
+			Redirects to http:
+						-->
+		<!--exclusion pattern="^http://bitcoin\.pl/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://bitcoin\.pl/(?!cache/|components/|images/|login(?:$|[?/])|media/|modules/|templates/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://bitcoin.pl/kontakt" />
+			<test url="http://bitcoin.pl/kontakt/" />
+			<test url="http://bitcoin.pl/kurs" />
+			<test url="http://bitcoin.pl/kurs/" />
+			<test url="http://bitcoin.pl/linki" />
+			<test url="http://bitcoin.pl/o-bitcoinie" />
+			<test url="http://bitcoin.pl/placowki" />
+			<test url="http://bitcoin.pl/poradniki" />
+			<test url="http://bitcoin.pl/wydarzenia" />
+
+			<!--	-ve:
+					-->
+			<test url="http://bitcoin.pl/components/com_jcomments/tpl/default/style.css" />
+			<test url="http://bitcoin.pl/images/headers/logo-bitcoin-v1.png" />
+			<test url="http://bitcoin.pl/login" />
+			<test url="http://bitcoin.pl/media/modals/css/bootstrap.min.css" />
+			<test url="http://bitcoin.pl/modules/mod_facebook_slide_likebox/tmpl/css/style1.css" />
+			<test url="http://bitcoin.pl/templates/jm-hot-news/images/search.png" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.forum\.bitcoin\.pl$" name="^phpbbf_\d+_(k|sid|u)$" /-->
+
+	<securecookie host="^\.forum\.bitcoin\.pl$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BitcoinAverage.com.xml b/src/chrome/content/rules/BitcoinAverage.com.xml
new file mode 100644
index 000000000000..69f31e4feb6c
--- /dev/null
+++ b/src/chrome/content/rules/BitcoinAverage.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="BitcoinAverage.com">
+
+	<target host="bitcoinaverage.com" />
+	<target host="www.bitcoinaverage.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BitcoinCash.org.xml b/src/chrome/content/rules/BitcoinCash.org.xml
new file mode 100644
index 000000000000..86d0fb369a08
--- /dev/null
+++ b/src/chrome/content/rules/BitcoinCash.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="BitcoinCash.org">
+	<target host="bitcoincash.org" />
+	<target host="www.bitcoincash.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/BitcoinFunding.com.xml b/src/chrome/content/rules/BitcoinFunding.com.xml
deleted file mode 100644
index 1f5cb89de9e4..000000000000
--- a/src/chrome/content/rules/BitcoinFunding.com.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="BitcoinFunding.com">
-
-	<target host="bitcoinfunding.com" />
-	<target host="www.bitcoinfunding.com" />
-
-
-	<securecookie host="^(?:www\.)?bitcoinfunding\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?bitcoinfunding\.com/"
-		to="https://$1bitcoinfunding.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/BitcoinMarket.com.xml b/src/chrome/content/rules/BitcoinMarket.com.xml
deleted file mode 100644
index 38b91460da96..000000000000
--- a/src/chrome/content/rules/BitcoinMarket.com.xml
+++ /dev/null
@@ -1,5 +0,0 @@
-<ruleset name="Bitcoin Market" default_off="self-signed">
-  <target host="www.bitcoinmarket.com" />
-  <target host="bitcoinmarket.com" />
-  <rule from="^http://(?:www\.)?bitcoinmarket\.com/" to="https://bitcoinmarket.com/"/>
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/BitcoinPool.xml b/src/chrome/content/rules/BitcoinPool.xml
index 75c80944b39b..ef9517ff3c48 100644
--- a/src/chrome/content/rules/BitcoinPool.xml
+++ b/src/chrome/content/rules/BitcoinPool.xml
@@ -4,17 +4,16 @@
 		- (www.)bitcoinpoolmail.com	(ssl_error_rx_record_too_long)
 
 -->
-<ruleset name="BitcoinPool" default_off="expired">
+<ruleset name="BitcoinPool.com" default_off="expired">
 
 	<target host="bitcoinpool.com" />
-	<!--	* for cross-domain cookies.	-->
-	<target host="*.bitcoinpool.com" />
+	<target host="www.bitcoinpool.com" />
 
 
-	<securecookie host="^(.*\.)?bitcoinpool\.com$" name=".*" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?bitcoinpool\.com/"
+	<rule from="^http://(?:www\.)?bitcoinpool\.com/"
 		to="https://bitcoinpool.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/BitcoinShop.US.xml b/src/chrome/content/rules/BitcoinShop.US.xml
new file mode 100644
index 000000000000..cd99ed756957
--- /dev/null
+++ b/src/chrome/content/rules/BitcoinShop.US.xml
@@ -0,0 +1,21 @@
+<!--
+	Other BitcoinShop.US rulesets:
+
+		- BTCS.com.xml
+
+-->
+<ruleset name="BitcoinShop.US" default_off="mismatched">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="bitcoinshop.us" />
+	<target host="www.bitcoinshop.us" />
+
+
+	<securecookie host="^\.(?:www\.)?bitcoinshop\.us$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BitcoinStats.com-falsemixed.xml b/src/chrome/content/rules/BitcoinStats.com-falsemixed.xml
new file mode 100644
index 000000000000..79f6b4182330
--- /dev/null
+++ b/src/chrome/content/rules/BitcoinStats.com-falsemixed.xml
@@ -0,0 +1,19 @@
+<!--
+	For rules not causing false/broken MCB, see BitcoinStats.com.xml.
+
+-->
+<ruleset name="BitcoinStats.com (false MCB)" platform="mixedcontent">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="bitcoinstats.com" />
+	<target host="www.bitcoinstats.com" />
+
+
+	<securecookie host="^\.bitcoinstats\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BitcoinStats.com.xml b/src/chrome/content/rules/BitcoinStats.com.xml
new file mode 100644
index 000000000000..cf7bb2da80e3
--- /dev/null
+++ b/src/chrome/content/rules/BitcoinStats.com.xml
@@ -0,0 +1,43 @@
+<!--
+	For rules causing false/broken MCB, see BitcoinStats.com-falsemixed.xml.
+
+
+	(www.)?bitcoinstats.com: Mixed css
+
+
+	Insecure cookies are set for these domains:
+
+		- .bitcoinstats.com
+
+
+	Mixed content:
+
+		- css from static.bitcoinstats.com *
+		- css from netdna.bootstrapcdn.com *
+
+	* Secured by us
+
+-->
+<ruleset name="BitcoinStats.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<!--target host="bitcoinstats.com" /-->
+	<target host="static.bitcoinstats.com" />
+	<!--target host="www.bitcoinstats.com" /-->
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.bitcoinstats\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<!--	Avoiding cf_clearance <= mixed content
+							-->
+	<!--securecookie host="^\.bitcoinstats\.com$" name=".+" /-->
+	<securecookie host="^\.bitcoinstats\.com$" name="^__cfduid$" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BitcoinStore.com.xml b/src/chrome/content/rules/BitcoinStore.com.xml
deleted file mode 100644
index c47407277f85..000000000000
--- a/src/chrome/content/rules/BitcoinStore.com.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="BitcoinStore.com">
-
-	<target host="bitcoinstore.com" />
-	<target host="*.bitcoinstore.com" />
-
-
-	<securecookie host="^\.www\.bitcoinstore\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?bitcoinstore\.com/"
-		to="https://$1bitcoinstore.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/BitcoinWisdom.com.xml b/src/chrome/content/rules/BitcoinWisdom.com.xml
deleted file mode 100644
index a5e59c912909..000000000000
--- a/src/chrome/content/rules/BitcoinWisdom.com.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	CN: localhost
-
--->
-<ruleset name="BitcoinWisdom.com" default_off="self-signed">
-
-	<target host="bitcoinwisdom.com" />
-	<target host="www.bitcoinwisdom.com" />
-
-
-	<securecookie host="^bitcoinwisdom\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?bitcoinwisdom\.com/"
-		to="https://bitcoinwisdom.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Bitcoin_Armory.com.xml b/src/chrome/content/rules/Bitcoin_Armory.com.xml
new file mode 100644
index 000000000000..c812a8f462bf
--- /dev/null
+++ b/src/chrome/content/rules/Bitcoin_Armory.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="Bitcoin Armory.com">
+
+	<target host="bitcoinarmory.com" />
+	<target host="www.bitcoinarmory.com" />
+
+
+	<securecookie host="^\.bitcoinarmory\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bitcoin_Charts.com.xml b/src/chrome/content/rules/Bitcoin_Charts.com.xml
new file mode 100644
index 000000000000..246bc804570d
--- /dev/null
+++ b/src/chrome/content/rules/Bitcoin_Charts.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="Bitcoin Charts.com">
+	<target host="bitcoincharts.com" />
+	<target host="www.bitcoincharts.com" />
+	<target host="api.bitcoincharts.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Bitcoin_Charts.xml b/src/chrome/content/rules/Bitcoin_Charts.xml
deleted file mode 100644
index d46e99e8a9a6..000000000000
--- a/src/chrome/content/rules/Bitcoin_Charts.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="Bitcoin Charts" platform="cacert">
-
-	<target host="bitcoincharts.com" />
-	<target host="*.bitcoincharts.com" />
-
-
-	<rule from="^http://(api\.|www\.)?bitcoincharts\.com/"
-		to="https://$1bitcoincharts.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Bitcoin_Forum.com.xml b/src/chrome/content/rules/Bitcoin_Forum.com.xml
new file mode 100644
index 000000000000..fe0da2981c3c
--- /dev/null
+++ b/src/chrome/content/rules/Bitcoin_Forum.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="Bitcoin Forum.com">
+
+	<target host="bitcoinforum.com" />
+	<target host="www.bitcoinforum.com" />
+
+
+	<securecookie host="^(?:www\.)?bitcoinforum\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bitcoin_Magazine.com.xml b/src/chrome/content/rules/Bitcoin_Magazine.com.xml
new file mode 100644
index 000000000000..238eaf3e397d
--- /dev/null
+++ b/src/chrome/content/rules/Bitcoin_Magazine.com.xml
@@ -0,0 +1,27 @@
+<!--
+	Insecure cookies are set for these domains and hosts:
+
+		- bitcoinmagazine.com
+		- .bitcoinmagazine.com
+
+-->
+<ruleset name="Bitcoin Magazine.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="bitcoinmagazine.com" />
+	<target host="www.bitcoinmagazine.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^bitcoinmagazine\.com$" name="^X-Mapping-fjhppofk$" /-->
+	<!--securecookie host="^\.bitcoinmagazine\.com$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.?bitcoinmagazine\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bitcoin_Plus.xml b/src/chrome/content/rules/Bitcoin_Plus.xml
index 4217714f229b..80530b644c18 100644
--- a/src/chrome/content/rules/Bitcoin_Plus.xml
+++ b/src/chrome/content/rules/Bitcoin_Plus.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(?:www\.)?bitcoinplus\.com/"
 		to="https://bitcoinplus.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Bitcoinapi.de.xml b/src/chrome/content/rules/Bitcoinapi.de.xml
new file mode 100644
index 000000000000..d6bed32d8d4f
--- /dev/null
+++ b/src/chrome/content/rules/Bitcoinapi.de.xml
@@ -0,0 +1,25 @@
+<!--
+	www doesn't exist.
+
+
+	Insecure cookies are set for these domains:
+
+		- .bitcoinapi.de
+
+-->
+<ruleset name="bitcoinapi.de">
+
+	<target host="bitcoinapi.de" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.bitcoinapi\.de$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.bitcoinapi\.de$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bitcoinity.org.xml b/src/chrome/content/rules/Bitcoinity.org.xml
index df8694d6aa7e..87d1cdc463f8 100644
--- a/src/chrome/content/rules/Bitcoinity.org.xml
+++ b/src/chrome/content/rules/Bitcoinity.org.xml
@@ -1,13 +1,27 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- bitcoinity.org
+		- www.bitcoinity.org
+
+-->
 <ruleset name="Bitcoinity.org">
 
 	<target host="bitcoinity.org" />
+	<target host="data.bitcoinity.org" />
+	<target host="static.bitcoinity.org" />
 	<target host="www.bitcoinity.org" />
 
 
-	<securecookie host="^(?:www\.)?bitcoinity\.org$" name=".+" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(data\.|static\.|www\.)?bitcoinity\.org$" name="^_bitcoinity_session$" /-->
+	<!--securecookie host="^(?:www\.)?bitcoinity\.org$" name="^seen_mbtc$" /-->
+
+	<securecookie host="^(?:(?:data|static|www)\.)?bitcoinity\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?bitcoinity\.org/"
-		to="https://$1bitcoinity.org/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Bitcoinmixer.org.xml b/src/chrome/content/rules/Bitcoinmixer.org.xml
new file mode 100644
index 000000000000..1fe7096eeb9a
--- /dev/null
+++ b/src/chrome/content/rules/Bitcoinmixer.org.xml
@@ -0,0 +1,6 @@
+<ruleset name="Bitcoinmixer.org">
+	<target host="bitcoinmixer.org" />
+	<target host="www.bitcoinmixer.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Bitcoinsil.co.il.xml b/src/chrome/content/rules/Bitcoinsil.co.il.xml
deleted file mode 100644
index c96e941626d9..000000000000
--- a/src/chrome/content/rules/Bitcoinsil.co.il.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	Mixed content:
-
-		- css on ^ from ^ *
-
-		- Images on ^ from ^ *
-
-	* Secured by us
-
--->
-<ruleset name="Bitcoins il.co.il (false MCB)" platform="mixedcontent">
-
-	<target host="bitcoinsil.co.il" />
-	<target host="*.bitcoinsil.co.il" />
-
-
-	<securecookie host="^\.bitcoinsil\.co\.il$" name=".+" />
-
-
-	<rule from="^http://(www\.)?bitcoinsil\.co\.il/"
-		to="https://$1bitcoinsil.co.il/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/BitcointoYou.com.xml b/src/chrome/content/rules/BitcointoYou.com.xml
new file mode 100644
index 000000000000..e5002c9de766
--- /dev/null
+++ b/src/chrome/content/rules/BitcointoYou.com.xml
@@ -0,0 +1,28 @@
+<!--
+	Insecure cookies are set for these domains and hosts:
+
+		- .bitcointoyou.com
+		- broker.bitcointoyou.com
+
+-->
+<ruleset name="BitcointoYou.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="bitcointoyou.com" />
+	<target host="broker.bitcointoyou.com" />
+	<target host="www.bitcointoyou.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.bitcointoyou\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+	<!--securecookie host="^broker\.bitcointoyou\.com$" name="^__RequestVerificationToken$" /-->
+
+	<securecookie host="^(?:broker)?\.bitcointoyou\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bitcurex.com.xml b/src/chrome/content/rules/Bitcurex.com.xml
new file mode 100644
index 000000000000..7468d7ab92c1
--- /dev/null
+++ b/src/chrome/content/rules/Bitcurex.com.xml
@@ -0,0 +1,30 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.bitcurex.com/ => https://www.bitcurex.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+
+	For other Digital Future coverage, see Digital-Future.it.xml.
+
+
+	Fully covered subdomains:
+
+		- (www.)?
+		- eur
+		- pln
+
+-->
+<ruleset name="Bitcurex.com" default_off="failed ruleset test">
+
+	<target host="bitcurex.com" />
+	<target host="eur.bitcurex.com" />
+	<target host="pln.bitcurex.com" />
+	<target host="www.bitcurex.com" />
+
+
+	<securecookie host="^(?:eur|pln)?\.bitcurex\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bitdefender.com.xml b/src/chrome/content/rules/Bitdefender.com.xml
new file mode 100644
index 000000000000..aaea4c955c1a
--- /dev/null
+++ b/src/chrome/content/rules/Bitdefender.com.xml
@@ -0,0 +1,34 @@
+<!--
+	Nonfunctional subdomains:
+
+		- (www.)? ¹
+		- download ²
+		- emo ³
+		- enterprise ¹
+		- forum ³
+		- frams ¹
+		- labs ¹
+		- quickscan ³
+		- unices ¹
+
+	¹ Refused
+	² 404
+	³ Prints "docroot"
+
+-->
+<ruleset name="Bitdefender.com (partial)">
+
+	<target host="central.bitdefender.com" />
+	<target host="my.bitdefender.com" />
+
+
+	<!--	__qca: tracker
+				-->
+	<securecookie host="^\." name="^(?:__cfduid$|__qca$|cf_clearance$)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bitdeli.com.xml b/src/chrome/content/rules/Bitdeli.com.xml
new file mode 100644
index 000000000000..f819289f7429
--- /dev/null
+++ b/src/chrome/content/rules/Bitdeli.com.xml
@@ -0,0 +1,17 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://bitdeli.com/ => https://bitdeli.com/: (28, 'Connection timed out after 20000 milliseconds')
+
+-->
+<ruleset name="Bitdeli.com" default_off="failed ruleset test">
+
+	<target host="bitdeli.com" />
+
+
+	<securecookie host="^\.bitdeli\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bitdrift.xml b/src/chrome/content/rules/Bitdrift.xml
index 2a3e5cef8bc2..4149dbc1bb40 100644
--- a/src/chrome/content/rules/Bitdrift.xml
+++ b/src/chrome/content/rules/Bitdrift.xml
@@ -1,4 +1,4 @@
-<ruleset name="bitdrift (partial)" default_off="mismatch">
+<ruleset name="bitdrift (partial)" default_off="mismatched">
 
 	<!--	bluehost.com	-->
 	<target host="bitdrift.org"/>
diff --git a/src/chrome/content/rules/Bite.lt.xml b/src/chrome/content/rules/Bite.lt.xml
new file mode 100644
index 000000000000..b4bf910e6dbd
--- /dev/null
+++ b/src/chrome/content/rules/Bite.lt.xml
@@ -0,0 +1,20 @@
+<!--
+	Unsupported subdomains:
+		- ivr.bite.lt *
+		- sms.bite.lt *
+		- soap.bite.lt **
+		- wap.bite.lt **
+
+	* mismatched cert
+	** connection times out/is refused/fails on HTTPS
+-->
+<ruleset name="Bite.lt">
+	<target host="www.bite.lt" />
+	<target host="bite.lt" />
+	<target host="shop.bite.lt" />
+	<target host="bicademy.bite.lt" />
+	<target host="cs.bite.lt" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Bitfetch.xml b/src/chrome/content/rules/Bitfetch.xml
deleted file mode 100644
index 9e0d25151b21..000000000000
--- a/src/chrome/content/rules/Bitfetch.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="bitfetch">
-
-	<target host="bitfetch.com" />
-	<target host="www.bitfetch.com" />
-
-
-	<securecookie host="^(?:www\.)?bitfetch\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?bitfetch\.com/"
-		to="https://$1bitfetch.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Bitfinex.com.xml b/src/chrome/content/rules/Bitfinex.com.xml
new file mode 100644
index 000000000000..8421b2ba0722
--- /dev/null
+++ b/src/chrome/content/rules/Bitfinex.com.xml
@@ -0,0 +1,16 @@
+<ruleset name="Bitfinex.com">
+
+	<target host="bitfinex.com" />
+	<target host="www.bitfinex.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.bitfinex\.com$" name="^nlbi_\d+$" /-->
+
+	<securecookie host="^\.bitfinex\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bitfun.co.xml b/src/chrome/content/rules/Bitfun.co.xml
new file mode 100644
index 000000000000..6e460b78dc7b
--- /dev/null
+++ b/src/chrome/content/rules/Bitfun.co.xml
@@ -0,0 +1,5 @@
+<ruleset name="Bit Fun">
+	<target host="bitfun.co" />
+	<target host="www.bitfun.co" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Bitgamer.xml b/src/chrome/content/rules/Bitgamer.xml
deleted file mode 100644
index 7a4bc53e697d..000000000000
--- a/src/chrome/content/rules/Bitgamer.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="bitGamer">
-  <target host="www.bitgamer.su" />
-  <target host="bitgamer.su" />
-  <target host="www.bitgamer.com" />
-  <target host="bitgamer.com" />
-
-  <rule from="^http://(www\.)?bitgamer\.su/" to="https://bitgamer.su/"/>
-  <rule from="^http://(www\.)?bitgamer\.com/" to="https://bitgamer.su/"/>
-  <rule from="^https://(www\.)?bitgamer\.com/" to="https://bitgamer.su/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/Bitinvest.com.br.xml b/src/chrome/content/rules/Bitinvest.com.br.xml
new file mode 100644
index 000000000000..02d8585514a7
--- /dev/null
+++ b/src/chrome/content/rules/Bitinvest.com.br.xml
@@ -0,0 +1,42 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://bitinvest.com.br/ => https://bitinvest.com.br/: (35, 'error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error')
+Fetch error: http://developers.bitinvest.com.br/ => https://developers.bitinvest.com.br/: (60, 'SSL certificate problem: certificate has expired')
+
+	Nonfunctional hosts in *bitinvest.com.br:
+
+		- help ¹
+		- news ²
+		- newsbr ²
+		- press ²
+
+	¹ Zendesk
+	² Redirects to http
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.bitinvest.com.br
+
+-->
+<ruleset name="Bitinvest.com.br (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="bitinvest.com.br" />
+	<target host="developers.bitinvest.com.br" />
+	<target host="www.bitinvest.com.br" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.bitinvest\.com\.br$" name="^(?:__RequestVerificationToken|ASP\.NET_SessionId)$" /-->
+
+	<securecookie host="^www\.bitinvest\.com\.br$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bitkonan.com.xml b/src/chrome/content/rules/Bitkonan.com.xml
new file mode 100644
index 000000000000..5277c5fed38f
--- /dev/null
+++ b/src/chrome/content/rules/Bitkonan.com.xml
@@ -0,0 +1,22 @@
+<!--
+	www.bitkonan.com: Mismatched
+
+-->
+<ruleset name="Bitkonan.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="bitkonan.com" />
+
+	<!--	Complications:
+				-->
+	<target host="www.bitkonan.com" />
+
+
+	<rule from="^http://www\.bitkonan\.com/"
+		to="https://bitkonan.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bitlove.xml b/src/chrome/content/rules/Bitlove.xml
deleted file mode 100644
index 4c23f535459d..000000000000
--- a/src/chrome/content/rules/Bitlove.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="Bitlove">
-
-	<target host="bitlove.org" />
-	<target host="*.bitlove.org" />
-
-
-	<rule from="^https?://(?:t\.|(www\.))?bitlove\.org/"
-		to="https://$1bitlove.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Bitly.com.xml b/src/chrome/content/rules/Bitly.com.xml
new file mode 100644
index 000000000000..5e57755d9c1f
--- /dev/null
+++ b/src/chrome/content/rules/Bitly.com.xml
@@ -0,0 +1,24 @@
+<!--
+	For other Bitly coverage, see Bitly.xml.
+
+	Refused:
+		api.bitly.com
+
+	Invalid certificate:
+		word.bitly.com
+
+-->
+<ruleset name="Bitly.com (partial)">
+
+	<target host="bitly.com" />
+	<target host="www.bitly.com" />
+	<target host="dev.bitly.com" />
+	<target host="platform.bitly.com" />
+	<target host="support.bitly.com" />
+
+	<securecookie host="^bitly\.com$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bitly.xml b/src/chrome/content/rules/Bitly.xml
index 90f9cefa2348..7cd903a6e927 100644
--- a/src/chrome/content/rules/Bitly.xml
+++ b/src/chrome/content/rules/Bitly.xml
@@ -1,38 +1,27 @@
-<ruleset name="bit.ly">
-
-	<target host="bit.ly" />
-	<target host="*.bit.ly" />
-	<target host="bit.ly.pro" />
-	<target host="www.bit.ly.pro" />
-	<target host="bitly.com" />
-	<target host="www.bitly.com" />
-	<target host="bitly.pro" />
-	<target host="www.bitly.pro" />
-	<target host="j.mp" />
-	<target host="www.j.mp" />
+<!--
+	Other Bitly rulesets:
 
+		- Bitly.com.xml
+		- J.mp.xml
+		- Bitly_branded_short_domains.xml
 
-	<securecookie host="^(?:.*\.)?bit\.ly$" name=".+" />
-	<securecookie host="^bitly\.com$" name=".+" />
-	<securecookie host="^\.j\.mp$" name=".+" />
 
+	Non-functional hosts:
+		Certificate misatched:
+		- pix.bit.ly
+		- www.bit.ly
 
-	<rule from="^http://(?:www\.)?bit\.ly/"
-		to="https://bit.ly/" />
-
-	<rule from="^http://pix\.bit\.ly/"
-		to="https://pix.bit.ly/" />
-
-	<rule from="^http://s\.bit\.ly/"
-		to="https://s3.amazonaws.com/s.bit.ly/" />
+-->
+<ruleset name="bit.ly">
+	<target host="bit.ly" />
+	<target host="www.bit.ly" />
+	<test url="http://www.bit.ly/GVBQJS" />
 
-	<rule from="^http://(?:www\.)?bit\.?ly\.pro/"
-		to="https://bitly.com/pro/" />
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(?:www\.)?bitly\.com/"
-		to="https://bitly.com/" />
+	<rule from="^http://www\.bit\.ly/"
+		to="https://bit.ly/" />
 
-	<rule from="^http://(www\.)?j\.mp/"
-		to="https://$1j.mp/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Bitly_branded_short_domains.xml b/src/chrome/content/rules/Bitly_branded_short_domains.xml
new file mode 100644
index 000000000000..93fd0c95e97d
--- /dev/null
+++ b/src/chrome/content/rules/Bitly_branded_short_domains.xml
@@ -0,0 +1,34907 @@
+
+<!--
+
+For other Bitly coverage, see Bitly.xml.
+
+This file generated by Bitly on Fri, 10 Nov 2017 17:24:38 UTC
+
+-->
+<ruleset name="Bitly vanity domains">
+	<rule from="^http:" to="https:" />
+	<securecookie host=".+" name=".+" />
+
+	<target host="0-60.in" />
+	<target host="0.4mat.jp" />
+	<target host="0.7mm.ch" />
+	<target host="0.bigdot.gr" />
+	<target host="0.env.sh" />
+	<target host="0.k0uk0s.gr" />
+	<target host="0.klet.st" />
+	<target host="0.legiarrd.xyz" />
+	<target host="0.lokonline.com" />
+	<target host="0.nul.lt" />
+	<target host="0.qrkx.net" />
+	<target host="00d.co" />
+	<target host="010.io" />
+	<target host="01001110.co" />
+	<target host="011.cz" />
+	<target host="01d.co.uk" />
+	<target host="01gov.com" />
+	<target host="01ze.it" />
+	<target host="02faq.com" />
+	<target host="030.video" />
+	<target host="030mag.de" />
+	<target host="0341.ml" />
+	<target host="0966111338.net" />
+	<target host="098123.xyz" />
+	<target host="0am.co" />
+	<target host="0blu.com" />
+	<target host="0ch.in" />
+	<target host="0copter.com" />
+	<target host="0dd.me" />
+	<target host="0dig.it" />
+	<target host="0ef.de" />
+	<target host="0md.in" />
+	<target host="0ncom.ml" />
+	<target host="0nk.net" />
+	<target host="0pen.me" />
+	<target host="0rbt.us" />
+	<target host="0rs.ch" />
+	<target host="0t.ee" />
+	<target host="0vc.pink" />
+	<target host="0wl.red" />
+	<target host="1-day.nz" />
+	<target host="1-url.info" />
+	<target host="1.0pe.ru" />
+	<target host="1.35online.com" />
+	<target host="1.7-b.us" />
+	<target host="1.8op.biz" />
+	<target host="1.agx.eu" />
+	<target host="1.atwill.com" />
+	<target host="1.azdhs.gov" />
+	<target host="1.bonradio.com" />
+	<target host="1.breidenba.ch" />
+	<target host="1.bsal.com.np" />
+	<target host="1.c2cyber.com" />
+	<target host="1.cgroup.iz.rs" />
+	<target host="1.daisypeel.com" />
+	<target host="1.davidfri.de" />
+	<target host="1.ecu.edu.au" />
+	<target host="1.emasperak.my" />
+	<target host="1.fbec.fr" />
+	<target host="1.glissa.com" />
+	<target host="1.goke.me" />
+	<target host="1.han.solar" />
+	<target host="1.hbcdenham.org" />
+	<target host="1.heartotr.com" />
+	<target host="1.icme.su" />
+	<target host="1.ie.edu" />
+	<target host="1.ilovestyle.be" />
+	<target host="1.kcls.org" />
+	<target host="1.kentuu.org" />
+	<target host="1.kleinaber.de" />
+	<target host="1.leadplace.com" />
+	<target host="1.letschat.me" />
+	<target host="1.lextogo.com" />
+	<target host="1.maliscraft.tk" />
+	<target host="1.mcdo.me" />
+	<target host="1.mrwrk.nl" />
+	<target host="1.s-jung.com" />
+	<target host="1.shoz.de" />
+	<target host="1.shupilov.com" />
+	<target host="1.takhsiru.net" />
+	<target host="1.texnites24.gr" />
+	<target host="1.tn.gov" />
+	<target host="1.tohost.co" />
+	<target host="1.topsetups.com" />
+	<target host="1.vapel1fe.com" />
+	<target host="1.zasaratov.com" />
+	<target host="1.zdraveinfo.sk" />
+	<target host="10.wsls.com" />
+	<target host="1000cranes.me" />
+	<target host="1000isl.com" />
+	<target host="1001.ly" />
+	<target host="100d.ca" />
+	<target host="100experienc.es" />
+	<target host="100isnow.com" />
+	<target host="100me.info" />
+	<target host="100pu.re" />
+	<target host="100pure.asia" />
+	<target host="100r.be" />
+	<target host="101fr.org" />
+	<target host="101goods.com" />
+	<target host="101lang.com" />
+	<target host="101sear.ch" />
+	<target host="102.bz" />
+	<target host="1026.at" />
+	<target host="1031movies.com" />
+	<target host="1041jack.fm" />
+	<target host="1080hd.ml" />
+	<target host="10baw.com" />
+	<target host="10be.st" />
+	<target host="10berita.ml" />
+	<target host="10c.io" />
+	<target host="10co.de" />
+	<target host="10fit.ch" />
+	<target host="10j.co" />
+	<target host="10ng.co" />
+	<target host="10o3.com" />
+	<target host="10t.co" />
+	<target host="10th.me" />
+	<target host="10thp.in" />
+	<target host="10tn.tips" />
+	<target host="10wp.de" />
+	<target host="10wrdnws.com" />
+	<target host="10ws.co" />
+	<target host="10x.com" />
+	<target host="10x.link" />
+	<target host="10xnl.nl" />
+	<target host="112.wf" />
+	<target host="112boz.nl" />
+	<target host="112rsd.nl" />
+	<target host="112zwein.de" />
+	<target host="113.rapmag.tv" />
+	<target host="1168sc.tk" />
+	<target host="11dg.tl" />
+	<target host="11gam.es" />
+	<target host="11w.rs" />
+	<target host="121cc.us" />
+	<target host="121e.co" />
+	<target host="123d.space" />
+	<target host="123k.at" />
+	<target host="123s.us" />
+	<target host="12f.us" />
+	<target host="12free.de" />
+	<target host="12ld.co.uk" />
+	<target host="12m.rocks" />
+	<target host="12ma.co" />
+	<target host="12ne.ws" />
+	<target host="12point.co" />
+	<target host="12s.ch" />
+	<target host="13.wbtw.com" />
+	<target host="13and.co" />
+	<target host="13d.me" />
+	<target host="13x.io" />
+	<target host="14.fish" />
+	<target host="148.li" />
+	<target host="14f.co" />
+	<target host="14th.me.uk" />
+	<target host="15a20.mx" />
+	<target host="15naweb.com" />
+	<target host="164th.net" />
+	<target host="1776.ly" />
+	<target host="17ac.re" />
+	<target host="17b.mnhouse.gop" />
+	<target host="17s.la" />
+	<target host="17th.co" />
+	<target host="1812.city" />
+	<target host="182.fm" />
+	<target host="1838.co" />
+	<target host="18thwood.com" />
+	<target host="18wg.ca" />
+	<target host="1904.io" />
+	<target host="19r.co" />
+	<target host="1ai.uk" />
+	<target host="1ak.in" />
+	<target host="1apage.info" />
+	<target host="1bst.pw" />
+	<target host="1bt.pw" />
+	<target host="1click.bz" />
+	<target host="1cs.ltd" />
+	<target host="1dbs.co" />
+	<target host="1dh.co" />
+	<target host="1do.it" />
+	<target host="1drnrd.me" />
+	<target host="1drop.me" />
+	<target host="1dwh.co" />
+	<target host="1e3.us" />
+	<target host="1f1000a.com" />
+	<target host="1fullepisode.ml" />
+	<target host="1gn.in" />
+	<target host="1io.io" />
+	<target host="1item.me" />
+	<target host="1ko.pl" />
+	<target host="1koa.me" />
+	<target host="1life.co" />
+	<target host="1lnk.de" />
+	<target host="1mar.co" />
+	<target host="1messi.com" />
+	<target host="1mno.de" />
+	<target host="1mpul.se" />
+	<target host="1n0.uk" />
+	<target host="1na.eu" />
+	<target host="1nes.co" />
+	<target host="1njera.com" />
+	<target host="1nk.it" />
+	<target host="1nspi.re" />
+	<target host="1off.me" />
+	<target host="1owo.tk" />
+	<target host="1pct.it" />
+	<target host="1pic.us" />
+	<target host="1pj.ir" />
+	<target host="1qr.co" />
+	<target host="1rabb.it" />
+	<target host="1rish.tk" />
+	<target host="1rm.fit" />
+	<target host="1rw.us" />
+	<target host="1sd.co" />
+	<target host="1shotgame.ga" />
+	<target host="1smi.co" />
+	<target host="1sq.me" />
+	<target host="1srdream.org" />
+	<target host="1statebank.org" />
+	<target host="1stcentral.co" />
+	<target host="1stclass.cf" />
+	<target host="1stoh.io" />
+	<target host="1t.eu" />
+	<target host="1tag.us" />
+	<target host="1ter.net" />
+	<target host="1tn.co" />
+	<target host="1ts.at" />
+	<target host="1tw.org" />
+	<target host="1up.es" />
+	<target host="1upbox.co" />
+	<target host="1web.st" />
+	<target host="1wpf.cc" />
+	<target host="1xrun.co" />
+	<target host="2.adcstud.io" />
+	<target host="2.bonradio.com" />
+	<target host="2.burstiptv.com" />
+	<target host="2.coubur.com" />
+	<target host="2.cv70.info" />
+	<target host="2.daisy-lin.com" />
+	<target host="2.dashes.com" />
+	<target host="2.djm3.net" />
+	<target host="2.dopa.mn" />
+	<target host="2.fbec.fr" />
+	<target host="2.getscg.com.br" />
+	<target host="2.hirecurt.info" />
+	<target host="2.itagback.com" />
+	<target host="2.jddean.com" />
+	<target host="2.junky.fr" />
+	<target host="2.jus.tn" />
+	<target host="2.kobi5.com" />
+	<target host="2.logicit.team" />
+	<target host="2.mok.io" />
+	<target host="2.mrwrk.nl" />
+	<target host="2.no19.com" />
+	<target host="2.odsynth.com" />
+	<target host="2.pat.io" />
+	<target host="2.poppap.com" />
+	<target host="2.smugen.net" />
+	<target host="2.t-dub.net" />
+	<target host="2.tonymarino.us" />
+	<target host="2.uxd.me" />
+	<target host="20-tvfamily.ml" />
+	<target host="2011.pcto.ca" />
+	<target host="2017.gq" />
+	<target host="2018.fm" />
+	<target host="202.tw" />
+	<target host="2020minds.com" />
+	<target host="20i.co" />
+	<target host="20s.mx" />
+	<target host="20ss.nyc" />
+	<target host="20tables.com" />
+	<target host="21.cf" />
+	<target host="21.m1llion.club" />
+	<target host="21.pe" />
+	<target host="212areaco.de" />
+	<target host="21dec.org" />
+	<target host="21s.nl" />
+	<target host="21st.click" />
+	<target host="22.whlt.com" />
+	<target host="223survey.org" />
+	<target host="22ss.co" />
+	<target host="22tr.co" />
+	<target host="2314.at" />
+	<target host="23and.me" />
+	<target host="23h.us" />
+	<target host="247nfl.co" />
+	<target host="249l.us" />
+	<target host="24byt.es" />
+	<target host="24etihad.com" />
+	<target host="24kilat.es" />
+	<target host="24m.fr" />
+	<target host="24mov.es" />
+	<target host="25pt4.me" />
+	<target host="262.ie" />
+	<target host="2626.science" />
+	<target host="26yw.co" />
+	<target host="2700.ch" />
+	<target host="270h.io" />
+	<target host="27a.mnhouse.gop" />
+	<target host="280.gr" />
+	<target host="2820.link" />
+	<target host="29a.se" />
+	<target host="29q.co" />
+	<target host="2aero.com" />
+	<target host="2applyclick.me" />
+	<target host="2avesag.as" />
+	<target host="2ba.by" />
+	<target host="2bc.in" />
+	<target host="2big.org" />
+	<target host="2bird.ly" />
+	<target host="2bl.co" />
+	<target host="2bty.co" />
+	<target host="2car.ga" />
+	<target host="2cc.co" />
+	<target host="2cns.co" />
+	<target host="2cr.eu" />
+	<target host="2cu.be" />
+	<target host="2di.me" />
+	<target host="2disney.us" />
+	<target host="2dope.bz" />
+	<target host="2dud.es" />
+	<target host="2ed.in" />
+	<target host="2edu.de" />
+	<target host="2edu.eu" />
+	<target host="2fa.in" />
+	<target host="2famo.us" />
+	<target host="2fast.cf" />
+	<target host="2girls.media" />
+	<target host="2gy.in" />
+	<target host="2hub.co" />
+	<target host="2inthe.pink" />
+	<target host="2ja.red" />
+	<target host="2kgam.es" />
+	<target host="2l.ng4.me" />
+	<target host="2med.me" />
+	<target host="2mf.in" />
+	<target host="2mre.net" />
+	<target host="2n28.us" />
+	<target host="2n9.xyz" />
+	<target host="2na.co" />
+	<target host="2nb.nl" />
+	<target host="2nos.fr" />
+	<target host="2nu.gs" />
+	<target host="2palit.us" />
+	<target host="2pb.in" />
+	<target host="2px.ch" />
+	<target host="2r2bf.com" />
+	<target host="2r2bf.nl" />
+	<target host="2r8.eu" />
+	<target host="2recover.org" />
+	<target host="2rl.in" />
+	<target host="2rog.at" />
+	<target host="2sm.pl" />
+	<target host="2smb.link" />
+	<target host="2spn.us" />
+	<target host="2svh.nl" />
+	<target host="2sx4u.com" />
+	<target host="2tel.us" />
+	<target host="2tim2v15.uk" />
+	<target host="2tl.co" />
+	<target host="2url.me" />
+	<target host="2well.us" />
+	<target host="2wicke.de" />
+	<target host="2win.vn" />
+	<target host="2wp.co" />
+	<target host="2wsb.tv" />
+	<target host="2x2.ph" />
+	<target host="3-4.fr" />
+	<target host="3.mrwrk.nl" />
+	<target host="3.utschools.ca" />
+	<target host="3.wrbl.com" />
+	<target host="300run.in" />
+	<target host="301.lt" />
+	<target host="301.me" />
+	<target host="301.sh" />
+	<target host="301.z4c.us" />
+	<target host="30acr.es" />
+	<target host="30fram.es" />
+	<target host="310ei.biz" />
+	<target host="310ei.com" />
+	<target host="310ei.info" />
+	<target host="310ei.space" />
+	<target host="310ei.xyz" />
+	<target host="310shake.fit" />
+	<target host="313pres.co" />
+	<target host="314.buzz" />
+	<target host="31b.it" />
+	<target host="32cinema.tk" />
+	<target host="32s.vn" />
+	<target host="33promo.ru" />
+	<target host="33u.link" />
+	<target host="352.fm" />
+	<target host="36.fotogr.fr" />
+	<target host="360.gl" />
+	<target host="3604.io" />
+	<target host="360az.co" />
+	<target host="360he.re" />
+	<target host="360mil.es" />
+	<target host="360myte.ch" />
+	<target host="360nh.ml" />
+	<target host="360p.sg" />
+	<target host="360rea.ch" />
+	<target host="360sc.co" />
+	<target host="360tourview.eu" />
+	<target host="365fsn.com" />
+	<target host="365mkup.co" />
+	<target host="38bridges.us" />
+	<target host="39dpi.com" />
+	<target host="3back.rocks" />
+	<target host="3bm.me" />
+	<target host="3ct.me" />
+	<target host="3d.hcask.com" />
+	<target host="3d4med.com" />
+	<target host="3dcu.be" />
+	<target host="3deroti.ca" />
+	<target host="3dg.xyz" />
+	<target host="3dpbiz.direct" />
+	<target host="3drmedia.com" />
+	<target host="3dscan.expert" />
+	<target host="3dtc.us" />
+	<target host="3dv.me" />
+	<target host="3dwa.de" />
+	<target host="3etoil.es" />
+	<target host="3fm.nu" />
+	<target host="3gb.cc" />
+	<target host="3har.es" />
+	<target host="3ida.de" />
+	<target host="3iii.co" />
+	<target host="3ina.eu" />
+	<target host="3ischn.de" />
+	<target host="3k8.in" />
+	<target host="3logic.no" />
+	<target host="3loons.me" />
+	<target host="3lx.net" />
+	<target host="3mil.nu" />
+	<target host="3mon.us" />
+	<target host="3mz.lt" />
+	<target host="3ndy.info" />
+	<target host="3ne2nr.me" />
+	<target host="3nr.de" />
+	<target host="3nt.co" />
+	<target host="3ple.link" />
+	<target host="3ptechi.es" />
+	<target host="3pts.co" />
+	<target host="3r1c.me" />
+	<target host="3rd.gr" />
+	<target host="3rd1dr.co" />
+	<target host="3ringcirc.us" />
+	<target host="3spot.us" />
+	<target host="3sr.me" />
+	<target host="3st.co" />
+	<target host="3st.io" />
+	<target host="3svn7.co" />
+	<target host="3tenacl.live" />
+	<target host="3tfu.net" />
+	<target host="3tsd.de" />
+	<target host="3turl.eu" />
+	<target host="3voi.es" />
+	<target host="3wb.tv" />
+	<target host="3wh.co" />
+	<target host="3will.com" />
+	<target host="3ws.me" />
+	<target host="3wx.us" />
+	<target host="3ym.es" />
+	<target host="4-0.us" />
+	<target host="4-2.co" />
+	<target host="4.4xq.ca" />
+	<target host="4.groo.pe" />
+	<target host="4.iliokb.com" />
+	<target host="4.integraid.org" />
+	<target host="4.mrwrk.nl" />
+	<target host="4.olympias.info" />
+	<target host="4.srl" />
+	<target host="40.se" />
+	<target host="40l.im" />
+	<target host="42.ie" />
+	<target host="42h.it" />
+	<target host="42si.fr" />
+	<target host="42yogis.in" />
+	<target host="43rec.com" />
+	<target host="45.is" />
+	<target host="451.life" />
+	<target host="45degre.es" />
+	<target host="45r.co" />
+	<target host="45sp.in" />
+	<target host="45th.xyz" />
+	<target host="47d.it" />
+	<target host="48f.de" />
+	<target host="49ers.click" />
+	<target host="49mil.es" />
+	<target host="4a.io" />
+	<target host="4bbs.us" />
+	<target host="4bet.poker" />
+	<target host="4buy.cf" />
+	<target host="4cinema.ml" />
+	<target host="4corne.rs" />
+	<target host="4di.co" />
+	<target host="4dis.co" />
+	<target host="4dm.in" />
+	<target host="4fit.fyi" />
+	<target host="4for4.co" />
+	<target host="4fre.ml" />
+	<target host="4freehub.com" />
+	<target host="4g6.co" />
+	<target host="4ga.me" />
+	<target host="4god.org" />
+	<target host="4ho.me" />
+	<target host="4k-hd.ml" />
+	<target host="4k-hdtv.ml" />
+	<target host="4k-tube.cf" />
+	<target host="4k-ultrahd.cf" />
+	<target host="4k.azkmovie.com" />
+	<target host="4k1080p.ml" />
+	<target host="4kcinema.ml" />
+	<target host="4kfilm.cf" />
+	<target host="4kfree.ml" />
+	<target host="4khade.tk" />
+	<target host="4khd.ga" />
+	<target host="4khd.ml" />
+	<target host="4khdseries.ml" />
+	<target host="4kmaniatv.ga" />
+	<target host="4kmovie.cf" />
+	<target host="4kmovies-uhd.tk" />
+	<target host="4kmovietv.ga" />
+	<target host="4koc.ml" />
+	<target host="4kperhd.ml" />
+	<target host="4kplay-tv.cf" />
+	<target host="4ksenhd.ml" />
+	<target host="4kserieshd.ml" />
+	<target host="4ktch.in" />
+	<target host="4ktv.ml" />
+	<target host="4ktvfree.gq" />
+	<target host="4kud.cf" />
+	<target host="4kud.ga" />
+	<target host="4kud.gq" />
+	<target host="4kud.ml" />
+	<target host="4kud.tk" />
+	<target host="4kud1n.ml" />
+	<target host="4kuhdtv.ga" />
+	<target host="4kultra.co.vu" />
+	<target host="4kultrahd.gq" />
+	<target host="4kultrahd.ml" />
+	<target host="4kvideo.ml" />
+	<target host="4lex.me" />
+	<target host="4mn.ca" />
+	<target host="4n.fyi" />
+	<target host="4nd.de" />
+	<target host="4part.net" />
+	<target host="4phil.co" />
+	<target host="4portrait.com" />
+	<target host="4pr.se" />
+	<target host="4pt.in" />
+	<target host="4qs.org" />
+	<target host="4rd.us" />
+	<target host="4rum.eu" />
+	<target host="4sightfir.st" />
+	<target host="4sq.com" />
+	<target host="4sv.stream" />
+	<target host="4th.me.uk" />
+	<target host="4tuna.co" />
+	<target host="4tvshd.ga" />
+	<target host="4u.de" />
+	<target host="4u.sambila.net" />
+	<target host="4vel.vet" />
+	<target host="4vid.ga" />
+	<target host="4vu.ca" />
+	<target host="4wd2.us" />
+	<target host="4wrd.ca" />
+	<target host="4wrd.eu" />
+	<target host="4y.de" />
+	<target host="4y2c.com" />
+	<target host="500miles.us" />
+	<target host="504.la" />
+	<target host="50b.me" />
+	<target host="50ft.net" />
+	<target host="50p.eu" />
+	<target host="511t.ac" />
+	<target host="521d.me" />
+	<target host="538.to" />
+	<target host="53eig.ht" />
+	<target host="53per.center" />
+	<target host="54s.co" />
+	<target host="5758.ml" />
+	<target host="58n.ca" />
+	<target host="58play.tw" />
+	<target host="5bi.in" />
+	<target host="5bits.us" />
+	<target host="5by.co" />
+	<target host="5ed.us" />
+	<target host="5eh.it" />
+	<target host="5fn.me" />
+	<target host="5io.in" />
+	<target host="5k.style" />
+	<target host="5kf.co" />
+	<target host="5mc.me" />
+	<target host="5pts.cc" />
+	<target host="5sgif.me" />
+	<target host="5tan.xyz" />
+	<target host="5tat.us" />
+	<target host="5thin.gs" />
+	<target host="5up.dog" />
+	<target host="6.gripp.me" />
+	<target host="6.wate.com" />
+	<target host="603.be" />
+	<target host="60ato.ms" />
+	<target host="60minut.es" />
+	<target host="610dig.it" />
+	<target host="66536666.com" />
+	<target host="666note.co" />
+	<target host="685.jp" />
+	<target host="69d.sx" />
+	<target host="69sex69.ml" />
+	<target host="6abc.cm" />
+	<target host="6al.al" />
+	<target host="6am.rocks" />
+	<target host="6box-channel.co" />
+	<target host="6pp.today" />
+	<target host="6sm.link" />
+	<target host="6tr.co" />
+	<target host="7-eleven.me" />
+	<target host="7.hna.de" />
+	<target host="7.wspa.com" />
+	<target host="707.me" />
+	<target host="71llc.com" />
+	<target host="7308.io" />
+	<target host="73s.us" />
+	<target host="75726c.co" />
+	<target host="76u.co" />
+	<target host="777s.co" />
+	<target host="77sq.uk" />
+	<target host="7dg.tl" />
+	<target host="7dtv.nl" />
+	<target host="7dvt.co" />
+	<target host="7eleven.ml" />
+	<target host="7ent.co" />
+	<target host="7gee.se" />
+	<target host="7gen1d.co" />
+	<target host="7ibr.top" />
+	<target host="7khd.ml" />
+	<target host="7l4.se" />
+	<target host="7lo.in" />
+	<target host="7mc.us" />
+	<target host="7mh.ir" />
+	<target host="7mz.vc" />
+	<target host="7ny.tv" />
+	<target host="7pipe.me" />
+	<target host="7prime.cf" />
+	<target host="7rea.org" />
+	<target host="7sta.rs" />
+	<target host="8.lmk.is" />
+	<target host="8.sparkxt.space" />
+	<target host="8.wfla.com" />
+	<target host="802.es" />
+	<target host="808ne.ws" />
+	<target host="808shirts.de" />
+	<target host="80dys.co" />
+	<target host="80ste.es" />
+	<target host="839iat.se" />
+	<target host="83n.ch" />
+	<target host="845a.co" />
+	<target host="848.bz" />
+	<target host="89pi.es" />
+	<target host="8ball.co" />
+	<target host="8bitb.ro" />
+	<target host="8byt.in" />
+	<target host="8d.cm" />
+	<target host="8ie.sg" />
+	<target host="8legs.co" />
+	<target host="8lv8vl8.com" />
+	<target host="8of12.com" />
+	<target host="8qr.co" />
+	<target host="8sh.co" />
+	<target host="8spt.co" />
+	<target host="8to.me" />
+	<target host="8trx.com" />
+	<target host="9-b.it" />
+	<target host="9.a-walk.com" />
+	<target host="9.sisap.cat" />
+	<target host="9010.co" />
+	<target host="909.ibero909.fm" />
+	<target host="90poe.com" />
+	<target host="90x9.com" />
+	<target host="911love.tk" />
+	<target host="911memorial.io" />
+	<target host="911s.tk" />
+	<target host="919blognc.com" />
+	<target host="91digital.link" />
+	<target host="925mu.ms" />
+	<target host="92keys.io" />
+	<target host="951shi.ne" />
+	<target host="957.be" />
+	<target host="95awe.com" />
+	<target host="95k.de" />
+	<target host="99.tn" />
+	<target host="99b.it" />
+	<target host="99bitcoin.com" />
+	<target host="99des.co" />
+	<target host="99jo.co" />
+	<target host="99xt.co" />
+	<target host="9f.to" />
+	<target host="9in.style" />
+	<target host="9l7gf7x5o9v.xyz" />
+	<target host="9prime.cf" />
+	<target host="9sig.co" />
+	<target host="9startup.com" />
+	<target host="9ts.de" />
+	<target host="9ur1h.ml" />
+	<target host="9ze.st" />
+	<target host="a--t.co" />
+	<target host="a-b.ai" />
+	<target host="a-br.in" />
+	<target host="a-d-a.tv" />
+	<target host="a-dnews.co" />
+	<target host="a-ez.me" />
+	<target host="a-fram.es" />
+	<target host="a-gauna.com" />
+	<target host="a-law.it" />
+	<target host="a-li.pro" />
+	<target host="a-mi.tk" />
+	<target host="a-mx.com" />
+	<target host="a-ni.me" />
+	<target host="a-t-r.com" />
+	<target host="a-v.me" />
+	<target host="a.21bet.com" />
+	<target host="a.22g.in" />
+	<target host="a.247aussie.com" />
+	<target host="a.4sqdaykc.co" />
+	<target host="a.882u.com" />
+	<target host="a.8bitfirst.com" />
+	<target host="a.adaw.uk" />
+	<target host="a.adesam.net" />
+	<target host="a.aim-vinyl.com" />
+	<target host="a.aino.io" />
+	<target host="a.alee.mx" />
+	<target host="a.alest.com.br" />
+	<target host="a.alientech.com" />
+	<target host="a.allidina.ca" />
+	<target host="a.animos.us" />
+	<target host="a.arsti.la" />
+	<target host="a.asa.fyi" />
+	<target host="a.assemblo.com" />
+	<target host="a.awg.co" />
+	<target host="a.badcheese.com" />
+	<target host="a.baiasu.ro" />
+	<target host="a.bayi.com.my" />
+	<target host="a.bhemciclo.org" />
+	<target host="a.bigtopmag.com" />
+	<target host="a.bjm.cc" />
+	<target host="a.blmq.us" />
+	<target host="a.bobby.is" />
+	<target host="a.bsn.io" />
+	<target host="a.buds.org.uk" />
+	<target host="a.burne.tt" />
+	<target host="a.cadcc.cl" />
+	<target host="a.camon.cat" />
+	<target host="a.camp-king.com" />
+	<target host="a.carea-van.com" />
+	<target host="a.cavbk.ca" />
+	<target host="a.cb.agency" />
+	<target host="a.cbcowasso.org" />
+	<target host="a.cbsowasso.com" />
+	<target host="a.choco.kz" />
+	<target host="a.contentdj.com" />
+	<target host="a.cranleigh.org" />
+	<target host="a.crsclub.org" />
+	<target host="a.curpress.com" />
+	<target host="a.czofferz.com" />
+	<target host="a.daix.com" />
+	<target host="a.datron.de" />
+	<target host="a.davila.io" />
+	<target host="a.dded.in" />
+	<target host="a.delays.io" />
+	<target host="a.delta2.co.uk" />
+	<target host="a.devb.us" />
+	<target host="a.djz.co" />
+	<target host="a.domai.nr" />
+	<target host="a.dpsgm.de" />
+	<target host="a.dryday.in" />
+	<target host="a.dy.si" />
+	<target host="a.exosfuel.com" />
+	<target host="a.eyeoftree.com" />
+	<target host="a.f291.net" />
+	<target host="a.faaacts.com" />
+	<target host="a.fahad.space" />
+	<target host="a.fbhse.us" />
+	<target host="a.fetitch.com" />
+	<target host="a.flox.co.za" />
+	<target host="a.fnlhckr.xyz" />
+	<target host="a.fresh.horse" />
+	<target host="a.furnish.ng" />
+	<target host="a.fuzzybunny.ph" />
+	<target host="a.fw.my" />
+	<target host="a.fwlink.us" />
+	<target host="a.fwrx.io" />
+	<target host="a.gamboa.ph" />
+	<target host="a.gb.ag" />
+	<target host="a.gdz.kr" />
+	<target host="a.getdone.se" />
+	<target host="a.getonce.com" />
+	<target host="a.giraffes.xyz" />
+	<target host="a.grimn.es" />
+	<target host="a.guelagi.com" />
+	<target host="a.harpy.cf" />
+	<target host="a.helen.jor.br" />
+	<target host="a.heppellit.com" />
+	<target host="a.hiveteams.com" />
+	<target host="a.hlkbrand.info" />
+	<target host="a.homo-sex.mobi" />
+	<target host="a.hornos.eu" />
+	<target host="a.itech4u.gr" />
+	<target host="a.iwish.life" />
+	<target host="a.ixq.com.tw" />
+	<target host="a.jape.biz" />
+	<target host="a.jaymalik.com" />
+	<target host="a.jose.gp" />
+	<target host="a.junestudio.jp" />
+	<target host="a.kaelon.com" />
+	<target host="a.kf.hk" />
+	<target host="a.kiar.me" />
+	<target host="a.koendewit.com" />
+	<target host="a.kuhave.com" />
+	<target host="a.ldb.com.au" />
+	<target host="a.lefton.co.uk" />
+	<target host="a.lensmark.kz" />
+	<target host="a.lext.in" />
+	<target host="a.liapis.info" />
+	<target host="a.libotte.net" />
+	<target host="a.liner.jp" />
+	<target host="a.lipsi.us" />
+	<target host="a.loudgif.com" />
+	<target host="a.mapd.in" />
+	<target host="a.markmcdow.com" />
+	<target host="a.mart-jaap.nl" />
+	<target host="a.masbr.com" />
+	<target host="a.mbx.io" />
+	<target host="a.meditrip.asia" />
+	<target host="a.mefi.be" />
+	<target host="a.mintkit.com" />
+	<target host="a.mitmilch.at" />
+	<target host="a.mjuk.is" />
+	<target host="a.mon.tg" />
+	<target host="a.musicsense.me" />
+	<target host="a.mykbc.org" />
+	<target host="a.mysutro.com" />
+	<target host="a.mytoy.tw" />
+	<target host="a.nabble.nl" />
+	<target host="a.napwr.pl" />
+	<target host="a.nedo.space" />
+	<target host="a.next.la" />
+	<target host="a.nicco.org" />
+	<target host="a.norc.co" />
+	<target host="a.nursegrid.com" />
+	<target host="a.nuytsjordy.be" />
+	<target host="a.oien.us" />
+	<target host="a.olm.tw" />
+	<target host="a.petassure.com" />
+	<target host="a.pi.vu" />
+	<target host="a.pitria.com" />
+	<target host="a.plnk.co" />
+	<target host="a.prgm.me" />
+	<target host="a.qlou.be" />
+	<target host="a.rat.ro" />
+	<target host="a.ravenpine.com" />
+	<target host="a.redfla.me" />
+	<target host="a.rehabs.pw" />
+	<target host="a.rembish.org" />
+	<target host="a.rink.li" />
+	<target host="a.ruben.ws" />
+	<target host="a.ruess.me" />
+	<target host="a.s.coop" />
+	<target host="a.schwingen.net" />
+	<target host="a.sci.rs" />
+	<target host="a.sctxt.org" />
+	<target host="a.secte.ga" />
+	<target host="a.sendertime.de" />
+	<target host="a.sgdf.fr" />
+	<target host="a.sh.mi.it" />
+	<target host="a.share-me.ml" />
+	<target host="a.sharsidd.com" />
+	<target host="a.shortbyte.de" />
+	<target host="a.shuabao.us" />
+	<target host="a.simantov.club" />
+	<target host="a.sjmjr.com" />
+	<target host="a.slugs.in" />
+	<target host="a.soziotech.org" />
+	<target host="a.sp-gintama.jp" />
+	<target host="a.spyn.co" />
+	<target host="a.styhunt.com" />
+	<target host="a.sunil523.com" />
+	<target host="a.swagbit.ch" />
+	<target host="a.tado.com" />
+	<target host="a.thersshop.com" />
+	<target host="a.thesash.me" />
+	<target host="a.tintuctop.com" />
+	<target host="a.topzehn.tv" />
+	<target host="a.trihan.net" />
+	<target host="a.tripriff.com" />
+	<target host="a.troublion.com" />
+	<target host="a.tuposllc.com" />
+	<target host="a.tycho.co" />
+	<target host="a.udeca.org" />
+	<target host="a.v0id.net" />
+	<target host="a.varyence.com" />
+	<target host="a.version.yt" />
+	<target host="a.vma.lt" />
+	<target host="a.walla.by" />
+	<target host="a.wecobble.link" />
+	<target host="a.wellness.lgbt" />
+	<target host="a.wiiare.in" />
+	<target host="a.wineli.st" />
+	<target host="a.wish.org" />
+	<target host="a.wlm.space" />
+	<target host="a.wmalumni.com" />
+	<target host="a.wspomagam.org" />
+	<target host="a.wwshared.info" />
+	<target host="a.xn--eltecleo-j3a.com" />
+	<target host="a.xristo.eu" />
+	<target host="a.yodacom.com" />
+	<target host="a.yottanami.com" />
+	<target host="a.youtube-1.net" />
+	<target host="a.yuh.mba" />
+	<target host="a.zakarija.com" />
+	<target host="a.zenix.co" />
+	<target host="a.zhng.co" />
+	<target host="a.zxcv.es" />
+	<target host="a09.in" />
+	<target host="a123.sk" />
+	<target host="a1air.info" />
+	<target host="a1b.me" />
+	<target host="a1f.org" />
+	<target host="a1le.bz" />
+	<target host="a1stor.co" />
+	<target host="a1ta.co" />
+	<target host="a2.lc" />
+	<target host="a21.tv" />
+	<target host="a29.co" />
+	<target host="a2bi.me" />
+	<target host="a2k.one" />
+	<target host="a2nd.ga" />
+	<target host="a2p.co" />
+	<target host="a2sci.pub" />
+	<target host="a2ski.me" />
+	<target host="a2w.us" />
+	<target host="a2zfirewall.ga" />
+	<target host="a2zisus.com" />
+	<target host="a315.co" />
+	<target host="a360.co" />
+	<target host="a360.fyi" />
+	<target host="a4f.cc" />
+	<target host="a4f.co" />
+	<target host="a4passes.com" />
+	<target host="a4tt.us" />
+	<target host="a4uliah4hd.ml" />
+	<target host="a4who.com" />
+	<target host="a52.in" />
+	<target host="a74.me" />
+	<target host="a7mx.com" />
+	<target host="a8r.co" />
+	<target host="a8s.co" />
+	<target host="a8s.uk" />
+	<target host="a9ny.com" />
+	<target host="aa-sa.co" />
+	<target host="aa-ti.com" />
+	<target host="aa-z.ml" />
+	<target host="aa.andreew.info" />
+	<target host="aa.tt" />
+	<target host="aa.yayan.com" />
+	<target host="aa3.co" />
+	<target host="aaa.1n.pw" />
+	<target host="aaa.ishley.com" />
+	<target host="aaahe.at" />
+	<target host="aablg.xyz" />
+	<target host="aac.direct" />
+	<target host="aac.io" />
+	<target host="aachur.ch" />
+	<target host="aadv.co" />
+	<target host="aafa.me" />
+	<target host="aafic.me" />
+	<target host="aagncy.com" />
+	<target host="aaja.de" />
+	<target host="aaliyah.uk" />
+	<target host="aalv.in" />
+	<target host="aan.af" />
+	<target host="aang.uk" />
+	<target host="aap.events" />
+	<target host="aap.pet" />
+	<target host="aapg.to" />
+	<target host="aard.at" />
+	<target host="aard.mn" />
+	<target host="aardownload.com" />
+	<target host="aarn.co" />
+	<target host="aarona.ca" />
+	<target host="aaronka.ro" />
+	<target host="aaronsan.de" />
+	<target host="aas.fun" />
+	<target host="aas.is" />
+	<target host="aazr.in" />
+	<target host="ab.ai" />
+	<target host="ab.co" />
+	<target host="ab.monsalvat.no" />
+	<target host="ab.tc" />
+	<target host="aba.re" />
+	<target host="abac.us" />
+	<target host="abah2017.ml" />
+	<target host="abam.in" />
+	<target host="abanica.me" />
+	<target host="abb.to" />
+	<target host="abbasm.ir" />
+	<target host="abbo.tt" />
+	<target host="abbr.cc" />
+	<target host="abbr.it" />
+	<target host="abc.ozso.xyz" />
+	<target host="abc.tv" />
+	<target host="abc11.tv" />
+	<target host="abc13.co" />
+	<target host="abc2w.xyz" />
+	<target host="abc30.tv" />
+	<target host="abc6.wjbf.com" />
+	<target host="abc7.la" />
+	<target host="abc7.ws" />
+	<target host="abc7ne.ws" />
+	<target host="abcn.ws" />
+	<target host="abd.li" />
+	<target host="abdlmhyi.ml" />
+	<target host="abdn.am" />
+	<target host="abe.ma" />
+	<target host="abeid.net" />
+	<target host="abel.buzz" />
+	<target host="abend.co" />
+	<target host="abends.cf" />
+	<target host="abernathy.io" />
+	<target host="abetter.mn" />
+	<target host="abg.bz" />
+	<target host="abhijan.me" />
+	<target host="abhisekp.tk" />
+	<target host="abid.es" />
+	<target host="abigail69.sexy" />
+	<target host="abite.co" />
+	<target host="abitus.jp" />
+	<target host="abk.kasel-it.de" />
+	<target host="abl.im" />
+	<target host="abla50.com" />
+	<target host="ablelend.co" />
+	<target host="ablete.ch" />
+	<target host="ablo.uk" />
+	<target host="ablogc.ms" />
+	<target host="abls.co" />
+	<target host="abmp.us" />
+	<target host="abn.com" />
+	<target host="abne.ws" />
+	<target host="about2crui.se" />
+	<target host="aboutface.ly" />
+	<target host="abplink.com" />
+	<target host="abr.ai" />
+	<target host="abr.li" />
+	<target host="abr.ms" />
+	<target host="abrb.us" />
+	<target host="abrec.us" />
+	<target host="abrelsh.cf" />
+	<target host="abrew.co" />
+	<target host="abrm.us" />
+	<target host="abrn.ca" />
+	<target host="abru.es" />
+	<target host="abrv.us" />
+	<target host="abshuge.com" />
+	<target host="absolute21.tk" />
+	<target host="absorbl.ms" />
+	<target host="absrad.io" />
+	<target host="absurd.ml" />
+	<target host="abt.cm" />
+	<target host="abt.digital" />
+	<target host="abtt.co" />
+	<target host="abtv.co" />
+	<target host="abu.buzz" />
+	<target host="abu.sx" />
+	<target host="abuhouse.ml" />
+	<target host="abumalih.com" />
+	<target host="abvp.co" />
+	<target host="ac-rc.org" />
+	<target host="ac.centu.re" />
+	<target host="ac4g.net" />
+	<target host="aca.ac" />
+	<target host="acad.my" />
+	<target host="acadn.io" />
+	<target host="acan.do" />
+	<target host="acas4u.biz" />
+	<target host="acc.nz" />
+	<target host="acc.partners" />
+	<target host="accadis.eu" />
+	<target host="accdn.tl" />
+	<target host="acceo.jobs" />
+	<target host="access.live" />
+	<target host="accessont.me" />
+	<target host="accesspr.us" />
+	<target host="accgov.com" />
+	<target host="accio.me" />
+	<target host="accl.do" />
+	<target host="accntu.re" />
+	<target host="acco.mp" />
+	<target host="accor.pspr.fi" />
+	<target host="accountingde.pt" />
+	<target host="acct.fi" />
+	<target host="acctprin.us" />
+	<target host="accuco.de" />
+	<target host="accuri.de" />
+	<target host="accuweb.hosting" />
+	<target host="acd.mic.io" />
+	<target host="acd.my" />
+	<target host="acdl.bz" />
+	<target host="ace.sh" />
+	<target host="acecent.re" />
+	<target host="aceff.co" />
+	<target host="acelainc.com" />
+	<target host="acen.si" />
+	<target host="acen.to" />
+	<target host="acep.co.vu" />
+	<target host="acepcape.ca" />
+	<target host="aces.mp" />
+	<target host="acex.ch" />
+	<target host="acf.to" />
+	<target host="acglweb.com" />
+	<target host="achamp.co" />
+	<target host="achei.ca" />
+	<target host="achieveinc.co" />
+	<target host="achin.gr" />
+	<target host="achkar.net" />
+	<target host="achopra.org" />
+	<target host="achtc.co" />
+	<target host="aci.tips" />
+	<target host="acilia.me" />
+	<target host="aciw.co" />
+	<target host="ack.re" />
+	<target host="acl.live" />
+	<target host="aclj.us" />
+	<target host="acm-2017.ml" />
+	<target host="acmedirect.xyz" />
+	<target host="acmefa.me" />
+	<target host="acmole.com" />
+	<target host="acn.mx" />
+	<target host="acnbuzz.me" />
+	<target host="acoat.me" />
+	<target host="acol.es" />
+	<target host="acomplejados.ga" />
+	<target host="aconn.me" />
+	<target host="acor.bio" />
+	<target host="acorns.me" />
+	<target host="acr.tw" />
+	<target host="acrlinks.com" />
+	<target host="across.im" />
+	<target host="act.ai" />
+	<target host="act.am" />
+	<target host="act.gp" />
+	<target host="act.network" />
+	<target host="act.plus" />
+	<target host="actete.ch" />
+	<target host="actf.lu" />
+	<target host="actionab.ly" />
+	<target host="activeint.uk" />
+	<target host="activeliv.es" />
+	<target host="activetea.ch" />
+	<target host="activprayer.co" />
+	<target host="acton.li" />
+	<target host="actor-foxtv.ml" />
+	<target host="actor-s.co" />
+	<target host="acts.onl" />
+	<target host="actualte.ch" />
+	<target host="actucarlotta.fr" />
+	<target host="actumot.eu" />
+	<target host="actv.rs" />
+	<target host="actva.me" />
+	<target host="actvl.mp" />
+	<target host="actvt.im" />
+	<target host="acu.re" />
+	<target host="acucon4khd.ml" />
+	<target host="acuitybus.com" />
+	<target host="acumati.ca" />
+	<target host="acura.us" />
+	<target host="acus.org" />
+	<target host="acuspi.re" />
+	<target host="acvsha.re" />
+	<target host="acwk.us" />
+	<target host="ad.carbonim.com" />
+	<target host="ad.dokant.com" />
+	<target host="ad.shipc.co" />
+	<target host="ad.tips" />
+	<target host="ad.yello.biz" />
+	<target host="ad6.nl" />
+	<target host="ada.fyi" />
+	<target host="adac.io" />
+	<target host="adainfo.us" />
+	<target host="adamaau.com" />
+	<target host="adamb.ro" />
+	<target host="adamcon.de" />
+	<target host="adamj.me" />
+	<target host="adamlin.co" />
+	<target host="adamp.co" />
+	<target host="adamp.uk" />
+	<target host="adamp.us" />
+	<target host="adams.party" />
+	<target host="adams.to" />
+	<target host="adar.sh" />
+	<target host="adasa.info" />
+	<target host="adastra.ws" />
+	<target host="adat.is" />
+	<target host="adaymag.co" />
+	<target host="adbks.com" />
+	<target host="adbl.co" />
+	<target host="adbn.co" />
+	<target host="adc.expert" />
+	<target host="adct.co" />
+	<target host="adct.me" />
+	<target host="adctyl.co" />
+	<target host="add3.uk" />
+	<target host="adda.at" />
+	<target host="addi.fyi" />
+	<target host="addl.ee" />
+	<target host="addm.social" />
+	<target host="addme.io" />
+	<target host="addo.cc" />
+	<target host="adeeb.me" />
+	<target host="adelle.co" />
+	<target host="adellejoias.tk" />
+	<target host="ademag.co.za" />
+	<target host="adena.io" />
+	<target host="ades4kuhd.ml" />
+	<target host="adfox-us.ml" />
+	<target host="adfru.it" />
+	<target host="adgo.so" />
+	<target host="adgtl.uk" />
+	<target host="adh.ngo" />
+	<target host="adhd.events" />
+	<target host="adhere.tips" />
+	<target host="adi.care" />
+	<target host="adic.to" />
+	<target host="adidasrunne.rs" />
+	<target host="adigolf.co" />
+	<target host="adjd.co" />
+	<target host="adk.kay.my" />
+	<target host="adk.photos" />
+	<target host="adler.fyi" />
+	<target host="adm.to" />
+	<target host="admbkr.io" />
+	<target host="admok.co" />
+	<target host="admso.fr" />
+	<target host="admt.me" />
+	<target host="admx.co" />
+	<target host="adn.fm" />
+	<target host="adn.tienda" />
+	<target host="adnt.is" />
+	<target host="adnuguk.me" />
+	<target host="ado.hr" />
+	<target host="adobe.aftia.com" />
+	<target host="adobe.ly" />
+	<target host="adon.is" />
+	<target host="adore.vc" />
+	<target host="adorhm.co" />
+	<target host="adorn.link" />
+	<target host="adp.careers" />
+	<target host="adpu.sh" />
+	<target host="adr.social" />
+	<target host="adrb.io" />
+	<target host="adreon.me" />
+	<target host="adriana.news" />
+	<target host="adriana.photos" />
+	<target host="adrimau.fr" />
+	<target host="adrion.me" />
+	<target host="adrive.pro" />
+	<target host="adrw.co" />
+	<target host="ads.jlne.ws" />
+	<target host="ads.mda.net.co" />
+	<target host="ads.tmifam.ml" />
+	<target host="adsblog.me" />
+	<target host="adth.ml" />
+	<target host="adtrhtx.com" />
+	<target host="adtu.co" />
+	<target host="adut.ml" />
+	<target host="adv-jour.nl" />
+	<target host="adv.ec" />
+	<target host="advatlas.link" />
+	<target host="advi.so" />
+	<target host="adviate.ch" />
+	<target host="advland.tk" />
+	<target host="advmot0.com" />
+	<target host="advncd.me" />
+	<target host="advncd.st" />
+	<target host="advnews.link" />
+	<target host="advnt.st" />
+	<target host="advntrcats.org" />
+	<target host="advowi.re" />
+	<target host="advproject.link" />
+	<target host="advtr.co" />
+	<target host="adweek.it" />
+	<target host="adwzr.co" />
+	<target host="adx.bz" />
+	<target host="adzn.de" />
+	<target host="ae.ro" />
+	<target host="aec.org.es" />
+	<target host="aec4n6.com" />
+	<target host="aedenny.us" />
+	<target host="aedn.ws" />
+	<target host="aegoya.es" />
+	<target host="aehom.es" />
+	<target host="aelikes.me" />
+	<target host="aellis.us" />
+	<target host="aenterpri.se" />
+	<target host="aeon.social" />
+	<target host="aer.co" />
+	<target host="aer.fun" />
+	<target host="aerh.co" />
+	<target host="aerling.us" />
+	<target host="aero.sh" />
+	<target host="aerob.is" />
+	<target host="aerospace.im" />
+	<target host="aerosti.ch" />
+	<target host="aeroticket.id" />
+	<target host="aescentia.info" />
+	<target host="aesewi.ng" />
+	<target host="aestas.me" />
+	<target host="aet.na" />
+	<target host="aetv.us" />
+	<target host="aex.ae" />
+	<target host="aexrs.us" />
+	<target host="aeyde.co" />
+	<target host="af.forobeta.com" />
+	<target host="af.utrsav.link" />
+	<target host="afarine.sh" />
+	<target host="afct.is" />
+	<target host="afcweb.design" />
+	<target host="afearl.es" />
+	<target host="afed.me" />
+	<target host="aferg.co" />
+	<target host="afew.to" />
+	<target host="afewsc.us" />
+	<target host="aff.bz" />
+	<target host="affsoc.com" />
+	<target host="affsum.it" />
+	<target host="affterbuzz.ga" />
+	<target host="afgc.co" />
+	<target host="afhi.us" />
+	<target host="afine.ws" />
+	<target host="afl.to" />
+	<target host="aflcio.mn" />
+	<target host="aflete.fitness" />
+	<target host="aflplaye.rs" />
+	<target host="afm.tv" />
+	<target host="afmkt.us" />
+	<target host="afn.io" />
+	<target host="afom.nl" />
+	<target host="afont.es" />
+	<target host="aford.co" />
+	<target host="afpbit.org" />
+	<target host="afpics.link" />
+	<target host="afpok.us" />
+	<target host="afr9.com" />
+	<target host="afrb.xyz" />
+	<target host="afreetee.com" />
+	<target host="afri.ma" />
+	<target host="afric.in" />
+	<target host="africa.li" />
+	<target host="africane.ws" />
+	<target host="afrinc.co" />
+	<target host="afriq.top" />
+	<target host="afroniquely.us" />
+	<target host="afrq.net" />
+	<target host="afsc.me" />
+	<target host="after.ml" />
+	<target host="afterbozz-tv.ml" />
+	<target host="afterbuss.ml" />
+	<target host="afterbuzz-kw.ml" />
+	<target host="afterbuzzhd.ml" />
+	<target host="afterbuzzz.ml" />
+	<target host="aftergold.ml" />
+	<target host="afternoontee.co" />
+	<target host="afteroffer.link" />
+	<target host="afterzab.ga" />
+	<target host="aftmd.us" />
+	<target host="aftr.dk" />
+	<target host="afum.net" />
+	<target host="afx.fyi" />
+	<target host="ag.cm" />
+	<target host="ag.goto.top" />
+	<target host="ag2.co" />
+	<target host="ag8.me" />
+	<target host="aganyti.me" />
+	<target host="agatw.me" />
+	<target host="agbr.me" />
+	<target host="agc.pw" />
+	<target host="agedrevie.ws" />
+	<target host="agemfoto.com.br" />
+	<target host="agencyrev.co" />
+	<target host="ageni.us" />
+	<target host="agent-aily.xyz" />
+	<target host="agentoa.hu" />
+	<target host="ageo.co" />
+	<target host="agfyi.info" />
+	<target host="agh3.me" />
+	<target host="agib.me" />
+	<target host="agil.cf" />
+	<target host="agil.ga" />
+	<target host="agil.me" />
+	<target host="agile.gy" />
+	<target host="agilefi.us" />
+	<target host="agileit.co" />
+	<target host="agis.ga" />
+	<target host="agllp.co" />
+	<target host="agmetri.ca" />
+	<target host="agn.tl" />
+	<target host="agncy.re" />
+	<target host="agnj.co" />
+	<target host="agnt.io" />
+	<target host="agoga.me" />
+	<target host="agogo.link" />
+	<target host="agoo.es" />
+	<target host="agor.co" />
+	<target host="agr.hm" />
+	<target host="agrace.co" />
+	<target host="agrey.org" />
+	<target host="agrey.us" />
+	<target host="agrily.st" />
+	<target host="agroba.se" />
+	<target host="agsaga.es" />
+	<target host="agsoc.com" />
+	<target host="agsol.ca" />
+	<target host="agtm.eu" />
+	<target host="agtoday.us" />
+	<target host="agtstph.co" />
+	<target host="agtz.fr" />
+	<target host="agung.ml" />
+	<target host="agustint.com" />
+	<target host="agva.nl" />
+	<target host="agvd.li" />
+	<target host="aha.to" />
+	<target host="ahappy.link" />
+	<target host="ahas.info" />
+	<target host="ahcg.co" />
+	<target host="ahj.me" />
+	<target host="ahmd.us" />
+	<target host="ahmda.ws" />
+	<target host="ahmer.tk" />
+	<target host="ahmi.co" />
+	<target host="ahmns.io" />
+	<target host="aho.lt" />
+	<target host="ahoff.me" />
+	<target host="ahor.ro" />
+	<target host="ahow.es" />
+	<target host="ahrenste.in" />
+	<target host="ahrun.me" />
+	<target host="ahs.mn" />
+	<target host="ahs.to" />
+	<target host="ahub.fyi" />
+	<target host="ahut.us" />
+	<target host="ai.goto.top" />
+	<target host="ai.hn" />
+	<target host="ai1s.cf" />
+	<target host="ai1s.ga" />
+	<target host="ai53.ru" />
+	<target host="aia.ag" />
+	<target host="aiaatlanta.com" />
+	<target host="aiasf.me" />
+	<target host="aic.to" />
+	<target host="aico.mp" />
+	<target host="aigadsgn.org" />
+	<target host="aigaeod.co" />
+	<target host="aihl.net" />
+	<target host="aiiexpres.com" />
+	<target host="aikad.es" />
+	<target host="ailink.me" />
+	<target host="aimialoyalty.us" />
+	<target host="ainghayang.ml" />
+	<target host="ainsdr.co" />
+	<target host="aio.to" />
+	<target host="aiocypr.us" />
+	<target host="aioo.ml" />
+	<target host="aipmm.io" />
+	<target host="air-mil.es" />
+	<target host="air.asia" />
+	<target host="airb.ga" />
+	<target host="aircu.li" />
+	<target host="airgat.es" />
+	<target host="airing-hd.ml" />
+	<target host="airingtoday.ga" />
+	<target host="airingtv.gq" />
+	<target host="airingtvs.ga" />
+	<target host="airkewld.co" />
+	<target host="airlng.co" />
+	<target host="airme.ch" />
+	<target host="airmilesme.info" />
+	<target host="airo.ws" />
+	<target host="airplay.buzz" />
+	<target host="airsafe.co" />
+	<target host="airte.ch" />
+	<target host="airteam.reviews" />
+	<target host="airwav.es" />
+	<target host="airwifi.rocks" />
+	<target host="airww.co" />
+	<target host="ais.live" />
+	<target host="aiskacang.net" />
+	<target host="aisle.pe" />
+	<target host="aisle.to" />
+	<target host="aitken.ninja" />
+	<target host="aiwp.co" />
+	<target host="aix.li" />
+	<target host="aj.fyi" />
+	<target host="aj.jelpyu.com" />
+	<target host="aj.vg" />
+	<target host="ajade.link" />
+	<target host="ajax.li" />
+	<target host="ajbre.ws" />
+	<target host="ajd.fyi" />
+	<target host="ajd.works" />
+	<target host="ajdes.in" />
+	<target host="ajdreads.com" />
+	<target host="ajf.io" />
+	<target host="ajff.us" />
+	<target host="ajfgo.co" />
+	<target host="ajh.me" />
+	<target host="ajilon.co" />
+	<target host="ajk.li" />
+	<target host="ajl.ink" />
+	<target host="ajlas.eu" />
+	<target host="ajm.im" />
+	<target host="ajm.link" />
+	<target host="ajmorris.us" />
+	<target host="ajnet.us" />
+	<target host="ajpg.co" />
+	<target host="ajpr.co.vu" />
+	<target host="ajsch.me" />
+	<target host="ajude.cc" />
+	<target host="ak.astei.com.mx" />
+	<target host="aka.gd" />
+	<target host="aka.ph" />
+	<target host="akahnn.com" />
+	<target host="akamaidev.io" />
+	<target host="akamp.us" />
+	<target host="akan.gq" />
+	<target host="akasa.link" />
+	<target host="akatsuki.tk" />
+	<target host="akbar69.co.vu" />
+	<target host="akdt.tk" />
+	<target host="akevot.in" />
+	<target host="akgmd.ml" />
+	<target host="aki.town" />
+	<target host="akii.ca" />
+	<target host="akikan.cf" />
+	<target host="akito.top" />
+	<target host="akk.ro" />
+	<target host="akkan.to" />
+	<target host="akla.su" />
+	<target host="akle.in" />
+	<target host="aklfair.com" />
+	<target host="akmani.id" />
+	<target host="akmark.us" />
+	<target host="akn.cl" />
+	<target host="akors.co" />
+	<target host="akp.ac" />
+	<target host="akpphotos.com" />
+	<target host="akpy.nz" />
+	<target host="akrab.at" />
+	<target host="akrec.co" />
+	<target host="akrwds.com" />
+	<target host="aks.im" />
+	<target host="aksndr.tk" />
+	<target host="aktif.me" />
+	<target host="akun4kalhd.ml" />
+	<target host="akur.me" />
+	<target host="akv8.in" />
+	<target host="akvt.in" />
+	<target host="al-w.us" />
+	<target host="al.klj.onl" />
+	<target host="al.st" />
+	<target host="al22.co" />
+	<target host="al3.in" />
+	<target host="alacarte.city" />
+	<target host="alah.li" />
+	<target host="alahora.mx" />
+	<target host="alanashar.es" />
+	<target host="alanewbie.ml" />
+	<target host="alank.ca" />
+	<target host="alansynn.co" />
+	<target host="alanw.me" />
+	<target host="alar.is" />
+	<target host="alaris.space" />
+	<target host="alashort.com" />
+	<target host="alau.io" />
+	<target host="alay4khd.ml" />
+	<target host="alb.io" />
+	<target host="alb.rocks" />
+	<target host="alber.me" />
+	<target host="albert21.co.vu" />
+	<target host="alble.us" />
+	<target host="albrt.co" />
+	<target host="album.surf" />
+	<target host="albus.store" />
+	<target host="alch.in" />
+	<target host="alclr.co" />
+	<target host="alco.ws" />
+	<target host="ald.tips" />
+	<target host="aldai.ly" />
+	<target host="aldanmark.com" />
+	<target host="aldera.co" />
+	<target host="aldf.us" />
+	<target host="alditv.ml" />
+	<target host="alditvseries.ml" />
+	<target host="aldovea.es" />
+	<target host="aldoz.xyz" />
+	<target host="aldpr.gs" />
+	<target host="aldy.cf" />
+	<target host="aldytv.ml" />
+	<target host="ale.solutions" />
+	<target host="aleah.in" />
+	<target host="alebego.li" />
+	<target host="alec.at" />
+	<target host="aledne.ws" />
+	<target host="aleix.se" />
+	<target host="alep.in" />
+	<target host="aleporte.la" />
+	<target host="alerat.ec" />
+	<target host="alex.je" />
+	<target host="alexa.design" />
+	<target host="alexand.us" />
+	<target host="alexdi.li" />
+	<target host="alexr.at" />
+	<target host="alextu.re" />
+	<target host="alexwng.com" />
+	<target host="alfa.nyc" />
+	<target host="alfamob.co" />
+	<target host="alfrd.co" />
+	<target host="algr.in" />
+	<target host="alhefzi.me" />
+	<target host="ali.alidedo.com" />
+	<target host="ali.xn--h-tka.com" />
+	<target host="aliasane.com" />
+	<target host="alibonus.pp.ua" />
+	<target host="alice.sg" />
+	<target host="aliceinb.com" />
+	<target host="aliece.com.tr" />
+	<target host="aliem.link" />
+	<target host="aliento.co" />
+	<target host="aliento.link" />
+	<target host="aliexpr.es" />
+	<target host="alig.ht" />
+	<target host="alig.re" />
+	<target host="aligned.online" />
+	<target host="aligning.us" />
+	<target host="alih.us" />
+	<target host="alilalahd.ml" />
+	<target host="alimova.xyz" />
+	<target host="alineadp.co" />
+	<target host="alisa.tm" />
+	<target host="alisonfreer.co" />
+	<target host="alist.ly" />
+	<target host="alit.me" />
+	<target host="aliw.me" />
+	<target host="alix.click" />
+	<target host="alix.link" />
+	<target host="alizi.la" />
+	<target host="alkmy.co" />
+	<target host="all-new.ml" />
+	<target host="all-show.ml" />
+	<target host="allan.re" />
+	<target host="allbas.es" />
+	<target host="allbids.auction" />
+	<target host="allde.co" />
+	<target host="alled17.ml" />
+	<target host="alleg.co" />
+	<target host="allegoric.us" />
+	<target host="allegra.me" />
+	<target host="allensblog.me" />
+	<target host="alles.onl" />
+	<target host="alleywat.ch" />
+	<target host="allgashort.cf" />
+	<target host="allgeek.co.uk" />
+	<target host="allieand.co" />
+	<target host="allinoneshow.ml" />
+	<target host="allis.li" />
+	<target host="alliv.co" />
+	<target host="alll.es" />
+	<target host="allmoviestar.tk" />
+	<target host="alln.cc" />
+	<target host="alln.me" />
+	<target host="allnatchic.com" />
+	<target host="allnz.co" />
+	<target host="alls.tl" />
+	<target host="allshows.ml" />
+	<target host="allsport.ml" />
+	<target host="allstar.link" />
+	<target host="allsws.com" />
+	<target host="allte.ch" />
+	<target host="allthetimeto.ml" />
+	<target host="allthings.host" />
+	<target host="alltvshows.ml" />
+	<target host="allure.live" />
+	<target host="allyssa.me" />
+	<target host="almc.me" />
+	<target host="alme.re" />
+	<target host="alme.ro" />
+	<target host="almo.pro" />
+	<target host="alnco.net" />
+	<target host="alnh.co" />
+	<target host="alnk.us" />
+	<target host="alnso.me" />
+	<target host="alo.ph" />
+	<target host="aloft.ht" />
+	<target host="aloop.co" />
+	<target host="alotof.co" />
+	<target host="aloud.at" />
+	<target host="alove.in" />
+	<target host="alp.hr" />
+	<target host="alp.onl" />
+	<target host="alpha.ms" />
+	<target host="alphab.gr" />
+	<target host="alphalete.shop" />
+	<target host="alphawolf.org" />
+	<target host="alpinez.com" />
+	<target host="alpn.gl" />
+	<target host="alpp.us" />
+	<target host="alrdh.com" />
+	<target host="alrdyhrd.uk" />
+	<target host="alretail.org" />
+	<target host="alri.in" />
+	<target host="alrm.gd" />
+	<target host="alrt.co" />
+	<target host="als.bz" />
+	<target host="alsa.ovh" />
+	<target host="alsoin.pink" />
+	<target host="alt-a.es" />
+	<target host="alta.cc" />
+	<target host="altaipart.info" />
+	<target host="altape.li" />
+	<target host="altav.eu" />
+	<target host="altb.me" />
+	<target host="altc.cc" />
+	<target host="altcy.co" />
+	<target host="alte.in" />
+	<target host="alterra.be" />
+	<target host="alti.cc" />
+	<target host="altkgm.in" />
+	<target host="altnt.net" />
+	<target host="altos.it" />
+	<target host="altraining.nz" />
+	<target host="altrn.tv" />
+	<target host="altsav.com" />
+	<target host="altsneed.co" />
+	<target host="altur.as" />
+	<target host="altv.ml" />
+	<target host="altz.co" />
+	<target host="alu.mn" />
+	<target host="alu.ms" />
+	<target host="alum.nu" />
+	<target host="alum.pw" />
+	<target host="alumnispac.es" />
+	<target host="alumny.org" />
+	<target host="alun.us" />
+	<target host="alv.cm" />
+	<target host="alva.li" />
+	<target host="alve.al" />
+	<target host="alvin.com.br" />
+	<target host="alvm.eu" />
+	<target host="alvn.me" />
+	<target host="alvrsamb.com" />
+	<target host="alvxo.cm" />
+	<target host="always.gd" />
+	<target host="alwtr.us" />
+	<target host="alx.im" />
+	<target host="alx.re" />
+	<target host="alx.sh" />
+	<target host="alxb.me" />
+	<target host="alxd.re" />
+	<target host="alxh.ws" />
+	<target host="alxo.me" />
+	<target host="alxr.me" />
+	<target host="alxtay.com" />
+	<target host="alxv.me" />
+	<target host="alynn.me" />
+	<target host="alzaware.net" />
+	<target host="alzbc.org" />
+	<target host="alzr.co" />
+	<target host="alzr.us" />
+	<target host="am.im" />
+	<target host="am.teensy.tk" />
+	<target host="am.urlb.ag" />
+	<target host="amaanf.info" />
+	<target host="amada.dj" />
+	<target host="amanic.us" />
+	<target host="amanuensans.net" />
+	<target host="amar.is" />
+	<target host="amarama.org" />
+	<target host="amarley.io" />
+	<target host="amatt.as" />
+	<target host="amay.me" />
+	<target host="amays.im" />
+	<target host="amazf.it" />
+	<target host="amb.com.es" />
+	<target host="amb.im" />
+	<target host="amba.to" />
+	<target host="ambar.org" />
+	<target host="ambicia.rocks" />
+	<target host="ambiel.uk" />
+	<target host="ambinity.co" />
+	<target host="amc.film" />
+	<target host="amcf.co" />
+	<target host="amcla.co" />
+	<target host="amcla.tv" />
+	<target host="amctvworld.ml" />
+	<target host="amdj.events" />
+	<target host="amdocs.vip" />
+	<target host="amdram.info" />
+	<target host="ame.sh" />
+	<target host="amegy.co" />
+	<target host="amehjin4khd.ml" />
+	<target host="ameliebway.co" />
+	<target host="amen.pics" />
+	<target host="amerhart.co" />
+	<target host="ameri.gs" />
+	<target host="ameri.st" />
+	<target host="americasti.re" />
+	<target host="amex.co" />
+	<target host="amf-fe.st" />
+	<target host="amg.sx" />
+	<target host="amgrl.co" />
+	<target host="amhrst.is" />
+	<target host="ami-vj.ml" />
+	<target host="ami.graphics" />
+	<target host="aml.bz" />
+	<target host="amlk.uk" />
+	<target host="amltd.pw" />
+	<target host="amlv.co" />
+	<target host="amma.do" />
+	<target host="amnsoft.com" />
+	<target host="amo.bz" />
+	<target host="amo.li" />
+	<target host="amo.lt" />
+	<target host="amo.news" />
+	<target host="amolivros.net" />
+	<target host="amond.io" />
+	<target host="amos.io" />
+	<target host="amovie.co.vu" />
+	<target host="amp.lc" />
+	<target host="amp.to" />
+	<target host="ampd.asia" />
+	<target host="amped.asia" />
+	<target host="ampfy.in" />
+	<target host="amplophejo.ml" />
+	<target host="ampol.no" />
+	<target host="ampr.gs" />
+	<target host="ampsy.co" />
+	<target host="ampu.sh" />
+	<target host="ampy.io" />
+	<target host="ampyr.us" />
+	<target host="amqro.mx" />
+	<target host="amrap.us" />
+	<target host="amre.st" />
+	<target host="amrep.org" />
+	<target host="amrit.am" />
+	<target host="amrph.com" />
+	<target host="ams.bike" />
+	<target host="amsa.cl" />
+	<target host="amsa.co" />
+	<target host="amsgay.link" />
+	<target host="amsk.in" />
+	<target host="amskier.co" />
+	<target host="amstud.io" />
+	<target host="amsyong-dei.ml" />
+	<target host="amsyste.ms" />
+	<target host="amtr.ac" />
+	<target host="amty.co" />
+	<target host="amus.co" />
+	<target host="amwu.as" />
+	<target host="amx.one" />
+	<target host="amy.tips" />
+	<target host="amye.rs" />
+	<target host="amyh.us" />
+	<target host="amyjo.be" />
+	<target host="amymay.co" />
+	<target host="amyne.ws" />
+	<target host="amys.co" />
+	<target host="amysav.es" />
+	<target host="amzer.me" />
+	<target host="amzn.to" />
+	<target host="amzoc.ltd" />
+	<target host="amzsup.co" />
+	<target host="amzt.co" />
+	<target host="an-d.me" />
+	<target host="an.awfu.life" />
+	<target host="an.drwlng.me" />
+	<target host="an.insure" />
+	<target host="an566.ga" />
+	<target host="ana.ms" />
+	<target host="ana.ostad.ma" />
+	<target host="ana.works" />
+	<target host="anabapti.st" />
+	<target host="anabel.mx" />
+	<target host="anakat.info" />
+	<target host="anallc.co" />
+	<target host="analys.in" />
+	<target host="anam.ca" />
+	<target host="anand.am" />
+	<target host="anaphoto.uk" />
+	<target host="anarm.ml" />
+	<target host="anas.cc" />
+	<target host="anb.tw" />
+	<target host="anch.co" />
+	<target host="anchel.eu" />
+	<target host="ancora.click" />
+	<target host="ancstry.me" />
+	<target host="andbur.uk" />
+	<target host="ande.rs" />
+	<target host="anderso.nu" />
+	<target host="andib.tk" />
+	<target host="andr.as" />
+	<target host="andredi.as" />
+	<target host="andrei.ac" />
+	<target host="andrew.tk" />
+	<target host="andri.at" />
+	<target host="andrl.co" />
+	<target host="ands.be" />
+	<target host="andsc.eu" />
+	<target host="andtour.in" />
+	<target host="andy.film" />
+	<target host="andyb.ee" />
+	<target host="andybau.ch" />
+	<target host="andyc.us" />
+	<target host="andylang.link" />
+	<target host="andym.es" />
+	<target host="andym.im" />
+	<target host="andysf.org" />
+	<target host="ane.st" />
+	<target host="anee.sh" />
+	<target host="anev.is" />
+	<target host="ang.us" />
+	<target host="angarde.fr" />
+	<target host="ange.io" />
+	<target host="angeliica.tk" />
+	<target host="angie.li" />
+	<target host="angies.tips" />
+	<target host="angl.in" />
+	<target host="angl.md" />
+	<target host="anglerfi.sh" />
+	<target host="ango.in" />
+	<target host="angrybir.de" />
+	<target host="angus.ly" />
+	<target host="angus.tips" />
+	<target host="anhc.mx" />
+	<target host="anhrent.rs" />
+	<target host="anil.work" />
+	<target host="aniltj.us" />
+	<target host="anim.to" />
+	<target host="anim3d.club" />
+	<target host="anima.link" />
+	<target host="anime-tv.gq" />
+	<target host="animeeacao.tk" />
+	<target host="animne2017.ml" />
+	<target host="aniph.com" />
+	<target host="anipn.com" />
+	<target host="anjane.sh" />
+	<target host="anlon.gq" />
+	<target host="anmd.tv" />
+	<target host="anme.uk" />
+	<target host="anmlxh.se" />
+	<target host="anmol.co" />
+	<target host="annaed.it" />
+	<target host="annagr.co" />
+	<target host="annapur.na" />
+	<target host="annekle.in" />
+	<target host="annikawal.sh" />
+	<target host="annstyle.co" />
+	<target host="anou.biz" />
+	<target host="anpha.be" />
+	<target host="anr.solutions" />
+	<target host="anra.club" />
+	<target host="anra.ml" />
+	<target host="anrospros.com" />
+	<target host="ansbl.net" />
+	<target host="anselm.house" />
+	<target host="anselma.org" />
+	<target host="ant1.in" />
+	<target host="antcco.co" />
+	<target host="antebreve.space" />
+	<target host="anth.link" />
+	<target host="anth.me" />
+	<target host="anth.nu" />
+	<target host="anthe.me" />
+	<target host="anthemchur.ch" />
+	<target host="antics.me" />
+	<target host="antmy.cc" />
+	<target host="antny.link" />
+	<target host="anto.fun" />
+	<target host="ants.cafe" />
+	<target host="anujb.me" />
+	<target host="anulin.ru" />
+	<target host="anurak.me" />
+	<target host="anw.re" />
+	<target host="anxco.re" />
+	<target host="any.cat" />
+	<target host="anydma.us" />
+	<target host="anynin.es" />
+	<target host="anyt.co" />
+	<target host="anyurlhere.com" />
+	<target host="anywi.se" />
+	<target host="ao.ax" />
+	<target host="ao.tstest.net" />
+	<target host="ao1tv.com" />
+	<target host="aobyaw.com" />
+	<target host="aodh.co" />
+	<target host="aoip.pro" />
+	<target host="aoizemi.com" />
+	<target host="aol.it" />
+	<target host="aolic.org" />
+	<target host="aom.link" />
+	<target host="aome.ga" />
+	<target host="aon.inf.br" />
+	<target host="aon.io" />
+	<target host="aonc.co" />
+	<target host="aor.social" />
+	<target host="aots.co" />
+	<target host="aotw.in" />
+	<target host="aox.ag" />
+	<target host="ap.gy" />
+	<target host="ap.pn" />
+	<target host="ap236.ca" />
+	<target host="ap4a.co" />
+	<target host="ap6.us" />
+	<target host="ap61.co" />
+	<target host="apaaspare.me" />
+	<target host="aparna.co" />
+	<target host="apawlo.ws" />
+	<target host="apc.builders" />
+	<target host="apcb.us" />
+	<target host="apcg.news" />
+	<target host="apck.co" />
+	<target host="apcks.us" />
+	<target host="apd.ms" />
+	<target host="ape.gs" />
+	<target host="apercen.us" />
+	<target host="apesong.link" />
+	<target host="apex.video" />
+	<target host="apexmic.ro" />
+	<target host="apext.ac" />
+	<target host="apg1.us" />
+	<target host="aph1.info" />
+	<target host="apha.us" />
+	<target host="api.co" />
+	<target host="api.orinr.in" />
+	<target host="api.pw" />
+	<target host="apjcloud.info" />
+	<target host="apkt.co" />
+	<target host="apld.ws" />
+	<target host="apli.fyi" />
+	<target host="apliiq.it" />
+	<target host="apmor.in" />
+	<target host="apoadhoc.de" />
+	<target host="apoc.games" />
+	<target host="aponcet.com" />
+	<target host="apostolics.in" />
+	<target host="apot.co" />
+	<target host="app-agoda.com" />
+	<target host="app-ape.com" />
+	<target host="app.anth.co.kr" />
+	<target host="app.envie.sg" />
+	<target host="app.fimplus.vn" />
+	<target host="app.fooskou.com" />
+	<target host="app.gztlk.com" />
+	<target host="app.j-26.com" />
+	<target host="app.ly" />
+	<target host="app.renewnh.com" />
+	<target host="app.ship60.com" />
+	<target host="app.siriusxm.us" />
+	<target host="appb.us" />
+	<target host="appbur.st" />
+	<target host="appcel.us" />
+	<target host="appcu.es" />
+	<target host="appd.it" />
+	<target host="appealsto.me" />
+	<target host="apple4.pro" />
+	<target host="appleinfo.co" />
+	<target host="apply.idmlo.co" />
+	<target host="apply4kuhd.ml" />
+	<target host="applyadelphi.co" />
+	<target host="applyauburn.com" />
+	<target host="applyfiu.com" />
+	<target host="applygene.com" />
+	<target host="applyimba.com" />
+	<target host="applyku.com" />
+	<target host="applyroche.com" />
+	<target host="applyucf.com" />
+	<target host="applyuofsc.com" />
+	<target host="appmc.hn" />
+	<target host="apprntceb.us" />
+	<target host="appsht.com" />
+	<target host="appste.ch" />
+	<target host="aprd.ch" />
+	<target host="apreta.cf" />
+	<target host="apreu.mx" />
+	<target host="apri.link" />
+	<target host="apri.re" />
+	<target host="april2017.ml" />
+	<target host="aprimeira.fm" />
+	<target host="aprt.at" />
+	<target host="aprv.me" />
+	<target host="aps.wtf" />
+	<target host="apsaf.co" />
+	<target host="apsia.online" />
+	<target host="apt.gd" />
+	<target host="apt.md" />
+	<target host="apt.rocks" />
+	<target host="apt3.photo" />
+	<target host="apt4.me" />
+	<target host="apt528.co" />
+	<target host="aptg.in" />
+	<target host="apto.com.vc" />
+	<target host="aptq.co" />
+	<target host="apts.es" />
+	<target host="aptu.it" />
+	<target host="apunto.space" />
+	<target host="aqaq.lv" />
+	<target host="aqmag.co" />
+	<target host="aqtv.co" />
+	<target host="aqu.to" />
+	<target host="aqua.sb" />
+	<target host="aquion.energy" />
+	<target host="aquis.fr" />
+	<target host="aqwer.ml" />
+	<target host="ar.atcs.ms" />
+	<target host="ara.re" />
+	<target host="ara1.me" />
+	<target host="arab.tn" />
+	<target host="arabi.st" />
+	<target host="arak.ovh" />
+	<target host="arakmov31.ml" />
+	<target host="aran.li" />
+	<target host="araundu.link" />
+	<target host="arb.pw" />
+	<target host="arb.so" />
+	<target host="arbg.it" />
+	<target host="arbne.ws" />
+	<target host="arbo.life" />
+	<target host="arbon.io" />
+	<target host="arc.ht" />
+	<target host="arc.solutions" />
+	<target host="arca.ly" />
+	<target host="arcadian.link" />
+	<target host="arcapp.co" />
+	<target host="arcd.hu" />
+	<target host="archdai.ly" />
+	<target host="archo.co" />
+	<target host="archy.re" />
+	<target host="arcnct.co" />
+	<target host="arcs.ly" />
+	<target host="arctic0.co" />
+	<target host="ardnet.eu" />
+	<target host="areah.es" />
+	<target host="areaware.co" />
+	<target host="arel.io" />
+	<target host="arel.li" />
+	<target host="arevie.ws" />
+	<target host="arfo.sk" />
+	<target host="arfocus.uk" />
+	<target host="arg.link" />
+	<target host="arg.wtf" />
+	<target host="arge.to" />
+	<target host="argusne.ws" />
+	<target host="arhea.io" />
+	<target host="aria.lv" />
+	<target host="arianne.me" />
+	<target host="ariav.me" />
+	<target host="arif.fm" />
+	<target host="arif.fyi" />
+	<target host="arig.me" />
+	<target host="ariporad.link" />
+	<target host="arisba.ga" />
+	<target host="ariza.co" />
+	<target host="arjansp.nl" />
+	<target host="arju.in" />
+	<target host="arkinv.st" />
+	<target host="arkiv.es" />
+	<target host="arkivist.com" />
+	<target host="arkly.ie" />
+	<target host="arkn.ws" />
+	<target host="arksi.de" />
+	<target host="arkve.in" />
+	<target host="arlgp.co" />
+	<target host="arli.ga" />
+	<target host="arln.co" />
+	<target host="armagazine.com" />
+	<target host="arnest.co" />
+	<target host="arni.es" />
+	<target host="arnita.me" />
+	<target host="arnne.ws" />
+	<target host="arno.ms" />
+	<target host="arob.co" />
+	<target host="arodz.co" />
+	<target host="arondad.com" />
+	<target host="arpgo.co" />
+	<target host="arr-dep.info" />
+	<target host="arris.ly" />
+	<target host="arrowext.com" />
+	<target host="arrr.li" />
+	<target host="arruda.eu" />
+	<target host="arsen.io" />
+	<target host="arslanesia.tk" />
+	<target host="arsta.co" />
+	<target host="arstia.ml" />
+	<target host="arsyn.st" />
+	<target host="art4mil.com" />
+	<target host="artace.uk" />
+	<target host="artcodec.link" />
+	<target host="artdoc.com" />
+	<target host="artelhub.uk" />
+	<target host="artfindr.uk" />
+	<target host="artful.is" />
+	<target host="artfusion.pro" />
+	<target host="arth.me" />
+	<target host="articulate.fyi" />
+	<target host="artikel.li" />
+	<target host="artinthe.co" />
+	<target host="artistna.me" />
+	<target host="artiswall.co" />
+	<target host="artj.us" />
+	<target host="artn.in" />
+	<target host="artnt.cm" />
+	<target host="artofdr.ink" />
+	<target host="artpo.li" />
+	<target host="artrabb.it" />
+	<target host="artsm.it" />
+	<target host="artsn.ax" />
+	<target host="artsn.co" />
+	<target host="artsts.de" />
+	<target host="artv.ml" />
+	<target host="artvste.ch" />
+	<target host="artwa.re" />
+	<target host="aru.li" />
+	<target host="arul.ink" />
+	<target host="arun.do" />
+	<target host="aruru.link" />
+	<target host="arvink.xyz" />
+	<target host="arvl.gd" />
+	<target host="arwd.co" />
+	<target host="aryz.us" />
+	<target host="arzuneahd.ml" />
+	<target host="as.cx" />
+	<target host="as.dfghj.de" />
+	<target host="as.max.as" />
+	<target host="asa-g.com" />
+	<target host="asa.pe" />
+	<target host="asav.xyz" />
+	<target host="asb.co" />
+	<target host="asb2.it" />
+	<target host="asboc.band" />
+	<target host="asc.cc" />
+	<target host="ascc.co" />
+	<target host="ascension.nyc" />
+	<target host="ascompda.com" />
+	<target host="ascri.be" />
+	<target host="asct.tech" />
+	<target host="asdi.co" />
+	<target host="asdne.st" />
+	<target host="asgar.ga" />
+	<target host="ash.sh" />
+	<target host="ashcatalog.com" />
+	<target host="ashdirect.com" />
+	<target host="ashle.yt" />
+	<target host="ashley.date" />
+	<target host="ashleycraig.com" />
+	<target host="ashleylauren.me" />
+	<target host="ashn.uk" />
+	<target host="ashtnk.com" />
+	<target host="ashv.ml" />
+	<target host="asi.run" />
+	<target host="asiamil.es" />
+	<target host="asiangirl.co" />
+	<target host="asics.tv" />
+	<target host="asifp.info" />
+	<target host="asihub.com" />
+	<target host="asinboat.co.uk" />
+	<target host="asindygrows.co" />
+	<target host="asip.me" />
+	<target host="asjrny.net" />
+	<target host="asjsocial.com" />
+	<target host="ask.edganze.com" />
+	<target host="ask.nice.li" />
+	<target host="askalive.ml" />
+	<target host="askastar.ml" />
+	<target host="askastream.ml" />
+	<target host="askattic.us" />
+	<target host="askaw.us" />
+	<target host="askbr.in" />
+	<target host="askforta.sk" />
+	<target host="askfredhow.com" />
+	<target host="askgareth.com" />
+	<target host="askjb.me" />
+	<target host="askjo.co" />
+	<target host="askkoko.co" />
+	<target host="askvalda.info" />
+	<target host="askwictor.com" />
+	<target host="askyvi.tips" />
+	<target host="aslining.ml" />
+	<target host="asm.industries" />
+	<target host="asmb.co" />
+	<target host="asmithedtech.co" />
+	<target host="asmp.co" />
+	<target host="asmsa.me" />
+	<target host="asnt.co" />
+	<target host="asot.school" />
+	<target host="asotmp.com" />
+	<target host="asp.io" />
+	<target host="aspec.ws" />
+	<target host="aspen.degree" />
+	<target host="aspenphar.ma" />
+	<target host="aspha.lt" />
+	<target host="aspinalls.club" />
+	<target host="aspn.love" />
+	<target host="aspnhts.com" />
+	<target host="aspot.dog" />
+	<target host="aspros.io" />
+	<target host="asq.solar" />
+	<target host="asqol.ml" />
+	<target host="assadi.me" />
+	<target host="assado.ml" />
+	<target host="assado.tk" />
+	<target host="assemb.la" />
+	<target host="assiste.ai" />
+	<target host="assisto.net.br" />
+	<target host="assure.ly" />
+	<target host="assyrian.church" />
+	<target host="aste.in" />
+	<target host="astley.cl" />
+	<target host="astnd.co" />
+	<target host="astnmrt.in" />
+	<target host="astor.ga" />
+	<target host="astro.gg" />
+	<target host="astroriver.in" />
+	<target host="astyle.co.za" />
+	<target host="asumail.biz" />
+	<target host="asur.me" />
+	<target host="asy.cc" />
+	<target host="asy.lu" />
+	<target host="asym.us" />
+	<target host="at-work.me" />
+	<target host="at.125f8.co.uk" />
+	<target host="at.abv.mk" />
+	<target host="at.adrlam.com" />
+	<target host="at.amlabc.com" />
+	<target host="at.azder.mk" />
+	<target host="at.bhes.co" />
+	<target host="at.cnampls.org" />
+	<target host="at.cra.wf" />
+	<target host="at.cuefox.com" />
+	<target host="at.docofilm.com" />
+	<target host="at.doctv.gr" />
+	<target host="at.dwncff.com" />
+	<target host="at.fdi.ca" />
+	<target host="at.fee.org" />
+	<target host="at.fmt.lt" />
+	<target host="at.getagown.com" />
+	<target host="at.goalpost.net" />
+	<target host="at.harilo.com" />
+	<target host="at.hng.tw" />
+	<target host="at.hud.pw" />
+	<target host="at.hunker.com" />
+	<target host="at.in.gov" />
+	<target host="at.jamjar.gr" />
+	<target host="at.jchnrd.ca" />
+	<target host="at.jituweb.id" />
+	<target host="at.joto.rocks" />
+	<target host="at.kineo.com" />
+	<target host="at.kslaw.com" />
+	<target host="at.lclark.edu" />
+	<target host="at.lldlaw.com" />
+	<target host="at.luxor.me" />
+	<target host="at.matoski.com" />
+	<target host="at.mclib.net" />
+	<target host="at.mcnully.co" />
+	<target host="at.mtn.com.cy" />
+	<target host="at.naturea.gr" />
+	<target host="at.nick.asia" />
+	<target host="at.nick.com" />
+	<target host="at.nickjr.com" />
+	<target host="at.official.gr" />
+	<target host="at.olx.ph" />
+	<target host="at.pcv.nyc" />
+	<target host="at.pw.org" />
+	<target host="at.rahemsa.com" />
+	<target host="at.rust.la" />
+	<target host="at.sahfr.com" />
+	<target host="at.sany.me" />
+	<target host="at.serien.ninja" />
+	<target host="at.sksn.co" />
+	<target host="at.sufs.org" />
+	<target host="at.svastha.net" />
+	<target host="at.tgs.org" />
+	<target host="at.tra.cx" />
+	<target host="at.virginia.edu" />
+	<target host="at.viwwr.com" />
+	<target host="at.vrcine.org" />
+	<target host="at.wftv.com" />
+	<target host="ata.social" />
+	<target host="atao.uk" />
+	<target host="atarnotes.me" />
+	<target host="atasty.co" />
+	<target host="atav.st" />
+	<target host="atavus.co" />
+	<target host="atb.to" />
+	<target host="atby.us" />
+	<target host="atc.to" />
+	<target host="atcel.info" />
+	<target host="atcyt.ch" />
+	<target host="atd.li" />
+	<target host="atdig.net" />
+	<target host="atdu.net" />
+	<target host="ateamz.com" />
+	<target host="atent.co" />
+	<target host="atepseven.ml" />
+	<target host="atfp.co" />
+	<target host="atfx.me" />
+	<target host="atg.news" />
+	<target host="ath.re" />
+	<target host="ath.tw" />
+	<target host="athc.co" />
+	<target host="athensp2.com" />
+	<target host="atheori.es" />
+	<target host="atheoryof.ch" />
+	<target host="athl.biz" />
+	<target host="athleete.co" />
+	<target host="athurs.co" />
+	<target host="atipso.biz" />
+	<target host="ativa.in" />
+	<target host="atk.dj" />
+	<target host="atl.desi" />
+	<target host="atl.la" />
+	<target host="atl.properties" />
+	<target host="atla.io" />
+	<target host="atlarge.me" />
+	<target host="atlex.io" />
+	<target host="atlfal.co.nz" />
+	<target host="atln.co" />
+	<target host="atlnts.link" />
+	<target host="atlr.ec" />
+	<target host="atlss.in" />
+	<target host="atm.digital" />
+	<target host="atm.st" />
+	<target host="atm.tk" />
+	<target host="atmbnk.uk" />
+	<target host="atmi.info" />
+	<target host="atmilb.com" />
+	<target host="atmlb.com" />
+	<target host="atmn.co" />
+	<target host="atnetpl.us" />
+	<target host="atnhl.com" />
+	<target host="atomico.email" />
+	<target host="atozen.us" />
+	<target host="atoztea.ch" />
+	<target host="atp2.co" />
+	<target host="atqp.ac" />
+	<target host="atr.fm" />
+	<target host="atr.im" />
+	<target host="atraub.us" />
+	<target host="atrg.it" />
+	<target host="atru.st" />
+	<target host="atrw.co" />
+	<target host="atspro.net" />
+	<target host="atst.co" />
+	<target host="attack.city" />
+	<target host="attc.io" />
+	<target host="attendthis.org" />
+	<target host="attify.me" />
+	<target host="attla.ga" />
+	<target host="attlinks.com" />
+	<target host="attn.link" />
+	<target host="attr.co" />
+	<target host="attta.ch" />
+	<target host="atu.cr" />
+	<target host="atupri.me" />
+	<target host="aturl.pw" />
+	<target host="atvs.ml" />
+	<target host="atx.ms" />
+	<target host="atxins.co" />
+	<target host="atxlife.us" />
+	<target host="atxne.ws" />
+	<target host="au.cm.life" />
+	<target host="auburntige.rs" />
+	<target host="auct.io" />
+	<target host="audac.us" />
+	<target host="audbn.co" />
+	<target host="audi.us" />
+	<target host="audic.us" />
+	<target host="audidesmoin.es" />
+	<target host="audiocultu.re" />
+	<target host="audiograb.be" />
+	<target host="audiover.se" />
+	<target host="audm.ag" />
+	<target host="audm.gq" />
+	<target host="audmag.net" />
+	<target host="audollars.cash" />
+	<target host="audrey.digital" />
+	<target host="audria.me" />
+	<target host="aue.rs" />
+	<target host="aueos.de" />
+	<target host="auf.si" />
+	<target host="auf.uwc.de" />
+	<target host="aug.gr" />
+	<target host="aug4kgold.ml" />
+	<target host="augst.in" />
+	<target host="august.ly" />
+	<target host="aumdn.es" />
+	<target host="aumigforu.ms" />
+	<target host="aumine.co" />
+	<target host="auntm.org" />
+	<target host="aurapuri.co" />
+	<target host="aureol.es" />
+	<target host="aurl.tv" />
+	<target host="aurza.co" />
+	<target host="ausl.us" />
+	<target host="ausmc.me" />
+	<target host="auspo.st" />
+	<target host="auspol.info" />
+	<target host="ausrug.by" />
+	<target host="aussie.la" />
+	<target host="aust.fyi" />
+	<target host="austinge.com" />
+	<target host="aut.ac" />
+	<target host="aut1sm.com" />
+	<target host="autd.us" />
+	<target host="auth.fyi" />
+	<target host="authff.com" />
+	<target host="authors.spl.org" />
+	<target host="authr.uk" />
+	<target host="autism.link" />
+	<target host="autn.be" />
+	<target host="auto-hd.tk" />
+	<target host="auto.bi" />
+	<target host="autoanything.me" />
+	<target host="autobra.in" />
+	<target host="autocustom.co" />
+	<target host="autode.sk" />
+	<target host="autoho.me" />
+	<target host="autola.ws" />
+	<target host="autolink.me" />
+	<target host="automotor.link" />
+	<target host="autosket.ch" />
+	<target host="auxa.no" />
+	<target host="auzi.co" />
+	<target host="ava.az" />
+	<target host="avaa.net" />
+	<target host="avado.re" />
+	<target host="avail-hd.ml" />
+	<target host="avail.ml" />
+	<target host="avale.re" />
+	<target host="avana.de" />
+	<target host="avbuzz.store" />
+	<target host="avc.io" />
+	<target host="avc.lu" />
+	<target host="avdo.in" />
+	<target host="ave.ch" />
+	<target host="aveb.me" />
+	<target host="aveda.cm" />
+	<target host="avem.xyz" />
+	<target host="aventura.shop" />
+	<target host="avept.it" />
+	<target host="avex.io" />
+	<target host="avfc.se" />
+	<target host="avgclick.me" />
+	<target host="avi.gd" />
+	<target host="aviani.net" />
+	<target host="avidbl.gs" />
+	<target host="avikzk.com" />
+	<target host="avinoy.com" />
+	<target host="avit.al" />
+	<target host="avkm.lv" />
+	<target host="avlne.ws" />
+	<target host="avlr.co" />
+	<target host="avlt.co" />
+	<target host="avnn.co" />
+	<target host="avntra.co" />
+	<target host="avoa.co" />
+	<target host="avolutionhq.ml" />
+	<target host="avon4.me" />
+	<target host="avosk.in" />
+	<target host="avpti.me" />
+	<target host="avr.tech" />
+	<target host="avry.co" />
+	<target host="avsd2.ml" />
+	<target host="avsn.tk" />
+	<target host="avsvanity.co" />
+	<target host="avtr.co" />
+	<target host="avydn.co" />
+	<target host="aw.easyguest.it" />
+	<target host="aw360.net" />
+	<target host="awa.is" />
+	<target host="awak.enin.gs" />
+	<target host="awakencolumb.us" />
+	<target host="award.rolex.com" />
+	<target host="awards-2017.ml" />
+	<target host="awards2017.cf" />
+	<target host="awario.co" />
+	<target host="awdz.ml" />
+	<target host="awe.st" />
+	<target host="aweeuro.pe" />
+	<target host="awes.me" />
+	<target host="awg.me" />
+	<target host="awi.to" />
+	<target host="awilk.co" />
+	<target host="awisechoice.co" />
+	<target host="awkn.co" />
+	<target host="awkward.wtf" />
+	<target host="awld.us" />
+	<target host="awm.nz" />
+	<target host="awn.how" />
+	<target host="awp1.us" />
+	<target host="awrd.it" />
+	<target host="awrd.me" />
+	<target host="awrld.at" />
+	<target host="awrld.nl" />
+	<target host="awsm.link" />
+	<target host="awsm.uk" />
+	<target host="awsmr.ch" />
+	<target host="awsp.us" />
+	<target host="awtari.ca" />
+	<target host="awts.in" />
+	<target host="awv.me" />
+	<target host="awwcute.me" />
+	<target host="awy715.com" />
+	<target host="ax.bp-lion.com" />
+	<target host="axa.kr" />
+	<target host="axc.li" />
+	<target host="axcm.it" />
+	<target host="axeland.re" />
+	<target host="axial.co" />
+	<target host="axiaurl.co" />
+	<target host="axiom.biz" />
+	<target host="axishd.ml" />
+	<target host="axsw.co" />
+	<target host="axt.me" />
+	<target host="axz.mx" />
+	<target host="ay.md" />
+	<target host="ayala.tv" />
+	<target host="aye.ac" />
+	<target host="aylj.ru" />
+	<target host="ayo.dakwah.in" />
+	<target host="ayora21.eu" />
+	<target host="ayoshare.cf" />
+	<target host="ays.me" />
+	<target host="ayu.ac" />
+	<target host="az.fyi" />
+	<target host="az4u.it" />
+	<target host="azair.me" />
+	<target host="azar.im" />
+	<target host="azaz.ie" />
+	<target host="azbau.ru" />
+	<target host="azc.bz" />
+	<target host="azc.cc" />
+	<target host="azgov.biz" />
+	<target host="azl.cm" />
+	<target host="azm.ag" />
+	<target host="azm.io" />
+	<target host="azm.me" />
+	<target host="azm1.co" />
+	<target host="azmon.co" />
+	<target host="aznprn.com" />
+	<target host="azrs.tk" />
+	<target host="azuz.eu" />
+	<target host="azxperts.com" />
+	<target host="azzy.ch" />
+	<target host="b-15.co" />
+	<target host="b-b.io" />
+	<target host="b-cr.it" />
+	<target host="b-gat.es" />
+	<target host="b-ho.me" />
+	<target host="b-lik.es" />
+	<target host="b-s.ee" />
+	<target host="b-s.gmbh" />
+	<target host="b-sp.ml" />
+	<target host="b-st.co" />
+	<target host="b-t-r.co" />
+	<target host="b-tener.gy" />
+	<target host="b.1r8.ru" />
+	<target host="b.4na.xyz" />
+	<target host="b.ad.am" />
+	<target host="b.agile.co" />
+	<target host="b.alachie.com" />
+	<target host="b.alethos.com" />
+	<target host="b.alexjs.co" />
+	<target host="b.appc.se" />
+	<target host="b.apploft.de" />
+	<target host="b.arclab.io" />
+	<target host="b.arco.link" />
+	<target host="b.arh.im" />
+	<target host="b.atgrace.com" />
+	<target host="b.be-ya.co.il" />
+	<target host="b.bentoandco.fr" />
+	<target host="b.bhooshan.me" />
+	<target host="b.billr.me" />
+	<target host="b.blackpier.com" />
+	<target host="b.blmt.ht" />
+	<target host="b.bmbufalo.com" />
+	<target host="b.brames.com" />
+	<target host="b.brianwolf.tv" />
+	<target host="b.bruford.ac.uk" />
+	<target host="b.bukva.edu.pl" />
+	<target host="b.bwieg.us" />
+	<target host="b.cambooth.net" />
+	<target host="b.cfo-coach.com" />
+	<target host="b.cink.es" />
+	<target host="b.clincshop.com" />
+	<target host="b.comejo.in" />
+	<target host="b.cregox.com" />
+	<target host="b.crush.ninja" />
+	<target host="b.cssherry.com" />
+	<target host="b.danielrozo.es" />
+	<target host="b.dave31175.com" />
+	<target host="b.derpz.ga" />
+	<target host="b.device42.com" />
+	<target host="b.df2.co" />
+	<target host="b.djlilphil.com" />
+	<target host="b.dns9.me" />
+	<target host="b.dogv.ac" />
+	<target host="b.dora-kou.net" />
+	<target host="b.drs.pp.ua" />
+	<target host="b.dube.us" />
+	<target host="b.edi.bz" />
+	<target host="b.edvcd.de" />
+	<target host="b.eibrain.org" />
+	<target host="b.entos.mx" />
+	<target host="b.etaal.nl" />
+	<target host="b.eth.pw" />
+	<target host="b.eventinc.de" />
+	<target host="b.exaktop.tk" />
+	<target host="b.f42.ag" />
+	<target host="b.fan.si" />
+	<target host="b.fmbox.cl" />
+	<target host="b.fore.pt" />
+	<target host="b.fredalb.com" />
+	<target host="b.freedoh.net" />
+	<target host="b.fungc.io" />
+	<target host="b.gatech.edu" />
+	<target host="b.gdski.pl" />
+	<target host="b.gen.rs" />
+	<target host="b.genn.it" />
+	<target host="b.geraki.gr" />
+	<target host="b.globalbook.eu" />
+	<target host="b.globe.com" />
+	<target host="b.gohere.ir" />
+	<target host="b.guu.vn" />
+	<target host="b.gwh.io" />
+	<target host="b.hammond.ninja" />
+	<target host="b.herfen.com" />
+	<target host="b.hireart.co" />
+	<target host="b.hontolab.org" />
+	<target host="b.i5m.nl" />
+	<target host="b.iw.fi" />
+	<target host="b.johnprior.org" />
+	<target host="b.jordanbest.co" />
+	<target host="b.kanis.fr" />
+	<target host="b.kd8tnv.com" />
+	<target host="b.keith.ae" />
+	<target host="b.kglover.net" />
+	<target host="b.khaz.io" />
+	<target host="b.kidzania.jp" />
+	<target host="b.kromebody.com" />
+	<target host="b.ktxc.to" />
+	<target host="b.l422y.com" />
+	<target host="b.la7.de" />
+	<target host="b.labaq.com" />
+	<target host="b.ldmn.nl" />
+	<target host="b.leel.ee" />
+	<target host="b.lide.us" />
+	<target host="b.loco8.com" />
+	<target host="b.loide.net" />
+	<target host="b.lsr7.com" />
+	<target host="b.luk.org.ua" />
+	<target host="b.macsf.net" />
+	<target host="b.majestic.name" />
+	<target host="b.mamund.com" />
+	<target host="b.manojayan.com" />
+	<target host="b.markbroe.net" />
+	<target host="b.mattm.id.au" />
+	<target host="b.mdnalapat.com" />
+	<target host="b.mfndl.com" />
+	<target host="b.mickenta.net" />
+	<target host="b.mie.do" />
+	<target host="b.mirachem.org" />
+	<target host="b.mobo.ly" />
+	<target host="b.morritech.co" />
+	<target host="b.mpbk.us" />
+	<target host="b.mpt.io" />
+	<target host="b.ms9.me" />
+	<target host="b.msg2.news" />
+	<target host="b.myr.yt" />
+	<target host="b.n.io" />
+	<target host="b.n1ck.li" />
+	<target host="b.narino.gov.co" />
+	<target host="b.newho.pe" />
+	<target host="b.nexs.co" />
+	<target host="b.nigel.im" />
+	<target host="b.nsx-v.jp" />
+	<target host="b.nya.net.br" />
+	<target host="b.off-to-on.com" />
+	<target host="b.ohtake.net" />
+	<target host="b.olrd.me" />
+	<target host="b.oor.li" />
+	<target host="b.osoe.jp" />
+	<target host="b.oudin.me" />
+	<target host="b.pairs.lv" />
+	<target host="b.paradroyd.com" />
+	<target host="b.past9.com" />
+	<target host="b.peekaboo.guru" />
+	<target host="b.piju.es" />
+	<target host="b.pokete.com" />
+	<target host="b.poulin.fr" />
+	<target host="b.poulpi.fr" />
+	<target host="b.premoa.jp" />
+	<target host="b.ps20.org" />
+	<target host="b.ptrlvn.us" />
+	<target host="b.pvbands.net" />
+	<target host="b.qooah.com" />
+	<target host="b.raft.org.au" />
+	<target host="b.redipepi.com" />
+	<target host="b.remarkabl.org" />
+	<target host="b.revlisoft.com" />
+	<target host="b.rian.rocks" />
+	<target host="b.rickmahn.com" />
+	<target host="b.robiotic.net" />
+	<target host="b.rolli.li" />
+	<target host="b.romy.io" />
+	<target host="b.ronboris.com" />
+	<target host="b.sblearn.xyz" />
+	<target host="b.sekhar.me" />
+	<target host="b.sellerant.com" />
+	<target host="b.sendio.com" />
+	<target host="b.shashi.co" />
+	<target host="b.shinseki.org" />
+	<target host="b.shinseki.us" />
+	<target host="b.sjbodzo.com" />
+	<target host="b.smartcode.ch" />
+	<target host="b.smb.wtf" />
+	<target host="b.smurl.in" />
+	<target host="b.snf.org" />
+	<target host="b.spio.it" />
+	<target host="b.technotic.ca" />
+	<target host="b.tikeryu.jp" />
+	<target host="b.titleleaf.com" />
+	<target host="b.tja.lv" />
+	<target host="b.tkcs.in" />
+	<target host="b.tks.pw" />
+	<target host="b.tomg.space" />
+	<target host="b.tomget.com" />
+	<target host="b.tourkick.com" />
+	<target host="b.tro.ph" />
+	<target host="b.tuna.ren" />
+	<target host="b.urgo.in" />
+	<target host="b.urlb.ag" />
+	<target host="b.v0lu.me" />
+	<target host="b.vnd.pl" />
+	<target host="b.wardell.us" />
+	<target host="b.wats.me" />
+	<target host="b.wbec.ca" />
+	<target host="b.whit.la" />
+	<target host="b.whpl.us" />
+	<target host="b.wiz1.us" />
+	<target host="b.wlj2.com" />
+	<target host="b.wngc.sh" />
+	<target host="b.wr.hu" />
+	<target host="b.wyzers.com" />
+	<target host="b.xn--q9jyb4c" />
+	<target host="b.yabe.jp" />
+	<target host="b.ztj.io" />
+	<target host="b00k.cf" />
+	<target host="b00k.us" />
+	<target host="b00st.us" />
+	<target host="b0x0fflce.ga" />
+	<target host="b1-link.de" />
+	<target host="b1-tly.cf" />
+	<target host="b1.amir-oz.com" />
+	<target host="b1.bigmrc.com" />
+	<target host="b1.de" />
+	<target host="b10p.com" />
+	<target host="b1gtv.ml" />
+	<target host="b2.bigmrc.com" />
+	<target host="b2.elnovel.com" />
+	<target host="b21win.es" />
+	<target host="b2bc.me" />
+	<target host="b2ben.to" />
+	<target host="b2bprosales.com" />
+	<target host="b2g.co" />
+	<target host="b2l.li" />
+	<target host="b3.bigmrc.com" />
+	<target host="b30.in" />
+	<target host="b37.co" />
+	<target host="b3a.me" />
+	<target host="b3n.im" />
+	<target host="b40k.ml" />
+	<target host="b4gong.ml" />
+	<target host="b4gu4shd.ml" />
+	<target host="b4h3n0l.ml" />
+	<target host="b4it.net" />
+	<target host="b4t.co" />
+	<target host="b4tc.us" />
+	<target host="b57.li" />
+	<target host="b7slots.online" />
+	<target host="b81.co" />
+	<target host="b84.uk" />
+	<target host="b9r.co" />
+	<target host="ba-l.co" />
+	<target host="ba.rboza.com" />
+	<target host="ba.stienv.me" />
+	<target host="ba.yley.net" />
+	<target host="babart.it" />
+	<target host="babewa.lk" />
+	<target host="babjak.eu" />
+	<target host="babl.at" />
+	<target host="babl.top" />
+	<target host="babol.at" />
+	<target host="babs.link" />
+	<target host="babsn.co" />
+	<target host="babylaura.shop" />
+	<target host="babylooktvs.ml" />
+	<target host="babyolo.gy" />
+	<target host="bachpgh.org" />
+	<target host="bacil.io" />
+	<target host="bacn.li" />
+	<target host="bacol.ml" />
+	<target host="bad.goy.su" />
+	<target host="badbet.co" />
+	<target host="bade.lt" />
+	<target host="badijnsfh.gq" />
+	<target host="badma.ch" />
+	<target host="badpl.at" />
+	<target host="badranaya.ml" />
+	<target host="badtimi.ng" />
+	<target host="bae.jo" />
+	<target host="baeble.me" />
+	<target host="bag.gs" />
+	<target host="bagno.design" />
+	<target host="baguy.co" />
+	<target host="bahagia.ml" />
+	<target host="bahg.at" />
+	<target host="bailey.gr" />
+	<target host="baja-radio.com" />
+	<target host="bajaclima.com" />
+	<target host="bajaurl.com" />
+	<target host="bake.so" />
+	<target host="bakn.me" />
+	<target host="balakut4khd.ml" />
+	<target host="balbit.es" />
+	<target host="balcia.link" />
+	<target host="bald.travel" />
+	<target host="baldean.co" />
+	<target host="balfr.co" />
+	<target host="ball.rs" />
+	<target host="ball.tel" />
+	<target host="balsam.iq" />
+	<target host="balthy.me" />
+	<target host="baltreds.us" />
+	<target host="bam-bu.co" />
+	<target host="bam.gd" />
+	<target host="banananina.me" />
+	<target host="bananea.me" />
+	<target host="bancofino.us" />
+	<target host="bandito.me" />
+	<target host="bandr.at" />
+	<target host="bandz.co" />
+	<target host="bang.gimana.how" />
+	<target host="bangbung.ga" />
+	<target host="banggood.deals" />
+	<target host="bangshq.ml" />
+	<target host="bangw.in" />
+	<target host="banksup.com" />
+	<target host="banting.mx" />
+	<target host="banv.it" />
+	<target host="bapaknaaki.ml" />
+	<target host="bapt.link" />
+	<target host="bapth.lt" />
+	<target host="baqm.co" />
+	<target host="bar.rw" />
+	<target host="barani.ml" />
+	<target host="barbour.in" />
+	<target host="barbour.to" />
+	<target host="barbour.uk" />
+	<target host="barecekhd.ml" />
+	<target host="bareismls.info" />
+	<target host="baremet.al" />
+	<target host="barex.am" />
+	<target host="barfc.tv" />
+	<target host="barfch.in" />
+	<target host="barin.gs" />
+	<target host="bark.gs" />
+	<target host="barkbks.me" />
+	<target host="barkpro.com" />
+	<target host="barnon.co" />
+	<target host="barong4khd.ml" />
+	<target host="barrett.gr" />
+	<target host="barudak.ml" />
+	<target host="baruhd.ml" />
+	<target host="bas.la" />
+	<target host="bas.uno" />
+	<target host="base.ac" />
+	<target host="basea.me" />
+	<target host="bashfs.com" />
+	<target host="basicseo.co" />
+	<target host="basko.ro" />
+	<target host="basvg.nl" />
+	<target host="baswa.re" />
+	<target host="bate.mn" />
+	<target host="bath.fm" />
+	<target host="bathecho.uk" />
+	<target host="bathn.es" />
+	<target host="bats.buzz" />
+	<target host="batti.es" />
+	<target host="batumnang.kr" />
+	<target host="bau.mn" />
+	<target host="baulez.fr" />
+	<target host="bavington.uk" />
+	<target host="bawdy.photo" />
+	<target host="bawfg.co" />
+	<target host="bawm.co" />
+	<target host="bawtacit.cf" />
+	<target host="bawtacit.ml" />
+	<target host="bax.nar.az" />
+	<target host="bayareane.ws" />
+	<target host="bayareapsy.ch" />
+	<target host="baycare.clinic" />
+	<target host="bayerlein.se" />
+	<target host="baylorbea.rs" />
+	<target host="baylorpr.es" />
+	<target host="baysho.re" />
+	<target host="bayu.li" />
+	<target host="bazeeng.tk" />
+	<target host="bazrsirlz.ml" />
+	<target host="bazzin.ga" />
+	<target host="bazzite.xyz" />
+	<target host="bb-8.co" />
+	<target host="bb.org.au" />
+	<target host="bb2b.io" />
+	<target host="bba.sg" />
+	<target host="bbaker.me" />
+	<target host="bbap.ps" />
+	<target host="bbapt.us" />
+	<target host="bbay.me" />
+	<target host="bbb.1n.pw" />
+	<target host="bbbatt.co" />
+	<target host="bbc.in" />
+	<target host="bbcloud.net" />
+	<target host="bbcom.me" />
+	<target host="bbd.link" />
+	<target host="bbdig.it" />
+	<target host="bbel.me" />
+	<target host="bberg.wtf" />
+	<target host="bbes.us" />
+	<target host="bbfo.to" />
+	<target host="bbh.buzz" />
+	<target host="bbi.bz" />
+	<target host="bbi.edu.au" />
+	<target host="bbier.us" />
+	<target host="bbil.co" />
+	<target host="bbits.in" />
+	<target host="bbjo.me" />
+	<target host="bbk.law" />
+	<target host="bble.us" />
+	<target host="bblink.info" />
+	<target host="bbll.us" />
+	<target host="bblnk.com" />
+	<target host="bblox.me" />
+	<target host="bblvg.com" />
+	<target host="bbly.me" />
+	<target host="bbm.ph" />
+	<target host="bbmusic.top" />
+	<target host="bbnk.co" />
+	<target host="bbo.ng" />
+	<target host="bbody.live" />
+	<target host="bbog.me" />
+	<target host="bbrains.co" />
+	<target host="bbru.in" />
+	<target host="bbrush.me" />
+	<target host="bbrwn.co" />
+	<target host="bbry.in" />
+	<target host="bbte.am" />
+	<target host="bbtuna.co" />
+	<target host="bburl.ca" />
+	<target host="bburl.co" />
+	<target host="bbuzz.bz" />
+	<target host="bbva.info" />
+	<target host="bbwwi.de" />
+	<target host="bbxhs.co" />
+	<target host="bbyna.me" />
+	<target host="bbzr.co" />
+	<target host="bbzz.co" />
+	<target host="bc.fot.br" />
+	<target host="bc.goto.top" />
+	<target host="bc.legal" />
+	<target host="bc3.tech" />
+	<target host="bcal.co" />
+	<target host="bcc.la" />
+	<target host="bcc.re" />
+	<target host="bccare.org.uk" />
+	<target host="bcdi.me" />
+	<target host="bcene.ws" />
+	<target host="bcent.fit" />
+	<target host="bcfak.es" />
+	<target host="bcfunky.com" />
+	<target host="bcgk.co" />
+	<target host="bch.me" />
+	<target host="bchbody.life" />
+	<target host="bchnc.org" />
+	<target host="bchnn.co" />
+	<target host="bchns.com" />
+	<target host="bchr.ca" />
+	<target host="bcibl.com" />
+	<target host="bcin.me" />
+	<target host="bcks.us" />
+	<target host="bcktb.co" />
+	<target host="bcktsbrnd.co" />
+	<target host="bclaros.com" />
+	<target host="bcln.us" />
+	<target host="bclub.co" />
+	<target host="bclv.it" />
+	<target host="bcned.in" />
+	<target host="bcnparti.es" />
+	<target host="bcom.io" />
+	<target host="bcoop.co" />
+	<target host="bcov.me" />
+	<target host="bcove.video" />
+	<target host="bcpost.me" />
+	<target host="bcs-mx.com" />
+	<target host="bcs.so" />
+	<target host="bcsc.news" />
+	<target host="bcsocial.news" />
+	<target host="bctents.co" />
+	<target host="bctv.shop" />
+	<target host="bcv.life" />
+	<target host="bd.tapad.com" />
+	<target host="bda.is" />
+	<target host="bdb.berlin" />
+	<target host="bdbd.us" />
+	<target host="bdd.yt" />
+	<target host="bddy.me" />
+	<target host="bde.li" />
+	<target host="bdeleasa.me" />
+	<target host="bdesk.in" />
+	<target host="bdev.io" />
+	<target host="bdg.is" />
+	<target host="bdgr.ws" />
+	<target host="bdgtsvy.co" />
+	<target host="bdhg.com" />
+	<target host="bdhx.uk" />
+	<target host="bdins.co" />
+	<target host="bdirekt.net" />
+	<target host="bdkp.co" />
+	<target host="bdldanse.org" />
+	<target host="bdlink.co" />
+	<target host="bdnsun.ca" />
+	<target host="bdoaus.co" />
+	<target host="bdon.me" />
+	<target host="bdp.de" />
+	<target host="bdpst.me" />
+	<target host="bdra.co" />
+	<target host="bdrck.co" />
+	<target host="bdrsy.com" />
+	<target host="bdrwrds.com" />
+	<target host="bdsams.com" />
+	<target host="bdsdr.me" />
+	<target host="bdsuperhero.es" />
+	<target host="bdtk.co" />
+	<target host="bdtw.co.vu" />
+	<target host="bdtweet.info" />
+	<target host="bdv.bz" />
+	<target host="bdviaj.es" />
+	<target host="bdygrdz.co" />
+	<target host="bdz.fyi" />
+	<target host="be.beperk.com" />
+	<target host="be.dad.com.br" />
+	<target host="be.edn.re" />
+	<target host="be.rtgit.com" />
+	<target host="be.wildmusic.es" />
+	<target host="be4k.ml" />
+	<target host="bea.so" />
+	<target host="beacon.ac" />
+	<target host="beads-ly.com" />
+	<target host="beal.in" />
+	<target host="beanernation.gq" />
+	<target host="beant.in" />
+	<target host="bear.me" />
+	<target host="bear.mynavi.jp" />
+	<target host="beards.life" />
+	<target host="bearpa.ws" />
+	<target host="beas.me" />
+	<target host="beatmec.ca" />
+	<target host="beats.fame.cash" />
+	<target host="beats.is" />
+	<target host="beatwik.com" />
+	<target host="beatzyash.ga" />
+	<target host="beaubrewer.vip" />
+	<target host="beauchr.life" />
+	<target host="beaudo.me" />
+	<target host="beautym.be" />
+	<target host="beautyme.store" />
+	<target host="beautypedia.re" />
+	<target host="beaver.builders" />
+	<target host="beb3ng.ml" />
+	<target host="bebekmovie.ml" />
+	<target host="bebeshoci.bg" />
+	<target host="bebmf.com" />
+	<target host="bebold.im" />
+	<target host="bebold.ly" />
+	<target host="becbc.co.uk" />
+	<target host="becca.io" />
+	<target host="beckag.us" />
+	<target host="becrm.co" />
+	<target host="becs.me" />
+	<target host="becu.us" />
+	<target host="bedeutung.link" />
+	<target host="bedothrive.co" />
+	<target host="bedside.co" />
+	<target host="bee.beesoft.it" />
+	<target host="bee.gg" />
+	<target host="bee.ma" />
+	<target host="bee.st" />
+	<target host="bee.xxxxx.tw" />
+	<target host="beebiosk.in" />
+	<target host="beebuzz.store" />
+	<target host="beech.es" />
+	<target host="beelabs.info" />
+	<target host="beelz.net" />
+	<target host="beerded.link" />
+	<target host="beerjetuk.co" />
+	<target host="beeron.us" />
+	<target host="beers.life" />
+	<target host="bees.fyi" />
+	<target host="beesa.me" />
+	<target host="befnac.be" />
+	<target host="begk.fr" />
+	<target host="beichtha.us" />
+	<target host="beijingea.st" />
+	<target host="beil.dk" />
+	<target host="bejoo.ml" />
+	<target host="bejoyo.us" />
+	<target host="bejr.co" />
+	<target host="bekoe.link" />
+	<target host="bel.vu" />
+	<target host="belai.ch" />
+	<target host="belardi.co" />
+	<target host="beleza.la" />
+	<target host="belibro.ca" />
+	<target host="belk.in" />
+	<target host="bellaatto.us" />
+	<target host="bellaboo.live" />
+	<target host="belma.mx" />
+	<target host="belo.ng" />
+	<target host="belos.vc" />
+	<target host="beltcraft.co" />
+	<target host="bemydo.co" />
+	<target host="ben.ec" />
+	<target host="ben.gd" />
+	<target host="benc.ws" />
+	<target host="benchase.me" />
+	<target host="bendon.co" />
+	<target host="bengc.me" />
+	<target host="benhr.net" />
+	<target host="benj.mn" />
+	<target host="benjamin.li" />
+	<target host="benjerrys.co" />
+	<target host="benjib.link" />
+	<target host="benjm.in" />
+	<target host="benjm.info" />
+	<target host="benland.is" />
+	<target host="benle.co.uk" />
+	<target host="benlik.es" />
+	<target host="benmk.link" />
+	<target host="bennel.ng" />
+	<target host="bennet.link" />
+	<target host="benore.org" />
+	<target host="bensm.it" />
+	<target host="bentolunch.es" />
+	<target host="benw.co" />
+	<target host="benzberger.com" />
+	<target host="benzi.co" />
+	<target host="beon.ws" />
+	<target host="bephoto.id" />
+	<target host="berbang.ga" />
+	<target host="berdy.me" />
+	<target host="berea.link" />
+	<target host="bergnet.ga" />
+	<target host="berho.io" />
+	<target host="berita.papua.us" />
+	<target host="berkah4k.ml" />
+	<target host="berkonl.in" />
+	<target host="berlinint.im" />
+	<target host="berlinow.eu" />
+	<target host="bernicks.co" />
+	<target host="berniewo.ng" />
+	<target host="beroe.live" />
+	<target host="beroeinc.co" />
+	<target host="berre.bi" />
+	<target host="berry.kitchen" />
+	<target host="berryins.com" />
+	<target host="berrysm.art" />
+	<target host="bersam.org" />
+	<target host="berserk.me" />
+	<target host="bersinar.ml" />
+	<target host="berta.it" />
+	<target host="berthamag.us" />
+	<target host="besocial.io" />
+	<target host="bespokesu.it" />
+	<target host="best-cinema.ga" />
+	<target host="best-cinema.ml" />
+	<target host="best-guidtvz.ml" />
+	<target host="best-rehab.pro" />
+	<target host="best-series.cf" />
+	<target host="best-series.ml" />
+	<target host="best-shows.ml" />
+	<target host="best-tv.gq" />
+	<target host="best-vevo.ml" />
+	<target host="best4.us" />
+	<target host="best4kuhd.ml" />
+	<target host="bestbass.gr" />
+	<target host="bestbets.co" />
+	<target host="bestf.it" />
+	<target host="bestiv.al" />
+	<target host="bestmovi3.ml" />
+	<target host="bestofhc.com" />
+	<target host="bestseries.ga" />
+	<target host="beststar.ml" />
+	<target host="bet.us" />
+	<target host="beta.funds.wf" />
+	<target host="beta.io" />
+	<target host="beta.navineo.in" />
+	<target host="beta.thotex.com" />
+	<target host="beta.works" />
+	<target host="betches.co" />
+	<target host="beth.games" />
+	<target host="bethl.hm" />
+	<target host="betland.mobi" />
+	<target host="betmo.me" />
+	<target host="betsta.rs" />
+	<target host="bett.to" />
+	<target host="bett.us" />
+	<target host="bettermh.com" />
+	<target host="bettersk.in" />
+	<target host="betto.me" />
+	<target host="betvic.to" />
+	<target host="betway.mx" />
+	<target host="betzold.biz" />
+	<target host="beukhd.ml" />
+	<target host="bev.click" />
+	<target host="bevsit.es" />
+	<target host="bevy.media" />
+	<target host="bex.is" />
+	<target host="bexpress.info" />
+	<target host="bey-z.com" />
+	<target host="beykoz.link" />
+	<target host="bez.uz" />
+	<target host="bezzo.gq" />
+	<target host="bfac.to" />
+	<target host="bface.es" />
+	<target host="bfd.me" />
+	<target host="bfec.sg" />
+	<target host="bfgmexi.co" />
+	<target host="bfgoodri.ch" />
+	<target host="bfgtir.es" />
+	<target host="bflscans.com" />
+	<target host="bfmh.rocks" />
+	<target host="bfmo.us" />
+	<target host="bfoot.co" />
+	<target host="bforge.me" />
+	<target host="bfpeo.pl" />
+	<target host="bfpne.ws" />
+	<target host="bfps.co" />
+	<target host="bfr.li" />
+	<target host="bfred.us" />
+	<target host="bfrow.co" />
+	<target host="bfsale.co.uk" />
+	<target host="bfvr.co" />
+	<target host="bfx.li" />
+	<target host="bfzr.de" />
+	<target host="bg.gy" />
+	<target host="bg4.me" />
+	<target host="bgap.co" />
+	<target host="bgav.me" />
+	<target host="bgbl.us" />
+	<target host="bgbr.in" />
+	<target host="bgbrow.co" />
+	<target host="bgcd.co" />
+	<target host="bgdl.org" />
+	<target host="bge.im" />
+	<target host="bgell.me" />
+	<target host="bgf.st" />
+	<target host="bgf.to" />
+	<target host="bgg2wl.com" />
+	<target host="bggk.co" />
+	<target host="bghl.co" />
+	<target host="bgi.io" />
+	<target host="bgifx.co" />
+	<target host="bgmb.me" />
+	<target host="bgo.tips" />
+	<target host="bgowest.mp" />
+	<target host="bgr.rocks" />
+	<target host="bgrds.com" />
+	<target host="bgvideos.net" />
+	<target host="bgzlle.com" />
+	<target host="bh-p.co" />
+	<target host="bh.bh" />
+	<target host="bh.gg" />
+	<target host="bh.ht" />
+	<target host="bhap.ca" />
+	<target host="bhat.me" />
+	<target host="bhawk.me" />
+	<target host="bhbs.co" />
+	<target host="bhchk.in" />
+	<target host="bhe.fm" />
+	<target host="bhfdn.in" />
+	<target host="bhfrank.me" />
+	<target host="bhg.re" />
+	<target host="bhhc.co" />
+	<target host="bhiner.co" />
+	<target host="bhipr.co" />
+	<target host="bhl.so" />
+	<target host="bhnk.co" />
+	<target host="bhnmag.co" />
+	<target host="bhoot.biz" />
+	<target host="bhp.fyi" />
+	<target host="bhpho.to" />
+	<target host="bhtt.co" />
+	<target host="bhupesh.cf" />
+	<target host="bhusal.com.np" />
+	<target host="bhv.io" />
+	<target host="bi.treetop.to" />
+	<target host="bia.me" />
+	<target host="biab.to" />
+	<target host="bibbs.li" />
+	<target host="bibl.es" />
+	<target host="bibl.me" />
+	<target host="bible.scot" />
+	<target host="biblea.sk" />
+	<target host="bice.us" />
+	<target host="bicy.co" />
+	<target host="biddl.me" />
+	<target host="biddul.ph" />
+	<target host="biel.ski" />
+	<target host="bienfilm.co.vu" />
+	<target host="bienst.info" />
+	<target host="biesjr.nl" />
+	<target host="bifra.me" />
+	<target host="big12.us" />
+	<target host="bigba.sh" />
+	<target host="bigbass.ly" />
+	<target host="bigbite.link" />
+	<target host="bigbola.me" />
+	<target host="bigbrand.info" />
+	<target host="bigcr.eu" />
+	<target host="bigde.al" />
+	<target host="bigez.it" />
+	<target host="bigfi.sh" />
+	<target host="bigflavors.co" />
+	<target host="biggy.tv" />
+	<target host="bigiron.bid" />
+	<target host="bigmack.co" />
+	<target host="bigmovie21.tk" />
+	<target host="bigmovies.ml" />
+	<target host="bigp.in" />
+	<target host="bigrvrsolutn.uk" />
+	<target host="bigseb.me" />
+	<target host="bigtop.shop" />
+	<target host="biia.rocks" />
+	<target host="bijudama4k.ml" />
+	<target host="bike.sh" />
+	<target host="bike2.me" />
+	<target host="bikerbuzz.info" />
+	<target host="bikerspost.it" />
+	<target host="biketr.co" />
+	<target host="bikin.ch" />
+	<target host="bikkel.it" />
+	<target host="bikoreshet.info" />
+	<target host="bilbe.co" />
+	<target host="biletini.al" />
+	<target host="bilisim.tech" />
+	<target host="bill.coffee" />
+	<target host="bill.st" />
+	<target host="billie.codes" />
+	<target host="billk.xyz" />
+	<target host="billyver.de" />
+	<target host="billz.bz" />
+	<target host="bilqubil.ml" />
+	<target host="bimedu.pl" />
+	<target host="bimnu.ml" />
+	<target host="binaer.at" />
+	<target host="bind.ga" />
+	<target host="bind.re" />
+	<target host="binder.ga" />
+	<target host="binged.it" />
+	<target host="bingh.am" />
+	<target host="bins.onl" />
+	<target host="binxblog.com" />
+	<target host="bio-one.co" />
+	<target host="bio.tv" />
+	<target host="biocat.ch" />
+	<target host="bioextrat.us" />
+	<target host="biol.co" />
+	<target host="biopt.co" />
+	<target host="bioscop7.ga" />
+	<target host="bioti.ca" />
+	<target host="biotn.ca" />
+	<target host="biozy.me" />
+	<target host="bip.education" />
+	<target host="birahi4khd.ml" />
+	<target host="birch.ly" />
+	<target host="birdi.ng" />
+	<target host="birdsville.pub" />
+	<target host="birw.in" />
+	<target host="bismillahsmt.tk" />
+	<target host="bit-url.info" />
+	<target host="bit.0.md" />
+	<target host="bit.2st.com" />
+	<target host="bit.agme.com.mx" />
+	<target host="bit.andyrus.ch" />
+	<target host="bit.bhamani.com" />
+	<target host="bit.btigroup.tk" />
+	<target host="bit.cassiano.me" />
+	<target host="bit.cheang.tk" />
+	<target host="bit.chromy.org" />
+	<target host="bit.corq.co" />
+	<target host="bit.crick.me" />
+	<target host="bit.dirigent.jp" />
+	<target host="bit.dotarai.com" />
+	<target host="bit.drte.ch" />
+	<target host="bit.edb.co.il" />
+	<target host="bit.edj.ink" />
+	<target host="bit.encous.com" />
+	<target host="bit.five8.co" />
+	<target host="bit.fosk.it" />
+	<target host="bit.gibo.co.uk" />
+	<target host="bit.glennbb.uk" />
+	<target host="bit.glu.com" />
+	<target host="bit.groke.se" />
+	<target host="bit.hb.tc" />
+	<target host="bit.ibee.se" />
+	<target host="bit.icoff.ee" />
+	<target host="bit.ilya2606.ru" />
+	<target host="bit.imanel.net" />
+	<target host="bit.imprev.net" />
+	<target host="bit.infra.link" />
+	<target host="bit.iqbits.net" />
+	<target host="bit.ishake.me" />
+	<target host="bit.jamm.ly" />
+	<target host="bit.jawling.com" />
+	<target host="bit.jbjs.org" />
+	<target host="bit.kenh12.com" />
+	<target host="bit.kissa.jp" />
+	<target host="bit.lnhrt.com" />
+	<target host="bit.loak.org" />
+	<target host="bit.miku.nyc" />
+	<target host="bit.mrockz.com" />
+	<target host="bit.mrua.eu.org" />
+	<target host="bit.ms" />
+	<target host="bit.mtbird.com" />
+	<target host="bit.nacao.us" />
+	<target host="bit.nyas.org" />
+	<target host="bit.ocuw.org" />
+	<target host="bit.ol.ly" />
+	<target host="bit.ottvideo.me" />
+	<target host="bit.pregame.com" />
+	<target host="bit.prime.pt" />
+	<target host="bit.rhumbix.com" />
+	<target host="bit.rummel.co" />
+	<target host="bit.sadeli.com" />
+	<target host="bit.santucci.co" />
+	<target host="bit.seo4.net" />
+	<target host="bit.shuatek.com" />
+	<target host="bit.skyjedi.com" />
+	<target host="bit.sulliops.co" />
+	<target host="bit.svb.com" />
+	<target host="bit.tdf.org" />
+	<target host="bit.threekb.com" />
+	<target host="bit.tm" />
+	<target host="bit.tr.eco.br" />
+	<target host="bit.utoft.org" />
+	<target host="bit.uvm.edu" />
+	<target host="bit.vlee.me.uk" />
+	<target host="bit.wetap.com" />
+	<target host="bit.xorated.com" />
+	<target host="bit2bit.us" />
+	<target host="bitcoi.net" />
+	<target host="bitcoinized.com" />
+	<target host="bitel.pe" />
+	<target host="bitly.axper.pw" />
+	<target host="bitly.bramp.net" />
+	<target host="bitly.build" />
+	<target host="bitly.buzz" />
+	<target host="bitly.cioa.com" />
+	<target host="bitly.elms.edu" />
+	<target host="bitly.events" />
+	<target host="bitly.expert" />
+	<target host="bitly.gag.gl" />
+	<target host="bitly.hack.gt" />
+	<target host="bitly.hber.nl" />
+	<target host="bitly.ibsa.org" />
+	<target host="bitly.icf.io" />
+	<target host="bitly.is" />
+	<target host="bitly.is-gre.at" />
+	<target host="bitly.jenei.net" />
+	<target host="bitly.jgid.de" />
+	<target host="bitly.kwolsz.pl" />
+	<target host="bitly.mtm.video" />
+	<target host="bitly.myhaus.us" />
+	<target host="bitly.oaland.jp" />
+	<target host="bitly.pdtosc.it" />
+	<target host="bitly.ploni.com" />
+	<target host="bitly.pro" />
+	<target host="bitly.qa" />
+	<target host="bitly.report" />
+	<target host="bitly.tk" />
+	<target host="bitly.upslon.cc" />
+	<target host="bitly.vdaele.be" />
+	<target host="bitly.wg9s.com" />
+	<target host="bitly.zhd.co" />
+	<target host="bitlydemo.xyz" />
+	<target host="bitm.nu" />
+	<target host="bitn.am" />
+	<target host="bitnb.co" />
+	<target host="bitpix.digital" />
+	<target host="bitrhym.es" />
+	<target host="bits.1019.in" />
+	<target host="bits.awaits.me" />
+	<target host="bits.indiv.io" />
+	<target host="bits.nad.me" />
+	<target host="bits.zujev.eu" />
+	<target host="bitsig.ht" />
+	<target host="bitspi.re" />
+	<target host="bittub.es" />
+	<target host="bittuil.co.vu" />
+	<target host="bity.pw" />
+	<target host="biwacm.xyz" />
+	<target host="biz.rice.edu" />
+	<target host="biza.gi" />
+	<target host="bizba.sh" />
+	<target host="bizboo.st" />
+	<target host="bizf.us" />
+	<target host="bizlaw.guru" />
+	<target host="bizne.ws" />
+	<target host="biznessed.co.uk" />
+	<target host="bizsoc.media" />
+	<target host="bizta.lk" />
+	<target host="bizx.me" />
+	<target host="bizz.by" />
+	<target host="bizzy.in" />
+	<target host="bjack.ca" />
+	<target host="bjc.link" />
+	<target host="bjf.me" />
+	<target host="bjjgy.ms" />
+	<target host="bjmn.co" />
+	<target host="bjns.ca" />
+	<target host="bjournal.id" />
+	<target host="bjrbcn.com" />
+	<target host="bjre.me" />
+	<target host="bk.digital" />
+	<target host="bkate.me" />
+	<target host="bkck.fr" />
+	<target host="bkflpflm.us" />
+	<target host="bkhse.me" />
+	<target host="bkle.in" />
+	<target host="bkleon.site" />
+	<target host="bklsm.shop" />
+	<target host="bklt.org" />
+	<target host="bkltr.it" />
+	<target host="bkm.ag" />
+	<target host="bkmc.me" />
+	<target host="bkng.it" />
+	<target host="bknot.com" />
+	<target host="bkolb.me" />
+	<target host="bkp.al" />
+	<target host="bkpr.no" />
+	<target host="bkps.us" />
+	<target host="bkr.mn" />
+	<target host="bkr.st" />
+	<target host="bkra.ch" />
+	<target host="bkrv.ru" />
+	<target host="bksp.es" />
+	<target host="bkst.ch" />
+	<target host="bkstge.at" />
+	<target host="bktwtr.us" />
+	<target host="bkubr.in" />
+	<target host="bl.3ara.be" />
+	<target host="bl.asaez.eu" />
+	<target host="bl.bmulley.com" />
+	<target host="bl.hostinfr.com" />
+	<target host="bl.ifm.io" />
+	<target host="bl.inbia.org" />
+	<target host="bl.kasterma.net" />
+	<target host="bl.lead.energy" />
+	<target host="bl.pcma.org" />
+	<target host="bl.rtm.tv" />
+	<target host="bl.vosjero.me" />
+	<target host="bl.zoogis.com" />
+	<target host="bl101.co" />
+	<target host="bl4ktukhd.ml" />
+	<target host="bla1ze.me" />
+	<target host="blackduck.io" />
+	<target host="blackfilm4k.ml" />
+	<target host="blackhair.cc" />
+	<target host="blackm.ac" />
+	<target host="blaene.rs" />
+	<target host="blaiz.be" />
+	<target host="blake.mn" />
+	<target host="blakino.la" />
+	<target host="blana.ru" />
+	<target host="blanqi.me" />
+	<target host="blaq.net" />
+	<target host="blaq.tv" />
+	<target host="blaze-4k.ml" />
+	<target host="blb.tl" />
+	<target host="blbrd.co" />
+	<target host="blbrd.ph" />
+	<target host="blck.by" />
+	<target host="blck.sh" />
+	<target host="blck.us" />
+	<target host="blckc.hn" />
+	<target host="blckwd.ca" />
+	<target host="blcr.me" />
+	<target host="blcrft.us" />
+	<target host="blcw.me" />
+	<target host="bld.cm" />
+	<target host="bld.me" />
+	<target host="bld.pm" />
+	<target host="bld.to" />
+	<target host="bldht.co" />
+	<target host="bldk.nl" />
+	<target host="bldn.gr" />
+	<target host="bldnk.co" />
+	<target host="bldtrk.io" />
+	<target host="ble.ac" />
+	<target host="bleblanc.co" />
+	<target host="bleecker.me" />
+	<target host="blendle.link" />
+	<target host="blf.foundation" />
+	<target host="blfmag.com" />
+	<target host="blfo.co" />
+	<target host="blgr.us.to" />
+	<target host="blgspohd83.ml" />
+	<target host="blgtm.ch" />
+	<target host="blgwd.us" />
+	<target host="blim.co" />
+	<target host="blinc.media" />
+	<target host="blip.sh" />
+	<target host="blirdumed.no" />
+	<target host="blirn.co" />
+	<target host="blirt.ly" />
+	<target host="blis.news" />
+	<target host="bliste.in" />
+	<target host="blitz.link" />
+	<target host="blizz.ly" />
+	<target host="blj.me" />
+	<target host="blk.is" />
+	<target host="blk.sh" />
+	<target host="blkarb.se" />
+	<target host="blkbld.uk" />
+	<target host="blkch.co" />
+	<target host="blkd.md" />
+	<target host="blkduk.io" />
+	<target host="blke.co" />
+	<target host="blkshp.link" />
+	<target host="bll.bz" />
+	<target host="bll.pet" />
+	<target host="blls.ie" />
+	<target host="blmbra.in" />
+	<target host="blmd.me" />
+	<target host="blmg.co" />
+	<target host="blmt.ht" />
+	<target host="blmyo.com" />
+	<target host="bln.kr" />
+	<target host="blnce.co.uk" />
+	<target host="blnd.io" />
+	<target host="blndall.com" />
+	<target host="blnds.cm" />
+	<target host="blng.co" />
+	<target host="blnk.it" />
+	<target host="blnk.st" />
+	<target host="blnqr.me" />
+	<target host="blnr.co" />
+	<target host="blns.in" />
+	<target host="block.ly" />
+	<target host="bloegpohd4.ml" />
+	<target host="blog.blgrd.co" />
+	<target host="blog.borrel.li" />
+	<target host="blog.edexis.com" />
+	<target host="blog.inclou.de" />
+	<target host="blog.pop.watch" />
+	<target host="blog.twkn.org" />
+	<target host="blog.wczerni.pl" />
+	<target host="blogalego.com" />
+	<target host="blogcr.co" />
+	<target host="blogdomello.co" />
+	<target host="blogfe.cf" />
+	<target host="bloggerr.in" />
+	<target host="blogging.im" />
+	<target host="blogi.pspr.fi" />
+	<target host="blogmhm.com.br" />
+	<target host="blognegras.org" />
+	<target host="blogon.me" />
+	<target host="blogp.ws" />
+	<target host="blogwzrd.me" />
+	<target host="blomretail.co" />
+	<target host="bloom.bg" />
+	<target host="bloom470.link" />
+	<target host="bloombg.org" />
+	<target host="bloomm.link" />
+	<target host="bloomy.io" />
+	<target host="bloomz.us" />
+	<target host="blow-ex.com" />
+	<target host="blowm.no" />
+	<target host="blowup.co" />
+	<target host="blox.ly" />
+	<target host="blp.me" />
+	<target host="blpwl.it" />
+	<target host="bls.properties" />
+	<target host="bls.tn" />
+	<target host="blsmd.uk" />
+	<target host="blsmus.com" />
+	<target host="blspy.co" />
+	<target host="blsr.co" />
+	<target host="blssd.link" />
+	<target host="blst.io" />
+	<target host="blt.plus" />
+	<target host="bltprf.net" />
+	<target host="blu.gl" />
+	<target host="blu.mn" />
+	<target host="blu.tips" />
+	<target host="blubb.eu" />
+	<target host="bluco.at" />
+	<target host="bludata.click" />
+	<target host="blue-ray.cf" />
+	<target host="blue-ray.ga" />
+	<target host="blue.ag" />
+	<target host="blue1.pspr.fi" />
+	<target host="blueb.us" />
+	<target host="bluebirdk.com" />
+	<target host="bluebox.live" />
+	<target host="bluech.lk" />
+	<target host="bluecu.be" />
+	<target host="bluedata.us" />
+	<target host="bluegur.us" />
+	<target host="bluejean.online" />
+	<target host="bluemfy.com" />
+	<target host="bluepr.in" />
+	<target host="blueskydigit.al" />
+	<target host="bluet.hm" />
+	<target host="bluetoothit.com" />
+	<target host="bluetrain.me" />
+	<target host="bluewalr.us" />
+	<target host="bluewi.re" />
+	<target host="bluff.house" />
+	<target host="blujazz.co" />
+	<target host="blul.at" />
+	<target host="blur.by" />
+	<target host="blushi.co" />
+	<target host="blusigd.es" />
+	<target host="blutv.co" />
+	<target host="bluvelvtg.com" />
+	<target host="bluwav.uk" />
+	<target host="blv.mx" />
+	<target host="blvd.ly" />
+	<target host="blve.in" />
+	<target host="blvr.uk" />
+	<target host="blx.co" />
+	<target host="bly.volution.ro" />
+	<target host="blynr.com" />
+	<target host="bm.ashokg.com" />
+	<target host="bm.sarras.net" />
+	<target host="bmax.co" />
+	<target host="bmayfld.us" />
+	<target host="bmbl.bz" />
+	<target host="bmbl.us" />
+	<target host="bmboo.info" />
+	<target host="bmcadam.com" />
+	<target host="bmcb.us" />
+	<target host="bmcfadden.me" />
+	<target host="bmcg.us" />
+	<target host="bmcknz.ie" />
+	<target host="bmdg.us" />
+	<target host="bmdo.ca" />
+	<target host="bmdr.cf" />
+	<target host="bmech.us" />
+	<target host="bmed.it" />
+	<target host="bmedia.info" />
+	<target host="bmic.ro" />
+	<target host="bml.io" />
+	<target host="bmlau.io" />
+	<target host="bmlink.nl" />
+	<target host="bmlnk.co" />
+	<target host="bmmm.fr" />
+	<target host="bmn.cc" />
+	<target host="bmntsys.tm" />
+	<target host="bmo.re" />
+	<target host="bmovie.co.vu" />
+	<target host="bmp.im" />
+	<target host="bmp.social" />
+	<target host="bmpr.ca" />
+	<target host="bmr.link" />
+	<target host="bms.so" />
+	<target host="bms.tips" />
+	<target host="bmsh.co" />
+	<target host="bmsp.in" />
+	<target host="bmst.co" />
+	<target host="bmt.dj" />
+	<target host="bmtn.us" />
+	<target host="bmtwn.us" />
+	<target host="bmuir.com" />
+	<target host="bmvis.co" />
+	<target host="bmwk.me" />
+	<target host="bmwmoa.club" />
+	<target host="bnch.me" />
+	<target host="bnck.co" />
+	<target host="bnd.la" />
+	<target host="bnd.li" />
+	<target host="bnds.in" />
+	<target host="bnds.infos.st" />
+	<target host="bnds.me" />
+	<target host="bndspn.com" />
+	<target host="bne.cc" />
+	<target host="bnea.se" />
+	<target host="bnet.io" />
+	<target host="bnft.io" />
+	<target host="bng1st.co" />
+	<target host="bngeni.us" />
+	<target host="bngl.es" />
+	<target host="bnhd.me" />
+	<target host="bnhealth.li" />
+	<target host="bnj.nl" />
+	<target host="bnjm.in" />
+	<target host="bnjmn.al" />
+	<target host="bnjmn.pw" />
+	<target host="bnk.rs" />
+	<target host="bnkd.me" />
+	<target host="bnkmd.co" />
+	<target host="bnkr.tk" />
+	<target host="bnkrt.co" />
+	<target host="bnksm.pl" />
+	<target host="bnm.my" />
+	<target host="bnmov.gq" />
+	<target host="bnolan.co" />
+	<target host="bnow.is" />
+	<target host="bnppf.be" />
+	<target host="bnpr.news" />
+	<target host="bnq1.nl" />
+	<target host="bnr.mn" />
+	<target host="bns.ai" />
+	<target host="bnss.cf" />
+	<target host="bnst.lk" />
+	<target host="bnve.co" />
+	<target host="bny.mn" />
+	<target host="bnz.co" />
+	<target host="bnzr.shop" />
+	<target host="bo.st" />
+	<target host="bo4.me" />
+	<target host="boag.me" />
+	<target host="boarded.in" />
+	<target host="boau.link" />
+	<target host="boaz.pro" />
+	<target host="bob.re" />
+	<target host="bobbuzz.me.uk" />
+	<target host="bobbyshar.ma" />
+	<target host="bobmob.rocks" />
+	<target host="bobotoh.ml" />
+	<target host="bobotoh.tk" />
+	<target host="bobw.io" />
+	<target host="bobwp.us" />
+	<target host="boc.im" />
+	<target host="bod.fitness" />
+	<target host="bod0g0l.ga" />
+	<target host="bodhitree.ly" />
+	<target host="bodw.info" />
+	<target host="body.mn" />
+	<target host="bodyandf.it" />
+	<target host="bodybd.co" />
+	<target host="bodyenf.it" />
+	<target host="bodyfi.me" />
+	<target host="boe.is" />
+	<target host="boem.sk" />
+	<target host="bogley.me" />
+	<target host="boi.st" />
+	<target host="boj.im" />
+	<target host="bojangl.es" />
+	<target host="bokap.it" />
+	<target host="bokeh.rocks" />
+	<target host="bokno.ws" />
+	<target host="bold.so" />
+	<target host="boldar.co" />
+	<target host="boldblue.info" />
+	<target host="boldinter.net" />
+	<target host="boldt.in" />
+	<target host="boles.co" />
+	<target host="boleti.us" />
+	<target host="boligtxt.no" />
+	<target host="bolli24.tk" />
+	<target host="bolman.co" />
+	<target host="bolsbols.ml" />
+	<target host="bolsos.co" />
+	<target host="boltn.co" />
+	<target host="boltonsc.uk" />
+	<target host="bom-wasit.ml" />
+	<target host="bomb.bz" />
+	<target host="bombe.rs" />
+	<target host="bonbonbl.eu" />
+	<target host="bondsa.us" />
+	<target host="bondstheo.uk" />
+	<target host="bonecresh4k.ml" />
+	<target host="bonefi.sh" />
+	<target host="bonfi.de" />
+	<target host="bonni.ci" />
+	<target host="bonpon.xyz" />
+	<target host="bonsai.gq" />
+	<target host="booboodates.com" />
+	<target host="boogn.at" />
+	<target host="booh.ai" />
+	<target host="book.gohhh.com" />
+	<target host="book.tf" />
+	<target host="book.zuo.center" />
+	<target host="booki.ng" />
+	<target host="bookie.deals" />
+	<target host="bookorget.info" />
+	<target host="boomally.org" />
+	<target host="booo.ms" />
+	<target host="boop.to" />
+	<target host="boost.32s.vn" />
+	<target host="bor.bz" />
+	<target host="bor.to" />
+	<target host="borala.coach" />
+	<target host="boraxin.co.vu" />
+	<target host="borda.do" />
+	<target host="bori.ml" />
+	<target host="born2.science" />
+	<target host="borns.co" />
+	<target host="borntotri.uk" />
+	<target host="bose.life" />
+	<target host="bose.sx" />
+	<target host="bosh.me" />
+	<target host="bossup.us" />
+	<target host="boston25.com" />
+	<target host="bostonit.info" />
+	<target host="bostuyul.ml" />
+	<target host="bosuil.eu" />
+	<target host="bot.djurl.co.uk" />
+	<target host="bot.id" />
+	<target host="bothsid.es" />
+	<target host="botm.co" />
+	<target host="bouch.co" />
+	<target host="bougn.at" />
+	<target host="bouman.xyz" />
+	<target host="bouncie.me" />
+	<target host="bouq.it" />
+	<target host="bourd.ml" />
+	<target host="bourde.la" />
+	<target host="bourn.co" />
+	<target host="bout4khd.ml" />
+	<target host="boveda.me" />
+	<target host="bovts.me" />
+	<target host="bow.life" />
+	<target host="bowenp.rs" />
+	<target host="bowery.farm" />
+	<target host="bowie.it" />
+	<target host="bowl.today" />
+	<target host="box-star.ml" />
+	<target host="box.bzh" />
+	<target host="box.repsol.info" />
+	<target host="box.twoshots.pl" />
+	<target host="boxs.cf" />
+	<target host="boxtr.co" />
+	<target host="boxuice.ml" />
+	<target host="boyb.me" />
+	<target host="boybrew.co" />
+	<target host="boyerurl.ca" />
+	<target host="boyn.co" />
+	<target host="boyr.it" />
+	<target host="boyshout.com" />
+	<target host="bozho.co" />
+	<target host="bpa.lc" />
+	<target host="bpaca.fr" />
+	<target host="bpat.tk" />
+	<target host="bpaz.me" />
+	<target host="bpcdc.org" />
+	<target host="bpckt.io" />
+	<target host="bpcn.info" />
+	<target host="bpfr.at" />
+	<target host="bpg.tips" />
+	<target host="bpls.ml" />
+	<target host="bpop.pr" />
+	<target host="bpopne.ws" />
+	<target host="bppi.hu" />
+	<target host="bppub.net" />
+	<target host="bpr1.tk" />
+	<target host="bprwra.ga" />
+	<target host="bpt.st" />
+	<target host="bptfit.co" />
+	<target host="bpurl.tk" />
+	<target host="bpwr.co" />
+	<target host="bpwsk.ca" />
+	<target host="bpxl.me" />
+	<target host="bqknews.com" />
+	<target host="bqwer.ml" />
+	<target host="br-perth.com.au" />
+	<target host="br.aini.ac" />
+	<target host="br.mzprime.com" />
+	<target host="br.shone.id.au" />
+	<target host="br1.es" />
+	<target host="br1.me" />
+	<target host="br2.ac" />
+	<target host="brac.co" />
+	<target host="brad.ist" />
+	<target host="brad.mn" />
+	<target host="braderhd.ml" />
+	<target host="braders.ml" />
+	<target host="bradh.us" />
+	<target host="bradjust.us" />
+	<target host="bradv.us" />
+	<target host="bragl.co" />
+	<target host="brain.lc" />
+	<target host="brajamusti.ml" />
+	<target host="bram.se" />
+	<target host="brandaid.it" />
+	<target host="brandcrun.ch" />
+	<target host="brandhd.ml" />
+	<target host="brandify.link" />
+	<target host="brandn.co" />
+	<target host="brando.nyc" />
+	<target host="brando.ws" />
+	<target host="brant.news" />
+	<target host="brask.cc" />
+	<target host="brass.clothing" />
+	<target host="braut.io" />
+	<target host="bravelc.com" />
+	<target host="bravo.ly" />
+	<target host="bravou.re" />
+	<target host="braz.me" />
+	<target host="brblck.com" />
+	<target host="brbs.co" />
+	<target host="brcc.coffee" />
+	<target host="brclo.com" />
+	<target host="brcproducts.net" />
+	<target host="brd.camp" />
+	<target host="brd.gs" />
+	<target host="brdcstlinks.com" />
+	<target host="brdfrd.com" />
+	<target host="brdg.es" />
+	<target host="brdg.one" />
+	<target host="brdgtl.in" />
+	<target host="brdh.se" />
+	<target host="brdr.us" />
+	<target host="brds.tw" />
+	<target host="brdvw.com" />
+	<target host="brdy.co" />
+	<target host="brdy.in" />
+	<target host="breakawayvr.com" />
+	<target host="brec.us" />
+	<target host="breh.mx" />
+	<target host="breider.net" />
+	<target host="brek.co" />
+	<target host="brena.us" />
+	<target host="brendond.es" />
+	<target host="breon.co" />
+	<target host="bresl.in" />
+	<target host="breslow.im" />
+	<target host="bressi.link" />
+	<target host="bretly.us" />
+	<target host="brew4.us" />
+	<target host="brewery.show" />
+	<target host="brewok.ml" />
+	<target host="brewsne.ws" />
+	<target host="brez.link" />
+	<target host="brfc.us" />
+	<target host="brfd.nl" />
+	<target host="brflg.com" />
+	<target host="brg.tl" />
+	<target host="brgall.ml" />
+	<target host="brgo.xyz" />
+	<target host="brgsgrprty.com" />
+	<target host="brgss.co" />
+	<target host="bri.gd" />
+	<target host="bri.space" />
+	<target host="bri.st" />
+	<target host="bria.im" />
+	<target host="brian.pe" />
+	<target host="brianb.tech" />
+	<target host="brianog.net" />
+	<target host="brians.photos" />
+	<target host="briant.ml" />
+	<target host="brianto.ga" />
+	<target host="brib.us" />
+	<target host="bricew.me" />
+	<target host="brick.st" />
+	<target host="bride.st" />
+	<target host="bridge.do" />
+	<target host="bridge.io" />
+	<target host="bridgeinvest.in" />
+	<target host="bridget.mp" />
+	<target host="bridle.in" />
+	<target host="bridsmd.us" />
+	<target host="brief.vet" />
+	<target host="brigade.blog" />
+	<target host="brilli.jp" />
+	<target host="brilli.link" />
+	<target host="brin.ga" />
+	<target host="brin.me" />
+	<target host="bringup.site" />
+	<target host="brionf.in" />
+	<target host="bris.so" />
+	<target host="brisheat.com" />
+	<target host="brislions.com" />
+	<target host="brit.sh" />
+	<target host="british-tv.ga" />
+	<target host="british-tv.tk" />
+	<target host="britsc.nl" />
+	<target host="briztech.tk" />
+	<target host="brkcv.com" />
+	<target host="brkg.at" />
+	<target host="brkl.in" />
+	<target host="brkly.ca" />
+	<target host="brkn.gs" />
+	<target host="brkn.in" />
+	<target host="brkncrcl.es" />
+	<target host="brknstock.com" />
+	<target host="brko.se" />
+	<target host="brkp.tv" />
+	<target host="brkth.ru" />
+	<target host="brkv.ch" />
+	<target host="brli.co" />
+	<target host="brli.ga" />
+	<target host="brln.be" />
+	<target host="brlnt.co" />
+	<target host="brlyavg.com" />
+	<target host="brlyco.de" />
+	<target host="brml.co" />
+	<target host="brmm.ag" />
+	<target host="brmn.us" />
+	<target host="brmo.ca" />
+	<target host="brmo.co" />
+	<target host="brmtrcs.io" />
+	<target host="brnbnd.be" />
+	<target host="brnch.co" />
+	<target host="brnd.it" />
+	<target host="brndlss.life" />
+	<target host="brnfam.us" />
+	<target host="brnk.li" />
+	<target host="brnt.cr" />
+	<target host="brntpb.st" />
+	<target host="brnw.ch" />
+	<target host="brnz.co" />
+	<target host="bro.lv" />
+	<target host="broadly.com.de" />
+	<target host="brobible.it" />
+	<target host="brobx.com" />
+	<target host="brockh.at" />
+	<target host="brocki.me" />
+	<target host="broco.link" />
+	<target host="broderick.cc" />
+	<target host="brodi.es" />
+	<target host="brodim.ru" />
+	<target host="brog.co" />
+	<target host="broll.be" />
+	<target host="brook.gs" />
+	<target host="brookti.de" />
+	<target host="broonzer.xyz" />
+	<target host="brplus.digital" />
+	<target host="brrebellion.com" />
+	<target host="brrk.co" />
+	<target host="brrl.it" />
+	<target host="brry.me" />
+	<target host="brs.li" />
+	<target host="brshar.es" />
+	<target host="brsta.co" />
+	<target host="brstyl.es" />
+	<target host="brt.bz" />
+	<target host="brt.gs" />
+	<target host="brtbox.com" />
+	<target host="brtdr.com" />
+	<target host="brtedg.co" />
+	<target host="brthr.co" />
+	<target host="brtn.me" />
+	<target host="brtrb.de" />
+	<target host="brtrk.co" />
+	<target host="brtv.tk" />
+	<target host="brtv.uk" />
+	<target host="bru.bz" />
+	<target host="bru.gl" />
+	<target host="brucebeck.camp" />
+	<target host="brucerobison.us" />
+	<target host="brugcekflix.ml" />
+	<target host="brukh.link" />
+	<target host="brulte.co" />
+	<target host="bruna.club" />
+	<target host="bruni.co" />
+	<target host="brunoavi.la" />
+	<target host="brusimm.org" />
+	<target host="brviv.nl" />
+	<target host="brvn.net" />
+	<target host="brvry.me" />
+	<target host="brvts.com" />
+	<target host="brwn.ps" />
+	<target host="brwsdrs.co" />
+	<target host="brwtk.co" />
+	<target host="brx.co" />
+	<target host="brxcen.com" />
+	<target host="bry.life" />
+	<target host="bry.vc" />
+	<target host="brymge.net" />
+	<target host="bryton.news" />
+	<target host="brz.io" />
+	<target host="brzn.io" />
+	<target host="bs09.de" />
+	<target host="bsaa.co" />
+	<target host="bsak.ae" />
+	<target host="bsalmon.us" />
+	<target host="bsan.co" />
+	<target host="bsan.es" />
+	<target host="bsan.eu" />
+	<target host="bsap.me" />
+	<target host="bsaw.cc" />
+	<target host="bsawth.link" />
+	<target host="bschff.de" />
+	<target host="bschoon.me" />
+	<target host="bscthnkng.de" />
+	<target host="bsd.show" />
+	<target host="bsea.co" />
+	<target host="bsess.co" />
+	<target host="bsgd.me" />
+	<target host="bsht.us" />
+	<target host="bsi.tips" />
+	<target host="bsik.io" />
+	<target host="bsim.info" />
+	<target host="bsirm.com" />
+	<target host="bsite.cc" />
+	<target host="bslatl.com" />
+	<target host="bslw.it" />
+	<target host="bslwrld.co" />
+	<target host="bsng.me" />
+	<target host="bso4.me" />
+	<target host="bsocl.com" />
+	<target host="bsoj.co" />
+	<target host="bspan.org" />
+	<target host="bspk.me" />
+	<target host="bspkedu.com" />
+	<target host="bspoke.pl" />
+	<target host="bsqi.fr" />
+	<target host="bsr.life" />
+	<target host="bsr4ksandi.ml" />
+	<target host="bsre.co" />
+	<target host="bsrhd.ml" />
+	<target host="bsrhr.ml" />
+	<target host="bsrlndihd.ml" />
+	<target host="bsru.me" />
+	<target host="bss.tips" />
+	<target host="bss.to" />
+	<target host="bssl.es" />
+	<target host="bssrush.co" />
+	<target host="bstanton.co" />
+	<target host="bstblu.es" />
+	<target host="bsteg.me" />
+	<target host="bstn.to" />
+	<target host="bstry.nl" />
+	<target host="bstsf.co" />
+	<target host="bsub.co" />
+	<target host="bsudol.com" />
+	<target host="bsuk.co" />
+	<target host="bsun.md" />
+	<target host="bsw.li" />
+	<target host="bsym.pl" />
+	<target host="bt.abbamboo.com" />
+	<target host="bt.allasys.com" />
+	<target host="bt.aspr.gr" />
+	<target host="bt.dennymfg.com" />
+	<target host="bt.e2sms.com.au" />
+	<target host="bt.gd" />
+	<target host="bt.grip.events" />
+	<target host="bt.mann.so" />
+	<target host="bt.mcubed.gr" />
+	<target host="bt.me" />
+	<target host="bt.movie" />
+	<target host="bt.robdyke.com" />
+	<target host="bt.sunward-t.jp" />
+	<target host="bt.zamartz.com" />
+	<target host="btac.es" />
+	<target host="btag.club" />
+	<target host="btaud.io" />
+	<target host="btbaggers.com" />
+	<target host="btbr.ca" />
+	<target host="btbrepresent.me" />
+	<target host="btbu.co" />
+	<target host="btc.click" />
+	<target host="btc.com.se" />
+	<target host="btc.gb.net" />
+	<target host="btc.geek.nz" />
+	<target host="btc.gen.nz" />
+	<target host="btc.maison" />
+	<target host="btc.school.nz" />
+	<target host="btccpag.es" />
+	<target host="btcnews.co" />
+	<target host="btco.nf" />
+	<target host="btd.sg" />
+	<target host="bthrd.co" />
+	<target host="btig.co" />
+	<target host="btinfo.co" />
+	<target host="btivi.cf" />
+	<target host="btl.celeborn.de" />
+	<target host="btl.st" />
+	<target host="btl.today" />
+	<target host="btlbx.co" />
+	<target host="btlm.co" />
+	<target host="btmt.in" />
+	<target host="btn.gs" />
+	<target host="btn.sx" />
+	<target host="btnhd.com" />
+	<target host="btnhl.net" />
+	<target host="btnt.co" />
+	<target host="btot.promo" />
+	<target host="btp.co" />
+	<target host="btpblog.tk" />
+	<target host="btpne.ws" />
+	<target host="btr-link.info" />
+	<target host="btr.io" />
+	<target host="btrandol.ph" />
+	<target host="btree.info" />
+	<target host="btrman.me" />
+	<target host="btru.org" />
+	<target host="btsbv-2017.gq" />
+	<target host="btsco.de" />
+	<target host="btslinger.ie" />
+	<target host="btsmag.co" />
+	<target host="btth.me" />
+	<target host="bttrga.us" />
+	<target host="btvn.club" />
+	<target host="btvn.us" />
+	<target host="btw.bz" />
+	<target host="btwx.co" />
+	<target host="btx.wtf" />
+	<target host="btyl.sh" />
+	<target host="btyrd.de" />
+	<target host="bu-ly.com" />
+	<target host="bub.to" />
+	<target host="buckngoodti.me" />
+	<target host="budakbdg.ml" />
+	<target host="buddytv.us" />
+	<target host="bude.co" />
+	<target host="budy.ml" />
+	<target host="bueagl.es" />
+	<target host="buen.co" />
+	<target host="bueno.bz" />
+	<target host="buf.me" />
+	<target host="buff.ly" />
+	<target host="buffs.me" />
+	<target host="bug.me" />
+	<target host="bugg.space" />
+	<target host="bugs.ga" />
+	<target host="build.al" />
+	<target host="buitr.es" />
+	<target host="bukl.pk" />
+	<target host="buku.press" />
+	<target host="bul.tn" />
+	<target host="bulekno.ws" />
+	<target host="bulger.co" />
+	<target host="bulli.es" />
+	<target host="bulls.one" />
+	<target host="bulmer.info" />
+	<target host="bulu.io" />
+	<target host="bumbum.shop" />
+	<target host="bump.land" />
+	<target host="bun.bz" />
+	<target host="bun.live" />
+	<target host="bunc.ee" />
+	<target host="bundb.li" />
+	<target host="bunnimp.tk" />
+	<target host="bunyo.ro" />
+	<target host="buoy.bz" />
+	<target host="bupa2017.com" />
+	<target host="burak.ga" />
+	<target host="burden.in" />
+	<target host="burger2.me" />
+	<target host="burgerd.ag" />
+	<target host="burgerhou.tj" />
+	<target host="burly.me" />
+	<target host="burnab.it" />
+	<target host="burning.house" />
+	<target host="buro.im" />
+	<target host="burtguul.me" />
+	<target host="burum.link" />
+	<target host="bush.ly" />
+	<target host="bushi.es" />
+	<target host="busimod.com" />
+	<target host="busk.rs" />
+	<target host="busmag.mu" />
+	<target host="bust.li" />
+	<target host="busug.ml" />
+	<target host="buswk.co" />
+	<target host="butler.jetzt" />
+	<target host="butler.software" />
+	<target host="butrfli.es" />
+	<target host="butt.onl" />
+	<target host="butters.life" />
+	<target host="buttmun.ch" />
+	<target host="buy.aia.ag" />
+	<target host="buy.aplin.co.ke" />
+	<target host="buy.likefuck.ru" />
+	<target host="buy.narine.jp" />
+	<target host="buy.pcpro.co.uk" />
+	<target host="buyabook.shop" />
+	<target host="buyace.us" />
+	<target host="buyagile.com" />
+	<target host="buyatak.gq" />
+	<target host="buybe.at" />
+	<target host="buybitcoina.co" />
+	<target host="buybitcoinww.co" />
+	<target host="buyez.co" />
+	<target host="buyf.it" />
+	<target host="buyhom.es" />
+	<target host="buyitnow.at" />
+	<target host="buylclsol.club" />
+	<target host="buyorl.ist" />
+	<target host="buyric.co" />
+	<target host="buysaf.es" />
+	<target host="buythebook.at" />
+	<target host="buytitan.me" />
+	<target host="buyvinyl.co" />
+	<target host="buz.by" />
+	<target host="buzn1029.fm" />
+	<target host="buzz.do" />
+	<target host="buzz.gt" />
+	<target host="buzz.ky" />
+	<target host="buzzaldr.in" />
+	<target host="buzzapi.eu" />
+	<target host="buzzs.me" />
+	<target host="bv.city" />
+	<target host="bv.ms" />
+	<target host="bva-tube.ga" />
+	<target host="bvan.me" />
+	<target host="bvc.me" />
+	<target host="bvmw.info" />
+	<target host="bvogt.us" />
+	<target host="bvrs.us" />
+	<target host="bvue.co" />
+	<target host="bw-ce.com" />
+	<target host="bw.sg" />
+	<target host="bw.social" />
+	<target host="bw1.co" />
+	<target host="bwat.co" />
+	<target host="bway.world" />
+	<target host="bwbridgesrv.com" />
+	<target host="bwc.io" />
+	<target host="bwd.school" />
+	<target host="bweave.me" />
+	<target host="bwfd.be" />
+	<target host="bwgos.com" />
+	<target host="bwick.org" />
+	<target host="bwj.fyi" />
+	<target host="bwkf.shop" />
+	<target host="bwknr.me" />
+	<target host="bwll.co" />
+	<target host="bwne.ws" />
+	<target host="bwnews.pr" />
+	<target host="bwood.io" />
+	<target host="bwortman.us" />
+	<target host="bwp.builders" />
+	<target host="bwrk.pm" />
+	<target host="bwry.co" />
+	<target host="bws.re" />
+	<target host="bwywrong.co" />
+	<target host="bxboy.com" />
+	<target host="bxbx.us" />
+	<target host="bxffc.bz" />
+	<target host="bxhd.me" />
+	<target host="bxs.link" />
+	<target host="bxtr.us" />
+	<target host="by.12sm.us" />
+	<target host="by.adg.ru" />
+	<target host="by.aug.st" />
+	<target host="by.e-deco.org" />
+	<target host="by.eslamoda.com" />
+	<target host="by.hironozu.com" />
+	<target host="by.jmbfilms.de" />
+	<target host="by.jrl.nyc" />
+	<target host="by.leog.me" />
+	<target host="by.marshkev.in" />
+	<target host="by.mediatica.co" />
+	<target host="by.monah.ch" />
+	<target host="by.oligney.com" />
+	<target host="by.redstift.com" />
+	<target host="by.rstana.sk" />
+	<target host="by.seno.me" />
+	<target host="by.setaylor.net" />
+	<target host="by.sjm.us" />
+	<target host="by.taryo.net" />
+	<target host="by.ungarn.news" />
+	<target host="by.virginia.edu" />
+	<target host="by.wss.com.ve" />
+	<target host="by.yowa.re" />
+	<target host="by.zedbloc.com" />
+	<target host="byandlar.ge" />
+	<target host="byb.li" />
+	<target host="bybox.co" />
+	<target host="bycoin.ga" />
+	<target host="byd.tl" />
+	<target host="byg.me" />
+	<target host="byjoe.ws" />
+	<target host="byjp.me" />
+	<target host="bykr.us" />
+	<target host="bymia.be" />
+	<target host="bymobi.us" />
+	<target host="byn.rocks" />
+	<target host="bynd.ie" />
+	<target host="bynd.link" />
+	<target host="bypri.tk" />
+	<target host="byr.at" />
+	<target host="byrory.me" />
+	<target host="byta.co" />
+	<target host="bytea.co.uk" />
+	<target host="bzbz.ca" />
+	<target host="bzcweb.com" />
+	<target host="bzfd.it" />
+	<target host="bzizzle.pw" />
+	<target host="bzng.us" />
+	<target host="bznk.it" />
+	<target host="bzo.rocks" />
+	<target host="bzq.io" />
+	<target host="bzsu.co" />
+	<target host="bzy.sh" />
+	<target host="bzzbm.co" />
+	<target host="bzzm.ch" />
+	<target host="bzzz.in" />
+	<target host="c--m.tk" />
+	<target host="c-and-a.ca" />
+	<target host="c-bake.com" />
+	<target host="c-bd.uk" />
+	<target host="c-bu.me" />
+	<target host="c-cargus.co" />
+	<target host="c-cg.uk" />
+	<target host="c-ch.co" />
+	<target host="c-i.io" />
+	<target host="c-it.co" />
+	<target host="c-j.fr" />
+	<target host="c-js.co.uk" />
+	<target host="c-js.info" />
+	<target host="c-js.uk" />
+	<target host="c-sky.org" />
+	<target host="c-tree.com" />
+	<target host="c-wrk.mx" />
+	<target host="c-z.us" />
+	<target host="c.antilop.org" />
+	<target host="c.appasset.site" />
+	<target host="c.aprilsteve.us" />
+	<target host="c.arthur.life" />
+	<target host="c.bako.com" />
+	<target host="c.barrel.im" />
+	<target host="c.bgent.net" />
+	<target host="c.bielous.eu" />
+	<target host="c.biz-study.com" />
+	<target host="c.bonyana.com" />
+	<target host="c.bonyana.ir" />
+	<target host="c.brapp.tv" />
+	<target host="c.cadihsc.com" />
+	<target host="c.cluetivity.co" />
+	<target host="c.co2.web.id" />
+	<target host="c.cogdill.co" />
+	<target host="c.cooc.nl" />
+	<target host="c.cps.fm" />
+	<target host="c.cupoes.online" />
+	<target host="c.delsonmoo.com" />
+	<target host="c.egeka.nl" />
+	<target host="c.exah.ru" />
+	<target host="c.foth.me" />
+	<target host="c.france.st" />
+	<target host="c.gatech.edu" />
+	<target host="c.genetsis.com" />
+	<target host="c.hall.work" />
+	<target host="c.haq.de" />
+	<target host="c.hocol.at" />
+	<target host="c.hris.me" />
+	<target host="c.inal.info" />
+	<target host="c.itjazz.ru" />
+	<target host="c.jcw.me" />
+	<target host="c.jimophoto.com" />
+	<target host="c.jow.so" />
+	<target host="c.koda.li" />
+	<target host="c.kyapiy.com" />
+	<target host="c.kyl.cl" />
+	<target host="c.livebrain.com" />
+	<target host="c.mateoc.com" />
+	<target host="c.mms.fit" />
+	<target host="c.mobite.net" />
+	<target host="c.mycta.net" />
+	<target host="c.nac.ca" />
+	<target host="c.navs.me" />
+	<target host="c.netcampos.com" />
+	<target host="c.npk.io" />
+	<target host="c.olstrom.com" />
+	<target host="c.pavan.com" />
+	<target host="c.pratikpa.tel" />
+	<target host="c.pwm.cc" />
+	<target host="c.ronz.io" />
+	<target host="c.rwa.me" />
+	<target host="c.sdbx.co" />
+	<target host="c.seanooi.com" />
+	<target host="c.sekeha.com" />
+	<target host="c.snownavi.jp" />
+	<target host="c.sow.bio" />
+	<target host="c.t2o.es" />
+	<target host="c.tknzk.net" />
+	<target host="c.velvet.social" />
+	<target host="c.viens.ca" />
+	<target host="c0.dk" />
+	<target host="c00l.cc" />
+	<target host="c0l0ok.ml" />
+	<target host="c0re.co" />
+	<target host="c101.co" />
+	<target host="c15.oaug.org" />
+	<target host="c1ay.me" />
+	<target host="c1d.uk" />
+	<target host="c1n3m4.ml" />
+	<target host="c1nkc4y.ml" />
+	<target host="c2.jam.net.ve" />
+	<target host="c22.co" />
+	<target host="c24.com.au" />
+	<target host="c24.io" />
+	<target host="c26.co" />
+	<target host="c2b.me" />
+	<target host="c2day.org" />
+	<target host="c2dy.com" />
+	<target host="c2s.bz" />
+	<target host="c2u.de" />
+	<target host="c2v.co" />
+	<target host="c35mm.com" />
+	<target host="c360.io" />
+	<target host="c3kmot.ml" />
+	<target host="c3l3ngkok.ga" />
+	<target host="c3p.me" />
+	<target host="c3t0n.ml" />
+	<target host="c4d3d.com" />
+	<target host="c4me.us" />
+	<target host="c4ngkelwa3.ml" />
+	<target host="c4p.link" />
+	<target host="c4vi.me" />
+	<target host="c5.dsuk.uk" />
+	<target host="c8v.tv" />
+	<target host="c90.us" />
+	<target host="c9s.us" />
+	<target host="ca-n.in" />
+	<target host="ca.jubilo.ca" />
+	<target host="ca.town" />
+	<target host="ca10.us" />
+	<target host="caanz.store" />
+	<target host="cabel.as" />
+	<target host="cabi.bike" />
+	<target host="cabl.i.ng" />
+	<target host="cablax.ml" />
+	<target host="caboo.st" />
+	<target host="cabot.co" />
+	<target host="cabr.us" />
+	<target host="cac.c-nuage.jp" />
+	<target host="cac.social" />
+	<target host="cache22.net" />
+	<target host="cachi.media" />
+	<target host="cacm.life" />
+	<target host="caco.me" />
+	<target host="cacou.cc" />
+	<target host="cada.at" />
+	<target host="cadso.co" />
+	<target host="caduceus.me" />
+	<target host="cadzow.net.au" />
+	<target host="cafeb.im" />
+	<target host="caffo.link" />
+	<target host="cafrb.us" />
+	<target host="cafun.do" />
+	<target host="cageit.us" />
+	<target host="cagrus.co" />
+	<target host="cahaya4k.ml" />
+	<target host="cahnauctions.ch" />
+	<target host="cahver170417.ml" />
+	<target host="cainth.us" />
+	<target host="caio.tips" />
+	<target host="caiop.me" />
+	<target host="caireinc.io" />
+	<target host="cairfax.tk" />
+	<target host="caisse.me" />
+	<target host="cajamar.info" />
+	<target host="cake.ly" />
+	<target host="cakedecmag.uk" />
+	<target host="cakepdx.co" />
+	<target host="cakt.us" />
+	<target host="cal.md" />
+	<target host="cal.ms" />
+	<target host="cal.network" />
+	<target host="cal.news" />
+	<target host="cal28.it" />
+	<target host="cal99.ga" />
+	<target host="calbea.rs" />
+	<target host="calbt.co" />
+	<target host="calc.gq" />
+	<target host="calctrade.link" />
+	<target host="caldy.me" />
+	<target host="calhist.me" />
+	<target host="caliber.re" />
+	<target host="calivs.com" />
+	<target host="calix.io" />
+	<target host="callat.io" />
+	<target host="callc.works" />
+	<target host="called2.be" />
+	<target host="calledjona.de" />
+	<target host="callertim.es" />
+	<target host="callig.me" />
+	<target host="callo.ws" />
+	<target host="callr.ca" />
+	<target host="callum.in" />
+	<target host="callum.pro" />
+	<target host="calm.ac" />
+	<target host="calm.by" />
+	<target host="calm.li" />
+	<target host="calrep.ly" />
+	<target host="calsh.uk" />
+	<target host="calsi.us" />
+	<target host="calvar.io" />
+	<target host="calvert.cloud" />
+	<target host="calvert.guru" />
+	<target host="calvin.sh" />
+	<target host="calvinize.com" />
+	<target host="calyos.cool" />
+	<target host="camb.li" />
+	<target host="camb.ma" />
+	<target host="camb.ro" />
+	<target host="cambr.co" />
+	<target host="camcit.co" />
+	<target host="camden.pt" />
+	<target host="camerahou.se" />
+	<target host="camino.gl" />
+	<target host="camino.life" />
+	<target host="camisas.vip" />
+	<target host="camlinker.co" />
+	<target host="camn.is" />
+	<target host="campanda.io" />
+	<target host="campbestiv.al" />
+	<target host="campingmag.uk" />
+	<target host="camptl.ca" />
+	<target host="camr.in" />
+	<target host="camrn.me" />
+	<target host="camt.me" />
+	<target host="camw.me" />
+	<target host="can-v.as" />
+	<target host="can.fm" />
+	<target host="cana.li" />
+	<target host="canaan.nets.hk" />
+	<target host="canadating.ga" />
+	<target host="canah.life" />
+	<target host="canalpag.es" />
+	<target host="cancel.im" />
+	<target host="cancercoun.cl" />
+	<target host="cancerslay.in" />
+	<target host="candc.ly" />
+	<target host="candi.ly" />
+	<target host="candi.ws" />
+	<target host="candiag.ca" />
+	<target host="candiangeo.info" />
+	<target host="candicecuo.co" />
+	<target host="candy.do" />
+	<target host="candyey.es" />
+	<target host="canepa.eu" />
+	<target host="cangkudu.ml" />
+	<target host="canidj.com.br" />
+	<target host="canna.cx" />
+	<target host="canonistas.eu" />
+	<target host="canpur.pl" />
+	<target host="cans.ec" />
+	<target host="canscipub.com" />
+	<target host="cantal.top" />
+	<target host="cantix.ml" />
+	<target host="canva.link" />
+	<target host="canvsp.com" />
+	<target host="cap.af" />
+	<target host="cap.st" />
+	<target host="cap3.co" />
+	<target host="capa.ltd" />
+	<target host="capacitar.se" />
+	<target host="capatholo.gy" />
+	<target host="capbea.st" />
+	<target host="capi.tl" />
+	<target host="capital.one" />
+	<target host="capitan.in" />
+	<target host="capitulo.tk" />
+	<target host="capl.es" />
+	<target host="capmo.co" />
+	<target host="capp.ai" />
+	<target host="capp.st" />
+	<target host="capprey.com" />
+	<target host="capr.io" />
+	<target host="caps.bz" />
+	<target host="capsu.la" />
+	<target host="captl1.co" />
+	<target host="caq.la" />
+	<target host="car-calc.org" />
+	<target host="car.gy" />
+	<target host="caraa.co" />
+	<target host="carafun.id" />
+	<target host="caravan.ma" />
+	<target host="carbodyshop.org" />
+	<target host="carbonshar.es" />
+	<target host="carbyr.uk" />
+	<target host="card.buv.edu.vn" />
+	<target host="card.cm" />
+	<target host="cardcash.co" />
+	<target host="cardgno.me" />
+	<target host="cardoni.link" />
+	<target host="cardoza.link" />
+	<target host="caree.io" />
+	<target host="careem.me" />
+	<target host="careeren.li" />
+	<target host="careint.uk" />
+	<target host="carepnt.health" />
+	<target host="careu21.gq" />
+	<target host="cargom.tc" />
+	<target host="carinhas.de" />
+	<target host="carit.as" />
+	<target host="carl.guru" />
+	<target host="carl.st" />
+	<target host="carlos.gq" />
+	<target host="carlos.me" />
+	<target host="carlospuech.org" />
+	<target host="carlsed.com" />
+	<target host="carlson.pspr.fi" />
+	<target host="carlward.co" />
+	<target host="carmd.ml" />
+	<target host="carmndv.us" />
+	<target host="carnapi.es" />
+	<target host="carnegie.io" />
+	<target host="carnet.ec" />
+	<target host="caro.sl" />
+	<target host="carolhin.es" />
+	<target host="carolkurth.com" />
+	<target host="carolstre.am" />
+	<target host="carolynvs.com" />
+	<target host="carpag.es" />
+	<target host="carrabb.as" />
+	<target host="carrecoutu.re" />
+	<target host="carrick.us" />
+	<target host="carrielle.co" />
+	<target host="carrot.cr" />
+	<target host="carsgui.de" />
+	<target host="carswell.in" />
+	<target host="cart.mn" />
+	<target host="cartaoluiza.biz" />
+	<target host="cartaovb.com" />
+	<target host="cartbliss.co" />
+	<target host="cartoleir.us" />
+	<target host="carul.li" />
+	<target host="caruso.ly" />
+	<target host="carya.gr" />
+	<target host="cas105.nl" />
+	<target host="casaameri.ca" />
+	<target host="casacv.me" />
+	<target host="casalink.nl" />
+	<target host="casam.at" />
+	<target host="casashout.com" />
+	<target host="caseye.co" />
+	<target host="casfri.co" />
+	<target host="cash.isbest.org" />
+	<target host="cashco.co" />
+	<target host="cashflowtv.info" />
+	<target host="casho.ws" />
+	<target host="casinova.com" />
+	<target host="casio.link" />
+	<target host="casiowatch.es" />
+	<target host="cask.to" />
+	<target host="casmussoc.eu" />
+	<target host="casop.xyz" />
+	<target host="casp.io" />
+	<target host="casr.me" />
+	<target host="cass.ee" />
+	<target host="casseta.me" />
+	<target host="castasi.de" />
+	<target host="cata.ltd" />
+	<target host="cata.ly" />
+	<target host="catbanks.co" />
+	<target host="catch.pt" />
+	<target host="catchad.es" />
+	<target host="catchvinyl.com" />
+	<target host="catetan.ml" />
+	<target host="cath.lc" />
+	<target host="cathext.in" />
+	<target host="catho.me" />
+	<target host="catholicphx.com" />
+	<target host="catmag.us" />
+	<target host="catnrvn.co" />
+	<target host="catsbway.co" />
+	<target host="catshive.com" />
+	<target host="catt.wtf" />
+	<target host="catup.pw" />
+	<target host="cauble.us" />
+	<target host="caupona.nl" />
+	<target host="causa.men" />
+	<target host="causa.ws" />
+	<target host="cause.ly" />
+	<target host="cauv.in" />
+	<target host="cav.buzz" />
+	<target host="cavalea.co" />
+	<target host="cave.mn" />
+	<target host="caveman.team" />
+	<target host="cavfarms.ca" />
+	<target host="cavi.xyz" />
+	<target host="cavir.in" />
+	<target host="caw.st" />
+	<target host="caxi.am" />
+	<target host="cayaya.info" />
+	<target host="cb.com" />
+	<target host="cb2.co" />
+	<target host="cb8.me" />
+	<target host="cba.co" />
+	<target host="cba.im" />
+	<target host="cba.li" />
+	<target host="cbc.cm" />
+	<target host="cbc.social" />
+	<target host="cbdr.se" />
+	<target host="cbell.in" />
+	<target host="cbet.ly" />
+	<target host="cbfp.eu" />
+	<target host="cbgb.link" />
+	<target host="cbi.vc" />
+	<target host="cbilabs.org" />
+	<target host="cbiz.us" />
+	<target host="cbj.co" />
+	<target host="cbj.mn" />
+	<target host="cbla.st" />
+	<target host="cble.co" />
+	<target host="cblelabs.co" />
+	<target host="cbnd.me" />
+	<target host="cbnt.it" />
+	<target host="cbolt.art" />
+	<target host="cboo.st" />
+	<target host="cbpr.link" />
+	<target host="cbrac.co" />
+	<target host="cbre.co" />
+	<target host="cbridge.to" />
+	<target host="cbro.co" />
+	<target host="cbro.info" />
+	<target host="cbs.to" />
+	<target host="cbscolle.ge" />
+	<target host="cbshe.com" />
+	<target host="cbshook.com" />
+	<target host="cbsi.am" />
+	<target host="cbsiuk.org" />
+	<target host="cbsloc.al" />
+	<target host="cbsmw.io" />
+	<target host="cbsn.ws" />
+	<target host="cbsprt.co" />
+	<target host="cbstr.fr" />
+	<target host="cbstv.tk" />
+	<target host="cbsys.me" />
+	<target host="cbt.gg" />
+	<target host="cbt.im" />
+	<target host="cbt.news" />
+	<target host="cbtpe.co" />
+	<target host="cbusfdn.org" />
+	<target host="cbwd.us" />
+	<target host="cbyr.art" />
+	<target host="cc.auto-time.su" />
+	<target host="cc.crosschx.com" />
+	<target host="cc.moticos.io" />
+	<target host="cc94.co" />
+	<target host="cca.click" />
+	<target host="cca1.co" />
+	<target host="ccar.co" />
+	<target host="ccb.li" />
+	<target host="ccbl.us" />
+	<target host="ccbrown.us" />
+	<target host="ccc.1n.pw" />
+	<target host="ccccwyo.com" />
+	<target host="cccdf.org" />
+	<target host="cccw.onl" />
+	<target host="cccwp.co" />
+	<target host="ccd.click" />
+	<target host="ccdc-usa.com" />
+	<target host="cceeresear.ch" />
+	<target host="ccef.co" />
+	<target host="ccefi.co" />
+	<target host="cceu.rocks" />
+	<target host="ccf15.ca" />
+	<target host="ccf16.ca" />
+	<target host="ccf17.ca" />
+	<target host="ccfgo.com" />
+	<target host="cch.house" />
+	<target host="cchh.fyi" />
+	<target host="cchicks.de" />
+	<target host="ccis.co" />
+	<target host="ccl.social" />
+	<target host="cclg.uk" />
+	<target host="cclinks.tk" />
+	<target host="cclw.us" />
+	<target host="ccmm.li" />
+	<target host="ccofgb.uk" />
+	<target host="ccompt.es" />
+	<target host="ccourl.com" />
+	<target host="ccr.so" />
+	<target host="ccrdog.us" />
+	<target host="ccrea.tv" />
+	<target host="ccrec.at" />
+	<target host="ccreq.com" />
+	<target host="ccrj.co" />
+	<target host="ccs.fyi" />
+	<target host="ccscaos.co.ve" />
+	<target host="ccsj.mx" />
+	<target host="cctea.ch" />
+	<target host="cctix.com" />
+	<target host="cctnft.ch" />
+	<target host="cctor.us" />
+	<target host="ccure.me" />
+	<target host="ccw.li" />
+	<target host="ccw.link" />
+	<target host="ccwed.me" />
+	<target host="ccycx.tk" />
+	<target host="cd.forro.top" />
+	<target host="cd.init.ai" />
+	<target host="cda.click" />
+	<target host="cda.li" />
+	<target host="cdabba.com" />
+	<target host="cdale.me" />
+	<target host="cdays.co" />
+	<target host="cdb.io" />
+	<target host="cdeg.me" />
+	<target host="cdf.capital" />
+	<target host="cdfx.us" />
+	<target host="cdgo.es" />
+	<target host="cdiari.es" />
+	<target host="cdig.co" />
+	<target host="cdils.me" />
+	<target host="cdk.co" />
+	<target host="cdly.nl" />
+	<target host="cdmag.net" />
+	<target host="cdmh.co" />
+	<target host="cdmx.it" />
+	<target host="cdn.agbr.com" />
+	<target host="cdn.bagus.my.id" />
+	<target host="cdown.me" />
+	<target host="cdphoto.us" />
+	<target host="cdr.im" />
+	<target host="cdrm.co" />
+	<target host="cdry.co" />
+	<target host="cdth.io" />
+	<target host="cdtl.ink" />
+	<target host="cdtlicio.us" />
+	<target host="cducsu.cc" />
+	<target host="cdvideo.org" />
+	<target host="cdyapp.co" />
+	<target host="cdzr.ly" />
+	<target host="ce.ccej.co.jp" />
+	<target host="ce.gs" />
+	<target host="ce.mnch.tk" />
+	<target host="ce2.io" />
+	<target host="ceapa.im" />
+	<target host="ceazari.info" />
+	<target host="ceban.ro" />
+	<target host="cec.gg" />
+	<target host="cecelepet.ml" />
+	<target host="ceci.li" />
+	<target host="cecp.me" />
+	<target host="cecy.co" />
+	<target host="cedar.agency" />
+	<target host="cedar.college" />
+	<target host="cedarcrest.fyi" />
+	<target host="cedrics.site" />
+	<target host="ceh.es" />
+	<target host="ceip.org" />
+	<target host="cejf.me" />
+	<target host="cejte.xyz" />
+	<target host="cekih4khd.ml" />
+	<target host="cektielhd.ml" />
+	<target host="celeb.bz" />
+	<target host="celebda.ch" />
+	<target host="celebr.in" />
+	<target host="celestolite.us" />
+	<target host="cellcon.co" />
+	<target host="cellio.co" />
+	<target host="celsi.cf" />
+	<target host="cem.vc" />
+	<target host="cemreg.us" />
+	<target host="cems.me" />
+	<target host="cen.as" />
+	<target host="cenccu.co" />
+	<target host="cenov.us" />
+	<target host="cent.lu" />
+	<target host="center28.eu" />
+	<target host="centerphl.org" />
+	<target host="centre.li" />
+	<target host="centro.gs" />
+	<target host="centro.media" />
+	<target host="centrohc.us" />
+	<target host="cents.life" />
+	<target host="cents.style" />
+	<target host="century.im" />
+	<target host="centuryhd.tk" />
+	<target host="cep.news" />
+	<target host="cepotdawala.ml" />
+	<target host="cerbonedui.com" />
+	<target host="cerec.education" />
+	<target host="ceronne.eu" />
+	<target host="certainty.cf" />
+	<target host="cesru.sc" />
+	<target host="cessle.me" />
+	<target host="cesu.sc" />
+	<target host="cesv.cz" />
+	<target host="cetarfx.ml" />
+	<target host="cetmag.org" />
+	<target host="cevnts.co" />
+	<target host="cf-ms.org" />
+	<target host="cfa.is" />
+	<target host="cfa.media" />
+	<target host="cfa.ms" />
+	<target host="cfaith.us" />
+	<target host="cfash.net" />
+	<target host="cfb.mx" />
+	<target host="cfbc.info" />
+	<target host="cfcb.me" />
+	<target host="cfcblu.es" />
+	<target host="cfdn.at" />
+	<target host="cfed.me" />
+	<target host="cferraro.us" />
+	<target host="cfimag.es" />
+	<target host="cfinewine.com" />
+	<target host="cfl.re" />
+	<target host="cflam.es" />
+	<target host="cflow.co" />
+	<target host="cflt.io" />
+	<target host="cfm.li" />
+	<target host="cfm.mobi" />
+	<target host="cfm.nom.co" />
+	<target host="cfmag.pics" />
+	<target host="cfohl.in" />
+	<target host="cfont.co" />
+	<target host="cfor.cc" />
+	<target host="cforca.cf" />
+	<target host="cforce.info" />
+	<target host="cfp.me" />
+	<target host="cfpp.me" />
+	<target host="cfs.center" />
+	<target host="cfsps.co" />
+	<target host="cfultz.com" />
+	<target host="cfun.cc" />
+	<target host="cfv.blog.br" />
+	<target host="cg.nu" />
+	<target host="cg4l.com" />
+	<target host="cgar.ch" />
+	<target host="cgar.us" />
+	<target host="cgcr.co" />
+	<target host="cgdc.co" />
+	<target host="cgdl.mx" />
+	<target host="cge.ms" />
+	<target host="cgil.co" />
+	<target host="cgilink.org" />
+	<target host="cgl.fyi" />
+	<target host="cgla.co" />
+	<target host="cglabs.us" />
+	<target host="cgne.ws" />
+	<target host="cgoo.se" />
+	<target host="cgp.cc" />
+	<target host="cgs.tools" />
+	<target host="cguild.net" />
+	<target host="cgul.co" />
+	<target host="cgy.xyz" />
+	<target host="ch.beck.de" />
+	<target host="ch.cahelpers.in" />
+	<target host="ch.dcpndsgn.com" />
+	<target host="ch.yaay.ch" />
+	<target host="ch4d.co" />
+	<target host="chafc.soccer" />
+	<target host="chaicdn.xyz" />
+	<target host="chaitan.me" />
+	<target host="chalkfest.us" />
+	<target host="challengep.ro" />
+	<target host="challi.es" />
+	<target host="chan.gl" />
+	<target host="chanelhd.ml" />
+	<target host="changemg.info" />
+	<target host="changinag.in" />
+	<target host="chank.me" />
+	<target host="chanks.co" />
+	<target host="channel-hd.ml" />
+	<target host="chap.li" />
+	<target host="chap.mn" />
+	<target host="chapel.dog" />
+	<target host="chaplin.fashion" />
+	<target host="chapma.nu" />
+	<target host="chapnick.tk" />
+	<target host="charb.ro" />
+	<target host="charis.ml" />
+	<target host="charmd.me" />
+	<target host="charmngrace.com" />
+	<target host="chart.recipes" />
+	<target host="chas.link" />
+	<target host="chassidy.co" />
+	<target host="chat.regroup.us" />
+	<target host="chat.timk.co" />
+	<target host="chath.am" />
+	<target host="chatme.link" />
+	<target host="chatterbon.es" />
+	<target host="chatterta.in" />
+	<target host="chattfun.com" />
+	<target host="chb.li" />
+	<target host="chbk.me" />
+	<target host="chblog.us" />
+	<target host="chc.li" />
+	<target host="chclt.ch" />
+	<target host="chcmd.me" />
+	<target host="chdr.tv" />
+	<target host="chdrgtr.com" />
+	<target host="chdw.cc" />
+	<target host="che.gg" />
+	<target host="che1.in" />
+	<target host="check.fidor.de" />
+	<target host="chee.space" />
+	<target host="cheer.media" />
+	<target host="cheerm.ag" />
+	<target host="chef.run" />
+	<target host="chefjob.co" />
+	<target host="chelps.io" />
+	<target host="cheltfe.st" />
+	<target host="chem.ie" />
+	<target host="chem.rs" />
+	<target host="chen.cat" />
+	<target host="cheryl.at" />
+	<target host="cheshi.re" />
+	<target host="chessprep.com" />
+	<target host="chessurl.com" />
+	<target host="chevyta.lk" />
+	<target host="chew.dj" />
+	<target host="chew.se" />
+	<target host="chez.us" />
+	<target host="chf.bz" />
+	<target host="chf.to" />
+	<target host="chfi.cc" />
+	<target host="chford.us" />
+	<target host="chfs.me" />
+	<target host="chfstps.co" />
+	<target host="chfu.twgg.org" />
+	<target host="chg.bz" />
+	<target host="chgo.lol" />
+	<target host="chgobg.org" />
+	<target host="chgobrs.com" />
+	<target host="chi.mg" />
+	<target host="chibas.info" />
+	<target host="chibooth.biz" />
+	<target host="chic.kn" />
+	<target host="chicagodj.co" />
+	<target host="chicdfr.co" />
+	<target host="chichie.co" />
+	<target host="chief.sc" />
+	<target host="chief.si" />
+	<target host="chikara.cf" />
+	<target host="chil.ax" />
+	<target host="chil.cc" />
+	<target host="chil.is" />
+	<target host="child.so" />
+	<target host="chilearn.org" />
+	<target host="chilli.link" />
+	<target host="chillioferta.pl" />
+	<target host="chilmark.co" />
+	<target host="chim.pn" />
+	<target host="chimp.mx" />
+	<target host="chip.biz" />
+	<target host="chip.tl" />
+	<target host="chipdiz.us" />
+	<target host="chipg.info" />
+	<target host="chiplo.it" />
+	<target host="chiptanaka.work" />
+	<target host="chipvn.co" />
+	<target host="chiragv.in" />
+	<target host="chires.io" />
+	<target host="chiro.bz" />
+	<target host="chiro.link" />
+	<target host="chiron.link" />
+	<target host="chiros.us" />
+	<target host="chirp.ly" />
+	<target host="chisel.pm" />
+	<target host="chittr.tk" />
+	<target host="chix.im" />
+	<target host="chk.pt" />
+	<target host="chka.se" />
+	<target host="chkit.in" />
+	<target host="chkl.st" />
+	<target host="chkmrx.co" />
+	<target host="chkthisout.us" />
+	<target host="chkytr.us" />
+	<target host="chl.bz" />
+	<target host="chl.link" />
+	<target host="chldrn.org" />
+	<target host="chldrns.org" />
+	<target host="chlg.co" />
+	<target host="chlk.ch" />
+	<target host="chlmg.co" />
+	<target host="chlstowg.co" />
+	<target host="chmd.co" />
+	<target host="chmln.co" />
+	<target host="chmx.co" />
+	<target host="chn.ge" />
+	<target host="chn.wf" />
+	<target host="chnd.in" />
+	<target host="chndl.cc" />
+	<target host="chndlr.me" />
+	<target host="chndlrmcl.co" />
+	<target host="chnt.co" />
+	<target host="cho.lt" />
+	<target host="choc.lt" />
+	<target host="choc.to" />
+	<target host="chocobo.co" />
+	<target host="chococurb.me" />
+	<target host="choctaw.events" />
+	<target host="chod.zamenej.sk" />
+	<target host="choko.ml" />
+	<target host="chollo.cf" />
+	<target host="chollo.info" />
+	<target host="chollos.it" />
+	<target host="chollostb.info" />
+	<target host="chollotb.info" />
+	<target host="chongcraig.com" />
+	<target host="chop.es" />
+	<target host="chop.is" />
+	<target host="chore.cm" />
+	<target host="chortl.es" />
+	<target host="chost.co" />
+	<target host="chot.co" />
+	<target host="chp.click" />
+	<target host="chp.tl" />
+	<target host="chplan.us" />
+	<target host="chprd.co" />
+	<target host="chpskt.com" />
+	<target host="chpv.me" />
+	<target host="chpydbs.site" />
+	<target host="chr.us" />
+	<target host="chrch.uk" />
+	<target host="chrgtr.com" />
+	<target host="chri.co" />
+	<target host="chri.sk" />
+	<target host="chris.417it.com" />
+	<target host="chris.fyi" />
+	<target host="chrisc.es" />
+	<target host="chrisd.me" />
+	<target host="chrisdero.se" />
+	<target host="chrisegg.me" />
+	<target host="christophurl.co" />
+	<target host="christydan.com" />
+	<target host="chrisw.co" />
+	<target host="chrm.me" />
+	<target host="chrn.ga" />
+	<target host="chron.it" />
+	<target host="chron.xyz" />
+	<target host="chroni.cl" />
+	<target host="chronix.ml" />
+	<target host="chrs.be" />
+	<target host="chrsg.com" />
+	<target host="chrshnt.com" />
+	<target host="chrstphrswn.co" />
+	<target host="chs.cc" />
+	<target host="chscp.co" />
+	<target host="chse.uk" />
+	<target host="chsen.se" />
+	<target host="chspoho.co" />
+	<target host="chstwn.com" />
+	<target host="chsv.info" />
+	<target host="chsweb.me" />
+	<target host="cht.hm" />
+	<target host="cht.rs" />
+	<target host="chtmds.me" />
+	<target host="chto.me" />
+	<target host="chtp.co" />
+	<target host="chtra.in" />
+	<target host="chtv.me" />
+	<target host="chtz.info" />
+	<target host="chubgtr.me" />
+	<target host="chubit.travel" />
+	<target host="chucki.es" />
+	<target host="chud.gr" />
+	<target host="chudson.me" />
+	<target host="chvz.org" />
+	<target host="chw.ag" />
+	<target host="chweb.co" />
+	<target host="chwk.us" />
+	<target host="chzb.gr" />
+	<target host="chzs.tk" />
+	<target host="ci-intl.org" />
+	<target host="ciachef.be" />
+	<target host="ciand.cd" />
+	<target host="cib.li" />
+	<target host="cibo.cc" />
+	<target host="cicatricu.re" />
+	<target host="ciclo.me" />
+	<target host="cidsgn.co" />
+	<target host="ciel.im" />
+	<target host="ciems.uk" />
+	<target host="cif.as" />
+	<target host="cig.na" />
+	<target host="cig.rs" />
+	<target host="cih.one" />
+	<target host="ciker4khd.ml" />
+	<target host="cikohkol.ml" />
+	<target host="cila.co" />
+	<target host="cilantro.tv" />
+	<target host="cileuh.ml" />
+	<target host="cille.ro" />
+	<target host="cilo.la" />
+	<target host="cilukba.ml" />
+	<target host="cimbbank.sg" />
+	<target host="cimcum.tk" />
+	<target host="cimm.co" />
+	<target host="cin.ci" />
+	<target host="cincinnt.us" />
+	<target host="cindyk.me" />
+	<target host="cine.mn" />
+	<target host="cinem.ax" />
+	<target host="cinema4k.ml" />
+	<target host="cinemabest.ml" />
+	<target host="cinemahd.gq" />
+	<target host="cinemamov.ml" />
+	<target host="cinemapilot.ml" />
+	<target host="cinemax-tv.gq" />
+	<target host="cinemok.ml" />
+	<target host="cinemoz.co" />
+	<target host="cinlib.org" />
+	<target host="cinnf.org" />
+	<target host="cinplx.co" />
+	<target host="cins.ws" />
+	<target host="cinsp.in" />
+	<target host="cio.fyi" />
+	<target host="cionet.info" />
+	<target host="ciotti.cc" />
+	<target host="cipdz.ml" />
+	<target host="cipherbot.co" />
+	<target host="cipherlab.net" />
+	<target host="ciplus.top" />
+	<target host="cir.ziki.in" />
+	<target host="circle.ci" />
+	<target host="circle.co.nf" />
+	<target host="circlejtp.me" />
+	<target host="circus.bet" />
+	<target host="cirk.me" />
+	<target host="cirque.me" />
+	<target host="cisco.re" />
+	<target host="cisga.co.vu" />
+	<target host="cisn.co" />
+	<target host="cisnational.org" />
+	<target host="cit.ms" />
+	<target host="cit.tips" />
+	<target host="citaco.es" />
+	<target host="citely.cf" />
+	<target host="citgo.net" />
+	<target host="citgrd.co" />
+	<target host="citi.asia" />
+	<target host="citruk.ml" />
+	<target host="citv.ml" />
+	<target host="cityc.co" />
+	<target host="citychicre.com" />
+	<target host="citychsf.co" />
+	<target host="citycur.rent" />
+	<target host="citygrl.uk" />
+	<target host="citypo.lc" />
+	<target host="cityspy.rocks" />
+	<target host="civ.li" />
+	<target host="civic.tips" />
+	<target host="civicd.link" />
+	<target host="civicinsig.ht" />
+	<target host="civitatis.link" />
+	<target host="civlife.co" />
+	<target host="ciw.me" />
+	<target host="ciweb.co.uk" />
+	<target host="cjb.me" />
+	<target host="cjh.am" />
+	<target host="cjky.it" />
+	<target host="cjl.cx" />
+	<target host="cjmk.co" />
+	<target host="cjo.li" />
+	<target host="cjon.co" />
+	<target host="cjr.bz" />
+	<target host="cjreform.co" />
+	<target host="cjrlit.com" />
+	<target host="cjt.link" />
+	<target host="ck.camp" />
+	<target host="ck.ro" />
+	<target host="ckbe.at" />
+	<target host="ckc.mobi" />
+	<target host="ckclark.us" />
+	<target host="ckcuc.co" />
+	<target host="ckd.li" />
+	<target host="ckdis.co" />
+	<target host="cker.senta.me" />
+	<target host="ckerr.net" />
+	<target host="ckess.me" />
+	<target host="ckey.co" />
+	<target host="ckf.io" />
+	<target host="ckfio.info" />
+	<target host="ckforil.co" />
+	<target host="cki.io" />
+	<target host="ckjobs.us" />
+	<target host="ckla.us" />
+	<target host="cklph.com" />
+	<target host="ckm.bz" />
+	<target host="ckpd.to" />
+	<target host="ckrs.in" />
+	<target host="ckshi.org" />
+	<target host="cksm.co" />
+	<target host="ckte.co" />
+	<target host="cktls.xyz" />
+	<target host="ckyrc.co" />
+	<target host="ckys.info" />
+	<target host="cl.arvidson.nu" />
+	<target host="cl.atcs.ms" />
+	<target host="cl.gg" />
+	<target host="cl.ick.me" />
+	<target host="cl.ito-ya.co.jp" />
+	<target host="cl.marselo90.it" />
+	<target host="cl.oud.im" />
+	<target host="cl1.cx" />
+	<target host="claff.co" />
+	<target host="claim.disp.at" />
+	<target host="clairejd.me" />
+	<target host="claireshare.me" />
+	<target host="clar.in" />
+	<target host="clarity.link" />
+	<target host="clark.buzz" />
+	<target host="claro.tl" />
+	<target host="classicland.co" />
+	<target host="classp.as" />
+	<target host="clayte.ch" />
+	<target host="claytil.es" />
+	<target host="clb7.com" />
+	<target host="clbdnhh.com" />
+	<target host="clbrtr.com" />
+	<target host="clbs.bio" />
+	<target host="clck.fj0.ru" />
+	<target host="clck.ge" />
+	<target host="clck.info" />
+	<target host="cld.sg" />
+	<target host="cld.so" />
+	<target host="cld.yt" />
+	<target host="clda.co" />
+	<target host="cldbrr.net" />
+	<target host="cldcmp.us" />
+	<target host="cldkd.com" />
+	<target host="cldp.ly" />
+	<target host="clds.co" />
+	<target host="cldup.co" />
+	<target host="cldy.co" />
+	<target host="cle.clinic" />
+	<target host="cle.msba.org" />
+	<target host="cleanlakes.us" />
+	<target host="cleanopy.com" />
+	<target host="cleansmile.co" />
+	<target host="cleanupbrita.in" />
+	<target host="clearclu.es" />
+	<target host="clearpt.cc" />
+	<target host="clearsurvey.at" />
+	<target host="clearv.us" />
+	<target host="cleats.cc" />
+	<target host="clebrun.us" />
+	<target host="cleeng.it" />
+	<target host="cleg.al" />
+	<target host="clema.cc" />
+	<target host="cleopatr4khd.ml" />
+	<target host="cleoph.us" />
+	<target host="cler.ky" />
+	<target host="clever.ac" />
+	<target host="clg.tips" />
+	<target host="cli3k.me" />
+	<target host="clic.bz" />
+	<target host="clic.plq.org" />
+	<target host="clic.sc" />
+	<target host="clic.social" />
+	<target host="clicaki.ninja" />
+	<target host="click-link.ml" />
+	<target host="click-series.ml" />
+	<target host="click.buddy.im" />
+	<target host="click.d4h.org" />
+	<target host="click.ipfy.com" />
+	<target host="click.ml" />
+	<target host="click.vnote.hk" />
+	<target host="click.yng.sh" />
+	<target host="click237.com" />
+	<target host="click4info.com" />
+	<target host="click780p.ml" />
+	<target host="clickb.us" />
+	<target host="clickfoz.com" />
+	<target host="clickhere.ga" />
+	<target host="clickherenow.ml" />
+	<target host="clickho.st" />
+	<target host="clickinhere.ml" />
+	<target host="clickon.gq" />
+	<target host="clickonme.ml" />
+	<target host="clickto.site" />
+	<target host="clicktoplay.ml" />
+	<target host="clickus.ml" />
+	<target host="client.ffhub.uk" />
+	<target host="clientf.it" />
+	<target host="clif.fr" />
+	<target host="clifd.es" />
+	<target host="clik-showtv.ml" />
+	<target host="clikc.me" />
+	<target host="clikhere.ml" />
+	<target host="cliks.win" />
+	<target host="clill.me" />
+	<target host="clim.at" />
+	<target host="climate.wtf" />
+	<target host="climc.nl" />
+	<target host="clineamb.me" />
+	<target host="clinicto.cloud" />
+	<target host="clip-wizard.com" />
+	<target host="clipgen.com" />
+	<target host="clipmax.ml" />
+	<target host="clipp.club" />
+	<target host="cliq.vc" />
+	<target host="cliter.us" />
+	<target host="cljds.com" />
+	<target host="clk.ist" />
+	<target host="clk.msmart.me" />
+	<target host="clk.pin.plus" />
+	<target host="clk.pixellu.com" />
+	<target host="clk.so" />
+	<target host="clk.uno" />
+	<target host="clk.whatech.com" />
+	<target host="clkhr.club" />
+	<target host="clkit.us" />
+	<target host="clkon.us" />
+	<target host="clkra.in" />
+	<target host="clksmt.com" />
+	<target host="clkto.me" />
+	<target host="clkvrt.co" />
+	<target host="cllb.link" />
+	<target host="clld.me" />
+	<target host="cllp.co" />
+	<target host="clly.io" />
+	<target host="clm.im" />
+	<target host="clmpr.gs" />
+	<target host="clmr.us" />
+	<target host="clmtp.lc" />
+	<target host="cln.st" />
+	<target host="clnenergy.org" />
+	<target host="clni.st" />
+	<target host="clnpstr.com" />
+	<target host="clnq.co" />
+	<target host="cloc.al" />
+	<target host="cloc.us" />
+	<target host="clook.it" />
+	<target host="clop.be" />
+	<target host="cloudcoach.me" />
+	<target host="cloudiffic.co" />
+	<target host="cloudinco.me" />
+	<target host="cloudl.es" />
+	<target host="cloudl.ink" />
+	<target host="cloudmax.tw" />
+	<target host="cloudmnts.ca" />
+	<target host="cloudshep.co" />
+	<target host="cloudsquare.biz" />
+	<target host="clout.partners" />
+	<target host="clp.rs" />
+	<target host="clp.to" />
+	<target host="clpi.nl" />
+	<target host="clpn.co" />
+	<target host="clps.me" />
+	<target host="clptr.io" />
+	<target host="clpush.es" />
+	<target host="clq.be" />
+	<target host="clr.sh" />
+	<target host="clresnc.com" />
+	<target host="clrfnds.com" />
+	<target host="clrfyx.me" />
+	<target host="clrhd.com" />
+	<target host="clrkkv.in" />
+	<target host="clrkwlmt.co.uk" />
+	<target host="clrkwlmt.uk" />
+	<target host="clrw.gg" />
+	<target host="clsa.io" />
+	<target host="clsc.city" />
+	<target host="clsee.us" />
+	<target host="clsmat.es" />
+	<target host="clsndy.co" />
+	<target host="clss.link" />
+	<target host="clstrc.us" />
+	<target host="cltch.us" />
+	<target host="cltgrl.us" />
+	<target host="cltspok.es" />
+	<target host="cltv.at" />
+	<target host="cltvt.re" />
+	<target host="clubalpino.ga" />
+	<target host="clubic.cc" />
+	<target host="clubsoda.me" />
+	<target host="cluck.it" />
+	<target host="clujne.ws" />
+	<target host="clun.yt" />
+	<target host="cluse.io" />
+	<target host="clutchprep.co" />
+	<target host="clv.vin" />
+	<target host="clva.ca" />
+	<target host="clvr.fyi" />
+	<target host="clvr.li" />
+	<target host="clvrclp.cc" />
+	<target host="clx1.co" />
+	<target host="clxs.me" />
+	<target host="clyck.com.ar" />
+	<target host="clz.do" />
+	<target host="cm.22ndcm.com" />
+	<target host="cm.life" />
+	<target host="cm.meo.pt" />
+	<target host="cm.wbd.co.il" />
+	<target host="cma-2017.cf" />
+	<target host="cma.is" />
+	<target host="cmadq.quebec" />
+	<target host="cmag.to" />
+	<target host="cman.ga" />
+	<target host="cman.link" />
+	<target host="cmatch.me" />
+	<target host="cmb-p.com" />
+	<target host="cmbb.in" />
+	<target host="cmbd.com.mx" />
+	<target host="cmbp.hr" />
+	<target host="cmbr.us" />
+	<target host="cmbs.io" />
+	<target host="cmdf.us" />
+	<target host="cmdl.us" />
+	<target host="cmedl.in" />
+	<target host="cmf.li" />
+	<target host="cmfilm.co.uk" />
+	<target host="cmgventur.es" />
+	<target host="cmh.fyi" />
+	<target host="cmh.io" />
+	<target host="cmhig.in" />
+	<target host="cmich.ly" />
+	<target host="cmics.co" />
+	<target host="cmidocs.net" />
+	<target host="cmindscape.com" />
+	<target host="cmit.us" />
+	<target host="cmkra.us" />
+	<target host="cmllr.co" />
+	<target host="cmmr.legal" />
+	<target host="cmn.gd" />
+	<target host="cmnca.us" />
+	<target host="cmne.ws" />
+	<target host="cmnt.ca" />
+	<target host="cmnty.link" />
+	<target host="cmo.cm" />
+	<target host="cmod.me" />
+	<target host="cmon.co" />
+	<target host="cmout.lk" />
+	<target host="cmovie.co.vu" />
+	<target host="cmp.mn" />
+	<target host="cmp.ucsf.io" />
+	<target host="cmphr.link" />
+	<target host="cmplink.tk" />
+	<target host="cmplp.co" />
+	<target host="cmply.info" />
+	<target host="cmpny.co.uk" />
+	<target host="cmps.co" />
+	<target host="cmptch.ca" />
+	<target host="cmrose.ca" />
+	<target host="cmslc.nyc" />
+	<target host="cmsucks.co" />
+	<target host="cmswm.it" />
+	<target host="cmt.co.ve" />
+	<target host="cmtele.com" />
+	<target host="cmu.is" />
+	<target host="cmx.to" />
+	<target host="cmxl.gy" />
+	<target host="cna.asia" />
+	<target host="cnan.ca" />
+	<target host="cnb.cx" />
+	<target host="cncgroup.vn" />
+	<target host="cnch.ly" />
+	<target host="cnci.se" />
+	<target host="cncr.me" />
+	<target host="cncrt.tips" />
+	<target host="cncrtblg.gr" />
+	<target host="cncy.co" />
+	<target host="cneist.at" />
+	<target host="cnemax.ml" />
+	<target host="cnet.co" />
+	<target host="cnetes.co" />
+	<target host="cnflncr.me" />
+	<target host="cnfsd.co" />
+	<target host="cnfttave.co" />
+	<target host="cngf.co" />
+	<target host="cngi.in" />
+	<target host="cngo.gq" />
+	<target host="cnmlyt.in" />
+	<target host="cnn.it" />
+	<target host="cnn.jp" />
+	<target host="cnn.ph" />
+	<target host="cnnct.ch" />
+	<target host="cnnctth.ink" />
+	<target host="cnnmegamov.ml" />
+	<target host="cnnmon.ie" />
+	<target host="cnp.mn" />
+	<target host="cnps.jp" />
+	<target host="cnqr.us" />
+	<target host="cnrd.dk" />
+	<target host="cnrd.us" />
+	<target host="cnrg.link" />
+	<target host="cnsci.us" />
+	<target host="cnscio.us" />
+	<target host="cnsl.me" />
+	<target host="cnslt.biz" />
+	<target host="cnsm.ist" />
+	<target host="cnsns.us" />
+	<target host="cnsprt.one" />
+	<target host="cnsrvtv.cc" />
+	<target host="cnstrc.tv" />
+	<target host="cnsult.link" />
+	<target host="cnt.al" />
+	<target host="cnt.st" />
+	<target host="cntc.mx" />
+	<target host="cntd.es" />
+	<target host="cntme.co" />
+	<target host="cntnd.cc" />
+	<target host="cntnt.biz" />
+	<target host="cntp.in" />
+	<target host="cntr.ca" />
+	<target host="cntr.sc" />
+	<target host="cntrc.tv" />
+	<target host="cntrck.co" />
+	<target host="cntrct.co" />
+	<target host="cntrl.ca" />
+	<target host="cntz.nl" />
+	<target host="cnun.es" />
+	<target host="cnv.as" />
+	<target host="cnvr.cc" />
+	<target host="cnvr.co" />
+	<target host="cnvrt.it" />
+	<target host="cnxs.ca" />
+	<target host="cny.bz" />
+	<target host="cny.cl" />
+	<target host="cnyns.org" />
+	<target host="co-be.me" />
+	<target host="co-di.me" />
+	<target host="co-optim.us" />
+	<target host="co.atcs.ms" />
+	<target host="co.ncr.com" />
+	<target host="co.nnex.in" />
+	<target host="co.shoes" />
+	<target host="co.teamgnh.it" />
+	<target host="co.uscad.com" />
+	<target host="co119.co" />
+	<target host="co4ch.me" />
+	<target host="coache.net" />
+	<target host="coaching.co" />
+	<target host="coachup.me" />
+	<target host="coah.co" />
+	<target host="coainst.org" />
+	<target host="coatofar.ms" />
+	<target host="cob-sp.com" />
+	<target host="cobalt.pm" />
+	<target host="cobbinfo.us" />
+	<target host="cobbnews.us" />
+	<target host="cobbtech.us" />
+	<target host="cobbtips.us" />
+	<target host="cobbvantress.co" />
+	<target host="cobidakhoa.com" />
+	<target host="coby.io" />
+	<target host="cocate.ch" />
+	<target host="coci.io" />
+	<target host="cocol.is" />
+	<target host="cocolink.cc" />
+	<target host="cod.iglle.com" />
+	<target host="cod.sseu.re" />
+	<target host="code.travhk.com" />
+	<target host="codeassass.in" />
+	<target host="codeblue.pro" />
+	<target host="codecamp.co" />
+	<target host="codeco.link" />
+	<target host="codege.co" />
+	<target host="codeglitter.me" />
+	<target host="codeimprv.co" />
+	<target host="codemntr.io" />
+	<target host="codest.ag" />
+	<target host="codeu.rs" />
+	<target host="codewithdan.me" />
+	<target host="codm.info" />
+	<target host="coe.im" />
+	<target host="coej.eu" />
+	<target host="cof.lu" />
+	<target host="cof.red" />
+	<target host="cofbean.me" />
+	<target host="cog.is" />
+	<target host="cog.tips" />
+	<target host="cog.to" />
+	<target host="cogh.land" />
+	<target host="coglik.es" />
+	<target host="cogmcr.uk" />
+	<target host="cogniz.at" />
+	<target host="cogo.mx" />
+	<target host="cogxr.co" />
+	<target host="coh.link" />
+	<target host="cohealth.co" />
+	<target host="cohor.se" />
+	<target host="cohub.co" />
+	<target host="coinde.sk" />
+	<target host="coinsrc.co" />
+	<target host="cokdol.ml" />
+	<target host="cokli.ml" />
+	<target host="cokorzbr4khd.ml" />
+	<target host="col.ckbe.at" />
+	<target host="col.ma" />
+	<target host="coldb.us" />
+	<target host="coldt.co" />
+	<target host="colehaan.io" />
+	<target host="colen4k.ml" />
+	<target host="colenak.ml" />
+	<target host="coleyurl.com" />
+	<target host="colinize.me" />
+	<target host="colinow.xyz" />
+	<target host="colins.link" />
+	<target host="coll.coach" />
+	<target host="coll.ec" />
+	<target host="collabwrshp.com" />
+	<target host="colldoc.co" />
+	<target host="colleen.in" />
+	<target host="colleen.link" />
+	<target host="colleeneakns.me" />
+	<target host="colleg.in" />
+	<target host="collik.es" />
+	<target host="collinz.co" />
+	<target host="collis.in" />
+	<target host="colomtn.me" />
+	<target host="color.idea.org" />
+	<target host="colorma.ge" />
+	<target host="colotti.me" />
+	<target host="colr.tv" />
+	<target host="colrme.club" />
+	<target host="colrs.us" />
+	<target host="colstudio.ca" />
+	<target host="colwares.link" />
+	<target host="com.denoray.com" />
+	<target host="com.municat.to" />
+	<target host="com.nae.fr" />
+	<target host="coma.la" />
+	<target host="coma.ma" />
+	<target host="comabhishek.tk" />
+	<target host="comae.tech" />
+	<target host="comba.us.to" />
+	<target host="combell.link" />
+	<target host="comca.st" />
+	<target host="comchap.me" />
+	<target host="comeatbro.me" />
+	<target host="comeya.online" />
+	<target host="comfy.us" />
+	<target host="cominm.ag" />
+	<target host="coml.ml" />
+	<target host="comm-t.ec" />
+	<target host="commcoach.tips" />
+	<target host="commm.link" />
+	<target host="commsr.us" />
+	<target host="communi.gift" />
+	<target host="community.sh" />
+	<target host="commvau.lt" />
+	<target host="comni.co" />
+	<target host="companis.to" />
+	<target host="comparaho.tel" />
+	<target host="completa.ml" />
+	<target host="completo-hd.ml" />
+	<target host="completo.ml" />
+	<target host="completos.cf" />
+	<target host="completoz.ml" />
+	<target host="complexd.blog" />
+	<target host="compre-no.site" />
+	<target host="compre.xyz" />
+	<target host="compreaqui.me" />
+	<target host="comprodr.pl" />
+	<target host="coms.agency" />
+	<target host="comsen.se" />
+	<target host="comture365.ml" />
+	<target host="comv.co" />
+	<target host="con.ai" />
+	<target host="con.omarrey.es" />
+	<target host="con4khd.ml" />
+	<target host="conab.ly" />
+	<target host="conbx.com" />
+	<target host="concil.io" />
+	<target host="concise.info" />
+	<target host="concordia.tech" />
+	<target host="condo.lu" />
+	<target host="condorcycl.es" />
+	<target host="cone.beer" />
+	<target host="cone.news" />
+	<target host="conf.kubi.me" />
+	<target host="confettik.it" />
+	<target host="confy.do" />
+	<target host="congalacon.ga" />
+	<target host="congcot69.ga" />
+	<target host="conlawcrusa.de" />
+	<target host="connectaa.co" />
+	<target host="connectis.info" />
+	<target host="conns.ie" />
+	<target host="conny.cc" />
+	<target host="conny.co" />
+	<target host="conradresear.ch" />
+	<target host="conscious.to" />
+	<target host="consclass.eu" />
+	<target host="conser.ro" />
+	<target host="conserve.sc" />
+	<target host="conso.baby" />
+	<target host="conso.rs" />
+	<target host="construy.es" />
+	<target host="cont.lu" />
+	<target host="conta.cc" />
+	<target host="conta.co" />
+	<target host="contactual.ly" />
+	<target host="contactually.me" />
+	<target host="contiki.co" />
+	<target host="contr4khd.ml" />
+	<target host="contrarycook.me" />
+	<target host="contrast.ly" />
+	<target host="contz.co" />
+	<target host="conurl.de" />
+	<target host="conv.me" />
+	<target host="converup.com" />
+	<target host="convn.org" />
+	<target host="convo.click" />
+	<target host="convo.im" />
+	<target host="convt.co" />
+	<target host="coo.ph" />
+	<target host="coocaa.ml" />
+	<target host="cook.ba" />
+	<target host="cook.meali.me" />
+	<target host="cookbt.es" />
+	<target host="cooks.io" />
+	<target host="cooksco.uk" />
+	<target host="coolb.lu" />
+	<target host="coolhead.tech" />
+	<target host="coolnyc.info" />
+	<target host="coolscul.pt" />
+	<target host="coolshirt.xyz" />
+	<target host="coop.bb" />
+	<target host="coop.uk" />
+	<target host="cooper.vc" />
+	<target host="coopstats.com" />
+	<target host="coos.to" />
+	<target host="copdf.co" />
+	<target host="copi.cc" />
+	<target host="coplusk.com" />
+	<target host="cops.one" />
+	<target host="copti.co" />
+	<target host="coptom.uk" />
+	<target host="coquillita.co" />
+	<target host="cor.bo" />
+	<target host="cor.cab" />
+	<target host="cor.tips" />
+	<target host="cor.vc" />
+	<target host="cora1.co.uk" />
+	<target host="corals.co" />
+	<target host="coralsoft.link" />
+	<target host="coralsprin.gs" />
+	<target host="cordaid.co" />
+	<target host="core.lc" />
+	<target host="coreanoloco.xyz" />
+	<target host="corg.in" />
+	<target host="corina.io" />
+	<target host="corinne.co" />
+	<target host="cornel.ly" />
+	<target host="cornyn.co" />
+	<target host="coro.la" />
+	<target host="corp.ibrands.es" />
+	<target host="corporatecom.ms" />
+	<target host="corpub.ro" />
+	<target host="corre.la" />
+	<target host="corrid.org" />
+	<target host="corrieandty.co" />
+	<target host="cors.is" />
+	<target host="corsem.co" />
+	<target host="corset.tips" />
+	<target host="cortex.to" />
+	<target host="cortit.us" />
+	<target host="coruja.xyz" />
+	<target host="corv.ink" />
+	<target host="cos.sc" />
+	<target host="cosac.it" />
+	<target host="cosolis.net" />
+	<target host="cosp.ly" />
+	<target host="cossette.social" />
+	<target host="costu.re" />
+	<target host="coth.co" />
+	<target host="cotms.co" />
+	<target host="cotn.in" />
+	<target host="cotuca.me" />
+	<target host="couch.fyi" />
+	<target host="coughl.in" />
+	<target host="couix.net" />
+	<target host="counter.fi" />
+	<target host="counter.tax" />
+	<target host="coup-ins.com" />
+	<target host="coupaw.us" />
+	<target host="courtneyaura.us" />
+	<target host="cout.ie" />
+	<target host="cov.ky" />
+	<target host="cove.in" />
+	<target host="coverfx.co" />
+	<target host="covr.me" />
+	<target host="cowl.es" />
+	<target host="cox.ciqueto.com" />
+	<target host="coxtn.net" />
+	<target host="coyotepr.it" />
+	<target host="cp1.com" />
+	<target host="cpaclick.com" />
+	<target host="cpath.it" />
+	<target host="cpatools.us" />
+	<target host="cpd.io" />
+	<target host="cpd.to" />
+	<target host="cpdmn.com" />
+	<target host="cpguid.es" />
+	<target host="cphr.us" />
+	<target host="cpics.org" />
+	<target host="cpip.me" />
+	<target host="cpis.me" />
+	<target host="cpix.tv" />
+	<target host="cplb.eu" />
+	<target host="cpld.co" />
+	<target host="cpmt.link" />
+	<target host="cpmx.me" />
+	<target host="cpner.com" />
+	<target host="cpntr.com" />
+	<target host="cpoula.in" />
+	<target host="cppt.rs" />
+	<target host="cpq-1.co" />
+	<target host="cpr.io" />
+	<target host="cprep.co" />
+	<target host="cpri.me" />
+	<target host="cprit.us" />
+	<target host="cpry.net" />
+	<target host="cprza.co" />
+	<target host="cpsd.es" />
+	<target host="cpse.news" />
+	<target host="cpsg.ws" />
+	<target host="cpsins.co" />
+	<target host="cptl.io" />
+	<target host="cptr.me" />
+	<target host="cptz.me" />
+	<target host="cpx.fyi" />
+	<target host="cpycat.ch" />
+	<target host="cpyinc.us" />
+	<target host="cpyne.me" />
+	<target host="cqu.re" />
+	<target host="cqwer.ml" />
+	<target host="cr.agency" />
+	<target host="cr.ht" />
+	<target host="cr.ndjmc.com" />
+	<target host="cr.tn" />
+	<target host="cr0p.me" />
+	<target host="cr3.co" />
+	<target host="cr7-2017.ml" />
+	<target host="cr8.is" />
+	<target host="cr8.lv" />
+	<target host="cr8.me" />
+	<target host="cr8tiv.es" />
+	<target host="crackm.ag" />
+	<target host="craft-s.net" />
+	<target host="craft.xebia.com" />
+	<target host="craftbee.rs" />
+	<target host="craftg.in" />
+	<target host="craftsadore.uk" />
+	<target host="craftsy.me" />
+	<target host="craftulo.us" />
+	<target host="crags.co" />
+	<target host="craig.bz" />
+	<target host="craige.link" />
+	<target host="craigeo.us" />
+	<target host="crame.co" />
+	<target host="cranes.vc" />
+	<target host="crap.at" />
+	<target host="crap.leocav.net" />
+	<target host="crash.io" />
+	<target host="crate.us" />
+	<target host="craterhoops.com" />
+	<target host="craw.info" />
+	<target host="craze.no" />
+	<target host="crazy.fyi" />
+	<target host="crazysal.es" />
+	<target host="crb.li" />
+	<target host="crbalt.org" />
+	<target host="crbn.me" />
+	<target host="crch.co" />
+	<target host="crclf.in" />
+	<target host="crcls.in" />
+	<target host="crcp.it" />
+	<target host="crdant.co" />
+	<target host="crdev.us" />
+	<target host="crdnl.club" />
+	<target host="crds.ch" />
+	<target host="crdt.co" />
+	<target host="crdtkrma.com" />
+	<target host="crdx.us" />
+	<target host="cre.im" />
+	<target host="cre.pe" />
+	<target host="cre.sc" />
+	<target host="cre8.tips" />
+	<target host="cre8wow.me" />
+	<target host="createbedo.info" />
+	<target host="created.red" />
+	<target host="creativeactn.us" />
+	<target host="creativedo.se" />
+	<target host="credicard.biz" />
+	<target host="credijus.to" />
+	<target host="credits.buzz" />
+	<target host="cree.me" />
+	<target host="cremagoi.co" />
+	<target host="cremeri.us" />
+	<target host="cren.cc" />
+	<target host="cren.cm" />
+	<target host="crenin.com" />
+	<target host="crep.so" />
+	<target host="crew.sc" />
+	<target host="crewfi.re" />
+	<target host="crfsrv.co" />
+	<target host="crft.us" />
+	<target host="crftby.co" />
+	<target host="crfts.net" />
+	<target host="crg.st" />
+	<target host="crgls.de" />
+	<target host="crgn.ru" />
+	<target host="crha.li" />
+	<target host="crhe.org" />
+	<target host="crhrs.us" />
+	<target host="cri.gs" />
+	<target host="cri900.me" />
+	<target host="crickeet.gq" />
+	<target host="cricketa.us" />
+	<target host="crics.in" />
+	<target host="cricvi.co" />
+	<target host="crifere.com" />
+	<target host="crik.me" />
+	<target host="criminaljl.tk" />
+	<target host="crimla.ws" />
+	<target host="crimw.me" />
+	<target host="crin.tv" />
+	<target host="crinc.co" />
+	<target host="crip.se" />
+	<target host="cris.ws" />
+	<target host="crissy.cc" />
+	<target host="critnet.us" />
+	<target host="crks.me" />
+	<target host="crls.ch" />
+	<target host="crlshpp.ca" />
+	<target host="crlw.co" />
+	<target host="crm.al" />
+	<target host="crm.gd" />
+	<target host="crm.givebac.org" />
+	<target host="crm.vc" />
+	<target host="crmu.se" />
+	<target host="crn.direct" />
+	<target host="crn.tw" />
+	<target host="crnr.market" />
+	<target host="croaks.us" />
+	<target host="crocket.io" />
+	<target host="crod.info" />
+	<target host="croft.link" />
+	<target host="crook.st" />
+	<target host="crow.ly" />
+	<target host="crowdspring.co" />
+	<target host="crowesg.tax" />
+	<target host="crown.cx" />
+	<target host="crownbrush.club" />
+	<target host="crowneplaza.nz" />
+	<target host="crownpa.mx" />
+	<target host="crozhd4k.ml" />
+	<target host="crp.ovh" />
+	<target host="crplz.in" />
+	<target host="crrck.com" />
+	<target host="crrk.us" />
+	<target host="crsb.it" />
+	<target host="crscnt.co" />
+	<target host="crsex.org" />
+	<target host="crsh.me" />
+	<target host="crshlv.ly" />
+	<target host="crsincdt.co" />
+	<target host="crspdl.in" />
+	<target host="crssmt.ch" />
+	<target host="crst.in" />
+	<target host="crstl.uk" />
+	<target host="crsx.de" />
+	<target host="crt.tw" />
+	<target host="crta.co" />
+	<target host="crtc.io" />
+	<target host="crtfy.us" />
+	<target host="crtny.me" />
+	<target host="crts.eu" />
+	<target host="crtt.co" />
+	<target host="crtvlsy.ca" />
+	<target host="crtz.li" />
+	<target host="crtz.me" />
+	<target host="cru.is" />
+	<target host="cru.mp" />
+	<target host="cruci.al" />
+	<target host="crucl.co" />
+	<target host="cruclick.us" />
+	<target host="crui.xyz" />
+	<target host="cruise.gs" />
+	<target host="crukf.co" />
+	<target host="crumb.cc" />
+	<target host="crunchify.me" />
+	<target host="crunchlog.link" />
+	<target host="crux.bz" />
+	<target host="cruzs.ml" />
+	<target host="crv.im" />
+	<target host="crwd.fr" />
+	<target host="crwd.sc" />
+	<target host="crwd.si" />
+	<target host="crwd.st" />
+	<target host="crwd.ws" />
+	<target host="crwded.co" />
+	<target host="crwdflr.com" />
+	<target host="crwdly.co" />
+	<target host="crwdwk.com" />
+	<target host="crwn.it" />
+	<target host="cryloke.tk" />
+	<target host="cryn.io" />
+	<target host="cryp.tn" />
+	<target host="cryptonews.ca" />
+	<target host="cryptospaces.co" />
+	<target host="crys.tl" />
+	<target host="crz.bz" />
+	<target host="crzml.lol" />
+	<target host="cs.almari.co.id" />
+	<target host="cs.hack.or.jp" />
+	<target host="cs.is" />
+	<target host="cs.vhpost.tv" />
+	<target host="cs99.ga" />
+	<target host="csalert.info" />
+	<target host="csbk.co" />
+	<target host="csc.rocks" />
+	<target host="cschallenge.uk" />
+	<target host="cscsci.com" />
+	<target host="csd.art.br" />
+	<target host="csdr.ml" />
+	<target host="csds.pw" />
+	<target host="csect.in" />
+	<target host="cseed.it" />
+	<target host="cseins.uk" />
+	<target host="csend.be" />
+	<target host="csene.ws" />
+	<target host="cseo.me" />
+	<target host="csfd.blaboly.cz" />
+	<target host="csg.com" />
+	<target host="cshake.in" />
+	<target host="csherm.com" />
+	<target host="cshort.co" />
+	<target host="cshp.co" />
+	<target host="csie.pro" />
+	<target host="csj.bz" />
+	<target host="csja.us" />
+	<target host="cskr.co" />
+	<target host="cslfr.co" />
+	<target host="csmg.at" />
+	<target host="csmp.io" />
+	<target host="csod.info" />
+	<target host="cson.mx" />
+	<target host="cspr.me" />
+	<target host="csprev.ca" />
+	<target host="csrcourses.com" />
+	<target host="csrr.us" />
+	<target host="cssgrid.me" />
+	<target host="cssimt.us" />
+	<target host="csssoft.info" />
+	<target host="csswz.it" />
+	<target host="cst.li" />
+	<target host="cstau.de" />
+	<target host="cstd.cf" />
+	<target host="cstdn.tl" />
+	<target host="cstm.us" />
+	<target host="cstrong.co.uk" />
+	<target host="cstwy.co" />
+	<target host="csull.in" />
+	<target host="csuloch.link" />
+	<target host="csuohio.us" />
+	<target host="csvv.co" />
+	<target host="csweb.me" />
+	<target host="csy.co" />
+	<target host="csycb.co" />
+	<target host="ct.hwcmc.com" />
+	<target host="ct.mindset.jp" />
+	<target host="ct.shiztc.com" />
+	<target host="cta.fi" />
+	<target host="ctbl.us" />
+	<target host="ctcaho.pe" />
+	<target host="ctd.li" />
+	<target host="ctea.in" />
+	<target host="ctfl.io" />
+	<target host="ctia.it" />
+	<target host="ctibinc.ca" />
+	<target host="ctimes.co" />
+	<target host="ctl.co" />
+	<target host="ctl.li" />
+	<target host="ctlab.club" />
+	<target host="ctlb.eu" />
+	<target host="ctlear.nz" />
+	<target host="ctls.us" />
+	<target host="ctly.st" />
+	<target host="ctmne.ws" />
+	<target host="ctmr.tk" />
+	<target host="ctolink.us" />
+	<target host="ctpcba.net" />
+	<target host="ctplt.us" />
+	<target host="ctpx.cc" />
+	<target host="ctr.bz" />
+	<target host="ctr4.me" />
+	<target host="ctrejo.life" />
+	<target host="ctri.co" />
+	<target host="ctrix.social" />
+	<target host="ctrlh.co" />
+	<target host="ctrss.ms" />
+	<target host="ctrwi.org" />
+	<target host="ctscentr.al" />
+	<target host="ctserc.net" />
+	<target host="ctstravel.co" />
+	<target host="ctts.eu" />
+	<target host="ctune.co" />
+	<target host="ctus.it" />
+	<target host="ctv.mk" />
+	<target host="ctvcom.co" />
+	<target host="ctwchur.ch" />
+	<target host="ctwn.info" />
+	<target host="ctx.to" />
+	<target host="ctyj.hu" />
+	<target host="ctyl.uk" />
+	<target host="ctym.ps" />
+	<target host="ctzn.earth" />
+	<target host="ctzsi.de" />
+	<target host="cu-lead.us" />
+	<target host="cual.li" />
+	<target host="cualu.ms" />
+	<target host="cub.am" />
+	<target host="cubed.link" />
+	<target host="cubet.to" />
+	<target host="cubetu.be" />
+	<target host="cubeweb.cc" />
+	<target host="cublux.ml" />
+	<target host="cubt.co" />
+	<target host="cucast.me" />
+	<target host="cucchia.io" />
+	<target host="cucurut.ml" />
+	<target host="cucus.ml" />
+	<target host="cud.li" />
+	<target host="cue.tc" />
+	<target host="cuf.link" />
+	<target host="cuffl.in" />
+	<target host="cui.media" />
+	<target host="cukilfilm.ml" />
+	<target host="cuku.us" />
+	<target host="cul-de-sac.com" />
+	<target host="culp.tv" />
+	<target host="cultd.ltd" />
+	<target host="cultex.us" />
+	<target host="cultiv8.me" />
+	<target host="cultivated.it" />
+	<target host="cultivatene.ws" />
+	<target host="cultm.ac" />
+	<target host="cultr.me" />
+	<target host="cultrix.it" />
+	<target host="cultur.at" />
+	<target host="culturemass.net" />
+	<target host="cultureme.sh" />
+	<target host="cultureofedm.nl" />
+	<target host="cumlou.de" />
+	<target host="cumpay.ml" />
+	<target host="cundmj.de" />
+	<target host="cuocthi.tckt.vn" />
+	<target host="cuon.vn" />
+	<target host="cup.cm" />
+	<target host="cupjo.co" />
+	<target host="cupom.site" />
+	<target host="cur.im" />
+	<target host="cur.lt" />
+	<target host="curaman.do" />
+	<target host="curatdtrvl.co" />
+	<target host="curcap.us" />
+	<target host="curec.lk" />
+	<target host="curejoy.io" />
+	<target host="curi.me" />
+	<target host="curiosity.im" />
+	<target host="curiousdog.us" />
+	<target host="curis.co" />
+	<target host="curlbox.co" />
+	<target host="curly.ml" />
+	<target host="curly.vision" />
+	<target host="curso.ms" />
+	<target host="cursovmec.tk" />
+	<target host="curt.cf" />
+	<target host="curt.io" />
+	<target host="curtjet.co.vu" />
+	<target host="curv.it" />
+	<target host="curvatude.me" />
+	<target host="curved.me" />
+	<target host="curvelo.click" />
+	<target host="curx.es" />
+	<target host="cushwk.co" />
+	<target host="cust.fr" />
+	<target host="cust.io" />
+	<target host="customsu.it" />
+	<target host="cute.li" />
+	<target host="cutedo.se" />
+	<target host="cutelhd.ml" />
+	<target host="cutk.ga" />
+	<target host="cutpa.st" />
+	<target host="cutsforth.link" />
+	<target host="cutty.me" />
+	<target host="cv.amirhhz.com" />
+	<target host="cv17hdtv04.ml" />
+	<target host="cvanwye.com" />
+	<target host="cvbl.ch" />
+	<target host="cvboost.ru" />
+	<target host="cvco.co" />
+	<target host="cvesp.cl" />
+	<target host="cvi.to" />
+	<target host="cvip.in" />
+	<target host="cvja.me" />
+	<target host="cvnk.nl" />
+	<target host="cvnteyes.co" />
+	<target host="cvote.cc" />
+	<target host="cvote.it" />
+	<target host="cvr.tn" />
+	<target host="cvrep.us" />
+	<target host="cvrp.de" />
+	<target host="cvs.co" />
+	<target host="cvstle.link" />
+	<target host="cvtt.me" />
+	<target host="cw.wycw.tv" />
+	<target host="cw3.co" />
+	<target host="cwa.re" />
+	<target host="cway.to" />
+	<target host="cwbys.co" />
+	<target host="cwc.onl" />
+	<target host="cwcc.io" />
+	<target host="cwcw.ca" />
+	<target host="cwe.st" />
+	<target host="cwei.ch" />
+	<target host="cwil.es" />
+	<target host="cwired.co" />
+	<target host="cwmend.es" />
+	<target host="cwrld.us" />
+	<target host="cws.link" />
+	<target host="cws.one" />
+	<target host="cwtalk.us" />
+	<target host="cwtr.org" />
+	<target host="cwtrd.rs" />
+	<target host="cwv.me" />
+	<target host="cxalta.me" />
+	<target host="cxd.li" />
+	<target host="cxd.wtf" />
+	<target host="cxo.news" />
+	<target host="cxpr.in" />
+	<target host="cxps.com.au" />
+	<target host="cy.on.gt" />
+	<target host="cy.tl" />
+	<target host="cyb.to" />
+	<target host="cybel.it" />
+	<target host="cyber.gd" />
+	<target host="cyberpwn.org" />
+	<target host="cybr.bz" />
+	<target host="cybr.ly" />
+	<target host="cybr.pt" />
+	<target host="cybr.rocks" />
+	<target host="cybrd.uk" />
+	<target host="cybrgrd.link" />
+	<target host="cybrsec.io" />
+	<target host="cycf.it" />
+	<target host="cycjnk.es" />
+	<target host="cycl.chat" />
+	<target host="cycloneaxe4k.ml" />
+	<target host="cyg.me" />
+	<target host="cyha.es" />
+	<target host="cyki.do" />
+	<target host="cylance.rocks" />
+	<target host="cylar.me" />
+	<target host="cym.fm" />
+	<target host="cymca.hk" />
+	<target host="cynwen.co" />
+	<target host="cyour.ws" />
+	<target host="cyph.team" />
+	<target host="cypl.news" />
+	<target host="cypr24.info" />
+	<target host="cysh.eu" />
+	<target host="cysp.pro" />
+	<target host="cyta.co" />
+	<target host="cywdt.info" />
+	<target host="czr.fm" />
+	<target host="czyglw.link" />
+	<target host="czynst.us" />
+	<target host="d-cr.co" />
+	<target host="d-dv.us" />
+	<target host="d-l.site" />
+	<target host="d-ma.ca" />
+	<target host="d-mado.link" />
+	<target host="d-pix.info" />
+	<target host="d-r.us" />
+	<target host="d-rp.it" />
+	<target host="d-vs.co" />
+	<target host="d-williams.com" />
+	<target host="d.7gen.com" />
+	<target host="d.aegissols.com" />
+	<target host="d.alfr0475.com" />
+	<target host="d.alismen.com" />
+	<target host="d.andynova.com" />
+	<target host="d.bigtymetv.com" />
+	<target host="d.blakesl.ee" />
+	<target host="d.bmvideo.co.uk" />
+	<target host="d.bz" />
+	<target host="d.chikuwabu.com" />
+	<target host="d.cloudlotse.de" />
+	<target host="d.cmpli.uk" />
+	<target host="d.colwill.eu" />
+	<target host="d.conanne.ws" />
+	<target host="d.copsywrite.nl" />
+	<target host="d.dellamoda.com" />
+	<target host="d.diqits.be" />
+	<target host="d.dreambaits.be" />
+	<target host="d.dsy.me" />
+	<target host="d.getboxer.com" />
+	<target host="d.gygo.it" />
+	<target host="d.hihex.com" />
+	<target host="d.igit.al" />
+	<target host="d.ij-soft.com" />
+	<target host="d.imetandy.com" />
+	<target host="d.iscour.se" />
+	<target host="d.ivancevic.nl" />
+	<target host="d.ive.tw" />
+	<target host="d.jtb.jp" />
+	<target host="d.kabam.com" />
+	<target host="d.lerv.me" />
+	<target host="d.lewisross.com" />
+	<target host="d.mact.me" />
+	<target host="d.medw.in" />
+	<target host="d.mido.me" />
+	<target host="d.mmt.digital" />
+	<target host="d.ncs.pw" />
+	<target host="d.nstrm.nl" />
+	<target host="d.olibenu.com" />
+	<target host="d.parcyvall.com" />
+	<target host="d.perubatan.org" />
+	<target host="d.prodicle.com" />
+	<target host="d.reo.me" />
+	<target host="d.riwi.com" />
+	<target host="d.rnk.me" />
+	<target host="d.simpsn.com" />
+	<target host="d.sjccenter.com" />
+	<target host="d.skygate.co.jp" />
+	<target host="d.stylefire.xyz" />
+	<target host="d.syokdeals.com" />
+	<target host="d.truemoney.com" />
+	<target host="d.vgx.lv" />
+	<target host="d.warrenlex.com" />
+	<target host="d.wes.st" />
+	<target host="d.wiencke.nrw" />
+	<target host="d.wire-subs.com" />
+	<target host="d.ynam.it" />
+	<target host="d.zhng.co" />
+	<target host="d.zle.io" />
+	<target host="d0g.gs" />
+	<target host="d0n.tw" />
+	<target host="d1.io" />
+	<target host="d10.me" />
+	<target host="d11jut.ml" />
+	<target host="d13.in" />
+	<target host="d13.shop" />
+	<target host="d2bd.info" />
+	<target host="d2df.co" />
+	<target host="d2e.co" />
+	<target host="d2shr.co" />
+	<target host="d2x2.club" />
+	<target host="d30.co" />
+	<target host="d313.co" />
+	<target host="d35.nl" />
+	<target host="d360.am" />
+	<target host="d38.me" />
+	<target host="d3c0d3.com" />
+	<target host="d3k.me" />
+	<target host="d3n.in" />
+	<target host="d3w.it" />
+	<target host="d4.design" />
+	<target host="d4f.link" />
+	<target host="d4g04n.ml" />
+	<target host="d4hdir.ml" />
+	<target host="d4k.us" />
+	<target host="d4r.pw" />
+	<target host="d4s.tips" />
+	<target host="d53.co" />
+	<target host="d6e.co" />
+	<target host="d77.co" />
+	<target host="d7v.me" />
+	<target host="d8l.uk" />
+	<target host="d98.info" />
+	<target host="da-is.us" />
+	<target host="da-un.click" />
+	<target host="da.rned.de" />
+	<target host="da.simpsn.com" />
+	<target host="daa.gs" />
+	<target host="dab.re" />
+	<target host="dabot.co" />
+	<target host="dacati.me" />
+	<target host="dacre.link" />
+	<target host="dacw.co" />
+	<target host="dad.am" />
+	<target host="dad.im" />
+	<target host="dadd.io" />
+	<target host="daddy.do" />
+	<target host="dadhype.us" />
+	<target host="dadio.co" />
+	<target host="dadsdefense.org" />
+	<target host="dadshift.me" />
+	<target host="dadyal.net" />
+	<target host="dae.men" />
+	<target host="daengtv.ml" />
+	<target host="daf.nu" />
+	<target host="daffa.pro" />
+	<target host="daft.onl" />
+	<target host="daftarole.co.vu" />
+	<target host="dafz.co" />
+	<target host="dag.fyi" />
+	<target host="dagol4khd.ml" />
+	<target host="dagz.es" />
+	<target host="dailydi.sh" />
+	<target host="dailydr.ink" />
+	<target host="dailym.ai" />
+	<target host="dailypay.tm" />
+	<target host="dailyprep.me" />
+	<target host="dailyre.co" />
+	<target host="dailyreads.us" />
+	<target host="dailysexy.cf" />
+	<target host="dailysexy.ga" />
+	<target host="dailysexy.gq" />
+	<target host="dailysign.al" />
+	<target host="daim.co" />
+	<target host="dairytv.ml" />
+	<target host="daisyhuang.top" />
+	<target host="daiwafi.sh" />
+	<target host="dajon.uk" />
+	<target host="dakar.bz" />
+	<target host="daktne.ws" />
+	<target host="dalal.link" />
+	<target host="daleal.link" />
+	<target host="dalepro.link" />
+	<target host="dalia.click" />
+	<target host="daln.co" />
+	<target host="dalsi.info" />
+	<target host="daman.me" />
+	<target host="danaroth.net" />
+	<target host="danc.tech" />
+	<target host="dand.link" />
+	<target host="dande.li" />
+	<target host="dandrade.co" />
+	<target host="dangarzon.com" />
+	<target host="danie.ly" />
+	<target host="danier.ca" />
+	<target host="danig.org" />
+	<target host="danm.co" />
+	<target host="danm.in" />
+	<target host="dannyurl.us" />
+	<target host="danr.me" />
+	<target host="dansa.link" />
+	<target host="danscal.co" />
+	<target host="dantou.ch" />
+	<target host="danw.it" />
+	<target host="danz-don.ml" />
+	<target host="danz-live.ml" />
+	<target host="dao1.org" />
+	<target host="daph.in" />
+	<target host="dar.li" />
+	<target host="dar.to" />
+	<target host="daraman.me" />
+	<target host="darbie.link" />
+	<target host="darcitalks.tips" />
+	<target host="dareb.in" />
+	<target host="darin.tech" />
+	<target host="darios.co" />
+	<target host="darkag.es" />
+	<target host="darkhim.re" />
+	<target host="darkink.xyz" />
+	<target host="darknighte.com" />
+	<target host="darl.ink" />
+	<target host="darr.ch" />
+	<target host="darrenlik.es" />
+	<target host="darrenw.love" />
+	<target host="darthotr.com" />
+	<target host="dary.us" />
+	<target host="daryl.at" />
+	<target host="dashho.us" />
+	<target host="dashosass.co" />
+	<target host="dashs.dk" />
+	<target host="dasi.ml" />
+	<target host="daskrau.se" />
+	<target host="dasm.ag" />
+	<target host="dasp.in" />
+	<target host="data.is" />
+	<target host="data.li" />
+	<target host="dataeng.co" />
+	<target host="datag.uy" />
+	<target host="datalxr.com" />
+	<target host="datane.ws" />
+	<target host="datascri.be" />
+	<target host="datehq.co.vu" />
+	<target host="dating-place.cf" />
+	<target host="datingme.gq" />
+	<target host="datse.ca" />
+	<target host="daus.to" />
+	<target host="dav-i.es" />
+	<target host="dav.solutions" />
+	<target host="dav.sx" />
+	<target host="dav3h.co.uk" />
+	<target host="davaug.com" />
+	<target host="dave.direct" />
+	<target host="dave.pt" />
+	<target host="dave.sg" />
+	<target host="dave.us" />
+	<target host="daved.kg" />
+	<target host="davedarby.it" />
+	<target host="davehe.al" />
+	<target host="davesrfs.co" />
+	<target host="david-t.ec" />
+	<target host="davidpa.it" />
+	<target host="davidtravel.net" />
+	<target host="davini.co" />
+	<target host="davir.me" />
+	<target host="davis.co.in" />
+	<target host="dawanda.me" />
+	<target host="daweso.me" />
+	<target host="dawgs.us" />
+	<target host="dawid.red" />
+	<target host="dawnnicole.us" />
+	<target host="dawns.co" />
+	<target host="daws.in" />
+	<target host="day4khd.ml" />
+	<target host="dayan.at" />
+	<target host="dayba.click" />
+	<target host="dayc.se" />
+	<target host="daytrips.to" />
+	<target host="dazd.co" />
+	<target host="dba-911.com" />
+	<target host="dback.co" />
+	<target host="dbayl.es" />
+	<target host="dbb.is" />
+	<target host="dbb.la" />
+	<target host="dbb0ss.com" />
+	<target host="dbbat.es" />
+	<target host="dbbg.us" />
+	<target host="dbc.life" />
+	<target host="dbdh.biz" />
+	<target host="dbdnx.co" />
+	<target host="dbfh.us" />
+	<target host="dbh.li" />
+	<target host="dbhalf.com" />
+	<target host="dbhas.info" />
+	<target host="dbis.hk" />
+	<target host="dbiweb.us" />
+	<target host="dbjo.es" />
+	<target host="dblenco.re" />
+	<target host="dblnc.fm" />
+	<target host="dbm.media" />
+	<target host="dbmn.us" />
+	<target host="dbnd.co" />
+	<target host="dbnews.ca" />
+	<target host="dbnr.co" />
+	<target host="dbny.us" />
+	<target host="dbot.ws" />
+	<target host="dbots.ml" />
+	<target host="dbq.me" />
+	<target host="dbr.mn" />
+	<target host="dbrd.la" />
+	<target host="dbricks.co" />
+	<target host="dbry.uk" />
+	<target host="dbtat.me" />
+	<target host="dburk.us" />
+	<target host="dburl.xyz" />
+	<target host="dbyco.us" />
+	<target host="dbym.tk" />
+	<target host="dbzl.it" />
+	<target host="dc-uoit.info" />
+	<target host="dc.cr" />
+	<target host="dc.to" />
+	<target host="dc3.co" />
+	<target host="dc4.co" />
+	<target host="dca.xyz" />
+	<target host="dcal.us" />
+	<target host="dcall.uk" />
+	<target host="dcand.us" />
+	<target host="dcandies.com" />
+	<target host="dcb17.me" />
+	<target host="dcbroni.es" />
+	<target host="dcc.life" />
+	<target host="dcc.news" />
+	<target host="dcccd.info" />
+	<target host="dccn.ml" />
+	<target host="dccp.co" />
+	<target host="dcdr.me" />
+	<target host="dcel.co" />
+	<target host="dcert.co" />
+	<target host="dcft.co" />
+	<target host="dcg.fyi" />
+	<target host="dch.ie" />
+	<target host="dch.to" />
+	<target host="dclife.us" />
+	<target host="dcln.co" />
+	<target host="dcly.de" />
+	<target host="dcly.io" />
+	<target host="dcme.co" />
+	<target host="dcmnt.me" />
+	<target host="dcmx.mx" />
+	<target host="dcn.ma" />
+	<target host="dcohen.xyz" />
+	<target host="dcor.co" />
+	<target host="dcoy.co" />
+	<target host="dcpr.info" />
+	<target host="dcra.in" />
+	<target host="dcrk.me" />
+	<target host="dcsimi.com" />
+	<target host="dcsl.software" />
+	<target host="dcsp.me" />
+	<target host="dcstr.es" />
+	<target host="dctr.io" />
+	<target host="dctv.me" />
+	<target host="dcult.net" />
+	<target host="dcun.it" />
+	<target host="dcuz.us" />
+	<target host="dcv.cc" />
+	<target host="dcw.bz" />
+	<target host="dcy.li" />
+	<target host="dd.deals" />
+	<target host="dd.rs" />
+	<target host="dd15.me" />
+	<target host="dd4.us" />
+	<target host="ddar.ca" />
+	<target host="ddc.cr" />
+	<target host="ddd.1n.pw" />
+	<target host="ddd.li" />
+	<target host="dddag.com.br" />
+	<target host="ddel.co" />
+	<target host="ddev.co" />
+	<target host="ddfly.co" />
+	<target host="ddg.nu" />
+	<target host="ddgam.es" />
+	<target host="ddgrp.co" />
+	<target host="ddhy.co" />
+	<target host="ddig.in" />
+	<target host="ddnnews.com" />
+	<target host="ddod.co" />
+	<target host="ddpy.co" />
+	<target host="ddr.my" />
+	<target host="ddrone.us" />
+	<target host="ddsply.co" />
+	<target host="ddst.io" />
+	<target host="ddv.fm" />
+	<target host="ddy.mn" />
+	<target host="de-lio.tk" />
+	<target host="de.bdc.cat" />
+	<target host="de.iglesia.net" />
+	<target host="de.isaacj.com" />
+	<target host="de.linak.de" />
+	<target host="de.noisey.com" />
+	<target host="de.vice.com" />
+	<target host="deacs.info" />
+	<target host="deadfi.sh" />
+	<target host="deal.canvas.my" />
+	<target host="deal.chpskt.com" />
+	<target host="deal.wiki" />
+	<target host="dealflow.link" />
+	<target host="deannaf.me" />
+	<target host="dearbyt.es" />
+	<target host="deasil.link" />
+	<target host="deb.bi" />
+	<target host="debaak.net" />
+	<target host="debati.ng" />
+	<target host="deblas.io" />
+	<target host="debtdeeply.com" />
+	<target host="debtdeeply.org" />
+	<target host="debtfr.ee" />
+	<target host="dec.loak.org" />
+	<target host="deca.news" />
+	<target host="decal.mobi" />
+	<target host="decd.co" />
+	<target host="deci.ph" />
+	<target host="decide2.be" />
+	<target host="decider.tv" />
+	<target host="decit.re" />
+	<target host="decm.in" />
+	<target host="decs.im" />
+	<target host="dedelste.in" />
+	<target host="dedicacaotta.vc" />
+	<target host="dedu.org" />
+	<target host="dee.wongs.link" />
+	<target host="deedl.ink" />
+	<target host="deemax.ml" />
+	<target host="deepl.ink" />
+	<target host="deewoo.me" />
+	<target host="def-econ.com" />
+	<target host="defender411.us" />
+	<target host="defendr.co" />
+	<target host="defro.st" />
+	<target host="degib.re" />
+	<target host="degrau.online" />
+	<target host="dein.run" />
+	<target host="deinde.al" />
+	<target host="deine.ws" />
+	<target host="dej.si" />
+	<target host="dekalb.ag" />
+	<target host="deke.it" />
+	<target host="dekli.de" />
+	<target host="dekori.us" />
+	<target host="dekunu.info" />
+	<target host="delallo.co" />
+	<target host="delarua.tk" />
+	<target host="delasocial.me" />
+	<target host="delat.se" />
+	<target host="delfr.at" />
+	<target host="delia.cc" />
+	<target host="delik.cf" />
+	<target host="dell.to" />
+	<target host="dellcar.es" />
+	<target host="dellrecs.onl" />
+	<target host="delmarvane.ws" />
+	<target host="deloi.tt" />
+	<target host="delonline.us" />
+	<target host="delphi.im" />
+	<target host="delphiau.to" />
+	<target host="delta.uscca.com" />
+	<target host="deltastix.com" />
+	<target host="delto.ro" />
+	<target host="demandb.se" />
+	<target host="demd.ro" />
+	<target host="demery.me" />
+	<target host="demianyumei.com" />
+	<target host="demill.us" />
+	<target host="demo.ivoad.com" />
+	<target host="demo.locl.co" />
+	<target host="demp.mx" />
+	<target host="dems.me" />
+	<target host="demyr.us" />
+	<target host="dena.my" />
+	<target host="denagam.es" />
+	<target host="denimkil.la" />
+	<target host="deniso.nu" />
+	<target host="denrey.me" />
+	<target host="dentalacard.us" />
+	<target host="dentalassoc.us" />
+	<target host="dentolo.me" />
+	<target host="dentx.us" />
+	<target host="denvergp.org" />
+	<target host="denverimag.es" />
+	<target host="denverre.us" />
+	<target host="depaol.is" />
+	<target host="depo.press" />
+	<target host="deprati.co" />
+	<target host="dept.ly" />
+	<target host="dept7.uk" />
+	<target host="deptsto.re" />
+	<target host="deputi.es" />
+	<target host="der.be" />
+	<target host="der.heiko.in" />
+	<target host="der.makf.de" />
+	<target host="dereck.io" />
+	<target host="derek.news" />
+	<target host="derekb.bz" />
+	<target host="derf.me" />
+	<target host="derma.link" />
+	<target host="dermoncall.net" />
+	<target host="dermscan.eu" />
+	<target host="derochier.us" />
+	<target host="derpyne.ws" />
+	<target host="ders.me" />
+	<target host="dert.ca" />
+	<target host="derus.fr" />
+	<target host="descom.xyz" />
+	<target host="descubra.tk" />
+	<target host="desert.sn" />
+	<target host="desfm.com" />
+	<target host="desha.re" />
+	<target host="deshop.in" />
+	<target host="deshp.me" />
+	<target host="design-live.eu" />
+	<target host="desimal.ml" />
+	<target host="desinter.es" />
+	<target host="deskalerts.co" />
+	<target host="desorden.co" />
+	<target host="destelao.co" />
+	<target host="destin.ee" />
+	<target host="detail.co" />
+	<target host="detne.ws" />
+	<target host="deu.gd" />
+	<target host="deuleuwe.ml" />
+	<target host="dev.movd.me" />
+	<target host="dev.plus" />
+	<target host="dev0n.io" />
+	<target host="devd.in" />
+	<target host="deved.is" />
+	<target host="deven.biz" />
+	<target host="devfac.to" />
+	<target host="device.is" />
+	<target host="devilti.ca" />
+	<target host="devitre.co" />
+	<target host="devj.im" />
+	<target host="devk.ms" />
+	<target host="devlieghe.re" />
+	<target host="devmo.co" />
+	<target host="devolo.re" />
+	<target host="dew.bz" />
+	<target host="dewat.me" />
+	<target host="dewey.is" />
+	<target host="dex.ma" />
+	<target host="dexyp.co" />
+	<target host="deyawman.hol.es" />
+	<target host="df.ht" />
+	<target host="df.iabdf.org.br" />
+	<target host="dfab.it" />
+	<target host="dfblink.info" />
+	<target host="dfc.to" />
+	<target host="dfds.co" />
+	<target host="dfeldman.me" />
+	<target host="dff.io" />
+	<target host="dffy.us" />
+	<target host="dfgfi.org" />
+	<target host="dfir.to" />
+	<target host="dfit.io" />
+	<target host="dflink.co" />
+	<target host="dfly.in" />
+	<target host="dfnd.us" />
+	<target host="dfndhlth.com" />
+	<target host="dfndrs.com" />
+	<target host="dfp.link" />
+	<target host="dfpress.co" />
+	<target host="dfre.us" />
+	<target host="dfs.bz" />
+	<target host="dfsw.co" />
+	<target host="dft.mnkys.io" />
+	<target host="dftba.xyz" />
+	<target host="dfu.co" />
+	<target host="dfurn.es" />
+	<target host="dfvr.co" />
+	<target host="dfw.world" />
+	<target host="dfz.nl" />
+	<target host="dg-r.co" />
+	<target host="dgdrag.in" />
+	<target host="dgit.in" />
+	<target host="dgl.li" />
+	<target host="dgmc.ga" />
+	<target host="dgmusic.co" />
+	<target host="dgn.co" />
+	<target host="dgn.fish" />
+	<target host="dgphoto.io" />
+	<target host="dgpt.ch" />
+	<target host="dgrab.net" />
+	<target host="dgrant.co" />
+	<target host="dgree.org" />
+	<target host="dgrevie.ws" />
+	<target host="dgrph.com" />
+	<target host="dgt-hi.in" />
+	<target host="dgt-ml.in" />
+	<target host="dgt-mr.in" />
+	<target host="dgt-te.in" />
+	<target host="dgt.gl" />
+	<target host="dgt.im" />
+	<target host="dgt.ltd" />
+	<target host="dgtl.ag" />
+	<target host="dgtl.ink" />
+	<target host="dgtl.link" />
+	<target host="dgtl.me" />
+	<target host="dgtl.to" />
+	<target host="dgtl.ws" />
+	<target host="dgtlgyd.in" />
+	<target host="dgttu.co" />
+	<target host="dguk.xyz" />
+	<target host="dgullett.us" />
+	<target host="dgus.tv" />
+	<target host="dgwd.ca" />
+	<target host="dgzct.nl" />
+	<target host="dh.dibhotel.com" />
+	<target host="dhannah.co" />
+	<target host="dharme.sh" />
+	<target host="dhaw.al" />
+	<target host="dhee.co" />
+	<target host="dheim.at" />
+	<target host="dheliestha.ml" />
+	<target host="dhinews.me" />
+	<target host="dhiogo.com" />
+	<target host="dhis2.link" />
+	<target host="dhjp.jp" />
+	<target host="dhk.li" />
+	<target host="dhmsmag.uk" />
+	<target host="dhorner.us" />
+	<target host="dhowl.com" />
+	<target host="dhsdata.com" />
+	<target host="dhshrt.link" />
+	<target host="dht.ec" />
+	<target host="dhunter.me" />
+	<target host="dhurl.co" />
+	<target host="dhwk.me" />
+	<target host="di.agassi.id" />
+	<target host="di.fakta4.com" />
+	<target host="di.gg" />
+	<target host="di.gulamo.com" />
+	<target host="di.papua.us" />
+	<target host="di.pemudafm.com" />
+	<target host="di.simpen.in" />
+	<target host="di.tuxindo.net" />
+	<target host="di7.pl" />
+	<target host="dia.mn" />
+	<target host="diabe.life" />
+	<target host="diablo.fyi" />
+	<target host="diag.life" />
+	<target host="diagon.al" />
+	<target host="dialet.to" />
+	<target host="dialogte.ch" />
+	<target host="dialyze.co" />
+	<target host="diamone.st" />
+	<target host="diav.co" />
+	<target host="dib.me" />
+	<target host="dibdabdaub.com" />
+	<target host="dicas.vix.br" />
+	<target host="dichos.is" />
+	<target host="diegofx.co" />
+	<target host="dietz.link" />
+	<target host="diff.is" />
+	<target host="diffsnow.com" />
+	<target host="diffu.se" />
+	<target host="difran.co" />
+	<target host="dig.ma" />
+	<target host="dig.ms" />
+	<target host="dig.ng" />
+	<target host="dig.vnyl.st" />
+	<target host="digem.io" />
+	<target host="diger.at" />
+	<target host="diges.to" />
+	<target host="digibase.pro" />
+	<target host="digibil.ly" />
+	<target host="digicio.us" />
+	<target host="digif.in" />
+	<target host="digifund.link" />
+	<target host="digil.it" />
+	<target host="digilari.media" />
+	<target host="digimtg.uk" />
+	<target host="diginb.us" />
+	<target host="digisci.co" />
+	<target host="digistage.co.il" />
+	<target host="digit.re" />
+	<target host="digit4khd.ml" />
+	<target host="digita.gq" />
+	<target host="digitab.at" />
+	<target host="digitalcu.be" />
+	<target host="digitaldefen.se" />
+	<target host="digitalfiref.ly" />
+	<target host="digitalhands.tk" />
+	<target host="digitalnepal.cf" />
+	<target host="digitarget.ru" />
+	<target host="diglib.co" />
+	<target host="dign.at" />
+	<target host="dignityhlth.org" />
+	<target host="digt.in" />
+	<target host="digtb.us" />
+	<target host="digtl.net" />
+	<target host="dikle.in" />
+	<target host="dikobul.ml" />
+	<target host="dilgnt.gr" />
+	<target host="diln.gr" />
+	<target host="dimalisa.com" />
+	<target host="diminc.biz" />
+	<target host="dimp.ly" />
+	<target host="dine.sh" />
+	<target host="dineke.me" />
+	<target host="dingslots.com" />
+	<target host="dini.lu" />
+	<target host="dink.im" />
+	<target host="dinkzz.ml" />
+	<target host="dinr.us" />
+	<target host="dinsmore.co" />
+	<target host="dinsr.uk" />
+	<target host="dioguinho.blog" />
+	<target host="diperm4khd.ml" />
+	<target host="directcom.me" />
+	<target host="dirn.it" />
+	<target host="dirtme.link" />
+	<target host="dis.bz" />
+	<target host="dis.ciple.us" />
+	<target host="dis.cr" />
+	<target host="dis.okmoi.nl" />
+	<target host="dis.tl" />
+	<target host="disario.info" />
+	<target host="disc-u.org" />
+	<target host="disc.to" />
+	<target host="discord.elss.ml" />
+	<target host="discountti.re" />
+	<target host="discoverja.com" />
+	<target host="discre.co" />
+	<target host="discsto.re" />
+	<target host="discv.co" />
+	<target host="discvr.co" />
+	<target host="disga.de" />
+	<target host="dish.ly" />
+	<target host="dishing.co" />
+	<target host="disili.co" />
+	<target host="disneyj.jp" />
+	<target host="disrpt.me" />
+	<target host="disrup.to" />
+	<target host="dissh.me" />
+	<target host="distile.net" />
+	<target host="distinction.ly" />
+	<target host="distor.co" />
+	<target host="distorted.pl" />
+	<target host="disu.ga" />
+	<target host="diter.es" />
+	<target host="dittrich.link" />
+	<target host="divalicio.us" />
+	<target host="divasand.co" />
+	<target host="dive.im" />
+	<target host="dive.pub" />
+	<target host="divebar.ws" />
+	<target host="diver.so" />
+	<target host="divi.ng" />
+	<target host="divorce4.me" />
+	<target host="divvy.li" />
+	<target host="diweb.co" />
+	<target host="dix-link.tk" />
+	<target host="dix-short.tk" />
+	<target host="dixcinema21.tk" />
+	<target host="dixie.life" />
+	<target host="dixo.me" />
+	<target host="diyconsumer.co" />
+	<target host="diysec.co" />
+	<target host="dizzy.to" />
+	<target host="dj-m.ag" />
+	<target host="dj.lk" />
+	<target host="dj5.nl" />
+	<target host="djal.ml" />
+	<target host="djamentis.link" />
+	<target host="djarum.gq" />
+	<target host="djazz.it" />
+	<target host="djbook.io" />
+	<target host="djbooth.it" />
+	<target host="djbx.fr" />
+	<target host="dje.li" />
+	<target host="djex.co" />
+	<target host="djf.so" />
+	<target host="djfd.co" />
+	<target host="djfin.ch" />
+	<target host="djh.cc" />
+	<target host="djir.ie" />
+	<target host="djmaster.soy" />
+	<target host="djmo.ch" />
+	<target host="djmsc.nl" />
+	<target host="djnl.ca" />
+	<target host="djp.pw" />
+	<target host="djp3.me" />
+	<target host="djru.es" />
+	<target host="djtech.tools" />
+	<target host="djtim.es" />
+	<target host="dju.tips" />
+	<target host="djuku.us" />
+	<target host="djz.co" />
+	<target host="djz.io" />
+	<target host="dk.goto.top" />
+	<target host="dkate.ly" />
+	<target host="dkdn.co" />
+	<target host="dkdownload.de" />
+	<target host="dkel.ec" />
+	<target host="dkf.link" />
+	<target host="dkho.co" />
+	<target host="dkinney.co" />
+	<target host="dklds.org" />
+	<target host="dkmf.co" />
+	<target host="dkmn.tl" />
+	<target host="dkn.fm" />
+	<target host="dkng.co" />
+	<target host="dkoch.me" />
+	<target host="dkp.link" />
+	<target host="dkpm.in" />
+	<target host="dkq.me" />
+	<target host="dkstyle.me" />
+	<target host="dkwa.co" />
+	<target host="dky.bz" />
+	<target host="dl.11er.at" />
+	<target host="dl.360nh.ml" />
+	<target host="dl.abacus.co.ug" />
+	<target host="dl.aia.ag" />
+	<target host="dl.c7photo.com" />
+	<target host="dl.catta.co" />
+	<target host="dl.codebay.in" />
+	<target host="dl.formleo.se" />
+	<target host="dl.getblogo.com" />
+	<target host="dl.inscript.at" />
+	<target host="dl.jav4u.net" />
+	<target host="dl.keentools.io" />
+	<target host="dl.kvpbase.com" />
+	<target host="dl.logarist.com" />
+	<target host="dl.miscea.com" />
+	<target host="dl.msf.fr" />
+	<target host="dl.polagr.am" />
+	<target host="dl.silev.in" />
+	<target host="dl.soundgram.ir" />
+	<target host="dl.spar.ch" />
+	<target host="dl.tdcat.com" />
+	<target host="dl.tinyjuke.com" />
+	<target host="dl.tvho.me" />
+	<target host="dl.vnhut.com" />
+	<target host="dl.wootylab.com" />
+	<target host="dl.yala.fm" />
+	<target host="dl.yennhi.net" />
+	<target host="dlab.us" />
+	<target host="dlar.ge" />
+	<target host="dlbds.co" />
+	<target host="dlcom.co" />
+	<target host="dldp.co" />
+	<target host="dlearn.me" />
+	<target host="dlevi.com" />
+	<target host="dlgc.co" />
+	<target host="dlghtfl.co" />
+	<target host="dlhs-umi.ch" />
+	<target host="dlhz.be" />
+	<target host="dlink.to" />
+	<target host="dlkng.net" />
+	<target host="dlm.ag" />
+	<target host="dlmlink.ml" />
+	<target host="dlnk.cf" />
+	<target host="dloop.co" />
+	<target host="dlr.cm" />
+	<target host="dlrfr.sh" />
+	<target host="dlrkn.ws" />
+	<target host="dlrpwr.net" />
+	<target host="dlry.co" />
+	<target host="dlt.link" />
+	<target host="dlt.re" />
+	<target host="dlux.ml" />
+	<target host="dlvr.ee" />
+	<target host="dlvrmuch.co" />
+	<target host="dlvroo.it" />
+	<target host="dlvtr.tk" />
+	<target host="dlxcr.tv" />
+	<target host="dlycncpt.me" />
+	<target host="dlycpr.com" />
+	<target host="dlypr.es" />
+	<target host="dlytkk.co" />
+	<target host="dlywrth.com" />
+	<target host="dlz.io" />
+	<target host="dm.ie" />
+	<target host="dm.mix1.net" />
+	<target host="dm2.io" />
+	<target host="dm3.so" />
+	<target host="dm9.io" />
+	<target host="dmaas.co" />
+	<target host="dmac.top" />
+	<target host="dmak.us" />
+	<target host="dmas.io" />
+	<target host="dmb.cat" />
+	<target host="dmbox.pro" />
+	<target host="dmcoa.ch" />
+	<target host="dmdi.pl" />
+	<target host="dmds.cc" />
+	<target host="dmenow.co" />
+	<target host="dmf.is" />
+	<target host="dmil.uk" />
+	<target host="dmkt.tk" />
+	<target host="dmktgd.com" />
+	<target host="dml.io" />
+	<target host="dmm.rocks" />
+	<target host="dmn.hm" />
+	<target host="dmnc.tk" />
+	<target host="dmnd.cndl.es" />
+	<target host="dmnd.io" />
+	<target host="dmnd.la" />
+	<target host="dmnsgnls.link" />
+	<target host="dmntd.ca" />
+	<target host="dmo.social" />
+	<target host="dmoh.org" />
+	<target host="dmonn.co" />
+	<target host="dmonn.com" />
+	<target host="dmql8.me" />
+	<target host="dmrco.in" />
+	<target host="dmreg.co" />
+	<target host="dms.ski" />
+	<target host="dms3.it" />
+	<target host="dmsc.me" />
+	<target host="dn.vapplive.com" />
+	<target host="dnain.fo" />
+	<target host="dnce.co" />
+	<target host="dnd.ms" />
+	<target host="dndrn.ca" />
+	<target host="dnds.in" />
+	<target host="dndy.io" />
+	<target host="dnepwu.xyz" />
+	<target host="dnews.asia" />
+	<target host="dnf.uno" />
+	<target host="dnfco.com" />
+	<target host="dng.li" />
+	<target host="dng.link" />
+	<target host="dnglr.de" />
+	<target host="dngn.kr" />
+	<target host="dngsp.ch" />
+	<target host="dnksp.nl" />
+	<target host="dnlchw.net" />
+	<target host="dnll.us" />
+	<target host="dnlr.hn" />
+	<target host="dnmltz.me" />
+	<target host="dnn.ly" />
+	<target host="dnnyzglr.de" />
+	<target host="dnomaid.xyz" />
+	<target host="dntysq.co" />
+	<target host="dnvgl.link" />
+	<target host="dnvr.it" />
+	<target host="dnw.life" />
+	<target host="dnw.ninja" />
+	<target host="dnys.li" />
+	<target host="dnzl.nz" />
+	<target host="dnzn.gr" />
+	<target host="do.benar.do" />
+	<target host="do.joinville.in" />
+	<target host="do.youed.it" />
+	<target host="do206.co" />
+	<target host="do3.co" />
+	<target host="doaj.de" />
+	<target host="dob.cat" />
+	<target host="doba.us" />
+	<target host="dobd.ga" />
+	<target host="dobro4khd.ml" />
+	<target host="doc.aasc.com.vn" />
+	<target host="doc.alexcass.co" />
+	<target host="doc.gg" />
+	<target host="doc4.it" />
+	<target host="dochos.co" />
+	<target host="dockr.ly" />
+	<target host="doclw.com" />
+	<target host="docme.in" />
+	<target host="docs.agiusa.com" />
+	<target host="docs.ffhub.uk" />
+	<target host="docs.jms.com.mx" />
+	<target host="docs.mike.works" />
+	<target host="docs.us-inv.com" />
+	<target host="doctors.im" />
+	<target host="docu.scot" />
+	<target host="dodiklink.tk" />
+	<target host="dodls.me" />
+	<target host="doers.tips" />
+	<target host="doex.co" />
+	<target host="dofunsh.it" />
+	<target host="dogb.us" />
+	<target host="dogcatstore.co" />
+	<target host="doggyloot.us" />
+	<target host="dognition.co" />
+	<target host="dogoodux.com" />
+	<target host="dogroup.co" />
+	<target host="dogwoof.org" />
+	<target host="doh.kr" />
+	<target host="doh.so" />
+	<target host="dohane.ws" />
+	<target host="doig.net.au" />
+	<target host="dokaan.site" />
+	<target host="doktorslim.tk" />
+	<target host="doku.ws" />
+	<target host="dolan.cf" />
+	<target host="dolltasti.cc" />
+	<target host="dolphin.fyi" />
+	<target host="dolr.li" />
+	<target host="dom.tips" />
+	<target host="dombret4khd.ml" />
+	<target host="domhd.ml" />
+	<target host="dominan.ml" />
+	<target host="dominium.help" />
+	<target host="domo.ly" />
+	<target host="domp.su" />
+	<target host="don8blood.com" />
+	<target host="donal.link" />
+	<target host="donn.us" />
+	<target host="donnu.net" />
+	<target host="dontatme.co.uk" />
+	<target host="dontech.link" />
+	<target host="dontlog.me" />
+	<target host="doodhbooth.in" />
+	<target host="doodle.tips" />
+	<target host="dool.ca" />
+	<target host="dool.pro" />
+	<target host="doommet.al" />
+	<target host="door.fyi" />
+	<target host="dooz.us" />
+	<target host="dopeass.link" />
+	<target host="dor.im" />
+	<target host="dorg.ly" />
+	<target host="dormiu.co" />
+	<target host="dorxmov.ga" />
+	<target host="dos.lc" />
+	<target host="dose.io" />
+	<target host="dose.la" />
+	<target host="dot-h.kabus.red" />
+	<target host="dot.djmonta.me" />
+	<target host="dot.isawo.xyz" />
+	<target host="dot.kabus.red" />
+	<target host="dot.kosk.me" />
+	<target host="dot.live" />
+	<target host="dot.me" />
+	<target host="dot.mutsune.com" />
+	<target host="dot.puti.tokyo" />
+	<target host="dot.sachin21.jp" />
+	<target host="dot.se-1.net" />
+	<target host="dot.soncho.net" />
+	<target host="dot.tbrook.net" />
+	<target host="dot.toocheap.jp" />
+	<target host="dotbair.es" />
+	<target host="dotblogs.tw" />
+	<target host="dotbo.co" />
+	<target host="doth.me" />
+	<target host="dotmh.co" />
+	<target host="dotu.me" />
+	<target host="dou.ba" />
+	<target host="dougd.me" />
+	<target host="dougie.me" />
+	<target host="dougthorpe.us" />
+	<target host="dougwei.ch" />
+	<target host="dous.re" />
+	<target host="dov.li" />
+	<target host="dovetal.es" />
+	<target host="dovr.uk" />
+	<target host="dow.sh" />
+	<target host="dowc.co" />
+	<target host="dowel.info" />
+	<target host="dowk.uk" />
+	<target host="dowl.in" />
+	<target host="down.24hgame.vn" />
+	<target host="download.gq" />
+	<target host="download4k.ml" />
+	<target host="downloadhere.ml" />
+	<target host="dowsrey.co" />
+	<target host="dox.al" />
+	<target host="doyl.co" />
+	<target host="doyl.es" />
+	<target host="doyou.link" />
+	<target host="doza.it" />
+	<target host="dp.pe" />
+	<target host="dp6.bi" />
+	<target host="dpa.to" />
+	<target host="dpaige.co" />
+	<target host="dpal.me" />
+	<target host="dpaula.photo" />
+	<target host="dpbr.me" />
+	<target host="dpchm.de" />
+	<target host="dpcsignup.com" />
+	<target host="dpct.co" />
+	<target host="dpf.to" />
+	<target host="dph.re" />
+	<target host="dphrs.in" />
+	<target host="dpic.co" />
+	<target host="dpier.me" />
+	<target host="dpike.me" />
+	<target host="dpizza.co" />
+	<target host="dpkn.me" />
+	<target host="dplr.us" />
+	<target host="dplusg.co" />
+	<target host="dpm.gr" />
+	<target host="dpmca.mp" />
+	<target host="dpms.co" />
+	<target host="dpo.li" />
+	<target host="dpo.st" />
+	<target host="dpr.gtgn.co" />
+	<target host="dpr.to" />
+	<target host="dpsfy.co" />
+	<target host="dpsg.jobs" />
+	<target host="dpth.info" />
+	<target host="dpxt.us" />
+	<target host="dr00pb0x.com" />
+	<target host="dracc.us" />
+	<target host="drad.co" />
+	<target host="dragnf.ly" />
+	<target host="dragunov4k.ml" />
+	<target host="draken.link" />
+	<target host="drakene.ws" />
+	<target host="drama.id" />
+	<target host="draw.sx" />
+	<target host="drawbridge.link" />
+	<target host="drbbl.in" />
+	<target host="drbg.co" />
+	<target host="drbk.ws" />
+	<target host="drbq.co" />
+	<target host="drbrad.link" />
+	<target host="drchad.us" />
+	<target host="drclark.link" />
+	<target host="drct.me" />
+	<target host="drcyl.us" />
+	<target host="drd.life" />
+	<target host="drdan.co" />
+	<target host="drdn.mba" />
+	<target host="drdong.vn" />
+	<target host="drds.us" />
+	<target host="dreadshare.com" />
+	<target host="dreamatl.net" />
+	<target host="dreamcity.cc" />
+	<target host="dreemov.ml" />
+	<target host="drerin.co" />
+	<target host="drev.me" />
+	<target host="drew.cc" />
+	<target host="drexe.lu" />
+	<target host="drfir.st" />
+	<target host="drft.tips" />
+	<target host="drftbd.co" />
+	<target host="drg.io" />
+	<target host="drgdss.me" />
+	<target host="drgree.ne" />
+	<target host="drha.us" />
+	<target host="drhoades.us" />
+	<target host="dri.to" />
+	<target host="dri36max.ml" />
+	<target host="dri36mov.ml" />
+	<target host="drib.in" />
+	<target host="drif.tt" />
+	<target host="drift.to" />
+	<target host="drifta.rs" />
+	<target host="driftvlog.com" />
+	<target host="drikaart.es" />
+	<target host="drimov36.ga" />
+	<target host="drinkwi.co" />
+	<target host="drip.li" />
+	<target host="drive.oogle.gq" />
+	<target host="driveauto.group" />
+	<target host="drivingsal.es" />
+	<target host="drja.news" />
+	<target host="drjlp.com" />
+	<target host="drk.life" />
+	<target host="drkin.gs" />
+	<target host="drkul.id" />
+	<target host="drmatt.co" />
+	<target host="drmh.me" />
+	<target host="drmlm.me" />
+	<target host="drmtea.ch" />
+	<target host="drmworld.us" />
+	<target host="drnk.fun" />
+	<target host="drnk.ly" />
+	<target host="drnth.nl" />
+	<target host="dro.si" />
+	<target host="drob.photo" />
+	<target host="droidpr.es" />
+	<target host="dromar.us" />
+	<target host="drome.link" />
+	<target host="drone.skyop.com" />
+	<target host="dronebuy.club" />
+	<target host="drooble.ga" />
+	<target host="drop.deux.is" />
+	<target host="dropid.tk" />
+	<target host="drotek.io" />
+	<target host="drqorashi.ca" />
+	<target host="drrenee.co" />
+	<target host="drrnmllr.com" />
+	<target host="drsadaqat.info" />
+	<target host="drsamwill.is" />
+	<target host="drsimi.com" />
+	<target host="drspree.de" />
+	<target host="drudge.tw" />
+	<target host="drugch.nl" />
+	<target host="drugscrime.uk" />
+	<target host="drumb3.at" />
+	<target host="drummond.st" />
+	<target host="drvm.co" />
+	<target host="drvtht.pw" />
+	<target host="drwkp.me" />
+	<target host="drwl.co" />
+	<target host="drwrnrb.com" />
+	<target host="drybulk.info" />
+	<target host="dryn.cc" />
+	<target host="dryr.me" />
+	<target host="dryss.ml" />
+	<target host="ds.dijansali.hu" />
+	<target host="ds.gelteam.co" />
+	<target host="ds.tl" />
+	<target host="ds4ss.com" />
+	<target host="dsar.me" />
+	<target host="dsbc.me" />
+	<target host="dsc.co" />
+	<target host="dschultz.us" />
+	<target host="dschungelca.mp" />
+	<target host="dscpl.us" />
+	<target host="dscr.in" />
+	<target host="dscvrd.us" />
+	<target host="dscvrn.pt" />
+	<target host="dsdot.co" />
+	<target host="dse.live" />
+	<target host="dsft.co" />
+	<target host="dsgn.ly" />
+	<target host="dsgnbl.co" />
+	<target host="dsgnlal.us" />
+	<target host="dsgnrbox.com" />
+	<target host="dsgolf.co" />
+	<target host="dshan.co" />
+	<target host="dshaw.me" />
+	<target host="dshd.tk" />
+	<target host="dsin.co" />
+	<target host="dsinein.ch" />
+	<target host="dsja.me" />
+	<target host="dsl.so" />
+	<target host="dsm.la" />
+	<target host="dsm.li" />
+	<target host="dsmag.us" />
+	<target host="dsnews.me" />
+	<target host="dsnmtr.ir" />
+	<target host="dsny.co" />
+	<target host="dson.co" />
+	<target host="dsp-us.link" />
+	<target host="dspor.tv" />
+	<target host="dsr.gd" />
+	<target host="dsrpt.it" />
+	<target host="dsruptn.com" />
+	<target host="dsrv.it" />
+	<target host="dstas.me" />
+	<target host="dstlld.co" />
+	<target host="dstlr.co" />
+	<target host="dstnc.rs" />
+	<target host="dstny.cc" />
+	<target host="dstormmy.cf" />
+	<target host="dstr.in" />
+	<target host="dstudents.uk" />
+	<target host="dsu-id.us" />
+	<target host="dsuri.net" />
+	<target host="dsxn.de" />
+	<target host="dsy.mx" />
+	<target host="dsz.tokyo" />
+	<target host="dt.hunor.xyz" />
+	<target host="dt.ie" />
+	<target host="dt.teeslife.com" />
+	<target host="dta.adv.br" />
+	<target host="dta.to" />
+	<target host="dtap.co" />
+	<target host="dtavan.me" />
+	<target host="dtb.im" />
+	<target host="dtbl.org" />
+	<target host="dtbr.de" />
+	<target host="dtdg.co" />
+	<target host="dteddie.com" />
+	<target host="dtelinux.us" />
+	<target host="dtfash.tk" />
+	<target host="dthe.me" />
+	<target host="dthero.co" />
+	<target host="dtk.to" />
+	<target host="dtlg.co" />
+	<target host="dtnbrn.com" />
+	<target host="dtnow.co" />
+	<target host="dtns.ch" />
+	<target host="dto.io" />
+	<target host="dtomc.at" />
+	<target host="dtou.ch" />
+	<target host="dtrb.co" />
+	<target host="dtrekker.com" />
+	<target host="dtrez.com" />
+	<target host="dtrnsfr.us" />
+	<target host="dtrts.ca" />
+	<target host="dts.io" />
+	<target host="dtsh.me" />
+	<target host="dtsvip.com" />
+	<target host="dtt.me" />
+	<target host="dttd.in" />
+	<target host="dturbine.co" />
+	<target host="dtwv.io" />
+	<target host="dtx.li" />
+	<target host="du-it.cf" />
+	<target host="du.ignud.de" />
+	<target host="duat4khd.ml" />
+	<target host="dubb.co" />
+	<target host="dubc.hk" />
+	<target host="duchateau.work" />
+	<target host="duckl.it" />
+	<target host="duckrabb.it" />
+	<target host="ducttape.me" />
+	<target host="dude.aosvn.xyz" />
+	<target host="dudesha.red" />
+	<target host="dudesvie.ws" />
+	<target host="due.la" />
+	<target host="dueproc.es" />
+	<target host="duff.news" />
+	<target host="duffels4kids.us" />
+	<target host="dufy.ml" />
+	<target host="dug.cc" />
+	<target host="dugs.pub" />
+	<target host="duidlk.nl" />
+	<target host="duk.ma" />
+	<target host="dukefuqua.biz" />
+	<target host="dukefuqua.com" />
+	<target host="dulin.me" />
+	<target host="dulio.in" />
+	<target host="dum.tw" />
+	<target host="dumeh.ml" />
+	<target host="duna.vc" />
+	<target host="dunc.in" />
+	<target host="dundr.me" />
+	<target host="dunn.fun" />
+	<target host="dunn.it" />
+	<target host="dunn.lu" />
+	<target host="dunn.ly" />
+	<target host="duo.sc" />
+	<target host="duoestudio.link" />
+	<target host="duomomuebles.es" />
+	<target host="duositex.com" />
+	<target host="dupoux.co" />
+	<target host="dupr.ee" />
+	<target host="duran.io" />
+	<target host="durh.am" />
+	<target host="dust.to" />
+	<target host="dustn.ws" />
+	<target host="dusty.st" />
+	<target host="dutch.town" />
+	<target host="dutone.nl" />
+	<target host="duurza.me" />
+	<target host="duv.ly" />
+	<target host="dux.ai" />
+	<target host="dv-g.com" />
+	<target host="dv.goto.top" />
+	<target host="dv8.io" />
+	<target host="dv8.nl" />
+	<target host="dvadrt.co" />
+	<target host="dvbook.plus" />
+	<target host="dvdm.cc" />
+	<target host="dvdmov.ml" />
+	<target host="dvdnd.co" />
+	<target host="dvdv.kim" />
+	<target host="dvelo.me" />
+	<target host="dvie.ca" />
+	<target host="dvlp.cr" />
+	<target host="dvlphnt.co" />
+	<target host="dvlx.tk" />
+	<target host="dvnl.in" />
+	<target host="dvnty.org" />
+	<target host="dvo.lv" />
+	<target host="dvp.st" />
+	<target host="dvpr.es" />
+	<target host="dvps.me" />
+	<target host="dvps.pro" />
+	<target host="dvroof.com" />
+	<target host="dvrx.eu" />
+	<target host="dvs.digital" />
+	<target host="dvs.ninja" />
+	<target host="dvtthk.com" />
+	<target host="dvvbc.co" />
+	<target host="dvzyoshi.com" />
+	<target host="dw-1.net" />
+	<target host="dwaw.co.uk" />
+	<target host="dwb.es" />
+	<target host="dwb.pw" />
+	<target host="dwc.news" />
+	<target host="dwec.is" />
+	<target host="dwet.co" />
+	<target host="dwg.tips" />
+	<target host="dwh.gg" />
+	<target host="dwk.io" />
+	<target host="dwlng.st" />
+	<target host="dwmke.org" />
+	<target host="dwn.click" />
+	<target host="dwncff.com" />
+	<target host="dwnlnk.tk" />
+	<target host="dwov.in" />
+	<target host="dwp.link" />
+	<target host="dwpg.co" />
+	<target host="dwrk.in" />
+	<target host="dwrk.me" />
+	<target host="dwsh.co" />
+	<target host="dwsn.co" />
+	<target host="dwx.me" />
+	<target host="dx.im" />
+	<target host="dxdet.co" />
+	<target host="dxo.io" />
+	<target host="dxo.me" />
+	<target host="dxp.to" />
+	<target host="dxpr.es" />
+	<target host="dxtr.ly" />
+	<target host="dybk.tv" />
+	<target host="dycip.com" />
+	<target host="dyer.nz" />
+	<target host="dyete.ch" />
+	<target host="dyg.nu" />
+	<target host="dyhu.co" />
+	<target host="dykesa.me" />
+	<target host="dylan.la" />
+	<target host="dylan.yt" />
+	<target host="dyln.us" />
+	<target host="dyna.md" />
+	<target host="dyna.me" />
+	<target host="dynmq.com" />
+	<target host="dzdz.cz" />
+	<target host="dzj.io" />
+	<target host="dzotsi.com" />
+	<target host="dzp.link" />
+	<target host="dzurl.info" />
+	<target host="dzyn.biz" />
+	<target host="e-barr.com" />
+	<target host="e-cpa.com" />
+	<target host="e-idt.co" />
+	<target host="e-man.me" />
+	<target host="e-ml.nl" />
+	<target host="e-preneur.de" />
+	<target host="e-s-r.tk" />
+	<target host="e-shacho.info" />
+	<target host="e.at" />
+	<target host="e.bcauto.com" />
+	<target host="e.bchyundai.com" />
+	<target host="e.bcmazda.com" />
+	<target host="e.bja.lv" />
+	<target host="e.caine.in" />
+	<target host="e.chrisc.me" />
+	<target host="e.ddie.co" />
+	<target host="e.dinda.com.br" />
+	<target host="e.giuvlipen.com" />
+	<target host="e.go-greece.net" />
+	<target host="e.hansunggm.net" />
+	<target host="e.hoonie.kim" />
+	<target host="e.insideatb.net" />
+	<target host="e.kabarkota.com" />
+	<target host="e.lemcpa.us" />
+	<target host="e.lij.me" />
+	<target host="e.lipsi.us" />
+	<target host="e.lode.com.au" />
+	<target host="e.lr.vo6.info" />
+	<target host="e.mag2.com" />
+	<target host="e.my-day.co" />
+	<target host="e.nfiwh.at" />
+	<target host="e.ntd.tv" />
+	<target host="e.poko.lt" />
+	<target host="e.poolparty.ua" />
+	<target host="e.prisedi.cat" />
+	<target host="e.qenr.org" />
+	<target host="e.rubr.it" />
+	<target host="e.ryancowan.com" />
+	<target host="e.rzp.io" />
+	<target host="e.seosport.com" />
+	<target host="e.srf.to" />
+	<target host="e.teenbr.com.br" />
+	<target host="e.travelhit.xyz" />
+	<target host="e.xpo.today" />
+	<target host="e14t.ca" />
+	<target host="e2go.co" />
+	<target host="e2hosting.info" />
+	<target host="e2k.us" />
+	<target host="e360.link" />
+	<target host="e37.fr.nf" />
+	<target host="e3d.online" />
+	<target host="e3m.bz" />
+	<target host="e42.fr" />
+	<target host="e4e.ltd" />
+	<target host="e4i.me" />
+	<target host="e4k.tv" />
+	<target host="e59.co.uk" />
+	<target host="e61.be" />
+	<target host="e621.me" />
+	<target host="e85.io" />
+	<target host="e9url.com" />
+	<target host="ea4.me" />
+	<target host="ea4wa.us" />
+	<target host="eacdirectory.co" />
+	<target host="eacpds.link" />
+	<target host="eafnd.it" />
+	<target host="eag.gr" />
+	<target host="eag4m.es" />
+	<target host="eagl.es" />
+	<target host="ealfa.ro" />
+	<target host="ealink.in" />
+	<target host="eamcine.com" />
+	<target host="eamel.nl" />
+	<target host="ear.wf" />
+	<target host="eardistro.us" />
+	<target host="eargasmic.me" />
+	<target host="earnd.it" />
+	<target host="earnw.co" />
+	<target host="earthmaps.co" />
+	<target host="earv.in" />
+	<target host="ease.media" />
+	<target host="easil.link" />
+	<target host="eastlansi.ng" />
+	<target host="eastlund.buzz" />
+	<target host="easy-home.in" />
+	<target host="easy.cloudns.cx" />
+	<target host="easy2use.ml" />
+	<target host="easycarports.de" />
+	<target host="easycra.at" />
+	<target host="easyf.ly" />
+	<target host="easyprint.shop" />
+	<target host="easyte.ch" />
+	<target host="eat.ac" />
+	<target host="eat.marbled.la" />
+	<target host="eatbe.es" />
+	<target host="eatdr.in" />
+	<target host="eatdrnk.co" />
+	<target host="eatliv.es" />
+	<target host="eatlive.run" />
+	<target host="eaton.works" />
+	<target host="eatre.al" />
+	<target host="eatw.in" />
+	<target host="eauk.co" />
+	<target host="eawr.us" />
+	<target host="eaze.co" />
+	<target host="eazyprint.uk" />
+	<target host="eb-magic.com" />
+	<target host="eb.nu" />
+	<target host="eb.wtf" />
+	<target host="ebaum.it" />
+	<target host="ebay.to" />
+	<target host="ebbq.co" />
+	<target host="ebdest.in" />
+	<target host="ebia.co" />
+	<target host="ebks.to" />
+	<target host="ebm.do" />
+	<target host="ebm.im" />
+	<target host="ebnesina.ml" />
+	<target host="ebookne.ws" />
+	<target host="ebphd.co" />
+	<target host="ebreg.co.vu" />
+	<target host="ebri.us" />
+	<target host="ebrk.net" />
+	<target host="ebsm.co" />
+	<target host="ebw.to" />
+	<target host="ebx.io" />
+	<target host="ebx.sh" />
+	<target host="ebzinns.co" />
+	<target host="ebzr.tk" />
+	<target host="ec.delmarva.com" />
+	<target host="ecal.in" />
+	<target host="ecampusdot.com" />
+	<target host="ecard.ly" />
+	<target host="ecatholic.us" />
+	<target host="ecco.me" />
+	<target host="ece.tips" />
+	<target host="ecfc.co" />
+	<target host="ech.cc" />
+	<target host="ech.link" />
+	<target host="ech.pub" />
+	<target host="eci.pt" />
+	<target host="eclass.me" />
+	<target host="eclectic.iq" />
+	<target host="ecltn.co" />
+	<target host="ecmom.co" />
+	<target host="ecn.st" />
+	<target host="ecni.me" />
+	<target host="eco.so" />
+	<target host="eco4.me" />
+	<target host="ecode.li" />
+	<target host="ecok.it" />
+	<target host="ecom.me" />
+	<target host="econ.st" />
+	<target host="ecoott.ca" />
+	<target host="ecospip.org" />
+	<target host="ecosupp.ly" />
+	<target host="ecot.me" />
+	<target host="ecpmanager.com" />
+	<target host="ecreate.rocks" />
+	<target host="ecs.re" />
+	<target host="ecte.ch" />
+	<target host="ecume.run" />
+	<target host="ecw.co" />
+	<target host="ecwid.to" />
+	<target host="ed.geca.se" />
+	<target host="ed.sa" />
+	<target host="ed.tips" />
+	<target host="edapps.co" />
+	<target host="edapt.co" />
+	<target host="edball.uk" />
+	<target host="edc.to" />
+	<target host="edcnts.com" />
+	<target host="edcr8.co" />
+	<target host="edcrt.nl" />
+	<target host="edd.me" />
+	<target host="eddvs.com" />
+	<target host="ederic.ph" />
+	<target host="edfa3.ly" />
+	<target host="edfy.us" />
+	<target host="edg.im" />
+	<target host="edg.me" />
+	<target host="edg3.it" />
+	<target host="edge.ie" />
+	<target host="edge.navs.me" />
+	<target host="edge.pm" />
+	<target host="edgett.bc.ca" />
+	<target host="edgrip.in" />
+	<target host="edgy.bz" />
+	<target host="edhq.co" />
+	<target host="edibleco.de" />
+	<target host="edin.ac" />
+	<target host="edin.com" />
+	<target host="edini.ng" />
+	<target host="edisn.edison.se" />
+	<target host="edison.af" />
+	<target host="editorae.me" />
+	<target host="editoraj.us" />
+	<target host="ediva.me" />
+	<target host="ediwa.re" />
+	<target host="edk.io" />
+	<target host="edl.mn" />
+	<target host="edlp.club" />
+	<target host="edm.army" />
+	<target host="edmans.co" />
+	<target host="edmba.me" />
+	<target host="edmnw.com" />
+	<target host="edmu.in" />
+	<target host="ednfld.uk" />
+	<target host="ednxt.co" />
+	<target host="ednz.co" />
+	<target host="edog.link" />
+	<target host="edoha.us" />
+	<target host="edomasse.com" />
+	<target host="edp.is" />
+	<target host="edph.in" />
+	<target host="edpsych.us" />
+	<target host="edry.nyc" />
+	<target host="edscpnews.com" />
+	<target host="edsgn.it" />
+	<target host="edsm.co" />
+	<target host="edsurgedln.com" />
+	<target host="edsw.in" />
+	<target host="edt.im" />
+	<target host="edtch.co" />
+	<target host="edtech.team" />
+	<target host="edtechnerd.us" />
+	<target host="edtr.ie" />
+	<target host="edtr.ru" />
+	<target host="edtru.st" />
+	<target host="edu.acer.ac" />
+	<target host="edub.me" />
+	<target host="educiamo.ci" />
+	<target host="edugui.de" />
+	<target host="edukustann.us" />
+	<target host="edumac.us" />
+	<target host="edumero.biz" />
+	<target host="edut.to" />
+	<target host="edv.my" />
+	<target host="edwar.de" />
+	<target host="edwi.in" />
+	<target host="edwin.ytgoh.net" />
+	<target host="edwineuro.pe" />
+	<target host="edwk.it" />
+	<target host="eeco.at" />
+	<target host="eee.1n.pw" />
+	<target host="eeeeeats.it" />
+	<target host="eek.in" />
+	<target host="eels.co" />
+	<target host="eetv.la" />
+	<target host="eezy.ly" />
+	<target host="ef.id" />
+	<target host="efaith.co" />
+	<target host="efc.to" />
+	<target host="efcb.co" />
+	<target host="efctv.org" />
+	<target host="efcww.com" />
+	<target host="efectv.com" />
+	<target host="eff.mn" />
+	<target host="effect.ly" />
+	<target host="effgnt.co" />
+	<target host="efficient.so" />
+	<target host="effortlesssk.in" />
+	<target host="efghij.pfmes.ca" />
+	<target host="efhmusic.link" />
+	<target host="efj.tips" />
+	<target host="efkay.gq" />
+	<target host="efkstem.com" />
+	<target host="eflc.ca" />
+	<target host="eflor.es" />
+	<target host="eflori.st" />
+	<target host="efm.is" />
+	<target host="efm3.com" />
+	<target host="efn.me" />
+	<target host="efn.tv" />
+	<target host="efochesa.com" />
+	<target host="efroni.net" />
+	<target host="efuchs.me" />
+	<target host="eg.card24h.info" />
+	<target host="eg0.ca" />
+	<target host="eg17.la" />
+	<target host="ega.la" />
+	<target host="egcl.de" />
+	<target host="egd.cat" />
+	<target host="egiles.me" />
+	<target host="egkw.co" />
+	<target host="egl.to" />
+	<target host="eglasser.us" />
+	<target host="eglx.us" />
+	<target host="egm.io" />
+	<target host="egmd.co" />
+	<target host="egmont.uk" />
+	<target host="ego.pe" />
+	<target host="egow.al" />
+	<target host="egress.co" />
+	<target host="egrvs.com" />
+	<target host="egzwl.de" />
+	<target host="eh.digital" />
+	<target host="eh.ly" />
+	<target host="ehb.yt" />
+	<target host="ehdree.com" />
+	<target host="ehf.nz" />
+	<target host="ehis.me" />
+	<target host="ehj.land" />
+	<target host="ehomez.org" />
+	<target host="ehour.me" />
+	<target host="ehpl.us" />
+	<target host="eht.social" />
+	<target host="ei.nl" />
+	<target host="eickit.help" />
+	<target host="eid.sh" />
+	<target host="eif.buzz" />
+	<target host="eikn.ch" />
+	<target host="einf.ch" />
+	<target host="einspru.ch" />
+	<target host="eios.us" />
+	<target host="eirenus.ml" />
+	<target host="eisenrith.org" />
+	<target host="eisir.co" />
+	<target host="eitaro.ml" />
+	<target host="eizy.ga" />
+	<target host="ejam.my" />
+	<target host="ejemp.la" />
+	<target host="ejmag.co" />
+	<target host="ejnt.co" />
+	<target host="ejrdm.uk" />
+	<target host="ejuden.me" />
+	<target host="ejus.tc" />
+	<target host="ejy.co" />
+	<target host="ekast.gr" />
+	<target host="ekc.me" />
+	<target host="ekcep.us" />
+	<target host="ekd.be" />
+	<target host="ekgo.me" />
+	<target host="ekimhsa.us" />
+	<target host="ekit.org.uk" />
+	<target host="ekma.co" />
+	<target host="ekol.me" />
+	<target host="ektgn.eu" />
+	<target host="ekureci.com" />
+	<target host="ekz.link" />
+	<target host="el.gradea.ca" />
+	<target host="el.report" />
+	<target host="elaf.mobi" />
+	<target host="elancs.cc" />
+	<target host="elast.co" />
+	<target host="elbs.me" />
+	<target host="elbw.me" />
+	<target host="elco.in" />
+	<target host="eldece.tk" />
+	<target host="elder.expert" />
+	<target host="elec.ie" />
+	<target host="electrici.mp" />
+	<target host="elee.sh" />
+	<target host="elefant.es" />
+	<target host="elefant.sale" />
+	<target host="eleicoes.me" />
+	<target host="elem138.com" />
+	<target host="element.ht" />
+	<target host="elementgam.es" />
+	<target host="elevatechr.ch" />
+	<target host="elevation.is" />
+	<target host="elexpert.me" />
+	<target host="elfi.sh" />
+	<target host="elford.uk" />
+	<target host="elfrn.co" />
+	<target host="elftree.co" />
+	<target host="elgnts.nl" />
+	<target host="elgour.me" />
+	<target host="elhomb.re" />
+	<target host="eli.bz" />
+	<target host="elik.es" />
+	<target host="elipho.to" />
+	<target host="elisa.to" />
+	<target host="elixr.cc" />
+	<target host="eliz.is" />
+	<target host="ella.xyz" />
+	<target host="ellen.tv" />
+	<target host="ellens.co" />
+	<target host="ellerslie.us" />
+	<target host="ellin.us" />
+	<target host="elliots.co" />
+	<target host="ellis.li" />
+	<target host="ellory.us" />
+	<target host="ellu.me" />
+	<target host="elmnt.io" />
+	<target host="elmntcf.it" />
+	<target host="eln1no.ml" />
+	<target host="elnk.it" />
+	<target host="elo7.me" />
+	<target host="elpo.in" />
+	<target host="elpto.ga" />
+	<target host="elr.io" />
+	<target host="elrn.in" />
+	<target host="elrn.vc" />
+	<target host="elsat.ch" />
+	<target host="else.do" />
+	<target host="elshoe.co" />
+	<target host="elst.es" />
+	<target host="elstcp.at" />
+	<target host="elt.me" />
+	<target host="elthy.me" />
+	<target host="eltonl.in" />
+	<target host="eluni.mx" />
+	<target host="elv.gg" />
+	<target host="elvira.link" />
+	<target host="elvtn.co" />
+	<target host="elvtng.ht" />
+	<target host="elx.bet" />
+	<target host="elx1.bet" />
+	<target host="ely.sm" />
+	<target host="em.ge" />
+	<target host="em.meo.pt" />
+	<target host="em.ptemp.pt" />
+	<target host="em360.tech" />
+	<target host="em60.nl" />
+	<target host="emacco.us" />
+	<target host="emailbills.com" />
+	<target host="emails.tips" />
+	<target host="emakeup.love" />
+	<target host="eman.tht.re" />
+	<target host="emand.ro" />
+	<target host="embala4k.tk" />
+	<target host="embr.li" />
+	<target host="embracelife.co" />
+	<target host="embrio.xyz" />
+	<target host="embrwb.link" />
+	<target host="embt.co" />
+	<target host="emceemelv.in" />
+	<target host="emcn.ga" />
+	<target host="emeasu.re" />
+	<target host="emfrc.ca" />
+	<target host="emg.tw" />
+	<target host="emgo.al" />
+	<target host="emh.cc" />
+	<target host="emilio.onl" />
+	<target host="emily.gift" />
+	<target host="emilyley.co" />
+	<target host="emilyloula.uk" />
+	<target host="emjb.us" />
+	<target host="emktr.co" />
+	<target host="emma.fyi" />
+	<target host="emma.party" />
+	<target host="emmcom.co" />
+	<target host="emmi.co" />
+	<target host="emmie.me" />
+	<target host="emne.ws" />
+	<target host="emob.co" />
+	<target host="emoji.as" />
+	<target host="emonight.la" />
+	<target host="emonite.la" />
+	<target host="emoy.ml" />
+	<target host="emp.fyi" />
+	<target host="emplaw.co" />
+	<target host="employ.plus" />
+	<target host="empoideas.com" />
+	<target host="empower.tips" />
+	<target host="empuss.com" />
+	<target host="empw.ca" />
+	<target host="empwer.us" />
+	<target host="empwr.xyz" />
+	<target host="emr.ca" />
+	<target host="emrktr.co" />
+	<target host="emrld.co" />
+	<target host="emsidata.com" />
+	<target host="emt.im" />
+	<target host="emt.io" />
+	<target host="emul.in" />
+	<target host="emulin.me" />
+	<target host="emulin.xyz" />
+	<target host="emulinamd.co" />
+	<target host="emused.me" />
+	<target host="emuz.us" />
+	<target host="emvie.ws" />
+	<target host="emvn.co" />
+	<target host="emwil.es" />
+	<target host="emye.us" />
+	<target host="en-gb.loak.org" />
+	<target host="en.an-zero.com" />
+	<target host="en.clave.cc" />
+	<target host="en.crupzi.com" />
+	<target host="en.gf134.com.es" />
+	<target host="en.m-nicolay.de" />
+	<target host="en.smdani.com" />
+	<target host="en.tc" />
+	<target host="en.villeta.info" />
+	<target host="en.viss.tv" />
+	<target host="en4k.ga" />
+	<target host="en4k.ml" />
+	<target host="enakan.ml" />
+	<target host="enc.sg" />
+	<target host="encmp.as" />
+	<target host="encnt.se" />
+	<target host="encolh.eu" />
+	<target host="encores.me" />
+	<target host="encouraged.biz" />
+	<target host="enctr.co" />
+	<target host="end.pr" />
+	<target host="end.rs" />
+	<target host="enda.run" />
+	<target host="endg.me" />
+	<target host="endgra.in" />
+	<target host="endi.co.tt" />
+	<target host="endo-us.link" />
+	<target host="endpol.io" />
+	<target host="endsi.net" />
+	<target host="endsp.am" />
+	<target host="endzone.me" />
+	<target host="ene.co" />
+	<target host="enemy.yt" />
+	<target host="energycut.info" />
+	<target host="enerji.co" />
+	<target host="enex.is" />
+	<target host="eney.xyz" />
+	<target host="enf.mx" />
+	<target host="enforb.es" />
+	<target host="eng.hockey" />
+	<target host="engayged.link" />
+	<target host="engel.pics" />
+	<target host="english.sc" />
+	<target host="engr.it" />
+	<target host="engr.life" />
+	<target host="engrave.co" />
+	<target host="engri.sh" />
+	<target host="engt.co" />
+	<target host="enhan.co" />
+	<target host="enhancingliv.es" />
+	<target host="enil.us" />
+	<target host="enjoei.de" />
+	<target host="enjoyhd.ml" />
+	<target host="enjoyinhd.ml" />
+	<target host="enjy.it" />
+	<target host="enl.cl" />
+	<target host="enlghtn.me" />
+	<target host="enm.ax" />
+	<target host="enm.link" />
+	<target host="enmar.ch" />
+	<target host="enmc.tk" />
+	<target host="eno.ug" />
+	<target host="enow.software" />
+	<target host="enq.actcall.jp" />
+	<target host="enqueue.info" />
+	<target host="enr.gy" />
+	<target host="enrgy.co" />
+	<target host="enri.se" />
+	<target host="ens.fyi" />
+	<target host="ensfr.co" />
+	<target host="ensy.st" />
+	<target host="ent1.tk" />
+	<target host="ent27.27e.co" />
+	<target host="entameclip.link" />
+	<target host="enterw.in" />
+	<target host="enth.to" />
+	<target host="entherapy.biz" />
+	<target host="entpa.as" />
+	<target host="entradas.top" />
+	<target host="entries.me" />
+	<target host="entrtnmnt.com" />
+	<target host="entsale.co" />
+	<target host="entyb.com" />
+	<target host="env.is" />
+	<target host="enva.im" />
+	<target host="enveemia.com" />
+	<target host="envertent.com" />
+	<target host="envigor.link" />
+	<target host="envoc.io" />
+	<target host="envs.co" />
+	<target host="envt.in" />
+	<target host="envy.im" />
+	<target host="envz.in" />
+	<target host="enyc.co" />
+	<target host="eo.eo-musik.de" />
+	<target host="eo3.fit" />
+	<target host="eo66.co" />
+	<target host="eoa.cl" />
+	<target host="eofire.co" />
+	<target host="eomn.org" />
+	<target host="eone.solutions" />
+	<target host="eonli.ne" />
+	<target host="eonsoftware.io" />
+	<target host="eors.us" />
+	<target host="eoszak.me" />
+	<target host="eotir.link" />
+	<target host="eotours.co" />
+	<target host="eozy.us" />
+	<target host="ep.lendlea.se" />
+	<target host="ep915.co" />
+	<target host="epayne.me" />
+	<target host="epckrs.link" />
+	<target host="epclmn.co" />
+	<target host="epcpa.us" />
+	<target host="epdn.co" />
+	<target host="epen.is" />
+	<target host="epgui.de" />
+	<target host="ephemer.is" />
+	<target host="epi.is" />
+	<target host="epi.ph" />
+	<target host="epi.to" />
+	<target host="epic.dog" />
+	<target host="epic.tips" />
+	<target host="epic.toys" />
+	<target host="epicinfo.co" />
+	<target host="epicking.top" />
+	<target host="epigr.am" />
+	<target host="epires.me" />
+	<target host="episnyd.io" />
+	<target host="episode-1.ga" />
+	<target host="episode-hd.cf" />
+	<target host="episode.gq" />
+	<target host="epj.cloud" />
+	<target host="epnt.in" />
+	<target host="epoca.tech" />
+	<target host="epos.ly" />
+	<target host="epp.org" />
+	<target host="eppingcr.uk" />
+	<target host="epro.marketing" />
+	<target host="epseo.us" />
+	<target host="epst.uk" />
+	<target host="epste.in" />
+	<target host="ept.ms" />
+	<target host="eptx.co" />
+	<target host="epud.news" />
+	<target host="epuk.info" />
+	<target host="epul.ml" />
+	<target host="eputra.net" />
+	<target host="epw.me" />
+	<target host="epx.me.uk" />
+	<target host="epx.ms" />
+	<target host="epxflr.tk" />
+	<target host="epyltr.in" />
+	<target host="eqb.me" />
+	<target host="eqf.org" />
+	<target host="eqfx.co" />
+	<target host="eqh.to" />
+	<target host="eqi.md" />
+	<target host="eqix.it" />
+	<target host="eqnx.in" />
+	<target host="eqter.ms" />
+	<target host="eqtm.co" />
+	<target host="equals.agency" />
+	<target host="equi.link" />
+	<target host="equid.la" />
+	<target host="equt.org" />
+	<target host="eqwd.co" />
+	<target host="er.collab.st" />
+	<target host="er24.joburg" />
+	<target host="era-wakacji.pl" />
+	<target host="erati.me" />
+	<target host="erayymz.com" />
+	<target host="erdo.ga" />
+	<target host="ereena.info" />
+	<target host="ergo.zone" />
+	<target host="ergoba.by" />
+	<target host="ergsu.re" />
+	<target host="eri.ma" />
+	<target host="eric.ly" />
+	<target host="eric.mx" />
+	<target host="erickdavid.work" />
+	<target host="ericm.hopto.org" />
+	<target host="ericn.us" />
+	<target host="erics.tv" />
+	<target host="erict.co" />
+	<target host="ericwilson.ws" />
+	<target host="erik.gs" />
+	<target host="erikm.nl" />
+	<target host="erikshar.es" />
+	<target host="erikump.com" />
+	<target host="erin.vip" />
+	<target host="erinjo.me" />
+	<target host="erinrealtor.com" />
+	<target host="eris.im" />
+	<target host="erj.life" />
+	<target host="erk3.us" />
+	<target host="erkamp.me" />
+	<target host="erkurt.co" />
+	<target host="erlc.co" />
+	<target host="erm.yt" />
+	<target host="ernb.ac" />
+	<target host="ernestcole.co" />
+	<target host="ernieb.al" />
+	<target host="ernwe.st" />
+	<target host="eroglu.ca" />
+	<target host="erp.to" />
+	<target host="ersan.gq" />
+	<target host="ertan.me" />
+	<target host="erthx.pl" />
+	<target host="erwin.me" />
+	<target host="es-ca.gq" />
+	<target host="es.pn" />
+	<target host="es2.co" />
+	<target host="es34.co" />
+	<target host="esa.mx" />
+	<target host="esade.me" />
+	<target host="esalink.info" />
+	<target host="esau.social" />
+	<target host="esbn.ml" />
+	<target host="esc.re" />
+	<target host="esc.technology" />
+	<target host="esc.to" />
+	<target host="escapology.me" />
+	<target host="escentu.al" />
+	<target host="escoh.io" />
+	<target host="escpeuro.pe" />
+	<target host="escr.it" />
+	<target host="esct.co" />
+	<target host="esel.cc" />
+	<target host="esencia.link" />
+	<target host="esenshop.net" />
+	<target host="eseoe.se" />
+	<target host="eset.la" />
+	<target host="esf.link" />
+	<target host="esg.li" />
+	<target host="eshne.ws" />
+	<target host="eshop.in.net" />
+	<target host="eshop.roup.eu" />
+	<target host="esifil.in" />
+	<target host="esigns4.us" />
+	<target host="eski.be" />
+	<target host="eskifoca.net" />
+	<target host="eskis.kitchen" />
+	<target host="esky.city" />
+	<target host="esl.gg" />
+	<target host="esma.at" />
+	<target host="esmuy.cool" />
+	<target host="esn.im" />
+	<target host="esn.tl" />
+	<target host="eso.massyx.de" />
+	<target host="eso.qld.gov.au" />
+	<target host="esote.ch" />
+	<target host="espd.gg" />
+	<target host="espinafre.se" />
+	<target host="esprtsdsk.com" />
+	<target host="esr.cc" />
+	<target host="essen.social" />
+	<target host="essia.co" />
+	<target host="est.gratis" />
+	<target host="est.mx" />
+	<target host="est29.xyz" />
+	<target host="estac.io" />
+	<target host="estee.cm" />
+	<target host="estella.link" />
+	<target host="estes.pw" />
+	<target host="esti.be" />
+	<target host="estmatic.net" />
+	<target host="estoestele.tv" />
+	<target host="estr.news" />
+	<target host="estream.ch" />
+	<target host="ests.us" />
+	<target host="estudio.click" />
+	<target host="estudio.live" />
+	<target host="estyteam.com" />
+	<target host="esys.xyz" />
+	<target host="et.gy" />
+	<target host="et.tv" />
+	<target host="etai.us" />
+	<target host="etb.ht" />
+	<target host="etc.tf" />
+	<target host="etcusc.co" />
+	<target host="ete.buzz" />
+	<target host="etel.io" />
+	<target host="etel.net" />
+	<target host="eternamovie.tk" />
+	<target host="etf.as" />
+	<target host="etfm.eu" />
+	<target host="etherbit.co" />
+	<target host="ethi.as" />
+	<target host="ethio.be" />
+	<target host="ethiop.me" />
+	<target host="ethnicsmart.in" />
+	<target host="ethnicsmart.org" />
+	<target host="ethnigo.in" />
+	<target host="ethosapp.me" />
+	<target host="ethr.ee" />
+	<target host="ethree.xyz" />
+	<target host="ethx.me" />
+	<target host="eti.ae" />
+	<target host="etios.ml" />
+	<target host="etk.pw" />
+	<target host="etn.li" />
+	<target host="etn17.co" />
+	<target host="eto.bb" />
+	<target host="etoro.tw" />
+	<target host="etr.my" />
+	<target host="etrip.link" />
+	<target host="etrn.ws" />
+	<target host="etrux.es" />
+	<target host="etsm.tl" />
+	<target host="etsy.me" />
+	<target host="etsy.studio" />
+	<target host="etw.li" />
+	<target host="eu.oheuaqui.com" />
+	<target host="eu.vitalizei.me" />
+	<target host="eu1.tv" />
+	<target host="euau.to" />
+	<target host="euge.in" />
+	<target host="euin.jp" />
+	<target host="euler.vc" />
+	<target host="eulr.co" />
+	<target host="eumies.link" />
+	<target host="eun.io" />
+	<target host="eur.pe" />
+	<target host="eurl.tv" />
+	<target host="euro.gifts" />
+	<target host="eurowin.gs" />
+	<target host="eusb.me" />
+	<target host="euv.immo" />
+	<target host="ev-end.com" />
+	<target host="ev.ff.com" />
+	<target host="ev.fyi" />
+	<target host="ev.sg" />
+	<target host="evakad.de" />
+	<target host="evalectric.us" />
+	<target host="evalua.gent" />
+	<target host="evangb.top" />
+	<target host="evank.im" />
+	<target host="evansun.com" />
+	<target host="evazils.com" />
+	<target host="evbr.uk" />
+	<target host="evcon.me" />
+	<target host="eventbuzz.me" />
+	<target host="eventful.link" />
+	<target host="eventmb.com" />
+	<target host="eventp.tv" />
+	<target host="events.mjcv.net" />
+	<target host="eventshigh.me" />
+	<target host="eventt.us" />
+	<target host="everde.me" />
+	<target host="evernote.link" />
+	<target host="evernote.pro" />
+	<target host="every.tw" />
+	<target host="everysi.de" />
+	<target host="evesun.co" />
+	<target host="evfree.cc" />
+	<target host="evhc.co" />
+	<target host="evi.nz" />
+	<target host="evidcl.co" />
+	<target host="evidens.link" />
+	<target host="evil.school" />
+	<target host="evilan.gl" />
+	<target host="evilh.at" />
+	<target host="eviluminate.xyz" />
+	<target host="evk.onl" />
+	<target host="evkitch.com" />
+	<target host="evl.io" />
+	<target host="evlrecip.es" />
+	<target host="evmt.red" />
+	<target host="evmtn.uk" />
+	<target host="evmv.me" />
+	<target host="evn.am" />
+	<target host="evn.tc" />
+	<target host="evnt.bz" />
+	<target host="evnt.ws" />
+	<target host="evntsrc.ca" />
+	<target host="evodome.co" />
+	<target host="evol.vet" />
+	<target host="evolent.health" />
+	<target host="evolv.ly" />
+	<target host="evolveacm.com" />
+	<target host="evolvur.biz" />
+	<target host="evpl.eu" />
+	<target host="evrgrn.me" />
+	<target host="evrln.co" />
+	<target host="evs.so" />
+	<target host="evsl.io" />
+	<target host="evth.in" />
+	<target host="evts.at" />
+	<target host="evts.io" />
+	<target host="ewc.deals" />
+	<target host="ewen.be" />
+	<target host="ewh.si" />
+	<target host="ewhizz.click" />
+	<target host="ewl.lt" />
+	<target host="ewmag.ca" />
+	<target host="ewmcdonald.com" />
+	<target host="ewn.news" />
+	<target host="ewrks.co" />
+	<target host="ews.link" />
+	<target host="ex.bargains" />
+	<target host="ex4a.uk" />
+	<target host="exaact.at" />
+	<target host="exablox.io" />
+	<target host="examcr.am" />
+	<target host="exas.co" />
+	<target host="exb.us" />
+	<target host="excellence.life" />
+	<target host="exclusivo.ga" />
+	<target host="excoup.uk" />
+	<target host="exex.link" />
+	<target host="exitco.uk" />
+	<target host="exjlux.news" />
+	<target host="exmn.me" />
+	<target host="exn.io" />
+	<target host="exne.ws" />
+	<target host="exo.co" />
+	<target host="exo.ph" />
+	<target host="exobo.lt" />
+	<target host="exosk.in" />
+	<target host="exp.st" />
+	<target host="expandcart.info" />
+	<target host="expedivisa.co" />
+	<target host="exper.chat" />
+	<target host="explo.in" />
+	<target host="exploremy.world" />
+	<target host="explr.it" />
+	<target host="explstl.us" />
+	<target host="expmo.re" />
+	<target host="exponential.cc" />
+	<target host="expor.co" />
+	<target host="exposure.mobi" />
+	<target host="expr.tv" />
+	<target host="expres.co" />
+	<target host="express-wifi.co" />
+	<target host="exprt.co" />
+	<target host="exps.in" />
+	<target host="expsikhi.tk" />
+	<target host="exqui.sh" />
+	<target host="exs.ph" />
+	<target host="ext.re" />
+	<target host="exte.ch" />
+	<target host="extr.co" />
+	<target host="extra.cr" />
+	<target host="extra.vc" />
+	<target host="extrabokeh.com" />
+	<target host="extrafloris.com" />
+	<target host="exus.cf" />
+	<target host="exxonandmobil.co" />
+	<target host="exxonmobil.co" />
+	<target host="ey.io" />
+	<target host="eya.io" />
+	<target host="eyct.ch" />
+	<target host="eye.cr" />
+	<target host="eye.gd" />
+	<target host="eyeb.ee" />
+	<target host="eyecheck.io" />
+	<target host="eyeem.ai" />
+	<target host="eyelig.ht" />
+	<target host="eyem.ag" />
+	<target host="eyenov.at" />
+	<target host="eyeoh.co" />
+	<target host="eyoffie.co" />
+	<target host="ezclt.co" />
+	<target host="ezctr.co" />
+	<target host="ezd.link" />
+	<target host="eze.im" />
+	<target host="ezen.fyi" />
+	<target host="ezh.li" />
+	<target host="ezly.do" />
+	<target host="ezpis.ga" />
+	<target host="ezpost.me" />
+	<target host="ezra.cf" />
+	<target host="ezszn.com" />
+	<target host="ezteam.us" />
+	<target host="ezwdt.co" />
+	<target host="f-led.eu" />
+	<target host="f-ox.co" />
+	<target host="f-p.us" />
+	<target host="f-t.site" />
+	<target host="f.5.ua" />
+	<target host="f.a40.de" />
+	<target host="f.airtet.in" />
+	<target host="f.ajf3.me" />
+	<target host="f.bog.ge" />
+	<target host="f.channelape.io" />
+	<target host="f.cov.church" />
+	<target host="f.crbb.ru" />
+	<target host="f.day.az" />
+	<target host="f.denaes.es" />
+	<target host="f.dng.pw" />
+	<target host="f.eeder.co.il" />
+	<target host="f.farias.cc" />
+	<target host="f.ff-f.co" />
+	<target host="f.hollr.in" />
+	<target host="f.j81.nl" />
+	<target host="f.jdhgroup.com" />
+	<target host="f.linmans.net" />
+	<target host="f.lumo.us" />
+	<target host="f.mmportal.info" />
+	<target host="f.musthari.me" />
+	<target host="f.njpc.it" />
+	<target host="f.noltelauth.de" />
+	<target host="f.prankdial.com" />
+	<target host="f.ranchi.se" />
+	<target host="f.recuerdos.me" />
+	<target host="f.rmnjsk.com" />
+	<target host="f.rueping.email" />
+	<target host="f.s-c.pw" />
+	<target host="f.tmzio.org" />
+	<target host="f.zmole.ro" />
+	<target host="f0x.nl" />
+	<target host="f1.a1le.bz" />
+	<target host="f1.com" />
+	<target host="f101.co" />
+	<target host="f12.link" />
+	<target host="f1gate.co" />
+	<target host="f1n.co.uk" />
+	<target host="f1podcast.nl" />
+	<target host="f1q.co" />
+	<target host="f2sfl.com" />
+	<target host="f3.debuglix.de" />
+	<target host="f32.co" />
+	<target host="f3d.it" />
+	<target host="f3d.tel" />
+	<target host="f3dp.co" />
+	<target host="f400.info" />
+	<target host="f41.link" />
+	<target host="f4a.tv" />
+	<target host="f4d.co" />
+	<target host="f52.co" />
+	<target host="f59.co" />
+	<target host="f64.tips" />
+	<target host="f66.io" />
+	<target host="f69live.tk" />
+	<target host="f6l.co" />
+	<target host="f72.io" />
+	<target host="f7it.com" />
+	<target host="f80s.com" />
+	<target host="f85.fr" />
+	<target host="fa.binho.org" />
+	<target host="fa.lcon.me" />
+	<target host="fa.lk" />
+	<target host="fa2v.com" />
+	<target host="faac.ec" />
+	<target host="fabb.lu" />
+	<target host="fabbeat.us" />
+	<target host="fabdom.bid" />
+	<target host="fabricecarle.fr" />
+	<target host="fac.legal" />
+	<target host="faca.mp" />
+	<target host="faccums.co" />
+	<target host="facdev.co" />
+	<target host="facemfa.xyz" />
+	<target host="facetsj.com" />
+	<target host="fact.so" />
+	<target host="factcheck.my" />
+	<target host="facteurh.org" />
+	<target host="factory.market" />
+	<target host="factura.net" />
+	<target host="fadhi.la" />
+	<target host="fadra.me" />
+	<target host="faery.cf" />
+	<target host="faesa.cf" />
+	<target host="faesmi.it" />
+	<target host="fah.life" />
+	<target host="fahad.to" />
+	<target host="fai.li" />
+	<target host="fail.by" />
+	<target host="fairb.at" />
+	<target host="fairpr.net" />
+	<target host="fairtrd.us" />
+	<target host="faithbrid.ge" />
+	<target host="faithwork.us" />
+	<target host="faiz.cc" />
+	<target host="fajit.as" />
+	<target host="fak.at" />
+	<target host="fakbyfak.me" />
+	<target host="faktum.gmbh" />
+	<target host="falb.me" />
+	<target host="falls.co" />
+	<target host="falpn.ch" />
+	<target host="fam.ag" />
+	<target host="fam4he.al" />
+	<target host="familymov.ml" />
+	<target host="familypet.us" />
+	<target host="familyte.ch" />
+	<target host="familytr.ee" />
+	<target host="familywize.io" />
+	<target host="famlaw.co" />
+	<target host="famv.in" />
+	<target host="famvin.net.pl" />
+	<target host="fan.cards" />
+	<target host="fan.school" />
+	<target host="fanba.se" />
+	<target host="fancy.film" />
+	<target host="fand.in" />
+	<target host="fandan.co" />
+	<target host="fandangofix.ml" />
+	<target host="fandangofox.ml" />
+	<target host="fandangoweb.ml" />
+	<target host="fandh.law" />
+	<target host="fandl.pw" />
+	<target host="fandom.deals" />
+	<target host="fandom.fashion" />
+	<target host="fandp.online" />
+	<target host="fandw.me" />
+	<target host="fani.mobi" />
+	<target host="fanlit.net" />
+	<target host="fanpr.in" />
+	<target host="fanwagon.us" />
+	<target host="fanwi.de" />
+	<target host="fanz.ly" />
+	<target host="farih.ga" />
+	<target host="farinelli.co" />
+	<target host="farm.rs" />
+	<target host="farmbit.link" />
+	<target host="farmhou.se" />
+	<target host="farmwood.info" />
+	<target host="farnam.systems" />
+	<target host="farnian.ir" />
+	<target host="farq.ca" />
+	<target host="faryne.at" />
+	<target host="fashionr.lv" />
+	<target host="fasm.co.uk" />
+	<target host="fasnastic.xyz" />
+	<target host="fasrc.us" />
+	<target host="fassi.ws" />
+	<target host="fast.to" />
+	<target host="fastly.us" />
+	<target host="fasttracks.info" />
+	<target host="fatboy.tk" />
+	<target host="fatfra.me" />
+	<target host="fatfrog.us" />
+	<target host="fatpacket.me" />
+	<target host="fatravel.de" />
+	<target host="fatv.la" />
+	<target host="fav.zaplink.us" />
+	<target host="favd.xyz" />
+	<target host="fave.co" />
+	<target host="faverman.com" />
+	<target host="favmovhd.ml" />
+	<target host="favn.ir" />
+	<target host="favoritehd.ml" />
+	<target host="favro.link" />
+	<target host="favz.me" />
+	<target host="faw.li" />
+	<target host="faz.link" />
+	<target host="fb.abt.co.ro" />
+	<target host="fb.airdo.jp" />
+	<target host="fb.anhc.mx" />
+	<target host="fb.apnadesi.net" />
+	<target host="fb.bmw.at" />
+	<target host="fb.brayola.com" />
+	<target host="fb.buzzt.at" />
+	<target host="fb.careers" />
+	<target host="fb.cbs5az.com" />
+	<target host="fb.events" />
+	<target host="fb.flip.hu" />
+	<target host="fb.forzausa.co" />
+	<target host="fb.ge" />
+	<target host="fb.iinntt.com" />
+	<target host="fb.kpr.nu" />
+	<target host="fb.longhand.hu" />
+	<target host="fb.mini.at" />
+	<target host="fb.mizote.net" />
+	<target host="fb.mljba.fr" />
+	<target host="fb.mobiistar.vn" />
+	<target host="fb.nosiboo.com" />
+	<target host="fb.parto.in" />
+	<target host="fb.smartnews.bg" />
+	<target host="fb.tele2.ee" />
+	<target host="fb.trmb.co" />
+	<target host="fb.uanhc.net" />
+	<target host="fbc.cm" />
+	<target host="fbc.im" />
+	<target host="fbcn.biz" />
+	<target host="fbcrh.us" />
+	<target host="fbcstum.in" />
+	<target host="fbd.sh" />
+	<target host="fbda.co" />
+	<target host="fbdblog.co" />
+	<target host="fbf.im" />
+	<target host="fbgo.uk" />
+	<target host="fbk.today" />
+	<target host="fbkoralky.cz" />
+	<target host="fblnk.co" />
+	<target host="fblo.co" />
+	<target host="fbmovie.ml" />
+	<target host="fborn.co" />
+	<target host="fboxx.net" />
+	<target host="fbpe.co" />
+	<target host="fbph.us" />
+	<target host="fbpro.co" />
+	<target host="fbrd.co" />
+	<target host="fbrk.net" />
+	<target host="fbrogers.co" />
+	<target host="fbs2018.com" />
+	<target host="fbx.bz" />
+	<target host="fbxak.co" />
+	<target host="fc-pt.com" />
+	<target host="fc.care" />
+	<target host="fcash.co" />
+	<target host="fcatha.la" />
+	<target host="fcc.im" />
+	<target host="fcc.re" />
+	<target host="fce.gg" />
+	<target host="fchat.se" />
+	<target host="fchusj.org" />
+	<target host="fcig.com.au" />
+	<target host="fcity.co" />
+	<target host="fcj.me" />
+	<target host="fck.me" />
+	<target host="fckr.us" />
+	<target host="fclav.es" />
+	<target host="fcle.es" />
+	<target host="fcm.link" />
+	<target host="fcnews.tv" />
+	<target host="fco.wtf" />
+	<target host="fcps.cm" />
+	<target host="fcs.co.at" />
+	<target host="fcsb.us" />
+	<target host="fcstr.com" />
+	<target host="fcsvitm.in" />
+	<target host="fcsys.co" />
+	<target host="fctn.me" />
+	<target host="fctv.social" />
+	<target host="fcv.rocks" />
+	<target host="fda.sh" />
+	<target host="fdbo.is" />
+	<target host="fdct.me" />
+	<target host="fdgtl.co" />
+	<target host="fdh.rocks" />
+	<target host="fdhl.co" />
+	<target host="fdirect.co" />
+	<target host="fdly.me" />
+	<target host="fdnd.eu" />
+	<target host="fdol.pl" />
+	<target host="fdot.tips" />
+	<target host="fdr.li" />
+	<target host="fdri.co" />
+	<target host="fds.ht" />
+	<target host="fdscp.com" />
+	<target host="fdseri.es" />
+	<target host="fdshort.com" />
+	<target host="fdsj.nl" />
+	<target host="fdsn.fish" />
+	<target host="fdun.tk" />
+	<target host="fdv.im" />
+	<target host="fdwr.co" />
+	<target host="fdy.co" />
+	<target host="fdz.mx" />
+	<target host="fe33.ga" />
+	<target host="fear.gq" />
+	<target host="fearfe.st" />
+	<target host="fearministry.gq" />
+	<target host="feb24.ml" />
+	<target host="feb27.ml" />
+	<target host="febc.online" />
+	<target host="febfox.com" />
+	<target host="febra.me" />
+	<target host="fec.marketing" />
+	<target host="fed.cafe" />
+	<target host="feeds.lfc.vn" />
+	<target host="feee.li" />
+	<target host="feel.fyi" />
+	<target host="fefcoll.org" />
+	<target host="fefito.ml" />
+	<target host="feg.life" />
+	<target host="fei.gl" />
+	<target host="feikar.net" />
+	<target host="feirens.es" />
+	<target host="feitopara.vc" />
+	<target host="felg.ch" />
+	<target host="felix.click" />
+	<target host="felix.co" />
+	<target host="felix.design" />
+	<target host="fell.be" />
+	<target host="fellca.st" />
+	<target host="felype.com.br" />
+	<target host="femspla.in" />
+	<target host="fen.to" />
+	<target host="fener.ooo" />
+	<target host="fer.mn" />
+	<target host="ferbot.tk" />
+	<target host="ferdi.rs" />
+	<target host="ferg.link" />
+	<target host="fernando.tips" />
+	<target host="fernshakes.com" />
+	<target host="ferr.co" />
+	<target host="ferr.us" />
+	<target host="ferulli.it" />
+	<target host="feryn.link" />
+	<target host="feso.me" />
+	<target host="fest.gent" />
+	<target host="festivya.co" />
+	<target host="festvl.com" />
+	<target host="fetch.link" />
+	<target host="fett.ga" />
+	<target host="fetz.us" />
+	<target host="fevo.me" />
+	<target host="ff-d.com" />
+	<target host="ff-leo.de" />
+	<target host="ff.recipes" />
+	<target host="ffal.us" />
+	<target host="ffald.ml" />
+	<target host="ffb.li" />
+	<target host="ffbrkjv.com" />
+	<target host="ffc.ph" />
+	<target host="ffcalc.com" />
+	<target host="ffdnt.me" />
+	<target host="ffeeds.co" />
+	<target host="ffell.de" />
+	<target host="fff.1n.pw" />
+	<target host="fff.me" />
+	<target host="fffinds.co" />
+	<target host="fffit.co" />
+	<target host="ffgeek.co" />
+	<target host="ffhub.uk" />
+	<target host="fflys.co" />
+	<target host="ffpod.im" />
+	<target host="ffshop.co" />
+	<target host="fft.rs" />
+	<target host="ffw.tropos.io" />
+	<target host="ffwd.in" />
+	<target host="ffwd2.me" />
+	<target host="fga.pw" />
+	<target host="fgcuath.co" />
+	<target host="fge.me" />
+	<target host="fgm.link" />
+	<target host="fgroa.st" />
+	<target host="fgtix.to" />
+	<target host="fgvip.uk" />
+	<target host="fhacks.link" />
+	<target host="fhal.me" />
+	<target host="fhallot.me" />
+	<target host="fheba.ca" />
+	<target host="fhember.gr" />
+	<target host="fhh.gr" />
+	<target host="fhk.io" />
+	<target host="fhl.uk" />
+	<target host="fhrn.ws" />
+	<target host="fhs.io" />
+	<target host="fhub.in" />
+	<target host="fi.expekt.link" />
+	<target host="fi.isatya.in" />
+	<target host="fiama.ga" />
+	<target host="fiap.me" />
+	<target host="fiba.us" />
+	<target host="fibro.coach" />
+	<target host="fibro.news" />
+	<target host="fido.ly" />
+	<target host="fidose.com" />
+	<target host="fie.sc" />
+	<target host="fiel.in" />
+	<target host="field.ly" />
+	<target host="fiet.me" />
+	<target host="fiets.cc" />
+	<target host="fifa.wtf" />
+	<target host="fig.re" />
+	<target host="figg.me" />
+	<target host="fightrr.tips" />
+	<target host="fii.info" />
+	<target host="fikra.gd" />
+	<target host="fil.fm" />
+	<target host="filab.uk" />
+	<target host="file.2412.org" />
+	<target host="file.bagumec.be" />
+	<target host="file.e-tabs.com" />
+	<target host="file.glinso.net" />
+	<target host="filedrive.cf" />
+	<target host="filef.ac" />
+	<target host="files.cerfav.fr" />
+	<target host="files.ckgd.net" />
+	<target host="files.pex.me" />
+	<target host="filetaxes.us" />
+	<target host="filez.link" />
+	<target host="filho.pe" />
+	<target host="filippidis.biz" />
+	<target host="filmappeal.co" />
+	<target host="filmc.as" />
+	<target host="filmfed.co" />
+	<target host="filmfrais.co.vu" />
+	<target host="filmfullhd.ml" />
+	<target host="filmhd.ml" />
+	<target host="filmhd21.co.vu" />
+	<target host="filminstan.ml" />
+	<target host="filminstant.ml" />
+	<target host="filmluv.it" />
+	<target host="filmo.at" />
+	<target host="filmoriginal.ml" />
+	<target host="filmp.je" />
+	<target host="filmpa.net" />
+	<target host="filmy.me" />
+	<target host="filt.co" />
+	<target host="filt.re" />
+	<target host="filtr.es" />
+	<target host="filtr.tv" />
+	<target host="filtresi.tk" />
+	<target host="finalb.im" />
+	<target host="finalwebsit.es" />
+	<target host="finchi.es" />
+	<target host="find.fmm.li" />
+	<target host="finding-girl.ml" />
+	<target host="findingma.st" />
+	<target host="findte.es" />
+	<target host="fine.pe" />
+	<target host="finetrack.info" />
+	<target host="finn.gr" />
+	<target host="finnio.us" />
+	<target host="finnov.asia" />
+	<target host="finsku.ga" />
+	<target host="finte.ch" />
+	<target host="finv.us" />
+	<target host="fir.mx" />
+	<target host="fire.li" />
+	<target host="fireaxehd.ml" />
+	<target host="firebrand.to" />
+	<target host="firebrand.us" />
+	<target host="fireckr.uk" />
+	<target host="firedept.link" />
+	<target host="firego.gq" />
+	<target host="firesnyper.gq" />
+	<target host="firs.tw" />
+	<target host="firstam.us" />
+	<target host="firstdraft.news" />
+	<target host="firstllp.uk" />
+	<target host="fishd.co" />
+	<target host="fishermedia.me" />
+	<target host="fishy.click" />
+	<target host="fisv.co" />
+	<target host="fit-kat.com" />
+	<target host="fitandfun.ky" />
+	<target host="fitc.it" />
+	<target host="fitpla.net" />
+	<target host="fitready.info" />
+	<target host="fitry-hdtv.ml" />
+	<target host="fitsell.nl" />
+	<target host="fitzdonc.cc" />
+	<target host="fivefab.us" />
+	<target host="fivewish.es" />
+	<target host="fixbuj.ml" />
+	<target host="fixcinemag.ml" />
+	<target host="fixe.rs" />
+	<target host="fixer.link" />
+	<target host="fixi.co" />
+	<target host="fjd.me" />
+	<target host="fjky.co" />
+	<target host="fjm.es" />
+	<target host="fjmg.es" />
+	<target host="fkfa.co" />
+	<target host="fkhr.de" />
+	<target host="fkick.co" />
+	<target host="fknws.pw" />
+	<target host="fkof.it" />
+	<target host="fkrz.ir" />
+	<target host="fkumsu16.tk" />
+	<target host="fl.cobweb.ch" />
+	<target host="fl.navs.me" />
+	<target host="fl.uy" />
+	<target host="fl8.eu" />
+	<target host="fla-men.co" />
+	<target host="fla.st" />
+	<target host="flab.be" />
+	<target host="fladry.com" />
+	<target host="flag.ws" />
+	<target host="flageo.lt" />
+	<target host="flagforms.org" />
+	<target host="flak.ga" />
+	<target host="flames.lu" />
+	<target host="flametr.com" />
+	<target host="flantasti.co" />
+	<target host="flashhd.ml" />
+	<target host="flashmanwa.de" />
+	<target host="flat.pw" />
+	<target host="flatbeds.me" />
+	<target host="flatrate.co" />
+	<target host="fldta.uk" />
+	<target host="fldwrk.co" />
+	<target host="fleaba.gs" />
+	<target host="flem.in" />
+	<target host="flexo.co" />
+	<target host="flfe.me" />
+	<target host="flgc.info" />
+	<target host="flgd.co" />
+	<target host="flhsfb.com" />
+	<target host="flik.li" />
+	<target host="flingel.li" />
+	<target host="flingu.in" />
+	<target host="flinto.in" />
+	<target host="flippen.me" />
+	<target host="flircik.ml" />
+	<target host="flirtprof.is" />
+	<target host="flix21.ga" />
+	<target host="flix24.ga" />
+	<target host="flix25.ga" />
+	<target host="flix32.ga" />
+	<target host="flixbreak.ml" />
+	<target host="flixcinem.ml" />
+	<target host="flixdrov.gq" />
+	<target host="flixfra.me" />
+	<target host="flixmags.ml" />
+	<target host="flixmov21.ga" />
+	<target host="flixpilot.ml" />
+	<target host="flixta.pe" />
+	<target host="flixtubes.gq" />
+	<target host="flkrpxl.com" />
+	<target host="fllw.me" />
+	<target host="flmicro.gr" />
+	<target host="flmsp.ly" />
+	<target host="flnr.de" />
+	<target host="flnt.it" />
+	<target host="flnt.rehab" />
+	<target host="flntsk.in" />
+	<target host="flo.vc" />
+	<target host="float.fyi" />
+	<target host="float.ly" />
+	<target host="flockurself.io" />
+	<target host="floetotto.tech" />
+	<target host="floma.me" />
+	<target host="flosil.ga" />
+	<target host="flotation.link" />
+	<target host="flourl.de" />
+	<target host="flow.ms" />
+	<target host="flowe.be" />
+	<target host="flowerona.uk" />
+	<target host="flowfest.com.au" />
+	<target host="flowlove.me" />
+	<target host="flowr.me" />
+	<target host="flpe.de" />
+	<target host="flpl.co" />
+	<target host="flppr.co" />
+	<target host="flres.uk" />
+	<target host="flrty.in" />
+	<target host="fls.pt" />
+	<target host="flsd.link" />
+	<target host="flse.at" />
+	<target host="flsinc.co" />
+	<target host="flss.co" />
+	<target host="flt1.us" />
+	<target host="flt10.net" />
+	<target host="flti.info" />
+	<target host="fltr.tv" />
+	<target host="fltrgr.de" />
+	<target host="flts.im" />
+	<target host="fltsim.me" />
+	<target host="fluiarte.co" />
+	<target host="fluiddigit.al" />
+	<target host="flux.dj" />
+	<target host="fluxx.ltd" />
+	<target host="flwctrl.com" />
+	<target host="flwr.ch" />
+	<target host="flwss.org" />
+	<target host="flwx.org" />
+	<target host="flx.is" />
+	<target host="flx.mr" />
+	<target host="flxi.co" />
+	<target host="flxr.co" />
+	<target host="fly.bo" />
+	<target host="flyam.ps" />
+	<target host="flycine.ml" />
+	<target host="flycl.ps" />
+	<target host="flyha.be" />
+	<target host="flyhawks.co" />
+	<target host="flyhy.at" />
+	<target host="flyks.us" />
+	<target host="flynnlink.com" />
+	<target host="flyp.io" />
+	<target host="flyr.co" />
+	<target host="flytog.me" />
+	<target host="flz.me" />
+	<target host="fm.bnr.nl" />
+	<target host="fm.ht" />
+	<target host="fm.ozonico.ca" />
+	<target host="fm.tl" />
+	<target host="fm2.cl" />
+	<target host="fma.cash" />
+	<target host="fmair.ca" />
+	<target host="fmc.vc" />
+	<target host="fmchr.ch" />
+	<target host="fmck.co" />
+	<target host="fmed.it" />
+	<target host="fmedley.com" />
+	<target host="fmgo.to" />
+	<target host="fmkt.aero" />
+	<target host="fmlas.eu" />
+	<target host="fmly.one" />
+	<target host="fmlymtt.rs" />
+	<target host="fmlyt.ch" />
+	<target host="fmobi.net" />
+	<target host="fmpx.us" />
+	<target host="fmsgr.se" />
+	<target host="fmsrel.com" />
+	<target host="fmul.us" />
+	<target host="fnapo.li" />
+	<target host="fnbyts.co" />
+	<target host="fncranks.com" />
+	<target host="fnct.in" />
+	<target host="fndh.us" />
+	<target host="fndra.co" />
+	<target host="fndri.com" />
+	<target host="fndrs.net" />
+	<target host="fndsr.fr" />
+	<target host="fneves.co" />
+	<target host="fnews.tv" />
+	<target host="fnex.us" />
+	<target host="fnf.vc" />
+	<target host="fnhw.us" />
+	<target host="fnih.com" />
+	<target host="fnls.co" />
+	<target host="fnn.jp" />
+	<target host="fnpl.io" />
+	<target host="fnst.cc" />
+	<target host="fnt.to" />
+	<target host="fnta.pl" />
+	<target host="fntk.co" />
+	<target host="fntstc.me" />
+	<target host="fntstrs.ch" />
+	<target host="fntsy.co" />
+	<target host="fnva.co" />
+	<target host="fnws.fr" />
+	<target host="fo0die.tk" />
+	<target host="fo7.be" />
+	<target host="foca.io" />
+	<target host="focd.me" />
+	<target host="foco.tax" />
+	<target host="focusatwill.co" />
+	<target host="focuspull.in" />
+	<target host="foda.in" />
+	<target host="fodor.it" />
+	<target host="foek.li" />
+	<target host="foenander.link" />
+	<target host="foes.do" />
+	<target host="fogo.ly" />
+	<target host="foip.me" />
+	<target host="foito.ml" />
+	<target host="foke.at" />
+	<target host="fokko.moe" />
+	<target host="foldi.es" />
+	<target host="foll.ws" />
+	<target host="follow.cl.audio" />
+	<target host="folplant.com" />
+	<target host="foml.uk" />
+	<target host="fommy.me" />
+	<target host="fomo.blog" />
+	<target host="fondfol.io" />
+	<target host="fondul.ac" />
+	<target host="font.by" />
+	<target host="fontspri.ng" />
+	<target host="foob.org" />
+	<target host="food.as" />
+	<target host="food.gy" />
+	<target host="foodblo.gs" />
+	<target host="foodgl.me" />
+	<target host="foodmam.org" />
+	<target host="foodmux.com" />
+	<target host="foodru.sh" />
+	<target host="foods.af" />
+	<target host="foodt.be" />
+	<target host="foodwise.info" />
+	<target host="foodzy.me" />
+	<target host="foothold.co.vu" />
+	<target host="footnotes.ph" />
+	<target host="footu.re" />
+	<target host="foox.club" />
+	<target host="for-mcpe-th.ga" />
+	<target host="for.photos" />
+	<target host="for.tn" />
+	<target host="forbuy.info" />
+	<target host="forbuy.me" />
+	<target host="forc.mx" />
+	<target host="forceb.co" />
+	<target host="ford.to" />
+	<target host="fordn.co" />
+	<target host="forestanders.in" />
+	<target host="forester.farm" />
+	<target host="forevermore.cc" />
+	<target host="forewomen.uk" />
+	<target host="forf.it" />
+	<target host="forg.me" />
+	<target host="forge.li" />
+	<target host="forge.tips" />
+	<target host="fork.im" />
+	<target host="forkfr.com" />
+	<target host="form.mx" />
+	<target host="formotor.bike" />
+	<target host="forms.tcs.ph" />
+	<target host="foronehd.ml" />
+	<target host="forr.com" />
+	<target host="forstreaming.ml" />
+	<target host="fort.pics" />
+	<target host="fortuna4k.ml" />
+	<target host="fortunato.co" />
+	<target host="forwatch.ml" />
+	<target host="forwd.pl" />
+	<target host="forzad.in" />
+	<target host="fosb.us" />
+	<target host="fosfor.us" />
+	<target host="fossible.co" />
+	<target host="fossmg.me" />
+	<target host="fosters.ly" />
+	<target host="fotg.co" />
+	<target host="fotl.eu" />
+	<target host="foto.gd" />
+	<target host="fotoha.us" />
+	<target host="fotosocher.de" />
+	<target host="fotovs.com" />
+	<target host="fotp.ro" />
+	<target host="fotr.link" />
+	<target host="fotv.co" />
+	<target host="foty.in" />
+	<target host="founded.cloud" />
+	<target host="fourpoints.ht" />
+	<target host="fous.ly" />
+	<target host="fox-tvshow.ml" />
+	<target host="fox.co" />
+	<target host="fox.tv" />
+	<target host="foxb.it" />
+	<target host="foxciti.es" />
+	<target host="foxd.tv" />
+	<target host="foxel.org" />
+	<target host="foxemf.com" />
+	<target host="foxpr.in" />
+	<target host="foxpress.tk" />
+	<target host="foxrad.io" />
+	<target host="foxrox.me" />
+	<target host="foxs.pt" />
+	<target host="foxtel.ly" />
+	<target host="foxth.co" />
+	<target host="foxtv.ml" />
+	<target host="foy.fitness" />
+	<target host="foyi.net" />
+	<target host="fp-fami.ly" />
+	<target host="fp.anton2920.ru" />
+	<target host="fp.express" />
+	<target host="fpba.ma" />
+	<target host="fpce.us" />
+	<target host="fpcj.ms" />
+	<target host="fpfo.co" />
+	<target host="fpgam.es" />
+	<target host="fph.nz" />
+	<target host="fphos.co" />
+	<target host="fpliv.in" />
+	<target host="fpmaps.com" />
+	<target host="fppa.co" />
+	<target host="fpt.me" />
+	<target host="fpwr.us" />
+	<target host="fpx.lc" />
+	<target host="fqd.me" />
+	<target host="fr8me.us" />
+	<target host="fra.aloe4all.dk" />
+	<target host="fract.link" />
+	<target host="frag.link" />
+	<target host="frag.ly" />
+	<target host="frame.ws" />
+	<target host="fran.bz" />
+	<target host="francesc.as" />
+	<target host="frank69.eu" />
+	<target host="frankl.co" />
+	<target host="frantv.us" />
+	<target host="franz.tv" />
+	<target host="fray.li" />
+	<target host="frc.tl" />
+	<target host="frc.vc" />
+	<target host="frch.in" />
+	<target host="frcst.co" />
+	<target host="frctr.io" />
+	<target host="frctr.me" />
+	<target host="frd.hm" />
+	<target host="frdair.co" />
+	<target host="frdg.me" />
+	<target host="frdm.ch" />
+	<target host="frdm.mobi" />
+	<target host="frdr.us" />
+	<target host="frdy.co.uk" />
+	<target host="fre.events" />
+	<target host="fre.gg" />
+	<target host="fred.im" />
+	<target host="fred.ly" />
+	<target host="fred.naud.me" />
+	<target host="fred.pe" />
+	<target host="fredswan.io" />
+	<target host="free-on.ml" />
+	<target host="free.bloodco.de" />
+	<target host="free4kmovies.ml" />
+	<target host="freebible.to" />
+	<target host="freebiesquad.co" />
+	<target host="freech.pl" />
+	<target host="freedomhou.se" />
+	<target host="freehd.ml" />
+	<target host="freekib.com" />
+	<target host="freelinks.tk" />
+	<target host="freeloaded.ga" />
+	<target host="freemax.ml" />
+	<target host="freemov.ml" />
+	<target host="freenow.ga" />
+	<target host="freepri.se" />
+	<target host="freerad.io" />
+	<target host="freeseries.ga" />
+	<target host="freesexmov.ml" />
+	<target host="freeshows.ml" />
+	<target host="freetct.com" />
+	<target host="freeth.ink" />
+	<target host="freetv1.cf" />
+	<target host="freetyzr.cf" />
+	<target host="freeus.ga" />
+	<target host="freeusatv.ga" />
+	<target host="freeustv.ga" />
+	<target host="freewach.ml" />
+	<target host="freewatchh.ga" />
+	<target host="freixe.net" />
+	<target host="freo.me" />
+	<target host="frerej.co" />
+	<target host="fresalina.co" />
+	<target host="fresha.es" />
+	<target host="freshgra.de" />
+	<target host="freshn.es" />
+	<target host="freshpet.co" />
+	<target host="freshr.co" />
+	<target host="freshsk.is" />
+	<target host="fresteahd.cf" />
+	<target host="fresv.net" />
+	<target host="freu.be" />
+	<target host="frg.gr" />
+	<target host="frge.co" />
+	<target host="frgi.de" />
+	<target host="frgt.co" />
+	<target host="frh.me" />
+	<target host="frhs.cc" />
+	<target host="fri.center" />
+	<target host="friar.news" />
+	<target host="friaspin.se" />
+	<target host="frid.co" />
+	<target host="fried.tech" />
+	<target host="friedte.ch" />
+	<target host="frier.us" />
+	<target host="frim.is" />
+	<target host="fris.pro" />
+	<target host="frisk.in" />
+	<target host="fritz.im" />
+	<target host="frkpn.com" />
+	<target host="frkt.in" />
+	<target host="frls.io" />
+	<target host="frm.twspmr.eu" />
+	<target host="frmdg.co" />
+	<target host="frmns.de" />
+	<target host="frmp.it" />
+	<target host="frmply.co" />
+	<target host="frmwk.com" />
+	<target host="frmy.tv" />
+	<target host="frn.co" />
+	<target host="frnd.li" />
+	<target host="frnd.pro" />
+	<target host="frnd.su" />
+	<target host="frnds.eu" />
+	<target host="frndz.me" />
+	<target host="frntrnnr.com" />
+	<target host="fro.gd" />
+	<target host="fro.gg" />
+	<target host="fro.me.uk" />
+	<target host="frokost.cf" />
+	<target host="from.gd" />
+	<target host="from.io" />
+	<target host="from.lei.bo" />
+	<target host="from.rublev.me" />
+	<target host="from.srs.place" />
+	<target host="frommar.co" />
+	<target host="frontciencia.me" />
+	<target host="frontline.link" />
+	<target host="frontr.co" />
+	<target host="frontroe.co" />
+	<target host="frooney.co" />
+	<target host="froot.co" />
+	<target host="frost.sc" />
+	<target host="frosty.me" />
+	<target host="froy.co" />
+	<target host="frsh.ga" />
+	<target host="frshegg.co" />
+	<target host="frshlyrstdwb.co" />
+	<target host="frsk.co" />
+	<target host="frsk.me" />
+	<target host="frsky.me" />
+	<target host="frst.cc" />
+	<target host="frtd.eu" />
+	<target host="frtv.eu" />
+	<target host="frtw.nl" />
+	<target host="frugalo.us" />
+	<target host="frwl.tv" />
+	<target host="fryguy.me" />
+	<target host="frzandl.tk" />
+	<target host="frzh.ch" />
+	<target host="frzt.us" />
+	<target host="frztag.me" />
+	<target host="fs-c.nl" />
+	<target host="fs.tl" />
+	<target host="fsbddev.xyz" />
+	<target host="fscwire.me" />
+	<target host="fsd.is" />
+	<target host="fsd7.co" />
+	<target host="fses.us" />
+	<target host="fsf.deals" />
+	<target host="fsf.rocks" />
+	<target host="fshfol.us" />
+	<target host="fshmn.fit" />
+	<target host="fshp.co.uk" />
+	<target host="fshr.me" />
+	<target host="fshtnkcr.tv" />
+	<target host="fshtrp.co" />
+	<target host="fside.co" />
+	<target host="fsimi.com" />
+	<target host="fsino.co" />
+	<target host="fsir.co" />
+	<target host="fsj.lu" />
+	<target host="fsli.de" />
+	<target host="fsmclick.co" />
+	<target host="fsmedia.se" />
+	<target host="fsmrt.co" />
+	<target host="fsn.link" />
+	<target host="fsna.co" />
+	<target host="fsnfrm.com" />
+	<target host="fsoccer.ga" />
+	<target host="fsolo.co" />
+	<target host="fsply.cc" />
+	<target host="fspt.news" />
+	<target host="fspvip.com" />
+	<target host="fsquid.co" />
+	<target host="fsret.it" />
+	<target host="fsrg.co" />
+	<target host="fssrt.be" />
+	<target host="fst.ee" />
+	<target host="fstb.mp" />
+	<target host="fstill.vix.br" />
+	<target host="fstrgdwns.com" />
+	<target host="fstsprng.co" />
+	<target host="fstvnt.me" />
+	<target host="fsu.navs.me" />
+	<target host="fsune.ws" />
+	<target host="fsv.link" />
+	<target host="fsvid.co" />
+	<target host="ft.lc" />
+	<target host="ft0.eu" />
+	<target host="ft71.com" />
+	<target host="ftb.click" />
+	<target host="ftbl.ma" />
+	<target host="ftbnd.com" />
+	<target host="ftcpub.in" />
+	<target host="ftdn.co" />
+	<target host="ftech.vc" />
+	<target host="ftf.sh" />
+	<target host="ftftl.com" />
+	<target host="ftg.io" />
+	<target host="ftgv.com" />
+	<target host="fth.st" />
+	<target host="ftlk.org" />
+	<target host="ftmag.co" />
+	<target host="ftmrkb.gs" />
+	<target host="ftmx.us" />
+	<target host="ftnd.org" />
+	<target host="ftnt.net" />
+	<target host="fto.link" />
+	<target host="ftravelc.link" />
+	<target host="ftrc.me" />
+	<target host="ftrz.co" />
+	<target host="ftstp.com" />
+	<target host="ftw.dj" />
+	<target host="ftw.li" />
+	<target host="ftx.me" />
+	<target host="fty.link" />
+	<target host="fu.gy" />
+	<target host="fu.io" />
+	<target host="fu.link" />
+	<target host="fucc.us" />
+	<target host="fuck.coc.com.np" />
+	<target host="fuckthe.gop" />
+	<target host="fudura.eu" />
+	<target host="fuelpl.us" />
+	<target host="fujisan.ms" />
+	<target host="fuk.ly" />
+	<target host="ful.lc" />
+	<target host="full-ep.ml" />
+	<target host="full-ep1.ml" />
+	<target host="full-episode.ml" />
+	<target host="full-eps.ml" />
+	<target host="full-eps.tk" />
+	<target host="full-series.ml" />
+	<target host="full-shows.ml" />
+	<target host="full-tv.ml" />
+	<target host="full-watch.ml" />
+	<target host="full-watchhd.ml" />
+	<target host="full.sc" />
+	<target host="full2017.ga" />
+	<target host="fullarticle.org" />
+	<target host="fullcsiptv.co" />
+	<target host="fulle.rs" />
+	<target host="fullep.ga" />
+	<target host="fullepisode.ga" />
+	<target host="fullepisodes.ga" />
+	<target host="fulleps.cf" />
+	<target host="fullepsd4k.cf" />
+	<target host="fullepshow.ml" />
+	<target host="fullhd-1080p.gq" />
+	<target host="fullhdts.ml" />
+	<target host="fullonline.cf" />
+	<target host="fullplayy.ga" />
+	<target host="fullseries.ga" />
+	<target host="fullseries7.ml" />
+	<target host="fullserieshd.cf" />
+	<target host="fullseriestv.ml" />
+	<target host="fullseven.ml" />
+	<target host="fullsh0w.ml" />
+	<target host="fullshow.cf" />
+	<target host="fullshow.ga" />
+	<target host="fullshow.ml" />
+	<target host="fullshowhd.ml" />
+	<target host="fullshows.ml" />
+	<target host="fullsp.ec" />
+	<target host="fullstr3am.cf" />
+	<target host="fullstream.cf" />
+	<target host="fullstream.gq" />
+	<target host="fullstudio.ml" />
+	<target host="fulltvshow.ml" />
+	<target host="fulltwo.ml" />
+	<target host="fullyinvo.lv" />
+	<target host="fun.io" />
+	<target host="fund.us.org" />
+	<target host="funderbe.am" />
+	<target host="fundri.se" />
+	<target host="funes.in" />
+	<target host="funho.me" />
+	<target host="funi.to" />
+	<target host="funkiej.com" />
+	<target host="funnelne.ws" />
+	<target host="funni.ly" />
+	<target host="funre.us" />
+	<target host="funseries.ml" />
+	<target host="funster.tv" />
+	<target host="fur.tel" />
+	<target host="furets.co" />
+	<target host="furf.it" />
+	<target host="furly.cz" />
+	<target host="fury.tv" />
+	<target host="fus.li" />
+	<target host="fus.mn" />
+	<target host="fuse.brussels" />
+	<target host="fuse.ms" />
+	<target host="fuselens.es" />
+	<target host="fusewa.me" />
+	<target host="fusionr.ec" />
+	<target host="fusn.co" />
+	<target host="futr.be" />
+	<target host="futr.gr" />
+	<target host="futuraco.de" />
+	<target host="future-lab.co" />
+	<target host="fuz.cm" />
+	<target host="fuze.fun" />
+	<target host="fuzeplay.co" />
+	<target host="fvan.be" />
+	<target host="fvbh.nl" />
+	<target host="fvq.tips" />
+	<target host="fw.sg" />
+	<target host="fw.skool.pk" />
+	<target host="fw2.it" />
+	<target host="fw2.org" />
+	<target host="fwaction.us" />
+	<target host="fwc24.ru" />
+	<target host="fwd.rocks" />
+	<target host="fwd.sf3soft.net" />
+	<target host="fwd.sh" />
+	<target host="fwdrv.ws" />
+	<target host="fwinnvat.in" />
+	<target host="fwoe.life" />
+	<target host="fworks.link" />
+	<target host="fwprocircu.it" />
+	<target host="fwre.co" />
+	<target host="fws-l.de" />
+	<target host="fws.co" />
+	<target host="fws.me" />
+	<target host="fww.life" />
+	<target host="fwwat.ch" />
+	<target host="fwwen.org" />
+	<target host="fxd.pt" />
+	<target host="fxhero.es" />
+	<target host="fxhll.com" />
+	<target host="fxly.co" />
+	<target host="fxn.ws" />
+	<target host="fxne.ws" />
+	<target host="fxp.co" />
+	<target host="fxperts.ca" />
+	<target host="fxr.today" />
+	<target host="fxtm.biz" />
+	<target host="fxtm.co" />
+	<target host="fxwd.tl" />
+	<target host="fy.io" />
+	<target host="fyi.co" />
+	<target host="fyi.so" />
+	<target host="fyndiq.ly" />
+	<target host="fyrgolf.games" />
+	<target host="fyurl.tk" />
+	<target host="fz.my" />
+	<target host="fza.co" />
+	<target host="fzavareh.com" />
+	<target host="fzbr.in" />
+	<target host="fzcrp.eu" />
+	<target host="fzitsng.mobi" />
+	<target host="fzy.cl" />
+	<target host="g-3.me" />
+	<target host="g-am.es" />
+	<target host="g-eazy.news" />
+	<target host="g-gy.in" />
+	<target host="g-jon.es" />
+	<target host="g-off.me" />
+	<target host="g-ro.co" />
+	<target host="g-web.in" />
+	<target host="g-wijzer.nl" />
+	<target host="g-z.one" />
+	<target host="g.01j.me" />
+	<target host="g.1rf.tv" />
+	<target host="g.ahmad1996.com" />
+	<target host="g.altrua.io" />
+	<target host="g.amrsm.ir" />
+	<target host="g.arabenet.info" />
+	<target host="g.bendl.me" />
+	<target host="g.blog4temp.com" />
+	<target host="g.bornweg-dt.de" />
+	<target host="g.brainofjt.com" />
+	<target host="g.bramo.me" />
+	<target host="g.cf" />
+	<target host="g.chrislange.co" />
+	<target host="g.cmcdonald.com" />
+	<target host="g.cometchat.com" />
+	<target host="g.destiny.team" />
+	<target host="g.eist.co" />
+	<target host="g.emolgroup.com" />
+	<target host="g.engelhardt.li" />
+	<target host="g.eypgermany.de" />
+	<target host="g.fa3ilkhir.com" />
+	<target host="g.fernandez.sx" />
+	<target host="g.filipetbd.xyz" />
+	<target host="g.flo.wf" />
+	<target host="g.gethlc.org" />
+	<target host="g.grax.com" />
+	<target host="g.hofweber.net" />
+	<target host="g.hullen.me" />
+	<target host="g.ifaw.org" />
+	<target host="g.iinfo.cz" />
+	<target host="g.jessedavis.me" />
+	<target host="g.juliens.me" />
+	<target host="g.kiers.eu" />
+	<target host="g.krbn.co" />
+	<target host="g.kruger.joburg" />
+	<target host="g.leaf.fm" />
+	<target host="g.lingona.com" />
+	<target host="g.marcgarcia.es" />
+	<target host="g.masslight.com" />
+	<target host="g.matho.co" />
+	<target host="g.mcklatch.com" />
+	<target host="g.mrsoftfun.com" />
+	<target host="g.msnict.com.au" />
+	<target host="g.mxrcxnry.com" />
+	<target host="g.neoground.com" />
+	<target host="g.nickpomes.com" />
+	<target host="g.nw7us.us" />
+	<target host="g.obijan.com" />
+	<target host="g.ofor.us" />
+	<target host="g.ontrip.in" />
+	<target host="g.org.za" />
+	<target host="g.pedroq.org" />
+	<target host="g.prjct.la" />
+	<target host="g.sal.pr" />
+	<target host="g.samiq.co" />
+	<target host="g.sar.gent" />
+	<target host="g.sevki.org" />
+	<target host="g.shatmanov.com" />
+	<target host="g.sislac.net" />
+	<target host="g.standby.hk" />
+	<target host="g.stateofg.com" />
+	<target host="g.suqld.org.au" />
+	<target host="g.svtre.com" />
+	<target host="g.talentvis.com" />
+	<target host="g.theki-ng.info" />
+	<target host="g.tm.tl" />
+	<target host="g.tnw.so" />
+	<target host="g.town" />
+	<target host="g.urgent.ly" />
+	<target host="g.viedemerde.fr" />
+	<target host="g.wilker.org" />
+	<target host="g.xmez.co" />
+	<target host="g.xoteens.com" />
+	<target host="g.yft.io" />
+	<target host="g.zisick.de" />
+	<target host="g0g0.me" />
+	<target host="g0ga.ga" />
+	<target host="g0t0.co" />
+	<target host="g1.nz" />
+	<target host="g1261.co" />
+	<target host="g14s.com" />
+	<target host="g16.click" />
+	<target host="g1cu.com" />
+	<target host="g2a.team" />
+	<target host="g2kww.org" />
+	<target host="g360.in" />
+	<target host="g39.co" />
+	<target host="g3l0whade4k.ml" />
+	<target host="g3r.me" />
+	<target host="g4.tv" />
+	<target host="g4g4h.ml" />
+	<target host="g4g65.com" />
+	<target host="g4l.at" />
+	<target host="g4nd3n.ga" />
+	<target host="g4use.com" />
+	<target host="g5a.co" />
+	<target host="g5hol.ga" />
+	<target host="g6r.link" />
+	<target host="g7f.co" />
+	<target host="ga.co" />
+	<target host="ga.utam.me" />
+	<target host="ga1a.co" />
+	<target host="gaba.pro" />
+	<target host="gabbbq.info" />
+	<target host="gabby.link" />
+	<target host="gabclement.com" />
+	<target host="gabp.me" />
+	<target host="gabres.ml" />
+	<target host="gabriel.cf" />
+	<target host="gaby.co" />
+	<target host="gac.fyi" />
+	<target host="gacc.pt" />
+	<target host="gachi.co" />
+	<target host="gadel.me" />
+	<target host="gadf.ly" />
+	<target host="gadgettester.uk" />
+	<target host="gadgt.co" />
+	<target host="gadgt.life" />
+	<target host="gadietri.ch" />
+	<target host="gadislagi.ml" />
+	<target host="gadiss.ml" />
+	<target host="gadvnt.rs" />
+	<target host="gaff.in" />
+	<target host="gagah.ga" />
+	<target host="gain.li" />
+	<target host="gajjar.me" />
+	<target host="galfrid.us" />
+	<target host="galien.org" />
+	<target host="galiteck.tk" />
+	<target host="galk.hu" />
+	<target host="gallerypix.net" />
+	<target host="gallop.nyc" />
+	<target host="gallow.today" />
+	<target host="galvtx.com" />
+	<target host="gamb.li" />
+	<target host="gambl.it" />
+	<target host="game.gy" />
+	<target host="gamechur.ch" />
+	<target host="gamekey.ninja" />
+	<target host="gamequitte.rs" />
+	<target host="gamerz.news" />
+	<target host="gamin.gq" />
+	<target host="ganne.tt" />
+	<target host="ganol-tv.ml" />
+	<target host="ganpat.me" />
+	<target host="gaol.ga" />
+	<target host="gaol.ml" />
+	<target host="gaoltv.ml" />
+	<target host="gaona.work" />
+	<target host="gap.us" />
+	<target host="gapgermany.de" />
+	<target host="gapintl.co" />
+	<target host="gapt.ch" />
+	<target host="gar.so" />
+	<target host="gara.io" />
+	<target host="garagecabi.net" />
+	<target host="garbl.cf" />
+	<target host="garede4k.ml" />
+	<target host="gareth.link" />
+	<target host="gariskeras.ml" />
+	<target host="garl.ink" />
+	<target host="garr.co" />
+	<target host="garr.in" />
+	<target host="gart.land" />
+	<target host="gartner.cc" />
+	<target host="garuda.link" />
+	<target host="garysold.it" />
+	<target host="garyvee.com" />
+	<target host="garyvee.me" />
+	<target host="garyw.us" />
+	<target host="gascol.ml" />
+	<target host="gasp.la" />
+	<target host="gasrak4k.ml" />
+	<target host="gasrux.ml" />
+	<target host="gastro.hugb.de" />
+	<target host="gat.rs" />
+	<target host="gates.ly" />
+	<target host="gateway.fyi" />
+	<target host="gatill.com" />
+	<target host="gatr.ga" />
+	<target host="gatr.tk" />
+	<target host="gatrrik.ml" />
+	<target host="gatwk.uk" />
+	<target host="gautier.ga" />
+	<target host="gavelp.it" />
+	<target host="gavinz.ga" />
+	<target host="gawk.in" />
+	<target host="gawk.us" />
+	<target host="gayabagtv.tk" />
+	<target host="gayln.ru" />
+	<target host="gaytx.info" />
+	<target host="gaytx.us" />
+	<target host="gazl.in" />
+	<target host="gb1.co" />
+	<target host="gbc.tips" />
+	<target host="gbe.me" />
+	<target host="gbgo.in" />
+	<target host="gbh.ag" />
+	<target host="gbhub.info" />
+	<target host="gbln.co" />
+	<target host="gbnews.tv" />
+	<target host="gbot.me" />
+	<target host="gbpg.net" />
+	<target host="gbsi.me" />
+	<target host="gbso.tk" />
+	<target host="gburg.md" />
+	<target host="gburg.us" />
+	<target host="gbux.tk" />
+	<target host="gbx.buzz" />
+	<target host="gbx.es" />
+	<target host="gbyou.org" />
+	<target host="gc-pl.co" />
+	<target host="gc.school" />
+	<target host="gc2.in" />
+	<target host="gc2.me" />
+	<target host="gc2018.win" />
+	<target host="gcai.co" />
+	<target host="gcbc.mn" />
+	<target host="gccdbn.org.za" />
+	<target host="gcentr.al" />
+	<target host="gcfjobs.com" />
+	<target host="gcfr.co" />
+	<target host="gcfum.com" />
+	<target host="gcgmsp.com" />
+	<target host="gchem.us" />
+	<target host="gchorus.link" />
+	<target host="gcinc.info" />
+	<target host="gcirc.us" />
+	<target host="gclay.ws" />
+	<target host="gcm.so" />
+	<target host="gcmd.co" />
+	<target host="gco.fun" />
+	<target host="gcole.us" />
+	<target host="gcomm.tv" />
+	<target host="gcr.tips" />
+	<target host="gcrooms.com" />
+	<target host="gcrt.me" />
+	<target host="gcs.school" />
+	<target host="gcsapprent.us" />
+	<target host="gcts.us" />
+	<target host="gcvmt.co" />
+	<target host="gcx.cx" />
+	<target host="gda.li" />
+	<target host="gdain.es" />
+	<target host="gdat.co" />
+	<target host="gdb.tv" />
+	<target host="gdbox.info" />
+	<target host="gdbr.co" />
+	<target host="gdc4.me" />
+	<target host="gdc75.me" />
+	<target host="gdcg.co" />
+	<target host="gdg.ist" />
+	<target host="gdgtmac.co" />
+	<target host="gdhd.kr" />
+	<target host="gdhm.us" />
+	<target host="gdig.io" />
+	<target host="gdigesu.com" />
+	<target host="gdis.co" />
+	<target host="gdksn.com" />
+	<target host="gdlgdl.mx" />
+	<target host="gdlo.co" />
+	<target host="gdms.news" />
+	<target host="gdnr.ch" />
+	<target host="gdo-sns.jp" />
+	<target host="gdoc.it" />
+	<target host="gdrebel.com" />
+	<target host="gdrebels.com" />
+	<target host="gds.bz" />
+	<target host="gds.sg" />
+	<target host="gdshp.ch" />
+	<target host="gdt.im" />
+	<target host="gdta.st" />
+	<target host="gdw.biz" />
+	<target host="gear.lv" />
+	<target host="gearbr.com" />
+	<target host="gearl.ch" />
+	<target host="geb.li" />
+	<target host="gedery.us" />
+	<target host="gedr.im" />
+	<target host="gee.co" />
+	<target host="geeb.ml" />
+	<target host="geee.ky" />
+	<target host="geekcu.lt" />
+	<target host="geekdama.me" />
+	<target host="geekto.fit" />
+	<target host="geekto.us" />
+	<target host="geert.link" />
+	<target host="gege102.ml" />
+	<target host="gehel.ml" />
+	<target host="gehu.ml" />
+	<target host="geier.md" />
+	<target host="gek.im" />
+	<target host="gekjr.co" />
+	<target host="gelife.co" />
+	<target host="gelobaltv.ml" />
+	<target host="gem.gemvara.com" />
+	<target host="gem106.co" />
+	<target host="gem4.pw" />
+	<target host="gem5.my" />
+	<target host="gemal.to" />
+	<target host="gempixel.ml" />
+	<target host="gemz4.me" />
+	<target host="gen.pxpig.io" />
+	<target host="gen.us" />
+	<target host="gend.biz" />
+	<target host="gene.si" />
+	<target host="gener.is" />
+	<target host="genera.life" />
+	<target host="genero.me" />
+	<target host="genesisca.re" />
+	<target host="genglow.com" />
+	<target host="genii.io" />
+	<target host="genius.is" />
+	<target host="genji.cf" />
+	<target host="genktop.co.vu" />
+	<target host="genpr.gs" />
+	<target host="genreplay.ga" />
+	<target host="gensca.pe" />
+	<target host="gentl.mn" />
+	<target host="genuk.ltd" />
+	<target host="geofas.me" />
+	<target host="geog.gr" />
+	<target host="george.re" />
+	<target host="georgiatags.us" />
+	<target host="georgino.ga" />
+	<target host="georgino.tk" />
+	<target host="geoti.me" />
+	<target host="gep13.me" />
+	<target host="ger.ms" />
+	<target host="geraldinas.com" />
+	<target host="geransi.ga" />
+	<target host="gerd.fm" />
+	<target host="gerd.io" />
+	<target host="gergun.info" />
+	<target host="gerld.me" />
+	<target host="germandating.ml" />
+	<target host="germo.ml" />
+	<target host="gero.tips" />
+	<target host="gerstnr.eu" />
+	<target host="gesd.me" />
+	<target host="gessato.design" />
+	<target host="gesta.ml" />
+	<target host="get.3df.cash" />
+	<target host="get.6.0shot.com" />
+	<target host="get.abews.id" />
+	<target host="get.bekind.gift" />
+	<target host="get.breobox.com" />
+	<target host="get.charades.eu" />
+	<target host="get.co" />
+	<target host="get.galijob.com" />
+	<target host="get.gp" />
+	<target host="get.isar.io" />
+	<target host="get.jftrial.com" />
+	<target host="get.koach.tv" />
+	<target host="get.mysbux.info" />
+	<target host="get.nfvpe.site" />
+	<target host="get.pyload.net" />
+	<target host="get.sfumc.info" />
+	<target host="get.supply" />
+	<target host="get.teeters.in" />
+	<target host="get.wowing.co" />
+	<target host="get.yavi.co" />
+	<target host="getbein.us" />
+	<target host="getbo.ru" />
+	<target host="getbon.us" />
+	<target host="getcake.pro" />
+	<target host="getergo.com" />
+	<target host="getethanol.co" />
+	<target host="getf.in" />
+	<target host="getf.li" />
+	<target host="getfishing.org" />
+	<target host="getfreenow.ml" />
+	<target host="getgrok.in" />
+	<target host="geti.in" />
+	<target host="getin.bz" />
+	<target host="getintel.co" />
+	<target host="getkano.co" />
+	<target host="getkocpet.ml" />
+	<target host="getmw.me" />
+	<target host="geton.faith" />
+	<target host="getout2017.tk" />
+	<target host="getpair.ly" />
+	<target host="getr4k.ml" />
+	<target host="getrecipe.co" />
+	<target host="getreno.news" />
+	<target host="getroka.com" />
+	<target host="getru.sh" />
+	<target host="getrxn.io" />
+	<target host="getsherish.com" />
+	<target host="getshirt.us" />
+	<target host="getshow.me" />
+	<target host="getspark.me" />
+	<target host="getspir.it" />
+	<target host="getstory.in" />
+	<target host="getthene.ws" />
+	<target host="getvo.lt" />
+	<target host="getwi.se" />
+	<target host="getyourself.net" />
+	<target host="gex3.com" />
+	<target host="gfasia.ca" />
+	<target host="gfd.co" />
+	<target host="gfield.me" />
+	<target host="gfl.la" />
+	<target host="gfl.tips" />
+	<target host="gfln.co" />
+	<target host="gflo.io" />
+	<target host="gfnd.us" />
+	<target host="gfoas.co" />
+	<target host="gfp.io" />
+	<target host="gfr2.uk" />
+	<target host="gfshare.me" />
+	<target host="gfsnd.jt2k.com" />
+	<target host="gft.io" />
+	<target host="gftrib.com" />
+	<target host="gftv.us" />
+	<target host="gftypnts.co" />
+	<target host="gfwd.at" />
+	<target host="gfx.fel.one" />
+	<target host="gg2chic.com" />
+	<target host="ggagency.us" />
+	<target host="ggemiliano.com" />
+	<target host="gger.it" />
+	<target host="ggg.1n.pw" />
+	<target host="gggrlty.biz" />
+	<target host="ggheal.com" />
+	<target host="gglam.co" />
+	<target host="ggnz.la" />
+	<target host="ggoo.me" />
+	<target host="ggrr.gq" />
+	<target host="ggsim.uk" />
+	<target host="ggv.sg" />
+	<target host="gh.cm" />
+	<target host="gha.ly" />
+	<target host="ghamkir.ml" />
+	<target host="ghandlin.me" />
+	<target host="ghd.tm" />
+	<target host="ghgrp.co" />
+	<target host="ghill.me" />
+	<target host="ghjim.info" />
+	<target host="ghjnb78.tk" />
+	<target host="ghn.fyi" />
+	<target host="ghoat.ml" />
+	<target host="ghoff.co" />
+	<target host="ghoibz.ml" />
+	<target host="ghos.tw" />
+	<target host="ghrvy.co" />
+	<target host="ghsj.me" />
+	<target host="ghstgdhgh.tk" />
+	<target host="ghusa.co" />
+	<target host="ghwa.us" />
+	<target host="ghwt.blog" />
+	<target host="gi-wo.com" />
+	<target host="gi.lt" />
+	<target host="gianp.it" />
+	<target host="giant.ms" />
+	<target host="giarola.it" />
+	<target host="gibpre.com" />
+	<target host="gibr.in" />
+	<target host="gibsonintl.co" />
+	<target host="gicl.me" />
+	<target host="giff.ly" />
+	<target host="gifl.co" />
+	<target host="giforacle.me" />
+	<target host="gift.cr" />
+	<target host="giftcard.place" />
+	<target host="gigaspac.es" />
+	<target host="gigaz.in" />
+	<target host="giggl.io" />
+	<target host="giggle.pics" />
+	<target host="gigigorgeo.us" />
+	<target host="gigl.st" />
+	<target host="gigsoup.co" />
+	<target host="gijs.to" />
+	<target host="gil.nz" />
+	<target host="gilc.co" />
+	<target host="giles.li" />
+	<target host="gillard.biz" />
+	<target host="gillette.mn" />
+	<target host="gilopez.mx" />
+	<target host="gils.me" />
+	<target host="gimb.co" />
+	<target host="gimlet.media" />
+	<target host="ginf.me" />
+	<target host="ginf.tk" />
+	<target host="gingerand.co" />
+	<target host="gingerc.me" />
+	<target host="gining.ml" />
+	<target host="gio-co.com" />
+	<target host="gio.mcmxcix.xyz" />
+	<target host="giog.io" />
+	<target host="giogra.ph" />
+	<target host="gipan.de" />
+	<target host="gir.gr" />
+	<target host="girlbeauty.uk" />
+	<target host="girls.ag" />
+	<target host="girly.click" />
+	<target host="girv.in" />
+	<target host="gis.camb.ma" />
+	<target host="gis.fit" />
+	<target host="gis.nl" />
+	<target host="gisaacxyz.com" />
+	<target host="gisi.work" />
+	<target host="giso.ps" />
+	<target host="gitpri.me" />
+	<target host="gitt.im" />
+	<target host="giulio.cf" />
+	<target host="giv.lt" />
+	<target host="giv.today" />
+	<target host="giv3.org" />
+	<target host="give.ssv.org" />
+	<target host="give.works" />
+	<target host="givecai.org" />
+	<target host="giveinner.city" />
+	<target host="givenchy.link" />
+	<target host="givin.ga" />
+	<target host="giz.lv" />
+	<target host="gizey.at" />
+	<target host="gizid.at" />
+	<target host="gizm.ag" />
+	<target host="gizmobo.lt" />
+	<target host="gizmoset.com" />
+	<target host="gj294.co" />
+	<target host="gjobs.link" />
+	<target host="gjrp.co" />
+	<target host="gjscomp.com" />
+	<target host="gju.st" />
+	<target host="gk1.biz" />
+	<target host="gk4u.it" />
+	<target host="gkch.us" />
+	<target host="gkgl.co" />
+	<target host="gkid.co" />
+	<target host="gkinsi.de" />
+	<target host="gkji.me" />
+	<target host="gkm2.co" />
+	<target host="gkmt.link" />
+	<target host="gknz.fr" />
+	<target host="gkre.co" />
+	<target host="gks.rocks" />
+	<target host="gkstr.com" />
+	<target host="gkt.me" />
+	<target host="gkt.tf" />
+	<target host="gkw.re" />
+	<target host="gkz1.co" />
+	<target host="gla.ac" />
+	<target host="glaciergam.in" />
+	<target host="glamp.in" />
+	<target host="glamu.se" />
+	<target host="glas.jp" />
+	<target host="glas.to" />
+	<target host="glaube.me" />
+	<target host="glawe.photo" />
+	<target host="glb.bz" />
+	<target host="glbe.co" />
+	<target host="glblctzn.me" />
+	<target host="glcav.us" />
+	<target host="glcl.co" />
+	<target host="gld.la" />
+	<target host="gld.st" />
+	<target host="gldn.ch" />
+	<target host="gldr.co" />
+	<target host="gldushi.ru" />
+	<target host="gldwll.co" />
+	<target host="glenc.beer" />
+	<target host="glengu.in" />
+	<target host="glennga.be" />
+	<target host="glf.io" />
+	<target host="glfs.hk" />
+	<target host="glg.lgbt" />
+	<target host="glgld.us" />
+	<target host="glhc.com.au" />
+	<target host="glife.kr" />
+	<target host="glitchwitch.co" />
+	<target host="gliv.es" />
+	<target host="glix.ly" />
+	<target host="gllive.in" />
+	<target host="glls.be" />
+	<target host="gllv.org" />
+	<target host="glmn8.com" />
+	<target host="glmr.fr" />
+	<target host="glmr.me" />
+	<target host="gln.io" />
+	<target host="glnfll.ws" />
+	<target host="glnk.eu" />
+	<target host="glnr.in" />
+	<target host="glnry.us" />
+	<target host="glo.bo" />
+	<target host="glo.li" />
+	<target host="glo.yoga" />
+	<target host="globa.lv" />
+	<target host="global6s.com" />
+	<target host="globalcloud.pw" />
+	<target host="globalher.it" />
+	<target host="globalsiste.rs" />
+	<target host="globx.co" />
+	<target host="glokids.org" />
+	<target host="glorynet.ga" />
+	<target host="gloss.bz" />
+	<target host="glossons.ml" />
+	<target host="glov.es" />
+	<target host="glowfli.us" />
+	<target host="glows.biz" />
+	<target host="glp.lv" />
+	<target host="glry.io" />
+	<target host="glsen.us" />
+	<target host="glsh.in" />
+	<target host="glsns.us" />
+	<target host="glsy.us" />
+	<target host="gltr.me" />
+	<target host="glty.me" />
+	<target host="glu.co.nz" />
+	<target host="glu.is" />
+	<target host="gluca.us" />
+	<target host="glv.cc" />
+	<target host="glv.nz" />
+	<target host="glvlt.de" />
+	<target host="glvnt.co" />
+	<target host="glylr.com" />
+	<target host="glyn.pics" />
+	<target host="glze.me" />
+	<target host="gm007.co" />
+	<target host="gmai.io" />
+	<target host="gman.ga" />
+	<target host="gmane.ws" />
+	<target host="gmashil.ga" />
+	<target host="gmcoff.ee" />
+	<target host="gmglam.me" />
+	<target host="gmglf.co" />
+	<target host="gmgm.in" />
+	<target host="gmktg.co" />
+	<target host="gml.io" />
+	<target host="gml.tips" />
+	<target host="gmm.to" />
+	<target host="gmp3.link" />
+	<target host="gmpg.io" />
+	<target host="gmphy.com" />
+	<target host="gmr.link" />
+	<target host="gmrstm.pl" />
+	<target host="gmrt.co" />
+	<target host="gms.to" />
+	<target host="gmsoap.co" />
+	<target host="gmsp.gr" />
+	<target host="gmt08.com" />
+	<target host="gmtr.ch" />
+	<target host="gmtr.me" />
+	<target host="gmuhoo.ps" />
+	<target host="gmur.ph" />
+	<target host="gmv.eu" />
+	<target host="gmwv.fr" />
+	<target host="gn.tl" />
+	<target host="gna.li" />
+	<target host="gnar.in" />
+	<target host="gnat.me" />
+	<target host="gnbk.co" />
+	<target host="gnc.md" />
+	<target host="gncap.org" />
+	<target host="gndl.cf" />
+	<target host="gndle.me" />
+	<target host="gnee.us" />
+	<target host="gneo.me" />
+	<target host="gng.link" />
+	<target host="gngli.ga" />
+	<target host="gngr.space" />
+	<target host="gnhtvshow.ml" />
+	<target host="gnikn.us" />
+	<target host="gnl.me" />
+	<target host="gnls.in" />
+	<target host="gnmt.co" />
+	<target host="gnngolf.com" />
+	<target host="gnr.li" />
+	<target host="gnr8ns.com" />
+	<target host="gnrcty.org" />
+	<target host="gnsp.hk" />
+	<target host="gnttri.pw" />
+	<target host="gnz.biz" />
+	<target host="go-faar.org" />
+	<target host="go-g.co" />
+	<target host="go-he.re" />
+	<target host="go-ml.com" />
+	<target host="go-mobi.net" />
+	<target host="go-os.us" />
+	<target host="go-sm.co" />
+	<target host="go-us.tk" />
+	<target host="go.01-d.com" />
+	<target host="go.127001.org" />
+	<target host="go.12wave.com" />
+	<target host="go.158db.com.ph" />
+	<target host="go.1lambda.com" />
+	<target host="go.211.tw" />
+	<target host="go.2600.pro" />
+	<target host="go.3clogic.com" />
+	<target host="go.3km.vn" />
+	<target host="go.3rbnew.com" />
+	<target host="go.3v1n0.net" />
+	<target host="go.724685.com" />
+	<target host="go.8fit.com" />
+	<target host="go.99hats.com" />
+	<target host="go.9am-5pm.com" />
+	<target host="go.a-gbr.de" />
+	<target host="go.aaemnnost.tv" />
+	<target host="go.aais.com.vn" />
+	<target host="go.aatg.net" />
+	<target host="go.abh.my" />
+	<target host="go.abraauto.com" />
+	<target host="go.achuro.com" />
+	<target host="go.acios.id" />
+	<target host="go.aclu-nj.org" />
+	<target host="go.acstyled.com" />
+	<target host="go.actaru5.it" />
+	<target host="go.adams.life" />
+	<target host="go.adga.org" />
+	<target host="go.adrianb.net" />
+	<target host="go.aeris.com" />
+	<target host="go.aerobyn.com" />
+	<target host="go.aerosoles.ph" />
+	<target host="go.aetherii.com" />
+	<target host="go.afrrent.com" />
+	<target host="go.afutuh.com" />
+	<target host="go.afya.pl" />
+	<target host="go.age-sht.net" />
+	<target host="go.agmob.com" />
+	<target host="go.ahavta.com" />
+	<target host="go.ahazan.com" />
+	<target host="go.aib.co.ao" />
+	<target host="go.airspace.net" />
+	<target host="go.ajayjp.com" />
+	<target host="go.alan.cm" />
+	<target host="go.albaweb.tk" />
+	<target host="go.aldr.in" />
+	<target host="go.alexmaisa.me" />
+	<target host="go.alig.net" />
+	<target host="go.alihamze.com" />
+	<target host="go.allied.mv" />
+	<target host="go.allsafe.ma" />
+	<target host="go.allsysgo.tv" />
+	<target host="go.almaftuch.in" />
+	<target host="go.alottefi.com" />
+	<target host="go.alpatel.net" />
+	<target host="go.alt.ac.uk" />
+	<target host="go.altnews.in" />
+	<target host="go.am2.co" />
+	<target host="go.amco.me" />
+	<target host="go.ami.co.nz" />
+	<target host="go.amirsp.com" />
+	<target host="go.ammarcus.com" />
+	<target host="go.andlauer.de" />
+	<target host="go.ani.agency" />
+	<target host="go.anidox.net" />
+	<target host="go.anki.com" />
+	<target host="go.anunt.com" />
+	<target host="go.aosn.ws" />
+	<target host="go.aosvn.xyz" />
+	<target host="go.ape.sh" />
+	<target host="go.apk-id.net" />
+	<target host="go.apkftp.com" />
+	<target host="go.apkpro.net" />
+	<target host="go.apmg.io" />
+	<target host="go.appyland.com" />
+	<target host="go.aps-web.jp" />
+	<target host="go.aps.org" />
+	<target host="go.aptiv.com" />
+	<target host="go.aquarela.co" />
+	<target host="go.arbahok.com" />
+	<target host="go.area801.com" />
+	<target host="go.arena.ua" />
+	<target host="go.ari.codes" />
+	<target host="go.arkm.de" />
+	<target host="go.arnabsen.com" />
+	<target host="go.artylabs.com" />
+	<target host="go.artywah.info" />
+	<target host="go.ashanty.id" />
+	<target host="go.asianart.org" />
+	<target host="go.athomdev.com" />
+	<target host="go.ato.org" />
+	<target host="go.atrial.co" />
+	<target host="go.audc.info" />
+	<target host="go.audi.ru" />
+	<target host="go.augusta.edu" />
+	<target host="go.auror.co" />
+	<target host="go.autocard.de" />
+	<target host="go.avon.kz" />
+	<target host="go.aw.my.com" />
+	<target host="go.awezome.com" />
+	<target host="go.aws.org" />
+	<target host="go.ayouch.com" />
+	<target host="go.b1sat.com" />
+	<target host="go.barker.nyc" />
+	<target host="go.bas.sh" />
+	<target host="go.bbb.org" />
+	<target host="go.bbpp.us" />
+	<target host="go.bcfw.sx" />
+	<target host="go.bcharts.net" />
+	<target host="go.bcoach.info" />
+	<target host="go.beardben.com" />
+	<target host="go.beckatl.com" />
+	<target host="go.befreely.io" />
+	<target host="go.bego.site" />
+	<target host="go.bekti.net" />
+	<target host="go.bengals.com" />
+	<target host="go.benjguin.com" />
+	<target host="go.benoic.com" />
+	<target host="go.berryz.fr" />
+	<target host="go.besimply.net" />
+	<target host="go.betta.io" />
+	<target host="go.bgtvtalk.com" />
+	<target host="go.bigkrit.club" />
+	<target host="go.bigy.com" />
+	<target host="go.billde.sk" />
+	<target host="go.billtsai.com" />
+	<target host="go.bingoal.be" />
+	<target host="go.binh.mobi" />
+	<target host="go.binz.ws" />
+	<target host="go.bitklik.com" />
+	<target host="go.bivia.com" />
+	<target host="go.blackrod.net" />
+	<target host="go.blolol.com" />
+	<target host="go.bmi.com" />
+	<target host="go.bna.city" />
+	<target host="go.bodin.ac.th" />
+	<target host="go.boin.gr" />
+	<target host="go.bongour.com" />
+	<target host="go.bonsai.io" />
+	<target host="go.booty.com.au" />
+	<target host="go.borealis.cx" />
+	<target host="go.boseriko.com" />
+	<target host="go.boxer.se" />
+	<target host="go.bqphoto.info" />
+	<target host="go.breathe.io" />
+	<target host="go.bredi.us" />
+	<target host="go.brefe.com" />
+	<target host="go.bretep.me" />
+	<target host="go.brewerlaw.co" />
+	<target host="go.bribiesca.co" />
+	<target host="go.brit.co" />
+	<target host="go.brittnei.com" />
+	<target host="go.brrice.edu" />
+	<target host="go.brutsch.in" />
+	<target host="go.bryans.in" />
+	<target host="go.bs0.club" />
+	<target host="go.bulleit.co" />
+	<target host="go.butter.ai" />
+	<target host="go.bwlh.at" />
+	<target host="go.bwyouth.org" />
+	<target host="go.c01.me" />
+	<target host="go.c24.ee" />
+	<target host="go.c66.me" />
+	<target host="go.ca-de.com" />
+	<target host="go.ca.la" />
+	<target host="go.cadby.com" />
+	<target host="go.caff.stream" />
+	<target host="go.cahill.io" />
+	<target host="go.cal.io" />
+	<target host="go.cal.to" />
+	<target host="go.cape.io" />
+	<target host="go.cardback.in" />
+	<target host="go.career.vn" />
+	<target host="go.cavh.com.au" />
+	<target host="go.cb.pr" />
+	<target host="go.cbs4indy.com" />
+	<target host="go.cccu.org" />
+	<target host="go.ccmo.me" />
+	<target host="go.ccpm.com" />
+	<target host="go.cdpr.com.br" />
+	<target host="go.cegint.com" />
+	<target host="go.celebrir.com" />
+	<target host="go.cf.ac.uk" />
+	<target host="go.cgon.us" />
+	<target host="go.cgrs.tk" />
+	<target host="go.chadsnet.com" />
+	<target host="go.chaicdn.xyz" />
+	<target host="go.chall.is" />
+	<target host="go.chasset.net" />
+	<target host="go.cheatha.de" />
+	<target host="go.chiam.me" />
+	<target host="go.chicheng.me" />
+	<target host="go.chili.com" />
+	<target host="go.chinchin.vn" />
+	<target host="go.choicerewards.ca" />
+	<target host="go.chuju.org" />
+	<target host="go.chula.md" />
+	<target host="go.ciacci.net" />
+	<target host="go.cihanek.com" />
+	<target host="go.cinii.jp" />
+	<target host="go.cisvcr.org" />
+	<target host="go.citrs.xyz" />
+	<target host="go.cityspy.cz" />
+	<target host="go.clar.io" />
+	<target host="go.cliqpass.com" />
+	<target host="go.clnw.com" />
+	<target host="go.cloudwp.pro" />
+	<target host="go.clubt.jp" />
+	<target host="go.cmdr-blp.com" />
+	<target host="go.cmep.org" />
+	<target host="go.cmgenius.com" />
+	<target host="go.cmru.info" />
+	<target host="go.cms.gov" />
+	<target host="go.cmualum.com" />
+	<target host="go.cnbgfans.com" />
+	<target host="go.cnio.es" />
+	<target host="go.cnmn.us" />
+	<target host="go.code.qa" />
+	<target host="go.codesoda.com" />
+	<target host="go.cogdog.it" />
+	<target host="go.collect.it" />
+	<target host="go.con4pas.com" />
+	<target host="go.conats.com" />
+	<target host="go.concat.us" />
+	<target host="go.contelabs.eu" />
+	<target host="go.coolpad.eu" />
+	<target host="go.cordico.com" />
+	<target host="go.cordon.click" />
+	<target host="go.cortechs.net" />
+	<target host="go.coscup.org" />
+	<target host="go.cosh.me" />
+	<target host="go.cozy.es" />
+	<target host="go.cpalm.dk" />
+	<target host="go.cq-p.com" />
+	<target host="go.cqsbiz.com" />
+	<target host="go.cradio.fm" />
+	<target host="go.cramer.com" />
+	<target host="go.crn.com" />
+	<target host="go.crux.la" />
+	<target host="go.cryptelo.com" />
+	<target host="go.csar.co" />
+	<target host="go.csdo.org" />
+	<target host="go.csfolmer.nl" />
+	<target host="go.csik.net" />
+	<target host="go.csspod.com" />
+	<target host="go.ctv-point.me" />
+	<target host="go.cucc.io" />
+	<target host="go.curns.me" />
+	<target host="go.cutee.club" />
+	<target host="go.cutvpro.com" />
+	<target host="go.cw33.com" />
+	<target host="go.cwa.net" />
+	<target host="go.cylac.ca" />
+	<target host="go.d-mind.de" />
+	<target host="go.d42.nyc" />
+	<target host="go.d8a.org" />
+	<target host="go.dalsimer.com" />
+	<target host="go.danclegg.net" />
+	<target host="go.dangbau.com" />
+	<target host="go.darkdl.com" />
+	<target host="go.dave.tw" />
+	<target host="go.daveadev.com" />
+	<target host="go.davidba.in" />
+	<target host="go.dbox.us" />
+	<target host="go.dbs.com" />
+	<target host="go.dc50tv.com" />
+	<target host="go.dcsu.co.uk" />
+	<target host="go.decopach.com" />
+	<target host="go.dekalee.net" />
+	<target host="go.del-mi.org" />
+	<target host="go.delphian.org" />
+	<target host="go.demian.is" />
+	<target host="go.depthon.com" />
+	<target host="go.desdebox.es" />
+	<target host="go.design360.gr" />
+	<target host="go.devjoe.me" />
+	<target host="go.dhakatim.es" />
+	<target host="go.dhmtl.ca" />
+	<target host="go.dhpit.com" />
+	<target host="go.dinda.com.br" />
+	<target host="go.dinngo.co" />
+	<target host="go.dinoia.eu" />
+	<target host="go.dirkbo.de" />
+	<target host="go.dirq.net" />
+	<target host="go.discant.net" />
+	<target host="go.dive.in" />
+	<target host="go.diveunda.com" />
+	<target host="go.djjavo.co.uk" />
+	<target host="go.djnds.de" />
+	<target host="go.dlm.im" />
+	<target host="go.dmann.me" />
+	<target host="go.dmuth.org" />
+	<target host="go.dmv.network" />
+	<target host="go.dobt.co" />
+	<target host="go.doch.dk" />
+	<target host="go.dorint.tv" />
+	<target host="go.dostuff.net" />
+	<target host="go.dotsiam.net" />
+	<target host="go.doushort.gq" />
+	<target host="go.drambl.in" />
+	<target host="go.dranet.de" />
+	<target host="go.drankush.com" />
+	<target host="go.drdrew.com" />
+	<target host="go.drewb.io" />
+	<target host="go.dreyf.us" />
+	<target host="go.drive.sg" />
+	<target host="go.drobert.me" />
+	<target host="go.drod.io" />
+	<target host="go.drool.me.uk" />
+	<target host="go.dstbd.com" />
+	<target host="go.dtrix.tv" />
+	<target host="go.dtrnr.in" />
+	<target host="go.dttw.nl" />
+	<target host="go.duergner.io" />
+	<target host="go.durham.fyi" />
+	<target host="go.dvit.fr" />
+	<target host="go.dvlp.us" />
+	<target host="go.e-flux.com" />
+	<target host="go.e-sites.net" />
+	<target host="go.e2.ma" />
+	<target host="go.east-tec.com" />
+	<target host="go.eau.ir" />
+	<target host="go.eb.st" />
+	<target host="go.eboy.com" />
+	<target host="go.eco" />
+	<target host="go.edatwork.com" />
+	<target host="go.edig.co" />
+	<target host="go.edlisten.com" />
+	<target host="go.edm.com" />
+	<target host="go.edoctor.us" />
+	<target host="go.educipta.com" />
+	<target host="go.eduin.info" />
+	<target host="go.edvisor.io" />
+	<target host="go.efrem.io" />
+	<target host="go.egjpress.org" />
+	<target host="go.egm.nl" />
+	<target host="go.eigo.tc" />
+	<target host="go.einladung.io" />
+	<target host="go.einz.my" />
+	<target host="go.eizil.com" />
+	<target host="go.ejd.me" />
+	<target host="go.ekushey.com" />
+	<target host="go.elantix.net" />
+	<target host="go.eleague.com" />
+	<target host="go.elego.com" />
+	<target host="go.elike.com.br" />
+	<target host="go.elms.pro" />
+	<target host="go.elsifi.com" />
+	<target host="go.email0.co.uk" />
+	<target host="go.emer.ge" />
+	<target host="go.emiltorp.se" />
+	<target host="go.emitis.ir" />
+	<target host="go.empy.re" />
+	<target host="go.emsman.nl" />
+	<target host="go.endr.me" />
+	<target host="go.enmain.com" />
+	<target host="go.ennui.tv" />
+	<target host="go.enpro.vn" />
+	<target host="go.entiros.se" />
+	<target host="go.enz0.net" />
+	<target host="go.epicids.com" />
+	<target host="go.eqinc.com" />
+	<target host="go.erarc.org" />
+	<target host="go.erchima.net" />
+	<target host="go.ergonea.com" />
+	<target host="go.erickt.me" />
+	<target host="go.erotica.link" />
+	<target host="go.es.io" />
+	<target host="go.eset.it" />
+	<target host="go.esport42.fr" />
+	<target host="go.estate.cz" />
+	<target host="go.esucces.dk" />
+	<target host="go.ethow.com" />
+	<target host="go.eti.eu.com" />
+	<target host="go.etr.ee" />
+	<target host="go.eus.cl" />
+	<target host="go.evan.co" />
+	<target host="go.evbb.eu" />
+	<target host="go.evetos.com" />
+	<target host="go.ewall.org" />
+	<target host="go.ewu.edu" />
+	<target host="go.exhq.co" />
+	<target host="go.expomp.com" />
+	<target host="go.ey.com" />
+	<target host="go.f2re.com" />
+	<target host="go.f3n.me" />
+	<target host="go.faiamag.me" />
+	<target host="go.fame.li" />
+	<target host="go.fashionos.id" />
+	<target host="go.fatfog.com" />
+	<target host="go.fatina.me" />
+	<target host="go.fawks.net" />
+	<target host="go.fbr.to" />
+	<target host="go.fconline.net" />
+	<target host="go.fdpbo.de" />
+	<target host="go.featmed.com" />
+	<target host="go.feedink.com" />
+	<target host="go.feijao.co" />
+	<target host="go.fetlads.com" />
+	<target host="go.ffntech.com" />
+	<target host="go.fg.cz" />
+	<target host="go.fhtgames.com" />
+	<target host="go.fimadani.com" />
+	<target host="go.firef.ly" />
+	<target host="go.fireplan.ca" />
+	<target host="go.fixt.mx" />
+	<target host="go.flachdcd.com" />
+	<target host="go.flag.co.uk" />
+	<target host="go.flameman.pl" />
+	<target host="go.flenz.ovh" />
+	<target host="go.flip.me" />
+	<target host="go.fliq.me" />
+	<target host="go.flmtd.com" />
+	<target host="go.fly.com" />
+	<target host="go.fmb.co.uk" />
+	<target host="go.fmeoplus.com" />
+	<target host="go.fmylife.com" />
+	<target host="go.fn.de" />
+	<target host="go.fndo.es" />
+	<target host="go.foerstel.com" />
+	<target host="go.fokkezb.nl" />
+	<target host="go.fomps.org.uk" />
+	<target host="go.forks.tokyo" />
+	<target host="go.forms.studio" />
+	<target host="go.fouad.co" />
+	<target host="go.fox13now.com" />
+	<target host="go.fox2now.com" />
+	<target host="go.fox40.com" />
+	<target host="go.fox43.com" />
+	<target host="go.fox59.com" />
+	<target host="go.fox61.com" />
+	<target host="go.foxct.com" />
+	<target host="go.fragicide.tv" />
+	<target host="go.franki.net" />
+	<target host="go.freave.com" />
+	<target host="go.freddy.mx" />
+	<target host="go.fredonia.edu" />
+	<target host="go.freeball.in" />
+	<target host="go.friends.ca" />
+	<target host="go.fujino.us" />
+	<target host="go.futrsupr.com" />
+	<target host="go.fuzzd.nl" />
+	<target host="go.fvonf.com" />
+	<target host="go.fws.hu" />
+	<target host="go.gabrielp.in" />
+	<target host="go.gaiar.ru" />
+	<target host="go.gaio.me" />
+	<target host="go.galledia.ch" />
+	<target host="go.gameops.net" />
+	<target host="go.gameware.at" />
+	<target host="go.gamv.ca" />
+	<target host="go.gapis.win" />
+	<target host="go.gayle.com" />
+	<target host="go.gazlee.com" />
+	<target host="go.gcprive.com" />
+	<target host="go.gdgs.pl" />
+	<target host="go.gearpipe.com" />
+	<target host="go.geekdeals.uk" />
+	<target host="go.geeksyfe.net" />
+	<target host="go.geekthumb.uk" />
+	<target host="go.gemod.com.br" />
+	<target host="go.gencturk.net" />
+	<target host="go.getarion.com" />
+	<target host="go.getu.nu" />
+	<target host="go.gfc.tv" />
+	<target host="go.ghortho.com" />
+	<target host="go.gi.org" />
+	<target host="go.gian-d.net" />
+	<target host="go.gigfreak.com" />
+	<target host="go.gimpel.co.il" />
+	<target host="go.gitt.io" />
+	<target host="go.gjs.co" />
+	<target host="go.glg.it" />
+	<target host="go.gnet.gr" />
+	<target host="go.gogn.in" />
+	<target host="go.gohres.de" />
+	<target host="go.goodbye.be" />
+	<target host="go.gopride.com" />
+	<target host="go.gorilla.sg" />
+	<target host="go.gpal.me" />
+	<target host="go.grabone.com" />
+	<target host="go.grace.ph" />
+	<target host="go.greenbox.tw" />
+	<target host="go.grit.space" />
+	<target host="go.grox.com.au" />
+	<target host="go.gru.edu" />
+	<target host="go.gsolo.com" />
+	<target host="go.gtww.net" />
+	<target host="go.gugler.at" />
+	<target host="go.guidetti.me" />
+	<target host="go.gureev.me" />
+	<target host="go.gvsjobs.com" />
+	<target host="go.habd.as" />
+	<target host="go.hack.gt" />
+	<target host="go.hacklife.co" />
+	<target host="go.hafifi.com" />
+	<target host="go.hafusa.org" />
+	<target host="go.haji.ca" />
+	<target host="go.haki.ms" />
+	<target host="go.halusky.com" />
+	<target host="go.hamsi.us" />
+	<target host="go.handheld.se" />
+	<target host="go.hani.net" />
+	<target host="go.haniezz.com" />
+	<target host="go.harp.cloud" />
+	<target host="go.hartmann.fr" />
+	<target host="go.hasb.ro" />
+	<target host="go.hast.me" />
+	<target host="go.hbude.de" />
+	<target host="go.hc.gov" />
+	<target host="go.hcouchd.com" />
+	<target host="go.head.com" />
+	<target host="go.heavende.com" />
+	<target host="go.heja.io" />
+	<target host="go.heung.uk" />
+	<target host="go.hew.com" />
+	<target host="go.hffk.info" />
+	<target host="go.high5.ai" />
+	<target host="go.highter.de" />
+	<target host="go.hint.com" />
+	<target host="go.hlcb.tw" />
+	<target host="go.hodoxy.com" />
+	<target host="go.holtz.co" />
+	<target host="go.hoo.dk" />
+	<target host="go.hood.ie" />
+	<target host="go.hoole.co" />
+	<target host="go.hooq.tv" />
+	<target host="go.horemas.nl" />
+	<target host="go.housejoy.in" />
+	<target host="go.hrnt.it" />
+	<target host="go.hsb.com" />
+	<target host="go.hsthree.com" />
+	<target host="go.htc.de" />
+	<target host="go.httpx.in" />
+	<target host="go.hub.ki" />
+	<target host="go.hud.pw" />
+	<target host="go.huge.io" />
+	<target host="go.huje.co" />
+	<target host="go.husk.co" />
+	<target host="go.hw.is" />
+	<target host="go.hy.ly" />
+	<target host="go.i8.tn" />
+	<target host="go.iain.xyz" />
+	<target host="go.iamji.net" />
+	<target host="go.iamlee.ch" />
+	<target host="go.ibogner.net" />
+	<target host="go.ibt.to" />
+	<target host="go.icann.org" />
+	<target host="go.iconlab.vn" />
+	<target host="go.icumed.com" />
+	<target host="go.icwnow.com" />
+	<target host="go.id.me" />
+	<target host="go.idlecode.com" />
+	<target host="go.idris.org" />
+	<target host="go.idroid.us" />
+	<target host="go.idroot.net" />
+	<target host="go.ielabs.org" />
+	<target host="go.ifpb.org" />
+	<target host="go.ifthi.com" />
+	<target host="go.iglar.net" />
+	<target host="go.ignyt.me" />
+	<target host="go.iicle.com" />
+	<target host="go.iiss.org" />
+	<target host="go.ijshockey.nu" />
+	<target host="go.iku.lt" />
+	<target host="go.ilsf.ir" />
+	<target host="go.iltempo.de" />
+	<target host="go.imacandi.net" />
+	<target host="go.imedics.xyz" />
+	<target host="go.imgg.me" />
+	<target host="go.imgk.us" />
+	<target host="go.infdev.co.uk" />
+	<target host="go.infinidy.ca" />
+	<target host="go.infoab.es" />
+	<target host="go.infonol.com" />
+	<target host="go.innato.it" />
+	<target host="go.insider.in" />
+	<target host="go.interone.de" />
+	<target host="go.iorz.cc" />
+	<target host="go.ipvm.com" />
+	<target host="go.iqonomy.de" />
+	<target host="go.irccade.com" />
+	<target host="go.ironman.com" />
+	<target host="go.irtrip.com" />
+	<target host="go.irwin.ws" />
+	<target host="go.ishelly.com" />
+	<target host="go.isummary.nl" />
+	<target host="go.it.ai" />
+	<target host="go.italki.com" />
+	<target host="go.itrenew.com" />
+	<target host="go.itsitio.com" />
+	<target host="go.itson.mx" />
+	<target host="go.itu.int" />
+	<target host="go.ivotize.com" />
+	<target host="go.ivovi.ch" />
+	<target host="go.iwpr.net" />
+	<target host="go.jaachai.com" />
+	<target host="go.jack.taipei" />
+	<target host="go.jadoel.info" />
+	<target host="go.jafarnet.com" />
+	<target host="go.jakebarry.us" />
+	<target host="go.jamesvg.com" />
+	<target host="go.jamie.org" />
+	<target host="go.janlay.com" />
+	<target host="go.jawad.ir" />
+	<target host="go.jbithell.com" />
+	<target host="go.jbkc85.com" />
+	<target host="go.jbms.co.uk" />
+	<target host="go.jce.do" />
+	<target host="go.jdami.co" />
+	<target host="go.jdcd.us" />
+	<target host="go.jdnayak.com" />
+	<target host="go.jdog.co" />
+	<target host="go.jeannie.io" />
+	<target host="go.jeeves.ml" />
+	<target host="go.jef.fm" />
+	<target host="go.jekil.sexy" />
+	<target host="go.jemstud.io" />
+	<target host="go.jenteva.com" />
+	<target host="go.jet.com" />
+	<target host="go.jetli.com" />
+	<target host="go.jfsx.net" />
+	<target host="go.jiagm.me" />
+	<target host="go.jimbos.co.uk" />
+	<target host="go.jirwin.me.uk" />
+	<target host="go.jjfu.com" />
+	<target host="go.jlc.org" />
+	<target host="go.jmosawy.com" />
+	<target host="go.jnan.co" />
+	<target host="go.jndm.net" />
+	<target host="go.jobs.com.pk" />
+	<target host="go.joe.gl" />
+	<target host="go.joeteach.us" />
+	<target host="go.joewang.net" />
+	<target host="go.jon.am" />
+	<target host="go.joshk.org" />
+	<target host="go.jpanzer.de" />
+	<target host="go.jpg.yt" />
+	<target host="go.jsonyt.de" />
+	<target host="go.jtg.co" />
+	<target host="go.jump.sg" />
+	<target host="go.jw9.xyz" />
+	<target host="go.k2cinc.com" />
+	<target host="go.k2e.org" />
+	<target host="go.kabbalah.com" />
+	<target host="go.kaley.co" />
+	<target host="go.kamp.fit" />
+	<target host="go.kaobei.io" />
+	<target host="go.kap.co" />
+	<target host="go.kayayalc.in" />
+	<target host="go.kaydee.net" />
+	<target host="go.kaykyb.com" />
+	<target host="go.ke-v.in" />
+	<target host="go.kenmod.us" />
+	<target host="go.kentcc.tv" />
+	<target host="go.kevsully.us" />
+	<target host="go.kiah-tv.com" />
+	<target host="go.kidqa.club" />
+	<target host="go.kidz.ch" />
+	<target host="go.kijis.com" />
+	<target host="go.kikidan.com" />
+	<target host="go.kirv.es" />
+	<target host="go.klab.ca" />
+	<target host="go.kloh.in" />
+	<target host="go.knitbot.com" />
+	<target host="go.knmplace.com" />
+	<target host="go.knom.org" />
+	<target host="go.koawach.de" />
+	<target host="go.kohlanta.co" />
+	<target host="go.kolbe.co" />
+	<target host="go.konvetic.com" />
+	<target host="go.korb.cz" />
+	<target host="go.koselke.us" />
+	<target host="go.kots.io" />
+	<target host="go.krib.co" />
+	<target host="go.krohn.io" />
+	<target host="go.kronicle.co" />
+	<target host="go.ksbar.org" />
+	<target host="go.kswbtv.com" />
+	<target host="go.ktjx2.com" />
+	<target host="go.kudhen.com" />
+	<target host="go.kuklis.net" />
+	<target host="go.kunalshah.ca" />
+	<target host="go.kunlin.info" />
+	<target host="go.kylero.se" />
+	<target host="go.l2c.us" />
+	<target host="go.labrige.com" />
+	<target host="go.lalill.pl" />
+	<target host="go.lamnotes.com" />
+	<target host="go.lansdown.me" />
+	<target host="go.laposa.co.uk" />
+	<target host="go.lauritz.com" />
+	<target host="go.law360.com" />
+	<target host="go.lazaridis.eu" />
+	<target host="go.lbjxc.org" />
+	<target host="go.lbpho.to" />
+	<target host="go.lddg.co" />
+	<target host="go.lele.rocks" />
+	<target host="go.leogopal.com" />
+	<target host="go.letit3d.com" />
+	<target host="go.levees.org" />
+	<target host="go.lgb.io" />
+	<target host="go.lgic.co" />
+	<target host="go.liammoat.com" />
+	<target host="go.liltv.de" />
+	<target host="go.liondesk.com" />
+	<target host="go.lithofin.de" />
+	<target host="go.ljasinski.pl" />
+	<target host="go.lji.me" />
+	<target host="go.llphoto.de" />
+	<target host="go.lmh.news" />
+	<target host="go.lnp.tv" />
+	<target host="go.logect.com" />
+	<target host="go.loginvsi.com" />
+	<target host="go.lopez.link" />
+	<target host="go.lowinsky.com" />
+	<target host="go.lpp3.com" />
+	<target host="go.lrnz09.me" />
+	<target host="go.ltu.co.id" />
+	<target host="go.luc-a.de" />
+	<target host="go.luca.lk" />
+	<target host="go.lucatnt.com" />
+	<target host="go.luktom.net" />
+	<target host="go.lumiary.com" />
+	<target host="go.lund.io" />
+	<target host="go.luosen.me" />
+	<target host="go.lwd.rocks" />
+	<target host="go.lyricth.com" />
+	<target host="go.m0scu.uk" />
+	<target host="go.m17.nl" />
+	<target host="go.maestro.io" />
+	<target host="go.mafbla.org" />
+	<target host="go.mahdi.ws" />
+	<target host="go.mahmoud.work" />
+	<target host="go.mailinhs.com" />
+	<target host="go.majksner.com" />
+	<target host="go.makigas.es" />
+	<target host="go.mam.bo" />
+	<target host="go.maneu.fr" />
+	<target host="go.manheim.com" />
+	<target host="go.manso.eu" />
+	<target host="go.markj.me" />
+	<target host="go.marquez.co" />
+	<target host="go.martech.zone" />
+	<target host="go.martijn.ac" />
+	<target host="go.masakijp.com" />
+	<target host="go.matbaq.me" />
+	<target host="go.match.com" />
+	<target host="go.maton.com.au" />
+	<target host="go.matt.pw" />
+	<target host="go.matt.travel" />
+	<target host="go.mattjdev.com" />
+	<target host="go.maumaus.nl" />
+	<target host="go.max.be" />
+	<target host="go.maxi-muth.de" />
+	<target host="go.mayorga.net" />
+	<target host="go.mbbe.org" />
+	<target host="go.mbna.ca" />
+	<target host="go.mcknote.com" />
+	<target host="go.mclion.eu" />
+	<target host="go.mdeco.kr" />
+	<target host="go.mdk.mx" />
+	<target host="go.mdscomp.net" />
+	<target host="go.meah.online" />
+	<target host="go.mealhero.me" />
+	<target host="go.measure.chat" />
+	<target host="go.mediabox.lv" />
+	<target host="go.mediaco.asia" />
+	<target host="go.medicare.gov" />
+	<target host="go.medify.co.uk" />
+	<target host="go.megc.pt" />
+	<target host="go.mehdi.it" />
+	<target host="go.mei.st" />
+	<target host="go.menshouse.gr" />
+	<target host="go.merakian.pt" />
+	<target host="go.meto.ga" />
+	<target host="go.mett.ro" />
+	<target host="go.mfeiz.com" />
+	<target host="go.mgpf.it" />
+	<target host="go.mi-na.de" />
+	<target host="go.mindsize.me" />
+	<target host="go.minigrid.com" />
+	<target host="go.mintvine.com" />
+	<target host="go.minutes.io" />
+	<target host="go.mirc.no" />
+	<target host="go.mitef.org" />
+	<target host="go.mjmetts.com" />
+	<target host="go.mm1.ca" />
+	<target host="go.mmem.co" />
+	<target host="go.mmn.on.ca" />
+	<target host="go.mmobeast.com" />
+	<target host="go.mnw.it" />
+	<target host="go.mobiwatch.de" />
+	<target host="go.moesubs.com" />
+	<target host="go.monrobot.xyz" />
+	<target host="go.mooo.biz.tm" />
+	<target host="go.moraitis.org" />
+	<target host="go.more.net" />
+	<target host="go.motlow.me" />
+	<target host="go.mount.xxx" />
+	<target host="go.mozkra.com" />
+	<target host="go.mp3xd.com" />
+	<target host="go.mpp.sg" />
+	<target host="go.mrcong.com" />
+	<target host="go.mrsnorum.com" />
+	<target host="go.msba.org" />
+	<target host="go.msclics.com" />
+	<target host="go.mshaken.com" />
+	<target host="go.mssec.se" />
+	<target host="go.msuaa.com" />
+	<target host="go.mtricht.com" />
+	<target host="go.mudunuru.com" />
+	<target host="go.musafir.com" />
+	<target host="go.music.com.bd" />
+	<target host="go.mutsol.com" />
+	<target host="go.mxgnv.com" />
+	<target host="go.myafcm.com" />
+	<target host="go.myejl.com" />
+	<target host="go.myexpg.org" />
+	<target host="go.mynetx.net" />
+	<target host="go.myogc.org" />
+	<target host="go.myrsdca.com" />
+	<target host="go.mystady.com" />
+	<target host="go.myway.ma" />
+	<target host="go.mywv.net" />
+	<target host="go.naaaprtp.org" />
+	<target host="go.nacubo.org" />
+	<target host="go.nagarro.com" />
+	<target host="go.naida.com.br" />
+	<target host="go.najbo.ch" />
+	<target host="go.narbot.com" />
+	<target host="go.nas4free.org" />
+	<target host="go.nasa.gov" />
+	<target host="go.natejon.es" />
+	<target host="go.nature.com" />
+	<target host="go.nazarov.com" />
+	<target host="go.nboa.org" />
+	<target host="go.nbpa.com" />
+	<target host="go.nc4pk.net" />
+	<target host="go.ncpan.org" />
+	<target host="go.nelwel.com" />
+	<target host="go.nelwel.net" />
+	<target host="go.neovu.io" />
+	<target host="go.nesn.com" />
+	<target host="go.neto.me" />
+	<target host="go.netravnen.eu" />
+	<target host="go.netspire.nl" />
+	<target host="go.nevergone.ru" />
+	<target host="go.nevit.us" />
+	<target host="go.newnorth.io" />
+	<target host="go.nh7.in" />
+	<target host="go.nhsp.uk" />
+	<target host="go.nibyblog.pl" />
+	<target host="go.nickc.at" />
+	<target host="go.nico.is" />
+	<target host="go.ninxanh.com" />
+	<target host="go.noota.id" />
+	<target host="go.norbertc.net" />
+	<target host="go.nordops.net" />
+	<target host="go.novastar.tw" />
+	<target host="go.noveolab.com" />
+	<target host="go.nowth.is" />
+	<target host="go.nq.gl" />
+	<target host="go.nrma.com.au" />
+	<target host="go.ns1.com" />
+	<target host="go.nsit.me" />
+	<target host="go.nsone.net" />
+	<target host="go.nsychev.ru" />
+	<target host="go.ntvg.org" />
+	<target host="go.ntx.sx" />
+	<target host="go.nuvem.pw" />
+	<target host="go.nw.de" />
+	<target host="go.nwebweb.com" />
+	<target host="go.nwlb.us" />
+	<target host="go.nws.co" />
+	<target host="go.nxu.hu" />
+	<target host="go.o.school" />
+	<target host="go.o2more.de" />
+	<target host="go.oceanik.com" />
+	<target host="go.ociru.net" />
+	<target host="go.ocp.org" />
+	<target host="go.odomera.com" />
+	<target host="go.ofeks.com" />
+	<target host="go.offerta.se" />
+	<target host="go.offside.id" />
+	<target host="go.ogasuna.info" />
+	<target host="go.ola.ski" />
+	<target host="go.olrd.me" />
+	<target host="go.omf.org" />
+	<target host="go.omnada.com" />
+	<target host="go.omreddy.com" />
+	<target host="go.onsen.one" />
+	<target host="go.onwae.com" />
+	<target host="go.openco.ru" />
+	<target host="go.opie.at" />
+	<target host="go.opkn.co.uk" />
+	<target host="go.orbi.im" />
+	<target host="go.orcacon.org" />
+	<target host="go.ore-n.com" />
+	<target host="go.orx.me" />
+	<target host="go.osnetpr.com" />
+	<target host="go.ostp.gov" />
+	<target host="go.ourtime.com" />
+	<target host="go.ousd.org" />
+	<target host="go.outfithq.de" />
+	<target host="go.outora.com" />
+	<target host="go.ove.com" />
+	<target host="go.overnet.be" />
+	<target host="go.overnig.ht" />
+	<target host="go.ovink.com" />
+	<target host="go.pakible.com" />
+	<target host="go.pamortiz.net" />
+	<target host="go.pandora.net" />
+	<target host="go.pano360vr.de" />
+	<target host="go.paper.studio" />
+	<target host="go.paquette.io" />
+	<target host="go.parameta.co" />
+	<target host="go.parkhotel.nz" />
+	<target host="go.paul.pp.ua" />
+	<target host="go.paul4ta.com" />
+	<target host="go.payd.co" />
+	<target host="go.pbb.io" />
+	<target host="go.peela.com.br" />
+	<target host="go.pehrlich.com" />
+	<target host="go.pelin.me" />
+	<target host="go.perminc.com" />
+	<target host="go.pesout.eu" />
+	<target host="go.petrhroch.cz" />
+	<target host="go.ph-wbc.com" />
+	<target host="go.phl17.com" />
+	<target host="go.phractl.com" />
+	<target host="go.pierreroy.co" />
+	<target host="go.piletski.com" />
+	<target host="go.pilinux.me" />
+	<target host="go.piriform.com" />
+	<target host="go.piszek.com" />
+	<target host="go.pitp.it" />
+	<target host="go.pix11.com" />
+	<target host="go.pjt.me" />
+	<target host="go.pjtnt11.com" />
+	<target host="go.pk-rocks.com" />
+	<target host="go.pkg.cc" />
+	<target host="go.platy11.ga" />
+	<target host="go.players24.de" />
+	<target host="go.playr.at" />
+	<target host="go.pld.com.br" />
+	<target host="go.plexure.net" />
+	<target host="go.plusdz.com" />
+	<target host="go.pmc.com.br" />
+	<target host="go.pnts.us" />
+	<target host="go.pohyby.co.uk" />
+	<target host="go.pohyby.uk" />
+	<target host="go.porowski.pro" />
+	<target host="go.postable.co" />
+	<target host="go.powernet.vn" />
+	<target host="go.ppls.io" />
+	<target host="go.ppluss.de" />
+	<target host="go.prasojo.com" />
+	<target host="go.pravaapp.com" />
+	<target host="go.prbx.co" />
+	<target host="go.profab.io" />
+	<target host="go.progpf.com" />
+	<target host="go.projet21.eu" />
+	<target host="go.prtgh.eu" />
+	<target host="go.psl.org" />
+	<target host="go.ptath.ru" />
+	<target host="go.ptrck.nl" />
+	<target host="go.pulsem.me" />
+	<target host="go.pwm.cc" />
+	<target host="go.pwm.pt" />
+	<target host="go.pxa.ca" />
+	<target host="go.pxlbox.be" />
+	<target host="go.pyarb.com" />
+	<target host="go.pylon.io" />
+	<target host="go.q13fox.com" />
+	<target host="go.qbeats.com" />
+	<target host="go.qpg.us" />
+	<target host="go.qrafter.com" />
+	<target host="go.quen.vn" />
+	<target host="go.qvo.cl" />
+	<target host="go.r0x.fr" />
+	<target host="go.rajanand.org" />
+	<target host="go.ras.space" />
+	<target host="go.razgibaj.se" />
+	<target host="go.rb7yat.com" />
+	<target host="go.rbln.co" />
+	<target host="go.rcrpg.in" />
+	<target host="go.rd.vu" />
+	<target host="go.recep.me" />
+	<target host="go.reckoning.nl" />
+	<target host="go.redbrain.cz" />
+	<target host="go.redwolf.ws" />
+	<target host="go.renekirk.com" />
+	<target host="go.renerte.net" />
+	<target host="go.renesakl.com" />
+	<target host="go.renosaw.com" />
+	<target host="go.rentlit.com" />
+	<target host="go.repeal2a.com" />
+	<target host="go.requ.it" />
+	<target host="go.resolvd.io" />
+	<target host="go.ret.ag" />
+	<target host="go.revaul.com" />
+	<target host="go.reviu.tv" />
+	<target host="go.revo.pw" />
+	<target host="go.rhino.link" />
+	<target host="go.riabiz.com" />
+	<target host="go.rick.fyi" />
+	<target host="go.rieman.biz" />
+	<target host="go.riguypro.com" />
+	<target host="go.ringgle.com" />
+	<target host="go.risshd.com" />
+	<target host="go.ristri.com" />
+	<target host="go.rjf.com" />
+	<target host="go.rm.fm" />
+	<target host="go.rmb2017.de" />
+	<target host="go.rnjr.work" />
+	<target host="go.ro.my.com" />
+	<target host="go.roastrabb.it" />
+	<target host="go.robillo.name" />
+	<target host="go.rocne.ws" />
+	<target host="go.romk.im" />
+	<target host="go.roszczyk.net" />
+	<target host="go.roxot.com" />
+	<target host="go.rrz2.ml" />
+	<target host="go.rsh.sg" />
+	<target host="go.rsn.md" />
+	<target host="go.rsvp.vip" />
+	<target host="go.rubicon.com" />
+	<target host="go.rucla.nl" />
+	<target host="go.ruec.jp" />
+	<target host="go.runicgam.es" />
+	<target host="go.rvcj.tk" />
+	<target host="go.rvrs.in" />
+	<target host="go.ryanjose.com" />
+	<target host="go.ryland.com" />
+	<target host="go.s1008.ru" />
+	<target host="go.s4h.co" />
+	<target host="go.sadjad.ac.ir" />
+	<target host="go.saidblog.com" />
+	<target host="go.sainta.org" />
+	<target host="go.saksh.am" />
+	<target host="go.samanage.com" />
+	<target host="go.samraj.info" />
+	<target host="go.saraygio.com" />
+	<target host="go.satn.am" />
+	<target host="go.sav2880.net" />
+	<target host="go.savebats.org" />
+	<target host="go.say-z.com" />
+	<target host="go.scandia.us" />
+	<target host="go.scoh.gov" />
+	<target host="go.scrodille.yt" />
+	<target host="go.scrv.nr" />
+	<target host="go.sei.moe" />
+	<target host="go.semarak.news" />
+	<target host="go.sendo.vn" />
+	<target host="go.sentinel.org" />
+	<target host="go.sf.edu" />
+	<target host="go.sf.my.com" />
+	<target host="go.sfr.io" />
+	<target host="go.sfsh.com" />
+	<target host="go.sgic.com.au" />
+	<target host="go.sgio.com.au" />
+	<target host="go.sgray.me" />
+	<target host="go.shao.org" />
+	<target host="go.shbaah.com" />
+	<target host="go.she.com" />
+	<target host="go.shell.com" />
+	<target host="go.sheshops.com" />
+	<target host="go.shft.ru" />
+	<target host="go.shfx.xyz" />
+	<target host="go.shming.com" />
+	<target host="go.shop.ca" />
+	<target host="go.shore3.com" />
+	<target host="go.shovan.co.uk" />
+	<target host="go.shr.lc" />
+	<target host="go.shsu.ca" />
+	<target host="go.shubh.me" />
+	<target host="go.siadlak.com" />
+	<target host="go.sichling.de" />
+	<target host="go.siete7.org" />
+	<target host="go.silent.gg" />
+	<target host="go.sipcom.com" />
+	<target host="go.sirac.us" />
+	<target host="go.siteroll.com" />
+	<target host="go.siuato.org" />
+	<target host="go.sjsu.edu" />
+	<target host="go.skire.de" />
+	<target host="go.skuare.net" />
+	<target host="go.skyop.com" />
+	<target host="go.slangjis.org" />
+	<target host="go.slide.me" />
+	<target host="go.smay.co" />
+	<target host="go.smmthings.ru" />
+	<target host="go.smpg.com.au" />
+	<target host="go.smridh.com" />
+	<target host="go.snhusga.org" />
+	<target host="go.sofree.cc" />
+	<target host="go.softc.tw" />
+	<target host="go.sohi.to" />
+	<target host="go.sokr.at" />
+	<target host="go.sorx.co" />
+	<target host="go.souyri.com" />
+	<target host="go.sp4info.com" />
+	<target host="go.spacet.me" />
+	<target host="go.spanat.com" />
+	<target host="go.spazz.com" />
+	<target host="go.spin.com" />
+	<target host="go.spire.me" />
+	<target host="go.sponsr.us" />
+	<target host="go.spotapps.co" />
+	<target host="go.springer.io" />
+	<target host="go.spyluv.com" />
+	<target host="go.sqr.fr" />
+	<target host="go.srcr.nl" />
+	<target host="go.srvyr.com" />
+	<target host="go.srwhub.ml" />
+	<target host="go.sseverns.com" />
+	<target host="go.sspr.com" />
+	<target host="go.ssv.org" />
+	<target host="go.stake.com" />
+	<target host="go.stanish.net" />
+	<target host="go.state.co.nz" />
+	<target host="go.statefilm.co" />
+	<target host="go.staybay.com" />
+	<target host="go.stfuawsc.com" />
+	<target host="go.stijn.vc" />
+	<target host="go.sto.tw" />
+	<target host="go.strintec.com" />
+	<target host="go.stripped.co" />
+	<target host="go.styjp.com" />
+	<target host="go.styledot.ru" />
+	<target host="go.subaykan.com" />
+	<target host="go.subforum.com" />
+	<target host="go.suego.co" />
+	<target host="go.sufio.com" />
+	<target host="go.suga.tv" />
+	<target host="go.sukarne.mx" />
+	<target host="go.sully.it" />
+	<target host="go.suneel.in" />
+	<target host="go.superfats.co" />
+	<target host="go.supergr.jp" />
+	<target host="go.suu.edu" />
+	<target host="go.svetas.work" />
+	<target host="go.swfc.me" />
+	<target host="go.swigoh.com" />
+	<target host="go.swort.de" />
+	<target host="go.sy.photos" />
+	<target host="go.syahid.net" />
+	<target host="go.sylop.com" />
+	<target host="go.synapse.aero" />
+	<target host="go.synbio.info" />
+	<target host="go.syrkaz.com" />
+	<target host="go.t-ink.com" />
+	<target host="go.t0m.co" />
+	<target host="go.table.li" />
+	<target host="go.tag.com.au" />
+	<target host="go.taipei.io" />
+	<target host="go.takashi.be" />
+	<target host="go.takeshi.cc" />
+	<target host="go.tamma.ro" />
+	<target host="go.tanaja7.com" />
+	<target host="go.tanweer.xyz" />
+	<target host="go.tao.ru" />
+	<target host="go.tapiki.com" />
+	<target host="go.tappin.no" />
+	<target host="go.tarif4you.de" />
+	<target host="go.tarosite.net" />
+	<target host="go.tatasport.tk" />
+	<target host="go.tbforum.ru" />
+	<target host="go.tcom.co" />
+	<target host="go.tcpsg.net" />
+	<target host="go.tcreborn.co" />
+	<target host="go.td.com" />
+	<target host="go.tdh.me" />
+	<target host="go.teamgnh.it" />
+	<target host="go.teamsql.io" />
+	<target host="go.teamusa.org" />
+	<target host="go.tech1tek.tk" />
+	<target host="go.techreach.in" />
+	<target host="go.techsrv.biz" />
+	<target host="go.techt3.com" />
+	<target host="go.tedliou.com" />
+	<target host="go.tedxjis.com" />
+	<target host="go.tekfl.xyz" />
+	<target host="go.tekhno.tk" />
+	<target host="go.telobal.com" />
+	<target host="go.temabbm.com" />
+	<target host="go.temagami.co" />
+	<target host="go.tess.ec" />
+	<target host="go.textech.co" />
+	<target host="go.tfmes.com" />
+	<target host="go.th3arabe.tk" />
+	<target host="go.th78.me" />
+	<target host="go.thefool.it" />
+	<target host="go.theorb.chat" />
+	<target host="go.thezed.net" />
+	<target host="go.thgllc.co" />
+	<target host="go.thips.de" />
+	<target host="go.thog.church" />
+	<target host="go.thomasmai.ca" />
+	<target host="go.thp.org" />
+	<target host="go.thrivous.com" />
+	<target host="go.tiaa.org" />
+	<target host="go.tiff.gr" />
+	<target host="go.tigefa.space" />
+	<target host="go.tiket.com" />
+	<target host="go.tilap.net" />
+	<target host="go.time.sc" />
+	<target host="go.tinygeek.com" />
+	<target host="go.tiobe.com.au" />
+	<target host="go.tip.ventures" />
+	<target host="go.tiptapp.com" />
+	<target host="go.tjek24.dk" />
+	<target host="go.tjhole.uk" />
+	<target host="go.tjosm.com" />
+	<target host="go.tkwillis.com" />
+	<target host="go.tmbw.net" />
+	<target host="go.tmn.com.au" />
+	<target host="go.tnc.digital" />
+	<target host="go.tnclive.com" />
+	<target host="go.tnl.net" />
+	<target host="go.toby3d.ru" />
+	<target host="go.tod.me" />
+	<target host="go.todaytix.com" />
+	<target host="go.tofran.com" />
+	<target host="go.tojiali.com" />
+	<target host="go.tomick.pl" />
+	<target host="go.tomme.co" />
+	<target host="go.tony.io" />
+	<target host="go.tonywinn.me" />
+	<target host="go.topbrands.ru" />
+	<target host="go.topic.com" />
+	<target host="go.topista.com" />
+	<target host="go.tp-deals.de" />
+	<target host="go.tpa.onl" />
+	<target host="go.tplay.de" />
+	<target host="go.tpo.us" />
+	<target host="go.tradrec.com" />
+	<target host="go.trakt.tv" />
+	<target host="go.trayaan.com" />
+	<target host="go.tripi.vn" />
+	<target host="go.tripika.com" />
+	<target host="go.tripstr.com" />
+	<target host="go.tseytlin.com" />
+	<target host="go.tt.com" />
+	<target host="go.turnto10.com" />
+	<target host="go.tutum.co" />
+	<target host="go.twigdata.com" />
+	<target host="go.twinset.com" />
+	<target host="go.twobeasts.co" />
+	<target host="go.ty.is" />
+	<target host="go.tylerlin.com" />
+	<target host="go.tylertech.tk" />
+	<target host="go.tyrolia.com" />
+	<target host="go.uaar.it" />
+	<target host="go.uaxs.net" />
+	<target host="go.ubifan.com" />
+	<target host="go.ucpa.com" />
+	<target host="go.ucsc.edu" />
+	<target host="go.ucsd.edu" />
+	<target host="go.udafanz.com" />
+	<target host="go.udarian.com" />
+	<target host="go.uga.edu" />
+	<target host="go.uleth.ca" />
+	<target host="go.umair.me" />
+	<target host="go.umuc.edu" />
+	<target host="go.umw.edu" />
+	<target host="go.unews.today" />
+	<target host="go.unibank.az" />
+	<target host="go.unsitoweb.it" />
+	<target host="go.updl.net" />
+	<target host="go.urbexa.com" />
+	<target host="go.urosario.net" />
+	<target host="go.utpmag.com" />
+	<target host="go.uva.nl" />
+	<target host="go.uwm.edu" />
+	<target host="go.ux.ee" />
+	<target host="go.v5.nz" />
+	<target host="go.vaultone.com" />
+	<target host="go.vbvw.net" />
+	<target host="go.vc.ru" />
+	<target host="go.vcp.de" />
+	<target host="go.vcreators.co" />
+	<target host="go.veeed.com" />
+	<target host="go.vegeby.nu" />
+	<target host="go.ver.st" />
+	<target host="go.verboten.io" />
+	<target host="go.veron.sg" />
+	<target host="go.versa.design" />
+	<target host="go.vetr.com" />
+	<target host="go.vextro.io" />
+	<target host="go.vezeeta.com" />
+	<target host="go.vgn.it" />
+	<target host="go.vibrant.ai" />
+	<target host="go.vicshih.com" />
+	<target host="go.vienmy.vn" />
+	<target host="go.vinofeed.co" />
+	<target host="go.visor.co" />
+	<target host="go.vista.eu.com" />
+	<target host="go.viwel.net" />
+	<target host="go.vlogr.me" />
+	<target host="go.vmajster.ml" />
+	<target host="go.vmb.ae" />
+	<target host="go.vokurka.net" />
+	<target host="go.volpon.it" />
+	<target host="go.votare.net" />
+	<target host="go.voya.com" />
+	<target host="go.voz48.xyz" />
+	<target host="go.vpg.io" />
+	<target host="go.vrelk.com" />
+	<target host="go.vrme.tokyo" />
+	<target host="go.vsu.edu.ph" />
+	<target host="go.vtxw.com" />
+	<target host="go.vy.com.tr" />
+	<target host="go.vydia.com" />
+	<target host="go.vzfy.co" />
+	<target host="go.w2nd.com" />
+	<target host="go.waaio.com" />
+	<target host="go.walsh.im" />
+	<target host="go.watappo.com" />
+	<target host="go.watchmlp.com" />
+	<target host="go.wbgames.com" />
+	<target host="go.wcs.life" />
+	<target host="go.wdil.tv" />
+	<target host="go.wdneill.com" />
+	<target host="go.web7seas.com" />
+	<target host="go.webalpen.de" />
+	<target host="go.webhuset.no" />
+	<target host="go.webmais.com" />
+	<target host="go.webwonder.gr" />
+	<target host="go.wego.com" />
+	<target host="go.wend.io" />
+	<target host="go.west.gs" />
+	<target host="go.wevance.com" />
+	<target host="go.wevideo.com" />
+	<target host="go.wfryer.me" />
+	<target host="go.wgdm.net" />
+	<target host="go.wgno.com" />
+	<target host="go.wgntv.com" />
+	<target host="go.which.co.uk" />
+	<target host="go.whnt.com" />
+	<target host="go.widen.com" />
+	<target host="go.wifi-du.com" />
+	<target host="go.wihatools.us" />
+	<target host="go.wilko.ca" />
+	<target host="go.willzzz.ga" />
+	<target host="go.win32.io" />
+	<target host="go.wind.ca" />
+	<target host="go.wiriamu.net" />
+	<target host="go.wktk.jp" />
+	<target host="go.wod.by" />
+	<target host="go.wohlford.co" />
+	<target host="go.woobs.fi" />
+	<target host="go.workpop.com" />
+	<target host="go.workway.com" />
+	<target host="go.wos.my.com" />
+	<target host="go.wot.io" />
+	<target host="go.wrry.me" />
+	<target host="go.wsc.edu" />
+	<target host="go.wtai.moe" />
+	<target host="go.wvu.edu" />
+	<target host="go.www.bible" />
+	<target host="go.wxmi.com" />
+	<target host="go.x-m.nl" />
+	<target host="go.x2764te.ch" />
+	<target host="go.xelio.eu.org" />
+	<target host="go.xk.fi" />
+	<target host="go.xmk.ninja" />
+	<target host="go.xodc.us" />
+	<target host="go.xoynq.com" />
+	<target host="go.xpim3d.com" />
+	<target host="go.xtr.pp.ru" />
+	<target host="go.xuanhieu.org" />
+	<target host="go.xyztech.blog" />
+	<target host="go.yab.ro" />
+	<target host="go.yajug.lu" />
+	<target host="go.yallauae.xyz" />
+	<target host="go.yanda.com" />
+	<target host="go.yarn.fm" />
+	<target host="go.yarnerie.com" />
+	<target host="go.yaya.nl" />
+	<target host="go.yc.sg" />
+	<target host="go.yhub.us" />
+	<target host="go.yi.io" />
+	<target host="go.yoeori.nl" />
+	<target host="go.yogendra.me" />
+	<target host="go.youthop.com" />
+	<target host="go.yrf.me" />
+	<target host="go.z7ev3n.com" />
+	<target host="go.zando.co.za" />
+	<target host="go.zap2it.com" />
+	<target host="go.zchry.cc" />
+	<target host="go.zdemo.net" />
+	<target host="go.zeeborn.net" />
+	<target host="go.zefie.com" />
+	<target host="go.zhang.me" />
+	<target host="go.zicha.name" />
+	<target host="go.ziqi.co.uk" />
+	<target host="go.zmph.it" />
+	<target host="go.zoodisk.com" />
+	<target host="go.zu.lc" />
+	<target host="go.zvo.io" />
+	<target host="go.zyr.io" />
+	<target host="go.zyronex.com" />
+	<target host="go105.com" />
+	<target host="go1z.com" />
+	<target host="go2.awscr.org" />
+	<target host="go2.disq.us" />
+	<target host="go2.kobi5.com" />
+	<target host="go2.mundy.co" />
+	<target host="go2.mywaffl.com" />
+	<target host="go2.naka.tw" />
+	<target host="go2.nhms.org.uk" />
+	<target host="go2.pw" />
+	<target host="go2.vpml.net" />
+	<target host="go2apa.ga" />
+	<target host="go2it.uk" />
+	<target host="go2jo.us" />
+	<target host="go2url.uk" />
+	<target host="go4a.de" />
+	<target host="go4kill.co" />
+	<target host="go4url.info" />
+	<target host="go54.com" />
+	<target host="go72.de" />
+	<target host="go90.show" />
+	<target host="goabr.co" />
+	<target host="goals4u.us" />
+	<target host="goapetri.be" />
+	<target host="goaspha.lt" />
+	<target host="goat.bz" />
+	<target host="goav.es" />
+	<target host="goavt.com" />
+	<target host="goaw.pl" />
+	<target host="gobingo.pro" />
+	<target host="goblu.co" />
+	<target host="gobn.us" />
+	<target host="gobold.me" />
+	<target host="gobrn.co" />
+	<target host="gobt.me" />
+	<target host="gobuild.online" />
+	<target host="goby.nyc" />
+	<target host="gobz.in" />
+	<target host="gocan.es" />
+	<target host="gocarolinas.us" />
+	<target host="gocastl.es" />
+	<target host="gocatfish.in" />
+	<target host="gocdkeys.me" />
+	<target host="gocf.church" />
+	<target host="gockel.me" />
+	<target host="goco.re" />
+	<target host="gocol.in" />
+	<target host="godiva.cm" />
+	<target host="godl.es" />
+	<target host="godlikehd.ml" />
+	<target host="godogs.es" />
+	<target host="goduke.us" />
+	<target host="goeko.co" />
+	<target host="goeric.ca" />
+	<target host="goez.link" />
+	<target host="goez.ml" />
+	<target host="gofamz.me" />
+	<target host="gofc.co" />
+	<target host="goff.im" />
+	<target host="goff.me" />
+	<target host="goflo.pro" />
+	<target host="gofm.co" />
+	<target host="gofoi.org" />
+	<target host="gofor.cd" />
+	<target host="gofos.co" />
+	<target host="gogadget.news" />
+	<target host="goge.tv" />
+	<target host="goget.at" />
+	<target host="goget.fund" />
+	<target host="gogo.to" />
+	<target host="gogob.us" />
+	<target host="gogt.it" />
+	<target host="goguac.io" />
+	<target host="goha.bs" />
+	<target host="gohak.ly" />
+	<target host="gohe.ro" />
+	<target host="gohere.cf" />
+	<target host="gohere.fyi" />
+	<target host="gohewitt.com" />
+	<target host="gohorse.me" />
+	<target host="gohpl.com" />
+	<target host="gohps.net" />
+	<target host="gohski.es" />
+	<target host="gohwz.ws" />
+	<target host="gohy.co" />
+	<target host="goint.us" />
+	<target host="goiowa.solar" />
+	<target host="gojam.in" />
+	<target host="gojod.ga" />
+	<target host="gokangoo.com" />
+	<target host="gol.am" />
+	<target host="gold4k.ml" />
+	<target host="goldcre.st" />
+	<target host="goldenc.link" />
+	<target host="goldfarb.news" />
+	<target host="goldla.be" />
+	<target host="golead.co.vu" />
+	<target host="golekhd.ml" />
+	<target host="golep4khd.ml" />
+	<target host="goligers.travel" />
+	<target host="golodog.tk" />
+	<target host="gom.io" />
+	<target host="gom4.me" />
+	<target host="gomarc.us" />
+	<target host="gombres.ml" />
+	<target host="gomi.blog" />
+	<target host="gomina.fr" />
+	<target host="gomixte.co" />
+	<target host="gomsba.co" />
+	<target host="gondim.me" />
+	<target host="gonoir.co" />
+	<target host="gonol.es" />
+	<target host="gonyc.co" />
+	<target host="gonzal.es" />
+	<target host="goo.ee" />
+	<target host="goo.hippo.id" />
+	<target host="good.bz" />
+	<target host="good.link" />
+	<target host="good1.us" />
+	<target host="good2.click" />
+	<target host="goodbarber.co" />
+	<target host="goodeg.gs" />
+	<target host="goodmov.ml" />
+	<target host="goods-guru.ru" />
+	<target host="goodtv.ga" />
+	<target host="googl.press" />
+	<target host="googl.space" />
+	<target host="googoogi.com" />
+	<target host="gooni.es" />
+	<target host="goop.be" />
+	<target host="goovivir.com" />
+	<target host="gop.ac" />
+	<target host="gopacesetter.ca" />
+	<target host="gopalad.in" />
+	<target host="gopards.co" />
+	<target host="gopok.es" />
+	<target host="goponi.es" />
+	<target host="gopride.us" />
+	<target host="goprov.co" />
+	<target host="gopsu.info" />
+	<target host="gor.im" />
+	<target host="gor.mn" />
+	<target host="gorb.it" />
+	<target host="gordices.tk" />
+	<target host="goreal.estate" />
+	<target host="goreng4khd.ml" />
+	<target host="goril.ly" />
+	<target host="gorjaeo.us" />
+	<target host="gosdpros.com" />
+	<target host="gosex.co.vu" />
+	<target host="gosong.ml" />
+	<target host="gosongrtone.ml" />
+	<target host="gospel.mk" />
+	<target host="gospel4.life" />
+	<target host="gospir.it" />
+	<target host="gospu.rs" />
+	<target host="gostamps.co" />
+	<target host="gosw.im" />
+	<target host="got.cr" />
+	<target host="got.vote" />
+	<target host="gota.gy" />
+	<target host="gotclu.es" />
+	<target host="gotcor.al" />
+	<target host="gote7s7.ga" />
+	<target host="gotige.rs" />
+	<target host="gotil.la" />
+	<target host="gotin.st" />
+	<target host="gotk.co" />
+	<target host="goto.blitzd.uk" />
+	<target host="goto.cattes.net" />
+	<target host="goto.decing.tw" />
+	<target host="goto.dj" />
+	<target host="goto.gpalmer.me" />
+	<target host="goto.idnc.biz" />
+	<target host="goto.inspiri.ng" />
+	<target host="goto.intera.de" />
+	<target host="goto.je" />
+	<target host="goto.jy.am" />
+	<target host="goto.lto.de" />
+	<target host="goto.mattpro.hk" />
+	<target host="goto.nuola.de" />
+	<target host="goto.orcl.pro" />
+	<target host="goto.ps" />
+	<target host="goto.st" />
+	<target host="goto.thorsen.ca" />
+	<target host="goto.vipis.com" />
+	<target host="gotohotel.co.uk" />
+	<target host="gotoi.so" />
+	<target host="gotom.tg" />
+	<target host="gotom.us" />
+	<target host="gotospaces.at" />
+	<target host="gotravel.sale" />
+	<target host="gotroy.us" />
+	<target host="gourl.eu" />
+	<target host="gous.to" />
+	<target host="govc.at" />
+	<target host="govirtually.org" />
+	<target host="govsen.se" />
+	<target host="gowatchit.ml" />
+	<target host="gowav.com" />
+	<target host="gowav.es" />
+	<target host="gowl.co" />
+	<target host="goxgam.es" />
+	<target host="goxi.ps" />
+	<target host="goyang.co.vu" />
+	<target host="goydn.com" />
+	<target host="goyt.eu" />
+	<target host="goza.gs" />
+	<target host="gozamm.life" />
+	<target host="gozmk.com" />
+	<target host="gp.net.nz" />
+	<target host="gpac.link" />
+	<target host="gpage.co" />
+	<target host="gpants.co" />
+	<target host="gpc-csem.info" />
+	<target host="gph.is" />
+	<target host="gph.to" />
+	<target host="gpi.bz" />
+	<target host="gpln.us" />
+	<target host="gplnk.co" />
+	<target host="gplnk.io" />
+	<target host="gplnk.me" />
+	<target host="gplnk.us" />
+	<target host="gplsg.co" />
+	<target host="gplus.ly" />
+	<target host="gplusbrand.com" />
+	<target host="gpoa.in" />
+	<target host="gpoffers.co" />
+	<target host="gppw.online" />
+	<target host="gpr.im" />
+	<target host="gpsale.pw" />
+	<target host="gpsec.me" />
+	<target host="gpshop.co" />
+	<target host="gpsocial.co" />
+	<target host="gptd.co" />
+	<target host="gptrs.vc" />
+	<target host="gpu.yt" />
+	<target host="gpw.church" />
+	<target host="gpz.me" />
+	<target host="gqtr.to" />
+	<target host="gr-ad.xyz" />
+	<target host="gr.pn" />
+	<target host="gr0.us" />
+	<target host="gr8imag.es" />
+	<target host="gr8no.la" />
+	<target host="gr8p.co" />
+	<target host="gr8p.pl" />
+	<target host="gr8s.co" />
+	<target host="gr8sh.it" />
+	<target host="graa.co" />
+	<target host="grabase.at" />
+	<target host="grabthe.gold" />
+	<target host="grabu.ga" />
+	<target host="grace.clinic" />
+	<target host="gracecity.ch" />
+	<target host="gracemed.link" />
+	<target host="gradian.info" />
+	<target host="grafte.ch" />
+	<target host="graham.lol" />
+	<target host="grainfree.ly" />
+	<target host="gral.io" />
+	<target host="gran.gratis" />
+	<target host="gran.tl" />
+	<target host="grana.ly" />
+	<target host="grand-21.ml" />
+	<target host="grandlink.tv" />
+	<target host="grandos.ml" />
+	<target host="granfairs.biz" />
+	<target host="granutz.ml" />
+	<target host="graphicaly.ga" />
+	<target host="gras.sh" />
+	<target host="gravitybst.eu" />
+	<target host="gravityfor.ms" />
+	<target host="grb.st" />
+	<target host="grb.to" />
+	<target host="grbi.co" />
+	<target host="grbl.us" />
+	<target host="grcaymn.villas" />
+	<target host="grcgrp.co" />
+	<target host="grcld.org" />
+	<target host="grclrk.co" />
+	<target host="grda.co" />
+	<target host="grdncl.ge" />
+	<target host="grdnfresh.co" />
+	<target host="grdnt.is" />
+	<target host="grdv.se" />
+	<target host="gre.gl" />
+	<target host="greatbig.is" />
+	<target host="greatergood.me" />
+	<target host="greatppl.link" />
+	<target host="green.io" />
+	<target host="green.mn" />
+	<target host="greenam.org" />
+	<target host="greenche.st" />
+	<target host="greenho.me" />
+	<target host="greenrush.link" />
+	<target host="greenstair.ga" />
+	<target host="greenste.in" />
+	<target host="greetpoint.in" />
+	<target host="gregb.xyz" />
+	<target host="gregdeals.com" />
+	<target host="greggoodman.me" />
+	<target host="gregh.co" />
+	<target host="gregj.us" />
+	<target host="gregmorris.biz" />
+	<target host="gregslink.co" />
+	<target host="grem.link" />
+	<target host="greshams.cn" />
+	<target host="grew.al" />
+	<target host="grewis.me" />
+	<target host="gri.pw" />
+	<target host="grid7.co" />
+	<target host="gridigit.al" />
+	<target host="grim.li" />
+	<target host="grindr.me" />
+	<target host="gringo.su" />
+	<target host="grins.us" />
+	<target host="griot.me" />
+	<target host="gripnsli.de" />
+	<target host="gritb.it" />
+	<target host="gritsinthe.city" />
+	<target host="griz.co" />
+	<target host="griz.ly" />
+	<target host="grizzly.click" />
+	<target host="grji.uk" />
+	<target host="grjnk.co" />
+	<target host="grkm.co" />
+	<target host="grm.my" />
+	<target host="grmp.co" />
+	<target host="grmp.li" />
+	<target host="grmrc.us" />
+	<target host="grmrth.co" />
+	<target host="grmsqd.co" />
+	<target host="grmv.co" />
+	<target host="grmypro.co" />
+	<target host="grn.lt" />
+	<target host="grnd.gd" />
+	<target host="grnlt.info" />
+	<target host="grnol.co" />
+	<target host="grnpt.co" />
+	<target host="grnr.in" />
+	<target host="grns.in" />
+	<target host="grnt.tn" />
+	<target host="grntr.me" />
+	<target host="grny.io" />
+	<target host="groc.press" />
+	<target host="grol.sc" />
+	<target host="groov.co" />
+	<target host="groov.link" />
+	<target host="gropro.org" />
+	<target host="groupex.pro" />
+	<target host="grouponusa.co" />
+	<target host="grouv.in" />
+	<target host="grow.lk" />
+	<target host="growprof.it" />
+	<target host="growth.so" />
+	<target host="grp.vn" />
+	<target host="grpsd.co" />
+	<target host="grpy.co" />
+	<target host="grpy.us" />
+	<target host="grs.link" />
+	<target host="grssnbr.de" />
+	<target host="grt.st" />
+	<target host="grt4.us" />
+	<target host="grtplc.net" />
+	<target host="grtstyl.us" />
+	<target host="grum.us" />
+	<target host="grumpstr.info" />
+	<target host="grumpy.cat" />
+	<target host="grupoaje.com" />
+	<target host="gruus.net" />
+	<target host="grve.me" />
+	<target host="grvet.net" />
+	<target host="grvty.link" />
+	<target host="grvy.uk" />
+	<target host="grw.tech" />
+	<target host="grwi.se" />
+	<target host="grwth.io" />
+	<target host="grzr.me" />
+	<target host="gsagt.ch" />
+	<target host="gscapp.co" />
+	<target host="gsci.me" />
+	<target host="gscn.us" />
+	<target host="gscp.us" />
+	<target host="gscsa.co" />
+	<target host="gsenato.re" />
+	<target host="gsg.to" />
+	<target host="gsk.to" />
+	<target host="gsma.at" />
+	<target host="gsmdo.me" />
+	<target host="gsmed.co" />
+	<target host="gsmin.fo" />
+	<target host="gsnccp.org" />
+	<target host="gsob.co" />
+	<target host="gspl.us" />
+	<target host="gsrv.gs" />
+	<target host="gssh.co" />
+	<target host="gsskeete.com" />
+	<target host="gstand.co" />
+	<target host="gsto.co" />
+	<target host="gsto.tv" />
+	<target host="gstrbt.co" />
+	<target host="gstv.media" />
+	<target host="gstv.us" />
+	<target host="gsuite-info.com" />
+	<target host="gsut.gq" />
+	<target host="gsvy.co" />
+	<target host="gswell.fund" />
+	<target host="gsxhlp.me" />
+	<target host="gsy.me" />
+	<target host="gt-us.co" />
+	<target host="gt.2sd.ro" />
+	<target host="gt2l.com" />
+	<target host="gtar.pt" />
+	<target host="gtbgam.es" />
+	<target host="gtbl.me" />
+	<target host="gtboa.me" />
+	<target host="gtchk.it" />
+	<target host="gtclsr.com" />
+	<target host="gtcs.co" />
+	<target host="gtcvrd.am" />
+	<target host="gtders.com" />
+	<target host="gteach.xyz" />
+	<target host="gtec.ly" />
+	<target host="gtech.tk" />
+	<target host="gtex.me" />
+	<target host="gtgkd.co" />
+	<target host="gtgloss.uk" />
+	<target host="gtgn.co" />
+	<target host="gtgtgt.com" />
+	<target host="gthss.com" />
+	<target host="gtht.co" />
+	<target host="gtia.me" />
+	<target host="gties.us" />
+	<target host="gtls.io" />
+	<target host="gtma.co" />
+	<target host="gtn.events" />
+	<target host="gtn.is" />
+	<target host="gtnr.it" />
+	<target host="gtod.co" />
+	<target host="gtour.us" />
+	<target host="gtownlaw.li" />
+	<target host="gtpa.co" />
+	<target host="gtphoto.me" />
+	<target host="gtpla.net" />
+	<target host="gtran.ch" />
+	<target host="gtrc.biz" />
+	<target host="gtrgtr.uk" />
+	<target host="gtrps.org" />
+	<target host="gtruth.co" />
+	<target host="gtst.co" />
+	<target host="gtty.im" />
+	<target host="gtup.me" />
+	<target host="gturl.eu" />
+	<target host="gty.ac" />
+	<target host="gu.gd" />
+	<target host="guarde.co" />
+	<target host="guardti.me" />
+	<target host="guavap.as" />
+	<target host="guckt.info" />
+	<target host="gudangmov.ml" />
+	<target host="gudiol.info" />
+	<target host="gudirz.ml" />
+	<target host="guest.tl" />
+	<target host="gugg.gp" />
+	<target host="gugo.it" />
+	<target host="gui.do" />
+	<target host="guide-live.ml" />
+	<target host="guide-tv.ml" />
+	<target host="guide-tvhd.ml" />
+	<target host="guide-tvon.ml" />
+	<target host="guide.gq" />
+	<target host="guidefilms.gq" />
+	<target host="guideseries.ml" />
+	<target host="guidetvs.ml" />
+	<target host="gulfmeadows.org" />
+	<target host="gultd.us" />
+	<target host="gum.run" />
+	<target host="gum.sh" />
+	<target host="gunder.solar" />
+	<target host="gunn.to" />
+	<target host="gunowners.me" />
+	<target host="gure.li" />
+	<target host="gurih4k.tk" />
+	<target host="gurkanaltay.com" />
+	<target host="gurr.io" />
+	<target host="gurtn.co" />
+	<target host="guru.tattoo" />
+	<target host="gus.tw" />
+	<target host="gust.ly" />
+	<target host="gutheal.me" />
+	<target host="gutja.de" />
+	<target host="gutmann.link" />
+	<target host="gutsgus.to" />
+	<target host="gutte.rs" />
+	<target host="guya.co.uk" />
+	<target host="guyb.ca" />
+	<target host="gv18.us" />
+	<target host="gvcmtg.co" />
+	<target host="gvgb.co" />
+	<target host="gvh.bz" />
+	<target host="gvirtucio.photo" />
+	<target host="gvlhou.se" />
+	<target host="gvlt.me" />
+	<target host="gvmrkt.com" />
+	<target host="gvnkrlmr.de" />
+	<target host="gvv.io" />
+	<target host="gw.gl" />
+	<target host="gw2.link" />
+	<target host="gwalden.co" />
+	<target host="gware.tech" />
+	<target host="gwat.co" />
+	<target host="gwel.ch" />
+	<target host="gwent.co" />
+	<target host="gwgreen.us" />
+	<target host="gwh.is" />
+	<target host="gwiz.io" />
+	<target host="gwkl.de" />
+	<target host="gwl-az.org" />
+	<target host="gwlaw.co" />
+	<target host="gwlemon.com" />
+	<target host="gwmwp.us" />
+	<target host="gwnne.org" />
+	<target host="gwoodard.me" />
+	<target host="gwsb.uk" />
+	<target host="gx3.me" />
+	<target host="gxsit.es" />
+	<target host="gyazoimage.tk" />
+	<target host="gym.sh" />
+	<target host="gymcod.es" />
+	<target host="gymder.co" />
+	<target host="gyp.rocks" />
+	<target host="gyps.ws" />
+	<target host="gytu.ml" />
+	<target host="gza.cc" />
+	<target host="gzoom.me" />
+	<target host="gztsp.com" />
+	<target host="gztsp.tv" />
+	<target host="h-e.co" />
+	<target host="h-fra.me" />
+	<target host="h-mn.co" />
+	<target host="h-n-h.us" />
+	<target host="h-po.se" />
+	<target host="h-rs.me" />
+	<target host="h-urb.eu" />
+	<target host="h.alhamri.org" />
+	<target host="h.brme.us" />
+	<target host="h.diamondhom.es" />
+	<target host="h.ijoe.co" />
+	<target host="h.kabam.com" />
+	<target host="h.op3.eu" />
+	<target host="h.ope.is" />
+	<target host="h.pflueger.org" />
+	<target host="h.prendho.com" />
+	<target host="h.soni.im" />
+	<target host="h.tagsoku.jp" />
+	<target host="h.ulpv.nl" />
+	<target host="h.virus.mu" />
+	<target host="h.yper.link" />
+	<target host="h00d.ml" />
+	<target host="h0u.se" />
+	<target host="h1gh.ml" />
+	<target host="h1t4m.ml" />
+	<target host="h20.ee" />
+	<target host="h20.me" />
+	<target host="h2ote.ch" />
+	<target host="h4ckr.us" />
+	<target host="h4hweb.com" />
+	<target host="h4nn.es" />
+	<target host="h4q.me" />
+	<target host="haa.li" />
+	<target host="haaart.ly" />
+	<target host="haas.org" />
+	<target host="haase.cc" />
+	<target host="haat.ch" />
+	<target host="hab.bo" />
+	<target host="habi.to" />
+	<target host="habitat.team" />
+	<target host="hable.pw" />
+	<target host="habloo.tk" />
+	<target host="habo.ly" />
+	<target host="habt.at" />
+	<target host="hacia.info" />
+	<target host="hackednode.com" />
+	<target host="hackraid.online" />
+	<target host="hackt.co" />
+	<target host="had.li" />
+	<target host="hadepisun.ml" />
+	<target host="hadje.dj" />
+	<target host="hadleigh.eu" />
+	<target host="hafners.garden" />
+	<target host="hah.la" />
+	<target host="hai.rs" />
+	<target host="hailst.at" />
+	<target host="hairoffer.us" />
+	<target host="hairp.iq" />
+	<target host="hairsaff.co" />
+	<target host="hajj.is" />
+	<target host="haks.io" />
+	<target host="hal.buzz" />
+	<target host="halalaw.tk" />
+	<target host="halaltrip.co" />
+	<target host="halans.co" />
+	<target host="halfashed.army" />
+	<target host="halfl.io" />
+	<target host="halfsp.in" />
+	<target host="halimun.ml" />
+	<target host="halla-kora.co" />
+	<target host="hallam.co" />
+	<target host="hallchen.us" />
+	<target host="halle.co" />
+	<target host="hallo.mundo.nl" />
+	<target host="hallsbudd.io" />
+	<target host="halo4k.ml" />
+	<target host="haloinfo.tech" />
+	<target host="ham.biz" />
+	<target host="ham.ma" />
+	<target host="ham.my" />
+	<target host="hammerlane.co" />
+	<target host="hammu.mx" />
+	<target host="handr.me" />
+	<target host="hands.group" />
+	<target host="hangar.su" />
+	<target host="hanifahijab.ga" />
+	<target host="hannaelsbth.ml" />
+	<target host="hans.ws" />
+	<target host="hansaton.us" />
+	<target host="hansbr.gr" />
+	<target host="hanselyu.com" />
+	<target host="happ.ie" />
+	<target host="happyhours.mobi" />
+	<target host="happyk.at" />
+	<target host="happyp.pl" />
+	<target host="hapusdagor.ml" />
+	<target host="hapy.life" />
+	<target host="har.lt" />
+	<target host="har.rs" />
+	<target host="harc.tk" />
+	<target host="harder.me" />
+	<target host="hardyoga.co.uk" />
+	<target host="hari.is" />
+	<target host="harlem.in" />
+	<target host="harn.es" />
+	<target host="harris.co" />
+	<target host="harris24.com" />
+	<target host="harrydc.tk" />
+	<target host="harrystotle.com" />
+	<target host="hartbro.com" />
+	<target host="hartl.in" />
+	<target host="harun.me" />
+	<target host="harurung.ml" />
+	<target host="harv.pw" />
+	<target host="hasanix.co" />
+	<target host="hashi.co" />
+	<target host="hatbase.co.vu" />
+	<target host="hatchbot.io" />
+	<target host="hatchd.li" />
+	<target host="hatim.co" />
+	<target host="hatne.ws" />
+	<target host="hau.co" />
+	<target host="haul.tips" />
+	<target host="hautbra.me" />
+	<target host="havard.me" />
+	<target host="have.li" />
+	<target host="havefunhd.ml" />
+	<target host="havn.me" />
+	<target host="haweso.me" />
+	<target host="hawi.in" />
+	<target host="hay.to" />
+	<target host="haz.la" />
+	<target host="hazem.it" />
+	<target host="hazem.win" />
+	<target host="hb.pizza" />
+	<target host="hb.show" />
+	<target host="hba.io" />
+	<target host="hbags.info" />
+	<target host="hbb.me" />
+	<target host="hbbytlgy.click" />
+	<target host="hbca.co" />
+	<target host="hbdg.co" />
+	<target host="hbhire.com" />
+	<target host="hbid.org.uk" />
+	<target host="hbird.me" />
+	<target host="hbird.trade" />
+	<target host="hbjoy.co" />
+	<target host="hbkn.it" />
+	<target host="hbl.coach" />
+	<target host="hbll.link" />
+	<target host="hbn.link" />
+	<target host="hbn.ro" />
+	<target host="hbnd.org" />
+	<target host="hbnk.org" />
+	<target host="hbnote.co" />
+	<target host="hbrssylst.tk" />
+	<target host="hbs.me" />
+	<target host="hbsl.ch" />
+	<target host="hbsmoney.tips" />
+	<target host="hbst.cc" />
+	<target host="hbt.news" />
+	<target host="hbtvs.us" />
+	<target host="hbuk.co" />
+	<target host="hc4.us" />
+	<target host="hcafc.info" />
+	<target host="hcc.lv" />
+	<target host="hcd.tips" />
+	<target host="hcdeals.us" />
+	<target host="hcdi.gs" />
+	<target host="hcfun.co" />
+	<target host="hci.agency" />
+	<target host="hcice.co" />
+	<target host="hcity.co" />
+	<target host="hck.link" />
+	<target host="hckaty.com" />
+	<target host="hckn.st" />
+	<target host="hckrn.st" />
+	<target host="hclte.ch" />
+	<target host="hcm-nc.com" />
+	<target host="hcne.ws" />
+	<target host="hcnorman.info" />
+	<target host="hcortes.mx" />
+	<target host="hcp.li" />
+	<target host="hcpssne.ws" />
+	<target host="hcr8.co" />
+	<target host="hcro.nl" />
+	<target host="hcsm.io" />
+	<target host="hcsm.me" />
+	<target host="hcsmc.co" />
+	<target host="hcss.me" />
+	<target host="hctr.me" />
+	<target host="hcun.mx" />
+	<target host="hcvb.us" />
+	<target host="hcw.io" />
+	<target host="hd-1080.ml" />
+	<target host="hd-720.ml" />
+	<target host="hd-720p.ml" />
+	<target host="hd-guidetv.ga" />
+	<target host="hd-quality.ml" />
+	<target host="hd-series.ga" />
+	<target host="hd-series.ml" />
+	<target host="hd-site.com" />
+	<target host="hd-tv.ml" />
+	<target host="hd-tvs.ml" />
+	<target host="hd-tvs.tk" />
+	<target host="hd-tvseries.cf" />
+	<target host="hd-tvus.ml" />
+	<target host="hd-watch.ml" />
+	<target host="hd.at" />
+	<target host="hd.ie" />
+	<target host="hd.web.do" />
+	<target host="hd1st.com" />
+	<target host="hd3.me" />
+	<target host="hd4.us" />
+	<target host="hd4k.cf" />
+	<target host="hda.cl" />
+	<target host="hdca.ml" />
+	<target host="hdconsu.lt" />
+	<target host="hdcvr.me" />
+	<target host="hddls.co" />
+	<target host="hddvd.ml" />
+	<target host="hdepot.ca" />
+	<target host="hdfree.ga" />
+	<target host="hdfree.ml" />
+	<target host="hdigest.me" />
+	<target host="hdin.in" />
+	<target host="hdkn.co" />
+	<target host="hdlb.nl" />
+	<target host="hdnya.ml" />
+	<target host="hdp.link" />
+	<target host="hdp.rocks" />
+	<target host="hdpopcorn.ml" />
+	<target host="hdpp.ca" />
+	<target host="hdquality.ga" />
+	<target host="hdquality.ml" />
+	<target host="hdriv.es" />
+	<target host="hds.io" />
+	<target host="hdseries.ml" />
+	<target host="hdshow.ml" />
+	<target host="hdsnp.me" />
+	<target host="hdspce.co" />
+	<target host="hdspr.ng" />
+	<target host="hdstreaming.ml" />
+	<target host="hdtv-series.ml" />
+	<target host="hdtv-show.ml" />
+	<target host="hdtv.ga" />
+	<target host="hdtvmovies.cf" />
+	<target host="hdtvonline.ml" />
+	<target host="hdtvs.ml" />
+	<target host="hdtvshow.ga" />
+	<target host="hdtvshows.ga" />
+	<target host="hdtvshows.ml" />
+	<target host="hdvla.co" />
+	<target host="hdz.li" />
+	<target host="he-x.com" />
+	<target host="he.al" />
+	<target host="he.cx" />
+	<target host="he.expert" />
+	<target host="hea.li" />
+	<target host="hea.lthy.me" />
+	<target host="heada.ch" />
+	<target host="headr.es" />
+	<target host="headstre.am" />
+	<target host="heal.dog" />
+	<target host="healfi.es" />
+	<target host="healthe.info" />
+	<target host="healthia.be" />
+	<target host="healthly.co.vu" />
+	<target host="healthyiq.co" />
+	<target host="heapl.co" />
+	<target host="hearsay.social" />
+	<target host="heartstn.co" />
+	<target host="heat.st" />
+	<target host="heather.ly" />
+	<target host="heatherhas.info" />
+	<target host="heathr.me" />
+	<target host="heatm.in" />
+	<target host="hebu.co" />
+	<target host="hecg.info" />
+	<target host="hecky.es" />
+	<target host="hecp.me" />
+	<target host="hectorprats.es" />
+	<target host="hed.vg" />
+	<target host="hedge.bz" />
+	<target host="hedgl.in" />
+	<target host="hee.ro" />
+	<target host="heere.ma" />
+	<target host="hef.cc" />
+	<target host="hefr.in" />
+	<target host="hefti.at" />
+	<target host="heg.media" />
+	<target host="hehstdy.org" />
+	<target host="heikozuruck.ga" />
+	<target host="heinzmkt.in" />
+	<target host="hejobs.co" />
+	<target host="hel.me" />
+	<target host="hele.pw" />
+	<target host="helgi.me" />
+	<target host="helink.co" />
+	<target host="helk.im" />
+	<target host="hell0.ws" />
+	<target host="hello.hussa.rs" />
+	<target host="hellobk.be" />
+	<target host="hellojw.co" />
+	<target host="hellomer.ch" />
+	<target host="hellon.eu" />
+	<target host="helloworld.cc" />
+	<target host="helpb.it" />
+	<target host="helpful.im" />
+	<target host="helphandl.es" />
+	<target host="helpsolve.me" />
+	<target host="helpum.org" />
+	<target host="helpvote.us" />
+	<target host="helpy.media" />
+	<target host="hemden-de.de" />
+	<target host="hen.gr" />
+	<target host="hend.li" />
+	<target host="hendofam.com" />
+	<target host="henr.co" />
+	<target host="henr.ie" />
+	<target host="henri.link" />
+	<target host="her.is" />
+	<target host="herbco.info" />
+	<target host="herbi.es" />
+	<target host="herd.mk" />
+	<target host="here.mdoes.com" />
+	<target host="here4kuhd.ml" />
+	<target host="herego.es" />
+	<target host="herelink.ml" />
+	<target host="herit.ag" />
+	<target host="heroic.link" />
+	<target host="heros.pw" />
+	<target host="herrig.es" />
+	<target host="hersh.co" />
+	<target host="herstyler.co" />
+	<target host="herthab.sc" />
+	<target host="herzschlog.de" />
+	<target host="hes.so" />
+	<target host="hesben.ml" />
+	<target host="hespk.st" />
+	<target host="hessin.ga" />
+	<target host="hetem.la" />
+	<target host="hetkabi.net" />
+	<target host="heuncet.ml" />
+	<target host="hex.tips" />
+	<target host="hex.tw" />
+	<target host="hexgeo.co" />
+	<target host="hexlane.co.vu" />
+	<target host="hexmag.co" />
+	<target host="hey.cx" />
+	<target host="hey.us" />
+	<target host="heyaa.pl" />
+	<target host="heyad.am" />
+	<target host="heyaw.co" />
+	<target host="heyde.al" />
+	<target host="heydo.ug" />
+	<target host="heygorge.us" />
+	<target host="heym.co" />
+	<target host="heymnky.co" />
+	<target host="heynas.com" />
+	<target host="heyor.ca" />
+	<target host="heyseries.ml" />
+	<target host="heyt.im" />
+	<target host="heytextile.link" />
+	<target host="hezu.es" />
+	<target host="hf-aka.de" />
+	<target host="hf.gift" />
+	<target host="hf.ma" />
+	<target host="hfb.me" />
+	<target host="hfcac.ml" />
+	<target host="hfgl.org" />
+	<target host="hfho.me" />
+	<target host="hfit.ro" />
+	<target host="hflive.us" />
+	<target host="hfly.co" />
+	<target host="hflyer.se" />
+	<target host="hfn.me" />
+	<target host="hfsnow.eu" />
+	<target host="hfsresear.ch" />
+	<target host="hfv.in" />
+	<target host="hfwd.nl" />
+	<target host="hfweb.biz" />
+	<target host="hgapp.co" />
+	<target host="hgbye.co" />
+	<target host="hghr.se" />
+	<target host="hgr.mn" />
+	<target host="hgrh.de" />
+	<target host="hgrn.es" />
+	<target host="hgry.co" />
+	<target host="hgsd.us" />
+	<target host="hgse.me" />
+	<target host="hgwrts.la" />
+	<target host="hgyol.in" />
+	<target host="hgyt.cf" />
+	<target host="hhc.li" />
+	<target host="hhdx.co" />
+	<target host="hheroes.bg" />
+	<target host="hhh.1n.pw" />
+	<target host="hhi.hub.am" />
+	<target host="hhl.li" />
+	<target host="hhmama.co" />
+	<target host="hhs87.co" />
+	<target host="hhv.or.kr" />
+	<target host="hhvw.lt" />
+	<target host="hi.ala.bs" />
+	<target host="hi.bakingit.com" />
+	<target host="hi.biumfood.com" />
+	<target host="hi.doub.co" />
+	<target host="hi.fidorbank.uk" />
+	<target host="hi.hailiga.org" />
+	<target host="hi.johnarce.com" />
+	<target host="hi.kskv.co" />
+	<target host="hi.matejzima.cz" />
+	<target host="hi.megumi.co" />
+	<target host="hi.metafoto.de" />
+	<target host="hi.metasyn.pw" />
+	<target host="hi.monterail.co" />
+	<target host="hi.neuromore.co" />
+	<target host="hi.philpy.com" />
+	<target host="hi.scotchand.co" />
+	<target host="hi.skott.io" />
+	<target host="hia.li" />
+	<target host="hiaa.us" />
+	<target host="hiblood.me" />
+	<target host="hic.la" />
+	<target host="hich.am" />
+	<target host="hideh.co" />
+	<target host="hideout.cc" />
+	<target host="hied.be" />
+	<target host="hier.imkino.me" />
+	<target host="hier.imkino.net" />
+	<target host="hieu.lu" />
+	<target host="higgins.co.vu" />
+	<target host="higgy.be" />
+	<target host="high-low.cf" />
+	<target host="high5.info" />
+	<target host="highgate.me" />
+	<target host="highju.mp" />
+	<target host="hightjob.us" />
+	<target host="highvideo.ml" />
+	<target host="higsms.com" />
+	<target host="hiip.es" />
+	<target host="hiiv.ee" />
+	<target host="hijabcantik.id" />
+	<target host="hijk.eu" />
+	<target host="hikmah-nawe.ml" />
+	<target host="hile.mn" />
+	<target host="hillsi.de" />
+	<target host="hilt.me" />
+	<target host="hiltonfdn.org" />
+	<target host="hilxry.com" />
+	<target host="him.ac" />
+	<target host="him.lvm.pt" />
+	<target host="hin.ge" />
+	<target host="hinck.link" />
+	<target host="hip.mk" />
+	<target host="hipa.us" />
+	<target host="hipag.es" />
+	<target host="hipc.sk" />
+	<target host="hipca.mp" />
+	<target host="hipchip.me" />
+	<target host="hipercard.biz" />
+	<target host="hiphopdai.ly" />
+	<target host="hipos.co" />
+	<target host="hipr.pl" />
+	<target host="hipt.me" />
+	<target host="hiq.bz" />
+	<target host="hir.li" />
+	<target host="hir.si" />
+	<target host="hir.vu" />
+	<target host="hire4.work" />
+	<target host="hirehelp.co" />
+	<target host="hiremove.rs" />
+	<target host="hireolo.gy" />
+	<target host="hirer.cc" />
+	<target host="hiro.es" />
+	<target host="hirsty.org" />
+	<target host="his.shoes" />
+	<target host="hisa.ac" />
+	<target host="hisc.info" />
+	<target host="hismarttool.com" />
+	<target host="histne.ws" />
+	<target host="histry.us" />
+	<target host="histv.co" />
+	<target host="hit.city" />
+	<target host="hitca.se" />
+	<target host="hitech.is" />
+	<target host="hitr.ch" />
+	<target host="hitsls.ru" />
+	<target host="hiv.willys.wang" />
+	<target host="hive.us" />
+	<target host="hivelab.academy" />
+	<target host="hivene.ws" />
+	<target host="hiw.is" />
+	<target host="hiwp.me" />
+	<target host="hji.news" />
+	<target host="hjlp.dk" />
+	<target host="hjoe.eu" />
+	<target host="hjsdev.pro" />
+	<target host="hk.civil.photos" />
+	<target host="hkarmy.tv" />
+	<target host="hkatx.com" />
+	<target host="hkm.ma" />
+	<target host="hkr.tirol" />
+	<target host="hkti.es" />
+	<target host="hktshop.hk" />
+	<target host="hku.me" />
+	<target host="hkuc.co" />
+	<target host="hkun.de" />
+	<target host="hlab.tv" />
+	<target host="hlaun.ch" />
+	<target host="hlav.ac" />
+	<target host="hlbrk.net" />
+	<target host="hlc.re" />
+	<target host="hlh.fyi" />
+	<target host="hlh.scot" />
+	<target host="hli.st" />
+	<target host="hlk.ag" />
+	<target host="hllow.lt" />
+	<target host="hllywd.co" />
+	<target host="hllywdjnkt.co" />
+	<target host="hlm.tc" />
+	<target host="hlp.bz" />
+	<target host="hlp.sc" />
+	<target host="hlre.co" />
+	<target host="hlrnt.de" />
+	<target host="hlryd.in" />
+	<target host="hls.care" />
+	<target host="hlst.ee" />
+	<target host="hlt.bz" />
+	<target host="hlt.me" />
+	<target host="hlth.ch" />
+	<target host="hlvls.com" />
+	<target host="hlvy.co" />
+	<target host="hlwd.ly" />
+	<target host="hlwl.co" />
+	<target host="hlxc.uk" />
+	<target host="hly.ac" />
+	<target host="hma.io" />
+	<target host="hmas.in" />
+	<target host="hmath.me" />
+	<target host="hmbase.co" />
+	<target host="hmbase.com" />
+	<target host="hmbgr.me" />
+	<target host="hmbk.pl" />
+	<target host="hmbl.be" />
+	<target host="hmbl.vc" />
+	<target host="hmbt.co" />
+	<target host="hmcn.tk" />
+	<target host="hmdi.site" />
+	<target host="hmen.co" />
+	<target host="hmes.pl" />
+	<target host="hmex.ch" />
+	<target host="hmgtx.co" />
+	<target host="hmkt.pl" />
+	<target host="hmlab.ch" />
+	<target host="hmm.ivetime.net" />
+	<target host="hmnc.nl" />
+	<target host="hmnco.link" />
+	<target host="hmnd.co" />
+	<target host="hmng.ro" />
+	<target host="hmny.co" />
+	<target host="hmny.me" />
+	<target host="hmp.ac" />
+	<target host="hmpl.sh" />
+	<target host="hmps.se" />
+	<target host="hmpt.biz" />
+	<target host="hmrs.in" />
+	<target host="hms.media" />
+	<target host="hms.re" />
+	<target host="hms.to" />
+	<target host="hmsrc.me" />
+	<target host="hmt.lk" />
+	<target host="hmtk.co" />
+	<target host="hmtro.com" />
+	<target host="hmut.fr" />
+	<target host="hmvs.gr" />
+	<target host="hmztr.com" />
+	<target host="hnd.bz" />
+	<target host="hnd.io" />
+	<target host="hndb.uk" />
+	<target host="hndl.co" />
+	<target host="hndm.co" />
+	<target host="hndpck.co" />
+	<target host="hndpt.co" />
+	<target host="hnds.hk" />
+	<target host="hndshk.in" />
+	<target host="hnfd.co" />
+	<target host="hnfr.it" />
+	<target host="hng.me" />
+	<target host="hnglr.sn" />
+	<target host="hngry.co" />
+	<target host="hnka.co" />
+	<target host="hnkscrft.co" />
+	<target host="hnmd.co" />
+	<target host="hnnh.info" />
+	<target host="hnnng.de" />
+	<target host="hnr.gd" />
+	<target host="hnrkpall.in" />
+	<target host="hnrysc.hn" />
+	<target host="hnsdgtl.co" />
+	<target host="hnsl.mn" />
+	<target host="hnsy.co" />
+	<target host="hntd.ch" />
+	<target host="hntjmp.be" />
+	<target host="hnvr.co" />
+	<target host="hny.bz" />
+	<target host="hnycmb.co" />
+	<target host="hnz.cm" />
+	<target host="ho.ct.de" />
+	<target host="hoag.me" />
+	<target host="hoasted.link" />
+	<target host="hoaumi.ch" />
+	<target host="hobbs.link" />
+	<target host="hoc.lt" />
+	<target host="hock.in" />
+	<target host="hoco.me" />
+	<target host="hod.dog" />
+	<target host="hod.ge" />
+	<target host="hod.im" />
+	<target host="hodin.ky" />
+	<target host="hoerbiger.io" />
+	<target host="hof.fm" />
+	<target host="hogancg.net" />
+	<target host="hogarmx.co" />
+	<target host="hogn.us" />
+	<target host="hohmann.social" />
+	<target host="hola.bz" />
+	<target host="holbrook.travel" />
+	<target host="holc.im" />
+	<target host="holden.fi" />
+	<target host="holdicks.com" />
+	<target host="holes.in" />
+	<target host="holidayinn.nz" />
+	<target host="holidaytrex.me" />
+	<target host="holler.to" />
+	<target host="hollymeyer.co" />
+	<target host="hollys.me" />
+	<target host="holtrk.co" />
+	<target host="holts.io" />
+	<target host="holylpstck.com" />
+	<target host="holzboden.tips" />
+	<target host="homa.ge" />
+	<target host="homade.us" />
+	<target host="homagecph.com" />
+	<target host="homebrid.ge" />
+	<target host="homegym.pw" />
+	<target host="homeliv.in" />
+	<target host="homeplans.shop" />
+	<target host="homes.jp" />
+	<target host="hometown.world" />
+	<target host="homey.vn" />
+	<target host="hon.li" />
+	<target host="honda.us" />
+	<target host="honeyflo.co" />
+	<target host="hoodfamo.us" />
+	<target host="hoof.site" />
+	<target host="hoomtrcs.xyz" />
+	<target host="hoon.io" />
+	<target host="hoope.xyz" />
+	<target host="hoosie.rs" />
+	<target host="hootie.co" />
+	<target host="hootmama.com" />
+	<target host="hoover.ms" />
+	<target host="hop.sc" />
+	<target host="hop.social" />
+	<target host="hop.tl" />
+	<target host="hop2.it" />
+	<target host="hope4anita.com" />
+	<target host="hopefaith.us" />
+	<target host="hopehs.tk" />
+	<target host="hopest.re" />
+	<target host="hopeweb.co.uk" />
+	<target host="hopp.mihalko.eu" />
+	<target host="hopsc.co" />
+	<target host="hopsct.ch" />
+	<target host="horax.us" />
+	<target host="horl.uk" />
+	<target host="hormi.link" />
+	<target host="hornsby.law" />
+	<target host="horrormer.ch" />
+	<target host="hosdi.eu" />
+	<target host="hosre.xyz" />
+	<target host="host16.biz" />
+	<target host="host20.biz" />
+	<target host="host22.biz" />
+	<target host="host84.eu" />
+	<target host="hostgeek.host" />
+	<target host="hosting.vyu.im" />
+	<target host="hostingso.lu" />
+	<target host="hot.curry.com" />
+	<target host="hotaisl.es" />
+	<target host="hotchat4u.co" />
+	<target host="hotelsm.ag" />
+	<target host="hotler.tech" />
+	<target host="hotlineme.me" />
+	<target host="hotpixels.nz" />
+	<target host="hotrod.ly" />
+	<target host="hots69.com" />
+	<target host="hotshiitake.me" />
+	<target host="hotslots.online" />
+	<target host="hottestmovie.ga" />
+	<target host="hotw.re" />
+	<target host="hou.cab" />
+	<target host="hough.me" />
+	<target host="housemuse.us" />
+	<target host="houseolo.gy" />
+	<target host="housingca.co" />
+	<target host="hout.me" />
+	<target host="houtx.co" />
+	<target host="houtx.us" />
+	<target host="howe.bid" />
+	<target host="hoy.do" />
+	<target host="hoy.pub" />
+	<target host="hp-c.co" />
+	<target host="hp.care" />
+	<target host="hp1d.nu" />
+	<target host="hpbddy.co" />
+	<target host="hpbw.de" />
+	<target host="hpcltr.co" />
+	<target host="hpd.sh" />
+	<target host="hpda.link" />
+	<target host="hpestorage.me" />
+	<target host="hpex.io" />
+	<target host="hpfy.co" />
+	<target host="hpge.co" />
+	<target host="hpiagd.com" />
+	<target host="hpklr.be" />
+	<target host="hpm.io" />
+	<target host="hpnh.co" />
+	<target host="hppd.la" />
+	<target host="hppkt.co" />
+	<target host="hppr.co" />
+	<target host="hpst.rs" />
+	<target host="hpt.immo" />
+	<target host="hpwb.net" />
+	<target host="hpy.tax" />
+	<target host="hqihub.com" />
+	<target host="hqmov.tk" />
+	<target host="hr.919.jp" />
+	<target host="hrbar.co" />
+	<target host="hrbl.me" />
+	<target host="hrblock.io" />
+	<target host="hrbr.us" />
+	<target host="hrd.cm" />
+	<target host="hrd.world" />
+	<target host="hrer.co" />
+	<target host="hreviews.co" />
+	<target host="hrfn.cf" />
+	<target host="hrfnk.us" />
+	<target host="hrg.ms" />
+	<target host="hrhc.vegas" />
+	<target host="hrk.me" />
+	<target host="hrkey.co" />
+	<target host="hrl.do" />
+	<target host="hrla.ws" />
+	<target host="hrld.li" />
+	<target host="hrld.us" />
+	<target host="hrmtt.be" />
+	<target host="hrn.tw" />
+	<target host="hrnandz.us" />
+	<target host="hrng.us" />
+	<target host="hro.io" />
+	<target host="hrobson.uk" />
+	<target host="hrrn.net" />
+	<target host="hrrtn.co" />
+	<target host="hrtbm.tk" />
+	<target host="hrtechfest.com" />
+	<target host="hrtlnd.social" />
+	<target host="hrto.me" />
+	<target host="hrv.st" />
+	<target host="hrvth.com" />
+	<target host="hrvuit.com" />
+	<target host="hrw.io" />
+	<target host="hryb.co" />
+	<target host="hryhd.us" />
+	<target host="hrys.co" />
+	<target host="hrz.io" />
+	<target host="hs.io" />
+	<target host="hs1.in" />
+	<target host="hsalinks.com" />
+	<target host="hsc.is" />
+	<target host="hsconv.com" />
+	<target host="hscreations.net" />
+	<target host="hse.sg" />
+	<target host="hsff.us" />
+	<target host="hsfy.nl" />
+	<target host="hsgk.in" />
+	<target host="hsgo.io" />
+	<target host="hsgrys.co" />
+	<target host="hshq.us" />
+	<target host="hsht.gs" />
+	<target host="hsi.la" />
+	<target host="hskr.tk" />
+	<target host="hsn.bz" />
+	<target host="hsny.co" />
+	<target host="hsports.co" />
+	<target host="hspt.ly" />
+	<target host="hsrls.com" />
+	<target host="hssk12.co" />
+	<target host="hst.la" />
+	<target host="hstc.co" />
+	<target host="hsteup.de" />
+	<target host="hstl.co" />
+	<target host="hstrs.co" />
+	<target host="hsuk.co" />
+	<target host="hsvn.co" />
+	<target host="hsw-hm.de" />
+	<target host="hswt.eu" />
+	<target host="ht4w.com" />
+	<target host="htap.it" />
+	<target host="htb.al" />
+	<target host="htbx.eu" />
+	<target host="htdj.in" />
+	<target host="htel.io" />
+	<target host="htgb.co" />
+	<target host="htl.sc" />
+	<target host="htln.es" />
+	<target host="htlspk.com" />
+	<target host="htltn.com" />
+	<target host="html.sh" />
+	<target host="html5.gd" />
+	<target host="htmlarro.ws" />
+	<target host="htng.li" />
+	<target host="hto.ink" />
+	<target host="htqw.co" />
+	<target host="htrne.ws" />
+	<target host="htrs.co" />
+	<target host="htrtalent.com" />
+	<target host="htrvl.tk" />
+	<target host="htsh.co" />
+	<target host="httravel.us" />
+	<target host="htvn.co" />
+	<target host="htw.ac" />
+	<target host="htwb.co" />
+	<target host="htwr.co" />
+	<target host="htwt.co" />
+	<target host="htx.fyi" />
+	<target host="htz.io" />
+	<target host="hu.rgovind.com" />
+	<target host="hub.am" />
+	<target host="hub.ba" />
+	<target host="hub8.in" />
+	<target host="hubcm.us" />
+	<target host="hubcr.8iv.ca" />
+	<target host="hubl.ink" />
+	<target host="hudd.ch" />
+	<target host="huff.to" />
+	<target host="huffpost.click" />
+	<target host="huffpost.link" />
+	<target host="huflink.nl" />
+	<target host="huge.is" />
+	<target host="hugobiz.net" />
+	<target host="hugoc.at" />
+	<target host="huh.gbrsr.co" />
+	<target host="huhu.at" />
+	<target host="huify.co" />
+	<target host="huig.es" />
+	<target host="huisk.es" />
+	<target host="hul.la" />
+	<target host="hul.onl" />
+	<target host="hulaw.co" />
+	<target host="hulpmiddel.de" />
+	<target host="hulu.tv" />
+	<target host="hulumovie.ml" />
+	<target host="hulumovies.ga" />
+	<target host="hum.mn" />
+	<target host="huma.na" />
+	<target host="human.help" />
+	<target host="humankindn.es" />
+	<target host="humb.ga" />
+	<target host="hume.is" />
+	<target host="humi.li" />
+	<target host="hungching.com" />
+	<target host="hungertoho.pe" />
+	<target host="hungria.ga" />
+	<target host="hungry.cat" />
+	<target host="hurrah.gg" />
+	<target host="huseyin.me" />
+	<target host="husker.la" />
+	<target host="husmaf.us" />
+	<target host="hut.li" />
+	<target host="hutchs.bike" />
+	<target host="huuu.ge" />
+	<target host="huw.li" />
+	<target host="huynhdev.com" />
+	<target host="hvac.mn" />
+	<target host="hvdh.site" />
+	<target host="hver.it" />
+	<target host="hvgo.us" />
+	<target host="hvlink.de" />
+	<target host="hvll.cf" />
+	<target host="hvnshp.ca" />
+	<target host="hvo.link" />
+	<target host="hvper.link" />
+	<target host="hvr.co" />
+	<target host="hvs.link" />
+	<target host="hvst.co" />
+	<target host="hvst.es" />
+	<target host="hvyhvy.co" />
+	<target host="hvyl.ch" />
+	<target host="hw.zone" />
+	<target host="hwdn.uk" />
+	<target host="hwh.fyi" />
+	<target host="hwh.jp" />
+	<target host="hwi.pw" />
+	<target host="hwii.io" />
+	<target host="hwin.st" />
+	<target host="hwl.dj" />
+	<target host="hwl.fm" />
+	<target host="hwlo.link" />
+	<target host="hwp.to" />
+	<target host="hwrd.eu" />
+	<target host="hws.dj" />
+	<target host="hwtm.me" />
+	<target host="hwtz.us" />
+	<target host="hwy1.co" />
+	<target host="hwy7.co" />
+	<target host="hwy9.design" />
+	<target host="hwyl.us" />
+	<target host="hxdx.tk" />
+	<target host="hxgn.biz" />
+	<target host="hxj.me" />
+	<target host="hxp.us" />
+	<target host="hxtrs.co" />
+	<target host="hy.is" />
+	<target host="hybridsp.com" />
+	<target host="hybt.co" />
+	<target host="hydr.bz" />
+	<target host="hydro.quebec" />
+	<target host="hydrthys.tk" />
+	<target host="hye.tech" />
+	<target host="hyer.co" />
+	<target host="hyli.co.vu" />
+	<target host="hyp-r.co" />
+	<target host="hyp.zone" />
+	<target host="hypdls.de" />
+	<target host="hype.fyi" />
+	<target host="hype.st" />
+	<target host="hyper.family" />
+	<target host="hyper.fish" />
+	<target host="hyperlu.sh" />
+	<target host="hypety.pe" />
+	<target host="hypno.training" />
+	<target host="hypps.tk" />
+	<target host="hypro.co" />
+	<target host="hypsc.co" />
+	<target host="hyrd.us" />
+	<target host="hysec.us" />
+	<target host="hysk.it" />
+	<target host="hyti.eu" />
+	<target host="hyts.fr" />
+	<target host="hyv.ee" />
+	<target host="hywah.us" />
+	<target host="hywr.us" />
+	<target host="hzf.us" />
+	<target host="hzs.tips" />
+	<target host="hzw.media" />
+	<target host="hzw.press" />
+	<target host="i-2.info" />
+	<target host="i-blades.co" />
+	<target host="i-ca.mp" />
+	<target host="i-ca.pe" />
+	<target host="i-clip.ml" />
+	<target host="i-d.com.de" />
+	<target host="i-de.eu" />
+	<target host="i-e-c.in" />
+	<target host="i-hab.it" />
+	<target host="i-m.tech" />
+	<target host="i-nd.com" />
+	<target host="i-play.ml" />
+	<target host="i-rn.fr" />
+	<target host="i.1mlnlks.com" />
+	<target host="i.23.design" />
+	<target host="i.2techup.com" />
+	<target host="i.4hm.uk" />
+	<target host="i.aaxs.org" />
+	<target host="i.accu.fm" />
+	<target host="i.adamevers.com" />
+	<target host="i.adithya.pw" />
+	<target host="i.aminmkhan.com" />
+	<target host="i.andydelso.com" />
+	<target host="i.appforall.ir" />
+	<target host="i.arantxanb.net" />
+	<target host="i.arora.pl" />
+	<target host="i.ase.dk" />
+	<target host="i.aug.co" />
+	<target host="i.bashfoo.com" />
+	<target host="i.bdpstprk.com" />
+	<target host="i.beatroom.com" />
+	<target host="i.belgaum.city" />
+	<target host="i.benm.at" />
+	<target host="i.bhusal.com.np" />
+	<target host="i.bingo" />
+	<target host="i.blakesubo.net" />
+	<target host="i.bpublic.com" />
+	<target host="i.brajo.co.uk" />
+	<target host="i.buraga.org" />
+	<target host="i.cads.cz" />
+	<target host="i.care.ly" />
+	<target host="i.cheungr.com" />
+	<target host="i.chlf.re" />
+	<target host="i.ci8.ca" />
+	<target host="i.cia.bz" />
+	<target host="i.coplat.io" />
+	<target host="i.corefilms.uk" />
+	<target host="i.cozzyland.com" />
+	<target host="i.crownma.de" />
+	<target host="i.cryptoa.us" />
+	<target host="i.cuisillos.com" />
+	<target host="i.curt.co" />
+	<target host="i.cybereros.com" />
+	<target host="i.dejori.me" />
+	<target host="i.devel.sa" />
+	<target host="i.dgro.me" />
+	<target host="i.dhaeye.re" />
+	<target host="i.diarioip.com" />
+	<target host="i.digby.us" />
+	<target host="i.digiteam.net" />
+	<target host="i.dlayphoto.com" />
+	<target host="i.dnel.us" />
+	<target host="i.doctv.gr" />
+	<target host="i.dpavlik.cz" />
+	<target host="i.drakontia.com" />
+	<target host="i.drawy.xyz" />
+	<target host="i.drinkneu.com" />
+	<target host="i.dsolutions.sg" />
+	<target host="i.ea.com" />
+	<target host="i.earn.org" />
+	<target host="i.earnup.com" />
+	<target host="i.edwinw.ee" />
+	<target host="i.envieapp.com" />
+	<target host="i.examgk.com" />
+	<target host="i.exsarr.com" />
+	<target host="i.fabian.mx" />
+	<target host="i.fameal.com.ar" />
+	<target host="i.finccom.com" />
+	<target host="i.fj2.ru" />
+	<target host="i.flp.tw" />
+	<target host="i.flubox.fr" />
+	<target host="i.foca.in" />
+	<target host="i.gaenali.pe.kr" />
+	<target host="i.gathering.org" />
+	<target host="i.geofff.com" />
+	<target host="i.gerresdpm.com" />
+	<target host="i.glui.me" />
+	<target host="i.go.asia" />
+	<target host="i.gotzippy.com" />
+	<target host="i.grabr.io" />
+	<target host="i.grolex.eu" />
+	<target host="i.gsat.cl" />
+	<target host="i.hermansson.io" />
+	<target host="i.hfahmy.net" />
+	<target host="i.hobo.im" />
+	<target host="i.i4shivam.com" />
+	<target host="i.iduon.co.kr" />
+	<target host="i.inelemento.it" />
+	<target host="i.inink.cz" />
+	<target host="i.insidific.com" />
+	<target host="i.iot-valley.fr" />
+	<target host="i.iot.do" />
+	<target host="i.jfv.es" />
+	<target host="i.jmlagapa.com" />
+	<target host="i.jmui.net" />
+	<target host="i.jpd.ms" />
+	<target host="i.jspeaks.com" />
+	<target host="i.justinrez.com" />
+	<target host="i.jwie.be" />
+	<target host="i.kaniska.in" />
+	<target host="i.kdev.me" />
+	<target host="i.keyxi.com" />
+	<target host="i.koove.co" />
+	<target host="i.krg.sk" />
+	<target host="i.ktld.co.uk" />
+	<target host="i.kyledavid.com" />
+	<target host="i.kylero.se" />
+	<target host="i.l2df.com" />
+	<target host="i.lashb.ac" />
+	<target host="i.learnict.it" />
+	<target host="i.like.ie" />
+	<target host="i.lilsixty.com" />
+	<target host="i.living.is" />
+	<target host="i.lja.mx" />
+	<target host="i.llbarkat.com" />
+	<target host="i.lokerbox.com" />
+	<target host="i.lucaswyte.com" />
+	<target host="i.luke.in" />
+	<target host="i.mad.ph" />
+	<target host="i.makitra.in" />
+	<target host="i.max-stone.jp" />
+	<target host="i.mcnary.me" />
+	<target host="i.meechan.co" />
+	<target host="i.metodi.ca" />
+	<target host="i.mnew.us" />
+	<target host="i.modrykonik.cz" />
+	<target host="i.modrykonik.sk" />
+	<target host="i.monch.ee" />
+	<target host="i.monk.co.in" />
+	<target host="i.morecon.jp" />
+	<target host="i.mostafa.info" />
+	<target host="i.mrtr.jp" />
+	<target host="i.mtgjudge.net" />
+	<target host="i.mybine.com" />
+	<target host="i.n8thnl8ng.me" />
+	<target host="i.neox.fm" />
+	<target host="i.nhg-homer.org" />
+	<target host="i.nico.ski" />
+	<target host="i.nierhoff.info" />
+	<target host="i.nishs.com" />
+	<target host="i.nv8.org" />
+	<target host="i.obj.no" />
+	<target host="i.onico.com.mx" />
+	<target host="i.oozo.tv" />
+	<target host="i.openhouses.do" />
+	<target host="i.ori.pp.ua" />
+	<target host="i.p45.ca" />
+	<target host="i.pavl.me" />
+	<target host="i.pbsm.us" />
+	<target host="i.pcollaog.cl" />
+	<target host="i.penthouse.nu" />
+	<target host="i.phang.org" />
+	<target host="i.pickin.gs" />
+	<target host="i.ping-go.com" />
+	<target host="i.pnw.io" />
+	<target host="i.ppz.com" />
+	<target host="i.prvld.me" />
+	<target host="i.pubu.tw" />
+	<target host="i.pvg.io" />
+	<target host="i.pycl.in" />
+	<target host="i.q-url.co" />
+	<target host="i.qlutch.me" />
+	<target host="i.rafam.co" />
+	<target host="i.rahidelvi.ca" />
+	<target host="i.raus.co" />
+	<target host="i.raywu.co" />
+	<target host="i.rchb.sh" />
+	<target host="i.redimedia.net" />
+	<target host="i.rias.be" />
+	<target host="i.rileco.info" />
+	<target host="i.rixv.net" />
+	<target host="i.riyas.in" />
+	<target host="i.roidsmall.org" />
+	<target host="i.ronnylam.nl" />
+	<target host="i.rryl.me" />
+	<target host="i.saigonit.com" />
+	<target host="i.sam.fyi" />
+	<target host="i.samh.fyi" />
+	<target host="i.sanshi.ro" />
+	<target host="i.screa.ch" />
+	<target host="i.scroll.am" />
+	<target host="i.scrollbol.com" />
+	<target host="i.scrolldit.com" />
+	<target host="i.scrolly.nl" />
+	<target host="i.sendly.com" />
+	<target host="i.serversky.no" />
+	<target host="i.shanelife.com" />
+	<target host="i.shoemakk.com" />
+	<target host="i.shparvez.net" />
+	<target host="i.shuhan.us" />
+	<target host="i.slim.in" />
+	<target host="i.sprybear.com" />
+	<target host="i.srijit.com" />
+	<target host="i.sshare.ca" />
+	<target host="i.stda.vn" />
+	<target host="i.stv.tv" />
+	<target host="i.stv2.tv" />
+	<target host="i.subselfie.com" />
+	<target host="i.sumotive.com" />
+	<target host="i.sure.guru" />
+	<target host="i.swapsocks.com" />
+	<target host="i.swcw.me" />
+	<target host="i.swish.design" />
+	<target host="i.szocialis.net" />
+	<target host="i.tad.im" />
+	<target host="i.tcall.me" />
+	<target host="i.tgu.ca" />
+	<target host="i.thms.be" />
+	<target host="i.tippvet.com" />
+	<target host="i.tokencs.ca" />
+	<target host="i.tr.cx" />
+	<target host="i.truong.asia" />
+	<target host="i.tvit.cz" />
+	<target host="i.ubbai.me" />
+	<target host="i.ubn.jobs" />
+	<target host="i.upv.es" />
+	<target host="i.urlb.ag" />
+	<target host="i.utb.cc" />
+	<target host="i.vericz.com" />
+	<target host="i.victor.moe" />
+	<target host="i.warketing.cl" />
+	<target host="i.webevize.cz" />
+	<target host="i.webgeek.ph" />
+	<target host="i.wem.mx" />
+	<target host="i.weylyn.uk" />
+	<target host="i.wezo.co" />
+	<target host="i.wgn.sa" />
+	<target host="i.wish.org" />
+	<target host="i.wms.com" />
+	<target host="i.wombiapps.com" />
+	<target host="i.wp.help" />
+	<target host="i.wyznajemy.com" />
+	<target host="i.yjfx.jp" />
+	<target host="i.zkar.com" />
+	<target host="i.znt.li" />
+	<target host="i.zooettes.com" />
+	<target host="i1v.us" />
+	<target host="i22.me" />
+	<target host="i24.us" />
+	<target host="i2c.no" />
+	<target host="i2r.in" />
+	<target host="i3.media" />
+	<target host="i3l.ir" />
+	<target host="i42r.nl" />
+	<target host="i4sc.me" />
+	<target host="i4u.kr" />
+	<target host="i4url.com" />
+	<target host="i5c.us" />
+	<target host="i66.in" />
+	<target host="i7.tj" />
+	<target host="i8p.us" />
+	<target host="i8s.us" />
+	<target host="i9sergipe.com" />
+	<target host="ia.do" />
+	<target host="ia529.us" />
+	<target host="iaas.jetzt" />
+	<target host="iabe.jp" />
+	<target host="iac.ac" />
+	<target host="iachiv.co" />
+	<target host="iada.ml" />
+	<target host="iaddict.co" />
+	<target host="iadr.co" />
+	<target host="iafl.tv" />
+	<target host="iaj.jp" />
+	<target host="iakn.us" />
+	<target host="ialcalde.es" />
+	<target host="iald.me" />
+	<target host="ialexander.me" />
+	<target host="ialinks.net" />
+	<target host="iam.ec" />
+	<target host="iam.ij.org" />
+	<target host="iam.ms" />
+	<target host="iam.re" />
+	<target host="iam.ziad.com" />
+	<target host="iam4.me" />
+	<target host="iambik.es" />
+	<target host="iambishat.com" />
+	<target host="iambleona.net" />
+	<target host="iambosch.dk" />
+	<target host="iamc.co" />
+	<target host="iamcherm.ac" />
+	<target host="iamdba.pro" />
+	<target host="iamisabel.la" />
+	<target host="iamjai.me" />
+	<target host="iamjen.co" />
+	<target host="iamjenn.net" />
+	<target host="iamji.net" />
+	<target host="iamk.biz" />
+	<target host="iamkj.us" />
+	<target host="iaml.co" />
+	<target host="iamn.at" />
+	<target host="iamne.ws" />
+	<target host="iampp.in" />
+	<target host="iamro.be" />
+	<target host="ian.cx" />
+	<target host="ian.lt" />
+	<target host="ian.so" />
+	<target host="ianl.info" />
+	<target host="ianmart.in" />
+	<target host="ianp.co" />
+	<target host="ians.ch" />
+	<target host="iantromp.link" />
+	<target host="iape.in" />
+	<target host="iapros.co" />
+	<target host="iaq.nu" />
+	<target host="iarchiv.es" />
+	<target host="iasbo.tools" />
+	<target host="iasen.gop" />
+	<target host="iass.co" />
+	<target host="iatse.co" />
+	<target host="ib-g.me" />
+	<target host="ibambini.shop" />
+	<target host="ibcacoach.es" />
+	<target host="ibec.me" />
+	<target host="ibeg.ml" />
+	<target host="ibex.as" />
+	<target host="ibg.tw" />
+	<target host="ibinktv.ml" />
+	<target host="ibiy.net" />
+	<target host="ibm.co" />
+	<target host="ibmne.ws" />
+	<target host="ibnz.io" />
+	<target host="ibpfmobile.com" />
+	<target host="ibs.la" />
+	<target host="ibstyle.info" />
+	<target host="ibuc.co" />
+	<target host="ibur.nu" />
+	<target host="ibww.eu" />
+	<target host="ibxa.net" />
+	<target host="ibz.cc" />
+	<target host="ic.je" />
+	<target host="ic.nu" />
+	<target host="ic.tlig.org" />
+	<target host="ic1p.com" />
+	<target host="icad.ae" />
+	<target host="ical.hbloom.com" />
+	<target host="ical.yc.sg" />
+	<target host="icalab.com" />
+	<target host="icaptl.net" />
+	<target host="icar.us" />
+	<target host="icareifu.li" />
+	<target host="icat.ch" />
+	<target host="icelol.ly" />
+	<target host="icflorida.us" />
+	<target host="icflw.co" />
+	<target host="icfy.ch" />
+	<target host="icg.pm" />
+	<target host="icgne.ws" />
+	<target host="icgx.co" />
+	<target host="ichi.link" />
+	<target host="ichime.in" />
+	<target host="ichitaso.xyz" />
+	<target host="ichr.it" />
+	<target host="ichrt.co" />
+	<target host="ichs.co" />
+	<target host="ichs.es" />
+	<target host="icibarb.es" />
+	<target host="icikiwir.ml" />
+	<target host="iciprop.info" />
+	<target host="ickk.es" />
+	<target host="ickl.co" />
+	<target host="iclubs.co" />
+	<target host="icn.ms" />
+	<target host="icnaweb.com" />
+	<target host="icnc.io" />
+	<target host="icnt.re" />
+	<target host="ico.al" />
+	<target host="icolo.gy" />
+	<target host="icp-c.com" />
+	<target host="icrav.it" />
+	<target host="icrib.link" />
+	<target host="icsh.pt" />
+	<target host="icsu.co" />
+	<target host="ict4.school" />
+	<target host="ictindel.es" />
+	<target host="ictrl.co" />
+	<target host="icur.so" />
+	<target host="icw.ink" />
+	<target host="icy.fyi" />
+	<target host="id.dokyasde.com" />
+	<target host="id.idnc.link" />
+	<target host="id.restuak.com" />
+	<target host="id.roniocta.in" />
+	<target host="idac.me" />
+	<target host="idahostateu.com" />
+	<target host="idalink.org" />
+	<target host="idaspeaks.com" />
+	<target host="idb.fm" />
+	<target host="idcc.me" />
+	<target host="idd.cloud" />
+	<target host="iddg.me" />
+	<target host="ide.la" />
+	<target host="ide.st" />
+	<target host="ideac.at" />
+	<target host="ideal.jobs" />
+	<target host="idealco.link" />
+	<target host="idealse.at" />
+	<target host="ideatorinc.co" />
+	<target host="ideias.vc" />
+	<target host="idek.lol" />
+	<target host="idek.pw" />
+	<target host="idelgado.org" />
+	<target host="idento.link" />
+	<target host="ideo.pn" />
+	<target host="idfo.in" />
+	<target host="idfra.me" />
+	<target host="idg.me" />
+	<target host="idglink.xyz" />
+	<target host="idh.lu" />
+	<target host="idhc.co.vu" />
+	<target host="idiom.as" />
+	<target host="idlaun.ch" />
+	<target host="idm.re" />
+	<target host="idmdc.tips" />
+	<target host="idol.pe" />
+	<target host="idola.to" />
+	<target host="idsn.ws" />
+	<target host="idte.ch" />
+	<target host="idtheft.center" />
+	<target host="idus.co" />
+	<target host="idxl.xyz" />
+	<target host="idxprts.co" />
+	<target host="iedm.io" />
+	<target host="iedr.io" />
+	<target host="ieeesa.io" />
+	<target host="iem.gg" />
+	<target host="ieni.net" />
+	<target host="ietv.co" />
+	<target host="ieup.fr" />
+	<target host="iewc.info" />
+	<target host="ifacility.news" />
+	<target host="ifasic.be" />
+	<target host="ifc.tv" />
+	<target host="ifcs.co" />
+	<target host="ifeb.co" />
+	<target host="ifes.world" />
+	<target host="ifest.me" />
+	<target host="iff.pm" />
+	<target host="ifitnaweb.com" />
+	<target host="ifix.gd" />
+	<target host="ifl.gd" />
+	<target host="ifla.news" />
+	<target host="iflixs.usa.cc" />
+	<target host="ifn.by" />
+	<target host="ifonea.me" />
+	<target host="ifonly.co" />
+	<target host="ifood.mobi" />
+	<target host="ifoodarg.com" />
+	<target host="ifra.ga" />
+	<target host="ifrk.ch" />
+	<target host="ifro.gq" />
+	<target host="ift.tt" />
+	<target host="ifxm.ag" />
+	<target host="ig.amdrd.com" />
+	<target host="ig.catst.co" />
+	<target host="ig.forzausa.co" />
+	<target host="ig.gy" />
+	<target host="igalen.co" />
+	<target host="igalen.pro" />
+	<target host="igbfs.uk" />
+	<target host="igf.asia" />
+	<target host="igg.ms" />
+	<target host="ighq.us" />
+	<target host="igi.gs" />
+	<target host="igi.tips" />
+	<target host="igl.to" />
+	<target host="iglnk.co" />
+	<target host="igloodis.co" />
+	<target host="iglooho.me" />
+	<target host="ign.tn" />
+	<target host="ignas.link" />
+	<target host="ignc.es" />
+	<target host="ignt.biz" />
+	<target host="ignyt.co" />
+	<target host="ignyte.io" />
+	<target host="igo.tl" />
+	<target host="igo.zamdy.com" />
+	<target host="igonline.info" />
+	<target host="igorbellino.com" />
+	<target host="igorlik.es" />
+	<target host="igotground.co" />
+	<target host="igsha.co" />
+	<target host="iguate.me" />
+	<target host="iguillau.me" />
+	<target host="iguy.me" />
+	<target host="igw.link" />
+	<target host="igworkshops.com" />
+	<target host="igy.me" />
+	<target host="ihart.la" />
+	<target host="ihc.wtf" />
+	<target host="ihcc.us" />
+	<target host="iheartdogs.co" />
+	<target host="ihenow.com" />
+	<target host="ihg.link" />
+	<target host="ihh.cl" />
+	<target host="ihikyuk.gq" />
+	<target host="ihin.es" />
+	<target host="ihip.me" />
+	<target host="ihit.co" />
+	<target host="ihl1.ca" />
+	<target host="ihla.us" />
+	<target host="ihm.to" />
+	<target host="ihose.co" />
+	<target host="ihous.eu" />
+	<target host="ihq.im" />
+	<target host="ihr.fm" />
+	<target host="ii.cx" />
+	<target host="ii.lc" />
+	<target host="iice.co" />
+	<target host="iid.io" />
+	<target host="iii.1n.pw" />
+	<target host="iimani.com" />
+	<target host="iitm.be" />
+	<target host="ija.red" />
+	<target host="ijar.us" />
+	<target host="ijat.me" />
+	<target host="ijes.se" />
+	<target host="ijli.co.uk" />
+	<target host="ik.apps123.com" />
+	<target host="ik.cm" />
+	<target host="ike.agency" />
+	<target host="ikeapers.com" />
+	<target host="ikeda.me" />
+	<target host="ikegps.biz" />
+	<target host="ikes.org" />
+	<target host="ikin.ci" />
+	<target host="ikio.sk" />
+	<target host="ikkehkimochi.ml" />
+	<target host="iko.io" />
+	<target host="iks777.com" />
+	<target host="iksa.me" />
+	<target host="ikut.in" />
+	<target host="il.otatmo.com" />
+	<target host="il1.pl" />
+	<target host="ilic.co" />
+	<target host="ilicards.com" />
+	<target host="ilinkly.com" />
+	<target host="ilizu.link" />
+	<target host="ilkka.rocks" />
+	<target host="illert.biz" />
+	<target host="illi.gl" />
+	<target host="illin.is" />
+	<target host="illnz.link" />
+	<target host="illq.net" />
+	<target host="illu.link" />
+	<target host="illum.ie" />
+	<target host="illum.in" />
+	<target host="ilm4.us" />
+	<target host="ilovedogs.ws" />
+	<target host="ilovep.nl" />
+	<target host="ilq.qa" />
+	<target host="ilsd.co" />
+	<target host="ilsendems.co" />
+	<target host="ilsfdc.co" />
+	<target host="ilust.re" />
+	<target host="iluvused.us" />
+	<target host="ilv.re" />
+	<target host="ilx.media" />
+	<target host="ilyam.design" />
+	<target host="ilyanaza-lun.tk" />
+	<target host="im.ag" />
+	<target host="im.jasp.re" />
+	<target host="im.mari.am" />
+	<target host="im.my" />
+	<target host="im.notnice.co" />
+	<target host="im.ondr.co" />
+	<target host="im.zaeem.me" />
+	<target host="im4.uct.org" />
+	<target host="ima.vc" />
+	<target host="image-pics.com" />
+	<target host="imaginif.eu" />
+	<target host="imang.us" />
+	<target host="imanol.mx" />
+	<target host="imata.co" />
+	<target host="imb.world" />
+	<target host="imcatv.me" />
+	<target host="imda.sg" />
+	<target host="imdb-21.ml" />
+	<target host="imdb-hd.ml" />
+	<target host="imdb-tv.ml" />
+	<target host="imdb.to" />
+	<target host="imdb2017.ml" />
+	<target host="imdbmovie.ml" />
+	<target host="imdbseries.ml" />
+	<target host="imdbshow.ga" />
+	<target host="imdbtv.gq" />
+	<target host="imdo.xyz" />
+	<target host="imemories.us" />
+	<target host="imend.co" />
+	<target host="imfb.me" />
+	<target host="img.airy.co" />
+	<target host="img.drupup.com" />
+	<target host="img.spog.ga" />
+	<target host="imga.pro" />
+	<target host="imgdc.us" />
+	<target host="imgdes.pro" />
+	<target host="imgfrg.co" />
+	<target host="imgn.to" />
+	<target host="imgnt.it" />
+	<target host="imgry.net" />
+	<target host="imgsm.it" />
+	<target host="imgur.wiki" />
+	<target host="imja.me" />
+	<target host="imkmr.ga" />
+	<target host="imlarry.me" />
+	<target host="imld.ru" />
+	<target host="imlink.ch" />
+	<target host="imlink.info" />
+	<target host="immi.fm" />
+	<target host="immortale.be" />
+	<target host="immrs.in" />
+	<target host="immv.re" />
+	<target host="imnky.com" />
+	<target host="imov.tk" />
+	<target host="imoviejkt48.ml" />
+	<target host="impac.tw" />
+	<target host="impact.ac" />
+	<target host="impacthub.life" />
+	<target host="impc.co" />
+	<target host="impct.at" />
+	<target host="impctnm.com" />
+	<target host="imperials.info" />
+	<target host="impl.cg" />
+	<target host="implant-us.link" />
+	<target host="impls.bz" />
+	<target host="impression.tips" />
+	<target host="imprl.biz" />
+	<target host="impro.club" />
+	<target host="imprsd.co" />
+	<target host="impsbl.es" />
+	<target host="impx.tv" />
+	<target host="impz.io" />
+	<target host="imre.io" />
+	<target host="ims.run" />
+	<target host="ims.to" />
+	<target host="imsh.co" />
+	<target host="imsr.me" />
+	<target host="imt.gg" />
+	<target host="imva.in" />
+	<target host="imw.today" />
+	<target host="imwo.co" />
+	<target host="imxp.co" />
+	<target host="in-d.fm" />
+	<target host="in.amny.com" />
+	<target host="in.angop.ao" />
+	<target host="in.ckbe.at" />
+	<target host="in.ehayashi.com" />
+	<target host="in.elisete.com" />
+	<target host="in.elysia.me" />
+	<target host="in.eric.pe" />
+	<target host="in.eveoh.nl" />
+	<target host="in.fluence.us" />
+	<target host="in.flux.com" />
+	<target host="in.gagsmojo.com" />
+	<target host="in.koop.to" />
+	<target host="in.leonflam.com" />
+	<target host="in.mofi.in" />
+	<target host="in.optibac.com" />
+	<target host="in.sane.pro" />
+	<target host="in.spidea.in" />
+	<target host="in.trac.to" />
+	<target host="in.turklr.com" />
+	<target host="in.virginia.edu" />
+	<target host="in.wayj.me" />
+	<target host="in2.se" />
+	<target host="in26.fr" />
+	<target host="in2m.gr" />
+	<target host="in30.co" />
+	<target host="inaaya.pk" />
+	<target host="inahat.co" />
+	<target host="inbnd.co" />
+	<target host="inbnd.ly" />
+	<target host="inbound.camp" />
+	<target host="inbound.onl" />
+	<target host="inboxto.us" />
+	<target host="inbx.in" />
+	<target host="incam.xyz" />
+	<target host="incant.tk" />
+	<target host="ince.co" />
+	<target host="inci.to" />
+	<target host="inco.re" />
+	<target host="inconis.tk" />
+	<target host="incre.me" />
+	<target host="incredbl.co" />
+	<target host="incub.io" />
+	<target host="ind.pn" />
+	<target host="inda.ba" />
+	<target host="indanc.uk" />
+	<target host="indeedhi.re" />
+	<target host="indi.li" />
+	<target host="indi.rocks" />
+	<target host="indi.uno" />
+	<target host="indianhor.se" />
+	<target host="indibe.at" />
+	<target host="indiegam.es" />
+	<target host="indig.ooo" />
+	<target host="indiga.cc" />
+	<target host="indl.it" />
+	<target host="indlgnthmn.com" />
+	<target host="indobol.tk" />
+	<target host="indogeni.us" />
+	<target host="indp.co" />
+	<target host="indr.co" />
+	<target host="indrw.co" />
+	<target host="indw.es" />
+	<target host="indy.media" />
+	<target host="indy.st" />
+	<target host="indycar.link" />
+	<target host="ine.do" />
+	<target host="inevents.se" />
+	<target host="inf.shoes" />
+	<target host="inf.tips" />
+	<target host="infa.media" />
+	<target host="infi.ml" />
+	<target host="infin.ca" />
+	<target host="infinid.at" />
+	<target host="infl.me" />
+	<target host="influ.co" />
+	<target host="infm.us" />
+	<target host="infmgk.pl" />
+	<target host="info.binary.com" />
+	<target host="info.dgt.es" />
+	<target host="info.dplmo.com" />
+	<target host="info.dwyr.com" />
+	<target host="info.jkv-bw.de" />
+	<target host="info.tacc.cloud" />
+	<target host="info.timst.com" />
+	<target host="infob.ae" />
+	<target host="infogrow.us" />
+	<target host="infokuis.xyz" />
+	<target host="infopros.com.au" />
+	<target host="infor.mr" />
+	<target host="inforge.re" />
+	<target host="informer.onl" />
+	<target host="infosec.ly" />
+	<target host="infst.co" />
+	<target host="infun.nl" />
+	<target host="infus.me" />
+	<target host="infy.com" />
+	<target host="ingfuzz.co" />
+	<target host="ingn.it" />
+	<target host="ingobecker.me" />
+	<target host="ingqca.org" />
+	<target host="ingrass.me" />
+	<target host="ingressos.biz" />
+	<target host="ingsoc.tk" />
+	<target host="ingu.io" />
+	<target host="inh.im" />
+	<target host="inhd.tk" />
+	<target host="inhk.us" />
+	<target host="ini.es" />
+	<target host="iniego4u.com" />
+	<target host="ininja.it" />
+	<target host="inkblot.link" />
+	<target host="inkfeet.in" />
+	<target host="inkw.us" />
+	<target host="inm.to" />
+	<target host="inmap.org" />
+	<target host="inmb.mx" />
+	<target host="inmktg.it" />
+	<target host="inmn.io" />
+	<target host="inmr.st" />
+	<target host="innamincka.pub" />
+	<target host="innermo.st" />
+	<target host="innid.co" />
+	<target host="innmb.com" />
+	<target host="inno.im" />
+	<target host="innv.at" />
+	<target host="innvt.it" />
+	<target host="ino.to" />
+	<target host="inolx.co" />
+	<target host="inpx.it" />
+	<target host="inq.ph" />
+	<target host="inqs.tv" />
+	<target host="inread.de" />
+	<target host="inrtm.pl" />
+	<target host="ins.iotne.ws" />
+	<target host="ins.ms" />
+	<target host="insattva.co" />
+	<target host="inscape.me" />
+	<target host="insd.io" />
+	<target host="insder.co" />
+	<target host="insdprgrmmtc.co" />
+	<target host="insdr.co" />
+	<target host="insdu.de" />
+	<target host="insecta.shoes" />
+	<target host="insf.co" />
+	<target host="insft.co" />
+	<target host="insightsgtd.nl" />
+	<target host="insightsqua.red" />
+	<target host="insili.co" />
+	<target host="insir.is" />
+	<target host="insit.es" />
+	<target host="insivia.social" />
+	<target host="insom.co" />
+	<target host="insomh.ml" />
+	<target host="insp.ec" />
+	<target host="insp.lv" />
+	<target host="insprlz.it" />
+	<target host="insr.us" />
+	<target host="insta.gf" />
+	<target host="insta.is" />
+	<target host="instagav.in" />
+	<target host="inste.ch" />
+	<target host="instr.me" />
+	<target host="int-te.ch" />
+	<target host="int.erl.ink" />
+	<target host="intanhd.ml" />
+	<target host="intch.co" />
+	<target host="intech.camp" />
+	<target host="integr.al" />
+	<target host="intel.ly" />
+	<target host="intelbp.uk" />
+	<target host="inteli.tk" />
+	<target host="intell.co" />
+	<target host="intelte.ch" />
+	<target host="intelv8.me" />
+	<target host="inter.com" />
+	<target host="interc.pt" />
+	<target host="interf.ac" />
+	<target host="interfacefp.uk" />
+	<target host="interi.ms" />
+	<target host="interm.ac" />
+	<target host="internisti.ml" />
+	<target host="interuna.net" />
+	<target host="intervar.io" />
+	<target host="interweb.buzz" />
+	<target host="interweb.wtf" />
+	<target host="intg.ink" />
+	<target host="intgr.link" />
+	<target host="inthefrow.co" />
+	<target host="inthusia.st" />
+	<target host="inti.ms" />
+	<target host="intigr.is" />
+	<target host="intip.me" />
+	<target host="intl.sh" />
+	<target host="intl.st" />
+	<target host="intlo.me" />
+	<target host="intlrv.rs" />
+	<target host="intm.ch" />
+	<target host="intnt.nl" />
+	<target host="into.gl" />
+	<target host="intoolkit.com" />
+	<target host="intouch.cc" />
+	<target host="intr.ac" />
+	<target host="intr.mx" />
+	<target host="intra.us" />
+	<target host="intrgn.co" />
+	<target host="intrin.io" />
+	<target host="intus.pro" />
+	<target host="inur.se" />
+	<target host="inv.am" />
+	<target host="inv.dtjoyce.com" />
+	<target host="inv4u.nl" />
+	<target host="inv8.co" />
+	<target host="invb.co" />
+	<target host="invco.de" />
+	<target host="invent.ge" />
+	<target host="invest.deals" />
+	<target host="invest.ec" />
+	<target host="investorseu.com" />
+	<target host="invi.qa" />
+	<target host="invitar.suop.es" />
+	<target host="invmt.eu" />
+	<target host="invn.co" />
+	<target host="invnt.co" />
+	<target host="involv.es" />
+	<target host="invs.io" />
+	<target host="invsol.co" />
+	<target host="invtful.cc" />
+	<target host="inzp.in" />
+	<target host="io.ajarouih.me" />
+	<target host="io.hanselwei.me" />
+	<target host="io.nixace.com" />
+	<target host="io.quanders.com" />
+	<target host="io.webhelp.com" />
+	<target host="ioac.tv" />
+	<target host="ioan.in" />
+	<target host="ioaw.re" />
+	<target host="iodi.ne" />
+	<target host="iodt.co" />
+	<target host="ioff.to" />
+	<target host="iofr.me" />
+	<target host="iohk.link" />
+	<target host="ion.io" />
+	<target host="iopt.us" />
+	<target host="iorni.co" />
+	<target host="iosdevtips.com" />
+	<target host="iosne.ws" />
+	<target host="iot.one" />
+	<target host="iotmed.us" />
+	<target host="iotne.ws" />
+	<target host="iout.co" />
+	<target host="ipa.sa" />
+	<target host="ipc.direct" />
+	<target host="ipc.team" />
+	<target host="ipcri.me" />
+	<target host="ipdt.us" />
+	<target host="ipe.events" />
+	<target host="ipe.gift" />
+	<target host="ipe.report" />
+	<target host="ipf.li" />
+	<target host="ipfw.io" />
+	<target host="ipg.ltd" />
+	<target host="iph1.info" />
+	<target host="iph1.it" />
+	<target host="iphos.ru" />
+	<target host="iphou.se" />
+	<target host="ipk.tf" />
+	<target host="iplawye.rs" />
+	<target host="iplg.in" />
+	<target host="ipm.io" />
+	<target host="ipmada.ga" />
+	<target host="ipmag.link" />
+	<target host="ippr.io" />
+	<target host="ippy.pics" />
+	<target host="ipra.tk" />
+	<target host="ipre.st" />
+	<target host="iprop.my" />
+	<target host="ipse.in" />
+	<target host="ipswit.ch" />
+	<target host="iptfd.com" />
+	<target host="iptv4u.tk" />
+	<target host="iptvbrazukas.tk" />
+	<target host="iptvexp.eu" />
+	<target host="ipv.bz" />
+	<target host="ipwd.co" />
+	<target host="iq.ly" />
+	<target host="iqlink.me" />
+	<target host="iqon.me" />
+	<target host="iqos.me" />
+	<target host="ique.st" />
+	<target host="ique.us" />
+	<target host="iqza.in" />
+	<target host="ir.dbr.fm" />
+	<target host="ir.hectorfe.com" />
+	<target host="ir.lojadis.tk" />
+	<target host="ir.plain.pe" />
+	<target host="ir.rafa.mobi" />
+	<target host="ir.tallanix.com" />
+	<target host="ir.tn.com.ar" />
+	<target host="ir.wiki.fit" />
+	<target host="ira.ist" />
+	<target host="iranianink.net" />
+	<target host="irantu.be" />
+	<target host="irantun.es" />
+	<target host="ireed.me" />
+	<target host="irfn.xyz" />
+	<target host="irgi.at" />
+	<target host="irgk.me" />
+	<target host="irhod.es" />
+	<target host="irinne.ws" />
+	<target host="iris.vc" />
+	<target host="irised.in" />
+	<target host="irishe.tv" />
+	<target host="irishy.co" />
+	<target host="irkb.me" />
+	<target host="irlda.center" />
+	<target host="irmd.ru" />
+	<target host="irn.lk" />
+	<target host="irng.ca" />
+	<target host="irns.de" />
+	<target host="irnut.co" />
+	<target host="irnw.me" />
+	<target host="iron.fm" />
+	<target host="iron.loak.org" />
+	<target host="ironp.net" />
+	<target host="irre.in" />
+	<target host="irrs.in" />
+	<target host="irsh.us" />
+	<target host="irvine.ly" />
+	<target host="is.blinky.fr" />
+	<target host="is.def.lv" />
+	<target host="is.feral.ist" />
+	<target host="is.fuqed.net" />
+	<target host="is.onmedic.com" />
+	<target host="is.to" />
+	<target host="isa.to" />
+	<target host="isaiah.tv" />
+	<target host="isarfilm.ml" />
+	<target host="isassi.family" />
+	<target host="isbc.ga" />
+	<target host="isbgj.me" />
+	<target host="isbl.co" />
+	<target host="isc.bar" />
+	<target host="isc.hk" />
+	<target host="isca.pe" />
+	<target host="iscp.it" />
+	<target host="isen.nu" />
+	<target host="isger.link" />
+	<target host="isha.co" />
+	<target host="isham.co" />
+	<target host="ishope.life" />
+	<target host="ishrank.it" />
+	<target host="ishyi.ml" />
+	<target host="isin.gs" />
+	<target host="islamicvids.com" />
+	<target host="islan.life" />
+	<target host="islandesque.net" />
+	<target host="islay.cc" />
+	<target host="islndrs.tk" />
+	<target host="isol17.com" />
+	<target host="isos.link" />
+	<target host="isoto.ma" />
+	<target host="isports.li" />
+	<target host="ispot.ga" />
+	<target host="isq.re" />
+	<target host="israh.es" />
+	<target host="iss.tw" />
+	<target host="issh.it" />
+	<target host="isspix.com" />
+	<target host="issue.10x.email" />
+	<target host="issun.cc" />
+	<target host="istdl.de" />
+	<target host="istockpho.to" />
+	<target host="istrat.gy" />
+	<target host="istyl.es" />
+	<target host="isun.ml" />
+	<target host="isyot.com" />
+	<target host="it-blogger.co" />
+	<target host="it-vertrieb.net" />
+	<target host="it.baffl.es" />
+	<target host="it.caffyns.co" />
+	<target host="it.itpro.es" />
+	<target host="it.luno.be" />
+	<target host="it.otta.be" />
+	<target host="it.rdg.ac" />
+	<target host="it.regency.ie" />
+	<target host="it.seeus4it.com" />
+	<target host="it4msp.com" />
+	<target host="ita.fyi" />
+	<target host="italiatv.link" />
+	<target host="itapp.in" />
+	<target host="itaupy.co" />
+	<target host="itbf.us" />
+	<target host="itbl.es" />
+	<target host="itc.fyi" />
+	<target host="itce.link" />
+	<target host="itci.eu" />
+	<target host="itcoach.co" />
+	<target host="itdd.us" />
+	<target host="itech.bz" />
+	<target host="itechz.tk" />
+	<target host="itepy.uk" />
+	<target host="itf.is" />
+	<target host="itfr.dm" />
+	<target host="itfree.info" />
+	<target host="ithacajr.nl" />
+	<target host="iti.ms" />
+	<target host="itlmag.com" />
+	<target host="itlogix.io" />
+	<target host="itm.fun" />
+	<target host="itmb.in" />
+	<target host="itmd.es" />
+	<target host="itools.link" />
+	<target host="itootr.me" />
+	<target host="itprn.rs" />
+	<target host="itrgo.co" />
+	<target host="itru.co" />
+	<target host="its.345am.com" />
+	<target host="its.7ii.me" />
+	<target host="its.jbinfo.ml" />
+	<target host="its.myq.club" />
+	<target host="its.partners" />
+	<target host="its.shared.by" />
+	<target host="itsartm.ag" />
+	<target host="itseo.org" />
+	<target host="itsfab.com" />
+	<target host="itsfrom.me" />
+	<target host="itsglamoro.us" />
+	<target host="itsh.bo" />
+	<target host="itsjust.in" />
+	<target host="itsmalachi.me" />
+	<target host="itson.tw" />
+	<target host="itspa.co" />
+	<target host="itspm.ag" />
+	<target host="itsri.ch" />
+	<target host="itssm.pl" />
+	<target host="itstaf.nl" />
+	<target host="itsthevi.be" />
+	<target host="itswa.de" />
+	<target host="itswbd.org" />
+	<target host="itswn.us" />
+	<target host="itsyner.gy" />
+	<target host="itt.me" />
+	<target host="ittfwb.cool" />
+	<target host="itvs.tv" />
+	<target host="itvsseries.ml" />
+	<target host="itweed.co" />
+	<target host="ityl.ml" />
+	<target host="iu.bcpha.ca" />
+	<target host="iuh.me" />
+	<target host="iun.my" />
+	<target host="iurl.tv" />
+	<target host="iusoic.us" />
+	<target host="iute.ch" />
+	<target host="iutl.co" />
+	<target host="iva.n-lopez.com" />
+	<target host="ivanrafael.info" />
+	<target host="ivcard.co" />
+	<target host="ivelt.info" />
+	<target host="ivfba.by" />
+	<target host="ivfte.ch" />
+	<target host="ivg.li" />
+	<target host="ivm.today" />
+	<target host="ivo.me" />
+	<target host="ivpr.es" />
+	<target host="ivs.to" />
+	<target host="ivx.ag" />
+	<target host="ivx.tv" />
+	<target host="ivy.gr.com" />
+	<target host="ivysmit.ca" />
+	<target host="ivystrate.gy" />
+	<target host="iw0.in" />
+	<target host="iwantth.is" />
+	<target host="iwata777.com" />
+	<target host="iwdg.nl" />
+	<target host="iwe.lt" />
+	<target host="iwebthin.gs" />
+	<target host="iwethey.us" />
+	<target host="iwh.nz" />
+	<target host="iwishlt.com" />
+	<target host="iwit.ovh" />
+	<target host="iwk.us" />
+	<target host="iwmsurveys.com" />
+	<target host="iwnt.my" />
+	<target host="iwong.us" />
+	<target host="iwshort.ml" />
+	<target host="iwslink.us" />
+	<target host="iwtsp.com" />
+	<target host="iww.li" />
+	<target host="iwys.co" />
+	<target host="ixl.me" />
+	<target host="ixol.it" />
+	<target host="ixt.gs" />
+	<target host="iz4.in" />
+	<target host="izak.me" />
+	<target host="izco.me" />
+	<target host="izea.me" />
+	<target host="izkl.co" />
+	<target host="iztl.co" />
+	<target host="izze.co" />
+	<target host="j--ro.me" />
+	<target host="j-bl.info" />
+	<target host="j-bra.ch" />
+	<target host="j-c-k.us" />
+	<target host="j-ch.in" />
+	<target host="j-ho.lt" />
+	<target host="j-lau.com" />
+	<target host="j-n-e.com" />
+	<target host="j-p.al" />
+	<target host="j-p.me" />
+	<target host="j-r.io" />
+	<target host="j-sca.link" />
+	<target host="j-t.me" />
+	<target host="j-url.com" />
+	<target host="j-vh.me" />
+	<target host="j.4rd.co" />
+	<target host="j.alnassim.com" />
+	<target host="j.amaal.co" />
+	<target host="j.andreapit.com" />
+	<target host="j.argel.me" />
+	<target host="j.arvicor.de" />
+	<target host="j.asahipc.net" />
+	<target host="j.calcium.pw" />
+	<target host="j.cuoluo.com" />
+	<target host="j.dagon.me" />
+	<target host="j.efdapps.com" />
+	<target host="j.enth.eu" />
+	<target host="j.essb.io" />
+	<target host="j.faz.io" />
+	<target host="j.frew.in" />
+	<target host="j.ganzbunt.de" />
+	<target host="j.gottli.com" />
+	<target host="j.goudsm.it" />
+	<target host="j.gugler.at" />
+	<target host="j.hammond.ninja" />
+	<target host="j.hitoxu.com" />
+	<target host="j.iphoting.com" />
+	<target host="j.j0.no" />
+	<target host="j.jk.lc" />
+	<target host="j.jqian.net" />
+	<target host="j.jwf.io" />
+	<target host="j.kainy.cn" />
+	<target host="j.kanz.it" />
+	<target host="j.kashiken.net" />
+	<target host="j.kir.by" />
+	<target host="j.konex.us" />
+	<target host="j.labrecque.me" />
+	<target host="j.md-5.net" />
+	<target host="j.meddah.fr" />
+	<target host="j.mediajobs.com" />
+	<target host="j.mjrredfox.org" />
+	<target host="j.mkg.nz" />
+	<target host="j.mronnel.com" />
+	<target host="j.necjar.com" />
+	<target host="j.noriom.com" />
+	<target host="j.o2pros.com" />
+	<target host="j.orge.be" />
+	<target host="j.pave.com" />
+	<target host="j.pdsla.net" />
+	<target host="j.pivo.ca" />
+	<target host="j.plasser.net" />
+	<target host="j.puzi.ch" />
+	<target host="j.r70.us" />
+	<target host="j.ronz.io" />
+	<target host="j.rudish.net" />
+	<target host="j.sffya.com" />
+	<target host="j.son.bz" />
+	<target host="j.surfads.com" />
+	<target host="j.umomoking.com" />
+	<target host="j.uniksys.com" />
+	<target host="j.ustin.co" />
+	<target host="j.visionect.com" />
+	<target host="j.w12.org" />
+	<target host="j.weinjobs.com" />
+	<target host="j.wigg.in" />
+	<target host="j0b.fr" />
+	<target host="j0nathan.nl" />
+	<target host="j0p.nl" />
+	<target host="j0uw.nl" />
+	<target host="j1.zov.li" />
+	<target host="j1c.co" />
+	<target host="j1v.eu" />
+	<target host="j2dw.co" />
+	<target host="j2int.co" />
+	<target host="j2ma.de" />
+	<target host="j2mepk.com" />
+	<target host="j316.life" />
+	<target host="j35.us" />
+	<target host="j365.in" />
+	<target host="j3ndr4l.ml" />
+	<target host="j3rm.io" />
+	<target host="j4nd4.ml" />
+	<target host="j4t.co" />
+	<target host="j9t.co" />
+	<target host="ja.ma" />
+	<target host="ja.mesmoo.re" />
+	<target host="ja1.me" />
+	<target host="jaa.io" />
+	<target host="jaat.cf" />
+	<target host="jab.bz" />
+	<target host="jaball.us" />
+	<target host="jabe.co" />
+	<target host="jabo.me" />
+	<target host="jac.cloud" />
+	<target host="jacbhac.co" />
+	<target host="jack.ml" />
+	<target host="jack.pk" />
+	<target host="jackjones.co" />
+	<target host="jackle.bo" />
+	<target host="jackz.xyz" />
+	<target host="jacobhsu.tw" />
+	<target host="jacol.org" />
+	<target host="jadeinfo.biz" />
+	<target host="jadia.us" />
+	<target host="jadugflag.co.vu" />
+	<target host="jaduino.me" />
+	<target host="jaffe.today" />
+	<target host="jag.photos" />
+	<target host="jagd.gq" />
+	<target host="jagifts.us" />
+	<target host="jagm.us" />
+	<target host="jagrs.com" />
+	<target host="jahat.cf" />
+	<target host="jai.buzz" />
+	<target host="jai.sh" />
+	<target host="jaime.pe" />
+	<target host="jaimegomez.ml" />
+	<target host="jainsusa.news" />
+	<target host="jainsusa.tips" />
+	<target host="jajo.me" />
+	<target host="jajoz.me" />
+	<target host="jak.sn" />
+	<target host="jakea.uk" />
+	<target host="jakedaabud.com" />
+	<target host="jakeloo.link" />
+	<target host="jakep.pw" />
+	<target host="jakes.link" />
+	<target host="jaku.in" />
+	<target host="jal.bz" />
+	<target host="jalanconfig.ga" />
+	<target host="jalles.co" />
+	<target host="jallo.eu" />
+	<target host="jaltoid.media" />
+	<target host="jam.sh" />
+	<target host="jamar.io" />
+	<target host="jamcity.me" />
+	<target host="jamesb.me" />
+	<target host="jamesb.photos" />
+	<target host="jamesmcd.com" />
+	<target host="jamesro.se" />
+	<target host="jamf.ly" />
+	<target host="jamie.cc" />
+	<target host="jamie.fyi" />
+	<target host="jamii.uk" />
+	<target host="jamila.ro" />
+	<target host="jamp.ae" />
+	<target host="jams.ai" />
+	<target host="jan-m.net" />
+	<target host="jandy.me" />
+	<target host="jane.fyi" />
+	<target host="jankrik.ml" />
+	<target host="jano.sh" />
+	<target host="jaoler.fi" />
+	<target host="japh.co" />
+	<target host="jarb.ro" />
+	<target host="jared.ws" />
+	<target host="jaredamy.co" />
+	<target host="jarem.co" />
+	<target host="jarinmart.in" />
+	<target host="jark.us" />
+	<target host="jart.me" />
+	<target host="jas.xyz" />
+	<target host="jasblo.gs" />
+	<target host="jaschoid.tk" />
+	<target host="jasens.cc" />
+	<target host="jasn.me" />
+	<target host="jason.so" />
+	<target host="jason.town" />
+	<target host="jasonba.ch" />
+	<target host="jasonchr.in" />
+	<target host="jasondfox.com" />
+	<target host="jasong.us" />
+	<target host="jasonnut.tech" />
+	<target host="jasonsde.li" />
+	<target host="jast.us" />
+	<target host="jat.io" />
+	<target host="jav.fyi" />
+	<target host="jav.ma" />
+	<target host="javi.fr" />
+	<target host="javi.top" />
+	<target host="javon.me" />
+	<target host="jawarahd.ml" />
+	<target host="jawnl.am" />
+	<target host="jaww.org" />
+	<target host="jaxne.ws" />
+	<target host="jaxz.in" />
+	<target host="jay.tools" />
+	<target host="jay1.co" />
+	<target host="jayb.in" />
+	<target host="jaybird.co" />
+	<target host="jaychin.me" />
+	<target host="jaye.news" />
+	<target host="jayeshurl.ml" />
+	<target host="jayg.us" />
+	<target host="jaym.es" />
+	<target host="jaymandel.news" />
+	<target host="jaynen.com" />
+	<target host="jayshapiro.com" />
+	<target host="jazit.me" />
+	<target host="jazzmi.no" />
+	<target host="jb.ht" />
+	<target host="jb17.us" />
+	<target host="jba.gs" />
+	<target host="jba.link" />
+	<target host="jbald.gq" />
+	<target host="jbaru.ch" />
+	<target host="jbbr.co" />
+	<target host="jbh.uk" />
+	<target host="jbinsfo.me" />
+	<target host="jbir.ch" />
+	<target host="jbks.co" />
+	<target host="jbks.de" />
+	<target host="jbled.so" />
+	<target host="jblk.us" />
+	<target host="jbm.life" />
+	<target host="jbmodo.com" />
+	<target host="jbn.pw" />
+	<target host="jbond.xyz" />
+	<target host="jbrg.in" />
+	<target host="jbtcl.com" />
+	<target host="jbte.ch" />
+	<target host="jbts.co" />
+	<target host="jbty.us" />
+	<target host="jbur.co" />
+	<target host="jbv.ovh" />
+	<target host="jc.4m3.org" />
+	<target host="jc10s.com" />
+	<target host="jcale.me" />
+	<target host="jcastro.mx" />
+	<target host="jcates.co" />
+	<target host="jcb.bz" />
+	<target host="jcbsn.gr" />
+	<target host="jchartk.me" />
+	<target host="jck.mn" />
+	<target host="jck.pt" />
+	<target host="jckno.ws" />
+	<target host="jckp.io" />
+	<target host="jckrd.me" />
+	<target host="jcl.fyi" />
+	<target host="jcl.im" />
+	<target host="jclp.co" />
+	<target host="jcm.cash" />
+	<target host="jcn.fyi" />
+	<target host="jcopho.to" />
+	<target host="jcp.is" />
+	<target host="jcph.link" />
+	<target host="jcr.us" />
+	<target host="jcra.in" />
+	<target host="jcrp.us" />
+	<target host="jcsd.dk" />
+	<target host="jcstore.co" />
+	<target host="jct.fyi" />
+	<target host="jct32.co" />
+	<target host="jd.jbur.co" />
+	<target host="jd.pe" />
+	<target host="jdaily.co" />
+	<target host="jdale.us" />
+	<target host="jdb.io" />
+	<target host="jdclnr.us" />
+	<target host="jdd.me" />
+	<target host="jdep.be" />
+	<target host="jdgaby.us" />
+	<target host="jdi.nacti.me" />
+	<target host="jdi.sidakova.cz" />
+	<target host="jdit.me" />
+	<target host="jdivo.me" />
+	<target host="jdle.co" />
+	<target host="jdlive.co" />
+	<target host="jdm.li" />
+	<target host="jdmc.us" />
+	<target host="jdmdig.it" />
+	<target host="jdok.nl" />
+	<target host="jdor.it" />
+	<target host="jdp.do" />
+	<target host="jdp.link" />
+	<target host="jdrk.in" />
+	<target host="jds.tv" />
+	<target host="jdshot.us" />
+	<target host="jdsk.io" />
+	<target host="jdtc.us" />
+	<target host="jdub.in" />
+	<target host="jdun.cc" />
+	<target host="jdv.li" />
+	<target host="jdweb.info" />
+	<target host="je.tl" />
+	<target host="jeadvoca.at" />
+	<target host="jeana.co" />
+	<target host="jeant.in" />
+	<target host="jeat.ca" />
+	<target host="jeat.es" />
+	<target host="jeblg.me" />
+	<target host="jeca.us" />
+	<target host="jedb.xyz" />
+	<target host="jeds.me" />
+	<target host="jeff.scot" />
+	<target host="jeffl.co" />
+	<target host="jeffn.at" />
+	<target host="jeffs.info" />
+	<target host="jeffsauer.me" />
+	<target host="jefftuts.co" />
+	<target host="jefit.pw" />
+	<target host="jegeorge.co" />
+	<target host="jehb.us" />
+	<target host="jej.me" />
+	<target host="jelle.io" />
+	<target host="jen.is" />
+	<target host="jen.to" />
+	<target host="jeni.us" />
+	<target host="jenkind.com" />
+	<target host="jenn.pw" />
+	<target host="jennife.red" />
+	<target host="jennifer365.us" />
+	<target host="jenp.me" />
+	<target host="jenr.gy" />
+	<target host="jens.co" />
+	<target host="jensart.co" />
+	<target host="jentezen.org" />
+	<target host="jepp.co" />
+	<target host="jer.si" />
+	<target host="jered.link" />
+	<target host="jeremyhunt.info" />
+	<target host="jeremyk.us" />
+	<target host="jerm.co" />
+	<target host="jerom.es" />
+	<target host="jerr.yt" />
+	<target host="jerry.tips" />
+	<target host="jerseyne.ws" />
+	<target host="jerseyshore.gs" />
+	<target host="jes3.com" />
+	<target host="jesgav.co" />
+	<target host="jespe.ml" />
+	<target host="jessiefit.com" />
+	<target host="jesuiten.info" />
+	<target host="jesus4nativ.es" />
+	<target host="jesusled.biz" />
+	<target host="jesusliv.es" />
+	<target host="jet.is" />
+	<target host="jetb.me" />
+	<target host="jetbi.co" />
+	<target host="jetp.ac" />
+	<target host="jetpackhd.ml" />
+	<target host="jetsetguy.com" />
+	<target host="jeu.gd" />
+	<target host="jeulia.io" />
+	<target host="jewbos.tn" />
+	<target host="jews.tl" />
+	<target host="jeze.co" />
+	<target host="jfe.li" />
+	<target host="jfeds.org" />
+	<target host="jffc.us" />
+	<target host="jfhjr.com" />
+	<target host="jfi.sh" />
+	<target host="jfish.me" />
+	<target host="jfol.in" />
+	<target host="jfox.cc" />
+	<target host="jfrat.us" />
+	<target host="jfrieda.de" />
+	<target host="jfrmilner.co.uk" />
+	<target host="jfs.io" />
+	<target host="jfss.co" />
+	<target host="jfurn.co" />
+	<target host="jgalm.com" />
+	<target host="jgclarke.org" />
+	<target host="jghv-info.de" />
+	<target host="jgill.me" />
+	<target host="jgj.im" />
+	<target host="jgno.me" />
+	<target host="jgrn.us" />
+	<target host="jgs.aw" />
+	<target host="jgw.io" />
+	<target host="jgx.im" />
+	<target host="jgy.cr" />
+	<target host="jh4re.com" />
+	<target host="jhand.co" />
+	<target host="jhawk.co" />
+	<target host="jhayl.es" />
+	<target host="jhbasics.com" />
+	<target host="jhc.io" />
+	<target host="jher.in" />
+	<target host="jhfi.sh" />
+	<target host="jhilario.com" />
+	<target host="jhnb.me" />
+	<target host="jhnflry.com" />
+	<target host="jhns.tv" />
+	<target host="jhp.im" />
+	<target host="jhsl.ca" />
+	<target host="ji.sc" />
+	<target host="jiay.in" />
+	<target host="jibetalk.in" />
+	<target host="jich.cz" />
+	<target host="jiffy.sh" />
+	<target host="jiglink.uk" />
+	<target host="jiin.co" />
+	<target host="jiko.us" />
+	<target host="jillb.co" />
+	<target host="jillee.co" />
+	<target host="jillian.ml" />
+	<target host="jim.do" />
+	<target host="jimc.biz" />
+	<target host="jimc.me" />
+	<target host="jimc.us" />
+	<target host="jiml.me" />
+	<target host="jimm.biz" />
+	<target host="jimp.co" />
+	<target host="jimr.link" />
+	<target host="jimrisp.in" />
+	<target host="jimw.me" />
+	<target host="jincys.com" />
+	<target host="jingd.co" />
+	<target host="jini.pw" />
+	<target host="jipl.co" />
+	<target host="jish.ca" />
+	<target host="jitech.club" />
+	<target host="jive.cc" />
+	<target host="jive.to" />
+	<target host="jivene.ws" />
+	<target host="jj2.me" />
+	<target host="jj4nj.com" />
+	<target host="jjay.cc" />
+	<target host="jjbb.co" />
+	<target host="jjd.sk" />
+	<target host="jjg.me" />
+	<target host="jjm.eco" />
+	<target host="jjoboom.com" />
+	<target host="jjrosal.es" />
+	<target host="jjs.rocks" />
+	<target host="jjshow.me" />
+	<target host="jjsys.uk" />
+	<target host="jjtesq.com" />
+	<target host="jjtfl.com" />
+	<target host="jjtmn.com" />
+	<target host="jjug.co" />
+	<target host="jjvirg.in" />
+	<target host="jkat.me" />
+	<target host="jkay.us" />
+	<target host="jke.im" />
+	<target host="jke.me" />
+	<target host="jkef.me" />
+	<target host="jkjv.in" />
+	<target host="jkl.is" />
+	<target host="jkl33.com" />
+	<target host="jklei.be" />
+	<target host="jkls.co" />
+	<target host="jkmc.tk" />
+	<target host="jkng.us" />
+	<target host="jko.io" />
+	<target host="jkos.ch" />
+	<target host="jkp.io" />
+	<target host="jkpf.nl" />
+	<target host="jkr.gl" />
+	<target host="jkr.li" />
+	<target host="jkst.in" />
+	<target host="jktr.us" />
+	<target host="jkvan.com" />
+	<target host="jlab.audio" />
+	<target host="jlabs.tv" />
+	<target host="jleigh.me" />
+	<target host="jles.es" />
+	<target host="jli.st" />
+	<target host="jliberty.me" />
+	<target host="jll.im" />
+	<target host="jlle.ml" />
+	<target host="jln.me" />
+	<target host="jlne.ws" />
+	<target host="jloh.io" />
+	<target host="jloving.info" />
+	<target host="jlow.co" />
+	<target host="jlsa.co" />
+	<target host="jlylf.link" />
+	<target host="jlyou.org" />
+	<target host="jm.is" />
+	<target host="jm.link" />
+	<target host="jmac.ly" />
+	<target host="jmack.us" />
+	<target host="jmann.us" />
+	<target host="jmao.me" />
+	<target host="jmay.es" />
+	<target host="jmblx.tv" />
+	<target host="jmc.academy" />
+	<target host="jmcd.me" />
+	<target host="jmcveyc.ht" />
+	<target host="jmdcg.co" />
+	<target host="jmee.se" />
+	<target host="jmentor.info" />
+	<target host="jmf.im" />
+	<target host="jmg.im" />
+	<target host="jmhr.co" />
+	<target host="jmik.es" />
+	<target host="jmink.me" />
+	<target host="jmitchell.vip" />
+	<target host="jmjw.us" />
+	<target host="jmln.co" />
+	<target host="jmlord.net" />
+	<target host="jmls.it" />
+	<target host="jmmy.co" />
+	<target host="jmochon.info" />
+	<target host="jmoo.re" />
+	<target host="jmp.asahiro.jp" />
+	<target host="jmp.brwcrw.com" />
+	<target host="jmp.crate.farm" />
+	<target host="jmp.esser.ro" />
+	<target host="jmp.imami.net" />
+	<target host="jmp.kerinci.xyz" />
+	<target host="jmp.nekit.tk" />
+	<target host="jmp.re" />
+	<target host="jmp.velvet.org" />
+	<target host="jmrf.me" />
+	<target host="jms.bz" />
+	<target host="jmss.co" />
+	<target host="jmtc.co" />
+	<target host="jmtech.co" />
+	<target host="jmug.gs" />
+	<target host="jn.cm" />
+	<target host="jnbrk.se" />
+	<target host="jnch.pl" />
+	<target host="jndoe.co" />
+	<target host="jne.li" />
+	<target host="jnet.me" />
+	<target host="jnew.mn" />
+	<target host="jnft.club" />
+	<target host="jni.la" />
+	<target host="jni.me" />
+	<target host="jnit.cz" />
+	<target host="jnny.rs" />
+	<target host="jnry.nyc" />
+	<target host="jnsl.at" />
+	<target host="jnt.hn" />
+	<target host="jnv.dj" />
+	<target host="jnx.at" />
+	<target host="jo-se.ph" />
+	<target host="jo-w.de" />
+	<target host="jo.nathan.to" />
+	<target host="jo.tl" />
+	<target host="joa.ag" />
+	<target host="joanne.media" />
+	<target host="job.lineup.vn" />
+	<target host="jobh.ro" />
+	<target host="jobs.dwp.gov.uk" />
+	<target host="jobs.iav.com" />
+	<target host="jobs.shortli.st" />
+	<target host="jobs.stausa.com" />
+	<target host="jobspots.ga" />
+	<target host="jobtrack.tk" />
+	<target host="jobtracker.me" />
+	<target host="jodell.me" />
+	<target host="joe.fit" />
+	<target host="joeas.tn" />
+	<target host="joeb.me" />
+	<target host="joec.co" />
+	<target host="joecab.link" />
+	<target host="joegut.com" />
+	<target host="joelb.co" />
+	<target host="joelikes.me" />
+	<target host="joelvh.com" />
+	<target host="joem.me" />
+	<target host="joeper.es" />
+	<target host="joesager.com" />
+	<target host="joesent.me" />
+	<target host="joestra.us" />
+	<target host="joeyd.golf" />
+	<target host="joflo.ws" />
+	<target host="johann.im" />
+	<target host="john.watch" />
+	<target host="johnhin.es" />
+	<target host="johnmurch.info" />
+	<target host="johnn.eu" />
+	<target host="johnny.loak.org" />
+	<target host="johnr.us" />
+	<target host="johnscotti.net" />
+	<target host="joiasvip.co" />
+	<target host="join.mrktng.com" />
+	<target host="joinilca.org" />
+	<target host="joinjo.hn" />
+	<target host="joinlatasha.com" />
+	<target host="joinow.cf" />
+	<target host="jointazk.tk" />
+	<target host="jointv.gq" />
+	<target host="joinvr.io" />
+	<target host="joiurl.net" />
+	<target host="jojo.click" />
+	<target host="jojoleads.me" />
+	<target host="jolyn.us" />
+	<target host="joma.sh" />
+	<target host="jomill.co" />
+	<target host="jomminyak.my" />
+	<target host="jomsolat.info" />
+	<target host="jon.bz" />
+	<target host="jon.cl" />
+	<target host="jon.re" />
+	<target host="jon.st" />
+	<target host="jona.tw" />
+	<target host="jonas.click" />
+	<target host="jonathan.sh" />
+	<target host="jonbdz.in" />
+	<target host="jond.info" />
+	<target host="jondee.info" />
+	<target host="joni.cf" />
+	<target host="jonirv.in" />
+	<target host="jonm.me" />
+	<target host="jonnyi.co.uk" />
+	<target host="jono.es" />
+	<target host="jontor.ml" />
+	<target host="jonz.es" />
+	<target host="joo.bz" />
+	<target host="jooce.rocks" />
+	<target host="joomlatools.co" />
+	<target host="jop.us" />
+	<target host="jopar.imb.br" />
+	<target host="jopo.ml" />
+	<target host="jordaniel.me" />
+	<target host="jordans.ws" />
+	<target host="jordn.xyz" />
+	<target host="jorgecoloss.us" />
+	<target host="josel.in" />
+	<target host="josepf.co" />
+	<target host="joseph.is" />
+	<target host="josfilm.ml" />
+	<target host="josh.gy" />
+	<target host="josh.tw" />
+	<target host="joshfactory.com" />
+	<target host="joshh.is" />
+	<target host="joshkno.ws" />
+	<target host="joshr.io" />
+	<target host="joshs.link" />
+	<target host="josht.link" />
+	<target host="joshtheoak.com" />
+	<target host="joshua.re" />
+	<target host="jossflix.ml" />
+	<target host="josterday.com" />
+	<target host="jot.is" />
+	<target host="jotace.me" />
+	<target host="jotapeah.com" />
+	<target host="jotm.rocks" />
+	<target host="jotw.at" />
+	<target host="journey.zone" />
+	<target host="journeymen.io" />
+	<target host="jouz.es" />
+	<target host="jowitt.at" />
+	<target host="joy.as" />
+	<target host="joy.fm" />
+	<target host="joy.sapatos.no" />
+	<target host="joy.sapatos.se" />
+	<target host="joyiswith.in" />
+	<target host="joytun.es" />
+	<target host="joyy.me" />
+	<target host="jp.actu.jp" />
+	<target host="jp.nzk.club" />
+	<target host="jp1.ca" />
+	<target host="jpa.co" />
+	<target host="jpapa.me" />
+	<target host="jpattison.us" />
+	<target host="jpayne.me" />
+	<target host="jpb.gs" />
+	<target host="jpcc.me" />
+	<target host="jpch.co" />
+	<target host="jpdx.info" />
+	<target host="jpfara.co" />
+	<target host="jpics.co" />
+	<target host="jpml.me" />
+	<target host="jpmorgan.am" />
+	<target host="jpnks.me" />
+	<target host="jpoteet.us" />
+	<target host="jprh.de" />
+	<target host="jprod.co" />
+	<target host="jpta.co" />
+	<target host="jpta.me" />
+	<target host="jptips.co" />
+	<target host="jptri.be" />
+	<target host="jpumc.org" />
+	<target host="jr-g.co" />
+	<target host="jr.fi" />
+	<target host="jr.jan-randy.de" />
+	<target host="jray.io" />
+	<target host="jrblz.info" />
+	<target host="jrcon.me" />
+	<target host="jrd.mn" />
+	<target host="jred.co" />
+	<target host="jrho.de" />
+	<target host="jri.me" />
+	<target host="jrj.io" />
+	<target host="jrm.me" />
+	<target host="jrn.link" />
+	<target host="jrndw.it" />
+	<target host="jro.pe" />
+	<target host="jrobh.com" />
+	<target host="jrock.ml" />
+	<target host="jrowens.us" />
+	<target host="jrpass.me" />
+	<target host="jrpny.co" />
+	<target host="jrs.im" />
+	<target host="jrs.link" />
+	<target host="jrt.fyi" />
+	<target host="jrun.es" />
+	<target host="jrvo.me" />
+	<target host="jrx.to" />
+	<target host="js-r.co" />
+	<target host="js.goto.top" />
+	<target host="js6.me" />
+	<target host="jsal.me" />
+	<target host="jsaw.me" />
+	<target host="jsb.im" />
+	<target host="jsc.zone" />
+	<target host="jschrm.co" />
+	<target host="jsci.me" />
+	<target host="jscrew.co" />
+	<target host="jsea.rs" />
+	<target host="jsesh.link" />
+	<target host="jsewell.co" />
+	<target host="jsfa.co" />
+	<target host="jsh.gd" />
+	<target host="jshen.me" />
+	<target host="jshoq.me" />
+	<target host="jshou.se" />
+	<target host="jshr.me" />
+	<target host="jsi.ms" />
+	<target host="jsick.net" />
+	<target host="jsk.ae" />
+	<target host="jsk.tips" />
+	<target host="jsl.im" />
+	<target host="jslink.it" />
+	<target host="jsm.ag" />
+	<target host="jsnt.dk" />
+	<target host="jsonl.in" />
+	<target host="jsph.co" />
+	<target host="jsta.xyz" />
+	<target host="jstark.co" />
+	<target host="jstn.io" />
+	<target host="jstn.to" />
+	<target host="jstnwrnr.com" />
+	<target host="jstoop.com" />
+	<target host="jstr.uk" />
+	<target host="jstuff.co" />
+	<target host="jsw.li" />
+	<target host="jsween.co" />
+	<target host="jsy.fi" />
+	<target host="jsys.io" />
+	<target host="jt.co.ua" />
+	<target host="jt.gy" />
+	<target host="jta2.com" />
+	<target host="jtan.me.uk" />
+	<target host="jtb.cc" />
+	<target host="jtbd.club" />
+	<target host="jtc.mx" />
+	<target host="jtcoch.com" />
+	<target host="jtdisc.link" />
+	<target host="jtekmusic.co" />
+	<target host="jtf.co" />
+	<target host="jtg.io" />
+	<target host="jth.io" />
+	<target host="jth.space" />
+	<target host="jthrds.co" />
+	<target host="jti.me" />
+	<target host="jtku.co" />
+	<target host="jtmch.co" />
+	<target host="jtmq.xyz" />
+	<target host="jtmsbybrian.tk" />
+	<target host="jtn.me" />
+	<target host="jtri.be" />
+	<target host="jtt.co" />
+	<target host="jtt.im" />
+	<target host="jtuck.xyz" />
+	<target host="jtw.bz" />
+	<target host="jtw.io" />
+	<target host="jtwr.io" />
+	<target host="jty.me" />
+	<target host="ju.insite.co.jp" />
+	<target host="ju.st" />
+	<target host="ju.stin.online" />
+	<target host="ju42.com" />
+	<target host="jub.onl" />
+	<target host="jucy.onl" />
+	<target host="jud.net" />
+	<target host="judao.me" />
+	<target host="judcl.es" />
+	<target host="judidomino.org" />
+	<target host="juergen.biz" />
+	<target host="jugendrei.se" />
+	<target host="juhll.agency" />
+	<target host="juice.cards" />
+	<target host="juicebox.ml" />
+	<target host="jujub.it" />
+	<target host="jukes.in" />
+	<target host="jul.almlid.com" />
+	<target host="julesblake.com" />
+	<target host="julia.fyi" />
+	<target host="juliel.me" />
+	<target host="juliem.ml" />
+	<target host="julievor.is" />
+	<target host="jump.aesrv.net" />
+	<target host="jump.co.vu" />
+	<target host="jump.ovh" />
+	<target host="jumpxl.nl" />
+	<target host="junaplay.ml" />
+	<target host="juni.pr" />
+	<target host="junkyard.ly" />
+	<target host="junt.in" />
+	<target host="jura.ga" />
+	<target host="jurigz.ml" />
+	<target host="juristech.co" />
+	<target host="jus.im" />
+	<target host="jusaiprieto.com" />
+	<target host="juscolle.ge" />
+	<target host="juso.me" />
+	<target host="just.ly" />
+	<target host="just4kyou.ml" />
+	<target host="justclicknow.ca" />
+	<target host="justdrive.us" />
+	<target host="juste.at" />
+	<target host="justflix.eu" />
+	<target host="justho.st" />
+	<target host="justintaylor.co" />
+	<target host="justipa.me" />
+	<target host="justjp.co" />
+	<target host="justpit.ch" />
+	<target host="justwi.ne" />
+	<target host="jusviva.org" />
+	<target host="jvd.ink" />
+	<target host="jvel.in" />
+	<target host="jverm.es" />
+	<target host="jvjn.es" />
+	<target host="jvme.co" />
+	<target host="jvogel.co" />
+	<target host="jvv.pw" />
+	<target host="jwat.ch" />
+	<target host="jway.info" />
+	<target host="jwc.news" />
+	<target host="jwdavis.me" />
+	<target host="jwe.bz" />
+	<target host="jwebb.me" />
+	<target host="jwg.is" />
+	<target host="jwge.org" />
+	<target host="jwl.am" />
+	<target host="jwm.co" />
+	<target host="jwoo.me" />
+	<target host="jwp.es" />
+	<target host="jwright.link" />
+	<target host="jws.link" />
+	<target host="jws01.tk" />
+	<target host="jwurl.net" />
+	<target host="jxadio.us" />
+	<target host="jxngalaxy.us" />
+	<target host="jyang.co" />
+	<target host="jyba.tk" />
+	<target host="jybd.co" />
+	<target host="jygb.us" />
+	<target host="jyme.co" />
+	<target host="jynt.co" />
+	<target host="jznm.co" />
+	<target host="k-e-s.nl" />
+	<target host="k-i.co.id" />
+	<target host="k-m.me" />
+	<target host="k-p.li" />
+	<target host="k-pop.fans" />
+	<target host="k-ra.be" />
+	<target host="k-st.at" />
+	<target host="k.5aloood.ga" />
+	<target host="k.anv.as" />
+	<target host="k.berk.tv" />
+	<target host="k.buildnet.nl" />
+	<target host="k.bytefreq.com" />
+	<target host="k.eep.me" />
+	<target host="k.fotobucht.net" />
+	<target host="k.kapota.com.br" />
+	<target host="k.kiro.bg" />
+	<target host="k.kitsos.ninja" />
+	<target host="k.lelonek.me" />
+	<target host="k.mpbk.us" />
+	<target host="k.nikole.us" />
+	<target host="k.rushvora.com" />
+	<target host="k.sarajiin.com" />
+	<target host="k.sjks.us" />
+	<target host="k.tema.com.vn" />
+	<target host="k.thatruled.com" />
+	<target host="k.uhl.life" />
+	<target host="k.wil.la" />
+	<target host="k0d.io" />
+	<target host="k0mp4k.ml" />
+	<target host="k0r0nk.ml" />
+	<target host="k2ne.ws" />
+	<target host="k3hed.ml" />
+	<target host="k3mbaex.ml" />
+	<target host="k3nn.me" />
+	<target host="k3p0oba3.ml" />
+	<target host="k3p0ow4e.ml" />
+	<target host="k3tea.ch" />
+	<target host="k4gdw.us" />
+	<target host="k4pt3n.ml" />
+	<target host="k5cloud.us" />
+	<target host="k5erp.me" />
+	<target host="k6s.me" />
+	<target host="k7s.co" />
+	<target host="k8t.ru" />
+	<target host="k9.me.uk" />
+	<target host="k9.vc" />
+	<target host="k99.fm" />
+	<target host="ka.gg" />
+	<target host="ka.zuhi.co" />
+	<target host="kaa.st" />
+	<target host="kabb.ag" />
+	<target host="kabel.plus" />
+	<target host="kabele.me" />
+	<target host="kabuto.ga" />
+	<target host="kaca4kfilm.ml" />
+	<target host="kacamata21.ml" />
+	<target host="kadesoto.com" />
+	<target host="kadij.nl" />
+	<target host="kae.me" />
+	<target host="kagorg.es" />
+	<target host="kah-lo.com" />
+	<target host="kah.lt" />
+	<target host="kaiserf.am" />
+	<target host="kaj.me" />
+	<target host="kajota.me" />
+	<target host="kaku.io" />
+	<target host="kal.sc" />
+	<target host="kalapa.ga" />
+	<target host="kalasnikov.tk" />
+	<target host="kalastus.info" />
+	<target host="kali.li" />
+	<target host="kam.im" />
+	<target host="kamgreens.ca" />
+	<target host="kamiko.to" />
+	<target host="kamina.biz" />
+	<target host="kan.trylle.no" />
+	<target host="kan.vote" />
+	<target host="kanaiya.in" />
+	<target host="kancima.com" />
+	<target host="kanonsuka.ml" />
+	<target host="kanste.in" />
+	<target host="kanui.me" />
+	<target host="kao.sh" />
+	<target host="kap.mx" />
+	<target host="kapiolani.cc" />
+	<target host="kaposg.link" />
+	<target host="kar.ly" />
+	<target host="karaeliza.audio" />
+	<target host="karbankne.ws" />
+	<target host="karbon.link" />
+	<target host="karbyn.co" />
+	<target host="kardi.sh" />
+	<target host="kardmatch.mx" />
+	<target host="kare11.tv" />
+	<target host="karele.me" />
+	<target host="karenmsoto.com" />
+	<target host="kareo.ly" />
+	<target host="karepmu.ga" />
+	<target host="karin.fyi" />
+	<target host="karis.ch" />
+	<target host="karischur.ch" />
+	<target host="karlfris.ch" />
+	<target host="karlins.ky" />
+	<target host="karmab.rocks" />
+	<target host="karr.is" />
+	<target host="karriere-i.ch" />
+	<target host="karvel.me" />
+	<target host="kasekingz.net" />
+	<target host="kash.love" />
+	<target host="kasp.co" />
+	<target host="katan.ga" />
+	<target host="katap.lt" />
+	<target host="katelavie.co" />
+	<target host="kateso.co" />
+	<target host="kathy.io" />
+	<target host="kati.li" />
+	<target host="katja.la" />
+	<target host="katteach.me" />
+	<target host="kau.bz" />
+	<target host="kaulig.capital" />
+	<target host="kaulig.racing" />
+	<target host="kaust.link" />
+	<target host="kaust.news" />
+	<target host="kawasa.ki" />
+	<target host="kawasaki044.com" />
+	<target host="kawikados.club" />
+	<target host="kawwless.ml" />
+	<target host="kaydian.work" />
+	<target host="kayrae.me" />
+	<target host="kaz-s.net" />
+	<target host="kaz.tips" />
+	<target host="kazeforhd.ml" />
+	<target host="kb.kixbox.ru" />
+	<target host="kba.life" />
+	<target host="kbar.be" />
+	<target host="kbf.am" />
+	<target host="kbia.us" />
+	<target host="kbj.me" />
+	<target host="kbk.fyi" />
+	<target host="kbka.us" />
+	<target host="kbn.im" />
+	<target host="kbne.ws" />
+	<target host="kboo.co.uk" />
+	<target host="kboo.st" />
+	<target host="kbr.me" />
+	<target host="kbros.co" />
+	<target host="kbuzz.fr" />
+	<target host="kbwrit.es" />
+	<target host="kbx.es" />
+	<target host="kcar.me" />
+	<target host="kcas.co" />
+	<target host="kcbooks.us" />
+	<target host="kccne.co" />
+	<target host="kccr.me" />
+	<target host="kcd.bz" />
+	<target host="kchd.co" />
+	<target host="kchur.ch" />
+	<target host="kck.bz" />
+	<target host="kck.fyi" />
+	<target host="kck.st" />
+	<target host="kckstr.com" />
+	<target host="kclark.co" />
+	<target host="kcole.com" />
+	<target host="kcons.co" />
+	<target host="kcory.co" />
+	<target host="kcoti.com" />
+	<target host="kcpeo.com" />
+	<target host="kcqpon.com" />
+	<target host="kcrns.de" />
+	<target host="kcrw.co" />
+	<target host="kcx.jp" />
+	<target host="kdc.re" />
+	<target host="kdewa.lt" />
+	<target host="kdhck.com" />
+	<target host="kdiz.life" />
+	<target host="kdm.io" />
+	<target host="kdo.fun" />
+	<target host="kdpaint.party" />
+	<target host="kds.fun" />
+	<target host="kdup.co" />
+	<target host="kdw.me" />
+	<target host="kdxs.co" />
+	<target host="kdzn.ru" />
+	<target host="ke.sijipix.com" />
+	<target host="ke.vc" />
+	<target host="kecillink.tk" />
+	<target host="kedelai.cf" />
+	<target host="kee.is" />
+	<target host="keeg.am" />
+	<target host="keepa.ch" />
+	<target host="keepupweb.us" />
+	<target host="kei.si" />
+	<target host="keinesch.eu" />
+	<target host="keinlink.tk" />
+	<target host="keir.xyz" />
+	<target host="keks.ml" />
+	<target host="kel.by" />
+	<target host="kel.life" />
+	<target host="kel.vin.hk" />
+	<target host="kelela.link" />
+	<target host="kelli.us" />
+	<target host="kellyca.in" />
+	<target host="kellyr.me" />
+	<target host="keloni.co.vu" />
+	<target host="kels.io" />
+	<target host="kelv.in" />
+	<target host="kemp.co" />
+	<target host="kemp.info" />
+	<target host="kemped.net" />
+	<target host="kempte.ch" />
+	<target host="kemutus.link" />
+	<target host="ken.pw" />
+	<target host="ken.sc" />
+	<target host="kenan.wtf" />
+	<target host="kenduri.in" />
+	<target host="kenhin.es" />
+	<target host="kennett.design" />
+	<target host="kens.io" />
+	<target host="keny0o0t.ml" />
+	<target host="keo.bz" />
+	<target host="kepekt3am.ml" />
+	<target host="kepengin.ml" />
+	<target host="kepo2017.cf" />
+	<target host="kepwa.re" />
+	<target host="ker.fyi" />
+	<target host="kera.st" />
+	<target host="kerane.ws" />
+	<target host="keroni.me" />
+	<target host="kerriis.ms" />
+	<target host="kersp.lat" />
+	<target host="kerwinr.ae" />
+	<target host="kest.ee" />
+	<target host="kester.co" />
+	<target host="kev.to" />
+	<target host="kev.tw" />
+	<target host="kev1n.fr" />
+	<target host="kev2.link" />
+	<target host="keves.click" />
+	<target host="kevin.ms" />
+	<target host="kevinames.news" />
+	<target host="kevinv.me" />
+	<target host="kevmas.com" />
+	<target host="key.sc" />
+	<target host="key2.co" />
+	<target host="keymgmt.co" />
+	<target host="keynahd.ml" />
+	<target host="keyp.la" />
+	<target host="keystap.ml" />
+	<target host="keywc.com" />
+	<target host="keywork.me" />
+	<target host="kf.cm" />
+	<target host="kf.photos" />
+	<target host="kf.sudipb.com" />
+	<target host="kfixer.com" />
+	<target host="kfk.so" />
+	<target host="kfm.city" />
+	<target host="kfne.ws" />
+	<target host="kford.pw" />
+	<target host="kfrc.co" />
+	<target host="kg-link.com" />
+	<target host="kg9.eu" />
+	<target host="kgcr.co" />
+	<target host="kgeek.co" />
+	<target host="kgr.io" />
+	<target host="kgx.cc" />
+	<target host="kh.kyu.cc" />
+	<target host="khalud.tk" />
+	<target host="khd-airing.ml" />
+	<target host="khelf.co" />
+	<target host="khelp.co" />
+	<target host="khg.bz" />
+	<target host="khidm.at" />
+	<target host="khiri.co" />
+	<target host="khj.me" />
+	<target host="khl.io" />
+	<target host="khmj.io" />
+	<target host="kho.li" />
+	<target host="khoi.fish" />
+	<target host="kholubek.com" />
+	<target host="khoms.tk" />
+	<target host="khudd.am" />
+	<target host="kia.nz" />
+	<target host="kiano.sh" />
+	<target host="kibi.co" />
+	<target host="kicked.to" />
+	<target host="kicking.horse" />
+	<target host="kicks.link" />
+	<target host="kickz.cc" />
+	<target host="kicrutv.ga" />
+	<target host="kicstrt.it" />
+	<target host="kidcityteam.com" />
+	<target host="kidmag.co" />
+	<target host="kidp.as" />
+	<target host="kids-choice.cf" />
+	<target host="kids.litb.menu" />
+	<target host="kidsf.it" />
+	<target host="kidswish.net" />
+	<target host="kidswr.co" />
+	<target host="kielh.me" />
+	<target host="kier.uk" />
+	<target host="kiera.nl" />
+	<target host="kigi.li" />
+	<target host="kijkfoto.nl" />
+	<target host="kik.chat" />
+	<target host="kik.li" />
+	<target host="kikiwrit.es" />
+	<target host="kikomila.no" />
+	<target host="kikumi.info" />
+	<target host="killstar.co" />
+	<target host="kilroy.biz" />
+	<target host="kim77-series.ml" />
+	<target host="kima.me" />
+	<target host="kimbalik.es" />
+	<target host="kimbl.es" />
+	<target host="kimho.us" />
+	<target host="kimlab.co" />
+	<target host="kimsix.co" />
+	<target host="kimt.co.uk" />
+	<target host="kimt.us" />
+	<target host="kindacool.co" />
+	<target host="kinded.com" />
+	<target host="kinderstem.nu" />
+	<target host="kinderze.lt" />
+	<target host="kindne.ws" />
+	<target host="kineticrev.me" />
+	<target host="kingcobra.ml" />
+	<target host="kingcobra.tk" />
+	<target host="kinglove.ml" />
+	<target host="kingso.me" />
+	<target host="kink.ly" />
+	<target host="kinowino.me" />
+	<target host="kinsts.com" />
+	<target host="kint.ec" />
+	<target host="kip.gg" />
+	<target host="kiphak.es" />
+	<target host="kipko.us" />
+	<target host="kipod.link" />
+	<target host="kipress.co" />
+	<target host="kirb.tk" />
+	<target host="kirkja.co" />
+	<target host="kirkslc.me" />
+	<target host="kiro.tv" />
+	<target host="kisa.at" />
+	<target host="kiss.ly" />
+	<target host="kisspr.us" />
+	<target host="kit.co" />
+	<target host="kita.ninja" />
+	<target host="kitc.es" />
+	<target host="kits.bz" />
+	<target host="kitsch.land" />
+	<target host="kitw.net" />
+	<target host="kitzy.co" />
+	<target host="kiwi.cr" />
+	<target host="kiz.ng" />
+	<target host="kjbr.at" />
+	<target host="kjkh.me" />
+	<target host="kjlr.it" />
+	<target host="kjmoda.co" />
+	<target host="kjo.hn" />
+	<target host="kjoo.io" />
+	<target host="kju.re" />
+	<target host="kk2.me" />
+	<target host="kk2go.com" />
+	<target host="kkarim.co" />
+	<target host="kkaushik.com" />
+	<target host="kkdn.at" />
+	<target host="kkg.buzz" />
+	<target host="kkin.tl" />
+	<target host="kkisses.info" />
+	<target host="kkmc.info" />
+	<target host="kknet.nl" />
+	<target host="kkrump.com" />
+	<target host="kktrvl.com" />
+	<target host="kl.la" />
+	<target host="kl5.in" />
+	<target host="klamm.ws" />
+	<target host="klaw.me" />
+	<target host="klbr.co" />
+	<target host="klc.link" />
+	<target host="klcjr.nl" />
+	<target host="klckr.de" />
+	<target host="kldavis.co" />
+	<target host="kldl.es" />
+	<target host="kldr.st" />
+	<target host="kleyn.eu" />
+	<target host="klf.news" />
+	<target host="klick.is" />
+	<target host="klick.ninja" />
+	<target host="klik.aemul.xyz" />
+	<target host="klik.kaa.re" />
+	<target host="klik.ki" />
+	<target host="klik.to" />
+	<target host="klikkm.hu" />
+	<target host="klikwanita.tk" />
+	<target host="klips.ch" />
+	<target host="kliq.us" />
+	<target host="klls.cr" />
+	<target host="klm17.tk" />
+	<target host="klmf.ly" />
+	<target host="klnyt.us" />
+	<target host="klo.pm" />
+	<target host="klossy.co" />
+	<target host="kloust.in" />
+	<target host="klpm.fr" />
+	<target host="klry.co" />
+	<target host="klsy.me" />
+	<target host="kltra.co" />
+	<target host="kluchi.pro" />
+	<target host="klutukhd.ml" />
+	<target host="kly.bz" />
+	<target host="km.saha.vn" />
+	<target host="kmalx.co" />
+	<target host="kmblm.dk" />
+	<target host="kmblog.co.uk" />
+	<target host="kmc.gy" />
+	<target host="kmcurry.xyz" />
+	<target host="kmd.li" />
+	<target host="kmp.li" />
+	<target host="kmp.mx" />
+	<target host="kmpl.co" />
+	<target host="kmrk.me" />
+	<target host="kmshair.co" />
+	<target host="kmsone.co" />
+	<target host="kmts.ch" />
+	<target host="kn.lsk.pe" />
+	<target host="knash.co" />
+	<target host="knb.is" />
+	<target host="knbs.ru" />
+	<target host="knct.club" />
+	<target host="kndred.co" />
+	<target host="knew.by" />
+	<target host="kng.ht" />
+	<target host="kng5.tv" />
+	<target host="knich.tk" />
+	<target host="knihy.am" />
+	<target host="knitnow.co" />
+	<target host="knitw.it" />
+	<target host="knj.news" />
+	<target host="knkybts.co" />
+	<target host="knlg.net" />
+	<target host="knln.de" />
+	<target host="kno.ckbang.co" />
+	<target host="knobli.ch" />
+	<target host="knol.es" />
+	<target host="knot1.co" />
+	<target host="knowgp.org" />
+	<target host="knoxne.ws" />
+	<target host="knoxsem.org" />
+	<target host="knq.li" />
+	<target host="knry.us" />
+	<target host="knsit.ga" />
+	<target host="knst.mn" />
+	<target host="knstr.it" />
+	<target host="knsy.in" />
+	<target host="knti.co" />
+	<target host="kntro.co" />
+	<target host="knut.so" />
+	<target host="knwbooks.xyz" />
+	<target host="ko.kotti.fi" />
+	<target host="ko.tn" />
+	<target host="koab.me" />
+	<target host="koala.cr" />
+	<target host="koba.lt" />
+	<target host="kobak.eu" />
+	<target host="kobi.link" />
+	<target host="koboon.ga" />
+	<target host="kodak.ly" />
+	<target host="kodawar.in" />
+	<target host="kodem.kr" />
+	<target host="kodgan.ml" />
+	<target host="koe-d.com" />
+	<target host="koen.pro" />
+	<target host="koenie.eu" />
+	<target host="kofetzaran.tk" />
+	<target host="kofiannan.ch" />
+	<target host="koh.mn" />
+	<target host="kohls.co" />
+	<target host="koitz.co" />
+	<target host="koka.bz" />
+	<target host="kokocoran.ml" />
+	<target host="kokokurka.pl" />
+	<target host="kokorobet.ml" />
+	<target host="kokos.world" />
+	<target host="kolen.ch" />
+	<target host="koletech.info" />
+	<target host="kolg.co" />
+	<target host="kolomenjing.ml" />
+	<target host="kolomoh.ml" />
+	<target host="kolt.at" />
+	<target host="kom.fo" />
+	<target host="komedo.ml" />
+	<target host="kon.gg" />
+	<target host="kong.si" />
+	<target host="kongbwy.co" />
+	<target host="konqrunner.de" />
+	<target host="konrad.io" />
+	<target host="konrath.co" />
+	<target host="koo.do" />
+	<target host="koo.gl" />
+	<target host="koolkat.co" />
+	<target host="koom.be" />
+	<target host="kooz.ai" />
+	<target host="kopashd.ml" />
+	<target host="kopet.ga" />
+	<target host="kopp.la" />
+	<target host="koptalk.in" />
+	<target host="koqu.in" />
+	<target host="kora.re" />
+	<target host="korb.io" />
+	<target host="kore.us" />
+	<target host="kornit.info" />
+	<target host="kornlink.com" />
+	<target host="korr.nl" />
+	<target host="kort.klovern.se" />
+	<target host="kort.md" />
+	<target host="kortelink.com" />
+	<target host="korth.me" />
+	<target host="korw.es" />
+	<target host="koryw.co" />
+	<target host="kosar.in" />
+	<target host="koste.es" />
+	<target host="kotayhd.ml" />
+	<target host="kotori.link" />
+	<target host="kotp.us" />
+	<target host="kovas.co" />
+	<target host="kovdra.kiev.ua" />
+	<target host="kowhy.xyz" />
+	<target host="koziyu.me" />
+	<target host="kozyu.com" />
+	<target host="kp.blog.br" />
+	<target host="kp.cc" />
+	<target host="kp0.me" />
+	<target host="kpa.im" />
+	<target host="kpbs.us" />
+	<target host="kpc.am" />
+	<target host="kpc.today" />
+	<target host="kpcne.ws" />
+	<target host="kpgnet.ga" />
+	<target host="kphs.us" />
+	<target host="kpl.us" />
+	<target host="kpln.org" />
+	<target host="kpny.cc" />
+	<target host="kpr-kom.me" />
+	<target host="kpsh.us" />
+	<target host="kptv.tv" />
+	<target host="kpxl.in" />
+	<target host="kr3.co" />
+	<target host="kra.mr" />
+	<target host="kraai.link" />
+	<target host="kraf.tk" />
+	<target host="kraft.ca" />
+	<target host="kraft.us" />
+	<target host="krakowiak.click" />
+	<target host="kranso.me" />
+	<target host="kray.link" />
+	<target host="kraze.me" />
+	<target host="krazy.be" />
+	<target host="krazy.me" />
+	<target host="krbt.us" />
+	<target host="krfl.be" />
+	<target host="krg.bz" />
+	<target host="kri.gr" />
+	<target host="kri.sc" />
+	<target host="krid.us" />
+	<target host="krifa.link" />
+	<target host="krin.in" />
+	<target host="kris3d.me" />
+	<target host="kristiandill.ch" />
+	<target host="krkn.im" />
+	<target host="krl.tc" />
+	<target host="krl.yt" />
+	<target host="krlc.us" />
+	<target host="krma.me" />
+	<target host="krnr.net" />
+	<target host="krnr.org" />
+	<target host="krone.hugb.de" />
+	<target host="kronis.in" />
+	<target host="krrn.fyi" />
+	<target host="krsta.me" />
+	<target host="krstheater.ml" />
+	<target host="krstn.co" />
+	<target host="krt19.org" />
+	<target host="krtsrc.com" />
+	<target host="krtz.me" />
+	<target host="krtz.nl" />
+	<target host="kruhtz.yt" />
+	<target host="krvn.us" />
+	<target host="krybd.in" />
+	<target host="krys.co" />
+	<target host="ks.airinum.com" />
+	<target host="ks.church" />
+	<target host="ks.ht" />
+	<target host="ks4.us" />
+	<target host="ksa.ph" />
+	<target host="ksat.tv" />
+	<target host="ksaws.com" />
+	<target host="ksawyer.me" />
+	<target host="ksc.bike" />
+	<target host="ksc.li" />
+	<target host="ksclub.info" />
+	<target host="ksee.me" />
+	<target host="ksf.me" />
+	<target host="kshow.ml" />
+	<target host="kshr.us" />
+	<target host="ksig.ma" />
+	<target host="kski.tips" />
+	<target host="kskrg.nl" />
+	<target host="ksl.fm" />
+	<target host="ksl.rocks" />
+	<target host="ksod.se" />
+	<target host="kspr.io" />
+	<target host="kspr.me" />
+	<target host="ksslr.link" />
+	<target host="kst.enl.plus" />
+	<target host="kstn.ch" />
+	<target host="ksu.ag" />
+	<target host="ksu.am" />
+	<target host="kswain.link" />
+	<target host="ksxdj.co" />
+	<target host="ksyst.ms" />
+	<target host="kt-gab.us" />
+	<target host="kt81.net" />
+	<target host="kti.news" />
+	<target host="ktjlp.be" />
+	<target host="ktln.it" />
+	<target host="ktlov.es" />
+	<target host="ktmh.me" />
+	<target host="ktmr.de" />
+	<target host="ktnj.xyz" />
+	<target host="ktpth.bid" />
+	<target host="ktr.bz" />
+	<target host="ktred.me" />
+	<target host="ktrent.us" />
+	<target host="ktri.ps" />
+	<target host="ktsn.to" />
+	<target host="ktsp.link" />
+	<target host="ktt.ninja" />
+	<target host="ktu.re" />
+	<target host="ktuin.es" />
+	<target host="ku4drathdput.ml" />
+	<target host="kuathne.ws" />
+	<target host="kub.by" />
+	<target host="kubota.photos" />
+	<target host="kubrick.link" />
+	<target host="kucha.es" />
+	<target host="kud.us" />
+	<target host="kudo.id" />
+	<target host="kudoe.co.vu" />
+	<target host="kuecing.tk" />
+	<target host="kueh.ly" />
+	<target host="kuik.in" />
+	<target host="kukulut.us" />
+	<target host="kulado.xyz" />
+	<target host="kull.in" />
+	<target host="kulland.im" />
+	<target host="kulp.me" />
+	<target host="kulshirt.com" />
+	<target host="kultursal.no" />
+	<target host="kum.pr" />
+	<target host="kum4h4bihd.ml" />
+	<target host="kumpfrana.com" />
+	<target host="kun.st" />
+	<target host="kunai20.ml" />
+	<target host="kupfi.me" />
+	<target host="kupukuihd.ml" />
+	<target host="kur.so" />
+	<target host="kuraray.me" />
+	<target host="kurlykli.ps" />
+	<target host="kurvy.co" />
+	<target host="kurz-link.at" />
+	<target host="kus.bz" />
+	<target host="kushner.co" />
+	<target host="kutne.ws" />
+	<target host="kuto.be" />
+	<target host="kutz.link" />
+	<target host="kuya.gq" />
+	<target host="kuzick.in" />
+	<target host="kvmst.nl" />
+	<target host="kvn.im" />
+	<target host="kvn.town" />
+	<target host="kvnhg.tk" />
+	<target host="kvue.tv" />
+	<target host="kwasi.co" />
+	<target host="kway.ch" />
+	<target host="kwdesign.at" />
+	<target host="kwdub.ai" />
+	<target host="kwebb.me" />
+	<target host="kweed.co" />
+	<target host="kwhou.se" />
+	<target host="kwi.lt" />
+	<target host="kwib.us" />
+	<target host="kwiclnk.us" />
+	<target host="kwik.st" />
+	<target host="kwilson.me" />
+	<target host="kwin.city" />
+	<target host="kwiz.li" />
+	<target host="kwls.in" />
+	<target host="kwne.ws" />
+	<target host="kwp.al" />
+	<target host="kwp.io" />
+	<target host="kwri.de" />
+	<target host="kwrit.es" />
+	<target host="kwro.se" />
+	<target host="kxan.tv" />
+	<target host="kyaiz.in" />
+	<target host="kyak.mobi" />
+	<target host="kycl.io" />
+	<target host="kyezra.co" />
+	<target host="kyfbins.co" />
+	<target host="kyl.ie" />
+	<target host="kyla.im" />
+	<target host="kylebj.us" />
+	<target host="kylep.ca" />
+	<target host="kylieskits.com" />
+	<target host="kyotoj.nl" />
+	<target host="kyri.ba" />
+	<target host="kyrnd.us" />
+	<target host="kyst.tk" />
+	<target host="kyte.ws" />
+	<target host="kyvan.co" />
+	<target host="kza.vc" />
+	<target host="kzk.io" />
+	<target host="kzlnk.co" />
+	<target host="kzna.co" />
+	<target host="l-cs.me" />
+	<target host="l-dm.co" />
+	<target host="l-obs.fr" />
+	<target host="l.0l.de" />
+	<target host="l.1043.io" />
+	<target host="l.13protons.com" />
+	<target host="l.168.25u.com" />
+	<target host="l.21zoo.com" />
+	<target host="l.331.io" />
+	<target host="l.36n.co" />
+	<target host="l.3dgo.net" />
+	<target host="l.3l33t.xyz" />
+	<target host="l.3levers.co" />
+	<target host="l.4252.us" />
+	<target host="l.46hours.com" />
+	<target host="l.63.co.za" />
+	<target host="l.66099.co.uk" />
+	<target host="l.802101.com" />
+	<target host="l.924forum.nl" />
+	<target host="l.aal.party" />
+	<target host="l.aasset.de" />
+	<target host="l.abrt.io" />
+	<target host="l.accesto.com" />
+	<target host="l.acidpixel.com" />
+	<target host="l.acqut.com" />
+	<target host="l.acuerdalo.com" />
+	<target host="l.adalia.ma" />
+	<target host="l.adhipg.in" />
+	<target host="l.adjen.se" />
+	<target host="l.adph.ws" />
+	<target host="l.afcleuven.be" />
+	<target host="l.ag4it.nl" />
+	<target host="l.agis.co" />
+	<target host="l.agoama.tw" />
+	<target host="l.aidp.us" />
+	<target host="l.aimpa.com.br" />
+	<target host="l.aitor.is" />
+	<target host="l.aj-v.de" />
+	<target host="l.akiffatmi.com" />
+	<target host="l.alapont.com" />
+	<target host="l.alastair.io" />
+	<target host="l.albehery.com" />
+	<target host="l.aliexpress.io" />
+	<target host="l.alsen-team.pl" />
+	<target host="l.alvarosc.com" />
+	<target host="l.alvinhkh.com" />
+	<target host="l.an0.co.uk" />
+	<target host="l.anand.io" />
+	<target host="l.andresen.xyz" />
+	<target host="l.androdize.com" />
+	<target host="l.aneis.ch" />
+	<target host="l.anglican.ca" />
+	<target host="l.anian.org.ua" />
+	<target host="l.animesave.com" />
+	<target host="l.apilama.com" />
+	<target host="l.arcadian.band" />
+	<target host="l.areku.fr" />
+	<target host="l.ariahealy.me" />
+	<target host="l.aron.no" />
+	<target host="l.asx.hu" />
+	<target host="l.atin.me" />
+	<target host="l.avon39.org" />
+	<target host="l.avshost.com" />
+	<target host="l.axds.co" />
+	<target host="l.ayoub.co" />
+	<target host="l.b-u-d.info" />
+	<target host="l.bagthis.ch" />
+	<target host="l.bagun.eu" />
+	<target host="l.baig.io" />
+	<target host="l.basicpower.fr" />
+	<target host="l.bass.com.mx" />
+	<target host="l.bbhhuddle.org" />
+	<target host="l.bccl.net" />
+	<target host="l.bchgrp.co" />
+	<target host="l.bebna.de" />
+	<target host="l.beige.company" />
+	<target host="l.bejoyable.com" />
+	<target host="l.bekazali.com" />
+	<target host="l.belgaum.city" />
+	<target host="l.bemka.com" />
+	<target host="l.benny.id" />
+	<target host="l.benow.us" />
+	<target host="l.berry.co.il" />
+	<target host="l.bfgrossi.com" />
+	<target host="l.bherville.com" />
+	<target host="l.bi.in.th" />
+	<target host="l.bivab.de" />
+	<target host="l.bizequity.com" />
+	<target host="l.bizeul.fr" />
+	<target host="l.blivakker.no" />
+	<target host="l.blmx.de" />
+	<target host="l.bltavares.com" />
+	<target host="l.bobzien.com" />
+	<target host="l.bonpoint.com" />
+	<target host="l.borghorst.net" />
+	<target host="l.bostah.com" />
+	<target host="l.bozza.mobi" />
+	<target host="l.br.it" />
+	<target host="l.braa.ga" />
+	<target host="l.brfannexet.se" />
+	<target host="l.brianf.net" />
+	<target host="l.bridgeinc.us" />
+	<target host="l.brik.co" />
+	<target host="l.browns.info" />
+	<target host="l.bruji.com" />
+	<target host="l.bungeshea.com" />
+	<target host="l.burninme.net" />
+	<target host="l.byjohan.eu" />
+	<target host="l.caelus.org" />
+	<target host="l.cafe.ac" />
+	<target host="l.calzo.co.uk" />
+	<target host="l.candykent.com" />
+	<target host="l.carbine.tv" />
+	<target host="l.carlo.sg" />
+	<target host="l.carved.email" />
+	<target host="l.caschw.com" />
+	<target host="l.caspervox.com" />
+	<target host="l.cboulet.info" />
+	<target host="l.ccarfi.com" />
+	<target host="l.cefm.ca" />
+	<target host="l.chip.fyi" />
+	<target host="l.chornco.com" />
+	<target host="l.cidverse.com" />
+	<target host="l.citt.me" />
+	<target host="l.cjb.im" />
+	<target host="l.cjcc.edu.kh" />
+	<target host="l.cjs.io" />
+	<target host="l.cli-ck.me" />
+	<target host="l.clients.am" />
+	<target host="l.cluj.events" />
+	<target host="l.cmoretti.it" />
+	<target host="l.codebron.nl" />
+	<target host="l.col.lt" />
+	<target host="l.coldzone.co" />
+	<target host="l.color-on.info" />
+	<target host="l.comm2ig.dk" />
+	<target host="l.comturial.com" />
+	<target host="l.connatix.com" />
+	<target host="l.conr.ca" />
+	<target host="l.copps.nz" />
+	<target host="l.cpresence.com" />
+	<target host="l.cpt.ph" />
+	<target host="l.cpx.se" />
+	<target host="l.csommer.de" />
+	<target host="l.cuauhtli.info" />
+	<target host="l.cvbell.com" />
+	<target host="l.d-v.us" />
+	<target host="l.d.efinima.com" />
+	<target host="l.daed.me" />
+	<target host="l.dafacto.net" />
+	<target host="l.dalahavens.se" />
+	<target host="l.dandhlawn.com" />
+	<target host="l.danielooi.com" />
+	<target host="l.daniil.it" />
+	<target host="l.danph.uk" />
+	<target host="l.darocker.xyz" />
+	<target host="l.datapa.com" />
+	<target host="l.db6edr.de" />
+	<target host="l.dbea.st" />
+	<target host="l.dcdesi.com" />
+	<target host="l.dcg.nz" />
+	<target host="l.deep.bsb.br" />
+	<target host="l.delizialy.com" />
+	<target host="l.denjohn.org" />
+	<target host="l.derby.io" />
+	<target host="l.dewet.org" />
+	<target host="l.dezaiso.jp" />
+	<target host="l.deze.net" />
+	<target host="l.dgl.guru" />
+	<target host="l.dh.hu" />
+	<target host="l.dhyw.com" />
+	<target host="l.dieron.com" />
+	<target host="l.djdb.me" />
+	<target host="l.djld.me" />
+	<target host="l.dmitriy.cz" />
+	<target host="l.dmzapps.com" />
+	<target host="l.dnbrv.com" />
+	<target host="l.dnsmirror.org" />
+	<target host="l.docjobs.at" />
+	<target host="l.docondev.com" />
+	<target host="l.doh.ms" />
+	<target host="l.doqk.ml" />
+	<target host="l.drinkbird.com" />
+	<target host="l.drnk.in" />
+	<target host="l.dropj20.org" />
+	<target host="l.drsoram.com" />
+	<target host="l.druffin.fr" />
+	<target host="l.drz.ac" />
+	<target host="l.dtrw.ovh" />
+	<target host="l.duc.as" />
+	<target host="l.duit.pro" />
+	<target host="l.duosia.id" />
+	<target host="l.dvuckovic.com" />
+	<target host="l.dynhlx.com" />
+	<target host="l.e-net.info" />
+	<target host="l.e-societe.com" />
+	<target host="l.eastern.in" />
+	<target host="l.easyapple.org" />
+	<target host="l.ecreo.dk" />
+	<target host="l.edm.io" />
+	<target host="l.egal.bz" />
+	<target host="l.egd.io" />
+	<target host="l.einar.me" />
+	<target host="l.el-st.com" />
+	<target host="l.eldonchew.com" />
+	<target host="l.elitekind.de" />
+	<target host="l.ell.io" />
+	<target host="l.elpete.com" />
+	<target host="l.emre.gs" />
+	<target host="l.emtarg.com.ar" />
+	<target host="l.endfy.com" />
+	<target host="l.esbeltta.com" />
+	<target host="l.esiclinic.com" />
+	<target host="l.esija.com" />
+	<target host="l.esnt.de" />
+	<target host="l.ethim.nl" />
+	<target host="l.evens.eu" />
+	<target host="l.evj.nl" />
+	<target host="l.exspere.com" />
+	<target host="l.extension.fi" />
+	<target host="l.f12.no" />
+	<target host="l.fahy.eu" />
+	<target host="l.faithtoday.ca" />
+	<target host="l.falu.me" />
+	<target host="l.familab.org" />
+	<target host="l.fan.si" />
+	<target host="l.fansfolio.com" />
+	<target host="l.fatalog.net" />
+	<target host="l.fatdom.com" />
+	<target host="l.faun.me" />
+	<target host="l.fbml.net" />
+	<target host="l.fcjr.co" />
+	<target host="l.festradio.com" />
+	<target host="l.fielder.mobi" />
+	<target host="l.fim-live.com" />
+	<target host="l.financefox.ch" />
+	<target host="l.firewize.com" />
+	<target host="l.fixrd.net" />
+	<target host="l.fldx.org" />
+	<target host="l.fleur.ua" />
+	<target host="l.flight.house" />
+	<target host="l.flo.fyi" />
+	<target host="l.floh.in" />
+	<target host="l.floral.nu" />
+	<target host="l.florida.pe" />
+	<target host="l.forex13.com" />
+	<target host="l.forzieri.com" />
+	<target host="l.fosi.org" />
+	<target host="l.frltcs.at" />
+	<target host="l.fwx.co" />
+	<target host="l.g5g6.club" />
+	<target host="l.gabe.bz" />
+	<target host="l.gamedok.net" />
+	<target host="l.gamehouse.com" />
+	<target host="l.gamified.uk" />
+	<target host="l.garamburu.com" />
+	<target host="l.gcht.org.uk" />
+	<target host="l.gei.lt" />
+	<target host="l.geocrono.com" />
+	<target host="l.getticket.jp" />
+	<target host="l.geyfman.net" />
+	<target host="l.giambo.org" />
+	<target host="l.giyf.in" />
+	<target host="l.gnva.com" />
+	<target host="l.gocdkeys.com" />
+	<target host="l.golfbaka.jp" />
+	<target host="l.goodbuyz.com" />
+	<target host="l.grantbook.org" />
+	<target host="l.greatdeals.ml" />
+	<target host="l.grecnar.sk" />
+	<target host="l.gswk.de" />
+	<target host="l.gwrelay.org" />
+	<target host="l.gwx.nl" />
+	<target host="l.harryjms.uk" />
+	<target host="l.harvellm.co" />
+	<target host="l.hchuang.info" />
+	<target host="l.hdurer.net" />
+	<target host="l.heroga.me" />
+	<target host="l.hindmar.sh" />
+	<target host="l.hireup.com.au" />
+	<target host="l.his-bkk.com" />
+	<target host="l.hoaxes.id" />
+	<target host="l.hotels24.ua" />
+	<target host="l.hughson.dk" />
+	<target host="l.husnan.com" />
+	<target host="l.hutchi.es" />
+	<target host="l.huuub.com" />
+	<target host="l.hwm.io" />
+	<target host="l.iaero.me" />
+	<target host="l.iamoctopus.co" />
+	<target host="l.icilalune.net" />
+	<target host="l.id0.it" />
+	<target host="l.ifeli.me" />
+	<target host="l.ikd.be" />
+	<target host="l.imti.co" />
+	<target host="l.inc.com" />
+	<target host="l.inkc.in" />
+	<target host="l.insights.ms" />
+	<target host="l.instap.io" />
+	<target host="l.insula.tech" />
+	<target host="l.intensewp.com" />
+	<target host="l.irrayyan.com" />
+	<target host="l.ishuman.co" />
+	<target host="l.itdevelop.ru" />
+	<target host="l.itl33.ru" />
+	<target host="l.itswar.be" />
+	<target host="l.ivansiu.com" />
+	<target host="l.ivoxy.com" />
+	<target host="l.izax.de" />
+	<target host="l.j-inb.net" />
+	<target host="l.j-s.tv" />
+	<target host="l.j2w.fr" />
+	<target host="l.j7.no" />
+	<target host="l.jacob.io" />
+	<target host="l.jadeo.es" />
+	<target host="l.jamiete.ch" />
+	<target host="l.jana.com" />
+	<target host="l.jarenchua.me" />
+	<target host="l.jas.my" />
+	<target host="l.jav4you.com" />
+	<target host="l.jaxlug.net" />
+	<target host="l.jayagonoy.xyz" />
+	<target host="l.jd-1.dk" />
+	<target host="l.jdn.im" />
+	<target host="l.jessii.me" />
+	<target host="l.jezzza.com" />
+	<target host="l.jfvassoc.com" />
+	<target host="l.jibs.net" />
+	<target host="l.jincor.com" />
+	<target host="l.jkrrv.org" />
+	<target host="l.jmk.me" />
+	<target host="l.jmoran.me" />
+	<target host="l.jmweston.fr" />
+	<target host="l.jnjax.us" />
+	<target host="l.jnn.gs" />
+	<target host="l.jobwrk.com" />
+	<target host="l.joeteach.us" />
+	<target host="l.johnstown.com" />
+	<target host="l.jonhylton.com" />
+	<target host="l.joress.com" />
+	<target host="l.jostudio.net" />
+	<target host="l.jpdl.us" />
+	<target host="l.jrunn.in" />
+	<target host="l.jshultz.co" />
+	<target host="l.judge.ovh" />
+	<target host="l.jugemcart.com" />
+	<target host="l.jusbr.com" />
+	<target host="l.k7add.com" />
+	<target host="l.kchoptalk.com" />
+	<target host="l.kees.io" />
+	<target host="l.kenmainr.net" />
+	<target host="l.kestev.com" />
+	<target host="l.kevincheng.me" />
+	<target host="l.kf7usv.com" />
+	<target host="l.khoanguyen.me" />
+	<target host="l.kid.fund" />
+	<target host="l.kimchisan.com" />
+	<target host="l.kirn.tv" />
+	<target host="l.kitsun.co" />
+	<target host="l.kittest.se" />
+	<target host="l.knpw.rs" />
+	<target host="l.koffisani.ga" />
+	<target host="l.konsorten.de" />
+	<target host="l.koshiba.co.jp" />
+	<target host="l.koskila.fi" />
+	<target host="l.kotzwerk.de" />
+	<target host="l.kreuzer-bb.de" />
+	<target host="l.ksp.ca" />
+	<target host="l.ktapps.com" />
+	<target host="l.kvc.me" />
+	<target host="l.kygeek.com" />
+	<target host="l.kyle.media" />
+	<target host="l.kyuden.jp" />
+	<target host="l.lanceweb.tk" />
+	<target host="l.lannasw.com" />
+	<target host="l.lbb.me.uk" />
+	<target host="l.leau.ro" />
+	<target host="l.left.ly" />
+	<target host="l.leiogkjop.no" />
+	<target host="l.lengl.cc" />
+	<target host="l.letoullec.fr" />
+	<target host="l.letunglam.com" />
+	<target host="l.liaw.me" />
+	<target host="l.liion.mx" />
+	<target host="l.linprofs.com" />
+	<target host="l.littleman.co" />
+	<target host="l.ll1l.net" />
+	<target host="l.loadx.io" />
+	<target host="l.lobu.co" />
+	<target host="l.lpho.de" />
+	<target host="l.ltf.no" />
+	<target host="l.ludw.in" />
+	<target host="l.luke.scot" />
+	<target host="l.lukeabell.com" />
+	<target host="l.lukewon.com" />
+	<target host="l.lumension.com" />
+	<target host="l.lumikids.com" />
+	<target host="l.luna.lu" />
+	<target host="l.lx4.us" />
+	<target host="l.m4tt.nz" />
+	<target host="l.mace.ws" />
+	<target host="l.maddesigns.de" />
+	<target host="l.madhugb.com" />
+	<target host="l.maft.co" />
+	<target host="l.mahifx.com" />
+	<target host="l.mamartes.com" />
+	<target host="l.marganian.com" />
+	<target host="l.mariobarth.de" />
+	<target host="l.markm.ac" />
+	<target host="l.martin.sh" />
+	<target host="l.mastaneh.ir" />
+	<target host="l.matematrix.de" />
+	<target host="l.mavililer.com" />
+	<target host="l.maxjchung.com" />
+	<target host="l.maxkostow.com" />
+	<target host="l.mbdb.jp" />
+	<target host="l.mcent.me" />
+	<target host="l.medicinia.com" />
+	<target host="l.meljones.info" />
+	<target host="l.meon.be" />
+	<target host="l.merid.org" />
+	<target host="l.mettapsy.com" />
+	<target host="l.mfazio.me" />
+	<target host="l.mgsog.nl" />
+	<target host="l.michaelk.me" />
+	<target host="l.micronium.net" />
+	<target host="l.mifans.web.id" />
+	<target host="l.mihai.im" />
+	<target host="l.milli.az" />
+	<target host="l.mindful.am" />
+	<target host="l.minhoshim.com" />
+	<target host="l.misfitrad.io" />
+	<target host="l.mitry.spb.ru" />
+	<target host="l.mivistore.com" />
+	<target host="l.mkj.is" />
+	<target host="l.mloclam.in" />
+	<target host="l.mndk.hu" />
+	<target host="l.moaicity.com" />
+	<target host="l.monorover.cz" />
+	<target host="l.mothra.org" />
+	<target host="l.motormsm.com" />
+	<target host="l.mpg.is" />
+	<target host="l.mrguilt.com" />
+	<target host="l.mrjeremy.fr" />
+	<target host="l.mrt.express" />
+	<target host="l.mrt.io" />
+	<target host="l.musicdash.co" />
+	<target host="l.musleh.com" />
+	<target host="l.mylapka.com" />
+	<target host="l.nali.org" />
+	<target host="l.navin.com.np" />
+	<target host="l.navit.ie" />
+	<target host="l.naytev.com" />
+	<target host="l.nbtwiki.net" />
+	<target host="l.ndt3.ml" />
+	<target host="l.nebjak.net" />
+	<target host="l.nerdynaut.com" />
+	<target host="l.netmag.mx" />
+	<target host="l.nexse.com" />
+	<target host="l.nhtllc.co" />
+	<target host="l.nhz.de" />
+	<target host="l.niablog.com" />
+	<target host="l.niklas.top" />
+	<target host="l.nileshgr.com" />
+	<target host="l.nirm.it" />
+	<target host="l.njpc.it" />
+	<target host="l.nomzit.com" />
+	<target host="l.noshly.com" />
+	<target host="l.nova-vitae.nl" />
+	<target host="l.nowforce.com" />
+	<target host="l.noxinbox.com" />
+	<target host="l.nsawd.com" />
+	<target host="l.nurtury.us" />
+	<target host="l.nurx.co" />
+	<target host="l.nvser.ir" />
+	<target host="l.nvxo.de" />
+	<target host="l.nystrom.info" />
+	<target host="l.nzz.nl" />
+	<target host="l.oasestech.com" />
+	<target host="l.ocxgroup.com" />
+	<target host="l.odoketa.com" />
+	<target host="l.odysseum.de" />
+	<target host="l.ogisz.de" />
+	<target host="l.ogisz.nl" />
+	<target host="l.ohmycream.fr" />
+	<target host="l.oj.io" />
+	<target host="l.omer.io" />
+	<target host="l.onsoft24.ru" />
+	<target host="l.ook.at.it" />
+	<target host="l.open-wear.com" />
+	<target host="l.orfium.com" />
+	<target host="l.oscarc.net" />
+	<target host="l.osg.my" />
+	<target host="l.ownrides.com" />
+	<target host="l.pack9nc.org" />
+	<target host="l.paos.org" />
+	<target host="l.pauneu.de" />
+	<target host="l.pcconnect.com" />
+	<target host="l.pdoteam.com" />
+	<target host="l.peti.info" />
+	<target host="l.ph1l.tv" />
+	<target host="l.photofolio.dk" />
+	<target host="l.pi.mu" />
+	<target host="l.pictureit.no" />
+	<target host="l.piggiapp.com" />
+	<target host="l.pincom.be" />
+	<target host="l.pinone.com" />
+	<target host="l.pjkel.ly" />
+	<target host="l.plato.fm" />
+	<target host="l.plo.ink" />
+	<target host="l.polvi.eu" />
+	<target host="l.popout.de" />
+	<target host="l.posb.kr" />
+	<target host="l.potts.it" />
+	<target host="l.prageru.com" />
+	<target host="l.prehash.com" />
+	<target host="l.prg.com" />
+	<target host="l.primal.mx" />
+	<target host="l.prodsight.com" />
+	<target host="l.przenioslo.eu" />
+	<target host="l.ps4steals.com" />
+	<target host="l.psp83.co.uk" />
+	<target host="l.ptclinic.com" />
+	<target host="l.pushowl.com" />
+	<target host="l.qispi.fr" />
+	<target host="l.qran.io" />
+	<target host="l.r-g.me" />
+	<target host="l.rabbitohne.ws" />
+	<target host="l.rabkin.co.il" />
+	<target host="l.raisebook.com" />
+	<target host="l.ramiyer.me" />
+	<target host="l.rare-tones.de" />
+	<target host="l.ravi.be" />
+	<target host="l.rbh-bb.de" />
+	<target host="l.rc5.co" />
+	<target host="l.rcd.io" />
+	<target host="l.rcd.zone" />
+	<target host="l.redj.xyz" />
+	<target host="l.redpill.co" />
+	<target host="l.refresh.fun" />
+	<target host="l.reidgober.com" />
+	<target host="l.rene.im" />
+	<target host="l.reportbee.net" />
+	<target host="l.rfsk.org.uk" />
+	<target host="l.rgauss.com" />
+	<target host="l.rgm.io" />
+	<target host="l.ria.cc" />
+	<target host="l.ribosomic.com" />
+	<target host="l.richev.me" />
+	<target host="l.rnbk.org" />
+	<target host="l.rondier.pw" />
+	<target host="l.rowe-net.net" />
+	<target host="l.rtl.be" />
+	<target host="l.rtsp.us" />
+	<target host="l.rusch.sg" />
+	<target host="l.rvnx.org" />
+	<target host="l.rzk.jp" />
+	<target host="l.rzn.io" />
+	<target host="l.s-f.com" />
+	<target host="l.saadh.com" />
+	<target host="l.saemi.biz" />
+	<target host="l.safadinho.net" />
+	<target host="l.sallaerts.me" />
+	<target host="l.samho.nl" />
+	<target host="l.samplify.io" />
+	<target host="l.santsys.com" />
+	<target host="l.saptak.in" />
+	<target host="l.sascha.us" />
+	<target host="l.saunier.me" />
+	<target host="l.savas.io" />
+	<target host="l.sayf.me" />
+	<target host="l.sbio.me" />
+	<target host="l.sbstnerb.de" />
+	<target host="l.scaife.io" />
+	<target host="l.scalepods.io" />
+	<target host="l.scdi.scot" />
+	<target host="l.scholz.net" />
+	<target host="l.sd3.in" />
+	<target host="l.sean.taipei" />
+	<target host="l.sebthedev.com" />
+	<target host="l.seddon.me" />
+	<target host="l.sedoni.co" />
+	<target host="l.seebeetee.com" />
+	<target host="l.sengo.com" />
+	<target host="l.sevez.net" />
+	<target host="l.sf3.ro" />
+	<target host="l.sgoyal.net" />
+	<target host="l.sh1ny.net" />
+	<target host="l.shck.it" />
+	<target host="l.shiney.com" />
+	<target host="l.shiori.live" />
+	<target host="l.shiorino.com" />
+	<target host="l.shop.pr" />
+	<target host="l.shop63.co.za" />
+	<target host="l.shopcloud.io" />
+	<target host="l.shrmn.com" />
+	<target host="l.silvexis.com" />
+	<target host="l.simonplays.tv" />
+	<target host="l.siseci.net" />
+	<target host="l.siz.io" />
+	<target host="l.sjalabs.com" />
+	<target host="l.skarum.net" />
+	<target host="l.skpetites.com" />
+	<target host="l.skyrme.net" />
+	<target host="l.smarks.me" />
+	<target host="l.snapask.sg" />
+	<target host="l.snapveri.com" />
+	<target host="l.snug.ug" />
+	<target host="l.solid.dj" />
+	<target host="l.sorawich.com" />
+	<target host="l.sosso.me" />
+	<target host="l.sportshax.com" />
+	<target host="l.sprout24.com" />
+	<target host="l.sqlpl.us" />
+	<target host="l.sricola.com" />
+	<target host="l.srxn.us" />
+	<target host="l.ssddink.com" />
+	<target host="l.sspinto.com" />
+	<target host="l.st.fi" />
+	<target host="l.stac.nz" />
+	<target host="l.stanpol.ru" />
+	<target host="l.stian.info" />
+	<target host="l.stinv.co" />
+	<target host="l.stramark.nl" />
+	<target host="l.studyflow.ru" />
+	<target host="l.sumtips.com" />
+	<target host="l.sung.am" />
+	<target host="l.superjd10.com" />
+	<target host="l.svendsen.xyz" />
+	<target host="l.svj2291.cz" />
+	<target host="l.swanros.com" />
+	<target host="l.swissrail.com" />
+	<target host="l.swoact.no" />
+	<target host="l.symbicore.com" />
+	<target host="l.synthus.io" />
+	<target host="l.sysops.at" />
+	<target host="l.sztuhar.com" />
+	<target host="l.t-jark.de" />
+	<target host="l.tabunah.com" />
+	<target host="l.tareq.tk" />
+	<target host="l.tarry.cat" />
+	<target host="l.tat.sh" />
+	<target host="l.tath.am" />
+	<target host="l.td00.de" />
+	<target host="l.techhaven.org" />
+	<target host="l.tedxsoas.com" />
+	<target host="l.teh.sg" />
+	<target host="l.tekmonki.com" />
+	<target host="l.tesbihane.org" />
+	<target host="l.tesomayn.com" />
+	<target host="l.testa.im" />
+	<target host="l.theefc.ca" />
+	<target host="l.thehawkins.us" />
+	<target host="l.thzinc.com" />
+	<target host="l.tigervpn.com" />
+	<target host="l.tikatravel.pe" />
+	<target host="l.tikwenpam.net" />
+	<target host="l.timw.co" />
+	<target host="l.tiwi.be" />
+	<target host="l.tl" />
+	<target host="l.tmkrstn.co" />
+	<target host="l.toastin.space" />
+	<target host="l.toch.im" />
+	<target host="l.tokk.de" />
+	<target host="l.tomprice.ca" />
+	<target host="l.tooky.co.uk" />
+	<target host="l.topbongda.com" />
+	<target host="l.tpt.bz" />
+	<target host="l.transvias.net" />
+	<target host="l.travelyst.de" />
+	<target host="l.trend.az" />
+	<target host="l.trio.sexy" />
+	<target host="l.trippiece.com" />
+	<target host="l.trsv.co" />
+	<target host="l.tutorando.com" />
+	<target host="l.tuvok.net" />
+	<target host="l.tyang.im" />
+	<target host="l.tzty.net" />
+	<target host="l.u4ic.co" />
+	<target host="l.uakix.com" />
+	<target host="l.uakt.net" />
+	<target host="l.uccsda.org" />
+	<target host="l.udr.me" />
+	<target host="l.uicart.com" />
+	<target host="l.umboapp.com" />
+	<target host="l.unisal.tk" />
+	<target host="l.unomaha.edu" />
+	<target host="l.unplayer.com" />
+	<target host="l.upfour.it" />
+	<target host="l.uptvector.com" />
+	<target host="l.uti.med.br" />
+	<target host="l.vaks.me" />
+	<target host="l.vanloo.biz" />
+	<target host="l.verslu.is" />
+	<target host="l.video3.co.uk" />
+	<target host="l.viettri.vn" />
+	<target host="l.vigier.at" />
+	<target host="l.vigo.io" />
+	<target host="l.vileware.com" />
+	<target host="l.vincentr.nz" />
+	<target host="l.vom.tc" />
+	<target host="l.vspc.net" />
+	<target host="l.vtech.fr" />
+	<target host="l.vzfy.co" />
+	<target host="l.wangroot.com" />
+	<target host="l.ward.guru" />
+	<target host="l.warnet.cz" />
+	<target host="l.warp2.us" />
+	<target host="l.warrenlex.com" />
+	<target host="l.wat.wtf" />
+	<target host="l.wdmc.us" />
+	<target host="l.webone.io" />
+	<target host="l.wedothings.fr" />
+	<target host="l.weeckd.com" />
+	<target host="l.weinshel.net" />
+	<target host="l.welaika.com" />
+	<target host="l.westm.co.uk" />
+	<target host="l.whiteaker.org" />
+	<target host="l.wilks.co" />
+	<target host="l.withperez.nyc" />
+	<target host="l.wix.com" />
+	<target host="l.wolf.photos" />
+	<target host="l.wolt.com" />
+	<target host="l.wonandez.com" />
+	<target host="l.writhem.com" />
+	<target host="l.x1fr.com" />
+	<target host="l.x8g.nl" />
+	<target host="l.xal.li" />
+	<target host="l.xam.io" />
+	<target host="l.xat.social" />
+	<target host="l.xida.de" />
+	<target host="l.y4ng.com" />
+	<target host="l.ya.wtf" />
+	<target host="l.yeahunter.hu" />
+	<target host="l.ynn.me" />
+	<target host="l.ynx.co" />
+	<target host="l.yulian.biz" />
+	<target host="l.z-p.io" />
+	<target host="l.z0p.org" />
+	<target host="l.zangha.com" />
+	<target host="l.zbee.me" />
+	<target host="l.zepher.me" />
+	<target host="l.zeta.net" />
+	<target host="l.zho.io" />
+	<target host="l.zndr.co.uk" />
+	<target host="l.zupus.co" />
+	<target host="l0ngta1m4k.ml" />
+	<target host="l1.de" />
+	<target host="l1.jo.je" />
+	<target host="l11.co" />
+	<target host="l12.io" />
+	<target host="l1n.me" />
+	<target host="l1nk.cf" />
+	<target host="l1nk.it" />
+	<target host="l1nk.no" />
+	<target host="l2ag.com" />
+	<target host="l2e.info" />
+	<target host="l2y.in" />
+	<target host="l3o.me" />
+	<target host="l4b3l.co" />
+	<target host="l5.io" />
+	<target host="l8p.ru" />
+	<target host="l8r.li" />
+	<target host="l996.cf" />
+	<target host="la.co.na" />
+	<target host="la.gmf.fr" />
+	<target host="la.irbob.com" />
+	<target host="la.tms.edu" />
+	<target host="laa.io" />
+	<target host="laad.in" />
+	<target host="lab.as" />
+	<target host="lab.click" />
+	<target host="lab.gtgn.co" />
+	<target host="lab.to" />
+	<target host="labandeira.farm" />
+	<target host="labb.nl" />
+	<target host="labd.in" />
+	<target host="labels101.com" />
+	<target host="labevents.org" />
+	<target host="labio.life" />
+	<target host="labo.fifpl.be" />
+	<target host="labom.at" />
+	<target host="labr.ie" />
+	<target host="labt.ag" />
+	<target host="labth.in" />
+	<target host="labti.me" />
+	<target host="laceywon.com" />
+	<target host="lachie.me" />
+	<target host="lacoplink.com" />
+	<target host="lacord.ee" />
+	<target host="ladde.rs" />
+	<target host="ladv.ovh" />
+	<target host="ladycut.ml" />
+	<target host="lafab.tv" />
+	<target host="lafar.ge" />
+	<target host="lafargeholc.im" />
+	<target host="lafc.me" />
+	<target host="lafro.nz" />
+	<target host="lag.ovh" />
+	<target host="laglxy.com" />
+	<target host="lagom.direct" />
+	<target host="lagos.pro" />
+	<target host="laird.xyz" />
+	<target host="laise.no" />
+	<target host="lajerr.io" />
+	<target host="lajob.co" />
+	<target host="lakehom.es" />
+	<target host="lakin.gs" />
+	<target host="lakisha.me" />
+	<target host="laleo.mx" />
+	<target host="laler.ml" />
+	<target host="lalo-s.com" />
+	<target host="lalone.us" />
+	<target host="lambd.as" />
+	<target host="lamer.co" />
+	<target host="lamov.pw" />
+	<target host="lana.mobi" />
+	<target host="landdesig.net" />
+	<target host="landmktg.com" />
+	<target host="lando.social" />
+	<target host="landon.co" />
+	<target host="landryfb.com" />
+	<target host="lang.ml" />
+	<target host="langh.co" />
+	<target host="langitmovie.tk" />
+	<target host="langton.blue" />
+	<target host="langzijn.com" />
+	<target host="lanjutkan.gq" />
+	<target host="lanl.in" />
+	<target host="lann.es" />
+	<target host="lapchi.co" />
+	<target host="lapl.la" />
+	<target host="lapweb.info" />
+	<target host="larecla.me" />
+	<target host="larep.it" />
+	<target host="largeform.at" />
+	<target host="larkins.in" />
+	<target host="larry52.com" />
+	<target host="larryste.in" />
+	<target host="lars.biz" />
+	<target host="lars.myftp.biz" />
+	<target host="lars.space" />
+	<target host="larsro.se" />
+	<target host="laselasfilm.ml" />
+	<target host="laser.dynu.net" />
+	<target host="lasftix.com" />
+	<target host="lasne.ws" />
+	<target host="lastking.ml" />
+	<target host="laststp.me" />
+	<target host="lasv.us" />
+	<target host="lat-intl.com" />
+	<target host="lat.gr" />
+	<target host="latamfx.co" />
+	<target host="latania.co" />
+	<target host="latechwat.ch" />
+	<target host="latemodelres.to" />
+	<target host="lathm.co" />
+	<target host="latika.me" />
+	<target host="latingram.my" />
+	<target host="latino.life" />
+	<target host="latr.info" />
+	<target host="laugheat.co" />
+	<target host="lauk.ml" />
+	<target host="laupe.xyz" />
+	<target host="lauradar.by" />
+	<target host="laurc.ro" />
+	<target host="laurelhill.me" />
+	<target host="laustri.at" />
+	<target host="lava.fyi" />
+	<target host="lava.to" />
+	<target host="lavel.la" />
+	<target host="lavim.co" />
+	<target host="lavishcolors.co" />
+	<target host="lavmint.com" />
+	<target host="law-s.in" />
+	<target host="lawdai.ly" />
+	<target host="lawgic.al" />
+	<target host="lawks.us" />
+	<target host="lawnpro.me" />
+	<target host="lawrd.co" />
+	<target host="lawsto.re" />
+	<target host="lawumi.ch" />
+	<target host="laxcop.com" />
+	<target host="laxmag.us" />
+	<target host="layar.it" />
+	<target host="layn.es" />
+	<target host="layne.one" />
+	<target host="lazza.me" />
+	<target host="lb.to" />
+	<target host="lbam.co" />
+	<target host="lbbc.co" />
+	<target host="lbgfs.co" />
+	<target host="lbhq.it" />
+	<target host="lbk.li" />
+	<target host="lbkcraft.info" />
+	<target host="lbl.to" />
+	<target host="lblprop.info" />
+	<target host="lbox.pw" />
+	<target host="lbpo.st" />
+	<target host="lbrm.us" />
+	<target host="lbry.cloud" />
+	<target host="lbsprop.info" />
+	<target host="lby.co" />
+	<target host="lcara.to" />
+	<target host="lcbc.ch" />
+	<target host="lcbo.me" />
+	<target host="lcdd.in" />
+	<target host="lcdisability.uk" />
+	<target host="lcef.us" />
+	<target host="lck.ae" />
+	<target host="lcmtens.co" />
+	<target host="lcoimbra.com" />
+	<target host="lcom.bz" />
+	<target host="lcpphoto.com" />
+	<target host="lcpy.co" />
+	<target host="lcrf.org" />
+	<target host="lcry.us" />
+	<target host="lcsocial.net" />
+	<target host="lcsun.co" />
+	<target host="lct.ee" />
+	<target host="lcurio.us" />
+	<target host="lcurl.xyz" />
+	<target host="lcy.io" />
+	<target host="lczine.com" />
+	<target host="lda.agency" />
+	<target host="ldale.org" />
+	<target host="ldclub.uk" />
+	<target host="lddg.co" />
+	<target host="ldeals.uk" />
+	<target host="ldf.io" />
+	<target host="ldfy.us" />
+	<target host="ldgr.ch" />
+	<target host="ldh.fr" />
+	<target host="ldig.it" />
+	<target host="ldigit.al" />
+	<target host="ldlw.me" />
+	<target host="ldn.glass" />
+	<target host="ldnborn.com" />
+	<target host="ldnbri.de" />
+	<target host="ldne.ws" />
+	<target host="ldng.ag" />
+	<target host="ldos.co" />
+	<target host="ldpaa.com" />
+	<target host="ldr.io" />
+	<target host="ldrsft.com" />
+	<target host="ldrsnb.st" />
+	<target host="ldrtribe.com" />
+	<target host="lds.loodos.com" />
+	<target host="lds.rocks" />
+	<target host="ldwg.co" />
+	<target host="le.clubdo.us" />
+	<target host="lead.pm" />
+	<target host="leadch.at" />
+	<target host="leaderist.org" />
+	<target host="leadpages.to" />
+	<target host="leadsbridge.io" />
+	<target host="leadscor.es" />
+	<target host="leadz.pro" />
+	<target host="leaflet.blog" />
+	<target host="leafne.ws" />
+	<target host="leak.yt" />
+	<target host="leam.info" />
+	<target host="leandr.in" />
+	<target host="leao.in" />
+	<target host="leap2.us" />
+	<target host="leapit.co" />
+	<target host="learn.ag" />
+	<target host="learn.lc" />
+	<target host="learn2.io" />
+	<target host="learnfren.ch" />
+	<target host="learnsimply.xyz" />
+	<target host="learntim.co" />
+	<target host="learntm.org" />
+	<target host="learntu.be" />
+	<target host="learnup.co" />
+	<target host="leax4khd.ml" />
+	<target host="leaz.es" />
+	<target host="lebara.im" />
+	<target host="lebeda.spb.ru" />
+	<target host="lebnet.fr" />
+	<target host="lecid.re" />
+	<target host="lecmt.be" />
+	<target host="led-stream.ml" />
+	<target host="ledr.tech" />
+	<target host="ledte.ch" />
+	<target host="lee-cre.com" />
+	<target host="lee.gl" />
+	<target host="lee.to" />
+	<target host="leed.st" />
+	<target host="leeds.ly" />
+	<target host="leef.to" />
+	<target host="leeg.ca" />
+	<target host="leeg.photo" />
+	<target host="leelov.es" />
+	<target host="leemc.me" />
+	<target host="leend.rs" />
+	<target host="leeph.am" />
+	<target host="leeyt.ml" />
+	<target host="lefas.hn" />
+	<target host="legaci.de" />
+	<target host="legacy.vision" />
+	<target host="legacychur.ch" />
+	<target host="legacym.us" />
+	<target host="legiao.me" />
+	<target host="legitgifts.co" />
+	<target host="legndary.us" />
+	<target host="lego.build" />
+	<target host="legrandsapin.ca" />
+	<target host="lehane.pics" />
+	<target host="lehighm.se" />
+	<target host="leic.it" />
+	<target host="leieti.ng" />
+	<target host="leijo.net" />
+	<target host="leikki.co" />
+	<target host="leit.es" />
+	<target host="leiva.me" />
+	<target host="lela.im" />
+	<target host="lello.site" />
+	<target host="lemar.in" />
+	<target host="lemde.fr" />
+	<target host="lemerid.ie" />
+	<target host="lemp.co" />
+	<target host="len.sc" />
+	<target host="lenbath.us" />
+	<target host="lendlea.se" />
+	<target host="lendr.net" />
+	<target host="lengle.co" />
+	<target host="lenjc.com" />
+	<target host="lenketil.no" />
+	<target host="lennevin.com" />
+	<target host="lenox.xyz" />
+	<target host="lensba.by" />
+	<target host="lenscaper.be" />
+	<target host="lensculture.co" />
+	<target host="lenz.click" />
+	<target host="leo.camp" />
+	<target host="leo.io" />
+	<target host="leo.pw" />
+	<target host="leok.at" />
+	<target host="leolop.es" />
+	<target host="leonardfren.ch" />
+	<target host="leonel.onl" />
+	<target host="lern.in" />
+	<target host="lesa.in" />
+	<target host="leslie.bz" />
+	<target host="lessonbywes.com" />
+	<target host="lesstudios.com" />
+	<target host="lesteri.us" />
+	<target host="lestrange.co" />
+	<target host="leszczynski.it" />
+	<target host="let.f9.do" />
+	<target host="let360.tk" />
+	<target host="lethiaowens.net" />
+	<target host="letlife.in" />
+	<target host="letm.be" />
+	<target host="letmed.co" />
+	<target host="letrinteach.me" />
+	<target host="letsgooutsi.de" />
+	<target host="letsp.in" />
+	<target host="letsplay.ml" />
+	<target host="lev2.de" />
+	<target host="leve.lv" />
+	<target host="leviat.hn" />
+	<target host="levl.in" />
+	<target host="levo.im" />
+	<target host="lexbz.net" />
+	<target host="lexer.link" />
+	<target host="lexeshow.co" />
+	<target host="lexis.at" />
+	<target host="lexjet.net" />
+	<target host="lexl.ink" />
+	<target host="lexlevinrad.net" />
+	<target host="lexo.qysh.me" />
+	<target host="lexonia.me" />
+	<target host="lexus.us" />
+	<target host="lexusoftulsa.us" />
+	<target host="leytto.in" />
+	<target host="lfal.co" />
+	<target host="lfal.in" />
+	<target host="lfay.me" />
+	<target host="lfbz.it" />
+	<target host="lfdnb.uk" />
+	<target host="lfe.news" />
+	<target host="lffl.me" />
+	<target host="lfhk.nl" />
+	<target host="lfhk.ru" />
+	<target host="lfive.uk" />
+	<target host="lfl.media" />
+	<target host="lfne.ws" />
+	<target host="lforero.co" />
+	<target host="lfr.news" />
+	<target host="lfrace.team" />
+	<target host="lfrr.es" />
+	<target host="lfsz.vc" />
+	<target host="lft.life" />
+	<target host="lft.to" />
+	<target host="lftb.ru" />
+	<target host="lftd.net" />
+	<target host="lftgr.co" />
+	<target host="lftm.eu" />
+	<target host="lfto.tk" />
+	<target host="lftr.mp" />
+	<target host="lfurls.com" />
+	<target host="lg.ht" />
+	<target host="lgacy.me" />
+	<target host="lgad.co" />
+	<target host="lgc.click" />
+	<target host="lgct.nl" />
+	<target host="lgcy1.xyz" />
+	<target host="lge.cl" />
+	<target host="lgf.bz" />
+	<target host="lghgrdn.com" />
+	<target host="lght.fm" />
+	<target host="lghts.tk" />
+	<target host="lglifes.gd" />
+	<target host="lglintl.net" />
+	<target host="lgno.me" />
+	<target host="lgnv.co" />
+	<target host="lgpc.me" />
+	<target host="lgrd.co" />
+	<target host="lgrd.nl" />
+	<target host="lgti.me" />
+	<target host="lgtr.es" />
+	<target host="lgwk.us" />
+	<target host="lh-one.com" />
+	<target host="lh.church" />
+	<target host="lhc.church" />
+	<target host="lhcbl.tk" />
+	<target host="lheld.de" />
+	<target host="lhero.es" />
+	<target host="lhj.re" />
+	<target host="lhmem.ch" />
+	<target host="lhomes.org.uk" />
+	<target host="lht.io" />
+	<target host="li-nk.goip.de" />
+	<target host="li.4ngs.com" />
+	<target host="li.die-coder.de" />
+	<target host="li.getspini.com" />
+	<target host="li.incridea.com" />
+	<target host="li.kh-mail.com" />
+	<target host="li.kmchr.de" />
+	<target host="li.lamantia.biz" />
+	<target host="li.loschev.com" />
+	<target host="li.nkg.pt" />
+	<target host="li.plaf.agency" />
+	<target host="li.solw.at" />
+	<target host="li.vin" />
+	<target host="li.wly.ch" />
+	<target host="li.xomad.com" />
+	<target host="lia.io" />
+	<target host="liagriffith.me" />
+	<target host="liam.works" />
+	<target host="lib.al" />
+	<target host="lib.tax" />
+	<target host="libby.bz" />
+	<target host="libca.st" />
+	<target host="libdig.co" />
+	<target host="liberators.org" />
+	<target host="libgam.es" />
+	<target host="libra.to" />
+	<target host="libraries.nu" />
+	<target host="libt.info" />
+	<target host="lici.la" />
+	<target host="lidc.dance" />
+	<target host="liebel.io" />
+	<target host="liederba.ch" />
+	<target host="liemph.us" />
+	<target host="lien.csf.bc.ca" />
+	<target host="lien.druffin.fr" />
+	<target host="lien.pichon.xyz" />
+	<target host="liew.co" />
+	<target host="lif.cx" />
+	<target host="lif.sh" />
+	<target host="lif.to" />
+	<target host="life.gt" />
+	<target host="lifeb.co" />
+	<target host="lifebeam.vi" />
+	<target host="lifedai.ly" />
+	<target host="lifeforb.es" />
+	<target host="lifelu.me" />
+	<target host="lifemapp.it" />
+	<target host="lifenam.es" />
+	<target host="lifenogg.in" />
+	<target host="lifepnt.com" />
+	<target host="lifept.cc" />
+	<target host="lifesafer.co" />
+	<target host="lifesafer.me" />
+	<target host="lifesty.ms" />
+	<target host="lifewith.dog" />
+	<target host="light.as" />
+	<target host="light.fm" />
+	<target host="lightwork.biz" />
+	<target host="ligm.in" />
+	<target host="ligman.me" />
+	<target host="lihat.ga" />
+	<target host="liicr.nl" />
+	<target host="like.lvlirko.de" />
+	<target host="like.yst.so" />
+	<target host="likem.ag" />
+	<target host="likeneon.love" />
+	<target host="likes.kr" />
+	<target host="likeskirts.us" />
+	<target host="likett.cf" />
+	<target host="liketv.ml" />
+	<target host="lil.fm" />
+	<target host="lil.self.is" />
+	<target host="lilacrn.us" />
+	<target host="liladel.re" />
+	<target host="lilfox.co" />
+	<target host="lilk.me" />
+	<target host="lillab.lu" />
+	<target host="lilnz.tk" />
+	<target host="lilumbrel.la" />
+	<target host="lilybea.ch" />
+	<target host="lilyskit.ch" />
+	<target host="lim.nu" />
+	<target host="limeroad.me" />
+	<target host="limw.co" />
+	<target host="lin.khedara.com" />
+	<target host="lin.kit.se" />
+	<target host="lin.mn" />
+	<target host="linak.as" />
+	<target host="linak.us" />
+	<target host="linaw.me" />
+	<target host="lindas.space" />
+	<target host="linds.at" />
+	<target host="lindzon.me" />
+	<target host="line4kuhd.ml" />
+	<target host="linehea.lt" />
+	<target host="linen.solutions" />
+	<target host="linenfinder.co" />
+	<target host="linext.co" />
+	<target host="linglink.de" />
+	<target host="liniseh.at" />
+	<target host="link.101xp.com" />
+	<target host="link.21in1.com" />
+	<target host="link.2net.co.il" />
+	<target host="link.3xw.ch" />
+	<target host="link.4xd.co.kr" />
+	<target host="link.6ja.net" />
+	<target host="link.a2merch.ca" />
+	<target host="link.abrons.com" />
+	<target host="link.adamjt.net" />
+	<target host="link.adi-1.com" />
+	<target host="link.adito.no" />
+	<target host="link.admium.nl" />
+	<target host="link.adva.io" />
+	<target host="link.aebike.com" />
+	<target host="link.aeryn.me" />
+	<target host="link.aev.su" />
+	<target host="link.afgvg.com" />
+	<target host="link.afnfy.co" />
+	<target host="link.agh3.us" />
+	<target host="link.agnms.de" />
+	<target host="link.agtc.io" />
+	<target host="link.aiesec.cz" />
+	<target host="link.aiesec.sk" />
+	<target host="link.akwady.com" />
+	<target host="link.aluma.life" />
+	<target host="link.anime.pt" />
+	<target host="link.anonima.ru" />
+	<target host="link.apacta.com" />
+	<target host="link.aqfd.ch" />
+	<target host="link.aqweeb.com" />
+	<target host="link.arroyo.me" />
+	<target host="link.artii.cn" />
+	<target host="link.arvas.se" />
+	<target host="link.atsamp.de" />
+	<target host="link.aukum.com" />
+	<target host="link.aveeo.de" />
+	<target host="link.avora.io" />
+	<target host="link.aws-muc.de" />
+	<target host="link.azcona.nl" />
+	<target host="link.azuki.io" />
+	<target host="link.baker.io" />
+	<target host="link.balao.cz" />
+	<target host="link.barryko.tw" />
+	<target host="link.barto.li" />
+	<target host="link.batho.ga" />
+	<target host="link.bawiec.com" />
+	<target host="link.beckers.lu" />
+	<target host="link.belblog.eu" />
+	<target host="link.bencao.it" />
+	<target host="link.bleep.com" />
+	<target host="link.bobg.tv" />
+	<target host="link.boca.pro" />
+	<target host="link.cac.sc" />
+	<target host="link.cajs.co.uk" />
+	<target host="link.carvers.co" />
+	<target host="link.cashat.pro" />
+	<target host="link.catsec.com" />
+	<target host="link.cbh.io" />
+	<target host="link.ccso.us" />
+	<target host="link.cdrun.co" />
+	<target host="link.cgiu.org" />
+	<target host="link.chetbc.ca" />
+	<target host="link.chew.pw" />
+	<target host="link.clever.nu" />
+	<target host="link.clvr.nu" />
+	<target host="link.cmu24.com" />
+	<target host="link.cn1926.it" />
+	<target host="link.cnymm.com" />
+	<target host="link.coedl.net" />
+	<target host="link.corro.io" />
+	<target host="link.coziie.com" />
+	<target host="link.crafty.im" />
+	<target host="link.crdgtl.com" />
+	<target host="link.crogo.com" />
+	<target host="link.dapda.com" />
+	<target host="link.dapper.cat" />
+	<target host="link.dealq.co" />
+	<target host="link.df1015.com" />
+	<target host="link.djegl.in" />
+	<target host="link.dkta.co" />
+	<target host="link.druel.com" />
+	<target host="link.dtmln.com" />
+	<target host="link.dtws.pl" />
+	<target host="link.dvj.me.uk" />
+	<target host="link.e-f.co" />
+	<target host="link.e-ola.net" />
+	<target host="link.ec2.com.br" />
+	<target host="link.egton.net" />
+	<target host="link.ehuna.org" />
+	<target host="link.ej.vc" />
+	<target host="link.epel.us" />
+	<target host="link.eqtg.biz" />
+	<target host="link.exch.ninja" />
+	<target host="link.f1.org.uk" />
+	<target host="link.fajer.tv" />
+	<target host="link.fauche.net" />
+	<target host="link.feutfsm.cl" />
+	<target host="link.ffili.st" />
+	<target host="link.fkfsv.dk" />
+	<target host="link.flape.net" />
+	<target host="link.flimbu.com" />
+	<target host="link.flopper.dk" />
+	<target host="link.footish.se" />
+	<target host="link.fox4kc.com" />
+	<target host="link.fox8.com" />
+	<target host="link.frame.is" />
+	<target host="link.fraser.vg" />
+	<target host="link.from.pw" />
+	<target host="link.fun-fm.de" />
+	<target host="link.garbas.si" />
+	<target host="link.genui.co" />
+	<target host="link.gerzer.net" />
+	<target host="link.getraf.com" />
+	<target host="link.gho.nl" />
+	<target host="link.ghuge.com" />
+	<target host="link.giro555.nl" />
+	<target host="link.glamis.it" />
+	<target host="link.gmo.gl" />
+	<target host="link.gregg.io" />
+	<target host="link.griko.id" />
+	<target host="link.gurman.mk" />
+	<target host="link.gyt.hu" />
+	<target host="link.hagu.re" />
+	<target host="link.henley.co" />
+	<target host="link.hgf.org" />
+	<target host="link.hipo.kz" />
+	<target host="link.hvsc.vn" />
+	<target host="link.ibfd.org" />
+	<target host="link.icbr.org" />
+	<target host="link.icon.me" />
+	<target host="link.icsos.us" />
+	<target host="link.ihouse.pl" />
+	<target host="link.imagiu.com" />
+	<target host="link.imikey.nl" />
+	<target host="link.infozde.cz" />
+	<target host="link.infusi.co" />
+	<target host="link.init.media" />
+	<target host="link.is.good.af" />
+	<target host="link.isher.club" />
+	<target host="link.ist" />
+	<target host="link.itrio.ch" />
+	<target host="link.izedin.ch" />
+	<target host="link.janole.com" />
+	<target host="link.jbrains.ca" />
+	<target host="link.jiryo.com" />
+	<target host="link.jkorty.com" />
+	<target host="link.jordn.co" />
+	<target host="link.jrnsg.de" />
+	<target host="link.jtfans.com" />
+	<target host="link.jumoo.uk" />
+	<target host="link.junlem.com" />
+	<target host="link.jwilde.me" />
+	<target host="link.kai13.com" />
+	<target host="link.kaze.cl" />
+	<target host="link.kc.co.uk" />
+	<target host="link.kdvr.com" />
+	<target host="link.key.sa" />
+	<target host="link.kfor.com" />
+	<target host="link.kfsm.com" />
+	<target host="link.khevin.com" />
+	<target host="link.kidpub.com" />
+	<target host="link.kinglau.co" />
+	<target host="link.kiran.be" />
+	<target host="link.kls.org" />
+	<target host="link.kolpkir.ru" />
+	<target host="link.kovv.co" />
+	<target host="link.kplr11.com" />
+	<target host="link.krol.pro" />
+	<target host="link.kso.com.br" />
+	<target host="link.ksqgrp.com" />
+	<target host="link.kwgn.com" />
+	<target host="link.l3vi.de" />
+	<target host="link.lia.org" />
+	<target host="link.lineup.vn" />
+	<target host="link.lobo.gg" />
+	<target host="link.ls.net.ar" />
+	<target host="link.marco-w.eu" />
+	<target host="link.marx.io" />
+	<target host="link.mattfox.ca" />
+	<target host="link.matty.pw" />
+	<target host="link.mdv.com" />
+	<target host="link.melb.us" />
+	<target host="link.mgalfa.com" />
+	<target host="link.mguvla.net" />
+	<target host="link.mhex.dk" />
+	<target host="link.mlgill.co" />
+	<target host="link.mos.rocks" />
+	<target host="link.mot.am" />
+	<target host="link.mrcs.fr" />
+	<target host="link.mrjava.pw" />
+	<target host="link.mrl3x.tv" />
+	<target host="link.mtucru.com" />
+	<target host="link.mun.sc" />
+	<target host="link.mvaria.com" />
+	<target host="link.mxdn.eu" />
+	<target host="link.myfox8.com" />
+	<target host="link.myiasp.com" />
+	<target host="link.mylesm.uk" />
+	<target host="link.najd.im" />
+	<target host="link.namidi.com" />
+	<target host="link.nawbi.com" />
+	<target host="link.nelly.com" />
+	<target host="link.netris.co" />
+	<target host="link.neural.one" />
+	<target host="link.ngengs.com" />
+	<target host="link.ngin.com" />
+	<target host="link.nhw.se" />
+	<target host="link.ni-ko.com" />
+	<target host="link.nomoss.co" />
+	<target host="link.nt33.fr" />
+	<target host="link.o79.lv" />
+	<target host="link.ocp.onl" />
+	<target host="link.odesign.se" />
+	<target host="link.oevae.com" />
+	<target host="link.ogrp.de" />
+	<target host="link.ohnate.com" />
+	<target host="link.omd.com.br" />
+	<target host="link.optric.biz" />
+	<target host="link.orion.gg" />
+	<target host="link.ota.moe" />
+	<target host="link.ou.edu" />
+	<target host="link.oui.fi" />
+	<target host="link.padlad.com" />
+	<target host="link.paris" />
+	<target host="link.pb.io" />
+	<target host="link.petmart.vn" />
+	<target host="link.phillip.pe" />
+	<target host="link.piersj.com" />
+	<target host="link.pilera.com" />
+	<target host="link.pillsy.com" />
+	<target host="link.plair.ml" />
+	<target host="link.playboy.tv" />
+	<target host="link.pmorg.uk" />
+	<target host="link.poncki.pl" />
+	<target host="link.primum.es" />
+	<target host="link.pro-d.com" />
+	<target host="link.projpi.org" />
+	<target host="link.ptnw.com" />
+	<target host="link.publit.com" />
+	<target host="link.python.ph" />
+	<target host="link.qcraft.pw" />
+	<target host="link.qmk.com.au" />
+	<target host="link.qw4rtz.fr" />
+	<target host="link.raney.co" />
+	<target host="link.rapacz.us" />
+	<target host="link.ratex.com" />
+	<target host="link.ravs.xyz" />
+	<target host="link.ravtv.de" />
+	<target host="link.rawnull.ga" />
+	<target host="link.rbpam.de" />
+	<target host="link.renga3.com" />
+	<target host="link.reqwel.me" />
+	<target host="link.revi.xyz" />
+	<target host="link.rhinov.fr" />
+	<target host="link.rm.dk" />
+	<target host="link.rockg.ca" />
+	<target host="link.roetech.co" />
+	<target host="link.rozak.net" />
+	<target host="link.rtbf.be" />
+	<target host="link.rtp.vc" />
+	<target host="link.ryberg.org" />
+	<target host="link.sabio.tv" />
+	<target host="link.sausse.com" />
+	<target host="link.sbamin.com" />
+	<target host="link.sdlug.com" />
+	<target host="link.sdrlnd.me" />
+	<target host="link.sec302.com" />
+	<target host="link.sep.org.gr" />
+	<target host="link.shox.site" />
+	<target host="link.skg.com.np" />
+	<target host="link.skola.live" />
+	<target host="link.sofun.tw" />
+	<target host="link.solvo.nl" />
+	<target host="link.soosin.com" />
+	<target host="link.soph.space" />
+	<target host="link.sorinet.ir" />
+	<target host="link.sp.chat" />
+	<target host="link.spedu.org" />
+	<target host="link.sprig.gs" />
+	<target host="link.srce.hr" />
+	<target host="link.srfl.org" />
+	<target host="link.srigane.sh" />
+	<target host="link.sscwa.com" />
+	<target host="link.ssg.bg" />
+	<target host="link.stefanm.me" />
+	<target host="link.stjerne.nu" />
+	<target host="link.stjoan.net" />
+	<target host="link.stmath.com" />
+	<target host="link.suppa.me" />
+	<target host="link.sva.edu" />
+	<target host="link.svrooij.nl" />
+	<target host="link.tamago.co" />
+	<target host="link.taufiq.me" />
+	<target host="link.tckt.vn" />
+	<target host="link.telsco.net" />
+	<target host="link.thomas.do" />
+	<target host="link.tibz.blog" />
+	<target host="link.tidybag.uk" />
+	<target host="link.to.it" />
+	<target host="link.tomte.net" />
+	<target host="link.trever.co" />
+	<target host="link.trovata.nl" />
+	<target host="link.ttulip.com" />
+	<target host="link.tuango.ca" />
+	<target host="link.tubeday.de" />
+	<target host="link.tv2.dk" />
+	<target host="link.tv4.se" />
+	<target host="link.tve.org" />
+	<target host="link.ubnt.com" />
+	<target host="link.udd.cl" />
+	<target host="link.uepath.com" />
+	<target host="link.uind.es" />
+	<target host="link.useed.org" />
+	<target host="link.ushmid.com" />
+	<target host="link.vendelo.ml" />
+	<target host="link.vlimse.com" />
+	<target host="link.vlint.nu" />
+	<target host="link.vsirius.ru" />
+	<target host="link.w0sabi.net" />
+	<target host="link.wahlix.nu" />
+	<target host="link.wasp.io" />
+	<target host="link.web123.com" />
+	<target host="link.well.ca" />
+	<target host="link.weluc.com" />
+	<target host="link.whnt.com" />
+	<target host="link.whotv.com" />
+	<target host="link.wiklab.nl" />
+	<target host="link.wilson.uy" />
+	<target host="link.wine" />
+	<target host="link.wipont.com" />
+	<target host="link.wnep.com" />
+	<target host="link.wqad.com" />
+	<target host="link.wreg.com" />
+	<target host="link.wtch.mn" />
+	<target host="link.wtkr.com" />
+	<target host="link.wtvr.com" />
+	<target host="link.wx.ag" />
+	<target host="link.x-lab.net" />
+	<target host="link.xaquin.es" />
+	<target host="link.xnet.tk" />
+	<target host="link.yejik.ru" />
+	<target host="link.yg.gs" />
+	<target host="link.your.md" />
+	<target host="link.yuaoki.com" />
+	<target host="link.zavrel.net" />
+	<target host="link.zetz.in" />
+	<target host="link.zhakov.lv" />
+	<target host="link2.website" />
+	<target host="link21.ml" />
+	<target host="link4u.online" />
+	<target host="linkbiz.co" />
+	<target host="linkd.in" />
+	<target host="linkdownload.ml" />
+	<target host="linking.edv.sh" />
+	<target host="linkit.pspr.fi" />
+	<target host="linkon.in" />
+	<target host="linkpl.us" />
+	<target host="links.9nines.io" />
+	<target host="links.aasinc.ca" />
+	<target host="links.andyb.org" />
+	<target host="links.bmx.team" />
+	<target host="links.bnb.gr" />
+	<target host="links.bnorm.com" />
+	<target host="links.buildo.io" />
+	<target host="links.datata.mx" />
+	<target host="links.dog" />
+	<target host="links.emek.org" />
+	<target host="links.eskada.tk" />
+	<target host="links.f5.com" />
+	<target host="links.fahsi.org" />
+	<target host="links.fca.org" />
+	<target host="links.filipe.co" />
+	<target host="links.gltec.net" />
+	<target host="links.gon.to" />
+	<target host="links.gp" />
+	<target host="links.hadley.nz" />
+	<target host="links.iaswc.org" />
+	<target host="links.jai.im" />
+	<target host="links.karlog.in" />
+	<target host="links.kls.org" />
+	<target host="links.limbo.bg" />
+	<target host="links.mead.io" />
+	<target host="links.mendez.ch" />
+	<target host="links.mosen.es" />
+	<target host="links.myloc.me" />
+	<target host="links.native.ad" />
+	<target host="links.ncqrs.org" />
+	<target host="links.nduf.org" />
+	<target host="links.neoid.es" />
+	<target host="links.nizel.co" />
+	<target host="links.nossa.pt" />
+	<target host="links.popxo.com" />
+	<target host="links.rashty.me" />
+	<target host="links.romeni.eu" />
+	<target host="links.rph.cx" />
+	<target host="links.tomgl.com" />
+	<target host="links.viu.vc" />
+	<target host="links.yshome.me" />
+	<target host="links2.shop" />
+	<target host="linksins.co" />
+	<target host="linkto.pro" />
+	<target host="linkto.review" />
+	<target host="linktowatch.gq" />
+	<target host="linkus.ml" />
+	<target host="linkz.click" />
+	<target host="linn.works" />
+	<target host="linq2.us" />
+	<target host="lintel.us" />
+	<target host="linx.wizdom.ca" />
+	<target host="lion8.us" />
+	<target host="lionelba.com" />
+	<target host="lionesse.co" />
+	<target host="lipi.love" />
+	<target host="lippinco.tt" />
+	<target host="liqr.co" />
+	<target host="liquidink.ca" />
+	<target host="lisao.co" />
+	<target host="listen.altfi.fm" />
+	<target host="listn2.it" />
+	<target host="litenog.net" />
+	<target host="litfl.net" />
+	<target host="litfl.org" />
+	<target host="lith.io" />
+	<target host="lith.tc" />
+	<target host="litl.br3n.net" />
+	<target host="litlmagpi.co" />
+	<target host="litographs.co" />
+	<target host="litoralver.de" />
+	<target host="litrs.ee" />
+	<target host="litsupp.guru" />
+	<target host="little.kitchen" />
+	<target host="liv.fm" />
+	<target host="livbst.in" />
+	<target host="live-awards.ml" />
+	<target host="live-chats.ml" />
+	<target host="live-full.ml" />
+	<target host="live-hd.ml" />
+	<target host="live-now.ga" />
+	<target host="live-series.ml" />
+	<target host="live-show.ml" />
+	<target host="live-stream.ml" />
+	<target host="live-us.ml" />
+	<target host="live-usatv.cf" />
+	<target host="live-youtube.ml" />
+	<target host="live.slynet.tv" />
+	<target host="live19.ml" />
+	<target host="live4k.ml" />
+	<target host="liveaward.tk" />
+	<target host="livechat.ae" />
+	<target host="livedis.co" />
+	<target host="liveepisode.ml" />
+	<target host="livefwd.nl" />
+	<target host="livehd.gq" />
+	<target host="livehdsport.ml" />
+	<target host="livemu.sc" />
+	<target host="liveoscars.ml" />
+	<target host="livephi.sh" />
+	<target host="liverad.co" />
+	<target host="livery.st" />
+	<target host="lives3x.tk" />
+	<target host="liveseries.cf" />
+	<target host="liveseries.ml" />
+	<target host="livestream.ga" />
+	<target host="livetoeat.ca" />
+	<target host="livetou.rs" />
+	<target host="livetv-hd.ml" />
+	<target host="livewelln.co" />
+	<target host="livi.link" />
+	<target host="livingdayton.tv" />
+	<target host="livinginc.li" />
+	<target host="livingsoci.al" />
+	<target host="livlinks.me" />
+	<target host="livmob.nl" />
+	<target host="livr.pl" />
+	<target host="livreiro.us" />
+	<target host="livstream.ga" />
+	<target host="livwild.co" />
+	<target host="lizaona.ir" />
+	<target host="lizb.it" />
+	<target host="lizdp.ca" />
+	<target host="lizs.me" />
+	<target host="ljla.uk" />
+	<target host="ljp.es" />
+	<target host="ljs.cc" />
+	<target host="ljw.bz" />
+	<target host="ljx.cc" />
+	<target host="lk.autentia.com" />
+	<target host="lk.cal2.com" />
+	<target host="lk.dingtaxi.com" />
+	<target host="lk.egas.us" />
+	<target host="lk.eurenet.com" />
+	<target host="lk.eurnet.fr" />
+	<target host="lk.godrenews.us" />
+	<target host="lk.hvacne.com" />
+	<target host="lk.iamniz.co.uk" />
+	<target host="lk.kav.fr" />
+	<target host="lk.krvmedia.com" />
+	<target host="lk.mamf.com.br" />
+	<target host="lk.meup.org" />
+	<target host="lk.mmtech.it" />
+	<target host="lk.pap.vn" />
+	<target host="lk.qldlabor.org" />
+	<target host="lk.stuckey.com" />
+	<target host="lk.ubersmith.io" />
+	<target host="lk.vm63.eu" />
+	<target host="lkar.it" />
+	<target host="lkas.us" />
+	<target host="lkcs.co" />
+	<target host="lkcs.es" />
+	<target host="lkcty.in" />
+	<target host="lkdv.it" />
+	<target host="lkfd.us" />
+	<target host="lkfy.co" />
+	<target host="lkg.gl" />
+	<target host="lkl.ink" />
+	<target host="lklawl.es" />
+	<target host="lkle.in" />
+	<target host="lkm.li" />
+	<target host="lkn.jp" />
+	<target host="lkp2p.com" />
+	<target host="lkr.ms" />
+	<target host="lkrefi.com" />
+	<target host="lkshrp.com" />
+	<target host="lkstudent.com" />
+	<target host="lksz.me" />
+	<target host="lkwdc.it" />
+	<target host="lkyspp.sg" />
+	<target host="ll.dyn.cc" />
+	<target host="llant.as" />
+	<target host="llbeats.co" />
+	<target host="llewq.link" />
+	<target host="llfilm.co.uk" />
+	<target host="llgy.co" />
+	<target host="lliquid.us" />
+	<target host="llk.co" />
+	<target host="lloc.in" />
+	<target host="llor.ch" />
+	<target host="llosea.com" />
+	<target host="llr.life" />
+	<target host="llsf.tk" />
+	<target host="lltd.es" />
+	<target host="llyd.me" />
+	<target host="llz.one" />
+	<target host="lm.bona.net.br" />
+	<target host="lm.city" />
+	<target host="lm.pe" />
+	<target host="lm.rtgit.com" />
+	<target host="lm.tl" />
+	<target host="lm615.ga" />
+	<target host="lmalm.it" />
+	<target host="lmaw.co" />
+	<target host="lmbrt.cl" />
+	<target host="lmbrt.in" />
+	<target host="lmd.guru" />
+	<target host="lmd.tf" />
+	<target host="lmden.tl" />
+	<target host="lmes.es" />
+	<target host="lmg.do" />
+	<target host="lmgr.ph" />
+	<target host="lmhc.re" />
+	<target host="lmidai.ly" />
+	<target host="lmlm.me" />
+	<target host="lmly.co" />
+	<target host="lmm.community" />
+	<target host="lmnd.ca" />
+	<target host="lmpgam.es" />
+	<target host="lmro.co" />
+	<target host="lmrsp.co" />
+	<target host="lms.careers" />
+	<target host="lmsa.me" />
+	<target host="lmsint.co" />
+	<target host="lmtlss.com" />
+	<target host="lmwkr.co" />
+	<target host="ln-s.me" />
+	<target host="ln-s.us" />
+	<target host="ln.alian.info" />
+	<target host="ln.alireza.es" />
+	<target host="ln.butztech.com" />
+	<target host="ln.cronofy.com" />
+	<target host="ln.dinart.no" />
+	<target host="ln.dogjoys.com" />
+	<target host="ln.doitwell.tw" />
+	<target host="ln.dotfold.io" />
+	<target host="ln.ebisu.org" />
+	<target host="ln.facer2vm.org" />
+	<target host="ln.hhmr.biz" />
+	<target host="ln.magitech.xyz" />
+	<target host="ln.manuel5cc.es" />
+	<target host="ln.newsoku.blog" />
+	<target host="ln.niekis.lt" />
+	<target host="ln.phlak.net" />
+	<target host="ln.pkts.es" />
+	<target host="ln.ross.my" />
+	<target host="ln.s-pan.jp" />
+	<target host="ln.seanfisk.com" />
+	<target host="ln.wtn.ir" />
+	<target host="lnapo.li" />
+	<target host="lnch.co" />
+	<target host="lncnmo.co" />
+	<target host="lndn.mx" />
+	<target host="lndv.st" />
+	<target host="lng.mn" />
+	<target host="lnge.ms" />
+	<target host="lngr.co" />
+	<target host="lngs.tv" />
+	<target host="lni.io" />
+	<target host="lnitup.co" />
+	<target host="lnk.8thoxf.uk" />
+	<target host="lnk.a-kep.at" />
+	<target host="lnk.adslweb.net" />
+	<target host="lnk.alvine.io" />
+	<target host="lnk.ames.io" />
+	<target host="lnk.basicer.com" />
+	<target host="lnk.becker.pub" />
+	<target host="lnk.bike" />
+	<target host="lnk.biro.net" />
+	<target host="lnk.cdfqs.com" />
+	<target host="lnk.cmti.me" />
+	<target host="lnk.cthue.com" />
+	<target host="lnk.demb.com" />
+	<target host="lnk.dumfing.me" />
+	<target host="lnk.dyo.io" />
+	<target host="lnk.eberapp.com" />
+	<target host="lnk.fais.co" />
+	<target host="lnk.farley.pro" />
+	<target host="lnk.gchrl.org" />
+	<target host="lnk.geekpov.com" />
+	<target host="lnk.ghiassy.com" />
+	<target host="lnk.glwdcs.tv" />
+	<target host="lnk.gntr.org" />
+	<target host="lnk.h10n.me" />
+	<target host="lnk.hornoxe.com" />
+	<target host="lnk.jarrid.io" />
+	<target host="lnk.kippnyc.org" />
+	<target host="lnk.lbbl.it" />
+	<target host="lnk.mantry.com" />
+	<target host="lnk.minkabu.jp" />
+	<target host="lnk.mradder.com" />
+	<target host="lnk.nextit.de" />
+	<target host="lnk.nickmke.com" />
+	<target host="lnk.nicoline.it" />
+	<target host="lnk.osalt.com" />
+	<target host="lnk.pbcnx.com" />
+	<target host="lnk.renteapp.nl" />
+	<target host="lnk.ritc.no" />
+	<target host="lnk.rockshop.nz" />
+	<target host="lnk.rolajos.com" />
+	<target host="lnk.rude.one" />
+	<target host="lnk.schukai.com" />
+	<target host="lnk.sweetweb.fr" />
+	<target host="lnk.tf3hr.net" />
+	<target host="lnk.to3.eu" />
+	<target host="lnk.uktda.com" />
+	<target host="lnk.v2track.com" />
+	<target host="lnk.vanisaac.nl" />
+	<target host="lnk.varadhja.in" />
+	<target host="lnk.virican.net" />
+	<target host="lnk.vollbit.eu" />
+	<target host="lnk.wdadams.com" />
+	<target host="lnk.weav.io" />
+	<target host="lnk.wlc.cc" />
+	<target host="lnk.xcodeit.net" />
+	<target host="lnk.zone84.net" />
+	<target host="lnk2.biz" />
+	<target host="lnkd.pro" />
+	<target host="lnkf.us" />
+	<target host="lnks.era-go.com" />
+	<target host="lnks.li" />
+	<target host="lnks.me" />
+	<target host="lnkto.jp" />
+	<target host="lnky.org" />
+	<target host="lnomad.co" />
+	<target host="lnp.io" />
+	<target host="lns.tl" />
+	<target host="lnss.link" />
+	<target host="lnv.gy" />
+	<target host="lnwd.cc" />
+	<target host="lnwk.io" />
+	<target host="lnx.krawiec.com" />
+	<target host="lnxpod.link" />
+	<target host="lnysa.club" />
+	<target host="lo3.energy" />
+	<target host="load.kerbl.de" />
+	<target host="loadb.us" />
+	<target host="loaded.rocks" />
+	<target host="loak.loak.org" />
+	<target host="loak.org" />
+	<target host="loath.es" />
+	<target host="loavi.es" />
+	<target host="lobby.tools" />
+	<target host="localw.in" />
+	<target host="locass.as" />
+	<target host="lockkey.com" />
+	<target host="locl.es" />
+	<target host="locuspri.me" />
+	<target host="locust-lov.es" />
+	<target host="lod.one" />
+	<target host="lodi.co" />
+	<target host="loebs.clothing" />
+	<target host="loftet.ml" />
+	<target host="log.sc" />
+	<target host="log1k.al" />
+	<target host="logicbox.es" />
+	<target host="logilaye.ml" />
+	<target host="logis.tc" />
+	<target host="logisti.co" />
+	<target host="logo.to" />
+	<target host="logo.works" />
+	<target host="logomog.tk" />
+	<target host="logpres.so" />
+	<target host="lohas-scout.de" />
+	<target host="lohud.us" />
+	<target host="lojasadelia.co" />
+	<target host="loka.fun" />
+	<target host="lol.glen.glass" />
+	<target host="lolaclip.co.vu" />
+	<target host="lolbr.com" />
+	<target host="lolip.in" />
+	<target host="lolmdn.info" />
+	<target host="lolthis.me" />
+	<target host="lomabuena.info" />
+	<target host="londonte.ch" />
+	<target host="lone.im" />
+	<target host="lonerwolf.co" />
+	<target host="longh.co" />
+	<target host="longhi.ml" />
+	<target host="longkai.a.my" />
+	<target host="longre.biz" />
+	<target host="longtail.ml" />
+	<target host="lonkza.ml" />
+	<target host="lonniedos.com" />
+	<target host="lonr.link" />
+	<target host="lons.co" />
+	<target host="look.pm" />
+	<target host="lookat.v-ip.co" />
+	<target host="lookbw.com" />
+	<target host="lookdat.ml" />
+	<target host="lookmom.co" />
+	<target host="looksi.me" />
+	<target host="looove.it" />
+	<target host="loop.tl" />
+	<target host="loops.ec" />
+	<target host="loopte.ch" />
+	<target host="loopu.in" />
+	<target host="loot.cr" />
+	<target host="loot.lt" />
+	<target host="loote.ga" />
+	<target host="lop.me" />
+	<target host="lopo.me" />
+	<target host="lorca.io" />
+	<target host="lord.ly" />
+	<target host="lord.run" />
+	<target host="lordcutel.ml" />
+	<target host="lordmoonhd.ml" />
+	<target host="lordwatch.co" />
+	<target host="loreallink.com" />
+	<target host="lori.gr" />
+	<target host="loric.us" />
+	<target host="loro.is" />
+	<target host="los-l.ink" />
+	<target host="lost-info.ml" />
+	<target host="lota.co" />
+	<target host="lotf.co" />
+	<target host="lotta.click" />
+	<target host="lotte.ac" />
+	<target host="loud.ie" />
+	<target host="loudcave.tk" />
+	<target host="loudmou.se" />
+	<target host="lounge.ly" />
+	<target host="lounj.me" />
+	<target host="love-play.ml" />
+	<target host="love.ishop.yoga" />
+	<target host="love.jamies.nz" />
+	<target host="love4kuhd.ml" />
+	<target host="lovebug.fitness" />
+	<target host="loveeyes.us" />
+	<target host="lovefir.st" />
+	<target host="lovelee.today" />
+	<target host="loveoils.me" />
+	<target host="lovepre.com" />
+	<target host="lovesuje.co" />
+	<target host="lovhelp.com" />
+	<target host="lovies.eu" />
+	<target host="lovinge.eu" />
+	<target host="lovliv.co" />
+	<target host="lovoo.ly" />
+	<target host="lovr.in" />
+	<target host="lovsng.com" />
+	<target host="low.es" />
+	<target host="lowestrat.es" />
+	<target host="lowl.info" />
+	<target host="lowm.es" />
+	<target host="lowpo.st" />
+	<target host="lowtax.es" />
+	<target host="loxp.co" />
+	<target host="loyal.ms" />
+	<target host="loyals.link" />
+	<target host="loyo.la" />
+	<target host="lp.am" />
+	<target host="lp.projet21.eu" />
+	<target host="lpayne.me" />
+	<target host="lpb.io" />
+	<target host="lpcign.it" />
+	<target host="lpcnf.io" />
+	<target host="lpcvan.co" />
+	<target host="lpfb.dk" />
+	<target host="lpgs.cl" />
+	<target host="lpil.es" />
+	<target host="lplink.co" />
+	<target host="lplo.co" />
+	<target host="lpmc.co" />
+	<target host="lpn.so" />
+	<target host="lpnt.fr" />
+	<target host="lpnut.co" />
+	<target host="lpo.uk" />
+	<target host="lpr.st" />
+	<target host="lpro.io" />
+	<target host="lps.loveps.ca" />
+	<target host="lpschool.co" />
+	<target host="lpsn.co" />
+	<target host="lpsouza.com" />
+	<target host="lpth.co" />
+	<target host="lpth.in" />
+	<target host="lptrain.com" />
+	<target host="lptylr.io" />
+	<target host="lpumu.se" />
+	<target host="lqdcptl.co" />
+	<target host="lqwb.us" />
+	<target host="lr.ai" />
+	<target host="lrbs.ch" />
+	<target host="lrf.fund" />
+	<target host="lrgup.co" />
+	<target host="lri.link" />
+	<target host="lri.sh" />
+	<target host="lrj.me" />
+	<target host="lrmission.org" />
+	<target host="lrn.co" />
+	<target host="lrn.io" />
+	<target host="lrnd.sh" />
+	<target host="lrng.co" />
+	<target host="lrnit.lv" />
+	<target host="lrnja.net" />
+	<target host="lrnskls.org" />
+	<target host="lrt.io" />
+	<target host="lrtrjns.co" />
+	<target host="lrwc.co" />
+	<target host="ls.ayucs.net" />
+	<target host="ls.cloudguy.pro" />
+	<target host="ls.di-bora.at" />
+	<target host="ls.howderek.com" />
+	<target host="ls.ly" />
+	<target host="ls.townmc.net" />
+	<target host="lsantos.store" />
+	<target host="lsats.co" />
+	<target host="lsbf.co" />
+	<target host="lsdfe.net" />
+	<target host="lsdl.es" />
+	<target host="lsfhs.com" />
+	<target host="lshi.ru" />
+	<target host="lsi.science" />
+	<target host="lsir.us" />
+	<target host="lslv.es" />
+	<target host="lsmc.co" />
+	<target host="lsnws.co.uk" />
+	<target host="lspaz.com" />
+	<target host="lsphq.co" />
+	<target host="lsplinks.net" />
+	<target host="lspro.co" />
+	<target host="lsq.st" />
+	<target host="lsrc.us" />
+	<target host="lss.today" />
+	<target host="lssalud.es" />
+	<target host="lstbrl.in" />
+	<target host="lstcl.cf" />
+	<target host="lstn.at" />
+	<target host="lstrs.com" />
+	<target host="lsul.su" />
+	<target host="lsvgs.us" />
+	<target host="lsy.st" />
+	<target host="lsym.es" />
+	<target host="lt10.co" />
+	<target host="lt2.com.au" />
+	<target host="lt4l.co.uk" />
+	<target host="ltaa.be" />
+	<target host="ltate.co" />
+	<target host="ltbh.me" />
+	<target host="ltgo.co" />
+	<target host="lth.to" />
+	<target host="ltic.me" />
+	<target host="ltl.one" />
+	<target host="ltmsu.com" />
+	<target host="ltnt.tv" />
+	<target host="ltpr.es" />
+	<target host="ltrdmrk.xyz" />
+	<target host="ltsbtrf.ly" />
+	<target host="ltsdo.it" />
+	<target host="ltsglb.ml" />
+	<target host="ltsusa.us" />
+	<target host="lttforex.com" />
+	<target host="lttl.lc" />
+	<target host="lttlmg.ht" />
+	<target host="ltu.al" />
+	<target host="ltz.co" />
+	<target host="luand.re" />
+	<target host="lubricity.cc" />
+	<target host="luccks.co" />
+	<target host="lucky2be1st.com" />
+	<target host="luckybruins.com" />
+	<target host="luckyones.ml" />
+	<target host="luckyph.one" />
+	<target host="luckytime.link" />
+	<target host="luckyv.it" />
+	<target host="lucoza.de" />
+	<target host="ludia.gg" />
+	<target host="lug.ovh" />
+	<target host="luis.to" />
+	<target host="luisrs.co" />
+	<target host="luissilva.co" />
+	<target host="lukavdesigns.tk" />
+	<target host="luke.guru" />
+	<target host="lukeri.ch" />
+	<target host="lukesn.me" />
+	<target host="lulufox.co" />
+	<target host="lulusratim.com" />
+	<target host="luly.ml" />
+	<target host="lumafor.ge" />
+	<target host="lumberline.la" />
+	<target host="luminoso.co" />
+	<target host="lunametrics.co" />
+	<target host="lunariot.art" />
+	<target host="lunarway.co" />
+	<target host="lunc.hr" />
+	<target host="lund-ind.com" />
+	<target host="lup.ie" />
+	<target host="lup.us" />
+	<target host="lup.vc" />
+	<target host="lus.hm" />
+	<target host="lush.la" />
+	<target host="lushbits.com" />
+	<target host="lusq.me" />
+	<target host="luthfi.xyz" />
+	<target host="lutom.tk" />
+	<target host="lutt.me" />
+	<target host="luv.ba" />
+	<target host="luv.wtf" />
+	<target host="luvbl.fr" />
+	<target host="luvit.me" />
+	<target host="luvlu.co" />
+	<target host="luvvie.me" />
+	<target host="luw4kl3ng.ga" />
+	<target host="lux.ht" />
+	<target host="lux.ms" />
+	<target host="luxe.ly" />
+	<target host="luxerad.io" />
+	<target host="luxetvl.com" />
+	<target host="luxhotel.site" />
+	<target host="luxio.us" />
+	<target host="luxr.us" />
+	<target host="luxsaf.club" />
+	<target host="luxtk.com" />
+	<target host="luxurylink.co" />
+	<target host="luxv.link" />
+	<target host="lv.3arbkoora.cf" />
+	<target host="lv.lostkat.com" />
+	<target host="lvb.link" />
+	<target host="lvb.me" />
+	<target host="lvdbit.tk" />
+	<target host="lvdt.mx" />
+	<target host="lvdv.co" />
+	<target host="lven.co" />
+	<target host="lvfm.biz" />
+	<target host="lvftt.co" />
+	<target host="lvgmktg.com" />
+	<target host="lvgul.ly" />
+	<target host="lvi.re" />
+	<target host="lviskovic.tk" />
+	<target host="lvj.jp" />
+	<target host="lvjus.tc" />
+	<target host="lvl.li" />
+	<target host="lvl9.gq" />
+	<target host="lvlndnws.com" />
+	<target host="lvlr.cz" />
+	<target host="lvlre.co" />
+	<target host="lvlt.co" />
+	<target host="lvmwd.info" />
+	<target host="lvmyd.rs" />
+	<target host="lvna.co" />
+	<target host="lvnb.co" />
+	<target host="lvng.me" />
+	<target host="lvngbnfts.com" />
+	<target host="lvnsl.co" />
+	<target host="lvor.co" />
+	<target host="lvox.co" />
+	<target host="lvrtn.ai" />
+	<target host="lvstm.co" />
+	<target host="lvstr.ng" />
+	<target host="lvstrng.com" />
+	<target host="lvt.hn" />
+	<target host="lvtr.co" />
+	<target host="lvwat.ch" />
+	<target host="lwb.xyz" />
+	<target host="lwdu.info" />
+	<target host="lwf.re" />
+	<target host="lwff.tk" />
+	<target host="lwise.us" />
+	<target host="lwj.pwm.cc" />
+	<target host="lwm.me" />
+	<target host="lwocd.me" />
+	<target host="lwrjrsy.xyz" />
+	<target host="lwrys.co" />
+	<target host="lws.co" />
+	<target host="lwtxcity.org" />
+	<target host="lwy.io" />
+	<target host="lx.nowmovin.com" />
+	<target host="lxixl.cf" />
+	<target host="lxld.us" />
+	<target host="lxm.cc" />
+	<target host="lxui.de" />
+	<target host="lxvc.co" />
+	<target host="ly.4kdesigns.de" />
+	<target host="ly.aweleczka.de" />
+	<target host="ly.cpau.org" />
+	<target host="ly.dgfish.org" />
+	<target host="ly.hrck.se" />
+	<target host="ly.lefant.net" />
+	<target host="ly.onlyurs.com" />
+	<target host="ly.s-b.ch" />
+	<target host="ly.sidath.info" />
+	<target host="ly.spitfire.io" />
+	<target host="ly2.us" />
+	<target host="lye.life" />
+	<target host="lyft.it" />
+	<target host="lyk.ee" />
+	<target host="lykk.es" />
+	<target host="lymecomms.co.uk" />
+	<target host="lynk.apload.ch" />
+	<target host="lynn.so" />
+	<target host="lynton.ws" />
+	<target host="lynxdef.co" />
+	<target host="lyr-ics.in" />
+	<target host="lyrb.lk" />
+	<target host="lyri.cl" />
+	<target host="lyrk.co" />
+	<target host="lyssanews.com" />
+	<target host="lyv.io" />
+	<target host="lyv.rs" />
+	<target host="lzd.co" />
+	<target host="lzno.tk" />
+	<target host="lznr.ru" />
+	<target host="lzrs.eu" />
+	<target host="lzrwlkr.me" />
+	<target host="lzurl.com" />
+	<target host="lzyad.co" />
+	<target host="lzyg.st" />
+	<target host="m-cpn.com" />
+	<target host="m-gat.es" />
+	<target host="m-ic.in" />
+	<target host="m-jon.es" />
+	<target host="m-l-t.ml" />
+	<target host="m-p.la" />
+	<target host="m-prv.com" />
+	<target host="m-pw.in" />
+	<target host="m-s.co" />
+	<target host="m-wa.re" />
+	<target host="m-x.io" />
+	<target host="m-zone.ml" />
+	<target host="m.12thave.org" />
+	<target host="m.69006.com" />
+	<target host="m.7ms.us" />
+	<target host="m.ahat.cat" />
+	<target host="m.alexman.me" />
+	<target host="m.anda.li" />
+	<target host="m.anhe.im" />
+	<target host="m.arqtgn.cat" />
+	<target host="m.atoz2u.com" />
+	<target host="m.auro.io" />
+	<target host="m.basco.io" />
+	<target host="m.baselo.com" />
+	<target host="m.bcstudios.ca" />
+	<target host="m.beeq.co" />
+	<target host="m.benn.com.au" />
+	<target host="m.bitly.is" />
+	<target host="m.buydot.co.uk" />
+	<target host="m.bvcg.cf" />
+	<target host="m.ceslava.com" />
+	<target host="m.chrisross.cc" />
+	<target host="m.cima.fun" />
+	<target host="m.clappmail.net" />
+	<target host="m.cofo.de" />
+	<target host="m.corec.jp" />
+	<target host="m.crazynina.tv" />
+	<target host="m.credit24.lv" />
+	<target host="m.creditea.mx" />
+	<target host="m.csl85.com" />
+	<target host="m.d18.co" />
+	<target host="m.danielgood.co" />
+	<target host="m.dealveel.com" />
+	<target host="m.eaipop.com.br" />
+	<target host="m.enskyshop.com" />
+	<target host="m.eqls.co" />
+	<target host="m.estela.solar" />
+	<target host="m.exct.ly" />
+	<target host="m.filungo.com" />
+	<target host="m.flox.co.za" />
+	<target host="m.ftc.co" />
+	<target host="m.fuhr.me" />
+	<target host="m.gafec.com" />
+	<target host="m.getslice.com" />
+	<target host="m.grossmag.com" />
+	<target host="m.guimot.com" />
+	<target host="m.gumroad.com" />
+	<target host="m.h2cloud.eu" />
+	<target host="m.hankomori.biz" />
+	<target host="m.hasansyed.com" />
+	<target host="m.hawaii-h.com" />
+	<target host="m.hilliker.org" />
+	<target host="m.hosanna.tv" />
+	<target host="m.hr.ma" />
+	<target host="m.ica.in" />
+	<target host="m.icrubano.it" />
+	<target host="m.ilcatta86.com" />
+	<target host="m.indablabla.nl" />
+	<target host="m.inic.in" />
+	<target host="m.iwey.mx" />
+	<target host="m.jmphotos.ca" />
+	<target host="m.jui.cc" />
+	<target host="m.kalwedo.com" />
+	<target host="m.kamshe.com" />
+	<target host="m.kasta.ua" />
+	<target host="m.kshb.com" />
+	<target host="m.kyle.gs" />
+	<target host="m.lanthi.com" />
+	<target host="m.lyft.link" />
+	<target host="m.magajin.jp" />
+	<target host="m.makanainc.com" />
+	<target host="m.marinacc.io" />
+	<target host="m.matthewli.com" />
+	<target host="m.maximall.id" />
+	<target host="m.maynards.com" />
+	<target host="m.mcys.co" />
+	<target host="m.melamorsi.com" />
+	<target host="m.metta.me" />
+	<target host="m.mobiloud.com" />
+	<target host="m.motocaddy.com" />
+	<target host="m.movidb.co.uk" />
+	<target host="m.mpbk.us" />
+	<target host="m.mygaa.club" />
+	<target host="m.ntd.tv" />
+	<target host="m.obile.info" />
+	<target host="m.pecka.name" />
+	<target host="m.phiong.com" />
+	<target host="m.pitch.pe" />
+	<target host="m.pj.pizza" />
+	<target host="m.plan9.uk" />
+	<target host="m.plangrade.com" />
+	<target host="m.plotcasts.com" />
+	<target host="m.quel.jp" />
+	<target host="m.rbiz.im" />
+	<target host="m.rdh.com" />
+	<target host="m.rule.io" />
+	<target host="m.scheper.ca" />
+	<target host="m.sesame.org" />
+	<target host="m.sh.mi.it" />
+	<target host="m.shoup.me" />
+	<target host="m.sie.gs" />
+	<target host="m.smhealth.net" />
+	<target host="m.squibby.net" />
+	<target host="m.stabraam.net" />
+	<target host="m.stevebain.es" />
+	<target host="m.svh.cc" />
+	<target host="m.swag.ly" />
+	<target host="m.tiny.pr" />
+	<target host="m.toss.im" />
+	<target host="m.tryreside.com" />
+	<target host="m.tubez.me" />
+	<target host="m.ucie.fr" />
+	<target host="m.uece.br" />
+	<target host="m.uexternado.co" />
+	<target host="m.unkn0wn3d.com" />
+	<target host="m.veniamin.info" />
+	<target host="m.xxxmac.xyz" />
+	<target host="m.zmb.li" />
+	<target host="m00m.in" />
+	<target host="m01.xyz" />
+	<target host="m0algag4l.ml" />
+	<target host="m0ve.co" />
+	<target host="m0vmaz.ml" />
+	<target host="m13.me" />
+	<target host="m1ke.us" />
+	<target host="m1nd.se" />
+	<target host="m1r.site" />
+	<target host="m1st.be" />
+	<target host="m2.cm" />
+	<target host="m2.quel.jp" />
+	<target host="m20.co" />
+	<target host="m24.cc" />
+	<target host="m2pl.co" />
+	<target host="m3.quel.jp" />
+	<target host="m3g4hd.ml" />
+	<target host="m3jrel.ml" />
+	<target host="m3m.cc" />
+	<target host="m40.so" />
+	<target host="m4kinjos.ml" />
+	<target host="m4mahbaeks.ml" />
+	<target host="m4rk.in" />
+	<target host="m4s.in" />
+	<target host="m4s.me" />
+	<target host="m4y0r.ml" />
+	<target host="m5ive.com" />
+	<target host="m5m.eu" />
+	<target host="m5s.info" />
+	<target host="m5videos.com" />
+	<target host="m60.digital" />
+	<target host="m6f.de" />
+	<target host="m90.co" />
+	<target host="m92.it" />
+	<target host="ma-pl.es" />
+	<target host="ma.dsemil.com" />
+	<target host="ma.rcel.biz" />
+	<target host="ma.rcello.com" />
+	<target host="ma.rnix.nl" />
+	<target host="ma.thsterk.net" />
+	<target host="ma.tsudaira.jp" />
+	<target host="ma.tthewk.com" />
+	<target host="ma.ttmuller.com" />
+	<target host="ma5.us" />
+	<target host="maalde.me" />
+	<target host="maan.wine" />
+	<target host="maap.es" />
+	<target host="maar.co" />
+	<target host="maas-bong.io" />
+	<target host="mab.bz" />
+	<target host="maba.ga" />
+	<target host="mabag.fr" />
+	<target host="mabb.ly" />
+	<target host="mabeo.pro" />
+	<target host="mabris.co" />
+	<target host="macc.as" />
+	<target host="macc.at" />
+	<target host="maceo.in" />
+	<target host="macewa.nu" />
+	<target host="macfix.es" />
+	<target host="macit.co" />
+	<target host="mackenz.ie" />
+	<target host="mackparty.info" />
+	<target host="macleather.co" />
+	<target host="macmia.co" />
+	<target host="macnaught.co" />
+	<target host="macnifi.co" />
+	<target host="macq.it" />
+	<target host="macropage.info" />
+	<target host="macs.link" />
+	<target host="macs.pm" />
+	<target host="macs.ws" />
+	<target host="mact.es" />
+	<target host="macti.ps" />
+	<target host="mactu.al" />
+	<target host="macul.ml" />
+	<target host="mad.mx" />
+	<target host="madani.co" />
+	<target host="madate.ch" />
+	<target host="madb.in" />
+	<target host="madb.mx" />
+	<target host="madcom.club" />
+	<target host="maddy.news" />
+	<target host="made.mn" />
+	<target host="madeby.black" />
+	<target host="madepaper.co" />
+	<target host="madewit.love" />
+	<target host="madgr.co" />
+	<target host="madho.it" />
+	<target host="madic.co" />
+	<target host="madness.dj" />
+	<target host="madot.ie" />
+	<target host="madpa.ws" />
+	<target host="mads.io" />
+	<target host="madw.in" />
+	<target host="maer.sk" />
+	<target host="maerskd.co" />
+	<target host="maetips.com.br" />
+	<target host="mag.cr" />
+	<target host="mag.zeejan.me" />
+	<target host="maga.lu" />
+	<target host="magali.co" />
+	<target host="magazine.beer" />
+	<target host="magek.co" />
+	<target host="magic.tada.one" />
+	<target host="magich.at" />
+	<target host="magician.show" />
+	<target host="magnet.is" />
+	<target host="magnop.us" />
+	<target host="magnumhd.ml" />
+	<target host="magpi.cc" />
+	<target host="magpi.es" />
+	<target host="magportal.us" />
+	<target host="mags247.in" />
+	<target host="magvac.co" />
+	<target host="magx.us" />
+	<target host="magyon.co" />
+	<target host="mah.xyz" />
+	<target host="maha.uno" />
+	<target host="maharaj.ca" />
+	<target host="mahdafblog.tk" />
+	<target host="mahl.ly" />
+	<target host="maia.im" />
+	<target host="maid.tw" />
+	<target host="maig.us" />
+	<target host="main4khd.ml" />
+	<target host="mainlinem.co.uk" />
+	<target host="mais.moda" />
+	<target host="maj.to" />
+	<target host="mak.es" />
+	<target host="mak.so" />
+	<target host="makaiprince.win" />
+	<target host="makaveli.org" />
+	<target host="makea.life" />
+	<target host="makediscipl.es" />
+	<target host="makerpot.info" />
+	<target host="making-cards.uk" />
+	<target host="maklr.de" />
+	<target host="mako.si" />
+	<target host="mala.la" />
+	<target host="malar.ga" />
+	<target host="malem.info" />
+	<target host="malliard.link" />
+	<target host="mallvirtual.xyz" />
+	<target host="maluba.net" />
+	<target host="malv.es" />
+	<target host="mamab.co" />
+	<target host="mamatcyber.info" />
+	<target host="mammth.co" />
+	<target host="man.gl" />
+	<target host="manaus.al" />
+	<target host="manc.it" />
+	<target host="mancphoto.uk" />
+	<target host="mandelkind.link" />
+	<target host="mander.com" />
+	<target host="mandw.me" />
+	<target host="mandymiller.co" />
+	<target host="manga.fyi" />
+	<target host="mango.bike" />
+	<target host="manheim.to" />
+	<target host="manheiml.lc" />
+	<target host="manhth.com" />
+	<target host="maniatv.gq" />
+	<target host="maniatvshow.ga" />
+	<target host="manitowoc.us" />
+	<target host="manlab.ml" />
+	<target host="mann.link" />
+	<target host="mannd.us" />
+	<target host="manof.me" />
+	<target host="manototv.cf" />
+	<target host="mansion.global" />
+	<target host="mantaf.ga" />
+	<target host="mantap.gq" />
+	<target host="mantas.loak.org" />
+	<target host="mantinad.es" />
+	<target host="mantissec.com" />
+	<target host="manuel.media" />
+	<target host="manzy.it" />
+	<target host="map.bike" />
+	<target host="map.hilton.com" />
+	<target host="mapafo.de" />
+	<target host="mapc.ma" />
+	<target host="mapd.io" />
+	<target host="mapfan.to" />
+	<target host="maphpy.org" />
+	<target host="mapkyc.me" />
+	<target host="mappcan.ca" />
+	<target host="maps-info.ml" />
+	<target host="mar.ket.watch" />
+	<target host="mar4khd.ml" />
+	<target host="marbellanews.es" />
+	<target host="marbot.hol.es" />
+	<target host="marc.sx" />
+	<target host="marca.to" />
+	<target host="marcelj.tk" />
+	<target host="marcimartini.tk" />
+	<target host="marclinks.com" />
+	<target host="marcm.me" />
+	<target host="marconet.co" />
+	<target host="marcushenry.me" />
+	<target host="marfit.de" />
+	<target host="margal.us" />
+	<target host="mari-sa.co" />
+	<target host="mari.mn" />
+	<target host="marias.menu" />
+	<target host="mariata.sh" />
+	<target host="mariee.tips" />
+	<target host="mariel.link" />
+	<target host="marine.ly" />
+	<target host="mariooliv.es" />
+	<target host="maritimowest.us" />
+	<target host="marius.tips" />
+	<target host="mark.al" />
+	<target host="marka.toys" />
+	<target host="markapps.me" />
+	<target host="markaz.io" />
+	<target host="marke.news" />
+	<target host="markg.li" />
+	<target host="markgi.bz" />
+	<target host="markj.co" />
+	<target host="markjr.link" />
+	<target host="markm.cc" />
+	<target host="marksma.de" />
+	<target host="maro.co" />
+	<target host="marose.mx" />
+	<target host="marospos.com" />
+	<target host="marqu.ee" />
+	<target host="marrie.co.vu" />
+	<target host="married.co.vu" />
+	<target host="married.dance" />
+	<target host="marron.link" />
+	<target host="mars-tv.ml" />
+	<target host="marsalago.link" />
+	<target host="marsdd.it" />
+	<target host="marsh.ly" />
+	<target host="mart.fyi" />
+	<target host="martamari.am" />
+	<target host="martinell.is" />
+	<target host="martywal.sh" />
+	<target host="marvarc.co" />
+	<target host="marvelj.jp" />
+	<target host="mary.ly" />
+	<target host="marya.ms" />
+	<target host="marylhur.st" />
+	<target host="marzi.win" />
+	<target host="masak.in" />
+	<target host="masbrow.ml" />
+	<target host="masch.tv" />
+	<target host="masdh.es" />
+	<target host="maseratiusa.co" />
+	<target host="masinfo.dk" />
+	<target host="maskmag.com" />
+	<target host="masq.in" />
+	<target host="mass.cat" />
+	<target host="massad.life" />
+	<target host="masslbp.link" />
+	<target host="masstaff.in" />
+	<target host="masstea.ch" />
+	<target host="mastr.tech" />
+	<target host="masu.rocks" />
+	<target host="mataikan.ga" />
+	<target host="matc.at" />
+	<target host="matchclub.date" />
+	<target host="matd.si" />
+	<target host="mate.as" />
+	<target host="mate.fyi" />
+	<target host="matepod.ca" />
+	<target host="mater.li" />
+	<target host="mateso.co" />
+	<target host="mathaml.in" />
+	<target host="maticulo.us" />
+	<target host="matl.in" />
+	<target host="matpren.co" />
+	<target host="matryx.me" />
+	<target host="matt.yt" />
+	<target host="mattandpeter.co" />
+	<target host="matte.in" />
+	<target host="matte.me" />
+	<target host="matteoserver.ga" />
+	<target host="matter-lab.co" />
+	<target host="mattf.in" />
+	<target host="matth.ws" />
+	<target host="matthewclark.co" />
+	<target host="mattos.us" />
+	<target host="mattpollard.net" />
+	<target host="mattrhod.es" />
+	<target host="mattrunks.link" />
+	<target host="matts.in" />
+	<target host="mattuhri.ch" />
+	<target host="mattyk.me" />
+	<target host="mattys.co" />
+	<target host="mattz.me" />
+	<target host="maugv.com" />
+	<target host="maung4kuhd.ml" />
+	<target host="maur.us" />
+	<target host="maureen.link" />
+	<target host="mav.im" />
+	<target host="mava.co" />
+	<target host="mavrck.net" />
+	<target host="maw.so" />
+	<target host="mawarbodas.ga" />
+	<target host="mawhiba.sa" />
+	<target host="max-korzh.ru" />
+	<target host="max.fyi" />
+	<target host="maxav.us" />
+	<target host="maxf.us" />
+	<target host="maxfreixe.net" />
+	<target host="maxhdplay.ml" />
+	<target host="maxhlux66.ml" />
+	<target host="maxi.sh" />
+	<target host="maxicu.tk" />
+	<target host="maxm.eu" />
+	<target host="maxpr.in" />
+	<target host="maxshar.es" />
+	<target host="maxstar.xyz" />
+	<target host="maxt.ec" />
+	<target host="maxwin36.ml" />
+	<target host="maxwin36.tk" />
+	<target host="maxx.link" />
+	<target host="may.desi" />
+	<target host="mayaraya.ml" />
+	<target host="mayas.us" />
+	<target host="mayh.ws" />
+	<target host="mayo.rs" />
+	<target host="mayocl.in" />
+	<target host="mayosweb.com" />
+	<target host="mazaki.ml" />
+	<target host="mb-c.me" />
+	<target host="mb-de.com" />
+	<target host="mb.tips" />
+	<target host="mb.uniturk.net" />
+	<target host="mb168.me" />
+	<target host="mb2.me" />
+	<target host="mb21.ml" />
+	<target host="mb4kjan.ga" />
+	<target host="mb4yars3k.ml" />
+	<target host="mba.incae.edu" />
+	<target host="mbacademy.co" />
+	<target host="mbahjarwo.ml" />
+	<target host="mbakr.me" />
+	<target host="mbar.me" />
+	<target host="mbav.co" />
+	<target host="mbayaq.co" />
+	<target host="mbc.me.uk" />
+	<target host="mbcc.me" />
+	<target host="mbe.io" />
+	<target host="mbe.pm" />
+	<target host="mbg.fyi" />
+	<target host="mbg.is" />
+	<target host="mbh.la" />
+	<target host="mbing.de" />
+	<target host="mbist.ro" />
+	<target host="mbitly.co" />
+	<target host="mbj.fyi" />
+	<target host="mbj.im" />
+	<target host="mbjake.uk" />
+	<target host="mbk.to" />
+	<target host="mbls.ro" />
+	<target host="mblx.us" />
+	<target host="mbmoo.se" />
+	<target host="mbmus.uk" />
+	<target host="mbmusic.us" />
+	<target host="mbooth.ly" />
+	<target host="mbot.co" />
+	<target host="mbpr.sh" />
+	<target host="mbpro.us" />
+	<target host="mbrk.me" />
+	<target host="mbs.re" />
+	<target host="mbsgrp.co" />
+	<target host="mbtal.es" />
+	<target host="mbts.cc" />
+	<target host="mbuck.co" />
+	<target host="mbuck.tv" />
+	<target host="mbuzz.ca" />
+	<target host="mbvda.co" />
+	<target host="mc-author.com" />
+	<target host="mc0.io" />
+	<target host="mca.re" />
+	<target host="mcafee.ly" />
+	<target host="mcal.me" />
+	<target host="mcalp.in" />
+	<target host="mcampos.xyz" />
+	<target host="mcand.us" />
+	<target host="mcap.me" />
+	<target host="mcare.us" />
+	<target host="mcat.fr" />
+	<target host="mcb.fyi" />
+	<target host="mcbmx.biz" />
+	<target host="mcbook.me" />
+	<target host="mcbray.ml" />
+	<target host="mcbsa.org" />
+	<target host="mccanime.xyz" />
+	<target host="mcch.at" />
+	<target host="mcci.io" />
+	<target host="mccou.ch" />
+	<target host="mccurdyau.com" />
+	<target host="mccv.eu" />
+	<target host="mcd.me" />
+	<target host="mcd.uno" />
+	<target host="mcdis.co" />
+	<target host="mcelt.me" />
+	<target host="mcf-tv.ml" />
+	<target host="mcf08.ml" />
+	<target host="mcf08movie.ml" />
+	<target host="mcf33.cf" />
+	<target host="mcf33.gq" />
+	<target host="mcfall.link" />
+	<target host="mcfe.gq" />
+	<target host="mcfra.me" />
+	<target host="mcftamino.es" />
+	<target host="mcg.so" />
+	<target host="mcgam.es" />
+	<target host="mcgf.in" />
+	<target host="mcgfdn.com" />
+	<target host="mcgil.lu" />
+	<target host="mcgr.aw" />
+	<target host="mcgrl.net" />
+	<target host="mcgu.co" />
+	<target host="mcgvk.co" />
+	<target host="mcgz.us" />
+	<target host="mch.re" />
+	<target host="mche.pl" />
+	<target host="mchlcr.tv" />
+	<target host="mchor.us" />
+	<target host="mchp.us" />
+	<target host="mchs.jwerk.in" />
+	<target host="mciotta.us" />
+	<target host="mcitours.us" />
+	<target host="mcjon.es" />
+	<target host="mckemp.com" />
+	<target host="mckry.co" />
+	<target host="mcl.ink" />
+	<target host="mcl.tw" />
+	<target host="mclark.uk" />
+	<target host="mclark.xyz" />
+	<target host="mclean.cf" />
+	<target host="mclnd.nz" />
+	<target host="mcm.me" />
+	<target host="mcmagic.biz" />
+	<target host="mcmx.in" />
+	<target host="mcnat.us" />
+	<target host="mcnmrq.us" />
+	<target host="mcnto.co" />
+	<target host="mcoaug.org" />
+	<target host="mcohn.me" />
+	<target host="mcol.co" />
+	<target host="mcollier.net" />
+	<target host="mcont.co" />
+	<target host="mcqua.de" />
+	<target host="mcrae.in" />
+	<target host="mcrft.co" />
+	<target host="mcross.us" />
+	<target host="mcrump.me" />
+	<target host="mcsk.in" />
+	<target host="mcstd.com.au" />
+	<target host="mcstr.net" />
+	<target host="mcu.voz48.xyz" />
+	<target host="mcuk.xyz" />
+	<target host="mcull.me" />
+	<target host="mcw.fyi" />
+	<target host="mcwwr.org" />
+	<target host="mcy.nz" />
+	<target host="mcys.co" />
+	<target host="mczar.me" />
+	<target host="mczn.ca" />
+	<target host="md4l.ga" />
+	<target host="mday.biz" />
+	<target host="mdb.is" />
+	<target host="mdc.is" />
+	<target host="mdc.plus" />
+	<target host="mdc.st" />
+	<target host="mdc4.us" />
+	<target host="mdcc.uk" />
+	<target host="mddpk.co" />
+	<target host="mddrm.org" />
+	<target host="mdf.ms" />
+	<target host="mdfl.co" />
+	<target host="mdfm.co" />
+	<target host="mdfullstream.ml" />
+	<target host="mdgdgt.com" />
+	<target host="mdhj.fr" />
+	<target host="mdhjr.co" />
+	<target host="mdho.me" />
+	<target host="mdhv.co" />
+	<target host="mdia.im" />
+	<target host="mdia.st" />
+	<target host="mdigit.al" />
+	<target host="mdj.onl" />
+	<target host="mdkn.gs" />
+	<target host="mdlk.us" />
+	<target host="mdm.anhc.mx" />
+	<target host="mdm.sc" />
+	<target host="mdon.co.uk" />
+	<target host="mdow.io" />
+	<target host="mdpt.fr" />
+	<target host="mdr.buzz" />
+	<target host="mdr.io" />
+	<target host="mdra.me" />
+	<target host="mdrg.co" />
+	<target host="mds.fyi" />
+	<target host="mds26.tk" />
+	<target host="mdshop.us" />
+	<target host="mdshowhd.ml" />
+	<target host="mdsi.us" />
+	<target host="mdspk.co" />
+	<target host="mdspr.ms" />
+	<target host="mdst.in" />
+	<target host="mdst.mn" />
+	<target host="mdta.co" />
+	<target host="mdtm.pl" />
+	<target host="mdtrth.cc" />
+	<target host="mdus.co" />
+	<target host="mduu.de" />
+	<target host="mdw.design" />
+	<target host="mdwill.is" />
+	<target host="mdyn.co" />
+	<target host="mdyn1.com" />
+	<target host="mdyp.ws" />
+	<target host="me.b-j.me" />
+	<target host="me.courts.de" />
+	<target host="me.fotobyjb.com" />
+	<target host="me.freelabel.me" />
+	<target host="me.kmsg.cc" />
+	<target host="me.legentas.ru" />
+	<target host="me.mindwork.net" />
+	<target host="me.onmedic.com" />
+	<target host="me.scaasi.co.uk" />
+	<target host="me.shopicks.com" />
+	<target host="me.truesdell.ca" />
+	<target host="me.wakdro.id" />
+	<target host="me.zbritje.net" />
+	<target host="me2.la" />
+	<target host="mea.li" />
+	<target host="meaa.io" />
+	<target host="mealj.co" />
+	<target host="mealprep.ly" />
+	<target host="meant4mo.re" />
+	<target host="meatify.me" />
+	<target host="meatm.ag" />
+	<target host="mebeer.co" />
+	<target host="mech.sc" />
+	<target host="meclick.ml" />
+	<target host="medaid.co" />
+	<target host="medca.st" />
+	<target host="medcan.net" />
+	<target host="media.bolero.be" />
+	<target host="media.don.is" />
+	<target host="mediac.at" />
+	<target host="mediagig.site" />
+	<target host="mediagrati.ae" />
+	<target host="mediawi.se" />
+	<target host="medipartner.nl" />
+	<target host="medm.us" />
+	<target host="medmj.us" />
+	<target host="medox.ml" />
+	<target host="medtxt.me" />
+	<target host="meep.space" />
+	<target host="meeperoos.com" />
+	<target host="meet.ponk.pro" />
+	<target host="meet.vivek.co" />
+	<target host="meetalx.co" />
+	<target host="meethk.net" />
+	<target host="meetmaest.ro" />
+	<target host="mega-flix.ml" />
+	<target host="mega4k.ga" />
+	<target host="mega4khd.ml" />
+	<target host="megaop.co" />
+	<target host="megb.co" />
+	<target host="megdal.be" />
+	<target host="megg.io" />
+	<target host="meggashare.gq" />
+	<target host="megmo.me" />
+	<target host="meierbe.at" />
+	<target host="meizu.hk" />
+	<target host="mel.to" />
+	<target host="melb.co" />
+	<target host="melbfe.st" />
+	<target host="melbs.pw" />
+	<target host="meld.li" />
+	<target host="meleia.la" />
+	<target host="melfm.site" />
+	<target host="melhores.co" />
+	<target host="meli.uz" />
+	<target host="melkor.co" />
+	<target host="mello.link" />
+	<target host="melm.co" />
+	<target host="melndoy.ml" />
+	<target host="melrose.eu" />
+	<target host="mem.keepy.me" />
+	<target host="memb.li" />
+	<target host="memisa.nu" />
+	<target host="memne.ws" />
+	<target host="memtag.co" />
+	<target host="men.pwm.cc" />
+	<target host="menangterus.ml" />
+	<target host="mendan.me" />
+	<target host="mengler.nl" />
+	<target host="menk-tv.ml" />
+	<target host="mensa.je" />
+	<target host="mensagem.es" />
+	<target host="menseninnood.nu" />
+	<target host="mensw.com" />
+	<target host="mentari-tv.ml" />
+	<target host="menteles.co.vu" />
+	<target host="meow.ski" />
+	<target host="mequedemay.tk" />
+	<target host="mer.cr" />
+	<target host="meraki.link" />
+	<target host="merc.ht" />
+	<target host="merchpl.us" />
+	<target host="mercialf.red" />
+	<target host="merco.me" />
+	<target host="mercserv.ml" />
+	<target host="merct.us" />
+	<target host="mercu.re" />
+	<target host="mercul.es" />
+	<target host="mercuryhols.com" />
+	<target host="meres.online" />
+	<target host="meres.uk" />
+	<target host="meridix.co" />
+	<target host="merlot.me" />
+	<target host="merovx.io" />
+	<target host="merr.me" />
+	<target host="merri.party" />
+	<target host="mert.pw" />
+	<target host="meru.pro" />
+	<target host="merus.link" />
+	<target host="mesayteo.com" />
+	<target host="meshfi.re" />
+	<target host="meshpop.co" />
+	<target host="meson.in" />
+	<target host="mesr.me" />
+	<target host="met.am" />
+	<target host="met.church" />
+	<target host="met.org" />
+	<target host="met4auto.com" />
+	<target host="meta.ps" />
+	<target host="metas.tips" />
+	<target host="metazen.info" />
+	<target host="methodk.it" />
+	<target host="metr.lc" />
+	<target host="metria.us" />
+	<target host="metroed.us" />
+	<target host="metropr.es" />
+	<target host="metrorev.org" />
+	<target host="metroride.hk" />
+	<target host="metros.mx" />
+	<target host="metrosoultv.com" />
+	<target host="meusig.no" />
+	<target host="meuvw.vc" />
+	<target host="mevins.info" />
+	<target host="mevy.co" />
+	<target host="mewa.tm" />
+	<target host="meyt.al" />
+	<target host="meyu.me" />
+	<target host="mezco.toys" />
+	<target host="mezmiz.me" />
+	<target host="mezz.vc" />
+	<target host="mf.awa.fm" />
+	<target host="mfa.ag" />
+	<target host="mfaj.ml" />
+	<target host="mfarrag.ws" />
+	<target host="mfcde.es" />
+	<target host="mfgbc.org" />
+	<target host="mfi.ovh" />
+	<target host="mfib.re" />
+	<target host="mfile.im" />
+	<target host="mfilms.us" />
+	<target host="mflav.in" />
+	<target host="mflbway.co" />
+	<target host="mflwr.co" />
+	<target host="mfp.li" />
+	<target host="mfpkaty.com" />
+	<target host="mfru.it" />
+	<target host="mftr.org" />
+	<target host="mful.tv" />
+	<target host="mfw.fyi" />
+	<target host="mfw.rocks" />
+	<target host="mfweb.us" />
+	<target host="mfwk.me" />
+	<target host="mfywtd.com" />
+	<target host="mg1.co" />
+	<target host="mg1.de" />
+	<target host="mga.im" />
+	<target host="mgb.nyc" />
+	<target host="mgbwhm.co" />
+	<target host="mgcl.us" />
+	<target host="mgcphoto.ga" />
+	<target host="mgff.me" />
+	<target host="mgh.to" />
+	<target host="mghty.io" />
+	<target host="mghty.pe" />
+	<target host="mgive.co" />
+	<target host="mgk.foundation" />
+	<target host="mgn.rs" />
+	<target host="mgnm.fotogr.fr" />
+	<target host="mgntc.co" />
+	<target host="mgnwp.com" />
+	<target host="mgod.me" />
+	<target host="mgom.es" />
+	<target host="mgooden.design" />
+	<target host="mgosurveys.com" />
+	<target host="mgrl.co" />
+	<target host="mgrn.us" />
+	<target host="mgs.nz" />
+	<target host="mgstn.ly" />
+	<target host="mgvrl.it" />
+	<target host="mgx.nyc" />
+	<target host="mgxc.co" />
+	<target host="mgz.magaza.me" />
+	<target host="mh-pr.eu" />
+	<target host="mh.my" />
+	<target host="mh.tl" />
+	<target host="mhar.ga" />
+	<target host="mhat.ch" />
+	<target host="mhc.lc" />
+	<target host="mhd.bz" />
+	<target host="mhed.us" />
+	<target host="mhero.es" />
+	<target host="mhill.je" />
+	<target host="mhl.us" />
+	<target host="mhmgrl.com" />
+	<target host="mhoff.co" />
+	<target host="mhog.co" />
+	<target host="mhp2.it" />
+	<target host="mhs.io" />
+	<target host="mhsmith.us" />
+	<target host="mhsttn.me" />
+	<target host="mhyatt.us" />
+	<target host="mhzsocial.ca" />
+	<target host="mi.smells.mx" />
+	<target host="miaya.tk" />
+	<target host="miblues.co" />
+	<target host="mic.ms" />
+	<target host="mica.ly" />
+	<target host="micahri.ch" />
+	<target host="micahwalter.net" />
+	<target host="micfarris.us" />
+	<target host="michaels.link" />
+	<target host="michel.in" />
+	<target host="michelinmexi.co" />
+	<target host="mick.fm" />
+	<target host="mickelsen.link" />
+	<target host="mickey.us" />
+	<target host="micomm.es" />
+	<target host="micooks.me" />
+	<target host="micro.mn" />
+	<target host="microb.io" />
+	<target host="microent.us" />
+	<target host="mid.st" />
+	<target host="midio.ma" />
+	<target host="mielv.be" />
+	<target host="miers.co" />
+	<target host="mies.link" />
+	<target host="mieza-hd.tk" />
+	<target host="miffl.in" />
+	<target host="miflota.co" />
+	<target host="might.ly" />
+	<target host="migs.news" />
+	<target host="migto.mx" />
+	<target host="miguel.vip" />
+	<target host="miguelacuna.me" />
+	<target host="miguelmad.es" />
+	<target host="miguels.igg.biz" />
+	<target host="migz.es" />
+	<target host="mihama.gq" />
+	<target host="mihama.tk" />
+	<target host="mihl.us" />
+	<target host="miikka.net" />
+	<target host="miim.de" />
+	<target host="miim.to" />
+	<target host="miji.tk" />
+	<target host="mike4.co" />
+	<target host="mikeb.it" />
+	<target host="mikebloom.bg" />
+	<target host="mikecou.ch" />
+	<target host="mikefolli.ng" />
+	<target host="mikei.sh" />
+	<target host="miken.co" />
+	<target host="mikepaul.rocks" />
+	<target host="mikewal.sh" />
+	<target host="mikeweb.me" />
+	<target host="mikews.co" />
+	<target host="mikr.ooo" />
+	<target host="mikul.la" />
+	<target host="mil1.st" />
+	<target host="milc.ms" />
+	<target host="mile.io" />
+	<target host="milesto.ne" />
+	<target host="militaria.ma" />
+	<target host="milk.mu" />
+	<target host="millaswann.com" />
+	<target host="millecor.co" />
+	<target host="millersa.mu" />
+	<target host="millr.cr" />
+	<target host="mills.photo" />
+	<target host="millshq.uk" />
+	<target host="milner.in" />
+	<target host="milr.eu" />
+	<target host="miluu.me" />
+	<target host="mim.ec" />
+	<target host="mimibtq.com" />
+	<target host="mimic3d.it" />
+	<target host="mimimizoo.ru" />
+	<target host="min.do" />
+	<target host="min.gs" />
+	<target host="min.sh" />
+	<target host="min.slhenry.com" />
+	<target host="min.unpaper.com" />
+	<target host="min.wardell.me" />
+	<target host="mina.al" />
+	<target host="mina.so" />
+	<target host="mindap.pl" />
+	<target host="mindea.co" />
+	<target host="mindef.sg" />
+	<target host="mindful.link" />
+	<target host="mindful.tools" />
+	<target host="mindma.de" />
+	<target host="mindof.media" />
+	<target host="mindythe.li" />
+	<target host="mine.im" />
+	<target host="mine4su.re" />
+	<target host="minf.it" />
+	<target host="minhavida.co" />
+	<target host="mini-series.ml" />
+	<target host="mini.afnet.fr" />
+	<target host="mini.mwi.org" />
+	<target host="mini.pt6tv.com" />
+	<target host="minifigs.es" />
+	<target host="minifs.com" />
+	<target host="mining.money" />
+	<target host="minip.co" />
+	<target host="minipresso.co" />
+	<target host="miniurl.ml" />
+	<target host="minklink.info" />
+	<target host="minnpo.st" />
+	<target host="minorcort.es" />
+	<target host="minprofil.info" />
+	<target host="minsoft.co" />
+	<target host="mintb.lu" />
+	<target host="mintel.tv" />
+	<target host="mintho.me" />
+	<target host="mintne.ws" />
+	<target host="mintsr.me" />
+	<target host="minu.to" />
+	<target host="minutra.de" />
+	<target host="miodr.eu" />
+	<target host="mionl.in" />
+	<target host="mip.mba" />
+	<target host="mipsyfair.org" />
+	<target host="mir.mn" />
+	<target host="mirabilia.in" />
+	<target host="mirag.us" />
+	<target host="miraisk.net" />
+	<target host="mirand.me" />
+	<target host="mircap.biz" />
+	<target host="mirel.es" />
+	<target host="mirin.xerq.net" />
+	<target host="mirl.me" />
+	<target host="mirmed.org" />
+	<target host="mis.sh" />
+	<target host="mis.sn" />
+	<target host="mis.su" />
+	<target host="mis.tl" />
+	<target host="misadv.us" />
+	<target host="miscolor.es" />
+	<target host="misfir.es" />
+	<target host="mishimo.to" />
+	<target host="misn.co" />
+	<target host="miso.ooo" />
+	<target host="misolde.com" />
+	<target host="miss.ml" />
+	<target host="missao.ml" />
+	<target host="missing.mn" />
+	<target host="missnu.me" />
+	<target host="misterc.link" />
+	<target host="mistral.store" />
+	<target host="mit-tr.co" />
+	<target host="mit.cx" />
+	<target host="mital.me" />
+	<target host="mitchell.pr" />
+	<target host="mitcinfo.com" />
+	<target host="mitey.us" />
+	<target host="mitp.ch" />
+	<target host="mitsloan.co" />
+	<target host="mitsmr.com" />
+	<target host="mitt.media" />
+	<target host="mixa.me" />
+	<target host="mixedatsonic.co" />
+	<target host="mixpo.co" />
+	<target host="mixtapes.rocks" />
+	<target host="mixw.co" />
+	<target host="mizba.la" />
+	<target host="mizo.cl" />
+	<target host="mizoapk.in" />
+	<target host="mizonehd.ml" />
+	<target host="mizuholink.co" />
+	<target host="mizuholink.com" />
+	<target host="mizz.us" />
+	<target host="mizzma.in" />
+	<target host="mj.ie" />
+	<target host="mj.kaioh.co.jp" />
+	<target host="mja.pw" />
+	<target host="mjclrk.ca" />
+	<target host="mjd.bz" />
+	<target host="mjdw.me" />
+	<target host="mjf.cc" />
+	<target host="mjg.ph" />
+	<target host="mjh.fyi" />
+	<target host="mji.me" />
+	<target host="mjjc.info" />
+	<target host="mjk.im" />
+	<target host="mjkk.co" />
+	<target host="mjksn.ws" />
+	<target host="mjm.ag" />
+	<target host="mjm.us" />
+	<target host="mjog.info" />
+	<target host="mjp1.me" />
+	<target host="mjr.wtf" />
+	<target host="mjrlink.us" />
+	<target host="mjs.cc" />
+	<target host="mjstcprnts.com" />
+	<target host="mjt.co" />
+	<target host="mjthis.me" />
+	<target host="mk.cx" />
+	<target host="mkaly.com" />
+	<target host="mkay.cc" />
+	<target host="mkca.ga" />
+	<target host="mkcb.co" />
+	<target host="mkdel.co" />
+	<target host="mkdhyns.xyz" />
+	<target host="mkeind.com" />
+	<target host="mkhl.me" />
+	<target host="mkiss.me" />
+	<target host="mkj.es" />
+	<target host="mkjns.li" />
+	<target host="mkkh.co" />
+	<target host="mkkh.it" />
+	<target host="mkkr.at" />
+	<target host="mkl.it" />
+	<target host="mklnd.com" />
+	<target host="mklr.me" />
+	<target host="mklv.me" />
+	<target host="mkly2.ml" />
+	<target host="mko.me" />
+	<target host="mkoh.me" />
+	<target host="mksb.co" />
+	<target host="mksu.co" />
+	<target host="mkt-cu.be" />
+	<target host="mkt.report" />
+	<target host="mkt.tips" />
+	<target host="mkt2.us" />
+	<target host="mkt3.me" />
+	<target host="mkta.de" />
+	<target host="mktg.im" />
+	<target host="mktg.me" />
+	<target host="mktm.ag" />
+	<target host="mktmgl.co" />
+	<target host="mkto.co" />
+	<target host="mktom.com" />
+	<target host="mktwre.co" />
+	<target host="mkwr.co" />
+	<target host="ml.angel373.com" />
+	<target host="ml.church" />
+	<target host="ml.goto.top" />
+	<target host="ml.ms" />
+	<target host="ml.seohacks.net" />
+	<target host="ml.vu" />
+	<target host="ml24.design" />
+	<target host="mla-bs.com" />
+	<target host="mlabs.link" />
+	<target host="mlcl.es" />
+	<target host="mlcruises.com" />
+	<target host="mld.sg" />
+	<target host="mld.st" />
+	<target host="mlday.fr" />
+	<target host="mldhd.ml" />
+	<target host="mldlink.info" />
+	<target host="mldy.pro" />
+	<target host="mlend.co" />
+	<target host="mlg.to" />
+	<target host="mlio.it" />
+	<target host="mlist.link" />
+	<target host="mlk.md" />
+	<target host="mlkshk.co" />
+	<target host="mlle.bio" />
+	<target host="mllnr.co" />
+	<target host="mllo.me" />
+	<target host="mllrit.de" />
+	<target host="mlmurph.com" />
+	<target host="mln.bet" />
+	<target host="mln.rocks" />
+	<target host="mlnd.ir" />
+	<target host="mlodo.com" />
+	<target host="mloshift.co" />
+	<target host="mlpt.me" />
+	<target host="mlsbgt.de" />
+	<target host="mltarycrusr.com" />
+	<target host="mltbx.com" />
+	<target host="mltcreative.co" />
+	<target host="mltpss.com" />
+	<target host="mltpss.net" />
+	<target host="mltsr.org" />
+	<target host="mluv.co" />
+	<target host="mlvk.co" />
+	<target host="mlz.me" />
+	<target host="mm.atom.com" />
+	<target host="mm.care" />
+	<target host="mm.careers" />
+	<target host="mm.mtv.com" />
+	<target host="mm.vh1.com" />
+	<target host="mm2.cool" />
+	<target host="mma.ac" />
+	<target host="mmak.es" />
+	<target host="mmbl.me" />
+	<target host="mmco.pet" />
+	<target host="mmdia.es" />
+	<target host="mmetaxas.co" />
+	<target host="mmf.cc" />
+	<target host="mmfan.fyi" />
+	<target host="mmfr.co" />
+	<target host="mmi.aw" />
+	<target host="mmi.bz" />
+	<target host="mmibty.co" />
+	<target host="mmjne.ws" />
+	<target host="mmkh.co" />
+	<target host="mmkt.in" />
+	<target host="mmlearn.me" />
+	<target host="mmlf.co" />
+	<target host="mmln.at" />
+	<target host="mmm.ms" />
+	<target host="mmm.wtf" />
+	<target host="mmmedia.me" />
+	<target host="mmn.one" />
+	<target host="mmnt.ly" />
+	<target host="mmnta.com" />
+	<target host="mmnte.in" />
+	<target host="mmoc.io" />
+	<target host="mmoen.ch" />
+	<target host="mmom.me" />
+	<target host="mmoscosa.com" />
+	<target host="mmrk.io" />
+	<target host="mmrkt.co" />
+	<target host="mmrnll.com" />
+	<target host="mmrt.in" />
+	<target host="mmtc.co" />
+	<target host="mmtm.rocks" />
+	<target host="mmv.rocks" />
+	<target host="mmvr.uk" />
+	<target host="mmwd.ca" />
+	<target host="mmz.li" />
+	<target host="mnatu.re" />
+	<target host="mnbiz.cc" />
+	<target host="mnbkr.com" />
+	<target host="mnbrd.com" />
+	<target host="mnbvcxz.com" />
+	<target host="mncd.in" />
+	<target host="mncso.news" />
+	<target host="mnd.ly" />
+	<target host="mndlr.ga" />
+	<target host="mndlss.biz" />
+	<target host="mndne.ws" />
+	<target host="mndrgn.com" />
+	<target host="mndrn.co" />
+	<target host="mndt.ch" />
+	<target host="mney.co" />
+	<target host="mnfrmr.co" />
+	<target host="mngle.tw" />
+	<target host="mngmvnt.com" />
+	<target host="mngn.co" />
+	<target host="mngrlsbwy.co" />
+	<target host="mnhc.us" />
+	<target host="mnhne.ws" />
+	<target host="mnhouse.gop" />
+	<target host="mnib.ca" />
+	<target host="mninjas.com" />
+	<target host="mnino.com" />
+	<target host="mnki.es" />
+	<target host="mnky.bz" />
+	<target host="mnky.in" />
+	<target host="mnky.us" />
+	<target host="mnkys.name" />
+	<target host="mnly.co" />
+	<target host="mnma.de" />
+	<target host="mnml-l.ml" />
+	<target host="mnml.st" />
+	<target host="mnnk.st" />
+	<target host="mnnr.io" />
+	<target host="mnnz.cc" />
+	<target host="mnot.es" />
+	<target host="mnow.co.uk" />
+	<target host="mnow.in" />
+	<target host="mnoy.es" />
+	<target host="mnp.ae" />
+	<target host="mnp.mobi" />
+	<target host="mnpbusiness.ca" />
+	<target host="mnpd.me" />
+	<target host="mnpx.fr" />
+	<target host="mnrpl.net" />
+	<target host="mnsp.us" />
+	<target host="mnstr.me" />
+	<target host="mnstrs.co" />
+	<target host="mnsw.ch" />
+	<target host="mnt.al" />
+	<target host="mntmppc.co" />
+	<target host="mntr.co" />
+	<target host="mntr.it" />
+	<target host="mntv.eu" />
+	<target host="mntz.lv" />
+	<target host="mnu.sm" />
+	<target host="mnv8.us" />
+	<target host="mnvil.com" />
+	<target host="mny.tips" />
+	<target host="mnye.ca" />
+	<target host="mnyp.lc" />
+	<target host="mnyw.ch" />
+	<target host="mnz.bz" />
+	<target host="mnza.us" />
+	<target host="mo.joweg.com" />
+	<target host="mo.ma" />
+	<target host="mo.playsmart.fr" />
+	<target host="mo529.us" />
+	<target host="moalben.ml" />
+	<target host="moamerica.us" />
+	<target host="moar.bruce.gg" />
+	<target host="moat.bz" />
+	<target host="mob1.me" />
+	<target host="moba.ge" />
+	<target host="moba.lol" />
+	<target host="mobb.me" />
+	<target host="mobde3-cmp.tk" />
+	<target host="mobib.nl" />
+	<target host="mobil.co" />
+	<target host="mobileacs.org" />
+	<target host="mobileca.re" />
+	<target host="mobilex.co" />
+	<target host="mobilez.be" />
+	<target host="mobilimobel.net" />
+	<target host="mobills.me" />
+	<target host="mobius.media" />
+	<target host="moblab.io" />
+	<target host="mobrt.co" />
+	<target host="mochapar.me" />
+	<target host="mochithin.gs" />
+	<target host="moci.info" />
+	<target host="moctu.com" />
+	<target host="mod.com" />
+	<target host="mod7.in" />
+	<target host="moda.sh" />
+	<target host="modcab.in" />
+	<target host="modcl.co" />
+	<target host="modefi.co" />
+	<target host="modernsexy.me" />
+	<target host="modic.es" />
+	<target host="modloft.co" />
+	<target host="modnar.fyi" />
+	<target host="modo.ly" />
+	<target host="modpod.ge" />
+	<target host="modprac.com" />
+	<target host="modsci.co" />
+	<target host="modsto.com" />
+	<target host="modulo.cc" />
+	<target host="moe.vg" />
+	<target host="moen.co" />
+	<target host="moer.link" />
+	<target host="moer.tl" />
+	<target host="moff.ly" />
+	<target host="mofi.bo" />
+	<target host="mofi.re" />
+	<target host="mograph.video" />
+	<target host="mogu.li" />
+	<target host="mohd.news" />
+	<target host="mohr4.me" />
+	<target host="mohrp.ir" />
+	<target host="moieties.net" />
+	<target host="moil.in" />
+	<target host="moja.lat" />
+	<target host="mojo.ly" />
+	<target host="mojok.id" />
+	<target host="mojote.ch" />
+	<target host="mok.it" />
+	<target host="moka.li" />
+	<target host="mokmok.tk" />
+	<target host="molk.tv" />
+	<target host="molly.am" />
+	<target host="momloves.it" />
+	<target host="mommababy.vn" />
+	<target host="momnt.io" />
+	<target host="momodale.ml" />
+	<target host="moms.com.es" />
+	<target host="moms.ly" />
+	<target host="momskamov.ml" />
+	<target host="momte.ch" />
+	<target host="monarch.digital" />
+	<target host="monbio.ag" />
+	<target host="monday.pm" />
+	<target host="mondoplayer.net" />
+	<target host="monetus.co" />
+	<target host="money.us" />
+	<target host="moneycrashe.rs" />
+	<target host="moneygr.am" />
+	<target host="moneyhouse.to" />
+	<target host="mongodb.social" />
+	<target host="monitor.band" />
+	<target host="monitor.cm" />
+	<target host="monk.ly" />
+	<target host="monkeycast.uk" />
+	<target host="mono.cat" />
+	<target host="monoclem.ag" />
+	<target host="monosby.ws" />
+	<target host="monov.me" />
+	<target host="monsanto.info" />
+	<target host="mont-bell.jp" />
+	<target host="monta.ge" />
+	<target host="monty.to" />
+	<target host="moodi.ly" />
+	<target host="moogen.to" />
+	<target host="moogle.media" />
+	<target host="moom.in" />
+	<target host="moonsys.co" />
+	<target host="moorebway.co" />
+	<target host="moosical.fun" />
+	<target host="mootral.ch" />
+	<target host="moov.ly" />
+	<target host="moovit.me" />
+	<target host="mop.papua.us" />
+	<target host="mopub.co" />
+	<target host="mor.me" />
+	<target host="mor.network" />
+	<target host="morador.es" />
+	<target host="moran.yt" />
+	<target host="morebv.info" />
+	<target host="moreinfo.biz" />
+	<target host="morelli.fit" />
+	<target host="morethur.com" />
+	<target host="moreti.me" />
+	<target host="morgan.xyz" />
+	<target host="mori.sc" />
+	<target host="moritzwinker.tk" />
+	<target host="mornie.me" />
+	<target host="morrish.website" />
+	<target host="morrismc.se" />
+	<target host="morseko.de" />
+	<target host="morsels.me" />
+	<target host="mos.ai" />
+	<target host="mosaicmag.co" />
+	<target host="mosher.co" />
+	<target host="mosrio.me" />
+	<target host="mostly.video" />
+	<target host="mostyn.co" />
+	<target host="mot.ly" />
+	<target host="mot.ms" />
+	<target host="mot.sh" />
+	<target host="mota.yt" />
+	<target host="mote.am" />
+	<target host="motea.ch" />
+	<target host="motl.am" />
+	<target host="motly.us" />
+	<target host="motm.me" />
+	<target host="motorgutz.com" />
+	<target host="motorhome.ma" />
+	<target host="motoring.guide" />
+	<target host="mottm.ac" />
+	<target host="motw.co" />
+	<target host="mountco.mp" />
+	<target host="mouse.pt" />
+	<target host="mouthsmums.com" />
+	<target host="mov-hd.ml" />
+	<target host="movact.li" />
+	<target host="movbox.ml" />
+	<target host="movc.mx" />
+	<target host="movd.ga" />
+	<target host="movd.me" />
+	<target host="movelix.cf" />
+	<target host="movie-series.cf" />
+	<target host="movie-series.tk" />
+	<target host="movie-stream.ga" />
+	<target host="movie.sc" />
+	<target host="movie31.gq" />
+	<target host="moviechannel.gq" />
+	<target host="moviedb.gq" />
+	<target host="moviedenzin.ml" />
+	<target host="moviedewa.ml" />
+	<target host="moviefaganza.tk" />
+	<target host="moviefloss.us" />
+	<target host="moviefull.ml" />
+	<target host="moviejkt48.tk" />
+	<target host="movielicious.ml" />
+	<target host="movieoz.cf" />
+	<target host="moviesfoxtv.ml" />
+	<target host="movieshall.ml" />
+	<target host="moviesplay.cf" />
+	<target host="moviesta.ga" />
+	<target host="moviestar01.ml" />
+	<target host="moviestation.ml" />
+	<target host="moviestv.ml" />
+	<target host="moviesworld1.ga" />
+	<target host="movietay.ml" />
+	<target host="movietvdb.ml" />
+	<target host="movietvshow.ml" />
+	<target host="movieus.ga" />
+	<target host="movieworld21.ml" />
+	<target host="movieworldhd.ml" />
+	<target host="moviezone31.ml" />
+	<target host="movim.us" />
+	<target host="moviseries.ml" />
+	<target host="movizone.ml" />
+	<target host="movmovie.tk" />
+	<target host="movn.us" />
+	<target host="movontv.ml" />
+	<target host="movte.am" />
+	<target host="movzone.ml" />
+	<target host="mowe.uk" />
+	<target host="moxi.ee" />
+	<target host="moxiel.ga" />
+	<target host="moxiie.cf" />
+	<target host="mozakdesign.us" />
+	<target host="mozay.io" />
+	<target host="mozuw.com" />
+	<target host="mp.tc" />
+	<target host="mp101.me" />
+	<target host="mpa.io" />
+	<target host="mpage.co" />
+	<target host="mpc-url.com" />
+	<target host="mpc.photo" />
+	<target host="mpd.im" />
+	<target host="mpd.vc" />
+	<target host="mperfection.com" />
+	<target host="mpf.re" />
+	<target host="mpil.us" />
+	<target host="mpint.co" />
+	<target host="mpl.io" />
+	<target host="mplsfdn.org" />
+	<target host="mpoliti.co" />
+	<target host="mpop.to" />
+	<target host="mpower.gq" />
+	<target host="mpowered.buzz" />
+	<target host="mprnts.co" />
+	<target host="mprss.ly" />
+	<target host="mprv.co" />
+	<target host="mps.click" />
+	<target host="mpsa.co" />
+	<target host="mpsau.com" />
+	<target host="mpt.ski" />
+	<target host="mpul.ly" />
+	<target host="mq-uk.com" />
+	<target host="mqtr.es" />
+	<target host="mr-hc.uk" />
+	<target host="mr-net.tk" />
+	<target host="mr.ardeman.com" />
+	<target host="mr.bitly.pro" />
+	<target host="mraud.ee" />
+	<target host="mrbl.info" />
+	<target host="mrbls.co" />
+	<target host="mrbox.ml" />
+	<target host="mrbr.gr" />
+	<target host="mrbrwn.co" />
+	<target host="mrc.io" />
+	<target host="mrc.lu" />
+	<target host="mrchbr.co" />
+	<target host="mrchr.is" />
+	<target host="mrcl.ml" />
+	<target host="mrcl.pw" />
+	<target host="mrcp.me" />
+	<target host="mrcpch.re" />
+	<target host="mrcrvn.la" />
+	<target host="mrcry.us" />
+	<target host="mrcy.hm" />
+	<target host="mrcz.co" />
+	<target host="mre.one" />
+	<target host="mreb.es" />
+	<target host="mref.nl" />
+	<target host="mreh.ca" />
+	<target host="mrei.ch" />
+	<target host="mrex.us" />
+	<target host="mrfan.in" />
+	<target host="mrgood.co" />
+	<target host="mrjd.co" />
+	<target host="mrjoe.co" />
+	<target host="mrjsn.us" />
+	<target host="mrjust.in" />
+	<target host="mrjw.me" />
+	<target host="mrk.bz" />
+	<target host="mrk.li" />
+	<target host="mrk.mn" />
+	<target host="mrk.ms" />
+	<target host="mrk5math.com" />
+	<target host="mrkd.ga" />
+	<target host="mrkmnls.co" />
+	<target host="mrkt.us" />
+	<target host="mrktmscls.com" />
+	<target host="mrktng4.biz" />
+	<target host="mrktr.net" />
+	<target host="mrlac.eu" />
+	<target host="mrlcom.rocks" />
+	<target host="mrlnfx.net" />
+	<target host="mrm.li" />
+	<target host="mrmnt.re" />
+	<target host="mrmweb.co" />
+	<target host="mrn.bz" />
+	<target host="mro.lt" />
+	<target host="mroclass.com" />
+	<target host="mroumen.me" />
+	<target host="mrow.co" />
+	<target host="mrp.tips" />
+	<target host="mrpics.it" />
+	<target host="mrpt.co" />
+	<target host="mrq.to" />
+	<target host="mrr.gr" />
+	<target host="mrrevillz.link" />
+	<target host="mrrt.in" />
+	<target host="mrsdn.co" />
+	<target host="mrshe.de" />
+	<target host="mrsk.co" />
+	<target host="mrsnk.com" />
+	<target host="mrsteve.me" />
+	<target host="mrstitch.es" />
+	<target host="mrt.gs" />
+	<target host="mrt.ovh" />
+	<target host="mrtch.co" />
+	<target host="mrth.it" />
+	<target host="mrtn.is" />
+	<target host="mrtnsprl.de" />
+	<target host="mrtrez.info" />
+	<target host="mrtrez.net" />
+	<target host="mrtrez.online" />
+	<target host="mrtrp.de" />
+	<target host="mrtsh.in" />
+	<target host="mrtz.us" />
+	<target host="mrv.me" />
+	<target host="mrvan.ca" />
+	<target host="mrvlyrs.us" />
+	<target host="mrvnchr.co" />
+	<target host="mrwrk.nl" />
+	<target host="mrx.cl" />
+	<target host="mrxl.us" />
+	<target host="mrygrv.co" />
+	<target host="ms-ds.co" />
+	<target host="ms-i.us" />
+	<target host="ms-nw.link" />
+	<target host="ms.aenovus.com" />
+	<target host="ms.cpa-net.jp" />
+	<target host="ms8.co" />
+	<target host="msa.news" />
+	<target host="msane.ws" />
+	<target host="msb-apps.com" />
+	<target host="msb.link" />
+	<target host="msbl.es" />
+	<target host="msc.to" />
+	<target host="mscbd.fm" />
+	<target host="msclinks.com" />
+	<target host="msd.me" />
+	<target host="msdf.co" />
+	<target host="msdmnls.co" />
+	<target host="msdv.sh" />
+	<target host="mseu.us" />
+	<target host="msf.me" />
+	<target host="msfg.ch" />
+	<target host="msfocus.us" />
+	<target host="msft.fyi" />
+	<target host="msft.la" />
+	<target host="msgardenia.co" />
+	<target host="msh.io" />
+	<target host="msh.ms" />
+	<target host="mshad.ax" />
+	<target host="mshj.me" />
+	<target host="mshkn.ch" />
+	<target host="mshp.it" />
+	<target host="mshra.co" />
+	<target host="msidocs.com" />
+	<target host="msights.co" />
+	<target host="msio.co" />
+	<target host="msj.gs" />
+	<target host="mskjr.dk" />
+	<target host="mslater.ca" />
+	<target host="mslawrence.net" />
+	<target host="mslj.im" />
+	<target host="mslk.co" />
+	<target host="msll.us" />
+	<target host="mslnk.bz" />
+	<target host="mslpainsolu.com" />
+	<target host="msm.ag" />
+	<target host="msmales.co" />
+	<target host="msmclub.co.uk" />
+	<target host="msmoon.co" />
+	<target host="mso.me" />
+	<target host="msocial.bz" />
+	<target host="msp.im" />
+	<target host="msp.is" />
+	<target host="msphotos.co" />
+	<target host="mspik.es" />
+	<target host="mspm.ag" />
+	<target host="mspu.co" />
+	<target host="msqa.us" />
+	<target host="msql.co" />
+	<target host="msquad.co" />
+	<target host="msr.io" />
+	<target host="msr.lc" />
+	<target host="msre.it" />
+	<target host="msrh.tv" />
+	<target host="msrlx.com" />
+	<target host="msrow.land" />
+	<target host="msrt.us" />
+	<target host="mss.fyi" />
+	<target host="mssoc.uk" />
+	<target host="mssp.photos" />
+	<target host="mssrts.co" />
+	<target host="mssv.ly" />
+	<target host="mssvm.sc" />
+	<target host="mst.re" />
+	<target host="mstar.link" />
+	<target host="mstee.co" />
+	<target host="mstnr.me" />
+	<target host="mstr.cd" />
+	<target host="mstr.cl" />
+	<target host="mstr.co" />
+	<target host="mstr.fr" />
+	<target host="mstr.it" />
+	<target host="mstr.uk" />
+	<target host="mstrb.us" />
+	<target host="mstrmind.us" />
+	<target host="mstrsgr.co" />
+	<target host="msuth.me" />
+	<target host="msv.onl" />
+	<target host="msve.me" />
+	<target host="msvo.me" />
+	<target host="msvos.be" />
+	<target host="mswr.me" />
+	<target host="msy.ms" />
+	<target host="mta.wtf" />
+	<target host="mtbm.ag" />
+	<target host="mtbo.ca" />
+	<target host="mtcbd.uk" />
+	<target host="mtchef.us" />
+	<target host="mtck.co" />
+	<target host="mtcr.tc" />
+	<target host="mtech.today" />
+	<target host="mtgrat.es" />
+	<target host="mth.care" />
+	<target host="mth.lv" />
+	<target host="mth.me" />
+	<target host="mth4.co" />
+	<target host="mthr.ml" />
+	<target host="mtk.im" />
+	<target host="mtl.we.bs" />
+	<target host="mtle.bo" />
+	<target host="mtllp.ca" />
+	<target host="mtln.us" />
+	<target host="mtmates.com" />
+	<target host="mtn.bz" />
+	<target host="mtn.im" />
+	<target host="mtn.to" />
+	<target host="mtnews.co" />
+	<target host="mtnplay.one" />
+	<target host="mtnpoint.co" />
+	<target host="mtnre.co" />
+	<target host="mtnrs.nl" />
+	<target host="mtorne.eu" />
+	<target host="mtp.io" />
+	<target host="mtpz.io" />
+	<target host="mtr.li" />
+	<target host="mtrgrtn.de" />
+	<target host="mtrio.link" />
+	<target host="mtrs.co" />
+	<target host="mtrskr.in" />
+	<target host="mtrz.us" />
+	<target host="mts.co" />
+	<target host="mtsi.de" />
+	<target host="mtsilver.co" />
+	<target host="mtstud.io" />
+	<target host="mtsz.me" />
+	<target host="mttbshm.co" />
+	<target host="mtth.in" />
+	<target host="mtthlvr.fr" />
+	<target host="mtthw.mn" />
+	<target host="mttj.in" />
+	<target host="mttmk.com" />
+	<target host="mttq.co" />
+	<target host="mttr.io" />
+	<target host="mtu.news" />
+	<target host="mtv-series.ml" />
+	<target host="mtvhd.ga" />
+	<target host="mtvty.me" />
+	<target host="mtw.bz" />
+	<target host="mtwrk.co" />
+	<target host="mu.lmbt.uk" />
+	<target host="mu.sstools.co" />
+	<target host="mubi.io" />
+	<target host="mudc.at" />
+	<target host="muddypuddl.es" />
+	<target host="mueck.co" />
+	<target host="mufflebox.at" />
+	<target host="muhh.li" />
+	<target host="muji.lu" />
+	<target host="muleman.co" />
+	<target host="multi-dns.de" />
+	<target host="multica.re" />
+	<target host="multif.pro" />
+	<target host="multipl.us" />
+	<target host="multisco.pe" />
+	<target host="multivix.vc" />
+	<target host="mumbrel.la" />
+	<target host="mumford.cc" />
+	<target host="mumi.uk" />
+	<target host="mump.me" />
+	<target host="munch.es" />
+	<target host="munch.ws" />
+	<target host="munchies.com.de" />
+	<target host="mundi.vc" />
+	<target host="mundif.me" />
+	<target host="mundobr.ink" />
+	<target host="munichreus.ly" />
+	<target host="muntenbru.ch" />
+	<target host="munwra.date" />
+	<target host="muo.co" />
+	<target host="muo.fm" />
+	<target host="mupiciyus.ml" />
+	<target host="mupilegit.ml" />
+	<target host="mupo.ca" />
+	<target host="muppetsin.space" />
+	<target host="murf.me" />
+	<target host="murmur.cool" />
+	<target host="murph.me" />
+	<target host="muruluk.ml" />
+	<target host="mus.cr" />
+	<target host="mus.li" />
+	<target host="mus.ms" />
+	<target host="mus.red" />
+	<target host="musc.co" />
+	<target host="musc.mn" />
+	<target host="muscdn.us" />
+	<target host="musce.ca" />
+	<target host="muscle.am" />
+	<target host="muscle.ms" />
+	<target host="muse.j-26.com" />
+	<target host="mushnet.works" />
+	<target host="mushro.ms" />
+	<target host="music.bi" />
+	<target host="music.dmc3.net" />
+	<target host="music.xrec.net" />
+	<target host="musixmatch.mobi" />
+	<target host="musp.la" />
+	<target host="muss.me" />
+	<target host="mustard.bet" />
+	<target host="musts.ee" />
+	<target host="mut3r.ml" />
+	<target host="muth.life" />
+	<target host="muttr.org" />
+	<target host="mutusu.ml" />
+	<target host="muumuu.in" />
+	<target host="muvz.me" />
+	<target host="muziktee.com" />
+	<target host="mv.itmahal.com" />
+	<target host="mv.peanuts.com" />
+	<target host="mvaltas.com" />
+	<target host="mvanm.com" />
+	<target host="mvbt.tk" />
+	<target host="mvc-sports.org" />
+	<target host="mvce.co" />
+	<target host="mvdg.be" />
+	<target host="mvfdn.info" />
+	<target host="mvie.ml" />
+	<target host="mvino.co" />
+	<target host="mvisd.co" />
+	<target host="mvk.cc" />
+	<target host="mvk.cx" />
+	<target host="mvl.me" />
+	<target host="mvm.ug" />
+	<target host="mvmtwatch.co" />
+	<target host="mvn.im" />
+	<target host="mvoce.com" />
+	<target host="mvpx.in" />
+	<target host="mvsl.im" />
+	<target host="mvsm.as" />
+	<target host="mw.pe" />
+	<target host="mwa.ma" />
+	<target host="mwc.news" />
+	<target host="mwcb.in" />
+	<target host="mwconf.com" />
+	<target host="mwd.buzz" />
+	<target host="mwgblog.link" />
+	<target host="mwhip.us" />
+	<target host="mwil.it" />
+	<target host="mwl.li" />
+	<target host="mwl.me" />
+	<target host="mwmeet.com" />
+	<target host="mwmoxie.com" />
+	<target host="mwne.ws" />
+	<target host="mws.tips" />
+	<target host="mwt.bz" />
+	<target host="mww.pr" />
+	<target host="mwy.at" />
+	<target host="mwyr.es" />
+	<target host="mx.24mx.com" />
+	<target host="mx.atcs.ms" />
+	<target host="mx.baja-sur.com" />
+	<target host="mxbit.co" />
+	<target host="mxcommerce.nl" />
+	<target host="mxdig.co" />
+	<target host="mxes.co" />
+	<target host="mxg.to" />
+	<target host="mxghz.co" />
+	<target host="mxmv.mx" />
+	<target host="mxmy.in" />
+	<target host="mxn.life" />
+	<target host="mxnkey.com" />
+	<target host="mxpt.co" />
+	<target host="mxrou.me" />
+	<target host="mxs.chal.ch" />
+	<target host="mxtb.co" />
+	<target host="mxtxf.nl" />
+	<target host="mxw.bio" />
+	<target host="mxys.tk" />
+	<target host="my-ap.us" />
+	<target host="my-direct.link" />
+	<target host="my-gps.info" />
+	<target host="my-gue.st" />
+	<target host="my.365ide.as" />
+	<target host="my.3dg.is" />
+	<target host="my.3ra.ca" />
+	<target host="my.8d.cx" />
+	<target host="my.album.works" />
+	<target host="my.anc.media" />
+	<target host="my.ancvideo.com" />
+	<target host="my.antfood.com" />
+	<target host="my.ayo.co" />
+	<target host="my.bigs.is" />
+	<target host="my.biia.co" />
+	<target host="my.bioquant.com" />
+	<target host="my.bizi.fit" />
+	<target host="my.car.org" />
+	<target host="my.cherie.nyc" />
+	<target host="my.cimigo.com" />
+	<target host="my.dealzod.com" />
+	<target host="my.decats.org" />
+	<target host="my.devme.pw" />
+	<target host="my.dnld.us" />
+	<target host="my.dogpeople.co" />
+	<target host="my.ebox.mu" />
+	<target host="my.ecosquid.org" />
+	<target host="my.egift.io" />
+	<target host="my.fac.io" />
+	<target host="my.fait.de" />
+	<target host="my.figva.com" />
+	<target host="my.finpoint.uk" />
+	<target host="my.fnf.fm" />
+	<target host="my.fortbim.com" />
+	<target host="my.fsb.de" />
+	<target host="my.gadgetmat.ch" />
+	<target host="my.gather.to" />
+	<target host="my.gobrief.com" />
+	<target host="my.gpass.org" />
+	<target host="my.gyf.io" />
+	<target host="my.hstge.me" />
+	<target host="my.ilnews.org" />
+	<target host="my.makkusu.de" />
+	<target host="my.markerly.com" />
+	<target host="my.movo.cash" />
+	<target host="my.mstrick.com" />
+	<target host="my.n8d.at" />
+	<target host="my.nilk.de" />
+	<target host="my.nissan" />
+	<target host="my.noctov.us" />
+	<target host="my.nofussg.us" />
+	<target host="my.okhi.co" />
+	<target host="my.onmedic.com" />
+	<target host="my.oodio.net" />
+	<target host="my.penso.fun" />
+	<target host="my.re501.com" />
+	<target host="my.red7th.com" />
+	<target host="my.sacolaph.com" />
+	<target host="my.salemefc.org" />
+	<target host="my.sdw.fyi" />
+	<target host="my.sohoby.com" />
+	<target host="my.suaypang.com" />
+	<target host="my.swboro.us" />
+	<target host="my.team.id" />
+	<target host="my.tralando.com" />
+	<target host="my.tryapka.com" />
+	<target host="my.usell.com" />
+	<target host="my.wacoan.com" />
+	<target host="my.web.com" />
+	<target host="my.wse.sa" />
+	<target host="my.ykt.ru" />
+	<target host="my.yoplait.com" />
+	<target host="my123.ml" />
+	<target host="my31p.co" />
+	<target host="myactive.cc" />
+	<target host="myagen.se" />
+	<target host="myalbum.co" />
+	<target host="myam.co" />
+	<target host="myatu.link" />
+	<target host="mybl.ee" />
+	<target host="mybms.me" />
+	<target host="mybmw.com" />
+	<target host="mybobs.shop" />
+	<target host="mybrain.it" />
+	<target host="mybrandsho.es" />
+	<target host="mybsw.link" />
+	<target host="myc.ph" />
+	<target host="mycar.pictures" />
+	<target host="mycard.site" />
+	<target host="mycentx.ml" />
+	<target host="myciu.biz" />
+	<target host="mycj.co" />
+	<target host="myco.us" />
+	<target host="mycology.space" />
+	<target host="mycosmo.hk" />
+	<target host="mycrap.co" />
+	<target host="mycrk.it" />
+	<target host="mycst.one" />
+	<target host="mycta.info" />
+	<target host="mycta.net" />
+	<target host="myctg.la" />
+	<target host="mycurves.style" />
+	<target host="mydio.me" />
+	<target host="mydiv.co" />
+	<target host="mydma.me" />
+	<target host="mydms.co" />
+	<target host="myedwin.me" />
+	<target host="myeo.life" />
+	<target host="myevolve.us" />
+	<target host="myexv.com" />
+	<target host="myfan.cards" />
+	<target host="myfcj.me" />
+	<target host="myfd.tc" />
+	<target host="myfee.li" />
+	<target host="myffc.co" />
+	<target host="myflavor.is" />
+	<target host="myfsh.net" />
+	<target host="myg.sk" />
+	<target host="mygap.jp" />
+	<target host="mygfs.in" />
+	<target host="mygl.am" />
+	<target host="mygrp.co" />
+	<target host="mygsd.org" />
+	<target host="mygu.nz" />
+	<target host="myh.bz" />
+	<target host="myhds.co" />
+	<target host="myhkh24.com" />
+	<target host="myhl.uk" />
+	<target host="myhpld.us" />
+	<target host="myhub.biz" />
+	<target host="myi.tw" />
+	<target host="myin.at" />
+	<target host="myin.to" />
+	<target host="myip.ws" />
+	<target host="myit.rocks" />
+	<target host="myjp.pw" />
+	<target host="myjp2.com" />
+	<target host="myju.st" />
+	<target host="mykl.us" />
+	<target host="mykmyk.pet" />
+	<target host="mylanghack.com" />
+	<target host="mylearning.biz" />
+	<target host="mylokai.co" />
+	<target host="myls.cc" />
+	<target host="mylt.tv" />
+	<target host="mymdauto.com" />
+	<target host="myme.me" />
+	<target host="mymem.es" />
+	<target host="mymm.co" />
+	<target host="mymues.li" />
+	<target host="mync.tc" />
+	<target host="mynddot.co" />
+	<target host="mynewhouse.me" />
+	<target host="mynexus.ch" />
+	<target host="mynikon.life" />
+	<target host="myno.tc" />
+	<target host="mynr.ma" />
+	<target host="mynt.fyi" />
+	<target host="mynw.me" />
+	<target host="myny.it" />
+	<target host="myoc.co" />
+	<target host="myoffe.rs" />
+	<target host="myopt.in" />
+	<target host="myotc.in" />
+	<target host="myouth.co" />
+	<target host="myozshot.com" />
+	<target host="mypca.me" />
+	<target host="myphil.ly" />
+	<target host="mypixel.pw" />
+	<target host="mypretties.co" />
+	<target host="myprima.co" />
+	<target host="mypu.sh" />
+	<target host="myrdc.tk" />
+	<target host="myrem.co" />
+	<target host="myrr.org" />
+	<target host="myrt.us" />
+	<target host="myruck.us" />
+	<target host="mys.mn" />
+	<target host="mys1s.net" />
+	<target host="mysalifree.info" />
+	<target host="myschmidts.com" />
+	<target host="mysdlender.com" />
+	<target host="myseiu.be" />
+	<target host="myshar.es" />
+	<target host="myshc.us" />
+	<target host="mysheboygan.us" />
+	<target host="mysmer.info" />
+	<target host="mysmp.fr" />
+	<target host="mystacc.co" />
+	<target host="mystat.es" />
+	<target host="mystib.be" />
+	<target host="mystr.us" />
+	<target host="mysw.in" />
+	<target host="myt.im" />
+	<target host="mytct.co" />
+	<target host="mytdc.me" />
+	<target host="mythical4k.ml" />
+	<target host="mythrive.uk" />
+	<target host="mytmb.me" />
+	<target host="mytp.info" />
+	<target host="myua.co" />
+	<target host="myunited.com" />
+	<target host="myva.co" />
+	<target host="myveg.as" />
+	<target host="myw.lu" />
+	<target host="myweb.work" />
+	<target host="myweddings.ca" />
+	<target host="mywilson.site" />
+	<target host="mywilson.sydney" />
+	<target host="mywindo.ws" />
+	<target host="mywp.cc" />
+	<target host="mywt.us" />
+	<target host="myxml.is" />
+	<target host="mz.cm" />
+	<target host="mzd.bz" />
+	<target host="mzdn.to" />
+	<target host="mzgo.co" />
+	<target host="mzink.mx" />
+	<target host="mzl.la" />
+	<target host="mzoic.com" />
+	<target host="mzone.cf" />
+	<target host="mzvid.io" />
+	<target host="mzwrit.es" />
+	<target host="n-e-a.ca" />
+	<target host="n-energi.no" />
+	<target host="n-m.co" />
+	<target host="n-r-p.co" />
+	<target host="n.3m.com" />
+	<target host="n.actionjay.com" />
+	<target host="n.arteid.net" />
+	<target host="n.bcnews.today" />
+	<target host="n.carhur.com" />
+	<target host="n.dnav.me" />
+	<target host="n.erai.me" />
+	<target host="n.ews.fi" />
+	<target host="n.hashtagdc.com" />
+	<target host="n.ideia.co" />
+	<target host="n.iice.co" />
+	<target host="n.ikhil.com" />
+	<target host="n.insertcoin.mx" />
+	<target host="n.jui.cc" />
+	<target host="n.kchoptalk.com" />
+	<target host="n.macinn.es" />
+	<target host="n.macoscope.com" />
+	<target host="n.neil.io" />
+	<target host="n.noltelauth.de" />
+	<target host="n.ons.org" />
+	<target host="n.orthsails.com" />
+	<target host="n.p.ly" />
+	<target host="n.pavkovic.com" />
+	<target host="n.planlicht.com" />
+	<target host="n.pr" />
+	<target host="n.rbnc.org" />
+	<target host="n.rosner.io" />
+	<target host="n.sbs.co.kr" />
+	<target host="n.sushk.in" />
+	<target host="n.tecnologic.mx" />
+	<target host="n.thaniel.co.uk" />
+	<target host="n.tkrp.net" />
+	<target host="n1ck.in" />
+	<target host="n1i.co" />
+	<target host="n2q.rocks" />
+	<target host="n2s.in" />
+	<target host="n2u.jp" />
+	<target host="n3.to" />
+	<target host="n44b.uk" />
+	<target host="n4al.com" />
+	<target host="n4g.uk" />
+	<target host="n4u.co" />
+	<target host="n64.ru" />
+	<target host="n8h.me" />
+	<target host="n8k.me" />
+	<target host="n9.to" />
+	<target host="na.brasil.is" />
+	<target host="na.doski.uz" />
+	<target host="na.h1.cz" />
+	<target host="na.ptemp.pt" />
+	<target host="naar.maasd.am" />
+	<target host="nab.co" />
+	<target host="nabilsab.io" />
+	<target host="nabk.biz" />
+	<target host="nabo.to" />
+	<target host="nabooks.co" />
+	<target host="naca.ws" />
+	<target host="nacba.info" />
+	<target host="nacdl.us" />
+	<target host="nacht.cf" />
+	<target host="nacs.be" />
+	<target host="naeem.cc" />
+	<target host="naef.in" />
+	<target host="naes.co" />
+	<target host="naf.ovh" />
+	<target host="nafai.ml" />
+	<target host="nafe.ms" />
+	<target host="nag.bz" />
+	<target host="nagoya.is" />
+	<target host="nahb.bz" />
+	<target host="nahf.me" />
+	<target host="naikkelas.ml" />
+	<target host="naima.me" />
+	<target host="naina.global" />
+	<target host="nait.li" />
+	<target host="nak.click" />
+	<target host="nakars.com" />
+	<target host="nakedcc.ca" />
+	<target host="nakia.me" />
+	<target host="nakwasap.com" />
+	<target host="nalink.to" />
+	<target host="nama.cc" />
+	<target host="namairo.link" />
+	<target host="name.social" />
+	<target host="namecorp.link" />
+	<target host="namonsnot.es" />
+	<target host="nams.me" />
+	<target host="namsh.in" />
+	<target host="nanawall.ws" />
+	<target host="nantuck.it" />
+	<target host="naor.in" />
+	<target host="naostri.se" />
+	<target host="napa.la" />
+	<target host="napaau.to" />
+	<target host="naper.cc" />
+	<target host="napier.design" />
+	<target host="napk.co" />
+	<target host="naprts.us" />
+	<target host="nar.link" />
+	<target host="nardi.im" />
+	<target host="nareal.me" />
+	<target host="narno.co" />
+	<target host="narr.ly" />
+	<target host="narri.tv" />
+	<target host="narshe.me" />
+	<target host="narx.uk" />
+	<target host="nas-staff.org" />
+	<target host="nas.cr" />
+	<target host="nas.re" />
+	<target host="nasamovie.ml" />
+	<target host="nasas.info" />
+	<target host="nasc.tg4.tv" />
+	<target host="nash.vote" />
+	<target host="nashersc.org" />
+	<target host="nashg.co" />
+	<target host="nasm.co" />
+	<target host="nat.tg" />
+	<target host="natbkj.me" />
+	<target host="nate.at" />
+	<target host="nate.in" />
+	<target host="natfol.io" />
+	<target host="nathairrul.es" />
+	<target host="nathal.ie" />
+	<target host="nativetou.ch" />
+	<target host="natl.today" />
+	<target host="natna.tk" />
+	<target host="natren.me" />
+	<target host="natty.us" />
+	<target host="natu.re" />
+	<target host="natur.me" />
+	<target host="nature.asia" />
+	<target host="naturenama.in" />
+	<target host="naturpixel.link" />
+	<target host="naturvent.io" />
+	<target host="natv.ad" />
+	<target host="nautl.us" />
+	<target host="nava.bi" />
+	<target host="nava.cc" />
+	<target host="navajo.tours" />
+	<target host="navam.in" />
+	<target host="navi.urkt.jp" />
+	<target host="navo.cat" />
+	<target host="navr.es" />
+	<target host="navs.me" />
+	<target host="nayf.li" />
+	<target host="nayla.ml" />
+	<target host="nba-sport.ml" />
+	<target host="nbamex.com" />
+	<target host="nbc4i.co" />
+	<target host="nbcg.me" />
+	<target host="nbcnews.to" />
+	<target host="nbfx.co" />
+	<target host="nbld.us" />
+	<target host="nbltzd.co" />
+	<target host="nbn.li" />
+	<target host="nbr.ovh" />
+	<target host="nbrx.us" />
+	<target host="nbs.io" />
+	<target host="nbsp.fr" />
+	<target host="nbt.cc" />
+	<target host="nbt41.tech" />
+	<target host="nbvt.cf" />
+	<target host="nbzp.cz" />
+	<target host="nc.ax" />
+	<target host="nc.gs" />
+	<target host="nc3.to" />
+	<target host="ncellar.wine" />
+	<target host="ncfit.club" />
+	<target host="ncgem.com" />
+	<target host="nchls.co" />
+	<target host="nchow.ca" />
+	<target host="ncjoel.link" />
+	<target host="ncks.co" />
+	<target host="nckwt.rs" />
+	<target host="ncl.uz" />
+	<target host="ncld.co" />
+	<target host="nclr.tv" />
+	<target host="nclud.me" />
+	<target host="ncm.mx" />
+	<target host="ncns.co" />
+	<target host="ncon.news" />
+	<target host="ncorp.us" />
+	<target host="ncpl.it" />
+	<target host="ncpsych.org" />
+	<target host="ncr.media" />
+	<target host="ncrd.co.uk" />
+	<target host="ncrest.info" />
+	<target host="ncroot.ml" />
+	<target host="ncs.bz" />
+	<target host="ncsam.info" />
+	<target host="ncsdo.me" />
+	<target host="ncsol.co" />
+	<target host="nct.vc" />
+	<target host="ncut.co" />
+	<target host="ncwb.be" />
+	<target host="nd.gt" />
+	<target host="ndc.click" />
+	<target host="ndc.fyi" />
+	<target host="ndea.mk" />
+	<target host="ndfndr.in" />
+	<target host="ndgns.me" />
+	<target host="ndgt.es" />
+	<target host="ndgz.it" />
+	<target host="ndiscpa.info" />
+	<target host="ndite.ch" />
+	<target host="ndl.lv" />
+	<target host="ndle.co" />
+	<target host="ndlogok.ml" />
+	<target host="ndlr.co" />
+	<target host="ndoweh.ml" />
+	<target host="ndp.church" />
+	<target host="ndrdwg.de" />
+	<target host="ndre.in" />
+	<target host="ndrums.com" />
+	<target host="ndtv.in" />
+	<target host="ndunn.ca" />
+	<target host="ne.cr" />
+	<target host="ne1.news" />
+	<target host="neaeg.pro" />
+	<target host="nealmoore.me" />
+	<target host="neappl.es" />
+	<target host="neard.es" />
+	<target host="neatly.press" />
+	<target host="neb.cl" />
+	<target host="neb.life" />
+	<target host="neb.mx" />
+	<target host="nebb.me" />
+	<target host="nebiolabs.com" />
+	<target host="neca.io" />
+	<target host="necome.si" />
+	<target host="ned.li" />
+	<target host="nedboard.com" />
+	<target host="nedcon.co" />
+	<target host="nedk.us" />
+	<target host="nedzad.eu.org" />
+	<target host="nee.my" />
+	<target host="needa.nz" />
+	<target host="nef.tips" />
+	<target host="negs.co" />
+	<target host="neil.to" />
+	<target host="neilm.me" />
+	<target host="neilwrit.es" />
+	<target host="nej.md" />
+	<target host="nejc.co" />
+	<target host="neko.me" />
+	<target host="nel.wtf" />
+	<target host="nella.ga" />
+	<target host="nelrst.co" />
+	<target host="nelsone.ws" />
+	<target host="nemuk.io" />
+	<target host="neneng.ml" />
+	<target host="nenot.es" />
+	<target host="neo.ly" />
+	<target host="neo.to" />
+	<target host="neo1.uk" />
+	<target host="neomeric.me" />
+	<target host="neon.li" />
+	<target host="neonarca.de" />
+	<target host="neont.gr" />
+	<target host="neow.in" />
+	<target host="ner.bz" />
+	<target host="nerd.bz" />
+	<target host="nerd.me" />
+	<target host="nerdi.st" />
+	<target host="nerdrad.io" />
+	<target host="nerds.link" />
+	<target host="nerdstat.us" />
+	<target host="nerdsyn.cc" />
+	<target host="nerdybff.com" />
+	<target host="neropicasso.co" />
+	<target host="nes.bi" />
+	<target host="nesoya.link" />
+	<target host="nesse.link" />
+	<target host="nessys.it" />
+	<target host="net.koide.jp" />
+	<target host="netb.al" />
+	<target host="netb.us" />
+	<target host="netbarg.co" />
+	<target host="netbiz.me" />
+	<target host="netbk.jp" />
+	<target host="netc.im" />
+	<target host="netchi.co" />
+	<target host="netd.bz" />
+	<target host="neterix.net" />
+	<target host="netesportiva.co" />
+	<target host="netex.link" />
+	<target host="netf.la" />
+	<target host="netlandi.sh" />
+	<target host="netm.ag" />
+	<target host="netn.im" />
+	<target host="netnativ.es" />
+	<target host="neto.cm" />
+	<target host="netone-pa.link" />
+	<target host="netpl.us" />
+	<target host="netpla.net" />
+	<target host="netroots.me" />
+	<target host="netsphere.gq" />
+	<target host="nettvhd.ml" />
+	<target host="netw.ink" />
+	<target host="network09.ml" />
+	<target host="netzf.eu" />
+	<target host="netzne.ws" />
+	<target host="neuroplex.us" />
+	<target host="nev.fyi" />
+	<target host="nev0.com" />
+	<target host="nev4.com" />
+	<target host="new-episode.ml" />
+	<target host="new.panols.co" />
+	<target host="new.snickres.ml" />
+	<target host="new.tygrus.com" />
+	<target host="new4kuhd.ml" />
+	<target host="new7.ga" />
+	<target host="newabode.ml" />
+	<target host="newalways.ml" />
+	<target host="newatl.as" />
+	<target host="newchanell.tk" />
+	<target host="newde.al" />
+	<target host="newerarec.tk" />
+	<target host="newfm.win" />
+	<target host="newgam.es" />
+	<target host="newhols.co" />
+	<target host="newhts.ch" />
+	<target host="newint.media" />
+	<target host="newmansoc.org" />
+	<target host="newmovies21.ml" />
+	<target host="newmusi.cc" />
+	<target host="newon.blue" />
+	<target host="newplay.cf" />
+	<target host="newpor.tc" />
+	<target host="news-one.jp" />
+	<target host="news.ae" />
+	<target host="news.amco.on.ca" />
+	<target host="news.ecan.org" />
+	<target host="news.ifrs.ne.jp" />
+	<target host="news.itso.pl" />
+	<target host="news.mstr.cd" />
+	<target host="news.rusd.org" />
+	<target host="news.saucal.com" />
+	<target host="news.sqcp.com" />
+	<target host="news.ub-g.com" />
+	<target host="news.vtig.com" />
+	<target host="news.webpodo.de" />
+	<target host="newscienti.st" />
+	<target host="newsdp.ly" />
+	<target host="newse.la" />
+	<target host="newser.me" />
+	<target host="newsh.se" />
+	<target host="newskull.ml" />
+	<target host="newsome.cc" />
+	<target host="newspr.es" />
+	<target host="newspr.in" />
+	<target host="newwayplan.co" />
+	<target host="nex1.nl" />
+	<target host="nexav.org" />
+	<target host="nexc.es" />
+	<target host="nextcamp.site" />
+	<target host="nextco.nf" />
+	<target host="nextep.ws" />
+	<target host="nextmy.co" />
+	<target host="nextv.so" />
+	<target host="nextview.vc" />
+	<target host="nexx.ml" />
+	<target host="ney.me" />
+	<target host="neyl.wx.ag" />
+	<target host="nf.ie" />
+	<target host="nf.life" />
+	<target host="nfcenter.org" />
+	<target host="nfcu.me" />
+	<target host="nfis.ch" />
+	<target host="nfllive2017.ga" />
+	<target host="nflx.it" />
+	<target host="nfm.one" />
+	<target host="nform.ws" />
+	<target host="nfstud.io" />
+	<target host="nftv.co" />
+	<target host="nfv.io" />
+	<target host="ng.plus" />
+	<target host="ngadrian.com" />
+	<target host="ngage.link.li" />
+	<target host="ngahq.com" />
+	<target host="ngair.io" />
+	<target host="ngajajarhade.ml" />
+	<target host="ngak4khd.ml" />
+	<target host="ngcomics.co" />
+	<target host="ngeru.info" />
+	<target host="ngesex.ga" />
+	<target host="ngib.in" />
+	<target host="ngisings.ml" />
+	<target host="ngmwrecipe.com" />
+	<target host="ngo-jvc.info" />
+	<target host="ngop.co" />
+	<target host="ngrecek.ml" />
+	<target host="ngrid.com" />
+	<target host="ngs.is" />
+	<target host="ngsfilm.com" />
+	<target host="ngtf.de" />
+	<target host="ngtr.uk" />
+	<target host="nh.io" />
+	<target host="nh.team" />
+	<target host="nhale.co" />
+	<target host="nhbr.us" />
+	<target host="nhdisplay.com" />
+	<target host="nhhotel.to" />
+	<target host="nhlim.ml" />
+	<target host="nhn.li" />
+	<target host="nho.io" />
+	<target host="nhot.us" />
+	<target host="nhp.me" />
+	<target host="nhq.se" />
+	<target host="nhrul.es" />
+	<target host="nhs.co" />
+	<target host="nhsh.scot" />
+	<target host="nhst.be" />
+	<target host="nhuffphoto.com" />
+	<target host="nhuva.team" />
+	<target host="nhwat.ch" />
+	<target host="ni.gikids.co" />
+	<target host="ni.gl" />
+	<target host="niallk.com" />
+	<target host="nib.bz" />
+	<target host="nibi.ml" />
+	<target host="nibp.us" />
+	<target host="nicce.uk" />
+	<target host="nicco.ca" />
+	<target host="nicdi.de" />
+	<target host="nice.sl" />
+	<target host="nicebeer.me" />
+	<target host="nichs.us" />
+	<target host="nicjb.com" />
+	<target host="nickb.cc" />
+	<target host="nickeltips.co" />
+	<target host="nickfro.st" />
+	<target host="nickg.me" />
+	<target host="nickg.uk" />
+	<target host="nickgann.co" />
+	<target host="nickie.me" />
+	<target host="nicks.im" />
+	<target host="nico.link" />
+	<target host="nico2c.ovh" />
+	<target host="nicoleam.ca" />
+	<target host="nicolesy.me" />
+	<target host="nicw.us" />
+	<target host="nidd.it" />
+	<target host="nie.mn" />
+	<target host="niecie.us" />
+	<target host="nieuwe.mobi" />
+	<target host="nifticio.us" />
+	<target host="nifty.jp" />
+	<target host="nifty.li" />
+	<target host="niggaplea.se" />
+	<target host="nigh.pw" />
+	<target host="nightavior.cf" />
+	<target host="nightlf.com" />
+	<target host="nigx.net" />
+	<target host="nikah.ml" />
+	<target host="nikg.uk" />
+	<target host="nikkanad.info" />
+	<target host="nikl.us" />
+	<target host="nikn.ly" />
+	<target host="nikolai.mobi" />
+	<target host="nikolay.co" />
+	<target host="nile.ai" />
+	<target host="nilk.es" />
+	<target host="nill.es" />
+	<target host="nily.in" />
+	<target host="nimb.li" />
+	<target host="nimer.run" />
+	<target host="nin.deals" />
+	<target host="nin.li" />
+	<target host="nin.tl" />
+	<target host="nindya.cf" />
+	<target host="nindya.gq" />
+	<target host="nine.li" />
+	<target host="ninetyone.link" />
+	<target host="nini.es" />
+	<target host="ninja.trade" />
+	<target host="ninjabr.tk" />
+	<target host="ninoma.ml" />
+	<target host="nintex.us" />
+	<target host="ninver.se" />
+	<target host="niro.li" />
+	<target host="nirog.am" />
+	<target host="nisb.co" />
+	<target host="nisd.co" />
+	<target host="nish.co" />
+	<target host="nisod.cc" />
+	<target host="nisti.co" />
+	<target host="nitin.io" />
+	<target host="nitn.gl" />
+	<target host="nittele.jp" />
+	<target host="nixlinx.com" />
+	<target host="nixon.news" />
+	<target host="nize.cz" />
+	<target host="nja.mx" />
+	<target host="njadn.top" />
+	<target host="njal.co" />
+	<target host="njbe.st" />
+	<target host="njcb.co" />
+	<target host="njersy.co" />
+	<target host="njhrfil.ms" />
+	<target host="njm.at" />
+	<target host="njones.co" />
+	<target host="njpa.co" />
+	<target host="njpm.co" />
+	<target host="nkal.co" />
+	<target host="nkbp.jp" />
+	<target host="nkcmr.link" />
+	<target host="nkdagility.net" />
+	<target host="nkds.co" />
+	<target host="nkdte.ch" />
+	<target host="nke.me" />
+	<target host="nkf.re" />
+	<target host="nkos.co" />
+	<target host="nl-to.xyz" />
+	<target host="nl.mk" />
+	<target host="nl3d.co" />
+	<target host="nla.io" />
+	<target host="nland.ch" />
+	<target host="nlap.in" />
+	<target host="nlawn.ca" />
+	<target host="nlbk.jp" />
+	<target host="nlft.co" />
+	<target host="nlgo.uk" />
+	<target host="nlim.it" />
+	<target host="nlin.jp" />
+	<target host="nlinfo.uk" />
+	<target host="nlm7.us" />
+	<target host="nlmo.co" />
+	<target host="nlmotori.ng" />
+	<target host="nlmtags.com" />
+	<target host="nls.pw" />
+	<target host="nlsn.biz" />
+	<target host="nlsrs.com" />
+	<target host="nltf.am" />
+	<target host="nluk.co" />
+	<target host="nm.nu" />
+	<target host="nm.pe" />
+	<target host="nm.ufm.edu" />
+	<target host="nm4.in" />
+	<target host="nmaccl.com" />
+	<target host="nmart.fi" />
+	<target host="nmax36.ml" />
+	<target host="nmbbq.bz" />
+	<target host="nmcteam.com" />
+	<target host="nmd.mn" />
+	<target host="nmfc.es" />
+	<target host="nmky.be" />
+	<target host="nmleg.us" />
+	<target host="nmllr.de" />
+	<target host="nmmag.us" />
+	<target host="nmnt.in" />
+	<target host="nmod.gq" />
+	<target host="nmpd.me" />
+	<target host="nms.care" />
+	<target host="nms.link" />
+	<target host="nmwd.nl" />
+	<target host="nmxit.uk" />
+	<target host="nn4.in" />
+	<target host="nn9.biz" />
+	<target host="nnacomm.us" />
+	<target host="nndad.co" />
+	<target host="nnii.co" />
+	<target host="nnip.co" />
+	<target host="nnjpr.de" />
+	<target host="nnmn.me" />
+	<target host="nnn.is" />
+	<target host="nnow.co" />
+	<target host="nnshare.io" />
+	<target host="nnsno.ml" />
+	<target host="no-w.in" />
+	<target host="no.b9.com.br" />
+	<target host="no.emarin.no" />
+	<target host="no.expekt.link" />
+	<target host="no.iah.art.br" />
+	<target host="no.masterte.ch" />
+	<target host="no.meo.pt" />
+	<target host="no.moche.pt" />
+	<target host="no.rmy.org.uk" />
+	<target host="noah.do" />
+	<target host="noaha.us" />
+	<target host="noahismael.com" />
+	<target host="noahr.co" />
+	<target host="noahschultz.co" />
+	<target host="noavg.me" />
+	<target host="nobilis.io" />
+	<target host="noble.city" />
+	<target host="noble.li" />
+	<target host="nobul.co" />
+	<target host="noca.cz" />
+	<target host="nocha.in" />
+	<target host="noconow.co" />
+	<target host="nocta.fr" />
+	<target host="noctua.studio" />
+	<target host="noetubestv.gq" />
+	<target host="noevil.co" />
+	<target host="nofw.ca" />
+	<target host="noggle.xyz" />
+	<target host="nogl.at" />
+	<target host="noglov.es" />
+	<target host="nohun.gr" />
+	<target host="noi.se" />
+	<target host="noip.co" />
+	<target host="noise.fyi" />
+	<target host="noise.gq" />
+	<target host="noiv.as" />
+	<target host="nojipl4khd.ml" />
+	<target host="nojork.us" />
+	<target host="nokia.ly" />
+	<target host="noku.xyz" />
+	<target host="nole.li" />
+	<target host="noleav.es" />
+	<target host="noles.co" />
+	<target host="nolice.info" />
+	<target host="nom.ax" />
+	<target host="nom.gy" />
+	<target host="nom.ski" />
+	<target host="noma.ms" />
+	<target host="nomad.st" />
+	<target host="nomadicmatt.us" />
+	<target host="nomd.eu" />
+	<target host="noni.cat" />
+	<target host="nonk.it" />
+	<target host="nonsn.se" />
+	<target host="nooch.co" />
+	<target host="nooky.us" />
+	<target host="noon.ms" />
+	<target host="noppai.com" />
+	<target host="norac.co" />
+	<target host="norb.to" />
+	<target host="nord.ax" />
+	<target host="nordelt.us" />
+	<target host="nordi.cc" />
+	<target host="nordlitt.ovh" />
+	<target host="nordot.link" />
+	<target host="noreply.world" />
+	<target host="norf.in" />
+	<target host="norights.net" />
+	<target host="norma.to" />
+	<target host="north49.co" />
+	<target host="northestrn.me" />
+	<target host="northwestern.io" />
+	<target host="nortix.link" />
+	<target host="nortonhealth.ly" />
+	<target host="nosax.me" />
+	<target host="noseworthy.co" />
+	<target host="nosky.us" />
+	<target host="nosmas.ml" />
+	<target host="noss.law" />
+	<target host="nosstrio.us" />
+	<target host="nostalgio.us" />
+	<target host="nosugar.tips" />
+	<target host="not.t-t.be" />
+	<target host="notaryne.ws" />
+	<target host="note.arvana.io" />
+	<target host="note.io" />
+	<target host="note.is" />
+	<target host="note.lc" />
+	<target host="notesalves.shop" />
+	<target host="notevau.lt" />
+	<target host="notfx.co" />
+	<target host="notion.bi" />
+	<target host="notionyo.ga" />
+	<target host="notiz.ie" />
+	<target host="notsfw.me" />
+	<target host="nottre.es" />
+	<target host="notts.cc" />
+	<target host="notts.me" />
+	<target host="nousha.co" />
+	<target host="nov.la" />
+	<target host="nov.lc" />
+	<target host="nova.li" />
+	<target host="novara.media" />
+	<target host="noveo.ru" />
+	<target host="novn.ir" />
+	<target host="novs.club" />
+	<target host="now-watch.ml" />
+	<target host="now.aliving.co" />
+	<target host="now.ceo" />
+	<target host="now.gdhnews.com" />
+	<target host="now.mageldn.com" />
+	<target host="now.shimdi.com" />
+	<target host="now.uz" />
+	<target host="now.wthr.com" />
+	<target host="noway.gq" />
+	<target host="nowi.cz" />
+	<target host="nownet.me" />
+	<target host="nowv.uk" />
+	<target host="noxcus.es" />
+	<target host="noyes.me" />
+	<target host="noyz.in" />
+	<target host="nozl.it" />
+	<target host="npa4.me" />
+	<target host="npauley.im" />
+	<target host="npc4.net" />
+	<target host="npcc.me" />
+	<target host="npch.us" />
+	<target host="npctex.as" />
+	<target host="nphw.me" />
+	<target host="nplinks.me" />
+	<target host="nplsne.ws" />
+	<target host="npn.la" />
+	<target host="npnow.news" />
+	<target host="npo.gs" />
+	<target host="npost.sg" />
+	<target host="npr.reviews" />
+	<target host="nprns.co" />
+	<target host="npsite.me" />
+	<target host="npth.se" />
+	<target host="nptp.us" />
+	<target host="nptshp.org" />
+	<target host="npu.me" />
+	<target host="npviz.io" />
+	<target host="npwf.info" />
+	<target host="npy.so" />
+	<target host="npzfood.com" />
+	<target host="nqa.nyc" />
+	<target host="nquaye.me" />
+	<target host="nr.gy" />
+	<target host="nr.tn" />
+	<target host="nrao.cf" />
+	<target host="nrb.uy" />
+	<target host="nrbs.ca" />
+	<target host="nrcc.me" />
+	<target host="nrcc.news" />
+	<target host="nrchur.ch" />
+	<target host="nrd.gr" />
+	<target host="nrdlv.co" />
+	<target host="nrdry.net" />
+	<target host="nrf1.uk" />
+	<target host="nrg.im" />
+	<target host="nrgrd.com" />
+	<target host="nrl.tf" />
+	<target host="nrlynkd.com" />
+	<target host="nrmnt.co" />
+	<target host="nroi.us" />
+	<target host="nrthw.se" />
+	<target host="nrtk.co.vu" />
+	<target host="nrv.ee" />
+	<target host="ns.wrdy.us" />
+	<target host="ns8.link" />
+	<target host="nsbank.me" />
+	<target host="nsbeer.co" />
+	<target host="nsbk.co" />
+	<target host="nschur.de" />
+	<target host="nsco.cf" />
+	<target host="nsdx.uk" />
+	<target host="nsem.us" />
+	<target host="nsft.co" />
+	<target host="nsfwstory.me" />
+	<target host="nsgt.me" />
+	<target host="nshar.co" />
+	<target host="nshinls.com" />
+	<target host="nsho.re" />
+	<target host="nshp.com.au" />
+	<target host="nsites.me" />
+	<target host="nslk.ly" />
+	<target host="nslp.co" />
+	<target host="nsm.me" />
+	<target host="nsmac.co" />
+	<target host="nsna.me" />
+	<target host="nsnd.me" />
+	<target host="nso.link" />
+	<target host="nspe.es" />
+	<target host="nsrc.io" />
+	<target host="nssf.it" />
+	<target host="nstp.ardlabs.id" />
+	<target host="nstpmo.org" />
+	<target host="nstr.co" />
+	<target host="nstyl.es" />
+	<target host="nsvy.co" />
+	<target host="nt4.us" />
+	<target host="ntapssgo.tk" />
+	<target host="ntcr.in" />
+	<target host="nter.dk" />
+	<target host="ntgr8.co" />
+	<target host="nthn.ml" />
+	<target host="nti.gr" />
+	<target host="ntl.bike" />
+	<target host="ntl.ms" />
+	<target host="ntl.sh" />
+	<target host="ntmd.it" />
+	<target host="ntnd.ml" />
+	<target host="ntnl.org.nz" />
+	<target host="nto.pn" />
+	<target host="ntr2.mx" />
+	<target host="ntrda.me" />
+	<target host="ntrde.cm" />
+	<target host="ntrn.cc" />
+	<target host="ntrnl.org" />
+	<target host="ntru.st" />
+	<target host="nts.buzz" />
+	<target host="nts24.co.uk" />
+	<target host="ntss.ws" />
+	<target host="ntst.dk" />
+	<target host="nttr.st" />
+	<target host="ntuc.co" />
+	<target host="ntv.ac" />
+	<target host="ntvho.pe" />
+	<target host="ntw.lt" />
+	<target host="ntwrk.biz" />
+	<target host="ntwrth.co" />
+	<target host="ntx.lv" />
+	<target host="ntzl.de" />
+	<target host="nu.autoweek.nl" />
+	<target host="nu.nicelabel.in" />
+	<target host="nuagemo.de" />
+	<target host="nuba.bi" />
+	<target host="nubr.me" />
+	<target host="nucci.co" />
+	<target host="nucl.us" />
+	<target host="nucleo.agency" />
+	<target host="nud.gr" />
+	<target host="nue.ag" />
+	<target host="nuit.cf" />
+	<target host="nuits.so" />
+	<target host="nuji.co" />
+	<target host="nulab.co" />
+	<target host="num.ist" />
+	<target host="numedia.co" />
+	<target host="numistore.ca" />
+	<target host="numnu.ms" />
+	<target host="numonix.info" />
+	<target host="numr.co" />
+	<target host="numr.us" />
+	<target host="numru.sh" />
+	<target host="nunoass.is" />
+	<target host="nuntia.eu" />
+	<target host="nur.today" />
+	<target host="nura.link" />
+	<target host="nureva.co" />
+	<target host="nurse.farm" />
+	<target host="nuru.co" />
+	<target host="nus.edu" />
+	<target host="nush.co" />
+	<target host="nut.sh" />
+	<target host="nutn.info" />
+	<target host="nutr.im" />
+	<target host="nutr.us" />
+	<target host="nutrid.rip" />
+	<target host="nutrimom.co" />
+	<target host="nutsbolts.co" />
+	<target host="nutsp.cc" />
+	<target host="nuvio.us" />
+	<target host="nuz.li" />
+	<target host="nuzizi.link" />
+	<target host="nv-plus.click" />
+	<target host="nv.gl" />
+	<target host="nvda.ws" />
+	<target host="nven.tv" />
+	<target host="nvg.io" />
+	<target host="nvg.st" />
+	<target host="nvhc.me" />
+	<target host="nvky.co" />
+	<target host="nvon.tk" />
+	<target host="nvrd.co" />
+	<target host="nvth.fr" />
+	<target host="nvtr.it" />
+	<target host="nw.church" />
+	<target host="nw.pepipost.net" />
+	<target host="nw0.uk" />
+	<target host="nwamrcn.co" />
+	<target host="nwbl.gs" />
+	<target host="nwblink.co" />
+	<target host="nwc.me" />
+	<target host="nwcn.tv" />
+	<target host="nwd.gr" />
+	<target host="nwea.us" />
+	<target host="nwf.gs" />
+	<target host="nwf.sh" />
+	<target host="nwg.io" />
+	<target host="nwgn.us" />
+	<target host="nwho.us" />
+	<target host="nwi.scot" />
+	<target host="nwise.co" />
+	<target host="nwj.me" />
+	<target host="nwkd.co" />
+	<target host="nwl.cl" />
+	<target host="nwl.lc" />
+	<target host="nwm.kz" />
+	<target host="nwmn.co" />
+	<target host="nwnd.co" />
+	<target host="nwot.xyz" />
+	<target host="nwp.link" />
+	<target host="nws.fd.nl" />
+	<target host="nws.mx" />
+	<target host="nws.school" />
+	<target host="nws.vaf.be" />
+	<target host="nws.vrt.be" />
+	<target host="nwsdy.li" />
+	<target host="nwsl.us" />
+	<target host="nwsltr.it" />
+	<target host="nwst.cc" />
+	<target host="nwsym.ph" />
+	<target host="nwuk.so" />
+	<target host="nwv.teaml.net" />
+	<target host="nx1.link" />
+	<target host="nx8.tv" />
+	<target host="nxc.be" />
+	<target host="nxds.co" />
+	<target host="nxon.co" />
+	<target host="nxp.me" />
+	<target host="nxr.co" />
+	<target host="nxr.cz" />
+	<target host="nxt.dj" />
+	<target host="nxt.fm" />
+	<target host="nxt.gd" />
+	<target host="nxtbl.us" />
+	<target host="nxtbx.co" />
+	<target host="nxtesc.co" />
+	<target host="nxtg.ms" />
+	<target host="nxtjct.com" />
+	<target host="nxtpg.co" />
+	<target host="ny.ckbe.at" />
+	<target host="ny529.us" />
+	<target host="nyarianime.ml" />
+	<target host="nyc.de" />
+	<target host="nycdoggi.es" />
+	<target host="nycpa.news" />
+	<target host="nycvot.es" />
+	<target host="nydb.co" />
+	<target host="nydn.us" />
+	<target host="nyel.la" />
+	<target host="nyfed.org" />
+	<target host="nyj.social" />
+	<target host="nyjewi.sh" />
+	<target host="nyke.co" />
+	<target host="nyl.co" />
+	<target host="nylaun.ch" />
+	<target host="nylscar.es" />
+	<target host="nym.ag" />
+	<target host="nyp.st" />
+	<target host="nypgks.com" />
+	<target host="nyr.kr" />
+	<target host="nyrange.rs" />
+	<target host="nyscomp.org" />
+	<target host="nysk.ml" />
+	<target host="nysuits.co" />
+	<target host="nytedu.co" />
+	<target host="nyti.ms" />
+	<target host="nyugta-lotto.hu" />
+	<target host="nyustern.us" />
+	<target host="nywg.uk" />
+	<target host="nz2050.com" />
+	<target host="nzdrug.org" />
+	<target host="nzfx.us" />
+	<target host="nzm.co" />
+	<target host="nzne.ws" />
+	<target host="nzoo.me" />
+	<target host="nzos.me" />
+	<target host="nztunl.ca" />
+	<target host="nzxt.co" />
+	<target host="nzy.ch" />
+	<target host="nzym.es" />
+	<target host="nzz.to" />
+	<target host="nzzl.me" />
+	<target host="o-e.ca" />
+	<target host="o-lymp.us" />
+	<target host="o-tu.ga" />
+	<target host="o-zwo.com" />
+	<target host="o.1i0.hr" />
+	<target host="o.68x.net" />
+	<target host="o.aaronwells.us" />
+	<target host="o.ada.is" />
+	<target host="o.ariel.rocks" />
+	<target host="o.batlayeri.com" />
+	<target host="o.caishin.tw" />
+	<target host="o.dagoubert.fr" />
+	<target host="o.deboni.net" />
+	<target host="o.dustmoon.com" />
+	<target host="o.echooo.com" />
+	<target host="o.grublabs.org" />
+	<target host="o.imaginolo.com" />
+	<target host="o.jnu.io" />
+	<target host="o.launch.com.kw" />
+	<target host="o.lbx.sk" />
+	<target host="o.leoland.co.uk" />
+	<target host="o.maldicore.com" />
+	<target host="o.murica.me" />
+	<target host="o.ngalam.web.id" />
+	<target host="o.nifty.fashion" />
+	<target host="o.nttur.ru" />
+	<target host="o.o00.us" />
+	<target host="o.ocho.co" />
+	<target host="o.oggyb.me" />
+	<target host="o.ooo.io" />
+	<target host="o.pakyinsun.com" />
+	<target host="o.pmzo.com" />
+	<target host="o.rholas.eu" />
+	<target host="o.rly.at" />
+	<target host="o.samh.us" />
+	<target host="o.sginv.es" />
+	<target host="o.sid.pw" />
+	<target host="o.soomgo.com" />
+	<target host="o.spectrum.com" />
+	<target host="o.thenewtoy.cz" />
+	<target host="o.whalebeok.org" />
+	<target host="o.wowtrk.com" />
+	<target host="o.yuripaiva.com" />
+	<target host="o18.it" />
+	<target host="o2lin.kr" />
+	<target host="o2s.me" />
+	<target host="o365du.de" />
+	<target host="o3w.in" />
+	<target host="o4g.io" />
+	<target host="o4g.me" />
+	<target host="o4u.me" />
+	<target host="o7.no" />
+	<target host="oadlibrary.com" />
+	<target host="oak.im" />
+	<target host="oak.ly" />
+	<target host="oakpt.org" />
+	<target host="oasis.ps" />
+	<target host="oastyouth.co.uk" />
+	<target host="oat.re" />
+	<target host="oawr.co" />
+	<target host="ob.tener.me" />
+	<target host="obang.in" />
+	<target host="obapts.com" />
+	<target host="obdt.in" />
+	<target host="objc.tv" />
+	<target host="objev.it" />
+	<target host="objrevs.com" />
+	<target host="obm.bz" />
+	<target host="obm.io" />
+	<target host="obmedia.xyz" />
+	<target host="obnd.co" />
+	<target host="obo.li" />
+	<target host="obs-ing.com" />
+	<target host="obs.me" />
+	<target host="obsdn.me" />
+	<target host="obses.se" />
+	<target host="obsess.video" />
+	<target host="obsn.im" />
+	<target host="obsrvr.us" />
+	<target host="obsso.in" />
+	<target host="obstud.io" />
+	<target host="obsv.co" />
+	<target host="obury.ml" />
+	<target host="oby.tg" />
+	<target host="oc.cm" />
+	<target host="oc.lc" />
+	<target host="ocamaria.com" />
+	<target host="ocaq.news" />
+	<target host="ocas.nl" />
+	<target host="occmx.net" />
+	<target host="occsn.co" />
+	<target host="ocdway.com" />
+	<target host="ocean.ly" />
+	<target host="oceanf.it" />
+	<target host="oceansw.im" />
+	<target host="ocg.tech" />
+	<target host="ochome.info" />
+	<target host="ochssc.org" />
+	<target host="ocimtv.ml" />
+	<target host="ocls.co" />
+	<target host="ocmb.co" />
+	<target host="ocmd.pl" />
+	<target host="ocn.host" />
+	<target host="ocpa.co" />
+	<target host="ocq.dk" />
+	<target host="ocrc.co" />
+	<target host="ocsmass.co" />
+	<target host="oct.li" />
+	<target host="octcom.co" />
+	<target host="octiv.co" />
+	<target host="octo.ly" />
+	<target host="octo.ps" />
+	<target host="octopus4k.ml" />
+	<target host="octv.me" />
+	<target host="ocul.us" />
+	<target host="ocurl.no" />
+	<target host="ocws.us" />
+	<target host="od.mobil.cz" />
+	<target host="od.o2.cz" />
+	<target host="odair.cnt.br" />
+	<target host="odan.io" />
+	<target host="odbf.co.uk" />
+	<target host="odco.com" />
+	<target host="oddb.it" />
+	<target host="oddity.photo" />
+	<target host="oddmed.com" />
+	<target host="oddset.bet" />
+	<target host="oddsm.co" />
+	<target host="odea.biz" />
+	<target host="odeals.in" />
+	<target host="odeck.me" />
+	<target host="odedesire.site" />
+	<target host="odele.eu" />
+	<target host="odellwiki.ca" />
+	<target host="odenvalt.de" />
+	<target host="odeon.tk" />
+	<target host="odmtips.com" />
+	<target host="odonto.co" />
+	<target host="odusplus.com" />
+	<target host="odwpr.us" />
+	<target host="oe2.us" />
+	<target host="oenaj.link" />
+	<target host="ofa.bo" />
+	<target host="ofb.ag" />
+	<target host="ofcom.in" />
+	<target host="ofer.es" />
+	<target host="oferta.one" />
+	<target host="ofertas.one" />
+	<target host="ofertaspra.vc" />
+	<target host="ofertasweb.ga" />
+	<target host="offer.gwsuk.com" />
+	<target host="offer.live" />
+	<target host="offerme.ga" />
+	<target host="offersfeed.cf" />
+	<target host="offerz.info" />
+	<target host="offhe.im" />
+	<target host="offi.me" />
+	<target host="officemojo.ga" />
+	<target host="officevi.be" />
+	<target host="officialtv.ml" />
+	<target host="officiel.ml" />
+	<target host="offiziell.ml" />
+	<target host="offmet.ro" />
+	<target host="offrd.st" />
+	<target host="offs.ec" />
+	<target host="offt.me" />
+	<target host="offthe.press" />
+	<target host="offthepit.ch" />
+	<target host="ofrm.bid" />
+	<target host="ofrs.co" />
+	<target host="ofsye.com" />
+	<target host="ogarden.uk" />
+	<target host="ogcn.fr" />
+	<target host="ogem.co" />
+	<target host="ogi.lt" />
+	<target host="oglethor.pe" />
+	<target host="ogmo.de" />
+	<target host="ogpn.media" />
+	<target host="ograc.xyz" />
+	<target host="ogt.bz" />
+	<target host="ogut.ml" />
+	<target host="oh-ah-fuck.me" />
+	<target host="oh.joynjess.com" />
+	<target host="oh.studie.me.uk" />
+	<target host="ohag.xyz" />
+	<target host="ohanian.co" />
+	<target host="ohaw.co" />
+	<target host="ohba.by" />
+	<target host="ohce.us" />
+	<target host="ohdev.in" />
+	<target host="ohed.it" />
+	<target host="ohh.fyi" />
+	<target host="ohhey.cl" />
+	<target host="ohlc.us" />
+	<target host="ohmedia.me" />
+	<target host="ohmygeek.tech" />
+	<target host="ohne.ws" />
+	<target host="ohok.co" />
+	<target host="ohprg.xyz" />
+	<target host="ohspanthers.com" />
+	<target host="ohwildyou.tk" />
+	<target host="oi.poop.io" />
+	<target host="oi.sidwell.io" />
+	<target host="oi.tips" />
+	<target host="oi.zach.io" />
+	<target host="oilsim.pl" />
+	<target host="oilsk.im" />
+	<target host="oily.eu" />
+	<target host="oily.fyi" />
+	<target host="oissp.com" />
+	<target host="oisweb.net" />
+	<target host="oj4.us" />
+	<target host="ojoabang.ml" />
+	<target host="ojpc.co" />
+	<target host="ok.beztdealz.in" />
+	<target host="ok.siomponk.com" />
+	<target host="ok38.ru" />
+	<target host="oka.bz" />
+	<target host="oka.uk" />
+	<target host="okalex.net" />
+	<target host="okb.cc" />
+	<target host="okcolab.co" />
+	<target host="okdt.io" />
+	<target host="oked.co" />
+	<target host="okeh.ga" />
+	<target host="okgo.nu" />
+	<target host="okiene.ws" />
+	<target host="okla.st" />
+	<target host="okne.ws" />
+	<target host="okrs.xyz" />
+	<target host="okts.co" />
+	<target host="oktv.news" />
+	<target host="ol.lesoel.com" />
+	<target host="oldnvy.me" />
+	<target host="oldpl.at" />
+	<target host="oleu.ga" />
+	<target host="olhar.menu" />
+	<target host="oli.link" />
+	<target host="oliahad.co" />
+	<target host="olib.ro" />
+	<target host="olimpus.ga" />
+	<target host="olir.ml" />
+	<target host="olivro.de" />
+	<target host="oliw.tv" />
+	<target host="olla.ml" />
+	<target host="olle.be" />
+	<target host="ollen.work" />
+	<target host="ollie.at" />
+	<target host="olmswag.info" />
+	<target host="olo.la" />
+	<target host="olo.one" />
+	<target host="olo.so" />
+	<target host="ologie.co" />
+	<target host="olpl.us" />
+	<target host="olrizashop.cf" />
+	<target host="olum.co" />
+	<target host="olv.la" />
+	<target host="olvr.co" />
+	<target host="olx.sm" />
+	<target host="olympusthe.me" />
+	<target host="om.pro2om.net" />
+	<target host="oma.io" />
+	<target host="omch.uk" />
+	<target host="omdf.co" />
+	<target host="omdl.tech" />
+	<target host="omdvt.co" />
+	<target host="omebolom.ga" />
+	<target host="omele.to" />
+	<target host="omesacr.tv" />
+	<target host="omfg.at" />
+	<target host="omgkv.in" />
+	<target host="omglistings.com" />
+	<target host="omgrcm.co" />
+	<target host="omgt.co" />
+	<target host="omgv.io" />
+	<target host="omgw.co" />
+	<target host="omgwh.at" />
+	<target host="omhade-4k.tk" />
+	<target host="omhb.eu" />
+	<target host="omht.us" />
+	<target host="omics.gs" />
+	<target host="omin.es" />
+	<target host="omit.tv" />
+	<target host="omlb.de" />
+	<target host="omne.ws" />
+	<target host="omoda.nu" />
+	<target host="omondi.eu" />
+	<target host="omp.md" />
+	<target host="omron.me" />
+	<target host="on-ajc.com" />
+	<target host="on-eigo.site" />
+	<target host="on-hdtvs.ml" />
+	<target host="on-hep.tv" />
+	<target host="on-irpp.org" />
+	<target host="on-tv-hd.ml" />
+	<target host="on-ydr.co" />
+	<target host="on-youtube.ga" />
+	<target host="on.1010.tires" />
+	<target host="on.1170kfaq.com" />
+	<target host="on.11alive.com" />
+	<target host="on.22ndcm.com" />
+	<target host="on.3egg.ch" />
+	<target host="on.3nz.it" />
+	<target host="on.4029tv.com" />
+	<target host="on.441k.io" />
+	<target host="on.640k.in" />
+	<target host="on.7ruh.com" />
+	<target host="on.aaslh.org" />
+	<target host="on.abc10.com" />
+	<target host="on.abondia.es" />
+	<target host="on.activher.com" />
+	<target host="on.acura.com" />
+	<target host="on.adampeer.com" />
+	<target host="on.adn.com" />
+	<target host="on.adrlam.com" />
+	<target host="on.adzima.me" />
+	<target host="on.ae.com" />
+	<target host="on.afil.io" />
+	<target host="on.aheram.com" />
+	<target host="on.aizzard.net" />
+	<target host="on.aless.pro" />
+	<target host="on.altoning.com" />
+	<target host="on.ammomag.com" />
+	<target host="on.ampya.com" />
+	<target host="on.andyet.com" />
+	<target host="on.anime2you.de" />
+	<target host="on.apa.org" />
+	<target host="on.apecrime.de" />
+	<target host="on.apogy.com" />
+	<target host="on.app.com" />
+	<target host="on.aprilia.me" />
+	<target host="on.arwo.org" />
+	<target host="on.asha.org" />
+	<target host="on.ashw.us" />
+	<target host="on.askjess.com" />
+	<target host="on.asroma.com" />
+	<target host="on.astr0.xyz" />
+	<target host="on.asucis.com" />
+	<target host="on.ataf.club" />
+	<target host="on.atxrail.com" />
+	<target host="on.avalias.com" />
+	<target host="on.avon.com" />
+	<target host="on.b2w.tv" />
+	<target host="on.bamboost.org" />
+	<target host="on.bams.de" />
+	<target host="on.bamsl.org" />
+	<target host="on.barrons.com" />
+	<target host="on.basf.com" />
+	<target host="on.baskin.cloud" />
+	<target host="on.bbz.cc" />
+	<target host="on.bc.edu" />
+	<target host="on.bcg.com" />
+	<target host="on.bchil.org" />
+	<target host="on.be.net" />
+	<target host="on.be1con.com" />
+	<target host="on.belk.com" />
+	<target host="on.beyou.com.br" />
+	<target host="on.bien.hu" />
+	<target host="on.bild.de" />
+	<target host="on.biolane.hk" />
+	<target host="on.bitly.pro" />
+	<target host="on.blindchat.gr" />
+	<target host="on.blmusic.co" />
+	<target host="on.bobr.com" />
+	<target host="on.boeff.de" />
+	<target host="on.boeffi.net" />
+	<target host="on.bogner.com" />
+	<target host="on.bp.com" />
+	<target host="on.branch.com" />
+	<target host="on.brb.rs" />
+	<target host="on.breakline.us" />
+	<target host="on.brew.cl" />
+	<target host="on.brooke.nz" />
+	<target host="on.btmgcs.com" />
+	<target host="on.bwmv.com.br" />
+	<target host="on.cagop.org" />
+	<target host="on.cambrex.com" />
+	<target host="on.capvie.info" />
+	<target host="on.car.org" />
+	<target host="on.catst.co" />
+	<target host="on.cbnws.cc" />
+	<target host="on.cc.com" />
+	<target host="on.cclol.com" />
+	<target host="on.cdoug.net" />
+	<target host="on.center" />
+	<target host="on.ceogear.com" />
+	<target host="on.cff.org" />
+	<target host="on.cfr.org" />
+	<target host="on.cgiar.org" />
+	<target host="on.chainfund.ch" />
+	<target host="on.chasedye.com" />
+	<target host="on.chauncey.io" />
+	<target host="on.china.cn" />
+	<target host="on.choisr.com" />
+	<target host="on.churchmd.com" />
+	<target host="on.citadel.com" />
+	<target host="on.clark.com" />
+	<target host="on.clemmer.co" />
+	<target host="on.cmsm.org" />
+	<target host="on.coach.com" />
+	<target host="on.codehunt.io" />
+	<target host="on.colbertnation.com" />
+	<target host="on.compusoft.nz" />
+	<target host="on.conit.co" />
+	<target host="on.contv.com" />
+	<target host="on.cooliris.com" />
+	<target host="on.coop" />
+	<target host="on.cosmo.uk.com" />
+	<target host="on.cpsj.com" />
+	<target host="on.cr25.uk" />
+	<target host="on.cranprep.org" />
+	<target host="on.criscara.com" />
+	<target host="on.csell.net" />
+	<target host="on.cuong.me" />
+	<target host="on.cynersis.cl" />
+	<target host="on.d-k.nu" />
+	<target host="on.dad.fm" />
+	<target host="on.dana.org" />
+	<target host="on.datatree.ai" />
+	<target host="on.dayton.com" />
+	<target host="on.deedcast.com" />
+	<target host="on.defe.ro" />
+	<target host="on.deimar.co" />
+	<target host="on.delion.ir" />
+	<target host="on.depokita.com" />
+	<target host="on.details.com" />
+	<target host="on.devville.net" />
+	<target host="on.dewdat.io" />
+	<target host="on.dgap.org" />
+	<target host="on.dgbarnett.me" />
+	<target host="on.dgx.me" />
+	<target host="on.dhb.io" />
+	<target host="on.dice.com" />
+	<target host="on.disalvo.ro" />
+	<target host="on.dnj.com" />
+	<target host="on.docx.ca" />
+	<target host="on.doi.gov" />
+	<target host="on.dr-zr.net" />
+	<target host="on.drunkwifi.co" />
+	<target host="on.dsoh.net" />
+	<target host="on.dstroy.co" />
+	<target host="on.dti.com.es" />
+	<target host="on.dtj.org" />
+	<target host="on.ducati.co" />
+	<target host="on.ducsu.com" />
+	<target host="on.dutzu.net" />
+	<target host="on.dvf.com" />
+	<target host="on.dzy.li" />
+	<target host="on.e-nor.com" />
+	<target host="on.easynda.com" />
+	<target host="on.edison.com" />
+	<target host="on.edmhub.com" />
+	<target host="on.einstein.is" />
+	<target host="on.ekonomist.co" />
+	<target host="on.elemb.ee" />
+	<target host="on.elle.de" />
+	<target host="on.elle.es" />
+	<target host="on.elle.in" />
+	<target host="on.elleuk.com" />
+	<target host="on.empreggo.com" />
+	<target host="on.epi.org" />
+	<target host="on.esimsar.com" />
+	<target host="on.eslamx.com" />
+	<target host="on.ewi.info" />
+	<target host="on.ewi.ngo" />
+	<target host="on.extemp.com" />
+	<target host="on.ezdoo.me" />
+	<target host="on.facl.org" />
+	<target host="on.fam-ps.org" />
+	<target host="on.fanbuzz.com" />
+	<target host="on.fanvive.com" />
+	<target host="on.fayard.re" />
+	<target host="on.fcmb.com" />
+	<target host="on.fehlkauf.net" />
+	<target host="on.feif.me" />
+	<target host="on.felipe.rs" />
+	<target host="on.fhei.org" />
+	<target host="on.fidil.io" />
+	<target host="on.flatoday.com" />
+	<target host="on.fleck.co" />
+	<target host="on.flog.cc" />
+	<target host="on.flyhigh.gr" />
+	<target host="on.fndgo.us" />
+	<target host="on.forex.com" />
+	<target host="on.forzausa.co" />
+	<target host="on.fox28.com" />
+	<target host="on.fox4now.com" />
+	<target host="on.fox6now.com" />
+	<target host="on.freep.com" />
+	<target host="on.fst.com" />
+	<target host="on.ft.com" />
+	<target host="on.ftn.media" />
+	<target host="on.ftv.com" />
+	<target host="on.ful.lt" />
+	<target host="on.fuse.tv" />
+	<target host="on.fyl.io" />
+	<target host="on.gabale.se" />
+	<target host="on.gabin.org" />
+	<target host="on.gallup.com" />
+	<target host="on.gamartto.com" />
+	<target host="on.gammas.org" />
+	<target host="on.gan.gg" />
+	<target host="on.gb-world.net" />
+	<target host="on.gd2r.me" />
+	<target host="on.gdg.nz" />
+	<target host="on.gear.club" />
+	<target host="on.geeku.be" />
+	<target host="on.gei.co" />
+	<target host="on.getold.com" />
+	<target host="on.gfmg.us" />
+	<target host="on.ginzy.me" />
+	<target host="on.gislei.com" />
+	<target host="on.gjp.io" />
+	<target host="on.gmti.com" />
+	<target host="on.goasia.de" />
+	<target host="on.goatcirc.us" />
+	<target host="on.gobig.at" />
+	<target host="on.gonefans.com" />
+	<target host="on.gooloo.de" />
+	<target host="on.gopride.com" />
+	<target host="on.gorrindo.com" />
+	<target host="on.gotham.love" />
+	<target host="on.gotowv.com" />
+	<target host="on.gucci.com" />
+	<target host="on.gurustop.net" />
+	<target host="on.gvip.io" />
+	<target host="on.gz-up.com" />
+	<target host="on.hagafu.com" />
+	<target host="on.handbag.com" />
+	<target host="on.harrods.com" />
+	<target host="on.hbazaar.es" />
+	<target host="on.hiruscar.vn" />
+	<target host="on.hisaor.org" />
+	<target host="on.hmmg.co" />
+	<target host="on.hoards.com" />
+	<target host="on.hoffarch.com" />
+	<target host="on.hope.city" />
+	<target host="on.hotelrado.pl" />
+	<target host="on.hox.ai" />
+	<target host="on.html.wtf" />
+	<target host="on.hubii.com" />
+	<target host="on.humilit.com" />
+	<target host="on.hwnair.com" />
+	<target host="on.iacsa.mx" />
+	<target host="on.iawx.net" />
+	<target host="on.icpam.ro" />
+	<target host="on.ifc.org" />
+	<target host="on.ifgf.to" />
+	<target host="on.imnice.com" />
+	<target host="on.imran.cc" />
+	<target host="on.imw.nyc" />
+	<target host="on.in-mommy.com" />
+	<target host="on.inc.com" />
+	<target host="on.incridea.com" />
+	<target host="on.insas.be" />
+	<target host="on.instyle.de" />
+	<target host="on.intesys.it" />
+	<target host="on.intibi.com" />
+	<target host="on.isb.ro" />
+	<target host="on.issue.by" />
+	<target host="on.j3h14h.com" />
+	<target host="on.jabberjaw.me" />
+	<target host="on.jake.to" />
+	<target host="on.jbu.edu" />
+	<target host="on.jci.com" />
+	<target host="on.jconline.com" />
+	<target host="on.jefftham.com" />
+	<target host="on.jehiah.cz" />
+	<target host="on.jerry.id" />
+	<target host="on.jg.net" />
+	<target host="on.jruys.com" />
+	<target host="on.jsonl.in" />
+	<target host="on.jwj.org" />
+	<target host="on.kbf.am" />
+	<target host="on.kcci.com" />
+	<target host="on.kcra.com" />
+	<target host="on.kdi.co" />
+	<target host="on.kens5.com" />
+	<target host="on.ketv.com" />
+	<target host="on.kfdi.com" />
+	<target host="on.kgun9.com" />
+	<target host="on.kgw.com" />
+	<target host="on.khmerhdr.com" />
+	<target host="on.khou.com" />
+	<target host="on.kigalian.com" />
+	<target host="on.kipp.org" />
+	<target host="on.kisimedia.de" />
+	<target host="on.kisura.de" />
+	<target host="on.kitv.com" />
+	<target host="on.kivitv.com" />
+	<target host="on.kliiq.com" />
+	<target host="on.kljb-s.de" />
+	<target host="on.kmbc.com" />
+	<target host="on.kmir6.com" />
+	<target host="on.kmtv.com" />
+	<target host="on.knicks.com" />
+	<target host="on.koat.com" />
+	<target host="on.kobi5.com" />
+	<target host="on.koco.com" />
+	<target host="on.kompass.ua" />
+	<target host="on.kottel.com" />
+	<target host="on.krem.com" />
+	<target host="on.ksbw.com" />
+	<target host="on.ksdk.com" />
+	<target host="on.ksgf.com" />
+	<target host="on.kthv.com" />
+	<target host="on.ktnv.com" />
+	<target host="on.kttc.com" />
+	<target host="on.ktts.com" />
+	<target host="on.ktvb.com" />
+	<target host="on.kwav.es" />
+	<target host="on.kwwl.com" />
+	<target host="on.kyber.me" />
+	<target host="on.langlers.com" />
+	<target host="on.laor.asia" />
+	<target host="on.lapakko.com" />
+	<target host="on.lauffer.co" />
+	<target host="on.leonovel.pro" />
+	<target host="on.lexysyn.com" />
+	<target host="on.li.cr" />
+	<target host="on.limmidy.com" />
+	<target host="on.lmntrx.com" />
+	<target host="on.lpfisite.com" />
+	<target host="on.lsj.com" />
+	<target host="on.lsx.co" />
+	<target host="on.ludens.kr" />
+	<target host="on.luiscao.com" />
+	<target host="on.lunar.com" />
+	<target host="on.m2m.tv" />
+	<target host="on.magfs.io" />
+	<target host="on.mahajan.xyz" />
+	<target host="on.maptia.com" />
+	<target host="on.mash.to" />
+	<target host="on.mavs.com" />
+	<target host="on.mawqe3.net" />
+	<target host="on.mbga.jp" />
+	<target host="on.mcat.me" />
+	<target host="on.mcbgroup.tv" />
+	<target host="on.meetvi.be" />
+	<target host="on.men.hu" />
+	<target host="on.menau.org" />
+	<target host="on.merkur.de" />
+	<target host="on.mfox.me" />
+	<target host="on.mgmadv.com" />
+	<target host="on.mhm.ag" />
+	<target host="on.mi4p.com" />
+	<target host="on.mikian.com" />
+	<target host="on.miner.tv" />
+	<target host="on.misspato.com" />
+	<target host="on.mixpo.co" />
+	<target host="on.mktw.net" />
+	<target host="on.mncerts.org" />
+	<target host="on.mnp.ro" />
+	<target host="on.mnt.hk" />
+	<target host="on.mo.gov" />
+	<target host="on.moby.com" />
+	<target host="on.modmo.re" />
+	<target host="on.moncler.com" />
+	<target host="on.mrtlrts.me" />
+	<target host="on.msnbc.com" />
+	<target host="on.mtdb.com" />
+	<target host="on.mtmellor.com" />
+	<target host="on.mtv.com" />
+	<target host="on.mtvema.com" />
+	<target host="on.mycasavi.com" />
+	<target host="on.myjkkskl.com" />
+	<target host="on.n0v.pw" />
+	<target host="on.nakedcrm.com" />
+	<target host="on.namgbr.org" />
+	<target host="on.napster.com" />
+	<target host="on.narep.net" />
+	<target host="on.natgeo.com" />
+	<target host="on.navas.ec" />
+	<target host="on.nba.com" />
+	<target host="on.nbc26.com" />
+	<target host="on.nbc26.tv" />
+	<target host="on.nc5.co" />
+	<target host="on.ncaa.com" />
+	<target host="on.nedpals.xyz" />
+	<target host="on.nem.ec" />
+	<target host="on.nerdbox.com" />
+	<target host="on.netchows.com" />
+	<target host="on.news.me" />
+	<target host="on.nextride.be" />
+	<target host="on.nfib.com" />
+	<target host="on.nh.is" />
+	<target host="on.nhaoc.com" />
+	<target host="on.nhsfife.org" />
+	<target host="on.njnets.com" />
+	<target host="on.njpads.com" />
+	<target host="on.nkn.us" />
+	<target host="on.nmajh.org" />
+	<target host="on.noeleyva.com" />
+	<target host="on.nola411.com" />
+	<target host="on.nonzero.ro" />
+	<target host="on.notjaya.com" />
+	<target host="on.nppbc.com" />
+	<target host="on.nrdc.org" />
+	<target host="on.nutricap.hk" />
+	<target host="on.nwlc.org" />
+	<target host="on.ny.gov" />
+	<target host="on.nyc.gov" />
+	<target host="on.nyls.edu" />
+	<target host="on.nypl.org" />
+	<target host="on.nzc.nz" />
+	<target host="on.obvi.fm" />
+	<target host="on.oceg.org" />
+	<target host="on.odj.io" />
+	<target host="on.ofadam.com" />
+	<target host="on.offchi.com" />
+	<target host="on.omaha.com" />
+	<target host="on.omd.pt" />
+	<target host="on.omskman.com" />
+	<target host="on.opptys.nl" />
+	<target host="on.ovaleye.tv" />
+	<target host="on.ovcorp.com" />
+	<target host="on.overlogic.gr" />
+	<target host="on.owldocs.com" />
+	<target host="on.ozrs.co" />
+	<target host="on.pa.gov" />
+	<target host="on.pdo5.org" />
+	<target host="on.pfizer.com" />
+	<target host="on.pier1.com" />
+	<target host="on.pjstar.com" />
+	<target host="on.playmo.tv" />
+	<target host="on.plugco.net" />
+	<target host="on.pmo.sg" />
+	<target host="on.pnj.com" />
+	<target host="on.pnlmx.com" />
+	<target host="on.prsir.co" />
+	<target host="on.prx.org" />
+	<target host="on.psi.de" />
+	<target host="on.ptl.bz" />
+	<target host="on.pushlift.com" />
+	<target host="on.pyxo.me" />
+	<target host="on.qnsmade.co" />
+	<target host="on.quivers.com" />
+	<target host="on.radio.today" />
+	<target host="on.ramon82.com" />
+	<target host="on.rare.us" />
+	<target host="on.razlan.net" />
+	<target host="on.rb.com" />
+	<target host="on.rbcgam.com" />
+	<target host="on.rbne.ws" />
+	<target host="on.rclazo.com" />
+	<target host="on.rdio.com" />
+	<target host="on.recode.net" />
+	<target host="on.red-uk.co" />
+	<target host="on.reno.com" />
+	<target host="on.renoir.me" />
+	<target host="on.reveal.co.uk" />
+	<target host="on.revival.tv" />
+	<target host="on.revo.com" />
+	<target host="on.rgj.com" />
+	<target host="on.rhap.com" />
+	<target host="on.rl.tv" />
+	<target host="on.roampod.com" />
+	<target host="on.rocne.ws" />
+	<target host="on.rolex.com" />
+	<target host="on.roof.io" />
+	<target host="on.rotary.org" />
+	<target host="on.rowalk.ro" />
+	<target host="on.roylok.com" />
+	<target host="on.rsd.it" />
+	<target host="on.rsts11.com" />
+	<target host="on.rubikit.com" />
+	<target host="on.ryot.org" />
+	<target host="on.sanvad.in" />
+	<target host="on.sasin.edu" />
+	<target host="on.sc.com" />
+	<target host="on.scale.ru" />
+	<target host="on.scava.be" />
+	<target host="on.sce.com" />
+	<target host="on.scer.scot" />
+	<target host="on.sciens.io" />
+	<target host="on.scorpion.co" />
+	<target host="on.scouts.ie" />
+	<target host="on.scp.ph" />
+	<target host="on.sctimes.com" />
+	<target host="on.searchlr.net" />
+	<target host="on.self.com" />
+	<target host="on.sgsites.net" />
+	<target host="on.sgstory.com" />
+	<target host="on.shc1.net" />
+	<target host="on.shopigo.com" />
+	<target host="on.si.com" />
+	<target host="on.snv.org" />
+	<target host="on.sny.tv" />
+	<target host="on.soheil.us" />
+	<target host="on.sonc.us" />
+	<target host="on.splice.com" />
+	<target host="on.split.io" />
+	<target host="on.sport1.de" />
+	<target host="on.spowwow.com" />
+	<target host="on.spyhi.com" />
+	<target host="on.sqisl.me" />
+	<target host="on.srxn.us" />
+	<target host="on.ssh.io" />
+	<target host="on.su.org" />
+	<target host="on.sugarsca.pe" />
+	<target host="on.sunmarg.in" />
+	<target host="on.swashin.tv" />
+	<target host="on.swayam.one" />
+	<target host="on.tassos.gr" />
+	<target host="on.tcs.com" />
+	<target host="on.tdev.co" />
+	<target host="on.tdmark.co" />
+	<target host="on.tdo.com" />
+	<target host="on.tech.eu" />
+	<target host="on.tellux.tv" />
+	<target host="on.tematriq.com" />
+	<target host="on.tempty.hu" />
+	<target host="on.tenerant.com" />
+	<target host="on.tgthss.com" />
+	<target host="on.thec-l.com" />
+	<target host="on.thedailyshow.com" />
+	<target host="on.thehatch.es" />
+	<target host="on.thestar.com" />
+	<target host="on.thimble.io" />
+	<target host="on.thrivedc.com" />
+	<target host="on.tiffbits.com" />
+	<target host="on.tingette.com" />
+	<target host="on.tmj4.com" />
+	<target host="on.tmos.org" />
+	<target host="on.tnr.com" />
+	<target host="on.tnwae.us" />
+	<target host="on.today.com" />
+	<target host="on.tpt.org" />
+	<target host="on.trail411.com" />
+	<target host="on.trailr.tv" />
+	<target host="on.trosmith.com" />
+	<target host="on.trp.nz" />
+	<target host="on.trucks.com" />
+	<target host="on.trulia.com" />
+	<target host="on.tuleshov.com" />
+	<target host="on.tvline.com" />
+	<target host="on.tz.de" />
+	<target host="on.uah.edu" />
+	<target host="on.uc.edu" />
+	<target host="on.ufc.com" />
+	<target host="on.unesco.org" />
+	<target host="on.unknwn.com" />
+	<target host="on.untp.it" />
+	<target host="on.upsu.net" />
+	<target host="on.uptv.com" />
+	<target host="on.v4s.it" />
+	<target host="on.vangquan.com" />
+	<target host="on.vbdance.com" />
+	<target host="on.vdvsport.it" />
+	<target host="on.vegan.io" />
+	<target host="on.versity.tv" />
+	<target host="on.vetr.com" />
+	<target host="on.vfmb.ch" />
+	<target host="on.vh1.com" />
+	<target host="on.vhpost.tv" />
+	<target host="on.victime.club" />
+	<target host="on.vision.org" />
+	<target host="on.vitn.de" />
+	<target host="on.voce.tv" />
+	<target host="on.vsedela.ru" />
+	<target host="on.vst.one" />
+	<target host="on.waah.xyz" />
+	<target host="on.wajda.in" />
+	<target host="on.walex.me" />
+	<target host="on.waow.com" />
+	<target host="on.wapt.com" />
+	<target host="on.watchity.com" />
+	<target host="on.wb.com" />
+	<target host="on.wbaltv.com" />
+	<target host="on.wbir.com" />
+	<target host="on.wcnc.com" />
+	<target host="on.wcsh6.com" />
+	<target host="on.wcvb.com" />
+	<target host="on.wdsu.com" />
+	<target host="on.wdw.nl" />
+	<target host="on.webmd.com" />
+	<target host="on.wellfra.me" />
+	<target host="on.welt.de" />
+	<target host="on.wesh.com" />
+	<target host="on.wews.com" />
+	<target host="on.wfaa.com" />
+	<target host="on.wgal.com" />
+	<target host="on.wgem.com" />
+	<target host="on.wgrz.com" />
+	<target host="on.whas11.com" />
+	<target host="on.whdh.com" />
+	<target host="on.whio.com" />
+	<target host="on.whnt.com" />
+	<target host="on.whrsml.eu" />
+	<target host="on.wimzey.com" />
+	<target host="on.wisn.com" />
+	<target host="on.wisports.com" />
+	<target host="on.wjtv.com" />
+	<target host="on.wkyc.com" />
+	<target host="on.wlbz2.com" />
+	<target host="on.wlky.com" />
+	<target host="on.wltx.com" />
+	<target host="on.wlwt.com" />
+	<target host="on.wmaz.com" />
+	<target host="on.wmmi.net" />
+	<target host="on.wmtw.com" />
+	<target host="on.wmur.com" />
+	<target host="on.wnct.com" />
+	<target host="on.wpbf.com" />
+	<target host="on.wpin.me" />
+	<target host="on.wptz.com" />
+	<target host="on.wpxi.com" />
+	<target host="on.wqow.com" />
+	<target host="on.wrex.com" />
+	<target host="on.wrkhrs.co" />
+	<target host="on.wsav.com" />
+	<target host="on.wsj.com" />
+	<target host="on.wsoctv.com" />
+	<target host="on.wtae.com" />
+	<target host="on.wtmj.com" />
+	<target host="on.wtsp.com" />
+	<target host="on.wusa9.com" />
+	<target host="on.wvec.com" />
+	<target host="on.wvva.com" />
+	<target host="on.wwltv.com" />
+	<target host="on.wxii.com" />
+	<target host="on.wxow.com" />
+	<target host="on.wyff4.com" />
+	<target host="on.wzzm.com" />
+	<target host="on.xcd.vn" />
+	<target host="on.xomnio.com" />
+	<target host="on.yau.uk" />
+	<target host="on.yloils.me" />
+	<target host="on.yourolly.com" />
+	<target host="on.ysl.com" />
+	<target host="on.ziggo.nl" />
+	<target host="on.zn.be" />
+	<target host="on9news.tv" />
+	<target host="onair.rs" />
+	<target host="onamae.click" />
+	<target host="onamae.link" />
+	<target host="onamae.me" />
+	<target host="onani.ml" />
+	<target host="onapp.rocks" />
+	<target host="onbe.co" />
+	<target host="onbe.in" />
+	<target host="onbq.co" />
+	<target host="onbr.pro" />
+	<target host="onbriga.de" />
+	<target host="onbsys.com" />
+	<target host="onbvd.blog" />
+	<target host="once.run" />
+	<target host="onch.net" />
+	<target host="oncin.ch" />
+	<target host="oncom.ml" />
+	<target host="oncvt.com" />
+	<target host="ondove.co" />
+	<target host="ondzk.nl" />
+	<target host="one-co.co" />
+	<target host="oneandzero.uk" />
+	<target host="onefi.re" />
+	<target host="oneflare.co" />
+	<target host="oneh.se" />
+	<target host="oneind.ml" />
+	<target host="oneira.link" />
+	<target host="onek.us" />
+	<target host="oneleft.io" />
+	<target host="onelov.co" />
+	<target host="onelove.im" />
+	<target host="onemcr.net" />
+	<target host="onen.link" />
+	<target host="onep.gr" />
+	<target host="onepiece.click" />
+	<target host="oneseries.ml" />
+	<target host="oneta.st" />
+	<target host="oneticket.info" />
+	<target host="onev.me" />
+	<target host="onewat.ch" />
+	<target host="onewi.org" />
+	<target host="onewifi.info" />
+	<target host="onewrld.co" />
+	<target host="onexox.ga" />
+	<target host="onforb.es" />
+	<target host="onfs.net" />
+	<target host="ongen.us" />
+	<target host="ongno.tk" />
+	<target host="ongo.io" />
+	<target host="ongo.uk" />
+	<target host="ongoing.pro" />
+	<target host="ongrid.me" />
+	<target host="onie.co.vu" />
+	<target host="onion.com" />
+	<target host="onjv.co" />
+	<target host="onl1ne.ml" />
+	<target host="online-ep.ml" />
+	<target host="online-eps.ga" />
+	<target host="online-hd.cf" />
+	<target host="online.aasc.vn" />
+	<target host="onlinebiz.co" />
+	<target host="onlinehd.cf" />
+	<target host="onlinehd.ml" />
+	<target host="onlinesecu.red" />
+	<target host="onlinesport.ga" />
+	<target host="onlinetvs.cf" />
+	<target host="onlinetvs.gq" />
+	<target host="onlrl.uk" />
+	<target host="only-be.me" />
+	<target host="only.co" />
+	<target host="only2.be" />
+	<target host="onlyhmn.com" />
+	<target host="onlyo.co" />
+	<target host="onm.gl" />
+	<target host="onmo.co" />
+	<target host="onmovie77.ml" />
+	<target host="onni.me" />
+	<target host="ono.im" />
+	<target host="onone.buzz" />
+	<target host="onphr.ma" />
+	<target host="onreiss.com" />
+	<target host="onrugbydu.mp" />
+	<target host="onsb.tk" />
+	<target host="onsig.ht" />
+	<target host="onslice.co" />
+	<target host="onstn.biz" />
+	<target host="onsy.dk" />
+	<target host="ont.li" />
+	<target host="ont.news" />
+	<target host="ontar.gt" />
+	<target host="ontara.me" />
+	<target host="ontch.org" />
+	<target host="ontkc.com" />
+	<target host="ontlib.ca" />
+	<target host="ontr.co" />
+	<target host="ontr.nl" />
+	<target host="ontrv.in" />
+	<target host="ontt.tv" />
+	<target host="ontv-hd.ml" />
+	<target host="ontv.ga" />
+	<target host="ontv.gq" />
+	<target host="ontv06.ml" />
+	<target host="ontweg.cc" />
+	<target host="onward.st" />
+	<target host="onwgtc.com" />
+	<target host="onwi.es" />
+	<target host="onws.tk" />
+	<target host="onzell.nl" />
+	<target host="oobld.com" />
+	<target host="ooda.co" />
+	<target host="ooebea.ch" />
+	<target host="oof.news" />
+	<target host="oogl.us" />
+	<target host="ookb.ee" />
+	<target host="ool.se" />
+	<target host="oolde.ml" />
+	<target host="oonews.co" />
+	<target host="ooo.1n.pw" />
+	<target host="oor.pw" />
+	<target host="ootm.co" />
+	<target host="ooznest.store" />
+	<target host="op-lib.ch" />
+	<target host="op.cineville.nl" />
+	<target host="op.is.nl" />
+	<target host="op.pf.nl" />
+	<target host="op.vitamins.nl" />
+	<target host="op1c.com" />
+	<target host="op22.co" />
+	<target host="opan.co" />
+	<target host="opat4khd.ml" />
+	<target host="opbe.at" />
+	<target host="opbr.ge" />
+	<target host="opea.st" />
+	<target host="open.do" />
+	<target host="opencolleg.es" />
+	<target host="opendates.me" />
+	<target host="openener.gy" />
+	<target host="openg.is" />
+	<target host="openmi.ch" />
+	<target host="openmk.me" />
+	<target host="openview.vc" />
+	<target host="opiceb.lu" />
+	<target host="opie.im" />
+	<target host="opin.to" />
+	<target host="opkino.club" />
+	<target host="opm.global" />
+	<target host="opmed.co" />
+	<target host="opmu.co" />
+	<target host="opn8.co.uk" />
+	<target host="opngv.link" />
+	<target host="opnsg.nl" />
+	<target host="opnstg.co" />
+	<target host="opnstre.am" />
+	<target host="opnw.at" />
+	<target host="opp.fyi" />
+	<target host="oppin.st" />
+	<target host="oppos.es" />
+	<target host="ops.fyi" />
+	<target host="opsc.nl" />
+	<target host="opsgui.de" />
+	<target host="opst.ca" />
+	<target host="opsw.co" />
+	<target host="opsy.st" />
+	<target host="opt.ai" />
+	<target host="optc.co" />
+	<target host="optg2017.ga" />
+	<target host="optical-tool.me" />
+	<target host="optim.ly" />
+	<target host="optimind.me" />
+	<target host="optimize.ly" />
+	<target host="optimo.link" />
+	<target host="optimus4k.ml" />
+	<target host="optin.to" />
+	<target host="options-po.li" />
+	<target host="optistar.co" />
+	<target host="optmlz.es" />
+	<target host="optms.in" />
+	<target host="optmzpr.me" />
+	<target host="opts.jp" />
+	<target host="opubli.cc" />
+	<target host="opurl.ga" />
+	<target host="opusf.co" />
+	<target host="opvn.nl" />
+	<target host="opyd.net" />
+	<target host="oran.ge" />
+	<target host="orange888.ml" />
+	<target host="orangea.us" />
+	<target host="oranjeboom.cafe" />
+	<target host="ord.mx" />
+	<target host="ordl.co" />
+	<target host="orear.ws" />
+	<target host="orebz.com" />
+	<target host="oreef.co" />
+	<target host="oregonlive.tk" />
+	<target host="oregrown.co" />
+	<target host="oreil.ly" />
+	<target host="orenda.host" />
+	<target host="orens.es" />
+	<target host="orfe.us" />
+	<target host="org-rev.com" />
+	<target host="orgcitad.in" />
+	<target host="orgcns.org" />
+	<target host="orgnclly.link" />
+	<target host="orhy.me" />
+	<target host="orig1n-4k.ml" />
+	<target host="original4k.ml" />
+	<target host="originalhd.ml" />
+	<target host="origins.cm" />
+	<target host="oriol.me" />
+	<target host="ork.cc" />
+	<target host="orlan.do" />
+	<target host="orlflag.com" />
+	<target host="ormrut.uk" />
+	<target host="orogold.us" />
+	<target host="ors.onl" />
+	<target host="orsl.nl" />
+	<target host="orsvp.me" />
+	<target host="ortd.co" />
+	<target host="ortho-us.link" />
+	<target host="orto.link" />
+	<target host="orueagl.es" />
+	<target host="orv.is" />
+	<target host="os.geeki.es" />
+	<target host="osc.tips" />
+	<target host="osca.rs" />
+	<target host="oscar-2017.ml" />
+	<target host="oscars-2017.ml" />
+	<target host="oscu.ro" />
+	<target host="oscweb.biz" />
+	<target host="osf.to" />
+	<target host="osh.is" />
+	<target host="osh.li" />
+	<target host="oshborn.cf" />
+	<target host="oshko.sh" />
+	<target host="oshub.co" />
+	<target host="osir.mx" />
+	<target host="oskins.com" />
+	<target host="osky.co" />
+	<target host="osm.one" />
+	<target host="osmi.us" />
+	<target host="osmy.in" />
+	<target host="osna.ps" />
+	<target host="oso.io" />
+	<target host="oso.site" />
+	<target host="osopor.to" />
+	<target host="ospa.me" />
+	<target host="ossbss.link" />
+	<target host="ostomy.me" />
+	<target host="ostra.in" />
+	<target host="osturm.me" />
+	<target host="osum.it" />
+	<target host="osum.yantra.io" />
+	<target host="osweb.us" />
+	<target host="osws.co" />
+	<target host="ot7.link" />
+	<target host="ota.buzz" />
+	<target host="otal.co" />
+	<target host="otdsy.com" />
+	<target host="oth.me" />
+	<target host="otherja.red" />
+	<target host="othr.in" />
+	<target host="othr.ws" />
+	<target host="oti.link" />
+	<target host="otk.ovh" />
+	<target host="otmz.se" />
+	<target host="otsho.ws" />
+	<target host="otsny.co" />
+	<target host="otto.me" />
+	<target host="otton.eu" />
+	<target host="ottorad.io" />
+	<target host="ottsens.com" />
+	<target host="oug.me" />
+	<target host="ouidad.cm" />
+	<target host="ouinnov.co" />
+	<target host="ounce.it" />
+	<target host="ourevents.co" />
+	<target host="ourhoek.co.za" />
+	<target host="ourmojo.us" />
+	<target host="ourngp.in" />
+	<target host="ouro.ga" />
+	<target host="ouroh.io" />
+	<target host="ourrange.com" />
+	<target host="oustudents.co" />
+	<target host="out.ap9et.com" />
+	<target host="out.exsom.com" />
+	<target host="out.gb.net.co" />
+	<target host="out.outlayer.it" />
+	<target host="out.safewrd.com" />
+	<target host="out.so" />
+	<target host="out.vitzo.com" />
+	<target host="out.wf" />
+	<target host="outb.ac" />
+	<target host="outbra.in" />
+	<target host="outest.co" />
+	<target host="outftr.us" />
+	<target host="outics.com" />
+	<target host="outilsdevie.fr" />
+	<target host="outletdesign.cz" />
+	<target host="outliv.me" />
+	<target host="outnet.co" />
+	<target host="outr-in.org" />
+	<target host="outsde.in" />
+	<target host="outsyste.ms" />
+	<target host="outw.mobi" />
+	<target host="outward.site" />
+	<target host="ova.la" />
+	<target host="ovark.co" />
+	<target host="over.farm" />
+	<target host="overflo.it" />
+	<target host="overon.me" />
+	<target host="ovg.link" />
+	<target host="ovp.bz" />
+	<target host="ovrc.lk" />
+	<target host="ovrlrds.us" />
+	<target host="ovrt.me" />
+	<target host="ow.fwd.fm" />
+	<target host="ow.lc" />
+	<target host="ow.nyon.nl" />
+	<target host="owca.mp" />
+	<target host="owen.in" />
+	<target host="owengrp.co" />
+	<target host="owens.li" />
+	<target host="owensad.com" />
+	<target host="owin.co" />
+	<target host="owk.li" />
+	<target host="owl.cm" />
+	<target host="owlcube.site" />
+	<target host="owm.tips" />
+	<target host="own.re" />
+	<target host="own.rs" />
+	<target host="ownersclub.co" />
+	<target host="owy.mn" />
+	<target host="owyd.co" />
+	<target host="owyoga.us" />
+	<target host="oxd.link" />
+	<target host="oxecon.co" />
+	<target host="oxelt.gl" />
+	<target host="oxf.am" />
+	<target host="oxford.ly" />
+	<target host="oxhorn.it" />
+	<target host="oxhound.com" />
+	<target host="oxygen.tv" />
+	<target host="oyb.kr" />
+	<target host="oybo.us" />
+	<target host="ozie.jp" />
+	<target host="ozin.ga" />
+	<target host="ozk.space" />
+	<target host="ozmen.co.vu" />
+	<target host="ozn.bg" />
+	<target host="oznmd.at" />
+	<target host="oztech.me" />
+	<target host="ozufy.ml" />
+	<target host="ozyr.me" />
+	<target host="ozz.ie" />
+	<target host="p-22.ru" />
+	<target host="p-360.de" />
+	<target host="p-a.us" />
+	<target host="p-app.uk" />
+	<target host="p-g.me" />
+	<target host="p-ga.ch" />
+	<target host="p-ish.ca" />
+	<target host="p-o.me" />
+	<target host="p.andynix.co.za" />
+	<target host="p.avijatrik.com" />
+	<target host="p.charlesmok.hk" />
+	<target host="p.confinale.ch" />
+	<target host="p.dandu.be" />
+	<target host="p.entf.at" />
+	<target host="p.eshel.io" />
+	<target host="p.hue.sk" />
+	<target host="p.ink.cx" />
+	<target host="p.insighto.com" />
+	<target host="p.ipont.ca" />
+	<target host="p.jibe.com" />
+	<target host="p.key-p.jp" />
+	<target host="p.lete.li" />
+	<target host="p.mediamath.com" />
+	<target host="p.paramore.me" />
+	<target host="p.ppfa.org" />
+	<target host="p.rik.bz" />
+	<target host="p.runaker.tech" />
+	<target host="p.rvie.us" />
+	<target host="p.safemo.de" />
+	<target host="p.schall.tv" />
+	<target host="p.sercom.be" />
+	<target host="p.tahutek.net" />
+	<target host="p.tharroshk.com" />
+	<target host="p.thewebfix.com" />
+	<target host="p.trck.name" />
+	<target host="p.tsao.in" />
+	<target host="p.vanroeijen.nl" />
+	<target host="p.zueb.li" />
+	<target host="p11.vc" />
+	<target host="p1r.es" />
+	<target host="p1ws.me" />
+	<target host="p24.me" />
+	<target host="p24.si" />
+	<target host="p29.tips" />
+	<target host="p2n.co" />
+	<target host="p2r.me" />
+	<target host="p4c0k.ml" />
+	<target host="p4cm.info" />
+	<target host="p4r.co" />
+	<target host="p4scol.ml" />
+	<target host="p4u.tw" />
+	<target host="p52.mx" />
+	<target host="p5s.co" />
+	<target host="p64.eu" />
+	<target host="p6d.co" />
+	<target host="p6i.me" />
+	<target host="p78.nl" />
+	<target host="p8h.co" />
+	<target host="p8m.in" />
+	<target host="p90gold.ml" />
+	<target host="p9m.it" />
+	<target host="pa.ag" />
+	<target host="pa.nache.fr" />
+	<target host="paas.ly" />
+	<target host="pablofa.in" />
+	<target host="pablov.eu" />
+	<target host="pabloygl.es" />
+	<target host="pac12.me" />
+	<target host="paca.io" />
+	<target host="pacev.co" />
+	<target host="pacif.co" />
+	<target host="pacific.to" />
+	<target host="pack316.org" />
+	<target host="pacnwgifts.com" />
+	<target host="paco.pet" />
+	<target host="pactified.com" />
+	<target host="pacunion.us" />
+	<target host="pad.mn" />
+	<target host="pad.seajade.com" />
+	<target host="padlifter2.com" />
+	<target host="padpub.us" />
+	<target host="paf.news" />
+	<target host="pafish.me" />
+	<target host="pagano.events" />
+	<target host="pages.goswm.com" />
+	<target host="pags.io" />
+	<target host="pahp.me" />
+	<target host="pahq.co" />
+	<target host="painte.rs" />
+	<target host="painty.com" />
+	<target host="pajon.es" />
+	<target host="pak.horse" />
+	<target host="palada.re" />
+	<target host="paladin.fm" />
+	<target host="palavra.in" />
+	<target host="paleo.co" />
+	<target host="paleo.li" />
+	<target host="paleolc.com" />
+	<target host="paleom.ag" />
+	<target host="palm.bet" />
+	<target host="paman.tk" />
+	<target host="pand.as" />
+	<target host="panda.ly" />
+	<target host="panda.today" />
+	<target host="pandadoc.cc" />
+	<target host="pandango.ml" />
+	<target host="pandangofix.ml" />
+	<target host="pandp.club" />
+	<target host="pandu.it" />
+	<target host="pangkatdua.ml" />
+	<target host="panic.life" />
+	<target host="panichd.ml" />
+	<target host="panop.to" />
+	<target host="pans.ai" />
+	<target host="pantag.es" />
+	<target host="panthercamp.net" />
+	<target host="paoc.me" />
+	<target host="paokfc.mobi" />
+	<target host="paolive.at" />
+	<target host="papalliance.it" />
+	<target host="papaya.link" />
+	<target host="pape.rs" />
+	<target host="paperless.ly" />
+	<target host="paperm.art" />
+	<target host="paperstre.am" />
+	<target host="papir.ms" />
+	<target host="papke.me" />
+	<target host="papp.ca" />
+	<target host="paprb.ac" />
+	<target host="papz.ml" />
+	<target host="paq.cz" />
+	<target host="parad.is" />
+	<target host="paradi.link" />
+	<target host="paradiso.click" />
+	<target host="paragu.ai" />
+	<target host="parallls.co" />
+	<target host="paramt.ca" />
+	<target host="paramt.co" />
+	<target host="parchmentmag.uk" />
+	<target host="pard.ee" />
+	<target host="pardr.one" />
+	<target host="parealt.rs" />
+	<target host="parfum4k.ml" />
+	<target host="parimat.ch" />
+	<target host="pariste.ch" />
+	<target host="parkandgo.uk" />
+	<target host="parkb.it" />
+	<target host="parkdodg.us" />
+	<target host="parkertour.us" />
+	<target host="parkhere.sydney" />
+	<target host="parkj.in" />
+	<target host="parkncu.be" />
+	<target host="parkpnp.co" />
+	<target host="parks.coffee" />
+	<target host="parkthe.at" />
+	<target host="parkwest.life" />
+	<target host="parkz.in" />
+	<target host="parl.ch" />
+	<target host="parlour.tours" />
+	<target host="parm.us" />
+	<target host="parnl.me" />
+	<target host="parra.club" />
+	<target host="parrisdesign.co" />
+	<target host="parrish.pro" />
+	<target host="parsec.digital" />
+	<target host="partena.to" />
+	<target host="particuba.org" />
+	<target host="parties-hd.ml" />
+	<target host="partiya.me" />
+	<target host="party-hd.tk" />
+	<target host="pasertvs.ml" />
+	<target host="pasha.bz" />
+	<target host="pass.ag" />
+	<target host="pass.icard.am" />
+	<target host="pass.pt" />
+	<target host="passplay.tk" />
+	<target host="past.io" />
+	<target host="patcash.link" />
+	<target host="patcholo.gy" />
+	<target host="paten.to" />
+	<target host="patentg.uy" />
+	<target host="pathpost.co" />
+	<target host="patientport.al" />
+	<target host="patm.sg" />
+	<target host="patntadvsr.co" />
+	<target host="patr.gdn" />
+	<target host="patrck.nl" />
+	<target host="patreon.blog" />
+	<target host="patrickcin.es" />
+	<target host="patriotspt.org" />
+	<target host="patriziape.pe" />
+	<target host="patrolo.gy" />
+	<target host="patt.dental" />
+	<target host="patt.vet" />
+	<target host="pattnet.us" />
+	<target host="pau.by" />
+	<target host="paul.camp" />
+	<target host="paul.loak.org" />
+	<target host="paul.my" />
+	<target host="paul.reny.me" />
+	<target host="paulh.us" />
+	<target host="paulm.in" />
+	<target host="paulof.com" />
+	<target host="pauloogle.it" />
+	<target host="paulrees.me" />
+	<target host="paulwennis.me" />
+	<target host="pavelun.gr" />
+	<target host="pavi.li" />
+	<target host="pawpac.news" />
+	<target host="paws.hk" />
+	<target host="pawst.ru" />
+	<target host="paxex.me" />
+	<target host="paxson.me" />
+	<target host="pay.allabrd.com" />
+	<target host="pay.booksy.net" />
+	<target host="pay.kgspr.com" />
+	<target host="pay.melee.ninja" />
+	<target host="pay.q-u.co" />
+	<target host="pay.rechnor.com" />
+	<target host="payc.me" />
+	<target host="payette.co" />
+	<target host="payke.info" />
+	<target host="payltr.in" />
+	<target host="payma.sh" />
+	<target host="paymt.ly" />
+	<target host="paynr.co" />
+	<target host="paystand.me" />
+	<target host="pb.casaschi.net" />
+	<target host="pbc.fyi" />
+	<target host="pbc.la" />
+	<target host="pbc.re" />
+	<target host="pbcham.ps" />
+	<target host="pbe.cx" />
+	<target host="pbell.co" />
+	<target host="pbev.in" />
+	<target host="pbg.li" />
+	<target host="pbgrp.link" />
+	<target host="pbh.cc" />
+	<target host="pbi.bz" />
+	<target host="pbiz.me" />
+	<target host="pbj.im" />
+	<target host="pbl.cm" />
+	<target host="pblx.us" />
+	<target host="pbp.cloud" />
+	<target host="pbpb.in" />
+	<target host="pbpo.st" />
+	<target host="pbra.in" />
+	<target host="pbrelink.com" />
+	<target host="pbro.io" />
+	<target host="pbs.li" />
+	<target host="pbst.cc" />
+	<target host="pbym.co" />
+	<target host="pc-t.in" />
+	<target host="pc.nick.com" />
+	<target host="pc2a.info" />
+	<target host="pcbc.it" />
+	<target host="pcc.coop" />
+	<target host="pccapply.com" />
+	<target host="pccc.me" />
+	<target host="pcct.me" />
+	<target host="pcdi.ly" />
+	<target host="pcevents.com.au" />
+	<target host="pcgw.org" />
+	<target host="pcgzhi.com" />
+	<target host="pch.im" />
+	<target host="pchg.uk" />
+	<target host="pci.fyi" />
+	<target host="pck.rs" />
+	<target host="pcktu.com" />
+	<target host="pcl.digital" />
+	<target host="pcm.link" />
+	<target host="pcma.co" />
+	<target host="pcmatic.me" />
+	<target host="pcmatic.us" />
+	<target host="pcnx.co" />
+	<target host="pco.lt" />
+	<target host="pcoffee.co" />
+	<target host="pcom.ml" />
+	<target host="pcos.ch" />
+	<target host="pcpro.link" />
+	<target host="pcr.io" />
+	<target host="pcrd.co" />
+	<target host="pcrnch.com" />
+	<target host="pcs.tv" />
+	<target host="pcskin.care" />
+	<target host="pcste.ps" />
+	<target host="pcsvcs.org" />
+	<target host="pculr.com" />
+	<target host="pczn.us" />
+	<target host="pd.bsd4u.com" />
+	<target host="pd.incb.us" />
+	<target host="pd4s.uk" />
+	<target host="pdcomedia.com" />
+	<target host="pdcst.in" />
+	<target host="pdev.co" />
+	<target host="pdi.gr" />
+	<target host="pdig.me" />
+	<target host="pdiy.co" />
+	<target host="pdjrnl.com" />
+	<target host="pdl8.co" />
+	<target host="pdmbw.nl" />
+	<target host="pdn.im" />
+	<target host="pdna.me" />
+	<target host="pdoc.es" />
+	<target host="pdog.me" />
+	<target host="pdora.co" />
+	<target host="pdp.one" />
+	<target host="pdpnt.com" />
+	<target host="pdpnt.uk" />
+	<target host="pdr.li" />
+	<target host="pdr.nl" />
+	<target host="pds.gd" />
+	<target host="pdsb.me" />
+	<target host="pdscott.co" />
+	<target host="pdu.lu" />
+	<target host="pduty.me" />
+	<target host="pdv.link" />
+	<target host="pdxhwk.us" />
+	<target host="pdxint.at" />
+	<target host="pdxinv.us" />
+	<target host="pe-t.ch" />
+	<target host="pe.cheur.fr" />
+	<target host="pe.ga" />
+	<target host="pe.liternet.ro" />
+	<target host="peakgam.es" />
+	<target host="pearlsilk.link" />
+	<target host="peas.es" />
+	<target host="pebln.de" />
+	<target host="pece.o2.cz" />
+	<target host="ped.li" />
+	<target host="pedag.ga" />
+	<target host="pediabot.me" />
+	<target host="pediatrip.xyz" />
+	<target host="pedroventura.es" />
+	<target host="peek.al" />
+	<target host="peer.fit" />
+	<target host="peerl.es" />
+	<target host="peety.co" />
+	<target host="pef.io" />
+	<target host="pei2.me" />
+	<target host="peintag.one" />
+	<target host="pejuangcinta.ml" />
+	<target host="pelagos.digital" />
+	<target host="pelck.me" />
+	<target host="peliculasflv.ml" />
+	<target host="pelink.us" />
+	<target host="pelo.si" />
+	<target host="pelo.tl" />
+	<target host="peltier.us" />
+	<target host="pemphig.us" />
+	<target host="pen.fo" />
+	<target host="pen.live" />
+	<target host="penart.org" />
+	<target host="pendol.in" />
+	<target host="peng.fish" />
+	<target host="penge.ms" />
+	<target host="penic.uk" />
+	<target host="penn.io" />
+	<target host="pennh.cc" />
+	<target host="pennif.red" />
+	<target host="pennmasa.la" />
+	<target host="pens.pe" />
+	<target host="penso.me" />
+	<target host="pentest.link" />
+	<target host="penuw.info" />
+	<target host="penw.ws" />
+	<target host="peo.us.com" />
+	<target host="peopli.se" />
+	<target host="peos.org" />
+	<target host="pep.sh" />
+	<target host="pep.si" />
+	<target host="pepe.ag" />
+	<target host="pepr.io" />
+	<target host="pepsi.co" />
+	<target host="per.im" />
+	<target host="perce.be" />
+	<target host="perch.fi" />
+	<target host="perdawn.com" />
+	<target host="peres-tvsae.ml" />
+	<target host="perez.digital" />
+	<target host="perfect4k.ml" />
+	<target host="perfht.ml" />
+	<target host="perfo.in" />
+	<target host="pergi.lagi.ga" />
+	<target host="peri.pw" />
+	<target host="perif.media" />
+	<target host="permalink.ca" />
+	<target host="permit.by" />
+	<target host="pernasoppa.net" />
+	<target host="perq.us" />
+	<target host="perthfe.st" />
+	<target host="perthne.ws" />
+	<target host="pertica.link" />
+	<target host="perv.city" />
+	<target host="pes.ca" />
+	<target host="pesathd.ml" />
+	<target host="pescor.eu" />
+	<target host="peser-tvsae.ml" />
+	<target host="pesex.ml" />
+	<target host="petar.cl" />
+	<target host="petart.me" />
+	<target host="petbliss.biz" />
+	<target host="petcu.be" />
+	<target host="petcu.re" />
+	<target host="pete.pro" />
+	<target host="petfndr.co" />
+	<target host="petgate4.info" />
+	<target host="petit.link" />
+	<target host="petmood.me" />
+	<target host="petro.li" />
+	<target host="petsq.re" />
+	<target host="petsr.eu" />
+	<target host="pettech.me" />
+	<target host="pettycri.me" />
+	<target host="petv.co" />
+	<target host="petva.lu" />
+	<target host="petx.pk" />
+	<target host="petyard4.info" />
+	<target host="pew.org" />
+	<target host="pewpewpew.com" />
+	<target host="pewrsr.ch" />
+	<target host="pex.me" />
+	<target host="peytz.co" />
+	<target host="peyut.ml" />
+	<target host="pezn.tv" />
+	<target host="pf.is" />
+	<target host="pf.style" />
+	<target host="pf1.es" />
+	<target host="pfau.biz" />
+	<target host="pfauth.nu" />
+	<target host="pfbd.uk" />
+	<target host="pfcycl.es" />
+	<target host="pfdry.me" />
+	<target host="pffoc.us" />
+	<target host="pfg.im" />
+	<target host="pfh.ro" />
+	<target host="pfiff.us" />
+	<target host="pfk.technology" />
+	<target host="pfl.ag" />
+	<target host="pfl.im" />
+	<target host="pflaum.co" />
+	<target host="pformu.la" />
+	<target host="pfre.us" />
+	<target host="pfs-access.com" />
+	<target host="pfseagleeye.com" />
+	<target host="pfsoci.al" />
+	<target host="pfts.nl" />
+	<target host="pfu.li" />
+	<target host="pg4.in" />
+	<target host="pgc.cc" />
+	<target host="pgcd.co" />
+	<target host="pge.sx" />
+	<target host="pgehr.es" />
+	<target host="pghzoo.me" />
+	<target host="pgim.co" />
+	<target host="pgm.buzz" />
+	<target host="pgm.golf" />
+	<target host="pgn.me" />
+	<target host="pgnd.us" />
+	<target host="pgobr.com" />
+	<target host="pgraf.eu" />
+	<target host="pgre.co" />
+	<target host="pgrs.in" />
+	<target host="pgskn.ch" />
+	<target host="pgsltg.co" />
+	<target host="pgully.com" />
+	<target host="pguy.in" />
+	<target host="pgvz.io" />
+	<target host="ph-ilo.com" />
+	<target host="ph1.sh" />
+	<target host="phase.to" />
+	<target host="phashion.me" />
+	<target host="phastid.io" />
+	<target host="phay.ml" />
+	<target host="phcc.co" />
+	<target host="phej.co" />
+	<target host="phen.info" />
+	<target host="phfam.us" />
+	<target host="phgd.es" />
+	<target host="phi.sx" />
+	<target host="phide.lt" />
+	<target host="phieagl.es" />
+	<target host="phil-a.ge" />
+	<target host="phil-lui.de" />
+	<target host="phil.mobi" />
+	<target host="philc.us" />
+	<target host="philho.yt" />
+	<target host="philips.to" />
+	<target host="phillyh2o.info" />
+	<target host="philos.city" />
+	<target host="philp.al" />
+	<target host="philterpr.com" />
+	<target host="phin.biz" />
+	<target host="phin.ws" />
+	<target host="phis.ch" />
+	<target host="phiun.it" />
+	<target host="phks.co" />
+	<target host="phl.ltd" />
+	<target host="phll.ps" />
+	<target host="phlm.cc" />
+	<target host="phlp.be" />
+	<target host="phlvb.com" />
+	<target host="phmc.info" />
+	<target host="phmia.co" />
+	<target host="phnrbtl.co.uk" />
+	<target host="phnxs.nl" />
+	<target host="phoc.as" />
+	<target host="phoenixyoga.pro" />
+	<target host="phoeti.co" />
+	<target host="phom.xyz" />
+	<target host="phoole.rocks" />
+	<target host="photo-rlh.com" />
+	<target host="photo.p0p0v.ru" />
+	<target host="photo.yt" />
+	<target host="photobooks.link" />
+	<target host="photoboothto.co" />
+	<target host="photogr.fr" />
+	<target host="photomaniafx.me" />
+	<target host="photontic.link" />
+	<target host="photosp.uk" />
+	<target host="phoukka.org" />
+	<target host="phowo.co" />
+	<target host="phpa.me" />
+	<target host="phpc.ws" />
+	<target host="phpj.be" />
+	<target host="phpsugar.me" />
+	<target host="phre.am" />
+	<target host="phrmdr.me" />
+	<target host="phrmwb.com" />
+	<target host="phryanjr.co" />
+	<target host="phs.to" />
+	<target host="phsvce.tk" />
+	<target host="pht.io" />
+	<target host="phtr.co" />
+	<target host="phtrns.it" />
+	<target host="phu.fyi" />
+	<target host="phuochuy.com" />
+	<target host="phw.nu" />
+	<target host="phx.tf" />
+	<target host="phy.li" />
+	<target host="physiol.gy" />
+	<target host="physiowpg.news" />
+	<target host="phyx.es" />
+	<target host="pianhd.ml" />
+	<target host="pianistm.ag" />
+	<target host="pianoyuki.co" />
+	<target host="pic-gallery.org" />
+	<target host="pic.fritz.im" />
+	<target host="pic.la" />
+	<target host="pic.mathi.eu" />
+	<target host="picdor.co" />
+	<target host="pick.pink" />
+	<target host="picka.link" />
+	<target host="pickastream.ml" />
+	<target host="pickle.design" />
+	<target host="pickr.xyz" />
+	<target host="picniq.uk" />
+	<target host="pico.ly" />
+	<target host="picsea.me" />
+	<target host="picta.link" />
+	<target host="picturetv.ml" />
+	<target host="pid.monde.green" />
+	<target host="pig.tips" />
+	<target host="pigeon.to" />
+	<target host="piku.la" />
+	<target host="pil-res.com" />
+	<target host="pilatesyoga.uk" />
+	<target host="pillgp.tk" />
+	<target host="pilly.net" />
+	<target host="pim.fyi" />
+	<target host="pin.im" />
+	<target host="pin.lu" />
+	<target host="pina.work" />
+	<target host="pinatti.org" />
+	<target host="pinewood.me" />
+	<target host="pinews.co" />
+	<target host="pingpong.ua" />
+	<target host="pingu.im" />
+	<target host="pinkly.tk" />
+	<target host="pinkm.tv" />
+	<target host="pinkoi.me" />
+	<target host="pinkp.tv" />
+	<target host="pinkpl.us" />
+	<target host="pinlnk.co" />
+	<target host="pinn.link" />
+	<target host="pinnovat.es" />
+	<target host="pinntele.com" />
+	<target host="pinos.im" />
+	<target host="pinoy9.tk" />
+	<target host="pins.tips" />
+	<target host="pinsco.pe" />
+	<target host="pinz.co" />
+	<target host="pinz.me" />
+	<target host="piol.in" />
+	<target host="pipe.li" />
+	<target host="pipeline.ink" />
+	<target host="pipers.sc" />
+	<target host="pipr.co" />
+	<target host="piras.bz" />
+	<target host="pisc.me" />
+	<target host="pistolsfir.in" />
+	<target host="pit.vc" />
+	<target host="pitchford.co" />
+	<target host="pitchi.it" />
+	<target host="pitd.io" />
+	<target host="piteedo.com" />
+	<target host="pitiq.tv" />
+	<target host="pititch.at" />
+	<target host="piv.al" />
+	<target host="pivic.com" />
+	<target host="pivothd.com" />
+	<target host="pivotpt.co" />
+	<target host="pix.rlives.in" />
+	<target host="pix4.me" />
+	<target host="pixal.at" />
+	<target host="pixcrft.tk" />
+	<target host="pixe.lt" />
+	<target host="pixel8.cloud" />
+	<target host="pixelmon.io" />
+	<target host="pixi.biz" />
+	<target host="pixl13.com" />
+	<target host="pixld.in" />
+	<target host="pixlz.it" />
+	<target host="pixta.st" />
+	<target host="pizzabottle.co" />
+	<target host="pizzazz.re" />
+	<target host="pj.pizza" />
+	<target host="pjain.co" />
+	<target host="pjb3.me" />
+	<target host="pjblack.me" />
+	<target host="pjc.co" />
+	<target host="pjg.life" />
+	<target host="pjga.me" />
+	<target host="pjnk.co" />
+	<target host="pjok.tk" />
+	<target host="pjpmkt.pl" />
+	<target host="pjsi.ps" />
+	<target host="pjt.rs" />
+	<target host="pjtv.io" />
+	<target host="pk4.md" />
+	<target host="pkblog.it" />
+	<target host="pkfcp.uk" />
+	<target host="pkkn.tk" />
+	<target host="pkpla.net" />
+	<target host="pkra.us" />
+	<target host="pkrlynch.us" />
+	<target host="pkrn.ws" />
+	<target host="pksl.tv" />
+	<target host="pkts.co" />
+	<target host="pkvrtx.com" />
+	<target host="pkwa.re" />
+	<target host="pkweb.ch" />
+	<target host="pkwy.info" />
+	<target host="pl.com.gt" />
+	<target host="pl.legal" />
+	<target host="pl3tok.ml" />
+	<target host="places.studio" />
+	<target host="plaine.stream" />
+	<target host="planau.me" />
+	<target host="pland.me" />
+	<target host="plantwi.se" />
+	<target host="plaste.rs" />
+	<target host="plat.fm" />
+	<target host="plated.me" />
+	<target host="platem.ag" />
+	<target host="plattetv.nu" />
+	<target host="platzr.it" />
+	<target host="play-hbo.cf" />
+	<target host="play-now.cf" />
+	<target host="play-thetvdb.ml" />
+	<target host="play-tvhd.ml" />
+	<target host="play-tvs.cf" />
+	<target host="play-tvs.gq" />
+	<target host="play.bgrap.ch" />
+	<target host="play.cinema7.cf" />
+	<target host="play.cinema9.gq" />
+	<target host="play.huuu.ge" />
+	<target host="play.st" />
+	<target host="playentry.ga" />
+	<target host="playerstribu.ne" />
+	<target host="playflix.ga" />
+	<target host="playgroundne.ws" />
+	<target host="playhere.ml" />
+	<target host="playing-hd.tk" />
+	<target host="playing.gq" />
+	<target host="playing2017.ml" />
+	<target host="playlabs.co" />
+	<target host="playload.ml" />
+	<target host="playluc.ky" />
+	<target host="playm.cc" />
+	<target host="playmov.ml" />
+	<target host="playnow.co.vu" />
+	<target host="playnow.ga" />
+	<target host="playnow.gq" />
+	<target host="playnowhd.ml" />
+	<target host="playpau.se" />
+	<target host="playroyal.house" />
+	<target host="playsense.kr" />
+	<target host="playseries.ga" />
+	<target host="playseries.gq" />
+	<target host="playseries.ml" />
+	<target host="playshuttle.me" />
+	<target host="playsi.no" />
+	<target host="playstn.asia" />
+	<target host="playstream.ml" />
+	<target host="playstreamhq.ml" />
+	<target host="playte.ch" />
+	<target host="playtvs.ml" />
+	<target host="playtvseries.ml" />
+	<target host="playy.ga" />
+	<target host="plband.co" />
+	<target host="plbt.uk" />
+	<target host="plby.de" />
+	<target host="plbz.it" />
+	<target host="plc-jspg.link" />
+	<target host="plc.li" />
+	<target host="plcl.co" />
+	<target host="plcstr.com" />
+	<target host="plcy.co" />
+	<target host="plcylk.org" />
+	<target host="pldn.co" />
+	<target host="pledgefor.life" />
+	<target host="plen.tl" />
+	<target host="plenone.ws" />
+	<target host="ples.ovh" />
+	<target host="plews.gd" />
+	<target host="plex.is" />
+	<target host="plex.moe" />
+	<target host="plhair.co" />
+	<target host="pli.si" />
+	<target host="plise.info" />
+	<target host="plissme.ga" />
+	<target host="plk.tn" />
+	<target host="plm.to" />
+	<target host="plmc.co" />
+	<target host="plnk.co" />
+	<target host="plno.be" />
+	<target host="plnt.sv" />
+	<target host="plnx.in" />
+	<target host="plor.in" />
+	<target host="plos.io" />
+	<target host="plotlin.es" />
+	<target host="plpro.pl" />
+	<target host="plr.vn" />
+	<target host="plrm.in" />
+	<target host="plrm.me" />
+	<target host="plrn.io" />
+	<target host="plrsig.ht" />
+	<target host="plrx.gs" />
+	<target host="plsn.me" />
+	<target host="plspt.de" />
+	<target host="plsrm.ag" />
+	<target host="plstc.uk" />
+	<target host="plstr.co" />
+	<target host="pltx.us" />
+	<target host="pluc.co" />
+	<target host="plum.media" />
+	<target host="plunderpirat.es" />
+	<target host="plusboxiptv.net" />
+	<target host="plusmtl.link" />
+	<target host="plusroi.co" />
+	<target host="pluss.io" />
+	<target host="plvn.cz" />
+	<target host="plvtr.com" />
+	<target host="plwi.fi" />
+	<target host="plxa.de" />
+	<target host="plxr.io" />
+	<target host="plxr.uk" />
+	<target host="ply.bz" />
+	<target host="ply.li" />
+	<target host="plyby.sh" />
+	<target host="plyc.be" />
+	<target host="plymu.ni" />
+	<target host="plyr.in" />
+	<target host="plyr.tv" />
+	<target host="plyvnyl.co" />
+	<target host="plzbrsh.us" />
+	<target host="pm-g.me" />
+	<target host="pm30.vc" />
+	<target host="pma.im" />
+	<target host="pmab.co" />
+	<target host="pmag.co" />
+	<target host="pmallet.me" />
+	<target host="pmara.cz" />
+	<target host="pmc.io" />
+	<target host="pmcache.co" />
+	<target host="pmdd.life" />
+	<target host="pmj.am" />
+	<target host="pmknbch.com" />
+	<target host="pmkrs.co" />
+	<target host="pmlo.co" />
+	<target host="pmpg.link" />
+	<target host="pmrow.la" />
+	<target host="pmrx.me" />
+	<target host="pmsfl.us" />
+	<target host="pnc.bsal.com.np" />
+	<target host="pnc.co" />
+	<target host="pnca.se" />
+	<target host="pnch.it" />
+	<target host="pnch.us" />
+	<target host="pnchng.cloud" />
+	<target host="pnda.me" />
+	<target host="pndcvln.co" />
+	<target host="pndt.de" />
+	<target host="pne.li" />
+	<target host="png.dm" />
+	<target host="pnga.co" />
+	<target host="pngn.link" />
+	<target host="pnkn.ws" />
+	<target host="pnn.cl" />
+	<target host="pnnx.es" />
+	<target host="pnpp.co" />
+	<target host="pnpr.jp" />
+	<target host="pnrhms.us" />
+	<target host="pnsne.ws" />
+	<target host="pnt.hn" />
+	<target host="pnt.so" />
+	<target host="pntg.net" />
+	<target host="pntlbs.co" />
+	<target host="pnuk.co" />
+	<target host="pnut.me" />
+	<target host="pnx.me" />
+	<target host="poandson.com" />
+	<target host="pobl.co" />
+	<target host="poc.fyi" />
+	<target host="poci.us" />
+	<target host="pod.pet" />
+	<target host="podc.club" />
+	<target host="podhelp.me" />
+	<target host="podplnr.co" />
+	<target host="podre.co" />
+	<target host="podz.info" />
+	<target host="poetic.life" />
+	<target host="pogo.house" />
+	<target host="pogose.at" />
+	<target host="poht.info" />
+	<target host="poi.run" />
+	<target host="pointit.co" />
+	<target host="poip.es" />
+	<target host="pojonews.co" />
+	<target host="pokecon.link" />
+	<target host="pokena.me" />
+	<target host="pokespawn.co" />
+	<target host="pol.mn" />
+	<target host="pol.sh" />
+	<target host="pole.fyi" />
+	<target host="policewolf.co" />
+	<target host="polimedia.info" />
+	<target host="polite.pw" />
+	<target host="politi.co" />
+	<target host="politico.pro" />
+	<target host="polkac.at" />
+	<target host="polkadb.com" />
+	<target host="pollc.art" />
+	<target host="polle.me" />
+	<target host="pollst.at" />
+	<target host="polosan.club" />
+	<target host="polyv.re" />
+	<target host="pom.me" />
+	<target host="pom.nu" />
+	<target host="pomp.as" />
+	<target host="pon.email" />
+	<target host="pon.gl" />
+	<target host="pond.bz" />
+	<target host="ponews.co" />
+	<target host="poney.love" />
+	<target host="pono.net" />
+	<target host="pons.us" />
+	<target host="poobah.uk" />
+	<target host="poofy.land" />
+	<target host="poolworldwi.de" />
+	<target host="pop.pr" />
+	<target host="popa.ca" />
+	<target host="popchi.ps" />
+	<target host="popcornflix.ml" />
+	<target host="popcriti.ca" />
+	<target host="pophr.info" />
+	<target host="popm.at" />
+	<target host="popma.lt" />
+	<target host="popmuer.to" />
+	<target host="poprnt.pl" />
+	<target host="popshort.com" />
+	<target host="popsqt.ch" />
+	<target host="popte.ch" />
+	<target host="poptv.ml" />
+	<target host="popular-tvs.ml" />
+	<target host="popular2017.ml" />
+	<target host="popularhd.cf" />
+	<target host="popularhd.ga" />
+	<target host="popularshow.ml" />
+	<target host="populartv.cf" />
+	<target host="populartv.ml" />
+	<target host="populer.ga" />
+	<target host="popz.ga" />
+	<target host="por.grudiz.es" />
+	<target host="porh.me" />
+	<target host="porntu.be" />
+	<target host="portent.co" />
+	<target host="portfo.ly" />
+	<target host="portfoleo.jobs" />
+	<target host="portl.me" />
+	<target host="portma.net" />
+	<target host="portnoy.co" />
+	<target host="porya.dk" />
+	<target host="posbiz.info" />
+	<target host="posh.so" />
+	<target host="poslife.me" />
+	<target host="post.cr" />
+	<target host="post.dgnx.co" />
+	<target host="post.et-nos.de" />
+	<target host="post.gco.gov.qa" />
+	<target host="post.spl.org" />
+	<target host="post20brav.es" />
+	<target host="postck.com" />
+	<target host="postdispat.ch" />
+	<target host="potd.es" />
+	<target host="potg.co" />
+	<target host="potins.co" />
+	<target host="potion.in" />
+	<target host="potom.ac" />
+	<target host="potters.io" />
+	<target host="poupe.info" />
+	<target host="pour.5euros.com" />
+	<target host="pous.se" />
+	<target host="pow.li" />
+	<target host="powerwa.sh" />
+	<target host="powwo.ws" />
+	<target host="poy.nu" />
+	<target host="poz.si" />
+	<target host="pozitif.site" />
+	<target host="pp.sanitatem.mx" />
+	<target host="ppact.io" />
+	<target host="ppadv.co" />
+	<target host="ppai.us" />
+	<target host="pparty.at" />
+	<target host="ppatel.me" />
+	<target host="ppbcc.co" />
+	<target host="ppcd.co" />
+	<target host="ppet.ro" />
+	<target host="ppf.bz" />
+	<target host="ppgre.net" />
+	<target host="pphayel.cf" />
+	<target host="pphm.direct" />
+	<target host="ppixel.net" />
+	<target host="ppj.st" />
+	<target host="ppk.li" />
+	<target host="ppl.agency" />
+	<target host="ppl.army" />
+	<target host="ppl.fun" />
+	<target host="ppm.fyi" />
+	<target host="ppmd.info" />
+	<target host="ppmdeals.co" />
+	<target host="ppmkg.com" />
+	<target host="ppmrc.me" />
+	<target host="ppolly.com" />
+	<target host="pprpl.co" />
+	<target host="pprzzi.de" />
+	<target host="ppst.co" />
+	<target host="pptcrea.tv" />
+	<target host="pptm.tk" />
+	<target host="pptng.it" />
+	<target host="ppvt.pro" />
+	<target host="ppweb.co" />
+	<target host="pq.systems" />
+	<target host="pqn.io" />
+	<target host="pqsent.me" />
+	<target host="pquent.in" />
+	<target host="pr.books2-1.com" />
+	<target host="pr.photozou.jp" />
+	<target host="pr.shapewlb.com" />
+	<target host="pr4bu.ml" />
+	<target host="pr4l0n.ga" />
+	<target host="pradee.ps" />
+	<target host="pradeep.co" />
+	<target host="praee.com" />
+	<target host="prandible.tips" />
+	<target host="prateeks.link" />
+	<target host="pratt.in" />
+	<target host="prawna.pl" />
+	<target host="praxell.cards" />
+	<target host="pray.dm" />
+	<target host="prayr.cc" />
+	<target host="prazor.media" />
+	<target host="prbb.in" />
+	<target host="prblm.in" />
+	<target host="prbymargo.biz" />
+	<target host="prcc.us" />
+	<target host="prchs.me" />
+	<target host="prchwl.re" />
+	<target host="prcp.io" />
+	<target host="prd.to" />
+	<target host="prdbl.co" />
+	<target host="prdctvd.net" />
+	<target host="prdn.co" />
+	<target host="prdo.me" />
+	<target host="prds.io" />
+	<target host="pre-kpag.es" />
+	<target host="prec.is" />
+	<target host="precr.af" />
+	<target host="predii.ly" />
+	<target host="pree.gq" />
+	<target host="preel.co" />
+	<target host="preemie.us" />
+	<target host="preenme.co" />
+	<target host="prefac.es" />
+	<target host="prek.co" />
+	<target host="premieretv.ml" />
+	<target host="preminc.us" />
+	<target host="premium.movie" />
+	<target host="presci.us" />
+	<target host="presinst.link" />
+	<target host="press.sn" />
+	<target host="pressimply.io" />
+	<target host="prethics.com" />
+	<target host="prev.tv" />
+	<target host="preview.is" />
+	<target host="prf.me" />
+	<target host="prfctennis.com" />
+	<target host="prfctprofl.net" />
+	<target host="prfm.cf" />
+	<target host="prfnd.co" />
+	<target host="prfr.co" />
+	<target host="prg.rocks" />
+	<target host="prgo.me" />
+	<target host="prgp.us" />
+	<target host="prgress.co" />
+	<target host="prgrssve.us" />
+	<target host="prhty.us" />
+	<target host="pride-at.work" />
+	<target host="pride.sh" />
+	<target host="pridez.us" />
+	<target host="prieve.me" />
+	<target host="prikitiew.ml" />
+	<target host="prim.social" />
+	<target host="primal.ly" />
+	<target host="prime-time.ml" />
+	<target host="primefox.in" />
+	<target host="primo.fyi" />
+	<target host="primolina.tk" />
+	<target host="princey.me" />
+	<target host="prindi.co" />
+	<target host="printem.ps" />
+	<target host="printservic.es" />
+	<target host="printso.me" />
+	<target host="prisc.me" />
+	<target host="prismbtq.co" />
+	<target host="pristi.ne" />
+	<target host="prj.be" />
+	<target host="prkrtylr.me" />
+	<target host="prks.io" />
+	<target host="prks.org" />
+	<target host="prky.me" />
+	<target host="prl.si" />
+	<target host="prld.it" />
+	<target host="prld.pl" />
+	<target host="prlf.eu" />
+	<target host="prlsgk.us" />
+	<target host="prly.co" />
+	<target host="prm.pm" />
+	<target host="prmlg.ht" />
+	<target host="prmm.pl" />
+	<target host="prmnt.net" />
+	<target host="prmr.ec" />
+	<target host="prmr.ly" />
+	<target host="prms.ca" />
+	<target host="prn.la" />
+	<target host="prn.to" />
+	<target host="prnew.se" />
+	<target host="prnk.co" />
+	<target host="prnt.at" />
+	<target host="prnv.me" />
+	<target host="pro.wedding" />
+	<target host="probably.rocks" />
+	<target host="problo.gr" />
+	<target host="prochur.ch" />
+	<target host="proclaim.nu" />
+	<target host="proco.re" />
+	<target host="prod4khd.ml" />
+	<target host="prodavin.ci" />
+	<target host="prodc.in" />
+	<target host="proddigital.co" />
+	<target host="prodinfos.top" />
+	<target host="productfor.ge" />
+	<target host="prof.ar.it" />
+	<target host="prof.yt" />
+	<target host="profection.al" />
+	<target host="profis.ee" />
+	<target host="profitac.ca" />
+	<target host="profnd.co" />
+	<target host="profrussell.net" />
+	<target host="progay.us" />
+	<target host="progd.me" />
+	<target host="progeny.link" />
+	<target host="progma.us" />
+	<target host="progolog.rocks" />
+	<target host="proi.me" />
+	<target host="projmap.org" />
+	<target host="prokid.info" />
+	<target host="prol.in" />
+	<target host="prolo.gs" />
+	<target host="promax.tv" />
+	<target host="promedcon.pro" />
+	<target host="promlo.com" />
+	<target host="promo-tv.ga" />
+	<target host="promo.d-noy.net" />
+	<target host="promobra.in" />
+	<target host="promocerto.com" />
+	<target host="promos-hd.ml" />
+	<target host="promos-tv1.ml" />
+	<target host="promos-tvhd.ml" />
+	<target host="promoshow.ga" />
+	<target host="promoshow.gq" />
+	<target host="promoti.es" />
+	<target host="promusic.tech" />
+	<target host="proof.ly" />
+	<target host="proofdiet.me" />
+	<target host="proofing.top" />
+	<target host="prop.pe" />
+	<target host="prop.red" />
+	<target host="propgk.uk" />
+	<target host="proph.se" />
+	<target host="prophot.fr" />
+	<target host="proposi.to" />
+	<target host="proptrav.co" />
+	<target host="propub.li" />
+	<target host="propx.us" />
+	<target host="prorefer.ee" />
+	<target host="prosp.it" />
+	<target host="prosume.rs" />
+	<target host="protct.me" />
+	<target host="protonrad.io" />
+	<target host="protube.co.vu" />
+	<target host="protv.pw" />
+	<target host="proty.in" />
+	<target host="proud4christ.us" />
+	<target host="prov.ly" />
+	<target host="prov.pub" />
+	<target host="proverbs.es" />
+	<target host="provo.io" />
+	<target host="provolib.com" />
+	<target host="prow.ly" />
+	<target host="proy.ca" />
+	<target host="prppr.com" />
+	<target host="prpwz.com" />
+	<target host="prqd.co" />
+	<target host="prrll.com" />
+	<target host="prrm.ws" />
+	<target host="prs.cgilink.org" />
+	<target host="prs.do" />
+	<target host="prs.pctvix.co" />
+	<target host="prsde.us" />
+	<target host="prsh.ir" />
+	<target host="prsly.me" />
+	<target host="prsmfs.co" />
+	<target host="prsmn.de" />
+	<target host="prsp.ac" />
+	<target host="prst.ca" />
+	<target host="prstf.co" />
+	<target host="prstg.co" />
+	<target host="prsto.info" />
+	<target host="prt.io" />
+	<target host="prt.land" />
+	<target host="prtf.co" />
+	<target host="prtk.ca" />
+	<target host="prtn.rs" />
+	<target host="prtnrs.us" />
+	<target host="prtst.co" />
+	<target host="pru.sh" />
+	<target host="prv.ac" />
+	<target host="prvc.us" />
+	<target host="prvd.dk" />
+	<target host="prvn.de" />
+	<target host="prvn.io" />
+	<target host="prvn.one" />
+	<target host="prvr.xyz" />
+	<target host="prvrja.in" />
+	<target host="prvs.ly" />
+	<target host="prvue.me" />
+	<target host="prvwst.us" />
+	<target host="prx.ms" />
+	<target host="prxs.us" />
+	<target host="prz.us" />
+	<target host="prza.co" />
+	<target host="prze.co" />
+	<target host="przep.is" />
+	<target host="ps.acx-anz.pro" />
+	<target host="psacafpc.ca" />
+	<target host="psalo.es" />
+	<target host="psb.im" />
+	<target host="psc.gs" />
+	<target host="psc.press" />
+	<target host="pscb.co" />
+	<target host="pscrbd.co" />
+	<target host="psfc.us" />
+	<target host="psgrfy.uk" />
+	<target host="psh.me" />
+	<target host="psha.xyz" />
+	<target host="pshapi.ro" />
+	<target host="pshlmts.io" />
+	<target host="pshop.vc" />
+	<target host="pshp.co" />
+	<target host="pshr.us" />
+	<target host="psic.in" />
+	<target host="psichi.com" />
+	<target host="psir.us" />
+	<target host="psismn.rs" />
+	<target host="psk.io" />
+	<target host="pskids.co" />
+	<target host="psly.scot" />
+	<target host="psmg.je" />
+	<target host="psn.bg" />
+	<target host="psnly.co" />
+	<target host="psnz.info" />
+	<target host="psona.io" />
+	<target host="pspa.in" />
+	<target host="psprt.co" />
+	<target host="psqr.us" />
+	<target host="psrm.co" />
+	<target host="psssd.com" />
+	<target host="pssuk.in" />
+	<target host="pssunited.co" />
+	<target host="pst.mr" />
+	<target host="psta.co" />
+	<target host="psta.rs" />
+	<target host="pstmk.co" />
+	<target host="pstr.at" />
+	<target host="pstve.ga" />
+	<target host="psty.co" />
+	<target host="psu.ag" />
+	<target host="psu.do" />
+	<target host="psup.men" />
+	<target host="psv.media" />
+	<target host="psxd.co" />
+	<target host="psy.pub" />
+	<target host="psy.social" />
+	<target host="psyjn.ir" />
+	<target host="pt.gy" />
+	<target host="ptat.ch" />
+	<target host="ptbf.com.br" />
+	<target host="ptbk.co" />
+	<target host="ptbl.ly" />
+	<target host="ptch.io" />
+	<target host="ptea.house" />
+	<target host="pteb.es" />
+	<target host="ptek.me" />
+	<target host="ptemmc.in" />
+	<target host="pter.me" />
+	<target host="pthe.me" />
+	<target host="pthomas.eu" />
+	<target host="pti.world" />
+	<target host="ptiums.tk" />
+	<target host="ptix.co" />
+	<target host="ptlj.nl" />
+	<target host="ptls.us" />
+	<target host="ptmfit.co" />
+	<target host="ptn.io" />
+	<target host="ptnj.us" />
+	<target host="pto.it" />
+	<target host="ptos.co" />
+	<target host="ptr.rs" />
+	<target host="ptra.in" />
+	<target host="ptrani.me" />
+	<target host="ptre.co" />
+	<target host="ptrjns.co" />
+	<target host="ptrkr.me" />
+	<target host="ptropico.com" />
+	<target host="ptry.xyz" />
+	<target host="ptsco.jp" />
+	<target host="ptsnp.it" />
+	<target host="ptts.co" />
+	<target host="ptu.me" />
+	<target host="ptw.im" />
+	<target host="ptwi.se" />
+	<target host="pub.brewery.fm" />
+	<target host="pub.fyi" />
+	<target host="pub.school" />
+	<target host="pub.vecoma.org" />
+	<target host="pubc.it" />
+	<target host="publictv.ml" />
+	<target host="publit.as" />
+	<target host="publun.ch" />
+	<target host="pubstr.at" />
+	<target host="pubtest.co" />
+	<target host="pubx.ch" />
+	<target host="puc.ms" />
+	<target host="puchuenses.tk" />
+	<target host="pucukhd.ml" />
+	<target host="puffl.es" />
+	<target host="pugh.li" />
+	<target host="pulp.rocks" />
+	<target host="pulpcon.xyz" />
+	<target host="pumb.to" />
+	<target host="punahou.link" />
+	<target host="punchbowl.biz" />
+	<target host="punchbowl.us" />
+	<target host="punt.fyi" />
+	<target host="pup.pm" />
+	<target host="pupj.co" />
+	<target host="puppyapp.co" />
+	<target host="pur.cm" />
+	<target host="pur.st" />
+	<target host="purb.cl" />
+	<target host="pure.fyi" />
+	<target host="pure.ga" />
+	<target host="purefla.sh" />
+	<target host="purehonda.co" />
+	<target host="pureins.co" />
+	<target host="purejingl.es" />
+	<target host="puremi.ch" />
+	<target host="pureswe.at" />
+	<target host="puri.na" />
+	<target host="purific.tk" />
+	<target host="purinajobs.com" />
+	<target host="purp.ly" />
+	<target host="purpledog.tips" />
+	<target host="purplepx.it" />
+	<target host="pus.hr" />
+	<target host="puthd.ml" />
+	<target host="putlocker21.ga" />
+	<target host="putlocker9.cf" />
+	<target host="putlockerde.ml" />
+	<target host="putlockermu.ml" />
+	<target host="putlockerol.ml" />
+	<target host="putlockerss.gq" />
+	<target host="putlockeruk.ml" />
+	<target host="putugrafika7.gq" />
+	<target host="puur.li" />
+	<target host="puustelli.mobi" />
+	<target host="pv-bf.de" />
+	<target host="pv.tl" />
+	<target host="pva.pe" />
+	<target host="pvdx.ly" />
+	<target host="pvi.me" />
+	<target host="pvlink.net" />
+	<target host="pvls.tk" />
+	<target host="pvm.cc" />
+	<target host="pvmentchvser.co" />
+	<target host="pvmx.net" />
+	<target host="pvp.live" />
+	<target host="pvrl.us" />
+	<target host="pvrm.co" />
+	<target host="pvs.li" />
+	<target host="pvsd.us" />
+	<target host="pvt.cuku.us" />
+	<target host="pvts.tk" />
+	<target host="pvwg.pw" />
+	<target host="pvyb.me" />
+	<target host="pw.link" />
+	<target host="pw.prosites.com" />
+	<target host="pw4.com" />
+	<target host="pwat.art" />
+	<target host="pwblink.co" />
+	<target host="pwc.nz" />
+	<target host="pwc.to" />
+	<target host="pwd.wateron.in" />
+	<target host="pwed.co.uk" />
+	<target host="pwfoto.co" />
+	<target host="pwilson720.us" />
+	<target host="pwish.it" />
+	<target host="pwlg.link" />
+	<target host="pwllmhny.co" />
+	<target host="pwne.ws" />
+	<target host="pwp.fyi" />
+	<target host="pwr.my" />
+	<target host="pwrarm.us" />
+	<target host="px.at" />
+	<target host="px.belchevs.com" />
+	<target host="px.pluzix.fr" />
+	<target host="px.rs" />
+	<target host="pxcxn.xyz" />
+	<target host="pxg.to" />
+	<target host="pxid.us" />
+	<target host="pxl.ht" />
+	<target host="pxl.ie" />
+	<target host="pxlbx.at" />
+	<target host="pxlm.ch" />
+	<target host="pxlm.co" />
+	<target host="pxlmsc.tk" />
+	<target host="pxlshrt.cf" />
+	<target host="pxml.ly" />
+	<target host="pxnt.co" />
+	<target host="pxob.me" />
+	<target host="pxrpst.co" />
+	<target host="pxtt.co" />
+	<target host="pxu.co" />
+	<target host="pycm.co" />
+	<target host="pyco.co" />
+	<target host="pyladi.es" />
+	<target host="pylonla.bs" />
+	<target host="pyme20.com" />
+	<target host="pyn.jp" />
+	<target host="pype.ly" />
+	<target host="pyr.li" />
+	<target host="pyrl.gy" />
+	<target host="pyrock.info" />
+	<target host="pyry.co.uk" />
+	<target host="pytt.tk" />
+	<target host="pyum.co" />
+	<target host="pyvd.in" />
+	<target host="pzip.it" />
+	<target host="pzl.no" />
+	<target host="pzz.ht" />
+	<target host="q.acero.uk" />
+	<target host="q.alexshow.pro" />
+	<target host="q.amitd.co" />
+	<target host="q.andersons.com" />
+	<target host="q.anh.lv" />
+	<target host="q.beaufort.coop" />
+	<target host="q.blackbox.cool" />
+	<target host="q.classpass.com" />
+	<target host="q.collective.ai" />
+	<target host="q.dmahajan.com" />
+	<target host="q.ferri.cf" />
+	<target host="q.flate.eu" />
+	<target host="q.itengine.nz" />
+	<target host="q.lmetzger.de" />
+	<target host="q.melikyan.me" />
+	<target host="q.promnite.com" />
+	<target host="q.qoloquio.com" />
+	<target host="q.quadroi.com" />
+	<target host="q.shadahmed.com" />
+	<target host="q.svn.org" />
+	<target host="q.tani.mu" />
+	<target host="q.uir.ky" />
+	<target host="q.vr-cruise.com" />
+	<target host="q.winofsql.jp" />
+	<target host="q.yeloha.com" />
+	<target host="q87.us" />
+	<target host="q8ne.ws" />
+	<target host="q9e.co" />
+	<target host="qa.ccwed.me" />
+	<target host="qako.me" />
+	<target host="qalimentar.me" />
+	<target host="qame.us" />
+	<target host="qandil.co" />
+	<target host="qb.cx" />
+	<target host="qbcc.build" />
+	<target host="qbe.co" />
+	<target host="qbs.me" />
+	<target host="qc.st" />
+	<target host="qcintl.ca" />
+	<target host="qck.me" />
+	<target host="qcllc.us" />
+	<target host="qcpri.de" />
+	<target host="qcsn.co" />
+	<target host="qctim.es" />
+	<target host="qcvert.com" />
+	<target host="qd-sol.com" />
+	<target host="qdispat.ch" />
+	<target host="qedu.me" />
+	<target host="qfri.co" />
+	<target host="qhne.ws" />
+	<target host="qimag.uk" />
+	<target host="qis.site" />
+	<target host="qiu.be" />
+	<target host="ql.e-c.al" />
+	<target host="ql.e-diary.com" />
+	<target host="ql.ecrchs.net" />
+	<target host="qlcb.co" />
+	<target host="qli.mx" />
+	<target host="qlima.cool" />
+	<target host="qloan.co" />
+	<target host="qlp.promo" />
+	<target host="qlroo.co" />
+	<target host="qmoss.tech" />
+	<target host="qmsnav.com" />
+	<target host="qnre.ws" />
+	<target host="qns.bz" />
+	<target host="qnsmuse.nyc" />
+	<target host="qntm.co" />
+	<target host="qntt.tv" />
+	<target host="qoff.ee" />
+	<target host="qom.press" />
+	<target host="qotsa.me" />
+	<target host="qpage.me" />
+	<target host="qpage.tech" />
+	<target host="qpig.me" />
+	<target host="qply.me" />
+	<target host="qpotk.es" />
+	<target host="qpt.al" />
+	<target host="qquote.me" />
+	<target host="qr.abctonery.sk" />
+	<target host="qr.canduu.mobi" />
+	<target host="qr.epplin.fr" />
+	<target host="qr.equipo.dk" />
+	<target host="qr.gruma.de" />
+	<target host="qr.hrenatoh.net" />
+	<target host="qr.luibao.com" />
+	<target host="qr.piconda.com" />
+	<target host="qr.tickuant.com" />
+	<target host="qrad.io" />
+	<target host="qrd.af" />
+	<target host="qrgm.me" />
+	<target host="qrky.me" />
+	<target host="qrnz.me" />
+	<target host="qrrcrpple.us" />
+	<target host="qry.ca" />
+	<target host="qs2p.com" />
+	<target host="qsad.ml" />
+	<target host="qsna.co" />
+	<target host="qsna.us" />
+	<target host="qsr.lt" />
+	<target host="qsrc.co" />
+	<target host="qss.me" />
+	<target host="qstcrw.com" />
+	<target host="qt.email" />
+	<target host="qtcm.co" />
+	<target host="qte.me" />
+	<target host="qtev.co" />
+	<target host="qtkp.me" />
+	<target host="qtl.us" />
+	<target host="qtlvqcuugz.tk" />
+	<target host="qtm.sg" />
+	<target host="qtsdata.it" />
+	<target host="qua.mx" />
+	<target host="quack.us" />
+	<target host="qual.io" />
+	<target host="qualidade.me" />
+	<target host="qualitetomm.com" />
+	<target host="qualityfree.ml" />
+	<target host="qualitymov.ga" />
+	<target host="quartokno.ws" />
+	<target host="quartzol.it" />
+	<target host="quattro.ly" />
+	<target host="quecomi.co" />
+	<target host="quecutebtq.com" />
+	<target host="queenslib.org" />
+	<target host="queer.dance" />
+	<target host="queer.to" />
+	<target host="quench.io" />
+	<target host="quero.beer" />
+	<target host="questo.es" />
+	<target host="quid.fyi" />
+	<target host="quik.to" />
+	<target host="quili.co" />
+	<target host="quill.im" />
+	<target host="quill.link" />
+	<target host="quimm.hosting" />
+	<target host="quin.pw" />
+	<target host="quint.ly" />
+	<target host="quinta.in" />
+	<target host="quinta.tk" />
+	<target host="quintao.me" />
+	<target host="quinti.no" />
+	<target host="quintusmkg.ca" />
+	<target host="quipne.ws" />
+	<target host="quizjam.me" />
+	<target host="quocir.com" />
+	<target host="quote.ms" />
+	<target host="quox.at" />
+	<target host="qurew.com" />
+	<target host="qurl.ml" />
+	<target host="qvc.co" />
+	<target host="qw.insure" />
+	<target host="qware.io" />
+	<target host="qwerty21.ml" />
+	<target host="qwriters.co" />
+	<target host="qwse.ml" />
+	<target host="qwty.co" />
+	<target host="qxv.ro" />
+	<target host="qz-mov.ml" />
+	<target host="r-7.co" />
+	<target host="r-brion.be" />
+	<target host="r-f.co" />
+	<target host="r-j.co" />
+	<target host="r-js.com" />
+	<target host="r-mcp.uk" />
+	<target host="r-news.co" />
+	<target host="r-rdz.com" />
+	<target host="r-t.me" />
+	<target host="r-tvs.nut.cc" />
+	<target host="r.1k.dk" />
+	<target host="r.2redbeans.com" />
+	<target host="r.4xs.org" />
+	<target host="r.9jang.net" />
+	<target host="r.abhis.ws" />
+	<target host="r.agrest.xyz" />
+	<target host="r.ahinds.in" />
+	<target host="r.aizzard.net" />
+	<target host="r.alch.xyz" />
+	<target host="r.asdonline.com" />
+	<target host="r.astrea.cat" />
+	<target host="r.aussierp.net" />
+	<target host="r.b-la.fr" />
+	<target host="r.benstokman.me" />
+	<target host="r.bstn.fr" />
+	<target host="r.bujju.com" />
+	<target host="r.by.no" />
+	<target host="r.cardif.co.jp" />
+	<target host="r.cclub.co" />
+	<target host="r.cdg37.fr" />
+	<target host="r.cet.tw" />
+	<target host="r.chevia.com" />
+	<target host="r.chrisw.us" />
+	<target host="r.coat.se" />
+	<target host="r.collings.co" />
+	<target host="r.cool3c.com" />
+	<target host="r.cornguo.net" />
+	<target host="r.cowtech.it" />
+	<target host="r.creema.jp" />
+	<target host="r.cssdb.co" />
+	<target host="r.decharme.vn" />
+	<target host="r.devsweet.com" />
+	<target host="r.dsouza.org.in" />
+	<target host="r.eadnan.com" />
+	<target host="r.elsmore.me" />
+	<target host="r.enau.lt" />
+	<target host="r.ezite.ch" />
+	<target host="r.fpsnews.net" />
+	<target host="r.frego.it" />
+	<target host="r.fusonic.net" />
+	<target host="r.gamers411.net" />
+	<target host="r.gatech.edu" />
+	<target host="r.glob.cc" />
+	<target host="r.gmsousa.me" />
+	<target host="r.goshippo.com" />
+	<target host="r.heima.jp" />
+	<target host="r.hkbsc.net" />
+	<target host="r.hkmiles.com" />
+	<target host="r.homb.us" />
+	<target host="r.hustleisep.fr" />
+	<target host="r.hxu.su" />
+	<target host="r.ijustin.hk" />
+	<target host="r.invision.cf" />
+	<target host="r.ipc.me" />
+	<target host="r.ippl.it" />
+	<target host="r.ispot.jp" />
+	<target host="r.ixis.co.uk" />
+	<target host="r.ja-ke.me" />
+	<target host="r.jirikuv.cloud" />
+	<target host="r.jontymoss.com" />
+	<target host="r.justinek.me" />
+	<target host="r.kaam.fr" />
+	<target host="r.kargel.at" />
+	<target host="r.kenhkelly.us" />
+	<target host="r.khammami.com" />
+	<target host="r.khanhhoa79.vn" />
+	<target host="r.khimoc.com" />
+	<target host="r.kiloforce.com" />
+	<target host="r.knr.paris" />
+	<target host="r.kosokubus.com" />
+	<target host="r.kourant.com" />
+	<target host="r.kvdl.com" />
+	<target host="r.kyiv.in" />
+	<target host="r.lacroketa.net" />
+	<target host="r.locus.ae" />
+	<target host="r.lou.tw" />
+	<target host="r.marat.link" />
+	<target host="r.mavaez.ir" />
+	<target host="r.mechcraft.ru" />
+	<target host="r.mirai.yt" />
+	<target host="r.mjm.media" />
+	<target host="r.mway.co" />
+	<target host="r.myqrad.com" />
+	<target host="r.nayarit.in" />
+	<target host="r.neo4j.com" />
+	<target host="r.nexg.tv" />
+	<target host="r.nextbib.com" />
+	<target host="r.njiuko.com" />
+	<target host="r.notmax.co" />
+	<target host="r.nuron.be" />
+	<target host="r.nwols.space" />
+	<target host="r.oeey.com" />
+	<target host="r.om.id.au" />
+	<target host="r.ournet.biz" />
+	<target host="r.perl6.com" />
+	<target host="r.peterprice.tv" />
+	<target host="r.pilic.eu" />
+	<target host="r.pinger.com" />
+	<target host="r.preitunes.cf" />
+	<target host="r.priztek.com" />
+	<target host="r.pst.org" />
+	<target host="r.rcogm.dk" />
+	<target host="r.redeye.tech" />
+	<target host="r.ridesharp.co" />
+	<target host="r.rjweb.in" />
+	<target host="r.rschu.me" />
+	<target host="r.rumournews.in" />
+	<target host="r.rushme.cc" />
+	<target host="r.rvhfoto.nl" />
+	<target host="r.ryhug.com" />
+	<target host="r.sa-seo.com" />
+	<target host="r.sagaaz.org" />
+	<target host="r.sakenowa.com" />
+	<target host="r.sal.tt" />
+	<target host="r.salmanpk.com" />
+	<target host="r.sampic.eu" />
+	<target host="r.sanzon.mx" />
+	<target host="r.sebdic.de" />
+	<target host="r.sjsu.edu" />
+	<target host="r.sprackett.com" />
+	<target host="r.spruse.com" />
+	<target host="r.ssw.com" />
+	<target host="r.st" />
+	<target host="r.storehub.com" />
+	<target host="r.subject4s.me" />
+	<target host="r.sucsex.co" />
+	<target host="r.swaptor.nl" />
+	<target host="r.sy.am" />
+	<target host="r.sys.re" />
+	<target host="r.taxi33.fr" />
+	<target host="r.tchatland.fr" />
+	<target host="r.tcpipweb.com" />
+	<target host="r.textpert.ai" />
+	<target host="r.thaxea.com" />
+	<target host="r.theafh.net" />
+	<target host="r.tilkema.com" />
+	<target host="r.tl" />
+	<target host="r.trix.nz" />
+	<target host="r.troth.me" />
+	<target host="r.ttak.org" />
+	<target host="r.tttie.ga" />
+	<target host="r.vchkhr.tk" />
+	<target host="r.vietkites.com" />
+	<target host="r.vnox.me" />
+	<target host="r.vox.vg" />
+	<target host="r.webish.one" />
+	<target host="r.whi.st" />
+	<target host="r.wu-kwan.com" />
+	<target host="r.xl.pt" />
+	<target host="r.ynhn.com" />
+	<target host="r.yunlou.net" />
+	<target host="r.zhuravel.bz" />
+	<target host="r.zubear.me" />
+	<target host="r0b.info" />
+	<target host="r0bz.com" />
+	<target host="r1.calamida.ch" />
+	<target host="r1.fyi" />
+	<target host="r123.co" />
+	<target host="r131.us" />
+	<target host="r174.ga" />
+	<target host="r24h.news" />
+	<target host="r29.co" />
+	<target host="r2d.tech" />
+	<target host="r2d.to" />
+	<target host="r2v.in" />
+	<target host="r342.ml" />
+	<target host="r3d.li" />
+	<target host="r420.co" />
+	<target host="r4lv.com" />
+	<target host="r4p.bz" />
+	<target host="r5d.co.uk" />
+	<target host="r669.pl" />
+	<target host="r6n.me" />
+	<target host="r79.co" />
+	<target host="r8.io" />
+	<target host="r8n.us" />
+	<target host="r8u.me" />
+	<target host="r9.ms" />
+	<target host="r9q.net" />
+	<target host="ra-link.me" />
+	<target host="ra-w.uk" />
+	<target host="raabassociat.es" />
+	<target host="raaf.gov.au" />
+	<target host="rab.me" />
+	<target host="rabbi.gq" />
+	<target host="rabbit.works" />
+	<target host="rabil.co" />
+	<target host="rabuja.xyz" />
+	<target host="race2.me" />
+	<target host="rach.tv" />
+	<target host="racha.mx" />
+	<target host="rack.link" />
+	<target host="rad-r.us" />
+	<target host="rad.ical.io" />
+	<target host="rad.so" />
+	<target host="radar.re" />
+	<target host="radarbangsa.id" />
+	<target host="radatx.co" />
+	<target host="radawo.ca" />
+	<target host="radbulls.com" />
+	<target host="radi.us" />
+	<target host="radi8.it" />
+	<target host="radiant.gs" />
+	<target host="radio2.nu" />
+	<target host="radiogeek.club" />
+	<target host="radiohrh.com" />
+	<target host="radler.co" />
+	<target host="radnhr.com" />
+	<target host="radv.st" />
+	<target host="radw.in" />
+	<target host="radywp.pl" />
+	<target host="raegan.cc" />
+	<target host="raen.us" />
+	<target host="raes.ch" />
+	<target host="rafam.co" />
+	<target host="rafu007.pro" />
+	<target host="rafu007.ws" />
+	<target host="rago.link" />
+	<target host="rahuld.es" />
+	<target host="rai.eu" />
+	<target host="raid.ist" />
+	<target host="raid.rest" />
+	<target host="raidio.us" />
+	<target host="raikl.in" />
+	<target host="rail.media" />
+	<target host="railn.ws" />
+	<target host="railslib.us" />
+	<target host="rain.ma" />
+	<target host="raincat.ch" />
+	<target host="rainm.kr" />
+	<target host="raj.as" />
+	<target host="rajesh.cc" />
+	<target host="rajoka.info" />
+	<target host="rakemade.co" />
+	<target host="rakmu.de" />
+	<target host="rallys.biz" />
+	<target host="rallyte.am" />
+	<target host="ram.city" />
+	<target host="ram1.org" />
+	<target host="ramaikan.ml" />
+	<target host="rame.sh" />
+	<target host="ramm.st" />
+	<target host="rammo.me" />
+	<target host="rammstein.pt" />
+	<target host="ramonet.co" />
+	<target host="rampt.co" />
+	<target host="randl.ph" />
+	<target host="randstad.us" />
+	<target host="randstadsr.com" />
+	<target host="randyp.me" />
+	<target host="raneys.co" />
+	<target host="rango.li" />
+	<target host="ranklocal.link" />
+	<target host="ranz.al" />
+	<target host="rapfav.co" />
+	<target host="raph.so" />
+	<target host="rapid.bi" />
+	<target host="rapp.st" />
+	<target host="rapp81.us" />
+	<target host="rappri.ch" />
+	<target host="rapzil.la" />
+	<target host="rarebird.us" />
+	<target host="rarecountry.co" />
+	<target host="rarefilmhd.ml" />
+	<target host="rasc.in" />
+	<target host="rasdi.cf" />
+	<target host="rasmussen.co" />
+	<target host="raswanti.com" />
+	<target host="rata.la" />
+	<target host="rated.co.uk" />
+	<target host="rated.ml" />
+	<target host="ratedred.tv" />
+	<target host="ratiobeer.com" />
+	<target host="ratrap.in" />
+	<target host="raulfp.es" />
+	<target host="raulfp.info" />
+	<target host="raulj.com" />
+	<target host="raun.co" />
+	<target host="rauw.cc" />
+	<target host="raux.us" />
+	<target host="rave.pub" />
+	<target host="raven.im" />
+	<target host="raw.as" />
+	<target host="rawk.es" />
+	<target host="raye.io" />
+	<target host="rayrc.urled.me" />
+	<target host="rayyan.co" />
+	<target host="razine.do" />
+	<target host="rb-t.us" />
+	<target host="rb.digital" />
+	<target host="rb.exoly.com" />
+	<target host="rb.ht" />
+	<target host="rb.vix.br" />
+	<target host="rb.voskie.com" />
+	<target host="rb1.shop" />
+	<target host="rba.careers" />
+	<target host="rbac.me" />
+	<target host="rbapp.info" />
+	<target host="rbarn.es" />
+	<target host="rbbit.co" />
+	<target host="rbbk.me" />
+	<target host="rbfy.me" />
+	<target host="rbi.lzd.co" />
+	<target host="rbil.co" />
+	<target host="rbk.care" />
+	<target host="rbk.tw" />
+	<target host="rbl.ms" />
+	<target host="rble.co" />
+	<target host="rbll.de" />
+	<target host="rblm.ky" />
+	<target host="rbls.me" />
+	<target host="rbm.li" />
+	<target host="rbm.me" />
+	<target host="rbm.rocks" />
+	<target host="rbn.io" />
+	<target host="rbne.ws" />
+	<target host="rbnn.me" />
+	<target host="rbnz.me" />
+	<target host="rbo.one" />
+	<target host="rbody.co" />
+	<target host="rboot.co" />
+	<target host="rboot.us" />
+	<target host="rbow.us" />
+	<target host="rboxx.me" />
+	<target host="rbpde.tv" />
+	<target host="rbr.cm" />
+	<target host="rbrr.co" />
+	<target host="rbrt.cc" />
+	<target host="rbslink.ca" />
+	<target host="rbst.in" />
+	<target host="rbt.io" />
+	<target host="rbthv.net" />
+	<target host="rbtly.com" />
+	<target host="rc.ai" />
+	<target host="rc.elfak.xyz" />
+	<target host="rc.lk" />
+	<target host="rc.mu" />
+	<target host="rc.solar" />
+	<target host="rca.buzz" />
+	<target host="rcantin.es" />
+	<target host="rcar.me" />
+	<target host="rcat.co" />
+	<target host="rcat.es" />
+	<target host="rcblood.org" />
+	<target host="rcc.ca" />
+	<target host="rcconf.net" />
+	<target host="rcd.link" />
+	<target host="rcdr.me" />
+	<target host="rcentr.al" />
+	<target host="rcgt.me" />
+	<target host="rchkd.club" />
+	<target host="rchl.li" />
+	<target host="rchrismart.in" />
+	<target host="rchs.co" />
+	<target host="rchy.net" />
+	<target host="rckb.co" />
+	<target host="rckf.sh" />
+	<target host="rckm.co" />
+	<target host="rcksnd.tv" />
+	<target host="rckt.co" />
+	<target host="rckt.in" />
+	<target host="rcktng.it" />
+	<target host="rcktrip.co" />
+	<target host="rcky.la" />
+	<target host="rcla.me" />
+	<target host="rcll.nl" />
+	<target host="rclnk.us" />
+	<target host="rcm.nu" />
+	<target host="rcmco.co" />
+	<target host="rcnvg.com" />
+	<target host="rcort.es" />
+	<target host="rcp.tw" />
+	<target host="rcph.us" />
+	<target host="rcpl.co" />
+	<target host="rcplanet.info" />
+	<target host="rcrds.pm" />
+	<target host="rcre.news" />
+	<target host="rcru.it" />
+	<target host="rctru.st" />
+	<target host="rcuny.li" />
+	<target host="rcut.eu" />
+	<target host="rcweb.co" />
+	<target host="rd.b-type.com" />
+	<target host="rd.click.ro" />
+	<target host="rd.dblclx.com" />
+	<target host="rd.doyle.media" />
+	<target host="rd.gt" />
+	<target host="rd.hki.io" />
+	<target host="rd.i-aa.jp" />
+	<target host="rd.kntkr.net" />
+	<target host="rd.owgenius.com" />
+	<target host="rd.uniturk.net" />
+	<target host="rd2.be" />
+	<target host="rd2016.ml" />
+	<target host="rda.link" />
+	<target host="rdae.eu" />
+	<target host="rdaily.co" />
+	<target host="rdavis.co" />
+	<target host="rdbl.co" />
+	<target host="rdbr.to" />
+	<target host="rdca.vc" />
+	<target host="rdce.news" />
+	<target host="rdcl.co" />
+	<target host="rdco.me" />
+	<target host="rdcrss.org" />
+	<target host="rdd.li" />
+	<target host="rddrss.pl" />
+	<target host="rdean.me" />
+	<target host="rdg.ac" />
+	<target host="rdgt.al" />
+	<target host="rdhs.tv" />
+	<target host="rdhs.us" />
+	<target host="rdinfo.uk" />
+	<target host="rdlt.uk" />
+	<target host="rdma.ml" />
+	<target host="rdme.co" />
+	<target host="rdmr.ch" />
+	<target host="rdn.link" />
+	<target host="rdo.rocks" />
+	<target host="rdpc.us" />
+	<target host="rdppr.it" />
+	<target host="rdpt.co" />
+	<target host="rdpxl.com" />
+	<target host="rdrt.daccaa.com" />
+	<target host="rdrtech.co.vu" />
+	<target host="rdv-en-bzh.fr" />
+	<target host="rdvn.co" />
+	<target host="rdvs.be" />
+	<target host="rdx.red" />
+	<target host="rdy.to" />
+	<target host="rdza.co" />
+	<target host="rdzc.me" />
+	<target host="re-shap.es" />
+	<target host="re.al.net" />
+	<target host="re.cliv.in" />
+	<target host="re.derpadi49.de" />
+	<target host="re.hn" />
+	<target host="re.jonmand.com" />
+	<target host="re.kgp.su" />
+	<target host="re.niki.ai" />
+	<target host="re.porting.co" />
+	<target host="re.ston.tc" />
+	<target host="re.telitsin.ru" />
+	<target host="re.vataha.md" />
+	<target host="re.wbf.co.jp" />
+	<target host="re.xuxiym.tk" />
+	<target host="re4.ms" />
+	<target host="re411.info" />
+	<target host="re6s.com" />
+	<target host="rea.anhc.mx" />
+	<target host="rea.link" />
+	<target host="rea365.link" />
+	<target host="read.32s.vn" />
+	<target host="read.ag" />
+	<target host="read.bi" />
+	<target host="read.mode247.lt" />
+	<target host="read.spawn.sk" />
+	<target host="read.spoke.news" />
+	<target host="read.takizo.com" />
+	<target host="readby.me" />
+	<target host="readmore.at" />
+	<target host="readon.link" />
+	<target host="readsn.com" />
+	<target host="readthis.at" />
+	<target host="realart.is" />
+	<target host="realas.co" />
+	<target host="realbis.net" />
+	<target host="realdnb.com" />
+	<target host="reality.la" />
+	<target host="realkev.in" />
+	<target host="reallythe.re" />
+	<target host="realthread.co" />
+	<target host="realtorrob.pro" />
+	<target host="realw.me" />
+	<target host="realzips.net" />
+	<target host="reav.is" />
+	<target host="reb.fund" />
+	<target host="reb.tl" />
+	<target host="rebar.me" />
+	<target host="rebecka.me" />
+	<target host="rebekahr.com" />
+	<target host="rebel.so" />
+	<target host="rebelmuse.co" />
+	<target host="rebelsw.in" />
+	<target host="rebr.de" />
+	<target host="rebrand.is" />
+	<target host="rebrick.it" />
+	<target host="rebshar.es" />
+	<target host="rec-law.us" />
+	<target host="rec.al" />
+	<target host="recc.blog" />
+	<target host="recgk.in" />
+	<target host="reci.to" />
+	<target host="recip.it" />
+	<target host="recmd.it" />
+	<target host="record.mx" />
+	<target host="recr.tech" />
+	<target host="recruit2.info" />
+	<target host="recrut.in" />
+	<target host="recrw.pl" />
+	<target host="recuer2.me" />
+	<target host="red-blog.co.uk" />
+	<target host="red-h.tk" />
+	<target host="red.ginge.rs" />
+	<target host="red.ht" />
+	<target host="red.ldrdg.com" />
+	<target host="reda.io" />
+	<target host="redalert.io" />
+	<target host="redaz.in" />
+	<target host="redb.tv" />
+	<target host="redbullbaja.com" />
+	<target host="redca.me" />
+	<target host="redcup.agency" />
+	<target host="reddingne.ws" />
+	<target host="redef.it" />
+	<target host="redenatura.club" />
+	<target host="redey.es" />
+	<target host="redgage.me" />
+	<target host="redirectyou.tk" />
+	<target host="redli.ne" />
+	<target host="redlnd.cc" />
+	<target host="redmovplay.ml" />
+	<target host="redo.to" />
+	<target host="redpump.me" />
+	<target host="redrth.st" />
+	<target host="redsd.co" />
+	<target host="redshow.cf" />
+	<target host="redsk.in" />
+	<target host="redst.mp" />
+	<target host="redth.link" />
+	<target host="redtruth.xyz" />
+	<target host="redtvshow.ga" />
+	<target host="reduc.es" />
+	<target host="reductr.es" />
+	<target host="redwb.co" />
+	<target host="redwn.gs" />
+	<target host="reed.io" />
+	<target host="reef.red" />
+	<target host="reel.watch" />
+	<target host="reelbu.mp" />
+	<target host="ref.awmoore.com" />
+	<target host="ref.danal.com" />
+	<target host="ref.gamegen.net" />
+	<target host="ref.mercurr.com" />
+	<target host="ref.re" />
+	<target host="ref.xlww.net" />
+	<target host="ref.zruchno.ua" />
+	<target host="refer.lu" />
+	<target host="refineho.me" />
+	<target host="reflexbook.info" />
+	<target host="refr.de" />
+	<target host="refr.sh" />
+	<target host="refresh2go.in" />
+	<target host="refrm.me" />
+	<target host="refrs.co" />
+	<target host="refrug.by" />
+	<target host="refs.in" />
+	<target host="refugees.jp" />
+	<target host="reg.4pra.ga" />
+	<target host="regattaurl.com" />
+	<target host="regisma.me" />
+	<target host="register4k.ml" />
+	<target host="registr.me" />
+	<target host="regmovi.es" />
+	<target host="regpop.com" />
+	<target host="regrev.us" />
+	<target host="regrow.xyz" />
+	<target host="regwat.ch" />
+	<target host="rehatrutnov.eu" />
+	<target host="rehmansoft.us" />
+	<target host="reho.net" />
+	<target host="rehope.me" />
+	<target host="rehs.us" />
+	<target host="reia.ch" />
+	<target host="reif.me" />
+	<target host="reikimadr.it" />
+	<target host="rein.ge" />
+	<target host="reinge.clothing" />
+	<target host="reiynaztv.ml" />
+	<target host="rej.li" />
+	<target host="rejedi.co" />
+	<target host="reklama.1188.cz" />
+	<target host="relay.pm" />
+	<target host="rele.bz" />
+	<target host="rele.se" />
+	<target host="reli.ml" />
+	<target host="reliveph.com" />
+	<target host="relo.la" />
+	<target host="relode.io" />
+	<target host="relv.so" />
+	<target host="rem.ax" />
+	<target host="rem.gl" />
+	<target host="reman.info" />
+	<target host="remb.ly" />
+	<target host="remix.fyi" />
+	<target host="remo.cc" />
+	<target host="remodelstar.org" />
+	<target host="remplan.co" />
+	<target host="remx.co" />
+	<target host="ren.kn" />
+	<target host="renco.re" />
+	<target host="rendang.ml" />
+	<target host="renderoti.ca" />
+	<target host="renee.io" />
+	<target host="renegade.co" />
+	<target host="renew.ge" />
+	<target host="renho.tl" />
+	<target host="renn999.cc" />
+	<target host="renodrzwi.pl" />
+	<target host="renshiphil.com" />
+	<target host="rensk.in" />
+	<target host="rentbot.info" />
+	<target host="renus.pl" />
+	<target host="renwri.press" />
+	<target host="reot.co" />
+	<target host="rep-li.ca" />
+	<target host="rep.bz" />
+	<target host="reperi.re" />
+	<target host="repgonzales.com" />
+	<target host="replc.us" />
+	<target host="reploc.net" />
+	<target host="repmedia.tv" />
+	<target host="repp.news" />
+	<target host="reppr.co" />
+	<target host="repsol.info" />
+	<target host="republicrec.ml" />
+	<target host="republicwi.re" />
+	<target host="reri.cc" />
+	<target host="rero.co" />
+	<target host="resatra.in" />
+	<target host="rescuebox.us" />
+	<target host="resenha.me" />
+	<target host="resepandalan.ga" />
+	<target host="resept.it" />
+	<target host="reser.ch" />
+	<target host="resetcontent.li" />
+	<target host="resilinc.co" />
+	<target host="restprops.com" />
+	<target host="results.pm" />
+	<target host="resume.gigx.be" />
+	<target host="resusrv.com" />
+	<target host="retir.us" />
+	<target host="reto.fit" />
+	<target host="retreat.place" />
+	<target host="retrue.info" />
+	<target host="return.is" />
+	<target host="retz.us" />
+	<target host="reuba.no" />
+	<target host="reup.today" />
+	<target host="reuse.tokyo" />
+	<target host="reut.rs" />
+	<target host="reut.tv" />
+	<target host="rev.al" />
+	<target host="rev.vet" />
+	<target host="rev.works" />
+	<target host="rev2.me" />
+	<target host="revel.cm" />
+	<target host="revhaight.com" />
+	<target host="reviews.pe" />
+	<target host="reviewus.org" />
+	<target host="revo.bike" />
+	<target host="revo.pt" />
+	<target host="revolve.ly" />
+	<target host="revr.ec" />
+	<target host="revs.af" />
+	<target host="revs.me" />
+	<target host="revu.bz" />
+	<target host="revw.co" />
+	<target host="rewardtek.us" />
+	<target host="rewire.link" />
+	<target host="rex.to" />
+	<target host="rey.mn" />
+	<target host="reyes.law" />
+	<target host="reymond.in" />
+	<target host="reyn.cc" />
+	<target host="reynaztv.ml" />
+	<target host="reys.me" />
+	<target host="reyss.ml" />
+	<target host="rezaa.li" />
+	<target host="rezbar.com" />
+	<target host="rezplay.ml" />
+	<target host="rfa.church" />
+	<target host="rfba.uk" />
+	<target host="rfbx.de" />
+	<target host="rfd.video" />
+	<target host="rfds.co" />
+	<target host="rfe.me" />
+	<target host="rfget.com" />
+	<target host="rfidatl.as" />
+	<target host="rfiets.nl" />
+	<target host="rfiles.co" />
+	<target host="rfish.us" />
+	<target host="rfkhr.news" />
+	<target host="rfld.me" />
+	<target host="rflh.us" />
+	<target host="rfly.uk" />
+	<target host="rfm.clothing" />
+	<target host="rfm.press" />
+	<target host="rfn.co" />
+	<target host="rfndr.com" />
+	<target host="rfon.es" />
+	<target host="rfrc.tv" />
+	<target host="rfrk.nl" />
+	<target host="rfshop.us" />
+	<target host="rftp.li" />
+	<target host="rftr.io" />
+	<target host="rg.tl" />
+	<target host="rgb.link" />
+	<target host="rgb.ovh" />
+	<target host="rgb.uno" />
+	<target host="rgdo.de" />
+	<target host="rgg.me" />
+	<target host="rgi.me" />
+	<target host="rgks.us" />
+	<target host="rglo.be" />
+	<target host="rgn.rs" />
+	<target host="rgncy.li" />
+	<target host="rgne.ws" />
+	<target host="rgou.in" />
+	<target host="rgr.cc" />
+	<target host="rgre.co" />
+	<target host="rgsguild.fr" />
+	<target host="rhasm.net" />
+	<target host="rhc.to" />
+	<target host="rhcdc.cc" />
+	<target host="rheamag.co" />
+	<target host="rhet.us" />
+	<target host="rhf.mx" />
+	<target host="rhi.io" />
+	<target host="rhino.camera" />
+	<target host="rhinofri.es" />
+	<target host="rhk.me" />
+	<target host="rhk.today" />
+	<target host="rhlk.cz" />
+	<target host="rhode.io" />
+	<target host="rholck.us" />
+	<target host="rhoml.com" />
+	<target host="rhone.link" />
+	<target host="rhop.me" />
+	<target host="rhou.se" />
+	<target host="rhp.im" />
+	<target host="rhrc.us" />
+	<target host="rhrp.de" />
+	<target host="rhsd.io" />
+	<target host="rhx.tips" />
+	<target host="rhy.mx" />
+	<target host="rhymnbe.at" />
+	<target host="rhyoga.uk" />
+	<target host="rhysmrt.in" />
+	<target host="ri.gy" />
+	<target host="riachi.studio" />
+	<target host="riano.co" />
+	<target host="ribei.ro" />
+	<target host="ribs.mx" />
+	<target host="ric.srchg.xyz" />
+	<target host="ricar.me" />
+	<target host="ricciardijr.com" />
+	<target host="ricek.ml" />
+	<target host="rich.to" />
+	<target host="richp.co" />
+	<target host="richp.us" />
+	<target host="rick.ly" />
+	<target host="rick.ml" />
+	<target host="rickb.ws" />
+	<target host="rickmans.me" />
+	<target host="rickodc.com" />
+	<target host="rickshar.es" />
+	<target host="ricksure.info" />
+	<target host="rickt.nl" />
+	<target host="rickw.in" />
+	<target host="rico.im" />
+	<target host="ricp.co" />
+	<target host="ride.st" />
+	<target host="rideorcry.co" />
+	<target host="rider.red" />
+	<target host="rif.ai" />
+	<target host="riff.ly" />
+	<target host="riff.me" />
+	<target host="rifle.co" />
+	<target host="rig.lu" />
+	<target host="rigg.in" />
+	<target host="right-now.cf" />
+	<target host="rightasra.in" />
+	<target host="rightniks.co.jp" />
+	<target host="righton.link" />
+	<target host="rightside.rocks" />
+	<target host="rigocin.ml" />
+	<target host="rihle.com" />
+	<target host="riht.in" />
+	<target host="rij.cc" />
+	<target host="rik.nz" />
+	<target host="rik.re" />
+	<target host="riknow.co" />
+	<target host="rikudo4k.ml" />
+	<target host="rikuk.com" />
+	<target host="riley.in" />
+	<target host="rils.ml" />
+	<target host="rimonth.ly" />
+	<target host="rin.pink" />
+	<target host="rine.ws" />
+	<target host="ring.ly" />
+	<target host="ringboomhd.ml" />
+	<target host="ringcentr.al" />
+	<target host="ringkeph.com" />
+	<target host="ringley.uk" />
+	<target host="ringsid.ec" />
+	<target host="rink.me" />
+	<target host="rinz.es" />
+	<target host="riog.biz" />
+	<target host="rios.in" />
+	<target host="rioseo.co" />
+	<target host="riot.com" />
+	<target host="riot.site" />
+	<target host="riotx.us" />
+	<target host="rip.city" />
+	<target host="ripper.us" />
+	<target host="ripric.ky" />
+	<target host="ris.ink" />
+	<target host="risas.co" />
+	<target host="risd.cc" />
+	<target host="rise.re" />
+	<target host="risesmart.us" />
+	<target host="risimg.com" />
+	<target host="riskin.me" />
+	<target host="rispe.mx" />
+	<target host="rita.ly" />
+	<target host="ritasker.me" />
+	<target host="ritly.net" />
+	<target host="riton.in" />
+	<target host="rituals.world" />
+	<target host="riv-sol.ml" />
+	<target host="riv.cc" />
+	<target host="rivecas.ml" />
+	<target host="rivercha.se" />
+	<target host="rix22.no" />
+	<target host="riz.li" />
+	<target host="rizky29.tk" />
+	<target host="rizzoweb.info" />
+	<target host="rjadv.com" />
+	<target host="rjayliao.com" />
+	<target host="rjbs.ws" />
+	<target host="rjn.tw" />
+	<target host="rjnews.is" />
+	<target host="rjoc.me" />
+	<target host="rjpho.to" />
+	<target host="rjpp.ca" />
+	<target host="rjvn.co" />
+	<target host="rk.me.uk" />
+	<target host="rk.to" />
+	<target host="rk0.eu" />
+	<target host="rkc.io" />
+	<target host="rkcpr.com" />
+	<target host="rkfsh.in" />
+	<target host="rki.lt" />
+	<target host="rklw.co" />
+	<target host="rktbnk.ru" />
+	<target host="rktit.uk" />
+	<target host="rktn.de" />
+	<target host="rku.co" />
+	<target host="rkyw.me" />
+	<target host="rkz.com.br" />
+	<target host="rkzn.me" />
+	<target host="rl.cm" />
+	<target host="rla.me" />
+	<target host="rlart.co" />
+	<target host="rlauren.co" />
+	<target host="rlb.im" />
+	<target host="rlbs.ml" />
+	<target host="rlcf.us" />
+	<target host="rlchmp.tk" />
+	<target host="rldd.co" />
+	<target host="rledge.co" />
+	<target host="rlegend3054.tk" />
+	<target host="rles.tv" />
+	<target host="rlg.li" />
+	<target host="rlghd.co" />
+	<target host="rlgt.nl" />
+	<target host="rlhtv.com" />
+	<target host="rlif.es" />
+	<target host="rlin.st" />
+	<target host="rlin.tk" />
+	<target host="rline.co" />
+	<target host="rlink.pw" />
+	<target host="rll.bz" />
+	<target host="rlmk.me" />
+	<target host="rlmo.me" />
+	<target host="rln.life" />
+	<target host="rlng.co" />
+	<target host="rlph.de" />
+	<target host="rlpt.co" />
+	<target host="rlstl.com" />
+	<target host="rlu.fyi" />
+	<target host="rlvnt.ml" />
+	<target host="rly.pt" />
+	<target host="rlyb.us" />
+	<target host="rlyon.co" />
+	<target host="rlz.li" />
+	<target host="rmansur.club" />
+	<target host="rmarch.co" />
+	<target host="rmat.pl" />
+	<target host="rmax.ga" />
+	<target host="rmbl.co" />
+	<target host="rmbl.es" />
+	<target host="rmble.co" />
+	<target host="rmbln.gs" />
+	<target host="rmd.pw" />
+	<target host="rmdn.site" />
+	<target host="rmdy.help" />
+	<target host="rmgn.co" />
+	<target host="rmgo.es" />
+	<target host="rmhci.co" />
+	<target host="rmhols.uk" />
+	<target host="rmi.li" />
+	<target host="rmjh.me" />
+	<target host="rmk.ph" />
+	<target host="rmkrcm.com" />
+	<target host="rmpl.me" />
+	<target host="rmr.me" />
+	<target host="rmre.us" />
+	<target host="rmrtv.ml" />
+	<target host="rms.builders" />
+	<target host="rmstvseris.ml" />
+	<target host="rmvets.com" />
+	<target host="rmx.so" />
+	<target host="rmzhc.com" />
+	<target host="rn.city" />
+	<target host="rna.to" />
+	<target host="rnapoli.info" />
+	<target host="rnato.tk" />
+	<target host="rnd.tw" />
+	<target host="rndmlrky.us" />
+	<target host="rndmwrld.com" />
+	<target host="rndnerds.com" />
+	<target host="rndwn.com" />
+	<target host="rndz.us" />
+	<target host="rnecks.co" />
+	<target host="rng.im" />
+	<target host="rng.rs" />
+	<target host="rngd.es" />
+	<target host="rngtbl.com" />
+	<target host="rnib.in" />
+	<target host="rnmkr.me" />
+	<target host="rnml.co" />
+	<target host="rnow.tk" />
+	<target host="rnpn.ch" />
+	<target host="rntg.co" />
+	<target host="rntr.mp" />
+	<target host="rntr.us" />
+	<target host="rnv.tips" />
+	<target host="rnz.to" />
+	<target host="ro.ble.to" />
+	<target host="ro2.us" />
+	<target host="roa.rs" />
+	<target host="roada.me" />
+	<target host="roadne.ws" />
+	<target host="roagora.com" />
+	<target host="roari.link" />
+	<target host="roarim.com" />
+	<target host="rob-clay.com" />
+	<target host="rob.st" />
+	<target host="rob.tips" />
+	<target host="robati.info" />
+	<target host="robb.biz" />
+	<target host="robb.news" />
+	<target host="robb.rocks" />
+	<target host="robb.us" />
+	<target host="robbin.ml" />
+	<target host="robc.me" />
+	<target host="robdesideri.it" />
+	<target host="rober.link" />
+	<target host="robij.tk" />
+	<target host="robin.yt" />
+	<target host="robinyu.uk" />
+	<target host="roblahb.la" />
+	<target host="robm.in" />
+	<target host="robmor.net" />
+	<target host="robotjesse.com" />
+	<target host="robp.co" />
+	<target host="robsols.legal" />
+	<target host="robtv.co" />
+	<target host="robvance.link" />
+	<target host="robwil.info" />
+	<target host="robyn.ml" />
+	<target host="roc.gg" />
+	<target host="roc2l.com" />
+	<target host="rocc.care" />
+	<target host="roccodev.tk" />
+	<target host="rochellek.info" />
+	<target host="rock.sh" />
+	<target host="rocka.by" />
+	<target host="rockent.link" />
+	<target host="rockett.es" />
+	<target host="rockfo.to" />
+	<target host="rockhur.st" />
+	<target host="rocki.ng" />
+	<target host="rockni.ca" />
+	<target host="rocknytt.co" />
+	<target host="rocksho.ws" />
+	<target host="rocktc.de" />
+	<target host="rod.cx" />
+	<target host="rodaw.me" />
+	<target host="rode.sk" />
+	<target host="rodei.me" />
+	<target host="rodekru.is" />
+	<target host="rof.to" />
+	<target host="rog.li" />
+	<target host="rog42.tv" />
+	<target host="roge.rs" />
+	<target host="roger.jp" />
+	<target host="rogerbacon.co" />
+	<target host="rogert.me" />
+	<target host="roh.cm" />
+	<target host="roh.news" />
+	<target host="rohe.im" />
+	<target host="rohen.me" />
+	<target host="rohit.ws" />
+	<target host="rohu.co" />
+	<target host="roi.ms" />
+	<target host="rok.auto" />
+	<target host="rok.land" />
+	<target host="rokk.co" />
+	<target host="roky.me" />
+	<target host="rol.la" />
+	<target host="rol.st" />
+	<target host="rollingp.in" />
+	<target host="rollvt.tv" />
+	<target host="rompe.la" />
+	<target host="ron.ly" />
+	<target host="ronaldp.be" />
+	<target host="ronalds.link" />
+	<target host="roncan.net" />
+	<target host="ronenbkr.mn" />
+	<target host="rong.events" />
+	<target host="ronggeng.ml" />
+	<target host="ronhjr.me" />
+	<target host="ronikantor.me" />
+	<target host="ronin8.co" />
+	<target host="ronr.pro" />
+	<target host="roo.li" />
+	<target host="rooar.ca" />
+	<target host="rooel.in" />
+	<target host="roof.news" />
+	<target host="roofprofil.es" />
+	<target host="roosev.lt" />
+	<target host="roostr.video" />
+	<target host="rootpath.co" />
+	<target host="rootsof.co" />
+	<target host="rope.koso.me" />
+	<target host="ropo.it" />
+	<target host="ropo.so" />
+	<target host="roqu.in" />
+	<target host="rore.me" />
+	<target host="roryk.co" />
+	<target host="rosco.blog" />
+	<target host="rosebakes.co" />
+	<target host="rosebudstud.io" />
+	<target host="roseq.co" />
+	<target host="roseres.co" />
+	<target host="rosie.click" />
+	<target host="rospl.us" />
+	<target host="rossdak.in" />
+	<target host="rosso.gq" />
+	<target host="rosso.me" />
+	<target host="rossvi.de" />
+	<target host="rossy.me" />
+	<target host="rosw.us" />
+	<target host="rothe.me" />
+	<target host="roto.golf" />
+	<target host="rotten.cf" />
+	<target host="roundp.co" />
+	<target host="routerflix.ml" />
+	<target host="rov.io" />
+	<target host="rover.fm" />
+	<target host="rovert.ca" />
+	<target host="rovid.aiee.hu" />
+	<target host="rowi.ro" />
+	<target host="rowlands.je" />
+	<target host="rown.me" />
+	<target host="rowskey.com" />
+	<target host="roxieteaches.me" />
+	<target host="roy.ac" />
+	<target host="roy.ist" />
+	<target host="roy.lc" />
+	<target host="royalshell.me" />
+	<target host="royaltalens.us" />
+	<target host="royaltygem3.top" />
+	<target host="royd.to" />
+	<target host="roye.la" />
+	<target host="rp3.io" />
+	<target host="rpa.la" />
+	<target host="rpa.life" />
+	<target host="rpca.li" />
+	<target host="rpcollection.co" />
+	<target host="rpdne.ws" />
+	<target host="rpdz.me" />
+	<target host="rpe.tw" />
+	<target host="rpfl.us" />
+	<target host="rph.im" />
+	<target host="rphar.ms" />
+	<target host="rpho.to" />
+	<target host="rpkjr.us" />
+	<target host="rpkr.co" />
+	<target host="rplr.co" />
+	<target host="rply.ai" />
+	<target host="rpmalert.to" />
+	<target host="rpmtc.us" />
+	<target host="rpn.media" />
+	<target host="rpo.guru" />
+	<target host="rpos.link" />
+	<target host="rpp.life" />
+	<target host="rppl.us" />
+	<target host="rpr.me" />
+	<target host="rpr.world" />
+	<target host="rprsnt.us" />
+	<target host="rpsays.com" />
+	<target host="rpsd.ltd" />
+	<target host="rptx.nl" />
+	<target host="rpu.li" />
+	<target host="rqrd.me" />
+	<target host="rr-link.com" />
+	<target host="rr-tvhd.ml" />
+	<target host="rr.gy" />
+	<target host="rr5.us" />
+	<target host="rrbtour.live" />
+	<target host="rrcom.nl" />
+	<target host="rrdrv.com" />
+	<target host="rreed.me" />
+	<target host="rrg.me" />
+	<target host="rrn.link" />
+	<target host="rroo.co" />
+	<target host="rrplus.ag" />
+	<target host="rrradio.vision" />
+	<target host="rrrtix.com" />
+	<target host="rrs.co" />
+	<target host="rrsd.me" />
+	<target host="rrss.dgt.es" />
+	<target host="rrtool.in" />
+	<target host="rrttoo.gq" />
+	<target host="rrul.es" />
+	<target host="rry.im" />
+	<target host="rs-fit.com" />
+	<target host="rs.andrea.com" />
+	<target host="rs.life" />
+	<target host="rs3.pw" />
+	<target host="rs9.us" />
+	<target host="rsa.im" />
+	<target host="rsc.bz" />
+	<target host="rsc.fyi" />
+	<target host="rsc.li" />
+	<target host="rscda.de" />
+	<target host="rsctr.me" />
+	<target host="rsd.me.uk" />
+	<target host="rsdn.me" />
+	<target host="rsh.cc" />
+	<target host="rsh.md" />
+	<target host="rshar.ma" />
+	<target host="rshi.ps" />
+	<target host="rsi.space" />
+	<target host="rskd.me" />
+	<target host="rskl.co" />
+	<target host="rskt.ch" />
+	<target host="rsloth.co" />
+	<target host="rslvr.co" />
+	<target host="rsm-jkt.ml" />
+	<target host="rsm-tvhd.ml" />
+	<target host="rsm.us" />
+	<target host="rsmart.ly" />
+	<target host="rsmonline.ml" />
+	<target host="rsmpresent.tk" />
+	<target host="rsn8.co" />
+	<target host="rsnbl.us" />
+	<target host="rsnd.co" />
+	<target host="rsng.org" />
+	<target host="rsob.me" />
+	<target host="rsokol.ru" />
+	<target host="rsp.im" />
+	<target host="rspcansw.org" />
+	<target host="rspol.us" />
+	<target host="rsqhb.co" />
+	<target host="rsr.me" />
+	<target host="rsr.nyc" />
+	<target host="rsrch.co" />
+	<target host="rsrv.ca" />
+	<target host="rstbl.ch" />
+	<target host="rstl.es" />
+	<target host="rstt.eu" />
+	<target host="rstv.ml" />
+	<target host="rsty.co" />
+	<target host="rsty.gr" />
+	<target host="rsvlts.co" />
+	<target host="rsvq.co" />
+	<target host="rt-short.link" />
+	<target host="rt.300st.ru" />
+	<target host="rt.agservice.pt" />
+	<target host="rt.im" />
+	<target host="rt.io" />
+	<target host="rt1.in" />
+	<target host="rt30.co" />
+	<target host="rt66.run" />
+	<target host="rta.bz" />
+	<target host="rtb.photos" />
+	<target host="rtbd.es" />
+	<target host="rtbi.eu" />
+	<target host="rtby.co" />
+	<target host="rtc.li" />
+	<target host="rtcetsy.com" />
+	<target host="rtcn.info" />
+	<target host="rtco.ws" />
+	<target host="rtd.li" />
+	<target host="rtfix.us" />
+	<target host="rths.co" />
+	<target host="rti.link" />
+	<target host="rtky.co" />
+	<target host="rtlmusic.cf" />
+	<target host="rtlyd.co" />
+	<target host="rtm.one" />
+	<target host="rtmet.com" />
+	<target host="rtn.church" />
+	<target host="rtn.co" />
+	<target host="rtna.me" />
+	<target host="rtnews.fyi" />
+	<target host="rtou.ch" />
+	<target host="rtpj.us" />
+	<target host="rtpth.co" />
+	<target host="rtr.cm" />
+	<target host="rtro.me" />
+	<target host="rtrpics.com" />
+	<target host="rtrv.co" />
+	<target host="rtsn.tk" />
+	<target host="rttnbwy.co" />
+	<target host="rtview.me" />
+	<target host="rtvote.com" />
+	<target host="rtvote.org" />
+	<target host="rty.pe" />
+	<target host="rubj11.tk" />
+	<target host="ruby.to" />
+	<target host="ruch.me" />
+	<target host="ruck.ly" />
+	<target host="rud3tp1sanhd.ml" />
+	<target host="rudo.co" />
+	<target host="rufc.co" />
+	<target host="ruff.ly" />
+	<target host="rufus.li" />
+	<target host="ruidirect.info" />
+	<target host="ruidoblan.co" />
+	<target host="ruizmc.us" />
+	<target host="rul.li" />
+	<target host="rules.ws" />
+	<target host="rulon.co" />
+	<target host="rumblegam.es" />
+	<target host="rumi.loak.org" />
+	<target host="rummyc.co" />
+	<target host="runba.se" />
+	<target host="runbeco.me" />
+	<target host="runcourage.me" />
+	<target host="runcrs.co" />
+	<target host="rundeck.co" />
+	<target host="runit.life" />
+	<target host="runl.me" />
+	<target host="runlean.ly" />
+	<target host="runour.city" />
+	<target host="runso.co" />
+	<target host="runtu.be" />
+	<target host="rupa2.co" />
+	<target host="rush.band" />
+	<target host="rush.gallery" />
+	<target host="rushput.in" />
+	<target host="rushtix.co" />
+	<target host="russ.link" />
+	<target host="russfr.it" />
+	<target host="rusticwed.com" />
+	<target host="rustitems.us" />
+	<target host="rusty.nz" />
+	<target host="rut.gr" />
+	<target host="ruu.dk" />
+	<target host="ruudhe.in" />
+	<target host="ruv.me" />
+	<target host="ruwo.uk" />
+	<target host="ruz.al" />
+	<target host="rv-l.com" />
+	<target host="rv-r.tk" />
+	<target host="rv.cr" />
+	<target host="rvbd.ly" />
+	<target host="rvet.me" />
+	<target host="rvgt.ch" />
+	<target host="rvl.li" />
+	<target host="rvld.dj" />
+	<target host="rvlo.ml" />
+	<target host="rvls.co" />
+	<target host="rvltn.vc" />
+	<target host="rvn.us" />
+	<target host="rvn5.com" />
+	<target host="rvowl.es" />
+	<target host="rvpro.co" />
+	<target host="rvrb.info" />
+	<target host="rvrb.us" />
+	<target host="rvsh.in" />
+	<target host="rvsn.in" />
+	<target host="rvss.xyz" />
+	<target host="rvst.me" />
+	<target host="rvt.tv" />
+	<target host="rvtr.co" />
+	<target host="rvtra.de" />
+	<target host="rvtt.co" />
+	<target host="rvtv.io" />
+	<target host="rvve.in" />
+	<target host="rvw.cc" />
+	<target host="rvw.church" />
+	<target host="rvw.pt" />
+	<target host="rvwb.co" />
+	<target host="rvwd.co" />
+	<target host="rvws.io" />
+	<target host="rvwsna.co" />
+	<target host="rvz.la" />
+	<target host="rwd.is" />
+	<target host="rwg.genting" />
+	<target host="rwg.li" />
+	<target host="rwhite.nz" />
+	<target host="rwhy.es" />
+	<target host="rwick.it" />
+	<target host="rwine.uk" />
+	<target host="rwjf.ws" />
+	<target host="rwm.press" />
+	<target host="rwn.me" />
+	<target host="rwp.im" />
+	<target host="rwrdn.im" />
+	<target host="rwsis.com" />
+	<target host="rwudonate.mobi" />
+	<target host="rxg.de" />
+	<target host="rxh.cc" />
+	<target host="rxss.co" />
+	<target host="ry.ly" />
+	<target host="ry5.org" />
+	<target host="ryanbrooks.me" />
+	<target host="ryanin.nz" />
+	<target host="ryankno.ws" />
+	<target host="ryans.link" />
+	<target host="ryanslinks.tk" />
+	<target host="ryansm.it" />
+	<target host="rybo.co" />
+	<target host="ryf.me" />
+	<target host="rynd.tk" />
+	<target host="rynf.it" />
+	<target host="ryngln.com" />
+	<target host="rynl.ml" />
+	<target host="rynobl.us" />
+	<target host="ryrb.co" />
+	<target host="ryska.mp" />
+	<target host="ryss.uk" />
+	<target host="ryyaan.org" />
+	<target host="rzep.ec" />
+	<target host="rzphoto.de" />
+	<target host="rzr.sg" />
+	<target host="rzz.li" />
+	<target host="s-2.us" />
+	<target host="s-3-c.com" />
+	<target host="s-and-s.us" />
+	<target host="s-asia.net" />
+	<target host="s-av.co" />
+	<target host="s-b.io" />
+	<target host="s-b.one" />
+	<target host="s-bn.co" />
+	<target host="s-delivery.com" />
+	<target host="s-e-f.info" />
+	<target host="s-fre.net" />
+	<target host="s-har.es" />
+	<target host="s-hope.co" />
+	<target host="s-i-u.co" />
+	<target host="s-id.in" />
+	<target host="s-k.cm" />
+	<target host="s-l.tech" />
+	<target host="s-lb.us" />
+	<target host="s-light.co" />
+	<target host="s-mb.us" />
+	<target host="s-n.se" />
+	<target host="s-ph.co" />
+	<target host="s-sci.co" />
+	<target host="s.180dc.org" />
+	<target host="s.1m2.vn" />
+	<target host="s.2904.cc" />
+	<target host="s.2hm.co" />
+	<target host="s.2o6.net" />
+	<target host="s.3jsb-info.com" />
+	<target host="s.40-02.ru" />
+	<target host="s.417.cz" />
+	<target host="s.418.be" />
+	<target host="s.450nm.com" />
+	<target host="s.4now.net" />
+	<target host="s.4zal.net" />
+	<target host="s.5hd.co" />
+	<target host="s.8qp.co" />
+	<target host="s.8ratio.ch" />
+	<target host="s.aac.st" />
+	<target host="s.ab-c.nl" />
+	<target host="s.abfa.org.uk" />
+	<target host="s.abix.jp" />
+	<target host="s.able.co" />
+	<target host="s.acar.tc" />
+	<target host="s.acco.org" />
+	<target host="s.acmt.net" />
+	<target host="s.adamlj.com" />
+	<target host="s.aeshield.com" />
+	<target host="s.afogh.dk" />
+	<target host="s.aida.cz" />
+	<target host="s.aiesec.jp" />
+	<target host="s.aimerci.in" />
+	<target host="s.aioria.jp" />
+	<target host="s.aja.jp" />
+	<target host="s.ajchan.com" />
+	<target host="s.alc.jp" />
+	<target host="s.aldebian.com" />
+	<target host="s.alessio.re" />
+	<target host="s.alialien.de" />
+	<target host="s.aln.sg" />
+	<target host="s.alpk12.org" />
+	<target host="s.am-ind.com" />
+	<target host="s.amafashion.ro" />
+	<target host="s.amateras.jp" />
+	<target host="s.anaz.ae" />
+	<target host="s.andrek.com" />
+	<target host="s.aneb.ca" />
+	<target host="s.anime.dj" />
+	<target host="s.anthrax.store" />
+	<target host="s.anycloud.co" />
+	<target host="s.aolkin.me" />
+	<target host="s.apibloke.tech" />
+	<target host="s.apps786.com" />
+	<target host="s.appsooq.com" />
+	<target host="s.apt-la.de" />
+	<target host="s.aqua-feb.com" />
+	<target host="s.arcadd.tv" />
+	<target host="s.arco.mx" />
+	<target host="s.arinco.org" />
+	<target host="s.arink.de" />
+	<target host="s.arle.co.jp" />
+	<target host="s.aroma1997.org" />
+	<target host="s.artstreet.biz" />
+	<target host="s.asbestos.com" />
+	<target host="s.ashford.io" />
+	<target host="s.atea.no" />
+	<target host="s.atlife.xyz" />
+	<target host="s.atwebs.net" />
+	<target host="s.awads.net" />
+	<target host="s.awkmas.io" />
+	<target host="s.awr.org" />
+	<target host="s.aysray.com" />
+	<target host="s.azur.io" />
+	<target host="s.b12e.be" />
+	<target host="s.bakashimoe.me" />
+	<target host="s.baldr.jp" />
+	<target host="s.bao3.org" />
+	<target host="s.basg.nl" />
+	<target host="s.bazoo.me" />
+	<target host="s.bdarfler.com" />
+	<target host="s.be-ing.co.jp" />
+	<target host="s.beachboys.tv" />
+	<target host="s.beij.in" />
+	<target host="s.bekas.org" />
+	<target host="s.belisle.pro" />
+	<target host="s.bellicorp.com" />
+	<target host="s.benad.me" />
+	<target host="s.bench.dog" />
+	<target host="s.benj.io" />
+	<target host="s.benlee.my" />
+	<target host="s.benmanns.com" />
+	<target host="s.benn.eu" />
+	<target host="s.bep.pw" />
+	<target host="s.berny.sk" />
+	<target host="s.bitly.gag.gl" />
+	<target host="s.bitomule.com" />
+	<target host="s.bizequity.com" />
+	<target host="s.blissful.asia" />
+	<target host="s.blueedges.co" />
+	<target host="s.bluora.com.au" />
+	<target host="s.boeddo.com" />
+	<target host="s.bololo.com.br" />
+	<target host="s.bommox.com" />
+	<target host="s.bonn.fm" />
+	<target host="s.booknik.ru" />
+	<target host="s.boyran.jp" />
+	<target host="s.bpm.org" />
+	<target host="s.brand-mgr.org" />
+	<target host="s.bridget.su" />
+	<target host="s.briq.mx" />
+	<target host="s.brush-up.jp" />
+	<target host="s.bs.sa" />
+	<target host="s.bsk.im" />
+	<target host="s.bth.is" />
+	<target host="s.bus.ac" />
+	<target host="s.bussanten.jp" />
+	<target host="s.buzzr.in" />
+	<target host="s.cabamalin.fr" />
+	<target host="s.cagn.net" />
+	<target host="s.camo.org" />
+	<target host="s.canaltours.dk" />
+	<target host="s.carlcolt.co" />
+	<target host="s.cassiopea.dk" />
+	<target host="s.causio.com" />
+	<target host="s.cbmainz.de" />
+	<target host="s.cci-vk.de" />
+	<target host="s.ccmc.pw" />
+	<target host="s.ccmss.org.mx" />
+	<target host="s.cctv.net" />
+	<target host="s.ccvine.org" />
+	<target host="s.cevela.net" />
+	<target host="s.cfbolz.de" />
+	<target host="s.chalkport.com" />
+	<target host="s.cheapskat.com" />
+	<target host="s.chiatse.com" />
+	<target host="s.chichi.co.jp" />
+	<target host="s.chikaki.me" />
+	<target host="s.chilli.mobi" />
+	<target host="s.chool.ch" />
+	<target host="s.chriis2b.com" />
+	<target host="s.chuplus.jp" />
+	<target host="s.cipr.es" />
+	<target host="s.ciu20.org" />
+	<target host="s.clc.tf" />
+	<target host="s.cloppar.com" />
+	<target host="s.cloudjim.com" />
+	<target host="s.clrd.nl" />
+	<target host="s.cmap.ws" />
+	<target host="s.cmns.nl" />
+	<target host="s.cmshikaku.com" />
+	<target host="s.codatey.top" />
+	<target host="s.code-expo.com" />
+	<target host="s.codeit.tw" />
+	<target host="s.coit.es" />
+	<target host="s.colinross.me" />
+	<target host="s.colins.space" />
+	<target host="s.coloni.nl" />
+	<target host="s.comg.jp" />
+	<target host="s.comicnerd.com" />
+	<target host="s.corelle.ro" />
+	<target host="s.cotoco.net" />
+	<target host="s.couch-blog.de" />
+	<target host="s.couples.lv" />
+	<target host="s.crazyboy.link" />
+	<target host="s.credit24.fi" />
+	<target host="s.crows.kr" />
+	<target host="s.csp.fr" />
+	<target host="s.csxking.me" />
+	<target host="s.cuezva.net" />
+	<target host="s.cut.org.br" />
+	<target host="s.cvsweb.com.br" />
+	<target host="s.d-diet.jp" />
+	<target host="s.da3.net" />
+	<target host="s.dalileo.link" />
+	<target host="s.dallerup.net" />
+	<target host="s.darrenoia.com" />
+	<target host="s.daserste.de" />
+	<target host="s.daspixl.com" />
+	<target host="s.data.re" />
+	<target host="s.dav.is" />
+	<target host="s.daycrazy.nl" />
+	<target host="s.daytraders.jp" />
+	<target host="s.delmore.io" />
+	<target host="s.delphaber.com" />
+	<target host="s.deratrox.de" />
+	<target host="s.derz.co" />
+	<target host="s.design.tc" />
+	<target host="s.designplus.co" />
+	<target host="s.devnq.org" />
+	<target host="s.devpy.me" />
+	<target host="s.devstl.com" />
+	<target host="s.devthon.org" />
+	<target host="s.devtty.de" />
+	<target host="s.digitalpix.nl" />
+	<target host="s.digitec.ru" />
+	<target host="s.dinno.com" />
+	<target host="s.dissidia.net" />
+	<target host="s.dmal.dk" />
+	<target host="s.dmg.to" />
+	<target host="s.dog2puppy.tk" />
+	<target host="s.dohkeblog.com" />
+	<target host="s.dokuha.jp" />
+	<target host="s.dosp.org" />
+	<target host="s.dot-jp.or.jp" />
+	<target host="s.dq.gg" />
+	<target host="s.dragshare.co" />
+	<target host="s.drawncon.com" />
+	<target host="s.dtorres.me" />
+	<target host="s.dtsn.me" />
+	<target host="s.dv.nu" />
+	<target host="s.dvr.org.au" />
+	<target host="s.e-oshibai.com" />
+	<target host="s.eap.io" />
+	<target host="s.ec.eeb3.eu" />
+	<target host="s.ecosoft.co.jp" />
+	<target host="s.ecu.edu.au" />
+	<target host="s.edson.co" />
+	<target host="s.eg-ls.com" />
+	<target host="s.elne.jp" />
+	<target host="s.emp.re" />
+	<target host="s.empxl.com" />
+	<target host="s.emq.io" />
+	<target host="s.epm-music.com" />
+	<target host="s.epoint.es" />
+	<target host="s.esza.org" />
+	<target host="s.etree.biz" />
+	<target host="s.eupathdb.org" />
+	<target host="s.excid3.com" />
+	<target host="s.f87.me" />
+	<target host="s.fabrykacen.pl" />
+	<target host="s.fam-rose.net" />
+	<target host="s.fapce.com.br" />
+	<target host="s.fcbh.com" />
+	<target host="s.felem.com" />
+	<target host="s.fendmark.com" />
+	<target host="s.fetch.nl" />
+	<target host="s.ff-yj.com" />
+	<target host="s.ffggrz.de" />
+	<target host="s.ffw-m.de" />
+	<target host="s.fink.ws" />
+	<target host="s.flinkefolk.lt" />
+	<target host="s.flus.be" />
+	<target host="s.fluxs.me" />
+	<target host="s.fotoglut.de" />
+	<target host="s.fpbank.co.jp" />
+	<target host="s.fquff.io" />
+	<target host="s.frc.ch" />
+	<target host="s.frd.mn" />
+	<target host="s.frev.jp" />
+	<target host="s.frk.com" />
+	<target host="s.frogi.co.il" />
+	<target host="s.fungidb.org" />
+	<target host="s.fxclub.org" />
+	<target host="s.fxpreview.com" />
+	<target host="s.gaijinpot.com" />
+	<target host="s.gainmoney.net" />
+	<target host="s.galvezgil.com" />
+	<target host="s.gamagic.com" />
+	<target host="s.gambe.jp" />
+	<target host="s.garitv.eu" />
+	<target host="s.gatech.edu" />
+	<target host="s.gavinr.com" />
+	<target host="s.gego.co.ke" />
+	<target host="s.gekiura.com" />
+	<target host="s.gerd.me" />
+	<target host="s.gerwert.io" />
+	<target host="s.ghac.in" />
+	<target host="s.ghctim.com" />
+	<target host="s.ghrebaa.com" />
+	<target host="s.gilly.cat" />
+	<target host="s.ginzy.me" />
+	<target host="s.girlylane.com" />
+	<target host="s.gish.se" />
+	<target host="s.gjm.it" />
+	<target host="s.glasscat.info" />
+	<target host="s.gln.me" />
+	<target host="s.glowfm.nl" />
+	<target host="s.gmb.io" />
+	<target host="s.gob.cl" />
+	<target host="s.goearnie.com" />
+	<target host="s.gomu.jp" />
+	<target host="s.gosu.co" />
+	<target host="s.gots9713.xyz" />
+	<target host="s.gronowo.net" />
+	<target host="s.grumpa.me" />
+	<target host="s.gtaind.com" />
+	<target host="s.guol.in" />
+	<target host="s.h-g.space" />
+	<target host="s.h2oskierc.com" />
+	<target host="s.h4x.pw" />
+	<target host="s.hackery.net" />
+	<target host="s.hadje.nl" />
+	<target host="s.haleagar.com" />
+	<target host="s.hamil.town" />
+	<target host="s.handyage.com" />
+	<target host="s.haqaq.com" />
+	<target host="s.hatamoto.biz" />
+	<target host="s.hatyati.jp" />
+	<target host="s.hauter.de" />
+	<target host="s.haxim.us" />
+	<target host="s.haxney.org" />
+	<target host="s.hbr.org" />
+	<target host="s.heartwalk.org" />
+	<target host="s.hero.do" />
+	<target host="s.hfcac.ml" />
+	<target host="s.hgtv.ca" />
+	<target host="s.himayge.com" />
+	<target host="s.himbeer.me" />
+	<target host="s.hiraku.tw" />
+	<target host="s.hitap.jp" />
+	<target host="s.hkeeu.org" />
+	<target host="s.hoko.me" />
+	<target host="s.holist.de" />
+	<target host="s.hookd.in" />
+	<target host="s.hostgila.com" />
+	<target host="s.hoto.me" />
+	<target host="s.hreinfo.com" />
+	<target host="s.hrink.me" />
+	<target host="s.hstry.org" />
+	<target host="s.htc.com" />
+	<target host="s.httr.pl" />
+	<target host="s.huchen.me" />
+	<target host="s.hughblong.com" />
+	<target host="s.hum-ncu.com" />
+	<target host="s.hustle.ws" />
+	<target host="s.hychen.org" />
+	<target host="s.i-pb.net" />
+	<target host="s.i2g.ru" />
+	<target host="s.i879.jp" />
+	<target host="s.iahi.or.id" />
+	<target host="s.iammike.co" />
+	<target host="s.ibd.org.au" />
+	<target host="s.ibron.co" />
+	<target host="s.ic-2000.com" />
+	<target host="s.ichec.ie" />
+	<target host="s.icrewedup.com" />
+	<target host="s.idarknight.ca" />
+	<target host="s.idsn.hu" />
+	<target host="s.ietty.me" />
+	<target host="s.iffy.io" />
+	<target host="s.iknow.travel" />
+	<target host="s.ilyagram.org" />
+	<target host="s.imaonline.jp" />
+	<target host="s.imjp.co.jp" />
+	<target host="s.imluc.ga" />
+	<target host="s.imobile.co.jp" />
+	<target host="s.impactory.de" />
+	<target host="s.inoccu.com" />
+	<target host="s.insighto.com" />
+	<target host="s.int.lv" />
+	<target host="s.intern.vn" />
+	<target host="s.intu1.com" />
+	<target host="s.inyaland.com" />
+	<target host="s.inza.me" />
+	<target host="s.ip-edu.org" />
+	<target host="s.iphone4.tw" />
+	<target host="s.iriss.org.uk" />
+	<target host="s.is-assoc.jp" />
+	<target host="s.isaachoo.com" />
+	<target host="s.isujay.com" />
+	<target host="s.iterar.co" />
+	<target host="s.itoen.co.jp" />
+	<target host="s.itpsworld.net" />
+	<target host="s.itstoni.com" />
+	<target host="s.iuniv.tv" />
+	<target host="s.ivi.ru" />
+	<target host="s.iwaishin.com" />
+	<target host="s.iwanaga.org" />
+	<target host="s.ixq.com.tw" />
+	<target host="s.jaf0.com" />
+	<target host="s.jakob.cc" />
+	<target host="s.jakusit.cz" />
+	<target host="s.jalan.net" />
+	<target host="s.jamierocks.uk" />
+	<target host="s.jamies.tips" />
+	<target host="s.jamula.net" />
+	<target host="s.janke.im" />
+	<target host="s.jawne.info.pl" />
+	<target host="s.jbit.biz" />
+	<target host="s.jboutros.org" />
+	<target host="s.jce.io" />
+	<target host="s.jcky.ca" />
+	<target host="s.jdg.net" />
+	<target host="s.jessenixon.me" />
+	<target host="s.jglopez.net" />
+	<target host="s.jgog.in" />
+	<target host="s.jilin.com.tw" />
+	<target host="s.jingaiei.in" />
+	<target host="s.jiyugaoka.net" />
+	<target host="s.jlm.me" />
+	<target host="s.jmc.me" />
+	<target host="s.joey.ninja" />
+	<target host="s.joeyfoo.com" />
+	<target host="s.joinuz.nl" />
+	<target host="s.jonasn.nu" />
+	<target host="s.joonh.com" />
+	<target host="s.joosh.eu" />
+	<target host="s.joureikun.jp" />
+	<target host="s.jpnkn.tk" />
+	<target host="s.jsktv.biz" />
+	<target host="s.juggle.rocks" />
+	<target host="s.jui.cc" />
+	<target host="s.jukucore.jp" />
+	<target host="s.jvrtech.net" />
+	<target host="s.ka300.de" />
+	<target host="s.kabajari.com" />
+	<target host="s.kabam.com" />
+	<target host="s.kai.vc" />
+	<target host="s.kaiyuan.eu" />
+	<target host="s.kamekura.org" />
+	<target host="s.karamoff.ru" />
+	<target host="s.kariba.co.ke" />
+	<target host="s.kavaj.com" />
+	<target host="s.kazendi.com" />
+	<target host="s.kbkw.com" />
+	<target host="s.kdama.net" />
+	<target host="s.keat.es" />
+	<target host="s.keeffes.com" />
+	<target host="s.kei-n.com" />
+	<target host="s.keiba0.com" />
+	<target host="s.kelvin.pw" />
+	<target host="s.kende.fr" />
+	<target host="s.keniji.men" />
+	<target host="s.kenrick95.org" />
+	<target host="s.kevindang.com" />
+	<target host="s.kgbureau.nl" />
+	<target host="s.kis.ro" />
+	<target host="s.kit.ac" />
+	<target host="s.kjk.jp" />
+	<target host="s.kkcpct.org" />
+	<target host="s.klarx.de" />
+	<target host="s.koban.tk" />
+	<target host="s.kodo.ro" />
+	<target host="s.koemu.com" />
+	<target host="s.kordel.xyz" />
+	<target host="s.kostibas.com" />
+	<target host="s.koyu.space" />
+	<target host="s.kpo.org.au" />
+	<target host="s.kramure.at" />
+	<target host="s.krysp.in" />
+	<target host="s.kvdl.com" />
+	<target host="s.kyled.me" />
+	<target host="s.kyledavid.com" />
+	<target host="s.kylepiira.com" />
+	<target host="s.kyon.info" />
+	<target host="s.kyueens.com" />
+	<target host="s.kzmhr.com" />
+	<target host="s.lair.io" />
+	<target host="s.lamattina.me" />
+	<target host="s.laniw.win" />
+	<target host="s.lanzani.nl" />
+	<target host="s.lcjvs.com" />
+	<target host="s.ldg.me" />
+	<target host="s.ldk.io" />
+	<target host="s.leadsharp.co" />
+	<target host="s.learnyapl.com" />
+	<target host="s.lf.io" />
+	<target host="s.lgfoot.be" />
+	<target host="s.lib-bykhov.by" />
+	<target host="s.libra.sc" />
+	<target host="s.ligamx.net" />
+	<target host="s.lilm.in" />
+	<target host="s.lineage.mobi" />
+	<target host="s.linkbiru.com" />
+	<target host="s.linz2.at" />
+	<target host="s.liquidmoon.de" />
+	<target host="s.lismo.jp" />
+	<target host="s.listfreak.com" />
+	<target host="s.litand.us" />
+	<target host="s.livekn.com" />
+	<target host="s.livepocket.jp" />
+	<target host="s.lnrdll.me" />
+	<target host="s.lotus-qa.com" />
+	<target host="s.lroy.nl" />
+	<target host="s.lucky.nl" />
+	<target host="s.lug.bz" />
+	<target host="s.lumilight.ae" />
+	<target host="s.lunapig.com" />
+	<target host="s.lunazy.red" />
+	<target host="s.luu.id.au" />
+	<target host="s.lv73.net" />
+	<target host="s.lzkill.com" />
+	<target host="s.m-w.com" />
+	<target host="s.m1k3.pw" />
+	<target host="s.m2i3.com" />
+	<target host="s.macaro-ni.jp" />
+	<target host="s.maggi.cc" />
+	<target host="s.mailstand.net" />
+	<target host="s.makie.me" />
+	<target host="s.manhim.net" />
+	<target host="s.marishamt.ru" />
+	<target host="s.martin.ae" />
+	<target host="s.matcha-jp.com" />
+	<target host="s.mattdodge.net" />
+	<target host="s.maxi.host" />
+	<target host="s.maxikg.de" />
+	<target host="s.maxlielje.co" />
+	<target host="s.mazemap.com" />
+	<target host="s.mbls.fr" />
+	<target host="s.mcboof.com" />
+	<target host="s.mcmainiac.de" />
+	<target host="s.mebu83.org" />
+	<target host="s.melt.bz" />
+	<target host="s.mentalt.jp" />
+	<target host="s.mepa.ch" />
+	<target host="s.methylium.com" />
+	<target host="s.metiix.com" />
+	<target host="s.meulie.net" />
+	<target host="s.mgick.com" />
+	<target host="s.mglg.info" />
+	<target host="s.mguy.ca" />
+	<target host="s.midd.ag" />
+	<target host="s.midokite.com" />
+	<target host="s.miguel.ms" />
+	<target host="s.mijnapps.info" />
+	<target host="s.mikimoto.com" />
+	<target host="s.mil.ru" />
+	<target host="s.minami.me" />
+	<target host="s.mineehen.net" />
+	<target host="s.mior.ca" />
+	<target host="s.misagent.com" />
+	<target host="s.miyachiki.me" />
+	<target host="s.mkt.org.tw" />
+	<target host="s.mnz.ro" />
+	<target host="s.mocolate.com" />
+	<target host="s.mojareuma.sk" />
+	<target host="s.mommybo.com" />
+	<target host="s.monib.com" />
+	<target host="s.mosawir.com" />
+	<target host="s.motta.jp" />
+	<target host="s.mouallem.com" />
+	<target host="s.moxbit.com" />
+	<target host="s.mrig.in" />
+	<target host="s.mrj.ae" />
+	<target host="s.mrph.es" />
+	<target host="s.mrsgerrys.com" />
+	<target host="s.msz.io" />
+	<target host="s.mtts.se" />
+	<target host="s.mumu.nu" />
+	<target host="s.mutantbox.com" />
+	<target host="s.mvlte.us" />
+	<target host="s.mydoc.asia" />
+	<target host="s.myhome.co.at" />
+	<target host="s.myvmv.com" />
+	<target host="s.naitwo.me" />
+	<target host="s.najlabs.com" />
+	<target host="s.nak.co" />
+	<target host="s.nanakii.fr" />
+	<target host="s.naokie.net" />
+	<target host="s.nashafa.com" />
+	<target host="s.nbtechllc.com" />
+	<target host="s.ncksnydr.com" />
+	<target host="s.ndrsn.org" />
+	<target host="s.ne-co.me" />
+	<target host="s.nett00n.org" />
+	<target host="s.ngenius.com" />
+	<target host="s.nibo.pro" />
+	<target host="s.nichtray.com" />
+	<target host="s.nickclark.ca" />
+	<target host="s.nickmom.com" />
+	<target host="s.nieder.me" />
+	<target host="s.nikkei.co.jp" />
+	<target host="s.nikky.moe" />
+	<target host="s.nikonpro.eu" />
+	<target host="s.nlab.io" />
+	<target host="s.nois3.it" />
+	<target host="s.nonk.in" />
+	<target host="s.nooble.nl" />
+	<target host="s.not8.me" />
+	<target host="s.nowiknow.com" />
+	<target host="s.nowlan.me" />
+	<target host="s.nshoji.com" />
+	<target host="s.ntt.com" />
+	<target host="s.nundl.com" />
+	<target host="s.nunogomes.net" />
+	<target host="s.nuzeestyle.jp" />
+	<target host="s.nv.style" />
+	<target host="s.ocio.net" />
+	<target host="s.ocmsanse.org" />
+	<target host="s.oerum.org" />
+	<target host="s.ohi.me" />
+	<target host="s.olar.us" />
+	<target host="s.olliphant.com" />
+	<target host="s.olver.me" />
+	<target host="s.omnisales.com" />
+	<target host="s.onemapua.com" />
+	<target host="s.oopad.com" />
+	<target host="s.optimisti.lv" />
+	<target host="s.or-z.net" />
+	<target host="s.ott1.biz" />
+	<target host="s.outpic.com" />
+	<target host="s.outvia.cz" />
+	<target host="s.owenta.uk" />
+	<target host="s.ownzone.org" />
+	<target host="s.p2pdai.com" />
+	<target host="s.pairs.lv" />
+	<target host="s.pak.gg" />
+	<target host="s.palupedia.id" />
+	<target host="s.panc.ro" />
+	<target host="s.parks.today" />
+	<target host="s.paulto.info" />
+	<target host="s.pawlik.in" />
+	<target host="s.pbdeg.com" />
+	<target host="s.pd24.ir" />
+	<target host="s.pedge.tv" />
+	<target host="s.petrov.ee" />
+	<target host="s.phansoft.ca" />
+	<target host="s.philos.xyz" />
+	<target host="s.phuu.net" />
+	<target host="s.pitchbook.com" />
+	<target host="s.pixta.jp" />
+	<target host="s.pkvdesigns.nl" />
+	<target host="s.playthis.fr" />
+	<target host="s.plehr.de" />
+	<target host="s.popinsight.jp" />
+	<target host="s.portalz.xyz" />
+	<target host="s.porters.jp" />
+	<target host="s.posteriors.us" />
+	<target host="s.pothunter.net" />
+	<target host="s.prasm.blog" />
+	<target host="s.precena.com" />
+	<target host="s.premses.com" />
+	<target host="s.president.jp" />
+	<target host="s.prive.net" />
+	<target host="s.propro.us" />
+	<target host="s.prsir.co" />
+	<target host="s.psy-clone.com" />
+	<target host="s.pu.nl" />
+	<target host="s.pulte.com" />
+	<target host="s.purlllaw.com" />
+	<target host="s.putzi.xyz" />
+	<target host="s.pvtpt.com" />
+	<target host="s.pwign.com" />
+	<target host="s.qbo.me" />
+	<target host="s.qbpros.net" />
+	<target host="s.qlake.com" />
+	<target host="s.qlan.net" />
+	<target host="s.qli.jp" />
+	<target host="s.qmatteoq.com" />
+	<target host="s.qu63.nl" />
+	<target host="s.r-tsushin.com" />
+	<target host="s.r15.ch" />
+	<target host="s.r42.ca" />
+	<target host="s.raab.link" />
+	<target host="s.rakit.my" />
+	<target host="s.rana.at" />
+	<target host="s.rcconf.com" />
+	<target host="s.rchv.us" />
+	<target host="s.rded.nl" />
+	<target host="s.rdm.io" />
+	<target host="s.reacter.jp" />
+	<target host="s.reaf.co" />
+	<target host="s.realleads.net" />
+	<target host="s.regot.co" />
+	<target host="s.rein.cc" />
+	<target host="s.remetal.jp" />
+	<target host="s.renault.jp" />
+	<target host="s.reshet.tv" />
+	<target host="s.rezdy.net" />
+	<target host="s.rezigiusz.pl" />
+	<target host="s.risley.co" />
+	<target host="s.riyuk.de" />
+	<target host="s.rnrmedia.nl" />
+	<target host="s.robbie.gr" />
+	<target host="s.robiesite.com" />
+	<target host="s.rocko.me" />
+	<target host="s.roli.me" />
+	<target host="s.rpts.edu" />
+	<target host="s.rsreview.com" />
+	<target host="s.rsty.de" />
+	<target host="s.rudol.eu" />
+	<target host="s.ruge.at" />
+	<target host="s.rwh.im" />
+	<target host="s.ryoppippi.com" />
+	<target host="s.s-s.xyz" />
+	<target host="s.s-tatami.info" />
+	<target host="s.salekalns.com" />
+	<target host="s.samr.me" />
+	<target host="s.sanrio.jp" />
+	<target host="s.sapphyrus.xyz" />
+	<target host="s.sashag.net" />
+	<target host="s.savinyurii.ru" />
+	<target host="s.sbuf.me" />
+	<target host="s.schae.fr" />
+	<target host="s.scholzi100.de" />
+	<target host="s.scouter.at" />
+	<target host="s.scrbliv.me" />
+	<target host="s.seedprod.com" />
+	<target host="s.sentmenat.com" />
+	<target host="s.sgbwd.com" />
+	<target host="s.shck.it" />
+	<target host="s.shiftboard.jp" />
+	<target host="s.shinanotei.jp" />
+	<target host="s.shinhama.org" />
+	<target host="s.sho.com" />
+	<target host="s.shop-itoki.jp" />
+	<target host="s.shop-land.ir" />
+	<target host="s.shroo7.com" />
+	<target host="s.si.edu" />
+	<target host="s.siemoto.com" />
+	<target host="s.sieuthivp.com" />
+	<target host="s.sikac.hu" />
+	<target host="s.simonov.photo" />
+	<target host="s.simonwill.me" />
+	<target host="s.sir.com" />
+	<target host="s.site-home.ru" />
+	<target host="s.sjks.us" />
+	<target host="s.skipfault.com" />
+	<target host="s.sky365.co.jp" />
+	<target host="s.slblabs.com" />
+	<target host="s.smartgame.jp" />
+	<target host="s.smartson.se" />
+	<target host="s.smauto.net" />
+	<target host="s.smhn.info" />
+	<target host="s.smilewing.xyz" />
+	<target host="s.smj.io" />
+	<target host="s.smyplc.me" />
+	<target host="s.snpy.co" />
+	<target host="s.softbag.jp" />
+	<target host="s.sophia24.com" />
+	<target host="s.sora-1.net" />
+	<target host="s.sorrows.io" />
+	<target host="s.sound-c.co.jp" />
+	<target host="s.spark.co.nz" />
+	<target host="s.sparvojo.pw" />
+	<target host="s.spc-intl.com" />
+	<target host="s.spicyapps.com" />
+	<target host="s.spnu.de" />
+	<target host="s.stallone.xyz" />
+	<target host="s.startown.tw" />
+	<target host="s.starwin.biz" />
+	<target host="s.sti.st" />
+	<target host="s.styla.com" />
+	<target host="s.suzusyo.info" />
+	<target host="s.synqa.jp" />
+	<target host="s.t-ya.com" />
+	<target host="s.t1202.info" />
+	<target host="s.t2p0films.ca" />
+	<target host="s.t42.fr" />
+	<target host="s.t4a.org" />
+	<target host="s.ta-hiroshi.jp" />
+	<target host="s.ta4a.net" />
+	<target host="s.tag9.de" />
+	<target host="s.taiki.net" />
+	<target host="s.taka3sh.org" />
+	<target host="s.takeu.ch" />
+	<target host="s.takoponet.com" />
+	<target host="s.takuhaiben.to" />
+	<target host="s.tamp.in" />
+	<target host="s.tardust.com" />
+	<target host="s.tas.pw" />
+	<target host="s.tasmo.de" />
+	<target host="s.taxrm.com" />
+	<target host="s.tclb.com" />
+	<target host="s.tech-e.me" />
+	<target host="s.techbana.com" />
+	<target host="s.tekka.de" />
+	<target host="s.tekwiz.us" />
+	<target host="s.terrasky.jp" />
+	<target host="s.th3hsoub.info" />
+	<target host="s.thaianime.net" />
+	<target host="s.thangis.me" />
+	<target host="s.thedat.host" />
+	<target host="s.thelaw.tv" />
+	<target host="s.theliel.es" />
+	<target host="s.therosies.net" />
+	<target host="s.theuswalk.com" />
+	<target host="s.thewieb.es" />
+	<target host="s.thezaz.com" />
+	<target host="s.thibeault.io" />
+	<target host="s.thislife.org" />
+	<target host="s.thismo.com" />
+	<target host="s.tianyu.co" />
+	<target host="s.ticketon.kz" />
+	<target host="s.tickwanndu.de" />
+	<target host="s.timkchan.com" />
+	<target host="s.tjpmo.com" />
+	<target host="s.tkc.edu" />
+	<target host="s.tkfd.or.jp" />
+	<target host="s.tki.jp" />
+	<target host="s.tkool.info" />
+	<target host="s.tmg.io" />
+	<target host="s.tomg.space" />
+	<target host="s.tonns.net" />
+	<target host="s.topan.my.id" />
+	<target host="s.topics.be" />
+	<target host="s.topics.nl" />
+	<target host="s.tostring.it" />
+	<target host="s.touch-e.com" />
+	<target host="s.trafo.hu" />
+	<target host="s.trezy.sh" />
+	<target host="s.trhao.me" />
+	<target host="s.tripmii.com" />
+	<target host="s.tripresso.com" />
+	<target host="s.trn.gr" />
+	<target host="s.ts-sl.eu" />
+	<target host="s.ts4g.de" />
+	<target host="s.tsunagary.jp" />
+	<target host="s.tsy.jp" />
+	<target host="s.ttactua.be" />
+	<target host="s.ttc.im" />
+	<target host="s.tuj.ac.jp" />
+	<target host="s.tvapp.it" />
+	<target host="s.tw.wtf" />
+	<target host="s.tweak.com.au" />
+	<target host="s.twnet.us" />
+	<target host="s.twuertele.de" />
+	<target host="s.u-1.net" />
+	<target host="s.udeboss.com" />
+	<target host="s.udi19.nl" />
+	<target host="s.ugnet.info" />
+	<target host="s.uhfx.net" />
+	<target host="s.ul.com" />
+	<target host="s.umcl.info" />
+	<target host="s.ummawa.com" />
+	<target host="s.unco.cc" />
+	<target host="s.uniqlo.com" />
+	<target host="s.up-crest.org" />
+	<target host="s.upr-info.org" />
+	<target host="s.urlb.ag" />
+	<target host="s.utchy.jp" />
+	<target host="s.v6ak.com" />
+	<target host="s.valosip.com" />
+	<target host="s.vayn.de" />
+	<target host="s.vcfl.pl" />
+	<target host="s.vdoga.me" />
+	<target host="s.vest.jp.net" />
+	<target host="s.vette.jp" />
+	<target host="s.victen.org" />
+	<target host="s.vignemail1.eu" />
+	<target host="s.vinals.me" />
+	<target host="s.vinas.com" />
+	<target host="s.vinyets.cat" />
+	<target host="s.vizu.lt" />
+	<target host="s.vleu.net" />
+	<target host="s.vluxo.com" />
+	<target host="s.vmv.su" />
+	<target host="s.vny.md" />
+	<target host="s.vts.com" />
+	<target host="s.waka16.com" />
+	<target host="s.walther.ml" />
+	<target host="s.wantedly.com" />
+	<target host="s.wantering.com" />
+	<target host="s.warp.is" />
+	<target host="s.warp.net" />
+	<target host="s.wasd.ch" />
+	<target host="s.we.lc" />
+	<target host="s.webtotal.info" />
+	<target host="s.weirdlabs.xyz" />
+	<target host="s.weottago.com" />
+	<target host="s.wferr.com" />
+	<target host="s.wh.cm" />
+	<target host="s.white-it.net" />
+	<target host="s.whn.se" />
+	<target host="s.wihel.de" />
+	<target host="s.willo.ws" />
+	<target host="s.wilton.com" />
+	<target host="s.witmakers.nl" />
+	<target host="s.wlars.com" />
+	<target host="s.wlm.com.mx" />
+	<target host="s.woobik.it" />
+	<target host="s.wpstudio.ru" />
+	<target host="s.wr.gs" />
+	<target host="s.ws102.ml" />
+	<target host="s.wti.com.au" />
+	<target host="s.x-cart.com" />
+	<target host="s.x-mr.com" />
+	<target host="s.x100500.ru" />
+	<target host="s.xeni.me" />
+	<target host="s.xfeng.me" />
+	<target host="s.xixico.com" />
+	<target host="s.xna.me" />
+	<target host="s.xnu.cc" />
+	<target host="s.y-force.info" />
+	<target host="s.yala.fm" />
+	<target host="s.yamamo.net" />
+	<target host="s.yearg.in" />
+	<target host="s.yfu.me" />
+	<target host="s.ymyzk.com" />
+	<target host="s.yoko14145.com" />
+	<target host="s.yotsuba.to" />
+	<target host="s.your.security" />
+	<target host="s.ypl.me" />
+	<target host="s.ytkg.jp" />
+	<target host="s.yucasi.com" />
+	<target host="s.yunlou.net" />
+	<target host="s.yux.ch" />
+	<target host="s.z80.be" />
+	<target host="s.zah.me" />
+	<target host="s.zainzafar.com" />
+	<target host="s.zaitech.com" />
+	<target host="s.zehetner.xyz" />
+	<target host="s.zekro.de" />
+	<target host="s.zimcar.kr" />
+	<target host="s.zk.gl" />
+	<target host="s02.gt" />
+	<target host="s04.de" />
+	<target host="s0c0.co" />
+	<target host="s101.news" />
+	<target host="s10a.co" />
+	<target host="s1a.co" />
+	<target host="s1b.tv" />
+	<target host="s1e1.ml" />
+	<target host="s1e2.ml" />
+	<target host="s1e2.tk" />
+	<target host="s1ep1line.tk" />
+	<target host="s1g.pw" />
+	<target host="s1m.xyz" />
+	<target host="s1madu.ml" />
+	<target host="s1rx.com" />
+	<target host="s1s.ky" />
+	<target host="s1t1.net" />
+	<target host="s1y.ru" />
+	<target host="s24.lc" />
+	<target host="s2m.it" />
+	<target host="s2net.it" />
+	<target host="s2p.la" />
+	<target host="s2t2.co" />
+	<target host="s3.devtools.us" />
+	<target host="s303.co" />
+	<target host="s365.it" />
+	<target host="s3g.info" />
+	<target host="s3xlive.ml" />
+	<target host="s411.me" />
+	<target host="s43.io" />
+	<target host="s45.xyz" />
+	<target host="s4dl.co.uk" />
+	<target host="s4k.me" />
+	<target host="s4recs.com" />
+	<target host="s4te.com" />
+	<target host="s4ve.me" />
+	<target host="s52.co" />
+	<target host="s5co.us" />
+	<target host="s72.me" />
+	<target host="s78.me" />
+	<target host="s831.us" />
+	<target host="s8n.us" />
+	<target host="s96.fr" />
+	<target host="sa-energy.info" />
+	<target host="sa.guilded.me" />
+	<target host="sa.scha.st" />
+	<target host="sa123.net" />
+	<target host="saam.co" />
+	<target host="saasurl.us" />
+	<target host="saawt.co" />
+	<target host="sab.to" />
+	<target host="sabalie.co" />
+	<target host="sabasg.com" />
+	<target host="sabbagh.be" />
+	<target host="sabg.co" />
+	<target host="sabtang.me" />
+	<target host="sacent.co" />
+	<target host="sacola.club" />
+	<target host="sacredrid.es" />
+	<target host="sadimt.co" />
+	<target host="sadto.me" />
+	<target host="sae.to" />
+	<target host="safar.is" />
+	<target host="safari.li" />
+	<target host="safeaccess.us" />
+	<target host="safedr.ug" />
+	<target host="safehop.com" />
+	<target host="safl.it" />
+	<target host="safwth.us" />
+	<target host="sageoak.co" />
+	<target host="sagestar.info" />
+	<target host="saggia.me" />
+	<target host="sagr.co" />
+	<target host="sagt.co" />
+	<target host="sagtwsetetw.ml" />
+	<target host="sah.lt" />
+	<target host="sahayn.es" />
+	<target host="saifurs.info" />
+	<target host="saigechefs.com" />
+	<target host="saijo.co" />
+	<target host="saim.me" />
+	<target host="saintscal.co.uk" />
+	<target host="sairockr.in" />
+	<target host="saj.cc" />
+	<target host="saksake.ml" />
+	<target host="sal.st" />
+	<target host="saleh.ninja" />
+	<target host="sales-blog.eu" />
+	<target host="sales-te.ch" />
+	<target host="salesc.uk" />
+	<target host="saleshiring.net" />
+	<target host="salfordel.im" />
+	<target host="sallen.co" />
+	<target host="salln.net" />
+	<target host="sallyakins.uk" />
+	<target host="sallyal.ink" />
+	<target host="salm.onl" />
+	<target host="salmarachid.net" />
+	<target host="salsanc.com" />
+	<target host="saltrun.pub" />
+	<target host="salud.4u2.me" />
+	<target host="salud.to" />
+	<target host="salv.in" />
+	<target host="sam.im" />
+	<target host="samaju.ga" />
+	<target host="samarthp.in" />
+	<target host="samb.al" />
+	<target host="samc.co" />
+	<target host="samc.me" />
+	<target host="samg.bz" />
+	<target host="samg.us" />
+	<target host="samhain.me" />
+	<target host="samhalpern.com" />
+	<target host="samhar.ro" />
+	<target host="samhar.uk" />
+	<target host="samihfadli.com" />
+	<target host="samp4h.ml" />
+	<target host="sampin.ch" />
+	<target host="sampl.it" />
+	<target host="sampur.se" />
+	<target host="samri.dk" />
+	<target host="sams.social" />
+	<target host="samsoe.ml" />
+	<target host="samu.li" />
+	<target host="samuelx.ga" />
+	<target host="samurai1.site" />
+	<target host="san.fo" />
+	<target host="san.santive.com" />
+	<target host="san1.st" />
+	<target host="sanchobeats.com" />
+	<target host="sand.guru" />
+	<target host="sandeej.us" />
+	<target host="saneejlinks.ml" />
+	<target host="sanford.link" />
+	<target host="sanity.is" />
+	<target host="sanowith.in" />
+	<target host="sanper.ltd" />
+	<target host="santan.cf" />
+	<target host="sap.report" />
+	<target host="sapc.co" />
+	<target host="sapi.me" />
+	<target host="sapna.cc" />
+	<target host="saqa.co" />
+	<target host="saqif.me" />
+	<target host="sar.ac" />
+	<target host="sarah.is" />
+	<target host="sarah.lv" />
+	<target host="sarahbur.ch" />
+	<target host="sarahd.us" />
+	<target host="sarahpac.in" />
+	<target host="sarahpaci.in" />
+	<target host="sarahwoo.uk" />
+	<target host="saras.link" />
+	<target host="saray.me" />
+	<target host="sarents.co" />
+	<target host="sarg.li" />
+	<target host="sariteum.ml" />
+	<target host="sarkcess.com" />
+	<target host="sarts.co" />
+	<target host="sarung.in" />
+	<target host="sarv.ee" />
+	<target host="sas.pspr.fi" />
+	<target host="sasapo.st" />
+	<target host="sasawest.com" />
+	<target host="sascha.fit" />
+	<target host="sasp.ro" />
+	<target host="sassy.buzz" />
+	<target host="sast.ro" />
+	<target host="sastrahd.ml" />
+	<target host="sat.sc" />
+	<target host="sataudio.link" />
+	<target host="satc.blog" />
+	<target host="satch.co" />
+	<target host="satnight.ml" />
+	<target host="saturey.es" />
+	<target host="sauc.me" />
+	<target host="saulsnews.com" />
+	<target host="sauri.us" />
+	<target host="sausg.link" />
+	<target host="sav.cymru" />
+	<target host="sav.mn" />
+	<target host="sav.tempty.hu" />
+	<target host="savegaelic.com" />
+	<target host="savenam.es" />
+	<target host="saveni.me" />
+	<target host="saveryan.cf" />
+	<target host="savingplac.es" />
+	<target host="savoryou.net" />
+	<target host="savvy.direct" />
+	<target host="savvy.tips" />
+	<target host="savvysalons.com" />
+	<target host="saw.ai" />
+	<target host="sawch.uk" />
+	<target host="saxion.to" />
+	<target host="saxob.ga" />
+	<target host="sayar.at" />
+	<target host="sayce.co" />
+	<target host="sayit.cc" />
+	<target host="says.getdoc.co" />
+	<target host="says.si" />
+	<target host="sazzy.uk" />
+	<target host="sb-bs.link" />
+	<target host="sb.gl" />
+	<target host="sb.jlos.shoes" />
+	<target host="sb.photos" />
+	<target host="sb.tionghoa.com" />
+	<target host="sb118.info" />
+	<target host="sb118.net" />
+	<target host="sb3.ca" />
+	<target host="sbalink.me" />
+	<target host="sbar.in" />
+	<target host="sbb.rip" />
+	<target host="sbbc.co" />
+	<target host="sbber.me" />
+	<target host="sbc2018.vote" />
+	<target host="sbcc.us" />
+	<target host="sbce.ca" />
+	<target host="sbcom.ms" />
+	<target host="sbdata.co" />
+	<target host="sbdh.ws" />
+	<target host="sbeer.uk" />
+	<target host="sben.me" />
+	<target host="sbga.me" />
+	<target host="sbgc.biz" />
+	<target host="sbhc.tech" />
+	<target host="sbi.me" />
+	<target host="sbi.tips" />
+	<target host="sbill.co" />
+	<target host="sbird.co" />
+	<target host="sbits.us" />
+	<target host="sbj.li" />
+	<target host="sbjsbd.biz" />
+	<target host="sblck.es" />
+	<target host="sbmag.co" />
+	<target host="sbmedia.us" />
+	<target host="sbmk.us" />
+	<target host="sbmotor.co" />
+	<target host="sbn.cc" />
+	<target host="sboo.me" />
+	<target host="sbot.co" />
+	<target host="sbox.it" />
+	<target host="sboxes.co" />
+	<target host="sbphx.com" />
+	<target host="sbpr.co" />
+	<target host="sbpr.es" />
+	<target host="sbr.io" />
+	<target host="sbran.com" />
+	<target host="sbsfren.ch" />
+	<target host="sbsg.it" />
+	<target host="sbshare.co" />
+	<target host="sbst.be" />
+	<target host="sbstl.net" />
+	<target host="sbts.co" />
+	<target host="sbu.li" />
+	<target host="sbux.co" />
+	<target host="sbux.jp" />
+	<target host="sbw.fr" />
+	<target host="sbw.im" />
+	<target host="sbx.cm" />
+	<target host="sbxin.co" />
+	<target host="sc-gca.com" />
+	<target host="sc.cr" />
+	<target host="sc.jasimmk.com" />
+	<target host="sc.mp" />
+	<target host="sc.org" />
+	<target host="sc101.us" />
+	<target host="sc25.co" />
+	<target host="sc8.me" />
+	<target host="scada.rocks" />
+	<target host="scal.me" />
+	<target host="scandalous.be" />
+	<target host="scandic.pspr.fi" />
+	<target host="scandy.link" />
+	<target host="scap.in" />
+	<target host="scare.at" />
+	<target host="scaryto.me" />
+	<target host="scasera.com" />
+	<target host="scc.buzz" />
+	<target host="scc.jayshua.com" />
+	<target host="scci.io" />
+	<target host="sccpc.uk" />
+	<target host="sccr.mx" />
+	<target host="scdistrib.com" />
+	<target host="scdlink.co" />
+	<target host="scene.world" />
+	<target host="scg.sc" />
+	<target host="sch.bradm.me" />
+	<target host="sch.gy" />
+	<target host="schang.link" />
+	<target host="scharts.co" />
+	<target host="sche.ma" />
+	<target host="schiet.ml" />
+	<target host="schl.asia" />
+	<target host="schl.mn" />
+	<target host="schlb.pw" />
+	<target host="schlf.fr" />
+	<target host="schmutz.es" />
+	<target host="schoolbyt.es" />
+	<target host="schostak.me" />
+	<target host="schrf.be" />
+	<target host="schrt.io" />
+	<target host="schu.bertia.de" />
+	<target host="schulera.de" />
+	<target host="schum.in" />
+	<target host="schwn.us" />
+	<target host="sci.camp" />
+	<target host="sci.lt" />
+	<target host="sciatl.org" />
+	<target host="sciav.fr" />
+	<target host="scibs.co.uk" />
+	<target host="scien.se" />
+	<target host="sciencem.it" />
+	<target host="sciencewerk.us" />
+	<target host="sciflix.ml" />
+	<target host="scim.ag" />
+	<target host="scimuseumok.org" />
+	<target host="sciof.us" />
+	<target host="sckchr.ps" />
+	<target host="scl.im" />
+	<target host="scl.lt" />
+	<target host="scl.mipoliza.es" />
+	<target host="sclc.church" />
+	<target host="scld.us" />
+	<target host="scldvnt.co" />
+	<target host="scle.me" />
+	<target host="sclk.me" />
+	<target host="sclo.by" />
+	<target host="sclpro.co" />
+	<target host="sclpt.co" />
+	<target host="scml.me" />
+	<target host="scndw.st" />
+	<target host="scnttrnk.com" />
+	<target host="scon.do" />
+	<target host="sconfir.com" />
+	<target host="scootergam.in" />
+	<target host="scootermagru.de" />
+	<target host="scoremore.co" />
+	<target host="scorew.in" />
+	<target host="scot.by" />
+	<target host="scot.sh" />
+	<target host="scotant.uk" />
+	<target host="scotts.link" />
+	<target host="scotturl.com" />
+	<target host="scoup.co" />
+	<target host="scout.events" />
+	<target host="scp.la" />
+	<target host="scp.ph" />
+	<target host="scpnewsgrp.com" />
+	<target host="scpra.co" />
+	<target host="scpsa.us" />
+	<target host="scquiz.us" />
+	<target host="scr-i.be" />
+	<target host="scr.bi" />
+	<target host="scra.bo" />
+	<target host="scrawl.in" />
+	<target host="screensho.tk" />
+	<target host="screnhd-tvs.ml" />
+	<target host="scrfy.eu" />
+	<target host="scrib.me" />
+	<target host="scribe.ink" />
+	<target host="scrkl.co" />
+	<target host="scrlt.be" />
+	<target host="scrlt.co" />
+	<target host="scrm.is" />
+	<target host="scrm.it" />
+	<target host="scrm.me" />
+	<target host="scrnch.it" />
+	<target host="scrnflx.us" />
+	<target host="scrp.io" />
+	<target host="scrp.rs" />
+	<target host="scrpbx.in" />
+	<target host="scrt.es" />
+	<target host="scrt.in" />
+	<target host="scrts.club" />
+	<target host="scrubb.in" />
+	<target host="scrx.es" />
+	<target host="scs.la" />
+	<target host="scstr.tv" />
+	<target host="scsu.mn" />
+	<target host="scsun.co" />
+	<target host="scsynod.us" />
+	<target host="sct.cat" />
+	<target host="sct.io" />
+	<target host="sctmom.com" />
+	<target host="scts.ee" />
+	<target host="sctt.xxx" />
+	<target host="scu.ba" />
+	<target host="scu.re" />
+	<target host="scuba.im" />
+	<target host="scuf.co" />
+	<target host="scuolafe.com" />
+	<target host="scurt.in" />
+	<target host="scvevents.info" />
+	<target host="sd.gatordev.com" />
+	<target host="sd.hr" />
+	<target host="sd.mallin.com" />
+	<target host="sd1.jalan.net" />
+	<target host="sd3.jalan.net" />
+	<target host="sd7.es" />
+	<target host="sdavis.co" />
+	<target host="sdbesthome.com" />
+	<target host="sdbk.cc" />
+	<target host="sdca.mp" />
+	<target host="sdcl.co" />
+	<target host="sdcn.co" />
+	<target host="sdd.bz" />
+	<target host="sdel.in" />
+	<target host="sdgo.io" />
+	<target host="sdhlv.com" />
+	<target host="sdi.services" />
+	<target host="sdis.co" />
+	<target host="sdjules.com" />
+	<target host="sdk.jibo.com" />
+	<target host="sdl.town" />
+	<target host="sdlc.pro" />
+	<target host="sdmedia.link" />
+	<target host="sdmetal.us" />
+	<target host="sdnr.it" />
+	<target host="sdo.onl" />
+	<target host="sdp.tw" />
+	<target host="sdpbne.ws" />
+	<target host="sdrbook.io" />
+	<target host="sdrenka.co" />
+	<target host="sdrl.tv" />
+	<target host="sdry.co" />
+	<target host="sdsr.io" />
+	<target host="sdsw.events" />
+	<target host="sdu.st" />
+	<target host="sduk.co" />
+	<target host="sdvf.co" />
+	<target host="sdx.io" />
+	<target host="se-full.ml" />
+	<target host="se.gy" />
+	<target host="se.indiza.com" />
+	<target host="se.ndtex.eu" />
+	<target host="se.tips" />
+	<target host="se1.info" />
+	<target host="se7ens.in" />
+	<target host="sea4.me" />
+	<target host="seabags.me" />
+	<target host="seach.ml" />
+	<target host="seagnature.info" />
+	<target host="seal.pro" />
+	<target host="sean.cx" />
+	<target host="sean.wongs.link" />
+	<target host="seankhoz.in" />
+	<target host="seanoc.co" />
+	<target host="seanpdent.com" />
+	<target host="seansays.click" />
+	<target host="search-xp.com" />
+	<target host="searchmu.es" />
+	<target host="seashak.es" />
+	<target host="seasplash.link" />
+	<target host="seast.me" />
+	<target host="seat.tl" />
+	<target host="seati.ms" />
+	<target host="seatown.games" />
+	<target host="seatp.it" />
+	<target host="seawolv.es" />
+	<target host="seb.pm" />
+	<target host="seb.sx" />
+	<target host="seb.tl" />
+	<target host="sebaphoto.com" />
+	<target host="sebb.es" />
+	<target host="sebc.in" />
+	<target host="sebg.co" />
+	<target host="sebpc.us" />
+	<target host="sebretfilm.ml" />
+	<target host="sebs.to" />
+	<target host="sec.gi" />
+	<target host="sec.news" />
+	<target host="seca.news" />
+	<target host="secardio.es" />
+	<target host="secaware.co" />
+	<target host="secbits.co" />
+	<target host="secby.me" />
+	<target host="secby.us" />
+	<target host="secc.to" />
+	<target host="secn.ws" />
+	<target host="secom.pe" />
+	<target host="secondop.tv" />
+	<target host="sector.audio" />
+	<target host="secu.st" />
+	<target host="secure.tt" />
+	<target host="securitypsa.com" />
+	<target host="sed.re" />
+	<target host="sed0ot.ml" />
+	<target host="seda.la" />
+	<target host="see.aplace.us" />
+	<target host="see.cyberco.de" />
+	<target host="see.joy.pics" />
+	<target host="see.onafro.tv" />
+	<target host="see.qrd.io" />
+	<target host="see.rahul.se" />
+	<target host="see.re" />
+	<target host="see.tf" />
+	<target host="seedsta.rs" />
+	<target host="seefun.town" />
+	<target host="seego.co.vu" />
+	<target host="seejane.link" />
+	<target host="seeley.co" />
+	<target host="seeq.us" />
+	<target host="seer.is" />
+	<target host="seerphar.ma" />
+	<target host="seevents.co" />
+	<target host="segue.link" />
+	<target host="sei.li" />
+	<target host="seia.us" />
+	<target host="seiu.mn" />
+	<target host="sejr.nl" />
+	<target host="selam.io" />
+	<target host="selamat.ml" />
+	<target host="selbst.im" />
+	<target host="selc.link" />
+	<target host="selct.de" />
+	<target host="seldo.me" />
+	<target host="selecthlth.org" />
+	<target host="self.run" />
+	<target host="self.shoes" />
+	<target host="selfies.chat" />
+	<target host="selfpub.is" />
+	<target host="seliga.ai" />
+	<target host="sell.keh.com" />
+	<target host="sellb2b.com" />
+	<target host="sellbox.us" />
+	<target host="sellmy.mobi" />
+	<target host="sellnrg.co" />
+	<target host="sellnyc.co" />
+	<target host="selnd.com" />
+	<target host="selv.social" />
+	<target host="selvasmail.com" />
+	<target host="semabret4k.ml" />
+	<target host="semar4khd.ml" />
+	<target host="semarmovie.tk" />
+	<target host="semel.me" />
+	<target host="semin.is" />
+	<target host="semioti.cc" />
+	<target host="semipio.us" />
+	<target host="semo.ga" />
+	<target host="sempai.link" />
+	<target host="sempf.me" />
+	<target host="semr.nl" />
+	<target host="semu.tk" />
+	<target host="sen.lu" />
+	<target host="senat.us" />
+	<target host="send.gd" />
+	<target host="sende.ms" />
+	<target host="sendle.in" />
+	<target host="sendro.tk" />
+	<target host="seniorl.st" />
+	<target host="senl.in" />
+	<target host="senmusi.cc" />
+	<target host="senor.cool" />
+	<target host="sens.is" />
+	<target host="sensera.systems" />
+	<target host="sensi.media" />
+	<target host="sent.li" />
+	<target host="sent.pr" />
+	<target host="sentby.jp" />
+	<target host="sentosa.link" />
+	<target host="seo.bcs-mx.com" />
+	<target host="seom.im" />
+	<target host="seome.ch" />
+	<target host="seopl.us" />
+	<target host="seopwr.st" />
+	<target host="sepecil.ml" />
+	<target host="seph.me" />
+	<target host="sepinc.co" />
+	<target host="sepl.us" />
+	<target host="seppin.gs" />
+	<target host="septex.me" />
+	<target host="seq.vc" />
+	<target host="ser.bz" />
+	<target host="ser.so" />
+	<target host="ser.tips" />
+	<target host="serbakuis.id" />
+	<target host="serenteng.ml" />
+	<target host="series-com.cf" />
+	<target host="series-hd.cf" />
+	<target host="series-hd.ga" />
+	<target host="series-hd.ml" />
+	<target host="series-hd.tk" />
+	<target host="series-movie.cf" />
+	<target host="series-tv.ga" />
+	<target host="series-world.cf" />
+	<target host="series2017.cf" />
+	<target host="series2017.ga" />
+	<target host="series7.ml" />
+	<target host="seriesfoxtv.ml" />
+	<target host="seriesfull.gq" />
+	<target host="seriesnet.ml" />
+	<target host="seriesone.gq" />
+	<target host="seriesonline.gq" />
+	<target host="seriesos.ml" />
+	<target host="seriestv-hd.tk" />
+	<target host="seriestv.tk" />
+	<target host="seriesus.ml" />
+	<target host="seriesworld.cf" />
+	<target host="seriesworld.ga" />
+	<target host="serieszone.ml" />
+	<target host="serieworld.ml" />
+	<target host="serieztv.ml" />
+	<target host="serkes.co" />
+	<target host="serprotel.link" />
+	<target host="sertuweb.com" />
+	<target host="serv7610.center" />
+	<target host="serve919.org" />
+	<target host="servehere.rocks" />
+	<target host="server-tv.ml" />
+	<target host="servercentr.al" />
+	<target host="serverplay.ga" />
+	<target host="serverplay.ml" />
+	<target host="servpwr.com" />
+	<target host="servus.tv" />
+	<target host="sescu.ro" />
+	<target host="seshu.me" />
+	<target host="sesi.tech" />
+	<target host="sesl.me.uk" />
+	<target host="setbeerfr.ee" />
+	<target host="seth.uk" />
+	<target host="setns.run" />
+	<target host="setorsau.de" />
+	<target host="seu1902.tk" />
+	<target host="seven18.co" />
+	<target host="sevenstream.ga" />
+	<target host="sevn.in" />
+	<target host="sevr.nl" />
+	<target host="sewi.ng" />
+	<target host="sewray.me" />
+	<target host="sexx76.club" />
+	<target host="sexyt.me" />
+	<target host="sexyveggie.co" />
+	<target host="sey.to" />
+	<target host="seymour.so" />
+	<target host="seysol.com" />
+	<target host="sf.hu" />
+	<target host="sf3.io" />
+	<target host="sfa.st" />
+	<target host="sfabe.es" />
+	<target host="sfacil.co" />
+	<target host="sfam.cf" />
+	<target host="sfastore.co" />
+	<target host="sfbc.co" />
+	<target host="sfbform.com" />
+	<target host="sfbr.tk" />
+	<target host="sfbrande.is" />
+	<target host="sfc.tips" />
+	<target host="sfc1881.uk" />
+	<target host="sfca.lv" />
+	<target host="sfcne.ws" />
+	<target host="sfcu.fyi" />
+	<target host="sfdiva.co" />
+	<target host="sfex.news" />
+	<target host="sffed.us" />
+	<target host="sfgra.ph" />
+	<target host="sfgt.co" />
+	<target host="sfhost.info" />
+	<target host="sfierri.com" />
+	<target host="sfit.ca" />
+	<target host="sfl.tirol" />
+	<target host="sflo.me" />
+	<target host="sfmar.in" />
+	<target host="sfna.tk" />
+	<target host="sfnm.co" />
+	<target host="sforce.co" />
+	<target host="sfoto.co" />
+	<target host="sfpr.es" />
+	<target host="sfru.gs" />
+	<target host="sfs.tips" />
+	<target host="sfsh.us" />
+	<target host="sfskol.link" />
+	<target host="sfsoc.us" />
+	<target host="sfst.support" />
+	<target host="sft.world" />
+	<target host="sfthq.cc" />
+	<target host="sftsk.in" />
+	<target host="sftv.co" />
+	<target host="sfvmf.co" />
+	<target host="sfwk.ly" />
+	<target host="sfwks.co" />
+	<target host="sfwmd.link" />
+	<target host="sg.cm" />
+	<target host="sg.dkv.es" />
+	<target host="sg.sg" />
+	<target host="sgbrid.es" />
+	<target host="sgdin.st" />
+	<target host="sgear.link" />
+	<target host="sgemko.com" />
+	<target host="sgfe.st" />
+	<target host="sgfmo.co" />
+	<target host="sgfnow.co" />
+	<target host="sgfr.nl" />
+	<target host="sgk.cl" />
+	<target host="sgk.me" />
+	<target host="sglead.us" />
+	<target host="sglsn.com" />
+	<target host="sgm.co" />
+	<target host="sgm.link" />
+	<target host="sgmothe.rs" />
+	<target host="sgmr.me" />
+	<target host="sgn.me" />
+	<target host="sgnds.io" />
+	<target host="sgne.ws" />
+	<target host="sgnf.ai" />
+	<target host="sgnl.link" />
+	<target host="sgnln.co" />
+	<target host="sgo.rnjr.work" />
+	<target host="sgr.fm" />
+	<target host="sgr.guru" />
+	<target host="sgr.is" />
+	<target host="sgrd.us" />
+	<target host="sgrs.eu" />
+	<target host="sgsccr.co" />
+	<target host="sgstudio.net.br" />
+	<target host="sgstyle.xyz" />
+	<target host="sgvc.us" />
+	<target host="sh-m.ag" />
+	<target host="sh.13337.dk" />
+	<target host="sh.731my.com" />
+	<target host="sh.abota.vn" />
+	<target host="sh.avrael.us.to" />
+	<target host="sh.balintant.me" />
+	<target host="sh.bsid.io" />
+	<target host="sh.clanmuir.net" />
+	<target host="sh.elist.rs" />
+	<target host="sh.enjoyb.fr" />
+	<target host="sh.evereq.com" />
+	<target host="sh.fer.ac" />
+	<target host="sh.fmauk.org" />
+	<target host="sh.hxl.io" />
+	<target host="sh.internetz.io" />
+	<target host="sh.jpcdi.com" />
+	<target host="sh.kang2oon.com" />
+	<target host="sh.mi.it" />
+	<target host="sh.plesnik.de" />
+	<target host="sh.prosser.ch" />
+	<target host="sh.rezero.moe" />
+	<target host="sh.rhea.pw" />
+	<target host="sh.samf.me" />
+	<target host="sh.shore.org.uk" />
+	<target host="sh.sides-it.com" />
+	<target host="sh.syarihu.net" />
+	<target host="sh.xmarcus.it" />
+	<target host="sh.yeahokay.ca" />
+	<target host="sh2.org" />
+	<target host="sha.ikh.me" />
+	<target host="sha.ne" />
+	<target host="shacannon.info" />
+	<target host="shackl.es" />
+	<target host="shadysi.de" />
+	<target host="shah.es" />
+	<target host="shahed.link" />
+	<target host="shahsel.be" />
+	<target host="shakr.ly" />
+	<target host="shally.me" />
+	<target host="shank.mn" />
+	<target host="shann.in" />
+	<target host="shann.la" />
+	<target host="shannon.ga" />
+	<target host="shap.es" />
+	<target host="shape.rs" />
+	<target host="sharalike.co" />
+	<target host="share.artsc.ca" />
+	<target host="share.aw" />
+	<target host="share.bf.vu" />
+	<target host="share.bjornf.tw" />
+	<target host="share.clever.ng" />
+	<target host="share.epgui.de" />
+	<target host="share.ewan.im" />
+	<target host="share.fagan.me" />
+	<target host="share.fnnl.us" />
+	<target host="share.ipsf.org" />
+	<target host="share.kadaza.nl" />
+	<target host="share.popj.ca" />
+	<target host="share.splend.nl" />
+	<target host="share.support" />
+	<target host="share.sythe.nl" />
+	<target host="share.zee.space" />
+	<target host="sharedbuzz.com" />
+	<target host="sharefor.eu" />
+	<target host="sharia.mobi" />
+	<target host="sharkloves.com" />
+	<target host="sharkzap.com" />
+	<target host="shashw.at" />
+	<target host="shasta.vc" />
+	<target host="shawn.io" />
+	<target host="shawnee.events" />
+	<target host="shawnr.net" />
+	<target host="shawnw.me" />
+	<target host="shazmakeup.com" />
+	<target host="shbbr.co" />
+	<target host="shbos.ch" />
+	<target host="shc.is" />
+	<target host="shcariri.co" />
+	<target host="shck.me" />
+	<target host="shdk.co" />
+	<target host="shebpr.es" />
+	<target host="shedweb.com" />
+	<target host="sheehan.me" />
+	<target host="shef.ac" />
+	<target host="sheff.info" />
+	<target host="sheffdio.org" />
+	<target host="sheicy.com" />
+	<target host="sheik.me" />
+	<target host="shemeel.in" />
+	<target host="shemor.de" />
+	<target host="sher.at" />
+	<target host="sher.so" />
+	<target host="sherpa.sh" />
+	<target host="shervs.me" />
+	<target host="sherwa.re" />
+	<target host="shevi.be" />
+	<target host="shewa.ch" />
+	<target host="shewrit.es" />
+	<target host="shfl.pro" />
+	<target host="shft.io" />
+	<target host="shft.it" />
+	<target host="shft.me" />
+	<target host="shft.ws" />
+	<target host="shftbrd.com" />
+	<target host="shftwa.co" />
+	<target host="shg.news" />
+	<target host="shhq.tv" />
+	<target host="shiana.me" />
+	<target host="shibain.us" />
+	<target host="shifax.ml" />
+	<target host="shift.ink" />
+	<target host="shift.ng" />
+	<target host="shift.tips" />
+	<target host="shiny.social" />
+	<target host="shinyide.as" />
+	<target host="shipclaim.com" />
+	<target host="ships.tn" />
+	<target host="shipto.link" />
+	<target host="shire.co" />
+	<target host="shirewed.com" />
+	<target host="shirts.ec" />
+	<target host="shisei.do" />
+	<target host="shiseido.global" />
+	<target host="shiseido.jp" />
+	<target host="shittyurl.org" />
+	<target host="shivamdwi.ml" />
+	<target host="shivm.ch" />
+	<target host="shizzl.nl" />
+	<target host="shjobs.co" />
+	<target host="shk.life" />
+	<target host="shkids.co" />
+	<target host="shkr.us" />
+	<target host="shksp.re" />
+	<target host="shl.hunter4.xyz" />
+	<target host="shld.nl" />
+	<target host="shlem.us" />
+	<target host="shltr.net" />
+	<target host="shm.ir" />
+	<target host="shmag.co" />
+	<target host="shme.co" />
+	<target host="shmny.me" />
+	<target host="shmtraveler.com" />
+	<target host="shn.live" />
+	<target host="shne.ch" />
+	<target host="shngl.org" />
+	<target host="shnhg.click" />
+	<target host="shnrce.co" />
+	<target host="shnsmn.co" />
+	<target host="shny.me" />
+	<target host="sho.click" />
+	<target host="sho.rten.us" />
+	<target host="sho.wth.is" />
+	<target host="shobha.co" />
+	<target host="shockoe.at" />
+	<target host="shoef.ly" />
+	<target host="shona.li" />
+	<target host="shoot.camp" />
+	<target host="shop-ly.com" />
+	<target host="shop.10r.hu" />
+	<target host="shop.32s.vn" />
+	<target host="shop.elefant.ro" />
+	<target host="shop.fitfore.de" />
+	<target host="shop.hlj.co.jp" />
+	<target host="shop.hlj.com" />
+	<target host="shop.inu-inu.co" />
+	<target host="shop.mixxci.com" />
+	<target host="shop.nbsklep.pl" />
+	<target host="shop.oboy.de" />
+	<target host="shop.poema.ro" />
+	<target host="shop.rrus.co" />
+	<target host="shop.sobaggy.be" />
+	<target host="shop.ws.nl" />
+	<target host="shop2give.us" />
+	<target host="shopaba.org" />
+	<target host="shopcc.co" />
+	<target host="shopdf.link" />
+	<target host="shopecobaby.co" />
+	<target host="shoper-dolo.com" />
+	<target host="shopfira.co" />
+	<target host="shopfor.lease" />
+	<target host="shopgaia.nyc" />
+	<target host="shopgbt.com" />
+	<target host="shopho.us" />
+	<target host="shopi.la" />
+	<target host="shopilmd.com" />
+	<target host="shopjd.tk" />
+	<target host="shopjw.co" />
+	<target host="shopmag.biz" />
+	<target host="shopp.me" />
+	<target host="shoppb.nl" />
+	<target host="shopplify.zone" />
+	<target host="shoppt.co" />
+	<target host="shoprelay.co" />
+	<target host="shopthemint.co" />
+	<target host="shopthemint.net" />
+	<target host="shopthemint.us" />
+	<target host="shoptiq.it" />
+	<target host="shoptpt.co" />
+	<target host="shopzzs.co" />
+	<target host="shor-tn.us" />
+	<target host="shorefi.re" />
+	<target host="short.a100.co" />
+	<target host="short.aldaz.es" />
+	<target host="short.amido.com" />
+	<target host="short.bbocz.com" />
+	<target host="short.beskow.de" />
+	<target host="short.fyi" />
+	<target host="short.habou.cc" />
+	<target host="short.jlis.it" />
+	<target host="short.jo-co.com" />
+	<target host="short.jtray.me" />
+	<target host="short.kr-kp.com" />
+	<target host="short.kudok.com" />
+	<target host="short.lobao.com" />
+	<target host="short.mirada.at" />
+	<target host="short.nikoc.be" />
+	<target host="short.one.pl" />
+	<target host="short.p-w.co" />
+	<target host="short.pw" />
+	<target host="short.redd.in" />
+	<target host="short.robime.it" />
+	<target host="short.roiup.es" />
+	<target host="short.tecwiz.us" />
+	<target host="short.tob.uy" />
+	<target host="short.vdgun.eu" />
+	<target host="short.wedo.com" />
+	<target host="short.wirzi.com" />
+	<target host="short.yasiu.pl" />
+	<target host="short.yeuxa.com" />
+	<target host="short.zunovi.cz" />
+	<target host="short3.feev.net" />
+	<target host="shorter-rf.ga" />
+	<target host="shortku.ga" />
+	<target host="shortn.gq" />
+	<target host="shortt.me" />
+	<target host="shortt.tk" />
+	<target host="shortu.me" />
+	<target host="shortyw.in" />
+	<target host="shotbyrob.co" />
+	<target host="shotgun.ceo" />
+	<target host="shoto.gq" />
+	<target host="shout.edufor.me" />
+	<target host="show-full.ml" />
+	<target host="show-lhhatl.ml" />
+	<target host="show-on.cf" />
+	<target host="show-tvhd.ml" />
+	<target host="showcasd.co" />
+	<target host="showfull.cf" />
+	<target host="showfull.ml" />
+	<target host="showguidetv.ga" />
+	<target host="showhd.tk" />
+	<target host="showmovie.ml" />
+	<target host="showplay.ml" />
+	<target host="shows-timetv.ml" />
+	<target host="shows.ga" />
+	<target host="shows.movie" />
+	<target host="shows4k.ml" />
+	<target host="showseries.tk" />
+	<target host="showstv.ml" />
+	<target host="showtime-tv.cf" />
+	<target host="showtime-tv.gq" />
+	<target host="showtimee.ml" />
+	<target host="showtimehd.ml" />
+	<target host="showtv.ga" />
+	<target host="showtvhd.ml" />
+	<target host="showus.ml" />
+	<target host="shp.hm" />
+	<target host="shp.news" />
+	<target host="shpe.us" />
+	<target host="shphoto.co" />
+	<target host="shpkp.com" />
+	<target host="shpl.ly" />
+	<target host="shpr.fyi" />
+	<target host="shpyrd.co" />
+	<target host="shr.25k.it" />
+	<target host="shr.antonin.us" />
+	<target host="shr.ax.lt" />
+	<target host="shr.feature.fm" />
+	<target host="shr.li" />
+	<target host="shr.mn" />
+	<target host="shr.skies.space" />
+	<target host="shr.tc" />
+	<target host="shr.thezetta.io" />
+	<target host="shredd.co" />
+	<target host="shredded-n.fit" />
+	<target host="shreh.ca" />
+	<target host="shrein.co" />
+	<target host="shreve.link" />
+	<target host="shri.me" />
+	<target host="shrk.at" />
+	<target host="shrks.co" />
+	<target host="shrlck.com" />
+	<target host="shrm.ga" />
+	<target host="shrm.tk" />
+	<target host="shrmn.co" />
+	<target host="shrmp.it" />
+	<target host="shroff.me" />
+	<target host="shrp.ws" />
+	<target host="shrt.behre.info" />
+	<target host="shrt.cf" />
+	<target host="shrt.gimmes.net" />
+	<target host="shrt.grabski.me" />
+	<target host="shrt.wachtel.eu" />
+	<target host="shrt.webdots.at" />
+	<target host="shrtes.com" />
+	<target host="shrtn.click" />
+	<target host="shrtn.me" />
+	<target host="shrtn.qrjp.net" />
+	<target host="shrtscr.net" />
+	<target host="shry.co" />
+	<target host="shsling.me" />
+	<target host="shsrav.com" />
+	<target host="sht.golkai.com" />
+	<target host="sht.redlite.nz" />
+	<target host="shtb.li" />
+	<target host="shtst.re" />
+	<target host="shuckmy.life" />
+	<target host="shucks.la" />
+	<target host="shuf.ml" />
+	<target host="shup.me" />
+	<target host="shurk.us" />
+	<target host="shutl.me" />
+	<target host="shutme.in" />
+	<target host="shutr.bz" />
+	<target host="shutte.rs" />
+	<target host="shutter.ly" />
+	<target host="shutup.us" />
+	<target host="shuv.es" />
+	<target host="shvp.in" />
+	<target host="shw.gd" />
+	<target host="shw.mx" />
+	<target host="shwds.co" />
+	<target host="shwks.co" />
+	<target host="shwlk.co" />
+	<target host="shwnhnchls.info" />
+	<target host="shwr.us" />
+	<target host="shwti.me" />
+	<target host="shwymy.co" />
+	<target host="si.dery.me" />
+	<target host="si.dwistroi.com" />
+	<target host="si.ly" />
+	<target host="si.mpati.co" />
+	<target host="si.sitch.co" />
+	<target host="si.tacsi.org.au" />
+	<target host="sibel.ga" />
+	<target host="sibeli.us" />
+	<target host="sibhub.co" />
+	<target host="sibor.company" />
+	<target host="sibt.co" />
+	<target host="sick.lu" />
+	<target host="sickpilgr.im" />
+	<target host="sicy.li" />
+	<target host="sidecar.ie" />
+	<target host="sidefx.co" />
+	<target host="sidekick4k.ml" />
+	<target host="sidmgz.tk" />
+	<target host="sidthms.us" />
+	<target host="sidwe.bz" />
+	<target host="sie.ag" />
+	<target host="sie.pm" />
+	<target host="sig11.haxor.hu" />
+	<target host="sigcht.co" />
+	<target host="signal.press" />
+	<target host="signifer.uk" />
+	<target host="signup.events" />
+	<target host="signup.vng.me" />
+	<target host="sikembar.ml" />
+	<target host="sikopl4khd.ml" />
+	<target host="silm.me" />
+	<target host="silv.be" />
+	<target host="silverfilmhd.ml" />
+	<target host="silverte.ch" />
+	<target host="silw.i.ng" />
+	<target host="sim.ac" />
+	<target host="sim.plify.us" />
+	<target host="simgate.io" />
+	<target host="simians.tk" />
+	<target host="similik.ml" />
+	<target host="simkt.nl" />
+	<target host="simonv.uk" />
+	<target host="simotrin.ga" />
+	<target host="simpla.link" />
+	<target host="simpleca.st" />
+	<target host="simplerea.ch" />
+	<target host="simpletvhd.ml" />
+	<target host="simply-u.tk" />
+	<target host="simply.ac" />
+	<target host="simpr.link" />
+	<target host="sims.cr-an.es" />
+	<target host="simul.tips" />
+	<target host="simurl.co" />
+	<target host="sin.tips" />
+	<target host="sinaivib.es" />
+	<target host="since1880.be" />
+	<target host="sindeo.co" />
+	<target host="sindes.tk" />
+	<target host="sindsau.de" />
+	<target host="singh.social" />
+	<target host="sini.co.vu" />
+	<target host="sinorb.is" />
+	<target host="sintagma.link" />
+	<target host="siod.co" />
+	<target host="siq.at" />
+	<target host="siren.link" />
+	<target host="sireo.us" />
+	<target host="siriroj.io" />
+	<target host="siriusxm.us" />
+	<target host="siro.to" />
+	<target host="sirv.ooo" />
+	<target host="siry.se" />
+	<target host="sirz.ac" />
+	<target host="sisen.se" />
+	<target host="sista.link" />
+	<target host="siste.rs" />
+	<target host="sistsul.com" />
+	<target host="sitalofly.ml" />
+	<target host="site.achei.biz" />
+	<target host="site.meo.pt" />
+	<target host="siteca.st" />
+	<target host="sitecamp.us" />
+	<target host="siteco.re" />
+	<target host="sitegr.am" />
+	<target host="siteto.me" />
+	<target host="siteway.org" />
+	<target host="sith.my" />
+	<target host="sitn.it" />
+	<target host="sito.li" />
+	<target host="situtug.ml" />
+	<target host="siwue.com" />
+	<target host="six-day.ml" />
+	<target host="six.swiss" />
+	<target host="sixb.co" />
+	<target host="sixday-tv.ml" />
+	<target host="sixday.gq" />
+	<target host="sixday.ml" />
+	<target host="sixdegrsbwy.co" />
+	<target host="sixes.cc" />
+	<target host="sixfla.gs" />
+	<target host="sixt.info" />
+	<target host="sixxsen.se" />
+	<target host="siy.li" />
+	<target host="sizeze.ro" />
+	<target host="sizzl.in" />
+	<target host="sj.la" />
+	<target host="sj.plus" />
+	<target host="sjani.me" />
+	<target host="sjb007.me" />
+	<target host="sjbft.org" />
+	<target host="sjburns.co" />
+	<target host="sjcom.ws" />
+	<target host="sjd.md" />
+	<target host="sjday.co" />
+	<target host="sjf.school" />
+	<target host="sjg.im" />
+	<target host="sjh.bz" />
+	<target host="sjha.re" />
+	<target host="sjikl.tk" />
+	<target host="sjlabs.co" />
+	<target host="sjlopezb.eu" />
+	<target host="sjm.me" />
+	<target host="sjmg.us" />
+	<target host="sjmjr.me" />
+	<target host="sjms.co" />
+	<target host="sjobs.net" />
+	<target host="sjoshi.me" />
+	<target host="sjph.co" />
+	<target host="sjpr.co" />
+	<target host="sjte.uk" />
+	<target host="sjw.ms" />
+	<target host="sjwblog.com" />
+	<target host="sjwc.co" />
+	<target host="sjweav.co" />
+	<target host="sk-ii.co" />
+	<target host="sk.or.at" />
+	<target host="skagit.ws" />
+	<target host="skate.sh" />
+	<target host="skbb.us" />
+	<target host="skbr.info" />
+	<target host="skcpy.co" />
+	<target host="skdl.it" />
+	<target host="skdys.com" />
+	<target host="skep.li" />
+	<target host="skept.net" />
+	<target host="skft.it" />
+	<target host="skgov.ca" />
+	<target host="skibu.ms" />
+	<target host="skiclub.website" />
+	<target host="skier.co" />
+	<target host="skillschk.com" />
+	<target host="skimlinks.me" />
+	<target host="skimmth.is" />
+	<target host="skipto.us" />
+	<target host="skj.co" />
+	<target host="skl.lojadis.tk" />
+	<target host="skl.sh" />
+	<target host="sklar.co" />
+	<target host="sklg.net" />
+	<target host="sklne.com" />
+	<target host="skltl.co" />
+	<target host="skltr.com" />
+	<target host="skm.ms" />
+	<target host="sknd.nz" />
+	<target host="sknhb.com" />
+	<target host="sko.sapatos.com" />
+	<target host="skoa.co" />
+	<target host="skoap.link" />
+	<target host="skola.bozg.se" />
+	<target host="skoll.wf" />
+	<target host="skoo.li" />
+	<target host="skora.cc" />
+	<target host="skorer.im" />
+	<target host="skotluk.cf" />
+	<target host="skov.co" />
+	<target host="skra.cam" />
+	<target host="skrk.ws" />
+	<target host="skrot.es" />
+	<target host="skroutz.it" />
+	<target host="sktch.es" />
+	<target host="sktj.ml" />
+	<target host="sktny.co" />
+	<target host="sktrsvn.com" />
+	<target host="sktv.us" />
+	<target host="skul.co" />
+	<target host="skur.io" />
+	<target host="skvsporls.tk" />
+	<target host="skvw.net" />
+	<target host="skwdr.at" />
+	<target host="skwy.co" />
+	<target host="skxchg.com" />
+	<target host="sky.me" />
+	<target host="skya.us" />
+	<target host="skyblu.es" />
+	<target host="skycat.ch" />
+	<target host="skyemln.com" />
+	<target host="skyh.info" />
+	<target host="skyhi.me" />
+	<target host="skyhrse.com" />
+	<target host="skyler.link" />
+	<target host="skylinettv.ml" />
+	<target host="skylrk.us" />
+	<target host="skym.ag" />
+	<target host="skynz.co" />
+	<target host="skysa.ga" />
+	<target host="skystills.com" />
+	<target host="sl.a21.org" />
+	<target host="sl.advdat.com" />
+	<target host="sl.aminul.net" />
+	<target host="sl.bf5.pw" />
+	<target host="sl.brettroy.me" />
+	<target host="sl.bridgenc.com" />
+	<target host="sl.caringdev.ch" />
+	<target host="sl.cccp.com" />
+	<target host="sl.cesa6.org" />
+	<target host="sl.covision.com" />
+	<target host="sl.dcssk12.org" />
+	<target host="sl.felilu.cn" />
+	<target host="sl.gdg.lv" />
+	<target host="sl.gjmolter.com" />
+	<target host="sl.highbrows.pk" />
+	<target host="sl.joeylau.me" />
+	<target host="sl.klogmand.dk" />
+	<target host="sl.kvtm.vn" />
+	<target host="sl.ngpriest.com" />
+	<target host="sl.ohds.ch" />
+	<target host="sl.ookb.co" />
+	<target host="sl.pavipath.com" />
+	<target host="sl.petrbelik.cz" />
+	<target host="sl.playhc.ms" />
+	<target host="sl.pozica.com" />
+	<target host="sl.resonance.is" />
+	<target host="sl.sonisa.com" />
+	<target host="sl.tahr.org.tw" />
+	<target host="sl.thomas.do" />
+	<target host="sl.tiz.ma" />
+	<target host="sl.unutsan.com" />
+	<target host="sl.wmei.cloud" />
+	<target host="sl.yearg.in" />
+	<target host="sla.bs" />
+	<target host="slabsca.pe" />
+	<target host="slackers.co" />
+	<target host="sladewa.tk" />
+	<target host="slag.me" />
+	<target host="slalom.ws" />
+	<target host="slamdmg.co" />
+	<target host="slance.co" />
+	<target host="sland.site" />
+	<target host="slate.me" />
+	<target host="slba.io" />
+	<target host="slbd.us" />
+	<target host="slbrz.ir" />
+	<target host="slc.fit" />
+	<target host="slce.us" />
+	<target host="slckr.co" />
+	<target host="slcn.pro" />
+	<target host="slct.al" />
+	<target host="slct.me" />
+	<target host="slde.ml" />
+	<target host="sledsto.re" />
+	<target host="sleepjnk.es" />
+	<target host="sleighri.de" />
+	<target host="sleqty.co" />
+	<target host="slevert.me" />
+	<target host="slf.li" />
+	<target host="slfrd.gs" />
+	<target host="slghtjr.nl" />
+	<target host="slgx.co" />
+	<target host="slhr.hk" />
+	<target host="sliceint.co" />
+	<target host="slidesha.re" />
+	<target host="slim4ever.click" />
+	<target host="slin.tw" />
+	<target host="sliu.link" />
+	<target host="slj.mx" />
+	<target host="slm.io" />
+	<target host="slma.tips" />
+	<target host="slnda.digital" />
+	<target host="slng.it" />
+	<target host="slnts.co" />
+	<target host="slo.ms" />
+	<target host="slpnt.co" />
+	<target host="slpsd.us" />
+	<target host="slrme.us" />
+	<target host="sls.a1le.bz" />
+	<target host="sls17.co" />
+	<target host="sltech.ga" />
+	<target host="sltees.com" />
+	<target host="slth.so" />
+	<target host="sltn.jp" />
+	<target host="sltngdng.tk" />
+	<target host="sltr.co" />
+	<target host="sluc.as" />
+	<target host="sluty.tk" />
+	<target host="sluv.us" />
+	<target host="slvd.co" />
+	<target host="slvd.me" />
+	<target host="slvpg.me" />
+	<target host="slvr.cr" />
+	<target host="slvrdlrrch.com" />
+	<target host="slvrl.in" />
+	<target host="slvrlnng.us" />
+	<target host="slvtr.it" />
+	<target host="slzbrt.com" />
+	<target host="sm-il.es" />
+	<target host="sm.ableammo.com" />
+	<target host="sm.ai" />
+	<target host="sm.azhar.eg" />
+	<target host="sm.design" />
+	<target host="sm.jweaving.com" />
+	<target host="sm.md" />
+	<target host="sm.mk" />
+	<target host="sm.ohchr.org" />
+	<target host="sm.safemo.de" />
+	<target host="sm.sokkaia.com" />
+	<target host="sm.workiva.com" />
+	<target host="sm.wsj.com" />
+	<target host="sm.yoozlr.com" />
+	<target host="sm2b.me" />
+	<target host="sma.cm" />
+	<target host="smaa.to" />
+	<target host="smahoy.com" />
+	<target host="smal.li" />
+	<target host="small.gg" />
+	<target host="smallbusin.es" />
+	<target host="smallcoart.com" />
+	<target host="smalloutsi.de" />
+	<target host="smapl.us" />
+	<target host="smar.my" />
+	<target host="smar.sh" />
+	<target host="smartboss.co" />
+	<target host="smartbp.eu" />
+	<target host="smartdo.tk" />
+	<target host="smartfire.io" />
+	<target host="smartlym.co" />
+	<target host="smarts.ky" />
+	<target host="smartswipe.us" />
+	<target host="smartzip.me" />
+	<target host="smash.social" />
+	<target host="smashing.glass" />
+	<target host="smauto.ie" />
+	<target host="smb01.tk" />
+	<target host="smb2.be" />
+	<target host="smbiz.us" />
+	<target host="smbrk.ml" />
+	<target host="smbz.us" />
+	<target host="smcc.bz" />
+	<target host="smcd.me" />
+	<target host="smcg.io" />
+	<target host="smck.me" />
+	<target host="smclaw.tv" />
+	<target host="smcr.co" />
+	<target host="smcvt.co" />
+	<target host="smd.vc" />
+	<target host="smdaysd.co" />
+	<target host="smdyn.co" />
+	<target host="sme-fr.com" />
+	<target host="sme.io" />
+	<target host="sme.sc" />
+	<target host="sme1.st" />
+	<target host="smelekete.co.vu" />
+	<target host="smesh.co" />
+	<target host="smetsni.co" />
+	<target host="smfl.ca" />
+	<target host="smg.io" />
+	<target host="smggo.com" />
+	<target host="smialy.tk" />
+	<target host="smichelle.co" />
+	<target host="smil.li" />
+	<target host="smile.qa" />
+	<target host="smiledirect.co" />
+	<target host="smiletra.in" />
+	<target host="smim.ml" />
+	<target host="sminow.com" />
+	<target host="smir.nf" />
+	<target host="smith.gl" />
+	<target host="smith.ly" />
+	<target host="smithhou.se" />
+	<target host="smk.li" />
+	<target host="smkktt.com" />
+	<target host="smkt.me" />
+	<target host="smky.io" />
+	<target host="sml.ac" />
+	<target host="sml.keller.edu" />
+	<target host="smlb.in" />
+	<target host="smld.rs" />
+	<target host="smld.uk" />
+	<target host="smllp.co" />
+	<target host="smloop.in" />
+	<target host="smltrn.uk" />
+	<target host="smnr.co" />
+	<target host="smns.co" />
+	<target host="smo.in" />
+	<target host="smo.io" />
+	<target host="smo.sh" />
+	<target host="smokingpip.es" />
+	<target host="smonty.co" />
+	<target host="smoo.sh" />
+	<target host="smooth.tech" />
+	<target host="smoove.ws" />
+	<target host="smp.link" />
+	<target host="smp.reviews" />
+	<target host="smp.rocks" />
+	<target host="smpc.it" />
+	<target host="smpl.li" />
+	<target host="smpla.net" />
+	<target host="smplbtcs.co" />
+	<target host="smplnr.gy" />
+	<target host="smplsd.com" />
+	<target host="smply.mom" />
+	<target host="smplyq.co" />
+	<target host="smptcthtr.org" />
+	<target host="smpv.site" />
+	<target host="smq.tc" />
+	<target host="smr.tl" />
+	<target host="smre.co" />
+	<target host="smrkts.co" />
+	<target host="smrt.bz" />
+	<target host="smrt.in" />
+	<target host="smrt.tv" />
+	<target host="smrtdr.gs" />
+	<target host="smrths.com" />
+	<target host="smrtl.cl" />
+	<target host="smrtn.at" />
+	<target host="smrtr.co" />
+	<target host="smrtwat.ch" />
+	<target host="sms.brighten.in" />
+	<target host="sms.cxplaza.com" />
+	<target host="sms.icon-ru.com" />
+	<target host="sms.macsf.fr" />
+	<target host="sms.oplachu.tk" />
+	<target host="sms.tele2.ee" />
+	<target host="smsch.us" />
+	<target host="smschur.ch" />
+	<target host="smshct.co" />
+	<target host="smshct.com" />
+	<target host="smsi.me" />
+	<target host="smsng.news" />
+	<target host="smsng.us" />
+	<target host="smtbk.co" />
+	<target host="smth.co" />
+	<target host="smtn.tv" />
+	<target host="smtulsa.co" />
+	<target host="smtvj.com" />
+	<target host="smtw.it" />
+	<target host="smtx.co" />
+	<target host="smu.gs" />
+	<target host="smu.im" />
+	<target host="smugglr.in" />
+	<target host="smusd.me" />
+	<target host="smwrld.us" />
+	<target host="smxpo.com" />
+	<target host="smyid.pw" />
+	<target host="sn.badaudio.de" />
+	<target host="sn.elsl.ooo" />
+	<target host="sn.geerdes.de" />
+	<target host="sn.hn4u.de" />
+	<target host="sn.mnstr.in" />
+	<target host="sn.nyc.mv" />
+	<target host="sn.safia.ch" />
+	<target host="sn254an.uk" />
+	<target host="sn4ps3xt.men" />
+	<target host="snacksize.it" />
+	<target host="snag.tv" />
+	<target host="snap.ci" />
+	<target host="snapa.sk" />
+	<target host="snapcod.es" />
+	<target host="snapm.uk" />
+	<target host="snapp.to" />
+	<target host="snapt.rip" />
+	<target host="snarglr.net" />
+	<target host="snaval.link" />
+	<target host="snc.tv" />
+	<target host="sncr.io" />
+	<target host="sncs.io" />
+	<target host="snctycndl.co" />
+	<target host="sncyt.com" />
+	<target host="snd.lu" />
+	<target host="snd.sc" />
+	<target host="snd.st" />
+	<target host="snd.vn" />
+	<target host="sndart.us" />
+	<target host="sndcom.us" />
+	<target host="sndit.co" />
+	<target host="sndlp.com" />
+	<target host="sndnc.tv" />
+	<target host="sndnc.us" />
+	<target host="sndofl.at" />
+	<target host="sndp.lt" />
+	<target host="sndr.es" />
+	<target host="sndr.io" />
+	<target host="sndrmclzz.link" />
+	<target host="sndrs.com.au" />
+	<target host="sndwch.co" />
+	<target host="snea.me" />
+	<target host="snel.derekk.nl" />
+	<target host="snelo.nl" />
+	<target host="snewsy.com" />
+	<target host="snf.link" />
+	<target host="snfn.co" />
+	<target host="snfnsri.in" />
+	<target host="snglrty.co" />
+	<target host="sngls.club" />
+	<target host="sngy.ly" />
+	<target host="snider.io" />
+	<target host="snip.udooz.net" />
+	<target host="snipbfp.org" />
+	<target host="snipe.ly" />
+	<target host="sniwb.nl" />
+	<target host="snjy.me" />
+	<target host="snka.tk" />
+	<target host="snkcr.sh" />
+	<target host="snkniv.es" />
+	<target host="snkr.fr" />
+	<target host="snkr.io" />
+	<target host="snkr.mx" />
+	<target host="snkr.us" />
+	<target host="snkrb0b.de" />
+	<target host="snkrfl.co" />
+	<target host="snkrhnt.rs" />
+	<target host="snkrj.gr" />
+	<target host="snkrjg.rs" />
+	<target host="snkrne.ws" />
+	<target host="snkrs.dk" />
+	<target host="snkrs.me" />
+	<target host="snkrs.pro" />
+	<target host="snl.recipes" />
+	<target host="snma.me" />
+	<target host="snna.co" />
+	<target host="sno.buzz" />
+	<target host="snob.bz" />
+	<target host="snocd.org" />
+	<target host="snowtrex.me" />
+	<target host="snppt.io" />
+	<target host="snpy.tv" />
+	<target host="snrhy.ms" />
+	<target host="snsv.tk" />
+	<target host="snte.tv" />
+	<target host="snth.me" />
+	<target host="snva-test.net" />
+	<target host="snwbd.me" />
+	<target host="snwflk.ml" />
+	<target host="sny.ms" />
+	<target host="sny.nz" />
+	<target host="so-by.com" />
+	<target host="so-ve.info" />
+	<target host="so.arte" />
+	<target host="so.fyi" />
+	<target host="so.glim.fr" />
+	<target host="so.khimyan.my" />
+	<target host="so.sa.com" />
+	<target host="so1vietnam.com" />
+	<target host="so53.info" />
+	<target host="soapbox.buzz" />
+	<target host="soaws.me" />
+	<target host="soaxe-series.ml" />
+	<target host="soaxe.ml" />
+	<target host="soc-1.co" />
+	<target host="soc.att.com" />
+	<target host="soc.news" />
+	<target host="soc.tl" />
+	<target host="soc1.link" />
+	<target host="socal.ch" />
+	<target host="socchan.com" />
+	<target host="soceo.io" />
+	<target host="soch.us" />
+	<target host="sochn.co" />
+	<target host="social.aolu.co" />
+	<target host="social.cerjo.ch" />
+	<target host="social.clinic" />
+	<target host="social.ffhub.uk" />
+	<target host="social.hu.nl" />
+	<target host="socialhive.us" />
+	<target host="socialjedi.co" />
+	<target host="socialke.com" />
+	<target host="socialsell.in" />
+	<target host="socialurl.co" />
+	<target host="socinova.co" />
+	<target host="sociol.la" />
+	<target host="sociov.it" />
+	<target host="socl.ink" />
+	<target host="socl.ly" />
+	<target host="socl.pro" />
+	<target host="socl.xyz" />
+	<target host="soclfe.it" />
+	<target host="soco.ps" />
+	<target host="socpol.co" />
+	<target host="socr.it" />
+	<target host="socr.me" />
+	<target host="socs.ci" />
+	<target host="sodl.co" />
+	<target host="sodoto.co" />
+	<target host="soe.link" />
+	<target host="soetke.es" />
+	<target host="soex.ml" />
+	<target host="soez.bz" />
+	<target host="sof.me" />
+	<target host="soflx.fr" />
+	<target host="sofre.sh" />
+	<target host="softc.at" />
+	<target host="softeng.cc" />
+	<target host="softu.be" />
+	<target host="sog-links.org" />
+	<target host="sogeek.us" />
+	<target host="sogeni.us" />
+	<target host="soil.li" />
+	<target host="soiq.net" />
+	<target host="sojc.co" />
+	<target host="sojocenter.org" />
+	<target host="sojoxo.me" />
+	<target host="sok.vilect.com" />
+	<target host="sokkuri.link" />
+	<target host="sokr.org" />
+	<target host="sol-angel.es" />
+	<target host="sol-m.co" />
+	<target host="sol-pan.co" />
+	<target host="sol-ver.de" />
+	<target host="solasit.es" />
+	<target host="soldad.us" />
+	<target host="soldani.info" />
+	<target host="solebicycl.es" />
+	<target host="solerbls.com" />
+	<target host="solergo.li" />
+	<target host="solespi.re" />
+	<target host="solis.link" />
+	<target host="solis.xyz" />
+	<target host="sollyand.co" />
+	<target host="sologi.co" />
+	<target host="soloma.net" />
+	<target host="solomo.to" />
+	<target host="solona.link" />
+	<target host="solveris.co" />
+	<target host="solx.ch" />
+	<target host="som.li" />
+	<target host="somd.me" />
+	<target host="some.fyi" />
+	<target host="someco.io" />
+	<target host="somer.st" />
+	<target host="somerhair.com" />
+	<target host="somo.nu" />
+	<target host="son.lt" />
+	<target host="son.name.vn" />
+	<target host="song.bz" />
+	<target host="songkick.rocks" />
+	<target host="songne.ws" />
+	<target host="sonic.tw" />
+	<target host="sonsh.in" />
+	<target host="sonur.gq" />
+	<target host="sook.io" />
+	<target host="soop.link" />
+	<target host="soph.cc" />
+	<target host="soply.co" />
+	<target host="soporte3000.xyz" />
+	<target host="sopost.co" />
+	<target host="sopurr.co" />
+	<target host="soraumikumo.xyz" />
+	<target host="sortd.link" />
+	<target host="sos-kd.de" />
+	<target host="sosecu.re" />
+	<target host="sosf.me" />
+	<target host="sosh.sh" />
+	<target host="soshd.ml" />
+	<target host="sosi.mp" />
+	<target host="sosm.ag" />
+	<target host="sospechas.es" />
+	<target host="sot.bz" />
+	<target host="sot.tips" />
+	<target host="sota.link" />
+	<target host="sotm.xyz" />
+	<target host="sots.media" />
+	<target host="sou.nu" />
+	<target host="soul.tools" />
+	<target host="soule.mx" />
+	<target host="soulfull.ml" />
+	<target host="soultri.be" />
+	<target host="soundo.ps" />
+	<target host="soundte.ch" />
+	<target host="sout.hu" />
+	<target host="south.land" />
+	<target host="south.pk" />
+	<target host="sov.mn" />
+	<target host="sovfor.com" />
+	<target host="sovgrc.co" />
+	<target host="sovh.co" />
+	<target host="sow.media" />
+	<target host="sow.tl" />
+	<target host="sowbig.net" />
+	<target host="soycj.info" />
+	<target host="soycr.com" />
+	<target host="soyef.info" />
+	<target host="soyespiritu.al" />
+	<target host="soyfi.com" />
+	<target host="soymr.info" />
+	<target host="soyou.nz" />
+	<target host="soz.wtf" />
+	<target host="sp.design" />
+	<target host="sp.gifts" />
+	<target host="sp.io" />
+	<target host="sp.tips" />
+	<target host="sp0t.co" />
+	<target host="sp30.me" />
+	<target host="sp4.us" />
+	<target host="spa1.bz" />
+	<target host="space2grow.org" />
+	<target host="spag.es" />
+	<target host="spain.ikea.es" />
+	<target host="spangli.sh" />
+	<target host="spark.bz" />
+	<target host="sparkclo.uk" />
+	<target host="sparkly.live" />
+	<target host="sparkweb.org.uk" />
+	<target host="sparkyjax.link" />
+	<target host="sparring.li" />
+	<target host="sparta.global" />
+	<target host="spartabike.club" />
+	<target host="spau.lt" />
+	<target host="spayne.co" />
+	<target host="spb.buzz" />
+	<target host="spbl.li" />
+	<target host="spblg.co" />
+	<target host="spblog.co.uk" />
+	<target host="spboyer.me" />
+	<target host="spbx.us" />
+	<target host="spcd.us" />
+	<target host="spcie.de" />
+	<target host="spclr.us" />
+	<target host="spclzd.uk" />
+	<target host="spcs.ws" />
+	<target host="spcsv.rs" />
+	<target host="spctrm.pe" />
+	<target host="spcvt.org" />
+	<target host="speak.rs" />
+	<target host="spear.education" />
+	<target host="specc.ie" />
+	<target host="specialisten.at" />
+	<target host="specker.me" />
+	<target host="spectru.me" />
+	<target host="speedmex.com" />
+	<target host="speelple.in" />
+	<target host="spellon.me" />
+	<target host="spendri.se" />
+	<target host="sperry.co" />
+	<target host="spfc.vc" />
+	<target host="spfhh.co" />
+	<target host="spg.to" />
+	<target host="sphardy.net" />
+	<target host="sphn.us" />
+	<target host="spice.ly" />
+	<target host="spiceuk.me" />
+	<target host="spielundzeug.tv" />
+	<target host="spigen.co" />
+	<target host="spik.es" />
+	<target host="spikeyx.tk" />
+	<target host="spiki.ng" />
+	<target host="spin-media.net" />
+	<target host="spin.bz" />
+	<target host="spin.tennis" />
+	<target host="spin.vision" />
+	<target host="spineft.co" />
+	<target host="spinn.es" />
+	<target host="spintheverb.co" />
+	<target host="spinzo.it" />
+	<target host="spir.es" />
+	<target host="spiritfbj.com" />
+	<target host="spiritu.co" />
+	<target host="spirop.us" />
+	<target host="spith.net" />
+	<target host="spja.in" />
+	<target host="spjour.nl" />
+	<target host="spjpgrd.me" />
+	<target host="spk.fyi" />
+	<target host="spk.to" />
+	<target host="spk2.us" />
+	<target host="spkabt.it" />
+	<target host="spkd.us" />
+	<target host="spke.co" />
+	<target host="spkhb.co" />
+	<target host="spkrryan.us" />
+	<target host="spl.sh" />
+	<target host="splash.events" />
+	<target host="splin.tt" />
+	<target host="splk.it" />
+	<target host="splt.ws" />
+	<target host="spmk.it" />
+	<target host="spncrbg.gs" />
+	<target host="spnfx.co" />
+	<target host="spni.co" />
+	<target host="spnk.co" />
+	<target host="spo.io" />
+	<target host="spoiltv.me" />
+	<target host="sponge.bar" />
+	<target host="spongebopz.ml" />
+	<target host="sponsok.it" />
+	<target host="spoon.graphics" />
+	<target host="spoonrocket.me" />
+	<target host="spork.life" />
+	<target host="spork.ly" />
+	<target host="sport.rapmag.tv" />
+	<target host="sportifi.co" />
+	<target host="sportlivehd.ml" />
+	<target host="sportlives.ml" />
+	<target host="sportm.at" />
+	<target host="sportng.in" />
+	<target host="sportone.ga" />
+	<target host="sportpl.uk" />
+	<target host="sportsgirl.in" />
+	<target host="sportshd.online" />
+	<target host="sportsho.ws" />
+	<target host="spot.cf" />
+	<target host="spoti.fi" />
+	<target host="spotic.us" />
+	<target host="spotify.aia.ag" />
+	<target host="spots.pics" />
+	<target host="spr.gtgn.co" />
+	<target host="spr.st" />
+	<target host="spr.tn" />
+	<target host="spratl.in" />
+	<target host="spraygun.me" />
+	<target host="sprbl.st" />
+	<target host="sprc.me" />
+	<target host="sprdlx.co" />
+	<target host="sprecherapp.com" />
+	<target host="spree.tw" />
+	<target host="sprig.ht" />
+	<target host="springe.st" />
+	<target host="springfr.ee" />
+	<target host="sprk.cc" />
+	<target host="sprk.li" />
+	<target host="sprk.ywb.com.au" />
+	<target host="sprmag.co" />
+	<target host="sprng.io" />
+	<target host="sprngtd.co" />
+	<target host="sproj.com.br" />
+	<target host="sprout.im" />
+	<target host="sprsmpl.me" />
+	<target host="sprt.ca" />
+	<target host="sprt.li" />
+	<target host="sprt.ms" />
+	<target host="sprt.run" />
+	<target host="sprtbd.co" />
+	<target host="sprtly.me" />
+	<target host="sprtn.im" />
+	<target host="sprts.bar" />
+	<target host="sprts.in" />
+	<target host="sprts.us" />
+	<target host="sprtsnt.ca" />
+	<target host="spruit.me" />
+	<target host="sprung.to" />
+	<target host="sprwb.pro" />
+	<target host="spryd.com" />
+	<target host="spsf.cf" />
+	<target host="sptf.re" />
+	<target host="sptlzr.link" />
+	<target host="sptrs.io" />
+	<target host="sptt.me" />
+	<target host="sptz.us" />
+	<target host="spud.so" />
+	<target host="spul.se" />
+	<target host="spum.us" />
+	<target host="spunout.info" />
+	<target host="spursgroups.com" />
+	<target host="sput.me" />
+	<target host="sputil.co" />
+	<target host="spuul.in" />
+	<target host="spvlad.com" />
+	<target host="spw3.co" />
+	<target host="spxj.nl" />
+	<target host="spyte.ch" />
+	<target host="sq1.de" />
+	<target host="sq1res.com" />
+	<target host="sqan.it" />
+	<target host="sqd.nu" />
+	<target host="sqdw.us" />
+	<target host="sqe.li" />
+	<target host="sqm.me" />
+	<target host="sqnc.es" />
+	<target host="sqnths.co" />
+	<target host="sqr.wf" />
+	<target host="sqrl.ly" />
+	<target host="sqrls.co" />
+	<target host="sqrn.ch" />
+	<target host="sqrno.de" />
+	<target host="sqsn.de" />
+	<target host="squ.re" />
+	<target host="squad.cf" />
+	<target host="squareoffs.co" />
+	<target host="squiz.ly" />
+	<target host="squot.es" />
+	<target host="squrrl.it" />
+	<target host="sqwid.co" />
+	<target host="sr451g.link" />
+	<target host="srai.me" />
+	<target host="srbes.com" />
+	<target host="srbnk.net" />
+	<target host="src.bike" />
+	<target host="src.gop" />
+	<target host="src.nu" />
+	<target host="srcd.co" />
+	<target host="srce.mp" />
+	<target host="srchpnt.com" />
+	<target host="srck.me" />
+	<target host="srclick.co" />
+	<target host="srco.us" />
+	<target host="srcs.link" />
+	<target host="srev.me" />
+	<target host="srewis.me" />
+	<target host="srfc.bz" />
+	<target host="srfrsj.nl" />
+	<target host="srg.vg" />
+	<target host="srgeastbay.com" />
+	<target host="srhdesign.uk" />
+	<target host="sri.suryav.in" />
+	<target host="srink.net" />
+	<target host="srlabs.co" />
+	<target host="srlchf.com" />
+	<target host="srlnk.co" />
+	<target host="srltr.org" />
+	<target host="srmn.co" />
+	<target host="srn.kr" />
+	<target host="srnd.co" />
+	<target host="srnd.fr" />
+	<target host="sron.co" />
+	<target host="srpets.co" />
+	<target host="srphoto.im" />
+	<target host="srqymca.org" />
+	<target host="srrvit.com" />
+	<target host="srsly.tv" />
+	<target host="srsre-dfw.com" />
+	<target host="srt.cre8r.info" />
+	<target host="srt.ivrm.nl" />
+	<target host="srt.jangulog.es" />
+	<target host="srt.voodoo.ie" />
+	<target host="srtfl.io" />
+	<target host="srtpbdy.cf" />
+	<target host="srvfsno.cc" />
+	<target host="srvkb.co" />
+	<target host="srvl.co" />
+	<target host="srvn.co" />
+	<target host="srvr.ml" />
+	<target host="srvrsi.de" />
+	<target host="srvt.co" />
+	<target host="srvy.cl" />
+	<target host="srvz.co" />
+	<target host="srw.me" />
+	<target host="sry.wtf" />
+	<target host="srzto.ml" />
+	<target host="ss-l.uk" />
+	<target host="ss.andib.nz" />
+	<target host="ss.fyi" />
+	<target host="ss.k112.uk" />
+	<target host="ss.mirachem.com" />
+	<target host="ss.nvxt.us" />
+	<target host="ss16.co" />
+	<target host="ss6.online" />
+	<target host="ssa.tips" />
+	<target host="ssalat.ga" />
+	<target host="ssalute.co" />
+	<target host="ssapp.io" />
+	<target host="ssb.auction" />
+	<target host="ssb.beer" />
+	<target host="ssb.io" />
+	<target host="ssbp.org" />
+	<target host="ssca.pe" />
+	<target host="sscot.ch" />
+	<target host="ssdrm.org" />
+	<target host="ssen.se" />
+	<target host="sseo.it" />
+	<target host="sseri.es" />
+	<target host="sshine.tips" />
+	<target host="sshirt.co" />
+	<target host="ssi.my" />
+	<target host="ssi.today" />
+	<target host="ssia.ga" />
+	<target host="ssimh.co" />
+	<target host="ssl.hu" />
+	<target host="ssl.nhd2016.net" />
+	<target host="sslink.co" />
+	<target host="ssm.stegela.com" />
+	<target host="ssnetworx.com" />
+	<target host="ssoft.link" />
+	<target host="ssoperfor.ms" />
+	<target host="ssopt.me" />
+	<target host="sspimg.com" />
+	<target host="ssq.re" />
+	<target host="ssqt.ch" />
+	<target host="ssshhh.me" />
+	<target host="sstack.co" />
+	<target host="sstat.us" />
+	<target host="sstern.us" />
+	<target host="sstools.co" />
+	<target host="sstrk.co" />
+	<target host="ssu5k.com" />
+	<target host="ssuk.online" />
+	<target host="ssuk.shop" />
+	<target host="ssum.it" />
+	<target host="ssvy.co" />
+	<target host="ssxla.co" />
+	<target host="ssxp.lc" />
+	<target host="ssy.jewelry" />
+	<target host="ssy.ms" />
+	<target host="st-moe.gq" />
+	<target host="st.ab0.me" />
+	<target host="st.adryd.com" />
+	<target host="st.aitube.co" />
+	<target host="st.arunk.me" />
+	<target host="st.cm" />
+	<target host="st.dcm-ich.jp" />
+	<target host="st.ecrebo.com" />
+	<target host="st.goto.top" />
+	<target host="st.gs" />
+	<target host="st.ipad.ly" />
+	<target host="st.jakuta.biz" />
+	<target host="st.lacasta.jp" />
+	<target host="st.news" />
+	<target host="st.panci.org" />
+	<target host="st.pgoffice.ga" />
+	<target host="st.s-herb.com" />
+	<target host="st.tkymru.net" />
+	<target host="st4r.tk" />
+	<target host="st4rtv.ml" />
+	<target host="st4y.tk" />
+	<target host="st8.it" />
+	<target host="st8.mn" />
+	<target host="sta.ag" />
+	<target host="sta.carloha.com" />
+	<target host="sta.rw" />
+	<target host="sta.travel" />
+	<target host="stac.nz" />
+	<target host="stacee.link" />
+	<target host="staceymlr.me" />
+	<target host="stacie.lol" />
+	<target host="stacis.link" />
+	<target host="stack.st" />
+	<target host="stacyk.site" />
+	<target host="staff.gd" />
+	<target host="stai.rs" />
+	<target host="stal.kr" />
+	<target host="stalls.buzz" />
+	<target host="stamini.st" />
+	<target host="stamp.cm" />
+	<target host="stan.md" />
+	<target host="stand4k.ml" />
+	<target host="standardne.ws" />
+	<target host="standre.ws" />
+	<target host="stanford.io" />
+	<target host="stannmyc.org" />
+	<target host="stansult.com" />
+	<target host="stapleton.link" />
+	<target host="star-hd.tk" />
+	<target host="star4k.ml" />
+	<target host="starbuzz.ml" />
+	<target host="starbuzzword.ml" />
+	<target host="starco.tk" />
+	<target host="starexp.link" />
+	<target host="stargaz.tt" />
+	<target host="starktou.ch" />
+	<target host="starli.ng" />
+	<target host="starr.es" />
+	<target host="starrett.co" />
+	<target host="starry.life" />
+	<target host="stars.gs" />
+	<target host="starscros24.ga" />
+	<target host="start-live.ml" />
+	<target host="start4k.ml" />
+	<target host="startcinem.ml" />
+	<target host="startl.ink" />
+	<target host="startrack.co" />
+	<target host="startsw.it" />
+	<target host="starz.tv" />
+	<target host="starzz-tv.cf" />
+	<target host="statfa.me" />
+	<target host="station.promo" />
+	<target host="stattl.io" />
+	<target host="stau.fr" />
+	<target host="stay.cf" />
+	<target host="staydine.com" />
+	<target host="stayhard.biz" />
+	<target host="stbk.co" />
+	<target host="stble.co" />
+	<target host="stblive.uk" />
+	<target host="stbmt.in" />
+	<target host="stbo.us" />
+	<target host="stbrd.in" />
+	<target host="stca.se" />
+	<target host="stcare.co" />
+	<target host="stcdems.us" />
+	<target host="stch.me" />
+	<target host="stci.uk" />
+	<target host="stck.me" />
+	<target host="stck.so" />
+	<target host="stcndl.com" />
+	<target host="stcoc.cc" />
+	<target host="std.al" />
+	<target host="std.mn" />
+	<target host="stdapt.co" />
+	<target host="stdnt.us" />
+	<target host="stdo.ms" />
+	<target host="stdpt.co" />
+	<target host="stdr.us" />
+	<target host="stdw.us" />
+	<target host="stdy.pl" />
+	<target host="steals.me" />
+	<target host="steck.in" />
+	<target host="stecyk.ca" />
+	<target host="sted.es" />
+	<target host="steelbld.gs" />
+	<target host="steeljoi.st" />
+	<target host="stef.link" />
+	<target host="stefa.no.it" />
+	<target host="stefand.es" />
+	<target host="stefanoomes.eu" />
+	<target host="stegre.fr" />
+	<target host="steinbronn.co" />
+	<target host="stell.am" />
+	<target host="stellify.media" />
+	<target host="stemsha.re" />
+	<target host="stenerik.me" />
+	<target host="step.tips" />
+	<target host="steph.bz" />
+	<target host="ster.dog" />
+	<target host="sterl.in" />
+	<target host="steve-o.me" />
+	<target host="steve.fyi" />
+	<target host="steveb.me" />
+	<target host="stevelaton.com" />
+	<target host="stevenalan.co" />
+	<target host="steverei.ch" />
+	<target host="steverul.es" />
+	<target host="stevetemk.in" />
+	<target host="stf.cc" />
+	<target host="stfa.uk" />
+	<target host="stff.in" />
+	<target host="stflo.io" />
+	<target host="stfr.us" />
+	<target host="stg6.co" />
+	<target host="stgi.co" />
+	<target host="stgil.es" />
+	<target host="stgr.it" />
+	<target host="sthru.co" />
+	<target host="sthwv.com" />
+	<target host="sti.bo" />
+	<target host="sticky.al" />
+	<target host="stickz.co" />
+	<target host="stie.gl" />
+	<target host="stig.gs" />
+	<target host="stig.gy" />
+	<target host="stiker.ga" />
+	<target host="stilltipp.in" />
+	<target host="stirit.com" />
+	<target host="stirl.in" />
+	<target host="stix.life" />
+	<target host="stjb.work" />
+	<target host="stjin.me" />
+	<target host="stjo.co" />
+	<target host="stjo.es" />
+	<target host="stjo.me" />
+	<target host="stjr.nl" />
+	<target host="stk.lt" />
+	<target host="stk.pe" />
+	<target host="stk3d.li" />
+	<target host="stkat.es" />
+	<target host="stkhb.de" />
+	<target host="stky.gd" />
+	<target host="stl.co" />
+	<target host="stl.fm" />
+	<target host="stlnmy.com" />
+	<target host="stlo.es" />
+	<target host="stlo.it" />
+	<target host="stlpl.co" />
+	<target host="stlpublicrad.io" />
+	<target host="stlwrt.us" />
+	<target host="stm2.me" />
+	<target host="stma.nu" />
+	<target host="stmacs.ca" />
+	<target host="stmarg.sc" />
+	<target host="stmbts.com" />
+	<target host="stmi.me" />
+	<target host="stmp.co" />
+	<target host="stmpe.de" />
+	<target host="stmps.co" />
+	<target host="stmr.co" />
+	<target host="stmx.info" />
+	<target host="stmz.it" />
+	<target host="stn.vg" />
+	<target host="stne.co" />
+	<target host="stnfy.com" />
+	<target host="stnr.co" />
+	<target host="stnrd.uk" />
+	<target host="stnva.nl" />
+	<target host="sto-ri.es" />
+	<target host="sto.ly" />
+	<target host="stoate.co" />
+	<target host="stockfinesse.co" />
+	<target host="stoller.adv.br" />
+	<target host="stolr.co" />
+	<target host="ston.tc" />
+	<target host="stone-city.co" />
+	<target host="stoner.im" />
+	<target host="stonet.co" />
+	<target host="stony.fm" />
+	<target host="stookes.co" />
+	<target host="stopwco.com" />
+	<target host="store.rdg.ac" />
+	<target host="store.topdz.in" />
+	<target host="storek.it" />
+	<target host="storemajor.com" />
+	<target host="storeseen.co" />
+	<target host="stori.cc" />
+	<target host="storj.me" />
+	<target host="storm-club.cz" />
+	<target host="storm.to" />
+	<target host="stormy.es" />
+	<target host="story-hd.ml" />
+	<target host="story.tn" />
+	<target host="storychowk.tk" />
+	<target host="storyfarm.co" />
+	<target host="stpdcn.cr" />
+	<target host="stpk.co" />
+	<target host="stpls.la" />
+	<target host="stpp.co" />
+	<target host="stpr.es" />
+	<target host="stpz.co" />
+	<target host="stq.bz" />
+	<target host="str.do" />
+	<target host="str.pm" />
+	<target host="str.tg" />
+	<target host="str.tips" />
+	<target host="str.tl" />
+	<target host="str4t.gy" />
+	<target host="str8edgnl.us" />
+	<target host="str8ripp.in" />
+	<target host="stra.co" />
+	<target host="strant.com" />
+	<target host="strass.media" />
+	<target host="strat.fyi" />
+	<target host="stratagon.us" />
+	<target host="stratatac.cc" />
+	<target host="stratctl.co" />
+	<target host="stratg.ist" />
+	<target host="strath.co" />
+	<target host="stratten.me" />
+	<target host="stratu.mn" />
+	<target host="straveldeal.com" />
+	<target host="strawb.co" />
+	<target host="strb.it" />
+	<target host="strbsch.nl" />
+	<target host="strck.mx" />
+	<target host="strea.mr" />
+	<target host="stream-21.ml" />
+	<target host="stream-4k.tk" />
+	<target host="stream-hd.ml" />
+	<target host="stream-live.ml" />
+	<target host="stream-tv.cf" />
+	<target host="stream-uso.ml" />
+	<target host="stream1080p.tk" />
+	<target host="stream17.cf" />
+	<target host="stream21.tk" />
+	<target host="stream24.co.vu" />
+	<target host="stream36.ml" />
+	<target host="stream7.ml" />
+	<target host="streamco.us" />
+	<target host="streamer.news" />
+	<target host="streamfull.tk" />
+	<target host="streamhd.ml" />
+	<target host="streaming-hd.ml" />
+	<target host="streamingtvs.ml" />
+	<target host="streammov.ml" />
+	<target host="streamnow.ml" />
+	<target host="streamtime.ml" />
+	<target host="streamtvhd.gq" />
+	<target host="streamtvs.ml" />
+	<target host="streberix.de" />
+	<target host="streenmix.tk" />
+	<target host="streets.st" />
+	<target host="stregis.ht" />
+	<target host="strem4k.ml" />
+	<target host="streme.ski" />
+	<target host="stresstimul.us" />
+	<target host="strgbr.gr" />
+	<target host="strgn.com" />
+	<target host="strgygui.de" />
+	<target host="strhaf.cf" />
+	<target host="strick.biz" />
+	<target host="strick.li" />
+	<target host="stride.health" />
+	<target host="stringst.xyz" />
+	<target host="strip.chat" />
+	<target host="strk.org.uk" />
+	<target host="strm.link" />
+	<target host="strng.bz" />
+	<target host="stronger.su" />
+	<target host="strongi.es" />
+	<target host="strs.co" />
+	<target host="strt.mx" />
+	<target host="strt.rs" />
+	<target host="strtgr.fr" />
+	<target host="strtpb.ro" />
+	<target host="strwd.co" />
+	<target host="strx.co" />
+	<target host="stry.eu" />
+	<target host="stryhk.co" />
+	<target host="stryu.live" />
+	<target host="stsdb.co" />
+	<target host="stsh.co" />
+	<target host="stsmda.us" />
+	<target host="stsns.ca" />
+	<target host="stssn.xyz" />
+	<target host="stst.fm" />
+	<target host="sttq.fr" />
+	<target host="sttr.in" />
+	<target host="sttscp.com" />
+	<target host="sttu.info" />
+	<target host="stu-pics.com" />
+	<target host="stu.link" />
+	<target host="stuar.tl" />
+	<target host="stuart.in" />
+	<target host="stuartcoat.es" />
+	<target host="stuartic.us" />
+	<target host="stub.live" />
+	<target host="studio.bi" />
+	<target host="studiofilm.ml" />
+	<target host="studiohd.ml" />
+	<target host="studiolb.co" />
+	<target host="studiolumino.us" />
+	<target host="studiord.info" />
+	<target host="studnt.ms" />
+	<target host="studom.at" />
+	<target host="stuf.ly" />
+	<target host="stuk.co" />
+	<target host="stum.pt" />
+	<target host="stumble.it" />
+	<target host="stupa.li" />
+	<target host="sturg.me" />
+	<target host="stv.pm" />
+	<target host="stvh.me" />
+	<target host="stvn.me" />
+	<target host="stvnr.co" />
+	<target host="stvq.co" />
+	<target host="stxbrx.co" />
+	<target host="styin.me" />
+	<target host="styk.usa.cc" />
+	<target host="styknd.co" />
+	<target host="styl.tips" />
+	<target host="style.gf" />
+	<target host="stylebop.me" />
+	<target host="stylelik.eu" />
+	<target host="stylig.ht" />
+	<target host="stysafe.com" />
+	<target host="styyl.shop" />
+	<target host="su.chinmath.com" />
+	<target host="su.diggita.it" />
+	<target host="su.kumapon.jp" />
+	<target host="su.nanj.vip" />
+	<target host="su.zizuu.com" />
+	<target host="sub.likefuck.ru" />
+	<target host="sub4kfilm.ml" />
+	<target host="suba.li" />
+	<target host="subdu.st" />
+	<target host="subs.deals" />
+	<target host="subsil.io" />
+	<target host="subsumm.it" />
+	<target host="suc.tokyo" />
+	<target host="success.rbtv.me" />
+	<target host="succshac.kr" />
+	<target host="sucesso.link" />
+	<target host="such.la" />
+	<target host="suchpy.org" />
+	<target host="suck.at" />
+	<target host="sudeep.biz" />
+	<target host="sudoshort.cf" />
+	<target host="sue.am" />
+	<target host="sueb.ly" />
+	<target host="suff.co" />
+	<target host="sugarand.cl" />
+	<target host="sugarh.it" />
+	<target host="sugarhou.se" />
+	<target host="suhai.sg" />
+	<target host="suhub.co" />
+	<target host="suistud.io" />
+	<target host="suits.to" />
+	<target host="suitsupp.ly" />
+	<target host="sukiya.us" />
+	<target host="sukutan.xyz" />
+	<target host="sultryd.sh" />
+	<target host="sumag.net" />
+	<target host="sumal.ly" />
+	<target host="sumaris.us" />
+	<target host="sumdoc.co" />
+	<target host="sumolo.gs" />
+	<target host="suna.co" />
+	<target host="sunbelt.me" />
+	<target host="suncmty.news" />
+	<target host="sung.co" />
+	<target host="sung.to" />
+	<target host="sungutz.ml" />
+	<target host="sunil.gq" />
+	<target host="sunleaf.co" />
+	<target host="sunval.ly" />
+	<target host="sunyadk.com" />
+	<target host="sunycorning.cc" />
+	<target host="suo.fyi" />
+	<target host="suomityo.fi" />
+	<target host="supah.ro" />
+	<target host="superbabyo.nl" />
+	<target host="superd.co" />
+	<target host="supergate4.info" />
+	<target host="superio.city" />
+	<target host="superior.solar" />
+	<target host="superm.us" />
+	<target host="supermeet.tv" />
+	<target host="supermoms.net" />
+	<target host="superseiya.ml" />
+	<target host="supertl.me" />
+	<target host="superyard4.info" />
+	<target host="supgraphite.com" />
+	<target host="supmie4k.ml" />
+	<target host="suport.tk" />
+	<target host="support4k.ml" />
+	<target host="supr.cl" />
+	<target host="supraz.info" />
+	<target host="supre.tips" />
+	<target host="suprteach56.com" />
+	<target host="sups.co" />
+	<target host="sur.om.net" />
+	<target host="sur.simedio.fr" />
+	<target host="suraby.ml" />
+	<target host="sure.sc" />
+	<target host="sureup.us" />
+	<target host="surfap.ps" />
+	<target host="surfl.in" />
+	<target host="surfri.de" />
+	<target host="surg.ws" />
+	<target host="surged.me" />
+	<target host="surgfict.biz" />
+	<target host="surikenain.ml" />
+	<target host="surp.co" />
+	<target host="surprise4k.ml" />
+	<target host="surratt.me" />
+	<target host="surreali.sm" />
+	<target host="susan.bz" />
+	<target host="susanmb.me" />
+	<target host="suse.nm10.work" />
+	<target host="sussed.it" />
+	<target host="sutagold.ml" />
+	<target host="sutton.io" />
+	<target host="suvir.me" />
+	<target host="suzie.io" />
+	<target host="suzychow.net" />
+	<target host="sv.expekt.link" />
+	<target host="sv.inco.com.sv" />
+	<target host="sv1.tv" />
+	<target host="svabs.com" />
+	<target host="svaf.gq" />
+	<target host="svai.co" />
+	<target host="svas.at" />
+	<target host="svb.me" />
+	<target host="svc.so" />
+	<target host="svcgig.ga" />
+	<target host="sver.in" />
+	<target host="svfcg.nl" />
+	<target host="svgnb.com" />
+	<target host="svictory.win" />
+	<target host="svk46.de" />
+	<target host="svkeslov.se" />
+	<target host="svkl.ml" />
+	<target host="svlog.in" />
+	<target host="svmn.us" />
+	<target host="svnbrgr.eu" />
+	<target host="svnsft.co.uk" />
+	<target host="svnt.co" />
+	<target host="svntrs.com" />
+	<target host="svp.properties" />
+	<target host="svpubs.com" />
+	<target host="svrf.in" />
+	<target host="svrflr.co" />
+	<target host="svrnhp.ch" />
+	<target host="svry.co" />
+	<target host="svspr.me" />
+	<target host="svtz.it" />
+	<target host="svvy.info" />
+	<target host="svy.be" />
+	<target host="svy.mk" />
+	<target host="svy.searchco.nl" />
+	<target host="svz.bz" />
+	<target host="sw-t.ch" />
+	<target host="swa.is" />
+	<target host="swa.xyz" />
+	<target host="swabs.pw" />
+	<target host="swag.expert" />
+	<target host="swam.mp" />
+	<target host="swars.jp" />
+	<target host="swat.ch" />
+	<target host="swav.co" />
+	<target host="swb.us" />
+	<target host="swbarga.in" />
+	<target host="swbts.us" />
+	<target host="swdh.in" />
+	<target host="sweatbwy.co" />
+	<target host="sweavegas.se" />
+	<target host="swedn.me" />
+	<target host="sweel.ee" />
+	<target host="sweeps.bz" />
+	<target host="sweetli.li" />
+	<target host="sweetmovies.ga" />
+	<target host="sweetnbite.com" />
+	<target host="sweety.ml" />
+	<target host="sweitzman.com" />
+	<target host="swertr.es" />
+	<target host="swfilm.co" />
+	<target host="swggr.us" />
+	<target host="swgoh.org" />
+	<target host="swhu.me" />
+	<target host="swi.je" />
+	<target host="swi.pe" />
+	<target host="swiftyweb.io" />
+	<target host="swimapp.co" />
+	<target host="swimb.ee" />
+	<target host="swimbc.me" />
+	<target host="swimu.com" />
+	<target host="swiss.ky" />
+	<target host="swissin.fo" />
+	<target host="switch.menu" />
+	<target host="switch.uy" />
+	<target host="switchvid.co" />
+	<target host="swivelf.ly" />
+	<target host="swiz.ec" />
+	<target host="swjk.in" />
+	<target host="swjon.es" />
+	<target host="swke.co" />
+	<target host="swkr.co" />
+	<target host="swl.co" />
+	<target host="swlend.co" />
+	<target host="swlive.link" />
+	<target host="swllnt.com" />
+	<target host="swlocal.co" />
+	<target host="swm.li" />
+	<target host="swm.to" />
+	<target host="swnry.com" />
+	<target host="swns.us" />
+	<target host="swo.pe" />
+	<target host="swon.li" />
+	<target host="swoo.nz" />
+	<target host="swoo.sh" />
+	<target host="swooned.it" />
+	<target host="swoti.me" />
+	<target host="swp.io" />
+	<target host="swpstd.com" />
+	<target host="swrks.co" />
+	<target host="swthm.co" />
+	<target host="swtlnk.net" />
+	<target host="swtr.it" />
+	<target host="swtsys.co" />
+	<target host="swty.pe" />
+	<target host="swu.mobi" />
+	<target host="sww.midwife.org" />
+	<target host="sxch.io" />
+	<target host="sxdr.es" />
+	<target host="sxmelect.ro" />
+	<target host="sxod.im" />
+	<target host="sxott.com" />
+	<target host="sxperts.co" />
+	<target host="sxscom.uk" />
+	<target host="sxsw.is" />
+	<target host="sy.co.at" />
+	<target host="syb.la" />
+	<target host="sycamor.es" />
+	<target host="sydfe.st" />
+	<target host="sydl.me" />
+	<target host="sydne.me" />
+	<target host="sydsixe.rs" />
+	<target host="sydthu.de" />
+	<target host="syed.io" />
+	<target host="syedkaz.im" />
+	<target host="syfy.tv" />
+	<target host="sygi.tk" />
+	<target host="sykn.tk" />
+	<target host="sym.bid" />
+	<target host="sym.qa" />
+	<target host="symb.is" />
+	<target host="symc.ly" />
+	<target host="symposium.uk" />
+	<target host="syn.ac" />
+	<target host="syn.gy" />
+	<target host="synapse.mx" />
+	<target host="sync.st" />
+	<target host="syncxmas.com" />
+	<target host="synd.co" />
+	<target host="syntaf.in" />
+	<target host="syntax.cr" />
+	<target host="syntax.ly" />
+	<target host="synthes.io" />
+	<target host="syntra.li" />
+	<target host="syntra.nu" />
+	<target host="syo.net.br" />
+	<target host="syok.at" />
+	<target host="sypa.us" />
+	<target host="sypadelai.de" />
+	<target host="syrcrun.ch" />
+	<target host="syspl.at" />
+	<target host="syvgigi.com" />
+	<target host="syw.co" />
+	<target host="sywtt.com" />
+	<target host="szel.us" />
+	<target host="szl.es" />
+	<target host="szlwzl.com" />
+	<target host="szo.us" />
+	<target host="szybki.link" />
+	<target host="t-1.ee" />
+	<target host="t-3.news" />
+	<target host="t-b.co" />
+	<target host="t-c-a.info" />
+	<target host="t-del.ga" />
+	<target host="t-jetro.jp" />
+	<target host="t-l.us" />
+	<target host="t-m.ac" />
+	<target host="t-mo.co" />
+	<target host="t-mo.io" />
+	<target host="t-nagano.info" />
+	<target host="t-nx.us" />
+	<target host="t-pod.se" />
+	<target host="t-q.tv" />
+	<target host="t-rave.xyz" />
+	<target host="t-t.site" />
+	<target host="t-w-h.be" />
+	<target host="t-w.tw" />
+	<target host="t.1230.me" />
+	<target host="t.1mix.co.uk" />
+	<target host="t.7kw.win" />
+	<target host="t.ablabs.it" />
+	<target host="t.abs.ec" />
+	<target host="t.abthorpe.org" />
+	<target host="t.adapt.dk" />
+	<target host="t.ajeya.me" />
+	<target host="t.aking.ca" />
+	<target host="t.anbell.co.uk" />
+	<target host="t.appbb.co" />
+	<target host="t.aquaevent.ru" />
+	<target host="t.aquafadas.com" />
+	<target host="t.archireed.net" />
+	<target host="t.avia.ml" />
+	<target host="t.bankcircle.in" />
+	<target host="t.bcpha.ca" />
+	<target host="t.bernex.lt" />
+	<target host="t.bf-g.de" />
+	<target host="t.bizhxxk.com" />
+	<target host="t.boegl.in" />
+	<target host="t.bowl.com" />
+	<target host="t.boyabunda.net" />
+	<target host="t.boyd.net" />
+	<target host="t.brianwolf.tv" />
+	<target host="t.caplanesq.com" />
+	<target host="t.carrera.ag" />
+	<target host="t.cca.li" />
+	<target host="t.cemnet.com" />
+	<target host="t.cfmt.org" />
+	<target host="t.chadever.com" />
+	<target host="t.cot.mn" />
+	<target host="t.cozy.co" />
+	<target host="t.cslico.com" />
+	<target host="t.cuckshare.com" />
+	<target host="t.daviann.xyz" />
+	<target host="t.dsot.it" />
+	<target host="t.dstyle.us" />
+	<target host="t.dvp.me" />
+	<target host="t.ennis.pt" />
+	<target host="t.envsn.co" />
+	<target host="t.ermunro.com" />
+	<target host="t.fanscup.com" />
+	<target host="t.fdln.in" />
+	<target host="t.ferooz.be" />
+	<target host="t.flayvr.com" />
+	<target host="t.gan.co" />
+	<target host="t.getgalley.com" />
+	<target host="t.getkeypad.co" />
+	<target host="t.glez.nl" />
+	<target host="t.grimpe.fr" />
+	<target host="t.grpr.co" />
+	<target host="t.guarva.com.au" />
+	<target host="t.h.is" />
+	<target host="t.hachbe.be" />
+	<target host="t.homes.jp" />
+	<target host="t.hrane.nu" />
+	<target host="t.iaaz.at" />
+	<target host="t.ihmc.us" />
+	<target host="t.imehop.com" />
+	<target host="t.indotranz.com" />
+	<target host="t.inhaik.us" />
+	<target host="t.ipag.org.uk" />
+	<target host="t.iverged.com" />
+	<target host="t.iy.ag" />
+	<target host="t.jaschki.com" />
+	<target host="t.jibe.com" />
+	<target host="t.jj.ai" />
+	<target host="t.jomelle.com" />
+	<target host="t.jorli.com" />
+	<target host="t.jrollans.com" />
+	<target host="t.kbf.am" />
+	<target host="t.kuozumi.jp" />
+	<target host="t.kuwaitbox.net" />
+	<target host="t.m-c-s.info" />
+	<target host="t.maiordo.rio" />
+	<target host="t.maptm.nl" />
+	<target host="t.maxpreps.com" />
+	<target host="t.mech.sh" />
+	<target host="t.mfinanga.com" />
+	<target host="t.miyacozi.com" />
+	<target host="t.mmdp.tk" />
+	<target host="t.mutemuse.com" />
+	<target host="t.nadeem.co" />
+	<target host="t.naikonline.id" />
+	<target host="t.nascarne.ws" />
+	<target host="t.navigaweb.net" />
+	<target host="t.netsales.pl" />
+	<target host="t.neustar" />
+	<target host="t.nickworlds.it" />
+	<target host="t.nscom.jp" />
+	<target host="t.nsn.io" />
+	<target host="t.omlee.net" />
+	<target host="t.pbcc.me" />
+	<target host="t.pdabr.com" />
+	<target host="t.physio.sk" />
+	<target host="t.pointfull.pt" />
+	<target host="t.pp.ua" />
+	<target host="t.refpuyo.net" />
+	<target host="t.rw.nu" />
+	<target host="t.sabaia.com.br" />
+	<target host="t.samx18.io" />
+	<target host="t.sayfly.ru" />
+	<target host="t.scp.ph" />
+	<target host="t.sebs.ch" />
+	<target host="t.sele.nu" />
+	<target host="t.seq4u.com" />
+	<target host="t.sr.se" />
+	<target host="t.suumo.jp" />
+	<target host="t.szeker.es" />
+	<target host="t.t-canada.net" />
+	<target host="t.tbff.ru" />
+	<target host="t.tbj.me" />
+	<target host="t.tornify.com" />
+	<target host="t.trend.hk" />
+	<target host="t.triamudom.net" />
+	<target host="t.ttan.org" />
+	<target host="t.tuki.info" />
+	<target host="t.tykz.net" />
+	<target host="t.u2tourfan.com" />
+	<target host="t.uani.com" />
+	<target host="t.uece.br" />
+	<target host="t.v.land" />
+	<target host="t.vallier.ca" />
+	<target host="t.vieleers.com" />
+	<target host="t.virgl.net" />
+	<target host="t.vnw.vn" />
+	<target host="t.web.tn" />
+	<target host="t.wmf.ms" />
+	<target host="t.www.ua" />
+	<target host="t.zyq108.com" />
+	<target host="t0o0bi.gq" />
+	<target host="t0s.me" />
+	<target host="t1.la" />
+	<target host="t100.cf" />
+	<target host="t101.info" />
+	<target host="t11.tv" />
+	<target host="t1m.bz" />
+	<target host="t1v.co" />
+	<target host="t20.io" />
+	<target host="t21c.com" />
+	<target host="t21s.jp" />
+	<target host="t2c.co" />
+	<target host="t2c.deals" />
+	<target host="t2k.at" />
+	<target host="t2w.io" />
+	<target host="t365.co" />
+	<target host="t3b.eu" />
+	<target host="t3fm.com" />
+	<target host="t3mpur.ml" />
+	<target host="t3n.me" />
+	<target host="t3w.us" />
+	<target host="t45.co" />
+	<target host="t4fan.tk" />
+	<target host="t4l.co" />
+	<target host="t4n9kurak.ml" />
+	<target host="t4s.co" />
+	<target host="t4sey.com" />
+	<target host="t4t.pw" />
+	<target host="t4tw.com" />
+	<target host="t5c.co" />
+	<target host="t5go.in" />
+	<target host="t5n.co" />
+	<target host="t7.io" />
+	<target host="t8.tn" />
+	<target host="t9.ie" />
+	<target host="ta.co" />
+	<target host="ta.media" />
+	<target host="ta.nnerl.com" />
+	<target host="ta2place.me" />
+	<target host="ta5.us" />
+	<target host="taa.tools" />
+	<target host="tab.cm" />
+	<target host="tab.today" />
+	<target host="tabar.me" />
+	<target host="tabas.co" />
+	<target host="tabee.mobi" />
+	<target host="tabletenn.is" />
+	<target host="tabrd.co" />
+	<target host="tabs.family" />
+	<target host="tabsoft.co" />
+	<target host="tabugado.tk" />
+	<target host="tac.ph" />
+	<target host="taceht.net" />
+	<target host="tacg.ru" />
+	<target host="tacit.pub" />
+	<target host="tackthat.com" />
+	<target host="taelee.online" />
+	<target host="taelite.co" />
+	<target host="tafarm.us" />
+	<target host="tafe.at" />
+	<target host="taffygabe.co" />
+	<target host="tag.gd" />
+	<target host="tag.hr" />
+	<target host="tagga.tech" />
+	<target host="tagp.co" />
+	<target host="tagpr.me" />
+	<target host="tahbilk.club" />
+	<target host="taheerah.com" />
+	<target host="tahoepo.st" />
+	<target host="tahoesha.re" />
+	<target host="tahoeti.me" />
+	<target host="tail.gr" />
+	<target host="tailored.im" />
+	<target host="taily.tips" />
+	<target host="taipei.lol" />
+	<target host="taiyaki.online" />
+	<target host="takeda.info" />
+	<target host="takl.it" />
+	<target host="tako8.jp" />
+	<target host="takou.co" />
+	<target host="taktikhd.ml" />
+	<target host="takura.me" />
+	<target host="tal.gs" />
+	<target host="talam.as" />
+	<target host="taleather.co" />
+	<target host="talen.city" />
+	<target host="talentcorp.my" />
+	<target host="talesblog.me" />
+	<target host="talis.co" />
+	<target host="talitha.co" />
+	<target host="talkes.in" />
+	<target host="talkw.me" />
+	<target host="talli.ca" />
+	<target host="tallman.tires" />
+	<target host="tally-ho.me" />
+	<target host="talon.bz" />
+	<target host="talrt.co" />
+	<target host="taltak.com" />
+	<target host="talun.co" />
+	<target host="tamar.me" />
+	<target host="tamas.ws" />
+	<target host="tambor.me" />
+	<target host="tameflow.zone" />
+	<target host="tamh.sc" />
+	<target host="tamingte.ch" />
+	<target host="tampi.co" />
+	<target host="tamu.ag" />
+	<target host="tandem.ngo" />
+	<target host="tandl.me" />
+	<target host="tangkulaktv.ml" />
+	<target host="tangoc.co" />
+	<target host="tanis.tk" />
+	<target host="tanque.tk" />
+	<target host="tanstt.me" />
+	<target host="tantalus.news" />
+	<target host="tantrum.surf" />
+	<target host="tanya.bz" />
+	<target host="tap.cr" />
+	<target host="tap.tc" />
+	<target host="tap2.watch" />
+	<target host="tapclicks.io" />
+	<target host="tapd.it" />
+	<target host="tapper.us" />
+	<target host="tapps.us" />
+	<target host="tapsfam.org" />
+	<target host="taradee.me" />
+	<target host="tarful.me" />
+	<target host="targetme.vn" />
+	<target host="targus.co" />
+	<target host="targz.link" />
+	<target host="tarynwil.li" />
+	<target host="tas-nl.nl" />
+	<target host="taskp.se" />
+	<target host="tasliemkids.tk" />
+	<target host="tassl.cz" />
+	<target host="taste.md" />
+	<target host="tasty.network" />
+	<target host="tatadocomo.in" />
+	<target host="tati.io" />
+	<target host="tatran.co" />
+	<target host="taupe.cat" />
+	<target host="taviport.co" />
+	<target host="tavowatches.co" />
+	<target host="tavr.es" />
+	<target host="tavtazani.id" />
+	<target host="tawa.us" />
+	<target host="tawke.rs" />
+	<target host="tax.foundation" />
+	<target host="tax.gd" />
+	<target host="taxga.in" />
+	<target host="tay4k.ml" />
+	<target host="tayhop.com" />
+	<target host="taylrm.sn" />
+	<target host="tayroc.co" />
+	<target host="tays.wf" />
+	<target host="tayt.im" />
+	<target host="tazam.id" />
+	<target host="tazte.ch" />
+	<target host="tb.cafe" />
+	<target host="tb9.com" />
+	<target host="tbag.net" />
+	<target host="tbarato.tk" />
+	<target host="tbarta.de" />
+	<target host="tbb.link" />
+	<target host="tbbcoa.ch" />
+	<target host="tbbhd.me" />
+	<target host="tbbl.biz" />
+	<target host="tbbt.eu" />
+	<target host="tbc.social" />
+	<target host="tbcg.co" />
+	<target host="tbcn.es" />
+	<target host="tbcpub.com" />
+	<target host="tbdd.be" />
+	<target host="tbds.ga" />
+	<target host="tbear.me" />
+	<target host="tbfm.uk" />
+	<target host="tbg.cm" />
+	<target host="tbggn.click" />
+	<target host="tbgl.pw" />
+	<target host="tbgl.us" />
+	<target host="tbh.io" />
+	<target host="tbiddy.com" />
+	<target host="tbig.info" />
+	<target host="tbl.co" />
+	<target host="tbl.today" />
+	<target host="tbldr.co" />
+	<target host="tblk.co" />
+	<target host="tbnet.me" />
+	<target host="tbnm.co" />
+	<target host="tboo.la" />
+	<target host="tbop.co" />
+	<target host="tbox.im" />
+	<target host="tbp.im" />
+	<target host="tbr.mx" />
+	<target host="tbr.rocks" />
+	<target host="tbs.bs" />
+	<target host="tbs.one" />
+	<target host="tbtlr.co" />
+	<target host="tbulo.us" />
+	<target host="tbunkers.com" />
+	<target host="tbwtd.xyz" />
+	<target host="tbx.re" />
+	<target host="tcancer.org" />
+	<target host="tcap.tl" />
+	<target host="tcat.tc" />
+	<target host="tcb.fyi" />
+	<target host="tcblg.ca" />
+	<target host="tcbm.ag" />
+	<target host="tcc.xyz" />
+	<target host="tccne.ws" />
+	<target host="tcd.link" />
+	<target host="tcdg.co" />
+	<target host="tcdy.co" />
+	<target host="tcedu.us" />
+	<target host="tcg.fyi" />
+	<target host="tcgcom.me" />
+	<target host="tcgeek.tk" />
+	<target host="tcgrille.co" />
+	<target host="tcgroup.me" />
+	<target host="tch.ae" />
+	<target host="tchak.link" />
+	<target host="tchkr.us" />
+	<target host="tchlcs.com" />
+	<target host="tchlp.com" />
+	<target host="tchmr.co" />
+	<target host="tchmrk.co" />
+	<target host="tchni.ca" />
+	<target host="tchpd.co" />
+	<target host="tchq.co" />
+	<target host="tchr.ca" />
+	<target host="tchrts.co" />
+	<target host="tchst.gs" />
+	<target host="tci.to" />
+	<target host="tcin.co" />
+	<target host="tck.st" />
+	<target host="tcko.us" />
+	<target host="tckts.me" />
+	<target host="tclr.se" />
+	<target host="tcm.ag" />
+	<target host="tcninfo.com" />
+	<target host="tcol.es" />
+	<target host="tcp.com.de" />
+	<target host="tcp.fyi" />
+	<target host="tcp.pics" />
+	<target host="tcpf.co" />
+	<target host="tcpu.io" />
+	<target host="tcr.bz" />
+	<target host="tcreativo.es" />
+	<target host="tcrn.ch" />
+	<target host="tcsa.co" />
+	<target host="tcsl.co" />
+	<target host="tctmag.me" />
+	<target host="tcupra.com" />
+	<target host="tcwlink.com" />
+	<target host="tczn.ro" />
+	<target host="td10.us" />
+	<target host="tdata.link" />
+	<target host="tday.ly" />
+	<target host="tdc.me" />
+	<target host="tdclinks.co" />
+	<target host="tdcv.us" />
+	<target host="tddhq.com" />
+	<target host="tde.bz" />
+	<target host="tdef.co" />
+	<target host="tdf.gd" />
+	<target host="tdg.bz" />
+	<target host="tdg.im" />
+	<target host="tdgar.de" />
+	<target host="tdgfit.co" />
+	<target host="tdhur.st" />
+	<target host="tdic.click" />
+	<target host="tdig.it" />
+	<target host="tdill.co" />
+	<target host="tdk.jp" />
+	<target host="tdlab.co" />
+	<target host="tdm.ag" />
+	<target host="tdman.us" />
+	<target host="tdnvl.me" />
+	<target host="tdog-short.link" />
+	<target host="tdog.co" />
+	<target host="tdog.yt" />
+	<target host="tdok.co" />
+	<target host="tdp.life" />
+	<target host="tdpf.co" />
+	<target host="tdr.network" />
+	<target host="tdre.me" />
+	<target host="tds.gs" />
+	<target host="tdsc.click" />
+	<target host="tdstore.link" />
+	<target host="tdv23.co" />
+	<target host="tdvri.es" />
+	<target host="tdy.sg" />
+	<target host="tdydlz.com" />
+	<target host="te-am.co" />
+	<target host="te.lenot.es" />
+	<target host="teach.al" />
+	<target host="teach1.today" />
+	<target host="teachmonster.co" />
+	<target host="teachr.co" />
+	<target host="teachseo.co" />
+	<target host="teachstart.co" />
+	<target host="teads.show" />
+	<target host="teafil.ms" />
+	<target host="team8.voz48.xyz" />
+	<target host="teamfear.hk" />
+	<target host="teamfitfun.ky" />
+	<target host="teamles.co" />
+	<target host="teampace.co" />
+	<target host="teamstre.am" />
+	<target host="tear.ong" />
+	<target host="tebb.es" />
+	<target host="tec.hm" />
+	<target host="tec.rigoni.org" />
+	<target host="tech.bz" />
+	<target host="tech2it.info" />
+	<target host="techblo.gr" />
+	<target host="techchir.ag" />
+	<target host="techiebud.me" />
+	<target host="techin.asia" />
+	<target host="techin.ch" />
+	<target host="techli.la" />
+	<target host="techmw.st" />
+	<target host="technor.ms" />
+	<target host="technotunes.ga" />
+	<target host="techsign.in" />
+	<target host="techta.sk" />
+	<target host="techtoy.tk" />
+	<target host="techtry.in" />
+	<target host="techtun.es" />
+	<target host="techwat.ch" />
+	<target host="tecl.ink" />
+	<target host="teclan.co" />
+	<target host="tecm.co" />
+	<target host="tecmobowl.co" />
+	<target host="ted.vc" />
+	<target host="tedrub.in" />
+	<target host="tedx.tk" />
+	<target host="tedxa.ms" />
+	<target host="tedxth.es" />
+	<target host="teemi.us" />
+	<target host="teenclub.webcam" />
+	<target host="teessi.de" />
+	<target host="teeth.pk" />
+	<target host="teign.fitness" />
+	<target host="teimp.de" />
+	<target host="tek.io" />
+	<target host="tekka.in" />
+	<target host="teknews.me" />
+	<target host="teknoport.cc" />
+	<target host="tel3.co" />
+	<target host="tele.sh" />
+	<target host="teleci.ne" />
+	<target host="telecurso.tc" />
+	<target host="telejec.tv" />
+	<target host="telemovie.tk" />
+	<target host="telepacifi.co" />
+	<target host="telf.az" />
+	<target host="telw.in" />
+	<target host="telz.io" />
+	<target host="tem.mn" />
+	<target host="tempo.juegos" />
+	<target host="ten.fo" />
+	<target host="ten2nd.com" />
+	<target host="ten99.us" />
+	<target host="tendermaker.eu" />
+	<target host="tendo.cm" />
+	<target host="tengrak.ml" />
+	<target host="tengu.cf" />
+	<target host="tenis.cc" />
+	<target host="tenpropgui.de" />
+	<target host="tensharp.info" />
+	<target host="tenta.co" />
+	<target host="tentmakers.us" />
+	<target host="tentyp.es" />
+	<target host="teodoro.ml" />
+	<target host="teqrt.io" />
+	<target host="ter.ooo" />
+	<target host="teraction.link" />
+	<target host="terati.me" />
+	<target host="tere.be" />
+	<target host="tere.co" />
+	<target host="tereva.pro" />
+	<target host="terezakis.im" />
+	<target host="teri4kinhd.ml" />
+	<target host="term.li" />
+	<target host="termurl.cf" />
+	<target host="termy.me" />
+	<target host="terra.ink" />
+	<target host="terra.tattoo" />
+	<target host="terrain.jp" />
+	<target host="terri.es" />
+	<target host="terri.im" />
+	<target host="terriann.me" />
+	<target host="tescoba.by" />
+	<target host="tesia.me" />
+	<target host="test.fail" />
+	<target host="test.flbx.io" />
+	<target host="test.lasnik.net" />
+	<target host="test.mcg.me" />
+	<target host="test.qrlott.com" />
+	<target host="test.retwt.me" />
+	<target host="test.wandt.us" />
+	<target host="testdomainme.tk" />
+	<target host="testy.ayz.pl" />
+	<target host="tesu.social" />
+	<target host="tetek.ga" />
+	<target host="teutulus.ml" />
+	<target host="texas.mn" />
+	<target host="textc.io" />
+	<target host="textvoice.jp" />
+	<target host="teyt.in" />
+	<target host="tez-tour.gr" />
+	<target host="tf8.com.au" />
+	<target host="tfa.codes" />
+	<target host="tfal.me" />
+	<target host="tfas.co" />
+	<target host="tfaysn.com" />
+	<target host="tfc.nyc" />
+	<target host="tfd.bz" />
+	<target host="tfd.is" />
+	<target host="tfexplorevr.com" />
+	<target host="tfg.li" />
+	<target host="tfg.tips" />
+	<target host="tfgo.de" />
+	<target host="tfi.io" />
+	<target host="tfi.sh" />
+	<target host="tfir.es" />
+	<target host="tfish.us" />
+	<target host="tfit.ch" />
+	<target host="tfl.to" />
+	<target host="tfox.us" />
+	<target host="tfpr.in" />
+	<target host="tfra.me" />
+	<target host="tfs.bz" />
+	<target host="tfs.me" />
+	<target host="tft.link" />
+	<target host="tftmo.de" />
+	<target host="tftv.co" />
+	<target host="tfw.gr" />
+	<target host="tgablog.com" />
+	<target host="tgam.ca" />
+	<target host="tgau.co" />
+	<target host="tgav.in" />
+	<target host="tgbl.co" />
+	<target host="tgc.tips" />
+	<target host="tgcafe.it" />
+	<target host="tgchat.ru" />
+	<target host="tgcol.com" />
+	<target host="tgd.co" />
+	<target host="tgdn.co" />
+	<target host="tgerd.es" />
+	<target host="tgf.ngo" />
+	<target host="tgk.social" />
+	<target host="tglb.it" />
+	<target host="tglx.gq" />
+	<target host="tgods.co" />
+	<target host="tgrdn.co" />
+	<target host="tgry.ph" />
+	<target host="tgtap.com" />
+	<target host="tgtf.net" />
+	<target host="tgwk.co" />
+	<target host="thad.me" />
+	<target host="thai.vi" />
+	<target host="thaq.co" />
+	<target host="thauv.in" />
+	<target host="thav.is" />
+	<target host="thaws.me" />
+	<target host="thayminhphu.com" />
+	<target host="thc.vc" />
+	<target host="thcpbe.es" />
+	<target host="thd.co" />
+	<target host="thd90.com" />
+	<target host="thdr.re" />
+	<target host="the-life.ws" />
+	<target host="the-rad.co" />
+	<target host="the.alias.black" />
+	<target host="the.blvr.org" />
+	<target host="the.cr" />
+	<target host="the.erolair.com" />
+	<target host="the.fact.is" />
+	<target host="the.fndtn.com" />
+	<target host="the.geaux.co" />
+	<target host="the.giant.is" />
+	<target host="the.goldin.gs" />
+	<target host="the.grrmbox.com" />
+	<target host="the.ntis.co" />
+	<target host="the.osint.ninja" />
+	<target host="the.punkae.com" />
+	<target host="the.realb.it" />
+	<target host="the.shpa.org.au" />
+	<target host="the.shrn.co" />
+	<target host="the.wpguy.info" />
+	<target host="the23.co" />
+	<target host="the93q.com" />
+	<target host="theacc.co" />
+	<target host="theag.com" />
+	<target host="thealth.tw" />
+	<target host="theam.cn" />
+	<target host="theamark.co" />
+	<target host="theapex.link" />
+	<target host="thearctic.in" />
+	<target host="theatln.tc" />
+	<target host="theatr.net" />
+	<target host="theaud.us" />
+	<target host="theaus.in" />
+	<target host="theauthori.com" />
+	<target host="theaword.co.uk" />
+	<target host="theb.fi" />
+	<target host="theb.io" />
+	<target host="theb.me" />
+	<target host="thebark.us" />
+	<target host="thebassi.st" />
+	<target host="thebea.st" />
+	<target host="thebestirs.co" />
+	<target host="theboss.news" />
+	<target host="thebrauha.us" />
+	<target host="thebuch.xyz" />
+	<target host="theburrow.club" />
+	<target host="thecake.co" />
+	<target host="thecelebrato.rs" />
+	<target host="thecha.pl" />
+	<target host="thechroma.cloud" />
+	<target host="thecjm.me" />
+	<target host="thecloudf.es" />
+	<target host="theco-op.ca" />
+	<target host="thecottages.me" />
+	<target host="thecs.me" />
+	<target host="thecurvy.me" />
+	<target host="thecut.io" />
+	<target host="thecx.pro" />
+	<target host="thed.cc" />
+	<target host="thedjs.be" />
+	<target host="thedo.do" />
+	<target host="theduffel.co" />
+	<target host="thee.design" />
+	<target host="theeld.com" />
+	<target host="theeli.st" />
+	<target host="thef.am" />
+	<target host="thef.net" />
+	<target host="thef.no" />
+	<target host="thefarmers.dog" />
+	<target host="thefemin.co" />
+	<target host="theferf.com" />
+	<target host="thefifthco.com" />
+	<target host="thefra.me" />
+	<target host="thefrye.co" />
+	<target host="theftfp.co" />
+	<target host="thefun.gs" />
+	<target host="thegaz.co" />
+	<target host="thegaz.us" />
+	<target host="thegenx.tech" />
+	<target host="theglade.ch" />
+	<target host="theglg.co" />
+	<target host="theglw.co" />
+	<target host="thegol.dk" />
+	<target host="thegspl.co" />
+	<target host="thegunwire.tw" />
+	<target host="theh.gr" />
+	<target host="thehope.dm" />
+	<target host="thehrd.co" />
+	<target host="theid.co" />
+	<target host="theideas.agency" />
+	<target host="theiosdu.de" />
+	<target host="thejackal.co" />
+	<target host="thejam.es" />
+	<target host="thejoshc.us" />
+	<target host="thejuju.work" />
+	<target host="thelastofus.ga" />
+	<target host="thelc.ms" />
+	<target host="thelily.news" />
+	<target host="thelinks.me" />
+	<target host="thema.sh" />
+	<target host="thematt.net" />
+	<target host="themcmethod.net" />
+	<target host="themes.nyc" />
+	<target host="themins.co" />
+	<target host="themoviedb.ga" />
+	<target host="themuslimvi.be" />
+	<target host="thencs.org" />
+	<target host="thenext.immo" />
+	<target host="thenw.co" />
+	<target host="theo.barcelona" />
+	<target host="theoasisfe.st" />
+	<target host="theol.mx" />
+	<target host="theolo.gy" />
+	<target host="theono.my" />
+	<target host="theopdv.cf" />
+	<target host="thepo.me" />
+	<target host="thepoet.co" />
+	<target host="theporti.co" />
+	<target host="theprosp.ec" />
+	<target host="theprov.in" />
+	<target host="thepublic.nyc" />
+	<target host="thepulp.me" />
+	<target host="thepv.ml" />
+	<target host="theraide.rs" />
+	<target host="therd.co" />
+	<target host="there.al" />
+	<target host="therea.co" />
+	<target host="therug.co" />
+	<target host="therymovie.ml" />
+	<target host="thesco.re" />
+	<target host="thescpn.org" />
+	<target host="thesd.co" />
+	<target host="theshoppingb.ag" />
+	<target host="thesmh.co" />
+	<target host="thesn.ug" />
+	<target host="thesne.ws" />
+	<target host="thesolems.com" />
+	<target host="thesound.la" />
+	<target host="thesti.ng" />
+	<target host="thestoryex.ch" />
+	<target host="thestripe.me" />
+	<target host="thesysint.com" />
+	<target host="thetacom.click" />
+	<target host="thetim.es" />
+	<target host="thetqp.com" />
+	<target host="thetradi.es" />
+	<target host="thetrinity.ch" />
+	<target host="thets.co" />
+	<target host="theturtle.mobi" />
+	<target host="thetvdb.cf" />
+	<target host="thetvdb.ml" />
+	<target host="thetwo.one" />
+	<target host="theu.be" />
+	<target host="theurb.co" />
+	<target host="theva.in" />
+	<target host="thevgn.co" />
+	<target host="thevgncnr.co" />
+	<target host="thevi.ps" />
+	<target host="thevl.co" />
+	<target host="thewatch.ga" />
+	<target host="thewave.online" />
+	<target host="theweek.io" />
+	<target host="thewell.cc" />
+	<target host="thewi.uk" />
+	<target host="thewirel.es" />
+	<target host="thewoodstone.co" />
+	<target host="thex.academy" />
+	<target host="theybf.me" />
+	<target host="thflm.ch" />
+	<target host="thght.works" />
+	<target host="thiago.coach" />
+	<target host="thiagojdi.tk" />
+	<target host="thick.ly" />
+	<target host="thin.es" />
+	<target host="thinka.be" />
+	<target host="thinkbiggr.in" />
+	<target host="thinkcer.ca" />
+	<target host="thinkerin.gs" />
+	<target host="thinkfun.co" />
+	<target host="thinkpo.st" />
+	<target host="thinline.style" />
+	<target host="third.li" />
+	<target host="third.lv" />
+	<target host="thirstpro.je" />
+	<target host="thirum.al" />
+	<target host="this.wirks.be" />
+	<target host="thisadhd.life" />
+	<target host="thisclick.ml" />
+	<target host="thishome.rocks" />
+	<target host="thisisj.co" />
+	<target host="thisisnext.io" />
+	<target host="thisopen.space" />
+	<target host="thiswhole.city" />
+	<target host="thjpeg.com" />
+	<target host="thkk.nl" />
+	<target host="thmp.tk" />
+	<target host="thnk.as" />
+	<target host="thnk.cc" />
+	<target host="thnk.gr" />
+	<target host="thnkc.de" />
+	<target host="thnkngof.gd" />
+	<target host="thnkor.ng" />
+	<target host="thnt.uk" />
+	<target host="tho.lu" />
+	<target host="thom.sn" />
+	<target host="thom.tips" />
+	<target host="thomasnet.co" />
+	<target host="thomassa.bo" />
+	<target host="thompson4.com" />
+	<target host="thomsprn.nl" />
+	<target host="thonly.net" />
+	<target host="thost.link" />
+	<target host="thowell.co" />
+	<target host="thpb.co" />
+	<target host="thr.by" />
+	<target host="thrd.ly" />
+	<target host="thrds.io" />
+	<target host="thrdwy.org" />
+	<target host="thri.se" />
+	<target host="thrive.insure" />
+	<target host="thrivingsyn.com" />
+	<target host="thrl.cl" />
+	<target host="thrl.st" />
+	<target host="thrmwr.nl" />
+	<target host="throne.vip" />
+	<target host="thrownst.one" />
+	<target host="thrpa.co" />
+	<target host="thrv.be" />
+	<target host="thrv.co" />
+	<target host="thrv.in" />
+	<target host="thsa.co" />
+	<target host="thsafshp.uk" />
+	<target host="thsea.org" />
+	<target host="thsh.re" />
+	<target host="thtc.io" />
+	<target host="thtes.co" />
+	<target host="thugs.me" />
+	<target host="thul.im" />
+	<target host="thul.in" />
+	<target host="thul.me" />
+	<target host="thumb.tk" />
+	<target host="thump.com.de" />
+	<target host="thundrt.ch" />
+	<target host="thurmaneds.info" />
+	<target host="thvideo.us" />
+	<target host="thvo.me" />
+	<target host="thw.re" />
+	<target host="thwskr.com" />
+	<target host="thyperadvsr.com" />
+	<target host="ti.me" />
+	<target host="tiac.my" />
+	<target host="tiba.es" />
+	<target host="tibco.cm" />
+	<target host="tibh.it" />
+	<target host="tibia.pk" />
+	<target host="tic.tl" />
+	<target host="tic.to" />
+	<target host="tick.net" />
+	<target host="ticketf.ly" />
+	<target host="ticketm.mx" />
+	<target host="tickt.cc" />
+	<target host="ticm.ag" />
+	<target host="tid.bl.it" />
+	<target host="tidal.is" />
+	<target host="tie.li" />
+	<target host="tieclip.it" />
+	<target host="tiendatdang.tk" />
+	<target host="tierhe.im" />
+	<target host="tierney.me" />
+	<target host="tif.li" />
+	<target host="tifg.co" />
+	<target host="tige.rs" />
+	<target host="tiger.tt" />
+	<target host="tigermobil.es" />
+	<target host="tigh.co" />
+	<target host="tigm.io" />
+	<target host="tigo.org" />
+	<target host="tigt.ag" />
+	<target host="tihq.co.uk" />
+	<target host="tihq.uk" />
+	<target host="tijhu.is" />
+	<target host="tijs.co" />
+	<target host="tik8.co" />
+	<target host="tiksn.net" />
+	<target host="tikti.kr" />
+	<target host="til.ink" />
+	<target host="til.link" />
+	<target host="tim.ly" />
+	<target host="tim7.us" />
+	<target host="timd.tk" />
+	<target host="timecapsules.uk" />
+	<target host="times.futbol" />
+	<target host="timesav.de" />
+	<target host="timgrey.me" />
+	<target host="timidourl.ml" />
+	<target host="timidurl.tk" />
+	<target host="timperis.co" />
+	<target host="timpho.to" />
+	<target host="timr.fyi" />
+	<target host="timrul.es" />
+	<target host="tims.tk" />
+	<target host="timt.biz" />
+	<target host="timt.la" />
+	<target host="timu.fyi" />
+	<target host="timun.ml" />
+	<target host="tin100.nz" />
+	<target host="tina.bz" />
+	<target host="tinapacheco.art" />
+	<target host="tinde.rs" />
+	<target host="tinder.pt" />
+	<target host="tinker.cr" />
+	<target host="tinnivi.co" />
+	<target host="tinogom.es" />
+	<target host="tiny.mn" />
+	<target host="tiny.talon.one" />
+	<target host="tinybldc.com" />
+	<target host="tinyblue.co" />
+	<target host="tinybt.org" />
+	<target host="tinyco.re" />
+	<target host="tinyims.co" />
+	<target host="tinyki.fr.nf" />
+	<target host="tinyl.aw" />
+	<target host="tinylls.com" />
+	<target host="tinylnx.us" />
+	<target host="tinylx.ml" />
+	<target host="tinymt.com" />
+	<target host="tinyp.in" />
+	<target host="tinyrio.com" />
+	<target host="tinyvs.in" />
+	<target host="tiona.ch" />
+	<target host="tip.schohl.de" />
+	<target host="tiph.co" />
+	<target host="tipikatipiki.tk" />
+	<target host="tipp.fm" />
+	<target host="tippps.de" />
+	<target host="tippr.in" />
+	<target host="tipps.co" />
+	<target host="tipsyelv.es" />
+	<target host="tiptec.pw" />
+	<target host="tique.cc" />
+	<target host="tira.li" />
+	<target host="tirabyt.es" />
+	<target host="tiratu.yoyo.do" />
+	<target host="tired.bz" />
+	<target host="tiri.co" />
+	<target host="tisr.am" />
+	<target host="titan.pm" />
+	<target host="titanica.org" />
+	<target host="titb.com" />
+	<target host="titchy.me" />
+	<target host="tittaeps.tk" />
+	<target host="tiup.in" />
+	<target host="tiv.re" />
+	<target host="tivg.pw" />
+	<target host="tivo.ga" />
+	<target host="tivo.li" />
+	<target host="tiwyaw.com" />
+	<target host="tix.sa-pac.com" />
+	<target host="tix.spybar.club" />
+	<target host="tixco.co" />
+	<target host="tixdis.co" />
+	<target host="tixfast.com" />
+	<target host="tixs.ee" />
+	<target host="tixx.it" />
+	<target host="tizen.ly" />
+	<target host="tj.cx" />
+	<target host="tj2.me" />
+	<target host="tja.re" />
+	<target host="tjbr.dk" />
+	<target host="tjc.cc" />
+	<target host="tjc4.com" />
+	<target host="tjmart.in" />
+	<target host="tjmat.ch" />
+	<target host="tjmc.co" />
+	<target host="tjn.nz" />
+	<target host="tjns.in" />
+	<target host="tjo.me" />
+	<target host="tjour.nl" />
+	<target host="tjstst.co" />
+	<target host="tjw.world" />
+	<target host="tk.nice4web.com" />
+	<target host="tkbr.me" />
+	<target host="tkc.church" />
+	<target host="tkdk.la" />
+	<target host="tkds.co" />
+	<target host="tke.co" />
+	<target host="tkerb.me" />
+	<target host="tkfa.st" />
+	<target host="tkg.social" />
+	<target host="tkjs.us" />
+	<target host="tklf.me" />
+	<target host="tkln.io" />
+	<target host="tkmag.co" />
+	<target host="tkno.ir" />
+	<target host="tkno.pw" />
+	<target host="tknr.me" />
+	<target host="tkpk.me" />
+	<target host="tkse.us" />
+	<target host="tksu.de" />
+	<target host="tkto.cc" />
+	<target host="tkto.tk" />
+	<target host="tkts.us" />
+	<target host="tktwb.tw" />
+	<target host="tkweb.nl" />
+	<target host="tkwy.st" />
+	<target host="tkylndry.uk" />
+	<target host="tl2.runicgam.es" />
+	<target host="tlab.me" />
+	<target host="tlbh.uk" />
+	<target host="tlbiz.co" />
+	<target host="tlchf.uk" />
+	<target host="tlcpl.org" />
+	<target host="tldis.it" />
+	<target host="tldr.pw" />
+	<target host="tle.la" />
+	<target host="tlee.co" />
+	<target host="tlfc.co" />
+	<target host="tlh.auction" />
+	<target host="tli.news" />
+	<target host="tlitokc.com" />
+	<target host="tlj.mx" />
+	<target host="tlkm.link" />
+	<target host="tlkto.me" />
+	<target host="tll.sg" />
+	<target host="tll2.us" />
+	<target host="tllntd.co" />
+	<target host="tlly.co" />
+	<target host="tlm.is" />
+	<target host="tlmag.co" />
+	<target host="tlmdo.co" />
+	<target host="tlng.net" />
+	<target host="tlnnews.ga" />
+	<target host="tlnt.at" />
+	<target host="tlodge.com" />
+	<target host="tlolink.com" />
+	<target host="tloth.cc" />
+	<target host="tlou.gq" />
+	<target host="tlpaines.co.uk" />
+	<target host="tlprt.cz" />
+	<target host="tlrd.co" />
+	<target host="tlrd.net" />
+	<target host="tlrd.us" />
+	<target host="tlrk.it" />
+	<target host="tlrs.mk" />
+	<target host="tls.al" />
+	<target host="tlsb.io" />
+	<target host="tlsel.it" />
+	<target host="tlshar.es" />
+	<target host="tlsi.co" />
+	<target host="tlsur.net" />
+	<target host="tlt.rocks" />
+	<target host="tltp.io" />
+	<target host="tlu.yt" />
+	<target host="tlx.de" />
+	<target host="tly.mx" />
+	<target host="tm-b.org" />
+	<target host="tm.niklas.us" />
+	<target host="tm.techmens.com" />
+	<target host="tma.ong" />
+	<target host="tma.tips" />
+	<target host="tmac.ro" />
+	<target host="tmacla.me" />
+	<target host="tmag.co" />
+	<target host="tmb.fm" />
+	<target host="tmblog.co" />
+	<target host="tmbtp.co" />
+	<target host="tmc.to" />
+	<target host="tmcky.us" />
+	<target host="tmcturf.gs" />
+	<target host="tmda.kr" />
+	<target host="tmdb-series.ml" />
+	<target host="tmdb.ga" />
+	<target host="tmdb2017.ml" />
+	<target host="tmdig.media" />
+	<target host="tmdrn.com" />
+	<target host="tmed.it" />
+	<target host="tmelss.co" />
+	<target host="tmg.mc" />
+	<target host="tmg.st" />
+	<target host="tmgblog.co" />
+	<target host="tmglnk.com" />
+	<target host="tmgys.co" />
+	<target host="tmifam.ml" />
+	<target host="tmla.bz" />
+	<target host="tmldn.co" />
+	<target host="tmldr.eu" />
+	<target host="tmlive.us" />
+	<target host="tmls.sg" />
+	<target host="tmlwry.com" />
+	<target host="tmly.me" />
+	<target host="tmms.co" />
+	<target host="tmmy.me" />
+	<target host="tmn.gp" />
+	<target host="tmn.show" />
+	<target host="tmn.to" />
+	<target host="tmo.im" />
+	<target host="tmoac.xyz" />
+	<target host="tmoore.co" />
+	<target host="tmovier.me" />
+	<target host="tmoya.us" />
+	<target host="tmpc.be" />
+	<target host="tmpc.uk" />
+	<target host="tmpl.at" />
+	<target host="tmplabs.info" />
+	<target host="tmpls.xyz" />
+	<target host="tmr.vn" />
+	<target host="tmr247.click" />
+	<target host="tmr247.pw" />
+	<target host="tmrdflg.uk" />
+	<target host="tmrne.ws" />
+	<target host="tmrw.nz" />
+	<target host="tms.ms" />
+	<target host="tms.pw" />
+	<target host="tmsc.us" />
+	<target host="tmsnrt.rs" />
+	<target host="tmsw.me" />
+	<target host="tmt-blg.com" />
+	<target host="tmt-link.de" />
+	<target host="tmtl.us" />
+	<target host="tmtyl.com" />
+	<target host="tmwsne.ws" />
+	<target host="tmx.mn" />
+	<target host="tn.ckbe.at" />
+	<target host="tn.nick.com" />
+	<target host="tn9.eu" />
+	<target host="tnb.fun" />
+	<target host="tnc.io" />
+	<target host="tnd.al" />
+	<target host="tndr.lv" />
+	<target host="tndy.me" />
+	<target host="tnee.me" />
+	<target host="tnfl.co" />
+	<target host="tngld.tk" />
+	<target host="tnij.je" />
+	<target host="tnij.noop.pl" />
+	<target host="tnit.biz" />
+	<target host="tnker.in" />
+	<target host="tnl.life" />
+	<target host="tnn24.tv" />
+	<target host="tnne.ws" />
+	<target host="tnooz.co" />
+	<target host="tnrt.link" />
+	<target host="tns.fm" />
+	<target host="tns.tips" />
+	<target host="tnsm.co" />
+	<target host="tnsn.de" />
+	<target host="tnsne.ws" />
+	<target host="tnt.ist" />
+	<target host="tntiny.com" />
+	<target host="tntra.co" />
+	<target host="tntw.lv" />
+	<target host="tnw.to" />
+	<target host="tnwt.co" />
+	<target host="tny.be" />
+	<target host="tny.bz" />
+	<target host="tnyjtpk.com" />
+	<target host="tnyn.gs" />
+	<target host="to-ne.eu" />
+	<target host="to-watching.cf" />
+	<target host="to.44doors.com" />
+	<target host="to.4travel.jp" />
+	<target host="to.5hd.co" />
+	<target host="to.971.gr" />
+	<target host="to.actify.nl" />
+	<target host="to.aetn.org" />
+	<target host="to.akima.de" />
+	<target host="to.appinvit.es" />
+	<target host="to.arvindsa.com" />
+	<target host="to.axanite.net" />
+	<target host="to.azk.io" />
+	<target host="to.balikita.com" />
+	<target host="to.bradm.co.uk" />
+	<target host="to.buzka.me" />
+	<target host="to.cco.re" />
+	<target host="to.cluff.me" />
+	<target host="to.continue.su" />
+	<target host="to.custcomm.net" />
+	<target host="to.d2pics.com" />
+	<target host="to.dailey.io" />
+	<target host="to.dbsi-inc.com" />
+	<target host="to.didi.web.id" />
+	<target host="to.dmus.fr" />
+	<target host="to.docuvita.de" />
+	<target host="to.drrtyr.mx" />
+	<target host="to.ecko.me" />
+	<target host="to.edcs.me" />
+	<target host="to.ehow.com" />
+	<target host="to.faearch.me" />
+	<target host="to.flaviar.com" />
+	<target host="to.flipjam.me" />
+	<target host="to.fox6now.com" />
+	<target host="to.free-elor.ml" />
+	<target host="to.giana.im" />
+	<target host="to.goto.team" />
+	<target host="to.graylog.org" />
+	<target host="to.gvlden.com" />
+	<target host="to.hamaka.nl" />
+	<target host="to.housser.ca" />
+	<target host="to.iag.me" />
+	<target host="to.incridea.com" />
+	<target host="to.iq.pl" />
+	<target host="to.iqbaby.tw" />
+	<target host="to.jetpens.com" />
+	<target host="to.jkohl.com" />
+	<target host="to.joshmal.in" />
+	<target host="to.jshb.me" />
+	<target host="to.junkpit.net" />
+	<target host="to.justpark.com" />
+	<target host="to.justpitch.me" />
+	<target host="to.kisty.net" />
+	<target host="to.kpmg.nl" />
+	<target host="to.kras.nl" />
+	<target host="to.lab701.nl" />
+	<target host="to.larisia.com" />
+	<target host="to.leglise.ca" />
+	<target host="to.leif.me" />
+	<target host="to.liftrep.com" />
+	<target host="to.luxuryre.ca" />
+	<target host="to.m30.ovh" />
+	<target host="to.mdtrttr.com" />
+	<target host="to.merific.com" />
+	<target host="to.mher.pro" />
+	<target host="to.morecar.es" />
+	<target host="to.morritech.co" />
+	<target host="to.mrees.com" />
+	<target host="to.naakbar.com" />
+	<target host="to.neer.pro" />
+	<target host="to.newsdesk.pm" />
+	<target host="to.noop.pw" />
+	<target host="to.npsopa.co.uk" />
+	<target host="to.nwyj.org" />
+	<target host="to.oc-x.jp" />
+	<target host="to.ocgp.org" />
+	<target host="to.omy.fr" />
+	<target host="to.onpblog.com" />
+	<target host="to.optune.me" />
+	<target host="to.pbs.org" />
+	<target host="to.piola.fr" />
+	<target host="to.pivotce.com" />
+	<target host="to.psu.fyi" />
+	<target host="to.qmcpl.ml" />
+	<target host="to.qrshar.es" />
+	<target host="to.raw.exchange" />
+	<target host="to.relais.com" />
+	<target host="to.roseanna.fr" />
+	<target host="to.saqqa.jo" />
+	<target host="to.satoorn.fr" />
+	<target host="to.sfox.com" />
+	<target host="to.sheidaei.com" />
+	<target host="to.shyr.io" />
+	<target host="to.smpl.de" />
+	<target host="to.spnr.de" />
+	<target host="to.suriyaa.tk" />
+	<target host="to.teamcoco.com" />
+	<target host="to.thebbz.com" />
+	<target host="to.thorp.co" />
+	<target host="to.thrivedc.org" />
+	<target host="to.titlee.fr" />
+	<target host="to.tobem.jp" />
+	<target host="to.tteggel.org" />
+	<target host="to.tui.nl" />
+	<target host="to.twngo.xyz" />
+	<target host="to.verbund.com" />
+	<target host="to.vpnrevie.ws" />
+	<target host="to.wgby.org" />
+	<target host="to.wttw.com" />
+	<target host="to.xploray.com" />
+	<target host="to.zdp.us" />
+	<target host="to3.si" />
+	<target host="to74977.com" />
+	<target host="to8.jp" />
+	<target host="tob.ac" />
+	<target host="tobethe.church" />
+	<target host="tobuy.info" />
+	<target host="tobyr.uk" />
+	<target host="todayct.us" />
+	<target host="todayidol.id" />
+	<target host="todd.in" />
+	<target host="toddle.club" />
+	<target host="toddm.us" />
+	<target host="todds.me" />
+	<target host="toddwi.lk" />
+	<target host="toddwilson.us" />
+	<target host="tode.io" />
+	<target host="tofranco.site" />
+	<target host="togbc.com" />
+	<target host="toh.fyi" />
+	<target host="tohvn.com" />
+	<target host="toignite.co" />
+	<target host="tojobs.site" />
+	<target host="tokbw.co.uk" />
+	<target host="toker.shop" />
+	<target host="tokofbku.co" />
+	<target host="toky.one" />
+	<target host="tol.bz" />
+	<target host="tolrod.co" />
+	<target host="tom.gr" />
+	<target host="tom.lc" />
+	<target host="tom.ms" />
+	<target host="tomas.pw" />
+	<target host="tombe.by" />
+	<target host="tombot.ch" />
+	<target host="tomd.co" />
+	<target host="tomf.me" />
+	<target host="tomh.co" />
+	<target host="tomm.my" />
+	<target host="tomnapl.es" />
+	<target host="tomril.co" />
+	<target host="toms.it" />
+	<target host="toms.sh" />
+	<target host="tomsent.me" />
+	<target host="tomstine.one" />
+	<target host="tomy.to" />
+	<target host="tomz.me" />
+	<target host="tondel.li" />
+	<target host="tonekk.de" />
+	<target host="tony.ma" />
+	<target host="tonyc.me" />
+	<target host="tonyr.co" />
+	<target host="tonyte.ch" />
+	<target host="too.bz" />
+	<target host="too.lazy.bz" />
+	<target host="toodsuit.com" />
+	<target host="tool.fyi" />
+	<target host="tools.coach" />
+	<target host="tooltester.de" />
+	<target host="toos.ml" />
+	<target host="top-airing.ml" />
+	<target host="top-youtube.ga" />
+	<target host="top.alovi.ch" />
+	<target host="top100bo.com" />
+	<target host="top10supps.com" />
+	<target host="topagents.life" />
+	<target host="topb.co" />
+	<target host="topbgt.co.vu" />
+	<target host="topceo.co" />
+	<target host="topcodr.co" />
+	<target host="topdown.co" />
+	<target host="topdz.in" />
+	<target host="topf5.com" />
+	<target host="topk.me" />
+	<target host="topmedia.link" />
+	<target host="topmovie.ga" />
+	<target host="topmre.com" />
+	<target host="topol.in" />
+	<target host="toppr.co" />
+	<target host="toppro.tv" />
+	<target host="toprated.ga" />
+	<target host="toprated.ml" />
+	<target host="topseries.cf" />
+	<target host="topsi.fi" />
+	<target host="toptier.style" />
+	<target host="toptvshow.cf" />
+	<target host="toptvshow.gq" />
+	<target host="torchlt.jp" />
+	<target host="torea.co" />
+	<target host="torick.co" />
+	<target host="torqu.es" />
+	<target host="torrentfunk.ml" />
+	<target host="tortoise.link" />
+	<target host="torybur.ch" />
+	<target host="torymart.in" />
+	<target host="tosas4khd.ml" />
+	<target host="toshiana.info" />
+	<target host="tosi.vemzu.cz" />
+	<target host="tosi.vemzu.sk" />
+	<target host="tota.ly" />
+	<target host="total.ac" />
+	<target host="totalrtime.com" />
+	<target host="totes.cool" />
+	<target host="totexp.co" />
+	<target host="tothis.info" />
+	<target host="totsleg.it" />
+	<target host="totsukaku.tk" />
+	<target host="totvs.vc" />
+	<target host="touge.me" />
+	<target host="tourate.ch" />
+	<target host="tourismeca.com" />
+	<target host="tours.sasve.com" />
+	<target host="tow.rs" />
+	<target host="toweb.today" />
+	<target host="townre.nyc" />
+	<target host="townsq.co" />
+	<target host="townta.lk" />
+	<target host="towr.co" />
+	<target host="tox.is" />
+	<target host="toy.tl" />
+	<target host="toyaberr.yt" />
+	<target host="toyota.us" />
+	<target host="toystud.io" />
+	<target host="toyta.lk" />
+	<target host="toyzil.la" />
+	<target host="tpac.in" />
+	<target host="tpc.bike" />
+	<target host="tpc.io" />
+	<target host="tpc.tv" />
+	<target host="tpchur.ch" />
+	<target host="tpedia.li" />
+	<target host="tperkins.co" />
+	<target host="tpet.me" />
+	<target host="tpg.li" />
+	<target host="tpgimc.us" />
+	<target host="tpglnk.com" />
+	<target host="tpgs.co" />
+	<target host="tpi.news" />
+	<target host="tpia.co" />
+	<target host="tpl.to" />
+	<target host="tplcl.ca" />
+	<target host="tpllp.co" />
+	<target host="tplux.co" />
+	<target host="tpm.io" />
+	<target host="tpmn.co" />
+	<target host="tpoint.mx" />
+	<target host="tppz.it" />
+	<target host="tprci.tprci.com" />
+	<target host="tprk.us" />
+	<target host="tpros.co" />
+	<target host="tprp.eu" />
+	<target host="tps.one" />
+	<target host="tps.tips" />
+	<target host="tpshlf.co" />
+	<target host="tpsk.in" />
+	<target host="tpths.co" />
+	<target host="tptr.co" />
+	<target host="tpu.ninja" />
+	<target host="tpunk.tht.re" />
+	<target host="tpurpo.se" />
+	<target host="tpya.ps" />
+	<target host="tq.ma" />
+	<target host="tqn.me" />
+	<target host="tqs.io" />
+	<target host="tqtold.me" />
+	<target host="tquens.co" />
+	<target host="tquiet.us" />
+	<target host="tr-a.co" />
+	<target host="tr-add.com" />
+	<target host="tr.vauchar.link" />
+	<target host="tr01.co.uk" />
+	<target host="tra.visaust.in" />
+	<target host="traceja.de" />
+	<target host="track.guarva.co" />
+	<target host="track.hempel.cx" />
+	<target host="track2.fit" />
+	<target host="trackca.st" />
+	<target host="tractica.cc" />
+	<target host="traf.kr" />
+	<target host="trafam.co" />
+	<target host="trafeze.tf" />
+	<target host="tragachil.es" />
+	<target host="tramlin.es" />
+	<target host="trampol.im" />
+	<target host="tranky.org" />
+	<target host="tranphong.net" />
+	<target host="transenv.eu" />
+	<target host="transit.wtf" />
+	<target host="transplace.io" />
+	<target host="transport.ly" />
+	<target host="trap4.us" />
+	<target host="trappl.co" />
+	<target host="trapwi.re" />
+	<target host="traser.gold" />
+	<target host="trasie.ca" />
+	<target host="tratamento.in" />
+	<target host="trav.es" />
+	<target host="trav.li" />
+	<target host="trav.pt" />
+	<target host="travelba.gs" />
+	<target host="travelcb.com" />
+	<target host="travelfr.ee" />
+	<target host="travelga.me" />
+	<target host="travelocity.us" />
+	<target host="travelurl.net" />
+	<target host="travish.co" />
+	<target host="travistrue.me" />
+	<target host="travisw.net" />
+	<target host="travl.rs" />
+	<target host="travoh.co" />
+	<target host="traxpro3sp.com" />
+	<target host="traxsp.com" />
+	<target host="trb.la" />
+	<target host="trbc.media" />
+	<target host="trbd.at" />
+	<target host="trbk.it" />
+	<target host="trbna.co" />
+	<target host="trbs.it" />
+	<target host="trbt.me" />
+	<target host="trbute.co" />
+	<target host="trbx.co" />
+	<target host="trbx.me" />
+	<target host="trc.al" />
+	<target host="trcdad.org" />
+	<target host="trce.in" />
+	<target host="trd.cm" />
+	<target host="trde.it" />
+	<target host="trdf.shop" />
+	<target host="trdl.se" />
+	<target host="trdr.ly" />
+	<target host="trdsg.no" />
+	<target host="trdsofla.com" />
+	<target host="trdupd.co" />
+	<target host="tre.li" />
+	<target host="tre.mr" />
+	<target host="trea.tw" />
+	<target host="treasono.us" />
+	<target host="treatsm.ag" />
+	<target host="treb.re" />
+	<target host="tred.co" />
+	<target host="treee.es" />
+	<target host="treeoftea.de" />
+	<target host="tref.is" />
+	<target host="trek.lol" />
+	<target host="trekfm.link" />
+	<target host="trekne.ws" />
+	<target host="tremix.us" />
+	<target host="tren.media" />
+	<target host="tren.us" />
+	<target host="trendit.me" />
+	<target host="trendsal.es" />
+	<target host="trendup.xyz" />
+	<target host="trent.im" />
+	<target host="trep.link" />
+	<target host="trepup.co" />
+	<target host="tres.me" />
+	<target host="tres.vc" />
+	<target host="tres19.com" />
+	<target host="tresc.li" />
+	<target host="trevo.nfltr.co" />
+	<target host="trevouk.link" />
+	<target host="treward360.com" />
+	<target host="trey.in" />
+	<target host="trfcbty.me" />
+	<target host="trgs.ly" />
+	<target host="trh.la" />
+	<target host="trhou.se" />
+	<target host="tri.ht" />
+	<target host="tri.lojadis.tk" />
+	<target host="tri.mn" />
+	<target host="tri.nity.me" />
+	<target host="tri.pet" />
+	<target host="tri.team" />
+	<target host="trial.nivo.asia" />
+	<target host="trib.by" />
+	<target host="trib.me" />
+	<target host="tribalsho.ws" />
+	<target host="tribeof7.link" />
+	<target host="tribetn.co" />
+	<target host="tribne.ws" />
+	<target host="tribo.ninja" />
+	<target host="tribuh.ga" />
+	<target host="tribune.io" />
+	<target host="tricy.cl" />
+	<target host="tridge.co" />
+	<target host="tridoc.co" />
+	<target host="trigacy.me" />
+	<target host="trigi.li" />
+	<target host="trii.pl" />
+	<target host="trik.ro" />
+	<target host="trimm.ly" />
+	<target host="trint.it" />
+	<target host="trio.ga" />
+	<target host="trip.pm" />
+	<target host="trip30.co" />
+	<target host="tripa.cc" />
+	<target host="triparish.news" />
+	<target host="tripc.ca" />
+	<target host="triphac.kr" />
+	<target host="triplep.ly" />
+	<target host="triptable.tours" />
+	<target host="tripwire.me" />
+	<target host="trireality.net" />
+	<target host="trish.tips" />
+	<target host="trits.ch" />
+	<target host="trituns.co" />
+	<target host="trivvia.pro" />
+	<target host="triz.one" />
+	<target host="trjhstejh.tk" />
+	<target host="trk.euclead.com" />
+	<target host="trk.ukdeals.co" />
+	<target host="trkabt.com" />
+	<target host="trkcon.in" />
+	<target host="trkr.pro" />
+	<target host="trkvrl.co" />
+	<target host="trlp.st" />
+	<target host="trmn.us" />
+	<target host="trmp.co" />
+	<target host="trmr.us" />
+	<target host="trn.prj21.eu" />
+	<target host="trnd.ga" />
+	<target host="trndl.in" />
+	<target host="trnql.space" />
+	<target host="trns.fr" />
+	<target host="trns4m.co" />
+	<target host="tro.pe" />
+	<target host="trobs.me" />
+	<target host="trois.la" />
+	<target host="troiv.ml" />
+	<target host="troll.rocks" />
+	<target host="troni.me" />
+	<target host="troopsco.re" />
+	<target host="trop.ac" />
+	<target host="tropiku.lt" />
+	<target host="trose.co" />
+	<target host="trov.to" />
+	<target host="trowe.com" />
+	<target host="troy.golf" />
+	<target host="troy.hn" />
+	<target host="troya.net" />
+	<target host="troz.co" />
+	<target host="trpl.us" />
+	<target host="trpp.pl" />
+	<target host="trptld.com" />
+	<target host="trs.li" />
+	<target host="trsoluco.es" />
+	<target host="trst.pl" />
+	<target host="trstd.im" />
+	<target host="trstp.io" />
+	<target host="trstri.com" />
+	<target host="trsz.me" />
+	<target host="trt.photography" />
+	<target host="trte.ch" />
+	<target host="trtg.co" />
+	<target host="trtl.bz" />
+	<target host="trtlrm.com" />
+	<target host="trtsgtx.com" />
+	<target host="tru.fyi" />
+	<target host="tru.news" />
+	<target host="tru.vc" />
+	<target host="trucchifb.com" />
+	<target host="truckla.ws" />
+	<target host="true.mu" />
+	<target host="truecolo.rs" />
+	<target host="trueisl.am" />
+	<target host="trueloc.al" />
+	<target host="truemo.me" />
+	<target host="trueself.cafe" />
+	<target host="truex.io" />
+	<target host="truff.sh" />
+	<target host="trugntl.mn" />
+	<target host="trumb.news" />
+	<target host="trumpl.ist" />
+	<target host="trus.sl" />
+	<target host="truspot.in" />
+	<target host="trustedhs.co" />
+	<target host="trusu.biz" />
+	<target host="truthtreason.co" />
+	<target host="trv4.ml" />
+	<target host="trvb.us" />
+	<target host="trvl.mp" />
+	<target host="trvlguy.co" />
+	<target host="trvllr.co" />
+	<target host="trvlrt.ch" />
+	<target host="trvs.io" />
+	<target host="trvw.in" />
+	<target host="trw.fyi" />
+	<target host="trw.trmb.co" />
+	<target host="trx.so" />
+	<target host="trxp.io" />
+	<target host="try.offline.io" />
+	<target host="try.opisnet.com" />
+	<target host="try.somatik.us" />
+	<target host="tryc3.com" />
+	<target host="trycvr.co" />
+	<target host="tryhard.audio" />
+	<target host="tryrcrds.cf" />
+	<target host="trysgb.com" />
+	<target host="trywinc.com" />
+	<target host="ts.la" />
+	<target host="ts3a.co" />
+	<target host="ts7.jp" />
+	<target host="tsa.fun" />
+	<target host="tsa.io" />
+	<target host="tsabd.com" />
+	<target host="tsatx.org" />
+	<target host="tsb.plus" />
+	<target host="tsb.uk" />
+	<target host="tsc.dance" />
+	<target host="tsc.li" />
+	<target host="tsd.ooo" />
+	<target host="tsdig.it" />
+	<target host="tsec.io" />
+	<target host="tsgate.co" />
+	<target host="tsgnl.me" />
+	<target host="tshark.ly" />
+	<target host="tshe.pe" />
+	<target host="tsherfy.us" />
+	<target host="tshwn.me" />
+	<target host="tsinet.ca" />
+	<target host="tsite.co" />
+	<target host="tsk.ninja" />
+	<target host="tsl.cm" />
+	<target host="tsl.tips" />
+	<target host="tsl.wtf" />
+	<target host="tsmag.co" />
+	<target host="tsmit.me" />
+	<target host="tsmlab.org" />
+	<target host="tsmsite.tk" />
+	<target host="tso.media" />
+	<target host="tso.to" />
+	<target host="tsou.sg" />
+	<target host="tspne.ws" />
+	<target host="tsprt.co" />
+	<target host="tsptry.com" />
+	<target host="tspvnilla.co" />
+	<target host="tsq.li" />
+	<target host="tsqr.co" />
+	<target host="tsri.co" />
+	<target host="tssgun.co" />
+	<target host="tst.life" />
+	<target host="tsta.pt" />
+	<target host="tstamps.co" />
+	<target host="tstea.co" />
+	<target host="tstex.us" />
+	<target host="tstitt.me" />
+	<target host="tstmbl.fr" />
+	<target host="tsto.co" />
+	<target host="tstrm.li" />
+	<target host="tsty.me" />
+	<target host="tsubakiys.jp" />
+	<target host="tsuchiya.bz" />
+	<target host="tsunade2017.ml" />
+	<target host="tswift.co" />
+	<target host="tswx.us" />
+	<target host="tt.glo.co" />
+	<target host="tta.click" />
+	<target host="ttap.co" />
+	<target host="ttaud.io" />
+	<target host="ttcovers.com" />
+	<target host="ttcruise.com" />
+	<target host="ttdib.com" />
+	<target host="tte.pw" />
+	<target host="ttf.me" />
+	<target host="ttfor.me" />
+	<target host="ttgami.ng" />
+	<target host="tthl.cc" />
+	<target host="tti-tam.us" />
+	<target host="ttit.us" />
+	<target host="ttj.pw" />
+	<target host="ttl.nyc" />
+	<target host="ttlab.co" />
+	<target host="ttlbr.ca" />
+	<target host="ttld.ca" />
+	<target host="ttm.ag" />
+	<target host="ttm.wtf" />
+	<target host="ttms.us" />
+	<target host="ttn.asia" />
+	<target host="ttnk.nyc" />
+	<target host="ttnny.com" />
+	<target host="ttom.at" />
+	<target host="ttower.tv" />
+	<target host="ttrip.co" />
+	<target host="ttrsir.us" />
+	<target host="ttshr.co" />
+	<target host="ttt.wf" />
+	<target host="tttm.co" />
+	<target host="tttne.ws" />
+	<target host="ttur.ch" />
+	<target host="ttvillas.co" />
+	<target host="ttvs.org" />
+	<target host="ttw.life" />
+	<target host="ttw.tips" />
+	<target host="tu.company" />
+	<target host="tu.inmoobi.com" />
+	<target host="tu.tupi.fm" />
+	<target host="tuana.nu" />
+	<target host="tuangheula.ml" />
+	<target host="tubb.co" />
+	<target host="tube4k.ml" />
+	<target host="tubeadv.com" />
+	<target host="tubep.ro" />
+	<target host="tubes-hd.tk" />
+	<target host="tubeseries.cf" />
+	<target host="tubeserieshd.ga" />
+	<target host="tubeshd.tk" />
+	<target host="tubetvs.ga" />
+	<target host="tubros.me" />
+	<target host="tubu.info" />
+	<target host="tucan.travel" />
+	<target host="tucd.co" />
+	<target host="tucf.co" />
+	<target host="tucine.mx" />
+	<target host="tuck.cc" />
+	<target host="tuckerbar.be" />
+	<target host="tucsonne.ws" />
+	<target host="tucu.tv" />
+	<target host="tucuatro.info" />
+	<target host="tud.im" />
+	<target host="tudcom.tk" />
+	<target host="tudyma.cz" />
+	<target host="tuft.su" />
+	<target host="tufts.observer" />
+	<target host="tuga.host" />
+	<target host="tuga.me" />
+	<target host="tuga.tech" />
+	<target host="tugate.ch" />
+	<target host="tugbo.at" />
+	<target host="tui-mags.com" />
+	<target host="tui.kapani.de" />
+	<target host="tuit.eu" />
+	<target host="tulane.it" />
+	<target host="tum.church" />
+	<target host="tumb.co" />
+	<target host="tun.yt" />
+	<target host="tuna.pizza" />
+	<target host="tunas.co" />
+	<target host="tunhuaghep.net" />
+	<target host="tup.ly" />
+	<target host="turb.co" />
+	<target host="turb.la" />
+	<target host="turbo.rent" />
+	<target host="turismo.city" />
+	<target host="turm.us" />
+	<target host="turn.li" />
+	<target host="turnieje.live" />
+	<target host="tursha.info" />
+	<target host="turuca.me" />
+	<target host="tutcp.pw" />
+	<target host="tute.la" />
+	<target host="tutele.mx" />
+	<target host="tutete.eu" />
+	<target host="tuunica.info" />
+	<target host="tuva.la" />
+	<target host="tuwa.ga" />
+	<target host="tv-absolute.ml" />
+	<target host="tv-cbts.ml" />
+	<target host="tv-guide.gq" />
+	<target host="tv-hd.ml" />
+	<target host="tv-hdnow.ml" />
+	<target host="tv-home.ml" />
+	<target host="tv-movie.ga" />
+	<target host="tv-movie.ml" />
+	<target host="tv-online.tk" />
+	<target host="tv-schedule.ga" />
+	<target host="tv-schedule.ml" />
+	<target host="tv-series.cf" />
+	<target host="tv-series.tk" />
+	<target host="tv-serieshd.ga" />
+	<target host="tv-show.gq" />
+	<target host="tv-streaming.ml" />
+	<target host="tv-us.cf" />
+	<target host="tv-world.ml" />
+	<target host="tv-youtube.ml" />
+	<target host="tv.daknong.tv" />
+	<target host="tv.dosunos.us" />
+	<target host="tv.eat.lk" />
+	<target host="tv.vandavasi.in" />
+	<target host="tvbox21.ml" />
+	<target host="tvcentre.cf" />
+	<target host="tvdb-hd.ml" />
+	<target host="tvdb-online.ml" />
+	<target host="tvdb.ml" />
+	<target host="tvdb2017.ml" />
+	<target host="tvepisodes.ml" />
+	<target host="tvepshows.ga" />
+	<target host="tvesco.la" />
+	<target host="tvfo.co" />
+	<target host="tvfulleps.ml" />
+	<target host="tvfullhd.ml" />
+	<target host="tvfutu.re" />
+	<target host="tvgd.co" />
+	<target host="tvgplus.ml" />
+	<target host="tvguide.gq" />
+	<target host="tvguide.ml" />
+	<target host="tvguiderms.ml" />
+	<target host="tvh.io" />
+	<target host="tvhd-2017.ml" />
+	<target host="tvhd-show.ml" />
+	<target host="tvhd-stream.ml" />
+	<target host="tvhd.ml" />
+	<target host="tvhdfull.tk" />
+	<target host="tvhds.ml" />
+	<target host="tvista.in" />
+	<target host="tvit.us" />
+	<target host="tvline.ml" />
+	<target host="tvm4kmoviehd.ml" />
+	<target host="tvmania.ml" />
+	<target host="tvme.ml" />
+	<target host="tvmovie21.ga" />
+	<target host="tvmoviehd.ml" />
+	<target host="tvmuse-hd.ml" />
+	<target host="tvmuse.ga" />
+	<target host="tvmuse.gq" />
+	<target host="tvmuse.ml" />
+	<target host="tvmuse21.ml" />
+	<target host="tvohd.ml" />
+	<target host="tvonline21.ml" />
+	<target host="tvote.org" />
+	<target host="tvp.ag" />
+	<target host="tvparty.co" />
+	<target host="tvpromosdb.ml" />
+	<target host="tvrsm.ml" />
+	<target host="tvsa.mx" />
+	<target host="tvseries.hol.es" />
+	<target host="tvseries2017.ml" />
+	<target host="tvseries7.ml" />
+	<target host="tvseriesfull.ml" />
+	<target host="tvserieshd.ga" />
+	<target host="tvserieshd.tk" />
+	<target host="tvserieson.tk" />
+	<target host="tvseriez.hol.es" />
+	<target host="tvserverhd.ml" />
+	<target host="tvshow.ml" />
+	<target host="tvshowhd.ga" />
+	<target host="tvshowhd.gq" />
+	<target host="tvshowhd.ml" />
+	<target host="tvshows.date" />
+	<target host="tvshows.gq" />
+	<target host="tvshowsone.ga" />
+	<target host="tvshoww.ml" />
+	<target host="tvsmania.tk" />
+	<target host="tvstream.ml" />
+	<target host="tvstreamhd.ml" />
+	<target host="tvstreaming.gq" />
+	<target host="tvt.kr" />
+	<target host="tvurl.tv" />
+	<target host="tvus.ml" />
+	<target host="tvushd.ml" />
+	<target host="tvvee.ml" />
+	<target host="tvwin.es" />
+	<target host="tvzone.ml" />
+	<target host="tw-el.uk" />
+	<target host="tw.kenmainr.net" />
+	<target host="tw.link" />
+	<target host="tw.staygeo.com" />
+	<target host="tw.terps.io" />
+	<target host="tw.voicepro.it" />
+	<target host="twal.kr" />
+	<target host="twan.gy" />
+	<target host="tward.us" />
+	<target host="twb.guru" />
+	<target host="twb.im" />
+	<target host="twca.mp" />
+	<target host="twcinc.link" />
+	<target host="twco.me" />
+	<target host="twd.ac" />
+	<target host="twdx.cf" />
+	<target host="twdx.in" />
+	<target host="tweaktown.to" />
+	<target host="tweet.amg22.com" />
+	<target host="tweet.co.vu" />
+	<target host="tweet.rapmag.tv" />
+	<target host="tweet.scmp.com" />
+	<target host="tweety.si" />
+	<target host="twepi.ca" />
+	<target host="twhi.co" />
+	<target host="twhite.me" />
+	<target host="twidex.com" />
+	<target host="twigfil.ms" />
+	<target host="twik.it" />
+	<target host="twin.pk" />
+	<target host="twinlane.co" />
+	<target host="twis.li" />
+	<target host="twist.to" />
+	<target host="twitr.pw" />
+	<target host="twitty.com.au" />
+	<target host="twj.tips" />
+	<target host="twld.ml" />
+	<target host="twlnk.co" />
+	<target host="twlv.tn" />
+	<target host="twm.co" />
+	<target host="twngo.cf" />
+	<target host="twnv.jp" />
+	<target host="two-series.ml" />
+	<target host="two17.us" />
+	<target host="two42.co" />
+	<target host="two4two.info" />
+	<target host="twobyfo.re" />
+	<target host="twonain4k.ml" />
+	<target host="twoop.io" />
+	<target host="twoore.co" />
+	<target host="twou.co" />
+	<target host="twpcourse.com" />
+	<target host="twr33.com" />
+	<target host="tws.io" />
+	<target host="twst.it" />
+	<target host="twstr.hu" />
+	<target host="twt.gp" />
+	<target host="twt.jnks.info" />
+	<target host="twthr.ee" />
+	<target host="twtr.cm" />
+	<target host="twtstrm.co" />
+	<target host="twu.tw" />
+	<target host="twzrd.ml" />
+	<target host="txaust.in" />
+	<target host="txbiz.co" />
+	<target host="txex.es" />
+	<target host="txgop.us" />
+	<target host="txhsfb.link" />
+	<target host="txmnth.ly" />
+	<target host="txna.co" />
+	<target host="txpo.li" />
+	<target host="txpod.net" />
+	<target host="txpr.de" />
+	<target host="txrealto.rs" />
+	<target host="txrec.io" />
+	<target host="txrt.uk" />
+	<target host="txsci.net" />
+	<target host="txst.us" />
+	<target host="txts.be" />
+	<target host="txwine.us" />
+	<target host="txyz.tk" />
+	<target host="ty.itaxi.pl" />
+	<target host="tyanmuah.ml" />
+	<target host="tybp.us" />
+	<target host="tycn.co" />
+	<target host="tycnsys.co" />
+	<target host="tydee.info" />
+	<target host="tydn.co" />
+	<target host="tyea.gr" />
+	<target host="tygi.in" />
+	<target host="tyku.it" />
+	<target host="tyler.to" />
+	<target host="tylerj.us" />
+	<target host="tylr.net" />
+	<target host="tylrgt.rs" />
+	<target host="tymp.uk" />
+	<target host="tyn.ch" />
+	<target host="tynielsen.me" />
+	<target host="typ.st" />
+	<target host="typ.wtf" />
+	<target host="type-co.com" />
+	<target host="typea.cc" />
+	<target host="typehype.eu" />
+	<target host="typeof.xyz" />
+	<target host="typg.co" />
+	<target host="tyrant.click" />
+	<target host="tyrolit.social" />
+	<target host="tysp.co" />
+	<target host="tyt.my" />
+	<target host="tywed.co" />
+	<target host="tz.nu" />
+	<target host="tz.rs" />
+	<target host="tzba.ml" />
+	<target host="tzkn.co" />
+	<target host="tzmfree.club" />
+	<target host="tzn.is" />
+	<target host="u-2.im" />
+	<target host="u-a-f.de" />
+	<target host="u-tv-online.ga" />
+	<target host="u-tv-online.gq" />
+	<target host="u.3bdessala.me" />
+	<target host="u.abimayu.com" />
+	<target host="u.alan736.ch" />
+	<target host="u.arcww.com.tw" />
+	<target host="u.astronomia.co" />
+	<target host="u.axon.pw" />
+	<target host="u.ayd.jp" />
+	<target host="u.b24.am" />
+	<target host="u.bababa.co" />
+	<target host="u.badgerdash.tk" />
+	<target host="u.bankon.co" />
+	<target host="u.bay.rocks" />
+	<target host="u.bee.moe" />
+	<target host="u.ben10club.org" />
+	<target host="u.billgong.com" />
+	<target host="u.bmeyer.me" />
+	<target host="u.boxwilson.com" />
+	<target host="u.bpratik.in" />
+	<target host="u.bravodms.com" />
+	<target host="u.bretwalda.net" />
+	<target host="u.briza.co.uk" />
+	<target host="u.cam.vc" />
+	<target host="u.campus-owl.de" />
+	<target host="u.cfdp.dk" />
+	<target host="u.chamuel.us" />
+	<target host="u.chchc.ch" />
+	<target host="u.chipshout.com" />
+	<target host="u.chobbit.pw" />
+	<target host="u.choy.in" />
+	<target host="u.clubfont.cat" />
+	<target host="u.cme4life.com" />
+	<target host="u.csgo.tw" />
+	<target host="u.d41.cl" />
+	<target host="u.dannclo.se" />
+	<target host="u.den.my" />
+	<target host="u.dgabc.com.br" />
+	<target host="u.djchuang.com" />
+	<target host="u.dnl.pw" />
+	<target host="u.domiciwk.com" />
+	<target host="u.duetg.com" />
+	<target host="u.duytrung.xyz" />
+	<target host="u.eduk8.me" />
+	<target host="u.exact.to" />
+	<target host="u.fancycraft.cc" />
+	<target host="u.fixstudio.com" />
+	<target host="u.folkano.com" />
+	<target host="u.funshop.co.kr" />
+	<target host="u.getim.co" />
+	<target host="u.gnett.org" />
+	<target host="u.gopt.me" />
+	<target host="u.hardlyart.com" />
+	<target host="u.herda.me" />
+	<target host="u.horia.me" />
+	<target host="u.hrmg.eu" />
+	<target host="u.iany.me" />
+	<target host="u.ice-7.com" />
+	<target host="u.idol.io" />
+	<target host="u.inamba.com" />
+	<target host="u.insite.co.jp" />
+	<target host="u.invalshoek.nl" />
+	<target host="u.iptvsub.info" />
+	<target host="u.ivoilic.com" />
+	<target host="u.iza.ac" />
+	<target host="u.jazit.co" />
+	<target host="u.jiceb.net" />
+	<target host="u.jimsmusic.co" />
+	<target host="u.jle.im" />
+	<target host="u.jogjabatik.id" />
+	<target host="u.jonatan.cl" />
+	<target host="u.kai.gs" />
+	<target host="u.key1.jp" />
+	<target host="u.khbn.net" />
+	<target host="u.kmjamaat.com" />
+	<target host="u.kmp.me" />
+	<target host="u.laliberte.io" />
+	<target host="u.lds.li" />
+	<target host="u.lefteros.com" />
+	<target host="u.lfi.cl" />
+	<target host="u.lpfisite.com" />
+	<target host="u.majord.tw" />
+	<target host="u.mallet.xyz" />
+	<target host="u.malone.io" />
+	<target host="u.marlukki.eu" />
+	<target host="u.mic.io" />
+	<target host="u.miz.im" />
+	<target host="u.moneylover.me" />
+	<target host="u.mqx.ninja" />
+	<target host="u.msdynamics.es" />
+	<target host="u.mtk.me" />
+	<target host="u.mud.lk" />
+	<target host="u.mymbs.eu" />
+	<target host="u.najafiali.com" />
+	<target host="u.niaduox.rocks" />
+	<target host="u.nkhost.net" />
+	<target host="u.novus.com" />
+	<target host="u.nowloaded.org" />
+	<target host="u.ntcs.ml" />
+	<target host="u.nwc.co" />
+	<target host="u.ocimblog.com" />
+	<target host="u.ocsb.pw" />
+	<target host="u.onpc.kr" />
+	<target host="u.ophir.li" />
+	<target host="u.org" />
+	<target host="u.ortc.link" />
+	<target host="u.oznorts.com" />
+	<target host="u.pdk.to" />
+	<target host="u.pirmax.fr" />
+	<target host="u.pjnorris.com" />
+	<target host="u.pli.cc" />
+	<target host="u.poka.tw" />
+	<target host="u.proxmts.net" />
+	<target host="u.pushka.co" />
+	<target host="u.pw" />
+	<target host="u.pwcc.cc" />
+	<target host="u.questetra.com" />
+	<target host="u.radix.cc" />
+	<target host="u.retcon.com.ar" />
+	<target host="u.rorpage.com" />
+	<target host="u.salimbo.me" />
+	<target host="u.sardinka.org" />
+	<target host="u.sarhov.com" />
+	<target host="u.sbhat.me" />
+	<target host="u.scar45.com" />
+	<target host="u.sentido42.org" />
+	<target host="u.sfxyyam.com" />
+	<target host="u.shafeeque.in" />
+	<target host="u.shaulb.com" />
+	<target host="u.sigit.co.uk" />
+	<target host="u.simou.net" />
+	<target host="u.sivy.net" />
+	<target host="u.softbank.jp" />
+	<target host="u.spideramn.com" />
+	<target host="u.stoneip.info" />
+	<target host="u.stop-cri.me" />
+	<target host="u.subpop.com" />
+	<target host="u.supp.tk" />
+	<target host="u.sw4.de" />
+	<target host="u.syxy.fr" />
+	<target host="u.tap.me" />
+	<target host="u.tapp.hu" />
+	<target host="u.tend.ai" />
+	<target host="u.tgu.ca" />
+	<target host="u.tilsimat.net" />
+	<target host="u.toddjana.com" />
+	<target host="u.tpx.mx" />
+	<target host="u.tthe.se" />
+	<target host="u.uhrebrink.dk" />
+	<target host="u.unbekannt3.eu" />
+	<target host="u.uneek.org" />
+	<target host="u.upiyptk.study" />
+	<target host="u.vi.net.au" />
+	<target host="u.xn--7gq403k.tokyo" />
+	<target host="u.yoi.sg" />
+	<target host="u.zackboe.co" />
+	<target host="u.zipsan.pw" />
+	<target host="u2.com.es" />
+	<target host="u2fa.nl" />
+	<target host="u2go.pw" />
+	<target host="u2rl.com" />
+	<target host="u301.me" />
+	<target host="u62.org" />
+	<target host="u73.net" />
+	<target host="uangy.ml" />
+	<target host="uassi.st" />
+	<target host="uawford.us" />
+	<target host="ubc.vc" />
+	<target host="ubef.tv" />
+	<target host="uberaba.vc" />
+	<target host="ubertacc.io" />
+	<target host="ubey.tk" />
+	<target host="ubiqq.us" />
+	<target host="ublz.co" />
+	<target host="ubm.io" />
+	<target host="ubne.ws" />
+	<target host="ubnt.link" />
+	<target host="ubr.to" />
+	<target host="ubrf.review" />
+	<target host="ubrflp.in" />
+	<target host="ubs.re" />
+	<target host="ubstairs.com" />
+	<target host="ubu.one" />
+	<target host="ubub.us" />
+	<target host="ubuzz.me" />
+	<target host="ubx.io" />
+	<target host="ucb.cau.arq.br" />
+	<target host="ucbexed.org" />
+	<target host="uccf.at" />
+	<target host="ucel.co.uk" />
+	<target host="ucfknights.co" />
+	<target host="ucflib.fyi" />
+	<target host="ucfnews.com" />
+	<target host="uche.us" />
+	<target host="uchechi.co" />
+	<target host="uchiyama.link" />
+	<target host="uciha1st4k.ml" />
+	<target host="uckg.info" />
+	<target host="ucla.in" />
+	<target host="ucnpi.org" />
+	<target host="ucollege.du.edu" />
+	<target host="ucom.ae" />
+	<target host="uconnhuski.es" />
+	<target host="ucpath.org" />
+	<target host="ucsfh.org" />
+	<target host="ud.ag" />
+	<target host="ud.wtf" />
+	<target host="udaan.it" />
+	<target host="udidac.tv" />
+	<target host="udinkokek.ga" />
+	<target host="udk.nu" />
+	<target host="udl.today" />
+	<target host="udp.ngo" />
+	<target host="udrapt.com" />
+	<target host="uds.center" />
+	<target host="uds.direct" />
+	<target host="uds.lat" />
+	<target host="uds.link" />
+	<target host="uds.moscow" />
+	<target host="uds.world" />
+	<target host="uds.zone" />
+	<target host="udt.news" />
+	<target host="udud.ml" />
+	<target host="uebr.sx" />
+	<target host="uefa.to" />
+	<target host="uepa.tk" />
+	<target host="uer.fr" />
+	<target host="uexp.co" />
+	<target host="uez.in" />
+	<target host="ufcw8.us" />
+	<target host="ufh.sc" />
+	<target host="ufhjax.org" />
+	<target host="ufl.ink" />
+	<target host="ufs.one" />
+	<target host="ufs.onl" />
+	<target host="ufwx.org" />
+	<target host="ufyconx.host" />
+	<target host="ugc.nyc" />
+	<target host="uget4.me" />
+	<target host="ugh.wtf" />
+	<target host="ughk.co" />
+	<target host="uglo.be" />
+	<target host="ugp.io" />
+	<target host="ugw1r3.com" />
+	<target host="uh.ma" />
+	<target host="uhdtv.ml" />
+	<target host="uhoo.im" />
+	<target host="uhop.me" />
+	<target host="uib.li" />
+	<target host="uimag.in" />
+	<target host="uiowa.link" />
+	<target host="uitgewee.st" />
+	<target host="uiux.io" />
+	<target host="ujiajiri.net" />
+	<target host="uk.bazaar.com" />
+	<target host="uk.chle.se" />
+	<target host="uk.elhost.co" />
+	<target host="uk.goodho.us" />
+	<target host="ukecos.as" />
+	<target host="uked.chat" />
+	<target host="ukf.me" />
+	<target host="ukgw.co" />
+	<target host="ukid.cc" />
+	<target host="ukk.li" />
+	<target host="uklik.me" />
+	<target host="uklz.info" />
+	<target host="uknow.co" />
+	<target host="ukpo.co" />
+	<target host="ukr8.us" />
+	<target host="ukrad.io" />
+	<target host="ukss.me" />
+	<target host="uky.cc" />
+	<target host="ulnx.co" />
+	<target host="ultfan.live" />
+	<target host="ulthar.pw" />
+	<target host="ultherapy.md" />
+	<target host="ulti.pro" />
+	<target host="ultim.kr" />
+	<target host="ultmt.rs" />
+	<target host="ultpar.ml" />
+	<target host="ultr4k.ml" />
+	<target host="ultr4khd.ml" />
+	<target host="ultra4khd.tk" />
+	<target host="ultrahd.co.vu" />
+	<target host="ultraseries.ml" />
+	<target host="ultrasp.in" />
+	<target host="ults.co" />
+	<target host="ulwink.com" />
+	<target host="uma.nz" />
+	<target host="umaine.me" />
+	<target host="umami.us" />
+	<target host="umary.life" />
+	<target host="umbelmu.ml" />
+	<target host="umbra.co" />
+	<target host="umby.us" />
+	<target host="umc.ub-g.com" />
+	<target host="umcareer.center" />
+	<target host="umg.dk" />
+	<target host="umg.fm" />
+	<target host="umhealth.me" />
+	<target host="umicheng.in" />
+	<target host="umlib.us" />
+	<target host="umm.gd" />
+	<target host="umm.ph" />
+	<target host="ummecheng.in" />
+	<target host="umol.me" />
+	<target host="umostyle.com" />
+	<target host="umtl.ca" />
+	<target host="un1.pw" />
+	<target host="un4.me" />
+	<target host="unacast.us" />
+	<target host="unb.io" />
+	<target host="unb.lu" />
+	<target host="unbnd.me" />
+	<target host="unboxing.rocks" />
+	<target host="unc.gd" />
+	<target host="unc.live" />
+	<target host="unc.town" />
+	<target host="unccesports.org" />
+	<target host="uncf.us" />
+	<target host="uncommo.com" />
+	<target host="uncon.photo" />
+	<target host="und.st" />
+	<target host="under.gr" />
+	<target host="undersea.link" />
+	<target host="undf.td" />
+	<target host="undg.co" />
+	<target host="undiet.me" />
+	<target host="undorf.ws" />
+	<target host="undrarmr.co" />
+	<target host="undrgrnd.co" />
+	<target host="undrhl.com" />
+	<target host="undrs.co" />
+	<target host="undrwr.expert" />
+	<target host="undsl.be" />
+	<target host="une.pm" />
+	<target host="uneak.co" />
+	<target host="unearthed.link" />
+	<target host="uneasy.in" />
+	<target host="uned.it" />
+	<target host="unei.info" />
+	<target host="uneto-vni.info" />
+	<target host="ungaretti.tk" />
+	<target host="ungl.me" />
+	<target host="unhlywd.co" />
+	<target host="unhm.org" />
+	<target host="unho.co" />
+	<target host="uni-hub.us" />
+	<target host="uni.cf" />
+	<target host="uni.web.id" />
+	<target host="unibeds.info" />
+	<target host="unicef.to" />
+	<target host="unik.today" />
+	<target host="unimed.vc" />
+	<target host="uninc.agency" />
+	<target host="union.moda" />
+	<target host="unipega.so" />
+	<target host="uniqe.ly" />
+	<target host="uniqlo.us" />
+	<target host="unis.pt" />
+	<target host="unitedpts.com" />
+	<target host="unitedtech.co" />
+	<target host="unitedway.co" />
+	<target host="unitedwedre.am" />
+	<target host="unitv.xyz" />
+	<target host="uniu.be" />
+	<target host="univadis.net" />
+	<target host="univer.video" />
+	<target host="unix.vc" />
+	<target host="unk.ai" />
+	<target host="unk.co" />
+	<target host="unlearn.cc" />
+	<target host="unlgs.com" />
+	<target host="unlwifi.com" />
+	<target host="unmndcrgo.co" />
+	<target host="unode50.co" />
+	<target host="unr.ly" />
+	<target host="unrl.me" />
+	<target host="unrlbl.gq" />
+	<target host="unscrip.td" />
+	<target host="unsctr.me" />
+	<target host="unsealthis.com" />
+	<target host="unserertage.com" />
+	<target host="unsn.uk" />
+	<target host="unsng.co" />
+	<target host="unspla.sh" />
+	<target host="unsta.in" />
+	<target host="unstudios.tk" />
+	<target host="untap.nyc" />
+	<target host="untd.tax" />
+	<target host="untdwy.org" />
+	<target host="untgl.me" />
+	<target host="untngl.me" />
+	<target host="untp.it" />
+	<target host="unum.co" />
+	<target host="unum.me" />
+	<target host="unux.cf" />
+	<target host="unvd.it" />
+	<target host="unvr.se" />
+	<target host="unvr.st" />
+	<target host="unwf.co" />
+	<target host="unworld.life" />
+	<target host="unwr.tn" />
+	<target host="unz.fr" />
+	<target host="uobiz.co" />
+	<target host="uocoe.me" />
+	<target host="uod.ac.uk" />
+	<target host="uof.sc" />
+	<target host="uofl.me" />
+	<target host="uofr.us" />
+	<target host="uofsclaw.us" />
+	<target host="uolcb.co" />
+	<target host="uompol.ml" />
+	<target host="uospm.co" />
+	<target host="up.dorijan.co" />
+	<target host="up.gd" />
+	<target host="up.ppxls.net" />
+	<target host="up.s3cr3t.net" />
+	<target host="up.tips" />
+	<target host="up3.co" />
+	<target host="up4.click" />
+	<target host="upal.co" />
+	<target host="uparw.com" />
+	<target host="upc-cit.com" />
+	<target host="upc.care" />
+	<target host="upca.st" />
+	<target host="upcurve.cloud" />
+	<target host="updp.cf" />
+	<target host="upgr.io" />
+	<target host="uplk.me" />
+	<target host="upm.cc" />
+	<target host="upma.us" />
+	<target host="upmc.us" />
+	<target host="upmchp.us" />
+	<target host="upmcwp.us" />
+	<target host="upmy.biz" />
+	<target host="upnextnews.tv" />
+	<target host="upperc.se" />
+	<target host="uppr.us" />
+	<target host="upref.us" />
+	<target host="uprep.us" />
+	<target host="upri.me" />
+	<target host="uproxx.it" />
+	<target host="upsd.io" />
+	<target host="upsrv.co" />
+	<target host="upstreamfe.st" />
+	<target host="uptime4.me" />
+	<target host="uptwn.ch" />
+	<target host="upvot.es" />
+	<target host="urb.tf" />
+	<target host="urbanchartz.me" />
+	<target host="urbanco.io" />
+	<target host="urbanfutur.es" />
+	<target host="urbanhd.ml" />
+	<target host="urbina.io" />
+	<target host="urbn.fr" />
+	<target host="urbn.in" />
+	<target host="urbn.is" />
+	<target host="urbn.xyz" />
+	<target host="urbnbd.co" />
+	<target host="urbnhnt.xyz" />
+	<target host="urbrns.nl" />
+	<target host="urbsd.co" />
+	<target host="urchur.ch" />
+	<target host="urcl.gq" />
+	<target host="urgentfury.link" />
+	<target host="urhood.co.za" />
+	<target host="uriel2017.ml" />
+	<target host="urig.co" />
+	<target host="url-2.com" />
+	<target host="url.1n.pw" />
+	<target host="url.40x.co" />
+	<target host="url.8kh.de" />
+	<target host="url.abea.org.br" />
+	<target host="url.adamfly.me" />
+	<target host="url.adsfrom.us" />
+	<target host="url.albj.net" />
+	<target host="url.alexake.com" />
+	<target host="url.alpersf.com" />
+	<target host="url.amnhac.org" />
+	<target host="url.apiu.edu" />
+	<target host="url.apkbaru.net" />
+	<target host="url.aris.do" />
+	<target host="url.arnokrol.nl" />
+	<target host="url.aru-b.com" />
+	<target host="url.ash9.jp" />
+	<target host="url.aziz.pw" />
+	<target host="url.basista.pro" />
+	<target host="url.bazuki.com" />
+	<target host="url.bbking.net" />
+	<target host="url.bebagi.com" />
+	<target host="url.bevera.st" />
+	<target host="url.bre.hm" />
+	<target host="url.brugh.co" />
+	<target host="url.camiel.co" />
+	<target host="url.cap3.de" />
+	<target host="url.cashwu.com" />
+	<target host="url.cawacci.com" />
+	<target host="url.coenm.nl" />
+	<target host="url.conkell.com" />
+	<target host="url.cs.co.id" />
+	<target host="url.cw1998.uk" />
+	<target host="url.dakodi.eu" />
+	<target host="url.deathe.org" />
+	<target host="url.derbit.de" />
+	<target host="url.digicafe.jp" />
+	<target host="url.divi.web.id" />
+	<target host="url.dochouse.de" />
+	<target host="url.ebisu.in" />
+	<target host="url.educris.com" />
+	<target host="url.eduma.vn" />
+	<target host="url.effiks.net" />
+	<target host="url.efmeeks.net" />
+	<target host="url.egoz.cl" />
+	<target host="url.elcampo.in" />
+	<target host="url.exefull.net" />
+	<target host="url.f8vn.net" />
+	<target host="url.fatlabs.org" />
+	<target host="url.fmk.de" />
+	<target host="url.folin.com" />
+	<target host="url.frejo.dk" />
+	<target host="url.gdwan.co" />
+	<target host="url.gess.sg" />
+	<target host="url.gotry.ml" />
+	<target host="url.gracey.net" />
+	<target host="url.gray365.com" />
+	<target host="url.grida.no" />
+	<target host="url.hansng.com" />
+	<target host="url.hatch.com" />
+	<target host="url.hdoi360.com" />
+	<target host="url.helc.me" />
+	<target host="url.hoaxes.id" />
+	<target host="url.hwbot.org" />
+	<target host="url.ichwan.id" />
+	<target host="url.icymi.co" />
+	<target host="url.ienlab.net" />
+	<target host="url.ifijit.com" />
+	<target host="url.ihostbr.com" />
+	<target host="url.imageek.ovh" />
+	<target host="url.imprve.nl" />
+	<target host="url.infopku.com" />
+	<target host="url.inra.fr" />
+	<target host="url.inxco.be" />
+	<target host="url.ipqb.org" />
+	<target host="url.is-shrt.com" />
+	<target host="url.ivsnote.com" />
+	<target host="url.j172.tw" />
+	<target host="url.j3h.eu" />
+	<target host="url.jackdavi.es" />
+	<target host="url.jael.ee" />
+	<target host="url.jakif.com" />
+	<target host="url.jammm.com" />
+	<target host="url.jarno.co" />
+	<target host="url.jckzone.com" />
+	<target host="url.jhuesser.ch" />
+	<target host="url.jimv.com" />
+	<target host="url.jobbied.com" />
+	<target host="url.jpjudge.com" />
+	<target host="url.jucru.com" />
+	<target host="url.kar.gl" />
+	<target host="url.keiji.io" />
+	<target host="url.keilson.org" />
+	<target host="url.kronoz.guru" />
+	<target host="url.lansla.com" />
+	<target host="url.lchau.com" />
+	<target host="url.lei.lt" />
+	<target host="url.leskippy.eu" />
+	<target host="url.locari.jp" />
+	<target host="url.lorixon.com" />
+	<target host="url.lukchun.com" />
+	<target host="url.m-n.us" />
+	<target host="url.m4i.ir" />
+	<target host="url.mactech.com" />
+	<target host="url.makeawe.so" />
+	<target host="url.mastrip.net" />
+	<target host="url.matejka.cc" />
+	<target host="url.melyweb.net" />
+	<target host="url.memy.cz" />
+	<target host="url.miantiao.me" />
+	<target host="url.mik.nu" />
+	<target host="url.miko2.net" />
+	<target host="url.mlchen.org" />
+	<target host="url.moshi.co" />
+	<target host="url.mouxy.net" />
+	<target host="url.mrwilde.com" />
+	<target host="url.munjeet.com" />
+	<target host="url.myfini.com" />
+	<target host="url.mytkda.fr" />
+	<target host="url.n9mtq4.com" />
+	<target host="url.nacks.ovh" />
+	<target host="url.naydenov.tk" />
+	<target host="url.nhefner.com" />
+	<target host="url.northgr.net" />
+	<target host="url.npu-w.org" />
+	<target host="url.nthundcc.tw" />
+	<target host="url.nucafl.org" />
+	<target host="url.oak.is" />
+	<target host="url.oasistv.com" />
+	<target host="url.onex.de" />
+	<target host="url.oradba.ch" />
+	<target host="url.oshim.net" />
+	<target host="url.pallayi.com" />
+	<target host="url.paperon.net" />
+	<target host="url.pcadv.org" />
+	<target host="url.pcheaven.eu" />
+	<target host="url.pindrop.com" />
+	<target host="url.pouchak.com" />
+	<target host="url.ps3blog.net" />
+	<target host="url.ps4blog.net" />
+	<target host="url.pzyko.org" />
+	<target host="url.qube-ing.de" />
+	<target host="url.quexten.com" />
+	<target host="url.qutics.com" />
+	<target host="url.raona.com" />
+	<target host="url.raylu.net" />
+	<target host="url.rbj.hu" />
+	<target host="url.repu.vn" />
+	<target host="url.rudenko.org" />
+	<target host="url.s-ernst.com" />
+	<target host="url.s2u.vn" />
+	<target host="url.sblnc.guru" />
+	<target host="url.scott.ws" />
+	<target host="url.shangfu.tw" />
+	<target host="url.shinod.in" />
+	<target host="url.siwah.com" />
+	<target host="url.siyt.biz" />
+	<target host="url.slowik.eu" />
+	<target host="url.smithtx.us" />
+	<target host="url.solar" />
+	<target host="url.spjain.in" />
+	<target host="url.spl.com.tr" />
+	<target host="url.sturzy.ch" />
+	<target host="url.stxny.de" />
+	<target host="url.t-gamer.de" />
+	<target host="url.t0in.com" />
+	<target host="url.taizona.jp" />
+	<target host="url.tamilcc.com" />
+	<target host="url.tc.in.th" />
+	<target host="url.te-fotos.de" />
+	<target host="url.teammay.com" />
+	<target host="url.thoh.us" />
+	<target host="url.timb.us" />
+	<target host="url.tinjaw.net" />
+	<target host="url.tinojr.com" />
+	<target host="url.tjrana.com" />
+	<target host="url.tmsrv.org" />
+	<target host="url.topfree.de" />
+	<target host="url.tt5.org" />
+	<target host="url.tweb.in" />
+	<target host="url.ubds.mn" />
+	<target host="url.urandul.net" />
+	<target host="url.vasto.la" />
+	<target host="url.vdbos.co" />
+	<target host="url.veerkun.com" />
+	<target host="url.vega.works" />
+	<target host="url.vorst.co" />
+	<target host="url.webikeo.fr" />
+	<target host="url.webtrip.in" />
+	<target host="url.wheder.eu" />
+	<target host="url.wkndrs.net" />
+	<target host="url.wx.ag" />
+	<target host="url.xathz.net" />
+	<target host="url.xodaa.net" />
+	<target host="url.yerse.net" />
+	<target host="url.yeuxa.com" />
+	<target host="url2.cardu.cc" />
+	<target host="url2.cf" />
+	<target host="url2.dk" />
+	<target host="url2.io" />
+	<target host="url2txt.com" />
+	<target host="urlk.ml" />
+	<target host="urll.nl" />
+	<target host="urlpie.com" />
+	<target host="urlpro.fr" />
+	<target host="urlptt.com" />
+	<target host="urlq.me" />
+	<target host="urls.colearn.be" />
+	<target host="urls.dalvi.me" />
+	<target host="urls.dyc.qa" />
+	<target host="urls.getmade.co" />
+	<target host="urls.im" />
+	<target host="urls.nazul.net" />
+	<target host="urls.ylhub.com" />
+	<target host="urlt.de" />
+	<target host="urlyr.com" />
+	<target host="uro.clinic" />
+	<target host="urolo.gy" />
+	<target host="ursal.es" />
+	<target host="urson.us" />
+	<target host="urt.io" />
+	<target host="urtm.co" />
+	<target host="us-experte.de" />
+	<target host="us.dhl.gl" />
+	<target host="us.elhost.co" />
+	<target host="us.ht" />
+	<target host="us.l4expert.com" />
+	<target host="us.rsuri.com" />
+	<target host="us.teenslab.com" />
+	<target host="us2.co" />
+	<target host="usa-tvseries.ml" />
+	<target host="usa4khd.ml" />
+	<target host="usabil.la" />
+	<target host="usafav.com" />
+	<target host="usan.co" />
+	<target host="usanet.tv" />
+	<target host="usarug.by" />
+	<target host="usat.ly" />
+	<target host="usatvseries.ga" />
+	<target host="usatvshow.ga" />
+	<target host="usatwi.sc" />
+	<target host="usc.one" />
+	<target host="uscale.us" />
+	<target host="uscham.com" />
+	<target host="uscma.cc" />
+	<target host="usctea.ch" />
+	<target host="usd.aw" />
+	<target host="use.ti.to" />
+	<target host="used-it.at" />
+	<target host="usee.at" />
+	<target host="usel.es" />
+	<target host="user47.link" />
+	<target host="usesutra.com" />
+	<target host="usfigu.re" />
+	<target host="usflix.ga" />
+	<target host="usguy.tokyo" />
+	<target host="ushaz.com" />
+	<target host="ushi.co" />
+	<target host="usiok.tech" />
+	<target host="usit.co" />
+	<target host="usl.me" />
+	<target host="uslax.in" />
+	<target host="uslr.us" />
+	<target host="usm.ag" />
+	<target host="usmm.co" />
+	<target host="usmo.org" />
+	<target host="usopea.ml" />
+	<target host="usp.li" />
+	<target host="uspara.us" />
+	<target host="uspgo.to" />
+	<target host="usr.mn" />
+	<target host="usrc.me" />
+	<target host="usrow.us" />
+	<target host="usshpr.cc" />
+	<target host="usstream.tk" />
+	<target host="ussu.co" />
+	<target host="ustud.io" />
+	<target host="ustyle.me" />
+	<target host="utah.re" />
+	<target host="utaho.me" />
+	<target host="utas.info" />
+	<target host="utba.ph" />
+	<target host="utcs.io" />
+	<target host="utd.mn" />
+	<target host="utekk.tk" />
+	<target host="utengr.ng" />
+	<target host="utepn.ws" />
+	<target host="utex.as" />
+	<target host="utilities.im" />
+	<target host="utmb.in" />
+	<target host="utoron.to" />
+	<target host="utrec.ht" />
+	<target host="utrek.us" />
+	<target host="utrn.ws" />
+	<target host="uts.ac" />
+	<target host="uttley.in" />
+	<target host="utx.as" />
+	<target host="uugive.com" />
+	<target host="uuu.1n.pw" />
+	<target host="uv.rs" />
+	<target host="uvmmed.hn" />
+	<target host="uvmob.com" />
+	<target host="uvw.crase.org" />
+	<target host="uware.it" />
+	<target host="uwayuc.org" />
+	<target host="uwcb.uk" />
+	<target host="uwdo.gs" />
+	<target host="uwe.su" />
+	<target host="uwf.im" />
+	<target host="uwishu.nu" />
+	<target host="uwkb.ca" />
+	<target host="uwpho.to" />
+	<target host="uws.link" />
+	<target host="ux.ht" />
+	<target host="ux.jpcyr.com" />
+	<target host="ux.lc" />
+	<target host="uxatc.com" />
+	<target host="uxc.io" />
+	<target host="uxfor.us" />
+	<target host="uxjw.me" />
+	<target host="uxlib.io" />
+	<target host="uxp.me" />
+	<target host="uy2.me" />
+	<target host="uyet.tk" />
+	<target host="uz.link" />
+	<target host="uzoo.rocks" />
+	<target host="uzpt.tk" />
+	<target host="uzr.co" />
+	<target host="v-c.it" />
+	<target host="v-g.eus" />
+	<target host="v-k.me" />
+	<target host="v-tv-online.ga" />
+	<target host="v-tv-series.ml" />
+	<target host="v.7gen.com" />
+	<target host="v.alue.co" />
+	<target host="v.badivuku.com" />
+	<target host="v.bulitko.com" />
+	<target host="v.day.az" />
+	<target host="v.enl.plus" />
+	<target host="v.evbb.net" />
+	<target host="v.evereve.com" />
+	<target host="v.getvenga.com" />
+	<target host="v.imbranet.com" />
+	<target host="v.mn3njalnik.si" />
+	<target host="v.myhorizon.io" />
+	<target host="v.nbnisslow.com" />
+	<target host="v.norvine.net" />
+	<target host="v.reler.org" />
+	<target host="v.sdhkresice.cz" />
+	<target host="v.sions.tv" />
+	<target host="v.tcprods.com" />
+	<target host="v.topmall.ua" />
+	<target host="v.urepp.net" />
+	<target host="v.vacant.vc" />
+	<target host="v.vhq.cc" />
+	<target host="v.vikrmn.com" />
+	<target host="v.virg0.org" />
+	<target host="v.visionect.com" />
+	<target host="v00.at" />
+	<target host="v1meo.ml" />
+	<target host="v2c.me" />
+	<target host="v2tix.info" />
+	<target host="v3lo.co" />
+	<target host="v51.co" />
+	<target host="v5k.co" />
+	<target host="v6te.ch" />
+	<target host="v6ventur.es" />
+	<target host="va.pe" />
+	<target host="va.pyang.me" />
+	<target host="va.rkey.in" />
+	<target host="vaca.city" />
+	<target host="vad.li" />
+	<target host="vag.life" />
+	<target host="vaga.site" />
+	<target host="vahg.us" />
+	<target host="vai.co" />
+	<target host="vain.social" />
+	<target host="vaiv.ai" />
+	<target host="vak.li" />
+	<target host="vaka.me" />
+	<target host="vakbladfw.nl" />
+	<target host="val.lamna.nu" />
+	<target host="valdour.co" />
+	<target host="vale.pro" />
+	<target host="valet.es" />
+	<target host="valh.us" />
+	<target host="valhol.la" />
+	<target host="valio.ly" />
+	<target host="valis.rocks" />
+	<target host="vallen.ga" />
+	<target host="valo.love" />
+	<target host="valsy.me" />
+	<target host="valuemy.place" />
+	<target host="vamos.gq" />
+	<target host="vamosbul.la" />
+	<target host="van-works.jp" />
+	<target host="van.ac" />
+	<target host="van.gapph.nl" />
+	<target host="van.so" />
+	<target host="vanacci.eu" />
+	<target host="vanbler.gs" />
+	<target host="vandd.me" />
+	<target host="vande.jp" />
+	<target host="vaned.co" />
+	<target host="vanelli.tips" />
+	<target host="vanessa.tips" />
+	<target host="vang.mx" />
+	<target host="vanir.uk" />
+	<target host="vanset.co" />
+	<target host="vant1.ca" />
+	<target host="vap.life" />
+	<target host="vapd.me" />
+	<target host="vapo.shop" />
+	<target host="vapo.us" />
+	<target host="vapr.me" />
+	<target host="varda.gs" />
+	<target host="varis.me" />
+	<target host="varon.is" />
+	<target host="varrez2017.ml" />
+	<target host="vas229.com" />
+	<target host="vasnfer.gdn" />
+	<target host="vast.fyi" />
+	<target host="vastearly.am" />
+	<target host="vatten.lamna.nu" />
+	<target host="vaute.co" />
+	<target host="vavel.me" />
+	<target host="vbank.in" />
+	<target host="vbh24.info" />
+	<target host="vbnmkt.me" />
+	<target host="vbs.grace.lc" />
+	<target host="vbtr.co" />
+	<target host="vbtt.it" />
+	<target host="vbvl.be" />
+	<target host="vc.tv" />
+	<target host="vc.ubbai.me" />
+	<target host="vca.pet" />
+	<target host="vcda.us" />
+	<target host="vcdx.co" />
+	<target host="vckt.co" />
+	<target host="vclmnrty.report" />
+	<target host="vclz.co" />
+	<target host="vcpl.me" />
+	<target host="vcr.bz" />
+	<target host="vcsd.in" />
+	<target host="vct.im" />
+	<target host="vct.one" />
+	<target host="vcte.ch" />
+	<target host="vctyfd.com" />
+	<target host="vd.ms" />
+	<target host="vda.cm" />
+	<target host="vdam.co" />
+	<target host="vdapr.com" />
+	<target host="vdara.lv" />
+	<target host="vdblo.gg" />
+	<target host="vdd.me" />
+	<target host="vdfn.co" />
+	<target host="vdfn.pt" />
+	<target host="vdg.tl" />
+	<target host="vdga.ga" />
+	<target host="vdgo.es" />
+	<target host="vdgr.is" />
+	<target host="vdig.co" />
+	<target host="vdk.st" />
+	<target host="vdms.us" />
+	<target host="vdo.ms" />
+	<target host="vdogart.ml" />
+	<target host="vdogr.am" />
+	<target host="vdp.gr" />
+	<target host="vdp.link" />
+	<target host="vdtslots.com" />
+	<target host="vdub.in" />
+	<target host="vdust.co" />
+	<target host="vdv.link" />
+	<target host="ve.ntu.re" />
+	<target host="vec7.uk" />
+	<target host="vectraai.ai" />
+	<target host="vedexp.uk" />
+	<target host="veear.asia" />
+	<target host="veeba.se" />
+	<target host="veevids.ml" />
+	<target host="veevo.ml" />
+	<target host="vefpna.com" />
+	<target host="vegfre.sh" />
+	<target host="veil.nu" />
+	<target host="velocitywm.com" />
+	<target host="ven.ky" />
+	<target host="ven3d.us" />
+	<target host="venat.us" />
+	<target host="venb.ca" />
+	<target host="vende-online.es" />
+	<target host="vendini.co" />
+	<target host="veniad.me" />
+	<target host="venn.digital" />
+	<target host="venner.ws" />
+	<target host="venofye.us" />
+	<target host="venst.re" />
+	<target host="venturaspir.it" />
+	<target host="venveo.co" />
+	<target host="veolar.me" />
+	<target host="ver-videohbo.gq" />
+	<target host="ver.clubtek.pt" />
+	<target host="ver.fm" />
+	<target host="ver.shipp.tv" />
+	<target host="ver.wowcx.com" />
+	<target host="vera.cd" />
+	<target host="veracr.us" />
+	<target host="verb.energy" />
+	<target host="verdi.vc" />
+	<target host="veri.praice.me" />
+	<target host="veri.to" />
+	<target host="veri.tv" />
+	<target host="verismo.news" />
+	<target host="veristore.info" />
+	<target host="veritone.us" />
+	<target host="verjano.co" />
+	<target host="verpeliculas.ml" />
+	<target host="verrag.io" />
+	<target host="vers.al" />
+	<target host="vers.biz" />
+	<target host="vert.ms" />
+	<target host="vertceri.se" />
+	<target host="verul.am" />
+	<target host="veryde.li" />
+	<target host="veryfakene.ws" />
+	<target host="ves.me" />
+	<target host="vesko.ch" />
+	<target host="vestc.org" />
+	<target host="vestky.st" />
+	<target host="vestor.ly" />
+	<target host="vetlas.net" />
+	<target host="vetr.in" />
+	<target host="veu.me" />
+	<target host="vexped.it" />
+	<target host="vey.li" />
+	<target host="veye.ca" />
+	<target host="veyo.co" />
+	<target host="veznik.eu" />
+	<target host="vf.fo" />
+	<target host="vfalun.se" />
+	<target host="vfcl.fr" />
+	<target host="vfl.me" />
+	<target host="vflink.it" />
+	<target host="vflm.tv" />
+	<target host="vfmallor.ca" />
+	<target host="vfsh.uk" />
+	<target host="vfutur.es" />
+	<target host="vg.life" />
+	<target host="vgc.tips" />
+	<target host="vgf.re" />
+	<target host="vgi.vg" />
+	<target host="vginfo.co" />
+	<target host="vgm.gr" />
+	<target host="vgndu.de" />
+	<target host="vgnlvrs.com" />
+	<target host="vgpod.com" />
+	<target host="vgrvlr.com" />
+	<target host="vgst.ch" />
+	<target host="vh.co" />
+	<target host="vh1-lhh.ml" />
+	<target host="vhajm.be" />
+	<target host="vhdo.nl" />
+	<target host="vhq.cc" />
+	<target host="vhrzn.uk" />
+	<target host="vhunt.rs" />
+	<target host="vi.sa" />
+	<target host="vi.siting.us" />
+	<target host="vi.tc" />
+	<target host="via.7hotels.com" />
+	<target host="via.arne030.eu" />
+	<target host="via.azarc.net" />
+	<target host="via.brianco.rs" />
+	<target host="via.cf.sg" />
+	<target host="via.coret.org" />
+	<target host="via.diapo.io" />
+	<target host="via.dj" />
+	<target host="via.don.ph" />
+	<target host="via.dotme.nl" />
+	<target host="via.ecilia.fr" />
+	<target host="via.ericthn.fr" />
+	<target host="via.gl" />
+	<target host="via.gp" />
+	<target host="via.ihin.es" />
+	<target host="via.james.ph" />
+	<target host="via.juthilo.com" />
+	<target host="via.kas.ky" />
+	<target host="via.kham.is" />
+	<target host="via.khow.it" />
+	<target host="via.kye.io" />
+	<target host="via.la11.net" />
+	<target host="via.macomber.de" />
+	<target host="via.mrkw.se" />
+	<target host="via.nkf.media" />
+	<target host="via.omcg.de" />
+	<target host="via.owlin.com" />
+	<target host="via.shavit.in" />
+	<target host="via.szz.cl" />
+	<target host="via.trp.nz" />
+	<target host="via.ulha.net" />
+	<target host="via.veron.ng" />
+	<target host="via.vocino.com" />
+	<target host="via.vode.com" />
+	<target host="via.vry.gd" />
+	<target host="viaja.am" />
+	<target host="viaja.la" />
+	<target host="viajwat.ch" />
+	<target host="viamont.es" />
+	<target host="viapalen.ml" />
+	<target host="viavalenhd.ml" />
+	<target host="viavidoc.com" />
+	<target host="viaway.me" />
+	<target host="viawi.re" />
+	<target host="vib.je" />
+	<target host="vicb.us" />
+	<target host="vice.fm" />
+	<target host="vice.video" />
+	<target host="vicesports.de" />
+	<target host="vicgal.uk" />
+	<target host="vicki.fr" />
+	<target host="vicpk.co" />
+	<target host="vict.ch" />
+	<target host="vict.io" />
+	<target host="victo.rs" />
+	<target host="victors.us" />
+	<target host="vid.ema-eda.com" />
+	<target host="vidaengdl.mx" />
+	<target host="vidds.ee" />
+	<target host="video2bra.in" />
+	<target host="videovc.tk" />
+	<target host="vidfru.it" />
+	<target host="vidmail.net" />
+	<target host="vidmarket.pro" />
+	<target host="vidsub.cf" />
+	<target host="viduli.ch" />
+	<target host="vidwst.cc" />
+	<target host="vie-tv-promo.ml" />
+	<target host="vieko.me" />
+	<target host="vietnap.co" />
+	<target host="viewquotes.uk" />
+	<target host="vigitox.org" />
+	<target host="vii.agency" />
+	<target host="viita.la" />
+	<target host="vik.so" />
+	<target host="vikn.gs" />
+	<target host="vikzriz.ml" />
+	<target host="vil.photos" />
+	<target host="vil.rs" />
+	<target host="vilag.ga" />
+	<target host="vilcap.tl" />
+	<target host="villcf.com" />
+	<target host="villian.ml" />
+	<target host="vilma.co" />
+	<target host="vim.io" />
+	<target host="vimal.mobi" />
+	<target host="vimeo-tv.cf" />
+	<target host="vin.ac" />
+	<target host="vin.ai" />
+	<target host="vinberdon.info" />
+	<target host="vinc.li" />
+	<target host="vincek.me" />
+	<target host="vincenzo.live" />
+	<target host="vinceq.com" />
+	<target host="vindanc.com" />
+	<target host="vinedist.it" />
+	<target host="vineland.dj" />
+	<target host="vinevera.co" />
+	<target host="vinews.co" />
+	<target host="vinho.me" />
+	<target host="vini.uk" />
+	<target host="vintagerugs.co" />
+	<target host="vintageurl.com" />
+	<target host="vintui.tv" />
+	<target host="vinyledit.co" />
+	<target host="viooz.ga" />
+	<target host="vip-watch.es" />
+	<target host="vip.invictus.mx" />
+	<target host="vipdates4u.com" />
+	<target host="vipnews.org.uk" />
+	<target host="vipqc.ca" />
+	<target host="vir.group" />
+	<target host="viraldu.mp" />
+	<target host="viralt.ag" />
+	<target host="virid.in" />
+	<target host="virtua.ca" />
+	<target host="virtuoso.ltd" />
+	<target host="virtusdcs.uk" />
+	<target host="virtuwi.se" />
+	<target host="vis.immo" />
+	<target host="vis.pm" />
+	<target host="viscon.me" />
+	<target host="vish.me" />
+	<target host="visha.re" />
+	<target host="visionary.zone" />
+	<target host="visionsofgod.us" />
+	<target host="visit-me.ml" />
+	<target host="visit-now.gq" />
+	<target host="visit.bicos.be" />
+	<target host="visit.sc" />
+	<target host="visit4u.co.vu" />
+	<target host="visitbam.org" />
+	<target host="visithere.cf" />
+	<target host="visithere.tk" />
+	<target host="visitherenow.ga" />
+	<target host="visitherenow.ml" />
+	<target host="visitnapl.es" />
+	<target host="visitnow.co.vu" />
+	<target host="visitnowhere.tk" />
+	<target host="visitoak.land" />
+	<target host="visitsl.info" />
+	<target host="visitsor.no" />
+	<target host="visitstiv.es" />
+	<target host="visittoplay.ga" />
+	<target host="visittowatch.ml" />
+	<target host="visitus.gq" />
+	<target host="visitwebsite.co" />
+	<target host="vistastar.co.uk" />
+	<target host="vistra.io" />
+	<target host="vit.so" />
+	<target host="vit4m0v.ml" />
+	<target host="vitaminsto.re" />
+	<target host="viteb.sk" />
+	<target host="vitgrp.com" />
+	<target host="vitl.us" />
+	<target host="vitobiz.com" />
+	<target host="vitria.io" />
+	<target host="viu.gg" />
+	<target host="vive.kg" />
+	<target host="vivi.do" />
+	<target host="vivilo.us" />
+	<target host="vivisc.al" />
+	<target host="vivite.ch" />
+	<target host="vivo.tl" />
+	<target host="vivomult.com" />
+	<target host="vivopl.co" />
+	<target host="vixn.co" />
+	<target host="viz.li" />
+	<target host="viziciti.es" />
+	<target host="viznu.co" />
+	<target host="vizsum.com" />
+	<target host="viztrans.com" />
+	<target host="vjam.es" />
+	<target host="vjd.io" />
+	<target host="vjl.me" />
+	<target host="vjp.me" />
+	<target host="vjp.pm" />
+	<target host="vjsolid.ml" />
+	<target host="vk.com.cm" />
+	<target host="vk.wix.com" />
+	<target host="vkjob.de" />
+	<target host="vkm.ag" />
+	<target host="vky.io" />
+	<target host="vkylat.am" />
+	<target host="vl.io" />
+	<target host="vlabx.co" />
+	<target host="vlad.trade" />
+	<target host="vladcampos.net" />
+	<target host="vlaf.co" />
+	<target host="vlcm.id" />
+	<target host="vldz.in" />
+	<target host="vlf.ac" />
+	<target host="vliet.land" />
+	<target host="vlim.tv" />
+	<target host="vlkn.me" />
+	<target host="vll.ge" />
+	<target host="vllt.at" />
+	<target host="vln.ro" />
+	<target host="vlnh.nl" />
+	<target host="vlp.to" />
+	<target host="vlpblog.com" />
+	<target host="vlr.io" />
+	<target host="vlra.co" />
+	<target host="vlrk.ly" />
+	<target host="vlrth.co" />
+	<target host="vlskvts.co" />
+	<target host="vltath.co" />
+	<target host="vltrs.xyz" />
+	<target host="vm2.in" />
+	<target host="vmaliku.cz" />
+	<target host="vmcl.cl" />
+	<target host="vmgiving.co" />
+	<target host="vmkt.co" />
+	<target host="vmlink.pw" />
+	<target host="vmm.tips" />
+	<target host="vmms.work" />
+	<target host="vmne.ws" />
+	<target host="vmobil.ec" />
+	<target host="vmr.link" />
+	<target host="vmug.pro" />
+	<target host="vmuliadi.me" />
+	<target host="vnat.ca" />
+	<target host="vnbc.me" />
+	<target host="vncntl.net" />
+	<target host="vni.fr" />
+	<target host="vnjc.co" />
+	<target host="vnjv.co" />
+	<target host="vnpr.gr" />
+	<target host="vnrk.co" />
+	<target host="vns.moe" />
+	<target host="vns.vet" />
+	<target host="vntage.co" />
+	<target host="vntg.se" />
+	<target host="vobytm.com" />
+	<target host="voc.tv" />
+	<target host="vocaloid.news" />
+	<target host="voci.io" />
+	<target host="vodafone.uk" />
+	<target host="vog.vg" />
+	<target host="voger.cf" />
+	<target host="voggle.co" />
+	<target host="voiceact.rs" />
+	<target host="voigt.land" />
+	<target host="voir.elise.re" />
+	<target host="voit.to" />
+	<target host="volarephoto.me" />
+	<target host="volc.io" />
+	<target host="voled.in" />
+	<target host="volley.so" />
+	<target host="vollup.ag" />
+	<target host="volo.to" />
+	<target host="vols.me" />
+	<target host="volu.sn" />
+	<target host="volvocars.us" />
+	<target host="vonmillerco.ml" />
+	<target host="vont.me" />
+	<target host="vonwong.co" />
+	<target host="voordelig.st" />
+	<target host="vops1.us" />
+	<target host="vorbbf.xyz" />
+	<target host="vosd.org" />
+	<target host="votew.in" />
+	<target host="vou99.co" />
+	<target host="voucherbox.ch" />
+	<target host="vouve.tv" />
+	<target host="voxi.st" />
+	<target host="voyager.wine" />
+	<target host="voyvil.co" />
+	<target host="vp-tv-online.cf" />
+	<target host="vp.teamgnh.it" />
+	<target host="vp4fitness.me" />
+	<target host="vpage.us" />
+	<target host="vpay.io" />
+	<target host="vpb.co" />
+	<target host="vpbss.com" />
+	<target host="vphd.info" />
+	<target host="vpo.st" />
+	<target host="vpolo.fr" />
+	<target host="vprt.co" />
+	<target host="vpsal.es" />
+	<target host="vpt.press" />
+	<target host="vpy.co" />
+	<target host="vq.io" />
+	<target host="vr.mlodo.com" />
+	<target host="vr.nightjar.co" />
+	<target host="vr.tl" />
+	<target host="vr46.ga" />
+	<target host="vraag.aboma.nl" />
+	<target host="vrb.bz" />
+	<target host="vrbn.ca" />
+	<target host="vrd.cc" />
+	<target host="vree.ws" />
+	<target host="vrenes.is" />
+	<target host="vrep.co" />
+	<target host="vrg-s.com" />
+	<target host="vrhk.co" />
+	<target host="vri.gd" />
+	<target host="vriq.us" />
+	<target host="vrlsr.net" />
+	<target host="vrnt.co" />
+	<target host="vro.li" />
+	<target host="vroe.gop" />
+	<target host="vroni.cc" />
+	<target host="vrscou.to" />
+	<target host="vrsk.co" />
+	<target host="vrsl.nu" />
+	<target host="vrsn.cc" />
+	<target host="vrt.as" />
+	<target host="vrt.nu" />
+	<target host="vrtas.co" />
+	<target host="vrtnow.com" />
+	<target host="vrtu.us" />
+	<target host="vrtv.nl" />
+	<target host="vruchtvle.es" />
+	<target host="vrussnps.co" />
+	<target host="vrxi.me" />
+	<target host="vryjn.it" />
+	<target host="vs2vl.co" />
+	<target host="vsalv.to" />
+	<target host="vsbl.io" />
+	<target host="vschool.life" />
+	<target host="vsct.us" />
+	<target host="vsearch.ws" />
+	<target host="vsell.is" />
+	<target host="vsen.tk" />
+	<target host="vseng.co" />
+	<target host="vshort.me" />
+	<target host="vsion.online" />
+	<target host="vsl.vc" />
+	<target host="vsljr.nl" />
+	<target host="vsltd.co" />
+	<target host="vspc.us" />
+	<target host="vsport.link" />
+	<target host="vspr.me" />
+	<target host="vsprt.com" />
+	<target host="vsq.io" />
+	<target host="vsqz.me" />
+	<target host="vss.la" />
+	<target host="vst.md" />
+	<target host="vstam.nl" />
+	<target host="vstd.io" />
+	<target host="vstk.co" />
+	<target host="vstphl.ly" />
+	<target host="vstr.at" />
+	<target host="vstsem.com" />
+	<target host="vsty.ca" />
+	<target host="vsurl.co" />
+	<target host="vt4u.nl" />
+	<target host="vtax.info" />
+	<target host="vtd-tar.co" />
+	<target host="vte4.me" />
+	<target host="vtl.life" />
+	<target host="vtly.co.uk" />
+	<target host="vtmc.co" />
+	<target host="vtns.io" />
+	<target host="vto.fyi" />
+	<target host="vtr.pe" />
+	<target host="vtst.eu" />
+	<target host="vtvr.gati.be" />
+	<target host="vtype.co" />
+	<target host="vuar.net" />
+	<target host="vudu.design" />
+	<target host="vug.ht" />
+	<target host="vuitton.lv" />
+	<target host="vuk.as" />
+	<target host="vulcanelite.tk" />
+	<target host="vulcaneng.co" />
+	<target host="vulcani.co" />
+	<target host="vult.re" />
+	<target host="vun.gl" />
+	<target host="vvc.me" />
+	<target host="vve.online" />
+	<target host="vvnt.co" />
+	<target host="vvro.us" />
+	<target host="vvvzld.nl" />
+	<target host="vwdesmoin.es" />
+	<target host="vwrd.nu" />
+	<target host="vx.ag" />
+	<target host="vxch.in" />
+	<target host="vxgrp.co" />
+	<target host="vxm.cc" />
+	<target host="vxpod.com" />
+	<target host="vxrail.is" />
+	<target host="vxxxi.com" />
+	<target host="vy.recordfy.com" />
+	<target host="vyl.at" />
+	<target host="vynt.co" />
+	<target host="vyperlink.ga" />
+	<target host="vypij.bar" />
+	<target host="vysion.tech" />
+	<target host="vz.nu" />
+	<target host="vz.to" />
+	<target host="vzaar.co" />
+	<target host="vzd.co" />
+	<target host="vzls.net" />
+	<target host="vzp.ro" />
+	<target host="vzr.tv" />
+	<target host="w-jack.com" />
+	<target host="w-o.it" />
+	<target host="w-ops.com" />
+	<target host="w.411center.com" />
+	<target host="w.agarciatv.com" />
+	<target host="w.archiliste.fr" />
+	<target host="w.aross.se" />
+	<target host="w.batlayeri.com" />
+	<target host="w.beach.com" />
+	<target host="w.bempresas.co" />
+	<target host="w.brauz.com" />
+	<target host="w.btr.org" />
+	<target host="w.bushoi.net" />
+	<target host="w.carbonpear.tv" />
+	<target host="w.catster.com" />
+	<target host="w.cooldept.com" />
+	<target host="w.cranear.com" />
+	<target host="w.csb.net.br" />
+	<target host="w.cyat.es" />
+	<target host="w.danielpaz.net" />
+	<target host="w.datawifi.co" />
+	<target host="w.dkaodai.com" />
+	<target host="w.dogster.com" />
+	<target host="w.dpdk.nl" />
+	<target host="w.drgarytho.com" />
+	<target host="w.eitz.me" />
+	<target host="w.erbloggt.de" />
+	<target host="w.expertera.com" />
+	<target host="w.forteds.com" />
+	<target host="w.fullsail.edu" />
+	<target host="w.grbz.jp" />
+	<target host="w.guimot.com" />
+	<target host="w.hwh.jp" />
+	<target host="w.idg.de" />
+	<target host="w.ij.pe" />
+	<target host="w.illiams.com" />
+	<target host="w.inm.uy" />
+	<target host="w.innomotion.me" />
+	<target host="w.itpro.es" />
+	<target host="w.javimata.com" />
+	<target host="w.jerw.in" />
+	<target host="w.jibsam.com" />
+	<target host="w.jpmclean.me" />
+	<target host="w.jrnl.com" />
+	<target host="w.kabam.com" />
+	<target host="w.kerala.viajes" />
+	<target host="w.krulz.nl" />
+	<target host="w.lbcgroup.tv" />
+	<target host="w.lbci.com" />
+	<target host="w.lcrga.com" />
+	<target host="w.leopoly.com" />
+	<target host="w.liturgia.pl" />
+	<target host="w.mazparts.net" />
+	<target host="w.me.uk" />
+	<target host="w.misl.es" />
+	<target host="w.narhar.co" />
+	<target host="w.naukri.com" />
+	<target host="w.ocara.net" />
+	<target host="w.oneworld.nl" />
+	<target host="w.pairs.lv" />
+	<target host="w.pb.lc" />
+	<target host="w.petiz.me" />
+	<target host="w.pib.by" />
+	<target host="w.ppixls.com" />
+	<target host="w.preston.ie" />
+	<target host="w.prive.im" />
+	<target host="w.readwrite.com" />
+	<target host="w.rtnc.me" />
+	<target host="w.saifsamir.com" />
+	<target host="w.sam.ink" />
+	<target host="w.saymedia.com" />
+	<target host="w.tboy.co" />
+	<target host="w.thangsapp.com" />
+	<target host="w.thefga.org" />
+	<target host="w.tides.org" />
+	<target host="w.tt" />
+	<target host="w.w3cinc.com" />
+	<target host="w.watu.co.za" />
+	<target host="w.we-rl.xyz" />
+	<target host="w.webguruit.com" />
+	<target host="w.xojane.co.uk" />
+	<target host="w.xojane.com" />
+	<target host="w.zequi.es" />
+	<target host="w.zipbob.net" />
+	<target host="w0.ip-net.work" />
+	<target host="w0ng.me" />
+	<target host="w100.org" />
+	<target host="w17m.com" />
+	<target host="w1z.us" />
+	<target host="w2.mtyrc.org" />
+	<target host="w2t.it" />
+	<target host="w2u.eu" />
+	<target host="w3.haltonyc.com" />
+	<target host="w30.co" />
+	<target host="w3b.li" />
+	<target host="w3ha.us" />
+	<target host="w3st.ml" />
+	<target host="w4chip.uk" />
+	<target host="w4e.cc" />
+	<target host="w4good.co" />
+	<target host="w4ktunahd.ml" />
+	<target host="w4tch.ml" />
+	<target host="w4tv.ml" />
+	<target host="w4u.co" />
+	<target host="w9r.de" />
+	<target host="wa-m.co" />
+	<target host="wa.gs" />
+	<target host="wa.hna.de" />
+	<target host="wa.op-online.de" />
+	<target host="waabbuzz.ml" />
+	<target host="waad.co" />
+	<target host="waays.tv" />
+	<target host="wacom.li" />
+	<target host="wacs.ae" />
+	<target host="wadadaw.ml" />
+	<target host="wadds.co" />
+	<target host="waditrack.co" />
+	<target host="wafami.ly" />
+	<target host="wafj.fm" />
+	<target host="wag.so" />
+	<target host="wahoowa.net" />
+	<target host="wahs.tk" />
+	<target host="waida.tk" />
+	<target host="wailo.re" />
+	<target host="waka.io" />
+	<target host="wakediv.school" />
+	<target host="wakefo.rest" />
+	<target host="wakeforest.news" />
+	<target host="wakesurf.coach" />
+	<target host="wal.is" />
+	<target host="wal.mw" />
+	<target host="wald.photo" />
+	<target host="walk.sc" />
+	<target host="walker.news" />
+	<target host="walkfr.ee" />
+	<target host="walkjc.org" />
+	<target host="wallace.sc" />
+	<target host="wallapop.to" />
+	<target host="wallfor.pet" />
+	<target host="wallsi.de" />
+	<target host="walser.ag" />
+	<target host="walul.is" />
+	<target host="wam.gt" />
+	<target host="wam.rocks" />
+	<target host="wamu.fm" />
+	<target host="wamutd.uk" />
+	<target host="wana.run" />
+	<target host="wander.click" />
+	<target host="wander.life" />
+	<target host="wantto.ski" />
+	<target host="wapg.ly" />
+	<target host="wapo.st" />
+	<target host="wapypie.ml" />
+	<target host="war.susucow.com" />
+	<target host="wardrobe.sh" />
+	<target host="wardt.ms" />
+	<target host="wardy.group" />
+	<target host="warners.gr" />
+	<target host="warp.ga" />
+	<target host="warren.ms" />
+	<target host="was.sent.fyi" />
+	<target host="washca.ps" />
+	<target host="washex.am" />
+	<target host="washin.st" />
+	<target host="washn.at" />
+	<target host="wastartoys.ga" />
+	<target host="wat.ky" />
+	<target host="wat.life" />
+	<target host="wat.vc" />
+	<target host="watch-21.ml" />
+	<target host="watch-4ktv.ml" />
+	<target host="watch-amc.ml" />
+	<target host="watch-hd.ga" />
+	<target host="watch-hd.ml" />
+	<target host="watch-movie.ml" />
+	<target host="watch-now.cf" />
+	<target host="watch-now.ga" />
+	<target host="watch-now.gq" />
+	<target host="watch-online.ml" />
+	<target host="watch-play.ml" />
+	<target host="watch-show.tk" />
+	<target host="watch-stream.ml" />
+	<target host="watch-tmdb.ml" />
+	<target host="watch-tv.ml" />
+	<target host="watch-tvdb.ml" />
+	<target host="watch-tvdb.tk" />
+	<target host="watch-tvhd.ml" />
+	<target host="watch-tvs.ml" />
+	<target host="watch-tvshow.gq" />
+	<target host="watch-tvshow.ml" />
+	<target host="watch.neil.me" />
+	<target host="watch.twitch.tv" />
+	<target host="watch0nline.ml" />
+	<target host="watch0nline.tk" />
+	<target host="watch2017.ml" />
+	<target host="watch32.ml" />
+	<target host="watch780hd.ml" />
+	<target host="watchboysto.ml" />
+	<target host="watched.tk" />
+	<target host="watchh.ga" />
+	<target host="watchhd.ml" />
+	<target host="watchhd.tk" />
+	<target host="watchnet.cf" />
+	<target host="watchnext.it" />
+	<target host="watchng.ga" />
+	<target host="watchnow.ga" />
+	<target host="watchnow1.co.vu" />
+	<target host="watchnowhere.ml" />
+	<target host="watchon.co.vu" />
+	<target host="watchon.ml" />
+	<target host="watchrms.ml" />
+	<target host="watchseries.ml" />
+	<target host="watchshow.ml" />
+	<target host="watchstream.ga" />
+	<target host="watchthis.nyc" />
+	<target host="watchtv-show.ml" />
+	<target host="watchtvs4k.gq" />
+	<target host="watchtvshow.ml" />
+	<target host="watchvidio.ml" />
+	<target host="watera.id" />
+	<target host="waterbluehd.ml" />
+	<target host="watercrun.ch" />
+	<target host="wathejig.ml" />
+	<target host="watkins.media" />
+	<target host="wats-on.co" />
+	<target host="watson.link" />
+	<target host="watt.so" />
+	<target host="wattu.se" />
+	<target host="waubad.ml" />
+	<target host="wavereps.net" />
+	<target host="wawf.org" />
+	<target host="waworld.me" />
+	<target host="wawr.us" />
+	<target host="way.fm" />
+	<target host="wayfair.ly" />
+	<target host="waymn.com" />
+	<target host="wayne.to" />
+	<target host="wayntb.com" />
+	<target host="waze.jlss.eu" />
+	<target host="wb.kvbaden.ch" />
+	<target host="wb.md" />
+	<target host="wbaer.io" />
+	<target host="wbat.es" />
+	<target host="wbcrt.nz" />
+	<target host="wbdef.nl" />
+	<target host="wben.ch" />
+	<target host="wbez.is" />
+	<target host="wbfy.ml" />
+	<target host="wbhlc.in" />
+	<target host="wbhs.nz" />
+	<target host="wbi.link" />
+	<target host="wbiz.me" />
+	<target host="wbm.in" />
+	<target host="wbmktg.co" />
+	<target host="wbn.io" />
+	<target host="wbns.tv" />
+	<target host="wbp.me" />
+	<target host="wbr.bike" />
+	<target host="wbr.io" />
+	<target host="wbr.onl" />
+	<target host="wbrp.li" />
+	<target host="wbrp.link" />
+	<target host="wbsc.nl" />
+	<target host="wbsmba.uk" />
+	<target host="wbt.ms" />
+	<target host="wbur.fm" />
+	<target host="wbutcher.link" />
+	<target host="wbwi.re" />
+	<target host="wbx.de" />
+	<target host="wbxu.uk" />
+	<target host="wbz.gy" />
+	<target host="wbzn.co" />
+	<target host="wcas.nu" />
+	<target host="wcbl.us" />
+	<target host="wcd.me" />
+	<target host="wcf.co" />
+	<target host="wcfacts.info" />
+	<target host="wcgc.news" />
+	<target host="wcha.it" />
+	<target host="wchbl.co" />
+	<target host="wchor.us" />
+	<target host="wck.bz" />
+	<target host="wcls.co" />
+	<target host="wco.cm" />
+	<target host="wcr.qld.gov.au" />
+	<target host="wcs.fyi" />
+	<target host="wct.bz" />
+	<target host="wctheat.re" />
+	<target host="wcts.co" />
+	<target host="wcwed.pw" />
+	<target host="wdat.es" />
+	<target host="wddk.co" />
+	<target host="wdglink.to" />
+	<target host="wdhne.ws" />
+	<target host="wdhrn.co" />
+	<target host="wdls.me" />
+	<target host="wdmag.nl" />
+	<target host="wdp.io" />
+	<target host="wdr.bz" />
+	<target host="wdrb.news" />
+	<target host="wdrp.us" />
+	<target host="wdrt.co" />
+	<target host="wds.af" />
+	<target host="wdsc.club" />
+	<target host="wdsdg.org" />
+	<target host="wdstk.ga" />
+	<target host="wdtn.tv" />
+	<target host="wdwnt.co" />
+	<target host="wdxy.co" />
+	<target host="wdymeme.com" />
+	<target host="wdyt.it" />
+	<target host="wdywt.me" />
+	<target host="we-b.lv" />
+	<target host="we.bbw-love.com" />
+	<target host="we.bgrrl.com" />
+	<target host="we.co" />
+	<target host="we.gg" />
+	<target host="we.ma.de" />
+	<target host="we.mthebron.us" />
+	<target host="weal.media" />
+	<target host="wealth.bar" />
+	<target host="wearcu.be" />
+	<target host="weare.blvrs.org" />
+	<target host="weareeby.com" />
+	<target host="wearekio.sk" />
+	<target host="wearepgh.us" />
+	<target host="wearesl.am" />
+	<target host="wearev1.co" />
+	<target host="wearfi.gs" />
+	<target host="weav.it" />
+	<target host="web-coach.at" />
+	<target host="web.comviq.se" />
+	<target host="web.croakun.com" />
+	<target host="web.difway.ru" />
+	<target host="web.id2.at" />
+	<target host="web.inafish.net" />
+	<target host="web.knoah.com" />
+	<target host="web.pfadwind.de" />
+	<target host="web.rigoeva.ro" />
+	<target host="web.tele2.ee" />
+	<target host="web.tele2.se" />
+	<target host="web.vyvolej.to" />
+	<target host="web.yakovets.ru" />
+	<target host="webap.is" />
+	<target host="webauvergne.fr" />
+	<target host="webcheck.co" />
+	<target host="webchills.me" />
+	<target host="webdev.co" />
+	<target host="webed.pw" />
+	<target host="webelos336.com" />
+	<target host="webie.eu" />
+	<target host="webis.la" />
+	<target host="webjoe.co" />
+	<target host="webmania.me" />
+	<target host="webmo.to" />
+	<target host="webographe.com" />
+	<target host="webos.is" />
+	<target host="webpsy.ch" />
+	<target host="webpt.co" />
+	<target host="webr.ch" />
+	<target host="webr.ws" />
+	<target host="webs.nl" />
+	<target host="webtou.ch" />
+	<target host="webwise.me" />
+	<target host="wec.re" />
+	<target host="wecing.ml" />
+	<target host="weck.ga" />
+	<target host="wecou.ch" />
+	<target host="wecu.re" />
+	<target host="wed-ven.co.uk" />
+	<target host="wed.best" />
+	<target host="wed.fotox.lv" />
+	<target host="wed.li" />
+	<target host="wedbyyes.tips" />
+	<target host="wedc.lu" />
+	<target host="weddingcoupl.es" />
+	<target host="weddingmovie.us" />
+	<target host="wedfrwd.co" />
+	<target host="wedgi.es" />
+	<target host="wedgui.de" />
+	<target host="wedlyf.pw" />
+	<target host="wedsit.es" />
+	<target host="wee.maebh.in" />
+	<target host="wee.sc" />
+	<target host="wee.sk" />
+	<target host="weechef.co" />
+	<target host="weeckd.store" />
+	<target host="weedma.ps" />
+	<target host="weee.cf" />
+	<target host="weeklyseries.cf" />
+	<target host="weelink.xyz" />
+	<target host="weeloy.co" />
+	<target host="weese.me" />
+	<target host="weeuk.com" />
+	<target host="wef.ch" />
+	<target host="weflyas.one" />
+	<target host="weg.bz" />
+	<target host="wegg.la" />
+	<target host="wegift.mobi" />
+	<target host="wegoh.co" />
+	<target host="wehelp.build" />
+	<target host="weil.ws" />
+	<target host="weiter-zu.de" />
+	<target host="weiter.tk" />
+	<target host="weitz.co" />
+	<target host="wejust.run" />
+	<target host="weknowfood.ca" />
+	<target host="wel.vu" />
+	<target host="welcomi.ng" />
+	<target host="weld.so" />
+	<target host="welike.to" />
+	<target host="wellc.me" />
+	<target host="wellclinic.us" />
+	<target host="welles.me" />
+	<target host="wellni.city" />
+	<target host="wells.as" />
+	<target host="wellscs.info" />
+	<target host="weln.es" />
+	<target host="welove.to" />
+	<target host="weltrv.co" />
+	<target host="wema.ga" />
+	<target host="wemertgroup.com" />
+	<target host="wender.co" />
+	<target host="wensley.eu" />
+	<target host="weoly.com" />
+	<target host="wepave.it" />
+	<target host="werx.love" />
+	<target host="wes-edu.in" />
+	<target host="wes.tn" />
+	<target host="wesail.me" />
+	<target host="wescodi.st" />
+	<target host="wespi.re" />
+	<target host="west.tn" />
+	<target host="westa.news" />
+	<target host="westbred.ag" />
+	<target host="westco.at" />
+	<target host="westhol.me" />
+	<target host="westm.in" />
+	<target host="westo.us" />
+	<target host="westsidechur.ch" />
+	<target host="westy.bz" />
+	<target host="wet.pt" />
+	<target host="weteach.me" />
+	<target host="wethep.pl" />
+	<target host="wetv.ninja" />
+	<target host="wevolve.pro" />
+	<target host="wewill.nu" />
+	<target host="weypav.uk" />
+	<target host="wf.eng-eff.com" />
+	<target host="wf.insure" />
+	<target host="wf.net.au" />
+	<target host="wf3p.tk" />
+	<target host="wfa.re" />
+	<target host="wfall.co" />
+	<target host="wfall.in" />
+	<target host="wfapm.com" />
+	<target host="wfbmag.co" />
+	<target host="wfc.life" />
+	<target host="wfc.world" />
+	<target host="wfl.me" />
+	<target host="wfmthldr.com" />
+	<target host="wfol.ly" />
+	<target host="wfplne.ws" />
+	<target host="wfr.re" />
+	<target host="wfre.us" />
+	<target host="wfti.co" />
+	<target host="wfts.tv" />
+	<target host="wfu.law" />
+	<target host="wfvv.eu" />
+	<target host="wgaz.ca" />
+	<target host="wghtloss.cc" />
+	<target host="wgkl.im" />
+	<target host="wgn.to" />
+	<target host="wgnr.es" />
+	<target host="wgnrd.es" />
+	<target host="wgrd.tech" />
+	<target host="wgtl.es" />
+	<target host="wgtn.cc" />
+	<target host="wh.istmein.de" />
+	<target host="wh.yslow.org" />
+	<target host="wh1.in" />
+	<target host="wha.fyi" />
+	<target host="whaleoil.me" />
+	<target host="whast.us" />
+	<target host="whatca.st" />
+	<target host="whatching1.ml" />
+	<target host="whatdat.co.vu" />
+	<target host="whate.ch" />
+	<target host="whats-on.ml" />
+	<target host="whatsappch.at" />
+	<target host="whatspeci.es" />
+	<target host="whcg.co" />
+	<target host="whcgjobs.co" />
+	<target host="whco.ovh" />
+	<target host="whcs.law" />
+	<target host="whda.co" />
+	<target host="whdy.us" />
+	<target host="whenbchapp.in" />
+	<target host="whenwhere.link" />
+	<target host="whenyoustop.uk" />
+	<target host="wher.be" />
+	<target host="whf.cm" />
+	<target host="whf.rocks" />
+	<target host="whi.ch" />
+	<target host="whirwindhd.ml" />
+	<target host="whis.tl" />
+	<target host="whiskeyice.co" />
+	<target host="whisp.rs" />
+	<target host="whistle.fish" />
+	<target host="whit.press" />
+	<target host="whitemts.us" />
+	<target host="whiteraven.co" />
+	<target host="whitta.link" />
+	<target host="whk.mp" />
+	<target host="whlp.ly" />
+	<target host="whmag.co" />
+	<target host="who3.link" />
+	<target host="whoa.so" />
+	<target host="whoaba.be" />
+	<target host="whoishussa.in" />
+	<target host="wholeful.ly" />
+	<target host="whomentors.info" />
+	<target host="whoopth.is" />
+	<target host="whot.co" />
+	<target host="whotels.ht" />
+	<target host="whpub.me" />
+	<target host="whr.tn" />
+	<target host="whrsml.eu" />
+	<target host="whs.pr" />
+	<target host="whsky.biz" />
+	<target host="whsky.me" />
+	<target host="whskyjlt.co" />
+	<target host="wht.to" />
+	<target host="whtp.gs" />
+	<target host="whtsdspd.co" />
+	<target host="whuzz.cool" />
+	<target host="whwl.me" />
+	<target host="whytlink.jp" />
+	<target host="whz.li" />
+	<target host="wi.st" />
+	<target host="wi28.it" />
+	<target host="wib.li" />
+	<target host="wibl.co" />
+	<target host="wibl.it" />
+	<target host="wickford.co" />
+	<target host="widepip.es" />
+	<target host="wie.gr" />
+	<target host="wie.la" />
+	<target host="wiesn.link" />
+	<target host="wifihax.me" />
+	<target host="wifijan.us" />
+	<target host="wight.photos" />
+	<target host="wihda.info" />
+	<target host="wihist.org" />
+	<target host="wiht.co" />
+	<target host="wii.re" />
+	<target host="wikif.in" />
+	<target host="wil.by" />
+	<target host="wild.ng" />
+	<target host="wild.st" />
+	<target host="wild.tips" />
+	<target host="wildbeau.tv" />
+	<target host="wildcatvp.vc" />
+	<target host="wildest.fans" />
+	<target host="wildfire.me" />
+	<target host="wildflr.ca" />
+	<target host="wildhor.se" />
+	<target host="wildtravl.com" />
+	<target host="wildz.in" />
+	<target host="wiley.be" />
+	<target host="willia4.link" />
+	<target host="william.digital" />
+	<target host="williamsjm.us" />
+	<target host="willingways.cc" />
+	<target host="willingways.co" />
+	<target host="willowtr.ee" />
+	<target host="willrz.me" />
+	<target host="wills.ly" />
+	<target host="willu.buzz" />
+	<target host="wilshp.uk" />
+	<target host="wilz.me" />
+	<target host="wimg.co" />
+	<target host="wimm.club" />
+	<target host="win.gs" />
+	<target host="win.omunroe.com" />
+	<target host="winafy.io" />
+	<target host="winal.ist" />
+	<target host="wind.mn" />
+	<target host="wind.social" />
+	<target host="wind.st" />
+	<target host="wind.to" />
+	<target host="wine.social" />
+	<target host="winegeo.me" />
+	<target host="winema.ps" />
+	<target host="winesp.ec" />
+	<target host="winkler.buzz" />
+	<target host="winm.kr" />
+	<target host="winnie.tips" />
+	<target host="winq.org" />
+	<target host="winspi.re" />
+	<target host="wintertrex.me" />
+	<target host="winzi.gs" />
+	<target host="winzow.com" />
+	<target host="wip.imagient.ro" />
+	<target host="wirebird.co" />
+	<target host="wiremag.co" />
+	<target host="wirex.news" />
+	<target host="wiro.ml" />
+	<target host="wis.tw" />
+	<target host="wisd.fyi" />
+	<target host="wise.gg" />
+	<target host="wise.so" />
+	<target host="wisebr.us" />
+	<target host="wisedu.ca" />
+	<target host="wiselife.co" />
+	<target host="wiseprnr.com" />
+	<target host="wisesync.link" />
+	<target host="wishak.co" />
+	<target host="wishq.co" />
+	<target host="witchery.social" />
+	<target host="with.media" />
+	<target host="withne.ws" />
+	<target host="witti.me" />
+	<target host="wix.click" />
+	<target host="wiz.bi" />
+	<target host="wiz.fm" />
+	<target host="wiz.ms" />
+	<target host="wizi.li" />
+	<target host="wizkid.me" />
+	<target host="wizkids.io" />
+	<target host="wj.xperi.link" />
+	<target host="wjblnk.com" />
+	<target host="wjburgin.info" />
+	<target host="wjcf.co" />
+	<target host="wjns.co" />
+	<target host="wjr.me" />
+	<target host="wjrny.co" />
+	<target host="wjtk.pl" />
+	<target host="wkbg.co" />
+	<target host="wkbn.ch" />
+	<target host="wkdwn.ch" />
+	<target host="wkg.li" />
+	<target host="wkis.us" />
+	<target host="wkle.in" />
+	<target host="wklyt.st" />
+	<target host="wkndcllc.tv" />
+	<target host="wkr.me" />
+	<target host="wkrg.co" />
+	<target host="wkrn.tv" />
+	<target host="wksf.co" />
+	<target host="wksp.guru" />
+	<target host="wktv.co" />
+	<target host="wkup.ca" />
+	<target host="wkwine.us" />
+	<target host="wkx.jp" />
+	<target host="wkyry.me" />
+	<target host="wl2s.co" />
+	<target host="wlabs.me" />
+	<target host="wlaun.ch" />
+	<target host="wlcx.us" />
+	<target host="wld.mn" />
+	<target host="wldc.us" />
+	<target host="wldflr.com" />
+	<target host="wldhr.co" />
+	<target host="wldk.nl" />
+	<target host="wldktn.co" />
+	<target host="wldmtn.co" />
+	<target host="wldrns.co" />
+	<target host="wldt.ms" />
+	<target host="wlfe.st" />
+	<target host="wlk.dog" />
+	<target host="wlkh.to" />
+	<target host="wlkr.art" />
+	<target host="wlkrnds.com" />
+	<target host="wlksply.co" />
+	<target host="wll.coffee" />
+	<target host="wllmtt.cc" />
+	<target host="wllw.de" />
+	<target host="wlnt.cc" />
+	<target host="wlrn.us" />
+	<target host="wlsn.me" />
+	<target host="wlstrm.me" />
+	<target host="wlth.co" />
+	<target host="wlth.fr" />
+	<target host="wltr.me" />
+	<target host="wlvs.info" />
+	<target host="wm-alex.com" />
+	<target host="wmb.se" />
+	<target host="wmck.co" />
+	<target host="wmde.org" />
+	<target host="wmdid.com" />
+	<target host="wmdigit.al" />
+	<target host="wmdry.com" />
+	<target host="wmfdesigns.nl" />
+	<target host="wmfs.link" />
+	<target host="wmg.cc" />
+	<target host="wmg.ie" />
+	<target host="wmk.me" />
+	<target host="wmktg.us" />
+	<target host="wmm.es" />
+	<target host="wmp.life" />
+	<target host="wmsoftwa.re" />
+	<target host="wmsy.me" />
+	<target host="wmw.social" />
+	<target host="wn.tn" />
+	<target host="wn1.in" />
+	<target host="wn1.link" />
+	<target host="wnatl.com" />
+	<target host="wnbr.gr" />
+	<target host="wncn.tv" />
+	<target host="wndr.dk" />
+	<target host="wndrbr.es" />
+	<target host="wndrfl.co" />
+	<target host="wndrful.co" />
+	<target host="wndrjm.com" />
+	<target host="wndry.com" />
+	<target host="wndsr.co" />
+	<target host="wne.al" />
+	<target host="wnetrza3d.com" />
+	<target host="wnf.is" />
+	<target host="wnpg.ca" />
+	<target host="wnr.io" />
+	<target host="wnrck.org" />
+	<target host="wnssa.co" />
+	<target host="wnstn.org.uk" />
+	<target host="wntd.it" />
+	<target host="wntr.it" />
+	<target host="wntz.nl" />
+	<target host="wnut.in" />
+	<target host="wnzl.ca" />
+	<target host="wo.wbat.us" />
+	<target host="woak.in" />
+	<target host="woba.co" />
+	<target host="wobl.ink" />
+	<target host="wobs.co" />
+	<target host="wod.city" />
+	<target host="wode.nz" />
+	<target host="wodwell.co" />
+	<target host="wogas.ink" />
+	<target host="wohnhirs.ch" />
+	<target host="woj.pwm.cc" />
+	<target host="wojo.co.nz" />
+	<target host="woko.agency" />
+	<target host="wokon.in" />
+	<target host="wolber.me" />
+	<target host="wolblog.com" />
+	<target host="wolf.pk" />
+	<target host="wolfga.ng" />
+	<target host="wolfsru.de" />
+	<target host="wolver.in" />
+	<target host="wom.us" />
+	<target host="womanon.co" />
+	<target host="womenintest.com" />
+	<target host="wond.us" />
+	<target host="wonderand.co" />
+	<target host="wondo.us" />
+	<target host="wong.lol" />
+	<target host="wongwrit.es" />
+	<target host="wonseo.kr" />
+	<target host="woo.hockey" />
+	<target host="woodm.ag" />
+	<target host="woods.to" />
+	<target host="woof.media" />
+	<target host="woof.photo" />
+	<target host="woof.wf" />
+	<target host="woori.se" />
+	<target host="woosp.co" />
+	<target host="wooton.in" />
+	<target host="word.bz" />
+	<target host="wordonf.in" />
+	<target host="words.zynga.my" />
+	<target host="words2.zynga.my" />
+	<target host="worfo.lk" />
+	<target host="work.therabs.me" />
+	<target host="workforus.co" />
+	<target host="workolo.gy" />
+	<target host="world-hd.ml" />
+	<target host="worldandm.com" />
+	<target host="worlddr.us" />
+	<target host="worldho.st" />
+	<target host="worldm0v.ml" />
+	<target host="worldrad.io" />
+	<target host="worldri.de" />
+	<target host="worldsoc.cr" />
+	<target host="worldut.io" />
+	<target host="worshipo.co" />
+	<target host="worts.pl" />
+	<target host="wos.im" />
+	<target host="woso.rocks" />
+	<target host="wosu.pm" />
+	<target host="wott.ch" />
+	<target host="wovex.tv" />
+	<target host="wowtom.ga" />
+	<target host="wowzr.me" />
+	<target host="wozz.in" />
+	<target host="wp-hr.com" />
+	<target host="wp-plugins.in" />
+	<target host="wp.goto.top" />
+	<target host="wp.kazy.in" />
+	<target host="wp1mo.in" />
+	<target host="wpa.la" />
+	<target host="wpa.vc" />
+	<target host="wpar.co" />
+	<target host="wpbeg.in" />
+	<target host="wpboss.link" />
+	<target host="wpchi.me" />
+	<target host="wpchk.it" />
+	<target host="wpcs.pw" />
+	<target host="wpd.im" />
+	<target host="wpdhs.me" />
+	<target host="wpe.link" />
+	<target host="wpezdev.com" />
+	<target host="wpfilm.co" />
+	<target host="wpfr.eu" />
+	<target host="wpgjets.co" />
+	<target host="wpgr.es" />
+	<target host="wpi.news" />
+	<target host="wpi.sm" />
+	<target host="wpi.today" />
+	<target host="wpku.be" />
+	<target host="wpm.bz" />
+	<target host="wpmag.me" />
+	<target host="wpo.pw" />
+	<target host="wpp.to" />
+	<target host="wprk.eu" />
+	<target host="wps.sx" />
+	<target host="wpsc.me" />
+	<target host="wpsm.nl" />
+	<target host="wpstar.me" />
+	<target host="wpta.co" />
+	<target host="wptips.at" />
+	<target host="wpv.tips" />
+	<target host="wpvum.com" />
+	<target host="wpx.in" />
+	<target host="wpycb.info" />
+	<target host="wr2k.de" />
+	<target host="wra.cc" />
+	<target host="wrbn.co" />
+	<target host="wrc.link" />
+	<target host="wrc.ms" />
+	<target host="wrcd.us" />
+	<target host="wrctr.co" />
+	<target host="wrd.cm" />
+	<target host="wrd.wf" />
+	<target host="wrdc.mp" />
+	<target host="wrds.pw" />
+	<target host="wre.jp" />
+	<target host="wrem.it" />
+	<target host="wrenchte.ch" />
+	<target host="wres.pw" />
+	<target host="wrestle.guru" />
+	<target host="wrg-av.co" />
+	<target host="wrg.me" />
+	<target host="wrglr.co" />
+	<target host="wrgm.ag" />
+	<target host="wrgrp.social" />
+	<target host="wrhstol.com" />
+	<target host="wri.ting.tips" />
+	<target host="wristgaze.co" />
+	<target host="wristtickers.co" />
+	<target host="writ.rs" />
+	<target host="writ.st" />
+	<target host="write.nu" />
+	<target host="writeboost.info" />
+	<target host="writema.sh" />
+	<target host="writemy.co" />
+	<target host="wrk.hk" />
+	<target host="wrkbx.com" />
+	<target host="wrkfra.me" />
+	<target host="wrkn.cr" />
+	<target host="wrkprty.at" />
+	<target host="wrks.me" />
+	<target host="wrkt.co" />
+	<target host="wrkvr.nl" />
+	<target host="wrl0ck.ml" />
+	<target host="wrldbra.in" />
+	<target host="wrnk.co" />
+	<target host="wroyaltie.com" />
+	<target host="wrs.io" />
+	<target host="wrt.cm" />
+	<target host="wrt.lv" />
+	<target host="wrtdb.uk" />
+	<target host="wrtgr.com" />
+	<target host="wrtnews.co" />
+	<target host="wrv.pw" />
+	<target host="wrwr.co" />
+	<target host="ws-24.de" />
+	<target host="wsampod.com" />
+	<target host="wscrk.com" />
+	<target host="wselect.rs" />
+	<target host="wset.co" />
+	<target host="wsfd.ly" />
+	<target host="wsg.click" />
+	<target host="wsgr.to" />
+	<target host="wsh.io" />
+	<target host="wsharks.com" />
+	<target host="wshbrn.com" />
+	<target host="wsl.tv" />
+	<target host="wsm.co" />
+	<target host="wsm.la" />
+	<target host="wsmedia.xyz" />
+	<target host="wsna.to" />
+	<target host="wsol.co" />
+	<target host="wsp.link" />
+	<target host="wsp.to" />
+	<target host="wspk.co" />
+	<target host="wspnt.co" />
+	<target host="wsps.news" />
+	<target host="wsrd.net" />
+	<target host="wsshd.com" />
+	<target host="wssnr.nl" />
+	<target host="wstyle.nz" />
+	<target host="wsu.mn" />
+	<target host="wsx5.net" />
+	<target host="wsyste.ms" />
+	<target host="wt.rdg.ac" />
+	<target host="wt.tl" />
+	<target host="wt9.club" />
+	<target host="wtbl.link" />
+	<target host="wtec.us" />
+	<target host="wteme.tk" />
+	<target host="wtfh.co" />
+	<target host="wtfthis.me" />
+	<target host="wthink.me" />
+	<target host="wthms.co" />
+	<target host="wtm.link" />
+	<target host="wtms.si" />
+	<target host="wtnb.pw" />
+	<target host="wto.co.pl" />
+	<target host="wtp.world" />
+	<target host="wtr.gy" />
+	<target host="wtr.ie" />
+	<target host="wtr.mn" />
+	<target host="wtrmln.co" />
+	<target host="wtrne.ws" />
+	<target host="wtrpr.tl" />
+	<target host="wtrs.tk" />
+	<target host="wtru.st" />
+	<target host="wtso.co" />
+	<target host="wtsrv.co" />
+	<target host="wttw.at" />
+	<target host="wttw.me" />
+	<target host="wtweb.co" />
+	<target host="wtwnews.org" />
+	<target host="wu.cth.lc" />
+	<target host="wucu.de" />
+	<target host="wuhk.me" />
+	<target host="wun.io" />
+	<target host="wunbr.net" />
+	<target host="wunderl.ink" />
+	<target host="wupper.link" />
+	<target host="wurk.in" />
+	<target host="wuts.co" />
+	<target host="wv.ly" />
+	<target host="wva.me" />
+	<target host="wvlink.it" />
+	<target host="wvnts.co" />
+	<target host="wvnz.org.nz" />
+	<target host="wvph.co" />
+	<target host="wvrlthr.co" />
+	<target host="wvrm.nl" />
+	<target host="wvu.tech" />
+	<target host="wvuga.me" />
+	<target host="wvusports.co" />
+	<target host="wvute.ch" />
+	<target host="wvw.caredent.es" />
+	<target host="wvw.nehow.com" />
+	<target host="ww-l.co" />
+	<target host="ww.catster.com" />
+	<target host="ww.dogster.com" />
+	<target host="ww.jorrito.nl" />
+	<target host="ww.v-hotels.com" />
+	<target host="ww.xovain.com" />
+	<target host="wwaplay.com" />
+	<target host="wwelle.co" />
+	<target host="wwene.ws" />
+	<target host="wwf.hk" />
+	<target host="wwf.to" />
+	<target host="wwfau.org" />
+	<target host="wwhisk.co" />
+	<target host="wwhts.com" />
+	<target host="wwhub.ws" />
+	<target host="wwi.re" />
+	<target host="wwii.cc" />
+	<target host="wwild.co" />
+	<target host="wwit.me" />
+	<target host="wwl.io" />
+	<target host="wwlks.org" />
+	<target host="wwp.tv" />
+	<target host="wwpi.info" />
+	<target host="wwr.dj" />
+	<target host="wwraven.com" />
+	<target host="wwrld.us" />
+	<target host="wwt100.com" />
+	<target host="wwugo.com" />
+	<target host="www2.fam-ps.org" />
+	<target host="www2.ki6bjv.com" />
+	<target host="www2.lomdi.in" />
+	<target host="www2.mstore.pro" />
+	<target host="wwwciss.ca" />
+	<target host="wwwear.it" />
+	<target host="wwwizzards.com" />
+	<target host="wwwtst.pnpr.jp" />
+	<target host="wx3.link" />
+	<target host="wxch.nl" />
+	<target host="wxwn.co" />
+	<target host="wxyz.tk" />
+	<target host="wy.ndh.am" />
+	<target host="wya.ttlew.in" />
+	<target host="wykausaha.tk" />
+	<target host="wykd.ca" />
+	<target host="wylarah.co" />
+	<target host="wyn.lv" />
+	<target host="wyn.me" />
+	<target host="wyndh.am" />
+	<target host="wyp.me" />
+	<target host="wyptm.com" />
+	<target host="wyr.be" />
+	<target host="wysd.om" />
+	<target host="wyvrn.it" />
+	<target host="wzb.lv" />
+	<target host="wzbt.co" />
+	<target host="wzen.co" />
+	<target host="wzn.io" />
+	<target host="wzrd.gq" />
+	<target host="wzvt.co" />
+	<target host="x-ber308.ml" />
+	<target host="x-kib3un.ml" />
+	<target host="x-tv.ga" />
+	<target host="x.540.io" />
+	<target host="x.9-agency.com" />
+	<target host="x.ainscough.com" />
+	<target host="x.ajcolores.com" />
+	<target host="x.alexkavel.com" />
+	<target host="x.andro.plus" />
+	<target host="x.apwn.de" />
+	<target host="x.arbis.pro" />
+	<target host="x.arkonlabs.com" />
+	<target host="x.bakunet.me" />
+	<target host="x.baronkutz.com" />
+	<target host="x.bwine.nl" />
+	<target host="x.carib.pro" />
+	<target host="x.caritas.ch" />
+	<target host="x.chmuul.net" />
+	<target host="x.cilf.cz" />
+	<target host="x.civilkuet.net" />
+	<target host="x.crpg.info" />
+	<target host="x.cues.org.uk" />
+	<target host="x.cynion.com" />
+	<target host="x.daringer.org" />
+	<target host="x.darkcodex.com" />
+	<target host="x.dauberman.com" />
+	<target host="x.defy.ca" />
+	<target host="x.djfuji.com" />
+	<target host="x.dlink.eu" />
+	<target host="x.dnmt.ch" />
+	<target host="x.dozainer.com" />
+	<target host="x.ekathuria.com" />
+	<target host="x.empece.info" />
+	<target host="x.enat.in" />
+	<target host="x.enepal.net.np" />
+	<target host="x.enkin.cc" />
+	<target host="x.eresep.com" />
+	<target host="x.ericluan.com" />
+	<target host="x.esquire.co.uk" />
+	<target host="x.exgame.lt" />
+	<target host="x.f0.nz" />
+	<target host="x.f67.us" />
+	<target host="x.facets.events" />
+	<target host="x.gazapos.org" />
+	<target host="x.geekahead.com" />
+	<target host="x.geekdrop.com" />
+	<target host="x.getivi.com" />
+	<target host="x.ghorr.org" />
+	<target host="x.greatify.co" />
+	<target host="x.gusiev.com" />
+	<target host="x.hck.in" />
+	<target host="x.hdn.ch" />
+	<target host="x.hugo.pw" />
+	<target host="x.hypem.com" />
+	<target host="x.hz.ae" />
+	<target host="x.ignitemx.com" />
+	<target host="x.ikev.in" />
+	<target host="x.ilowkey.net" />
+	<target host="x.incridea.com" />
+	<target host="x.ironco.de" />
+	<target host="x.jenn.nu" />
+	<target host="x.jmwtf.com" />
+	<target host="x.joaa.se" />
+	<target host="x.johndo.de" />
+	<target host="x.jonizeta.net" />
+	<target host="x.kabam.com" />
+	<target host="x.kamildada.com" />
+	<target host="x.kidd.rocks" />
+	<target host="x.koqoo.uk" />
+	<target host="x.kwbb.ca" />
+	<target host="x.lab.io" />
+	<target host="x.lamo.org" />
+	<target host="x.leafcull.com" />
+	<target host="x.leecasey.com" />
+	<target host="x.linx.com.br" />
+	<target host="x.loxaesmas.org" />
+	<target host="x.margotmd.com" />
+	<target host="x.markd.net" />
+	<target host="x.mat.cc" />
+	<target host="x.mategelei.com" />
+	<target host="x.matt.ph" />
+	<target host="x.mishja.net" />
+	<target host="x.mufasa.space" />
+	<target host="x.ngjuliann.com" />
+	<target host="x.ngt.no" />
+	<target host="x.noggalito.com" />
+	<target host="x.nola411.com" />
+	<target host="x.nuckpup.ca" />
+	<target host="x.nxnw.net" />
+	<target host="x.o-f.it" />
+	<target host="x.observer.city" />
+	<target host="x.ogxo.com" />
+	<target host="x.oo0.eu" />
+	<target host="x.pax.io" />
+	<target host="x.pc-geeks.dk" />
+	<target host="x.pe.com" />
+	<target host="x.penguins.ml" />
+	<target host="x.plmb.co" />
+	<target host="x.ploki.me" />
+	<target host="x.plorlight.com" />
+	<target host="x.pmt.me" />
+	<target host="x.pne.jp" />
+	<target host="x.preater.com" />
+	<target host="x.ptstyle.biz" />
+	<target host="x.ptt-ro.com" />
+	<target host="x.r33t.me" />
+	<target host="x.raptalk.org" />
+	<target host="x.rm2e.net" />
+	<target host="x.sanluigi.net" />
+	<target host="x.sep.io" />
+	<target host="x.smejko.org" />
+	<target host="x.smmc.co.nz" />
+	<target host="x.stefx.com" />
+	<target host="x.strats.co" />
+	<target host="x.takkens.shoes" />
+	<target host="x.tammifull.com" />
+	<target host="x.taryo.net" />
+	<target host="x.tecnotur.us" />
+	<target host="x.tedxutn.org" />
+	<target host="x.thisr.com" />
+	<target host="x.turek.it" />
+	<target host="x.unco.pw" />
+	<target host="x.veilands.com" />
+	<target host="x.vice.at" />
+	<target host="x.vrmrck.be" />
+	<target host="x.waded.org" />
+	<target host="x.wallsticke.rs" />
+	<target host="x.wamyers.com" />
+	<target host="x.wies.jp" />
+	<target host="x.wilb.co.uk" />
+	<target host="x.xdrink.org" />
+	<target host="x.ximbi.de" />
+	<target host="x.xo321.com" />
+	<target host="x.zoca.co" />
+	<target host="x20.es" />
+	<target host="x2z.eu" />
+	<target host="x3.cm" />
+	<target host="x3.yiff.biz" />
+	<target host="xab.lu" />
+	<target host="xact.so" />
+	<target host="xalt.team" />
+	<target host="xaman.io" />
+	<target host="xar.ph" />
+	<target host="xavb.ro" />
+	<target host="xber06.ga" />
+	<target host="xbm.se" />
+	<target host="xbne.uk" />
+	<target host="xbx.lv" />
+	<target host="xc.oj.cx" />
+	<target host="xcentr.al" />
+	<target host="xci.pe" />
+	<target host="xcustom.ga" />
+	<target host="xdot.us" />
+	<target host="xds.tips" />
+	<target host="xen.pt" />
+	<target host="xenak.es" />
+	<target host="xengo.in" />
+	<target host="xeo.li" />
+	<target host="xeodguy.me" />
+	<target host="xephon.link" />
+	<target host="xerox.bz" />
+	<target host="xewa.cl" />
+	<target host="xfin.tv" />
+	<target host="xfl.ag" />
+	<target host="xfmo.co" />
+	<target host="xfru.ga" />
+	<target host="xgam.es" />
+	<target host="xha.ch" />
+	<target host="xiaomi.today" />
+	<target host="xii.ie" />
+	<target host="xiiim.com" />
+	<target host="ximat.one" />
+	<target host="xipi.us" />
+	<target host="xirr.us" />
+	<target host="xirt.ca" />
+	<target host="xitr.us" />
+	<target host="xiw.cx" />
+	<target host="xj.ca" />
+	<target host="xjin.xyz" />
+	<target host="xl.vc" />
+	<target host="xlab.li" />
+	<target host="xllw.co" />
+	<target host="xlmoto.net" />
+	<target host="xlr8.pw" />
+	<target host="xmastrend.com" />
+	<target host="xmkd.mk" />
+	<target host="xmld.is" />
+	<target host="xmldation.news" />
+	<target host="xmn.io" />
+	<target host="xmp.cc" />
+	<target host="xmp.ro" />
+	<target host="xmple.me" />
+	<target host="xn--35i.ws" />
+	<target host="xn--3bi.t-t.re" />
+	<target host="xn--4fa.nz" />
+	<target host="xn--58h.tk" />
+	<target host="xn--59g.gq" />
+	<target host="xn--5bi.ws" />
+	<target host="xn--8da.net" />
+	<target host="xn--9dbs4af.tk" />
+	<target host="xn--b9g.ws" />
+	<target host="xn--brking-cva.hu" />
+	<target host="xn--cgia.ws" />
+	<target host="xn--coh.ws" />
+	<target host="xn--dn-mia.com" />
+	<target host="xn--dr-8ja.com" />
+	<target host="xn--gltt-moa.li" />
+	<target host="xn--hm-lka.eu" />
+	<target host="xn--holm-koa.se" />
+	<target host="xn--j6h.mym.ac" />
+	<target host="xn--km-vra.com" />
+	<target host="xn--l3h.la" />
+	<target host="xn--m6h.ws" />
+	<target host="xn--nvon-0ra.io" />
+	<target host="xn--oba.ws" />
+	<target host="xn--p-9na.com" />
+	<target host="xn--p7h.ws" />
+	<target host="xn--pin-5qa.com" />
+	<target host="xn--plttlim-6wa.ax" />
+	<target host="xn--pu-jia.be" />
+	<target host="xn--rtfoo-juaa.io" />
+	<target host="xn--tckwe.jp" />
+	<target host="xn--tip-5kz.vn" />
+	<target host="xn--v-ufa.com" />
+	<target host="xn--vea2g.com" />
+	<target host="xn--wtq149p.jp" />
+	<target host="xn--x6h.ws" />
+	<target host="xn--xxai.net" />
+	<target host="xnt.li" />
+	<target host="xnt.me" />
+	<target host="xoab.me" />
+	<target host="xoll.eu" />
+	<target host="xon.ec" />
+	<target host="xoofrem.tk" />
+	<target host="xoom.io" />
+	<target host="xopri.se" />
+	<target host="xorcode.net" />
+	<target host="xornal.de" />
+	<target host="xotwod.co" />
+	<target host="xoxmov.tk" />
+	<target host="xoxo.ist" />
+	<target host="xp.corefact.com" />
+	<target host="xpdt.in" />
+	<target host="xper.co" />
+	<target host="xperi.link" />
+	<target host="xpir.it" />
+	<target host="xpl.be" />
+	<target host="xplr.it" />
+	<target host="xpn.world" />
+	<target host="xpnd.us" />
+	<target host="xpnt.mx" />
+	<target host="xpr.li" />
+	<target host="xprs.it" />
+	<target host="xprt.re" />
+	<target host="xprtlink.net" />
+	<target host="xprts.us" />
+	<target host="xpsd.co" />
+	<target host="xqt.mx" />
+	<target host="xqz.me" />
+	<target host="xrhyth.ms" />
+	<target host="xri.ng" />
+	<target host="xroads.xyz" />
+	<target host="xs.tv3.cat" />
+	<target host="xshow.ga" />
+	<target host="xsla.me" />
+	<target host="xstore.jp" />
+	<target host="xt0lz.com" />
+	<target host="xtc-tv.ml" />
+	<target host="xterra.co" />
+	<target host="xtext.me" />
+	<target host="xth.is" />
+	<target host="xtips.co" />
+	<target host="xtly.co" />
+	<target host="xto.ph" />
+	<target host="xtofke.be" />
+	<target host="xtra.li" />
+	<target host="xumotv.us" />
+	<target host="xuron.me" />
+	<target host="xvirt.it" />
+	<target host="xvrg.me" />
+	<target host="xwerker.link" />
+	<target host="xwq522.club" />
+	<target host="xx5.us" />
+	<target host="xxi.li" />
+	<target host="xxvr.co" />
+	<target host="xxx0.usa.cc" />
+	<target host="xxxl.si" />
+	<target host="xy.ag" />
+	<target host="xyd.re" />
+	<target host="xyzd.us" />
+	<target host="y-b.me" />
+	<target host="y-c.am" />
+	<target host="y-me.us" />
+	<target host="y-sah.in" />
+	<target host="y-v.de" />
+	<target host="y.1ac.us" />
+	<target host="y.djmcloud.com" />
+	<target host="y.hukugyou8.net" />
+	<target host="y.inca.ro" />
+	<target host="y.ninki123.com" />
+	<target host="y.oryza.asia" />
+	<target host="y.phz.me" />
+	<target host="y.stfu.ws" />
+	<target host="y.yehs.co" />
+	<target host="y.yolk.cc" />
+	<target host="y.ysrphoto.com" />
+	<target host="y.ziri.fr" />
+	<target host="y.zuzo.me" />
+	<target host="y0utub3.tk" />
+	<target host="y0utubee.ml" />
+	<target host="y4r.asia" />
+	<target host="y8s.me" />
+	<target host="y8stud.io" />
+	<target host="yaana.co" />
+	<target host="yacit.us" />
+	<target host="yaf.ae" />
+	<target host="yalesom.io" />
+	<target host="yalz.co" />
+	<target host="yamaha.us" />
+	<target host="yamatoeee.xyz" />
+	<target host="yamil.cc" />
+	<target host="yancya.jp" />
+	<target host="yand.co" />
+	<target host="yandi.la" />
+	<target host="yanxi.ng" />
+	<target host="yaof.me" />
+	<target host="yaoi.kr" />
+	<target host="yarm.is" />
+	<target host="yars.eu" />
+	<target host="yas.fyi" />
+	<target host="yasi.nyc" />
+	<target host="yatagarasu.gq" />
+	<target host="yatagarasu.ml" />
+	<target host="yatzy.org" />
+	<target host="yay.deals" />
+	<target host="yay.pw" />
+	<target host="yaythis.me" />
+	<target host="yazm.in" />
+	<target host="ybc.church" />
+	<target host="ybs.me" />
+	<target host="ycdb.us" />
+	<target host="yd.md" />
+	<target host="yeah-noth.in" />
+	<target host="yeah.gr" />
+	<target host="yean.co" />
+	<target host="yee.land" />
+	<target host="yegfit.ca" />
+	<target host="yegpm.ca" />
+	<target host="yel.onl" />
+	<target host="yellowa.online" />
+	<target host="yelo.site" />
+	<target host="yep.si" />
+	<target host="yesfx.tk" />
+	<target host="yesile.co" />
+	<target host="yesmom.co" />
+	<target host="yess.cf" />
+	<target host="yett.io" />
+	<target host="yex.tt" />
+	<target host="yglf.co" />
+	<target host="ygt.today" />
+	<target host="yhhr.us" />
+	<target host="yhoo.it" />
+	<target host="yiapanis.me" />
+	<target host="yiddi.sh" />
+	<target host="yike.it" />
+	<target host="yit.co" />
+	<target host="yjb.me" />
+	<target host="yk.lc" />
+	<target host="yk.onli.ca" />
+	<target host="yk0.me" />
+	<target host="yka.be" />
+	<target host="ykgw.co" />
+	<target host="ykl.co" />
+	<target host="yknot.sg" />
+	<target host="ykso.us" />
+	<target host="ylaw.co" />
+	<target host="ylaw.us" />
+	<target host="ylem.kim" />
+	<target host="yllwp.gs" />
+	<target host="yllwprl.com" />
+	<target host="ylor.me" />
+	<target host="ylp.fr" />
+	<target host="ym.heart.org" />
+	<target host="ymb.nyc" />
+	<target host="ymc.yt" />
+	<target host="ymcahum.be" />
+	<target host="ymdbook.com" />
+	<target host="ymem.us" />
+	<target host="ymerge.video" />
+	<target host="ymf.at" />
+	<target host="ymjc.me" />
+	<target host="ymkn.us" />
+	<target host="yml.me" />
+	<target host="yn.af" />
+	<target host="yncc.la" />
+	<target host="yndl.co" />
+	<target host="ynfl.us" />
+	<target host="ynfy.de" />
+	<target host="yng.li" />
+	<target host="yng.mn" />
+	<target host="yngadults.co" />
+	<target host="yngs.info" />
+	<target host="ynsa.diet" />
+	<target host="yo.59srs.co" />
+	<target host="yo.hkan.se" />
+	<target host="yo.livinggym.tw" />
+	<target host="yo.mutz.me" />
+	<target host="yo.url2.la" />
+	<target host="yo.uwant.in" />
+	<target host="yo.yo-rg.info" />
+	<target host="yoak.in" />
+	<target host="yoci.al" />
+	<target host="yodb.it" />
+	<target host="yogi.ly" />
+	<target host="yogo.me" />
+	<target host="yogsca.st" />
+	<target host="yoh.store" />
+	<target host="yoins.me" />
+	<target host="yoly.tips" />
+	<target host="yom.io" />
+	<target host="yom.nu" />
+	<target host="yon.ee" />
+	<target host="yonden.biz" />
+	<target host="yonka.us" />
+	<target host="yooko.tk" />
+	<target host="yoopi.es" />
+	<target host="yooutube.co.vu" />
+	<target host="yoox.ly" />
+	<target host="yordl.es" />
+	<target host="yorkhoi.st" />
+	<target host="yoshi.to" />
+	<target host="yosie.coach" />
+	<target host="yosimura.ml" />
+	<target host="yosp.in" />
+	<target host="yote.us" />
+	<target host="yotpo.co" />
+	<target host="you-tube.ml" />
+	<target host="you.fi.it" />
+	<target host="you2be.co.vu" />
+	<target host="youandyou.rs" />
+	<target host="youate.co" />
+	<target host="youb.li" />
+	<target host="youburnwith.us" />
+	<target host="youloveme.co.vu" />
+	<target host="youmg.in" />
+	<target host="youngp.ro" />
+	<target host="youniver.se" />
+	<target host="your.st" />
+	<target host="your.styleba.be" />
+	<target host="yourar.ch" />
+	<target host="yourb.us" />
+	<target host="yourcall.xyz" />
+	<target host="youre.al" />
+	<target host="yourepe.at" />
+	<target host="yourgeni.us" />
+	<target host="yourslef.ml" />
+	<target host="yoursurpri.se" />
+	<target host="yourta.com" />
+	<target host="yourtee.co" />
+	<target host="youthsale.kr" />
+	<target host="youti.ly" />
+	<target host="youtube-tv.cf" />
+	<target host="youtube-tv.ga" />
+	<target host="youtube-tv.ml" />
+	<target host="youtubelink.ml" />
+	<target host="youtubetv.ml" />
+	<target host="youtubewatch.ga" />
+	<target host="youvo.de" />
+	<target host="youwin.by" />
+	<target host="yper.at" />
+	<target host="ypl.io" />
+	<target host="ypos.ch" />
+	<target host="ypsine.ws" />
+	<target host="ypw.me" />
+	<target host="yraye.ml" />
+	<target host="yrevista.dgt.es" />
+	<target host="yrpay.co" />
+	<target host="ys-links.eu" />
+	<target host="ysa.li" />
+	<target host="ysah.in" />
+	<target host="yscn.co" />
+	<target host="yseop.tech" />
+	<target host="yshi.co" />
+	<target host="ysm.social" />
+	<target host="ysmay.us" />
+	<target host="ysmk.org" />
+	<target host="ysmo.ga" />
+	<target host="yspe.nl" />
+	<target host="ysr.photo" />
+	<target host="ysta.re" />
+	<target host="ysza.in" />
+	<target host="yt-tv.ml" />
+	<target host="yt.aia.ag" />
+	<target host="yt.djgrigor.com" />
+	<target host="yt.sladewa.tk" />
+	<target host="ytba.se" />
+	<target host="yte.fyi" />
+	<target host="ytgoh.net" />
+	<target host="ytk.us" />
+	<target host="ytmtm.fr" />
+	<target host="ytp.mx" />
+	<target host="ytpal.ml" />
+	<target host="ytu.io" />
+	<target host="ytwn.in" />
+	<target host="ytwy.tw" />
+	<target host="yubigeek.fr" />
+	<target host="yuc.today" />
+	<target host="yugatech.ph" />
+	<target host="yuizie.ga" />
+	<target host="yuizinha.link" />
+	<target host="yuk.travel" />
+	<target host="yul.to" />
+	<target host="yumlum.co" />
+	<target host="yumm.ly" />
+	<target host="yumm.my" />
+	<target host="yummerti.me" />
+	<target host="yummm.me" />
+	<target host="yun.boutique" />
+	<target host="yune.ec" />
+	<target host="yuno.fit" />
+	<target host="yur.bi" />
+	<target host="yur.is" />
+	<target host="yurls.ovh" />
+	<target host="yvan.me" />
+	<target host="yvar.ca" />
+	<target host="yvid.me" />
+	<target host="yvnn.us" />
+	<target host="ywc.bz" />
+	<target host="ywe.be" />
+	<target host="yy.cx" />
+	<target host="yya.be" />
+	<target host="yyg.me" />
+	<target host="yym.ca" />
+	<target host="yyy.1n.pw" />
+	<target host="z-c.biz" />
+	<target host="z-j.co" />
+	<target host="z.0mfg.net" />
+	<target host="z.13djs.com" />
+	<target host="z.1re.ca" />
+	<target host="z.aa9.sa" />
+	<target host="z.ad1.me" />
+	<target host="z.adali.fr" />
+	<target host="z.barik.net" />
+	<target host="z.bigske.be" />
+	<target host="z.dial.nl" />
+	<target host="z.djy.me" />
+	<target host="z.en91.com" />
+	<target host="z.ettabox.eu" />
+	<target host="z.gert.is" />
+	<target host="z.hdtsg.com" />
+	<target host="z.hebe.ch" />
+	<target host="z.imjim.im" />
+	<target host="z.jdeere12.com" />
+	<target host="z.jman100.com" />
+	<target host="z.john.am" />
+	<target host="z.kenfrost.com" />
+	<target host="z.larksoft.com" />
+	<target host="z.lokidea.com" />
+	<target host="z.mnhs.org" />
+	<target host="z.nder.com.au" />
+	<target host="z.onemission.ca" />
+	<target host="z.opensakai.org" />
+	<target host="z.pnk.fr" />
+	<target host="z.pracuj.pl" />
+	<target host="z.rabs.ro" />
+	<target host="z.rfredlund.com" />
+	<target host="z.sese.ro" />
+	<target host="z.shao.jp" />
+	<target host="z.sopov.org" />
+	<target host="z.tigabytes.com" />
+	<target host="z.tjun.jp" />
+	<target host="z.tm20.net" />
+	<target host="z.tomi.cat" />
+	<target host="z.twnc.us" />
+	<target host="z.vilaboa.cl" />
+	<target host="z.vvh.io" />
+	<target host="z.wandr.me" />
+	<target host="z.wiskeng.com" />
+	<target host="z.xuanloi.com" />
+	<target host="z.zheanoblog.eu" />
+	<target host="z.zoe.com" />
+	<target host="z.zonks.co" />
+	<target host="z24.si" />
+	<target host="z2z.co" />
+	<target host="z3ro.in" />
+	<target host="z4p.at" />
+	<target host="z4p.in" />
+	<target host="z4t.me" />
+	<target host="z70.uk" />
+	<target host="za.firis.de" />
+	<target host="za.myvirgo.info" />
+	<target host="za.vin" />
+	<target host="zaakshops.nl" />
+	<target host="zac.onl" />
+	<target host="zacatr.us" />
+	<target host="zacboyd.co" />
+	<target host="zach.in" />
+	<target host="zachweiner.is" />
+	<target host="zackw.co" />
+	<target host="zae.bja.lv" />
+	<target host="zagat.bz" />
+	<target host="zaifx.jp" />
+	<target host="zaikei.news" />
+	<target host="zajac.la" />
+	<target host="zamr.it" />
+	<target host="zan.ca" />
+	<target host="zane.ga" />
+	<target host="zane.in" />
+	<target host="zane.tips" />
+	<target host="zapgob.mx" />
+	<target host="zapn.it" />
+	<target host="zapy.com" />
+	<target host="zareffied.com" />
+	<target host="zarte-it.qc.to" />
+	<target host="zastro.ws" />
+	<target host="zath.me" />
+	<target host="zatrudnij.eu" />
+	<target host="zazsi.ie" />
+	<target host="zazz.live" />
+	<target host="zbm.be" />
+	<target host="zboe.be" />
+	<target host="zclv.co" />
+	<target host="zcpt.me" />
+	<target host="zcrm.us" />
+	<target host="zd.net" />
+	<target host="zde.ukaz.info" />
+	<target host="zdnet.asia" />
+	<target host="zdsk.co" />
+	<target host="ze.lle.rip" />
+	<target host="zebfr.com" />
+	<target host="zebit.me" />
+	<target host="zeblehhd.ml" />
+	<target host="zebr.as" />
+	<target host="zebra.dog" />
+	<target host="zebrag.ml" />
+	<target host="zed.live" />
+	<target host="zee.to" />
+	<target host="zeer.life" />
+	<target host="zeff.ly" />
+	<target host="zeid.co" />
+	<target host="zeigemir.de" />
+	<target host="zeit.to" />
+	<target host="zek.li" />
+	<target host="zeke.ws" />
+	<target host="zekes.nl" />
+	<target host="zelo.tv" />
+	<target host="zemb.ro" />
+	<target host="zemt.io" />
+	<target host="zendo.ly" />
+	<target host="zeni.to" />
+	<target host="zenjoy.me" />
+	<target host="zenniotp.tk" />
+	<target host="zeno.im" />
+	<target host="zeno.in" />
+	<target host="zenohd.ml" />
+	<target host="zenpayroll.me" />
+	<target host="zensar.co" />
+	<target host="zensoo.link" />
+	<target host="zenway.sg" />
+	<target host="zer.la" />
+	<target host="zer.life" />
+	<target host="zero4nine.ml" />
+	<target host="zerto.io" />
+	<target host="zerve.me" />
+	<target host="zest.fm" />
+	<target host="zeugha.us" />
+	<target host="zfh.me" />
+	<target host="zfx.at" />
+	<target host="zfyr.us" />
+	<target host="zglr.pw" />
+	<target host="zgra.co" />
+	<target host="zgui.de" />
+	<target host="zgzbici.es" />
+	<target host="zgzc.es" />
+	<target host="zhkh24.ru" />
+	<target host="zhon.cf" />
+	<target host="zhora.co" />
+	<target host="zhut.bid" />
+	<target host="ziabetus.info" />
+	<target host="ziabetus.live" />
+	<target host="ziabetus.pro" />
+	<target host="ziadi.co" />
+	<target host="zic.ht" />
+	<target host="zick.ml" />
+	<target host="zig0nk.ml" />
+	<target host="zinp.ro" />
+	<target host="zions.me" />
+	<target host="zipmyvalue.com" />
+	<target host="zipth.at" />
+	<target host="zipto.me.uk" />
+	<target host="zipwo.uk" />
+	<target host="zirm.co" />
+	<target host="ziron.it" />
+	<target host="zistplayer.com" />
+	<target host="zivte.ch" />
+	<target host="zk.vc" />
+	<target host="zkm.tw" />
+	<target host="zkr.cm" />
+	<target host="zkw.me" />
+	<target host="zlerr.com" />
+	<target host="zlien.us" />
+	<target host="zln.do" />
+	<target host="zlr.my" />
+	<target host="zlr.tw" />
+	<target host="zlr.vn" />
+	<target host="zlra.co" />
+	<target host="zlrahk.com" />
+	<target host="zlrasg.com" />
+	<target host="zlrath.co" />
+	<target host="zlrph.com" />
+	<target host="zlt.be" />
+	<target host="zlvda.ch" />
+	<target host="zmb.me" />
+	<target host="zmbd.us" />
+	<target host="zmbg.co" />
+	<target host="zmgy.me" />
+	<target host="zmrx.co" />
+	<target host="zn2.it" />
+	<target host="znc.bz" />
+	<target host="zncommute.com" />
+	<target host="znde.de" />
+	<target host="zndg.tl" />
+	<target host="zndr.co" />
+	<target host="znefx.com" />
+	<target host="zneva.ga" />
+	<target host="znpt.co" />
+	<target host="znrb.co" />
+	<target host="zntl.eu" />
+	<target host="zny.me" />
+	<target host="zobri.st" />
+	<target host="zocdoc.me" />
+	<target host="zoekje.me" />
+	<target host="zoelife.biz" />
+	<target host="zoet.ml" />
+	<target host="zoho.to" />
+	<target host="zoic.ca" />
+	<target host="zollie.co" />
+	<target host="zomboy.co" />
+	<target host="zomp.us" />
+	<target host="zonemov89.ml" />
+	<target host="zoom.bz" />
+	<target host="zoom.do" />
+	<target host="zoom.in" />
+	<target host="zoosh.info" />
+	<target host="zoot.to" />
+	<target host="zopixa.fyi" />
+	<target host="zorays.co" />
+	<target host="zorro.ml" />
+	<target host="zorz.it" />
+	<target host="zov.li" />
+	<target host="zpadel.zred.es" />
+	<target host="zpln.gr" />
+	<target host="zpos.it" />
+	<target host="zps.la" />
+	<target host="zpt.li" />
+	<target host="zqi.me" />
+	<target host="zrge.eu" />
+	<target host="zrkl.tips" />
+	<target host="zrnbs.cc" />
+	<target host="zru.me" />
+	<target host="zszs.us" />
+	<target host="ztrk.me" />
+	<target host="ztronik.co.vu" />
+	<target host="zu.hna.de" />
+	<target host="zu.wa.de" />
+	<target host="zudo.xyz" />
+	<target host="zudu.uk" />
+	<target host="zuf.cz" />
+	<target host="zuflix.ml" />
+	<target host="zuki.ie" />
+	<target host="zukun.tf" />
+	<target host="zuli.ly" />
+	<target host="zult.co" />
+	<target host="zulucr.bz" />
+	<target host="zulv.ml" />
+	<target host="zun.ms" />
+	<target host="zuo.in" />
+	<target host="zupy.me" />
+	<target host="zurb.us" />
+	<target host="zurins.uk" />
+	<target host="zuso.ga" />
+	<target host="zuuq.co" />
+	<target host="zuuq.live" />
+	<target host="zvi.me" />
+	<target host="zvnt.co" />
+	<target host="zwap.co" />
+	<target host="zwartopw.it" />
+	<target host="zwift.me" />
+	<target host="zwk.cc" />
+	<target host="zwrnr.art" />
+	<target host="zwtg.de" />
+	<target host="zxc.li" />
+	<target host="zxmth.us" />
+	<target host="zxs.me.uk" />
+	<target host="zyc.us" />
+	<target host="zynaps.audio" />
+	<target host="zynga.my" />
+	<target host="zyrk.us" />
+	<target host="zys.im" />
+	<target host="zywv.us" />
+	<target host="zz.nu" />
+	<target host="zza.fm" />
+	<target host="zzw.link" />
+	<target host="zzz.1n.pw" />
+</ruleset>
diff --git a/src/chrome/content/rules/Bitmain.com.xml b/src/chrome/content/rules/Bitmain.com.xml
new file mode 100644
index 000000000000..e76e4dd6a761
--- /dev/null
+++ b/src/chrome/content/rules/Bitmain.com.xml
@@ -0,0 +1,36 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://support.bitmain.com/ => https://support.bitmain.com/: (51, "SSL: no alternative certificate subject name matches target host name 'support.bitmain.com'")
+
+	For other Bitmain Tech coverage, see Bitmain_Tech.com.xml.
+
+
+	(www.)?bitmain.com: Refused
+
+
+	Mixed content:
+
+		- Images on blog from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Bitmain.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="account.bitmain.com" />
+	<target host="blog.bitmain.com" />
+	<target host="forum.bitmain.com" />
+	<target host="passport.bitmain.com" />
+	<target host="support.bitmain.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bitmask.net.xml b/src/chrome/content/rules/Bitmask.net.xml
new file mode 100644
index 000000000000..78941f8cf638
--- /dev/null
+++ b/src/chrome/content/rules/Bitmask.net.xml
@@ -0,0 +1,30 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.bitmask.net/ => https://www.bitmask.net/: (51, "SSL: no alternative certificate subject name matches target host name 'www.bitmask.net'")
+Fetch error: http://www.demo.bitmask.net/ => https://www.demo.bitmask.net/: (7, 'Failed to connect to www.demo.bitmask.net port 443: No route to host')
+Fetch error: http://nicknym.demo.bitmask.net/ => https://nicknym.demo.bitmask.net/: (51, "SSL: no alternative certificate subject name matches target host name 'nicknym.demo.bitmask.net'")
+Fetch error: http://wallaby.demo.bitmask.net/ => https://wallaby.demo.bitmask.net/: (6, 'Could not resolve host: wallaby.demo.bitmask.net')
+Fetch error: http://api.demo.bitmask.net/ => https://api.demo.bitmask.net/: (51, "SSL: no alternative certificate subject name matches target host name 'api.demo.bitmask.net'")
+
+     domains use for test. They can return error.
+    - cdev.bitmask.net
+    - unstable.bitmask.net
+
+-->
+<ruleset name="Bitmask.net" default_off="failed ruleset test">
+
+	<!--	Direct rewrites: -->
+	<target host="bitmask.net" />
+	<target host="www.bitmask.net" />
+	<target host="demo.bitmask.net" />
+	<target host="www.demo.bitmask.net" />
+	<target host="nicknym.demo.bitmask.net" />
+	<target host="wallaby.demo.bitmask.net" />
+	<target host="api.demo.bitmask.net" />
+	<target host="dl.bitmask.net" />
+	<target host="deb.bitmask.net" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bitmazk.com.xml b/src/chrome/content/rules/Bitmazk.com.xml
new file mode 100644
index 000000000000..2c248befb944
--- /dev/null
+++ b/src/chrome/content/rules/Bitmazk.com.xml
@@ -0,0 +1,30 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://bitmazk.com/ => https://bitmazk.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.bitmazk.com/ => https://www.bitmazk.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	Insecure cookies are set for these hosts:
+
+		- bitmazk.com
+
+-->
+<ruleset name="Bitmazk.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="bitmazk.com" />
+	<target host="www.bitmazk.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^bitmazk\.com$" name="^(django_language|sessionid)$" /-->
+
+	<securecookie host="^bitmazk\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bitmessage.xml b/src/chrome/content/rules/Bitmessage.xml
index c968e4990433..dcf37ea68365 100644
--- a/src/chrome/content/rules/Bitmessage.xml
+++ b/src/chrome/content/rules/Bitmessage.xml
@@ -1,5 +1,7 @@
-<ruleset name="Bitmessage">
+<ruleset name="Bitmessage.com">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="bitmessage.org" />
 	<target host="www.bitmessage.org" />
 
@@ -7,7 +9,7 @@
 	<securecookie host="^(?:www\.)?bitmessage\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?bitmessage\.org/"
-		to="https://$1bitmessage.org/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Bitmit.xml b/src/chrome/content/rules/Bitmit.xml
deleted file mode 100644
index 58e3a0856e76..000000000000
--- a/src/chrome/content/rules/Bitmit.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<ruleset name="Bitmit">
-
-	<target host="bitmit.net" />
-	<!--	* for cross-domain cookie.	-->
-	<target host="*.bitmit.net" />
-
-
-	<securecookie host="\.bitmit\.net$" name=".*" />
-
-
-	<rule from="^http://(www\.)?bitmit\.net/"
-		to="https://$1bitmit.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Bitmovin.com.xml b/src/chrome/content/rules/Bitmovin.com.xml
new file mode 100644
index 000000000000..992677d44d5d
--- /dev/null
+++ b/src/chrome/content/rules/Bitmovin.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="Bitmovin.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="bitmovin.com" />
+	<target host="cloudfront.bitmovin.com" />
+	<target host="www.bitmovin.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bitnami.com.xml b/src/chrome/content/rules/Bitnami.com.xml
new file mode 100644
index 000000000000..c351b59bcfed
--- /dev/null
+++ b/src/chrome/content/rules/Bitnami.com.xml
@@ -0,0 +1,56 @@
+<!--
+	Nonfunctional subdomains:
+
+		- assets *
+		- blog ¹
+		- helpdesk ²
+
+	* Mismatched
+	¹ Blogspot
+	² Zendesk
+
+
+	Fully covered hosts in *bitnami.com:
+
+		- (www.)?
+		- community
+		- downloads
+		- google
+		- wiki
+
+
+	Insecure cookies are set for these hosts:
+
+		- bitnami.com
+		- community.bitnami.com
+		- google.bitnami.com
+		- wiki.bitnami.com
+
+-->
+<ruleset name="Bitnami.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="bitnami.com" />
+	<!--target host="assets.bitnami.com" /-->
+	<target host="community.bitnami.com" />
+	<target host="downloads.bitnami.com" />
+	<target host="google.bitnami.com" />
+	<target host="wiki.bitnami.com" />
+	<target host="www.bitnami.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^bitnami\.com$" name="^_bitnami_session$" /-->
+	<!--securecookie host="^community\.bitnami\.com$" name="_forum_session$" /-->
+	<!--securecookie host="^google\.bitnami\.com$" name="^(XSRF-TOKEN|_google-launchpad_session)$" /-->
+	<!--securecookie host="^wiki\.bitnami\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^(?:community\.|google\.|wiki\.)?bitnami\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bitnik.org.xml b/src/chrome/content/rules/Bitnik.org.xml
new file mode 100644
index 000000000000..84d572be7e3c
--- /dev/null
+++ b/src/chrome/content/rules/Bitnik.org.xml
@@ -0,0 +1,41 @@
+<!--
+	NB: Tor users cannot view* this website due to CloudFlare settings.
+
+	See:
+
+		- https://blog.torproject.org/blog/call-arms-helping-internet-services-accept-anonymous-users
+		- https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block-Tor-
+		- https://support.cloudflare.com/hc/en-us/articles/200170206-How-do-I-turn-I-m-Under-Attack-mode-on-
+
+	* without enabling javascript, for security and privacy implications see e.g.:
+
+		- https://www.mozilla.org/security/known-vulnerabilities/firefox.html
+		- https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-fingerprinting
+		- https://panopticlick.eff.org
+
+
+	Insecure cookies are set for these domains:
+
+		- .bitnik.org
+
+-->
+<ruleset name="Bitnik.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="bitnik.org" />
+	<target host="www.bitnik.org" />
+	<target host="wwwwwwwwwwwwwwwwwwwwww.bitnik.org" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.bitnik\.org$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bitnodes.io.xml b/src/chrome/content/rules/Bitnodes.io.xml
new file mode 100644
index 000000000000..43e15cadff01
--- /dev/null
+++ b/src/chrome/content/rules/Bitnodes.io.xml
@@ -0,0 +1,8 @@
+<ruleset name="Bitnodes.io (partial)">
+
+	<target host="getaddr.bitnodes.io" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bitrig.xml b/src/chrome/content/rules/Bitrig.xml
index ad10d356ee8d..6966eb69a452 100644
--- a/src/chrome/content/rules/Bitrig.xml
+++ b/src/chrome/content/rules/Bitrig.xml
@@ -4,10 +4,9 @@
 	<target host="www.bitrig.org" />
 
 
-	<securecookie host="^(www\.)?bitrig\.org$" name=".*" />
+	<securecookie host="^(?:www\.)?bitrig\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?bitrig\.org/"
-		to="https://$1bitrig.org/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Bits.media.xml b/src/chrome/content/rules/Bits.media.xml
new file mode 100644
index 000000000000..6c5c6e60611b
--- /dev/null
+++ b/src/chrome/content/rules/Bits.media.xml
@@ -0,0 +1,7 @@
+<ruleset name="bits.media">
+	<target host="bits.media" />
+	<target host="www.bits.media" />
+	<target host="forum.bits.media" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Bitsapphire.com.xml b/src/chrome/content/rules/Bitsapphire.com.xml
new file mode 100644
index 000000000000..efabdec5cb1f
--- /dev/null
+++ b/src/chrome/content/rules/Bitsapphire.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="Bitsapphire.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="bitsapphire.com" />
+	<target host="www.bitsapphire.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bitsharestalk.org.xml b/src/chrome/content/rules/Bitsharestalk.org.xml
new file mode 100644
index 000000000000..3f2c921e3921
--- /dev/null
+++ b/src/chrome/content/rules/Bitsharestalk.org.xml
@@ -0,0 +1,45 @@
+<!--
+	Nonfunctional hosts in *bitsharestalk.org:
+
+		- blog *
+
+	* Tumblr
+
+
+	Insecure cookies are set for these hosts:
+
+		- bitsharestalk.org
+
+
+	Mixed content:
+
+		- css from fonts.googleapis.com ¹
+
+		- Images, from:
+
+			- bitshares.org ¹
+			- ptscrypto.com ²
+
+	¹ Secured by us
+	² Unsecurable <= 404
+
+-->
+<ruleset name="Bitsharestalk.org (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="bitsharestalk.org" />
+	<target host="www.bitsharestalk.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^bitsharestalk\.org$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^bitsharestalk\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bitsnoop.com.xml b/src/chrome/content/rules/Bitsnoop.com.xml
new file mode 100644
index 000000000000..1b883941ba73
--- /dev/null
+++ b/src/chrome/content/rules/Bitsnoop.com.xml
@@ -0,0 +1,21 @@
+<!--
+	Nonfunctional hosts in *bitsnoop.com:
+
+		- blog ᵗ
+
+	ᵗ Blogger / handshake fails
+
+-->
+<ruleset name="Bitsnoop.com (partial)">
+
+	<target host="bitsnoop.com" />
+	<target host="www.bitsnoop.com" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bitsontherun.com.xml b/src/chrome/content/rules/Bitsontherun.com.xml
new file mode 100644
index 000000000000..69d6c3d4a2af
--- /dev/null
+++ b/src/chrome/content/rules/Bitsontherun.com.xml
@@ -0,0 +1,29 @@
+<!--
+	For other LongTail coverage, see LongTail.xml.
+
+
+	Nonfunctional subdomains:
+
+		- (www.) *
+
+	* wpengine, redirect destination doesn't support tls
+
+
+	Fully covered subdomains:
+
+		- content
+		- dashboard
+
+-->
+<ruleset name="bitsontherun.com (partial)">
+
+	<target host="content.bitsontherun.com" />
+	<target host="dashboard.bitsontherun.com" />
+
+
+	<!--rule from="^http://(?:www\.)?bitsontherun\.com/+"
+		to="https://www.jwplayer.com/" /-->
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bitsquare.io.xml b/src/chrome/content/rules/Bitsquare.io.xml
new file mode 100644
index 000000000000..d8a8d0de7713
--- /dev/null
+++ b/src/chrome/content/rules/Bitsquare.io.xml
@@ -0,0 +1,12 @@
+<ruleset name="Bitsquare.io">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="bitsquare.io" />
+	<target host="www.bitsquare.io" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bitstamp.net.xml b/src/chrome/content/rules/Bitstamp.net.xml
new file mode 100644
index 000000000000..532d5fc36da6
--- /dev/null
+++ b/src/chrome/content/rules/Bitstamp.net.xml
@@ -0,0 +1,54 @@
+<!--
+	Fully covered subdomains:
+
+		- (www.)
+
+		- \w\w:
+
+			- cz
+			- de
+			- fi
+			- it
+			- nl
+			- pl
+			- ru
+			- si
+
+
+	Insecure cookies are set for these domains:
+
+		- .bitstamp.net
+		- cz.bitstamp.net
+		- de.bitstamp.net
+		- fi.bitstamp.net
+		- it.bitstamp.net
+		- nl.bitstamp.net
+		- pl.bitstamp.net
+		- ru.bitstamp.net
+		- si.bitstamp.net
+		- www.bitstamp.net
+
+-->
+<ruleset name="Bitstamp.net">
+
+	<target host="bitstamp.net" />
+	<target host="*.bitstamp.net" />
+
+		<test url="http://cz.bitstamp.net/" />
+		<test url="http://de.bitstamp.net/" />
+		<test url="http://fi.bitstamp.net/" />
+		<test url="http://it.bitstamp.net/" />
+		<test url="http://nl.bitstamp.net/" />
+		<test url="http://pl.bitstamp.net/" />
+		<test url="http://ru.bitstamp.net/" />
+		<test url="http://si.bitstamp.net/" />
+		<test url="http://www.bitstamp.net/" />
+
+
+	<securecookie host="^(?:\w\w|www)?\.bitstamp\.net$" name=".+" />
+
+
+	<rule from="^http://(\w\w\.|www\.)?bitstamp\.net/"
+		to="https://$1bitstamp.net/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bittiraha.fi.xml b/src/chrome/content/rules/Bittiraha.fi.xml
deleted file mode 100644
index f1c1224d5460..000000000000
--- a/src/chrome/content/rules/Bittiraha.fi.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Bittiraha.fi">
-
-	<target host="bittiraha.fi" />
-	<target host="*.bittiraha.fi" />
-
-
-	<securecookie host="^\.bittiraha\.fi$" name=".+" />
-
-
-	<rule from="^http://(www\.)?bittiraha\.fi/"
-		to="https://$1bittiraha.fi/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Bittit.info.xml b/src/chrome/content/rules/Bittit.info.xml
index 0c4558f0197e..4a2448933525 100644
--- a/src/chrome/content/rules/Bittit.info.xml
+++ b/src/chrome/content/rules/Bittit.info.xml
@@ -1,5 +1,5 @@
 <ruleset name="Bittit.info">
   <target host="bittit.info" />
 
-  <rule from="^http://bittit\.info/" to="https://bittit.info/" />
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Bittorrent.org.xml b/src/chrome/content/rules/Bittorrent.org.xml
index 8afad68b7638..13145517680f 100644
--- a/src/chrome/content/rules/Bittorrent.org.xml
+++ b/src/chrome/content/rules/Bittorrent.org.xml
@@ -1,6 +1,13 @@
-<ruleset name="bittorrentdotorg" default_off="certificate mismatch">
-  <target host="bittorrent.org" />
-  <target host="www.bittorrent.org" />
+<!--
+	Time out:
+		ens-05.bittorrent.org
+		ens-06.bittorrent.org
+		staging.bittorrent.org
+-->
+<ruleset name="bittorrent.org">
+	<target host="bittorrent.org" />
+	<target host="www.bittorrent.org" />
 
-  <rule from="^http://(?:www\.)?bittorrent\.org/" to="https://www.bittorrent.org/"/>
+	<rule from="^http://bittorrent\.org/" to="https://www.bittorrent.org/" /> <!-- Redirect cause of bittorrent.org invalid certificate-->
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Bittrex.com.xml b/src/chrome/content/rules/Bittrex.com.xml
new file mode 100644
index 000000000000..cd36a806e45a
--- /dev/null
+++ b/src/chrome/content/rules/Bittrex.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .bittrex.com
+
+-->
+<ruleset name="Bittrex.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="bittrex.com" />
+	<target host="www.bittrex.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.bittrex\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.bittrex\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bitwig.com.xml b/src/chrome/content/rules/Bitwig.com.xml
index b2046d81ed9a..449ad0b66bfb 100644
--- a/src/chrome/content/rules/Bitwig.com.xml
+++ b/src/chrome/content/rules/Bitwig.com.xml
@@ -7,7 +7,6 @@
 	<securecookie host="^(?:www\.)?bitwig\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?bitwig\.com/"
-		to="https://$1bitwig.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Bivol.xml b/src/chrome/content/rules/Bivol.xml
index d39e6a64acb1..66e5dadd822a 100644
--- a/src/chrome/content/rules/Bivol.xml
+++ b/src/chrome/content/rules/Bivol.xml
@@ -7,7 +7,6 @@
 	<securecookie host="^(?:www\.)?bivol\.bg$" name=".+" />
 
 
-	<rule from="^http://(www\.)?bivol\.bg/"
-		to="https://$1bivol.bg/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/BizLand.com.xml b/src/chrome/content/rules/BizLand.com.xml
new file mode 100644
index 000000000000..039dea50230a
--- /dev/null
+++ b/src/chrome/content/rules/BizLand.com.xml
@@ -0,0 +1,30 @@
+<!--
+	Insecure cookies are set for these domains: ᶜ
+
+		- .bizland.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="BizLand.com">
+
+	<target host="bizland.com" />
+	<target host="secure.bizland.com" />
+	<target host="www.bizland.com" />
+
+		<!--	Sets cookie without Secure:
+							-->
+		<!--test url="http://bizland.com/controlpanel/index.bml" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.bizland\.com$" name="^(?:Currency|SESSION_ID|request_uri)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bizo-mismatches.xml b/src/chrome/content/rules/Bizo-mismatches.xml
index 001e49aedfe1..1bdd03b5f24f 100644
--- a/src/chrome/content/rules/Bizo-mismatches.xml
+++ b/src/chrome/content/rules/Bizo-mismatches.xml
@@ -2,13 +2,11 @@
 	For rules that are on by default, see Bizo.xml.
 
 -->
-<ruleset name="Bizo (mismatches)" default_off="mismatch">
+<ruleset name="Bizo.com (mismatches)" default_off="mismatched">
 
-	<!--	Cert: *.compendiumblog.com	-->
 	<target host="blog.bizo.com" />
 
 
-	<rule from="^http://blog\.bizo\.com/"
-		to="https://blog.bizo.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Bizo.xml b/src/chrome/content/rules/Bizo.xml
index 582095dff669..ece8d5f11a2d 100644
--- a/src/chrome/content/rules/Bizo.xml
+++ b/src/chrome/content/rules/Bizo.xml
@@ -1,6 +1,8 @@
 <!--
 	For problematic rules, see Bizo-mismatches.xml.
 
+	For other LinkedIn coverage, see LinkedIn.xml
+
 
 	CDN buckets:
 
@@ -8,34 +10,38 @@
 		- d15a7gkmxinlzq.cloudfront.net
 
 
-	Nonfunctional domains:
+	Nonfunctional subdomains:
 
-		- (www.)bizo.com
-		- developer.bizo.com	(cert: ghs-ssl.googlehosted.com; 404)
+		- developer *
 
--->
-<ruleset name="Bizo">
+	* Handshake fails
 
-	<target host="accounts.bizo.com" />
-	<target host="*.bizographics.com" />
 
+	Problematic subdomains:
+
+		- blog *
+
+	* Mismatched
 
-	<securecookie host="^\.bizographics\.com$" name=".+" />
 
+	Fully covered subdomains:
 
-	<rule from="^http://accounts\.bizo\.com/"
-		to="https://accounts.bizo.com/" />
+		- (www.)?
+		- accounts
+		- b2bmarketing
+		- public
+
+-->
+<ruleset name="Bizo.com">
+
+	<target host="bizo.com" />
+	<target host="b2bmarketing.bizo.com" />
+	<target host="accounts.bizo.com" />
+	<target host="public.bizo.com" />
+	<target host="www.bizo.com" />
 
-	<!--	- Tracking beacon
-		- !www doesn't exist
-					-->
-	<rule from="^http://(api|imp2|www)\.bizographics\.com/"
-		to="https://$1.bizographics.com/" />
 
-	<!--	- js cert: cloudfront.net
-		- Uses sjs for https
-					-->
-	<rule from="^https?://s?js\.bizographics\.com/"
-		to="https://sjs.bizographics.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Bizo_graphics.com.xml b/src/chrome/content/rules/Bizo_graphics.com.xml
new file mode 100644
index 000000000000..f002d0117404
--- /dev/null
+++ b/src/chrome/content/rules/Bizo_graphics.com.xml
@@ -0,0 +1,56 @@
+<!--
+	For other LinkedIn coverage, see LinkedIn.xml.
+
+
+	Problematic domains:
+
+		- js.bizographics.com *
+
+	* Cloudfront
+
+
+	Fully covered subdomains:
+
+		- api
+		- imp2 ¹
+		- js ²	(→ sjs)
+		- sjs
+		- www
+
+	¹ Tracking beacon
+	² Uses sjs for https
+
+
+	^bizographics.com doesn't exist.
+
+
+	Insecure cookies are set for these domains: ᶜ
+
+		- .bizographics.com
+
+	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
+
+-->
+<ruleset name="Bizo graphics.com">
+
+	<target host="api.bizographics.com" />
+	<target host="imp2.bizographics.com" />
+	<target host="js.bizographics.com" />
+	<target host="sjs.bizographics.com" />
+	<target host="www.bizographics.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.bizographics\.com$" name="^(BizoCustomSegments|BizoData|BizoID|BizoUserMatchHistory)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://js\.bizographics\.com/"
+		to="https://sjs.bizographics.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bizrate.com.xml b/src/chrome/content/rules/Bizrate.com.xml
index cd3c844171b9..db40f8fb3277 100644
--- a/src/chrome/content/rules/Bizrate.com.xml
+++ b/src/chrome/content/rules/Bizrate.com.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://adverising.bizrate.com/ => https://adverising.bizrate.com/: (6, 'Could not resolve host: adverising.bizrate.com')
+
 	For other Shopzilla coverage, see Shopzilla.xml.
 
 
@@ -9,47 +13,89 @@
 			- about.bizrate.com
 
 
-	Problematic domains:
+	Nonfunctional domains:
 
-		- (www.)bizrate.com
+		- www.bizrate.com *
 
-				- Pages redirect to http
-				- Resources load successfully when forced to ^
-				- But then redirect to http
-				- It's a pity we can't stop that...
+	* Redirects to http
+
+
+	Problematic domains:
 
 		- about.bizrate.com		(works; mismatched, CN: *.blazonco.com)
+		- d[1-4]-pub.bizrate.com ²
+		- img.bizrate.com ²
+
+		- file12.bizrate-images.com ²
 		- image10.bizrate-images.com	(reset)
+		- img02.bizrate-images.com ²
 		- img10.bizrate-images.com	(works, CN: gp1.wac.edgecastcdn.net)
 
+	² Akamai / mismatched
+
+
+	Insecure cookies are set for these domains: ᶜ
 
-	Fully covered domains:
+		- .bizrate.com
 
-		- about.bizrate.com		(→ aboutbizrate.blazonco.com)
-		- image10.bizrate-images.com	(→ images.bizrate.com)
-		- img10.bizrate-images.com	(→ images.bizrate.com)
+	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="Bizrate.com (partial)">
+<ruleset name="Bizrate.com (partial)" default_off="failed ruleset test">
 
-	<!--target host="bizrate.com" /-->
-	<target host="*.bizrate.com" />
-	<target host="*.bizrate-images.com" />
+	<!--	Direct rewrites:
+				-->
+	<target host="bizrate.com" />
+	<target host="adverising.bizrate.com" />
+	<target host="images.bizrate.com" />
+	<target host="medals.bizrate.com" />
+	<target host="rd.bizrate.com" />
+	<!--target host="www.bizrate.com" /-->
 
+	<!--	Complications:
+				-->
+	<target host="about.bizrate.com" />
+	<target host="file.bizrate.com" />
+	<target host="img.bizrate.com" />
 
-	<!--securecookie host="^\.bizrate\.com$" name=".*" /-->
+	<target host="file12.bizrate-images.com" />
+	<target host="image10.bizrate-images.com" />
+	<target host="image12.bizrate-images.com" />
+	<target host="image13.bizrate-images.com" />
+	<target host="img.bizrate-images.com" />
+	<target host="img01.bizrate-images.com" />
+	<target host="img02.bizrate-images.com" />
+	<target host="img13.bizrate-images.com" />
 
+		<!--exclusion pattern="^http://www\.bizrate\.com/(?!favicon\.ico|static/)" /-->
+
+		<!--	Sets cookies without Secure:
+							-->
+		<!--test url="http://rd.bizrate.com/rd2?t=&amp;mid=&amp;catId=&amp;prodId=&amp;tokenId=&amp;lg=&amp;bAmt=&amp;ppr=&amp;oid=&amp;atom=&amp;bidType=&amp;bId=&amp;mpid=&amp;countryCode=US&amp;rf=" /-->
+
+
+	<!--	Not secured by server, set by rd:
+							-->
+	<!--securecookie host="^\.bizrate\.com$" name="^(?:_data|br|cnx_sessionid|p13n_id|rng|roi_cookie|sessionid|trafficSourceDebugParam)$" /-->
+
+	<!--securecookie host="." name="." /-->
+	<securecookie host="^\." name="^(?:_data|br|cnx_sessionid|p13n_id|rng|roi_cookie|trafficSourceDebugParam)$" />
 
-	<!--rule from="^http://(?:www\.)?bizrate\.com/(favicon\.ico|static/)"
-		to="https://bizrate.com/$1" /-->
 
 	<rule from="^http://about\.bizrate\.com/"
 		to="https://aboutbizrate.blazonco.com/" />
 
-	<rule from="^http://(image|medal)s\.bizrate\.com/"
-		to="https://$1s.bizrate.com/" />
+	<rule from="^http://(?:file|img)\.bizrate\.com/"
+		to="https://images.bizrate.com/" />
+
+		<test url="http://img.bizrate.com/site/smiley_satisfactory_24x23.gif" />
 
-	<rule from="^http://im(?:age10|g)\.bizrate-images\.com/"
+	<rule from="^http://\w+\.bizrate-images\.com/"
 		to="https://images.bizrate.com/" />
 
-</ruleset>
\ No newline at end of file
+		<test url="http://img02.bizrate-images.com/s2static/us/br/cb28aac3/br2/images/ratings/smiley_outstanding_24x23.gif" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bizshark.xml b/src/chrome/content/rules/Bizshark.xml
index e73220b8df5c..e277290d1557 100644
--- a/src/chrome/content/rules/Bizshark.xml
+++ b/src/chrome/content/rules/Bizshark.xml
@@ -1,13 +1,12 @@
 <ruleset name="Bizshark">
 
 	<target host="bizshark.com" />
-	<target host="*.bizshark.com" />
+	<target host="www.bizshark.com" />
 
 
 	<securecookie host="^(?:www)?\.bizshark\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?bizshark\.com/"
-		to="https://$1bizshark.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/BlackArch.org.xml b/src/chrome/content/rules/BlackArch.org.xml
new file mode 100644
index 000000000000..a09423ae323d
--- /dev/null
+++ b/src/chrome/content/rules/BlackArch.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="BlackArch.org">
+	<target host="blackarch.org" />
+	<target host="www.blackarch.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/BlackDiamondEquipment.com.xml b/src/chrome/content/rules/BlackDiamondEquipment.com.xml
new file mode 100644
index 000000000000..ac7cf5f1a2af
--- /dev/null
+++ b/src/chrome/content/rules/BlackDiamondEquipment.com.xml
@@ -0,0 +1,43 @@
+<!--
+	Bad request:
+		- blackdiamondequipment.com, equivalent to www.blackdiamondequipment.com
+
+	Connection refused:
+		- careers.blackdiamondequipment.com
+
+	Invalid cert:
+		- catalog.blackdiamondequipment.com
+		- cdn.blackdiamondequipment.com, equivalent to deghetmoql414.cloudfront.net
+		- enews.blackdiamondequipment.com
+		- journal.blackdiamondequipment.com
+		- marketing.blackdiamondequipment.com
+		- media.blackdiamondequipment.com
+		- reviews.blackdiamondequipment.com
+		- ugc.blackdiamondequipment.com
+
+	SSL protocol error:
+		- shop.blackdiamondequipment.com
+
+	Timed out:
+		- uac.blackdiamondequipment.com
+-->
+
+<ruleset name="BlackDiamondEquipment.com">
+	<target host="blackdiamondequipment.com" />
+	<target host="www.blackdiamondequipment.com" />
+	<target host="cdn.blackdiamondequipment.com" />
+	<target host="dealer.blackdiamondequipment.com" />
+	<target host="eu.blackdiamondequipment.com" />
+	<target host="jetforce.blackdiamondequipment.com" />
+	<target host="jp.blackdiamondequipment.com" />
+	<target host="nadevelopment.blackdiamondequipment.com" />
+
+	<rule from="^http://blackdiamondequipment\.com/"
+		to="https://www.blackdiamondequipment.com/" />
+
+	<rule from="^http://cdn\.blackdiamondequipment\.com/"
+		to="https://deghetmoql414.cloudfront.net/" />
+		<test url="http://cdn.blackdiamondequipment.com/marketing/mugs _application_2017.pdf" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/BlackHat.xml b/src/chrome/content/rules/BlackHat.xml
index c8094204c053..a913fad6ef5e 100644
--- a/src/chrome/content/rules/BlackHat.xml
+++ b/src/chrome/content/rules/BlackHat.xml
@@ -1,6 +1,29 @@
-<ruleset name="BlackHat">
-  <target host="blackhat.com" />
-  <target host="www.blackhat.com" />
+<!--
+	Nonfunctional subdomains:
+
+		- media *
+
+	* 503
+
+
+	Insecure cookies are set for these domains:
+
+		- .blackhat.com
+
+-->
+<ruleset name="BlackHat.com (partial)">
+
+	<target host="blackhat.com" />
+	<target host="www.blackhat.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.blackhat\.com$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.blackhat\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
 
-  <rule from="^http://(?:www\.)?blackhat\.com/" to="https://www.blackhat.com/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/BlackMesh.com.xml b/src/chrome/content/rules/BlackMesh.com.xml
index c7e81313c278..7bd92c2b5f12 100644
--- a/src/chrome/content/rules/BlackMesh.com.xml
+++ b/src/chrome/content/rules/BlackMesh.com.xml
@@ -1,4 +1,6 @@
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://blackmesh.com/ => https://www.blackmesh.com/: Cycle detected - URL already encountered: https://www.blackmesh.com/
 	Fully covered subdomains:
 
 		- (www.)	(^ → www)
@@ -11,7 +13,11 @@
 <ruleset name="BlackMesh.com">
 
 	<target host="blackmesh.com" />
-	<target host="*.blackmesh.com" />
+	<target host="www.blackmesh.com" />
+	<target host="mail.blackmesh.com" />
+	<target host="autodiscover.blackmesh.com" />
+	<target host="portal.blackmesh.com" />
+	<target host="webmail.blackmesh.com" />
 
 
 	<securecookie host="^(?:mail|portal|webmail|www)\.blackmesh\.com$" name=".+" />
@@ -29,7 +35,6 @@
 	<rule from="^http://mail\.blackmesh\.com/"
 		to="https://mail.blackmesh.com/zimbra/" />
 
-	<rule from="^http://(autodiscover|portal|webmail)\.blackmesh\.com/"
-		to="https://$1.blackmesh.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/BlackPearl_PDM.com.xml b/src/chrome/content/rules/BlackPearl_PDM.com.xml
new file mode 100644
index 000000000000..2770c479d183
--- /dev/null
+++ b/src/chrome/content/rules/BlackPearl_PDM.com.xml
@@ -0,0 +1,20 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://blackpearlpdm.com/ => https://blackpearlpdm.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.blackpearlpdm.com/ => https://www.blackpearlpdm.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.blackpearlpdm.com'")
+
+-->
+<ruleset name="BlackPearl PDM.com" default_off="failed ruleset test">
+
+	<target host="blackpearlpdm.com" />
+	<target host="www.blackpearlpdm.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BlackPhone.ch.xml b/src/chrome/content/rules/BlackPhone.ch.xml
new file mode 100644
index 000000000000..6ceaf3475184
--- /dev/null
+++ b/src/chrome/content/rules/BlackPhone.ch.xml
@@ -0,0 +1,25 @@
+<!--
+	For other Silent Circle coverage, see Silent_Circle.xml.
+
+	Expired:
+		- agent.blackphone.ch
+
+	No working URL known:
+		- appstore.blackphone.ch
+-->
+<ruleset name="BlackPhone.ch">
+
+	<target host="blackphone.ch" />
+	<target host="www.blackphone.ch" />
+	<target host="blog.blackphone.ch" />
+	<target host="licensing.blackphone.ch" />
+	<target host="manage.blackphone.ch" />
+	<target host="my.blackphone.ch" />
+	<target host="silentstore.blackphone.ch" />
+	<target host="support.blackphone.ch" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/BlackTonic.com.xml b/src/chrome/content/rules/BlackTonic.com.xml
index cf8a21421cdb..3e514861764d 100644
--- a/src/chrome/content/rules/BlackTonic.com.xml
+++ b/src/chrome/content/rules/BlackTonic.com.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(www\.)?blacktonic\.com/si(gnup(?:$|\?|/)|tes/)"
 		to="https://$1blacktonic.com/si$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/BlackVPN.xml b/src/chrome/content/rules/BlackVPN.xml
index d56db70717cb..6996f826d9cd 100644
--- a/src/chrome/content/rules/BlackVPN.xml
+++ b/src/chrome/content/rules/BlackVPN.xml
@@ -1,7 +1,16 @@
+<!--
+	Problematic subdomains:
+
+		- news *
+
+	* Pages redirects to http; mismatched, CN: www.twylah.com
+
+-->
 <ruleset name="blackVPN">
 
 	<target host="blackvpn.com" />
-	<target host="*.blackvpn.com" />
+	<target host="www.blackvpn.com" />
+	<target host="news.blackvpn.com" />
 
 
 	<securecookie host="^\.blackvpn\.com$" name=".+" />
@@ -10,4 +19,7 @@
 	<rule from="^http://(www\.)?blackvpn\.com/"
 		to="https://$1blackvpn.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http://news\.blackvpn\.com/(?=favicon\.ico|stylesheets/)"
+		to="https://www.twylah.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Black_Box.co.uk.xml b/src/chrome/content/rules/Black_Box.co.uk.xml
new file mode 100644
index 000000000000..60061e7981bf
--- /dev/null
+++ b/src/chrome/content/rules/Black_Box.co.uk.xml
@@ -0,0 +1,19 @@
+<!--
+	^: cert only matches www
+
+-->
+<ruleset name="Black Box.co.uk">
+
+	<target host="blackbox.co.uk" />
+	<target host="www.blackbox.co.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<securecookie host="^www\.blackbox\.co\.uk$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?blackbox\.co\.uk/"
+		to="https://www.blackbox.co.uk/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Black_Duck_Software.com.xml b/src/chrome/content/rules/Black_Duck_Software.com.xml
new file mode 100644
index 000000000000..5042051d7a4d
--- /dev/null
+++ b/src/chrome/content/rules/Black_Duck_Software.com.xml
@@ -0,0 +1,47 @@
+<!--
+	Problematic subdomains:
+
+		- ^ ¹
+		- osdelivers ²
+
+	¹ Mismatched
+	² Mixed css
+
+
+	Fully covered subdomains:
+
+		- (www.)	(^ → www)
+		- dev
+		- stg
+
+
+	Mixed content:
+
+		- css, on:
+
+			- osdelivers from $self *
+			- osdelivers from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Black Duck Software.com (partial)">
+
+	<target host="blackducksoftware.com" />
+	<target host="www.blackducksoftware.com" />
+	<target host="dev.blackducksoftware.com" />
+	<target host="osdelivers.blackducksoftware.com" />
+	<target host="stg.blackducksoftware.com" />
+		<!--
+			Avoid broken MCB:
+						-->
+		<exclusion pattern="http://osdelivers\.blackducksoftware\.com/+(?!wp-content/|wp-includes/)" />
+
+
+	<rule from="^http://(?:www\.)?blackducksoftware\.com/"
+		to="https://www.blackducksoftware.com/" />
+
+
+	<rule from="^http:" to="https:" />
+</ruleset>
+
diff --git a/src/chrome/content/rules/Black_Lotus.xml b/src/chrome/content/rules/Black_Lotus.xml
index 3b34eb1b275b..6bda209dad67 100644
--- a/src/chrome/content/rules/Black_Lotus.xml
+++ b/src/chrome/content/rules/Black_Lotus.xml
@@ -1,10 +1,15 @@
-<ruleset name="Black Lotus">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.blacklotus.net/ => https://www.blacklotus.net/: (51, "SSL: no alternative certificate subject name matches target host name 'www.blacklotus.net'")
+
+-->
+<ruleset name="Black Lotus" default_off="failed ruleset test">
 
 	<target host="blacklotus.net" />
 	<target host="www.blacklotus.net" />
 
 
-	<rule from="^http://(www\.)?blacklotus\.net/"
-		to="https://$1blacklotus.net/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Blackbaud.xml b/src/chrome/content/rules/Blackbaud.xml
index 4dab9417eb56..a17faa221df0 100644
--- a/src/chrome/content/rules/Blackbaud.xml
+++ b/src/chrome/content/rules/Blackbaud.xml
@@ -3,17 +3,24 @@
 
 		- Etapestry.com.xml
 
+
+	Nonfunctional hosts in *blackbaud.com:
+
+		- internet *
+
+	* Redirects to http; self-signed, CN: ssl.certificate
+
 -->
-<ruleset name="Blackbaud">
+<ruleset name="Blackbaud.com (partial)">
 
 	<target host="blackbaud.com" />
-	<target host="*.blackbaud.com" />
+	<target host="www.blackbaud.com" />
 
 
-	<securecookie host="^(?:.*\.)?blackbaud\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(www\.)?blackbaud\.com/"
-		to="https://$1blackbaud.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Blackberry.xml b/src/chrome/content/rules/Blackberry.xml
index 1dad50f72728..efc3f7c39a65 100644
--- a/src/chrome/content/rules/Blackberry.xml
+++ b/src/chrome/content/rules/Blackberry.xml
@@ -1,30 +1,150 @@
+
 <!--
-	Problematic subdomains:
+Disabled by https-everywhere-checker because:
+Fetch error: http://developerforums.blackberry.com/? => https://supportforums.blackberry.com/t5/Developer-Support-Forums/ct-p/blackberrydev?: (51, "SSL: no alternative certificate subject name matches target host name 'supportforums.blackberry.com'")
+Fetch error: http://developerforums.blackberry.com/home => https://supportforums.blackberry.com/t5/Developer-Support-Forums/ct-p/blackberrydev: (51, "SSL: no alternative certificate subject name matches target host name 'supportforums.blackberry.com'")
+Fetch error: http://supportforums.blackberry.com/ => https://supportforums.blackberry.com/: (51, "SSL: no alternative certificate subject name matches target host name 'supportforums.blackberry.com'")
+Fetch error: http://developerforums.blackberry.com/ => https://supportforums.blackberry.com/t5/Developer-Support-Forums/ct-p/blackberrydev: (51, "SSL: no alternative certificate subject name matches target host name 'supportforums.blackberry.com'")
+
+	Nonfunctional hosts in *blackberry.com:
+
+		- demos ¹
+		- m ²
+		- support ³
+
+	¹ Dropped
+	² 504, Akamai
+	³ Salesforce
+
+
+	Problematic hosts in *blackberry.com:
+
+		- blogs ¹
+		- ca ²
+		- developerforums ³ ⁴
+		- docs ²
+		- na ²
+		- nl ²
+		- press ²
+		- us ²
+		- web ²
+
+	¹ WordPress
+	² Works, akamai
+	³ Mismatched
+	⁴ Self-signed
+
+
+	Insecure cookies are set for these hosts:
+
+		- developer.blackberry.com
+		- global.blackberry.com
+		- help.blackberry.com
+		- origin-www.blackberry.com
+		- partner.blackberry.com
+		- partners.blackberry.com
+		- supportforums.blackberry.com
+		- bdsc.webapps.blackberry.com
+		- beta.webapps.blackberry.com
 
-		- ^		(cert only matches www)
-		- press *
-		- supportforums	(no https)
-		- us *
 
-	* Works, akamai
+	Mixed content:
+
+		- Images, on :
+
+			- appworld from us.blackberry.com
+			- blogs from *.files.wordpress.com *
+			- supportforums from $self *
+
+		- favicon on supportforums from na.blackberry.com
+		- Bug on www from ehg-researchinmotion.hitbox.com
+
+	* Secured by us
 
 -->
-<ruleset name="Blackberry (partial)">
+<ruleset name="Blackberry.com (partial)" default_off="failed ruleset test">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="blackberry.com"/>
-	<target host="*.blackberry.com"/>
+	<target host="appworld.blackberry.com" />
+	<target host="blackberryid.blackberry.com" />
+	<target host="developer.blackberry.com" />
+	<target host="global.blackberry.com" />
+	<target host="help.blackberry.com" />
+	<target host="icc.blackberry.com" />
+	<target host="origin-www.blackberry.com" />
+	<target host="partner.blackberry.com" />
+	<target host="partners.blackberry.com" />
+	<target host="supportforums.blackberry.com" />
+	<target host="bdsc.webapps.blackberry.com" />
+	<target host="beta.webapps.blackberry.com" />
+	<target host="www.blackberry.com" />
+
+	<!--	Complications:
+				-->
+	<target host="developerforums.blackberry.com" />
+
+		<!--	200 redirect:
+					-->
+		<!--exclusion pattern="^http://www\.blackberry\.com/$" /-->
+		<!--
+			404:
+				-->
+		<!--exclusion pattern="^http://www\.blackberry\.com/(?:appworld/$|priv$|support/)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://(?:www\.)?blackberry\.com/(?!(?:SRPAddressLookup|beta|businessbeta|training)/?$|jira(?:$|[?/]))" />
 
+			<!--	+ve:
+					-->
+			<test url="http://www.blackberry.com/appworld/" />
+			<test url="http://www.blackberry.com/bbmmeetings" />
+			<test url="http://www.blackberry.com/cloudservices" />
+			<test url="http://www.blackberry.com/experience" />
+			<test url="http://www.blackberry.com/graduate" />
+			<test url="http://www.blackberry.com/priv" />
+			<test url="http://www.blackberry.com/secusuite" />
+			<test url="http://www.blackberry.com/support/" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.blackberry.com/SRPAddressLookup/" />
+			<test url="http://www.blackberry.com/beta/" />
+			<test url="http://www.blackberry.com/businessbeta/" />
+			<test url="http://www.blackberry.com/jira" />
+			<test url="http://www.blackberry.com/jira/secure/Dashboard.jspa" />
+			<test url="http://www.blackberry.com/training/" />
+
+		<test url="http://global.blackberry.com/en/support/blackberrytraining/blackberrytraining.html" />
+		<test url="http://global.blackberry.com/fr/smartphones/blackberry-priv/pre-register.html" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:developer|origin-developer|partner)\.blackberry\.com$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^(?:developer|global|origin-developer|origin-www|partners?|(?:bdsc|beta)\.webapps)\.blackberry\.com$" name="^BIGipServer.*" /-->
+	<!--securecookie host="^global\.blackberry\.com$" name="^temptoken$" /-->
+	<!--securecookie host="^help\.blackberry\.com$" name="^helpbbcom\.savedLocale$" /-->
+	<!--securecookie host="^supportforums\.blackberry\.com$" name="^(?:LiSESSIONID|LithiumVisitor)$" /-->
 
 	<!--	Omniture tracking cookies:
 						-->
-	<securecookie host="^\.blackberry\.com$" name="^s_\w+$" />
-	<securecookie host="^.+\.blackberry\.com$" name=".+" />
+	<securecookie host="^\." name="^s_\w" />
+	<securecookie host="^\w" name=".+" />
+
 
+	<!--	Redirect drops path and forward
+		slash, but not args:
+					-->
+	<rule from="^http://developerforums\.blackberry\.com/[^?]*"
+		to="https://supportforums.blackberry.com/t5/Developer-Support-Forums/ct-p/blackberrydev" />
 
-	<rule from="^http://((?:appworld|blackberryid|developer|global|www)\.)?blackberry\.com/"
-		to="https://$1blackberry.com/"/>
+		<test url="http://developerforums.blackberry.com/?" />
+		<test url="http://developerforums.blackberry.com/home" />
 
-	<rule from="^https?://supportforums\.blackberry\.com/"
-		to="https://rim.i.lithium.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Blackboard.xml b/src/chrome/content/rules/Blackboard.xml
index f100c916742e..23e1fc4589d2 100644
--- a/src/chrome/content/rules/Blackboard.xml
+++ b/src/chrome/content/rules/Blackboard.xml
@@ -1,24 +1,33 @@
+
 <!--
+The following targets have been disabled at 2020-04-17 18:38:06:
+
+Fetch error: http://en-us.help.blackboard.com/ => https://en-us.help.blackboard.com/: (35, 'error:14171102:SSL routines:tls_process_server_hello:unsupported protocol')
+
 	Other Blackboard rulesets:
 
-		- SafeAssign.xml
 
 
-	Nonfunctional subdomains:
+	Nonfunctional hosts in *blackboard.com:
 
-		- blog		(shows default MediaTemple page)
+		- blog *
+    - caltech-sp *
+
+	* Shows default MediaTemple page
 
 -->
-<ruleset name="Blackboard (partial)">
+<ruleset name="Blackboard.com (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="blackboard.com" />
-	<target host="*.blackboard.com" />
-
-
-	<securecookie host="^(?:.*\.)?blackboard\.com$" name=".+" />
+	<!-- target host="en-us.help.blackboard.com" /-->
+	<target host="safeassign.blackboard.com" />
+	<target host="www.blackboard.com" />
 
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(safeassign\.|www\.)?blackboard\.com/"
-		to="https://$1blackboard.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Blackfoot.co.uk.xml b/src/chrome/content/rules/Blackfoot.co.uk.xml
new file mode 100644
index 000000000000..57a4e5857e1b
--- /dev/null
+++ b/src/chrome/content/rules/Blackfoot.co.uk.xml
@@ -0,0 +1,28 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://blackfoot.co.uk/ => https://blackfoot.co.uk/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.blackfoot.co.uk/ => https://www.blackfoot.co.uk/: (60, 'SSL certificate problem: certificate has expired')
+
+	Other Blackfoot Hosting rulesets:
+
+
+
+	Mixed content:
+
+		- css from fonts.googleapis.com *
+
+		- Images from (www.) *
+
+	* Secured by us
+
+-->
+<ruleset name="Blackfoot.co.uk" default_off="failed ruleset test">
+
+	<target host="blackfoot.co.uk" />
+	<target host="www.blackfoot.co.uk" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Blacknight-Internet-Solutions.xml b/src/chrome/content/rules/Blacknight-Internet-Solutions.xml
index a6b827139abe..5f73c7d30f7e 100644
--- a/src/chrome/content/rules/Blacknight-Internet-Solutions.xml
+++ b/src/chrome/content/rules/Blacknight-Internet-Solutions.xml
@@ -18,13 +18,15 @@
 <ruleset name="Blacknight Internet Solutions (partial)">
 
 	<target host="blacknight.com" />
-	<target host="*.blacknight.com" />
+	<target host="altmail.blacknight.com" />
+	<target host="cp.blacknight.com" />
+	<target host="wiki.blacknight.com" />
+	<target host="www.blacknight.com" />
 
 
-	<securecookie host="^.*\.blacknight\.com$" name=".*" />
+	<securecookie host="^.*\.blacknight\.com$" name=".+" />
 
 
-	<rule from="^http://((?:altmail|cp|wiki|www)\.)?blacknight\.com/"
-		to="https://$1blacknight.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Blackout_Congress.org.xml b/src/chrome/content/rules/Blackout_Congress.org.xml
new file mode 100644
index 000000000000..e1696de99a25
--- /dev/null
+++ b/src/chrome/content/rules/Blackout_Congress.org.xml
@@ -0,0 +1,40 @@
+<!--
+	NB: Tor users cannot view* this website due to CloudFlare settings.
+
+	See:
+
+		- https://blog.torproject.org/blog/call-arms-helping-internet-services-accept-anonymous-users
+		- https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block-Tor-
+		- https://support.cloudflare.com/hc/en-us/articles/200170206-How-do-I-turn-I-m-Under-Attack-mode-on-
+
+	* without enabling javascript, for security and privacy implications see e.g.:
+
+		- https://www.mozilla.org/security/known-vulnerabilities/firefox.html
+		- https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-fingerprinting
+		- https://panopticlick.eff.org
+
+
+	Insecure cookies are set for these domains:
+
+		- .blackoutcongress.org
+
+-->
+<ruleset name="Blackout Congress.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="blackoutcongress.org" />
+	<target host="www.blackoutcongress.org" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.blackoutcongress\.org$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Blackpool.gov.uk.xml b/src/chrome/content/rules/Blackpool.gov.uk.xml
new file mode 100644
index 000000000000..9446ea47fb67
--- /dev/null
+++ b/src/chrome/content/rules/Blackpool.gov.uk.xml
@@ -0,0 +1,42 @@
+<!--
+	Blackpool Borough Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *blackpool.gov.uk:
+
+		- idoxpa ʳ
+		- www2 ᵈ
+
+	ᵈ Dropped
+	ʳ Refused
+
+
+	Insecure cookies are set for these hosts:
+
+		- blackpool.gov.uk
+		- democracy.blackpool.gov.uk
+		- www.blackpool.gov.uk
+
+-->
+<ruleset name="Blackpool.gov.uk (partial)">
+
+	<target host="blackpool.gov.uk" />
+	<target host="democracy.blackpool.gov.uk" />
+	<target host="emsonline.blackpool.gov.uk" />
+	<target host="selfservice.blackpool.gov.uk" />
+	<target host="www.blackpool.gov.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:democracy\.|www\.)?blackpool\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Blah.im.xml b/src/chrome/content/rules/Blah.im.xml
new file mode 100644
index 000000000000..0b57a555b64f
--- /dev/null
+++ b/src/chrome/content/rules/Blah.im.xml
@@ -0,0 +1,18 @@
+<!--
+	Fully covered hosts:
+
+		- (www.)?
+
+-->
+<ruleset name="blah.im">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="blah.im" />
+	<target host="www.blah.im" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BlamBot.com.xml b/src/chrome/content/rules/BlamBot.com.xml
new file mode 100644
index 000000000000..03661dae382a
--- /dev/null
+++ b/src/chrome/content/rules/BlamBot.com.xml
@@ -0,0 +1,11 @@
+<!--
+	Mismatched:
+		- webmail
+		- www.webmail
+-->
+<ruleset name="BlamBot.com">
+	<target host="blambot.com" />
+	<target host="www.blambot.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/BlameStella.xml b/src/chrome/content/rules/BlameStella.xml
deleted file mode 100644
index 41090b412d9f..000000000000
--- a/src/chrome/content/rules/BlameStella.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="BlameStella">
-  <target host="blamestella.com" />
-  <target host="www.blamestella.com" />
-
-  <securecookie host="^(?:www\.)?blamestella\.com$" name=".*"/>
-
-  <rule from="^http://(?:www\.)?blamestella\.com/" to="https://www.blamestella.com/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/Blank_Slate.io.xml b/src/chrome/content/rules/Blank_Slate.io.xml
new file mode 100644
index 000000000000..2a39ba99ec86
--- /dev/null
+++ b/src/chrome/content/rules/Blank_Slate.io.xml
@@ -0,0 +1,23 @@
+<!--
+
+	Mismatched hosts in *blankslate.io:
+
+		- www
+
+-->
+<ruleset name="Blank Slate.io">
+
+	<target host="blankslate.io" />
+	<target host="www.blankslate.io" />
+
+
+	<securecookie host="^blankslate\.io$" name=".+" />
+
+
+	<rule from="^http://www\.blankslate\.io/"
+		to="https://blankslate.io/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Blastingnews.com.xml b/src/chrome/content/rules/Blastingnews.com.xml
new file mode 100644
index 000000000000..2ef308e4e8eb
--- /dev/null
+++ b/src/chrome/content/rules/Blastingnews.com.xml
@@ -0,0 +1,31 @@
+<!--
+	Ruleset for blastingnews.com.
+
+	Not supporting HTTPS or using an invalid certificate:
+		* ar.blastingnews.com
+		* br.blastingnews.com
+		* cdn-es.blastingnews.com
+		* de.blastingnews.com
+		* el.blastingnews.com
+		* es.blastingnews.com
+		* fr.blastingnews.com
+		* hu.blastingnews.com
+		* it.blastingnews.com
+		* mx.blastingnews.com
+		* pl.blastingnews.com
+		* ro.blastingnews.com
+		* ru.blastingnews.com
+		* smtp01.blastingnews.com
+		* uk.blastingnews.com
+		* us.blastingnews.com
+		* video.blastingnews.com
+		* www.uk.blastingnews.com
+-->
+<ruleset name="blastingnews.com">
+	<target host="blastingnews.com" />
+	<target host="www.blastingnews.com" />
+	<target host="blaster.blastingnews.com" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Blasze.com.xml b/src/chrome/content/rules/Blasze.com.xml
new file mode 100644
index 000000000000..030df2ddcca5
--- /dev/null
+++ b/src/chrome/content/rules/Blasze.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="Blasze.com">
+	<target host="blasze.com" />
+	<target host="www.blasze.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Blasze.tk.xml b/src/chrome/content/rules/Blasze.tk.xml
new file mode 100644
index 000000000000..95a9e27942e4
--- /dev/null
+++ b/src/chrome/content/rules/Blasze.tk.xml
@@ -0,0 +1,8 @@
+<ruleset name="Blasze.tk">
+	<target host="blasze.tk" />
+	<target host="www.blasze.tk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Blau.de.xml b/src/chrome/content/rules/Blau.de.xml
index 7995042786fc..5f56623f8a3d 100644
--- a/src/chrome/content/rules/Blau.de.xml
+++ b/src/chrome/content/rules/Blau.de.xml
@@ -16,7 +16,7 @@
 	<target host="*.blau.de" />
 
 
-	<securecookie host="^(?:.+\.)?blau\.de$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http://([^/:@]+\.)?blau\.de/"
diff --git a/src/chrome/content/rules/Blaze.com.xml b/src/chrome/content/rules/Blaze.com.xml
new file mode 100644
index 000000000000..40aba6bd5a76
--- /dev/null
+++ b/src/chrome/content/rules/Blaze.com.xml
@@ -0,0 +1,34 @@
+<!--
+	Nonfunctional subdomains:
+
+		- (www.) ¹
+		- adverts ²
+
+	¹ Refused
+	² Dropped
+
+
+	Fully covered subdomains:
+
+		- assets
+		- downloads
+		- platform
+		- secure
+
+
+	These altnames don't exist:
+
+		- iwin-download.blaze.com
+
+-->
+<ruleset name="blaze.com (partial)">
+
+	<target host="assets.blaze.com" />
+	<target host="downloads.blaze.com" />
+	<target host="platform.blaze.com" />
+	<target host="secure.blaze.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BlazeKing.com.xml b/src/chrome/content/rules/BlazeKing.com.xml
new file mode 100644
index 000000000000..7cc1cda693a3
--- /dev/null
+++ b/src/chrome/content/rules/BlazeKing.com.xml
@@ -0,0 +1,14 @@
+<!--
+	Invalid certificate:
+		- blazeking.com, equivalent to www.blazeking.com
+-->
+
+<ruleset name="BlazeKing.com">
+	<target host="blazeking.com" />
+	<target host="www.blazeking.com" />
+
+	<rule from="^http://blazeking\.com/"
+		to="https://www.blazeking.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Blazeti.me.xml b/src/chrome/content/rules/Blazeti.me.xml
new file mode 100644
index 000000000000..f6d3aa7e79da
--- /dev/null
+++ b/src/chrome/content/rules/Blazeti.me.xml
@@ -0,0 +1,5 @@
+<ruleset name="Blazeti.me">
+	<target host="blazeti.me" />
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Blazing-Thyme.xml b/src/chrome/content/rules/Blazing-Thyme.xml
index 81600dda51e2..fdb40ef5e240 100644
--- a/src/chrome/content/rules/Blazing-Thyme.xml
+++ b/src/chrome/content/rules/Blazing-Thyme.xml
@@ -1,17 +1,24 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://blazingthyme.com/ => https://blazingthyme.com/: (28, 'Connection timed out after 20010 milliseconds')
+Fetch error: http://www.blazingthyme.com/ => https://www.blazingthyme.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://blazingthyme.com/ => https://blazingthyme.com/: (28, 'Connection timed out after 10000 milliseconds')
+Fetch error: http://www.blazingthyme.com/ => https://www.blazingthyme.com/: (28, 'Connection timed out after 10001 milliseconds')
 	shop.blazingthyme.com is handled in Nexternal-clients.xml.
 
 -->
-<ruleset name="Blazing Thyme">
+<ruleset name="Blazing Thyme" default_off="failed ruleset test">
 
 	<target host="blazingthyme.com" />
 	<target host="www.blazingthyme.com" />
 
 
-	<securecookie host="^(www\.)?blazingthyme\.com$" name=".*" />
+	<securecookie host="^(?:www\.)?blazingthyme\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?blazingthyme\.com/"
-		to="https://$1blazingthyme.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Blazonco.com.xml b/src/chrome/content/rules/Blazonco.com.xml
index 759a818f6c27..0b38a88e72bb 100644
--- a/src/chrome/content/rules/Blazonco.com.xml
+++ b/src/chrome/content/rules/Blazonco.com.xml
@@ -14,10 +14,10 @@
 	<target host="*.blazonco.com" />
 
 
-	<securecookie host="^(?:.*\.)?blazonco\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http://([\w-]+\.)?blazonco\.com/"
 		to="https://$1blazonco.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Bleep.com.xml b/src/chrome/content/rules/Bleep.com.xml
new file mode 100644
index 000000000000..a8cb1b506c15
--- /dev/null
+++ b/src/chrome/content/rules/Bleep.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="Bleep.com">
+
+	<target host="bleep.com" />
+	<target host="www.bleep.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Blekko.xml b/src/chrome/content/rules/Blekko.xml
deleted file mode 100644
index 3f63a36eaaa8..000000000000
--- a/src/chrome/content/rules/Blekko.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="Blekko">
-
-	<target host="blekko.com" />
-	<target host="www.blekko.com" />
-
-
-	<rule from="^http://(www\.)?blekko\.com/"
-		to="https://$1blekko.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Blender.org.xml b/src/chrome/content/rules/Blender.org.xml
new file mode 100644
index 000000000000..77baa9b75b56
--- /dev/null
+++ b/src/chrome/content/rules/Blender.org.xml
@@ -0,0 +1,40 @@
+<!--
+	Nonfunctional hosts in *blender.org:
+
+		- wiki *
+
+	* Refused
+
+
+	^blender.org: Dropped
+
+
+	These altnames don't exist:
+
+		- www.projects.blender.org
+
+-->
+<ruleset name="Blender.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="developer.blender.org" />
+	<target host="projects.blender.org" />
+	<target host="www.blender.org" />
+
+	<!--	Special cases:
+				-->
+	<target host="blender.org" />
+	<target host="www.developer.blender.org" />
+
+
+	<rule from="^http://blender\.org/"
+		to="https://www.blender.org/" />
+
+	<rule from="^http://www\.developer\.blender\.org/"
+		to="https://developer.blender.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Blesk.cz.xml b/src/chrome/content/rules/Blesk.cz.xml
new file mode 100644
index 000000000000..026151ddb97c
--- /dev/null
+++ b/src/chrome/content/rules/Blesk.cz.xml
@@ -0,0 +1,52 @@
+<!--
+	Nonfunctional hosts in *.blesk.cz:
+
+	certificate mismatch:
+		- autofun.blesk.cz
+		- jojfamily.blesk.cz
+		- srovnavac.blesk.cz
+	connection refused:
+		- www.bleskenergie.blesk.cz
+		- celebwiki.blesk.cz
+		- fun.blesk.cz
+		- hry.blesk.cz
+		- www.m.sportrevue.isport.blesk.cz
+		- www.tv.isport.blesk.cz
+		- www.tv.prozeny.blesk.cz
+		- search.blesk.cz
+	mixed content:
+		- fantasyms.isport.blesk.cz
+-->
+<ruleset name="Blesk.cz">
+	<target host="abicko.cz" />
+	<target host="www.abicko.cz" />
+	<target host="blesk.cz" />
+	<target host="www.blesk.cz" />
+	<target host="abc.blesk.cz" />
+	<target host="bleskenergie.blesk.cz" />
+	<target host="bleskmobil.blesk.cz" />
+	<target host="hobby.blesk.cz" />
+	<target host="horoskopy.blesk.cz" />
+	<target host="img.blesk.cz" />
+	<target host="isport.blesk.cz" />
+	<target host="fanliga.isport.blesk.cz" />
+	<target host="fantasy.isport.blesk.cz" />
+	<target host="formule1.isport.blesk.cz" />
+	<target host="fotbalove-prestupy.isport.blesk.cz" />
+	<target host="sazkafantasy.isport.blesk.cz" />
+	<target host="sportrevue.isport.blesk.cz" />
+	<target host="m.sportrevue.isport.blesk.cz" />
+	<target host="synotliga.isport.blesk.cz" />
+	<target host="tv.isport.blesk.cz" />
+	<target host="penezenka.blesk.cz" />
+	<target host="pocasi.blesk.cz" />
+	<target host="promuze.blesk.cz" />
+	<target host="prozeny.blesk.cz" />
+	<target host="tv.prozeny.blesk.cz" />
+	<target host="recepty.blesk.cz" />
+	<target host="tv.blesk.cz" />
+	<target host="tvprogram.blesk.cz" />
+	<target host="wiki.blesk.cz" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Blesta.com.xml b/src/chrome/content/rules/Blesta.com.xml
new file mode 100644
index 000000000000..2a6d13e7ebfd
--- /dev/null
+++ b/src/chrome/content/rules/Blesta.com.xml
@@ -0,0 +1,34 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- account.blesta.com
+		- docs.blesta.com
+
+
+	Mixed content:
+
+		- Image on www from $self ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="Blesta.com">
+
+	<target host="blesta.com" />
+	<target host="account.blesta.com" />
+	<target host="docs.blesta.com" />
+	<target host="www.blesta.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^account\.blesta\.com$" name="^blesta_sid$" /-->
+	<!--securecookie host="^docs\.blesta\.com$" name="^JSESSIONID$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bleutrade.com.xml b/src/chrome/content/rules/Bleutrade.com.xml
new file mode 100644
index 000000000000..bb26578eb760
--- /dev/null
+++ b/src/chrome/content/rules/Bleutrade.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .bleutrade.com
+
+-->
+<ruleset name="Bleutrade.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="bleutrade.com" />
+	<target host="www.bleutrade.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.bleutrade\.com$" name="^(?:__cfduid|affiliate|cf_clearance)$" /-->
+
+	<securecookie host="^\.bleutrade\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Blic.rs.xml b/src/chrome/content/rules/Blic.rs.xml
new file mode 100644
index 000000000000..1799e621ae7b
--- /dev/null
+++ b/src/chrome/content/rules/Blic.rs.xml
@@ -0,0 +1,18 @@
+<!--
+	404:
+		m.blic.rs
+	Invalid certificate:
+		s.blic.rs
+-->
+<ruleset name="Blic.rs">
+	<target host="blic.rs" />
+	<target host="www.blic.rs" />
+	<target host="api.blic.rs" />
+	<target host="gameplanet.blic.rs" />
+	<target host="sport.blic.rs" />
+	<target host="sso.blic.rs" />
+	<target host="zena.blic.rs" />
+	<target host="recepti.zena.blic.rs" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Blick.xml b/src/chrome/content/rules/Blick.xml
new file mode 100644
index 000000000000..e79d25d1ac7c
--- /dev/null
+++ b/src/chrome/content/rules/Blick.xml
@@ -0,0 +1,24 @@
+<!--
+	Other Blick rulesets:
+		- Blickamabend.ch.xml
+
+	Mismatch:
+		- rp.blick.ch
+-->
+<ruleset name="blick.ch">
+	<target host="blick.ch"/>
+	<target host="www.blick.ch"/>
+	<target host="c.blick.ch"/>
+	<target host="ebalance.blick.ch"/>
+	<target host="f.blick.ch"/>
+	<target host="f1.blick.ch"/>
+	<target host="f2.blick.ch"/>
+	<target host="f3.blick.ch"/>
+	<target host="gutscheine.blick.ch"/>
+	<target host="parship.blick.ch"/>
+	<target host="php.blick.ch"/>
+		<test url="http://php.blick.ch/red/WhatsAppBLICK.vcf"/>
+
+	<rule from="^http:"
+		to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/Blickamabend.ch.xml b/src/chrome/content/rules/Blickamabend.ch.xml
new file mode 100644
index 000000000000..f2067b3c383c
--- /dev/null
+++ b/src/chrome/content/rules/Blickamabend.ch.xml
@@ -0,0 +1,13 @@
+<!--
+	For other Blick coverage, see Blick.xml.
+-->
+<ruleset name="blickamabend.ch">
+	<target host="blickamabend.ch"/>
+	<target host="www.blickamabend.ch"/>
+	<target host="amp.blickamabend.ch"/>
+	<target host="app.blickamabend.ch"/>
+	<target host="f.blickamabend.ch"/>
+
+	<rule from="^http:"
+		to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/Blinddesign.nl.xml b/src/chrome/content/rules/Blinddesign.nl.xml
new file mode 100644
index 000000000000..34a10c856ae8
--- /dev/null
+++ b/src/chrome/content/rules/Blinddesign.nl.xml
@@ -0,0 +1,12 @@
+<ruleset name="Blinddesign.nl">
+
+	<target host="blinddesign.nl" />
+	<target host="www.blinddesign.nl" />
+
+
+	<securecookie host="^\.blinddesign\.nl$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bling4cars.xml b/src/chrome/content/rules/Bling4cars.xml
deleted file mode 100644
index 3e07d06f2597..000000000000
--- a/src/chrome/content/rules/Bling4cars.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Bling4cars">
-
-	<target host="bling4cars.com" />
-	<target host="*.bling4cars.com" />
-
-
-	<securecookie host="^(?:.*\.)?bling4cars\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?bling4cars\.com/"
-		to="https://$1bling4cars.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Blink-182.xml b/src/chrome/content/rules/Blink-182.xml
index 1b3e3233daea..105aa69a115e 100644
--- a/src/chrome/content/rules/Blink-182.xml
+++ b/src/chrome/content/rules/Blink-182.xml
@@ -1,10 +1,10 @@
 <!--
 	Problematic subdomains:
 
-		- (www.)	(redirects to modlife.com; mismatched, CN: modlife.com)
+		- (www.)	(Refused)
 
 -->
-<ruleset name="blink-182 (partial)">
+<ruleset name="blink-182 (partial)" default_off="refused">
 
 	<target host="blink-182.com" />
 	<target host="www.blink-182.com" />
@@ -13,4 +13,4 @@
 	<rule from="^http://(?:www\.)?blink-182\.com/(_?css/|favicon\.ico)"
 		to="https://modlife.com/$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Blinkeye.ch.xml b/src/chrome/content/rules/Blinkeye.ch.xml
index 635099b0ee31..c7f17794f8ef 100644
--- a/src/chrome/content/rules/Blinkeye.ch.xml
+++ b/src/chrome/content/rules/Blinkeye.ch.xml
@@ -1,9 +1,9 @@
 <ruleset name="blinkeye.ch" default_off="self-signed">
 
 	<target host="blinkeye.ch"/>
-	<target host="*.blinkeye.ch"/>
+	<target host="www.blinkeye.ch" />
 
-	<securecookie host="^(.*\.)?blinkeye\.ch$" name=".*"/>
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http://(?:www\.)?blinkeye\.ch/"
 		to="https://blinkeye.ch/dokuwiki/doku.php"/>
diff --git a/src/chrome/content/rules/Blinksale.com.xml b/src/chrome/content/rules/Blinksale.com.xml
new file mode 100644
index 000000000000..fac7d31d1c33
--- /dev/null
+++ b/src/chrome/content/rules/Blinksale.com.xml
@@ -0,0 +1,20 @@
+<!--
+	Fully covered hosts in *blinksale.com:
+
+		- (www.)?
+		- application
+
+-->
+<ruleset name="Blinksale.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="blinksale.com" />
+	<target host="application.blinksale.com" />
+	<target host="www.blinksale.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Blinktrade.com.xml b/src/chrome/content/rules/Blinktrade.com.xml
new file mode 100644
index 000000000000..771e0295b4c5
--- /dev/null
+++ b/src/chrome/content/rules/Blinktrade.com.xml
@@ -0,0 +1,32 @@
+<!--
+	Nonfunctional hosts in *blinktrade.com:
+
+		- blog *
+
+	* 523
+
+
+	Insecure cookies are set for these domains:
+
+		- .blinktrade.com
+
+-->
+<ruleset name="Blinktrade.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="blinktrade.com" />
+	<target host="www.blinktrade.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.blinktrade\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.blinktrade\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Blip-mismatches.xml b/src/chrome/content/rules/Blip-mismatches.xml
deleted file mode 100644
index 601bd8a255a9..000000000000
--- a/src/chrome/content/rules/Blip-mismatches.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	For rules that are on by default, see Blip.xml.
-
--->
-<ruleset name="Blip (mismatches)" default_off="mismatch">
-
-	<target host="i.blip.tv" />
-	<target host="*.i.blip.tv" />
-
-
-	<!--	Cert: /blip.tv
-		i and [0-a].i all appear to be the same.
-		Minimize the number of exceptions needed
-		 by pointing to one domain.	-->
-	<rule from="^http://(?:\w\.)?i\.blip\.tv/"
-		to="https://i.blip.tv/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Blip.xml b/src/chrome/content/rules/Blip.xml
deleted file mode 100644
index bc87b40d65b2..000000000000
--- a/src/chrome/content/rules/Blip.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<!--
-	See Blip-mismatches for rulesets that are off by default.
-
-
-	Nonfunctional subdomains:
-
-		- press		(cert: www.blipnetworks.com; redirects to blip.tv)
-		- theblog	(hosted on Tumblr)
-
-
-	Problematic subdomains:
-
-		- a	(times out)
-
--->
-<ruleset name="Blip (broken)" default_off="broken">
-  <target host="blip.tv" />
-  <target host="www.blip.tv" />
-  <target host="a.blip.tv" />
-
-  <securecookie host="^(.+\.)?blip\.tv$" name=".*"/>
-
-  <rule from="^http://(?:www\.|a\.)?blip\.tv/" to="https://blip.tv/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/Blipp.com.xml b/src/chrome/content/rules/Blipp.com.xml
index 2c5b238c212b..3b7f1104c558 100644
--- a/src/chrome/content/rules/Blipp.com.xml
+++ b/src/chrome/content/rules/Blipp.com.xml
@@ -1,9 +1,13 @@
-<ruleset name="Blipp.com" platform="mixedcontent">
+<!--
+	www.blipp.com doesn't exist.
+
+-->
+<ruleset name="Blipp.com">
 	<target host="blipp.com" />
-	<target host="www.blipp.com" />
 	<target host="vic20.blipp.com" />
-	<rule from="^http://www\.blipp\.com/" to="https://blipp.com/"/>
-	<rule from="^http://vic20\.blipp\.com/" to="https://vic20.blipp.com/"/>
-	<rule from="^http://blipp\.com/" to="https://blipp.com/"/>
+
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
 
diff --git a/src/chrome/content/rules/Blizzard.com.xml b/src/chrome/content/rules/Blizzard.com.xml
new file mode 100644
index 000000000000..e3cef84a936f
--- /dev/null
+++ b/src/chrome/content/rules/Blizzard.com.xml
@@ -0,0 +1,125 @@
+<!--
+		Cert mismatch:
+			- attdist.blizzard.com
+			- legion.campaign.blizzard.com
+			- overwatch.campaign.blizzard.com
+			- dist.blizzard.com
+			- edgecast.blizzard.com
+			- click.em.blizzard.com
+			- view.em.blizzard.com
+			- gamescom.blizzard.com
+			- gc.blizzard.com
+			- llnw.blizzard.com
+			- media.blizzard.com
+			- eu.media.blizzard.com
+			- kr.media.blizzard.com
+			- sea.media.blizzard.com
+			- tw.media.blizzard.com
+			- us.media.blizzard.com
+			- mobile.blizzard.com
+			- shop.blizzard.com
+			- smtp.blizzard.com
+			- ur.blizzard.com
+
+		Connection refused:
+			- ftp-eu.blizzard.com
+			- level3.blizzard.com
+
+		Redirect loop:
+			- eu.blizzard.com
+			- kr.blizzard.com
+			- sea.blizzard.com
+			- tw.blizzard.com
+			- us.blizzard.com
+			- www.blizzard.com
+
+		Timeout:
+			- ads.blizzard.com
+			- cn.kbase.blizzard.com
+			- cn.version.blizzard.com
+			- connect-cn.blizzard.com
+			- connect-ie.blizzard.com
+			- connect-kr.blizzard.com
+			- download.blizzard.com
+			- em.blizzard.com
+			- mta.em.blizzard.com
+			- mta2.em.blizzard.com
+			- mta3.em.blizzard.com
+			- mta4.em.blizzard.com
+			- mta5.em.blizzard.com
+			- mta6.em.blizzard.com
+			- mta7.em.blizzard.com
+			- mta8.em.blizzard.com
+			- mta9.em.blizzard.com
+			- email.blizzard.com
+			- email2.blizzard.com
+			- eu-smtp01.blizzard.com
+			- eu.installers.blizzard.com
+			- eu.version.blizzard.com
+			- eumx01.blizzard.com
+			- eumx02.blizzard.com
+			- eumx03.blizzard.com
+			- eumx04.blizzard.com
+			- exchange.blizzard.com
+			- exchange2.blizzard.com
+			- ftp.blizzard.com
+			- gss1.eu.blizzard.com
+			- gss1.kr.blizzard.com
+			- gss1.us.blizzard.com
+			- gss2.us.blizzard.com
+			- iir.blizzard.com
+			- images.blizzard.com
+			- jira.blizzard.com
+			- mx1.blizzard.com
+			- mx10.blizzard.com
+			- mx11.blizzard.com
+			- mx20.blizzard.com
+			- mx21.blizzard.com
+			- mx30.blizzard.com
+			- mx31.blizzard.com
+			- mx4.blizzard.com
+			- kr.installers.blizzard.com
+			- kr.version.blizzard.com
+			- krmx01.blizzard.com
+			- m.eu.mobileservice.blizzard.com
+			- mobile-service.blizzard.com
+			- mobileconnect.blizzard.com
+			- namx01.blizzard.com
+			- nawebex01.blizzard.com
+			- tw.version.blizzard.com
+			- us.installers.blizzard.com
+			- us.mobile-service.blizzard.com
+			- us.paygate.blizzard.com
+			- us.version.blizzard.com
+			- vpn.connect.blizzard.com
+			- vcse.blizzard.com
+			- vcse03.blizzard.com
+			- vcse04.blizzard.com
+			- vcse05.blizzard.com
+			- vcse06.blizzard.com
+
+-->
+<ruleset name="Blizzard.com (partial)">
+
+	<target host="as.blizzard.com" />
+	<target host="asdev.blizzard.com" />
+	<target host="careers.blizzard.com" />
+	<target host="connect-eu.blizzard.com" />
+	<target host="connect-us.blizzard.com" />
+	<target host="connect.blizzard.com" />
+	<target host="contests.blizzard.com" />
+	<target host="gear.blizzard.com" />
+	<target host="ipv6.blizzard.com" />
+	<target host="jobs.blizzard.com" />
+	<target host="pcbang.blizzard.com" />
+	<target host="townportal-01.blizzard.com" />
+	<target host="townportal-02.blizzard.com" />
+	<target host="townportal.blizzard.com" />
+	<target host="transfer-eu.blizzard.com" />
+	<target host="vcse07.blizzard.com" />
+	<target host="vpn.connect-eu.blizzard.com" />
+	<target host="vpn.connect-kr.blizzard.com" />
+
+	<rule from="^http:" to="https:"/>
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bloadr.com.xml b/src/chrome/content/rules/Bloadr.com.xml
index 73c47e40f4a5..52c5f797eec6 100644
--- a/src/chrome/content/rules/Bloadr.com.xml
+++ b/src/chrome/content/rules/Bloadr.com.xml
@@ -4,14 +4,16 @@
 -->
 <ruleset name="bloadr.com" default_off="mismatched">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="bloadr.com" />
 	<target host="www.bloadr.com" />
 
 
-	<securecookie host="^www\.bloadr\.com$" name=".+" />
+	<securecookie host="^(?:www\.)?bloadr\.com$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?bloadr\.com/"
-		to="https://www.bloadr.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/BlockBuster.xml b/src/chrome/content/rules/BlockBuster.xml
deleted file mode 100644
index cc634900ecce..000000000000
--- a/src/chrome/content/rules/BlockBuster.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="BlockBuster UK" platform="mixedcontent">
-  <target host="www.blockbuster.co.uk" />
-  <target host="blockbuster.co.uk" />
-
-  <rule from="^http://(?:www\.)?blockbuster\.co\.uk/" to="https://www.blockbuster.co.uk/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/BlockExplorer.com.xml b/src/chrome/content/rules/BlockExplorer.com.xml
index c3c6b11b71fd..e65edaabc584 100644
--- a/src/chrome/content/rules/BlockExplorer.com.xml
+++ b/src/chrome/content/rules/BlockExplorer.com.xml
@@ -1,13 +1,12 @@
 <ruleset name="BlockExplorer.com">
 
 	<target host="blockexplorer.com" />
-	<target host="*.blockexplorer.com" />
+	<target host="www.blockexplorer.com" />
 
 
 	<securecookie host="^\.blockexplorer\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?blockexplorer\.com/"
-		to="https://$1blockexplorer.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/BlockExplorer.nu.xml b/src/chrome/content/rules/BlockExplorer.nu.xml
new file mode 100644
index 000000000000..49d45b5cbd06
--- /dev/null
+++ b/src/chrome/content/rules/BlockExplorer.nu.xml
@@ -0,0 +1,30 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://blockexplorer.nu/ => https://blockexplorer.nu/: (7, 'Failed to connect to blockexplorer.nu port 443: Connection refused')
+Fetch error: http://www.blockexplorer.nu/ => https://www.blockexplorer.nu/: (7, 'Failed to connect to www.blockexplorer.nu port 443: Connection refused')
+
+	Insecure cookies are set for these domains:
+
+		- .blockexplorer.nu
+
+-->
+<ruleset name="BlockExplorer.nu" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="blockexplorer.nu" />
+	<target host="www.blockexplorer.nu" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.blockexplorer\.nu$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.blockexplorer\.nu$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BlockScript.xml b/src/chrome/content/rules/BlockScript.xml
index 8fb297e9f7c0..9a2cee8569af 100644
--- a/src/chrome/content/rules/BlockScript.xml
+++ b/src/chrome/content/rules/BlockScript.xml
@@ -3,7 +3,7 @@
 	<target host="blockscript.com"/>
 	<target host="www.blockscript.com"/>
 
-	<securecookie host="^www\.blockscript\.com$" name=".*"/>
+	<securecookie host="^www\.blockscript\.com$" name=".+" />
 
 	<!--	cert not valid for !www		-->
 	<rule from="^http://(?:www\.)?blockscript\.com/"
diff --git a/src/chrome/content/rules/BlockTogether.org.xml b/src/chrome/content/rules/BlockTogether.org.xml
new file mode 100644
index 000000000000..b1153d7a7f67
--- /dev/null
+++ b/src/chrome/content/rules/BlockTogether.org.xml
@@ -0,0 +1,10 @@
+<ruleset name="Block Together.org">
+
+	<target host="blocktogether.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BlockTrail.com.xml b/src/chrome/content/rules/BlockTrail.com.xml
new file mode 100644
index 000000000000..168b6aaf19e3
--- /dev/null
+++ b/src/chrome/content/rules/BlockTrail.com.xml
@@ -0,0 +1,34 @@
+<!--
+	Fully covered hosts in *blocktrail.com:
+
+		- (www.)?
+		- blog
+		- static1
+
+
+	Insecure cookies are set for these domains:
+
+		- .blocktrail.com
+
+-->
+<ruleset name="BlockTrail.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="blocktrail.com" />
+	<target host="blog.blocktrail.com" />
+	<target host="static1.blocktrail.com" />
+	<target host="www.blocktrail.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.blocktrail\.com$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.blocktrail\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Block_Metrics.xml b/src/chrome/content/rules/Block_Metrics.xml
deleted file mode 100644
index 5351a98a69f7..000000000000
--- a/src/chrome/content/rules/Block_Metrics.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Block Metrics">
-
-	<target host="blockmetrics.com" />
-	<target host="www.blockmetrics.com" />
-
-
-	<securecookie host="^(?:www\.)?blockmetrics\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?blockmetrics\.com/"
-		to="https://$1blockmetrics.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Blockchain.info.xml b/src/chrome/content/rules/Blockchain.info.xml
deleted file mode 100644
index 11bc9f642d54..000000000000
--- a/src/chrome/content/rules/Blockchain.info.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<ruleset name="Blockchain.info">
-
-	<target host="blockchain.info" />
-	<target host="*.blockchain.info" />
-
-
-	<securecookie host="^(?:markets)?\.blockchain\.info$" name=".+" />
-
-
-	<rule from="^http://(markets\.|www\.)?blockchain\.info/"
-		to="https://$1blockchain.info/" />
-
-</ruleset>
-<!-- Rule generated by HTTPS Finder 0.85 -->
\ No newline at end of file
diff --git a/src/chrome/content/rules/Blocked.org.uk.xml b/src/chrome/content/rules/Blocked.org.uk.xml
new file mode 100644
index 000000000000..391370267756
--- /dev/null
+++ b/src/chrome/content/rules/Blocked.org.uk.xml
@@ -0,0 +1,14 @@
+<!--
+	For other Open Rights Group coverage, see Open_Rights_Group.xml.
+
+-->
+<ruleset name="Blocked.org.uk">
+
+	<target host="blocked.org.uk" />
+	<target host="www.blocked.org.uk" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Blocket.com.xml b/src/chrome/content/rules/Blocket.com.xml
new file mode 100644
index 000000000000..ab67f764b215
--- /dev/null
+++ b/src/chrome/content/rules/Blocket.com.xml
@@ -0,0 +1,36 @@
+<!--
+	*.blocket.com serves resources for blocket.se.
+
+	For other Blocket coverage, see Blocket.se.xml.
+
+
+	Nonfunctional subdomains:
+
+		- cdn *
+
+	* Dropped
+
+
+	^: Mismatched
+
+-->
+<ruleset name="Blocket.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.blocket.com" />
+
+	<!--	Special cases:
+				-->
+	<target host="blocket.com" />
+
+		<test url="http://blocket.com/img/transparent.gif" />
+
+
+	<rule from="^http://blocket\.com/"
+		to="https://www.blocket.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Blocket.se.xml b/src/chrome/content/rules/Blocket.se.xml
index bff0d7849949..adcccb1be143 100644
--- a/src/chrome/content/rules/Blocket.se.xml
+++ b/src/chrome/content/rules/Blocket.se.xml
@@ -1,11 +1,86 @@
-<ruleset name="Blocket.se" platform="mixedcontent">
-	<target host="blocket.se" />
+<!--
+	Other Blocket rulesets:
+
+		- Blocket.com.xml
+
+
+	^blocket.se:	Mismatched
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .blocket.se
+		- jobb.blocket.se
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- www from cdn.blocket.com ¹
+			- www, www2 from www.blocket.com ²
+			- www2 from gfx.aftonbladet-cdn.se
+			- www2 from data.klart.se.s3.amazonaws.com ²
+			- www2 from quiz.svd.se
+
+	¹ Unsecurable <= dropped
+	² Secured by us
+
+-->
+<ruleset name="Blocket.se (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="jobb.blocket.se" />
 	<target host="www.blocket.se" />
 	<target host="www2.blocket.se" />
-	<target host="eas.blocket.se" />
+
+	<!--	Special cases:
+				-->
+	<target host="blocket.se" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.blocket\.se/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.blocket\.se/+(?!(?:bostad|konto|support)(?:$|[?/])|css/|img/|static/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.blocket.se/gavleborg" />
+			<test url="http://www.blocket.se/nbl.htm" />
+			<test url="http://www.blocket.se/orebro" />
+			<test url="http://www.blocket.se/ostergotland" />
+			<test url="http://www.blocket.se/prhusbilar" />
+			<test url="http://www.blocket.se/sefina" />
+			<test url="http://www.blocket.se/skl.htm" />
+			<test url="http://www.blocket.se/sodermanland" />
+			<test url="http://www.blocket.se/uppsala" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.blocket.se/img/transparent.gif" />
+			<test url="http://www.blocket.se/konto" />
+			<test url="http://www.blocket.se/support" />
+
+			<!--	(Mixed images):
+						-->
+			<test url="http://www.blocket.se/bostad/saljes" />
+
+		<test url="http://www2.blocket.se/mobil.htm" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.blocket\.se$" name="^(ab_ratio|ab_redis|mxy|nojs|s|session_http|sli|sq)$" /-->
+	<!--securecookie host="^jobb\.blocket\.se$" name="^layout$" /-->
+
+	<securecookie host="^jobb\.blocket\.se$" name=".+" />
+
+
 	<rule from="^http://blocket\.se/" to="https://www.blocket.se/"/>
-	<rule from="^http://www\.blocket\.se/" to="https://www.blocket.se/"/>
-	<rule from="^http://www2\.blocket\.se/" to="https://www2.blocket.se/"/>
-	<rule from="^http://eas\.blocket\.se/" to="https://eas.blocket.se/"/>
+	<rule from="^http:" to="https:"/>
 </ruleset>
 
diff --git a/src/chrome/content/rules/BlockitPocket.com.xml b/src/chrome/content/rules/BlockitPocket.com.xml
new file mode 100644
index 000000000000..1adb4c843a0a
--- /dev/null
+++ b/src/chrome/content/rules/BlockitPocket.com.xml
@@ -0,0 +1,19 @@
+<!--
+	^: cert only matches www
+
+-->
+<ruleset name="BlockitPocket.com">
+
+	<target host="blockitpocket.com" />
+	<target host="www.blockitpocket.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<securecookie host="^www\.blockitpocket\.com$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?blockitpocket\.com/"
+		to="https://www.blockitpocket.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Blockspring.com.xml b/src/chrome/content/rules/Blockspring.com.xml
new file mode 100644
index 000000000000..fadc7a090219
--- /dev/null
+++ b/src/chrome/content/rules/Blockspring.com.xml
@@ -0,0 +1,41 @@
+<!--
+	Fully covered hosts in *blockspring.com:
+
+		- (www.)?
+		- api
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .blockspring.com
+		- www.blockspring.com
+
+
+	Mixed content:
+
+		- css on www from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Blockspring.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="blockspring.com" />
+	<target host="api.blockspring.com" />
+	<target host="www.blockspring.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.blockspring\.com$" name="^(__cfduid|cf_clearance)$" /-->
+	<!--securecookie host="^www\.blockspring\.com$" name="^_grafly_session$" /-->
+
+	<securecookie host="^(?:www)?\.blockspring\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Blog.ir.xml b/src/chrome/content/rules/Blog.ir.xml
new file mode 100644
index 000000000000..432cbde07919
--- /dev/null
+++ b/src/chrome/content/rules/Blog.ir.xml
@@ -0,0 +1,15 @@
+<!--
+	Wildcard certificate and DNS:
+		- blog.ir
+-->
+
+<ruleset name="Blog.ir">
+	<target host="blog.ir" />
+	<target host="*.blog.ir" />
+		<test url="http://drhatami.blog.ir/" />
+		<test url="http://pajhoohe.blog.ir/" />
+		<test url="http://zakros.blog.ir/" />
+
+	<rule from="^http://([\w-]+\.)?blog\.ir/"
+		to="https://$1blog.ir/" />
+</ruleset>
diff --git a/src/chrome/content/rules/BlogAutomobile.fr.xml b/src/chrome/content/rules/BlogAutomobile.fr.xml
new file mode 100644
index 000000000000..99b786498049
--- /dev/null
+++ b/src/chrome/content/rules/BlogAutomobile.fr.xml
@@ -0,0 +1,14 @@
+<ruleset name="Blog Automobile">
+
+	<target host="blogautomobile.fr" />
+	<target host="www.blogautomobile.fr" />
+	<target host="cdn.blogautomobile.fr" />
+	<target host="cdn2.blogautomobile.fr" />
+	<target host="m.blogautomobile.fr" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BlogCatalog.xml b/src/chrome/content/rules/BlogCatalog.xml
index 90274bf97aa0..cbe5aba34462 100644
--- a/src/chrome/content/rules/BlogCatalog.xml
+++ b/src/chrome/content/rules/BlogCatalog.xml
@@ -1,4 +1,6 @@
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://blogcatalog.com/ => https://blogcatalog.com/: Cycle detected - URL already encountered: https://blogcatalog.com/
 	Nonfunctional subdomains:
 
 		- blog	(cert: blogcatalog.com; shows (www.)'s data)
@@ -7,18 +9,18 @@
 <ruleset name="BlogCatalog">
 
 	<target host="blogcatalog.com" />
-	<target host="*.blogcatalog.com" />
+	<target host="www.blogcatalog.com" />
+	<target host="stats.blogcatalog.com" />
 
 
-	<securecookie host="^(www\.)?blogcatalog\.com$" name=".*" />
+	<securecookie host="^(?:www\.)?blogcatalog\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?blogcatalog\.com/"
-		to="https://$1blogcatalog.com/" />
 
 	<!--	Cert doesn't match.
 					-->
-	<rule from="^https?://stats\.blogcatalog\.com/"
+	<rule from="^http://stats\.blogcatalog\.com/"
 		to="https://win.staticstuff.net/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/BlogGeek.me.xml b/src/chrome/content/rules/BlogGeek.me.xml
new file mode 100644
index 000000000000..d35dcd134060
--- /dev/null
+++ b/src/chrome/content/rules/BlogGeek.me.xml
@@ -0,0 +1,29 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.bloggeek.me/ => https://www.bloggeek.me/: Too many redirects while fetching 'https://www.bloggeek.me/'
+
+	Insecure cookies are set for these domains:
+
+		- .bloggeek.me
+
+-->
+<ruleset name="BlogGeek.me" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="bloggeek.me" />
+	<target host="www.bloggeek.me" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.bloggeek\.me$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.bloggeek\.me$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BlogHer.com.xml b/src/chrome/content/rules/BlogHer.com.xml
new file mode 100644
index 000000000000..cdaa243321ab
--- /dev/null
+++ b/src/chrome/content/rules/BlogHer.com.xml
@@ -0,0 +1,52 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .www.blogher.com
+
+-->
+<ruleset name="BlogHer.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.blogher.com" />
+
+	<!--	Complications:
+				-->
+	<target host="blogher.com" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.blogher\.com/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.blogher\.com/+(?!files/|(?:login|sheknows_connect/init)(?:$|[?/])|sites/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.blogher.com/blogher-topics/blogging-social-media" />
+			<test url="http://www.blogher.com/feed" />
+			<test url="http://www.blogher.com/home" />
+			<test url="http://www.blogher.com/im-jealous-his-ex-wife/" />
+			<test url="http://www.blogher.com/member/elisa-camahort" />
+			<test url="http://www.blogher.com/member/yourtangocom" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.blogher.com/sheknows_connect/init" />
+			<test url="http://www.blogher.com/sites/all/themes/surfsup/logo.png" />
+			<test url="http://www.blogher.com/user/login" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.www\.blogher\.com$" name="^SESS[\da-f]{32}$" /-->
+
+
+	<rule from="^http://blogher\.com/"
+		to="https://www.blogher.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BlogTalkRadio.xml b/src/chrome/content/rules/BlogTalkRadio.xml
index 6421c3dbd93f..aad6c4ba444e 100644
--- a/src/chrome/content/rules/BlogTalkRadio.xml
+++ b/src/chrome/content/rules/BlogTalkRadio.xml
@@ -1,21 +1,41 @@
 <!--
+	Other BlogTalkRadio rulesets:
+
+		- BTR_CDN.com.xml
+		- BTR_static.com.xml
+		- To_BTR.com.xml
+
+
 	Nonfunctional subdomains:
 
-		- ^	(404, expired)
-		- www	(reset)
+		- my ¹
+		- sb ¹
+		- www	(Redirects to http, Akamai)
+
+	¹ Shows secure
+
+
+	Problematic subdomains:
+
+		- ^ ¹
+		- secure ²
+
+	¹ Mismatched, CN: secure.blogtalkradio.com
+	² Insecure renegotiation
 
 -->
-<ruleset name="BlogTalkRadio">
+<ruleset name="BlogTalkRadio (partial)">
 
 	<target host="blogtalkradio.com" />
-	<target host="*.blogtalkradio.com" />
-		<exclusion pattern="^https?://(?:www\.)?blogtalkradio\.com/(?![cC]ontent/|img/)" />
+	<target host="www.blogtalkradio.com" />
+	<target host="secure.blogtalkradio.com" />
+		<exclusion pattern="^http://(?:www\.)?blogtalkradio\.com/+(?![cC]ontent/|favicon\.ico|img/|login\.aspx)" />
 
 
 	<securecookie host="^secure\.blogtalkradio\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:secure\.|www\.)?blogtalkradio\.com/"
+	<rule from="^http://(?:secure\.|www\.)?blogtalkradio\.com/"
 		to="https://secure.blogtalkradio.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Blog_Automobile.xml b/src/chrome/content/rules/Blog_Automobile.xml
deleted file mode 100644
index 28a401148d40..000000000000
--- a/src/chrome/content/rules/Blog_Automobile.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Blog Automobile">
-
-	<target host="blogautomobile.fr" />
-	<target host="*.blogautomobile.fr" />
-
-
-	<securecookie host="^(?:www)?\.blogautomobile\.fr$" name=".+" />
-
-
-	<rule from="^http://(cdn2?\.|www\.)?blogautomobile\.fr/"
-		to="https://$1blogautomobile.fr/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Blog_Top_Sites.xml b/src/chrome/content/rules/Blog_Top_Sites.xml
index 56da7f1f1f10..8f72a8f11f04 100644
--- a/src/chrome/content/rules/Blog_Top_Sites.xml
+++ b/src/chrome/content/rules/Blog_Top_Sites.xml
@@ -4,23 +4,33 @@
 		- blogtopsites.s3.amazonaws.com
 
 
+	Insecure cookies are set for these domains:
+
+		- .blogtopsites.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
 	Mixed content:
 
-		- Images on www from blogtopsites.s3.amazonaws.com *
+		- Images on www from blogtopsites.s3.amazonaws.com ˢ
 
-	* Secured by us
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="Blog Top Sites.com">
+<ruleset name="Blog Top Sites.com" default_off="expired">
 
 	<target host="blogtopsites.com" />
-	<target host="*.blogtopsites.com" />
+	<target host="www.blogtopsites.com" />
 
 
-	<securecookie host="^\.blogtopsites\.com$" name=".+" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.blogtopsites\.com$" name="^PHPSESSID$" /-->
 
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(www\.)?blogtopsites\.com/"
-		to="https://$1blogtopsites.com/" />
 
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Blogg.se.xml b/src/chrome/content/rules/Blogg.se.xml
new file mode 100644
index 000000000000..15858efd3af5
--- /dev/null
+++ b/src/chrome/content/rules/Blogg.se.xml
@@ -0,0 +1,58 @@
+<!--
+	Nonfunctional subdomains:
+
+		- stats *
+
+	* Refused
+
+
+	Partially covered subdomains:
+
+		- annonsera *
+		- info *
+
+	* Avoiding broken MCB
+
+
+	Fully covered subdomains:
+
+		- (www.)?
+		- faq
+		- support
+
+
+	Mixed content:
+
+		- iframe on info from player.vimeo.com ¹
+
+		- css, on annonsera, info from:
+
+			- ^ ²
+			- fonts.googleapis.com ²
+
+		- Images on annonsera, info from www.bloggse.se ²
+		- favicon on annonsera, info from publishme.se
+		- Bugs on annonsera, info from stats ³
+
+	¹ Rule disabled by default
+	² Secured by us
+	³ Unsecurable <= refused
+
+-->
+<ruleset name="Blogg.se (partial)">
+
+	<target host="blogg.se" />
+	<target host="annonsera.blogg.se" />
+	<target host="faq.blogg.se" />
+	<target host="info.blogg.se" />
+	<target host="support.blogg.se" />
+	<target host="www.blogg.se" />
+		<!--
+			Avoid broken MCB:
+						-->
+		<exclusion pattern="^http://(?:annonsera|info)\.blogg\.se/+(?!favicon\.ico|static/)" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Blogger.xml b/src/chrome/content/rules/Blogger.xml
index 10a1e0e469e3..a86ba8b6a3e2 100644
--- a/src/chrome/content/rules/Blogger.xml
+++ b/src/chrome/content/rules/Blogger.xml
@@ -1,62 +1,38 @@
 <!--
 	For other Google coverage, see GoogleServices.xml.
 
-
-	Nonfunctional domains:
-
-		- \w+.blogspot.be *
-		- \w+.blogspot.ca *
-		- \w+.blogspot.co.uk *
-		- \w+.blogspot.de *
-		- \w+.blogspot.fi *
-		- \w+.blogspot.fr *
-		- \w+.blogspot.nl *
-		- \w+.blogspot.no *
-		- \w+.blogspot.se *
-
-	* Mismatched, redirects to http
-
-
-	Partial due to blog posts redirecting to http.
-
 -->
-<ruleset name="Blogger (partial)">
+<ruleset name="Blogger">
 
 	<target host="blogblog.com" />
-	<target host="*.blogblog.com" />
-	<target host="blogger.co.uk" />
-	<target host="*.blogger.co.uk" />
+	<target host="img1.blogblog.com" />
+	<target host="img2.blogblog.com" />
+	<target host="resources.blogblog.com" />
+	<target host="www.blogblog.com" />
+
 	<target host="blogger.com" />
-	<target host="*.blogger.com" />
-	<target host="blogspot.*" />
-	<target host="*.blogspot.be" />
-	<target host="*.blogspot.ca" />
-	<target host="blogspot.co.uk" />
-	<target host="*.blogspot.co.uk" />
-	<target host="*.blogspot.com" />
-	<target host="*.blogspot.de" />
-	<target host="*.blogspot.fi" />
-	<target host="*.blogspot.fr" />
-	<target host="*.blogspot.nl" />
-	<target host="*.blogspot.no" />
-	<target host="*.blogspot.se" />
+	<target host="buttons.blogger.com" />
+	<target host="help.blogger.com" />
+	<target host="photos1.blogger.com" />
+	<target host="www.blogger.com" />
+	<target host="www2.blogger.com" />
 
+	<target host="1.bp.blogspot.com" />
+	<target host="2.bp.blogspot.com" />
+	<target host="3.bp.blogspot.com" />
+	<target host="4.bp.blogspot.com" />
 
-	<securecookie host="^www2?\.blogger\.com$" name=".+" />
+		<test url="http://img1.blogblog.com/img/icon18_wrench_allbkg.png" />
+		<test url="http://resources.blogblog.com/img/icon18_wrench_allbkg.png" />
+		<test url="http://1.bp.blogspot.com/-dTliKTChbPA/VXh2idc5lPI/AAAAAAAABxg/xoPCoV_UeuY/s1600/04_blog_3banner.png" />
+		<test url="http://3.bp.blogspot.com/-HoA5kIzCDV0/VVNMgZYYShI/AAAAAAAAHh0/7t0oglZ-RVU/s1600/fb.png" />
+		<test url="http://4.bp.blogspot.com/-WYc90ytWu_o/VXDbFwMO3DI/AAAAAAAABxA/GFg2ZfIgeMw/s1600/backtodac.png" />
 
 
-	<!--	img[12] works as-is now. Thanks Google!
-							-->
-	<rule from="^http://(img\d\.|www\.)?blogblog\.com/"
-		to="https://$1blogblog.com/" />
-
-	<rule from="^http://((?:buttons|help|www2?)\.)?blogger\.com/"
-		to="https://$1blogger.com/" />
+	<securecookie host="^www2?\.blogger\.com$" name=".+" />
 
-	<rule from="^http://(?:\w+\.)?blog(?:ger|spot)\.[\w.]{2,5}/favicon\.ico"
-		to="https://www.blogger.com/favicon.ico" />
 
-	<rule from="^http://(\d\.bp|bp\d)\.blogspot\.com/"
-		to="https://$1.blogspot.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Bloggerei.de.xml b/src/chrome/content/rules/Bloggerei.de.xml
new file mode 100644
index 000000000000..6252559aa27e
--- /dev/null
+++ b/src/chrome/content/rules/Bloggerei.de.xml
@@ -0,0 +1,32 @@
+<ruleset name="Bloggerei.de (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="bloggerei.de" />
+	<target host="www.bloggerei.de" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.bloggerei\.de/(?:$|assets/css/|c\.php|img/|password\.php)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.bloggerei\.de/+(?!bgpublicon2?\.jpg)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.bloggerei.de/assets/css/style.css" />
+			<test url="http://www.bloggerei.de/img/logo.png" />
+			<test url="http://www.bloggerei.de/password.php" />
+			<test url="http://www.bloggerei.de/topliste.php" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.bloggerei.de/bgpublicon.jpg" />
+			<test url="http://www.bloggerei.de/bgpublicon2.jpg" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BloggingTheology.com.xml b/src/chrome/content/rules/BloggingTheology.com.xml
new file mode 100644
index 000000000000..e491a9931138
--- /dev/null
+++ b/src/chrome/content/rules/BloggingTheology.com.xml
@@ -0,0 +1,11 @@
+<ruleset name="BloggingTheology.com">
+	<target host="bloggingtheology.com" />
+	<target host="www.bloggingtheology.com" />
+
+	<target host="bloggingtheology2.com" />
+	<target host="www.bloggingtheology2.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/BloggingTheology.net.xml b/src/chrome/content/rules/BloggingTheology.net.xml
new file mode 100644
index 000000000000..b114022384de
--- /dev/null
+++ b/src/chrome/content/rules/BloggingTheology.net.xml
@@ -0,0 +1,8 @@
+<ruleset name="BloggingTheology.net">
+	<target host="bloggingtheology.net"/>
+	<target host="www.bloggingtheology.net"/>
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/Blognone.com.xml b/src/chrome/content/rules/Blognone.com.xml
index e6830c63ed83..a9345e749328 100644
--- a/src/chrome/content/rules/Blognone.com.xml
+++ b/src/chrome/content/rules/Blognone.com.xml
@@ -1,6 +1,21 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .blognone.com
+
+-->
 <ruleset name="Blognone.com">
   <target host="blognone.com" />
   <target host="www.blognone.com" />
 
-  <rule from="^http://(www\.)?blognone\.com/" to="https://www.blognone.com/" />
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.blognone\.com$" name="^SESS[\da-f]{32}$" /-->
+
+	<securecookie host="^\.blognone\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Blogo.xml b/src/chrome/content/rules/Blogo.xml
index b2ebe0480784..5205e2d6e4d1 100644
--- a/src/chrome/content/rules/Blogo.xml
+++ b/src/chrome/content/rules/Blogo.xml
@@ -1,49 +1,14 @@
 <!--
-	CDN buckets:
+	Non-functional hosts:
+		Timeout:
+		- s.blogo.it
 
-		- d2ofxhm151efeq.cloudfront.net
-
-			- static-q
-
-		- d2vgi5skuln6ia.cloudfront.net
-
-			- static
-
-
-	Nonfunctional subdomains:
-
-		- (www.) *
-		- s *
-
-	* Refused
-
-
-	Problematic subdomains:
-
-		- static-a	(dropped)
-
-
-	Fully covered subdomains:
-
-		- static	(→ d2vgi5skuln6ia.cloudfront.net)
-		- static-a	(→ d2vgi5skuln6ia.cloudfront.net)
-		- static-q	(→ d2ofxhm151efeq.cloudfront.net)
+		Certificate mismatched:
+		- static-a.blogo.it
 
 -->
 <ruleset name="blogo (partial)">
+	<target host="static-q.blogo.it" />
 
-	<target host="*.blogo.it" />
-
-
-	<!--	Tracking cookies:
-					-->
-	<securecookie host="^(?:www)?\.blogo\.it$" name="^__utm\w$" />
-
-
-	<rule from="^http://static(?:-a)?\.blogo\.it/"
-		to="https://d2vgi5skuln6ia.cloudfront.net/" />
-
-	<rule from="^http://static-q\.blogo\.it/"
-		to="https://d2ofxhm151efeq.cloudfront.net/" />
-
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Blogspot.com_blogs.xml b/src/chrome/content/rules/Blogspot.com_blogs.xml
new file mode 100644
index 000000000000..60ab8353228f
--- /dev/null
+++ b/src/chrome/content/rules/Blogspot.com_blogs.xml
@@ -0,0 +1,298 @@
+<!--
+	For other Google coverage, see GoogleServices.xml.
+
+-->
+<ruleset name="Blogspot.com blogs">
+
+	<target host="*.blogspot.ae" />
+	<target host="*.blogspot.al" />
+	<target host="*.blogspot.am" />
+	<target host="*.blogspot.ba" />
+	<target host="*.blogspot.be" />
+	<target host="*.blogspot.bg" />
+	<target host="*.blogspot.ca" />
+	<target host="*.blogspot.ch" />
+	<target host="*.blogspot.cl" />
+	<target host="*.blogspot.co.at" />
+	<target host="*.blogspot.co.id" />
+	<target host="*.blogspot.co.il" />
+	<target host="*.blogspot.co.ke" />
+	<target host="*.blogspot.co.nz" />
+	<target host="*.blogspot.co.uk" />
+	<target host="*.blogspot.co.za" />
+	<target host="*.blogspot.com.ar" />
+	<target host="*.blogspot.com.au" />
+	<target host="*.blogspot.com.br" />
+	<target host="*.blogspot.com.by" />
+	<target host="*.blogspot.com.co" />
+	<target host="*.blogspot.com.cy" />
+	<target host="*.blogspot.com.ee" />
+	<target host="*.blogspot.com.eg" />
+	<target host="*.blogspot.com.es" />
+	<target host="*.blogspot.com.mt" />
+	<target host="*.blogspot.com.ng" />
+	<target host="*.blogspot.com.tr" />
+	<target host="*.blogspot.com.uy" />
+	<target host="*.blogspot.com" />
+	<target host="*.blogspot.cz" />
+	<target host="*.blogspot.de" />
+	<target host="*.blogspot.dk" />
+	<target host="*.blogspot.fi" />
+	<target host="*.blogspot.fr" />
+	<target host="*.blogspot.gr" />
+	<target host="*.blogspot.hk" />
+	<target host="*.blogspot.hr" />
+	<target host="*.blogspot.hu" />
+	<target host="*.blogspot.ie" />
+	<target host="*.blogspot.in" />
+	<target host="*.blogspot.is" />
+	<target host="*.blogspot.it" />
+	<target host="*.blogspot.jp" />
+	<target host="*.blogspot.kr" />
+	<target host="*.blogspot.li" />
+	<target host="*.blogspot.lt" />
+	<target host="*.blogspot.lu" />
+	<target host="*.blogspot.md" />
+	<target host="*.blogspot.mk" />
+	<target host="*.blogspot.mx" />
+	<target host="*.blogspot.my" />
+	<target host="*.blogspot.nl" />
+	<target host="*.blogspot.no" />
+	<target host="*.blogspot.pe" />
+	<target host="*.blogspot.pt" />
+	<target host="*.blogspot.qa" />
+	<target host="*.blogspot.ro" />
+	<target host="*.blogspot.rs" />
+	<target host="*.blogspot.ru" />
+	<target host="*.blogspot.se" />
+	<target host="*.blogspot.sg" />
+	<target host="*.blogspot.si" />
+	<target host="*.blogspot.sk" />
+	<target host="*.blogspot.sn" />
+	<target host="*.blogspot.tw" />
+	<target host="*.blogspot.ug" />
+
+		<test url="http://ece1jngec.blogspot.com/" />
+		<test url="http://googleblog.blogspot.com/" />
+		<test url="http://googleonlinesecurity.blogspot.com/" />
+		<test url="http://lcamtuf.blogspot.com/" />
+		<test url="http://libreo-zht.blogspot.com/" />
+		<test url="http://program-think.blogspot.com/" />
+		<test url="http://w00tsec.blogspot.com/" />
+
+		<!--	All other tlds:
+					-->
+		<test url="http://bigfootevidence.blogspot.ae/" />
+		<test url="http://bigfootevidence.blogspot.al/" />
+		<test url="http://bigfootevidence.blogspot.am/" />
+		<test url="http://bigfootevidence.blogspot.ba/" />
+		<test url="http://bigfootevidence.blogspot.be/" />
+		<test url="http://bigfootevidence.blogspot.bg/" />
+		<test url="http://bigfootevidence.blogspot.ca/" />
+		<test url="http://bigfootevidence.blogspot.ch/" />
+		<test url="http://bigfootevidence.blogspot.cl/" />
+		<test url="http://bigfootevidence.blogspot.co.at/" />
+		<test url="http://bigfootevidence.blogspot.co.id/" />
+		<test url="http://bigfootevidence.blogspot.co.il/" />
+		<test url="http://bigfootevidence.blogspot.co.ke/" />
+		<test url="http://bigfootevidence.blogspot.co.nz/" />
+		<test url="http://bigfootevidence.blogspot.co.uk/" />
+		<test url="http://bigfootevidence.blogspot.co.za/" />
+		<test url="http://bigfootevidence.blogspot.com.ar/" />
+		<test url="http://bigfootevidence.blogspot.com.au/" />
+		<test url="http://bigfootevidence.blogspot.com.br/" />
+		<test url="http://bigfootevidence.blogspot.com.by/" />
+		<test url="http://bigfootevidence.blogspot.com.co/" />
+		<test url="http://bigfootevidence.blogspot.com.cy/" />
+		<test url="http://bigfootevidence.blogspot.com.ee/" />
+		<test url="http://bigfootevidence.blogspot.com.eg/" />
+		<test url="http://bigfootevidence.blogspot.com.es/" />
+		<test url="http://bigfootevidence.blogspot.com.mt/" />
+		<test url="http://bigfootevidence.blogspot.com.ng/" />
+		<test url="http://bigfootevidence.blogspot.com.tr/" />
+		<test url="http://bigfootevidence.blogspot.com.uy/" />
+		<test url="http://bigfootevidence.blogspot.com/" />
+		<test url="http://bigfootevidence.blogspot.cz/" />
+		<test url="http://bigfootevidence.blogspot.de/" />
+		<test url="http://bigfootevidence.blogspot.dk/" />
+		<test url="http://bigfootevidence.blogspot.fi/" />
+		<test url="http://bigfootevidence.blogspot.fr/" />
+		<test url="http://bigfootevidence.blogspot.gr/" />
+		<test url="http://bigfootevidence.blogspot.hk/" />
+		<test url="http://bigfootevidence.blogspot.hr/" />
+		<test url="http://bigfootevidence.blogspot.hu/" />
+		<test url="http://bigfootevidence.blogspot.ie/" />
+		<test url="http://bigfootevidence.blogspot.in/" />
+		<test url="http://bigfootevidence.blogspot.is/" />
+		<test url="http://bigfootevidence.blogspot.it/" />
+		<test url="http://bigfootevidence.blogspot.jp/" />
+		<test url="http://bigfootevidence.blogspot.kr/" />
+		<test url="http://bigfootevidence.blogspot.li/" />
+		<test url="http://bigfootevidence.blogspot.lt/" />
+		<test url="http://bigfootevidence.blogspot.lu/" />
+		<test url="http://bigfootevidence.blogspot.md/" />
+		<test url="http://bigfootevidence.blogspot.mk/" />
+		<test url="http://bigfootevidence.blogspot.mx/" />
+		<test url="http://bigfootevidence.blogspot.my/" />
+		<test url="http://bigfootevidence.blogspot.nl/" />
+		<test url="http://bigfootevidence.blogspot.no/" />
+		<test url="http://bigfootevidence.blogspot.pe/" />
+		<test url="http://bigfootevidence.blogspot.pt/" />
+		<test url="http://bigfootevidence.blogspot.qa/" />
+		<test url="http://bigfootevidence.blogspot.ro/" />
+		<test url="http://bigfootevidence.blogspot.rs/" />
+		<test url="http://bigfootevidence.blogspot.ru/" />
+		<test url="http://bigfootevidence.blogspot.se/" />
+		<test url="http://bigfootevidence.blogspot.sg/" />
+		<test url="http://bigfootevidence.blogspot.si/" />
+		<test url="http://bigfootevidence.blogspot.sk/" />
+		<test url="http://bigfootevidence.blogspot.sn/" />
+		<test url="http://bigfootevidence.blogspot.tw/" />
+		<test url="http://bigfootevidence.blogspot.ug/" />
+
+		<test url="http://googleprojectzero.blogspot.ae/" />
+		<test url="http://googleprojectzero.blogspot.al/" />
+		<test url="http://googleprojectzero.blogspot.am/" />
+		<test url="http://googleprojectzero.blogspot.ba/" />
+		<test url="http://googleprojectzero.blogspot.be/" />
+		<test url="http://googleprojectzero.blogspot.bg/" />
+		<test url="http://googleprojectzero.blogspot.ca/" />
+		<test url="http://googleprojectzero.blogspot.ch/" />
+		<test url="http://googleprojectzero.blogspot.cl/" />
+		<test url="http://googleprojectzero.blogspot.co.at/" />
+		<test url="http://googleprojectzero.blogspot.co.id/" />
+		<test url="http://googleprojectzero.blogspot.co.il/" />
+		<test url="http://googleprojectzero.blogspot.co.ke/" />
+		<test url="http://googleprojectzero.blogspot.co.nz/" />
+		<test url="http://googleprojectzero.blogspot.co.uk/" />
+		<test url="http://googleprojectzero.blogspot.co.za/" />
+		<test url="http://googleprojectzero.blogspot.com.ar/" />
+		<test url="http://googleprojectzero.blogspot.com.au/" />
+		<test url="http://googleprojectzero.blogspot.com.br/" />
+		<test url="http://googleprojectzero.blogspot.com.by/" />
+		<test url="http://googleprojectzero.blogspot.com.co/" />
+		<test url="http://googleprojectzero.blogspot.com.cy/" />
+		<test url="http://googleprojectzero.blogspot.com.ee/" />
+		<test url="http://googleprojectzero.blogspot.com.eg/" />
+		<test url="http://googleprojectzero.blogspot.com.es/" />
+		<test url="http://googleprojectzero.blogspot.com.mt/" />
+		<test url="http://googleprojectzero.blogspot.com.ng/" />
+		<test url="http://googleprojectzero.blogspot.com.tr/" />
+		<test url="http://googleprojectzero.blogspot.com.uy/" />
+		<test url="http://googleprojectzero.blogspot.com/" />
+		<test url="http://googleprojectzero.blogspot.cz/" />
+		<test url="http://googleprojectzero.blogspot.de/" />
+		<test url="http://googleprojectzero.blogspot.dk/" />
+		<test url="http://googleprojectzero.blogspot.fi/" />
+		<test url="http://googleprojectzero.blogspot.fr/" />
+		<test url="http://googleprojectzero.blogspot.gr/" />
+		<test url="http://googleprojectzero.blogspot.hk/" />
+		<test url="http://googleprojectzero.blogspot.hr/" />
+		<test url="http://googleprojectzero.blogspot.hu/" />
+		<test url="http://googleprojectzero.blogspot.ie/" />
+		<test url="http://googleprojectzero.blogspot.in/" />
+		<test url="http://googleprojectzero.blogspot.is/" />
+		<test url="http://googleprojectzero.blogspot.it/" />
+		<test url="http://googleprojectzero.blogspot.jp/" />
+		<test url="http://googleprojectzero.blogspot.kr/" />
+		<test url="http://googleprojectzero.blogspot.li/" />
+		<test url="http://googleprojectzero.blogspot.lt/" />
+		<test url="http://googleprojectzero.blogspot.lu/" />
+		<test url="http://googleprojectzero.blogspot.md/" />
+		<test url="http://googleprojectzero.blogspot.mk/" />
+		<test url="http://googleprojectzero.blogspot.mx/" />
+		<test url="http://googleprojectzero.blogspot.my/" />
+		<test url="http://googleprojectzero.blogspot.nl/" />
+		<test url="http://googleprojectzero.blogspot.no/" />
+		<test url="http://googleprojectzero.blogspot.pe/" />
+		<test url="http://googleprojectzero.blogspot.pt/" />
+		<test url="http://googleprojectzero.blogspot.qa/" />
+		<test url="http://googleprojectzero.blogspot.ro/" />
+		<test url="http://googleprojectzero.blogspot.rs/" />
+		<test url="http://googleprojectzero.blogspot.ru/" />
+		<test url="http://googleprojectzero.blogspot.se/" />
+		<test url="http://googleprojectzero.blogspot.sg/" />
+		<test url="http://googleprojectzero.blogspot.si/" />
+		<test url="http://googleprojectzero.blogspot.sk/" />
+		<test url="http://googleprojectzero.blogspot.sn/" />
+		<test url="http://googleprojectzero.blogspot.tw/" />
+		<test url="http://googleprojectzero.blogspot.ug/" />
+
+		<test url="http://sewkindofwonderful.blogspot.ae/" />
+		<test url="http://sewkindofwonderful.blogspot.al/" />
+		<test url="http://sewkindofwonderful.blogspot.am/" />
+		<test url="http://sewkindofwonderful.blogspot.ba/" />
+		<test url="http://sewkindofwonderful.blogspot.be/" />
+		<test url="http://sewkindofwonderful.blogspot.bg/" />
+		<test url="http://sewkindofwonderful.blogspot.ca/" />
+		<test url="http://sewkindofwonderful.blogspot.ch/" />
+		<test url="http://sewkindofwonderful.blogspot.cl/" />
+		<test url="http://sewkindofwonderful.blogspot.co.at/" />
+		<test url="http://sewkindofwonderful.blogspot.co.id/" />
+		<test url="http://sewkindofwonderful.blogspot.co.il/" />
+		<test url="http://sewkindofwonderful.blogspot.co.ke/" />
+		<test url="http://sewkindofwonderful.blogspot.co.nz/" />
+		<test url="http://sewkindofwonderful.blogspot.co.uk/" />
+		<test url="http://sewkindofwonderful.blogspot.co.za/" />
+		<test url="http://sewkindofwonderful.blogspot.com.ar/" />
+		<test url="http://sewkindofwonderful.blogspot.com.au/" />
+		<test url="http://sewkindofwonderful.blogspot.com.br/" />
+		<test url="http://sewkindofwonderful.blogspot.com.by/" />
+		<test url="http://sewkindofwonderful.blogspot.com.co/" />
+		<test url="http://sewkindofwonderful.blogspot.com.cy/" />
+		<test url="http://sewkindofwonderful.blogspot.com.ee/" />
+		<test url="http://sewkindofwonderful.blogspot.com.eg/" />
+		<test url="http://sewkindofwonderful.blogspot.com.es/" />
+		<test url="http://sewkindofwonderful.blogspot.com.mt/" />
+		<test url="http://sewkindofwonderful.blogspot.com.ng/" />
+		<test url="http://sewkindofwonderful.blogspot.com.tr/" />
+		<test url="http://sewkindofwonderful.blogspot.com.uy/" />
+		<test url="http://sewkindofwonderful.blogspot.com/" />
+		<test url="http://sewkindofwonderful.blogspot.cz/" />
+		<test url="http://sewkindofwonderful.blogspot.de/" />
+		<test url="http://sewkindofwonderful.blogspot.dk/" />
+		<test url="http://sewkindofwonderful.blogspot.fi/" />
+		<test url="http://sewkindofwonderful.blogspot.fr/" />
+		<test url="http://sewkindofwonderful.blogspot.gr/" />
+		<test url="http://sewkindofwonderful.blogspot.hk/" />
+		<test url="http://sewkindofwonderful.blogspot.hr/" />
+		<test url="http://sewkindofwonderful.blogspot.hu/" />
+		<test url="http://sewkindofwonderful.blogspot.ie/" />
+		<test url="http://sewkindofwonderful.blogspot.in/" />
+		<test url="http://sewkindofwonderful.blogspot.is/" />
+		<test url="http://sewkindofwonderful.blogspot.it/" />
+		<test url="http://sewkindofwonderful.blogspot.jp/" />
+		<test url="http://sewkindofwonderful.blogspot.kr/" />
+		<test url="http://sewkindofwonderful.blogspot.li/" />
+		<test url="http://sewkindofwonderful.blogspot.lt/" />
+		<test url="http://sewkindofwonderful.blogspot.lu/" />
+		<test url="http://sewkindofwonderful.blogspot.md/" />
+		<test url="http://sewkindofwonderful.blogspot.mk/" />
+		<test url="http://sewkindofwonderful.blogspot.mx/" />
+		<test url="http://sewkindofwonderful.blogspot.my/" />
+		<test url="http://sewkindofwonderful.blogspot.nl/" />
+		<test url="http://sewkindofwonderful.blogspot.no/" />
+		<test url="http://sewkindofwonderful.blogspot.pe/" />
+		<test url="http://sewkindofwonderful.blogspot.pt/" />
+		<test url="http://sewkindofwonderful.blogspot.qa/" />
+		<test url="http://sewkindofwonderful.blogspot.ro/" />
+		<test url="http://sewkindofwonderful.blogspot.rs/" />
+		<test url="http://sewkindofwonderful.blogspot.ru/" />
+		<test url="http://sewkindofwonderful.blogspot.se/" />
+		<test url="http://sewkindofwonderful.blogspot.sg/" />
+		<test url="http://sewkindofwonderful.blogspot.si/" />
+		<test url="http://sewkindofwonderful.blogspot.sk/" />
+		<test url="http://sewkindofwonderful.blogspot.sn/" />
+		<test url="http://sewkindofwonderful.blogspot.tw/" />
+		<test url="http://sewkindofwonderful.blogspot.ug/" />
+
+		<!-- Causes MCB on some pages such as http://streamfare.com/telemundo.html.
+			See https://github.com/EFForg/https-everywhere/issues/8113 -->
+		<exclusion pattern="^http://2livewatch\.blogspot\.com/2016/10/telemundo-222\.html" />
+			<test url="http://2livewatch.blogspot.com/2016/10/telemundo-222.html" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Blogto.com.xml b/src/chrome/content/rules/Blogto.com.xml
new file mode 100644
index 000000000000..60ffc27d42ae
--- /dev/null
+++ b/src/chrome/content/rules/Blogto.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="Blogto.com">
+	<target host="blogto.com" />
+	<target host="www.blogto.com" />
+	<target host="api.blogto.com" />
+	<target host="media.blogto.com" />
+	<target host="patios.blogto.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Blogtrottr.com.xml b/src/chrome/content/rules/Blogtrottr.com.xml
new file mode 100644
index 000000000000..3e155627af26
--- /dev/null
+++ b/src/chrome/content/rules/Blogtrottr.com.xml
@@ -0,0 +1,30 @@
+<!--
+	Invalid certificate:
+	- li.blogtrottr.com, equivalent to p.liadm.com
+
+	Incomplete certificate chain:
+	- prtg.blogtrottr.com
+-->
+
+<ruleset name="Blogtrottr.com">
+	<target host="blogtrottr.com" />
+	<target host="www.blogtrottr.com" />
+	<target host="api.blogtrottr.com" />
+	<target host="api-test.blogtrottr.com" />
+	<target host="beta.blogtrottr.com" />
+	<target host="blog.blogtrottr.com" />
+	<target host="lb.blogtrottr.com" />
+	<target host="li.blogtrottr.com" />
+	<target host="preview.blogtrottr.com" />
+	<target host="staging.blogtrottr.com" />
+	<target host="static.blogtrottr.com" />
+	<target host="static-test.blogtrottr.com" />
+	<target host="support.blogtrottr.com" />
+	<target host="web-test.blogtrottr.com" />
+
+	<rule from="^http://li\.blogtrottr\.com/"
+		to="https://p.liadm.com/" />
+		<test url="http://li.blogtrottr.com/click" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Bloo.ie.xml b/src/chrome/content/rules/Bloo.ie.xml
new file mode 100644
index 000000000000..be19a08ee096
--- /dev/null
+++ b/src/chrome/content/rules/Bloo.ie.xml
@@ -0,0 +1,32 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://bloo.ie/ => https://bloo.ie/: (6, 'Could not resolve host: bloo.ie')
+
+	www: refused
+
+
+	Insecure cookies are set for these domains:
+
+		- .bloo.ie
+
+-->
+<ruleset name="Bloo.ie" default_off="failed ruleset test">
+
+	<target host="bloo.ie" />
+	<target host="auth.bloo.ie" />
+	<target host="client.bloo.ie" />
+	<target host="www.bloo.ie" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.bloo\.ie$" name="^connect\.sid$" /-->
+
+	<securecookie host="^\.bloo\.ie$" name=".+" />
+
+
+	<rule from="^http://(?:(auth\.|client\.)|www\.)?bloo\.ie/"
+		to="https://$1bloo.ie/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Blood.co.uk.xml b/src/chrome/content/rules/Blood.co.uk.xml
new file mode 100644
index 000000000000..d598ec9a7c87
--- /dev/null
+++ b/src/chrome/content/rules/Blood.co.uk.xml
@@ -0,0 +1,19 @@
+<!--
+	^blood.co.uk: Refused
+	www.blood.co.uk: Redirects to http
+
+-->
+<ruleset name="Blood.co.uk (partial)">
+
+	<target host="my.blood.co.uk" />
+	<target host="secure.blood.co.uk" />
+
+
+	<securecookie host="^\." name="^_gat?$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BloodWatch.org.xml b/src/chrome/content/rules/BloodWatch.org.xml
new file mode 100644
index 000000000000..50796c7e24ce
--- /dev/null
+++ b/src/chrome/content/rules/BloodWatch.org.xml
@@ -0,0 +1,11 @@
+<ruleset name="BloodWatch.org">
+	<target host="bloodwatch.org" />
+	<target host="www.bloodwatch.org" />
+	<target host="autodiscover.bloodwatch.org" />
+	<target host="cpanel.bloodwatch.org" />
+	<target host="mail.bloodwatch.org" />
+	<target host="webdisk.bloodwatch.org" />
+	<target host="webmail.bloodwatch.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Bloodhound_Gang.com.xml b/src/chrome/content/rules/Bloodhound_Gang.com.xml
index aa36e0634ac9..4e6922e494b8 100644
--- a/src/chrome/content/rules/Bloodhound_Gang.com.xml
+++ b/src/chrome/content/rules/Bloodhound_Gang.com.xml
@@ -1,13 +1,19 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://bloodhoundgang.com/ => https://www.bloodhoundgang.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.bloodhoundgang.com'")
+
 	Problematic subdomains:
 
 		- ^	(expired 2009-12-11)
 
 -->
-<ruleset name="Bloodhound Gang.com">
+<ruleset name="Bloodhound Gang.com" default_off="failed ruleset test">
 
 	<target host="bloodhoundgang.com" />
-	<target host="*.bloodhoundgang.com" />
+	<target host="www.bloodhoundgang.com" />
+	<target host="stufftobuy.bloodhoundgang.com" />
+	<target host="www.stufftobuy.bloodhoundgang.com" />
 
 
 	<securecookie host="^\.(?:stufftobuy\.)?bloodhoundgang\.com$" name=".+" />
@@ -16,7 +22,6 @@
 	<rule from="^http://(?:www\.)?bloodhoundgang\.com/"
 		to="https://www.bloodhoundgang.com/" />
 
-	<rule from="^http://(www\.)?stufftobuy\.bloodhoundgang\.com/"
-		to="https://$1stufftobuy.bloodhoundgang.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Bloomberg.net.xml b/src/chrome/content/rules/Bloomberg.net.xml
new file mode 100644
index 000000000000..cbb013d42764
--- /dev/null
+++ b/src/chrome/content/rules/Bloomberg.net.xml
@@ -0,0 +1,42 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://njbba2csg.bloomberg.net/ => https://njbba2csg.bloomberg.net/: (7, 'Failed to connect to njbba2csg.bloomberg.net port 443: No route to host')
+Fetch error: http://nybba2csg.bloomberg.net/ => https://nybba2csg.bloomberg.net/: (28, 'Connection timed out after 20001 milliseconds')
+
+	For other Bloomberg coverage, see Bloomberg.xml.
+
+
+	(www.)?bloomberg.net: Dropped
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- bba.bloomberg.net
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Bloomberg.net (partial)" default_off="failed ruleset test">
+
+	<target host="bba.bloomberg.net" />
+	<target host="njbba2csg.bloomberg.net" />
+	<target host="nybba2csg.bloomberg.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^bba\.bloomberg\.net$" name="^(?:_bba_st_f|ASP\.NET_SessionId|PSTID)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<!--	Redirect drops path and args:
+						-->
+	<!--rule from="^http://(?:www\.)?bloomberg\.net/.*"
+		to="https://www.bloomberg.com/company" /-->
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bloomberg.xml b/src/chrome/content/rules/Bloomberg.xml
index 82ceae40a0c5..89d96b878b43 100644
--- a/src/chrome/content/rules/Bloomberg.xml
+++ b/src/chrome/content/rules/Bloomberg.xml
@@ -1,47 +1,49 @@
 <!--
-	Other Bloomberg rulesets:
-
-		- BusinessWeek.com.xml
-
-
-	CDN buckets:
-
-		- s3.amazonaws.com/bloomberg.com/
-		- cdn.video.http.2.bloomberg.com.edgesuite.net
-		- www.bloomberg.com.edgesuite.net
-		- static.btrd.net.edgesuite.net
-		- cdn.gotraffic.net.edgesuite.net
-
-
-	Problematic domains:
-
-		- cdn.videos.bloomberg.com	(akamai pointing to cloudfront)
-
-
-	Nonfunctional domains:
-
-		- bloomberg.com subdomains:
-
-			- ^ *
-			- origin-www *
-			- washpost	(refused)
-			- www **
-
-		- static.btrd.net		(shows bx.businessweek.com, akamai)
-
-		- cdn.gotraffic.net **
-		- origin-cdn.gotraffic.net *
-
-	* Dropped
-	** 504, akamai
-
+	Other Bloomberg related rulesets:
+		+ bbthat.com.xml
+		+ Bloomberg.net.xml
+		+ Bloomberg_Sports.com.xml
+		+ Bwbx.io.xml
+		+ Gotraffic.net.xml
+
+	Non-functional hosts
+		Couldn't connect to server:
+		- about.bloomberg.com
+
+		SSL connect error:
+		- jpmobile.bloomberg.com
+
+		SSL peer certificate was not OK:
+		- b.bloomberg.com
+		- cdn.videos.bloomberg.com
 -->
-<ruleset name="Bloomberg (partial)" default_off="mismatched">
-
-	<target host="cdn.videos.bloomberg.com" />
-
-
-	<rule from="^http://cdn\.videos\.bloomberg\.com/"
-		to="https://cdn.videos.bloomberg.com/" />
-
+<ruleset name="Bloomberg.com (partial)">
+	<target host="bloomberg.com" />
+	<target host="www.bloomberg.com" />
+	<target host="api.bloomberg.com" />
+	<test url="http://api.bloomberg.com/syndication/newsml/v12/news/P6XMSU6KLVRB" />
+	<target host="assist.bloomberg.com" />
+	<target host="bba.bloomberg.com" />
+	<target host="blinks.bloomberg.com" />
+	<target host="bsym.bloomberg.com" />
+	<target host="careers.bloomberg.com" />
+	<target host="cdn-mobapi.bloomberg.com" />
+	<target host="chartmaker.bloomberg.com" />
+	<target host="console.bloomberg.com" />
+	<target host="go.bloomberg.com" />
+	<target host="jobs.bloomberg.com" />
+	<target host="lei.bloomberg.com" />
+	<target host="login.bloomberg.com" />
+	<test url="http://www.bloomberg.com/account/signin" />
+	<target host="m.bloomberg.com" />
+	<target host="mediasource.bloomberg.com" />
+	<target host="nav.bloomberg.com" />
+	<test url="http://nav.bloomberg.com/public/images/ad_choices-62a535e263.png" />
+	<target host="personalization.bloomberg.com" />
+	<target host="service.bloomberg.com" />
+	<target host="tracking.bloomberg.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Bloomberg_Sports.com.xml b/src/chrome/content/rules/Bloomberg_Sports.com.xml
new file mode 100644
index 000000000000..0852b7ecfed6
--- /dev/null
+++ b/src/chrome/content/rules/Bloomberg_Sports.com.xml
@@ -0,0 +1,28 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://bloombergsports.com/ => https://www.bloombergsports.com/: (7, 'Failed to connect to www.bloombergsports.com port 443: Connection refused')
+
+	For other Bloomberg coverage, see Bloomberg.xml.
+
+
+	^: self-signed
+
+-->
+<ruleset name="Bloomberg Sports.com" default_off="failed ruleset test">
+
+	<target host="bloombergsports.com" />
+	<target host="www.bloombergsports.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.bloombergsports\.com$" name="^_ecommerce_session$" /-->
+
+	<securecookie host="^\.bloombergsports\.com$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?bloombergsports\.com/"
+		to="https://www.bloombergsports.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Blossom.IO.xml b/src/chrome/content/rules/Blossom.IO.xml
new file mode 100644
index 000000000000..59c01a2671da
--- /dev/null
+++ b/src/chrome/content/rules/Blossom.IO.xml
@@ -0,0 +1,20 @@
+<!--
+	^: reset
+
+-->
+<ruleset name="Blossom.IO">
+
+	<target host="blossom.io" />
+	<target host="www.blossom.io" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.blossom\.io$" name="^session$" /-->
+
+	<securecookie host="^www\.blossom\.io$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Blossom.co.xml b/src/chrome/content/rules/Blossom.co.xml
new file mode 100644
index 000000000000..30c293ccf3c6
--- /dev/null
+++ b/src/chrome/content/rules/Blossom.co.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .blossom.co
+
+-->
+<ruleset name="Blossom.co">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="blossom.co" />
+	<target host="www.blossom.co" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.blossom\.co$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.blossom\.co$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Blosxom.com.xml b/src/chrome/content/rules/Blosxom.com.xml
deleted file mode 100644
index 3d52a9887795..000000000000
--- a/src/chrome/content/rules/Blosxom.com.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="blosxom.com" default_off="Certificate mismatch">
-
-	<target host="blosxom.com" />
-	<target host="www.blosxom.com" />
-
-	<rule from="^http://(www\.)?blosxom\.com/"
-		to="https://blosxom.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Blot.im.xml b/src/chrome/content/rules/Blot.im.xml
new file mode 100644
index 000000000000..c4619fbea9ca
--- /dev/null
+++ b/src/chrome/content/rules/Blot.im.xml
@@ -0,0 +1,25 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.blot.im/ => https://www.blot.im/: (51, "SSL: no alternative certificate subject name matches target host name 'www.blot.im'")
+
+-->
+<ruleset name="Blot.im" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="blot.im" />
+	<target host="www.blot.im" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?blot\.im$" name="^connect\.sid$" /-->
+
+	<securecookie host="^(?:www\.)?blot\.im$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Blottr.xml b/src/chrome/content/rules/Blottr.xml
index 61a70472fa26..1546b676466e 100644
--- a/src/chrome/content/rules/Blottr.xml
+++ b/src/chrome/content/rules/Blottr.xml
@@ -9,7 +9,7 @@
 
 	<!--	!www 301s to www.
 					-->
-	<rule from="^https?://(?:www\.)?blottr\.com/"
+	<rule from="^http://(?:www\.)?blottr\.com/"
 		to="https://www.blottr.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Blue-Movie.xml b/src/chrome/content/rules/Blue-Movie.xml
index cebf094104ec..fceb671de9a0 100644
--- a/src/chrome/content/rules/Blue-Movie.xml
+++ b/src/chrome/content/rules/Blue-Movie.xml
@@ -1,25 +1,38 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.bluemovie.eu/ => https://www.bluemovie.eu/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://bluemovie.eu/ => https://www.bluemovie.eu/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
 	Nonfunctional domains:
 
 		- movieon.bluemovie.eu
 
+
+	^bluemovie.eu: Cert only matches www
+
 -->
-<ruleset name="Blue Movie (partial)">
+<ruleset name="Blue Movie (partial)" default_off="failed ruleset test">
 
-	<target host="bluemovie.eu" />
+	<!--	Direct rewrites:
+				-->
 	<target host="www.bluemovie.eu" />
+
 	<target host="bluemovie.net" />
 	<target host="www.bluemovie.net" />
 
+	<!--	Complications:
+				-->
+	<target host="bluemovie.eu" />
+
 
-	<securecookie host="^(www\.)?bluemovie\.net$" name=".*" />
+	<securecookie host="^(?:www\.)?bluemovie\.net$" name=".+" />
 
 
-	<!--	Cert only matches www.	-->
-	<rule from="^https?://(?:www\.)?bluemovie\.eu/"
+	<rule from="^http://bluemovie\.eu/"
 		to="https://www.bluemovie.eu/" />
 
-	<rule from="^http://(www\.)?bluemovie\.net/"
-		to="https://$1bluemovie.net/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/BlueCat_Networks.com.xml b/src/chrome/content/rules/BlueCat_Networks.com.xml
new file mode 100644
index 000000000000..03bf00dc4dc0
--- /dev/null
+++ b/src/chrome/content/rules/BlueCat_Networks.com.xml
@@ -0,0 +1,14 @@
+<ruleset name="BlueCat Networks.com">
+
+	<target host="bluecatnetworks.com" />
+	<target host="care.bluecatnetworks.com" />
+	<target host="www.bluecatnetworks.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BlueCats.com.xml b/src/chrome/content/rules/BlueCats.com.xml
new file mode 100644
index 000000000000..a6339298346d
--- /dev/null
+++ b/src/chrome/content/rules/BlueCats.com.xml
@@ -0,0 +1,30 @@
+<!--
+	Nonfunctional subdomains:
+
+		- support *
+
+	* Desk.com
+
+
+	(www.): Squarespace
+
+
+	These altnames don't exist:
+
+		- www.app.bluecats.com
+
+-->
+<ruleset name="BlueCats.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="app.bluecats.com" />
+
+
+	<securecookie host="^\.app\.bluecats\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BlueCava.com.xml b/src/chrome/content/rules/BlueCava.com.xml
new file mode 100644
index 000000000000..e6f2cc504fe0
--- /dev/null
+++ b/src/chrome/content/rules/BlueCava.com.xml
@@ -0,0 +1,12 @@
+<!--
+	Non-functional hosts
+		Expired:
+		- preferences.bluecava.com
+-->
+<ruleset name="BlueCava.com">
+	<target host="bluecava.com" />
+	<target host="www.bluecava.com" />
+	<target host="clients.bluecava.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/BlueCava.xml b/src/chrome/content/rules/BlueCava.xml
deleted file mode 100644
index 7deceedb0690..000000000000
--- a/src/chrome/content/rules/BlueCava.xml
+++ /dev/null
@@ -1,44 +0,0 @@
-<!--
-	Problematic subdomains:
-
-		- preferences	(seems identical to bcpd; mismatched, CN: bcpd.x7y24z365.com)
-		- status	(works; mismatched, CN: bcpd.x7y24z365.com)
-
-
-	Fully covered domains:
-
-		- bluecava.com subdomains:
-
-			- (www.)
-			- clients	(web bugs)
-			- vpn.corp
-			- ds
-			- insight
-			- lookup
-			- platform
-			- preferences	(→ bcpd.x7y24z365.com)
-			- transfer
-
-		- bcpd.x7y24z365.com
-
--->
-<ruleset name="BlueCava (partial)">
-
-	<target host="bluecava.com" />
-	<target host="*.bluecava.com" />
-	<target host="bcpd.x7y24z365.com" />
-
-
-	<!--	Tracking cookies set by clients:
-							-->
-	<securecookie host="^\.bluecava\.com$" name="^(?:d|e|g|machine|s)$" />
-	<securecookie host="^(?:vpn\.corp|transfer)\.bluecava\.com$" name=".+" />
-
-
-	<rule from="^http://((?:clients|vpn\.corp|ds|insight|lookup|platform|transfer|www)\.)?bluecava\.com/"
-		to="https://$1bluecava.com/" />
-
-	<rule from="^http://(?:preferences\.bluecava|bcpd\.x7y24z365)\.com/"
-		to="https://bcpd.x7y24z365.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/BlueCoat.xml b/src/chrome/content/rules/BlueCoat.xml
index ae0104b8613a..ea8a9b9ae327 100644
--- a/src/chrome/content/rules/BlueCoat.xml
+++ b/src/chrome/content/rules/BlueCoat.xml
@@ -1,5 +1,16 @@
-<ruleset name="BlueCoat">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://bluecoat.com/ => https://bluecoat.com/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="BlueCoat.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="bluecoat.com" />
   <target host="www.bluecoat.com" />
 
-  <rule from="^http://www\.bluecoat\.com/" to="https://www.bluecoat.com/"/>
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/BlueGenio.com.xml b/src/chrome/content/rules/BlueGenio.com.xml
deleted file mode 100644
index 1c9a94d48e61..000000000000
--- a/src/chrome/content/rules/BlueGenio.com.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<ruleset name="BlueGenio.com">
-
-	<target host="bluegenio.com" />
-	<target host="*.bluegenio.com" />
-
-
-	<securecookie host="^(?:www)?\.bluegenio\.com$" name=".+" />
-
-
-	<!--	Server redirects to www over
-		http so copy that behavior:
-						-->
-	<rule from="^http://(?:www\.)?bluegenio\.com/"
-		to="https://www.bluegenio.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/BlueHost-clients.xml b/src/chrome/content/rules/BlueHost-clients.xml
deleted file mode 100644
index fe89670f383e..000000000000
--- a/src/chrome/content/rules/BlueHost-clients.xml
+++ /dev/null
@@ -1,38 +0,0 @@
-<!--
-	Transfers past a certain limit (21615 < lim < 178417) throw 200 "TOO FAT"
-
--->
-<ruleset name="BlueHost clients">
-
-	<target host="316space.com" />
-	<target host="www.316space.com" />
-	<target host="courtneyluv.com" />
-	<target host="www.courtneyluv.com" />
-		<!--
-			Some paths throw TOO FAT.
-							-->
-		<exclusion pattern="^https?://(?:www\.)courtneyluv\.com/(?:~courtnk6/)?wp-content/uploads/" />
-	<target host="316space.harralmedia.com" />
-	<target host="www.316space.harralmedia.com" />
-	<target host="blog.pressdisplay.com" />
-	<target host="kyleschaeffer.com" />
-	<target host="www.kyleschaeffer.com" />
-
-
-	<rule from="^https?://(?:www\.)?316space(?:\.harralmedia)?\.com/(?:~harralme/316space/)?"
-		to="https://secure.bluehost.com/~harralme/316space/" />
-
-	<!--	At least some pages 404.
-						-->
-	<rule from="^https?://(?:www\.)?courtneyluv\.com/(?:~courtnk6/)?wp-content/"
-		to="https://secure.bluehost.com/~courtnk6/wp-content/" />
-
-	<rule from="^https?://(?:www\.)?kyleschaeffer\.com/wordpress/wp-content/"
-		to="https://secure.bluehost.com/~kylescha/wordpress/wp-content/" />
-
-	<!--	Cert: *.bluehost.com
-		At least some pages redirect recursively.	-->
-	<rule from="^https?://blog\.pressdisplay\.com/wp-(content|includes)/"
-		to="https://secure.bluehost.com/~pressdis/wp-$1/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/BlueKai.xml b/src/chrome/content/rules/BlueKai.xml
index dfa51d49f7e1..8fd820057575 100644
--- a/src/chrome/content/rules/BlueKai.xml
+++ b/src/chrome/content/rules/BlueKai.xml
@@ -1,37 +1,55 @@
 <!--
-	Nonfunctional domains:
+	Other BlueKai rulesets:
 
-		- (www.)bluekai.com	(times out)
-		- blogs.bluekai.com
+		- bkrtx.com.xml
 
 
-	Problematic subdomains:
+	Nonfunctional hosts in *bluekai.com:
 
-		- tags.bluekai.com	(refused)
+		- (www.)? ᵈ
+		- blogs
 
+	ᵈ Dropped
 
-	Fully covered domains:
 
-		- bluekai.com subdomains:
+	Problematic hosts in *bluekai.com:
 
-			- stags
-			- tags	(→ stags)
+		- tags ʳ
+
+	ʳ Refused, equivalent to another domain
+
+
+	Insecure cookies are set for these domains: ᶜ
+
+		- .bluekai.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="BlueKai (partial)">
+<ruleset name="BlueKai.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="partner.bluekai.com" />
+	<target host="stags.bluekai.com" />
 
-	<target host="*.bkrtx.com" />
-	<target host="*.bluekai.com" />
+	<!--	Complications:
+				-->
+	<target host="tags.bluekai.com" />
 
+		<test url="http://stags.bluekai.com/site/1?id=&amp;redir=" />
+		<test url="http://tags.bluekai.com/site/1?id=&amp;redir=" />
 
-	<!--	!www doesn't exist.	-->
-	<rule from="^http://(tags|www)\.bkrtx\.com/"
-		to="https://$1.bkrtx.com/" />
 
-	<rule from="^http://partner\.bluekai\.com/"
-		to="https://partner.bluekai.com/" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="\.bluekai\.com" name="^bk(?:dc|u)$" /-->
 
-	<rule from="^http://s?tags\.bluekai\.com/"
+
+	<rule from="^http://tags\.bluekai\.com/"
 		to="https://stags.bluekai.com/" />
 
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/BlueKrypt.be.xml b/src/chrome/content/rules/BlueKrypt.be.xml
new file mode 100644
index 000000000000..9b7098ebf81d
--- /dev/null
+++ b/src/chrome/content/rules/BlueKrypt.be.xml
@@ -0,0 +1,12 @@
+<ruleset name="BlueKrypt.be">
+
+	<target host="bluekrypt.be" />
+	<target host="www.bluekrypt.be" />
+
+
+	<!--	Redirects like so:
+					-->
+	<rule from="^http://(?:www\.)?bluekrypt\.be/[^?]*"
+		to="https://www.bluekrypt.com/fr/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BlueSSL.xml b/src/chrome/content/rules/BlueSSL.xml
index 19166b484f40..fc725327acc4 100644
--- a/src/chrome/content/rules/BlueSSL.xml
+++ b/src/chrome/content/rules/BlueSSL.xml
@@ -1,9 +1,41 @@
-<ruleset name="blueSSL">
+<!--
+	NB: Tor users cannot view* this website due to CloudFlare settings.
+
+	See:
+
+		- https://blog.torproject.org/blog/call-arms-helping-internet-services-accept-anonymous-users
+		- https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block-Tor-
+		- https://support.cloudflare.com/hc/en-us/articles/200170206-How-do-I-turn-I-m-Under-Attack-mode-on-
+
+	* without enabling javascript, for security and privacy implications see e.g.:
+
+		- https://www.mozilla.org/security/known-vulnerabilities/firefox.html
+		- https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-fingerprinting
+		- https://panopticlick.eff.org
+
+
+	Insecure cookies are set for these domains:
+
+		- .bluessl.com
+
+-->
+<ruleset name="blueSSL.com">
+
+	<!--	Direct rewrites:
+				-->
     <target host="bluessl.com" />
     <target host="*.bluessl.com" />
 
-    <rule from="^https?://bluessl\.com/"
-        to="https://www.bluessl.com/"/>
-    <rule from="^http://([^/:@]+)?\.bluessl\.com/"
-        to="https://$1.bluessl.com/" />
+		<test url="http://www.bluessl.com/" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.bluessl\.com$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+
+
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/BlueShore-Financial.xml b/src/chrome/content/rules/BlueShore-Financial.xml
new file mode 100644
index 000000000000..ef1217615155
--- /dev/null
+++ b/src/chrome/content/rules/BlueShore-Financial.xml
@@ -0,0 +1,14 @@
+<!--
+	Invalid certificates:
+		- marketing.blueshorefinancial.com
+-->
+
+<ruleset name="BlueShore Financial">
+	<target host="blueshorefinancial.com" />
+	<target host="www.blueshorefinancial.com" />
+	<target host="mdws.blueshorefinancial.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/BlueSnap.com.xml b/src/chrome/content/rules/BlueSnap.com.xml
index 96296a780349..2aeb49c0556a 100644
--- a/src/chrome/content/rules/BlueSnap.com.xml
+++ b/src/chrome/content/rules/BlueSnap.com.xml
@@ -1,7 +1,6 @@
 <!--
 	Other BlueSnap rulesets:
 
-		- Plimus.com.xml
 
 
 	Nonfunctional subdomains:
@@ -20,13 +19,16 @@
 -->
 <ruleset name="BlueSnap.com (partial)">
 
-	<target host="*.bluesnap.com" />
+	<!--	Direct rewrites:
+				-->
+	<target host="cp.bluesnap.com" />
+	<target host="sandbox.bluesnap.com" />
 
 
 	<securecookie host="^sandbox\.bluesnap\.com$" name=".+" />
 
 
-	<rule from="^http://(cp|sandbox)\.bluesnap\.com/"
-		to="https://$1.bluesnap.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/BlueToad.com.xml b/src/chrome/content/rules/BlueToad.com.xml
index d075cbd08c7a..3b2d09d08f91 100644
--- a/src/chrome/content/rules/BlueToad.com.xml
+++ b/src/chrome/content/rules/BlueToad.com.xml
@@ -14,14 +14,16 @@
 -->
 <ruleset name="BlueToad.com">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="bluetoad.com" />
 	<target host="www.bluetoad.com" />
 
 
-	<securecookie host="^(?:www\.)?bluetoad\.com$" name=".+" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^http://(www\.)?bluetoad\.com/"
-		to="https://$1bluetoad.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Blue_Jeans.com.xml b/src/chrome/content/rules/Blue_Jeans.com.xml
new file mode 100644
index 000000000000..fd8f3a496a9e
--- /dev/null
+++ b/src/chrome/content/rules/Blue_Jeans.com.xml
@@ -0,0 +1,62 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://community.bluejeans.com/ => https://community.bluejeans.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	Insecure cookies are set for these domains:
+
+		- .bluejeans.com
+
+-->
+<ruleset name="Blue Jeans.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="bluejeans.com" />
+	<target host="community.bluejeans.com" />
+	<target host="static.bluejeans.com" />
+	<target host="www.bluejeans.com" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://bluejeans\.com/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://bluejeans\.com/+(?!favicon\.ico|iframe/|sites/|trial(?:$|[?/])|z[12]/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://bluejeans.com/about" />
+			<test url="http://bluejeans.com/blog" />
+			<test url="http://bluejeans.com/careers" />
+			<test url="http://bluejeans.com/contact" />
+			<test url="http://bluejeans.com/customers" />
+			<test url="http://bluejeans.com/press" />
+			<test url="http://bluejeans.com/room-to-remote" />
+			<test url="http://bluejeans.com/support" />
+
+			<!--	-ve:
+					-->
+			<test url="http://bluejeans.com/favicon.ico" />
+			<test url="http://bluejeans.com/iframe/attend/" />
+			<test url="http://bluejeans.com/iframe/login/" />
+			<test url="http://bluejeans.com/sites/default/files/uploaded_images/img-cs-home-h.png" />
+			<test url="http://bluejeans.com/trial" />
+			<test url="http://bluejeans.com/trial/footer" />
+			<test url="http://bluejeans.com/trial/header" />
+			<test url="http://bluejeans.com/z1/media/960gs/css/reset.css" />
+			<test url="http://bluejeans.com/z2/media/css/auth/linkedin.css" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.bluejeans\.com$" name="^(?:__qca|bjnat_prod)$" /-->
+
+	<securecookie host="^\.bluejeans\.com$" name="^__qca$" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Blue_Jeans_Cable.com.xml b/src/chrome/content/rules/Blue_Jeans_Cable.com.xml
index 384a80dc854f..435b866fbbf3 100644
--- a/src/chrome/content/rules/Blue_Jeans_Cable.com.xml
+++ b/src/chrome/content/rules/Blue_Jeans_Cable.com.xml
@@ -1,5 +1,7 @@
 <ruleset name="Blue Jeans Cable.com">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="bluejeanscable.com" />
 	<target host="www.bluejeanscable.com" />
 
@@ -7,7 +9,7 @@
 	<securecookie host="^www\.bluejeanscable\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?bluejeanscable\.com/"
-		to="https://$1bluejeanscable.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Blue_Man_Ticketing.xml b/src/chrome/content/rules/Blue_Man_Ticketing.xml
deleted file mode 100644
index 4d5cbe702e34..000000000000
--- a/src/chrome/content/rules/Blue_Man_Ticketing.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	!www: mismatched
-
-
-	Some pages redirect to http.
-
--->
-<ruleset name="Blue Man Ticketing (partial)">
-
-	<target host="bluemanticketing.com" />
-	<target host="www.bluemanticketing.com" />
-
-
-	<rule from="^https?://(?:www\.)?bluemanticketing\.com/(buy/|get-show-dates/|myticketbooth/themes/)"
-		to="https://www.bluemanticketing.com/$1" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Blue_Mountain.xml b/src/chrome/content/rules/Blue_Mountain.xml
index 7961efa10e4a..c69b8ba6c277 100644
--- a/src/chrome/content/rules/Blue_Mountain.xml
+++ b/src/chrome/content/rules/Blue_Mountain.xml
@@ -4,16 +4,24 @@
 		- ^	(refused)
 
 -->
-<ruleset name="Blue Mountain">
+<ruleset name="Blue Mountain.com">
 
+	<!--	Direct rewrites:
+				-->
+	<target host="www.bluemountain.com" />
+
+	<!--	Complications:
+				-->
 	<target host="bluemountain.com" />
-	<target host="*.bluemountain.com" />
 
 
 	<securecookie host="^\.bluemountain\.com$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?bluemountain\.com/"
+	<rule from="^http://bluemountain\.com/"
 		to="https://www.bluemountain.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Blue_Origin.com.xml b/src/chrome/content/rules/Blue_Origin.com.xml
new file mode 100644
index 000000000000..a62fa61ed12b
--- /dev/null
+++ b/src/chrome/content/rules/Blue_Origin.com.xml
@@ -0,0 +1,27 @@
+<!--
+	Insecure cookies are set for these domains and hosts:
+
+		- .blueorigin.com
+		- www.blueorigin.com
+
+-->
+<ruleset name="Blue Origin.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="blueorigin.com" />
+	<target host="www.blueorigin.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.blueorigin\.com$" name="^(__cfduid|cf_clearance)$" /-->
+	<!--securecookie host="^www\.blueorigin\.com$" name="^exp_(?:csrf_token|last_activity|last_visit|tracker)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Blue_State_Digital.xml b/src/chrome/content/rules/Blue_State_Digital.xml
index 1b900a8a1e0e..956276c0cdcf 100644
--- a/src/chrome/content/rules/Blue_State_Digital.xml
+++ b/src/chrome/content/rules/Blue_State_Digital.xml
@@ -3,18 +3,42 @@
 
 		- BSD.net.xml
 
+
+	Problematic subdomains:
+
+		- tools *
+
+	* Works; mismatched, CN: *.a.ssl.fastly.net
+
+
+	Mixed content:
+
+		- Images on tools and www from www *
+
+	* Secured by us
+
 -->
-<ruleset name="Blue State Digital">
+<ruleset name="Blue State Digital.com (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="bluestatedigital.com" />
-	<target host="*.bluestatedigital.com" />
-	<target host="*.www.bluestatedigital.com" />
+	<target host="www.bluestatedigital.com" />
+
+		<!--exclusion pattern="http://tools\.bluestatedigital\.com/" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^tools\.bluestatedigital\.com$" name="^(exp_cp_last_site_id|exp_last_activity|exp_last_visit|exp_tracker)" /-->
+	<!--securecookie host="^.tools\.bluestatedigital\.com$" name="^X-CheckNode$" /-->
+	<!--securecookie host="^www\.bluestatedigital\.com$" name="^(exp_cp_last_site_id|exp_last_activity|exp_last_visit|exp_tracker)" /-->
 
 
-	<securecookie host="^\.(?:www\.)?bluestatedigital\.com$" name=".+" />
+	<securecookie host="^(?:\.|\.?www\.)?bluestatedigital\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?bluestatedigital\.com/"
-		to="https://$1bluestatedigital.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Bluebird.com.xml b/src/chrome/content/rules/Bluebird.com.xml
new file mode 100644
index 000000000000..01f57c6b4a0e
--- /dev/null
+++ b/src/chrome/content/rules/Bluebird.com.xml
@@ -0,0 +1,23 @@
+<!--
+	For other American Express coverage, see AmericanExpress.xml.
+
+
+	Fully covered subdomains:
+
+		- (www.)?
+		- secure
+
+-->
+<ruleset name="Bluebird.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="bluebird.com" />
+	<target host="secure.bluebird.com" />
+	<target host="www.bluebird.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bluechip.xml b/src/chrome/content/rules/Bluechip.xml
index 5eee32630aef..8d373a80f659 100644
--- a/src/chrome/content/rules/Bluechip.xml
+++ b/src/chrome/content/rules/Bluechip.xml
@@ -1,6 +1,12 @@
-<ruleset name="Bluechip (mixedcontent)">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.bluechip.hu/ => https://www.bluechip.hu/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+-->
+<ruleset name="Bluechip (mixedcontent)" default_off="failed ruleset test">
 	<!-- Cert: www.bluechip.hu -->
 	<target host="www.bluechip.hu" />
 
-	<rule from="^http://www\.bluechip\.hu/" to="https://www.bluechip.hu/" />
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Bluefly.xml b/src/chrome/content/rules/Bluefly.xml
deleted file mode 100644
index 54de22d30c7c..000000000000
--- a/src/chrome/content/rules/Bluefly.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	Problematic subdomains:
-
-		- cdn.media	(404)
-
--->
-<ruleset name="Bluefly (partial)">
-
-	<target host="*.bluefly.com" />
-
-
-	<rule from="^https?://(?:cdn\.)?media\.bluefly\.com/"
-		to="https://media.bluefly.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Bluehost-CDN.com.xml b/src/chrome/content/rules/Bluehost-CDN.com.xml
new file mode 100644
index 000000000000..d226e3011bb2
--- /dev/null
+++ b/src/chrome/content/rules/Bluehost-CDN.com.xml
@@ -0,0 +1,14 @@
+<!--
+	For other Bluehost coverage, see Bluehost.xml.
+
+	Invalid Certificate:
+		cf.bluehost-cdn.com
+-->
+<ruleset name="Bluehost-CDN.com" >
+	<target host="bluehost-cdn.com" />
+	<target host="www.bluehost-cdn.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Bluehost.xml b/src/chrome/content/rules/Bluehost.xml
index c888f781a8b8..a9ffc8dcbf32 100644
--- a/src/chrome/content/rules/Bluehost.xml
+++ b/src/chrome/content/rules/Bluehost.xml
@@ -1,27 +1,55 @@
 <!--
-	Fully covered subdomains:
-
-		- img *
-
-	* Server is configured for rc4 only.
-
+	Other Bluehost rulesets:
+
+		- Bluehost-CDN.com.xml
+
+	Redirect:
+		- cn
+		- in
+
+	Mismatch:
+		- blog.br
+		- ru
+		- kb.ru
+	Timeout:
+		- forum
+		- forums
+		- (www.)bluehostforum.com
 -->
-<ruleset name="BlueHost">
+<ruleset name="BlueHost.com">
 
 	<target host="bluehost.com" />
+	<!--	* for box\d+ -->
 	<target host="*.bluehost.com" />
 
+	<test url="http://helpdesk.bluehost.com/" />
+	<test url="http://login.bluehost.com/" />
+	<test url="http://br.bluehost.com/" />
+	<test url="http://cloud.bluehost.com/" />
+	<test url="http://my.bluehost.com/" />
+	<test url="http://secure.bluehost.com/" />
+	<test url="http://tutorials.bluehost.com/" />
+	<test url="http://serverstatus.bluehost.com/" />
+	<test url="http://www.bluehost.com/" />
+	<test url="http://my.bluehost.com/hosting/help" />
+	<test url="http://my.bluehost.com/web-hosting/cplogin" />
+	<!-- random box\d+ urls -->
+	<test url="http://box357.bluehost.com/" />
+	<test url="http://box680.bluehost.com/" />
+	<test url="http://box936.bluehost.com/" />
+	<test url="http://box1091.bluehost.com/" />
+
 
 	<securecookie host="^(?:www)?\.bluehost\.com$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?bluehost\.com/"
-		to="https://www.bluehost.com/" />
+	<rule from="^http://serverstatus\.bluehost\.com/$"
+		to="https://www.bluehost.com/cgi/serverstatus/" />
 
-	<rule from="^http://(box\d+|helpdesk|img|secure|tutorials)\.bluehost\.com/"
+	<rule from="^http://(www|box\d+|br|helpdesk|cloud|login|my|secure|tutorials)\.bluehost\.com/"
 		to="https://$1.bluehost.com/" />
 
-	<rule from="^http://serverstatus\.bluehost\.com/$"
-		to="https://www.bluehost.com/cgi/serverstatus/" />
+	<rule from="^http://bluehost\.com/"
+		to="https://bluehost.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Bluehosting.pl.xml b/src/chrome/content/rules/Bluehosting.pl.xml
index ee153569fd6b..1e16c52787fe 100644
--- a/src/chrome/content/rules/Bluehosting.pl.xml
+++ b/src/chrome/content/rules/Bluehosting.pl.xml
@@ -16,4 +16,4 @@
 	<rule from="^http://([\w-]+\.)?bho\.pl/"
 		to="https://$1bho.pl/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Bluemix.net.xml b/src/chrome/content/rules/Bluemix.net.xml
new file mode 100644
index 000000000000..75486ce936bd
--- /dev/null
+++ b/src/chrome/content/rules/Bluemix.net.xml
@@ -0,0 +1,19 @@
+<!--
+	For other IBM coverage, see IBM.xml.
+
+-->
+<ruleset name="Bluemix.net">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="bluemix.net" />
+	<target host="*.ng.bluemix.net" />
+	<target host="www.bluemix.net" />
+
+		<test url="http://console.ng.bluemix.net/" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bluemle-neubrunn.de.xml b/src/chrome/content/rules/Bluemle-neubrunn.de.xml
new file mode 100644
index 000000000000..cf9141220d9a
--- /dev/null
+++ b/src/chrome/content/rules/Bluemle-neubrunn.de.xml
@@ -0,0 +1,15 @@
+<!--
+	Nonfunctional hosts in *.bluemle-neubrunn.de:
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Bluemle-neubrunn.de">
+	<target host="bluemle-neubrunn.de" />
+	<target host="www.bluemle-neubrunn.de" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Bluenote.io.xml b/src/chrome/content/rules/Bluenote.io.xml
new file mode 100644
index 000000000000..a94dd86bd1f7
--- /dev/null
+++ b/src/chrome/content/rules/Bluenote.io.xml
@@ -0,0 +1,12 @@
+<ruleset name="Bluenote.io">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="bluenote.io" />
+	<target host="www.bluenote.io" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bluerazor.com.xml b/src/chrome/content/rules/Bluerazor.com.xml
new file mode 100644
index 000000000000..bd2aff26b1a3
--- /dev/null
+++ b/src/chrome/content/rules/Bluerazor.com.xml
@@ -0,0 +1,10 @@
+<!--
+	Expired certificate:
+		- help.bluerazor.com
+-->
+
+<ruleset name="Bluerazor.com">
+	<target host="bluerazor.com" />
+	<target host="www.bluerazor.com" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Blueseed.co.xml b/src/chrome/content/rules/Blueseed.co.xml
deleted file mode 100644
index 98f08681fe31..000000000000
--- a/src/chrome/content/rules/Blueseed.co.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!-- This rule was automatically generated based on an HSTS
-     preload rule in the Chromium browser.  See
-     https://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.h
-     for the list of preloads.  Sites are added to the Chromium HSTS
-     preload list on request from their administrators, so HTTPS should
-     work properly everywhere on this site.
-
-     Because Chromium and derived browsers automatically force HTTPS for
-     every access to this site, this rule applies only to Firefox. -->
-<ruleset name="Blueseed.co" platform="firefox">
-<target host="blueseed.co" />
-
-<securecookie host="^blueseed\.co$" name=".+" />
-
-<rule from="^http://blueseed\.co/" to="https://blueseed.co/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Bluesnews.com.xml b/src/chrome/content/rules/Bluesnews.com.xml
new file mode 100644
index 000000000000..e17bdbfd5dc8
--- /dev/null
+++ b/src/chrome/content/rules/Bluesnews.com.xml
@@ -0,0 +1,15 @@
+<!--
+	Nonfunctional hosts in *.bluesnews.com
+
+	m: certificate mismatch
+	    pda.bluesnews.com
+	    wap.bluesnews.com
+-->
+<ruleset name="Bluesnews">
+
+	<target host="bluesnews.com" />
+	<target host="www.bluesnews.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Blueturn.earth.xml b/src/chrome/content/rules/Blueturn.earth.xml
new file mode 100644
index 000000000000..a9e1f19ab6ea
--- /dev/null
+++ b/src/chrome/content/rules/Blueturn.earth.xml
@@ -0,0 +1,18 @@
+<!--
+	Invalid certificate:
+		www.blueturn.earth
+
+-->
+<ruleset name="BlueTurn.Earth">
+
+	<target host="blueturn.earth" />
+	<target host="www.blueturn.earth" />
+	<target host="app.blueturn.earth" />
+
+	<rule from="^http://www\.blueturn\.earth/"
+		to="https://blueturn.earth/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bluewin-HostCenter.xml b/src/chrome/content/rules/Bluewin-HostCenter.xml
index 4fa73691b795..b353c0c919c9 100644
--- a/src/chrome/content/rules/Bluewin-HostCenter.xml
+++ b/src/chrome/content/rules/Bluewin-HostCenter.xml
@@ -1,14 +1,23 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://hostcenter.com/ => https://hostcenter.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.hostcenter.com/ => https://www.hostcenter.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	Bluewin HostCenter
+
 	For other Swisscom coverage, see Swisscom.ch.xml.
 
 -->
-<ruleset name="Bluewin HostCenter">
+<ruleset name="HostCenter.com" default_off="failed ruleset test">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="hostcenter.com" />
 	<target host="www.hostcenter.com" />
 
 
-	<rule from="^http://(www\.)?hostcenter\.com/"
-		to="https://$1hostcenter.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Bluewin.ch.xml b/src/chrome/content/rules/Bluewin.ch.xml
index 3d7c5cf8f6f9..389aac5be0b1 100644
--- a/src/chrome/content/rules/Bluewin.ch.xml
+++ b/src/chrome/content/rules/Bluewin.ch.xml
@@ -1,4 +1,10 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://pres.sso.bluewin.ch/ => https://pres.sso.bluewin.ch/: (6, 'Could not resolve host: pres.sso.bluewin.ch')
+Fetch error: http://www.sso.bluewin.ch/ => https://www.sso.bluewin.ch/: (6, 'Could not resolve host: www.sso.bluewin.ch')
+Fetch error: http://xtrazone.sso.bluewin.ch/ => https://xtrazone.sso.bluewin.ch/: (6, 'Could not resolve host: xtrazone.sso.bluewin.ch')
+
 	For other Swisscom coverage, see Swisscom.ch.xml.
 
 
@@ -22,25 +28,37 @@
 			- sam
 			- www
 			- xtrazone
+			- rich
 
 -->
-<ruleset name="Bluewin.ch (partial)">
+<ruleset name="Bluewin.ch (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="pres.sso.bluewin.ch" />
+	<target host="sam.sso.bluewin.ch" />
+	<target host="www.sso.bluewin.ch" />
+	<target host="xtrazone.sso.bluewin.ch" />
+
+	<target host="www.bluewin.ch" />
 
+	<!--	Complications:
+				-->
 	<target host="bluewin.ch" />
-	<target host="*.bluewin.ch" />
+
 	<target host="bluewin.wemfbox.ch" />
 
 
-	<securecookie host="^(?:(?:xtrazone|pres|sam)\.sso|www)\.bluewin\.ch$" name=".+" />
+	<securecookie host="^(?:(?:xtrazone|pres|sam|rich)\.sso|www)\.bluewin\.ch$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?bluewin\.ch/"
+	<rule from="^http://bluewin\.ch/"
 		to="https://www.bluewin.ch/" />
 
-	<rule from="^http://(pres|sam|www|xtrazone)\.sso\.bluewin\.ch/"
-		to="https://$1.sso.bluewin.ch/" />
-
 	<rule from="^http://bluewin\.wemfbox\.ch/"
 		to="https://blue-ssl.wemfbox.ch/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Blumenthals.xml b/src/chrome/content/rules/Blumenthals.xml
index 94086c448501..7aeee3c6fc7e 100644
--- a/src/chrome/content/rules/Blumenthals.xml
+++ b/src/chrome/content/rules/Blumenthals.xml
@@ -7,7 +7,6 @@
 	<securecookie host="^blumenthals\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?blumenthals\.com/"
-		to="https://$1blumenthals.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Blutmagie.de.xml b/src/chrome/content/rules/Blutmagie.de.xml
index 9c30cdf46b58..4386dc9318a4 100644
--- a/src/chrome/content/rules/Blutmagie.de.xml
+++ b/src/chrome/content/rules/Blutmagie.de.xml
@@ -32,4 +32,4 @@
 	<rule from="^http://torstatus\.blutmagie\.de/"
 		to="https://torstatus.blutmagie.de/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Bm.ru.xml b/src/chrome/content/rules/Bm.ru.xml
new file mode 100644
index 000000000000..0311ea07c09d
--- /dev/null
+++ b/src/chrome/content/rules/Bm.ru.xml
@@ -0,0 +1,28 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+		- as2test.bm.ru
+
+		SSL peer certificate was not OK:
+		- www.mos-broker.bm.ru
+		- realestate.bm.ru
+		- soccard.bm.ru
+
+		Peer certificate cannot be authenticated with given CA certificates:
+		- hce.bm.ru
+-->
+<ruleset name="bm.ru">
+	<target host="bm.ru" />
+	<target host="www.bm.ru" />
+	<target host="anketa.bm.ru" />
+	<target host="anketa-ipoteka.bm.ru" />
+	<target host="blagodarim.bm.ru" />
+	<target host="bmmobile.bm.ru" />
+	<target host="m.bm.ru" />
+	<target host="mobile.bm.ru" />
+	<target host="online.bm.ru" />
+	<target host="partner.bm.ru" />
+	<target host="ssl.bm.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Bmibaby.com.xml b/src/chrome/content/rules/Bmibaby.com.xml
deleted file mode 100644
index f8201ca69ef8..000000000000
--- a/src/chrome/content/rules/Bmibaby.com.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="Bmibaby.com">
-  <target host="www.bmibaby.com" />
-
-  <rule from="^http://www\.bmibaby\.com/"
-          to="https://www.bmibaby.com/" />
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Bmmetrix.com.xml b/src/chrome/content/rules/Bmmetrix.com.xml
index 96835a1ed8c6..99af0437230a 100644
--- a/src/chrome/content/rules/Bmmetrix.com.xml
+++ b/src/chrome/content/rules/Bmmetrix.com.xml
@@ -30,16 +30,17 @@
 <ruleset name="Bmmetrix.com (partial)">
 
 	<target host="bmmetrix.com" />
-	<target host="*.bmmetrix.com" />
+	<target host="ie-stat.bmmetrix.com" />
+	<target host="t.bmmetrix.com" />
+	<target host="www.bmmetrix.com" />
 
 
 	<securecookie host=".+\.bmmetrix\.com$" name=".+" />
 
 
-	<rule from="^http://(ie-stat|t)\.bmmetrix\.com/"
-		to="https://$1.bmmetrix.com/" />
 
 	<rule from="^http://(?:www\.)?bmmetrix\.com/"
 		to="https://www.bmmetrix.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Bn-MCLP.org.xml b/src/chrome/content/rules/Bn-MCLP.org.xml
index d4242c00ddf2..98dbacda5c97 100644
--- a/src/chrome/content/rules/Bn-MCLP.org.xml
+++ b/src/chrome/content/rules/Bn-MCLP.org.xml
@@ -9,10 +9,10 @@
 -->
 <ruleset name="bn-MCLP.org (partial)">
 
-	<target host="*.bn-mclp.org" />
+	<target host="insight.bn-mclp.org" />
+	<target host="www.insight.bn-mclp.org" />
 
 
-	<rule from="^http://(www\.)?insight\.bn-mclp\.org/"
-		to="https://$1insight.bn-mclp.org/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Bnc4free.com-falsemixed.xml b/src/chrome/content/rules/Bnc4free.com-falsemixed.xml
new file mode 100644
index 000000000000..9ae1604b1a26
--- /dev/null
+++ b/src/chrome/content/rules/Bnc4free.com-falsemixed.xml
@@ -0,0 +1,19 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://wiki.bnc4free.com/ => https://wiki.bnc4free.com/: (28, 'Connection timed out after 20000 milliseconds')
+
+	For rules not causing false/broken MCB, see Bnc4free.com.xml.
+
+-->
+<ruleset name="bnc4free.com (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="wiki.bnc4free.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bnc4free.com.xml b/src/chrome/content/rules/Bnc4free.com.xml
new file mode 100644
index 000000000000..e099b88c5e77
--- /dev/null
+++ b/src/chrome/content/rules/Bnc4free.com.xml
@@ -0,0 +1,42 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://bnc4free.com/ => https://bnc4free.com/: (35, 'error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol')
+Fetch error: http://cdn.bnc4free.com/ => https://cdn.bnc4free.com/: (6, 'Could not resolve host: cdn.bnc4free.com')
+Fetch error: http://panel.bnc4free.com/ => https://panel.bnc4free.com/: (6, 'Could not resolve host: panel.bnc4free.com')
+Fetch error: http://status.bnc4free.com/ => https://status.bnc4free.com/: (6, 'Could not resolve host: status.bnc4free.com')
+Fetch error: http://www.bnc4free.com/ => https://www.bnc4free.com/: (35, 'error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol')
+
+	For rules causing false/broken MCB, see Bnc4free.com-falsemixed.xml.
+
+
+	Problematic hosts in *bnc4free.com:
+
+		- wiki *
+
+	* Mixed css
+
+
+	Mixed content:
+
+		- css on wiki from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="bnc4free.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="bnc4free.com" />
+	<target host="cdn.bnc4free.com" />
+	<target host="panel.bnc4free.com" />
+	<target host="status.bnc4free.com" />
+	<!--target host="wiki.bnc4free.com" /-->
+	<target host="www.bnc4free.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bnotk.de.xml b/src/chrome/content/rules/Bnotk.de.xml
new file mode 100644
index 000000000000..dce03bf7acb5
--- /dev/null
+++ b/src/chrome/content/rules/Bnotk.de.xml
@@ -0,0 +1,86 @@
+<!--
+	Invalid certificate:
+		- bnotk.de
+		- www.bea.bnotk.de
+		- ben-onlinehilfe.bnotk.de
+		- ben-onlinehilfe-beteiligter.bnotk.de
+		- bensbk-onlinehilfe.bnotk.de
+		- bensbk-onlinehilfe-beteiligter.bnotk.de
+		- fax.bnotk.de
+		- sbk-onlinehilfe.bnotk.de
+		- sbk-onlinehilfe-beteiligter.bnotk.de
+		- zertifikatetest.bnotk.de
+		- zs.bnotk.de
+
+	Non-2xx HTTP code:
+		- nvdemo.bnotk.de
+
+	Refused:
+		- dnotitest.bnotk.de
+		- ena.bnotk.de
+		- enatest.bnotk.de
+		- intern.bnotk.de
+		- portal.bnotk.de
+		- um.bnotk.de
+		- wcms.bnotk.de
+		- webservice.bnotk.de
+		- xkrdemo.bnotk.de
+
+	Timeout:
+		- www.artifactorytest.bnotk.de
+		- eisothuo.bnotk.de
+		- groupware.bnotk.de
+		- groupwaretest.bnotk.de
+		- smtp-bulk.bnotk.de
+		- vpn.bnotk.de
+		- vpn-itp.bnotk.de
+		- web-04.bnotk.de
+		- zm-mb3.bnotk.de
+		- zm-prx1.bnotk.de
+		- zm-prx2.bnotk.de
+		- ratest.za.bnotk.de
+		- tesstest.za.bnotk.de
+-->
+<ruleset name="Bnotk.de">
+	<!-- German Civil Law Notaries -->
+
+	<target host="www.bnotk.de" />
+	<target host="anwenderinfo.bnotk.de" />
+	<target host="bea.bnotk.de" />
+	<target host="beatest.bnotk.de" />
+	<target host="ben.bnotk.de" />
+	<target host="cdn.bnotk.de" />
+	<target host="cert.bnotk.de" />
+	<target host="egvp.bnotk.de" />
+	<target host="eidtest.bnotk.de" />
+	<target host="epnetztest.bnotk.de" />
+	<target host="esb.bnotk.de" />
+	<target host="esbtest.bnotk.de" />
+	<target host="mail.bnotk.de" />
+	<target host="mailing.bnotk.de" />
+	<target host="mailnetztest.bnotk.de" />
+	<target host="nctest.bnotk.de" />
+	<target host="notarmail.bnotk.de" />
+	<target host="ocsp.bnotk.de" />
+	<target host="onlinehilfe.bnotk.de" />
+	<target host="progov-osci.bnotk.de" />
+	<target host="sbk.bnotk.de" />
+	<target host="sdv.bnotk.de" />
+	<target host="secure.bnotk.de" />
+	<target host="servicedesk.bnotk.de" />
+	<target host="statistics.bnotk.de" />
+	<target host="umfrage.bnotk.de" />
+	<target host="urkundenarchiv.bnotk.de" />
+	<target host="vas.bnotk.de" />
+	<target host="wartungsarbeiten.bnotk.de" />
+	<target host="wcms-preview.bnotk.de" />
+	<target host="webmail.bnotk.de" />
+	<target host="webservicetest.bnotk.de" />
+	<target host="zertifizierungsstelle.bnotk.de" />
+	<target host="ocsp.zs.bnotk.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BoCA.gov.tw.xml b/src/chrome/content/rules/BoCA.gov.tw.xml
new file mode 100644
index 000000000000..00b5a782c6a2
--- /dev/null
+++ b/src/chrome/content/rules/BoCA.gov.tw.xml
@@ -0,0 +1,26 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://boca.gov.tw/ => https://www.boca.gov.tw/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.boca.gov.tw/ => https://www.boca.gov.tw/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	^: Mismatched
+
+-->
+<ruleset name="BoCA.gov.tw" default_off="failed ruleset test">
+
+	<target host="boca.gov.tw" />
+	<target host="www.boca.gov.tw" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.boca\.gov\.tw$" name="^TS[\da-f]{6}$" /-->
+
+	<securecookie host="^www\.boca\.gov\.tw$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?boca\.gov\.tw/"
+		to="https://www.boca.gov.tw/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Board-Game-Arena.xml b/src/chrome/content/rules/Board-Game-Arena.xml
new file mode 100644
index 000000000000..919789472ceb
--- /dev/null
+++ b/src/chrome/content/rules/Board-Game-Arena.xml
@@ -0,0 +1,130 @@
+<!--
+	Mismatch:
+		boardgamearena.net
+		www.boardgamearena.net
+
+	Refused:
+		comet.boardgamearena.net
+
+	Timeout:
+		(.+)?doc.boardgamearena.com , example: en.doc.boardgamearena.com
+		(.+)?studio.boardgamearena.com , example: en.studio.boardgamearena.com
+-->
+
+<ruleset name="Board Game Arena">
+	<target host="boardgamearena.com"/>
+	<target host="www.boardgamearena.com"/>
+	<target host="3.boardgamearena.com"/>
+	<target host="bg.3.boardgamearena.com"/>
+	<target host="ca.3.boardgamearena.com"/>
+	<target host="cs.3.boardgamearena.com"/>
+	<target host="da.3.boardgamearena.com"/>
+	<target host="de.3.boardgamearena.com"/>
+	<target host="el.3.boardgamearena.com"/>
+	<target host="en.3.boardgamearena.com"/>
+	<target host="es.3.boardgamearena.com"/>
+	<target host="et.3.boardgamearena.com"/>
+	<target host="fi.3.boardgamearena.com"/>
+	<target host="fr.3.boardgamearena.com"/>
+	<target host="he.3.boardgamearena.com"/>
+	<target host="hr.3.boardgamearena.com"/>
+	<target host="hu.3.boardgamearena.com"/>
+	<target host="id.3.boardgamearena.com"/>
+	<target host="it.3.boardgamearena.com"/>
+	<target host="ja.3.boardgamearena.com"/>
+	<target host="ko.3.boardgamearena.com"/>
+	<target host="lt.3.boardgamearena.com"/>
+	<target host="lv.3.boardgamearena.com"/>
+	<target host="ms.3.boardgamearena.com"/>
+	<target host="nb.3.boardgamearena.com"/>
+	<target host="nl.3.boardgamearena.com"/>
+	<target host="no.3.boardgamearena.com"/>
+	<target host="pl.3.boardgamearena.com"/>
+	<target host="pt.3.boardgamearena.com"/>
+	<target host="ro.3.boardgamearena.com"/>
+	<target host="ru.3.boardgamearena.com"/>
+	<target host="sk.3.boardgamearena.com"/>
+	<target host="sl.3.boardgamearena.com"/>
+	<target host="sv.3.boardgamearena.com"/>
+	<target host="uk.3.boardgamearena.com"/>
+	<target host="zh-cn.3.boardgamearena.com"/>
+	<target host="zh.3.boardgamearena.com"/>
+	<target host="4.boardgamearena.com"/>
+	<target host="bg.4.boardgamearena.com"/>
+	<target host="ca.4.boardgamearena.com"/>
+	<target host="cs.4.boardgamearena.com"/>
+	<target host="da.4.boardgamearena.com"/>
+	<target host="de.4.boardgamearena.com"/>
+	<target host="el.4.boardgamearena.com"/>
+	<target host="en.4.boardgamearena.com"/>
+	<target host="es.4.boardgamearena.com"/>
+	<target host="et.4.boardgamearena.com"/>
+	<target host="fi.4.boardgamearena.com"/>
+	<target host="fr.4.boardgamearena.com"/>
+	<target host="he.4.boardgamearena.com"/>
+	<target host="hr.4.boardgamearena.com"/>
+	<target host="hu.4.boardgamearena.com"/>
+	<target host="id.4.boardgamearena.com"/>
+	<target host="it.4.boardgamearena.com"/>
+	<target host="ja.4.boardgamearena.com"/>
+	<target host="ko.4.boardgamearena.com"/>
+	<target host="lt.4.boardgamearena.com"/>
+	<target host="lv.4.boardgamearena.com"/>
+	<target host="ms.4.boardgamearena.com"/>
+	<target host="nb.4.boardgamearena.com"/>
+	<target host="nl.4.boardgamearena.com"/>
+	<target host="no.4.boardgamearena.com"/>
+	<target host="pl.4.boardgamearena.com"/>
+	<target host="pt.4.boardgamearena.com"/>
+	<target host="ro.4.boardgamearena.com"/>
+	<target host="ru.4.boardgamearena.com"/>
+	<target host="sk.4.boardgamearena.com"/>
+	<target host="sl.4.boardgamearena.com"/>
+	<target host="sv.4.boardgamearena.com"/>
+	<target host="uk.4.boardgamearena.com"/>
+	<target host="zh-cn.4.boardgamearena.com"/>
+	<target host="zh.4.boardgamearena.com"/>
+	<target host="bg.boardgamearena.com"/>
+	<target host="ca.boardgamearena.com"/>
+	<target host="cs.boardgamearena.com"/>
+	<target host="da.boardgamearena.com"/>
+	<target host="de.boardgamearena.com"/>
+	<target host="el.boardgamearena.com"/>
+	<target host="en.boardgamearena.com"/>
+	<target host="es.boardgamearena.com"/>
+	<target host="et.boardgamearena.com"/>
+	<target host="fi.boardgamearena.com"/>
+	<target host="fr.boardgamearena.com"/>
+	<target host="he.boardgamearena.com"/>
+	<target host="hr.boardgamearena.com"/>
+	<target host="hu.boardgamearena.com"/>
+	<target host="id.boardgamearena.com"/>
+	<target host="it.boardgamearena.com"/>
+	<target host="ja.boardgamearena.com"/>
+	<target host="ko.boardgamearena.com"/>
+	<target host="lt.boardgamearena.com"/>
+	<target host="lv.boardgamearena.com"/>
+	<target host="ms.boardgamearena.com"/>
+	<target host="nb.boardgamearena.com"/>
+	<target host="nl.boardgamearena.com"/>
+	<target host="no.boardgamearena.com"/>
+	<target host="pl.boardgamearena.com"/>
+	<target host="pt.boardgamearena.com"/>
+	<target host="ro.boardgamearena.com"/>
+	<target host="ru.boardgamearena.com"/>
+	<target host="sk.boardgamearena.com"/>
+	<target host="sl.boardgamearena.com"/>
+	<target host="sv.boardgamearena.com"/>
+	<target host="uk.boardgamearena.com"/>
+	<target host="zh-cn.boardgamearena.com"/>
+	<target host="zh.boardgamearena.com"/>
+	<target host="forum.boardgamearena.com"/>
+	<target host="c.boardgamearena.net"/>
+	<target host="cdn.boardgamearena.net"/>
+	<target host="static.boardgamearena.net"/>
+	<target host="x.boardgamearena.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/BoardGameGeek.com.xml b/src/chrome/content/rules/BoardGameGeek.com.xml
new file mode 100644
index 000000000000..f7a9d649553f
--- /dev/null
+++ b/src/chrome/content/rules/BoardGameGeek.com.xml
@@ -0,0 +1,16 @@
+<!--
+	Other BoardGameGeek rulesets:
+
+		- Geekdo-static.com.xml
+		- VideoGameGeek.com.xml
+		- RPGGeek.com.xml
+-->
+<ruleset name="BoardGameGeek.com">
+	<target host="boardgamegeek.com" />
+	<target host="www.boardgamegeek.com" />
+
+	<securecookie host="^(\.|www\.)?boardgamegeek\.com$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/BoardZoo.com.xml b/src/chrome/content/rules/BoardZoo.com.xml
new file mode 100644
index 000000000000..7839d357041f
--- /dev/null
+++ b/src/chrome/content/rules/BoardZoo.com.xml
@@ -0,0 +1,19 @@
+<!--
+	Mixed content:
+
+		- css from fonts.googleapis.com *
+
+		- Images from ^ *
+
+	* Secured by us
+
+-->
+<ruleset name="BoardZoo.com">
+
+	<target host="boardzoo.com" />
+	<target host="www.boardzoo.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Boards.ie.xml b/src/chrome/content/rules/Boards.ie.xml
deleted file mode 100644
index 84539d079998..000000000000
--- a/src/chrome/content/rules/Boards.ie.xml
+++ /dev/null
@@ -1,33 +0,0 @@
-<!--
-	Problematic domains:
-
-		- b-static.net	(mismatched, CN: *.boards.ie)
-
-
-	Fully covered domains:
-
-		- b-static subdomains:
-
-			- ^		(→ c0)
-			- avatar
-			- c0
-
--->
-<ruleset name="Boards.ie (broken)" default_off="reported broken">
-
-	<target host="boards.ie" />
-	<target host="*.boards.ie" />
-	<target host="b-static.net" />
-	<target host="*.b-static.net" />
-
-
-	<rule from="^http://([^/:@\.]+\.)?boards\.ie/"
-		to="https://$1boards.ie/" />
-
-	<rule from="^http://b-static\.net/"
-		to="https://c0.b-static.net/" />
-
-	<rule from="^http://(avatar|c0)\.b-static\.net/"
-		to="https://$1.b-static.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Boathouse_Crew_Shop.xml b/src/chrome/content/rules/Boathouse_Crew_Shop.xml
index ad6a619b8331..2e66c63ea8ce 100644
--- a/src/chrome/content/rules/Boathouse_Crew_Shop.xml
+++ b/src/chrome/content/rules/Boathouse_Crew_Shop.xml
@@ -1,17 +1,21 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://boathousecrewshop.com/ => https://boathousecrewshop.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.boathousecrewshop.com/ => https://www.boathousecrewshop.com/: (28, 'Connection timed out after 20000 milliseconds')
+
 	Mixed images from photobucket
 
 -->
-<ruleset name="Boathouse Crew Shop">
+<ruleset name="Boathouse Crew Shop" default_off="failed ruleset test">
 
 	<target host="boathousecrewshop.com" />
-	<target host="*.boathousecrewshop.com" />
+	<target host="www.boathousecrewshop.com" />
 
 
 	<securecookie host="^\.www\.boathousecrewshop\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?boathousecrewshop\.com/"
-		to="https://$1boathousecrewshop.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Bob131.so.xml b/src/chrome/content/rules/Bob131.so.xml
new file mode 100644
index 000000000000..8ee98e25bea0
--- /dev/null
+++ b/src/chrome/content/rules/Bob131.so.xml
@@ -0,0 +1,17 @@
+<ruleset name="Bob131.so">
+	<target host="bob131.so" />
+	<target host="www.bob131.so" />
+	<!-- mismatched:
+		static.bob131.so
+		blog.bob131.so
+	-->
+
+	<!--
+		SSL: no alternative certificate subject name matches target host name 'www.bob131.so'
+	-->
+	<rule from="^http://www\.bob131\.so/"
+			to="https://bob131.so/" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Boba_Family.xml b/src/chrome/content/rules/Boba_Family.xml
index 883216a8dccc..b0ffced0e93d 100644
--- a/src/chrome/content/rules/Boba_Family.xml
+++ b/src/chrome/content/rules/Boba_Family.xml
@@ -1,14 +1,23 @@
-<ruleset name="Boba Family">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://bobafamily.com/ => https://bobafamily.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://store.bobafamily.com/ => https://store.bobafamily.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.bobafamily.com/ => https://www.bobafamily.com/: (28, 'Connection timed out after 20002 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://bobafamily.com/ => https://bobafamily.com/: (51, "SSL: no alternative certificate subject name matches target host name 'bobafamily.com'")
+-->
+<ruleset name="Boba Family" default_off="failed ruleset test">
 
 	<target host="bobafamily.com" />
-	<target host="*.bobafamily.com" />
-	<target host="*.store.bobafamily.com" />
+	<target host="store.bobafamily.com" />
+	<target host="www.bobafamily.com" />
 
 
-	<securecookie host="^(?:.*\.)?bobafamily\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(store\.|www\.)?bobafamily\.com/"
-		to="https://$1bobafamily.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Bobcares.com.xml b/src/chrome/content/rules/Bobcares.com.xml
index 0bd5036314d0..d88c1b0d42d0 100644
--- a/src/chrome/content/rules/Bobcares.com.xml
+++ b/src/chrome/content/rules/Bobcares.com.xml
@@ -1,13 +1,35 @@
-<ruleset name="Bobcares.com">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://installations.bobcares.com/ => https://installations.bobcares.com/: (28, 'Connection timed out after 20006 milliseconds')
+Fetch error: http://portal.bobcares.com/ => https://portal.bobcares.com/: (6, 'Could not resolve host: portal.bobcares.com')
+
+	Problematic hosts in *bobcares.com:
+
+		- phone ᵉ
+
+	ᵉ Expired 2014
+
+
+	Mixed content:
+
+		- Images on ^ from $self ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="Bobcares.com (partial)" default_off="failed ruleset test">
 
 	<target host="bobcares.com" />
-	<target host="*.bobcares.com" />
+	<target host="installations.bobcares.com" />
+	<target host="portal.bobcares.com" />
+	<target host="www.bobcares.com" />
 
 
-	<securecookie host="^\.bobcares\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(www\.)?bobcares\.com/"
-		to="https://$1bobcares.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Bodum.xml b/src/chrome/content/rules/Bodum.xml
index f1db437aa6d9..175f2d1d0cd0 100644
--- a/src/chrome/content/rules/Bodum.xml
+++ b/src/chrome/content/rules/Bodum.xml
@@ -2,7 +2,7 @@
   <target host="bodum.com" />
   <target host="www.bodum.com" />
 
-  <securecookie host="^(.+\.)?bodum\.com$" name=".*"/>
+  <securecookie host=".+" name=".+" />
 
-  <rule from="^http://(?:www\.)?bodum\.com/" to="https://www.bodum.com/"/>
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/BodyBuilding.com.xml b/src/chrome/content/rules/BodyBuilding.com.xml
deleted file mode 100644
index c159679c4e76..000000000000
--- a/src/chrome/content/rules/BodyBuilding.com.xml
+++ /dev/null
@@ -1,73 +0,0 @@
-<!--
-	CDN buckets:
-
-		- d1qro4ibhgqt8c.cloudfront.net 
-			- imagecdn.bodybuilding.com
-
-	bodybuilding.com.112.2o7.net
-
-
-	Nonfunctional domains:
-
-		- bodyspace.bodybuilding.com *
-		- forum.bodybuilding.com
-		- my.bodybuilding.com		(times out)
-
-	* Redirects to http
-
-
-	Partially covered bodybuilding.com subdomains:
-
-		- (www.) *
-		- r[eosu] *
-		- s[abcegikmnortvz] *
-		- t[chjltwz] *
-		- u[ayz] *
-		- v[cgnu] *
-		- ws *
-		- ye *
-		- z[aw] *
-
-	*  Some (most?) pages redirect to http
-
-
-	Fully covered domains:
-
-		- common.bbcomcdn.com
-		- store.bbcomcdn.com
-
-		- bodybuilding.com subdomains:
-
-			- ad
-			- assets
-			- imagecdn	(→ d1qro4ibhgqt8c.cloudfront.net)
-			- n		(→ bodybuilding-com.112.2o7.net)
-			- s
-
--->
-<ruleset name="BodyBuilding.com (partial)">
-
-	<target host="*.bbcomcdn.com" />
-	<target host="*.bodybuilding.com" />
-		<exclusion pattern="^http://my\.bodybuilding\.com/" />
-
-
-	<securecookie host="^ad\.bodybuilding\.com$" name=".+" />
-
-
-	<rule from="^http://(common|store)\.bbcomcdn\.com/"
-		to="https://$1.bbcomcdn.com/" />
-
-	<rule from="^http://(\w{2}\.|www\.)?bodybuilding\.com/store/(account/|commerce/cart\.jsp|orderstatus\.htm)"
-		to="https://$1bodybuilding.com/store/$2" />
-
-	<rule from="^http://(ad|assets|s)\.bodybuilding\.com/"
-		to="https://$1.bodybuilding.com/" />
-
-	<rule from="^https?://imagecdn.bodybuilding.com/"
-		to="https://d1qro4ibhgqt8c.cloudfront.net/" />
-
-	<rule from="^https?://n\.bodybuilding\.com/"
-		to="https://bodybuilding-com.112.2o7.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Boeing-Employees-Credit-Union.xml b/src/chrome/content/rules/Boeing-Employees-Credit-Union.xml
deleted file mode 100644
index 2584a302ae8f..000000000000
--- a/src/chrome/content/rules/Boeing-Employees-Credit-Union.xml
+++ /dev/null
@@ -1,35 +0,0 @@
-<!--
-	becu.122.2o7.net/b/ss/becudev/1/H.17/
-
--->
-<ruleset name="Boeing Employees Credit Union (partial)">
-
-	<target host="becu.org" />
-	<target host="*.becu.org" />
-	<target host="becuonlinebanking.org" />
-	<target host="*.becuonlinebanking.org" />
-
-
-	<!--	s_ cookies are set by 2o7.net.
-		becuhome is set by the homepage.	-->
-	<securecookie host="^\.becu\.org$" name="^(becuhome|s_\w+)$" />
-	<securecookie host="^accessassistant\.becu\.org$" name=".*" />
-	<securecookie host="^.*\.becuonlinebanking\.org$" name=".*" />
-
-
-	<!--	Cert is only valid for www.	-->
-	<rule from="^https?://becu\.org/"
-		to="https://www.becu.org/" />
-
-	<!--	Some pages redirect to http.  There may be more that don't.	-->
-	<rule from="^http://www\.becu\.org/($|contact-us\.aspx|css/|Default\.aspx|flash/|images/|js/|mobile-online-banking/|pdfsource/|who-is/becu-is-you\.aspx)"
-		to="https://www.becu.org/$1s/" />
-
-	<rule from="^http://accessassistant\.becu\.org/"
-		to="https://accessassistant.becu.org/" />
-
-	<!--	Cert is only valid for www.	-->
-	<rule from="^http://(?:www\.)?becuonlinebanking\.org/"
-		to="https://www.becuonlinebanking.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Boell.de.xml b/src/chrome/content/rules/Boell.de.xml
index 1fa68a10513a..7e1935a51ae8 100644
--- a/src/chrome/content/rules/Boell.de.xml
+++ b/src/chrome/content/rules/Boell.de.xml
@@ -1,4 +1,60 @@
-<ruleset name="Boell.de">
-	<target host="groupwise.boell.de" />
-	<rule from="^http://groupwise\.boell\.de/" to="https://groupwise.boell.de/" />
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://mobilesync.boell.de/ => https://mobilesync.boell.de/: (28, 'Connection timed out after 20001 milliseconds')
+
+boell.de ¹
+callme.boell.de ⁴
+www.entdecke.boell.de ¹
+exp-jg-e1.boell.de ⁴
+exp-mra-e1.boell.de ³
+gesundheitspolitik.boell.de ¹
+groupwise.boell.de ³
+www.heimatkunde.boell.de ¹
+www.hochinklusiv.boell.de ¹
+kommunalwiki.boell.de ²
+lists.boell.de ²
+mpx.boell.de ³
+mpx-rtmp.boell.de ³
+mx.boell.de ³
+newsletter.boell.de ¹
+on.boell.de ⁴
+outside.boell.de ⁴
+pad.boell.de ⁴
+anmeldung.boell.de different content
+presse.boell.de different content
+stipendium.boell.de different content
+themen.boell.de different content
+
+
+¹ mismatch
+² refused
+³ timed out
+⁴ self signed
+-->
+<ruleset name="boell.de" default_off="failed ruleset test">
+	<target host="www.boell.de" />
+	<target host="bewerbung.boell.de" />
+	<target host="calendar.boell.de" />
+	<target host="cloud.boell.de" />
+	<target host="entdecke.boell.de" />
+	<target host="greencampus.boell.de" />
+	<target host="gutvertreten.boell.de" />
+	<target host="www.gutvertreten.boell.de" />
+	<target host="heimatkunde.boell.de" />
+	<target host="help.boell.de" />
+	<target host="mobilesync.boell.de" />
+	<target host="piwik.boell.de" />
+	<target host="sign.boell.de" />
+	<target host="smgw.boell.de" />
+	<target host="survey.boell.de" />
+	<target host="webaccess.boell.de" />
+	<target host="workspace.boell.de" />
+
+	<target host="boell.de" />
+
+	<rule from="^http://boell\.de/"
+		to="https://www.boell.de/" />
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Boerse_Frankfurt.xml b/src/chrome/content/rules/Boerse_Frankfurt.xml
index 6efc31133be6..bf4864f03628 100644
--- a/src/chrome/content/rules/Boerse_Frankfurt.xml
+++ b/src/chrome/content/rules/Boerse_Frankfurt.xml
@@ -1,4 +1,7 @@
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://boerse-frankfurt.de/ => https://www.boerse-frankfurt.de/: Cycle detected - URL already encountered: https://www.boerse-frankfurt.de/
+Fetch error: http://www.boerse-frankfurt.de/ => https://www.boerse-frankfurt.de/: Cycle detected - URL already encountered: https://www.boerse-frankfurt.de/
      Börse Frankfurt / Frankfurt Stock Exchange
 
      Non-functional subdomains:
@@ -9,7 +12,7 @@
     <target host="boerse-frankfurt.de" />
     <target host="www.boerse-frankfurt.de" />
 
-    <rule from="^https?://boerse-frankfurt\.de/"
+    <rule from="^http://boerse-frankfurt\.de/"
         to="https://www.boerse-frankfurt.de/" />
     <rule from="^http://([^/:@]+)?\.boerse-frankfurt\.de/"
         to="https://$1.boerse-frankfurt.de/" />
diff --git a/src/chrome/content/rules/Bofh.it.xml b/src/chrome/content/rules/Bofh.it.xml
index 0cd7e85e7105..63d82a98feac 100644
--- a/src/chrome/content/rules/Bofh.it.xml
+++ b/src/chrome/content/rules/Bofh.it.xml
@@ -1,22 +1,32 @@
 <!--
 	Nonfunctional domains:
 
-		- news.bofh.it
+		- news.bofh.it *
+
+	* Refused
+
+
+	Problematic domains:
+
+		- ml.azzurra.org *
+		- censura.bofh.it *
+		- list.bofh.its *
+
+	* Mismatched
 
 
 	^bofh.it doesn't exist.
 
 -->
-<ruleset name="bofh.it" platform="cacert">
-
-	<target host="ml.azzurra.org" />
-	<target host="*.bofh.it" />
+<ruleset name="bofh.it (partial)">
 
+	<!--	Direct rewrites:
+				-->
+	<target host="blog.bofh.it" />
+	<target host="www.bofh.it" />
 
-	<rule from="^http://ml\.azzurra\.org/"
-		to="https://ml.azzurra.org/" />
 
-	<rule from="^http://(blog|censura|lists|www)\.bofh\.it/"
-		to="https://$1bofh.it/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Bohemia_Interactive.xml b/src/chrome/content/rules/Bohemia_Interactive.xml
new file mode 100644
index 000000000000..9163ee5b59ec
--- /dev/null
+++ b/src/chrome/content/rules/Bohemia_Interactive.xml
@@ -0,0 +1,58 @@
+<!--
+	Nonfunctional hosts in *bistudio.com:
+
+		- pro *
+
+	* 403
+
+
+	^bistudio.com: 403
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .bistudio.com
+		- account.bistudio.com
+		- community.bistudio.com
+
+
+	Mixed content:
+
+		- Images on forums from www.gravatar.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Bohemia Interactive (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="account.bistudio.com" />
+  <target host="community.bistudio.com" />
+	<target host="data.bistudio.com" />
+	<target host="forums.bistudio.com" />
+  <target host="store.bistudio.com" />
+	<target host="support.bistudio.com" />
+  <target host="www.bistudio.com" />
+
+	<!--	Complications:
+				-->
+  <target host="bistudio.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.bistudio\.com$" name="^(?:bi_auth_session|bohemiaInteractiveForums_session_id)$" /-->
+	<!--securecookie host="^account\.bistudio\.com$" name="^connect\.sid$" /-->
+	<!--securecookie host="^community\.bistudio\.com$" name="^bb2_screener$" /-->
+
+	<securecookie host="^\.bistudio\.com$" name="^bohemiaInteractiveForums_session_id$" />
+	<securecookie host="^(?:account|community|store)\.bistudio\.com$" name=".+" />
+
+
+	<rule from="^http://bistudio\.com/"
+		to="https://www.bistudio.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Boing-Boing.xml b/src/chrome/content/rules/Boing-Boing.xml
deleted file mode 100644
index 2f0eec7791a0..000000000000
--- a/src/chrome/content/rules/Boing-Boing.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)
-		- submit
-
--->
-<ruleset name="Boing Boing Shop">
-
-	<target host="shop.boingboing.net" />
-	<!--	* for cross-domain cookie.	-->
-	<target host="*.shop.boingboing.net" />
-
-
-	<securecookie host="^\.shop\.boingboing\.net$" name=".*" />
-
-
-	<rule from="^http://shop\.boingboing\.net/"
-		to="https://shop.boingboing.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Boingo.xml b/src/chrome/content/rules/Boingo.xml
index 4e53b015089d..5cd0a4d2867a 100644
--- a/src/chrome/content/rules/Boingo.xml
+++ b/src/chrome/content/rules/Boingo.xml
@@ -1,15 +1,24 @@
-<ruleset name="Boingo">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://boingo.com/ => https://www.boingo.com/: (7, 'Failed to connect to www.boingo.com port 443: Connection refused')
+Fetch error: http://boingohotspot.net/ => http://boingohotspot.net/: (28, 'Connection timed out after 20001 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://boingo.com/ => https://www.boingo.com/: (7, 'Failed to connect to www.boingo.com port 443: Connection timed out')
+-->
+<ruleset name="Boingo" default_off="failed ruleset test">
     <target host="boingo.com" />
     <target host="*.boingo.com" />
     <target host="boingohotspot.net" />
     <target host="*.boingohotspot.net" />
 
-    <rule from="^https?://boingo\.com/"
+    <rule from="^http://boingo\.com/"
         to="https://www.boingo.com/" />
     <rule from="^http://([^/:@]+)?\.boingo\.com/"
         to="https://$1.boingo.com/" />
 
-    <rule from="^https?://boingo\.net/"
+    <rule from="^http://boingo\.net/"
         to="https://www.boingo.net/" />
     <rule from="^http://([^/:@]+)?\.boingohotspot\.net/"
         to="https://$1.boingohotspot.net/" />
diff --git a/src/chrome/content/rules/Boiron.ca.xml b/src/chrome/content/rules/Boiron.ca.xml
new file mode 100644
index 000000000000..ef7aa524bf53
--- /dev/null
+++ b/src/chrome/content/rules/Boiron.ca.xml
@@ -0,0 +1,7 @@
+<ruleset name="Boiron.ca">
+	<target host="boiron.ca" />
+	<target host="www.boiron.ca" />
+	<target host="shop.boiron.ca" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Bokborgen.se.xml b/src/chrome/content/rules/Bokborgen.se.xml
index 9595b26d01fb..3fcb4a29990c 100644
--- a/src/chrome/content/rules/Bokborgen.se.xml
+++ b/src/chrome/content/rules/Bokborgen.se.xml
@@ -1,4 +1,14 @@
-<ruleset name="Bokborgen.se">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.bokborgen.se/ => https://bokborgen.se/: (51, "SSL: no alternative certificate subject name matches target host name 'bokborgen.se'")
+Fetch error: http://bokborgen.se/ => https://bokborgen.se/: (51, "SSL: no alternative certificate subject name matches target host name 'bokborgen.se'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.bokborgen.se/ => https://bokborgen.se/: (51, "SSL: no alternative certificate subject name matches target host name 'bokborgen.se'")
+Fetch error: http://bokborgen.se/ => https://bokborgen.se/: (51, "SSL: no alternative certificate subject name matches target host name 'bokborgen.se'")
+-->
+<ruleset name="Bokborgen.se" default_off="failed ruleset test">
   <target host="www.bokborgen.se" />
   <target host="bokborgen.se" />
   <rule from="^http://www\.bokborgen\.se/" to="https://bokborgen.se/"/>
diff --git a/src/chrome/content/rules/Bokelskere.no.xml b/src/chrome/content/rules/Bokelskere.no.xml
new file mode 100644
index 000000000000..0da59c9759f9
--- /dev/null
+++ b/src/chrome/content/rules/Bokelskere.no.xml
@@ -0,0 +1,6 @@
+<ruleset name="Bokelskere.no">
+	<target host="bokelskere.no" />
+	<target host="www.bokelskere.no" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Bokelskere.xml b/src/chrome/content/rules/Bokelskere.xml
deleted file mode 100644
index 4898aa51f470..000000000000
--- a/src/chrome/content/rules/Bokelskere.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="Bokelskere" platform="mixedcontent">
-  <target host="bokelskere.no" />
-  <target host="www.bokelskere.no" />
-
-  <rule from="^http://bokelskere\.no/" to="https://bokelskere.no/"/>
-  <rule from="^http://www\.bokelskere\.no/" to="https://www.bokelskere.no/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/Bokon.se.xml b/src/chrome/content/rules/Bokon.se.xml
new file mode 100644
index 000000000000..8ac7320cdb48
--- /dev/null
+++ b/src/chrome/content/rules/Bokon.se.xml
@@ -0,0 +1,23 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- bokon.se
+		- www.bokon.se
+
+-->
+<ruleset name="Bokon.se">
+
+	<target host="bokon.se" />
+	<target host="www.bokon.se" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?bokon\.se$" name="^sessionid$" /-->
+
+	<securecookie host="^(?:www\.)?bokon\.se$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BoldChat.com.xml b/src/chrome/content/rules/BoldChat.com.xml
index dd2422b07f71..d2c88dafa14d 100644
--- a/src/chrome/content/rules/BoldChat.com.xml
+++ b/src/chrome/content/rules/BoldChat.com.xml
@@ -1,73 +1,71 @@
 <!--
-	For other LogMeIn coverage, see LogMeIn.xml.
+	For other LogMeIn coverage, see LogMeIn_Inc.com.xml.
 
 
 	Nonfunctional subdomains:
 
 		- help	(shows www)
+		- test ²
+
+	² Refused
 
 
 	Problematic subdomains:
 
 		- autodiscover	(refused)
+		- blog ² ³
 		- solutions	(works; mismatched, CN: *.pages04.net)
 
+	² Expired
+	³ Missing certificate chain
+
+
+	Insecure cookies are set for these domains:
 
-	Fully covered subdomains:
-
-		- (www.) *
-		- autodiscover	(→ autodiscover.mex07a.emailsrvr.com)
-		- blog
-		- cbi
-		- hometab
-		- images *
-		- livechat
-		- my
-		- report
-		- reports
-		- test *
-		- vms
-		- vmss
-		- web
-
-	* Server is configured for rc4 only
-
-
-	Observed cookie domains:
-
-		- ^
-		- .
-		- livechat
-		- my
-		- report
-		- reports
-		- setup
-		- solutions
-		- test
-		- vms
-		- vmss
-		- web
-		- www
+		- .boldchat.com
 
 -->
 <ruleset name="BoldChat.com (partial)">
 
 	<target host="boldchat.com" />
-	<target host="*.boldchat.com" />
-
-
-	<securecookie host="^(?:.*\.)?boldchat\.com$" name=".+" />
-
+	<!--target host="blog.boldchat.com" /-->
+	<target host="cbi.boldchat.com" />
+	<target host="hometab.boldchat.com" />
+	<target host="images.boldchat.com" />
+	<target host="livechat.boldchat.com" />
+	<target host="my.boldchat.com" />
+	<target host="report.boldchat.com" />
+	<target host="reports.boldchat.com" />
+	<target host="setup.boldchat.com" />
+	<target host="vms.boldchat.com" />
+	<target host="vmss.boldchat.com" />
+	<target host="web.boldchat.com" />
+	<target host="www.boldchat.com" />
+
+	<!--	Complications:
+				-->
+	<target host="autodiscover.boldchat.com" />
+
+		<!--	Sets cookies without Secure:
+							-->
+		<!--test url="http://vms.boldchat.com/aid/000000000000000001/bc.vmi?wdid=&amp;vr=&amp;vi=&amp;vn=&amp;vp=&amp;ve=&amp;curl=" /-->
+
+
+	<!--	Not secured by server;
+					-->
+	<!--securecookie host="^\.boldchat\.com$" name="^(bc-visit-id|bc-visitor-id|lb)$" /-->
 
-	<rule from="^http://(www\.)?boldchat\.com/"
-		to="https://$1boldchat.com/" />
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(blog|cbi|hometab|images|livechat|my|reports?|setup|test|vmss?|web)\.boldchat\.com/"
-		to="https://$1.boldchat.com/" />
 
 	<!--	Server drops path:
 					-->
 	<rule from="^http://autodiscover\.boldchat\.com/.*"
 		to="https://autodiscover.mex07a.emailsrvr.com/autodiscover/autodiscover.xml" />
 
+		<test url="http://autodiscover.boldchat.com//" />
+
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/BolehVPN.net.xml b/src/chrome/content/rules/BolehVPN.net.xml
index bc8431677d81..3982f5e38e45 100644
--- a/src/chrome/content/rules/BolehVPN.net.xml
+++ b/src/chrome/content/rules/BolehVPN.net.xml
@@ -1,18 +1,41 @@
+
 <!--
-	Nonfunctional subdomains:
+Disabled by https-everywhere-checker because:
+Fetch error: http://bolehvpn.net/ => https://bolehvpn.net/: (51, "SSL: no alternative certificate subject name matches target host name 'bolehvpn.net'")
+Fetch error: http://portal.bolehvpn.net/ => https://portal.bolehvpn.net/: (7, 'Failed to connect to portal.bolehvpn.net port 443: Connection refused')
+
+	Fully covered hosts in *bolehvpn.net:
+
+		- (www.)?
+		- portal
 
-		- (www.)	(shows Apache status, valid cert)
+
+	Insecure cookies are set for these domains and hosts:
+
+		- bolehvpn.net
+		- .bolehvpn.net
+		- portal.bolehvpn.net
+		- www.bolehvpn.net
 
 -->
-<ruleset name="BolehVPN.net (partial)">
+<ruleset name="BolehVPN.net" default_off="failed ruleset test">
 
+	<!--	Direct rewrites:
+				-->
+	<target host="bolehvpn.net" />
 	<target host="portal.bolehvpn.net" />
+	<target host="www.bolehvpn.net" />
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(portal\.|www\.)?bolehvpn\.net$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^\.bolehvpn\.net$" name="^(__cfduid|cf_clearance)$" /-->
 
-	<securecookie host="^portal\.bolehvpn\.net$" name=".+" />
+	<securecookie host="^(?:\.|portal\.|www\.)?bolehvpn\.net$" name=".+" />
 
 
-	<rule from="^http://portal\.bolehvpn\.net/"
-		to="https://portal.bolehvpn.net/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Boligejer.dk.xml b/src/chrome/content/rules/Boligejer.dk.xml
new file mode 100644
index 000000000000..1011c6780c25
--- /dev/null
+++ b/src/chrome/content/rules/Boligejer.dk.xml
@@ -0,0 +1,10 @@
+<ruleset name="Boligejer.dk">
+
+	<target host="boligejer.dk" />
+	<target host="www.boligejer.dk" />
+
+	<securecookie host="^\.boligejer\.dk$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Boligportal.dk.xml b/src/chrome/content/rules/Boligportal.dk.xml
new file mode 100644
index 000000000000..4bae2351c183
--- /dev/null
+++ b/src/chrome/content/rules/Boligportal.dk.xml
@@ -0,0 +1,24 @@
+<!--
+	Problematic domains:
+
+		- support ¹
+
+	¹: Bad cert
+
+-->
+<ruleset name="Boligportal.dk (static)">
+
+	<target host="boligportal.dk" />
+	<target host="www.boligportal.dk" />
+
+	<securecookie host="(www)?\.boligportal\.dk" name=".+" />
+
+	<target host="static1.boligportal.dk" />
+	<target host="static2.boligportal.dk" />
+	<target host="static3.boligportal.dk" />
+	<target host="static4.boligportal.dk" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bolos_Computer_Museum.xml b/src/chrome/content/rules/Bolos_Computer_Museum.xml
index a263b5b763f9..6bec6c199890 100644
--- a/src/chrome/content/rules/Bolos_Computer_Museum.xml
+++ b/src/chrome/content/rules/Bolos_Computer_Museum.xml
@@ -4,7 +4,6 @@
 	<target host="www.abcm.ch" />
 
 
-	<rule from="^http://(www\.)?abcm\.ch/"
-		to="https://$1abcm.ch/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Boltbus.com.xml b/src/chrome/content/rules/Boltbus.com.xml
index bc5d1844cbc1..8b645f973389 100644
--- a/src/chrome/content/rules/Boltbus.com.xml
+++ b/src/chrome/content/rules/Boltbus.com.xml
@@ -2,5 +2,5 @@
   <target host="boltbus.com" />
   <target host="www.boltbus.com" />
 
-  <rule from="^http://(?:www\.)?boltbus\.com/" to="https://www.boltbus.com/" />
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Bonding.de.xml b/src/chrome/content/rules/Bonding.de.xml
new file mode 100644
index 000000000000..ad20d178a01c
--- /dev/null
+++ b/src/chrome/content/rules/Bonding.de.xml
@@ -0,0 +1,12 @@
+<ruleset name="bonding.de">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="bonding.de" />
+	<target host="www.bonding.de" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bonneville_Power_Administration.xml b/src/chrome/content/rules/Bonneville_Power_Administration.xml
deleted file mode 100644
index 725474c78971..000000000000
--- a/src/chrome/content/rules/Bonneville_Power_Administration.xml
+++ /dev/null
@@ -1,34 +0,0 @@
-<!--
-	For other U.S. government coverage, see US-government.xml.
-
-
-	Nonfunctional subdomains:
-
-		- (www.)transmission
-
-
-	Problematic subdomains:
-
-		- www.careers *
-		- www.efw *
-		- www.jobs *
-
-	Cert only matches *.bpa
-
--->
-<ruleset name="Bonneville Power Administration (partial)">
-
-	<target host="bpa.gov" />
-	<target host="*.bpa.gov" />
-
-
-	<securecookie host="^.*\.bpa\.gov$" name=".+" />
-
-
-	<rule from="^http://(customerportal\.|www\.)?bpa\.gov/"
-		to="https://$1bpa.gov/" />
-
-	<rule from="^https?://(?:www\.)?(careers|efw|jobs)\.bpa\.gov/"
-		to="https://$1.bpa.gov/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/BookBoon.xml b/src/chrome/content/rules/BookBoon.xml
new file mode 100644
index 000000000000..b93aa8eb7604
--- /dev/null
+++ b/src/chrome/content/rules/BookBoon.xml
@@ -0,0 +1,46 @@
+<!--
+	Cert expired:
+		- backoffice
+
+	Cert mismatch:
+		- blog
+		- email.bookboon.com
+		- enterpriseenrollment.bookboon.com
+		- lyncdiscover.bookboon.com
+		- msoid.bookboon.com
+		- sip.bookboon.com
+
+	Chain incomplete:
+		 reports
+
+	Connection refused:
+		- search1
+		- search2
+
+	Self-signed:
+		- mm
+
+	Timeout:
+		- autodiscover
+		- db1
+		- rigel
+
+	TLS errors:
+		- s
+		- www1
+		- www2
+-->
+<ruleset name="BookBoon.com (partial)">
+
+	<target host="bookboon.com" />
+	<target host="www.bookboon.com" />
+	<target host="backoffice2.bookboon.com" />
+	<target host="files.bookboon.com" />
+	<target host="premium.bookboon.com" />
+	<target host="subsites.bookboon.com" />
+	<target host="webcrm.bookboon.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BookJuices.com.xml b/src/chrome/content/rules/BookJuices.com.xml
new file mode 100644
index 000000000000..7c247f0ba543
--- /dev/null
+++ b/src/chrome/content/rules/BookJuices.com.xml
@@ -0,0 +1,13 @@
+<!--
+	Invalid Certificate:
+		talent.bookjuices.com
+-->
+<ruleset name="BookJuices.com">
+	<target host="bookjuices.com" />
+	<target host="www.bookjuices.com" />
+	<target host="cdn.bookjuices.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/BookLink.Me.xml b/src/chrome/content/rules/BookLink.Me.xml
new file mode 100644
index 000000000000..e94b7ae7cf4d
--- /dev/null
+++ b/src/chrome/content/rules/BookLink.Me.xml
@@ -0,0 +1,19 @@
+<!--
+	Mismatched:
+		www.booklink.Me
+
+	Not exist:
+		www.2.booklink.me
+-->
+<ruleset name="BookLink.Me">
+	<target host="booklink.me" />
+	<target host="m.booklink.me" />
+	<target host="2.booklink.me" />
+	<target host="m.2.booklink.me" />
+
+	<target host="www.booklink.me" />
+
+	<rule from="^http://www\.booklink\.me/" to="https://booklink.me/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/BookMyName.com.xml b/src/chrome/content/rules/BookMyName.com.xml
new file mode 100644
index 000000000000..b652988de3fc
--- /dev/null
+++ b/src/chrome/content/rules/BookMyName.com.xml
@@ -0,0 +1,22 @@
+<!--
+	Refused:
+		eppstats.bookmyname.com
+
+	No working URL known:
+		faqs.bookmyname.com
+
+-->
+<ruleset name="BookMyName.com">
+
+	<target host="bookmyname.com" />
+	<target host="www.bookmyname.com" />
+	<target host="api.bookmyname.com" />
+	<target host="api.doc.bookmyname.com" />
+	<target host="de.faqs.bookmyname.com" />
+	<target host="en.faqs.bookmyname.com" />
+	<target host="es.faqs.bookmyname.com" />
+	<target host="fr.faqs.bookmyname.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BookMyName.xml b/src/chrome/content/rules/BookMyName.xml
deleted file mode 100644
index 79f361abc175..000000000000
--- a/src/chrome/content/rules/BookMyName.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="BookMyName">
-  <target host="www.bookmyname.com" />
-  <target host="bookmyname.com" />
-
-  <rule from="^http://(?:www\.)?bookmyname\.com/" to="https://www.bookmyname.com/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/Book_Depository.co.uk.xml b/src/chrome/content/rules/Book_Depository.co.uk.xml
new file mode 100644
index 000000000000..92685429cdb3
--- /dev/null
+++ b/src/chrome/content/rules/Book_Depository.co.uk.xml
@@ -0,0 +1,56 @@
+<!--
+	For other bookdepository.com related rulesets, see Book_Depository.com.xml
+
+	Non-functional hosts
+		Couldn't connect to server:
+			 - mx7.bookdepository.co.uk
+			 - smtp-int.bookdepository.co.uk
+			 - smtp1.bookdepository.co.uk
+
+		Timeout was reached:
+			 - cache0.bookdepository.co.uk
+			 - cache1.bookdepository.co.uk
+			 - cache2.bookdepository.co.uk
+			 - cache3.bookdepository.co.uk
+			 - mta855.e.bookdepository.co.uk
+			 - mta955.e.bookdepository.co.uk
+			 - a.ns.e.bookdepository.co.uk
+			 - b.ns.e.bookdepository.co.uk
+			 - c.ns.e.bookdepository.co.uk
+			 - d.ns.e.bookdepository.co.uk
+			 - e.ns.e.bookdepository.co.uk
+			 - f.ns.e.bookdepository.co.uk
+			 - images.bookdepository.co.uk
+			 - mx-template.bookdepository.co.uk
+			 - a.ns-e.bookdepository.co.uk
+			 - b.ns-e.bookdepository.co.uk
+			 - c.ns-e.bookdepository.co.uk
+			 - d.ns-e.bookdepository.co.uk
+			 - e.ns-e.bookdepository.co.uk
+			 - f.ns-e.bookdepository.co.uk
+			 - pcifw.bookdepository.co.uk
+			 - smtp.bookdepository.co.uk
+
+		SSL connect error:
+			 - map.bookdepository.co.uk
+			 - secure.bookdepository.co.uk
+
+		SSL peer certificate was not OK:
+			 - e.bookdepository.co.uk
+			 - f.e.bookdepository.co.uk
+			 - emails.bookdepository.co.uk
+			 - mxbk.bookdepository.co.uk
+			 - static.bookdepository.co.uk
+
+		5xx server error:
+			 - a.bookdepository.co.uk
+			 - affiliates.bookdepository.co.uk
+-->
+<ruleset name="Book Depository.co.uk (partial)">
+	<target host="bookdepository.co.uk" />
+	<target host="www.bookdepository.co.uk" />
+	<target host="imap.bookdepository.co.uk" />
+	<target host="mail.bookdepository.co.uk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Book_Depository.com.xml b/src/chrome/content/rules/Book_Depository.com.xml
new file mode 100644
index 000000000000..e76c69ea077f
--- /dev/null
+++ b/src/chrome/content/rules/Book_Depository.com.xml
@@ -0,0 +1,39 @@
+<!--
+	Other bookdepository.com related rulesets:
+		- Book_Depository.co.uk.xml
+
+	Non-functional hosts
+		Couldn't connect to server:
+			 - bdi-beta.bookdepository.com
+			 - issues.bookdepository.com
+
+		Timeout was reached:
+			 - cache0.bookdepository.com
+			 - cache1.bookdepository.com
+			 - cache2.bookdepository.com
+			 - cache3.bookdepository.com
+			 - images.bookdepository.com
+			 - smtp.bookdepository.com
+
+		SSL connect error:
+			 - static.bookdepository.com
+
+		SSL peer certificate was not OK:
+			 - a.bookdepository.com
+			 - mxbk.bookdepository.com
+
+		4xx client error:
+			 - banners1.bookdepository.com
+			 - suggestions.bookdepository.com
+			 - suggestions-au.bookdepository.com
+			 - tolkien.bookdepository.com
+-->
+<ruleset name="Book Depository.com (partial)">
+	<target host="bookdepository.com" />
+	<target host="www.bookdepository.com" />
+	<target host="affiliates.bookdepository.com" />
+	<target host="m.bookdepository.com" />
+	<target host="map.bookdepository.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Bookacourse.xml b/src/chrome/content/rules/Bookacourse.xml
index 488c9f053b52..0fd1347e0e25 100644
--- a/src/chrome/content/rules/Bookacourse.xml
+++ b/src/chrome/content/rules/Bookacourse.xml
@@ -2,13 +2,15 @@
 	content redirects to http.
 
 -->
-<ruleset name="Bookacourse (partial)">
+<ruleset name="Bookacourse.com (partial)" default_off="522">
 
 	<target host="bookacourse.com" />
 	<target host="www.bookacourse.com" />
 
+		<exclusion pattern="^http://(?:www\.)?bookacourse\.com/content" />
 
-	<rule from="^http://(www\.)?bookacourse\.com/(?!content)"
-		to="https://$1bookacourse.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BookerAndDax.com.xml b/src/chrome/content/rules/BookerAndDax.com.xml
new file mode 100644
index 000000000000..6a2f72755dae
--- /dev/null
+++ b/src/chrome/content/rules/BookerAndDax.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="BookerAndDax.com">
+	<target host="bookeranddax.com" />
+	<target host="www.bookeranddax.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Bookie.io.xml b/src/chrome/content/rules/Bookie.io.xml
new file mode 100644
index 000000000000..c35577ade54e
--- /dev/null
+++ b/src/chrome/content/rules/Bookie.io.xml
@@ -0,0 +1,19 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://bookie.io/ => https://bookie.io/: (28, 'Connection timed out after 20000 milliseconds')
+
+	www.bookie.io doesn't exist.
+
+-->
+<ruleset name="Bookie.io" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="bookie.io" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Booking.com.xml b/src/chrome/content/rules/Booking.com.xml
index 075a34a65e2e..f64cde89b419 100644
--- a/src/chrome/content/rules/Booking.com.xml
+++ b/src/chrome/content/rules/Booking.com.xml
@@ -1,17 +1,97 @@
+<!--
+	Other Booking.com rulesets:
+
+		- Villas.com.xml
+		- workingatbooking.com.xml
+
+
+	Nonfunctional subdomains:
+
+		- booking.com
+ 			- cs		²
+ 			- m.admin	(cert mismatched, CN: admin.booking.com)
+ 			- office	²
+			- r-ec		ʰ
+			- s-ec		ʰ
+ 			- suite		ʳ
+
+	¹ Timeout
+	² Connection reset
+  	ʳ Refused
+	ʰ Redirect to HTTP
+
+
+	Problematic hosts in *booking.com:
+
+		- info.suite ᵐ
+		- m.admin ᵐ
+
+	ᵐ Hubspot / mismatched
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- news.booking.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+-->
 <ruleset name="Booking.com">
 
 	<target host="booking.com" />
 	<target host="*.booking.com" />
 	<target host="*.bstatic.com" />
 
+		<exclusion pattern="^http://((?:[^./]+\.){2,}|(?:[^./]+\.){3,})b(?:ooking|static)\.com/" />
+
+			<!--	+ve:
+					-->
+			<test url="http://this.host.booking.com/" />
+			<test url="http://exists.not.booking.com/" />
+			<test url="http://this.host.m.booking.com/" />
+			<test url="http://exists.not.m.booking.com/" />
+			<test url="http://info.suite.booking.com/" />
+			<test url="http://this.host.bstatic.com/" />
+			<test url="http://exists.not.bstatic.com/" />
+
+		<exclusion pattern="^http://(?:m\.admin|sg|suite)\.booking\.com/" />
+		<exclusion pattern="^http://(r|s)-ec\.booking\.com/" />
+
+			<!--	+ve:
+					-->
+			<test url="http://suite.booking.com/" />
+			<test url="http://r-ec.booking.com/" />
+			<test url="http://s-ec.booking.com/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^news\.booking\.com$" name="^PPSESSION$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
-	<rule from="^http://(?:www\.)?booking\.com/"
-		to="https://www.booking.com/" />
 
-	<rule from="^http://(admin|bookingbutton|distribution-xml|mobile|xml)\.booking\.com/"
-		to="https://$1.booking.com/" />
+		<test url="http://www.booking.com/" />
+		<test url="http://admin.booking.com/" />
+		<test url="http://m.admin.booking.com/" />
+		<test url="http://blog.booking.com/" />
+		<test url="http://developers.booking.com/" />
+		<test url="http://join.booking.com/" />
+		<test url="http://news.booking.com/" />
+		<test url="http://outlook.booking.com/" />
+		<test url="http://partnerhelp.booking.com/" />
+		<test url="http://secure.booking.com/" />
+		<test url="http://sg.booking.com/" />
+		<test url="http://static.booking.com/static/img/flags/24/us.png" />
+		<test url="http://suitehelp.booking.com/" />
+		<test url="http://suiteoffice.booking.com/" />
+		<test url="http://workforce.booking.com/" />
 
-	<rule from="^http://(\w)\.bstatic\.com/"
-		to="https://$1.bstatic.com/" />
+		<test url="http://q.bstatic.com/images/hotel/square60/276/27628205.jpg" />
+		<test url="http://q-ec.bstatic.com/static/img/nobg_all_blue/85a874c5ee518d80b2ec6025d2a8379511a72172.png" />
+		<test url="http://r.bstatic.com/images/hotel/square60/454/4546574.jpg" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Booklog.jp.xml b/src/chrome/content/rules/Booklog.jp.xml
index 915d945643e5..42178938218b 100644
--- a/src/chrome/content/rules/Booklog.jp.xml
+++ b/src/chrome/content/rules/Booklog.jp.xml
@@ -1,4 +1,14 @@
-<ruleset name="Booklog.jp">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://booklog.jp/ => https://www.booklog.jp/: (51, "SSL: no alternative certificate subject name matches target host name 'www.booklog.jp'")
+Fetch error: http://www.booklog.jp/ => https://www.booklog.jp/: (51, "SSL: no alternative certificate subject name matches target host name 'www.booklog.jp'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://booklog.jp/ => https://www.booklog.jp/: (51, "SSL: no alternative certificate subject name matches target host name 'www.booklog.jp'")
+Fetch error: http://www.booklog.jp/ => https://www.booklog.jp/: (51, "SSL: no alternative certificate subject name matches target host name 'www.booklog.jp'")
+-->
+<ruleset name="Booklog.jp" default_off="failed ruleset test">
   <target host="booklog.jp" />
   <target host="www.booklog.jp" />
 
diff --git a/src/chrome/content/rules/Booklooker.de.xml b/src/chrome/content/rules/Booklooker.de.xml
index d099131bd574..e55cf210b7b6 100644
--- a/src/chrome/content/rules/Booklooker.de.xml
+++ b/src/chrome/content/rules/Booklooker.de.xml
@@ -1,9 +1,20 @@
-<ruleset name="booklooker.de">
-  <target host="booklooker.de" />
-  <target host="*.booklooker.de" />
+<!--
+	Remark: dev, falco, images2 and stats have different
+		behavior over HTTP (refused) and HTTPS (403).
 
-  <securecookie host="^(?:www\.)?(?:images\.|secure\.)?booklooker\.de$" name=".+" />
+	Non-functional hosts
+		Different content:
+		- bjoerk.booklooker.de
+-->
+<ruleset name="booklooker.de">
+	<target host="booklooker.de" />
+	<target host="www.booklooker.de" />
+	<target host="api.booklooker.de" />
+	<target host="bms.booklooker.de" />
+	<target host="download.booklooker.de" />
+	<target host="images.booklooker.de" />
+	<test url="http://images.booklooker.de/m/9783833310539/Jenny-Colgan+Die-kleine-B%C3%A4ckerei-am-Strandweg.jpg" />
+	<target host="secure.booklooker.de" />
 
-  <rule from="^http://(?:www\.)?(?:secure\.)?booklooker\.de/" to="https://secure.booklooker.de/" />
-  <rule from="^http://(?:www\.)?images\.booklooker\.de/" to="https://images.booklooker.de/" />
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/BooksOnIslam.org.xml b/src/chrome/content/rules/BooksOnIslam.org.xml
new file mode 100644
index 000000000000..1d349ef29ce3
--- /dev/null
+++ b/src/chrome/content/rules/BooksOnIslam.org.xml
@@ -0,0 +1,9 @@
+<ruleset name="BooksOnIslam.org">
+	<target host="booksonislam.org" />
+	<target host="www.booksonislam.org" />
+	<target host="mail.booksonislam.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/BooksOnline.website.xml b/src/chrome/content/rules/BooksOnline.website.xml
new file mode 100644
index 000000000000..3f3d956a9865
--- /dev/null
+++ b/src/chrome/content/rules/BooksOnline.website.xml
@@ -0,0 +1,8 @@
+<ruleset name="BooksOnline.website">
+	<target host="booksonline.website" />
+	<target host="www.booksonline.website" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Bookshare.xml b/src/chrome/content/rules/Bookshare.xml
index 3413bd0ae7d5..6dbff178a914 100644
--- a/src/chrome/content/rules/Bookshare.xml
+++ b/src/chrome/content/rules/Bookshare.xml
@@ -11,7 +11,6 @@
 	<securecookie host="^www\.bookshare\.org$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?bookshare\.org/"
-		to="https://www.bookshare.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Booktype.pro.xml b/src/chrome/content/rules/Booktype.pro.xml
new file mode 100644
index 000000000000..fae4ad2fd0e4
--- /dev/null
+++ b/src/chrome/content/rules/Booktype.pro.xml
@@ -0,0 +1,16 @@
+<!--
+	For other Sourcefabric coverage, see Sourcefabric.org.xml.
+
+-->
+<ruleset name="Booktype.pro">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="booktype.pro" />
+	<target host="www.booktype.pro" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bookworm.xml b/src/chrome/content/rules/Bookworm.xml
deleted file mode 100644
index bded1028b133..000000000000
--- a/src/chrome/content/rules/Bookworm.xml
+++ /dev/null
@@ -1,9 +0,0 @@
- <!-- Partial -->
-<ruleset name="Bookworm">
-  <target host="bookworm.oreilly.com" />
-
-  <securecookie host="^bookworm\.oreilly\.com$" name=".*" />
-
-  <rule from="^http://bookworm\.oreilly\.com/" to="https://bookworm.oreilly.com/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Boom.lgbt.xml b/src/chrome/content/rules/Boom.lgbt.xml
new file mode 100644
index 000000000000..b7325994f210
--- /dev/null
+++ b/src/chrome/content/rules/Boom.lgbt.xml
@@ -0,0 +1,14 @@
+<!--
+	Mismatched:
+		- ^ (www.boom.lgbt, fixed by this ruleset)
+-->
+
+<ruleset name="Boom.lgbt" platform="mixedcontent">
+	<target host="boom.lgbt" />
+	<target host="www.boom.lgbt" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://boom\.lgbt/" to="https://www.boom.lgbt/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/BoomAds.xml b/src/chrome/content/rules/BoomAds.xml
new file mode 100644
index 000000000000..4a53f2a09a22
--- /dev/null
+++ b/src/chrome/content/rules/BoomAds.xml
@@ -0,0 +1,9 @@
+<ruleset name="Boomads">
+
+	<target host="widget.boomads.com" />
+	<!-- cert not valid for the mainpage -->
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Boomerang.com.xml b/src/chrome/content/rules/Boomerang.com.xml
new file mode 100644
index 000000000000..880fb0f7e3af
--- /dev/null
+++ b/src/chrome/content/rules/Boomerang.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="Boomerang.com">
+	<target host="boomerang.com" />
+	<target host="www.boomerang.com" />
+	<target host="link.boomerang.com" />
+	<target host="staging.boomerang.com" />
+	<target host="watch.boomerang.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Boomerang.xml b/src/chrome/content/rules/Boomerang.xml
deleted file mode 100644
index 5b0c1ad32526..000000000000
--- a/src/chrome/content/rules/Boomerang.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- blogs
-		- home		(valid cert; prints "systems are undergoing maintenance at this time")
-		- loyalty
-
--->
-<ruleset name="Boomerang (partial)">
-
-	<target host="boomerang.com" />
-	<target host="*.boomerang.com" />
-
-
-	<securecookie host="^ss\.boomerang\.com$" name=".*" />
-
-
-	<rule from="^http://(imagestore2?\.|ss\.|www\.)?boomerang\.com/"
-		to="https://$1boomerang.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/BoordatWork.com.xml b/src/chrome/content/rules/BoordatWork.com.xml
index 55d461f76f9c..49fbce4371e7 100644
--- a/src/chrome/content/rules/BoordatWork.com.xml
+++ b/src/chrome/content/rules/BoordatWork.com.xml
@@ -1,17 +1,18 @@
 <ruleset name="BoordatWork.com" default_off="self-signed">
 
 	<target host="booredatwork.com" />
-	<target host="*.booredatwork.com" />
+	<target host="cdn.booredatwork.com" />
+	<target host="www.booredatwork.com" />
 
 
-	<securecookie host="^\.?booredatwork\.com$" name=".*" />
+	<securecookie host="^\.?booredatwork\.com$" name=".+" />
 
 
 	<!--	- cdn cert: gp1.wac.edgecastcdn.net
 		- cdn 404s
 		- www doesn't work over https.
 					-->
-	<rule from="^https?://(?:cdn\.|www\.)?booredatwork\.com/"
+	<rule from="^http://(?:cdn\.|www\.)?booredatwork\.com/"
 		to="https://booredatwork.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Boost.org.xml b/src/chrome/content/rules/Boost.org.xml
new file mode 100644
index 000000000000..aa67e78050ec
--- /dev/null
+++ b/src/chrome/content/rules/Boost.org.xml
@@ -0,0 +1,21 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+		- ci.boost.org
+
+		Mixed content blocking (MCB) triggered:
+		- boostcon.boost.org
+-->
+<ruleset name="Boost.org">
+	<target host="boost.org" />
+	<target host="www.boost.org" />
+	<target host="beta.boost.org" />
+	<target host="lists.boost.org" />
+	<target host="live.boost.org" />
+	<target host="svn.boost.org" />
+	<target host="wiki.boost.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Boost.xml b/src/chrome/content/rules/Boost.xml
deleted file mode 100644
index 400eab005ce5..000000000000
--- a/src/chrome/content/rules/Boost.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)	(redirects to http, valid cert)
-
--->
-<ruleset name="boost (partial)">
-
-	<target host="svn.boost.org" />
-
-
-	<securecookie host="^svn\.boost\.org$" name=".*" />
-
-
-	<!--	^lists shows RHEL test page over https:
-							-->
-	<rule from="^http://lists\.boost\.org/(?:\?.*)?$"
-		to="https://lists.boost.org/mailman/listinfo.cgi" />
-
-	<rule from="^http://(lists|svn)\.boost\.org/"
-		to="https://$1.boost.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Boost_by_Benz.com.xml b/src/chrome/content/rules/Boost_by_Benz.com.xml
new file mode 100644
index 000000000000..18f2e62c36fd
--- /dev/null
+++ b/src/chrome/content/rules/Boost_by_Benz.com.xml
@@ -0,0 +1,24 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://boostbybenz.com/ => https://boostbybenz.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.boostbybenz.com/ => https://www.boostbybenz.com/: (28, 'Connection timed out after 20000 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://boostbybenz.com/ => https://boostbybenz.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.boostbybenz.com/ => https://www.boostbybenz.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+	These altnames don't exist:
+
+		- test.boostbybenz.com
+		- stage.boostbybenz.com
+
+-->
+<ruleset name="Boost by Benz.com" default_off="failed ruleset test">
+
+	<target host="boostbybenz.com" />
+	<target host="www.boostbybenz.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BootCDN.xml b/src/chrome/content/rules/BootCDN.xml
new file mode 100644
index 000000000000..1d902dc8a43f
--- /dev/null
+++ b/src/chrome/content/rules/BootCDN.xml
@@ -0,0 +1,39 @@
+<!--
+	Refused:
+		*bootcdn.cn
+			codeguide.bootcss.com
+			docs.bootcss.com
+			expo.bootcss.com
+			gruntjs.bootcss.com
+			jekyll.bootcss.com
+			job.bootcss.com
+			jquery.bootcss.com
+			koa.bootcss.com
+			less.bootcss.com
+			open.bootcss.com
+			sass.bootcss.com
+			v2.bootcss.com
+			v3.bootcss.com
+			v4.bootcss.com
+			v4.bootcss.com
+			w3schools.bootcss.com
+			wenda.bootcss.com
+			www.bootcss.com
+
+		*bootcss.com
+			blog.bootcss.cn
+			www.bootcss.cn
+-->
+
+<ruleset name="BootCDN">
+
+	<target host="cdn.bootcss.com" />
+		<test url="http://cdn.bootcss.com/bootstrap/3.3.6/css/bootstrap-theme.css" />
+
+	<!--	MCB	-->
+	<exclusion pattern="^http://cdn.bootcss.com/bootstrap-tokenfield/0.11.8/package/index.html" />
+		<test url="http://cdn.bootcss.com/bootstrap-tokenfield/0.11.8/package/index.html#examples" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Boots.com.xml b/src/chrome/content/rules/Boots.com.xml
index 76317898d4e4..a97e108c2dee 100644
--- a/src/chrome/content/rules/Boots.com.xml
+++ b/src/chrome/content/rules/Boots.com.xml
@@ -50,9 +50,13 @@
 <ruleset name="Boots.com (partial)">
 
 	<target host="boots.com" />
-	<target host="*.boots.com" />
+	<target host="www.boots.com" />
+	<target host="www.international.boots.com" />
+	<target host="th.boots.com" />
+	<target host="www.th.boots.com" />
 	<target host="shopbootsusa.com" />
-	<target host="*.shopbootsusa.com" />
+	<target host="www.shopbootsusa.com" />
+	<target host="images.shopbootsusa.com" />
 
 
 	<securecookie host="^(?:.*\.)?boots\.com$" name=".+" />
diff --git a/src/chrome/content/rules/Boots.no.xml b/src/chrome/content/rules/Boots.no.xml
index 1a4925b997da..65da5bec0a85 100644
--- a/src/chrome/content/rules/Boots.no.xml
+++ b/src/chrome/content/rules/Boots.no.xml
@@ -10,7 +10,7 @@
 <ruleset name="Boots.no">
 
 	<target host="boots.no" />
-	<target host="*.boots.no" />
+	<target host="www.boots.no" />
 
 
 	<securecookie host=".*\.boots\.no$" name=".+" />
diff --git a/src/chrome/content/rules/Boots_Thai.com.xml b/src/chrome/content/rules/Boots_Thai.com.xml
index 16796acd31b3..b18238a1e192 100644
--- a/src/chrome/content/rules/Boots_Thai.com.xml
+++ b/src/chrome/content/rules/Boots_Thai.com.xml
@@ -1,16 +1,21 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.bootsthai.com/ => https://www.bootsthai.com/: (60, 'SSL certificate problem: certificate has expired')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.bootsthai.com/ => https://www.bootsthai.com/: (60, 'SSL certificate problem: certificate has expired')
 	For other Boots coverage, see Boots.com.xml.
 
 
 	^bootsthai.com times out over both http and https.
 
 -->
-<ruleset name="Boots Thai.com">
+<ruleset name="Boots Thai.com" default_off="failed ruleset test">
 
 	<target host="www.bootsthai.com" />
 
 
-	<rule from="^http://www\.bootsthai\.com/"
-		to="https://www.bootsthai.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/BootstrapCDN.xml b/src/chrome/content/rules/BootstrapCDN.xml
index d115807bebf0..8373872a088c 100644
--- a/src/chrome/content/rules/BootstrapCDN.xml
+++ b/src/chrome/content/rules/BootstrapCDN.xml
@@ -1,20 +1,26 @@
 <!--
 	For other NetDNA coverage, see NetDNA.xml.
 
+	Time out:
+		bootstrapcdn.com
 
-	Problematic subdomains:
-
-		- ^		(record_too_long)
-		- www		(mismatched, CN: netdna.bootstrapcdn.com)
+	Invalid certificate:
+		status.bootstrapcdn.com
 
 -->
-<ruleset name="BootstrapCDN (partial)">
+<ruleset name="BootstrapCDN.com">
 
 	<target host="bootstrapcdn.com" />
-	<target host="*.bootstrapcdn.com" />
+	<target host="www.bootstrapcdn.com" />
+	<target host="current.bootstrapcdn.com" />
+	<target host="dev.bootstrapcdn.com" />
+	<target host="maxcdn.bootstrapcdn.com" />
+	<target host="netdna.bootstrapcdn.com" />
 
+	<rule from="^http://bootstrapcdn\.com/"
+		to="https://www.bootstrapcdn.com/" />
 
-	<rule from="^https?://(?:netdna\.|www\.)?bootstrapcdn\.com/"
-		to="https://netdna.bootstrapcdn.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Bootswatch.com.xml b/src/chrome/content/rules/Bootswatch.com.xml
new file mode 100644
index 000000000000..ef9a44a2ef4f
--- /dev/null
+++ b/src/chrome/content/rules/Bootswatch.com.xml
@@ -0,0 +1,30 @@
+<!--
+	Nonfunctional subdomains:
+
+		- news *
+
+	* Tumblr
+
+
+	Insecure cookies are set for these domains:
+
+		- .bootswatch.com
+
+-->
+<ruleset name="Bootswatch.com (partial)">
+
+	<target host="bootswatch.com" />
+	<target host="www.bootswatch.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.bootswatch\.com$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.bootswatch\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Boounce.xml b/src/chrome/content/rules/Boounce.xml
index 608d15441c04..30e575be4c5b 100644
--- a/src/chrome/content/rules/Boounce.xml
+++ b/src/chrome/content/rules/Boounce.xml
@@ -1,13 +1,23 @@
-<ruleset name="Boounce">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://boounce.com/ => https://boounce.com/: (7, 'Failed to connect to boounce.com port 443: Connection refused')
+Fetch error: http://forums.boounce.com/ => https://forums.boounce.com/: (7, 'Failed to connect to forums.boounce.com port 443: Connection refused')
+Fetch error: http://www.boounce.com/ => https://www.boounce.com/: (7, 'Failed to connect to www.boounce.com port 443: Connection refused')
+
+Automatically by https-everywhere-checker because:
+Fetch error: http://boounce.com/ => https://boounce.com/: (60, 'SSL certificate problem: certificate has expired')
+-->
+<ruleset name="Boounce" default_off="failed ruleset test">
 
 	<target host="boounce.com" />
-	<target host="*.boounce.com" />
+	<target host="forums.boounce.com" />
+	<target host="www.boounce.com" />
 
 
 	<securecookie host="^forums\.boounce\.com$" name=".+" />
 
 
-	<rule from="^http://(forums\.|www\.)?boounce\.com/"
-		to="https://$1boounce.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Booz_Allen.com.xml b/src/chrome/content/rules/Booz_Allen.com.xml
new file mode 100644
index 000000000000..8ddaddb7b4fd
--- /dev/null
+++ b/src/chrome/content/rules/Booz_Allen.com.xml
@@ -0,0 +1,39 @@
+<!--
+	Problematic subdomains:
+
+		- missions *
+
+	* Eloqua
+
+
+	These altnames don't exist:
+
+		- www.cybertab.boozallen.com
+
+
+	Mixed content:
+
+		- Images on missions from www ¹
+		- Images on missions from images.info.bah.com ²
+
+	¹ Secured by us
+	² Not secured by us <= mismatched
+
+-->
+<ruleset name="Booz Allen.com (partial)">
+
+	<target host="boozallen.com" />
+	<target host="mena.boozallen.com" />
+	<target host="www.boozallen.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^cybertab\.boozallen\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^cybertab\.boozallen\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Borderfree.com.xml b/src/chrome/content/rules/Borderfree.com.xml
new file mode 100644
index 000000000000..460c10f41700
--- /dev/null
+++ b/src/chrome/content/rules/Borderfree.com.xml
@@ -0,0 +1,24 @@
+<!--
+	Nonfunctional hosts in *borderfree.com:
+
+		- (www.)? *
+
+	* Shows blank page
+
+
+	Fully covered hosts in *borderfree.com:
+
+		- tracking
+
+-->
+<ruleset name="Borderfree.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="tracking.borderfree.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bored_to_Death.xml b/src/chrome/content/rules/Bored_to_Death.xml
deleted file mode 100644
index 276fea675e5f..000000000000
--- a/src/chrome/content/rules/Bored_to_Death.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Bored to Death">
-
-	<target host="boredtodeath.me" />
-	<target host="*.boredtodeath.me" />
-
-
-	<securecookie host="^(?:w*\.)?boredtodeath\.me$" name=".+" />
-
-
-	<rule from="^http://(www\.)?boredtodeath\.me/"
-		to="https://$1boredtodeath.me/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Born_This_Way_Foundation.xml b/src/chrome/content/rules/Born_This_Way_Foundation.xml
index 32be16b72bb4..399411e7d8c2 100644
--- a/src/chrome/content/rules/Born_This_Way_Foundation.xml
+++ b/src/chrome/content/rules/Born_This_Way_Foundation.xml
@@ -1,33 +1,21 @@
 <!--
-	CDN buckets:
-
-		- dnwssx4l7gl7s.cloudfront.net/bway/default/
-
-
-	Problematic subdomains:
-
-		- (www.) *
-		- action *
-
-	* Redirects to http; mismatched, CN: secure.bornthiswayfoundation.org
-
-
-	At least some pages redirect back from secure.
+	Non-functional hosts:
+		Mismatched:
+		- www.bornthisway.foundation
 
 -->
 <ruleset name="Born This Way Foundation (partial)">
 
-	<target host="bornthiswayfoundation.org" />
-	<target host="*.bornthiswayfoundation.org" />
-
-
-	<securecookie host="^\.?secure\.bornthiswayfoundation\.org$" name=".+" />
-
+	<target host="bornthisway.foundation" />
+	<target host="www.bornthisway.foundation" />
+	<target host="secure.bornthisway.foundation" />
+	<target host="shop.bornthisway.foundation" />
 
-	<rule from="^https?://(?:action\.|www\.)?bornthiswayfoundation\.org/page/-/img/"
-		to="https://dnwssx4l7gl7s.cloudfront.net/bway/default/page/-/img/" />
+	<securecookie host=".+" name=".+" />
+	
+	<rule from="^http://www\.bornthisway\.foundation/"
+		  	to="https://bornthisway.foundation/" />
 
-	<rule from="^http://secure\.bornthiswayfoundation\.org/"
-		to="https://secure.bornthiswayfoundation.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Borsen.dk.xml b/src/chrome/content/rules/Borsen.dk.xml
new file mode 100644
index 000000000000..7577784b3e20
--- /dev/null
+++ b/src/chrome/content/rules/Borsen.dk.xml
@@ -0,0 +1,31 @@
+<!--
+	Problematic domains:
+
+		- ^ ¹
+		- annonceteknik ²
+		- challenge ²
+		- executiveclub ²
+		- finans ¹
+		- gazelle ²
+		- golf ⁴
+		- investor ¹
+		- ledelse ²
+		- play ²
+		- top1000 ³
+		- www ¹
+
+	¹: Works but serves a lot of strict http content
+	²: 403
+	³: connection timeout
+	⁴: refused
+-->
+<ruleset name="Borsen.dk (partial)">
+
+	<target host="annonce.borsen.dk" />
+	<target host="img.borsen.dk" />
+	<target host="pleasure.borsen.dk" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bortarsasag.xml b/src/chrome/content/rules/Bortarsasag.xml
new file mode 100644
index 000000000000..68dc669d184c
--- /dev/null
+++ b/src/chrome/content/rules/Bortarsasag.xml
@@ -0,0 +1,8 @@
+<ruleset name="Bort&#225;rsas&#225;g">
+	<!-- Cert: www.bortarsasag.hu -->
+	<target host="bortarsasag.hu" />
+	<target host="www.bortarsasag.hu" />
+
+	<securecookie host="^www\.bortarsasag\.hu$" name=".+" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git "a/src/chrome/content/rules/Bort\303\241rsas\303\241g.xml" "b/src/chrome/content/rules/Bort\303\241rsas\303\241g.xml"
deleted file mode 100644
index 56e82c48964b..000000000000
--- "a/src/chrome/content/rules/Bort\303\241rsas\303\241g.xml"
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="Bort&#225;rsas&#225;g">
-	<!-- Cert: www.bortarsasag.hu -->
-	<target host="bortarsasag.hu" />
-	<target host="www.bortarsasag.hu" />
-
-	<securecookie host="^www\.bortarsasag\.hu$" name=".*" />
-	<rule from="^http://(www\.)?bortarsasag\.hu/" to="https://www.bortarsasag.hu/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Bosch-Sensortec.com.xml b/src/chrome/content/rules/Bosch-Sensortec.com.xml
new file mode 100644
index 000000000000..8a0f42a0f20c
--- /dev/null
+++ b/src/chrome/content/rules/Bosch-Sensortec.com.xml
@@ -0,0 +1,22 @@
+<!--
+	For other Robert Bosch coverage, see Bosch.com.xml.
+
+
+	^: differs from http
+
+-->
+<ruleset name="Bosch-Sensortec.com">
+
+	<target host="bosch-sensortec.com" />
+	<target host="www.bosch-sensortec.com" />
+
+
+	<!--	Redirect drops path but not args:
+							-->
+	<rule from="^http://bosch-sensortec\.com/[^?]*"
+		to="https://www.bosch-sensortec.com/" />
+
+	<rule from="^http://www\.bosch-sensortec\.com/"
+		to="https://www.bosch-sensortec.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bosch.com.xml b/src/chrome/content/rules/Bosch.com.xml
new file mode 100644
index 000000000000..1e9cbe7b541f
--- /dev/null
+++ b/src/chrome/content/rules/Bosch.com.xml
@@ -0,0 +1,52 @@
+<!--
+	Other Robert Bosch rulesets:
+
+		- Bosch-Sensortec.com.xml
+
+
+	Nonfunctional subdomains:
+
+		- ^ ¹
+		- www ²
+
+	¹ Dropped
+	² Redirects to http, Akamai
+
+
+	Problematic subdomains:
+
+		- sustainabilityblog *
+
+	* Self-signed, CN: fe0wap153
+
+
+	Fully covered subdomains:
+
+		- appcenter
+		- crisis
+		- ebike
+		- idea
+
+		- ae-bst.resource
+		- beat-emea.resource
+		- boschshared-bosch-de.resource
+		- c-design-bosch-de.resource
+		- rb-master.resource
+
+-->
+<ruleset name="Bosch.com (partial)">
+
+	<target host="appcenter.bosch.com" />
+	<target host="crisis.bosch.com" />
+	<target host="ebike.bosch.com" />
+	<target host="idea.bosch.com" />
+	<target host="ae-bst.resource.bosch.com" />
+	<target host="beat-emea.resource.bosch.com" />
+	<target host="boschshared-bosch-de.resource.bosch.com" />
+	<target host="c-design-bosch-de.resource.bosch.com" />
+	<target host="rb-master.resource.bosch.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bose.co.uk.xml b/src/chrome/content/rules/Bose.co.uk.xml
new file mode 100644
index 000000000000..f5191e5e4c1e
--- /dev/null
+++ b/src/chrome/content/rules/Bose.co.uk.xml
@@ -0,0 +1,28 @@
+<!--
+	Other Bose ruleset:
+		- Bose.com.xml
+
+        Non-functional subdomains:
+		- bose.co.uk	(unknown issuer cert)
+			- campaign	(mismatch hostname, CN: ssl.hwcdn.net)
+			- campus   (unknown issuer cert)
+			- m        (unknown issuer cert)
+			- reseller	(timeout)
+			- reviews	(timeout)
+
+-->
+<ruleset name="Bose.co.uk">
+
+	<target host="bose.co.uk" />
+	<target host="www.bose.co.uk" />
+
+	<securecookie host="^www\.bose\.co\.uk$" name=".+" />
+
+	<!-- mismatch hostname -->
+	<rule from="^http://bose\.co\.uk/"
+		to="https://www.bose.co.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bose.com.xml b/src/chrome/content/rules/Bose.com.xml
new file mode 100644
index 000000000000..2e37a0c86972
--- /dev/null
+++ b/src/chrome/content/rules/Bose.com.xml
@@ -0,0 +1,187 @@
+<!--
+	Other Bose ruleset:
+		- Bose.co.uk.xml
+
+	Nonfunctional subdomains:
+		- bose.com	¹
+			- 321	¹
+			- aphkplmvault1		²
+			- ask	¹
+			- aspera	¹
+			- bmail		²
+			- careers	¹
+			- catalog	¹
+			- dealer	¹
+			- dealer-dev	³
+			- dealer-pp	²
+			- developers	¹
+			- eccqat	(mistmatch hostname, CN" *.msapproxy.net)
+			- eccqat	(mistmatch hostname, CN" *.virt.s4.exacttarget.com)
+			- pages.em	²
+			- view.em	²
+			- engcrudev	³
+			- enroll	³
+			- epp		¹
+			- www.epp	¹
+			- streaming.fortis	(SSL error)
+			- streamingltoauth.fortis	²
+			- streamingqaoauth	(mistmatch hostname, CN: streamingefeintoauth.bose.com)
+			- marketing.gd		(mistmatch hostname, CN: serviceops.bose.com)
+			- serviceops.gd		(mistmatch hostname, CN: serviceops.bose.com)
+			- intranet	¹
+			- jamastg	³
+			- kwstage1	³
+			- lookingglass		²
+			- lumines	(expired cert, mistmatch hostname, CN: *.vellance.net, vellance.net)
+			- m	¹
+			- marketing	¹
+			- mgb	³
+			- mgd	³
+			- mgp	³
+			- mid	³
+			- midm	(expired cert, mistmatch hostname, CN: vadn-lab-dmz-mag-int-vip.bose.com)
+			- mipm	³
+			- miq	³
+			- miqm	³
+			- mpb	³
+			- mpd	³
+			- mpdc	³
+			- mpp	³
+			- mppc	³
+			- mpq	³
+			- mpqc	³
+			- mrb	³
+			- omnidevclient		²
+			- ops-003-author	(mistmatch hostname, CN: *.msappproxy.net)
+			- origin-streaming	(self-signed)
+			- (www.)owners		¹
+			- reg.partners		²
+			- remote-jp-bakk	³
+			- remote-my	²
+			- portal	²
+			- professional	²
+			- proforum	(mistmatch hostname, CN: bosepro.community)
+			- qc3	¹
+			- reg	²
+			- remote-cn-hk		¹
+			- remote-eu	¹
+			- rt	¹
+			- serviceops	¹
+			- shanghai-vpn		¹
+			- share		(mistmatch hostname, CN:  link.brightcove.com)
+			- sso	(mistmatch hostname, CN:  sso1.bose.com)
+			- stargate	²
+			- static	(redirection error)
+			- svn	³
+			- tmdm	³
+			- tmdmcrt	³
+			- updates	¹
+			- usmada1	²
+			- usmada2	²
+			- vadnlbp	³
+			- wavepc	¹
+			- wcq	²
+			- wcsb2	³
+			- webmail	(mistmatch hostname, CN:  outlook.com)
+
+	¹ Unknown issuer cert
+	² Timeout
+	³ Expired cert
+-->
+<ruleset name="Bose.com">
+
+	<target host="bose.com" />
+	<target host="www.bose.com" />
+	<target host="accommodations.bose.com" />
+	<target host="aphkplmrepvlt1.bose.com" />
+	<target host="api-s.bose.com" />
+	<target host="auth.bose.com" />
+	<target host="autodiscover.bose.com" />
+	<target host="beta.bose.com" />
+	<target host="btu.bose.com" />
+	<target host="build.bose.com" />
+	<target host="community.bose.com" />
+	<target host="communitystage.bose.com" />
+	<target host="confluence.bose.com" />
+	<target host="confluencestage.bose.com" />
+	<target host="developer.bose.com" />
+	<target host="dev.devportal.bose.com" />
+	<target host="downloads.bose.com" />
+	<target host="emetrics.bose.com" />
+	<target host="employeepurchase.bose.com" />
+	<target host="global-bose-com-stage-001.gd.bose.com" />
+	<target host="www-bose-ae-stage-001.gd.bose.com" />
+	<target host="www-bose-at-stage-001.gd.bose.com" />
+	<target host="www-bose-ca-stage-001.gd.bose.com" />
+	<target host="www-bose-ch-stage-001.gd.bose.com" />
+	<target host="www-bose-cl-stage-001.gd.bose.com" />
+	<target host="www-bose-cn-stage-001.gd.bose.com" />
+	<target host="www-bose-co-jp-stage-001.gd.bose.com" />
+	<target host="www-bose-co-nz-stage-001.gd.bose.com" />
+	<target host="www-bose-co-uk-stage-001.gd.bose.com" />
+	<target host="www-bose-com-stage-001.gd.bose.com" />
+	<target host="www-bose-de-stage-001.gd.bose.com" />
+	<target host="www-bose-dk-stage-001.gd.bose.com" />
+	<target host="www-bose-es-stage-001.gd.bose.com" />
+	<target host="www-bose-fi-stage-001.gd.bose.com" />
+	<target host="www-bose-fr-stage-001.gd.bose.com" />
+	<target host="www-bose-hk-stage-001.gd.bose.com" />
+	<target host="www-bose-hu-stage-001.gd.bose.com" />
+	<target host="www-bose-ie-stage-001.gd.bose.com" />
+	<target host="www-bose-it-stage-001.gd.bose.com" />
+	<target host="www-bose-mx-stage-001.gd.bose.com" />
+	<target host="www-bose-nl-stage-001.gd.bose.com" />
+	<target host="www-bose-no-stage-001.gd.bose.com" />
+	<target host="www-bose-pe-stage-001.gd.bose.com" />
+	<target host="www-bose-pl-stage-001.gd.bose.com" />
+	<target host="www-bose-se-stage-001.gd.bose.com" />
+	<target host="www-bose-sg-stage-001.gd.bose.com" />
+	<target host="www-bose-tw-stage-001.gd.bose.com" />
+	<target host="www-bose-vn-stage-001.gd.bose.com" />
+	<target host="www-bosebelgium-be-stage-001.gd.bose.com" />
+	<target host="global.bose.com" />
+	<target host="globalpressroom.bose.com" />
+	<target host="hearphones.bose.com" />
+	<target host="jama.bose.com" />
+	<target host="jirapro.bose.com" />
+	<target host="jss.bose.com" />
+	<target host="marge-qa-001.bose.com" />
+	<target host="mip.bose.com" />
+	<target host="pro.bose.com" />
+	<target host="products.bose.com" />
+	<target host="remote-au.bose.com" />
+	<target host="remote-cn-sh.bose.com" />
+	<target host="remote-us.bose.com" />
+	<target host="reseller.bose.com" />
+	<target host="s.bose.com" />
+	<target host="showroom.bose.com" />
+	<target host="sso1.bose.com" />
+	<target host="streaming.bose.com" />
+	<target host="streamingefeintoauth.bose.com" />
+	<target host="streamingintoauth.bose.com" />
+	<target host="streamingqa.bose.com" />
+	<target host="streamingqaoauth.bose.com" />
+	<target host="streamingstgoauth.bose.com" />
+	<target host="t3p.bose.com" />
+	<target host="tenroll.bose.com" />
+	<target host="ucphone-proxy.bose.com" />
+	<target host="w4cdev.bose.com" />
+	<target host="w4cprd.bose.com" />
+	<target host="w4cqat.bose.com" />
+	<target host="wiki.bose.com" />
+	<target host="windchill.bose.com" />
+	<target host="worldwide.bose.com" />
+	<target host="bosepro.community" />
+	<target host="www.bosepro.community" />
+
+
+	<securecookie host="^www\.bose\.com$" name=".+" />
+
+	<!-- mismatch hostname -->
+	<rule from="^http://bose\.com/"
+		to="https://www.bose.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bosh.io.xml b/src/chrome/content/rules/Bosh.io.xml
new file mode 100644
index 000000000000..e137fee621a5
--- /dev/null
+++ b/src/chrome/content/rules/Bosh.io.xml
@@ -0,0 +1,30 @@
+<!--
+	Fully covered hosts in *bosh.io:
+
+		- (www.)?
+
+
+	Insecure cookies are set for these domains:
+
+		- .bosh.io
+
+-->
+<ruleset name="bosh.io">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="bosh.io" />
+	<target host="www.bosh.io" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.bosh\.io$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.bosh\.io$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BosslandGmbH.xml b/src/chrome/content/rules/BosslandGmbH.xml
new file mode 100644
index 000000000000..d795e721b63b
--- /dev/null
+++ b/src/chrome/content/rules/BosslandGmbH.xml
@@ -0,0 +1,20 @@
+<ruleset name="Bossland GmbH">
+
+	<!-- <target host="www.bossland-gmbh.com " />, Certificate mismatch-->
+	<target host="cn.buddyauth.com" />
+	<target host="eu.buddyauth.com" />
+	<target host="na.buddyauth.com" />
+	<target host="sea.buddyauth.com" />
+	<target host="www.buddyauth.com" />
+	<target host="store.buddyauth.com" />
+	<target host="www.demonbuddy.com" />
+	<target host="www.exilebuddy.com" />
+	<target host="www.hearthbuddy.com" />
+	<!--<target host="www.honorbuddy.com" /> , Certificate mismatch-->
+	<target host="www.rebornbuddy.com" />
+	<target host="www.thebuddyforum.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Boston-Built.xml b/src/chrome/content/rules/Boston-Built.xml
index a793090e0e4e..33c81cd09c6d 100644
--- a/src/chrome/content/rules/Boston-Built.xml
+++ b/src/chrome/content/rules/Boston-Built.xml
@@ -1,4 +1,4 @@
-<ruleset name="Boston Built" default_off="mismatch">
+<ruleset name="Boston Built" default_off="mismatched">
 
 	<!-- *.bluehost.com	-->
 	<target host="bostonbuilt.org"/>
diff --git a/src/chrome/content/rules/Boston.com.xml b/src/chrome/content/rules/Boston.com.xml
new file mode 100644
index 000000000000..76a968149c42
--- /dev/null
+++ b/src/chrome/content/rules/Boston.com.xml
@@ -0,0 +1,63 @@
+<!--
+	Related:
+		BostonGlobe.com.xml
+		BostonGlobeMedia.com.xml
+		o0bc.com.xml
+		o0bg.com.xml
+
+	CDN buckets:
+		- nytbglobe.112.2o7.net
+		- s3.amazonaws.com/static.rondavu.com/C/Boston_PROD/
+		- wac.493C.edgecastcdn.net
+			- cinesport.boston.com
+		- cache.boston.com.global.prod.fastly.net
+		- bostoncom.http.internapcdn.net
+		- boston.nimblebuy.com
+			- deals.boston.com
+
+	Mismatched:
+		cinesport.boston.com ( CN: gp1.wac.edgecastcdn.net )
+		circulars.boston.com
+		live.boston.com
+		people.boston.com
+		yourcampus.boston.com
+
+	Incomplete cer chain:
+		ae.boston.com
+		articles.boston.com
+		bostondirtdogs.boston.com
+		calendar.boston.com
+		graphics.boston.com
+		realestateads.boston.com
+		tickets.boston.com
+		weather.boston.com
+
+	MCB:
+		archive.boston.com	https://archive.boston.com/bigpicture/politics/
+		prototype.boston.com
+
+	Refused:
+		deals.boston.com
+-->
+<ruleset name="Boston.com">
+	<!--	Direct rewrites:	-->
+	<target host="boston.com" />
+	<target host="www.boston.com" />
+	<target host="cache.boston.com" />
+	<target host="inapcache.boston.com" />
+		<test url="http://inapcache.boston.com/universal/site_graphics/blogs/bigpicture/lgbt_2012/bp1.jpg" />
+	<target host="islandrun.boston.com" />
+	<target host="loveletters.boston.com" />
+	<target host="realestate.boston.com" />
+	<target host="sponsored.boston.com" />
+
+	<!--	Complications:	-->
+	<target host="prototype.boston.com" />
+	<rule from="^http://prototype\.boston\.com/"
+		to="https://p.o0bc.com/" />
+		<test url="http://prototype.boston.com/img/social_icons/tumblr-256.png" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/BostonGlobe.com.xml b/src/chrome/content/rules/BostonGlobe.com.xml
new file mode 100644
index 000000000000..47c191269a37
--- /dev/null
+++ b/src/chrome/content/rules/BostonGlobe.com.xml
@@ -0,0 +1,38 @@
+<!--
+	Related:
+		Boston.com.xml
+
+	CDN buckets:
+		- nytbglobe.112.2o7.net
+		- s3.amazonaws.com/static.rondavu.com/C/Boston_PROD/
+
+	Mismatched:
+		epaper.bostonglobe.com
+
+	Failed:
+		origin.bostonglobe.com
+		spiderbites.bostonglobe.com
+
+	Incomplete cert chain:
+		^
+		digitalaccess.bostonglobe.com
+		jobs.bostonglobe.com
+		manage.bostonglobe.com
+		reprints.bostonglobe.com
+		services.bostonglobe.com
+		subscribe.bostonglobe.com
+-->
+<ruleset name="BostonGlobe.com (partial)">
+	<target host="bostonglobe.com" />
+	<target host="www.bostonglobe.com" />
+	<target host="apps.bostonglobe.com" />
+	<target host="circulars.bostonglobe.com" />
+	<target host="groundgame.bostonglobe.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://bostonglobe\.com/"
+		to="https://www.bostonglobe.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/BostonGlobeMedia.com.xml b/src/chrome/content/rules/BostonGlobeMedia.com.xml
new file mode 100644
index 000000000000..7dc74ddc9867
--- /dev/null
+++ b/src/chrome/content/rules/BostonGlobeMedia.com.xml
@@ -0,0 +1,33 @@
+<!--
+	Related:
+		Boston.com.xml
+
+	Mismatched:
+		go.bostonglobemedia.com	( CN: Pardot.com )
+-->
+<ruleset name="BostonGlobeMedia.com (partial)">
+	<!--	Direct rewrites:	-->
+	<target host="bostonglobemedia.com" />
+	<target host="www.bostonglobemedia.com" />
+	<target host="adv.bostonglobemedia.com" />
+	<target host="advertising.bostonglobemedia.com" />
+	<target host="b.bostonglobemedia.com" />
+	<target host="createanad.bostonglobemedia.com" />
+
+	<!--	Complications:	-->
+	<target host="go.bostonglobemedia.com" />
+		<exclusion pattern="^http://go\.bostonglobemedia\.com/(?!css/|l/)" />
+			<!--	+ve:	-->
+			<test url="http://go.bostonglobemedia.com/home.htm" />
+			<test url="http://go.bostonglobemedia.com/index.php" />
+			<!--	-ve:	-->
+			<test url="http://go.bostonglobemedia.com/l/36752/2014-08-08/vt49/36752/33450/bgm_logo.gif" />
+			<test url="http://go.bostonglobemedia.com/l/36752/2015-01-23/37crk" />
+			<test url="http://go.bostonglobemedia.com/l/36752/2015-06-09/xzd53" />
+			<test url="http://go.bostonglobemedia.com/css/builder/builder.css" />
+
+	<rule from="^http://go\.bostonglobemedia\.com/"
+		to="https://go.pardot.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Boston_Review.net.xml b/src/chrome/content/rules/Boston_Review.net.xml
new file mode 100644
index 000000000000..1cda2f8e36fc
--- /dev/null
+++ b/src/chrome/content/rules/Boston_Review.net.xml
@@ -0,0 +1,22 @@
+<!--
+	Mixed content:
+
+		- css from fast.fonts.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Boston Review.com">
+
+	<target host="bostonreview.net" />
+	<target host="www.bostonreview.net" />
+
+
+	<!--	Server doesn't set Secure for:
+						-->
+	<securecookie host="^(?:w*\.)?bostonreview\.net$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Boston_University.xml b/src/chrome/content/rules/Boston_University.xml
deleted file mode 100644
index 12b074bf1d12..000000000000
--- a/src/chrome/content/rules/Boston_University.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- blackboard
-
--->
-<ruleset name="Boston University (partial)">
-
-	<target host="bu.edu" />
-	<target host="*.bu.edu" />
-
-
-	<securecookie host="^(?:www)?\.bu\.edu$" name=".+" />
-
-
-	<!--	!www doesn't work over https.
-						-->
-	<rule from="^https?://(?:www\.)?bu\.edu/"
-		to="https://www.bu.edu/" />
-
-	<rule from="^http://tandem\.bu\.edu/"
-		to="https://tandem.bu.edu/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/BotBot.me.xml b/src/chrome/content/rules/BotBot.me.xml
new file mode 100644
index 000000000000..39853c457bfe
--- /dev/null
+++ b/src/chrome/content/rules/BotBot.me.xml
@@ -0,0 +1,25 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.botbot.me/ => https://www.botbot.me/: (51, "SSL: no alternative certificate subject name matches target host name 'www.botbot.me'")
+
+	Insecure cookies are set for these hosts:
+
+		- botbot.me
+
+-->
+<ruleset name="BotBot.me" default_off="failed ruleset test">
+	<target host="botbot.me" />
+	<target host="www.botbot.me" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^botbot\.me$" name="^csrftoken$" /-->
+
+	<securecookie host="^botbot\.me$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/BotScanner.com.xml b/src/chrome/content/rules/BotScanner.com.xml
new file mode 100644
index 000000000000..e90a5875a0be
--- /dev/null
+++ b/src/chrome/content/rules/BotScanner.com.xml
@@ -0,0 +1,31 @@
+<!--
+	(www.)?botscanner.com: Refused
+
+
+	Problematic hosts in *botscanner.com:
+
+		- backoffice *
+		- scan *
+
+	* Expired
+
+
+	Mixed content:
+
+		- Bug on backoffice from mc.yandex.ru *
+
+	* Secured by us
+
+-->
+<ruleset name="BotScanner.com (partial)" default_off="expired">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="backoffice.botscanner.com" />
+	<target host="scan.botscanner.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Botconf.eu.xml b/src/chrome/content/rules/Botconf.eu.xml
new file mode 100644
index 000000000000..63b4c790888e
--- /dev/null
+++ b/src/chrome/content/rules/Botconf.eu.xml
@@ -0,0 +1,21 @@
+<ruleset name="Botconf.eu">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.botconf.eu" />
+
+	<!--	Complications:
+				-->
+	<target host="botconf.eu" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://botconf\.eu/"
+		to="https://www.botconf.eu/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Botfrei.de.xml b/src/chrome/content/rules/Botfrei.de.xml
new file mode 100644
index 000000000000..2d8b6dbbd150
--- /dev/null
+++ b/src/chrome/content/rules/Botfrei.de.xml
@@ -0,0 +1,23 @@
+<!--
+	For other United Internet coverage, see United-Internet.xml.
+
+
+	Nonfunctional subdomains:
+
+		- blog *
+		- forum **
+
+	* Shows stats; mismatched, CN: stats.cyscon.net
+	** 403; mismatched, CN: shared01.dedicatehome.net
+
+-->
+<ruleset name="Botfrei.de (partial)">
+
+	<target host="botfrei.de" />
+	<target host="www.botfrei.de" />
+		<!--exclusion pattern="^http://(blog|forum)\.botfrei\.de/" /-->
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bothar.xml b/src/chrome/content/rules/Bothar.xml
deleted file mode 100644
index a6340ebb2d56..000000000000
--- a/src/chrome/content/rules/Bothar.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="Bothar">
-  <target host="www.bothar.ie" />
-  <target host="bothar.ie" />
-
-  <rule from="^http://(?:www\.)?bothar\.ie/" to="https://$1bothar.ie/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/BotsIn.Space.xml b/src/chrome/content/rules/BotsIn.Space.xml
new file mode 100644
index 000000000000..f370f2c746cc
--- /dev/null
+++ b/src/chrome/content/rules/BotsIn.Space.xml
@@ -0,0 +1,8 @@
+<ruleset name="BotsIn.Space">
+	<target host="botsin.space" />
+	<target host="www.botsin.space" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Boum.org.xml b/src/chrome/content/rules/Boum.org.xml
index ea46d2d4b5c1..f5c016ff469c 100644
--- a/src/chrome/content/rules/Boum.org.xml
+++ b/src/chrome/content/rules/Boum.org.xml
@@ -1,7 +1,62 @@
+<!--
+	No working URL known
+		amnesia.boum.org
+		intrigeri.boum.org
+		kiwi.boum.org
+		webmasters.boum.org
+
+	Bad certificate:
+		dl.amnesia.boum.org
+		*.dl.amnesia.boum.org
+		frangipane.boum.org
+		mail.boum.org
+		ns.boum.org
+		ns2.boum.org
+		panoptique.boum.org
+
+	Preloaded:
+		tails.boum.org
+		*.tails.boum.org
+
+-->
 <ruleset name="boum.org">
-  <target host="boum.org" />
-  <target host="*.boum.org" />
 
-  <rule from="^http://boum\.org/" to="https://boum.org/"/>
-  <rule from="^http://([^/:@\.]+)\.boum\.org/" to="https://$1.boum.org/"/>
+	<target host="boum.org" />
+	<target host="www.boum.org" />
+	<target host="aide.boum.org" />
+	<target host="chutelibre.boum.org" />
+	<target host="connect.boum.org" />
+	<target host="connect-fr.boum.org" />
+	<target host="constellations.boum.org" />
+	<target host="cyberforat.boum.org" />
+	<target host="detournements.boum.org" />
+	<target host="enroute.boum.org" />
+	<target host="fgp.boum.org" />
+	<target host="frangipane.boum.org" />
+	<target host="groseille.boum.org" />
+	<target host="guide.boum.org" />
+	<target host="maglib.boum.org" />
+	<target host="mail.boum.org" />
+	<target host="mailman.boum.org" />
+	<target host="maisondelagreve.boum.org" />
+	<target host="mat.boum.org" />
+	<target host="ns.boum.org" />
+	<target host="ns2.boum.org" />
+	<target host="panoptique.boum.org" />
+	<target host="techstdout.boum.org" />
+	<target host="totostop.boum.org" />
+	<target host="villageclimatise.boum.org" />
+	<target host="web.boum.org" />
+	<target host="webmail.boum.org" />
+	<target host="wiki.boum.org" />
+
+	<rule from="^http://frangipane\.boum\.org/"
+		to="https://nantes.indymedia.org/" />
+
+	<rule from="^http://(mail|ns2?|panoptique)\.boum\.org/"
+		to="https://boum.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/Boun.cr.xml b/src/chrome/content/rules/Boun.cr.xml
new file mode 100644
index 000000000000..907915610932
--- /dev/null
+++ b/src/chrome/content/rules/Boun.cr.xml
@@ -0,0 +1,16 @@
+<!--
+	Time out:
+		mail.boun.cr
+
+	Invalid certificate:
+		support.boun.cr
+
+-->
+<ruleset name="Boun.cr">
+
+	<target host="boun.cr" />
+	<target host="www.boun.cr" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bounce.io.xml b/src/chrome/content/rules/Bounce.io.xml
new file mode 100644
index 000000000000..f693fe5a1212
--- /dev/null
+++ b/src/chrome/content/rules/Bounce.io.xml
@@ -0,0 +1,13 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://bounce.io/ => https://bounce.io/: (7, 'Failed to connect to bounce.io port 443: Connection refused')
+
+-->
+<ruleset name="Bounce.io" default_off="failed ruleset test">
+	<target host="bounce.io" />
+	<target host="www.bounce.io" />
+
+	<rule from="^http://(?:www\.)?bounce\.io/"
+		to="https://bounce.io/" />
+</ruleset>
diff --git a/src/chrome/content/rules/Bouncebidder.com.xml b/src/chrome/content/rules/Bouncebidder.com.xml
new file mode 100644
index 000000000000..b2f45b0e121a
--- /dev/null
+++ b/src/chrome/content/rules/Bouncebidder.com.xml
@@ -0,0 +1,12 @@
+<!--
+	www doesn't exist.
+
+-->
+<ruleset name="bouncebidder.com">
+
+	<target host="bouncebidder.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bouncy_Castle.org.xml b/src/chrome/content/rules/Bouncy_Castle.org.xml
new file mode 100644
index 000000000000..0f34f572e953
--- /dev/null
+++ b/src/chrome/content/rules/Bouncy_Castle.org.xml
@@ -0,0 +1,29 @@
+<!--
+	Nonfunctional subdomains:
+
+		- downloads *
+
+	* 404; mismatched, CN: myweb.iinethosting.net.au
+
+
+	Mixed content:
+
+		- favicon from www *
+
+	* Secured by us
+
+-->
+<ruleset name="Bouncy Castle.org (partial)">
+
+	<target host="bouncycastle.org" />
+	<target host="www.bouncycastle.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<securecookie host="^(?:www\.)?bouncycastle\.org$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BountyOSS.com.xml b/src/chrome/content/rules/BountyOSS.com.xml
deleted file mode 100644
index 5f895545baab..000000000000
--- a/src/chrome/content/rules/BountyOSS.com.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="BountyOSS.com">
-
-	<target host="bountyoss.com" />
-	<target host="www.bountyoss.com" />
-
-
-	<securecookie host="^bountyoss\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?bountyoss\.com/"
-		to="https://$1bountyoss.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Bountysource.com.xml b/src/chrome/content/rules/Bountysource.com.xml
index b827c321f709..65773fd732c3 100644
--- a/src/chrome/content/rules/Bountysource.com.xml
+++ b/src/chrome/content/rules/Bountysource.com.xml
@@ -16,7 +16,6 @@
 	<target host="www.bountysource.com" />
 
 
-	<rule from="^http://(www\.)?bountysource\.com/"
-		to="https://$1bountysource.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Bourgeois.me.xml b/src/chrome/content/rules/Bourgeois.me.xml
new file mode 100644
index 000000000000..330b22a712e6
--- /dev/null
+++ b/src/chrome/content/rules/Bourgeois.me.xml
@@ -0,0 +1,25 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://bourgeois.me/ => https://bourgeois.me/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.bourgeois.me/ => https://www.bourgeois.me/: (6, 'Could not resolve host: www.bourgeois.me')
+
+-->
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://bourgeois.me/ => https://bourgeois.me/: (51, "SSL: no alternative certificate subject name matches target host name 'bourgeois.me'")
+
+-->
+<ruleset name="Bourgeois.me" default_off="failed ruleset test">
+
+	<target host="bourgeois.me" />
+	<target host="www.bourgeois.me" />
+
+
+	<securecookie host="^\.bourgeois\.me$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bourne_To_Code.com.xml b/src/chrome/content/rules/Bourne_To_Code.com.xml
new file mode 100644
index 000000000000..4cd05116d107
--- /dev/null
+++ b/src/chrome/content/rules/Bourne_To_Code.com.xml
@@ -0,0 +1,17 @@
+<!--
+	Mixed content:
+
+		- css from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Bourne To Code.com">
+
+	<target host="bournetocode.com" />
+	<target host="www.bournetocode.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bournemouth.gov.uk.xml b/src/chrome/content/rules/Bournemouth.gov.uk.xml
new file mode 100644
index 000000000000..cf3ec34c845b
--- /dev/null
+++ b/src/chrome/content/rules/Bournemouth.gov.uk.xml
@@ -0,0 +1,81 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://auth.bournemouth.gov.uk/ => https://auth.bournemouth.gov.uk/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://beachhuts.bournemouth.gov.uk/ => https://beachhuts.bournemouth.gov.uk/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://enrol.bournemouth.gov.uk/ => https://enrol.bournemouth.gov.uk/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://openaccess.bournemouth.gov.uk/ => https://openaccess.bournemouth.gov.uk/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://parking.bournemouth.gov.uk/ => https://parking.bournemouth.gov.uk/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://services.bournemouth.gov.uk/ => https://services.bournemouth.gov.uk/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://welfare.bournemouth.gov.uk/ => https://welfare.bournemouth.gov.uk/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.bournemouth.gov.uk/ => https://www.bournemouth.gov.uk/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://bournemouth.gov.uk/ => https://www.bournemouth.gov.uk/: (28, 'Connection timed out after 20000 milliseconds')
+
+	Bournemouth Borough Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *bournemouth.gov.uk:
+
+		- facts ᵈ
+		- handinhand ᵈ
+		- planning ʳ
+
+	ᵈ Dropped
+	ʳ Refused
+
+	^bournemouth.gov.uk: Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- auth.bournemouth.gov.uk
+		- beachhuts.bournemouth.gov.uk
+		- openaccess.bournemouth.gov.uk
+		- welfare.bournemouth.gov.uk
+		- www.bournemouth.gov.uk
+
+
+	Mixed content:
+
+		- Images on www from $self ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="Bournemouth.gov.uk (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="auth.bournemouth.gov.uk" />
+	<target host="beachhuts.bournemouth.gov.uk" />
+	<target host="enrol.bournemouth.gov.uk" />
+	<target host="openaccess.bournemouth.gov.uk" />
+	<target host="parking.bournemouth.gov.uk" />
+	<target host="services.bournemouth.gov.uk" />
+	<target host="welfare.bournemouth.gov.uk" />
+	<target host="www.bournemouth.gov.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="bournemouth.gov.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^auth\.bournemouth\.gov\.uk$" name="^__RequestVerificationToken" /-->
+	<!--securecookie host="^(?:beachhuts|www)\.bournemouth\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^(?:openaccess|welfare)\.bournemouth\.gov\.uk$" name="^(?:\w{16}|anon-session|session-id)$" /-->
+	<!--securecookie host="^www\.bournemouth\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://bournemouth\.gov\.uk/"
+		to="https://www.bournemouth.gov.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bout.lgbt.xml b/src/chrome/content/rules/Bout.lgbt.xml
new file mode 100644
index 000000000000..fd43e20acbc1
--- /dev/null
+++ b/src/chrome/content/rules/Bout.lgbt.xml
@@ -0,0 +1,17 @@
+<!--
+	Mismatched:
+		- deck (*.squarespace.com)
+		- dev (sni.dreamhost.com)
+
+	Self-signed:
+		- dev
+-->
+
+<ruleset name="Bout.lgbt">
+	<target host="bout.lgbt" />
+	<target host="www.bout.lgbt" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Bovpg.net.xml b/src/chrome/content/rules/Bovpg.net.xml
new file mode 100644
index 000000000000..848f90b2b8bd
--- /dev/null
+++ b/src/chrome/content/rules/Bovpg.net.xml
@@ -0,0 +1,18 @@
+<!--
+	www.bovpg.net doesn't exist.
+
+-->
+<ruleset name="bovpg.net">
+
+	<target host="bovpg.net" />
+	<target host="images1.bovpg.net" />
+	<target host="images2.bovpg.net" />
+	<target host="images3.bovpg.net" />
+	<target host="images4.bovpg.net" />
+	<target host="images5.bovpg.net" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Box-Look.org.xml b/src/chrome/content/rules/Box-Look.org.xml
new file mode 100644
index 000000000000..b98d79bca88c
--- /dev/null
+++ b/src/chrome/content/rules/Box-Look.org.xml
@@ -0,0 +1,12 @@
+<!--
+	For other openDesktop rules, see openDesktop.org.xml
+
+-->
+<ruleset name="Box-Look.org">
+
+	<target host="box-look.org" />
+	<target host="www.box-look.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Box.xml b/src/chrome/content/rules/Box.xml
index c0f67e9c3b11..842644bce8ab 100644
--- a/src/chrome/content/rules/Box.xml
+++ b/src/chrome/content/rules/Box.xml
@@ -1,35 +1,61 @@
 <!--
+
+	Other Box rulesets:
+
+		- Box_Cloud.com.xml
+
+
 	CDN buckets:
 
 		- boxemail.s3.amazonaws.com
 		- whatsnew.s3.amazonaws.com
+		- box.github.io
 
 
-	Fully covered domains:
-
-		- box.com subdomains:
+	Nonfunctional hosts in *box.com:
 
-			- (www.)
-			- blog
-			- developers.blog
-			- developers
-			- forum.developers	(→ getsatisfaction.com)
-			- *.files
-			- support
-			- *			(per-client subdomains)
+		- opensource *
 
-		- e[123].boxcdn.net
-		- s5.boxcdn.net
+	* Github
 
 -->
-<ruleset name="Box">
+<ruleset name="Box (partial)">
 
 	<target host="box.com" />
 	<target host="*.box.com" />
-	<target host="*.boxcdn.net" />
 
+		<exclusion pattern="^http://opensource\.box\.com/" />
+
+			<test url="http://opensource.box.com/" />
 
-	<securecookie host=".*\.box\.com$" name=".+" />
+	<target host="cdn01.boxcdn.net" />
+	<target host="cdn02.boxcdn.net" />
+	<target host="cdn03.boxcdn.net" />
+	<target host="cdn04.boxcdn.net" />
+	<target host="cdn05.boxcdn.net" />
+	<target host="cdn06.boxcdn.net" />
+	<target host="cdn07.boxcdn.net" />
+	<target host="e3.boxcdn.net" />
+
+		<test url="http://cloud.app.box.com/" />
+		<test url="http://blog.box.com/" />
+		<test url="http://developers.blog.box.com/" />
+		<test url="http://cloud.box.com/" />
+		<test url="http://community.box.com/" />
+		<test url="http://developers.box.com/" />
+		<test url="http://forum.developers.box.com/" />
+		<test url="http://success.box.com/" />
+		<test url="http://support.box.com/" />
+		<test url="http://uofi.box.com/" />
+		<test url="http://www.box.com/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.boxcdn\.net$" name="^(?:__cfduid|cf_clearance)$" /-->
+	<!--securecookie host="^community\.box\.com$" name="^Lithium(?:UserInfo|UserSecure|Visitor)$" /-->
+
+	<securecookie host=".+" name=".+" />
 
 
 	<!--	302s like so.
@@ -37,10 +63,7 @@
 	<rule from="^http://forum\.developers\.box\.com/"
 		to="https://getsatisfaction.com/" />
 
-	<rule from="^http://([\w\.-]+\.)?box\.com/"
-		to="https://$1box.com/" />
-
-	<rule from="^http://(e[123]|s5)\.boxcdn\.net/"
-		to="https://$1.boxcdn.net/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/BoxOffice.xml b/src/chrome/content/rules/BoxOffice.xml
index e6f27050a7cc..c5f630f6b0d9 100644
--- a/src/chrome/content/rules/BoxOffice.xml
+++ b/src/chrome/content/rules/BoxOffice.xml
@@ -14,7 +14,6 @@
 		<exclusion pattern="^http://(?:www\.)?boxoffice\.com/(?:$|\?|/)" />
 
 
-	<rule from="^http://(www\.)?boxoffice\.com/"
-		to="https://$1boxoffice.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/BoxUK.xml b/src/chrome/content/rules/BoxUK.xml
index 6fcff5b35b23..572dc0aac52e 100644
--- a/src/chrome/content/rules/BoxUK.xml
+++ b/src/chrome/content/rules/BoxUK.xml
@@ -2,7 +2,7 @@
   <target host="www.boxuk.com"/>
   <target host="boxuk.com"/>
 
-  <securecookie host="^(?:www\.)?boxuk\.com$" name=".*"/>
+  <securecookie host="^(?:www\.)?boxuk\.com$" name=".+" />
 
   <rule from="^http://(?:www\.)?boxuk\.com/" to="https://www.boxuk.com/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/Box_Cloud.com.xml b/src/chrome/content/rules/Box_Cloud.com.xml
new file mode 100644
index 000000000000..d7033337fc8b
--- /dev/null
+++ b/src/chrome/content/rules/Box_Cloud.com.xml
@@ -0,0 +1,15 @@
+<!--
+	For other Box coverage, see Box.xml.
+
+-->
+<ruleset name="Box Cloud.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="dl.boxcloud.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Boxcar.io.xml b/src/chrome/content/rules/Boxcar.io.xml
new file mode 100644
index 000000000000..c4a153abad0b
--- /dev/null
+++ b/src/chrome/content/rules/Boxcar.io.xml
@@ -0,0 +1,29 @@
+<!--
+	For other ProcessOne coverage, see Process-One.net.xml.
+
+
+	Nonfunctional subdomains:
+
+		- blog ¹
+		- developer ²
+
+	¹ Tumblr
+	² Redirects to www.process-one.net
+
+
+	Fully covered subdomains:
+
+		- (www.)?
+		- console
+
+-->
+<ruleset name="Boxcar.io (partial)">
+
+	<target host="boxcar.io" />
+	<target host="console.boxcar.io" />
+	<target host="www.boxcar.io" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BoxeeTV.xml b/src/chrome/content/rules/BoxeeTV.xml
index 4c99a2fd73f7..7cb0b7b3a288 100644
--- a/src/chrome/content/rules/BoxeeTV.xml
+++ b/src/chrome/content/rules/BoxeeTV.xml
@@ -1,14 +1,23 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://boxee.tv/ => https://boxee.tv/: (28, 'Connection timed out after 20008 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://boxee.tv/ => https://boxee.tv/: (7, 'Failed to connect to www.boxee.tv port 443: Connection refused')
 	Nonfunctional subdomains:
 
 		- jira	(http reply)
 		- my	(refused)
 
 -->
-<ruleset name="Boxee.tv (partial)">
+<ruleset name="Boxee.tv (partial)" default_off="failed ruleset test">
 
 	<target host="boxee.tv" />
-	<target host="*.boxee.tv" />
+	<target host="account.boxee.tv" />
+	<target host="app.boxee.tv" />
+	<target host="assets.boxee.tv" />
+	<target host="www.boxee.tv" />
 
 
 	<!--	Don't secure wildcard cookies, wrt:
@@ -18,7 +27,6 @@
 	<securecookie host="^(?:\w+\.)?boxee\.tv$" name=".+" />
 
 
-	<rule from="^http://((?:account|app|assets|www)\.)?boxee\.tv/"
-		to="https://$1boxee.tv/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Boxopus.com.xml b/src/chrome/content/rules/Boxopus.com.xml
new file mode 100644
index 000000000000..fed118cd6f6c
--- /dev/null
+++ b/src/chrome/content/rules/Boxopus.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="boxopus.com">
+
+	<target host="boxopus.com" />
+	<target host="www.boxopus.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Boxpn.com.xml b/src/chrome/content/rules/Boxpn.com.xml
new file mode 100644
index 000000000000..fe3aabc3bf9d
--- /dev/null
+++ b/src/chrome/content/rules/Boxpn.com.xml
@@ -0,0 +1,24 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.boxpn.com/ => https://www.boxpn.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.boxpn.com'")
+
+	Mixed content:
+
+		- Image from internetdefenseleague.org
+
+-->
+<ruleset name="Boxpn.com" default_off="failed ruleset test">
+
+	<target host="boxpn.com" />
+	<target host="www.boxpn.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<securecookie host="^(?:www)?\.boxpn\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Boxwood_Technology.xml b/src/chrome/content/rules/Boxwood_Technology.xml
index 8aeadc09e8d7..2517e0621d8a 100644
--- a/src/chrome/content/rules/Boxwood_Technology.xml
+++ b/src/chrome/content/rules/Boxwood_Technology.xml
@@ -1,13 +1,22 @@
-<ruleset name="Boxwood Technology">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://boxwoodtech.com/ => https://boxwoodtech.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.boxwoodtech.com/ => https://www.boxwoodtech.com/: (28, 'Connection timed out after 20000 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://boxwoodtech.com/ => https://boxwoodtech.com/: Cycle detected - URL already encountered: https://www.boxwoodtech.com/
+-->
+<ruleset name="Boxwood Technology" default_off="failed ruleset test">
 
 	<target host="boxwoodtech.com" />
-	<target host="*.boxwoodtech.com" />
+	<target host="secure.boxwoodtech.com" />
+	<target host="www.boxwoodtech.com" />
 
 
-	<securecookie host="^(?:.+\.)?boxwoodtech\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(secure\.|www\.)?boxwoodtech\.com/"
-		to="https://$1boxwoodtech.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Brabysads.com.xml b/src/chrome/content/rules/Brabysads.com.xml
index 1234514756be..f3153f820fd4 100644
--- a/src/chrome/content/rules/Brabysads.com.xml
+++ b/src/chrome/content/rules/Brabysads.com.xml
@@ -1,19 +1,21 @@
 <!--
-	Nonfunctional subdomains:
+	Nonfunctional hosts in *brabysads.com:
 
-		- ads	(shows www; mismatched, CN: brabysads.com)
+		- ads ʳ
+
+	ʳ Refused
 
 -->
-<ruleset name="Brabysads.com (partial)">
+<ruleset name="Brabysads.com (partial)" default_off="refused">
 
 	<target host="brabysads.com" />
 	<target host="www.brabysads.com" />
 
 
-	<securecookie host="^(?:www\.)?brabysads\.com$" name=".+" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^http://(www\.)?brabysads\.com/"
-		to="https://$1brabysads.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Bradford.gov.uk.xml b/src/chrome/content/rules/Bradford.gov.uk.xml
new file mode 100644
index 000000000000..d1ef2474d2e2
--- /dev/null
+++ b/src/chrome/content/rules/Bradford.gov.uk.xml
@@ -0,0 +1,83 @@
+<!--
+	City of Bradford Metropolitan District Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *bradford.gov.uk:
+
+		- councilminutes ⁴
+		- democracy ⁴
+
+	⁴ 404
+
+
+	Problematic hosts in *bradford.gov.uk:
+
+		- ^ *
+		- observatory ᵐ
+
+	* Redirects to bradmail.bradford.gov.uk
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- bradmail.bradford.gov.uk
+		- bso.bradford.gov.uk
+		- localoffer.bradford.gov.uk
+		- observatory.bradford.gov.uk
+		- www.bradford.gov.uk
+
+
+	Mixed content:
+
+		- Images, from:
+
+			- observatory.bradford.gov.uk ᵐ
+			- observatory.calderdale.gov.uk
+			- observatory.kirklees.gov.uk
+			- observatory.leeds.gov.uk ˢ
+			- observatory.wakefield.gov.uk
+
+	ᵐ Not secured by us <= mismatched
+	ˢ Secured by us
+
+-->
+<ruleset name="Bradford.gov.uk (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="bradmail.bradford.gov.uk" />
+	<target host="bso.bradford.gov.uk" />
+	<target host="localoffer.bradford.gov.uk" />
+	<target host="maps.bradford.gov.uk" />
+	<target host="myservice.bradford.gov.uk" />
+	<target host="oneonline.bradford.gov.uk" />
+	<target host="pcbooking.bradford.gov.uk" />
+	<target host="planning.bradford.gov.uk" />
+	<target host="www.bradford.gov.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="bradford.gov.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^bradmail\.bradford\.gov\.uk$" name="^cadata[\dA-F]{32}$" /-->
+	<!--securecookie host="^bso\.bradford\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^localoffer\.bradford\.gov\.uk$" name="^__AntiXsrfToken$" /-->
+	<!--securecookie host="^observatory\.bradford\.gov\.uk$" name="^(?:\.ASPXAUTH|ASP\.NET_SessionId|ias\.Locale|ias\.PreferredItemCount)$" /-->
+	<!--securecookie host="^www\.bradford\.gov\.uk$" name="^(?:[01]-sessionID|ASP\.NET_SessionId|ASPSESSIONID[A-Z]{8}|CurrentLayout)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://bradford\.gov\.uk/"
+		to="https://www.bradford.gov.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Brain_Decoder.com.xml b/src/chrome/content/rules/Brain_Decoder.com.xml
new file mode 100644
index 000000000000..f996eba7ac43
--- /dev/null
+++ b/src/chrome/content/rules/Brain_Decoder.com.xml
@@ -0,0 +1,22 @@
+<!--
+	^braindecoder.com: Mismatched
+
+-->
+<ruleset name="Brain Decoder.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.braindecoder.com" />
+
+	<!--	Complications:
+				-->
+	<target host="braindecoder.com" />
+
+
+	<rule from="^http://braindecoder\.com/"
+		to="https://www.braindecoder.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Brain_Pickings.com.xml b/src/chrome/content/rules/Brain_Pickings.com.xml
new file mode 100644
index 000000000000..6c8e75af885f
--- /dev/null
+++ b/src/chrome/content/rules/Brain_Pickings.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="Brain Pickings.org">
+
+	<target host="brainpickings.org" />
+	<target host="www.brainpickings.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Braincert.org.xml b/src/chrome/content/rules/Braincert.org.xml
index 59ab76801df8..03d6f8f97da9 100644
--- a/src/chrome/content/rules/Braincert.org.xml
+++ b/src/chrome/content/rules/Braincert.org.xml
@@ -1,13 +1,18 @@
-<ruleset name="braincert.org">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://braincert.org/ => https://braincert.org/: (51, "SSL: no alternative certificate subject name matches target host name 'braincert.org'")
+
+-->
+<ruleset name="braincert.org" default_off="failed ruleset test">
 
 	<target host="braincert.org" />
-	<target host="*.braincert.org" />
+	<target host="www.braincert.org" />
 
 
 	<securecookie host="^\.braincert\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?braincert\.org/"
-		to="https://$1braincert.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Brainshark.xml b/src/chrome/content/rules/Brainshark.xml
index 90338a5d9543..692916e0e229 100644
--- a/src/chrome/content/rules/Brainshark.xml
+++ b/src/chrome/content/rules/Brainshark.xml
@@ -11,12 +11,12 @@
 	<target host="brainshark.com"/>
 	<target host="www.brainshark.com"/>
 
-	<securecookie host="^(.*\.)?brainshark\.com$" name=".*"/>
+	<securecookie host=".+" name=".+"/>
 
-	<rule from="^https?://presentation.brainshark.com/company/contact_us\.(?:aspx|php)(?:$|\?.*)"
+	<rule from="^http://presentation\.brainshark\.com/company/contact_us\.(?:aspx|php)(?:$|\?.*)"
 		to="https://www.brainshark.com/contact-us" />
 
-	<rule from="^https?://presentation\.brainshark\.com/privacy_policy/privacy_policy\.(?:aspx|php)(?:$|\?.*)"
+	<rule from="^http://presentation\.brainshark\.com/privacy_policy/privacy_policy\.(?:aspx|php)(?:$|\?.*)"
 		to="https://www.brainshark.com/company/privacy-policy.aspx" />
 
 	<rule from="^http://(?:presentation\.|www\.)?brainshark\.com/"
diff --git a/src/chrome/content/rules/Brainsonic.xml b/src/chrome/content/rules/Brainsonic.xml
index 111dba8067ab..61d2a973d32e 100644
--- a/src/chrome/content/rules/Brainsonic.xml
+++ b/src/chrome/content/rules/Brainsonic.xml
@@ -19,7 +19,10 @@
 <ruleset name="Brainsonic (partial)">
 
 	<target host="brainsonic.com" />
-	<target host="*.brainsonic.com" />
+	<target host="www.brainsonic.com" />
+	<target host="live2.brainsonic.com" />
+	<target host="live-secure.brainsonic.com" />
+	<target host="francetv.motscroises.pad.brainsonic.com" />
 
 
 	<rule from="^http://(?:www\.)?brainsonic\.com/wp-content/"
@@ -28,4 +31,4 @@
 	<rule from="^http://(live2|live-secure|francetv\.motscroises\.pad)\.brainsonic\.com/"
 		to="https://$1.brainsonic.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Brainstorage.me.xml b/src/chrome/content/rules/Brainstorage.me.xml
new file mode 100644
index 000000000000..8dd01a339272
--- /dev/null
+++ b/src/chrome/content/rules/Brainstorage.me.xml
@@ -0,0 +1,25 @@
+<!--
+	For other TM coverage, see TMtm.ru.xml.
+
+
+	www: mismatched, CN: habrahabr.ru
+
+-->
+<ruleset name="Brainstorage.me (partial)">
+
+	<target host="brainstorage.me" />
+	<target host="www.brainstorage.me" />
+		<!--
+			Redirects to http:
+						-->
+		<!--exclusion pattern="^http://brainstorage\.me/+($|\?|(auth/tmid/login|users/sign_in)($|\?)|favicon\.ico)" /-->
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="^http://brainstorage\.me/+(?!assets/)" /-->
+
+
+	<rule from="^http://(?:www\.)?brainstorage\.me/(?=assets/)"
+		to="https://brainstorage.me/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Braintree.gov.uk.xml b/src/chrome/content/rules/Braintree.gov.uk.xml
new file mode 100644
index 000000000000..548255561dc1
--- /dev/null
+++ b/src/chrome/content/rules/Braintree.gov.uk.xml
@@ -0,0 +1,54 @@
+<!--
+	Braintree District Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *braintree.gov.uk:
+
+		- maps ᵈ
+		- planningapp ᵈ
+
+	ᵈ Dropped
+
+
+	^braintree.gov.uk: Mismatched
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- www.braintree.gov.uk
+		- .www.braintree.gov.uk
+
+
+	Mixed content:
+
+		- Image on www from $self
+
+-->
+<ruleset name="Braintree.gov.uk (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.braintree.gov.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="braintree.gov.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.braintree\.gov\.uk$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^\.www\.braintree\.gov\.uk$" name="^TestCookie$" /-->
+
+	<securecookie host="^(?!\.braintree\.gov\.uk$)." name=".+" />
+
+
+	<rule from="^http://braintree\.gov\.uk/"
+		to="https://www.braintree.gov.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Braintreegateway.com.xml b/src/chrome/content/rules/Braintreegateway.com.xml
deleted file mode 100644
index b5ce5c87fcee..000000000000
--- a/src/chrome/content/rules/Braintreegateway.com.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!-- This rule was automatically generated based on an HSTS
-     preload rule in the Chromium browser.  See
-     https://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.h
-     for the list of preloads.  Sites are added to the Chromium HSTS
-     preload list on request from their administrators, so HTTPS should
-     work properly everywhere on this site.
-
-     Because Chromium and derived browsers automatically force HTTPS for
-     every access to this site, this rule applies only to Firefox. -->
-<ruleset name="Braintreegateway.com" platform="firefox">
-<target host="braintreegateway.com" />
-
-<securecookie host="^braintreegateway\.com$" name=".+" />
-
-<rule from="^http://braintreegateway\.com/" to="https://braintreegateway.com/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Braintreepayments.com.xml b/src/chrome/content/rules/Braintreepayments.com.xml
index 8e87f6397731..83d500b24017 100644
--- a/src/chrome/content/rules/Braintreepayments.com.xml
+++ b/src/chrome/content/rules/Braintreepayments.com.xml
@@ -1,19 +1,27 @@
-<!-- This rule was automatically generated based on an HSTS
-     preload rule in the Chromium browser.  See
-     https://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.h
-     for the list of preloads.  Sites are added to the Chromium HSTS
-     preload list on request from their administrators, so HTTPS should
-     work properly everywhere on this site.
+<!--
+	For other PayPal coverage, see PayPal.xml.
 
-     Because Chromium and derived browsers automatically force HTTPS for
-     every access to this site, this rule applies only to Firefox. -->
-<ruleset name="Braintreepayments.com" platform="firefox">
-<target host="braintreepayments.com" />
-<target host="www.braintreepayments.com" />
+	No response:
+		- asciiarcade.braintreepayments.com
 
-<securecookie host="^braintreepayments\.com$" name=".+" />
-<securecookie host="^www\.braintreepayments\.com$" name=".+" />
+	Insecure cookies are set for these hosts:
 
-<rule from="^http://braintreepayments\.com/" to="https://braintreepayments.com/" />
-<rule from="^http://www\.braintreepayments\.com/" to="https://www.braintreepayments.com/" />
+		- signups.braintreepayments.com
+-->
+<ruleset name="Braintreepayments.com">
+	<target host="braintreepayments.com" />
+	<target host="www.braintreepayments.com" />
+	<target host="articles.braintreepayments.com" />
+	<target host="developers.braintreepayments.com" />
+	<target host="signups.braintreepayments.com" />
+	<target host="status.braintreepayments.com" />
+	<target host="support.braintreepayments.com" />
+	<target host="braintreepaymentsolutions.com" />
+	<target host="www.braintreepaymentsolutions.com" />
+
+	<!--	Not secured by server: -->
+	<securecookie host="^(?:(?:developers|signups|www)\.)?braintreepayments\.com$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/BrainyQuote.com.xml b/src/chrome/content/rules/BrainyQuote.com.xml
new file mode 100644
index 000000000000..de03632cdd1b
--- /dev/null
+++ b/src/chrome/content/rules/BrainyQuote.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Invalid certificate:
+		ads.brainyquote.com
+		mdev.brainyquote.com
+
+	Different content http/https:
+		dev.brainyquote.com
+
+-->
+<ruleset name="BrainyQuote.com">
+
+	<target host="brainyquote.com" />
+	<target host="www.brainyquote.com" />
+	<target host="i.brainyquote.com" />
+		<test url="http://i.brainyquote.com/st/img/2204012/splash/20.jpg" />
+	<target host="images.brainyquote.com" />
+	<target host="m.brainyquote.com" />
+	<target host="mobile.brainyquote.com" />
+	<target host="ranking.brainyquote.com" />
+	<target host="shop.brainyquote.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Brak.de.xml b/src/chrome/content/rules/Brak.de.xml
new file mode 100644
index 000000000000..431aa1b9c1d0
--- /dev/null
+++ b/src/chrome/content/rules/Brak.de.xml
@@ -0,0 +1,21 @@
+<!--
+	This domain contains a wildcard DNS record.
+-->
+<ruleset name="Brak.de">
+
+	<target host="brak.de" />
+	<target host="www.brak.de" />
+	<target host="bea.brak.de" />
+	<target host="bilder.brak.de" />
+	<target host="mail.brak.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<!-- Content mismatch on https://brak.de/,
+	http://brak.de/ redirects to http://www.brak.de/ -->
+	<rule from="^http://brak\.de/"
+		to="https://www.brak.de/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Branch.xml b/src/chrome/content/rules/Branch.xml
index e2ce8519e191..398c77a3ddab 100644
--- a/src/chrome/content/rules/Branch.xml
+++ b/src/chrome/content/rules/Branch.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://branch.com/ => https://secure.branch.com/: (6, 'Could not resolve host: secure.branch.com')
+
 	CDN buckets:
 
 		- d3sipcemvmkij2.cloudfront.net
@@ -13,19 +17,21 @@
 		- www		(mismatched, CN: *.herokuapp.com)
 
 -->
-<ruleset name="Branch">
+<ruleset name="Branch" default_off="failed ruleset test">
 
 	<target host="branch.com" />
-	<target host="*.branch.com" />
+	<target host="secure.branch.com" />
+	<target host="www.branch.com" />
+	<target host="static.branch.com" />
 
 
 	<securecookie host="^\.branch\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:secure\.|www\.)?branch\.com/"
+	<rule from="^http://(?:secure\.|www\.)?branch\.com/"
 		to="https://secure.branch.com/" />
 
-	<rule from="^https?://static\.branch\.com/"
+	<rule from="^http://static\.branch\.com/"
 		to="https://d3sipcemvmkij2.cloudfront.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Branchable.com.xml b/src/chrome/content/rules/Branchable.com.xml
index 3a04b1b07790..669af342bb58 100644
--- a/src/chrome/content/rules/Branchable.com.xml
+++ b/src/chrome/content/rules/Branchable.com.xml
@@ -7,6 +7,10 @@
 	<target host="branchable.com" />
 	<target host="*.branchable.com" />
 
+		<test url="http://etckeeper.branchable.com/" />
+		<test url="http://git-annex.branchable.com/" />
+		<test url="http://propellor.branchable.com/" />
+
 
 	<securecookie host=".+\.branchable\.com$" name=".+" />
 
@@ -14,4 +18,4 @@
 	<rule from="^http://([\w-]+\.)?branchable\.com/"
 		to="https://$1branchable.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Brand-server.com.xml b/src/chrome/content/rules/Brand-server.com.xml
deleted file mode 100644
index 3722f0648298..000000000000
--- a/src/chrome/content/rules/Brand-server.com.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	Web bugs.
-
--->
-<ruleset name="brand-server.com">
-
-	<target host="t.brand-server.com" />
-
-
-	<securecookie host="^t\.brand-server\.com$" name=".+" />
-
-
-	<rule from="^http://t\.brand-server\.com/"
-		to="https://t.brand-server.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Brand_Embassy.xml b/src/chrome/content/rules/Brand_Embassy.xml
index 736c611d8a6b..ed8d0cc28cd6 100644
--- a/src/chrome/content/rules/Brand_Embassy.xml
+++ b/src/chrome/content/rules/Brand_Embassy.xml
@@ -7,13 +7,12 @@
 -->
 <ruleset name="Brand Embassy (partial)">
 
-	<target host="*.brandembassy.com" />
+	<target host="engager.brandembassy.com" />
 
 
 	<securecookie host="^(?:engager|ui)\.brandembassy\.com$" name=".+" />
 
 
-	<rule from="^http://(engager|ui)\.brandembassy\.com/"
-		to="https://$1.brandembassy.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Brand_New_Booty.xml b/src/chrome/content/rules/Brand_New_Booty.xml
deleted file mode 100644
index 915905fc67d1..000000000000
--- a/src/chrome/content/rules/Brand_New_Booty.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Brand New Booty">
-
-	<target host="brandnewbooty.com" />
-	<target host="*.brandnewbooty.com" />
-
-
-	<securecookie host="^(?:www)?\.brandnewbooty\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?brandnewbooty\.com/"
-		to="https://$1brandnewbooty.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Brand_Spanking_New.xml b/src/chrome/content/rules/Brand_Spanking_New.xml
index 5960f8095c19..65d9c32f6a44 100644
--- a/src/chrome/content/rules/Brand_Spanking_New.xml
+++ b/src/chrome/content/rules/Brand_Spanking_New.xml
@@ -1,10 +1,10 @@
-<ruleset name="Brand Spanking New" default_off="mismatch">
+<ruleset name="Brand Spanking New" default_off="mismatched">
 
 	<target host="brandspankingnew.net" />
 	<target host="www.brandspankingnew.net" />
 
 
-	<rule from="^https?://(?:www\.)?brandspankingnew\.net/"
+	<rule from="^http://(?:www\.)?brandspankingnew\.net/"
 		to="https://brandspankingnew.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Brandensittich.de.xml b/src/chrome/content/rules/Brandensittich.de.xml
new file mode 100644
index 000000000000..53ae50a069a4
--- /dev/null
+++ b/src/chrome/content/rules/Brandensittich.de.xml
@@ -0,0 +1,18 @@
+<!--
+	Fully covered hosts:
+
+		- (www.)?
+
+-->
+<ruleset name="Brandensittich.de">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="brandensittich.de" />
+	<target host="www.brandensittich.de" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Brandify.xml b/src/chrome/content/rules/Brandify.xml
index 3705f4ff25b6..cc1f20c17488 100644
--- a/src/chrome/content/rules/Brandify.xml
+++ b/src/chrome/content/rules/Brandify.xml
@@ -1,15 +1,20 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://secure.brandify.com.au/ => https://secure.brandify.com.au/: (51, "SSL: no alternative certificate subject name matches target host name 'secure.brandify.com.au'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://secure.brandify.com.au/ => https://secure.brandify.com.au/: (51, "SSL: no alternative certificate subject name matches target host name 'secure.brandify.com.au'")
 	Nonfunctional subdomains:
 
 		- (www.)	(shows secure; mismatched, CN: secure.brandify.com.au)
 
 -->
-<ruleset name="Brandify (partial)">
+<ruleset name="Brandify (partial)" default_off="failed ruleset test">
 
 	<target host="secure.brandify.com.au" />
 
 
-	<rule from="^http://secure\.brandify\.com\.au/"
-		to="https://secure.brandify.com.au/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Brandisty.com.xml b/src/chrome/content/rules/Brandisty.com.xml
new file mode 100644
index 000000000000..5f6f2fa1f689
--- /dev/null
+++ b/src/chrome/content/rules/Brandisty.com.xml
@@ -0,0 +1,40 @@
+<!--
+	Nonfunctional hosts in *brandisty.com:
+
+		- blog *
+
+	* Refused
+
+
+	Fully covered hosts in *brandisty.com:
+
+		- (www.)?
+		- cdn
+
+
+	Insecure cookies are set for these hosts:
+
+		- brandisty.com
+		- www.brandisty.com
+
+-->
+<ruleset name="Brandisty.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="brandisty.com" />
+	<target host="cdn.brandisty.com" />
+	<target host="www.brandisty.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?brandisty\.com$" name="^sessId$" /-->
+
+	<securecookie host="^(?:www\.)?brandisty\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Brandl-Services.xml b/src/chrome/content/rules/Brandl-Services.xml
new file mode 100644
index 000000000000..af529862ebc1
--- /dev/null
+++ b/src/chrome/content/rules/Brandl-Services.xml
@@ -0,0 +1,26 @@
+<!--	Timout:
+			- fra
+			- ns1
+			- nyc
+
+		Refused:
+			- ookla
+
+		Incomplete certificate chain:
+			- acs
+			- owa
+
+		Certificate mismatch:
+			- stein2
+-->
+<ruleset name="Brandl-Services">
+
+	<target host="customers.brandl-services.com" />
+	<target host="oss-in.brandl-services.com" />
+	<target host="piwik.brandl-services.com" />
+	<target host="www.brandl-services.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Brands.xml b/src/chrome/content/rules/Brands.xml
new file mode 100644
index 000000000000..7a74f71498c7
--- /dev/null
+++ b/src/chrome/content/rules/Brands.xml
@@ -0,0 +1,15 @@
+<ruleset name="Brands.com.tw">
+
+	<target host="mall.brands.com.tw" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^mall\.brands\.com\.tw$" name="^(WSESSIONID|s|vary)$" /-->
+
+	<securecookie host="^mall\.brands\.com\.tw$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Branson_Zipline.xml b/src/chrome/content/rules/Branson_Zipline.xml
deleted file mode 100644
index e74b61b05f20..000000000000
--- a/src/chrome/content/rules/Branson_Zipline.xml
+++ /dev/null
@@ -1,30 +0,0 @@
-<!--
-	Problematic domains:
-
-		- css.bzimages.com *
-		- img.bzimages.com *
-
-	* Works, mismatched, CN: secure.vacationsmadeeasy.com
-
-
-	Some pages redirect to http.
-
--->
-<ruleset name="Branson Zipline (partial)">
-
-	<target host="bransonzipline.com" />
-	<target host="*.bransonzipline.com" />
-		<exclusion pattern="^http://(?:www\.)?bransonzipline\.com/(?!public/)" />
-	<target host="img.bzimages.com" />
-
-
-	<securecookie host="^secure\.bransonzipline\.com$" name=".+" />
-
-
-	<rule from="^http://(secure\.|www\.)?bransonzipline\.com/"
-		to="https://$1bransonzipline.com/" />
-
-	<rule from="^http://(?:css|img)\.bzimages\.com/"
-		to="https://www.bransonzipline.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Brasil_24-7.xml b/src/chrome/content/rules/Brasil_24-7.xml
index b86c381d27be..6542fa49e187 100644
--- a/src/chrome/content/rules/Brasil_24-7.xml
+++ b/src/chrome/content/rules/Brasil_24-7.xml
@@ -1,13 +1,13 @@
 <ruleset name="Brasil 24/7">
 
 	<target host="brasil247.com" />
-	<target host="*.brasil247.com" />
+	<target host="publicidade.brasil247.com" />
+	<target host="www.brasil247.com" />
 
 
 	<securecookie host=".*\.brasil247\.com$" name=".+" />
 
 
-	<rule from="^http://(publicidade\.|www\.)?brasil247\.com/"
-		to="https://$1brasil247.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Braunschweig.xml b/src/chrome/content/rules/Braunschweig.xml
index f82c65c2e98e..282dc4d523c8 100644
--- a/src/chrome/content/rules/Braunschweig.xml
+++ b/src/chrome/content/rules/Braunschweig.xml
@@ -2,5 +2,5 @@
   <target host="www.braunschweig.de" />
   <target host="braunschweig.de" />
 
-  <rule from="^http://(?:www\.)?braunschweig\.de/" to="https://www.braunschweig.de/"/>
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Brave-Media.xml b/src/chrome/content/rules/Brave-Media.xml
index 3dd6aa9a55c4..52826d03657c 100644
--- a/src/chrome/content/rules/Brave-Media.xml
+++ b/src/chrome/content/rules/Brave-Media.xml
@@ -1,15 +1,18 @@
 <!--
-	Nonfunctional: 
+	Nonfunctional:
 
 		- printingchoice.com
 			- (printingchoice.)bravemedia.org/~bravemed/printingchoice/ redirects to printingchoice.com
 
 -->
-<ruleset name="Brave Media" default_off="mismatch">
+<ruleset name="Brave Media" default_off="mismatched">
 
 	<!--	Cert: *.hostmonster.com	-->
 	<target host="bravemedia.org" />
-	<target host="*.bravemedia.org" />
+	<target host="www.bravemedia.org" />
+	<target host="dinosr.bravemedia.org" />
+	<target host="keanu.bravemedia.org" />
+	<target host="scordit.bravemedia.org" />
 	<target host="dino.sr" />
 	<target host="www.dino.sr" />
 	<target host="kea.nu" />
@@ -18,19 +21,19 @@
 	<target host="www.scordit.com" />
 
 
-	<securecookie host="^(.*\.)?bravemedia\.org$" name=".*" />
+	<securecookie host="^(?:.*\.)?bravemedia\.org$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?bravemedia\.org/(?:~bravemed/)?"
+	<rule from="^http://(?:www\.)?bravemedia\.org/(?:~bravemed/)?"
 		to="https://bravemedia.org/~bravemed/" />
 
-	<rule from="^https?://(?:(?:www\.)?dino\.sr/|dinosr.bravemedia.org/(?:~bravemed/dinosr/)?)"
+	<rule from="^http://(?:(?:www\.)?dino\.sr/|dinosr\.bravemedia\.org/(?:~bravemed/dinosr/)?)"
 		to="https://bravemedia.org/~bravemed/dinosr/" />
 
-	<rule from="^https?://(?:(?:www\.)?kea\.nu/|keanu\.bravemedia\.org/(?:~bravemed/keanu/)?)"
+	<rule from="^http://(?:(?:www\.)?kea\.nu/|keanu\.bravemedia\.org/(?:~bravemed/keanu/)?)"
 		to="https://bravemedia.org/~bravemed/keanu/" />
 
-	<rule from="^https?://(?:(?:www\.)?scordit\.com/|scordit\.bravemedia\.org/(?:~bravemed/scordit/)?)"
+	<rule from="^http://(?:(?:www\.)?scordit\.com/|scordit\.bravemedia\.org/(?:~bravemed/scordit/)?)"
 		to="https://bravemedia.org/~bravemed/scordit/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Bravely_Onward.com.xml b/src/chrome/content/rules/Bravely_Onward.com.xml
new file mode 100644
index 000000000000..cfd558938810
--- /dev/null
+++ b/src/chrome/content/rules/Bravely_Onward.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="Bravely Onward.com">
+
+	<target host="bravelyonward.com" />
+	<target host="www.bravelyonward.com" />
+
+
+	<securecookie host="^\.bravelyonward\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bravenet_Media.xml b/src/chrome/content/rules/Bravenet_Media.xml
index a12a52b8b067..91b53cb2f65f 100644
--- a/src/chrome/content/rules/Bravenet_Media.xml
+++ b/src/chrome/content/rules/Bravenet_Media.xml
@@ -1,4 +1,10 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://redvase.bravenet.com/ => https://redvase.bravenet.com/: (7, 'Failed to connect to redvase.bravenet.com port 443: Connection timed out')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://redvase.bravenet.com/ => https://redvase.bravenet.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 	Nonfunctional domains:
 
 		- (www.)bravenet.com *
@@ -15,7 +21,7 @@
 		- www.bravenetmedia.com
 
 -->
-<ruleset name="Bravenet Media (partial)">
+<ruleset name="Bravenet Media (partial)" default_off="failed ruleset test">
 
 	<target host="redvase.bravenet.com" />
 
@@ -23,7 +29,6 @@
 	<securecookie host="^redvase\.bravenet\.com$" name=".+" />
 
 
-	<rule from="^http://redvase\.bravenet\.com/"
-		to="https://redvase.bravenet.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/BreNet-mismatches.xml b/src/chrome/content/rules/BreNet-mismatches.xml
index 80d871c34783..5f7c16289358 100644
--- a/src/chrome/content/rules/BreNet-mismatches.xml
+++ b/src/chrome/content/rules/BreNet-mismatches.xml
@@ -13,7 +13,6 @@
 	<!--	Cookies are handled in the main ruleset.	-->
 
 
-	<rule from="^http://(vz46|webmail)\.brenet\.de/"
-		to="https://$1.brenet.de/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/BreNet.xml b/src/chrome/content/rules/BreNet.xml
index deb94503c908..d759d4b08ba8 100644
--- a/src/chrome/content/rules/BreNet.xml
+++ b/src/chrome/content/rules/BreNet.xml
@@ -1,4 +1,6 @@
 <!--
+Automatically by https-everywhere-checker because:
+Fetch error: http://brenet.de/ => https://brenet.de/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 	For problematic rules, see BreNet-mismatches.xml.
 
 
@@ -10,18 +12,16 @@
 <ruleset name="BreNet (partial)">
 
 	<target host="brenet.de" />
-	<target host="*.brenet.de" />
+	<target host="www.brenet.de" />
 	<!--	* for cross-domain cookies.  This won't break
 		webmail if it's used over http, and in the case
 		that https is used and that ruleset is off, it'll
 		encrypt cookies anyway, which would be a good thing.	-->
-	<target host="*.webmail.brenet.de" />
 
 
-	<securecookie host="^(.*\.)?brenet\.de$" name=".*" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(www\.)?brenet\.de(:8443)?/"
-		to="https://$1brenet.de$2/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Break.com.xml b/src/chrome/content/rules/Break.com.xml
deleted file mode 100644
index 33fbdb0e57c9..000000000000
--- a/src/chrome/content/rules/Break.com.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="break.com">
-
-	<target host="media1.break.com" />
-
-
-	<rule from="^http://media1\.break\.com/"
-		to="https://media1.break.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Breakfast-Quay.xml b/src/chrome/content/rules/Breakfast-Quay.xml
index fc5858d3eb81..4c456f740242 100644
--- a/src/chrome/content/rules/Breakfast-Quay.xml
+++ b/src/chrome/content/rules/Breakfast-Quay.xml
@@ -1,10 +1,17 @@
-<ruleset name="Breakfast Quay (partial)">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://code.breakfastquay.com/ => https://code.breakfastquay.com/: (7, 'Failed to connect to code.breakfastquay.com port 443: Connection refused')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://code.breakfastquay.com/ => https://code.breakfastquay.com/: (7, 'Failed to connect to code.breakfastquay.com port 443: Connection refused')
+-->
+<ruleset name="Breakfast Quay (partial)" default_off="failed ruleset test">
 
 	<target host="code.breakfastquay.com"/>
 
-	<rule from="^http://code\.breakfastquay\.com/"
-		to="https://code.breakfastquay.com/"/>
+	<rule from="^http:" to="https:" />
 
-	<securecookie host="^code\.breakfastquay\.com$" name=".*"/>
+	<securecookie host="^code\.breakfastquay\.com$" name=".+" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/BreakoutBand.com.xml b/src/chrome/content/rules/BreakoutBand.com.xml
index edea0d8eb8d1..b9348f7e89a3 100644
--- a/src/chrome/content/rules/BreakoutBand.com.xml
+++ b/src/chrome/content/rules/BreakoutBand.com.xml
@@ -1,4 +1,14 @@
-<ruleset name="BreakoutBand.com">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://breakoutband.com/ => https://breakoutband.com/: (51, "SSL: no alternative certificate subject name matches target host name 'breakoutband.com'")
+Fetch error: http://www.breakoutband.com/ => https://www.breakoutband.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.breakoutband.com'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://breakoutband.com/ => https://breakoutband.com/: (28, 'Connection timed out after 10001 milliseconds')
+Fetch error: http://www.breakoutband.com/ => https://www.breakoutband.com/: (28, 'Connection timed out after 10000 milliseconds')
+-->
+<ruleset name="BreakoutBand.com" default_off="failed ruleset test">
 
 	<target host="breakoutband.com" />
 	<target host="www.breakoutband.com" />
@@ -7,7 +17,6 @@
 	<securecookie host="^www\.breakoutband\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?breakoutband\.com/"
-		to="https://$1breakoutband.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Breathe.com.xml b/src/chrome/content/rules/Breathe.com.xml
new file mode 100644
index 000000000000..4af2d490c7a0
--- /dev/null
+++ b/src/chrome/content/rules/Breathe.com.xml
@@ -0,0 +1,14 @@
+<!--
+	Secure connection failed:
+		breathe.com
+		www.breathe.com
+		users.breathe.com
+
+-->
+<ruleset name="Breathe.com (partial)">
+
+	<target host="webmail.breathe.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Breitbandmessung.de.xml b/src/chrome/content/rules/Breitbandmessung.de.xml
new file mode 100644
index 000000000000..64674433797b
--- /dev/null
+++ b/src/chrome/content/rules/Breitbandmessung.de.xml
@@ -0,0 +1,35 @@
+<!--
+		Invalid certificate:
+			adressewww.breitbandmessung.de
+		Refused:
+			drsf.breitbandmessung.de
+			drsfrtt.breitbandmessung.de
+			drsfv4.breitbandmessung.de
+		Timeout:
+			drsm.breitbandmessung.de
+-->
+<ruleset name="Breitbandmessung.de">
+
+	<!--
+		Exclude the listed URLs, as they need to establish an unsecured WebSocket Connection which would result in Mixed Active Content on HTTPS
+	-->
+
+	<exclusion pattern="^http://breitbandmessung.de/(test|images|api|public)(/)?" />
+
+	<test url="http://breitbandmessung.de/test" />
+	<test url="http://breitbandmessung.de/test/" />
+	<test url="http://breitbandmessung.de/images" />
+	<test url="http://breitbandmessung.de/images/" />
+	<test url="http://breitbandmessung.de/api" />
+	<test url="http://breitbandmessung.de/api/" />
+	<test url="http://breitbandmessung.de/public" />
+	<test url="http://breitbandmessung.de/public/" />
+
+	<target host="breitbandmessung.de" />
+	<target host="www.breitbandmessung.de" />
+	<target host="dbs.breitbandmessung.de" />
+	<target host="gis.breitbandmessung.de" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Bremer-Bank.xml b/src/chrome/content/rules/Bremer-Bank.xml
index b927440d97a7..ab4efc51ed03 100644
--- a/src/chrome/content/rules/Bremer-Bank.xml
+++ b/src/chrome/content/rules/Bremer-Bank.xml
@@ -1,22 +1,17 @@
-<ruleset name="Bremer Bank">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://rdc.bremer.com/ => https://rdc.bremer.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+-->
+<ruleset name="Bremer Bank" default_off="failed ruleset test">
 	<target host="bremer.com" />
 	<target host="careers.bremer.com" />
-	<target host="each.bremer.com" />
-	<target host="ebank.bremer.com" />
-	<target host="mortgageapplication.bremer.com" />
-	<target host="ob.bremer.com" />
-	<target host="obfb.bremer.com" />
 	<target host="rdc.bremer.com" />
-	<target host="rdpass.bremer.com" />
 	<target host="www.bremer.com" />
 
-	<securecookie host="^(careers|each|mortgageapplication|ob|obfb|rdc|rdpass|www)\.bremer\.com$"
-		name=".+" />
+	<securecookie host="^(?:careers|rdc|www)\.bremer\.com$" name=".+" />
 
-	<rule from="^(http://(www\.)?|https://)bremer\.com/"
-		to="https://www.bremer.com/" />
-	<rule from="^http://(careers|each|mortgageapplication|ob|obfb|rdc|rdpass)\.bremer\.com/"
-		to="https://$1.bremer.com/" />
-	<rule from="^https?://ebank\.bremer\.com/(.*)"
-		to="https://ob.bremer.com/" />
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Brendan_Eich.xml b/src/chrome/content/rules/Brendan_Eich.xml
index dfe7a0b7a1e2..7902eb33eaa9 100644
--- a/src/chrome/content/rules/Brendan_Eich.xml
+++ b/src/chrome/content/rules/Brendan_Eich.xml
@@ -1,10 +1,24 @@
-<ruleset name="Brendan Eich">
+<!--
+	Insecure cookies are set for these hosts:
+
+		- brendaneich.com
+		- www.brendaneich.com
+
+-->
+<ruleset name="Brendan Eich.com">
 
 	<target host="brendaneich.com" />
 	<target host="www.brendaneich.com" />
 
 
-	<rule from="^http://(www\.)?brendaneich\.com/"
-		to="https://$1brendaneich.com/" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?brendaneich\.com$" name="^X-Mapping-fjhppofk$" /-->
+
+	<securecookie host="^(?:www\.)?brendaneich\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Brennan_Center.org.xml b/src/chrome/content/rules/Brennan_Center.org.xml
new file mode 100644
index 000000000000..34b1fee1b1e3
--- /dev/null
+++ b/src/chrome/content/rules/Brennan_Center.org.xml
@@ -0,0 +1,9 @@
+<ruleset name="Brennan Center.org">
+
+	<target host="brennancenter.org" />
+	<target host="www.brennancenter.org" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Brent.gov.uk.xml b/src/chrome/content/rules/Brent.gov.uk.xml
new file mode 100644
index 000000000000..8201a7e5b342
--- /dev/null
+++ b/src/chrome/content/rules/Brent.gov.uk.xml
@@ -0,0 +1,93 @@
+<!--
+	Brent Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *brent.gov.uk:
+
+		- brookings ᵈ
+		- server2 ᵃ
+
+	ᵃ Shows another domain
+	ᵈ Dropped
+
+
+	Problematic hosts in *brent.gov.uk:
+
+		- archive * ᵐ
+
+	* Seems identical to www.brent.gov.uk
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- democracy.brent.gov.uk
+		- pcbooking.brent.gov.uk
+
+
+	Mixed content:
+
+		- Bug on (www.)? from www.browsealoud.com ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="Brent.gov.uk (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="brent.gov.uk" />
+	<target host="children.brent.gov.uk" />
+	<target host="democracy.brent.gov.uk" />
+	<target host="forms.brent.gov.uk" />
+	<target host="intelligence.brent.gov.uk" />
+	<target host="local.brent.gov.uk" />
+	<target host="pcbooking.brent.gov.uk" />
+	<target host="sharenet.brent.gov.uk" />
+	<target host="www.brent.gov.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="archive.brent.gov.uk" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://democracy\.brent\.gov\.uk/(?:mgPasswordReqst|uuCoverPage)\.aspx" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://democracy\.brent\.gov\.uk/+(?!(?:ieLogon|ieRegisterUser|mgRegisterKeywordInterest)\.aspx|sitespecific/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://democracy.brent.gov.uk/Default.aspx" />
+			<test url="http://democracy.brent.gov.uk/mgCalendarMonthView.aspx" />
+			<test url="http://democracy.brent.gov.uk/mgPasswordReqst.aspx" />
+			<test url="http://democracy.brent.gov.uk/mgUserAttendanceSummary.aspx" />
+			<test url="http://democracy.brent.gov.uk/uuCoverPage.aspx?bcr=1" />
+
+			<!--	-ve:
+					-->
+			<test url="http://democracy.brent.gov.uk/ieLogon.aspx" />
+			<test url="http://democracy.brent.gov.uk/ieRegisterUser.aspx" />
+			<test url="http://democracy.brent.gov.uk/mgRegisterKeywordInterest.aspx?bcr=1" />
+			<test url="http://democracy.brent.gov.uk/sitespecific/ssWordStyles.css" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:democracy|pcbooking)\.brent\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^\." name="^_gat$" />
+	<securecookie host="^(?!democracy\.)\w" name=".+" />
+
+
+	<rule from="^http://archive\.brent\.gov\.uk/"
+		to="https://www.brent.gov.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bretagne-web.eu.xml b/src/chrome/content/rules/Bretagne-web.eu.xml
deleted file mode 100644
index d4e14d29961a..000000000000
--- a/src/chrome/content/rules/Bretagne-web.eu.xml
+++ /dev/null
@@ -1,31 +0,0 @@
-<!--
-	CN: ssl2.ovh.net
-
-
-	Mixed content:
-
-		- Web bugs, on ^ from:
-
-			- (www.) *
-			- pagerank.danslemonde.net **
-			- www.echange-de-banniere.net
-			- e1.extreme-dm.com **
-			- t1.extreme-dm.com *
-
-	* Secured by us
-	** Unsecurable
-
--->
-<ruleset name="Bretagne-web.eu" default_off="mismatched">
-
-	<target host="bretagne-web.eu" />
-	<target host="www.bretagne-web.eu" />
-
-
-	<securecookie host="^bretagne-web\.eu$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?bretagne-web\.eu/"
-		to="https://bretagne-web.eu/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Breuninger.xml b/src/chrome/content/rules/Breuninger.xml
index 405767934954..109d593e6686 100644
--- a/src/chrome/content/rules/Breuninger.xml
+++ b/src/chrome/content/rules/Breuninger.xml
@@ -9,7 +9,7 @@
 	<target host="www.breuninger.com" />
 
 
-	<rule from="^https?://(?:www\.)?breuninger.com/(_css/|_media/|e/|(?:login|register)Page\.cmd|medias/)"
+	<rule from="^http://(?:www\.)?breuninger\.com/(_css/|_media/|e/|(?:login|register)Page\.cmd|medias/)"
 		to="https://www.breuninger.com/$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Brevado.xml b/src/chrome/content/rules/Brevado.xml
deleted file mode 100644
index 98e86898c434..000000000000
--- a/src/chrome/content/rules/Brevado.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="brevado">
-
-	<target host="brevado.com" />
-	<target host="*.brevado.com" />
-
-
-	<securecookie host="^\.brevado\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?brevado\.com/"
-		to="https://$1brevado.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Brew-Your-Own.xml b/src/chrome/content/rules/Brew-Your-Own.xml
deleted file mode 100644
index 164048878f35..000000000000
--- a/src/chrome/content/rules/Brew-Your-Own.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<ruleset name="Brew Your Own" platform="mixedcontent">
-
-	<target host="byo.com"/>
-	<target host="www.byo.com"/>
-
-	<securecookie host="^(www\.)?byo\.com$" name=".*"/>
-
-	<rule from="^http://(www\.)?byo\.com/"
-		to="https://$1byo.com/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Brian_Clifton.com.xml b/src/chrome/content/rules/Brian_Clifton.com.xml
new file mode 100644
index 000000000000..76ebe9bc752c
--- /dev/null
+++ b/src/chrome/content/rules/Brian_Clifton.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="Brian Clifton.com">
+
+	<target host="brianclifton.com" />
+	<target host="www.brianclifton.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Brian_Smith.org.xml b/src/chrome/content/rules/Brian_Smith.org.xml
deleted file mode 100644
index 9d423bcdc1fe..000000000000
--- a/src/chrome/content/rules/Brian_Smith.org.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<ruleset name="Brian Smith.org">
-
-	<target host="briansmith.org" />
-	<target host="*.briansmith.org" />
-
-
-	<securecookie host="^\.briansmith\.org$" name=".+" />
-
-
-	<!--	www redirects to ^ over http,
-		so copy that behavior:
-					-->
-	<rule from="^http://(?:www\.)?briansmith\.org/"
-		to="https://briansmith.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Briandunning.xml b/src/chrome/content/rules/Briandunning.xml
index 0599518c22f2..d0594ce41f3a 100644
--- a/src/chrome/content/rules/Briandunning.xml
+++ b/src/chrome/content/rules/Briandunning.xml
@@ -3,9 +3,8 @@
 	<target host="briandunning.com"/>
 	<target host="www.briandunning.com"/>
 
-	<securecookie host="^www\.briandunning\.com$" name=".*"/>
+	<securecookie host="^www\.briandunning\.com$" name=".+" />
 
-	<rule from="^http://(www\.)?briandunning\.com/"
-		to="https://$1briandunning.com/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/BrickLink.xml b/src/chrome/content/rules/BrickLink.xml
index 449b6db111a7..9e7fa5c96e0f 100644
--- a/src/chrome/content/rules/BrickLink.xml
+++ b/src/chrome/content/rules/BrickLink.xml
@@ -9,7 +9,6 @@
 
 	<!--	!www: reset
 				-->
-	<rule from="^http://(?:www\.)?bricklink\.com/"
-		to="https://www.bricklink.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Bridge_Road_Marketing.com.xml b/src/chrome/content/rules/Bridge_Road_Marketing.com.xml
new file mode 100644
index 000000000000..bb0572844668
--- /dev/null
+++ b/src/chrome/content/rules/Bridge_Road_Marketing.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- bridgeroadmarketing.com
+
+-->
+<ruleset name="Bridge Road Marketing.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="bridgeroadmarketing.com" />
+	<target host="www.bridgeroadmarketing.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^bridgeroadmarketing\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^bridgeroadmarketing\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bridges-Foundation.org.xml b/src/chrome/content/rules/Bridges-Foundation.org.xml
new file mode 100644
index 000000000000..ae42a7bfb7fa
--- /dev/null
+++ b/src/chrome/content/rules/Bridges-Foundation.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="Bridges-Foundation.org">
+	<target host="bridges-foundation.org" />
+	<target host="www.bridges-foundation.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Bridgew.edu.xml b/src/chrome/content/rules/Bridgew.edu.xml
new file mode 100644
index 000000000000..0574af58acf3
--- /dev/null
+++ b/src/chrome/content/rules/Bridgew.edu.xml
@@ -0,0 +1,45 @@
+<!--
+	Non-functional hosts
+		Timeout was reached:
+		- bsuweather.bridgew.edu
+		- cas-dev.bridgew.edu
+		- ems.bridgew.edu
+		- infobear.bridgew.edu
+		- maxwell.bridgew.edu
+		- mobile.bridgew.edu
+		- my.bridgew.edu
+		- parking.bridgew.edu
+		- reslife.bridgew.edu
+		- search.bridgew.edu
+		- services.bridgew.edu
+		- webhost.bridgew.edu
+		- webwork.bridgew.edu
+		- beis2-prd.bridgew.edu:4443
+		- dgw1-prd.bridgew.edu:6789
+
+		Incomplete certificate chain error:
+		- catalog.bridgew.edu
+-->
+<ruleset name="Bridgew.edu">
+	<target host="bridgew.edu" />
+	<target host="www.bridgew.edu" />
+	<target host="alumni.bridgew.edu" />
+	<target host="arts.bridgew.edu" />
+	<target host="bridgew-stg.bridgew.edu" />
+	<target host="cc2bsu.bridgew.edu" />
+	<target host="handbook.bridgew.edu" />
+	<target host="in.bridgew.edu" />
+	<target host="jobs.bridgew.edu" />
+	<target host="library.bridgew.edu" />
+	<target host="microsites.bridgew.edu" />
+	<target host="mybsu.bridgew.edu" />
+	<target host="opportunities.bridgew.edu" />
+	<target host="remote.bridgew.edu" />
+	<target host="strategy.bridgew.edu" />
+	<target host="vc.bridgew.edu" />
+	<target host="youdecide.bridgew.edu" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Bridgeways.com.xml b/src/chrome/content/rules/Bridgeways.com.xml
new file mode 100644
index 000000000000..45849b05e456
--- /dev/null
+++ b/src/chrome/content/rules/Bridgeways.com.xml
@@ -0,0 +1,27 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://bridgeways.com/ => https://bridgeways.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.bridgeways.com/ => https://www.bridgeways.com/: (28, 'Connection timed out after 20000 milliseconds')
+
+-->
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://bridgeways.com/ => https://bridgeways.com/: (7, 'Failed to connect to bridgeways.com port 443: Connection timed out')
+
+-->
+<ruleset name="Bridgeways.com" default_off="failed ruleset test">
+
+	<target host="bridgeways.com" />
+	<target host="www.bridgeways.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<securecookie host="^(?:\.|www\.)?bridgeways\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Briggs_and_Riley.xml b/src/chrome/content/rules/Briggs_and_Riley.xml
index e268366c1f78..cbbf4b5e3f60 100644
--- a/src/chrome/content/rules/Briggs_and_Riley.xml
+++ b/src/chrome/content/rules/Briggs_and_Riley.xml
@@ -1,8 +1,12 @@
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://briggs-riley.com/ => https://www.briggs-riley.com/: (35, 'Unknown SSL protocol error in connection to www.briggs-riley.com:443 ')
+-->
 <ruleset name="Briggs and Riley">
     <target host="briggs-riley.com" />
     <target host="*.briggs-riley.com" />
 
-    <rule from="^https?://briggs-riley\.com/"
+    <rule from="^http://briggs-riley\.com/"
         to="https://www.briggs-riley.com/"/>
     <rule from="^http://([^/:@]+)?\.briggs-riley\.com/"
         to="https://$1.briggs-riley.com/" />
diff --git a/src/chrome/content/rules/Bright-Things.com.xml b/src/chrome/content/rules/Bright-Things.com.xml
new file mode 100644
index 000000000000..35552cee660c
--- /dev/null
+++ b/src/chrome/content/rules/Bright-Things.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="Bright-Things.com">
+
+	<target host="bright-things.com" />
+	<target host="www.bright-things.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BrightContext.com.xml b/src/chrome/content/rules/BrightContext.com.xml
index 9ee89185d81c..34629e3ef419 100644
--- a/src/chrome/content/rules/BrightContext.com.xml
+++ b/src/chrome/content/rules/BrightContext.com.xml
@@ -1,46 +1,10 @@
-<!--
-	CDN buckets:
-
-		- s3.amazonaws.com/static.brightcontext.com/
-
-		- d21tvy0y59wl26.cloudfront.net
-
-			- www
-
-
-	Problematic subdomains:
-
-		- www	(works, cloudfront)
-
-
-	Partially covered subdomains:
-
-		- www	(→ d21tvy0y59wl26.cloudfront.net)
-
-
-	Fully covered subdomains:
-
-		- ^
-		- mgr
-
--->
-<ruleset name="BrightContext.com (partial)">
+<ruleset name="BrightContext.com">
 
 	<target host="brightcontext.com" />
-	<target host="*.brightcontext.com" />
-		<!--
-			Avoid user-visible paths:
-							-->
-		<exclusion pattern="^http://www\.brightcontext\.com/(?!favicon\.ico|wp-content/|wp-includes/)" />
-
-
-	<securecookie host="^mgr\.brightcontext\.com$" name=".+" />
-
+	<target host="www.brightcontext.com" />
 
-	<rule from="^http://(mgr\.)?brightcontext\.com/"
-		to="https://$1brightcontext.com/" />
 
-	<rule from="^http://www\.brightcontext\.com/"
-		to="https://d21tvy0y59wl26.cloudfront.net/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/BrightFort.com-problematic.xml b/src/chrome/content/rules/BrightFort.com-problematic.xml
index 668cf52d4e21..e8d0e827a0f9 100644
--- a/src/chrome/content/rules/BrightFort.com-problematic.xml
+++ b/src/chrome/content/rules/BrightFort.com-problematic.xml
@@ -7,7 +7,7 @@
 	<target host="blog.brightfort.com" />
 
 
-	<rule from="^http://blog\.brightfort\.com/"
-		to="https://blog.brightfort.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/BrightFort.com.xml b/src/chrome/content/rules/BrightFort.com.xml
index 66ff81b74434..3a96d49c2422 100644
--- a/src/chrome/content/rules/BrightFort.com.xml
+++ b/src/chrome/content/rules/BrightFort.com.xml
@@ -4,7 +4,14 @@
 
 	Problematic subdomains:
 
-		- blog	(works; mismatched, CN: blog.javacoolsoftware.com)
+		- blog *
+
+	* Expired, mismatched
+
+
+	Mixed content:
+
+		- Images on blog from $self
 
 -->
 <ruleset name="BrightFort.com (partial)">
@@ -13,7 +20,7 @@
 	<target host="www.brightfort.com" />
 
 
-	<rule from="^http://(www\.)?brightfort\.com/"
-		to="https://$1brightfort.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/BrightRoll.xml b/src/chrome/content/rules/BrightRoll.xml
deleted file mode 100644
index 66f383fd1d14..000000000000
--- a/src/chrome/content/rules/BrightRoll.xml
+++ /dev/null
@@ -1,33 +0,0 @@
-<!--
-	CDN buckets:
-
-		- d1ibts9hn2apvm.cloudfront.net
-
-			- cache.btrll.com
-
-
-	Problematic domains:
-
-		- www3.brightroll.com		(works, mismatched, CN: *.pardot.com)
-
-
-	Nonfunctional domains:
-
-		- (www.)brightroll.com
-
--->
-<ruleset name="BrightRoll (partial)">
-
-	<target host="*.btrll.com" />
-
-
-	<securecookie host="^\.btrll\.com$" name=".+" />
-
-
-	<rule from="^https?://cache\.btrll\.com/"
-		to="https://d1ibts9hn2apvm.cloudfront.net/" />
-
-	<rule from="^http://(s)?segs\.btrll\.com/"
-		to="https://$1segs.btrll.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/BrightTALK.com.xml b/src/chrome/content/rules/BrightTALK.com.xml
new file mode 100644
index 000000000000..5584b9739f79
--- /dev/null
+++ b/src/chrome/content/rules/BrightTALK.com.xml
@@ -0,0 +1,46 @@
+
+<!--
+	Nonfunctional hosts:
+
+		go *
+
+	* Marketo
+
+
+	Problematic hosts:
+
+		- blog *
+
+	* Mismatched
+
+
+	Fully covered hosts:
+
+		- (www.)?
+		- support
+
+
+	Insecure cookies are set for theses hosts:
+
+		- blog.brighttalk.com
+
+-->
+<ruleset name="BrightTALK.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="brighttalk.com" />
+	<!--target host="blog.brighttalk.com" /-->
+	<target host="business.brighttalk.com" />
+	<target host="support.brighttalk.com" />
+	<target host="www.brighttalk.com" />
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^blog\.brighttalk\.com$" name="^(JSESSIONID|ss_sd)$" /-->
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BrightTag-problematic.xml b/src/chrome/content/rules/BrightTag-problematic.xml
index f33b8b8b068d..d1b6063a2c5b 100644
--- a/src/chrome/content/rules/BrightTag-problematic.xml
+++ b/src/chrome/content/rules/BrightTag-problematic.xml
@@ -15,4 +15,4 @@
 	<rule from="^http://(?:www\.)?(?:the)?brighttag\.com/"
 		to="https://www.brighttag.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/BrightTag.xml b/src/chrome/content/rules/BrightTag.xml
index f937981b7d2b..062d69a51438 100644
--- a/src/chrome/content/rules/BrightTag.xml
+++ b/src/chrome/content/rules/BrightTag.xml
@@ -4,7 +4,7 @@
 
 	Other BrightTag rulesets:
 
-		- SiteTagger.co.uk.xml
+		- BTstatic.com.xml
 
 
 	CDN buckets:
@@ -27,28 +27,60 @@
 
 		- thebrighttag.com subdomains:
 
+			- api
+			- control
+			- s *
 			- a.s	(→ s)
 			- b.s	(→ s)
+			- s-eu
+			- t
+			- u
+
+	* Included on 3rd-party websites
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- s.thebrighttag.com
+		- .s.thebrighttag.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
 <ruleset name="BrightTag (partial)">
 
-	<target host="*.btstatic.com" />
-	<target host="*.thebrighttag.com" />
+	<!--	Direct rewrites:
+				-->
+	<target host="api.thebrighttag.com" />
+	<target host="control.thebrighttag.com" />
+	<target host="s.thebrighttag.com" />
+	<target host="s-eu.thebrighttag.com" />
+	<target host="t.thebrighttag.com" />
+	<target host="u.thebrighttag.com" />
+
+	<!--	Complications:
+				-->
+	<target host="a.s.thebrighttag.com" />
+	<target host="b.s.thebrighttag.com" />
 
+		<!--	Set cookie without Secure:
+							-->
+		<test url="http://s.thebrighttag.com/csx?tp=" />
+		<!--test url="http://s.thebrighttag.com/iframe?c=" /-->
 
-	<securecookie host="^(?:\.?control|\.s)\.thebrighttag\.com$" name=".+" />
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.s\.thebrighttag\.com$" name="^bt3$" /-->
+	<!--securecookie host="^s\.thebrighttag\.com$" name="^btpdb\.[\w.]+$" /-->
 
-	<rule from="^http://(s|s-eu|t)\.btstatic\.com/"
-		to="https://$1.btstatic.com/" />
+	<securecookie host="^(?!\.thebrighttag\.com$)." name=".+" />
 
-	<!--	s: included on 3rd-party websites.
-						-->
-	<rule from="^http://(api|control|s|s-eu|t|u)\.thebrighttag\.com/"
-		to="https://$1.thebrighttag.com/" />
 
 	<rule from="^http://[ab]\.s\.thebrighttag\.com/"
 		to="https://s.thebrighttag.com/" />
 
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/Bright_Hub.com.xml b/src/chrome/content/rules/Bright_Hub.com.xml
index 04cb3d0d249e..75807a4e0660 100644
--- a/src/chrome/content/rules/Bright_Hub.com.xml
+++ b/src/chrome/content/rules/Bright_Hub.com.xml
@@ -1,4 +1,9 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ss.brighthub.com/ => https://ss.brighthub.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://s.brighthub.com/ => https://s.brighthub.com/: (51, "SSL: no alternative certificate subject name matches target host name 's.brighthub.com'")
+
 	CDN buckets:
 
 		- images.brighthub.com.edgesuite.net
@@ -29,10 +34,10 @@
 	* Works, akamai
 
 -->
-<ruleset name="Bright Hub.com (partial)">
+<ruleset name="Bright Hub.com (partial)" default_off="failed ruleset test">
 
-	<target host="brighthub.com" />
-	<target host="*.brighthub.com" />
+	<target host="ss.brighthub.com" />
+	<target host="s.brighthub.com" />
 		<!--
 			Redirects to http
 						-->
@@ -42,22 +47,13 @@
 	<!--securecookie host="^\.brighthub\.com$" name="^ASP\.NET_SessionId$" /-->
 
 
-	<rule from="^http://(?:www\.)?brighthub\.com/favicon\.ico"
-		to="https://a248.e.akamai.net/f/1107/726/f/www.brighthub.com/favicon.ico" />
-
-	<rule from="^http://images\.brighthub\.com/"
-		to="https://a248.e.akamai.net/f/1560/24/4/images.brighthub.com/" />
-
 	<!--	Rewrite css to ss first, as stylesheets
 		link resources relative to /.
 						-->
 	<rule from="^http://s\.brighthub\.com/s/css/"
 		to="https://ss.brighthub.com/s/css/" />
 
-	<rule from="^http://s\.brighthub\.com/"
-		to="https://a248.e.akamai.net/f/938/158/8/s.brighthub.com" />
-
-	<rule from="^http://ss\.brighthub\.com/"
-		to="https://ss.brighthub.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Bright_Kids_NYC.xml b/src/chrome/content/rules/Bright_Kids_NYC.xml
index fa190a061bc3..a941d57e499d 100644
--- a/src/chrome/content/rules/Bright_Kids_NYC.xml
+++ b/src/chrome/content/rules/Bright_Kids_NYC.xml
@@ -1,19 +1,23 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://brightkidsnyc.com/ => https://www.brightkidsnyc.com/: (7, 'Failed to connect to www.brightkidsnyc.com port 443: Connection refused')
+
 	Problematic domains:
 
 		- ^	(expired 2012-04-18)
 
 -->
-<ruleset name="Bright Kids NYC">
+<ruleset name="Bright Kids NYC" default_off="failed ruleset test">
 
 	<target host="brightkidsnyc.com" />
-	<target host="*.brightkidsnyc.com" />
+	<target host="www.brightkidsnyc.com" />
 
 
 	<securecookie host="^(?:www)?\.brightkidsnyc.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?brightkidsnyc\.com/"
+	<rule from="^http://(?:www\.)?brightkidsnyc\.com/"
 		to="https://www.brightkidsnyc.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Brightcove.xml b/src/chrome/content/rules/Brightcove.xml
index d82dd5869f06..1509d63abe3b 100644
--- a/src/chrome/content/rules/Brightcove.xml
+++ b/src/chrome/content/rules/Brightcove.xml
@@ -4,11 +4,16 @@
 
 	Other Brightcove rulesets:
 
+		- Bcove.me.xml
 		- Zencoder.xml
 
 
 	CDN buckets:
 
+		- brightcove01.brightcove.com.edgesuite.net
+
+			- a948.ga.akamai.net
+
 		- brightcove04.brightcove.com.edgesuite.net
 
 			- brightcove04
@@ -25,13 +30,11 @@
 
 			- feeds *
 			- forum **
-			- goku			(refused)
 			- investor ***
-			- link
 			- brightcove04.o	(503, Akamai)
 			- status *
 
-		- brightcove.vo.llnwd.net	(400; CN: *.hs.llnwd.net, .hs. doesn't exist)
+		- brightcove.vo.llnwd.net	(400; .hs. doesn't exist)
 
 	* Reset
 	** Refused
@@ -41,26 +44,32 @@
 	Problematic domains:
 
 		- admin.brightcove.com		(akamai)
+		- brightcove01.brightcove.com ¹
 		- go.brightcove.com		(works; mismatched, CN: secure.eloqua.com)
-		- opensource.brightcove.com	(works; mismatched, CN: *.vorpal.io)
-		- services.brightcove.com	(504, valid cert)
-
+		- opensource.brightcove.com	(refused)
 
-	Partially covered subdomains:
-
-		- (www.) *
-		- blog *
-
-	* Some pages redirect to http
+	¹ Works, akamai
 
 
 	Fully covered subdomains:
 
+		- (www.) *
 		- api
 		- read.appcloud
+		- transcode.appcloud
 		- write.appcloud
+		- blog
+		- brightcove01-secure
 		- developer
 		- docs
+		- images.gallery
+		- goku
+		- img
+		- link
+		- opensource	(→ docs)
+		- signin
+		- solutions
+		- support
 		- videocloud
 
 
@@ -73,12 +82,27 @@
 
 	/101716/rtmp_pd
 
+
+	These altnames don't exist:
+
+		- www.images.gallery.brightcove.com
+		- www.goku.brightcove.com
+		- www.services.brightcove.com
+		- www.signin.brightcove.com
+		- www.solutions.brightcove.com
+		- www.support.brightcove.com
+
+
+	Mixed content:
+
+		- Images on support from img *
+
+	* Secured by us
+
 -->
 <ruleset name="Brightcove (partial)">
 
 	<target host="*.brightcove.com" />
-		<exclusion pattern="^http://(?:www\.)?brightcove\.com/(?!sites/|timetrade-iframe\.html)" />
-		<exclusion pattern="^http://blog\.brightcove\.com/(?!sites/)" />
 		<!--
 			Videos fail to load.
 
@@ -88,8 +112,16 @@
 		<!--
 			https://mail1.eff.org/pipermail/https-everywhere-rules/2013-May/001587.html
 													-->
+		<!--
+			Videos fail to load.
+			https://trac.torproject.org/projects/tor/ticket/12405
+			The Brightcove player loads in an iframe, whose URL gets correctly
+			rewritten to HTTPS. However, that iframe attempts to load a script
+			that runs afoul of the mixed content blocking bug. -->
+		<exclusion pattern="^https://secure.brightcove.com/services/viewer/" />
+
 		<exclusion pattern="^http://admin\.brightcove\.com/viewer/us20[\d\.]+/BrightcoveBootloader\.swf(?:\?|$)" />
-		<!--exclusion pattern="^https?://c\.brightcove\.com/services/messagebroker/amf\?playerId=" /-->
+		<!--exclusion pattern="^http://c\.brightcove\.com/services/messagebroker/amf\?playerId=" /-->
 		<exclusion pattern="^http://admin\.brightcove\.com/viewer/.+\.swf(?:\?|$)" />
 
 	<!--securecookie host="^\.brightcove\.com$" name="^(test|vorpal-signature|vorpal-user)$" /-->
@@ -98,18 +130,20 @@
 	<rule from="^http://c\.brightcove\.com/services/viewer/"
 		to="https://secure.brightcove.com/services/viewer/" />
 
-	<rule from="^http://((?:api|(?:read\.|write\.)?appcloud|blog|docs|files|img|metrics|my|register|secure|signin|videocloud|www)\.)?brightcove\.com/"
+	<rule from="^http://((?:api|(?:read\.|transcode\.|write\.)?appcloud|blog|brightcove01-secure|docs|files|images\.gallery|go|goku|img|link|metrics|my|register|secure|services|signin|solutions|support|videocloud|www)\.)?brightcove\.com/"
 		to="https://$1brightcove.com/" />
 
-	<!--	At least the homepage redirects to http.
+	<!--	Then everything else to -secure.
 							-->
-	<rule from="^http://support\.brightcove\.com/(en/contact$|sites/)"
-		to="https://support.brightcove.com/$1" />
+	<rule from="^http://brightcove01\.brightcove\.com/"
+		to="https://brightcove01-secure.brightcove.com/" />
 
-	<rule from="^https?://s?admin\.brightcove\.com/"
+	<rule from="^http://s?admin\.brightcove\.com/"
 		to="https://sadmin.brightcove.com/" />
 
-	<rule from="^http://services\.brightcove\.com/"
-		to="https://secure.brightcove.com/" />
+	<!--	Redirect drops path but not args:
+							-->
+	<rule from="^http://opensource\.brightcove\.com/+[^?]*"
+		to="https://docs.brightcove.com/en/video-cloud/open-source/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Brighteroption.com.xml b/src/chrome/content/rules/Brighteroption.com.xml
new file mode 100644
index 000000000000..4786e3888fb7
--- /dev/null
+++ b/src/chrome/content/rules/Brighteroption.com.xml
@@ -0,0 +1,35 @@
+<!--
+	For other Salesforce coverage, see Salesforce.com.xml.
+
+
+	Fully covered hosts in *brighteroption.com:
+
+		- (www.)?
+		- track
+
+
+	Insecure cookies are set for these domains:
+
+		- .brighteroption.com
+
+-->
+<ruleset name="brighteroption.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="brighteroption.com" />
+	<target host="track.brighteroption.com" />
+	<target host="www.brighteroption.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.brighteroption\.com$" name="^\.ASPXAUTH$" /-->
+
+	<securecookie host="^\.brighteroption\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Brightidea.xml b/src/chrome/content/rules/Brightidea.xml
index 9030ef9c315a..5a446e019b9a 100644
--- a/src/chrome/content/rules/Brightidea.xml
+++ b/src/chrome/content/rules/Brightidea.xml
@@ -1,29 +1,74 @@
 <!--
-	Nonfunctional subdomains:
+	Problematic subdomains:
 
-		- blog		(times out)
-		- support	(redirects to http; mismatched, CN: *.zendesk.com)
+		- (www.)?
+		- blog ²
+		- web ²
 
+	¹ 502
+	² Mismatched
 
-	Cert only matches *.brightidea.com
 
--->
-<ruleset name="Brightidea (partial)">
+	Fully covered subdomains:
+
+		- auth
+		- images
+		- na2
+		- support
+
+
+	Insecure cookies are set for these domains:
+
+		- .brightidea.com
+		- web.brightidea.com
+
+
+	Mixed content:
+
+		- iframe on blog from www.brightidea.com ¹
+		- css on blog from www.brightidea.com ¹
 
-	<target host="brightidea.com" />
-	<target host="*.brightidea.com" />
+		- Images, on:
+
+			- blog from $self ²
+			- blog from www.brightidea.com ³
+			- web from cdn2.hubspot.net ¹
+
+		- favicon on blog from www.brightidea.com ¹
+
+		- Ads/bugs, on:
+
+			- blog from www.googleadservices.com
+			- blog from pixel.quantserve.com ¹
+			- blog from ad.retargeter.com ¹
+			- blog from b.scorecardresearch.com ¹
+
+	¹ Secured by us
+	² Not secured by us <= mismatched
+	³ Unsecurable <= 502
+
+-->
+<ruleset name="Brightidea.com (partial)">
 
+	<!--	Direct rewrites:
+				-->
+	<target host="auth.brightidea.com" />
+	<!--target host="blog.brightidea.com" /-->
+	<target host="images.brightidea.com" />
+	<target host="na2.brightidea.com" />
+	<target host="support.brightidea.com" />
+	<!--target host="web.brightidea.com" /-->
 
-	<securecookie host="^www\.brightidea\.com$" name=".+" />
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.brightidea\.com$" name="^(__cfduid|__qca|cf_clearance)$" /-->
+	<!--securecookie host="^web\.brightidea\.com$" name="^hsPagesViewedThisSession$" /-->
 
-	<rule from="^https?://(?:www\.)?brightidea\.com/"
-		to="https://www.brightidea.com/" />
+	<securecookie host="^\.brightidea\.com$" name="^__qca$" />
 
-	<rule from="^http://(images|na2)\.brightidea\.com/"
-		to="https://$1.brightidea.com/" />
 
-	<rule from="^https?://support\.brightidea\.com/(generated|system)/"
-		to="https://assets.zendesk.com/$1/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Brighton.xml b/src/chrome/content/rules/Brighton.xml
index 9d8a28477746..6c0f6907c76c 100644
--- a/src/chrome/content/rules/Brighton.xml
+++ b/src/chrome/content/rules/Brighton.xml
@@ -7,7 +7,7 @@
 	<target host="brighton.com" />
 	<target host="www.brighton.com" />
 	<target host="brightoncollectibles.com" />
-	<target host="*.brightoncollectibles.com" />
+	<target host="www.brightoncollectibles.com" />
 
 
 	<securecookie host="\.brightoncollectibles\.com$" name=".+" />
@@ -19,4 +19,4 @@
 	<rule from="^http://(www\.)?brightoncollectibles\.com/"
 		to="https://$1brightoncollectibles.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Brilig.xml b/src/chrome/content/rules/Brilig.xml
index fa6eb394787f..092655c748f3 100644
--- a/src/chrome/content/rules/Brilig.xml
+++ b/src/chrome/content/rules/Brilig.xml
@@ -1,23 +1,17 @@
 <!--
-	Problematic subdomains:
-
-		- js	(mismatched, CN: p.brilig.com)
-		- kb	(works, expired 2013-03-17)
+	For other Merkle Inc coverage, see merkleinc.com.xml.
 
 -->
-<ruleset name="Brilig (partial)">
+<ruleset name="Brilig.com" default_off="refused">
 
 	<target host="brilig.com" />
-	<target host="*.brilig.com" />
-
+	<target host="www.brilig.com" />
 
-	<securecookie host="^.*\.brilig\.com$" name=".*" />
 
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://js\.brilig\.com/"
-		to="https://p.brilig.com/" />
 
-	<rule from="^http://((?:marketplace|p|www)\.)?brilig\.com/"
-		to="https://$1brilig.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Bring_the_Gig.xml b/src/chrome/content/rules/Bring_the_Gig.xml
index 65350e859a8b..1fda8fcad4c3 100644
--- a/src/chrome/content/rules/Bring_the_Gig.xml
+++ b/src/chrome/content/rules/Bring_the_Gig.xml
@@ -1,13 +1,12 @@
 <ruleset name="Bring the Gig">
 
 	<target host="bringthegig.com" />
-	<target host="*.bringthegig.com" />
+	<target host="www.bringthegig.com" />
 
 
 	<securecookie host="^\.bringthegig\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?bringthegig\.com/"
-		to="https://$1bringthegig.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Brinkster.com.xml b/src/chrome/content/rules/Brinkster.com.xml
index 18cf85c4bb65..ece5514e42ee 100644
--- a/src/chrome/content/rules/Brinkster.com.xml
+++ b/src/chrome/content/rules/Brinkster.com.xml
@@ -10,13 +10,15 @@
 <ruleset name="Brinkster.com">
 
 	<target host="brinkster.com" />
-	<target host="*.brinkster.com" />
+	<target host="help.brinkster.com" />
+	<target host="secure.brinkster.com" />
+	<target host="webmail.brinkster.com" />
+	<target host="www.brinkster.com" />
 
 
 	<securecookie host="^(?:webmail)?\.brinkster\.com$" name=".+" />
 
 
-	<rule from="^http://((?:help|secure|webmail|www)\.)?brinkster\.com/"
-		to="https://$1brinkster.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/BritAc.ac.uk.xml b/src/chrome/content/rules/BritAc.ac.uk.xml
new file mode 100644
index 000000000000..0d869f1a5caf
--- /dev/null
+++ b/src/chrome/content/rules/BritAc.ac.uk.xml
@@ -0,0 +1,37 @@
+<!--
+	Nonfunctional hosts in *britac.ac.uk:
+
+		- ^ ʳ
+		- blog *
+		- www ʳ
+
+	* Handshake fails
+	ʳ Refused
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- egap.britac.ac.uk
+		- ols.britac.ac.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="BritAc.ac.uk (partial)">
+
+	<target host="egap.britac.ac.uk" />
+	<target host="ols.britac.ac.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^egap\.britac\.ac\.uk$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^ols\.britac\.ac\.uk$" name="^(?:ASPFIXATION|type)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Britannica.com.xml b/src/chrome/content/rules/Britannica.com.xml
index 98d1b4204293..40f0bfa3d098 100644
--- a/src/chrome/content/rules/Britannica.com.xml
+++ b/src/chrome/content/rules/Britannica.com.xml
@@ -41,7 +41,9 @@
 <ruleset name="Britannica.com (partial)">
 
 	<target host="britannica.com" />
-	<target host="*.britannica.com" />
+	<target host="www.britannica.com" />
+	<target host="safe.britannica.com" />
+	<target host="safe1.britannica.com" />
 
 
 	<!--securecookie host="^\.britannica\.com$" name="^bcomID$" /-->
@@ -51,7 +53,6 @@
 	<rule from="^http://(?:www\.)?britannica\.com/"
 		to="https://www.britannica.com/" />
 
-	<rule from="^http://safe(1)?\.britannica\.com/"
-		to="https://safe$1.britannica.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Britcoin.co.uk.xml b/src/chrome/content/rules/Britcoin.co.uk.xml
index 04d43724401b..281c1deecca5 100644
--- a/src/chrome/content/rules/Britcoin.co.uk.xml
+++ b/src/chrome/content/rules/Britcoin.co.uk.xml
@@ -1,4 +1,14 @@
-<ruleset name="Britcoin.co.uk">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://britcoin.co.uk/ => https://www.britcoin.co.uk/: (35, 'Unknown SSL protocol error in connection to www.britcoin.co.uk:443 ')
+Fetch error: http://www.britcoin.co.uk/ => https://www.britcoin.co.uk/: (35, 'Unknown SSL protocol error in connection to www.britcoin.co.uk:443 ')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://britcoin.co.uk/ => https://www.britcoin.co.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'www.britcoin.co.uk'")
+Fetch error: http://www.britcoin.co.uk/ => https://www.britcoin.co.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'www.britcoin.co.uk'")
+-->
+<ruleset name="Britcoin.co.uk" default_off="failed ruleset test">
   <target host="britcoin.co.uk" />
   <target host="www.britcoin.co.uk" />
 
diff --git a/src/chrome/content/rules/BriteObjects.xml b/src/chrome/content/rules/BriteObjects.xml
index 80753507c5c3..bc6562ff399c 100644
--- a/src/chrome/content/rules/BriteObjects.xml
+++ b/src/chrome/content/rules/BriteObjects.xml
@@ -23,4 +23,4 @@
 	<rule from="^http://(?:www\.)?briteobjects\.com/"
 		to="https://www.briteobjects.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/British-Airways.xml b/src/chrome/content/rules/British-Airways.xml
new file mode 100644
index 000000000000..4d80e816977f
--- /dev/null
+++ b/src/chrome/content/rules/British-Airways.xml
@@ -0,0 +1,75 @@
+<!--
+	britishairways.com:
+		Mismatch:
+			- mediacentre.britishairways.com
+
+
+	ba.com:
+		Mismatch:
+			- behindthedesign.ba.com
+			- www.behindthedesign.ba.com
+			- businesslife.ba.com
+			- highlife.ba.com
+			- pictureyourholiday.ba.com
+			- press.ba.com
+			- responsibleflying.ba.com
+			- shopping.ba.com, equivalent to www.shopping.ba.com
+			- terminal5.ba.com
+			- www.terminal5.ba.com
+
+		Refused:
+			- londonaustin.ba.com
+			- theclub.ba.com
+
+		Timed out:
+			- www.holidays.ba.com
+			- onlinestandards.ba.com
+			- ournewplanes.ba.com
+			- taxi.ba.com
+
+
+	batraveltrade.com:
+		Mismatch:
+			- batraveltrade.com, equivalent to www.batraveltrade.com
+-->
+
+<ruleset name="British Airways">
+	<!-- britishairways.com -->
+	<target host="britishairways.com" />
+	<target host="www.britishairways.com" />
+	<target host="baggageclaim.britishairways.com" />
+	<target host="disruptionclaim.britishairways.com" />
+	<target host="onbusiness.britishairways.com" />
+	<target host="origin-www.britishairways.com" />
+	<target host="wap.britishairways.com" />
+
+	<securecookie host="^(?:.*\.)?britishairways.com$" name=".+" />
+
+
+	<!-- ba.com -->
+	<target host="ba.com" />
+	<target host="www.ba.com" />
+	<target host="careers.ba.com" />
+	<target host="developer.ba.com" />
+	<target host="hotline.ba.com" />
+	<target host="idtravel.ba.com" />
+	<target host="jobs.ba.com" />
+	<target host="www.shopping.ba.com" />
+	<target host="shopping.ba.com" />
+	<target host="stafftravel.ba.com" />
+
+	<rule from="^http://shopping\.ba\.com/"
+		  to="https://www.shopping.ba.com/" />
+
+
+	<!-- batraveltrade.com -->
+	<target host="batraveltrade.com" />
+	<target host="www.batraveltrade.com" />
+	<target host="softdollar.batraveltrade.com" />
+
+	<rule from="^http://batraveltrade\.com/"
+		  to="https://www.batraveltrade.com/" />
+
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/BritishEcologicalSociety.org.xml b/src/chrome/content/rules/BritishEcologicalSociety.org.xml
new file mode 100644
index 000000000000..ec9ca4946cbf
--- /dev/null
+++ b/src/chrome/content/rules/BritishEcologicalSociety.org.xml
@@ -0,0 +1,21 @@
+<!--
+	Invalid certificate:
+		britishecologicalsociety.org
+		abstract.britishecologicalsociety.org
+		redblade.britishecologicalsociety.org
+
+-->
+<ruleset name="BritishEcologicalSociety.org">
+
+	<target host="britishecologicalsociety.org" />
+	<target host="www.britishecologicalsociety.org" />
+	<target host="portal.britishecologicalsociety.org" />
+		<test url="http://portal.britishecologicalsociety.org/portal/public/register/default.aspx" />
+
+	<rule from="^http://britishecologicalsociety\.org/"
+		to="https://www.britishecologicalsociety.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BritishGas.co.uk.xml b/src/chrome/content/rules/BritishGas.co.uk.xml
new file mode 100644
index 000000000000..ff2f4249035f
--- /dev/null
+++ b/src/chrome/content/rules/BritishGas.co.uk.xml
@@ -0,0 +1,18 @@
+<!--
+	Invalid certificate:
+		link.britishgas.co.uk
+
+-->
+<ruleset name="British Gas">
+
+	<target host="britishgas.co.uk" />
+	<target host="www.britishgas.co.uk" />
+	<target host="myhome.britishgas.co.uk" />
+
+	<rule from="^http://britishgas\.co\.uk/"
+		to="https://www.britishgas.co.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/British_Airline_Pilots_Association.xml b/src/chrome/content/rules/British_Airline_Pilots_Association.xml
deleted file mode 100644
index d585c9649391..000000000000
--- a/src/chrome/content/rules/British_Airline_Pilots_Association.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="British Airline Pilots Association">
-    <target host="balpa.org" />
-    <target host="*.balpa.org" />
-
-    <rule from="^https?://balpa\.org/"
-        to="https://www.balpa.org/"/>
-    <rule from="^http://([^/:@]+)?\.balpa\.org/"
-        to="https://$1.balpa.org/" />
-</ruleset>
diff --git a/src/chrome/content/rules/British_Gas.xml b/src/chrome/content/rules/British_Gas.xml
deleted file mode 100644
index 0f99b86a1f44..000000000000
--- a/src/chrome/content/rules/British_Gas.xml
+++ /dev/null
@@ -1,28 +0,0 @@
-<!--
-	Problematic subdomains:
-
-		- ^	(cert only matches www)
-
-
-	Some pages redirect to http.
-
--->
-<ruleset name="British Gas (partial)">
-
-	<target host="88.208.232.88" />
-	<target host="britishgas.co.uk" />
-	<target host="www.britishgas.co.uk" />
-
-
-	<rule from="^http://88\.208\.232\.88/wp-content/"
-		to="https://www.britishgas.co.uk/business/blog/wp-content/" />
-
-	<!--	404s as-is:
-				-->
-	<rule from="^http://(?:www\.)?britishgas\.co\.uk/GetAQuote(\?.*)?$"
-		to="https://www.britishgas.co.uk/GetAQuote/$1" />
-
-	<rule from="^http://(?:www\.)?britishgas\.co\.uk/(apps/|content/|etc/|(?:BGBOnline|business/(?:blog/(?:scripts|wp-content)/|ManageAccount||manage-account|QuerryManageMent)|GetAQuote|HelpAndAdvice|HomeMove|Login|Registration|ViewQuoteDetails|Your_Account)(?:$|\?|/)|images/|libs/|script/|style/)"
-		to="https://www.britishgas.co.uk/$1" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/British_Library.xml b/src/chrome/content/rules/British_Library.xml
index a01f869f1da3..844a9c5eb2ab 100644
--- a/src/chrome/content/rules/British_Library.xml
+++ b/src/chrome/content/rules/British_Library.xml
@@ -1,12 +1,144 @@
+<!--
+	Content mismatch:
+		bnb.bl.uk
+
+	Invalid certificate:
+		awc.bl.uk
+		bbcpilot.bl.uk
+		bipc.bl.uk
+		api.bldss.bl.uk
+		www.bldss.bl.uk
+		blogs.bl.uk
+		email.bl.uk
+		ethos.bl.uk
+		exhibitions.bl.uk
+		gallery.bl.uk
+		www.imagesonline.bl.uk
+		istc.bl.uk
+		labs.bl.uk
+		lcrdm.bl.uk
+		performancedashboard.bl.uk
+		prints.bl.uk
+		register.bl.uk
+		registerreader.bl.uk
+		www.shop.bl.uk
+
+	Not found:
+		sso1.bl.uk
+		sso2.bl.uk
+		ttpdownload.bl.uk
+		w2k-edd2.bl.uk
+		webvpn.bl.uk
+
+	Redirect loop:
+		sounds.bl.uk
+		soundstage.bl.uk
+		support.bl.uk
+
+	Rejected:
+		bnb.data.bl.uk
+		electronicresources2.bl.uk
+		explore.bl.uk
+		newspapers11.bl.uk
+		primocat.bl.uk
+		search.bl.uk
+		searcharchives.bl.uk
+		searchbeta.bl.uk
+		webconf.bl.uk
+
+	Timeout:
+		access.bl.uk
+		audio.bl.uk
+		vre.blric.bl.uk
+		cadensa.bl.uk
+		www.cadensa.bl.uk
+		cds.bl.uk
+		cmsproduction.bl.uk
+		crawler04.bl.uk
+		direct.bl.uk
+		dscx-webserv1.bl.uk
+		eap.bl.uk
+		electronicresources.bl.uk
+		envia.bl.uk
+		www.envia.bl.uk
+		estc.bl.uk
+		ethosdownload.bl.uk
+		etoc-datasrv.bl.uk
+		explorer.bl.uk
+		fileopen.bl.uk
+		finprod.bl.uk
+		ftp.bl.uk
+		idp.bl.uk
+		inside.bl.uk
+		itemviewer.bl.uk
+		www.mbsportal.bl.uk
+		payfin.bl.uk
+		pharos.bl.uk
+		sami.bl.uk
+		sanddragon.bl.uk
+		searchweb.bl.uk
+		sed.bl.uk
+		vll-spamfm.bl.uk
+		webmail.bl.uk
+-->
 <ruleset name="British Library (partial)">
 
+	<target host="bl.uk" />
+	<target host="www.bl.uk" />
+	<target host="api.bl.uk" />
+	<target host="bldss.bl.uk" />
+	<target host="apitest.bldss.bl.uk" />
+	<target host="blorderform.bl.uk" />
+	<target host="blpc.bl.uk" />
+	<target host="blraa.bl.uk" />
+	<target host="boxoffice.bl.uk" />
+	<target host="businessaccount.bl.uk" />
+	<target host="cdn-stp.bl.uk" />
+	<target host="collectbritain.bl.uk" />
+	<target host="data.bl.uk" />
+	<target host="dialin.bl.uk" />
+	<target host="directplus.bl.uk" />
+	<target host="forms.bl.uk" />
+	<target host="forms2.bl.uk" />
+	<target host="hviewer.bl.uk" />
+	<target host="i.bl.uk" />
+	<target host="imagesonline.bl.uk" />
+	<target host="indiafamily.bl.uk" />
+	<target host="lyncdiscover.bl.uk" />
+	<target host="maps.bl.uk" />
+	<target host="mbsportal.bl.uk" />
+	<target host="meet.bl.uk" />
+	<target host="molcat.bl.uk" />
+	<target host="molcat1.bl.uk" />
+	<target host="muscat.bl.uk" />
+	<target host="myaccount.bl.uk" />
+	<target host="myrequests.bl.uk" />
+	<target host="newspapers.bl.uk" />
+	<target host="ogimages.bl.uk" />
+	<target host="ondemand.bl.uk" />
+	<target host="oosfarm01.bl.uk" />
+	<target host="ordersubmission.bl.uk" />
+	<target host="payment.bl.uk" />
+	<target host="pdsloginblack.bl.uk" />
+	<target host="pdsloginorange.bl.uk" />
+	<target host="portico.bl.uk" />
 	<target host="pressandpolicy.bl.uk" />
-
+	<target host="prodigi.bl.uk" />
+	<target host="publishing.bl.uk" />
+	<target host="shop.bl.uk" />
+	<target host="sip.bl.uk" />
+	<target host="skypeweb-ext.bl.uk" />
+	<target host="socialwelfare.bl.uk" />
+	<target host="special-1.bl.uk" />
+	<target host="ssoa.bl.uk" />
+	<target host="stafflearning.bl.uk" />
+	<target host="vincent.bl.uk" />
+	<target host="vll-minos.bl.uk" />
+	<target host="voltage-pp-0000.bl.uk" />
 
 	<securecookie host="^pressandpolicy\.bl\.uk$" name=".+" />
 
+	<rule from="^http:"
+		to="https:" />
 
-	<rule from="^http://pressandpolicy\.bl\.uk/"
-		to="https://pressandpolicy.bl.uk/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/British_National_Formulary.xml b/src/chrome/content/rules/British_National_Formulary.xml
index f846d958796a..152982b6fd45 100644
--- a/src/chrome/content/rules/British_National_Formulary.xml
+++ b/src/chrome/content/rules/British_National_Formulary.xml
@@ -16,4 +16,4 @@
 	<rule from="^http://(?:www\.)?bnf\.org/bnf/((?:account|login|password|request_registration)\.htm|images/|style/|theme/)"
 		to="https://www.bnf.org/bnf/$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/British_Red_Cross.xml b/src/chrome/content/rules/British_Red_Cross.xml
index 47a8090eacbe..cc19ff1c27cc 100644
--- a/src/chrome/content/rules/British_Red_Cross.xml
+++ b/src/chrome/content/rules/British_Red_Cross.xml
@@ -28,7 +28,12 @@
 <ruleset name="British Red Cross (partial)">
 
 	<target host="redcross.org.uk" />
-	<target host="*.redcross.org.uk" />
+	<target host="www.redcross.org.uk" />
+	<target host="giftshop.redcross.org.uk" />
+	<target host="www.giftshop.redcross.org.uk" />
+	<target host="everydayfirstaid.redcross.org.uk" />
+	<target host="www.everydayfirstaid.redcross.org.uk" />
+	<target host="m.redcross.org.uk" />
 		<exclusion pattern="^http://(?:m\.|www\.)?redcross\.org\.uk/(?!(?:[\w/-]+/)?~/media/|css/|images/)" />
 
 
@@ -41,7 +46,6 @@
 	<rule from="^http://(?:www\.)?giftshop\.redcross\.org\.uk/"
 		to="https://giftshop.redcross.org.uk/" />
 
-	<rule from="^http://((?:www\.)?everydayfirstaid|m)\.redcross\.org\.uk/"
-		to="https://$1.redcross.org.uk/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Brixwork.com.xml b/src/chrome/content/rules/Brixwork.com.xml
index c5cda0041f7c..8f75080ba5ff 100644
--- a/src/chrome/content/rules/Brixwork.com.xml
+++ b/src/chrome/content/rules/Brixwork.com.xml
@@ -1,4 +1,7 @@
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://brixwork.com/ => https://brixwork.com/: Cycle detected - URL already encountered: http://www.brixwork.com/realtors/406.shtml
+Fetch error: http://www.brixwork.com/ => https://www.brixwork.com/: Cycle detected - URL already encountered: http://www.brixwork.com/realtors/406.shtml
 	Nonfunctional subdomains:
 
 		- demo	(shows www)
@@ -27,7 +30,6 @@
 	<securecookie host="^www\.brixwork\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?brixwork\.com/"
-		to="https://$1brixwork.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Brmlab.cz.xml b/src/chrome/content/rules/Brmlab.cz.xml
index 1654d2deea37..b4d7fb3048dd 100644
--- a/src/chrome/content/rules/Brmlab.cz.xml
+++ b/src/chrome/content/rules/Brmlab.cz.xml
@@ -2,7 +2,7 @@
   <target host="www.brmlab.cz" />
   <target host="brmlab.cz" />
 
-  <securecookie host="^(?:www\.)?brmlab\.cz$" name=".*" />
+  <securecookie host="^(?:www\.)?brmlab\.cz$" name=".+" />
 
-  <rule from="^http://(?:www\.)?brmlab\.cz/" to="https://www.brmlab.cz/"/>
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Bro.org.xml b/src/chrome/content/rules/Bro.org.xml
index d146d3270886..8a8543156977 100644
--- a/src/chrome/content/rules/Bro.org.xml
+++ b/src/chrome/content/rules/Bro.org.xml
@@ -1,16 +1,19 @@
 <!--
-	Nonfunctional subdomains:
+	Nonfunctional hosts in *bro.org:
 
-		- blog	(interrupted - hosted on blogger)
+		- blog *
+
+	* Blogger/handshake fails
 
 -->
 <ruleset name="Bro.org (partial)">
 
 	<target host="bro.org" />
-	<target host="*.bro.org" />
+	<target host="tracker.bro.org" />
+	<target host="www.bro.org" />
 
 
-	<rule from="^http://(tracker\.|www\.)?bro\.org/"
-		to="https://$1bro.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Broad-Institute.xml b/src/chrome/content/rules/Broad-Institute.xml
index a0cb436a9f16..f188fbe70755 100644
--- a/src/chrome/content/rules/Broad-Institute.xml
+++ b/src/chrome/content/rules/Broad-Institute.xml
@@ -2,13 +2,13 @@
 
 	<target host="broadinstitute.org" />
 	<!--	* for cross-domain cookie.	-->
-	<target host="*.broadinstitute.org" />
+	<target host="www.broadinstitute.org" />
 
 
-	<securecookie host="(?:www)?\.broadinstitute\.org$" name=".*" />
+	<securecookie host="(?:www)?\.broadinstitute\.org$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?broadinstitute\.org/"
+	<rule from="^http://(?:www\.)?broadinstitute\.org/"
 		to="https://www.broadinstitute.org/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Broadband-Forum.org.xml b/src/chrome/content/rules/Broadband-Forum.org.xml
new file mode 100644
index 000000000000..1a28b4da80bb
--- /dev/null
+++ b/src/chrome/content/rules/Broadband-Forum.org.xml
@@ -0,0 +1,15 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://broadband-forum.org/ => https://broadband-forum.org/: (51, "SSL: no alternative certificate subject name matches target host name 'broadband-forum.org'")
+
+-->
+<ruleset name="Broadband-Forum.org" default_off="failed ruleset test">
+
+	<target host="broadband-forum.org" />
+	<target host="www.broadband-forum.org" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BroadbandReports.xml b/src/chrome/content/rules/BroadbandReports.xml
deleted file mode 100644
index 26190f46fc0e..000000000000
--- a/src/chrome/content/rules/BroadbandReports.xml
+++ /dev/null
@@ -1,27 +0,0 @@
-<ruleset name="Broadband Reports">
-
-	<target host="broadbandreports.com" />
-	<target host="www.broadbandreports.com" />
-	<target host="i.dslr.net" />
-	<target host="dslreports.com" />
-	<target host="*.dslreports.com" />
-
-
-	<!--	Redirect loop:
-
-		https://mail1.eff.org/pipermail/https-everywhere-rules/2012-October/001352.html
-												-->
-		<exclusion pattern="^http://(?:www\.)?(?:broadband|dsl)reports\.com/forum/[a-qs-z][_a-z]+(?:,[a-z]+|,?\d+)?(?:~[=a-z]+)?$" />
-		<exclusion pattern="^http://(?:www\.)?(?:broadband|dsl)reports\.com/forum/r[a-df-z][_a-z]+(?:,[a-z]+|,?\d+)?(?:~[=a-z]+)?$" />
-
-	<rule from="^http://(?:www\.|secure\.)?(?:broadband|dsl)reports\.com/forum/remark,(\d+)(~[=a-z]+)?$"
-		to="https://secure.dslreports.com/forum/r$1-$2" />
-
-	<rule from="^http://(?:www\.|secure\.)?(?:broadband|dsl)reports\.com/"
-		to="https://secure.dslreports.com/" />
-
-	<!--	https://mail1.eff.org/pipermail/https-everywhere-rules/2012-June/001188.html	-->
-	<rule from="^http://i\.dslr\.net/"
-		to="https://secure.dslreports.com/i/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Broadband_Convergent.xml b/src/chrome/content/rules/Broadband_Convergent.xml
index b8f3772781a6..1ede5484572a 100644
--- a/src/chrome/content/rules/Broadband_Convergent.xml
+++ b/src/chrome/content/rules/Broadband_Convergent.xml
@@ -7,7 +7,6 @@
 	<securecookie host="^www\.broadbandconvergent\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?broadbandconvergent\.com/"
-		to="https://$1broadbandconvergent.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Broadbandbuyer.co.uk.xml b/src/chrome/content/rules/Broadbandbuyer.co.uk.xml
new file mode 100644
index 000000000000..0bab1d45314b
--- /dev/null
+++ b/src/chrome/content/rules/Broadbandbuyer.co.uk.xml
@@ -0,0 +1,31 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- www.broadbandbuyer.co.uk
+
+-->
+<ruleset name="Broadbandbuyer.co.uk">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.broadbandbuyer.co.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="broadbandbuyer.co.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.broadbandbuyer\.co\.uk$" name="^(?:CustomerID|HTTP_REFERER|MD|OrderID|ProductID|VisitorID)$" /-->
+
+	<securecookie host="^www\.broadbandbuyer\.co\.uk$" name=".+" />
+
+
+	<rule from="^http://broadbandbuyer\.co\.uk/"
+		to="https://www.broadbandbuyer.co.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Broadbandchoices.co.uk.xml b/src/chrome/content/rules/Broadbandchoices.co.uk.xml
deleted file mode 100644
index 0bd9b027d9ab..000000000000
--- a/src/chrome/content/rules/Broadbandchoices.co.uk.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	Problematic subdomains:
-
-		- ^	(dropped)
-
-
-	CN: *.cloudfront.net
-
--->
-<ruleset name="broadbandchoices.co.uk" default_off="mismatched">
-
-	<target host="broadbandchoices.co.uk" />
-	<target host="www.broadbandchoices.co.uk" />
-
-
-	<rule from="^http://(?:www\.)?broadbandchoices\.co\.uk/"
-		to="https://www.broadbandchoices.co.uk/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Broadcast.ch.xml b/src/chrome/content/rules/Broadcast.ch.xml
new file mode 100644
index 000000000000..3684f788e304
--- /dev/null
+++ b/src/chrome/content/rules/Broadcast.ch.xml
@@ -0,0 +1,15 @@
+<!--
+	Nonfunctional hosts in *.broadcast.ch:
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Broadcast.ch">
+	<target host="broadcast.ch" />
+	<target host="www.broadcast.ch" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/BroadcastJobs.co.uk.xml b/src/chrome/content/rules/BroadcastJobs.co.uk.xml
index 470aa36c794e..8f416a4cdb6c 100644
--- a/src/chrome/content/rules/BroadcastJobs.co.uk.xml
+++ b/src/chrome/content/rules/BroadcastJobs.co.uk.xml
@@ -13,7 +13,6 @@
 	<securecookie host="^rs\.broadcastjobs\.co\.uk$" name=".+" />
 
 
-	<rule from="^http://rs\.broadcastjobs\.co\.uk/"
-		to="https://rs.broadcastjobs.co.uk/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Broadcasthe.net.xml b/src/chrome/content/rules/Broadcasthe.net.xml
index a7d6f214f325..71d1d85f43cf 100644
--- a/src/chrome/content/rules/Broadcasthe.net.xml
+++ b/src/chrome/content/rules/Broadcasthe.net.xml
@@ -1,12 +1,13 @@
 <ruleset name="BroadcasTheNet">
+	<target host="broadcasthe.net" />
+	<target host="www.broadcasthe.net" />
+	<target host="cdn.broadcasthe.net" />
+	<target host="cdn2.broadcasthe.net" />
+	<target host="piwik.broadcasthe.net" />
+	<target host="static.broadcasthe.net" />
 
-	<target host="broadcasthe.net"/>
-	<target host="*.broadcasthe.net"/>
-
-	<securecookie host="^(.*\.)?broadcastthe\.net$" name=".*"/>
-
-	<!--	www doesn't work.	-->
-	<rule from="^http://(?:(cdn\.)|www\.)?broadcasthe\.net/"
-		to="https://$1broadcasthe.net/"/>
+	<securecookie host=".+" name=".+" />
 
+	<rule from="^http:"
+			to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Broadcom.xml b/src/chrome/content/rules/Broadcom.xml
index 20e08de52786..21b191f4d79c 100644
--- a/src/chrome/content/rules/Broadcom.xml
+++ b/src/chrome/content/rules/Broadcom.xml
@@ -1,48 +1,59 @@
+
 <!--
-		- broadcom.jobs2web.com
+Disabled by https-everywhere-checker because:
+Fetch error: http://jobs.broadcom.com/ => https://jobs.broadcom.com/: (28, 'Connection timed out after 20001 milliseconds')
 
-			- jobs
+	Other Broadcom rulesets:
 
+		- Broadcom_Foundation.org.xml
 
-	Nonfunctional subdomains:
 
-		- investor	(cert: *.shareholder.com; 403)
-		- websearch	(cert: foo.ent.google.com, expired, self-signed; redirects to http)
+	Nonfunctional hosts in *broadcom.com:
 
+		- blog ¹
+		- investor ²
+		- websearch ³
 
-	Problematic subdomains:
+	¹ Refused
+	² Dropped
+	³ Redirects to http
 
-		- jobs		(works; mismatched, CN: *.jobs2web.com)
 
+	Insecure cookies are set for these hosts:
 
-	Partially covered subdomains:
+		- community.broadcom.com
+		- jobs.broadcom.com
+		- www.broadcom.com
 
-		- jobs		(→ broadcom.jobs2web.com)
 
--->
-<ruleset name="Broadcom">
+	Mixed content:
 
-	<target host="broadcom.com" />
-	<target host="*.broadcom.com" />
-	<target host="broadcomfoundation.org" />
-	<target host="www.broadcomfoundation.org" />
+		- Images, on:
+
+			- community from ^broadcom.com ˢ
+			- community from www.broadcom.com ˢ
 
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
-	<securecookie host="^blog\.broadcom\.com$" name=".+" />
+-->
+<ruleset name="Broadcom.com (partial)" default_off="failed ruleset test">
+
+	<target host="broadcom.com" />
+	<target host="community.broadcom.com" />
+	<target host="jobs.broadcom.com" />
+	<target host="www.broadcom.com" />
 
 
-	<!--	Cert only matches www.	-->
-	<rule from="^https?://(?:www\.)?broadcom\.com/"
-		to="https://www.broadcom.com/" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^community\.broadcom\.com$" name="^(?:BIGipServer|jive\.login\.ts$|jive\.security\.context$)" /-->
+	<!--securecookie host="^jobs\.broadcom\.com$" name="^(JSESSIONID|PERSIST)$" /-->
+	<!--securecookie host="^www\.broadcom\.com$" name="^PHPSESSID$" /-->
 
-	<rule from="^http://blog\.broadcom\.com/"
-		to="https://blog.broadcom.com/" />
+	<securecookie host="^\w" name=".+" />
 
-	<rule from="^http://jobs\.broadcom\.com/(css|sites|view)/"
-		to="https://broadcom.jobs2web.com/$1/" />
 
-	<!--	Cert only matches www.	-->
-	<rule from="^https?://(?:www\.)?broadcomfoundation\.org/"
-		to="https://www.broadcomfoundation.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Broadcom_Foundation.org.xml b/src/chrome/content/rules/Broadcom_Foundation.org.xml
new file mode 100644
index 000000000000..a318fbcbe57f
--- /dev/null
+++ b/src/chrome/content/rules/Broadcom_Foundation.org.xml
@@ -0,0 +1,43 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://broadcomfoundation.org/ => https://www.broadcomfoundation.org/: (7, 'Failed to connect to www.broadcomfoundation.org port 443: Connection refused')
+Fetch error: http://www.broadcomfoundation.org/ => https://www.broadcomfoundation.org/: (7, 'Failed to connect to www.broadcomfoundation.org port 443: Connection refused')
+
+	For other Broadcom coverage, see Broadcom.xml.
+
+
+	^broadcomfoundation.org: Cert only matches www
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.broadcomfoundation.org
+
+
+	Mixed content:
+
+		- iframes from www.youtube.com *
+		- css from fonts.googleapis.com *
+		- Image from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Broadcom Foundation.org" default_off="failed ruleset test">
+
+	<target host="broadcomfoundation.org" />
+	<target host="www.broadcomfoundation.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.broadcomfoundation\.org$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^www\.broadcomfoundation\.org$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?broadcomfoundation\.org/"
+		to="https://www.broadcomfoundation.org/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Broadland.gov.uk.xml b/src/chrome/content/rules/Broadland.gov.uk.xml
new file mode 100644
index 000000000000..c99ca7da8b5c
--- /dev/null
+++ b/src/chrome/content/rules/Broadland.gov.uk.xml
@@ -0,0 +1,74 @@
+<!--
+	Broadland District Council
+
+	For rules causing false/broken MCB, see broadland.gov.uk-falsemixed.xml.
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *broadland.gov.uk:
+
+		- search *
+
+	* Redirects to http://search3.openobjects.com
+
+
+	Problematic hosts in *broadland.gov.uk:
+
+		- (www.)? ᵐ
+		- consult ᵐ
+
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- consult.broadland.gov.uk
+		- secure.broadland.gov.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css on secure from www.broadland.gov.uk ˢ
+		- Images on secure from www.broadland.gov.uk ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Broadland.gov.uk (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<!--target host="secure.broadland.gov.uk" /-->
+
+	<!--	Complications:
+				-->
+	<!--target host="broadland.gov.uk" /-->
+	<target host="consult.broadland.gov.uk" />
+	<!--target host="www.broadland.gov.uk" /-->
+
+		<!--	Mixed css:
+					-->
+		<!--test url="http://secure.broadland.gov.uk/Northgate/PlanningExplorer/GeneralSearch.aspx" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^consult.broadland.gov.uk$" name="^ServerID$" /-->
+	<!--securecookie host="^secure.broadland.gov.uk$" name="^(?:ASP\.NET_SessionId|MVMSession)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<!--rule from="^http://(?:www\.)?broadland\.gov\.uk/"
+		to="https://secure.broadland.gov.uk/" /-->
+
+	<rule from="^http://consult\.broadland\.gov\.uk/"
+		to="https://broadland-consult.objective.co.uk/" />
+
+	<!--rule from="^http:"
+		to="https:" /-->
+
+</ruleset>
diff --git a/src/chrome/content/rules/Brockman.xml b/src/chrome/content/rules/Brockman.xml
index e233e3719ee7..d86d484a27b1 100644
--- a/src/chrome/content/rules/Brockman.xml
+++ b/src/chrome/content/rules/Brockman.xml
@@ -8,8 +8,7 @@
 	<target host="www.brockman.com" />
 
 
-	<rule from="^http://(?:www\.)?brockman\.com/"
-		to="https://www.brockman.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
-	
\ No newline at end of file
+
diff --git a/src/chrome/content/rules/Brokenman.xml b/src/chrome/content/rules/Brokenman.xml
deleted file mode 100644
index 5f377f98b8b7..000000000000
--- a/src/chrome/content/rules/Brokenman.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="Brokenman">
-
-	<target host="brokenman.co" />
-	<target host="www.brokenman.co" />
-
-
-	<rule from="^http://(www\.)?brokenman\.co/"
-		to="https://$1brokenman.co/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Brokentoaster.xml b/src/chrome/content/rules/Brokentoaster.xml
index 5d27dc438485..80c0d50cdf31 100644
--- a/src/chrome/content/rules/Brokentoaster.xml
+++ b/src/chrome/content/rules/Brokentoaster.xml
@@ -1,4 +1,4 @@
-<ruleset name="Brokentoaster" default_off="mismatch">
+<ruleset name="Brokentoaster" default_off="mismatched">
 
 	<target host="brokentoaster.com" />
 	<target host="www.brokentoaster.com" />
@@ -6,7 +6,7 @@
 
 	<!--	Some pages 301 from !www to www.
 						-->
-	<rule from="^https?://(?:www\.)?brokentoaster\.com/"
+	<rule from="^http://(?:www\.)?brokentoaster\.com/"
 		to="https://www.brokentoaster.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Bromley.gov.uk.xml b/src/chrome/content/rules/Bromley.gov.uk.xml
new file mode 100644
index 000000000000..97c0fe18a234
--- /dev/null
+++ b/src/chrome/content/rules/Bromley.gov.uk.xml
@@ -0,0 +1,25 @@
+<!--
+	London Borough of Bromley
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	^: cert only matches www.
+
+-->
+<ruleset name="Bromley.gov.uk">
+
+	<target host="bromley.gov.uk" />
+	<target host="www.bromley.gov.uk" />
+	<target host="fix.bromley.gov.uk" />
+
+
+	<securecookie host="^\.?www\.bromley\.gov\.uk$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?bromley\.gov\.uk/"
+		to="https://www.bromley.gov.uk/" />
+
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Bronto_Software.xml b/src/chrome/content/rules/Bronto_Software.xml
index 7d5febd75b48..5eea94b0e242 100644
--- a/src/chrome/content/rules/Bronto_Software.xml
+++ b/src/chrome/content/rules/Bronto_Software.xml
@@ -60,4 +60,4 @@
 	<rule from="^http://hosting\.fyleio\.com/"
 		to="https://hosting.fyleio.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Bronxzoo.com.xml b/src/chrome/content/rules/Bronxzoo.com.xml
new file mode 100644
index 000000000000..de53f05903b4
--- /dev/null
+++ b/src/chrome/content/rules/Bronxzoo.com.xml
@@ -0,0 +1,17 @@
+<!--
+	Invalid Server Name:
+		www.bronxzoo.com
+		pages.bronxzoo.com
+	Redirect off-site:
+		apps.bronxzoo.com
+
+-->
+
+<ruleset name="Bronxzoo.com">
+	<target host="bronxzoo.com" />
+	<target host="app.bronxzoo.com" />
+
+	<securecookie host="(app\.)?bronxzoo\.com$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Brookings_Institution.xml b/src/chrome/content/rules/Brookings_Institution.xml
index 40e2cfe36bde..050c6e9113f4 100644
--- a/src/chrome/content/rules/Brookings_Institution.xml
+++ b/src/chrome/content/rules/Brookings_Institution.xml
@@ -1,19 +1,22 @@
-<!--
-	Nonfunctional subdomains:
 
-		- ^
-		- www	(500, akamai)
+<!--
 
--->
-<ruleset name="Brookings Institution (partial">
+	Brookings Institution
 
-	<target host="support.brookings.edu" />
+	Problematic hosts in *brookings.edu:
 
+		Invalid Certificate:
+			- connect
+			- webfeeds
+			- skills
 
-	<securecookie host="^support\.brookings\.edu$" name=".+" />
-
+-->
+<ruleset name="Brookings.edu (partial)" >
+	<target host="brookings.edu" />
+	<target host="www.brookings.edu" />
+	<target host="support.brookings.edu" />
 
-	<rule from="^http://support\.brookings\.edu/"
-		to="https://support.brookings.edu/" />
+	<securecookie host=".+" name=".+" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"	to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Brookline_College.edu.xml b/src/chrome/content/rules/Brookline_College.edu.xml
new file mode 100644
index 000000000000..235b867ba652
--- /dev/null
+++ b/src/chrome/content/rules/Brookline_College.edu.xml
@@ -0,0 +1,32 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://brooklinecollege.edu/ (200) => https://brooklinecollege.edu/ (521)
+
+	Mixed content:
+
+		- css from fonts.googleapis.com *
+
+		- Images from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Brookline College.edu" default_off="failed ruleset test">
+
+	<target host="brooklinecollege.edu" />
+	<target host="apply.brooklinecollege.edu" />
+	<target host="fa.brooklinecollege.edu" />
+	<target host="fbapp.brooklinecollege.edu" />
+	<target host="mysite.brooklinecollege.edu" />
+	<target host="www.brooklinecollege.edu" />
+
+
+	<!--	Not secured by server:
+					-->
+	<securecookie host="^\.?brooklinecollege\.edu$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BrooksBrothers.com.xml b/src/chrome/content/rules/BrooksBrothers.com.xml
new file mode 100644
index 000000000000..1f78b2e4441f
--- /dev/null
+++ b/src/chrome/content/rules/BrooksBrothers.com.xml
@@ -0,0 +1,20 @@
+<!--
+	Invalid certificate:
+		- brooksbrothers.com, equivalent to www.brooksbrothers.com
+		- membership.brooksbrothers.com
+-->
+
+<ruleset name="BrooksBrothers.com">
+	<target host="brooksbrothers.com" />
+	<target host="www.brooksbrothers.com" />
+	<target host="pages.emails.brooksbrothers.com" />
+	<target host="magazine.brooksbrothers.com" />
+	<target host="origin-www2.brooksbrothers.com" />
+	<target host="stories.brooksbrothers.com" />
+	<target host="vpn.brooksbrothers.com" />
+
+	<rule from="^http://brooksbrothers\.com/"
+		to="https://www.brooksbrothers.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Brookside_Capital.xml b/src/chrome/content/rules/Brookside_Capital.xml
index 8480bf561898..fb4575e5324f 100644
--- a/src/chrome/content/rules/Brookside_Capital.xml
+++ b/src/chrome/content/rules/Brookside_Capital.xml
@@ -1,13 +1,20 @@
-<ruleset name="Brookside Capital">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://brooksidefund.com/ => https://brooksidefund.com/: (51, "SSL: no alternative certificate subject name matches target host name 'brooksidefund.com'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://brooksidefund.com/ => https://brooksidefund.com/: (51, "SSL: no alternative certificate subject name matches target host name 'brooksidefund.com'")
+-->
+<ruleset name="Brookside Capital" default_off="failed ruleset test">
 
 	<target host="brooksidefund.com" />
-	<target host="*.brooksidefund.com" />
+	<target host="www.brooksidefund.com" />
 
 
-	<securecookie host="^(?:.*\.)?brooksidefund\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(www\.)?brooksidefund\.com/"
-		to="https://$1brooksidefund.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/BroomeCC.xml b/src/chrome/content/rules/BroomeCC.xml
index 69ac951976d8..526887bc4a7c 100644
--- a/src/chrome/content/rules/BroomeCC.xml
+++ b/src/chrome/content/rules/BroomeCC.xml
@@ -1,6 +1,96 @@
-<ruleset name="Broome Community College" platform="ipsca mixedcontent">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://bccserve.sunybroome.edu/ => https://bccserve.sunybroome.edu/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	Broome Community College
+
+	For problematic rules, see Suny_Broome.edu-problematic.xml.
+
+
+	Nonfunctional hosts in *sunybroome.edu:
+
+		- catalog *
+
+	* Redirects to http
+
+
+	^sunybroome.edu: Mismatched
+	^sunybroome.edu differs from www.sunybroome.edu
+
+
+	These altnames don't exist:
+
+		- www.w.sunybroome.edu
+
+
+	Insecure cookies are set for these hosts:
+
+		- banner.sunybroome.edu
+
+
+	Mixed content:
+
+		- css on w, www from fonts.googleapis.com ¹
+
+		- Images, on:
+
+			- www from www1.sunybroome.edu ¹
+			- www from sunybroome.staging.wpengine.com
+
+	¹ Secured by us
+
+-->
+<ruleset name="Suny Broome.edu (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<!--target host="sunybroome.edu" /-->
+	<target host="bccserve.sunybroome.edu" />
+	<target host="mycollege.sunybroome.edu" />
+	<target host="news.sunybroome.edu" />
+	<target host="w.sunybroome.edu" />
   <target host="www.sunybroome.edu" />
-  <target host="sunybroome.edu" />
+	<target host="www1.sunybroome.edu" />
+	<target host="www2.sunybroome.edu" />
+	<target host="www3.sunybroome.edu" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://news\.sunybroome\.edu/$" /-->
+		<!--exclusion pattern="^http://www1\.sunybroome\.edu/$" /-->
+		<!--exclusion pattern="^http://www2\.sunybroome\.edu/housing/$" /-->
+		<!--exclusion pattern="^http://www3\.sunybroome\.edu/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://(?:news|www[1-3])\.sunybroome\.edu/+(?!\w+/wp-content/|wp-content/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://news.sunybroome.edu/buzz" />
+			<test url="http://news.sunybroome.edu/focus" />
+			<test url="http://www1.sunybroome.edu/about/calendar/" />
+			<test url="http://www2.sunybroome.edu/conduct" />
+			<test url="http://www2.sunybroome.edu/housing/" />
+			<test url="http://www2.sunybroome.edu/housing/contact/" />
+
+			<!--	-ve:
+					-->
+			<test url="http://news.sunybroome.edu/buzz/wp-content/uploads/sites/2/2015/01/SUNYBroomeLogo.png" />
+			<test url="http://news.sunybroome.edu/wp-content/uploads/2013/05/sunybroomelogo.gif" />
+			<test url="http://www1.sunybroome.edu/wp-content/themes/outreach-pro/style.css" />
+			<test url="http://www2.sunybroome.edu/reslife/wp-content/uploads/sites/3/2014/08/copy-sblogo.gif" />
+			<test url="http://www3.sunybroome.edu/wp-content/plugins/easy-maintenance-mode-coming-soon/themes/assets/bootstrap/css/bootstrap.min.css" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^banner\.sunybroome\.edu$" name="^BIGipServer[\w~.-]+$" /-->
+
+	<securecookie host="^banner\.sunybroome\.edu$" name=".+" />
+
 
-  <rule from="^http://(www\.)?sunybroome\.edu/" to="https://sunybroome.edu/"/>
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Brown-Paper-Tickets.xml b/src/chrome/content/rules/Brown-Paper-Tickets.xml
index d969981e2d03..8b717d9ba611 100644
--- a/src/chrome/content/rules/Brown-Paper-Tickets.xml
+++ b/src/chrome/content/rules/Brown-Paper-Tickets.xml
@@ -1,3 +1,9 @@
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://bpt.bz/ => https://www.brownpapertickets.com/: (28, 'Operation timed out after 0 milliseconds with 0 out of 0 bytes received')
+Fetch error: http://bpt.me/ => https://www.brownpapertickets.com/: (28, 'Operation timed out after 0 milliseconds with 0 out of 0 bytes received')
+Fetch error: http://brownpapertickets.com/ => https://www.brownpapertickets.com/: (28, 'Operation timed out after 0 milliseconds with 0 out of 0 bytes received')
+-->
 <ruleset name="Brown Paper Tickets (partial)">
 
 	<target host="bpt.bz"/>
@@ -9,12 +15,12 @@
 		<!--	!work	-->
 		<exclusion pattern="^http://community\."/>
 
-  <!-- JS redirection loop :( 
+  <!-- JS redirection loop :(
        https://trac.torproject.org/projects/tor/ticket/6573 -->
-  <exclusion pattern="^http://(www\.)?brownpapertickets\.com/event/" />
+  <exclusion pattern="^http://(?:www\.)?brownpapertickets\.com/event/" />
 
-	<securecookie host="^m\.bpt\.me$" name=".*"/>
-	<securecookie host="^(.*\.)?brownpapertickets\.com$" name=".*"/>
+	<securecookie host="^m\.bpt\.me$" name=".+" />
+	<securecookie host="^(?:.*\.)?brownpapertickets\.com$" name=".+" />
 
 
 	<!--	this is what the server does, except without https	-->
diff --git a/src/chrome/content/rules/Brown_University.xml b/src/chrome/content/rules/Brown_University.xml
index 321014e3c6c7..e7b701ea3d54 100644
--- a/src/chrome/content/rules/Brown_University.xml
+++ b/src/chrome/content/rules/Brown_University.xml
@@ -1,27 +1,49 @@
 <!--
+
 	Nonfunctional subdomains:
 
 		- directory
+		- www.geometry *
+
+	* Refused
 
 
 	Problematic subdomains:
 
-		- www.research		(cert only matches ^research)
+		- www.research *
+		- dl.lib +
 
--->
-<ruleset name="Brown University (partial)">
+	* Cert only matches ^foo
+	+ Redirects to library.brown.edu
 
+-->
+<ruleset name="Brown.edu (partial)" >
 	<target host="brown.edu" />
-	<target host="*.brown.edu" />
+	<target host="blogs.brown.edu" />
+	<target host="library.brown.edu" />
+	<target host="news.brown.edu" />
+	<target host="research.brown.edu" />
+	<target host="software.brown.edu" />
+	<target host="webapps.brown.edu" />
+	<target host="wiki.brown.edu" />
+	<target host="www.brown.edu" />
 
+	<!--	Complications:
+				-->
+	<target host="www.research.brown.edu" />
+	<target host="dl.lib.brown.edu" />
 
-	<securecookie host="^.+\.brown\.edu$" name=".+" />
 
+	<securecookie host=".+\.brown\.edu$" name=".+" />
 
-	<rule from="^http://((?:blogs|dl\.lib|library|news|software|webapps|wiki|www)\.)?brown\.edu/"
-		to="https://$1brown.edu/" />
 
-	<rule from="^https?://(?:www\.)?research\.brown\.edu/"
+	<rule from="^http://www\.research\.brown\.edu/"
 		to="https://research.brown.edu/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http://dl\.lib\.brown\.edu/"
+		to="https://library.brown.edu/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BrowseAloud.com.xml b/src/chrome/content/rules/BrowseAloud.com.xml
index 4d2d60eae9bf..59ffba778978 100644
--- a/src/chrome/content/rules/BrowseAloud.com.xml
+++ b/src/chrome/content/rules/BrowseAloud.com.xml
@@ -1,13 +1,19 @@
-<ruleset name="BrowseAloud.com">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://browsealoud.com/ => https://browsealoud.com/: (28, 'Connection timed out after 20000 milliseconds')
+
+-->
+<ruleset name="BrowseAloud.com" default_off="failed ruleset test">
 
 	<target host="browsealoud.com" />
 	<target host="www.browsealoud.com" />
 
 
-	<securecookie host="^(?:www\.)?browsealoud\.com$" name=".+" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^http://(www\.)?browsealoud\.com/"
-		to="https://$1browsealoud.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Browser-Statistik.de.xml b/src/chrome/content/rules/Browser-Statistik.de.xml
new file mode 100644
index 000000000000..f5018837a2ba
--- /dev/null
+++ b/src/chrome/content/rules/Browser-Statistik.de.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- www.browser-statistik.de
+
+-->
+<ruleset name="Browser-Statistik.de">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="browser-statistik.de" />
+	<target host="www.browser-statistik.de" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.browser-statistik\.de$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^www\.browser-statistik\.de$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BrowserID.xml b/src/chrome/content/rules/BrowserID.xml
deleted file mode 100644
index e07e7c843fcf..000000000000
--- a/src/chrome/content/rules/BrowserID.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<!--
-	For other Mozilla coverage, see Mozilla.xml.
-
--->
-<ruleset name="BrowserID">
-	<target host="browserid.org" />
-	<target host="www.browserid.org" />
-
-	<securecookie host="^(www\.)?browserid\.org$" name=".+" />
-
-	<rule from="^http://(www\.)?browserid\.org/" to="https://$1browserid.org/" />
-</ruleset>
diff --git a/src/chrome/content/rules/BrowserLeaks.xml b/src/chrome/content/rules/BrowserLeaks.xml
deleted file mode 100644
index 13b4437dc553..000000000000
--- a/src/chrome/content/rules/BrowserLeaks.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="BrowserLeaks">
-
-	<target host="browserleaks.com" />
-	<target host="www.browserleaks.com" />
-
-
-	<rule from="^http://(www\.)?browserleaks\.com/"
-		to="https://$1browserleaks.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/BrowserShots.xml b/src/chrome/content/rules/BrowserShots.xml
index 4786b9674fe3..0810431b50dd 100644
--- a/src/chrome/content/rules/BrowserShots.xml
+++ b/src/chrome/content/rules/BrowserShots.xml
@@ -1,8 +1,18 @@
-<ruleset name="BrowserShots" platform="mixedcontent">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://browsershots.org/ => https://browsershots.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.browsershots.org/ => https://browsershots.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://browsershots.org/ => https://browsershots.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.browsershots.org/ => https://browsershots.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+-->
+<ruleset name="BrowserShots" platform="mixedcontent" default_off="failed ruleset test">
   <target host="browsershots.org"/>
   <target host="www.browsershots.org"/>
 
-  <securecookie host="^(.+\.)?browsershots\.org$" name=".*"/>
+  <securecookie host=".+" name=".+" />
 
   <rule from="^http://(?:www\.)?browsershots\.org/" to="https://browsershots.org/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/Browser_Addon.com.xml b/src/chrome/content/rules/Browser_Addon.com.xml
new file mode 100644
index 000000000000..bde2721511f2
--- /dev/null
+++ b/src/chrome/content/rules/Browser_Addon.com.xml
@@ -0,0 +1,21 @@
+<!--
+	^: cert only matches *.browseraddon.com
+
+-->
+<ruleset name="Browser Addon.com" default_off="self-signed">
+
+	<target host="browseraddon.com" />
+	<target host="www.browseraddon.com" />
+
+
+	<!--	Server doesn't secure:
+					-->
+	<!--securecookie host="^(www\.)?browseraddon\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^(?:www\.)?browseraddon\.com$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?browseraddon\.com/"
+		to="https://www.browseraddon.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Browser_Hacker.com.xml b/src/chrome/content/rules/Browser_Hacker.com.xml
new file mode 100644
index 000000000000..c15fdec063ee
--- /dev/null
+++ b/src/chrome/content/rules/Browser_Hacker.com.xml
@@ -0,0 +1,27 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://browserhacker.com/ => https://browserhacker.com/: (6, 'Could not resolve host: browserhacker.com')
+Fetch error: http://www.browserhacker.com/ => https://browserhacker.com/: (6, 'Could not resolve host: browserhacker.com')
+
+	www.browserhacker.com: Refused
+
+-->
+<ruleset name="Browser Hacker.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="browserhacker.com" />
+
+	<!--	Complications:
+				-->
+	<target host="www.browserhacker.com" />
+
+
+	<rule from="^http://www\.browserhacker\.com/"
+		to="https://browserhacker.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Browsermob.com.xml b/src/chrome/content/rules/Browsermob.com.xml
new file mode 100644
index 000000000000..f6306259a735
--- /dev/null
+++ b/src/chrome/content/rules/Browsermob.com.xml
@@ -0,0 +1,18 @@
+<!--
+	For other Neustar coverage, see NeuStar.xml.
+
+
+	^browsermob.com: Expired
+	www.browsermob.com: Mismatched
+
+-->
+<ruleset name="browsermob.com" default_off="expired">
+
+	<target host="browsermob.com" />
+	<target host="www.browsermob.com" />
+
+
+	<rule from="^http://(?:www\.)?browsermob\.com/"
+		to="https://browsermob.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Browserprint.info.xml b/src/chrome/content/rules/Browserprint.info.xml
new file mode 100644
index 000000000000..3f4d1f0158d4
--- /dev/null
+++ b/src/chrome/content/rules/Browserprint.info.xml
@@ -0,0 +1,49 @@
+<!--
+	Remark: *.browserprint.info have a wildcard DNS Record.
+
+	Invalid Certificate:
+		www.browserprint.info
+-->
+<ruleset name="Browserprint.info">
+	<target host="browserprint.info" />
+	<target host="www.browserprint.info" />
+	<target host="hsts0.browserprint.info" />
+	<target host="hsts1.browserprint.info" />
+	<target host="hsts2.browserprint.info" />
+	<target host="hsts3.browserprint.info" />
+	<target host="hsts4.browserprint.info" />
+	<target host="hsts5.browserprint.info" />
+	<target host="hsts6.browserprint.info" />
+	<target host="hsts7.browserprint.info" />
+	<target host="hsts8.browserprint.info" />
+	<target host="hsts9.browserprint.info" />
+	<target host="hsts10.browserprint.info" />
+	<target host="hsts11.browserprint.info" />
+	<target host="hsts12.browserprint.info" />
+	<target host="hsts13.browserprint.info" />
+	<target host="hsts14.browserprint.info" />
+	<target host="hsts15.browserprint.info" />
+	<target host="hsts16.browserprint.info" />
+	<target host="hsts17.browserprint.info" />
+	<target host="hsts18.browserprint.info" />
+	<target host="hsts19.browserprint.info" />
+	<target host="hsts20.browserprint.info" />
+	<target host="hsts21.browserprint.info" />
+	<target host="hsts22.browserprint.info" />
+	<target host="hsts23.browserprint.info" />
+	<target host="hsts24.browserprint.info" />
+	<target host="hsts25.browserprint.info" />
+	<target host="hsts26.browserprint.info" />
+	<target host="hsts27.browserprint.info" />
+	<target host="hsts28.browserprint.info" />
+	<target host="hsts29.browserprint.info" />
+	<target host="hsts30.browserprint.info" />
+	<target host="hsts31.browserprint.info" />
+	<target host="hsts32.browserprint.info" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://www\.browserprint\.info/" to="https://browserprint.info/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Browsersafetymark.io.xml b/src/chrome/content/rules/Browsersafetymark.io.xml
new file mode 100644
index 000000000000..65d0f8466b9a
--- /dev/null
+++ b/src/chrome/content/rules/Browsersafetymark.io.xml
@@ -0,0 +1,16 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://fp3a.browsersafetymark.io/ => https://fp3a.browsersafetymark.io/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://fpd3a.browsersafetymark.io/ => https://fpd3a.browsersafetymark.io/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://fp3a.websafetymark.io/ => https://fp3a.websafetymark.io/: (6, 'Could not resolve host: fp3a.websafetymark.io')
+Fetch error: http://fpd3a.websafetymark.io/ => https://fpd3a.websafetymark.io/: (6, 'Could not resolve host: fpd3a.websafetymark.io')
+ This is for a site testing for installation of HTTPS Everywhere -->
+<ruleset name="Browsersafetymark.io" default_off="failed ruleset test">
+	<target host="fp3a.browsersafetymark.io" />
+	<target host="fpd3a.browsersafetymark.io" />
+	<target host="fp3a.websafetymark.io" />
+	<target host="fpd3a.websafetymark.io" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/BruCON.org.xml b/src/chrome/content/rules/BruCON.org.xml
new file mode 100644
index 000000000000..922be0b9c3c2
--- /dev/null
+++ b/src/chrome/content/rules/BruCON.org.xml
@@ -0,0 +1,18 @@
+<!--
+	Nonfunctional subdomains:
+
+		- (www.) *
+		- 2013 *
+		- 2014 *
+
+	* Shows ssl; mismatched, CN: ssl.brucon.org
+
+-->
+<ruleset name="BruCON.org (partial)" default_off="self-signed">
+
+	<target host="ssl.brucon.org" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bruce-Perens.xml b/src/chrome/content/rules/Bruce-Perens.xml
index f6338c8b45b5..e660eedc16f8 100644
--- a/src/chrome/content/rules/Bruce-Perens.xml
+++ b/src/chrome/content/rules/Bruce-Perens.xml
@@ -1,13 +1,12 @@
 <ruleset name="Bruce Perens">
 
 	<target host="perens.com" />
-	<target host="*.perens.com" />
+	<target host="www.perens.com" />
 
 
-	<securecookie host="^\.perens\.com$" name=".+" />
+	<securecookie host="^(?:w*\.)?perens\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?perens\.com/"
-		to="https://$1perens.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Bruno-Postle.xml b/src/chrome/content/rules/Bruno-Postle.xml
index 73e509d236a0..5e3f1b0d4a39 100644
--- a/src/chrome/content/rules/Bruno-Postle.xml
+++ b/src/chrome/content/rules/Bruno-Postle.xml
@@ -7,7 +7,6 @@
 		- !www shows CentOS Apache 2 test page over https
 		- !www 302s to www over http
 							-->
-	<rule from="^http://www\.bruno\.postle\.net/"
-		to="https://www.bruno.postle.net/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Bruteforce.gr.xml b/src/chrome/content/rules/Bruteforce.gr.xml
new file mode 100644
index 000000000000..aff6f86b6aa7
--- /dev/null
+++ b/src/chrome/content/rules/Bruteforce.gr.xml
@@ -0,0 +1,6 @@
+<ruleset name="Bruteforce.gr (Partial)">
+  <target host="bruteforce.gr" />
+  <target host="www.bruteforce.gr" />
+
+  <rule from="^http://(www\.)?bruteforce\.gr/" to="https://bruteforce.gr/" />
+</ruleset>
diff --git a/src/chrome/content/rules/Bspb.ru.xml b/src/chrome/content/rules/Bspb.ru.xml
new file mode 100644
index 000000000000..e782b7d92c37
--- /dev/null
+++ b/src/chrome/content/rules/Bspb.ru.xml
@@ -0,0 +1,13 @@
+<!--report2014. mismatch
+report2015. mismatch
+report2011. mismatch
+report2013. mismatch-->
+<ruleset name="Bspb.ru">
+	<target host="bspb.ru" />
+	<target host="www.bspb.ru" />
+	<target host="sbk.bspb.ru" />
+	<target host="i.bspb.ru" />
+	<target host="idemo.bspb.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Btc.to.xml b/src/chrome/content/rules/Btc.to.xml
deleted file mode 100644
index de26ac7beca5..000000000000
--- a/src/chrome/content/rules/Btc.to.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	Cert only matches ^btc.to
-
--->
-<ruleset name="btc.to">
-
-	<target host="btc.to" />
-	<target host="www.btc.to" />
-
-
-	<securecookie host="^btc\.to$" name=".+" />
-
-
-	<rule from="^https?://(?:www\.)?btc\.to/"
-		to="https://btc.to/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Btcc.com.xml b/src/chrome/content/rules/Btcc.com.xml
new file mode 100644
index 000000000000..98db90590c17
--- /dev/null
+++ b/src/chrome/content/rules/Btcc.com.xml
@@ -0,0 +1,22 @@
+<!--
+	For its old domain, see BTCChina.com.xml
+-->
+
+<ruleset name="Btcc.com" >
+	<target host="btcc.com" />
+	<target host="www.btcc.com" />
+	<target host="api.btcc.com" />
+	<target host="data.btcc.com" />
+	<target host="exchange.btcc.com" />
+	<target host="forever.btcc.com" />
+	<target host="mint.btcc.com" />
+	<target host="pay.btcc.com" />
+	<target host="pool.btcc.com" />
+	<target host="pro.btcc.com" />
+	<target host="pro-data.btcc.com" />
+	<target host="spot.btcc.com" />
+	<target host="static.btcc.com" />
+	<target host="store.btcc.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Bter.com.xml b/src/chrome/content/rules/Bter.com.xml
deleted file mode 100644
index 5f3e004cd242..000000000000
--- a/src/chrome/content/rules/Bter.com.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Bter.com">
-
-	<target host="bter.com" />
-	<target host="*.bter.com" />
-
-
-	<securecookie host="^\.?bter\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?bter\.com/"
-		to="https://$1bter.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Btp.police.uk.xml b/src/chrome/content/rules/Btp.police.uk.xml
new file mode 100644
index 000000000000..4d0686cea10a
--- /dev/null
+++ b/src/chrome/content/rules/Btp.police.uk.xml
@@ -0,0 +1,47 @@
+<!--
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *btp.police.uk:
+
+		- careers ᵃ
+		- media ᵈ
+
+	ᵃ Shows www.btp.police.uk
+	ᵈ Dropped
+
+
+	Problematic hosts in *btp.police.uk:
+
+		- ^ ᵐ
+		- crimemaps ᵛ
+
+	ᵐ Mismatched
+	ᵛ Revoked
+
+
+	Mixed content:
+
+		- Images on www from $self ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="BTP.Police.uk (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.btp.police.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="btp.police.uk" />
+
+
+	<rule from="^http://btp\.police\.uk/"
+		to="https://www.btp.police.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bttrack.com.xml b/src/chrome/content/rules/Bttrack.com.xml
new file mode 100644
index 000000000000..87003419ea86
--- /dev/null
+++ b/src/chrome/content/rules/Bttrack.com.xml
@@ -0,0 +1,31 @@
+<!--
+	For other Bidtellect coverage, see Bidtellect.com.xml.
+
+
+	Bugs.
+
+
+	Insecure cookies are set for these domains: ˢ
+
+		- .bttrack.com
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Bttrack.com">
+
+	<target host="bttrack.com" />
+	<target host="www.bttrack.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.bttrack\.com$" name="^GLOBALID$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BuKoF.de.xml b/src/chrome/content/rules/BuKoF.de.xml
new file mode 100644
index 000000000000..c57c90375b96
--- /dev/null
+++ b/src/chrome/content/rules/BuKoF.de.xml
@@ -0,0 +1,13 @@
+<!--
+	This ruleset contains a wildcard DNS record.
+-->
+<ruleset name="BuKoF.de">
+
+	<target host="bukof.de" />
+	<target host="www.bukof.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BucketListly.com.xml b/src/chrome/content/rules/BucketListly.com.xml
new file mode 100644
index 000000000000..8d605aff706c
--- /dev/null
+++ b/src/chrome/content/rules/BucketListly.com.xml
@@ -0,0 +1,31 @@
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://bucketlistly.com/ => http://bucketlistly.com/: Cycle detected - URL already encountered: http://bucketlistly.com/
+	Nonfunctional subdomains:
+
+		- blog *
+
+	* Tumblr
+
+
+	^: refused
+
+-->
+<ruleset name="BucketListly.com (partial)">
+
+	<target host="bucketlistly.com" />
+	<target host="www.bucketlistly.com" />
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="^http://www\.bucketlistly\.com/(discussions)?($|\?)" /-->
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="^http://(www\.)?bucketlistly\.com/(?!favicon\.ico|users/new($|[?/]))" /-->
+
+
+	<rule from="^http://(?:www\.)?bucketlistly\.com/(?=favicon\.ico|users/new(?:$|[?/]))"
+		to="https://www.bucketlistly.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bucket_Explorer.com.xml b/src/chrome/content/rules/Bucket_Explorer.com.xml
deleted file mode 100644
index b84ac2c0294f..000000000000
--- a/src/chrome/content/rules/Bucket_Explorer.com.xml
+++ /dev/null
@@ -1,42 +0,0 @@
-<!--
-	For other Chambal coverage, see Chambal.xml.
-
-
-	CDN buckets:
-
-		- s3.amazonaws.com/coppermine.bucketexplorer.com/
-		- d1davc07w1ubq9.cloudfront.net | s3.amazonaws.com/images.bucketexplorer.com/
-		- s3.amazonaws.com/www.bucketexplorer.com/
-
-
-	Nonfunctional subdomains:
-
-		- ^ *
-		- gallery *
-		- support *
-		- www		(interrupted)
-
-	* http reply
-
-
-	Problematic subdomains:
-
-		- coppermine	(shows accounts; mismatched, CN: accounts.chambal.com)
-
--->
-<ruleset name="Bucket Explorer.com (partial)">
-
-	<target host="bucketexplorer.com" />
-	<target host="*.bucketexplorer.com" />
-
-
-	<rule from="^http://(?:www\.)?bucketexplorer\.com/favicon\.ico"
-		to="https://d1davc07w1ubq9.cloudfront.net/favicon.ico" />
-
-	<rule from="^http://coppermine\.bucketexplorer\.com/"
-		to="https://s3.amazonaws.com/coppermine.bucketexplorer.com/" />
-
-	<rule from="^http://images\.bucketexplorer\.com/"
-		to="https://d1davc07w1ubq9.cloudfront.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Bucknell_University-problematic.xml b/src/chrome/content/rules/Bucknell_University-problematic.xml
deleted file mode 100644
index fa6bc4e91312..000000000000
--- a/src/chrome/content/rules/Bucknell_University-problematic.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	For rules that are on by default, see Bucknell_University.xml.
-
--->
-<ruleset name="Bucknell University (problematic)" default_off="mismatched, self-signed">
-
-	<target host="b-link.bucknell.edu" />
-	<target host="www.b-link.bucknell.edu" />
-
-
-	<rule from="^https?://(?:www\.)?b-link.bucknell\.edu/"
-		to="https://www.b-link.bucknell.edu/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Bucknell_University.xml b/src/chrome/content/rules/Bucknell_University.xml
index fac4f99f65fb..6884c2f5f8a7 100644
--- a/src/chrome/content/rules/Bucknell_University.xml
+++ b/src/chrome/content/rules/Bucknell_University.xml
@@ -1,22 +1,79 @@
+
 <!--
-	For problematic rules, see Bucknell_University-problematic.xml.
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Fetch error: http://b-link.bucknell.edu/ => https://b-link.bucknell.edu/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.b-link.bucknell.edu/ => https://www.b-link.bucknell.edu/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.bannerssb.bucknell.edu/ => https://www.bannerssb.bucknell.edu/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://filelocker.bucknell.edu/ => https://filelocker.bucknell.edu/: (35, 'error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol')
+Fetch error: http://portal.bucknell.edu/ => https://portal.bucknell.edu/: (28, 'Connection timed out after 20001 milliseconds')
 
+	Non-functional hosts
+		Couldn't connect to server:
+			 - coursecatalog.bucknell.edu
+			 - moodle.bucknell.edu
 
-	Problematic subdomains:
+		SSL peer certificate was not OK:
+			 - www.b-link.bucknell.edu
+			 - careers.bucknell.edu
+			 - researchbysubject.bucknell.edu
 
-		- (www.)b-link		(self-signed, CN: 192.168.1.92)
+		Incomplete certificate chain error:
+			 - digitalcommons.bucknell.edu
 
+		Mixed content blocking (MCB) tiggered:
+			 - lit.blogs.bucknell.edu
+
+    Expired certificate:
+        - b-link.bucknell.edu
 -->
 <ruleset name="Bucknell University (partial)">
-
 	<target host="bucknell.edu" />
 	<target host="www.bucknell.edu" />
+	<target host="admissions.bucknell.edu" />
+	<target host="ask.bucknell.edu" />
+	<!-- target host="b-link.bucknell.edu" /-->
+	<!-- target host="www.b-link.bucknell.edu" /-->
+	<!-- target host="www.bannerssb.bucknell.edu" /-->
+	<target host="bsg.blogs.bucknell.edu" />
+	<target host="buaa.blogs.bucknell.edu" />
+	<target host="careerinsider.blogs.bucknell.edu" />
+	<target host="emergencycommunications.blogs.bucknell.edu" />
+	<target host="lewisburgcommunitygarden.blogs.bucknell.edu" />
+	<target host="raybucknell.blogs.bucknell.edu" />
+	<target host="serviceevents.blogs.bucknell.edu" />
+	<target host="studenthealth.blogs.bucknell.edu" />
+	<target host="baseball.clubs.bucknell.edu" />
+	<target host="equestrian.clubs.bucknell.edu" />
+	<target host="fieldhockey.clubs.bucknell.edu" />
+	<target host="menslacrosse.clubs.bucknell.edu" />
+	<target host="mensrugby.clubs.bucknell.edu" />
+	<target host="menssoccer.clubs.bucknell.edu" />
+	<target host="menssquash.clubs.bucknell.edu" />
+	<target host="mensultimatefrisbee.clubs.bucknell.edu" />
+	<target host="mensvolleyball.clubs.bucknell.edu" />
+	<target host="menswaterpolo.clubs.bucknell.edu" />
+	<target host="sailing.clubs.bucknell.edu" />
+	<target host="skiing.clubs.bucknell.edu" />
+	<target host="tennis.clubs.bucknell.edu" />
+	<target host="womenslacrosse.clubs.bucknell.edu" />
+	<target host="womenssoccer.clubs.bucknell.edu" />
+	<target host="womenssquash.clubs.bucknell.edu" />
+	<target host="womensultimatefrisbee.clubs.bucknell.edu" />
+	<target host="womensvolleyball.clubs.bucknell.edu" />
+	<target host="www.departments.bucknell.edu" />
+	<target host="www.eg.bucknell.edu" />
+	<target host="events.bucknell.edu" />
+	<!-- target host="filelocker.bucknell.edu" /-->
+	<target host="getinvolved.bucknell.edu" />
+	<target host="m.bucknell.edu" />
+	<target host="my.bucknell.edu" />
+	<!-- target host="portal.bucknell.edu" /-->
+	<target host="pr.bucknell.edu" />
+	<target host="secure.bucknell.edu" />
+		<test url="http://secure.bucknell.edu/uaccounts/" />
+	<target host="starrez.bucknell.edu" />
 
-
-	<securecookie host="^(?:www\.)?bucknell\.edu$" name=".+" />
-
-
-	<rule from="^http://(www\.)?bucknell\.edu/"
-		to="https://$1bucknell.edu/" />
-
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Buckyballs.xml b/src/chrome/content/rules/Buckyballs.xml
deleted file mode 100644
index 634641733765..000000000000
--- a/src/chrome/content/rules/Buckyballs.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="Buckyballs">
-  <target host="getbuckyballs.com" />
-  <target host="www.getbuckyballs.com" />
-
-  <rule from="^http://(?:www\.)?getbuckyballs\.com/" to="https://www.getbuckyballs.com/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Bucyrus_Telegraph_Forum.xml b/src/chrome/content/rules/Bucyrus_Telegraph_Forum.xml
index 66bf4951051c..2644b6bd87cd 100644
--- a/src/chrome/content/rules/Bucyrus_Telegraph_Forum.xml
+++ b/src/chrome/content/rules/Bucyrus_Telegraph_Forum.xml
@@ -11,13 +11,14 @@
 <ruleset name="Bucyrus Telegraph Forum">
 
 	<target host="bucyrustelegraphforum.com" />
-	<target host="*.bucyrustelegraphforum.com" />
+	<target host="cmsimg.bucyrustelegraphforum.com" />
+	<target host="www.bucyrustelegraphforum.com" />
 
 
 	<securecookie host="^www\.bucyrustelegraphforum\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:cmsimg\.|www\.)?bucyrustelegraphforum\.com/"
+	<rule from="^http://(?:cmsimg\.|www\.)?bucyrustelegraphforum\.com/"
 		to="https://www.bucyrustelegraphforum.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/BuddyPress.org.xml b/src/chrome/content/rules/BuddyPress.org.xml
new file mode 100644
index 000000000000..a1bfe50d5690
--- /dev/null
+++ b/src/chrome/content/rules/BuddyPress.org.xml
@@ -0,0 +1,18 @@
+<!--
+	Mixed content:
+
+		- css on codex from fonts.googleapis.com *
+
+	 * Secured by us
+
+-->
+<ruleset name="BuddyPress.org">
+
+	<target host="buddypress.org" />
+	<target host="*.buddypress.org" />
+
+
+	<rule from="^http://(\w+\.)?buddypress\.org/"
+		to="https://$1buddypress.org/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Budget-Belize.com.xml b/src/chrome/content/rules/Budget-Belize.com.xml
new file mode 100644
index 000000000000..b092f2635387
--- /dev/null
+++ b/src/chrome/content/rules/Budget-Belize.com.xml
@@ -0,0 +1,28 @@
+<!--
+	For other Budget coverage, see Budget.com.xml
+
+
+	Non-functional subdomains:
+		- www	(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Budget-Belize.com">
+
+	<target host="budget-belize.com" />
+	<target host="www.budget-belize.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://www\.budget-belize\.com/"
+		to="https://budget-belize.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Budget-Jamaica.com.xml b/src/chrome/content/rules/Budget-Jamaica.com.xml
new file mode 100644
index 000000000000..ba66f4147a5d
--- /dev/null
+++ b/src/chrome/content/rules/Budget-Jamaica.com.xml
@@ -0,0 +1,27 @@
+<!--
+	For other Budget coverage, see Budget.com.xml
+
+
+	Non-functional subdomains:
+		- mail		(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Budget Jamaica.com">
+
+	<target host="budgetjamaica.com" />
+	<target host="www.budgetjamaica.com" />
+	<target host="test.budgetjamaica.com" />
+	<target host="www.test.budgetjamaica.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Budget-Martinique.com.xml b/src/chrome/content/rules/Budget-Martinique.com.xml
new file mode 100644
index 000000000000..3dca00bda958
--- /dev/null
+++ b/src/chrome/content/rules/Budget-Martinique.com.xml
@@ -0,0 +1,13 @@
+<!--
+	For other Budget coverage, see Budget.com.xml
+-->
+<ruleset name="Budget-Martinique.com">
+
+	<target host="budget-martinique.com" />
+	<target host="www.budget-martinique.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Budget-Panama.com.xml b/src/chrome/content/rules/Budget-Panama.com.xml
new file mode 100644
index 000000000000..8fd15fd1969d
--- /dev/null
+++ b/src/chrome/content/rules/Budget-Panama.com.xml
@@ -0,0 +1,14 @@
+<!--
+	For other Budget coverage, see Budget.com.xml
+-->
+<ruleset name="Budget Panama.com">
+
+	<target host="budgetpanama.com" />
+	<target host="www.budgetpanama.com" />
+	<target host="mail.budgetpanama.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Budget-Peru.com.xml b/src/chrome/content/rules/Budget-Peru.com.xml
new file mode 100644
index 000000000000..3f9f80837e5d
--- /dev/null
+++ b/src/chrome/content/rules/Budget-Peru.com.xml
@@ -0,0 +1,25 @@
+<!--
+	For other Budget coverage, see Budget.com.xml
+
+
+	Non-functional subdomains:
+		- locations		(e)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Budget Peru.com">
+
+	<target host="budgetperu.com" />
+	<target host="www.budgetperu.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Budget.ba.xml b/src/chrome/content/rules/Budget.ba.xml
new file mode 100644
index 000000000000..6f227df14f2c
--- /dev/null
+++ b/src/chrome/content/rules/Budget.ba.xml
@@ -0,0 +1,18 @@
+<!--
+	For other Budget coverage, see Budget.com.xml
+-->
+<ruleset name="Budget.ba">
+
+	<target host="budget.ba" />
+	<target host="www.budget.ba" />
+	<target host="autodiscover.budget.ba" />
+	<target host="cpanel.budget.ba" />
+	<target host="mail.budget.ba" />
+	<target host="webdisk.budget.ba" />
+	<target host="webmail.budget.ba" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Budget.ca.xml b/src/chrome/content/rules/Budget.ca.xml
new file mode 100644
index 000000000000..7ec74e56e09a
--- /dev/null
+++ b/src/chrome/content/rules/Budget.ca.xml
@@ -0,0 +1,27 @@
+<!--
+	For other Budget coverage, see Budget.com.xml
+
+
+	Non-functional subdomains:
+		- qa	(t)
+    - qa[1-3]   (HTTP 503 error)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Budget.ca">
+
+	<target host="budget.ca" />
+	<target host="www.budget.ca" />
+	<target host="truck.budget.ca" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Budget.co.cr.xml b/src/chrome/content/rules/Budget.co.cr.xml
new file mode 100644
index 000000000000..3141869ce20a
--- /dev/null
+++ b/src/chrome/content/rules/Budget.co.cr.xml
@@ -0,0 +1,26 @@
+<!--
+	For other Budget coverage, see Budget.com.xml
+	Non-functional subdomains:
+		- qa	(t)
+		- qa1/2/3	(HTTP 503 error)
+		- reserve	(e)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Budget.co.cr">
+
+	<target host="budget.co.cr" />
+	<target host="www.budget.co.cr" />
+	<target host="webmail.budget.co.cr" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Budget.co.nz.xml b/src/chrome/content/rules/Budget.co.nz.xml
new file mode 100644
index 000000000000..dabbaabd4fb4
--- /dev/null
+++ b/src/chrome/content/rules/Budget.co.nz.xml
@@ -0,0 +1,42 @@
+<!--
+	For other Budget coverage, see Budget.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(e)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Budget.co.nz">
+
+	<target host="budget.co.nz" />
+	<target host="www.budget.co.nz" />
+	<target host="click.e.budget.co.nz" />
+	<target host="image.e.budget.co.nz" />
+	<target host="pages.e.budget.co.nz" />
+	<target host="view.e.budget.co.nz" />
+	<target host="mobile.budget.co.nz" />
+	<target host="qa1.budget.co.nz" />
+	<target host="qa1truck.budget.co.nz" />
+	<target host="qa2.budget.co.nz" />
+	<target host="qa3.budget.co.nz" />
+	<target host="truck.budget.co.nz" />
+	<target host="truckmobile.budget.co.nz" />
+	<target host="uat1.budget.co.nz" />
+	<target host="uat1truck.budget.co.nz" />
+	<target host="wholesale.budget.co.nz" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://budget\.co\.nz/"
+		to="https://www.budget.co.nz/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Budget.co.uk.xml b/src/chrome/content/rules/Budget.co.uk.xml
new file mode 100644
index 000000000000..187fc0d49867
--- /dev/null
+++ b/src/chrome/content/rules/Budget.co.uk.xml
@@ -0,0 +1,36 @@
+<!--
+	For other Budget coverage, see Budget.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(m)
+		- origin	(t)
+		- origin-mirror		(t)
+		- pse		(t)
+		- pvt		(i)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Budget.co.uk">
+
+	<target host="budget.co.uk" />
+	<target host="www.budget.co.uk" />
+	<target host="mirror.budget.co.uk" />
+	<target host="secure.budget.co.uk" />
+	<target host="secure-mirror.budget.co.uk" />
+	<target host="secureanalytics.budget.co.uk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://budget\.co\.uk/"
+		to="https://www.budget.co.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Budget.co.za.xml b/src/chrome/content/rules/Budget.co.za.xml
new file mode 100644
index 000000000000..dfb87ab1eb8c
--- /dev/null
+++ b/src/chrome/content/rules/Budget.co.za.xml
@@ -0,0 +1,36 @@
+<!--
+	For other Budget coverage, see Budget.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(m)
+		- mirror	(r)
+		- origin	(t)
+		- origin-mirror		(t)
+		- secure	(r)
+		- secure-mirror		(r)
+		- www2		(ssl connection error)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Budget.co.za">
+
+	<target host="budget.co.za" />
+	<target host="www.budget.co.za" />
+	<target host="book.budget.co.za" />
+	<target host="edms.budget.co.za" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://budget\.co\.za/"
+		to="https://www.budget.co.za/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Budget.com.ar.xml b/src/chrome/content/rules/Budget.com.ar.xml
new file mode 100644
index 000000000000..0c543d7e4dbe
--- /dev/null
+++ b/src/chrome/content/rules/Budget.com.ar.xml
@@ -0,0 +1,26 @@
+<!--
+	For other Budget coverage, see Budget.com.xml
+
+
+	Non-functional subdomains:
+		- locations		(e)
+		- mail			(s)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Budget.com.ar">
+
+	<target host="budget.com.ar" />
+	<target host="www.budget.com.ar" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Budget.com.au.xml b/src/chrome/content/rules/Budget.com.au.xml
new file mode 100644
index 000000000000..65b4a655ee4c
--- /dev/null
+++ b/src/chrome/content/rules/Budget.com.au.xml
@@ -0,0 +1,42 @@
+<!--
+	For other Budget coverage, see Budget.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(t)
+		- awards	(t)
+		- forms		(m)
+		- qa3		(HTTP 503 error)
+		- ex.sa		(r)
+		- sharepoint	(e)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Budget.com.au">
+
+	<target host="budget.com.au" />
+	<target host="www.budget.com.au" />
+	<target host="blog.budget.com.au" />
+	<target host="click.e.budget.com.au" />
+	<target host="image.e.budget.com.au" />
+	<target host="pages.e.budget.com.au" />
+	<target host="view.e.budget.com.au" />
+	<target host="mobile.budget.com.au" />
+	<target host="qa1.budget.com.au" />
+	<target host="qa2.budget.com.au" />
+	<target host="uat1.budget.com.au" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://budget\.com\.au/"
+		to="https://www.budget.com.au/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Budget.com.do.xml b/src/chrome/content/rules/Budget.com.do.xml
new file mode 100644
index 000000000000..f0692f5cec13
--- /dev/null
+++ b/src/chrome/content/rules/Budget.com.do.xml
@@ -0,0 +1,15 @@
+<!--
+	For other Budget coverage, see Budget.com.xml
+-->
+<ruleset name="Budget.com.do">
+
+	<target host="budget.com.do" />
+	<target host="www.budget.com.do" />
+	<target host="mail.mail.budget.com.do" />
+	<target host="www.mail.mail.budget.com.do" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Budget.com.fj.xml b/src/chrome/content/rules/Budget.com.fj.xml
new file mode 100644
index 000000000000..f01f1784f897
--- /dev/null
+++ b/src/chrome/content/rules/Budget.com.fj.xml
@@ -0,0 +1,12 @@
+<!--
+	For other Budget coverage, see Budget.com.xml
+-->
+<ruleset name="Budget.com.fj">
+
+	<target host="www.budget.com.fj" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Budget.com.gt.xml b/src/chrome/content/rules/Budget.com.gt.xml
new file mode 100644
index 000000000000..c628cd5d63e8
--- /dev/null
+++ b/src/chrome/content/rules/Budget.com.gt.xml
@@ -0,0 +1,13 @@
+<!--
+	For other Budget coverage, see Budget.com.xml
+-->
+<ruleset name="Budget.com.gt">
+
+	<target host="budget.com.gt" />
+	<target host="www.budget.com.gt" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Budget.com.mx.xml b/src/chrome/content/rules/Budget.com.mx.xml
new file mode 100644
index 000000000000..1bf8a86b65cd
--- /dev/null
+++ b/src/chrome/content/rules/Budget.com.mx.xml
@@ -0,0 +1,30 @@
+<!--
+	For other Budget coverage, see Budget.com.xml
+
+
+	Non-functional subdomains:
+		- admin		(ssl connection error)
+		- dev		(ssl connection error)
+		- en		(s)
+		- location		(e)
+		- webmail		(ssl connection error)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Budget.com.mx">
+
+	<target host="budget.com.mx" />
+	<target host="www.budget.com.mx" />
+	<target host="livehelp.budget.com.mx" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Budget.com.pt.xml b/src/chrome/content/rules/Budget.com.pt.xml
new file mode 100644
index 000000000000..12119a6af9a4
--- /dev/null
+++ b/src/chrome/content/rules/Budget.com.pt.xml
@@ -0,0 +1,29 @@
+<!--
+	For other Budget coverage, see Budget.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Budget.com.pt">
+
+	<target host="budget.com.pt" />
+	<target host="www.budget.com.pt" />
+	<target host="secure.budget.com.pt" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://budget\.com\.pt/"
+		to="https://www.budget.com.pt/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Budget.com.sv.xml b/src/chrome/content/rules/Budget.com.sv.xml
new file mode 100644
index 000000000000..2aab9b8b4ea3
--- /dev/null
+++ b/src/chrome/content/rules/Budget.com.sv.xml
@@ -0,0 +1,13 @@
+<!--
+	For other Budget coverage, see Budget.com.xml
+-->
+<ruleset name="Budget.com.sv">
+
+	<target host="budget.com.sv" />
+	<target host="www.budget.com.sv" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Budget.com.tr.xml b/src/chrome/content/rules/Budget.com.tr.xml
new file mode 100644
index 000000000000..cfd8a637f915
--- /dev/null
+++ b/src/chrome/content/rules/Budget.com.tr.xml
@@ -0,0 +1,28 @@
+<!--
+	For other Budget coverage, see Budget.com.xml
+
+
+	Non-functional subdomains:
+		- hungarytest		(m)
+		- origin		(t)
+		- secure		(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Budget.com.tr">
+
+	<target host="budget.com.tr" />
+	<target host="www.budget.com.tr" />
+	<target host="soforlukiralama.budget.com.tr" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Budget.com.xml b/src/chrome/content/rules/Budget.com.xml
new file mode 100644
index 000000000000..a62039ce27e7
--- /dev/null
+++ b/src/chrome/content/rules/Budget.com.xml
@@ -0,0 +1,108 @@
+
+<!--
+The following targets have been disabled at 2020-10-14 19:04:33:
+
+Fetch error: http://uat-api1.budget.com/ => https://uat-api1.budget.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+
+-->
+
+<!--
+The following targets have been disabled at 2020-04-17 18:38:06:
+
+Fetch error: http://qaimg1.budget.com/ => https://qaimg1.budget.com/: (51, "SSL: no alternative certificate subject name matches target host name 'qaimg1.budget.com'")
+Fetch error: http://uat1.budget.com/ => https://uat1.budget.com/: (51, "SSL: no alternative certificate subject name matches target host name 'uat1.budget.com'")
+Fetch error: http://uat2.budget.com/ => https://uat2.budget.com/: (51, "SSL: no alternative certificate subject name matches target host name 'uat2.budget.com'")
+Fetch error: http://uat3.budget.com/ => https://uat3.budget.com/: (51, "SSL: no alternative certificate subject name matches target host name 'uat3.budget.com'")
+
+	Other related rulesets:
+		- Budget.ba.xml
+		- Budget.ca.xml
+		- Budget.co.cr.xml
+		- Budget.co.nz.xml
+		- Budget.co.uk.xml
+		- Budget.co.za.xml
+		- Budget.com.ar.xml
+		- Budget.com.au.xml
+		- Budget.com.do.xml
+		- Budget.com.fj.xml
+		- Budget.com.gt.xml
+		- Budget.com.mx.xml
+		- Budget.com.pt.xml
+		- Budget.com.sv.xml
+		- Budget.com.tr.xml
+		- Budget.de.xml
+		- Budget.dk.xml
+		- Budget.ee.xml
+		- Budget.es.xml
+		- Budget.fr.xml
+		- Budget.ie.xml
+		- Budget.lu.xml
+		- Budget.lv.xml
+		- Budget.ma.xml
+		- Budget.nl.xml
+		- Budget.no.xml
+		- Budget.se.xml
+		- Budgetautonoleggio.it.xml
+		- Budget-Belize.com.xml
+		- Budget-Jamaica.com.xml
+		- Budget-Martinique.com.xml
+		- Budget-Panama.com.xml
+		- Budget-Peru.com.xml
+
+
+	Non-functional subdomains:
+		- bc	(m)
+		- www.bc	(m)
+		- chat	(t)
+		- image.e	(m)
+		- pub.e	(m)
+		- img2	(m)
+		- locations	(h)
+		- miami	(m)
+		- qabudgettest	(m)
+		- qaimg2	(m)
+		- seattle	(m)
+		- securemail	(e)
+		- voltage-pp-0000	(e)
+		- votc	(t)
+		- webwiz5	(i)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Budget.com">
+
+	<target host="budget.com" />
+	<target host="www.budget.com" />
+	<target host="api1.budget.com" />
+	<target host="beta.budget.com" />
+	<target host="click.e.budget.com" />
+	<target host="pages.e.budget.com" />
+	<target host="view.e.budget.com" />
+	<target host="img1.budget.com" />
+	<target host="m.budget.com" />
+	<target host="qa.budget.com" />
+	<target host="qa-api1.budget.com" />
+	<target host="qa1.budget.com" />
+	<target host="qa2.budget.com" />
+	<target host="qa3.budget.com" />
+	<!-- target host="qaimg1.budget.com" /-->
+	<target host="qarewards.budget.com" />
+	<target host="uat.budget.com" />
+	<!-- target host="uat-api1.budget.com" /-->
+	<!-- target host="uat1.budget.com" /-->
+	<!-- target host="uat2.budget.com" /-->
+	<!-- target host="uat3.budget.com" /-->
+	<target host="wizardgui.budget.com" />
+	<target host="wizardgui-x.budget.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Budget.de.xml b/src/chrome/content/rules/Budget.de.xml
new file mode 100644
index 000000000000..e5907220ab4a
--- /dev/null
+++ b/src/chrome/content/rules/Budget.de.xml
@@ -0,0 +1,34 @@
+<!--
+	For other Budget coverage, see Budget.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(m)
+		- origin	(t)
+		- origin-mirror		(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Budget.de">
+
+	<target host="budget.de" />
+	<target host="www.budget.de" />
+	<target host="mirror.budget.de" />
+	<target host="secure.budget.de" />
+	<target host="secure-mirror.budget.de" />
+	<target host="secureanalytics.budget.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://budget\.de/"
+		to="https://www.budget.de/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Budget.dk.xml b/src/chrome/content/rules/Budget.dk.xml
new file mode 100644
index 000000000000..c4b83f87ee2d
--- /dev/null
+++ b/src/chrome/content/rules/Budget.dk.xml
@@ -0,0 +1,34 @@
+<!--
+	For other Budget coverage, see Budget.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(m)
+		- origin	(t)
+		- origin-mirror		(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Budget.dk">
+
+	<target host="budget.dk" />
+	<target host="www.budget.dk" />
+	<target host="mirror.budget.dk" />
+	<target host="secure.budget.dk" />
+	<target host="secure-mirror.budget.dk" />
+	<target host="secureanalytics.budget.dk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://budget\.dk/"
+		to="https://www.budget.dk/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Budget.ee.xml b/src/chrome/content/rules/Budget.ee.xml
new file mode 100644
index 000000000000..3d16d7135576
--- /dev/null
+++ b/src/chrome/content/rules/Budget.ee.xml
@@ -0,0 +1,30 @@
+<!--
+	For other Budget coverage, see Budget.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(m)
+		- origin	(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Budget.ee">
+
+	<target host="budget.ee" />
+	<target host="www.budget.ee" />
+	<target host="secure.budget.ee" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://budget\.ee/"
+		to="https://www.budget.ee/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Budget.es.xml b/src/chrome/content/rules/Budget.es.xml
new file mode 100644
index 000000000000..b6780410dd66
--- /dev/null
+++ b/src/chrome/content/rules/Budget.es.xml
@@ -0,0 +1,34 @@
+<!--
+	For other Budget coverage, see Budget.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(m)
+		- origin	(t)
+		- origin-mirror		(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Budget.es">
+
+	<target host="budget.es" />
+	<target host="www.budget.es" />
+	<target host="mirror.budget.es" />
+	<target host="secure.budget.es" />
+	<target host="secure-mirror.budget.es" />
+	<target host="secureanalytics.budget.es" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://budget\.es/"
+		to="https://www.budget.es/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Budget.fr.xml b/src/chrome/content/rules/Budget.fr.xml
new file mode 100644
index 000000000000..913b26604694
--- /dev/null
+++ b/src/chrome/content/rules/Budget.fr.xml
@@ -0,0 +1,34 @@
+<!--
+	For other Budget coverage, see Budget.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(m)
+		- origin	(t)
+		- origin-mirror		(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Budget.fr">
+
+	<target host="budget.fr" />
+	<target host="www.budget.fr" />
+	<target host="mirror.budget.fr" />
+	<target host="secure.budget.fr" />
+	<target host="secure-mirror.budget.fr" />
+	<target host="secureanalytics.budget.fr" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://budget\.fr/"
+		to="https://www.budget.fr/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Budget.ie.xml b/src/chrome/content/rules/Budget.ie.xml
new file mode 100644
index 000000000000..b65aaa5d5b59
--- /dev/null
+++ b/src/chrome/content/rules/Budget.ie.xml
@@ -0,0 +1,30 @@
+<!--
+	For other Budget coverage, see Budget.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Budget.ie">
+
+	<target host="budget.ie" />
+	<target host="www.budget.ie" />
+	<target host="cdn.budget.ie" />
+	<target host="testing.budget.ie" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://budget\.ie/"
+		to="https://www.budget.ie/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Budget.lu.xml b/src/chrome/content/rules/Budget.lu.xml
new file mode 100644
index 000000000000..5f1c27399a32
--- /dev/null
+++ b/src/chrome/content/rules/Budget.lu.xml
@@ -0,0 +1,30 @@
+<!--
+	For other Budget coverage, see Budget.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(r)
+		- www		(i)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Budget.lu">
+
+	<target host="budget.lu" />
+	<target host="www.budget.lu" />
+	<target host="secure.budget.lu" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://(www\.)?budget\.lu/"
+		to="https://secure.budget.lu/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Budget.lv.xml b/src/chrome/content/rules/Budget.lv.xml
new file mode 100644
index 000000000000..b8d5387f3f15
--- /dev/null
+++ b/src/chrome/content/rules/Budget.lv.xml
@@ -0,0 +1,29 @@
+<!--
+	For other Budget coverage, see Budget.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Budget.lv">
+
+	<target host="budget.lv" />
+	<target host="www.budget.lv" />
+	<target host="secure.budget.lv" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://budget\.lv/"
+		to="https://www.budget.lv/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Budget.ma.xml b/src/chrome/content/rules/Budget.ma.xml
new file mode 100644
index 000000000000..5a9afa97629d
--- /dev/null
+++ b/src/chrome/content/rules/Budget.ma.xml
@@ -0,0 +1,29 @@
+<!--
+	For other Budget coverage, see Budget.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Budget.ma">
+
+	<target host="budget.ma" />
+	<target host="www.budget.ma" />
+	<target host="secure.budget.ma" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://budget\.ma/"
+		to="https://www.budget.ma/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Budget.nl.xml b/src/chrome/content/rules/Budget.nl.xml
new file mode 100644
index 000000000000..81c3f25596c7
--- /dev/null
+++ b/src/chrome/content/rules/Budget.nl.xml
@@ -0,0 +1,29 @@
+<!--
+	For other Budget coverage, see Budget.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Budget.nl">
+
+	<target host="budget.nl" />
+	<target host="www.budget.nl" />
+	<target host="secure.budget.nl" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://budget\.nl/"
+		to="https://www.budget.nl/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Budget.no.xml b/src/chrome/content/rules/Budget.no.xml
new file mode 100644
index 000000000000..5dff156c23d7
--- /dev/null
+++ b/src/chrome/content/rules/Budget.no.xml
@@ -0,0 +1,34 @@
+<!--
+	For other Budget coverage, see Budget.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(m)
+		- origin	(t)
+		- origin-mirror	(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Budget.no">
+
+	<target host="budget.no" />
+	<target host="www.budget.no" />
+	<target host="mirror.budget.no" />
+	<target host="secure.budget.no" />
+	<target host="secure-mirror.budget.no" />
+	<target host="secureanalytics.budget.no" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://budget\.no/"
+		to="https://www.budget.no/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Budget.se.xml b/src/chrome/content/rules/Budget.se.xml
new file mode 100644
index 000000000000..96caaaac0586
--- /dev/null
+++ b/src/chrome/content/rules/Budget.se.xml
@@ -0,0 +1,34 @@
+<!--
+	For other Budget coverage, see Budget.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(m)
+		- origin	(t)
+		- origin-mirror	(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Budget.se">
+
+	<target host="budget.se" />
+	<target host="www.budget.se" />
+	<target host="mirror.budget.se" />
+	<target host="secure.budget.se" />
+	<target host="secure-mirror.budget.se" />
+	<target host="secureanalytics.budget.se" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://budget\.se/"
+		to="https://www.budget.se/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Budget_Insurance.xml b/src/chrome/content/rules/Budget_Insurance.xml
index c8dcad965237..4e96bbf033d7 100644
--- a/src/chrome/content/rules/Budget_Insurance.xml
+++ b/src/chrome/content/rules/Budget_Insurance.xml
@@ -1,21 +1,26 @@
 <!--
-	^ times out
+	^budgetinsurance.com: Mismatched
 
 -->
-<ruleset name="Budget Insurance">
+<ruleset name="Budget Insurance.com">
 
+	<!--	Direct rewrites:
+				-->
+	<target host="secure.budgetinsurance.com" />
+	<target host="www.budgetinsurance.com" />
+
+	<!--	Complications:
+				-->
 	<target host="budgetinsurance.com" />
-	<target host="*.budgetinsurance.com" />
-	<target host="*.www.budgetinsurance.com" />
 
 
-	<securecookie host="^.+\.budgetinsurance\.com$" name=".+" />
+	<securecookie host=".\.budgetinsurance\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?budgetinsurance\.com/"
+	<rule from="^http://budgetinsurance\.com/"
 		to="https://www.budgetinsurance.com/" />
 
-	<rule from="^http://secure\.budgetinsurance\.com/"
-		to="https://secure.budgetinsurance.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Budgetautonoleggio.it.xml b/src/chrome/content/rules/Budgetautonoleggio.it.xml
new file mode 100644
index 000000000000..82d0504509b6
--- /dev/null
+++ b/src/chrome/content/rules/Budgetautonoleggio.it.xml
@@ -0,0 +1,34 @@
+<!--
+	For other Budget coverage, see Budget.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(m)
+		- origin	(t)
+		- origin-mirror		(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Budgetautonoleggio.it">
+
+	<target host="budgetautonoleggio.it" />
+	<target host="www.budgetautonoleggio.it" />
+	<target host="mirror.budgetautonoleggio.it" />
+	<target host="secure.budgetautonoleggio.it" />
+	<target host="secure-mirror.budgetautonoleggio.it" />
+	<target host="secureanalytics.budgetautonoleggio.it" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://budgetautonoleggio\.it/"
+		to="https://www.budgetautonoleggio.it/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Budgetgolf.se.xml b/src/chrome/content/rules/Budgetgolf.se.xml
index 02e17daa29b8..395a7a2868f2 100644
--- a/src/chrome/content/rules/Budgetgolf.se.xml
+++ b/src/chrome/content/rules/Budgetgolf.se.xml
@@ -1,7 +1,8 @@
-<ruleset name="Budgetgolf.se">
-  <target host="www.budgetgolf.se" />
-  <target host="budgetgolf.se" />
-  <rule from="^http://www\.budgetgolf\.se/" to="https://www.budgetgolf.se/"/>
-  <rule from="^http://budgetgolf\.se/" to="https://www.budgetgolf.se/"/>
-</ruleset>
+<ruleset name="Budgetgolf.se" >
+	<target host="budgetgolf.se" />
+	<target host="www.budgetgolf.se" />
+
+	<securecookie host=".+" name=".+" />
 
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Budgetkredit.ch.xml b/src/chrome/content/rules/Budgetkredit.ch.xml
index eff82b024944..a20f18491cd0 100644
--- a/src/chrome/content/rules/Budgetkredit.ch.xml
+++ b/src/chrome/content/rules/Budgetkredit.ch.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(www\.)?budgetkredit\.ch/(core/|css/|de/kredit/kreditantrag/antrag\.php|pix/)"
 		to="https://$1budgetkredit.ch/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Buds_Gun_Shop.xml b/src/chrome/content/rules/Buds_Gun_Shop.xml
index 48305b9d146d..601c8932670f 100644
--- a/src/chrome/content/rules/Buds_Gun_Shop.xml
+++ b/src/chrome/content/rules/Buds_Gun_Shop.xml
@@ -1,13 +1,12 @@
 <ruleset name="Buds Gun Shop">
 
 	<target host="budsgunshop.com" />
-	<target host="*.budsgunshop.com" />
+	<target host="www.budsgunshop.com" />
 
 
 	<securecookie host="^\.budsgunshop\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?budsgunshop\.com/"
-		to="https://$1budsgunshop.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Buerger-CERT.xml b/src/chrome/content/rules/Buerger-CERT.xml
new file mode 100644
index 000000000000..0fc6de363290
--- /dev/null
+++ b/src/chrome/content/rules/Buerger-CERT.xml
@@ -0,0 +1,11 @@
+<ruleset name="Bürger-CERT">
+
+    <target host="buerger-cert.de" />
+    <target host="www.buerger-cert.de" />
+
+    <securecookie host=".+" name=".+" />
+
+    <rule from="^http:"
+        to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Buergernetz-Gera-Greiz.de.xml b/src/chrome/content/rules/Buergernetz-Gera-Greiz.de.xml
new file mode 100644
index 000000000000..cecaeadb3e59
--- /dev/null
+++ b/src/chrome/content/rules/Buergernetz-Gera-Greiz.de.xml
@@ -0,0 +1,14 @@
+<!--
+	Relations:
+		- registered association of the community Freifunk Gera-Greiz
+		  (Freifunk_Gera-Greiz.xml)
+-->
+<ruleset name="Bürgernetz Gera-Greiz">
+	<target host="buergernetz-gera-greiz.de"/>
+	<target host="www.buergernetz-gera-greiz.de"/>
+
+	<test url="http://www.buergernetz-gera-greiz.de/favicon.ico"/>
+
+	<rule from="^http:"
+	      to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/Bues.ch.xml b/src/chrome/content/rules/Bues.ch.xml
new file mode 100644
index 000000000000..d5a1699703fa
--- /dev/null
+++ b/src/chrome/content/rules/Bues.ch.xml
@@ -0,0 +1,9 @@
+<ruleset name="Bues.ch">
+	<target host="bues.ch" />
+	<target host="www.bues.ch" />
+	<target host="dual.bues.ch" />
+	<target host="git.bues.ch" />
+	<target host="six.bues.ch" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Buffalo-Global.com.xml b/src/chrome/content/rules/Buffalo-Global.com.xml
new file mode 100644
index 000000000000..654680acb13f
--- /dev/null
+++ b/src/chrome/content/rules/Buffalo-Global.com.xml
@@ -0,0 +1,20 @@
+<!--
+	Problematic hosts in *buffalo-global.com:
+
+		- en.faq *
+
+	* Mismatched
+
+-->
+<ruleset name="Buffalo-Global.com" default_off="mismatched">
+
+	<target host="en.faq.buffalo-global.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Buffalo-Technology.com.xml b/src/chrome/content/rules/Buffalo-Technology.com.xml
new file mode 100644
index 000000000000..b5f51587401b
--- /dev/null
+++ b/src/chrome/content/rules/Buffalo-Technology.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="Buffalo-Technology.com" default_off="mismatched, self-signed">
+
+	<target host="buffalo-technology.com" />
+	<target host="www.buffalo-technology.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Buffalo.edu-falsemixed.xml b/src/chrome/content/rules/Buffalo.edu-falsemixed.xml
new file mode 100644
index 000000000000..53048d45b49f
--- /dev/null
+++ b/src/chrome/content/rules/Buffalo.edu-falsemixed.xml
@@ -0,0 +1,18 @@
+<!--
+	For rules not causing false/broken MCB, see University_at_Buffalo.xml.
+
+-->
+<ruleset name="Buffalo.edu (false MCB)" platform="mixedcontent">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.eng.buffalo.edu" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Buffalo_State_College-problematic.xml b/src/chrome/content/rules/Buffalo_State_College-problematic.xml
deleted file mode 100644
index b3e317e0014d..000000000000
--- a/src/chrome/content/rules/Buffalo_State_College-problematic.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	For rules that are on by default, see Buffalo_State_College.xml.
-
--->
-<ruleset name="Buffalo State College (problematic)" default_off="mismatched, self-signed">
-
-	<target host="alumni.buffalostate.edu" />
-
-
-	<!--	CN: 192.168.1.92
-					-->
-	<rule from="^http://alumni\.buffalostate\.edu/"
-		to="https://alumni.buffalostate.edu/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Buffalo_State_College.xml b/src/chrome/content/rules/Buffalo_State_College.xml
index e898d628a39b..e3fe80a18520 100644
--- a/src/chrome/content/rules/Buffalo_State_College.xml
+++ b/src/chrome/content/rules/Buffalo_State_College.xml
@@ -1,40 +1,39 @@
 <!--
-	For problematic rules, see Buffalo_State_College-problematic.xml.
+	Non-functional hosts
+		Timeout was reached:
+			 - owa.buffalostate.edu
+			 - rf.buffalostate.edu
 
+		SSL connect error:
+			 - email.buffalostate.edu
 
-	Nonfunctional subdomains:
+		SSL peer certificate was not OK:
+			 - library.buffalostate.edu
+			 - www.rf.buffalostate.edu
 
-		- email		(reset)
-		- library	(CN: bsclib02; 404)
-		- president	("This page cannot be found")
-		- (www.)rf	(CN: *.rochen.com; shows cPanel default page)
-		- search	(CN: foo.ent.google.com; 302 to http)
+		Peer certificate cannot be authenticated with given CA certificates:
+			 - search.buffalostate.edu
 
+		Status code mismatch:
+			 - sharepoint.buffalostate.edu
 
+		Mixed content blocking (MCB) tiggered:
+			 - newsandevents.buffalostate.edu
+			 - wwwprod.buffalostate.edu
 -->
 <ruleset name="Buffalo State College (partial)">
-
 	<target host="buffalostate.edu" />
-	<target host="*.buffalostate.edu" />
-	<!--
-		For cross-domain cookie.
-						-->
-	<target host="*.giving.buffalostate.edu" />
-	<!--
-		Ditto.
-			-->
-	<target host="*.newsandevents.buffalostate.edu" />
-
-
-	<securecookie host="^.+\.buffalostate\.edu$" name=".+" />
-
-
-	<rule from="^http://((?:bscintra|bsclib01|catalog|chngpwd|giving|newsandevents|owa|president|sharepoint|www|wwwprod)\.)?buffalostate\.edu/"
-		to="https://$1buffalostate.edu/" />
-
-	<!--	Redirects like so.
-					-->
-	<rule from="^https?://email\.buffalostate\.edu/(?:.*)"
-		to="https://owa.buffalostate.edu/owa/" />
-
-</ruleset>
\ No newline at end of file
+	<target host="www.buffalostate.edu" />
+	<target host="alumni.buffalostate.edu" />
+	<target host="bscintra.buffalostate.edu" />
+	<target host="bsclib01.buffalostate.edu" />
+	<target host="catalog.buffalostate.edu" />
+	<target host="chngpwd.buffalostate.edu" />
+	<target host="giving.buffalostate.edu" />
+	<target host="president.buffalostate.edu" />
+
+	<securecookie host="^chngpwd\.buffalostate\.edu$" name=".+" />
+	<securecookie host="^giving\.buffalostate\.edu$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Buffer.xml b/src/chrome/content/rules/Buffer.xml
index 3dd9c99820f8..0259fd1f8d8d 100644
--- a/src/chrome/content/rules/Buffer.xml
+++ b/src/chrome/content/rules/Buffer.xml
@@ -1,28 +1,65 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://happiness.bufferapp.com/ => https://happiness.bufferapp.com/: (6, 'Could not resolve host: happiness.bufferapp.com')
+Fetch error: http://static.bufferapp.com/ => https://static.bufferapp.com/: (60, 'SSL certificate problem: certificate has expired')
+
 	CDN buckets:
 
 		- d389zggrogs7qo.cloudfront.net
 			- static.bufferapp.com
 
 
-	Nonfunctional subdomains:
+	Problematic subdomains:
+
+		- jobs *
+
+	* Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- bufferapp.com
+		- cibot.bufferapp.com
+		- happiness.bufferapp.com
+		- jobs.bufferapp.com
+		- widgets.bufferapp.com
+		- www.bufferapp.com
+
+
+	Mixed content:
+
+		- css on jobs from fonts.googleapis.com *
 
-		- blog		(redirects to http, CN: *.wpengine.com)
+	* Secured by us
 
 -->
-<ruleset name="Buffer">
+<ruleset name="Buffer app.com (partial)" default_off="failed ruleset test">
 
 	<target host="bufferapp.com" />
-	<target host="*.bufferapp.com" />
+	<target host="api.bufferapp.com" />
+	<target host="blog.bufferapp.com" />
+	<target host="cibot.bufferapp.com" />
+	<target host="growth.bufferapp.com" />
+	<target host="happiness.bufferapp.com" />
+	<target host="open.bufferapp.com" />
+	<target host="overflow.bufferapp.com" />
+	<target host="static.bufferapp.com" />
+	<target host="widgets.bufferapp.com" />
+	<target host="www.bufferapp.com" />
 
 
-	<securecookie host="^(?:www\.)?bufferapp\.com$" name=".+" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(jobs\.|widgets\.|www\.)?bufferapp\.com$" name="^AWSELB$" /-->
+	<!--securecookie host="^bufferapp\.com$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^cibot\.bufferapp\.com$" name="^JSESSIONID$" /-->
+	<!--securecookie host="^happiness\.bufferapp\.com$" name="^connect\.sid$" /-->
 
+	<securecookie host="^(?:(?:cibot|happiness|widgets|www)\.)?bufferapp\.com$" name=".+" />
 
-	<rule from="^http://(www\.)?bufferapp\.com/"
-		to="https://$1bufferapp.com/" />
 
-	<rule from="^https?://static\.bufferapp\.com/"
-		to="https://d389zggrogs7qo.cloudfront.net/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Bufferbloat.xml b/src/chrome/content/rules/Bufferbloat.xml
index e00587996dc5..170b041b349e 100644
--- a/src/chrome/content/rules/Bufferbloat.xml
+++ b/src/chrome/content/rules/Bufferbloat.xml
@@ -4,16 +4,16 @@
 		- snapon.lab	(refused)
 
 -->
-<ruleset name="Bufferbloat">
+<ruleset name="Bufferbloat.net">
 
 	<target host="bufferbloat.net" />
-	<target host="*.bufferbloat.net" />
+	<target host="lists.bufferbloat.net" />
+	<target host="www.bufferbloat.net" />
 
 
-	<securecookie host="^www\.bufferbloat\.net$" name=".*" />
+	<securecookie host="^www\.bufferbloat\.net$" name=".+" />
 
 
-	<rule from="^http://(lists\.|www\.)?bufferbloat\.net/"
-		to="https://$1bufferbloat.net/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/BufferedIO.xml b/src/chrome/content/rules/BufferedIO.xml
index 15952c5bafee..7fbac43c7036 100644
--- a/src/chrome/content/rules/BufferedIO.xml
+++ b/src/chrome/content/rules/BufferedIO.xml
@@ -1,8 +1,8 @@
-<ruleset name="BufferedIO" default_off="Cacert signed">
-  <target host="buffered.io" />
-  <target host="www.buffered.io" />
+<ruleset name="BufferedIO" default_off="mismatched">
+	<target host="buffered.io" />
+	<target host="www.buffered.io" />
 
-  <securecookie host="^(.+\.)?buffered\.io$" name=".*"/>
+	<securecookie host=".+" name=".+" />
 
-  <rule from="^http://(?:www\.)?buffered\.io/" to="https://buffered.io/"/>
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/BugMeNot.com.xml b/src/chrome/content/rules/BugMeNot.com.xml
new file mode 100644
index 000000000000..f272eb3af87f
--- /dev/null
+++ b/src/chrome/content/rules/BugMeNot.com.xml
@@ -0,0 +1,29 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://bugmenot.com/ => https://bugmenot.com/: Too many redirects while fetching 'https://bugmenot.com/'
+Fetch error: http://www.bugmenot.com/ => https://www.bugmenot.com/: Too many redirects while fetching 'https://www.bugmenot.com/'
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://bugmenot.com/ => https://bugmenot.com/: Cycle detected - URL already encountered: http://bugmenot.com/
+	Mixed content:
+
+		- iframe from vimeo.com
+
+		- css from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="BugMeNot.com" default_off="failed ruleset test">
+
+	<target host="bugmenot.com" />
+	<target host="www.bugmenot.com" />
+
+
+	<securecookie host="^\.?bugmenot\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bugcrowd_user_content.com.xml b/src/chrome/content/rules/Bugcrowd_user_content.com.xml
new file mode 100644
index 000000000000..8f8dc528f0d0
--- /dev/null
+++ b/src/chrome/content/rules/Bugcrowd_user_content.com.xml
@@ -0,0 +1,15 @@
+<!--
+	For other Bugcrowd coverage, see Bugcrowd.com.xml.
+
+-->
+<ruleset name="Bugcrowd user content.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="assets.bugcrowdusercontent.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bugsnag.com.xml b/src/chrome/content/rules/Bugsnag.com.xml
new file mode 100644
index 000000000000..2512e3ba6336
--- /dev/null
+++ b/src/chrome/content/rules/Bugsnag.com.xml
@@ -0,0 +1,20 @@
+<!--
+	Nonfunctional hosts in *bugsnag.com:
+
+		- status *
+
+	* Refused
+
+-->
+<ruleset name="Bugsnag.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="bugsnag.com" />
+	<target host="www.bugsnag.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bugzilla.xml b/src/chrome/content/rules/Bugzilla.xml
index 8ce807133f22..d4a3feffc3ef 100644
--- a/src/chrome/content/rules/Bugzilla.xml
+++ b/src/chrome/content/rules/Bugzilla.xml
@@ -2,19 +2,23 @@
 	For other Mozilla coverage, see Mozilla.xml.
 
 
-	Nonfunctional subdomains:
+	Nonfunctional hosts in *bugzilla.org:
 
-		- ^		(redirects to www, mismatched, CN: lists.bugzilla.org)
-		- planet
-		- www
+		- planet *
 
--->
-<ruleset name="Bugzilla (partial)">
+	* Refused
 
-	<target host="*.bugzilla.org" />
+-->
+<ruleset name="Bugzilla.org">
 
+	<!--	Direct rewrites:
+				-->
+	<target host="bugzilla.org" />
+	<target host="landfill.bugzilla.org" />
+	<target host="lists.bugzilla.org" />
+	<target host="www.bugzilla.org" />
 
-	<rule from="^http://l(andfill|ists)\.bugzilla\.org/"
-		to="https://l$1.bugzilla.org/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/BuildItBreakIt.org.xml b/src/chrome/content/rules/BuildItBreakIt.org.xml
new file mode 100644
index 000000000000..26205ac2ad2a
--- /dev/null
+++ b/src/chrome/content/rules/BuildItBreakIt.org.xml
@@ -0,0 +1,13 @@
+<!--
+	Invalid certificate:
+		www.builditbreakit.org
+
+-->
+<ruleset name="BuildItBreakIt.org">
+
+	<target host="builditbreakit.org" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bukalapak.com.xml b/src/chrome/content/rules/Bukalapak.com.xml
new file mode 100644
index 000000000000..0a2db4683370
--- /dev/null
+++ b/src/chrome/content/rules/Bukalapak.com.xml
@@ -0,0 +1,16 @@
+<ruleset name="Bukalapak.com">
+	<target host="bukalapak.com" />
+	<target host="www.bukalapak.com" />
+	<target host="agen.bukalapak.com" />
+	<target host="careers.bukalapak.com" />
+	<target host="komunitas.bukalapak.com" />
+	<target host="panduan.bukalapak.com" />
+	<target host="penggerak.bukalapak.com" />
+	<target host="s0.bukalapak.com" />
+	<target host="s1.bukalapak.com" />
+	<target host="s2.bukalapak.com" />
+	<target host="s3.bukalapak.com" />
+	<target host="s4.bukalapak.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Bukkit.ru.xml b/src/chrome/content/rules/Bukkit.ru.xml
new file mode 100644
index 000000000000..a5157d514d6e
--- /dev/null
+++ b/src/chrome/content/rules/Bukkit.ru.xml
@@ -0,0 +1,8 @@
+<ruleset name="Bukkit.ru">
+	<target host="bukkit.ru" />
+	<target host="www.bukkit.ru" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/BulbaGarden.net.xml b/src/chrome/content/rules/BulbaGarden.net.xml
new file mode 100644
index 000000000000..e09387ff3336
--- /dev/null
+++ b/src/chrome/content/rules/BulbaGarden.net.xml
@@ -0,0 +1,26 @@
+<!--
+	Mismatched:
+		- m.* (CN: ssl426010.cloudflaressl.com)
+		- cdn3 (CN: *.kxcdn.com)
+-->
+
+<ruleset name="BulbaGarden.net">
+	<target host="bulbagarden.net" />
+	<target host="www.bulbagarden.net" />
+	<target host="ahost.bulbagarden.net" />
+	<target host="archives.bulbagarden.net" />
+	<target host="bulbahandbook.bulbagarden.net" />
+	<target host="bulbanews.bulbagarden.net" />
+	<target host="bulbapedia.bulbagarden.net" />
+	<target host="cdn.bulbagarden.net" />
+	<target host="forums.bulbagarden.net" />
+	<target host="handbooks.bulbagarden.net" />
+	<target host="sapphire.ec2.bulbagarden.net" />
+	<target host="media.bulbagarden.net" />
+	<target host="oekaki.bulbagarden.net" />
+	<target host="shipping.bulbagarden.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Bulbman.xml b/src/chrome/content/rules/Bulbman.xml
index ea3a2beaaad3..8e804f2b9763 100644
--- a/src/chrome/content/rules/Bulbman.xml
+++ b/src/chrome/content/rules/Bulbman.xml
@@ -1,4 +1,14 @@
-<ruleset name="BulbMan">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://bulbman.com/ => https://www.bulbman.com/: Too many redirects while fetching 'https://www.bulbman.com/'
+Fetch error: http://www.bulbman.com/ => https://www.bulbman.com/: Too many redirects while fetching 'https://www.bulbman.com/'
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://bulbman.com/ => https://www.bulbman.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.bulbman.com'")
+Fetch error: http://www.bulbman.com/ => https://www.bulbman.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.bulbman.com'")
+-->
+<ruleset name="BulbMan" default_off="failed ruleset test">
   <target host="bulbman.com" />
   <target host="www.bulbman.com" />
 
diff --git a/src/chrome/content/rules/BulkSMS.xml b/src/chrome/content/rules/BulkSMS.xml
deleted file mode 100644
index 73764b6a281f..000000000000
--- a/src/chrome/content/rules/BulkSMS.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="BulkSMS">
-  <target host="bulksms.co.uk" />
-  <target host="www.bulksms.co.uk" />
-
-  <securecookie host="^(.+\.)?bulksms\.co\.uk$" name=".*"/>
-
-  <rule from="^http://(?:www\.)?bulksms\.co\.uk/" to="https://www.bulksms.co.uk/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/BulletProof_Meteor.com.xml b/src/chrome/content/rules/BulletProof_Meteor.com.xml
new file mode 100644
index 000000000000..6e250da9f462
--- /dev/null
+++ b/src/chrome/content/rules/BulletProof_Meteor.com.xml
@@ -0,0 +1,18 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://bulletproofmeteor.com/ => https://bulletproofmeteor.com/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="BulletProof Meteor.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="bulletproofmeteor.com" />
+	<target host="www.bulletproofmeteor.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bulletin.net.xml b/src/chrome/content/rules/Bulletin.net.xml
index c2b80e87a51d..00f81fa5a879 100644
--- a/src/chrome/content/rules/Bulletin.net.xml
+++ b/src/chrome/content/rules/Bulletin.net.xml
@@ -7,13 +7,12 @@
 <ruleset name="Bulletin.net">
 
 	<target host="bulletin.net" />
-	<target host="*.bulletin.net" />
+	<target host="www.bulletin.net" />
 
 
 	<securecookie host="^(?:www)?\.bulletin\.net$" name=".+" />
 
 
-	<rule from="^http://(www\.)?bulletin\.net/"
-		to="https://$1bulletin.net/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Bulletin_Messenger.net.xml b/src/chrome/content/rules/Bulletin_Messenger.net.xml
index 9df2a95961f6..1a2cd37a1321 100644
--- a/src/chrome/content/rules/Bulletin_Messenger.net.xml
+++ b/src/chrome/content/rules/Bulletin_Messenger.net.xml
@@ -17,7 +17,8 @@
 <ruleset name="Bulletin Messenger.net">
 
 	<target host="bulletinmessenger.net" />
-	<target host="*.bulletinmessenger.net" />
+	<target host="www.bulletinmessenger.net" />
+	<target host="m.bulletinmessenger.net" />
 
 
 	<securecookie host="^m\.bulletinmessenger\.net$" name=".+" />
@@ -27,7 +28,6 @@
 		to="https://www.bulletinmessenger.net/" />
 
 
-	<rule from="^http://m\.bulletinmessenger\.net/"
-		to="https://m.bulletinmessenger.net/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Bulletproof_Exec.com.xml b/src/chrome/content/rules/Bulletproof_Exec.com.xml
new file mode 100644
index 000000000000..826416f86438
--- /dev/null
+++ b/src/chrome/content/rules/Bulletproof_Exec.com.xml
@@ -0,0 +1,47 @@
+<!--
+	Other Bulletproof rulesets:
+
+		- Upgraded_Self.com.xml
+
+
+	Nonfunctional subdomains:
+
+		- forum *
+
+	* 503, valid cert
+
+
+	Mixed content:
+
+		- css from fonts.googleapis.com *
+
+	* Secured by us
+
+
+	Some pages redirect to http.
+
+-->
+<ruleset name="Bulletproof Exec.com (partial)">
+
+	<target host="bulletproofexec.com" />
+	<target host="www.bulletproofexec.com" />
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="^http://(www\.)?bulletproofexec\.com/+($|\?|(category/podcasts|contact|have-dave-asprey-speak-at-your-next-event|upgraded-whey)($|[?/]))" /-->
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="^http://(www\.)?bulletproofexec\.com/+(?!favicon\.ico|(about-dave-asprey|bulletproof-upgraded-aging-formula|bulletproof-upgraded-brain-octane|bulletproof-upgraded-coconut-charcoal|bulletproof-upgraded-collagen|bulletproof-upgraded-glutathione|category/+(brainhacking|bulletproofbody|bulletproofsex|coffee-2|family|losestress|sleephacks|travelhacking|video-2)|chocolate|podcast-question-submission|tag/+(bulletproof-diet|heart-rate-variability))($|[?/])|wp-content/|wp-includes/)" /-->
+
+
+	<!--securecookie host="^(www)?\.bulletproofexec\.com$" name=".+" /-->
+
+
+	<rule from="^http://(www\.)?bulletproofexec\.com/(?!/*(?:$|\?)|(?:category/podcasts|contact|have-dave-asprey-speak-at-your-next-event|upgraded-whey)(?:$|[?/]))"
+		to="https://$1bulletproofexec.com/" />
+
+	<rule from="^http://support\.bulletproofexec\.com/favicon\.ico"
+		to="https://bulletproofexec.zendesk.com/favicon.ico" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bullguard.com.xml b/src/chrome/content/rules/Bullguard.com.xml
index 6f4c39cc6b17..50c5b832b013 100644
--- a/src/chrome/content/rules/Bullguard.com.xml
+++ b/src/chrome/content/rules/Bullguard.com.xml
@@ -1,8 +1,26 @@
-<!-- Av vendor. -->
-<ruleset name="Bullguard">
+<!--
+	Unable to connect:
+		media.bullguard.com
+	Invalid Certificate:
+		safebrowsing.bullguard.com
+		wwworigin.bullguard.com
+	Incomplete Certificate Chain:
+		dojo.bullguard.com
+-->
+<ruleset name="Bullguard.com">
 	<target host="bullguard.com" />
 	<target host="www.bullguard.com" />
-	<rule from="^http://www\.bullguard\.com/" to="https://www.bullguard.com/"/>
-	<rule from="^http://bullguard\.com/" to="https://www.bullguard.com/"/>
-</ruleset>
+	<target host="backup.bullguard.com" />
+	<target host="backup1.bullguard.com" />
+	<target host="download.bullguard.com" />
+	<target host="htmltest.bullguard.com" />
+	<target host="iotscanner.bullguard.com" />
+	<target host="msm.bullguard.com" />
+	<target host="myaccount.bullguard.com" />
+	<target host="shop.bullguard.com" />
+	<target host="support.bullguard.com" />
+
+	<securecookie host=".+" name=".+" />
 
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/BullionStar.com.xml b/src/chrome/content/rules/BullionStar.com.xml
new file mode 100644
index 000000000000..3e41c53620a6
--- /dev/null
+++ b/src/chrome/content/rules/BullionStar.com.xml
@@ -0,0 +1,34 @@
+<!--
+	Fully covered hosts in *bullionstar.com:
+
+		- (www.)?
+		- static
+
+
+	Insecure cookies are set for these hosts:
+
+		- static.bullionstar.com
+		- www.bullionstar.com
+
+-->
+<ruleset name="BullionStar.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="bullionstar.com" />
+	<target host="static.bullionstar.com" />
+	<target host="www.bullionstar.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^static\.bullionstar\.com$" name="^JSESSIONID$" /-->
+	<!--securecookie host="^www\.bullionstar\.com$" name="^(referralId_bullionstar_live|referralURL_bullionstar_live)" /-->
+
+	<securecookie host="^(?:static|www)\.bullionstar\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bullock_Inc.com.xml b/src/chrome/content/rules/Bullock_Inc.com.xml
new file mode 100644
index 000000000000..173067254c28
--- /dev/null
+++ b/src/chrome/content/rules/Bullock_Inc.com.xml
@@ -0,0 +1,14 @@
+<ruleset name="Bullock Inc.com">
+
+	<target host="bullockinc.com" />
+	<target host="www.bullockinc.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<securecookie host="^(?:www\.)?bullockinc\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bum.org.xml b/src/chrome/content/rules/Bum.org.xml
new file mode 100644
index 000000000000..e70075f6d724
--- /dev/null
+++ b/src/chrome/content/rules/Bum.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="Bum.org">
+	<target host="bum.org" />
+	<target host="www.bum.org" />
+	<target host="ski.bum.org" />
+	<target host="wordsearch.bum.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Bunadformenn.info.xml b/src/chrome/content/rules/Bunadformenn.info.xml
deleted file mode 100644
index fd3500ced088..000000000000
--- a/src/chrome/content/rules/Bunadformenn.info.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	CDN buckets:
-
-		- dml5atgx9m0j8.cloudfront.net
-
-			- cdn.bunadformenn.info
-
-
-	Nonfunctional subdomains:
-
-		- ^	(502)
-		- www	(times out)
-
--->
-<ruleset name="bunadformenn.info (partial)">
-
-	<target host="cdn.bunadformenn.info" />
-
-
-	<rule from="^http://cdn\.bunadformenn\.info/"
-		to="https://dml5atgx9m0j8.cloudfront.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Bunchball.com.xml b/src/chrome/content/rules/Bunchball.com.xml
new file mode 100644
index 000000000000..0c6aefc7099b
--- /dev/null
+++ b/src/chrome/content/rules/Bunchball.com.xml
@@ -0,0 +1,75 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://go.bunchball.com/css/mktLPSupport.css (200) => https://na-sjl.marketo.com/css/mktLPSupport.css (403)
+Non-2xx HTTP code: http://go.bunchball.com/rs/bunchball/images/bunchball-logo200x53.png (200) => https://na-sjl.marketo.com/rs/bunchball/images/bunchball-logo200x53.png (403)
+Fetch error: http://go.bunchball.com/?f => https://www.bunchball.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.bunchball.com'")
+Fetch error: http://go.bunchball.com/?o => https://www.bunchball.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.bunchball.com'")
+Fetch error: http://go.bunchball.com/?b => https://www.bunchball.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.bunchball.com'")
+Fetch error: http://go.bunchball.com/?a => https://www.bunchball.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.bunchball.com'")
+Fetch error: http://bunchball.com/ => https://bunchball.com/: (7, 'Failed to connect to bunchball.com port 443: Connection refused')
+Fetch error: http://www.bunchball.com/ => https://www.bunchball.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.bunchball.com'")
+Fetch error: http://go.bunchball.com/ => https://www.bunchball.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.bunchball.com'")
+
+	Other Bunchball rulesets:
+
+		- Bunchball.xml
+
+
+	Nonfunctional hosts:
+
+		- go *
+
+	* Marketo
+
+
+	Fully covered hosts:
+
+		- (www.)?
+
+-->
+<ruleset name="Bunchball.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="bunchball.com" />
+	<target host="www.bunchball.com" />
+
+	<!--	Complications:
+				-->
+	<target host="go.bunchball.com" />
+
+		<exclusion pattern="^http://go\.bunchball\.com/+(?!$|\?|css/|images/|rs/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://go.bunchball.com/gamification-basics-an-introduction-to-motivating-people-through-data-webinar-registration.html" />
+			<test url="http://go.bunchball.com/gamification-basics-an-introduction-to-motivating-people-through-data-webinar-registration.html?foo" />
+			<test url="http://go.bunchball.com//gamification-basics-an-introduction-to-motivating-people-through-data-webinar-registration.html" />
+			<test url="http://go.bunchball.com//gamification-basics-an-introduction-to-motivating-people-through-data-webinar-registration.html?foo" />
+			<test url="http://go.bunchball.com/what-you-need-to-make-your-gamification-project-succeed-webinar-registration.html" />
+			<test url="http://go.bunchball.com/what-you-need-to-make-your-gamification-project-succeed-webinar-registration.html?foo" />
+			<test url="http://go.bunchball.com//what-you-need-to-make-your-gamification-project-succeed-webinar-registration.html" />
+
+			<!--	-ve:
+					-->
+			<test url="http://go.bunchball.com/css/mktLPSupport.css" />
+			<test url="http://go.bunchball.com/rs/bunchball/images/bunchball-logo200x53.png" />
+
+
+	<rule from="^http://go\.bunchball\.com/+(?:\?.*)?$"
+		to="https://www.bunchball.com/" />
+
+		<test url="http://go.bunchball.com/?f" />
+		<test url="http://go.bunchball.com/?o" />
+		<test url="http://go.bunchball.com//?o" />
+		<test url="http://go.bunchball.com/?b" />
+		<test url="http://go.bunchball.com/?a" />
+
+	<rule from="^http://go\.bunchball\.com/"
+		to="https://na-sjl.marketo.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bunchball.xml b/src/chrome/content/rules/Bunchball.xml
index 2ca5cf1d879f..020cb068ab5f 100644
--- a/src/chrome/content/rules/Bunchball.xml
+++ b/src/chrome/content/rules/Bunchball.xml
@@ -1,16 +1,28 @@
+
 <!--
-	Nonfunctional domains:
+Disabled by https-everywhere-checker because:
+Fetch error: http://bunchball.net/ => https://bunchball.net/: (51, "SSL: no alternative certificate subject name matches target host name 'www.bunchball.com'")
+Fetch error: http://www.bunchball.net/ => https://www.bunchball.net/: (51, "SSL: no alternative certificate subject name matches target host name 'www.bunchball.com'")
+
+	For other Bunchball coverage, see Bunchball.com.xml.
+
+
+	Fully covered hosts in *bunchball.net:
 
-		- (www.)bunchball.com	(http reply)
+		- (www.)?
+		- assets
 
 -->
-<ruleset name="Bunchball (partial)">
+<ruleset name="Bunchball.net" default_off="failed ruleset test">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="bunchball.net" />
+	<target host="assets.bunchball.net" />
 	<target host="www.bunchball.net" />
 
 
-	<rule from="^http://(www\.)?bunchball\.net/"
-		to="https://$1bunchball.net/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/BundanonTrust.xml b/src/chrome/content/rules/BundanonTrust.xml
new file mode 100644
index 000000000000..fef34efa7170
--- /dev/null
+++ b/src/chrome/content/rules/BundanonTrust.xml
@@ -0,0 +1,19 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://bundanon.com.au/ => https://www.bundanon.com.au/: (52, 'Empty reply from server')
+
+-->
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://bundanon.com.au/ => https://www.bundanon.com.au/: (52, 'Empty reply from server')
+
+-->
+<ruleset name="Bundanon Trust" default_off="failed ruleset test">
+	<target host="bundanon.com.au" />
+	<target host="www.bundanon.com.au" />
+
+	<rule from="^http://(?:www\.)?bundanon\.com\.au/"
+		to="https://www.bundanon.com.au/" />
+</ruleset>
diff --git a/src/chrome/content/rules/Bundesamt_fuer_Kartographie_und_Geodaesie.xml b/src/chrome/content/rules/Bundesamt_fuer_Kartographie_und_Geodaesie.xml
new file mode 100644
index 000000000000..b42ca1b7627c
--- /dev/null
+++ b/src/chrome/content/rules/Bundesamt_fuer_Kartographie_und_Geodaesie.xml
@@ -0,0 +1,63 @@
+<!--
+	For other bund.de coverages, see Verwaltung_Online.xml.
+
+	Connection failed:
+		ccivs.bkg.bund.de
+		ida.bkg.bund.de
+		ims.bkg.bund.de
+		ims2.bkg.bund.de
+		ivs.bkg.bund.de
+		ivscc.bkg.bund.de
+		owa.bkg.bund.de
+		view.bkg.bund.de
+		webserver.bkg.bund.de
+
+	Content mismatch:
+		igs3.bkg.bund.de
+
+	Invalid certificate:
+		gdz.bkg.bund.de
+		gibs.bkg.bund.de
+		mis.bkg.bund.de
+
+	Not found:
+		geoportal.bkg.bund.de
+		previewbkg.bkg.bund.de
+
+	Refused:
+		agrav.bkg.bund.de
+		atmacs.bkg.bund.de
+		crs.bkg.bund.de
+		gate1-f.bkg.bund.de
+		gate1-l.bkg.bund.de
+		gate2-f.bkg.bund.de
+		gdz-dop.bkg.bund.de
+		ims3.bkg.bund.de
+		observing-system-portal.bkg.bund.de
+		testweb-ggos.bkg.bund.de
+
+	Timeout:
+		gate1-w.bkg.bund.de
+		pfz.bkg.bund.de
+		webserv1.bkg.bund.de
+-->
+<ruleset name="Bundesamt für Kartographie und Geodäsie">
+	<!-- Federal Agency for Cartography and Geodesy -->
+
+	<target host="bkg.bund.de" />
+	<target host="www.bkg.bund.de" />
+	<target host="www.ccivs.bkg.bund.de" />
+	<target host="evrs.bkg.bund.de" />
+	<target host="gref.bkg.bund.de" />
+	<target host="igs.bkg.bund.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<!-- Invalid certificate on https://bkg.bund.de/,
+	http://bkg.bund.de/ redirects to http://www.bkg.bund.de/ -->
+	<rule from="^http://bkg\.bund\.de/"
+		to="https://www.bkg.bund.de/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bundesamt_fuer_Strahlenschutz.xml b/src/chrome/content/rules/Bundesamt_fuer_Strahlenschutz.xml
new file mode 100644
index 000000000000..63ccc2782aaa
--- /dev/null
+++ b/src/chrome/content/rules/Bundesamt_fuer_Strahlenschutz.xml
@@ -0,0 +1,51 @@
+<!--
+	For other bund.de coverages, see Verwaltung_Online.xml.
+
+	Invalid certificate:
+		hrqschul.bfs.de
+		jp-files.bfs.de
+		elan.imis.bfs.de
+
+	Not found:
+		certtest.bfs.de
+		groupware.bfs.de
+		intranet.bfs.de
+		jroapp-muc.rodos.bfs.de
+
+	Refused:
+		gak.bfs.de
+		hrqreg.bfs.de
+		arch-doksys.imis.bfs.de
+		doksys.imis.bfs.de
+		hotline.imis.bfs.de
+		media.bfs.de
+		sk.bfs.de
+
+	Timeout:
+		sol-sgdgate-muc.imis.bfs.de
+		test-mx01-ber.lab
+		mx01-[ber|bn|fr|muc|rd|sz].bfs.de
+		mx02-sz.bfs.de
+		uvi.bfs.de
+-->
+<ruleset name="Bundesamt für Strahlenschutz">
+	<!-- Federal Office for Radiation Protection -->
+
+	<target host="www.bfs.de" />
+	<target host="cloud.bfs.de" />
+	<target host="doris.bfs.de" />
+	<target host="era.bfs.de" />
+	<target host="extranet.bfs.de" />
+	<target host="filetransfer.bfs.de" />
+	<target host="hrq.bfs.de" />
+	<target host="idp.bfs.de" />
+	<target host="www.imis.bfs.de" />
+	<target host="lasair.bfs.de" />
+	<target host="odlinfo.bfs.de" />
+	<target host="ox-groupware.bfs.de" />
+	<target host="redmine-koala.bfs.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Bundesamt_fuer_Verfassungsschutz.xml b/src/chrome/content/rules/Bundesamt_fuer_Verfassungsschutz.xml
index 39c9fae10059..7a307735a997 100644
--- a/src/chrome/content/rules/Bundesamt_fuer_Verfassungsschutz.xml
+++ b/src/chrome/content/rules/Bundesamt_fuer_Verfassungsschutz.xml
@@ -1,9 +1,12 @@
 <ruleset name="Bundesamt für Verfassungsschutz">
-    <target host="verfassungsschutz.de" />
-    <target host="www.verfassungsschutz.de" />
 
-    <rule from="^https?://verfassungsschutz\.de/"
-        to="https://www.verfassungsschutz.de/" />
-    <rule from="^http://([^/:@]+)?\.verfassungsschutz\.de/"
-        to="https://$1.verfassungsschutz.de/" />
+	<target host="verfassungsschutz.de" />
+	<target host="www.verfassungsschutz.de" />
+	<target host="piwik.verfassungsschutz.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/Bundesamt_fuer_Wirtschaft_und_Ausfuhrkontrolle.xml b/src/chrome/content/rules/Bundesamt_fuer_Wirtschaft_und_Ausfuhrkontrolle.xml
new file mode 100644
index 000000000000..2411fd898be6
--- /dev/null
+++ b/src/chrome/content/rules/Bundesamt_fuer_Wirtschaft_und_Ausfuhrkontrolle.xml
@@ -0,0 +1,28 @@
+<!--
+	Invalid certificate:
+		www.elan.bafa.de
+		portal.bafa.de
+		sfr.bafa.de
+
+	Not found:
+		www.code.bafa.de
+
+	Timeout:
+		cms.bafa.de
+		www.pmfs.bafa.de
+-->
+<ruleset name="Bundesamt für Wirtschaft und Ausfuhrkontrolle">
+	<!-- Federal Office for Economic Affairs and Export Control -->
+
+	<target host="bafa.de" />
+	<target host="www.bafa.de" />
+	<target host="code.bafa.de" />
+	<target host="fms.bafa.de" />
+	<target host="formulare.bafa.de" />
+	<target host="karriere.bafa.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bundesanzeiger.de.xml b/src/chrome/content/rules/Bundesanzeiger.de.xml
new file mode 100644
index 000000000000..ce4fbde4663e
--- /dev/null
+++ b/src/chrome/content/rules/Bundesanzeiger.de.xml
@@ -0,0 +1,20 @@
+<!--
+	Refused:
+		smtp.bundesanzeiger.de
+		umstellung.bundesanzeiger.de
+-->
+<ruleset name="Bundesanzeiger.de">
+
+	<target host="bundesanzeiger.de" />
+	<target host="www.bundesanzeiger.de" />
+	<target host="auth.bundesanzeiger.de" />
+	<target host="infodienst.bundesanzeiger.de" />
+
+	<!-- Timeout on https://bundesanzeiger.de/,
+	http://bundesanzeiger.de/ redirects to http://www.bundesanzeiger.de/" -->
+	<rule from="^http://bundesanzeiger\.de/"
+		to="https://www.bundesanzeiger.de/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bundesarbeitsgericht.de.xml b/src/chrome/content/rules/Bundesarbeitsgericht.de.xml
new file mode 100644
index 000000000000..20a65e45f353
--- /dev/null
+++ b/src/chrome/content/rules/Bundesarbeitsgericht.de.xml
@@ -0,0 +1,12 @@
+<!--
+	Unable to get local issuer certificate:
+		www.bundesarbeitsgericht.de
+-->
+<ruleset name="Bundesarbeitsgericht.de">
+
+	<target host="juris.bundesarbeitsgericht.de" />
+	<target host="opac.bundesarbeitsgericht.de" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bundesarchiv.de.xml b/src/chrome/content/rules/Bundesarchiv.de.xml
new file mode 100644
index 000000000000..a3768b8571c7
--- /dev/null
+++ b/src/chrome/content/rules/Bundesarchiv.de.xml
@@ -0,0 +1,25 @@
+<!--
+	Invalid certificate:
+		www.argus.bundesarchiv.de
+		www.bibliothek.bundesarchiv.de
+		argus.bstu.bundesarchiv.de
+		www.argus.bstu.bundesarchiv.de
+		filmothek.bundesarchiv.de
+		www.pflichtregistrierung-film.bundesarchiv.de
+-->
+<ruleset name="Bundesarchiv.de">
+
+	<target host="bundesarchiv.de" />
+	<target host="www.bundesarchiv.de" />
+	<target host="apps.bundesarchiv.de" />
+	<target host="www.bild.bundesarchiv.de" />
+	<target host="ersterweltkrieg.bundesarchiv.de" />
+	<target host="www.ersterweltkrieg.bundesarchiv.de" />
+	<target host="www.filmothek.bundesarchiv.de" />
+	<target host="invenio.bundesarchiv.de" />
+	<target host="open-data.bundesarchiv.de" />
+	<target host="wiedervereinigung.bundesarchiv.de" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bundesbank.de.xml b/src/chrome/content/rules/Bundesbank.de.xml
new file mode 100644
index 000000000000..76ace03b8b0b
--- /dev/null
+++ b/src/chrome/content/rules/Bundesbank.de.xml
@@ -0,0 +1,54 @@
+<!--
+	Invalid certificate:
+		(www.)?glaeubiger-id
+		www.immobilien
+		onlinebanking
+		(www.)?target2
+
+	Timeout:
+		ebics-t1
+		extranet-t
+		newsletter
+		s504pmgwz1
+		s999mgwxx001a
+		s999mgwxx001p
+		s999mgwxx002a
+		s999mgwxx002p
+		smv
+		u999mgwxx001a
+		u999mgwxx001p
+		u999mgwxx002a
+		u999mgwxx002p
+
+	Unable to get local issuer certificate:
+		www.e-campus
+		www.onlinebanking
+-->
+<ruleset name="Bundesbank.de">
+
+	<target host="bundesbank.de" />
+	<target host="www.bundesbank.de" />
+	<target host="access-portal.bundesbank.de" />
+	<target host="access-portal-a.bundesbank.de" />
+	<target host="ap.bundesbank.de" />
+	<target host="ap-a.bundesbank.de" />
+	<target host="bargeldschulung.bundesbank.de" />
+	<target host="cic.bundesbank.de" />
+	<target host="www.cic.bundesbank.de" />
+	<target host="ebics.bundesbank.de" />
+	<target host="ebics-t.bundesbank.de" />
+	<target host="extranet.bundesbank.de" />
+	<target host="mittagsroulette.bundesbank.de" />
+	<target host="offline.bundesbank.de" />
+	<target host="www.publikationen.bundesbank.de" />
+	<target host="pwself.bundesbank.de" />
+	<target host="pwself-a.bundesbank.de" />
+	<target host="video.bundesbank.de" />
+	<target host="join.video.bundesbank.de" />
+	<target host="video-test.bundesbank.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bundesdruckerei.de.xml b/src/chrome/content/rules/Bundesdruckerei.de.xml
new file mode 100644
index 000000000000..0be449dd881b
--- /dev/null
+++ b/src/chrome/content/rules/Bundesdruckerei.de.xml
@@ -0,0 +1,37 @@
+<!--
+	Connection reset:
+		helpdesk.bundesdruckerei.de
+
+	Empty response:
+		mis.bundesdruckerei.de
+
+	Requires client certificate:
+		ems.bundesdruckerei.de
+		service.bundesdruckerei.de
+
+	Timeout:
+		aknsecgw.bundesdruckerei.de
+		eidservices.bundesdruckerei.de
+		mfk.bundesdruckerei.de
+		udp-test.bundesdruckerei.de
+-->
+<ruleset name="Bundesdruckerei.de">
+
+	<target host="bundesdruckerei.de" />
+	<target host="www.bundesdruckerei.de" />
+	<target host="bdrive.bundesdruckerei.de" />
+	<target host="conference.bundesdruckerei.de" />
+	<target host="interaktiv.bundesdruckerei.de" />
+	<target host="knock.bundesdruckerei.de" />
+	<target host="mic.bundesdruckerei.de" />
+	<target host="obp.bundesdruckerei.de" />
+	<target host="obp-test.bundesdruckerei.de" />
+	<target host="sign-me-dss.bundesdruckerei.de" />
+	<target host="support.bundesdruckerei.de" />
+	<target host="udp.bundesdruckerei.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bundesfinanzhof.de.xml b/src/chrome/content/rules/Bundesfinanzhof.de.xml
new file mode 100644
index 000000000000..9eadf3d96a13
--- /dev/null
+++ b/src/chrome/content/rules/Bundesfinanzhof.de.xml
@@ -0,0 +1,17 @@
+<!-- Federal Fiscal Court -->
+<ruleset name="Bundesfinanzhof.de">
+
+	<target host="bundesfinanzhof.de" />
+	<target host="www.bundesfinanzhof.de" />
+	<target host="juris.bundesfinanzhof.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<!-- Invalid certificate on https://bundesfinanzhof.de/,
+	http://bundesfinanzhof.de/ redirects to https://www.bundesfinanzhof.de/ -->
+	<rule from="^http://bundesfinanzhof\.de/"
+		to="https://www.bundesfinanzhof.de/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bundesfinanzministerium.de.xml b/src/chrome/content/rules/Bundesfinanzministerium.de.xml
new file mode 100644
index 000000000000..76c095b9e1fb
--- /dev/null
+++ b/src/chrome/content/rules/Bundesfinanzministerium.de.xml
@@ -0,0 +1,20 @@
+<!--
+	Invalid certificate:
+		- m.bundesfinanzministerium.de
+		- news.bundesfinanzministerium.de
+		- www.news.bundesfinanzministerium.de
+-->
+<ruleset name="Bundesfinanzministerium.de">
+	<!-- Federal Ministry of Finance -->
+
+	<target host="bundesfinanzministerium.de" />
+	<target host="www.bundesfinanzministerium.de" />
+	<target host="anmeldung.bundesfinanzministerium.de" />
+	<target host="registration.bundesfinanzministerium.de" />
+	<target host="streaming.bundesfinanzministerium.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bundesgerichtshof.de.xml b/src/chrome/content/rules/Bundesgerichtshof.de.xml
new file mode 100644
index 000000000000..a15999165b2b
--- /dev/null
+++ b/src/chrome/content/rules/Bundesgerichtshof.de.xml
@@ -0,0 +1,17 @@
+<!--
+	Timeout:
+		gesmat.bundesgerichtshof.de
+		www.gesmat.bundesgerichtshof.de
+-->
+<ruleset name="Bundesgerichtshof.de">
+	<!-- Federal Court of Justice -->
+
+	<target host="bundesgerichtshof.de" />
+	<target host="www.bundesgerichtshof.de" />
+	<target host="juris.bundesgerichtshof.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bundesgesundheitsministerium.de.xml b/src/chrome/content/rules/Bundesgesundheitsministerium.de.xml
new file mode 100644
index 000000000000..52c94e007e7a
--- /dev/null
+++ b/src/chrome/content/rules/Bundesgesundheitsministerium.de.xml
@@ -0,0 +1,22 @@
+<!--
+	Invalid certificate:
+		- mobile.bundesgesundheitsministerium.de
+		- pflegeleistungshelfer.bundesgesundheitsministerium.de
+		- tablet.bundesgesundheitsministerium.de
+
+	Refused:
+		- e-learning-pflege.bundesgesundheitsministerium.de
+		- informationsservice-pflege.bundesgesundheitsministerium.de
+-->
+<ruleset name="Bundesgesundheitsministerium.de">
+	<!-- Federal Ministry of Health -->
+
+	<target host="bundesgesundheitsministerium.de" />
+	<target host="www.bundesgesundheitsministerium.de" />
+	<target host="stage.bundesgesundheitsministerium.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bundesimmobilien.de.xml b/src/chrome/content/rules/Bundesimmobilien.de.xml
new file mode 100644
index 000000000000..6dacedacdd57
--- /dev/null
+++ b/src/chrome/content/rules/Bundesimmobilien.de.xml
@@ -0,0 +1,54 @@
+<!--
+	Timeout:
+		alfred.bundesimmobilien.de
+-->
+<ruleset name="Bundesimmobilien.de">
+
+	<target host="bundesimmobilien.de" />
+	<target host="www.bundesimmobilien.de" />
+	<target host="airpark-giebelstadt.bundesimmobilien.de" />
+	<target host="britenabzug.bundesimmobilien.de" />
+	<target host="datenraum.bundesimmobilien.de" />
+	<target host="erneuerbare-energien.bundesimmobilien.de" />
+	<target host="expo-real.bundesimmobilien.de" />
+	<target host="faszination-bunker.bundesimmobilien.de" />
+	<target host="hammonds.bundesimmobilien.de" />
+	<target host="herrichtungskosten.bundesimmobilien.de" />
+	<target host="konversion-aschaffenburg.bundesimmobilien.de" />
+	<target host="konversion-babenhausen.bundesimmobilien.de" />
+	<target host="konversion-darmstadt.bundesimmobilien.de" />
+	<target host="konversion-gatow.bundesimmobilien.de" />
+	<target host="konversion-hanau.bundesimmobilien.de" />
+	<target host="konversion-kampfmittel.bundesimmobilien.de" />
+	<target host="konversion-kitzingen.bundesimmobilien.de" />
+	<target host="konversion-koblenz.bundesimmobilien.de" />
+	<target host="konversion-muenster.bundesimmobilien.de" />
+	<target host="konversion-oldenburg.bundesimmobilien.de" />
+	<target host="konversion-osnabrueck.bundesimmobilien.de" />
+	<target host="konversion-preview.bundesimmobilien.de" />
+	<target host="konversion-trollenhagen.bundesimmobilien.de" />
+	<target host="kronprinzenpalais.bundesimmobilien.de" />
+	<target host="login.bundesimmobilien.de" />
+	<target host="lohheide.bundesimmobilien.de" />
+	<target host="medien.bundesimmobilien.de" />
+	<target host="meinbima.bundesimmobilien.de" />
+	<target host="meine-bima.bundesimmobilien.de" />
+	<target host="meinebima.bundesimmobilien.de" />
+	<target host="milacrm.bundesimmobilien.de" />
+	<target host="missione.bundesimmobilien.de" />
+	<target host="missione-campaign.bundesimmobilien.de" />
+	<target host="notunterbringung.bundesimmobilien.de" />
+	<target host="osterheide.bundesimmobilien.de" />
+	<target host="paragraph.bundesimmobilien.de" />
+	<target host="rhein-neckar.bundesimmobilien.de" />
+	<target host="schweinfurt.bundesimmobilien.de" />
+	<target host="verkaufsprojekte.bundesimmobilien.de" />
+
+	<!-- Timeout on https://bundesimmobilien.de/,
+	http://bundesimmobilien.de/ redirects to http://www.bundesimmobilien.de/ -->
+	<rule from="^http://bundesimmobilien\.de/"
+		to="https://www.bundesimmobilien.de/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bundeskanzlerin.xml b/src/chrome/content/rules/Bundeskanzlerin.xml
index 85aa295aabf2..a1e95e7d88af 100644
--- a/src/chrome/content/rules/Bundeskanzlerin.xml
+++ b/src/chrome/content/rules/Bundeskanzlerin.xml
@@ -2,7 +2,7 @@
     <target host="bundeskanzlerin.de" />
     <target host="*.bundeskanzlerin.de" />
 
-    <rule from="^https?://bundeskanzlerin\.de/"
+    <rule from="^http://bundeskanzlerin\.de/"
         to="https://www.bundeskanzlerin.de/"/>
     <rule from="^http://([^/:@]+)?\.bundeskanzlerin\.de/"
         to="https://$1.bundeskanzlerin.de/" />
diff --git a/src/chrome/content/rules/Bundeskartellamt.de.xml b/src/chrome/content/rules/Bundeskartellamt.de.xml
new file mode 100644
index 000000000000..51e675fd0d1c
--- /dev/null
+++ b/src/chrome/content/rules/Bundeskartellamt.de.xml
@@ -0,0 +1,20 @@
+<!--
+	This domain contains a wildcard DNS record.
+-->
+<ruleset name="Bundeskartellamt.de">
+	<!-- Federal Cartel Office -->
+
+	<target host="bundeskartellamt.de" />
+	<target host="www.bundeskartellamt.de" />
+	<target host="registrierung.bundeskartellamt.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<!-- Invalid certificate on https://bundeskartellamt.de/,
+	http://bundeskartellamt.de/ redirects to https://www.bundeskartellamt.de/ -->
+	<rule from="^http://bundeskartellamt\.de/"
+		to="https://www.bundeskartellamt.de/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bundesministerium_des_Innern.xml b/src/chrome/content/rules/Bundesministerium_des_Innern.xml
new file mode 100644
index 000000000000..a1c53b1c62b4
--- /dev/null
+++ b/src/chrome/content/rules/Bundesministerium_des_Innern.xml
@@ -0,0 +1,73 @@
+<!--
+	For other bund.de coverages, see Verwaltung_Online.xml.
+
+	Invalid certificate:
+		www.teamraum.115.de
+
+	Not found:
+		softwareplattform.schulung.d115.de
+		www.softwareplattform.schulung.d115.de
+		wmtest.d115.de
+
+	Mismatch on ^
+-->
+<ruleset name="Bundesministerium des Innern">
+	<!-- Federal Ministry of the Interior. -->
+
+	<target host="bmi.bund.de" />
+	<target host="www.bmi.bund.de" />
+	<target host="normenscreening.bmi.bund.de" />
+
+	<!-- Bevölkerungsschutzportal -->
+	<target host="bevoelkerungsschutz-portal.de" />
+	<target host="www.bevoelkerungsschutz-portal.de" />
+
+	<!-- 115 -->
+	<target host="115.de" />
+	<target host="www.115.de" />
+	<target host="mts.115.de" />
+	<target host="softwareplattform.115.de" />
+	<target host="teamraum.115.de" />
+	<target host="softwareplattform.test.115.de" />
+	<target host="d115.de" />
+	<target host="www.d115.de" />
+	<target host="softwareplattform.d115.de" />
+	<target host="www.softwareplattform.d115.de" />
+	<target host="softwareplattform.test.d115.de" />
+	<target host="www.softwareplattform.test.d115.de" />
+
+	<!-- Invalid certificate on https://bmi.bund.de/,
+		http://bmi.bund.de/ redirects to http://www.bmi.bund.de/ -->
+	<rule from="^http://bmi\.bund\.de/"
+		to="https://www.bmi.bund.de/" />
+	<!-- Invalid certificate on https://bevoelkerungsschutz-portal.de/,
+		http://bevoelkerungsschutz-portal.de/ redirects to http://www.bevoelkerungsschutz-portal.de/ -->
+	<rule from="^http://bevoelkerungsschutz-portal\.de/"
+		to="https://www.bevoelkerungsschutz-portal.de/" />
+	<!-- Invalid certificate on https://115.de/,
+		http://115.de/ redirects to http://www.115.de/ -->
+	<rule from="^http://115\.de/"
+		to="https://www.115.de/" />
+	<!-- Invalid certificate on https://d115.de/,
+		http://d115.de/ redirects to http://www.d115.de/ -->
+	<rule from="^http://d115\.de/"
+		to="https://www.d115.de/" />
+	<!-- Invalid certificate on https://softwareplattform.d115.de/,
+		http://softwareplattform.d115.de/ redirects to http://softwareplattform.115.de/ -->
+	<rule from="^http://softwareplattform\.d115\.de/"
+		to="https://softwareplattform.115.de/" />
+	<!-- Invalid certificate on https://www.softwareplattform.d115.de/,
+		http://www.softwareplattform.d115.de/ redirects to http://softwareplattform.115.de/ -->
+	<rule from="^http://www\.softwareplattform\.d115\.de/"
+		to="https://softwareplattform.115.de/" />
+	<!-- Invalid certificate on https://softwareplattform.test.d115.de/,
+		http://softwareplattform.test.d115.de/ redirects to http://softwareplattform.test.115.de/ -->
+	<rule from="^http://softwareplattform\.test\.d115\.de/"
+		to="https://softwareplattform.test.115.de/" />
+	<!-- Invalid certificate on https://www.softwareplattform.test.d115.de/,
+		http://www.softwareplattform.test.d115.de/ redirects to http://softwareplattform.test.115.de/ -->
+	<rule from="^http://www\.softwareplattform\.test\.d115\.de/"
+		to="https://softwareplattform.test.115.de/" />
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Bundesnachrichtendienst.xml b/src/chrome/content/rules/Bundesnachrichtendienst.xml
index 406650ea0cf9..bb115174a879 100644
--- a/src/chrome/content/rules/Bundesnachrichtendienst.xml
+++ b/src/chrome/content/rules/Bundesnachrichtendienst.xml
@@ -1,9 +1,10 @@
+<!--
+	For other bund.de coverages, see Verwaltung_Online.xml.
+-->
 <ruleset name="Bundesnachrichtendienst">
     <target host="bnd.bund.de" />
     <target host="www.bnd.bund.de" />
 
-    <rule from="^https?://bnd\.bund\.de/"
-        to="https://www.bnd.bund.de/" />
-    <rule from="^http://([^/:@]+)?\.bnd\.bund\.de/"
-        to="https://$1.bnd.bund.de/" />
+    <rule from="^http:"
+        to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Bundesnetzagentur.xml b/src/chrome/content/rules/Bundesnetzagentur.xml
index 3a474af1f462..803459b26d11 100644
--- a/src/chrome/content/rules/Bundesnetzagentur.xml
+++ b/src/chrome/content/rules/Bundesnetzagentur.xml
@@ -1,11 +1,58 @@
+<!--
+	Invalid certificate:
+		hcm.bundesnetzagentur.de
+
+	Rejected:
+		anu.bundesnetzagentur.de
+		bo2005.bundesnetzagentur.de
+		dialer09009.bundesnetzagentur.de
+		emf2.bundesnetzagentur.de
+		emf3.bundesnetzagentur.de
+		rufnummer0180.bundesnetzagentur.de
+		rufnummer0700.bundesnetzagentur.de
+		rufnummer0800.bundesnetzagentur.de
+		rufnummer0900.bundesnetzagentur.de
+		rufnummernsuche-mwd.bundesnetzagentur.de
+
+-->
 <ruleset name="Bundesnetzagentur">
 
-	<target host="bundesnetzagentur.de"/>
-	<target host="www.bundesnetzagentur.de"/>
+	<target host="bundesnetzagentur.de" />
+	<target host="www.bundesnetzagentur.de" />
+	<target host="afu.bundesnetzagentur.de" />
+	<target host="app.bundesnetzagentur.de" />
+	<target host="datenportal.bundesnetzagentur.de" />
+	<target host="dialer.bundesnetzagentur.de" />
+	<target host="emf_ltecheck.bundesnetzagentur.de" />
+	<target host="gbg2.bundesnetzagentur.de" />
+	<target host="isa.bundesnetzagentur.de" />
+	<target host="rd.bundesnetzagentur.de" />
+	<target host="remit.bundesnetzagentur.de" />
+	<target host="ssc.bundesnetzagentur.de" />
+
+	<!-- Netzausbau -->
+	<target host="netzausbau.de" />
+	<target host="www.netzausbau.de" />
+	<target host="data.netzausbau.de" />
+	<target host="plus.netzausbau.de" />
+	<target host="www.plus.netzausbau.de" />
+
+	<securecookie host="^www\.bundesnetzagentur\.de$" name=".+" />
 
-	<securecookie host="^www\.bundesnetzagentur\.de$" name=".*"/>
+	<!-- Rejected on https://bundesnetzagentur.de/,
+	http://bundesnetzagentur.de/ redirects to http://www.bundesnetzagentur.de/ -->
+	<rule from="^http://bundesnetzagentur\.de/"
+		to="https://www.bundesnetzagentur.de/" />
+	<!-- Rejected on https://netzausbau.de/,
+	http://netzausbau.de/ redirects to http://www.netzausbau.de/ -->
+	<rule from="^http://netzausbau\.de/"
+		to="https://www.netzausbau.de/" />
+	<!-- Rejected on https://www.plus.netzausbau.de/,
+	http://www.plus.netzausbau.de/ redirects to http://plus.netzausbau.de/ -->
+	<rule from="^http://www\.plus\.netzausbau\.de/"
+		to="https://plus.netzausbau.de/" />
 
-	<rule from="^http://(?:www\.)?bundesnetzagentur\.de/"
-		to="https://www.bundesnetzagentur.de/"/>
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Bundespatentgericht.de.xml b/src/chrome/content/rules/Bundespatentgericht.de.xml
new file mode 100644
index 000000000000..0f6b391d14ba
--- /dev/null
+++ b/src/chrome/content/rules/Bundespatentgericht.de.xml
@@ -0,0 +1,11 @@
+<ruleset name="Bundespatentgericht.de">
+	<!-- Federal Patent Court -->
+
+	<target host="www.bundespatentgericht.de" />
+	<target host="juris.bundespatentgericht.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bundespolizei.xml b/src/chrome/content/rules/Bundespolizei.xml
index 2a7e7ce3dafa..e7de23df4d85 100644
--- a/src/chrome/content/rules/Bundespolizei.xml
+++ b/src/chrome/content/rules/Bundespolizei.xml
@@ -2,7 +2,7 @@
     <target host="bundespolizei.de" />
     <target host="*.bundespolizei.de" />
 
-    <rule from="^https?://bundespolizei\.de/"
+    <rule from="^http://bundespolizei\.de/"
         to="https://www.bundespolizei.de/"/>
     <rule from="^http://([^/:@]+)?\.bundespolizei\.de/"
         to="https://$1.bundespolizei.de/" />
diff --git a/src/chrome/content/rules/Bundespraesident.de.xml b/src/chrome/content/rules/Bundespraesident.de.xml
new file mode 100644
index 000000000000..b6d6e1398d0c
--- /dev/null
+++ b/src/chrome/content/rules/Bundespraesident.de.xml
@@ -0,0 +1,11 @@
+<ruleset name="Bundespraesident.de">
+	<!-- Federal President -->
+
+	<target host="bundespraesident.de" />
+	<target host="www.bundespraesident.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bundesrat.de.xml b/src/chrome/content/rules/Bundesrat.de.xml
new file mode 100644
index 000000000000..2cc2115529f0
--- /dev/null
+++ b/src/chrome/content/rules/Bundesrat.de.xml
@@ -0,0 +1,6 @@
+<ruleset name="Bundesrat.de">
+  <target host="bundesrat.de" />
+  <target host="www.bundesrat.de" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Bundesrechnungshof.de.xml b/src/chrome/content/rules/Bundesrechnungshof.de.xml
new file mode 100644
index 000000000000..751532bb72d7
--- /dev/null
+++ b/src/chrome/content/rules/Bundesrechnungshof.de.xml
@@ -0,0 +1,12 @@
+<!--
+	This domain contains a wildcard DNS record.
+-->
+<ruleset name="Bundesrechnungshof.de">
+
+	<target host="bundesrechnungshof.de" />
+	<target host="www.bundesrechnungshof.de" />
+	<target host="staging.bundesrechnungshof.de" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bundesverband_IT-Mittelstand.xml b/src/chrome/content/rules/Bundesverband_IT-Mittelstand.xml
index 21daecdbfc7b..285531be87ba 100644
--- a/src/chrome/content/rules/Bundesverband_IT-Mittelstand.xml
+++ b/src/chrome/content/rules/Bundesverband_IT-Mittelstand.xml
@@ -12,4 +12,4 @@
 	<rule from="^http://(?:www\.)?bitmi\.de/"
 		to="https://bitmi.de/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Bundesverfassungsgericht.xml b/src/chrome/content/rules/Bundesverfassungsgericht.xml
index 2a852da491fc..60dcc2fa179f 100644
--- a/src/chrome/content/rules/Bundesverfassungsgericht.xml
+++ b/src/chrome/content/rules/Bundesverfassungsgericht.xml
@@ -1,9 +1,11 @@
-<ruleset name="Bundesverfassungsgericht">
+<ruleset name="Bundesverfassungsgericht.de">
   <target host="www.bundesverfassungsgericht.de" />
   <target host="bundesverfassungsgericht.de" />
   <target host="www.bverfg.de" />
-  <target host="bverfg.de" />
+  <!-- no DNS entry for bverfg.de -->
 
-  <rule from="^http://(www\.)?bundesverfassungsgericht\.de/" to="https://www.bundesverfassungsgericht.de/"/>
-  <rule from="^http://(www\.)?bverfg\.de/" to="https://www.bundesverfassungsgericht.de/"/>
+  <securecookie host="^(.*\.)?bundesverfassungsgericht\.de$" name=".+" />
+  <securecookie host="^(.*\.)?bverfg\.de$" name=".+" />
+
+  <rule from="^http:" to="https:"/>
 </ruleset>
diff --git a/src/chrome/content/rules/Bundeswehr-Karriere.de.xml b/src/chrome/content/rules/Bundeswehr-Karriere.de.xml
new file mode 100644
index 000000000000..5493680ff8e0
--- /dev/null
+++ b/src/chrome/content/rules/Bundeswehr-Karriere.de.xml
@@ -0,0 +1,17 @@
+<!--
+	For other Bundeswehr rulesets, see: Bundeswehr.de.xml
+
+	See also: BundeswehrKarriere.de.xml
+-->
+<ruleset name="Bundeswehr-Karriere.de">
+
+	<target host="bundeswehr-karriere.de" />
+	<target host="www.bundeswehr-karriere.de" />
+	<target host="bewerbung.bundeswehr-karriere.de" />
+	<target host="mil.bundeswehr-karriere.de" />
+	<target host="ziv.bundeswehr-karriere.de" />
+	<target host="www.ziv.bundeswehr-karriere.de" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bundeswehr.de.xml b/src/chrome/content/rules/Bundeswehr.de.xml
new file mode 100644
index 000000000000..b22832cec612
--- /dev/null
+++ b/src/chrome/content/rules/Bundeswehr.de.xml
@@ -0,0 +1,58 @@
+<!--
+	Other Bundeswehr rulesets:
+		BundeswehrEntdecken.de.xml
+		Bundeswehr-Karriere.de.xml
+		BundeswehrKarriere.de.xml
+
+	Invalid certificate:
+		www.kinderbetreuung.bundeswehr.de
+		treff.bundeswehr.de
+
+	Rejected:
+		www.bildungszentrum.bundeswehr.de
+		cir.bundeswehr.de
+		www.einsatz.bundeswehr.de
+		www.hns.bundeswehr.de
+		www.ieb.bundeswehr.de
+		www.innerefuehrung.bundeswehr.de
+		(www.)?iud.bundeswehr.de
+		www.iudbw.bundeswehr.de
+		www.logistikzentrum.bundeswehr.de
+		www.luftfahrtamt.bundeswehr.de
+		www.mad.bundeswehr.de
+		www.militaermusik.bundeswehr.de
+		www.militaerseelsorge.bundeswehr.de
+		(www.)?eka.militaerseelsorge.bundeswehr.de
+		(www.)?kmba.militaerseelsorge.bundeswehr.de
+		www.personal.bundeswehr.de
+		www.planungsamt.bundeswehr.de
+		www.radio-andernach.bundeswehr.de
+		www.reservisten.bundeswehr.de
+		www.sanitaetsdienst.bundeswehr.de
+		www.sdbw.bundeswehr.de
+		www.lkdo-nw.skb.bundeswehr.de
+		www.sozialdienst.bundeswehr.de
+		www.sportschule.bundeswehr.de
+		www.streitkraefteamt.bundeswehr.de
+		www.streitkraefteunterstuetzungskommando.bundeswehr.de
+		www.untrgcentre.bundeswehr.de
+		www.wachbataillon.bundeswehr.de
+		www.zentrum-transformation.bundeswehr.de
+		www.zinfoabw.bundeswehr.de
+
+	Timeout:
+		anw.bfd.bundeswehr.de
+
+-->
+<ruleset name="Bundeswehr.de">
+
+	<target host="bundeswehr.de" />
+	<target host="www.bundeswehr.de" />
+	<target host="epublikationen.bundeswehr.de" />
+	<target host="ssl.bundeswehr.de" />
+	<target host="statistik.bundeswehr.de" />
+		<test url="http://statistik.bundeswehr.de/robots.txt" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BundeswehrEntdecken.de.xml b/src/chrome/content/rules/BundeswehrEntdecken.de.xml
new file mode 100644
index 000000000000..45d6de7e455d
--- /dev/null
+++ b/src/chrome/content/rules/BundeswehrEntdecken.de.xml
@@ -0,0 +1,11 @@
+<!--
+	For other Bundeswehr rulesets, see: Bundeswehr.de.xml
+-->
+<ruleset name="BundeswehrEntdecken.de">
+
+	<target host="bundeswehrentdecken.de" />
+	<target host="www.bundeswehrentdecken.de" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BundeswehrKarriere.de.xml b/src/chrome/content/rules/BundeswehrKarriere.de.xml
new file mode 100644
index 000000000000..819a14aa4f06
--- /dev/null
+++ b/src/chrome/content/rules/BundeswehrKarriere.de.xml
@@ -0,0 +1,17 @@
+<!--
+	For other Bundeswehr rulesets, see: Bundeswehr.de.xml
+
+	See also: Bundeswehr-Karriere.de.xml
+-->
+<ruleset name="BundeswehrKarriere.de">
+
+	<target host="bundeswehrkarriere.de" />
+	<target host="www.bundeswehrkarriere.de" />
+	<target host="bewerbung.bundeswehrkarriere.de" />
+	<target host="media.bundeswehrkarriere.de" />
+	<target host="statistik.bundeswehrkarriere.de" />
+		<test url="http://statistik.bundeswehrkarriere.de/piwik.js" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bundle.media.xml b/src/chrome/content/rules/Bundle.media.xml
new file mode 100644
index 000000000000..6a8601fc50d7
--- /dev/null
+++ b/src/chrome/content/rules/Bundle.media.xml
@@ -0,0 +1,27 @@
+<!--
+	(www.)?: Refused
+
+
+	Insecure cookies are set for these domains:
+
+		- .bundle.media
+
+-->
+<ruleset name="bundle.media (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="production-assets.bundle.media" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.bundle\.media$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.bundle\.media$" name="^(?:__cfduid|cf_clearance)$" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bundler.io.xml b/src/chrome/content/rules/Bundler.io.xml
new file mode 100644
index 000000000000..6629d9a5abf5
--- /dev/null
+++ b/src/chrome/content/rules/Bundler.io.xml
@@ -0,0 +1,5 @@
+<ruleset name="Bundler.io">
+	<target host="bundler.io" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Bundlestars.com.xml b/src/chrome/content/rules/Bundlestars.com.xml
new file mode 100644
index 000000000000..2007b396f36a
--- /dev/null
+++ b/src/chrome/content/rules/Bundlestars.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Bundlestars.com">
+	<target host="bundlestars.com" />
+	<target host="www.bundlestars.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Bungie.xml b/src/chrome/content/rules/Bungie.xml
index 51b112f49327..41f04a1eac37 100644
--- a/src/chrome/content/rules/Bungie.xml
+++ b/src/chrome/content/rules/Bungie.xml
@@ -2,5 +2,5 @@
   <target host="www.bungie.net" />
   <target host="bungie.net" />
 
-  <rule from="^http://(?:www\.)?bungie\.net/" to="https://www.bungie.net/"/>
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Bunkus.xml b/src/chrome/content/rules/Bunkus.xml
deleted file mode 100644
index d70fd20cad30..000000000000
--- a/src/chrome/content/rules/Bunkus.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Bunkus.org" platform="mixedcontent">
-
-	<target host="bunkus.org" />
-	<target host="*.bunkus.org" />
-
-
-	<securecookie host="^(?:trac\.)?bunkus\.org$" name=".+" />
-
-
-	<rule from="^http://(trac\.|www\.)?bunkus\.org/"
-		to="https://$1bunkus.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Bunnie_Huang.xml b/src/chrome/content/rules/Bunnie_Huang.xml
new file mode 100644
index 000000000000..05107d2104b5
--- /dev/null
+++ b/src/chrome/content/rules/Bunnie_Huang.xml
@@ -0,0 +1,20 @@
+<!--
+	Nonfunctional hosts in *.bunniestudios.com:
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Bunnie Huang">
+	<target host="bunniestudios.com" />
+	<target host="www.bunniestudios.com" />
+                <test url="http://www.bunniestudios.com/blog/?p=3554" />
+
+	<target host="bunniefoo.com" />
+	<target host="www.bunniefoo.com" />
+                <test url="http://www.bunniefoo.com/welcome/default/index" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Bupa.xml b/src/chrome/content/rules/Bupa.xml
index 76dedd714371..5967734d4187 100644
--- a/src/chrome/content/rules/Bupa.xml
+++ b/src/chrome/content/rules/Bupa.xml
@@ -1,17 +1,14 @@
-<!--
-	!www: cert only matches www
-
--->
 <ruleset name="Bupa">
-
 	<target host="bupa.com" />
 	<target host="www.bupa.com" />
 
+	<test url="http://bupa.com/welcome/" />
+	<test url="http://www.bupa.com/welcome/" />
 
-	<securecookie host="^www\.bupa\.com$" name=".+" />
-
+	<exclusion pattern="^http://(www\.)?bupa\.com/$" />
 
-	<rule from="^http://(?:www\.)?bupa\.com/"
-		to="https://www.bupa.com/" />
+	<securecookie host="^(www\.)?bupa\.com$" name=".+" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/BureauofInfrastructureTransportandRegionalEconomics.xml b/src/chrome/content/rules/BureauofInfrastructureTransportandRegionalEconomics.xml
new file mode 100644
index 000000000000..3b5ab12aeced
--- /dev/null
+++ b/src/chrome/content/rules/BureauofInfrastructureTransportandRegionalEconomics.xml
@@ -0,0 +1,7 @@
+<ruleset name="Bureau of Infrastructure, Transport and Regional Economics">
+	<target host="bitre.gov.au" />
+	<target host="www.bitre.gov.au" />
+
+	<rule from="^http://(?:www\.)?bitre\.gov\.au/"
+		to="https://www.bitre.gov.au/" />
+</ruleset>
diff --git a/src/chrome/content/rules/Burlington_Free_Press.xml b/src/chrome/content/rules/Burlington_Free_Press.xml
index 2c32e0c91f77..8527d2686733 100644
--- a/src/chrome/content/rules/Burlington_Free_Press.xml
+++ b/src/chrome/content/rules/Burlington_Free_Press.xml
@@ -11,13 +11,14 @@
 <ruleset name="Burlington Free Press">
 
 	<target host="burlingtonfreepress.com" />
-	<target host="*.burlingtonfreepress.com" />
+	<target host="cmsimg.burlingtonfreepress.com" />
+	<target host="www.burlingtonfreepress.com" />
 
 
 	<securecookie host="^www\.burlingtonfreepress\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:cmsimg\.|www\.)?burlingtonfreepress\.com/"
+	<rule from="^http://(?:cmsimg\.|www\.)?burlingtonfreepress\.com/"
 		to="https://www.burlingtonfreepress.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/BurmaMuslims.org.xml b/src/chrome/content/rules/BurmaMuslims.org.xml
new file mode 100644
index 000000000000..e5bbf428b31e
--- /dev/null
+++ b/src/chrome/content/rules/BurmaMuslims.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="BurmaMuslims.org">
+	<target host="burmamuslims.org" />
+	<target host="www.burmamuslims.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Burning-Shed.xml b/src/chrome/content/rules/Burning-Shed.xml
index 6a74dc60342b..3c253e29da8c 100644
--- a/src/chrome/content/rules/Burning-Shed.xml
+++ b/src/chrome/content/rules/Burning-Shed.xml
@@ -4,9 +4,7 @@
 	<target host="burningshed.com" />
 	<target host="www.burningshed.com" />
 
-	<securecookie host="^(www\.)?burningshed\.co(m|(\.uk))$"
-			name=".+" />
+	<securecookie host="^(?:www\.)?burningshed\.co(?:m|(?:\.uk))$" name=".+" />
 
-	<rule from="^http://(www\.)?burningshed\.co(m|(\.uk))/"
-		to="https://$1burningshed.co$2/" />
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Burnley.gov.uk-falsemixed.xml b/src/chrome/content/rules/Burnley.gov.uk-falsemixed.xml
new file mode 100644
index 000000000000..fceb219b879c
--- /dev/null
+++ b/src/chrome/content/rules/Burnley.gov.uk-falsemixed.xml
@@ -0,0 +1,17 @@
+<!--
+	For rules not causing false/broken MCB, see Burnley.gov.uk.xml.
+
+-->
+<ruleset name="Burnley.gov.uk (false MCB)" platform="mixedcontent">
+
+	<target host="burnley.gov.uk" />
+	<target host="www.burnley.gov.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Burnley.gov.uk.xml b/src/chrome/content/rules/Burnley.gov.uk.xml
new file mode 100644
index 000000000000..73afc9cbd839
--- /dev/null
+++ b/src/chrome/content/rules/Burnley.gov.uk.xml
@@ -0,0 +1,50 @@
+<!--
+	Burnley Borough Council
+
+	For rules causing false/broken MCB, see Burnley.gov.uk-falsemixed.xml.
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *burnley.gov.uk:
+
+		- licensing ʳ
+
+	ʳ Refused
+
+
+	Insecure cookies are set for these hosts:
+
+		- your.burnley.gov.uk
+
+
+	Mixed content:
+
+		- css on (www.)? from www.burnley.gov.uk ˢ
+
+		- Images, on:
+
+			- (www.)? from l.yimg.com ˢ
+			- (www.)? from www.burnley.gov.uk ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="Burnley.gov.uk (partial)">
+
+	<!--target host="burnley.gov.uk" /-->
+	<!--target host="www.burnley.gov.uk" /-->
+	<target host="your.burnley.gov.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^your\.burnley\.gov\.uk$" name="^AWSELB$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BurstNET.xml b/src/chrome/content/rules/BurstNET.xml
index 79f80920de75..a21b3a1b207d 100644
--- a/src/chrome/content/rules/BurstNET.xml
+++ b/src/chrome/content/rules/BurstNET.xml
@@ -1,4 +1,14 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://service.burst.net/ => https://service.burst.net/: (6, 'Could not resolve host: www.clients.hostwinds.com')
+Fetch error: http://support.burst.net/ => https://support.burst.net/: (6, 'Could not resolve host: www.clients.hostwinds.com')
+Fetch error: http://burstnet.eu/ => https://burstnet.eu/: (51, "SSL: no alternative certificate subject name matches target host name 'burstnet.eu'")
+Fetch error: http://service.burstnet.eu/ => https://service.burstnet.eu/: (51, "SSL: no alternative certificate subject name matches target host name 'service.burstnet.eu'")
+Fetch error: http://www.burstnet.eu/ => https://www.burstnet.eu/: (51, "SSL: no alternative certificate subject name matches target host name 'www.burstnet.eu'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://burstnet.eu/ => https://burstnet.eu/: (28, 'Connection timed out after 10000 milliseconds')
 	Suggested by Christopher Liu
 
 		https://mail1.eff.org/pipermail/https-everywhere-rules/2012-April/001096.html
@@ -9,21 +19,20 @@
 		- forums.burst.net	(times out)
 
 -->
-<ruleset name="BurstNET (partial)" platform="mixedcontent">
+<ruleset name="BurstNET (partial)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="burst.net" />
-	<target host="*.burst.net" />
+	<target host="service.burst.net" />
+	<target host="support.burst.net" />
+	<target host="www.burst.net" />
 	<target host="burstnet.eu" />
-	<target host="*.burstnet.eu" />
+	<target host="service.burstnet.eu" />
+	<target host="www.burstnet.eu" />
 
 
 	<securecookie host="^.+\.burst(?:\.net|net\.eu)$" name=".+" />
 
 
-	<rule from="^http://(service\.|support\.|www\.)?burst\.net/"
-		to="https://$1burst.net/" />
-
-	<rule from="^http://(service\.|www\.)?burstnet\.eu/"
-		to="https://$1burstnet.eu/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Burst_Media.xml b/src/chrome/content/rules/Burst_Media.xml
index b1bca5ce0b96..60036aa8f2e8 100644
--- a/src/chrome/content/rules/Burst_Media.xml
+++ b/src/chrome/content/rules/Burst_Media.xml
@@ -1,18 +1,23 @@
-<!--
-	Other Burst Media rulesets:
 
-		- Burstnet.xml
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://burstmedia.co.uk/ => https://www.burstmedia.co.uk/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.burstmedia.co.uk/ => https://www.burstmedia.co.uk/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://burstmedia.com/ => https://www.burstmedia.com/: (28, 'Connection timed out after 20000 milliseconds')
 
+Disabled by https-everywhere-checker because:
+Fetch error: http://burstmedia.co.uk/ => https://www.burstmedia.co.uk/: (7, 'Failed to connect to www.burstmedia.co.uk port 443: Connection refused')
+Fetch error: http://www.burstmedia.co.uk/ => https://www.burstmedia.co.uk/: (7, 'Failed to connect to www.burstmedia.co.uk port 443: Connection refused')
 
 	!www: cert only matches www
 
 -->
-<ruleset name="Burst Media">
+<ruleset name="Burst Media" default_off="failed ruleset test">
 
 	<target host="burstmedia.co.uk" />
 	<target host="www.burstmedia.co.uk" />
 	<target host="burstmedia.com" />
-	<target host="*.burstmedia.com" />
+	<target host="www.burstmedia.com" />
 
 
 	<securecookie host="^(?:www)?\.burstmedia\.co(?:\.uk|m)$" name=".+" />
@@ -21,4 +26,4 @@
 	<rule from="^http://(?:www\.)?burstmedia\.co(\.uk|m)/"
 		to="https://www.burstmedia.co$1/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Burstnet.com.xml b/src/chrome/content/rules/Burstnet.com.xml
index 74ee0d232043..d892552d087c 100644
--- a/src/chrome/content/rules/Burstnet.com.xml
+++ b/src/chrome/content/rules/Burstnet.com.xml
@@ -7,15 +7,12 @@
 -->
 <ruleset name="Burstnet">
 
-	<target host="*.burstnet.com" />
+	<target host="www.burstnet.com" />
 
 
 	<!--	Tracking cookies:
 					-->
-	<securecookie host="^\.burstnet\.com$" name="^BI\d+$" />
 
+	<rule from="^http:" to="https:" />
 
-	<rule from="^http://www\.burstnet\.com/"
-		to="https://www.burstnet.com/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Burt-mismatches.xml b/src/chrome/content/rules/Burt-mismatches.xml
index adb6748df5f5..a3baad29074a 100644
--- a/src/chrome/content/rules/Burt-mismatches.xml
+++ b/src/chrome/content/rules/Burt-mismatches.xml
@@ -1,8 +1,8 @@
 <!--
-	For rules that are on by default, see Burt.xml.
+	For rules that are on by default, see Burt_hub.com.xml.
 
 -->
-<ruleset name="Burt (mismatches)" default_off="mismatch">
+<ruleset name="Burt (mismatches)" default_off="mismatched">
 
 	<!--	Cert: *.richmetrics.com
 					-->
@@ -12,7 +12,7 @@
 
 	<!--	!www doesn't work.
 					-->
-	<rule from="^https?://(?:www\.)?burtcorp\.com/"
+	<rule from="^http://(?:www\.)?burtcorp\.com/"
 		to="https://www.burtcorp.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Burt.io.xml b/src/chrome/content/rules/Burt.io.xml
new file mode 100644
index 000000000000..a325eaf4575b
--- /dev/null
+++ b/src/chrome/content/rules/Burt.io.xml
@@ -0,0 +1,15 @@
+<!--
+	For other Burt coverage, see Burt_hub.com.xml.
+
+
+	^: dropped
+
+-->
+<ruleset name="Burt.io (partial)">
+
+	<target host="m.burt.io" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Burt.xml b/src/chrome/content/rules/Burt.xml
deleted file mode 100644
index 5ed3df539fdc..000000000000
--- a/src/chrome/content/rules/Burt.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	For problematic rules, see Burt-mismatches.xml.
-
-
-	CDN buckets:
-
-		- burt-assets.s3.amazonaws.com
-
-
-	Nonfunctional domains:
-
-		- blog.burt.com		(hosted on Tumblr)
-
--->
-<ruleset name="Burt (partial)">
-
-	<target host="measure.richmetrics.com" />
-
-
-	<rule from="^https?://measure.richmetrics.com/"
-		to="https://d3q6px0y2suh5n.cloudfront.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Burt_hub.com.xml b/src/chrome/content/rules/Burt_hub.com.xml
new file mode 100644
index 000000000000..117162309e85
--- /dev/null
+++ b/src/chrome/content/rules/Burt_hub.com.xml
@@ -0,0 +1,47 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://help.burthub.com/ => https://help.burthub.com/: Too many redirects while fetching 'https://help.burthub.com/'
+
+	For problematic rules, see Burt-mismatches.xml.
+
+
+	Other Burt rulesets:
+
+		- Burt.io.xml
+
+
+	CDN buckets:
+
+		- burthub.s3.amazonaws.com
+
+
+	Mixed content:
+
+		- Images, on help from:
+
+			- burthub.s3.amazonaws.com *
+			- burtcorp.com
+
+		- Web bug on help from use.typekit.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Burt hub.com" default_off="failed ruleset test">
+
+	<target host="burthub.com" />
+	<target host="help.burthub.com" />
+	<target host="www.burthub.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.burthub\.com$" name="^angie_production$" /-->
+
+	<securecookie host="^\.burthub\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Buscape-mismatches.xml b/src/chrome/content/rules/Buscape-mismatches.xml
index 1fc1ba4bf741..f4b0c433388d 100644
--- a/src/chrome/content/rules/Buscape-mismatches.xml
+++ b/src/chrome/content/rules/Buscape-mismatches.xml
@@ -1,11 +1,13 @@
-<ruleset name="Buscapé (mismatches)" default_off="mismatch">
+<!--
+	For rules that are on by default, see Buscape.xml.
 
-	<!-- cert: *.r.anankecdn.com.br		-->
-	<target host="imagem.buscape.com.br"/>
-	<target host="thumbs.buscape.com.br"/>
+-->
+<ruleset name="Buscapé (mismatches)" default_off="mismatched">
 
-	<!--	imagem is not equivalent to thumbs	-->
-	<rule from="^http://(imagem|thumbs)\.buscape\.com\.br/"
-		to="https://$1.buscape.com.br/"/>
+	<target host="developer.buscape.com.br"/>
+
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Buscape.xml b/src/chrome/content/rules/Buscape.xml
deleted file mode 100644
index db945c3738a3..000000000000
--- a/src/chrome/content/rules/Buscape.xml
+++ /dev/null
@@ -1,33 +0,0 @@
-<!--
-	!functional:
-		- busca.buscape.com.br
-		- image.buscape.com		(Akamai; "Service unavailable"; not on www)
-		- preco2.buscape.com.br
-		- templates.bunscape.com(.br)
-		- www2.buscape.com.br
-
-	See Buscape-mismatches.xml for problematic rules.
--->
-<ruleset name="Buscapé (partial)" default_off="mismatch">
-
-	<target host="buscape.com"/>
-	<target host="www.buscape.com"/>
-	<target host="buscape.com.br"/>
-	<target host="parceiro.buscape.com.br"/>
-	<target host="s.bunscape.com.br"/>
-	<target host="www.buscape.com.br"/>
-
-	<!--	encountered cookies:
-			- .buscape.com
-			- .buscape.com.br
-		Are these used on unsecurable domains?	-->
-
-	<!--	!www:	timeout
-		s:	Akamai	-->
-	<rule from="^http://(?:s\.)?buscape\.com(\.br)?/"
-		to="https://www.buscape.com$1/"/>
-
-	<rule from="^http://(parceiro|www)\.buscape\.com\.br/"
-		to="https://$1.buscape.com.br/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/BusinessInformant.de.xml b/src/chrome/content/rules/BusinessInformant.de.xml
new file mode 100644
index 000000000000..906387c278e5
--- /dev/null
+++ b/src/chrome/content/rules/BusinessInformant.de.xml
@@ -0,0 +1,18 @@
+<!--
+	Cert mismatch:
+		-  mail
+
+-->
+<ruleset name="BusinessInformant.de">
+
+	<target host="www.business-informant.de" />
+	<target host="evm.business-informant.de" />
+	<target host="links.business-informant.de" />
+	<target host="newsabo.business-informant.de" />
+
+	<test url="http://evm.business-informant.de/event.php" />
+
+		<exclusion pattern="http://evm\.business-informant\.de/$" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/BusinessInsider.xml b/src/chrome/content/rules/BusinessInsider.xml
index bd10f39640db..bc0c162d8fca 100644
--- a/src/chrome/content/rules/BusinessInsider.xml
+++ b/src/chrome/content/rules/BusinessInsider.xml
@@ -8,59 +8,100 @@
 			- static.businessinsider.com
 
 
-	Nonfunctional subdomains:
+	Nonfunctional hosts in *businessinsider.com:
 
-		- articles	(403; CN: ssl2?.cdngc.net)
-		- jobs		(CN: *.jobamatic.com)
+		- articles ¹
+		- jobs ²
 
+	¹ 403; CN: ssl2?.cdngc.net
+	² CN: *.jobamatic.com
 
-	Problematic subdomains:
 
-		- static	(works; mismatched, CN: gp1.wac.edgecastcdn.net)
+	Problematic hosts in *businessinsider.com:
 
+		- au *
 
-	Partially covered subdomains:
+	* Mismatched
 
-		- au.businessinsider.com	(some pages redirect to http)
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .businessinsider.com
+		- intelligence.businessinsider.com
 
 -->
-<ruleset name="BuisnessInsider (partial)">
+<ruleset name="BusinessInsider.com (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="businessinsider.com" />
-	<target host="*.businessinsider.com" />
-		<!--
-			Many pages redirect to http.
+	<target host="intelligence.businessinsider.com" />
+	<target host="static.businessinsider.com" />
+	<target host="static-bii.businessinsider.com" />
+	<target host="static-ssl.businessinsider.com" />
+	<target host="static1.businessinsider.com" />
+	<target host="static2.businessinsider.com" />
+	<target host="static3.businessinsider.com" />
+	<target host="static4.businessinsider.com" />
+	<target host="static5.businessinsider.com" />
+	<target host="static6.businessinsider.com" />
+	<target host="static7.businessinsider.com" />
+	<target host="static8.businessinsider.com" />
+
+	<!--	Fix broken video, see:
+			https://github.com/EFForg/https-everywhere/issues/5014 -->
+		<exclusion pattern="^http://static(\d|-ssl)?.businessinsider.com/assets/js/app/partners/ooyala/skin.json$" />
+		<test url="http://static.businessinsider.com/assets/js/app/partners/ooyala/skin.json" />
+		<test url="http://static1.businessinsider.com/assets/js/app/partners/ooyala/skin.json" />
+		<test url="http://static-ssl.businessinsider.com/assets/js/app/partners/ooyala/skin.json" />
+
+	<target host="static1.uk.businessinsider.com" />
+	<target host="static2.uk.businessinsider.com" />
+	<target host="static3.uk.businessinsider.com" />
+	<target host="static4.uk.businessinsider.com" />
+	<target host="static5.uk.businessinsider.com" />
+	<target host="static6.uk.businessinsider.com" />
+
+	<target host="www.businessinsider.com" />
+
+	<!--	Complications:
+				-->
+		<!--	Many pages redirect to http.
 							-->
-	        <exclusion pattern="^http://(?:www\.)?businessinsider\.com/(?!account|assets/|login|register)" />
-		<exclusion pattern="^http://au\.businessinsider\.com/(?!image/)" />
-		<!--exclusion pattern="^http://jobs\.businessinsider\.com/($|a/)" /-->
-		<exclusion pattern="^http://static\d?\.businessinsider\.com/image/" />
-
+		<!--exclusion pattern="^http://uk\.businessinsider\.com/[\w-]+($|\?)" /-->
+	        <!--exclusion pattern="^http://www\.businessinsider\.com/$" /-->
+		<!--
+			Exceptions:
+					-->
+	        <exclusion pattern="^http://www\.businessinsider\.com/(?!assets/|favicon\.ico|login)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.businessinsider.com/about" />
+			<test url="http://www.businessinsider.com/careers" />
+			<test url="http://www.businessinsider.com/contributor" />
+			<test url="http://www.businessinsider.com/events" />
+			<test url="http://www.businessinsider.com/forgot" />
+			<test url="http://www.businessinsider.com/trending" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.businessinsider.com/favicon.ico" />
+			<test url="http://www.businessinsider.com/login" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.businessinsider\.com$" name="^s$" /-->
+	<!--securecookie host="^intelligence\.businessinsider\.com$" name="^PHPSESSID$" /-->
 
-	<!--	Tracking cookie set by oascentral:
-							-->
 	<securecookie host="^\.businessinsider\.com$" name="^OAX$" />
-	<securecookie host="^oascentral\.businessinsider\.com$" name=".+" />
-
+	<securecookie host="^intelligence\.businessinsider\.com$" name=".+" />
 
-        <rule from="^http://(au\.|www\.)?businessinsider\.com/"
-		to="https://$1businessinsider.com/" />
 
         <!--    See Simply-Hired-clients.xml for problematic jobs rules.
 									-->
-        <rule from="^http://jobs\.businessinsider\.com/c/"
-                to="https://businessinsider.jobamatic.com/c/" />
-
-	<rule from="^http://oascentral\.businessinsider\.com/"
-		to="https://oascentral.businessinsider.com/" />
-
-	<!--	- static[1-9]? are identical
-		- static0 doesn't exist
-		- Cert: gp1.wac.edgecastcdn.net
-		- 404
-		- image/ redirects back to static
-						-->
-	<rule from="^http://static\d?\.businessinsider\.com/"
-		to="https://www.businessinsider.com/" />
+        <rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/BusinessWeek.com.xml b/src/chrome/content/rules/BusinessWeek.com.xml
deleted file mode 100644
index ba233db9f560..000000000000
--- a/src/chrome/content/rules/BusinessWeek.com.xml
+++ /dev/null
@@ -1,43 +0,0 @@
-<!--
-	For other Bloomberg coverage, see Bloomberg.xml.
-
-
-	CDN buckets:
-
-		- images.businessweek.com.edgesuite.net
-
-			- images.bwbx.io
-
-		- res.businessweek.com.edgesuite.net
-
-		- cache.daylife.com/...
-
-			- dlimages.businessweek.com
-
-
-	Nonfunctional domains:
-
-		- businessweek.com subdomains:
-
-			- dlimages		(403; mismatched, CN: ssl2.cdngc.net)
-			- images		(shows bx.businessweek.com, akamai)
-			- investing		(refused)
-			- origin-images *
-			- origin-res *
-			- res			(redirects to origin-res, akamai)
-
-		- images.bwbx.io **
-
-	* Shows bx.businessweek.com; mismatched, CN: bx.businessweek.com
-	** Shows bx.businessweek.com, akamai
-
--->
-<ruleset name="BusinessWeek.com (partial)">
-
-	<target host="bx.businessweek.com" />
-
-
-	<rule from="^http://bx\.businessweek\.com/"
-		to="https://bx.businessweek.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Business_2_Community.xml b/src/chrome/content/rules/Business_2_Community.xml
index b3484d6c6e8d..7a83717f88fd 100644
--- a/src/chrome/content/rules/Business_2_Community.xml
+++ b/src/chrome/content/rules/Business_2_Community.xml
@@ -20,4 +20,4 @@
 	<rule from="^http://cdn\d?\.business2community\.com/"
 		to="https://a413375ddb981b128589-d09eee90a0d59eeeae019b649aa3ca91.ssl.cf2.rackcdn.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Business_Catalyst.com-problematic.xml b/src/chrome/content/rules/Business_Catalyst.com-problematic.xml
index 283eb5328f08..1c2d9f559afc 100644
--- a/src/chrome/content/rules/Business_Catalyst.com-problematic.xml
+++ b/src/chrome/content/rules/Business_Catalyst.com-problematic.xml
@@ -5,7 +5,7 @@
 <ruleset name="Business Catalyst.com (mismatched)" default_off="mismatched">
 
 	<target host="businesscatalyst.com" />
-	<target host="*.businesscatalyst.com" />
+	<target host="www.businesscatalyst.com" />
 
 
 	<securecookie host="^\.?businesscatalyst\.com$" name=".+" />
diff --git a/src/chrome/content/rules/Business_Companion.info.xml b/src/chrome/content/rules/Business_Companion.info.xml
new file mode 100644
index 000000000000..41200138e777
--- /dev/null
+++ b/src/chrome/content/rules/Business_Companion.info.xml
@@ -0,0 +1,13 @@
+<ruleset name="Business Companion.info">
+
+	<target host="businesscompanion.info" />
+	<target host="www.businesscompanion.info" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Business_Link.gov.uk.xml b/src/chrome/content/rules/Business_Link.gov.uk.xml
new file mode 100644
index 000000000000..2015fa7021bf
--- /dev/null
+++ b/src/chrome/content/rules/Business_Link.gov.uk.xml
@@ -0,0 +1,22 @@
+<!--
+	For other UK government coverage, see GOV.UK.xml.
+
+	Non-functional hosts
+		Mismatch:
+		- businesslink.gov.uk
+
+		Expired:
+		- online.contractsfinder.businesslink.gov.uk
+-->
+<ruleset name="Business Link.gov.uk">
+	<target host="businesslink.gov.uk" />
+	<target host="www.businesslink.gov.uk" />
+	<target host="lrc.businesslink.gov.uk" />
+	<target host="online.businesslink.gov.uk" />
+
+	<rule from="^http://businesslink\.gov\.uk/"
+			to="https://www.businesslink.gov.uk/" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Bussgods.se.xml b/src/chrome/content/rules/Bussgods.se.xml
index b585cb569d2d..355e843ceae1 100644
--- a/src/chrome/content/rules/Bussgods.se.xml
+++ b/src/chrome/content/rules/Bussgods.se.xml
@@ -1,5 +1,5 @@
 <ruleset name="Bussgods.se">
 	<target host="bussgods.se" />
 	<target host="www.bussgods.se" />
-	<rule from="^http://(www\.)?bussgods\.se/" to="https://www.bussgods.se/"/>
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Busybox.net.xml b/src/chrome/content/rules/Busybox.net.xml
deleted file mode 100644
index 5debd4996747..000000000000
--- a/src/chrome/content/rules/Busybox.net.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)	(shows bugs)
-
--->
-<ruleset name="busybox.net (partial)" default_off="self-signed">
-
-	<target host="bugs.busybox.net" />
-
-
-	<securecookie host="^bugs\.busybox\.net$" name=".+" />
-
-
-	<rule from="^http://bugs\.busybox\.net/"
-		to="https://bugs.busybox.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Butterfly-Network.xml b/src/chrome/content/rules/Butterfly-Network.xml
new file mode 100644
index 000000000000..9614957cbfc5
--- /dev/null
+++ b/src/chrome/content/rules/Butterfly-Network.xml
@@ -0,0 +1,9 @@
+<ruleset name="Butterfly Network">
+	<target host="butterflynetinc.com" />
+	<target host="www.butterflynetinc.com" />
+
+	<securecookie host="(www\.)?butterflynetinc\.com$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Butterfly_Labs.com.xml b/src/chrome/content/rules/Butterfly_Labs.com.xml
deleted file mode 100644
index 12e0f137e406..000000000000
--- a/src/chrome/content/rules/Butterfly_Labs.com.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)	(503)
-
-
-	Mixed content:
-
-		- Images on products from www
-
--->
-<ruleset name="Butterfly Labs.com (partial)">
-
-	<target host="*.butterflylabs.com" />
-
-
-	<securecookie host="^(?:forum|product)s\.butterflylabs\.com$" name=".+" />
-
-
-	<rule from="^http://(forum|product)s\.butterflylabs\.com/"
-		to="https://$1s.butterflylabs.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/ButtonNoses.com.xml b/src/chrome/content/rules/ButtonNoses.com.xml
new file mode 100644
index 000000000000..f7938d96b242
--- /dev/null
+++ b/src/chrome/content/rules/ButtonNoses.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="ButtonNoses.com">
+	<target host="buttonnoses.com" />
+	<target host="www.buttonnoses.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Buy-Premium-Tech.xml b/src/chrome/content/rules/Buy-Premium-Tech.xml
deleted file mode 100644
index 9bbae63652ce..000000000000
--- a/src/chrome/content/rules/Buy-Premium-Tech.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="Buy Premium Tech (partial)">
-
-	<target host="secure.buypremiumtech.net"/>
-
-	<securecookie host="^secure\.buypremiumtech\.net$" name=".*"/>
-
-	<rule from="^http://secure\.buypremiumtech\.net/"
-		to="https://secure.buypremiumtech.net/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/BuyBoard.xml b/src/chrome/content/rules/BuyBoard.xml
index 05baecaaf952..fa2ae7233ed7 100644
--- a/src/chrome/content/rules/BuyBoard.xml
+++ b/src/chrome/content/rules/BuyBoard.xml
@@ -1,10 +1,22 @@
-<ruleset name="BuyBoard (partial)">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://buyboard.com/ => https://buyboard.com/: (51, "SSL: no alternative certificate subject name matches target host name 'buyboard.com'")
+
+-->
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://buyboard.com/ => https://buyboard.com/: (51, "SSL: no alternative certificate subject name matches target host name 'buyboard.com'")
+
+-->
+<ruleset name="BuyBoard (partial)" default_off="failed ruleset test">
 
 	<target host="buyboard.com"/>
 	<target host="*.buyboard.com"/>
 		<exclusion pattern="^http://vendor\."/>
 
-	<securecookie host="^.*\.buyboard\.com$" name=".*"/>
+	<securecookie host="^.*\.buyboard\.com$" name=".+" />
 
 	<rule from="^http://(\w+\.)?buyboard\.com/"
 		to="https://$1buyboard.com/"/>
diff --git a/src/chrome/content/rules/BuyMeACoffee.com.xml b/src/chrome/content/rules/BuyMeACoffee.com.xml
new file mode 100644
index 000000000000..f52c8f76e53e
--- /dev/null
+++ b/src/chrome/content/rules/BuyMeACoffee.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="Buy Me A Coffee.com">
+	<target host="buymeacoffee.com" />
+	<target host="www.buymeacoffee.com" />
+	<target host="blog.buymeacoffee.com" />
+
+	<target host="buymeacoff.ee" />
+	<target host="www.buymeacoff.ee" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/BuySellAds.xml b/src/chrome/content/rules/BuySellAds.xml
index 7546f86bdf24..bebc5a58518a 100644
--- a/src/chrome/content/rules/BuySellAds.xml
+++ b/src/chrome/content/rules/BuySellAds.xml
@@ -12,7 +12,8 @@
 <ruleset name="BuySellAds (partial)">
 
 	<target host="buysellads.com" />
-	<target host="*.buysellads.com" />
+	<target host="www.buysellads.com" />
+	<target host="s3.buysellads.com" />
 
 
 	<!--	At least some pages redirect to http.
diff --git a/src/chrome/content/rules/BuyTREZOR.com.xml b/src/chrome/content/rules/BuyTREZOR.com.xml
new file mode 100644
index 000000000000..f448170d206a
--- /dev/null
+++ b/src/chrome/content/rules/BuyTREZOR.com.xml
@@ -0,0 +1,42 @@
+<!--
+	For other Satoshi Labs coverage, see satoshilabs.com.xml.
+
+
+	NB: Tor users cannot view* this website due to CloudFlare settings.
+
+	See:
+
+		- https://blog.torproject.org/blog/call-arms-helping-internet-services-accept-anonymous-users
+		- https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block-Tor-
+		- https://support.cloudflare.com/hc/en-us/articles/200170206-How-do-I-turn-I-m-Under-Attack-mode-on-
+
+	* without enabling javascript, for security and privacy implications see e.g.:
+
+		- https://www.mozilla.org/security/known-vulnerabilities/firefox.html
+		- https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-fingerprinting
+		- https://panopticlick.eff.org
+
+
+	Insecure cookies are set for these domains:
+
+		- .buytrezor.com
+
+-->
+<ruleset name="BuyTREZOR.com">
+
+	<target host="buytrezor.com" />
+	<target host="www.buytrezor.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.buytrezor\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Buy_Veteran.xml b/src/chrome/content/rules/Buy_Veteran.xml
index 3fd968ba30ad..687ecc58757e 100644
--- a/src/chrome/content/rules/Buy_Veteran.xml
+++ b/src/chrome/content/rules/Buy_Veteran.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(www\.)?buyveteran\.com/([aA]bout\.aspx|[aA]pp_[tT]hemes/|BuyVeteran\.ico|[gG]ift|[iI]mages/|Join_Step1\.aspx|[pP]artner|[pP]ress|[sS]tore|[tT]estimonials\.aspx)"
 		to="https://$1buyveteran.com/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Buycott.com.xml b/src/chrome/content/rules/Buycott.com.xml
new file mode 100644
index 000000000000..fb9fb674a6fb
--- /dev/null
+++ b/src/chrome/content/rules/Buycott.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Buycott.com">
+  <target host="buycott.com" />
+  <target host="www.buycott.com" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Buycraft.com.xml b/src/chrome/content/rules/Buycraft.com.xml
new file mode 100644
index 000000000000..e3e659823bdf
--- /dev/null
+++ b/src/chrome/content/rules/Buycraft.com.xml
@@ -0,0 +1,15 @@
+<ruleset name="Buycraft.net">
+
+	<target host="buycraft.net" />
+	<target host="server.buycraft.net" />
+	<target host="www.buycraft.net" />
+
+
+	<!--	Server doesn't set Secure for:
+						-->
+	<securecookie host="^(?:server\.|www\.|\.)?buycraft\.net$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BuzzFeed.xml b/src/chrome/content/rules/BuzzFeed.xml
index 66c806055e12..a815ff5faa71 100644
--- a/src/chrome/content/rules/BuzzFeed.xml
+++ b/src/chrome/content/rules/BuzzFeed.xml
@@ -1,58 +1,31 @@
 <!--
-	CDN buckets:
-
-		- buzzfeed-static.s3.amazonaws.com
-
-		- wac.09fc.edgecastcdn.net/??09FC/
-
-			- s3-ec.buzzfed.com
-			- ct.buzzfeed.com
-
-		- s.buzzfeed.com.edgesuite.net
-
-			- pglb.buzzfed.com
-			- s.buzzfed.com
-			- s3-ak.buzzfed.com
-			- s3-ak.buzzfeed.com
-
-
-	Nonfunctional domains:
-
-		- pglb.buzzfed.com	(503, akamai)
-		- ct.buzzfeed.com	(404, CN: gp1.wac.edgecastcdn.net)
-
-
-	Problematic domains:
-
-		- s.buzzfed.com *
-		- s3-ak.buzzfed.com *
-		- s3-ec.buzzfed.com	(404, edgecast)
-		- s3-ak.buzzfeed.com *
-
-	* 503, akamai
-
-
-	Fully covered domains:
-
-		- s.buzzfed.com *
-
-	* → buzzfeed-static.s3.amazonaws.com
+	Non-functional hosts
+		Timeout was reached:
+			 - get.buzzfeed.com
+			 - insights.buzzfeed.com
 
+		SSL peer certificate was not OK:
+			 - buzzfed.com
 -->
-<ruleset name="BuzzFeed">
-
-	<target host="*.buzzfed.com" />
+<ruleset name="BuzzFeed (partial)">
+	<!-- *buzzfeed.com -->
 	<target host="buzzfeed.com" />
-	<target host="*.buzzfeed.com" />
-
-
-	<securecookie host="^www\.buzzfeed\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?buzzfeed\.com/"
-		to="https://$1buzzfeed.com/" />
-
-	<rule from="^http://s(?:3-ak|3-ec)?\.buzzfee?d\.com/"
-		to="https://buzzfeed-static.s3.amazonaws.com/" />
-
+	<target host="www.buzzfeed.com" />
+	<target host="abeagle.buzzfeed.com" />
+	<target host="blog.buzzfeed.com" />
+	<target host="documents.buzzfeed.com" />
+	<target host="img.buzzfeed.com" />
+	<target host="s.buzzfeed.com" />
+	<target host="s3-ak.buzzfeed.com" />
+	<target host="shop.buzzfeed.com" />
+	<target host="webappstatic.buzzfeed.com" />
+
+	<!-- *buzzfed.com -->
+	<target host="buzzfed.com" />
+	<target host="s3-ak.buzzfed.com" />
+
+	<rule from="^http://buzzfed\.com/"
+			to="https://www.buzzfeed.com/" />
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/BuzzFocus.xml b/src/chrome/content/rules/BuzzFocus.xml
index 0322b67296c5..0b5a7470cbae 100644
--- a/src/chrome/content/rules/BuzzFocus.xml
+++ b/src/chrome/content/rules/BuzzFocus.xml
@@ -7,7 +7,7 @@
 	<securecookie host="^www\.buzzfocus\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?buzzfocus\.com/"
+	<rule from="^http://(?:www\.)?buzzfocus\.com/"
 		to="https://www.buzzfocus.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Buzz_VPN.xml b/src/chrome/content/rules/Buzz_VPN.xml
index e087f3167750..79e415fd858d 100644
--- a/src/chrome/content/rules/Buzz_VPN.xml
+++ b/src/chrome/content/rules/Buzz_VPN.xml
@@ -1,10 +1,10 @@
-<ruleset name="Buzz VPN">
+<ruleset name="Buzz VPN" default_off="refused">
 
 	<target host="buzzvpn.com" />
 	<target host="www.buzzvpn.com" />
 
 
-	<rule from="^http://(www\.)?buzzvpn\.com/"
-		to="https://$1buzzvpn.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Buzzbytes.net.xml b/src/chrome/content/rules/Buzzbytes.net.xml
deleted file mode 100644
index 25c7a47c695d..000000000000
--- a/src/chrome/content/rules/Buzzbytes.net.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	Fully covered subdomains:
-
-		- (www.)
-		- buzzworthy
-
--->
-<ruleset name="Buzzbytes.net">
-
-	<target host="buzzbytes.net" />
-	<target host="*.buzzbytes.net" />
-
-
-	<!--	name="^GEOIP_COUNTRY_CODE$"
-						-->
-	<securecookie host="^\.buzzbytes\.net$" name=".+" />
-
-
-	<rule from="^http://(buzzworthy\.|www\.)?buzzbytes\.net/"
-		to="https://$1buzzbytes.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Buzzdock.xml b/src/chrome/content/rules/Buzzdock.xml
deleted file mode 100644
index 483d3dbed6ce..000000000000
--- a/src/chrome/content/rules/Buzzdock.xml
+++ /dev/null
@@ -1,28 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- blog *
-		- download	(record_too_long)
-		- search *
-
-	* 404
-
-
-	Problematic subdomains:
-
-		^	(404)
-
--->
-<ruleset name="Buzzdock (partial)">
-
-	<target host="buzzdock.com" />
-	<target host="*.buzzdock.com" />
-
-
-	<rule from="^https?://(?:www\.)?buzzdock\.com/"
-		to="https://www.buzzdock.com/" />
-
-	<rule from="^http://edge\.buzzdock\.com/"
-		to="https://edge.buzzdock.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Buzzdoes.com.xml b/src/chrome/content/rules/Buzzdoes.com.xml
index 3c72cacd86ba..32cc8133e893 100644
--- a/src/chrome/content/rules/Buzzdoes.com.xml
+++ b/src/chrome/content/rules/Buzzdoes.com.xml
@@ -1,4 +1,14 @@
-<ruleset name="buzzdoes.com">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://buzzdoes.com/ => https://buzzdoes.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.buzzdoes.com/ => https://www.buzzdoes.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://buzzdoes.com/ => https://buzzdoes.com/: (28, 'Connection timed out after 10000 milliseconds')
+Fetch error: http://www.buzzdoes.com/ => https://www.buzzdoes.com/: (28, 'Connection timed out after 10000 milliseconds')
+-->
+<ruleset name="buzzdoes.com" default_off="failed ruleset test">
 
 	<target host="buzzdoes.com" />
 	<target host="www.buzzdoes.com" />
@@ -7,7 +17,6 @@
 	<securecookie host="^(?:www\.)?buzzdoes\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?buzzdoes\.com/"
-		to="https://$1buzzdoes.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Buzzeff.xml b/src/chrome/content/rules/Buzzeff.xml
index fc2d63b0fec7..f790757a7bd1 100644
--- a/src/chrome/content/rules/Buzzeff.xml
+++ b/src/chrome/content/rules/Buzzeff.xml
@@ -4,14 +4,14 @@
 		- Ebuzzing.xml
 
 -->
-<ruleset name="Buzzeff" default_off="mismatch">
+<ruleset name="Buzzeff" default_off="mismatched">
 
 	<!--	Cert: 720plan.ovh.net	-->
 	<target host="buzzeff.com" />
 	<target host="www.buzzeff.com" />
 
 
-	<rule from="^https?://(?:www\.)?buzzeff\.com/"
+	<rule from="^http://(?:www\.)?buzzeff\.com/"
 		to="https://buzzeff.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Buzzhosting.org.xml b/src/chrome/content/rules/Buzzhosting.org.xml
deleted file mode 100644
index 40a3a0d2fe3d..000000000000
--- a/src/chrome/content/rules/Buzzhosting.org.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	Problematic subdomains:
-
-		- ^	(refused)
-
--->
-<ruleset name="Buzzhosting.org">
-
-	<target host="buzzhosting.org" />
-	<target host="www.buzzhosting.org" />
-
-
-	<rule from="^http://(?:www\.)?buzzhosting\.org/"
-		to="https://www.buzzhosting.org/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Buzzurl.xml b/src/chrome/content/rules/Buzzurl.xml
index 487c4390ab2a..5dadee748733 100644
--- a/src/chrome/content/rules/Buzzurl.xml
+++ b/src/chrome/content/rules/Buzzurl.xml
@@ -1,4 +1,12 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://buzzurl.jp/ => https://buzzurl.jp/: (28, 'Operation timed out after 0 milliseconds with 0 out of 0 bytes received')
+Fetch error: http://buzzurl.jp.eimg.jp/ => https://buzzurl.jp/: (28, 'Operation timed out after 0 milliseconds with 0 out of 0 bytes received')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://buzzurl.jp/ => https://buzzurl.jp/: (28, 'Connection timed out after 10000 milliseconds')
+Fetch error: http://buzzurl.jp.eimg.jp/ => https://buzzurl.jp/: (28, 'Connection timed out after 10001 milliseconds')
 	CDN buckets:
 
 		- ecnavi.vo.llnwd.net/...
@@ -14,10 +22,11 @@
 		- buzzurl.jp.eimg.jp	(cert: jpssl.cdngc.net; 403)
 
 -->
-<ruleset name="Buzzurl">
+<ruleset name="Buzzurl" default_off="failed ruleset test">
 
 	<target host="buzzurl.jp" />
-	<target host="*.buzzurl.jp" />
+	<target host="api.buzzurl.jp" />
+	<target host="cdn.buzzurl.jp" />
 	<target host="buzzurl.jp.eimg.jp" />
 
 
@@ -28,10 +37,10 @@
 		- api: Tracking on 3rd-party websites
 		- www doesn't exist
 					-->
-	<rule from="^https?://(?:api\.|cdn\.)?buzzurl.jp/"
+	<rule from="^http://(?:api\.|cdn\.)?buzzurl\.jp/"
 		to="https://buzzurl.jp/" />
 
-	<rule from="^https?://buzzurl\.jp\.eimg\.jp/"
+	<rule from="^http://buzzurl\.jp\.eimg\.jp/"
 		to="https://buzzurl.jp/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Bwbx.io.xml b/src/chrome/content/rules/Bwbx.io.xml
new file mode 100644
index 000000000000..f758559f27cd
--- /dev/null
+++ b/src/chrome/content/rules/Bwbx.io.xml
@@ -0,0 +1,31 @@
+<!--
+	For other Bloomberg coverage, see Bloomberg.xml.
+
+
+	CDN buckets:
+
+		- d3kfrplp7t05mg.cloudfront.net
+
+			- images.bwbx.io
+
+-->
+<ruleset name="bwbx.io">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="assets.bwbx.io" />
+
+		<test url="http://assets.bwbx.io/business/public/stylesheets/noscript-78e39895f8.css" /><!--	154 -->
+
+	<!--	Complications:
+				-->
+	<target host="images.bwbx.io" />
+
+
+	<rule from="^http://images\.bwbx\.io/"
+		to="https://d3kfrplp7t05mg.cloudfront.net/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/By_Cupon.xml b/src/chrome/content/rules/By_Cupon.xml
deleted file mode 100644
index 0d3a8ca6918b..000000000000
--- a/src/chrome/content/rules/By_Cupon.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="By Cupón">
-
-	<target host="bycupon.com" />
-	<target host="*.bycupon.com" />
-
-
-	<securecookie host="(?:w*\.)?bycupon\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?bycupon\.com/"
-		to="https://$1bycupon.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/By_David_Wittig.com.xml b/src/chrome/content/rules/By_David_Wittig.com.xml
deleted file mode 100644
index 091ecf5d47ef..000000000000
--- a/src/chrome/content/rules/By_David_Wittig.com.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="by David Wittig.com">
-
-	<target host="bydavidwittig.com" />
-	<target host="*.bydavidwittig.com" />
-
-
-	<securecookie host="^\.?bydavidwittig\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?bydavidwittig\.com/"
-		to="https://$1bydavidwittig.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Byrdie.com.au.xml b/src/chrome/content/rules/Byrdie.com.au.xml
new file mode 100644
index 000000000000..14a10030633f
--- /dev/null
+++ b/src/chrome/content/rules/Byrdie.com.au.xml
@@ -0,0 +1,6 @@
+<ruleset name="Byrdie.com.au" platform="mixedcontent">
+	<target host="byrdie.com.au" />
+	<target host="www.byrdie.com.au" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Bystrobank.ru.xml b/src/chrome/content/rules/Bystrobank.ru.xml
new file mode 100644
index 000000000000..b86a9b248a30
--- /dev/null
+++ b/src/chrome/content/rules/Bystrobank.ru.xml
@@ -0,0 +1,28 @@
+<!--
+bystrobank.ru ²
+foto.bystrobank.ru ²
+helpdesk.bystrobank.ru ⁴
+leto.bystrobank.ru ²
+
+
+² refused
+⁴ self signed
+-->
+<ruleset name="bystrobank.ru">
+	<target host="www.bystrobank.ru" />
+	<target host="acs.bystrobank.ru" />
+	<target host="autocredit.bystrobank.ru" />
+	<target host="chat.bystrobank.ru" />
+	<target host="io.bystrobank.ru" />
+	<target host="m.bystrobank.ru" />
+	<target host="online.bystrobank.ru" />
+	<target host="v1click.bystrobank.ru" />
+	<target host="x509-online.bystrobank.ru" />
+
+	<target host="bystrobank.ru" />
+
+	<rule from="^http://bystrobank\.ru/"
+		to="https://www.bystrobank.ru/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Byteark.com.xml b/src/chrome/content/rules/Byteark.com.xml
new file mode 100644
index 000000000000..5b14ca709597
--- /dev/null
+++ b/src/chrome/content/rules/Byteark.com.xml
@@ -0,0 +1,19 @@
+<!--
+	Nonfunctional subdomains:
+
+		- (www.) *
+		- console *
+
+	* 401; mismatched, CN: *.cdn.byteark.com
+
+-->
+<ruleset name="Byteark.com (partial)">
+
+	<target host="*.byteark.com" />
+		<!--exclusion pattern="^http://(console|www)\.byteark\.com/" /-->
+
+
+	<rule from="^http://(\w+\.(?:cdn|s3)|s3)\.byteark\.com/"
+		to="https://$1.byteark.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bytemark.co.uk.xml b/src/chrome/content/rules/Bytemark.co.uk.xml
index 0ec42e975a8c..aaca5111d37f 100644
--- a/src/chrome/content/rules/Bytemark.co.uk.xml
+++ b/src/chrome/content/rules/Bytemark.co.uk.xml
@@ -1,35 +1,51 @@
+
 <!--
-	Bytemark Hosting
+Disabled by https-everywhere-checker because:
+Fetch error: http://piwik.bytemark.co.uk/ => https://piwik.bytemark.co.uk/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://status.bytemark.co.uk/ => https://status.bytemark.co.uk/: (6, 'Could not resolve host: status.bytemark.co.uk')
 
+	Other Bytemark Hosting rulesets:
 
-	Nonfunctional subdomains:
+		- BigV.io.xml
 
-		- (www.)	(dropped)
-		- blog		(redirects to http, valid cert)
 
+	Nonfunctional hosts in *bytemark.co.uk:
 
-	Fully covered subdomains:
+		- symbiosis *
 
-		- forum
-		- order2009
-		- panel
+	* Refused
 
 
-	Observed cookie domains:
+	Insecure cookies are set for these hosts:
 
-		- .forum
-		- order2009
-		- panel
-		- webmail
+		- status.bytemark.co.uk
 
 -->
-<ruleset name="Bytemark.co.uk (partial)">
+<ruleset name="Bytemark.co.uk (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="bytemark.co.uk" />
+	<target host="blog.bytemark.co.uk" />
+	<target host="forum.bytemark.co.uk" />
+	<target host="order.bytemark.co.uk" />
+	<target host="panel.bytemark.co.uk" />
+	<target host="panel-beta.bytemark.co.uk" />
+	<target host="piwik.bytemark.co.uk" />
+	<target host="status.bytemark.co.uk" />
+	<target host="www.bytemark.co.uk" />
+
+		<!--exclusion pattern="^http://symbiosis\.bytemark\.co\.uk/" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="status\.bytemark\.co\.uk$" name="^_netstat_session$" /-->
 
-	<target host="*.bytemark.co.uk" />
-		<!--exclusion pattern="^http://(blog|www)\." /-->
+	<securecookie host=".+\.bytemark\.co\.uk$" name=".+" />
 
 
-	<rule from="^http://(forum|order2009|panel)\.bytemark\.co\.uk/"
-		to="https://$1.bytemark.co.uk/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Bytename.xml b/src/chrome/content/rules/Bytename.xml
deleted file mode 100644
index 371da3ab378f..000000000000
--- a/src/chrome/content/rules/Bytename.xml
+++ /dev/null
@@ -1,27 +0,0 @@
-<!-- https://trac.torproject.org/projects/tor/ticket/7161 -->
-<ruleset name="Bytename (buggy)" default_off="breaks bytelove">
-
-	<target host="bytelove.*"/>
-	<target host="*.bytelove.com"/>
-	<target host="*.bytelove.de"/>
-	<target host="*.bytelove.fr"/>
-	<target host="*.bytelove.it"/>
-	<target host="*.bytelove.se"/>
-	<target host="*.bytelove.us"/>
-	<target host="bytename.com"/>
-	<target host="www.bytename.com"/>
-
-
-	<securecookie host="^(.*\.)?bytelove\.\w{2,3}$" name=".*" />
-
-
-	<rule from="^http://(www\.)?bytelove\.com/"
-		to="https://$1bytelove.com/"/>
-
-	<rule from="^http://(?:www\.)?bytelove\.([ds]e|fr|it|us)/"
-		to="https://bytelove.$1/"/>
-
-	<rule from="^http://(www\.)?bytename\.com/"
-		to="https://$1bytename.com/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Byuu.org.xml b/src/chrome/content/rules/Byuu.org.xml
new file mode 100644
index 000000000000..d5fe1a460961
--- /dev/null
+++ b/src/chrome/content/rules/Byuu.org.xml
@@ -0,0 +1,14 @@
+<ruleset name="Byuu.org">
+	<target host="byuu.org" />
+	<target host="www.byuu.org" />
+	<target host="board.byuu.org" />
+	<target host="doc.byuu.org" />
+	<target host="download.byuu.org" />
+	<target host="files.byuu.org" />
+	<target host="images.byuu.org" />
+	<target host="preservation.byuu.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/C-Base.org.xml b/src/chrome/content/rules/C-Base.org.xml
new file mode 100644
index 000000000000..69f41c205fab
--- /dev/null
+++ b/src/chrome/content/rules/C-Base.org.xml
@@ -0,0 +1,57 @@
+<!--
+	Remark: *.crew.c-base.org has a wildcard DNS record and 62 of its
+		sub-domains with incomplete certificate chain error are omitted.
+
+	Non-functional hosts
+		Couldn't connect to server:
+			 - base45.c-base.org
+			 - base54.c-base.org
+			 - cns.c-base.org
+			 - jabber.c-base.org
+			 - meridian.c-base.org
+			 - sojus.c-base.org
+
+		Timeout was reached:
+			 - forrest.ori.crew.c-base.org
+			 - db.c-base.org
+			 - slurp.c-base.org
+
+		Peer certificate cannot be authenticated with given CA certificates:
+			 - hivemonitor.dazz.dyn.c-base.org
+
+		Incomplete certificate chain error:
+			 - c-mail.c-base.org
+			 - echelon.c-base.org
+			 - vpn.ext.c-base.org
+			 - shell.c-base.org
+			 - vpn.c-base.org
+
+		Status code mismatch:
+			 - auth.c-base.org
+
+		4xx client error:
+			 - pad.c-base.org
+
+		5xx server error:
+			 - coredump.c-base.org
+			 - c-portal.c-base.org
+
+		Mixed content blocking (MCB) tiggered:
+			 - logbuch.c-base.org
+-->
+<ruleset name="C-Base.org (partial)">
+	<target host="c-base.org" />
+	<target host="www.c-base.org" />
+	<target host="audioblog.c-base.org" />
+	<target host="cbag3.c-base.org" />
+	<target host="cmip.c-base.org" />
+	<target host="vorstand.ext.c-base.org" />
+	<target host="gallery.c-base.org" />
+	<target host="lb.c-base.org" />
+	<target host="pandroid.c-base.org" />
+	<target host="roundcube.c-base.org" />
+	<target host="vorstand.c-base.org" />
+	<target host="wiki.c-base.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/C-Base.xml b/src/chrome/content/rules/C-Base.xml
deleted file mode 100644
index d0206458b42d..000000000000
--- a/src/chrome/content/rules/C-Base.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="C-Base" platform="cacert mixedcontent">
-  <target host="www.c-base.org" />
-  <target host="c-base.org" />
-  <target host="logbuch.c-base.org" />
-  <target host="wiki.c-base.org" />
-
-  <rule from="^http://(?:www\.)?c-base\.org/" to="https://www.c-base.org/"/>
-  <rule from="^http://(logbuch|wiki)\.c-base\.org/" to="https://$1.c-base.org/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/C-SPAN_Video.org-falsemixed.xml b/src/chrome/content/rules/C-SPAN_Video.org-falsemixed.xml
index 0e5595d61db4..8ce114f76fc0 100644
--- a/src/chrome/content/rules/C-SPAN_Video.org-falsemixed.xml
+++ b/src/chrome/content/rules/C-SPAN_Video.org-falsemixed.xml
@@ -1,21 +1,19 @@
 <!--
-	For rules not causing false/broken MCB, see C-SPAN_Video.org.xml
+	For rules that are on by default, see C-SPAN_Video.org.xml.
 
 -->
-<ruleset name="C-SPAN Video.org (false MCB)" platform="mixedcontent">
+<ruleset name="C-SPAN Video.org (mismatched)" default_off="mismatched">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="c-spanvideo.org" />
 	<target host="www.c-spanvideo.org" />
-		<!--
-			Handled in C-SPAN_Video.org.xml:
-							-->
-		<exclusion pattern="^http://(?:www\.)?c-spanvideo\.org/(?:favicon\.ico|videoLibrary/(?:ajax/|assets/|drawMathQuestion\.php))" />
 
 
 	<securecookie host="^www\.c-spanvideo\.org$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?c-spanvideo\.org/"
-		to="https://www.c-spanvideo.org/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/C-SPAN_Video.org.xml b/src/chrome/content/rules/C-SPAN_Video.org.xml
index b2ea77a46331..88d65e45aa4e 100644
--- a/src/chrome/content/rules/C-SPAN_Video.org.xml
+++ b/src/chrome/content/rules/C-SPAN_Video.org.xml
@@ -1,5 +1,5 @@
 <!--
-	For rules causing false/broken MCB, see C-SPAN_Video.org-falsemixed.xml.
+	For problematic rules, see C-SPAN_Video.org-falsemixed.xml.
 
 	CDN buckets:
 
@@ -14,54 +14,33 @@
 
 	Problematic subdomains:
 
-		- ^	(works, cert only matches www)
+		- (www.)? *
 		- css *
 		- images *
 
 	* cloudfront
 
 
-	Partially covered subdomains:
-
-		- (www.) *	(^ → www)
-
-	* Avoiding false/broken MCB, rest handled in C-SPAN_Video.org-falsemixed.xml
-
-
 	Fully covered subdomains:
 
 		- images	(→ d1k1xzqsosjdry.cloudfront.net)
 		- static	(→ d29dpj283v14nc.cloudfront.net)
 
-
-	Mixed content:
-
-		- css on www from static *
-
-		- Images, on:
-
-			- www from images *
-			- www from static *
-
-	* Secured by us
-
-
-	NB: We secure all resources, and thus
-	-falsemixed should be merged for Ffx 24.
-
 -->
 <ruleset name="C-SPAN Video.org (partial)">
 
-	<target host="c-spanvideo.org" />
-	<target host="*.c-spanvideo.org" />
-		<!--
-			Avoid false/broken MCB:
-						-->
-		<exclusion pattern="^http://(?:www\.)?c-spanvideo\.org/(?!favicon\.ico|videoLibrary/(?:ajax/|assets/|drawMathQuestion\.php))" />
+	<!--	Complications:
+				-->
+	<!--target host="c-spanvideo.org" /-->
+	<target host="images.c-spanvideo.org" />
+	<target host="static.c-spanvideo.org" />
+	<!--target host="www.c-spanvideo.org" /-->
+
+		<!--exclusion pattern="^http://(?:www\.)?c-spanvideo\.org/(?!favicon\.ico|videoLibrary/(?:ajax/|assets/|drawMathQuestion\.php))" /-->
 
 
-	<rule from="^http://(?:www\.)?c-spanvideo\.org/"
-		to="https://www.c-spanvideo.org/" />
+	<!--rule from="^http://(?:www\.)?c-spanvideo\.org/"
+		to="https://???.cloudfront.net/" /-->
 
 	<rule from="^http://images\.c-spanvideo\.org/"
 		to="https://d1k1xzqsosjdry.cloudfront.net/" />
@@ -69,4 +48,4 @@
 	<rule from="^http://static\.c-spanvideo\.org/"
 		to="https://d29dpj283v14nc.cloudfront.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/C-and-a.com.xml b/src/chrome/content/rules/C-and-a.com.xml
index c89bc5296131..96838ba83ed9 100644
--- a/src/chrome/content/rules/C-and-a.com.xml
+++ b/src/chrome/content/rules/C-and-a.com.xml
@@ -16,7 +16,8 @@
 <ruleset name="c-and-a.com">
 
 	<target host="c-and-a.com" />
-	<target host="*.c-and-a.com" />	
+	<target host="www.c-and-a.com" />
+	<target host="postview.c-and-a.com" />
 
 
 	<securecookie host="^(?:www)?\.c-and-a\.com$" name=".+" />
@@ -25,7 +26,6 @@
 	<rule from="^http://(?:www\.)?c-and-a\.com/"
 		to="https://www.c-and-a.com/" />
 
-	<rule from="^http://postview\.c-and-a\.com/"
-		to="https://postview.c-and-a.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/C-ware.de.xml b/src/chrome/content/rules/C-ware.de.xml
new file mode 100644
index 000000000000..aebc7af2718e
--- /dev/null
+++ b/src/chrome/content/rules/C-ware.de.xml
@@ -0,0 +1,26 @@
+<!--
+	(www.)?c-ware.de: Mismatched
+
+-->
+<ruleset name="c-ware.de">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="dev.c-ware.de" />
+
+	<!--	Complications:
+				-->
+	<target host="c-ware.de" />
+	<target host="www.c-ware.de" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?c-ware\.de/"
+		to="https://dev.c-ware.de/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/C.dk.xml b/src/chrome/content/rules/C.dk.xml
new file mode 100644
index 000000000000..dc57a8c9f61d
--- /dev/null
+++ b/src/chrome/content/rules/C.dk.xml
@@ -0,0 +1,23 @@
+<!--
+	For other TDC coverage, see TDC.dk.xml.
+
+	(www.) doesn't exist.
+-->
+<ruleset name="TDC.dk">
+
+	<target host="i.c.dk" />
+	<target host="i0.c.dk" />
+	<target host="i1.c.dk" />
+	<target host="i2.c.dk" />
+	<target host="i3.c.dk" />
+	<target host="i4.c.dk" />
+	<target host="i5.c.dk" />
+	<target host="i6.c.dk" />
+	<target host="i7.c.dk" />
+	<target host="i8.c.dk" />
+	<target host="i9.c.dk" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/C3S.cc.xml b/src/chrome/content/rules/C3S.cc.xml
new file mode 100644
index 000000000000..56bde86672cd
--- /dev/null
+++ b/src/chrome/content/rules/C3S.cc.xml
@@ -0,0 +1,21 @@
+<!--
+	Cultural Commons Collecting Society
+
+
+	Mixed content:
+
+		- Image on archive from www.getdigital.de *
+
+	* Secured by us
+
+-->
+<ruleset name="C3S.cc">
+
+	<target host="c3s.cc" />
+	<target host="archive.c3s.cc" />
+	<target host="www.c3s.cc" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/C3VOC.de.xml b/src/chrome/content/rules/C3VOC.de.xml
new file mode 100644
index 000000000000..582c565430d8
--- /dev/null
+++ b/src/chrome/content/rules/C3VOC.de.xml
@@ -0,0 +1,21 @@
+<!--
+	For other CCC coverage, see CCC.xml.
+
+
+	www.c3voc.de: Refused
+
+-->
+<ruleset name="C3VOC.de">
+
+	<target host="c3voc.de" />
+	<target host="cdn.c3voc.de" />
+	<target host="live.dus.c3voc.de" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/C3noc.net.xml b/src/chrome/content/rules/C3noc.net.xml
new file mode 100644
index 000000000000..f38658efb4b8
--- /dev/null
+++ b/src/chrome/content/rules/C3noc.net.xml
@@ -0,0 +1,18 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://c3noc.net/ => https://c3noc.net/: (51, "SSL: no alternative certificate subject name matches target host name 'c3noc.net'")
+Fetch error: http://vpn.c3noc.net/ => https://vpn.c3noc.net/: (7, 'Failed to connect to vpn.c3noc.net port 443: Network is unreachable')
+Fetch error: http://www.c3noc.net/ => https://www.c3noc.net/: (51, "SSL: no alternative certificate subject name matches target host name 'www.c3noc.net'")
+
+-->
+<ruleset name="c3noc.net" default_off="failed ruleset test">
+
+	<target host="c3noc.net" />
+	<target host="vpn.c3noc.net" />
+	<target host="www.c3noc.net" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/C3tag.com.xml b/src/chrome/content/rules/C3tag.com.xml
index f3bc5fabba5d..5afc01f63fca 100644
--- a/src/chrome/content/rules/C3tag.com.xml
+++ b/src/chrome/content/rules/C3tag.com.xml
@@ -7,7 +7,6 @@
 	<securecookie host="^(?:www\.)?c3tag\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?c3tag\.com/"
-		to="https://$1c3tag.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/C4SS.org.xml b/src/chrome/content/rules/C4SS.org.xml
new file mode 100644
index 000000000000..574ed0e235d6
--- /dev/null
+++ b/src/chrome/content/rules/C4SS.org.xml
@@ -0,0 +1,22 @@
+<!--
+	www.c4ss.org: Mismatched
+
+-->
+<ruleset name="C4SS.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="c4ss.org" />
+
+	<!--	Complications:
+				-->
+	<target host="www.c4ss.org" />
+
+
+	<rule from="^http://www\.c4ss\.org/"
+		to="https://c4ss.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/C4tw.net.xml b/src/chrome/content/rules/C4tw.net.xml
new file mode 100644
index 000000000000..fea286c84602
--- /dev/null
+++ b/src/chrome/content/rules/C4tw.net.xml
@@ -0,0 +1,41 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://c4tw.net/ => https://c4tw.net/: (7, 'Failed to connect to c4tw.net port 443: Connection timed out')
+
+	For other Twenga Solutions coverage, see Twenga-Solutions.com.xml.
+
+
+	CDN buckets:
+
+		- static.c4tw.net.edgesuite.net
+
+
+	Nonfunctional subdomains:
+
+		- us.dac *
+
+	* Redirects to http, mismatched
+
+
+	Problematic subdomains:
+
+		- s0fr.aka *
+
+	* Works, akamai
+
+
+	www doesn't exist.
+
+-->
+<ruleset name="c4tw.net (partial)" default_off="failed ruleset test">
+
+	<target host="c4tw.net" />
+	<target host="s0.c4tw.net" />
+	<target host="s1.c4tw.net" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/C9x.me.xml b/src/chrome/content/rules/C9x.me.xml
new file mode 100644
index 000000000000..716982008c4b
--- /dev/null
+++ b/src/chrome/content/rules/C9x.me.xml
@@ -0,0 +1,5 @@
+<ruleset name="C9x.me">
+	<target host="c9x.me" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CA-Browser_Forum.xml b/src/chrome/content/rules/CA-Browser_Forum.xml
deleted file mode 100644
index 1c685ab64ab6..000000000000
--- a/src/chrome/content/rules/CA-Browser_Forum.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="CA/Browser Forum">
-
-	<target host="cabforum.org" />
-	<target host="www.cabforum.org" />
-
-
-	<rule from="^http://(www\.)?cabforum\.org/"
-		to="https://$1cabforum.org/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/CA-PCA.fr.xml b/src/chrome/content/rules/CA-PCA.fr.xml
index 9ec1bd81178b..e95a6d0a4cb9 100644
--- a/src/chrome/content/rules/CA-PCA.fr.xml
+++ b/src/chrome/content/rules/CA-PCA.fr.xml
@@ -1,6 +1,20 @@
+<!--
+	Invalid certificate:
+		ca-pca.fr
+		assistance.ca-pca.fr
+
+-->
 <ruleset name="CA-PCR.fr">
-  <target host="www.ca-pca.fr" />
-  <target host="ca-pca.fr" />
 
-  <rule from="^http://(?:www\.)?ca-pca\.fr/" to="https://www.ca-pca.fr/"/>
+	<target host="ca-pca.fr" />
+	<target host="www.ca-pca.fr" />
+	<target host="entreprises.ca-pca.fr" />
+	<target host="m.ca-pca.fr" />
+
+	<rule from="^http://ca-pca\.fr/"
+		to="https://www.ca-pca.fr/" />
+
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/CA-State-Board-of-Equalization.xml b/src/chrome/content/rules/CA-State-Board-of-Equalization.xml
index 72c697ca62cd..b0447ecd7416 100644
--- a/src/chrome/content/rules/CA-State-Board-of-Equalization.xml
+++ b/src/chrome/content/rules/CA-State-Board-of-Equalization.xml
@@ -1,13 +1,11 @@
+<!--
+	Non-functional hosts
+		Incomplete certificate chain error:
+		- boe.ca.gov
+		- www.boe.ca.gov
+-->
 <ruleset name="California State Board of Equalization">
-	<target host="boe.ca.gov" />
 	<target host="efile.boe.ca.gov" />
-	<target host="www.boe.ca.gov" />
 
-	<securecookie host="^(efile|www)\.boe\.ca\.gov$"
-			name=".+" />
-
-	<rule from="^(http://(www\.)?|https://)boe\.ca\.gov/"
-			to="https://www.boe.ca.gov/" />
-	<rule from="^http://efile\.boe\.ca\.gov/"
-			to="https://efile.boe.ca.gov/" />
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CA-Technologies.xml b/src/chrome/content/rules/CA-Technologies.xml
deleted file mode 100644
index c440bae09c92..000000000000
--- a/src/chrome/content/rules/CA-Technologies.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="CA Technologies">
-	<target host="cloudmonitor.nimsoft.com" />
-
-    <rule from="^http://cloudmonitor\.nimsoft\.com/"
-        to="https://cloudmonitor.nimsoft.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/CA-mpr.jp.xml b/src/chrome/content/rules/CA-mpr.jp.xml
deleted file mode 100644
index 812e7b3a99b6..000000000000
--- a/src/chrome/content/rules/CA-mpr.jp.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	(www.) do not exist.
-
-	Web bugs.
-
--->
-<ruleset name="CA-mpr.jp">
-
-	<target host="ot.ca-mpr.jp" />
-
-
-	<rule from="^http://ot\.ca-mpr\.jp/"
-		to="https://ot.ca-mpr.jp/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/CA.com.xml b/src/chrome/content/rules/CA.com.xml
new file mode 100644
index 000000000000..e68cdb1891ac
--- /dev/null
+++ b/src/chrome/content/rules/CA.com.xml
@@ -0,0 +1,121 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://rewrite.ca.com/~/media/rewrite/images/system/ca-header.png (200) => https://rewrite.ca.com/~/media/rewrite/images/system/ca-header.png (404)
+Non-2xx HTTP code: http://rewrite.ca.com/assets/img/ca-mobile-header.png (200) => https://rewrite.ca.com/assets/img/ca-mobile-header.png (404)
+Non-2xx HTTP code: http://rewrite.ca.com/favicon.ico (200) => https://rewrite.ca.com/favicon.ico (404)
+Non-2xx HTTP code: http://rewrite.ca.com/us/~/media/rewrite/images/headshots/JustinVaughanBrown.jpg (200) => https://rewrite.ca.com/us/~/media/rewrite/images/headshots/JustinVaughanBrown.jpg (404)
+Non-2xx HTTP code: http://rewrite.ca.com/us/articles/digital-transformation/~/media/%20rewrite/images/inline-images/April15/Digital-Dialogues-3-Kevin-Benedict-inline-400.jpg (200) => https://rewrite.ca.com/us/articles/digital-transformation/~/media/%20rewrite/images/inline-images/April15/Digital-Dialogues-3-Kevin-Benedict-inline-400.jpg (404)
+Non-2xx HTTP code: http://trials.ca.com/favicon.ico (200) => https://trials.ca.com/favicon.ico (404)
+Non-2xx HTTP code: http://trials.ca.com/us/~/media/trials/images/icons/google-plus.png (200) => https://trials.ca.com/us/~/media/trials/images/icons/google-plus.png (404)
+
+	Nonfunctional hosts in *ca.com:
+
+		- investor ¹
+		- transform ²
+
+	¹ Dropped
+	² Marketo
+
+
+	Partially covered hosts in *ca.com:
+
+		- rewrite *
+		- trials *
+		- www *
+
+	* Some pages redirect to http
+
+
+	Fully covered hosts in *ca.com:
+
+		- blogs
+		- communities
+		- support
+
+
+	These altnames don't exist:
+
+		- www.blogs.ca.com
+		- www.communities.ca.com
+
+
+	Insecure cookies are set for these hosts:
+
+		- support.ca.com
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- blogs from $self *
+			- support from www.ca.com *
+
+	* Secured by us
+
+-->
+<ruleset name="CA.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ca.com" />
+	<target host="blogs.ca.com" />
+	<target host="communities.ca.com" />
+	<target host="rewrite.ca.com" />
+	<target host="support.ca.com" />
+	<target host="trials.ca.com" />
+	<target host="www.ca.com" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://(trials|www)\.ca\.com/us/default\.aspx" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://rewrite\.ca\.com/+(?!~/media/|[\w/-]+/~/media/|assets/|favicon\.ico)" />
+		<exclusion pattern="^http://trials\.ca\.com/+(?!favicon\.ico|us/~/media/)" />
+		<exclusion pattern="^http://www\.ca\.com/+(?!assets-digital-commerce/|favicon\.ico|styles/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://rewrite.ca.com/us/about.aspx" />
+			<test url="http://rewrite.ca.com/us/expertise/security.aspx" />
+			<test url="http://rewrite.ca.com/us/search.aspx" />
+			<test url="http://rewrite.ca.com/us/sitemap.aspx" />
+			<test url="http://rewrite.ca.com/us/topic/create.aspx" />
+			<test url="http://rewrite.ca.com/us/type/slideshow.aspx" />
+			<test url="http://trials.ca.com/de/default.aspx" />
+			<test url="http://trials.ca.com/us/default.aspx" />
+			<test url="http://trials.ca.com/us/default.aspx?intcmp=" />
+			<test url="http://www.ca.com/us/about-us.aspx" />
+			<test url="http://www.ca.com/us/about-us.aspx?intcmp=" />
+			<test url="http://www.ca.com/us/it-management-events.aspx" />
+			<test url="http://www.ca.com/us/it-management-events.aspx?intcmp=" />
+
+			<!--	-ve:
+					-->
+			<test url="http://rewrite.ca.com/~/media/rewrite/images/system/ca-header.png" />
+			<test url="http://rewrite.ca.com/assets/img/ca-mobile-header.png" />
+			<test url="http://rewrite.ca.com/favicon.ico" />
+			<test url="http://rewrite.ca.com/us/~/media/rewrite/images/headshots/JustinVaughanBrown.jpg" />
+			<test url="http://rewrite.ca.com/us/articles/digital-transformation/~/media/%20rewrite/images/inline-images/April15/Digital-Dialogues-3-Kevin-Benedict-inline-400.jpg" />
+			<test url="http://trials.ca.com/favicon.ico" />
+			<test url="http://trials.ca.com/us/~/media/trials/images/icons/google-plus.png" />
+			<test url="http://www.ca.com/assets-digital-commerce/style/min/style.css" />
+			<test url="http://www.ca.com/favicon.ico" />
+			<test url="http://www.ca.com/styles/img/social.png" />
+			<test url="http://www.ca.com/styles/vendor/ladda-themeless.min.css" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^support\.ca\.com$" name="^(saplb_\*|JROUTE|JSESSIONID|PortalAlias)$" /-->
+
+	<securecookie host="^support\.ca\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CAD-Comic.com.xml b/src/chrome/content/rules/CAD-Comic.com.xml
new file mode 100644
index 000000000000..0b7a262fd374
--- /dev/null
+++ b/src/chrome/content/rules/CAD-Comic.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="CAD-Comic.com">
+	<target host="cad-comic.com" />
+	<target host="www.cad-comic.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CADSI.xml b/src/chrome/content/rules/CADSI.xml
index 5e2c29ac776d..54ca36630734 100644
--- a/src/chrome/content/rules/CADSI.xml
+++ b/src/chrome/content/rules/CADSI.xml
@@ -7,7 +7,6 @@
 	<securecookie host="^(?:www\.)?defenceandsecurity\.ca$" name=".+" />
 
 
-	<rule from="^http://(www\.)?defenceandsecurity\.ca/"
-		to="https://$1defenceandsecurity.ca/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/CAE.edu.au.xml b/src/chrome/content/rules/CAE.edu.au.xml
new file mode 100644
index 000000000000..04942b302690
--- /dev/null
+++ b/src/chrome/content/rules/CAE.edu.au.xml
@@ -0,0 +1,36 @@
+<!--
+
+	Refused hosts:
+
+		- cae-bsg
+		- mycae
+		- oscar
+
+	Mismatched hosts:
+
+		- smsuat
+
+	Timeout hosts:
+
+		- ^
+		- estudent
+
+	Problematic hosts:
+
+		- sip (different content)
+		- dialin (unknown fetch test error)
+		- meet (unknown fetch test error)
+
+-->
+<ruleset name="CAE.edu.au">
+
+	<target host="cae.edu.au" />
+	<target host="www.cae.edu.au" />
+
+	<rule from="^http://cae\.edu\.au/"
+		to="https://www.cae.edu.au/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CAGE.ngo.xml b/src/chrome/content/rules/CAGE.ngo.xml
new file mode 100644
index 000000000000..d717c1c797f1
--- /dev/null
+++ b/src/chrome/content/rules/CAGE.ngo.xml
@@ -0,0 +1,14 @@
+<!--
+	Invalid Certificate:
+		www.cage.ngo
+-->
+<ruleset name="CAGE.ngo">
+	<target host="cage.ngo" />
+	<target host="www.cage.ngo" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://www\.cage\.ngo/" to="https://cage.ngo/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CAGW.org.xml b/src/chrome/content/rules/CAGW.org.xml
deleted file mode 100644
index 7e469095b0e5..000000000000
--- a/src/chrome/content/rules/CAGW.org.xml
+++ /dev/null
@@ -1,28 +0,0 @@
-<!--
-	Citizens Against Government Waste
-
-
-	CDN buckets:
-
-		- www.2dialog.com/cagw/
-		- 0f3ed393c370316a3f10-bf2b63c262e77e03f36b541d4da198e8.ssl.cf1.rackcdn.com
-		- a50f19c3bf49f970db88-f99b1d095421892aad896d7efcceed2f.ssl.cf1.rackcdn.com
-
-
-	Nonfunctional subdomains:
-
-		- (www.)	(refused)
-
--->
-<ruleset name="CAGW.org (partial)">
-
-	<target host="*.cagw.org" />
-
-
-	<securecookie host="^\.?secure\.cagw\.org$" name=".+" />
-
-
-	<rule from="^http://secure\.cagw\.org/"
-		to="https://secure.cagw.org/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/CAIR.com.xml b/src/chrome/content/rules/CAIR.com.xml
new file mode 100644
index 000000000000..89d03a61a1b6
--- /dev/null
+++ b/src/chrome/content/rules/CAIR.com.xml
@@ -0,0 +1,24 @@
+<!--
+	Other CAIR rulesets:
+	- CAIROklahoma.com.xml
+
+	Invalid certificate:
+	- ar.cair.com
+	- nj.cair.com
+	- ok.cair.com
+	- pa.cair.com
+
+	Secure connection failed:
+	- wa.cair.com
+
+-->
+<ruleset name="CAIR.com">
+	<target host="cair.com" />
+	<target host="www.cair.com" />
+	<target host="ca.cair.com" />
+	<target host="md.cair.com" />
+
+	<securecookie host="^(www|ca)\.cair\.com$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CAIROklahoma.com.xml b/src/chrome/content/rules/CAIROklahoma.com.xml
new file mode 100644
index 000000000000..01d456997946
--- /dev/null
+++ b/src/chrome/content/rules/CAIROklahoma.com.xml
@@ -0,0 +1,10 @@
+<!--
+	For other CAIR coverage, see CAIR.com.xml.
+
+-->
+<ruleset name="CAIROklahoma.com">
+	<target host="cairoklahoma.com" />
+	<target host="www.cairoklahoma.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CANNEX.xml b/src/chrome/content/rules/CANNEX.xml
index ae0d5a54315d..7cb3f7eecc6b 100644
--- a/src/chrome/content/rules/CANNEX.xml
+++ b/src/chrome/content/rules/CANNEX.xml
@@ -8,7 +8,6 @@
 	<target host="www.cannex.com" />
 
 
-	<rule from="^https?://(?:www\.)?cannex\.com/"
-		to="https://www.cannex.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/CAREpackage.xml b/src/chrome/content/rules/CAREpackage.xml
index 60ed39d38440..9266787ef623 100644
--- a/src/chrome/content/rules/CAREpackage.xml
+++ b/src/chrome/content/rules/CAREpackage.xml
@@ -1,18 +1,20 @@
 <!--
+	(www.)?: Refused
+
 	- !www: mismatched, CN: acquia-sites.com
 	- Some pages redirect to http.
 
 -->
 <ruleset name="CAREpackage (partial)">
 
-	<target host="carepackage.org" />
-	<target host="*.carepackage.org" />
+	<!--target host="carepackage.org" /-->
+	<target host="stage.carepackage.org" />
 
 
-	<rule from="^http://(?:www\.)?carepackage\.org/(careajax|sites)/"
-		to="https://www.carepackage.org/$1/" />
+	<!--rule from="^http://(?:www\.)?carepackage\.org/(careajax|sites)/"
+		to="https://www.carepackage.org/$1/" /-->
 
 	<rule from="^http://stage\.carepackage\.org/sites/"
 		to="https://stage.carepackage.org/sites/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/CARI.net-self-signed.xml b/src/chrome/content/rules/CARI.net-self-signed.xml
index 0e27bd3d7a56..c54d0302a53b 100644
--- a/src/chrome/content/rules/CARI.net-self-signed.xml
+++ b/src/chrome/content/rules/CARI.net-self-signed.xml
@@ -10,7 +10,6 @@
 	<!--	Cookies are handled in CARI.net.xml.	-->
 
 
-	<rule from="^http://webmail\.cari\.net/"
-		to="https://webmail.cari.net/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/CARI.net.xml b/src/chrome/content/rules/CARI.net.xml
index 068fc630639a..a78e0e29ede5 100644
--- a/src/chrome/content/rules/CARI.net.xml
+++ b/src/chrome/content/rules/CARI.net.xml
@@ -1,17 +1,21 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://chat.cari.net/ => https://chat.cari.net/: (60, 'SSL certificate problem: certificate has expired')
+
 	For problematic rules, see CARI.net-self-signed.xml.
 
 -->
-<ruleset name="CARI.net (partial)">
+<ruleset name="CARI.net (partial)" default_off="failed ruleset test">
 
 	<target host="cari.net" />
-	<target host="*.cari.net" />
+	<target host="chat.cari.net" />
+	<target host="www.cari.net" />
 
 
-	<securecookie host="^(.*\.)?cari\.net$" name=".*" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(chat\.|www\.)?cari\.net/"
-		to="https://$1cari.net/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/CA_Security_Council.xml b/src/chrome/content/rules/CA_Security_Council.xml
deleted file mode 100644
index 0db60941b5fd..000000000000
--- a/src/chrome/content/rules/CA_Security_Council.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="CA Security Council">
-
-	<target host="casecurity.org" />
-	<target host="www.casecurity.org" />
-
-
-	<rule from="^http://(www\.)?casecurity\.org/"
-		to="https://$1casecurity.org/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/CAcert.xml b/src/chrome/content/rules/CAcert.xml
index 5730965256b0..e285b31b1471 100644
--- a/src/chrome/content/rules/CAcert.xml
+++ b/src/chrome/content/rules/CAcert.xml
@@ -1,13 +1,44 @@
-<ruleset name="CACert.org (CAcert)" platform="cacert">
-  <target host="cacert.org" />
-  <target host="*.cacert.org" />
-
-  <!-- this currently errs on the side of not breaking things over security -->
-  <exclusion pattern="\.crt" />
-  <exclusion pattern="\.crl" />
-  <exclusion pattern="ocsp\." />
-  <exclusion pattern="^http://cats\.cacert\.org/"/>
-
-  <rule from="^http://cacert\.org/" to="https://www.cacert.org/"/>
-  <rule from="^http://([^/:@\.]+)\.cacert\.org/" to="https://$1.cacert.org/"/>
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cacert.org/ => https://cacert.org/: (60, 'SSL certificate problem: self signed certificate in certificate chain')
+Fetch error: http://blog.cacert.org/ => https://blog.cacert.org/: (60, 'SSL certificate problem: self signed certificate in certificate chain')
+Fetch error: http://bugs.cacert.org/ => https://bugs.cacert.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://l10n.cacert.org/ => https://l10n.cacert.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://translations.cacert.org/ => https://translations.cacert.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://wiki.cacert.org/ => https://wiki.cacert.org/: (60, 'SSL certificate problem: self signed certificate in certificate chain')
+Fetch error: http://www.cacert.org/ => https://www.cacert.org/: (60, 'SSL certificate problem: self signed certificate in certificate chain')
+Fetch error: http://cacert.net/ => https://cacert.net/: (60, 'SSL certificate problem: self signed certificate in certificate chain')
+Fetch error: http://www.cacert.net/ => https://www.cacert.net/: (60, 'SSL certificate problem: self signed certificate in certificate chain')
+Fetch error: http://cacert.com/ => https://cacert.com/: (60, 'SSL certificate problem: self signed certificate in certificate chain')
+Fetch error: http://www.cacert.com/ => https://www.cacert.com/: (60, 'SSL certificate problem: self signed certificate in certificate chain')
+
+-->
+<ruleset name="CACert.org (CAcert)" default_off="failed ruleset test">
+	<target host=             "cacert.org" />
+	<target host=        "blog.cacert.org" />
+	<target host=        "bugs.cacert.org" />
+	<target host=        "l10n.cacert.org" />
+	<target host="translations.cacert.org" />
+	<target host=        "wiki.cacert.org" />
+	<target host=         "www.cacert.org" />
+	<target host=             "cacert.net" />
+	<target host=         "www.cacert.net" />
+	<target host=             "cacert.com" />
+	<target host=         "www.cacert.com" />
+
+	<securecookie host="^\w+\.cacert\.org$" name=".+" />
+
+	<!-- this currently errs on the side of not breaking things over security -->
+	<exclusion pattern="\.crt" />
+	<test url="http://www.cacert.org/certs/root.crt" />
+	<exclusion pattern="\.crl" />
+	<test url="http://crl.cacert.org/revoke.crl" />
+	<!-- client certificate required, but ruleset checker doesn't have any -->
+	<!--   cats.cacert.org -->
+	<!--   ocsp.cacert.org -->
+	<!-- secure.cacert.org -->
+
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/CBC_Blueprint.xml b/src/chrome/content/rules/CBC_Blueprint.xml
index c9ce8d2ac5d7..ec7ca4f8b2b7 100644
--- a/src/chrome/content/rules/CBC_Blueprint.xml
+++ b/src/chrome/content/rules/CBC_Blueprint.xml
@@ -16,4 +16,4 @@
 	<rule from="^http://(?:www\.)?cbcblueprint\.com/"
 		to="https://www.cbcblueprint.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/CBP.gov.xml b/src/chrome/content/rules/CBP.gov.xml
new file mode 100644
index 000000000000..a01a987fb70b
--- /dev/null
+++ b/src/chrome/content/rules/CBP.gov.xml
@@ -0,0 +1,53 @@
+<!--
+	Customs and Border Protection
+
+
+
+	^cbp.gov: Mismatched
+
+
+	These altnames do not exist:
+
+		- www.helpspanish.cbp.gov
+
+
+	Insecure cookies are set for these hosts:
+
+		- help.cbp.gov
+		- helpspanish.cbp.gov
+
+
+	Mixed content:
+
+		- Image on www from www.dhs.gov ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="CBP.gov">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="help.cbp.gov" />
+	<target host="helpspanish.cbp.gov" />
+	<target host="www.cbp.gov" />
+
+	<!--	Complications:
+				-->
+	<target host="cbp.gov" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^help(?:spanish)?\.cbp\.gov$" name="^TS[\da-f]{8}$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://cbp\.gov/"
+		to="https://www.cbp.gov/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CBP.net.br.xml b/src/chrome/content/rules/CBP.net.br.xml
new file mode 100644
index 000000000000..c4472dabb555
--- /dev/null
+++ b/src/chrome/content/rules/CBP.net.br.xml
@@ -0,0 +1,17 @@
+<!--
+	Mixed content:
+
+		- css from ajax.googleapis.com *
+
+	* Secured by us, effect seems minimal
+
+-->
+<ruleset name="CBP.net.br">
+
+	<target host="cbp.net.br" />
+	<target host="www.cbp.net.br" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CBS-Sports-Network.xml b/src/chrome/content/rules/CBS-Sports-Network.xml
index 7c1484fa4aa3..76eb453b122c 100644
--- a/src/chrome/content/rules/CBS-Sports-Network.xml
+++ b/src/chrome/content/rules/CBS-Sports-Network.xml
@@ -1,24 +1,16 @@
 <!--
 	For other CBS coverage, see CBS.xml.
 
-
-	CN: *.cstv.com
-
+	Non-functional hosts:
+		SSL error:
+		- dev.cbssportsnetwork.com
 -->
-<ruleset name="CBS Sports Network " default_off="mismatched">
-
-	<!--	Akamai	-->
+<ruleset name="CBS Sports Network">
 	<target host="cbssportsnetwork.com" />
-	<!--	* for cross-domain cookie.	-->
-	<target host="*.cbssportsnetwork.com" />
-
-
-	<securecookie host="^.*\.cbssportsnetwork\.com$" name=".*" />
-
+	<target host="www.cbssportsnetwork.com" />
+	<target host="affiliates.cbssportsnetwork.com" />
 
-	<!--	!www 301s to www.
-					-->
-	<rule from="^https?://(?:www\.)?cbssportsnetwork\.com/"
-		to="https://www.cbssportsnetwork.com/" />
+	<securecookie host=".+" name=".+" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/CBS.xml b/src/chrome/content/rules/CBS.xml
index f120d244fa77..2c7d66721edd 100644
--- a/src/chrome/content/rules/CBS.xml
+++ b/src/chrome/content/rules/CBS.xml
@@ -1,162 +1,40 @@
 <!--
 	Other CBS rulesets:
-
-		- CBSI.xml
-		- CBSIstatic.com.xml
 		- CBS-Sports-Network.xml
+		- CBSInteractive.com.au.xml
+		- CBSInteractive.com.xml
+		- CBSIstatic.net.xml
+		- CBSNews.com.xml
+		- CBSStatic.com.xml
 		- CBS_Store.xml
-		- GameSpot.xml
+		- CBSimg.net.xml
+		- CBSi.com.au.xml
+		- CNETFrance.fr.xml
+		- CNET_content.com.xml
+		- GameSpot.com.xml
+		- Giant_Bomb.com.xml
 		- Last.fm.xml
-		- TechRepublic.xml
+		- TechRepublic.com.xml
 		- ZDNet.xml
 
-
-	om.cnet.com.au/b/ss/zdau-cnet/
-
-
-	CDN buckets:
-
-		- ad.cnet-basic-performance.akadns.net
-
-			- mads.cbs.com
-
-		- wwwimage.cbs.com.edgesuite.net
-
-			- wwwimage.cbsstatic.com
-
-		- www.cbsnews.com.edgesuite.net
-
-		- wwwimage.cbsnews.com.edgesuite.net
-
-			- a1030.g.akamai.net/=/1030/1957/7d/wwwimages.cbsnews.com/	(works!)
-
-		- download-hl.cnet.com.edgesuite.net
-
-			- donwload.cnet.com
-
-		- graphics.fansonly.com.edgesuite.net
-
-			- grfx.cstv.com
-
-		- i.b2b.com.com.edgesuite.net
-
-			- b2b.cbsimg.net
-
-		- i.com.com.edgesuite.net	(maps directly ... but 404s over https.)
-
-			- i.i.cbsi.com
-			- asset\d+.cbsistatic.com
-			- a868.g.akamai.net
-
-				- a248.e.akamai.net/cnwk.1d/
-				- a248.e.akamai.net/=/868/1957/7d/img.com.com/
-
-	cnwk.1d/i/
-	/=/5048/1957/7d/img.com.com/i/
-
-
-	Nonfunctional domains:
-
-		- mads.cbs.com *
-		- (www.)cbs.dk			(redirects to http, valid cert)
-		- adlog.com.com *
-		- cdn.cbsi.com.au **
-		- b2b.cbsimg.net ****
-		- cn.cbsimg.net **
-		- (www.)cbsinteractive.com
-		- (www.)cbsinteractive.com.au
-		- www.cbsinteractive.co.uk ***
-		- cbsnews.com ***
-		- www.cbsnews.com **
-		- bwp.cbsnews.com
-		- mads.cbsnews.com
-		- crave.cnet.co.uk ***
-		- (bwp|www).cnet.com
-		- download.cnet.com **
-		- news.cnet.com
-		- cnettv.cnet.com *
-		- forums.cnetfrance.fr ***
-		- adlog.com.com *
-		- assets.com.com		(doesn't work over https, redirects to i.i.com.com)
-		- ads.com.com ***		(data on www.cnet.com)
-		- i.i.com.com **
-		- origin.i.com.com
-		- image.com.com ****
-		- img.com.com
-		- grfx.cstv.com ****
-		- (www.)findarticles.com
-		- bwp.news.com *
-		- graphics.ocsn.com ****
-		- (www.)zol.com.cn
-		- img2.zol.com.cn
-
-	* Refused
-	** 503, akamai
-	*** Times out
-	**** 504, akamai
-
-	asset\d		≍	i.i.com.com
-
-
-	Problematic domains:
-
-		- wwwimage.cbs.com *
-		- www.cbsstatic.com		(mismatched, CN: *.cbs.com)
-		- wwwimage.cbsstatic.com *
-
-	* 504, akamai
-
-
-	Partially covered domains:
-
-		- (www.)cbs.com		(some pages redirect to http)
-
-
-	Fully covered domains:
-
-		- fileupload.intl.cbs.com
-		- wwwimage.cbs.com		(→ www.cbs.com)
-		- www.cbsstatic.com		(→ www.cbs.com)
-		- wwwimage.cbsstatic.com	(→ www.cbs.com)
-
+	Non-functional hosts
+		Timeout was reached:
+		- mads.cbs.com
+
+		SSL peer certificate was not OK:
+		- cbsnews.cbs.com
+		- ecomedia.cbs.com
+		- investors.cbs.com
+		- multimedia.cbs.com
+		- promonet.cbs.com
+		- syndication.cbs.com
+		- wwwimage.cbs.com
 -->
-<ruleset name="CBS (partial)">
-
+<ruleset name="CBS.com (partial)">
 	<target host="cbs.com" />
-	<target host="*.cbs.com" />
-		<exclusion pattern="^http://(?:www\.)?cbs\.com/(?!assets/|base/files/|Common/|favicon\.ico|thumbnails/|user(?:$|\?|/))" />
-	<target host="*.cbsnews.com" />
-	<target host="*.cbsstatic.com" />
-	<target host="om.cnet.com.au" />
-	<target host="dw.com.com" />
-
-
-	<!--	Fails to redirect over https:
-						-->
-	<rule from="^http://(www\.)?cbs\.com/user/?(?:\?.*)?$"
-		to="https://$1cbs.com/user/settings/" />
-
-	<rule from="^http://(fileupload\.intl\.|www\.)?cbs\.com/"
-		to="https://$1cbs.com/" />
-
-	<rule from="^http://wwwimage\.cbs\.com/"
-		to="https://www.cbs.com/" />
-
-	<rule from="^http://markets\.cbsnews\.com/$"
-		to="https://markets.financialcontent.com/cbsnews" />
-
-	<rule from="^http://markets\.cbsnews\.com/"
-		to="https://markets.financialcontent.com/" />
-
-	<rule from="^http://www(?:image)?\.cbsstatic\.com/"
-		to="https://www.cbs.com/" />
-
-	<rule from="^http://om\.cnet\.com\.au/"
-		to="https://zdau-cnet.122.2o7.net/" />
-
-	<!--	Tracking beacon:
-				-->
-	<rule from="^http://dw\.com\.com/"
-		to="https://dw.com.com/" />
+	<target host="www.cbs.com" />
+	<target host="audienceservices.cbs.com" />
+	<target host="wap.cbs.com" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/CBSI.com.xml b/src/chrome/content/rules/CBSI.com.xml
index 1c3589c3ad95..2879535b584c 100644
--- a/src/chrome/content/rules/CBSI.com.xml
+++ b/src/chrome/content/rules/CBSI.com.xml
@@ -8,10 +8,24 @@
 
 			- i.i.cbsi.com
 
+		- www.tv.com.edgesuite.net
 
-	Nonfunctional subdomains:
 
-		- i.i	(503, akamai)
+	Nonfunctional domains:
+
+		- i.i.cbsi.com ¹
+
+		- shopper.cnet.com ¹
+		- (www.)cnetnetworks.com ²
+		- tv.com ²
+		- www.tv.com ³
+		- blog.tv.com ²
+		- bwp.tv.com ²
+		- static.phx2.tvgcdn.net ²
+
+	¹ 503, akamai
+	² Dropped
+	³ Redirects to http, akamai
 
 -->
 <ruleset name="CBSI.com (partial)">
@@ -22,7 +36,6 @@
 	<securecookie host="^dw\.cbsi\.com$" name=".+" />
 
 
-	<rule from="^http://dw\.cbsi\.com/"
-		to="https://dw.cbsi.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/CBSInteractive.com.au.xml b/src/chrome/content/rules/CBSInteractive.com.au.xml
new file mode 100644
index 000000000000..1695d7934d62
--- /dev/null
+++ b/src/chrome/content/rules/CBSInteractive.com.au.xml
@@ -0,0 +1,14 @@
+<!--
+	For other CBS coverage, see CBS.xml.
+
+	Non-functional hosts
+		Incomplete certificate chain error:
+		- cbsinteractive.com.au
+-->
+<ruleset name="CBSInteractive.com.au (partial)">
+	<target host="cbsinteractive.com.au" />
+	<target host="www.cbsinteractive.com.au" />
+
+	<rule from="^http://(www\.)?cbsinteractive\.com\.au/"
+		to="https://www.cbsinteractive.com.au/" />
+</ruleset>
diff --git a/src/chrome/content/rules/CBSInteractive.com.xml b/src/chrome/content/rules/CBSInteractive.com.xml
new file mode 100644
index 000000000000..88578b70df06
--- /dev/null
+++ b/src/chrome/content/rules/CBSInteractive.com.xml
@@ -0,0 +1,12 @@
+<!--
+     For other CBS coverage, see CBS.xml.
+-->
+<ruleset name="CBSInteractive.com (partial)">
+	<target host="cbsinteractive.com" />
+	<target host="www.cbsinteractive.com" />
+	<target host="asia.cbsinteractive.com" />
+	<target host="connect.cbsinteractive.com" />
+	<target host="vidtech.cbsinteractive.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CBSIstatic.net.xml b/src/chrome/content/rules/CBSIstatic.net.xml
index dcda9686ce29..cff17eeade32 100644
--- a/src/chrome/content/rules/CBSIstatic.net.xml
+++ b/src/chrome/content/rules/CBSIstatic.net.xml
@@ -4,9 +4,10 @@
 
 	CDN buckets:
 
-		- techrepublic.cbsistatic.com.edgesuite.net
+		- techproresearch-a.akamaihd.net
+
+		- techrepublic.cbsistatic.com.edgesuite.net <=> techrepublic-a.akamaihd.net
 
-			- a1531.b.akamai.net
 			- tr1.cbsistatic.com
 			- tr2.cbsistatic.com
 
@@ -17,11 +18,15 @@
 
 	Nonfunctional subdomains:
 
-		- asset[0-3].cbsistatic.com	(503, akamai)
+		- asset[0-3].cbsistatic.com *
+
+	* 503, Akamai
 
 
 	Problematic subdomains:
 
+		- cnet3 *
+		- tpr2 *
 		- tr1 *
 		- tr2 *
 
@@ -30,12 +35,18 @@
 
 	Partially covered subdomains:
 
-		- tr1		(→ akamai, fly/ 404s)
+		- tr1 *		(→ techrepublic-a.akamaihd.net)
+
+	* fly/ 404s
 
 
 	Fully covered subdomains:
 
-		- tr2		(→ akamai)
+		- tpr\d:	(→ techproresearch-a.akamaihd.net)
+
+			- 2
+
+		- tr2		(→ techrepublic-a.akamaihd.net)
 
 
 	tr1.cbsistatic.com appears to be pulled from  cdn-origin01.techproresearch.com.
@@ -48,7 +59,10 @@
 		<!--exclusion pattern="^http://tr[12]\.cbsistatic\.com/(?!hub/)" /-->
 
 
-	<rule from="^http://tr(1|2)\.cbsistatic\.com/(?!fly/)"
-		to="https://a248.e.akamai.net/=/1531/5129/6/tr$1.cbsistatic.com/" />
+	<rule from="^http://tpr\d\.cbsistatic\.com/"
+		to="https://techproresearch-a.akamaihd.net/" />
+
+	<rule from="^http://tr\d\.cbsistatic\.com/(?!fly/)"
+		to="https://techrepublic-a.akamaihd.net/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/CBSNews.com.xml b/src/chrome/content/rules/CBSNews.com.xml
new file mode 100644
index 000000000000..63ff075f774e
--- /dev/null
+++ b/src/chrome/content/rules/CBSNews.com.xml
@@ -0,0 +1,140 @@
+<!--
+	For other CBS coverage, see CBS.xml.
+
+	Cert expired:
+		- gigya-auth.cbsnews.com
+		- push.cbsnews.com
+
+	Cert mismatch:
+		- www.48hours.cbsnews.com
+		- beta.cbsnews.com
+		- cbsn.cbsnews.com
+		- www.cbsn.cbsnews.com
+		- feeds.cbsn.cbsnews.com
+		- images.cbsn.cbsnews.com
+		- download.cbsnews.com
+		- dw.cbsnews.com
+		- www.election.cbsnews.com
+		- fonts.cbsnews.com
+		- hls.cbsnews.com
+		- images-cbsn.cbsnews.com
+		- beta.img.cbsnews.com
+		- ipad-streaming.cbsnews.com
+		- li.cbsnews.com
+		- live.cbsnews.com
+		- media.cbsnews.com
+		- mi.cbsnews.com
+		- newsletters.cbsnews.com
+		- posidn-api.cbsnews.com
+		- www.showbuzz.cbsnews.com
+		- wwwimage.showbuzz.cbsnews.com
+		- socialize.cbsnews.com
+		- trail.cbsnews.com
+		- vokevr.cbsnews.com
+		- beta.www.cbsnews.com
+		- wwwimage.cbsnews.com
+
+	Chain issues:
+		- filedrop.cbsnews.com
+
+	Connection refused:
+		- aw.cbsnews.com
+		- cgi.cbsnews.com
+		- gateway.cbsnews.com
+		- race08.cbsnews.com
+
+	Timeout:
+	- adimg.cbsnews.com
+	- api.cbsnews.com
+	- archive.cbsnews.com
+	- archives.cbsnews.com
+	- autodiscover.cbsnews.com
+	- ct.cbsnews.com
+	- ctm.cbsnews.com
+	- dev.cbsnews.com
+	- features.cbsnews.com
+	- fusion.cbsnews.com
+	- games.cbsnews.com
+	- go.cbsnews.com
+	- img.cbsnews.com
+	- reports.madison.cbsnews.com
+	- mads.cbsnews.com
+	- mail.cbsnews.com
+	- mail1.cbsnews.com
+	- mail2.cbsnews.com
+	- monarch.cbsnews.com
+	- nls.cbsnews.com
+	- ocp.cbsnews.com
+	- origin2.cbsnews.com
+	- owa.cbsnews.com
+	- preview.cbsnews.com
+	- sharepoint.cbsnews.com
+	- smtp1.cbsnews.com
+	- smtp2.cbsnews.com
+	- smtp3.cbsnews.com
+	- stage.cbsnews.com
+	- tools.cbsnews.com
+	- webcast.cbsnews.com
+
+	TLS error:
+		- feeds.cbsnews.com
+		- hotsheet.cbsnews.com
+		- portal.cbsnews.com
+		- webmail.cbsnews.com
+-->
+<ruleset name="CBSNews">
+
+	<target host="cbsnews.com"/>
+	<target host="www.cbsnews.com"/>
+
+	<target host="60minutes.cbsnews.com"/>
+	<target host="alerts.cbsnews.com"/>
+	<target host="android.cbsnews.com"/>
+	<target host="audio.cbsnews.com"/>
+	<target host="blackberry.cbsnews.com"/>
+	<target host="cdn.cbsnews.com"/>
+	<target host="cdn-origin.cbsnews.com"/>
+	<target host="cms.cbsnews.com"/>
+	<target host="docs.cbsnews.com"/>
+	<target host="election.cbsnews.com"/>
+	<target host="enpsmobile.cbsnews.com"/>
+	<target host="evening.cbsnews.com"/>
+	<target host="failover.cbsnews.com"/>
+	<target host="feeds-cbsn.cbsnews.com"/>
+	<target host="iphone.cbsnews.com"/>
+	<target host="labs.cbsnews.com"/>
+	<target host="m.cbsnews.com"/>
+	<target host="markets.cbsnews.com"/>
+	<target host="marketwatch.cbsnews.com"/>
+	<target host="mobile.cbsnews.com"/>
+	<target host="mobile-feeds.cbsnews.com"/>
+	<target host="moneywatch.cbsnews.com"/>
+	<target host="mvideo.cbsnews.com"/>
+	<target host="oaktree.cbsnews.com"/>
+	<target host="oaktree2.cbsnews.com"/>
+	<target host="ott.cbsnews.com"/>
+	<target host="podcast.cbsnews.com"/>
+	<target host="podcasts.cbsnews.com"/>
+	<target host="politics.cbsnews.com"/>
+	<target host="radio.cbsnews.com"/>
+	<target host="search.cbsnews.com"/>
+	<target host="secure.cbsnews.com"/>
+	<target host="secure-fly.cbsnews.com"/>
+	<target host="secure-img.cbsnews.com"/>
+	<target host="showbuzz.cbsnews.com"/>
+	<target host="standards.cbsnews.com"/>
+	<target host="storm.cbsnews.com"/>
+	<target host="sunday.cbsnews.com"/>
+	<target host="track.cbsnews.com"/>
+	<target host="urs.cbsnews.com"/>
+	<target host="video.cbsnews.com"/>
+	<target host="wallstrip.cbsnews.com"/>
+	<target host="wap.cbsnews.com"/>
+	<target host="widgets-cbsn.cbsnews.com"/>
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CBSStatic.com.xml b/src/chrome/content/rules/CBSStatic.com.xml
new file mode 100644
index 000000000000..24f0d4c7ef5f
--- /dev/null
+++ b/src/chrome/content/rules/CBSStatic.com.xml
@@ -0,0 +1,46 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- wwwimage.cbsstatic.com
+		- wwwimage1.cbsstatic.com
+		- wwwimage2.cbsstatic.com
+		- wwwimage3.cbsstatic.com
+		- wwwimage4.cbsstatic.com
+		- wwwimage5.cbsstatic.com
+
+		5xx status code:
+		- www.cbsstatic.com
+-->
+<ruleset name="CBSStatic.com">
+	<target host="wwwimage-secure.cbsstatic.com" />
+	<target host="wwwimage-secure1.cbsstatic.com" />
+	<target host="wwwimage-secure2.cbsstatic.com" />
+	<target host="wwwimage-secure3.cbsstatic.com" />
+	<target host="wwwimage-secure4.cbsstatic.com" />
+	<target host="wwwimage-secure5.cbsstatic.com" />
+	<target host="wwwimage.cbsstatic.com" />
+	<target host="wwwimage1.cbsstatic.com" />
+	<target host="wwwimage2.cbsstatic.com" />
+	<target host="wwwimage3.cbsstatic.com" />
+	<target host="wwwimage4.cbsstatic.com" />
+	<target host="wwwimage5.cbsstatic.com" />
+
+	<test url="http://wwwimage.cbsstatic.com/assets/build/css/homepage-c9f128868b.min.css" />
+	<test url="http://wwwimage.cbsstatic.com/assets/build/js/other/cbs/ads/cbs-0008ca0787.ads.min.js" />
+	<test url="http://wwwimage.cbsstatic.com/thumbnails/photos/w170/show_asset/84/18/91/show_asset_6774b6ad-d585-4204-80ae-febf04b02d9d.jpg" />
+	<test url="http://wwwimage1.cbsstatic.com/assets/build/css/homepage-c9f128868b.min.css" />
+	<test url="http://wwwimage1.cbsstatic.com/assets/build/js/other/cbs/ads/cbs-0008ca0787.ads.min.js" />
+	<test url="http://wwwimage1.cbsstatic.com/thumbnails/photos/w170/show_asset/84/18/91/show_asset_6774b6ad-d585-4204-80ae-febf04b02d9d.jpg" />
+	<test url="http://wwwimage2.cbsstatic.com/assets/build/css/homepage-c9f128868b.min.css" />
+	<test url="http://wwwimage2.cbsstatic.com/assets/build/js/other/cbs/ads/cbs-0008ca0787.ads.min.js" />
+	<test url="http://wwwimage2.cbsstatic.com/thumbnails/photos/w170/show_asset/84/18/91/show_asset_6774b6ad-d585-4204-80ae-febf04b02d9d.jpg" />
+	<test url="http://wwwimage3.cbsstatic.com/assets/build/css/homepage-c9f128868b.min.css" />
+	<test url="http://wwwimage3.cbsstatic.com/assets/build/js/other/cbs/ads/cbs-0008ca0787.ads.min.js" />
+	<test url="http://wwwimage3.cbsstatic.com/thumbnails/photos/w170/show_asset/84/18/91/show_asset_6774b6ad-d585-4204-80ae-febf04b02d9d.jpg" />
+
+	<rule from="^http://wwwimage(\d?)\.cbsstatic\.com/"
+		to="https://wwwimage-secure$1.cbsstatic.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CBS_Local.xml b/src/chrome/content/rules/CBS_Local.xml
index e57bfca44d6c..77078c99266a 100644
--- a/src/chrome/content/rules/CBS_Local.xml
+++ b/src/chrome/content/rules/CBS_Local.xml
@@ -6,7 +6,6 @@
 	<securecookie host="^sacramento\.cbslocal\.com$" name=".+" />
 
 
-	<rule from="^http://sacramento\.cbslocal\.com/"
-		to="https://sacramento.cbslocal.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/CBS_Store.xml b/src/chrome/content/rules/CBS_Store.xml
index 128fe098cf98..47682e35419d 100644
--- a/src/chrome/content/rules/CBS_Store.xml
+++ b/src/chrome/content/rules/CBS_Store.xml
@@ -1,30 +1,20 @@
 <!--
 	For other CBS coverage, see CBS.xml.
 
-
-	CDN buckets:
-
-		- cbs.deliveryagent.com
-
-			- www.cbsstore.com
-
-
-	Problematic subdomains:
-
-		- ^	(works; self-signed, CN: secure.cbsstore.com)
-		- www	(works, akamai)
-
+	Non-functional hosts:
+		SSL error:
+		- cbsstore.com
 -->
 <ruleset name="CBS Store">
-
 	<target host="cbsstore.com" />
-	<target host="*.cbsstore.com" />
-
+	<target host="www.cbsstore.com" />
+	<target host="secure.cbsstore.com" />
 
 	<securecookie host="^\.cbsstore\.com$" name=".+" />
 
+	<rule from="^http://cbsstore\.com/"
+		to="https://www.cbsstore.com/" />
 
-	<rule from="^http://(?:secure\.|www\.)?cbsstore\.com/"
-		to="https://secure.cbsstore.com/" />
-
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CBSi.com.au.xml b/src/chrome/content/rules/CBSi.com.au.xml
new file mode 100644
index 000000000000..50131f982dfb
--- /dev/null
+++ b/src/chrome/content/rules/CBSi.com.au.xml
@@ -0,0 +1,15 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- cdn.cbsi.com.au
+
+		Incomplete certificate chain error:
+		- cbsi.com.au
+		- www.cbsi.com.au
+-->
+<ruleset name="CBSi.com.au" default_off="cert-invalid">
+	<target host="cbsi.com.au" />
+	<target host="www.cbsi.com.au" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CBSimg.net.xml b/src/chrome/content/rules/CBSimg.net.xml
new file mode 100644
index 000000000000..cf02e018f2dc
--- /dev/null
+++ b/src/chrome/content/rules/CBSimg.net.xml
@@ -0,0 +1,16 @@
+<!--
+	For other CBS coverage, see CBS.xml.
+
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- b2b.cbsimg.net
+		- cn.cbsimg.net
+		- dl.cbsimg.net
+		- n.cbsimg.net
+		- t.cbsimg.net
+-->
+<ruleset name="CBSimg.net">
+	<target host="sports.cbsimg.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CBendt.de.xml b/src/chrome/content/rules/CBendt.de.xml
new file mode 100644
index 000000000000..de20a418beb1
--- /dev/null
+++ b/src/chrome/content/rules/CBendt.de.xml
@@ -0,0 +1,24 @@
+<!--
+	Nonfunctional hosts:
+
+		- (www.)? *
+
+	* Shows brandensittich.de
+
+
+	Fully covered hosts:
+
+		- piwik
+
+-->
+<ruleset name="CBendt.de (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="piwik.cbendt.de" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CC.com.xml b/src/chrome/content/rules/CC.com.xml
new file mode 100644
index 000000000000..dfd61d4cd092
--- /dev/null
+++ b/src/chrome/content/rules/CC.com.xml
@@ -0,0 +1,27 @@
+<!--
+	Nonfunctional hosts in *.cc.com:
+	- cc.com (t)
+	- www.cc.com (h)
+	- ccdirect.cc.com (t)
+	- www.ccdirect.cc.com (t)
+	- jokes.cc.com (m)
+	- pitches.cc.com (t)
+	- thedailyshow.cc.com (t)
+	- tosh.cc.com (t)
+
+	Mixed content:
+	- wiki.southpark.cc.com
+	- forums.southpark.cc.com
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="CC.com (partial)">
+	<target host="southpark.cc.com" />
+	<target host="press.cc.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CCA.edu.xml b/src/chrome/content/rules/CCA.edu.xml
new file mode 100644
index 000000000000..d0b1c7bdcc6c
--- /dev/null
+++ b/src/chrome/content/rules/CCA.edu.xml
@@ -0,0 +1,131 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+			 - 4d-imp-fall14.cca.edu
+			 - bikeplusdesign.cca.edu
+			 - build.cca.edu
+			 - curptemp.cca.edu
+			 - design.cca.edu
+			 - designmba.cca.edu
+			 - dm.cca.edu
+			 - finearts.cca.edu
+			 - formations.cca.edu
+			 - gradthesis.cca.edu
+			 - gradthesis2007.cca.edu
+			 - gradthesis2008.cca.edu
+			 - gradthesis2009.cca.edu
+			 - gradthesis2010.cca.edu
+			 - gradthesis2011.cca.edu
+			 - gradthesis2012.cca.edu
+			 - gradthesis2013.cca.edu
+			 - htx.cca.edu
+			 - hybridlab.cca.edu
+			 - impconference2016.cca.edu
+			 - ixd320.cca.edu
+			 - lists.cca.edu
+			 - ocl.cca.edu
+			 - rebrandingsustainability.cca.edu
+			 - stammtisch.cca.edu
+			 - sundance.cca.edu
+			 - tedx.cca.edu
+			 - urbanworks.cca.edu
+			 - vdm2-tt2.cca.edu
+			 - viscrit.cca.edu
+			 - vm-varnish-01.cca.edu
+			 - webcheckout.cca.edu
+
+		Timeout was reached:
+			 - colleague.cca.edu
+			 - dada.cca.edu
+			 - frx.cca.edu
+			 - nameserver1.cca.edu
+			 - nameserver2.cca.edu
+			 - sf-es-sl-sw-07.net.cca.edu
+			 - pomo.cca.edu
+			 - shib.cca.edu
+			 - uiweb.cca.edu
+			 - vm-webhost-00.cca.edu
+			 - webmail.cca.edu
+
+		SSL connect error:
+			 - exploringscienceinthestudio.cca.edu
+			 - google.cca.edu
+			 - planning.cca.edu
+
+		SSL peer certificate was not OK:
+			 - www.center.cca.edu
+			 - discover.cca.edu
+			 - info.cca.edu
+			 - libguides.cca.edu
+			 - proxy.cca.edu
+			 - www.jstor.org.proxy.cca.edu
+
+		Incomplete certificate chain error:
+			 - directory.cca.edu
+			 - library.cca.edu
+			 - moodle26.cca.edu
+			 - print.cca.edu
+
+		Status code mismatch:
+			 - emsweb.cca.edu
+			 - mastercalendar.cca.edu
+			 - payment.cca.edu
+			 - selfservice.cca.edu
+
+		4xx client error:
+			 - fluentd.cca.edu
+
+		Secure connection redirects to plaintext:
+			 - www.queersandcomics.cca.edu
+
+		Different content:
+			 - comics.cca.edu
+			 - digitalscholarship.cca.edu
+			 - facilities.cca.edu
+			 - helpdesk.cca.edu
+			 - intensive.cca.edu
+			 - wattis.cca.edu
+
+		Mixed content blocking (MCB) tiggered:
+			 - moodle.cca.edu
+-->
+<ruleset name="California College of the Arts (partial)">
+	<target host="cca.edu" />
+	<target host="www.cca.edu" />
+	<target host="accounts.cca.edu" />
+	<target host="arch.cca.edu" />
+	<target host="calendar.cca.edu" />
+	<target host="cas.cca.edu" />
+	<target host="center.cca.edu" />
+	<target host="dfas.cca.edu" />
+	<target host="digitalcraft.cca.edu" />
+	<target host="www.digitalcraft.cca.edu" />
+	<target host="www.exploringscienceinthestudio.cca.edu" />
+	<target host="fluxus.cca.edu" />
+	<target host="illuminatinginteriors.cca.edu" />
+	<target host="www.illuminatinginteriors.cca.edu" />
+	<target host="ixd.cca.edu" />
+	<target host="www.ixd.cca.edu" />
+	<target host="learn.cca.edu" />
+	<target host="libraries.cca.edu" />
+	<target host="lynda.cca.edu" />
+	<target host="makingarchitecture.cca.edu" />
+	<target host="www.makingarchitecture.cca.edu" />
+	<target host="payment-test.cca.edu" />
+	<target host="portal.cca.edu" />
+	<target host="portal-dev.cca.edu" />
+	<target host="portal-stage.cca.edu" />
+	<target host="projects.cca.edu" />
+	<target host="sso.cca.edu" />
+	<target host="technology.cca.edu" />
+	<target host="vault.cca.edu" />
+	<target host="virtualems.cca.edu" />
+	<target host="vm-lib-www-01.cca.edu" />
+	<target host="vm-waimages-01.cca.edu" />
+	<target host="webadvisor.cca.edu" />
+	<target host="webadvisor-test.cca.edu" />
+	<target host="workday.cca.edu" />
+	<target host="zabbix-3.cca.edu" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CCAvenue.xml b/src/chrome/content/rules/CCAvenue.xml
index 4e0f9f0786c1..1c03fb989ab6 100644
--- a/src/chrome/content/rules/CCAvenue.xml
+++ b/src/chrome/content/rules/CCAvenue.xml
@@ -7,16 +7,17 @@
 <ruleset name="CCAvenue">
 
 	<target host="ccavenue.com" />
-	<target host="*.ccavenue.com" />
+	<target host="www.ccavenue.com" />
+	<target host="mars.ccavenue.com" />
+	<target host="world.ccavenue.com" />
 
 
 	<securecookie host="^.+\.ccavenue\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?ccavenue\.com/"
+	<rule from="^http://(?:www\.)?ccavenue\.com/"
 		to="https://www.ccavenue.com/" />
 
-	<rule from="^http://(mars|world)\.ccavenue\.com/"
-		to="https://$1.ccavenue.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CCBill.com.xml b/src/chrome/content/rules/CCBill.com.xml
new file mode 100644
index 000000000000..3f457eade3c0
--- /dev/null
+++ b/src/chrome/content/rules/CCBill.com.xml
@@ -0,0 +1,39 @@
+<!--
+	Nonfunctional hosts in *ccbill.com:
+
+		- employment *
+
+	* Refused
+
+
+	Insecure cookies are set for these hosts:
+
+		- support.ccbill.com
+		- www.ccbill.com
+
+-->
+<ruleset name="CCBill.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ccbill.com" />
+	<target host="admin.ccbill.com" />
+	<target host="api.ccbill.com" />
+	<target host="bill.ccbill.com" />
+	<target host="images.ccbill.com" />
+	<target host="support.ccbill.com" />
+	<target host="www.ccbill.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^support\.ccbill\.com$" name="^TS[\da-f]+(?:_\d+)?$" /-->
+	<!--securecookie host="^www\.ccbill\.com$" name="^(?:PHPSESSID|runs_before_js_detect)$" /-->
+
+	<securecookie host="^(?:support|www)\.ccbill\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CCC-Mannheim.de.xml b/src/chrome/content/rules/CCC-Mannheim.de.xml
index f4551dae44d7..df79bcdbc7b3 100644
--- a/src/chrome/content/rules/CCC-Mannheim.de.xml
+++ b/src/chrome/content/rules/CCC-Mannheim.de.xml
@@ -1,19 +1,20 @@
-<!--
-	Problematic subdomains:
 
-		- ^	(cert only matches www)
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ccc-mannheim.de/ => https://ccc-mannheim.de/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.ccc-mannheim.de/ => https://www.ccc-mannheim.de/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 
 -->
-<ruleset name="CCC-Mannheim.de" default_off="self-signed">
+<ruleset name="CCC-Mannheim.de" default_off="failed ruleset test">
 
 	<target host="ccc-mannheim.de" />
 	<target host="www.ccc-mannheim.de" />
 
 
-	<securecookie host="^www\.ccc-mannheim\.de$" name=".+" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?ccc-mannheim\.de/"
-		to="https://www.ccc-mannheim.de/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/CCC.co.il.xml b/src/chrome/content/rules/CCC.co.il.xml
index 71a2ae800240..b1a5ba019469 100644
--- a/src/chrome/content/rules/CCC.co.il.xml
+++ b/src/chrome/content/rules/CCC.co.il.xml
@@ -14,13 +14,13 @@
 <ruleset name="CCC.co.il">
 
 	<target host="ccc.co.il" />
-	<target host="*.ccc.co.il" />
+	<target host="www.ccc.co.il" />
 
 
-	<securecookie host="^\.ccc\.co\.il$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(www\.)?ccc\.co\.il/"
-		to="https://$1ccc.co.il/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/CCC.de.xml b/src/chrome/content/rules/CCC.de.xml
new file mode 100644
index 000000000000..c72bc54181aa
--- /dev/null
+++ b/src/chrome/content/rules/CCC.de.xml
@@ -0,0 +1,89 @@
+<!--
+	Other CCC rulesets:
+		+ C3VOC.de.xml
+		+ CCCv.de.xml
+
+	Dropped:
+		- noc.events (fixed by this ruleset)
+		- tracker.media
+
+	Expired certificate:
+		- dsrad
+		- wuppa
+		- r0ket.badge.events
+
+	HTTP 403:
+		- koeln.media
+
+	Incomplete certificate chain:
+		- pads
+		- ffhh.pads
+		- www.pads
+
+	Invalid certificate:
+		- wiki.chaosradio
+		- irc.darmstadt.ccc.de
+		- www.duesseldorf
+		- frankfurt
+		- ftp.media
+		- upload.media
+		- gost.hannover
+		- www.hannover
+		- wahlcomputer
+
+	Shows wuppa:
+		- dasalte
+		- halfnarp.events
+-->
+
+<ruleset name="CCC.de (partial)">
+	<target host="ccc.de" />
+	<target host="www.ccc.de" />
+	<target host="ds.ccc.de" />
+	<target host="events.ccc.de" />
+	<target host="noc.events.ccc.de" />
+	<target host="noc.ccc.de" />
+	<target host="rad1o.badge.events.ccc.de" />
+	<target host="tickets.events.ccc.de" />
+	<target host="abmahnbeantworter.ccc.de" />
+	<target host="aachen.ccc.de" />
+	<target host="berlin.ccc.de" />
+	<target host="chaosradio.ccc.de" />
+	<target host="blog.chaosradio.ccc.de" />
+	<target host="ftp.darmstadt.ccc.de" />
+	<target host="darmstadt.ccc.de" />
+	<target host="dresden.ccc.de" />
+	<target host="ftp.ccc.de" />
+	<target host="giessen.ccc.de" />
+	<target host="eh2003.hamburg.ccc.de" />
+	<target host="hamburg.ccc.de" />
+	<target host="www.hamburg.ccc.de" />
+	<target host="hannover.ccc.de" />
+	<target host="karlsruhe.ccc.de" />
+	<target host="kassel.ccc.de" />
+	<target host="koeln.ccc.de" />
+	<target host="www.koeln.ccc.de" />
+	<target host="api.koeln.ccc.de" />
+	<target host="wiki.koeln.ccc.de" />
+	<target host="ulm.ccc.de" />
+	<target host="www.ulm.ccc.de" />
+	<target host="media.ccc.de" />
+	<target host="api.media.ccc.de" />
+	<target host="app.media.ccc.de" />
+	<target host="berlin.media.ccc.de" />
+	<target host="cdn.media.ccc.de" />
+	<target host="cdn-api.media.ccc.de" />
+	<target host="berlin.ftp.media.ccc.de" />
+	<target host="darmstadt.ftp.media.ccc.de" />
+	<target host="koeln.ftp.media.ccc.de" />
+	<target host="search.media.ccc.de" />
+	<target host="static.media.ccc.de" />
+	<target host="streaming.media.ccc.de" />
+	<target host="subtitles.media.ccc.de" />
+	<target host="tor.ccc.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://noc\.events\.ccc\.de/" to="https://ds.ccc.de/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CCC.xml b/src/chrome/content/rules/CCC.xml
deleted file mode 100644
index e25a06f36531..000000000000
--- a/src/chrome/content/rules/CCC.xml
+++ /dev/null
@@ -1,26 +0,0 @@
-<!--
-	Problematic subdomains:
-
-		- ^			(cert only matches www)
-		- chaosradio *
-		- blog.chaosradio *
-		- dasalte		(revoked)
-		- ds			(different data)
-
-	* Works; mismatched, CN: wiki.chaosradio.ccc.de
-
--->
-<ruleset name="ccc.de (CAcert)" platform="cacert">
-
-	<target host="ccc.de" />
-	<target host="*.ccc.de" />
-		<exclusion pattern="^http://(?:(?:blog\.)?chaosradio|desalte|ds)\.ccc\.de/" />
-
-
-	<rule from="^http://ccc\.de/"
-		to="https://www.ccc.de/" />
-
-	<rule from="^http://([^/:@\.]+)\.ccc\.de/"
-		to="https://$1.ccc.de/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/CCC_cloud.com.xml b/src/chrome/content/rules/CCC_cloud.com.xml
index daee4862cfc4..11f0384588da 100644
--- a/src/chrome/content/rules/CCC_cloud.com.xml
+++ b/src/chrome/content/rules/CCC_cloud.com.xml
@@ -1,38 +1,22 @@
 <!--
 	For other Triple C coverage, see CCC.co.il.xml.
 
-
-	Fully covered subdomains:
-
-		- (www.)
-		- istore
-		- login
-		- monitor
-		- onlinestore
-		- store
-
-
-	Observed cookie domains:
-
-		- ^
-		- .
-		- istore
-		- login
-		- monitor
-		- onlinestore
-		- store
-
 -->
 <ruleset name="CCC cloud.com">
 
 	<target host="ccccloud.com" />
-	<target host="*.ccccloud.com" />
+	<target host="istore.ccccloud.com" />
+	<target host="login.ccccloud.com" />
+	<target host="monitor.ccccloud.com" />
+	<target host="onlinestore.ccccloud.com" />
+	<target host="store.ccccloud.com" />
+	<target host="www.ccccloud.com" />
 
 
-	<securecookie host="^(?:.*\.)?ccccloud\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://((?:istore|login|monitor|onlinestore|store|www)\.)?ccccloud\.com/"
-		to="https://$1ccccloud.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/CCCure.com.xml b/src/chrome/content/rules/CCCure.com.xml
new file mode 100644
index 000000000000..a8e8220ee81f
--- /dev/null
+++ b/src/chrome/content/rules/CCCure.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Other Clément Dupuis rulesets:
+
+		- CCCure.org.xml
+		- CCCure.training.xml
+		- Free_practice_tests.org.xml
+
+
+	Mixed content:
+
+		- Images from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="CCCure.com">
+
+	<target host="cccure.com" />
+	<target host="www.cccure.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CCCure.org.xml b/src/chrome/content/rules/CCCure.org.xml
new file mode 100644
index 000000000000..f1ae92127b55
--- /dev/null
+++ b/src/chrome/content/rules/CCCure.org.xml
@@ -0,0 +1,34 @@
+<!--
+	For other Clément Dupuis coverage, see CCCure.com.xml.
+
+
+	Mixed content:
+
+		- Images, from:
+
+			- www ¹
+			- www.acunetix.com ¹
+			- www.aayaamlabs.com ²
+			- www.cccure.info ³
+
+		- Ads/bugs from:
+
+			- professionalsecuritytesters.org ⁴
+			- cdn.widgetserver.com ¹
+
+	¹ Secured by us
+	² Unsecurable <= plaintext reply
+	³ Unsecurable <= shows cdupuis2.arvixevps.com
+	⁴ Not secured by us <= expired, self-signed
+
+-->
+<ruleset name="CCCure.org">
+
+	<target host="cccure.org" />
+	<target host="www.cccure.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CCCure.training.xml b/src/chrome/content/rules/CCCure.training.xml
new file mode 100644
index 000000000000..7f71006110b8
--- /dev/null
+++ b/src/chrome/content/rules/CCCure.training.xml
@@ -0,0 +1,9 @@
+<ruleset name="CCCure.training">
+
+	<target host="cccure.training" />
+	<target host="www.cccure.training" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CCCv.de.xml b/src/chrome/content/rules/CCCv.de.xml
new file mode 100644
index 000000000000..37cfb72991d1
--- /dev/null
+++ b/src/chrome/content/rules/CCCv.de.xml
@@ -0,0 +1,23 @@
+<!--
+	For other CCC coverage, see CCC.xml.
+
+
+	(www.)?cccv.de doesn't exist.
+
+
+	These altnames don't exist:
+
+		- www.frab.cccv.de
+
+-->
+<ruleset name="CCCv.de">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="frab.cccv.de" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CCDCoE.xml b/src/chrome/content/rules/CCDCoE.xml
index b32bb48250be..653d71603bf3 100644
--- a/src/chrome/content/rules/CCDCoE.xml
+++ b/src/chrome/content/rules/CCDCoE.xml
@@ -1,10 +1,23 @@
-<ruleset name="CCDCoE">
+<!--
+	Insecure cookies are set for these domains:
+
+		- .ccdcoe.org
+
+-->
+<ruleset name="CCDCoE.org">
 
 	<target host="ccdcoe.org" />
 	<target host="www.ccdcoe.org" />
 
 
-	<rule from="^http://(www\.)?ccdcoe\.org/"
-		to="https://$1ccdcoe.org/" />
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.ccdcoe\.org$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/CCEDK.com.xml b/src/chrome/content/rules/CCEDK.com.xml
new file mode 100644
index 000000000000..e4cab5353a4b
--- /dev/null
+++ b/src/chrome/content/rules/CCEDK.com.xml
@@ -0,0 +1,30 @@
+<!--
+	Problematic subdomains:
+
+		- ^ *
+		- news *
+
+	* Mismatched
+
+
+	Insecure cookies are set for these domains:
+
+		- www.ccedk.com
+
+-->
+<ruleset name="CCEDK.com (partial)">
+
+	<target host="ccedk.com" />
+	<target host="www.ccedk.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.ccedk\.com$" name="^session$" /-->
+
+	<securecookie host="^www\.ccedk\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CCH.xml b/src/chrome/content/rules/CCH.xml
index fd0c276de54a..d645cbeec84b 100644
--- a/src/chrome/content/rules/CCH.xml
+++ b/src/chrome/content/rules/CCH.xml
@@ -1,7 +1,6 @@
 <!--
 	Other CCH rulesets:
 
-		- CCH_Information_Solutions.xml
 		- Prosystemfx.com.xml
 
 
@@ -15,16 +14,20 @@
 <ruleset name="CCH">
 
 	<target host="cch.com" />
-	<target host="*.cch.com" />
+	<target host="www.cch.com" />
+	<target host="support.cch.com" />
+	<target host="www.support.cch.com" />
 	<target host="cchgroup.com" />
-	<target host="*.cchgroup.com" />
+	<target host="www.cchgroup.com" />
+	<target host="tax.cchgroup.com" />
+	<target host="www.tax.cchgroup.com" />
+	<target host="prosystemfxsupport.tax.cchgroup.com" />
+	<target host="stage.prosystemfxsupport.tax.cchgroup.com" />
 
 
 	<securecookie host=".*\.cch(?:group)?\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?cch\.com/"
-		to="https://$1cch.com/" />
 
 	<rule from="^http://(?:www\.)?support\.cch\.com/"
 		to="https://support.cch.com/" />
@@ -35,7 +38,6 @@
 	<rule from="^http://(?:www\.)?tax\.cchgroup\.com/"
 		to="https://tax.cchgroup.com/" />
 
-	<rule from="^http://(stage\.)?prosystemfxsupport\.tax\.cchgroup\.com/"
-		to="https://$1prosystemfxsupport.tax.cchgroup.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CCH_Information_Solutions.xml b/src/chrome/content/rules/CCH_Information_Solutions.xml
deleted file mode 100644
index 2346488b6741..000000000000
--- a/src/chrome/content/rules/CCH_Information_Solutions.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	For other CCH coverage, see CCH.xml.
-
--->
-<ruleset name="CCH Information Solutions">
-
-	<target host="cchcatalog.com" />
-	<target host="*.cchcatalog.com" />
-
-
-	<securecookie host="^(?:w*\.)?cchcatalog\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?cchcatalog\.com/"
-		to="https://$1cchcatalog.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/CCIA.xml b/src/chrome/content/rules/CCIA.xml
index 0ea121b698cc..1970a178e09c 100644
--- a/src/chrome/content/rules/CCIA.xml
+++ b/src/chrome/content/rules/CCIA.xml
@@ -1,4 +1,4 @@
-<ruleset name="CCIA">
+<ruleset name="CCIAnet.org">
 
 	<target host="ccianet.org" />
 	<target host="www.ccianet.org" />
@@ -7,7 +7,7 @@
 	<securecookie host="^(?:www\.)?ccianet\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?ccianet\.org/"
-		to="https://$1ccianet.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/CCRjustice.org.xml b/src/chrome/content/rules/CCRjustice.org.xml
index 019c466901bc..01e768be4066 100644
--- a/src/chrome/content/rules/CCRjustice.org.xml
+++ b/src/chrome/content/rules/CCRjustice.org.xml
@@ -1,13 +1,17 @@
-<ruleset name="Center for Constitutional Rights ">
+<!--
+	Center for Constitutional Rights
+
+-->
+<ruleset name="CCRjustice.org">
 
 	<target host="ccrjustice.org" />
-	<target host="*.ccrjustice.org" />
+	<target host="www.ccrjustice.org" />
 
 
 	<securecookie host="^(?:w*\.)?ccrjustice\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?ccrjustice\.org/"
-		to="https://$1ccrjustice.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/CCS-problematic.xml b/src/chrome/content/rules/CCS-problematic.xml
deleted file mode 100644
index 07cde3b0b763..000000000000
--- a/src/chrome/content/rules/CCS-problematic.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	For rules that are on by default, see CCS.xml.
-
--->
-<ruleset name="CCS (problematic)" default_off="mismatched">
-
-	<target host="blog.ccs.com" />
-	<target host="jobs.ccs.com" />
-	<target host="reviews.ccs.com" />
-
-
-	<rule from="^http://(blog|jobs|reviews)\.ccs\.com/"
-		to="https://$1.ccs.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/CCS.xml b/src/chrome/content/rules/CCS.xml
index 619c9b4bca4f..4ea156425079 100644
--- a/src/chrome/content/rules/CCS.xml
+++ b/src/chrome/content/rules/CCS.xml
@@ -1,67 +1,69 @@
-<!--
-	For problematic rules, see CCS-problematic.xml.
 
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://images.ccs.com/ => https://images.ccs.com/: (6, 'Could not resolve host: images.ccs.com')
+Fetch error: http://m.ccs.com/ => https://m.ccs.com/: (6, 'Could not resolve host: m.ccs.com')
 
 	For other Foot Locker coverage, see Foot_Locker_Inc.xml.
 
 
-	Nonfunctional subdomains:
-
-		- dailysweeps
-
-
-	Problematic subdomains:
-
-		- ^		(mismatched)
-		- blog		(works, mismatched, CN: www.webhero.com)
-		- ebm.e		(mismatched, CN: ebm.cheetahmail.com)
-		- f.e		(mismatched, CN: *.chtah.com)
-		- jobs *
-		- reviews *
+	Nonfunctional hosts in *ccs.com:
 
+		- blog ʳ
+		- dailysweeps ʳ
+		- ebm.e ʳ
+		- f.e ʳ
+		- jobs ʳ
+		- reviews ʳ
 
-	* Works, akamai
+	ʳ Refused
 
 
-	Fully covered subdomains:
+	^ccs.com: Refused
 
-		- (www.)	(^ → www)
-		- ebm.e		(→ ebm.cheetahmail.com)
-		- f.e		(→ f.chtah.com)
-		- images
-		- m
-		- shop
 
+	Insecure cookies are set for these domains and hosts:
 
-	Targets solely for wildcard cookies:
-
-		- *.shop.ccs.com
-
-
-	Mixed data are only images and so shouldn't be a problem.
+		- .ccs.com
+		- shop.ccs.com
+		- .shop.ccs.com
 
 -->
-<ruleset name="CCS (partial)">
+<ruleset name="CCS.com (partial)" default_off="failed ruleset test">
 
+	<!--	Direct rewrites:
+				-->
+	<target host="images.ccs.com" />
+	<target host="m.ccs.com" />
+	<target host="shop.ccs.com" />
+	<target host="www.ccs.com" />
+
+	<!--	Complications:
+				-->
 	<target host="ccs.com" />
-	<target host="*.ccs.com" />
-	<target host="*.e.ccs.com" />
-	<target host="*.shop.ccs.com" />
+	<target host="ebm.e.ccs.com" />
+	<target host="f.e.ccs.com" />
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.ccs\.com$" name="^(?:incap_ses_\d+_\d+|nlbi_\d+|visid_incap_\d+)$" /-->
+	<!--securecookie host="^shop\.ccs\.com$" name="^___utmv[abm]\w+$" /-->
+	<!--securecookie host="^\.shop\.ccs\.com$" name="^(?:GEOBANNERS|frontend)$" /-->
 
-	<securecookie host="^.*\.ccs\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?ccs\.com/"
+	<rule from="^http://ccs\.com/"
 		to="https://www.ccs.com/" />
 
-	<rule from="^https?://ebm\.e\.ccs\.com/"
+	<rule from="^http://ebm\.e\.ccs\.com/"
 		to="https://ebm.cheetahmail.com/" />
 
-	<rule from="^https?://f\.e\.ccs\.com/"
+	<rule from="^http://f\.e\.ccs\.com/"
 		to="https://f.chtah.com/" />
 
-	<rule from="^http://(images|m|shop)\.ccs\.com/"
-		to="https://$1.ccs.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/CCleaner.com.xml b/src/chrome/content/rules/CCleaner.com.xml
new file mode 100644
index 000000000000..395ee2f8ec60
--- /dev/null
+++ b/src/chrome/content/rules/CCleaner.com.xml
@@ -0,0 +1,18 @@
+<!--
+	Invalid Certificate:
+		forum.ccleaner.com
+		support.ccleaner.com
+		web1.web.ccleaner.com
+-->
+<ruleset name="CCleaner.com">
+	<target host="ccleaner.com" />
+	<target host="www.ccleaner.com" />
+	<target host="download.ccleaner.com" />
+	<target host="s1.ccleaner.com" />
+	<target host="secure.ccleaner.com" />
+	<target host="web.ccleaner.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CDG_Commerce.com.xml b/src/chrome/content/rules/CDG_Commerce.com.xml
new file mode 100644
index 000000000000..8ec818d0638a
--- /dev/null
+++ b/src/chrome/content/rules/CDG_Commerce.com.xml
@@ -0,0 +1,40 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cdgcommerce.com/ => https://cdgcommerce.com/: Too many redirects while fetching 'https://cdgcommerce.com/'
+Fetch error: http://myapp.cdgcommerce.com/ => https://myapp.cdgcommerce.com/: Too many redirects while fetching 'https://myapp.cdgcommerce.com/'
+Fetch error: http://www.cdgcommerce.com/ => https://www.cdgcommerce.com/: Too many redirects while fetching 'https://www.cdgcommerce.com/'
+
+	Fully covered subdomains:
+
+		- (www.)?
+		- myapp
+		- secure
+
+
+	Insecure cookies are set for these hosts:
+
+		- cdgcommerce.com
+		- myapp.cdgcommerce.com
+		- www.cdgcommerce.com
+
+-->
+<ruleset name="CDG Commerce.com" default_off="failed ruleset test">
+
+	<target host="cdgcommerce.com" />
+	<target host="myapp.cdgcommerce.com" />
+	<target host="secure.cdgcommerce.com" />
+	<target host="www.cdgcommerce.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(myapp\.|www\.)?cdgcommerce\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^(?:myapp\.|www\.)?cdgcommerce\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CDIC-SADC.xml b/src/chrome/content/rules/CDIC-SADC.xml
new file mode 100644
index 000000000000..9abea24610b5
--- /dev/null
+++ b/src/chrome/content/rules/CDIC-SADC.xml
@@ -0,0 +1,11 @@
+<!--
+	Chain issue, missing intermediate:
+		- sfp.cdic.ca
+-->
+
+<ruleset name="CDIC-SADC">
+	<target host="www.cdic.ca" />
+	<target host="www.sadc.ca" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CDJapan.xml b/src/chrome/content/rules/CDJapan.xml
new file mode 100644
index 000000000000..84aa64c0324d
--- /dev/null
+++ b/src/chrome/content/rules/CDJapan.xml
@@ -0,0 +1,13 @@
+<ruleset name="CDJapan">
+	<target host="cdjapan.co.jp" />
+	<target host="www.cdjapan.co.jp" />
+	<target host="ebbwv.cdjapan.co.jp" />
+	<target host="prebbwv.cdjapan.co.jp" />
+	<target host="prepaidsim.cdjapan.co.jp" />
+	<target host="rental.cdjapan.co.jp" />
+	<target host="st.cdjapan.co.jp" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CDMediaWorld.com.xml b/src/chrome/content/rules/CDMediaWorld.com.xml
new file mode 100644
index 000000000000..4f114be511d9
--- /dev/null
+++ b/src/chrome/content/rules/CDMediaWorld.com.xml
@@ -0,0 +1,21 @@
+<!--
+	SSL protocol error:
+		- mail
+		- smtp
+-->
+
+<ruleset name="CDMediaWorld.com">
+	<target host="cdmediaworld.com" />
+	<target host="www.cdmediaworld.com" />
+	<target host="bttb.cdmediaworld.com" />
+	<target host="files.cdmediaworld.com" />
+	<target host="files2.cdmediaworld.com" />
+	<target host="gfx.cdmediaworld.com" />
+	<target host="lw1.cdmediaworld.com" />
+	<target host="search.cdmediaworld.com" />
+	<target host="ww2.cdmediaworld.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CDN-Apple.com.xml b/src/chrome/content/rules/CDN-Apple.com.xml
new file mode 100644
index 000000000000..81229ec6aa63
--- /dev/null
+++ b/src/chrome/content/rules/CDN-Apple.com.xml
@@ -0,0 +1,10 @@
+<!--
+	For other Apple coverage, see Apple.com.xml.
+-->
+<ruleset name="CDN-Apple.com">
+	<target host="hrweb.cdn-apple.com" />
+	<target host="reserve.cdn-apple.com" />
+	<target host="store.storeimages.cdn-apple.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CDN-Redfin.com.xml b/src/chrome/content/rules/CDN-Redfin.com.xml
new file mode 100644
index 000000000000..a63dfb7e6b9e
--- /dev/null
+++ b/src/chrome/content/rules/CDN-Redfin.com.xml
@@ -0,0 +1,19 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ssl.cdn-redfin.com/ => https://ssl.cdn-redfin.com/: Too many redirects while fetching 'https://ssl.cdn-redfin.com/'
+
+	For other Redfin coverage, see Redfin.com.xml.
+
+-->
+<ruleset name="CDN-Redfin.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ssl.cdn-redfin.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CDN77.com-problematic.xml b/src/chrome/content/rules/CDN77.com-problematic.xml
index 977c70028447..5911243153e4 100644
--- a/src/chrome/content/rules/CDN77.com-problematic.xml
+++ b/src/chrome/content/rules/CDN77.com-problematic.xml
@@ -10,4 +10,4 @@
 	<rule from="^http://([\w\-])\.r\.cdn77\.net/"
 		to="https://$1.r.cdn77.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/CDN77.com.xml b/src/chrome/content/rules/CDN77.com.xml
index 0f9c969ff967..502862993bbe 100644
--- a/src/chrome/content/rules/CDN77.com.xml
+++ b/src/chrome/content/rules/CDN77.com.xml
@@ -28,4 +28,4 @@
 	<rule from="^http://([\w-]+)\.r\.worldssl\.net/"
 		to="https://$1.r.worldssl.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/CDNST.NET.xml b/src/chrome/content/rules/CDNST.NET.xml
index 133b84ee482c..f4c8abdde851 100644
--- a/src/chrome/content/rules/CDNST.NET.xml
+++ b/src/chrome/content/rules/CDNST.NET.xml
@@ -1,10 +1,10 @@
-<ruleset name="CDNST.NET" default_off="mismatch">
+<ruleset name="CDNST.NET" default_off="mismatched">
 
 	<!--	Cert: edgecastcdn.net	-->
 	<target host="tiles.cdnst.net" />
 
 
-	<rule from="^http://tiles\.cdnst\.net/"
-		to="https://tiles.cdnst.net/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/CDN_Instagram.com.xml b/src/chrome/content/rules/CDN_Instagram.com.xml
new file mode 100644
index 000000000000..60caf822b68f
--- /dev/null
+++ b/src/chrome/content/rules/CDN_Instagram.com.xml
@@ -0,0 +1,15 @@
+<!--
+	For other Instagram coverage, see Instagr.am.xml.
+
+-->
+<ruleset name="CDN Instagram.com">
+
+	<target host="scontent.cdninstagram.com" />
+	<target host="scontent-a.cdninstagram.com" />
+	<target host="scontent-b.cdninstagram.com" />
+	<target host="scontent-frt3-2.cdninstagram.com" />
+	<target host="scontent-frx5-1.cdninstagram.com" />
+
+	<rule from="^http:"	to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CDNetworks.com.sg.xml b/src/chrome/content/rules/CDNetworks.com.sg.xml
new file mode 100644
index 000000000000..71f54323803d
--- /dev/null
+++ b/src/chrome/content/rules/CDNetworks.com.sg.xml
@@ -0,0 +1,14 @@
+<!--
+	Related:
+		CDNetworks.com.xml
+		cdngc.net.xml
+
+	Refused:
+		^
+-->
+<ruleset name="CDNetworks.com.sg">
+	<target host="cdnetworks.com.sg"/>
+	<target host="www.cdnetworks.com.sg"/>
+
+	<rule from="^http://(www\.)?cdnetworks\.com\.sg/" to="https://www.cdnetworks.com.sg/" />
+</ruleset>
diff --git a/src/chrome/content/rules/CDNetworks.com.xml b/src/chrome/content/rules/CDNetworks.com.xml
new file mode 100644
index 000000000000..46509a0627dc
--- /dev/null
+++ b/src/chrome/content/rules/CDNetworks.com.xml
@@ -0,0 +1,38 @@
+<!--
+	Related:
+		CDNetworks.com.sg.xml
+		cdngc.net.xml
+
+	404:
+		www.cdnetworks.co.jp
+
+	Expired：
+		pantherexpress.net
+		www.pantherexpress.net
+
+	Failed:
+		landing.cdnetworks.com
+		apache.mirror.cdnetworks.com
+		centos.mirror.cdnetworks.com
+
+	Mismatch:
+		www.cn.cdnetworks.com
+		org-www.jp.cdnetworks.com
+		www.jp.cdnetworks.com
+		cdnetworks.co.jp
+-->
+<ruleset name="CDNetworks.com">
+	<target host="cdnetworks.com"/>
+	<target host="www.cdnetworks.com"/>
+	<target host="de.cdnetworks.com"/>
+	<target host="emea.cdnetworks.com"/>
+	<target host="fi.cdnetworks.com"/>
+	<target host="fr.cdnetworks.com"/>
+	<target host="it.cdnetworks.com"/>
+	<target host="ocsp.kr.cdnetworks.com"/>
+	<target host="www.kr.cdnetworks.com"/>
+	<target host="nl.cdnetworks.com"/>
+	<target host="pantherportal.cdnetworks.com"/>
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CDNetworks.xml b/src/chrome/content/rules/CDNetworks.xml
deleted file mode 100644
index fa15140d90ef..000000000000
--- a/src/chrome/content/rules/CDNetworks.xml
+++ /dev/null
@@ -1,47 +0,0 @@
-<!--
-	CDN buckets:
-
-		- clicktalecdn.sslcs.cdngc.net
-
-
-	Nonfunctional:
-
-		- (www.)cdnetworks.com		(cert: *.pantherssl.com; shows blank page)
-		- landing.cdnetworks.com	(interrupted)
-
-
-	ToDo: discover CDN scheme
-
--->
-<ruleset name="CDNetworks (partial)">
-
-	<target host="ssl.cdngc.net" />
-	<target host="ssl2.cdngc.net" />
-	<target host="pantherportal.cdnetworks.com"/>
-	<target host="cdnetworks.co.jp"/>
-	<target host="*.sslcs.cdngc.net" />
-	<target host="pantherexpress.net"/>
-	<target host="www.pantherexpress.net"/>
-	<target host="*.pantherssl.com"/>
-
-	<securecookie host="^pantherportal\.cdnetworks\.com$" name=".*"/>
-
-	<rule from="^http://ssl(2)?\.cdngc\.net/"
-		to="https://ssl$1.cdngc.net/" />
-
-	<rule from="^http://cdnetworks\.co\.jp/$"
-		to="https://www.cdnetworks.co.jp/"/>
-
-	<rule from="^http://pantherportal\.cdnetworks\.com/"
-		to="https://pantherportal.cdnetworks.com/"/>
-
-	<rule from="^http://([\w-]+)\.sslcs\.cdngc\.net/"
-		to="https://$1.sslcs.cdngc.net/" />
-
-	<rule from="^http://(www\.)?pantherexpress\.net/"
-		to="https://$1pantherexpress.net/"/>
-
-	<rule from="^http://([\w\-]+)\.pantherssl\.com/"
-		to="https://$1.pantherssl.com/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/CDNpark.com.xml b/src/chrome/content/rules/CDNpark.com.xml
new file mode 100644
index 000000000000..6e414622c9c2
--- /dev/null
+++ b/src/chrome/content/rules/CDNpark.com.xml
@@ -0,0 +1,19 @@
+<!--
+	Problematic hosts in *cdnpark.com:
+
+		- i *
+
+	* Expired
+
+-->
+<ruleset name="CDNpark.com" default_off="expired">
+
+	<target host="i.cdnpark.com" />
+
+		<test url="http://i.cdnpark.com/themes/assets/style.css" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CDON.COM.xml b/src/chrome/content/rules/CDON.COM.xml
index e60ed54d332e..9f0592921660 100644
--- a/src/chrome/content/rules/CDON.COM.xml
+++ b/src/chrome/content/rules/CDON.COM.xml
@@ -1,3 +1,7 @@
+<!--
+	cdon.se subdomains are handled in cdon.se.xml
+
+-->
 <ruleset name="CDON.COM" platform="mixedcontent">
 
 	<target host="cdon.dk"/>
@@ -8,16 +12,14 @@
 	<target host="www.cdon.fi"/>
 	<target host="cdon.no"/>
 	<target host="www.cdon.no"/>
-	<target host="cdon.se"/>
-	<target host="www.cdon.se"/>
 	<target host="s.cdon.com"/>
 
 
-	<securecookie host="^cdon\.(?:dk|eu|fi|no|se)$" name=".+" />
+	<securecookie host="^cdon\.(?:dk|eu|fi|no)$" name=".+" />
 
 
-	<rule from="^http://(?:www)?cdon\.(dk|eu|fi|no|se)/"
-		to="https://cdon.$1/"/>
+	<rule from="^http://(www\.)?cdon\.(dk|eu|fi|no)/"
+		to="https://cdon.$2/"/>
 
 	<rule from="^http://s\.cdon\.com/"
 		to="https://s.cdon.com/"/>
diff --git a/src/chrome/content/rules/CDS-Global-mismatches.xml b/src/chrome/content/rules/CDS-Global-mismatches.xml
index fb6974117609..9a48115172c7 100644
--- a/src/chrome/content/rules/CDS-Global-mismatches.xml
+++ b/src/chrome/content/rules/CDS-Global-mismatches.xml
@@ -2,16 +2,16 @@
 	See CDS-Global.xml for rules that are on by default.
 
 -->
-<ruleset name="CDS Global (mismatches)" default_off="mismatch">
+<ruleset name="CDS Global (mismatches)" default_off="mismatched">
 
 	<!--	Cert: w1.buysub.com	-->
 	<target host="buysub.com"/>
 
 
-	<securecookie host="^buysub\.com$" name=".*" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^http://buysub\.com/"
-		to="https://buysub.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/CDS-Global.xml b/src/chrome/content/rules/CDS-Global.xml
index e5fa5d8bec3a..6aecc93f1259 100644
--- a/src/chrome/content/rules/CDS-Global.xml
+++ b/src/chrome/content/rules/CDS-Global.xml
@@ -2,33 +2,31 @@
 	See CDS-Global-mismatches.xml for problematic rules.
 
 
-	Nonfunctional:
-
-		- cds-global.com        (times out)
-
 -->
 <ruleset name="CDS Global (partial)">
 
 	<target host="w1.buysub.com" />
+	<target host="cds-global.com" />
+	<target host="www.cds-global.com" />
 	<target host="mycdsglobal.com" />
-	<!--	* for cross-domain cookie.	-->
-	<target host="*.mycdsglobal.com" />
+	<target host="sso.mycdsglobal.com" />
+	<target host="www.mycdsglobal.com" />
 
+		<!--	Sets cookies without Secure:
+							-->
+		<!--test url="http://sso.mycdsglobal.com/openam/UI/Login?goto=https%3A%2F%2Fwww.mycdsglobal.com%2F%2F" /-->
 
-	<securecookie host="^w1\.buysub\.com$" name=".*" />
-	<securecookie host="^(sso)?\.mycdsglobal\.com$" name=".*" />
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.mycdsglobal\.com$" name="^(?:AMAuthCookie|amlbcookie)$" /-->
+	<!--securecookie host="^sso\.mycdsglobal\.com$" name="^APLBCOOKIE$" /-->
 
-	<rule from="^http://w1\.buysub\.com/"
-		to="https://w1.buysub.com/" />
+	<securecookie host="^w1\.buysub\.com$" name=".+" />
+	<securecookie host="^(?:sso)?\.mycdsglobal\.com$" name=".+" />
 
-	<!--	Cert doesn't match !www.
-		This is what the server does,
-		sans-https.	-->
-	<rule from="^https?://mycdsglobal\.com/"
-		to="https://www.mycdsglobal.com//" />
 
-	<rule from="^http://(sso|www)\.mycdsglobal\.com/"
-		to="https://$1.mycdsglobal.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/CDT.xml b/src/chrome/content/rules/CDT.xml
deleted file mode 100644
index aa351930a0df..000000000000
--- a/src/chrome/content/rules/CDT.xml
+++ /dev/null
@@ -1,27 +0,0 @@
-<!--
-	Other Center for Democracy & Technology rulesets:
-
-		- We_Need_to_Know.info.xml
-
--->
-<ruleset name="Center for Democracy &amp; Technology">
-
-	<target host="cdt.org" />
-	<!--	* for cross-domain cookie.	-->
-	<target host="*.cdt.org" />
-	<target host="notwithoutawarrant.com" />
-	<target host="www.notwithoutawarrant.com" />
-
-
-	<securecookie host="^\.cdt\.org$" name=".*" />
-
-
-	<!--	Cert only matches www.	-->
-	<rule from="^https?://(?:www\.)?cdt\.org/"
-		to="https://www.cdt.org/" />
-
-	<rule from="^http://(www\.)?notwithoutawarrant\.com/"
-		to="https://$1notwithoutawarrant.com/" />
-
-
-</ruleset>
diff --git a/src/chrome/content/rules/CDTFA.ca.gov.xml b/src/chrome/content/rules/CDTFA.ca.gov.xml
new file mode 100644
index 000000000000..fa04da8ef7f9
--- /dev/null
+++ b/src/chrome/content/rules/CDTFA.ca.gov.xml
@@ -0,0 +1,25 @@
+<!--
+	Refused:
+		- autodiscover.cdtfa.ca.gov
+		- campaign.cdtfa.ca.gov
+		- testcampaign.cdtfa.ca.gov
+
+	Mismatched:
+		- mail.cdtfa.ca.gov
+		- maps.cdtfa.ca.gov
+		- temp.cdtfa.ca.gov
+-->
+<ruleset name="CDTFA.ca.gov">
+	<target host="cdtfa.ca.gov" />
+	<target host="www.cdtfa.ca.gov" />
+	<target host="fs.cdtfa.ca.gov" />
+	<target host="gis.cdtfa.ca.gov" />
+	<target host="www.gis.cdtfa.ca.gov" />
+	<target host="onlineservices.cdtfa.ca.gov" />
+	<target host="services.gis.cdtfa.ca.gov" />
+	<target host="prodsimservices.cdtfa.ca.gov" />
+	<target host="services.cdtfa.ca.gov" />
+	<target host="testservices2.cdtfa.ca.gov" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CD_ROM_Land.nl.xml b/src/chrome/content/rules/CD_ROM_Land.nl.xml
new file mode 100644
index 000000000000..9039216fb6a5
--- /dev/null
+++ b/src/chrome/content/rules/CD_ROM_Land.nl.xml
@@ -0,0 +1,16 @@
+<ruleset name="CD ROM Land.nl">
+
+	<target host="cdromland.nl" />
+	<target host="www.cdromland.nl" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?cdromland\.nl$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^(?:www\.)?cdromland\.nl$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CD_Universe.xml b/src/chrome/content/rules/CD_Universe.xml
index c5265e6ebcd8..5332ea605ec7 100644
--- a/src/chrome/content/rules/CD_Universe.xml
+++ b/src/chrome/content/rules/CD_Universe.xml
@@ -6,21 +6,56 @@
 
 	Problematic domains:
 
-		- cduniverse.com	(cert only matches www)
 		- i.cduniverse.ws	(cert only matches .com)
 
+
+	Partially covered domains:
+
+		- (www.)cduniverse.com *
+		- g.cduniverse.com *
+
+	* Some pages redirect to http
+
+
+	Fully covered domains:
+
+		- c3.cduniverse.ws
+		- i.cduniverse.ws	(→ www.cduniverse.ws)
+
 -->
 <ruleset name="CD Universe (partial)">
 
 	<target host="cduniverse.com" />
+	<target host="g.cduniverse.com" />
 	<target host="www.cduniverse.com" />
+		<!--
+			Redirect to http:
+						-->
+		<exclusion pattern="^http://g\.cduniverse\.com/Default\.asp" />
+		<!--exclusion pattern="^http://www\.cduniverse\.com/(a|browsecat|charts|checkout/cart|default|giftcert/giftcertmain|help/help|lyrics|partner/(email/affmp3email|partner|partner_commission|partner_datafeed|partner_faq|partner_glossary|partnerhowto|partner_reportshelp|partner_webservices)|productinfo|promo/feature|sresult)\.asp" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.cduniverse\.com/(?!checkout/(?:account|allorderdisp|changepassword|orderstatus)\.asp|favicon\.ico|FooterIFrame\.asp|footer/footermusic\.html|help/contact\.asp|(?:\w+/)?images/|login\.asp|partner/(?:menu|partner)form\.asp|stylesheet\.css|wishlist\.asp)" />
+		<!--exclusion pattern="^http://g\.cduniverse\.com/(?!images/)" /-->
+	<target host="c3.cduniverse.ws" />
 	<target host="i.cduniverse.ws" />
 
 
-	<rule from="^https?://(?:www\.)?cduniverse\.com/(checkout/account\.asp|FooterIFrame\.asp|(?:\w+/)?images/|login\.asp)"
-		to="https://www.cduniverse.com/$1" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.cduniverse\.com$" name="^(SDataP|SDataS|SKey)$" /-->
+	<!--securecookie host="^(g|www)\.cduniverse\.com$" name="^ShipPrefs$" /-->
+	<!--securecookie host="^www\.cduniverse\.com$" name="^(HTSearchInfoFocusCtrl|TabsSeen|refcode)$" /-->
+
+
+	<securecookie host="^g\.cduniverse\.com$" name=".+" />
+
+
+
 
-	<rule from="^https?://i\.cduniverse\.ws/"
+	<rule from="^http://i\.cduniverse\.ws/"
 		to="https://www.cduniverse.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CEDIA.org.ec.xml b/src/chrome/content/rules/CEDIA.org.ec.xml
new file mode 100644
index 000000000000..e3763db594dc
--- /dev/null
+++ b/src/chrome/content/rules/CEDIA.org.ec.xml
@@ -0,0 +1,34 @@
+<!--
+	Nonfunctional subdomains:
+
+		- britannica ¹
+		- cepra ¹
+		- mirror ²
+
+	¹ Shows www
+	² Dropped
+
+
+	Insecure cookies are set for these hosts:
+
+		- cedia.org.ec
+		- www.cedia.org.ec
+
+-->
+<ruleset name="CEDIA.org.ec (partial)">
+
+	<target host="cedia.org.ec" />
+	<target host="www.cedia.org.ec" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?cedia\.org\.ec$" name="^[\da-f]{32}$" /-->
+
+	<securecookie host="^(?:www\.)?cedia\.org\.ec$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CERIT-SC.cz.xml b/src/chrome/content/rules/CERIT-SC.cz.xml
new file mode 100644
index 000000000000..2b50eddedbcf
--- /dev/null
+++ b/src/chrome/content/rules/CERIT-SC.cz.xml
@@ -0,0 +1,20 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cerit-sc.cz/ => https://cerit-sc.cz/: (35, 'Unknown SSL protocol error in connection to cerit-sc.cz:443 ')
+Fetch error: http://docs.cerit-sc.cz/ => https://docs.cerit-sc.cz/: (51, "SSL: no alternative certificate subject name matches target host name 'docs.cerit-sc.cz'")
+Fetch error: http://www.cerit-sc.cz/ => https://www.cerit-sc.cz/: (35, 'Unknown SSL protocol error in connection to www.cerit-sc.cz:443 ')
+
+	For other Masaryk University coverage, see Muni.cz.xml.
+
+-->
+<ruleset name="CERIT-SC.cz" default_off="failed ruleset test">
+
+	<target host="cerit-sc.cz" />
+	<target host="docs.cerit-sc.cz" />
+	<target host="www.cerit-sc.cz" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CERIT.cz.xml b/src/chrome/content/rules/CERIT.cz.xml
new file mode 100644
index 000000000000..e318d3bf53b7
--- /dev/null
+++ b/src/chrome/content/rules/CERIT.cz.xml
@@ -0,0 +1,35 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://prototyp.cerit.cz/ => https://prototyp.cerit.cz/: (51, "SSL: no alternative certificate subject name matches target host name 'prototyp.cerit.cz'")
+
+	For other Masaryk University coverage, see Muni.cz.xml.
+
+
+	^cerit.cz: Dropped over http & https
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.cerit.cz
+
+-->
+<ruleset name="CERIT.cz" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="prototyp.cerit.cz" />
+	<target host="www.cerit.cz" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.cerit\.cz$" name="^webcentrumLanguage$" /-->
+
+	<securecookie host="^www\.cerit\.cz$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CERN.ch-falsemixed.xml b/src/chrome/content/rules/CERN.ch-falsemixed.xml
new file mode 100644
index 000000000000..7ff115e5afad
--- /dev/null
+++ b/src/chrome/content/rules/CERN.ch-falsemixed.xml
@@ -0,0 +1,13 @@
+<!--
+	For rules not causing false/broken MCB, see CERN.xml.
+
+-->
+<ruleset name="CERN.ch (false MCB)" platform="mixedcontent">
+
+	<target host="cvs.web.cern.ch" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CERN.ch-problematic.xml b/src/chrome/content/rules/CERN.ch-problematic.xml
index 96a02dca0174..f5310fa415e3 100644
--- a/src/chrome/content/rules/CERN.ch-problematic.xml
+++ b/src/chrome/content/rules/CERN.ch-problematic.xml
@@ -2,13 +2,19 @@
 	For rules that are on by default, see CERN.xml.
 
 -->
-<ruleset name="CERN (problematic)" default_off="self-signed">
+<ruleset name="CERN.ch (problematic)" default_off="cert-chain, mismatched, self-signed">
 
-	<target host="sft.its.cern.ch" />
-	<target host="root.cern.ch" />
+	<target host="aliceinfo.cern.ch" />
+	<target host="atlasop.cern.ch" />
+	<target host="cmsdoc.cern.ch" />
+	<target host="hie-isolde.web.cern.ch" />
+	<target host="hypernews.cern.ch" />
+	<target host="invenio-demo.cern.ch" />
+	<target host="osscvs.cern.ch" />
+	<target host="vocms0153.cern.ch" />
+	<target host="webregister.web.cern.ch" />
 
+	<rule from="^http:"
+		to="https:" />
 
-	<rule from="^http://(sft\.its|root)\.cern\.ch/"
-		to="https://$1.cern.ch/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/CERN.xml b/src/chrome/content/rules/CERN.xml
index 452c27216881..0ea7eade7b89 100644
--- a/src/chrome/content/rules/CERN.xml
+++ b/src/chrome/content/rules/CERN.xml
@@ -1,121 +1,285 @@
 <!--
-	For problematic rules, see CERN.ch-problematic.xml.
+	For rules causing false/broken MCB, see CERN.ch-falsemixed.xml.
 
+	For problematic rules, see CERN.ch-problematic.xml.
 
 	Nonfunctional domains:
+		- in *cern.ch:
+			- cdsware ʳ
+			- consult ᵃ
+			- inveniobuilder ᵈ
+			- library ᵃ
+			- line-mode ᵈ
+			- lxroot02 ᵃ
+			- opendata ᵈ
 
-		- cernvm.cern.ch	(redirects to login.cern.ch, self-signed)
-		- line-mode.cern.ch	(dropped)
-		- alpha.web.cern.ch *
-		- first-website.web.cern.ch *
-		- itssb.web.cern.ch *
-		- home.web.cern.ch	(redirects to login.cern.ch, valid cert)
-		- cerncourier.org	(redirects to http; mismatched, CN: *.iop.org)
-		- (www.)cernland.net	(prints "cernland.net does not exist"; mismatched, CN: *.infomaniak.ch)
-
-	* Redirects to login.cern.ch, valid cert
-
-
-	Problematic cern.ch subdomains:
+			- in *web:
+				- aida2020 ᵈ
+				- alice-collaboration ᵈ
+				- alpha ᵈ
+				- atlas-outreach ᵈ
+				- avc-dashboard ᵈ
+				- educard2 ᵈ
+				- first-website ᵈ
+				- gs-dep ᵈ
+				- home ᵈ
+				- information-technology ᵈ
+				- isolde-project-rilis ᵈ
+				- library ᵈ
+				- ombuds ᵈ
+				- photoclub ᵈ
+				- press ᵈ
+				- rilis ᵈ
+				- user ʰ
 
-		- bulletin *
-		- info		(404; mismatched, CN: *.web.cern.ch)
-		- sft.its **
-		- root **
-		- web *
-		- listboxservices.web *
+		- cerncourier.org ʰ
+		- (www.)?cernland.net (mismatched, prints "cernland.net does not exist")
 
-	* Mismatched, CN: www.cern.ch
-	** Works, self-signed
+	ᵃ Shows another domain
+	ʳ Refused
+	ᵈ Different content (redirects to login.cern.ch)
+	ᵈ Dropped
+	ʰ Redirects to http
 
+	Problematic hosts in *cern.ch:
+		- aliceinfo ᵘ
+		- association ᵐ
+		- atlasop ᵘ
+		- bulletin ᵐ
+		- cmsdoc ᵐ ᵘ
+		- lhcb ᵐ
+		- osscvs ᵐ
+		- hypernews ᶜ
+		- info ⁴
+		- invenio-demo ᵉ ˢ
+		- savannah ᵐ
+		- photoclub ᵐ
+		- vocms0153 ᵘ
+		- web ᵐ
+			- cvs.web ˣ
+			- hie-isolde.web ᵐ
+			- hr-dept.web ᵐ
+			- indico.web ᵐ
+			- it-dep.web ᵐ
+			- listboxservices.web ᵐ
+			- project-voisins.web ᵐ
+			- sl.web ᵐ
+			- st.web ᵐ
+			- webregister.web ᵐ
+	⁴ 404
+	ᶜ Missing certificate chain
+	ᵉ Expired
+	ᵐ Mismatched
+	ˢ Self-signed
+	ᵘ Untrusted root
+	ˣ Mixed css
 
-	Partially covered subdomains:
-
+	Partially covered hosts in *cern.ch:
 		- listboxservices.web	(→ simba3.web)
 
+	Insecure cookies are set for these hosts:
+		- account.cern.ch
+		- cds.cern.ch
+		- cdsweb.cern.ch
+		- cernvm-online.cern.ch
+		- meter.cern.ch
+		- phonebook.cern.ch
+		- svnweb.cern.ch
+		- twiki.cern.ch
+		- vmm.cern.ch
 
-	Fully covered subdomains:
-
-		- (www.)
-		- bulletin	(→ webservices.web)
-		- cds
-		- cdsweb
-		- edms
-		- ert
-		- espace
-		- indico
-		- login
-		- mtf
-		- savannah
-
-		- web subdomains:
-
-			- ^			(→ webservices.web)
-			- ab-dep-op-elogbook
-			- atlas
-			- committees
-			- education
-			- egee-uig
-			- environmental-impact
-			- framework
-			- hie-isolde
-			- hr-dept
-			- hr-info
-			- hr-recruit
-			- indico
-			- isolde
-			- isolde-project-rilis
-			- job
-			- oraweb
-			- outreach
-			- press
-			- project-voisins
-			- public
-			- service-portal
-			- simba3
-			- user
-			- webservices
-
-
-	Observed cooke domains:
-
-		- sft.its
-		- root
-		- savannah
-
-DNS Name: lxroot02.cern.ch
+		- atglance.web.cern.ch
+		- cernvm.web.cern.ch
+		- piwik.web.cern.ch
+		- printservice.web.cern.ch
+		- webservices.web.cern.ch
+		- winservices.web.cern.ch
 
+	Mixed content:
+		- css, on:
+			- cvs.web from ^cern.ch ˢ
+			- hcc.web from fonts.googleapis.com ˢ
+		- Images, on:
+			- cvs.web, lhcdashboard.web from ^cern.ch ˢ
+			- lhcdashboard.web from lhcdashboard-images.web.cern.ch ˢ
+			- lpc.web from lpc-afs.web.cern.ch ˢ
+			- care-hhh.web, project-lbs.web, totem.web from $self ˢ
+			- slhc-rip1.web, totem.web from www.cern.ch ˢ
+			- test-dmtotem.web from webregister.web.cern.ch
+		- Bugs, on:
+			- account, acc-stats.web, cds, cdsweb, lhcb.web, lhcdasboard.web, linux.web from piwik.web.cern.ch ˢ
+			- go.web from piwik-short.web.cern.ch ˢ
+			- lhc-beam-operation-committee.web from www.counter-go.de
+			- pofpa.web from m1.nedstatbasic.net
+	ˢ Secured by us
 -->
-<ruleset name="CERN (partial)">
 
+<ruleset name="CERN">
+
+	<!--	Direct rewrites:
+				-->
 	<target host="cern.ch" />
-	<target host="*.cern.ch" />
+	<target host="www.cern.ch" />
+	<target host="account.cern.ch" />
+	<target host="cds.cern.ch" />
+	<target host="cdsmedia.cern.ch" />
+	<target host="cdsweb.cern.ch" />
+	<target host="cernvm.cern.ch" />
+	<target host="cernvm-online.cern.ch" />
+	<target host="cta.cern.ch" />
+	<target host="dashboards.cern.ch" />
+	<target host="edms.cern.ch" />
+	<target host="ert.cern.ch" />
+	<target host="espace.cern.ch" />
+	<target host="espace2013.cern.ch" />
+	<target host="found.cern.ch" />
+	<target host="groups.cern.ch" />
+	<target host="indico.cern.ch" />
+	<target host="keystone.cern.ch" />
+	<target host="lbcomet.cern.ch" />
+	<target host="lbrundb.cern.ch" />
+	<target host="login.cern.ch" />
+	<target host="meter.cern.ch" />
+	<target host="mtf.cern.ch" />
+	<target host="netstat.cern.ch" />
+	<target host="openstack.cern.ch" />
+	<target host="phonebook.cern.ch" />
+	<target host="root.cern.ch" />
+	<target host="sft.its.cern.ch" />
+	<target host="sir.cern.ch" />
+	<target host="svnweb.cern.ch" />
+	<target host="twiki.cern.ch" />
+	<target host="vmm.cern.ch" />
 
+	<target host="ab-dep-op-elogbook.web.cern.ch" />
+	<!--target host="acc-stats.web.cern.ch" /-->
+	<target host="atglance.web.cern.ch" />
+	<target host="atlas.web.cern.ch" />
+	<target host="atlassec.web.cern.ch" />
+	<target host="care-hhh.web.cern.ch" />
+	<target host="cernvm.web.cern.ch" />
+	<target host="committees.web.cern.ch" />
+	<target host="commonimages.web.cern.ch" />
+	<target host="computing-images.web.cern.ch" />
+	<target host="computing-templates.web.cern.ch" />
+	<!--target host="cvs.web.cern.ch" /-->
+	<!--target host="dashboard.web.cern.ch" /-->
+	<target host="dfsweb.web.cern.ch" />
+	<target host="education.web.cern.ch" />
+	<target host="egee-uig.web.cern.ch" />
+	<target host="environmental-impact.web.cern.ch" />
+	<target host="framework.web.cern.ch" />
+	<target host="go.web.cern.ch" />
+	<target host="hcc.web.cern.ch" />
+	<target host="hccdashboard.web.cern.ch" />
+	<target host="home.web.cern.ch" />
+	<target host="hr-info.web.cern.ch" />
+	<target host="hr-recruit.web.cern.ch" />
+	<target host="info-slhc-pp.web.cern.ch" />
+	<target host="isolde.web.cern.ch" />
+	<target host="it-dep-redir.web.cern.ch" />
+	<target host="itssb.web.cern.ch" />
+	<target host="job.web.cern.ch" />
+	<target host="jobs.web.cern.ch" />
+	<target host="layout.web.cern.ch" />
+	<target host="lhc.web.cern.ch" />
+	<target host="lhcb.web.cern.ch" />
+	<target host="lhc-beam-operation-committee.web.cern.ch" />
+	<target host="lhc-commissioning.web.cern.ch" />
+	<target host="lhc-div-miwg.web.cern.ch" />
+	<target host="lhc-mpwg.web.cern.ch" />
+	<target host="lhc-statistics.web.cern.ch" />
+	<target host="lhcdashboard.web.cern.ch" />
+	<target host="lhcdashboard-images.web.cern.ch" />
+	<target host="linac4.web.cern.ch" />
+	<target host="linac4-project.web.cern.ch" />
+	<target host="linux.web.cern.ch" />
+	<target host="liuwg.web.cern.ch" />
+	<target host="lpc.web.cern.ch" />
+	<target host="lpc-afs.web.cern.ch" />
+	<target host="m.web.cern.ch" />
+	<target host="md-coord.web.cern.ch" />
+	<target host="niceadminreview.web.cern.ch" />
+	<target host="nicegraphs.web.cern.ch" />
+	<target host="op-webtools.web.cern.ch" />
+	<target host="outreach.web.cern.ch" />
+	<target host="paf.web.cern.ch" />
+	<target host="paf-ps2.web.cern.ch" />
+	<target host="paf-spsu.web.cern.ch" />
+	<target host="piwik.web.cern.ch" />
+	<target host="piwik-short.web.cern.ch" />
+	<target host="pofpa.web.cern.ch" />
+	<target host="printservice.web.cern.ch" />
+	<target host="proj-lti.web.cern.ch" />
+	<target host="project-lbs.web.cern.ch" />
+	<target host="project-slhc.web.cern.ch" />
+	<target host="public.web.cern.ch" />
+	<target host="remotedesktop.web.cern.ch" />
+	<target host="security.web.cern.ch" />
+	<target host="service-access-data.web.cern.ch" />
+	<target host="service-portal.web.cern.ch" />
+	<target host="simba3.web.cern.ch" />
+	<target host="sl-div.web.cern.ch" />
+	<target host="st-div.web.cern.ch" />
+	<target host="teacher-programmes.web.cern.ch" />
+	<target host="totem.web.cern.ch" />
+	<target host="webservices.web.cern.ch" />
+	<target host="winservices.web.cern.ch" />
 
-	<securecookie host=".*\.cern\.ch$" name=".+" />
+	<target host="home.cern" />
+	<target host="www.home.cern" />
+	<target host="alumni.cern" />
+	<target host="atlas.cern" />
+	<target host="cms.cern" />
+	<target host="hse.cern" />
+	<target host="nic.cern" />
+	<target host="press.cern" />
+	<target host="visit.cern" />
 
+	<!--	Complications:	-->
 
-	<rule from="^http://((?:association|cds|cdsweb|edms|ert|espace|indico|login|mtf|(?:ab-dep-op-elogbook|atlas|committees|education|egee-uig|environmental-impact|framework|hie-isolde|hr-dept|hr-info|hr-recruit|indico|isolde(?:-project-rilis)?|job|oraweb|outreach|press|project-voisins|public|savannah|service-portal|simba3|user|webservices)\.web|www)\.)?cern\.ch/"
-		to="https://$1cern.ch/" />
+	<target host="directory.web.cern.ch" />
+		<exclusion pattern="http://directory\.web\.cern\.ch/+(?!directory/(?:cern_toolbar/css|css|img|jquery-ui|js)/)" />
+			<!--	+ve:	-->
+			<test url="http://directory.web.cern.ch/directory/" />
+			<test url="http://directory.web.cern.ch/directory/#cds-tab" />
+			<test url="http://directory.web.cern.ch/directory/#search-tab" />
+			<test url="http://directory.web.cern.ch/directory/?6" />
+			<test url="http://directory.web.cern.ch/directory/?is" />
+			<test url="http://directory.web.cern.ch/directory/?quota" />
+			<test url="http://directory.web.cern.ch/directory/?test" />
+			<!--	-ve:	-->
+			<test url="http://directory.web.cern.ch/directory/cern_toolbar/css/toolbar.css" />
+			<test url="http://directory.web.cern.ch/directory/css/style.css" />
+			<test url="http://directory.web.cern.ch/directory/img/bullet.png" />
+			<test url="http://directory.web.cern.ch/directory/jquery-ui/jquery-ui.min.css" />
+			<test url="http://directory.web.cern.ch/directory/js/directory.js" />
+			<test url="http://directory.web.cern.ch/directory/js/bootstrap.min.js" />
 
-	<!--	Redirects like so:
-					-->
-	<rule from="^https?://bulletin\.cern\.ch/"
-		to="https://cdsweb.cern.ch/journal/CERNBulletin/" />
 
-	<!--	Redirects like so:
-					-->
-	<rule from="^https?://web\.cern\.ch/"
-		to="https://webservices.web.cern.ch/webservices/" />
+	<!--	Redirect keeps path and args,
+		but not forward slash:	-->
+	<target host="lhcb.cern.ch" />
+	<rule from="^http://lhcb\.cern\.ch/"
+		to="https://lhcb.web.cern.ch/lhcb/" />
 
-	<!--	Redirects like so:
-					-->
-	<rule from="^https?://listboxservices\.web\.cern\.ch/listboxservices/simba2/"
+	<!--	Redirects like so:	-->
+	<target host="listboxservices.web.cern.ch" />
+	<rule from="^http://listboxservices\.web\.cern\.ch/listboxservices/simba2/"
 		to="https://simba3.web.cern.ch/simba3/simba2/" />
 
-	<!--	Protocol-relative redirect from user.web:
-							-->
-	<rule from="^https://home\.web\.cern\.ch/"
-		to="http://home.web.cern.ch/" downgrade="1" />
+		<exclusion pattern="^http://listboxservices\.web\.cern\.ch/(?!listboxservices/simba2/)" />
+			<!--	+ve:	-->
+			<test url="http://listboxservices.web.cern.ch/Default.aspx" />
+			<test url="http://listboxservices.web.cern.ch/home.php" />
+			<!--	-ve:	-->
+			<test url="http://listboxservices.web.cern.ch/listboxservices/simba2/" />
+
+	<target host="st.web.cern.ch" />
+	<rule from="^http://st\.web\.cern\.ch/"
+		to="https://st-div.web.cern.ch/" />
+
+	<securecookie host=".+" name=".+" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/CERT-Bund.xml b/src/chrome/content/rules/CERT-Bund.xml
new file mode 100644
index 000000000000..064927e344b9
--- /dev/null
+++ b/src/chrome/content/rules/CERT-Bund.xml
@@ -0,0 +1,11 @@
+<ruleset name="CERT-Bund">
+    <target host="cert-bund.de" />
+    <target host="*.cert-bund.de" />
+
+    <securecookie host=".+" name=".+"/>
+
+    <rule from="^http://cert-bund\.de/"
+        to="https://www.cert-bund.de/" />
+    <rule from="^http://([^/:@]+)?\.cert-bund\.de/"
+        to="https://$1.cert-bund.de/" />
+</ruleset>
diff --git a/src/chrome/content/rules/CERT-Polska.xml b/src/chrome/content/rules/CERT-Polska.xml
index fb004b9f21ab..08d5affd843b 100644
--- a/src/chrome/content/rules/CERT-Polska.xml
+++ b/src/chrome/content/rules/CERT-Polska.xml
@@ -1,15 +1,41 @@
+<!--
+
+	Nonfunctional subdomains:
+
+		- nisha *
+
+	* Dropped
+
+
+	Observed cookie domains:
+
+		- ^
+		- .
+		- www
+
+
+	Mixed content:
+
+		- Images, from:
+
+			- $self ¹
+			- nisha ²
+
+	¹ Secured by us
+	² Unsecurable
+
+-->
 <ruleset name="CERT Polska">
 
 	<target host="cert.pl" />
+	<target host="www.cert.pl" />
 	<!--	*s for cross-domain cookies.	-->
-	<target host="*.cert.pl" />
-	<target host="*.www.cert.pl" />
 
 
-	<securecookie host="^(.*\.)?cert\.pl$" name=".*" />
+
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(www\.)?cert\.pl/"
-		to="https://$1cert.pl/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/CERT-Verbund.xml b/src/chrome/content/rules/CERT-Verbund.xml
new file mode 100644
index 000000000000..b183e1beb61c
--- /dev/null
+++ b/src/chrome/content/rules/CERT-Verbund.xml
@@ -0,0 +1,15 @@
+<!--
+	^cert-verbund.de doesn't exist.
+
+-->
+<ruleset name="CERT-Verbund.de">
+
+    <target host="*.cert-verbund.de" />
+
+		<test url="http://www.cert-verbund.de/" />
+
+    <securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CERT.at.xml b/src/chrome/content/rules/CERT.at.xml
new file mode 100644
index 000000000000..867d20a3b3a7
--- /dev/null
+++ b/src/chrome/content/rules/CERT.at.xml
@@ -0,0 +1,11 @@
+<ruleset name="CERT.at">
+    <target host="cert.at" />
+    <target host="*.cert.at" />
+
+    <securecookie host=".+" name=".+"/>
+
+    <rule from="^http://cert\.at/"
+        to="https://www.cert.at/" />
+    <rule from="^http://([^/:@]+)?\.cert\.at/"
+        to="https://$1.cert.at/" />
+</ruleset>
diff --git a/src/chrome/content/rules/CERT.fi.xml b/src/chrome/content/rules/CERT.fi.xml
index 55ba30ae3e21..9c594f64a7c1 100644
--- a/src/chrome/content/rules/CERT.fi.xml
+++ b/src/chrome/content/rules/CERT.fi.xml
@@ -1,7 +1,17 @@
 <ruleset name="CERT.fi">
-  <target host="www.cert.fi" />
-  <target host="cert.fi" />
-  <rule from="^http://www\.cert\.fi/" to="https://www.cert.fi/"/>
-  <rule from="^http://cert\.fi/" to="https://www.cert.fi/"/>
-</ruleset>
 
+	<target host="cert.fi" />
+	<target host="www.cert.fi" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.cert\.fi$" name="^(Neta\.\w+\.UserId|StatoSession0|TS[\da-f]{6})$" /-->
+
+	<securecookie host="^www\.cert\.fi$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CERT.se.xml b/src/chrome/content/rules/CERT.se.xml
index 439be616beae..65b98618f782 100644
--- a/src/chrome/content/rules/CERT.se.xml
+++ b/src/chrome/content/rules/CERT.se.xml
@@ -1,7 +1,9 @@
 <ruleset name="CERT.se">
-  <target host="www.cert.se" />
-  <target host="cert.se" />
-  <rule from="^http://www\.cert\.se/" to="https://www.cert.se/"/>
-  <rule from="^http://cert\.se/" to="https://www.cert.se/"/>
-</ruleset>
+	<target host="cert.se" />
+	<target host="www.cert.se" />
+	<target host="drop.cert.se" />
+
+	<securecookie host=".+" name=".+" />
 
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CERT.xml b/src/chrome/content/rules/CERT.xml
index c59ae9df0c29..a28078c5b365 100644
--- a/src/chrome/content/rules/CERT.xml
+++ b/src/chrome/content/rules/CERT.xml
@@ -1,21 +1,17 @@
-<!--
-	Fully covered subdomains:
-
-		- (www.)
-		- forms
-		- www.kb
-
--->
-<ruleset name="CERT">
+<ruleset name="CERT.org">
 
 	<target host="cert.org" />
-	<target host="*.cert.org" />
+	<target host="forms.cert.org" />
+	<target host="www.kb.cert.org" />
+	<target host="securecoding.cert.org" />
+	<target host="www.securecoding.cert.org" />
+	<target host="www.cert.org" />
 
 
-	<securecookie host="^(?:.+\.)?cert\.org$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(forms\.|www\.(?:kb\.)?)?cert\.org/"
-		to="https://$1cert.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/CESG.xml b/src/chrome/content/rules/CESG.xml
deleted file mode 100644
index 8b201a39dc91..000000000000
--- a/src/chrome/content/rules/CESG.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<!--
-     For other UK Government coverage, see GOV.UK.xml.
--->
-
-<ruleset name="CESG">
-    <target host="cesg.gov.uk" />
-    <target host="www.cesg.gov.uk" />
-
-    <rule from="^https?://cesg\.gov\.uk/"
-        to="https://www.cesg.gov.uk/" />
-    <rule from="^http://([^/:@]+)?\.cesg\.gov\.uk/"
-        to="https://$1.cesg.gov.uk/" />
-</ruleset>
diff --git a/src/chrome/content/rules/CESNET.xml b/src/chrome/content/rules/CESNET.xml
index 3b7038d83fcf..314baa3bda3e 100644
--- a/src/chrome/content/rules/CESNET.xml
+++ b/src/chrome/content/rules/CESNET.xml
@@ -7,15 +7,18 @@
 	^ doesn't exist
 
 -->
-<ruleset name="CESNET (partial)">
+<ruleset name="CESNET.cz (partial)">
 
-	<target host="*.cesnet.cz" />
+	<target host="csirt.cesnet.cz" />
+	<target host="metadata.cesnet.cz" />
+	<target host="registration.cesnet.cz" />
+	<target host="whoami.cesnet.cz" />
 
 
 	<securecookie host="^whoami\.cesnet\.cz$" name=".+" />
 
 
-	<rule from="^http://(csirt|registration|whoami)\.cesnet\.cz/"
-		to="https://$1.cesnet.cz/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/CETIC.be.xml b/src/chrome/content/rules/CETIC.be.xml
new file mode 100644
index 000000000000..8dda7eec1739
--- /dev/null
+++ b/src/chrome/content/rules/CETIC.be.xml
@@ -0,0 +1,61 @@
+<!--
+	Nonfunctional subdomains:
+
+		- bugtracker ¹
+		- depots ²
+		- lists ³
+		- vega ²
+
+	¹ 404
+	² Shows git.forge
+	³ Plaintext reply
+
+
+	Problematic subdomains:
+
+		- ^ ¹
+		- devel ²
+		- repository ²
+		- testaero ²
+
+	¹ Plaintext reply
+	² Expired 2013
+
+
+	Fully covered subdomains:
+
+		- (www.)?	(^ → www)
+		- cronos
+		- forge
+		- git.forge
+		- svn.forge
+		- imap
+		- smtp
+		- webmail
+
+
+	These altnames don't exist:
+
+		- event.cetic.be
+		- pommo.cetic.be
+		- testplone.cetic.be
+
+-->
+<ruleset name="CETIC.be (partial)">
+
+	<target host="cetic.be" />
+	<target host="www.cetic.be" />
+	<target host="cronos.cetic.be" />
+	<target host="forge.cetic.be" />
+	<target host="git.forge.cetic.be" />
+	<target host="svn.forge.cetic.be" />
+	<target host="smtp.cetic.be" />
+	<target host="webmail.cetic.be" />
+
+
+	<rule from="^http://(?:www\.)?cetic\.be/"
+		to="https://www.cetic.be/" />
+
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CEX.IO.xml b/src/chrome/content/rules/CEX.IO.xml
new file mode 100644
index 000000000000..b41585e684d9
--- /dev/null
+++ b/src/chrome/content/rules/CEX.IO.xml
@@ -0,0 +1,44 @@
+<!--
+	Nonfunctional subdomains:
+
+		- beginner *
+		- bitcoin *
+		- blog *
+
+	* 523, valid cert
+
+
+	Fully covered subdomains:
+
+		- (www.)
+		- exchange
+		- mining
+		- support
+		- trade
+		- ws
+
+-->
+<ruleset name="CEX.IO (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="cex.io" />
+	<target host="exchange.cex.io" />
+	<target host="mining.cex.io" />
+	<target host="support.cex.io" />
+	<target host="trade.cex.io" />
+	<target host="ws.cex.io" />
+	<target host="www.cex.io" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.cex\.io$" name="^cex-prod-session$" /-->
+
+	<securecookie host="^\.cex\.io$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CEntrance.xml b/src/chrome/content/rules/CEntrance.xml
index cd8328b55408..cf0f747a97f5 100644
--- a/src/chrome/content/rules/CEntrance.xml
+++ b/src/chrome/content/rules/CEntrance.xml
@@ -36,11 +36,10 @@
 			- store/cart.php?target=profile
 			- store/images/
 			- store/skins/
-								
+
 	<rule from="^http://(www\.)?centrance\.com/($|\?|(?:about|artists|css|i|icons|js|licensing|products|reviews)(?:$|\?|/)|store/(?:$|cart\.php\?target=cart&amp;action=(?:add|delete)|images/|skins/))"
 		to="https://$1centrance.com/$2" /-->
 
-	<rule from="^http://(www\.)?centrance\.com/"
-		to="https://$1centrance.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/CFEngine.xml b/src/chrome/content/rules/CFEngine.xml
index 2e654ef314e6..87383718e38b 100644
--- a/src/chrome/content/rules/CFEngine.xml
+++ b/src/chrome/content/rules/CFEngine.xml
@@ -4,5 +4,5 @@
 
   <securecookie host="^(?:www\.)?cfengine\.com$" name=".+" />
 
-  <rule from="^http://(?:www\.)?cfengine\.com/" to="https://cfengine.com/" />
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/CFINotebook.net.xml b/src/chrome/content/rules/CFINotebook.net.xml
new file mode 100644
index 000000000000..19ae3a67c1e2
--- /dev/null
+++ b/src/chrome/content/rules/CFINotebook.net.xml
@@ -0,0 +1,6 @@
+<ruleset name="CFINotebook.net">
+	<target host="cfinotebook.net" />
+	<target host="www.cfinotebook.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CFJLab.fr.xml b/src/chrome/content/rules/CFJLab.fr.xml
new file mode 100644
index 000000000000..3436ce8c54d3
--- /dev/null
+++ b/src/chrome/content/rules/CFJLab.fr.xml
@@ -0,0 +1,26 @@
+<!--
+	Test URLs lead to pages with MCB issues
+
+-->
+<ruleset name="CFJ-Lab" platform="mixedcontent">
+
+	<target host="cfjlab.fr" />
+		<test url="http://cfjlab.fr/projets.htm?project_id=125" />
+	<target host="www.cfjlab.fr" />
+		<test url="http://www.cfjlab.fr/projets.htm?project_id=125" />
+	<target host="3millions7.cfjlab.fr" />
+	<target host="ateliers.cfjlab.fr" />
+	<target host="belgradexpress.cfjlab.fr" />
+	<target host="checkpointcharlie.cfjlab.fr" />
+	<target host="derrierelaporte.cfjlab.fr" />
+	<target host="elmadrileno.cfjlab.fr" />
+	<target host="ethique.cfjlab.fr" />
+		<test url="http://ethique.cfjlab.fr/2017/04/20/tensions-intimidations-et-insultes-comment-le-journaliste-doit-il-reagir/" />
+	<target host="explore.cfjlab.fr" />
+	<target host="histoiredesmondialisations-ens-cfjw.cfjlab.fr" />
+	<target host="nouveauxfrancais.cfjlab.fr" />
+	<target host="wp.cfjlab.fr" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CFWGroup.ca.xml b/src/chrome/content/rules/CFWGroup.ca.xml
new file mode 100644
index 000000000000..8e2119009047
--- /dev/null
+++ b/src/chrome/content/rules/CFWGroup.ca.xml
@@ -0,0 +1,6 @@
+<ruleset name="CFWGroup.ca">
+	<target host="cfwgroup.ca" />
+	<target host="www.cfwgroup.ca" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CGRAN.org.xml b/src/chrome/content/rules/CGRAN.org.xml
new file mode 100644
index 000000000000..225cdac3e433
--- /dev/null
+++ b/src/chrome/content/rules/CGRAN.org.xml
@@ -0,0 +1,10 @@
+<ruleset name="CGRAN.org" default_off="refused">
+
+	<target host="cgran.org" />
+	<target host="www.cgran.org" />
+
+
+	<rule from="^http://(?:www\.)?cgran\.org/"
+		to="https://www.cgran.org/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CHDK.xml b/src/chrome/content/rules/CHDK.xml
index edd4a751a7c5..07725303b75e 100644
--- a/src/chrome/content/rules/CHDK.xml
+++ b/src/chrome/content/rules/CHDK.xml
@@ -4,14 +4,14 @@
 		- Someserver.xml
 
 -->
-<ruleset name="CHDK" default_off="mismatch" platform="cacert">
+<ruleset name="CHDK" default_off="mismatched">
 
 	<!--	Cert:	www.someserver.de	-->
 	<target host="mighty-hoernsche.de" />
 	<target host="www.mighty-hoernsche.de" />
 
 
-	<rule from="^https?://(?:www\.)?mighty-hoernsche\.de/"
+	<rule from="^http://(?:www\.)?mighty-hoernsche\.de/"
 		to="https://mighty-hoernsche.de/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/CHIP-Digital.de.xml b/src/chrome/content/rules/CHIP-Digital.de.xml
new file mode 100644
index 000000000000..d114487ee083
--- /dev/null
+++ b/src/chrome/content/rules/CHIP-Digital.de.xml
@@ -0,0 +1,20 @@
+<!--
+	^: cert only matches www
+
+-->
+<ruleset name="CHIP-Digital.de">
+
+	<target host="chip-digital.de" />
+	<target host="www.chip-digital.de" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.chip-digital\.de$" name="^RegisterSession$" /-->
+
+	<securecookie host="^www\.chip-digital\.de$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CHIP-Kiosk.de.xml b/src/chrome/content/rules/CHIP-Kiosk.de.xml
new file mode 100644
index 000000000000..ce2fcb1822e8
--- /dev/null
+++ b/src/chrome/content/rules/CHIP-Kiosk.de.xml
@@ -0,0 +1,34 @@
+<!--
+	Problematic domains:
+
+		- (www.)?chip-app.de ¹
+		- chip-kiosk.de ²
+
+	¹ Plaintext reply
+	² Cert only matches www
+
+-->
+<ruleset name="CHIP-Kiosk.de">
+
+	<target host="chip-app.de" />
+	<target host="www.chip-app.de" />
+	<target host="chip-kiosk.de" />
+	<target host="*.chip-kiosk.de" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.www\.chip-kiosk\.de$" name="^frontend$" /-->
+
+	<securecookie host="^\.www\.chip-kiosk\.de$" name=".+" />
+
+
+	<!--	[^/?]+ doesn't redirect:
+						-->
+	<rule from="^http://(?:www\.)?chip-app\.de/+(?:$|\?.*)"
+		to="https://www.chip-kiosk.de/chip#chip-tablet-edition" />
+
+	<rule from="^http://(?:www\.)?chip-kiosk\.de/"
+		to="https://www.chip-kiosk.de/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CHIP-Online-mismatches.xml b/src/chrome/content/rules/CHIP-Online-mismatches.xml
index 462d4359ee32..21c3244de2a9 100644
--- a/src/chrome/content/rules/CHIP-Online-mismatches.xml
+++ b/src/chrome/content/rules/CHIP-Online-mismatches.xml
@@ -7,7 +7,6 @@
 	<target host="chip01.chipimages.de" />
 
 
-	<rule from="^http://chip01\.chipimages\.de/"
-		to="https://chip01.chipimages.de/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/CHIP-Online.xml b/src/chrome/content/rules/CHIP-Online.xml
index bcc92ce2180a..06c386b1ffc1 100644
--- a/src/chrome/content/rules/CHIP-Online.xml
+++ b/src/chrome/content/rules/CHIP-Online.xml
@@ -33,7 +33,7 @@
 	<target host="omniture.chip.eu" />
 
 
-	<rule from="^https?://omniture\.chip\.eu/"
+	<rule from="^http://omniture\.chip\.eu/"
 		to="https://chipxonioonlinegmbh.d1.sc.omtrdc.net/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/CHIP.de.xml b/src/chrome/content/rules/CHIP.de.xml
new file mode 100644
index 000000000000..87615ab0cde0
--- /dev/null
+++ b/src/chrome/content/rules/CHIP.de.xml
@@ -0,0 +1,117 @@
+<!--
+	Connection closed:
+		data.chip.de
+
+	Invalid certificate:
+		amazon.chip.de
+		apps.chip.de
+		dl.cdn.chip.de
+		*.damoh.chip.de
+		fsm.chip.de
+		ipe.chip.de
+		omniture.chip.de
+		video.chip.de
+		visual-story.chip.de
+
+	Mismatch:
+		rest.generator.chip.de
+
+	Refused:
+		pub.chip.de
+		rss.chip.de
+
+	Timeout:
+		adx.chip.de
+		*.int.chip.de
+		secure.chip.de
+		services.chip.de
+		shopstatic.chip.de
+
+	Too many redirects:
+		branded-story.chip.de
+		m.chip.de
+		shop.chip.de
+		x.chip.de
+-->
+<ruleset name="CHIP.de">
+
+	<target host="chip.de" />
+	<target host="www.chip.de" />
+		<exclusion pattern="^http://www\.chip\.de/404"/>
+		<test url="http://www.chip.de/404" />
+	<target host="acer-aspire-5-testblog.chip.de" />
+	<target host="acer-switch-alpha-12-testblog.chip.de" />
+	<target host="ad-js.chip.de" />
+	<target host="adtm.chip.de" />
+	<target host="amp-analytics.chip.de" />
+	<target host="angebot.chip.de" />
+	<target host="appsbackend.chip.de" />
+	<target host="asus-t300-chi-testblog.chip.de" />
+	<target host="autoren-stg.chip.de" />
+	<target host="behave.chip.de" />
+	<target host="beste-apps.chip.de" />
+	<target host="blog.chip.de" />
+	<target host="branded-stories.chip.de" />
+	<target host="business.chip.de" />
+	<target host="content.chip.de" />
+	<target host="ssl.1.damoh.chip.de" />
+	<target host="ssl.2.damoh.chip.de" />
+	<target host="ssl.3.damoh.chip.de" />
+	<target host="dealfinder.chip.de" />
+	<target host="deals.chip.de" />
+	<target host="digito.chip.de" />
+	<target host="downloaderapi.chip.de" />
+	<target host="dvd.chip.de" />
+	<target host="efahrer.chip.de" />
+	<target host="efahrer-images.chip.de" />
+	<target host="filestorage.chip.de" />
+	<target host="forum.chip.de" />
+	<target host="fotowelt.chip.de" />
+	<target host="free2play.chip.de" />
+	<target host="fsm1.chip.de" />
+	<target host="gopro-max-testblog.chip.de" />
+	<target host="gutscheine.chip.de" />
+	<target host="huawei-p9-testblog.chip.de" />
+	<target host="imgs.chip.de" />
+	<target host="info.chip.de" />
+	<target host="jobs.chip.de" />
+	<target host="kiosk.chip.de" />
+	<target host="kuendigen.chip.de" />
+	<target host="kzsicw.chip.de" />
+	<target host="lumeo.chip.de" />
+	<target host="mms.chip.de" />
+	<target host="newsletter.chip.de" />
+	<target host="pn.chip.de" />
+	<target host="praxistipps.chip.de" />
+	<target host="praxistipps-images.chip.de" />
+	<target host="r.chip.de" />
+	<target host="rt.chip.de" />
+	<target host="search.chip.de" />
+	<target host="sentry.chip.de" />
+	<target host="service.chip.de" />
+	<target host="shoppingadvisor.chip.de" />
+	<target host="shoppingadvisor-stg.chip.de" />
+	<target host="shoppingadvisor-thumbor.chip.de" />
+	<target host="somniture.chip.de" />
+	<target host="sparalarm.chip.de" />
+	<target host="speedtest.chip.de" />
+	<target host="suche.chip.de" />
+	<target host="tarife.chip.de" />
+	<target host="testcenter.chip.de" />
+	<target host="tl01.chip.de" />
+	<target host="tl02.chip.de" />
+	<target host="tl03.chip.de" />
+	<target host="tl04.chip.de" />
+	<target host="toplists-img.chip.de" />
+	<target host="videoembed.chip.de" />
+	<target host="videoplayer.chip.de" />
+	<target host="videoplayer-staging.chip.de" />
+	<target host="videos.chip.de" />
+	<target host="vorwerk-kobold-vr200-testblog.chip.de" />
+	<target host="zuhause.chip.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CHL.it.xml b/src/chrome/content/rules/CHL.it.xml
index 461ce3afd410..4ee9c78a426f 100644
--- a/src/chrome/content/rules/CHL.it.xml
+++ b/src/chrome/content/rules/CHL.it.xml
@@ -2,5 +2,5 @@
   <target host="www.chl.it" />
   <target host="chl.it" />
 
-  <rule from="^http://(www\.)?chl\.it/" to="https://www.chl.it/"/>
+  <rule from="^http://(?:www\.)?chl\.it/" to="https://www.chl.it/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/CIA.com.xml b/src/chrome/content/rules/CIA.com.xml
deleted file mode 100644
index cc417c896146..000000000000
--- a/src/chrome/content/rules/CIA.com.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="CIA Cybersurf">
-  <target host="cia.com" />
-  <target host="*.cia.com" />
-
-  <rule from="^http://([^/:@\.]+)\.cia\.com/" to="https://$1.cia.com/"/>
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/CIA.xml b/src/chrome/content/rules/CIA.xml
index cb5563a3a0bf..95ce8b479179 100644
--- a/src/chrome/content/rules/CIA.xml
+++ b/src/chrome/content/rules/CIA.xml
@@ -1,19 +1,40 @@
 <!--
-	For other U.S. government coverage, see US-government.xml.
-
-
-	Problematic subdomains:
-
-		$	(cert only matches www)
 
+	Non-functional hosts
+		Timeout was reached:
+			 - ain.cia.gov
+			 - comm.cia.gov
+			 - crypt.cia.gov
+			 - crypt1.cia.gov
+			 - ddss.cia.gov
+			 - ddssdata.cia.gov
+			 - ddsstest.cia.gov
+			 - ddsstestdata.cia.gov
+			 - mail1.cia.gov
+			 - mail2.cia.gov
+			 - mail2b.cia.gov
+			 - relay201.net.cia.gov
+			 - relay202.net.cia.gov
+			 - relay203.net.cia.gov
+			 - relay204.net.cia.gov
+			 - res.cia.gov
+			 - www2.cia.gov
+
+		SSL connect error:
+			 - relay301.net.cia.gov
+
+		SSL peer certificate was not OK:
+			 - www.foia.cia.gov
+
+		Peer certificate cannot be authenticated with given CA certificates:
+			 - appsen.cia.gov
 -->
 <ruleset name="Central Intelligence Agency">
-
 	<target host="cia.gov" />
 	<target host="www.cia.gov" />
+	<target host="mivsp.cia.gov" />
 
+	<securecookie host="^(www\.)?cia\.gov$" name=".+" />
 
-	<rule from="^https?://(?:www\.)?cia\.gov/"
-		to="https://www.cia.gov/" />
-
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CICLOPS.xml b/src/chrome/content/rules/CICLOPS.xml
index ebf348ac9f3e..98087c679810 100644
--- a/src/chrome/content/rules/CICLOPS.xml
+++ b/src/chrome/content/rules/CICLOPS.xml
@@ -5,7 +5,7 @@
 	<target host="ciclops.org"/>
 	<target host="www.ciclops.org"/>
 
-	<securecookie host="^(.*\.)ciclops\.org$" name=".*"/>
+	<securecookie host="^(?:.*\.)ciclops\.org$" name=".+" />
 
 	<!--	cert !match !www	-->
 	<rule from="^http://(?:www\.)?ciclops\.org/"
diff --git a/src/chrome/content/rules/CIHR.eu.xml b/src/chrome/content/rules/CIHR.eu.xml
new file mode 100644
index 000000000000..22dae43dba50
--- /dev/null
+++ b/src/chrome/content/rules/CIHR.eu.xml
@@ -0,0 +1,24 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- cihr.eu
+		- www.cihr.eu
+
+-->
+<ruleset name="CIHR.eu">
+
+	<target host="cihr.eu" />
+	<target host="www.cihr.eu" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?cihr\.eu$" name="^wfvt_\d+$" /-->
+
+	<securecookie host="^(?:www\.)?cihr\.eu$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CIMB-Cambodia.xml b/src/chrome/content/rules/CIMB-Cambodia.xml
new file mode 100644
index 000000000000..8368ea43a064
--- /dev/null
+++ b/src/chrome/content/rules/CIMB-Cambodia.xml
@@ -0,0 +1,21 @@
+<!--
+	For other CIMB coverage, see CIMB.com.xml
+
+
+	Non-functional subdomains:
+		- (www.)bizchannel   (certificate mismatch)
+
+-->
+
+<ruleset name="CIMB Cambodia">
+
+	<target host="cimbbank.com.kh" />
+	<target host="www.cimbbank.com.kh" />
+	<target host="www.internetbanking.cimbbank.com.kh" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CIMB-Indonesia.xml b/src/chrome/content/rules/CIMB-Indonesia.xml
new file mode 100644
index 000000000000..15eb665204fc
--- /dev/null
+++ b/src/chrome/content/rules/CIMB-Indonesia.xml
@@ -0,0 +1,42 @@
+<!--
+	For other CIMB coverage, see CIMB.com.xml
+
+
+	Non-functional hosts:
+		- (www.)cimbniagasyariah.com	(r)
+
+		- cimbniaga.com
+			- bizchannel	(m)
+			- bizchannel2	(r)
+			- ibank	(r)
+			- mail	(m)
+			- scholarship	(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="CIMB Indonesia">
+
+	<target host="www.cimbclicks.co.id" />
+
+	<target host="www.cimbniaga.com" />
+	<target host="3dsecure.cimbniaga.com" />
+	<target host="3dsecure2.cimbniaga.com" />
+	<target host="3dsecuredebit.cimbniaga.com" />
+
+	<target host="bizchannel.cimbniaga.co.id" />
+		<test url="http://bizchannel.cimbniaga.co.id/corp/common2/login.do?action=loginRequest" />
+
+	<target host="www.itradecimb.co.id" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CIMB-Singapore.xml b/src/chrome/content/rules/CIMB-Singapore.xml
new file mode 100644
index 000000000000..d8c81e7f1089
--- /dev/null
+++ b/src/chrome/content/rules/CIMB-Singapore.xml
@@ -0,0 +1,43 @@
+
+<!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Fetch error: http://id.itradecimb.com.sg/ => https://id.itradecimb.com.sg/: (6, 'Could not resolve host: id.itradecimb.com.sg')
+
+	For other CIMB coverage, see CIMB.com.xml
+
+
+	Non-functional hosts:
+		- (www.)cimb.com.sg	(t)
+		- m.cimbclicks.com.sg	(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="CIMB Singapore">
+
+	<target host="cimbbank.com.sg" />
+	<target host="www.cimbbank.com.sg" />
+	<!-- <target host="secure.eforms.cimbbank.com.sg" /> -->
+		<!-- main page is not functional/ Neither are test URLs, removing -->
+		<!-- <exclusion pattern="^http://secure\.eforms\.cimbbank\.com\.sg/$" />
+		<test url="http://secure.eforms.cimbbank.com.sg/common/js/plugins/modal/dialog/close.gif" /> -->
+
+	<target host="cimbclicks.com.sg" />
+	<target host="www.cimbclicks.com.sg" />
+
+	<target host="www.bizchannel.cimb.com.sg" />
+	<target host="www.itradecimb.com.sg" />
+	<!-- target host="id.itradecimb.com.sg" /-->
+	<target host="th.itradecimb.com.sg" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CIMB-Thailand.xml b/src/chrome/content/rules/CIMB-Thailand.xml
new file mode 100644
index 000000000000..f2b16ba9e7bf
--- /dev/null
+++ b/src/chrome/content/rules/CIMB-Thailand.xml
@@ -0,0 +1,37 @@
+<!--
+	For other CIMB coverage, see CIMB.com.xml
+
+
+	Non-functional hosts:
+		- (www.)beatbanking	(r)
+		- gslb			(r)
+		- onlineaccountopening	(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="CIMB Thailand">
+
+	<target host="www.cimbclicks.in.th" />
+
+	<target host="www.cimbsecurities.co.th" />
+	<target host="itrade.cimbsecurities.co.th" />
+
+	<target host="cimbthai.com" />
+	<target host="www.cimbthai.com" />
+	<target host="www.bizchannel.cimbthai.com" />
+	<target host="digital.cimbthai.com" />
+	<target host="dse.cimbthai.com" />
+	<target host="lms.cimbthai.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CIMB.com.xml b/src/chrome/content/rules/CIMB.com.xml
new file mode 100644
index 000000000000..4b4c2f578078
--- /dev/null
+++ b/src/chrome/content/rules/CIMB.com.xml
@@ -0,0 +1,167 @@
+
+<!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Fetch error: http://ecard.cimb.com/ => https://ecard.cimb.com/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+
+<!--
+The following targets have been disabled at 2020-04-17 18:38:06:
+
+Fetch error: http://cimb.com/ => https://cimb.com/: (51, "SSL: no alternative certificate subject name matches target host name 'cimb.com'")
+Fetch error: http://biz123.cimb.com/ => https://biz123.cimb.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://brokingrfs.cimb.com/ => https://brokingrfs.cimb.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://cimbaseanscholarship.cimb.com/ => https://cimbaseanscholarship.cimb.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://cimbequityresearch.cimb.com/ => https://cimbequityresearch.cimb.com/: (7, 'Failed to connect to cimbequityresearch.cimb.com port 443: Connection refused')
+Fetch error: http://cimbnet.cimb.com/ => https://cimbnet.cimb.com/: (7, 'Failed to connect to cimbnet.cimb.com port 443: Connection refused')
+Fetch error: http://cimbnet1.cimb.com/ => https://cimbnet1.cimb.com/: (35, 'error:14171102:SSL routines:tls_process_server_hello:unsupported protocol')
+Fetch error: http://cmt-vpn.cimb.com/ => https://cmt-vpn.cimb.com/: (35, 'error:14171102:SSL routines:tls_process_server_hello:unsupported protocol')
+Fetch error: http://eprocure.cimb.com/ => https://eprocure.cimb.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://fxmargintrading.cimb.com/ => https://fxmargintrading.cimb.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://irecruitment.cimb.com/ => https://irecruitment.cimb.com/: (6, 'Could not resolve host: irecruitment.cimb.com')
+Fetch error: http://research.cimb.com/ => https://research.cimb.com/: (51, "SSL: no alternative certificate subject name matches target host name 'research.cimb.com'")
+Fetch error: http://sgcfd.cimb.com/ => https://sgcfd.cimb.com/: (6, 'Could not resolve host: sgcfd.cimb.com')
+Fetch error: http://travelercb.cimb.com/ => https://travelercb.cimb.com/: (7, 'Failed to connect to travelercb.cimb.com port 443: Connection timed out')
+Fetch error: http://travelerib.cimb.com/ => https://travelerib.cimb.com/: (7, 'Failed to connect to travelerib.cimb.com port 443: Connection refused')
+Fetch error: http://watchlist.cimb.com/ => https://watchlist.cimb.com/: (35, 'error:14171102:SSL routines:tls_process_server_hello:unsupported protocol')
+
+	Other related rulesets:
+
+		- CIMBBank.com.my.xml
+		- CIMBClicks.com.my.xml
+		- CIMBIslamic.com.xml
+		- CIMBPreferred.com.xml
+		- CIMB-Cambodia.xml
+		- CIMB-Indonesia.xml
+		- CIMB-Singapore.xml
+		- CIMB-Thailand.xml
+		- iTradeCIMB.com.my.xml
+		- eIPOCIMB.com.xml
+
+
+	Non-functional hosts:
+
+		- cimb.com
+			- bgmail01	(t)
+			- caps	(i)
+			- cimb-ldsmtp02	(t)
+			- cimbmail02	(t)
+			- cimbnet5	(t)
+			- cimbregionalscholarship	(e)
+			- cimbresearch	(t)
+			- cimbtrading	(i)
+			- conference	(i)
+			- www.conference	(i)
+			- www.corpcardsonline	(i)
+			- corporatecardsonline	(t)
+			- dcatalyst	(t)
+			- directaccess-securee-pay	(t)
+			- eproc	(t)
+			- eproc-training	(i)
+			- m.fxmargintrading	(t)
+			- gateway	(i)
+			- gatewaydr	(r)
+			- www.goforward	(m)
+			- www.ib	(t)
+			- ithm	(i)
+			- jinglebellrush	(s)
+			- jtpmail01	(t)
+			- k-centre	(i)
+			- ltmail2	(m)
+			- mbcmail01	(t)
+			- mbcmail02	(t)
+			- mcimbbyod2	(s)
+			- ebbfilter02.my	(t)
+			- ebbfiltercc.my	(t)
+			- nttfilter01.my	(t)
+			- pdmfilter.my	(t)
+			- my1aml	(t)
+			- mypassword	(t)
+			- ns1	(t)
+			- ns2	(r)
+			- ns3	(s)
+			- ns4	(t)
+			- nsmy01	(t)
+			- officemail	(t)
+			- officemail1	(t)
+			- pdmlb01	(r)
+			- pdmlb02	(r)
+			- pdmmail02	(t)
+			- ppmail01	(t)
+			- securemail	(i)
+			- sgcfddes	(t)
+			- smsg1	(t)
+			- smsg2	(t)
+			- smsgdr	(r)
+			- tcb	(e)
+			- tpmail01	(t)
+			- www.us	(r)
+			- vpn	(i)
+			- warrants	(e)
+			- www.wip	(m)
+
+		- cimbaviva.com
+			- (www.)cimbaviva.com	(r)
+			- bpp	(r)
+			- bpp1	(r)
+			- e-hr	(r)
+			- login	(r)
+			- mailsvr	(r)
+			- ns1	(r)
+			- ns2	(r)
+
+		- cimbbizchannel.com
+			- www	(e)
+			- securedr	(r)
+			- securelogin	(e)
+
+		- cimbetf.com
+			- www	(e)
+			- ns1	(m)
+
+		- cimb-principalislamic.com	(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="CIMB.com">
+
+	<!-- target host="cimb.com" /-->
+	<target host="www.cimb.com" />
+	<!-- target host="biz123.cimb.com" /-->
+	<!-- target host="brokingrfs.cimb.com" /-->
+	<target host="cimb-securee-pay.cimb.com" />
+	<!-- target host="cimbaseanscholarship.cimb.com" /-->
+	<target host="cimbdebit-securee-pay.cimb.com" />
+	<!-- target host="cimbequityresearch.cimb.com" /-->
+	<target host="cimbislamic-securee-pay.cimb.com" />
+	<!-- target host="cimbnet.cimb.com" /-->
+	<!-- target host="cimbnet1.cimb.com" /-->
+	<!-- target host="cmt-vpn.cimb.com" /-->
+	<target host="controlroom.cimb.com" />
+	<target host="ebms.cimb.com" />
+	<!-- target host="ecard.cimb.com" /-->
+	<target host="elearning.cimb.com" />
+	<!-- target host="eprocure.cimb.com" /-->
+	<!-- target host="fxmargintrading.cimb.com" /-->
+	<target host="hris.cimb.com" />
+	<!-- target host="irecruitment.cimb.com" /-->
+	<target host="rcs.cimb.com" />
+	<!-- target host="research.cimb.com" /-->
+	<!-- target host="sgcfd.cimb.com" /-->
+	<target host="stats.cimb.com" />
+	<!-- target host="travelercb.cimb.com" /-->
+	<!-- target host="travelerib.cimb.com" /-->
+	<!-- target host="watchlist.cimb.com" /-->
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CIMBBank.com.my.xml b/src/chrome/content/rules/CIMBBank.com.my.xml
new file mode 100644
index 000000000000..0332c0753a72
--- /dev/null
+++ b/src/chrome/content/rules/CIMBBank.com.my.xml
@@ -0,0 +1,58 @@
+<!--
+	For other CIMB coverage, see CIMB.com.xml
+
+
+	Non-functional hosts:
+
+		- cimbbank.com.my
+			- www.bizchannel	(m)
+			- carauction	(e)
+			- cashflick	(s)
+			- ekyc-prodapi	(t)
+			- ekyc-uatapi	(t)
+			- petronas7	(t)
+			- propertymart	(e)
+			- recovery	(i)
+			- survey	(e)
+			- uat-emerchant	(i)
+			- warrants	(e)
+			- www.wip	(m)
+
+		- cwealthadvisors.com.my
+			- www.cwealthadvisors.com.my	(m)
+			- mail	(t)
+			- ns1	(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="CIMBBank.com.my">
+
+	<target host="cimbbank.com.my" />
+	<target host="www.cimbbank.com.my" />
+	<target host="apmart.cimbbank.com.my" />
+	<target host="cardsmerchant.cimbbank.com.my" />
+	<target host="www.custodyservices.cimbbank.com.my" />
+	<target host="www.custodyservicesdr.cimbbank.com.my" />
+	<target host="ekyc-prod.cimbbank.com.my" />
+	<target host="ekyc-prodauth.cimbbank.com.my" />
+	<target host="ekyc-uat.cimbbank.com.my" />
+	<target host="ekyc-uatauth.cimbbank.com.my" />
+	<target host="emerchant.cimbbank.com.my" />
+	<target host="eva-prod.cimbbank.com.my" />
+	<target host="mp.cimbbank.com.my" />
+	<target host="mp-uat.cimbbank.com.my" />
+	<target host="www.plugnpay.cimbbank.com.my" />
+	<target host="prime.cimbbank.com.my" />
+	<target host="rewards.cimbbank.com.my" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CIMBClicks.com.my.xml b/src/chrome/content/rules/CIMBClicks.com.my.xml
new file mode 100644
index 000000000000..4d67999b9540
--- /dev/null
+++ b/src/chrome/content/rules/CIMBClicks.com.my.xml
@@ -0,0 +1,43 @@
+<!--
+	For other CIMB coverage, see CIMB.com.xml
+
+
+	Non-functional subdomains:
+
+		- $host	(m)
+		- fb	(r)
+		- ns2	(r)
+		- ns3	(s)
+		- ns4	(t)
+		- preprod	(m)
+		- uat3	(s)
+		- www.wip	(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="CIMBClicks.com.my">
+
+	<target host="cimbclicks.com.my" />
+	<target host="www.cimbclicks.com.my" />
+	<target host="apps.cimbclicks.com.my" />
+	<target host="messenger.cimbclicks.com.my" />
+	<target host="pocuat3.cimbclicks.com.my" />
+	<target host="sit.cimbclicks.com.my" />
+	<target host="uat.cimbclicks.com.my" />
+	<target host="uat2.cimbclicks.com.my" />
+
+	<securecookie host=".+" name=".+" />
+
+	<!-- cert only matches www -->
+	<rule from="^http://cimbclicks\.com\.my/"
+		to="https://www.cimbclicks.com.my/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CIMBIslamic.com.xml b/src/chrome/content/rules/CIMBIslamic.com.xml
new file mode 100644
index 000000000000..cff7e12ba8ba
--- /dev/null
+++ b/src/chrome/content/rules/CIMBIslamic.com.xml
@@ -0,0 +1,27 @@
+<!--
+	For other CIMB coverage, see CIMB.com.xml
+
+
+	Non-functional subdomains:
+
+		- cb	(m)
+		- www.wip	(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="CIMB Islamic">
+
+	<target host="cimbislamic.com" />
+	<target host="www.cimbislamic.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CIMBPreferred.com.xml b/src/chrome/content/rules/CIMBPreferred.com.xml
new file mode 100644
index 000000000000..e77609c5781c
--- /dev/null
+++ b/src/chrome/content/rules/CIMBPreferred.com.xml
@@ -0,0 +1,13 @@
+<!--
+	For other CIMB coverage, see CIMB.com.xml
+-->
+<ruleset name="CIMBPreferred.com">
+
+	<target host="cimbpreferred.com" />
+	<target host="www.cimbpreferred.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CINES.fr.xml b/src/chrome/content/rules/CINES.fr.xml
new file mode 100644
index 000000000000..298ec66cc6cf
--- /dev/null
+++ b/src/chrome/content/rules/CINES.fr.xml
@@ -0,0 +1,19 @@
+<!--
+	Problematic subdomains:
+
+		- maheo *
+
+	* Self-signed
+
+
+	^cines.fr doesn't exist.
+
+-->
+<ruleset name="CINES.fr (partial)">
+
+	<target host="www.cines.fr" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CIO.com.au.xml b/src/chrome/content/rules/CIO.com.au.xml
index d1225d5e3e13..63838906a778 100644
--- a/src/chrome/content/rules/CIO.com.au.xml
+++ b/src/chrome/content/rules/CIO.com.au.xml
@@ -11,8 +11,7 @@
 	<target host="www.cio.com.au" />
 
 
-	<rule from="^http://(?:www\.)?cio\.com\.au/"
-		to="https://www.cio.com.au/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
 
diff --git a/src/chrome/content/rules/CIO.com.xml b/src/chrome/content/rules/CIO.com.xml
new file mode 100644
index 000000000000..8c46c7fd2aa1
--- /dev/null
+++ b/src/chrome/content/rules/CIO.com.xml
@@ -0,0 +1,47 @@
+<!--
+	For other IDG coverage, see IDG.se.xml.
+
+
+	Nonfunctional subdomains:
+
+		- (www.) *
+
+	* Refused
+
+
+	Problematic subdomains:
+
+		- itjobs ¹
+		- pathways ²
+
+	¹ Works; mismatched, CN: *.jobamatic.com
+	² Works; expired 2012-09-09, self-signed
+
+
+	Mixed content:
+
+		- iframes on itjobs from www ¹
+
+		- css on itjobs from www ¹
+
+		- Images on council from $self ²
+
+		- favicon on itjobs from www ¹
+
+	¹ Unsecurable
+	² Secured by us
+
+-->
+<ruleset name="CIO.com (partial)">
+
+	<target host="council.cio.com" />
+	<target host="itjobs.cio.com" />
+
+
+	<rule from="^http://council\.cio\.com/"
+		to="https://council.cio.com/" />
+
+	<rule from="^http://itjobs\.cio\.com/c/"
+		to="https://computerworld.jobamatic.com/c/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CIRT.net.xml b/src/chrome/content/rules/CIRT.net.xml
new file mode 100644
index 000000000000..f777fd58a9a8
--- /dev/null
+++ b/src/chrome/content/rules/CIRT.net.xml
@@ -0,0 +1,16 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.cirt.net/ => https://www.cirt.net/: (51, "SSL: no alternative certificate subject name matches target host name 'www.cirt.net'")
+
+-->
+<ruleset name="CIRT.net" default_off="failed ruleset test">
+
+	<target host="cirt.net" />
+	<target host="www.cirt.net" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CIR_Online.org.xml b/src/chrome/content/rules/CIR_Online.org.xml
new file mode 100644
index 000000000000..9f1bc8c204e9
--- /dev/null
+++ b/src/chrome/content/rules/CIR_Online.org.xml
@@ -0,0 +1,26 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://beta.cironline.org/ => https://beta.cironline.org/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.cironline.org/ => https://www.cironline.org/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="CIR Online.org (partial)" default_off="failed ruleset test">
+
+	<target host="cironline.org" />
+	<target host="beta.cironline.org" />
+	<target host="www.cironline.org" />
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="^http://cironline\.org/($|\?|favicon\.ico)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://cironline\.org/+(?!sites/)" />
+
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CIS-India.org.xml b/src/chrome/content/rules/CIS-India.org.xml
new file mode 100644
index 000000000000..bed5ebb3652a
--- /dev/null
+++ b/src/chrome/content/rules/CIS-India.org.xml
@@ -0,0 +1,35 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .cis-india.org
+
+
+	Mixed content:
+
+		- css from fonts.googleapis.com *
+		- css from $self *
+
+		- Images from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="CIS-India.org (false MCB)" platform="mixedcontent">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="cis-india.org" />
+	<target host="www.cis-india.org" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.cis-india\.org$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.cis-india\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CI_Security.org.xml b/src/chrome/content/rules/CI_Security.org.xml
new file mode 100644
index 000000000000..bdf4c17bd842
--- /dev/null
+++ b/src/chrome/content/rules/CI_Security.org.xml
@@ -0,0 +1,31 @@
+<!--
+	Fully covered subdomains:
+
+		- (www.)?
+		- alliance
+		- benchmarks
+		- community
+		- iic
+		- msisac
+
+
+	These altnames don't exist:
+
+		- www.blog.cisecurity.org
+
+-->
+<ruleset name="CI Security.org">
+
+	<target host="cisecurity.org" />
+	<target host="alliance.cisecurity.org" />
+	<target host="benchmarks.cisecurity.org" />
+	<target host="community.cisecurity.org" />
+	<target host="iic.cisecurity.org" />
+	<target host="msisac.cisecurity.org" />
+	<target host="www.cisecurity.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CJ2.nl.xml b/src/chrome/content/rules/CJ2.nl.xml
new file mode 100644
index 000000000000..c28f8f585a1d
--- /dev/null
+++ b/src/chrome/content/rules/CJ2.nl.xml
@@ -0,0 +1,46 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://admin.cj2.nl/ => https://admin.cj2.nl/: (28, 'Connection timed out after 20000 milliseconds')
+
+	^cj2.nl: Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- datacenter.cj2.nl
+		- panel.cj2.nl
+		- .webmail.cj2.nl
+		- www.cj2.nl
+
+-->
+<ruleset name="CJ2.nl" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="admin.cj2.nl" />
+	<target host="datacenter.cj2.nl" />
+	<target host="panel.cj2.nl" />
+	<target host="webmail.cj2.nl" />
+	<target host="www.cj2.nl" />
+
+	<!--	Complications:
+				-->
+	<target host="cj2.nl" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:datacenter|panel|www)\.cj2\.nl$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^\.webmail\.cj2\.nl$" name="^(?:Horde|auth_key)$" /-->
+
+	<securecookie host="^(?:datacenter|panel|\.webmail|www)\.cj2\.nl$" name=".+" />
+
+
+	<rule from="^http://cj2\.nl/"
+		to="https://www.cj2.nl/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CJFE.org.xml b/src/chrome/content/rules/CJFE.org.xml
new file mode 100644
index 000000000000..93c3ed0ecdbd
--- /dev/null
+++ b/src/chrome/content/rules/CJFE.org.xml
@@ -0,0 +1,42 @@
+<!--
+	www.cjfe.org: Mismatched
+
+
+	Insecure cookies are set for these domains:
+
+		- .cjfe.org
+
+
+	Mixed content:
+
+		- Images on snowdenarchive from cjfe.org *
+
+	* Secured by us
+
+-->
+<ruleset name="CJFE.org" default_off="invalid cert">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="cjfe.org" />
+	<target host="snowdenarchive.cjfe.org" />
+
+	<!--	Complications:
+				-->
+	<target host="www.cjfe.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.cjfe\.org$" name="^SESS[\da-f]{32}$" /-->
+
+	<securecookie host="^\.cjfe\.org$" name=".+" />
+
+
+	<rule from="^http://www\.cjfe\.org/"
+		to="https://cjfe.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CJS-CDKeys.com.xml b/src/chrome/content/rules/CJS-CDKeys.com.xml
index feebbb671577..9546cd3b9899 100644
--- a/src/chrome/content/rules/CJS-CDKeys.com.xml
+++ b/src/chrome/content/rules/CJS-CDKeys.com.xml
@@ -1,13 +1,10 @@
 <ruleset name="CJS-CDKeys.com">
 
 	<target host="cjs-cdkeys.com" />
-	<target host="*.cjs-cdkeys.com" />
+	<target host="www.cjs-cdkeys.com" />
 
+	<securecookie host=".+" name=".+" />
 
-	<securecookie host="^\.cjs-cdkeys\.com$" name=".+" />
+	<rule from="^http:" to="https:" />
 
-
-	<rule from="^http://(www\.)?cjs-cdkeys\.com/"
-		to="https://$1cjs-cdkeys.com/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/CKEditor.com.xml b/src/chrome/content/rules/CKEditor.com.xml
new file mode 100644
index 000000000000..cd7cb2cbf087
--- /dev/null
+++ b/src/chrome/content/rules/CKEditor.com.xml
@@ -0,0 +1,38 @@
+<!--
+	For other CKSource coverage, see CKSource.com.xml.
+
+
+	CDN buckets:
+
+		- d3j1vh5wu7c1yu.cloudfront.net
+
+			- s1
+
+
+	Nonfunctional hosts in *ckeditor.com:
+
+		- (www.)? *
+		- sdk *
+		- docs ~
+		- s1 (→ d3j1vh5wu7c1yu.cloudfront.net) #
+
+	* cert mismatch host3.cksource.com
+	~ cert mismatch cloudfront.net
+	# Content Security Policy denied to load from cloudfront.net
+
+
+	Fully covered hosts in *ckeditor.com:
+
+		- cdn
+
+-->
+<ruleset name="CKEditor.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="cdn.ckeditor.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CKSource.com.xml b/src/chrome/content/rules/CKSource.com.xml
new file mode 100644
index 000000000000..7a6b777f43ce
--- /dev/null
+++ b/src/chrome/content/rules/CKSource.com.xml
@@ -0,0 +1,62 @@
+<!--
+	Other CKSource rulesets:
+
+		- CKEditor.com.xml
+
+
+	CDN buckets:
+
+		- d2xc7e2akbvihw.cloudfront.net
+
+			- c.cksource.com
+
+
+	Nonfunctional hosts in *cksource.com:
+
+		- docs *
+
+	* Shows ^cksource.com
+
+
+	www.cksource.com: Mismatched
+
+
+	Fully covered hosts in *cksource.com:
+
+		- (www.)?	(www → ^)
+		- c		(→ d2xc7e2akbvihw.cloudfront.net)
+
+
+	Mixed content:
+
+		- css on ^ from fonts.googleapis.com *
+		- Fonts on ^ from $self *
+
+		- Images, on:
+
+			- ^ from s1.ckeditor.com *
+			- ^ from c.cksource.com *
+
+		- Favicon on ^ from c.cksource.com *
+
+	* Secured by us
+
+-->
+<ruleset name="CKSource.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="cksource.com" />
+
+	<!--	Complications:
+				-->
+	<target host="c.cksource.com" />
+	<target host="www.cksource.com" />
+
+	<rule from="^http://www\.cksource\.com/"
+		to="https://cksource.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CLIC-study.xml b/src/chrome/content/rules/CLIC-study.xml
index b1e7a9d2c5a2..8c8a78a5b181 100644
--- a/src/chrome/content/rules/CLIC-study.xml
+++ b/src/chrome/content/rules/CLIC-study.xml
@@ -14,4 +14,4 @@
 	<rule from="^http://(?:www\.)?clic-study\.org/"
 		to="https://clic-study.org/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/CLP.com.hk.xml b/src/chrome/content/rules/CLP.com.hk.xml
new file mode 100644
index 000000000000..9703b426565f
--- /dev/null
+++ b/src/chrome/content/rules/CLP.com.hk.xml
@@ -0,0 +1,70 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+			 - nhkmx900-shtp01.clp.com.hk
+			 - nhkmx900-sspp01.clp.com.hk
+			 - oc.clp.com.hk
+			 - sip2.clp.com.hk
+
+		Timeout was reached:
+			 - bpgsp.clp.com.hk
+			 - cms13.clp.com.hk
+			 - cms13web.clp.com.hk
+			 - esp25.corp.clp.com.hk
+			 - esp26.corp.clp.com.hk
+			 - esp27.corp.clp.com.hk
+			 - lyncsip.clp.com.hk
+			 - ns1.clp.com.hk
+			 - ns2.clp.com.hk
+			 - officewebappsext.clp.com.hk
+			 - sclpinet11.clp.com.hk
+			 - sclpinet13.clp.com.hk
+			 - testtems.clp.com.hk
+
+		SSL peer certificate was not OK:
+			 - clp.com.hk
+			 - officewebappsdr.clp.com.hk
+
+		Peer certificate cannot be authenticated with given CA certificates:
+			 - misshd02.corp.clp.com.hk
+			 - misspp02.corp.clp.com.hk
+			 - mrhs.corp.clp.com.hk
+			 - mrhs-qa.corp.clp.com.hk
+			 - nhhcs4-shtq71.corp.clp.com.hk
+			 - nhhcs4-sspp71.corp.clp.com.hk
+			 - iue.clp.com.hk
+			 - sccm.clp.com.hk
+			 - vmdmgw-sspq01.clp.com.hk
+			 - www1dev.clp.com.hk
+			 - www1qa.clp.com.hk
+
+		4xx client error:
+			 - devapp.clp.com.hk
+			 - opendata.clp.com.hk
+			 - pgipqa.clp.com.hk
+-->
+<ruleset name="CLP Power Hong Kong Limited (partial)">
+	<target host="clp.com.hk" />
+	<target host="www.clp.com.hk" />
+	<target host="app.clp.com.hk" />
+	<target host="autodiscover.clp.com.hk" />
+	<target host="bpgtp.clp.com.hk" />
+	<target host="fs.clp.com.hk" />
+	<target host="lyncdiscover.clp.com.hk" />
+	<target host="meet.clp.com.hk" />
+	<target host="ndes01.clp.com.hk" />
+	<target host="ndes02.clp.com.hk" />
+	<target host="owapps.clp.com.hk" />
+	<target host="qaapp.clp.com.hk" />
+	<target host="sip.clp.com.hk" />
+	<target host="voltage-pp-0000.clp.com.hk" />
+	<target host="autodiscover.xhg1smtp.clp.com.hk" />
+
+	<securecookie host="^(www\.)?clp\.com\.hk$" name=".+" />
+
+	<rule from="^http://clp\.com\.hk/"
+			to="https://www.clp.com.hk/" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CLTglobal.com.xml b/src/chrome/content/rules/CLTglobal.com.xml
new file mode 100644
index 000000000000..24245a5a0e28
--- /dev/null
+++ b/src/chrome/content/rules/CLTglobal.com.xml
@@ -0,0 +1,27 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cltglobal.com/ => https://cltglobal.com/: (60, 'SSL certificate problem: self signed certificate')
+Fetch error: http://www.cltglobal.com/ => https://www.cltglobal.com/: (60, 'SSL certificate problem: self signed certificate')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://cltglobal.com/ => https://cltglobal.com/: (60, 'SSL certificate problem: self signed certificate')
+	Mixed content:
+
+		- Images from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="CLTglobal.com" default_off="failed ruleset test">
+
+	<target host="cltglobal.com" />
+	<target host="www.cltglobal.com" />
+
+
+	<securecookie host="^\.cltglobal\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CMAS_Center.org.xml b/src/chrome/content/rules/CMAS_Center.org.xml
new file mode 100644
index 000000000000..6fe889abd753
--- /dev/null
+++ b/src/chrome/content/rules/CMAS_Center.org.xml
@@ -0,0 +1,15 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cmascenter.org/ => https://cmascenter.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+-->
+<ruleset name="CMAS Center.org" default_off="failed ruleset test">
+
+	<target host="cmascenter.org" />
+	<target host="www.cmascenter.org" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CMBChina.com.xml b/src/chrome/content/rules/CMBChina.com.xml
new file mode 100644
index 000000000000..3babf7e97276
--- /dev/null
+++ b/src/chrome/content/rules/CMBChina.com.xml
@@ -0,0 +1,166 @@
+
+<!--
+The following targets have been disabled at 2020-10-14 19:04:33:
+
+Fetch error: http://www.cmbchina.com/assetdisposal/ => https://www.cmbchina.com/assetdisposal/: (35, 'OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to www.cmbchina.com:443 ')
+Fetch error: http://ccclub.cmbchina.com/cash/Index.aspx => https://ccclub.cmbchina.com/cash/Index.aspx: Too many redirects while fetching 'https://ccclub.cmbchina.com/cash/Index.aspx'
+Fetch error: http://ccclub.cmbchina.com/fincreditweb/Apply/Query.aspx => https://ccclub.cmbchina.com/fincreditweb/Apply/Query.aspx: Too many redirects while fetching 'https://ccclub.cmbchina.com/fincreditweb/Apply/Query.aspx'
+
+-->
+
+<!--
+The following targets have been disabled at 2020-10-14 19:04:33:
+
+Fetch error: http://ccclub.cmbchina.com/cash/Index.aspx => https://ccclub.cmbchina.com/cash/Index.aspx: Too many redirects while fetching 'https://ccclub.cmbchina.com/cash/Index.aspx'
+Fetch error: http://ccclub.cmbchina.com/fincreditweb/Apply/Query.aspx => https://ccclub.cmbchina.com/fincreditweb/Apply/Query.aspx: Too many redirects while fetching 'https://ccclub.cmbchina.com/fincreditweb/Apply/Query.aspx'
+
+	404:
+		95555.cmbchina.com
+		branch.cmbchina.com
+		english.cmbchina.com
+		fx.cmbchina.com
+		map.cmbchina.com
+		pension.cmbchina.com
+		vip.cmbchina.com
+
+	Expired:
+		ssl.img.jf.cmbchina.com
+
+	Invalid certificate:
+		^cmbchina.com
+		best.cmbchina.com
+		cm.cmbchina.com	( Incomplete cert chain. )
+		jf.cmbchina.com
+		ssl.jf.cmbchina.com	( Incomplete cert chain and MCB. )
+		mall.cmbchina.com
+		live.cmbchina.com	( equal to forum.cmbchina.com )
+		szdl.cmbchina.com	https://szdl.cmbchina.com/download/CmbSafeBase.exe
+
+	MC:
+		market.cmbchina.com/ccard/business/
+		trip.cmbchina.com
+		market.trip.cmbchina.com	( https://market.trip.cmbchina.com/ads/20120323/ )
+
+	MCB:
+		www.cmbchina.com/(cmbinfo/)?$	(branch.* and vip.*)
+
+	Redirect to http:
+		cc.cmbchina.com
+		ccclub.cmbchina.com/fincreditweb/cccar/
+		fund.cmbchina.com
+		futures.cmbchina.com
+		gb.cmbchina.com
+		gold.cmbchina.com
+		info.cmbchina.com
+		stockhq2.cmbchina.com
+
+	Too many redirects:
+		ccclub.cmbchina.com/$
+-->
+
+<ruleset name="CMBChina.com (partial)">
+	<!--	Directly:	-->
+	<target host="acs.cmbchina.com" />
+		<test url="http://acs.cmbchina.com/MasterCard/PAMsg.aspx" />
+	<!-- <target host="app.cmbchina.com" /> -->
+	<target host="b2b.cmbchina.com" />
+		<test url="http://b2b.cmbchina.com/CmbBank_B2B/UI/Home.aspx" />
+	<target host="e.cmbchina.com" />
+	<target host="pbsz.ebank.cmbchina.com" />
+	<target host="fi.cmbchina.com" />
+	<target host="file.cmbchina.com" />
+	<target host="hk.cmbchina.com" />
+	<target host="images.cmbchina.com" />
+	<target host="link.cmbchina.com" />
+		<test url="http://link.cmbchina.com/cmbcareer2015/" />
+	<target host="london.cmbchina.com" />
+	<target host="m.cmbchina.com" />
+	<target host="html.m.cmbchina.com" />
+	<target host="img01.mall.cmbchina.com" />
+	<target host="mobile.cmbchina.com" />
+	<target host="netpay.cmbchina.com" />
+		<test url="http://netpay.cmbchina.com/netpayment/images/NetPayApplyCard.htm" />
+	<target host="ny.cmbchina.com" />
+	<target host="ebank.nj1.cmbchina.com" />
+	<target host="oa.cmbchina.com" />
+	<target host="sdc.cmbchina.com" />
+	<target host="sg.cmbchina.com" />
+	<target host="site.cmbchina.com" />
+	<target host="ebank.sz1.cmbchina.com" />
+	<target host="ebank.sz2.cmbchina.com" />
+	<target host="img.trip.cmbchina.com" />
+	<target host="js.trip.cmbchina.com" />
+	<target host="user.cmbchina.com" />
+	<target host="xiaozhao.wx.cmbchina.com" />
+	<target host="xyk.cmbchina.com" />
+
+	<!--	Complications:	-->
+	<!-- target host="www.cmbchina.com" /-->
+
+	<!-- target host="ccclub.cmbchina.com" /-->
+
+	<target host="forum.cmbchina.com" />
+	<exclusion pattern="^http://forum\.cmbchina\.com/\S+\.aspx" />
+		<test url="http://forum.cmbchina.com/CmbMobileCredictApply/Default.aspx" />
+		<test url="http://forum.cmbchina.com/cmu/viewforum.aspx?forumid=50" />
+
+		<test url="http://forum.cmbchina.com/CMU/images/tp0000.gif" />
+		<test url="http://forum.cmbchina.com/cmu/images/announce.gif" />
+		<test url="http://forum.cmbchina.com/cmu/scripts/default.js" />
+		<test url="http://forum.cmbchina.com/cmu/style/default.css" />
+		<test url="http://forum.cmbchina.com/webpages/firmbankweb/zhiyin.htm" />
+		<test url="http://forum.cmbchina.com/webpages/fxexchange/index.html" />
+
+	<target host="img.jf.cmbchina.com" />
+	<target host="ssl.img.jf.cmbchina.com" />
+	<rule from="^http://(ssl\.)?img\.jf\.cmbchina\.com/"
+			to="https://img.jf.cmbchina.com/" />
+		<test url="http://img.jf.cmbchina.com/images/CM/P60/A0C-706-021.jpg" />
+		<test url="http://ssl.img.jf.cmbchina.com/images/CM/P60/A0C-706-021.jpg" />
+
+	<target host="live.cmbchina.com" />
+	<exclusion pattern="^http://live\.cmbchina\.com/\S+\.aspx" />
+	<rule from="^http://live\.cmbchina\.com/"
+			to="https://forum.cmbchina.com/" />
+		<test url="http://live.cmbchina.com/CmbMobileCredictApply/Default.aspx" />
+		<test url="http://live.cmbchina.com/cmu/viewforum.aspx?forumid=50" />
+
+		<test url="http://live.cmbchina.com/cmbwebshare/Scripts/CmbWebShare.js" />
+		<test url="http://live.cmbchina.com/CMU/images/tp0000.gif" />
+		<test url="http://live.cmbchina.com/cmu/images/announce.gif" />
+		<test url="http://live.cmbchina.com/cmu/scripts/default.js" />
+		<test url="http://live.cmbchina.com/cmu/style/default.css" />
+		<test url="http://live.cmbchina.com/webpages/firmbankweb/zhiyin.htm" />
+		<test url="http://live.cmbchina.com/webpages/fxexchange/index.html" />
+
+	<target host="market.cmbchina.com" />
+	<exclusion pattern="^http://market\.cmbchina\.com/ccard/" />
+		<test url="http://market.cmbchina.com/ccard/business/procard01.html" />
+		<test url="http://market.cmbchina.com/ccard/platinum4/" />
+
+		<test url="http://market.cmbchina.com/brand/wennuanbao/wennuanbao.html" />
+		<test url="http://market.cmbchina.com/corporate/ejia/ejia.html" />
+
+	<target host="mlife.cmbchina.com" />
+	<!-- SSL read: error:00000000:lib(0):func(0):reason(0), errno 104 -->
+	<exclusion pattern="^http://mlife\.cmbchina\.com/$" />
+		<test url="http://mlife.cmbchina.com/Share/show/showModuleData.do" />
+
+	<target host="trip.cmbchina.com" />
+	<exclusion pattern="^http://trip\.cmbchina\.com/(?!StaticFiles/|combres\.axd/|Mgm/|MyTrip/|platinum/)" />
+		<test url="http://trip.cmbchina.com/StaticFiles/js/sdc_cmb.js" />
+		<test url="http://trip.cmbchina.com/StaticFiles/js/sdc_web.js" />
+		<test url="http://trip.cmbchina.com/combres.axd/masterDynamicJs/20161125_10/" />
+		<test url="http://trip.cmbchina.com/Mgm/Mgm2014.html" />
+		<test url="http://trip.cmbchina.com/MyTrip/Account/Login.html" />
+		<test url="http://trip.cmbchina.com/MyTrip/Account/ValidateCode.html" />
+		<test url="http://trip.cmbchina.com/platinum/index.html" />
+		<test url="http://trip.cmbchina.com/Platinum/ShowHotelList.html" />
+
+		<test url="http://trip.cmbchina.com/Exception/NotFound.html" />
+		<test url="http://trip.cmbchina.com/Flight/FlightHome/Index.html" />
+		<test url="http://trip.cmbchina.com/Hotel/HotelHome/Index.html" />
+		<test url="http://trip.cmbchina.com/Hotel/HotelInfo/10001451.html" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CMGdigital.com.xml b/src/chrome/content/rules/CMGdigital.com.xml
deleted file mode 100644
index f521989b5a5f..000000000000
--- a/src/chrome/content/rules/CMGdigital.com.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	CDN buckets:
-
-		- media.cmgdigital.com.edgesuite.net
-
-			- a1726.g.akamai.net
-
-
-	Problematic domains:
-
-		- media.cmgdigital.com	(works, akamai)
-
--->
-<ruleset name="CMGdigital.com">
-
-	<target host="media.cmgdigital.com" />
-
-
-	<rule from="^http://media\.cmgdigital\.com/"
-		to="https://a248.e.akamai.net/f/1726/3609/1m/media.cmgdigital.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/CMP.xml b/src/chrome/content/rules/CMP.xml
index 4d273d2f7108..5bc935c38593 100644
--- a/src/chrome/content/rules/CMP.xml
+++ b/src/chrome/content/rules/CMP.xml
@@ -1,25 +1,33 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://cookies.cmpnet.com/ (200) => https://i.cmpnet.com/ (403)
+
 	For other UBM coverage, see UBM-mismatches.xml.
 
--->
-<ruleset name="CMP">
 
-	<target host="*.cmpnet.com" />
-	<target host="cmpadministration.com" />
-	<target host="www.cmpadministration.com" />
+	Problematic hosts in *cmpnet.com:
+
+		- cookies *
+
+	* Mismatched
+
+-->
+<ruleset name="CMPnet.com" default_off="failed ruleset test">
 
+	<!--	Direct rewrites:
+				-->
+	<target host="i.cmpnet.com" />
 
-	<securecookie host="^www\.cmpadministration\.com$" name=".*" />
+	<!--	Complications:
+				-->
+	<target host="cookies.cmpnet.com" />
 
 
-	<!--	Cert doesn't match cookies.	-->
-	<rule from="^http://(?:cookies|i)\.cmpnet\.com/"
+	<rule from="^http://cookies\.cmpnet\.com/"
 		to="https://i.cmpnet.com/" />
 
-	<!--	- !www doesn't work via https.
-		- Redirects to www via http.
-					-->
-	<rule from="^http://(?:www\.)?cmpadministration\.com/"
-		to="https://www.cmpadministration.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/CMPXCHG8B.xml b/src/chrome/content/rules/CMPXCHG8B.xml
deleted file mode 100644
index 856aad809198..000000000000
--- a/src/chrome/content/rules/CMPXCHG8B.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="CMPXCHG8B">
-
-	<target host="cmpxchg8b.com"/>
-	<target host="*.cmpxchg8b.com"/>
-
-	<rule from="^http://(lock\.|www\.)?cmpxchg8b\.com/"
-		to="https://lock.cmpxchg8b.com/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/CMSWire.xml b/src/chrome/content/rules/CMSWire.xml
index 2b223bdc0c40..9bbc9b250737 100644
--- a/src/chrome/content/rules/CMSWire.xml
+++ b/src/chrome/content/rules/CMSWire.xml
@@ -1,5 +1,19 @@
-<ruleset name="CMSWire" platform="mixedcontent">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.cmswire.com/ => https://www.cmswire.com/: Too many redirects while fetching 'https://www.cmswire.com/'
+Fetch error: http://cmswire.com/ => https://www.cmswire.com/: Too many redirects while fetching 'https://www.cmswire.com/'
+
+-->
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.cmswire.com/ => https://www.cmswire.com/: Too many redirects while fetching 'https://www.cmswire.com/'
+Fetch error: http://cmswire.com/ => https://www.cmswire.com/: Too many redirects while fetching 'https://www.cmswire.com/'
+
+-->
+<ruleset name="CMSWire" platform="mixedcontent" default_off="failed ruleset test">
   <target host="www.cmswire.com"/>
   <target host="cmswire.com"/>
-  <rule from="^http://(www\.)?cmswire\.com/" to="https://www.cmswire.com/"/>
+  <rule from="^http://(?:www\.)?cmswire\.com/" to="https://www.cmswire.com/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/CM_Dev.com.xml b/src/chrome/content/rules/CM_Dev.com.xml
new file mode 100644
index 000000000000..f1c443a8db6c
--- /dev/null
+++ b/src/chrome/content/rules/CM_Dev.com.xml
@@ -0,0 +1,16 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cmdev.com/ => https://cmdev.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.cmdev.com/ => https://www.cmdev.com/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="CM Dev.com" default_off="failed ruleset test">
+
+	<target host="cmdev.com" />
+	<target host="www.cmdev.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CNBC-mixed.xml b/src/chrome/content/rules/CNBC-mixed.xml
deleted file mode 100644
index 3dd346f4e8cb..000000000000
--- a/src/chrome/content/rules/CNBC-mixed.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	For rules that are on by default, see CNBC.xml.
-
-
-	Mixed pages from apps & css from sc
-
--->
-<ruleset name="CNBC (mixed content)" platform="mixedcontent">
-
-	<target host="data.cnbc.com" />
-
-
-	<rule from="^http://data\.cnbc\.com/"
-		to="https://data.cnbc.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/CNBC.com-mixed.xml b/src/chrome/content/rules/CNBC.com-mixed.xml
new file mode 100644
index 000000000000..e9dc418abb51
--- /dev/null
+++ b/src/chrome/content/rules/CNBC.com-mixed.xml
@@ -0,0 +1,9 @@
+<!--
+	For more CNBC.com related, see CNBC.com.xml
+-->
+<ruleset name="CNBC.com (mixed)" platform="mixedcontent">
+	<target host="webcast.cnbc.com" />
+		<test url="http://webcast.cnbc.com/show/futuresnow" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CNBC.com.xml b/src/chrome/content/rules/CNBC.com.xml
new file mode 100644
index 000000000000..56a314692207
--- /dev/null
+++ b/src/chrome/content/rules/CNBC.com.xml
@@ -0,0 +1,55 @@
+<!--
+	Other CNBC.com related ruleset:
+		- CNBC.com-mixed.xml
+
+	Non-functional hosts
+		Couldn't connect to server:
+			 - apps.cnbc.com
+				- http://apps.cnbc.com/company/quote/newindex.asp?symbol=616660
+
+		SSL peer certificate was not OK:
+			 - data.cnbc.com
+			 - product.cnbc.com
+			 - sc.cnbc.com
+			 - video.cnbc.com
+
+		4xx client error:
+			 - bigdata.cnbc.com
+
+		Secure connection redirects to plaintext:
+			 - deliveringalpha.cnbc.com
+			 - futuresnow.cnbc.com
+			 - watchlist.cnbc.com
+
+		Mixed Content Blocking (MCB) tiggered:
+			 - webcast.cnbc.com
+				 - https://webcast.cnbc.com/show/futuresnow
+-->
+<ruleset name="CNBC.com (partial)">
+	<target host="cnbc.com" />
+	<target host="www.cnbc.com" />
+	<target host="commentsapi.cnbc.com" />
+	<target host="fm.cnbc.com" />
+		<test url="http://fm.cnbc.com/applications/cnbc.com/resources/img/editorial/2016/09/14/103940717-DSC_3362-2.350x197.jpg" />
+		<test url="http://fm.cnbc.com/applications/cnbc.com/resources/img/editorial/2017/02/21/104294496-Le_Pen_Germany_.240x160.jpg" />
+		<test url="http://fm.cnbc.com/dynamicyield/8765304/api_static.js" />
+	<target host="gdsapi.cnbc.com" />
+	<target host="login.cnbc.com" />
+		<test url="http://login.cnbc.com/authproxy/portfolio/auth.do?Action=portfolio" />
+	<target host="media.cnbc.com" />
+		<test url="http://media.cnbc.com/i/CNBC/Components/Email/NewsBrief/dotComLogo.jpg" />
+		<test url="http://media.cnbc.com/i/CNBC/Sections/CNBC_TV/CNBC_US/Shows/DonnyDeutsch/Slideshows/071121/DD-05.jpg" />
+		<test url="http://media.cnbc.com/i/CNBC/Sections/CNBC_TV/CNBC_Asia/Schedules/Nikkei_April08.pdf" />
+	<target host="mps.cnbc.com" />
+		<test url="http://mps.cnbc.com/fetch/ext/load-cnbc.com-relaunch.js" />
+	<target host="portfolio.cnbc.com" />
+	<target host="pro.cnbc.com" />
+	<target host="quote.cnbc.com" />
+		<test url="http://quote.cnbc.com/quote-html-webservice/quoteform.htm" />
+	<target host="register.cnbc.com" />
+	<target host="pages.response.cnbc.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CNBC.xml b/src/chrome/content/rules/CNBC.xml
deleted file mode 100644
index 326ef3291c8e..000000000000
--- a/src/chrome/content/rules/CNBC.xml
+++ /dev/null
@@ -1,42 +0,0 @@
-<!--
-	For rules causing mixed content, see CNBC-mixed.xml.
-
-
-	CDN buckets:
-
-		- sc.cnbc.com.edgesuite.net
-
-
-	Nonfunctional subdomains:
-
-		- apps	(no https)
-
-
-	Problematic subdomains:
-
-		- data	(works, mixed active content from apps & sc)
-		- sc	(works, akamai)
-
-
-	Fully covered subdomains:
-
-		- (www.)
-		- fm
-		- login
-		- pro
-		- register
-
--->
-<ruleset name="CNBC (partial)">
-
-	<target host="cnbc.com" />
-	<target host="*.cnbc.com" />
-
-
-	<securecookie host="^(?:login|pro|register|www)\.cnbc\.com$" name=".+" />
-
-
-	<rule from="^http://((?:fm|login|pro|register|www)\.)?cnbc\.com/"
-		to="https://$1cnbc.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/CNES.fr.xml b/src/chrome/content/rules/CNES.fr.xml
new file mode 100644
index 000000000000..357d05b123fe
--- /dev/null
+++ b/src/chrome/content/rules/CNES.fr.xml
@@ -0,0 +1,65 @@
+<!--
+	National Centre for Space Studies
+
+
+	Nonfunctional hosts in *cnes.fr:
+
+		- videotheque *
+
+	* Shows another domain
+
+
+	Problematic hosts in *cnes.fr:
+
+		- cosparhq *
+
+	* Server sends no certificate chain, see https://whatsmychaincert.com
+
+
+	Insecure cookies are set for these hosts:
+
+		- cnes.fr
+		- alktika-saral.cnes.fr
+		- blog.cnes.fr
+		- cfosat.cnes.fr
+		- copernicus.cnes.fr
+		- cosparhq.cnes.fr
+		- forum.cnes.fr
+		- jason.cnes.fr
+		- jason-3.cnes.fr
+		- jeunes.cnes.fr
+		- newsletters.cnes.fr
+		- smos.cnes.fr
+		- swot.cnes.fr
+
+-->
+<ruleset name="CNES.fr (partial)">
+
+	<target host="cnes.fr" />
+	<target host="altika-saral.cnes.fr" />
+	<target host="blog.cnes.fr" />
+	<target host="cfosat.cnes.fr" />
+	<target host="copernicus.cnes.fr" />
+	<!--target host="cosparhq.cnes.fr" /-->
+	<target host="forum.cnes.fr" />
+	<target host="jason.cnes.fr" />
+	<target host="jason-3.cnes.fr" />
+	<target host="jeunes.cnes.fr" />
+	<target host="newsletters.cnes.fr" />
+	<target host="smos.cnes.fr" />
+	<target host="swot.cnes.fr" />
+	<target host="www.cnes.fr" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:(?:altika-saral|cfosat|copernicus|forum|jason|jason-3|jeunes|newsletters|smos|swot)\.)?cnes\.fr$" name="^(?:BIGipServer|TS[\da-f]{8}$|cnes_language$)" /-->
+	<!--securecookie host="^cosparhq\.cnes\.fr$" name="^(?:SESS[\da-f]{32}|TS[\da-f]{8})$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CNET.com.au.xml b/src/chrome/content/rules/CNET.com.au.xml
new file mode 100644
index 000000000000..2f805e550c94
--- /dev/null
+++ b/src/chrome/content/rules/CNET.com.au.xml
@@ -0,0 +1,15 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- www.cnet.com.au
+		- m.cnet.com.au
+		- om.cnet.com.au
+
+		Incomplete certificate chain error:
+		- cnet.com.au
+-->
+<ruleset name="CNET.com.au" default_off="cert-invalid">
+	<target host="cnet.com.au" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CNET.com.xml b/src/chrome/content/rules/CNET.com.xml
new file mode 100644
index 000000000000..cc35a3a7126f
--- /dev/null
+++ b/src/chrome/content/rules/CNET.com.xml
@@ -0,0 +1,47 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+		- blogs.cnet.com
+		- export.cnet.com
+
+		Timeout was reached:
+		- ces.cnet.com
+		- china.cnet.com
+		- cnettv.cnet.com
+		- crave.cnet.com
+		- forums.cnet.com
+		- news.cnet.com
+		- reviews.cnet.com
+		- shopper.cnet.com
+
+		SSL peer certificate was not OK:
+		- descargar.cnet.com
+		- live.cnet.com
+		- paidcontent.cnet.com
+		- telecharger.cnet.com
+
+		Different content:
+		- asia.cnet.com
+
+-->
+<ruleset name="CNET.com">
+	<target host="cnet.com" />
+	<target host="download.beta.cnet.com" />
+	<target host="download.cnet.com" />
+	<target host="downloadsearch.cnet.com" />
+	<target host="es.downloadsearch.cnet.com" />
+	<target host="uk.downloadsearch.cnet.com" />
+	<target host="feed.cnet.com" />
+	<target host="japan.cnet.com" />
+	<target host="s.japan.cnet.com" />
+	<target host="leadgen-cbslnk.cnet.com" />
+	<target host="me.cnet.com" />
+	<target host="podcast-files.cnet.com" />
+	<target host="secure-download.cnet.com" />
+	<target host="download.stage.cnet.com" />
+	<target host="studio61.cnet.com" />
+	<target host="subscribe.cnet.com" />
+	<target host="upload.cnet.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CNETFrance.fr.xml b/src/chrome/content/rules/CNETFrance.fr.xml
new file mode 100644
index 000000000000..160cdf213f7c
--- /dev/null
+++ b/src/chrome/content/rules/CNETFrance.fr.xml
@@ -0,0 +1,9 @@
+<!--
+     For other CBS coverage, see CBS.xml.
+-->
+<ruleset name="CNET France.fr (partial)">
+	<target host="www.cnetfrance.fr" />
+	<target host="forums.cnetfrance.fr" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CNET_content.com.xml b/src/chrome/content/rules/CNET_content.com.xml
new file mode 100644
index 000000000000..cdf00fa3e612
--- /dev/null
+++ b/src/chrome/content/rules/CNET_content.com.xml
@@ -0,0 +1,18 @@
+<!--
+	For other CBS coverage, see CBS.xml.
+
+
+	Web bugs.
+
+-->
+<ruleset name="CNET content.com">
+
+	<target host="ws.cnetcontent.com" />
+
+
+	<securecookie host="^ws\.cnetcontent\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CNN.com.xml b/src/chrome/content/rules/CNN.com.xml
index 98ee6663fcc1..7b7834153bbf 100644
--- a/src/chrome/content/rules/CNN.com.xml
+++ b/src/chrome/content/rules/CNN.com.xml
@@ -1,68 +1,79 @@
 <!--
-	CDN buckets:
-
-		- do17qa6ql691x.cloudfront.net
-
-		- custom.i.cnn.net.edgesuite.net
-
-			- i.a.cnn.net
-
-		- cnnmoney.jobamatic.com
-
-			- jobsearch.money.cnn.com
-
-		- s.cdn.turner.com/money/
-
-
-	Nonfunctional domains:
-
-		- cnn.com subdomains:
-
-			- ^ *	
-			- ads *
-			- edition **
-			- ireport *
-			- mexico ***
-			- money *
-			- realestate.money *
-			- sportsillustrated **
-			- svcs *
-			- transcripts **
-			- us **
-			- www **
-
-		- i.a.cnn.net ***
-		- i.cnn.net *
-
-	* Refused
-	** Dropped
-	*** 503, akamai
-
-
-	Problematic subdomains:
-
-		- jobsearch.money	(works; mismatched, CN: *.jobamatic.com)
-
-
-	Fully covered subdomains:
-
-		- audience
-		- markets.money
-		- portfolio.money
-
+	CNN.com related rulesets:
+		- CNN.net.xml
+		- CNN.io.xml
+
+
+	Connection closed:
+		 - rss.cnn.com
+
+	Connection reset:
+		- smartlink.cnn.com
+
+	Invalid certificate:
+		 - debates.cnn.com
+		 - finance.fortune.cnn.com
+		 - management.fortune.cnn.com
+		 - tech.fortune.cnn.com
+		 - lending.cnn.com
+		 - mexico.cnn.com, equivalent to cnnespanol.cnn.com
+		 - realestate.money.cnn.com, equivalent to cnnmoney.trulia.com
+
+	Redirects to HTTP:
+		 - cnnpressroom.blogs.cnn.com
+		 - thecnnfreedomproject.blogs.cnn.com
+		 - buzz.money.cnn.com
+
+	Timed out:
+		 - transcripts.cnn.com
+		 - cgi.money.cnn.com
 -->
-<ruleset name="CNN.com (partial)">
-
-	<target host="*.cnn.com" />
 
-
-	<securecookie host="^(?:audience|markets\.money)\.cnn\.com$" name=".+" />
-
-
-	<rule from="^http://(audience|(?:markets|portfolio)\.money)\.cnn\.com/"
-		to="https://$1.cnn.com/" />
-
-	<rule from="^http://jobsearch\.money\.cnn\.com/(c/|favicon\.ico)"
-		to="https://cnnmoney.jobamatic.com/$1" />
-
-</ruleset>
\ No newline at end of file
+<ruleset name="CNN.com (partial)">
+	<target host="cnn.com" />
+	<target host="www.cnn.com" />
+	<target host="amp.cnn.com" />
+	<target host="arabic.cnn.com" />
+	<target host="cdn.cnn.com" />
+		<test url="http://cdn.cnn.com/cnn/.e/img/3.0/weather/weatherIcon_01.png" />
+		<test url="http://cdn.cnn.com/cnn/.e1mo/img/4.0/logos/logo_cnn_arabic.png" />
+		<test url="http://cdn.cnn.com/cnn/.e1mo/img/4.0/logos/logo_cnn_nav_bottom.png" />
+	<target host="i.cdn.cnn.com" />
+		<test url="http://i.cdn.cnn.com/cnn/.e/img/3.0/weather/weatherIcon_01.png" />
+		<test url="http://i.cdn.cnn.com/cnn/.e1mo/img/4.0/logos/logo_cnn_arabic.png" />
+		<test url="http://i.cdn.cnn.com/cnn/.e1mo/img/4.0/logos/logo_cnn_nav_bottom.png" />
+	<target host="i2.cdn.cnn.com" />
+		<test url="http://i2.cdn.cnn.com/cnnnext/dam/assets/170313100039-04-climate-change-impact-small-11.jpg" />
+		<test url="http://i2.cdn.cnn.com/cnnnext/dam/assets/170409024444-uss-carl-vinson-large-tease.jpg" />
+		<test url="http://i2.cdn.cnn.com/cnnnext/dam/assets/170423103501-france-election-security-eiffel-overlay-tease.jpg" />
+	<target host="cnnespanol.cnn.com" />
+	<target host="collection.cnn.com" />
+	<target host="commercial.cnn.com" />
+	<target host="edition.cnn.com" />
+	<target host="www.edition.cnn.com" />
+	<target host="go.cnn.com" />
+	<target host="mexico.cnn.com" />
+	<target host="money.cnn.com" />
+	<target host="www.money.cnn.com" />
+	<target host="jobsearch.money.cnn.com" />
+	<target host="markets.money.cnn.com" />
+	<target host="portfolio.money.cnn.com" />
+	<target host="realestate.money.cnn.com" />
+	<target host="podcast.cnn.com" />
+	<target host="www.preview.cnn.com" />
+	<target host="searchapp.cnn.com" />
+	<target host="tours.cnn.com" />
+	<target host="travel.cnn.com" />
+	<target host="us.cnn.com" />
+	<target host="weather.cnn.com" />
+
+	<!-- Strip path and query -->
+	<rule from="^http://mexico\.cnn\.com/(.*)"
+		to="https://cnnespanol.cnn.com/?redirect=cnnmexico" />
+		<test url="http://mexico.cnn.com/this-gets-stripped" />
+
+	<rule from="^http://realestate\.money\.cnn\.com/"
+		to="https://cnnmoney.trulia.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CNN.io.xml b/src/chrome/content/rules/CNN.io.xml
new file mode 100644
index 000000000000..d9e6f5aa42f8
--- /dev/null
+++ b/src/chrome/content/rules/CNN.io.xml
@@ -0,0 +1,26 @@
+<!--
+	 See CNN.com.xml for other CNN related rulesets
+
+-->
+<ruleset name="CNN.io">
+
+	<target host="cerebro.api.cnn.io" />
+	<target host="fave.api.cnn.io" />
+		<test url="http://fave.api.cnn.io/v1/video?id=cnnmoney/2017/03/08/mostly-human-silicon-valleys-secret.cnnmoney&#x26;customer=cnn&#x26;edition=international&#x26;env=prod" />
+	<target host="registry.api.cnn.io" />
+		<test url="http://registry.api.cnn.io/bundles/injectorjs/0.9.0/injector" />
+	<target host="search.api.cnn.io" />
+		<test url="http://search.api.cnn.io/content?q=AlphaGo" />
+	<target host="graphql.verticals.api.cnn.io" />
+	<target host="weather.api.cnn.io" />
+	<target host="ix.cnn.io" />
+	<target host="lite.cnn.io" />
+	<target host="verticals.static.cnn.io" />
+	<target host="darwin.cnn-travel-vertical.ui.cnn.io" />
+	<target host="vogon.cnn.io" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
+
+
diff --git a/src/chrome/content/rules/CNN.net.xml b/src/chrome/content/rules/CNN.net.xml
new file mode 100644
index 000000000000..1cedeab1981a
--- /dev/null
+++ b/src/chrome/content/rules/CNN.net.xml
@@ -0,0 +1,31 @@
+<!--
+	For more CNN.com related ruleset, see CNN.com.xml
+
+	Non-functional hosts
+		Couldn't connect to server:
+			 - cnn.net
+			 - www.cnn.net
+			 - a.cnn.net
+
+		Timeout was reached:
+			 - i1.cnn.net
+			 - i4.cnn.net
+
+		SSL peer certificate was not OK:
+			 - e.a.cnn.net
+			 - i.a.cnn.net
+			 - m.a.cnn.net
+			 - s.a.cnn.net
+			 - i.cnn.net
+			 - i.l.cnn.net
+
+		Mixed Content Blocking (MCB) tiggered:
+			 - podcasts.cnn.net
+-->
+<ruleset name="CNN.net (partial)">
+	<target host="io.cnn.net" />
+		<test url="http://io.cnn.net/nba/nba/.element/media/2.0/teamsites/knicks/media/account-manager/Print.pdf" />
+	<target host="s.cnn.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CNNIC.net.cn.xml b/src/chrome/content/rules/CNNIC.net.cn.xml
new file mode 100644
index 000000000000..fed35d2f7565
--- /dev/null
+++ b/src/chrome/content/rules/CNNIC.net.cn.xml
@@ -0,0 +1,20 @@
+<!--
+	Invalid certificate:
+		- whois.cnnic.net.cn, equivalent to whois.cnnic.cn
+
+	Timed out:
+		- ipwhois.cnnic.net.cn
+-->
+
+<ruleset name="CNNIC.net.cn">
+	<target host="cnnic.net.cn" />
+	<target host="www.cnnic.net.cn" />
+	<target host="whois.cnnic.net.cn" />
+
+	<!-- Plain redirect, strip path and query -->
+	<rule from="^http://whois\.cnnic\.net\.cn/.*"
+		to="https://whois.cnnic.cn/" />
+		<test url="http://whois.cnnic.net.cn/HelpServlet" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CNNumerique.fr.xml b/src/chrome/content/rules/CNNumerique.fr.xml
new file mode 100644
index 000000000000..9c04c08114b6
--- /dev/null
+++ b/src/chrome/content/rules/CNNumerique.fr.xml
@@ -0,0 +1,17 @@
+<!--
+	Invalid certificate:
+		live.contribuez.cnnumerique.fr
+		up.cnnumerique.fr
+
+-->
+<ruleset name="Conseil National du Numérique">
+
+	<target host="cnnumerique.fr" />
+	<target host="www.cnnumerique.fr" />
+	<target host="contribuez.cnnumerique.fr" />
+	<target host="www.contribuez.cnnumerique.fr" />
+	<target host="tes.cnnumerique.fr" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/COIN-OR.org.xml b/src/chrome/content/rules/COIN-OR.org.xml
new file mode 100644
index 000000000000..e5453e4b46a4
--- /dev/null
+++ b/src/chrome/content/rules/COIN-OR.org.xml
@@ -0,0 +1,26 @@
+<!--
+	Different content http/https:
+		coin-or.org
+		optimization-suite.coin-or.org
+		wptest.coin-or.org
+
+	Invalid certificate:
+		hudson.coin-or.org
+
+	http://*.coin-or.org redirects to https://www.coin-or.org
+
+-->
+<ruleset name="COIN-OR.org">
+
+	<target host="www.coin-or.org" />
+	<target host="git.coin-or.org" />
+	<target host="list.coin-or.org" />
+	<target host="projects.coin-or.org" />
+	<target host="svn.coin-or.org" />
+
+	<securecookie host="^projects\.coin-or\.org$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/COLLADA.xml b/src/chrome/content/rules/COLLADA.xml
deleted file mode 100644
index 2e0a575fb41a..000000000000
--- a/src/chrome/content/rules/COLLADA.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	For other Khronos Group coverage, see Khronos_Group.xml.
-
-
-	www: cert only matches ^collada.org
-
--->
-<ruleset name="COLLADA">
-
-	<target host="collada.org" />
-	<target host="www.collada.org" />
-
-
-	<securecookie host="^collada\.org$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?collada\.org/"
-		to="https://collada.org/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/COLLEGEclubLIFE.com.xml b/src/chrome/content/rules/COLLEGEclubLIFE.com.xml
deleted file mode 100644
index 35ad6324b60a..000000000000
--- a/src/chrome/content/rules/COLLEGEclubLIFE.com.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="COLLEGEclubLIFE.com">
-
-	<target host="collegeclublife.com" />
-	<target host="*.collegeclublife.com" />
-
-
-	<securecookie host="^(?:.*\.)?collegeclublife\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?collegeclublife\.com/"
-		to="https://$1collegeclublife.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/COMNAP.aq.xml b/src/chrome/content/rules/COMNAP.aq.xml
index af28d366afef..845e53a63a2d 100644
--- a/src/chrome/content/rules/COMNAP.aq.xml
+++ b/src/chrome/content/rules/COMNAP.aq.xml
@@ -8,7 +8,7 @@
 	<target host="www.comnap.aq" />
 
 
-	<rule from="^http://(www\.)?comnap\.aq/"
-		to="https://$1comnap.aq/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/COSMOS_magazine.xml b/src/chrome/content/rules/COSMOS_magazine.xml
index 4822aec95606..0945277cfe60 100644
--- a/src/chrome/content/rules/COSMOS_magazine.xml
+++ b/src/chrome/content/rules/COSMOS_magazine.xml
@@ -16,7 +16,7 @@
 	<target host="*.cosmosmagazine.com" />
 
 
-	<rule from="^https?://cdn\d\.cosmosmagazine\.com/"
+	<rule from="^http://cdn\d\.cosmosmagazine\.com/"
 		to="https://d1dop0qewlixo7.cloudfront.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/COSPAR-Assembly.org.xml b/src/chrome/content/rules/COSPAR-Assembly.org.xml
new file mode 100644
index 000000000000..061a16415373
--- /dev/null
+++ b/src/chrome/content/rules/COSPAR-Assembly.org.xml
@@ -0,0 +1,13 @@
+<ruleset name="COSPAR-Assembly.org">
+
+	<target host="cospar-assembly.org" />
+	<target host="www.cospar-assembly.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/COUNTER.xml b/src/chrome/content/rules/COUNTER.xml
index 21ae72ebc51c..f1ffe2f51e86 100644
--- a/src/chrome/content/rules/COUNTER.xml
+++ b/src/chrome/content/rules/COUNTER.xml
@@ -1,4 +1,4 @@
-<ruleset name="COUNTER" default_off="mismatch">
+<ruleset name="COUNTER" default_off="mismatched">
 
 	<!--	Cert: *.iop.org		-->
 	<target host="projectcounter.org" />
diff --git a/src/chrome/content/rules/COZmedics.com.au.xml b/src/chrome/content/rules/COZmedics.com.au.xml
new file mode 100644
index 000000000000..682fcb05dd8f
--- /dev/null
+++ b/src/chrome/content/rules/COZmedics.com.au.xml
@@ -0,0 +1,19 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cozmedics.com.au/ => https://cozmedics.com.au/: Too many redirects while fetching 'https://cozmedics.com.au/'
+Fetch error: http://www.cozmedics.com.au/ => https://www.cozmedics.com.au/: Too many redirects while fetching 'https://www.cozmedics.com.au/'
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://cozmedics.com.au/ => https://cozmedics.com.au/: (7, 'Failed to connect to cozmedics.com.au port 443: Connection refused')
+Fetch error: http://www.cozmedics.com.au/ => https://www.cozmedics.com.au/: Cycle detected - URL already encountered: https://www.cozmedics.com.au/
+-->
+<ruleset name="COZmedics.com.au" default_off="failed ruleset test">
+
+	<target host="cozmedics.com.au" />
+	<target host="www.cozmedics.com.au" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CPAN.org.xml b/src/chrome/content/rules/CPAN.org.xml
new file mode 100644
index 000000000000..b15c180911d3
--- /dev/null
+++ b/src/chrome/content/rules/CPAN.org.xml
@@ -0,0 +1,22 @@
+<!--
+	Mismatched:
+		- bugs
+		- ftp
+		- mirror
+		- mirrors
+-->
+<ruleset name="CPAN.org">
+	<target host="cpan.org" />
+	<target host="www.cpan.org" />
+	<target host="backpan.cpan.org" />
+	<target host="kobesearch.cpan.org" />
+	<target host="lists.cpan.org" />
+	<target host="pause.cpan.org" />
+	<target host="perldoc.cpan.org" />
+	<target host="ratings.cpan.org" />
+	<target host="rt.cpan.org" />
+	<target host="search.cpan.org" />
+	<target host="testers.cpan.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CPDB.co.xml b/src/chrome/content/rules/CPDB.co.xml
new file mode 100644
index 000000000000..9ab038c1e826
--- /dev/null
+++ b/src/chrome/content/rules/CPDB.co.xml
@@ -0,0 +1,16 @@
+<!--
+	See also CPDP.co.xml
+
+	Invalid certificates:
+		explore.cpdb.co
+		ms.cpdb.co
+-->
+<ruleset name="CPDB.co">
+	<target host="cpdb.co" />
+	<target host="www.cpdb.co" />
+	<target host="beta.cpdb.co" />
+	<target host="m.cpdb.co" />
+	<target host="staging.cpdb.co" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CPDP.co.xml b/src/chrome/content/rules/CPDP.co.xml
new file mode 100644
index 000000000000..206b9b969be8
--- /dev/null
+++ b/src/chrome/content/rules/CPDP.co.xml
@@ -0,0 +1,14 @@
+<!--
+	See also CPDB.co.xml
+
+	Refused:
+		ms.cpdp.co
+		staging.cpdp.co
+-->
+<ruleset name="CPDP.co">
+	<target host="www.cpdp.co" />
+	<target host="beta.cpdp.co" />
+	<target host="mb.cpdp.co" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CPIB.ac.uk.xml b/src/chrome/content/rules/CPIB.ac.uk.xml
new file mode 100644
index 000000000000..8efe5924a596
--- /dev/null
+++ b/src/chrome/content/rules/CPIB.ac.uk.xml
@@ -0,0 +1,19 @@
+<!--
+	Centre for Plant Integrative Biology
+
+	For other University of Nottingham coverage, see NottinghamAC.xml.
+
+-->
+<ruleset name="CPIB.ac.uk">
+
+	<target host="cpib.ac.uk" />
+	<target host="www.cpib.ac.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CPJ.xml b/src/chrome/content/rules/CPJ.xml
index 27b8060a4894..f238a0d3afb7 100644
--- a/src/chrome/content/rules/CPJ.xml
+++ b/src/chrome/content/rules/CPJ.xml
@@ -1,6 +1,24 @@
-<ruleset name="CPJ">
-  <target host="www.cpj.org" />
-  <target host="cpj.org" />
+<!--
+	Insecure cookies are set for these domains:
 
-  <rule from="^http://(www\.)?cpj\.org/" to="https://$1cpj.org/"/>
+		- .cpj.org
+
+-->
+<ruleset name="CPJ.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="cpj.org" />
+	<target host="www.cpj.org" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.cpj\.org$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/CPMStar.xml b/src/chrome/content/rules/CPMStar.xml
index 01b821ad63cd..f7e086c51228 100644
--- a/src/chrome/content/rules/CPMStar.xml
+++ b/src/chrome/content/rules/CPMStar.xml
@@ -2,31 +2,46 @@
 	CDN buckets:
 
 		- cpmstar.vo.llnwd.net
-
 			- cdn
 
-
 	Problematic subdomains:
 
 		- cdn	(400, CN: *.hs.llnwd.net)
 
+	Insecure cookies are set for these domains and hosts: ᶜ
 
-	Fully covered subdomains:
+		- ssl.cdne.cpmstar.com
+		- .server.cpmstar.com
 
-		- cdn	(→ server)
+	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="CPMStar">
+<ruleset name="CPMStar.com" >
 
+	<!--	Direct rewrites:
+				-->
 	<target host="cpmstar.com" />
-	<target host="*.cpmstar.com" />
+	<target host="www.cpmstar.com" />
+
+	<target host="ssl.cdne.cpmstar.com" />
+	<target host="server.cpmstar.com" />
 	<target host="www.server.cpmstar.com" />
 
+	<!--	Complications:
+				-->
+	<target host="cdn.cpmstar.com" />
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.server\.cpmstar\.com$" name="^(USER_ID|n15)$" /-->
+
+	<securecookie host="^\.server\." name=".+" />
 
-	<rule from="^http://(www\.)?(server\.)?cpmstar\.com/"
-		to="https://$1$2cpmstar.com/" />
 
 	<rule from="^http://cdn\.cpmstar\.com/"
 		to="https://server.cpmstar.com/" />
 
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/CPM_Rocket.com.xml b/src/chrome/content/rules/CPM_Rocket.com.xml
index c8ef0f05d99d..a84ed3b7a4c5 100644
--- a/src/chrome/content/rules/CPM_Rocket.com.xml
+++ b/src/chrome/content/rules/CPM_Rocket.com.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://adk2cdn.cpmrocket.com/ => https://d38cp5x90nxyo0.cloudfront.net/: (6, 'Could not resolve host: d38cp5x90nxyo0.cloudfront.net')
+
 	CDN buckets:
 
 		- d38cp5x90nxyo0.cloudfront.net
@@ -11,7 +15,7 @@
 		- (www.)	(dropped)
 
 -->
-<ruleset name="CPM Rocket.com (partial)">
+<ruleset name="CPM Rocket.com (partial)" default_off="failed ruleset test">
 
 	<target host="adk2cdn.cpmrocket.com" />
 
diff --git a/src/chrome/content/rules/CPS-Datensysteme.de.xml b/src/chrome/content/rules/CPS-Datensysteme.de.xml
new file mode 100644
index 000000000000..6b24e0266c33
--- /dev/null
+++ b/src/chrome/content/rules/CPS-Datensysteme.de.xml
@@ -0,0 +1,25 @@
+<!--
+	Login required:
+		- kb.cps-datensysteme.de
+
+	MCB:
+		- www.facebook.com/plugins/likebox.php
+
+	Unable to connect:
+		- orms.cps-datensysteme.de
+-->
+<ruleset name="CPS-Datensysteme.de">
+	<target host="cps-datensysteme.de" />
+	<target host="www.cps-datensysteme.de" />
+	<target host="arpgui.cps-datensysteme.de" />
+	<target host="blog.cps-datensysteme.de" />
+	<target host="filexchange.cps-datensysteme.de" />
+	<target host="gui.cps-datensysteme.de" />
+	<target host="helpdesk.cps-datensysteme.de" />
+		<test url="http://helpdesk.cps-datensysteme.de/webchat/" />
+	<target host="news.cps-datensysteme.de" />
+	<target host="whois.cps-datensysteme.de" />
+	<target host="wiki.cps-datensysteme.de" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CPSC.xml b/src/chrome/content/rules/CPSC.xml
deleted file mode 100644
index aa60f75c2d6c..000000000000
--- a/src/chrome/content/rules/CPSC.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- cs	(shows www; mismatched, CN: www.cpsc.gov)
-
--->
-<ruleset name="CPSC.gov" platform="mixedcontent">
-
-	<target host="cpsc.gov" />
-	<target host="*.cpsc.gov" />
-
-
-	<securecookie host="^\.cpsc\.gov$" name="^ZNPCQ003-\d{8}$" />
-	<securecookie host="^www\.cpsc\.gov$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?cpsc\.gov/"
-		to="https://www.cpsc.gov/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/CPU_Benchmark.net.xml b/src/chrome/content/rules/CPU_Benchmark.net.xml
new file mode 100644
index 000000000000..65831cf417d1
--- /dev/null
+++ b/src/chrome/content/rules/CPU_Benchmark.net.xml
@@ -0,0 +1,27 @@
+<!--
+	For other PassMark coverage, see PassMark.com.xml.
+
+
+	Mixed content:
+
+		- Image from www.passmark.com *
+
+	* Secured by us
+
+-->
+<ruleset name="CPU Benchmark.net">
+
+	<target host="cpubenchmark.net" />
+	<target host="www.cpubenchmark.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?cpubenchmark\.net$" name="^PHPSESSID" /-->
+
+	<securecookie host="^(?:www\.)?cpubenchmark\.net$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CPanel.com.xml b/src/chrome/content/rules/CPanel.com.xml
new file mode 100644
index 000000000000..c4323defd8bd
--- /dev/null
+++ b/src/chrome/content/rules/CPanel.com.xml
@@ -0,0 +1,41 @@
+<!--
+	Nonfunctional hosts in *cpanel.com:
+
+		- conference15 *
+
+	* Shows default page
+
+
+	These altnames don't exist:
+
+		- www.applications.cpanel.com
+
+
+	Mixed content:
+
+		- iframe on jobs from player.vimeo.com
+		- css on (www.)?, news, releases from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="cPanel.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="cpanel.com" />
+	<target host="applications.cpanel.com" />
+	<target host="blog.cpanel.com" />
+	<target host="blogs.cpanel.com" />
+	<target host="conference.cpanel.com" />
+	<target host="jobs.cpanel.com" />
+	<target host="news.cpanel.com" />
+	<target host="releases.cpanel.com" />
+	<target host="security.cpanel.com" />
+	<target host="www.cpanel.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CPanel.guru.xml b/src/chrome/content/rules/CPanel.guru.xml
new file mode 100644
index 000000000000..9bd2525c766b
--- /dev/null
+++ b/src/chrome/content/rules/CPanel.guru.xml
@@ -0,0 +1,18 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cpanel.guru/ => https://cpanel.guru/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.cpanel.guru/ => https://www.cpanel.guru/: (60, 'SSL certificate problem: certificate has expired')
+
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://cpanel.guru/ (200) => https://cpanel.guru/ (401)
+-->
+<ruleset name="cPanel.guru" default_off="failed ruleset test">
+
+	<target host="cpanel.guru" />
+	<target host="www.cpanel.guru" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CPanel.xml b/src/chrome/content/rules/CPanel.xml
index a564a63682bb..cee3ce1409fd 100644
--- a/src/chrome/content/rules/CPanel.xml
+++ b/src/chrome/content/rules/CPanel.xml
@@ -1,29 +1,94 @@
+
 <!--
-	Nonfunctional:
+Disabled by https-everywhere-checker because:
+Fetch error: http://mt.cpanel.net/ => https://mt.cpanel.net/: (6, 'Could not resolve host: mt.cpanel.com')
+Fetch error: http://podcast.cpanel.net/ => https://podcast.cpanel.net/: (6, 'Could not resolve host: podcast.cpanel.com')
+
+	Nonfunctional hosts in *cpanel.net:
+
+		- httpupdate ²
+		- layer1 ²
+
+	² Refused
+
+
+	Problematic hosts in *cpanel.net:
+
+		- applications *
+		- blogs *
+		- exams *
+		- go ²
+		- job.listings *
+
+	* Mismatched
+	² Insecure renegotiation
 
-		- docs		(http reply)
 
+	Insecure cookies are set for these hosts:
 
-	Fully covered subdomains:
+		- documentation.cpanel.net
+		- exams.cpanel.net
+		- forums.cpanel.net
+		- job.listings.cpanel.net
+		- partnernoc.cpanel.net
+		- store.cpanel.net
+		- tickets.cpanel.net
 
-		- (www.)
-		- forums
-		- manage2
-		- mt
-		- tickets
+
+	Mixed content:
+
+		- css on job.listings from jobs.cpanel.com
+		- Images on job.listings from jobs.cpanel.com
+
+	* Secured by us
 
 -->
-<ruleset name="cPanel (partial)" platform="mixedcontent">
+<ruleset name="cPanel.net (partial)" default_off="failed ruleset test">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="cpanel.net" />
-	<target host="*.cpanel.net" />
-		<exclusion pattern="^http://docs\." />
+	<target host="docs.cpanel.net" />
+	<target host="documentation.cpanel.net" />
+	<target host="features.cpanel.net" />
+	<target host="forums.cpanel.net" />
+	<target host="go.cpanel.net" />
+	<target host="manage2.cpanel.net" />
+	<target host="mt.cpanel.net" />
+	<target host="partnernoc.cpanel.net" />
+	<target host="podcast.cpanel.net" />
+	<target host="security.cpanel.net" />
+	<target host="store.cpanel.net" />
+	<target host="tickets.cpanel.net" />
+	<target host="university.cpanel.net" />
+	<target host="verify.cpanel.net" />
+	<target host="videos.cpanel.net" />
+	<target host="www.cpanel.net" />
+
+	<!--	Complications:
+				-->
+	<target host="applications.cpanel.net" />
+	<target host="blogs.cpanel.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^documentation\.cpanel\.net$" name="^JSESSIONID$" /-->
+	<!--securecookie host="^(?:exams|forums|job\.listings)\.cpanel\.net$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^partnernoc\.cpanel\.net$" name="^PARTNERSID$" /-->
+	<!--securecookie host="^store\.cpanel\.net$" name="^CPSTORESESSID$" /-->
+	<!--securecookie host="^tickets\.cpanel\.net$" name="^TKTSCUSTSESSID$" /-->
+
+	<securecookie host=".+" name=".+" />
 
 
-	<securecookie host="^(?:.*\.)?cpanel\.net$" name=".+" />
+	<rule from="^http://applications\.cpanel\.net/"
+		to="https://applications.cpanel.com/" />
 
+	<rule from="^http://blogs\.cpanel\.net/"
+		to="https://blogs.cpanel.com/" />
 
-	<rule from="^http://((forums|manage2|mt|tickets|www)\.)?cpanel\.net/"
-		to="https://$1cpanel.net/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/CPlusPlus.com.xml b/src/chrome/content/rules/CPlusPlus.com.xml
new file mode 100644
index 000000000000..155ae21e6d82
--- /dev/null
+++ b/src/chrome/content/rules/CPlusPlus.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="CPlusPlus.com">
+	<target host="cplusplus.com" />
+	<target host="www.cplusplus.com" />
+	<target host="related.cplusplus.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CQRCengage.com.xml b/src/chrome/content/rules/CQRCengage.com.xml
new file mode 100644
index 000000000000..4b912fd0f787
--- /dev/null
+++ b/src/chrome/content/rules/CQRCengage.com.xml
@@ -0,0 +1,20 @@
+<!--
+	Fully covered hosts in *cqrcengage.com:
+
+		- (www.)?
+		- iframed
+
+-->
+<ruleset name="CQRCengage.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="cqrcengage.com" />
+	<target host="iframed.cqrcengage.com" />
+	<target host="www.cqrcengage.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CQ_Roll_Call.xml b/src/chrome/content/rules/CQ_Roll_Call.xml
index f199b2d0db19..2fc04f1495de 100644
--- a/src/chrome/content/rules/CQ_Roll_Call.xml
+++ b/src/chrome/content/rules/CQ_Roll_Call.xml
@@ -3,27 +3,31 @@
 
 		- Capwiz.com.xml
 
+	Expired hosts in *cqrollcall.com:
 
-	Nonfunctional subdomains:
+		- ae
+		- connectivity
+		- insightnews
 
-		- (www.) *
-		- corporate *
+	Mismatched hosts in *cqrollcall.com:
 
-	* Interrupted
-
-
-	Mixed image on secure from corporate
+		- info
+		- link
 
 -->
-<ruleset name="CQ Roll Call (partial)">
-
-	<target host="secure.cqrollcall.com" />
+<ruleset name="CQ Roll Call" platform="mixedcontent">
 
+        <target host="cqrollcall.com" />
+        <target host="www.cqrollcall.com" />
+        <target host="corporate.cqrollcall.com" />
+        <target host="emergency.cqrollcall.com" />
+        <target host="newsphotos.cqrollcall.com" />
+        <target host="publishing.cqrollcall.com" />
+        <target host="wp.cqrollcall.com" />
 
-	<securecookie host="^secure\.cqrollcall\.com$" name=".+" />
 
+        <rule from="^http:"
+                to="https:" />
 
-	<rule from="^http://secure\.cqrollcall\.com/"
-		to="https://secure.cqrollcall.com/" />
+</ruleset>
 
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/CRC.id.au.xml b/src/chrome/content/rules/CRC.id.au.xml
new file mode 100644
index 000000000000..6128435ba7b1
--- /dev/null
+++ b/src/chrome/content/rules/CRC.id.au.xml
@@ -0,0 +1,22 @@
+<!--
+	Nonfunctional subdomains:
+
+		- gaming ¹
+		- au1.mirror ²
+		- photos ²
+		- xen ²
+
+	¹ Refused
+	² Shows web.crchosting.net.au
+
+-->
+<ruleset name="CRC.id.au (partial)">
+
+	<target host="crc.id.au" />
+	<target host="www.crc.id.au" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CREW.xml b/src/chrome/content/rules/CREW.xml
index f00547423af1..65879020972c 100644
--- a/src/chrome/content/rules/CREW.xml
+++ b/src/chrome/content/rules/CREW.xml
@@ -1,18 +1,22 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.secure.citizensforethics.org/ => https://www.secure.citizensforethics.org/: (6, 'Could not resolve host: www.secure.citizensforethics.org')
+
 	Nonfunctional subdomains:
 
 		- (www.)	(shows secure; mismatched, CN: secure.citizensforethics.org)
 
 -->
-<ruleset name="CREW (partial)">
+<ruleset name="CREW (partial)" default_off="failed ruleset test">
 
-	<target host="*.citizensforethics.org" />
+	<target host="secure.citizensforethics.org" />
+	<target host="www.secure.citizensforethics.org" />
 
 
 	<securecookie host="^\.?secure\.citizensforethics\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?secure\.citizensforethics\.org/"
-		to="https://$1secure.citizensforethics.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/CRMMetrix.xml b/src/chrome/content/rules/CRMMetrix.xml
deleted file mode 100644
index 1079ee22d066..000000000000
--- a/src/chrome/content/rules/CRMMetrix.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="CRM Metrix">
-	<target host="www.crm-metrix.com" />
-	<target host="crm-metrix.com" />
-
-	<rule from="^http://(?:www\.)?crm-metrix\.com/" to="https://www.crm-metrix.com/" />
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/CRN.xml b/src/chrome/content/rules/CRN.xml
index a9eb86d6a0eb..9967504a1a2f 100644
--- a/src/chrome/content/rules/CRN.xml
+++ b/src/chrome/content/rules/CRN.xml
@@ -1,11 +1,21 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://crn.com/ => https://crn.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://crn.verticalsearchworks.com/ => https://ad-secure.firstlightera.com/: (51, "SSL: no alternative certificate subject name matches target host name 'ad-secure.firstlightera.com'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://crn.com/ => https://crn.com/: Cycle detected - URL already encountered: https://www.crn.com/
+Fetch error: http://crn.verticalsearchworks.com/ => https://ad-secure.firstlightera.com/: (51, "SSL: no alternative certificate subject name matches target host name 'ad-secure.firstlightera.com'")
 	For other UBM coverage, see UBM-mismatches.xml.
 
 -->
-<ruleset name="CRN" platform="mixedcontent">
+<ruleset name="CRN" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="crn.com" />
-	<target host="*.crn.com" />
+	<target host="i.crn.com" />
+	<target host="signin.crn.com" />
+	<target host="www.crn.com" />
 	<!--
 		Should be in a vert... ruleset
 						-->
@@ -20,10 +30,9 @@
 	<securecookie host="^.*\.crn\.com$" name=".+" />
 
 
-	<rule from="^http://(i\.|signin\.|www\.)?crn\.com/"
-		to="https://$1crn.com/" />
 
 	<rule from="^http://crn\.verticalsearchworks\.com/"
 		to="https://ad-secure.firstlightera.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/CRU-Inc.com.xml b/src/chrome/content/rules/CRU-Inc.com.xml
new file mode 100644
index 000000000000..5c4d0162376d
--- /dev/null
+++ b/src/chrome/content/rules/CRU-Inc.com.xml
@@ -0,0 +1,44 @@
+<!--
+	Other CRU Acquisition Group rulesets:
+
+		- WiebeTech.com.xml
+
+
+	Problematic hosts in *cru-inc.com:
+
+		- blog ᵐ
+		- info ᵐ
+
+	ᵐ HubSpot / mismatched
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- .cru-inc.com
+		- www.cru-inc.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="CRU-Inc.com (partial)">
+
+	<target host="cru-inc.com" />
+	<target host="www.cru-inc.com" />
+
+		<!--	Mixed images:
+					-->
+		<!--test url="http://www.cru-inc.com/cru-wiebetech/" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.cru-inc\.com$" name="^CRUCART$" /-->
+	<!--securecookie host="^www\.cru-inc\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CS-Cart.xml b/src/chrome/content/rules/CS-Cart.xml
index 7fa40652510f..8ace56b79c06 100644
--- a/src/chrome/content/rules/CS-Cart.xml
+++ b/src/chrome/content/rules/CS-Cart.xml
@@ -1,13 +1,12 @@
 <ruleset name="CS-Cart">
 
 	<target host="cs-cart.com" />
-	<target host="*.cs-cart.com" />
+	<target host="www.cs-cart.com" />
 
 
 	<securecookie host="^\.cs-cart\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?cs-cart\.com/"
-		to="https://$1cs-cart.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/CSA-CEE-Summit.eu.xml b/src/chrome/content/rules/CSA-CEE-Summit.eu.xml
new file mode 100644
index 000000000000..02bcbde18dbc
--- /dev/null
+++ b/src/chrome/content/rules/CSA-CEE-Summit.eu.xml
@@ -0,0 +1,14 @@
+<!--
+	NB: Server sends no certificate chain, see https://whatsmychaincert.com
+
+-->
+<ruleset name="CSA-CEE-Summit.eu" default_off="expired, missing certificate chain">
+
+	<target host="csa-cee-summit.eu" />
+	<target host="www.csa-cee-summit.eu" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CSAF.cz.xml b/src/chrome/content/rules/CSAF.cz.xml
deleted file mode 100644
index 7e4160b22784..000000000000
--- a/src/chrome/content/rules/CSAF.cz.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="CSAF" default_off="self-signed">
-  <target host="www.csaf.cz" />
-  <target host="csaf.cz" />
-
-  <rule from="^http://(?:www\.)?csaf\.cz/" to="https://csaf.cz/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/CSBA_Academy.com.xml b/src/chrome/content/rules/CSBA_Academy.com.xml
new file mode 100644
index 000000000000..803ef3a2e61d
--- /dev/null
+++ b/src/chrome/content/rules/CSBA_Academy.com.xml
@@ -0,0 +1,40 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://csbaacademy.com/ => http://csbaacademy.com/: (6, 'Could not resolve host: csbaacademy.com')
+Fetch error: http://www.csbaacademy.com/ => http://www.csbaacademy.com/: (6, 'Could not resolve host: www.csbaacademy.com')
+
+	Colorado Softball & Baseball Academy
+
+
+	Mixed content:
+
+		- Images on www from www *
+
+	* Unsecurable
+
+-->
+<ruleset name="CSBA Academy.com (partial)" default_off="failed ruleset test">
+
+	<target host="csbaacademy.com" />
+	<target host="www.csbaacademy.com" />
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="^http://(www\.)?csbaacademy.com/+($|\?|(cage|instructors|proshop)($|[?/]|\.php)|favicon\.ico|_images/)" /-->
+
+
+	<rule from="^http://(www\.)?csbaacademy\.com/(?=login\.php|_scripts/)"
+		to="https://$1csbaacademy.com/" />
+
+	<!--	Redirects to http:
+					-->
+	<rule from="^http://(www\.)?csbaacademy\.com/login/?(?=$|\?)"
+		to="https://$1csbaacademy.com/login.php" />
+
+	<!--	Ditto:
+			-->
+	<rule from="^http://(www\.)?csbaacademy\.com/register\.php(?=$|\?)"
+		to="https://$1csbaacademy.com/register/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CSC-Visa-Information-Service.xml b/src/chrome/content/rules/CSC-Visa-Information-Service.xml
index ec5d24596834..5b3636df85fd 100644
--- a/src/chrome/content/rules/CSC-Visa-Information-Service.xml
+++ b/src/chrome/content/rules/CSC-Visa-Information-Service.xml
@@ -1,13 +1,12 @@
 <ruleset name="CSC Visa Information Service">
 
 	<target host="usvisa-info.com" />
-	<target host="*.usvisa-info.com" />
+	<target host="www.usvisa-info.com" />
 
 
-	<securecookie host="^(.*\.)usvisa-info.com$" name=".*" />
+	<securecookie host="^(?:.*\.)usvisa-info.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?usvisa-info\.com/"
-		to="https://$1usvisa-info.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/CSC.com.xml b/src/chrome/content/rules/CSC.com.xml
new file mode 100644
index 000000000000..6f32d7e7e8e7
--- /dev/null
+++ b/src/chrome/content/rules/CSC.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="CSC.com">
+	<target host="csc.com" />
+	<target host="www.csc.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CSC.xml b/src/chrome/content/rules/CSC.xml
deleted file mode 100644
index b8e8b0a8a300..000000000000
--- a/src/chrome/content/rules/CSC.xml
+++ /dev/null
@@ -1,54 +0,0 @@
-<!--
-	CDN buckets:
-
-		- s3.amazonaws.com/assets[1-4].csc.com/
-		- s3.amazonaws.com/assetsdev[1-4].csc.com/
-
-		- d22z1n4koknpni.cloudfront.net
-
-			- assetsdev2
-
-		- d2vblp5odpf1nm.cloudfront.net
-
-			- assetsdev3
-
-		- dkoz0rlg89gph.cloudfront.net
-
-			- assetsdev4
-
-
-	Problematic subdomains:
-
-		- ^		(cert only matches *.csc.com)
-		- assetsdev1	(AmazonWS)
-
-
-	Some pages redirect to http
-
--->
-<ruleset name="CSC (partial)">
-
-	<target host="csc.com" />
-	<target host="*.csc.com" />
-		<exclusion pattern="^http://(?:staging\.|www\.)?csc\.com/(?!favicon\.ico|images/|stylesheets/)" />
-
-
-	<rule from="^http://(?:www\.)?csc\.com/"
-		to="https://www.csc.com/" />
-
-	<rule from="^http://(assets[1-4]|qa|staging)\.csc\.com/"
-		to="https://$1.csc.com/" />
-
-	<rule from="^http://assetsdev1\.csc\.com/"
-		to="https://s3.amazonaws.com/assetsdev1.csc.com/" />
-
-	<rule from="^http://assetsdev2\.csc\.com/"
-		to="https://d22z1n4koknpni.cloudfront.net/" />
-
-	<rule from="^http://assetsdev3\.csc\.com/"
-		to="https://d2vblp5odpf1nm.cloudfront.net/" />
-
-	<rule from="^http://assetsdev4\.csc\.com/"
-		to="https://dkoz0rlg89gph.cloudfront.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/CSCtrustedsecure.com.xml b/src/chrome/content/rules/CSCtrustedsecure.com.xml
deleted file mode 100644
index 0afddcc26558..000000000000
--- a/src/chrome/content/rules/CSCtrustedsecure.com.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	For other Corporation Services Company coverage, see Corporation_Service_Company.xml.
-
--->
-<ruleset name="CSCtrustedsecure.com">
-
-	<target host="csctrustedsecure.com" />
-	<target host="www.csctrustedsecure.com" />
-
-
-	<rule from="^http://(www\.)?csctrustedsecure\.com/"
-		to="https://$1csctrustedsecure.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/CSDb.dk.xml b/src/chrome/content/rules/CSDb.dk.xml
new file mode 100644
index 000000000000..ab3614d083e8
--- /dev/null
+++ b/src/chrome/content/rules/CSDb.dk.xml
@@ -0,0 +1,24 @@
+<!--
+	Expired 2012-03-02
+
+
+	Mixed content:
+
+		- Ads from pagead2.googlesyndication.com *
+
+	* Secured by us
+
+-->
+<ruleset name="CSDb.dk" default_off="expired, self-signed">
+
+	<target host="csdb.dk" />
+	<target host="www.csdb.dk" />
+
+
+	<securecookie host="^\.?csdb\.dk$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?csdb\.dk/"
+		to="https://csdb.dk/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CSEd_Week.org.xml b/src/chrome/content/rules/CSEd_Week.org.xml
index 78876ab70410..9a4a793141bf 100644
--- a/src/chrome/content/rules/CSEd_Week.org.xml
+++ b/src/chrome/content/rules/CSEd_Week.org.xml
@@ -1,14 +1,12 @@
-<!--
-	CN: code.org
-
--->
-<ruleset name="CSEd Week.org" default_off="mismatched">
+<ruleset name="CSEd Week.org">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="csedweek.org" />
 	<target host="www.csedweek.org" />
 
 
-	<rule from="^http://(?:www\.)?csedweek\.org/"
-		to="https://csedweek.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/CSGO-Skins.com.xml b/src/chrome/content/rules/CSGO-Skins.com.xml
new file mode 100644
index 000000000000..fdbd357e5529
--- /dev/null
+++ b/src/chrome/content/rules/CSGO-Skins.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="CSGO-Skins.com">
+	<target host="csgo-skins.com" />
+	<target host="www.csgo-skins.com" />
+	<target host="ws.csgo-skins.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CSIAC.org.xml b/src/chrome/content/rules/CSIAC.org.xml
new file mode 100644
index 000000000000..427d78e504d4
--- /dev/null
+++ b/src/chrome/content/rules/CSIAC.org.xml
@@ -0,0 +1,38 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://store.csiac.org/ => https://store.csiac.org/: (51, "SSL: no alternative certificate subject name matches target host name 'store.csiac.org'")
+
+	Fully covered hosts in *csiac.org:
+
+		- (www.)?
+		- sw
+		- store
+
+
+	Insecure cookies are set for these domains:
+
+		- .csiac.org
+
+-->
+<ruleset name="CSIAC.org" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="csiac.org" />
+	<target host="store.csiac.org" />
+	<target host="sw.csiac.org" />
+	<target host="www.csiac.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.csiac\.org$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\.csiac\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CSIE.org.xml b/src/chrome/content/rules/CSIE.org.xml
new file mode 100644
index 000000000000..74ada3af7556
--- /dev/null
+++ b/src/chrome/content/rules/CSIE.org.xml
@@ -0,0 +1,10 @@
+<ruleset name="CSIE.org">
+
+	<target host="csie.org" />
+	<target host="www.csie.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CSIRO.xml b/src/chrome/content/rules/CSIRO.xml
deleted file mode 100644
index cfcbbd2aa433..000000000000
--- a/src/chrome/content/rules/CSIRO.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--	!functional subdomains:
-		- outreach.atnf		(404, "You're Lost")
-		- www.parkes.atnf	(ditto)
-		- www.atnf		(ditto)
--->
-<ruleset name="CSIRO (partial)" default_off="mismatch">
-
-	<target host="www.narrabri.atnf.csiro.au"/>
-
-	<!--	cert doesn't match foo.foo.atnf
-		!www doesn't work		-->
-	<rule from="^http://www\.narrabri\.atnf\.csiro\.au/"
-		to="https://www.narrabri.atnf.csiro.au/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/CSIRT.CZ.xml b/src/chrome/content/rules/CSIRT.CZ.xml
new file mode 100644
index 000000000000..cea6543fdb9d
--- /dev/null
+++ b/src/chrome/content/rules/CSIRT.CZ.xml
@@ -0,0 +1,14 @@
+<!--
+	For other CZ.NIC coverage, see Nic.cz.xml.
+
+-->
+<ruleset name="CSIRT.CZ">
+
+	<target host="csirt.cz" />
+	<target host="www.csirt.cz" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CSIS.dk.xml b/src/chrome/content/rules/CSIS.dk.xml
deleted file mode 100644
index a35d085f6dbf..000000000000
--- a/src/chrome/content/rules/CSIS.dk.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<ruleset name="CSIS.dk">
-
-	<target host="csis.dk" />
-	<target host="*.csis.dk" />
-
-
-	<securecookie host="^\.csis\.dk$" name=".*" />
-
-
-	<rule from="^http://(www\.)?csis\.dk/"
-		to="https://$1csis.dk/" />
-
-</ruleset>
-
diff --git a/src/chrome/content/rules/CSIS.org.xml b/src/chrome/content/rules/CSIS.org.xml
new file mode 100644
index 000000000000..e01bd31da838
--- /dev/null
+++ b/src/chrome/content/rules/CSIS.org.xml
@@ -0,0 +1,18 @@
+<!--
+	cs.is is handled in Bit.ly_vanity_domains.xml.
+
+
+	www: cert only matches ^csis.org
+
+-->
+<ruleset name="CSIS.org">
+
+	<target host="csis.org" />
+	<target host="my.csis.org" />
+	<target host="www.csis.org" />
+
+
+	<rule from="^http://(?:(my\.)|www\.)?csis\.org/"
+		to="https://$1csis.org/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CSPInet.org.xml b/src/chrome/content/rules/CSPInet.org.xml
new file mode 100644
index 000000000000..c96ab8002f38
--- /dev/null
+++ b/src/chrome/content/rules/CSPInet.org.xml
@@ -0,0 +1,25 @@
+<!--
+	Mixed content:
+
+		- css on ^ from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="CSPInet.org">
+
+	<target host="cspinet.org" />
+	<target host="orders.cspinet.org" />
+	<target host="www.cspinet.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^order\.cspinet\.org$" name="^ASPSESSIONID[A-Z]{8}$" /-->
+
+	<securecookie host="^order\.cspinet\.org$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CSP_Forum.eu.xml b/src/chrome/content/rules/CSP_Forum.eu.xml
new file mode 100644
index 000000000000..39883cd6e567
--- /dev/null
+++ b/src/chrome/content/rules/CSP_Forum.eu.xml
@@ -0,0 +1,25 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cspforum.eu/ => https://www.cspforum.eu/: (60, 'SSL certificate problem: certificate has expired')
+
+	^: plaintext reply
+
+-->
+<ruleset name="CSP Forum.eu" default_off="failed ruleset test">
+
+	<target host="cspforum.eu" />
+	<target host="www.cspforum.eu" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.www\.cspforum\.eu$" name="^(exp_last_activity|exp_last_visit|exp_tracker)$" /-->
+
+	<securecookie host="^\.www\.cspforum\.eu$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?cspforum\.eu/"
+		to="https://www.cspforum.eu/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CSRsupport.com.xml b/src/chrome/content/rules/CSRsupport.com.xml
index 067939417083..6ef719a27e54 100644
--- a/src/chrome/content/rules/CSRsupport.com.xml
+++ b/src/chrome/content/rules/CSRsupport.com.xml
@@ -1,7 +1,8 @@
 <ruleset name="CSRSupport.com">
-  <target host="www.csrsupport.com" />
-  <target host="csrsupport.com" />
-  <rule from="^http://www\.csrsupport\.com/" to="https://www.csrsupport.com/"/>
-  <rule from="^http://csrsupport\.com/" to="https://www.csrsupport.com/"/>
-</ruleset>
 
+	<target host="csrsupport.com" />
+	<target host="www.csrsupport.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CSS.gov.au.xml b/src/chrome/content/rules/CSS.gov.au.xml
new file mode 100644
index 000000000000..4ecec2b855b4
--- /dev/null
+++ b/src/chrome/content/rules/CSS.gov.au.xml
@@ -0,0 +1,11 @@
+<ruleset name="Commonwealth Superannuation Scheme">
+
+	<target host="css.gov.au" />
+	<target host="www.css.gov.au" />
+	<target host="statements.css.gov.au" />
+		<test url="http://statements.css.gov.au/statements" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CSdata1.com.xml b/src/chrome/content/rules/CSdata1.com.xml
deleted file mode 100644
index 4b55ef0e06af..000000000000
--- a/src/chrome/content/rules/CSdata1.com.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	Web bugs.
-
-	For other eBay coverage, see EBay.xml.
-
--->
-<ruleset name="CSdata1.com">
-
-	<target host="dsa.csdata1.com" />
-
-
-	<rule from="^http://dsa\.csdata1\.com/"
-		to="https://dsa.csdata1.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/CT.gov.xml b/src/chrome/content/rules/CT.gov.xml
new file mode 100644
index 000000000000..6fb57c32ddb6
--- /dev/null
+++ b/src/chrome/content/rules/CT.gov.xml
@@ -0,0 +1,113 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://ct.gov/ (200) => https://www.ct.egov.com/ (404)
+Non-2xx HTTP code: http://portal.ct.gov/ (200) => https://www.ct.egov.com/ (404)
+Non-2xx HTTP code: http://www.ct.gov/ (200) => https://www.ct.egov.com/ (404)
+
+	State of Connecticut
+
+
+
+	Nonfunctional hosts in *ct.gov:
+
+		- (www.)? ᵈ
+
+		- appellateinquiry.jud ʳ
+		- civilinquiry.jud ʳ
+		- ersa.jud ʳ
+
+		- www.sde ᵈ
+		- www.veterans ᵈ
+
+	ᵈ Dropped
+	ʳ Refused
+
+
+	Problematic hosts in *ct.gov:
+
+		- portal ᵐ
+
+	ᵐ Mismatched
+
+
+	These altnames don't exist:
+
+		- icm.eRegulations.ct.gov
+		- integration.eRegulations.ct.gov
+
+
+	Insecure cookies are set for these hosts:
+
+		- eregulations.ct.gov
+		- www.eregulations.ct.gov
+		- voterregistration.ct.gov
+
+
+	Mixed content:
+
+		- css, on:
+
+			- (www.)?cga from netdna.bootstrapcdn.com ˢ
+			- (www.)?cga, (www.)?jud from fonts.googleapis.com ˢ
+
+		- favicon on (www.)?jud from $self ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="CT.gov (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="cga.ct.gov" />
+	<target host="www.cga.ct.gov" />
+	<target host="data.ct.gov" />
+	<target host="eregulations.ct.gov" />
+	<target host="www.eregulations.ct.gov" />
+	<target host="jud.ct.gov" />
+	<target host="www.jud.ct.gov" />
+	<target host="jud2.ct.gov" />
+	<target host="www.jud2.ct.gov" />
+	<target host="voterregistration.ct.gov" />
+
+	<!--	Complications:
+				-->
+	<target host="ct.gov" />
+	<target host="portal.ct.gov" />
+	<target host="www.ct.gov" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?eregulations\.ct\.gov$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^voterregistration\.ct\.gov$" name="^JSESSIONID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<!--	Redirect drops forward slash and args:
+							-->
+	<rule from="^http://(?:www\.)?ct\.gov/.*"
+		to="https://www.ct.egov.com/" />
+
+		<!--	/*(?!$|\?) doesn't redirect to portal:
+								-->
+		<exclusion pattern="^http://(?:www\.)?ct\.gov/+(?!$|\?)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://ct.gov/home.htm" />
+			<test url="http://ct.gov/home.php" />
+			<test url="http://www.ct.gov/dcs/" />
+			<test url="http://www.ct.gov/foi/" />
+			<test url="http://www.ct.gov/occ/" />
+			<test url="http://www.ct.gov/opm/" />
+
+	<rule from="^http://portal\.ct\.gov/"
+		to="https://www.ct.egov.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CTAN.org.xml b/src/chrome/content/rules/CTAN.org.xml
new file mode 100644
index 000000000000..a763a6a08370
--- /dev/null
+++ b/src/chrome/content/rules/CTAN.org.xml
@@ -0,0 +1,24 @@
+<!--
+	Problematic subdomains:
+
+		- dante ¹
+		- ftp ¹
+		- mirror ¹
+		- mirrors ¹
+		- textcatalogue ¹
+		- tug ²
+
+	¹: Mismatched
+	²: Times out
+-->
+<ruleset name="CTAN">
+
+	<target host="ctan.org" />
+	<target host="www.ctan.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CTERA-Networks.xml b/src/chrome/content/rules/CTERA-Networks.xml
index e42bef1c8a7b..4d2d055c48cd 100644
--- a/src/chrome/content/rules/CTERA-Networks.xml
+++ b/src/chrome/content/rules/CTERA-Networks.xml
@@ -1,11 +1,20 @@
-<ruleset name="CTERA Networks" platform="mixedcontent">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ctera.com/ => https://ctera.com/: (51, "SSL: no alternative certificate subject name matches target host name 'ctera.com'")
+Fetch error: http://www.ctera.com/ => https://www.ctera.com/: Too many redirects while fetching 'https://www.ctera.com/'
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://ctera.com/ => https://ctera.com/: (51, "SSL: no alternative certificate subject name matches target host name 'ctera.com'")
+Fetch error: http://www.ctera.com/ => https://www.ctera.com/: Cycle detected - URL already encountered: https://www.ctera.com/
+-->
+<ruleset name="CTERA Networks" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="ctera.com"/>
 	<target host="www.ctera.com"/>
 
-	<securecookie host="^(www\.)?ctera\.com$" name=".*"/>
+	<securecookie host="^(?:www\.)?ctera\.com$" name=".+" />
 
-	<rule from="^http://(www\.)?ctera\.com/"
-		to="https://$1ctera.com/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/CTFtime.com.xml b/src/chrome/content/rules/CTFtime.com.xml
new file mode 100644
index 000000000000..6c747fa8ca76
--- /dev/null
+++ b/src/chrome/content/rules/CTFtime.com.xml
@@ -0,0 +1,16 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.ctftime.org/ => https://www.ctftime.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.ctftime.org'")
+
+-->
+<ruleset name="CTFtime.org" default_off="failed ruleset test">
+
+	<target host="ctftime.org" />
+	<target host="www.ctftime.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CTS_Wholesale_Sunglasses.xml b/src/chrome/content/rules/CTS_Wholesale_Sunglasses.xml
index b8a6a8405c51..14fd5e5b3d78 100644
--- a/src/chrome/content/rules/CTS_Wholesale_Sunglasses.xml
+++ b/src/chrome/content/rules/CTS_Wholesale_Sunglasses.xml
@@ -1,13 +1,12 @@
 <ruleset name="CTS Wholesale Sunglasses">
 
 	<target host="ctswholesalesunglasses.com" />
-	<target host="*.ctswholesalesunglasses.com" />
+	<target host="www.ctswholesalesunglasses.com" />
 
 
 	<securecookie host="^\.ctswholesalesunglasses.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?ctswholesalesunglasses\.com/"
-		to="https://$1ctswholesalesunglasses.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/CTunnel.xml b/src/chrome/content/rules/CTunnel.xml
deleted file mode 100644
index 4e36fbcd66c1..000000000000
--- a/src/chrome/content/rules/CTunnel.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="CTunnel" platform="mixedcontent">
-  <target host="ctunnel.com" />
-  <target host="www.ctunnel.com" />
-
-  <securecookie host="^(.+\.)?ctunnel\.com$" name=".*"/>
-
-  <rule from="^http://(?:www\.)?ctunnel\.com/" to="https://ctunnel.com/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/CUFP.org.xml b/src/chrome/content/rules/CUFP.org.xml
index 4a4537845e26..8e2ad00ab401 100644
--- a/src/chrome/content/rules/CUFP.org.xml
+++ b/src/chrome/content/rules/CUFP.org.xml
@@ -5,7 +5,7 @@
 <ruleset name="CUFP.org" default_off="mismatched">
 
 	<target host="cufp.org" />
-	<target host="*.cufp.org" />
+	<target host="www.cufp.org" />
 
 
 	<securecookie host="^\.cufp\.org$" name=".+" />
diff --git a/src/chrome/content/rules/CUHK.xml b/src/chrome/content/rules/CUHK.xml
new file mode 100644
index 000000000000..be04462cc49f
--- /dev/null
+++ b/src/chrome/content/rules/CUHK.xml
@@ -0,0 +1,205 @@
+
+<!--
+
+	Problematic domains:
+
+		- www.50.cuhk.edu.hk¹
+		- www.adm.cuhk.edu.hk¹
+		- nweb.adm.cuhk.edu.hk⁶
+		- alumni.baf.cuhk.edu.hk¹
+		- alumnidb.baf.cuhk.edu.hk¹
+		- embachinese.baf.cuhk.edu.hk¹
+		- embachineseonline.baf.cuhk.edu.hk¹
+		- hanmosaic.baf.cuhk.edu.hk¹
+		- mbacareer.baf.cuhk.edu.hk¹
+		- mbacoursereg.baf.cuhk.edu.hk¹
+		- mbadownload.baf.cuhk.edu.hk¹
+		- mbastudent.baf.cuhk.edu.hk¹
+		- photo50.baf.cuhk.edu.hk¹
+		- bmi.cuhk.edu.hk¹
+		- alumni.bschool.cuhk.edu.hk¹
+		- www.ccc.cuhk.edu.hk¹
+		- www.ccss.cuhk.edu.hk¹
+		- www.cgh.cuhk.edu.hk¹
+		- pip.cintec.cuhk.edu.hk¹
+		- varsity.com.cuhk.edu.hk¹
+		- www.com.cuhk.edu.hk¹
+		- www.crec.cuhk.edu.hk¹
+		- msc.cse.cuhk.edu.hk¹
+		- www.cse.cuhk.edu.hk¹
+		- cusis.cuhk.edu.hk¹
+		- www.cwchu.cuhk.edu.hk¹
+		- www.ee.cuhk.edu.hk¹
+		- calendar.ee.cuhk.edu.hk¹
+		- dept.ee.cuhk.edu.hk¹
+		- ivp.ee.cuhk.edu.hk¹
+		- microwave.ee.cuhk.edu.hk¹
+		- mwave.ee.cuhk.edu.hk¹
+		- opto.ee.cuhk.edu.hk¹
+		- sslab.ee.cuhk.edu.hk¹
+		- webmail.ee.cuhk.edu.hk¹
+		- webmail-3.ee.cuhk.edu.hk¹
+		- www2.ee.cuhk.edu.hk¹
+		- wwwo.ee.cuhk.edu.hk¹
+		- ctcs.erg.cuhk.edu.hk¹
+		- star1.erg.cuhk.edu.hk¹
+		- www.gaia.cuhk.edu.hk¹
+		- www.gs.cuhk.edu.hk¹
+		- www.hkbic.cuhk.edu.hk¹
+		- chandra.ie.cuhk.edu.hk⁴
+		- course.ie.cuhk.edu.hk¹
+		- cscit.ie.cuhk.edu.hk⁴
+		- hii.ie.cuhk.edu.hk⁴
+		- iest2.ie.cuhk.edu.hk¹
+		- isc14.ie.cuhk.edu.hk⁴
+		- jianwei.ie.cuhk.edu.hk⁴
+		- mmlab.ie.cuhk.edu.hk⁴
+		- mobitec.ie.cuhk.edu.hk⁴
+		- ndsl.ie.cuhk.edu.hk⁴
+		- s25.ierg4210.ie.cuhk.edu.hk¹
+		- snsapi.ie.cuhk.edu.hk¹
+		- ssl.ie.cuhk.edu.hk⁴
+		- webmail.ie.cuhk.edu.hk¹
+		- wireless.ie.cuhk.edu.hk⁴
+		- www.igef.cuhk.edu.hk¹
+		- ilcnte.ilc.cuhk.edu.hk¹
+		- www.itcsc.cuhk.edu.hk¹
+		- itunes.cuhk.edu.hk¹
+		- cai.itsc.cuhk.edu.hk¹
+		- epss.itsc.cuhk.edu.hk¹
+		- helpdesk.itsc.cuhk.edu.hk¹
+		- hkhiso.itsc.cuhk.edu.hk¹
+		- servicedesk.itsc.cuhk.edu.hk¹
+		- webconf2.itsc.cuhk.edu.hk⁵
+		- wms.itsc.cuhk.edu.hk¹
+		- www.itsc.cuhk.edu.hk¹
+		- www.lasec.cuhk.edu.hk¹
+		- dspace.lib.cuhk.edu.hk¹
+		- easysearch.lib.cuhk.edu.hk³
+		- iii.lib.cuhk.edu.hk⁵
+		- libanswers.lib.cuhk.edu.hk¹
+		- libguides.lib.cuhk.edu.hk¹
+		- my.lib.cuhk.edu.hk⁵
+		- library.cuhk.edu.hk¹
+		- logitsco.cuhk.edu.hk¹
+		- www.logitsco.cuhk.edu.hk¹
+		- epymt.math.cuhk.edu.hk¹
+		- mathgym.math.cuhk.edu.hk¹
+		- mect.cuhk.edu.hk¹
+		- cns.mect.cuhk.edu.hk¹
+		- wellness.mect.cuhk.edu.hk¹
+		- www.mect.cuhk.edu.hk¹
+		- internet.mfpo.cuhk.edu.hk⁶
+		- www.morningside.cuhk.edu.hk¹
+		- www.na.cuhk.edu.hk¹
+		- www.oafa.cuhk.edu.hk (connection refused)
+		- www.oal.cuhk.edu.hk¹
+		- www.obg.cuhk.edu.hk³
+		- department.obg.cuhk.edu.hk¹
+		- pdc.obg.cuhk.edu.hk¹
+		- cpdc.osa.cuhk.edu.hk¹
+		- sams.osa.cuhk.edu.hk¹
+		- www.osa.cuhk.edu.hk¹
+		- www.osp.cuhk.edu.hk¹
+		- ug.pharmacy.cuhk.edu.hk¹
+		- www.pharmacy.cuhk.edu.hk⁵
+		- portal.cuhk.edu.hk¹
+		- www.provost.cuhk.edu.hk¹
+		- biomedsci.sbs.cuhk.edu.hk¹
+		- www.scs.cuhk.edu.hk²
+		- www.scu.cuhk.edu.hk¹
+		- alumni.se.cuhk.edu.hk¹
+		- seminar.se.cuhk.edu.hk¹
+		- webmail3.se.cuhk.edu.hk¹
+		- www.shaw.cuhk.edu.hk¹
+		- www.shho.cuhk.edu.hk¹
+		- www.shiae.cuhk.edu.hk¹
+		- strategicplan.cuhk.edu.hk¹
+		- www.szdo.cuhk.edu.hk¹
+		- www.uc.cuhk.edu.hk¹
+		- www.udean.cuhk.edu.hk¹
+		- www.urbanstudies.cuhk.edu.hk¹
+		- www.vco.cuhk.edu.hk¹
+		- www.ws.cuhk.edu.hk¹
+		- www.wys.cuhk.edu.hk¹
+		- www3.cuhk.edu.hk¹
+		- www4.cuhk.edu.hk¹
+		- www5.cuhk.edu.hk¹
+		- www6.cuhk.edu.hk¹
+
+	¹: Invalid cert
+	²: Mixed content
+	³: Redirects to HTTP
+	⁴: Different content in HTTP and HTTPS
+	⁵: Timeout
+	⁶: Travis problem - unable to get local issuer certificate
+
+-->
+<ruleset name="The Chinese University of Hong Kong">
+
+	<target host="www.cuhk.edu.hk" />
+
+	<target host="www.aic.cuhk.edu.hk" />
+	<target host="www.arts.cuhk.edu.hk" />
+	<target host="humanum.arts.cuhk.edu.hk" />
+	<target host="www.cintec.cuhk.edu.hk" />
+	<target host="www.cpr.cuhk.edu.hk" />
+	<target host="veriguide1.cse.cuhk.edu.hk" />
+	<target host="veriguide4.cse.cuhk.edu.hk" />
+	<target host="elearn.cuhk.edu.hk" />
+	<target host="info5.erg.cuhk.edu.hk" />
+	<target host="star.erg.cuhk.edu.hk" />
+	<target host="www.erg.cuhk.edu.hk" />
+	<target host="www2.erg.cuhk.edu.hk" />
+	<target host="www.fed.cuhk.edu.hk" />
+	<target host="www.gradsch.cuhk.edu.hk" />
+	<target host="ewebmail.ie.cuhk.edu.hk" />
+	<target host="home.ie.cuhk.edu.hk" />
+	<target host="personal.ie.cuhk.edu.hk" />
+	<target host="staff.ie.cuhk.edu.hk" />
+	<target host="www.ie.cuhk.edu.hk" />
+	<target host="www.ilc.cuhk.edu.hk" />
+	<target host="www.iso.cuhk.edu.hk" />
+	<target host="apps.itsc.cuhk.edu.hk" />
+	<target host="campusapps.itsc.cuhk.edu.hk" />
+	<target host="cloud.itsc.cuhk.edu.hk" />
+	<target host="cumassmail.itsc.cuhk.edu.hk" />
+	<target host="gradsrv.itsc.cuhk.edu.hk" />
+	<target host="oiss.itsc.cuhk.edu.hk" />
+	<target host="webapp.itsc.cuhk.edu.hk" />
+	<target host="wifipartners.itsc.cuhk.edu.hk" />
+	<target host="alumni.law.cuhk.edu.hk" />
+	<target host="webapp1.law.cuhk.edu.hk" />
+	<target host="illiad.lib.cuhk.edu.hk" />
+	<target host="rbs.lib.cuhk.edu.hk" />
+	<target host="www.lihs.cuhk.edu.hk" />
+	<target host="hlma.math.cuhk.edu.hk" />
+	<target host="www.math.cuhk.edu.hk" />
+	<target host="pcp.med.cuhk.edu.hk" />
+	<target host="webapps.med.cuhk.edu.hk" />
+	<target host="cog.mect.cuhk.edu.hk" />
+	<target host="www.oia.cuhk.edu.hk" />
+	<target host="onepass.cuhk.edu.hk" />
+	<target host="www.orkts.cuhk.edu.hk" />
+	<target host="www2.osa.cuhk.edu.hk" />
+	<target host="www.per.cuhk.edu.hk" />
+	<target host="www2.per.cuhk.edu.hk" />
+	<target host="eshop.rct.cuhk.edu.hk" />
+	<target host="rgsntl.rgs.cuhk.edu.hk" />
+	<target host="webmail.se.cuhk.edu.hk" />
+	<target host="sts.cuhk.edu.hk" />
+	<target host="www.surgery.cuhk.edu.hk" />
+	<target host="timetable4.cuhk.edu.hk" />
+
+	<!-- to prevent redirect loop on main pages -->
+		<exclusion pattern="^http://www\.cuhk\.edu\.hk/(chinese|english)/(?!css/|fonts/|images|js/)" />
+
+		<test url="http://www.cuhk.edu.hk/english/index.html" />
+		<test url="http://www.cuhk.edu.hk/chinese/teaching/senate-committee.html" />
+		<test url="http://www.cuhk.edu.hk/chinese/index.html" />
+		<test url="http://www.cuhk.edu.hk/english/research/excellence/information-technology.html" />
+		<test url="http://www.cuhk.edu.hk/chinese/university/press-release-events.html" />
+		<test url="http://www.cuhk.edu.hk/chinese/faculties/business-administration.html" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CUPS.org.xml b/src/chrome/content/rules/CUPS.org.xml
new file mode 100644
index 000000000000..5ceea5093051
--- /dev/null
+++ b/src/chrome/content/rules/CUPS.org.xml
@@ -0,0 +1,9 @@
+<ruleset name="CUPS.org">
+
+	<target host="cups.org" />
+	<target host="www.cups.org" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CVIMellesGriot.com.xml b/src/chrome/content/rules/CVIMellesGriot.com.xml
index 07c3c791e561..6ecc64ff553e 100644
--- a/src/chrome/content/rules/CVIMellesGriot.com.xml
+++ b/src/chrome/content/rules/CVIMellesGriot.com.xml
@@ -1,4 +1,14 @@
-<ruleset name="CVI Melles Griot" platform="mixedcontent">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.cvimellesgriot.com/ => https://www.cvimellesgriot.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://cvimellesgriot.com/ => https://www.cvimellesgriot.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.cvimellesgriot.com/ => https://www.cvimellesgriot.com/: (28, 'Connection timed out after 10001 milliseconds')
+Fetch error: http://cvimellesgriot.com/ => https://www.cvimellesgriot.com/: (28, 'Connection timed out after 10001 milliseconds')
+-->
+<ruleset name="CVI Melles Griot" platform="mixedcontent" default_off="failed ruleset test">
   <target host="www.cvimellesgriot.com" />
   <target host="cvimellesgriot.com" />
 
diff --git a/src/chrome/content/rules/CVS.com.xml b/src/chrome/content/rules/CVS.com.xml
new file mode 100644
index 000000000000..ce926606cc9a
--- /dev/null
+++ b/src/chrome/content/rules/CVS.com.xml
@@ -0,0 +1,45 @@
+<!--
+	Different HTTP/HTTPS content:
+		photo-metrics.cvs.com
+		photo-smetrics.cvs.com
+
+	Invalid certificate:
+		link.cvs.com
+		s.cvs.com
+
+	No working URL known:
+		depservices.cvs.com
+		photohelp.cvs.com
+		services.cvs.com
+		static.cvs.com
+		tnl-photo.cvs.com
+
+	Redirects to HTTP:
+		health.cvs.com
+
+-->
+<ruleset name="CVS.com">
+	<target host="cvs.com" />
+	<target host="www.cvs.com" />
+	<target host="circular.cvs.com" />
+		<test url="http://circular.cvs.com/images/hosted/v4/carousel_up_arrow.png" />
+	<target host="cvslearnet.cvs.com" />
+	<target host="d.cvs.com" />
+	<target host="ddl.cvs.com" />
+		<test url="http://ddl.cvs.com/robots.txt" />
+	<target host="es.cvs.com" />
+	<target host="express.cvs.com" />
+	<target host="flushot.cvs.com" />
+	<target host="i.cvs.com" />
+	<target host="m.cvs.com" />
+	<target host="message.cvs.com" />
+	<target host="myhr.cvs.com" />
+	<target host="mypassword.cvs.com" />
+	<target host="optical.cvs.com" />
+	<target host="photo-store.cvs.com" />
+	<target host="t.cvs.com" />
+	<target host="vaccines.cvs.com" />
+	<target host="vendorportal.cvs.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CWSPOD.com.xml b/src/chrome/content/rules/CWSPOD.com.xml
new file mode 100644
index 000000000000..d3a976856572
--- /dev/null
+++ b/src/chrome/content/rules/CWSPOD.com.xml
@@ -0,0 +1,21 @@
+<!--
+
+	Mixed content:
+
+		- css from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="CWSPOD.com (false MCB)" platform="mixedcontent">
+
+	<target host="cwspod.com" />
+	<target host="www.cwspod.com" />
+
+
+	<securecookie host="^\.cwspod\.com$" name="^__cfduid$" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CWSPOD_Music.xml b/src/chrome/content/rules/CWSPOD_Music.xml
index 0b89183f0542..cb958ad2dac4 100644
--- a/src/chrome/content/rules/CWSPOD_Music.xml
+++ b/src/chrome/content/rules/CWSPOD_Music.xml
@@ -1,13 +1,21 @@
-<ruleset name="CWSPOD Music (partial)" platform="mixedcontent">
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://cwspodmusic.com/ (200) => https://cwspodmusic.com/ (521)
+Non-2xx HTTP code: http://www.cwspodmusic.com/ (200) => https://www.cwspodmusic.com/ (521)
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://cwspodmusic.com/ => https://cwspodmusic.com/: Cycle detected - URL already encountered: http://cwspodmusic.com/
+-->
+<ruleset name="CWSPOD Music (partial)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="cwspodmusic.com" />
-	<target host="*.cwspodmusic.com" />
+	<target host="www.cwspodmusic.com" />
 
 
 	<securecookie host="^\.cwspodmusic.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?cwspodmusic\.com/"
-		to="https://$1cwspodmusic.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/CXense.com.xml b/src/chrome/content/rules/CXense.com.xml
new file mode 100644
index 000000000000..e4a93b3b0f5b
--- /dev/null
+++ b/src/chrome/content/rules/CXense.com.xml
@@ -0,0 +1,60 @@
+<!--
+	Other Cxense rulesets:
+
+		- Emediate.dk.xml
+		- Emediate.se.xml
+
+
+	Problematic hosts in *cxense.com:
+
+		- cdn *
+
+	* Akamai / mismatched
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- cxense.com
+		- wiki.cxense.com
+		- www.cxense.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Cxense.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="cxense.com" />
+	<target host="api.cxense.com" />
+	<target host="comcluster.cxense.com" />
+
+	<target host="adserver.cxad.cxense.com" />
+	<target host="s-adserver.cxad.cxense.com" />
+
+	<target host="scdn.cxense.com" />
+	<target host="support.cxense.com" />
+	<target host="wiki.cxense.com" />
+	<target host="www.cxense.com" />
+
+	<!--	Complications:
+				-->
+	<target host="cdn.cxense.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?cxense\.com$" name="^(?:_icl_current_language|PHPSESSID)$" /-->
+	<!--securecookie host="^wiki\.cxense\.com$" name="^JSESSIONID$" /-->
+
+	<securecookie host="^\.cxense\.com$" name="^gck\w$" />
+	<securecookie host="^wiki\.cxense\.com$" name=".+" />
+
+
+	<rule from="^http://cdn\.cxense\.com/"
+		to="https://scdn.cxense.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CXense.xml b/src/chrome/content/rules/CXense.xml
deleted file mode 100644
index 05858a78d8b9..000000000000
--- a/src/chrome/content/rules/CXense.xml
+++ /dev/null
@@ -1,39 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)	(no https)
-
-
-	Problematic subdomains:
-
-		- cdn	(akamai)
-
-
-	Fully covered subdomains:
-
-		- cdn		(→ scdn)
-		- comcluster
-		- adserver.cxad
-		- s-adserver.cxad
-		- adserver.sandbox.cxad
-		- s-adserver.sandbox.cxad
-		- scdn
-		- wiki
-
--->
-<ruleset name="cXense">
-
-	<target host="*.cxense.com" />
-
-
-	<securecookie host="^\.cxense\.com$" name="^gck\w$" />
-	<securecookie host="^wiki\.cxense\.com$" name=".+" />
-
-
-	<rule from="^http://s?cdn\.cxense\.com/"
-		to="https://scdn.cxense.com/" />
-
-	<rule from="^http://(comcluster|(?:s-)?adserver(?:\.sandbox)?\.cxad|wiki)\.cxense\.com/"
-		to="https://$1.cxense.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/CYBERsitter.xml b/src/chrome/content/rules/CYBERsitter.xml
index cebbbca7998d..3a231c22c128 100644
--- a/src/chrome/content/rules/CYBERsitter.xml
+++ b/src/chrome/content/rules/CYBERsitter.xml
@@ -1,13 +1,17 @@
-<ruleset name="CYBERsitter">
+<!--
+	Note: This website blocks Tor users.
+
+-->
+<ruleset name="CYBERsitter.com">
 
 	<target host="cybersitter.com" />
 	<target host="www.cybersitter.com" />
 
 
-	<securecookie host="^(?:www\.)?cybersitter\.com$" name=".+" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^http://(www\.)?cybersitter\.com/"
-		to="https://$1cybersitter.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/CZ-Hosting.com.xml b/src/chrome/content/rules/CZ-Hosting.com.xml
new file mode 100644
index 000000000000..f3ba35e1e3db
--- /dev/null
+++ b/src/chrome/content/rules/CZ-Hosting.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="CZ-Hosting.com">
+    <target host="cz-hosting.com" />
+    <target host="www.cz-hosting.com" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CZshare.com.xml b/src/chrome/content/rules/CZshare.com.xml
deleted file mode 100644
index 10612aab4dc7..000000000000
--- a/src/chrome/content/rules/CZshare.com.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- forum		(refused)
-
--->
-<ruleset name="CZshare.com (partial)">
-
-	<target host="czshare.com" />
-	<target host="www.czshare.com" />
-
-
-	<securecookie host="^czshare\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?czshare\.com/"
-		to="https://$1czshare.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/C_F_Mueller.de.xml b/src/chrome/content/rules/C_F_Mueller.de.xml
new file mode 100644
index 000000000000..18f8a0c3fe0b
--- /dev/null
+++ b/src/chrome/content/rules/C_F_Mueller.de.xml
@@ -0,0 +1,20 @@
+<!--
+	^: cert only matches www
+
+-->
+<ruleset name="C F Mueller.de">
+
+	<target host="cfmueller.de" />
+	<target host="www.cfmueller.de" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.cfmueller\.de$" name="^language$" /-->
+
+	<securecookie host="^www\.cfmueller\.de$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cabal_WS.xml b/src/chrome/content/rules/Cabal_WS.xml
index 2cb89bec45fc..b80511473dfa 100644
--- a/src/chrome/content/rules/Cabal_WS.xml
+++ b/src/chrome/content/rules/Cabal_WS.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(www\.)?cabal\.ws/(addons|img|slider)/"
 		to="https://$1cabal.ws/$2/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Cabinet-Office.gov.uk.xml b/src/chrome/content/rules/Cabinet-Office.gov.uk.xml
new file mode 100644
index 000000000000..f05e6e8e28f4
--- /dev/null
+++ b/src/chrome/content/rules/Cabinet-Office.gov.uk.xml
@@ -0,0 +1,35 @@
+<!--
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	www.cabinet-office.gov.uk: Refused
+
+
+	^cabinet-office.gov.uk doesn't exist.
+
+-->
+<ruleset name="Cabinet-Office.gov.uk">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="assets.digital.cabinet-office.gov.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="www.cabinet-office.gov.uk" />
+
+
+	<!--rule from="^http://(?:update\.|www\.)?cabinet-?office\.gov\.uk/"
+		to="https://update.cabinetoffice.gov.uk/" /-->
+
+	<!--	Redirect drops forward slash, path, and args:
+								-->
+	<rule from="^http://www\.cabinet-office\.gov\.uk/.*"
+		to="https://www.gov.uk/government/organisations/cabinet-office" />
+
+		<test url="http://www.cabinet-office.gov.uk//index.php" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cabinet_Office.xml b/src/chrome/content/rules/Cabinet_Office.xml
index b3d41f5b96a6..14af1ee5f442 100644
--- a/src/chrome/content/rules/Cabinet_Office.xml
+++ b/src/chrome/content/rules/Cabinet_Office.xml
@@ -1,25 +1,170 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://umbr3.cabinetoffice.gov.uk/ => https://umbr3.cabinetoffice.gov.uk/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
 	For other UK government coverage, see GOV.UK.xml.
 
 
-	Problematic domains:
+	Nonfunctional hosts in *cabinetoffice.gov.uk:
+
+		- europeanmemoranda ⁴
+		- admin.europeanmemoranda ⁴
+		- gps ᵈ
+		- www.redtapechallenge ᵈ
+		- rnn ᵈ
+		- update ᵈ
+
+	⁴ 404
+	ᵈ Dropped
+
+
+	Problematic hosts in *cabinetoffice.gov.uk:
+
+		- ccs ᵐ
+		- ccs-agreements ᵉ ᵐ
+		- communitylife ᵐ
+		- digital ᵐ
+		- blog.digital ᵐ
+		- solutions-exchange ᵉ
+		- mutuals ᵐ
+		- www.openpublicservices ᵐ
+		- pm ᵈ
+		- procurement ᵐ
+		- (www.)?publications ᵐ
+		- transactionsexplorer ᵐ
+		- www ᵐ
+
+	ᵈ Dropped
+	ᵉ Expired
+	ᵐ Mismatched
 
-		- www.cabinet-office.gov.uk
-		- (www.)cabinetoffice.gov.uk	(mismatched, CN: *.yottaa.net)
+
+	^cabinetoffice.gov.uk doesn't exist.
+
+
+	Insecure cookies are set for these hosts:
+
+		- publicappointments.cabinetoffice.gov.uk
+		- umbr3.cabinetoffice.gov.uk
 
 -->
-<ruleset name="Cabinet Office">
+<ruleset name="Cabinet Office.gov.uk (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="gpsfleetportal.cabinetoffice.gov.uk" />
+	<target host="publicappointments.cabinetoffice.gov.uk" />
+	<target host="umbr3.cabinetoffice.gov.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="ccs.cabinetoffice.gov.uk" />
+	<target host="communitylife.cabinetoffice.gov.uk" />
+	<target host="digital.cabinetoffice.gov.uk" />
+	<target host="blog.digital.cabinetoffice.gov.uk" />
+	<target host="gps.cabinetoffice.gov.uk" />
+	<target host="mutuals.cabinetoffice.gov.uk" />
+	<target host="www.openpublicservices.cabinetoffice.gov.uk" />
+	<target host="pm.cabinetoffice.gov.uk" />
+	<target host="publications.cabinetoffice.gov.uk" />
+	<target host="www.publications.cabinetoffice.gov.uk" />
+	<target host="transactionsexplorer.cabinetoffice.gov.uk" />
+	<target host="update.cabinetoffice.gov.uk" />
+	<target host="www.cabinetoffice.gov.uk" />
+
+		<!--	/+[^?]+ 404s:
+					-->
+		<exclusion pattern="^http://(?:ccs|communitylife|gps|mutuals|www\.openpublicservices|(?:www\.)?publications|transactionsexplorer|update|www)\.cabinetoffice\.gov\.uk/+(?!$|\?)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://ccs.cabinetoffice.gov.uk/index.htm" />
+			<test url="http://communitylife.cabinetoffice.gov.uk/index.htm" />
+			<test url="http://gps.cabinetoffice.gov.uk/index.htm" />
+			<test url="http://mutuals.cabinetoffice.gov.uk/index.htm" />
+			<test url="http://www.openpublicservices.cabinetoffice.gov.uk/index.htm" />
+			<test url="http://publications.cabinetoffice.gov.uk/index.htm" />
+			<test url="http://www.publications.cabinetoffice.gov.uk/index.htm" />
+			<test url="http://transactionsexplorer.cabinetoffice.gov.uk/index.htm" />
+			<test url="http://update.cabinetoffice.gov.uk/index.htm" />
+			<test url="http://update.cabinetoffice.gov.uk//index.htm" />
+			<test url="http://www.cabinetoffice.gov.uk/index.htm" />
+			<test url="http://www.cabinetoffice.gov.uk//index.htm" />
+
+			<!--	-ve:
+					-->
+			<test url="http://communitylife.cabinetoffice.gov.uk//" />
+			<test url="http://communitylife.cabinetoffice.gov.uk/?" />
+			<test url="http://mutuals.cabinetoffice.gov.uk/?" />
+			<test url="http://www.openpublicservices.cabinetoffice.gov.uk/?" />
+			<test url="http://transactionsexplorer.cabinetoffice.gov.uk/?" />
+			<test url="http://update.cabinetoffice.gov.uk//" />
+			<test url="http://www.cabinetoffice.gov.uk/?" />
+			<test url="http://www.cabinetoffice.gov.uk//" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^publicappointments\.cabinetoffice\.gov\.uk$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^umbr3\.cabinetoffice\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<!--	Redirect drops forward slash and args:
+							-->
+	<rule from="^http://(?:cc|gp)s\.cabinetoffice\.gov\.uk/.*"
+		to="https://www.gov.uk/government/organisations/crown-commercial-service" />
+
+	<!--	Redirect drops forward slash and args:
+							-->
+	<rule from="^http://communitylife\.cabinetoffice\.gov\.uk/.*"
+		to="https://www.gov.uk/government/collections/community-life-survey" />
+
+	<!--	Redirect keeps forward slash, path, and args:
+								-->
+	<rule from="^http://digital\.cabinetoffice\.gov\.uk/"
+		to="https://gds.blog.gov.uk/" />
+
+	<!--	Redirect keeps forward slash, path, and args:
+								-->
+	<rule from="^http://blog\.digital\.cabinetoffice\.gov\.uk/"
+		to="https://alphagov.wordpress.com/" />
+
+	<!--	Redirect drops forward slash and args:
+							-->
+	<rule from="^http://mutuals\.cabinetoffice\.gov\.uk/.*"
+		to="https://www.gov.uk/government/groups/mutuals-information-service" />
+
+	<!--	Redirect drops forward slash and args:
+							-->
+	<rule from="^http://www\.openpublicservices\.cabinetoffice\.gov\.uk/.*"
+		to="https://www.gov.uk/government/organisations/open-public-services" />
+
+	<!--	Redirect drops forward slash and path, but not args:
+									-->
+	<rule from="^http://pm\.cabinetoffice\.gov\.uk/[^?]*"
+		to="https://www.gov.uk/government/history/past-prime-ministers/margaret-thatcher" />
+
+		<test url="http://pm.cabinetoffice.gov.uk/index.htm" />
 
-	<target host="cabinetoffice.gov.uk" />
-	<target host="*.cabinetoffice.gov.uk" />
-	<target host="www.cabinet-office.gov.uk" />
-	<target host="s-ff0102-4f9172bc8a1062097406d809-0.yottaa.net" />
+	<!--	Redirect drops forward slash and args:
+							-->
+	<rule from="^http://(?:www\.)?publications\.cabinetoffice\.gov\.uk/.*"
+		to="https://www.gov.uk/government/publications?departments%5B%5D=cabinet-office" />
 
+	<!--	Redirect drops forward slash and args:
+							-->
+	<rule from="^http://transactionsexplorer\.cabinetoffice\.gov\.uk/.*"
+		to="https://www.gov.uk/performance/transactions-explorer" />
 
-	<rule from="^https?://(?:update\.|www\.)?cabinet-?office\.gov\.uk/"
-		to="https://update.cabinetoffice.gov.uk/" />
+	<!--	Redirect drops forward slash and args:
+							-->
+	<rule from="^http://(?:update|www)\.cabinetoffice\.gov\.uk/.*"
+		to="https://www.gov.uk/government/organisations/cabinet-office" />
 
-	<rule from="^http://s-ff0102-4f9172bc8a1062097406d809-0\.yottaa\.net/"
-		to="https://s-ff0102-4f9172bc8a1062097406d809-0.yottaa.net/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Cable6.net.xml b/src/chrome/content/rules/Cable6.net.xml
new file mode 100644
index 000000000000..0b4ff59bb89d
--- /dev/null
+++ b/src/chrome/content/rules/Cable6.net.xml
@@ -0,0 +1,32 @@
+<!--
+	NB: Server sends no certificate chain, see https://whatsmychaincert.com
+
+
+	Insecure cookies are set for these hosts:
+
+		- piwik.cable6.net
+
+
+	Mixed content:
+
+		- Bug from piwik.cable6.net
+
+-->
+<ruleset name="cable6.net" default_off="cert-chain">
+
+	<target host="cable6.net" />
+	<target host="piwik.cable6.net" />
+	<target host="www.cable6.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^piwik\.cable6\.net$" name="^_pk_uid$" /-->
+
+	<securecookie host="^piwik\.cable6\.net$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CableTV.com.xml b/src/chrome/content/rules/CableTV.com.xml
new file mode 100644
index 000000000000..aaeac92dd3d6
--- /dev/null
+++ b/src/chrome/content/rules/CableTV.com.xml
@@ -0,0 +1,24 @@
+<!--
+	Mixed content:
+
+		- iframes from www *
+
+		- Images from www *
+
+		- favicon from www *
+
+		- Web bug from cms.clear-link.com
+
+	* Secured by us
+
+-->
+<ruleset name="CableTV.com" default_off="expired">
+
+	<target host="cabletv.com" />
+	<target host="www.cabletv.com" />
+
+
+	<rule from="^http://(?:www\.)?cabletv\.com/"
+		to="https://cabletv.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cables.com.xml b/src/chrome/content/rules/Cables.com.xml
index 575be739e78d..e6d9f20da75f 100644
--- a/src/chrome/content/rules/Cables.com.xml
+++ b/src/chrome/content/rules/Cables.com.xml
@@ -7,7 +7,7 @@
 <ruleset name="Cables.com">
 
 	<target host="cables.com" />
-	<target host="*.cables.com" />
+	<target host="www.cables.com" />
 
 
 	<securecookie host="^(?:www)?\.cables\.com$" name=".+" />
diff --git a/src/chrome/content/rules/CaceTech.xml b/src/chrome/content/rules/CaceTech.xml
deleted file mode 100644
index e52da3ea6dc0..000000000000
--- a/src/chrome/content/rules/CaceTech.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="CaceTech">
-  <target host="www.cacetech.com" />
-  <target host="cacetech.com" />
-
-  <rule from="^http://(?:www\.)?cacetech\.com/" to="https://www.cacetech.com/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/CacheFly.xml b/src/chrome/content/rules/CacheFly.xml
index 7f775ec833b4..35061baced8b 100644
--- a/src/chrome/content/rules/CacheFly.xml
+++ b/src/chrome/content/rules/CacheFly.xml
@@ -14,13 +14,13 @@
 
 			https://mail1.eff.org/pipermail/https-everywhere-rules/2012-September/001291.html
 													-->
-		<exclusion pattern="^https?://cachefly\.cachefly\.net/(?:speedtest/|.+\.test)" />
+		<exclusion pattern="^http://cachefly\.cachefly\.net/(?:speedtest/|.+\.test)" />
 		<!--
 			https://trac.torproject.org/projects/tor/ticket/7585
 
 			Breaks captcha:
 					-->
-		<exclusion pattern="^https?://topix\.cachefly\.net" />
+		<exclusion pattern="^http://topix\.cachefly\.net" />
 
 
 	<securecookie host="^portal\.cachefly\.com$" name=".+" />
@@ -29,7 +29,7 @@
 	<rule from="^http://portal\.cachefly\.com/"
 		to="https://portal.cachefly.com/" />
 
-	<rule from="^https?://(?:\d\.)?([^@:/\.]+)\.cachefly\.net/"
+	<rule from="^http://(?:\d\.)?([^@:/\.]+)\.cachefly\.net/"
 		to="https://$1.cachefly.net/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Cactus_Complete_Commerce.xml b/src/chrome/content/rules/Cactus_Complete_Commerce.xml
index bad163f913f1..91956692ad77 100644
--- a/src/chrome/content/rules/Cactus_Complete_Commerce.xml
+++ b/src/chrome/content/rules/Cactus_Complete_Commerce.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://app.cactuscompletecommerce.com/ => https://app.cactuscompletecommerce.com/: (51, "SSL: no alternative certificate subject name matches target host name 'app.cactuscompletecommerce.com'")
+
 	For other Web.com coverage, see Web.com.xml.
 
 
@@ -7,7 +11,7 @@
 		- (www.)	(replies with http)
 
 -->
-<ruleset name="Cactus Complete Commerce (partial)">
+<ruleset name="Cactus Complete Commerce (partial)" default_off="failed ruleset test">
 
 	<target host="app.cactuscompletecommerce.com" />
 
@@ -15,7 +19,6 @@
 	<securecookie host="^app\.cactuscompletecommerce\.com$" name=".+" />
 
 
-	<rule from="^http://app\.cactuscompletecommerce\.com/"
-		to="https://app.cactuscompletecommerce.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/CadSoft.xml b/src/chrome/content/rules/CadSoft.xml
deleted file mode 100644
index 9b54df3949d4..000000000000
--- a/src/chrome/content/rules/CadSoft.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<ruleset name="CadSoft">
-
-	<target host="cadsoft.de" />
-	<target host="www.cadsoft.de" />
-	<!--	* for cross-domain cookie.	-->
-	<target host="*.www.cadsoft.de" />
-
-
-	<securecookie host="^\.?www\.cadsoft\.de$" name=".*" />
-
-
-	<!--	Cert only matches www.
-					-->
-	<rule from="^https?://(?:www\.)?cadsoft\.de/"
-		to="https://www.cadsoft.de/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Caddy_server.com.xml b/src/chrome/content/rules/Caddy_server.com.xml
new file mode 100644
index 000000000000..714e8be9b1e3
--- /dev/null
+++ b/src/chrome/content/rules/Caddy_server.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="Caddy server.com">
+
+	<target host="caddyserver.com" />
+	<target host="www.caddyserver.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cadence-Design-Systems.xml b/src/chrome/content/rules/Cadence-Design-Systems.xml
index 8eb446069be1..eb1b9f80268f 100644
--- a/src/chrome/content/rules/Cadence-Design-Systems.xml
+++ b/src/chrome/content/rules/Cadence-Design-Systems.xml
@@ -6,7 +6,7 @@
 
 	<!--	Cert only matches www.
 		At least some pages redirect to http.	-->
-	<rule from="^https?://(?:www\.)?cadence\.com/(_layouts/|misc_pages/|pages/(?:login|registration)\.aspx|Pub/|rl/Resources/|usercontrols/)"
+	<rule from="^http://(?:www\.)?cadence\.com/(_layouts/|misc_pages/|pages/(?:login|registration)\.aspx|Pub/|rl/Resources/|usercontrols/)"
 		to="https://www.cadence.com/$1" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Cadence.gq.xml b/src/chrome/content/rules/Cadence.gq.xml
new file mode 100644
index 000000000000..ba292b48e16f
--- /dev/null
+++ b/src/chrome/content/rules/Cadence.gq.xml
@@ -0,0 +1,17 @@
+<!--
+	Related ruleset:
+		Cadence.moe.xml
+
+	Mismatch:
+		www.cadence.gq
+-->
+<ruleset name="Cadence.gq">
+	<target host="cadence.gq" />
+	<target host="www.cadence.gq" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://www\.cadence\.gq/" to="https://cadence.gq/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Cadence.moe.xml b/src/chrome/content/rules/Cadence.moe.xml
new file mode 100644
index 000000000000..e71e6ed1d501
--- /dev/null
+++ b/src/chrome/content/rules/Cadence.moe.xml
@@ -0,0 +1,17 @@
+<!--
+	Related ruleset:
+		Cadence.gq.xml
+
+	Mismatch:
+		www.cadence.moe
+-->
+<ruleset name="Cadence.moe">
+	<target host="cadence.moe" />
+	<target host="www.cadence.moe" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://www\.cadence\.moe/" to="https://cadence.moe/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CafePharma.com.xml b/src/chrome/content/rules/CafePharma.com.xml
new file mode 100644
index 000000000000..c073f578a2a5
--- /dev/null
+++ b/src/chrome/content/rules/CafePharma.com.xml
@@ -0,0 +1,11 @@
+<!--
+	Mismatched:
+		- cafepharma.com
+-->
+<ruleset name="CafePharma.com">
+	<target host="cafepharma.com" />
+	<target host="www.cafepharma.com" />
+
+	<rule from="^http://cafepharma\.com/" to="https://www.cafepharma.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CafePlus.com.tr.xml b/src/chrome/content/rules/CafePlus.com.tr.xml
new file mode 100644
index 000000000000..d5e0507058a1
--- /dev/null
+++ b/src/chrome/content/rules/CafePlus.com.tr.xml
@@ -0,0 +1,9 @@
+<ruleset name="CafePlus.com.tr">
+	<target host="cafeplus.com.tr" />
+	<target host="www.cafeplus.com.tr" />
+	<target host="search.cafeplus.com.tr" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CafePress.xml b/src/chrome/content/rules/CafePress.xml
deleted file mode 100644
index 0fd22ea8f0a0..000000000000
--- a/src/chrome/content/rules/CafePress.xml
+++ /dev/null
@@ -1,37 +0,0 @@
-<!--	!functional:
-		- blog.cafepress.com		(timeout)
-		- images7?.cafepress.com	(reset; redirects to i2.cpcache.com)
-		- i[12].cpcache.com		(503, akamai; !at i[12].cafepress.com, content.cafepress.com, www.cafepress.com)
--->
-<ruleset name="CafePress (partial)">
-
-	<target host="cafepress.com"/>
-	<target host="*.cafepress.com"/>
-	<target host="cafepress.co.uk"/>
-	<target host="*.cafepress.co.uk"/>
-	<target host="*.cpcache.com"/>
-	<target host="server.iad.liveperson.net"/>
-
-	<rule from="^http://(?:www\.)?cafepress\.co(m|\.uk)/content/"
-		to="https://www.cafepress.co$1/content/"/>
-
-	<rule from="^http://(content|members)\.cafepress\.co(m|\.uk)/"
-		to="https://$1.cafepress.co$2/"/>
-
-	<rule from="^http://shop\.cafepress\.com/$"
-		to="https://shop.cafepress.com/"/>
-
-	<!--	cert !match help	-->
-	<rule from="^http://help\.cafepress\.com/hc/"
-		to="https://server.iad.liveperson.net/hc/"/>
-
-	<!--	Akamai bucket.  Finding it would ideal.	-->
-	<rule from="^http://content\d?\.cpcache\.com/"
-		to="https://content.cafepress.com/"/>
-
-	<!--	rewriting help to liveperson breaks links under "design your own"
-		in the footer.  Fix this by rewriting back.	-->
-	<rule from="^https://server\.iad\.liveperson\.net/make/"
-		to="https://www.cafepress.com/make/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Cafegate.com.xml b/src/chrome/content/rules/Cafegate.com.xml
index 873fa02e0ede..df5b22e5e30b 100644
--- a/src/chrome/content/rules/Cafegate.com.xml
+++ b/src/chrome/content/rules/Cafegate.com.xml
@@ -1,13 +1,21 @@
-<ruleset name="cafegate.com">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cafegate.com/ => https://cafegate.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.cafegate.com/ => https://www.cafegate.com/: (60, 'SSL certificate problem: certificate has expired')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://cafegate.com/ => https://cafegate.com/: (60, 'SSL certificate problem: certificate has expired')
+-->
+<ruleset name="cafegate.com" default_off="failed ruleset test">
 
 	<target host="cafegate.com" />
-	<target host="*.cafegate.com" />
+	<target host="www.cafegate.com" />
 
 
 	<securecookie host="^\.cafegate.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?cafegate\.com/"
-		to="https://$1cafegate.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Cafemakers.xml b/src/chrome/content/rules/Cafemakers.xml
index 89cf037271fa..ae4ed89828bf 100644
--- a/src/chrome/content/rules/Cafemakers.xml
+++ b/src/chrome/content/rules/Cafemakers.xml
@@ -1,4 +1,11 @@
-<ruleset name="Cafemakers">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cafemakers.com/ => https://cafemakers.com/: (35, 'Unknown SSL protocol error in connection to cafemakers.com:443 ')
+Fetch error: http://www.cafemakers.com/ => https://www.cafemakers.com/: (35, 'Unknown SSL protocol error in connection to www.cafemakers.com:443 ')
+
+-->
+<ruleset name="Cafemakers" default_off="failed ruleset test">
 
 	<target host="cafemakers.com" />
 	<target host="www.cafemakers.com" />
@@ -7,7 +14,6 @@
 	<securecookie host="^\.cafemakers\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?cafemakers\.com/"
-		to="https://$1cafemakers.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Cahiers-Antispecistes.org.xml b/src/chrome/content/rules/Cahiers-Antispecistes.org.xml
new file mode 100644
index 000000000000..32c4a5cdbe6f
--- /dev/null
+++ b/src/chrome/content/rules/Cahiers-Antispecistes.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="Cahiers Antispécistes.org" platform="mixedcontent">
+
+	<target host="cahiers-antispecistes.org" />
+	<target host="www.cahiers-antispecistes.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CainTV.xml b/src/chrome/content/rules/CainTV.xml
index a8c28df84f12..420ca8d1752a 100644
--- a/src/chrome/content/rules/CainTV.xml
+++ b/src/chrome/content/rules/CainTV.xml
@@ -13,4 +13,4 @@
 	<rule from="^http://static\d?\.caintvnetwork\.com/"
 		to="https://d19kb9pin9tdml.cloudfront.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Caisse-Epargne.fr.xml b/src/chrome/content/rules/Caisse-Epargne.fr.xml
index 7a33db429845..9331186b22e2 100644
--- a/src/chrome/content/rules/Caisse-Epargne.fr.xml
+++ b/src/chrome/content/rules/Caisse-Epargne.fr.xml
@@ -1,6 +1,21 @@
-<ruleset name="Caisse d'Epargne">
-  <target host="www.caisse-epargne.fr" />
-  <target host="caisse-epargne.com" />
+<!--
+	https://caisse-epargne.fr asks to go to https://www.caisse-epagne.fr
+
+	Invalid certificate:
+		www.recrute.caisse-epargne.com
+
+	Refused:
+		www.societaires.caisse-epargne.fr
+
+-->
+<ruleset name="Caisse d'Epargne (partial)">
+
+	<target host="www.caisse-epargne.fr" />
+	<target host="www.gestionprivee.caisse-epargne.fr" />
+	<target host="www.m.caisse-epargne.fr" />
+	<target host="www.netdemo.caisse-epargne.fr" />
+		<test url="http://www.netdemo.caisse-epargne.fr/Portail.aspx" />
+
+	<rule from="^http:" to="https:" />
 
-  <rule from="^http://(?:www\.)?caisse-epargne\.fr/" to="https://www.caisse-epargne.fr/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/CakeCentral.com.xml b/src/chrome/content/rules/CakeCentral.com.xml
new file mode 100644
index 000000000000..13d68acf6388
--- /dev/null
+++ b/src/chrome/content/rules/CakeCentral.com.xml
@@ -0,0 +1,15 @@
+<ruleset name="Cake Central.com">
+
+	<target host="cakecentral.com" />
+	<target host="www.cakecentral.com" />
+	<target host="cdn.cakecentral.com" />
+		<test url="http://cdn.cakecentral.com/gallery/2015/03/900_842385NB31_doe-and-fawn-cake.jpg" />
+	<target host="cdn001.cakecentral.com" />
+		<test url="http://cdn001.cakecentral.com/icons/favicons/favicon.ico" />
+	<target host="cdn1.cakecentral.com" />
+		<test url="http://cdn1.cakecentral.com/themes/cakev6/assets/global/plugins/font-awesome/css/font-awesome.min.css" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Caktus_Group.com.xml b/src/chrome/content/rules/Caktus_Group.com.xml
new file mode 100644
index 000000000000..76abf33a63c0
--- /dev/null
+++ b/src/chrome/content/rules/Caktus_Group.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="Caktus Group.com">
+
+	<target host="caktusgroup.com" />
+	<target host="www.caktusgroup.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cal.net.xml b/src/chrome/content/rules/Cal.net.xml
deleted file mode 100644
index a3807cebf078..000000000000
--- a/src/chrome/content/rules/Cal.net.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	www: cert only matches ^cal.net
-
--->
-<ruleset name="Cal.net">
-
-	<target host="cal.net" />
-	<target host="www.cal.net" />
-
-
-	<rule from="^http://(?:www\.)?cal\.net/"
-		to="https://cal.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/CalChamber.com.xml b/src/chrome/content/rules/CalChamber.com.xml
new file mode 100644
index 000000000000..aea463025197
--- /dev/null
+++ b/src/chrome/content/rules/CalChamber.com.xml
@@ -0,0 +1,35 @@
+<!--
+    Invalid certificate:
+        email.calchamber.com
+        links.email.calchamber.com
+        www.store.calchamber.com
+
+  	No working URL known:
+  		images.calchamber.com
+
+    Time out:
+        chat.calchamber.com
+
+-->
+
+<ruleset name="CalChamber.com">
+
+	<target host="calchamber.com" />
+	<target host="www.calchamber.com" />
+	<target host="about.calchamber.com" />
+	<target host="advocacy.calchamber.com" />
+	<target host="advocacydev.calchamber.com" />
+	<target host="california-mexicomission.calchamber.com" />
+	<target host="cfce.calchamber.com" />
+	<target host="ehc.calchamber.com" />
+	<target host="election.calchamber.com" />
+	<target host="hrwatchdog.calchamber.com" />
+	<target host="media.calchamber.com" />
+	<target host="products.calchamber.com" />
+	<target host="stage.calchamber.com" />
+	<target host="store.calchamber.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CalSky.xml b/src/chrome/content/rules/CalSky.xml
index ca971cfa6a55..fba32e4b1b10 100644
--- a/src/chrome/content/rules/CalSky.xml
+++ b/src/chrome/content/rules/CalSky.xml
@@ -1,4 +1,4 @@
-<ruleset name="CalSky" default_off="mismatch">
+<ruleset name="CalSky" default_off="mismatched">
 
 	<!--	Cert: www.bluetenprodukte.ch	-->
 	<target host="calsky.com" />
@@ -6,7 +6,7 @@
 
 
 	<!--	!www redirects to www.	-->
-	<rule from="^https?://(?:www\.)?calsky\.com/"
+	<rule from="^http://(?:www\.)?calsky\.com/"
 		to="https://www.calsky.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Cal_Poly.edu-falsemixed.xml b/src/chrome/content/rules/Cal_Poly.edu-falsemixed.xml
new file mode 100644
index 000000000000..511278acf4d3
--- /dev/null
+++ b/src/chrome/content/rules/Cal_Poly.edu-falsemixed.xml
@@ -0,0 +1,17 @@
+<!--
+	For rules not causing false/broken MCB, see California_Polytechnic_State_University.xml.
+
+-->
+<ruleset name="Cal Poly.edu (false MCB)" platform="mixedcontent">
+
+	<target host="admissions.calpoly.edu" />
+	<target host="polycat.lib.calpoly.edu" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cal_Poly_Arts.org.xml b/src/chrome/content/rules/Cal_Poly_Arts.org.xml
new file mode 100644
index 000000000000..d4fa776d8283
--- /dev/null
+++ b/src/chrome/content/rules/Cal_Poly_Arts.org.xml
@@ -0,0 +1,17 @@
+<!--
+	For other California Polytechnic State University coverage, see California_Polytechnic_State_University.xml.
+
+-->
+<ruleset name="Cal Poly Arts.org">
+
+	<target host="calpolyarts.org" />
+	<target host="www.calpolyarts.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cal_State.edu.xml b/src/chrome/content/rules/Cal_State.edu.xml
new file mode 100644
index 000000000000..4c241212e70a
--- /dev/null
+++ b/src/chrome/content/rules/Cal_State.edu.xml
@@ -0,0 +1,12 @@
+<!--
+	California State University
+
+-->
+<ruleset name="Cal State.edu (partial)">
+
+	<target host="sdsu-dspace.calstate.edu" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Calacademy.org.xml b/src/chrome/content/rules/Calacademy.org.xml
new file mode 100644
index 000000000000..f41bb5e33004
--- /dev/null
+++ b/src/chrome/content/rules/Calacademy.org.xml
@@ -0,0 +1,63 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://sso.calacademy.org/ => https://sso.calacademy.org/: (35, 'Unknown SSL protocol error in connection to sso.calacademy.org:443 ')
+
+	Nonfunctional hosts in *.calacademy.org:
+
+	Incomplete certificate chain:
+
+		calacademy.org
+		www.calacademy.org
+
+	Invalid certificate:
+
+		calendar.calacademy.org
+		hotels.calacademy.org
+		libcat.calacademy.org
+		pages.calacademy.org
+		research.calacademy.org
+		sacportal.calacademy.org
+		m.stg.calacademy.org
+
+	Timeout:
+
+		archdrop.calacademy.org
+		casp.calacademy.org
+		chat.calacademy.org
+		collections.calacademy.org
+		ipt.calacademy.org
+		myexplorer.calacademy.org
+		phylocluster.calacademy.org
+		researcharchive.calacademy.org
+		sengis.calacademy.org
+		www-dr.calacademy.org
+		zeus.calacademy.org
+
+	PROTOCOL_ERROR:
+
+		multisite.calacademy.org
+
+  Redirect to http:
+
+		legacy.calacademy.org
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Calacademy.org" default_off="failed ruleset test">
+	<target host="apps.calacademy.org" />
+	<target host="archivesadmin.calacademy.org" />
+	<target host="jira.calacademy.org" />
+	<target host="kronos.calacademy.org" />
+	<target host="monarch.calacademy.org" />
+	<target host="sso.calacademy.org" />
+	<target host="store.calacademy.org" />
+	<target host="ticketing.calacademy.org" />
+	<target host="vpn.calacademy.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Calameo.com-problematic.xml b/src/chrome/content/rules/Calameo.com-problematic.xml
deleted file mode 100644
index 0b4868e42556..000000000000
--- a/src/chrome/content/rules/Calameo.com-problematic.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	For rules that are on by default, see Calameo.com.xml.
-
--->
-<ruleset name="Calameo.com (problematic)" default_off="expired, self-signed" platform="mixedcontent">
-
-	<target host="*.calameo.com" />
-
-
-	<securecookie host="^help\.calameo\.com$" name=".+" />
-
-
-	<rule from="^http://(cn|de|en|es|fr|help|it|jp|kr|pt|ru)\.calameo\.com/"
-		to="https://$1.calameo.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Calameo.com.xml b/src/chrome/content/rules/Calameo.com.xml
index 9c37b34327ca..f9b393841fe6 100644
--- a/src/chrome/content/rules/Calameo.com.xml
+++ b/src/chrome/content/rules/Calameo.com.xml
@@ -1,45 +1,46 @@
 <!--
-	For problematic domains, see Calameo.com-problematic.xml.
-
-
-	CDN buckets:
-
-		- v.calameo.com.cdngc.net
-
-		- s1.calameoassets.com.cdngc.net
-
-			- s[123].calameoassets.com
-
-
-	Nonfunctional domains:
-
-		- (www.)calameo.com	(refused)
-
-		- calameoassets.com subdomains:
-
-			- s1	(reset)
-			- s2	(403; mismatched, CN: support3.cdnetworks.net)
-			- s3	(403; mismatched, CN: ssl2.cdngc.net)
-
-
-	Problematic subdomains:
-
-		- (cn|de|en|es|fr|it|jp|kr|pt|ru)
-
-			- Works
-			- Mixed css from s2.calameoassets.com
-			- Expired 2010-01-30
-			- Self-signed, CN: localhost.localdomain
-
-		- help	(works; mismatched, CN: ssl2.ovh.net)
-
+	Other Calameo.com related ruleset:
+		 - Calameoassets.com.xml
+
+	Non-functional hosts
+		Couldn't connect to server:
+			 - static1.calameo.com
+
+		Timeout was reached:
+			 - mail2.calameo.com
+
+		SSL peer certificate was not OK:
+			 - blog.calameo.com
+			 - help.calameo.com
+			 - mail1.calameo.com
+
+		4xx client error:
+			 - data.calameo.com
+			 - sk.calameo.com
+			 - static.calameo.com
+			 - tracker.calameo.com
 -->
 <ruleset name="Calameo.com (partial)">
-
+	<target host="calameo.com" />
+	<target host="www.calameo.com" />
+	<target host="cn.calameo.com" />
+	<target host="d.calameo.com" />
+		<test url="http://d.calameo.com/pinwheel/public/stream/book/get?dialect=en&amp;output=jsonp" />
+	<target host="de.calameo.com" />
+	<target host="en.calameo.com" />
+	<target host="es.calameo.com" />
+	<target host="fr.calameo.com" />
+	<target host="it.calameo.com" />
+	<target host="ita.calameo.com" />
+	<target host="jp.calameo.com" />
+	<target host="pt.calameo.com" />
+	<target host="ru.calameo.com" />
+	<target host="support.calameo.com" />
+	<target host="upload.calameo.com" />
+	<target host="upload2.calameo.com" />
 	<target host="v.calameo.com" />
+	<target host="viewer.calameo.com" />
+	<target host="widget.calameo.com" />
 
-
-	<rule from="^http://v\.calameo\.com/"
-		to="https://v.calameo.com/" />
-
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Calameoassets.com.xml b/src/chrome/content/rules/Calameoassets.com.xml
new file mode 100644
index 000000000000..5b278814f702
--- /dev/null
+++ b/src/chrome/content/rules/Calameoassets.com.xml
@@ -0,0 +1,47 @@
+<!--
+	For more Calameo.com related ruleset, see Calameo.com.xml
+-->
+<ruleset name="Calameoassets.com">
+	<target host="a.calameoassets.com" />
+		<test url="http://a.calameoassets.com/4439838/picture.jpg" />
+	<target host="i.calameoassets.com" />
+		<test url="http://i.calameoassets.com/160123074958-1e51a67b0d444d2ffef9091cd804ffba/thumb.jpg" />
+		<test url="http://i.calameoassets.com/170320140312-0165aa5b40c01b8b3c6bac7747deab04/large.jpg" />
+		<test url="http://i.calameoassets.com/170509211729-1d1a77f42d8a808f9b15342da6a3fb4b/large.jpg" />
+	<target host="i1.calameoassets.com" />
+		<test url="http://i1.calameoassets.com/160123074958-1e51a67b0d444d2ffef9091cd804ffba/thumb.jpg" />
+		<test url="http://i1.calameoassets.com/170320140312-0165aa5b40c01b8b3c6bac7747deab04/large.jpg" />
+		<test url="http://i1.calameoassets.com/170509211729-1d1a77f42d8a808f9b15342da6a3fb4b/large.jpg" />
+	<target host="i2.calameoassets.com" />
+		<test url="http://i2.calameoassets.com/160123074958-1e51a67b0d444d2ffef9091cd804ffba/thumb.jpg" />
+		<test url="http://i2.calameoassets.com/170320140312-0165aa5b40c01b8b3c6bac7747deab04/large.jpg" />
+		<test url="http://i2.calameoassets.com/170509211729-1d1a77f42d8a808f9b15342da6a3fb4b/large.jpg" />
+	<target host="i3.calameoassets.com" />
+		<test url="http://i3.calameoassets.com/160123074958-1e51a67b0d444d2ffef9091cd804ffba/thumb.jpg" />
+		<test url="http://i3.calameoassets.com/170320140312-0165aa5b40c01b8b3c6bac7747deab04/large.jpg" />
+		<test url="http://i3.calameoassets.com/170509211729-1d1a77f42d8a808f9b15342da6a3fb4b/large.jpg" />
+	<target host="p.calameoassets.com" />
+		<test url="http://p.calameoassets.com/141223151453-ae8c278e1e1f2493a4b35da08365f836/p1.jpg" />
+	<target host="s.calameoassets.com" />
+		<test url="http://s.calameoassets.com/pinwheel/6647-006971/platform/css/main.css" />
+		<test url="http://s.calameoassets.com/pinwheel/6647-006971/platform/font/verblight.woff?424pum" />
+		<test url="http://s.calameoassets.com/pinwheel/6647-006971/platform/scripts/common.js" />
+	<target host="s1.calameoassets.com" />
+		<test url="http://s1.calameoassets.com/pinwheel/6647-006971/platform/css/main.css" />
+		<test url="http://s1.calameoassets.com/pinwheel/6647-006971/platform/font/verblight.woff?424pum" />
+		<test url="http://s1.calameoassets.com/pinwheel/6647-006971/platform/scripts/common.js" />
+	<target host="s2.calameoassets.com" />
+		<test url="http://s2.calameoassets.com/pinwheel/6647-006971/platform/css/main.css" />
+		<test url="http://s2.calameoassets.com/pinwheel/6647-006971/platform/font/verblight.woff?424pum" />
+		<test url="http://s2.calameoassets.com/pinwheel/6647-006971/platform/scripts/common.js" />
+	<target host="s3.calameoassets.com" />
+		<test url="http://s3.calameoassets.com/pinwheel/6647-006971/platform/css/main.css" />
+		<test url="http://s3.calameoassets.com/pinwheel/6647-006971/platform/font/verblight.woff?424pum" />
+		<test url="http://s3.calameoassets.com/pinwheel/6647-006971/platform/scripts/common.js" />
+	<target host="sk.calameoassets.com" />
+		<test url="http://sk.calameoassets.com/2.1/default/assets.png" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Calazan.com.xml b/src/chrome/content/rules/Calazan.com.xml
new file mode 100644
index 000000000000..0c2585fb10da
--- /dev/null
+++ b/src/chrome/content/rules/Calazan.com.xml
@@ -0,0 +1,18 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://calazan.com/ => https://calazan.com/: (51, "SSL: no alternative certificate subject name matches target host name 'calazan.com'")
+
+-->
+<ruleset name="Calazan.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="calazan.com" />
+	<target host="www.calazan.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Calculator.net.xml b/src/chrome/content/rules/Calculator.net.xml
new file mode 100644
index 000000000000..6373c35dca79
--- /dev/null
+++ b/src/chrome/content/rules/Calculator.net.xml
@@ -0,0 +1,8 @@
+<ruleset name="Calculator.net">
+	<target host="calculator.net" />
+	<target host="www.calculator.net" />
+
+	<rule from="^http:" to="https:" />
+
+	<test url="http://www.calculator.net/mortgage-calculator.html" />
+</ruleset>
diff --git a/src/chrome/content/rules/Calderdale.gov.uk-falsemixed.xml b/src/chrome/content/rules/Calderdale.gov.uk-falsemixed.xml
new file mode 100644
index 000000000000..67b5f6dff545
--- /dev/null
+++ b/src/chrome/content/rules/Calderdale.gov.uk-falsemixed.xml
@@ -0,0 +1,17 @@
+<!--
+	For rules not causing false/broken MCB, see Calderdale.gov.uk.xml.
+
+-->
+<ruleset name="Calderdale.gov.uk (false MCB)" platform="mixedcontent">
+
+	<target host="calderdale.gov.uk" />
+	<target host="www.calderdale.gov.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Calderdale.gov.uk.xml b/src/chrome/content/rules/Calderdale.gov.uk.xml
new file mode 100644
index 000000000000..4b6deaf2727f
--- /dev/null
+++ b/src/chrome/content/rules/Calderdale.gov.uk.xml
@@ -0,0 +1,82 @@
+<!--
+	Calderdale Metropolitan Borough Council
+
+	For rules causing false/broken MCB, see Calderdale.gov.uk-falsemixed.xml.
+
+
+	Nonfunctional hosts in *calderdale.gov.uk:
+
+		- dataworks ʳ
+		- earlyintervention ᵈ
+		- innovate ᵈ
+		- map ᵈ
+		- museums ᵖ
+		- news ᵈ
+		- online ᵈ
+		- portal ᵈ
+		- servicedesk ᵈ
+		- youthhub ᵈ
+		- yoyo ᵈ
+
+	ᵖ Plaintext reply
+	ʳ Refused
+
+
+	Problematic hosts in *calderdale.gov.uk:
+
+		- observatory ᵐ
+
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- observatory.calderdale.gov.uk
+		- sportonline.calderdale.gov.uk
+
+
+	Mixed content:
+
+		- css, on:
+
+			- (www.)? from www.calderdale.gov.uk ˢ
+			- (www.)? from cdnjs.cloudflare.com ˢ
+
+		- Images, on:
+
+			- (www.)?, parkinggw from www.calderdale.gov.uk ˢ
+			- observatory from observatory.bradford.gov.uk ᵐ
+			- observatory from observatory.calderdale.gov.uk ᵐ
+			- observatory from observatory.kirklees.gov.uk
+			- observatory from observatory.leeds.gov.uk ˢ
+			- observatory from observatory.wakefield.gov.uk
+
+	ᵐ Not secured by us <= mismatched
+	ˢ Secured by us
+
+
+-->
+<ruleset name="Calderdale.gov.uk (partial)">
+
+	<!--target host="calderdale.gov.uk" /-->
+	<target host="ems.calderdale.gov.uk" />
+	<target host="jobs.calderdale.gov.uk" />
+	<target host="learning.calderdale.gov.uk" />
+	<target host="owa.calderdale.gov.uk" />
+	<target host="parkinggw.calderdale.gov.uk" />
+	<target host="sportonline.calderdale.gov.uk" />
+	<!--target host="www.calderdale.gov.uk" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^observatory\.calderdale\.gov\.uk$" name="^(?:ASP\.NET_SessionId|ias\.Locale|ias\.PreferredItemCount)$" /-->
+	<!--securecookie host="^sportonline\.calderdale\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Calend.ru.xml b/src/chrome/content/rules/Calend.ru.xml
new file mode 100644
index 000000000000..13c0efbc05d9
--- /dev/null
+++ b/src/chrome/content/rules/Calend.ru.xml
@@ -0,0 +1,11 @@
+<!--
+	Calend.ru has a wildcard DNS record. Only domains that have valid certificates are included here.
+-->
+<ruleset name="Calend.ru">
+	<target host="calend.ru" />
+	<target host="www.calend.ru" />
+	<target host="amp.calend.ru" />
+	<target host="beta.calend.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CalendarWiz.xml b/src/chrome/content/rules/CalendarWiz.xml
new file mode 100644
index 000000000000..a863151c8331
--- /dev/null
+++ b/src/chrome/content/rules/CalendarWiz.xml
@@ -0,0 +1,9 @@
+<ruleset name="CalendarWiz">
+	<target host="calendarwiz.com" />
+	<target host="www.calendarwiz.com" />
+
+	<securecookie host="^www\.calendarwiz\.com$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Calendars.com.xml b/src/chrome/content/rules/Calendars.com.xml
index a8e95fced2c5..28b9474c9bdc 100644
--- a/src/chrome/content/rules/Calendars.com.xml
+++ b/src/chrome/content/rules/Calendars.com.xml
@@ -1,19 +1,37 @@
 <!--
-	Nonfunctional subdomains:
-
-		- app		(404, mismatched, CN: *.e-dialog.com)
-
-
-	Some (most?) pages redirect to http
+ Nonfunctional subdomains:
+  - app  (404, mismatched, CN: *.e-dialog.com)
 
+ Some (most?) pages redirect to http
 -->
-<ruleset name="Calendars.com (partial)">
-
-	<target host="calendars.com" />
-	<target host="www.calendars.com" />
-
-
-	<rule from="^http://(www\.)?calendars\.com/(css/|img/|user)"
-		to="https://$1calendars.com/$1" />
-
-</ruleset>
\ No newline at end of file
+<ruleset name="Calendars.com">
+ <target host="calendars.com" />
+ <target host="www.calendars.com" />
+
+ <test url="http://www.calendars.com/Baby-Animals/cat00172/" />
+    <test url="http://www.calendars.com/Bears/cat00173/" />
+    <test url="http://www.calendars.com/Big-Cats/cat00174/" />
+    <test url="http://www.calendars.com/Jigsaw-Puzzles/" />
+
+ <exclusion pattern="^http://(www\.)?calendars\.com/(?!(css/|img/|js/|user/|dbs/))" />
+ <test url="http://calendars.com/dbs/" />
+    <test url="http://www.calendars.com/dbs/" />
+    <test url="http://www.calendars.com/dbs/Baby-Animals/cat00172/" />
+    <test url="http://www.calendars.com/dbs/Bears/cat00173/" />
+    <test url="http://www.calendars.com/dbs/Big-Cats/cat00174/" />
+    <test url="http://www.calendars.com/dbs/Jigsaw-Puzzles/" />
+
+ <exclusion pattern="^http://(www\.)?calendars\.com/dbs/(?!(css/|img/|js/|user/))" />
+
+ <test url="http://www.calendars.com/css/common.css" />
+    <test url="http://www.calendars.com/img/common/calendarsLogo.gif" />
+    <test url="http://www.calendars.com/user/login.jsp" />
+ <test url="http://www.calendars.com/js/jquery.timer.js" />
+ <test url="http://www.calendars.com/dbs/css/common.css" />
+    <test url="http://www.calendars.com/dbs/img/common/calendarsLogo.gif" />
+    <test url="http://www.calendars.com/dbs/user/login.jsp" />
+ <test url="http://www.calendars.com/dbs/js/jquery.timer.js" />
+ <rule from="^http://(www\.)?calendars\.com/(css/|img/|js/|user/|dbs)"
+  to="https://$1calendars.com/$2" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Calguns_Foundation.org.xml b/src/chrome/content/rules/Calguns_Foundation.org.xml
index 3934673ebbf5..2fcda55bc3ec 100644
--- a/src/chrome/content/rules/Calguns_Foundation.org.xml
+++ b/src/chrome/content/rules/Calguns_Foundation.org.xml
@@ -1,13 +1,20 @@
-<ruleset name="Calguns Foundation.org">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://calgunsfoundation.org/ => https://calgunsfoundation.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://store.calgunsfoundation.org/ => https://store.calgunsfoundation.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+-->
+<ruleset name="Calguns Foundation.org" default_off="failed ruleset test">
 
 	<target host="calgunsfoundation.org" />
-	<target host="*.calgunsfoundation.org" />
+	<target host="store.calgunsfoundation.org" />
+	<target host="www.calgunsfoundation.org" />
 
 
 	<securecookie host="^(?:store\.|www\.)?calgunsfoundation\.org$" name=".+" />
 
 
-	<rule from="^http://(store\.|www\.)?calgunsfoundation\.org/"
-		to="https://$1calgunsfoundation.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Calibre-Ebook.com.xml b/src/chrome/content/rules/Calibre-Ebook.com.xml
new file mode 100644
index 000000000000..3e03bed7872a
--- /dev/null
+++ b/src/chrome/content/rules/Calibre-Ebook.com.xml
@@ -0,0 +1,24 @@
+<!--
+	Secure connection failed:
+		blog.calibre-ebook.com
+
+	Invalid certificate:
+		code.calibre-ebook.com
+		status.calibre-ebook.com
+
+-->
+<ruleset name="calibre-ebook.com">
+
+	<target host="calibre-ebook.com"/>
+	<target host="www.calibre-ebook.com"/>
+	<target host="download.calibre-ebook.com"/>
+	<target host="drmfree.calibre-ebook.com"/>
+	<target host="main.calibre-ebook.com" />
+	<target host="manual.calibre-ebook.com"/>
+	<target host="open-books.calibre-ebook.com" />
+	<target host="plugins.calibre-ebook.com"/>
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Calibre.xml b/src/chrome/content/rules/Calibre.xml
deleted file mode 100644
index 5239b4595280..000000000000
--- a/src/chrome/content/rules/Calibre.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="calibre" default_off="mismatch, self-signed">
-
-	<!--	cert: *.kovidgoyal.net	-->
-	<target host="calibre-ebook.com"/>
-	<target host="www.calibre-ebook.com"/>
-
-	<rule from="^http://(?:www\.)?calibre-ebook\.com/"
-		to="https://calibre-ebook.com/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/California-Department-of-Motor-Vehicles.xml b/src/chrome/content/rules/California-Department-of-Motor-Vehicles.xml
deleted file mode 100644
index e5626ba187a4..000000000000
--- a/src/chrome/content/rules/California-Department-of-Motor-Vehicles.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="California Department of Motor Vehicles">
-
-	<target host="dmv.ca.gov" />
-	<target host="www.dmv.ca.gov" />
-
-
-	<!--	Cert only matches www.
-					-->
-	<rule from="^https?://(?:www\.)?dmv\.ca\.gov/"
-		to="https://www.dmv.ca.gov/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/California-Franchise-Tax-Board.xml b/src/chrome/content/rules/California-Franchise-Tax-Board.xml
index 2b362a6482ef..e17144319e7a 100644
--- a/src/chrome/content/rules/California-Franchise-Tax-Board.xml
+++ b/src/chrome/content/rules/California-Franchise-Tax-Board.xml
@@ -4,9 +4,10 @@
 	<target host="webapp.ftb.ca.gov" />
 	<target host="www.ftb.ca.gov" />
 
-	<securecookie host="^((stats|webapp|www)\.)?ftb\.ca\.gov$"
-			name=".+" />
+	<securecookie host="^(?:(?:stats|webapp|www)\.)?ftb\.ca\.gov$" name=".+" />
 
-	<rule from="^http://((stats|webapp|www)\.)?ftb\.ca\.gov/"
-		to="https://$1ftb.ca.gov/" />
-</ruleset>
\ No newline at end of file
+	<test url="http://stats.ftb.ca.gov/dcsk16hof000004bfefbkcw6o_1f9b/njs.gif?dcsuri=/nojavascript&amp;WT.js=No&amp;WT.tv=10.4.1&amp;dcssip=www.ftb.ca.gov" />
+	<test url="http://webapp.ftb.ca.gov/MyFTBAccess/iUserName.aspx" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/California-STD-HIV-Training.xml b/src/chrome/content/rules/California-STD-HIV-Training.xml
deleted file mode 100644
index 4d9a2cc933b5..000000000000
--- a/src/chrome/content/rules/California-STD-HIV-Training.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<ruleset name="California STD/HIV Prevention Training Center (partial)">
-	<target host="stdhivtraining.org" />
-	<target host="www.stdhivtraining.org" />
-
-	<!-- Note that https://stdhivtraining.org/ appears to lead to
-	a different site from https://www.stdhivtraining.org/ as of
-	June 16, 2011! (At the same time, both http://stdhivtraining.org/
-	and http://www.stdhivtraining.org/ do appear to lead to the
-	same site.) -->
-	<rule from="^((http://(?:www\.)?)|https://)stdhivtraining\.org/" to="https://www.stdhivtraining.org/" />
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/California-State-University.xml b/src/chrome/content/rules/California-State-University.xml
index b3df74bdce53..d9cae69d594b 100644
--- a/src/chrome/content/rules/California-State-University.xml
+++ b/src/chrome/content/rules/California-State-University.xml
@@ -1,12 +1,48 @@
-<ruleset name="California State University (partial)">
+<!--
+        Non-functional hosts
+                Couldn't connect to server:
+                - www.foundation.csulb.edu
+                - maestro.csulb.edu
+                - specialevents.csulb.edu
+
+                Timeout was reached:
+                - www.cla.csulb.edu
+                - folding.cnsm.csulb.edu
+                - housing.csulb.edu
+                - www.housing.csulb.edu
+                - reserves.library.csulb.edu
+                - pncportal.shs.csulb.edu
+                - activitylog.upd.csulb.edu
 
-	<target host="csulb.edu"/>
-	<target host="*.csulb.edu"/>
+                SSL peer certificate was not OK:
+                - beachmail.csulb.edu
+                - www.careers.csulb.edu
+                - chemistry.csulb.edu
+                - daily49er.csulb.edu
+                - passport.csulb.edu
 
-	<securecookie host="^(.*\.)?csulb\.edu$" name=".*"/>
+                Peer certificate cannot be authenticated with given CA certificates:
+                - art.csulb.edu
+                - chaat.cla.csulb.edu
 
-	<!--	cert !valid for !www nor www2	-->
-	<rule from="^http://(?:www2?\.)?csulb\.edu/"
-		to="https://www.csulb.edu/"/>
+                Mixed content blocking (MCB) triggered:
+                - careers.csulb.edu
+                - web.csulb.edu
+-->
+<ruleset name="California State University (partial)">
+        <target host="csulb.edu" />
+        <target host="www.csulb.edu" />
+        <target host="beachid.csulb.edu" />
+        <target host="www.ccpe.csulb.edu" />
+        <target host="global.ccpe.csulb.edu" />
+        <target host="www.ced.csulb.edu" />
+        <target host="daf.csulb.edu" />
+        <target host="giveto.csulb.edu" />
+        <target host="apply.housing.csulb.edu" />
+        <target host="illiad.library.csulb.edu" />
+        <target host="mail.csulb.edu" />
+        <target host="parking.csulb.edu" />
+        <target host="voicemail.csulb.edu" />
 
+        <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/California_Department_of_Justice.xml b/src/chrome/content/rules/California_Department_of_Justice.xml
index e9d4c1b6527c..60f23583efa4 100644
--- a/src/chrome/content/rules/California_Department_of_Justice.xml
+++ b/src/chrome/content/rules/California_Department_of_Justice.xml
@@ -4,7 +4,6 @@
 	<target host="www.oag.ca.gov" />
 
 
-	<rule from="^http://(www\.)?oag\.ca\.gov/"
-		to="https://$1oag.ca.gov/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/California_Legislative_Information.xml b/src/chrome/content/rules/California_Legislative_Information.xml
index 4799e574ab47..09ec42093e5c 100644
--- a/src/chrome/content/rules/California_Legislative_Information.xml
+++ b/src/chrome/content/rules/California_Legislative_Information.xml
@@ -1,5 +1,4 @@
 <!--
-	For other U.S. government coverage, see US-government.xml.
 
 -->
 <ruleset name="California Legislative Information">
@@ -10,7 +9,6 @@
 	<securecookie host="^leginfo\.legislature\.ca\.gov$" name=".+" />
 
 
-	<rule from="^http://leginfo\.legislature\.ca\.gov/"
-		to="https://leginfo.legislature.ca.gov/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/California_Polytechnic_State_University.xml b/src/chrome/content/rules/California_Polytechnic_State_University.xml
index 551ec8b76e42..54616006acaa 100644
--- a/src/chrome/content/rules/California_Polytechnic_State_University.xml
+++ b/src/chrome/content/rules/California_Polytechnic_State_University.xml
@@ -1,114 +1,166 @@
+
 <!--
-	Nonfunctional subdomains:
-
-		- (www.) *
-		- (www.)academicaffairs *
-		- admissions *
-		- (www.)brae *
-		- (www.)catalog		(no https)
-		- (www.)cla		(shows hagrid.libart; mismatched, CN: hagrid.libart.calpoly.edu)
-		- (www.)continuing-ed *
-		- financialaid *
-		- (www.)international *
-		- (www.)its *
-		- databases.lib		(shows xerxes; mismatched, CN: xerxes.calstate.edu)
-		- (www.)maps *
-		- (www.)mds *
-		- netadmin		(shows wireless; mismatched, CN: wireless.calpoly.edu)
-		- (www.)polylearnsupport *
-
-	* Times out
-
-
-	Problematic subdomains:
-
-		- (www.)academic-personnel *
-		- (www.)aged *
-		- (www.)alumni *
-		- (www.)careerservices *
-		- (www.)drupal *
-		- (www.)hcs *
-		- (www.)housing *
-		- (www.)housing-test *
-		- (www.)ipa *
-		- www.my		(cert only matches ^my)
-		- polycard *
-		- (www.)polydata *
-		- (www.)registrar *
-		- (www.)servicedesk *
-		- (www.)soe *
-		- (www.)studentaffairs *
-		- (www.)studentaffairs-test *
-		- www.wireless			(cert only matches ^wireless)
-
-	* Mismatched, CN: *.wcms.calpoly.edu
-
-
-	Partially covered subdomains:
-
-		- (www.)academic-personnel *	(→ academic-personnel.wcms)
-		- (www.)aged *			(→ aged.wcms)
-		- (www.)alumni *		(→ alumni.wcms)
-		- (www.)careerservices *	(→ careerservices.wcms)
-		- (www.)drupal *		(→ drupal.wcms)
-		- (www.)hcs *			(→ hcs.wcms)
-		- (www.)housing *		(→ housing.wcms)
-		- (www.)housing-test *		(→ housing-test.wcms)
-		- (www.)ipa *			(→ ipa.wcms)
-		- polycard *			(→ polycard.wcms)
-		- (www.)polydata *		(→ polydata.wcms)
-		- (www.)registrar *		(→ registrar.wcms)
-		- (www.)servicedesk *		(→ servicedesk.wcms)
-		- (www.)soe			(→ soe.wcms)
-		- (www.)studentaffairs		(→ studentaffairs.wcms)
-		- (www.)studentaffairs-test	(→ studentaffairs-test.wcms)
-		- academic-personnel.wcms *
-		- aged.wcms *
-		- alumni.wcms *
-		- careerservices.wcms *
-		- drupal.wcms *
-		- hcs.wcms *
-		- housing.wcms *
-		- housing-test.wcms *
-		- ipa.wcms *
-		- polycard.wcms *
-		- polydata.wcms *
-		- registrar.wcms *
-		- servicedesk.wcms *
-		- soe.wcms *
-		- studentaffairs.wcms *
-		- studentaffairs-test.wcms *
-
-	* Pages redirect to http
-
-
-	Fully covered subdomains:
-
-		- webresource.its
-		- (www.)lib
-		- hagrid.libart
-		- (www.)my		(www → ^)
-		- myportal
-		- (www.)wireless	(www → ^)
-		- xerxes
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.afd.calpoly.edu/ => https://www.afd.calpoly.edu/: (51, "SSL: no alternative certificate subject name matches target host name 'www.afd.calpoly.edu'")
+Fetch error: http://hagrid.libart.calpoly.edu/ => https://hagrid.libart.calpoly.edu/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://xerxes.calpoly.edu/ => https://xerxes.calpoly.edu/: (6, 'Could not resolve host: xerxes.calpoly.edu')
+
+	California Polytechnic State University
+
+	For rules causing false/broken MCB, see Cal_Poly.edu-falsemixed.xml.
+
+	Other California Polytechnic State University rulesets:
+
+		- Cal_Poly_Arts.org.xml
+
+
+	Nonfunctional hosts in *calpoly.edu:
+
+		- (www.) ᵈ
+		- (www.)?academicaffairs ᵈ
+		- (www.)?alumni ᵈ
+		- backweek ᵈ
+		- (www.)brae ᵈ
+		- www.calpolynews ʰ
+		- campusclimate ʰ
+		- cap *
+		- (www.)?catalog ʳ
+		- www.cob ʳ
+		- (www.)?continuing-ed ᵈ
+		- www.extended ᵈ
+		- financialaid ᵈ
+		- (www.)?international ᵈ
+		- (www.)?ipa ᵈ
+		- (www.)?its ᵈ
+		- databases.lib ˢ
+		- find.lib ˢ
+		- (www.)?maps ᵈ
+		- (www.)?mds ᵈ
+		- netadmin ˢ
+		- orientation ᵈ
+		- president ᵈ
+		- (www.)?polylearnsupport ᵈ
+		- universitystrategicplan ᵖ
+
+	ᵈ Dropped
+	ʰ Handshake fails
+	* Redirects to afd.calpoly.edu
+	ʳ Refused
+	ˢ Shows another domain
+	ᵖ Shows default page
+
+
+	Problematic hosts in *calpoly.edu:
+
+		- (www.)?academic-personnel ᵐ
+		- (www.)?academicsenate ᵐ
+		- admissions ˣ
+		- (www.)?aged ᵐ
+		- (www.)?cafes ᵐ
+		- (www.)?careerservices ᵐ
+		- (www.)?cla ᵐ
+		- www.cosam ᵐ
+		- (www.)?diversity
+		- (www.)?drupal ᵐ
+		- (www.)?equalopportunity ᵐ
+		- (www.)?hcs ᵐ
+		- www.housing ᵐ
+		- (www.)?housing-test ᵐ
+		- (www.)?ipa ᵐ
+		- (www.)?ir ᵐ
+
+		- guides.lib ᵐ
+		- polycat.lib ˣ
+		- www.lib ᵐ
+
+		- (www.)?liberalstudies ᵐ
+		- www.my ᵐ
+		- (www.)?osrr ᵐ
+		- (www.)?polycard ᵐ
+		- (www.)?polydata ᵐ
+		- (www.)?registrar ᵐ
+		- (www.)?security ᵐ
+		- (www.)?servicedesk ᵐ
+		- (www.)?soe ᵐ
+		- (www.)?studentaffairs ᵐ
+		- www.tickets ᵐ
+		- (www.)?wasc ᵐ
+		- www.wireless ᵐ
+
+	ᵐ Mismatched
+	ˣ Mixed css
+
+
+	These altnames don't exist:
+
+		- d7.calpoly.edu
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .lib.calpoly.edu
+		- polycat.lib.calpoly.edu
+		- hcsportal.studaff.calpoly.edu
+		- tickets.calpoly.edu
+
+
+	Mixed content:
+
+		- css, on:
+
+			- admissions from webresource.its.calpoly.edu *
+			- (www.)?academicsenate, (www.)?cla, www.cosam, (www.)?ir, (www.)?polycard from $self
+			- lib from fonts.googleapis.com *
+			- polycat.lib from lib.calpoly.edu *
+
+		- Images, on:
+
+			- (www.)?academicsenate, (www.)?cla, www.cosam, (www.)?ir, (www.)?polycard from $self
+			- admissions from webresource.its.calpoly.edu *
+			- servicedesk from www.calpoly.edu
 
 -->
-<ruleset name="California Polytechnic State University (partial)">
-
-	<target host="*.calpoly.edu" />
-		<exclusion pattern="^http://[\w-]+\.wcms\.calpoly\.edu/(?!sites/)" />
-
-
-	<securecookie host="^(?:my|myportal|xerxes)\.calpoly\.edu$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?(academic-personnel|aged|alumni|careerservices|drupal|hcs|housing(?:-test)?|ipa|polycard|polydata|registrar|servicedesk|soe|studentaffairs)\.calpoly\.edu/sites/"
-		to="https://$1.wcms.calpoly.edu/sites/" />
-
-	<rule from="^http://(webresource\.its|(?:www\.)?lib|hagrid\.libart|myportal|[\w-]+\.wcms|xerxes)\.calpoly\.edu/"
+<ruleset name="Cal Poly.edu (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<!--target host="admissions.calpoly.edu" /-->
+	<target host="afd.calpoly.edu" />
+	<target host="www.afd.calpoly.edu" />
+	<target host="webresource.its.calpoly.edu" />
+	<target host="lib.calpoly.edu" />
+	<!--target host="polycat.lib.calpoly.edu" /-->
+	<target host="hagrid.libart.calpoly.edu" />
+	<target host="my.calpoly.edu" />
+	<target host="myportal.calpoly.edu" />
+	<target host="polylearn.calpoly.edu" />
+	<target host="hcsportal.studaff.calpoly.edu" />
+	<target host="tickets.calpoly.edu" />
+	<target host="xerxes.calpoly.edu" />
+
+	<!--	Complications:
+				-->
+	<target host="www.lib.calpoly.edu" />
+	<target host="www.my.calpoly.edu" />
+	<target host="www.tickets.calpoly.edu" />
+
+		<test url="http://webresource.its.calpoly.edu/cpwebtemplate/5.0.0/common/css/cp_screen.min.css" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.lib\.calpoly\.edu$" name="^(?:III_EXPT_FILE|SESSION_ID|SESSION_LANGUAGE)$" /-->
+	<!--securecookie host="^polycat\.lib\.calpoly\.edu$" name="^SESSION_SCOPE$" /-->
+	<!--securecookie host="^hcsportal\.studaff\.calpoly\.edu$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^tickets\.calpoly\.edu$" name="^(?:ASPSESSIONID[\A-Z]{8}|AV-Cookie|TS[\da-f]{8}|b+|f5_cspm)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://www\.(lib|my|tickets)\.calpoly\.edu/"
 		to="https://$1.calpoly.edu/" />
 
-	<rule from="^http://(?:www\.)?(my|wireless)\.calpoly\.edu/"
-		to="https://$1.calpoly.edu/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/California_Polytechnic_State_University_Ponoma.xml b/src/chrome/content/rules/California_Polytechnic_State_University_Ponoma.xml
deleted file mode 100644
index da6da63e2ffd..000000000000
--- a/src/chrome/content/rules/California_Polytechnic_State_University_Ponoma.xml
+++ /dev/null
@@ -1,38 +0,0 @@
-<!--
-	Problematic subdomains:
-
-		- www.dsa	(cert only matches ^dsa)
-
-
-	Fully covered subdomains:
-
-		- autodiscover
-		- bbcollab
-		- blackboard
-		- broncodirect.cms
-		- (www.)dsa		(www → ^)
-		- exchange
-		- housing
-		- ehelp.wiki
-		- www
-
-
-	^csupomona.edu doesn't exist
-
--->
-<ruleset name="California Polytechnic State University, Ponoma (partial)">
-
-	<target host="*.csupomona.edu" />
-
-
-	<securecookie host="^(?:bbcollab|blackboard|broncodirect\.cms|dsa|housing|ehelp\.wiki)\.csupomona\.edu$" name=".+" />
-	<!--securecookie host="^\.cms\.csupomona\.edu$" name=".+" /-->
-
-
-	<rule from="^http://(autodiscover|bbcollab|blackboard|broncodirect\.cms|ehousing|exchange|ehelp\.wiki|www)\.csupomona\.edu/"
-		to="https://$1.csupomona.edu/" />
-
-	<rule from="^http://(?:www\.)?dsa\.csupomona\.edu/"
-		to="https://dsa.csupomona.edu/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/California_Sunday.com.xml b/src/chrome/content/rules/California_Sunday.com.xml
new file mode 100644
index 000000000000..5d4fa70cdb62
--- /dev/null
+++ b/src/chrome/content/rules/California_Sunday.com.xml
@@ -0,0 +1,20 @@
+<!--
+	The California Sunday Magazine
+
+
+	Fully covered subdomains:
+
+		- (www.)?
+		- stories
+
+-->
+<ruleset name="California Sunday.com">
+
+	<target host="californiasunday.com" />
+	<target host="stories.californiasunday.com" />
+	<target host="www.californiasunday.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/California_United_Bank.xml b/src/chrome/content/rules/California_United_Bank.xml
index 6e0af0d1f6d7..63903a6a3793 100644
--- a/src/chrome/content/rules/California_United_Bank.xml
+++ b/src/chrome/content/rules/California_United_Bank.xml
@@ -1,26 +1,32 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cunb.com/ => https://cunb.com/: (51, "SSL: no alternative certificate subject name matches target host name 'cunb.com'")
+Fetch error: http://pcboc.com/ => https://pcboc.com/: (7, 'Failed to connect to pcboc.com port 443: Connection refused')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://pcboc.com/ => https://pcboc.com/: (51, "SSL: no alternative certificate subject name matches target host name 'pcboc.com'")
 	Problematic domains:
 
-		- www.pcboc.com		(mismatched, CN: 
+		- www.pcboc.com		(mismatched, CN:
 
 -->
-<ruleset name="California United Bank">
+<ruleset name="California United Bank" default_off="failed ruleset test">
 
 	<target host="californiaunitedbank.com" />
-	<target host="*.californiaunitedbank.com" />
+	<target host="www.californiaunitedbank.com" />
 	<target host="cunb.com" />
-	<target host="*.cunb.com" />
+	<target host="www.cunb.com" />
 	<target host="pcboc.com" />
-	<target host="*.pcboc.com" />
+	<target host="www.pcboc.com" />
 
 
 	<securecookie host="^(?:w*\.)?(?:californiaunitedbank|cunb|pcboc)\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?c(aliforniaunitedbank|unb)\.com/"
-		to="https://$1c$2.com/" />
 
 	<rule from="^http://(?:www\.)?pcboc\.com/"
 		to="https://pcboc.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Calispora.xml b/src/chrome/content/rules/Calispora.xml
deleted file mode 100644
index b66faee4b283..000000000000
--- a/src/chrome/content/rules/Calispora.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="Calispora">
-  <target host="calispora.org" />
-  <target host="www.calispora.org" />
-
-  <rule from="^http://(www\.)?calispora\.org/" to="https://calispora.org/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Caller.com.xml b/src/chrome/content/rules/Caller.com.xml
index d56a0a58a86e..b59a805c8d41 100644
--- a/src/chrome/content/rules/Caller.com.xml
+++ b/src/chrome/content/rules/Caller.com.xml
@@ -57,21 +57,10 @@
 	<securecookie host="^(?:login)?\.caller\.com$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?caller\.com/"
+	<rule from="^http://caller\.com/"
 		to="https://www.caller.com/" />
 
-	<!--	Server drops path:
-					-->
-	<rule from="^http://jobs\.caller\.com/.*"
-		to="https://www.caller.com/hotjobs" />
+	<rule from="^http:"
+		to="https:" />
 
-	<rule from="^http://login\.caller\.com/"
-		to="https://login.caller.com/" />
-
-	<rule from="^http://media\.caller\.com/"
-		to="https://a248.e.akamai.net/f/1263/6469/4m/media.caller.com/" />
-
-	<rule from="^http://web\.caller\.com/"
-		to="https://a248.e.akamai.net/f/1672/4197/3m/web.caller.com/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Calligra.org.xml b/src/chrome/content/rules/Calligra.org.xml
new file mode 100644
index 000000000000..b5a14499c4d7
--- /dev/null
+++ b/src/chrome/content/rules/Calligra.org.xml
@@ -0,0 +1,16 @@
+<!--
+	For other KDE coverage, see KDE.xml.
+
+-->
+<ruleset name="Calligra.org">
+
+	<target host="calligra.org" />
+	<target host="www.calligra.org" />
+	<target host="calligra-suite.org" />
+	<target host="www.calligra-suite.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CallingChristians.com.xml b/src/chrome/content/rules/CallingChristians.com.xml
new file mode 100644
index 000000000000..d8f42921ddef
--- /dev/null
+++ b/src/chrome/content/rules/CallingChristians.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="CallingChristians.com">
+	<target host="callingchristians.com" />
+	<target host="www.callingchristians.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Calomel.org.xml b/src/chrome/content/rules/Calomel.org.xml
deleted file mode 100644
index 45901a30d993..000000000000
--- a/src/chrome/content/rules/Calomel.org.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="Calomel.org">
-
-	<target host="calomel.org" />
-	<target host="www.calomel.org" />
-
-
-	<rule from="^http://(www\.)?calomel\.org/"
-		to="https://$1calomel.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Caltech-mismatches.xml b/src/chrome/content/rules/Caltech-mismatches.xml
index 266067ceaa58..3807b3d64bba 100644
--- a/src/chrome/content/rules/Caltech-mismatches.xml
+++ b/src/chrome/content/rules/Caltech-mismatches.xml
@@ -4,36 +4,15 @@
 -->
 <ruleset name="Caltech (mismatches)" default_off="mismatched, self-signed">
 
-	<target host="caltech.edu" />
-	<!--
-		Self-signed
-				-->
 	<target host="cliara.caltech.edu" />
 	<target host="dabney.caltech.edu" />
 	<target host="courses.hss.caltech.edu" />
-	<!--
-		CN: cliara.caltech.edu
-					-->
-	<target host="imss.caltech.edu"/>
-	<!--
-		* for cross-domain cookie
-				-->
-	<target host="*.imss.caltech.edu"/>
-	<!--
-		CN: ditto
-				-->
-	<target host="www.caltech.edu"/>
 
 
-	<securecookie host="^(?:.*\.)?imss\.caltech\.edu$" name=".+" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<!--	!www shows ICT page
-					-->
-	<rule from="^http://caltech\.edu/"
-		to="https://www.caltech.edu/" />
-
-	<rule from="^http://(?:(cliara|courses\.hss|dabney|www)|(?:www\.)?(imss))\.caltech\.edu/"
-		to="https://$1$2.caltech.edu/"/>
+	<rule from="^http:"
+		to="https:"/>
 
 </ruleset>
diff --git a/src/chrome/content/rules/Caltech.edu.xml b/src/chrome/content/rules/Caltech.edu.xml
new file mode 100644
index 000000000000..72c0b28b5c27
--- /dev/null
+++ b/src/chrome/content/rules/Caltech.edu.xml
@@ -0,0 +1,149 @@
+<!--
+	For problematic rules, see Caltech-mismatches.xml.
+
+
+	CDN buckets:
+
+		- s3.amazonaws.com/cit/
+		- s3.amazonaws.com/imss-test/
+		- s3.amazonaws.com/imss-test-storage.ads.caltech.edu/
+		- s3-us-west-1.amazonaws.com/imss-website-storage.cloud.caltech.edu/
+		- s3.amazonaws.com/www-prod-storage.cloud.caltech.edu/
+		- caltech-imss-website-v3-storage.s3.amazonaws.com
+
+
+	Nonfunctional subdomains:
+
+		- www.cacr *
+		- forms ⁷
+		- www.gg ¹
+		- web.gps ⁷
+		- (www.)herschel ¹
+
+		- (www.)ipac ²
+		- conference.ipac ²
+		- nedbatch.ipac ¹
+		- neocam.ipac		(rx_record_too_long)
+
+		- kiss
+		- www.ligo
+		- nexsci ²
+		- www.nustar		(CN: bragi, 403)
+		- sherpa ¹
+		- (www.)spitzer		(self-signed; shows RHEL test page)
+		- wise.ssl ⁶
+		- workshop ⁷
+
+	* Redirects to http/404
+	¹ Refused
+	² Plaintext reply
+	⁶ Shows ds9.ssl
+	⁷ Dropped
+
+
+	Problematic subdomains:
+
+		- www.access ᵐ
+		- blackboard ⁴
+		- cliara	(self-signed)
+		- course        (cert-chain)
+		- dabney	(ditto)
+		- (www.)galex ³
+		- courses.hss	(self-signed)
+		- irsecure ᵐ
+		- moodle        (cert-chain)
+		- ds9.ssl ³
+
+	⁴ 404, preemptable redirect
+	¹ Shows web; mismatched, CN: web.caltech.edu
+	³ Expired, self-signed
+	ᵐ Mismatched
+
+
+	These altnames don't exist:
+
+		- www.web.caltech.edu
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- mail.alumni.caltech.edu
+		- courses.caltech.edu
+		- m.gps.caltech.edu
+		- www.gps.caltech.edu
+		- koa.ipac.caltech.edu
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- odb.acs, www.cco, web from www.its.caltech.edu ˢ
+			- (www.)?imss from caltech-imss-website-v3-storage.s3.amazonaws.com ˢ
+			- www.its.caltech.edu from $self ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Caltech.edu (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="caltech.edu" />
+	<target host="access.caltech.edu" />
+	<target host="odb.acs.caltech.edu" />
+	<target host="admissions.caltech.edu" />
+	<target host="www.admissions.caltech.edu" />
+	<target host="mail.alumni.caltech.edu" />
+	<target host="benefits.caltech.edu" />
+	<target host="www.benefits.caltech.edu" />
+	<target host="www.cco.caltech.edu" />
+	<target host="gps.caltech.edu" />
+	<target host="www.gps.caltech.edu" />
+	<target host="help.caltech.edu" />
+	<target host="hr.caltech.edu" />
+	<target host="www.hr.caltech.edu" />
+	<target host="imss.caltech.edu" />
+	<target host="www.imss.caltech.edu" />
+
+	<target host="irsa.ipac.caltech.edu" />
+	<target host="koa.ipac.caltech.edu" />
+	<target host="ned.ipac.caltech.edu" />
+
+	<target host="www.its.caltech.edu" />
+	<target host="webmail.caltech.edu" />
+	<target host="www.caltech.edu" />
+
+	<!--	Complications:
+				-->
+	<target host="www.access.caltech.edu" />
+	<target host="blackboard.caltech.edu" />
+	<target host="irsecure.caltech.edu" />
+
+	<securecookie host=".\.caltech\.edu$" name=".+" />
+
+	<!--	Ditto.
+			-->
+	<rule from="^http://www\.access\.caltech\.edu/"
+		to="https://access.caltech.edu/" />
+
+	<!--	Redirect drops all:
+					-->
+	<rule from="^http://blackboard\.caltech\.edu/.*"
+		to="https://caltech-sp.blackboard.com/eaccounts" />
+
+		<test url="http://blackboard.caltech.edu/home.htm" />
+
+	<!--	Redirect drops all:
+					-->
+	<rule from="^http://irsecure\.caltech\.edu/.*"
+		to="https://securelb.imodules.com/s/1709/devassoc/index.aspx?sid=1709&amp;gid=3&amp;pgid=498" />
+
+		<test url="http://irsecure.caltech.edu/home.htm" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Caltech.xml b/src/chrome/content/rules/Caltech.xml
deleted file mode 100644
index 1970d2ccba74..000000000000
--- a/src/chrome/content/rules/Caltech.xml
+++ /dev/null
@@ -1,111 +0,0 @@
-<!--
-	For problematic rules, see Caltech-mismatches.xml.
-
-
-	CDN buckets:
-
-		- s3.amazonaws.com/cit/
-		- s3.amazonaws.com/imss-test/
-		- s3.amazonaws.com/imss-test-storage.ads.caltech.edu/
-		- s3-us-west-1.amazonaws.com/imss-website-storage.cloud.caltech.edu/
-		- s3.amazonaws.com/www-prod-storage.cloud.caltech.edu/
-
-
-	Nonfunctional subdomains:
-
-		- ^			(shows ICT page)
-		- neocam.ipac		(rx_record_too_long)
-		- kiss
-		- www.ligo
-		- www.nustar		(CN: bragi, 403)
-		- (www.)spitzer		(self-signed; shows RHEL test page)
-
-
-	Problematic subdomains:
-
-		- ^
-		- cliara	(self-signed)
-		- dabney	(ditto)
-		- gps		(cert only matches www.gps)
-		- courses.hss	(self-signed)
-		- imss		(CN: cliara.caltech.edu)
-		- www.imss
-		- www		(CN: cliara.caltech.edu)
-
-
-	Partially covered subdomains:
-
-		- (www.)gps	(^ → www, at least some pages redirect to http)
-
-
-	Fully covered subdomains:
-
-		- access *
-		- www.access **
-		- mail.alumni
-		- business-query ***
-		- imss-website-storage.cloud
-		- courses *
-		- irsecure ****
-		- its **
-		- utils.its
-		- www.its *****
-		- moodle **
-		- nassau ***
-		- pcard ***
-		- scriptor ***
-		- techne1 ***
-		- x-tmt-web1.tmt
-		- tqfr *
-		- web **
-		- webmail
-		- webvpn
-
-	* Normally https only, protect against SSL stripping
-	** Redirectors
-	*** XXX: These sites are only for faculty and/or staff. See System Status on www.imss.caltech.edu.
-		Some may require Internet Explorer, so this list may not be useful.
-		The following need to be investigated: outlookweb, kronos, kronoslimited, fiji, jobs
-	**** Mixed content from www.alumni.caltech.edu
-	***** Supports https but doesn't use it by default. Some pages weren't
-	      designed w/ https in mind and have insecure third-party content.
-
--->
-<ruleset name="Caltech">
-
-	<target host="www-prod-storage.cloud.caltech.edu.s3.amazonaws.com" />
-	<target host="*.caltech.edu" />
-		<exclusion pattern="^https?://(?:www\.)?gps\.caltech\.edu/(?!pics/|stylesheets/|uploads/)" />
-	<!--target host="solutions.sciquest.com" /> safe? -->
-
-
-	<securecookie host="^.+\.caltech\.edu$" name=".+" />
-
-
-	<!--	Handily, this bucket forces redirect from s3.amazonaws.com/foo to foo.s3.amazonaws.com.
-										-->
-	<rule from="^https?://www-prod-storage.cloud.caltech.edu.s3.amazonaws.com/"
-		to="https://s3-us-west-1.amazonaws.com/www-prod-storage.cloud.caltech.edu/" />
-
-	<rule from="^http://(?:www\.)?access\.caltech\.edu/"
-		to="https://access.caltech.edu/" />
-
-	<rule from="^http://(mail\.alumni|insecure|utils\.its|pcard|scriptor|techne1|x-tmt-web1\.tmt|tqfr|web|webmail|webvpn)\.caltech\.edu/"
-		to="https://$1.caltech.edu/" />
-
-	<rule from="^http://business-query\.caltech\.edu:8181/"
-		to="https://business-query.caltech.edu:8181/" />
-
-	<rule from="^https?://imss-website-storage\.cloud\.caltech\.edu/"
-		to="https://s3-us-west-1.amazonaws.com/imss-website-storage.cloud.caltech.edu/" />
-
-	<rule from="^http://(?:courses|moodle)\.caltech\.edu/"
-		to="https://courses.caltech.edu/" />
-
-	<rule from="^http://(?:www\.)?(gp|it)s\.caltech\.edu/"
-		to="https://www.$1s.caltech.edu/" />
-
-	<rule from="^http://nassau\.caltech\.edu:4444/"
-		to="https://nassau.caltech.edu:4444/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Calum.xml b/src/chrome/content/rules/Calum.xml
index 29e2695521bd..87d0f5037a51 100644
--- a/src/chrome/content/rules/Calum.xml
+++ b/src/chrome/content/rules/Calum.xml
@@ -1,8 +1,20 @@
-<ruleset name="Calum">
-  <target host="calum.org" />
-  <target host="www.calum.org" />
+<!--
+	These altnames don't exist:
 
-  <securecookie host="^(.+\.)?calum\.org$" name=".*"/>
+		- www.calum.org
+
+-->
+<ruleset name="Calum.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="calum.org" />
+
+
+	<securecookie host="^calum\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
-  <rule from="^http://(?:www\.)?calum\.org/" to="https://calum.org/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/Calvin_College.xml b/src/chrome/content/rules/Calvin_College.xml
index d7f75adb646a..fdd09c10c424 100644
--- a/src/chrome/content/rules/Calvin_College.xml
+++ b/src/chrome/content/rules/Calvin_College.xml
@@ -6,7 +6,6 @@
 	<securecookie host="^ulysses\.calvin\.edu$" name=".+" />
 
 
-	<rule from="^http://ulysses\.calvin\.edu/"
-		to="https://ulysses.calvin.edu/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Calyx-Institute.xml b/src/chrome/content/rules/Calyx-Institute.xml
deleted file mode 100644
index 3f86aee04721..000000000000
--- a/src/chrome/content/rules/Calyx-Institute.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<ruleset name="Calyx Institute">
-
-	<target host="calyxinstitute.org"/>
-	<target host="*.calyxinstitute.org"/>
-
-	<securecookie host="^(.*\.)?calyxinstitute\.org$" name=".*"/>
-
-	<rule from="^http://(?:www\.)?calyxinstitute\.org/"
-		to="https://www.calyxinstitute.org/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Calyx.net.xml b/src/chrome/content/rules/Calyx.net.xml
new file mode 100644
index 000000000000..3c1a24129e22
--- /dev/null
+++ b/src/chrome/content/rules/Calyx.net.xml
@@ -0,0 +1,22 @@
+<!--
+	www: cert only matches ^calyx.net
+
+-->
+<ruleset name="calyx.net">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="calyx.net" />
+
+	<!--	Complications:
+				-->
+	<target host="www.calyx.net" />
+
+
+	<rule from="^http://www\.calyx\.net/"
+		to="https://calyx.net/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CalyxInstitute.xml b/src/chrome/content/rules/CalyxInstitute.xml
new file mode 100644
index 000000000000..4f54c3e3e356
--- /dev/null
+++ b/src/chrome/content/rules/CalyxInstitute.xml
@@ -0,0 +1,14 @@
+<!--
+	Expired:
+		- tor
+-->
+
+<ruleset name="CalyxInstitute.org">
+	<target host="calyxinstitute.org" />
+	<target host="www.calyxinstitute.org" />
+	<target host="vanunu.calyxinstitute.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Cam.ac.uk-problematic.xml b/src/chrome/content/rules/Cam.ac.uk-problematic.xml
deleted file mode 100644
index c858174e8710..000000000000
--- a/src/chrome/content/rules/Cam.ac.uk-problematic.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	For rules that are on by default, see University-of-Cambridge.xml.
-
--->
-<ruleset name="Cam.ac.uk (mismatched)" default_off="mismatched">
-
-	<target host="www.*.cam.ac.uk" />
-
-
-	<securecookie host="^www\.(?:jobs|philanthropy)\.cam\.ac\.uk$" name=".+" />
-
-
-	<rule from="^http://www\.(jobs|philanthropy)\.cam\.ac\.uk/"
-		to="https://www.$1.cam.ac.uk/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Camaya.net.xml b/src/chrome/content/rules/Camaya.net.xml
deleted file mode 100644
index 805d7cf412cb..000000000000
--- a/src/chrome/content/rules/Camaya.net.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	Cert only matches ^camaya.net
-
--->
-<ruleset name="camaya.net" platform="cacert">
-
-	<target host="camaya.net" />
-	<target host="www.camaya.net" />
-
-
-	<securecookie host="^camaya\.net$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?camaya\.net/"
-		to="https://camaya.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Cambey-and-West.xml b/src/chrome/content/rules/Cambey-and-West.xml
index 702e2d26bd2d..006b77ad87ae 100644
--- a/src/chrome/content/rules/Cambey-and-West.xml
+++ b/src/chrome/content/rules/Cambey-and-West.xml
@@ -1,11 +1,54 @@
-<ruleset name="Cambey &amp; West (partial)">
+<!--
+	Cambey & West
 
-	<target host="cambeywest.com"/>
-	<target host="www.cambeywest.com"/>
 
-	<securecookie host="^(www\.)?cambeywest\.com$" name=".*"/>
+	Nonfunctional hosts in *cambeywest.com:
 
-	<rule from="^http://(www\.)?cambeywest\.com/"
-		to="https://$1cambeywest.com/"/>
+		- ful *
+
+	* Handshake fails
+
+
+	Insecure cookies are set for these hosts:
+
+		- cambeywest.com
+		- www.cambeywest.com
+
+-->
+<ruleset name="Cambey West.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="cambeywest.com" />
+	<target host="www.cambeywest.com" />
+
+	<!--	Complications:
+				-->
+	<target host="ful.cambeywest.com" />
+
+		<!--	All other paths are untested:
+							-->
+		<exclusion pattern="^http://ful\.cambeywest\.com/+(?!$|cwwweb/$)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://ful.cambeywest.com/index" />
+			<test url="http://ful.cambeywest.com/index.asp" />
+			<test url="http://ful.cambeywest.com/index.htm" />
+			<test url="http://ful.cambeywest.com/index.php" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?cambeywest\.com$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://ful\.cambeywest\.com/(?:cwweb)?$"
+		to="https://www.cambeywest.com/cwweb/" />
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Cambodia_Daily.com.xml b/src/chrome/content/rules/Cambodia_Daily.com.xml
new file mode 100644
index 000000000000..81e4900eb83f
--- /dev/null
+++ b/src/chrome/content/rules/Cambodia_Daily.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- cambodiadaily.com
+		- www.cambodiadaily.com
+
+-->
+<ruleset name="Cambodia Daily.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="cambodiadaily.com" />
+	<target host="www.cambodiadaily.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?cambodiadaily\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^(?:www\.)?cambodiadaily\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cambridge-Journals.xml b/src/chrome/content/rules/Cambridge-Journals.xml
deleted file mode 100644
index acc6d8f63bdf..000000000000
--- a/src/chrome/content/rules/Cambridge-Journals.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="Cambridge Journals" platform="mixedcontent">
-
-	<target host="journals.cambridge.org"/>
-
-	<securecookie host="^journals\.cambridge\.org$" name=".*"/>
-
-	<rule from="^http://journals\.cambridge\.org/"
-		to="https://journals.cambridge.org/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Cambridge-University-Press.xml b/src/chrome/content/rules/Cambridge-University-Press.xml
index 123946b40158..637e28ef76d3 100644
--- a/src/chrome/content/rules/Cambridge-University-Press.xml
+++ b/src/chrome/content/rules/Cambridge-University-Press.xml
@@ -1,28 +1,33 @@
 <!--
-	Nonfunctional subdomains:
+	Cambridge University Press
 
-		- education	(times out)
+	Non-functional hosts
+		Couldn't connect to server:
+		- mobile.journals.cambridge.org
 
+		Timeout was reached:
+		- cambridge.org
 
-	dictionaryblog.cambridge.org is handled in WordPress-blogs.xml.
+		SSL peer certificate was not OK:
+		- athens.cambridge.org
 
+		Redirect to HTTP:
+		- education.cambridge.org
 -->
 <ruleset name="Cambridge University Press (partial)">
-
 	<target host="cambridge.org" />
-	<target host="*.cambridge.org" />
-
-
-	<securecookie host="^(?:assets|dictionary)\.cambridge\.org$" name=".*" />
-
-
-	<!--	- Cert only matches www
-		- At least some pages redirect to www
-					-->
-	<rule from="^https?://(?:www\.)?cambridge\.org/((?:generated|other)_files/|login(?:$|[/\?]))"
-		to="https://www.cambridge.org/$1" />
-
-	<rule from="^http://(assets|dictionary)\.cambridge\.org/"
-		to="https://$1.cambridge.org/" />
-
+	<target host="www.cambridge.org" />
+	<target host="assets.cambridge.org" />
+	<target host="dictionary.cambridge.org" />
+	<target host="dictionary-api.cambridge.org" />
+	<target host="dictionaryblog.cambridge.org" />
+	<target host="ebooks.cambridge.org" />
+	<target host="journals.cambridge.org" />
+	<target host="shibboleth.cambridge.org" />
+	<target host="stahlonline.cambridge.org" />
+
+	<rule from="^http://cambridge\.org/"
+		to="https://www.cambridge.org/" />
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/CambridgeSoft.com.xml b/src/chrome/content/rules/CambridgeSoft.com.xml
new file mode 100644
index 000000000000..caeccf807afc
--- /dev/null
+++ b/src/chrome/content/rules/CambridgeSoft.com.xml
@@ -0,0 +1,23 @@
+<!--
+
+	Nonfunctional domains:
+
+		blog.cambridgesoft.com			(mismatched)
+		insideinformatics.cambridgesoft.com	(mismatched)
+		knowledgebase.cambridgesoft.com		(timeout)
+		media.cambridgesoft.com			(mismatched)
+		sitelicense.cambridgesoft.com		(mismatched)
+
+-->
+
+<ruleset name="CambridgeSoft.com (partial)">
+
+	<target host="cambridgesoft.com" />
+	<target host="www.cambridgesoft.com" />
+	<target host="chembiofinder.cambridgesoft.com" />
+	<target host="scistore.cambridgesoft.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cambridgeincolour.com.xml b/src/chrome/content/rules/Cambridgeincolour.com.xml
new file mode 100644
index 000000000000..046ce63bc2f5
--- /dev/null
+++ b/src/chrome/content/rules/Cambridgeincolour.com.xml
@@ -0,0 +1,10 @@
+<!--
+	backup.cambridgeincolour.com (mismatch)
+-->
+<ruleset name="Cambridgeincolour.com">
+	<target host="cambridgeincolour.com" />
+	<target host="www.cambridgeincolour.com" />
+	<target host="cdn.cambridgeincolour.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CambridgeshireConstabulary.xml b/src/chrome/content/rules/CambridgeshireConstabulary.xml
new file mode 100644
index 000000000000..3d4b7bf13fb8
--- /dev/null
+++ b/src/chrome/content/rules/CambridgeshireConstabulary.xml
@@ -0,0 +1,9 @@
+<!--
+	^cambs.police.uk doesn't exist.
+
+-->
+<ruleset name="Cambridgeshire Constabulary">
+  <target host="www.cambs.police.uk" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Camden.gov.uk-falsemixed.xml b/src/chrome/content/rules/Camden.gov.uk-falsemixed.xml
new file mode 100644
index 000000000000..e4f55c3ad54b
--- /dev/null
+++ b/src/chrome/content/rules/Camden.gov.uk-falsemixed.xml
@@ -0,0 +1,21 @@
+<!--
+	For rules not causing false/broken MCB, see Camden.gov.uk.xml.
+
+-->
+<ruleset name="Camden.gov.uk (false MCB)" platform="mixedcontent">
+
+	<target host="www3.camden.gov.uk" />
+
+		<!--	Mixed css:
+					-->
+		<!--test url="http://www3.camden.gov.uk/100in100/" /-->
+
+
+	<securecookie host="^\." name="_gat$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Camden.gov.uk.xml b/src/chrome/content/rules/Camden.gov.uk.xml
new file mode 100644
index 000000000000..1f9204be4c21
--- /dev/null
+++ b/src/chrome/content/rules/Camden.gov.uk.xml
@@ -0,0 +1,109 @@
+<!--
+	London borough of Camden
+
+	For rules causing false/broken MCB, see Camden.gov.uk.xml.
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *camden.gov.uk:
+
+		- adlib ³
+		- aphr.gslb
+		- camdencarechoices ᵃ
+		- camdendataadmin *
+		- camdocs ʳ
+		- childcaresearch ʳ
+		- cindex *
+		- democracy ³
+		- gis ³
+		- (www.)?lessonstudy ᵇ
+		- (www.)?localoffer *
+		- maps ³
+		- schoolsearch ʳ
+		- beta.sharingbestpractice ᵃ
+		- whatson ʳ
+
+	* Redirects to another domain
+	³ 503
+	ᵃ Shows another domain
+	ᵇ Shows default page
+	ʳ Refused
+
+
+	Problematic hosts in *camden.gov.uk:
+
+		- business ᶜ
+		- beta.maps ᵐ
+		- news ᵐ ˣ
+		- www3 ˣ
+
+	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
+	ᵐ Mismatched
+	ˣ Mixed css
+
+
+	Insecure cookies are set for these hosts:
+
+		- camden.gov.uk
+		- camdenactive.camden.gov.uk
+		- news.camden.gov.uk
+		- schoolsupportservices.camden.gov.uk
+		- permits.camden.gov.uk
+		- www.camden.gov.uk
+
+
+	Mixed content:
+
+		- css, on:
+
+			- beta.maps maxcdn.bootstrapcdn.com ˢ
+			- beta.maps cdnjs.cloudflare.com ˢ
+			- news from fonts.googleapis.com ˢ
+			- news from presspage-production-content.s3.amazonaws.com
+			- www3 from $self ˢ
+
+		- Images, on:
+
+			- news from ^camden.gov.uk ˢ
+			- www3 from $self ˢ
+
+		- favicon on www3 from www.camden.gov.uk ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="Camden.gov.uk (partial)">
+
+	<target host="camden.gov.uk" />
+	<!--target host="business.camden.gov.uk" /-->
+	<target host="camdenactive.camden.gov.uk" />
+	<target host="contact.camden.gov.uk" />
+	<target host="forms.camden.gov.uk" />
+	<target host="opendata.camden.gov.uk" />
+	<target host="payments.camden.gov.uk" />
+	<target host="permits.camden.gov.uk" />
+	<target host="schoolsupportservices.camden.gov.uk" />
+	<target host="www.camden.gov.uk" />
+	<!--target host="www3.camden.gov.uk" /-->
+
+		<!--	Mixed css:
+					-->
+		<!--test url="http://www3.camden.gov.uk/100in100/" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?camden\.gov\.uk$" name="^ad_path$" /-->
+	<!--securecookie host="^(?:camdenactive|schoolsupportservices)\.camden\.gov\.uk$" name="^(?:ASP\.NET_SessionId|rtCookiePrivacySetting)$" /-->
+	<!--securecookie host="^news\.camden\.gov\.uk$" name="^PPSESSION$" /-->
+	<!--securecookie host="^permits\.camden\.gov\.uk$" name="^(?:\.ASPXANONYMOUS|ASP\.NET_SessionId)$" /-->
+
+	<securecookie host="^\." name="_gat$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CamelCamelCamel.com.xml b/src/chrome/content/rules/CamelCamelCamel.com.xml
new file mode 100644
index 000000000000..fa58d3a13151
--- /dev/null
+++ b/src/chrome/content/rules/CamelCamelCamel.com.xml
@@ -0,0 +1,40 @@
+<!--
+	Expired:
+		- camel
+
+	Connection timed out
+		- s3.camel
+		- charts-dev
+		- charts-dev2
+		- secondary
+
+	Connection refused:
+		- squirt
+
+	Mismatched:
+		- asia-s3
+		- cf
+		- i
+		- s3
+		- terminus
+		- uk-s3
+-->
+<ruleset name="CamelCamelCamel.com">
+	<target host="camelcamelcamel.com" />
+	<target host="www.camelcamelcamel.com" />
+	<target host="au.camelcamelcamel.com" />
+	<target host="blog.camelcamelcamel.com" />
+	<target host="ca.camelcamelcamel.com" />
+	<target host="charts.camelcamelcamel.com" />
+	<target host="cn.camelcamelcamel.com" />
+	<target host="de.camelcamelcamel.com" />
+	<target host="es.camelcamelcamel.com" />
+	<target host="fr.camelcamelcamel.com" />
+	<target host="it.camelcamelcamel.com" />
+	<target host="jp.camelcamelcamel.com" />
+	<target host="secure.camelcamelcamel.com" />
+	<target host="uk.camelcamelcamel.com" />
+	<target host="us.camelcamelcamel.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CamelHost.net.xml b/src/chrome/content/rules/CamelHost.net.xml
index d724b74304b7..c655cd9b774d 100644
--- a/src/chrome/content/rules/CamelHost.net.xml
+++ b/src/chrome/content/rules/CamelHost.net.xml
@@ -1,15 +1,18 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://billing.camelhost.net/ => https://billing.camelhost.net/: (51, "SSL: no alternative certificate subject name matches target host name 'billing.camelhost.net'")
+
 	Nonfunctional subdomains:
 
 		- (www.)	(refused)
 
 -->
-<ruleset name="CamelHost.net (partial)">
+<ruleset name="CamelHost.net (partial)" default_off="failed ruleset test">
 
 	<target host="billing.camelhost.net" />
 
 
-	<rule from="^http://billing\.camelhost\.net/"
-		to="https://billing.camelhost.net/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Camelcamelcamel.xml b/src/chrome/content/rules/Camelcamelcamel.xml
deleted file mode 100644
index 36812f1e2f06..000000000000
--- a/src/chrome/content/rules/Camelcamelcamel.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	!functional:
-		- (www.)camelbuy.com		(timeout)
-		- (www.)camelcamelcamel.com	(ditto)
-		- blog.camelcamelcamel.com
-		- charts.camelcamelcamel.com	(timeout)
-		- (www.)camelcamper.com		(ditto)
-		- (www.)camelegg.com		(ditto)
-		- (www.)camelsounds.com		(ditto)
-		- (www.)cosmicshovel.com	(cert: gooroon.com; "MOD_PYTHON ERROR")
-		- forum.cosmicshovel.com	(cert: Pablo Picaso)
--->
-<ruleset name="camelcamelcamel (partial)">
-
-	<target host="s3.antimac.org"/>
-	<target host="s3.camelcamelcamel.com"/>
-
-	<rule from="^http://s3\.(antimac\.org|camelcamelcamel\.com)/"
-		to="https://s3.amazonaws.com/s3.$1/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Cameralabs.com.xml b/src/chrome/content/rules/Cameralabs.com.xml
new file mode 100644
index 000000000000..597c575edd38
--- /dev/null
+++ b/src/chrome/content/rules/Cameralabs.com.xml
@@ -0,0 +1,9 @@
+<!--
+	Mismatch: forum.cameralabs.com
+-->
+<ruleset name="Cameralabs.com">
+	<target host="cameralabs.com" />
+	<target host="www.cameralabs.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CampBX.com.xml b/src/chrome/content/rules/CampBX.com.xml
new file mode 100644
index 000000000000..66483bd84f00
--- /dev/null
+++ b/src/chrome/content/rules/CampBX.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .campbx.com
+
+-->
+<ruleset name="CampBX.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="campbx.com" />
+	<target host="www.campbx.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.campbx\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.campbx\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Camp_Staff_USA.xml b/src/chrome/content/rules/Camp_Staff_USA.xml
index 76c165196f28..e86851af9fea 100644
--- a/src/chrome/content/rules/Camp_Staff_USA.xml
+++ b/src/chrome/content/rules/Camp_Staff_USA.xml
@@ -7,19 +7,18 @@
 <ruleset name="Camp Staff USA">
 
 	<target host="campstaffusa.com" />
-	<target host="*.campstaffusa.com" />
+	<target host="www.campstaffusa.com" />
 	<target host="jorsika.com" />
-	<target host="*.jorsika.com" />
+	<target host="www.jorsika.com" />
 
 
 	<securecookie host="^\.campstaffusa\.com$" name=".+" />
 	<securecookie host="^\.?jorsika\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?campstaffusa.com/"
+	<rule from="^http://(?:www\.)?campstaffusa\.com/"
 		to="https://campstaffusa.com/" />
 
-	<rule from="^http://(www\.)?jorsika\.com/"
-		to="https://$1jorsika.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Campact.de.xml b/src/chrome/content/rules/Campact.de.xml
index fb95dbca5574..e5536c52d869 100644
--- a/src/chrome/content/rules/Campact.de.xml
+++ b/src/chrome/content/rules/Campact.de.xml
@@ -1,6 +1,29 @@
-<ruleset name="Campact.de">
- <target host="www.campact.de" />
- <target host="campact.de" />
+<!--
+	Nonfunctional subdomains:
+
+		- blog *
+
+	* Redirects to http
+
+
+	Fully covered subdomains:
+
+		- (www.)?
+		- auth
+
+
+	These altnames don't exist:
+
+		- m.campact.de
+
+-->
+<ruleset name="Campact.de (partial)">
+
+	<target host="campact.de" />
+	<target host="auth.campact.de" />
+	<target host="www.campact.de" />
+
+
+	<rule from="^http:" to="https:" />
 
- <rule from="^http://(www\.)?campact\.de/" to="https://www.campact.de/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/Campaigner.xml b/src/chrome/content/rules/Campaigner.xml
index a6cfc41a74e1..2899ee446ba0 100644
--- a/src/chrome/content/rules/Campaigner.xml
+++ b/src/chrome/content/rules/Campaigner.xml
@@ -41,7 +41,9 @@
 <ruleset name="Campaigner (partial)">
 
 	<target host="campaigner.com" />
-	<target host="*.campaigner.com" />
+	<target host="www.campaigner.com" />
+	<target host="media.campaigner.com" />
+	<target host="secure.campaigner.com" />
 
 
 	<securecookie host=".*\.campaigner\.com$" name=".+" />
@@ -50,7 +52,6 @@
 	<rule from="^http://(?:www\.)?campaigner\.com/"
 		to="https://www.campaigner.com/" />
 
-	<rule from="^http://(media|secure)\.campaigner\.com/"
-		to="https://$1.campaigner.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/CampaignerCRM.com.xml b/src/chrome/content/rules/CampaignerCRM.com.xml
index 9058681834c0..24b78e0b5d0a 100644
--- a/src/chrome/content/rules/CampaignerCRM.com.xml
+++ b/src/chrome/content/rules/CampaignerCRM.com.xml
@@ -1,4 +1,10 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://campaignercrm.com/ => https://www.campaignercrm.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://campaignercrm.com/ => https://www.campaignercrm.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 	For other j2 Global coverage, see J2global.com.xml.
 
 
@@ -25,10 +31,12 @@
 	² Unsecurable
 
 -->
-<ruleset name="CampaignerCRM.com">
+<ruleset name="CampaignerCRM.com" default_off="failed ruleset test">
 
 	<target host="campaignercrm.com" />
-	<target host="*.campaignercrm.com" />
+	<target host="www.campaignercrm.com" />
+	<target host="go.campaignercrm.com" />
+	<target host="home.campaignercrm.com" />
 
 
 	<securecookie host="^\.campaignercrm\.com$" name=".+" />
@@ -37,7 +45,6 @@
 	<rule from="^http://(?:www\.)?campaignercrm\.com/"
 		to="https://www.campaignercrm.com/" />
 
-	<rule from="^http://(go|home)\.campaignercrm\.com/"
-		to="https://$1.campaignercrm.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Campaignmonitor.com.xml b/src/chrome/content/rules/Campaignmonitor.com.xml
new file mode 100644
index 000000000000..98866b398822
--- /dev/null
+++ b/src/chrome/content/rules/Campaignmonitor.com.xml
@@ -0,0 +1,12 @@
+<!--i3. wrong redirect
+i1. wrong redirect-->
+<ruleset name="Campaignmonitor.com">
+	<target host="campaignmonitor.com" />
+	<target host="www.campaignmonitor.com" />
+	<target host="help.campaignmonitor.com" />
+	<target host="hello.campaignmonitor.com" />
+	<target host="status.campaignmonitor.com" />
+	<target host="templates.campaignmonitor.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CampfireUnion.com.xml b/src/chrome/content/rules/CampfireUnion.com.xml
new file mode 100644
index 000000000000..f4bf36fe72aa
--- /dev/null
+++ b/src/chrome/content/rules/CampfireUnion.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="CampfireUnion.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="campfireunion.com" />
+	<target host="www.campfireunion.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Campina-mismatches.xml b/src/chrome/content/rules/Campina-mismatches.xml
index e28f6a0763eb..48eaa930527a 100644
--- a/src/chrome/content/rules/Campina-mismatches.xml
+++ b/src/chrome/content/rules/Campina-mismatches.xml
@@ -22,7 +22,7 @@
 
 	<rule from="^http://campina\.(be|de|es|ru)/(error(%20pages/|page\.htm$)|images/errorpage/)" to="https://campina.$1/$2"/>
 
-	<rule from="^http://(www\.)?campina\.(be|de|es|ru)/" to="https://www.campina.$1/"/>	
+	<rule from="^http://(?:www\.)?campina\.(be|de|es|ru)/" to="https://www.campina.$1/"/>
 
 	<rule from="^http://(www\.)?compina(\.com|boerderijdag\.nl)/(error(%20pages/|page\.htm$)|images/errorpage/)" to="https://campina$1/$2"/>
 
@@ -32,8 +32,8 @@
 
 	<rule from="^http://(www\.)?mycampina\.com/" to="https://www.mycampina.com/"/>
 
-	<securecookie host="^(www\.)campina\.be$" name=".*"/>
-	<securecookie host="^www\.campina\.(de|es|ru)$" name=".*"/>
-	<securecookie host="^www\.(nl\.)?frieslandcampina\.com$" name=".*"/>
+	<securecookie host="^(?:www\.)campina\.be$" name=".+" />
+	<securecookie host="^www\.campina\.(?:de|es|ru)$" name=".+" />
+	<securecookie host="^www\.(?:nl\.)?frieslandcampina\.com$" name=".+" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Campina.xml b/src/chrome/content/rules/Campina.xml
index 9933de44a095..f1f229669bdd 100644
--- a/src/chrome/content/rules/Campina.xml
+++ b/src/chrome/content/rules/Campina.xml
@@ -1,6 +1,39 @@
-<!--	See Campina-mismatches.xml also
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.campinaopschool.nl/ => https://www.campinaopschool.nl/: (7, 'Failed to connect to www.campinaopschool.nl port 443: Connection timed out')
+Fetch error: http://connecthr.nl/ => https://www.connecthr.nl/: (51, "SSL: no alternative certificate subject name matches target host name 'www.connecthr.nl'")
+Fetch error: http://intern.connecthr.nl/ => https://intern.connecthr.nl/: (6, 'Could not resolve host: intern.connecthr.nl')
+Fetch error: http://www.connecthr.nl/ => https://www.connecthr.nl/: (51, "SSL: no alternative certificate subject name matches target host name 'www.connecthr.nl'")
+Fetch error: http://www.landliebe.de/ => https://landliebe.de/: (7, 'Failed to connect to landliebe.de port 443: Connection refused')
+Fetch error: http://mycampina.com/ => https://www.mycampina.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.mycampina.com'")
+Fetch error: http://edixml.mycampina.com/ => https://edixml.mycampina.com/: (51, "SSL: no alternative certificate subject name matches target host name 'edixml.mycampina.com'")
+Fetch error: http://www.mycampina.com/ => https://www.mycampina.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.mycampina.com'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://campinaopschool.nl/ => http://campinaopschool.nl/: (35, 'error:14092105:SSL routines:SSL3_GET_SERVER_HELLO:wrong cipher returned')
+Fetch error: http://www.campinaopschool.nl/ => https://www.campinaopschool.nl/: (35, 'error:14092105:SSL routines:SSL3_GET_SERVER_HELLO:wrong cipher returned')
+Fetch error: http://connecthr.nl/ => https://www.connecthr.nl/: (28, 'Connection timed out after 10001 milliseconds')
+Fetch error: http://intern.connecthr.nl/ => https://intern.connecthr.nl/: (28, 'Connection timed out after 10001 milliseconds')
+Fetch error: http://www.connecthr.nl/ => https://www.connecthr.nl/: (28, 'Connection timed out after 10000 milliseconds')
+Fetch error: http://melkweb.frieslandcampina.com/ => https://melkweb.frieslandcampina.com/: (35, 'error:14092105:SSL routines:SSL3_GET_SERVER_HELLO:wrong cipher returned')
+Fetch error: http://milchweb.frieslandcampina.com/ => https://milchweb.frieslandcampina.com/: (35, 'error:14092105:SSL routines:SSL3_GET_SERVER_HELLO:wrong cipher returned')
+Fetch error: http://melkweb.com/ => https://melkweb.frieslandcampina.com/: (35, 'error:14092105:SSL routines:SSL3_GET_SERVER_HELLO:wrong cipher returned')
+Fetch error: http://edixml.melkweb.com/ => https://edixml.melkweb.com/: (35, 'error:14092105:SSL routines:SSL3_GET_SERVER_HELLO:wrong cipher returned')
+Fetch error: http://www.melkweb.com/ => https://melkweb.frieslandcampina.com/: (35, 'error:14092105:SSL routines:SSL3_GET_SERVER_HELLO:wrong cipher returned')
+Fetch error: http://mycampina.com/ => https://www.mycampina.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.mycampina.com'")
+Fetch error: http://edixml.mycampina.com/ => https://edixml.mycampina.com/: (51, "SSL: no alternative certificate subject name matches target host name 'edixml.mycampina.com'")
+Fetch error: http://www.mycampina.com/ => https://www.mycampina.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.mycampina.com'")	See Campina-mismatches.xml also
+
+
+	Problematic domains:
+
+		- (www.)?nl.frieslandcampina.com *
+
+	* Handshake fails
+
 -->
-<ruleset name="Campina (partial)" platform="mixedcontent">
+<ruleset name="Campina (partial)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="campinaopschool.nl"/>
 	<target host="www.campinaopschool.nl"/>
@@ -37,10 +70,10 @@
 
 	<rule from="^http://(www\.)?mycampina\.com/" to="https://www.mycampina.com/"/>
 
-	<securecookie host="^(www\.)campinaopschool\.nl$" name=".*"/>
-	<securecookie host="^www\.connecthr\.nl$" name=".*"/>
-	<securecookie host="^me(elk|ilch)web\.frieslandcampina\.com$" name=".*"/>
-	<securecookie host="^www\.landliebe\.de$" name=".*"/>
-	<securecookie host="^edixml\.melkweb\.com$" name=".*"/>
+	<securecookie host="^(?:www\.)campinaopschool\.nl$" name=".+" />
+	<securecookie host="^www\.connecthr\.nl$" name=".+" />
+	<securecookie host="^me(?:elk|ilch)web\.frieslandcampina\.com$" name=".+" />
+	<securecookie host="^www\.landliebe\.de$" name=".+" />
+	<securecookie host="^edixml\.melkweb\.com$" name=".+" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Campus_Job.com.xml b/src/chrome/content/rules/Campus_Job.com.xml
new file mode 100644
index 000000000000..0b7e8ac80aed
--- /dev/null
+++ b/src/chrome/content/rules/Campus_Job.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .campusjob.com
+
+-->
+<ruleset name="Campus Job.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="campusjob.com" />
+	<target host="static.campusjob.com" />
+	<target host="www.campusjob.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.campusjob\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.campusjob\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Campus_Pack.xml b/src/chrome/content/rules/Campus_Pack.xml
index 67e0ff0aa204..05b1d545cd96 100644
--- a/src/chrome/content/rules/Campus_Pack.xml
+++ b/src/chrome/content/rules/Campus_Pack.xml
@@ -1,4 +1,10 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://campuspack.eu/ => https://campuspack.eu/: (51, "SSL: no alternative certificate subject name matches target host name 'campuspack.eu'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://campuspack.eu/ => https://campuspack.eu/: (51, "SSL: no alternative certificate subject name matches target host name 'campuspack.eu'")
 	Nonfunctional domains:
 
 		- (www.)campuspack.net		(CN: *.learningobjects.com; 403)
@@ -10,7 +16,7 @@
 		- .+.campuspack.net		(at least some pages redirect to http)
 
 -->
-<ruleset name="Campus Pack (partial)">
+<ruleset name="Campus Pack (partial)" default_off="failed ruleset test">
 
 	<target host="campuspack.eu" />
 	<target host="*.campuspack.eu" />
@@ -31,4 +37,4 @@
 	<rule from="^http://([\w\-]+)\.campuspack\.net/(Domain/|static)/"
 		to="https://$1.campuspack.net/$2/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Campuslabs.com.xml b/src/chrome/content/rules/Campuslabs.com.xml
new file mode 100644
index 000000000000..91a70a85f7d5
--- /dev/null
+++ b/src/chrome/content/rules/Campuslabs.com.xml
@@ -0,0 +1,44 @@
+<!--
+	Other Campus Labs rulesets:
+
+		- CollegiateLink.xml
+
+
+	Insecure cookies are set for these domains: ᶜ
+
+		- .campuslabs.com
+		- .www.campuslabs.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css on www from $self * ˢ
+		- Images on www from wordpresswwwcl.blob.core.windows.net ˢ
+
+	* Only custom fonts
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Campus Labs.com">
+
+	<target host="campuslabs.com" />
+	<target host="cdn1.campuslabs.com" />
+	<target host="cdn2.campuslabs.com" />
+	<target host="www.campuslabs.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.campuslabs\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+	<!--securecookie host="^\.www\.campuslabs\.com$" name="^ARRAffinity$" /-->
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^(?!\.campuslabs\.com$)." name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cams.com.xml b/src/chrome/content/rules/Cams.com.xml
new file mode 100644
index 000000000000..4ebd3f5b6667
--- /dev/null
+++ b/src/chrome/content/rules/Cams.com.xml
@@ -0,0 +1,50 @@
+<!--
+	For other FriendFinder coverage, see FriendFinder.xml.
+
+
+	Nonfunctional subdomains:
+
+		- (www.) ¹
+		- banners ²
+
+	¹ Refused
+	² Dropped
+
+
+	Problematic subdomains:
+
+		- graphics *
+		- photos *
+
+	* Works; mismatched, CN: *.securedataimages.com
+
+
+	Fully covered subdomains:
+
+		- graphics *
+		- photos *
+
+	* → secureimage.securedataimages.com
+
+-->
+<ruleset name="Cams.com (partial)">
+
+	<!--	Complications:
+				-->
+	<target host="graphics.cams.com" />
+	<target host="photos.cams.com" />
+
+		<!--exclusion pattern="^http://(banners|www)\." /-->
+
+
+	<securecookie host="^\.cams\.com$" name="^(?:AB_TRACKING|cams_tr|click_id_time|HISTORY|IP_COUNTRY|LOCATION_FROM_IP|REFERRAL_URL)$" />
+	<!--
+		Could we secure either of these safely?
+							-->
+	<!--securecookie host="^\.cams\.com$" name="^(cams_who|v_hash)$" /-->
+
+
+	<rule from="^http://(?:graphic|photo)s\.cams\.com/"
+		to="https://secureimage.securedataimages.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CanLII.xml b/src/chrome/content/rules/CanLII.xml
index 4cb194eae2a4..0b59f6f049d3 100644
--- a/src/chrome/content/rules/CanLII.xml
+++ b/src/chrome/content/rules/CanLII.xml
@@ -7,7 +7,6 @@
 	<securecookie host="^(?:www\.)?canlii\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?canlii\.org/"
-		to="https://$1canlii.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/CanSecWest.xml b/src/chrome/content/rules/CanSecWest.xml
index 4d73add8475d..13c4f4745860 100644
--- a/src/chrome/content/rules/CanSecWest.xml
+++ b/src/chrome/content/rules/CanSecWest.xml
@@ -1,15 +1,15 @@
 <ruleset name="CanSecWest">
 
 	<target host="cansecwest.com" />
-	<target host="*.cansecwest.com" />
+	<target host="www.cansecwest.com" />
 
 
-	<securecookie host="^\.cansecwest\.com$" name=".*" />
+	<securecookie host="^\.cansecwest\.com$" name=".+" />
 
 
 	<!--	Cert only matches //cans...
 						-->
-	<rule from="^https?://(?:www\.)?cansecwest\.com/"
+	<rule from="^http://(?:www\.)?cansecwest\.com/"
 		to="https://cansecwest.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Can_I_Use_Python_3.com.xml b/src/chrome/content/rules/Can_I_Use_Python_3.com.xml
new file mode 100644
index 000000000000..0562cec85e40
--- /dev/null
+++ b/src/chrome/content/rules/Can_I_Use_Python_3.com.xml
@@ -0,0 +1,22 @@
+<!--
+	www: Refused
+
+-->
+<ruleset name="Can I Use Python 3.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="caniusepython3.com" />
+
+	<!--	Complications:
+				-->
+	<target host="www.caniusepython3.com" />
+
+
+	<rule from="^http://www\.caniusepython3\.com/"
+		to="https://caniusepython3.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Can_They_See_My_Dick.com.xml b/src/chrome/content/rules/Can_They_See_My_Dick.com.xml
new file mode 100644
index 000000000000..1dad62d0af98
--- /dev/null
+++ b/src/chrome/content/rules/Can_They_See_My_Dick.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .cantheyseemydick.com
+
+-->
+<ruleset name="Can They See My Dick.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="cantheyseemydick.com" />
+	<target host="www.cantheyseemydick.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.cantheyseemydick\.com$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.cantheyseemydick\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CanadaHelps.xml b/src/chrome/content/rules/CanadaHelps.xml
index da84576925ae..adf512df658d 100644
--- a/src/chrome/content/rules/CanadaHelps.xml
+++ b/src/chrome/content/rules/CanadaHelps.xml
@@ -1,4 +1,7 @@
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://canadahelps.org/ => https://www.canadahelps.org/: Cycle detected - URL already encountered: https://www.canadahelps.org/
+Fetch error: http://www.canadahelps.org/ => https://www.canadahelps.org/: Cycle detected - URL already encountered: https://www.canadahelps.org/
 	Problematic subdomains:
 
 		- ^	(cert only matches www)
@@ -29,4 +32,4 @@
 	<rule from="^http://(?:www\.)?canadahelps\.org/"
 		to="https://www.canadahelps.org/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Canadian-Lung-Assoc.xml b/src/chrome/content/rules/Canadian-Lung-Assoc.xml
index e4792a95d336..e010ec8c5662 100644
--- a/src/chrome/content/rules/Canadian-Lung-Assoc.xml
+++ b/src/chrome/content/rules/Canadian-Lung-Assoc.xml
@@ -2,5 +2,5 @@
 	<target host="lung.ca" />
 	<target host="www.lung.ca" />
 
-	<rule from="^http://(?:www\.)?lung\.ca/" to="https://www.lung.ca/" />
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Canadian-Web-Hosting.xml b/src/chrome/content/rules/Canadian-Web-Hosting.xml
index 5a313f37699c..098171697ca0 100644
--- a/src/chrome/content/rules/Canadian-Web-Hosting.xml
+++ b/src/chrome/content/rules/Canadian-Web-Hosting.xml
@@ -1,21 +1,34 @@
 <!--
 	Nonfunctional subdomains:
 
-		- blog		(ssl_error_rx_record_too_long)
-		- forums	(ditto)
-		- mail		(cert: mail.idig.net, expired; shows IIS7 default page)
+		- blog ¹
+		- forums ¹
+		- mail ²
+
+	¹ Plaintext reply
+	² Shows IIS7 defeault page; CN: mail.idig.net, expired
 
 -->
-<ruleset name="Canadian Web Hosting (partial)" platform="mixedcontent">
+<ruleset name="Canadian Web Hosting (partial)">
 
 	<target host="canadianwebhosting.com" />
-	<target host="*.canadianwebhosting.com" />
+	<target host="helpdesk.canadianwebhosting.com" />
+	<target host="www.canadianwebhosting.com" />
+
+
+	<!--	Secured by server:
+					-->
+	<!--securecookie host="^(www\.)?canadianwebhosting\.com$" name="^ASPSESSIONID\w+$" /-->
+	<!--securecookie host="^helpdesk\.canadianwebhosting\.com$" name="^(SWIFT_client|SWIFT_sessionid\d+)$" /-->
+	<!--
+		Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?canadianwebhosting\.com$" name="^(ASP\.NET_SessionId|Referer)$" /-->
 
 
-	<securecookie host="^(.*\.)?canadianwebhosting\.com$" name=".*" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(helpdesk\.|www\.)?canadianwebhosting\.com/"
-		to="https://$1canadianwebhosting.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Canadian_Broadcasting_Corporation-mixedcontent.xml b/src/chrome/content/rules/Canadian_Broadcasting_Corporation-mixedcontent.xml
deleted file mode 100644
index ec6105a2fd29..000000000000
--- a/src/chrome/content/rules/Canadian_Broadcasting_Corporation-mixedcontent.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	See Canadian_Broadcasting_Corporation.xml for rules without mixed content.
-
--->
-<ruleset name="Canadian Broadcasting Corporation (mixed content)" platform="mixedcontent">
-
-	<target host="music.cbc.ca" />
-		<!--
-			Exclude paths covered in the main ruleset:
-									-->
-		<exclusion pattern="^http://music\.cbc\.ca/(?:config/|images/|(?:.+/)?(?:j|service)s/|lib/|modules/|(?:Web|Script)Resource\.axd/|stats/)" />
-
-
-	<rule from="^http://music\.cbc\.ca/"
-		to="https://music.cbc.ca/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Canadian_Broadcasting_Corporation.xml b/src/chrome/content/rules/Canadian_Broadcasting_Corporation.xml
deleted file mode 100644
index e089094f43d1..000000000000
--- a/src/chrome/content/rules/Canadian_Broadcasting_Corporation.xml
+++ /dev/null
@@ -1,39 +0,0 @@
-<!--
-	See Canadian_Broadcasting_Corporation-mixedcontent.xml for rules with mixed content.
-
-
-	CDN buckets:
-
-		- podcast.cbc.ca.edgesuite.net
-
-		- www.cbc.ca.edgesuite.net
-
-			- static.music.cbc.ca
-
-
-	Problematic subdomains:
-
-		-		(works, redirects to https://www)
-		- static.music *
-		- podcast *
-		- www *
-
-	* Works, akamai
-
-
-	Mixed css & js on music from static.music & www => separate mixedcontent ruleset.
-
--->
-<ruleset name="Canadian Broadcasting Corporation (partial)">
-
-	<target host="*.cbc.ca" />
-		<!--
-			We only want to secure non-page data here:
-									-->
-		<exclusion pattern="^http://music\.cbc\.ca/(?!config/|images/|(?:.+/)?(?:j|service)s/|lib/|modules/|(?:Web|Script)Resource\.axd/|stats/)" />
-
-
-	<rule from="^http://(music|sso)\.cbc\.ca/"
-		to="https://$1.cbc.ca/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Canadian_Dimension.com.xml b/src/chrome/content/rules/Canadian_Dimension.com.xml
new file mode 100644
index 000000000000..99d3eed4601b
--- /dev/null
+++ b/src/chrome/content/rules/Canadian_Dimension.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- canadiandimension.com
+
+-->
+<ruleset name="Canadian Dimension.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="canadiandimension.com" />
+	<target host="www.canadiandimension.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^canadiandimension\.com$" name="^(?:exp_last_activity|exp_tracker)$" /-->
+
+	<securecookie host="^canadiandimension\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Canadian_Institute_of_Chartered_Accountants.xml b/src/chrome/content/rules/Canadian_Institute_of_Chartered_Accountants.xml
index caa5267847d2..9dd977225e8c 100644
--- a/src/chrome/content/rules/Canadian_Institute_of_Chartered_Accountants.xml
+++ b/src/chrome/content/rules/Canadian_Institute_of_Chartered_Accountants.xml
@@ -1,10 +1,16 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://secure.cica.ca/ => https://secure.cica.ca/: (7, 'Failed to connect to secure.cica.ca port 443: Connection refused')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://secure.cica.ca/ => https://secure.cica.ca/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 	Nonfunctional subdomains:
 
 		- (www.)	(redirects to secure; mismatched, CN: secure.cica.ca)
 
 -->
-<ruleset name="Canadian Institute of Chartered Accountants (partial)">
+<ruleset name="Canadian Institute of Chartered Accountants (partial)" default_off="failed ruleset test">
 
 	<target host="secure.cica.ca" />
 
@@ -12,7 +18,6 @@
 	<securecookie host="^secure\.cica\.ca$" name=".+" />
 
 
-	<rule from="^http://secure\.cica\.ca/"
-		to="https://secure.cica.ca/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Canadian_Light_Source.xml b/src/chrome/content/rules/Canadian_Light_Source.xml
index da65e1cf5bb2..650dff77035f 100644
--- a/src/chrome/content/rules/Canadian_Light_Source.xml
+++ b/src/chrome/content/rules/Canadian_Light_Source.xml
@@ -12,7 +12,6 @@
 	<securecookie host="^user\.lightsource\.ca$" name=".+" />
 
 
-	<rule from="^http://user\.lightsource\.ca/"
-		to="https://user.lightsource.ca/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Canadian_Press.xml b/src/chrome/content/rules/Canadian_Press.xml
index 7e7beb437473..158d2909d171 100644
--- a/src/chrome/content/rules/Canadian_Press.xml
+++ b/src/chrome/content/rules/Canadian_Press.xml
@@ -1,4 +1,8 @@
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.cp.org/ => https://www.thecanadianpress.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://thecanadianpress.com/ => https://www.thecanadianpress.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.thecanadianpress.com/ => https://www.thecanadianpress.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 	Problematic domains:
 
 		- www.cp.org *
diff --git a/src/chrome/content/rules/Canadian_Security_Intelligence_Service.xml b/src/chrome/content/rules/Canadian_Security_Intelligence_Service.xml
deleted file mode 100644
index f4d0e041d43b..000000000000
--- a/src/chrome/content/rules/Canadian_Security_Intelligence_Service.xml
+++ /dev/null
@@ -1,28 +0,0 @@
-<ruleset name="Canadian Security Intelligence Service">
-    <target host="csis.gc.ca" />
-    <target host="*.csis.gc.ca" />
-    <target host="scrs.gc.ca" />
-    <target host="*.scrs.gc.ca" />
-    <target host="csis-scrs.gc.ca" />
-    <target host="*.csis-scrs.gc.ca" />
-
-    <rule from="^https?://csis\.gc\.ca/"
-        to="https://www.csis.gc.ca/" />
-    <rule from="^http://([^/:@]+)?\.csis\.gc\.ca/"
-        to="https://$1.csis.gc.ca/" />
-
-    <!--
-         2013-10-13: As of the time of writing, this domain has an invalid SSL
-         cert, send users to the English domain-name (has exact same content).
-    -->
-    <rule from="^https?://scrs\.gc\.ca/"
-        to="https://www.csis.gc.ca/" />
-    <rule from="^http://([^/:@]+)?\.scrs\.gc\.ca/"
-        to="https://$1.csis.gc.ca/" />
-
-    <!-- Same as above -->
-    <rule from="^https?://csis-scrs\.gc\.ca/"
-        to="https://www.csis.gc.ca/" />
-    <rule from="^http://([^/:@]+)?\.csis-scrs\.gc\.ca/"
-        to="https://$1.csis.gc.ca/" />
-</ruleset>
diff --git a/src/chrome/content/rules/CanalDigital.xml b/src/chrome/content/rules/CanalDigital.xml
index cd5b859efb1e..7fa0d78c8b8f 100644
--- a/src/chrome/content/rules/CanalDigital.xml
+++ b/src/chrome/content/rules/CanalDigital.xml
@@ -1,4 +1,17 @@
-<ruleset name="CanalDigital" platform="mixedcontent">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://kabel.canaldigital.se/ => https://kabel.canaldigital.se/: (60, 'SSL certificate problem: certificate has expired')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://canaldigital.dk/ => https://canaldigital.dk/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.canaldigital.dk/ => https://www.canaldigital.dk/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://erhverv.canaldigital.dk/ => https://erhverv.canaldigital.dk/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://foreninger.canaldigital.dk/ => https://foreninger.canaldigital.dk/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://iptv.canaldigital.dk/ => https://iptv.canaldigital.dk/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://kabel.canaldigital.se/ => https://kabel.canaldigital.se/: (60, 'SSL certificate problem: certificate has expired')
+-->
+<ruleset name="CanalDigital" platform="mixedcontent" default_off="failed ruleset test">
 	<!--
 	- some mixed content from ads
 	-->
diff --git a/src/chrome/content/rules/Canary_Watch.org.xml b/src/chrome/content/rules/Canary_Watch.org.xml
new file mode 100644
index 000000000000..562d2e4eabcb
--- /dev/null
+++ b/src/chrome/content/rules/Canary_Watch.org.xml
@@ -0,0 +1,19 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://canarywatch.org/ => https://canarywatch.org/: (7, 'Failed to connect to canarywatch.org port 443: No route to host')
+Fetch error: http://www.canarywatch.org/ => https://www.canarywatch.org/: (7, 'Failed to connect to www.canarywatch.org port 443: No route to host')
+
+-->
+<ruleset name="Canary Watch.org" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="canarywatch.org" />
+	<target host="www.canarywatch.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cancer.gov.xml b/src/chrome/content/rules/Cancer.gov.xml
new file mode 100644
index 000000000000..08370dd7cdd8
--- /dev/null
+++ b/src/chrome/content/rules/Cancer.gov.xml
@@ -0,0 +1,201 @@
+<!--
+
+
+	Nonfunctional hosts in *cancer.gov:
+
+		- (www.)? ʳ
+		- (www.)?appliedresearch ᵇ
+		- atbcstudy *
+		- biospecimens ᶠ
+		- breastscreening ᵈ
+		- budgettool ᶠ
+		- cam ʳ
+		- cancercenters ʳ
+		- cancercontrol ᵃ
+		- cancercontrolplanet ʳ
+		- home.ccr ⁴
+		- cdp ᶠ
+		- cgb ᵈ
+		- cisnet ᵈ
+		- class ᶠ
+		- clinicalcenter ᵈ
+		- crn ʳ
+		- cssi ᶠ
+		- dceg ʳ
+		- dceg2 *
+		- dctd ᶠ
+		- dietassessmentprimer ᵈ
+		- dtc ᶠ
+		- eagle ᵈ
+		- fundedresearch ᵇ
+		- glycomics ᵈ
+		- epi.grants *
+		- gutcheck ʳ
+		- healthcaredelivery ᵇ
+		- imaging ʳ
+		- innovation ᶠ
+		- legislative ʳ
+		- lfs ʳ
+		- maps ʳ
+		- marrowfailure ᵈ
+		- nano ᶠ
+		- ncccp ʳ
+		- ncl ᶠ
+		- ncorp ᵈ
+		- next ᶠ
+		- oham ʳ
+		- proteomics ʳ
+		- ratecalc ʳ
+		- rrp ᶠ
+		- sae ᵈ
+		- sarcoma ᵖ
+		- staffprofiles ʳ
+		- statfund ᵈ
+		- surveillance *
+		- trp ᶠ
+
+	* 200 blank page
+	⁴ 404
+	ᵃ Shows another domain
+	ᵇ Shows default page
+	ᵈ Dropped
+	ᶠ Handshake fails
+	ᵖ Plaintext reply
+	ʳ Refused
+
+
+	Problematic hosts in *cancer.gov:
+
+		- assays ᶜ
+		- itcr ᵐ
+		- ostr ᶜ
+
+	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
+	ᵐ Mismatched
+
+
+	Partially covered hosts in *cancer.gov:
+
+		- seer ʰ
+
+	ʰ Some pages redirect to http
+
+
+	These altnames do not exist:
+
+		- www.resources.cisnet.cancer.gov
+
+
+	Insecure cookies are set for these hosts:
+
+		- frederick.cancer.gov
+		- livehelp.cancer.gov
+		- ncifrederick.cancer.gov
+		- ostr.cancer.gov
+		- pubs.cancer.gov
+		- www.teamsciencetoolkit.cancer.gov
+		- visualsonline.cancer.gov
+
+
+	Mixed content:
+
+		- css on cptr from fonts.googleapis.com ˢ
+		- Image on visualsonline from www.cancer.gov ʳ
+
+	ʳ Unsecurable <= refused
+	ˢ Secured by us
+
+-->
+<ruleset name="Cancer.gov (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="1800quitnow.cancer.gov" />
+	<target host="accrualnet.cancer.gov" />
+	<target host="antibodies.cancer.gov" />
+	<!--target host="assays.cancer.gov" /-->
+	<target host="cahub.cancer.gov" />
+	<target host="popmodels.cancercontrol.cancer.gov" />
+	<target host="ccr.cancer.gov" />
+	<target host="ccr-abcam.cancer.gov" />
+	<target host="ccrrockland.cancer.gov" />
+	<target host="resources.cisnet.cancer.gov" />
+	<target host="costprojections.cancer.gov" />
+	<target host="www.costprojections.cancer.gov" />
+	<target host="cpfp.cancer.gov" />
+	<target host="www.cpfp.cancer.gov" />
+	<target host="cptr.cancer.gov" />
+	<target host="dtp.cancer.gov" />
+	<target host="emblem.cancer.gov" />
+	<target host="www.emblem.cancer.gov" />
+	<target host="emergencytool.cancer.gov" />
+	<target host="frederick.cancer.gov" />
+	<target host="livehelp.cancer.gov" />
+	<target host="mouserepository.cancer.gov" />
+	<target host="ncifrederick.cancer.gov" />
+	<target host="ocg.cancer.gov" />
+	<!--target host="ostr.cancer.gov" /-->
+	<target host="ppb.cancer.gov" />
+	<target host="www.ppb.cancer.gov" />
+	<target host="pcp.cancer.gov" />
+	<target host="prescancerpanel.cancer.gov" />
+	<target host="prevention.cancer.gov" />
+	<target host="www.prevention.cancer.gov" />
+	<target host="progressreport.cancer.gov" />
+	<target host="www.progressreport.cancer.gov" />
+	<target host="researchtoreality.cancer.gov" />
+	<target host="sbir.cancer.gov" />
+	<target host="seer.cancer.gov" />
+	<target host="specimens.cancer.gov" />
+	<target host="www.specimens.cancer.gov" />
+	<target host="tcga.cancer.gov" />
+	<target host="www.teamsciencetoolkit.cancer.gov" />
+	<target host="visualsonline.cancer.gov" />
+
+	<!--	Complications:
+				-->
+	<target host="itcr.cancer.gov" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://seer\.cancer\.gov/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://seer\.cancer\.gov/+(?!favicon\.ico|[is]/|toolbox/.+\.css)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://seer.cancer.gov/about/" />
+			<test url="http://seer.cancer.gov/publications/" />
+			<test url="http://seer.cancer.gov/resources/" />
+			<test url="http://seer.cancer.gov/seerabs/" />
+			<test url="http://seer.cancer.gov/statfacts/" />
+
+			<!--	-ve:
+					-->
+			<test url="http://seer.cancer.gov/favicon.ico" />
+			<test url="http://seer.cancer.gov/i/grad.png" />
+			<test url="http://seer.cancer.gov/s/print.css" />
+			<test url="http://seer.cancer.gov/toolbox/javascript/jquery-ui-1.9.2/css/redmond/jquery-ui-1.9.2.custom.min.css" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:nci)?frederick\.cancer\.gov$" name="^__AXT$" /-->
+	<!--securecookie host="^livehelp\.cancer\.gov$" name="^TS[\da-f]{8}$" /-->
+	<!--securecookie host="^ostr\.cancer\.gov$" name="^bb2_screener_$" /-->
+	<!--securecookie host="^pubs\.cancer\.gov$" name="^(?:ASPSESSIONID[A-Z]{8}|DSLB)$" /-->
+	<!--securecookie host="^www\.teamsciencetoolkit\.cancer\.gov$" name="^(?:\.ASPXANONYMOUS|ASP\.NET_SessionId)$" /-->
+	<!--securecookie host="^visualsonline\.cancer\.gov$" name="^CF(?:ID|TOKEN)$" /-->
+
+	<securecookie host="^(?!seer\.)\w" name=".+" />
+
+
+	<rule from="^http://itcr\.cancer\.gov/"
+		to="https://cbiit.nci.nih.gov/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CandH_Lures.com.xml b/src/chrome/content/rules/CandH_Lures.com.xml
new file mode 100644
index 000000000000..41c79f161c20
--- /dev/null
+++ b/src/chrome/content/rules/CandH_Lures.com.xml
@@ -0,0 +1,30 @@
+<!--
+	^: mismatched, CN: *.corecommerce.com
+
+-->
+<ruleset name="CandH Lures.com (partial)">
+
+	<target host="candhlures.com" />
+	<target host="www.candhlures.com" />
+		<!--
+			Redirects to corecommerce.com:
+							-->
+		<!--exclusion pattern="^http://(www\.)?candhlures\.com/+($|\?)" /-->
+		<!--
+			Blank page:
+					-->
+		<!--exclusion pattern="^http://(www\.)?candhlures\.com/+cart\.php" /-->
+		<!--
+			404:
+				-->
+		<!--exclusion pattern="^http://(www\.)?candhlures\.com/+(\d{5}-\d/|favicon\.ico|images/)" /-->
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="^http://(www\.)?candhlures\.com/+(?!cdn-cgi/|css/|javascript/)" /-->
+
+
+	<rule from="^http://(?:www\.)?candhlures\.com/(?=cdn-cgi/|css/|javascript/)"
+		to="https://www.candhlures.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Canli_Alem.xml b/src/chrome/content/rules/Canli_Alem.xml
index b091599f6fd7..07b492287ff6 100644
--- a/src/chrome/content/rules/Canli_Alem.xml
+++ b/src/chrome/content/rules/Canli_Alem.xml
@@ -1,13 +1,12 @@
 <ruleset name="Canlı Alem">
 
 	<target host="canlialem.com" />
-	<target host="*.canlialem.com" />
+	<target host="www.canlialem.com" />
 
 
 	<securecookie host="^\.?canlialem\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?canlialem\.com/"
-		to="https://$1canlialem.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/CannabisLegality.com.xml b/src/chrome/content/rules/CannabisLegality.com.xml
new file mode 100644
index 000000000000..7f75ebd820e3
--- /dev/null
+++ b/src/chrome/content/rules/CannabisLegality.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="CannabisLegality.com">
+	<target host="cannabislegality.com" />
+	<target host="www.cannabislegality.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Cannagraphic.xml b/src/chrome/content/rules/Cannagraphic.xml
deleted file mode 100644
index 52ae67d12e22..000000000000
--- a/src/chrome/content/rules/Cannagraphic.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<!-- ICMag SSL cert is valid for www domains; https://icmag.com/* gives invalid cert warning -->
-<ruleset name="Intl Cannagraphic Magazine">
-  <target host="www.icmag.*" />
-  <target host="icmag.*" />
-  
-  <rule from="^http://(?:www\.)?icmag\.com/" to="https://www.icmag.com/"/>
-  <rule from="^https://icmag\.com/" to="https://www.icmag.com/"/>
-  <rule from="^http://(?:www\.)?icmag\.com/ic/" to="https://www.icmag.com/ic/"/>
-  <rule from="^https://icmag\.com/ic/" to="https://www.icmag.com/ic/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/Canon.xml b/src/chrome/content/rules/Canon.xml
new file mode 100644
index 000000000000..7cf9bd9a03a3
--- /dev/null
+++ b/src/chrome/content/rules/Canon.xml
@@ -0,0 +1,177 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://forums.usa.canon.com/ => https://forums.usa.canon.com/: (51, "SSL: no alternative certificate subject name matches target host name 'forums.usa.canon.com'")
+Fetch error: http://newsletter.canon-europe.com/ => https://newsletter.canon-europe.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+
+	^canon.com: Dropped
+	www.canon.com: 504
+
+
+	Partially covered hosts in *canon.com:
+
+		- shop.usa ʰ
+
+	ʰ Some pages redirect to http
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .canon.com
+		- community.usa.canon.com
+		- www.usa.canon.com
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- downloads.canon.com, community.usa.cannon.com from $self ˢ
+			- community.usa.cannon.com from www.usa.cannon.com ˢ
+			- community.usa.cannon.com from canonusa.i.lithium.com ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="Canon (partial)" default_off="failed ruleset test">
+
+	<!-- Domains checked on September 11th 2014 -->
+
+	<!-- Global -->
+	<target host="cbps.canon.com" />
+	<target host="cfs.canon.com" />
+	<target host="csa.canon.com" />
+	<target host="downloads.canon.com" />
+	<target host="solutions.canon.com" />
+	<target host="usa.canon.com" />
+
+	<target host="forums.usa.canon.com" />
+	<target host="shop.usa.canon.com" />
+	<target host="www.usa.canon.com" />
+
+	<target host="www.canon-europe.com" />
+	<target host="newsletter.canon-europe.com" />
+	<target host="remedy.canon-europe.com" />
+	<target host="sims.canon-europe.com" />
+
+	<!-- Scandinavia -->
+	<target host="www.canon.dk" />
+	<target host="www.canon.no" />
+	<target host="www.canon.se" />
+	<target host="www.canon.fi" />
+
+	<!-- Benelux -->
+	<target host="www.canon.nl" />
+	<target host="www.canon.lu" />
+	<target host="nl.canon.be" />
+	<target host="fr.canon.be" />
+
+	<!-- Europe -->
+	<target host="www.canon.co.uk" />
+	<target host="www.canon.fr" />
+	<target host="www.canon.de" />
+	<target host="de.canon.ch" />
+	<target host="fr.canon.ch" />
+	<target host="www.canon.es" />
+	<target host="www.canon.si" />
+	<target host="www.canon.sk" />
+	<target host="www.canon.ba" />
+	<target host="www.canon.at" />
+	<target host="www.canon.it" />
+	<target host="www.canon.ie" />
+	<target host="www.canon.pt" />
+	<target host="www.canon.lv" />
+	<target host="www.canon.lt" />
+	<target host="www.canon.ee" />
+	<target host="www.canon.com.mk" />
+
+	<!-- Oceania -->
+	<target host="www.canon.co.nz" />
+
+	<!-- Asia -->
+	<target host="www.canon.com.cn" />
+	<target host="www.canon.com.tr" />
+	<target host="www.canon.ru" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://shop\.usa\.canon\.com/shop/\w\w/(?:catalog$|catalog/[\w-]+$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://shop\.usa\.canon\.com/+(?!estore/(?:images|marketing)/|favicon\.ico|shop/(?:CheckoutLogonDisplayView|OrderShippingBillingView|ResetPasswordGuestErrorView|UserRegistrationForm|catalog)(?:$|[?/])|sys/|wcsstore/.+/(?:css|images)/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://shop.usa.canon.com/shop/en/catalog" />
+			<test url="http://shop.usa.canon.com/shop/en/catalog/49mm-protector-filter" />
+			<test url="http://shop.usa.canon.com/shop/en/catalog/affiliate-program" />
+			<test url="http://shop.usa.canon.com/shop/en/catalog/cameras" />
+			<test url="http://shop.usa.canon.com/shop/en/catalog/eos-5ds" />
+			<test url="http://shop.usa.canon.com/shop/en/catalog/eos-rebel-t6i-18-55mm-is-stm-lens-kit" />
+			<test url="http://shop.usa.canon.com/shop/en/catalog/imageclass-d1370" />
+			<test url="http://shop.usa.canon.com/shop/en/catalog/pixma-ip8500-compatible-ink" />
+			<test url="http://shop.usa.canon.com/shop/en/catalog/pixma-mg3220-wireless" />
+			<test url="http://shop.usa.canon.com/shop/en/catalog/powershot-elph-135-black" />
+			<test url="http://shop.usa.canon.com/shop/en/catalog/powershot-g7-x" />
+			<test url="http://shop.usa.canon.com/shop/en/catalog/professional-prints" />
+			<test url="http://shop.usa.canon.com/shop/en/catalog/shipping-offers" />
+			<test url="http://shop.usa.canon.com/shop/en/catalog/why-buy-canon" />
+
+			<!--	-ve:
+					-->
+			<test url="http://shop.usa.canon.com/estore/images/onlineopinionV5/oo_icon.gif" />
+			<test url="http://shop.usa.canon.com/estore/marketing/2014_REDESIGN/Affiliate/affiliate_lead_in_desktop.jpg" />
+			<test url="http://shop.usa.canon.com/estore/marketing/inkfinder/inkfinder-new-200.png" />
+			<test url="http://shop.usa.canon.com/estore/marketing/socialicons/icon_facebook.png" />
+			<test url="http://shop.usa.canon.com/estore/marketing/staticassets/css/marketing.css" />
+			<test url="http://shop.usa.canon.com/favicon.ico" />
+			<test url="http://shop.usa.canon.com/shop/CheckoutLogonDisplayView" />
+			<test url="http://shop.usa.canon.com/shop/OrderShippingBillingView" />
+			<test url="http://shop.usa.canon.com/shop/ResetPasswordGuestErrorView" />
+			<test url="http://shop.usa.canon.com/shop/UserRegistrationForm" />
+			<test url="http://shop.usa.canon.com/shop/catalog" />
+			<test url="http://shop.usa.canon.com/sys/estore_tech_spec.css" />
+			<test url="http://shop.usa.canon.com/sys/images/buttons/back_to_top.gif" />
+			<test url="http://shop.usa.canon.com/wcsstore/CanonB2BStoreFrontAssetStore/css/Canon-Primary-Fonts.css" />
+			<test url="http://shop.usa.canon.com/wcsstore/CanonB2BStoreFrontAssetStore/images/footer/divider1.png" />
+			<test url="http://shop.usa.canon.com/wcsstore/ExtendedSitesCatalogAssetStore/36681_1_l.jpg" />
+			<test url="http://shop.usa.canon.com/wcsstore/Widgets/images/colors/color1/error_icon.png" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.canon\.com$" name="^NWIDENTITY$" /-->
+	<!--securecookie host="^community\.usa\.canon\.com$" name="^(?:LiSESSIONID|LithiumUserInfo|LithiumUserSecure|LithiumVisitor)$" /-->
+	<!--securecookie host="^www\.usa\.canon\.com$" name="^JSESSIONID$" /-->
+
+	<securecookie host="^\." name="^_gat?$" />
+	<securecookie host="^(?!shop\.usa\.)\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:"/>
+
+	<!-- Domains without TLS support/with downgrade/Broken certificate:
+		www.canon.com.sg (Singapore)
+		canon.jp (Japan)
+		canon.com (Global)
+		www.canon.co.th (Thailand)
+		www.canon.co.id (Indonesia)
+		www.canon.co.in (India)
+		www.canon.com.hk (Hong Kong)
+		www.canon.com.my (Malaysia)
+		www.canon.co.kr (South Korea)
+		www.canon.com.vn (Vietnam)
+		www.canon-me.com (Middle East regional site)
+		www.canon.cl (Chile)
+		www.canon.com.mx (Mexico)
+		www.canon.com.pa (Panama)
+		www.cla.canon.com (South America Portal)
+		www.canon.com.mt (Malta)
+		www.canon.bg (Bulgaria)
+		www.canon.am (Armenia)
+		www.canon.ua (Ukraine)
+	-->
+
+</ruleset>
diff --git a/src/chrome/content/rules/Canonical-falsemixed.xml b/src/chrome/content/rules/Canonical-falsemixed.xml
deleted file mode 100644
index 3cd3a83f6440..000000000000
--- a/src/chrome/content/rules/Canonical-falsemixed.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	For rules not causing false/broken MCB, see Canonical.xml.
-
--->
-<ruleset name="Canonical (false MCB)" platform="mixedcontent">
-
-	<target host="design.canonical.com" />
-		<!--
-			Handled in Canonical.xml:
-							-->
-		<!--exclusion pattern="^http://design\.ubuntu\.com/(favicon\.ico|wp-content/)" /-->
-
-
-	<rule from="^http://design\.canonical\.com/(?!favicon\.ico|wp-content/)"
-		to="https://design.canonical.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Canonical.xml b/src/chrome/content/rules/Canonical.xml
index 29f78499e357..734d1d3eaa49 100644
--- a/src/chrome/content/rules/Canonical.xml
+++ b/src/chrome/content/rules/Canonical.xml
@@ -1,63 +1,37 @@
 <!--
-	For rules causing false/broken MCB, see Canonical-falsemixed.xml.
-
 
 	Other Canonical rulesets:
 
 		- Launchpad.xml
 
 
-	Nonfunctional subdomains:
-
-		- (www.)	(dropped)
-
-
-	Partially covered subdomains:
-
-		- design *
-
-	* Avoiding false/broken MCB, rest covered in Canonical-falsemixed.xml
-
-
-	Fully covered subdomains:
-
-		- blog.bazaar
-		- certification
-		- irclogs
-		- shop
-
-
-	Mixed content:
-
-		- Scripts on design from design *
-		- css on design from design *
-		- Images on design from design *
-		- favicon on design from www.ubuntu.com **
-
-	* Secured by us
-	** Unsecurable, doesn't trip MCB
-
-
-	design is in a separate falsemixed ruleset
-	due to scripts and css from design.
-
-	NB: We secure all resources, and thus
-	falsemixed should be merged for Ffx 24.
+	Secure Connection Failed:
+		canonical.com
+	Invalid Certificate:
+		doc.bazaar.canonical.com
+		wiki.bazaar.canonical.com
+	Timeout:
+		partners.canonical.com
 
 -->
-<ruleset name="Canonical (partial)">
-
-	<target host="*.canonical.com" />
-		<!--
-			Avoid false/broken MCB:
-						-->
-		<exclusion pattern="^http://design\.ubuntu\.com/(?!favicon\.ico|wp-content/)" />
-
-
-	<securecookie host="^(?:certification|irclogs|shop)\.canonical\.com$" name=".+" />
-
-
-	<rule from="^http://(blog\.bazaar|certification|design|irclogs|landscape|shop)\.canonical\.com/"
-		to="https://$1.canonical.com/" />
-
+<ruleset name="Canonical.com" >
+	<target host="canonical.com" />
+	<target host="www.canonical.com" />
+	<target host="bazaar.canonical.com" />
+	<target host="certification.canonical.com" />
+	<target host="design.canonical.com" />
+	<target host="forms.canonical.com" />
+	<target host="irclogs.canonical.com" />
+	<target host="landscape.canonical.com" />
+	<target host="partners.canonical.com" />
+	<target host="people.canonical.com" />
+	<target host="support.canonical.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://canonical\.com/" to="https://www.canonical.com/" />
+
+	<rule from="^http://partners\.canonical\.com/" to="https://www.canonical.com/" />
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Canonwatch.com.xml b/src/chrome/content/rules/Canonwatch.com.xml
new file mode 100644
index 000000000000..a37b52e397bc
--- /dev/null
+++ b/src/chrome/content/rules/Canonwatch.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Canonwatch.com">
+	<target host="canonwatch.com" />
+	<target host="www.canonwatch.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Canterbury.gov.uk.xml b/src/chrome/content/rules/Canterbury.gov.uk.xml
new file mode 100644
index 000000000000..7b5f9db3d8c2
--- /dev/null
+++ b/src/chrome/content/rules/Canterbury.gov.uk.xml
@@ -0,0 +1,74 @@
+<!--
+	Canterbury City Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *canterbury.gov.uk:
+
+		- planningdocs ᵈ
+		- maps ᵈ
+
+	ᵈ Dropped
+
+
+	Partially covered hosts in *canterbury.gov.uk:
+
+		- democracy ʰ
+
+	ʰ Some pages redirect to http
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- democracy.canterbury.gov.uk
+		- .forms.canterbury.gov.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Canterbury.gov.uk (partial)">
+
+	<target host="canterbury.gov.uk" />
+	<target host="democracy.canterbury.gov.uk" />
+	<target host="forms.canterbury.gov.uk" />
+	<target host="publicaccess.canterbury.gov.uk" />
+	<target host="www.canterbury.gov.uk" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="http://democracy\.canterbury\.gov\.uk/(?:ieRegisterUser|mgFindMember|mgPasswordReqst|uuCoverPage)\.aspx" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="http://democracy\.canterbury\.gov\.uk/(?!/*(?:[Ss]iteSpecific/|(?:ieLogon|mgRegisterKeywordInterest)\.aspx|jquery-ui/))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://democracy.canterbury.gov.uk/ieRegisterUser.aspx?RPID=&amp;HPID=" />
+			<test url="http://democracy.canterbury.gov.uk/mgFindMember.aspx?bcr=1" />
+			<test url="http://democracy.canterbury.gov.uk/mgPasswordReqst.aspx" />
+			<test url="http://democracy.canterbury.gov.uk/mgUserInfo.aspx?UID=104" />
+			<test url="http://democracy.canterbury.gov.uk/uuCoverPage.aspx?bcr=1" />
+
+			<!--	-ve:
+					-->
+			<test url="http://democracy.canterbury.gov.uk/SiteSpecific/ssWordStyles.css" />
+			<test url="http://democracy.canterbury.gov.uk/ieLogon.aspx?RPID=&amp;HPID=&amp;Forms=&amp;META=mgSubscribeLogon" />
+			<test url="http://democracy.canterbury.gov.uk/jquery-ui/css/Smoothness/jquery-ui-1.10.2.custom.min.css" />
+			<test url="http://democracy.canterbury.gov.uk/mgRegisterKeywordInterest.aspx?bcr=1" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^democracy\.canterbury\.gov\.uk$" name="^(?:_mglogon_|ASP\.NET_SessionId)$" /-->
+	<!--securecookie host="^\.forms\.canterbury\.gov\.uk$" name="^TestCookie$" /-->
+
+	<securecookie host="^(?!democracy\.)\w" name=".+" />
+	<securecookie host="^\.forms\." name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Canvas.net.xml b/src/chrome/content/rules/Canvas.net.xml
new file mode 100644
index 000000000000..d6177e1f72e0
--- /dev/null
+++ b/src/chrome/content/rules/Canvas.net.xml
@@ -0,0 +1,31 @@
+<!--
+	^canvas.net: Refused
+
+
+	Mixed content:
+
+		- Image from pub-images.canvasnetwork.com
+
+-->
+<ruleset name="Canvas.Net">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.canvas.net" />
+
+	<!--	Complications:
+				-->
+	<target host="canvas.net" />
+
+
+	<securecookie host="^\." name="^_gat?$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://canvas\.net/"
+		to="https://www.canvas.net/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Canvas.xml b/src/chrome/content/rules/Canvas.xml
deleted file mode 100644
index 470648066c2b..000000000000
--- a/src/chrome/content/rules/Canvas.xml
+++ /dev/null
@@ -1,26 +0,0 @@
-<!--
-	CDN buckets:
-
-		- canvas-dynamic-assets.s3.amazonaws.com
-
--->
-<ruleset name="Canvas">
-
-	<target host="canv.as" />
-	<target host="*.canv.as" />
-	<target host="i.canvasugc.com" />
-
-
-	<securecookie host="^(?:.*\.)?canv\.as" name=".+" />
-
-
-	<rule from="^http://(www\.)?canv\.as/"
-		to="https://$1canv.as/" />
-
-	<rule from="^http://i\.canvasugc\.com/"
-		to="https://i.canvasugc.com/" />
-
-	<rule from="^http://rt_(\d)\.canv\.as/"
-		to="https://rt_$1.canv.as/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/CanvasHolidays.co.uk.xml b/src/chrome/content/rules/CanvasHolidays.co.uk.xml
new file mode 100644
index 000000000000..b193314cb192
--- /dev/null
+++ b/src/chrome/content/rules/CanvasHolidays.co.uk.xml
@@ -0,0 +1,27 @@
+<!--
+	For other Wyndham related rulesets, see WyndhamHotels.com.xml
+
+	Non-functional hosts
+		Couldn't connect to server:
+		- dev3.canvasholidays.co.uk
+		- dev4.canvasholidays.co.uk
+		- dev5.canvasholidays.co.uk
+		- dev6.canvasholidays.co.uk
+		- preprod.canvasholidays.co.uk
+
+		Timeout was reached:
+		- dev.canvasholidays.co.uk
+		- dev1.canvasholidays.co.uk
+		- dev2.canvasholidays.co.uk
+
+		SSL peer certificate was not OK:
+		- 2017.canvasholidays.co.uk
+-->
+<ruleset name="Canvas Holidays.co.uk">
+	<target host="www.canvasholidays.co.uk" />
+	<target host="blog.canvasholidays.co.uk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Canvas_LMS.com.xml b/src/chrome/content/rules/Canvas_LMS.com.xml
new file mode 100644
index 000000000000..c8d162d4c0d3
--- /dev/null
+++ b/src/chrome/content/rules/Canvas_LMS.com.xml
@@ -0,0 +1,28 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- app-community.canvaslms.com
+		- community.canvaslms.com
+		- www.canvaslms.com
+
+-->
+<ruleset name="Canvas LMS.com">
+
+	<target host="canvaslms.com" />
+	<target host="app-community.canvaslms.com" />
+	<target host="community.canvaslms.com" />
+	<target host="www.canvaslms.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:app-)?community\.canvaslms\.com$" name="^BIGipServer" /-->
+	<!--securecookie host="^www\.canvaslms\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Canvas_n_decor.com.xml b/src/chrome/content/rules/Canvas_n_decor.com.xml
index b43e49ae4266..39f84716eb30 100644
--- a/src/chrome/content/rules/Canvas_n_decor.com.xml
+++ b/src/chrome/content/rules/Canvas_n_decor.com.xml
@@ -1,13 +1,12 @@
 <ruleset name="Canvas n decor.com">
 
 	<target host="canvasndecor.com" />
-	<target host="*.canvasndecor.com" />
+	<target host="www.canvasndecor.com" />
 
 
 	<securecookie host="^\.canvasndecor\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?canvasndecor\.com/"
-		to="https://$1canvasndecor.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Cape-it.de.xml b/src/chrome/content/rules/Cape-it.de.xml
index 6ccbbf2a8908..3f23510e7fe3 100644
--- a/src/chrome/content/rules/Cape-it.de.xml
+++ b/src/chrome/content/rules/Cape-it.de.xml
@@ -2,15 +2,12 @@
 	c.a.p.e IT
 
 
-	Nonfunctional subdomains:
+	Nonfunctional hosts in *cape-it.de:
 
+		- (www.)? *
 		- piwik *
-		- www *
 
-	* Mismatched, CN: support.cape-it.de
-
-
-	^cape-it.de does not exist
+	* Shows support.cape-it.de
 
 -->
 <ruleset name="cape-it.de (partial)">
@@ -18,7 +15,7 @@
 	<target host="support.cape-it.de" />
 
 
-	<rule from="^http://support\.cape-it\.de/"
-		to="https://support.cape-it.de/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Capetown.gov.za.xml b/src/chrome/content/rules/Capetown.gov.za.xml
new file mode 100644
index 000000000000..b79cd1cbb2f2
--- /dev/null
+++ b/src/chrome/content/rules/Capetown.gov.za.xml
@@ -0,0 +1,85 @@
+<ruleset name="Capetown.gov.za">
+	<target host="www.capetown.gov.za" />
+
+	<target host="capetown2040.capetown.gov.za" />
+	<target host="capetownstadium.capetown.gov.za" />
+	<target host="capetownstadiumedc.capetown.gov.za" />
+	<target host="careers.capetown.gov.za" />
+	<target host="careersedc.capetown.gov.za" />
+	<target host="cdcextweb01.capetown.gov.za" />
+	<target host="citydocsexternal.capetown.gov.za" />
+	<target host="citydocsexternaledc.capetown.gov.za" />
+	<target host="citymaps.capetown.gov.za" />
+	<target host="cityteams.capetown.gov.za" />
+	<target host="citytelecomstoc.capetown.gov.za" />
+	<target host="collaborate.capetown.gov.za" />
+	<target host="ctcs.capetown.gov.za" />
+	<target host="ctcscdc.capetown.gov.za" />
+	<target host="ctcsqa.capetown.gov.za" />
+	<target host="edcextweb01.capetown.gov.za" />
+	<target host="egev.capetown.gov.za" />
+	<target host="emap.capetown.gov.za" />
+	<target host="emap1.capetown.gov.za" />
+	<target host="emapqa.capetown.gov.za" />
+	<target host="eservices.capetown.gov.za" />
+	<target host="eservices1.capetown.gov.za" />
+	<target host="eservices1edc.capetown.gov.za" />
+	<target host="eservicesedc.capetown.gov.za" />
+	<target host="fines.capetown.gov.za" />
+	<target host="ftptst.capetown.gov.za" />
+	<target host="integrationhub.capetown.gov.za" />
+	<target host="integrationhubedc.capetown.gov.za" />
+	<target host="lyncdiscover.capetown.gov.za" />
+	<target host="lyncweb01.capetown.gov.za" />
+	<target host="map1.capetown.gov.za" />
+	<target host="mapsearch.capetown.gov.za" />
+	<target host="mapsedc.capetown.gov.za" />
+	<target host="mdm.capetown.gov.za" />
+	<target host="mobimail.capetown.gov.za" />
+	<target host="mportaledc.capetown.gov.za" />
+	<target host="pki.capetown.gov.za" />
+	<target host="planning.capetown.gov.za" />
+	<target host="prehmis-qa.capetown.gov.za" />
+	<target host="qacareers.capetown.gov.za" />
+	<target host="qacareersedc.capetown.gov.za" />
+	<target host="qaeservices.capetown.gov.za" />
+	<target host="qaeservices1.capetown.gov.za" />
+	<target host="qaeservices1edc.capetown.gov.za" />
+	<target host="qaeservicesedc.capetown.gov.za" />
+	<target host="qaintegrationhub.capetown.gov.za" />
+	<target host="qaintegrationhubedc.capetown.gov.za" />
+	<target host="resource.capetown.gov.za" />
+	<target host="resourceqa.capetown.gov.za" />
+	<target host="rtms.capetown.gov.za" />
+	<target host="signin.capetown.gov.za" />
+	<target host="signin1.capetown.gov.za" />
+	<target host="smartcape.capetown.gov.za" />
+	<target host="tct.capetown.gov.za" />
+	<target host="tctedc.capetown.gov.za" />
+	<target host="transport.capetown.gov.za" />
+	<target host="transportedc.capetown.gov.za" />
+	<target host="vendors.capetown.gov.za" />
+	<target host="vendorsedc.capetown.gov.za" />
+	<target host="web1.capetown.gov.za" />
+	<target host="web1cdc.capetown.gov.za" />
+	<target host="web1edc.capetown.gov.za" />
+	<target host="web1tst.capetown.gov.za" />
+	<target host="web2.capetown.gov.za" />
+	<target host="webmail.capetown.gov.za" />
+	<target host="webmailtst.capetown.gov.za" />
+	<target host="webtst.capetown.gov.za" />
+	<target host="ws1edc.capetown.gov.za" />
+	<target host="ws2edc.capetown.gov.za" />
+	<target host="wwwcdc.capetown.gov.za" />
+	<target host="wwwedc.capetown.gov.za" />
+	<target host="wwwqa.capetown.gov.za" />
+	<target host="wwwqa2013.capetown.gov.za" />
+	<target host="wwwqacdc.capetown.gov.za" />
+	<target host="wwwqaedc.capetown.gov.za" />
+	<target host="wwwtst.capetown.gov.za" />
+	<target host="xsp.capetown.gov.za" />
+	<target host="xsp1.capetown.gov.za" />
+	<target host="xtrack.capetown.gov.za" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Capital-One-Connect.xml b/src/chrome/content/rules/Capital-One-Connect.xml
deleted file mode 100644
index ddc278159a48..000000000000
--- a/src/chrome/content/rules/Capital-One-Connect.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<ruleset name="Capital One Connect">
-
-	<target host="capitaloneconnect.*" />
-	<target host="www.capitaloneconnect.*" />
-
-
-	<securecookie host="^www\.capitaloneconnect\.\w{3,4}$" name=".*" />
-
-
-	<!--	Cert doesn't match !www.	-->
-	<rule from="^https?://(?:www\.)?capitaloneconnect\.(biz|com|info|net|org)/"
-		to="https://www.capitaloneconnect.$1/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/CapitalOne.com.xml b/src/chrome/content/rules/CapitalOne.com.xml
new file mode 100644
index 000000000000..eb380df47c09
--- /dev/null
+++ b/src/chrome/content/rules/CapitalOne.com.xml
@@ -0,0 +1,66 @@
+<!--
+	Mismatched subdomains:
+	- diamondevents
+	- frapplication
+	- investor
+	- maps
+
+	No TLS:
+	- growthventures
+	- press
+	- www.application
+
+	Always 4xx:
+	- application
+	- application1
+	- application2
+	- frapplication
+	- frapplication1
+	- frapplication2
+
+	Incomplete certificate chain:
+	- findmycard
+	- preferences
+
+	Expired certificate:
+	- travelrewardspn
+
+	Dropped:
+	- login.capitalone.com
+	- login1.capitalone.com
+	- login2.capitalone.com
+-->
+<ruleset name="CapitalOne.com">
+	<target host="capitalone.com" />
+	<target host="www.capitalone.com" />
+
+	<target host="ane.capitalone.com" />
+	<target host="apply.capitalone.com" />
+	<target host="campus.capitalone.com" />
+	<target host="community.capitalone.com" />
+	<target host="content.capitalone.com" />
+	<target host="creditwise.capitalone.com" />
+	<target host="dealernavigator.capitalone.com" />
+	<target host="developer.capitalone.com" />
+	<target host="frtextmessaging.capitalone.com" />
+	<target host="frservicing.capitalone.com" />
+	<target host="fssso.capitalone.com" />
+	<target host="fssso1.capitalone.com" />
+	<target host="fssso2.capitalone.com" />
+	<target host="hlblog.capitalone.com" />
+	<target host="hudsonsbay.capitalone.com" />
+	<target host="jobs.capitalone.com" />
+	<target host="loanhub.capitalone.com" />
+	<target host="loanhub2.capitalone.com" />
+	<target host="mortgages.capitalone.com" />
+	<target host="p2ppayments.capitalone.com" />
+	<target host="sakscanada.capitalone.com" />
+	<target host="securedcards.capitalone.com" />
+	<target host="services2.capitalone.com" />
+	<target host="servicing.capitalone.com" />
+	<target host="sparkbusiness.capitalone.com" />
+	<target host="verified.capitalone.com" />
+	<target host="wwwbeta2.capitalone.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CapitalOne360.com.xml b/src/chrome/content/rules/CapitalOne360.com.xml
new file mode 100644
index 000000000000..9fd4cbc15b59
--- /dev/null
+++ b/src/chrome/content/rules/CapitalOne360.com.xml
@@ -0,0 +1,20 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://secure.capitalone360.com/ => https://secure.capitalone360.com/: (28, 'Operation timed out after 30000 milliseconds with 0 bytes received')
+
+-->
+<ruleset name="Capitalone360.com" default_off="failed ruleset test">
+  <target host="capitalone360.com" />
+
+  <target host="helpcenter.capitalone360.com" />
+  <target host="home.capitalone360.com" />
+  <target host="images.capitalone360.com" />
+  <target host="secure.capitalone360.com" />
+  <target host="solutionsfinder.capitalone360.com" />
+  <target host="stats.capitalone360.com" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
+
+
diff --git a/src/chrome/content/rules/Capitaller.ru.xml b/src/chrome/content/rules/Capitaller.ru.xml
new file mode 100644
index 000000000000..d2fd69e19ac7
--- /dev/null
+++ b/src/chrome/content/rules/Capitaller.ru.xml
@@ -0,0 +1,29 @@
+<!--
+	For other WebMoney coverage, see WebMoney.xml.
+
+
+	Insecure cookies are set for these hosts:
+
+		- capitaller.ru
+		- www.capitaller.ru
+
+-->
+<ruleset name="Capitaller.ru">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="capitaller.ru" />
+	<target host="www.capitaller.ru" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?capitaller\.ru$" name="^(?:ASP\.NET_SessionId|Language)$" /-->
+
+	<securecookie host="^(?:www\.)?capitaller\.ru$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Capn_Proto.org.xml b/src/chrome/content/rules/Capn_Proto.org.xml
new file mode 100644
index 000000000000..15b826d9452c
--- /dev/null
+++ b/src/chrome/content/rules/Capn_Proto.org.xml
@@ -0,0 +1,28 @@
+<!--
+	For other Sandstorm.io coverage, see Sandstorm.io.xml.
+
+
+	Insecure cookies are set for these domains:
+
+		.capnproto.org
+
+-->
+<ruleset name="Capn Proto.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="capnproto.org" />
+	<target host="www.capnproto.org" />
+
+
+	<!--	CloudFlare cookies
+					-->
+	<!--securecookie host="^\.capnproto\.org$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.capnproto\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Capstone-engine.org.xml b/src/chrome/content/rules/Capstone-engine.org.xml
new file mode 100644
index 000000000000..69ac41f1dbfe
--- /dev/null
+++ b/src/chrome/content/rules/Capstone-engine.org.xml
@@ -0,0 +1,11 @@
+<!--
+	Mismatched:
+		- capstone-engine.org
+-->
+<ruleset name="Capstone-engine.org">
+	<target host="capstone-engine.org" />
+	<target host="www.capstone-engine.org" />
+
+	<rule from="^http://capstone-engine\.org/" to="https://www.capstone-engine.org/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Captchas.net.xml b/src/chrome/content/rules/Captchas.net.xml
new file mode 100644
index 000000000000..c56b924c717d
--- /dev/null
+++ b/src/chrome/content/rules/Captchas.net.xml
@@ -0,0 +1,17 @@
+<!--
+	Fully covered hosts in *captchas.net:
+
+		- image
+
+-->
+<ruleset name="captchas.net">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="image.captchas.net" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Captura-Group.xml b/src/chrome/content/rules/Captura-Group.xml
deleted file mode 100644
index 9a470f1c7265..000000000000
--- a/src/chrome/content/rules/Captura-Group.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--	!functional:
-		- (app|blog).measuredvoice.com
--->
-<ruleset name="Captura Group (partial)" platform="mixedcontent">
-
-	<target host="measuredvoice.com"/>
-	<target host="www.measuredvoice.com"/>
-
-	<securecookie host="^(www\.)?measuredvoice\.com$" name=".*"/>
-
-	<!--	also hosted on www, but be kind and point to CDN	-->
-	<rule from="^http://cdn\.measuredvoice\.com/"
-		to="https://s3.amazonaws.com/cdn.measuredvoice.com/"/>
-
-	<rule from="^http://(www\.)?measuredvoice\.com/(favicon\.ico|img/|wp-content/)"
-		to="https://$1measuredvoice.com/$2"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Capwiz.com.xml b/src/chrome/content/rules/Capwiz.com.xml
index bdff526fd64c..42200671396a 100644
--- a/src/chrome/content/rules/Capwiz.com.xml
+++ b/src/chrome/content/rules/Capwiz.com.xml
@@ -7,10 +7,13 @@
 -->
 <ruleset name="capwiz.com (partail)">
 
-	<target host="*.capwiz.com" />
+	<!--	Direct rewrites:
+				-->
+	<target host="secureffs.capwiz.com" />
+	<target host="secureimages.capwiz.com" />
 
 
-	<rule from="^http://secure(ff|image)s\.capwiz\.com/"
-		to="https://secure$1s.capwiz.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Car.com.xml b/src/chrome/content/rules/Car.com.xml
new file mode 100644
index 000000000000..64ce32a29506
--- /dev/null
+++ b/src/chrome/content/rules/Car.com.xml
@@ -0,0 +1,84 @@
+<!--
+	Nonfunctional hosts in *car.com:
+
+		- ^ ¹
+		- www ²
+
+	¹ Dropped
+	² 504
+
+
+	Partially covered hosts in *car.com:
+
+		- dealers *
+
+	* Avoiding broken MCB
+
+
+	Fully covered hosts in *car.com:
+
+		- finance
+		- img
+		- loans
+		- static
+		- test-www
+
+
+	Insecure cookies are set for these hosts:
+
+		- dealers.car.com
+		- finance.car.com
+		- loans.car.com
+
+
+	Mixed content:
+
+		- css, on dealers from $self *
+
+		- Images, on:
+
+			- dealers from $self *
+			- dealers from images.autobytel.com *
+
+		- Ads/bugs on dealers from idcs.interclick.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Car.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="dealers.car.com" />
+	<target host="finance.car.com" />
+	<target host="img.car.com" />
+	<target host="loans.car.com" />
+	<target host="static.car.com" />
+	<target host="test-www.car.com" />
+
+		<exclusion pattern="^http://dealers\.car\.com/+(?![Cc]ontent/|favicon.ico)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://dealers.car.com/bmw" />
+			<test url="http://dealers.car.com/ppc/hyundai" />
+			<test url="http://dealers.car.com/privacy" />
+
+			<!--	-ve:
+					-->
+			<test url="http://dealers.car.com/Content/Images/CarCom/2_r1_c1_s1.jpg" />
+			<test url="http://dealers.car.com/favicon.ico" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(dealers|loans)\.car\.com$" name="^(\.ASPXANONYMOUS|ASP\.NET_SessionId|atpweb|device_detect)$" /-->
+	<!--securecookie host="^finance\.car\.com$" name="^(CFCLIENT_FINANCE|CFGLOBALS|CFID|CFTOKEN|LOCAL_SOURCE_ID|MENU|SESSIONID|SRC|finweb)$" /-->
+
+	<securecookie host="^(?:finance|loans)\.car\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CarAdvice.xml b/src/chrome/content/rules/CarAdvice.xml
index e57131151067..f893658e96b6 100644
--- a/src/chrome/content/rules/CarAdvice.xml
+++ b/src/chrome/content/rules/CarAdvice.xml
@@ -1,10 +1,19 @@
-<ruleset name="CarAdvice">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://caradvice.com.au/ => https://caradvice.com.au/: (7, 'Failed to connect to caradvice.com.au port 443: Connection refused')
+
+Automatically by https-everywhere-checker because:
+Fetch error: http://caradvice.com.au/ => https://caradvice.com.au/: (7, 'Failed to connect to caradvice.com.au port 443: Connection refused')
+-->
+<ruleset name="CarAdvice" default_off="failed ruleset test">
 
 	<target host="caradvice.com.au" />
-	<target host="*.caradvice.com.au" />
+	<target host="cdn.caradvice.com.au" />
+	<target host="www.caradvice.com.au" />
 
 
-	<rule from="^https?://(?:cdn\.|(www\.))?caradvice\.com\.au/"
+	<rule from="^http://(?:cdn\.|(www\.))?caradvice\.com\.au/"
 		to="https://$1caradvice.com.au/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/CarKeySolutions.ca.xml b/src/chrome/content/rules/CarKeySolutions.ca.xml
new file mode 100644
index 000000000000..e60c4b8cd1a7
--- /dev/null
+++ b/src/chrome/content/rules/CarKeySolutions.ca.xml
@@ -0,0 +1,6 @@
+<ruleset name="CarKeySolutions.ca">
+	<target host="carkeysolutions.ca" />
+	<target host="www.carkeysolutions.ca" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CarProMods.com.xml b/src/chrome/content/rules/CarProMods.com.xml
index 9906e8c4bf1c..6016cab7f512 100644
--- a/src/chrome/content/rules/CarProMods.com.xml
+++ b/src/chrome/content/rules/CarProMods.com.xml
@@ -1,7 +1,7 @@
 <ruleset name="CarProMods.com">
 
 	<target host="carpromods.com" />
-	<target host="*.carpromods.com" />
+	<target host="www.carpromods.com" />
 
 
 	<securecookie host="^(?:www)?\.carpromods\.com$" name=".+" />
diff --git a/src/chrome/content/rules/Carasutra.co.uk.xml b/src/chrome/content/rules/Carasutra.co.uk.xml
new file mode 100644
index 000000000000..d293bc9b9f7f
--- /dev/null
+++ b/src/chrome/content/rules/Carasutra.co.uk.xml
@@ -0,0 +1,21 @@
+<!--
+	Mixed content:
+
+		- css from code.jquery.com *
+		- Images from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Cara Sutra.co.uk">
+
+	<target host="carasutra.co.uk" />
+	<target host="www.carasutra.co.uk" />
+
+
+	<securecookie host="^\.carasutra\.co\.uk$" name="^__cfduid$" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CaravanOfHope.lgbt.xml b/src/chrome/content/rules/CaravanOfHope.lgbt.xml
new file mode 100644
index 000000000000..72c191237181
--- /dev/null
+++ b/src/chrome/content/rules/CaravanOfHope.lgbt.xml
@@ -0,0 +1,8 @@
+<ruleset name="CaravanOfHope.lgbt">
+	<target host="caravanofhope.lgbt" />
+	<target host="www.caravanofhope.lgbt" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Carbonfund.org.xml b/src/chrome/content/rules/Carbonfund.org.xml
index 5c1d9efdae0e..85d7b4bdba7d 100644
--- a/src/chrome/content/rules/Carbonfund.org.xml
+++ b/src/chrome/content/rules/Carbonfund.org.xml
@@ -19,7 +19,6 @@
 	<securecookie host="^(?:www\.)?carbonfund\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?carbonfund\.org/"
-		to="https://$1carbonfund.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Carbonmade.xml b/src/chrome/content/rules/Carbonmade.xml
index 3a2301151b91..7f6f498e45c9 100644
--- a/src/chrome/content/rules/Carbonmade.xml
+++ b/src/chrome/content/rules/Carbonmade.xml
@@ -1,4 +1,9 @@
 <!--
+	Other Carbonmade rulesets:
+
+		- CmCDN.net.xml
+
+
 	CDN buckets:
 
 		- d1gyuuidj3lauh.cloudfront.net
@@ -9,46 +14,42 @@
 
 			- media.cmcdn.net
 
+		- cmmedia.a.ssl.fastly.net
+		- cmsites.a.ssl.fastly.net
 
-	Partially covered domains:
 
-		- (www.)carbonmade.com
+	Fully covered hosts in *carbonmade.com:
 
-			- These paths redirect to http:
+		- (www.)?
+		- descience06
+		- descience07
 
-				- $
-				- about$
-				- portfolios$
-				- terms$
 
-			- These don't
+	Insecure cookies are set for these hosts:
 
-				- blog$
-				- examples$
-				- img/
-				- rescues/
-				- passwordresets/
-				- privacy$
-				- signin/
-				- signup/
-				- why$
+		- carbonmade.com
+		- descience06.carbonmade.com
+		- descience07.carbonmade.com
 
 -->
-<ruleset name="Carbonmade (partial)">
+<ruleset name="Carbonmade.com">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="carbonmade.com" />
+	<target host="descience06.carbonmade.com" />
+	<target host="descience07.carbonmade.com" />
 	<target host="www.carbonmade.com" />
-		<exclusion pattern="^http://(?:www\.)?carbonmade\.com/(?:$|\?|about|portfolio|terms)" />
-	<target host="*.cmcdn.net" />
 
 
-	<rule from="^http://(www\.)?carbonmade\.com/"
-		to="https://$1carbonmade.com/" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(descience0[67]\.)?carbonmade\.com$" name="^_cid$" /-->
+
+	<securecookie host="^(?:descience0\d\.)?carbonmade\.com$" name=".+" />
 
-	<rule from="^https?://media\.cmcdn\.net/"
-		to="https://d2tbi97h020xxe.cloudfront.net/" />
 
-	<rule from="^https?://s\.cmcdn\.net/"
-		to="https://d1gyuuidj3lauh.cloudfront.net/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Carbonwind.net.xml b/src/chrome/content/rules/Carbonwind.net.xml
index 7bc0e30e972a..c0d41222458a 100644
--- a/src/chrome/content/rules/Carbonwind.net.xml
+++ b/src/chrome/content/rules/Carbonwind.net.xml
@@ -1,10 +1,16 @@
-<ruleset name="Carbonwind.net" platform="mixedcontent">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://carbonwind.net/ => https://carbonwind.net/: (35, 'Unknown SSL protocol error in connection to carbonwind.net:443 ')
+Fetch error: http://www.carbonwind.net/ => https://www.carbonwind.net/: (35, 'Unknown SSL protocol error in connection to www.carbonwind.net:443 ')
+
+-->
+<ruleset name="Carbonwind.net" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="carbonwind.net" />
 	<target host="www.carbonwind.net" />
 
 
-	<rule from="^http://(www\.)?carbonwind\.net/"
-		to="https://$1carbonwind.net/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/CardCash.com.xml b/src/chrome/content/rules/CardCash.com.xml
index e9a23999ca54..7ad76e82c3cc 100644
--- a/src/chrome/content/rules/CardCash.com.xml
+++ b/src/chrome/content/rules/CardCash.com.xml
@@ -1,13 +1,12 @@
 <ruleset name="CardCash.com">
 
 	<target host="cardcash.com" />
-	<target host="*.cardcash.com" />
+	<target host="www.cardcash.com" />
 
 
 	<securecookie host="^\.(?:www\.)?cardcash\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?cardcash\.com/"
-		to="https://$1cardcash.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Cardiff-University-mismatches.xml b/src/chrome/content/rules/Cardiff-University-mismatches.xml
deleted file mode 100644
index a76af7ab2979..000000000000
--- a/src/chrome/content/rules/Cardiff-University-mismatches.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	For rules that are on by default, see Cardiff-University.xml.
-
--->
-<ruleset name="Cardiff University (mismatches)" default_off="mismatch, self-signed">
-
-	<target host="docs.cs.cf.ac.uk" />
-	<target host="www.law.cf.ac.uk" />
-
-
-	<!--	- docs.cs cert: www.cs
-		- //law.cf doesn't exist
-		- law cert is self-signed
-					-->
-	<rule from="^http://(docs\.cs|www\.law)\.cf\.ac\.uk/"
-		to="https://$1.cf.ac.uk/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Cardiff-University.xml b/src/chrome/content/rules/Cardiff-University.xml
index aa71e0866eb2..78786cc9bcdb 100644
--- a/src/chrome/content/rules/Cardiff-University.xml
+++ b/src/chrome/content/rules/Cardiff-University.xml
@@ -1,69 +1,77 @@
 <!--
-	For problematic rules, see Cardiff-University-mismatches.xml.
-
-
-	Nonfunctional domains:
-
-		- (www.)caerdydd.ac.uk	(401)
-
-		- cardiff.ac.uk subdomains:
-
-			- $
-			- courses	(times out)
-			- events	(ssl_error_rx_record_too_long)
-			- librarysearch	(http & https data differ)
-			- www		(401)
-
-		- cf.ac.uk subdomains:
-
-			- cymraeg.cs		(cert: www.cs; redirects there)
-			- dogfennaeth.cs	(cert: www.cs; redirects there)
-			- (www.)engineering
-			- innovation.engineering
-			- news.engineering
-			- (www.)e-shop
-			- www.mec		(!www doesn't exist)
+  Redirect
+    - cardiffnetwork.cf.ac.uk -> cs.cf.ac.uk
+
+	Non-functional hosts in *.cf.ac.uk
+		Couldn't connect to server:
+			 - cs.cf.ac.uk
+			 - engin.cf.ac.uk
+			 - engineering.cf.ac.uk
+			 - innovation.engineering.cf.ac.uk
+			 - news.engineering.cf.ac.uk
+			 - www.engineering.cf.ac.uk
+			 - www.mec.cf.ac.uk
+
+  Timeout
+    - webmail.cf.ac.uk
+
+		SSL connect error:
+			 - claws.cf.ac.uk
+
+		SSL peer certificate was not OK:
+			 - cf.ac.uk
+			 - www.cf.ac.uk
+			 - cymraeg.cs.cf.ac.uk
+			 - dogfennaeth.cs.cf.ac.uk
+
+		4xx client error:
+			 - lawstudent.cf.ac.uk (require auth)
+
+ 		Secure connection redirects to plaintext:
+			 - www.law.cf.ac.uk
+
+	Non-functional hosts in *.cardiff.ac.uk
+		Couldn't connect to server:
+			 - jobs.cardiff.ac.uk
+			 - library.cardiff.ac.uk
+       - cardiffnetwork.cf.ac.uk
+
+		SSL connect error:
+			 - events.cardiff.ac.uk
+       - cs.cf.ac.uk
+       - engin.cf.ac.uk
+
+		SSL peer certificate was not OK:
+			 - courses.cardiff.ac.uk
+			 - librarysearch.cardiff.ac.uk
+			 - www.astro.cardiff.ac.uk
+			 - learningcentral.cardiff.ac.uk
+
+		Peer certificate cannot be authenticated with given CA certificates:
+			 - surveys.cardiff.ac.uk
+			 - www.surveys.cardiff.ac.uk
 -->
 <ruleset name="Cardiff University (partial)">
-
-	<target host="*.cardiff.ac.uk" />
-	<target host="www.*.cardiff.ac.uk" />
-	<target host="*.cf.ac.uk" />
-	<target host="www.*.cf.ac.uk" />
-	<target host="*.cs.cf.ac.uk" />
-
-
-	<!---	Avoid cross-domain cookies.	-->
-	<securecookie host="^\w[\w\.]+\.c(ardif?)f\.ac\.uk$" name=".*" />
-
-
-	<!--	- Cert only matches www.astro.cf
-		- Data appear identical for cardiff & cf
-		- !www doesn't exist for either
-				-->
-	<rule from="^https?://www\.astro\.c(?:ardif)?f\.ac\.uk/"
-		to="https://www.astro.cf.ac.uk/" />
-
-	<rule from="^http://library\.cardiff\.ac\.uk/"
-		to="https://library.cardiff.ac.uk/" />
-
-	<!--	Cert only matches www.surveys	-->
-	<rule from="^https?://(?:www\.)?surveys\.cardiff\.ac\.uk/"
-		to="https://www.surveys.cardiff.ac.uk/" />
-
-	<rule from="^http://(cardiffmail|claws|webmail\.cs|lawstudent|portal|pwm-mwe|static)\.cf\.ac\.uk/"
-		to="https://$1.cf.ac.uk/" />
-
-	<!--	- Cert doesn't match //cardiffnetwork
-		- Cert doesn't match //cs
-		- //engin doesn't work over https
-		- //engin redirects to www.engin over http
-				-->
-	<rule from="^https?://(?:www\.)?(cardiffnetwork|cs|engin)\.cf\.ac\.uk/"
-		to="https://www.$1.cf.ac.uk/" />
-
-	<!--	Cert is only valid for cf.	-->
-	<rule from="^https?://learningcentral\.c(?:ardif)?f\.ac\.uk/"
-		to="https://learningcentral.cf.ac.uk/" />
-
+	<!-- cardiff.ac.uk (complications) -->
+	<target host="www.astro.cardiff.ac.uk" />
+
+	<rule from="^http://www\.astro\.cardiff\.ac\.uk/"
+			to="https://www.astro.cf.ac.uk/" />
+
+	<!-- cardiff.ac.uk -->
+	<target host="cardiff.ac.uk" />
+	<target host="www.cardiff.ac.uk" />
+	<target host="intranet.cardiff.ac.uk" />
+	<target host="sites.cardiff.ac.uk" />
+
+	<!-- cf.ac.uk -->
+	<target host="www.astro.cf.ac.uk" />
+	<target host="docs.cs.cf.ac.uk" />
+	<target host="www.cs.cf.ac.uk" />
+	<target host="learningcentral.cf.ac.uk" />
+	<target host="static.cf.ac.uk" />
+		<test url="http://static.cf.ac.uk/cfui/1.8.2/img/logo.png" />
+
+	<rule from="^http:"
+			to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/CardsAgainstHumanityStopsTheWall.com.xml b/src/chrome/content/rules/CardsAgainstHumanityStopsTheWall.com.xml
new file mode 100644
index 000000000000..1e41423cb26b
--- /dev/null
+++ b/src/chrome/content/rules/CardsAgainstHumanityStopsTheWall.com.xml
@@ -0,0 +1,11 @@
+<!--
+	Related ruleset: Cards_Against_Humanity.com.xml
+-->
+<ruleset name="CardsAgainstHumanityStopsTheWall.com">
+	<target host="cardsagainsthumanitystopsthewall.com" />
+	<target host="www.cardsagainsthumanitystopsthewall.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Cards_Against_Humanity.com.xml b/src/chrome/content/rules/Cards_Against_Humanity.com.xml
new file mode 100644
index 000000000000..cc1bc2427553
--- /dev/null
+++ b/src/chrome/content/rules/Cards_Against_Humanity.com.xml
@@ -0,0 +1,29 @@
+<!--
+	Other Cards Against Humanity rulesets:
+
+		- CardsAgainstHumanityStopsTheWall.com.xml
+		- HolidayBullshit.com.xml
+
+
+	Insecure cookies are set for these domains:
+
+		- store.cardsagainsthumanity.com
+
+-->
+<ruleset name="Cards Against Humanity.com">
+
+	<target host="cardsagainsthumanity.com" />
+	<target host="store.cardsagainsthumanity.com" />
+	<target host="www.cardsagainsthumanity.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^store\.cardsagainsthumanity\.com$" name="^(_CAHStore_session|XSRF-TOKEN)$" /-->
+
+	<securecookie host="^store\.cardsagainsthumanity\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Care-Net.org.xml b/src/chrome/content/rules/Care-Net.org.xml
new file mode 100644
index 000000000000..50892e7f1b4a
--- /dev/null
+++ b/src/chrome/content/rules/Care-Net.org.xml
@@ -0,0 +1,16 @@
+<!--
+	Non-functional hosts
+		Timeout was reached:
+		- care-net.org
+-->
+<ruleset name="Care Net">
+	<target host="care-net.org" />
+	<target host="www.care-net.org" />
+	<target host="donate.care-net.org" />
+
+	<rule from="^http://care-net\.org/"
+		to="https://www.care-net.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Care-Net.xml b/src/chrome/content/rules/Care-Net.xml
deleted file mode 100644
index 774e03cae23b..000000000000
--- a/src/chrome/content/rules/Care-Net.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-	store		(expired certificate; automatically
-			redirects HTTP to HTTPS)
--->
-<ruleset name="Care Net">
-	<target host="care-net.org" />
-	<target host="www.care-net.org" />
-
-	<securecookie host="^www\.care-net\.org$"
-			name=".+" />
-
-	<rule from="^(http://(www\.)?|https://)care-net\.org/"
-		to="https://www.care-net.org/" />
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Care2.com.xml b/src/chrome/content/rules/Care2.com.xml
index b343b57584f8..c68a5ceb2fa3 100644
--- a/src/chrome/content/rules/Care2.com.xml
+++ b/src/chrome/content/rules/Care2.com.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://care2.com/ => https://www.care2.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
 	CDN buckets:
 
 		- care2.simplyhired.com
@@ -25,7 +29,7 @@
 		- volunteer	(→ www)
 
 -->
-<ruleset name="Care2.com">
+<ruleset name="Care2.com" default_off="failed ruleset test">
 
 	<target host="care2.com" />
 	<target host="*.care2.com" />
@@ -52,4 +56,4 @@
 	<rule from="^http://volunteer\.care2\.com/[^\?]*(\?.*)?"
 		to="https://www.care2.com/volunteer$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Carecareers.com.au.xml b/src/chrome/content/rules/Carecareers.com.au.xml
index 91c10f583446..bc57cd794bb6 100644
--- a/src/chrome/content/rules/Carecareers.com.au.xml
+++ b/src/chrome/content/rules/Carecareers.com.au.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://jobs.carecareers.com.au/ => https://jobs.carecareers.com.au/: (60, 'SSL certificate problem: certificate has expired')
+
 	Nonfunctional subdomains:
 
 		- (www.)	(http reply)
@@ -16,7 +20,7 @@
 	* Secured by us, doesn't trip MCB anyway
 
 -->
-<ruleset name="Carecareers.com.au (partial)">
+<ruleset name="Carecareers.com.au (partial)" default_off="failed ruleset test">
 
 	<target host="jobs.carecareers.com.au" />
 
@@ -24,7 +28,6 @@
 	<securecookie host="^jobs\.carecareers\.com\.au$" name=".+" />
 
 
-	<rule from="^http://jobs\.carecareers\.com\.au/"
-		to="https://jobs.carecareers.com.au/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Career.ru.xml b/src/chrome/content/rules/Career.ru.xml
new file mode 100644
index 000000000000..656d6aac5dd8
--- /dev/null
+++ b/src/chrome/content/rules/Career.ru.xml
@@ -0,0 +1,9 @@
+<ruleset name="Career.ru">
+
+	<target host="career.ru" />
+	<target host="www.career.ru" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CareerBuilder.xml b/src/chrome/content/rules/CareerBuilder.xml
index 803e02af7562..8aa677162c9b 100644
--- a/src/chrome/content/rules/CareerBuilder.xml
+++ b/src/chrome/content/rules/CareerBuilder.xml
@@ -1,23 +1,119 @@
-<ruleset name="CareerBuilder (partial)" platform="mixedcontent">
 
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://aol.careerbuilder.com/ => https://aol.careerbuilder.com/: (6, 'Could not resolve host: aol.careerbuilder.com')
+
+	Other CareerBuilder rulesets:
+
+		- careerbuilder.co.uk.xml
+		- careerbuilder.no.xml
+		- careerbuildercareers.com.xml
+		- icbdr.com.xml
+
+
+	CDN buckets:
+
+		- d23gwzhlslkz9a.cloudfront.net
+		- d30c0uivkwifa5.cloudfront.net
+
+
+	Nonfunctional hosts in *careerbuilder.com:
+
+		- www.college ʳ
+		- resources ʰ
+		- salary ʳ
+		- thehiringsite ʳ
+
+	ʰ Redirects to http
+	ʳ Refused
+
+
+	Problematic hosts in *careerbuilder.com:
+
+		- b2b ᵐ
+
+	ᵐ Pardot / mismatched
+
+
+	These altnames do not exist:
+
+		- atl.careerbuilder.com
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- .careerbuilder.com
+		- hiring.careerbuilder.com
+		- www.careerbuilder.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Bug on www from centro.pixel.ad
+
+-->
+<ruleset name="CareerBuilder.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
 	<target host="careerbuilder.com"/>
-	<target host="www.careerbuilder.com"/>
-	<target host="*.careerbuilder.co.uk" />
-	<target host="*.icbdr.com"/>
+	<target host="aol.careerbuilder.com" />
+	<target host="api.careerbuilder.com" />
+	<target host="coach.careerbuilder.com" />
+	<target host="edge.careerbuilder.com" />
+	<target host="employer.careerbuilder.com" />
+	<target host="hiring.careerbuilder.com" />
+	<target host="hiring-assets.careerbuilder.com" />
+	<target host="workat.careerbuilder.com" />
+	<target host="www.careerbuilder.com" />
+
+		<test url="http://hiring-assets.careerbuilder.com/media/attachments/careerbuilder-mini-1794.jpg" /><!--	1156 -->
+
+	<!--	Complications:
+				-->
+	<target host="b2b.careerbuilder.com" />
+
+		<exclusion pattern="^http://b2b\.careerbuilder\.com/(?!/*(?:$|\?|[els]/|emailPreference/|unsubscribe/|webmail/))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://b2b.careerbuilder.com/CandidateBehaviorWebinar" />
+			<test url="http://b2b.careerbuilder.com/CareerBuilder1trainingpage" />
+			<test url="http://b2b.careerbuilder.com/FebruaryTalentAdvisorWebinar" />
+			<test url="http://b2b.careerbuilder.com/SignUp" />
+			<test url="http://b2b.careerbuilder.com/TalentAdvisor" />
+			<test url="http://b2b.careerbuilder.com/april2015talentadvisorwebinar" />
+			<test url="http://b2b.careerbuilder.com/index.htm" />
+			<test url="http://b2b.careerbuilder.com/roadshows" />
+			<test url="http://b2b.careerbuilder.com/talentstreamrecruittrainingpage" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.careerbuilder\.com$" name="^(?:BID|CB_SID)$" /-->
+	<!--securecookie host="^hiring\.careerbuilder\.com$" name="^first_time_popup$" /-->
+	<!--securecookie host="^www\.careerbuilder\.com$" name="^_session_id$" /-->
+
+	<securecookie host="^\." name="^(?:__cfduid$|_ga|cf_clearance$)" />
+	<securecookie host="^(?!b2b\.)\w" name=".+" />
 
 
-	<securecookie host="^\.careerbuilder\.co\.uk$" name=".+" />
+	<!--	Redirect drops args and forward slash:
+							-->
+	<rule from="^http://b2b\.careerbuilder\.com/+(?:\?.*)?$"
+		to="https://www.careerbuilder.com/" />
 
+		<test url="http://b2b.careerbuilder.com/?" />
 
-	<rule from="^http://(www\.)?careerbuilder\.com/"
-		to="https://$1careerbuilder.com/"/>
+	<rule from="^http://b2b\.careerbuilder\.com/"
+		to="https://go.pardot.com/" />
 
-	<!--	Clients have unique subdomains.
-						-->
-	<rule from="^http://(\w+)\.careerbuilder\.co\.uk/"
-		to="https://$1.careerbuilder.co.uk/" />
+		<test url="http://b2b.careerbuilder.com/e/27812/cbforemployers/dcq1h/29948252" />
+		<test url="http://b2b.careerbuilder.com/l/27812/2014-09-08/sn3/27812/636/dhartleyrd.png" /><!--	43300 -->
 
-	<rule from="^http://(?:img|secure)\.icbdr\.com/"
-		to="https://secure.icbdr.com/"/>
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/CareerDean.com.xml b/src/chrome/content/rules/CareerDean.com.xml
new file mode 100644
index 000000000000..db95105897bd
--- /dev/null
+++ b/src/chrome/content/rules/CareerDean.com.xml
@@ -0,0 +1,19 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://careerdean.com/ => https://careerdean.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.careerdean.com/ => https://www.careerdean.com/: (28, 'Connection timed out after 20000 milliseconds')
+
+-->
+<ruleset name="CareerDean.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="careerdean.com" />
+	<target host="www.careerdean.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CareerPerfect.xml b/src/chrome/content/rules/CareerPerfect.xml
deleted file mode 100644
index ae06607e0b18..000000000000
--- a/src/chrome/content/rules/CareerPerfect.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<ruleset name="CareerPerfect">
-
-	<target host="careerperfect.com" />
-	<target host="*.careerperfect.com" />
-
-
-	<securecookie host="^\.careerperfect\.com$" name=".*" />
-
-
-	<!--	(www.) doesn't work over https.	-->
-	<rule from="^http://(?:secure\.|www\.)?careerperfect\.com/"
-		to="https://secure.careerperfect.com/" />
-
-	<rule from="^http://monsterres\.careerperfect\.com/(brands|content/(\d{4}\w?|images|trk-v1))/"
-		to="https://secure.careerperfect.com/$1/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Careerfoundry.com.xml b/src/chrome/content/rules/Careerfoundry.com.xml
new file mode 100644
index 000000000000..df331742106e
--- /dev/null
+++ b/src/chrome/content/rules/Careerfoundry.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Careerfoundry.com">
+  <target host="careerfoundry.com" />
+  <target host="www.careerfoundry.com" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Careers.fi.xml b/src/chrome/content/rules/Careers.fi.xml
deleted file mode 100644
index cc7b460e3d6a..000000000000
--- a/src/chrome/content/rules/Careers.fi.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="Careers.fi">
-  <target host="careers.fi"/>
-  <target host="www.careers.fi"/>
-  <rule from="^http://(www\.)?careers\.fi/" to="https://careers.fi/"/>
-</ruleset>
-<!-- Rule generated by HTTPS Finder 0.85 -->
\ No newline at end of file
diff --git a/src/chrome/content/rules/Carestream.com.xml b/src/chrome/content/rules/Carestream.com.xml
index 2155834e5407..85a0bbd6ed67 100644
--- a/src/chrome/content/rules/Carestream.com.xml
+++ b/src/chrome/content/rules/Carestream.com.xml
@@ -10,7 +10,7 @@
 <ruleset name="Carestream.com">
 
 	<target host="carestream.com" />
-	<target host="*.carestream.com" />
+	<target host="www.carestream.com" />
 
 
 	<securecookie host="^(?:www)?\.carestream\.com$" name=".+" />
@@ -19,4 +19,4 @@
 	<rule from="^http://(?:www\.)?carestream\.com/"
 		to="https://www.carestream.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Carezone.com.xml b/src/chrome/content/rules/Carezone.com.xml
deleted file mode 100644
index 217cf4986aee..000000000000
--- a/src/chrome/content/rules/Carezone.com.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!-- This rule was automatically generated based on an HSTS
-     preload rule in the Chromium browser.  See
-     https://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.h
-     for the list of preloads.  Sites are added to the Chromium HSTS
-     preload list on request from their administrators, so HTTPS should
-     work properly everywhere on this site.
-
-     Because Chromium and derived browsers automatically force HTTPS for
-     every access to this site, this rule applies only to Firefox. -->
-<ruleset name="Carezone.com" platform="firefox">
-<target host="carezone.com" />
-
-<securecookie host="^carezone\.com$" name=".+" />
-
-<rule from="^http://carezone\.com/" to="https://carezone.com/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Carezone.cz.xml b/src/chrome/content/rules/Carezone.cz.xml
new file mode 100644
index 000000000000..4e7bc98c62d9
--- /dev/null
+++ b/src/chrome/content/rules/Carezone.cz.xml
@@ -0,0 +1,15 @@
+<ruleset name="Carezone.cz">
+    <target host="carezone.cz" />
+    <target host="www.carezone.cz" />
+    <target host="admin.carezone.cz" />
+    <target host="mysql.carezone.cz" />
+    <target host="mail.carezone.cz" />
+    <target host="roundcube.carezone.cz" />
+    <target host="squirrel.carezone.cz" />
+
+    <securecookie host="^\.carezone\.cz$" name="^__utma$" />
+    <securecookie host="^\.carezone\.cz$" name="^__utmz$" />
+    <securecookie host="^admin\.carezone\.cz$" name="^session$" />
+
+    <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Cargo.xml b/src/chrome/content/rules/Cargo.xml
index 5873801b79bb..1997c05ab3a9 100644
--- a/src/chrome/content/rules/Cargo.xml
+++ b/src/chrome/content/rules/Cargo.xml
@@ -1,6 +1,18 @@
 <!--
 	CDN buckets:
 
+		- c573862.r62.cf0.rackcdn.com
+
+			- payload.cargocollective.com
+
+		- c3426892.r92.cf0.rackcdn.com
+
+			- payload50.cargocollective.com
+
+		- c3426897.r97.cf0.rackcdn.com
+
+			- payload54.cargocollective.com
+
 		- c3426899.r99.cf0.rackcdn.com
 
 			- payload56.cargocollective.com
@@ -9,14 +21,46 @@
 
 			- payload57.cargocollective.com
 
+		- c3434167.r67.cf0.rackcdn.com
+
+			- media.cargocollective.com
+
+		- c3452614.r14.cf0.rackcdn.com
+
+			- payload93.cargocollective.com
+
 		- c3452621.r21.cf0.rackcdn.com
 
 			- payload100.cargocollective.com
 
+		- 14dc5f4076479b5cedab-94c4d07712ffb0415e1a5357e32aaf70.r56.cf1.rackcdn.com
+
+			- payload296.cargocollective.com
+
+		- 17c03ece40efdab208da-3a9b57b1b9597fd75dd50c1708c7fa0c.r8.cf1.rackcdn.com
+
+			- payload277.cargocollective.com
+
+		- 3ee99a4d99cc6612cec3-afe7421badd138b05a2309c5cb228ad8.r80.cf1.rackcdn.com
+
+			- payload246.cargocollective.com
+
+		- 4716a3e1207fa032eadf-9086378b72655457e586fa5056c9274c.r8.cf1.rackcdn.com
+
+			- payload203.cargocollective.com
+
+		- 4cb35411cb45cfd77b32-f5d733f446c8fd08907dcac084aa95a3.r3.cf1.rackcdn.com
+
+			- payload158.cargocollective.com
+
 		- 5365791d8e35e1727236-7f9dfcc055df093645758908fe06f705.r37.cf1.rackcdn.com
 
 			- payload162.cargocollective.com
 
+		- 5e5d49cfdb379ce0c937-5f37aeb368ece0460243e4e3c4a03111.r13.cf1.rackcdn.com
+
+			- payload280.cargocollective.com
+
 		- 612d1a71230523df4fe9-4ee8e300510bcfe4f6b35103392d0b2b.r39.cf1.rackcdn.com
 
 			- payload169.cargocollective.com
@@ -25,16 +69,132 @@
 
 			- payload141.cargocollective.com
 
+		- 79374de44d5e7ecaf88a-2ad9d41db9c7ba36604c9612b6f92488.r32.cf1.rackcdn.com
+
+			- payload250.cargocollective.com
+
+		- 7c6429bafe722da2753b-014553dd10402f2cae583d2fc431df61.r85.cf1.rackcdn.com
+
+			- payload282.cargocollective.com
+
+		- 7e88561f37b025b9959e-f9c813036f1357060526fbfc879ecc04.r96.cf1.rackcdn.com
+
+			- payload200.cargocollective.com
+
+		- 7f110843eca5c0d3e385-4e08e849f3eae91ecc5304ca7a022f60.r16.cf1.rackcdn.com
+
+			- payload271.cargocollective.com
+
+		- 9817d040c26c7fc91c86-7067033f01f8681d3d26db1b869e7c13.r23.cf1.rackcdn.com
+
+			- payload291.cargocollective.com
+
+		- 9f20954c27db5d99940c-223557c9acb55198baff86c90a7b5e16.r26.cf1.rackcdn.com
+
+			- payload263.cargocollective.com
+
+		- a4ce430392986aec9cfc-443e219c85814104c662bd85fe98ae82.r78.cf1.rackcdn.com
+
+			- payload180.cargocollective.com
+
+		- a506586f092ca126898c-4779b67baf4ae2f3b1add8bb236f618f.r19.cf1.rackcdn.com
+
+			- payload120.cargocollective.com
+
+		- aa0c5e4ad94186b7d1ff-c47c05f42ae1f5ff6f44beac40165734.r12.cf1.rackcdn.com
+
+			- payload294.cargocollective.com
+
+		- c961e2a037a0257122b6-069ed874dcd6a73d3851c1620da864a4.r96.cf1.rackcdn.com
 
-	Nonfunctional subdomains:
+			- payload216.cargocollective.com
 
-		- (www.)	(refused)
+		- d12d30d30b94662cf1bf-d730a381cec30b09b6ffdde13fb218a6.r10.cf1.rackcdn.com
+
+			- payload174.cargocollective.com
+
+		- d3f85a14b915f530cfd8-341bc7b6089f1bf517cb1eb7488d0cf3.r11.cf1.rackcdn.com
+
+			- payload295.cargocollective.com
+
+		- d7b28b377c20485bcd1e-17badbe9072beed4090a37cfee2aeb9d.r69.cf1.rackcdn.com
+
+			- payload288.cargocollective.com
+
+		- dcac8aac4b6120e78f70-4816ed90d4cd9717520c758b10641d4f.r95.cf1.rackcdn.com
+
+			- payload287.cargocollective.com
+
+		- e2f0d7e1fc4fd5d3636b-5c5fc32a9669fba64977478aa8802799.r45.cf1.rackcdn.com
+
+			- payload215.cargocollective.com
+
+
+	Problematic subdomains:
+
+		- (www.) *
+
+	* Works; mixed css from payloud
 
 -->
 <ruleset name="Cargo (partial)">
 
-	<target host="*.cargocollective.com" />
+	<target host="cargocollective.com" />
+	<target host="www.cargocollective.com" />
+	<target host="media.cargocollective.com" />
+	<target host="payload.cargocollective.com" />
+	<target host="payload50.cargocollective.com" />
+	<target host="payload54.cargocollective.com" />
+	<target host="payload56.cargocollective.com" />
+	<target host="payload57.cargocollective.com" />
+	<target host="payload93.cargocollective.com" />
+	<target host="payload100.cargocollective.com" />
+	<target host="payload120.cargocollective.com" />
+	<target host="payload141.cargocollective.com" />
+	<target host="payload162.cargocollective.com" />
+	<target host="payload169.cargocollective.com" />
+	<target host="payload174.cargocollective.com" />
+	<target host="payload180.cargocollective.com" />
+	<target host="payload203.cargocollective.com" />
+	<target host="payload200.cargocollective.com" />
+	<target host="payload215.cargocollective.com" />
+	<target host="payload216.cargocollective.com" />
+	<target host="payload246.cargocollective.com" />
+	<target host="payload250.cargocollective.com" />
+	<target host="payload258.cargocollective.com" />
+	<target host="payload263.cargocollective.com" />
+	<target host="payload271.cargocollective.com" />
+	<target host="payload277.cargocollective.com" />
+	<target host="payload280.cargocollective.com" />
+	<target host="payload282.cargocollective.com" />
+	<target host="payload287.cargocollective.com" />
+	<target host="payload288.cargocollective.com" />
+	<target host="payload291.cargocollective.com" />
+	<target host="payload294.cargocollective.com" />
+	<target host="payload295.cargocollective.com" />
+	<target host="payload296.cargocollective.com" />
+		<!--
+			Avoid false/broken MCB:
+						-->
+		<!--exclusion pattern="^http://(www\.)?cargocollective\.com/(?!_css/|favicon\.ico|_gfx/|stylesheet/)" /-->
+
+
+	<rule from="^http://(www\.)?cargocollective\.com/(?=_css/|favicon\.ico|_gfx/|stylesheet/)"
+		to="https://$1cargocollective.com/" />
 
+	<!--	The cost of vanity...
+					-->
+	<rule from="^http://media\.cargocollective\.com/"
+		to="https://c3434167.ssl.cf0.rackcdn.com/" />
+
+	<rule from="^http://payload\.cargocollective\.com/"
+		to="https://c573862.ssl.cf0.rackcdn.com/" />
+
+	<rule from="^http://payload50\.cargocollective\.com/"
+		to="https://c3426892.ssl.cf0.rackcdn.com/" />
+
+	<rule from="^http://payload54\.cargocollective\.com/"
+		to="https://c3426897.ssl.cf0.rackcdn.com/" />
 
 	<rule from="^http://payload56\.cargocollective\.com/"
 		to="https://c3426899.ssl.cf0.rackcdn.com/" />
@@ -42,9 +202,15 @@
 	<rule from="^http://payload57\.cargocollective\.com/"
 		to="https://c3426900.ssl.cf0.rackcdn.com/" />
 
+	<rule from="^http://payload93\.cargocollective\.com/"
+		to="https://c3452614.ssl.cf0.rackcdn.com/" />
+
 	<rule from="^http://payload100\.cargocollective\.com/"
 		to="https://c3452621.ssl.cf0.rackcdn.com/" />
 
+	<rule from="^http://payload120\.cargocollective\.com/"
+		to="https://a506586f092ca126898c-4779b67baf4ae2f3b1add8bb236f618f.ssl.cf1.rackcdn.com/" />
+
 	<rule from="^http://payload141\.cargocollective\.com/"
 		to="https://7886f778086c061c4ea7-c166c3974f4551941b1742539f87878f.ssl.cf1.rackcdn.com/" />
 
@@ -54,4 +220,64 @@
 	<rule from="^http://payload169\.cargocollective\.com/"
 		to="https://612d1a71230523df4fe9-4ee8e300510bcfe4f6b35103392d0b2b.ssl.cf1.rackcdn.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http://payload174\.cargocollective\.com/"
+		to="https://d12d30d30b94662cf1bf-d730a381cec30b09b6ffdde13fb218a6.ssl.cf1.rackcdn.com/" />
+
+	<rule from="^http://payload180\.cargocollective\.com/"
+		to="https://a4ce430392986aec9cfc-443e219c85814104c662bd85fe98ae82.ssl.cf1.rackcdn.com/" />
+
+	<rule from="^http://payload203\.cargocollective\.com/"
+		to="https://4716a3e1207fa032eadf-9086378b72655457e586fa5056c9274c.ssl.cf1.rackcdn.com/" />
+
+	<rule from="^http://payload200\.cargocollective\.com/"
+		to="https://7e88561f37b025b9959e-f9c813036f1357060526fbfc879ecc04.ssl.cf1.rackcdn.com/" />
+
+	<rule from="^http://payload215\.cargocollective\.com/"
+		to="https://e2f0d7e1fc4fd5d3636b-5c5fc32a9669fba64977478aa8802799.ssl.cf1.rackcdn.com/" />
+
+	<rule from="^http://payload216\.cargocollective\.com/"
+		to="https://c961e2a037a0257122b6-069ed874dcd6a73d3851c1620da864a4.ssl.cf1.rackcdn.com/" />
+
+	<rule from="^http://payload246\.cargocollective\.com/"
+		to="https://3ee99a4d99cc6612cec3-afe7421badd138b05a2309c5cb228ad8.ssl.cf1.rackcdn.com/" />
+
+	<rule from="^http://payload250\.cargocollective\.com/"
+		to="https://79374de44d5e7ecaf88a-2ad9d41db9c7ba36604c9612b6f92488.ssl.cf1.rackcdn.com/" />
+
+	<rule from="^http://payload258\.cargocollective\.com/"
+		to="https://4cb35411cb45cfd77b32-f5d733f446c8fd08907dcac084aa95a3.ssl.cf1.rackcdn.com/" />
+
+	<rule from="^http://payload263\.cargocollective\.com/"
+		to="https://9f20954c27db5d99940c-223557c9acb55198baff86c90a7b5e16.ssl.cf1.rackcdn.com/" />
+
+	<rule from="^http://payload271\.cargocollective\.com/"
+		to="https://7f110843eca5c0d3e385-4e08e849f3eae91ecc5304ca7a022f60.ssl.cf1.rackcdn.com/" />
+
+	<rule from="^http://payload277\.cargocollective\.com/"
+		to="https://17c03ece40efdab208da-3a9b57b1b9597fd75dd50c1708c7fa0c.ssl.cf1.rackcdn.com/" />
+
+	<rule from="^http://payload280\.cargocollective\.com/"
+		to="https://5e5d49cfdb379ce0c937-5f37aeb368ece0460243e4e3c4a03111.ssl.cf1.rackcdn.com/" />
+
+	<rule from="^http://payload282\.cargocollective\.com/"
+		to="https://7c6429bafe722da2753b-014553dd10402f2cae583d2fc431df61.ssl.cf1.rackcdn.com/" />
+
+	<rule from="^http://payload287\.cargocollective\.com/"
+		to="https://dcac8aac4b6120e78f70-4816ed90d4cd9717520c758b10641d4f.ssl.cf1.rackcdn.com/" />
+
+	<rule from="^http://payload288\.cargocollective\.com/"
+		to="https://d7b28b377c20485bcd1e-17badbe9072beed4090a37cfee2aeb9d.ssl.cf1.rackcdn.com/" />
+
+	<rule from="^http://payload291\.cargocollective\.com/"
+		to="https://9817d040c26c7fc91c86-7067033f01f8681d3d26db1b869e7c13.ssl.cf1.rackcdn.com/" />
+
+	<rule from="^http://payload294\.cargocollective\.com/"
+		to="https://aa0c5e4ad94186b7d1ff-c47c05f42ae1f5ff6f44beac40165734.ssl.cf1.rackcdn.com/" />
+
+	<rule from="^http://payload295\.cargocollective\.com/"
+		to="https://d3f85a14b915f530cfd8-341bc7b6089f1bf517cb1eb7488d0cf3.ssl.cf1.rackcdn.com/" />
+
+	<rule from="^http://payload296\.cargocollective\.com/"
+		to="https://14dc5f4076479b5cedab-94c4d07712ffb0415e1a5357e32aaf70.ssl.cf1.rackcdn.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Carl_Zeiss.xml b/src/chrome/content/rules/Carl_Zeiss.xml
index 17b42438bf72..53c6fba3ef6a 100644
--- a/src/chrome/content/rules/Carl_Zeiss.xml
+++ b/src/chrome/content/rules/Carl_Zeiss.xml
@@ -1,32 +1,39 @@
 <!--
+	Carl Zeiss
+
+
 	Nonfunctional domains:
 
-		- www.zeiss.de		(shows www.zeiss.com)
+		- www.zeiss.de *
+
+	* Shows www.zeiss.com
 
 
 	Problematic domains:
 
-		- applications.zeiss.com	(mismatched, CN: www.zeiss.com)
+		- applications.zeiss.com *
+
+	* Mismatched, CN: www.zeiss.com
 
 
 	^zeiss.com doesn't exist.
 
 -->
-<ruleset name="Carl Zeiss (partial)">
+<ruleset name="Zeiss.com (partial)">
 
 	<target host="*.zeiss.com" />
 
 
-	<securecookie host="^.+\.zeiss\.com$" name=".+" />
-
+	<securecookie host=".+" name=".+"/>
 
-	<rule from="^http://(corporate|meditec|microscopy|www)\.zeiss\.com/"
-		to="https://$1.zeiss.com/" />
 
-	<rule from="^https?://applications\.zeiss\.com/\??$"
+	<rule from="^http://applications\.zeiss\.com/\??$"
 		to="https://corporate.zeiss.com/gateway/en_de/home.html" />
 
-	<rule from="^https?://applications\.zeiss\.com/(\w{16})/Index\?ReadForm"
-		to="https://www.zeiss.com/$1/Index?ReadForm" />
+	<rule from="^http://applications\.zeiss\.com/(?=\w{16}/Index\?ReadForm)"
+		to="https://www.zeiss.com/" />
+
+	<rule from="^http://(corporate|meditec|microscopy|www)\.zeiss\.com/"
+		to="https://$1.zeiss.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Carleton.ca.xml b/src/chrome/content/rules/Carleton.ca.xml
new file mode 100644
index 000000000000..76076d38b195
--- /dev/null
+++ b/src/chrome/content/rules/Carleton.ca.xml
@@ -0,0 +1,135 @@
+<!--
+	Carleton University
+
+
+	CDN buckets:
+
+		- cucustom.s3.amazonaws.com
+		- cuglobal.s3.amazonaws.com
+		- curesources.s3.amazonaws.com
+		- cuweb.s3.amazonaws.com
+
+
+	Nonfunctional subdomains:
+
+		- cuag ¹
+		- search
+		- slc ²
+		- sssc ²
+
+	¹ Refused
+	² 403
+
+
+	Problematic subdomains:
+
+		- ccsl *
+		- library *
+
+	* Cert only matches www.foo
+
+
+	Partially covered subdomains:
+
+		- alumni *
+		- events *
+		- graduate *
+		- newsroom *
+		- researchworks *
+		- sprott *
+
+	* Avoiding broken MCB
+
+
+	Fully covered subdomains:
+
+		- (www.)
+		- admissions
+		- apply
+		- (www.)ccsl	(^ → www)
+		- forms
+		- giving
+		- goravens
+		- gsapplications
+		- (www.)library	(^ → www)
+		- science
+		- (www.)scs
+		- students
+		- www1
+		- www2
+
+
+	Mixed content:
+
+		- css, on:
+
+			- alumni, graduate, newsroom, researchworks, sprott from cucustom.s3.amazonaws.com *
+			- events from $self *
+			- events from fonts.googleapis.com *
+
+		- Images, on:
+
+			- admissions from $self *
+			- alumni from $self *
+			- events from $self *
+			- graduate from $self *
+			- newsroom from $self *
+			- newsroom from cucustom.s3.amazonaws.com *
+			- researchworks from $self *
+			- science from $self *
+			- sprott from $self *
+
+		- favicon on events from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Carleton.ca (partial)">
+
+	<target host="carleton.ca" />
+	<target host="ccsl.carleton.ca" />
+	<target host="library.carleton.ca" />
+	<target host="www.ccsl.carleton.ca" />
+	<target host="www.library.carleton.ca" />
+	<target host="admissions.carleton.ca" />
+	<target host="alumni.carleton.ca" />
+	<target host="apply.carleton.ca" />
+	<target host="events.carleton.ca" />
+	<target host="forms.carleton.ca" />
+	<target host="giving.carleton.ca" />
+	<target host="goravens.carleton.ca" />
+	<target host="graduate.carleton.ca" />
+	<target host="gsapplications.carleton.ca" />
+	<target host="newsroom.carleton.ca" />
+	<target host="researchworks.carleton.ca" />
+	<target host="science.carleton.ca" />
+	<target host="scs.carleton.ca" />
+	<target host="www.scs.carleton.ca" />
+	<target host="sprott.carleton.ca" />
+	<target host="students.carleton.ca" />
+	<target host="www.carleton.ca" />
+	<target host="www1.carleton.ca" />
+	<target host="www2.carleton.ca" />
+		<!--
+			Avoid false/broken MCB:
+						-->
+		<exclusion pattern="^http://(?:alumni|graduate|newsroom|sprott)\.carleton\.ca/(?!wp-content/|wp-includes/)" />
+		<exclusion pattern="^http://events\.carleton\.ca/(?!cu_global/|wp-content/|wp-includes/)" />
+		<exclusion pattern="^http://researchworks\.carleton\.ca/(?!cu/wp-content/|cu/wp-includes/)" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^events\.carleton\.ca$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^gsapplications\.carleton\.ca$" name="^CU_FGPA_SESSID$" /-->
+	<!--securecookie host="^\.science\.carleton\.ca$" name="^SESS[0-9a-f]{32}$" /-->
+
+	<securecookie host="^(?:events|gsapplications)\.carleton\.ca$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?(ccsl|library)\.carleton\.ca/"
+		to="https://$1.carleton.ca/" />
+
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Carleton_College.xml b/src/chrome/content/rules/Carleton_College.xml
index 67977b5a3623..924b38a8018c 100644
--- a/src/chrome/content/rules/Carleton_College.xml
+++ b/src/chrome/content/rules/Carleton_College.xml
@@ -7,7 +7,9 @@
 <ruleset name="Carleton College">
 
 	<target host="carleton.edu" />
-	<target host="*.carleton.edu" />
+	<target host="webapps.acs.carleton.edu" />
+	<target host="apps.carleton.edu" />
+	<target host="www.carleton.edu" />
 
 
 	<securecookie host="^apps\.carleton\.edu$" name=".+" />
@@ -16,7 +18,6 @@
 	<rule from="^http://carleton\.edu/"
 		to="https://www.carleton.edu/" />
 
-	<rule from="^http://(webapps\.acs|apps|www)\.carleton\.edu/"
-		to="https://$1.carleton.edu/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Carlosprioglio.com.xml b/src/chrome/content/rules/Carlosprioglio.com.xml
index b0a6684f9ba2..adfca5c11602 100644
--- a/src/chrome/content/rules/Carlosprioglio.com.xml
+++ b/src/chrome/content/rules/Carlosprioglio.com.xml
@@ -1,9 +1,13 @@
-<ruleset name="carlosprioglio.com" default_off="mismatch">
+<ruleset name="carlosprioglio.com" default_off="mismatched">
 
-	<target host="carlosprioglio.com"/>
-	<target host="www.carlosprioglio.com"/>
+	<target host="carlosprioglio.com" />
+	<target host="www.carlosprioglio.com" />
 
-	<rule from="^http://(?:www\.)?carlosprioglio\.com/"
-		to="https://carlosprioglio.com/"/>
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Carlsbad.org.xml b/src/chrome/content/rules/Carlsbad.org.xml
new file mode 100644
index 000000000000..6e63f66c448c
--- /dev/null
+++ b/src/chrome/content/rules/Carlsbad.org.xml
@@ -0,0 +1,17 @@
+<!--
+	Mixed content:
+
+		- Ad from www.calchamber.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Carlsbad.org">
+
+	<target host="carlsbad.org" />
+	<target host="www.carlsbad.org" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CarltonBale.com.xml b/src/chrome/content/rules/CarltonBale.com.xml
index ec60a829649f..cb1cbe064035 100644
--- a/src/chrome/content/rules/CarltonBale.com.xml
+++ b/src/chrome/content/rules/CarltonBale.com.xml
@@ -9,7 +9,7 @@
 	<target host="s3.carltonbale.com" />
 
 
-	<rule from="^https?://s3\.carltonbale\.com/"
+	<rule from="^http://s3\.carltonbale\.com/"
 		to="https://d18oqavmcmo3u.cloudfront.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Carnegie-Institution-for-Science.xml b/src/chrome/content/rules/Carnegie-Institution-for-Science.xml
index 3b560b3eb1c4..6c04c4aacd6a 100644
--- a/src/chrome/content/rules/Carnegie-Institution-for-Science.xml
+++ b/src/chrome/content/rules/Carnegie-Institution-for-Science.xml
@@ -1,39 +1,63 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://vpn.carnegiescience.edu/ => https://vpn.carnegiescience.edu/: (7, 'Failed to connect to vpn.carnegiescience.edu port 443: No route to host')
+
 	Cert matches portal.carnegiescience.edu, but portal times out over both http & https.
 
+
+	Problematic domains:
+
+		- (www.)?ciw.edu *
+		- mail.ciw.edu (unreachable)
+		- hazen.gl.ciw.edu (invalid security certificate)
+
+	* Cert only matches carnegiescience.edu
+
+
+	Mixed content:
+
+		- iframes on carnegiescience.edu from www.youtube.com *
+
+		- Images, on:
+
+			- carnegiescience.edu from www.ciw.edu *
+			- carnegiescience.edu from img.youtube.com *
+
+	* Secured by us
+
 -->
-<ruleset name="Carnegie Institution for Science">
+<ruleset name="Carnegie Institution for Science (partial)" default_off="failed ruleset test">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="carnegiescience.edu" />
-	<target host="*.carnegiescience.edu" />
-	<!--	*s for cross-subdomain cookies.	-->
-	<target host="*.board.carnegiescience.edu" />
-	<target host="*.hr.carnegiescience.edu" />
+	<target host="cao.carnegiescience.edu" />
+	<target host="board.carnegiescience.edu" />
+	<target host="ghstatus.dge.carnegiescience.edu" />
+	<target host="hr.carnegiescience.edu" />
+	<target host="vpn.carnegiescience.edu" />
+	<target host="www.carnegiescience.edu" />
+
+	<target host="people.gl.ciw.edu" />
+	<target host="www.gl.ciw.edu" />
+
+	<!--	Complications:
+				-->
 	<target host="ciw.edu" />
-	<target host="*.ciw.edu" />
-	<target host="hazen.gl.ciw.edu" />
-	<!--	* for cross-domain cookie.	-->
-	<target host="*.hazen.gl.ciw.edu" />
-
+	<target host="www.ciw.edu" />
 
-	<securecookie host="^.*\.carnegiescience\.edu$" name=".*" />
-	<securecookie host="^(\.hazen\.gl|mail)\.ciw\.edu$" name=".*" />
-	<securecookie host="^\.gl\.ciw\.edu$" name=".+" />
 
+	<securecookie host=".*\.carnegiescience\.edu$" name=".+" />
+	<securecookie host="^(?:\.gl|\.hazen\.gl|mail)\.ciw\.edu$" name=".+" />
 
-	<rule from="^http://((?:board|hr|vpn|www)\.)?carnegiescience\.edu/"
-		to="https://$1carnegiescience.edu/" />
 
-	<!--	- Cert only matches carnegiescience.edu
-		- Redirects like so
-			-->
-	<rule from="^https?://(?:www\.)?ciw\.edu/"
+	<!--	Redirects like so:
+					-->
+	<rule from="^http://(?:www\.)?ciw\.edu/"
 		to="https://carnegiescience.edu/" />
 
-	<rule from="^http://(hazen|people|www)\.gl\.ciw\.edu/"
-		to="https://$1.gl.ciw.edu/" />
-
-	<rule from="^http://mail\.ciw\.edu/"
-		to="https://mail.ciw.edu/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Carnegie-Mellon-University-mismatches.xml b/src/chrome/content/rules/Carnegie-Mellon-University-mismatches.xml
index f33655eecc52..bdc54a24d98f 100644
--- a/src/chrome/content/rules/Carnegie-Mellon-University-mismatches.xml
+++ b/src/chrome/content/rules/Carnegie-Mellon-University-mismatches.xml
@@ -14,7 +14,6 @@
 		repository cookie is handled in Carnegie-Mellon-University.xml.	-->
 
 
-	<rule from="^http://(athletics|portal\.etc|repository)\.cmu\.edu/"
-		to="https://$1.cmu.edu/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Carnegie-Mellon-University.xml b/src/chrome/content/rules/Carnegie-Mellon-University.xml
index e1532e637c8b..a70643b2d189 100644
--- a/src/chrome/content/rules/Carnegie-Mellon-University.xml
+++ b/src/chrome/content/rules/Carnegie-Mellon-University.xml
@@ -4,6 +4,7 @@
 
 	Nonfunctional subdomains:
 
+		- sensor.andrew ¹
 		- lane.compbio
 		- bic.cs
 		- www.csd.cs
@@ -18,7 +19,9 @@
 		- search.library
 		- people		(CN: antman.srv.cs.cmu.edu; shows antman)
 		- (www.)frc.ri
+		- blog.sei ¹
 
+	¹ Refused
 	* Interrupted, hosted on Google
 	** different from ^link.cs.
 
@@ -43,6 +46,7 @@
 		- directory.andrew
 		- webiso.andrew
 		- www.andrew
+		- sparrow.ece
 		- www.ece
 		- users.ece
 		- cs
@@ -85,10 +89,18 @@
 		- ath-live.mts
 		- my
 		- www.ri
+		- (www.)sei
+		- resources.sei
 		- www.studentaffairs
 		- www
 
 
+	These altnames don't exist:
+
+		- www.sparrow.ece.cmu.edu
+		- www.resources.sei.cmu.edu
+
+
 	The following targets are present solely for cross-domain cookies:
 
 		- *.calendar.cs.cmu.edu
@@ -114,29 +126,123 @@
 <ruleset name="Carnegie Mellon University (partial)">
 
 	<target host="cmu.edu" />
-	<target host="*.cmu.edu" />
+	<target host="www.cmu.edu" />
+	<target host="andrew.cmu.edu" />
+	<target host="directory.andrew.cmu.edu" />
+	<target host="webiso.andrew.cmu.edu" />
+	<target host="cylab.cmu.edu" />
+	<target host="ece.cmu.edu" />
+	<target host="sparrow.ece.cmu.edu" />
+	<target host="users.ece.cmu.edu" />
+	<target host="cs.cmu.edu" />
+	<target host="calendar.cs.cmu.edu" />
+	<target host="ccc12.cs.cmu.edu" />
+	<target host="csadmins.cs.cmu.edu" />
+	<target host="cleese.cs.cmu.edu" />
+	<target host="www-dev.csd.cs.cmu.edu" />
+	<target host="cups.cs.cmu.edu" />
+	<target host="fac.cs.cmu.edu" />
+	<target host="heinz.cs.cmu.edu" />
+	<target host="link.cs.cmu.edu" />
+	<target host="lti.cs.cmu.edu" />
+	<target host="ath-live.mts.cs.cmu.edu" />
+	<target host="news.cs.cmu.edu" />
+	<target host="olympus.cs.cmu.edu" />
+	<target host="dev.olympus.cs.cmu.edu" />
+	<target host="wonderwoman.olympus.cs.cmu.edu" />
+	<target host="origami.qolt.cs.cmu.edu" />
+	<target host="sites.cs.cmu.edu" />
+	<target host="antman.srv.cs.cmu.edu" />
+	<target host="gambit.srv.cs.cmu.edu" />
+	<target host="innovation.srv.cs.cmu.edu" />
+	<target host="mailman.srv.cs.cmu.edu" />
+	<target host="webbuild-web1.srv.cs.cmu.edu" />
+	<target host="trust.cs.cmu.edu" />
+	<target host="ptest1-userpool.web.cs.cmu.edu" />
+	<target host="ptest2-userpool.web.cs.cmu.edu" />
+	<target host="ptest3-userpool.web.cs.cmu.edu" />
+	<target host="ptest4-userpool.web.cs.cmu.edu" />
+	<target host="webbuild.web.cs.cmu.edu" />
+	<target host="webapps.cs.cmu.edu" />
+	<target host="wiki.cs.cmu.edu" />
+	<target host="women.cs.cmu.edu" />
+	<target host="www-2.cs.cmu.edu" />
+	<target host="www-dev.cs.cmu.edu" />
+	<target host="xia.cs.cmu.edu" />
+	<target host="lunchdelivery.hcii.cmu.edu" />
+	<target host="libwebspace.library.cmu.edu" />
+	<target host="my.cmu.edu" />
+	<target host="ri.cmu.edu" />
+	<target host="sei.cmu.edu" />
+	<target host="resources.sei.cmu.edu" />
+	<target host="www.sei.cmu.edu" />
+	<target host="studentaffairs.cmu.edu" />
+	<target host="www.andrew.cmu.edu" />
+	<target host="www.directory.andrew.cmu.edu" />
+	<target host="www.webiso.andrew.cmu.edu" />
+	<target host="www.cylab.cmu.edu" />
+	<target host="www.ece.cmu.edu" />
+	<target host="www.sparrow.ece.cmu.edu" />
+	<target host="www.users.ece.cmu.edu" />
+	<target host="www.cs.cmu.edu" />
+	<target host="www.calendar.cs.cmu.edu" />
+	<target host="www.ccc12.cs.cmu.edu" />
+	<target host="www.csadmins.cs.cmu.edu" />
+	<target host="www.cleese.cs.cmu.edu" />
+	<target host="www.www-dev.csd.cs.cmu.edu" />
+	<target host="www.cups.cs.cmu.edu" />
+	<target host="www.fac.cs.cmu.edu" />
+	<target host="www.heinz.cs.cmu.edu" />
+	<target host="www.link.cs.cmu.edu" />
+	<target host="www.lti.cs.cmu.edu" />
+	<target host="www.ath-live.mts.cs.cmu.edu" />
+	<target host="www.news.cs.cmu.edu" />
+	<target host="www.olympus.cs.cmu.edu" />
+	<target host="www.dev.olympus.cs.cmu.edu" />
+	<target host="www.wonderwoman.olympus.cs.cmu.edu" />
+	<target host="www.origami.qolt.cs.cmu.edu" />
+	<target host="www.sites.cs.cmu.edu" />
+	<target host="www.antman.srv.cs.cmu.edu" />
+	<target host="www.gambit.srv.cs.cmu.edu" />
+	<target host="www.innovation.srv.cs.cmu.edu" />
+	<target host="www.mailman.srv.cs.cmu.edu" />
+	<target host="www.webbuild-web1.srv.cs.cmu.edu" />
+	<target host="www.trust.cs.cmu.edu" />
+	<target host="www.webbuild.web.cs.cmu.edu" />
+	<target host="www.webapps.cs.cmu.edu" />
+	<target host="www.wiki.cs.cmu.edu" />
+	<target host="www.women.cs.cmu.edu" />
+	<target host="www.www-2.cs.cmu.edu" />
+	<target host="www.www-dev.cs.cmu.edu" />
+	<target host="www.xia.cs.cmu.edu" />
+	<target host="www.lunchdelivery.hcii.cmu.edu" />
+	<target host="www.libwebspace.library.cmu.edu" />
+	<target host="www.my.cmu.edu" />
+	<target host="www.ri.cmu.edu" />
+	<target host="www.resources.sei.cmu.edu" />
+	<target host="www.www.sei.cmu.edu" />
+	<target host="www.studentaffairs.cmu.edu" />
+	<target host="webuild-web2.srv.cs.cmu.edu" />
+	<target host="etc.cmu.edu" />
+	<target host="www.etc.cmu.edu" />
 		<!--exclusion pattern="^http://(?:www\.)?heinz\.cmu\.edu/(?!~\w+/|image\.aspx|images/|js/|res/|social\.html)" /-->
 		<exclusion pattern="^http://(?:www\.)?heinz\.cmu\.edu/(?!image).+\.aspx(?:$|\?)" />
 
 
-	<securecookie host="^.*\.cmu\.edu$" name=".*" />
+	<securecookie host="^.*\.cmu\.edu$" name=".+" />
 
 
-	<rule from="^http://(www\.)?cmu\.edu/"
-		to="https://$1cmu.edu/" />
 
-	<rule 
-from="^http://(www\.)?((?:directory\.|webiso\.)?andrew|cylab|ece|users\.ece|(?:(?:calendar|ccc12|csadmins|cleese|www-dev\.csd|cups|fac|heinz|link|lti|ath-live\.mts|news|(?:dev\.|wonderwoman\.)?olympus|origami\.qolt|sites|(?:antman|gambit|innovation|mailman|webbuild-web1)\.srv|trust|(?:ptest[1-4]-userpool|webbuild)\.web|webapps|wiki|women|www-2|www-dev|xia)\.)?cs|lunchdelivery\.hcii|libwebspace\.library|my|ri|studentaffairs)\.cmu\.edu/"
-		to="https://$1$2.cmu.edu/" />
 
 	<!--	Appears identical.
 					-->
-	<rule from="^https?://webuild-web2\.srv\.cs\.cmu\.edu/"
+	<rule from="^http://webuild-web2\.srv\.cs\.cmu\.edu/"
 		to="https://webuild-web1.srv.cs.cmu.edu/" />
 
 	<!--	Cert only matches www.
 					-->
-	<rule from="^https?://(?:www\.)?etc\.cmu\.edu/"
+	<rule from="^http://(?:www\.)?etc\.cmu\.edu/"
 		to="https://www.etc.cmu.edu/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Carousell.com.xml b/src/chrome/content/rules/Carousell.com.xml
new file mode 100644
index 000000000000..efc3cbfcd864
--- /dev/null
+++ b/src/chrome/content/rules/Carousell.com.xml
@@ -0,0 +1,62 @@
+<!--
+	Nonfunctional hosts in *carousell.com:
+
+		- careers *
+		- contact *
+
+	* Redirects to http
+
+
+	Problematic hosts in *carousell.com:
+
+		- help *
+
+	* Mismatched
+
+
+	Fully covered hosts in *carousell.com:
+
+		- (www.)?
+		- id
+		- my
+		- sg
+		- tw
+		- us
+
+
+	Insecure cookies are set for these hosts:
+
+		- carousell.com
+		- help.carousell.com
+		- id.carousell.com
+		- my.carousell.com
+		- sg.carousell.com
+		- tw.carousell.com
+		- us.carousell.com
+
+-->
+<ruleset name="Carousell.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="carousell.com" />
+	<target host="id.carousell.com" />
+	<target host="my.carousell.com" />
+	<target host="sg.carousell.com" />
+	<target host="tw.carousell.com" />
+	<target host="us.carousell.com" />
+	<target host="www.carousell.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(id\.|my\.|sg\.|tw\.|us\.)?carousell\.com$" name="^akamaru_session$" /-->
+	<!--securecookie host="^help.carousell.com$" name="^PLAY_SESSION$" /-->
+
+	<securecookie host="^(?:id\.|my\.|sg\.|tw\.|us\.)?carousell\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Carphone_Warehouse.com.xml b/src/chrome/content/rules/Carphone_Warehouse.com.xml
new file mode 100644
index 000000000000..0be0bb21a56d
--- /dev/null
+++ b/src/chrome/content/rules/Carphone_Warehouse.com.xml
@@ -0,0 +1,85 @@
+<!--
+	Other Carphone Warehouse rulesets:
+
+
+
+	Nonfunctional hosts in *carphonewarehouse.com:
+
+		- images *
+    - m.carphonewarehouse.com
+    - selfhelp.carphonewarehouse.com
+
+	* 403
+
+
+	Problematic hosts in *carphonewarehouse.com:
+
+		- metrics ᵐ
+
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .carphonewarehouse.com
+		- .business.carphonewarehouse.com
+		- selfhelp.carphonewarehouse.com
+
+
+	Mixed content:
+
+		- Images on selfhelp from media.phonehouse.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Carphone Warehouse.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="carphonewarehouse.com" />
+	<target host="business.carphonewarehouse.com" />
+	<target host="www.carphonewarehouse.com" />
+
+	<!--	Complications:
+				-->
+	<target host="metrics.carphonewarehouse.com" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://(?:www\.)?carphonewarehouse\.com/(?:basket$|mobiles/trade-in$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://(?:www\.)?carphonewarehouse\.com/(?!cpwtrade\.css|favicon\.ico)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://carphonewarehouse.com/basket" />
+			<test url="http://www.carphonewarehouse.com/help-support" />
+			<test url="http://www.carphonewarehouse.com/mobiles/trade-in" />
+			<test url="http://www.carphonewarehouse.com/support/track-a-repair" />
+
+			<!--	-ve:
+					-->
+			<test url="http://carphonewarehouse.com/cpwtrade.css" />
+			<test url="http://www.carphonewarehouse.com/favicon.ico" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.business\.carphonewarehouse\.com$" name="^cp(?:cic|cv|fv|vc)$" /-->
+	<!--securecookie host="^selfhelp\.carphonewarehouse\.com$" name="^JSESSIONID$" /-->
+
+	<securecookie host="^\." name="^s_v" />
+	<securecookie host="^(?!m\.|www\.)\w" name=".+" />
+	<securecookie host="^\.business\." name=".+" />
+
+
+	<rule from="^http://metrics\.carphonewarehouse\.com/"
+		to="https://carphonewarehouse.sc.omtrdc.net/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CarrefourSA.com.xml b/src/chrome/content/rules/CarrefourSA.com.xml
new file mode 100644
index 000000000000..9ac24811d1e0
--- /dev/null
+++ b/src/chrome/content/rules/CarrefourSA.com.xml
@@ -0,0 +1,32 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- www.carrefoursa.com
+
+
+	Mixed content:
+
+		- Images from img-carrefour.mncdn.com *
+
+	* Secured by us
+
+-->
+<ruleset name="CarrefourSA.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="carrefoursa.com" />
+	<target host="www.carrefoursa.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.carrefoursa\.com$" name="^(?:JSESSIONID|ROUTEID|carrefoursasccartid)$" /-->
+
+	<securecookie host="^www\.carrefoursa\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Carrier-lost.org.xml b/src/chrome/content/rules/Carrier-lost.org.xml
new file mode 100644
index 000000000000..df6c1c5b7a8a
--- /dev/null
+++ b/src/chrome/content/rules/Carrier-lost.org.xml
@@ -0,0 +1,9 @@
+<ruleset name="carrier-lost.org">
+
+	<target host="carrier-lost.org" />
+	<target host="www.carrier-lost.org" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cars.com.xml b/src/chrome/content/rules/Cars.com.xml
new file mode 100644
index 000000000000..54934cb6fd38
--- /dev/null
+++ b/src/chrome/content/rules/Cars.com.xml
@@ -0,0 +1,66 @@
+<!--
+	Other Cars.com rulesets:
+
+		- Cstatic-graphics.com.xml
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- www.cars.com
+		- .www.cars.com
+
+-->
+<ruleset name="Cars.com (partial)">
+
+	<target host="cars.com" />
+	<target host="car-pictures.cars.com" />
+	<target host="graphics.cars.com" />
+	<target host="images.cars.com" />
+	<target host="www.cars.com" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="http://www\.cars\.com/land-rover$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="http://www\.cars\.com/+(?!$|\?|[\w-]+/(?:image|cs)s/|css/|favicon\.ico|images/|static/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.cars.com/about/" />
+			<test url="http://www.cars.com/careers/" />
+			<test url="http://www.cars.com/go/compare/index.jsp" />
+			<test url="http://www.cars.com/go/compare/modelCompare.jsp?myids=14741" />
+			<test url="http://www.cars.com/land-rover" />
+			<test url="http://www.cars.com/land-rover/freelander/" />
+			<test url="http://www.cars.com/land-rover/range-rover-sport/2014/" />
+			<test url="http://www.cars.com/mercedes-benz/glc-class/2016/" />
+			<test url="http://www.cars.com/mobile/" />
+			<test url="http://www.cars.com/reviews/" />
+			<test url="http://www.cars.com/sell/fraud/overview/" />
+			<test url="http://www.cars.com/sitemap/" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.cars.com/compare/images/NOIMAGE_CARSCOM_COMPARE.gif" />
+			<test url="http://www.cars.com/core/css/cars/new-global-nav.css" />
+			<test url="http://www.cars.com/crp/images/autodata_logo.gif" />
+			<test url="http://www.cars.com/css/cars/widgets.css" />
+			<test url="http://www.cars.com/favicon.ico" />
+			<test url="http://www.cars.com/images/core/google-logo.png" />
+			<test url="http://www.cars.com/static/www/dev/app/images/search-icon.png" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.cars\.com$" name="^(?:BIGipServer\w+|JSESSIONID|rollout)$" /-->
+	<!--securecookie host="^\.www\.cars\.com$" name="^affiliate$" /-->
+
+	<securecookie host="^\.www\.cars\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Carsabi.com.xml b/src/chrome/content/rules/Carsabi.com.xml
index c7ad2cc9905b..61ac081a63dc 100644
--- a/src/chrome/content/rules/Carsabi.com.xml
+++ b/src/chrome/content/rules/Carsabi.com.xml
@@ -6,7 +6,7 @@
 		- d3szzl4n9i78ez.cloudfront.net
 
 -->
-<ruleset name="Carsabi.com" default_off="mismatch">
+<ruleset name="Carsabi.com" default_off="mismatched">
 
 	<!--	Cert: *.heroku.com
 					-->
@@ -14,10 +14,10 @@
 	<target host="www.carsabi.com" />
 
 
-	<securecookie host="^carsabi\.com$" name=".*" />
+	<securecookie host="^carsabi\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?carsabi\.com/"
+	<rule from="^http://(?:www\.)?carsabi\.com/"
 		to="https://carsabi.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/CarterCenter.org-mismatches.xml b/src/chrome/content/rules/CarterCenter.org-mismatches.xml
deleted file mode 100644
index e53d70c2e88f..000000000000
--- a/src/chrome/content/rules/CarterCenter.org-mismatches.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<!--	See CarterCenter.org.xml also
--->
-<ruleset name="CarterCenter.org (mismatches)" default_off="Certificate mismatch">
-
-	<target host="blog.cartercenter.org" />
-
-	<rule from="^http://blog\.cartercenter\.org/"
-		to="https://blog.cartercenter.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/CarterCenter.org.xml b/src/chrome/content/rules/CarterCenter.org.xml
index db6f7a92e0e2..8d5d6657114d 100644
--- a/src/chrome/content/rules/CarterCenter.org.xml
+++ b/src/chrome/content/rules/CarterCenter.org.xml
@@ -1,24 +1,106 @@
-<!--	See CarterCenter.org-mismatches.xml also
+<!--
+	 Nonfunctional hosts in *cartercenter.org:
 
+		- blog ʰ
+		- donate ᵃ
+		- electionstandards ⁵
+		- forumonwomen ᵈ
+		- legacycircle ⁴
 
-	 subdomains:
+	⁴ 404
+	⁵ 503
+	ᵈ Dropped
+	ʰ Redirects to http
 
-		- donate	(shows secure3; mismatched, CN: secure3.convio.net)
+
+	 Problematic hosts in *cartercenter.org:
+
+		- auction ᵐ
+		- forumonwomenblog ᵐ ᵀ
+		- interns ᵉ ᵐ ˢ
+
+	ᵀ Blocks Tor users
+	ᵃ Shows secure3.convio.net, partially equivalent to secure3.../carter/
+	ᵉ Expired
+	ᵐ Mismatched
+	ˢ Self-signed
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- alumni.cartercenter.org
+		- eos.cartercenter.org
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css on alumni, interns from fonts.googleapis.com ˢ
+		- Images on interns from $self
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="CarterCenter.org" platform="mixedcontent">
+<ruleset name="Carter Center.org (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="cartercenter.org" />
-	<target host="*.cartercenter.org" />
+	<target host="alumni.cartercenter.org" />
+	<target host="eos.cartercenter.org" />
+	<target host="internapply.cartercenter.org" />
+	<target host="video.cartercenter.org" />
+	<target host="www.cartercenter.org" />
+
+	<!--	Complications:
+				-->
+	<target host="donate.cartercenter.org" />
+
+		<!--	Redirects to donate.cartercenter.org:
+								-->
+		<!--exclusion pattern="^http://donate\.cartercenter\.org/site/(?:(?:CO|Calendar/\d|Ecard|MessageViewer|PageServer|R)\?|Survey$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://donate\.cartercenter\.org/(?!$|\?|site/(?:PageServer$|(?:Donation2|SPageNavigator|UserLogin(?:$|[?/]))))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://donate.cartercenter.org/site/CO?cid=0" />
+			<test url="http://donate.cartercenter.org/site/Calendar/271847557" />
+			<test url="http://donate.cartercenter.org/site/Ecard?ecard_id=1282" />
+			<test url="http://donate.cartercenter.org/site/MessageViewer?em_id=18741.0" />
+			<test url="http://donate.cartercenter.org/site/PageServer?pagename=birthday_wall_1" />
+			<test url="http://donate.cartercenter.org/site/PageServer?pagename=birthday_wall_10" />
+			<test url="http://donate.cartercenter.org/site/PageServer?pagename=birthday_wall_2" />
+			<test url="http://donate.cartercenter.org/site/PageServer?pagename=birthday_wall_3" />
+			<test url="http://donate.cartercenter.org/site/R" />
+			<test url="http://donate.cartercenter.org/site/Survey" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^alumni\.cartercenter\.org$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^eos\.cartercenter\.org$" name="^(?:_eos_session|request_method)$" /-->
+
+	<securecookie host="^\." name="^_ga" />
+	<securecookie host="^[^.d]" name=".+" />
 
 
-	<securecookie host="^(?:www\.)?cartercenter\.org$" name=".+" />
+	<!--	Redirect drops args:
+					-->
+	<rule from="^http://donate\.cartercenter\.org/(?:\?.*)?$"
+		to="https://secure3.convio.net/carter/site/PageServer" />
 
+	<rule from="^http://donate\.cartercenter\.org/"
+		to="https://secure3.convio.net/carter/" />
 
-	<rule from="^http://(www\.)?cartercenter\.org/"
-		to="https://$1cartercenter.org/" />
+		<test url="http://donate.cartercenter.org/site/Donation2?df_id=1220" />
+		<test url="http://donate.cartercenter.org/site/SPageNavigator/eCards" />
+		<test url="http://donate.cartercenter.org/site/UserLogin" />
 
-	<rule from="^http://donate\.cartercenter\.org/(?:site/PageServer)?(?:\?.*)?$"
-		to="https://cartercenter.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Carters.com.xml b/src/chrome/content/rules/Carters.com.xml
new file mode 100644
index 000000000000..f7eebf6edf7a
--- /dev/null
+++ b/src/chrome/content/rules/Carters.com.xml
@@ -0,0 +1,73 @@
+<!--
+	Other William Carter Company rulesets:
+
+		- Carters_OshLosh.Ca.xml
+		- OshKosh.com.xml
+
+
+	Problematic hosts in *carters.com:
+
+		- ^ ¹
+		- corporate ¹
+		- ir ²
+
+	¹ Revoked cert
+	² Mismatched
+
+
+	Fully covered hosts in *carters.com:
+
+		- (www.)?	(^ → www)
+		- supplier
+
+
+	These altnames don't exist:
+
+		- cdn.carters.com
+
+
+	Insecure cookies are set for these hosts:
+
+		- supplier.carters.com
+		- www.carters.com
+
+
+	Mixed content:
+
+		- css on ir from phx.corporate-ir.net
+
+		- Images, on:
+
+			- ir from media.corporate-ir.net
+			- ir from www.corporate-ir.net
+
+		- favicon on ir from demandware.edgesuite.net
+
+-->
+<ruleset name="Carters.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="supplier.carters.com" />
+	<target host="www.carters.com" />
+
+	<!--	Complications:
+				-->
+	<target host="carters.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^supplier\.carters\.com$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^www\.carters\.com$" name="^(currentSite|dwac_[a-9a-zA-Z]{32}|dwanonymous_[\da-f]{32}|dwpersonalization_[\da-f]{32}|dwsid|sid)$" /-->
+
+	<securecookie host="^(?:supplier|www)\.carters\.com$" name=".+" />
+
+
+	<rule from="^http://carters\.com/"
+		to="https://www.carters.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Carters_OshLosh.Ca.xml b/src/chrome/content/rules/Carters_OshLosh.Ca.xml
new file mode 100644
index 000000000000..67193b93c594
--- /dev/null
+++ b/src/chrome/content/rules/Carters_OshLosh.Ca.xml
@@ -0,0 +1,56 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.cartersoshkosh.ca/ => https://www.cartersoshkosh.ca/: Too many redirects while fetching 'https://www.cartersoshkosh.ca/'
+Fetch error: http://cartersoshkosh.ca/ => https://www.cartersoshkosh.ca/: Too many redirects while fetching 'https://www.cartersoshkosh.ca/'
+
+	For other William Carter Company coverage, see Carters.com.xml.
+
+
+	Problematic hosts in *cartersoshkosh.ca:
+
+		- ^ *
+
+	* Revoked cert
+
+
+	Fully covered hosts in *cartersoshkosh.ca:
+
+		- (www.)?	(^ → www)
+
+
+	These altnames don't exist:
+
+		- cdn.cartersoshkosh.ca
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.cartersoshkosh.ca
+
+-->
+<ruleset name="Carters OshLosh.Ca" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.cartersoshkosh.ca" />
+
+	<!--	Complications:
+				-->
+	<target host="cartersoshkosh.ca" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.cartersoshkosh\.ca$" name="^(dwac_[a-9a-zA-Z]{32}|dwanonymous_[\da-f]{32}|dwpersonalization_[\da-f]{32}|dwsid|sid)$" /-->
+
+	<securecookie host="^www\.cartersoshkosh\.ca$" name=".+" />
+
+
+	<rule from="^http://cartersoshkosh\.ca/"
+		to="https://www.cartersoshkosh.ca/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Casale-Media.xml b/src/chrome/content/rules/Casale-Media.xml
index 5bef468c2fdb..32f885990cd7 100644
--- a/src/chrome/content/rules/Casale-Media.xml
+++ b/src/chrome/content/rules/Casale-Media.xml
@@ -1,13 +1,49 @@
-<ruleset name="Casale Media (partial)">
+<!--
+	Connection refused:
+		 -	(www.)?casalemedia.com
 
-	<target host="*.casalemedia.com" />
+	Cert expired:
+		- system.casalemedia.com
 
+	Cert mismatch:
+		- as.casalemedia.com
+		- ip.casalemedia.com
+		- js.casalemedia.com
 
-	<!--securecookie host="^\.casalemedia\.com$" name="^(CMID|CMPS)" /-->
-	<securecookie host=".*\.casalemedia\.com$" name=".+" />
+	Self-signed cert:
+		- fwcs01.casalemedia.com
+-->
+<ruleset name="Casale Media.com (partial)" >
 
+	<!--	Direct rewrites:
+				-->
+	<target host="amp.casalemedia.com" />
+	<target host="as.casalemedia.com" />
+	<target host="as-sec.casalemedia.com" />
+	<target host="dsum.casalemedia.com" />
+	<target host="dsum-sec.casalemedia.com" />
+	<target host="ebda-us-east.casalemedia.com" />
+	<target host="ebda-us-west.casalemedia.com" />
+	<target host="ht.casalemedia.com" />
+	<target host="instream.casalemedia.com" />
+	<target host="ip.casalemedia.com" />
+	<target host="ip-sec.casalemedia.com" />
+	<target host="js.casalemedia.com" />
+	<target host="js-sec.casalemedia.com" />
+	<target host="outstream.casalemedia.com" />
+	<target host="r.casalemedia.com" />
+	<target host="r-sec.casalemedia.com" />
+	<target host="sdk.casalemedia.com" />
+	<target host="ssum.casalemedia.com" />
+	<target host="ssum-sec.casalemedia.com" />
+	<target host="woobi-eu.casalemedia.com" />
 
-	<rule from="^http://(r|system)\.casalemedia\.com/"
-		to="https://$1.casalemedia.com/" />
+	<securecookie host=".+" name=".+" />
+
+		<rule from="^http://(as|ip|js)\.casalemedia\.com/"
+		to="https://$1-sec.casalemedia.com/" />
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Casas_Communications_Engineering.xml b/src/chrome/content/rules/Casas_Communications_Engineering.xml
index ec1aedb7ba52..d03fa40d5228 100644
--- a/src/chrome/content/rules/Casas_Communications_Engineering.xml
+++ b/src/chrome/content/rules/Casas_Communications_Engineering.xml
@@ -1,10 +1,15 @@
-<ruleset name="Casas Communications Engineering" default_off="expired">
+<!--
+	Casas Communications Engineering
+
+-->
+<ruleset name="CCE.com">
 
 	<target host="cce.com" />
+	<target host="teresa.cce.com" />
 	<target host="www.cce.com" />
 
 
-	<rule from="^https?://(?:www\.)?cce\.com/"
-		to="https://cce.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Casascius.xml b/src/chrome/content/rules/Casascius.xml
deleted file mode 100644
index 7fcfe495f6cc..000000000000
--- a/src/chrome/content/rules/Casascius.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="Casascius">
-
-	<target host="casascius.com" />
-	<target host="www.casascius.com" />
-
-	<rule from="^http://(www\.)?casascius\.com/"
-		to="https://$1casascius.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Cascading_Media.com.xml b/src/chrome/content/rules/Cascading_Media.com.xml
new file mode 100644
index 000000000000..43e100beb029
--- /dev/null
+++ b/src/chrome/content/rules/Cascading_Media.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="Cascading Media.com">
+
+	<target host="cascadingmedia.com" />
+	<target host="www.cascadingmedia.com" />
+
+
+	<securecookie host="^\.cascadingmedia\.com$" name="^__cfduid$" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Case_Western_Reserve_University.xml b/src/chrome/content/rules/Case_Western_Reserve_University.xml
deleted file mode 100644
index 6ce0c153cd10..000000000000
--- a/src/chrome/content/rules/Case_Western_Reserve_University.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="Case Western Reserve University (partial)">
-
-	<target host="tiswww.case.edu" />
-	<target host="tiswww.cwru.edu" />
-
-
-	<rule from="^http://tiswww\.c(ase|wru)\.edu/"
-		to="https://tiswww.c$1.edu/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Caseking.biz.xml b/src/chrome/content/rules/Caseking.biz.xml
index 0877771b73a2..d8f5bb3e8bbd 100644
--- a/src/chrome/content/rules/Caseking.biz.xml
+++ b/src/chrome/content/rules/Caseking.biz.xml
@@ -2,5 +2,5 @@
   <target host="caseking.biz" />
   <target host="www.caseking.biz" />
 
-  <rule from="^http://(www\.)?caseking\.biz/" to="https://www.caseking.biz/" />
+  <rule from="^http://(?:www\.)?caseking\.biz/" to="https://www.caseking.biz/" />
 </ruleset>
diff --git a/src/chrome/content/rules/Caseking.de.xml b/src/chrome/content/rules/Caseking.de.xml
index 7495568232b5..88fe760cf301 100644
--- a/src/chrome/content/rules/Caseking.de.xml
+++ b/src/chrome/content/rules/Caseking.de.xml
@@ -5,7 +5,7 @@
 <ruleset name="Caseking.de">
 
 	<target host="caseking.de" />
-	<target host="*.caseking.de" />
+	<target host="www.caseking.de" />
 
 
 	<securecookie host="^(?:www)?\.caseking\.de$" name=".+" />
diff --git a/src/chrome/content/rules/Cases_Ladder.xml b/src/chrome/content/rules/Cases_Ladder.xml
index 883725e86383..4fa7f93ddd5a 100644
--- a/src/chrome/content/rules/Cases_Ladder.xml
+++ b/src/chrome/content/rules/Cases_Ladder.xml
@@ -13,4 +13,4 @@
 	<rule from="^http://((?:cdn-img|cgi\d?|img|plus\d|users|www)\.)?igl\.net/"
 		to="https://$1igl.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Casetext.com.xml b/src/chrome/content/rules/Casetext.com.xml
new file mode 100644
index 000000000000..4a632375c6ef
--- /dev/null
+++ b/src/chrome/content/rules/Casetext.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="casetext.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="casetext.com" />
+	<target host="www.casetext.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CashPlatoon.com.xml b/src/chrome/content/rules/CashPlatoon.com.xml
new file mode 100644
index 000000000000..00df3410a338
--- /dev/null
+++ b/src/chrome/content/rules/CashPlatoon.com.xml
@@ -0,0 +1,16 @@
+<!--
+	NB: Server sends no certificate chain, see https://whatsmychaincert.com
+
+-->
+<ruleset name="CashPlatoon.com" default_off="expired, missing certificate chain">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="cashplatoon.com" />
+	<target host="www.cashplatoon.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CashTravel.info.xml b/src/chrome/content/rules/CashTravel.info.xml
new file mode 100644
index 000000000000..432779cf66bf
--- /dev/null
+++ b/src/chrome/content/rules/CashTravel.info.xml
@@ -0,0 +1,18 @@
+<!--
+	Mismatched:
+		- cpanel.cashtravel.info
+		- dc-0d8baf09d865.cashtravel.info
+		- ns1.cashtravel.info
+		- ns2.cashtravel.info
+		- webdisk.cashtravel.info
+		- webmail.cashtravel.info
+		- whm.cashtravel.info
+-->
+<ruleset name="CashTravel.info">
+	<target host="cashtravel.info" />
+	<target host="www.cashtravel.info" />
+	<target host="mail.cashtravel.info" />
+	<target host="server.cashtravel.info" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Cash_for_Contracts.xml b/src/chrome/content/rules/Cash_for_Contracts.xml
index ea20a7a42f68..aefab97d38e1 100644
--- a/src/chrome/content/rules/Cash_for_Contracts.xml
+++ b/src/chrome/content/rules/Cash_for_Contracts.xml
@@ -8,13 +8,14 @@
 <ruleset name="Cash for Contracts" default_off="expired">
 
 	<target host="cashforcontracts.com" />
-	<target host="*.cashforcontracts.com" />
+	<target host="secure.cashforcontracts.com" />
+	<target host="www.cashforcontracts.com" />
 
 
 	<securecookie host="^secure\.cashforcontracts\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:secure\.|www\.)?cashforcontracts\.com/"
+	<rule from="^http://(?:secure\.|www\.)?cashforcontracts\.com/"
 		to="https://secure.cashforcontracts.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Cashback.co.uk.xml b/src/chrome/content/rules/Cashback.co.uk.xml
index 0aabd51dfe57..6c4fbc2b4833 100644
--- a/src/chrome/content/rules/Cashback.co.uk.xml
+++ b/src/chrome/content/rules/Cashback.co.uk.xml
@@ -1,16 +1,12 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- www.cashback.co.uk
+-->
 <ruleset name="Cashback.co.uk (partial)">
+	<target host="cashback.co.uk" />
+	<target host="www.cashback.co.uk" />
 
-	<target host="cashback.co.uk"/>
-	<target host="*.cashback.co.uk"/>
-		<!--	homepage redirects to http	-->
-		<exclusion pattern="http://www\.cashback\.co\.uk/$"/>
-
-	<rule from="^http://(secure\.|www\.)?cashback\.co\.uk/"
-		to="https://$1cashback.co.uk/"/>
-
-	<!--	stop site from sending us to a blank page.
-		site will redirect to http for us.	-->
-	<rule from="^https://secure\.cashback\.co\.uk/$"
-		to="https://www.cashback.co.uk/"/>
-
+	<rule from="^http://(www\.)?cashback\.co\.uk/"
+		  	to="https://cashback.co.uk/" />
 </ruleset>
diff --git a/src/chrome/content/rules/Cashback4you.xml b/src/chrome/content/rules/Cashback4you.xml
deleted file mode 100644
index 17c22e0b19f0..000000000000
--- a/src/chrome/content/rules/Cashback4you.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	For other QualityUnit coverage, see QualityUnit.xml.
-
--->
-<ruleset name="cashback4you">
-
-	<target host="cashback4you.de" />
-	<target host="www.cashback4you.de" />
-
-
-	<securecookie host="^(?:www\.)?cashback4you\.de$" name=".+" />
-
-
-	<rule from="^http://(www\.)?cashback4you\.de/"
-		to="https://$1cashback4you.de/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/CasinoAffiliatePrograms.xml b/src/chrome/content/rules/CasinoAffiliatePrograms.xml
index b4fd332bc39b..7685aa9f9e3f 100644
--- a/src/chrome/content/rules/CasinoAffiliatePrograms.xml
+++ b/src/chrome/content/rules/CasinoAffiliatePrograms.xml
@@ -1,11 +1,21 @@
-<ruleset name="CasinoAffiliatePrograms.com">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://casinoaffiliateprograms.com/ => https://casinoaffiliateprograms.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.casinoaffiliateprograms.com/ => https://casinoaffiliateprograms.com/: (60, 'SSL certificate problem: certificate has expired')
+
+Automatically by https-everywhere-checker because:
+Fetch error: http://casinoaffiliateprograms.com/ => https://casinoaffiliateprograms.com/: Cycle detected - URL already encountered: https://casinoaffiliateprograms.com/
+Fetch error: http://www.casinoaffiliateprograms.com/ => https://casinoaffiliateprograms.com/: Cycle detected - URL already encountered: https://casinoaffiliateprograms.com/
+-->
+<ruleset name="CasinoAffiliatePrograms.com" default_off="failed ruleset test">
 
 	<target host="casinoaffiliateprograms.com"/>
 	<target host="www.casinoaffiliateprograms.com"/>
 
-	<securecookie host="^www\.casinoaffiliateprograms\.com$" name=".*"/>
+	<securecookie host="^www\.casinoaffiliateprograms\.com$" name=".+" />
 
-	<rule from="^http://(www\.)?casinoaffiliateprograms\.com/"
+	<rule from="^http://(?:www\.)?casinoaffiliateprograms\.com/"
 		to="https://casinoaffiliateprograms.com/"/>
 
 </ruleset>
diff --git a/src/chrome/content/rules/CasinoEstrella.com.xml b/src/chrome/content/rules/CasinoEstrella.com.xml
index 97821422dd8f..858d3a841ae1 100644
--- a/src/chrome/content/rules/CasinoEstrella.com.xml
+++ b/src/chrome/content/rules/CasinoEstrella.com.xml
@@ -1,13 +1,12 @@
 <ruleset name="CasinoEstrella.com">
 
 	<target host="casinoestrella.com" />
-	<target host="*.casinoestrella.com" />
+	<target host="www.casinoestrella.com" />
 
 
 	<securecookie host="^(?:www)?\.casinoestrella\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?casinoestrella\.com/"
-		to="https://$1casinoestrella.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Caskstore.com.xml b/src/chrome/content/rules/Caskstore.com.xml
new file mode 100644
index 000000000000..6ba2015befd3
--- /dev/null
+++ b/src/chrome/content/rules/Caskstore.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Caskstore.com">
+  <target host="caskstore.com" />
+  <target host="www.caskstore.com" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Casper.com.xml b/src/chrome/content/rules/Casper.com.xml
new file mode 100644
index 000000000000..d081330c1e3a
--- /dev/null
+++ b/src/chrome/content/rules/Casper.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these domains: ᶜ
+
+		- .casper.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Casper.com">
+
+	<target host="casper.com" />
+	<target host="www.casper.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.casper\.com$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Casro.xml b/src/chrome/content/rules/Casro.xml
index 1647b1052acc..a2c6d1f28038 100644
--- a/src/chrome/content/rules/Casro.xml
+++ b/src/chrome/content/rules/Casro.xml
@@ -11,12 +11,12 @@
 
 	<target host="casro.org" />
 	<target host="www.casro.org" />
-		<exclusion pattern="^https?://(?:www\.)?casro\.org/(?:index\.cfm)?(?:$|\?)" />
+		<exclusion pattern="^http://(?:www\.)?casro\.org/(?:index\.cfm)?(?:$|\?)" />
 
 
-	<!--rule from="^https?://(?:www\.)?casro\.org/(.*\.c(?:fm|ss)(?:$|\?)|css/|images/|_img/|joining\.cfm|ISO/|member_directory_support/|members_area|techform/)"-->
+	<!--rule from="^http://(?:www\.)?casro\.org/(.*\.c(?:fm|ss)(?:$|\?)|css/|images/|_img/|joining\.cfm|ISO/|member_directory_support/|members_area|techform/)"-->
 
-	<rule from="^https?://(?:www\.)?casro\.org/"
+	<rule from="^http://(?:www\.)?casro\.org/"
 		to="https://www.casro.org/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/CassinoEstrela.xml b/src/chrome/content/rules/CassinoEstrela.xml
index e2d2b8443671..afdbad983b50 100644
--- a/src/chrome/content/rules/CassinoEstrela.xml
+++ b/src/chrome/content/rules/CassinoEstrela.xml
@@ -1,13 +1,21 @@
-<ruleset name="CassinoEstrela">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cassinoestrela.com/ => https://cassinoestrela.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.cassinoestrela.com/ => https://www.cassinoestrela.com/: (28, 'Connection timed out after 20000 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://cassinoestrela.com/ => https://cassinoestrela.com/: (35, 'error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol')
+-->
+<ruleset name="CassinoEstrela" default_off="failed ruleset test">
 
 	<target host="cassinoestrela.com" />
-	<target host="*.cassinoestrela.com" />
+	<target host="www.cassinoestrela.com" />
 
 
 	<securecookie host="^(?:www)?\.cassinoestrela\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?cassinoestrela\.com/"
-		to="https://$1cassinoestrela.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/CastRoller.xml b/src/chrome/content/rules/CastRoller.xml
deleted file mode 100644
index 9249ec22d73c..000000000000
--- a/src/chrome/content/rules/CastRoller.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	Nonfunctional castroller subdomains:
-
-		- (www.)
-		- blog
-		- sized
-
--->
-<ruleset name="CastRoller (partial)">
-
-	<target host="s.cstrlr.com" />
-
-
-	<rule from="^http://s\.cstrlr\.com/"
-		to="https://d231qji2e2hste.cloudfront.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Castel-Bayart.xml b/src/chrome/content/rules/Castel-Bayart.xml
deleted file mode 100644
index 8cd61fe2f9cd..000000000000
--- a/src/chrome/content/rules/Castel-Bayart.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	!www: cert only matches www
-
--->
-<ruleset name="Castel-Bayart">
-
-	<target host="castel-bayart.com" />
-	<target host="*.castel-bayart.com" />
-
-
-	<securecookie host="^w*\.castel-bayart\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?castel-bayart\.com/"
-		to="https://www.castel-bayart.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Castle-Technology.co.uk.xml b/src/chrome/content/rules/Castle-Technology.co.uk.xml
index f865cf0f5559..08ee4b7ecb94 100644
--- a/src/chrome/content/rules/Castle-Technology.co.uk.xml
+++ b/src/chrome/content/rules/Castle-Technology.co.uk.xml
@@ -1,13 +1,12 @@
 <ruleset name="Castle-Technology.co.uk">
 
 	<target host="castle-technology.co.uk" />
-	<target host="*.castle-technology.co.uk" />
+	<target host="www.castle-technology.co.uk" />
 
 
 	<securecookie host="^\.www\.castle-technology\.co\.uk$" name=".+" />
 
 
-	<rule from="^http://(www\.)?castle-technology\.co\.uk/"
-		to="https://$1castle-technology.co.uk/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Castlebridge.ie.xml b/src/chrome/content/rules/Castlebridge.ie.xml
new file mode 100644
index 000000000000..fa3942302457
--- /dev/null
+++ b/src/chrome/content/rules/Castlebridge.ie.xml
@@ -0,0 +1,12 @@
+<ruleset name="Castlebridge.ie">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="castlebridge.ie" />
+	<target host="www.castlebridge.ie" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Casual-Effects.com.xml b/src/chrome/content/rules/Casual-Effects.com.xml
new file mode 100644
index 000000000000..c9f2b035a045
--- /dev/null
+++ b/src/chrome/content/rules/Casual-Effects.com.xml
@@ -0,0 +1,18 @@
+<!--
+	Mismatched:
+		- mail
+-->
+<ruleset name="Casual-Effects.com">
+	<target host="casual-effects.com" />
+	<target host="www.casual-effects.com" />
+	<target host="cgpp-net.casual-effects.com" />
+	<target host="www.cgpp-net.casual-effects.com" />
+	<target host="codeheartjs.casual-effects.com" />
+	<target host="endlyss.casual-effects.com" />
+	<target host="graphicscodex.casual-effects.com" />
+	<target host="rocketgolfing.casual-effects.com" />
+
+	<rule from="^http:" to="https:" />
+
+	<securecookie host=".+" name=".+" />
+</ruleset>
diff --git a/src/chrome/content/rules/CatN.com.xml b/src/chrome/content/rules/CatN.com.xml
new file mode 100644
index 000000000000..54a85c88e2f0
--- /dev/null
+++ b/src/chrome/content/rules/CatN.com.xml
@@ -0,0 +1,16 @@
+<ruleset name="CatN.com">
+
+	<target host="catn.com" />
+	<target host="www.catn.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^cp\.c4\.catn\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^cp\.c4\.catn\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Catalog-of-Domestic-Federal-Assistance.xml b/src/chrome/content/rules/Catalog-of-Domestic-Federal-Assistance.xml
deleted file mode 100644
index 5c03d19efc7b..000000000000
--- a/src/chrome/content/rules/Catalog-of-Domestic-Federal-Assistance.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	For other US government coverage, see US-government.xml.
-
--->
-<ruleset name="Catalog of Domestic Federal Assistance">
-
-	<target host="cfda.gov" />
-	<!--	*s for cross-domain cookies.	-->
-	<target host="*.cfda.gov" />
-	<target host="*.www.cfda.gov" />
-
-
-	<securecookie host="^.*\.cfda\.gov$" name=".*" />
-
-
-	<!--	Cert only matches www.	-->
-	<rule from="^https?://(?:www\.)?cfda\.gov/"
-		to="https://www.cfda.gov/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Catalysis.xml b/src/chrome/content/rules/Catalysis.xml
index ae81467c5052..c0bf8025d1b1 100644
--- a/src/chrome/content/rules/Catalysis.xml
+++ b/src/chrome/content/rules/Catalysis.xml
@@ -1,15 +1,27 @@
 <!--
-	Nonfunctional subdomains:
+	Nonfunctional hosts in *catalysis.com:
 
-		- (www.)	(replies with http)
+		- media *
+
+	* 404
+
+
+	Mixed content:
+
+		- Video from media.catalysis.com ¹
+		- Bug from c.statcounter.com ²
+
+	¹ Unsecurable <= 404
+	² Secured by us
 
 -->
-<ruleset name="Catalysis (partial)">
+<ruleset name="Catalysis.com (partial)">
 
-	<target host="winhardware.catalysis.com" />
+	<target host="catalysis.com" />
+	<target host="www.catalysis.com" />
 
 
-	<rule from="^http://winhardware\.catalysis\.com/"
-		to="https://winhardware.catalysis.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Catalyst-IT.xml b/src/chrome/content/rules/Catalyst-IT.xml
index d79d1ebf05d8..01c53759f3b2 100644
--- a/src/chrome/content/rules/Catalyst-IT.xml
+++ b/src/chrome/content/rules/Catalyst-IT.xml
@@ -2,9 +2,8 @@
 
 	<target host="wrms.catalyst.net.nz"/>
 
-	<rule from="^http://wrms\.catalyst\.net\.nz/"
-		to="https://wrms.catalyst.net.nz/"/>
+	<rule from="^http:" to="https:" />
 
-	<securecookie host="^wrms\.catalyst\.net\.nz$" name=".*"/>
+	<securecookie host="^wrms\.catalyst\.net\.nz$" name=".+" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Catalyst_Host.com.xml b/src/chrome/content/rules/Catalyst_Host.com.xml
index 99551bd9d094..5a76d79a378e 100644
--- a/src/chrome/content/rules/Catalyst_Host.com.xml
+++ b/src/chrome/content/rules/Catalyst_Host.com.xml
@@ -14,7 +14,9 @@
 <ruleset name="Catalyst Host.com">
 
 	<target host="catalysthost.com" />
-	<target host="*.catalysthost.com" />
+	<target host="cp.catalysthost.com" />
+	<target host="portal.catalysthost.com" />
+	<target host="www.catalysthost.com" />
 
 
 	<securecookie host="^(?:cp|portal)?\.catalysthost\.com$" name=".+" />
diff --git a/src/chrome/content/rules/Catalyst_Technology_Group.xml b/src/chrome/content/rules/Catalyst_Technology_Group.xml
index eb56ac54f80f..d1bea0b4d8c6 100644
--- a/src/chrome/content/rules/Catalyst_Technology_Group.xml
+++ b/src/chrome/content/rules/Catalyst_Technology_Group.xml
@@ -1,13 +1,23 @@
-<ruleset name="Catalyst Technology Group">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://catalysttg.com/ => https://catalysttg.com/: (51, "SSL: no alternative certificate subject name matches target host name 'catalysttg.com'")
+Fetch error: http://forums.catalysttg.com/ => https://forums.catalysttg.com/: (6, 'Could not resolve host: forums.catalysttg.com')
+Fetch error: http://www.catalysttg.com/ => https://www.catalysttg.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.catalysttg.com'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://catalysttg.com/ => https://catalysttg.com/: (51, "SSL: no alternative certificate subject name matches target host name 'catalysttg.com'")
+-->
+<ruleset name="Catalyst Technology Group" default_off="failed ruleset test">
 
 	<target host="catalysttg.com" />
-	<target host="*.catalysttg.com" />
+	<target host="forums.catalysttg.com" />
+	<target host="www.catalysttg.com" />
 
 
-	<securecookie host="^(?:.+\.)?catalysttg\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(forums\.|www\.)?catalysttg\.com/"
-		to="https://$1catalysttg.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Catarse.me.xml b/src/chrome/content/rules/Catarse.me.xml
new file mode 100644
index 000000000000..d1ab6e668d80
--- /dev/null
+++ b/src/chrome/content/rules/Catarse.me.xml
@@ -0,0 +1,32 @@
+<!--
+	Nonfunctional hosts in catarse.me:
+
+		- suporte *
+
+	* Zendesk
+
+
+	Problematic hosts in catarse.me:
+
+		- blog *
+
+	* Mismatched
+
+
+	Fully covered hosts in *catarse.me:
+
+		- (www.)?
+
+-->
+<ruleset name="Catarse.me (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="catarse.me" />
+	<target host="www.catarse.me" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Catch.com.au.xml b/src/chrome/content/rules/Catch.com.au.xml
new file mode 100644
index 000000000000..a34b3843c5bd
--- /dev/null
+++ b/src/chrome/content/rules/Catch.com.au.xml
@@ -0,0 +1,51 @@
+<!--
+	Other related ruleset:
+		- CatchConnect.com.au.xml
+
+
+	Non-functional subdomains:
+
+		- catch.com.au
+			- accounts3	(m)
+			- link	(m)
+
+		- catchoftheday.com.au
+			- accounts	(m)
+			- o1.accounts	(t)
+			- accounts2	(m)
+			- o1.accounts2	(t)
+			- e	(m)
+			- image	(m)
+			- link	(m)
+			- rdir	(m)
+
+	m: certificate mismatch
+	t: timeout on https
+-->
+<ruleset name="Catch.com.au">
+
+	<target host="catch.com.au" />
+	<target host="www.catch.com.au" />
+	<target host="blog.catch.com.au" />
+	<target host="help.catch.com.au" />
+	<target host="m.catch.com.au" />
+	<target host="marketplace.catch.com.au" />
+	<target host="s.catch.com.au" />
+
+	<target host="catchoftheday.com.au" />
+	<target host="www.catchoftheday.com.au" />
+	<target host="blog.catchoftheday.com.au" />
+	<target host="help.catchoftheday.com.au" />
+	<target host="helpcentre.catchoftheday.com.au" />
+	<target host="m.catchoftheday.com.au" />
+	<target host="mobileapi.catchoftheday.com.au" />
+	<target host="static.catchoftheday.com.au" />
+	<target host="static-cf.catchoftheday.com.au" />
+	<target host="win.catchoftheday.com.au" />
+
+  	<securecookie host="^www\.catch\.com\.au$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Catch22.net.xml b/src/chrome/content/rules/Catch22.net.xml
new file mode 100644
index 000000000000..29e5ccea6334
--- /dev/null
+++ b/src/chrome/content/rules/Catch22.net.xml
@@ -0,0 +1,11 @@
+<!--
+	Timeout:
+		- catch22.net (fixed by this ruleset)
+-->
+<ruleset name="Catch22.net">
+	<target host="catch22.net" />
+	<target host="www.catch22.net" />
+
+	<rule from="^http://catch22\.net/" to="https://www.catch22.net/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CatchConnect.com.au.xml b/src/chrome/content/rules/CatchConnect.com.au.xml
new file mode 100644
index 000000000000..4c8b8b187122
--- /dev/null
+++ b/src/chrome/content/rules/CatchConnect.com.au.xml
@@ -0,0 +1,15 @@
+<!--
+	For other related ruleset, see Catch.com.au.xml
+-->
+<ruleset name="Catch Connect">
+
+	<target host="catchconnect.com.au" />
+	<target host="www.catchconnect.com.au" />
+	<target host="api.catchconnect.com.au" />
+	<target host="content.catchconnect.com.au" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Catchy.com.xml b/src/chrome/content/rules/Catchy.com.xml
new file mode 100644
index 000000000000..f4d771551272
--- /dev/null
+++ b/src/chrome/content/rules/Catchy.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="Catchy.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="catchy.com" />
+	<target host="www.catchy.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cateee.net.xml b/src/chrome/content/rules/Cateee.net.xml
new file mode 100644
index 000000000000..963b4b5a8b2c
--- /dev/null
+++ b/src/chrome/content/rules/Cateee.net.xml
@@ -0,0 +1,13 @@
+<ruleset name="cateee.net">
+
+	<target host="cateee.net" />
+	<target host="www.cateee.net" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Caters_News_Agency.xml b/src/chrome/content/rules/Caters_News_Agency.xml
index 8ffa1ad3ab25..2481c8e819bf 100644
--- a/src/chrome/content/rules/Caters_News_Agency.xml
+++ b/src/chrome/content/rules/Caters_News_Agency.xml
@@ -10,7 +10,6 @@
 	<target host="www.catersnews.com" />
 
 
-	<rule from="^http://(www\.)?catersnews\.com/"
-		to="https://$1catersnews.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Catgirlsare.sexy.xml b/src/chrome/content/rules/Catgirlsare.sexy.xml
new file mode 100644
index 000000000000..6e38b2f7be91
--- /dev/null
+++ b/src/chrome/content/rules/Catgirlsare.sexy.xml
@@ -0,0 +1,6 @@
+<ruleset name="Catgirlsare.sexy">
+	<target host="catgirlsare.sexy" />
+	<target host="a.catgirlsare.sexy" />
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CathayPacific.com.xml b/src/chrome/content/rules/CathayPacific.com.xml
new file mode 100644
index 000000000000..0762ffc1b1a0
--- /dev/null
+++ b/src/chrome/content/rules/CathayPacific.com.xml
@@ -0,0 +1,70 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+		- cms-author-t2.ncs1.ct1.cathaypacific.com
+
+		Timeout was reached:
+		- cathaypacific.com
+		- lifewelltravelled.cathaypacific.com
+		- meet.cathaypacific.com
+		- spiritofhk.cathaypacific.com
+
+		SSL connect error:
+		- uscots.cathaypacific.com
+
+		SSL peer certificate was not OK:
+		- a35k.cathaypacific.com
+		- discovery.cathaypacific.com
+		- marcopolo.cathaypacific.com
+		- links.services.cathaypacific.com
+
+		Failure when receiving data from the peer:
+		- betaremote.cathaypacific.com
+		- mail.cathaypacific.com
+
+		Incomplete certificate chain error:
+		- workwelldone.cathaypacific.com
+
+		4xx client error:
+		- book.cathaypacific.com
+
+		Mixed content blocking (MCB) triggered:
+		- hongkong.cathaypacific.com
+-->
+<ruleset name="CathayPacific.com">
+	<target host="cathaypacific.com" />
+	<target host="www.cathaypacific.com" />
+	<target host="api.cathaypacific.com" />
+	<target host="assets.cathaypacific.com" />
+		<test url="http://assets.cathaypacific.com/applications/vtsurvey/assets/1443148968956_tc.pdf" />
+	<target host="brushwingers.cathaypacific.com" />
+	<target host="businessplus.cathaypacific.com" />
+	<target host="careers.cathaypacific.com" />
+	<target host="cateringplanner.cathaypacific.com" />
+	<target host="en.cathaylab.cathaypacific.com" />
+	<target host="zh.cathaylab.cathaypacific.com" />
+	<target host="cdn.cathaypacific.com" />
+	<target host="cxwork.cathaypacific.com" />
+	<target host="downloads.cathaypacific.com" />
+		<test url="http://downloads.cathaypacific.com/cx/investor/ir2005.pdf" />
+		<test url="http://downloads.cathaypacific.com/cx/traffic/cxtraffic_zh_052003.pdf" />
+	<target host="hackathon.cathaypacific.com" />
+	<target host="holidays.cathaypacific.com" />
+	<target host="icanfly.cathaypacific.com" />
+	<target host="ilearn.cathaypacific.com" />
+	<target host="infosecurity.cathaypacific.com" />
+	<target host="news.cathaypacific.com" />
+	<target host="payment.cathaypacific.com" />
+	<target host="stafftravel.cathaypacific.com" />
+	<target host="sustainability.cathaypacific.com" />
+	<target host="tpms.cathaypacific.com" />
+	<target host="training.cathaypacific.com" />
+	<target host="us.cathaypacific.com" />
+	<target host="upgrade.cathaypacific.com" />
+		<test url="http://upgrade.cathaypacific.com/offer/CathayPacific?lang=zh_HK" />
+
+	<rule from="^http://cathaypacific\.com/"
+		to="https://www.cathaypacific.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CathayPacificCargo.com.xml b/src/chrome/content/rules/CathayPacificCargo.com.xml
new file mode 100644
index 000000000000..3e9c08096e34
--- /dev/null
+++ b/src/chrome/content/rules/CathayPacificCargo.com.xml
@@ -0,0 +1,15 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+		- cathaypacificcargo.com
+-->
+<ruleset name="CathayPacificCargo.com">
+	<target host="cathaypacificcargo.com" />
+	<target host="www.cathaypacificcargo.com" />
+		<test url="http://www.cathaypacificcargo.com/Portals/0/Images/News/seattle.jpg" />
+
+	<rule from="^http://cathaypacificcargo\.com/"
+		to="https://www.cathaypacificcargo.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CatinCan.xml b/src/chrome/content/rules/CatinCan.xml
deleted file mode 100644
index 1ebf4fc5da91..000000000000
--- a/src/chrome/content/rules/CatinCan.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="CatinCan">
-
-	<target host="catincan.com" />
-	<target host="www.catincan.com" />
-
-
-	<rule from="^http://(www\.)?catincan\.com/"
-		to="https://$1catincan.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Catlin_Sea_Survey.xml b/src/chrome/content/rules/Catlin_Sea_Survey.xml
index fe6bf467217b..5d392a8d4dce 100644
--- a/src/chrome/content/rules/Catlin_Sea_Survey.xml
+++ b/src/chrome/content/rules/Catlin_Sea_Survey.xml
@@ -1,13 +1,49 @@
-<ruleset name="Catlin Sea Survey">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.catlinseaviewsurvey.com/ => https://www.catlinseaviewsurvey.com/: Too many redirects while fetching 'https://www.catlinseaviewsurvey.com/'
+Fetch error: http://static.catlinseaviewsurvey.com/ => https://static.catlinseaviewsurvey.com/: (51, "SSL: no alternative certificate subject name matches target host name 'static.catlinseaviewsurvey.com'")
+Fetch error: http://catlinseaviewsurvey.com/ => https://www.catlinseaviewsurvey.com/: Too many redirects while fetching 'https://www.catlinseaviewsurvey.com/'
+
+	CDN buckets:
+
+		- d3axbd6pavbj4q.cloudfront.net ← static.catlinseaviewsurvey.com
+
+
+	^catlinseaviewsurvey.com: Refused
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .catlinseaviewsurvey.com
+		- www.catlinseaviewsurvey.com
+
+-->
+<ruleset name="Catlin Sea Survey.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.catlinseaviewsurvey.com" />
+	<target host="static.catlinseaviewsurvey.com" />
+
+	<!--	Complications:
+				-->
 
 	<target host="catlinseaviewsurvey.com" />
-	<target host="*.catlinseaviewsurvey.com" />
 
 
-	<securecookie host="^(?:.*\.)?catlinseaviewsurvey\.com$" name=".+" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.catlinseaviewsurvey\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+	<!--securecookie host="^www\.catlinseaviewsurvey\.com$" name="^X-Mapping-\w+$" /-->
+
+	<securecookie host="^(?:www)?\.catlinseaviewsurvey\.com$" name=".+" />
+
 
+	<rule from="^http://catlinseaviewsurvey\.com/"
+		to="https://www.catlinseaviewsurvey.com/" />
 
-	<rule from="^http://(www\.)?catlinseaviewsurvey\.com/"
-		to="https://$1catlinseaviewsurvey.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Cato-Institute.xml b/src/chrome/content/rules/Cato-Institute.xml
index 6f2bf95fe4a8..24c6b1f09223 100644
--- a/src/chrome/content/rules/Cato-Institute.xml
+++ b/src/chrome/content/rules/Cato-Institute.xml
@@ -1,4 +1,10 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://secure.cato.org/ => https://secure.cato.org/: (51, "SSL: no alternative certificate subject name matches target host name 'secure.cato.org'")
+
+	As of August 2014, CATO seems to reject all connections to :443
+
 	CDN bucket:
 
 		- wac.0873.edgecastcdn.net/800873
@@ -12,11 +18,13 @@
 		- www.elcato.org			(sec_error_reused_issuer_and_serial)
 		- (www.)libertarianism.org		(ditto)
 
+
+	^: cert only matches www
+
 -->
-<ruleset name="Cato Institute (partial)">
+<ruleset name="Cato Institute (partial)" default_off="failed ruleset test">
 
-	<target host="cato.com" />
-	<target host="*.cato.com" />
+	<target host="secure.cato.org" />
 
 
 	<!--	NB: This coverage is incomplete.
@@ -25,22 +33,21 @@
 
 		It seems that all pages at least two directories deep can be fetched via https
 									-->
-	<rule from="^https?://(?:www\.)?cato\.org/([^/]+/[^/]+)/"
-		to="https://www.cato.org/$1/" />
+	<!-- <rule from="^http://(?:www\.)?cato\.org/([^/]+/[^/]+)/"
+		to="https://www.cato.org/$1/" /> -->
 
 	<!--	the above rewrite makes the server print https links that point to pages which
 		don't support https.  We need to rewrite these links back to http before dealing
 		with non-page paths below, since the paths below are matched here too.
 			The paths that don't work comprise anything which isn't at least two
 		directory levels deep.					-->
-	<rule from="^https://www\.cato\.org/([^/]+/?(?:[^/]+/?)?)?$"
-		to="http://www.cato.org/$1" downgrade="1" />
+	<!-- <rule from="^https://www\.cato\.org/([^/]+/?(?:[^/]+/?)?)?$"
+		to="http://www.cato.org/$1" downgrade="1" /> -->
 
 	<!--	Account-related pages and non-page paths that support https.  Not all do so.	-->
-	<rule from="^https?://(?:www\.)?cato\.org/(images/|store/(?:sites/|user/(?:password|register)))"
-		to="https://www.cato.org/$1" />
+	<!-- <rule from="^http://(?:www\.)?cato\.org/(images/|store/(?:sites/|user/(?:password|register)))"
+		to="https://www.cato.org/$1" /> -->
 
-	<rule from="^http://secure\.cato\.org/"
-		to="https://secure.cato.org/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Catooh.com.xml b/src/chrome/content/rules/Catooh.com.xml
new file mode 100644
index 000000000000..0cb1ac867783
--- /dev/null
+++ b/src/chrome/content/rules/Catooh.com.xml
@@ -0,0 +1,51 @@
+<!--
+	For other MAGIX coverage, see MAGIX.xml.
+
+
+	^catooh.com: 404
+
+-->
+<ruleset name="Catooh.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.catooh.com" />
+
+	<!--	Complications:
+				-->
+	<target host="catooh.com" />
+
+		<!--	Direct rewrites:
+					-->
+		<!--exclusion pattern="^http://www\.catooh\.com/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.catooh\.com/+(?!catoohthumb\d\d/|html/|magix/|registrierung\.\d+\.html|themes/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.catooh.com/de/hilfe.19.html" />
+			<test url="http://www.catooh.com/de/sys/id/Kaufen/" />
+			<test url="http://www.catooh.com/es/ayuda_-_preguntas_frecuentes.254.html" />
+			<test url="http://www.catooh.com/es/sys/id/Katalog" />
+			<test url="http://www.catooh.com/it/guida.124.html" />
+			<test url="http://www.catooh.com/us/" />
+			<test url="http://www.catooh.com/us/free_downloads.314.html" />
+			<test url="http://www.catooh.com/us/help.45.html" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.catooh.com/catoohthumb02/C40/9F7/00C048004D7211E592C6F67F0A00210E.jpg" />
+			<test url="http://www.catooh.com/html/uploads/images/MAGIX_OMK/Germany/download_btn.gif" />
+			<test url="http://www.catooh.com/registrierung.364.html" />
+			<test url="http://www.catooh.com/themes/MAGIX_OMK/images/magix_logo.gif" />
+
+
+	<rule from="^http://catooh\.com/"
+		to="https://www.catooh.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Catraca_Livre.com.br.xml b/src/chrome/content/rules/Catraca_Livre.com.br.xml
new file mode 100644
index 000000000000..f692fb600504
--- /dev/null
+++ b/src/chrome/content/rules/Catraca_Livre.com.br.xml
@@ -0,0 +1,50 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://fazedores.catracalivre.com.br/ => https://fazedores.catracalivre.com.br/: (6, 'Could not resolve host: fazedores.catracalivre.com.br')
+
+	Insecure cookies are set for these domains:
+
+		- .catracalivre.com.br
+
+
+	Mixed content:
+
+		- Images on porvir from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Catraca Livre.com.br" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="catracalivre.com.br" />
+	<target host="aoquadrado.catracalivre.com.br" />
+	<target host="blogdaredacao.catracalivre.com.br" />
+	<target host="catraquinha.catracalivre.com.br" />
+	<target host="choquecultural.catracalivre.com.br" />
+	<target host="consumosocial.catracalivre.com.br" />
+	<target host="culturaemcasa.catracalivre.com.br" />
+	<target host="economize.catracalivre.com.br" />
+	<target host="estilo.catracalivre.com.br" />
+	<target host="fazedores.catracalivre.com.br" />
+	<target host="naresponsa.catracalivre.com.br" />
+	<target host="porvir.catracalivre.com.br" />
+	<target host="queminova.catracalivre.com.br" />
+	<target host="samba.catracalivre.com.br" />
+	<target host="viagem.catracalivre.com.br" />
+	<target host="www.catracalivre.com.br" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.catracalivre\.com\.br$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.catracalivre\.com\.br$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Causes.xml b/src/chrome/content/rules/Causes.xml
index 4f2af4edc6b0..9ed53543b730 100644
--- a/src/chrome/content/rules/Causes.xml
+++ b/src/chrome/content/rules/Causes.xml
@@ -1,13 +1,19 @@
-<!--	s3.amazonaws.com/causes-prod/
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://causes.presscdn.com/ => https://exchange.causes.com/: (6, 'Could not resolve host: exchange.causes.com')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://causes.presscdn.com/ => https://exchange.causes.com/: (51, "SSL: no alternative certificate subject name matches target host name 'exchange.causes.com'")	s3.amazonaws.com/causes-prod/
 -->
-<ruleset name="Causes (partial)">
+<ruleset name="Causes (partial)" default_off="failed ruleset test">
 
 	<target host="causes.com"/>
 	<target host="*.causes.com"/>
 	<target host="causes.presscdn.com"/>
 
 
-	<securecookie host="^(([^s]\w*)?\.)?causes\.com$" name=".*"/>
+	<securecookie host="^(?:(?:[^s]\w*)?\.)?causes\.com$" name=".+" />
 
 
 	<!--	s2 !work over http	-->
@@ -32,7 +38,7 @@
 
 	<!--	exchange rewrites presscdn to https, which doesn't work.
 		It's on exchange too though.		-->
-	<rule from="^https?://causes\.presscdn\.com/"
+	<rule from="^http://causes\.presscdn\.com/"
 		to="https://exchange.causes.com/"/>
 
 </ruleset>
diff --git a/src/chrome/content/rules/Cavatoyota.com.xml b/src/chrome/content/rules/Cavatoyota.com.xml
new file mode 100644
index 000000000000..65303591efdf
--- /dev/null
+++ b/src/chrome/content/rules/Cavatoyota.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Cavatoyota.com">
+	<target host="cavatoyota.com" />
+	<target host="www.cavatoyota.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Cavemancirus.com.xml b/src/chrome/content/rules/Cavemancirus.com.xml
new file mode 100644
index 000000000000..8a6af8569d98
--- /dev/null
+++ b/src/chrome/content/rules/Cavemancirus.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Mismatched:
+	- webmail.cavemancircus.com
+	- pop.cavemancircus.com
+	- origin.cavemancircus.com
+	- ftp.cavemancircus.com
+	- imap.cavemancircus.com
+
+	Mixed content:
+	- cdn.cavemancircus.com
+
+	Connection Refused:
+	- smtp.cavemancircus.com
+
+	Timeout:
+	- mail.cavemancircus.com
+-->
+<ruleset name="Cavemancircus.com">
+	<target host="cavemancircus.com" />
+	<target host="www.cavemancircus.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Cavirtex.com.xml b/src/chrome/content/rules/Cavirtex.com.xml
new file mode 100644
index 000000000000..25b679ad6263
--- /dev/null
+++ b/src/chrome/content/rules/Cavirtex.com.xml
@@ -0,0 +1,33 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cavirtex.com/ => https://cavirtex.com/: (7, 'Failed to connect to cavirtex.com port 443: Connection refused')
+Fetch error: http://www.cavirtex.com/ => https://www.cavirtex.com/: (7, 'Failed to connect to www.cavirtex.com port 443: Connection refused')
+
+	Nonfunctional subdomains:
+
+		- affiliates *
+		- blog *
+
+	* Shows default page
+
+-->
+<ruleset name="Cavirtex.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="cavirtex.com" />
+	<target host="www.cavirtex.com" />
+
+
+	<!--	Cloudflare cookies:
+					-->
+	<!--securecookie host="^\.cavirtex\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.cavirtex\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cavium.com.xml b/src/chrome/content/rules/Cavium.com.xml
new file mode 100644
index 000000000000..adf307a0e5f6
--- /dev/null
+++ b/src/chrome/content/rules/Cavium.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="Cavium.com">
+	<target host="cavium.com" />
+	<target host="www.cavium.com" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Cax.com.xml b/src/chrome/content/rules/Cax.com.xml
new file mode 100644
index 000000000000..df1500b4509b
--- /dev/null
+++ b/src/chrome/content/rules/Cax.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- www.cax.com
+
+-->
+<ruleset name="Cax.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="cax.com" />
+	<target host="www.cax.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.cax\.com$" name="^BD%2\d+$" /-->
+
+	<securecookie host="^www\.cax\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cbb.dk.xml b/src/chrome/content/rules/Cbb.dk.xml
index b79f734607a6..c2ae733f81f5 100644
--- a/src/chrome/content/rules/Cbb.dk.xml
+++ b/src/chrome/content/rules/Cbb.dk.xml
@@ -2,5 +2,5 @@
   <target host="cbb.dk" />
   <target host="www.cbb.dk" />
 
-  <rule from="^http://(www\.)?cbb\.dk/" to="https://www.cbb.dk/" />
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Cchtml.com.xml b/src/chrome/content/rules/Cchtml.com.xml
index 146ffb23ade1..119823e4f1b6 100644
--- a/src/chrome/content/rules/Cchtml.com.xml
+++ b/src/chrome/content/rules/Cchtml.com.xml
@@ -1,18 +1,18 @@
 <ruleset name="cchtml.com" default_off="self-signed">
 
 	<target host="cchtml.com" />
-	<target host="*.cchtml.com" />
+	<target host="www.cchtml.com" />
+	<target host="mail.cchtml.com" />
 
 
-	<securecookie host="^mail\.cchtml\.com$" name=".*" />
+	<securecookie host="^mail\.cchtml\.com$" name=".+" />
 
 
 	<!--	Cert only matches //cc...
 						-->
-	<rule from="^https?://(?:www\.)?cchtml\.com/"
+	<rule from="^http://(?:www\.)?cchtml\.com/"
 		to="https://cchtml.com/" />
 
-	<rule from="^http://mail\.cchtml\.com/"
-		to="https://mail.cchtml.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Cctld.ru.xml b/src/chrome/content/rules/Cctld.ru.xml
new file mode 100644
index 000000000000..664205d4ec8c
--- /dev/null
+++ b/src/chrome/content/rules/Cctld.ru.xml
@@ -0,0 +1,15 @@
+<!--meeting. mismatch
+meeting2015. mismatch
+safety. self signed
+meeting2014. mismatch
+meeting2013. mismatch
+meeting2011. mismatch
+meeting2010. mismatch
+meeting2012. mismatch
+test. self signed-->
+<ruleset name="Cctld.ru">
+	<target host="cctld.ru" />
+	<target host="www.cctld.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Cdig.me.xml b/src/chrome/content/rules/Cdig.me.xml
deleted file mode 100644
index 7711d2e40e9d..000000000000
--- a/src/chrome/content/rules/Cdig.me.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<!--
-	For other Wildcard Corp coverage, see Wildcard_Corp.com.xml.
-
-
-	Mixed content:
-
-		- Image on (www.) from www.google.com *
-
-	* Secured by us
-
--->
-<ruleset name="cdig.me">
-
-	<target host="cdig.me" />
-	<target host="*.cdig.me" />
-
-
-	<securecookie host="^(?:w*\.)?cdig\.me$" name=".+" />
-
-
-	<rule from="^http://(www\.)?cdig\.me/"
-		to="https://$1cdig.me/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Cdkeys.com.xml b/src/chrome/content/rules/Cdkeys.com.xml
new file mode 100644
index 000000000000..a4231780579b
--- /dev/null
+++ b/src/chrome/content/rules/Cdkeys.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Cdkeys.com">
+  <target host="cdkeys.com" />
+  <target host="www.cdkeys.com" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Cdn-net.com.xml b/src/chrome/content/rules/Cdn-net.com.xml
index bf6e361cc63b..f75b7ec5611b 100644
--- a/src/chrome/content/rules/Cdn-net.com.xml
+++ b/src/chrome/content/rules/Cdn-net.com.xml
@@ -1,14 +1,12 @@
 <!--
-	Web bugs.
-
+	Apex domain doesn't exist.
 -->
-<ruleset name="cdn-net.com">
 
-	<target host="cdn-net.com" />
+<ruleset name="cdn-net.com">
 	<target host="www.cdn-net.com" />
+	<test url="http://www.cdn-net.com/cc.js" />
 
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(www\.)?cdn-net\.com/"
-		to="https://$1cdn-net.com/" />
-
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Cdnads.com.xml b/src/chrome/content/rules/Cdnads.com.xml
new file mode 100644
index 000000000000..5a004c7d4ab2
--- /dev/null
+++ b/src/chrome/content/rules/Cdnads.com.xml
@@ -0,0 +1,17 @@
+<!--
+	Problematic subdomains:
+
+		- padsdel *
+
+	* Dropped
+
+-->
+<ruleset name="cdnads.com">
+
+	<!--	Direct rewrites: -->
+	<target host="padsdel2.cdnads.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cdncomputer.com.xml b/src/chrome/content/rules/Cdncomputer.com.xml
index 6e3d882221f6..75e5869e2295 100644
--- a/src/chrome/content/rules/Cdncomputer.com.xml
+++ b/src/chrome/content/rules/Cdncomputer.com.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cdn.cdncomputer.com/ => https://d1eiwcwqdd4h4w.cloudfront.net/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+
 	For other Oversee.net coverage, see Oversee.xml.
 
 
@@ -12,7 +16,7 @@
 	(www.) does not exist.
 
 -->
-<ruleset name="cdncomputer.com">
+<ruleset name="cdncomputer.com" default_off="failed ruleset test">
 
 	<target host="cdn.cdncomputer.com" />
 
@@ -20,4 +24,4 @@
 	<rule from="^http://cdn\.cdncomputer\.com/"
 		to="https://d1eiwcwqdd4h4w.cloudfront.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Cdngeek.net.xml b/src/chrome/content/rules/Cdngeek.net.xml
new file mode 100644
index 000000000000..34d173d6f8ac
--- /dev/null
+++ b/src/chrome/content/rules/Cdngeek.net.xml
@@ -0,0 +1,12 @@
+<!--
+	cloudfront, unknown id
+
+-->
+<ruleset name="cdngeek.net" default_off="mismatched">
+
+	<target host="awscf.cdngeek.net" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cdnjs.xml b/src/chrome/content/rules/Cdnjs.xml
deleted file mode 100644
index daba5c918fed..000000000000
--- a/src/chrome/content/rules/Cdnjs.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	For other CloudFlare coverage, see CloudFlare.xml.
-
--->
-<ruleset name="cdnjs">
-
-	<target host="cdnjs.com" />
-	<target host="www.cdnjs.com" />
-
-
-	<rule from="^http://(www\.)?cdnjs\.com/"
-		to="https://$1cdnjs.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Cdnme.se.xml b/src/chrome/content/rules/Cdnme.se.xml
new file mode 100644
index 000000000000..5574b4ef1c9e
--- /dev/null
+++ b/src/chrome/content/rules/Cdnme.se.xml
@@ -0,0 +1,9 @@
+<ruleset name="cdnme.se">
+
+	<target host="*.cdnme.se" />
+
+
+	<rule from="^http://cdn(\d)\.cdnme\.se/"
+		to="https://cdn$1.cdnme.se/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cdnpi.pe.xml b/src/chrome/content/rules/Cdnpi.pe.xml
new file mode 100644
index 000000000000..971a3e3dc36d
--- /dev/null
+++ b/src/chrome/content/rules/Cdnpi.pe.xml
@@ -0,0 +1,14 @@
+<!--
+	These altnames don't exist:
+
+		- www.cdnpi.pe
+
+-->
+<ruleset name="cdnpi.pe">
+
+	<target host="cdnpi.pe" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CeBIT.de.xml b/src/chrome/content/rules/CeBIT.de.xml
new file mode 100644
index 000000000000..1c70191e6543
--- /dev/null
+++ b/src/chrome/content/rules/CeBIT.de.xml
@@ -0,0 +1,20 @@
+<!--
+	For other Deutsche Messe coverage, see Deutsche_Messe.xml.
+
+
+	^: cert only matches www
+
+
+	Some pages redirect to http.
+
+-->
+<ruleset name="CeBIT.de (partial)">
+
+	<target host="cebit.de" />
+	<target host="www.cebit.de" />
+
+
+	<rule from="^http://(?:www\.)?cebit\.de/(?=(?:de|en)/applikation/secure/|meinemesse/login(?:$|\?))"
+		to="https://www.cebit.de/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ceasefire_Magazine.co.uk.xml b/src/chrome/content/rules/Ceasefire_Magazine.co.uk.xml
new file mode 100644
index 000000000000..6d5644968610
--- /dev/null
+++ b/src/chrome/content/rules/Ceasefire_Magazine.co.uk.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- www.ceasefiremagazine.co.uk
+
+-->
+<ruleset name="Ceasefire Magazine.co.uk">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ceasefiremagazine.co.uk" />
+	<target host="www.ceasefiremagazine.co.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.ceasefiremagazine\.co\.uk$" name="^bb2_screener$" /-->
+
+	<securecookie host="^www\.ceasefiremagazine\.co\.uk$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ceddit.com.xml b/src/chrome/content/rules/Ceddit.com.xml
new file mode 100644
index 000000000000..0cf9e7cfe1c4
--- /dev/null
+++ b/src/chrome/content/rules/Ceddit.com.xml
@@ -0,0 +1,12 @@
+<!--
+	Invalid Certificate:
+		beta.ceddit.com
+-->
+<ruleset name="Ceddit.com">
+	<target host="ceddit.com" />
+	<target host="www.ceddit.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Cedexis.xml b/src/chrome/content/rules/Cedexis.xml
index 68cd20130887..bd43c6a8dbc0 100644
--- a/src/chrome/content/rules/Cedexis.xml
+++ b/src/chrome/content/rules/Cedexis.xml
@@ -4,15 +4,19 @@
 		- ^
 		- community	(redirects to http, mismatched, CN: *.desk.com)
 		- developers
-		- www		(reset)
+		- go		(mismatch)
+		- live		(502)
+		- www		(502)
+		- www.prod	(502)
 
 -->
+
 <ruleset name="Cedexis (partial)">
 
 	<target host="portal.cedexis.com" />
+	<target host="radar.cedexis.com" />
+	<target host="rpt.cedexis.com" />
 
+	<rule from="^http:" to="https:" />
 
-	<rule from="^http://portal\.cedexis\.com/"
-		to="https://portal.cedexis.com/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/CedricVillani.org.xml b/src/chrome/content/rules/CedricVillani.org.xml
new file mode 100644
index 000000000000..d9918d4e32c7
--- /dev/null
+++ b/src/chrome/content/rules/CedricVillani.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="CedricVillani.org">
+	<target host="cedricvillani.org" />
+	<target host="www.cedricvillani.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Cefas.co.uk.xml b/src/chrome/content/rules/Cefas.co.uk.xml
new file mode 100644
index 000000000000..6822a7247906
--- /dev/null
+++ b/src/chrome/content/rules/Cefas.co.uk.xml
@@ -0,0 +1,37 @@
+<!--
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	^cefas.co.uk: Mismatched, self-signed
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.cefas.co.uk
+
+-->
+<ruleset name="Cefas.co.uk">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.cefas.co.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="cefas.co.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.cefas\.co\.uk$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://cefas\.co\.uk/"
+		to="https://www.cefas.co.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Celartem-mismatches.xml b/src/chrome/content/rules/Celartem-mismatches.xml
index 307feaa5b027..d03236d0c524 100644
--- a/src/chrome/content/rules/Celartem-mismatches.xml
+++ b/src/chrome/content/rules/Celartem-mismatches.xml
@@ -3,15 +3,11 @@
 	<target host="celartem.com"/>
 	<target host="tokage.celartem.com"/>
 	<target host="www.celartem.com"/>
-	<target host="marketing.extensis.com"/>
 
-	<rule from="^http://(www\.)?celartem\.com/"
+	<rule from="^http://celartem\.com/"
 		to="https://www.celartem.com/"/>
 
-	<rule from="^http://tokage\.celartem\.com/"
-		to="https://tokage.celartem.com/"/>
-
-	<rule from="^http://marketing\.extensis\.com/"
-		to="https://marketing.extensis.com/"/>
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Celartem.xml b/src/chrome/content/rules/Celartem.xml
index d2986fd28c15..3124ab52de63 100644
--- a/src/chrome/content/rules/Celartem.xml
+++ b/src/chrome/content/rules/Celartem.xml
@@ -1,18 +1,16 @@
-<ruleset name="Celartem (partial)" platform="mixedcontent">
+<!--
+	Other Celartem rulesets:
+
+		- Extensis.com.xml
+		- WebINK.com.xml
 
-	<target host="extensis.com"/>
-	<target host="www.extensis.com"/>
-	<target host="lizardtech.com"/>
-	<target host="www.lizardtech.com"/>
-	<target host="fnt.webink.com"/>
+-->
+<ruleset name="Celartem (partial)" platform="mixedcontent">
 
-	<rule from="^http://(www\.)?extensis\.com(/common|.*/my_account)/"
-		to="https://www.extensis.com/$2/"/>
+	<target host="lizardtech.com" />
+	<target host="www.lizardtech.com" />
 
-	<rule from="^http://(www\.)?lizardtech\.com/"
-		to="https://lizardtech.com/"/>
 
-	<rule from="^http://fnt\.webink\.com/"
-		to="https://fnt.webink.com/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Celiac-Foundation.xml b/src/chrome/content/rules/Celiac-Foundation.xml
deleted file mode 100644
index 4224bf928964..000000000000
--- a/src/chrome/content/rules/Celiac-Foundation.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="Celiac Disease Foundation" platform="mixedcontent">
-	<target host="celiac.org" />
-	<target host="www.celiac.org" />
-
-	<rule from="^http://(?:www\.)?celiac\.org/" to="https://www.celiac.org/" />
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Celiac.org.xml b/src/chrome/content/rules/Celiac.org.xml
new file mode 100644
index 000000000000..851b8b9bd603
--- /dev/null
+++ b/src/chrome/content/rules/Celiac.org.xml
@@ -0,0 +1,20 @@
+<!--
+	Invalid certificate:
+		www.mail.celiac.org
+		mars.celiac.org
+
+-->
+<ruleset name="Celiac Disease Foundation">
+
+	<target host="celiac.org" />
+	<target host="www.celiac.org" />
+	<target host="clinical.celiac.org" />
+	<target host="www.clinical.celiac.org" />
+	<target host="icure.celiac.org" />
+	<target host="www.icure.celiac.org" />
+	<target host="trials.celiac.org" />
+	<target host="www.trials.celiac.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cell.xml b/src/chrome/content/rules/Cell.xml
deleted file mode 100644
index 2b8765100615..000000000000
--- a/src/chrome/content/rules/Cell.xml
+++ /dev/null
@@ -1,34 +0,0 @@
-<!--
-	Nonfunctional domains:
-
-		- download	(http reply)
-
-
-	Problematic subdomains:
-
-		- ^	(cert only matches www)
-
-
-	Mixed content:
-
-		- Ads/web bugs, on www from:
-
-			- ad.doubleclick.net *
-			- cdn.realtidbits.com *
-
-	* Secured by us
-
--->
-<ruleset name="Cell (partial)">
-
-	<target host="cell.com" />
-	<target host="www.cell.com" />
-
-
-	<securecookie host="^www\.cell\.com$" name=".*" />
-
-
-	<rule from="^http://(?:www\.)?cell\.com/"
-		to="https://www.cell.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Cellarmasters.com.au.xml b/src/chrome/content/rules/Cellarmasters.com.au.xml
new file mode 100644
index 000000000000..cd90269b4660
--- /dev/null
+++ b/src/chrome/content/rules/Cellarmasters.com.au.xml
@@ -0,0 +1,34 @@
+<!--
+	For other Woolworths coverage, see Woolworths.com.au.xml
+
+
+	Nonfunctional subdomains:
+
+		- dev		(SSL handshake failed)
+		- email		(connection refused)
+		- emm		(timeout)
+		- friend	(mismatch hostname, CN: www.eletrostates.com.br)
+		- image		(SSL handshake failed)
+		- promo		(mismatch hostname, CN: *.azurewebsites.net)
+		- search	(SSL handshake failed)
+		- uat2		(mismatch hostname, CN: uat.cellarmasters.com.au)
+		- v3		(SSL handshake failed)
+		- webmail	(timeout)
+		- links.wine	(mismatch hostname, CN: *.ibmmarketingcloud.com)
+
+-->
+<ruleset name="Cellarmasters.com.au">
+
+	<target host="cellarmasters.com.au" />
+	<target host="www.cellarmasters.com.au" />
+	<target host="m.cellarmasters.com.au" />
+	<target host="pie.cellarmasters.com.au" />
+	<target host="pie-dev.cellarmasters.com.au" />
+	<target host="staging.cellarmasters.com.au" />
+	<target host="uat.cellarmasters.com.au" />
+
+	<securecookie host="^www\.cellarmasters\.com\.au$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Cemetech.net.xml b/src/chrome/content/rules/Cemetech.net.xml
new file mode 100644
index 000000000000..ce9bd93bca46
--- /dev/null
+++ b/src/chrome/content/rules/Cemetech.net.xml
@@ -0,0 +1,6 @@
+<ruleset name="Cemetech.net">
+  <target host="cemetech.net" />
+  <target host="www.cemetech.net" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Cendio.com.xml b/src/chrome/content/rules/Cendio.com.xml
new file mode 100644
index 000000000000..94ff8e65c6e1
--- /dev/null
+++ b/src/chrome/content/rules/Cendio.com.xml
@@ -0,0 +1,15 @@
+<ruleset name="Cendio.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="cendio.com" />
+	<target host="www.cendio.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ceneo.pl-falsemixed.xml b/src/chrome/content/rules/Ceneo.pl-falsemixed.xml
new file mode 100644
index 000000000000..be511db91696
--- /dev/null
+++ b/src/chrome/content/rules/Ceneo.pl-falsemixed.xml
@@ -0,0 +1,19 @@
+<!--
+	For rules not causing false/broken MCB, see Ceneo.pl.xml
+
+-->
+<ruleset name="Ceneo.pl (false MCB)" platform="mixedcontent">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="dlasklepow.ceneo.pl" />
+	<target host="info.ceneo.pl" />
+	<target host="kariera.ceneo.pl" />
+	<target host="pp.ceneo.pl" />
+	<target host="pressroom.ceneo.pl" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ceneo.pl.xml b/src/chrome/content/rules/Ceneo.pl.xml
new file mode 100644
index 000000000000..0f715c9a9eb8
--- /dev/null
+++ b/src/chrome/content/rules/Ceneo.pl.xml
@@ -0,0 +1,106 @@
+<!--
+	For rules causing false/broken MCB, see Ceneo.pl-falsemixed.xml.
+
+
+	Problematic hosts in *ceneo.pl:
+
+		- ^ ¹
+		- dlasklepow ²
+		- info ²
+		- kariera ²
+		- pp ²
+		- pressroom ²
+
+	¹ Mismatched
+	² Mixed css
+
+
+	Insecure cookies are set for these hosts:
+
+		- partnerzy.ceneo.pl
+
+
+	Mixed content:
+
+		- css, on:
+
+			- dlasklepow from $self *
+			- info from $self *
+			- kariera from $self *
+			- pp from $self *
+			- pp from fonts.googleapis.com *
+			- pressroom from $self *
+
+		- Fonts, on:
+
+			- dlasklepow from $self *
+			- info from $self *
+			- kariera from $self *
+			- pressroom from $self *
+
+		- Images, on:
+
+			- dlasklepow from $self *
+			- info from $self *
+			- kariera from $self *
+			- pp from $self *
+			- pressroom from $self *
+
+		- favicons, on:
+
+			- info from $self *
+			- pressroom from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Ceneo.pl (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<!--target host="dlasklepow.ceneo.pl" /-->
+	<target host="image.ceneo.pl" />
+	<target host="image2.ceneo.pl" />
+	<!--target host="info.ceneo.pl" /-->
+	<!--target host="kariera.ceneo.pl" /-->
+	<target host="partnerzy.ceneo.pl" />
+	<!--target host="pp.ceneo.pl" /-->
+	<!--target host="pressroom.ceneo.pl" /-->
+	<target host="www.ceneo.pl" />
+
+	<!--	Complications:
+				-->
+	<target host="ceneo.pl" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.ceneo\.pl/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.ceneo\.pl/+(?!Content/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.ceneo.pl/Frytownice" />
+			<test url="http://www.ceneo.pl/Radia" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.ceneo.pl/Content/img/icons/logo-ceneo.svg" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^partnerzy\.ceneo\.pl$" name="^cnicaap$" /-->
+
+	<securecookie host="^partnerzy\.ceneo\.pl$" name=".+" />
+
+
+	<rule from="^http://ceneo\.pl/"
+		to="https://www.ceneo.pl/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cengage.xml b/src/chrome/content/rules/Cengage.xml
index e778fff0c556..72160fc50318 100644
--- a/src/chrome/content/rules/Cengage.xml
+++ b/src/chrome/content/rules/Cengage.xml
@@ -1,26 +1,36 @@
-<!--	!functional:
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cengagebrain.co.uk/ => https://cengagebrain.co.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'cengagebrain.co.uk'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://cengagebrain.co.uk/ => https://cengagebrain.co.uk/: Cycle detected - URL already encountered: http://www.cengagebrain.com:80/shop/index.html
+Fetch error: http://multivu.com/ => https://www.multivu.com/: Redirect for 'http://multivu.com/' missing Location	!functional:
 		- gdc.gale.com
 -->
-<ruleset name="Cengage (partial)" platform="mixedcontent">
+<ruleset name="Cengage (partial)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="serviceplus.cengage.com"/>
 	<target host="cengagebrain.com"/>
-	<target host="*.cengagebrain.com"/>
+	<target host="assets.cengagebrain.com" />
+	<target host="www.cengagebrain.com" />
 	<target host="cengagebrain.co.uk"/>
-	<target host="*.cengagebrain.co.uk"/>
+	<target host="www.cengagebrain.co.uk" />
 	<target host="ed2go.com"/>
-	<target host="*.ed2go.com"/>
-	<target host="*.hbrstatic.com"/>
+	<target host="www.ed2go.com" />
+	<target host="hbb.hbrstatic.com" />
+	<target host="hbr.hbrstatic.com" />
 	<target host="highbeam.com"/>
-	<target host="*.highbeam.com"/>
+	<target host="www.highbeam.com" />
+	<target host="business.highbeam.com" />
 	<target host="multivu.com"/>
 	<target host="www.multivu.com"/>
 	<target host="ordercourses.com"/>
 	<target host="www.ordercourses.com"/>
 
-	<securecookie host="^(.*\.)?(ed2go|ordercourses).com$" name=".*"/>
-	<securecookie host="^serviceplus\.cengage\.com$" name=".*"/>
-	<securecookie host="^(.*\.)?cengagebrain\.co(m|\.uk)$" name=".*"/>
+	<securecookie host="^(?:.*\.)?(?:ed2go|ordercourses).com$" name=".+" />
+	<securecookie host="^serviceplus\.cengage\.com$" name=".+" />
+	<securecookie host="^(?:.*\.)?cengagebrain\.co(?:m|\.uk)$" name=".+" />
 
 	<rule from="^http://serviceplus\.cengage\.com/"
 		to="https://serviceplus.cengage.com/"/>
diff --git a/src/chrome/content/rules/Cenowarka.pl.xml b/src/chrome/content/rules/Cenowarka.pl.xml
new file mode 100644
index 000000000000..f662d918e496
--- /dev/null
+++ b/src/chrome/content/rules/Cenowarka.pl.xml
@@ -0,0 +1,13 @@
+<!--
+	For other Preisvergleich Internet Services coverage, see Preisvergleich-Internet-Services.xml.
+
+-->
+<ruleset name="Cenowarka.pl">
+
+	<target host="cenowarka.pl" />
+	<target host="www.cenowarka.pl" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Censorship.govt.nz.xml b/src/chrome/content/rules/Censorship.govt.nz.xml
index b0ce01d2ccb8..3b11557e2d68 100644
--- a/src/chrome/content/rules/Censorship.govt.nz.xml
+++ b/src/chrome/content/rules/Censorship.govt.nz.xml
@@ -1,4 +1,14 @@
-<ruleset name="Censorship.govt.nz" platform="mixedcontent">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://censorship.govt.nz/ => https://www.censorship.govt.nz/: (51, "SSL: no alternative certificate subject name matches target host name 'www.censorship.govt.nz'")
+Fetch error: http://www.censorship.govt.nz/ => https://www.censorship.govt.nz/: (51, "SSL: no alternative certificate subject name matches target host name 'www.censorship.govt.nz'")
+
+Automatically by https-everywhere-checker because:
+Fetch error: http://censorship.govt.nz/ => https://www.censorship.govt.nz/: (51, "SSL: no alternative certificate subject name matches target host name 'www.censorship.govt.nz'")
+Fetch error: http://www.censorship.govt.nz/ => https://www.censorship.govt.nz/: (51, "SSL: no alternative certificate subject name matches target host name 'www.censorship.govt.nz'")
+-->
+<ruleset name="Censorship.govt.nz" platform="mixedcontent" default_off="failed ruleset test">
 	<target host="censorship.govt.nz" />
 	<target host="www.censorship.govt.nz" />
 	<rule from="^http://www\.censorship\.govt\.nz/" to="https://www.censorship.govt.nz/"/>
diff --git a/src/chrome/content/rules/Census.gov.xml b/src/chrome/content/rules/Census.gov.xml
new file mode 100644
index 000000000000..751b3f57629a
--- /dev/null
+++ b/src/chrome/content/rules/Census.gov.xml
@@ -0,0 +1,10 @@
+<ruleset name="Census.gov">
+
+	<target host="census.gov" />
+	<target host="www.census.gov" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Census.xml b/src/chrome/content/rules/Census.xml
index 2cddd99c8cbc..f48fbe11c376 100644
--- a/src/chrome/content/rules/Census.xml
+++ b/src/chrome/content/rules/Census.xml
@@ -1,17 +1,13 @@
-<!--
-	CN: *.webfaction.com
-
--->
-<ruleset name="census" default_off="mismatched">
+<ruleset name="census-labs.com">
 
 	<target host="census-labs.com" />
 	<target host="www.census-labs.com" />
 
 
-	<securecookie host="^census-labs.com$" name=".+" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?census-labs\.com/"
-		to="https://census-labs.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/CentOS.org.xml b/src/chrome/content/rules/CentOS.org.xml
index 7e9910e81fc1..3ef8a7afb6f1 100644
--- a/src/chrome/content/rules/CentOS.org.xml
+++ b/src/chrome/content/rules/CentOS.org.xml
@@ -1,35 +1,46 @@
 <!--
-	Nonfunctional subdomains:
-
-		- bugs			(shows blank tree; expired 2012-05-23, CN: localhost.localdomain)
-		- mirror-status		(403; md5 signed, expired 2007-04-05)
-		- wiki			(db connection failure, valid cert)
-
-
-	Fully covered subdomains:
-
-		- (www.)
+	Content mismatch:
 		- projects
 
-
-	Observed cookie domains:
-
-		- ^
-		- bugs
-		- www
-
+	Timeout:
+		- debuginfo
+		- mirror
+		- mirrorlist
+		- packet0[1-4]
+		- torrent
+		- vault
 -->
 <ruleset name="CentOS.org (partial)">
 
 	<target host="centos.org" />
-	<target host="*.centos.org" />
-		<exclusion pattern="^http://(?:bugs|wiki)\." />
-
-
-	<securecookie host="^(?:www\.)?centos\.org$" name=".+" />
-
-
-	<rule from="^http://(projects\.|www\.)?centos\.org/"
-		to="https://$1centos.org/" />
+	<target host="www.centos.org" />
+	<target host="accounts.centos.org" />
+	<target host="apps.centos.org" />
+	<target host="blog.centos.org" />
+	<target host="blogs.centos.org" />
+	<target host="bugs.centos.org" />
+	<target host="cbs.centos.org" />
+	<target host="ci.centos.org" />
+	<target host="cloud.centos.org" />
+	<target host="docs.centos.org" />
+	<target host="feeds.centos.org" />
+	<target host="forums.centos.org" />
+	<target host="fr.centos.org" />
+	<target host="git.centos.org" />
+	<target host="id.centos.org" />
+	<target host="lists.centos.org" />
+	<target host="mirror-status.centos.org" />
+	<target host="paste.centos.org" />
+	<target host="pastebin.centos.org" />
+	<target host="people.centos.org" />
+	<target host="planet.centos.org" />
+	<target host="registry.centos.org" />
+	<target host="seven.centos.org" />
+	<target host="status.centos.org" />
+	<target host="wiki.centos.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"	to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/CentOS_Blog.com.xml b/src/chrome/content/rules/CentOS_Blog.com.xml
new file mode 100644
index 000000000000..6a908aa7e157
--- /dev/null
+++ b/src/chrome/content/rules/CentOS_Blog.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="CentOS Blog.com">
+
+	<target host="centosblog.com" />
+	<target host="www.centosblog.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Center-for-American-Progress.xml b/src/chrome/content/rules/Center-for-American-Progress.xml
deleted file mode 100644
index fee594354018..000000000000
--- a/src/chrome/content/rules/Center-for-American-Progress.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<ruleset name="Center for American Progress (partial)">
-
-	<target host="thinkprogress.org"/>
-	<target host="www.thinkprogress.org"/>
-		<!--
-			Redirects to http:
-						-->
-		<exclusion pattern="^http://(?:www\.)?thinkprogress\.com/justice/\d{4}/\d\/\d\d/\d+/[\w-]+" />
-
-	<!--securecookie host="^(www\.)?thinkprogress\.com$" name=".*"/-->
-
-	<rule from="^http://(www\.)?thinkprogress\.org/"
-		to="https://$1thinkprogress.org/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Center-for-Documentation-of-Violations-in-Syria.xml b/src/chrome/content/rules/Center-for-Documentation-of-Violations-in-Syria.xml
index d52bf8cdd325..045c2645d8bc 100644
--- a/src/chrome/content/rules/Center-for-Documentation-of-Violations-in-Syria.xml
+++ b/src/chrome/content/rules/Center-for-Documentation-of-Violations-in-Syria.xml
@@ -6,7 +6,7 @@
 
 	<!--	Cert only matches *.vdc-sy.org.
 						-->
-	<rule from="^https?://(?:www\.)?vdc-sy\.org/"
+	<rule from="^http://(?:www\.)?vdc-sy\.org/"
 		to="https://www.vdc-sy.org/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Center-for-Responsive-Politics.xml b/src/chrome/content/rules/Center-for-Responsive-Politics.xml
deleted file mode 100644
index ea2c09db5765..000000000000
--- a/src/chrome/content/rules/Center-for-Responsive-Politics.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<ruleset name="Center for Responsive Politics (partial)">
-
-	<target host="opensecrets.org"/>
-	<target host="*.opensecrets.org"/>
-
-	<securecookie host="^(.*\.)?opensecrets\.org$" name=".*"/>
-
-	<rule from="^http://(?:www\.)?opensecrets\.org/"
-		to="https://www.opensecrets.org/"/>
-
-	<rule from="^http://(asset|image)s\.opensecrets\.org/"
-		to="https://s3.amazonaws.com/$1s.opensecrets.org/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Center-for-Rights.xml b/src/chrome/content/rules/Center-for-Rights.xml
deleted file mode 100644
index 8fb2bfad4b3b..000000000000
--- a/src/chrome/content/rules/Center-for-Rights.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<ruleset name="Center for Rights">
-
-	<target host="centerforrights.org" />
-	<target host="www.centerforrights.org" />
-	<target host="internetvotes.org" />
-	<target host="www.internetvotes.org" />
-
-
-	<rule from="^https?://(?:www\.)?thecenterforrights\.org/"
-		to="https://centerforrights.heroku.com/" />
-
-	<rule from="^https?://(?:www\.)?internetvotes\.org/"
-		to="https://internetvotes.herokuapp.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Center_for_Early_Childhood_Professional_Development.xml b/src/chrome/content/rules/Center_for_Early_Childhood_Professional_Development.xml
index d635a6c9de79..a424691ae4ba 100644
--- a/src/chrome/content/rules/Center_for_Early_Childhood_Professional_Development.xml
+++ b/src/chrome/content/rules/Center_for_Early_Childhood_Professional_Development.xml
@@ -1,13 +1,12 @@
 <ruleset name="Center for Early Childhood Professional Development">
 
 	<target host="cecpdonline.org" />
-	<target host="*.cecpdonline.org" />
+	<target host="www.cecpdonline.org" />
 
 
 	<securecookie host="^(?:w*\.)?cecpdonline\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?cecpdonline\.org/"
-		to="https://$1cecpdonline.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Center_for_Individual_Freedom.xml b/src/chrome/content/rules/Center_for_Individual_Freedom.xml
index e260fa69f924..c912574bb1f1 100644
--- a/src/chrome/content/rules/Center_for_Individual_Freedom.xml
+++ b/src/chrome/content/rules/Center_for_Individual_Freedom.xml
@@ -1,19 +1,23 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://vs.cfif.org/ (200) => https://vs.cfif.org/ (403)
+
 	Nonfunctional subdomains:
 
 		- mailserver	(data differs)
 
 -->
-<ruleset name="Center for Individual Freedom (partial)">
+<ruleset name="Center for Individual Freedom (partial)" default_off="failed ruleset test">
 
 	<target host="cfif.org" />
-	<target host="*.cfif.org" />
+	<target host="vs.cfif.org" />
+	<target host="www.cfif.org" />
 
 
 	<securecookie host="^(?:www\.)?cfif\.org$" name=".+" />
 
 
-	<rule from="^http://(vs\.|www\.)?cfif\.org/"
-		to="https://$1cfif.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Center_for_Land_Use_Interpretation.xml b/src/chrome/content/rules/Center_for_Land_Use_Interpretation.xml
index d93a8a199482..ab285a775a74 100644
--- a/src/chrome/content/rules/Center_for_Land_Use_Interpretation.xml
+++ b/src/chrome/content/rules/Center_for_Land_Use_Interpretation.xml
@@ -5,7 +5,7 @@
 <ruleset name="The Center for Land Use Interpretation" default_off="mismatched">
 
 	<target host="culi.org" />
-	<target host="*.culi.org" />
+	<target host="www.culi.org" />
 
 
 	<securecookie host="^\.clui\.org$" name=".+" />
@@ -14,4 +14,4 @@
 	<rule from="^http://(?:www\.)?culi\.org/"
 		to="https://culi.org/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Centerline_Digital.xml b/src/chrome/content/rules/Centerline_Digital.xml
index 24fa1b1afd57..a7ff197aaf37 100644
--- a/src/chrome/content/rules/Centerline_Digital.xml
+++ b/src/chrome/content/rules/Centerline_Digital.xml
@@ -9,13 +9,13 @@
 			- CN: newcenterline.net
 
 -->
-<ruleset name="Centerline Digital (partial)">
+<ruleset name="Centerline Digital (partial)" default_off="expired">
 
 	<target host="centerlinebeta.net" />
 	<target host="www.centerlinebeta.net" />
 
 
-	<rule from="^http://(www\.)?centerlinebeta\.net/"
-		to="https://$1centerlinebeta.net/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Centili.xml b/src/chrome/content/rules/Centili.xml
new file mode 100644
index 000000000000..e3130b230ff9
--- /dev/null
+++ b/src/chrome/content/rules/Centili.xml
@@ -0,0 +1,14 @@
+<!--
+	Non-functional domain:
+		- centili.com		(cert only matches subdomains)
+-->
+
+<ruleset name="Centili">
+	<target host="api.centili.com" />
+	<target host="www.centili.com" />
+
+  	<securecookie host="^(api|www)\.centili\.com$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Centmin_Mod.com.xml b/src/chrome/content/rules/Centmin_Mod.com.xml
new file mode 100644
index 000000000000..ea12c4eca50f
--- /dev/null
+++ b/src/chrome/content/rules/Centmin_Mod.com.xml
@@ -0,0 +1,15 @@
+<!--
+	(www.): refused
+
+
+	cdn77: mismatched, CN: backend.omega.onappcdn.com
+
+-->
+<ruleset name="Centmin Mod.com (partial)">
+
+	<target host="community.centminmod.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CentraFoods.com.xml b/src/chrome/content/rules/CentraFoods.com.xml
new file mode 100644
index 000000000000..b40cdb53a325
--- /dev/null
+++ b/src/chrome/content/rules/CentraFoods.com.xml
@@ -0,0 +1,14 @@
+<!--
+	Connection refused:
+		- centrafoods.com, equivalent to www.centrafoods.com
+-->
+
+<ruleset name="CentraFoods.com">
+	<target host="centrafoods.com" />
+	<target host="www.centrafoods.com" />
+
+	<rule from="^http://centrafoods\.com/"
+		to="https://www.centrafoods.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Central_Computers.com.xml b/src/chrome/content/rules/Central_Computers.com.xml
new file mode 100644
index 000000000000..1d6343f46944
--- /dev/null
+++ b/src/chrome/content/rules/Central_Computers.com.xml
@@ -0,0 +1,29 @@
+<!--
+	Mixed content:
+
+		- Images from www *
+
+		- Ads/web bugs, from:
+
+			- seal-sanjose.bbb.org *
+			- img.constantcontact.com *
+			- ah.pricegrabber.com *
+			- intel.sharedvue.net *
+
+	* Secured by us
+
+-->
+<ruleset name="Central Computers.com">
+
+	<target host="centralcomputers.com" />
+	<target host="www.centralcomputers.com" />
+
+
+	<!--	Secured by server:
+					-->
+	<!--securecookie host="^(www\.)?centralcomputers\.com$" name=".+" /-->
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Centralfield.com.xml b/src/chrome/content/rules/Centralfield.com.xml
new file mode 100644
index 000000000000..8d64ca6cf514
--- /dev/null
+++ b/src/chrome/content/rules/Centralfield.com.xml
@@ -0,0 +1,22 @@
+<!--
+	Non-functional hosts
+		Certificate mismatch:
+			- extreme.centralfield.com
+			- mail.centralfield.com
+			- mbox.centralfield.com
+			- shop.centralfield.com
+
+		Different content:
+			- centralfield.com
+-->
+<ruleset name="Centralfield.com">
+	<target host="centralfield.com" />
+	<target host="www.centralfield.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://centralfield\.com/"
+			to="https://www.centralfield.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Centralparkzoo.com.xml b/src/chrome/content/rules/Centralparkzoo.com.xml
new file mode 100644
index 000000000000..4cf7cca68791
--- /dev/null
+++ b/src/chrome/content/rules/Centralparkzoo.com.xml
@@ -0,0 +1,14 @@
+<!--
+	Invalid Server Name:
+		www.centralparkzoo.com
+		chicks.centralparkzoo.com
+		pages.centralparkzoo.com
+-->
+
+<ruleset name="Centralparkzoo.com">
+	<target host="centralparkzoo.com" />
+
+	<securecookie host="centralparkzoo\.com$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Centre_for_Effective_Altruism.org.xml b/src/chrome/content/rules/Centre_for_Effective_Altruism.org.xml
new file mode 100644
index 000000000000..74a3f4ca98da
--- /dev/null
+++ b/src/chrome/content/rules/Centre_for_Effective_Altruism.org.xml
@@ -0,0 +1,16 @@
+<!--
+	Other Centre for Effective Altruism rulesets:
+
+		- givingwhatwecan.org.xml
+
+-->
+<ruleset name="Centre for Effective Altruism.org">
+
+	<target host="centreforeffectivealtruism.org" />
+	<target host="www.centreforeffectivealtruism.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Centre_for_the_Protection_of_National_Infrastructure.xml b/src/chrome/content/rules/Centre_for_the_Protection_of_National_Infrastructure.xml
new file mode 100644
index 000000000000..d6d57c5b728e
--- /dev/null
+++ b/src/chrome/content/rules/Centre_for_the_Protection_of_National_Infrastructure.xml
@@ -0,0 +1,15 @@
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cpni.gov.uk/ => https://www.cpni.gov.uk/: (6, 'Could not resolve host: cpni.gov.uk')
+-->
+<ruleset name="Centre for the Protection of National Infrastructure (CPNI)">
+    <target host="cpni.gov.uk" />
+    <target host="*.cpni.gov.uk" />
+
+    <securecookie host=".+" name=".+"/>
+
+    <rule from="^http://cpni\.gov\.uk/"
+        to="https://www.cpni.gov.uk/" />
+    <rule from="^http://([^/:@]+)?\.cpni\.gov\.uk/"
+        to="https://$1.cpni.gov.uk/" />
+</ruleset>
diff --git a/src/chrome/content/rules/Centreon.com.xml b/src/chrome/content/rules/Centreon.com.xml
new file mode 100644
index 000000000000..493c4142ba64
--- /dev/null
+++ b/src/chrome/content/rules/Centreon.com.xml
@@ -0,0 +1,70 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://login.centreon.com/ => https://login.centreon.com/: (6, 'Could not resolve host: login.centreon.com')
+
+	CDN buckets:
+
+		- forum-merethis.netdna-ssl.com
+
+
+	Problematic subdomains:
+
+		- forum * ²
+
+	* Mixed css
+	² Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- centreon.com
+		- blog.centreon.com
+		- forum.centreon.com
+		- www.centreon.com
+
+
+	Mixed content:
+
+		- css, on:
+
+			- documentation from fonts.googleapis.com *
+			- forum from $self *
+
+		- Bug on documentation from i.creativecommons.org *
+
+	* Secured by us
+
+-->
+<ruleset name="Centreon.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="centreon.com" />
+	<target host="blog.centreon.com" />
+	<target host="documentation.centreon.com" />
+	<target host="download.centreon.com" />
+	<target host="forge.centreon.com" />
+	<!--target host="forum.centreon.com" /-->
+	<target host="login.centreon.com" />
+	<target host="translate.centreon.com" />
+	<target host="www.centreon.com" />
+
+		<!--	Avoid broken MCB:
+						-->
+		<!--exclusion pattern="^http://forum\.centreon\.com/+(?!css\.php|favicon\.ico)" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?centreon\.com$" name="^pll_language$" /-->
+	<!--securecookie host="^blog\.centreon\.com$" name="^_icl_current_language$" /-->
+	<!--securecookie host="^forum\.centreon\.com$" name="^(?:AWSELB|vb\d+(?:lastactivity|lastvisit|sessionhash))$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Centrinvest.ru.xml b/src/chrome/content/rules/Centrinvest.ru.xml
new file mode 100644
index 000000000000..b11d5b3e95c0
--- /dev/null
+++ b/src/chrome/content/rules/Centrinvest.ru.xml
@@ -0,0 +1,14 @@
+<!--promo. mismatch
+school. mismatch
+krasnodar. refused
+mbr. expired
+dobro. expired-->
+<ruleset name="Centrinvest.ru">
+	<target host="centrinvest.ru" />
+	<target host="www.centrinvest.ru" />
+	<target host="link.centrinvest.ru" />
+	<target host="online.centrinvest.ru" />
+	<target host="lz.centrinvest.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Centrum-Wiskunde-and-Informatica.xml b/src/chrome/content/rules/Centrum-Wiskunde-and-Informatica.xml
index e3a363bf7bfa..0107d8e7c2dd 100644
--- a/src/chrome/content/rules/Centrum-Wiskunde-and-Informatica.xml
+++ b/src/chrome/content/rules/Centrum-Wiskunde-and-Informatica.xml
@@ -1,16 +1,49 @@
-<ruleset name="Centrum Wiskunde &amp; Informatica">
+<!--
+	Centrum Wiskunde & Informatica
 
-	<target host="cwi.nl" />
-	<target host="*.cwi.nl" />
 
+	Nonfunctional hosts in *cwi.nl:
 
-	<securecookie host="^\.cwi\.nl$" name=".*" />
+		- webopac *
 
+	* 403
 
-	<!--	- !www doesn't work over https
-		- !www redirects to www over http
-			-->
-	<rule from="^http://(?:www\.)?cwi\.nl/"
-		to="https://www.cwi.nl/" />
+
+	Problematic hosts in *cwi.nl:
+
+		- lobbi *
+
+	* Server sends no certificate chain, see https://whatsmychaincert.com
+
+
+	These altnames don't exist:
+
+		- cwi.nl
+
+
+	Insecure cookies are set for these domains:
+
+		- .www.cwi.nl
+
+-->
+<ruleset name="CWI.nl">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="library.cwi.nl" />
+	<!--target host="lobbi.cwi.nl" /-->
+	<target host="repository.cwi.nl" />
+	<target host="www.cwi.nl" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.www\.cwi\.nl$" name="^SESS[\da-f]{32}$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Centzy.xml b/src/chrome/content/rules/Centzy.xml
index 4f2c47d0112f..d4ec6ab22130 100644
--- a/src/chrome/content/rules/Centzy.xml
+++ b/src/chrome/content/rules/Centzy.xml
@@ -1,13 +1,17 @@
-<ruleset name="Centzy">
+<!--
+	www.centzy.com does not exist.
 
-	<target host="centzy.com" />
-	<target host="*.centzy.com" />
+-->
+<ruleset name="Centzy.com">
 
+	<target host="centzy.com" />
 
-	<securecookie host="^(?:m\.)?centzy\.com$" name=".+" />
 
+	<!--	Redirect keeps all:
+					-->
+	<rule from="^http://centzy\.com/"
+		to="https://locality.com/" />
 
-	<rule from="^http://(m\.|www\.)?centzy\.com/"
-		to="https://$1centzy.com/" />
+		<test url="http://centzy.com/default.aspx" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Ceonex.xml b/src/chrome/content/rules/Ceonex.xml
index 231d4d7887cb..382ed5dcc49f 100644
--- a/src/chrome/content/rules/Ceonex.xml
+++ b/src/chrome/content/rules/Ceonex.xml
@@ -1,18 +1,19 @@
 <ruleset name="Ceonex" default_off="expired, self-signed">
 
 	<target host="ceonex.com" />
-	<target host="*.ceonex.com" />
+	<target host="www.ceonex.com" />
+	<target host="info.ceonex.com" />
 
 
 	<!--	Cert only matches ^ceonex.com.
 						-->
-	<rule from="^https?://(?:www\.)?ceonex\.com/"
+	<rule from="^http://(?:www\.)?ceonex\.com/"
 		to="https://ceonex.com/" />
 
 	<!--	- times out over https
 		- 301s like so over http
 					-->
-	<rule from="^https?://info\.ceonex\.com/$"
+	<rule from="^http://info\.ceonex\.com/$"
 		to="https://ceonex.com/conversion/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Cephalofair.com.xml b/src/chrome/content/rules/Cephalofair.com.xml
new file mode 100644
index 000000000000..8ced5e1baba7
--- /dev/null
+++ b/src/chrome/content/rules/Cephalofair.com.xml
@@ -0,0 +1,16 @@
+<!--
+	Connection closed:
+		- calendar
+		- docs
+		- start
+
+	Mismatched:
+		- ftp
+		- ssh
+-->
+<ruleset name="Cephalofair.com">
+	<target host="cephalofair.com" />
+	<target host="www.cephalofair.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CerberusApp.xml b/src/chrome/content/rules/CerberusApp.xml
new file mode 100644
index 000000000000..be93ffede3a4
--- /dev/null
+++ b/src/chrome/content/rules/CerberusApp.xml
@@ -0,0 +1,13 @@
+<!--
+	Cerberus Android Anti-Theft
+
+-->
+<ruleset name="CerberusApp.com">
+
+	<target host="cerberusapp.com" />
+	<target host="www.cerberusapp.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CereProc.com.xml b/src/chrome/content/rules/CereProc.com.xml
new file mode 100644
index 000000000000..2cff072b99f7
--- /dev/null
+++ b/src/chrome/content/rules/CereProc.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="CereProc.com">
+
+	<target host="cereproc.com" />
+	<target host="www.cereproc.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ceredigion.gov.uk.xml b/src/chrome/content/rules/Ceredigion.gov.uk.xml
new file mode 100644
index 000000000000..f7bb4847eabd
--- /dev/null
+++ b/src/chrome/content/rules/Ceredigion.gov.uk.xml
@@ -0,0 +1,58 @@
+<!--
+	Ceredigion County Council
+
+
+	Nonfunctional hosts in *ceredigion.gov.uk:
+
+		- www.croeso ᵈ
+		- fis ³
+		- map ᵈ
+
+	³ 403
+	ᵈ Dropped
+
+
+	These altnames don't exist:
+
+		- ceredigion.gov.uk
+
+
+	Insecure cookies are set for these hosts:
+
+		- forms.ceredigion.gov.uk
+		- job.ceredigion.gov.uk
+		- libraries.ceredigion.gov.uk
+		- pilgrim.ceredigion.gov.uk
+		- www.ceredigion.gov.uk
+
+-->
+<ruleset name="Ceredigion.gov.uk (partial)">
+
+	<target host="forms.ceredigion.gov.uk" />
+	<target host="job.ceredigion.gov.uk" />
+	<target host="libraries.ceredigion.gov.uk" />
+	<target host="pilgrim.ceredigion.gov.uk" />
+	<target host="museum.ceredigion.gov.uk" />
+	<target host="www.ceredigion.gov.uk" />
+
+		<!--	Set cookies without Secure:
+							-->
+		<test url="http://forms.ceredigion.gov.uk/ufs/ufsmain?formid=CRM_CONTACT_FORM&amp;PRM_FORM_ID=5" />
+		<test url="http://job.ceredigion.gov.uk/vacancies/" />
+		<test url="http://www.ceredigion.gov.uk/index.cfm?articleid=197&amp;articleaction=chooselanguage_eng" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^forms\.ceredigion\.gov\.uk$" name="^(?:JSESSIONID|ebaseCookieTest)$" /-->
+	<!--securecookie host="^job\.ceredigion\.gov\.uk$" name="^HBR_SITE_SESSID$" /-->
+	<!--securecookie host="^libraries\.ceredigion\.gov\.uk$" name="^CSPSESSIONID" /-->
+	<!--securecookie host="^(?:pilgrim|www)\.ceredigion\.gov\.uk$" name="^(?:CFCLIENT_CEREDIGION|CFGLOBALS|CFID|CFTOKEN|LANG)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CertSimple.com.xml b/src/chrome/content/rules/CertSimple.com.xml
new file mode 100644
index 000000000000..61ffc8d92dd8
--- /dev/null
+++ b/src/chrome/content/rules/CertSimple.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="CertSimple.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="certsimple.com" />
+	<target host="www.certsimple.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CertiVox.com.xml b/src/chrome/content/rules/CertiVox.com.xml
new file mode 100644
index 000000000000..ab6f62478689
--- /dev/null
+++ b/src/chrome/content/rules/CertiVox.com.xml
@@ -0,0 +1,38 @@
+<!--
+
+	Nonfunctional hosts:
+
+		- docs *
+
+	* Redirects to http
+
+
+	Fully covered hosts:
+
+		- (www.)?
+		- m-pindemo
+
+
+	Insecure cookies are set for these hosts:
+
+		- m-pindemo.certivox.org
+
+-->
+<ruleset name="CertiVox.com (partial)">
+
+	<target host="certivox.com" />
+	<target host="m-pindemo.certivox.org" />
+	<target host="www.certivox.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^m-pindemo\.certivox\.org$" name="^mpindemo_session$" /-->
+
+	<securecookie host="^m-pindemo\.certivox\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Certible.xml b/src/chrome/content/rules/Certible.xml
deleted file mode 100644
index 3df94a785d37..000000000000
--- a/src/chrome/content/rules/Certible.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="Certible">
-
-	<target host="certible.com" />
-	<target host="www.certible.com" />
-
-
-	<rule from="^http://(www\.)?certible\.com/"
-		to="https://$1certible.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Certificate-transparency.org.xml b/src/chrome/content/rules/Certificate-transparency.org.xml
new file mode 100644
index 000000000000..5987cd0d79ea
--- /dev/null
+++ b/src/chrome/content/rules/Certificate-transparency.org.xml
@@ -0,0 +1,7 @@
+<ruleset name="Certificate-Transparency.org">
+    <target host="certificate-transparency.org" />
+    <target host="www.certificate-transparency.org" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CertificateMonitor.org.xml b/src/chrome/content/rules/CertificateMonitor.org.xml
new file mode 100644
index 000000000000..dfe38ba118a1
--- /dev/null
+++ b/src/chrome/content/rules/CertificateMonitor.org.xml
@@ -0,0 +1,11 @@
+<ruleset name="Certificate Monitor.org">
+
+	<target host="certificatemonitor.org" />
+	<target host="www.certificatemonitor.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CertifiedAccessories.com.xml b/src/chrome/content/rules/CertifiedAccessories.com.xml
new file mode 100644
index 000000000000..a88a4441dd34
--- /dev/null
+++ b/src/chrome/content/rules/CertifiedAccessories.com.xml
@@ -0,0 +1,12 @@
+<!--
+	Active mixed content:
+		- certifiedaccessories.com
+		- www.certifiedaccessories.com
+-->
+
+<ruleset name="CertifiedAccessories.com" platform="mixedcontent">
+	<target host="certifiedaccessories.com" />
+	<target host="www.certifiedaccessories.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Certified_Secure.com.xml b/src/chrome/content/rules/Certified_Secure.com.xml
new file mode 100644
index 000000000000..335dc713060b
--- /dev/null
+++ b/src/chrome/content/rules/Certified_Secure.com.xml
@@ -0,0 +1,17 @@
+<!--
+	^: cert only matches www
+
+-->
+<ruleset name="Certified Secure.com">
+
+	<target host="certifiedsecure.com" />
+	<target host="www.certifiedsecure.com" />
+
+
+	<securecookie host="^\.www\.certifiedsecure\.com$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?certifiedsecure\.com/"
+		to="https://www.certifiedsecure.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Certigna.fr.xml b/src/chrome/content/rules/Certigna.fr.xml
new file mode 100644
index 000000000000..a99d2fc844a1
--- /dev/null
+++ b/src/chrome/content/rules/Certigna.fr.xml
@@ -0,0 +1,35 @@
+<!--
+	Nonfunctional hosts in *certigna.fr:
+
+		- archivage
+		- beta *
+		- v1 ʳ
+
+	* Shows v1
+	ʳ Refused
+
+
+	^certigna.fr: mismatched
+
+-->
+<ruleset name="Certigna.fr (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.certigna.fr" />
+
+	<!--	Complications:
+				-->
+	<target host="certigna.fr" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://certigna\.fr/"
+		to="https://www.certigna.fr/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Certona.xml b/src/chrome/content/rules/Certona.xml
index ed3f632b1806..f2d059897c0d 100644
--- a/src/chrome/content/rules/Certona.xml
+++ b/src/chrome/content/rules/Certona.xml
@@ -4,7 +4,6 @@
 	<target host="www.res-x.com" />
 
 
-	<rule from="^http://(www\.)?res-x\.com/"
-		to="https://$1res-x.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Cesium_JS.org.xml b/src/chrome/content/rules/Cesium_JS.org.xml
new file mode 100644
index 000000000000..7c1e988bc9fe
--- /dev/null
+++ b/src/chrome/content/rules/Cesium_JS.org.xml
@@ -0,0 +1,25 @@
+<!--
+	www.cesiumjs.org: 404
+
+-->
+<ruleset name="Cesium JS.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="cesiumjs.org" />
+
+	<!--	Complications:
+				-->
+	<target host="www.cesiumjs.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://www\.cesiumjs\.org/"
+		to="https://cesiumjs.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CeskaPosta.cz.xml b/src/chrome/content/rules/CeskaPosta.cz.xml
new file mode 100644
index 000000000000..baaa9380cbb6
--- /dev/null
+++ b/src/chrome/content/rules/CeskaPosta.cz.xml
@@ -0,0 +1,12 @@
+<ruleset name="Česká pošta, s.p.">
+    <target host="ceskaposta.cz" />
+    <target host="www.ceskaposta.cz" />
+    <target host="postaonline.cz" />
+    <target host="www.postaonline.cz" />
+
+
+    <rule from="^http://postaonline\.cz/"
+            to="https://www.postaonline.cz/" />
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CetteSemaine.info.xml b/src/chrome/content/rules/CetteSemaine.info.xml
new file mode 100644
index 000000000000..328f348bb534
--- /dev/null
+++ b/src/chrome/content/rules/CetteSemaine.info.xml
@@ -0,0 +1,10 @@
+<ruleset name="Cette Semaine">
+
+	<target host="cettesemaine.info" />
+	<target host="www.cettesemaine.info" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cf-example.com.xml b/src/chrome/content/rules/Cf-example.com.xml
deleted file mode 100644
index 0416be7e224c..000000000000
--- a/src/chrome/content/rules/Cf-example.com.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="cf-example.com">
-
-	<target host="cf-example.com" />
-	<target host="*.cf-example.com" />
-
-
-	<securecookie host="^\.cf-example\.com$" name=".+" />
-
-
-	<rule from="^https?://(?:www\.)?cf-example\.com/"
-		to="https://www.cf-example.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Cfapps.io.xml b/src/chrome/content/rules/Cfapps.io.xml
new file mode 100644
index 000000000000..edbdc1f903d0
--- /dev/null
+++ b/src/chrome/content/rules/Cfapps.io.xml
@@ -0,0 +1,18 @@
+<!--
+	^cfapps.io doesn't exist.
+
+-->
+<ruleset name="cfapps.io">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="*.cfapps.io" />
+
+		<test url="http://github-shields.cfapps.io/" />
+		<test url="http://sagan-production.cfapps.io/" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cg_Marketing_Systems.com.xml b/src/chrome/content/rules/Cg_Marketing_Systems.com.xml
new file mode 100644
index 000000000000..0b6c14c4c3d4
--- /dev/null
+++ b/src/chrome/content/rules/Cg_Marketing_Systems.com.xml
@@ -0,0 +1,15 @@
+<ruleset name="Cg Marketing Systems.com">
+
+	<target host="cgmarketingsystems.com" />
+	<target host="www.cgmarketingsystems.com" />
+
+		<test url="http://www.cgmarketingsystems.com/broadcast/" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cgd.pt.xml b/src/chrome/content/rules/Cgd.pt.xml
new file mode 100644
index 000000000000..e30896fa7366
--- /dev/null
+++ b/src/chrome/content/rules/Cgd.pt.xml
@@ -0,0 +1,7 @@
+<ruleset name="Cgd.pt">
+	<target host="www.cgd.pt" />
+	<target host="recrutamento.cgd.pt" />
+	<target host="caixadirectaonline.cgd.pt" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Cgtk.co.uk.xml b/src/chrome/content/rules/Cgtk.co.uk.xml
new file mode 100644
index 000000000000..bae9f9ff9ff8
--- /dev/null
+++ b/src/chrome/content/rules/Cgtk.co.uk.xml
@@ -0,0 +1,11 @@
+<!--
+	All other cgtk.co.uk hosts implement automatic
+	forwarding to https.
+-->
+<ruleset name="Cgtk.co.uk">
+	<target host="www.cgtk.co.uk" />
+	<target host="gpx.cgtk.co.uk" />
+	<target host="gpx2.cgtk.co.uk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ch9.ms.xml b/src/chrome/content/rules/Ch9.ms.xml
new file mode 100644
index 000000000000..1e233ce2c18e
--- /dev/null
+++ b/src/chrome/content/rules/Ch9.ms.xml
@@ -0,0 +1,47 @@
+<!--
+	For other Microsoft coverage, see Microsoft.xml.
+
+
+	CDN buckets:
+
+		- video.ch9.ms.edgesuite.net
+
+
+	(www.)?ch9.ms: Refused
+
+-->
+<ruleset name="ch9.ms (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="sec.ch9.ms" />
+
+	<!--	Complications:
+				-->
+	<target host="ch9.ms" />
+	<target host="www.ch9.ms" />
+
+		<exclusion pattern="^http://(?:www\.)?ch9\.ms/+(?!$|\?)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://ch9.ms/f" />
+			<test url="http://ch9.ms/o" />
+			<test url="http://ch9.ms//o" />
+			<test url="http://www.ch9.ms/b" />
+			<test url="http://www.ch9.ms/a" />
+			<test url="http://www.ch9.ms/r" />
+
+
+	<rule from="^http://(?:www\.)?ch9\.ms/+(?:\?.*)?$"
+		to="https://channel9.msdn.com/" />
+
+		<test url="http://ch9.ms/?fo" />
+		<test url="http://ch9.ms/?o" />
+		<test url="http://www.ch9.ms/?ba" />
+		<test url="http://www.ch9.ms/?r" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Chain.com.xml b/src/chrome/content/rules/Chain.com.xml
new file mode 100644
index 000000000000..763a6e0c069f
--- /dev/null
+++ b/src/chrome/content/rules/Chain.com.xml
@@ -0,0 +1,40 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://api.chain.com/ => https://api.chain.com/: (6, 'Could not resolve host: api.chain.com')
+
+	Nonfunctional subdomains:
+
+		- blog *
+
+	* Tumblr
+
+
+	Problematic subdomains:
+
+		- explorer *
+
+	* Herokuapp
+
+
+	Fully covered subdomains:
+
+		- (www.)?
+		- api
+
+-->
+<ruleset name="Chain.com (partial)" default_off="failed ruleset test">
+
+	<target host="chain.com" />
+	<target host="api.chain.com" />
+	<target host="www.chain.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^explorer\.chain\.com$" name="^(_chain-explorer_session|block_chain)$" /-->
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Chainlove.com.xml b/src/chrome/content/rules/Chainlove.com.xml
index c1e21f239b28..313a15927745 100644
--- a/src/chrome/content/rules/Chainlove.com.xml
+++ b/src/chrome/content/rules/Chainlove.com.xml
@@ -1,19 +1,34 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.chainlove.com/ => https://www.chainlove.com/: (6, 'Could not resolve host: www.chainlove.com')
+Fetch error: http://chainlove.com/ => https://www.chainlove.com/: (6, 'Could not resolve host: www.chainlove.com')
+Fetch error: http://images.chainlove.com/ => https://www.chainlove.com/: (6, 'Could not resolve host: www.chainlove.com')
+
 	Problematic subdomains:
 
-		- images	(mismatched)
+		- ^ *
+		- images *
+
+	* Akamai
 
 -->
-<ruleset name="Chainlove.com">
+<ruleset name="Chainlove.com" default_off="failed ruleset test">
 
-	<target host="chainlove.com" />
-	<target host="*.chainlove.com" />
+	<!--	Direct rewrites:
+				-->
+	<target host="www.chainlove.com" />
 
+	<!--	Complications:
+				-->
+	<target host="chainlove.com" />
+	<target host="images.chainlove.com" />
 
-	<rule from="^http://(www\.)?chainlove\.com/"
-		to="https://$1chainlove.com/" />
 
-	<rule from="^https?://images\.chainlove\.com/"
+	<rule from="^http://(?:images\.)?chainlove\.com/"
 		to="https://www.chainlove.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Chaiscript.com.xml b/src/chrome/content/rules/Chaiscript.com.xml
new file mode 100644
index 000000000000..05059ac3ac0e
--- /dev/null
+++ b/src/chrome/content/rules/Chaiscript.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="Chaiscript.com">
+    <target host="chaiscript.com" />
+    <target host="www.chaiscript.com" />
+
+    <securecookie host=".+" name=".+" />
+
+	<!--	Mismatched:	-->
+    <rule from="^http://www\.chaiscript\.com/" to="https://chaiscript.com/" />
+    <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ChaisdOeuvre.fr.xml b/src/chrome/content/rules/ChaisdOeuvre.fr.xml
new file mode 100644
index 000000000000..1c19afc69516
--- /dev/null
+++ b/src/chrome/content/rules/ChaisdOeuvre.fr.xml
@@ -0,0 +1,18 @@
+<!--
+	Invalid certificate:
+		affiliation.chaisdoeuvre.fr
+		dev.chaisdoeuvre.fr
+		invitation.chaisdoeuvre.fr (broken chain)
+		lb.chaisdoeuvre.fr
+		preprod.chaisdoeuvre.fr
+
+-->
+<ruleset name="Chais doeuvre.fr">
+
+	<target host="chaisdoeuvre.fr" />
+	<target host="www.chaisdoeuvre.fr" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Chakas_Mmm.com.xml b/src/chrome/content/rules/Chakas_Mmm.com.xml
new file mode 100644
index 000000000000..4b994678d14b
--- /dev/null
+++ b/src/chrome/content/rules/Chakas_Mmm.com.xml
@@ -0,0 +1,14 @@
+<!--
+	Some pages redirect to http.
+
+-->
+<ruleset name="Chakas Mmm.com (partial)">
+
+	<target host="chakasmmm.com" />
+	<target host="www.chakasmmm.com" />
+
+
+	<rule from="^http://(www\.)?chakasmmm\.com/(?=favicon\.ico|shop/(?:checkout|login|register|your-account)(?:$|[?/])|wp-content/|wp-includes/)"
+		to="https://$1chakasmmm.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ChakraOS.org.xml b/src/chrome/content/rules/ChakraOS.org.xml
new file mode 100644
index 000000000000..af46bee906ed
--- /dev/null
+++ b/src/chrome/content/rules/ChakraOS.org.xml
@@ -0,0 +1,21 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.chakraos.org/ => https://www.chakraos.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.chakraos.org'")
+
+-->
+<ruleset name="ChakraOS.org" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="chakraos.org" />
+	<target host="www.chakraos.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Challenge.gov.xml b/src/chrome/content/rules/Challenge.gov.xml
new file mode 100644
index 000000000000..3b83385bf0f5
--- /dev/null
+++ b/src/chrome/content/rules/Challenge.gov.xml
@@ -0,0 +1,35 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://api.challenge.gov/ => https://api.challenge.gov/: (35, 'Unknown SSL protocol error in connection to api.challenge.gov:443 ')
+Fetch error: http://staging-api.challenge.gov/ => https://staging-api.challenge.gov/: (35, 'Unknown SSL protocol error in connection to staging-api.challenge.gov:443 ')
+
+
+
+	Insecure cookies are set for these hosts:
+
+		- api.challenge.gov
+		- staging-api.challenge.gov
+		- www.challenge.gov
+
+-->
+<ruleset name="Challenge.gov" default_off="failed ruleset test">
+
+	<target host="challenge.gov" />
+	<target host="api.challenge.gov" />
+	<target host="staging-api.challenge.gov" />
+	<target host="www.challenge.gov" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:staging-)?api\.challenge\.gov$" name="^_ChallengeApp_session$" /-->
+	<!--securecookie host="^www\.challenge\.gov$" name="^(?:PHPSESSID|wfvt_\d+)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ChallengePost.xml b/src/chrome/content/rules/ChallengePost.xml
index 51774a77ba31..8c3e486f75ea 100644
--- a/src/chrome/content/rules/ChallengePost.xml
+++ b/src/chrome/content/rules/ChallengePost.xml
@@ -1,4 +1,11 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://challengepost.com/ => https://challengepost.com/: (51, "SSL: no alternative certificate subject name matches target host name 'challengepost.com'")
+Fetch error: http://assetspost.com/ => http://assetspost.com/: (51, "SSL: no alternative certificate subject name matches target host name 'assetspost.com'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://challengepost.com/ => https://challengepost.com/: Cycle detected - URL already encountered: https://challengepost.com/
 	CDN buckets:
 
 		- s3.amazonaws.com/challengepost/
@@ -24,7 +31,7 @@
 		- (www.)assetspost.com		(at least some pages redirect to http)
 
 -->
-<ruleset name="ChallengePost (partial)">
+<ruleset name="ChallengePost (partial)" default_off="failed ruleset test">
 
 	<target host="challengepost.com" />
 	<target host="*.challengepost.com" />
@@ -38,10 +45,10 @@
 	<rule from="^http://((?:forexfreestyle|nycschools|secure|www)\.)?challengepost\.com/"
 		to="https://$1challengepost.com/" />
 
-	<rule from="^https?://(?:www\.)?assetspost\.com/assets/"
+	<rule from="^http://(?:www\.)?assetspost\.com/assets/"
 		to="https://www.assetspost.com/assets/" />
 
-	<rule from="^https?://challengepost\d?\.assetspost\.com/"
+	<rule from="^http://challengepost\d?\.assetspost\.com/"
 		to="https://challengepost-challengepost.netdna-ssl.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Chalmers.se.xml b/src/chrome/content/rules/Chalmers.se.xml
index ec4834ff64a0..fd83200003d6 100644
--- a/src/chrome/content/rules/Chalmers.se.xml
+++ b/src/chrome/content/rules/Chalmers.se.xml
@@ -1,13 +1,22 @@
+<!--
+	No working URL known:
+		www.admin.chalmers.se (401)
+-->
+
 <ruleset name="Chalmers">
 
 	<target host="chalmers.se" />
-	<target host="*.chalmers.se" />
-
+	<target host="admin.chalmers.se" />
+	<target host="doctoral.portal.chalmers.se" />
+	<target host="idp.chalmers.se" />
+	<target host="student.portal.chalmers.se" />
+	<target host="studentportal.chalmers.se" />
+	<target host="www.chalmers.se" />
+	<target host="www.cse.chalmers.se" />
 
 	<securecookie host="^(?:www\.)?chalmers\.se$" name=".+" />
 
 
-	<rule from="^http://(www\.)?(admin\.)?chalmers\.se/"
-		to="https://$1$2chalmers.se/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Chambal.xml b/src/chrome/content/rules/Chambal.xml
deleted file mode 100644
index 818c4aa7e7c0..000000000000
--- a/src/chrome/content/rules/Chambal.xml
+++ /dev/null
@@ -1,36 +0,0 @@
-<!--
-	Other Chambal rulesets:
-
-		- Bucket_Explorer.com.xml
-		- Minalyzer.com.xml
-		- SunoSanuo.com.xml
-
-
-	CDN buckets:
-
-		- s3.amazonaws.com/images.chambal.com/ | d1tk5j9aunjut2.cloudfront.net
-
-			- images.chambal.com
-
-
-	Nonfunctional domains:
-
-		- (www.)chambal.com	(interrupted)
-		- ls.chambal.net	(shows accounts; mismatched, CN: accounts.chambal.com)
-
--->
-<ruleset name="Chambal (partial)">
-
-	<target host="*.chambal.com" />
-
-
-	<securecookie host="^accounts\.chambal\.com$" name=".+" />
-
-
-	<rule from="^http://accounts\.chambal\.com/"
-		to="https://accounts.chambal.com/" />
-
-	<rule from="^http://images\.chambal\.com/"
-		to="https://d1tk5j9aunjut2.cloudfront.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Chameleon.ad.xml b/src/chrome/content/rules/Chameleon.ad.xml
new file mode 100644
index 000000000000..82409957f04a
--- /dev/null
+++ b/src/chrome/content/rules/Chameleon.ad.xml
@@ -0,0 +1,41 @@
+<!--
+	cert mismatch:
+		- *.gsn.chameleon.ad
+		- *.static.chameleon.ad
+	Timeout:
+		- s10.chameleon.ad
+		- test2.chameleon.ad
+	TLS error:
+		- calendar.chameleon.ad
+		- drive.chameleon.ad
+		- email.chameleon.ad
+-->
+
+<ruleset name="Chameleon.ad">
+
+	<target host="chameleon.ad" />
+	<target host="www.chameleon.ad" />
+
+	<target host="gns.chameleon.ad" />
+	<target host="gsn.chameleon.ad" />
+	<target host="gsn_ipv4.chameleon.ad" />
+	<target host="my.chameleon.ad" />
+	<target host="ns1.chameleon.ad" />
+	<target host="ns2.chameleon.ad" />
+	<target host="ns3.chameleon.ad" />
+	<target host="pwk.chameleon.ad" />
+	<target host="s2.chameleon.ad" />
+	<target host="s3.chameleon.ad" />
+	<target host="s8.chameleon.ad" />
+	<target host="s9.chameleon.ad" />
+	<target host="static.chameleon.ad" />
+	<target host="test.chameleon.ad" />
+	<target host="tracking.chameleon.ad" />
+	<target host="vorlon.chameleon.ad" />
+	<target host="vtiger.chameleon.ad" />
+
+	<rule from="^http:" to="https:"/>
+
+</ruleset>
+
+
diff --git a/src/chrome/content/rules/Champaign-County-ACLU.xml b/src/chrome/content/rules/Champaign-County-ACLU.xml
new file mode 100644
index 000000000000..773ac71caf2d
--- /dev/null
+++ b/src/chrome/content/rules/Champaign-County-ACLU.xml
@@ -0,0 +1,18 @@
+<!--
+
+	For other ACLU coverage, see ACLU.xml
+
+	Problematic domains:
+	- webmail.aclu-cu.org	(cert mismatch)
+
+-->
+<ruleset name="Champaign County ACLU">
+
+	<target host="aclu-cu.org" />
+	<target host="www.aclu-cu.org" />
+
+	<securecookie host="^www\.aclu-cu\.org$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ChampionCasino.net.xml b/src/chrome/content/rules/ChampionCasino.net.xml
index bc82ac0a31d5..9229681d1683 100644
--- a/src/chrome/content/rules/ChampionCasino.net.xml
+++ b/src/chrome/content/rules/ChampionCasino.net.xml
@@ -1,22 +1,8 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.) *
-		- api *
-		- dlc
-
-	* 400
-
--->
 <ruleset name="ChampionCasino.net (partial)">
+	<target host="championcasino.net" />
+	<target host="www.championcasino.net" />
 
-	<target host="*.championcasino.net" />
-
-
-	<securecookie host="^.+\.championcasino\.net$" name=".+" />
-
-
-	<rule from="^http://(cdn1|pay|sec)\.championcasino\.net/"
-		to="https://$1.championcasino.net/" />
+	<securecookie host=".+" name=".+" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Champions_of_Regnum.com.xml b/src/chrome/content/rules/Champions_of_Regnum.com.xml
index 5dae19005671..13fc5af3b4ed 100644
--- a/src/chrome/content/rules/Champions_of_Regnum.com.xml
+++ b/src/chrome/content/rules/Champions_of_Regnum.com.xml
@@ -20,7 +20,6 @@
 	<securecookie host="^www\.championsofregnum\.com$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?championsofregnum\.com/"
-		to="https://www.championsofregnum.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Champs_Sports.xml b/src/chrome/content/rules/Champs_Sports.xml
index fd8ed43bc7a7..33733661dcbb 100644
--- a/src/chrome/content/rules/Champs_Sports.xml
+++ b/src/chrome/content/rules/Champs_Sports.xml
@@ -22,24 +22,25 @@
 <ruleset name="Champs Sports (partial)">
 
 	<target host="champssports.com" />
-	<target host="*.champssports.com" />
-	<target host="*.e.champssports.com" />
-	<target host="*.www.champssports.com" />
+	<target host="www.champssports.com" />
+	<target host="ebm.e.champssports.com" />
+	<target host="f.e.champssports.com" />
+	<target host="images.champssports.com" />
+	<target host="m.champssports.com" />
 
 
 	<securecookie host="^.*\.champssports\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?champssports\.com/"
+	<rule from="^http://(?:www\.)?champssports\.com/"
 		to="https://www.champssports.com/" />
 
-	<rule from="^https?://ebm\.e\.champssports\.com/"
+	<rule from="^http://ebm\.e\.champssports\.com/"
 		to="https://ebm.cheetahmail.com/" />
 
-	<rule from="^https?://f\.e\.champssports\.com/"
+	<rule from="^http://f\.e\.champssports\.com/"
 		to="https://f.chtah.com/" />
 
-	<rule from="^http://(images|m)\.champssports\.com/"
-		to="https://$1.champssports.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Change.org.xml b/src/chrome/content/rules/Change.org.xml
index 4dfd621e8a2d..333bcbffdb94 100644
--- a/src/chrome/content/rules/Change.org.xml
+++ b/src/chrome/content/rules/Change.org.xml
@@ -1,22 +1,35 @@
 <!--
-	s3.amazonaws.com/change-production
+	CDN buckets:
+
+		- s3.amazonaws.com/change-production/
+
+
+	Nonfunctional subdomains:
+
+		- helpdesk *
+
+	* Zendesk
 
 -->
-<ruleset name="Change.org">
+<ruleset name="Change.org (partial)">
 
 	<target host="change.org" />
-	<target host="*.change.org" />
+	<target host="www.change.org" />
+	<target host="helpdesk.change.org" />
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.change\.org$" name="^_change_session$" /-->
+	<!--securecookie host="^www\.change\.org$" name="^tracking_data$" /-->
 
-	<securecookie host="^.*\.change\.org$" name=".*" />
+	<securecookie host=".*\.change\.org$" name=".+" />
 
 
 	<rule from="^http://(www\.)?change\.org/"
 		to="https://$1change.org/" />
 
-	<!--	change.zendesk.com pages redirect back to helpdesk.
-		helpdesk pages redirect to http.	-->
-	<rule from="^https?://helpdesk\.change\.org/(generated|images|system)/"
-		to="https://change.zendesk.com/$1/" />
+	<rule from="^http://helpdesk\.change\.org/(?=generated/|images/|system/)"
+		to="https://change.zendesk.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/ChangeAView.com.xml b/src/chrome/content/rules/ChangeAView.com.xml
new file mode 100644
index 000000000000..be5b1434febc
--- /dev/null
+++ b/src/chrome/content/rules/ChangeAView.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="ChangeAView.com">
+	<target host="changeaview.com" />
+	<target host="www.changeaview.com" />
+	<target host="api.changeaview.com" />
+	<target host="secure.changeaview.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ChangeAView.org.xml b/src/chrome/content/rules/ChangeAView.org.xml
new file mode 100644
index 000000000000..f9ba9000ef3a
--- /dev/null
+++ b/src/chrome/content/rules/ChangeAView.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="ChangeAView.org">
+	<target host="changeaview.org" />
+	<target host="www.changeaview.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ChangeDetection.com.xml b/src/chrome/content/rules/ChangeDetection.com.xml
new file mode 100644
index 000000000000..93bef1e62392
--- /dev/null
+++ b/src/chrome/content/rules/ChangeDetection.com.xml
@@ -0,0 +1,28 @@
+<!--
+	For other FreeFind coverage, see FreeFind.xml.
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.changedetection.com
+
+-->
+<ruleset name="ChangeDetection.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="changedetection.com" />
+	<target host="www.changedetection.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.changedetection\.com$" name="^ce$" /-->
+
+	<securecookie host="^www\.changedetection\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ChangeIP.com.xml b/src/chrome/content/rules/ChangeIP.com.xml
new file mode 100644
index 000000000000..3187f7499a95
--- /dev/null
+++ b/src/chrome/content/rules/ChangeIP.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="ChangeIP.com">
+  <target host="changeip.com" />
+  <target host="www.changeip.com" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Changemakers.xml b/src/chrome/content/rules/Changemakers.xml
index 7c13b8eb8ec5..442361b3157a 100644
--- a/src/chrome/content/rules/Changemakers.xml
+++ b/src/chrome/content/rules/Changemakers.xml
@@ -2,6 +2,5 @@
   <target host="changemakers.com" />
   <target host="www.changemakers.com" />
 
-  <rule from="^http://(cdn\.|www\.)?changemakers\.com/"
-          to="https://www.changemakers.com/" />
-</ruleset>
\ No newline at end of file
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Changing-Cities.org.xml b/src/chrome/content/rules/Changing-Cities.org.xml
new file mode 100644
index 000000000000..dd2ce1bb5e8c
--- /dev/null
+++ b/src/chrome/content/rules/Changing-Cities.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="Changing-Cities.org">
+
+	<target host="changing-cities.org" />
+	<target host="www.changing-cities.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Chango.xml b/src/chrome/content/rules/Chango.xml
index 580012b3f2ea..e76d6971afb1 100644
--- a/src/chrome/content/rules/Chango.xml
+++ b/src/chrome/content/rules/Chango.xml
@@ -1,36 +1,70 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://as.chango.com/ => https://as.chango.com/: (51, "SSL: no alternative certificate subject name matches target host name 'as.chango.com'")
+Fetch error: http://cc.chango.com/ => https://cc.chango.com/: (51, "SSL: no alternative certificate subject name matches target host name 'cc.chango.com'")
+Fetch error: http://dashboard.chango.com/ => https://dashboard.chango.com/: (51, "SSL: no alternative certificate subject name matches target host name 'dashboard.chango.com'")
+Fetch error: http://www.chango.com/ => https://www.chango.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.chango.com'")
+Fetch error: http://z.chango.com/ => https://z.chango.com/: (51, "SSL: no alternative certificate subject name matches target host name 'z.chango.com'")
+Fetch error: http://ads.chango.ca/ => https://as.chango.com/: (51, "SSL: no alternative certificate subject name matches target host name 'as.chango.com'")
+Fetch error: http://chango.com/ => https://www.chango.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.chango.com'")
+
 	CDN buckets:
 
-		- as.chango.com.edgesuite.net
-			- ads.chango.ca
+		- wildcard.chango.com.edgekey.net
+		- as.chango.com.edgesuite.net	← ads.chango.ca
+
+
+	^chango.com: 503
 
-		- wildcard.chango.com.edgekey.net/...
-			- e846.g.akamaiedge.net/...
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- .chango.com
+		- dashboard.chango.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="Chango">
+<ruleset name="Chango" default_off="failed ruleset test">
+
+	<!--	Direct rewrotes:
+				-->
+	<target host="as.chango.com" />
+	<target host="cc.chango.com" />
+	<target host="dashboard.chango.com" />
+	<target host="www.chango.com" />
+	<target host="z.chango.com" />
 
+	<!--	Complications:
+				-->
 	<target host="ads.chango.ca" />
+
 	<target host="chango.com" />
-	<target host="*.chango.com" />
+
+		<!--	Set cookies without Secure:
+							-->
+		<!--test url="http://cc.chango.com/c/1/o?pid=&amp;order_id=&amp;seg_diapers=&amp;seg_soap=&amp;seg_wag=&amp;p=&amp;r=&amp;dip=" /-->
+		<!--test url="http://cc.chango.com/collector/relator?id=&amp;partner=&amp;token=&amp;uid=&amp;google_error=" /-->
 
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.chango\.com$" name="^_v?t$" /-->
+
 	<!--	_t & _vt are set by cc:
 					-->
-	<securecookie host="^\.chango\.com$" name="^(?:_i_cw|_i_lj|_t|_v?t)$" />
-	<securecookie host="^dashboard\.chango\.com$" name=".*" />
+	<securecookie host="^\." name="^_(?:i_cw|i_lj|v?t)$" />
+	<securecookie host="^\w" name=".+" />
 
 
 	<rule from="^http://ads\.chango\.ca/"
 		to="https://as.chango.com/" />
 
-	<!--	!www cert: web01-new.internal.chango.com.internal.chango.com, self-signed
-							-->
-	<rule from="^http://(?:www\.)?chango\.com/"
+	<rule from="^http://chango\.com/"
 		to="https://www.chango.com/" />
 
-
-	<rule from="^http://(as|cc|dashboard|z)\.chango\.com/"
-		to="https://$1.chango.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Channel-5.xml b/src/chrome/content/rules/Channel-5.xml
index ffabfdddbc1c..e9f767aa27d4 100644
--- a/src/chrome/content/rules/Channel-5.xml
+++ b/src/chrome/content/rules/Channel-5.xml
@@ -1,46 +1,71 @@
-<ruleset name="Channel 5" platform="mixedcontent">
+<!--
+	Other Channel 5 Broadcasting rulesets:
 
-	<target host="channel5.com"/>
-	<target host="fwd.channel5.com"/>
-	<target host="fwdcdn.channel5.com"/>
-	<target host="sso.channel5.com"/>
-	<target host="www.channel5.com"/>
+		- FiveTV.xml
+
+
+	Nonfunctional hosts in *channel5.com:
+
+		- about ¹
+		- milkshake ²
+		- fwd ³
+
+	¹ 400
+	² Refused
+	³ Dropped
+
+
+	Problematic hosts in *channel5.com:
+
+		- (www.)? ¹
+		- competitions ² ³
+
+	¹ Server sends no certificate chain, see https://whatsmychaincert.com
+	² Mismatched
+	³ Mixed css
+
+
+	Mixed content:
+
+		- css on competitions from wwwcdn.channel5.com ¹
+
+		- Images, on:
+
+			- competitions from wwwcdn.channel5.com ¹
+			- competitions from d2gnblp1jps891.cloudfront.net ¹
+			- faqs from www.channel5.com ²
+			- faqs from wwwcdn.channel5.com ¹
+
+		- Bugs, on:
+
+			- competitions from s7.addthis.com ¹
+			- faqs from b.scorecardresearch.com ¹
+
+	¹ Secured by us
+	² Not secured by us <= missing certificate chain
+
+-->
+<ruleset name="Channel 5.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<!--target host="channel5.com"/-->
+	<!--target host="competitions.channel5.com"/-->
+	<target host="faqs.channel5.com"/>
+	<target host="help.channel5.com"/>
+	<!--target host="www.channel5.com"/-->
 	<target host="wwwcdn.channel5.com"/>
-	<target host="oas.five.tv"/>
-	<target host="sso.five.tv"/>
-
-
-	<!--	observed cookies:
-			- ^fwd.c...
-				- _five-hero_session
-			- ^www.c...
-				- _five-tv_session
-			- ^wwwcdn.c...
-				- _five-tv_session
-			- ^\.f...
-				- NXCLICK2
-				- OAX
-			- ^oas.f...
-				- NSC_nnnnnn_qppm_iuuq	-->
-	<securecookie host="^fwd\.channel5\.com$" name=".*"/>
-
-
-	<rule from="^http://oas\.five\.tv/"
-		to="https://oasc07.247realmedia.com/"/>
-
-	<rule from="^http://(www\.)?channel5\.com/(assets|images|stylesheets)/"
-		to="https://$1channel5.com/$2/"/>
-
-	<!--	fwdcdn cert: *.hs.llnwd.net	-->
-	<rule from="^http://fwd(?:cdn)?\.channel5\.com/"
-		to="https://fwd.channel5.com/"/>
-
-	<!--	cert doesn't match sso.five.tv	-->
-	<rule from="^http://sso\.(?:channel5\.com|five\.tv)/"
-		to="https://sso.channel5.com/"/>
-
-	<!--	cert: *.hs.llnwd.net		-->
-	<rule from="^http://wwwcdn\.channel5\.com/"
-		to="https://wwwcdn.channel5.com/"/>
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://(?:www\.)?channel5\.com/" /-->
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="^http://(?:www\.)?channel5\.com/+(?!assets/|images/|stylesheets/)" /-->
+
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/ChannelAdvisor.com-problematic.xml b/src/chrome/content/rules/ChannelAdvisor.com-problematic.xml
deleted file mode 100644
index d5be9779f8ce..000000000000
--- a/src/chrome/content/rules/ChannelAdvisor.com-problematic.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	For rules that are on by default, see ChannelAdvisor.com.xml.
-
--->
-<ruleset name="ChannelAdvisor.com (self-signed)" default_off="self-signed">
-
-	<target host="channeladvisor.com" />
-	<target host="www.channeladvisor.com" />
-
-
-	<rule from="^http://(?:www\.)?channeladvisor\.com/"
-		to="https://www.channeladvisor.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/ChannelAdvisor.com.xml b/src/chrome/content/rules/ChannelAdvisor.com.xml
index fbc6917c1d66..15306aa52ce8 100644
--- a/src/chrome/content/rules/ChannelAdvisor.com.xml
+++ b/src/chrome/content/rules/ChannelAdvisor.com.xml
@@ -1,18 +1,71 @@
 <!--
-	For problematic rules, see ChannelAdvisor.com-problematic.xml.
 
+	Self-signed hosts:
 
-	Problematic subdomains:
+		- blog
+		- current-partners
+		- china
+		- customersuccess
+		- labs
+		- mtdev
+		- origin.www
+
+	Mismatched hosts:
+
+		- images
+		- origin.images
+		- ir
+
+	Incomplete certificate chain hosts:
+
+		- community
+		- fulfillment
+
+	Problematic hosts:
+
+		- ssc (redirects to http)
 
-		- (www.)	(works; self-signed, CN: Parallels Panel)
-	
 -->
-<ruleset name="ChannelAdvisor.com (partial)">
+<ruleset name="ChannelAdvisor.com">
 
+	<target host="channeladvisor.com" />
+	<target host="www.channeladvisor.com" />
+	<target host="api.channeladvisor.com" />
+	<target host="api.beta.channeladvisor.com" />
+	<target host="caapi.channeladvisor.com" />
+	<target host="catalyst.channeladvisor.com" />
+	<target host="catalyst2017.channeladvisor.com" />
+	<target host="checkout.channeladvisor.com" />
+	<target host="cloudlink.channeladvisor.com" />
+	<target host="cn.complete.channeladvisor.com" />
+	<target host="cn.login.channeladvisor.com" />
+	<target host="complete.channeladvisor.com" />
+	<target host="de.login.channeladvisor.com" />
+	<target host="developer.channeladvisor.com" />
+	<target host="enterprise.channeladvisor.com" />
+	<target host="go.channeladvisor.com" />
+	<target host="integrations-dev.channeladvisor.com" />
+	<target host="integrations.channeladvisor.com" />
+	<target host="kiz.channeladvisor.com" />
+	<target host="login.beta.channeladvisor.com" />
+	<target host="login.channeladvisor.com" />
+	<target host="m.channeladvisor.com" />
+	<target host="merchant.channeladvisor.com" />
+	<target host="oos.channeladvisor.com" />
+	<target host="originrichmedia.channeladvisor.com" />
+	<target host="outofservice.channeladvisor.com" />
+	<target host="partner.channeladvisor.com" />
+	<target host="pets.channeladvisor.com" />
+	<target host="richmedia.channeladvisor.com" />
+	<target host="richmediavideo.channeladvisor.com" />
+	<target host="secure.images.channeladvisor.com" />
+	<target host="secureimages.channeladvisor.com" />
+	<target host="static.channeladvisor.com" />
+	<target host="status.channeladvisor.com" />
+	<target host="t-origin.channeladvisor.com" />
 	<target host="t.channeladvisor.com" />
+	<target host="webadapters.channeladvisor.com" />
 
-
-	<rule from="^http://t\.channeladvisor\.com/"
-		to="https://t.channeladvisor.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/ChannelIntelligence.com.xml b/src/chrome/content/rules/ChannelIntelligence.com.xml
deleted file mode 100644
index 22baf07b1b7b..000000000000
--- a/src/chrome/content/rules/ChannelIntelligence.com.xml
+++ /dev/null
@@ -1,32 +0,0 @@
-<!--
-	For other Google coverage, see GoogleServices.xml.
-
-
-	CDN buckets:
-
-		- cts-secure.channelintelligence.com.edgekey.net
-
-		- akamai.ci.edgesuite.net
-
-			- cts
-
-
-	Nonfunctional subdomains:
-
-		- (www.)	(wpengine)
-
-
-	Problematic subdomains:
-
-		- cts	(akamai)
-
--->
-<ruleset name="ChannelIntelligence.com (partial)">
-
-	<target host="*.channelintelligence.com" />
-
-
-	<rule from="^http://cts(?:-secure)?\.channelintelligence\.com/"
-		to="https://cts-secure.channelintelligence.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Channel_4-falsemixed.xml b/src/chrome/content/rules/Channel_4-falsemixed.xml
index 172c43ffbaf9..53d9029457fe 100644
--- a/src/chrome/content/rules/Channel_4-falsemixed.xml
+++ b/src/chrome/content/rules/Channel_4-falsemixed.xml
@@ -1,17 +1,17 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://mailing.channel4.com/ => https://mailing.channel4.com/: (51, "SSL: no alternative certificate subject name matches target host name 'mailing.channel4.com'")
+
 	For rules not causing false/broken MCB, see Channel_4.xml.
 
 -->
-<ruleset name="Channel 4 (false MCB)" platform="mixedcontent">
+<ruleset name="Channel 4.com (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="mailing.channel4.com" />
-		<!--
-			Handled in Channel_4.xml:
-							-->
-		<!--exclusion pattern="^http://mailing\.channel4\.com/+(?!public/snowmail/remotebox\.jsp)" /-->
 
 
-		<rule from="^http://mailing\.channel4\.com/public/snowmail/remotebox\.jsp"
-			to="https://mailing.channel4.com/public/snowmail/remotebox.jsp" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Channel_4.xml b/src/chrome/content/rules/Channel_4.xml
index bd5dfa05dcde..2ff9318f3de6 100644
--- a/src/chrome/content/rules/Channel_4.xml
+++ b/src/chrome/content/rules/Channel_4.xml
@@ -1,4 +1,5 @@
 <!--
+	Disabled per https://trac.torproject.org/projects/tor/ticket/15878
 	For rules causing false/broken MCB, see Channel_4-falsemixed.xml.
 
 
@@ -66,22 +67,33 @@
 	* Secured by us
 
 -->
-<ruleset name="Channel 4 (partial)">
+<ruleset name="Channel 4.com (partial)" default_off="Breaks video">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="channel4.com" />
-	<target host="*.channel4.com" />
+	<target host="4id.channel4.com" />
+	<target host="ais.channel4.com" />
+	<target host="mailing.channel4.com" />
+	<target host="test.channel4.com" />
+	<target host="www.channel4.com" />
+
+	<!--	Complications:
+				-->
+	<target host="realmedia.channel4.com" />
+
 		<!--exclusion pattern="^http://(www\.)?channel4\.com/+(assets|media)/" /-->
 		<exclusion pattern="^http://(?:www\.)?channel4\.com/(?!4me(?:$|[?/])|static/)" />
-		<!--
-			Avoid false/broken MCB:
+
+		<!--	Avoid false/broken MCB:
 						-->
 		<exclusion pattern="^http://mailing\.channel4\.com/public/snowmail/remotebox\.jsp" />
 
 
-	<rule from="^http://((?:4id|ais|mailing|test|www)\.)?channel4\.com/"
-		to="https://$1channel4.com/" />
-
-	<rule from="^https?://realmedia\.channel4\.com/"
+	<rule from="^http://realmedia\.channel4\.com/"
 		to="https://2a7e9.v.fwmrm.net/" />
 
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/Channelme.tv.xml b/src/chrome/content/rules/Channelme.tv.xml
index d72391fd4ee1..126b69890f2f 100644
--- a/src/chrome/content/rules/Channelme.tv.xml
+++ b/src/chrome/content/rules/Channelme.tv.xml
@@ -6,10 +6,11 @@
 -->
 <ruleset name="channelme.tv">
 
-	<target host="*.channelme.tv" />
+	<target host="media.channelme.tv" />
+	<target host="cdn-media.channelme.tv" />
 
 
 	<rule from="^http://(?:cdn-)?media\.channelme\.tv/"
 		to="https://media.channelme.tv/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Channelx.biz.xml b/src/chrome/content/rules/Channelx.biz.xml
deleted file mode 100644
index e45632e0750c..000000000000
--- a/src/chrome/content/rules/Channelx.biz.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="channelx.biz" default_off="self-signed">
-
-	<target host="channelx.biz"/>
-	<target host="*.channelx.biz"/>
-
-	<rule from="^http://(?:www\.)?channelx\.biz/"
-		to="https://www.channelx.biz/"/>
-
-	<rule from="^http://gentoo\.channelx\.biz/"
-		to="https://gentoo.channelx.biz/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Chaos-Reigns.xml b/src/chrome/content/rules/Chaos-Reigns.xml
index 486dafa5d14e..9c024e2b9306 100644
--- a/src/chrome/content/rules/Chaos-Reigns.xml
+++ b/src/chrome/content/rules/Chaos-Reigns.xml
@@ -1,14 +1,25 @@
-<ruleset name="Chaos Reigns" default_off="mismatch, self-signed">
+<!--
+	Problematic subdomains:
 
-	<target host="chaosreigns.com"/>
-	<target host="*.chaosreigns.com"/>
+		- ^ ¹
+		- panic ¹
+		- www ²
 
-	<securecookie host="^(.*\.)?chaosreigns\.com$" name=".*"/>
+	¹ "You have failed to specify a hostname"; mismatched, CN: panic.chaosreigns.com
+	² Works; expired, self-signed
 
-	<rule from="^http://chaosreigns\.com/"
-		to="https://www.chaosreigns.com/"/>
+-->
+<ruleset name="Chaos Reigns" default_off="expired, self-signed">
 
-	<rule from="^http://(panic|www)\.chaosreigns\.com/"
-		to="https://$1.chaosreigns.com/"/>
+	<target host="chaosreigns.com" />
+	<target host="panic.chaosreigns.com" />
+	<target host="www.chaosreigns.com" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://(?:panic\.|www\.)?chaosreigns\.com/"
+		to="https://www.chaosreigns.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Chaox.net.xml b/src/chrome/content/rules/Chaox.net.xml
deleted file mode 100644
index ca833cbe008c..000000000000
--- a/src/chrome/content/rules/Chaox.net.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="chaox.net" platform="cacert">
-
-	<target host="chaox.net" />
-	<target host="www.chaox.net" />
-
-
-	<rule from="^http://(www\.)?chaox\.net/"
-		to="https://$1chaox.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Chapman.edu.xml b/src/chrome/content/rules/Chapman.edu.xml
new file mode 100644
index 000000000000..53a6b7002057
--- /dev/null
+++ b/src/chrome/content/rules/Chapman.edu.xml
@@ -0,0 +1,24 @@
+<!--
+	Chapman University
+
+
+	Fully covered subdomains:
+
+		- (www.)
+		- blogs
+		- inside
+		- social
+
+-->
+<ruleset name="Chapman.edu">
+
+	<target host="chapman.edu" />
+	<target host="blogs.chapman.edu" />
+	<target host="inside.chapman.edu" />
+	<target host="social.chapman.edu" />
+	<target host="www.chapman.edu" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Chapter1.io.xml b/src/chrome/content/rules/Chapter1.io.xml
new file mode 100644
index 000000000000..28fcbd590165
--- /dev/null
+++ b/src/chrome/content/rules/Chapter1.io.xml
@@ -0,0 +1,5 @@
+<ruleset name="Chapter1.io">
+	<target host="chapter1.io" />
+	<target host="www.chapter1.io" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Charities.org.xml b/src/chrome/content/rules/Charities.org.xml
new file mode 100644
index 000000000000..edfc71df3c45
--- /dev/null
+++ b/src/chrome/content/rules/Charities.org.xml
@@ -0,0 +1,18 @@
+<!--
+	Invalid certificate:
+		analytics.charities.org
+		link.charities.org
+
+-->
+<ruleset name="America's Charities">
+
+	<target host="charities.org" />
+	<target host="www.charities.org" />
+	<target host="files.charities.org" />
+
+	<securecookie host="^www\.charities\.org$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Charity-Navigator.xml b/src/chrome/content/rules/Charity-Navigator.xml
index 5f76cba97b2d..176e51a69761 100644
--- a/src/chrome/content/rules/Charity-Navigator.xml
+++ b/src/chrome/content/rules/Charity-Navigator.xml
@@ -1,13 +1,22 @@
-<ruleset name="Charity Navigator" platform="mixedcontent">
+<!--
+	Problematic subdomains:
+
+		- api (self-signed)
+		- blog (secure connection failed)
+		- help (self-signed)
+		- thehelm (mismatched certificate)
+-->
+<ruleset name="Charity Navigator">
 
 	<target host="charitynavigator.org" />
-	<target host="*.charitynavigator.org" />
+	<target host="www.charitynavigator.org" />
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.charitynavigator\.org$" name="^(CFID|CFTOKEN|JSESSIONID)$" /-->
 
 	<securecookie host="^(?:w*\.)?charitynavigator\.org$" name=".+" />
 
+	<rule from="^http:" to="https:" />
 
-	<rule from="^http://(www\.)?charitynavigator\.org/"
-		to="https://$1charitynavigator.org/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Charity-Wings.xml b/src/chrome/content/rules/Charity-Wings.xml
index e6385314adb7..8f64837e80d4 100644
--- a/src/chrome/content/rules/Charity-Wings.xml
+++ b/src/chrome/content/rules/Charity-Wings.xml
@@ -1,8 +1,12 @@
-<ruleset name="Charity Wings" platform="mixedcontent">
+<!--
+	(www.)? Refused
+
+-->
+<ruleset name="Charity Wings" default_off="refused" platform="mixedcontent">
 	<target host="scrapbookroyalty.org" />
 	<target host="www.scrapbookroyalty.org" />
 
-	<securecookie host="^((www)?\.)?scrapbookroyalty\.org$" name=".+" />
+	<securecookie host="^(?:(?:www)?\.)?scrapbookroyalty\.org$" name=".+" />
 
-	<rule from="^http://(www\.)?scrapbookroyalty\.org/" to="https://www.scrapbookroyalty.org/" />
-</ruleset>
\ No newline at end of file
+	<rule from="^http://(?:www\.)?scrapbookroyalty\.org/" to="https://www.scrapbookroyalty.org/" />
+</ruleset>
diff --git a/src/chrome/content/rules/CharityChoice.co.uk.xml b/src/chrome/content/rules/CharityChoice.co.uk.xml
new file mode 100644
index 000000000000..c9738272adc1
--- /dev/null
+++ b/src/chrome/content/rules/CharityChoice.co.uk.xml
@@ -0,0 +1,9 @@
+<ruleset name="CharityChoice.co.uk">
+	<target host="charitychoice.co.uk" />
+	<target host="www.charitychoice.co.uk" />
+	<target host="qa.charitychoice.co.uk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CharityWater.org.xml b/src/chrome/content/rules/CharityWater.org.xml
new file mode 100644
index 000000000000..195e11890ae9
--- /dev/null
+++ b/src/chrome/content/rules/CharityWater.org.xml
@@ -0,0 +1,49 @@
+<!--
+	Invalid certificate:
+		archive.charitywater.org (test url: http://archive.charitywater.org/waterforward-project/)
+		blog.charitywater.org
+		cdn.charitywater.org
+		support.charitywater.org
+		web1.charitywater.org
+		web2.charitywater.org
+
+	Different content http/https:
+		d2p.charitywater.org
+		media.charitywater.org
+
+	No working URL known:
+		maps.charitywater.org
+		sandbox.charitywater.org
+		staging.charitywater.org
+		wazi.charitywater.org
+		wazi-d.charitywater.org
+
+	Private subdomain:
+		sensors.charitywater.org
+		www-d.charitywater.org
+
+-->
+<ruleset name="charity water.org">
+
+	<target host="charitywater.org" />
+	<target host="www.charitywater.org" />
+	<target host="donate.charitywater.org" />
+	<target host="email.charitywater.org" />
+	<target host="my.charitywater.org" />
+	<target host="mycw.charitywater.org" />
+	<target host="store.charitywater.org" />
+
+	<!--	Secured by server:
+					-->
+	<!--securecookie host="^\.charitywater\.org$" name="^mycw_session$" /-->
+	<!--
+		Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?charitywater\.org$" name="^(last_visit|return_count)$" /-->
+
+	<securecookie host="^(www\.)?charitywater\.org$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CharityWeb.xml b/src/chrome/content/rules/CharityWeb.xml
index 08e3dbfc8b31..14bd7d8c8781 100644
--- a/src/chrome/content/rules/CharityWeb.xml
+++ b/src/chrome/content/rules/CharityWeb.xml
@@ -7,14 +7,11 @@
 <ruleset name="CharityWeb (partial)">
 
 	<!--	* for cross-domain cookies.	-->
-	<target host="*.charityweb.net" />
+	<target host="ssl.charityweb.net" />
 
 
 	<!--	Seems to be used only on ssl.	-->
-	<securecookie host="^\.charityweb\.net$" name="^/globalcompactfoundation/.*$" />
 
-
-	<rule from="^http://ssl\.charityweb\.net/"
-		to="https://ssl.charityweb.net/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Charlie.bz.xml b/src/chrome/content/rules/Charlie.bz.xml
new file mode 100644
index 000000000000..b17d824194c4
--- /dev/null
+++ b/src/chrome/content/rules/Charlie.bz.xml
@@ -0,0 +1,15 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.charlie.bz/ => https://www.charlie.bz/: (51, "SSL: no alternative certificate subject name matches target host name 'www.charlie.bz'")
+
+-->
+<ruleset name="charlie.bz" default_off="failed ruleset test">
+
+	<target host="charlie.bz" />
+	<target host="www.charlie.bz" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CharlotteNatureMuseum.xml b/src/chrome/content/rules/CharlotteNatureMuseum.xml
index b9a14e3010cf..7236349e2100 100644
--- a/src/chrome/content/rules/CharlotteNatureMuseum.xml
+++ b/src/chrome/content/rules/CharlotteNatureMuseum.xml
@@ -1,6 +1,9 @@
-<ruleset name="Charlotte Nature Museum">
+<ruleset name="Charlotte Nature Museum.org" default_off="mismatched">
+
 	<target host="charlottenaturemuseum.org" />
 	<target host="www.charlottenaturemuseum.org" />
 
-	<rule from="^http://(?:www\.)?charlottenaturemuseum\.org/" to="https://www.charlottenaturemuseum.org/" />
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Charnwood.gov.uk.xml b/src/chrome/content/rules/Charnwood.gov.uk.xml
new file mode 100644
index 000000000000..586d0573848d
--- /dev/null
+++ b/src/chrome/content/rules/Charnwood.gov.uk.xml
@@ -0,0 +1,75 @@
+<!--
+	Charnwood Borough Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *charnwood.gov.uk:
+
+		- mail ⁴
+		- webmap ³
+
+	³ 403
+	⁴ 504
+
+
+	Problematic hosts in *charnwood.gov.uk:
+
+		- consult ᵐ
+		- www.localplan ᵐ ˢ
+		- my ᵐ
+
+	ᵐ Mismatched
+	ˢ Self-signed
+
+
+	These altnames don't exist:
+
+		- autodiscover.charnwood.gov.uk
+		- owa.charnwood.gov.uk
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.localplan.charnwood.gov.uk
+		- portal.charnwood.gov.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css on my from fonts.googleapis.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Charnwood.gov.uk (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="charnwood.gov.uk" />
+	<target host="portal.charnwood.gov.uk" />
+	<target host="revenuesbenefits.charnwood.gov.uk" />
+	<target host="www.charnwood.gov.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="consult.charnwood.gov.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.localplan\.charnwood\.gov\.uk$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^portal\.charnwood\.gov\.uk$" name="^ASPSESSIONID[A-Z]{8}$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://consult\.charnwood\.gov\.uk/"
+		to="https://charnwood-consult.objective.co.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ChartMogul.com.xml b/src/chrome/content/rules/ChartMogul.com.xml
new file mode 100644
index 000000000000..17569fafec28
--- /dev/null
+++ b/src/chrome/content/rules/ChartMogul.com.xml
@@ -0,0 +1,33 @@
+<!--
+	These altnames don't exist:
+
+		- www.app.chartmogul.com
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .chartmogul.com
+		- app.chartmogul.com
+
+-->
+<ruleset name="ChartMogul.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="chartmogul.com" />
+	<target host="app.chartmogul.com" />
+	<target host="www.chartmogul.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.chartmogul\.com$" name="^(__cfduid|cf_clearance)$" /-->
+	<!--securecookie host="^app\.chartmogul\.com$" name="^_platform_session$" /-->
+
+	<securecookie host="^(?:app)?\.chartmogul\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Chartbeat.net.xml b/src/chrome/content/rules/Chartbeat.net.xml
new file mode 100644
index 000000000000..f4e36db65025
--- /dev/null
+++ b/src/chrome/content/rules/Chartbeat.net.xml
@@ -0,0 +1,26 @@
+<!--
+	For other Chartbeat coverage, see Chartbeat.xml.
+
+
+	Fully covered domains:
+
+		- ping.chartbeat.net
+		- *.chartbeat.net	(per-client subdomains)
+
+
+	*.charbeat.net sets _chartbeat2 cookie on whichever domain it is loaded from.
+
+-->
+<ruleset name="Chartbeat.net">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="*.chartbeat.net" />
+
+		<test url="http://ping.chartbeat.net/" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Chartbeat.xml b/src/chrome/content/rules/Chartbeat.xml
index 5045e1a5df27..c9b0b9b5e0a1 100644
--- a/src/chrome/content/rules/Chartbeat.xml
+++ b/src/chrome/content/rules/Chartbeat.xml
@@ -1,6 +1,11 @@
 <!--
+
 	blog.chartbeat.com is handled in WordPress-blogs.xml.
 
+	Other Chartbeat rulesets:
+
+		- Chartbeat.net.xml
+
 
 	CDN buckets:
 
@@ -17,69 +22,98 @@
 
 			- blog
 
-	a248.e.akamai.net/chartbeat.download.akamai.com/102508/static2/
-
-	Rewriting static.chartbeat.com to a248.e.akamai.net/chartbeat.download.akamai.com/102508/static/
-	redirects to http14432.storage.akadns.net/.14432,14333^-1.0./102508/static/
-
-	Ditto when for rewriting static paths to .../static2/.
-
 
 	Nonfunctional domains:
 
-		- blog.chartbeat.com		(redirects to http, wpengine)
+		- blog.chartbeat.com ¹
 		- static.blog.chartbeat.com	(redirects to http, akamai)
+		- lp.chartbeat.com ³
+		- pages.chartbeat.com ⁴
+		- support.chartbeat.com ⁵
 
+	¹ WP Engine
+	³ Marketo
+	⁴ Refused
+	⁵ Desk.com
 
-	Problematic domains:
-
-		- support.chartbeat.com		(zendesk)
 
+	Problematic domains:
 
-	Partially covered domains:
-
-		- support.chartbeat.com		(→ assets.zendesk.com)
+		- status.chartbeat.com *
+		- post.update.chartbeat.com *
+		- s.update.chartbeat.com *
 
+	* Mismatched
 
-	Fully covered domains:
 
-		- chartbeat.com subdomains:
+	Fully covered hosts in *chartbeat.com:
 
-			- (www.)
-			- static
-			- static2
+		- (www.)
+		- static
+		- static2
+		- status	(→ chartbeat.statuspage.io)
 
-		- ping.chartbeat.net
-		- *.chartbeat.net	(per-client subdomains)
 
+	Insecure cookies are set for these hosts:
 
-	*.charbeat.net sets _chartbeat2 cookie on whichever domain it is loaded from.
+		- chartbeat.com
 
 -->
-<ruleset name="Chartbeat (partial)">
+<ruleset name="Chartbeat.com (partial)" >
 
+	<!--	Direct rewrites:
+				-->
 	<target host="chartbeat.com" />
-	<target host="*.chartbeat.com" />
-	<target host="*.chartbeat.net" />
+	<target host="static.chartbeat.com" />
+	<target host="static2.chartbeat.com" />
+	<target host="www.chartbeat.com" />
 
+	<!--	Complications:
+				-->
+	<target host="lp.chartbeat.com" />
+	<target host="status.chartbeat.com" />
 
-	<rule from="^http://(static2?\.|www\.)?chartbeat\.com/"
-		to="https://$1chartbeat.com/" />
+		<exclusion pattern="^http://lp\.chartbeat\.com/+(?!$|\?|css/|images/|rs/)" />
 
-	<!--	Courtesy of https://s3.amazonaws.com/plug.onswipe.com/on.js	-->
-	<!--rule from="^http://static\.chartbeat\.com/"
-		to="https://a248.e.akamai.net/chartbeat.download.akamai.com/102508/" /-->
+			<!--	+ve:
+					-->
+			<test url="http://lp.chartbeat.com/audience-development-whitepaper.html" />
+			<test url="http://lp.chartbeat.com/chartbeat-publishing-for-ad-sales-contact-us.html" />
+			<test url="http://lp.chartbeat.com/chartbeat-publishing-for-editorial-contact-us.html" />
+			<test url="http://lp.chartbeat.com/chartbeat-publishing-video-contact-us.html" />
+			<test url="http://lp.chartbeat.com/contact-us.html" />
+			<test url="http://lp.chartbeat.com/guide-to-traffic-sources-audience-behavior.html" />
+			<test url="http://lp.chartbeat.com/quarterly-0101.html" />
+			<test url="http://lp.chartbeat.com/quarterly-0201.html" />
+
+			<!--	-ve:
+					-->
+			<test url="http://lp.chartbeat.com/rs/chartbeatinc/images/gated-chartbeat-logo.png" />
 
-	<!--rule from="^http://static2\.chartbeat\.com/"
-		to="https://a248.e.akamai.net/chartbeat.download.akamai.com/102508/static2/" /-->
 
-	<!--	- Cert: *.zendesk.com
-		- Pages redirect to http.
+	<!--	Not secured by server:
 					-->
-	<rule from="^http://support\.chartbeat\.com/(assets|generated|images|system)/"
-		to="https://assets.zendesk.com/$1/" />
+	<!--securecookie host="^chartbeat\.com$" name="^django_language$" /-->
+
+	<securecookie host="^chartbeat\.com$" name=".+" />
+
+
+	<rule from="^http://lp\.chartbeat\.com/+(?:\?.*)?$"
+		to="https://chartbeat.com/404" />
+
+		<test url="http://lp.chartbeat.com/?f" />
+		<test url="http://lp.chartbeat.com/?o" />
+		<test url="http://lp.chartbeat.com/?b" />
+		<test url="http://lp.chartbeat.com/?a" />
+		<test url="http://lp.chartbeat.com/?r" />
+
+	<rule from="^http://lp\.chartbeat\.com/"
+		to="https://na-p.marketo.com/" />
+
+	<rule from="^http://status\.chartbeat\.com/"
+		to="https://chartbeat.statuspage.io/" />
 
-	<rule from="^http://([\w-]+)\.chartbeat\.net/"
-		to="https://$1.chartbeat.net/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Charter-Business.com.xml b/src/chrome/content/rules/Charter-Business.com.xml
new file mode 100644
index 000000000000..7182a6e1e8e5
--- /dev/null
+++ b/src/chrome/content/rules/Charter-Business.com.xml
@@ -0,0 +1,43 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://connect.charter-business.com/ => https://connect.charter-business.com/: (60, 'SSL certificate problem: certificate has expired')
+
+	For other Charter Communications coverage, see Charter.com.xml.
+
+
+	Problematic hosts in *charter-business.com:
+
+		- connect *
+
+	* Mixed content
+
+
+	Fully covered hosts in *charter-business.com:
+
+		- connect
+
+
+	Mixed content:
+
+		- css, on:
+
+			- connect from connect.charter.com *
+			- connect from fonts.googleapis.com *
+
+		- Images on connect from connect.charter.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Charter-Business.com (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="connect.charter-business.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Charter.com.xml b/src/chrome/content/rules/Charter.com.xml
new file mode 100644
index 000000000000..bdb7d03e5c56
--- /dev/null
+++ b/src/chrome/content/rules/Charter.com.xml
@@ -0,0 +1,96 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.myaccount.charter.com/ => https://www.myaccount.charter.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://myaccount.charter.com/ => https://www.myaccount.charter.com/: (28, 'Connection timed out after 20003 milliseconds')
+
+	Charter Communications, Inc.
+
+	Other Charter Communications rulesets:
+
+		- Charter.net.xml
+		- Charter-Business.com.xml
+		- Charter_our_Community.com.xml
+		- CharterBusiness.com.xml
+		- SpectrumBusiness.net.xml
+		- Spectrum_Business_Insights.com.xml
+
+
+	Problematic hosts in *charter.com:
+
+		- myaccount *
+
+	* Mismatched
+
+
+	Fully covered hosts in *charter.com:
+
+		- (www.)?
+		- connect
+		- media
+		- (www.)?myaccount	(^ → www)
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- charter.com
+		- .charter.com
+		- connect.charter.com
+		- media.charter.com
+		- www.myaccount.charter.com
+		- www.charter.com
+
+
+	Mixed content:
+
+		- css, on:
+
+			- ir from www.charter.com *
+			- ir from phx.corporate-ir.net
+
+		- Images, on:
+
+			- ir from www.charter.com *
+			- ir from media.corporate-ir.net
+
+		- favicon on ir from www.charter.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Charter.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="charter.com" />
+	<target host="connect.charter.com" />
+	<target host="media.charter.com" />
+	<target host="www.myaccount.charter.com" />
+	<target host="www.charter.com" />
+
+	<!--	Complications:
+				-->
+	<target host="myaccount.charter.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?charter\.com$" name="^BIGipServer[\w.-]+$" /-->
+	<!--securecookie host="^\.charter\.com$" name="^(CSList|PrefID|TE_Opt)$" /-->
+	<!--securecookie host="^(connect|www\.myaccount)\.charter\.com$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^connect\.charter\.com$" name="^X-Mapping-[a-z]$" /-->
+	<!--securecookie host="^media\.charter\.com$" name="^(CTList|XGIR)$" /-->
+	<!--securecookie host="^www\.myaccount\.charter\.com$" name="^ChtrDotCom$" /-->
+	<!--securecookie host="^www\.charter\.com$" name="^(DYN_USER_CONFIRM|DYN_USER_ID|JSESSIONID|MINIFY|userPrefLanguage)$" /-->
+
+	<securecookie host="^(?:(?:media|www\.myaccount|www)\.)?charter\.com$" name=".+" />
+	<securecookie host="^\.charter\.com$" name="^(?:CSList|PrefID|TE_Opt)$" />
+
+
+	<rule from="^http://myaccount\.charter\.com/"
+		to="https://www.myaccount.charter.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Charter.net.xml b/src/chrome/content/rules/Charter.net.xml
new file mode 100644
index 000000000000..f9f5d87206e3
--- /dev/null
+++ b/src/chrome/content/rules/Charter.net.xml
@@ -0,0 +1,41 @@
+<!--
+	For other Charter Communications coverage, see Charter.com.xml.
+
+
+	^charter.net: Plaintext reply
+
+-->
+<ruleset name="Charter.net (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.charter.net" />
+
+	<!--	Complications:
+				-->
+	<target host="charter.net" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.charter\.net/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.charter\.net/(?!login/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.charter.net/support/category/internet/" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.charter.net/login/" />
+
+
+	<rule from="^http://charter\.net/"
+		to="https://www.charter.net/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CharterBusiness.com.xml b/src/chrome/content/rules/CharterBusiness.com.xml
new file mode 100644
index 000000000000..5b024029dd3a
--- /dev/null
+++ b/src/chrome/content/rules/CharterBusiness.com.xml
@@ -0,0 +1,48 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://connect.charterbusiness.com/ => https://connect.charterbusiness.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://media.charterbusiness.com/ => https://media.charterbusiness.com/: (6, 'Could not resolve host: media.charterbusiness.com')
+
+	For other Charter Communications coverage, see Charter.com.xml.
+
+
+	Fully covered hosts in *charterbusiness.com:
+
+		- (www.)?
+		- connect
+		- media
+		- www2
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- charterbusiness.com
+		- .charterbusiness.com
+		- www.charterbusiness.com
+		- www2.charterbusiness.com
+
+-->
+<ruleset name="CharterBusiness.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="charterbusiness.com" />
+	<target host="connect.charterbusiness.com" />
+	<target host="media.charterbusiness.com" />
+	<target host="www.charterbusiness.com" />
+	<target host="www2.charterbusiness.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www2?\.)?charterbusiness\.com$" name="^BIGipServer[\w.-]+$" /-->
+	<!--securecookie host="^\.charterbusiness\.com$" name="^(_[a-z]+|\[a-z]+_\d+|CBCookie|CharterBusinessbs|PrefID|notrack)$" /-->
+
+	<securecookie host="^(?:\.|www2?\.)?charterbusiness\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Charter_our_Community.com.xml b/src/chrome/content/rules/Charter_our_Community.com.xml
new file mode 100644
index 000000000000..83e8aefb63a8
--- /dev/null
+++ b/src/chrome/content/rules/Charter_our_Community.com.xml
@@ -0,0 +1,33 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.charterourcommunity.com/ => https://www.charterourcommunity.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.charterourcommunity.com'")
+
+	For other Charter Communications coverage, see Charter.com.xml.
+
+
+	Insecure cookies are set for these hosts:
+
+		- charterourcommunity.com
+		- www.charterourcommunity.com
+
+-->
+<ruleset name="Charter our Community.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="charterourcommunity.com" />
+	<target host="www.charterourcommunity.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?charterourcommunity\.com$" name="^X-Mapping-[a-z]$" /-->
+
+	<securecookie host="^(?:www\.)?charterourcommunity\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Chartio.com.xml b/src/chrome/content/rules/Chartio.com.xml
new file mode 100644
index 000000000000..a536dff1a73b
--- /dev/null
+++ b/src/chrome/content/rules/Chartio.com.xml
@@ -0,0 +1,20 @@
+<ruleset name="Chartio.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="chartio.com" />
+	<target host="www.chartio.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^chartio\.com$" name="^first_ref$" /-->
+	<!--securecookie host="^(www\.)?chartio\.com$" name="^1$" /-->
+
+	<securecookie host="^(?:www\.)?chartio\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Charts_in_France.xml b/src/chrome/content/rules/Charts_in_France.xml
index ec0850d2dc94..d2bc49ec3293 100644
--- a/src/chrome/content/rules/Charts_in_France.xml
+++ b/src/chrome/content/rules/Charts_in_France.xml
@@ -1,9 +1,4 @@
 <!--
-	Other Webedia rulesets:
-
-		- CineMovies.xml
-
-
 	Nonfunctional domains:
 
 		- (www.)ozap.com *
@@ -12,9 +7,25 @@
 
 	* Times out.
 
+
+	Mixed content:
+
+		- css from fonts.googleapis.com ¹
+		- Images from $self
+		- favicon from $self
+
+		- Ads/bugs, from:
+
+			- $self
+			- www.facebook.com ¹
+
+	¹ Secured by us
+
 -->
-<ruleset name="Charts in France">
+<ruleset name="Charts in France.net" default_off="expired, self-signed">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="chartsinfrance.net" />
 	<target host="www.chartsinfrance.net" />
 
@@ -22,7 +33,7 @@
 	<securecookie host="^(?:www\.)?chartsinfrance\.net$" name=".+" />
 
 
-	<rule from="^http://(www\.)?chartsinfrance\.net/"
-		to="https://$1chartsinfrance.net/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Chase.com.xml b/src/chrome/content/rules/Chase.com.xml
new file mode 100644
index 000000000000..37e862a18d15
--- /dev/null
+++ b/src/chrome/content/rules/Chase.com.xml
@@ -0,0 +1,31 @@
+<!--
+	Non-functional hosts
+		SSL read error:
+		- mfasa.chase.com
+
+		4xx client error:
+		- stmts.chase.com
+-->
+<ruleset name="Chase.com">
+	<target host="chase.com" />
+	<target host="www.chase.com" />
+	<target host="apply.chase.com" />
+	<target host="banking.chase.com" />
+	<target host="cards.chase.com" />
+	<target host="chaseonline.chase.com" />
+	<target host="creditcards.chase.com" />
+	<target host="deposits.chase.com" />
+	<target host="investments.chase.com" />
+	<target host="jpmorgan.chase.com" />
+	<target host="locator.chase.com" />
+	<target host="mobilebanking.chase.com" />
+	<target host="payments.chase.com" />
+	<target host="privateclient.chase.com" />
+	<target host="resources.chase.com" />
+	<target host="servicing.chase.com" />
+	<target host="ultimaterewards.chase.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Chase.xml b/src/chrome/content/rules/Chase.xml
deleted file mode 100644
index 04cbca30fe3c..000000000000
--- a/src/chrome/content/rules/Chase.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="Chase">
-  <target host="chase.com" />
-  <target host="*.chase.com" />
-
-  <rule from="^http://chase\.com/"
-          to="https://www.chase.com/" />
-  <rule from="^http://(locator|www)\.chase\.com/"
-          to="https://$1.chase.com/" />
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Chase_Paymentech.com.xml b/src/chrome/content/rules/Chase_Paymentech.com.xml
new file mode 100644
index 000000000000..95cd17483d69
--- /dev/null
+++ b/src/chrome/content/rules/Chase_Paymentech.com.xml
@@ -0,0 +1,18 @@
+<!--
+	Other Chase Paymentech rulesets:
+
+		- Paymentech.com.xml
+
+
+	^: cert only matches www
+
+-->
+<ruleset name="Chase Paymentech.com">
+
+	<target host="chasepaymentech.com" />
+	<target host="www.chasepaymentech.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Chat-Place.xml b/src/chrome/content/rules/Chat-Place.xml
index 50fc416b7c8b..5d6646aef420 100644
--- a/src/chrome/content/rules/Chat-Place.xml
+++ b/src/chrome/content/rules/Chat-Place.xml
@@ -1,9 +1,9 @@
-<ruleset name="Chat Place" default_off="mismatch">
+<ruleset name="Chat Place" default_off="mismatched">
 
 	<target host="chat-place.org"/>
 	<target host="www.chat-place.org"/>
 
-	<securecookie host="^(.*\.)?chat-place\.org$" name=".*"/>
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http://(?:www\.)?chat-place\.org/"
 		to="https://chat-place.org/"/>
diff --git a/src/chrome/content/rules/ChatMe.im.xml b/src/chrome/content/rules/ChatMe.im.xml
new file mode 100644
index 000000000000..77554aceaa6e
--- /dev/null
+++ b/src/chrome/content/rules/ChatMe.im.xml
@@ -0,0 +1,39 @@
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://chatme.im/ => https://chatme.im/: (60, 'SSL certificate problem: self signed certificate')
+	Problematic subdomains:
+
+		- support ¹
+		- videochat ¹
+		- beta.webchat ²
+
+	¹ Shows default Parallels page
+	² Cert only matches *.chatme.im
+
+
+	Mixed content:
+
+		- Images on ^ from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="ChatMe.im (partial)">
+
+	<target host="chatme.im" />
+	<target host="*.chatme.im" />
+		<!--exclusion pattern="^http://(videochat|beta\.webchat)\.chatme\.im/" /-->
+
+
+	<securecookie host="^\.?chatme\.im$" name=".+" />
+
+
+	<rule from="^http://((?:cdn|webchat|www)\.)?chatme\.im/"
+		to="https://$1chatme.im/" />
+
+	<!--	Redirect drops path and args:
+						-->
+	<rule from="^http://support\.chatme\.im/.*"
+		to="https://chatme.im/wp-signup.php?new=support" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ChatON.xml b/src/chrome/content/rules/ChatON.xml
deleted file mode 100644
index 40974adee40d..000000000000
--- a/src/chrome/content/rules/ChatON.xml
+++ /dev/null
@@ -1,47 +0,0 @@
-<!--
-	For other Samsung coverage, see Samsung.xml.
-
-
-	Problematic domains:
-
-		- chaton.com		(mismatched, CN: web.samsungchaton.com)
-		- adminfront.chaton.com	(mismatched, CN: smm.samsung.com)
-		- mobileweb.chaton.com	(mismatched, CN: smm.samsung.com)
-		- www.chaton.com	(akamai)
-
-
-	Fully covered domains:
-
-		- (www.)chaton.com	(→ web.samsungchaton.com)
-		- adminfront.chaton.com	(→ smm.samsung.com)
-		- mobileweb.chaton.com	(→ smm.samsung.com)
-		- i0.chatoncdn.com
-		- s0.chatoncdn.com
-		- livemw.samsungchaton.com
-		- web.samsungchaton.com
-
--->
-<ruleset name="ChatON">
-
-	<target host="chaton.com" />
-	<target host="*.chaton.com" />
-	<target host="*.chatoncdn.com" />
-	<target host="*.samsungchaton.com" />
-
-
-	<securecookie host="^web\.samsungchaton\.com$" name=".+" />
-
-
-	<rule from="^https?://(?:www\.)?chaton\.com/"
-		to="https://web.samsungchaton.com/" />
-
-	<rule from="^https?://(?:adminfront|mobileweb)\.chaton\.com/"
-		to="https://smm.samsung.com/" />
-
-	<rule from="^http://(i|s)0\.chatoncdn\.com/"
-		to="https://$10.chatoncdn.com/" />
-
-	<rule from="^http://(livemw|web)\.samsungchaton\.com/"
-		to="https://$1.samsungchaton.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/ChatSecure.xml b/src/chrome/content/rules/ChatSecure.xml
index f675d5accbad..91a67cf36e2e 100644
--- a/src/chrome/content/rules/ChatSecure.xml
+++ b/src/chrome/content/rules/ChatSecure.xml
@@ -1,10 +1,12 @@
-<ruleset name="ChatSecure">
+<ruleset name="ChatSecure.org">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="chatsecure.org" />
 	<target host="www.chatsecure.org" />
 
 
-	<rule from="^http://(www\.)?chatsecure\.org/"
-		to="https://$1chatsecure.org/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Chatango.com.xml b/src/chrome/content/rules/Chatango.com.xml
new file mode 100644
index 000000000000..d3fbd3a9bce0
--- /dev/null
+++ b/src/chrome/content/rules/Chatango.com.xml
@@ -0,0 +1,39 @@
+<!--
+	Fully covered domains:
+
+		- chatango.com
+		- www.chatango.com
+		- secure.chatango.com
+		- st.chatango.com
+		- ust.chatango.com
+
+	Per-client domains at [\w-]+.chatango.com
+
+	chatango.com has both a wildcard DNS record and a wildcard certificate,
+	enumerating all subdomains is impossible
+-->
+<ruleset name="Chatango.com">
+
+	<target host="chatango.com" />
+	<target host="*.chatango.com" />
+
+	<test url="http://www.chatango.com/" />
+	<test url="http://secure.chatango.com/" />
+	<test url="http://chatango.chatango.com/" />
+	<test url="http://st.chatango.com/" />
+	<test url="http://test.chatango.com/" />
+	<test url="http://ust.chatango.com/" />
+
+	<securecookie host="^\.chatango\.com$" name=".+" />
+
+	<!-- https://github.com/EFForg/https-everywhere/issues/9685 -->
+	<exclusion pattern="^http://([\w-]+\.)?chatango\.com/fullpix$" />
+	<test url="http://chatango.com/fullpix" />
+	<test url="http://www.chatango.com/fullpix" />
+	<test url="http://secure.chatango.com/fullpix" />
+	<test url="http://chatango.chatango.com/fullpix" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Chatelaine.com.xml b/src/chrome/content/rules/Chatelaine.com.xml
new file mode 100644
index 000000000000..84d0b39b0105
--- /dev/null
+++ b/src/chrome/content/rules/Chatelaine.com.xml
@@ -0,0 +1,50 @@
+<!--
+	Active mixed content:
+		- www.chatelaine.com
+
+	Connection refused:
+		- autodiscover.chatelaine.com
+		- site.en.chatelaine.com
+		- site.fr.chatelaine.com
+		- spotlight.chatelaine.com
+		- target.chatelaine.com
+
+	Invalid certificate:
+		- 50e.chatelaine.com
+		- clientsolutions.chatelaine.com
+		- clientsolutions-fr.chatelaine.com
+		- contests.chatelaine.com
+		- courriel.chatelaine.com
+		- ebm.courriel.chatelaine.com
+		- email.chatelaine.com
+		- galeriesphotos.chatelaine.com
+
+	Timed out:
+		- chatelaine.com, equivalent to www.chatelaine.com
+		- blogues.chatelaine.com
+		- community.chatelaine.com
+		- concours.chatelaine.com
+		- contest.chatelaine.com
+		- donnezausuivant.chatelaine.com
+		- blog.en.chatelaine.com
+		- food.chatelaine.com
+		- dev.food.chatelaine.com
+		- recettes.fr.chatelaine.com
+		- outils.chatelaine.com
+		- recettes.chatelaine.com
+		- recipes.chatelaine.com
+		- site.chatelaine.com
+		- widgets.chatelaine.com
+-->
+
+<ruleset name="Chatelaine.com">
+	<target host="en.chatelaine.com" />
+	<target host="fr.chatelaine.com" />
+	<target host="partners.chatelaine.com" />
+	<target host="secure.chatelaine.com" />
+	<target host="siteprotege.chatelaine.com" />
+	<target host="staging-fr.chatelaine.com" />
+	<target host="staging-www.chatelaine.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Chatham_House.org.xml b/src/chrome/content/rules/Chatham_House.org.xml
new file mode 100644
index 000000000000..18a1ec851e49
--- /dev/null
+++ b/src/chrome/content/rules/Chatham_House.org.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .chathamhouse.org
+
+-->
+<ruleset name="Chatham House.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="chathamhouse.org" />
+	<target host="www.chathamhouse.org" />
+
+
+	<!--	CloudFlare cookies
+					-->
+	<!--securecookie host="^\.chathamhouse\.org$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Chatter.xml b/src/chrome/content/rules/Chatter.xml
index b94f1369c4a6..03b9954dc1e1 100644
--- a/src/chrome/content/rules/Chatter.xml
+++ b/src/chrome/content/rules/Chatter.xml
@@ -10,16 +10,16 @@
 <ruleset name="Chatter">
 
 	<target host="chatter.com" />
-	<target host="*.chatter.com" />
+	<target host="www.chatter.com" />
+	<target host="community.chatter.com" />
 
 
 	<securecookie host="^.+\.chatter\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?chatter\.com/"
+	<rule from="^http://(?:www\.)?chatter\.com/"
 		to="https://www.chatter.com/" />
 
-	<rule from="^http://community\.chatter\.com/"
-		to="https://community.chatter.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Chbtc.com.xml b/src/chrome/content/rules/Chbtc.com.xml
new file mode 100644
index 000000000000..155988bea3ee
--- /dev/null
+++ b/src/chrome/content/rules/Chbtc.com.xml
@@ -0,0 +1,61 @@
+<!--
+	Problematic subdomains:
+
+		- ^ ¹
+		- s *
+		- trans *
+
+	¹ Shows bw.com
+	* $ 403s
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		 .chbtc.com
+		 s.chbtc.com
+		 trans.chbtc.com
+		 www.chbtc.com
+
+-->
+<ruleset name="chbtc.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="img1.chbtc.com" />
+	<target host="p2p.chbtc.com" />
+	<target host="vip.chbtc.com" />
+	<target host="www.chbtc.com" />
+
+	<!--	Complications:
+				-->
+	<target host="chbtc.com" />
+	<target host="s.chbtc.com" />
+	<target host="trans.chbtc.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.chbtc\.com$" name="^zJSESSIONID$" /-->
+	<!--securecookie host="^(?:s|trans|www)\.chbtc\.com$" name="^__jsluid$" /-->
+
+	<securecookie host=".*\.chbtc\.com$" name=".+" />
+
+
+	<rule from="^http://chbtc\.com/"
+		to="https://www.chbtc.com/" />
+
+	<!--	Redirect keeps args but
+		not forward slash:
+					-->
+	<rule from="^http://(?:s|trans)\.chbtc\.com/+(?=$|\?)"
+		to="https://www.chbtc.com/" />
+
+		<test url="http://s.chbtc.com/?" />
+		<test url="http://s.chbtc.com//" />
+		<test url="http://trans.chbtc.com/?" />
+		<test url="http://trans.chbtc.com//" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Chcemvediet.sk.xml b/src/chrome/content/rules/Chcemvediet.sk.xml
new file mode 100644
index 000000000000..d8ace9df122a
--- /dev/null
+++ b/src/chrome/content/rules/Chcemvediet.sk.xml
@@ -0,0 +1,6 @@
+<ruleset name="Chcemvediet.sk">
+	<target host="chcemvediet.sk" />
+	<target host="www.chcemvediet.sk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Cheap-Ass-Gamer.xml b/src/chrome/content/rules/Cheap-Ass-Gamer.xml
new file mode 100644
index 000000000000..bb908fbb349d
--- /dev/null
+++ b/src/chrome/content/rules/Cheap-Ass-Gamer.xml
@@ -0,0 +1,9 @@
+<ruleset name="Cheap Ass Gamer">
+	<target host="cheapassgamer.com" />
+	<target host="cache.cheapassgamer.com" />
+	<target host="www.cheapassgamer.com" />
+
+	<securecookie host="(\.|^)cheapassgamer\.com$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CheapCheapLah.com.xml b/src/chrome/content/rules/CheapCheapLah.com.xml
new file mode 100644
index 000000000000..9cd000bdb5f2
--- /dev/null
+++ b/src/chrome/content/rules/CheapCheapLah.com.xml
@@ -0,0 +1,15 @@
+<!--
+	For other related rulesets, see OzBargain.com.au.xml
+
+-->
+<ruleset name="CheapCheapLah">
+
+	<target host="cheapcheaplah.com" />
+	<target host="www.cheapcheaplah.com" />
+	<target host="files.cheapcheaplah.com" />
+
+	<securecookie host="^www\.cheapcheaplah\.com$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CheapOz.xml b/src/chrome/content/rules/CheapOz.xml
new file mode 100644
index 000000000000..3936bb3c9a02
--- /dev/null
+++ b/src/chrome/content/rules/CheapOz.xml
@@ -0,0 +1,7 @@
+<ruleset name="CheapOz">
+	<target host="cheapoz.com.au" />
+	<target host="www.cheapoz.com.au" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CheapSSL.com.xml b/src/chrome/content/rules/CheapSSL.com.xml
new file mode 100644
index 000000000000..e1b59a208b0b
--- /dev/null
+++ b/src/chrome/content/rules/CheapSSL.com.xml
@@ -0,0 +1,20 @@
+<!--
+	For other Namecheap coverage, see NameCheap.xml.
+
+	Invalid certificate:
+		www.support.cheapssl.com
+
+-->
+<ruleset name="CheapSSL.com">
+
+	<target host="cheapssl.com" />
+	<target host="www.cheapssl.com" />
+	<target host="support.cheapssl.com" />
+	<target host="sandbox.support.cheapssl.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CheapSSLs.xml b/src/chrome/content/rules/CheapSSLs.xml
index 0a69ccc88d8d..b551a63e2914 100644
--- a/src/chrome/content/rules/CheapSSLs.xml
+++ b/src/chrome/content/rules/CheapSSLs.xml
@@ -2,5 +2,5 @@
  <target host="www.cheapssls.com" />
  <target host="cheapssls.com" />
 
- <rule from="^http://(?:www\.)?cheapssls\.com/" to="https://www.cheapssls.com/" />
+ <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Cheap_Airport_Parking.xml b/src/chrome/content/rules/Cheap_Airport_Parking.xml
index d8c2c7f1f045..dc7b11ff651f 100644
--- a/src/chrome/content/rules/Cheap_Airport_Parking.xml
+++ b/src/chrome/content/rules/Cheap_Airport_Parking.xml
@@ -1,13 +1,21 @@
-<ruleset name="Cheap Airport Parking">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cheapairportparkingbirmingham.com/ => https://cheapairportparkingbirmingham.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.cheapairportparkingbirmingham.com/ => https://www.cheapairportparkingbirmingham.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://cheapairportparkingbirmingham.com/ => https://cheapairportparkingbirmingham.com/: (60, 'SSL certificate problem: self signed certificate')
+-->
+<ruleset name="Cheap Airport Parking" default_off="failed ruleset test">
 
 	<target host="cheapairportparkingbirmingham.com" />
-	<target host="*.cheapairportparkingbirmingham.com" />
+	<target host="www.cheapairportparkingbirmingham.com" />
 
 
 	<securecookie host="^\.cheapairportparkingbirmingham.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?cheapairportparkingbirmingham\.com/"
-		to="https://$1cheapairportparkingbirmingham.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Cheapshark.com.xml b/src/chrome/content/rules/Cheapshark.com.xml
new file mode 100644
index 000000000000..0a88a1a54d47
--- /dev/null
+++ b/src/chrome/content/rules/Cheapshark.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Nonfunctional hosts in *.cheapshark.com:
+
+	m: certificate mismatch
+        track.cheapshark.com
+        tracking.cheapshark.com
+
+-->
+<ruleset name="Cheapshark.com">
+
+	<target host="www.cheapshark.com" />
+	<target host="cheapshark.com" />
+	<target host="webmail.cheapshark.com" />
+	<target host="ww1.cheapshark.com" />
+	<target host="img.cheapshark.com" />
+    <target host="actual.cheapshark.com" />
+    <target host="cache.cheapshark.com" />
+    <target host="direct-1734952280174226.cheapshark.com" />
+    <target host="direct.cheapshark.com" />
+    <target host="mailer.cheapshark.com" />
+    <target host="maintenance.cheapshark.com" />
+    <target host="pong.cheapshark.com" />
+    <target host="status.cheapshark.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Check24.de.xml b/src/chrome/content/rules/Check24.de.xml
index b91582526f00..0dea492b7565 100644
--- a/src/chrome/content/rules/Check24.de.xml
+++ b/src/chrome/content/rules/Check24.de.xml
@@ -4,4 +4,4 @@
 
   <rule from="^http://check24\.de/" to="https://check24.de/"/>
   <rule from="^http://([^/:@]*)\.check24\.de/" to="https://$1.check24.de/"/>
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/CheckM8.com.xml b/src/chrome/content/rules/CheckM8.com.xml
new file mode 100644
index 000000000000..80ce7ac07027
--- /dev/null
+++ b/src/chrome/content/rules/CheckM8.com.xml
@@ -0,0 +1,22 @@
+<!--
+	Invalid certificate:
+		checkm8.com
+		www.checkm8.com
+		support.checkm8.com
+-->
+<ruleset name="CheckM8 (partial)">
+
+	<!-- Each customer gets its own subdomain -->
+	<target host="*.checkm8.com" />
+		<test url="http://advantage1.checkm8.com/AdminServer/swf/admin-release.swf?version=4.3.0.49" />
+		<test url="http://makostatic.checkm8.com/data/1535741/250x250.swf" />
+		<test url="http://sage.checkm8.com/adam/noscript" />
+
+		<exclusion pattern="^http://(support|www)\.checkm8\.com/" />
+			<test url="http://www.checkm8.com/" />
+			<test url="http://support.checkm8.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CheckM8.xml b/src/chrome/content/rules/CheckM8.xml
deleted file mode 100644
index c2d0691d7b43..000000000000
--- a/src/chrome/content/rules/CheckM8.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<ruleset name="CheckM8 (partial)">
-
-	<target host="*.checkm8.com" />
-		<!--	news & www time out.	-->
-		<exclusion pattern="^http://(support|www)\." />
-
-	<!--	Clients have unique subdomains, e.g.
-		sage.checkm8.com/adam/noscript
-			Observed at
-		bos.sagepub.com/content/68/3/13		-->
-	<rule from="^http://(\w+)\.checkm8\.com/"
-		to="https://$1.checkm8.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/CheckShortURL.com.xml b/src/chrome/content/rules/CheckShortURL.com.xml
new file mode 100644
index 000000000000..01e43d0dc443
--- /dev/null
+++ b/src/chrome/content/rules/CheckShortURL.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="CheckShortURL">
+
+	<target host="checkshorturl.com" />
+	<target host="www.checkshorturl.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Check_Point-problematic.xml b/src/chrome/content/rules/Check_Point-problematic.xml
deleted file mode 100644
index 03b824db7fe5..000000000000
--- a/src/chrome/content/rules/Check_Point-problematic.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<!--
-	For rules that are on by default, see Check_Point.xml.
-
--->
-<ruleset name="Check Point (problematic)" default_off="mismatched" platform="mixedcontent">
-
-	<target host="appwiki.checkpoint.com" />
-
-
-	<rule from="^http://appwiki\.checkpoint\.com/"
-		to="https://appwiki.checkpoint.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Check_Point.xml b/src/chrome/content/rules/Check_Point.xml
deleted file mode 100644
index 2a1d3ce0d18b..000000000000
--- a/src/chrome/content/rules/Check_Point.xml
+++ /dev/null
@@ -1,32 +0,0 @@
-<!--
-	For problematic rules, see Check_Point-problematic.xml.
-
-
-	Nonfunctional subdomains:
-
-		- strong01
-		- track
-		- partners.us
-
-
-	Problematic subdomains:
-
-		- appwiki	(works, akamai)
-
--->
-<ruleset name="Check Point (partial)">
-
-	<target host="checkpoint.com" />
-	<target host="*.checkpoint.com" />
-
-
-	<securecookie host="^.+\.checkpoint\.com$" name=".+" />
-
-
-	<rule from="^https?://(?:www\.)?checkpoint\.com/"
-		to="https://www.checkpoint.com/" />
-
-	<rule from="^http://(careers|dl3|downloads|forums|sc1|store|supportcenter|usercenter)\.checkpoint\.com/"
-		to="https://$1.checkpoint.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Checkdomain.xml b/src/chrome/content/rules/Checkdomain.xml
deleted file mode 100644
index b783d4ce3193..000000000000
--- a/src/chrome/content/rules/Checkdomain.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<ruleset name="Checkdomain">
-
-	<target host="checkdomain.de" />
-	<target host="www.checkdomain.de" />
-	<!--	* for cross-domain cookies.	-->
-	<target host="*.www.checkdomain.de" />
-
-
-	<securecookie host="^\.www\.checkdomain\.de$" name=".*" />
-
-
-	<rule from="^http://(www\.)?checkdomain\.de/"
-		to="https://$1checkdomain.de/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Checkmarx.com-problematic.xml b/src/chrome/content/rules/Checkmarx.com-problematic.xml
new file mode 100644
index 000000000000..179ab90957cf
--- /dev/null
+++ b/src/chrome/content/rules/Checkmarx.com-problematic.xml
@@ -0,0 +1,13 @@
+<!--
+	For problematic rules, see Checkmarx.com-problematic-problematic.xml.
+
+-->
+<ruleset name="Checkmarx.com (problematic)" default_off="mismatched">
+
+	<target host="lp.checkmarx.com" />
+
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Checkmarx.com.xml b/src/chrome/content/rules/Checkmarx.com.xml
new file mode 100644
index 000000000000..45702fada80c
--- /dev/null
+++ b/src/chrome/content/rules/Checkmarx.com.xml
@@ -0,0 +1,44 @@
+<!--
+	For problematic rules, see Checkmarx.com-problematic.xml.
+
+
+	Other Checkmarx rulesets:
+
+		- Cxcloud.com.xml
+
+
+	Problematic subdomains:
+
+		- lp *
+
+	* Works; mismatched, CN: *.unbounce.com
+
+
+	Some pages redirect to http.
+
+
+	Mixed content:
+
+		- Images on lp from www.googleadservices.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Checkmarx.com (partial)">
+
+	<target host="checkmarx.com" />
+	<target host="www.checkmarx.com" />
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="^http://(www\.)?checkmarx\.com/+($|\?)" /-->
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="^http://(www\.)?checkmarx\.com/+(?!favicon\.ico|wp-content/|wp-includes/)" /-->
+
+
+	<rule from="^http://(www\.)?checkmarx\.com/(?=favicon\.ico|wp-content/|wp-includes/)"
+		to="https://$1checkmarx.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Checkmyping.com.xml b/src/chrome/content/rules/Checkmyping.com.xml
new file mode 100644
index 000000000000..79bd43275435
--- /dev/null
+++ b/src/chrome/content/rules/Checkmyping.com.xml
@@ -0,0 +1,17 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://checkmyping.com/ => https://checkmyping.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.checkmyping.com/ => https://www.checkmyping.com/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="checkmyping.com" default_off="failed ruleset test">
+
+	<target host="checkmyping.com" />
+	<target host="www.checkmyping.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Checktls.com.xml b/src/chrome/content/rules/Checktls.com.xml
index c218f2260c38..8ab5cc6ac16c 100644
--- a/src/chrome/content/rules/Checktls.com.xml
+++ b/src/chrome/content/rules/Checktls.com.xml
@@ -1,6 +1,6 @@
 <ruleset name="Checktls.com">
 <target host="www.checktls.com"/>
 <target host="checktls.com"/>
-<rule from="^http://(www\.)?checktls\.com/" to="https://www.checktls.com/"/>
+<rule from="^http:" to="https:" />
 </ruleset>
- 
+
diff --git a/src/chrome/content/rules/Cheema.com.xml b/src/chrome/content/rules/Cheema.com.xml
index 0cd2b39fc01c..10102afd6ee5 100644
--- a/src/chrome/content/rules/Cheema.com.xml
+++ b/src/chrome/content/rules/Cheema.com.xml
@@ -4,11 +4,11 @@
 	<target host="www.cheema.com" />
 
 
-	<securecookie host="^cheema\.com$" name=".*" />
+	<securecookie host="^cheema\.com$" name=".+" />
 
 
 	<!--	Cert only matches //cheema.com.	-->
-	<rule from="^https?://(?:www\.)?cheema\.com/"
+	<rule from="^http://(?:www\.)?cheema\.com/"
 		to="https://cheema.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/CheetahMail.xml b/src/chrome/content/rules/CheetahMail.xml
index 8481f86d7a3e..8c7fd1790125 100644
--- a/src/chrome/content/rules/CheetahMail.xml
+++ b/src/chrome/content/rules/CheetahMail.xml
@@ -1,22 +1,25 @@
 <!--
 	For other Experian coverage, see Experian.xml.
 
+
+	Mixed content:
+
+		- Images on ebm from various domains
+
 -->
 <ruleset name="CheetahMail">
 
 	<target host="cheetahmail.com" />
-	<target host="*.cheetahmail.com" />
+	<target host="www.cheetahmail.com" />
+	<target host="ebm.cheetahmail.com" />
 	<target host="chtah.com" />
 	<target host="f.chtah.com" />
 
 
-	<rule from="^https?://(?:www\.)?cheetahmail\.com/"
+	<rule from="^http://(?:www\.)?cheetahmail\.com/"
 		to="https://www.experian.com/cheetahmail/" />
 
-	<rule from="^http://ebm\.cheetahmail\.com/"
-		to="https://ebm.cheetahmail.com/" />
 
-	<rule from="^http://(f\.)?chtah\.com/"
-		to="https://$1chtah.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Cheezburger.xml b/src/chrome/content/rules/Cheezburger.xml
index 0ccd8bcb83df..7df1807113fb 100644
--- a/src/chrome/content/rules/Cheezburger.xml
+++ b/src/chrome/content/rules/Cheezburger.xml
@@ -1,76 +1,51 @@
 <!--
 	CDN buckets:
-
 		- wac.1ddb.edgecastcdn.net/??1DDB/
-
-			- images.cheezburger.com
-
+			- images.cheezburger.com (mismatched, CN: *.chzbgr.com)
 		- cheezburger.freshdesk.com
 
-			- support.cheezburger.com
-
-
-	As of 2012-08-22, known unprotected subdomains are:
-
-		- advertising	(unbounce.com certificate)
-		- blog		(not listening on https)
-		- corp		(not listening on https)
-		- feedback	(uservoice.com certificate)
-		- jobs		(theresumator.com certificate)
-		- sites		(unbounce.com certificate)
+	Invalid certificate:
+		- advertising.cheezburger.com
+		- blog.cheezburger.com
+		- corp.cheezburger.com
+		- feedback.cheezburger.com
+		- sites.cheezburger.com
+		- support.cheezburger.com, equivalent to cheezburger.freshdesk.com
 
 	However, there are tens (hundreds?) of subdomains supporting https with
 	a wildcard certificate, so it's not worth whitelisting them one by one.
 
 	Other related unprotected hosts:
-
-		- chzb.gr
 		- knowyourmeme.com
 
-
 	Problematic domains:
-
 		- images.cheezburger.com	(works; mismatched, CN: gp1.wac.edgecastcdn.net)
-		- support.cheezburger.com	(freshdesk)
 
+	There are some inconsistent redirects between cheezburger.com and www.cheezburger.com,
+ 	so don't try to enforce either hostname.
 -->
-<ruleset name="Cheezburger" platform="mixedcontent">
 
+<ruleset name="Cheezburger" platform="mixedcontent">
+	<!-- cheezburger.com -->
 	<target host="cheezburger.com" />
-	<target host="*.cheezburger.com" />
-		<exclusion pattern="^http://(?:advertising|blog|corp|feedback|jobs|sites)\.cheezburger\.com/" />
-		<!--
-			Exclude what *shouldn't* be downgraded:
-								-->
-		<exclusion pattern="^https://corp\.cheezburger\.com/(?!(?:copyright-infringement-notification|privacy-policy|terms-of-service)/$)" />
-	<target host="chzb.gr" />
-	<target host="*.chzbgr.com" />
+	<target host="www.cheezburger.com" />
+	<target host="images.cheezburger.com" />
+	<target host="jobs.cheezburger.com" />
+	<target host="support.cheezburger.com" />
 
+	<!-- chzbgr.com -->
+	<target host="i.chzbgr.com" />
+	<target host="s.chzbgr.com" />
+	<target host="t.chzbgr.com" />
 
 	<securecookie host="^www\.cheezburger\.com$" name=".+" />
 
-
-	<!--	https://mail1.eff.org/pipermail/https-everywhere-rules/2013-August/001665.html
-							-->
+	<!-- https://lists.eff.org/pipermail/https-everywhere-rules/2013-August/001665.html -->
 	<rule from="^http://images\.cheezburger\.com/"
 		to="https://i.chzbgr.com/" />
 
 	<rule from="^http://support\.cheezburger\.com/"
-		to="https://cheezburger.support.com/" />
-
-	<!--	There are some inconsistent redirects between cheezburger.com and
-		www.cheezburger.com. So don't try to enforce either hostname.
-									-->
-	<rule from="^http://([\w-]+\.)?cheezburger\.com/"
-		to="https://$1cheezburger.com/" />
-
-	<rule from="^https?://chzb\.gr/"
-		to="https://bit.ly/" />
-
-	<rule from="^http://(i|s|t)\.chzbgr\.com/"
-		to="https://$1.chzbgr.com/" />
-
-	<rule from="^https://(advertising|blog|corp|feedback|jobs|sites)\.cheezburger\.com/?$"
-		to="http://$1.cheezburger.com/" downgrade="1" />
+		to="https://cheezburger.freshdesk.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Chef.io.xml b/src/chrome/content/rules/Chef.io.xml
new file mode 100644
index 000000000000..76a4ba4ab7b9
--- /dev/null
+++ b/src/chrome/content/rules/Chef.io.xml
@@ -0,0 +1,75 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://pages.chef.io/css/mktLPSupport.css (200) => https://na-sj05.marketo.com/css/mktLPSupport.css (403)
+Non-2xx HTTP code: http://pages.chef.io/images/forms/backRequiredGray.gif (200) => https://na-sj05.marketo.com/images/forms/backRequiredGray.gif (403)
+Fetch error: http://happylaptop.chef.io/ => https://happylaptop.chef.io/: (6, 'Could not resolve host: happylaptop.chef.io')
+
+	Nonfunctional hosts in *chef.io:
+
+		- eggs ¹
+		- ei ¹
+		- lists ¹
+		- pages ²
+		- status ¹
+
+	¹ Refused
+	² Marketo
+
+
+	Problematic hosts in *chef.io:
+
+		- friends *
+
+	* Mismatched
+
+-->
+<ruleset name="Chef.io (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="chef.io" />
+	<target host="compliance.chef.io" />
+	<target host="discourse.chef.io" />
+	<target host="docs.chef.io" />
+	<target host="downloads.chef.io" />
+	<target host="feedback.chef.io" />
+	<target host="happylaptop.chef.io" />
+	<target host="id.chef.io" />
+	<target host="kungfu.chef.io" />
+	<target host="learn.chef.io" />
+	<target host="manage.chef.io" />
+	<target host="omnitruck.chef.io" />
+	<target host="supermarket.chef.io" />
+	<target host="tickets.chef.io" />
+	<target host="www.chef.io" />
+
+	<!--	Complications:
+				-->
+	<target host="pages.chef.io" />
+
+		<exclusion pattern="^http://pages\.chef\.io/+(?!css/|images/|rs/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://pages.chef.io/contact-us.html" />
+			<test url="http://pages.chef.io/getting-started-office-hours.html" />
+			<test url="http://pages.chef.io/open-training.html" />
+			<test url="http://pages.chef.io/product-and-features" />
+
+			<!--	-ve:
+					-->
+			<test url="http://pages.chef.io/css/mktLPSupport.css" />
+			<test url="http://pages.chef.io/images/forms/backRequiredGray.gif" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://pages\.chef\.io/"
+		to="https://na-sj05.marketo.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Chefkoch.de.xml b/src/chrome/content/rules/Chefkoch.de.xml
new file mode 100644
index 000000000000..fa991053e60b
--- /dev/null
+++ b/src/chrome/content/rules/Chefkoch.de.xml
@@ -0,0 +1,27 @@
+<!--
+	Invalid certificate:
+		chefkoch-blog.de
+		www.chefkoch-blog.de
+
+-->
+<ruleset name="Chefkoch (partial)">
+
+
+	<target host="css.chefkoch-cdn.de" />
+	<target host="img.chefkoch-cdn.de" />
+	<target host="js.chefkoch-cdn.de" />
+	<target host="static.chefkoch-cdn.de" />
+
+	<exclusion pattern="^http://css\.chefkoch-cdn\.de/$" />
+				<test url="http://css.chefkoch-cdn.de/css/ck.de/snippet-newsletter-form.css" />
+
+	<exclusion pattern="^http://js\.chefkoch-cdn\.de/$" />
+				<test url="http://js.chefkoch-cdn.de/js/webtrekk-pi-source.js" />
+
+	<exclusion pattern="^http://static\.chefkoch-cdn\.de/$" />
+				<test url="http://static.chefkoch-cdn.de/ck.de/faded-end.min.js" />
+
+	<rule from="^http:"
+			to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Chefmansousvide.com.xml b/src/chrome/content/rules/Chefmansousvide.com.xml
new file mode 100644
index 000000000000..93fc07d379ff
--- /dev/null
+++ b/src/chrome/content/rules/Chefmansousvide.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Chefmansousvide.com">
+	<target host="chefmansousvide.com" />
+	<target host="www.chefmansousvide.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ChemSpider.com.xml b/src/chrome/content/rules/ChemSpider.com.xml
new file mode 100644
index 000000000000..c410f09cc3a3
--- /dev/null
+++ b/src/chrome/content/rules/ChemSpider.com.xml
@@ -0,0 +1,15 @@
+<ruleset name="ChemSpider.com">
+	<target host="chemspider.com" />
+	<target host="www.chemspider.com" />
+	<target host="chemsynthesis.chemspider.com" />
+	<target host="cssp.chemspider.com" />
+	<target host="cvsp.chemspider.com" />
+	<target host="onschallenge.chemspider.com" />
+	<target host="parts.chemspider.com" />
+	<target host="pharmasea.chemspider.com" />
+	<target host="rdf.chemspider.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Chemical_Abstracts_Service.xml b/src/chrome/content/rules/Chemical_Abstracts_Service.xml
index 9953552e08a9..7ce8608bb661 100644
--- a/src/chrome/content/rules/Chemical_Abstracts_Service.xml
+++ b/src/chrome/content/rules/Chemical_Abstracts_Service.xml
@@ -23,17 +23,20 @@
 <ruleset name="Chemical Abstracts Service (partial)" platform="mixedcontent">
 
 	<target host="cas.org" />
-	<target host="*.cas.org" />
+	<target host="my.cas.org" />
+	<target host="scifinder.cas.org" />
+	<target host="stneasy.cas.org" />
+	<target host="stneasy-japan.cas.org" />
+	<target host="www.cas.org" />
 		<!--exclusion pattern="^http://sitesearch\.cas\.org/" /-->
 
 
 	<securecookie host="^www\.cas\.org$" name=".+" />
 
 
-	<rule from="^https?://cas\.org/"
+	<rule from="^http://cas\.org/"
 		to="https://www.cas.org/" />
 
-	<rule from="^http://(my|scifinder|stneasy(?:-japan)?|www)\.cas\.org/"
-		to="https://$1.cas.org/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ChemistWarehouse.xml b/src/chrome/content/rules/ChemistWarehouse.xml
new file mode 100644
index 000000000000..234dad0e66a6
--- /dev/null
+++ b/src/chrome/content/rules/ChemistWarehouse.xml
@@ -0,0 +1,21 @@
+<!--
+	For chemistwarehouse.com.au
+
+		Works:
+
+			- secure
+
+		Problematic:
+
+			- www * & **
+			- $ **
+
+		* cert mismatch
+		** redirects to http
+-->
+<ruleset name="Chemist Warehouse">
+	<target host="secure.chemistwarehouse.com.au" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Cherenkov_Telescope_Array.xml b/src/chrome/content/rules/Cherenkov_Telescope_Array.xml
index a7784611f6f0..d0e66d284e96 100644
--- a/src/chrome/content/rules/Cherenkov_Telescope_Array.xml
+++ b/src/chrome/content/rules/Cherenkov_Telescope_Array.xml
@@ -5,13 +5,11 @@
 <ruleset name="Cherenkov Telescope Array">
 
 	<target host="www.cta-observatory.org" />
-	<target host="*.www.cta-observatory.org" />
 
 
 	<securecookie host="^\.www\.cta-observatory\.org$" name=".+" />
 
 
-	<rule from="^http://www\.cta-observatory\.org/"
-		to="https://www.cta-observatory.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Cherry.de.xml b/src/chrome/content/rules/Cherry.de.xml
new file mode 100644
index 000000000000..446144720298
--- /dev/null
+++ b/src/chrome/content/rules/Cherry.de.xml
@@ -0,0 +1,32 @@
+<!--
+	Fully covered subdomains:
+
+		- (www.)
+		- wt
+
+
+	Mixed content:
+
+		- Images from www *
+
+		- Web bugs, from:
+
+			- wt *
+			- www *
+
+	* Secured by us
+
+-->
+<ruleset name="Cherry.de">
+
+	<target host="cherry.de" />
+	<target host="wt.cherry.de" />
+	<target host="www.cherry.de" />
+
+
+	<securecookie host="^(?:www\.)?cherry\.de$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cherwell.gov.uk.xml b/src/chrome/content/rules/Cherwell.gov.uk.xml
new file mode 100644
index 000000000000..a956e8f256ef
--- /dev/null
+++ b/src/chrome/content/rules/Cherwell.gov.uk.xml
@@ -0,0 +1,25 @@
+<!--
+	For other UK government coverage, see GOV.UK.xml.
+
+	Cherwell District Council
+
+	Non-functional hosts
+		Timeout was reached:
+		- npa.cherwell.gov.uk
+		- your.cherwell.gov.uk
+
+		SSL peer certificate was not OK:
+		- consult.cherwell.gov.uk
+
+		Different content:
+		- modgov.cherwell.gov.uk
+		- revenuesbenefits.cherwell.gov.uk
+-->
+<ruleset name="Cherwell.gov.uk">
+	<target host="cherwell.gov.uk" />
+	<target host="www.cherwell.gov.uk" />
+	<target host="portal.cherwell.gov.uk" />
+	<target host="www.publicaccess.cherwell.gov.uk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Cheshire.gov.uk.xml b/src/chrome/content/rules/Cheshire.gov.uk.xml
new file mode 100644
index 000000000000..11115442836f
--- /dev/null
+++ b/src/chrome/content/rules/Cheshire.gov.uk.xml
@@ -0,0 +1,64 @@
+<!--
+	Cheshire West and Chester Council
+
+	For rules causing false/broken MCB, see Cheshire.gov.uk-falsemixed.xml.
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *cheshire.gov:
+
+		- (www.)? ³
+		- archives ᵈ
+		- www.els ᵈ
+		- rcp ³
+		- rcplive ³
+		- parish ᶠ
+		- ppilot ᵈ
+
+	³ 403
+	ᵈ Dropped
+	ᶠ Handshake fails
+
+
+	Problematic hosts in *cheshire.gov:
+
+		- archivedatabases ᵐ
+		- maps ˣ
+
+	ᵐ Mismatched
+	ˣ Mixed css
+
+
+	Insecure cookies are set for these hosts:
+
+		- archive.cheshire.gov.uk
+
+
+	Mixed content:
+
+		- css on maps from $self ˢ
+		- Images on maps from $self ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="Cheshire.gov.uk (partial)">
+
+	<target host="archive.cheshire.gov.uk" />
+	<!--target host="maps.cheshire.gov.uk" /-->
+	<target host="renewals.cheshire.gov.uk" />
+	<target host="suppliers.cheshire.gov.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^archive\.cheshire\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cheshire_East.gov.uk-mixedcontent.xml b/src/chrome/content/rules/Cheshire_East.gov.uk-mixedcontent.xml
new file mode 100644
index 000000000000..7a30325ce59b
--- /dev/null
+++ b/src/chrome/content/rules/Cheshire_East.gov.uk-mixedcontent.xml
@@ -0,0 +1,18 @@
+<!--
+	For rules not causing MCB, see Cheshire_East.gov.uk.xml.
+
+-->
+<ruleset name="Cheshire East.gov.uk (MCB)" platform="mixedcontent">
+
+	<target host="apps.cheshireeast.gov.uk" />
+	<!--target host="moderngov.cheshireeast.gov.uk" /-->
+	<target host="online.cheshireeast.gov.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cheshire_East.gov.uk.xml b/src/chrome/content/rules/Cheshire_East.gov.uk.xml
new file mode 100644
index 000000000000..e032690c344e
--- /dev/null
+++ b/src/chrome/content/rules/Cheshire_East.gov.uk.xml
@@ -0,0 +1,95 @@
+<!--
+	Cheshire East Council
+
+	For rules causing MCB, see Cheshire_East.gov.uk-mixedcontent.xml.
+
+
+	Nonfunctional hosts in *cheshireeast.gov.uk:
+
+		- (www.)? ᵈ
+		- businessdirectory ³
+		- ceias ᵈ
+		- doc ʳ
+		- planning ᵃ
+		- whatson ³
+
+	³ 403
+	ᵃ Shows another domain
+	ᵈ Dropped
+	ʳ Refused
+
+
+	Problematic hosts in *cheshireeast.gov.uk:
+
+		- apps ˣ
+		- forms ᵐ
+		- moderngov ᶜ ˣ
+		- online ˣ
+
+	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
+	ᵐ Mismatched
+	ˣ Mixed css
+
+
+	Insecure cookies are set for these hosts:
+
+		- fisolive.cheshireeast.gov.uk
+		- leisure.cheshireeast.gov.uk
+		- moderngov.cheshireeast.gov.uk
+		- myaccount.cheshireeast.gov.uk
+		- online.cheshireeast.gov.uk
+
+
+	Mixed content:
+
+		- css, on:
+
+			- apps from $self ˢ
+			- moderngov, online from www.cheshireeast.gov.uk ᵈ
+
+		- Images, on:
+
+			- apps from $self ˢ
+			- moderngov from www.cheshireeast.gov.uk ᵈ
+
+	ᵈ Unsecurable <= dropped
+	ˢ Secured by us
+
+-->
+<ruleset name="Cheshire East.gov.uk (partial)">
+
+	<!--target host="apps.cheshireeast.gov.uk" /-->
+	<target host="cecpp.cheshireeast.gov.uk" />
+	<target host="erevenues.cheshireeast.gov.uk" />
+	<target host="fisolive.cheshireeast.gov.uk" />
+	<target host="ice.cheshireeast.gov.uk" />
+	<target host="leisure.cheshireeast.gov.uk" />
+	<!--target host="moderngov.cheshireeast.gov.uk" /-->
+	<target host="myaccount.cheshireeast.gov.uk" />
+	<!--target host="online.cheshireeast.gov.uk" /-->
+	<target host="opendata.cheshireeast.gov.uk" />
+	<target host="schooladmissions.cheshireeast.gov.uk" />
+
+		<!--	Mixed css:
+					-->
+		<!--test url="http://apps.cheshireeast.gov.uk/CE_SilverCloudBusinessDirectory2.htm" /-->
+		<!--test url="http://online.cheshireeast.gov.uk/MyCollectionDay/" /-->
+
+		<!--	Sets cookies without Secure:
+							-->
+		<!--test url="http://fisolive.cheshireeast.gov.uk/PublicEnquiry/Search.aspx?searchID=312" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^fisolive\.cheshireeast\.gov\.uk$" name="^(?:ASP\.NET_SessionId|PETestCookie)$" /-->
+	<!--securecookie host="^(?:leisure|moderngov|online)\.cheshireeast\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^myaccount\.cheshireeast\.gov\.uk$" name="^cookietest$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ChessBase.com.xml b/src/chrome/content/rules/ChessBase.com.xml
index 5c40705e397c..528c89ceee78 100644
--- a/src/chrome/content/rules/ChessBase.com.xml
+++ b/src/chrome/content/rules/ChessBase.com.xml
@@ -4,25 +4,25 @@
 		- ChessBase-shop.com.xml
 
 
-	Problematic subdomains:
+	Mixed content:
 
-		- de *
-		- en *
-		- es *
+		- Images on en, es from shop.chessbase.com ˢ
 
-	* 404
-
-
-	Cert only matches ^chessbase.com
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="ChessBase.com (partial)" default_off="self-signed">
+<ruleset name="ChessBase.com (partial)">
 
 	<target host="chessbase.com" />
-	<target host="*.chessbase.com" />
+	<target host="de.chessbase.com" />
+	<target host="en.chessbase.com" />
+	<target host="es.chessbase.com" />
+	<target host="liveblitzcb.chessbase.com" />
+	<target host="shop.chessbase.com" />
+	<target host="www.chessbase.com" />
 
 
-	<rule from="^http://(?:\w\w\.|www\.)?chessbase\.com/(?=adv/|bundle/|content/|favicon\.ico|thumb/)"
-		to="https://chessbase.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Chevereto.com.xml b/src/chrome/content/rules/Chevereto.com.xml
new file mode 100644
index 000000000000..d0641fb90758
--- /dev/null
+++ b/src/chrome/content/rules/Chevereto.com.xml
@@ -0,0 +1,36 @@
+<!--
+	Nonfunctional hosts in *chevereto.com:
+
+		- demo *
+
+	* Redirects to http
+
+
+	Insecure cookies are set for these hosts:
+
+		- chevereto.com
+
+-->
+<ruleset name="Chevereto.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="chevereto.com" />
+	<target host="www.chevereto.com" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://demo\.chevereto\.com/($|app/)" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^chevereto\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^chevereto\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cheznous.com.xml b/src/chrome/content/rules/Cheznous.com.xml
new file mode 100644
index 000000000000..97933fb9941b
--- /dev/null
+++ b/src/chrome/content/rules/Cheznous.com.xml
@@ -0,0 +1,18 @@
+<!--
+	For other Wyndham related rulesets, see WyndhamHotels.com.xml
+
+	Non-functional hosts
+		Timeout was reached:
+		- cheznous.com
+-->
+<ruleset name="Cheznous.com">
+	<target host="cheznous.com" />
+	<target host="www.cheznous.com" />
+	<target host="setup.cheznous.com" />
+
+	<rule from="^http://cheznous\.com/"
+		to="https://www.cheznous.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Chicago_Fed.org.xml b/src/chrome/content/rules/Chicago_Fed.org.xml
new file mode 100644
index 000000000000..8114620ea76d
--- /dev/null
+++ b/src/chrome/content/rules/Chicago_Fed.org.xml
@@ -0,0 +1,18 @@
+<!--
+	Federal Reserve Bank of Chicago
+
+
+-->
+<ruleset name="Chicago Fed.org">
+
+	<target host="chicagofed.org" />
+	<target host="www.chicagofed.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Chicago_Tribune-problematic.xml b/src/chrome/content/rules/Chicago_Tribune-problematic.xml
deleted file mode 100644
index e3550809a203..000000000000
--- a/src/chrome/content/rules/Chicago_Tribune-problematic.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	For rules that are on by default, see Chicago_Tribune.xml.
-
--->
-<ruleset name="Chicago Tribune (problematic)" default_off="akamai certificate" platform="mixedcontent">
-
-	<target host="chicagotribune.com" />
-	<target host="www.chicagotribune.com" />
-
-
-	<rule from="^https?://(?:www\.)?chicagotribune\.com/"
-		to="https://www.chicagotribune.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Chicago_Tribune.xml b/src/chrome/content/rules/Chicago_Tribune.xml
index fa481bdcec83..76180fa12217 100644
--- a/src/chrome/content/rules/Chicago_Tribune.xml
+++ b/src/chrome/content/rules/Chicago_Tribune.xml
@@ -1,38 +1,63 @@
 <!--
-	For problematic rules, see Chicago_Tribune-problematic.xml.
-
-
-	For other Tribune coverage, see Tribune.xml.
-
-
-	CDN buckets:
-
-		- dev-chitribgreenguide.s3.amazonaws.com
-		- s3.amazonaws.com/prod-chitribgreenguide/
-
-
-	Nonfunctional subdomains:
-
-		- my	(504; akamai)
-		- touch	(refused)
-
-
-	Problematic subdomains:
-
-		- ^	(times out)
-		- cars	(works; mismatched, CN: members.chicagotribune.com)
-		- www	(works, akamai)
+	For other Tribune coverage, see Tribune.xml
+
+	Non-functional hosts in *.chicagotribune.com
+		Couldn't connect to server:
+			 - chicagotribune.com
+
+		Timeout was reached:
+			 - ad.chicagotribune.com
+			 - apps.chicagotribune.com
+			 - galleries.apps.chicagotribune.com
+			 - dealerspecials.chicagotribune.com
+			 - graphics.chicagotribune.com
+
+		SSL peer certificate was not OK:
+			 - autos.chicagotribune.com
+			 - digitaledition.chicagotribune.com
+			 - local.chicagotribune.com
+			 - www.chicagotribune.com
+
+		Peer certificate cannot be authenticated with given CA certificates:
+			 - advertise.chicagotribune.com
+			 - crime.chicagotribune.com
+			 - schools.chicagotribune.com
+			 - touch.chicagotribune.com
+
+		Secure connection redirects to plaintext:
+			 - localdeals.chicagotribune.com
+
+		Mixed content blocking (MCB) tiggered:
+			 - membership.chicagotribune.com
+
+	Non-functional hosts in *.trbas.com
+		Timeout was reached:
+			 - www.preprod.trbas.com
+			 - s.preprod.trbas.com
+
+	Non-functional hosts in *.trbimg.com
+		Peer certificate cannot be authenticated with given CA certificates:
+			 - trbimg.com
 
 -->
-<ruleset name="Chicago Tribune (partial)">
-
-	<target host="*.chicagotribune.com" />
-
-
-	<securecookie host="^myaccount2\.chicagotribune\.com$" name=".+" />
-
-
-	<rule from="^http://((?:www\.)?advertise|members|myaccount2)\.chicagotribune\.com/"
-		to="https://$1.chicagotribune.com/" />
-
-</ruleset>
\ No newline at end of file
+<ruleset name="Chicago Tribune.com (partial)">
+	<!-- chicagotribune.com -->
+	<target host="community.chicagotribune.com" />
+	<target host="members.chicagotribune.com" />
+	<target host="myaccount2.chicagotribune.com" />
+	<target host="placeanad.chicagotribune.com" />
+
+	<!-- trbas.com -->
+	<target host="www.trbas.com" />
+		<test url="http://www.trbas.com/jive/prod/common/javascripts/lib.1q2w3_f2a845ae2ece8576ba7c4771b603432d.min.js" />
+
+	<!-- trbimg.com -->
+	<target host="www.trbimg.com" />
+		<test url="http://www.trbimg.com/img-584836fe/turbine/ct-magnifying-glass-20161207/" />
+		<test url="http://www.trbimg.com/img-592877d0/turbine/ct-lisle-home-on-private-road-12m-20170526/100/100x56" />
+		<test url="http://www.trbimg.com/img-592b2249/turbine/ct-elite-street-jay-cutler-kristin-cavallari-lake-forest-biz-20170528/400/400x225" />
+		<test url="http://www.trbimg.com/img-592b4f20/turbine/ct-bike-the-drive-2017-photos20170528/100/100x56" />
+		<test url="http://www.trbimg.com/img-592b9421/turbine/ct-trump-pic-20170528-002/650/650x366" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Chicken_Soup_for_the_Soul.xml b/src/chrome/content/rules/Chicken_Soup_for_the_Soul.xml
index c19e82f47a45..312acd00680b 100644
--- a/src/chrome/content/rules/Chicken_Soup_for_the_Soul.xml
+++ b/src/chrome/content/rules/Chicken_Soup_for_the_Soul.xml
@@ -1,13 +1,25 @@
-<ruleset name="Chicken Soup for the Soul">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://chickensoup.com/ => https://chickensoup.com/: Too many redirects while fetching 'https://chickensoup.com/'
+Fetch error: http://www.chickensoup.com/ => https://www.chickensoup.com/: Too many redirects while fetching 'https://www.chickensoup.com/'
+
+-->
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://chickensoup.com/ => https://chickensoup.com/: Too many redirects while fetching 'https://chickensoup.com/'
+
+-->
+<ruleset name="Chicken Soup for the Soul" default_off="failed ruleset test">
 
 	<target host="chickensoup.com" />
-	<target host="*.chickensoup.com" />
+	<target host="www.chickensoup.com" />
 
 
 	<securecookie host="^(?:www)?\.chickensoup\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?chickensoup\.com/"
-		to="https://$1chickensoup.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Childrens_Mutual.xml b/src/chrome/content/rules/Childrens_Mutual.xml
deleted file mode 100644
index 110e552bce92..000000000000
--- a/src/chrome/content/rules/Childrens_Mutual.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	For other Foresters coverage, see Foresters.xml
-
-
-	Nonfunctional subdomains:
-
-		- www	(shows RHEL test page, CN: localhost.localdomain)
-
--->
-<ruleset name="The Children's Mutual (partial)">
-
-	<target host="ctf.thechildrensmutual.co.uk" />
-
-
-	<securecookie host="^ctf\.thechildrensmutual\.co\.uk$" name=".+" />
-
-
-	<rule from="^http://ctf\.thechildrensmutual\.co\.uk/"
-		to="https://ctf.thechildrensmutual.co.uk/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/ChileBit.NET.xml b/src/chrome/content/rules/ChileBit.NET.xml
new file mode 100644
index 000000000000..e6645139fe19
--- /dev/null
+++ b/src/chrome/content/rules/ChileBit.NET.xml
@@ -0,0 +1,30 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .chilebit.net
+
+
+	Mixed content:
+
+		- css from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="ChileBit.NET">
+
+	<target host="chilebit.net" />
+	<target host="www.chilebit.net" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.chilebit\.net$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.chilebit\.net$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ChiliProject.org.xml b/src/chrome/content/rules/ChiliProject.org.xml
index 8cd4fb42b0f8..19a82d1103b9 100644
--- a/src/chrome/content/rules/ChiliProject.org.xml
+++ b/src/chrome/content/rules/ChiliProject.org.xml
@@ -13,7 +13,6 @@
 	<securecookie host="^www\.chiliproject\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?chiliproject\.org/"
-		to="https://$1chiliproject.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Chillicothe_Gazette.xml b/src/chrome/content/rules/Chillicothe_Gazette.xml
index 71b18bb680ad..46c6407d0d75 100644
--- a/src/chrome/content/rules/Chillicothe_Gazette.xml
+++ b/src/chrome/content/rules/Chillicothe_Gazette.xml
@@ -11,13 +11,14 @@
 <ruleset name="Chillicothe Gazette">
 
 	<target host="chillicothegazette.com" />
-	<target host="*.chillicothegazette.com" />
+	<target host="cmsimg.chillicothegazette.com" />
+	<target host="www.chillicothegazette.com" />
 
 
 	<securecookie host="^www\.chillicothegazette\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:cmsimg\.|www\.)?chillicothegazette\.com/"
+	<rule from="^http://(?:cmsimg\.|www\.)?chillicothegazette\.com/"
 		to="https://www.chillicothegazette.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ChillingEffects.xml b/src/chrome/content/rules/ChillingEffects.xml
index 7eb9b897d72d..7a4f2359cc08 100644
--- a/src/chrome/content/rules/ChillingEffects.xml
+++ b/src/chrome/content/rules/ChillingEffects.xml
@@ -1,10 +1,10 @@
 <ruleset name="ChillingEffects">
 
 	<target host="chillingeffects.org" />
-	<target host="*.chillingeffects.org" />
+	<target host="images.chillingeffects.org" />
+	<target host="www.chillingeffects.org" />
 
 
-	<rule from="^http://(images\.|www\.)?chillingeffects\.org/"
-		to="https://$1chillingeffects.org/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Chime.in.xml b/src/chrome/content/rules/Chime.in.xml
index a7288f733426..444089d2fd00 100644
--- a/src/chrome/content/rules/Chime.in.xml
+++ b/src/chrome/content/rules/Chime.in.xml
@@ -1,27 +1,15 @@
 <!--
-	cdnbakmi.kaltura.com/p/695492/sp/69549200/
-
-
-	Nonfunctional domains:
-
-		- www.blogged.com
+	All subdomains redirect to https://chime.aws/
 
 -->
 <ruleset name="Chime.in">
 
 	<target host="chime.in" />
-	<target host="*.chime.in" />
-
-
-	<securecookie host="^(www\.)?chime\.in$" name=".*" />
-
+	<target host="www.chime.in" />
 
-	<rule from="^http://(www\.)?chime\.in/"
-		to="https://$1chime.in/" />
+	<securecookie host=".+" name=".+" />
 
-	<!--	chimein.zendesk.com/home redirects back.
-				-->
-	<rule from="^http://support\.chime\.in/(assets|external|generated|images|registration|system)/"
-		to="https://chime.zendesk.com/$2/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/ChimeriC.de.xml b/src/chrome/content/rules/ChimeriC.de.xml
new file mode 100644
index 000000000000..03568144054d
--- /dev/null
+++ b/src/chrome/content/rules/ChimeriC.de.xml
@@ -0,0 +1,33 @@
+<!--
+	Mixed content:
+
+		- iframes from www.youtube.com *
+
+		- css, from:
+
+			- $self
+			- fonts.googleapis.com *
+
+		- Images from $self
+
+		- Bugs, from;
+
+			- www.bloggerei.de *
+			- www.topblogs.de
+
+	* Secured by us
+
+-->
+<ruleset name="ChimeriC.de" default_off="mismatched, self-signed" platform="mixedcontent">
+
+	<target host="chimeric.de" />
+	<target host="www.chimeric.de" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/China-Payment-Services.xml b/src/chrome/content/rules/China-Payment-Services.xml
deleted file mode 100644
index 17fe9a88eb05..000000000000
--- a/src/chrome/content/rules/China-Payment-Services.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<ruleset name="China Payment Services">
-
-	<target host="chinapaymentservices.com" />
-	<target host="*.chinapaymentservices.com" />
-
-
-	<securecookie host="^(.*\.)?chinapaymentservices\.com$" name=".*" />
-
-
-	<!--	- www 401s over https
-		- www redirects to !www over http
-					-->
-	<rule from="^https?://(?:www\.)?chinapaymentservices\.com/"
-		to="https://chinapaymentservices.com/" />
-
-	<rule from="^http://sales\.chinapaymentservices\.com/"
-		to="https://sales.chinapaymentservices.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/China_Labor_Watch.xml b/src/chrome/content/rules/China_Labor_Watch.xml
deleted file mode 100644
index f9318845c34e..000000000000
--- a/src/chrome/content/rules/China_Labor_Watch.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="China Labor Watch">
-
-	<target host="chinalaborwatch.org" />
-	<target host="www.chinalaborwatch.org" />
-
-
-	<!--	Cert only matches www.
-					-->
-	<rule from="^https?://(?:www\.)?chinalaborwatch\.org/"
-		to="https://www.chinalaborwatch.org/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Chinabank.com.cn.xml b/src/chrome/content/rules/Chinabank.com.cn.xml
new file mode 100644
index 000000000000..e2fb87b83269
--- /dev/null
+++ b/src/chrome/content/rules/Chinabank.com.cn.xml
@@ -0,0 +1,14 @@
+<!--
+	CONNECTION_CLOSED:
+		report.chinabank.com.cn
+-->
+
+<ruleset name="Chinabank.com.cn">
+
+	<target host="chinabank.com.cn" />
+	<target host="www.chinabank.com.cn" />
+	<target host="pay.chinabank.com.cn" />
+	<target host="pay3.chinabank.com.cn" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Chinadialogue.net.xml b/src/chrome/content/rules/Chinadialogue.net.xml
index 949a739ee73d..081dbbbbaf2a 100644
--- a/src/chrome/content/rules/Chinadialogue.net.xml
+++ b/src/chrome/content/rules/Chinadialogue.net.xml
@@ -2,23 +2,27 @@
 	CDN buckets:
 
 		- s3.amazonaws.com/cd.live/
+		- chinadialogue-production.s3.amazonaws.com
 
 
-	Problematic subdomains:
+	Incomplete certificate chain：
+		olivia.chinadialogue.net
+		tom.chinadialogue.net
 
-		- ^	(self-signed, cert only matches www)
+	Require login:
+		staging.chinadialogue.net
 
 -->
-<ruleset name="chinadialogue.net">
+<ruleset name="China Dialogue.net">
 
 	<target host="chinadialogue.net" />
-	<target host="*.chinadialogue.net" />
+	<target host="www.chinadialogue.net" />
 
 
-	<securecookie host="^\.chinadialogue\.net$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?chinadialogue\.net/"
-		to="https://www.chinadialogue.net/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/ChipLand.hu.xml b/src/chrome/content/rules/ChipLand.hu.xml
index 2576af4e0279..86a3327be6d8 100644
--- a/src/chrome/content/rules/ChipLand.hu.xml
+++ b/src/chrome/content/rules/ChipLand.hu.xml
@@ -1,6 +1,14 @@
-<ruleset name="ChipLand.hu">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.chipland.hu/ => https://www.chipland.hu/: (51, "SSL: no alternative certificate subject name matches target host name 'www.chipland.hu'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.chipland.hu/ => https://www.chipland.hu/: (60, 'SSL certificate problem: certificate has expired')
+-->
+<ruleset name="ChipLand.hu" default_off="failed ruleset test">
 	<target host="www.chipland.hu" />
 
 	<securecookie host="^www\.chipland\.hu$" name=".+" />
-	<rule from="^http://www\.chipland\.hu/" to="https://www.chipland.hu/" />
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Chiphell.com.xml b/src/chrome/content/rules/Chiphell.com.xml
new file mode 100644
index 000000000000..6fb11e2ac131
--- /dev/null
+++ b/src/chrome/content/rules/Chiphell.com.xml
@@ -0,0 +1,5 @@
+<ruleset name="Chiphell">
+    <target host="chiphell.com" />
+    <target host="www.chiphell.com" />
+    <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Chipmixer.com.xml b/src/chrome/content/rules/Chipmixer.com.xml
new file mode 100644
index 000000000000..c26163b32a04
--- /dev/null
+++ b/src/chrome/content/rules/Chipmixer.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="Chipmixer.com">
+	<target host="chipmixer.com" />
+	<target host="www.chipmixer.com" />
+
+	<!-- Although the guidelines advise against snapping redirects,
+    https://www.chipmixer.com/ served a cert for the wrong domain
+    as of the time this rule was written -->
+	<rule from="^http://www\.chipmixer\.com/" to="https://chipmixer.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Chipworks.xml b/src/chrome/content/rules/Chipworks.xml
index a2a739b2cb2a..93bc95223132 100644
--- a/src/chrome/content/rules/Chipworks.xml
+++ b/src/chrome/content/rules/Chipworks.xml
@@ -1,17 +1,23 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://drm.chipworks.com/ => https://drm.chipworks.com/: (28, 'Connection timed out after 20002 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://chipworks.com/ => https://chipworks.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 	chipworks.secure.force.com
 
 -->
-<ruleset name="Chipworks">
+<ruleset name="Chipworks" default_off="failed ruleset test">
 
 	<target host="chipworks.com" />
-	<target host="*.chipworks.com" />
+	<target host="drm.chipworks.com" />
+	<target host="www.chipworks.com" />
 
 
 	<securecookie host="^www\.chipworks\.com$" name=".+" />
 
 
-	<rule from="^http://(drm\.|www\.)?chipworks\.com/"
-		to="https://$1chipworks.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Chitika.xml b/src/chrome/content/rules/Chitika.xml
index 24efcbaed1d5..82e1ba8a64dd 100644
--- a/src/chrome/content/rules/Chitika.xml
+++ b/src/chrome/content/rules/Chitika.xml
@@ -1,8 +1,18 @@
+
 <!--
+The following targets have been disabled at 2020-04-17 18:38:06:
+
+Fetch error: http://affiliate.chitika.com/ => https://affiliate.chitika.com/: (7, 'Failed to connect to affiliate.chitika.com port 443: No route to host')
+Fetch error: http://blog.chitika.com/ => https://blog.chitika.com/: (35, 'error:1408F10B:SSL routines:ssl3_get_record:wrong version number')
+Fetch error: http://publishers.chitika.com/ => https://publishers.chitika.com/: (6, 'Could not resolve host: publishers.chitika.com')
+
+	Other Chitika rulesets:
+
+
+
 	CDN buckets:
 
 		- chitika.assistly.com
-		- scripts.chitika.net.edgesuite.net
 
 
 	Nonfunctional domains:
@@ -14,26 +24,19 @@
 			- labs		(times out)
 			- support	(cert: *.assistly.com; 301s to http)
 
-		- scripts.chitika.net	(Akamai; 503)
-
 -->
 <ruleset name="Chitika (partial)">
 
 	<target host="chitika.com" />
-	<target host="*.chitika.com" />
-	<target host="chitika.net" />
-	<target host="www.chitika.net" />
-
+	<target host="www.chitika.com" />
+	<!-- target host="affiliate.chitika.com" /-->
+	<!-- target host="blog.chitika.com" /-->
+	<!-- target host="publishers.chitika.com" /-->
 
-	<securecookie host="^(?:.*\.)?chitika\.com$" name=".*" />
 
+	<securecookie host=".+" name=".+"/>
 
-	<!--	Cert only matches *.com
-					-->
-	<rule from="^https?://(www\.)?chitika\.(?:com|net)/"
-		to="https://$1chitika.com/" />
 
-	<rule from="^http://(affiliate|blog|publishers)\.chitika\.com/"
-		to="https://$1.chitika.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Chlomo.org.xml b/src/chrome/content/rules/Chlomo.org.xml
new file mode 100644
index 000000000000..dfc7e03a773f
--- /dev/null
+++ b/src/chrome/content/rules/Chlomo.org.xml
@@ -0,0 +1,14 @@
+<!--
+	At least some pages redirect to http.
+
+-->
+<ruleset name="Chlomo.org (partial)">
+
+	<target host="chlomo.org" />
+	<target host="www.chlomo.org" />
+
+
+	<rule from="^http://(www\.)?chlomo\.org/(?=chan/(?:\w+/thumb/|favicon-v2\.png|img/|static/|stylesheets/)|favicon\.ico)"
+		to="https://$1chlomo.org/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Chocolate-Doom.org.xml b/src/chrome/content/rules/Chocolate-Doom.org.xml
new file mode 100644
index 000000000000..c8e566f8c9a2
--- /dev/null
+++ b/src/chrome/content/rules/Chocolate-Doom.org.xml
@@ -0,0 +1,12 @@
+<ruleset name="Chocolate-Doom.org">
+	<!-- new.chocolate-doom.org does not have a valid certificate -->
+	<target host="master.chocolate-doom.org" />
+	<target host="www.chocolate-doom.org" />
+	<target host="chocolate-doom.org" />
+
+	<!-- the bare domain does not support HTTPS -->
+	<rule from="^http://chocolate-doom\.org/"
+		to="https://www.chocolate-doom.org/" />
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Chocolatey.org.xml b/src/chrome/content/rules/Chocolatey.org.xml
new file mode 100644
index 000000000000..c3eae7e92e69
--- /dev/null
+++ b/src/chrome/content/rules/Chocolatey.org.xml
@@ -0,0 +1,24 @@
+<!--
+	Mixed content:
+
+		- Images from www.gravatar.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Chocolatey.org">
+
+	<target host="chocolatey.org" />
+	<target host="www.chocolatey.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^chocolatey\.org$" name="^__Controller::TempData$" /-->
+
+	<securecookie host="^chocolatey\.org$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Chocolatfrey.ch.xml b/src/chrome/content/rules/Chocolatfrey.ch.xml
new file mode 100644
index 000000000000..92f3268632ae
--- /dev/null
+++ b/src/chrome/content/rules/Chocolatfrey.ch.xml
@@ -0,0 +1,19 @@
+<!--
+	For other Migros coverage, see Migros.xml.
+
+	Mismatch:
+		- b2b.chocolatfrey.ch
+		- tafelraten.chocolatfrey.ch
+
+		- (www\.)?chocolatfrey.com
+		- b2b.chocolatfrey.com
+-->
+<ruleset name="Chocolatfrey.ch">
+	<target host="chocolatfrey.ch" />
+	<target host="www.chocolatfrey.ch" />
+
+	<target host="myfrey.ch" />
+	<target host="www.myfrey.ch" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Choice_of_Games.com.xml b/src/chrome/content/rules/Choice_of_Games.com.xml
new file mode 100644
index 000000000000..8b3b6c6ffca0
--- /dev/null
+++ b/src/chrome/content/rules/Choice_of_Games.com.xml
@@ -0,0 +1,18 @@
+<!--
+	Fully covered subdomains:
+
+		- (www.)?
+		- forum
+
+-->
+<ruleset name="Choice of Games.com">
+
+	<target host="choiceofgames.com" />
+	<target host="forum.choiceofgames.com" />
+	<target host="www.choiceofgames.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Choon.net.xml b/src/chrome/content/rules/Choon.net.xml
new file mode 100644
index 000000000000..a801a5295938
--- /dev/null
+++ b/src/chrome/content/rules/Choon.net.xml
@@ -0,0 +1,26 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://choon.net/ => https://choon.net/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.choon.net/ => https://www.choon.net/: (60, 'SSL certificate problem: certificate has expired')
+
+	Nonfunctional hosts in *choon.net:
+
+		- qmail.mirror *
+
+	* Refused
+
+-->
+<ruleset name="Choon.net (partial)" default_off="failed ruleset test">
+
+	<target host="choon.net" />
+	<target host="www.choon.net" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Choopa.com.xml b/src/chrome/content/rules/Choopa.com.xml
index 6230d4c517b2..af9c7b00318c 100644
--- a/src/chrome/content/rules/Choopa.com.xml
+++ b/src/chrome/content/rules/Choopa.com.xml
@@ -1,7 +1,5 @@
 <!--
-	Problematic subdomains:
-
-		- ^	(cert only matches www)
+	^choopa.com: Dropped
 
 
 	Fully covered subdomains:
@@ -9,20 +7,38 @@
 		- (www.)	(^ → www)
 		- my
 
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .choopa.com
+		- my.choopa.com
+		- www.choopa.com
+
 -->
 <ruleset name="Choopa.com">
 
+	<!--	Direct rewrites:
+				-->
+	<target host="my.choopa.com" />
+	<target host="www.choopa.com" />
+
+	<!--	Complications:
+				-->
 	<target host="choopa.com" />
-	<target host="*.choopa.com" />
 
 
-	<securecookie host="^(?:my|www)\.choopa\.com$" name=".+" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.choopa\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+	<!--securecookie host="^(?:my|www)\.choopa\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^(?:my|www)?\.choopa\.com$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?choopa\.com/"
+	<rule from="^http://choopa\.com/"
 		to="https://www.choopa.com/" />
 
-	<rule from="^http://my\.choopa\.com/"
-		to="https://my.choopa.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Choosealicense.com.xml b/src/chrome/content/rules/Choosealicense.com.xml
new file mode 100644
index 000000000000..c4a567e758bb
--- /dev/null
+++ b/src/chrome/content/rules/Choosealicense.com.xml
@@ -0,0 +1,14 @@
+<!--
+	For other GitHub rulesets, see Github.xml.
+
+	Invalid certificate:
+	- www.choosealicense.com
+
+-->
+<ruleset name="choosealicense.com">
+	<target host="choosealicense.com" />
+	<target host="www.choosealicense.com" />
+
+	<rule from="^http://www\.choosealicense\.com/" to="https://choosealicense.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Chooseblocks.com.xml b/src/chrome/content/rules/Chooseblocks.com.xml
new file mode 100644
index 000000000000..58cc137a88d8
--- /dev/null
+++ b/src/chrome/content/rules/Chooseblocks.com.xml
@@ -0,0 +1,12 @@
+<!--
+Cloudflare SSL
+-->
+<ruleset name="chooseblocks.com">
+	<target host="www.chooseblocks.com" />
+	<target host="chooseblocks.com" />
+
+	<securecookie host="^(www\.)?chooseblocks\.com$" name=".+" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Chorizo.ca.xml b/src/chrome/content/rules/Chorizo.ca.xml
new file mode 100644
index 000000000000..061705fa1d2c
--- /dev/null
+++ b/src/chrome/content/rules/Chorizo.ca.xml
@@ -0,0 +1,6 @@
+<ruleset name="Chorizo.ca">
+	<target host="chorizo.ca" />
+	<target host="www.chorizo.ca" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Choualbox.com.xml b/src/chrome/content/rules/Choualbox.com.xml
new file mode 100644
index 000000000000..4c57c29140cf
--- /dev/null
+++ b/src/chrome/content/rules/Choualbox.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="Choualbox.com">
+	<target host="choualbox.com" />
+	<target host="www.choualbox.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Chris-Lamb.co.uk.xml b/src/chrome/content/rules/Chris-Lamb.co.uk.xml
new file mode 100644
index 000000000000..bddae6fc1cc6
--- /dev/null
+++ b/src/chrome/content/rules/Chris-Lamb.co.uk.xml
@@ -0,0 +1,9 @@
+<ruleset name="Chris-Lamb.co.uk">
+
+	<target host="chris-lamb.co.uk" />
+	<target host="www.chris-lamb.co.uk" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Chris.lu.xml b/src/chrome/content/rules/Chris.lu.xml
new file mode 100644
index 000000000000..229bc1db4edd
--- /dev/null
+++ b/src/chrome/content/rules/Chris.lu.xml
@@ -0,0 +1,15 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.chris.lu/ => https://www.chris.lu/: (51, "SSL: no alternative certificate subject name matches target host name 'www.chris.lu'")
+
+-->
+<ruleset name="Chris.lu" default_off="failed ruleset test">
+
+	<target host="chris.lu" />
+	<target host="www.chris.lu" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Chris_Coyne.com.xml b/src/chrome/content/rules/Chris_Coyne.com.xml
new file mode 100644
index 000000000000..cbf51f340907
--- /dev/null
+++ b/src/chrome/content/rules/Chris_Coyne.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="Chris Coyne.com">
+
+	<target host="chriscoyne.com" />
+	<target host="www.chriscoyne.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Chris_Newland.com.xml b/src/chrome/content/rules/Chris_Newland.com.xml
new file mode 100644
index 000000000000..4fb3f79f0d87
--- /dev/null
+++ b/src/chrome/content/rules/Chris_Newland.com.xml
@@ -0,0 +1,17 @@
+<ruleset name="Chris Newland.com">
+
+	<target host="chrisnewland.com" />
+	<target host="www.chrisnewland.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?chrisnewland\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^(?:www\.)?chrisnewland\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Chrisanthemums.xml b/src/chrome/content/rules/Chrisanthemums.xml
index 214e3a436c62..c9e71e4d562d 100644
--- a/src/chrome/content/rules/Chrisanthemums.xml
+++ b/src/chrome/content/rules/Chrisanthemums.xml
@@ -5,7 +5,7 @@
 <ruleset name="Chrisanthemums">
 
 	<target host="chrisanthemums.com" />
-	<target host="*.chrisanthemums.com" />
+	<target host="www.chrisanthemums.com" />
 
 
 	<securecookie host="^(?:www)?\.chrisanthemums\.com$" name=".+" />
diff --git a/src/chrome/content/rules/Chrismatic.io.xml b/src/chrome/content/rules/Chrismatic.io.xml
new file mode 100644
index 000000000000..1e66ddf11c6f
--- /dev/null
+++ b/src/chrome/content/rules/Chrismatic.io.xml
@@ -0,0 +1,15 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.chrismatic.io/ => https://www.chrismatic.io/: (6, 'Could not resolve host: www.chrismatic.io')
+
+-->
+<ruleset name="chrismatic.io" default_off="failed ruleset test">
+
+	<target host="chrismatic.io" />
+	<target host="www.chrismatic.io" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Christelijke_Mutualiteit.xml b/src/chrome/content/rules/Christelijke_Mutualiteit.xml
new file mode 100644
index 000000000000..60b1fa229efe
--- /dev/null
+++ b/src/chrome/content/rules/Christelijke_Mutualiteit.xml
@@ -0,0 +1,6 @@
+<ruleset name="Christelijke Mutualiteit">
+  <target host="cm.be" />
+  <target host="www.cm.be" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Christian-Prayer-Center.xml b/src/chrome/content/rules/Christian-Prayer-Center.xml
deleted file mode 100644
index 6efc50b48503..000000000000
--- a/src/chrome/content/rules/Christian-Prayer-Center.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="Christian Prayer Center" platform="mixedcontent">
-
-	<target host="christianprayercenter.com" />
-	<target host="www.christianprayercenter.com" />
-
-	<rule from="^http://(www\.)?christianprayercenter\.com/"
-		to="https://$1christianprayercenter.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/ChristianGale.com.xml b/src/chrome/content/rules/ChristianGale.com.xml
deleted file mode 100644
index d30055b7b356..000000000000
--- a/src/chrome/content/rules/ChristianGale.com.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="ChristianGale.com">
-
-	<target host="christiangale.com" />
-	<target host="*.christiangale.com" />
-
-
-	<securecookie host="^(?:w*\.)?christiangale\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?christiangale\.com/"
-		to="https://$1christiangale.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Christian_Heilmann.xml b/src/chrome/content/rules/Christian_Heilmann.xml
index a9a4683bb901..b98213dac6ec 100644
--- a/src/chrome/content/rules/Christian_Heilmann.xml
+++ b/src/chrome/content/rules/Christian_Heilmann.xml
@@ -8,7 +8,7 @@
 	<target host="www.christianheilmann.com" />
 
 
-	<rule from="^https?://(?:www\.)?christianheilmann\.com/"
+	<rule from="^http://(?:www\.)?christianheilmann\.com/"
 		to="https://christianheilmann.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Christianbook.com.xml b/src/chrome/content/rules/Christianbook.com.xml
new file mode 100644
index 000000000000..cd4e5f516045
--- /dev/null
+++ b/src/chrome/content/rules/Christianbook.com.xml
@@ -0,0 +1,46 @@
+<!--
+	^christianbook.com: Cert only matches www.christianbook.com
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- g.christianbook.com
+		- www.christianbook.com
+		- .www.christianbook.com
+
+
+	Mixed content:
+
+		- Images on g and www from g *
+
+	* Secured by us
+
+-->
+<ruleset name="Christianbook.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="cbdreader.christianbook.com" />
+	<target host="g.christianbook.com" />
+	<target host="www.christianbook.com" />
+
+	<!--	Complications:
+				-->
+	<target host="christianbook.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:g|www)\.christianbook\.com$" name="^cbd_affinity$" /-->
+	<!--securecookie host="^\.www\.christianbook\.com$" name="^cbd_(?:csl|ticket)$" /-->
+
+	<securecookie host=".*\.christianbook\.com$" name=".+" />
+
+
+	<rule from="^http://christianbook\.com/"
+		to="https://www.christianbook.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Christofer-Fjellner.xml b/src/chrome/content/rules/Christofer-Fjellner.xml
index 65dc70855206..d97184edd5e0 100644
--- a/src/chrome/content/rules/Christofer-Fjellner.xml
+++ b/src/chrome/content/rules/Christofer-Fjellner.xml
@@ -1,15 +1,13 @@
-<ruleset name="Christofer Fjellner" default_off="mismatch">
+<ruleset name="Fjellner.eu" default_off="redirects to http">
 
-	<!--	Cert: *.loopiasecure.com	-->
 	<target host="fjellner.eu" />
 	<target host="www.fjellner.eu" />
 
 
-	<securecookie host="^www\.fjellner\.eu$" name=".*" />
+	<securecookie host="^www\.fjellner\.eu$" name=".+" />
 
 
-	<!--	!www redirects to www.	-->
-	<rule from="^http://(?:www\.)?fjellner\.eu/"
-		to="https://www.fjellner.eu/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Chrome.com.xml b/src/chrome/content/rules/Chrome.com.xml
index c89a4e042c63..0b535b6bc22d 100644
--- a/src/chrome/content/rules/Chrome.com.xml
+++ b/src/chrome/content/rules/Chrome.com.xml
@@ -3,7 +3,6 @@
 	<target host="developer.chrome.com" />
 
 
-	<rule from="^http://developer\.chrome\.com/"
-		to="https://developer.chrome.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ChromeStatus.com.xml b/src/chrome/content/rules/ChromeStatus.com.xml
new file mode 100644
index 000000000000..6ca712fa4221
--- /dev/null
+++ b/src/chrome/content/rules/ChromeStatus.com.xml
@@ -0,0 +1,16 @@
+<!--
+	For more Google related rules, see GoogleServices.xml
+
+	Secure connection failed:
+		chromestatus.com
+
+-->
+<ruleset name="ChromeStatus.com">
+
+	<target host="chromestatus.com" />
+	<target host="www.chromestatus.com" />
+
+	<rule from="^http://(www\.)?chromestatus\.com/"
+		to="https://www.chromestatus.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Chrome_Data.xml b/src/chrome/content/rules/Chrome_Data.xml
index 2affb04b63df..30a5b447dea9 100644
--- a/src/chrome/content/rules/Chrome_Data.xml
+++ b/src/chrome/content/rules/Chrome_Data.xml
@@ -2,17 +2,18 @@
 
 	<target host="login.carbook.com" />
 	<target host="chromedata.com" />
-	<target host="*.chromedata.com" />
+	<target host="autodiscover.chromedata.com" />
+	<target host="mail.chromedata.com" />
+	<target host="mopar.chromedata.com" />
+	<target host="webmail.chromedata.com" />
+	<target host="www.chromedata.com" />
 
 
 	<securecookie host="^login\.carbook\.com$" name=".+" />
 	<securecookie host="^.+\.chromedata\.com$" name=".+" />
 
 
-	<rule from="^http://login\.carbook\.com/"
-		to="https://login.carbook.com/" />
 
-	<rule from="^http://((?:autodiscover|mail|mopar|webmail|www)\.)?chromedata\.com/"
-		to="https://$1chromedata.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Chrome_Experiments.com.xml b/src/chrome/content/rules/Chrome_Experiments.com.xml
new file mode 100644
index 000000000000..7173b6132849
--- /dev/null
+++ b/src/chrome/content/rules/Chrome_Experiments.com.xml
@@ -0,0 +1,35 @@
+<!--
+	For other Google coverage, see GoogleServices.xml.
+
+
+	^chromeexperiments.com: Handshake fails
+
+-->
+<ruleset name="Chrome Experiments.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.chromeexperiments.com" />
+	<target host="1000.chromeexperiments.com" />
+	<target host="500.chromeexperiments.com" />
+	<target host="armsglobe.chromeexperiments.com" />
+	<target host="bookcase.chromeexperiments.com" />
+	<target host="clouds.chromeexperiments.com" />
+	<target host="globe.chromeexperiments.com" />
+	<target host="m.chromeexperiments.com" />
+	<target host="machines.chromeexperiments.com" />
+	<target host="stars.chromeexperiments.com" />
+	<target host="workshop.chromeexperiments.com" />
+
+	<!--	Complications:
+				-->
+	<target host="chromeexperiments.com" />
+
+
+	<rule from="^http://chromeexperiments\.com/"
+		to="https://www.chromeexperiments.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Chrome_Spinners.xml b/src/chrome/content/rules/Chrome_Spinners.xml
deleted file mode 100644
index 9c023299c91f..000000000000
--- a/src/chrome/content/rules/Chrome_Spinners.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Chrome Spinners">
-
-	<target host="chromespinners.com" />
-	<target host="*.chromespinners.com" />
-
-
-	<securecookie host="^(?:.*\.)?chromespinners\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?chromespinners\.com/"
-		to="https://$1chromespinners.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Chromium.org.xml b/src/chrome/content/rules/Chromium.org.xml
index 219ddb53e918..68293bfc4363 100644
--- a/src/chrome/content/rules/Chromium.org.xml
+++ b/src/chrome/content/rules/Chromium.org.xml
@@ -1,42 +1,37 @@
 <!--
-	Google chromium web. Supports src over ssl atm.
+	For other Google coverage, see GoogleServices.xml.
 
+	Preloaded:
+		- build
+		- bugs
+		- codereview
 
-	Nonfunctional subdomains:
+		- crbug.com
 
-		- ^		(503, mismatched, CN: *.google.com)
-		- blog *
-		- dev *
-		- www *
+	Mixed content:
 
-	* Interrupted
+		- favicon on blog from $self *
 
-
-	Problematic domains:
-
-		- build.chromium.org
-		- crbug.com		(no https)
+	* Secured by us
 
 -->
 <ruleset name="Chromium.org">
 
-	<target host="*.chromium.org" />
-	<target host="crbug.com" />
-
-
-	<securecookie host="^codereview\.chromium\.org$" name=".+" />
-
-
-	<rule from="^https?://blog\.chromium\.org/favicon\.ico"
-		to="https://www.blogger.com/favicon.ico" />
-
-	<rule from="^https?://build\.chromium\.org/(?:\?.*)?$"
-		to="https://chromium-build.appspot.com/p/chromium/console" />
-
-	<rule from="^http://(codereview|gerrit|git|src)\.chromium\.org/"
-		to="https://$1.chromium.org/" />
-
-	<rule from="^http://crbug\.com/"
-		to="https://bugs.chromium.org/" />
+	<!--	Direct rewrites:
+				-->
+	<target host="chromium.org" />
+	<target host="www.chromium.org" />
+	<target host="blog.chromium.org" />
+	<target host="codesearch.chromium.org" />
+	<target host="cs.chromium.org" />
+	<target host="dev.chromium.org" />
+	<target host="gerrit.chromium.org" />
+	<target host="git.chromium.org" />
+	<target host="planet.chromium.org" />
+	<target host="src.chromium.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/ChroniX_Radio.com.xml b/src/chrome/content/rules/ChroniX_Radio.com.xml
index de53a20c60b8..c026fef61dc4 100644
--- a/src/chrome/content/rules/ChroniX_Radio.com.xml
+++ b/src/chrome/content/rules/ChroniX_Radio.com.xml
@@ -1,4 +1,11 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://chronixradio.com/ => https://chronixradio.com/: (7, 'Failed to connect to www.chronixradio.com port 443: Connection refused')
+Fetch error: http://www.chronixradio.com/ => https://www.chronixradio.com/: (7, 'Failed to connect to www.chronixradio.com port 443: Connection refused')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://chronixradio.com/ => https://chronixradio.com/: (7, 'Failed to connect to www.chronixradio.com port 443: Connection refused')
 	Mixed content:
 
 		- Images on www from www *
@@ -12,16 +19,15 @@
 	** Unsecurable
 
 -->
-<ruleset name="ChroniX Radio.com">
+<ruleset name="ChroniX Radio.com" default_off="failed ruleset test">
 
 	<target host="chronixradio.com" />
-	<target host="*.chronixradio.com" />
+	<target host="www.chronixradio.com" />
 
 
 	<securecookie host="^\.chronixradio\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?chronixradio\.com/"
-		to="https://$1chronixradio.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Chronicle-Store.com.xml b/src/chrome/content/rules/Chronicle-Store.com.xml
new file mode 100644
index 000000000000..11c9a17272a2
--- /dev/null
+++ b/src/chrome/content/rules/Chronicle-Store.com.xml
@@ -0,0 +1,18 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://chronicle-store.com/ => https://chronicle-store.com/: Too many redirects while fetching 'https://chronicle-store.com/'
+Fetch error: http://www.chronicle-store.com/ => https://www.chronicle-store.com/: Too many redirects while fetching 'https://www.chronicle-store.com/'
+
+	For other Chronicle of Higher Education coverage, see Chronicle.xml.
+
+-->
+<ruleset name="Chronicle-Store.com" default_off="failed ruleset test">
+
+	<target host="chronicle-store.com" />
+	<target host="www.chronicle-store.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Chronicle.xml b/src/chrome/content/rules/Chronicle.xml
index b99d3ffa1e48..f0c43ea34581 100644
--- a/src/chrome/content/rules/Chronicle.xml
+++ b/src/chrome/content/rules/Chronicle.xml
@@ -1,8 +1,29 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://chronicle.com/ => https://chronicle.com/: Too many redirects while fetching 'https://chronicle.com/'
+Fetch error: http://www.chronicle.com/ => https://chronicle.com/: Too many redirects while fetching 'https://chronicle.com/'
+
+	The Chronicle of Higher Education
+
+	Other Chronicle of Higher Education rulesets:
+
+		- Chronicle-Store.com.xml
+
+
 	www: cert only matches ^chronicle.com
 
+
+	Mixed content:
+
+		- Images from (www.)? ¹
+		- Ads from ad.doubleclick.net ²
+
+	¹ Secured by us
+	² Rule disabled by default
+
 -->
-<ruleset name="Chronicle">
+<ruleset name="Chronicle.com (partial)" default_off="failed ruleset test">
 
 	<target host="chronicle.com" />
 	<target host="www.chronicle.com" />
@@ -12,6 +33,10 @@
 		<exclusion pattern="^http://(?:www\.)?chronicle\.com/blognetwork/" />
 
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.chronicle\.com$" name="^ChronicleUser$" /-->
+
 	<securecookie host="^(?:www\.)?chronicle\.com$" name=".+" />
 
 
diff --git a/src/chrome/content/rules/Chronicle_Vitae.com.xml b/src/chrome/content/rules/Chronicle_Vitae.com.xml
new file mode 100644
index 000000000000..d5c0d0b30740
--- /dev/null
+++ b/src/chrome/content/rules/Chronicle_Vitae.com.xml
@@ -0,0 +1,14 @@
+<ruleset name="Chronicle Vitae.com">
+
+	<target host="chroniclevitae.com" />
+	<target host="www.chroniclevitae.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+	<securecookie host="^\." name="^_gat?$" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Chronicled.org.xml b/src/chrome/content/rules/Chronicled.org.xml
new file mode 100644
index 000000000000..126ffac14230
--- /dev/null
+++ b/src/chrome/content/rules/Chronicled.org.xml
@@ -0,0 +1,17 @@
+<!--
+	Invalid certificate:
+		- slack.chronicled.org
+
+	Timeout has been reached:
+		- demo.chronicled.org
+
+	Unable to connect:
+		- forum.chronicled.org
+-->
+<ruleset name="Chronicled.org">
+	<target host="chronicled.org" />
+	<target host="www.chronicled.org" />
+	<target host="explorer.chronicled.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Chroot-me.in.xml b/src/chrome/content/rules/Chroot-me.in.xml
new file mode 100644
index 000000000000..ff7942764b68
--- /dev/null
+++ b/src/chrome/content/rules/Chroot-me.in.xml
@@ -0,0 +1,13 @@
+<!--
+	www doesn't exist.
+
+-->
+<ruleset name="chroot-me.in">
+
+	<target host="chroot-me.in" />
+	<target host="ssl.chroot-me.in" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Chrysalis-Ventures.xml b/src/chrome/content/rules/Chrysalis-Ventures.xml
index 2b11b1ef1da3..479e765a8776 100644
--- a/src/chrome/content/rules/Chrysalis-Ventures.xml
+++ b/src/chrome/content/rules/Chrysalis-Ventures.xml
@@ -1,4 +1,4 @@
-<ruleset name="Chrysalis-Ventures (partial)" default_off="mismatch">
+<ruleset name="Chrysalis-Ventures (partial)" default_off="mismatched">
 
 	<!--	Cert: *.gridserver.com	-->
 	<target host="chrysalisventures.com" />
diff --git a/src/chrome/content/rules/Chs.us.xml b/src/chrome/content/rules/Chs.us.xml
new file mode 100644
index 000000000000..b83742846356
--- /dev/null
+++ b/src/chrome/content/rules/Chs.us.xml
@@ -0,0 +1,24 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- chs.us
+		- www.chs.us
+
+-->
+<ruleset name="chs.us">
+
+	<target host="chs.us" />
+	<target host="www.chs.us" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?chs\.us$" name="^wfvt_\d+$" /-->
+
+	<securecookie host="^(?:www\.)?chs\.us$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cht.sh.xml b/src/chrome/content/rules/Cht.sh.xml
new file mode 100644
index 000000000000..180a16d48879
--- /dev/null
+++ b/src/chrome/content/rules/Cht.sh.xml
@@ -0,0 +1,10 @@
+<ruleset name="Cht.sh">
+	<target host="cht.sh" />
+	<target host="*.cht.sh" />
+		<test url="http://valid.cht.sh/curl" />
+		<test url="http://example.cht.sh/wget" />
+		<test url="http://test.cht.sh/rpm" />
+		<test url="http://cht.sh/apt" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Chtah.net.xml b/src/chrome/content/rules/Chtah.net.xml
new file mode 100644
index 000000000000..2c402252b634
--- /dev/null
+++ b/src/chrome/content/rules/Chtah.net.xml
@@ -0,0 +1,25 @@
+<!--
+	For other Experian coverage, see Experian.xml.
+
+
+	Problematic domains:
+
+		- f.money.chtah.net *
+
+	* Mismatched, CN: *.chtah.com
+
+
+	Fully covered domains:
+
+		- f.money.chtah.net	(→ f.chtah.com)
+
+-->
+<ruleset name="Chtah.net">
+
+	<target host="f.money.chtah.net" />
+
+
+	<rule from="^http://f\.money\.chtah\.net/"
+		to="https://f.chtah.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Church-of-the-SubGenius.xml b/src/chrome/content/rules/Church-of-the-SubGenius.xml
index b44360a27583..cfdb87be09c0 100644
--- a/src/chrome/content/rules/Church-of-the-SubGenius.xml
+++ b/src/chrome/content/rules/Church-of-the-SubGenius.xml
@@ -4,7 +4,7 @@
 	<target host="www.subgenius.com" />
 
 
-	<rule from="^https?://(?:www\.)?subgenius\.com/"
+	<rule from="^http://(?:www\.)?subgenius\.com/"
 		to="https://subgenius.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Church_Hill_Classics.xml b/src/chrome/content/rules/Church_Hill_Classics.xml
index 71f1aed4a8cd..9e75deda2fea 100644
--- a/src/chrome/content/rules/Church_Hill_Classics.xml
+++ b/src/chrome/content/rules/Church_Hill_Classics.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(www\.)?diplomaframe\.com/(DesktopModules/|home/login|images/|js/|Portals/|Resources/|(?:Script|Web)Resource\.axd)"
 		to="https://$1diplomaframe.com/$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Chuug.com.xml b/src/chrome/content/rules/Chuug.com.xml
new file mode 100644
index 000000000000..299ad49dc28c
--- /dev/null
+++ b/src/chrome/content/rules/Chuug.com.xml
@@ -0,0 +1,25 @@
+<!--
+	CDN buckets:
+
+		- d322xzyiofrruv.cloudfront.net	← s3
+
+
+	(www.)?chuug.com: Shows default page
+
+
+	Problematic hosts in *chuug.com:
+
+		- s3 ᵐ
+
+	ᵐ Cloudfront/mismatched
+
+-->
+<ruleset name="chuug.com (partial)">
+
+	<target host="s3.chuug.com" />
+
+
+	<rule from="^http://s3\.chuug\.com/"
+		to="https://d322xzyiofrruv.cloudfront.net/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cia.vc.xml b/src/chrome/content/rules/Cia.vc.xml
deleted file mode 100644
index 3ee227949dd2..000000000000
--- a/src/chrome/content/rules/Cia.vc.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="Cia.vc" default_off="Cert expired in 2009" >
-  <target host="cia.vc" />
-  <target host="www.cia.vc" />
-
-  <rule from="^http://(?:www\.)?cia\.vc/" to="https://cia.vc/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Ciety.com.xml b/src/chrome/content/rules/Ciety.com.xml
new file mode 100644
index 000000000000..90f3763781d6
--- /dev/null
+++ b/src/chrome/content/rules/Ciety.com.xml
@@ -0,0 +1,16 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ciety.com/ => https://ciety.com/: (60, 'SSL certificate problem: certificate has expired')
+
+	www doesn't exist.
+
+-->
+<ruleset name="Ciety.com" default_off="failed ruleset test">
+
+	<target host="ciety.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cihar.com.xml b/src/chrome/content/rules/Cihar.com.xml
deleted file mode 100644
index dcef02c9ca45..000000000000
--- a/src/chrome/content/rules/Cihar.com.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)	(redirects to http, valid cert)
-		- photos *
-		- pma *
-
-	* 404, valid cert
-
--->
-<ruleset name="Cihar.com (partial)">
-
-	<target host="*.cihar.com" />
-
-
-	<rule from="^http://(blog|stats)\.cihar\.com/"
-		to="https://$1.cihar.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Cilk_Plus.org.xml b/src/chrome/content/rules/Cilk_Plus.org.xml
index 870579c9a390..eb0eb90c7b3e 100644
--- a/src/chrome/content/rules/Cilk_Plus.org.xml
+++ b/src/chrome/content/rules/Cilk_Plus.org.xml
@@ -1,19 +1,18 @@
-<!--
-	For other Intel coverage, see Intel.xml.
-
 
-	Problematic subdomains:
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cilkplus.org/ => https://cilkplus.org/: (7, 'Failed to connect to cilkplus.org port 443: Connection refused')
 
-		- ^	(redirects to www.clusterconnection.com)
+	For other Intel coverage, see Intel.xml.
 
 -->
-<ruleset name="Cilk Plus.org">
+<ruleset name="Cilk Plus.org" default_off="failed ruleset test">
 
 	<target host="cilkplus.org" />
 	<target host="www.cilkplus.org" />
 
 
-	<rule from="^http://(?:www\.)?cilkplus\.org/"
-		to="https://www.cilkplus.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/CinCHouse.com.xml b/src/chrome/content/rules/CinCHouse.com.xml
index ff95ee779c24..640633008dcf 100644
--- a/src/chrome/content/rules/CinCHouse.com.xml
+++ b/src/chrome/content/rules/CinCHouse.com.xml
@@ -14,4 +14,4 @@
 	<rule from="^http://(?:www\.)?cinchouse\.com/"
 		to="https://cinchouse.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Cinapalace.com.xml b/src/chrome/content/rules/Cinapalace.com.xml
deleted file mode 100644
index 87450c0b7c27..000000000000
--- a/src/chrome/content/rules/Cinapalace.com.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	CDN buckets:
-
-		- gs1.wac.edgecastcdn.net/8051D5/
-
--->
-<ruleset name="cinapalace.com">
-
-	<target host="cinapalace.com" />
-	<target host="*.cinapalace.com" />
-
-
-	<securecookie host="^(?:www\.)?cinapalace\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?cinapalace\.com/"
-		to="https://$1cinapalace.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Cincinnati.com.xml b/src/chrome/content/rules/Cincinnati.com.xml
index 79cf2948a330..46873dd18848 100644
--- a/src/chrome/content/rules/Cincinnati.com.xml
+++ b/src/chrome/content/rules/Cincinnati.com.xml
@@ -1,4 +1,10 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cincinnati.com/ => https://cincinnati.com/: (7, 'Failed to connect to cincinnati.com port 443: Connection refused')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://cincinnati.com/ => https://cincinnati.com/: (51, "SSL: no alternative certificate subject name matches target host name 'cincinnati.com'")
 	For other Gannett Company coverage, see Gannett-Company.xml.
 
 
@@ -108,7 +114,7 @@
 	³ Unsecurable
 
 -->
-<ruleset name="Cincinnati.com (partial)">
+<ruleset name="Cincinnati.com (partial)" default_off="failed ruleset test">
 
 	<target host="cincinnati.com" />
 	<target host="*.cincinnati.com" />
diff --git a/src/chrome/content/rules/Cinder.xml b/src/chrome/content/rules/Cinder.xml
index 8af27b05a3ef..847b23173056 100644
--- a/src/chrome/content/rules/Cinder.xml
+++ b/src/chrome/content/rules/Cinder.xml
@@ -12,7 +12,6 @@
 	<securecookie host="^forum\.libcinder\.org$" name=".+" />
 
 
-	<rule from="^http://forum\.libcinder\.org/"
-		to="https://forum.libcinder.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Cinder_Cooks.com.xml b/src/chrome/content/rules/Cinder_Cooks.com.xml
new file mode 100644
index 000000000000..3c8122cfca00
--- /dev/null
+++ b/src/chrome/content/rules/Cinder_Cooks.com.xml
@@ -0,0 +1,22 @@
+<!--
+	www: Refused
+
+-->
+<ruleset name="Cinder Cooks.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="cindercooks.com" />
+
+	<!--	Complications:
+				-->
+	<target host="www.cindercooks.com" />
+
+
+	<rule from="^http://www\.cindercooks\.com/"
+		to="https://cindercooks.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CineMovies.xml b/src/chrome/content/rules/CineMovies.xml
deleted file mode 100644
index f4ff4c48c844..000000000000
--- a/src/chrome/content/rules/CineMovies.xml
+++ /dev/null
@@ -1,43 +0,0 @@
-<!--
-	For other Webedia coverage, see Charts_in_France.xml.
-
-
-	Problematic domains:
-
-		- cinemovies.com	(times out)
-
-
-	Partially covered domains:
-
-		- (www.)purecine.com		( → sinemovies.fr)
-			- Paths 404 over http
-
-	Fully covered domains:
-
-		- static1.purecine.com
-		- cinemovies.fr			( → www)
-		- static1.cinemovies.fr
-		- www.cinemovies.fr
-
--->
-<ruleset name="CineMovies">
-
-	<target host="cinemovies.fr" />
-	<target host="*.cinemovies.fr" />
-	<target host="purecine.fr" />
-	<target host="*.purecine.fr" />
-
-
-	<securecookie host="^\.cinemovies\.fr$" name=".+" />
-
-
-	<rule from="^https?://(?:www\.)?cinemovies\.fr/"
-		to="https://www.cinemovies.fr/" />
-
-	<rule from="^http://static1\.(cinemovies|purecine)\.fr/"
-		to="https://static1.$1.fr/" />
-
-	<rule from="^https?://(?:www\.)?purecine\.fr/(?:\?.*)?"
-		to="https://www.cinemovies.fr/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/CineSport.xml b/src/chrome/content/rules/CineSport.xml
index f825a6df2a96..58c2daab8522 100644
--- a/src/chrome/content/rules/CineSport.xml
+++ b/src/chrome/content/rules/CineSport.xml
@@ -1,26 +1,49 @@
 <!--
 	CDN buckets:
 
+		- wpc.493c.edgecastcdn.net/80493C/csprtovp-input/
+
 		- wac.493C.edgecastcdn.net
 
 			- edgecdn.cinesport.com
 
 
-	Nonfunctional domains:
+	Nonfunctional hosts in *cinesport.com:
+
+		- assetscdn *
+		- edgecdn *
+		- getzone *
+		- www *
+
+	*404; mismatched, CN: gp1.wac.edgecastcdn.net
+
+
+	Problematic hosts in *cinesport.com:
 
-		- edgecdn.cinesport.com		(404; mismatched, CN: gp1.wac.edgecastcdn.net)
+		- ^ *
+		- business *
 
+	* Mismatched, CN: *.gridserver.com
 
-	CN: *.gridserver.com
+
+	Mixed content:
+
+		- Images on business from $self *
+		- Bug on business from pixel.quantserve.com *
+
+	* Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="CineSport (partial)" default_off="mismatched">
+<ruleset name="CineSport.com (partial)" default_off="mismatched">
 
 	<target host="cinesport.com" />
-	<target host="www.cinesport.com" />
+	<target host="business.cinesport.com" />
+
+
+	<securecookie host="^\." name="^__qca$" />
 
 
-	<rule from="^http://(?:www\.)?cinesport\.com/"
-		to="https://www.cinesport.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/CineStar.xml b/src/chrome/content/rules/CineStar.xml
new file mode 100644
index 000000000000..fedaf529006e
--- /dev/null
+++ b/src/chrome/content/rules/CineStar.xml
@@ -0,0 +1,54 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cinestar.de/ => https://cinestar.de/: Too many redirects while fetching 'https://cinestar.de/'
+
+	Insecure cookies are set for these domains:
+
+		- .b2bshop.cinestar.de
+		- .shop.cinestar.de
+
+-->
+<ruleset name="CineStar.de (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+    <target host="cinestar.de" />
+	<target host="b2bshop.cinestar.de" />
+	<target host="shop.cinestar.de" />
+    <target host="www.cinestar.de" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.cinestar\.de/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.cinestar\.de/(?!.+\.(?:ico|jpg|png)(?:$|\?))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.cinestar.de/app" />
+			<test url="http://www.cinestar.de/blog/" />
+			<test url="http://www.cinestar.de/card" />
+			<test url="http://www.cinestar.de/de/kino/konstanz-cinestar/" />
+			<test url="http://www.cinestar.de/de/kino/rostock-cinestar/" />
+			<test url="http://www.cinestar.de/karlsruhe_info.php" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.cinestar.de/ccds_tpl_img/relaunch2012/cs_logo.png" />
+			<test url="http://www.cinestar.de/favicon.ico" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.b2bshop\.cinestar\.de$" name="^frontend$" /-->
+	<!--securecookie host="^\.shop\.cinestar\.de$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\.(?:b2b)?shop\.cinestar\.de$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Cineble.com.xml b/src/chrome/content/rules/Cineble.com.xml
index dfabc451f2fc..fd46fa0fdcc8 100644
--- a/src/chrome/content/rules/Cineble.com.xml
+++ b/src/chrome/content/rules/Cineble.com.xml
@@ -8,13 +8,12 @@
 <ruleset name="cineble.com">
 
 	<target host="cineble.com" />
-	<target host="*.cineble.com" />
+	<target host="www.cineble.com" />
 
 
 	<securecookie host="^(?:w*\.)?cineble\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?cineble\.com/"
-		to="https://$1cineble.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Cineclick.com.br.xml b/src/chrome/content/rules/Cineclick.com.br.xml
new file mode 100644
index 000000000000..4e798b6e0d32
--- /dev/null
+++ b/src/chrome/content/rules/Cineclick.com.br.xml
@@ -0,0 +1,24 @@
+<!--
+	CDN buckets:
+
+		- pcontent.r7.com
+
+			- www
+
+
+	(www.): redirects to http; mismatched, CN: *.r7.com
+
+
+	These altnames don't exist:
+
+		- www.static.cineclick.com.br
+
+-->
+<ruleset name="Cineclick.com.br (partial)">
+
+	<target host="static.cineclick.com.br" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CinemaCon.com.xml b/src/chrome/content/rules/CinemaCon.com.xml
new file mode 100644
index 000000000000..68ffff241ad7
--- /dev/null
+++ b/src/chrome/content/rules/CinemaCon.com.xml
@@ -0,0 +1,20 @@
+<!--
+	CN: Parallels Panel
+
+-->
+<ruleset name="CinemaCon.com" default_off="self-signed">
+
+	<target host="cinemacon.com" />
+	<target host="www.cinemacon.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^cinemacon\.com$" name="^PHPSESSID$" /-->
+	<securecookie host="^cinemacon\.com$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?cinemacon\.com/"
+		to="https://cinemacon.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CinemaNow.xml b/src/chrome/content/rules/CinemaNow.xml
index abb2e2ca29fe..b2c9d96b1b17 100644
--- a/src/chrome/content/rules/CinemaNow.xml
+++ b/src/chrome/content/rules/CinemaNow.xml
@@ -5,16 +5,16 @@
 <ruleset name="CinemaNow (partial)">
 
 	<target host="cinemanow.com" />
-	<target host="*.cinemanow.com" />
+	<target host="www.cinemanow.com" />
+	<target host="cache.cinemanow.com" />
 
 
 	<securecookie host="^www\.cinemanow\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?cinemanow\.com/"
+	<rule from="^http://(?:www\.)?cinemanow\.com/"
 		to="https://www.cinemanow.com/" />
 
-	<rule from="^http://cache\.cinemanow\.com/"
-		to="https://cache.cinemanow.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Cinemas-Utopia.org.xml b/src/chrome/content/rules/Cinemas-Utopia.org.xml
new file mode 100644
index 000000000000..52c859f9aec4
--- /dev/null
+++ b/src/chrome/content/rules/Cinemas-Utopia.org.xml
@@ -0,0 +1,7 @@
+<ruleset name="Cinemas-Utopia.org">
+
+	<target host="www.cinemas-utopia.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CinemasGaumontPathe.com.xml b/src/chrome/content/rules/CinemasGaumontPathe.com.xml
new file mode 100644
index 000000000000..4b5759835e0b
--- /dev/null
+++ b/src/chrome/content/rules/CinemasGaumontPathe.com.xml
@@ -0,0 +1,18 @@
+<!--
+	Secure connection refused on ^
+-->
+<ruleset name="CinemasGaumontPathe.com">
+	<target host="cinemasgaumontpathe.com" />
+	<target host="www.cinemasgaumontpathe.com" />
+	<target host="4dx.cinemasgaumontpathe.com" />
+	<target host="www.4dx.cinemasgaumontpathe.com" />
+	<target host="m.cinemasgaumontpathe.com" />
+	<target host="pro.cinemasgaumontpathe.com" />
+	<target host="s.cinemasgaumontpathe.com" />
+
+	<rule from="^http://cinemasgaumontpathe\.com/"
+		to="https://www.cinemasgaumontpathe.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Cinfu.com.xml b/src/chrome/content/rules/Cinfu.com.xml
index 418d6be206ce..4b2ed7be048a 100644
--- a/src/chrome/content/rules/Cinfu.com.xml
+++ b/src/chrome/content/rules/Cinfu.com.xml
@@ -1,19 +1,28 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://cinfu.com/ (200) => https://cinfu.com/ (403)
+
+-->
+
 <!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://cinfu.com/ (200) => https://cinfu.com/ (404)
+
 	Nonfunctional subdomains:
 
 		- www	(redirects to http)
 
 -->
-<ruleset name="Cinfu.com (partial)">
+<ruleset name="Cinfu.com (partial)" default_off="failed ruleset test">
 
 	<target host="cinfu.com" />
-	<target host="*.cinfu.com" />
+	<target host="panel.cinfu.com" />
 
 
 	<securecookie host="^\.?panel\.cinfu\.com$" name=".+" />
 
 
-	<rule from="^http://(panel\.)?cinfu\.com/"
-		to="https://$1cinfu.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Cinnamon-look.org.xml b/src/chrome/content/rules/Cinnamon-look.org.xml
new file mode 100644
index 000000000000..8e556e4e1b81
--- /dev/null
+++ b/src/chrome/content/rules/Cinnamon-look.org.xml
@@ -0,0 +1,12 @@
+<!--
+	For other openDesktop rules, see openDesktop.org.xml
+
+-->
+<ruleset name="Cinnamon-look.org">
+
+	<target host="cinnamon-look.org" />
+	<target host="www.cinnamon-look.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CipherLaw.xml b/src/chrome/content/rules/CipherLaw.xml
deleted file mode 100644
index 49927dcf59cf..000000000000
--- a/src/chrome/content/rules/CipherLaw.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="CipherLaw">
-
-	<target host="cipherlawgroup.com" />
-	<target host="www.cipherlawgroup.com" />
-
-
-	<securecookie host="^(?:www\.)?cipherlawgroup\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?cipherlawgroup\.com/"
-		to="https://$1cipherlawgroup.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Cir.ca.xml b/src/chrome/content/rules/Cir.ca.xml
new file mode 100644
index 000000000000..73d12e18146f
--- /dev/null
+++ b/src/chrome/content/rules/Cir.ca.xml
@@ -0,0 +1,66 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cir.ca// => https://circanews.com/: (51, "SSL: no alternative certificate subject name matches target host name 'circanews.com'")
+Fetch error: http://backupblog.cir.ca/ => https://backupblog.cir.ca/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://blog.cir.ca/ => https://blog.cir.ca/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://help.cir.ca/ => https://help.cir.ca/: (7, 'Failed to connect to help.cir.ca port 443: Connection timed out')
+Fetch error: http://cir.ca/ => https://circanews.com/: (51, "SSL: no alternative certificate subject name matches target host name 'circanews.com'")
+Fetch error: http://www.cir.ca/ => https://circanews.com/: (51, "SSL: no alternative certificate subject name matches target host name 'circanews.com'")
+
+	For other Circa News coverage, see Circa_News.com.xml.
+
+
+	CDN buckets:
+
+		- s3-us-west-2.amazonaws.com/titleimages.cir.ca/
+
+
+	(www.)?cir.ca: Mismatched
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- blog and backupblog from \w+.files.wordpress.com *
+			- blog and backupblog backupblog from ^ *
+			- blog and backupblog from blog *
+			- blog and backupblog from backupblog *
+			- blog and backupblog from media.giphy.com *
+			- blog and backupblog from media[12].giphy.com *
+			- blog  and backupblog backupblog from i2.cdn.turner.com *
+			- (www.) from s3-us-west-2.amazonaws.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Cir.ca" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="backupblog.cir.ca" />
+	<target host="blog.cir.ca" />
+	<target host="help.cir.ca" />
+
+	<!--	Complications:
+				-->
+	<target host="cir.ca" />
+	<target host="www.cir.ca" />
+
+
+	<securecookie host="^\.cir\.ca$" name=".+" />
+
+
+	<!--	Redirect keeps path and args,
+		but not forward slash:
+					-->
+	<rule from="^http://(?:www\.)?cir\.ca/+"
+		to="https://circanews.com/" />
+
+		<test url="http://cir.ca//" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Circa_News.com.xml b/src/chrome/content/rules/Circa_News.com.xml
new file mode 100644
index 000000000000..41d1e6fc4d92
--- /dev/null
+++ b/src/chrome/content/rules/Circa_News.com.xml
@@ -0,0 +1,36 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://circanews.com/ => https://circanews.com/: (51, "SSL: no alternative certificate subject name matches target host name 'circanews.com'")
+Fetch error: http://www.circanews.com/ => https://www.circanews.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.circanews.com'")
+
+	Other Circa News rulesets:
+
+		- Cir.ca.xml
+
+
+	Insecure cookies are set for these hosts:
+
+		- circanews.com
+		- www.circanews.com
+
+-->
+<ruleset name="Circa News.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="circanews.com" />
+	<target host="www.circanews.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?circanews\.com$" name="^(?:auth_token|csrftoken)$" /-->
+
+	<securecookie host="^(?:www\.)?circanews\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Circl.lu.xml b/src/chrome/content/rules/Circl.lu.xml
new file mode 100644
index 000000000000..23a834371222
--- /dev/null
+++ b/src/chrome/content/rules/Circl.lu.xml
@@ -0,0 +1,20 @@
+<!--
+	Time out:
+		- map.circl.lu
+
+	Different content http/https:
+		- services.circl.lu
+-->
+<ruleset name="Circl.lu">
+	<target host="circl.lu" />
+	<target host="www.circl.lu" />
+	<target host="bgpranking.circl.lu" />
+	<target host="ctf.circl.lu" />
+	<target host="cve.circl.lu" />
+	<target host="lookyloo.circl.lu" />
+	<target host="misppriv.circl.lu" />
+	<target host="pgp.circl.lu" />
+	<target host="search.circl.lu" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CircleCI.com.xml b/src/chrome/content/rules/CircleCI.com.xml
new file mode 100644
index 000000000000..a70b817b221b
--- /dev/null
+++ b/src/chrome/content/rules/CircleCI.com.xml
@@ -0,0 +1,14 @@
+<ruleset name="CircleCI.com">
+
+	<target host="circleci.com" />
+	<target host="www.circleci.com" />
+	<target host="blog.circleci.com" />
+	<target host="discuss.circleci.com" />
+	<target host="status.circleci.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Circle_of_Moms.xml b/src/chrome/content/rules/Circle_of_Moms.xml
index 61e318cfec73..8e9d13bcb36d 100644
--- a/src/chrome/content/rules/Circle_of_Moms.xml
+++ b/src/chrome/content/rules/Circle_of_Moms.xml
@@ -1,4 +1,6 @@
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://circleofmoms.com/ => https://www.circleofmoms.com/: Cycle detected - URL already encountered: https://www.circleofmoms.com/
 	CDN buckets:
 
 		- d2sshc984jwlg9.cloudfront.net
@@ -18,19 +20,18 @@
 <ruleset name="Circle of Moms">
 
 	<target host="circleofmoms.com" />
-	<target host="*.circleofmoms.com" />
+	<target host="www.circleofmoms.com" />
+	<target host="imagelib4.circleofmoms.com" />
+	<target host="images3.circleofmoms.com" />
 
 
 	<securecookie host="^www\.circleofmoms\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?circleofmoms\.com/"
+	<rule from="^http://(?:www\.)?circleofmoms\.com/"
 		to="https://www.circleofmoms.com/" />
 
-	<rule from="^https?://imagelib4\.circleofmoms\.com/"
-		to="https://dx7naiqi3v8zr.cloudfront.net/" />
 
-	<rule from="^https?://images3\.circleofmoms\.com/"
-		to="https://d2sshc984jwlg9.cloudfront.net/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Circular_Hub.xml b/src/chrome/content/rules/Circular_Hub.xml
index 810a84956772..d771ff2d09d5 100644
--- a/src/chrome/content/rules/Circular_Hub.xml
+++ b/src/chrome/content/rules/Circular_Hub.xml
@@ -1,38 +1,16 @@
 <!--
-	For other Wishabi coverage, see Wishabi.xml.
-
-
-	Problematic subdomains:
-
-		- ^		(whos flyertown; mismatched, CN: www.flyertown.ca)
-		- api *
-		- editorials *
-
-	* Mismatched, CN: editorials.merchants.wishabi.ca
-
-
-	Fully covered subdomains:
-
-		- (www.)	(^ → www)
-		- api *
-		- editorials *
-
-	* → editorials.merchants.wishabi.ca
-
+	Non-functional hosts
+		SSL connect error:
+		- api.circularhub.com
+		- editorials.circularhub.com
 -->
 <ruleset name="Circular Hub">
 
 	<target host="circularhub.com" />
-	<target host="*.circularhub.com" />
-
-
-	<securecookie host="^www\.circularhub\.com$" name=".+" />
-
+	<target host="www.circularhub.com" />
 
-	<rule from="^https?://(?:www\.)?circularhub\.com/"
-		to="https://www.circularhub.com/" />
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(?:api|editorials)\.circularhub\.com/"
-		to="https://editorials.merchants.wishabi.ca/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Cirrus-CI.com.xml b/src/chrome/content/rules/Cirrus-CI.com.xml
new file mode 100644
index 000000000000..e4dfef248e21
--- /dev/null
+++ b/src/chrome/content/rules/Cirrus-CI.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Cirrus-CI.com">
+	<target host="cirrus-ci.com" />
+	<target host="api.cirrus-ci.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Cirrus_Media.com.au.xml b/src/chrome/content/rules/Cirrus_Media.com.au.xml
new file mode 100644
index 000000000000..2a76f2fa93eb
--- /dev/null
+++ b/src/chrome/content/rules/Cirrus_Media.com.au.xml
@@ -0,0 +1,15 @@
+<!--
+	Nonfunctional subdomains:
+
+		- (www.)	(redirect to http, valid cert)
+
+-->
+<ruleset name="Cirrus Media.com.au (partial)">
+
+	<target host="ccbnstatic.cirrusmedia.com.au" />
+	<target host="media.cirrusmedia.com.au" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cirtex_Hosting.com.xml b/src/chrome/content/rules/Cirtex_Hosting.com.xml
new file mode 100644
index 000000000000..3ac650b77b01
--- /dev/null
+++ b/src/chrome/content/rules/Cirtex_Hosting.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="Cirtex Hosting.com" default_off="expired">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="cirtexhosting.com" />
+	<target host="www.cirtexhosting.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cirw.in.xml b/src/chrome/content/rules/Cirw.in.xml
new file mode 100644
index 000000000000..481e621992d3
--- /dev/null
+++ b/src/chrome/content/rules/Cirw.in.xml
@@ -0,0 +1,40 @@
+<!--
+	NB: Tor users cannot view* this website due to CloudFlare settings.
+
+	See:
+
+		- https://blog.torproject.org/blog/call-arms-helping-internet-services-accept-anonymous-users
+		- https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block-Tor-
+		- https://support.cloudflare.com/hc/en-us/articles/200170206-How-do-I-turn-I-m-Under-Attack-mode-on-
+
+	* without enabling javascript, for security and privacy implications see e.g.:
+
+		- https://www.mozilla.org/security/known-vulnerabilities/firefox.html
+		- https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-fingerprinting
+		- https://panopticlick.eff.org
+
+
+	Insecure cookies are set for these domains:
+
+		- .cirw.in
+
+-->
+<ruleset name="cirw.in">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="cirw.in" />
+	<target host="www.cirw.in" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.cirw\.in$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cisco.mobi.xml b/src/chrome/content/rules/Cisco.mobi.xml
new file mode 100644
index 000000000000..ea171b0fe66e
--- /dev/null
+++ b/src/chrome/content/rules/Cisco.mobi.xml
@@ -0,0 +1,44 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cln.cisco.mobi/ => https://cln.cisco.mobi/: (28, 'Connection timed out after 20000 milliseconds')
+
+	For other Cisco coverage, see Cisco.xml.
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- .cisco.mobi
+		- cln.cisco.mobi
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- cln from proxyelements.by.com ᵈ
+			- cln from www.cisco.com ˢ
+
+	ᵈ Unsecurable <= dropped
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Cisco.mobi (partial)" default_off="failed ruleset test">
+
+	<target host="cln.cisco.mobi" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.cisco\.mobi$" name="^(?:BIGipServer|JSESSIONID_|PP4_SessionId$|jive\.server\.info_)" /-->
+	<!--securecookie host="^cln\.cisco\.mobi$" name="^X-Mapping-\w+$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cisco.xml b/src/chrome/content/rules/Cisco.xml
index 6b7bdcfcd132..66fa5bbe94eb 100644
--- a/src/chrome/content/rules/Cisco.xml
+++ b/src/chrome/content/rules/Cisco.xml
@@ -1,61 +1,130 @@
+
 <!--
-	Nonfunctional subdomains:
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Fetch error: http://csc-test1.cisco.com/ => https://csc-test1.cisco.com/: (35, 'error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure')
+
+
+	Other Cisco rulesets:
+
+		- Cisco.mobi.xml
+		- Cisco_Learning_System.com.xml
+		- Cisco_Live.com.xml
+		- Sourcefire.com.xml
+		- Static-Cisco.com.xml
+
+
+	CDN buckets:
+
+		- s3.amazonaws.com/cisco-partnerpedia-production/
+
 
+	Nonfunctional hosts in *cisco.com:
+
+		- ausmbmarketplace ᵈ
 		- bam-prd1
-		- blogs		(cert: 184964-nc-web1.cisco.com, self-signed, expired; shows RHEL Apache test page)
+		- csc-stage ᵈ
+		- gblogs ⁴
 		- homecommunity
-		- newsroom	(times out)
+		- investor ʳ
+		- mkto ᴹ
+		- newsroom ᵈ
+		- solutionpartnerdashboard (refused)
+		- www1 (timeout)
+		- www2 (timeout)
+		- www3 (timeout)
 
+	ᴹ Marketo / shows another domain
+	⁴ 404
+	ᵈ Dropped
+	ʳ Refused
 
-	Fully covered subdomains:
 
-		- csc-stage
-		- csc-test[1-4]
-		- learningnetwork
-		- supportforums
+	Problematic hosts in *cisco.com:
 
+		- cisco-images (mismatched)
+		- csc-test2 ᵉ ᵐ ᵘ
+		- csc-test[3-5] ᵐ
+		- eir-stage ˢ
+		- solucionespyme ᵐ
+		- sso-marketplace ᵉ
+		- video ᵐ ˣ
 
-	Observed cookie domains:
+	ᵈ Dropped, preemptable redirect
+	ᵉ Expired
+	ᵐ Mismatched
+	ˢ Self-signed, CN: eir-stage
+	ᵘ Untrusted root
+	ˣ Mixed css, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
-		- csc-stage
-		- csc-test[1-4]
-		- learningnetwork
-		- supportforums
+	These altnames don't exist:
 
--->
-<ruleset name="Cisco" default_off="Needs review">
+		- cloudsso3.cisco.com
 
-	<target host="cisco.com" />
-	<target host="*.cisco.com" />
-		<exclusion pattern="^http://www\.cisco\.com/cgi-bin/login" />
-		<!--
-			Cisco redirection pages do not support HTTPS, so we exclude them.
-			They redirect to HTTPS secured pages, though.
-									-->
-		<exclusion pattern="^https?://(?:www\.)?cisco\.com/go" />
-	<target host="ciscoconnectcloud.com" />
-	<target host="www.ciscoconnectcloud.com" />
-	<target host="www.static-cisco.com" />
 
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- .cisco.com
+		- blogs.cisco.com
+		- communities.cisco.com
+		- jobs.cisco.com
+		- learningnetwork.cisco.com
+		- learningnetworkstore.cisco.com
+		- sso.cisco.com
+		- sso-marketplace.cisco.com
+		- tools.cisco.com
+		- www.cisco.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
 
-	<securecookie host="^[chlst].*\.cisco\.com$" name=".*" />
 
+	Mixed content:
 
-	<!--	Default: Replace with HTTPS.  Redirect at Logout
-		is still bugged, but the logout itself works.
-								-->
-	<rule from="^https?://(?:www\.)?cisco\.com/"
-		to="https://www.cisco.com/" />
+		- css on video from www.cisco.com ˢ
 
-	<rule from="^http://(csc-stage|csc-test\d|home|homesupport|learningnetwork|sso|supportforums|tools)\.cisco\.com/"
-		to="https://$1.cisco.com/" />
+		- Images, on:
 
-	<rule from="^http://(www\.)?ciscoconnectcloud\.com/"
-		to="https://$1ciscoconnectcloud.com/" />
+			- armadaworkplace from cdn.ciscosmb.psdops.com ᵐ
+			- cisco-images, software from www.cisco.com ˢ
+			- csr, eir, solutionpartnerdashboard, www, www1, www2, www3 from $self ˢ
 
-	<!--	!www doesn't exist.
-					-->
-	<rule from="^http://www\.static-cisco\.com/"
-		to="https://www.static-cisco.com/" />
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+	ᵐ Not secured by us <= mismatched
+
+-->
+<ruleset name="Cisco.com (partial)">
+
+	<target host="cisco.com" />
+	<target host="apps.cisco.com" />
+	<target host="blogs.cisco.com" />
+	<target host="cloudsso.cisco.com" />
+	<target host="cloudsso1.cisco.com" />
+	<target host="cloudsso2.cisco.com" />
+	<target host="communities.cisco.com" />
+	<target host="csr.cisco.com" />
+	<!-- target host="csc-test1.cisco.com" /-->
+	<target host="developer.cisco.com" />
+	<target host="jobs.cisco.com" />
+	<target host="learningnetwork.cisco.com" />
+	<target host="learningnetworkstore.cisco.com" />
+	<target host="marketplace.cisco.com" />
+	<target host="software.cisco.com" />
+	<target host="solutionpartner.cisco.com" />
+	<!--target host="sso-marketplace.cisco.com" /-->
+	<target host="sso-prod0.cisco.com" />
+	<target host="sso-prod1.cisco.com" />
+	<target host="sso-prod2.cisco.com" />
+	<target host="sso-prod3.cisco.com" />
+	<target host="sso.cisco.com" />
+	<target host="supportforums.cisco.com" />
+	<target host="tools.cisco.com" />
+	<target host="tools1.cisco.com" />
+	<target host="tools2.cisco.com" />
+	<target host="tools3.cisco.com" />
+	<target host="www.cisco.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Cisco_Learning_System.com.xml b/src/chrome/content/rules/Cisco_Learning_System.com.xml
new file mode 100644
index 000000000000..bee8fc7cd25e
--- /dev/null
+++ b/src/chrome/content/rules/Cisco_Learning_System.com.xml
@@ -0,0 +1,23 @@
+<!--
+	For other Cisco coverage, see Cisco.xml.
+
+
+	^ciscolearningsystem.com doesn't exist.
+
+-->
+<ruleset name="Cisco Learning System.com">
+
+	<target host="www.ciscolearningsystem.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.ciscolearningsystem\.com$" name="^ObSSOCookie$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cisco_Live.com.xml b/src/chrome/content/rules/Cisco_Live.com.xml
new file mode 100644
index 000000000000..2c6f9ab9310c
--- /dev/null
+++ b/src/chrome/content/rules/Cisco_Live.com.xml
@@ -0,0 +1,52 @@
+<!--
+	For other Cisco coverage, see Cisco.xml.
+
+
+	^ciscolive.com: Mismatched
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.ciscolive.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css, from:
+
+			- $self ˢ
+			- fonts.googleapis.com ˢ
+
+		- Images from $self ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Cisco Live.com" platform="mixedcontent">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.ciscolive.com" />
+
+	<!--	Complications:
+				-->
+	<target host="ciscolive.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.ciscolive\.com$" name="^BIGipServer" /-->
+
+	<securecookie host="^\." name="^s_v" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://ciscolive\.com/"
+		to="https://www.ciscolive.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Citadium.com.xml b/src/chrome/content/rules/Citadium.com.xml
index ba648c6af91a..d4357e5bff17 100644
--- a/src/chrome/content/rules/Citadium.com.xml
+++ b/src/chrome/content/rules/Citadium.com.xml
@@ -22,4 +22,4 @@
 	<rule from="^http://www\.citadium\.com/(?=elmt/|favicon\.ico|js/|login(?:$|[?/])|medias/|spinner\.gif|_ui/)"
 		to="https://www.citadium.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/CiteULike.xml b/src/chrome/content/rules/CiteULike.xml
index e978011972f4..6a924ec293b7 100644
--- a/src/chrome/content/rules/CiteULike.xml
+++ b/src/chrome/content/rules/CiteULike.xml
@@ -1,4 +1,4 @@
-<ruleset name="CiteULike">
+<ruleset name="CiteULike.org" default_off="expired">
 
 	<target host="citeulike.org" />
 	<target host="www.citeulike.org" />
diff --git a/src/chrome/content/rules/Citi.com.xml b/src/chrome/content/rules/Citi.com.xml
index 3a56345d0e1d..fd240b54e213 100644
--- a/src/chrome/content/rules/Citi.com.xml
+++ b/src/chrome/content/rules/Citi.com.xml
@@ -25,8 +25,8 @@
 	Fully covered subdomains:
 
 		- (www.)
-		- chat.online
 		- creditcards
+		- chat.online
 
 
 	Observed cookie domains:
@@ -44,23 +44,43 @@
 -->
 <ruleset name="Citi.com">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="citi.com" />
-	<target host="*.citi.com" />
+	<target host="creditcards.citi.com" />
+	<target host="chat.online.citi.com" />
+	<target host="www.citi.com" />
+
+	<!--	Complications:
+				-->
+	<target host="thankyoucard.citi.com" />
+
+		<exclusion pattern="^http://thankyoucard\.citi\.com/(?!$|\?)" />
+
+			<test url="http://thankyoucard.citi.com//" />
+			<test url="http://thankyoucard.citi.com//?f" />
+			<test url="http://thankyoucard.citi.com//?fo" />
+			<test url="http://thankyoucard.citi.com//?foo" />
 
 
 	<securecookie host="^\.citi\.com$" name="^(?:mbox|ss_pers|ss_sess)$" />
 	<securecookie host="^(?:(?:chat\.online|creditcards|www)\.)?citi\.com$" name=".+" />
 
 
-	<rule from="^http://((?:creditcards|chat\.online|www)\.)?citi\.com/"
-		to="https://$1citi.com/" />
-
 	<!--	Redirects as so, sans trailing slash:
 							-->
-	<!--rule from="^http://(?:www\.)?oncampus\.citi\.com/(\?.*)?$"
-		to="https://icg.citi.com//icg/sa/recruiting/index.jsp$1" /-->
+	<!--rule from="^http://(?:www\.)?oncampus\.citi\.com/(?=$|\?)$"
+		to="https://icg.citi.com//icg/sa/recruiting/index.jsp" /-->
+
+	<rule from="^http://thankyoucard\.citi\.com/"
+		to="https://online.citibank.com/US/JRS/portal/template.do?ID=ThankYouCards" />
+
+		<test url="http://thankyoucard.citi.com/f" />
+		<test url="http://thankyoucard.citi.com/o" />
+		<test url="http://thankyoucard.citi.com//o" />
+		<test url="http://thankyoucard.citi.com/b" />
 
-	<rule from="^http://thankyoucard\.citi\.com/(\?.*)?$"
-		to="https://online.citibank.com/US/JRS/portal/template.do?ID=ThankYouCards$1" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Citi_Alumni_Network.xml b/src/chrome/content/rules/Citi_Alumni_Network.xml
index 68432dd678c3..2d0d3966b18b 100644
--- a/src/chrome/content/rules/Citi_Alumni_Network.xml
+++ b/src/chrome/content/rules/Citi_Alumni_Network.xml
@@ -19,4 +19,4 @@
 	<rule from="^http://(?:www\.)?citialumninetwork\.com/"
 		to="https://www.citialumninetwork.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Citibank-Australia.xml b/src/chrome/content/rules/Citibank-Australia.xml
index 038ccd933765..7adf40f824c6 100644
--- a/src/chrome/content/rules/Citibank-Australia.xml
+++ b/src/chrome/content/rules/Citibank-Australia.xml
@@ -1,13 +1,17 @@
 <!--
+	Citibank Australia
+
 	For other Citigroup coverage, see Citigroup.com.xml.
 
 -->
-<ruleset name="Citibank Australia (insecure)" default_off="JS redirect loop">
+<ruleset name="Citibank.com.au (insecure)" default_off="JS redirect loop">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="citibank.com.au" />
 	<target host="www.citibank.com.au" />
 
-	<rule from="^http://(www\.)?citibank\.com\.au/"
-		to="https://$1citibank.com.au/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Citibank.xml b/src/chrome/content/rules/Citibank.xml
index e900160ce7bb..0cfe8adbd197 100644
--- a/src/chrome/content/rules/Citibank.xml
+++ b/src/chrome/content/rules/Citibank.xml
@@ -1,47 +1,41 @@
-<!--
-	For other Citigroup coverage, see Citigroup.com.xml.
-
-
-	Problematic subdomains:
-
-		- www[12]	(redirect from $ is different)
 
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://content22.online.citibank.com/ => https://content22.online.citibank.com/: (6, 'Could not resolve host: content22.online.citibank.com')
 
-	Fully covered subdomains:
-
-		- (www.)	(^ → www)
-		- www.asia
-		- www.latam
-		- metrics1
-		- online
-		- www.privatebank
-		- www[12]
+	For other Citigroup coverage, see Citigroup.com.xml.
 
 
-	Observed cookie domains:
+	Insecure cookies are set for these domains:
 
-		- .
-		- online
-		- www
+		- .citibank.com
 
 -->
-<ruleset name="Citibank (testing)" default_off="broken?">
+<ruleset name="Citibank.com" default_off="failed ruleset test">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="citibank.com" />
-	<target host="*.citibank.com" />
-
+	<target host="www.asia.citibank.com" />
+	<target host="www.latam.citibank.com" />
+	<target host="metrics1.citibank.com" />
+	<target host="online.citibank.com" />
+	<target host="content22.online.citibank.com" />
+	<target host="www.privatebank.citibank.com" />
+	<target host="www.citibank.com" />
+	<target host="www1.citibank.com" />
+	<target host="www2.citibank.com" />
 
-	<securecookie host="^\.citibank\.com$" name="^(?:CTBN|ss_pers|ss_sess|s_vi)$" />
-	<securecookie host="^(?:online|www)\.citibank\.com$" name=".+" />
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.citibank\.com$" name="^CTBN$" /-->
 
-	<rule from="^http://citibank\.com/"
-		to="https://www.citibank.com/" />
+	<securecookie host="^\.citibank\.com$" name="^(?:CTBN|s_vi)$" />
+	<!--securecookie host="^(?:online|www)\.citibank\.com$" name=".+" /-->
 
-	<rule from="^http://www[12]\.citibank\.com/(?:\?.*)?$"
-		to="https://www.citibank.com/US/Welcome.c" />
 
-	<rule from="^http://(www\.(?:asia|latam|privatebank)|metrics1|online|www[12]?)\.citibank\.com/"
-		to="https://$1.citibank.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Citigroup.com.xml b/src/chrome/content/rules/Citigroup.com.xml
index 2f969608dcb5..09713808d9bb 100644
--- a/src/chrome/content/rules/Citigroup.com.xml
+++ b/src/chrome/content/rules/Citigroup.com.xml
@@ -7,16 +7,20 @@
 		- Citibank-Australia.xml
 		- ThankYou.com.xml
 
--->
-<ruleset name="Citigroup (partial)">
+	Nonfunctional hosts in *citigroup.com:
 
-	<target host="jobs.citigroup.com" />
+		- jobs *
 
+	* Handshake fails
+-->
+<ruleset name="Citigroup.com (partial)">
 
-	<securecookie host="^jobs\.citigroup\.com$" name=".+" />
+	<target host="citigroup.com" />
+	<target host="www.citigroup.com" />
 
+	<securecookie host="^\w" name=".+" />
 
-	<rule from="^http://jobs\.citigroup\.com/"
-		to="https://jobs.citigroup.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/CitizenPost.fr.xml b/src/chrome/content/rules/CitizenPost.fr.xml
new file mode 100644
index 000000000000..9b2cca72cc0b
--- /dev/null
+++ b/src/chrome/content/rules/CitizenPost.fr.xml
@@ -0,0 +1,9 @@
+<ruleset name="CitizenPost.fr">
+
+	<target host="citizenpost.fr" />
+	<target host="www.citizenpost.fr" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CitizenfourFilm.com.xml b/src/chrome/content/rules/CitizenfourFilm.com.xml
new file mode 100644
index 000000000000..33fa7ad9065b
--- /dev/null
+++ b/src/chrome/content/rules/CitizenfourFilm.com.xml
@@ -0,0 +1,17 @@
+<!--
+	Different content http/https:
+		www.citizenfourfilm.com
+
+-->
+<ruleset name="Citizenfour Film.com">
+
+	<target host="citizenfourfilm.com" />
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^citizenfourfilm\.com$" name="^ci_session_subdomain$" /-->
+	<securecookie host="^citizenfourfilm\.com$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Citizens-for-Science.xml b/src/chrome/content/rules/Citizens-for-Science.xml
deleted file mode 100644
index 7d1c7123eef8..000000000000
--- a/src/chrome/content/rules/Citizens-for-Science.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<ruleset name="Citizens for Science" default_off="mismatch, self-signed">
-
-	<!--	Cert: scit.us	-->
-	<target host="citizensforscience.org" />
-	<target host="www.citizensforscience.org" />
-
-
-	<rule from="^https?://(?:www\.)?citizensforscience\.org/"
-		to="https://citizensforscience.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/CitizensForEthics.org.xml b/src/chrome/content/rules/CitizensForEthics.org.xml
new file mode 100644
index 000000000000..e5bf9f76e205
--- /dev/null
+++ b/src/chrome/content/rules/CitizensForEthics.org.xml
@@ -0,0 +1,12 @@
+<!--
+	Mismatch:
+		secure.citizensforethics.org
+-->
+<ruleset name="CitizensForEthics.org">
+	<target host="citizensforethics.org" />
+	<target host="www.citizensforethics.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Citizensinformation.ie.xml b/src/chrome/content/rules/Citizensinformation.ie.xml
index b5549df3b294..89d9e243cab8 100644
--- a/src/chrome/content/rules/Citizensinformation.ie.xml
+++ b/src/chrome/content/rules/Citizensinformation.ie.xml
@@ -1,7 +1,20 @@
-<ruleset name="CitizensInformation">
+<!--
+	Nonfunctional hosts in *citizensinformation.ie:
+
+		- ^ ¹
+		- centres ²
+-		- findaddress ²
+		- whatsnew ³
+		- www ¹
+
+	¹ Plaintext reply
+	² Dropped
+	³ Shows eforms.gov.ie
+
+-->
+<ruleset name="CitizensInformation" default_off="plaintext reply">
   <target host="www.citizensinformation.ie" />
   <target host="citizensinformation.ie" />
 
-  <!-- cert only valid for www.citizensinformation.ie -->
   <rule from="^http://(?:www\.)?citizensinformation\.ie/" to="https://www.citizensinformation.ie/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/Citrix.com-falsemixed.xml b/src/chrome/content/rules/Citrix.com-falsemixed.xml
new file mode 100644
index 000000000000..be518dda87c6
--- /dev/null
+++ b/src/chrome/content/rules/Citrix.com-falsemixed.xml
@@ -0,0 +1,18 @@
+<!--
+	For rules that are on by default, see Citrix.xml.
+
+-->
+<ruleset name="Citrix.com (false MCB)" platform="mixedcontent">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="training.citrix.com" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Citrix.xml b/src/chrome/content/rules/Citrix.xml
index e14543192228..af503f29bbb0 100644
--- a/src/chrome/content/rules/Citrix.xml
+++ b/src/chrome/content/rules/Citrix.xml
@@ -1,98 +1,142 @@
+
 <!--
-	CDN buckets:
+Disabled by https-everywhere-checker because:
+Fetch error: http://search.no.citrix.com/ => https://search.no.citrix.com/: (51, "SSL: no alternative certificate subject name matches target host name 'search.no.citrix.com'")
+Fetch error: http://utilityservices.no.citrix.com/ => https://utilityservices.no.citrix.com/: (51, "SSL: no alternative certificate subject name matches target host name 'utilityservices.no.citrix.com'")
+Fetch error: http://staging-cq.citrix.com/ => https://staging-cq.citrix.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://tarpon.citrix.com/ => https://tarpon.citrix.com/: (6, 'Could not resolve host: tarpon.citrix.com')
+
+	For rules causing false/broken MCB, see Citrix.com-falsemixed.xml.
 
-		- c558080.r80.cf2.rackcdn.com
+	Other Citrix rulesets:
 
-			- cdn.ws.citrix.com
+		- Citrix_Online.com.xml
+		- GoToAssist.com.xml
+		- GoToMeeting.com.xml
+		- GoToTraining.com.xml
+		- GoToWebinar.com.xml
+		- Netviewer.com.xml
+		- Podio.com.xml
+		- ShareConnect.com.xml
+		- ShareFile.com.xml
+		- ShareFile_support.com.xml
+
+
+	CDN buckets:
+
+		- blogsprod.s3.amazonaws.com
+		- c558080.r80.cf2.rackcdn.com	← cdn.ws.citrix.com
 
 
 	Nonfunctional domains:
 
-		- search.citrix.com		(at least some pages redirect to http)
-		- www.citrixonline.com		(redirects to http, valid cert)
-		- images.gotowebinar.com
-		- (www.)joingotomeeting.com
-		- (www.)jointraining.com
-		- (www.)joinwebinar.com
+		- open.citrix.com ¹
+		- (www.)?joingotomeeting.com ²
+		- (www.)?jointraining.com ²
+		- (www.)?joinwebinar.com ²
 
+	¹ Shows another domain
+	² Refused
 
-	Problematic domains:
 
-		- hdx.citrix.com	(http reply)
-		- cdn.ws.citrix.com	(akamai)
-		- gotowebinar.com	(cert only matches www)
+	Problematic hosts in *citrix.com:
 
+		- blogs ¹
+		- help ²
+		- cdn.ws ³
+		- training ⁴
 
-	Partially covered domains:
+	¹ Redirects to webapps.citrite.net
+	² Mismatched
+	³ Akamai
+	⁴ Mixed css
 
-		- hdx.citrix.com
 
+	Insecure cookies are set for these domains and hosts:
 
-	Fully covered domains:
+		- .citrix.com
+		- discussions.citrix.com
+		- training.citrix.com
 
-		- citrix.com subdomains:
 
-			- blogs
-			- support
-			- cdn.ws	(→ c558080.ssl.cf2.rackcdn.com)
+	Mixed content:
 
--->
-<ruleset name="Citrix (partial)">
+		- css on training from $self *
 
-	<target host="citrix.com" />
-	<target host="*.citrix.com" />
-		<exclusion pattern="^http://search\.citrix\.com/(?!favicon\.ico)" />
-	<target host="*.citrixonline.com" />
-	<target host="www.gotoassist.com" />
-	<target host="gotomeeting.com" />
-	<target host="*.gotomeeting.com" />
-	<target host="*.gototraining.com" />
-	<target host="gotowebinar.com" />
-	<target host="*.gotowebinar.com" />
+		- Images, on:
 
+			- training from $self *
+			- training from www.citrix.com *
 
-	<securecookie host="^(?:.*\.)?citrix\.com$" name=".+" />
-	<securecookie host="^www[1-4]gotomeeting\.com$" name=".+" />
-	<securecookie host=".*\.gototraining\.com$" name=".+" />
+	* Secured by us
 
+-->
+<ruleset name="Citrix.com (partial)" default_off="failed ruleset test">
 
-	<rule from="^http://(?:www\.)?citrix\.com/"
-		to="https://www.citrix.com/" />
+	<!--	Direct rewrites:
+				-->
+	<target host="citrix.com" />
+	<target host="citrixready.citrix.com" />
+	<target host="community.citrix.com" />
+	<target host="discussions.citrix.com" />
+	<target host="eu.citrix.com" />
+	<target host="go.citrix.com" />
+	<target host="no.citrix.com" />
+	<target host="search.no.citrix.com" />
+	<target host="utilityservices.no.citrix.com" />
+	<target host="search.citrix.com" />
+	<target host="support.citrix.com" />
+	<target host="staging-cq.citrix.com" />
+	<target host="tarpon.citrix.com" />
+	<target host="training.citrix.com" />
+	<target host="www.citrix.com" />
+
+	<!--	Complications:
+				-->
+	<target host="blogs.citrix.com" />
+	<target host="cdn.ws.citrix.com" />
+
+		<!--	Avoid broken MCB:
+						-->
+		<exclusion pattern="^http://training\.citrix\.com/+(?!favicon\.ico|theme/)" />
 
-	<rule from="^http://(blogs|eu|search|support)\.citrix\.com/"
-		to="https://$1.citrix.com/" />
+			<!--	+ve:
+					-->
+			<test url="http://training.citrix.com/cms/education/networking/" />
+			<test url="http://training.citrix.com/cms/index.php/certification/" />
+			<test url="http://training.citrix.com/mod/ctxcatalog/training.php?lang=ja" />
 
-	<rule from="^http://hdx\.citrix\.com/$"
-		to="https://www.citrix.com/products/xendesktop/features/high-def-experience.html" />
+			<!--	-ve:
+					-->
+			<test url="http://training.citrix.com/favicon.ico" />
+			<test url="http://training.citrix.com/theme/ctxmain/pix/search_gradient.png" />
 
-	<rule from="^http://cdn\.ws\.citrix\.com/"
-		to="https://c558080.ssl.cf2.rackcdn.com/" />
+		<test url="http://discussions.citrix.com/forum/363-storefront/" />
+		<test url="http://discussions.citrix.com/topic/365473-gssexception/" />
+		<test url="http://discussions.citrix.com/public/style_images/master/attachicon.gif" />
 
-	<rule from="^http://(news|support)\.citrixonline\.com/"
-		to="https://$1.citrixonline.com/" />
 
-	<!--	Some pages redirect to http://goto...
-	
-		This'll probably catch more working paths than
-		just handling the paths that we know work over
-		https from both !www & www.
-						-->
-	<rule from="^http://www\.gotoassist\.com/"
-		to="https://www.gotoassist.com/" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.citrix\.com$" name="^(_wsad_|MyCitrixHash|MyCitrixShadow|id_validate)$" /-->
+	<!--securecookie host="^discussions\.citrix\.com$" name="^session_id$" /-->
+	<!--securecookie host="^training\.citrix\.com$" name="^(MoodleSession$|NSC_)" /-->
+
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(?:www\.)?gotomeeting\.com/(default|images)/"
-		to="https://www3.gotomeeting.com/$1/" />
 
-	<rule from="^http://www([1-4])\.gotomeeting\.com/"
-		to="https://www$1.gomeeting.com/" />
+	<!--	Redirect keeps path and args,
+		but not forward slash:
+					-->
+	<rule from="^http://blogs\.citrix\.com/+"
+		to="https://www.citrix.com/blogs/" />
 
-	<rule from="^http://student\.gototraining\.com/"
-		to="https://student.gototraining.com/" />
+		<test url="http://blogs.citrix.com//index.htm" />
 
-	<rule from="^http://(?:www\.)?gotowebinar\.com/"
-		to="https://www.gotowebinar.com/" />
+	<rule from="^http://cdn\.ws\.citrix\.com/"
+		to="https://c558080.ssl.cf2.rackcdn.com/" />
 
-	<rule from="^http://attendee\.gotowebinar\.com/"
-		to="https://attendee.gotowebinar.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Citrix_Online.com.xml b/src/chrome/content/rules/Citrix_Online.com.xml
new file mode 100644
index 000000000000..8fa685bbd059
--- /dev/null
+++ b/src/chrome/content/rules/Citrix_Online.com.xml
@@ -0,0 +1,42 @@
+<!--
+	For other Citrix coverage, see Citrix.xml.
+
+
+	^citrixonline.com: Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- login.citrixonline.com
+
+-->
+<ruleset name="Citrix Online.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="cms.citrixonline.com" />
+	<target host="news.citrixonline.com" />
+	<target host="weblibrary.cdn.citrixonline.com" />
+	<target host="login.citrixonline.com" />
+	<target host="support.citrixonline.com" />
+	<target host="www.citrixonline.com" />
+
+	<!--	Complications:
+				-->
+	<target host="citrixonline.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^login\.citrixonline\.com$" name="^ADRUM_[\d_]+$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://citrixonline\.com/"
+		to="https://www.citrixonline.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Citrusbyte.com.xml b/src/chrome/content/rules/Citrusbyte.com.xml
new file mode 100644
index 000000000000..3ec0d6894fbd
--- /dev/null
+++ b/src/chrome/content/rules/Citrusbyte.com.xml
@@ -0,0 +1,15 @@
+<ruleset name="Citrusbyte.com">
+
+	<target host="citrusbyte.com" />
+	<target host="www.citrusbyte.com" />
+
+
+	<securecookie host="^(?:www\.)?citrusbyte\.com$" name=".+" />
+
+
+	<!--	www redirects to !www over http,
+		so copy that behavior:
+					-->
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/City-Link.xml b/src/chrome/content/rules/City-Link.xml
index 6e32474b3d54..3a0ea246ba38 100644
--- a/src/chrome/content/rules/City-Link.xml
+++ b/src/chrome/content/rules/City-Link.xml
@@ -1,9 +1,23 @@
-<ruleset name="City Link" platform="mixedcontent">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://city-link.co.uk/ => https://www.city-link.co.uk/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.city-link.co.uk/ => https://www.city-link.co.uk/: (28, 'Connection timed out after 20000 milliseconds')
+
+-->
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://city-link.co.uk/ => https://www.city-link.co.uk/: (28, 'Connection timed out after 10001 milliseconds')
+Fetch error: http://www.city-link.co.uk/ => https://www.city-link.co.uk/: (28, 'Connection timed out after 10001 milliseconds')
+
+-->
+<ruleset name="City Link" platform="mixedcontent" default_off="failed ruleset test">
 
   <target host="city-link.co.uk" />
   <target host="www.city-link.co.uk" />
 
-  <rule from="^http://(www\.)?city-link\.co\.uk/"
+  <rule from="^http://(?:www\.)?city-link\.co\.uk/"
           to="https://www.city-link.co.uk/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/City-Mail.xml b/src/chrome/content/rules/City-Mail.xml
deleted file mode 100644
index 2b64701ce394..000000000000
--- a/src/chrome/content/rules/City-Mail.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	For other Wizard Internet Services coverage, see Wizard-Internet-Services.xml.
-
--->
-<ruleset name="City Mail">
-
-	<target host="cityemail.com" />
-	<target host="www.cityemail.com" />
-
-
-	<securecookie host="^(www\.)?cityemail\.com$" name=".*" />
-
-
-	<rule from="^http://(www\.)?citymail\.com/"
-		to="https://$1citymail.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/City-of-Chicago.xml b/src/chrome/content/rules/City-of-Chicago.xml
index 79ad5552e428..1311af2b6e92 100644
--- a/src/chrome/content/rules/City-of-Chicago.xml
+++ b/src/chrome/content/rules/City-of-Chicago.xml
@@ -2,32 +2,46 @@
 	For other US government coverage,
 	see US-government.xml.
 
+
+	Nonfunctional domains:
+
+		- (www.)?explorechicago.org *
+
+	* Refused
+
 -->
 <ruleset name="City of Chicago" platform="mixedcontent">
 
 	<target host="cityofchicago.org" />
-	<target host="*.cityofchicago.org" />
-	<target host="explorechicago.org" />
-	<target host="*.explorechicago.org" />
+	<target host="mayor.cityofchicago.org" />
+	<target host="data.cityofchicago.org" />
+	<target host="www.cityofchicago.org" />
+	<!--target host="explorechicago.org" /-->
+	<!--target host="*.explorechicago.org" /-->
 
 
-	<securecookie host="^.*\.(cityof|explore)chicago\.org$" name=".*" />
+	<securecookie host="^.*\.cityofchicago\.org$" name=".+" />
+	<!--securecookie host="^.*\.explorechicago\.org$" name=".*" /-->
 
 
 	<!--	Cert only matches www,
-		for both cityof & explore.	-->
-	<rule from="^https?://(cityof|explore)chicago\.org/"
-		to="https://www.$1chicago.org/" />
+					-->
+	<rule from="^http://cityofchicago\.org/"
+		to="https://www.cityofchicago.org/" />
+
+	<!--	Cert only matches www,
+					-->
+	<!--rule from="^http://explorechicago\.org/"
+		to="https://www.explorechicago.org/" /-->
 
 	<!--	mayor times out over https.
 		Redirects like so over http.	-->
-	<rule from="^https?://mayor\.cityofchicago\.org/"
+	<rule from="^http://mayor\.cityofchicago\.org/"
 		to="https://www.cityofchicago.org/content/city/en/depts/mayor.html" />
 
-	<rule from="^http://(data|www)\.cityofchicago\.org/"
-		to="https://$1.cityofchicago.org/" />
 
-	<rule from="^http://www\.explorechicago\.com/"
-		to="https://www.explorechicago.com/" />
-	
+	<!--rule from="^http://www\.explorechicago\.com/"
+		to="https://www.explorechicago.com/" /-->
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/City-of-Sedona.xml b/src/chrome/content/rules/City-of-Sedona.xml
index a2a506aefe52..27eaba8c0d70 100644
--- a/src/chrome/content/rules/City-of-Sedona.xml
+++ b/src/chrome/content/rules/City-of-Sedona.xml
@@ -11,7 +11,7 @@
 	<!--	- Cert only matches www
 		- At least some pages 302 to http
 							-->
-	<rule from="^https?://(?:www\.)?sedonaaz\.gov/([sS]edonacms/(?:\w+\.css$|_gfx/|Modules/))"
+	<rule from="^http://(?:www\.)?sedonaaz\.gov/([sS]edonacms/(?:\w+\.css$|_gfx/|Modules/))"
 		to="https://www.sedonaaz.gov/$1" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/City.com.ua.xml b/src/chrome/content/rules/City.com.ua.xml
new file mode 100644
index 000000000000..8903060c609a
--- /dev/null
+++ b/src/chrome/content/rules/City.com.ua.xml
@@ -0,0 +1,35 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- city.com.ua
+		- m.city.com.ua
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Images on ^ from $self ˢ
+		- Bug on ^ from cdn.yottos.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="City.com.ua">
+
+	<target host="city.com.ua" />
+	<target host="www.city.com.ua" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^city\.com\.ua$" name="^(?:PHPSESSID|ShoppingCart)$" /-->
+	<!--securecookie host="^m\.city\.com\.ua$" name="^(?:PHPSESSID|ShoppingCart|VisitorsID)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CityEmail.com.xml b/src/chrome/content/rules/CityEmail.com.xml
new file mode 100644
index 000000000000..e7c8c32b3de6
--- /dev/null
+++ b/src/chrome/content/rules/CityEmail.com.xml
@@ -0,0 +1,16 @@
+<!--
+	For other Wizard Internet Services coverage, see Wizard-Internet-Services.xml.
+
+-->
+<ruleset name="CityEmail.com">
+
+	<target host="cityemail.com" />
+	<target host="www.cityemail.com" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CityNews.ca.xml b/src/chrome/content/rules/CityNews.ca.xml
new file mode 100644
index 000000000000..e929dbef2195
--- /dev/null
+++ b/src/chrome/content/rules/CityNews.ca.xml
@@ -0,0 +1,41 @@
+<!--
+	Connection refused:
+		- autodiscover.citynews.ca
+
+	Invalid certificate:
+		- email.citynews.ca
+		- b.email.citynews.ca
+		- live.citynews.ca
+		- m.citynews.ca
+		- preprod-www.citynews.ca
+
+	Timed out:
+		- citynews.ca, equivalent to www.citynews.ca
+		- agmail2.citynews.ca
+		- contests.citynews.ca
+		- site.citynews.ca
+-->
+
+<ruleset name="CityNews.ca">
+	<target host="citynews.ca" />
+	<target host="www.citynews.ca" />
+	<target host="edmonton.citynews.ca" />
+	<target host="int-edmonton.citynews.ca" />
+	<target host="int-montreal.citynews.ca" />
+	<target host="int-toronto.citynews.ca" />
+	<target host="int-winnipeg.citynews.ca" />
+	<target host="int-www.citynews.ca" />
+	<target host="montreal.citynews.ca" />
+	<target host="staging-edmonton.citynews.ca" />
+	<target host="staging-montreal.citynews.ca" />
+	<target host="staging-toronto.citynews.ca" />
+	<target host="staging-winnipeg.citynews.ca" />
+	<target host="staging-www.citynews.ca" />
+	<target host="toronto.citynews.ca" />
+	<target host="winnipeg.citynews.ca" />
+
+	<rule from="^http://citynews\.ca/"
+		to="https://www.citynews.ca/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/City_University_London.xml b/src/chrome/content/rules/City_University_London.xml
index 8dbf0cdcdae3..c77aec418f5b 100644
--- a/src/chrome/content/rules/City_University_London.xml
+++ b/src/chrome/content/rules/City_University_London.xml
@@ -1,25 +1,31 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.soi.city.ac.uk/ => https://www.soi.city.ac.uk/: (28, 'Connection timed out after 20000 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.soi.city.ac.uk/ => https://www.soi.city.ac.uk/: (28, 'Connection timed out after 10001 milliseconds')
 	Problematic subdomains:
 
 		- ^	(cert only matches www)
 		- soi
 
 -->
-<ruleset name="City University London">
+<ruleset name="City University London" default_off="failed ruleset test">
 
 	<target host="city.ac.uk" />
-	<target host="*.city.ac.uk" />
+	<target host="soi.city.ac.uk" />
+	<target host="www.city.ac.uk" />
 	<target host="www.soi.city.ac.uk" />
-	<target host="*.www.city.ac.uk" />
+	<target host="s1.city.ac.uk" />
 
 
 	<securecookie host="^\.www\.city\.ac\.uk$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?(soi\.)?city\.ac\.uk/"
+	<rule from="^http://(?:www\.)?(soi\.)?city\.ac\.uk/"
 		to="https://www.$1city.ac.uk/" />
 
-	<rule from="^http://s1\.city\.ac\.uk/"
-		to="https://s1.city.ac.uk/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/City_University_of_New_York-problematic.xml b/src/chrome/content/rules/City_University_of_New_York-problematic.xml
index 1abed081828c..a1d1545a2bba 100644
--- a/src/chrome/content/rules/City_University_of_New_York-problematic.xml
+++ b/src/chrome/content/rules/City_University_of_New_York-problematic.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(?:www\.)?law\.cuny\.edu/"
 		to="https://www.law.cuny.edu/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/City_University_of_New_York.xml b/src/chrome/content/rules/City_University_of_New_York.xml
index 5c89c87cb76c..548a08ba7c1a 100644
--- a/src/chrome/content/rules/City_University_of_New_York.xml
+++ b/src/chrome/content/rules/City_University_of_New_York.xml
@@ -32,13 +32,12 @@
 <ruleset name="City University of New York (partial)">
 
 	<target host="cuny.edu" />
-	<target host="*.cuny.edu" />
+	<target host="www.cuny.edu" />
 
 
 	<securecookie host="^\.cuny\.edu$" name="^__utm\w$" />
 
 
-	<rule from="^http://(www\.)?cuny\.edu/"
-		to="https://$1cuny.edu/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/City_of_London.gov.uk.xml b/src/chrome/content/rules/City_of_London.gov.uk.xml
new file mode 100644
index 000000000000..70e3428417bd
--- /dev/null
+++ b/src/chrome/content/rules/City_of_London.gov.uk.xml
@@ -0,0 +1,62 @@
+<!--
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *cityoflondon.gov.uk:
+
+		- collage ʳ
+		- contracts ᶠ
+		- democracy ʳ
+		- email ⁴
+		- (www.)?fyi *
+		- www.guildhall **
+		- www.keatshouse ⁴
+		- www.learningzone ⁴
+		- lovethesquaremile ᶠ
+		- mobile ⁴
+		- tokenbookslma ʳ
+
+	* Redirects to search3.openobjects.com
+	** Redirects to www.cityoflondon.gov.uk
+	⁴ 404
+	ᶠ Handshake fails
+	ʳ Refused
+
+
+	Problematic hosts in *cityoflondon.gov.uk:
+
+		- news ᵐ
+
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- pcn.cityoflondon.gov.uk
+
+-->
+<ruleset name="City of London.gov.uk (partial)">
+
+	<target host="cityoflondon.gov.uk" />
+	<target host="consult.cityoflondon.gov.uk" />
+	<target host="jobs.cityoflondon.gov.uk" />
+	<target host="pcn.cityoflondon.gov.uk" />
+	<target host="www.cityoflondon.gov.uk" />
+	<target host="wwwstage.cityoflondon.gov.uk" />
+
+		<!--	Sets cookie without Secure:
+							-->
+		<!--test url="http://pcn.cityoflondon.gov.uk/live-3sc-user/" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^pcn\.cityoflondon\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/City_of_Mountain_View.xml b/src/chrome/content/rules/City_of_Mountain_View.xml
index 8ca91b9cccf3..4bb15ac4b3a9 100644
--- a/src/chrome/content/rules/City_of_Mountain_View.xml
+++ b/src/chrome/content/rules/City_of_Mountain_View.xml
@@ -1,5 +1,12 @@
+
 <!--
-	For other U.S. government coverage, see US-government.xml.
+Disabled by https-everywhere-checker because:
+Fetch error: http://mountainview.gov/ => https://www.mountainview.gov/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.mountainview.gov/ => https://www.mountainview.gov/: (28, 'Connection timed out after 20001 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://mountainview.gov/ => https://www.mountainview.gov/: (28, 'Connection timed out after 10000 milliseconds')
+Fetch error: http://www.mountainview.gov/ => https://www.mountainview.gov/: (28, 'Connection timed out after 10001 milliseconds')
 
 
 	Nonfunctional subdomains:
@@ -10,7 +17,7 @@
 	Cert only matches www
 
 -->
-<ruleset name="City of Mountain View (partial)">
+<ruleset name="City of Mountain View (partial)" default_off="failed ruleset test">
 
 	<target host="mountainview.gov" />
 	<target host="www.mountainview.gov" />
@@ -19,7 +26,7 @@
 	<securecookie host="^www\.mountainview\.gov$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?mountainview\.gov/"
+	<rule from="^http://(?:www\.)?mountainview\.gov/"
 		to="https://www.mountainview.gov/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/City_of_Seattle.xml b/src/chrome/content/rules/City_of_Seattle.xml
index 5ef4c8c656ab..a36aeaa6f1a8 100644
--- a/src/chrome/content/rules/City_of_Seattle.xml
+++ b/src/chrome/content/rules/City_of_Seattle.xml
@@ -1,4 +1,6 @@
 <!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://seattle.gov/ (200) => https://www.seattle.gov/ (303)
 	For other U.S. government coverage, see US-government.xml.
 
 
@@ -32,22 +34,28 @@
 <ruleset name="City of Seattle (partial)" platform="mixedcontent">
 
 	<target host="seattle.gov" />
-	<target host="*.seattle.gov" />
+	<target host="www.seattle.gov" />
+	<target host="citylink.seattle.gov" />
+	<target host="data.seattle.gov" />
+	<target host="my.seattle.gov" />
+	<target host="wald1.seattle.gov" />
+	<target host="web1.seattle.gov" />
+	<target host="web5.seattle.gov" />
+	<target host="web6.seattle.gov" />
 
 
 	<securecookie host="^.+\.seattle\.gov$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?seattle\.gov/"
+	<rule from="^http://(?:www\.)?seattle\.gov/"
 		to="https://www.seattle.gov/" />
 
-	<rule from="^https?://citylink\.seattle\.gov/"
+	<rule from="^http://citylink\.seattle\.gov/"
 		to="https://www.seattle.gov/citylink/" />
 
-	<rule from="^http://(data|my|wald1|web1)\.seattle\.gov/"
-		to="https://$1.seattle.gov/" />
 
-	<rule from="^https?://web[56]\.seattle\.gov/"
+	<rule from="^http://web[56]\.seattle\.gov/"
 		to="https://web6.seattle.gov/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Cityam.com.xml b/src/chrome/content/rules/Cityam.com.xml
new file mode 100644
index 000000000000..1869a9c8872b
--- /dev/null
+++ b/src/chrome/content/rules/Cityam.com.xml
@@ -0,0 +1,41 @@
+<!--
+	Self-signed:
+		- ^
+
+	Cert mismatch:
+		- dev5
+		- email
+		- ci
+		- li
+		- local
+		- www.m
+		- click.mail
+		- image.mail
+		- pages.mail
+		- view.mail
+		- newsletter
+		- punter
+
+	Incomplete certificate chain:
+		- digital
+		- helpdesk
+		- intranet
+		- subscriber
+		- wiki
+
+	Cityam.com has a wildcard DNS record, so enumerating all subdomains is impossible.
+-->
+<ruleset name="Cityam.com (partial)">
+	<target host="cityam.com" />
+	<target host="www.cityam.com" />
+	<target host="dev.cityam.com" />
+	<target host="api.cityam.com" />
+	<target host="dev2.cityam.com" />
+	<target host="dev3.cityam.com" />
+	<target host="dev4.cityam.com" />
+	<target host="uat.cityam.com" />
+
+	<rule from="^http://cityam\.com/" to="https://www.cityam.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Citymapper.xml b/src/chrome/content/rules/Citymapper.xml
new file mode 100644
index 000000000000..4950c3970055
--- /dev/null
+++ b/src/chrome/content/rules/Citymapper.xml
@@ -0,0 +1,18 @@
+<!--
+	Nonfunctional subdomains:
+		- the	(hostname mismatch, CN: *.squarespace.com, squarespace.com)
+-->
+<ruleset name="Citymapper">
+	<target host=     "citymapper.com" />
+	<target host= "www.citymapper.com" />
+	<target host="www1.citymapper.com" />
+	<target host="www2.citymapper.com" />
+	<target host="www3.citymapper.com" />
+	<target host="www4.citymapper.com" />
+	<target host="www5.citymapper.com" />
+
+  	<securecookie host="^.*\.citymapper\.com$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CityofLondonPolice.xml b/src/chrome/content/rules/CityofLondonPolice.xml
new file mode 100644
index 000000000000..797ee5c0f5a0
--- /dev/null
+++ b/src/chrome/content/rules/CityofLondonPolice.xml
@@ -0,0 +1,22 @@
+<!--
+	For City of London Police
+
+		Works:
+
+			- $
+			- www
+			- academy
+
+		Mismatch:
+
+			- wwwstage.cityoflondon.police.uk
+			- editcolp.cityoflondon.police.uk
+
+-->
+<ruleset name="City of London Police">
+	<target host="cityoflondon.police.uk" />
+	<target host="www.cityoflondon.police.uk" />
+	<target host="academy.cityoflondon.police.uk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CityofPortland.xml b/src/chrome/content/rules/CityofPortland.xml
index 18c79155d593..7381c96004c5 100644
--- a/src/chrome/content/rules/CityofPortland.xml
+++ b/src/chrome/content/rules/CityofPortland.xml
@@ -1,6 +1,14 @@
 <ruleset name="City of Portland, OR">
-  <target host="www.portlandonline.com"/>
-  <target host="portlandonline.com"/>
+	<target host="www.portlandonline.com"/>
+	<target host="portlandonline.com"/>
+	<target host="www.portlandoregon.gov"/>
+	<target host="portlandoregon.gov"/>
 
-  <rule from="^http://(?:www\.)?portlandonline\.com/" to="https://www.portlandonline.com/"/>
+	<securecookie host="^www\.portlandonline\.com$" name=".+" />
+	<securecookie host="^www\.portlandoregon\.gov$" name=".+" />
+
+	<rule from="^http://portlandonline\.com/"
+		to="https://www.portlandonline.com/" />
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Citypaketet.xml b/src/chrome/content/rules/Citypaketet.xml
deleted file mode 100644
index 466cd8c98bf3..000000000000
--- a/src/chrome/content/rules/Citypaketet.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)	(www cert: www.vp-spm.com; 404)
-
--->
-<ruleset name="Citypaketet (partial)">
-
-	<target host="sifomedia.citypaketet.se" />
-
-
-	<securecookie host="^ssl\.sifomedia\.se$" name=".*" />
-
-
-	<rule from="^https?://sifomedia\.citypaketet\.se/"
-		to="https://ssl.sifomedia.se/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Citysearch.com.xml b/src/chrome/content/rules/Citysearch.com.xml
new file mode 100644
index 000000000000..1e33510287fe
--- /dev/null
+++ b/src/chrome/content/rules/Citysearch.com.xml
@@ -0,0 +1,25 @@
+<!--
+	^citysearch.com: Dropped
+
+-->
+<ruleset name="Citysearch.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.citysearch.com" />
+
+	<!--	Complications:
+				-->
+	<target host="citysearch.com" />
+
+
+	<securecookie host="^\w" name="^_gat?$" />
+
+
+	<rule from="^http://citysearch\.com/"
+		to="https://www.citysearch.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Citywerkz.com.xml b/src/chrome/content/rules/Citywerkz.com.xml
index ee9dc2e81b65..2641d2bd3b9b 100644
--- a/src/chrome/content/rules/Citywerkz.com.xml
+++ b/src/chrome/content/rules/Citywerkz.com.xml
@@ -1,13 +1,21 @@
-<ruleset name="Citywerkz.com">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://citywerkz.com/ => https://citywerkz.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.citywerkz.com/ => https://www.citywerkz.com/: (60, 'SSL certificate problem: certificate has expired')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://citywerkz.com/ => https://citywerkz.com/: (51, "SSL: no alternative certificate subject name matches target host name 'citywerkz.com'")
+-->
+<ruleset name="Citywerkz.com" default_off="failed ruleset test">
 
 	<target host="citywerkz.com" />
-	<target host="*.citywerkz.com" />
+	<target host="www.citywerkz.com" />
 
 
 	<securecookie host="^(?:www)?\.citywerkz\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?citywerkz\.com/"
-		to="https://$1citywerkz.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Ciuvo.com.xml b/src/chrome/content/rules/Ciuvo.com.xml
new file mode 100644
index 000000000000..e48aa6f801c0
--- /dev/null
+++ b/src/chrome/content/rules/Ciuvo.com.xml
@@ -0,0 +1,11 @@
+<ruleset name="Ciuvo.com">
+
+	<target host="ciuvo.com" />
+	<target host="api.ciuvo.com" />
+	<target host="secure.ciuvo.com" />
+	<target host="www.ciuvo.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CiviCRM.xml b/src/chrome/content/rules/CiviCRM.xml
index b631c0cb128c..cad390a5a1c0 100644
--- a/src/chrome/content/rules/CiviCRM.xml
+++ b/src/chrome/content/rules/CiviCRM.xml
@@ -1,13 +1,12 @@
 <ruleset name="CiviCRM">
 
 	<target host="civicrm.org" />
-	<target host="*.civicrm.org" />
+	<target host="www.civicrm.org" />
 
 
 	<securecookie host="^\.civicrm\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?civicrm\.org/"
-		to="https://$1civicrm.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/CivicScience.xml b/src/chrome/content/rules/CivicScience.xml
index 6082b44a70a3..f6b58e724202 100644
--- a/src/chrome/content/rules/CivicScience.xml
+++ b/src/chrome/content/rules/CivicScience.xml
@@ -19,7 +19,9 @@
 <ruleset name="CivicScience (partial)">
 
 	<target host="civicscience.com" />
-	<target host="*.civicscience.com" />
+	<target host="beta.civicscience.com" />
+	<target host="www.civicscience.com" />
+	<target host="blog.civicscience.com" />
 
 
 	<rule from="^http://(beta\.|www\.)?civicscience\.com/"
@@ -28,4 +30,4 @@
 	<rule from="^http://blog\.civicscience\.com/(display/|favicon\.ico|layout/|storage/|universal/)"
 		to="https://civicscience.squarespace.com/$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Civica_ePay.co.uk.xml b/src/chrome/content/rules/Civica_ePay.co.uk.xml
new file mode 100644
index 000000000000..0ad35e6bc5f7
--- /dev/null
+++ b/src/chrome/content/rules/Civica_ePay.co.uk.xml
@@ -0,0 +1,32 @@
+<!--
+	For other Civica Group coverage, see civica.co.uk.xml.
+
+
+	^civicaepay.co.uk doesn't exist.
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.civicaepay.co.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Civica ePay.co.uk">
+
+	<target host="www.civicaepay.co.uk" />
+
+		<!--test url="http://www.civicaepay.co.uk/AllerdaleESTORE/estore" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.civicaepay\.co\.uk$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Civil_Aviation_Authority.xml b/src/chrome/content/rules/Civil_Aviation_Authority.xml
index f06e9a8115a4..4b776485a541 100644
--- a/src/chrome/content/rules/Civil_Aviation_Authority.xml
+++ b/src/chrome/content/rules/Civil_Aviation_Authority.xml
@@ -1,10 +1,14 @@
-<ruleset name="Civil Aviation Authority">
+<!--
+	Civil Aviation Authority
+
+-->
+<ruleset name="CAA.co.uk">
 
 	<target host="caa.co.uk" />
 	<target host="www.caa.co.uk" />
 
 
-	<rule from="^http://(www\.)?caa\.co\.uk/"
-		to="https://$1caa.co.uk/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Ckgs.us.xml b/src/chrome/content/rules/Ckgs.us.xml
new file mode 100644
index 000000000000..10d7875717df
--- /dev/null
+++ b/src/chrome/content/rules/Ckgs.us.xml
@@ -0,0 +1,18 @@
+<!--
+	Invalid certificate:
+		ckgs.us
+
+-->
+<ruleset name="Ckgs.us">
+	<target host="ckgs.us"/>
+	<target host="www.ckgs.us"/>
+	<target host="devnic.ckgs.us"/>
+		<test url="http://devnic.ckgs.us/robots.txt" />
+	<target host="in.ckgs.us"/>
+	<target host="passport.in.ckgs.us"/>
+	<target host="ta.ckgs.us"/>
+
+	<rule from="^http://ckgs\.us/"
+		to="https://www.in.ckgs.us/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Cl.ly.xml b/src/chrome/content/rules/Cl.ly.xml
new file mode 100644
index 000000000000..a3f093e72874
--- /dev/null
+++ b/src/chrome/content/rules/Cl.ly.xml
@@ -0,0 +1,17 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- f.cl.ly
+
+		Different content:
+		- api.cl.ly
+-->
+<ruleset name="cl.ly">
+	<target host="cl.ly" />
+	<target host="my.cl.ly" />
+	<target host="www.cl.ly" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Claessens-Donadello.eu.xml b/src/chrome/content/rules/Claessens-Donadello.eu.xml
new file mode 100644
index 000000000000..c149957b940c
--- /dev/null
+++ b/src/chrome/content/rules/Claessens-Donadello.eu.xml
@@ -0,0 +1,12 @@
+<ruleset name="Claessens Donadello">
+
+	<target host="claessens-donadello.eu" />
+	<target host="www.claessens-donadello.eu" />
+	<target host="laurent.claessens-donadello.eu" />
+	<target host="www.laurent.claessens-donadello.eu" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Claim_Forms_Plus.xml b/src/chrome/content/rules/Claim_Forms_Plus.xml
index 337bc0589c30..08a2fbf7481b 100644
--- a/src/chrome/content/rules/Claim_Forms_Plus.xml
+++ b/src/chrome/content/rules/Claim_Forms_Plus.xml
@@ -1,13 +1,12 @@
 <ruleset name="Claim Forms Plus">
 
 	<target host="claimformsplus.com" />
-	<target host="*.claimformsplus.com" />
+	<target host="www.claimformsplus.com" />
 
 
 	<securecookie host="^\.claimformsplus\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?claimformsplus\.com/"
-		to="https://$1claimformsplus.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ClamAV.net.xml b/src/chrome/content/rules/ClamAV.net.xml
new file mode 100644
index 000000000000..699c3c856c4f
--- /dev/null
+++ b/src/chrome/content/rules/ClamAV.net.xml
@@ -0,0 +1,24 @@
+<!--
+	Time out:
+		clamav.net
+		intel.clamav.net
+		lurker.clamav.net
+		stats.clamav.net
+		wiki.clamav.net
+
+	Secure connection failed:
+		blog.clamav.net
+
+	Invalid certificate:
+		snapshot.clamav.net
+
+-->
+<ruleset name="ClamAV.net">
+
+	<target host="www.clamav.net" />
+	<target host="bugzilla.clamav.net" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Clara.io.xml b/src/chrome/content/rules/Clara.io.xml
new file mode 100644
index 000000000000..a28c981478a8
--- /dev/null
+++ b/src/chrome/content/rules/Clara.io.xml
@@ -0,0 +1,28 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- clara.io
+		- forum.clara.io
+
+-->
+<ruleset name="Clara.io">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="clara.io" />
+	<target host="forum.clara.io" />
+	<target host="www.clara.io" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^clara\.io$" name="^connect\.sess$" /-->
+	<!--securecookie host="^forum\.clara\.io$" name="^__profilin$" /-->
+
+	<securecookie host="^(?:forum\.)?clara\.io$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Claranet-mismatches.xml b/src/chrome/content/rules/Claranet-mismatches.xml
index 5e549d69c92a..3c40dfc22cbe 100644
--- a/src/chrome/content/rules/Claranet-mismatches.xml
+++ b/src/chrome/content/rules/Claranet-mismatches.xml
@@ -3,12 +3,8 @@
 	<target host="admin-vh.es.clara.net"/>
 	<target host="signup.claranet.de"/>
 
-	<securecookie host="^admin-vh\.es\.clara\.net$" name=".*"/>
+	<securecookie host="^admin-vh\.es\.clara\.net$" name=".+" />
 
-	<rule from="^http://admin-vh\.es\.clara\.net/"
-		to="https://admin-vh.es.clara.net/"/>
-
-	<rule from="^http://signup\.claranet\.de/"
-		to="https://signup.claranet.de/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Claranet.xml b/src/chrome/content/rules/Claranet.xml
index 75ab7859821d..77b786cb8e54 100644
--- a/src/chrome/content/rules/Claranet.xml
+++ b/src/chrome/content/rules/Claranet.xml
@@ -1,38 +1,41 @@
-<ruleset name="Claranet (partial)">
 
-	<target host="*.clara.net"/>
-	<target host="webmail.bln.de.clara.net"/>
-	<target host="nswebmail.uk.clara.net"/>
-	<target host="portal.uk.clara.net"/>
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://pop.claranet.de/ => https://pop.claranet.de/: (6, 'Could not resolve host: pop.claranet.de')
+Fetch error: http://secure.claranetsoho.co.uk/ => https://secure.claranetsoho.co.uk/: (28, 'Connection timed out after 20001 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://pop.claranet.de/ => https://pop.claranet.de/: (6, 'Could not resolve host: pop.claranet.de')
+Fetch error: http://webmail.claranet.pt/ => https://webmail.claranet.pt/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://secure.claranetsoho.co.uk/ => https://secure.claranetsoho.co.uk/: (28, 'Connection timed out after 10000 milliseconds')
+-->
+<ruleset name="Claranet (partial)" default_off="failed ruleset test">
+
+	<target host="corporate.clara.net" />
+	<target host="customer.clara.net" />
+	<target host="webmail.clara.net" />
+	<target host="webmail.bln.de.clara.net" />
+	<target host="nswebmail.uk.clara.net" />
+	<target host="portal.uk.clara.net" />
 	<target host="admin.clarahost.co.uk"/>
 	<target host="pop.claranet.de"/>
-	<target host="*.claranet.nl"/>
+	<target host="webmail.claranet.nl" />
+	<target host="servicecenter.claranet.nl" />
 	<target host="webmail.claranet.pt"/>
 	<target host="secure.claranetsoho.co.uk"/>
 
-	<securecookie host="^(.*\.)?clara\.net$" name=".*"/>
-	<securecookie host="^admin\.clarahost\.co\.uk$" name=".*"/>
-	<securecookie host="^pop\.claranet\.de$" name=".*"/>
-	<securecookie host="^(.*\.)?claranet\.nl$" name=".*"/>
-	<securecookie host="^webmail\.claranet\.pt$" name=".*"/>
-	<securecookie host="^secure\.claranetsoho\.co\.uk$" name=".*"/>
+	<securecookie host="^(?:.*\.)?clara\.net$" name=".+" />
+	<securecookie host="^admin\.clarahost\.co\.uk$" name=".+" />
+	<securecookie host="^pop\.claranet\.de$" name=".+" />
+	<securecookie host="^(?:.*\.)?claranet\.nl$" name=".+" />
+	<securecookie host="^webmail\.claranet\.pt$" name=".+" />
+	<securecookie host="^secure\.claranetsoho\.co\.uk$" name=".+" />
 
-	<rule from="^http://(corporate|customer|webmail(\.bln\.de)?|(nswebmail|portal)\.uk)\.clara\.net/"
-		to="https://$1.clara.net/"/>
 
-	<rule from="^http://admin\.clarahost\.co\.uk/"
-		to="https://admin.clarahost.co.uk/"/>
 
-	<rule from="^http://pop\.claranet\.de/"
-		to="https://pop.claranet.de/"/>
 
-	<rule from="^http://webmail\.claranet\.(nl|pt)/"
-		to="https://webmail.claranet.$1/"/>
 
-	<rule from="^http://servicecenter\.claranet\.nl/"
-		to="https://servicecenter.claranet.nl/"/>
 
-	<rule from="^http://secure\.claranetsoho\.co\.uk/"
-		to="https://secure.claranetsoho.co.uk/"/>
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Clarion-Ledger.xml b/src/chrome/content/rules/Clarion-Ledger.xml
index 2802e706d8bf..ea896c75e542 100644
--- a/src/chrome/content/rules/Clarion-Ledger.xml
+++ b/src/chrome/content/rules/Clarion-Ledger.xml
@@ -16,13 +16,14 @@
 <ruleset name="Clarion-Ledger">
 
 	<target host="clarionledger.com" />
-	<target host="*.clarionledger.com" />
+	<target host="cmsimg.clarionledger.com" />
+	<target host="www.clarionledger.com" />
 
 
 	<securecookie host="^www\.clarionledger\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:cmsimg\.|www\.)?clarionledger\.com/"
+	<rule from="^http://(?:cmsimg\.|www\.)?clarionledger\.com/"
 		to="https://www.clarionledger.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ClarityRay.xml b/src/chrome/content/rules/ClarityRay.xml
deleted file mode 100644
index d18f238c08ba..000000000000
--- a/src/chrome/content/rules/ClarityRay.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	CDN buckets:
-
-		- c15037188.r88.cf2.rackcdn.com
-
-
-	Nonfunctional domains:
-
-		- wredint.com
-
--->
-<ruleset name="ClarityRay (partial)">
-
-	<target host="clarityray.com" />
-	<target host="www.clarityray.com" />
-
-
-	<rule from="^http://(www\.)?clarityray\.com/"
-		to="https://$1clarityray.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Clarkvision.com.xml b/src/chrome/content/rules/Clarkvision.com.xml
new file mode 100644
index 000000000000..4654f2555384
--- /dev/null
+++ b/src/chrome/content/rules/Clarkvision.com.xml
@@ -0,0 +1,13 @@
+<!--
+	certificate mismatch:
+		www.clarkvision.com
+-->
+<ruleset name="Clarkvision.com">
+	<target host="clarkvision.com" />
+	<target host="www.clarkvision.com" />
+
+	<rule from="^http://www\.clarkvision\.com/"
+		to="https://clarkvision.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Class-Central.com.xml b/src/chrome/content/rules/Class-Central.com.xml
new file mode 100644
index 000000000000..845d4c52a2ed
--- /dev/null
+++ b/src/chrome/content/rules/Class-Central.com.xml
@@ -0,0 +1,34 @@
+<!--
+	^class-central.com: Refused
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.class-central.com
+
+-->
+<ruleset name="Class-Central.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.class-central.com" />
+
+	<!--	Complications:
+				-->
+	<target host="class-central.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.class-centra\.com$" name="^(PHPSESSID|wfvt_\d+)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://class-central\.com/"
+		to="https://www.class-central.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ClassZone.com.xml b/src/chrome/content/rules/ClassZone.com.xml
index e287429ad071..8fea26feb259 100644
--- a/src/chrome/content/rules/ClassZone.com.xml
+++ b/src/chrome/content/rules/ClassZone.com.xml
@@ -1,6 +1,7 @@
-<ruleset name="ClassZone.com">
-  <target host="www.classzone.com" />
-  <target host="classzone.com" />
-
-  <rule from="^http://(www\.)?classzone\.com/" to="https://classzone.com/"/>
-</ruleset>
+<ruleset name="ClassZone.com">
+	<target host="www.classzone.com" />
+	<target host="classzone.com" />
+
+	<rule from="^http:"
+		to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/Classmates.xml b/src/chrome/content/rules/Classmates.xml
index 6da1f5782d7f..7bf5e0127aed 100644
--- a/src/chrome/content/rules/Classmates.xml
+++ b/src/chrome/content/rules/Classmates.xml
@@ -1,17 +1,31 @@
 <!--
-
 	Nonfunctional domains:
 
 		- (www.)classmates.com	(times out)
-		- s.cmcdn.com		(400, CN: *.hs.llnwd.net)
+		- c.cmcdn.com *
+		- s.cmcdn.com *
+
+	* Dropped
+
+
+	Insecure cookies are set for these domains:
+
+		- .classmates.com
 
 -->
-<ruleset name="Classmates">
+<ruleset name="Classmates.com (partial)">
 
 	<target host="secure.classmates.com" />
 
+		<test url="http://secure.classmates.com/auth/login" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.classmates\.com$" name="^(?:CMBeta\.memorylane|ML_VISITOR|gomezIncludeScript\.sticky|ident|session)$" /-->
+
 
-	<rule from="^http://secure\.classmates\.com/"
-		to="https://secure.classmates.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Classpath.org.xml b/src/chrome/content/rules/Classpath.org.xml
new file mode 100644
index 000000000000..24317e2c9a43
--- /dev/null
+++ b/src/chrome/content/rules/Classpath.org.xml
@@ -0,0 +1,15 @@
+<!--
+	Mismatching certificate:
+		- classpath.org
+		- www.classpath.org
+		- builder.classpath.org
+
+	Refused:
+		- developer.classpath.org
+-->
+<ruleset name="Classpath.org (Partial)">
+	<target host="icedtea.classpath.org" />
+	<target host="planet.classpath.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ClassyMotherfucker.xml b/src/chrome/content/rules/ClassyMotherfucker.xml
deleted file mode 100644
index 3bba4a3d1d67..000000000000
--- a/src/chrome/content/rules/ClassyMotherfucker.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="ClassyMotherfucker.com" default_off="self-signed">
-
-	<target host="classymotherfucker.com"/>
-	<target host="www.classymotherfucker.com"/>
-
-	<rule from="^http://(?:www\.)?classymotherfucker\.com/"
-		to="https://classymotherfucker.com/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Claudio_dAngelis.com.xml b/src/chrome/content/rules/Claudio_dAngelis.com.xml
new file mode 100644
index 000000000000..a80d64ea6e82
--- /dev/null
+++ b/src/chrome/content/rules/Claudio_dAngelis.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .claudiodangelis.com
+
+-->
+<ruleset name="Claudio dAngelis.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="claudiodangelis.com" />
+	<target host="www.claudiodangelis.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.claudiodangelis\.com$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.claudiodangelis\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Claws-Mail.org.xml b/src/chrome/content/rules/Claws-Mail.org.xml
new file mode 100644
index 000000000000..20c0ec22b5db
--- /dev/null
+++ b/src/chrome/content/rules/Claws-Mail.org.xml
@@ -0,0 +1,24 @@
+<!--
+	CN: www.colino.net
+
+
+	Mixed content:
+
+		- Image on (www.) from www *
+
+	* Secured by us
+
+-->
+<ruleset name="Claws-Mail.org" default_off="mismatched">
+
+	<target host="claws-mail.org" />
+	<target host="www.claws-mail.org" />
+	<target host="git.claws-mail.org" />
+	<target host="lists.claws-mail.org" />
+	<target host="planet.claws-mail.org" />
+	<target host="svn.claws-mail.org" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cld.me.xml b/src/chrome/content/rules/Cld.me.xml
new file mode 100644
index 000000000000..23a650aba819
--- /dev/null
+++ b/src/chrome/content/rules/Cld.me.xml
@@ -0,0 +1,16 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- cld.me
+		- www.cld.me
+		- assets.my.cld.me
+		- proxy.cld.me
+-->
+<ruleset name="Cld.me (partial)">
+	<target host="api.cld.me" />
+	<target host="my.cld.me" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Cldup.com.xml b/src/chrome/content/rules/Cldup.com.xml
new file mode 100644
index 000000000000..dd1fbd7cd2b4
--- /dev/null
+++ b/src/chrome/content/rules/Cldup.com.xml
@@ -0,0 +1,8 @@
+<!--
+     www.cldup.com doesn't exist.
+-->
+<ruleset name="Cldup.com">
+	<target host="cldup.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Clean-Energy-Experts.xml b/src/chrome/content/rules/Clean-Energy-Experts.xml
index c79b6ffa9307..0c806849c532 100644
--- a/src/chrome/content/rules/Clean-Energy-Experts.xml
+++ b/src/chrome/content/rules/Clean-Energy-Experts.xml
@@ -1,13 +1,13 @@
 <ruleset name="Clean Energy Experts">
 
 	<target host="cleanenergyexperts.com" />
-	<target host="*.cleanenergyexperts.com" />
+	<target host="clients.cleanenergyexperts.com" />
+	<target host="www.cleanenergyexperts.com" />
 
 
-	<securecookie host="^(.*\.)?cleanenergyexperts\.com$" name=".*" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(clients\.|www\.)?cleanenergyexperts\.com/"
-		to="https://$1cleanenergyexperts.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/CleanPrint.net.xml b/src/chrome/content/rules/CleanPrint.net.xml
index 6ce502591ad6..44310713b9a3 100644
--- a/src/chrome/content/rules/CleanPrint.net.xml
+++ b/src/chrome/content/rules/CleanPrint.net.xml
@@ -1,4 +1,10 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cleanprint.net/ => https://cleanprint.net/: (51, "SSL: no alternative certificate subject name matches target host name 'cleanprint.net'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://cleanprint.net/ => https://cleanprint.net/: (51, "SSL: no alternative certificate subject name matches target host name 'cleanprint.net'")
 	For other FormatDynamics coverage, see FormatDynamics.com.xml.
 
 
@@ -20,16 +26,13 @@
 		- cache-02	(→ www)
 
 -->
-<ruleset name="CleanPrint.net">
+<ruleset name="CleanPrint.net" default_off="failed ruleset test">
 
 	<target host="cleanprint.net" />
-	<target host="*.cleanprint.net" />
-
+	<target host="www.cleanprint.net" />
+	<target host="cache-02.cleanprint.net" />
 
-	<rule from="^http://(www\.)?cleanprint\.net/"
-		to="https://$1cleanprint.net/" />
 
-	<rule from="^http://cache-02\.cleanprint\.net/"
-		to="https://cache-02.cleanprint.net/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Clear-Code.com.xml b/src/chrome/content/rules/Clear-Code.com.xml
new file mode 100644
index 000000000000..cba409f20878
--- /dev/null
+++ b/src/chrome/content/rules/Clear-Code.com.xml
@@ -0,0 +1,28 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+			 - rurema.clear-code.com
+
+		SSL peer certificate was not OK:
+			 - clear-code.com
+
+		Incomplete certificate chain error:
+			 - mail.clear-code.com
+
+		Different content:
+			 - sugarcrm.clear-code.com
+-->
+<ruleset name="Clear-Code.com">
+	<target host="clear-code.com" />
+	<target host="www.clear-code.com" />
+	<target host="gitlab.clear-code.com" />
+	<target host="owncloud.clear-code.com" />
+	<target host="redmine.clear-code.com" />
+	<target host="zulip.clear-code.com" />
+
+	<rule from="^http://clear-code\.com/"
+			to="https://www.clear-code.com/" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Clear-link.com.xml b/src/chrome/content/rules/Clear-link.com.xml
new file mode 100644
index 000000000000..9dbd1ff059f2
--- /dev/null
+++ b/src/chrome/content/rules/Clear-link.com.xml
@@ -0,0 +1,20 @@
+<!--
+	For other Clearlink coverage, see Clearlink.com.xml.
+
+
+	(www.): mismatched, CN: clearlink.com
+
+-->
+<ruleset name="Clear-link.com">
+
+	<target host="clear-link.com" />
+	<target host="*.clear-link.com" />
+
+
+	<rule from="^http://(?:www\.)?clear-link\.com/+"
+		to="https://www.clearlink.com/" />
+
+	<rule from="^http://cms\.clear-link\.com/"
+		to="https://cms.clear-link.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ClearCenter.com.xml b/src/chrome/content/rules/ClearCenter.com.xml
index 2e8454cd2dd9..5433dfe0831d 100644
--- a/src/chrome/content/rules/ClearCenter.com.xml
+++ b/src/chrome/content/rules/ClearCenter.com.xml
@@ -13,7 +13,6 @@
 	<securecookie host="^secure\.clearcenter\.com$" name=".+" />
 
 
-	<rule from="^http://secure\.clearcenter\.com/"
-		to="https://secure.clearcenter.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/ClearChain.com.xml b/src/chrome/content/rules/ClearChain.com.xml
new file mode 100644
index 000000000000..a4a04de6f073
--- /dev/null
+++ b/src/chrome/content/rules/ClearChain.com.xml
@@ -0,0 +1,21 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+			 - cdn.clearchain.com
+			 - leo.clearchain.com
+			 - mail.clearchain.com
+			 - northgate.clearchain.com
+			 - ns.clearchain.com
+
+		Secure connection redirects to plaintext:
+			 - www.clearchain.com
+-->
+<ruleset name="ClearChain.com (partial)" platform="mixedcontent">
+	<target host="clearchain.com" />
+	<target host="www.clearchain.com" />
+		<test url="http://www.clearchain.com/blog/" />
+
+	<securecookie host="^(www\.)?clearchain\.com$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ClearChain.xml b/src/chrome/content/rules/ClearChain.xml
deleted file mode 100644
index 8ee0b9f627ee..000000000000
--- a/src/chrome/content/rules/ClearChain.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<ruleset name="ClearChain" platform="cacert">
-
-	<target host="clearchain.com" />
-	<target host="www.clearchain.com" />
-
-
-	<securecookie host="^www\.clearchain\.com$" name=".*" />
-
-
-	<!--	Cert doesn't match !www.	-->
-	<rule from="^http://(?:www\.)?clearchain\.com/"
-		to="https://www.clearchain.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/ClearQuran.com.xml b/src/chrome/content/rules/ClearQuran.com.xml
new file mode 100644
index 000000000000..0dafe0c8e764
--- /dev/null
+++ b/src/chrome/content/rules/ClearQuran.com.xml
@@ -0,0 +1,17 @@
+<!--
+	Secure connection failed:
+	- alias1.clearquran.com
+
+	Too much mixed content blocking:
+	- blog.clearquran.com
+
+-->
+<ruleset name="ClearQuran.com">
+	<target host="clearquran.com" />
+	<target host="www.clearquran.com" />
+	<target host="m.clearquran.com" />
+
+	<securecookie host="^www\.clearquran\.com$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ClearXchange.com.xml b/src/chrome/content/rules/ClearXchange.com.xml
new file mode 100644
index 000000000000..c1971c0d449d
--- /dev/null
+++ b/src/chrome/content/rules/ClearXchange.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="ClearXchange.com">
+
+	<target host="clearxchange.com" />
+	<target host="www.clearxchange.com" />
+
+
+	<securecookie host="^\.clearxchange\.com$" name="^__cfduid$" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Clearista.com.xml b/src/chrome/content/rules/Clearista.com.xml
new file mode 100644
index 000000000000..b44b9becf43a
--- /dev/null
+++ b/src/chrome/content/rules/Clearista.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Clearista.com">
+	<target host="clearista.com" />
+	<target host="www.clearista.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Clearlink.com.xml b/src/chrome/content/rules/Clearlink.com.xml
new file mode 100644
index 000000000000..887a775c8e40
--- /dev/null
+++ b/src/chrome/content/rules/Clearlink.com.xml
@@ -0,0 +1,22 @@
+<!--
+	Other Clearlink rulesets:
+
+		- Clear-link.com.xml
+
+
+	Mixed content:
+
+		- Bug on www from www.adobe.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Clearlink.com">
+
+	<target host="clearlink.com" />
+	<target host="www.clearlink.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Clergy-Project.xml b/src/chrome/content/rules/Clergy-Project.xml
index fc2aab40aa10..fcb68b8287c7 100644
--- a/src/chrome/content/rules/Clergy-Project.xml
+++ b/src/chrome/content/rules/Clergy-Project.xml
@@ -2,14 +2,14 @@
 	s3.amazonaws.com/cp_production/
 
 -->
-<ruleset name="Clergy Project" default_off="mismatch">
+<ruleset name="Clergy Project" default_off="mismatched">
 
 	<!--	Cert: *.heroku.com	-->
 	<target host="clergyproject.org" />
 	<target host="www.clergyproject.org" />
 
 
-	<rule from="^https?://(?:www\.)?clergyproject\.org/"
+	<rule from="^http://(?:www\.)?clergyproject\.org/"
 		to="https://clergyproject.org/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/ClevelandClinic.org.xml b/src/chrome/content/rules/ClevelandClinic.org.xml
new file mode 100644
index 000000000000..b5491a141c60
--- /dev/null
+++ b/src/chrome/content/rules/ClevelandClinic.org.xml
@@ -0,0 +1,35 @@
+<!--
+
+	Without https:
+		ccjm.org
+		www.ccjm.org
+		simcenter.clevelandclinic.org
+		health.clevelandclinic.org
+
+	Mismatching certificate:
+		https://giving.clevelandclinic.org/
+-->
+<ruleset name="ClevelandClinic (partial)">
+
+	<target host=        "clevelandclinic.org" />
+	<target host=    "www.clevelandclinic.org" />
+	<target host="portals.clevelandclinic.org" />
+	<target host=       "eclevelandclinic.org" />
+	<target host=   "www.eclevelandclinic.org" />
+	<target host=     "cclcm.ccf.org" />
+	<target host=    "lerner.ccf.org" />
+	<target host="www.lerner.ccf.org" />
+	<target host=    "clevelandclinicmeded.com" />
+	<target host="www.clevelandclinicmeded.com" />
+
+	<securecookie host="^.*\.clevelandclinic\.org$" name=".+" />
+
+	<rule from="^http://www\.clevelandclinic\.org/"
+		to="https://my.clevelandclinic.org/" />
+	<rule from="^http://lerner\.ccf\.org/"
+		to="https://www.lerner.ccf.org/" />
+	<rule from="^http://clevelandclinicmeded\.com/"
+		to="https://www.clevelandclinicmeded.com/" />
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ClevelandPolice.xml b/src/chrome/content/rules/ClevelandPolice.xml
new file mode 100644
index 000000000000..cbda29c6f6f4
--- /dev/null
+++ b/src/chrome/content/rules/ClevelandPolice.xml
@@ -0,0 +1,6 @@
+<ruleset name="Cleveland Police">
+	<target host="cleveland.police.uk" />
+	<target host="www.cleveland.police.uk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Clever.com.xml b/src/chrome/content/rules/Clever.com.xml
new file mode 100644
index 000000000000..b4e3ad4f87f7
--- /dev/null
+++ b/src/chrome/content/rules/Clever.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Fully covered subdomains:
+
+		- (www.)
+		- account
+		- api
+		- status
+		- support
+
+-->
+<ruleset name="Clever.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="clever.com" />
+	<target host="account.clever.com" />
+	<target host="api.clever.com" />
+	<target host="status.clever.com" />
+	<target host="support.clever.com" />
+	<target host="www.clever.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CleverPush.com.xml b/src/chrome/content/rules/CleverPush.com.xml
new file mode 100644
index 000000000000..8aecbdeb83e4
--- /dev/null
+++ b/src/chrome/content/rules/CleverPush.com.xml
@@ -0,0 +1,20 @@
+<!--
+	This domain contains a wildcard DNS record.
+-->
+<ruleset name="CleverPush.com">
+
+	<target host="cleverpush.com" />
+	<target host="*.cleverpush.com" />
+		<!-- All subdomains and especially the customers subdomains have valid SSL certificates. -->
+		<test url="http://www.cleverpush.com/" />
+		<test url="http://abendblatt.cleverpush.com/" />
+		<test url="http://api.cleverpush.com/" />
+		<test url="http://demo.cleverpush.com/" />
+		<test url="http://developers.cleverpush.com/" />
+		<test url="http://static.cleverpush.com/" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cleverbridge.xml b/src/chrome/content/rules/Cleverbridge.xml
index 6947a056b87d..7c6a8bdee9b4 100644
--- a/src/chrome/content/rules/Cleverbridge.xml
+++ b/src/chrome/content/rules/Cleverbridge.xml
@@ -1,20 +1,66 @@
-<ruleset name="cleverbridge (partial)">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://message.cleverbridge.com/ => https://message.cleverbridge.com/: (7, 'Failed to connect to message.cleverbridge.com port 443: Connection refused')
+
+	Nonfunctional hosts in *cleverbridge.com:
+
+		- lp-content *
+
+	* 404
+
+
+	Problematic domains:
+
+		- go.cleverbridge.com *
+		- images.go.cleverbridge.com *
+
+	* Mismatched
+
+-->
+<ruleset name="cleverbridge (partial)" default_off="failed ruleset test">
 
 	<target host="cleverbridge.com"/>
 	<target host="*.cleverbridge.com"/>
 	<target host="cleverbridge.org"/>
-	<target host="*.cleverbridge.org"/>
-		<exclusion pattern="^http://(events|saas)\."/>
-		<!--
-			Breaks MajorGeeks mailing list signup.
+	<target host="www.cleverbridge.org" />
+
+		<exclusion pattern="^http://(?:go|lp-content)\.cleverbridge\.com/" />
+
+			<!--	+ve:
+					-->
+			<test url="http://go.cleverbridge.com/" />
+			<test url="http://lp-content.cleverbridge.com/boston/cb-white.svg" />
+
+		<!--	Breaks MajorGeeks mailing list signup.
 
 			https://mail1.eff.org/pipermail/https-everywhere-rules/2012-September/001291.html
 							-->
 		<exclusion pattern="^http://message\.cleverbridge\.com/bin/icon_generator\?key=captcha-key$" />
 
-	<securecookie host="^(.*\.)cleverbridge\.com$" name=".*"/>
+			<!--	+ve:
+					-->
+			<test url="http://message.cleverbridge.com/bin/icon_generator?key=captcha-key" />
+
+		<test url="http://events.cleverbridge.com/" />
+		<test url="http://message.cleverbridge.com/" />
+		<test url="http://static.cleverbridge.com/" />
+		<test url="http://support.cleverbridge.com/" />
+		<test url="http://www.cleverbridge.com/" />
+
+		<!--	Clients:
+				-->
+		<test url="http://farstone.cleverbridge.com/" />
+		<test url="http://laplink.cleverbridge.com/" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?cleverbridge\.org/"
+		to="https://www.cleverbridge.com/" />
 
-	<rule from="^http://(\w+)\.cleverbridge\.(?:com|org)/"
-		to="https://$1.cleverbridge.com/"/>
+	<rule from="^http://(\w+\.)?cleverbridge\.com/"
+		to="https://$1cleverbridge.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Click-Sec.com.xml b/src/chrome/content/rules/Click-Sec.com.xml
new file mode 100644
index 000000000000..64126ac0f82c
--- /dev/null
+++ b/src/chrome/content/rules/Click-Sec.com.xml
@@ -0,0 +1,38 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://click-sec.com/ => https://click-sec.com/: (6, 'Could not resolve host: click-sec.com')
+
+	For other GMO coverage, see GMO_Internet.xml.
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .click-sec.com
+		- support.click-sec.com
+		- www.click-sec.com
+
+-->
+<ruleset name="Click-Sec.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="click-sec.com" />
+	<target host="sec-sso.click-sec.com" />
+	<target host="support.click-sec.com" />
+	<target host="www.click-sec.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.click-sec\.com$" name="^(cid|entryAid|entrySearch|lid|mid|ppno)$" /-->
+	<!--securecookie host="^support\.click-sec\.com$" name="^cp_session$" /-->
+	<!--securecookie host="^www\.click-sec\.com$" name="^Click-sec$" /-->
+
+	<securecookie host="^(?:support|www)?\.click-sec\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Click4Assistance.co.uk.xml b/src/chrome/content/rules/Click4Assistance.co.uk.xml
new file mode 100644
index 000000000000..f855b9df98a0
--- /dev/null
+++ b/src/chrome/content/rules/Click4Assistance.co.uk.xml
@@ -0,0 +1,37 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- click4assistance.co.uk
+		- www.click4assistance.co.uk
+
+
+	Mixed content:
+
+		- Images on (www.)? www.click4assistance.co.uk *
+
+	* Secured by us
+
+-->
+<ruleset name="Click4Assistance.co.uk">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="click4assistance.co.uk" />
+	<target host="prod1si.click4assistance.co.uk" />
+	<target host="prod3si.click4assistance.co.uk" />
+	<target host="www.click4assistance.co.uk" />
+
+		<test url="http://prod3si.click4assistance.co.uk/Button/DynamBtn.aspx?AccGUID=" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?click4assistance\.co\.uk$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^(?:www\.)?click4assistance\.co\.uk$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Click4Wheels.cn.xml b/src/chrome/content/rules/Click4Wheels.cn.xml
new file mode 100644
index 000000000000..fe0ced30189a
--- /dev/null
+++ b/src/chrome/content/rules/Click4Wheels.cn.xml
@@ -0,0 +1,21 @@
+<!--
+	For other Europcar coverage, see Europcar.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(invalid certificate chain)
+
+-->
+<ruleset name="Click4Wheels.cn">
+
+	<target host="click4wheels.cn" />
+	<target host="www.click4wheels.cn" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://click4wheels\.cn/"
+		to="https://www.click4wheels.cn/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Click4Wheels.co.kr.xml b/src/chrome/content/rules/Click4Wheels.co.kr.xml
new file mode 100644
index 000000000000..4e531226ebe0
--- /dev/null
+++ b/src/chrome/content/rules/Click4Wheels.co.kr.xml
@@ -0,0 +1,21 @@
+<!--
+	For other Europcar coverage, see Europcar.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(invalid certificate chain)
+
+-->
+<ruleset name="Click4Wheels.co.kr">
+
+	<target host="click4wheels.co.kr" />
+	<target host="www.click4wheels.co.kr" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://click4wheels\.co\.kr/"
+		to="https://www.click4wheels.co.kr/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Click4Wheels.com.xml b/src/chrome/content/rules/Click4Wheels.com.xml
new file mode 100644
index 000000000000..01618c1d6e66
--- /dev/null
+++ b/src/chrome/content/rules/Click4Wheels.com.xml
@@ -0,0 +1,21 @@
+<!--
+	For other Europcar coverage, see Europcar.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(invalid certificate chain)
+
+-->
+<ruleset name="Click4Wheels.com">
+
+	<target host="click4wheels.com" />
+	<target host="www.click4wheels.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://click4wheels\.com/"
+		to="https://www.click4wheels.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Click4Wheels.jp.xml b/src/chrome/content/rules/Click4Wheels.jp.xml
new file mode 100644
index 000000000000..65ccc0ba3835
--- /dev/null
+++ b/src/chrome/content/rules/Click4Wheels.jp.xml
@@ -0,0 +1,21 @@
+<!--
+	For other Europcar coverage, see Europcar.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(invalid certificate chain)
+
+-->
+<ruleset name="Click4Wheels.jp">
+
+	<target host="click4wheels.jp" />
+	<target host="www.click4wheels.jp" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://click4wheels\.jp/"
+		to="https://www.click4wheels.jp/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ClickBank.xml b/src/chrome/content/rules/ClickBank.xml
index 3a0b5a1fe33a..5e1c2ad955af 100644
--- a/src/chrome/content/rules/ClickBank.xml
+++ b/src/chrome/content/rules/ClickBank.xml
@@ -1,18 +1,71 @@
-<ruleset name="ClickBank (partial)">
+<!--
+	Problematic domains:
 
-	<target host="clickbank.com"/>
-	<target host="*.clickbank.com"/>
-	<target host="clickbank.net"/>
-	<target host="*.clickbank.net"/>
+		- (www.)clickbank.net *
 
-	<rule from="^http://(?:www\.)?clickbank\.(?:com|net)/"
-		to="https://www.clickbank.com/"/>
+	* Refused
 
-	<rule from="^http://ssl\.clickbank\.net/"
-		to="https://ssl.clickbank.net/"/>
 
-	<securecookie host="^(www)?\.clickbank\.com$" name=".*"/>
-	<securecookie host="^(ssl)?\.clickbank\.net$" name=".*"/>
+	Fully covered domains:
 
-</ruleset>
+		- (www.)clickbank.net	(→ www.clickbank.com)
+		- ssl.clickbank.net
+
+		- clickbank.com subdomains:
+
+			- (www.)
+			- accounts
+			- support
+
+
+	Mixed content:
+
+		- css on www.clickbank.com from $self ¹
+
+		- Images on www.clickbank.com from $self ²
+
+	¹ Secured by us, minimal effect
+	² Secured by us
+
+
+	These altnames don't exist:
+
+		- www.ssl.clickbank.net
 
+-->
+<ruleset name="ClickBank">
+
+	<target host="clickbank.com" />
+	<target host="*.clickbank.com" />
+	<target host="clickbank.net" />
+	<target host="*.clickbank.net" />
+
+
+	<!--	Secured by server:
+					-->
+	<!--securecookie host="^accounts\.clickbank\.com$" name="^JSESSIONID$" /-->
+	<!--securecookie host="^support\.clickbank\.com$" name="^(_zendesk_session|_zendesk_shared_session)$" /-->
+	<!--
+		Not secured by server:
+					-->
+	<!--securecookie host="^\.accounts\.clickbank\.com$" name="^locale$" /-->
+
+	<securecookie host="^(?:\.accounts|www)?\.clickbank\.com$" name=".+" />
+	<securecookie host="^(?:ssl)?\.clickbank\.net$" name=".+" />
+
+
+	<rule from="^http://((?:accounts|support|www)\.)?clickbank\.com/"
+		to="https://$1clickbank.com/" />
+
+	<!--	Redirect behavior differs between !www and www:
+								-->
+	<rule from="^http://www\.clickbank\.net/+\??$"
+		to="https://www.clickbank.com/" />
+
+	<rule from="^http://(?:www\.)?clickbank\.net/.*"
+		to="https://www.clickbank.com/network_abuse.html" />
+
+	<rule from="^http://ssl\.clickbank\.net/"
+		to="https://ssl.clickbank.net/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ClickDimensions.xml b/src/chrome/content/rules/ClickDimensions.xml
new file mode 100644
index 000000000000..6538df61c656
--- /dev/null
+++ b/src/chrome/content/rules/ClickDimensions.xml
@@ -0,0 +1,52 @@
+<!--
+	For rules causing false/broken MCB, see clickdimensions.com-falsemixed.xml.
+
+
+	CDN buckets:
+
+		- az551914.vo.msecnd.net	← files-eu
+
+
+	Problematic hosts in *clickdimensions.com:
+
+		- (www.)? ˣ
+		- files-eu ᵐ
+
+	ᵐ msecnd.net / mismatched
+	ˣ Mixed css, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+
+	Mixed content:
+
+		- css, on:
+
+			- ^ from $self ˢ
+			- ^ from fonts.googleapis.com ˢ
+
+		- Images on ^ from $self ˢ
+		- Ad on ^ from www.googleadservices.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="ClickDimensions.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<!--target host="clickdimensions.com" /-->
+	<target host="analytics.clickdimensions.com" />
+	<!--target host="www.clickdimensions.com" /-->
+
+	<!--	Complications:
+				-->
+	<target host="files-eu.clickdimensions.com" />
+
+
+	<rule from="^http://files-eu\.clickdimensions\.com/"
+		to="https://az551914.vo.msecnd.net/" />
+
+		<test url="http://files-eu.clickdimensions.com/hscicgovuk-amnje/images/hscic.png" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ClickEquations.net.xml b/src/chrome/content/rules/ClickEquations.net.xml
index 89c86b83a2a9..9d69d75b348a 100644
--- a/src/chrome/content/rules/ClickEquations.net.xml
+++ b/src/chrome/content/rules/ClickEquations.net.xml
@@ -1,4 +1,10 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://clickequations.net/ => https://clickequations.net/: (28, 'Connection timed out after 20001 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://clickequations.net/ => https://clickequations.net/: (7, 'Failed to connect to clickequations.net port 80: No route to host')
 	Fully covered subdomains:
 
 		- (www.)
@@ -10,16 +16,17 @@
 	whichever domain it is loaded from.
 
 -->
-<ruleset name="ClickEquations.net">
+<ruleset name="ClickEquations.net" default_off="failed ruleset test">
 
 	<target host="clickequations.net" />
-	<target host="*.clickequations.net" />
+	<target host="beacon.clickequations.net" />
+	<target host="js.clickequations.net" />
+	<target host="www.clickequations.net" />
 
 
 	<securecookie host="^(?:w*\.)?clickequations\.net$" name=".+" />
 
 
-	<rule from="^http://((?:beacon|js|www)\.)?clickequations\.net/"
-		to="https://$1clickequations.net/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ClickFunnels.com.xml b/src/chrome/content/rules/ClickFunnels.com.xml
new file mode 100644
index 000000000000..bb39aaada933
--- /dev/null
+++ b/src/chrome/content/rules/ClickFunnels.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .clickfunnels.com
+
+-->
+<ruleset name="ClickFunnels.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="clickfunnels.com" />
+	<target host="assets3.clickfunnels.com" />
+	<target host="www.clickfunnels.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.clickfunnels\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ClickFuse.xml b/src/chrome/content/rules/ClickFuse.xml
index 3c26e252dffc..2a9dbe3447c6 100644
--- a/src/chrome/content/rules/ClickFuse.xml
+++ b/src/chrome/content/rules/ClickFuse.xml
@@ -1,10 +1,10 @@
-<ruleset name="ClickFuse">
+<ruleset name="ClickFuse.com">
 
+	<!--	Included on 3rd-party websites.	-->
 	<target host="srv.clickfuse.com" />
 
 
-	<!--	Included on 3rd-party websites.	-->
-	<rule from="^http://srv\.clickfuse\.com/"
-		to="https://srv.clickfuse.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/ClickMotive.xml b/src/chrome/content/rules/ClickMotive.xml
index 412452249130..d2820a65692b 100644
--- a/src/chrome/content/rules/ClickMotive.xml
+++ b/src/chrome/content/rules/ClickMotive.xml
@@ -1,23 +1,35 @@
+
 <!--
-	Nonfunctional subdomains:
+Disabled by https-everywhere-checker because:
+Fetch error: http://origin-assets.clickmotive.com/ => https://origin-assets.clickmotive.com/: (7, 'Failed to connect to origin-assets.clickmotive.com port 443: Connection refused')
+
+	(www.)?clickmotive.com: Refused
 
-		- (www.)	(no https)
 
+	Problematic hosts in *clickmotive.com:
 
-	Problematic subdomains:
+		- assets *
 
-		- assets	(akamai)
+	* Akamai
 
 -->
-<ruleset name="ClickMotive (partial)">
+<ruleset name="ClickMotive.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="fusiontools.clickmotive.com" />
+	<target host="origin-assets.clickmotive.com" />
+	<target host="secureassets.clickmotive.com" />
 
-	<target host="*.clickmotive.com" />
+	<!--	Complications:
+				-->
+	<target host="assets.clickmotive.com" />
 
 
-	<rule from="^http://(?:(origin-)|secure)?assets\.clickmotive\.com/"
-		to="https://$1assets.clickmotive.com/" />
+	<rule from="^http://assets\.clickmotive\.com/"
+		to="https://secureassets.clickmotive.com/" />
 
-	<rule from="^http://fusiontools\.clickmotive\.com/"
-		to="https://fusiontools.clickmotive.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ClickOn.xml b/src/chrome/content/rules/ClickOn.xml
index 6b27b66ff384..15e41bef0520 100644
--- a/src/chrome/content/rules/ClickOn.xml
+++ b/src/chrome/content/rules/ClickOn.xml
@@ -1,13 +1,16 @@
-<ruleset name="ClickOn">
+<ruleset name="ClickOn.com.ar">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="clickon.com.ar" />
-	<target host="*.clickon.com.ar" />
+	<target host="static.clickon.com.ar" />
+	<target host="www.clickon.com.ar" />
 
 
 	<securecookie host="^(?:www\.)?clickon\.com\.ar$" name=".+" />
 
 
-	<rule from="^http://(static\.|www\.)?clickon\.com\.ar/"
-		to="https://$1clickon.com.ar/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ClickPath.xml b/src/chrome/content/rules/ClickPath.xml
index 8a490a114706..60f56827185c 100644
--- a/src/chrome/content/rules/ClickPath.xml
+++ b/src/chrome/content/rules/ClickPath.xml
@@ -3,20 +3,24 @@
 
 		- clickpath.com *
 		- analytics.clickpath.com	(works; mismatched, CN: analyticssl.clickpathmedia.com)
+		- clients.clickpath.com	²
 		- www.clickpath.com **
 		- clickpathmedia.com *
 		- www.clickpathmedia.com **
 
 	* Shows webforms.reyrey.com; mismatched, CN: webforms.reyrey.com
+	² Mismatched, CN: analyticssl.clickpathmedia.com
 	** Shows eventsregistration.reyrey.com; CN: EventsRegistration
 
 -->
 <ruleset name="ClickPath (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="analyticssl.clickpathmedia.com" />
 
 
-	<rule from="^http://analyticssl\.clickpathmedia\.com/"
-		to="https://analyticssl.clickpathmedia.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ClickSSL.com.xml b/src/chrome/content/rules/ClickSSL.com.xml
new file mode 100644
index 000000000000..b128c4a299a5
--- /dev/null
+++ b/src/chrome/content/rules/ClickSSL.com.xml
@@ -0,0 +1,17 @@
+<ruleset name="ClickSSL.com">
+
+	<target host="clickssl.com" />
+	<target host="www.clickssl.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.clickssl\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^www\.clickssl\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ClickTale.xml b/src/chrome/content/rules/ClickTale.xml
index 5c15c50b7d7f..727bd64c3f1b 100644
--- a/src/chrome/content/rules/ClickTale.xml
+++ b/src/chrome/content/rules/ClickTale.xml
@@ -2,46 +2,53 @@
 	CDN buckets:
 
 		- clicktalecdn.sslcs.cdngc.net
-		- clicktale.pantherssl.com
-
 
 	Problematic domains:
 
 		- clicktale.com		(interrupted)
 		- cdn.clicktale.net	(403, mismatched, CN: ssl2.cdngc.net)
 		- s.clicktale.net	(403; mismatched, CN: ssl2.cdngc.net)
+    - www07.clicktale.net (unable to get local issuer certificate)
+
+  Connection Refused/Unresolved Hosts
+    - s.clicktale.net
+    - clicktale.pantherssl.com
 
 -->
 <ruleset name="ClickTale">
 
 	<target host="clicktale.com" />
-	<target host="*.clicktale.com" />
-	<target host="*.clicktale.net" />
-
+	<target host="www.clicktale.com" />
+	<target host="login.app.clicktale.com" />
+	<target host="subs.app.clicktale.com" />
+	<target host="blog.clicktale.com" />
+	<target host="cdn.clicktale.net" />
 
 	<securecookie host=".*\.clicktale\.(?:com|net)$" name=".+" />
 
-
 	<rule from="^http://(?:www\.)?clicktale\.com/"
 		to="https://www.clicktale.com/" />
 
-	<rule from="^http://((?:login|subs)\.app|blog)\.clicktale\.com/"
-		to="https://$1.clicktale.com/" />
-
 	<!--	- s:
 
 			- Tracking scripts included on 3rd-party websites
 			- Cert: ssl2.cdngc.net
 			- 403s
 		 	- Scripts 404 when rewritten to ^clicktale.net
-							-->
+
+       - Times out
 	<rule from="^http://s\.clicktale\.net/"
 		to="https://clicktale.pantherssl.com/" />
+  -->
 
-	<rule from="^http://cdn\.clicktale\.net/"
-		to="https://clicktalecdn.sslcs.cdngc.net/" />
 
-	<rule from="^http://www(07)?\.clicktale\.net/"
-		to="https://www$1.clicktale.net/" />
+	<!--
+    404:
+    <rule from="^http://cdn\.clicktale\.net/"
+
+    unresolved:
+		to="https://clicktalecdn.sslcs.cdngc.net/" />
+  -->
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/ClickVoyage.ru-mixedcontent.xml b/src/chrome/content/rules/ClickVoyage.ru-mixedcontent.xml
new file mode 100644
index 000000000000..8cb2c05a5407
--- /dev/null
+++ b/src/chrome/content/rules/ClickVoyage.ru-mixedcontent.xml
@@ -0,0 +1,18 @@
+<!--
+	For rules not causing valid MCB, see ClickVoyage.ru.xml.
+
+-->
+<ruleset name="ClickVoyage.ru (MCB)" platform="mixedcontent">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="booking.clickvoyage.ru" />
+
+
+	<securecookie host="^booking\.clickvoyage\.ru$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ClickVoyage.ru.xml b/src/chrome/content/rules/ClickVoyage.ru.xml
new file mode 100644
index 000000000000..72c9cee25f4a
--- /dev/null
+++ b/src/chrome/content/rules/ClickVoyage.ru.xml
@@ -0,0 +1,55 @@
+<!--
+	For rules causing valid MCB, see ClickVoyage.ru-mixedcontent.xml.
+
+
+	(www.)?clickvoyage.ru: Dropped
+
+
+	Problematic hosts in *clickvoyage.ru:
+
+		- booking *
+
+	* Mixed css
+
+
+	Insecure cookies are set for these hosts:
+
+		- b2b.clickvoyage.ru
+		- booking.clickvoyage.ru
+
+
+	Mixed content:
+
+		- css on booking from clickvoyage.ru ¹
+
+		- Images, on:
+
+			- booking from clickvoyage.ru ¹
+			- booking from b2b.clickvoyage.ru ²
+			- booking from www.clickvoyage.ru ¹
+
+	¹ Unsecurable <= dropped
+	² Secured by us
+
+-->
+<ruleset name="ClickVoyage.ru (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="b2b.clickvoyage.ru" />
+	<!--target host="booking.clickvoyage.ru" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^b2b\.clickvoyage\.ru$" name="^(?:PHPSESSID|tieneCOOKIES)$" /-->
+	<!--securecookie host="^booking\.clickvoyage\.ru$" name="^PHPSESSID$" /-->
+
+	<!--securecookie host="^(?:b2b|booking)\.clickvoyage\.ru$" name=".+" /-->
+	<securecookie host="^b2b\.clickvoyage\.ru$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Click_and_Pledge.com.xml b/src/chrome/content/rules/Click_and_Pledge.com.xml
index c84ba5b11961..7ad490380987 100644
--- a/src/chrome/content/rules/Click_and_Pledge.com.xml
+++ b/src/chrome/content/rules/Click_and_Pledge.com.xml
@@ -1,31 +1,48 @@
 <!--
-	Fully covered subdomains:
+	Nonfunctional hosts in *clickandpledge.com:
 
-		- (www.)
-		- co
-		- forums
-		- portal
+		- help *
 
+	* Desk.com
 
-	Observed cookie domains:
 
-		- ^
-		- co
-		- forums
-		- portal
-		- www
+	Problematic hosts in *clickandpledge.com:
+
+		- forums *
+
+	* Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- clickandpledge.com
+		- co.clickandpledge.com
+		- forums.clickandpledge.com
+		- portal.clickandpledge.com
+		- www.clickandpledge.com
 
 -->
-<ruleset name="Click and Pledge.com">
+<ruleset name="Click and Pledge.com (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="clickandpledge.com" />
-	<target host="*.clickandpledge.com" />
+	<target host="co.clickandpledge.com" />
+	<!--target host="forums.clickandpledge.com" /-->
+	<target host="portal.clickandpledge.com" />
+	<target host="www.clickandpledge.com" />
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^((co|portal|www)\.)?clickandpledge\.com$" name="^(ASP\.NET_SessionId|Coyote-2-[\da-f]{8})$" /-->
+	<!--securecookie host="^forums\.clickandpledge\.com$" name="^(?:AWSELB|vb\d+(?:lastactivity|lastvisit|sessionhash))$" /-->
+	<!--securecookie host="^portal\.clickandpledge\.com$" name="^(__AntiXsrfToken|__cnpportal)$" /-->
 
-	<securecookie host="^(?:.+\.)?clickandpledge\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://((?:co|forums|portal|www)\.)?clickandpledge\.com/"
-		to="https://$1clickandpledge.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Click_to_Tweet.com.xml b/src/chrome/content/rules/Click_to_Tweet.com.xml
new file mode 100644
index 000000000000..5fbc1ea8b1a5
--- /dev/null
+++ b/src/chrome/content/rules/Click_to_Tweet.com.xml
@@ -0,0 +1,31 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- clicktotweet.com
+
+
+	Mixed content:
+
+		- Images from pbs.twimg.com *
+		- Bugs from www.yceml.net *
+
+	* Secured by us
+
+-->
+<ruleset name="Click to Tweet.com">
+
+	<target host="clicktotweet.com" />
+	<target host="www.clicktotweet.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^clicktotweet\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^clicktotweet\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Clickdelivery.gr.xml b/src/chrome/content/rules/Clickdelivery.gr.xml
new file mode 100644
index 000000000000..d395bdd3e6d8
--- /dev/null
+++ b/src/chrome/content/rules/Clickdelivery.gr.xml
@@ -0,0 +1,20 @@
+<!--
+	This ruleset is experimental. If you experience problems please
+	open an issue at https://github.com/kargig/https-everywhere
+
+-->
+<ruleset name="Clickdelivery.gr">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="clickdelivery.gr" />
+	<target host="www.clickdelivery.gr" />
+
+
+	<securecookie host="^(?:www\.)?clickdelivery\.gr$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Clickdensity.xml b/src/chrome/content/rules/Clickdensity.xml
deleted file mode 100644
index 663e77444cf0..000000000000
--- a/src/chrome/content/rules/Clickdensity.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)	(prints "// NOVN")
-
--->
-<ruleset name="Clickdensity (partial)">
-
-	<target host="j.clickdensity.com" />
-
-
-	<rule from="^http://j\.clickdensity\.com/"
-		to="https://j.clickdensity.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Clickerheroes.com.xml b/src/chrome/content/rules/Clickerheroes.com.xml
new file mode 100644
index 000000000000..b80d9c900904
--- /dev/null
+++ b/src/chrome/content/rules/Clickerheroes.com.xml
@@ -0,0 +1,16 @@
+<!--
+     Problematic domains:
+
+        - ^ ¹
+
+    ¹: Refused
+-->
+<ruleset name="Clickerheroes.com">
+
+    <target host="clickerheroes.com" />
+    <target host="www.clickerheroes.com" />
+
+    <rule from="^http://(?:www\.)?clickerheroes\.com/"
+            to="https://www.clickerheroes.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Clickfun_Casino.xml b/src/chrome/content/rules/Clickfun_Casino.xml
index 55c456213824..aa52c8f179b0 100644
--- a/src/chrome/content/rules/Clickfun_Casino.xml
+++ b/src/chrome/content/rules/Clickfun_Casino.xml
@@ -1,15 +1,22 @@
-<ruleset name="Clickfun Casino">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://clickfuncasino.com/ => https://clickfuncasino.com/: (51, "SSL: no alternative certificate subject name matches target host name 'clickfuncasino.com'")
+
+-->
+<ruleset name="Clickfun Casino" default_off="failed ruleset test">
 
 	<target host="clickfun.com" />
-	<target host="*.clickfun.com" />
 	<target host="clickfuncasino.com" />
-	<target host="*.clickfuncasino.com" />
+	<target host="cdn77.clickfun.com" />
+	<target host="cdn77.clickfuncasino.com" />
+	<target host="www.clickfun.com" />
+	<target host="www.clickfuncasino.com" />
 
 
-	<securecookie host="^(?:.*\.)?clickfun(?:casino)?\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(cdn77\.|www\.)?clickfun(casino)?\.com/"
-		to="https://$1clickfun$2.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Clicklivechat.com.xml b/src/chrome/content/rules/Clicklivechat.com.xml
index 4e9d227be2dc..4a47e5d60f6f 100644
--- a/src/chrome/content/rules/Clicklivechat.com.xml
+++ b/src/chrome/content/rules/Clicklivechat.com.xml
@@ -1,13 +1,15 @@
 <ruleset name="Clicklivechat.com">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="clicklivechat.com" />
-	<target host="*.clicklivechat.com" />
+	<target host="www.clicklivechat.com" />
 
 
 	<securecookie host="^\.clicklivechat\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?clicklivechat\.com/"
-		to="https://$1clicklivechat.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Clickmatic.pl.xml b/src/chrome/content/rules/Clickmatic.pl.xml
new file mode 100644
index 000000000000..73defb25445f
--- /dev/null
+++ b/src/chrome/content/rules/Clickmatic.pl.xml
@@ -0,0 +1,23 @@
+<!--
+	Cert mismatch:
+		- ada.clickmatic.pl
+		- beta.clickmatic.pl
+		- panel.clickmatic.pl
+		- poczta.clickmatic.pl
+
+	Login required:
+		- dmp.clickmatic.pl
+-->
+<ruleset name="Clickmatic.pl (partial)" >
+
+	<target host="clickmatic.pl" />
+	<target host="www.clickmatic.pl" />
+
+	<target host="cdn.clickmatic.pl" />
+			<test url="http://cdn.clickmatic.pl/api/005/init.pp.js" />
+	<target host="i.clickmatic.pl" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Clicks.lv.xml b/src/chrome/content/rules/Clicks.lv.xml
index 3ab56ca3fdea..f6c7fbea1471 100644
--- a/src/chrome/content/rules/Clicks.lv.xml
+++ b/src/chrome/content/rules/Clicks.lv.xml
@@ -1,15 +1,13 @@
 <!--
-	Nonfunctional subdomains:
-
-		- (www.)	(shows apps)
+	(www.)?clicks.lv: Shows apps.clicks.lv
 
 -->
-<ruleset name="clicks.lv (partial)">
+<ruleset name="clicks.lv (partial)" default_off="expired">
 
 	<target host="apps.clicks.lv" />
 
 
-	<rule from="^http://apps\.clicks\.lv/"
-		to="https://apps.clicks.lv/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Clicksor.com.xml b/src/chrome/content/rules/Clicksor.com.xml
deleted file mode 100644
index e985f31dc271..000000000000
--- a/src/chrome/content/rules/Clicksor.com.xml
+++ /dev/null
@@ -1,40 +0,0 @@
-<!--
-	Nonfunctional domains:
-
-		- (www.)clicksor.com	(404; expired 2012-10-06, CN: new-host)
-
-
-	Problemtic domains:
-
-		- pub.clicksor.net	(dropped)
-
-
-	Fully covered domains:
-
-		- clicksor.com subdomains:
-
-			- admin
-			- ads
-			- serw
-			- signup
-
-		- clicksor.net subdomains:
-
-			- pub	(→ ads.clicksor.com)
-
--->
-<ruleset name="Clicksor.com (partial)">
-
-	<target host="*.clicksor.com" />
-
-
-	<securecookie host="^\.clicksor\.com$" name=".+" />
-
-
-	<rule from="^http://(admin|ads|serw|signup)\.clicksor\.com/"
-		to="https://$1.clicksor.com/" />
-
-	<rule from="^http://pub\.clicksor\.net/"
-		to="https://ads.clicksor.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Clicktools.xml b/src/chrome/content/rules/Clicktools.xml
index 5994d952cf4f..f8b99c217e91 100644
--- a/src/chrome/content/rules/Clicktools.xml
+++ b/src/chrome/content/rules/Clicktools.xml
@@ -1,13 +1,31 @@
-<ruleset name="Clicktools">
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- app.clicktools.com
+		- survey.clicktools.com
+		- www.clicktools.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Clicktools.com">
 
 	<target host="clicktools.com" />
-	<target host="*.clicktools.com" />
+	<target host="app.clicktools.com" />
+	<target host="mktg.clicktools.com" />
+	<target host="survey.clicktools.com" />
+	<target host="web.clicktools.com" />
+	<target host="www.clicktools.com" />
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:app|survey|www)\.clicktools\.com$" name="^BIGipServer" /-->
 
-	<securecookie host="^(?:.+\.)?clicktools\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://((?:app|mktg|web|www)\.)?clicktools\.com/"
-		to="https://$1clicktools.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Clicky.com.xml b/src/chrome/content/rules/Clicky.com.xml
new file mode 100644
index 000000000000..99b57f7b58b5
--- /dev/null
+++ b/src/chrome/content/rules/Clicky.com.xml
@@ -0,0 +1,20 @@
+<!--
+	Other clicky rulesets:
+		- StaticStuff.net.xml
+		- GetClicky.com.xml
+
+	Wildcard DNS and certificate
+
+-->
+<ruleset name="Clicky.com">
+
+	<target host="clicky.com" />
+	<target host="*.clicky.com" />
+		<test url="http://www.clicky.com/" />
+		<test url="http://api.clicky.com/" />
+		<test url="http://widgets.clicky.com/" />
+
+	<rule from="^http://([\w-]+\.)?clicky\.com/" 
+		  to="https://$1clicky.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Client.foldingathome.org.xml b/src/chrome/content/rules/Client.foldingathome.org.xml
new file mode 100644
index 000000000000..295b755a734e
--- /dev/null
+++ b/src/chrome/content/rules/Client.foldingathome.org.xml
@@ -0,0 +1,33 @@
+<!--
+	Timeout:
+		- db2
+
+	Mismatched:
+		- mail
+		- web
+
+	Self-signed:
+		- assign6
+
+	Redirects to HTTP:
+		- nacl
+-->
+<ruleset name="FoldingAtHome.org">
+	<target host="foldingathome.org" />
+	<target host="www.foldingathome.org" />
+	<target host="api.foldingathome.org" />
+	<target host="apps.foldingathome.org" />
+	<target host="assign1.foldingathome.org" />
+	<target host="assign2.foldingathome.org" />
+	<target host="assign3.foldingathome.org" />
+	<target host="assign4.foldingathome.org" />
+	<target host="assign5.foldingathome.org" />
+	<target host="client.foldingathome.org" />
+	<target host="console.foldingathome.org" />
+	<target host="cores.foldingathome.org" />
+	<target host="download.foldingathome.org" />
+	<target host="fah-web.foldingathome.org" />
+	<target host="stats.foldingathome.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Climate-Central.xml b/src/chrome/content/rules/Climate-Central.xml
index 62c26c8db47e..0fa18e96f20a 100644
--- a/src/chrome/content/rules/Climate-Central.xml
+++ b/src/chrome/content/rules/Climate-Central.xml
@@ -1,17 +1,12 @@
 <!--
 	climatecentral47041.thankyou4caring.org
-
 -->
-<ruleset name="Climate Central">
-
+<ruleset name="Climate Central" default_off="http redirect">
 	<target host="climatecentral.org" />
 	<target host="www.climatecentral.org" />
 
+	<securecookie host="^www\.climatecentral\.org$" name=".+" />
 
-	<securecookie host="^www\.climatecentral\.org$" name=".*" />
-
-
-	<rule from="^http://(www\.)?climatecentral\.org/"
-		to="https://$1climatecentral.org/" />
-
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Climate-Diplomacy.org.xml b/src/chrome/content/rules/Climate-Diplomacy.org.xml
new file mode 100644
index 000000000000..da57faccad8e
--- /dev/null
+++ b/src/chrome/content/rules/Climate-Diplomacy.org.xml
@@ -0,0 +1,17 @@
+<!--
+	For other ECC coverage, see ECC-Platform.org.xml.
+
+-->
+<ruleset name="Climate-Diplomacy.org">
+
+	<target host="climate-diplomacy.org" />
+	<target host="www.climate-diplomacy.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ClimateAction.tech.xml b/src/chrome/content/rules/ClimateAction.tech.xml
new file mode 100644
index 000000000000..7f7e5d6bd2c5
--- /dev/null
+++ b/src/chrome/content/rules/ClimateAction.tech.xml
@@ -0,0 +1,8 @@
+<ruleset name="ClimateAction.tech">
+
+	<target host="climateaction.tech" />
+	<target host="www.climateaction.tech" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ClimateFeedback.org.xml b/src/chrome/content/rules/ClimateFeedback.org.xml
new file mode 100644
index 000000000000..12781799dee5
--- /dev/null
+++ b/src/chrome/content/rules/ClimateFeedback.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="ClimateFeedback.org">
+	<target host="climatefeedback.org" />
+	<target host="www.climatefeedback.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ClinicalKey.com.xml b/src/chrome/content/rules/ClinicalKey.com.xml
new file mode 100644
index 000000000000..1f5d308a59df
--- /dev/null
+++ b/src/chrome/content/rules/ClinicalKey.com.xml
@@ -0,0 +1,30 @@
+<!--
+	For other Elsevier coverage, see Elsevier.xml.
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .clinicalkey.com
+		- www.clinicalkey.com
+
+-->
+<ruleset name="ClinicalKey.com">
+
+	<target host="clinicalkey.com" />
+	<target host="cdn.clinicalkey.com" />
+	<target host="www.clinicalkey.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.clinicalkey\.com$" name="^(?:dtCookie$|s_)" /-->
+	<!--securecookie host="^www\.clinicalkey\.com$" name="^X(?:-TLD|-USER-LANGUAGE|NDB)" /-->
+
+	<securecookie host="^\." name="^dtCookie$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Clinkle.com.xml b/src/chrome/content/rules/Clinkle.com.xml
index 93d243102a23..719053847ddd 100644
--- a/src/chrome/content/rules/Clinkle.com.xml
+++ b/src/chrome/content/rules/Clinkle.com.xml
@@ -1,10 +1,16 @@
-<ruleset name="Clinkle.com">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://clinkle.com/ => https://clinkle.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.clinkle.com/ => https://www.clinkle.com/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="Clinkle.com" default_off="failed ruleset test">
 
 	<target host="clinkle.com" />
 	<target host="www.clinkle.com" />
 
 
-	<rule from="^http://(www\.)?clinkle\.com/"
-		to="https://$1clinkle.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ClipPod.com.xml b/src/chrome/content/rules/ClipPod.com.xml
new file mode 100644
index 000000000000..43f8098d6436
--- /dev/null
+++ b/src/chrome/content/rules/ClipPod.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- clippod.com
+
+-->
+<ruleset name="ClipPod.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="clippod.com" />
+	<target host="www.clippod.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^clippod\.com$" name="^clippod$" /-->
+
+	<securecookie host="^clippod\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Clipperz.is.xml b/src/chrome/content/rules/Clipperz.is.xml
new file mode 100644
index 000000000000..dcd5493d8903
--- /dev/null
+++ b/src/chrome/content/rules/Clipperz.is.xml
@@ -0,0 +1,9 @@
+<ruleset name="Clipperz.is">
+
+	<target host="clipperz.is" />
+	<target host="www.clipperz.is" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Clkads.com.xml b/src/chrome/content/rules/Clkads.com.xml
index f2d4ae39c079..0d3125e7f6e2 100644
--- a/src/chrome/content/rules/Clkads.com.xml
+++ b/src/chrome/content/rules/Clkads.com.xml
@@ -1,8 +1,4 @@
-<!--
-	Cert only matches ^clkads.com
-
--->
-<ruleset name="clkads.com">
+<ruleset name="Clkads.com">
 
 	<target host="clkads.com" />
 	<target host="www.clkads.com" />
@@ -12,7 +8,7 @@
 	<target host="www.clkrev.com" />
 
 
-	<rule from="^http://(?:www\.)?clk(?:ads|mon|rev)\.com/"
-		to="https://clkads.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Clockworkmod.com.xml b/src/chrome/content/rules/Clockworkmod.com.xml
index d93804840a44..3824514b7953 100644
--- a/src/chrome/content/rules/Clockworkmod.com.xml
+++ b/src/chrome/content/rules/Clockworkmod.com.xml
@@ -1,6 +1,30 @@
-<ruleset name="Clockworkmod.com">
-<target host="www.clockworkmod.com"/>
+<!--
+	Nonfunctional hosts in *clockworkmod.com:
+
+		- download *
+
+	* 503
+
+
+	Insecure cookies are set for these hosts:
+
+		- developer.clockworkmod.com
+
+-->
+<ruleset name="ClockworkMod.com (partial)">
 <target host="clockworkmod.com"/>
-<rule from="^http://(www\.)?clockworkmod\.com/" to="https://www.clockworkmod.com/"/>
+	<target host="developer.clockworkmod.com" />
+<target host="www.clockworkmod.com"/>
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^developer\.clockworkmod\.com$" name="^(?:email|email\.sig|id|id\.sig)$" /-->
+
+	<securecookie host="^developer\.clockworkmod\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
- 
+
diff --git a/src/chrome/content/rules/Closerware.xml b/src/chrome/content/rules/Closerware.xml
index bc109f3d5b71..ae9e2d7eeef9 100644
--- a/src/chrome/content/rules/Closerware.xml
+++ b/src/chrome/content/rules/Closerware.xml
@@ -6,15 +6,20 @@
 
 	Nonfunctional domains:
 
-		- (www.)closerware.com	(404, valid cert)
+	(www.)?closerware.com: Shows admin.closerware.net
+
+
+	These altnames don't exist:
+
+		- www.admin.closerware.net
 
 -->
-<ruleset name="Closerware (partial)">
+<ruleset name="Closerware.net (partial)">
 
 	<target host="admin.closerware.net" />
 
 
-	<rule from="^http://admin\.closerware\.net/"
-		to="https://admin.closerware.net/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Clothing_at_Tesco.com.xml b/src/chrome/content/rules/Clothing_at_Tesco.com.xml
index 795030110228..58a27e52a30f 100644
--- a/src/chrome/content/rules/Clothing_at_Tesco.com.xml
+++ b/src/chrome/content/rules/Clothing_at_Tesco.com.xml
@@ -1,21 +1,43 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://clothingattesco.com/ => https://clothingattesco.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.clothingattesco.com/ => https://www.clothingattesco.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
 	For other Tesco coverage, see Tesco.xml.
 
 
-	Cert only matches www.
+	Insecure cookies are set for these domains:
+
+		- .clothingattesco.com
+		- .www.clothingattesco.com
+
+
+	Mixed content:
+
+		- Bug from i1.adis.ws *
+
+	* Secured by us
 
 -->
-<ruleset name="Clothing at Tesco.com">
+<ruleset name="Clothing at Tesco.com" default_off="failed ruleset test">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="clothingattesco.com" />
-	<target host="*.clothingattesco.com" />
+	<target host="www.clothingattesco.com" />
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.clothingattesco\.com$" name="^SID$" /-->
+	<!--securecookie host="^\.www\.clothingattesco\.com$" name="^(?:SID|device)$" /-->
 
 	<securecookie host="^[w.]*\.clothingattesco\.com$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?clothingattesco\.com/"
-		to="https://www.clothingattesco.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 
 </ruleset>
diff --git a/src/chrome/content/rules/ClouToday.nl.xml b/src/chrome/content/rules/ClouToday.nl.xml
new file mode 100644
index 000000000000..e20a12dc0e3b
--- /dev/null
+++ b/src/chrome/content/rules/ClouToday.nl.xml
@@ -0,0 +1,36 @@
+<!--
+	^cloutoday.nl: Mismatched
+
+
+	Mixed content:
+
+		- Images, from :
+
+			- moa04.artoo.nl ᵘ
+			- pbs.twimg.com ˢ
+
+	ˢ Secured by us
+	ᵘ Unsecurable <= redirects to a host that does not exist
+
+-->
+<ruleset name="ClouToday.nl">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.cloutoday.nl" />
+
+	<!--	Complications:
+				-->
+	<target host="cloutoday.nl" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://cloutoday\.nl/"
+		to="https://www.cloutoday.nl/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cloud-Access.net.xml b/src/chrome/content/rules/Cloud-Access.net.xml
index 09386d93f4cb..7509704fd580 100644
--- a/src/chrome/content/rules/Cloud-Access.net.xml
+++ b/src/chrome/content/rules/Cloud-Access.net.xml
@@ -2,26 +2,36 @@
 	clientarea-cloudaccess.netdna-ssl.com
 
 
-	Nonfunctional subdomains:
+	Nonfunctional hosts in *cloudaccess.net:
 
-		- learning	(cert: demo6.cloudaccess.net, self-signed;
-				shows that domain's data)
+		- learning *
+
+	* Shows another domain
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.cloudaccess.net
 
 -->
-<ruleset name="Cloud Access.net (partial)">
+<ruleset name="CloudAccess.net (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="cloudaccess.net" />
-	<target host="*.cloudaccess.net" />
+	<target host="billing.cloudaccess.net" />
+	<target host="ccp.cloudaccess.net" />
+	<target host="www.cloudaccess.net" />
 
 
-	<securecookie host="^.*\.cloudaccess\.net$" name=".*" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.cloudaccess\.net$" name="^[\da-f]{32}$" /-->
 
+	<securecookie host=".+" name=".+" />
 
-	<!--	Cert only matches www.	-->
-	<rule from="^https?://(?:www\.)?cloudaccess\.net/"
-		to="https://www.cloudaccess.net/" />
 
-	<rule from="^http://billing\.cloudaccess\.net/"
-		to="https://billing.cloudaccess.net/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Cloud-Privacy.xml b/src/chrome/content/rules/Cloud-Privacy.xml
deleted file mode 100644
index 42095607e2b7..000000000000
--- a/src/chrome/content/rules/Cloud-Privacy.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)
--->
-<ruleset name="Cloud Privacy (partial)">
-
-	<target host="files.cloudprivacy.net" />
-
-
-	<rule from="^https?://files\.cloudprivacy\.net/"
-		to="https://s3.amazonaws.com/files.cloudprivacy.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Cloud9.xml b/src/chrome/content/rules/Cloud9.xml
new file mode 100644
index 000000000000..60bbb7b38fda
--- /dev/null
+++ b/src/chrome/content/rules/Cloud9.xml
@@ -0,0 +1,35 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cdn.c9.io/ => https://cdn.c9.io/: Too many redirects while fetching 'https://cdn.c9.io/'
+
+	Cloud9
+
+
+	Insecure cookies are set for these hosts:
+
+		- docs.c9.io
+
+-->
+<ruleset name="C9.io" default_off="failed ruleset test">
+  <target host="c9.io" />
+	<target host="docs.c9.io" />
+	<target host="www.c9.io" />
+	<target host="get.c9.io" />
+	<target host="community.c9.io" />
+	<target host="ace.c9.io" />
+	<target host="status.c9.io" />
+	<target host="apidoc.c9.io" />
+	<target host="ide.c9.io" />
+	<target host="preview.c9users.io" />
+	<target host="cdn.c9.io" />
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^docs\.c9\.io$" name="^(?:XSRF-TOKEN|connect\.sid)$" /-->
+
+	<securecookie host="^(?:\.|docs\.)?c9\.io$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CloudAfrica.net.xml b/src/chrome/content/rules/CloudAfrica.net.xml
new file mode 100644
index 000000000000..030be69236b3
--- /dev/null
+++ b/src/chrome/content/rules/CloudAfrica.net.xml
@@ -0,0 +1,19 @@
+<ruleset name="CloudAfrica.net">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="cloudafrica.net" />
+	<target host="www.cloudafrica.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?cloudafrica\.net$" name="^(CA_FLASH|CA_SESSION)$" /-->
+
+	<securecookie host="^(?:www\.)?cloudafrica\.net$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CloudAtCost.com.xml b/src/chrome/content/rules/CloudAtCost.com.xml
new file mode 100644
index 000000000000..5d8575bdfa11
--- /dev/null
+++ b/src/chrome/content/rules/CloudAtCost.com.xml
@@ -0,0 +1,23 @@
+<!--
+        Functional domains:
+            members.cloudatcost.com
+            panel.cloudatcost.com
+        Nonfunctional domains:
+            cloudatcost.com
+            www.cloudatcost.com
+            forum.cloudatcost.com
+-->
+
+<ruleset name="cloudatcost.com">
+
+    <target host="panel.cloudatcost.com" />
+    <target host="members.cloudatcost.com" />
+
+    <exclusion pattern="^http://panel\.cloudatcost\.com:[0-9]+/" />
+
+        <test url="http://panel.cloudatcost.com:12345/" />
+        <test url="http://panel.cloudatcost.com:59848/console.html" />
+
+    <rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CloudControl.com.xml b/src/chrome/content/rules/CloudControl.com.xml
new file mode 100644
index 000000000000..80acd9fe890e
--- /dev/null
+++ b/src/chrome/content/rules/CloudControl.com.xml
@@ -0,0 +1,52 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://api.cloudcontrol.com/ => https://api.cloudcontrol.com/: (35, 'Unknown SSL protocol error in connection to api.cloudcontrol.com:443 ')
+Fetch error: http://www.cloudcontrol.com/ => https://www.cloudcontrol.com/: (35, 'Unknown SSL protocol error in connection to www.cloudcontrol.com:443 ')
+Fetch error: http://cloudcontrol.com/ => https://www.cloudcontrol.com/: (35, 'Unknown SSL protocol error in connection to www.cloudcontrol.com:443 ')
+
+	Nonfunctional subdomains:
+
+		- status *
+
+	* google pages
+
+
+	Problematic subdomains:
+
+		- ^ ¹
+		- stats ²
+
+	¹ Refused
+	² Works; mismatched, CN: *.cloudcontrolled.com
+
+
+	^: refused
+
+
+	Mixed content:
+
+		- css on api from yui.yahooapis.com *
+
+	* Secured by us, changes alignment slightly
+
+-->
+<ruleset name="cloudControl.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="api.cloudcontrol.com" />
+	<target host="www.cloudcontrol.com" />
+
+	<!--	Complications:
+				-->
+	<target host="cloudcontrol.com" />
+
+
+	<rule from="^http://cloudcontrol\.com/"
+		to="https://www.cloudcontrol.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CloudCracker.xml b/src/chrome/content/rules/CloudCracker.xml
index 6a94733fd1c3..1a72b5aa5a8d 100644
--- a/src/chrome/content/rules/CloudCracker.xml
+++ b/src/chrome/content/rules/CloudCracker.xml
@@ -1,12 +1,31 @@
-<ruleset name="CloudCracker">
 
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cloudcracker.com/ => https://cloudcracker.com/: (7, 'Failed to connect to cloudcracker.com port 443: Connection refused')
+Fetch error: http://www.cloudcracker.com/ => https://www.cloudcracker.com/: (7, 'Failed to connect to www.cloudcracker.com port 443: Connection refused')
+Fetch error: http://wpacracker.com/ => https://cloudcracker.com/: (7, 'Failed to connect to cloudcracker.com port 443: Connection refused')
+Fetch error: http://www.wpacracker.com/ => https://cloudcracker.com/: (7, 'Failed to connect to cloudcracker.com port 443: Connection refused')
+
+	(www.)?wpacracker.com: Expired
+
+-->
+<ruleset name="CloudCracker" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
 	<target host="cloudcracker.com" />
 	<target host="www.cloudcracker.com" />
+
+	<!--	Complications:
+				-->
 	<target host="wpacracker.com" />
 	<target host="www.wpacracker.com" />
 
 
-	<rule from="^http://(www\.)?(cloud|wpa)cracker\.com/"
-		to="https://$1$2cracker.com/" />
+	<rule from="^http://(?:www\.)?wpacracker\.com/"
+		to="https://cloudcracker.com/" />
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/CloudFlare.xml b/src/chrome/content/rules/CloudFlare.xml
deleted file mode 100644
index 7c6667765daf..000000000000
--- a/src/chrome/content/rules/CloudFlare.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	Other CloudFlare rulesets:
-
-		- Cdnjs.xml
-
-
-	Nonfunctional subdomains:
-
-		- appdev	(502)
-		- js
-
--->
-<ruleset name="CloudFlare">
-
-	<target host="cloudflare.com" />
-	<target host="*.cloudflare.com" />
-
-
-	<securecookie host="^(?:.*\.)?cloudflare\.com$" name=".+" />
-
-
-	<rule from="^http://((?:ajax|ar|blog|cdnjs|cdn-static|cfdnscheck|cn|de|developers|es|fr|hu|id|it|jp|nl|no|pl|pt|pt-br|ru|support|sv|tr|www|zh)\.)?cloudflare\.com/"
-		to="https://$1cloudflare.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/CloudForge-problematic.xml b/src/chrome/content/rules/CloudForge-problematic.xml
deleted file mode 100644
index 1ec2c07439e4..000000000000
--- a/src/chrome/content/rules/CloudForge-problematic.xml
+++ /dev/null
@@ -1,30 +0,0 @@
-<!--
-	For rules that are on by default, see CloudForge.xml.
-
--->
-<ruleset name="CloudForge (problematic)" default_off="mismatch">
-
-	<target host="cloudforge.com" />
-	<target host="www.cloudforge.com" />
-	<target host="codesion.com" />
-	<target host="*.codesion.com" />
-
-
-	<!--	- Cert: acquia-sites.com
-		- !www 301s to www
-					-->
-	<rule from="^https?://(?:www\.)?cloudforge\.com/"
-		to="https://www.cloudforge.com/" />
-
-	<!--	- Cert: acquia-sites.com
-		- Server redirects like so
-						-->
-	<rule from="^https?://(?:www\.)?codesion\.com/"
-		to="https://www.cloudforge.com/codesion/" />
-
-	<!--	Ditto.
-			-->
-	<rule from="^https?://info\.codesion\.com/"
-		to="https://www.cloudforge.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/CloudForge.xml b/src/chrome/content/rules/CloudForge.xml
index 1629cc97676d..baadbbc37cf3 100644
--- a/src/chrome/content/rules/CloudForge.xml
+++ b/src/chrome/content/rules/CloudForge.xml
@@ -1,7 +1,4 @@
 <!--
-	For problematic rules, see CloudForge-problematic.xml.
-
-
 	For other CollabNet coverage, see CollabNet.xml.
 
 
@@ -10,15 +7,20 @@
 		- status 	(times out; hosted on TypePad)
 
 -->
-<ruleset name="CloudForge (partial)">
+<ruleset name="CloudForge.com (partial)" default_off="expired">
 
-	<target host="*.cloudforge.com" />
+	<!--	Direct rewrites:
+				-->
+	<target host="cloudforge.com" />
+	<target host="app.cloudforge.com" />
+	<target host="help.cloudforge.com" />
+	<target host="www.cloudforge.com" />
 
 
 	<securecookie host="^(?:ap|hel)p\.cloudforge\.com$" name=".+" />
 
 
-	<rule from="^http://(ap|hel)p\.cloudforge\.com/"
-		to="https://$1p.cloudforge.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/CloudInsidr.com.xml b/src/chrome/content/rules/CloudInsidr.com.xml
new file mode 100644
index 000000000000..3c9b57698141
--- /dev/null
+++ b/src/chrome/content/rules/CloudInsidr.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="CloudInsidr.com">
+	<target host="cloudinsidr.com" />
+	<target host="www.cloudinsidr.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CloudLinux.com.xml b/src/chrome/content/rules/CloudLinux.com.xml
new file mode 100644
index 000000000000..15fb343c49c0
--- /dev/null
+++ b/src/chrome/content/rules/CloudLinux.com.xml
@@ -0,0 +1,59 @@
+<!--
+	For rules causing false/broken MCB, see CloudLinux.com-falsemixed.xml.
+
+
+	Nonfunctional hosts in *cloudlinux.com:
+
+		- trial *
+
+	* Refused
+
+
+	Problematic hosts in *cloudlinux.com:
+
+		- kb *
+
+	* Mixed css
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .cloudlinux.com
+		- cln.cloudlinux.com
+
+
+	Mixed content:
+
+		- css, on:
+
+			- kb from $self *
+			- kb from fonts.googleapis.com *
+
+		- Images kb from $self *
+
+-->
+<ruleset name="CloudLinux.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="cloudlinux.com" />
+	<target host="cln.cloudlinux.com" />
+	<target host="helpdesk.cloudlinux.com" />
+	<!--target host="kb.cloudlinux.com" /-->
+	<target host="www.cloudlinux.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.cloudlinux\.com$" name="^(?:__cfduid|BITRIX_SM_FORUM_GUEST|BITRIX_SM_GUEST_ID|BITRIX_SM_LAST_VISIT|PHPSESSID|cf_clearance)$" /-->
+	<!--securecookie host="^cln\.cloudlinux\.com$" name="^clweb_cart_cookie$" /-->
+
+	<!--securecookie host="^(?:cln)?\.cloudlinux\.com$" name=".+" /-->
+	<securecookie host="^\.cloudlinux\.com$" name="^(?:__cfduid|BITRIX_SM_LAST_VISIT|cf_clearance)$" />
+	<securecookie host="^cln\.cloudlinux\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CloudMagic.xml b/src/chrome/content/rules/CloudMagic.xml
new file mode 100644
index 000000000000..6797260cdba4
--- /dev/null
+++ b/src/chrome/content/rules/CloudMagic.xml
@@ -0,0 +1,20 @@
+<!--
+
+	Non-functional subdomain:
+		- blog
+		- help
+
+-->
+
+<ruleset name="CloudMagic">
+	<target host=       "cloudmagic.com" />
+	<target host=   "www.cloudmagic.com" />
+	<target host="static.cloudmagic.com" />
+	<target host=   "api.cloudmagic.com" />
+
+  	<securecookie host="^cloudmagic\.com$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CloudPiercer.org.xml b/src/chrome/content/rules/CloudPiercer.org.xml
new file mode 100644
index 000000000000..a91a668495a2
--- /dev/null
+++ b/src/chrome/content/rules/CloudPiercer.org.xml
@@ -0,0 +1,12 @@
+<ruleset name="CloudPiercer.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="cloudpiercer.org" />
+	<target host="www.cloudpiercer.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CloudSigma.xml b/src/chrome/content/rules/CloudSigma.xml
index 82903a388085..fd633881280d 100644
--- a/src/chrome/content/rules/CloudSigma.xml
+++ b/src/chrome/content/rules/CloudSigma.xml
@@ -1,14 +1,25 @@
-<ruleset name="CloudSigma">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cloudsigma.com/ => https://cloudsigma.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+-->
+<ruleset name="CloudSigma" default_off="failed ruleset test">
 
 	<target host="cloudsigma.com" />
+	<target host="autodetect.cloudsigma.com" />
 	<target host="www.cloudsigma.com" />
+	<target host="zrh.cloudsigma.com" />
 	<target host="gui.zrh.cloudsigma.com" />
+	<target host="status.cloudsigma.com" />
+
 
+	<securecookie host=".+" name=".+"/>
 
-	<securecookie host="^(?:.*\.)?cloudsigma\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.|gui\.zrh\.)?cloudsigma\.com/"
-		to="https://$1cloudsigma.com/" />
+	<rule from="^http://status\.cloudsigma\.com/"
+		to="https://cloudsigma.statuspage.io/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/CloudSleuth.xml b/src/chrome/content/rules/CloudSleuth.xml
index 462ccdc6611c..c1d3d901ea3a 100644
--- a/src/chrome/content/rules/CloudSleuth.xml
+++ b/src/chrome/content/rules/CloudSleuth.xml
@@ -1,13 +1,23 @@
-<ruleset name="CloudSleuth">
+<!--
+	For other Compuware coverage, see Compuware.xml.
 
+
+	(www.)?cloudsleuth.net: Expired
+
+-->
+<ruleset name="CloudSleuth.net">
+
+	<!--	Complications:
+				-->
 	<target host="cloudsleuth.net" />
 	<target host="www.cloudsleuth.net" />
 
 
-	<securecookie host="^www\.cloudsleuth\.net$" name=".+" />
-
+	<!--	Redirect drops path, args, and forward slash:
+								-->
+	<rule from="^http://(?:www\.)?cloudsleuth\.net/.*"
+		to="https://www.dynatrace.com/en/index.html" />
 
-	<rule from="^http://(www\.)?cloudsleuth\.net/"
-		to="https://$1cloudsleuth.net/" />
+		<test url="http://cloudsleuth.net//" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/CloudSponge.xml b/src/chrome/content/rules/CloudSponge.xml
index 0bb328d48153..e3ab1f3c921f 100644
--- a/src/chrome/content/rules/CloudSponge.xml
+++ b/src/chrome/content/rules/CloudSponge.xml
@@ -1,21 +1,23 @@
 <!--
-	- Cert only matches www
-	- At least some pages redirect to http
-
+	Mismatch:
+		- www
+		- try
+		- slack
+
+	Timeout:
+		- ^
+		- status
 -->
 <ruleset name="CloudSponge (partial)">
 
-	<target host="cloudsponge.com" />
-	<target host="*.cloudsponge.com" />
+	<target host="api.cloudsponge.com" />
+	<target host="app.cloudsponge.com" />
 
 
 	<securecookie host="^api\.cloudsponge\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?cloudsponge\.com/(image|javascript|stylesheet)s/"
-		to="https://www.cloudsponge.com/$1s/" />	
-
-	<rule from="^http://api\.cloudsponge\.com/"
-		to="https://api.cloudponge.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/CloudSwitch.xml b/src/chrome/content/rules/CloudSwitch.xml
index d64e4c41e21b..3dc4b643860f 100644
--- a/src/chrome/content/rules/CloudSwitch.xml
+++ b/src/chrome/content/rules/CloudSwitch.xml
@@ -1,11 +1,17 @@
-<!--	Bucket at d1jyhm1p20pq9z.cloudfront.net
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cloudswitch.com/ => https://cloudswitch.com/: (60, 'SSL certificate problem: certificate has expired')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://cloudswitch.com/ => https://cloudswitch.com/: (51, "SSL: no alternative certificate subject name matches target host name 'cloudswitch.com'")	Bucket at d1jyhm1p20pq9z.cloudfront.net
 -->
-<ruleset name="CloudSwitch">
+<ruleset name="CloudSwitch" default_off="failed ruleset test">
 
 	<target host="cloudswitch.com"/>
 	<target host="*.cloudswitch.com"/>
 
-	<securecookie host=".*cloudswitch\.com$" name=".*"/>
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http://(\w+\.)?cloudswitch\.com/"
 		to="https://$1cloudswitch.com/"/>
diff --git a/src/chrome/content/rules/CloudTrax.com.xml b/src/chrome/content/rules/CloudTrax.com.xml
new file mode 100644
index 000000000000..c827bb6f5e17
--- /dev/null
+++ b/src/chrome/content/rules/CloudTrax.com.xml
@@ -0,0 +1,20 @@
+<!--
+	Problematic subdomains:
+		- files
+	Request results in redirect loop.
+-->
+
+<ruleset name="CloudTrax.com">
+
+	<target host="cloudtrax.com" />
+	<target host="ct4.cloudtrax.com" />
+	<target host="dashboard.cloudtrax.com" />
+	<target host="dev.cloudtrax.com" />
+	<target host="help.cloudtrax.com" />
+	<target host="lobby.cloudtrax.com" />
+	<target host="use.cloudtrax.com" />
+	<target host="www.cloudtrax.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CloudWorks.nu.xml b/src/chrome/content/rules/CloudWorks.nu.xml
new file mode 100644
index 000000000000..129831956591
--- /dev/null
+++ b/src/chrome/content/rules/CloudWorks.nu.xml
@@ -0,0 +1,28 @@
+<!--
+	CN: *.hostingserver.nl
+
+
+	Mixed content:
+
+		- css on fonts.googleapis.com *
+
+		- Images from $self *
+
+		- Ads/bugs, from:
+
+			- www.gravatar.com *
+			- analytics.pubnxt.net *
+
+	* Secured by us
+
+-->
+<ruleset name="CloudWorks.nu" default_off="mismatched">
+
+	<target host="cloudworks.nu" />
+	<target host="www.cloudworks.nu" />
+
+
+	<rule from="^http://(?:www\.)?cloudworks\.nu/"
+		to="https://cloudworks.nu/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cloud_Foundry.org.xml b/src/chrome/content/rules/Cloud_Foundry.org.xml
new file mode 100644
index 000000000000..19d5363acd84
--- /dev/null
+++ b/src/chrome/content/rules/Cloud_Foundry.org.xml
@@ -0,0 +1,51 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://blog.cloudfoundry.org/wp-content/themes/custom-org14/images/icon_magnify.png => https://i0.wp.org/wp-content/themes/custom-org14/images/icon_magnify.png: (51, "SSL: no alternative certificate subject name matches target host name 'i0.wp.org'")
+
+	For other Pivotal coverage, see Pivotal.xml.
+
+
+	Nonfunctional subdomains:
+
+		- blog ¹
+
+	¹ WP Engine
+
+
+	Partially covered subdomains:
+
+		- blog		(→ i0.wp.com)
+
+-->
+<ruleset name="Cloud Foundry.org (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="cloudfoundry.org" />
+	<target host="cloud.cloudfoundry.org" />
+	<target host="www.cloudfoundry.org" />
+
+	<!--	Complications:
+				-->
+	<target host="blog.cloudfoundry.org" />
+
+		<exclusion pattern="^http://blog\.cloudfoundry\.org/+(?!wp-content/.+\.(?:jp|pn)g)" />
+
+			<test url="http://blog.cloudfoundry.org/2012/08/" />
+			<test url="http://blog.cloudfoundry.org/author/nbadiey/" />
+			<test url="http://blog.cloudfoundry.org/page/1/" />
+			<test url="http://blog.cloudfoundry.org/tag/nodejs/" />
+
+			<!--	-ve:
+					-->
+			<test url="http://blog.cloudfoundry.org/wp-content/themes/custom-org14/images/icon_magnify.png" />
+
+
+	<rule from="^http://blog\.cloudfoundry\.org/"
+		to="https://i0.wp.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cloud_Foundry.xml b/src/chrome/content/rules/Cloud_Foundry.xml
index ea3401743686..6bd29e3c094d 100644
--- a/src/chrome/content/rules/Cloud_Foundry.xml
+++ b/src/chrome/content/rules/Cloud_Foundry.xml
@@ -1,4 +1,10 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cloudfoundry.com/ => https://cloudfoundry.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://core.cloudfoundry.com/ => https://core.cloudfoundry.com/: (6, 'Could not resolve host: core.cloudfoundry.com')
+Fetch error: http://www.cloudfoundry.com/ => https://www.cloudfoundry.com/: (28, 'Connection timed out after 20001 milliseconds')
+
 	For other Pivotal coverage, see Pivotal.xml.
 
 
@@ -9,39 +15,57 @@
 			- docs
 
 		- i[012].wp.com/blog.cloudfoundry.com/
-	
+
 
 	Nonfunctional subdomains:
 
+		- blog ¹
 		- docs		(404; mismatched, CN: *.github.com)
 		- status	(times out)
 
+	¹ WP Engine
+
 
 	Problematic subdomains:
 
-		- blog		(wpengine)
+		- support ²
+
+	² Mismatched
 
 
 	Partially covered subdomains:
 
-		- blog		(→ i0.wp.com)
-		- support	(some pages redirect to http)
+		- blog		(→ blog.pivotal.io)
 
 -->
-<ruleset name="Cloud Foundry (partial)">
+<ruleset name="Cloud Foundry.com (partial)" default_off="failed ruleset test">
 
 	<target host="cloudfoundry.com" />
-	<target host="*.cloudfoundry.com" />
-		<exclusion pattern="^http://support\.cloudfoundry\.com/(?!generated/|system/)" />
+	<target host="core.cloudfoundry.com" />
+	<target host="www.cloudfoundry.com" />
+
+	<!--	Complications:
+				-->
+	<target host="blog.cloudfoundry.com" />
+
+		<exclusion pattern="^http://blog\.cloudfoundry\.com/(?!$)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://blog.cloudfoundry.com/author/nbadiey" />
+			<test url="http://blog.cloudfoundry.com/page/2/" />
 
 
 	<securecookie host="^core\.cloudfoundry\.com$" name=".+" />
 
 
-	<rule from="^http://blog\.cloudfoundry\.com/wp-content/(.+\.(?:jp|pn))g$"
-		to="https://i0.wp.com/blog.cloudfoundry.com/wp-content/$1g" />
+	<rule from="^http://blog\.cloudfoundry\.com/"
+		to="https://blog.pivotal.io/cloud-foundry-pivotal" />
+
+	<!--rule from="^http://support\.cloudfoundry\.com/$"
+		to="https://support.run.pivotal.io/" /-->
 
-	<rule from="^http://((?:core|support|www)\.)?cloudfoundry\.com/"
-		to="https://$1cloudfoundry.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Cloud_Proven.net.xml b/src/chrome/content/rules/Cloud_Proven.net.xml
new file mode 100644
index 000000000000..d10115b4e931
--- /dev/null
+++ b/src/chrome/content/rules/Cloud_Proven.net.xml
@@ -0,0 +1,26 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cloudproven.net/ => https://cloudproven.net/: Too many redirects while fetching 'https://cloudproven.net/'
+
+-->
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cloudproven.net/ => https://cloudproven.net/: Too many redirects while fetching 'https://cloudproven.net/'
+
+-->
+<ruleset name="Cloud Proven.net" default_off="failed ruleset test">
+
+	<target host="cloudproven.net" />
+	<target host="www.cloudproven.net" />
+
+
+	<!--	Server doesn't set Secure for:
+						-->
+	<securecookie host="^(?:www)?\.cloudproven\.net$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cloudera.com.xml b/src/chrome/content/rules/Cloudera.com.xml
new file mode 100644
index 000000000000..4cc9b6067e0c
--- /dev/null
+++ b/src/chrome/content/rules/Cloudera.com.xml
@@ -0,0 +1,24 @@
+<!--
+	Non-functional hosts
+		Timeout was reached:
+		- go.cloudera.com
+
+		SSL connect error:
+		- ccp.cloudera.com
+
+		SSL peer certificate was not OK:
+		- files.cloudera.com
+		- images.go.cloudera.com
+-->
+<ruleset name="Cloudera.com">
+	<target host="cloudera.com" />
+	<target host="blog.cloudera.com" />
+	<target host="community.cloudera.com" />
+	<target host="university.cloudera.com" />
+	<target host="vision.cloudera.com" />
+	<target host="www.cloudera.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Cloudflare-ipfs.com.xml b/src/chrome/content/rules/Cloudflare-ipfs.com.xml
new file mode 100644
index 000000000000..b90527b4c233
--- /dev/null
+++ b/src/chrome/content/rules/Cloudflare-ipfs.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="cloudflare-ipfs.com">
+	<target host="cloudflare-ipfs.com" />
+	<target host="www.cloudflare-ipfs.com" />
+
+	<rule from="^http:" to="https:" />
+
+	<test url="http://cloudflare-ipfs.com/ipfs/QmXnnyufdzAWL5CqZ2RnSNgPbvCc1ALT73s6epPrRnZ1Xy" />
+</ruleset>
diff --git a/src/chrome/content/rules/Cloudflare.com.xml b/src/chrome/content/rules/Cloudflare.com.xml
new file mode 100644
index 000000000000..dd3154994a91
--- /dev/null
+++ b/src/chrome/content/rules/Cloudflare.com.xml
@@ -0,0 +1,42 @@
+<!--
+	Other Cloudflare rulesets:
+		- 1.0.0.1.xml
+		- 1.1.1.1.xml
+		- CloudflareStatus.com.xml
+
+	CloudFlare sets insecure __cfduid and cf_clearance wildcard cookies for every client domain
+-->
+
+<ruleset name="Cloudflare.com">
+	<target host="cloudflare.com" />
+	<target host="ajax.cloudflare.com" />
+	<target host="ar.cloudflare.com" />
+	<target host="blog.cloudflare.com" />
+	<target host="cdnjs.cloudflare.com" />
+	<target host="cdn-static.cloudflare.com" />
+	<target host="cn.cloudflare.com" />
+	<target host="de.cloudflare.com" />
+	<target host="developers.cloudflare.com" />
+	<target host="es.cloudflare.com" />
+	<target host="fr.cloudflare.com" />
+	<target host="hu.cloudflare.com" />
+	<target host="id.cloudflare.com" />
+	<target host="it.cloudflare.com" />
+	<target host="jp.cloudflare.com" />
+	<target host="js.cloudflare.com" />
+	<target host="nl.cloudflare.com" />
+	<target host="no.cloudflare.com" />
+	<target host="pl.cloudflare.com" />
+	<target host="pt.cloudflare.com" />
+	<target host="pt-br.cloudflare.com" />
+	<target host="ru.cloudflare.com" />
+	<target host="support.cloudflare.com" />
+	<target host="sv.cloudflare.com" />
+	<target host="tr.cloudflare.com" />
+	<target host="www.cloudflare.com" />
+	<target host="zh.cloudflare.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CloudflareStatus.com.xml b/src/chrome/content/rules/CloudflareStatus.com.xml
new file mode 100644
index 000000000000..1fd5c067b82f
--- /dev/null
+++ b/src/chrome/content/rules/CloudflareStatus.com.xml
@@ -0,0 +1,17 @@
+<!--
+	Other Cloudflare rulesets:
+		- Cloudflare.com.xml
+
+	Timed out:
+		- cloudflarestatus.com, equivalent to www.cloudflarestatus.com
+-->
+
+<ruleset name="CloudflareStatus.com">
+	<target host="cloudflarestatus.com" />
+	<target host="www.cloudflarestatus.com" />
+
+	<rule from="^http://cloudflarestatus\.com/"
+		to="https://www.cloudflarestatus.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Cloudforce.com.xml b/src/chrome/content/rules/Cloudforce.com.xml
index ac81b3fb9d24..2f3a5bc5cbe4 100644
--- a/src/chrome/content/rules/Cloudforce.com.xml
+++ b/src/chrome/content/rules/Cloudforce.com.xml
@@ -8,7 +8,7 @@
 		<!--
 			.+ 404s, even ...com//$
 						-->
-		<exclusion pattern="^http://cloudforce\.com/$" />
+		<exclusion pattern="^http://cloudforce\.com/.+" />
 	<target host="*.cloudforce.com" />
 
 
diff --git a/src/chrome/content/rules/Cloudfront.xml b/src/chrome/content/rules/Cloudfront.xml
index 22f3cb35b29e..9886a8f80fd7 100644
--- a/src/chrome/content/rules/Cloudfront.xml
+++ b/src/chrome/content/rules/Cloudfront.xml
@@ -1,52 +1,80 @@
-<ruleset name="Cloudfront">
+<ruleset name="Cloudfront.net">
 
 	<target host="*.cloudfront.net" />
-	<target host="www.cloudfront.net" />
-
-
-	<rule from="^http://([^/:@\.]+)\.cloudfront\.net/" 
-		to="https://$1.cloudfront.net/" />
-
-
-	<!--	Fixes video on prosieben.de/tv/switch-reloaded/video/clip/1928955-volle-kanne-der-riesen-rammler-1.3349717/
-											-->
-	<exclusion pattern="^http://d14orf5kgffdwb\.cloudfront\.net/dynamic/date\.php" />
-	<!--
-		https://trac.torproject.org/projects/tor/ticket/6848
-									-->
-	<exclusion pattern="^http://d1b14unh5d6w7g\.cloudfront\.net" />
-
-	<!--	https://trac.torproject.org/projects/tor/ticket/7020
-									-->
-  	<exclusion pattern="^http://d1i6vahw24eb07\.cloudfront\.net" />
-	<!--
-		C-SPAN videos: https://trac.torproject.org/projects/tor/ticket/7567
-									-->
-	<exclusion pattern="^http://d1k4es7bw1lvxt\.cloudfront\.net" />
-	<!--
-		this unbreaks turntable.fm and probably many other things
-									-->
-	<exclusion pattern="^http://d1bw0qpdrmjlhz\.cloudfront\.net" />
-	<!--
-		This breaks padlet.com wall:
-
-			https://trac.torproject.org/projects/tor/ticket/9146
-									-->
-	<exclusion pattern="^http://d2s8n7nv9yizdf\.cloudfront\.net/assets/extras-\w{32}\.js" />
-	<!--
-		and this is a generalised precaution from turntable.fm
-									-->
-	<exclusion pattern="^http://(?:[^/:@\.]+)\.cloudfront\.net/crossdomain\.xml" />
-  <!-- 
-      Spotify https://trac.torproject.org/projects/tor/ticket/7888 
-                  -->
-  <exclusion pattern="^http://dsu0uct5x2puz\.cloudfront\.net" />
-  <!-- Droplr: https://trac.torproject.org/projects/tor/ticket/8572 -->
-  <exclusion pattern="^http://d1zjcuqflbd5k\.cloudfront\.net" />
-  <!-- TuneIn: https://trac.torproject.org/projects/tor/ticket/8704 -->
-  <exclusion pattern="^http://d3bwsr3zpy54hy\.cloudfront\.net" />
-  <!-- Amazon mp3: https://trac.torproject.org/projects/tor/ticket/9367 
-                   https://trac.torproject.org/projects/tor/ticket/9851 -->
-  <exclusion pattern="^http://d2q1srilgjznst\.cloudfront\.net" />
-  <exclusion pattern="^http://d28julafmv4ekl\.cloudfront\.net" />
+
+	<rule from="^http:" to="https:" />
+	<!-- from src/chrome/content/rules/Guild-Wars-2.xml  -->
+	<test url="http://d15glo5zfrmw71.cloudfront.net/" />
+	<test url="http://d1ej19d7kwigfi.cloudfront.net/" />
+	<test url="http://d1h9a8s8eodvjz.cloudfront.net/" />
+
+	<!-- from NYDailyNews.xml, used on classifieds.nydailynews.com -->
+	<test url="http://dmpwow64jb5ov.cloudfront.net/resource/stylesheet/6d3a9c8bc9ebafc0bba40e52c5b86008/fef8e26fba7270d13c02bac0af00ec9d.css" />
+	<test url="http://dmpwow64jb5ov.cloudfront.net/resource/javascript/6d3a9c8bc9ebafc0bba40e52c5b86008/0b13a3fc2c3955f1d27992bc6458d8a0.js" />
+
+		<!--test url="http://d1o1wlqwda3y1b.cloudfront.net/A-NAL/CNVNAL-35096_31457369972thmb.jpg" /-->
+		<!--test url="http://d1uc3ft0n4nkav.cloudfront.net/images/gradient_bg.png" /-->
+		<!--test url="http://d235bdyk0zpoq6.cloudfront.net/assets/vibratissimo.jpg" /-->
+		<!--test url="http://d2wcds7obmglv2.cloudfront.net/assets/default/nav-arrow.gif" /-->
+
+	<!--	Attempt to work around "hang" after login for mapmyrun.com
+		https://github.com/EFForg/https-everywhere/issues/4159
+		report does not give any examples, so try all scripts. -->
+	<exclusion pattern="^http://d2i3r43q6ffvz8\.cloudfront\.net/.+\.js" />
+		<test url="http://d2i3r43q6ffvz8.cloudfront.net/prod/public/js/jquery/jquery-1.8.3.ddb54eca80f2.js?bust=3" />
+		<test url="http://d2i3r43q6ffvz8.cloudfront.net/prod/public/js/min/core.11b1b69c86c5.js?bust=3" />
+	<!-- Another subdomain that causes CORS issues on mapmyrun.com
+		https://github.com/EFForg/https-everywhere/issues/5060  -->
+	<exclusion pattern="^http://dxcqr918aoy1x.cloudfront.net/prod/public/js/" />
+		<test url="http://dxcqr918aoy1x.cloudfront.net/prod/public/js/modules/core.6b60dedaba11.js?bust=3" />
+		<test url="http://dxcqr918aoy1x.cloudfront.net/prod/public/js/jquery.plugins/jquery.selectivizr-min.ed32136af18c.js?bust=3" />
+
+	<!-- This is a generalised precaution from turntable.fm
+		(rewriting this file seems to break cross origin in flash) -->
+	<exclusion pattern="^http://(\w+)\.cloudfront\.net/crossdomain\.xml" />
+		<test url="http://d1h9a8s8eodvjz.cloudfront.net/crossdomain.xml" />
+		<test url="http://d1ej19d7kwigfi.cloudfront.net/crossdomain.xml" />
+
+	<!-- Fix PBS videos, see https://github.com/EFForg/https-everywhere/issues/1508  -->
+	<exclusion pattern="^http://d3aef1qbbv7i5v\.cloudfront\.net/" />
+		<test url="http://d3aef1qbbv7i5v.cloudfront.net/lib/jwplayer/jwplayer.js" />
+		<test url="http://d3aef1qbbv7i5v.cloudfront.net/img/viral_player_sprite.png" />
+
+	<!-- acinitiates.com fix -->
+	<exclusion pattern="^http://(?:d3bn78kc7qbjb6|d1nawi9f7y8zrl)\.cloudfront\.net/" />
+		<test url="http://d3bn78kc7qbjb6.cloudfront.net/rc-0.0.0.392/views/logs/logs.html" />
+		<test url="http://d1nawi9f7y8zrl.cloudfront.net/content/v1/content?ver=1.0.0" /> <!-- http://d1nawi9f7y8zrl.cloudfront.net/content/v1/content?ver=1.0.0&lang=en -->
+
+	<!-- See https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-creating-signed-url-custom-policy.html
+		Policies contain the protocol, so a signature for http will not work for https -->
+	<exclusion pattern="&amp;Signature=" />
+		<test url="http://d1h9a8s8eodvjz.cloudfront.net/test.txt?a=b&amp;Signature=1234" />
+		<test url="http://d1h9a8s8eodvjz.cloudfront.net/test.txt?a=b&amp;Signature=5678" />
+
+	<!-- Fix trailers playing on rottentomatoes.com e.g. http://www.rottentomatoes.com/m/the_revenant_2015/ -->
+	<!-- HTTPS seems to work, but it appears to force HTTP -->
+	<exclusion pattern="^http://d3biamo577v4eu\.cloudfront\.net/" />
+		<test url="http://d3biamo577v4eu.cloudfront.net/static/js/lib/jwplayer-7.2.3/jwplayer.flash.swf" />
+		<test url="http://d3biamo577v4eu.cloudfront.net/static/images/icons/favicon.ico" />
+
+	<!-- Fix #3380 -->
+	<exclusion pattern="^http://d3s2wlph6mu7bx\.cloudfront\.net/" />
+		<test url="http://d3s2wlph6mu7bx.cloudfront.net/items/249704.svgz?http_iplan.meetingmatrix.com" />
+
+	<!-- Fix #10274 -->
+	<exclusion pattern="^http://dp8hsntg6do36\.cloudfront\.net/" />
+		<test url="http://dp8hsntg6do36.cloudfront.net/592cec6fb57ac33db6000000/933f5741-b748-4ad4-b5a9-cd7991915a97manifest-ios.m3u8" />
+
+	<!-- Fix CORS issues on http://satview.bom.gov.au/ (#3021) -->
+	<exclusion pattern="^http://d30f2i1nzx9v71.cloudfront.net/himawari/" />
+		<test url="http://d30f2i1nzx9v71.cloudfront.net/himawari/IDE00436/Himawari/timesteps.json?_=1519134824790" />
+		<test url="http://d30f2i1nzx9v71.cloudfront.net/himawari/text/IDY28000_TEX.txt" />
+
+	<!-- Fix CORS issues preventing map display.
+		See https://github.com/EFForg/https-everywhere/issues/3045 for more info
+	-->
+	<exclusion pattern="^http://dcxc7a0ls04u1\.cloudfront\.net/d/" />
+		<test url="http://dcxc7a0ls04u1.cloudfront.net/d/campaign-offices.csv" />
+		<test url="http://dcxc7a0ls04u1.cloudfront.net/d/us_postal_codes.gz" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/Cloudhexa_Network.xml b/src/chrome/content/rules/Cloudhexa_Network.xml
deleted file mode 100644
index 7e797937050f..000000000000
--- a/src/chrome/content/rules/Cloudhexa_Network.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	^cloudhexa.com times out over http
-
--->
-<ruleset name="Cloudhexa Network">
-
-	<target host="*.cloudhexa.com" />
-	<target host="*.www.cloudhexa.com" />
-
-
-	<securecookie host="^\.(?:www\.)?cloudhexa\.com$" name=".+" />
-
-
-	<rule from="^http://www\.cloudhexa\.com/"
-		to="https://www.cloudhexa.com/" />
-
-	<rule from="^https?://support\.cloudhexa\.com/"
-		to="https://cloudhexa.zendesk.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Cloudimage.io.xml b/src/chrome/content/rules/Cloudimage.io.xml
new file mode 100644
index 000000000000..bc696fe9dfdf
--- /dev/null
+++ b/src/chrome/content/rules/Cloudimage.io.xml
@@ -0,0 +1,18 @@
+<ruleset name="Cloudimage.io">
+
+	<target host="cloudimage.io" />
+	<target host="*.cloudimage.io" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?cloudimage\.io$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^client_domain.cloudimage\.io$" name="^OVHCDN$" /-->
+
+	<securecookie host="^(?:[\w-]+\.)?cloudimage\.io$" name=".+" />
+
+
+	<rule from="^http://([\w-]+\.)?cloudimage\.io/"
+		to="https://$1cloudimage.io/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cloudinary.xml b/src/chrome/content/rules/Cloudinary.xml
index a1c7d2c6069e..1f1be4d7a7e0 100644
--- a/src/chrome/content/rules/Cloudinary.xml
+++ b/src/chrome/content/rules/Cloudinary.xml
@@ -1,63 +1,39 @@
 <!--
-	CDN buckets:
-
-		- cloudinary-a.akamaihd.net
-
-		- d1c4ogak0lt2ja.cloudfront.net
-
-			- demo-res
-
-		- res.cloudinary.com.edgesuite.net
-
-			- res.cloudinary.com
-			- a[1-5].res.cloudinary.com
-
-		- cloudinary.zendesk.com
-
-			- support.cloudinary.com
-
-
-	Problematic subdomains:
-
-		- res *
-		- a[1-5].res *
-		- support	(pages redirect to http; mismatched, CN: *.zendesk.com)
-
-	* Works, akamai
-
-
-	Partially covered subdomains:
-
-		- support	(→ assets.zendesk.com)
-
-
-	Fully covered subdomains:
-
-		- (www.)
-		- demo-res	(→ d1c4ogak0lt2ja.cloudfront.net)
-		- res		(→ akamai)
-		- a[1-5].res	(→ akamai)
-
+	Non-functional hosts:
+		SSL peer certificate was not OK
+		- info.cloudinary.com
+		- a1.res.cloudinary.com
+		- a2.res.cloudinary.com
+		- a3.res.cloudinary.com
+		- a4.res.cloudinary.com
+		- a5.res.cloudinary.com
 -->
-<ruleset name="Cloudinary (partial)">
-
+<ruleset name="Cloudinary.com">
 	<target host="cloudinary.com" />
-	<target host="*.cloudinary.com" />
-
-
-	<securecookie host="^cloudinary\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?cloudinary\.com/"
-		to="https://$1cloudinary.com/" />
-
-	<rule from="^http://demo-res\.cloudinary\.com/"
-		to="https://d1c4ogak0lt2ja.cloudfront.net/" />
-
-	<rule from="^http://(a\d\.)?res\.cloudinary\.com/"
-		to="https://a248.e.akamai.net/f/1165/1/5m/$1res.cloudinary.com/" />
-
-	<rule from="^http://support\.cloudinary\.com/(generated|system)/"
-		to="https://assets.zendesk.com/$1/" />
-
-</ruleset>
\ No newline at end of file
+	<target host="www.cloudinary.com" />
+	<target host="demo-res.cloudinary.com" />
+	<target host="invitationdigital-res.cloudinary.com" />
+	<target host="invitationdigital-res-1.cloudinary.com" />
+	<target host="invitationdigital-res-2.cloudinary.com" />
+	<target host="invitationdigital-res-3.cloudinary.com" />
+	<target host="invitationdigital-res-4.cloudinary.com" />
+	<target host="invitationdigital-res-5.cloudinary.com" />
+	<target host="res.cloudinary.com" />
+	<target host="res-1.cloudinary.com" />
+	<target host="res-2.cloudinary.com" />
+	<target host="res-3.cloudinary.com" />
+	<target host="res-4.cloudinary.com" />
+	<target host="res-5.cloudinary.com" />
+		<test url="http://invitationdigital-res.cloudinary.com/image/upload/w_136,q_100,f_auto/amazon_prime_instant_video.png" />
+		<test url="http://invitationdigital-res-1.cloudinary.com/image/upload/w_100,q_70,fl_strip_profile,f_auto/phase_eight_logo.jpg" />
+		<test url="http://invitationdigital-res-2.cloudinary.com/image/upload/w_100,q_70,fl_strip_profile,f_auto/royal_horticultural_society_rhs_logo.jpg" />
+		<test url="http://invitationdigital-res-3.cloudinary.com/image/upload/w_100,q_70,fl_strip_profile,f_auto/feel_unique_logo_3.jpg" />
+		<test url="http://invitationdigital-res-4.cloudinary.com/image/upload/w_100,q_70,fl_strip_profile,f_auto/topman_logo_5.jpg" />
+		<test url="http://invitationdigital-res-5.cloudinary.com/image/upload/w_100,q_70,fl_strip_profile,f_auto/french_connection_logo_3.jpg" />
+	<target host="staging.cloudinary.com" />
+	<target host="status.cloudinary.com" />
+	<target host="support.cloudinary.com" />
+	<target host="webspeedtest.cloudinary.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Cloudmailin.com.xml b/src/chrome/content/rules/Cloudmailin.com.xml
new file mode 100644
index 000000000000..4989565f5c36
--- /dev/null
+++ b/src/chrome/content/rules/Cloudmailin.com.xml
@@ -0,0 +1,20 @@
+<!--
+	Nonfunctional hosts in *cloudmailin.com:
+
+		- docs *
+
+	* Refused
+
+-->
+<ruleset name="Cloudmailin.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="cloudmailin.com" />
+	<target host="www.cloudmailin.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cloudmark.xml b/src/chrome/content/rules/Cloudmark.xml
index aeb78f346113..9a5f846278aa 100644
--- a/src/chrome/content/rules/Cloudmark.xml
+++ b/src/chrome/content/rules/Cloudmark.xml
@@ -3,9 +3,8 @@
 	<target host="cloudmark.com"/>
 	<target host="www.cloudmark.com"/>
 
-	<rule from="^http://(www\.)?cloudmark\.com/"
-		to="https://cloudmark.com/"/>
+	<rule from="^http:" to="https:" />
 
-	<securecookie host="^(www\.)?cloudmark\.com$" name=".*"/>
+	<securecookie host="^(?:www\.)?cloudmark\.com$" name=".+" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Cloudmutt.com.xml b/src/chrome/content/rules/Cloudmutt.com.xml
new file mode 100644
index 000000000000..e2448c5b2513
--- /dev/null
+++ b/src/chrome/content/rules/Cloudmutt.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="Cloudmutt.com">
+	<target host="cloudmutt.com" />
+	<target host="www.cloudmutt.com" />
+	<target host="lists.cloudmutt.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Cloudorado.com.xml b/src/chrome/content/rules/Cloudorado.com.xml
new file mode 100644
index 000000000000..7586962d3a48
--- /dev/null
+++ b/src/chrome/content/rules/Cloudorado.com.xml
@@ -0,0 +1,20 @@
+<!--
+	Nonfunctional subdomains:
+
+		- blog *
+
+	* Blogger
+
+-->
+<ruleset name="Cloudorado.com (partial)">
+
+	<target host="cloudorado.com" />
+	<target host="www.cloudorado.com" />
+
+
+	<securecookie host="^\.cloudorado\.com$" name="^__cfduid$" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cloudpath.net.xml b/src/chrome/content/rules/Cloudpath.net.xml
new file mode 100644
index 000000000000..ed0b6aa0b1cf
--- /dev/null
+++ b/src/chrome/content/rules/Cloudpath.net.xml
@@ -0,0 +1,27 @@
+<!--
+	(www.)?cloudpath.net: Refused
+
+
+	Insecure cookies are set for these hosts:
+
+		- xpc.cloudpath.net
+
+-->
+<ruleset name="Cloudpath.net (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="xpc.cloudpath.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^xpc\.cloudpath\.net$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^xpc\.cloudpath\.net$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cloudron.io.xml b/src/chrome/content/rules/Cloudron.io.xml
new file mode 100644
index 000000000000..37c727319c04
--- /dev/null
+++ b/src/chrome/content/rules/Cloudron.io.xml
@@ -0,0 +1,12 @@
+<ruleset name="Cloudron.io">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="cloudron.io" />
+	<target host="www.cloudron.io" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cloudscaling.com.xml b/src/chrome/content/rules/Cloudscaling.com.xml
index dbd0aa459917..4a826175ad0a 100644
--- a/src/chrome/content/rules/Cloudscaling.com.xml
+++ b/src/chrome/content/rules/Cloudscaling.com.xml
@@ -1,21 +1,27 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://engineering.cloudscaling.com/ => https://engineering.cloudscaling.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://cloudscaling.com/ => https://cloudscaling.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 	Fully covered subdomains:
 
 		- (www.)
 		- engineering
 
 -->
-<ruleset name="Cloudscaling.com">
+<ruleset name="Cloudscaling.com" default_off="failed ruleset test">
 
 	<target host="cloudscaling.com" />
-	<target host="*.cloudscaling.com" />
+	<target host="engineering.cloudscaling.com" />
+	<target host="www.cloudscaling.com" />
 
 
 	<!--securecookie host="^\.cloudscaling\.com$" name="^(hsfirstvisit|__hssc|__hssrc|__hstc|hubspotutk|_mkto_trk|__utm\w)$" /-->
 	<securecookie host="^(?:w*\.)?cloudscaling\.com$" name=".+" />
 
 
-	<rule from="^http://(engineering\.|www\.)?cloudscaling\.com/"
-		to="https://$1cloudscaling.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Cloudsecurityalliance.org.xml b/src/chrome/content/rules/Cloudsecurityalliance.org.xml
deleted file mode 100644
index 313bce3fc857..000000000000
--- a/src/chrome/content/rules/Cloudsecurityalliance.org.xml
+++ /dev/null
@@ -1,31 +0,0 @@
-<!-- This rule was automatically generated based on an HSTS
-     preload rule in the Chromium browser.  See 
-     https://src.chromium.org/viewvc/chrome/trunk/src/net/base/transport_security_state.cc
-     for the list of preloads.  Sites are added to the Chromium HSTS
-     preload list on request from their administrators, so HTTPS should
-     work properly everywhere on this site.
-
-
-	Fully covered subdomains:
-
-		- blog
-		- ccsk-es
-		- local-cdn
-		- nexus
-
-
-	Observed cookie domains:
-
-		- .
-		- nexus
-		- .nexus
-
--->
-<ruleset name="Cloudsecurityalliance.org">
-  <target host="cloudsecurityalliance.org" />
-  <target host="*.cloudsecurityalliance.org" />
-
-  <securecookie host="^(?:.*\.)?cloudsecurityalliance\.org$" name=".+" />
-
-  <rule from="^http://((?:blog|ccsk-es|local-cdn|nexus|www)\.)?cloudsecurityalliance\.org/" to="https://$1cloudsecurityalliance.org/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Cloudset.net.xml b/src/chrome/content/rules/Cloudset.net.xml
index ac446bef5240..ad7ea6f916b7 100644
--- a/src/chrome/content/rules/Cloudset.net.xml
+++ b/src/chrome/content/rules/Cloudset.net.xml
@@ -9,10 +9,12 @@
 -->
 <ruleset name="cloudset.net">
 
-	<target host="*.cloudset.net" />
+	<target host="app.cloudset.net" />
+	<target host="index.app.cloudset.net" />
+	<target host="integrator.cloudset.net" />
+	<target host="qa.cloudset.net" />
 
 
-	<rule from="^http://(app|index\.app|integrator|qa)\.cloudset\.net/"
-		to="https://$1.cloudset.net/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Cloudwear.com.xml b/src/chrome/content/rules/Cloudwear.com.xml
index 8ac056b16e05..03c7eff2b539 100644
--- a/src/chrome/content/rules/Cloudwear.com.xml
+++ b/src/chrome/content/rules/Cloudwear.com.xml
@@ -1,13 +1,20 @@
-<ruleset name="Cloudwear.com">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cloudwear.com/ => https://cloudwear.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.cloudwear.com/ => https://www.cloudwear.com/: (28, 'Connection timed out after 20000 milliseconds')
+
+-->
+<ruleset name="Cloudwear.com" default_off="failed ruleset test">
 
 	<target host="cloudwear.com" />
-	<target host="*.cloudwear.com" />
+	<target host="www.cloudwear.com" />
 
 
 	<securecookie host="^(?:w*\.)?cloudwear\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?cloudwear\.com/"
-		to="https://$1cloudwear.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Clover.com.xml b/src/chrome/content/rules/Clover.com.xml
new file mode 100644
index 000000000000..6f9df2b94827
--- /dev/null
+++ b/src/chrome/content/rules/Clover.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="Clover.com">
+
+	<target host="clover.com" />
+	<target host="www.clover.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ClubCompy.xml b/src/chrome/content/rules/ClubCompy.xml
deleted file mode 100644
index c6f521e60804..000000000000
--- a/src/chrome/content/rules/ClubCompy.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="ClubCompy">
-
-	<target host="clubcompy.com" />
-	<target host="www.clubcompy.com" />
-
-
-	<securecookie host="^clubcompy\.com$" name=".*" />
-
-
-	<rule from="^http://(www\.)?clubcompy\.com/"
-		to="https://$1clubcompy.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/ClubNix.fr.xml b/src/chrome/content/rules/ClubNix.fr.xml
new file mode 100644
index 000000000000..fe50ec4e111f
--- /dev/null
+++ b/src/chrome/content/rules/ClubNix.fr.xml
@@ -0,0 +1,13 @@
+<ruleset name="ClubNix.fr">
+
+	<target host="clubnix.fr" />
+	<target host="www.clubnix.fr" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Club_Red_Gaming.com.xml b/src/chrome/content/rules/Club_Red_Gaming.com.xml
index 37369fa31e6e..f5fcadc949b1 100644
--- a/src/chrome/content/rules/Club_Red_Gaming.com.xml
+++ b/src/chrome/content/rules/Club_Red_Gaming.com.xml
@@ -4,12 +4,12 @@
 		- (www.)	(refused)
 
 -->
-<ruleset name="Club Red Gaming.com (partial)">
+<ruleset name="Club Red Gaming.com (partial)" default_off="refused">
 
 	<target host="lobby.clubredgaming.com" />
 
 
-	<rule from="^http://lobby\.clubredgaming\.com/"
-		to="https://lobby.clubredgaming.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Clubic.com.xml b/src/chrome/content/rules/Clubic.com.xml
new file mode 100644
index 000000000000..1766a9912cbe
--- /dev/null
+++ b/src/chrome/content/rules/Clubic.com.xml
@@ -0,0 +1,35 @@
+
+<!--
+	Mismatched:
+		- blog
+		- bo-shopper
+		- bons-plans
+		- cashback
+		- emploi-informatique
+		- pro
+
+	Timeout:
+		- gitlab
+		- img
+
+	Expired:
+		- prodf
+-->
+<ruleset name="Clubic.com">
+	<target host="clubic.com" />
+	<target host="www.clubic.com" />
+	<target host="bo.clubic.com" />
+	<target host="prod.bo.clubic.com" />
+	<target host="castor.clubic.com" />
+	<target host="prod.castor.clubic.com" />
+	<target host="faye.cube.clubic.com" />
+	<target host="preprod.front01.clubic.com" />
+	<target host="gems.clubic.com" />
+	<target host="pic.clubic.com" />
+	<target host="prod.pic.clubic.com" />
+	<target host="pic-fresh.clubic.com" />
+	<target host="usine.clubic.com" />
+	<target host="preprod.usine.clubic.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ClusterHQ.com.xml b/src/chrome/content/rules/ClusterHQ.com.xml
new file mode 100644
index 000000000000..e406ebcdb465
--- /dev/null
+++ b/src/chrome/content/rules/ClusterHQ.com.xml
@@ -0,0 +1,39 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://docs.clusterhq.com/ => https://docs.clusterhq.com/: (6, 'Could not resolve host: docs.clusterhq.com')
+
+	These altnames don't exist:
+
+		- www.docs.clusterhq.com
+
+
+	Insecure cookies are set for these domains:
+
+		- .clusterhq.com
+
+
+	Mixed content:
+
+		- css on docs from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="ClusterHQ.com" default_off="failed ruleset test">
+
+	<target host="clusterhq.com" />
+	<target host="docs.clusterhq.com" />
+	<target host="www.clusterhq.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.clusterhq\.com$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.clusterhq\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Clusters.de.xml b/src/chrome/content/rules/Clusters.de.xml
new file mode 100644
index 000000000000..45ea14aaaa56
--- /dev/null
+++ b/src/chrome/content/rules/Clusters.de.xml
@@ -0,0 +1,18 @@
+<ruleset name="Clusters.de">
+
+	<target host="clusters.de" />
+	<target host="customer.clusters.de" />
+	<target host="domain.clusters.de" />
+	<target host="www.clusters.de" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(customer|domain)\.clusters\.de$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^(?:customer|domain)\.clusters\.de$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Clyp.it.xml b/src/chrome/content/rules/Clyp.it.xml
new file mode 100644
index 000000000000..1dd915ee8f46
--- /dev/null
+++ b/src/chrome/content/rules/Clyp.it.xml
@@ -0,0 +1,12 @@
+<ruleset name="Clyp.it">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="clyp.it" />
+	<target host="www.clyp.it" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CmCDN.net.xml b/src/chrome/content/rules/CmCDN.net.xml
new file mode 100644
index 000000000000..7fd85f434035
--- /dev/null
+++ b/src/chrome/content/rules/CmCDN.net.xml
@@ -0,0 +1,41 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://media.cmcdn.net/ (200) => https://d2tbi97h020xxe.cloudfront.net/ (503)
+Fetch error: http://s.cmcdn.net/ => https://d1gyuuidj3lauh.cloudfront.net/: (6, 'Could not resolve host: d1gyuuidj3lauh.cloudfront.net')
+
+	For other Carbonmade coverage, see Carbonmade.xml.
+
+
+	CDN buckets:
+
+		- d1gyuuidj3lauh.cloudfront.net
+
+			- s.cmcdn.net
+
+		- d2tbi97h020xxe.cloudfront.net
+
+			- media.cmcdn.net
+
+
+	Fully covered hosts in *cmcdn.net:
+
+		- media
+		- s
+
+-->
+<ruleset name="CaCDN.net" default_off="failed ruleset test">
+
+	<!--	Complications:
+				-->
+	<target host="media.cmcdn.net" />
+	<target host="s.cmcdn.net" />
+
+
+	<rule from="^http://media\.cmcdn\.net/"
+		to="https://media.cmcdn.net/" />
+
+	<rule from="^http://s\.cmcdn\.net/"
+		to="https://d1gyuuidj3lauh.cloudfront.net/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cmcenroe.me.xml b/src/chrome/content/rules/Cmcenroe.me.xml
new file mode 100644
index 000000000000..01b47602e155
--- /dev/null
+++ b/src/chrome/content/rules/Cmcenroe.me.xml
@@ -0,0 +1,27 @@
+<!--
+	www.cmcenroe.me: Mismatched
+
+
+	Insecure cookies are set for these domains:
+
+		- .cmcenroe.me
+
+-->
+<ruleset name="cmcenroe.me (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="cmcenroe.me" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.cmcenroe\.me$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.cmcenroe\.me$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cmxlog.com.xml b/src/chrome/content/rules/Cmxlog.com.xml
new file mode 100644
index 000000000000..2e18aaed9f8e
--- /dev/null
+++ b/src/chrome/content/rules/Cmxlog.com.xml
@@ -0,0 +1,11 @@
+<!--
+See CyanogenMod.org.xml and CyanogenMod.org-falsemixed.xml for more rulesets
+about Cyanogendmod.
+-->
+<ruleset name="Cmxlog.com">
+    <target host="cmxlog.com" />
+    <target host="www.cmxlog.com" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Cnchost.com.xml b/src/chrome/content/rules/Cnchost.com.xml
new file mode 100644
index 000000000000..edc645527ab2
--- /dev/null
+++ b/src/chrome/content/rules/Cnchost.com.xml
@@ -0,0 +1,39 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://register.cnchost.com/ => https://register.cnchost.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+-->
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://register.cnchost.com/ => https://register.cnchost.com/: (28, 'Connection timed out after 10001 milliseconds')
+Non-2xx HTTP code: http://secure.cnchost.com/ (200) => https://secure.cnchost.com/ (400)
+
+	For other XO Communications coverage, see XO-Communications.xml.
+
+
+	cnchost.com (cert: cnchost.com) redirects to xo.com.
+
+
+	Fully covered hosts in *cnchost.com:
+
+		- register
+		- secure
+
+-->
+<ruleset name="cnchost.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="register.cnchost.com" />
+	<target host="secure.cnchost.com" />
+
+
+	<securecookie host="^secure\.chchost\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cnzz.com.xml b/src/chrome/content/rules/Cnzz.com.xml
index dc836e2d82d0..d77ddda36e1e 100644
--- a/src/chrome/content/rules/Cnzz.com.xml
+++ b/src/chrome/content/rules/Cnzz.com.xml
@@ -1,13 +1,185 @@
 <!--
-	For other Taobao coverage, see Taobao.xml.
+	Broken:
+	- cnzz.com
+	- mail.cnzz.com
+	- www.cnzz.com
 
--->
-<ruleset name="cnzz.com">
+	Different http/https content:
+	- mt.cnzz.com"
 
-	<target host="s25.cnzz.com" />
+	Redirects to http:
+	- adm.cnzz.com
+	- bbs.cnzz.com
+	- blog.cnzz.com
+	- click.cnzz.com
+	- doc.cnzz.com
+	- help.cnzz.com
+	- open.cnzz.com
+	- search.cnzz.com
+	- resolve.cnzz.com
+	- sns.data.cnzz.com
+	- tui.cnzz.com
+	- wss.cnzz.com
 
+	- data.cnzz.com
+	- brow.data.cnzz.com
+	- education.data.cnzz.com
+	- engine.data.cnzz.com
+	- isp.data.cnzz.com
+	- location.data.cnzz.com
+	- os.data.cnzz.com
+	- resolve.data.cnzz.com
+	- sns.data.cnzz.com
+-->
+<ruleset name="Cnzz.com">
+	<target host="c.cnzz.com" />
+	<target host="dplus.cnzz.com" />
+	<target host="icon.cnzz.com" />
+	<target host="tongji.cnzz.com" />
+	<target host="w.cnzz.com" />
 
-	<rule from="^http://s25\.cnzz\.com/"
-		to="https://s25.cnzz.com/" />
+	<target host="s1.cnzz.com" />
+	<target host="s2.cnzz.com" />
+	<target host="s3.cnzz.com" />
+	<target host="s4.cnzz.com" />
+	<target host="s5.cnzz.com" />
+	<target host="s6.cnzz.com" />
+	<target host="s7.cnzz.com" />
+	<target host="s8.cnzz.com" />
+	<target host="s9.cnzz.com" />
+	<target host="s10.cnzz.com" />
+	<target host="s11.cnzz.com" />
+	<target host="s12.cnzz.com" />
+	<target host="s13.cnzz.com" />
+	<target host="s14.cnzz.com" />
+	<target host="s15.cnzz.com" />
+	<target host="s16.cnzz.com" />
+	<target host="s17.cnzz.com" />
+	<target host="s18.cnzz.com" />
+	<target host="s19.cnzz.com" />
+	<target host="s20.cnzz.com" />
+	<target host="s21.cnzz.com" />
+	<target host="s22.cnzz.com" />
+	<target host="s23.cnzz.com" />
+	<target host="s24.cnzz.com" />
+	<target host="s25.cnzz.com" />
+	<target host="s26.cnzz.com" />
+	<target host="s27.cnzz.com" />
+	<target host="s28.cnzz.com" />
+	<target host="s29.cnzz.com" />
+	<target host="s30.cnzz.com" />
+	<target host="s31.cnzz.com" />
+	<target host="s32.cnzz.com" />
+	<target host="s33.cnzz.com" />
+	<target host="s34.cnzz.com" />
+	<target host="s35.cnzz.com" />
+	<target host="s36.cnzz.com" />
+	<target host="s37.cnzz.com" />
+	<target host="s38.cnzz.com" />
+	<target host="s39.cnzz.com" />
+	<target host="s40.cnzz.com" />
+	<target host="s41.cnzz.com" />
+	<target host="s42.cnzz.com" />
+	<target host="s43.cnzz.com" />
+	<target host="s44.cnzz.com" />
+	<target host="s45.cnzz.com" />
+	<target host="s46.cnzz.com" />
+	<target host="s47.cnzz.com" />
+	<target host="s48.cnzz.com" />
+	<target host="s49.cnzz.com" />
+	<target host="s50.cnzz.com" />
+	<target host="s51.cnzz.com" />
+	<target host="s52.cnzz.com" />
+	<target host="s53.cnzz.com" />
+	<target host="s54.cnzz.com" />
+	<target host="s55.cnzz.com" />
+	<target host="s56.cnzz.com" />
+	<target host="s57.cnzz.com" />
+	<target host="s58.cnzz.com" />
+	<target host="s59.cnzz.com" />
+	<target host="s60.cnzz.com" />
+	<target host="s61.cnzz.com" />
+	<target host="s62.cnzz.com" />
+	<target host="s63.cnzz.com" />
+	<target host="s64.cnzz.com" />
+	<target host="s65.cnzz.com" />
+	<target host="s66.cnzz.com" />
+	<target host="s67.cnzz.com" />
+	<target host="s68.cnzz.com" />
+	<target host="s69.cnzz.com" />
+	<target host="s70.cnzz.com" />
+	<target host="s71.cnzz.com" />
+	<target host="s72.cnzz.com" />
+	<target host="s73.cnzz.com" />
+	<target host="s74.cnzz.com" />
+	<target host="s75.cnzz.com" />
+	<target host="s76.cnzz.com" />
+	<target host="s77.cnzz.com" />
+	<target host="s78.cnzz.com" />
+	<target host="s79.cnzz.com" />
+	<target host="s80.cnzz.com" />
+	<target host="s81.cnzz.com" />
+	<target host="s82.cnzz.com" />
+	<target host="s83.cnzz.com" />
+	<target host="s84.cnzz.com" />
+	<target host="s85.cnzz.com" />
+	<target host="s86.cnzz.com" />
+	<target host="s87.cnzz.com" />
+	<target host="s88.cnzz.com" />
+	<target host="s89.cnzz.com" />
+	<target host="s90.cnzz.com" />
+	<target host="s91.cnzz.com" />
+	<target host="s92.cnzz.com" />
+	<target host="s93.cnzz.com" />
+	<target host="s94.cnzz.com" />
+	<target host="s95.cnzz.com" />
+	<target host="s96.cnzz.com" />
+	<target host="s97.cnzz.com" />
+	<target host="s98.cnzz.com" />
+	<target host="s99.cnzz.com" />
+	<target host="s100.cnzz.com" />
+	<target host="s101.cnzz.com" />
+	<target host="s102.cnzz.com" />
+	<target host="s103.cnzz.com" />
+	<target host="s104.cnzz.com" />
+	<target host="s105.cnzz.com" />
+	<target host="s106.cnzz.com" />
+	<target host="s107.cnzz.com" />
+	<target host="s108.cnzz.com" />
+	<target host="s109.cnzz.com" />
+	<target host="s110.cnzz.com" />
+	<target host="s111.cnzz.com" />
+	<target host="s112.cnzz.com" />
+	<target host="s113.cnzz.com" />
+	<target host="s114.cnzz.com" />
+	<target host="s115.cnzz.com" />
+	<target host="s116.cnzz.com" />
+	<target host="s117.cnzz.com" />
+	<target host="s118.cnzz.com" />
+	<target host="s119.cnzz.com" />
+	<target host="s120.cnzz.com" />
+	<target host="s121.cnzz.com" />
+	<target host="s122.cnzz.com" />
+	<target host="s123.cnzz.com" />
+	<target host="s124.cnzz.com" />
+	<target host="s125.cnzz.com" />
+	<target host="s126.cnzz.com" />
+	<target host="s127.cnzz.com" />
+	<target host="s128.cnzz.com" />
+	<target host="s129.cnzz.com" />
+	<target host="s130.cnzz.com" />
+	<target host="s131.cnzz.com" />
+	<target host="s132.cnzz.com" />
+	<target host="s133.cnzz.com" />
+	<target host="s134.cnzz.com" />
+	<target host="s135.cnzz.com" />
+	<target host="s136.cnzz.com" />
+	<target host="s137.cnzz.com" />
+	<target host="s138.cnzz.com" />
+	<target host="s139.cnzz.com" />
+	<target host="s140.cnzz.com" />
+	<target host="s141.cnzz.com" />
+	<target host="s142.cnzz.com" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Co-operative-bank.xml b/src/chrome/content/rules/Co-operative-bank.xml
index 3bff47d65eff..c6977686f08d 100644
--- a/src/chrome/content/rules/Co-operative-bank.xml
+++ b/src/chrome/content/rules/Co-operative-bank.xml
@@ -1,17 +1,17 @@
 <ruleset name="co-operative bank">
 
 	<target host="co-operativebank.co.uk" />
-	<target host="*.co-operativebank.co.uk" />
+	<target host="www.co-operativebank.co.uk" />
+	<target host="personal.co-operativebank.co.uk" />
 
 
-	<securecookie host="^.*\.co-operativebank\.co\.uk$" name=".*" />
+	<securecookie host="^.*\.co-operativebank\.co\.uk$" name=".+" />
 
 
 	<!--	!www doesn't work.	-->
 	<rule from="^http://(?:www\.)?co-operativebank\.co\.uk/"
 		to="https://www.co-operativebank.co.uk/" />
 
-	<rule from="^http://personal\.co-operativebank\.co\.uk/"
-		to="https://personal.co-operativebank.co.uk/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Co.uk.xml b/src/chrome/content/rules/Co.uk.xml
deleted file mode 100644
index 0cce4895e231..000000000000
--- a/src/chrome/content/rules/Co.uk.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!-- This rule was automatically generated based on an HSTS
-     preload rule in the Chromium browser.  See
-     https://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.h
-     for the list of preloads.  Sites are added to the Chromium HSTS
-     preload list on request from their administrators, so HTTPS should
-     work properly everywhere on this site.
-
-     Because Chromium and derived browsers automatically force HTTPS for
-     every access to this site, this rule applies only to Firefox. -->
-<ruleset name="Co.uk" platform="firefox">
-<target host="carlolly.co.uk" />
-<target host="saturngames.co.uk" />
-
-<securecookie host="^carlolly\.co\.uk$" name=".+" />
-<securecookie host="^saturngames\.co\.uk$" name=".+" />
-
-<rule from="^http://carlolly\.co\.uk/" to="https://carlolly.co.uk/" />
-<rule from="^http://saturngames\.co\.uk/" to="https://saturngames.co.uk/" />
-</ruleset>
diff --git a/src/chrome/content/rules/CoGen-Media.xml b/src/chrome/content/rules/CoGen-Media.xml
index 2748023458fe..7089db721077 100644
--- a/src/chrome/content/rules/CoGen-Media.xml
+++ b/src/chrome/content/rules/CoGen-Media.xml
@@ -1,22 +1,73 @@
 <!--
-	Fully covered subdomains:
+	CDN buckets:
 
-		- *-cart	(per-client carts)
+		- d27d0p3ntv6ptk.cloudfront.net
+		- d27qhkopal1b4u.cloudfront.net
+		- d289qh4hsbjjw7.cloudfront.net
+		- d9hhrg4mnvzow.cloudfront.net
+
+
+	Nonfunctional hosts in *degica.com:
+
+		- dreye ⁴
+
+	⁴ 404
+
+
+	Problematic hosts in *degica.com:
+
+		- tech ᵐ
+
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- degica.com
+		- .degica.com
+		- comipo.degica.com
+		- dariusburstcs.degica.com
+		- stm.degica.com
+		- www.degica.com
+
+
+	Mixed content:
+
+		- Image on razer from assets.razerzone.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="Cogen Media (partial)" platform="mixedcontent">
+<ruleset name="Cogen Media (partial)" default_off="cert-chain">
 
-	<target host="degica.com"/>
-	<target host="*.degica.com"/>
+	<target host="degica.com" />
+	<target host="comipo.degica.com" />
+	<target host="dariusburstcs.degica.com" />
+	<target host="dev_rpgmakerweb.degica.com" />
+	<target host="easeus.degica.com" />
+	<target host="gateway.degica.com" />
+	<target host="info.degica.com" />
+	<target host="muvluv.degica.com" />
+	<target host="newrelic.degica.com" />
+	<target host="ordinarysoft-jp-cart.degica.com" />
+	<target host="steam.degica.com" />
+	<target host="stm.degica.com" />
+	<target host="store.degica.com" />
+	<target host="tkool.degica.com" />
+	<target host="www.degica.com" />
 
 
-	<securecookie host="^\.?[\w-]+-cart\.degica\.com$" name=".+" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?degica\.com$" name="^_icl_current_language$" /-->
+	<!--securecookie host="^\.degica\.com$" name="^ubvt$" /-->
+	<!--securecookie host="^(?:comipo|dariusburstcs|stm)\.degica\.com$" name="^ub(?:pv|vs)$" /-->
 
+	<securecookie host="^\." name="^_(?:_utm|gat?$|gat_)" />
+	<securecookie host="^\w" name=".+" />
 
-	<rule from="^http://degica\.com/"
-		to="https://degica.com/"/>
 
-	<rule from="^http://([\w-]+-cart|dl)\.degica\.com/"
-		to="https://$1.degica.com/"/>
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/CoNetrix.xml b/src/chrome/content/rules/CoNetrix.xml
index 3094ab5a0eeb..ac54bd5b8b95 100644
--- a/src/chrome/content/rules/CoNetrix.xml
+++ b/src/chrome/content/rules/CoNetrix.xml
@@ -1,13 +1,12 @@
 <ruleset name="CoNetrix">
 
 	<target host="conetrix.com" />
-	<target host="*.conetrix.com" />
+	<target host="www.conetrix.com" />
 
 
 	<securecookie host="^(?:www)?\.conetrix\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?conetrix\.com/"
-		to="https://$1conetrix.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Coalition-S.org.xml b/src/chrome/content/rules/Coalition-S.org.xml
new file mode 100644
index 000000000000..6aae3eb55bdb
--- /dev/null
+++ b/src/chrome/content/rules/Coalition-S.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="Coalition-S.org">
+
+	<target host="coalition-s.org" />
+	<target host="www.coalition-s.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Coast-Capital-Savings.xml b/src/chrome/content/rules/Coast-Capital-Savings.xml
new file mode 100644
index 000000000000..ca50c882b5bf
--- /dev/null
+++ b/src/chrome/content/rules/Coast-Capital-Savings.xml
@@ -0,0 +1,26 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://campaigns.coastcapitalsavings.com/ => https://campaigns.coastcapitalsavings.com/: (51, "SSL: no alternative certificate subject name matches target host name 'campaigns.coastcapitalsavings.com'")
+Fetch error: http://vote.coastcapitalsavings.com/ => https://vote.coastcapitalsavings.com/: (60, 'SSL certificate problem: self signed certificate')
+
+	Invalid certificates:
+		- annualreport.coastcapitalsavings.com
+		- copsforcancer.coastcapitalsavings.com
+		- www.copsforcancer.coastcapitalsavings.com
+-->
+
+<ruleset name="Coast Capital Savings" default_off="failed ruleset test">
+	<target host="coastcapitalsavings.com" />
+	<target host="www.coastcapitalsavings.com" />
+	<target host="agency.coastcapitalsavings.com" />
+	<target host="apply.coastcapitalsavings.com" />
+	<target host="blog.coastcapitalsavings.com" />
+	<target host="campaigns.coastcapitalsavings.com" />
+	<target host="vote.coastcapitalsavings.com" />
+	<target host="www.mdws.coastcapitalsavings.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Coast-Digital.xml b/src/chrome/content/rules/Coast-Digital.xml
index d56bf0ed8ef1..c0ac9f1f7d87 100644
--- a/src/chrome/content/rules/Coast-Digital.xml
+++ b/src/chrome/content/rules/Coast-Digital.xml
@@ -1,11 +1,21 @@
-<ruleset name="Coast Digital">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://coastdigital.co.uk/ => https://coastdigital.co.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'coastdigital.co.uk'")
+Fetch error: http://www.coastdigital.co.uk/ => https://coastdigital.co.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'coastdigital.co.uk'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://coastdigital.co.uk/ => https://coastdigital.co.uk/: (60, 'SSL certificate problem: self signed certificate')
+Fetch error: http://www.coastdigital.co.uk/ => https://coastdigital.co.uk/: (60, 'SSL certificate problem: self signed certificate')
+-->
+<ruleset name="Coast Digital" default_off="failed ruleset test">
 
 	<target host="coastdigital.co.uk"/>
 	<target host="www.coastdigital.co.uk"/>
 
-	<rule from="^http://(www\.)?coastdigital\.co\.uk/"
+	<rule from="^http://(?:www\.)?coastdigital\.co\.uk/"
 		to="https://coastdigital.co.uk/"/>
 
-	<securecookie host="^(www\.)?coastdigital\.co\.uk$" name=".*"/>
+	<securecookie host="^(?:www\.)?coastdigital\.co\.uk$" name=".+" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Coastal-Community-Credit-Union.xml b/src/chrome/content/rules/Coastal-Community-Credit-Union.xml
new file mode 100644
index 000000000000..b7525af39834
--- /dev/null
+++ b/src/chrome/content/rules/Coastal-Community-Credit-Union.xml
@@ -0,0 +1,10 @@
+<ruleset name="Coastal Community Credit Union">
+	<target host="cccu.ca" />
+	<target host="www.cccu.ca" />
+	<target host="mdws.cccu.ca" />
+	<target host="secure.cccu.ca" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Coastal_Micro_Supply.xml b/src/chrome/content/rules/Coastal_Micro_Supply.xml
index dcdbd9cc34e3..8cd9274eefb6 100644
--- a/src/chrome/content/rules/Coastal_Micro_Supply.xml
+++ b/src/chrome/content/rules/Coastal_Micro_Supply.xml
@@ -1,8 +1,16 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://coastalmicrosupply.com/ => https://coastalmicrosupply.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.coastalmicrosupply.com/ => https://www.coastalmicrosupply.com/: (28, 'Connection timed out after 20000 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://coastalmicrosupply.com/ => https://coastalmicrosupply.com/: (51, "SSL: no alternative certificate subject name matches target host name 'coastalmicrosupply.com'")
+Fetch error: http://www.coastalmicrosupply.com/ => https://www.coastalmicrosupply.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.coastalmicrosupply.com'")
 	Some (most)? pages redirect to http.
 
 -->
-<ruleset name="Coastal Micro Supply (partial)">
+<ruleset name="Coastal Micro Supply (partial)" default_off="failed ruleset test">
 
 	<target host="coastalmicrosupply.com" />
 	<target host="www.coastalmicrosupply.com" />
@@ -11,4 +19,4 @@
 	<rule from="^http://(www\.)?coastalmicrosupply\.com/($|catalog\.html|images/|index\.php\?target=auth|skins/)"
 		to="https://$1coastalmicrosupply.com/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/CoasterForce.com.xml b/src/chrome/content/rules/CoasterForce.com.xml
new file mode 100644
index 000000000000..e394efcccb2c
--- /dev/null
+++ b/src/chrome/content/rules/CoasterForce.com.xml
@@ -0,0 +1,17 @@
+<ruleset name="CoasterForce.com">
+
+	<target host="coasterforce.com" />
+	<target host="www.coasterforce.com" />
+	<target host="cpanel.coasterforce.com" />
+	<target host="forums.coasterforce.com" />
+	<target host="www.forums.coasterforce.com" />
+	<target host="mail.coasterforce.com" />
+	<target host="webdisk.coasterforce.com" />
+	<target host="webmail.coasterforce.com" />
+	<target host="whm.coasterforce.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+	
+</ruleset>
diff --git a/src/chrome/content/rules/Cobalt_Mania.com.xml b/src/chrome/content/rules/Cobalt_Mania.com.xml
index 18a9d44f6d80..969f0a998ad5 100644
--- a/src/chrome/content/rules/Cobalt_Mania.com.xml
+++ b/src/chrome/content/rules/Cobalt_Mania.com.xml
@@ -1,7 +1,13 @@
-<ruleset name="Cobalt Mania.com">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cobaltmania.com/ => https://www.cobaltmania.com/: (7, 'Failed to connect to www.cobaltmania.com port 443: Connection refused')
+
+-->
+<ruleset name="Cobalt Mania.com" default_off="failed ruleset test">
 
 	<target host="cobaltmania.com" />
-	<target host="*.cobaltmania.com" />
+	<target host="www.cobaltmania.com" />
 
 
 	<securecookie host="^(?:www)?\.cobaltmania.com$" name=".+" />
diff --git a/src/chrome/content/rules/Coccoc.com.xml b/src/chrome/content/rules/Coccoc.com.xml
new file mode 100644
index 000000000000..d73bbea27152
--- /dev/null
+++ b/src/chrome/content/rules/Coccoc.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="Coccoc.com">
+	<target host="coccoc.com" />
+	<target host="www.coccoc.com" />
+	<target host="poipic.coccoc.com" />
+
+  <test url="http://coccoc.com/search" />
+  <test url="http://coccoc.com/search#query=atm+ho%C3%A0n+ki%E1%BA%BFm" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Cock.li.xml b/src/chrome/content/rules/Cock.li.xml
new file mode 100644
index 000000000000..c29d93a2feae
--- /dev/null
+++ b/src/chrome/content/rules/Cock.li.xml
@@ -0,0 +1,22 @@
+<!--
+	Mismatched:
+		- munin
+		- mx2
+		- ns2
+		- xmpp
+-->
+<ruleset name="Cock.li">
+	<target host="cock.li" />
+	<target host="www.cock.li" />
+	<target host="admin.cock.li" />
+	<target host="autoconfig.cock.li" />
+	<target host="box.cock.li" />
+	<target host="www.box.cock.li" />
+	<target host="git.cock.li" />
+	<target host="lists.cock.li" />
+	<target host="mail.cock.li" />
+	<target host="mx1.cock.li" />
+	<target host="status.cock.li" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Cockbox.org.xml b/src/chrome/content/rules/Cockbox.org.xml
new file mode 100644
index 000000000000..ad5812986e07
--- /dev/null
+++ b/src/chrome/content/rules/Cockbox.org.xml
@@ -0,0 +1,6 @@
+<ruleset name="Cockbox.org">
+	<target host="cockbox.org" />
+	<target host="www.cockbox.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Coclico-Project.xml b/src/chrome/content/rules/Coclico-Project.xml
index 74db86998819..b8e007ca4397 100644
--- a/src/chrome/content/rules/Coclico-Project.xml
+++ b/src/chrome/content/rules/Coclico-Project.xml
@@ -1,14 +1,14 @@
-<!--	!functional:
+<!--
+	!functional:
 		- (www.)coclico-project.org	(cert: forge.projet-coclico.org; shows that domain's data)
-		- (www.)project-coclico.org	(ditto)
 -->
-<ruleset name="Coclico Project (partial)">
+<ruleset name="Coclico Project (partial)" default_off="shows default page">
 
-	<target host="forge.projet-coclico.org"/>
+	<target host="projet-coclico.org"/>
+	<target host="www.projet-coclico.org"/>
 
-	<securecookie host="^forge\.projet-coclico\.org$" name=".*"/>
 
-	<rule from="^http://forge\.projet-coclico\.org/"
-		to="https://forge.projet-coclico.org/"/>
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Code-of-Honor.xml b/src/chrome/content/rules/Code-of-Honor.xml
index ac73d39ab5aa..bc2e52554bf8 100644
--- a/src/chrome/content/rules/Code-of-Honor.xml
+++ b/src/chrome/content/rules/Code-of-Honor.xml
@@ -4,7 +4,6 @@
 	<target host="www.codeofhonor.com" />
 
 
-	<rule from="^http://(www\.)?codeofhonor\.com/"
-		to="https://$1codeofhonor.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Code.org-problematic.xml b/src/chrome/content/rules/Code.org-problematic.xml
deleted file mode 100644
index 1c8c9fcf8197..000000000000
--- a/src/chrome/content/rules/Code.org-problematic.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	For rules that are on by default, see Code.org.xml.
-
--->
-<ruleset name="Code.org (problematic)" default_off="mismatched">
-
-	<target host="*.code.org" />
-
-
-	<securecookie host="^\.forums\.code\.org$" name=".+" />
-
-
-	<rule from="^http://forums\.code\.org/"
-		to="https://forums.code.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Code.org.xml b/src/chrome/content/rules/Code.org.xml
index 6c283e89d274..56613b96d1ab 100644
--- a/src/chrome/content/rules/Code.org.xml
+++ b/src/chrome/content/rules/Code.org.xml
@@ -1,27 +1,22 @@
-<!--
-	For problematic rules, see Code.org-problematic.xml.
+<ruleset name="Code.org">
 
+	<!--	Direct rewrites:
+				-->
+	<target host="code.org" />
+	<target host="forums.code.org" />
+	<target host="learn.code.org" />
+	<target host="support.code.org" />
+	<target host="www.code.org" />
 
-	Problematic subdomains:
-
-		- forums	(works; mismatched, CN: *.websitetoolbox.com)
-		- www		(cert only matches ^code.org)
-
-
-	Mixed content:
-
-		- Images on forums from ^ *
-
-	* Secured by us
 
--->
-<ruleset name="Code.org (partial)">
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.code\.org$" name="^_learn_session$" /-->
 
-	<target host="code.org" />
-	<target host="www.code.org" />
+	<securecookie host="^\.code\.org$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?code\.org/"
-		to="https://code.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Code42.com.xml b/src/chrome/content/rules/Code42.com.xml
index de490d7a7c82..ec1f7be31d0f 100644
--- a/src/chrome/content/rules/Code42.com.xml
+++ b/src/chrome/content/rules/Code42.com.xml
@@ -4,7 +4,6 @@
 	<target host="www.code42.com" />
 
 
-	<rule from="^http://(www\.)?code42\.com/"
-		to="https://$1code42.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/CodeAurora.xml b/src/chrome/content/rules/CodeAurora.xml
index 9cc0b971c70f..09686d7c77ec 100644
--- a/src/chrome/content/rules/CodeAurora.xml
+++ b/src/chrome/content/rules/CodeAurora.xml
@@ -1,15 +1,17 @@
-<ruleset name="CodeAurora">
+<!--
+	For other Linux Foundation coverage, see LinuxFoundation.xml.
+
+-->
+<ruleset name="CodeAurora.org">
 
 	<target host="codeaurora.org" />
-	<!--	* for cross-domain cookies.	-->
-	<target host="*.codeaurora.org" />
+	<target host="www.codeaurora.org" />
 
 
-	<securecookie host="^\.codeaurora\.org$" name=".*" />
+	<securecookie host=".+" name=".+" />
 
 
-	<!--	Cert only matches www.	-->
-	<rule from="^https?://(?:www\.)?codeaurora\.org/"
-		to="https://www.codeaurora.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/CodeBeamer.com.xml b/src/chrome/content/rules/CodeBeamer.com.xml
new file mode 100644
index 000000000000..d7d4751eb927
--- /dev/null
+++ b/src/chrome/content/rules/CodeBeamer.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- codebeamer.com
+
+-->
+<ruleset name="CodeBeamer.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="codebeamer.com" />
+	<target host="www.codebeamer.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^codebeamer\.com$" name="^org\.ditchnet\.jsp\.tabs\.containerIdTemplate$" /-->
+
+	<securecookie host="^codebeamer\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CodeButler.com.xml b/src/chrome/content/rules/CodeButler.com.xml
new file mode 100644
index 000000000000..b2b42899784e
--- /dev/null
+++ b/src/chrome/content/rules/CodeButler.com.xml
@@ -0,0 +1,15 @@
+<!--
+	Invalid certificate (*.github.com):
+		codebutler.com
+		www.codebutler.com
+
+-->
+<ruleset name="Code Butler" default_off="mismatched">
+
+	<target host="codebutler.com" />
+	<target host="www.codebutler.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CodeHS.com.xml b/src/chrome/content/rules/CodeHS.com.xml
new file mode 100644
index 000000000000..f9d2357ca13a
--- /dev/null
+++ b/src/chrome/content/rules/CodeHS.com.xml
@@ -0,0 +1,28 @@
+<!--
+	Invalid certificate:
+		blog.codehs.com
+		help.codehs.com
+		hoc.codehs.com
+		hourofcode.codehs.com
+
+	Refused:
+		forum.codehs.com
+
+	Time out:
+		lite.codehs.com
+
+-->
+<ruleset name="CodeHS.com">
+
+	<target host="codehs.com" />
+	<target host="www.codehs.com" />
+	<target host="static.codehs.com" />
+	<target host="static1.codehs.com" />
+	<target host="static2.codehs.com" />
+	<target host="static3.codehs.com" />
+	<target host="static4.codehs.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CodeMirror.net.xml b/src/chrome/content/rules/CodeMirror.net.xml
new file mode 100644
index 000000000000..f2db281784ed
--- /dev/null
+++ b/src/chrome/content/rules/CodeMirror.net.xml
@@ -0,0 +1,12 @@
+<!--
+	www doesn't exist.
+-->
+
+<ruleset name="CodeMirror.net">
+	<target host="codemirror.net" />
+	<target host="discuss.codemirror.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CodePen.io.xml b/src/chrome/content/rules/CodePen.io.xml
index b159c8934e7e..9f83181183f6 100644
--- a/src/chrome/content/rules/CodePen.io.xml
+++ b/src/chrome/content/rules/CodePen.io.xml
@@ -1,25 +1,15 @@
 <!--
-	CDN buckets:
-
-		- s3-us-west-2.amazonaws.com/s.cdpn.io/
-
-
-	Nonfunctional subdomains:
-
-		- blog	(shows default Media Temple page)
-
-
-	Some pages redirect to http.
-
+	Non-functional hosts
+		SSL peer certificate was not OK:
+			 - assets.codepen.io
 -->
-<ruleset name="CodePen.io (partial)">
-
+<ruleset name="CodePen.io">
 	<target host="codepen.io" />
-	<target host="*.codepen.io" />
-		<exclusion pattern="^http://(?:www\.)?codepen\.io/+(?!favicon\.ico|(?:login|signup)(?:$|[?/]))" />
-
+	<target host="www.codepen.io" />
+	<target host="blog.codepen.io" />
+	<target host="s.codepen.io" />
 
-	<rule from="^http://((?:assets|s|www)\.)?codepen\.io/"
-		to="https://$1codepen.io/" />
+	<securecookie host=".+" name=".+" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/CodePicnic.com.xml b/src/chrome/content/rules/CodePicnic.com.xml
new file mode 100644
index 000000000000..2f50d91059b5
--- /dev/null
+++ b/src/chrome/content/rules/CodePicnic.com.xml
@@ -0,0 +1,27 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- codepicnic.com
+		- www.codepicnic.com
+
+
+-->
+<ruleset name="CodePicnic.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="codepicnic.com" />
+	<target host="www.codepicnic.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?codepicnic\.com$" name="^(?:_pym_session|bandit_landing_profiles_test)$" /-->
+
+	<securecookie host="^(?:www\.)?codepicnic\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CodePunker.com.xml b/src/chrome/content/rules/CodePunker.com.xml
new file mode 100644
index 000000000000..2a179537143e
--- /dev/null
+++ b/src/chrome/content/rules/CodePunker.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="CodePunker.com">
+
+	<target host="codepunker.com" />
+	<target host="www.codepunker.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CodeWeavers.xml b/src/chrome/content/rules/CodeWeavers.xml
index b5ed5174ff38..415b707450a0 100644
--- a/src/chrome/content/rules/CodeWeavers.xml
+++ b/src/chrome/content/rules/CodeWeavers.xml
@@ -1,20 +1,12 @@
-<!--
-	Problematic domains:
+<ruleset name="CodeWeavers">
 
-		- codeweavers.fr	(cert only matches www)
+	<target host="codeweavers.com" />
+	<target host="www.codeweavers.com" />
+	<target host="media.codeweavers.com" />
 
--->
-<ruleset name="CodeWeavers (partial)">
+  	<securecookie host="^www\.codeweavers\.com$" name=".+" />
 
-	<target host="codeweavers.*" />
-	<target host="www.codeweavers.*" />
-		<exclusion pattern="^http://(?:www\.)?codeweavers\.(?:com|fr)/(?!(?:about/\w+|login|services/\w+|store)(?:$|\?|/)|css/|images/|js/)" />
-
-
-	<rule from="^http://(www\.)?codeweavers\.com/"
-		to="https://$1codeweavers.com/" />
-
-	<rule from="^http://(?:www\.)?codeweavers\.fr/"
-		to="https://www.codeweavers.fr/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Code_Club.org.uk.xml b/src/chrome/content/rules/Code_Club.org.uk.xml
new file mode 100644
index 000000000000..4cb8ad2538cf
--- /dev/null
+++ b/src/chrome/content/rules/Code_Club.org.uk.xml
@@ -0,0 +1,46 @@
+<!--
+	Other Code Club rulesets:
+
+		- Code_Club_Pro.org.xml
+
+
+	Nonfunctional hosts in *codeclub.org.uk:
+
+		- roboboogie *
+
+	* 503
+
+
+	Problematic hosts in *codeclub.org.uk:
+
+		- blog *
+
+	* Wordpress
+
+
+	Insecure cookies are set for these hosts:
+
+		- codeclub.org.uk
+		- www.codeclub.org.uk
+
+-->
+<ruleset name="Code Club.org.uk (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="codeclub.org.uk" />
+	<!--target host="blog.codeclub.org.uk" /-->
+	<target host="www.codeclub.org.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?codeclub\.org\.uk$" name="^_code_club_session$" /-->
+
+	<securecookie host="^(?:www\.)?codeclub\.org\.uk$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Code_Club_Pro.org.xml b/src/chrome/content/rules/Code_Club_Pro.org.xml
new file mode 100644
index 000000000000..ad89eb9b0100
--- /dev/null
+++ b/src/chrome/content/rules/Code_Club_Pro.org.xml
@@ -0,0 +1,16 @@
+<!--
+	For other Code Club coverage, see Code_Club.org.uk.xml.
+
+-->
+<ruleset name="Code Club Pro.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="codeclubpro.org" />
+	<target host="www.codeclubpro.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Code_Mill_Tech.com.xml b/src/chrome/content/rules/Code_Mill_Tech.com.xml
new file mode 100644
index 000000000000..29939e63072f
--- /dev/null
+++ b/src/chrome/content/rules/Code_Mill_Tech.com.xml
@@ -0,0 +1,33 @@
+<!--
+	Insecure cookies are set for these domains and hosts:
+
+		- codemilltech.com
+		- .codemilltech.com
+
+
+	Mixed content:
+
+		- Image from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Code Mill Tech.com">
+
+	<target host="codemilltech.com" />
+	<target host="www.codemilltech.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^codemilltech\.com$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^\.codemilltech\.com$" name="^ARRAffinity$" /-->
+
+	<securecookie host="^\w" name=".+" />
+	<securecookie host="^\." name="^(?:_gat?|ARRAffinity)$" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Code_School.com.xml b/src/chrome/content/rules/Code_School.com.xml
new file mode 100644
index 000000000000..961720f7f878
--- /dev/null
+++ b/src/chrome/content/rules/Code_School.com.xml
@@ -0,0 +1,24 @@
+<!--
+	CDN buckets:
+
+		- d1tijy5l7mg5kk.cloudfront.net
+
+
+	Nonfunctional subdomains:
+
+		- discuss *
+
+	* Refused
+
+-->
+<ruleset name="Code School.com (partial)">
+
+	<target host="codeschool.com" />
+	<target host="www.codeschool.com" />
+		<!--exclusion pattern="https://discuss\.codeschool\.com" /-->
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Code_as_Craft.com.xml b/src/chrome/content/rules/Code_as_Craft.com.xml
new file mode 100644
index 000000000000..fc20f0402b9c
--- /dev/null
+++ b/src/chrome/content/rules/Code_as_Craft.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="Code as Craft.com">
+
+	<target host="codeascraft.com" />
+	<target host="www.codeascraft.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Code_for_America.org.xml b/src/chrome/content/rules/Code_for_America.org.xml
new file mode 100644
index 000000000000..5ff587aacae6
--- /dev/null
+++ b/src/chrome/content/rules/Code_for_America.org.xml
@@ -0,0 +1,46 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://jekit.codeforamerica.org/ => https://jekit.codeforamerica.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://people.codeforamerica.org/ => https://people.codeforamerica.org/: (6, 'Could not resolve host: people.codeforamerica.org')
+
+	Problematic hosts in *codeforamerica.org:
+
+		- awards ᵐ
+
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- secure.codeforamerica.org
+
+
+	Mixed content:
+
+		- Image on www from style.codeforamerica.org ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="Code for America.org (partial)" default_off="failed ruleset test">
+
+	<target host="codeforamerica.org" />
+	<target host="jekit.codeforamerica.org" />
+	<target host="people.codeforamerica.org" />
+	<target host="secure.codeforamerica.org" />
+	<target host="style.codeforamerica.org" />
+	<target host="www.codeforamerica.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^secure\.codeforamerica\.org$" name="^(?:exp_(?:last_activity|last_visit|tracker)|spud)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Codebase_HQ.com.xml b/src/chrome/content/rules/Codebase_HQ.com.xml
new file mode 100644
index 000000000000..433189fa5b11
--- /dev/null
+++ b/src/chrome/content/rules/Codebase_HQ.com.xml
@@ -0,0 +1,36 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://codebasehq.com/ => https://codebasehq.com/: (7, 'Failed to connect to codebasehq.com port 443: Connection refused')
+
+	For other aTech Media coverage, see ATech_Media.xml.
+
+
+	Insecure cookies are set for these hosts:
+
+		- support.codebasehq.com
+		- www.codebasehq.com
+
+-->
+<ruleset name="Codebase HQ.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="codebasehq.com" />
+	<target host="blog.codebasehq.com" />
+	<target host="support.codebasehq.com" />
+	<target host="www.codebasehq.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^support\.codebasehq\.com$" name="^(?:_sirportly_session|request_method)$" /-->
+	<!--securecookie host="^www\.codebasehq\.com$" name="^_codebase-website_session$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Codeblocks.org.xml b/src/chrome/content/rules/Codeblocks.org.xml
new file mode 100644
index 000000000000..d98e4966ff1f
--- /dev/null
+++ b/src/chrome/content/rules/Codeblocks.org.xml
@@ -0,0 +1,22 @@
+<!--
+	This domain contains a wildcard DNS record.
+
+	Different content:
+		forums.codeblocks.org
+		wiki.codeblocks.org
+
+	Invalid certificate:
+		www.codeblocks.org
+
+	Timeout:
+		staging.codeblocks.org
+-->
+<ruleset name="Codeblocks.org (partial)">
+
+	<target host="codeblocks.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CodecGuide.com.xml b/src/chrome/content/rules/CodecGuide.com.xml
new file mode 100644
index 000000000000..c2a74e961413
--- /dev/null
+++ b/src/chrome/content/rules/CodecGuide.com.xml
@@ -0,0 +1,13 @@
+<!--
+	Mismatched:
+		- files2.codecguide.com
+-->
+<ruleset name="CodecGuide.com">
+	<target host="codecguide.com" />
+	<target host="www.codecguide.com" />
+	<target host="data.codecguide.com" />
+	<target host="files.codecguide.com" />
+	<target host="files3.codecguide.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Codecademy.com.xml b/src/chrome/content/rules/Codecademy.com.xml
new file mode 100644
index 000000000000..9272d894d627
--- /dev/null
+++ b/src/chrome/content/rules/Codecademy.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="Codecademy.com">
+    <target host="codecademy.com" />
+    <target host="www.codecademy.com" />
+    <target host="discuss.codecademy.com" />
+
+    <securecookie host="^(www\.|discuss\.)?codecademy\.com$" name=".+" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Codecentric.de.xml b/src/chrome/content/rules/Codecentric.de.xml
new file mode 100644
index 000000000000..54f7e1c92910
--- /dev/null
+++ b/src/chrome/content/rules/Codecentric.de.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .blog.codecentric.de
+
+-->
+<ruleset name="Codecentric.de">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="codecentric.de" />
+	<target host="blog.codecentric.de" />
+	<target host="www.codecentric.de" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.blog\.codecentric\.de$" name="^_icl_current_language$" /-->
+
+	<securecookie host="^\.blog\.codecentric\.de$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Codeclimate.com.xml b/src/chrome/content/rules/Codeclimate.com.xml
new file mode 100644
index 000000000000..f65b86cd26bd
--- /dev/null
+++ b/src/chrome/content/rules/Codeclimate.com.xml
@@ -0,0 +1,15 @@
+<!--
+	Nonfunctional subdomains:
+		- docs   -> wrong domain
+		- blog   -> wrong domain
+		- status   -> wrong domain
+-->
+<ruleset name="Codeclimate.com">
+    <target host="codeclimate.com" />
+    <target host="www.codeclimate.com" />
+
+    <securecookie host="^(www\.)?codeclimate\.com" name=".+" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Codecombat.com.xml b/src/chrome/content/rules/Codecombat.com.xml
new file mode 100644
index 000000000000..03699d1c8bad
--- /dev/null
+++ b/src/chrome/content/rules/Codecombat.com.xml
@@ -0,0 +1,24 @@
+<ruleset name="Codecombat.com">
+
+	<target host="codecombat.com" />
+	<target host="br.codecombat.com" />
+	<target host="cn.codecombat.com" />
+	<target host="discourse.codecombat.com" />
+	<target host="www.codecombat.com" />
+
+	<!-- refused
+	files.codecombat.com
+	-->
+
+	<!--self-signed
+	direct.codecombat.com
+	-->
+
+	<!--mixed content
+	blog.codecombat.com
+	-->
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Codecoon.com.xml b/src/chrome/content/rules/Codecoon.com.xml
new file mode 100644
index 000000000000..c4b31a84a2fa
--- /dev/null
+++ b/src/chrome/content/rules/Codecoon.com.xml
@@ -0,0 +1,41 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://codecoon.com/ => https://codecoon.com/: (51, "SSL: no alternative certificate subject name matches target host name 'codecoon.com'")
+Fetch error: http://my.codecoon.com/ => https://my.codecoon.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://tracking.codecoon.com/ => https://tracking.codecoon.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.codecoon.com/ => https://www.codecoon.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.codecoon.com'")
+
+	Insecure cookies are set for these hosts:
+
+		- my.codecoon.com
+
+
+	Mixed content:
+
+		- Bugs on (www.)?, my from tracking.codecoon.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Codecoon.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="codecoon.com" />
+	<target host="my.codecoon.com" />
+	<target host="tracking.codecoon.com" />
+	<target host="www.codecoon.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^my\.codecoon.com$" name="^TYPO3_Flow_Session$" /-->
+
+	<securecookie host="^my\.codecoon.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Codecoop.org.xml b/src/chrome/content/rules/Codecoop.org.xml
index d186b6f3d893..9f577ad81646 100644
--- a/src/chrome/content/rules/Codecoop.org.xml
+++ b/src/chrome/content/rules/Codecoop.org.xml
@@ -1,7 +1,16 @@
-<ruleset name="Codecoop (CAcert)" platform="cacert">
+<!--
+	www.codecoop.org doesn't exist.
+
+-->
+<ruleset name="Codecoop.org">
+
 	<target host="codecoop.org" />
 	<target host="*.codecoop.org" />
 
-	<rule from="^http://codecoop\.org/" to="https://codecoop.org/"/>
-	<rule from="^http://([^/:@]*)\.codecoop\.org/" to="https://$1.codecoop.org/"/>
+		<test url="http://git.codecoop.org/" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/Codecov.io.xml b/src/chrome/content/rules/Codecov.io.xml
new file mode 100644
index 000000000000..5d6e74f1099e
--- /dev/null
+++ b/src/chrome/content/rules/Codecov.io.xml
@@ -0,0 +1,19 @@
+<!--
+	Secure connection failed:
+		slack.codecov.io
+
+	Invalid certificate:
+		status.codecov.io
+
+-->
+<ruleset name="Codecov.io">
+
+	<target host="codecov.io" />
+	<target host="www.codecov.io" />
+	<target host="docs.codecov.io" />
+	<target host="shop.codecov.io" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Codefisher.org.xml b/src/chrome/content/rules/Codefisher.org.xml
new file mode 100644
index 000000000000..d868bf74123c
--- /dev/null
+++ b/src/chrome/content/rules/Codefisher.org.xml
@@ -0,0 +1,12 @@
+<ruleset name="Codefisher.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="codefisher.org" />
+	<target host="www.codefisher.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Codeforces.com.xml b/src/chrome/content/rules/Codeforces.com.xml
new file mode 100644
index 000000000000..ee61d3843830
--- /dev/null
+++ b/src/chrome/content/rules/Codeforces.com.xml
@@ -0,0 +1,18 @@
+<!--
+	Nonfunctional hosts in *.codeforces.com (as of 2019-01-02):
+		# m1.codeforces.com (m)
+		# m3.codeforces.com (r)
+
+	m: certificate mismatch
+	r: connection refused
+-->
+<ruleset name="Codeforces.com">
+	<target host="codeforces.com" />
+		<test url="http://codeforces.com/enter" />
+	<target host="www.codeforces.com" />
+		<test url="http://www.codeforces.com/enter" />
+	<target host="m2.codeforces.com" />
+		<test url="http://m2.codeforces.com/enter" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Codefuel.xml b/src/chrome/content/rules/Codefuel.xml
new file mode 100644
index 000000000000..941f8eefbfc9
--- /dev/null
+++ b/src/chrome/content/rules/Codefuel.xml
@@ -0,0 +1,43 @@
+<!--
+	CDN buckets:
+
+		- codefuel.com.edgesuite.net
+
+
+	Nonfunctional subdomains:
+
+		- ^ ¹
+		- toolbar ²
+		- www ³
+
+	¹ Refused
+	² Dropped
+	³ 503, akamai
+
+
+	Mixed content:
+
+		- Image on sso from storage.stgbssint.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Codefuel.com (partial)">
+
+	<target host="accounts.codefuel.com" />
+	<target host="sso.codefuel.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.codefuel.com$" name="^(PHPSESSID|PERSISTENT_REFERRER_URL|REFERRER_URL|REFID)$" /-->
+	<!--securecookie host="^accounts\.codefuel.com$" name="^(\.ASPXANONYMOUS|ASP\.NET_SessionId)$" /-->
+	<!--securecookie host="^sso\.codefuel.com$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^\.codefuel.com$" name="^(?:PERSISTENT_REFERRER_URL|REFERRER_URL|REFID)$" />
+	<securecookie host="^(?:accounts|sso)\.codefuel.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Codehaus.org.xml b/src/chrome/content/rules/Codehaus.org.xml
index a44140520745..a03beccf68e9 100644
--- a/src/chrome/content/rules/Codehaus.org.xml
+++ b/src/chrome/content/rules/Codehaus.org.xml
@@ -1,4 +1,9 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://docs.codehaus.org/ => https://docs.codehaus.org/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://jira.codehaus.org/ => https://jira.codehaus.org/: (28, 'Connection timed out after 20013 milliseconds')
+
 	Nonfunctional subdomains:
 
 		- (www.) *
@@ -7,16 +12,28 @@
 
 	* Sshows empty tree
 
+
+	Fully covered subdomains:
+
+		- docs
+		- jira
+
+
+	Mixed content:
+
+		- Image on jira from www.codehaus.org
+
 -->
-<ruleset name="Codehaus.org (partial)">
+<ruleset name="Codehaus.org (partial)" default_off="failed ruleset test">
 
 	<target host="docs.codehaus.org" />
+	<target host="jira.codehaus.org" />
 
 
 	<securecookie host="^docs\.codehaus\.org$" name=".+" />
 
 
-	<rule from="^http://docs\.codehaus\.org/"
-		to="https://docs.codehaus.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Codementor.io.xml b/src/chrome/content/rules/Codementor.io.xml
new file mode 100644
index 000000000000..c852a61c45ee
--- /dev/null
+++ b/src/chrome/content/rules/Codementor.io.xml
@@ -0,0 +1,28 @@
+<!--
+	Insecure cookies are set for these domains and hosts:
+
+		- .codementor.io
+		- www.codementor.io
+
+-->
+<ruleset name="Codementor.io">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="codementor.io" />
+	<target host="cdn.codementor.io" />
+	<target host="www.codementor.io" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.codementor\.io$" name="^_session_id$" /-->
+	<!--securecookie host="^www\.codementor\.io$" name="^cmt_(landing|landing_path|last_landing|last_landing_path)$" /-->
+
+	<securecookie host="^(?:www)?\.codementor\.io$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Codemoji.org.xml b/src/chrome/content/rules/Codemoji.org.xml
new file mode 100644
index 000000000000..1715cb961bf1
--- /dev/null
+++ b/src/chrome/content/rules/Codemoji.org.xml
@@ -0,0 +1,6 @@
+<ruleset name="Codemoji.org">
+	<target host="codemoji.org" />
+	<target host="www.codemoji.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Codeplex.xml b/src/chrome/content/rules/Codeplex.xml
index acfeb0902d63..928c7373cc03 100644
--- a/src/chrome/content/rules/Codeplex.xml
+++ b/src/chrome/content/rules/Codeplex.xml
@@ -1,23 +1,34 @@
 <!--
-	Problematic subdomains:
-
-		- ^	(cert only matches *.codeplex.com)
+	For other Microsoft coverage, see Microsoft.xml.
 
 -->
-<ruleset name="Codeplex">
+<ruleset name="Codeplex.com (partial)">
 
 	<target host="codeplex.com" />
 	<target host="*.codeplex.com" />
+
+	<target host="download-codeplex.sec.s-msft.com" />
+
 		<exclusion pattern="^http://(?:download|i[123])\.codeplex\.com/" />
 
+			<test url="http://download.codeplex.com/" />
+			<test url="http://i1.codeplex.com/" />
+			<test url="http://i2.codeplex.com/" />
+			<test url="http://i3.codeplex.com/" />
+
+		<test url="http://json.codeplex.com/" />
+		<test url="http://nodejstools.codeplex.com/" />
+		<test url="http://www.codeplex.com/" />
+
 
-	<securecookie host="^(?:.*\.)?codeplex\.com$" name=".+" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.codeplex\.com$" name="^ASP\.NET_SessionId$" /-->
 
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://codeplex\.com/"
-		to="https://www.codeplex.com/" />
 
-	<rule from="^http://([^/:@\.]+)\.codeplex\.com/"
-		to="https://$1.codeplex.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Coderbits.com.xml b/src/chrome/content/rules/Coderbits.com.xml
new file mode 100644
index 000000000000..dce70e459922
--- /dev/null
+++ b/src/chrome/content/rules/Coderbits.com.xml
@@ -0,0 +1,32 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://coderbits.com/ => https://coderbits.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.coderbits.com/ => https://www.coderbits.com/: (28, 'Connection timed out after 20000 milliseconds')
+
+	Nonfunctional hosts in *coderbits.com:
+
+		- blog ¹
+		- shop ²
+
+	¹ Refused
+	² Redirects to http
+
+
+	Fully covered hosts in *coderbits.com:
+
+		- (www.)?
+
+-->
+<ruleset name="coderbits.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="coderbits.com" />
+	<target host="www.coderbits.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Coderouge.co.xml b/src/chrome/content/rules/Coderouge.co.xml
new file mode 100644
index 000000000000..337efa6036ae
--- /dev/null
+++ b/src/chrome/content/rules/Coderouge.co.xml
@@ -0,0 +1,21 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cdn.coderouge.co/ => https://cdn.coderouge.co/: (6, 'Could not resolve host: cdn.coderouge.co')
+Fetch error: http://git.coderouge.co/ => https://git.coderouge.co/: (6, 'Could not resolve host: git.coderouge.co')
+
+-->
+<ruleset name="Coderouge.co" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="coderouge.co" />
+	<target host="cdn.coderouge.co" />
+	<target host="git.coderouge.co" />
+	<target host="www.coderouge.co" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CodersClan.net.xml b/src/chrome/content/rules/CodersClan.net.xml
new file mode 100644
index 000000000000..85ceba465505
--- /dev/null
+++ b/src/chrome/content/rules/CodersClan.net.xml
@@ -0,0 +1,16 @@
+<ruleset name="CodersClan.net">
+
+	<target host="codersclan.net" />
+	<target host="www.codersclan.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?codersclan\.net$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^(?:www\.)?codersclan\.net$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Coderwall.xml b/src/chrome/content/rules/Coderwall.xml
index 644348b79716..5d47273ab2ae 100644
--- a/src/chrome/content/rules/Coderwall.xml
+++ b/src/chrome/content/rules/Coderwall.xml
@@ -1,4 +1,9 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://api.coderwall.com/ => https://api.coderwall.com/: (6, 'Could not resolve host: api.coderwall.com')
+Fetch error: http://www.coderwall.com/ => https://www.coderwall.com/: (7, 'Failed to connect to www.coderwall.com port 443: Connection refused')
+
 	CDN buckets:
 
 		- coderwall-assets-0.s3.amazonaws.com
@@ -13,20 +18,29 @@
 
 			- www.coderwall.com
 
+
+	Fully covered subdomains:
+
+		- (www.)?
+		- api
+		- cdn		(→ d2h0j0bhq7ad3b.cloudfront.net)
+
 -->
-<ruleset name="Coderwall">
+<ruleset name="Coderwall.com" default_off="failed ruleset test">
 
 	<target host="coderwall.com" />
-	<target host="*.coderwall.com" />
+	<target host="api.coderwall.com" />
+	<target host="cdn.coderwall.com" />
+	<target host="www.coderwall.com" />
 
 
 	<securecookie host="^(?:www\.)?coderwall\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?coderwall\.com/"
-		to="https://$1coderwall.com/" />
-
-	<rule from="^https?://cdn\.coderwall\.com/"
+	<rule from="^http://cdn\.coderwall\.com/"
 		to="https://d2h0j0bhq7ad3b.cloudfront.net/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Codeship.com.xml b/src/chrome/content/rules/Codeship.com.xml
new file mode 100644
index 000000000000..4f2a1b138fba
--- /dev/null
+++ b/src/chrome/content/rules/Codeship.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="Codeship.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="codeship.com" />
+	<target host="blog.codeship.com" />
+	<target host="www.codeship.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Codesion.xml b/src/chrome/content/rules/Codesion.xml
deleted file mode 100644
index 8cdc03fb7807..000000000000
--- a/src/chrome/content/rules/Codesion.xml
+++ /dev/null
@@ -1,26 +0,0 @@
-<!--
-	For other CollabNet coverage, see CollabNet.xml.
-
-
-	Nonfunctional subdomains:
-
-		- status	(timeout)
-
--->
-<ruleset name="Codesion (partial)">
-
-	<target host="app.codesion.com" />
-	<target host="blog.codesion.com" />
-	<target host="help.codesion.com" />
-
-
-	<securecookie host="^(?:ap|hel)p\.codesion\.com$" name=".+" />
-
-
-	<rule from="^http://(ap|hel)p\.codesion\.com/"
-		to="https://$1p.codesion.com/" />
-
-	<rule from="^https?://blog\.codesion\.com/"
-		to="https://blog.collab.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Codespeak.xml b/src/chrome/content/rules/Codespeak.xml
deleted file mode 100644
index f5a7537fdba4..000000000000
--- a/src/chrome/content/rules/Codespeak.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="codespeak">
-
-	<target host="codespeak.net"/>
-	<target host="www.codespeak.net"/>
-
-	<rule from="^http://(www\.)?codespeak\.net/"
-		to="https://$1codespeak.net/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Codethink.xml b/src/chrome/content/rules/Codethink.xml
index 69a6a8862661..0c6b4b764975 100644
--- a/src/chrome/content/rules/Codethink.xml
+++ b/src/chrome/content/rules/Codethink.xml
@@ -1,4 +1,4 @@
-<ruleset name="Codethink" default_off="mismatch">
+<ruleset name="Codethink" default_off="mismatched">
 
 	<target host="codethink.co.uk" />
 	<target host="www.codethink.co.uk" />
@@ -11,7 +11,7 @@
 
 		https://code... appears to show data from a defunct labs subdomain.
 											-->
-	<rule from="^https?://(?:www\.)?codethink\.co\.uk/"
+	<rule from="^http://(?:www\.)?codethink\.co\.uk/"
 		to="https://www.codethink.co.uk/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Codetriage.com.xml b/src/chrome/content/rules/Codetriage.com.xml
new file mode 100644
index 000000000000..26e6320f564b
--- /dev/null
+++ b/src/chrome/content/rules/Codetriage.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Codetriage.com">
+	<target host="codetriage.com" />
+	<target host="www.codetriage.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Codex_NS.io.xml b/src/chrome/content/rules/Codex_NS.io.xml
new file mode 100644
index 000000000000..5d1d6db97e5e
--- /dev/null
+++ b/src/chrome/content/rules/Codex_NS.io.xml
@@ -0,0 +1,25 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://rc.codexns.io/ => https://rc.codexns.io/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	www.codexns.io: Differs from http
+
+
+	These altnames don't exist:
+
+		- dev.codexns.io
+
+-->
+<ruleset name="Codex NS.io (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="codexns.io" />
+	<target host="rc.codexns.io" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CodiMD.org.xml b/src/chrome/content/rules/CodiMD.org.xml
new file mode 100644
index 000000000000..05a8055f713b
--- /dev/null
+++ b/src/chrome/content/rules/CodiMD.org.xml
@@ -0,0 +1,11 @@
+<ruleset name="CodiMD.org">
+	<target host="codimd.org" />
+	<target host="www.codimd.org" />
+	<target host="community.codimd.org" />
+	<target host="demo.codimd.org" />
+	<target host="git.codimd.org" />
+	<target host="social.codimd.org" />
+	<target host="translate.codimd.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CodingTeam.net.xml b/src/chrome/content/rules/CodingTeam.net.xml
index 00e72d95b9cf..e5551484efeb 100644
--- a/src/chrome/content/rules/CodingTeam.net.xml
+++ b/src/chrome/content/rules/CodingTeam.net.xml
@@ -1,6 +1,20 @@
-<ruleset name="CodingTeam (expired)" default_off="expired">
-  <target host="codingteam.net"/>
-  <target host="www.codingteam.net"/>
+<!--
+
+	Problematic hosts in *codingteam.net:
+
+		- www (mismatched)
+
+-->
+<ruleset name="CodingTeam.net">
+
+	<target host="codingteam.net" />
+	<target host="www.codingteam.net" />
+
+	<rule from="^http://www\.codingteam\.net/"
+		to="https://codingteam.net/" />
+
+	<rule from="^http:"
+		to="https:" />
 
-  <rule from="^http://(www\.)?codingteam\.net/" to="https://codingteam.net/"/>
 </ruleset>
+
diff --git a/src/chrome/content/rules/Codinghorror.com.xml b/src/chrome/content/rules/Codinghorror.com.xml
new file mode 100644
index 000000000000..05f3262f4047
--- /dev/null
+++ b/src/chrome/content/rules/Codinghorror.com.xml
@@ -0,0 +1,13 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://codinghorror.com/ => https://codinghorror.com/: (51, "SSL: no alternative certificate subject name matches target host name 'codinghorror.com'")
+
+-->
+<ruleset name="Coding Horror" default_off="failed ruleset test">
+  <target host="codinghorror.com" />
+  <target host="blog.codinghorror.com" />
+  <target host="www.codinghorror.com" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Coed.com.xml b/src/chrome/content/rules/Coed.com.xml
new file mode 100644
index 000000000000..cd056e47d01b
--- /dev/null
+++ b/src/chrome/content/rules/Coed.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="Coed.com">
+	<target host="coed.com" />
+	<target host="www.coed.com" />
+	<target host="shop.coed.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CogMatch.net.xml b/src/chrome/content/rules/CogMatch.net.xml
deleted file mode 100644
index dd370853d740..000000000000
--- a/src/chrome/content/rules/CogMatch.net.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<!--
-	Web bugs.
-
--->
-<ruleset name="CogMatch.net">
-
-	<target host="s-js.cogmatch.net" />
-
-
-	<rule from="^http://s-js\.cogmatch\.net/"
-		to="https://s-js.cogmatch.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Cognesia.net.xml b/src/chrome/content/rules/Cognesia.net.xml
index b7d697c4a261..774231911092 100644
--- a/src/chrome/content/rules/Cognesia.net.xml
+++ b/src/chrome/content/rules/Cognesia.net.xml
@@ -9,13 +9,12 @@
 -->
 <ruleset name="Cognesia.net">
 
-	<target host="*.cognesia.net" />
+	<target host="www.cognesia.net" />
 
 
 	<securecookie host="^(?:resources|www)\.cognesia\.net$" name=".+" />
 
 
-	<rule from="^http://www\.cognesia\.net/"
-		to="https://www.cognesia.net/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Cognition_Secure.com.xml b/src/chrome/content/rules/Cognition_Secure.com.xml
new file mode 100644
index 000000000000..273869bc4997
--- /dev/null
+++ b/src/chrome/content/rules/Cognition_Secure.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="Cognition Secure.com">
+
+	<target host="cognitionsecure.com" />
+	<target host="www.cognitionsecure.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cognitive-Dissidents.xml b/src/chrome/content/rules/Cognitive-Dissidents.xml
deleted file mode 100644
index 543a4844beb6..000000000000
--- a/src/chrome/content/rules/Cognitive-Dissidents.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	CDN buckets:
-
-		- blog.cognitivedissidents.com.edgesuite.net
-
--->
-<ruleset name="Cognitive Dissidents (partial)" default_off="Akamai">
-
-	<target host="*.cognitivedissidents.com" />
-
-
-	<!--	!www displays a domain parking page.
-							-->
-	<rule from="^http://(blog|www)\.cognitivedissidents\.com/"
-		to="https://$1.cognitivedissidents.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/CognitiveDissidents.com.xml b/src/chrome/content/rules/CognitiveDissidents.com.xml
new file mode 100644
index 000000000000..52160a46a0b0
--- /dev/null
+++ b/src/chrome/content/rules/CognitiveDissidents.com.xml
@@ -0,0 +1,13 @@
+<!--
+	^cognitivedissidents.com returns a blank page
+
+-->
+<ruleset name="Cognitive Dissidents" default_off="mismatched">
+
+	<target host="www.cognitivedissidents.com" />
+	<target host="blog.cognitivedissidents.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CohnReznick.com.xml b/src/chrome/content/rules/CohnReznick.com.xml
index 80391b93556b..047c8962be84 100644
--- a/src/chrome/content/rules/CohnReznick.com.xml
+++ b/src/chrome/content/rules/CohnReznick.com.xml
@@ -4,7 +4,6 @@
 	<target host="www.cohnreznick.com" />
 
 
-	<rule from="^http://(www\.)?cohnreznick\.com/"
-		to="https://$1cohnreznick.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/CoinAxis.com.xml b/src/chrome/content/rules/CoinAxis.com.xml
new file mode 100644
index 000000000000..251384c33978
--- /dev/null
+++ b/src/chrome/content/rules/CoinAxis.com.xml
@@ -0,0 +1,15 @@
+<ruleset name="CoinAxis.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="coinaxis.com" />
+	<target host="www.coinaxis.com" />
+
+
+	<securecookie host="^\.?coinaxis\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CoinDL.xml b/src/chrome/content/rules/CoinDL.xml
index 39cee2105cb6..fea8b4df53ea 100644
--- a/src/chrome/content/rules/CoinDL.xml
+++ b/src/chrome/content/rules/CoinDL.xml
@@ -1,13 +1,8 @@
-<ruleset name="CoinDL">
-
+<ruleset name="CoinDL.com">
 	<target host="coindl.com" />
 	<target host="www.coindl.com" />
-	<!--	* for cross-domain cookie.	-->
-	<target host="*.www.coindl.com" />
-
-	<securecookie host="^\.?www\.coindl\.com$" name=".*" />
 
-	<rule from="^http://(www\.)?coindl\.com/"
-		to="https://$1coindl.com/" />
+	<securecookie host=".+" name=".+" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/CoinDaddy.io.xml b/src/chrome/content/rules/CoinDaddy.io.xml
new file mode 100644
index 000000000000..6145c38b7960
--- /dev/null
+++ b/src/chrome/content/rules/CoinDaddy.io.xml
@@ -0,0 +1,30 @@
+<!--
+	Fully covered hosts in *coindaddy.io:
+
+		- (www.)?
+
+
+	Insecure cookies are set for these domains:
+
+		- .coindaddy.io
+
+-->
+<ruleset name="CoinDaddy.io">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="coindaddy.io" />
+	<target host="www.coindaddy.io" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.coindaddy\.io$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\.coindaddy\.io$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CoinDesk.com.xml b/src/chrome/content/rules/CoinDesk.com.xml
new file mode 100644
index 000000000000..cfe082170d6a
--- /dev/null
+++ b/src/chrome/content/rules/CoinDesk.com.xml
@@ -0,0 +1,18 @@
+<!--
+	Mismatched:
+		- jobs.coindesk.com
+-->
+
+<ruleset name="CoinDesk.com">
+	<target host="coindesk.com" />
+	<target host="www.coindesk.com" />
+	<target host="api.coindesk.com" />
+	<target host="media.coindesk.com" />
+	<target host="media-stage.coindesk.com" />
+	<target host="widget.coindesk.com" />
+	<target host="selfserve.coindesk.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CoinForum.de.xml b/src/chrome/content/rules/CoinForum.de.xml
new file mode 100644
index 000000000000..8c16fea340b8
--- /dev/null
+++ b/src/chrome/content/rules/CoinForum.de.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .coinforum.de
+
+-->
+<ruleset name="CoinForum.de">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="coinforum.de" />
+	<target host="www.coinforum.de" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.coinforum\.de$" name="^session_id$" /-->
+
+	<securecookie host="^\.coinforum\.de$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CoinJabber.com.xml b/src/chrome/content/rules/CoinJabber.com.xml
index 556395441ed2..b06a70c99464 100644
--- a/src/chrome/content/rules/CoinJabber.com.xml
+++ b/src/chrome/content/rules/CoinJabber.com.xml
@@ -1,17 +1,16 @@
 <!--
-	CN: Parallels Panel
+	Invalid certificate:
+		dev.coinjabber.com
 
 -->
-<ruleset name="CoinJabber.com" default_off="self-signed">
+<ruleset name="CoinJabber.com">
 
 	<target host="coinjabber.com" />
 	<target host="www.coinjabber.com" />
 
+	<securecookie host=".+" name=".+" />
 
-	<securecookie host="^www\.coinjabber\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?coinjabber\.com/"
-		to="https://www.coinjabber.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/CoinJar.com.xml b/src/chrome/content/rules/CoinJar.com.xml
new file mode 100644
index 000000000000..fb205ec02a63
--- /dev/null
+++ b/src/chrome/content/rules/CoinJar.com.xml
@@ -0,0 +1,40 @@
+<!--
+	Fully covered subdomains:
+
+		- (www.)
+		- app
+		- blog
+		- checkout
+		- filler
+		- secure
+		- support
+
+
+	Insecure cookies are set for these domains:
+
+		- .coinjar.com
+
+-->
+<ruleset name="CoinJar.com">
+
+	<target host="coinjar.com" />
+	<target host="app.coinjar.com" />
+	<target host="blog.coinjar.com" />
+	<target host="checkout.coinjar.com" />
+	<target host="filler.coinjar.com" />
+	<target host="secure.coinjar.com" />
+	<target host="support.coinjar.com" />
+	<target host="www.coinjar.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.coinjar\.com$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.coinjar\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CoinMate.io.xml b/src/chrome/content/rules/CoinMate.io.xml
new file mode 100644
index 000000000000..1513295d78b2
--- /dev/null
+++ b/src/chrome/content/rules/CoinMate.io.xml
@@ -0,0 +1,29 @@
+<!--
+	Insecure cookies are set for these domains and hosts:
+
+		- coinmate.io
+		- .coinmate.io
+
+-->
+<ruleset name="CoinMate.io">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="coinmate.io" />
+	<target host="www.coinmate.io" />
+
+		<test url="http://coinmate.io/home?referral=" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^coinmate\.io$" name="^signUp\.referralCode$" /-->
+	<!--securecookie host="^\.coinmate\.io$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.?coinmate\.io$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CoinPayments.com.xml b/src/chrome/content/rules/CoinPayments.com.xml
new file mode 100644
index 000000000000..cf3be4309c58
--- /dev/null
+++ b/src/chrome/content/rules/CoinPayments.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="CoinPayments.com">
+	<target host="coinpayments.com" />
+	<target host="www.coinpayments.com" />
+
+	<rule from="^http://www\.coinpayments\.com/" to="https://coinpayments.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CoinPayments.net.xml b/src/chrome/content/rules/CoinPayments.net.xml
new file mode 100644
index 000000000000..23215fea3edc
--- /dev/null
+++ b/src/chrome/content/rules/CoinPayments.net.xml
@@ -0,0 +1,28 @@
+
+<!--
+	For related onion service ruleset, see coinpaymtstgtibr.onion.xml
+
+	Timeout:
+		- mail
+		- mail2
+		- mailsf
+		- mta.mailsf
+		- webmail
+
+	Mismatched:
+		- pages.mailsf
+		- ns1
+-->
+<ruleset name="CoinPayments.net">
+	<target host="coinpayments.net" />
+	<target host="www.coinpayments.net" />
+	<target host="bitcoin.coinpayments.net" />
+	<target host="blog.coinpayments.net" />
+	<target host="explorer.coinpayments.net" />
+	<target host="irx.coinpayments.net" />
+	<target host="signup.coinpayments.net" />
+	<target host="stats.coinpayments.net" />
+	<target host="userfiles.coinpayments.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CoinURL.com.xml b/src/chrome/content/rules/CoinURL.com.xml
deleted file mode 100644
index 649ff2d9c019..000000000000
--- a/src/chrome/content/rules/CoinURL.com.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	Problematic subdomains:
-
-		- www	(cert only matches ^coinurl.com)
-
--->
-<ruleset name="CoinURL.com">
-
-	<target host="coinurl.com" />
-	<target host="www.coinurl.com" />
-
-
-	<securecookie host="^coinurl\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?coinurl\.com/"
-		to="https://coinurl.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/CoinWorker.xml b/src/chrome/content/rules/CoinWorker.xml
deleted file mode 100644
index ff802ab30ef3..000000000000
--- a/src/chrome/content/rules/CoinWorker.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<ruleset name="CoinWorker" default_off="mismatch">
-
-	<!--	Cert: *.heroku.com	-->
-	<target host="coinworker.com" />
-	<target host="*.coinworker.com" />
-
-
-	<rule from="^http://(?:www\.)?coinworker\.com/"
-		to="https://coinworker.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Coinb.in.xml b/src/chrome/content/rules/Coinb.in.xml
new file mode 100644
index 000000000000..2354ddcc3139
--- /dev/null
+++ b/src/chrome/content/rules/Coinb.in.xml
@@ -0,0 +1,8 @@
+<ruleset name="Coinb.in">
+	<target host="coinb.in" />
+	<target host="www.coinb.in" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Coinbase.xml b/src/chrome/content/rules/Coinbase.xml
deleted file mode 100644
index 5f35e6336ef1..000000000000
--- a/src/chrome/content/rules/Coinbase.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<!--
-	CDN buckets:
-
-		- coinbase-uploads.s3.amazonaws.com
-
-
-	Nonfunctional subdomains:
-
-		- blog
-
--->
-<ruleset name="Coinbase (partial)">
-
-	<target host="coinbase.com" />
-	<target host="*.coinbase.com" />
-
-
-	<securecookie host="^\.?coinbase\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?coinbase\.com/"
-		to="https://$1coinbase.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Coincheck.jp.xml b/src/chrome/content/rules/Coincheck.jp.xml
new file mode 100644
index 000000000000..ea894a58cc7d
--- /dev/null
+++ b/src/chrome/content/rules/Coincheck.jp.xml
@@ -0,0 +1,34 @@
+<!--
+	Nonfunctional hosts in *coincheck.jp:
+
+		- blog ¹
+		- support ²
+
+	¹ Dropped
+	² Zendesk
+
+
+	Insecure cookies are set for these hosts:
+
+		- coincheck.jp
+
+-->
+<ruleset name="coincheck.jp">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="coincheck.jp" />
+	<target host="www.coincheck.jp" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^coincheck\.jp$" name="^_coin_session2$" /-->
+
+	<securecookie host="^coincheck\.jp$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Coinfloor.co.uk.xml b/src/chrome/content/rules/Coinfloor.co.uk.xml
new file mode 100644
index 000000000000..6f8254ce095e
--- /dev/null
+++ b/src/chrome/content/rules/Coinfloor.co.uk.xml
@@ -0,0 +1,51 @@
+<!--
+	Nonfunctional hosts in *coinfloor.co.uk:
+
+		- blog ¹
+		- support ²
+
+	¹ Tumblr
+	² Zendesk
+
+
+	Problematic hosts in *coinfloor.co.uk:
+
+		- status *
+
+	* Statuspage.io
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- coinfloor.co.uk
+		- .coinfloor.co.uk
+		- www.coinfloor.co.uk
+
+-->
+<ruleset name="Coinfloor.co.uk (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="coinfloor.co.uk" />
+	<target host="www.coinfloor.co.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="status.coinfloor.co.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?coinfloor\.co\.uk$" name="^___utm[abv]\w+$" /-->
+	<!--securecookie host="^\.coinfloor\.co\.uk$" name="^(?:incap_ses_\d+|nlbi|visid_incap)_\d+$" /-->
+
+	<securecookie host="^(?:\.|www\.)?coinfloor\.co\.uk$" name=".+" />
+
+
+	<rule from="^http://status\.coinfloor\.co\.uk/"
+		to="https://coinfloor.statuspage.io/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Coinimal.com.xml b/src/chrome/content/rules/Coinimal.com.xml
new file mode 100644
index 000000000000..e732aa825a6c
--- /dev/null
+++ b/src/chrome/content/rules/Coinimal.com.xml
@@ -0,0 +1,23 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .coinimal.com
+
+-->
+<ruleset name="Coinimal.com">
+
+	<target host="coinimal.com" />
+	<target host="www.coinimal.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.coinimal\.com$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.coinimal\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Coinkite.com.xml b/src/chrome/content/rules/Coinkite.com.xml
new file mode 100644
index 000000000000..87a510ac4b57
--- /dev/null
+++ b/src/chrome/content/rules/Coinkite.com.xml
@@ -0,0 +1,50 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://docs.coinkite.com/ => https://docs.coinkite.com/: (6, 'Could not resolve host: docs.coinkite.com')
+
+	NB: Tor users cannot view* this website due to CloudFlare settings.
+
+	See:
+
+		- https://blog.torproject.org/blog/call-arms-helping-internet-services-accept-anonymous-users
+		- https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block-Tor-
+		- https://support.cloudflare.com/hc/en-us/articles/200170206-How-do-I-turn-I-m-Under-Attack-mode-on-
+
+	* without enabling javascript, for security and privacy implications see e.g.:
+
+		- https://www.mozilla.org/security/known-vulnerabilities/firefox.html
+		- https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-fingerprinting
+		- https://panopticlick.eff.org
+
+
+	Nonfunctional hosts in *coinkite.com:
+
+		- blog ʳ
+
+	ʳ Tumblr / refused
+
+
+	Insecure cookies are set for these domains:
+
+		- .coinkite.com
+
+-->
+<ruleset name="Coinkite.com" default_off="failed ruleset test">
+
+	<target host="coinkite.com" />
+	<target host="docs.coinkite.com" />
+	<target host="www.coinkite.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.coinkite\.com$" name="^(?:__cfduid|CK_ACTIVE|cf_clearance)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Coinomat.com.xml b/src/chrome/content/rules/Coinomat.com.xml
new file mode 100644
index 000000000000..5d1510c81fbe
--- /dev/null
+++ b/src/chrome/content/rules/Coinomat.com.xml
@@ -0,0 +1,33 @@
+<!--
+	Nonfunctional hosts:
+
+		- blog *
+
+	* Refused
+
+
+	Insecure cookies are set for these hosts:
+
+		- coinomat.com
+		- www.coinomat.com
+
+
+	Mixed content:
+
+		- Image from www.bestchange.com *
+
+	Not secured by us <= mismatched
+
+-->
+<ruleset name="Coinomat.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="coinomat.com" />
+	<target host="www.coinomat.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Coinsh.red.xml b/src/chrome/content/rules/Coinsh.red.xml
new file mode 100644
index 000000000000..e4893614d6c4
--- /dev/null
+++ b/src/chrome/content/rules/Coinsh.red.xml
@@ -0,0 +1,15 @@
+<!--
+	Invalid Certificate:
+		www.coinsh.red
+-->
+<ruleset name="Coinsh.red">
+	<target host="coinsh.red" />
+	<target host="www.coinsh.red" />
+	<target host="beta.coinsh.red" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://www\.coinsh\.red/" to="https://coinsh.red/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Coinsquare.io.xml b/src/chrome/content/rules/Coinsquare.io.xml
new file mode 100644
index 000000000000..4350337b1c79
--- /dev/null
+++ b/src/chrome/content/rules/Coinsquare.io.xml
@@ -0,0 +1,12 @@
+<ruleset name="Coinsquare.io">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="coinsquare.io" />
+	<target host="www.coinsquare.io" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cointelegraph.com.xml b/src/chrome/content/rules/Cointelegraph.com.xml
new file mode 100644
index 000000000000..a0ad3e24d2e4
--- /dev/null
+++ b/src/chrome/content/rules/Cointelegraph.com.xml
@@ -0,0 +1,44 @@
+<ruleset name="Cointelegraph">
+	<target host="cointelegraph.com" />
+	<target host="www.cointelegraph.com" />
+	<target host="alerts.cointelegraph.com" />
+	<target host="api.cointelegraph.com" />
+	<target host="buy.cointelegraph.com" />
+	<target host="coinmarketcap.cointelegraph.com" />
+	<target host="dapphub.cointelegraph.com" />
+	<target host="dapplist.cointelegraph.com" />
+	<target host="events.cointelegraph.com" />
+	<target host="exchange.cointelegraph.com" />
+	<target host="games.cointelegraph.com" />
+	<target host="gp.cointelegraph.com" />
+	<target host="hacks.magazine.cointelegraph.com" />
+	<target host="heatmap.cointelegraph.com" />
+	<target host="hodlers-june-2019.cointelegraph.com" />
+	<target host="hodlers-monthly.cointelegraph.com" />
+	<target host="ico.cointelegraph.com" />
+	<target host="images.cointelegraph.com" />
+	<target host="jobs.cointelegraph.com" />
+	<target host="jobs.jp.cointelegraph.com" />
+	<target host="magazine.cointelegraph.com" />
+	<target host="newswidget.cointelegraph.com" />
+	<target host="pricewidgets.cointelegraph.com" />
+	<target host="quotes.cointelegraph.com" />
+	<target host="s3.cointelegraph.com" />
+	<target host="store.cointelegraph.com" />
+	<target host="ticker.cointelegraph.com" />
+	<target host="top.cointelegraph.com" />
+	<target host="ar.cointelegraph.com" />
+	<target host="br.cointelegraph.com" />
+	<target host="cn.cointelegraph.com" />
+	<target host="de.cointelegraph.com" />
+	<target host="es.cointelegraph.com" />
+	<target host="fi.cointelegraph.com" />
+	<target host="hk.cointelegraph.com" />
+	<target host="it.cointelegraph.com" />
+	<target host="jp.cointelegraph.com" />
+	<target host="kr.cointelegraph.com" />
+	<target host="rs.cointelegraph.com" />
+	<target host="tr.cointelegraph.com" />
+  
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Coisas.com.xml b/src/chrome/content/rules/Coisas.com.xml
new file mode 100644
index 000000000000..1a060f9e95ce
--- /dev/null
+++ b/src/chrome/content/rules/Coisas.com.xml
@@ -0,0 +1,38 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .coisas.com
+
+
+	Mixed content:
+
+		- Image from s.imgrap.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Coicoisas.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.coisas.com" />
+
+	<!--	Complications:
+				-->
+	<target host="coisas.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.coisas.com$" name="^(?:PHPSESSID|SRV)$" /-->
+
+	<securecookie host="^\.coisas.com$" name=".+" />
+
+
+	<rule from="^http://coisas\.com/"
+		to="https://www.coisas.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Coke_CCE.com.xml b/src/chrome/content/rules/Coke_CCE.com.xml
new file mode 100644
index 000000000000..bde328a2dc68
--- /dev/null
+++ b/src/chrome/content/rules/Coke_CCE.com.xml
@@ -0,0 +1,13 @@
+<!--
+	Coca-Cola Enterprises
+
+-->
+<ruleset name="Coke CCE.com">
+
+	<target host="cokecce.com" />
+	<target host="www.cokecce.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ColaHotel.xml b/src/chrome/content/rules/ColaHotel.xml
deleted file mode 100644
index e87a985e8ff4..000000000000
--- a/src/chrome/content/rules/ColaHotel.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="ColaHotel">
-
-	<target host="cola-hotel.net" />
-	<target host="*.cola-hotel.net" />
-
-
-	<securecookie host="^(?:.*\.)?cola-hotel\.net$" name=".+" />
-
-
-	<rule from="^http://(ise\.|www\.)?cola-hotel\.net/"
-		to="https://$1cola-hotel.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Colbert_Nation.com.xml b/src/chrome/content/rules/Colbert_Nation.com.xml
deleted file mode 100644
index e98c888fc9f9..000000000000
--- a/src/chrome/content/rules/Colbert_Nation.com.xml
+++ /dev/null
@@ -1,32 +0,0 @@
-<!--
-	CDN buckets:
-
-		- www.colbertnation.com.edgesuite.net
-
-			- a1054.g.akamai.net
-
-
-	Problematic subdomains:
-
-		- ^	(refused)
-		- www	(works, akamai)
-
--->
-<ruleset name="Colbert Nation (partial)">
-
-	<target host="colbertnation.com" />
-	<target host="www.colbertnation.com" />
-		<!--
-			Avoid user-visible paths:
-							-->
-		<exclusion pattern="^http://(?:www\.)?colbertnation\.com/(?!favicon\.ico|media/|sitewide/)" />
-		<!--
-			stylesheet links images relative to /
-								-->
-		<exclusion pattern="^http://(?:www\.)?colbertnation\.com/media/styles\.css" />
-
-
-	<rule from="^http://(?:www\.)?colbertnation\.com/"
-		to="https://a248.e.akamai.net/f/1054/3100/3f/www.colbertnation.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Colchester.gov.uk.xml b/src/chrome/content/rules/Colchester.gov.uk.xml
new file mode 100644
index 000000000000..2df06763e891
--- /dev/null
+++ b/src/chrome/content/rules/Colchester.gov.uk.xml
@@ -0,0 +1,26 @@
+<!--
+	Colchester Borough Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+	Non-functional hosts
+		Couldn't connect to server:
+		- colchester.gov.uk
+		- www.colchester.gov.uk
+
+		Timeout was reached:
+		- connect.colchester.gov.uk
+		- datashare.colchester.gov.uk
+		- leisureworldbookings.colchester.gov.uk
+		- leisureworldmemberships.colchester.gov.uk
+		- www.planning.colchester.gov.uk
+
+		SSL connect error:
+		- ecourier.colchester.gov.uk
+-->
+<ruleset name="Colchester.gov.uk (partial)">
+	<target host="iconnect.colchester.gov.uk" />
+	<target host="online.colchester.gov.uk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Coles.com.au.xml b/src/chrome/content/rules/Coles.com.au.xml
new file mode 100644
index 000000000000..0c500145845e
--- /dev/null
+++ b/src/chrome/content/rules/Coles.com.au.xml
@@ -0,0 +1,172 @@
+<!--
+	Other related rulesets:
+		- ColesExpress.com.au.xml
+		- FirstChoiceLiquor.com.au.xml
+		- Kmart.com.au.xml
+		- KTAS.com.au.xml
+		- Liquorland.com.au.xml
+		- Mycoles.com.au.xml
+		- Officeworks.com.au.xml
+		- Target.com.au.xml
+		- VintageCellars.com.au.xml
+
+
+	Non-functional subdomains:
+
+		- as3gca	(i)
+		- test.account	(m)
+		- test.api	(t)
+		- test.app	(m)
+		- baby-toddler-club	(m)
+		- test.baby-toddler-club	(t)
+		- next.test.baby-toddler-club	(t)
+		- mail2.broadcast	(t)
+		- mail3.broadcast	(t)
+		- mail4.broadcast	(t)
+		- mail5.broadcast	(t)
+		- mail6.broadcast	(t)
+		- www.careers	(m)
+		- catalog	(t)
+		- cguest1	(t)
+		- cguest2	(t)
+		- test.dcinduction	(m)
+		- docusign.esb	(t)
+		- esbnp	(i)
+		- docusign.esbnp	(t)
+		- docusign.esbsvt	(t)
+		- www.flsupplier	(m)
+		- test.forms	(m)
+		- guestnet	(i)
+		- messagelabs.ic1	(t)
+		- test.locator	(t)
+		- login	(r)
+		- o1.mails4s	(t)
+		- meat	(m)
+		- meeting	(t)
+		- meetingplace	(t)
+		- meetingwc	(t)
+		- test.member	(t)
+		- millg	(t)
+		- moviedeal	(m)
+		- msds	(t)
+		- o365	(t)
+		- test.onedirection	(t)
+		- wip-test.onedirection	(t)
+		- origin-shop	(m)
+		- paymentstest	(t)
+		- peps-api	(t)
+		- peps-api-preprod	(t)
+		- peps-api-test	(t)
+		- pos	(m)
+		- www.pos	(m)
+		- produce	(m)
+		- qr	(m)
+		- test.qr	(m)
+		- rapgw	(t)
+		- rapgw1	(t)
+		- rapgw2	(t)
+		- recipes	(m)
+		- www.recipes	(m)
+		- test.recipes	(i)
+		- next.test.recipes	(i)
+		- un.recipes	(t)
+		- test.un.recipes	(t)
+		- redirect	(m)
+		- redirect-wip	(m)
+		- savi	(i)
+		- savistg	(t)
+		- scguest	(t)
+		- seafood	(m)
+		- search	(t)
+		- mobile.secure	(t)
+		- service-status	(m)
+		- www.shop	(i)
+		- shopprod	(m)
+		- shorturl	(t)
+		- sip	(t)
+		- sites	(t)
+		- skystone01	(t)
+		- sl	(t)
+		- social	(HTTP 301 error)
+		- redeem.sportsforschools	(t)
+		- shop.sportsforschools	(r)
+		- st-colessmkt-01	(t)
+		- st-colessmkt-01-ilom	(t)
+		- st-colessmkt-02	(t)
+		- st-colessmkt-02-ilom	(t)
+		- stgcasemanagement	(t)
+		- supplierportal	(m)
+		- www9.supplierportal	(t)
+		- supplierportalprod	(m)
+		- sustainability2010	(m)
+		- sustainabilityreport	(t)
+		- team	(t)
+		- teamtickets	(e)
+		- www.teamtickets	(e)
+		- test	(t)
+		- test0	(t)
+		- ticfreight	(s)
+		- tpmtraining	(t)
+		- vc	(t)
+		- vcse.vc	(t)
+		- video	(t)
+		- webconf	(t)
+		- webmail	(i)
+		- webmail2	(s)
+		- webmailt	(m)
+		- wguest	(t)
+		- xmpp	(t)
+		- yournewcoles	(t)
+		- zitrnvvcse01	(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Coles">
+
+	<target host="coles.com.au" />
+	<target host="www.coles.com.au" />
+	<target host="access.coles.com.au" />
+	<target host="access3.coles.com.au" />
+	<target host="api.coles.com.au" />
+	<target host="app.coles.com.au" />
+	<target host="as3g.coles.com.au" />
+	<target host="claimsvouchers.coles.com.au" />
+	<target host="connectme.coles.com.au" />
+	<target host="dcinduction.coles.com.au" />
+	<target host="esb.coles.com.au" />
+	<target host="esbsvt.coles.com.au" />
+	<target host="financialservices.coles.com.au" />
+	<target host="forms.coles.com.au" />
+	<target host="ftdirect.coles.com.au" />
+	<target host="general-insurance.coles.com.au" />
+	<target host="meetme.coles.com.au" />
+	<target host="payments.coles.com.au" />
+	<target host="recipeimages.coles.com.au" />
+	<target host="rroavpn.coles.com.au" />
+	<target host="secure.coles.com.au" />
+	<target host="www.secure.coles.com.au" />
+	<target host="uat.secure.coles.com.au" />
+	<target host="uat1.secure.coles.com.au" />
+	<target host="uat2.secure.coles.com.au" />
+	<target host="shop.coles.com.au" />
+	<target host="shopload.coles.com.au" />
+	<target host="shopmaint.coles.com.au" />
+	<target host="specials.coles.com.au" />
+	<target host="stg.coles.com.au" />
+	<target host="stgw.coles.com.au" />
+	<target host="stgwipsecure.coles.com.au" />
+	<target host="www.supplierportal.coles.com.au" />
+	<target host="testconnectme.coles.com.au" />
+	<target host="vintagecellarshamster.coles.com.au" />
+	<target host="webservices.coles.com.au" />
+	<target host="webservicesdev.coles.com.au" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ColesExpress.com.au.xml b/src/chrome/content/rules/ColesExpress.com.au.xml
new file mode 100644
index 000000000000..8a5751f4ed4d
--- /dev/null
+++ b/src/chrome/content/rules/ColesExpress.com.au.xml
@@ -0,0 +1,28 @@
+<!--
+	For other Coles coverage, see Coles.com.au.xml
+
+
+	Non-functional subdomains:
+		- $host		(m)
+		- access	(e)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Coles Express">
+
+	<target host="colesexpress.com.au" />
+	<target host="www.colesexpress.com.au" />
+	<target host="mobileapp.colesexpress.com.au" />
+
+	<rule from="^http://colesexpress\.com\.au/"
+		to="https://www.colesexpress.com.au/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Coletivos.org.xml b/src/chrome/content/rules/Coletivos.org.xml
new file mode 100644
index 000000000000..435a1db045d6
--- /dev/null
+++ b/src/chrome/content/rules/Coletivos.org.xml
@@ -0,0 +1,15 @@
+<!--
+	Invalid certificate:
+		www.coletivos.org
+		discourse.coletivos.org
+-->
+<ruleset name="Coletivos.org">
+	<target host="coletivos.org" />
+	<target host="pad.coletivos.org" />
+	<target host="social.coletivos.org" />
+	<target host="webmail.coletivos.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Colin-Leroy.xml b/src/chrome/content/rules/Colin-Leroy.xml
index 4f1fb6646972..29d3116b8135 100644
--- a/src/chrome/content/rules/Colin-Leroy.xml
+++ b/src/chrome/content/rules/Colin-Leroy.xml
@@ -5,7 +5,6 @@
 
 
 
-	<rule from="^http://(www\.)?colino\.net/"
-		to="https://$1colino.net/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/CollabNet.xml b/src/chrome/content/rules/CollabNet.xml
index 60b45a5a9503..7150325fa31a 100644
--- a/src/chrome/content/rules/CollabNet.xml
+++ b/src/chrome/content/rules/CollabNet.xml
@@ -2,19 +2,61 @@
 	Other CollabNet rulesets:
 
 		- CloudForge.xml
-		- Codesion.xml
+
+
+	Nonfunctional subdomains:
+
+		- blogs ¹
+		- help ¹
+		- visit ²
+
+	¹ Refused
+	² Marketo
+
+
+	Problematic subdomains:
+
+		- open *
+
+	* Cert only matches *.open.collab.net
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- git.help from www.open ¹
+			- forums.open from www ¹
+			- forums.open from stg01 ²
+
+		- favicon on forums.open from www ¹
+
+	¹ Secured by us
+	² Unsecurable <= dropped
 
 -->
 <ruleset name="CollabNet">
 
 	<target host="collab.net" />
-	<target host="*.collab.net" />
+	<target host="blog.collab.net" />
+	<target host="git.help.collab.net" />
+	<target host="forums.open.collab.net" />
+	<target host="www.collab.net" />
+	<target host="open.collab.net" />
+	<target host="www.open.collab.net" />
+	<target host="visit.collab.net" />
 
 
 	<securecookie host="^\.collab\.net$" name=".+" />
 
 
-	<rule from="^http://(blog\.|www\.)?collab\.net/"
+	<rule from="^http://((?:blog|git\.help|forums\.open|www)\.)?collab\.net/"
 		to="https://$1collab.net/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http://(?:www\.)?open\.collab\.net/"
+		to="https://www.open.collab.net/" />
+
+	<rule from="^http://visit\.collab\.net/(?=css/|images/|js/|rs/)"
+		to="https://na-aba.collab.net/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Collabnix.com.xml b/src/chrome/content/rules/Collabnix.com.xml
new file mode 100644
index 000000000000..923beae69d81
--- /dev/null
+++ b/src/chrome/content/rules/Collabnix.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="Collabnix.com">
+	<target host="collabnix.com" />
+	<target host="www.collabnix.com" />
+
+	<rule from="^http:" to="https:" />
+
+	<securecookie host=".+" name=".+" />
+</ruleset>
diff --git a/src/chrome/content/rules/Collabora-mismatches.xml b/src/chrome/content/rules/Collabora-mismatches.xml
deleted file mode 100644
index efa7616c9577..000000000000
--- a/src/chrome/content/rules/Collabora-mismatches.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	For rules that are on by default, see Collabora.xml.
-
--->
-<ruleset name="Collabora (mismatches)" default_off="mismatched, self-signed">
-
-	<target host="dhansak.collabora.co.uk" />
-	<target host="monkey.collabora.co.uk" />
-
-
-	<rule from="^http://(dhansak|monkey)\.collabora\.co\.uk/"
-		to="https://$1.collabora.co.uk/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Collabora.xml b/src/chrome/content/rules/Collabora.xml
deleted file mode 100644
index 90989a49798e..000000000000
--- a/src/chrome/content/rules/Collabora.xml
+++ /dev/null
@@ -1,49 +0,0 @@
-<!--
-	For problematic rules, see Collabora-mismatches.xml.
-
-
-	Nonfunctional domains:
-
-		- collabora.co.uk subdomains:
-
-			- bzr *
-			- cgit *
-			- git *
-			- planet *
-
-		- collabora.com subdomains:
-
-			- cgit *
-			- git *
-			- planet *
-
-	* Shows dhansak.collabora.co.uk; CN: www.collabora.co.uk
-
-
-	Problematic domains:
-
-		- dhansak.collabora.co.uk *
-		- monkey.collabora.co.uk *
-
-	* Works; mismatched, CN: www.collabora.co.uk
-
-
-	Fully covered domains:
-
-		- (www.)collabora.co.uk
-		- trac.collabora.co.uk
-		- (www.)collabora.com
-
--->
-<ruleset name="Collabora (partial)">
-
-	<target host="collabora.co.uk" />
-	<target host="*.collabora.co.uk" />
-	<target host="collabora.com" />
-	<target host="www.collabora.com" />
-
-
-	<rule from="^http://(trac\.|www\.)?collabora\.co(\.uk|m)/"
-		to="https://$1collabora.co$2/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Collateral_Murder.xml b/src/chrome/content/rules/Collateral_Murder.xml
index a4df3d0c12cb..eb033f725e56 100644
--- a/src/chrome/content/rules/Collateral_Murder.xml
+++ b/src/chrome/content/rules/Collateral_Murder.xml
@@ -1,13 +1,12 @@
 <ruleset name="Collateral Murder">
 
 	<target host="collateralmurder.com" />
-	<target host="*.collateralmurder.com" />
+	<target host="www.collateralmurder.com" />
 
 
 	<securecookie host="^\.collateralmurder\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?collateralmurder\.com/"
-		to="https://$1collateralmurder.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Collectd.org.xml b/src/chrome/content/rules/Collectd.org.xml
index 86a7cf75210c..8562de914e2b 100644
--- a/src/chrome/content/rules/Collectd.org.xml
+++ b/src/chrome/content/rules/Collectd.org.xml
@@ -1,10 +1,12 @@
 <ruleset name="collectd.org">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="collectd.org" />
 	<target host="www.collectd.org" />
 
 
-	<rule from="^http://(www\.)?collectd\.org/"
-		to="https://$1collectd.org/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Collectif_Stop_TAFTA.org.xml b/src/chrome/content/rules/Collectif_Stop_TAFTA.org.xml
new file mode 100644
index 000000000000..3ecff8a490cb
--- /dev/null
+++ b/src/chrome/content/rules/Collectif_Stop_TAFTA.org.xml
@@ -0,0 +1,22 @@
+<!--
+	^collectifstoptafta.org: Mismatched
+
+-->
+<ruleset name="Collectif Stop TAFTA.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.collectifstoptafta.org" />
+
+	<!--	Complications:
+				-->
+	<target host="collectifstoptafta.org" />
+
+
+	<rule from="^http://collectifstoptafta\.org/"
+		to="https://www.collectifstoptafta.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Collective-Media.xml b/src/chrome/content/rules/Collective-Media.xml
index 2a306c447db5..d147f39ee85f 100644
--- a/src/chrome/content/rules/Collective-Media.xml
+++ b/src/chrome/content/rules/Collective-Media.xml
@@ -3,23 +3,35 @@
 
 		- a.collective-media.net.edgekey.net
 
-			- e4000.g.akamaiedge.net
+
+	Insecure cookies are set for these domains: ᶜ
+
+		- .collective-media.net
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
 <ruleset name="Collective Media (partial)">
 
 	<target host="amp.collective.com" />
-	<target host="*.collective-media.net" />
+	<target host="a.collective-media.net" />
+	<target host="b.collective-media.net" />
+	<target host="origin.collective-media.net" />
 
+		<!--	Sets cookie without Secure:
+							-->
+		<test url="http://b.collective-media.net/seg/cm/tm1h?gtmcb=" />
 
-	<!--	name="^(cli|JY57)$"	-->
-	<securecookie host="^\.collective-media\.net$" name=".+" />
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.collective-media\.net$" name="^cli$" /-->
+
+	<!--	name="^JY57$"	-->
+	<securecookie host="^\.collective-media\.net$" name=".+" />
 
-	<rule from="^http://amp\.collective\.com/"
-		to="https://amp.collective.com/" />
 
-	<rule from="^http://(a|origin)\.collective-media\.net/"
-		to="https://$1.collective-media.net/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Collective_IP.com.xml b/src/chrome/content/rules/Collective_IP.com.xml
new file mode 100644
index 000000000000..1964a51c3dbb
--- /dev/null
+++ b/src/chrome/content/rules/Collective_IP.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="Collective IP.com">
+
+	<target host="collectiveip.com" />
+	<target host="www.collectiveip.com" />
+
+
+	<securecookie host="^\.collectiveip\.com$" name="^__cfduid$" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/College-of-Nurses-of-Ontario.xml b/src/chrome/content/rules/College-of-Nurses-of-Ontario.xml
index 2c082f0fb635..6cb7e6b24f1a 100644
--- a/src/chrome/content/rules/College-of-Nurses-of-Ontario.xml
+++ b/src/chrome/content/rules/College-of-Nurses-of-Ontario.xml
@@ -1,3 +1,7 @@
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://flo.cno.org/ => https://flo.cno.org/: (28, 'Connection timed out after 10000 milliseconds')
+-->
 <ruleset name="College of Nurses of Ontario (partial)">
 
 	<target host="cno.org"/>
diff --git a/src/chrome/content/rules/CollegeBoundfund.xml b/src/chrome/content/rules/CollegeBoundfund.xml
deleted file mode 100644
index bf1fd5d95677..000000000000
--- a/src/chrome/content/rules/CollegeBoundfund.xml
+++ /dev/null
@@ -1,28 +0,0 @@
-<!--
-	For other AllianceBernstein coverage, see AllianceBernstein.xml.
-
-
-	Nonfunctional subdomains:
-
-		- ri	(400; mismatched, CN: corporate.collegeboundfund.com)
-
--->
-<ruleset name="CollegeBoundfund (partial)">
-
-	<target host="collegeboundfund.com" />
-	<target host="*.collegeboundfund.com" />
-
-
-	<securecookie host="^(?:.+\.)?collegeboundfund\.com$" name=".+" />
-
-
-	<rule from="^http://(corporate\.|www\.)?collegeboundfund\.com/"
-		to="https://$1collegeboundfund.com/" />
-
-	<rule from="^https?://ri\.collegeboundfund\.com/(\?.*)?$"
-		to="https://www.collegeboundfund.com/ri/home.aspx$1" />
-
-	<rule from="^https?://ri\.collegeboundfund\.com/CmsObjectRICBF/"
-		to="https://corporate.collegeboundfund.com/CmsObjectRICBF/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/CollegeHumor-mismatches.xml b/src/chrome/content/rules/CollegeHumor-mismatches.xml
index 959d01218fe9..af4d25cc998b 100644
--- a/src/chrome/content/rules/CollegeHumor-mismatches.xml
+++ b/src/chrome/content/rules/CollegeHumor-mismatches.xml
@@ -10,7 +10,7 @@
 	<!--	All in \d.media.... appear the same, so minimize
 		the number of cert exceptions needed.
 							-->
-	<rule from="^https?://\d\.media\.collegehumor\.cvcdn\.com/"
+	<rule from="^http://\d\.media\.collegehumor\.cvcdn\.com/"
 		to="https://1.media.collegehumor.cvcdn.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/CollegeHumor.xml b/src/chrome/content/rules/CollegeHumor.xml
index 1dcb956d6c86..37aeeec5e802 100644
--- a/src/chrome/content/rules/CollegeHumor.xml
+++ b/src/chrome/content/rules/CollegeHumor.xml
@@ -20,12 +20,12 @@
 
 	<!--	Cert only matches www.
 					-->
-	<rule from="^https?://(?:www\.)?collegehumor\.com/"
+	<rule from="^http://(?:www\.)?collegehumor\.com/"
 		to="https://www.collegehumor.com/" />
 
 	<!--	Akamai.
 			-->
-	<rule from="^https?://\d\.static\.collegehumor\.cvcdn\.com/"
+	<rule from="^http://\d\.static\.collegehumor\.cvcdn\.com/"
 		to="https://www.collegehumor.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/CollegeNET.com.xml b/src/chrome/content/rules/CollegeNET.com.xml
new file mode 100644
index 000000000000..8c40f69ac1a3
--- /dev/null
+++ b/src/chrome/content/rules/CollegeNET.com.xml
@@ -0,0 +1,28 @@
+<!--
+	Insecure cookies are set for these domains and hosts:
+
+		- .collegenet.com
+		- 25live-a.collegenet.com
+		- 25live.collegenet.com
+
+-->
+<ruleset name="CollegeNET.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="25live.collegenet.com" />
+	<target host="25live-a.collegenet.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.collegenet\.com$" name="^Blaze$" /-->
+	<!--securecookie host="^25live(?:-a)?\.collegenet\.com$" name="^(?:25LiveCluster|JSESSIONID)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Collegiate-Peaks-Bank.xml b/src/chrome/content/rules/Collegiate-Peaks-Bank.xml
deleted file mode 100644
index 880dad2a2883..000000000000
--- a/src/chrome/content/rules/Collegiate-Peaks-Bank.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<ruleset name="Collegiate Peaks Bank">
-	<target host="collegiatepeaksbank.com" />
-	<target host="www.collegiatepeaksbank.com" />
-	<target host="cpbonlinebanking.com" />
-	<target host="www.cpbonlinebanking.com" />
-	<target host="12.191.21.228" />
-
-	<securecookie host="(^|\.)collegiatepeaksbank\.com$" name=".+" />
-	<securecookie host="(^|\.)cpbonlinebanking\.com$" name=".+" />
-
-	<rule from="^http://(www\.)?collegiatepeaksbank\.com/"
-		to="https://www.collegiatepeaksbank.com/" />
-	<rule from="^(http://(www\.)?|https://)cpbonlinebanking\.com/"
-		to="https://www.cpbonlinebanking.com/" />
-	<rule from="^http://12\.191\.21\.228/Portals/117/lock\.gif"
-		to="https://www.collegiatepeaksbank.com/Portals/117/lock.gif" />
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/CollegiateLink.xml b/src/chrome/content/rules/CollegiateLink.xml
index 15905606b31c..d2dbe858bff5 100644
--- a/src/chrome/content/rules/CollegiateLink.xml
+++ b/src/chrome/content/rules/CollegiateLink.xml
@@ -1,7 +1,123 @@
-<ruleset name="CollegiateLink (partial)">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ufl.collegiatelink.net/ => https://ufl.collegiatelink.net/: (7, 'Failed to connect to ufl.collegiatelink.net port 443: Connection refused')
+
+	For other Campus Labs coverage, see Campuslabs.com.xml.
+
+
+	^collegiatelink.net does not exist.
+
+-->
+<ruleset name="CollegiateLink.net" default_off="failed ruleset test">
+
 	<target host="*.collegiatelink.net" />
 
-	<exclusion pattern="^http://((www[0-9]?)\.)?collegiatelink\.net/" />
+		<exclusion pattern="^http://(?:[^./]+\.){2,}collegiatelink\.net/" />
+
+			<!--	+ve:
+					-->
+			<test url="http://this.host.collegiatelink.net/" />
+			<test url="http://exists.not.collegiatelink.net/" />
+
+		<test url="http://images.collegiatelink.net/clink/images/1234e092-0e27-43bf-9fca-e0270b25db66091c67bf-5315-4481-bfd6-fb1dc5c93822.png?preset=small-sq" />
+		<test url="http://www.collegiatelink.net/" />
+
+		<!--	(accounts:)
+					-->
+		<test url="http://aacc.collegiatelink.net/" />
+		<test url="http://adelphi.collegiatelink.net/" />
+		<test url="http://albany.collegiatelink.net/" />
+		<test url="http://alberta.collegiatelink.net/" />
+		<test url="http://alvernia.collegiatelink.net/" />
+		<test url="http://arizona.collegiatelink.net/" />
+		<test url="http://auburn.collegiatelink.net/" />
+		<test url="http://babson.collegiatelink.net/" />
+		<test url="http://bengalconnect.collegiatelink.net/" />
+		<test url="http://berea.collegiatelink.net/" />
+		<test url="http://berkeley.collegiatelink.net/" />
+		<test url="http://binghamton.collegiatelink.net/" />
+		<test url="http://bucknell.collegiatelink.net/" />
+		<test url="http://clarkson.collegiatelink.net/" />
+		<test url="http://creighton.collegiatelink.net/" />
+		<test url="http://csudh.collegiatelink.net/" />
+		<test url="http://erau.collegiatelink.net/" />
+		<test url="http://esu.collegiatelink.net/" />
+		<test url="http://evangel.collegiatelink.net/" />
+		<test url="http://fgcu.collegiatelink.net/" />
+		<test url="http://fitnyc.collegiatelink.net/" />
+		<test url="http://forthays.collegiatelink.net/" />
+		<test url="http://fsu.collegiatelink.net/" />
+		<test url="http://georgetown.collegiatelink.net/" />
+		<test url="http://ggc.collegiatelink.net/" />
+		<test url="http://gonzaga.collegiatelink.net/" />
+		<test url="http://govst.collegiatelink.net/" />
+		<test url="http://gsw.collegiatelink.net/" />
+		<test url="http://hartwick.collegiatelink.net/" />
+		<test url="http://hws.collegiatelink.net/" />
+		<test url="http://iub.collegiatelink.net/" />
+		<test url="http://iuk.collegiatelink.net/" />
+		<test url="http://iupui.collegiatelink.net/" />
+		<test url="http://ius.collegiatelink.net/" />
+		<test url="http://ku.collegiatelink.net/" />
+		<test url="http://lehigh.collegiatelink.net/" />
+		<test url="http://mcgill.collegiatelink.net/" />
+		<test url="http://mdc.collegiatelink.net/" />
+		<test url="http://mtsu.collegiatelink.net/" />
+		<test url="http://mtu.collegiatelink.net/" />
+		<test url="http://niu.collegiatelink.net/" />
+		<test url="http://nwmissouri.collegiatelink.net/" />
+		<test url="http://okstate.collegiatelink.net/" />
+		<test url="http://oswego.collegiatelink.net/" />
+		<test url="http://rit.collegiatelink.net/" />
+		<test url="http://rutgers.collegiatelink.net/" />
+		<test url="http://sdsmt.collegiatelink.net/" />
+		<test url="http://sfcollege.collegiatelink.net/" />
+		<test url="http://siue.collegiatelink.net/" />
+		<test url="http://slu.collegiatelink.net/" />
+		<test url="http://smith.collegiatelink.net/" />
+		<test url="http://stcloudstate.collegiatelink.net/" />
+		<test url="http://stedwards.collegiatelink.net/" />
+		<test url="http://stmarytx.collegiatelink.net/" />
+		<test url="http://tacoma.collegiatelink.net/" />
+		<test url="http://tallahassee.collegiatelink.net/" />
+		<test url="http://tamiu.collegiatelink.net/" />
+		<test url="http://tcnj.collegiatelink.net/" />
+		<test url="http://troy.collegiatelink.net/" />
+		<test url="http://uaa.collegiatelink.net/" />
+		<test url="http://udel.collegiatelink.net/" />
+		<test url="http://ufl.collegiatelink.net/" />
+		<test url="http://uga.collegiatelink.net/" />
+		<test url="http://uh.collegiatelink.net/" />
+		<test url="http://umassamherst.collegiatelink.net/" />
+		<test url="http://umassdartmouth.collegiatelink.net/" />
+		<test url="http://umasslowellclubs.collegiatelink.net/" />
+		<test url="http://umb.collegiatelink.net/" />
+		<test url="http://uncp.collegiatelink.net/" />
+		<test url="http://uncstudentorgs.collegiatelink.net/" />
+		<test url="http://und.collegiatelink.net/" />
+		<test url="http://une.collegiatelink.net/" />
+		<test url="http://unh.collegiatelink.net/" />
+		<test url="http://unlv.collegiatelink.net/" />
+		<test url="http://utsa.collegiatelink.net/" />
+		<test url="http://uva.collegiatelink.net/" />
+		<test url="http://uwlmyorgs.collegiatelink.net/" />
+		<test url="http://uwmadison.collegiatelink.net/" />
+		<test url="http://uwp.collegiatelink.net/" />
+		<test url="http://uwyo.collegiatelink.net/" />
+		<test url="http://valdosta.collegiatelink.net/" />
+		<test url="http://vcu.collegiatelink.net/" />
+		<test url="http://vt.collegiatelink.net/" />
+		<test url="http://vugroups.collegiatelink.net/" />
+		<test url="http://washington.collegiatelink.net/" />
+		<test url="http://webster.collegiatelink.net/" />
+		<test url="http://wustl.collegiatelink.net/" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
-	<rule from="^http://([a-zA-Z0-9\-]+)\.collegiatelink\.net/" to="https://$1.collegiatelink.net/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/CollegiatePeaksBank.com.xml b/src/chrome/content/rules/CollegiatePeaksBank.com.xml
new file mode 100644
index 000000000000..23369370aedc
--- /dev/null
+++ b/src/chrome/content/rules/CollegiatePeaksBank.com.xml
@@ -0,0 +1,19 @@
+<!--
+	Invalid certificate:
+		mobile.collegiatepeaksbank.com
+		cpbonlinebanking.com
+
+  Host unresolved:
+    cpbonlinebanking.com
+-->
+<ruleset name="Collegiate Peaks Bank">
+
+	<target host="collegiatepeaksbank.com" />
+	<target host="www.collegiatepeaksbank.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CollierTech.org.xml b/src/chrome/content/rules/CollierTech.org.xml
new file mode 100644
index 000000000000..b4e63303b590
--- /dev/null
+++ b/src/chrome/content/rules/CollierTech.org.xml
@@ -0,0 +1,25 @@
+<!--
+	(www.)?colliertech.org: Shops wp.colliertech.org
+
+
+	These altnames don't exist:
+
+		- wp-admin.colliertech.org
+
+
+	Mixed content
+
+		- Images on wp from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="CollierTech.org (partial)">
+
+	<target host="wp.colliertech.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Collings_Foundation.org.xml b/src/chrome/content/rules/Collings_Foundation.org.xml
new file mode 100644
index 000000000000..109252f191ca
--- /dev/null
+++ b/src/chrome/content/rules/Collings_Foundation.org.xml
@@ -0,0 +1,18 @@
+<!--
+	These altnames don't exist:
+
+		- collingsfoundation.org
+
+-->
+<ruleset name="Collings Foundation.org">
+
+	<target host="www.collingsfoundation.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Collyers.xml b/src/chrome/content/rules/Collyers.xml
new file mode 100644
index 000000000000..28e007512cbd
--- /dev/null
+++ b/src/chrome/content/rules/Collyers.xml
@@ -0,0 +1,20 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://mail.collyers.ac.uk/ => https://mail.collyers.ac.uk/: (6, 'Could not resolve host: mail.collyers.ac.uk')
+
+-->
+<ruleset name="College of Richard Collyer" default_off="failed ruleset test">
+        <!-- not collyers.ac.uk / www.collyers.ac.uk - misconfigured despite on certificate -->
+        <target host="moodle.collyers.ac.uk" /> <!-- VLE -->
+        <target host="home.collyers.ac.uk" /> <!-- Home Access Plus -->
+        <target host="mail.collyers.ac.uk" /> <!-- Mail server -->
+        <target host="myprogress.collyers.ac.uk" /> <!-- Myprogress tracking system -->
+        <target host="media.collyers.ac.uk" /> <!-- planet estream -->
+
+        <test url="http://myprogress.collyers.ac.uk/" />
+        <test url="http://media.collyers.ac.uk/" />
+        <test url="http://home.collyers.ac.uk/HAP/login.aspx" />
+
+        <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Colm_Networks.xml b/src/chrome/content/rules/Colm_Networks.xml
new file mode 100644
index 000000000000..5e8efafb8a08
--- /dev/null
+++ b/src/chrome/content/rules/Colm_Networks.xml
@@ -0,0 +1,11 @@
+<!--
+	Mismatch:
+		- (www.)complang.org
+-->
+<ruleset name="Colm Networks">
+	<target host="colm.net" />
+	<target host="www.colm.net" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Colocation_America.com.xml b/src/chrome/content/rules/Colocation_America.com.xml
index 39bb5e014d09..9be5aa92c963 100644
--- a/src/chrome/content/rules/Colocation_America.com.xml
+++ b/src/chrome/content/rules/Colocation_America.com.xml
@@ -1,13 +1,53 @@
-<ruleset name="Colocation America.com">
+<!--
+	Problematic hosts in *colocationamerica.com:
 
+		- cdn *
+		- cdn[2-4] *
+
+	* 404
+
+
+	Insecure cookies are set for these hosts:
+
+		- colocationamerica.com
+		- www.colocationamerica.com
+
+-->
+<ruleset name="Colocation America.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
 	<target host="colocationamerica.com" />
-	<target host="*.colocationamerica.com" />
+	<target host="www.colocationamerica.com" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.colocationamerica\.com/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.colocationamerica\.com/+(?!images/|wp-content/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.colocationamerica.com/about-us" />
+			<test url="http://www.colocationamerica.com/blog" />
+			<test url="http://www.colocationamerica.com/contact-us" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.colocationamerica.com/images/colocation-america-logo.png" />
+			<test url="http://www.colocationamerica.com/wp-content/plugins/LayerSlider/static/img/blank.gif" />
+
 
+	<!--	not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?colocationamerica\.com$" name="^PHPSESSID$" /-->
 
-	<securecookie host="^(?:www)?\.colocationamerica\.com$" name=".+" />
+	<securecookie host="^colocationamerica\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?colocationamerica\.com/"
-		to="https://$1colocationamerica.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Colocore.ch.xml b/src/chrome/content/rules/Colocore.ch.xml
new file mode 100644
index 000000000000..57b915d861c5
--- /dev/null
+++ b/src/chrome/content/rules/Colocore.ch.xml
@@ -0,0 +1,8 @@
+<ruleset name="Colocore.ch" default_off="cert-chain">
+	<target host="colocore.ch" />
+	<target host="www.colocore.ch" />
+	<target host="my.colocore.ch" />
+
+        <rule from="^http:"
+                to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CologneFurdance.xml b/src/chrome/content/rules/CologneFurdance.xml
deleted file mode 100644
index f00860ce7bf8..000000000000
--- a/src/chrome/content/rules/CologneFurdance.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="CologneFurdance">
-  <target host="reg.cologne-cfd.de" />
-
-  <securecookie host="^reg\.cologne-cfd\.de$" name=".+" />
-
-  <rule from="^http://reg\.cologne-cfd\.de/" to="https://reg.cologne-cfd.de/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Coloman.nl.xml b/src/chrome/content/rules/Coloman.nl.xml
new file mode 100644
index 000000000000..c9518ea736b4
--- /dev/null
+++ b/src/chrome/content/rules/Coloman.nl.xml
@@ -0,0 +1,16 @@
+<ruleset name="Coloman.nl">
+
+	<target host="coloman.nl" />
+	<target host="www.coloman.nl" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.coloman\.nl$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^www\.coloman\.nl$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Color-Of-Change.xml b/src/chrome/content/rules/Color-Of-Change.xml
new file mode 100644
index 000000000000..42475963d461
--- /dev/null
+++ b/src/chrome/content/rules/Color-Of-Change.xml
@@ -0,0 +1,15 @@
+<ruleset name="Color Of Change">
+
+	<target host="colorofchange.org" />
+	<target host="act.colorofchange.org" />
+	<target host="iam.colorofchange.org" />
+	<target host="represent.colorofchange.org" />
+	<target host="static.colorofchange.org" />
+	<target host="www.colorofchange.org" />
+
+	<securecookie host="^(act|iam|represent|www)?\.colorofchange\.org$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Colorado-Attorney-General.xml b/src/chrome/content/rules/Colorado-Attorney-General.xml
index 3c57417495d3..1283cd4a8fdb 100644
--- a/src/chrome/content/rules/Colorado-Attorney-General.xml
+++ b/src/chrome/content/rules/Colorado-Attorney-General.xml
@@ -1,6 +1,13 @@
-<ruleset name="Colorado State Attorney General">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://coloradoattorneygeneral.gov/ => https://www.coloradoattorneygeneral.gov/: (51, "SSL: no alternative certificate subject name matches target host name 'www.coloradoattorneygeneral.gov'")
+Fetch error: http://www.coloradoattorneygeneral.gov/ => https://www.coloradoattorneygeneral.gov/: (51, "SSL: no alternative certificate subject name matches target host name 'www.coloradoattorneygeneral.gov'")
+
+-->
+<ruleset name="Colorado State Attorney General" default_off="failed ruleset test">
 	<target host="coloradoattorneygeneral.gov" />
 	<target host="www.coloradoattorneygeneral.gov" />
 
 	<rule from="^http://(?:www\.)?coloradoattorneygeneral\.gov/" to="https://www.coloradoattorneygeneral.gov/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Colorado-No-Call-List.xml b/src/chrome/content/rules/Colorado-No-Call-List.xml
index 7ffa2d23cb19..801f512d1149 100644
--- a/src/chrome/content/rules/Colorado-No-Call-List.xml
+++ b/src/chrome/content/rules/Colorado-No-Call-List.xml
@@ -2,5 +2,5 @@
 	<target host="coloradonocall.com" />
 	<target host="www.coloradonocall.com" />
 
-	<rule from="^http://(?:www\.)?coloradonocall\.com/" to="https://www.coloradonocall.com/" />
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Colorado_Captures.xml b/src/chrome/content/rules/Colorado_Captures.xml
index 954f2490b660..c02641b95b60 100644
--- a/src/chrome/content/rules/Colorado_Captures.xml
+++ b/src/chrome/content/rules/Colorado_Captures.xml
@@ -1,13 +1,12 @@
 <ruleset name="Colorado Captures">
 
 	<target host="coloradocaptures.com" />
-	<target host="*.coloradocaptures.com" />
+	<target host="www.coloradocaptures.com" />
 
 
 	<securecookie host="^\.(?:www\.)?coloradocaptures\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?coloradocaptures\.com/"
-		to="https://$1coloradocaptures.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Colorado_College.edu.xml b/src/chrome/content/rules/Colorado_College.edu.xml
new file mode 100644
index 000000000000..8987683a1538
--- /dev/null
+++ b/src/chrome/content/rules/Colorado_College.edu.xml
@@ -0,0 +1,48 @@
+<!--
+	Nonfunctional subdomains:
+
+		- cs *
+
+	* Plaintext reply
+
+
+	Problematic subdomains:
+
+		- sites *
+
+	* Mixed css
+
+
+	Mixed content:
+
+		- css, on:
+
+			- sites from www *
+			- sites from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Colorado College.edu (partial)">
+
+	<target host="coloradocollege.edu" />
+	<target host="sites.coloradocollege.edu" />
+	<target host="www.coloradocollege.edu" />
+		<!--
+			Avoid broken MCB:
+						-->
+		<exclusion pattern="^http://sites\.coloradocollege\.edu/+(?:$|\?)" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?coloradocollege\.edu$" name="^dmid$" /-->
+	<!--securecookie host="^sites.coloradocollege.edu$" name="^([\da-f]{32}|bb2_screener_|wfvt_\d+)$" /-->
+	<!--securecookie host="^www\.coloradocollege\.edu$" name="^BIGipServerPROD_DOTCMS_https$" /-->
+
+	<securecookie host="^(?:www\.)?coloradocollege\.edu$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Colorado_Secretary_of_State.xml b/src/chrome/content/rules/Colorado_Secretary_of_State.xml
index 0fa4455178bc..2e996308b41f 100644
--- a/src/chrome/content/rules/Colorado_Secretary_of_State.xml
+++ b/src/chrome/content/rules/Colorado_Secretary_of_State.xml
@@ -1,15 +1,15 @@
 <!--
-	- Some (most?) pages redirect to http
-	- Cert only matches www
-
+	Invalid certificate:
+		jobs.sos.state.co.us
 -->
-<ruleset name="Colorado Secretary of State (partial)">
+<ruleset name="Colorado Secretary of State">
 
 	<target host="sos.state.co.us" />
 	<target host="www.sos.state.co.us" />
+	<target host="bartels-on.sos.state.co.us" />
 
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^https?://(?:www\.)sos\.state\.co\.us/pubs/"
-		to="https://$1sos.state.co.us/pubs/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Coloradoan.xml b/src/chrome/content/rules/Coloradoan.xml
index 8410edc3a1ed..131b038570bd 100644
--- a/src/chrome/content/rules/Coloradoan.xml
+++ b/src/chrome/content/rules/Coloradoan.xml
@@ -26,10 +26,11 @@
 <ruleset name="The Coloradoan">
 
 	<target host="coloradoan.com" />
-	<target host="*.coloradoan.com" />
+	<target host="cmsimg.coloradoan.com" />
+	<target host="www.coloradoan.com" />
 
 
 	<rule from="^http://(?:cmsimg\.|www\.)?coloradoan\.com/"
 		to="https://www.coloradoan.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Colordiff.org.xml b/src/chrome/content/rules/Colordiff.org.xml
new file mode 100644
index 000000000000..a4386135f522
--- /dev/null
+++ b/src/chrome/content/rules/Colordiff.org.xml
@@ -0,0 +1,17 @@
+<!--
+	Nonfunctional hosts in *.colordiff.org:
+		- colordiff.org (m)
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Colordiff.org">
+	<target host="colordiff.org" />
+	<target host="www.colordiff.org" />
+
+	<rule from="^http://colordiff\.org/" to="https://www.colordiff.org/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Colorlines.com.xml b/src/chrome/content/rules/Colorlines.com.xml
new file mode 100644
index 000000000000..1fd13601e46a
--- /dev/null
+++ b/src/chrome/content/rules/Colorlines.com.xml
@@ -0,0 +1,22 @@
+<!--
+	^colorlines.com: Expired, mismatched, missing certificate chain
+
+-->
+<ruleset name="Colorlines.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.colorlines.com" />
+
+	<!--	Complications:
+				-->
+	<target host="colorlines.com" />
+
+
+	<rule from="^http://colorlines\.com/"
+		to="https://www.colorlines.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Colors-il.com.xml b/src/chrome/content/rules/Colors-il.com.xml
index 099e1d3b9e80..c97edcbb4c32 100644
--- a/src/chrome/content/rules/Colors-il.com.xml
+++ b/src/chrome/content/rules/Colors-il.com.xml
@@ -1,13 +1,21 @@
-<ruleset name="colors-il.com">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://colors-il.com/ => https://colors-il.com/: (51, "SSL: no alternative certificate subject name matches target host name 'colors-il.com'")
+Fetch error: http://www.colors-il.com/ => https://www.colors-il.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.colors-il.com'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://colors-il.com/ => https://colors-il.com/: (51, "SSL: no alternative certificate subject name matches target host name 'colors-il.com'")
+-->
+<ruleset name="colors-il.com" default_off="failed ruleset test">
 
 	<target host="colors-il.com" />
-	<target host="*.colors-il.com" />
+	<target host="www.colors-il.com" />
 
 
 	<securecookie host="^(?:w*\.)?colors-il.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?colors-il\.com/"
-		to="https://$1colors-il.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Colosall.jp.xml b/src/chrome/content/rules/Colosall.jp.xml
new file mode 100644
index 000000000000..f5700bc947c2
--- /dev/null
+++ b/src/chrome/content/rules/Colosall.jp.xml
@@ -0,0 +1,30 @@
+<!--
+	Nonfunctional subdomains:
+
+		- user1		(shows www; mismatched, CN: www.colossal.jp)
+
+
+	Mixed content:
+
+		- Web bugs, from:
+
+			- user1 ¹
+			- www.ace-analyzer.com ²
+			- www.kaiseki.me ²
+
+	¹ Unsecurable
+	² Secured by us
+
+-->
+<ruleset name="Colossal.jp (partial)">
+
+	<target host="colossal.jp" />
+	<target host="www.colossal.jp" />
+
+
+	<securecookie host="^(?:www\.)?colossal\.jp$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Columbia_University-problematic.xml b/src/chrome/content/rules/Columbia_University-problematic.xml
index 37e780165c95..53cbfedd380e 100644
--- a/src/chrome/content/rules/Columbia_University-problematic.xml
+++ b/src/chrome/content/rules/Columbia_University-problematic.xml
@@ -13,8 +13,7 @@
 	<target host="cdrs.columbia.edu" />
 	<target host="www.cdrs.columbia.edu" />
 	<target host="bulletin.engineering.columbia.edu" />
-	<target host="*.hr.columbia.edu" />
-	<target host="*.managers.hr.columbia.edu" />
+	<target host="managers.hr.columbia.edu" />
 	<target host="twiki.nevis.columbia.edu" />
 	<target host="www.nevis.columbia.edu" />
 	<target host="scholcomm.columbia.edu" />
@@ -22,13 +21,12 @@
 	<target host="www.stv.columbia.edu" />
 
 
-	<securecookie host="^.+\.columbia\.edu$" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
 
 	<rule from="^http://(?:www\.)?(cdrs|stv)\.columbia\.edu/"
 		to="https://www.$1.columbia.edu/" />
 
-	<rule from="^http://(support\.academiccommons|bulletin\.engineering|managers\.hr|(?:twiki|www)\.nevis|scholcomm)\.columbia\.edu/"
-		to="https://$1.columbia.edu/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Columbia_University.xml b/src/chrome/content/rules/Columbia_University.xml
index 6308e6e968ab..7944cf358642 100644
--- a/src/chrome/content/rules/Columbia_University.xml
+++ b/src/chrome/content/rules/Columbia_University.xml
@@ -4,7 +4,7 @@
 
 	cu.custhelp.com
 	columbia.studioabroad.com
-	academiccommons.uservoice.com 
+	academiccommons.uservoice.com
 
 
 	Nonfunctional subdomains:
@@ -42,6 +42,7 @@
 		- (www.)energy ⁴
 		- (www.)environment ***
 		- events ⁹
+		- hr					(403/404)
 		- share.facil
 		- (www.)mailman.hs ⁷
 		- irvinginstitute
@@ -50,7 +51,7 @@
 		- (www.)learn ⁶
 		- (www.)mailmain ⁷
 		- (www.)neighbors *
-		- (www.)pathology ***	
+		- (www.)pathology ***
 		- (www.)publichealth
 		- (www.)sas ⁹
 		- search
@@ -71,7 +72,7 @@
 	⁶ Times out
 	⁷ record_too_long
 	⁸ Shows columbiadoctors, mismatched, CN: columbiadoctors
-	⁹ Prints "Incorrect URL"
+	⁹ Prints 'Incorrect URL'
 
 
 	Problematic subdomains:
@@ -92,6 +93,7 @@
 		- www.cuit *
 		- outlook.cuit			(mismatched, CN: outlook1.cuit)
 		- www.cuitalerts *
+		- www.cup ⁶
 		- www.directory *
 		- bulletin.engineering *	(works)
 		- www.engineering *
@@ -135,14 +137,17 @@
 		- www.w2aee ***
 
 	* Cert only matches *.
+	⁶ Cert only matches ^foo
 	** Cert only matches *.cdrs
 	*** Shows www1, CN: www1)
 
 
+
 	Partially covered domains:
 
 		- (www.)		(→ cuit)
 		- (www.)advance		(some pages redirect to http, some paths redirect to Error.aspx, ^ → www)
+		- www.cs *
 		- (www.)gs *		(www → ^)
 		- (www.)library *	(www → ^)
 		- (www.)procurement *
@@ -169,6 +174,7 @@
 		- www.college
 		- (www.)communityservice	(www → ^)
 		- (www.)courseworks		(www → ^)
+		- mice.cs
 		- (www.)cuit			(www → ^)
 		- outlook.cuit			(→ outlook1.cuit)
 		- outlook1.cuit
@@ -176,6 +182,7 @@
 		- haydn.cul
 		- roomreservations.cul
 		- scholcomm-dev.cul
+		- (www.)cup			(www → ^)
 		- (www.)directory		(www → ^)
 		- (www.)engineering		(www → ^)
 		- (www.)eoaa			(www → ^)
@@ -212,6 +219,7 @@
 		- (www.)hr			(www → ^)
 		- (www.)infoed			(^ → www)
 		- isso
+		- www.law
 		- lexington
 		- alumni-friends.library
 		- lionmail			(→ mail.google.com)
@@ -275,9 +283,21 @@
 		- .procurement.columbia.edu
 
 -->
-<ruleset name="Columbia University (partial)">
+<ruleset name="Columbia University (partial)" >
 
 	<target host="*.columbia.edu" />
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="^http://www\.cs\.columbia\.edu/$" /-->
+		<!--
+			404:
+				-->
+		<!--exclusion pattern="^http://www\.cs\.columbia\.edu/(css/|images/|mice/)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.cs\.columbia\.edu/(?!icons/)" />
 		<exclusion pattern="^http://www\.giving\.columbia\.edu/(?!$|ccvolunteers/(?:App_Themes/|Telerik\.Web\.UI\.WebResource\.axd)|volunteer/)" />
 		<exclusion pattern="^http://gs\.columbia\.edu/(?!files/|misc/|sites/)" />
 		<exclusion pattern="^http://library\.columbia\.edu/(?!apps/|content/|etc/)" />
@@ -293,13 +313,13 @@
 	<rule from="^http://(?:www\.)?columbia\.edu/cuit/index\.html($|\?.*)"
 		to="https://cuit.columbia.edu/$1" />
 
-	<rule from="^http://(www\.ais|cas|(?:cubemail|ingo|rascalprod|uniapp)\.cc|www\.college|wikis\.cuit|(?:haydn|roomreservations|scholcomm-dev)\.cul|www\.facil|forms\.finance|admissions\.gs|(?:apply|gsas-2l12p-01)\.gsas|(?:apply|gear|www[024678]|www-1)\.gsb|housingportal|isso|lexington|alumni-friends\.library|newcourseworks|portal\.seas|(?:www\.)?procurement|ssol|(?:undergraduate-admissions\.|www\.)?studentaffairs|(?:auth|careers|my)\.tc|wind|www1)\.columbia\.edu/"
+	<rule from="^http://(www\.ais|cas|(?:cubemail|ingo|rascalprod|uniapp)\.cc|www\.college|(?:mice|www)\.cs|wikis\.cuit|(?:haydn|roomreservations|scholcomm-dev)\.cul|www\.facil|forms\.finance|admissions\.gs|(?:apply|gsas-2l12p-01)\.gsas|(?:apply|gear|www[024678]|www-1)\.gsb|housingportal|isso|www\.law|lexington|alumni-friends\.library|newcourseworks|portal\.seas|(?:www\.)?procurement|ssol|(?:undergraduate-admissions\.|www\.)?studentaffairs|(?:auth|careers|my)\.tc|wind|www1)\.columbia\.edu/"
 		to="https://$1.columbia.edu/" />
 
-	<rule from="^https?://(?:www\.)?alice\.columbia\.edu/(?:.*)"
+	<rule from="^http://(?:www\.)?alice\.columbia\.edu/(?:.*)"
 		to="https://health.columbia.edu/services/alice" />
 
-	<rule from="^http://(?:www\.)?(alumni(?:clubs)?|arch|arts|bme|communityservice|courseworks|cuit|cuitalerts|directory|engineering|eoaa|evpr|facets|facilities|facultyhouse|finance|giving|goaskalice|gs|health|housingservices|hr|library|mail|my|news|policylibrary|printservices|registar|researchinitiatives|spa|universityprograms|worklife|worldleaders)\.columbia\.edu/"
+	<rule from="^http://(?:www\.)?(alumni(?:clubs)?|arch|arts|bme|communityservice|courseworks|cuit|cuitalerts|cup|directory|engineering|eoaa|evpr|facets|facilities|facultyhouse|finance|giving|goaskalice|gs|health|housingservices|library|mail|my|news|policylibrary|printservices|registar|researchinitiatives|spa|universityprograms|worklife|worldleaders)\.columbia\.edu/"
 		to="https://$1.columbia.edu/" />
 
 	<rule from="^http://(?:www\.)?(giving|gsas|gsb|infoed|math|rascal|tc)\.columbia\.edu/"
@@ -320,4 +340,4 @@
 	<rule from="^http://www\.w2aee\.columbia\.edu/($|\?.*)"
 		to="https://wikis.cuit.columbia.edu/confluence/display/cuarc/Home$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Com-Sys.xml b/src/chrome/content/rules/Com-Sys.xml
index afd349396e47..91e16cac4fdc 100644
--- a/src/chrome/content/rules/Com-Sys.xml
+++ b/src/chrome/content/rules/Com-Sys.xml
@@ -1,8 +1,4 @@
-<!--
-	Expired 2013-06-15
-
--->
-<ruleset name="Com-Sys" default_off="expired">
+<ruleset name="Com-Sys">
 
 	<target host="com-sys.de" />
 	<target host="www.com-sys.de" />
@@ -11,7 +7,7 @@
 	<securecookie host="^com-sys\.de$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?com-sys\.de/"
-		to="https://com-sys.de/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Com.au.xml b/src/chrome/content/rules/Com.au.xml
deleted file mode 100644
index cab17519ff84..000000000000
--- a/src/chrome/content/rules/Com.au.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!-- This rule was automatically generated based on an HSTS
-     preload rule in the Chromium browser.  See
-     https://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.h
-     for the list of preloads.  Sites are added to the Chromium HSTS
-     preload list on request from their administrators, so HTTPS should
-     work properly everywhere on this site.
-
-     Because Chromium and derived browsers automatically force HTTPS for
-     every access to this site, this rule applies only to Firefox. -->
-<ruleset name="Com.au" platform="firefox">
-<target host="cloudns.com.au" />
-
-<securecookie host="^cloudns\.com\.au$" name=".+" />
-
-<rule from="^http://cloudns\.com\.au/" to="https://cloudns.com.au/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Com.br.xml b/src/chrome/content/rules/Com.br.xml
deleted file mode 100644
index a76ee9f6f0b6..000000000000
--- a/src/chrome/content/rules/Com.br.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!-- This rule was automatically generated based on an HSTS
-     preload rule in the Chromium browser.  See
-     https://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.h
-     for the list of preloads.  Sites are added to the Chromium HSTS
-     preload list on request from their administrators, so HTTPS should
-     work properly everywhere on this site.
-
-     Because Chromium and derived browsers automatically force HTTPS for
-     every access to this site, this rule applies only to Firefox. -->
-<ruleset name="Com.br" platform="firefox">
-<target host="arivo.com.br" />
-
-<securecookie host="^arivo\.com\.br$" name=".+" />
-
-<rule from="^http://arivo\.com\.br/" to="https://arivo.com.br/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Com.mt.xml b/src/chrome/content/rules/Com.mt.xml
deleted file mode 100644
index 837d3d8ca7a8..000000000000
--- a/src/chrome/content/rules/Com.mt.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!-- This rule was automatically generated based on an HSTS
-     preload rule in the Chromium browser.  See
-     https://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.h
-     for the list of preloads.  Sites are added to the Chromium HSTS
-     preload list on request from their administrators, so HTTPS should
-     work properly everywhere on this site.
-
-     Because Chromium and derived browsers automatically force HTTPS for
-     every access to this site, this rule applies only to Firefox. -->
-<ruleset name="Com.mt" platform="firefox">
-<target host="business.medbank.com.mt" />
-
-<securecookie host="^business\.medbank\.com\.mt$" name=".+" />
-
-<rule from="^http://business\.medbank\.com\.mt/" to="https://business.medbank.com.mt/" />
-</ruleset>
diff --git a/src/chrome/content/rules/ComCav.com.xml b/src/chrome/content/rules/ComCav.com.xml
index 1929d0785b4e..7d28970bc744 100644
--- a/src/chrome/content/rules/ComCav.com.xml
+++ b/src/chrome/content/rules/ComCav.com.xml
@@ -1,13 +1,20 @@
-<ruleset name="ComCav.com">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://comcav.com/ => https://comcav.com/: (51, "SSL: no alternative certificate subject name matches target host name 'comcav.com'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://comcav.com/ => https://comcav.com/: (6, 'Could not resolve host: comcav.com')
+-->
+<ruleset name="ComCav.com" default_off="failed ruleset test">
 
 	<target host="comcav.com" />
-	<target host="*.comcav.com" />
+	<target host="www.comcav.com" />
 
 
 	<securecookie host="^\.www\.comcav\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?comcav\.com/"
-		to="https://$1comcav.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ComNews-Conferences.xml b/src/chrome/content/rules/ComNews-Conferences.xml
index 2befd323939f..a9ce3ad03ad6 100644
--- a/src/chrome/content/rules/ComNews-Conferences.xml
+++ b/src/chrome/content/rules/ComNews-Conferences.xml
@@ -4,17 +4,17 @@
 			- (www.)comnews.ru	(times out)
 
 -->
-<ruleset name="ComNews Conferences" default_off="mismatch">
+<ruleset name="ComNews Conferences" default_off="mismatched">
 
 	<!--	Cert: *.sweb.ru	-->
 	<target host="comnews-conferences.ru" />
 	<target host="www.comnews-conferences.ru" />
 
 
-	<securecookie host="^comnews-conferences\.ru$" name=".*" />
+	<securecookie host="^comnews-conferences\.ru$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?comnews-conferences\.ru/"
+	<rule from="^http://(?:www\.)?comnews-conferences\.ru/"
 		to="https://comnews-conferences.ru/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/ComScore.com.xml b/src/chrome/content/rules/ComScore.com.xml
index 6c60231578b9..dfa9c19801c6 100644
--- a/src/chrome/content/rules/ComScore.com.xml
+++ b/src/chrome/content/rules/ComScore.com.xml
@@ -1,7 +1,7 @@
 <!--
 	Other comScore rulesets:
 
-		- ComScore_Data_Mine.xml
+		- ComScore_Data_Mine.com.xml
 		- Sitestat.xml
 
 
@@ -21,7 +21,6 @@
 
 		- comscore.com subdomains:
 
-			- ^ *
 			- ir *
 			- webmail	(mismatched, CN: im.scorecardresearch.com)
 
@@ -39,10 +38,11 @@
 
 		- comscore.com subdomains:
 
-			- (www.)	(^ → www)
+			- (www.)
 			- autodiscover
 			- dax-files
 			- mail
+			- siterecruit
 			- webmail	(→ mail)
 
 		- (www.)nedstat.com	(→ dax-files.comscore.com)
@@ -58,28 +58,35 @@
 -->
 <ruleset name="comScore.com (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="comscore.com"/>
-	<target host="*.comscore.com"/>
+	<target host="autodiscover.comscore.com"/>
+	<target host="dax.comscore.com"/>
+	<target host="dax-files.comscore.com"/>
+	<target host="mail.comscore.com"/>
+	<target host="my.comscore.com"/>
+	<target host="siterecruit.comscore.com"/>
+	<target host="www.comscore.com"/>
+
+	<!--	Complications:
+				-->
+	<target host="webmail.comscore.com"/>
+
 	<target host="nedstat.com" />
 	<target host="www.nedstat.com" />
 
 
-	<securecookie host="^(?:mail|my)\.comscore\.com$" name=".*"/>
-
-
-	<rule from="^http://(?:www\.)?comscore\.com/"
-		to="https://www.comscore.com/" />
+	<securecookie host="^(?:mail|my)\.comscore\.com$" name=".+" />
 
-	<rule from="^http://(autodiscover|dax|dax-files|my)\.comscore\.com/"
-		to="https://$1.comscore.com/"/>
 
-	<rule from="^http://ir\.shareholder\.com/common/"
-		to="https://investor.shareholder.com/common/" />
-
-	<rule from="^http://(?:web)?mail\.comscore\.com/"
+	<rule from="^http://webmail\.comscore\.com/"
 		to="https://mail.comscore.com/" />
 
 	<rule from="^http://(?:www\.)?nedstat\.com/"
-		to="https://dax-files.comescore.com/" />
+		to="https://dax-files.comscore.com/" />
+
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ComScore_Data_Mine.com.xml b/src/chrome/content/rules/ComScore_Data_Mine.com.xml
index 0be479482f1b..f4733c27d567 100644
--- a/src/chrome/content/rules/ComScore_Data_Mine.com.xml
+++ b/src/chrome/content/rules/ComScore_Data_Mine.com.xml
@@ -2,13 +2,13 @@
 	For other comScore coverage, see ComScore.xml.
 
 -->
-<ruleset name="comScore Data Mine.com">
+<ruleset name="comScore Data Mine.com" default_off="mismatched">
 
 	<target host="comscoredatamine.com" />
 	<target host="www.comscoredatamine.com" />
 
 
-	<rule from="^http://(www\.)?comscoredatamine\.com/"
-		to="https://$1comscoredatamine.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ComStern.at.xml b/src/chrome/content/rules/ComStern.at.xml
new file mode 100644
index 000000000000..1deb6fd67c6f
--- /dev/null
+++ b/src/chrome/content/rules/ComStern.at.xml
@@ -0,0 +1,37 @@
+<!--
+	For other PCP coverage, see PCP.com.xml.
+
+
+	^comstern.at: Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.comstern.at
+
+-->
+<ruleset name="ComStern.at">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.comstern.at"/>
+
+	<!--	Complications:
+				-->
+	<target host="comstern.at"/>
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.comstern\.at$" name="^(ASP\.NET_SessionId|SC)$" /-->
+
+	<securecookie host="^www\.comstern\.at$" name=".+" />
+
+
+	<rule from="^http://comstern\.at/"
+		to="https://www.comstern.at/"/>
+
+	<rule from="^http:"
+		to="https:"/>
+
+</ruleset>
diff --git a/src/chrome/content/rules/ComStern.de.xml b/src/chrome/content/rules/ComStern.de.xml
new file mode 100644
index 000000000000..250b3fdc02e5
--- /dev/null
+++ b/src/chrome/content/rules/ComStern.de.xml
@@ -0,0 +1,37 @@
+<!--
+	For other PCP coverage, see PCP.com.xml.
+
+
+	^comstern.de: Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.comstern.de
+
+-->
+<ruleset name="ComStern.de">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.comstern.de"/>
+
+	<!--	Complications:
+				-->
+	<target host="comstern.de"/>
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.comstern\.de$" name="^(ASP\.NET_SessionId|SC)$" /-->
+
+	<securecookie host="^www\.comstern\.de$" name=".+" />
+
+
+	<rule from="^http://comstern\.de/"
+		to="https://www.comstern.de/"/>
+
+	<rule from="^http:"
+		to="https:"/>
+
+</ruleset>
diff --git a/src/chrome/content/rules/Com_Laude.com.xml b/src/chrome/content/rules/Com_Laude.com.xml
new file mode 100644
index 000000000000..2287b2cedce5
--- /dev/null
+++ b/src/chrome/content/rules/Com_Laude.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="Com Laude.com">
+
+	<target host="comlaude.com" />
+	<target host="www.comlaude.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Comcast.net.xml b/src/chrome/content/rules/Comcast.net.xml
new file mode 100644
index 000000000000..bbf43a90ce1e
--- /dev/null
+++ b/src/chrome/content/rules/Comcast.net.xml
@@ -0,0 +1,84 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://prefs.connect.comcast.net/ => https://prefs.connect.comcast.net/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://vmail.connect.comcast.net/ => https://vmail.connect.comcast.net/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://voice.connect.comcast.net/ => https://voice.connect.comcast.net/: (60, 'SSL certificate problem: certificate has expired')
+
+	For other Comcast coverage, see Comcast.xml.
+
+
+	Nonfunctional subdomains:
+
+		- compass-images-[1-4] ⁵
+		- home ᵈ
+		- mydeviceinfo *
+
+	⁵ 504
+	ᵈ Dropped
+	* Refused
+
+
+	Problematic hosts in *comcast.net:
+
+		- constantguard ᶜ
+		- media2 ᴬ
+		- m ᴬ
+		- xfinity ᴬ
+
+	ᴬ Akamai / mismatched
+	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
+
+
+	These altnames don't exist:
+
+		www.idp.comcast.net
+
+
+	Insecure cookies are set for these hosts:
+
+		- .comcast.net
+		- businessclass.comcast.net
+		- idp.comcast.net
+		- login.comcast.net
+		- xfinityconnect.mail.comcast.net
+
+
+	Mixed content:
+
+		- Images on login from por-img.cimcontent.net
+
+-->
+<ruleset name="Comcast.net (partial)" default_off="failed ruleset test">
+
+	<target host="businessclass.comcast.net" />
+	<target host="calendar.comcast.net" />
+
+	<target host="prefs.connect.comcast.net" />
+	<target host="vmail.connect.comcast.net" />
+	<target host="voice.connect.comcast.net" />
+
+	<!--target host="constantguard.comcast.net" /-->
+	<target host="downloads.comcast.net" />
+	<target host="idp.comcast.net" />
+	<target host="login.comcast.net" />
+	<target host="xfinityconnect.mail.comcast.net" />
+	<target host="oascentral.comcast.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.comcast\.net$" name="(?:NXCLICK2|OAX|PS?C|cc)$" /-->
+	<!--securecookie host="^businessclass\.comcast\.net$" name="(?:-prd_wc|^ADRUM_BT[1a]|^ASP\.NET_SessionId)$" /-->
+	<!--securecookie host="^idp\.comcast\.net$" name="^BIGipServer" /-->
+	<!--securecookie host="^login\.comcast\.net$" name="^(?:JSESSIONID|cookie-monster|ndcd|oauth-session-id)$" /-->
+	<!--securecookie host="^xfinityconnect\.mail\.comcast\.net$" name="^(?:ADRUM_BT[1a]|XCP)$" /-->
+
+	<securecookie host="^\." name="^(?:NXCLICK2|OAX)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Comcast.xml b/src/chrome/content/rules/Comcast.xml
index 83bcd5255acb..17a7e4d3875e 100644
--- a/src/chrome/content/rules/Comcast.xml
+++ b/src/chrome/content/rules/Comcast.xml
@@ -1,37 +1,134 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://business2.comcast.com/ => https://business2.comcast.com/: (51, "SSL: no alternative certificate subject name matches target host name 'business2.comcast.com'")
+Fetch error: http://www.stg.comcast.com/ => https://www.stg.comcast.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.stg.comcast.com'")
+Non-2xx HTTP code: http://www.comcast.com/ (200) => https://www.comcast.com/ (403)
+
 	Other Comcast rulesets:
 
+		- Comcast.net.xml
+		- internetessentials.com.xml
 		- Fandango.xml
+		- xfinity.com.xml
+
+
+	Nonfunctional hosts in *comcast.com:
+
+		- cbcommunity ᶠ
+		- corporate ⁵
+		- redir ᵈ
+
+	⁵ 504
+	ᵈ Dropped
+	ᶠ Handshake fails
+
+
+	Problematic hosts in *comcast.com:
+
+		- ^ ᵈ
+		- forums.businesshelp ʳ ˣ
+		- forums ᵐ
+		- jobs ᵐ ˢ
+		- sitesearch ᴬ
+		- store ᵈ
 
+	ᴬ Akamai / mismatched
+	ᵈ Dropped
+	ᵐ Mismatched
+	ʳ Refused
+	ˢ Self-signed
+	ˣ Mixed css on comcastbc.i.lithium.com
 
-	Nonfunctional domains:
 
+	Insecure cookies are set for these domains and hosts:
+
+		- .comcast.com
 		- business.comcast.com
-		- corporate.comcast.com		(504, akamai)
+		- cdn.business.comcast.com
+		- business2.comcast.com
+		- businesshelp.comcast.com
+		- cdn.comcast.com
+		- customer.comcast.com
+		- cdn.pdc.comcast.com
 
+		- cdn.stg.comcast.com
+		- cdn.ch2.stg.comcast.com
+		- www.stg.comcast.com
 
-	Problematic domains:
+		- upware.comcast.com
+		- cdn.wcdc.comcast.com
+		- www.comcast.com
 
-		- comcast.com	(cert only matches www)
 
--->
-<ruleset name="Comcast (partial)">
+	Mixed content:
+
+		- Images on businesshelp from media2.comcast.net ᵐ
 
+	ᵐ Not secured by us <= mismatched
+
+-->
+<ruleset name="Comcast.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="business.comcast.com" />
+	<target host="cdn.business.comcast.com" />
+	<target host="business2.comcast.com" />
+	<target host="businesshelp.comcast.com" />
+	<target host="cdn.comcast.com" />
+	<target host="customer.comcast.com" />
+	<target host="cdn.pdc.comcast.com" />
+
+	<target host="cdn.stg.comcast.com" />
+	<target host="cdn.ch2.stg.comcast.com" />
+	<target host="www.stg.comcast.com" />
+
+	<target host="upware.comcast.com" />
+	<target host="cdn.wcdc.comcast.com" />
+	<target host="accesspass.wifi.comcast.com" />
+	<target host="www.comcast.com" />
+
+	<!--	Complications:
+				-->
 	<target host="comcast.com" />
-	<target host="*.comcast.com" />
-	<target host="home.comcast.net" />
+	<!--target host="forums.businesshelp.comcast.com" /-->
+	<target host="forums.comcast.com" />
+	<target host="store.comcast.com" />
 
 
-	<securecookie host="^(?:customer|www)\.comcast\.com$" name=".+" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.comcast\.com$" name="^(?:BSD|PSC|SH?C|cc)$" /-->
+	<!--securecookie host="^business\.comcast\.com$" name="^(?:ASP\.NET_SessionId|ISPCookie|TrafficSplitterUser)$" /-->
+	<!--securecookie host="^cdn\.business\.comcast\.com$" name="^ADRUM_BT[1a]$" /-->
+	<!--securecookie host="^business2\.comcast\.com$" name="(?:-prd_\w\w$|^__RequestVerificationToken|^ADRUM_BT[1a]|^ASP\.NET_SessionId)$" /-->
+	<!--securecookie host="^(?:businesshelp|cdn|cdn\.pdc|cdn\.stg|cdn\.ch2\.stg|www\.stg|cdn\.wcdc)\.comcast\.com$" name="(?:-prd_\w\w$|^ADRUM_BT[1a]|^ASP\.NET_SessionId)$" /-->
+	<!--securecookie host="^(?:customer|www)\.comcast\.com$" name="-prd_po$" /-->
+	<!--securecookie host="^upware\.comcast\.com$" name="^AWSELB$" /-->
 
+	<securecookie host="^\." name="^_gat?$" />
+	<securecookie host="^\w" name=".+" />
 
-	<rule from="^http://(?:www\.)?comcast\.com/"
+
+	<rule from="^http://comcast\.com/"
 		to="https://www.comcast.com/" />
 
-	<rule from="^http://customer\.comcast\.com/"
-		to="https://customer.comcast.com/" />
+	<!--	Redirect keeps path and args,
+		but not forward slash:
+					-->
+	<rule from="^http://forums\.comcast\.com/+"
+		to="https://forums.xfinity.com/" />
+
+		<test url="http://forums.comcast.com/index.htm" />
+
+	<rule from="^http://store\.comcast\.com/"
+		to="https://securestore.xfinity.com/" />
+
+	<!--rule from="^http://forums\.businesshelp\.comcast\.com/"
+		to="https://comcastbc.i.lithium.com/" /-->
 
-	<rule from="^http://home\.comcast\.net/"
-		to="https://home.comcast.net/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Comcate.xml b/src/chrome/content/rules/Comcate.xml
deleted file mode 100644
index 53703ae6792c..000000000000
--- a/src/chrome/content/rules/Comcate.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="Comcate (partial)">
-	<target host="clients.comcate.com" />
-
-	<securecookie host="^clients\.comcate\.com$"
-			name=".+" />
-
-	<rule from="^http://clients\.comcate\.com/"
-		to="https://clients.comcate.com/" />
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Comegacity.com.xml b/src/chrome/content/rules/Comegacity.com.xml
new file mode 100644
index 000000000000..cdecab7da50b
--- /dev/null
+++ b/src/chrome/content/rules/Comegacity.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Comegacity.com">
+	<target host="comegacity.com" />
+	<target host="www.comegacity.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Comenity.net.xml b/src/chrome/content/rules/Comenity.net.xml
new file mode 100644
index 000000000000..9030638362d1
--- /dev/null
+++ b/src/chrome/content/rules/Comenity.net.xml
@@ -0,0 +1,9 @@
+<ruleset name="Comenity.net (partial)">
+
+	<target host="c.comenity.net" />
+	<target host="d.comenity.net" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cometdocs.com.xml b/src/chrome/content/rules/Cometdocs.com.xml
new file mode 100644
index 000000000000..5450a9af75d9
--- /dev/null
+++ b/src/chrome/content/rules/Cometdocs.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Nonfunctional subdomains:
+
+		- blog *
+
+	* Redirects to www
+
+-->
+<ruleset name="Cometdocs.com (partial)">
+
+	<target host="cometdocs.com" />
+	<target host="www.cometdocs.com" />
+		<!--exclusion pattern="http://blogs\.cometdocs\.com" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.cometdocs\.com$" name="^(PHPSESSID|csrfToken)$" /-->
+
+	<securecookie host="^www\.cometdocs\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ComiXology.com.xml b/src/chrome/content/rules/ComiXology.com.xml
index b5befd1bbaba..7560050fd2ba 100644
--- a/src/chrome/content/rules/ComiXology.com.xml
+++ b/src/chrome/content/rules/ComiXology.com.xml
@@ -1,64 +1,51 @@
 <!--
-	CDN buckets:
-
-		- cdn.comixology.com.cdngc.net
-		- iphone.comixology.com.cdngc.net
-		- comixologyssl.sslcs.cdngc.net
-		- dcomixologyssl.sslcs.cdngc.net
-
-		- comixology.desk.com
-
-			- support
-
-
-	Nonfunctional subdomains:
-
-		- blog		(prints "blog0"; expired 2012-06-05, self-signed, CN: ip-10-86-101-22)
-		- cdn		(403; mismatched, CN: ssl2.cdngc.net)
-		- iphone	(403; mismatched, CN: support4.cdnetworks.net)
-		- support	(desk.com)
-
-
-	Problematic subdomains:
-
-		- ^		(times out)
-
-
-	Partially covered subdomains:
-
-		- (www.)	(^ → www, some pages redirect to http)
-
-
-	Fully covered subdomains:
-
-		- pulllist
-		- retailers
-		- store-images
-		- submit
-		- www-images
-
-
-	Mixed images on pulllist from cdn
-	Mixed image on retailers from cdn
-	Mixed images on submit from iphone
-
+	HTTPS != HTTP:
+		idw-secure.comixology.com
+
+	Invalid certificate:
+		dev.api.comixology.com
+		refer.comixology.com
+		www.retailers.comixology.com
+
+	Time out:
+		blog.comixology.com
+		popshop.comixology.com
+		promo.comixology.com
+		pullist.comixology.com
+		transformers.comixology.com
 -->
-<ruleset name="comiXology.com (partial)">
-
+<ruleset name="Comixology.com">
 	<target host="comixology.com" />
-	<target host="*.comixology.com" />
-
-
-	<securecookie host="^(?:pulllist|retailers|store-images|submit)\.comixology\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?comixology\.com/(assets/|login(?:$|\?))"
-		to="https://www.comixology.com/$1" />
-
-	<rule from="^http://(pulllist|retailers|(?:store|www)-images|submit)\.comixology\.com/"
-		to="https://$1.comixology.com/" />
-
-	<rule from="^http://support\.comixology\.com/favicon\.ico"
-		to="https://d3jyn100am7dxp.cloudfront.net/favicon.ico" />
-
-</ruleset>
\ No newline at end of file
+	<target host="www.comixology.com" />
+	<target host="ap.comixology.com" />
+	<target host="api.comixology.com" />
+	<target host="app.comixology.com" />
+	<target host="auth.comixology.com" />
+	<target host="bookmarks.comixology.com" />
+	<target host="cmx-bookmarks.comixology.com" />
+	<target host="cmx-secure.comixology.com" />
+	<target host="comics.comixology.com" />
+	<target host="dc-bookmarks.comixology.com" />
+	<target host="dc-secure.comixology.com" />
+	<target host="e.comixology.com" />
+	<target host="gestalt-api.comixology.com" />
+	<target host="identity-api.comixology.com" />
+	<target host="idw.comixology.com" />
+	<target host="images.comixology.com" />
+	<target host="image-secure.comixology.com" />
+	<target host="m.comixology.com" />
+	<target host="marvel-bookmarks.comixology.com" />
+	<target host="marvel-secure.comixology.com" />
+	<target host="payments.comixology.com" />
+	<target host="pulllist.comixology.com" />
+	<target host="redeem.comixology.com" />
+	<target host="retailers.comixology.com" />
+	<target host="secure.comixology.com" />
+	<target host="store-images.comixology.com" />
+	<target host="submit.comixology.com" />
+	<target host="support.comixology.com" />
+	<target host="uncached-digital.comixology.com" />
+	<target host="www-images.comixology.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Comic-Con-Intl.xml b/src/chrome/content/rules/Comic-Con-Intl.xml
index c3c201dad765..0ee51800f839 100644
--- a/src/chrome/content/rules/Comic-Con-Intl.xml
+++ b/src/chrome/content/rules/Comic-Con-Intl.xml
@@ -1,15 +1,16 @@
 <ruleset name="Comic-Con International">
-	<target host="comic-con.net" />
-	<target host="www.comic-con.net" />
 	<target host="comic-con.org" />
-	<target host="secure.comic-con.org" />
-	<target host="secure2.comic-con.org" />
 	<target host="www.comic-con.org" />
+	<target host="exclusives.comic-con.org" />
+	<target host="portals.comic-con.org" />
+	<target host="shop.comic-con.org" />
 
-	<securecookie host="^secure2?.comic-con.org$" name=".+" />
+	<!--
+		In case there are still links out there that have these targets,
+		they can redirect properly
+	-->
+	<target host="secure.comic-con.org" />
+	<target host="secure2.comic-con.org" />
 
-	<!-- Accessing http://comic-con.org/rss/ may produce an error if the following rule does
-	not include redirection of the https://comic-con.org/ (note the https) URL -->
-	<rule from="^https?://(www\.)?comic-con\.(net|org)/" to="https://secure.comic-con.org/" />
-	<rule from="^http://(secure2?)\.comic-con\.(net|org)/" to="https://$1.comic-con.org/" />
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Comic-Rocket.com.xml b/src/chrome/content/rules/Comic-Rocket.com.xml
new file mode 100644
index 000000000000..76544b1e4eca
--- /dev/null
+++ b/src/chrome/content/rules/Comic-Rocket.com.xml
@@ -0,0 +1,14 @@
+<ruleset name="Comic-Rocket.com">
+
+	<target host="comic-rocket.com" />
+	<target host="www.comic-rocket.com" />
+
+
+	<!--	Server doesn't secure:
+					-->
+	<securecookie host="^www\.comic-rocket\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ComicFury.xml b/src/chrome/content/rules/ComicFury.xml
new file mode 100644
index 000000000000..944287de283f
--- /dev/null
+++ b/src/chrome/content/rules/ComicFury.xml
@@ -0,0 +1,26 @@
+<!--
+	ComicFury Webcomic Hosting (comicfury.com)
+
+	Other known HTTPS hosts associated with comicfury.com:
+
+		- everythingfury.com (redirects to http://comicfury.com/)
+		- www.everythingfury.com (redirects to http://comicfury.com/)
+
+	Other known non-HTTPS hosts associated with comicfury.com:
+
+		- *.thecomicseries.com
+		- *.the-comic.org
+		- *.thecomicstrip.org
+		- *.webcomic.ws
+		- *.cfw.me
+
+-->
+<ruleset name="ComicFury">
+	<target host="comicfury.com" />
+	<target host="www.comicfury.com" />
+	<target host="everythingfury.com" />
+	<target host="www.everythingfury.com" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Comiket.co.jp.xml b/src/chrome/content/rules/Comiket.co.jp.xml
new file mode 100644
index 000000000000..c1d3ca596e95
--- /dev/null
+++ b/src/chrome/content/rules/Comiket.co.jp.xml
@@ -0,0 +1,8 @@
+<ruleset name="Comiket.co.jp">
+	<target host="comiket.co.jp" />
+	<target host="www.comiket.co.jp" />
+	<target host="ssl.comiket.co.jp" />
+	<target host="www2.comiket.co.jp" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Comingolstadt.xml b/src/chrome/content/rules/Comingolstadt.xml
new file mode 100644
index 000000000000..d2a1a64e0c95
--- /dev/null
+++ b/src/chrome/content/rules/Comingolstadt.xml
@@ -0,0 +1,17 @@
+<!--
+	Cert mismatch:
+		- freemail
+		- freemailvideo
+-->
+<ruleset name="Comingolstadt">
+
+	<target host="comingolstadt.de" />
+	<target host="www.comingolstadt.de" />
+
+	<target host="kundencenter.comingolstadt.de" />
+	<target host="ssl.comingolstadt.de" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Comkort.com.xml b/src/chrome/content/rules/Comkort.com.xml
new file mode 100644
index 000000000000..25fbb92945bf
--- /dev/null
+++ b/src/chrome/content/rules/Comkort.com.xml
@@ -0,0 +1,35 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://comkort.com/ => https://comkort.com/: (6, 'Could not resolve host: comkort.com')
+Fetch error: http://www.comkort.com/ => https://www.comkort.com/: (6, 'Could not resolve host: www.comkort.com')
+
+	Fully covered hosts in *comkort.com:
+
+		- (www.)?
+
+
+	Insecure cookies are set for these domains:
+
+		- .comkort.com
+
+-->
+<ruleset name="Comkort.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="comkort.com" />
+	<target host="www.comkort.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.comkort\.com$" name="^(__cfduid|cf_clearance|cmk_session|lang)$" /-->
+
+	<securecookie host="^\.comkort\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Comm100.cn.xml b/src/chrome/content/rules/Comm100.cn.xml
deleted file mode 100644
index 43a5761a1852..000000000000
--- a/src/chrome/content/rules/Comm100.cn.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="com100.cn">
-
-	<target host="*.comm100.cn" />
-
-
-	<securecookie host="^chatserver\.comm100\.cn$" name=".+" />
-
-
-	<rule from="^http://(chatserver|hosted)\.comm100\.cn/"
-		to="https://$1.comm100.cn/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Comm100.com.xml b/src/chrome/content/rules/Comm100.com.xml
index 2a86e05dd920..4e32b24ac339 100644
--- a/src/chrome/content/rules/Comm100.com.xml
+++ b/src/chrome/content/rules/Comm100.com.xml
@@ -3,7 +3,6 @@
 	<target host="chatserver.comm100.com" />
 
 
-	<rule from="^http://chatserver\.comm100\.com/"
-		to="https://chatserver.comm100.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/CommLink.org.xml b/src/chrome/content/rules/CommLink.org.xml
new file mode 100644
index 000000000000..9aa8c1085866
--- /dev/null
+++ b/src/chrome/content/rules/CommLink.org.xml
@@ -0,0 +1,25 @@
+<!--
+	^: refused
+
+
+	At least some pages redirect to http.
+
+-->
+<ruleset name="CommLink.org (partial)">
+
+	<target host="commlink.org" />
+	<target host="www.commlink.org" />
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="^http://(www\.)?commlink\.org/+($|\?)" /-->
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="^http://(www\.)?commlink\.org/+(?!concrete/|favicon\.ico|files/|packages/|themes/)" /-->
+
+
+	<rule from="^http://(?:www\.)?commlink\.org/(?=concrete/|favicon\.ico|files/|packages/|themes/)"
+		to="https://www.commlink.org/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CommScope.com.xml b/src/chrome/content/rules/CommScope.com.xml
new file mode 100644
index 000000000000..562dd5506627
--- /dev/null
+++ b/src/chrome/content/rules/CommScope.com.xml
@@ -0,0 +1,31 @@
+<!--
+	commscopeinc.mktoweb.com
+
+
+	At least some pages redirect to http.
+
+-->
+<ruleset name="CommScope.com (partial)">
+
+	<target host="commscope.com" />
+	<target host="www.commscope.com" />
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="^http://(www\.)?commscope.com/+default\.aspx" /-->
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="^http://(www\.)?commscope.com/+(?!favicon\.ico|theme/|uploadedImages/|WorkArea/images/|WorkArea/FrameworkUI/)" /-->
+
+
+	<rule from="^http://(www\.)?commscope\.com/(?=favicon\.ico|theme/|uploadedImages/|WorkArea/(?:images|FrameworkUI)/)"
+		to="https://$1commscope.com/" />
+
+	<rule from="^http://info\.commscope\.com/+(?:\?.*)?$"
+		to="https://www.commscope.com/" />
+
+	<rule from="^http://info\.commscope\.com/(?=css/|images/|js/|rs/)"
+		to="https://na-sjp.marketo.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Command_Five.xml b/src/chrome/content/rules/Command_Five.xml
deleted file mode 100644
index cd4d57107f91..000000000000
--- a/src/chrome/content/rules/Command_Five.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Command Five">
-
-	<target host="commandfive.com" />
-	<target host="www.commandfive.com" />
-
-
-	<securecookie host="^(?:www\.)?commandfive\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?commandfive\.com/"
-		to="https://$1commandfive.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Commandlinefu.com.xml b/src/chrome/content/rules/Commandlinefu.com.xml
new file mode 100644
index 000000000000..f9f87713624f
--- /dev/null
+++ b/src/chrome/content/rules/Commandlinefu.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="Commandlinefu.com">
+
+	<target host="commandlinefu.com" />
+	<target host="www.commandlinefu.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Commando.io.xml b/src/chrome/content/rules/Commando.io.xml
new file mode 100644
index 000000000000..6ff40a2b0d4c
--- /dev/null
+++ b/src/chrome/content/rules/Commando.io.xml
@@ -0,0 +1,21 @@
+<!--
+	Problematic subdomains:
+
+		- status *
+
+	* StatusPage.io
+
+-->
+<ruleset name="Commando.io (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="commando.io" />
+	<target host="static.commando.io" />
+	<target host="www.commando.io" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Commando_Boxing.com.xml b/src/chrome/content/rules/Commando_Boxing.com.xml
new file mode 100644
index 000000000000..509e896e884d
--- /dev/null
+++ b/src/chrome/content/rules/Commando_Boxing.com.xml
@@ -0,0 +1,18 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.commandoboxing.com/ => https://www.commandoboxing.com/: (6, 'Could not resolve host: www.commandoboxing.com')
+
+-->
+<ruleset name="Commando Boxing.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="commandoboxing.com" />
+	<target host="www.commandoboxing.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Commbank.com.au.xml b/src/chrome/content/rules/Commbank.com.au.xml
new file mode 100644
index 000000000000..f5ee61855f35
--- /dev/null
+++ b/src/chrome/content/rules/Commbank.com.au.xml
@@ -0,0 +1,247 @@
+<!--
+	Non-functional subdomains:
+
+		- www.admin	(t)
+		- ariba	(t)
+		- aribaprd	(t)
+		- arm	(r)
+		- asm	(r)
+		- beacon	(e)
+		- bizcon	(t)
+		- blog	(m)
+		- business	(r)
+		- careers	(m)
+		- www.careers	(t)
+		- sat.cfsservices	(r)
+		- mysecurity.bur.commbiz	(m)
+		- www.myapplication.commbiz	(m)
+		- mysecurity.commbiz	(m)
+		- commodities	(t)
+		- test1.cope	(r)
+		- credagility	(r)
+		- cscml	(t)
+		- cscsb	(t)
+		- salesforce-ep.dev	(r)
+		- bizcon.e2e	(e)
+		- email	(e)
+		- pref.email	(e)
+		- employment	(r)
+		- www.employment	(r)
+		- firstchoice.esetup	(r)
+		- globalmarketsresearch	(r)
+		- www.gmis	(t)
+		- hlpte	(r)
+		- hlpti	(r)
+		- hipbproxybw	(t)
+		- hipbproxynw	(t)
+		- hlpte.commbank.com.au/ (403)
+		- hlpti.commbank.com.au/ (403)
+		- ideas	(r)
+		- internalcareers	(m)
+		- ippossat	(t)
+		- ippossat2	(t)
+		- lbb	(t)
+		- www.makingmoneyhappen	(m)
+		- www.dr.multibank	(r)
+		- fallback.my	(m)
+		- mysecurity	(m)
+		- netbank	(m)
+		- www5.netbank	(t)
+		- i1.paywide.nps	(t)
+		- tms.paywide.nps	(t)
+		- gnd-ep-prd.gslb.npsb2b	(r)
+		- even.lfe-sc.gslb.npsb2b	(r)
+		- odd.lfe-sc.gslb.npsb2b	(r)
+		- docusign-ep-dev.gslb.sat.npsb2b	(r)
+		- docusign-ep-stg.gslb.sat.npsb2b	(r)
+		- docusign-ep-tst.gslb.sat.npsb2b	(r)
+		- gnd-ep-dev.gslb.sat.npsb2b	(r)
+		- gnd-ep-stg.gslb.sat.npsb2b	(r)
+		- gnd-ep-t0.gslb.sat.npsb2b	(r)
+		- gnd-ep-t2.gslb.sat.npsb2b	(r)
+		- gnd-ep-t5.gslb.sat.npsb2b	(r)
+		- even.lfe-sc-badev.gslb.sat.npsb2b	(t)
+		- odd.lfe-sc-badev.gslb.sat.npsb2b	(t)
+		- even.lfe-sc-nft.gslb.sat.npsb2b	(t)
+		- odd.lfe-sc-nft.gslb.sat.npsb2b	(t)
+		- even.lfe-sc-nft2.gslb.sat.npsb2b	(t)
+		- odd.lfe-sc-nft2.gslb.sat.npsb2b	(t)
+		- even.lfe-sc-stg.gslb.sat.npsb2b	(t)
+		- odd.lfe-sc-stg.gslb.sat.npsb2b	(t)
+		- even.lfe-sc-test0.gslb.sat.npsb2b	(t)
+		- odd.lfe-sc-test0.gslb.sat.npsb2b	(t)
+		- even.lfe-sc-test2.gslb.sat.npsb2b	(t)
+		- odd.lfe-sc-test2.gslb.sat.npsb2b	(t)
+		- even.lfe-sc-test5.gslb.sat.npsb2b	(t)
+		- odd.lfe-sc-test5.gslb.sat.npsb2b	(t)
+		- playbook	(m)
+		- www.playbook	(m)
+		- preview	(t)
+		- promotions	(t)
+		- www.promotions	(t)
+		- provisioning	(t)
+		- www.public	(t)
+		- www2.stg.public	(r)
+		- www2.public	(t)
+		- receivablesfinancedirect	(t)
+		- www.research	(r)
+		- rpdatahub	(r)
+		- sit.rttmfp	(r)
+		- stg.rttmfp	(r)
+		- arm.sat	(r)
+		- salesforce.sat	(r)
+		- secureenvelopes	(t)
+		- securetransfer	(m)
+		- nft.securetransfer	(e)
+		- servicebridge	(r)
+		- sat.servicebridge	(r)
+		- nfc.sg	(t)
+		- shareholders	(r)
+		- bizcon.sit	(t)
+		- connect.sit	(r)
+		- mysecurity.staging	(m)
+		- provisioning.staging	(r)
+		- apply.staging	(t)
+		- ariba.staging	(t)
+		- atlasdev.staging	(r)
+		- atlasstg.staging	(r)
+		- apply.commbiz.staging	(e)
+		- cbaspectrum.commbiz.staging	(t)
+		- cslogonascustomer.commbiz.staging	(t)
+		- login.commbiz.staging	(e)
+		- media.commbiz.staging	(e)
+		- myapplication.commbiz.staging	(e)
+		- mysecurity.commbiz.staging	(m)
+		- provisioning.commbiz.staging	(r)
+		- lbb.staging	(t)
+		- www.multibank.staging	(r)
+		- salesforce-ep.staging	(r)
+		- nfc.sg.staging	(t)
+		- playbook.stg	(m)
+		- securetransfer1.stg	(r)
+		- svcbridge	(r)
+		- sat.svcbridge	(r)
+		- salesforce-ep.t0	(r)
+		- salesforce-ep.t2	(r)
+		- salesforce-ep.t3	(r)
+		- salesforce-ep.t5	(r)
+		- apps.test	(r)
+		- next.apps.test	(r)
+		- nft.apps.test	(r)
+		- previous.apps.test	(r)
+		- asm.test	(r)
+		- credagility.test	(r)
+		- innovate.test	(r)
+		- next.innovate.test	(r)
+		- nft.innovate.test	(r)
+		- noa.test	(r)
+		- cola.tps	(r)
+		- cola.tps-test	(r)
+		- ariba.uat2	(t)
+		- vipro	(m)
+		- wholesalelockbox	(t)
+
+	e: expired certificate
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+
+-->
+<ruleset name="Commonwealth Bank of Australia">
+
+	<target host="commbank.com.au" />
+	<target host="www.commbank.com.au" />
+	<target host="apps.commbank.com.au" />
+	<target host="cardmanager.commbank.com.au" />
+	<target host="cfsservices.commbank.com.au" />
+	<target host="www.commbiz.commbank.com.au" />
+	<target host="login.commbiz.commbank.com.au" />
+	<target host="my.commbiz.commbank.com.au" />
+	<target host="www.my.commbiz.commbank.com.au" />
+	<target host="netlock.my.commbiz.commbank.com.au" />
+	<target host="netlock1.my.commbiz.commbank.com.au" />
+	<target host="netlock2.my.commbiz.commbank.com.au" />
+	<target host="www1.my.commbiz.commbank.com.au" />
+	<target host="www2.my.commbiz.commbank.com.au" />
+	<target host="myapplication.commbiz.commbank.com.au" />
+	<target host="netlock.commbiz.commbank.com.au" />
+	<target host="update.commbiz.commbank.com.au" />
+	<target host="www.webanalytics.commbiz.commbank.com.au" />
+	<target host="community.commbank.com.au" />
+	<target host="cope.commbank.com.au" />
+	<target host="test0.cope.commbank.com.au" />
+	<target host="www.envision.commbank.com.au" />
+	<target host="eshop.commbank.com.au" />
+	<target host="esn.commbank.com.au" />
+	<target host="evolve.commbank.com.au" />
+	<target host="groupsecurity.commbank.com.au" />
+	<target host="stg.groupsecurity.commbank.com.au" />
+	<target host="innovate.commbank.com.au" />
+	<target host="legendsofcan.commbank.com.au" />
+	<target host="livechat.commbank.com.au" />
+	<target host="locationproperty.commbank.com.au" />
+	<target host="maximo.commbank.com.au" />
+	<target host="sat.maximo.commbank.com.au" />
+	<target host="www.multibank.commbank.com.au" />
+	<target host="my.commbank.com.au" />
+	<target host="www.my.commbank.com.au" />
+	<target host="static.my.commbank.com.au" />
+	<target host="www1.my.commbank.com.au" />
+	<target host="www2.my.commbank.com.au" />
+	<target host="www.mysecurity.commbank.com.au" />
+	<target host="www.netbank.commbank.com.au" />
+	<target host="www1.netbank.commbank.com.au" />
+	<target host="www2.netbank.commbank.com.au" />
+	<target host="www3.netbank.commbank.com.au" />
+	<target host="docusign-ep-prd.gslb.npsb2b.commbank.com.au" />
+	<target host="transact.gslb.npsb2b.commbank.com.au" />
+	<target host="docusign-ep-nft.gslb.sat.npsb2b.commbank.com.au" />
+	<target host="transact.gslb.sat.npsb2b.commbank.com.au" />
+	<target host="www.personalapplications.commbank.com.au" />
+	<target host="rttmfp.commbank.com.au" />
+	<target host="rpdatahub.sat.commbank.com.au" />
+	<target host="secure.commbank.com.au" />
+	<target host="www.secure.commbank.com.au" />
+	<target host="service.commbank.com.au" />
+	<target host="sftp.commbank.com.au" />
+	<target host="hlpte.sit.commbank.com.au" />
+	<target host="hlpti.sit.commbank.com.au" />
+	<target host="cbasupport.stage.commbank.com.au" />
+	<target host="www.commbiz.staging.commbank.com.au" />
+	<target host="www.my.commbiz.staging.commbank.com.au" />
+	<target host="netlock.my.commbiz.staging.commbank.com.au" />
+	<target host="netlock1.my.commbiz.staging.commbank.com.au" />
+	<target host="netlock2.my.commbiz.staging.commbank.com.au" />
+	<target host="www1.my.commbiz.staging.commbank.com.au" />
+	<target host="www2.my.commbiz.staging.commbank.com.au" />
+	<target host="netlock.commbiz.staging.commbank.com.au" />
+	<target host="update.commbiz.staging.commbank.com.au" />
+	<target host="www.webanalytics.commbiz.staging.commbank.com.au" />
+	<target host="wealthservices.staging.commbank.com.au" />
+	<target host="www.webanalytics.staging.commbank.com.au" />
+	<target host="www1.webanalytics.staging.commbank.com.au" />
+	<target host="www2.webanalytics.staging.commbank.com.au" />
+	<target host="super.commbank.com.au" />
+	<target host="stg.super.commbank.com.au" />
+	<target host="support.commbank.com.au" />
+	<target host="surveys.commbank.com.au" />
+	<target host="tps.commbank.com.au" />
+	<target host="tps-test.commbank.com.au" />
+	<target host="tps-test1.commbank.com.au" />
+	<target host="www.vipro.commbank.com.au" />
+	<target host="wealthservices.commbank.com.au" />
+	<target host="www.webanalytics.commbank.com.au" />
+	<target host="www1.webanalytics.commbank.com.au" />
+	<target host="www2.webanalytics.commbank.com.au" />
+	<target host="www1.commbank.com.au" />
+	<target host="www2.commbank.com.au" />
+	<target host="www3.commbank.com.au" />
+
+  	<securecookie host="^www\.commbank\.com\.au$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Commentary_Magazine.com.xml b/src/chrome/content/rules/Commentary_Magazine.com.xml
new file mode 100644
index 000000000000..b4d6da763c84
--- /dev/null
+++ b/src/chrome/content/rules/Commentary_Magazine.com.xml
@@ -0,0 +1,35 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- dev.commentarymagazine.com
+		- test.commentarymagazine.com
+		- www.commentarymagazine.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Commentary Magazine.com">
+
+	<target host="commentarymagazine.com" />
+	<target host="dev.commentarymagazine.com" />
+	<target host="test.commentarymagazine.com" />
+	<target host="www.commentarymagazine.com" />
+
+		<!--	Set cookies without Secure:
+							-->
+		<!--test url="http://dev.commentarymagazine.com/wp-login.php" /-->
+		<!--test url="http://test.commentarymagazine.com/wp-login.php" /-->
+		<!--test url="http://www.commentarymagazine.com/wp-login.php" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:dev|test|www)\.commentarymagazine\.com$" name="^(?:advanced_ads_page_impressions|wordpress_test_cookie)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Commerce5.com.xml b/src/chrome/content/rules/Commerce5.com.xml
new file mode 100644
index 000000000000..82255ed6e65e
--- /dev/null
+++ b/src/chrome/content/rules/Commerce5.com.xml
@@ -0,0 +1,34 @@
+<!--
+	For other Digital River coverage, see Digital-River.xml.
+
+
+	Problematic hosts in *commerce5.com:
+
+		- cm *
+
+	* Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- cm.commerce5.com
+
+-->
+<ruleset name="Commerce5.com (partial)" default_off="mismatched">
+
+	<!--	Direct rewrites:
+					-->
+	<target host="cm.commerce5.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^cm\.commerce5\.com$" name="^(ASPSESSIONID[A-Z]{8}|AUTHORIZATION|SessionManager|aqueduct_cookies)$" /-->
+
+	<securecookie host="^cm\.commerce5\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Commercial-Radio-Hong-Kong.xml b/src/chrome/content/rules/Commercial-Radio-Hong-Kong.xml
new file mode 100644
index 000000000000..50aa40c4aa39
--- /dev/null
+++ b/src/chrome/content/rules/Commercial-Radio-Hong-Kong.xml
@@ -0,0 +1,17 @@
+<!--
+	Refused:
+		archive.881903.com
+-->
+<ruleset name="Commercial Radio Hong Kong">
+	<target host="881903.com" />
+	<target host="*.881903.com" />
+		<test url="http://api.881903.com/liveBanner/livejson.json" />
+		<test url="http://crtv.881903.com/crtv/index.php" />
+		<test url="http://event.881903.com/hktbaudioplayer/player_token.php?ch=hd881" />
+		<test url="http://www-hk.881903.com/" />
+
+		<exclusion pattern="^http://archive.881903.com/" />
+			<test url="http://archive.881903.com/soundColumn/A000685-20190628-007.m4a" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Commindo-media.xml b/src/chrome/content/rules/Commindo-media.xml
deleted file mode 100644
index 50cab2878930..000000000000
--- a/src/chrome/content/rules/Commindo-media.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	Problematic domains:
-
-		- (www.)commindo-media.de	(works, CN: *.prossl.de)
-
--->
-<ruleset name="commindo media (partial)">
-
-	<target host="auslieferung.commindo-media-ressourcen.de" />
-
-
-	<rule from="^http://auslieferung\.commindo-media-ressourcen\.de/"
-		to="https://auslieferung.commindo-media-ressourcen.de/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Commission_Junction.xml b/src/chrome/content/rules/Commission_Junction.xml
index fca844c691a2..ec1d2e2f1908 100644
--- a/src/chrome/content/rules/Commission_Junction.xml
+++ b/src/chrome/content/rules/Commission_Junction.xml
@@ -30,7 +30,6 @@
 	<target host="www.jdoqocy.com" />
 	<target host="www.kdukvh.com" />
 	<target host="www.kqzyfj.com" />
-	<target host="www.lduhtrp.net"/>
 	<target host="www.pkracv.com" />
 	<target host="www.rnsfpw.net" />
 	<target host="www.qksrv.net" />
@@ -44,7 +43,7 @@
 	<securecookie host="^(?:.*\.)?(?:apmebf|cj)\.com$" name=".+" />
 
 
-	<rule from="^http://www\.(afcyhf|anrdoezrs|apmebf|awltovhc|commission-junction|dpbolvw|emjcd|ftjcfx|jdoqocy|kdukvh|kqzyfj|lduhtrp|pkracv|tkqlhce|tqlkg)\.(com|net)/"
+	<rule from="^http://www\.(afcyhf|anrdoezrs|apmebf|awltovhc|commission-junction|dpbolvw|emjcd|ftjcfx|jdoqocy|kdukvh|kqzyfj|pkracv|tkqlhce|tqlkg)\.(com|net)/"
 		to="https://www.$1.$2/" />
 
 	<rule from="^http://www\.(?:awxibrm|cualbr|rnsfpw|vofzpwh|yceml)\.(?:com|net)/"
diff --git a/src/chrome/content/rules/CommitStrip.com.xml b/src/chrome/content/rules/CommitStrip.com.xml
new file mode 100644
index 000000000000..c79ac0fb31a9
--- /dev/null
+++ b/src/chrome/content/rules/CommitStrip.com.xml
@@ -0,0 +1,14 @@
+<ruleset name="CommitStrip.com">
+
+	<target host="commitstrip.com" />
+	<target host="www.commitstrip.com" />
+
+	<!-- Some pages redirect to http in the shop section -->
+	<exclusion pattern="^http://www\.commitstrip\.com/shop/" />
+		<test url="http://www.commitstrip.com/shop/en/15-tee-shirts" />
+		<test url="http://www.commitstrip.com/shop/fr/12-livres" />
+		<test url="http://www.commitstrip.com/shop/fr/16-mugs" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Commodity_Futures_Trading_Commission.xml b/src/chrome/content/rules/Commodity_Futures_Trading_Commission.xml
deleted file mode 100644
index a41db8e894cc..000000000000
--- a/src/chrome/content/rules/Commodity_Futures_Trading_Commission.xml
+++ /dev/null
@@ -1,28 +0,0 @@
-<!--
-	For other U.S. government coverage, see US-government.xml.
-
-
-	Problematic subdomains:
-
-		- ^		(mismatched)
-
-
-	Some pages redirect to http.
-
--->
-<ruleset name="Commodity Futures Trading Commission (partial)">
-
-	<target host="cftc.gov" />
-	<target host="*.cftc.gov" />
-
-
-	<securecookie host="^services\.cftc\.gov$" name=".+" />
-
-
-	<rule from="^https?://(?:www\.)?cftc.gov/ucm/"
-		to="https://www.cftc.gov/ucm/" />
-
-	<rule from="^http://services\.cftc\.gov/"
-		to="https://services.cftc.gov/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Common-Lisp.net.xml b/src/chrome/content/rules/Common-Lisp.net.xml
new file mode 100644
index 000000000000..8d40768a6026
--- /dev/null
+++ b/src/chrome/content/rules/Common-Lisp.net.xml
@@ -0,0 +1,34 @@
+<!--
+	Fully covered hosts in *common-lisp.net:
+
+		- (www.)?
+		- gitlab
+		- mailman
+
+
+	Insecure cookies are set for these hosts:
+
+		- gitlab.common-lisp.net
+
+-->
+<ruleset name="Common-Lisp.net">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="common-lisp.net" />
+	<target host="gitlab.common-lisp.net" />
+	<target host="mailman.common-lisp.net" />
+	<target host="www.common-lisp.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^gitlab\.common-lisp\.net$" name="^request_method$" /-->
+
+	<securecookie host="^gitlab\.common-lisp\.net$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CommonCrawl.xml b/src/chrome/content/rules/CommonCrawl.xml
index 240da13e7747..84f7dd767aac 100644
--- a/src/chrome/content/rules/CommonCrawl.xml
+++ b/src/chrome/content/rules/CommonCrawl.xml
@@ -4,7 +4,6 @@
 	<target host="www.commoncrawl.org" />
 
 
-	<rule from="^http://(www\.)?commoncrawl\.org/"
-		to="https://$1commoncrawl.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/CommonDreams.org.xml b/src/chrome/content/rules/CommonDreams.org.xml
new file mode 100644
index 000000000000..b9969c0bb265
--- /dev/null
+++ b/src/chrome/content/rules/CommonDreams.org.xml
@@ -0,0 +1,16 @@
+<!--
+	Invalid certificate:
+		action.commondreams.org
+
+-->
+<ruleset name="CommonDreams.org">
+
+	<target host="commondreams.org" />
+	<target host="www.commondreams.org" />
+	<target host="commons.commondreams.org" />
+
+	<securecookie host="^commondreams\.org$" name=".+" />
+
+	<rule from="^http:" to="https:"/>
+
+</ruleset>
diff --git a/src/chrome/content/rules/CommonDreams.xml b/src/chrome/content/rules/CommonDreams.xml
deleted file mode 100644
index 4cacfe0d06bf..000000000000
--- a/src/chrome/content/rules/CommonDreams.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="CommonDreams">
-  <target host="commondreams.org" />
-  <target host="www.commondreams.org" />
-
-  <securecookie host="^(www\.)?commondreams\.org$" name=".*"/>
-
-  <rule from="^http://(?:www\.)?commondreams\.org/" to="https://www.commondreams.org/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/CommonPlaceBooks.xml b/src/chrome/content/rules/CommonPlaceBooks.xml
new file mode 100644
index 000000000000..3992f580fa9c
--- /dev/null
+++ b/src/chrome/content/rules/CommonPlaceBooks.xml
@@ -0,0 +1,10 @@
+<!--
+	commonplacebooks.com uses Square Space which provides HTTPS to its subdomains.
+-->
+<ruleset name="Common Place Books">
+	<target host="commonplacebooks.com" />
+	<target host="www.commonplacebooks.com" />
+
+	<rule from="^http://(www\.)?commonplacebooks\.com/"
+			to="https://commonplacebooks.squarespace.com/" />
+</ruleset>
diff --git a/src/chrome/content/rules/Common_App.xml b/src/chrome/content/rules/Common_App.xml
deleted file mode 100644
index e27c1f56015e..000000000000
--- a/src/chrome/content/rules/Common_App.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	!www: cert only matches *.commonapp.org
-
--->
-<ruleset name="Common App">
-
-	<target host="commonapp.org" />
-	<target host="www.commonapp.org" />
-
-
-	<securecookie host="^www\.commonapp\.org$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?commonapp\.org/"
-		to="https://www.commonapp.org/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Common_Craft.com.xml b/src/chrome/content/rules/Common_Craft.com.xml
new file mode 100644
index 000000000000..dc46c48ac929
--- /dev/null
+++ b/src/chrome/content/rules/Common_Craft.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="Common Craft.com">
+
+	<target host="commoncraft.com" />
+	<target host="www.commoncraft.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Common_Criteria_Portal.xml b/src/chrome/content/rules/Common_Criteria_Portal.xml
new file mode 100644
index 000000000000..8ef7ac2d55ea
--- /dev/null
+++ b/src/chrome/content/rules/Common_Criteria_Portal.xml
@@ -0,0 +1,15 @@
+<!--
+	^commoncriteriaportal.org doesn't exist.
+
+-->
+<ruleset name="Common Criteria Portal.org">
+
+    <target host="*.commoncriteriaportal.org" />
+
+		<test url="http://www.commoncriteriaportal.org/" />
+
+    <securecookie host=".+" name=".+" />
+
+    <rule from="^http:"
+        to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CommonwealthCourtsPortal.xml b/src/chrome/content/rules/CommonwealthCourtsPortal.xml
new file mode 100644
index 000000000000..345db6763489
--- /dev/null
+++ b/src/chrome/content/rules/CommonwealthCourtsPortal.xml
@@ -0,0 +1,7 @@
+<ruleset name="Commonwealth Courts Portal">
+	<target host="comcourts.gov.au" />
+	<target host="www.comcourts.gov.au" />
+
+	<rule from="^http://(?:www\.)?comcourts\.gov\.au/"
+		to="https://www.comcourts.gov.au/" />
+</ruleset>
diff --git a/src/chrome/content/rules/CommonwealthGITC.xml b/src/chrome/content/rules/CommonwealthGITC.xml
new file mode 100644
index 000000000000..d97cb3879be6
--- /dev/null
+++ b/src/chrome/content/rules/CommonwealthGITC.xml
@@ -0,0 +1,15 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://gitc.finance.gov.au/ => https://www.gitc.finance.gov.au/: (28, 'Connection timed out after 20000 milliseconds')
+
+Automatically by https-everywhere-checker because:
+Fetch error: http://gitc.finance.gov.au/ => https://www.gitc.finance.gov.au/: (6, 'Could not resolve host: gitc.finance.gov.au')
+-->
+<ruleset name="Commonwealth GITC" default_off="failed ruleset test">
+	<target host="gitc.finance.gov.au" />
+	<target host="www.gitc.finance.gov.au" />
+
+	<rule from="^http://(?:www\.)?gitc\.finance\.gov\.au/"
+		to="https://www.gitc.finance.gov.au/" />
+</ruleset>
diff --git a/src/chrome/content/rules/CommonwealthGrantsCommission.xml b/src/chrome/content/rules/CommonwealthGrantsCommission.xml
new file mode 100644
index 000000000000..ba389ae12f74
--- /dev/null
+++ b/src/chrome/content/rules/CommonwealthGrantsCommission.xml
@@ -0,0 +1,7 @@
+<ruleset name="Commonwealth Grants Commission">
+	<target host="cgc.gov.au" />
+	<target host="www.cgc.gov.au" />
+
+	<rule from="^http://(?:www\.)?cgc\.gov\.au/"
+		to="https://www.cgc.gov.au/" />
+</ruleset>
diff --git a/src/chrome/content/rules/CommonwealthSuperannuationCorporation.xml b/src/chrome/content/rules/CommonwealthSuperannuationCorporation.xml
new file mode 100644
index 000000000000..3e07bc4c29a1
--- /dev/null
+++ b/src/chrome/content/rules/CommonwealthSuperannuationCorporation.xml
@@ -0,0 +1,7 @@
+<ruleset name="Commonwealth Superannuation Corporation">
+	<target host="csc.gov.au" />
+	<target host="www.csc.gov.au" />
+
+	<rule from="^http://(?:www\.)?csc\.gov\.au/"
+		to="https://www.csc.gov.au/" />
+</ruleset>
diff --git a/src/chrome/content/rules/Commotionwireless.net.xml b/src/chrome/content/rules/Commotionwireless.net.xml
index 8b0091b3fa24..961e01622007 100644
--- a/src/chrome/content/rules/Commotionwireless.net.xml
+++ b/src/chrome/content/rules/Commotionwireless.net.xml
@@ -1,13 +1,20 @@
-<ruleset name="Commotionwireless.net">
 
-	<target host="commotionwireless.net" />
-	<target host="*.commotionwireless.net" />
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://wiki.commotionwireless.net/ => https://wiki.commotionwireless.net/: (28, 'Operation timed out after 30001 milliseconds with 134073 bytes received')
 
+	Mismatch:
+		- code
+-->
+<ruleset name="Commotionwireless.net" default_off="failed ruleset test">
 
-	<securecookie host="^code\.commotionwireless\.net$" name=".+" />
+	<target host="commotionwireless.net" />
+	<target host="www.commotionwireless.net" />
+	<target host="downloads.commotionwireless.net" />
+	<target host="wiki.commotionwireless.net" />
 
 
-	<rule from="^http://(code\.|www\.)?commotionwireless\.net/"
-		to="https://$1commotionwireless.net/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/CommuniGate.xml b/src/chrome/content/rules/CommuniGate.xml
index d4eb09f280fd..eecff69c9b8d 100644
--- a/src/chrome/content/rules/CommuniGate.xml
+++ b/src/chrome/content/rules/CommuniGate.xml
@@ -1,6 +1,6 @@
 <ruleset name="CommuniGate">
   <target host="communigate.com" />
-  <target host="*.communigate.com" />
+  <target host="www.communigate.com" />
 
   <rule from="^http://(?:www\.)?communigate\.com/" to="https://www.communigate.com/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/CommuniGator.co.uk.xml b/src/chrome/content/rules/CommuniGator.co.uk.xml
new file mode 100644
index 000000000000..fd4d61b264ed
--- /dev/null
+++ b/src/chrome/content/rules/CommuniGator.co.uk.xml
@@ -0,0 +1,28 @@
+<!--
+	^: refused
+
+
+	Mixed content:
+
+		- css on www from fonts.googleapis.com *
+
+		- favicon on www from $self *
+
+		- Ad on www from guru *
+
+	* Secured by us
+
+-->
+<ruleset name="CommuniGator.co.uk">
+
+	<target host="communigator.co.uk" />
+	<target host="www.communigator.co.uk" />
+	<target host="guru.communigator.co.uk" />
+
+
+	<rule from="^http://(?:www\.)?communigator\.co\.uk/"
+		to="https://www.communigator.co.uk/" />
+
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Communicate_Live.xml b/src/chrome/content/rules/Communicate_Live.xml
index 92d4f35bef27..ce934f722212 100644
--- a/src/chrome/content/rules/Communicate_Live.xml
+++ b/src/chrome/content/rules/Communicate_Live.xml
@@ -7,7 +7,6 @@
 	<securecookie host="^(?:www\.)?communicatelive\.co\.uk$" name=".+" />
 
 
-	<rule from="^http://(www\.)?communicatelive\.co\.uk/"
-		to="https://$1communicatelive.co.uk/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Communicator_Corporation.xml b/src/chrome/content/rules/Communicator_Corporation.xml
index c9d625896b0c..ece5911474c1 100644
--- a/src/chrome/content/rules/Communicator_Corporation.xml
+++ b/src/chrome/content/rules/Communicator_Corporation.xml
@@ -22,7 +22,7 @@
 	<rule from="^http://platform\.communicatorcorp\.com/"
 		to="https://platform.communicatorcorp.com/" />
 
-	<rule from="^https?://(?:www\.)?communicatoremail\.com/"
+	<rule from="^http://(?:www\.)?communicatoremail\.com/"
 		to="https://www.communicatoremail.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Community-Savings-Credit-Union.xml b/src/chrome/content/rules/Community-Savings-Credit-Union.xml
new file mode 100644
index 000000000000..fcfefb42d913
--- /dev/null
+++ b/src/chrome/content/rules/Community-Savings-Credit-Union.xml
@@ -0,0 +1,10 @@
+<ruleset name="Community Savings Credit Union">
+	<target host="comsavings.com" />
+	<target host="www.comsavings.com" />
+	<target host="mdws.comsavings.com" />
+	<target host="webmail.comsavings.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Community.elgg.org.xml b/src/chrome/content/rules/Community.elgg.org.xml
new file mode 100644
index 000000000000..57b66e91a206
--- /dev/null
+++ b/src/chrome/content/rules/Community.elgg.org.xml
@@ -0,0 +1,5 @@
+<ruleset name="Community.elgg.org">
+  <target host="community.elgg.org" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Community.wbgames.com.xml b/src/chrome/content/rules/Community.wbgames.com.xml
new file mode 100644
index 000000000000..36937a09ea55
--- /dev/null
+++ b/src/chrome/content/rules/Community.wbgames.com.xml
@@ -0,0 +1,28 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://wbplay.wbgames.com/ => https://wbplay.wbgames.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	(www.)?wbgames.com: Dropped
+
+
+	Insecure cookies are set for these hosts:
+
+		- community.wbgames.com
+
+-->
+<ruleset name="WB Games.com (partial)" default_off="failed ruleset test">
+	<target host="community.wbgames.com" />
+	<target host="wbplay.wbgames.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="community\.wbgames\.com$" name="^(?:LiSESSIONID|LithiumVisitor|LithiumUserInfo|LithiumUserSecure)$" /-->
+
+	<securecookie host="community\.wbgames\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Community_Matters.xml b/src/chrome/content/rules/Community_Matters.xml
index bfe0cca6a3a2..0277d8147906 100644
--- a/src/chrome/content/rules/Community_Matters.xml
+++ b/src/chrome/content/rules/Community_Matters.xml
@@ -1,4 +1,10 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://hohndel.org/ => https://hohndel.org/: (51, "SSL: no alternative certificate subject name matches target host name 'hohndel.org'")
+Fetch error: http://subsurface.hohndel.org/ => https://subsurface.hohndel.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://trac.hohndel.org/ => https://trac.hohndel.org/: (51, "SSL: no alternative certificate subject name matches target host name 'trac.hohndel.org'")
+
 	Nonfunctional subdomains:
 
 		- (www.) *
@@ -7,15 +13,16 @@
 	* Shows subsurface
 
 -->
-<ruleset name="Community Matters (partial)">
+<ruleset name="Community Matters (partial)" default_off="failed ruleset test">
 
-	<target host="*.hohndel.org" />
+	<target host="hohndel.org" />
+	<target host="subsurface.hohndel.org" />
+	<target host="trac.hohndel.org" />
 
 
 	<securecookie host="^.+\.hohndel\.org$" name=".+" />
 
 
-	<rule from="^http://(subsurface\.|trac\.)?hohndel\.org/"
-		to="https://$1hohndel.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Comodo.xml b/src/chrome/content/rules/Comodo.xml
index b5ae1e8ab77e..fbe07039ec06 100644
--- a/src/chrome/content/rules/Comodo.xml
+++ b/src/chrome/content/rules/Comodo.xml
@@ -59,7 +59,30 @@
 <ruleset name="Comodo">
 
 	<target host="comodo.com"/>
-	<target host="*.comodo.com"/>
+	<target host="accounts.comodo.com" />
+	<target host="antivirus.comodo.com" />
+	<target host="directory.comodo.com" />
+	<target host="download.comodo.com" />
+	<target host="downloads.comodo.com" />
+	<target host="enterprise.comodo.com" />
+	<target host="forums.comodo.com" />
+	<target host="friends.comodo.com" />
+	<target host="help.comodo.com" />
+	<target host="icedragon.comodo.com" />
+	<target host="m.comodo.com" />
+	<target host="marketingdb.comodo.com" />
+	<target host="pctuneup.comodo.com" />
+	<target host="penetration-testing.comodo.com" />
+	<target host="personalfirewall.comodo.com" />
+	<target host="secure.comodo.com" />
+	<target host="ssl.comodo.com" />
+	<target host="www.ssl.comodo.com" />
+	<target host="support.comodo.com" />
+	<target host="trustlogo.comodo.com" />
+	<target host="trustlogostats.comodo.com" />
+	<target host="www.comodo.com" />
+	<target host="www.download.comodo.com" />
+	<target host="siteinspector.comodo.com" />
 	<target host="comodo.net"/>
 	<target host="www.comodo.net"/>
 	<target host="secure.comodo.net"/>
@@ -72,26 +95,21 @@
 	<securecookie host="^[\w-]+\.comodo\.com$" name=".+" />
 
 
-	<rule from="^http://((?:accounts|antivirus|directory|downloads?|enterprise|forums|friends|help|icedragon|m|marketingdb|pctuneup|penetration-testing|personalfirewall|secure|ssl|www\.ssl|support|trustlogo|trustlogostats|www)\.)?comodo\.com/"
-		to="https://$1comodo.com/" />
 
-	<rule from="^https?://www\.download\.comodo\.com/"
+	<rule from="^http://www\.download\.comodo\.com/"
 		to="https://download.comodo.com/" />
 
-	<rule from="^http://secure\.comodo\.net/"
-		to="https://secure.comodo.net/" />
 
 	<!--	Check Web-Inspector-App.xml
 		https://trac.torproject.org/projects/tor/ticket/8133	-->
-	<rule from="^https?://siteinspector\.comodo\.com/"
+	<rule from="^http://siteinspector\.comodo\.com/"
 		to="https://app.webinspector.com/" />
 
 	<!-- Comodo's SSL image from lower right corner -->
-	<rule from="^http://(?:www\.)trustlogo\.com/(trustlogo/|images/cornertrust\.gif$)"
-		to="https://secure.comodo.com/$1" />
 
 	<!-- Redirect to avoid SSL stripping -->
-	<rule from="^https?://(?:www\.)?comodo(?:group\.com|\.net)/"
+	<rule from="^http://(?:www\.)?comodo(?:group\.com|\.net)/"
 		to="https://www.comodo.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/CompEx.xml b/src/chrome/content/rules/CompEx.xml
index e30c2748107d..5421bdca58e0 100644
--- a/src/chrome/content/rules/CompEx.xml
+++ b/src/chrome/content/rules/CompEx.xml
@@ -1,12 +1,12 @@
 <ruleset name="CompEx (partial)" default_off="expired">
 
 	<target host="themoneyreferral.com"/>
-	<target host="*.themoneyreferral.com"/>
+	<target host="www.themoneyreferral.com" />
 	<target host="videogateway.tv"/>
-	<target host="*.videogateway.tv"/>
+	<target host="www.videogateway.tv" />
 
-	<securecookie host="^(.*\.)themoneyreferral\.com$" name=".*"/>
-	<securecookie host="^(.*\.)videogateway\.tv$" name=".*"/>
+	<securecookie host="^(?:.*\.)themoneyreferral\.com$" name=".+" />
+	<securecookie host="^(?:.*\.)videogateway\.tv$" name=".+" />
 
 	<rule from="^http://(?:www\.)?themoneyreferral\.com/"
 		to="https://www.themoneyreferral.com/"/>
diff --git a/src/chrome/content/rules/CompLang.org.xml b/src/chrome/content/rules/CompLang.org.xml
deleted file mode 100644
index 92847a803b4a..000000000000
--- a/src/chrome/content/rules/CompLang.org.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="CompLang.org">
-
-	<target host="complang.org" />
-	<target host="www.complang.org" />
-
-
-	<rule from="^http://(www\.)?complang\.org/"
-		to="https://$1complang.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/CompaniesHouse.xml b/src/chrome/content/rules/CompaniesHouse.xml
index 141af5f1e55d..0eb79153d13b 100644
--- a/src/chrome/content/rules/CompaniesHouse.xml
+++ b/src/chrome/content/rules/CompaniesHouse.xml
@@ -1,7 +1,130 @@
-<ruleset name="CompaniesHouse">
-  <target host="*.companieshouse.gov.uk" />
+<!--
+	For rules causing MCB, see companieshouse.gov.uk-falsemixed.xml.
 
-  <securecookie host="^(direct|ebilling|ewf)\.companieshouse\.gov\.uk$" name=".*"/>
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	CDN buckets:
+
+		- d29r66hvgbhps3.cloudfront.net
+
+
+	Nonfunctional hosts in *companieshouse.gov.uk:
+
+		- data ᵃ
+		- download ᵈ
+		- resources ᵈ
+
+	ᵃ Shows another domain
+	ᵈ Dropped
+
+
+	Problematic hosts in *companieshouse.gov.uk:
+
+		- (www.)? ᵐ
+		- xmlgw ˣ
+
+	ᵐ Mismatched
+	ˣ Mixed css
+
+
+	Partially covered hosts in *companieshouse.gov.uk:
+
+		- (www.)? *
+		- wck2		(at least /wcframe redirects to http)
+
+	* >= /\w does not redirect
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .companieshouse.gov.uk
+		- beta.companieshouse.gov.uk
+		- ebilling.companieshouse.gov.uk
+		- wck2.companieshouse.gov.uk
+
+
+	Mixed content:
+
+		- css on xmlgw from resources.companieshouse.gov.uk ᵈ
+		- Images on xmlgw from resources.companieshouse.gov.uk ᵈ
+		- Bug on ewf from stats.companieshouse.gov.uk ˢ
+
+	ᵈ Unsecurable <= dropped
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="CompaniesHouse (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="account.companieshouse.gov.uk" />
+	<target host="beta.companieshouse.gov.uk" />
+	<target host="developer.companieshouse.gov.uk" />
+	<target host="direct.companieshouse.gov.uk" />
+	<target host="ebilling.companieshouse.gov.uk" />
+	<target host="ewf.companieshouse.gov.uk" />
+	<target host="extractives.companieshouse.gov.uk" />
+	<target host="piwik.companieshouse.gov.uk" />
+	<target host="stats.companieshouse.gov.uk" />
+	<target host="wck2.companieshouse.gov.uk" />
+	<!--target host="xmlgw.companieshouse.gov.uk" /-->
+
+
+	<!--	Complications:
+				-->
+	<target host="companieshouse.gov.uk" />
+	<target host="www.companieshouse.gov.uk" />
+
+		<exclusion pattern="^http://wck2\.companieshouse\.gov\.uk//?wcframe" />
+
+			<!--	ve:
+					-->
+			<test url="http://wck2.companieshouse.gov.uk//wcframe" />
+			<test url="http://wck2.companieshouse.gov.uk//wcframe?name=accessCompanyInfo" />
+
+			<!--	ve:
+					-->
+			<test url="http://wck2.companieshouse.gov.uk/com-remindaccount" />
+			<test url="http://wck2.companieshouse.gov.uk/goWCK/help/en/stdwc/priv_ch.html" />
+			<test url="http://wck2.companieshouse.gov.uk/images/com/en/spacer.gif" />
+			<test url="http://wck2.companieshouse.gov.uk/register" />
+			<test url="http://wck2.companieshouse.gov.uk/wclogin?rt=login" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.companieshouse\.gov\.uk$" name="^chcookie$" /-->
+	<!--securecookie host="^beta\.companieshouse\.gov\.uk$" name="^(?:__prefs|sft)$" /-->
+	<!--securecookie host="^ebilling\.companieshouse\.gov\.uk$" name="^JSESSIONID$" /-->
+	<!--securecookie host="^wck2\.companieshouse\.gov\.uk$" name="^ch_session" /-->
+
+	<securecookie host="^(?!wck2\.)\w" name=".+" />
+
+
+	<!--	Redirect drops forward slash andargs:
+							-->
+	<rule from="^http://(?:www\.)?companieshouse\.gov\.uk/.*"
+		to="https://www.gov.uk/government/organisations/companies-house" />
+
+		<!--	/\w does not redirect:
+						-->
+		<exclusion pattern="^http://(?:www\.)?companieshouse\.gov\.uk/(?!/*(?:$|\?))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.companieshouse.gov.uk/DS01Checklist" />
+			<test url="http://www.companieshouse.gov.uk/about/" />
+			<test url="http://www.companieshouse.gov.uk/about/informalCorrection.shtml" />
+			<test url="http://www.companieshouse.gov.uk/about/listCurrentContracts.shtml" />
+			<test url="http://www.companieshouse.gov.uk/eventbooking" />
+			<test url="http://www.companieshouse.gov.uk/infoAndGuide/faq/changeCompNameRes.shtml" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.companieshouse.gov.uk/?" />
+
+	<rule from="^http:"
+		to="https:" />
 
-  <rule from="^http://(direct|ebilling|ewf)\.companieshouse\.gov\.uk/" to="https://$1.companieshouse.gov.uk/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/CompaniesInTheUK.xml b/src/chrome/content/rules/CompaniesInTheUK.xml
index 70d4d76432ba..ecbe0f43db51 100644
--- a/src/chrome/content/rules/CompaniesInTheUK.xml
+++ b/src/chrome/content/rules/CompaniesInTheUK.xml
@@ -2,8 +2,7 @@
   <target host="companiesintheuk.co.uk" />
   <target host="www.companiesintheuk.co.uk" />
 
-  <securecookie host="^(.+\.)?companiesintheuk\.co\.uk$" name=".*"/>
+  <securecookie host=".+" name=".+" />
 
-  <rule from="^http://companiesintheuk\.co\.uk/" to="https://companiesintheuk.co.uk/"/>
-  <rule from="^http://(www)\.companiesintheuk\.co\.uk/" to="https://$1.companiesintheuk.co.uk/"/>
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Companies_House.xml b/src/chrome/content/rules/Companies_House.xml
deleted file mode 100644
index 16d6c1f27d25..000000000000
--- a/src/chrome/content/rules/Companies_House.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	For other UK government coverage, see GOV.UK.xml.
-
-
-	Nonfunctional subdomains:
-
-		- (www.)
-
-
-	Partially covered subdomains:
-
-		- wck2		(at least /wcframe redirects to http)
-
--->
-<ruleset name="Companies House (partial)">
-
-	<target host="wck2.companieshouse.gov.uk" />
-
-
-	<rule from="^http://wck2\.companieshouse\.gov\.uk/(?!/?wcframe)"
-		to="https://wck2.companieshouse.gov.uk/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/CompareTheMarket.xml b/src/chrome/content/rules/CompareTheMarket.xml
index 8a9a545c7c5b..214b9d9412c6 100644
--- a/src/chrome/content/rules/CompareTheMarket.xml
+++ b/src/chrome/content/rules/CompareTheMarket.xml
@@ -1,41 +1,86 @@
+
 <!--
-	Nonfunctional subdomains:
+Disabled by https-everywhere-checker because:
+Fetch error: http://contact.comparethemarket.com/ => https://contact.comparethemarket.com/: (7, 'Failed to connect to contact.comparethemarket.com port 443: Connection refused')
 
-		- careers	(shows default plesk page; expired 2011-09-30, CN: plesk)
-		- meerkat	(refused)
+	Other Compare the Market rulesets:
 
+		- email-comparethemarket.com.xml
 
-	^ times out
 
+	Nonfunctional hosts in *comparethemarket.com:
 
-	Fully covered domains:
+		- ^ ⁵
+		- broadband ⁴
+		- careers ʳ
+		- meerkat ʳ
+		- tech ᵈ
+		- techjobs ᵈ
 
-		- email-comparethemarket.com
+	⁴ 403
+	⁵ 503
+	ᵈ Dropped
+	ʳ Refused
 
-		- comparethemarket.com subdomains:
 
-			- (www.)	(^ → www)
-			- cdn
-			- contact
-			- quote
-			- rewards
-			- services
+	These altnames do not exist:
 
--->
-<ruleset name="Compare The Market" platform="mixedcontent">
+		- www.mobilephones.comparethemarket.com
+		- www.m.quote.comparethemarket.com
+		- www.services.comparethemarket.com
+		- www.signin.comparethemarket.com
+
+
+	Insecure cookies are set for these domains and hosts:
 
-	<target host="email-comparethemarket.com" />
+		- .comparethemarket.com
+		- home.comparethemarket.com
+		- my.comparethemarket.com
+		- quote.comparethemarket.com
+		- signin.comparethemarket.com
+		- www.comparethemarket.com
+
+-->
+<ruleset name="Compare The Market.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="cdn.comparethemarket.com" />
+	<target host="contact.comparethemarket.com" />
+	<target host="home.comparethemarket.com" />
+	<target host="mobilephones.comparethemarket.com" />
+	<target host="my.comparethemarket.com" />
+	<target host="quote.comparethemarket.com" />
+	<target host="m.quote.comparethemarket.com" />
+	<target host="rewards.comparethemarket.com" />
+	<target host="services.comparethemarket.com" />
+	<target host="signin.comparethemarket.com" />
+	<target host="www.comparethemarket.com" />
+
+	<!--	Complications:
+				-->
 	<target host="comparethemarket.com" />
-	<target host="*.comparethemarket.com" />
 
+		<!--	Sets cookies without Secure:
+							-->
+		<!--test url="http://home.comparethemarket.com/quote/begin-oauth" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.comparethemarket\.com$" name="^(?:(?:__)?CTM\.ReferralCodeContext|CTMJourney|CTMMVT|CTMMVT_Session|my\.id)$" /-->
+	<!--securecookie host="^home\.comparethemarket\.com$" name="^home\.(:enquiry|quote)\.id$" /-->
+	<!--securecookie host="^my\.comparethemarket\.com$" name="^openid\.n\.\w+$" /-->
+	<!--securecookie host="^(?:quote|www)\.comparethemarket\.com$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^signin\.comparethemarket\.com$" name="^(?:idsrv\.xsrf|SignInMessage\.[\da-f]{32})$" /-->
 
-	<securecookie host="^(?:.*\.|email-)?comparethemarket\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?comparethemarket\.com/"
+	<rule from="^http://comparethemarket\.com/"
 		to="https://www.comparethemarket.com/" />
 
-	<rule from="^http://((?:cdn|contact|quote|rewards|services)\.|email-)comparethemarket\.com/"
-		to="https://$1comparethemarket.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Compari.ro.xml b/src/chrome/content/rules/Compari.ro.xml
new file mode 100644
index 000000000000..670145e1e25c
--- /dev/null
+++ b/src/chrome/content/rules/Compari.ro.xml
@@ -0,0 +1,52 @@
+<!--
+	For other Arukereso coverage, see Arukereso.xml.
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .ro
+		- .compari.ro
+		- aparat-de-sudura-invertor.compari.ro
+		- constructie-renovare.compari.ro
+		- ochelari-masca-de-protectie-sudura.compari.ro
+		- . . .
+		- www.compari.ro
+
+-->
+<ruleset name="Compari.ro">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="compari.ro" />
+	<target host="*.compari.ro" />
+
+		<test url="http://accesorii-aer-conditionat-incalzire.compari.ro/" />
+		<test url="http://affiliation.compari.ro/" />
+		<test url="http://aparat-de-sudura-invertor.compari.ro/" />
+		<test url="http://chiuveta.compari.ro/" />
+		<test url="http://constructie-renovare.compari.ro/" />
+		<test url="http://image.compari.ro/" />
+		<test url="http://masina-de-uscat-rufe.compari.ro/" />
+		<test url="http://ochelari-masca-de-protectie-sudura.compari.ro/" />
+		<test url="http://p1-ssl.compari.ro/" />
+		<test url="http://periuta-de-dinti-electrica.compari.ro/" />
+		<test url="http://scaun-de-masa-bebelusi.compari.ro/" />
+		<test url="http://static.compari.ro/" />
+		<test url="http://tablet-pc.compari.ro/" />
+		<test url="http://tensiometru.compari.ro/" />
+		<test url="http://termostat.compari.ro/" />
+		<test url="http://www.compari.ro/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.ro$" name="^LongExpireUserId$" /-->
+	<!--securecookie host="^\.compari\.ro$" name="^(?:ARUKERESO_SESSION|LongExpireUserId)$" /-->
+	<!--securecookie host="^(?:aparat-de-sudura-invertor.compari|constructie-renovare|ochelari-masca-de-protectie-sudura|www)\.compari\.ro$" name="^UniqueUserId$" /-->
+
+	<securecookie host=".*\.compari\.ro$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Comparis.xml b/src/chrome/content/rules/Comparis.xml
index aa35dac3762d..cfbec9125013 100644
--- a/src/chrome/content/rules/Comparis.xml
+++ b/src/chrome/content/rules/Comparis.xml
@@ -1,9 +1,9 @@
 <ruleset name="Comparis.ch">
         <target host="comparis.ch" />
         <target host="*.comparis.ch" />
-        <securecookie host="^(.*\.)?comparis\.ch$" name=".*" />
+        <securecookie host=".+" name=".+"/>
 
-        <rule from="^https?://comparis\.ch/"
+        <rule from="^http://comparis\.ch/"
             to="https://www.comparis.ch/" />
         <rule from="^http://([^/:@]+)?\.comparis\.ch/"
             to="https://$1.comparis.ch/"/>
diff --git a/src/chrome/content/rules/Comparitech.com.xml b/src/chrome/content/rules/Comparitech.com.xml
new file mode 100644
index 000000000000..e9b848f546a2
--- /dev/null
+++ b/src/chrome/content/rules/Comparitech.com.xml
@@ -0,0 +1,11 @@
+<ruleset name="Comparitech.com">
+	<target host=    "comparitech.com" />
+	<target host="www.comparitech.com" />
+	<target host="cdn.comparitech.com" />
+
+	<!-- redirect to www -->
+  	<securecookie host="^www\.comparitech\.com$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Compendium.com.xml b/src/chrome/content/rules/Compendium.com.xml
new file mode 100644
index 000000000000..1348998a3eb0
--- /dev/null
+++ b/src/chrome/content/rules/Compendium.com.xml
@@ -0,0 +1,60 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://compendium.com/ => https://www.oracle.com/us/corporate/acquisitions/compendium/index.html: Too many redirects while fetching 'https://www.oracle.com/us/corporate/acquisitions/compendium/index.html'
+Fetch error: http://www.compendium.com/ => https://www.oracle.com/us/corporate/acquisitions/compendium/index.html: Too many redirects while fetching 'https://www.oracle.com/us/corporate/acquisitions/compendium/index.html'
+
+	For other Oracle coverage, see Oracle.xml.
+
+
+	(www.): mismatched, CN: www-legacy.oracle.com
+
+
+	Insecure cookies are set for these hosts:
+
+		- imagefilter.app.compendium.com
+
+-->
+<ruleset name="Compendium.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="app.compendium.com" />
+	<target host="cdn.app.compendium.com" />
+	<target host="imagefilter.app.compendium.com" />
+
+	<!--	Complications:
+				-->
+	<target host="compendium.com" />
+	<target host="www.compendium.com" />
+
+		<exclusion pattern="^http://(?:www\.)?compendium\.com/(?!$)" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^imagefilter\.app\.compendium\.com$" name="^rack\.session$" /-->
+
+	<securecookie host="^imagefilter\.app\.compendium\.com$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?compendium\.com/"
+		to="https://www.oracle.com/us/corporate/acquisitions/compendium/index.html" />
+
+	<!--	Redirect drops path but not args:
+
+		..but there are specific redirects caught by this.
+						-->
+	<!--rule from="^http://(?:www\.)?compendium\.com/[^?]+"
+		to="https://www.oracle.com/index.html" /-->
+
+		<!-- e.g.:
+				-->
+		<test url="http://www.compendium.com/blog/" />
+		<test url="http://www.compendium.com/clients/" />
+		<test url="http://www.compendium.com/how-it-works/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Compendium.xml b/src/chrome/content/rules/Compendium.xml
deleted file mode 100644
index 8f472a6fe5a7..000000000000
--- a/src/chrome/content/rules/Compendium.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<ruleset name="Compendium">
-
-	<target host="compendiumblog.com" />
-	<target host="*.compendiumblog.com" />
-	<target host="*.content.compendiumblog.com" />
-
-
-	<securecookie host="^www\.compendiumblog\.com$" name=".*" />
-
-
-	<!--	www & unique subdomains for blogs.	-->
-	<rule from="^http://(\w+)\.compendiumblog\.com/"
-		to="https://$1.compendiumblog.com/" />
-
-	<rule from="^http://cdn2\.content\.compendiumblog\.com/"
-		to="https://cdn2.content.compendiumblog.com/" />
-
-	<rule from="^http://(?:cdn|global)\.content\.compendiumblog\.com/"
-		to="https://s3.amazonaws.com/global.content.compendiumblog.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Compete.org.xml b/src/chrome/content/rules/Compete.org.xml
new file mode 100644
index 000000000000..df3200a6d011
--- /dev/null
+++ b/src/chrome/content/rules/Compete.org.xml
@@ -0,0 +1,14 @@
+<!--
+	Council on Competitiveness
+
+-->
+<ruleset name="Compete.org" default_off="refused">
+
+	<target host="compete.org" />
+	<target host="www.compete.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Compete.xml b/src/chrome/content/rules/Compete.xml
index 44d047805a79..48c8e206be6f 100644
--- a/src/chrome/content/rules/Compete.xml
+++ b/src/chrome/content/rules/Compete.xml
@@ -1,13 +1,11 @@
-<!--
-	Nonfunctional domains:
-
-		- blog.compete.com
 
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://c.compete.com/ => https://c.compete.com/: (6, 'Could not resolve host: c.compete.com')
 
 	CDN buckets:
 
 		- wildcard.compete.com.edgekey.net
-		- home.compete.com.edgesuite.net
 		- media.compete.com.edgesuite.net
 
 
@@ -16,27 +14,7 @@
 		- media.compete.com	(akamai)
 
 
-	Partially covered domains:
-
-		- home.compete.com *
-		- (www.)compete.com *
-
-	* At least some pages redirect to http.
-
-
-	Fully covered domains:
-
-		- *.c-col.com
-
-		- compete.com subdomains:
-
-			- app
-			- c
-			- grapher
-			- media
-			- securemedia
-
-		- home.compete.com.edgesuite.net
+	*.c-col.com: Bugs
 
 
 	*.col.com sets these tracking cookies:
@@ -45,35 +23,37 @@
 		- srp
 
 -->
-<ruleset name="Compete (partial)">
+<ruleset name="Compete (partial)" default_off="failed ruleset test">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="*.c-col.com" />
-	<target host="compete.com" />
-	<target host="*.compete.com" />
-	<target host="home.compete.com.edgesuite.net" />
-
 
-	<securecookie host="^.*\.c-col\.com$" name=".*" />
+	<target host="compete.com" />
+	<target host="app.compete.com" />
+	<target host="blog.compete.com" />
+	<target host="c.compete.com" />
+	<target host="grapher.compete.com" />
+	<target host="securemedia.compete.com" />
+	<target host="www.compete.com" />
 
+	<!--	Complications:
+				-->
+	<target host="media.compete.com" />
 
-	<!--	Tracking on 3rd-party websites.
-							-->
-	<rule from="^http://([\w\-]+)\.c-ol\.com/"
-		to="https://$1.col.com/" />
 
-	<rule from="^http://(www\.)?compete\.com/(plans(?:$|/|\?)|site_media/)"
-		to="https://$1compete.com/$2" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.c-col\.com$" name="^i00$" /-->
+	<!--securecookie host="ssl-[\w-]+-[\da-f]+\.c-col\.com$" name="^srp$" /-->
 
-	<rule from="^http://(app|c|grapher)\.compete\.com/"
-		to="https://$1.compete.com/" />
+	<securecookie host=".*\.c-col\.com$" name=".+" />
 
-	<rule from="^http://home\.compete\.com/site_media/"
-		to="https://securemedia.compete.com/site_media/" />
 
-	<rule from="^https?://(?:secure)?media\.compete\.com/"
+	<rule from="^http://media\.compete\.com/"
 		to="https://securemedia.compete.com/" />
 
-	<rule from="^https?://home.compete.com.edgesuite.net/"
-		to="https://home.compete.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/CompetitionsByWyndham.com.au.xml b/src/chrome/content/rules/CompetitionsByWyndham.com.au.xml
new file mode 100644
index 000000000000..cf245db06ece
--- /dev/null
+++ b/src/chrome/content/rules/CompetitionsByWyndham.com.au.xml
@@ -0,0 +1,12 @@
+<!--
+	Non-functional hosts
+		Incomplete certificate chain error:
+		- competitionsbywyndham.com.au
+		- www.competitionsbywyndham.com.au
+-->
+<ruleset name="CompetitionsByWyndham.com.au" default_off="cert-chain">
+	<target host="competitionsbywyndham.com.au" />
+	<target host="www.competitionsbywyndham.com.au" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Competitive_Enterprise_Institute-problematic.xml b/src/chrome/content/rules/Competitive_Enterprise_Institute-problematic.xml
index 35ad0e759ed4..f4892140b3fe 100644
--- a/src/chrome/content/rules/Competitive_Enterprise_Institute-problematic.xml
+++ b/src/chrome/content/rules/Competitive_Enterprise_Institute-problematic.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(?:www\.)?cei\.org/"
 		to="https://cei.org/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Competitive_Enterprise_Institute.xml b/src/chrome/content/rules/Competitive_Enterprise_Institute.xml
index 75f3db6c68fb..a7058e435a7a 100644
--- a/src/chrome/content/rules/Competitive_Enterprise_Institute.xml
+++ b/src/chrome/content/rules/Competitive_Enterprise_Institute.xml
@@ -1,4 +1,10 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://shop.cei.org/ => https://shop.cei.org/: (28, 'Connection timed out after 20000 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://shop.cei.org/ => https://shop.cei.org/: (60, 'SSL certificate problem: certificate has expired')
 	For problematic rules, see Competitive_Enterprise_Institute-problematic.xml.
 
 
@@ -7,7 +13,7 @@
 		- (www.)	(expired 2011-06-12, CN: plesk)
 
 -->
-<ruleset name="Competitive Enterprise Institute (partial)">
+<ruleset name="Competitive Enterprise Institute (partial)" default_off="failed ruleset test">
 
 	<target host="shop.cei.org" />
 
@@ -15,7 +21,6 @@
 	<securecookie host="^shop\.cei\.org$" name=".+" />
 
 
-	<rule from="^http://shop\.cei\.org/"
-		to="https://shop.cei.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Compiz.xml b/src/chrome/content/rules/Compiz.xml
index 25168e91cbe9..80c2b5b171cb 100644
--- a/src/chrome/content/rules/Compiz.xml
+++ b/src/chrome/content/rules/Compiz.xml
@@ -1,16 +1,30 @@
 <ruleset name="Compiz" default_off="Certificate mismatch">
 
 	<target host="compiz.org" />
-	<target host="*.compiz.org" />
+	<target host="www.compiz.org" />
+	<target host="cgit.compiz.org" />
+	<target host="forum.compiz.org" />
+	<target host="gitweb.compiz.org" />
+	<target host="lists.compiz.org" />
+	<target host="planet.compiz.org" />
+	<target host="releases.compiz.org" />
+	<target host="wiki.compiz.org" />
 	<target host="compiz-fusion.org" />
-	<target host="*.compiz-fusion.org" />
+	<target host="www.compiz-fusion.org" />
+	<target host="cgit.compiz-fusion.org" />
+	<target host="forum.compiz-fusion.org" />
+	<target host="gitweb.compiz-fusion.org" />
+	<target host="lists.compiz-fusion.org" />
+	<target host="planet.compiz-fusion.org" />
+	<target host="releases.compiz-fusion.org" />
+	<target host="wiki.compiz-fusion.org" />
 
-	<rule from="^http://(www\.)?compiz(-fusion)?\.org/"
+	<rule from="^http://(?:www\.)?compiz(?:-fusion)?\.org/"
 		to="https://www.compiz.org/" />
 
 	<rule from="^http://(cgit|forum|gitweb|lists|planet|releases|wiki)\.compiz(-fusion)?\.org/"
 		to="https://$1.compiz.org/" />
 
-	<securecookie host="^\.forum\.compiz\.org$" name=".*" />
+	<securecookie host="^\.forum\.compiz\.org$" name=".+" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/CompletelyPrivateFiles.com.xml b/src/chrome/content/rules/CompletelyPrivateFiles.com.xml
index 758f128a031a..1b6a59c2fdeb 100644
--- a/src/chrome/content/rules/CompletelyPrivateFiles.com.xml
+++ b/src/chrome/content/rules/CompletelyPrivateFiles.com.xml
@@ -1,10 +1,19 @@
-<ruleset name="CompletelyPrivateFiles.com">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://completelyprivatefiles.com/ => https://completelyprivatefiles.com/: (7, 'Failed to connect to completelyprivatefiles.com port 443: Connection refused')
+Fetch error: http://www.completelyprivatefiles.com/ => https://www.completelyprivatefiles.com/: (7, 'Failed to connect to www.completelyprivatefiles.com port 443: Connection refused')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://completelyprivatefiles.com/ => https://completelyprivatefiles.com/: (35, 'error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure')
+Fetch error: http://www.completelyprivatefiles.com/ => https://www.completelyprivatefiles.com/: (35, 'error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure')
+-->
+<ruleset name="CompletelyPrivateFiles.com" default_off="failed ruleset test">
 
 	<target host="completelyprivatefiles.com" />
 	<target host="www.completelyprivatefiles.com" />
 
 
-	<rule from="^http://(www\.)?completelyprivatefiles\.com/"
-		to="https://$1completelyprivatefiles.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Complex-systems.com.xml b/src/chrome/content/rules/Complex-systems.com.xml
new file mode 100644
index 000000000000..2c35d731a3c6
--- /dev/null
+++ b/src/chrome/content/rules/Complex-systems.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Complex-systems.com" default_off="refused">
+	<target host="complex-systems.com" />
+	<target host="www.complex-systems.com" />
+
+	<rule from="^http://(?:www\.)?complex-systems\.com/" to="https://www.complex-systems.com/" />
+</ruleset>
diff --git a/src/chrome/content/rules/ComplianceSigns.com.xml b/src/chrome/content/rules/ComplianceSigns.com.xml
index 2c51336f04c2..8454b8327b2f 100644
--- a/src/chrome/content/rules/ComplianceSigns.com.xml
+++ b/src/chrome/content/rules/ComplianceSigns.com.xml
@@ -36,7 +36,8 @@
 <ruleset name="ComplianceSigns.com">
 
 	<target host="compliancesigns.com" />
-	<target host="*.compliancesigns.com" />
+	<target host="cdn.compliancesigns.com" />
+	<target host="www.compliancesigns.com" />
 
 
 	<!--	name="^rv[1-5]$"
@@ -47,4 +48,4 @@
 	<rule from="^http://(?:cdn\.|www\.)?compliancesigns\.com/"
 		to="https://www.compliancesigns.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Compose.IO.xml b/src/chrome/content/rules/Compose.IO.xml
new file mode 100644
index 000000000000..f0a35298f4ea
--- /dev/null
+++ b/src/chrome/content/rules/Compose.IO.xml
@@ -0,0 +1,33 @@
+<!--
+	Fully covered subdomains:
+
+		- (www.)?
+		- app
+		- blog
+		- docs
+		- status
+
+
+	Mixed content:
+
+		- Images on blog from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Compose.IO">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="compose.io" />
+	<target host="app.compose.io" />
+	<target host="blog.compose.io" />
+	<target host="docs.compose.io" />
+	<target host="status.compose.io" />
+	<target host="www.compose.io" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CompraNoExterior.com.br.xml b/src/chrome/content/rules/CompraNoExterior.com.br.xml
deleted file mode 100644
index b2d3d5e22b71..000000000000
--- a/src/chrome/content/rules/CompraNoExterior.com.br.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	CDN buckets:
-
-		- d1h9c8t56th1se.cloudfront.net
-
-			- cdn
-			- cdn1
-
-
-	Nonfunctional subdomains:
-
-		- (www.)	(redirects to http, valid cert)
-
--->
-<ruleset name="CompraNoExterior.com.br (partial)">
-
-	<target host="*.compranoexterior.com.br" />
-
-
-	<rule from="^http://cdn1?\.compranoexterior\.com\.br/"
-		to="https://d1h9c8t56th1se.cloudfront.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Comprehensive-C-Archive-Network.xml b/src/chrome/content/rules/Comprehensive-C-Archive-Network.xml
deleted file mode 100644
index 4c0aa687d91e..000000000000
--- a/src/chrome/content/rules/Comprehensive-C-Archive-Network.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<ruleset name="Comprehensive C Archive Network">
-
-	<target host="ccodearchive.net" />
-	<target host="www.ccodearchive.net" />
-
-
-	<!--	Cert only matches //ccode...	-->
-	<rule from="^https?://(?:www\.)?ccodearchive\.net/"
-		to="https://ccodearchive.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Compteur.fr.xml b/src/chrome/content/rules/Compteur.fr.xml
index 5e2bcfcd291e..fd540e587599 100644
--- a/src/chrome/content/rules/Compteur.fr.xml
+++ b/src/chrome/content/rules/Compteur.fr.xml
@@ -1,19 +1,27 @@
 <!--
-	Problematic subdomains:
+	^compteur.fr does not exist.
 
-		- ^	(mismatched, CN: www.web-stat.com)
+
+	Insecure cookies are set for these domains: ᶜ
+
+		- .compteur.fr
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
 <ruleset name="Compteur.fr">
 
-	<target host="compteur.fr" />
-	<target host="*.compteur.fr" />
+	<target host="www.compteur.fr" />
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.compteur\.fr$" name="^wixmap_1$" /-->
 
-	<securecookie host="^\.(?:www\.)?compteur\.fr$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?compteur\.fr/"
-		to="https://www.compteur.fr/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/CompuLab.co.il.xml b/src/chrome/content/rules/CompuLab.co.il.xml
new file mode 100644
index 000000000000..eb2d7d132226
--- /dev/null
+++ b/src/chrome/content/rules/CompuLab.co.il.xml
@@ -0,0 +1,26 @@
+<!--
+	Mixed content:
+
+		- css, from:
+
+			- www.compulab.co.il ˢ
+			- code.jquery.com ˢ
+
+		- Images from www.compulab.co.il ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="CompuLab.co.il" platform="mixedcontent">
+
+	<target host="compulab.co.il" />
+	<target host="www.compulab.co.il" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Computational-Infrastructure-for-Operations-Research.xml b/src/chrome/content/rules/Computational-Infrastructure-for-Operations-Research.xml
deleted file mode 100644
index 192c0b5aa046..000000000000
--- a/src/chrome/content/rules/Computational-Infrastructure-for-Operations-Research.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)
-
-			- !www cert: coin-or.clemson.edu
-			- At least some paths 301 to http
-
--->
-<ruleset name="Computational Infrastructure for Operations Research (partial)">
-
-	<target host="projects.coin-or.org" />
-
-
-	<securecookie host="^projects\.coin-or\.org$" name=".*" />
-
-
-	<rule from="^http://projects\.coin-or\.org/"
-		to="https://projects.coin-or.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Computec-Academy.de.xml b/src/chrome/content/rules/Computec-Academy.de.xml
new file mode 100644
index 000000000000..3c60ac354ac6
--- /dev/null
+++ b/src/chrome/content/rules/Computec-Academy.de.xml
@@ -0,0 +1,46 @@
+<!--
+	Problematic hosts in *computec-academy.de:
+
+		- ^ ¹
+		- www ²
+
+	¹ Mismatched
+	² Server sends no certificate chain, see https://whatsmychaincert.com
+
+-->
+<ruleset name="Computec-Academy.de (partial)" default_off="cert-chain">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.computec-academy.de" />
+
+	<!--	Complications:
+				-->
+	<target host="computec-academy.de" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.computec-academy\.de/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.computec-academy\.de/+(?!sites/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.computec-academy.de/demo" />
+			<test url="http://www.computec-academy.de/node/962" />
+			<test url="http://www.computec-academy.de/vortraege" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.computec-academy.de/sites/www.computec-academy.de/files/css/css_8e5d70ccf101202d6ad3eb9016507b93.css" />
+
+
+	<rule from="^http://computec-academy\.de/"
+		to="https://www.computec-academy.de/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Computer-Steroids.xml b/src/chrome/content/rules/Computer-Steroids.xml
index 5c3c935ea99a..7e668b699645 100644
--- a/src/chrome/content/rules/Computer-Steroids.xml
+++ b/src/chrome/content/rules/Computer-Steroids.xml
@@ -33,7 +33,7 @@
 	<target host="whyblockme.info"/>
 	<target host="www.whyblockme.info"/>
 
-	<securecookie host="^((acdd|aolo|bedd|eaak|geak|goob|iglo|jeth|luez|mett|pooi|rade|siit)\.tk|(surfingip|switchip|whyblockme)\.info)$" name=".*"/>
+	<securecookie host="^(?:(?:acdd|aolo|bedd|eaak|geak|goob|iglo|jeth|luez|mett|pooi|rade|siit)\.tk|(?:surfingip|switchip|whyblockme)\.info)$" name=".+" />
 
 	<rule from="^http://(?:www\.)?(acdd|aolo|bedd|eaak|geak|goob|iglo|jeth|luez|mett|pooi|rade|siit)\.tk/"
 		to="https://$1.tk/"/>
diff --git a/src/chrome/content/rules/ComputerCraft.ru.xml b/src/chrome/content/rules/ComputerCraft.ru.xml
new file mode 100644
index 000000000000..9ce070d77ffe
--- /dev/null
+++ b/src/chrome/content/rules/ComputerCraft.ru.xml
@@ -0,0 +1,20 @@
+<!--
+	Refused:
+		- server0.computercraft.ru
+
+	Mismatched:
+		- bridge.computercraft.ru
+		- lk.computercraft.ru
+		- mail.computercraft.ru
+		- old.computercraft.ru
+		- opencomputers-3d.computercraft.ru
+		- shop.computercraft.ru
+		- stem.computercraft.ru
+-->
+<ruleset name="ComputerCraft.ru">
+	<target host="computercraft.ru" />
+	<target host="www.computercraft.ru" />
+	<target host="server1.computercraft.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ComputerWoche.de.xml b/src/chrome/content/rules/ComputerWoche.de.xml
new file mode 100644
index 000000000000..5ebb39836ba8
--- /dev/null
+++ b/src/chrome/content/rules/ComputerWoche.de.xml
@@ -0,0 +1,34 @@
+<!--
+	Cert mismatch:
+		- blog.computerwoche.de
+		- hpe-innovationen.computerwoche.de
+		- ibmexperts.computerwoche.de
+		- jobs.computerwoche.de
+		- juk.computerwoche.de
+		- w3.computerwoche.de
+
+-->
+<ruleset name="ComputerWoche.de">
+
+	<target host="computerwoche.de" />
+	<target host="www.computerwoche.de" />
+
+	<target host="40.computerwoche.de" />
+	<target host="cloudmentoren.computerwoche.de" />
+	<target host="www.cloudmentoren.computerwoche.de" />
+	<target host="bestinbigdata-de.computerwoche.de" />
+	<target host="beta.computerwoche.de" />
+	<target host="datacenter.computerwoche.de" />
+	<target host="beta.datacenter.computerwoche.de" />
+	<target host="info.datacenter.computerwoche.de" />
+	<target host="beta.hpe-innovationen.computerwoche.de" />
+	<target host="images.computerwoche.de" />
+	<target host="shop.computerwoche.de" />
+	<target host="sourcingday-de.computerwoche.de" />
+	<target host="whitepaper.computerwoche.de" />
+
+	<test url="http://info.datacenter.computerwoche.de/robots.txt" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ComputerWorld.xml b/src/chrome/content/rules/ComputerWorld.xml
index 3bebb428d545..7aea1c16cdd2 100644
--- a/src/chrome/content/rules/ComputerWorld.xml
+++ b/src/chrome/content/rules/ComputerWorld.xml
@@ -1,131 +1,63 @@
 <!--
 	For other IDG coverage, see IDG.se.xml.
 
-
-	CDN buckets:
-
-		- computerworld.com.edgesuite.net/newsletter_images/
-		- computerworld.com.edgesuite.net/techbrief/
-
-		- redirect.etouches.com
-
-			- events.computerworld.com
-
-		- computerworld.jobamatic.com
-
-			- itjobs.compterworld.com
-
-		- computerworld.mobify.me
-
-			- m.computerworld.com
-
-		- computerworld.idg.netdna-cdn.com
-
-			- -ssl doesn't exist
-			- cdn[1-4].computerworlduk.com
-
-
-	Nonfunctional domains:
-
-		- blogs.computerworld.com *
-		- resources.computerworld.com	(refused)
-		- (www.)computerworlduk.com *
-		- cdn[1-4].computerworlduk.com	(404; mismatched, CN: *.netdna-ssl.com)
-
-	* Dropped
-
-
-	Problematic computerworld.com subdomains:
-
-		- ^		(works; expired 2010-07-23, cert only matches www)
-		- events	(works; mismatched, CN: *.eiseverywhere.com)
-		- itjobs	(works; mismatched, CN: *.jobamatic.com)
-		- m		(shows mobify.com; mismatched, CN: *.mobify.com)
-
-
-	Partially covered domains:
-
-		- m.computerworld.com	(→ computerworld.mobify.com)
-
-
 	Fully covered domains:
+		- events.computerworld.com → eiseverywhere.com
+		- m.computerworld.com
 
-		- events.computerworld.com	(→ eiseverywhere.com)
-		- itjobs.compterworld.com	(→ computerworld.jobamatic.com)
-
-
-	Mixed content:
-
-		- Scripts, on www from:
-
-			- m *
-			- api.brightcove.com *
-			- disqus.com
-			- idg-networkworld.disqus.com
-			- wd.sharethis.com *
-
-		- Images, on www from:
-
-			- blogs ***
-			- from www *
-			- d1piko3ylsjhpd.cloudfront.net *
-			- computerworld.com.edgesuite.net *
-			- resources.idgenterprise.com ***
-
-		- Web bugs, on www from:
-
-			- bit.ly *
-			- s.bit.ly *
-			- tags.bkrtx.com *
-			- a.collective-media.net *
-			- api.demandbase.com *
-			- content.dl-rms.com *
-			- ad.doubleclick.net *
-			- pubads.g.doubleclick.net *
-			- ai.hitbox.com **
-			- jlinks.industrybrains.com *
-			- b.scorecardresearch.com *
-
-	* Secured by us
-	** Unsecurable, but who cares. 404s anyway.
-	*** Unsecurable, doesn't trip MCB anyway
-
-
-		All secured by us, apart from:
-
-			- a.visualrevenue.com
-			- p.visualrevenue.com
-			- t.visualrevenue.com
-
-		for which no secure equivalents have been found.
-		Being web bugs, do we really care about these
-		being blocked?
-
+	Problematic computerworld.com subdomains:
+		- events (works; mismatched, CN: *.eiseverywhere.com)
+
+	Timeout was reached:
+		- avail.computerworld.com
+		- cw.computerworld.com
+		- cwbmgt02.computerworld.com
+		- cwbweb01.computerworld.com
+		- cwbweb02.computerworld.com
+		- cwfbes.computerworld.com
+		- cwfeventsweb.computerworld.com
+		- cwfsmtp.computerworld.com
+		- cwfsmtp2.computerworld.com
+		- cwflyris.computerworld.com
+		- cwonline.computerworld.com
+		- cwresources.computerworld.com
+		- focus.computerworld.com
+		- ftp1.computerworld.com
+		- marketing.computerworld.com
+		- prototype.computerworld.com
+		- reg.computerworld.com
+		- spesftp.computerworld.com
+		- store.computerworld.com
+		- survey.computerworld.com
+		- webreg.computerworld.com
+		- zones.computerworld.com
 -->
-<ruleset name="ComputerWorld (partial)" platform="mixedcontent">
-
+<ruleset name="ComputerWorld">
 	<target host="computerworld.com" />
-	<target host="*.computerworld.com" />
-	<target host="computerworld.com.edgesuite.net" />
-
-
-	<!--securecookie host="^\.computerworld\.com$" name="^(idglg_ref_domain|mobify|s_pers|s_sess|__vr[flmuy]|__vrid)$" /-->
-	<securecookie host="^\.computerworld\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?computerworld\.com/"
-		to="https://www.computerworld.com/"/>
+	<target host="www.computerworld.com" />
+	<target host="blogs.computerworld.com" />
+	<target host="events.computerworld.com" />
+	<target host="feeds.computerworld.com" />
+	<target host="itfinance.computerworld.com" />
+	<target host="itgovernment.computerworld.com" />
+	<target host="itreports.computerworld.com" />
+	<target host="m.computerworld.com" />
+	<target host="masters.computerworld.com" />
+	<target host="mobile.computerworld.com" />
+	<target host="resources.computerworld.com" />
+	<target host="solutioncenters.computerworld.com" />
+
+	<target host="computerworlduk.com" />
+	<target host="www.computerworlduk.com" />
+	<target host="cdn1.computerworlduk.com" />
+	<target host="cdn2.computerworlduk.com" />
+	<target host="cdn3.computerworlduk.com" />
+	<target host="cdn4.computerworlduk.com" />
+
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http://events\.computerworld\.com/"
-		to="https://eiseverywhere.com/ehome/Computerworld/" />
-
-	<rule from="^http://itjobs\.computerworld\.com/"
-		to="https://computerworld.jobamatic.com/" />
-
-	<rule from="^http://m\.computerworld\.com/mobify/"
-		to="https://computerworld.mobify.com/mobify/" />
-
-	<rule from="^http://computerworld\.com\.edgesuite\.net/"
-		to="https://a248.e.akamai.net/f/335/1/g/computerworld.com.edgesuite.net/" />
+			to="https://eiseverywhere.com/ehome/Computerworld/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Computer_Fulfillment.xml b/src/chrome/content/rules/Computer_Fulfillment.xml
index 577ba527d3c5..d430cbb5e4e4 100644
--- a/src/chrome/content/rules/Computer_Fulfillment.xml
+++ b/src/chrome/content/rules/Computer_Fulfillment.xml
@@ -1,10 +1,17 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://computerfulfillment.com/ => https://www.computerfulfillment.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.computerfulfillment.com/ => https://www.computerfulfillment.com/: (28, 'Connection timed out after 20000 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://computerfulfillment.com/ => https://www.computerfulfillment.com/: (28, 'Operation timed out after 14005 milliseconds with 58074 out of 73567 bytes received')
 	Problematic subdomains:
 
 		- ^	(cert only matches www)
 
 -->
-<ruleset name="Computer Fulfillment">
+<ruleset name="Computer Fulfillment" default_off="failed ruleset test">
 
 	<target host="computerfulfillment.com" />
 	<target host="www.computerfulfillment.com" />
@@ -13,4 +20,4 @@
 	<rule from="^http://(?:www\.)?computerfulfillment\.com/"
 		to="https://www.computerfulfillment.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Computer_Lab_Solutions.xml b/src/chrome/content/rules/Computer_Lab_Solutions.xml
index d16e5a067b83..66a3096731c8 100644
--- a/src/chrome/content/rules/Computer_Lab_Solutions.xml
+++ b/src/chrome/content/rules/Computer_Lab_Solutions.xml
@@ -16,7 +16,7 @@
 	<securecookie host="^computerlabsolutions\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?computerlabsolutions\.com/"
+	<rule from="^http://(?:www\.)?computerlabsolutions\.com/"
 		to="https://computerlabsolutions.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Computer_Libya.xml b/src/chrome/content/rules/Computer_Libya.xml
deleted file mode 100644
index 91a833f0ffec..000000000000
--- a/src/chrome/content/rules/Computer_Libya.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Computer Libya">
-
-	<target host="computer.ly" />
-	<target host="*.computer.ly" />
-
-
-	<securecookie host=".*\.computer\.ly$" name=".+" />
-
-
-	<rule from="^http://(www\.)?computer\.ly/"
-		to="https://$1computer.ly/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Computerbasedmath.org.xml b/src/chrome/content/rules/Computerbasedmath.org.xml
new file mode 100644
index 000000000000..84ac4fa878cd
--- /dev/null
+++ b/src/chrome/content/rules/Computerbasedmath.org.xml
@@ -0,0 +1,6 @@
+<ruleset name="Computerbasedmath.org">
+  <target host="computerbasedmath.org" />
+  <target host="www.computerbasedmath.org" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ComputersnYou.com.xml b/src/chrome/content/rules/ComputersnYou.com.xml
new file mode 100644
index 000000000000..b9fb53335398
--- /dev/null
+++ b/src/chrome/content/rules/ComputersnYou.com.xml
@@ -0,0 +1,40 @@
+<!--
+	NB: Tor users cannot view* this website due to CloudFlare settings.
+
+	See:
+
+		- https://blog.torproject.org/blog/call-arms-helping-internet-services-accept-anonymous-users
+		- https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block-Tor-
+		- https://support.cloudflare.com/hc/en-us/articles/200170206-How-do-I-turn-I-m-Under-Attack-mode-on-
+
+	* without enabling javascript, for security and privacy implications see e.g.:
+
+		- https://www.mozilla.org/security/known-vulnerabilities/firefox.html
+		- https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-fingerprinting
+		- https://panopticlick.eff.org
+
+
+	Insecure cookies are set for these domains:
+
+		- .computersnyou.com
+
+-->
+<ruleset name="ComputersnYou.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="computersnyou.com" />
+	<target host="www.computersnyou.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.computersnyou\.com$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Computeruniverse.xml b/src/chrome/content/rules/Computeruniverse.xml
index 050100b09acf..f2b36ba8f104 100644
--- a/src/chrome/content/rules/Computeruniverse.xml
+++ b/src/chrome/content/rules/Computeruniverse.xml
@@ -1,4 +1,6 @@
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://computeruniverse.net/ => https://www.computeruniverse.net/: Cycle detected - URL already encountered: https://www.computeruniverse.net/default.asp
 	CDN buckets:
 
 		- d1v2g9pf7uhyzn.cloudfront.net
@@ -23,10 +25,10 @@
 
 	<!--	Cert doesn't match !www.
 						-->
-	<rule from="^https?://computeruniverse\.net/"
+	<rule from="^http://computeruniverse\.net/"
 		to="https://www.computeruniverse.net/" />
 
 	<rule from="^http://(\w+)\.computeruniverse\.net/"
 		to="https://$1.computeruniverse.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Computerworld.ch.xml b/src/chrome/content/rules/Computerworld.ch.xml
new file mode 100644
index 000000000000..a507b8fad90f
--- /dev/null
+++ b/src/chrome/content/rules/Computerworld.ch.xml
@@ -0,0 +1,11 @@
+<!--
+	Refused:
+		epaper2.computerworld.ch
+-->
+<ruleset name="Computerworld.ch" platform="mixedcontent">
+	<target host="computerworld.ch" />
+	<target host="www.computerworld.ch" />
+	<target host="pr.computerworld.ch" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Compuware.xml b/src/chrome/content/rules/Compuware.xml
index 368d8c1f679a..fd64af8cc2f4 100644
--- a/src/chrome/content/rules/Compuware.xml
+++ b/src/chrome/content/rules/Compuware.xml
@@ -1,26 +1,30 @@
 <!--
 	Other Compuware rulesets:
 
+		- Compuware_APM.com.xml
 		- Compuware_Gomez.xml
 		- Covisint.xml
 		- DynaTrace.xml
 
 
-	Nonfunctional:
+	Nonfunctional hosts in *compuware.com:
 
-		- investor.compuware.com	(cert: *.shareholder.com; 404, 403)
+		- investor ¹
+		- www ²
+
+	¹ Shareholder
+	² Shows default page
 
 
 	dq2gduua6ulhc.cloudfront.net
 
 -->
-<ruleset name="Compuware (partial)" platform="mixedcontent">
+<ruleset name="Compuware.com (partial)" default_off="expired, mismatched">
 
 	<target host="compuware.com" />
-	<target host="www.compuware.com" />
 
 
-	<rule from="^http://(www\.)?compuware\.com/"
-		to="https://$1compuware.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Compuware_APM.com.xml b/src/chrome/content/rules/Compuware_APM.com.xml
new file mode 100644
index 000000000000..62fec8504132
--- /dev/null
+++ b/src/chrome/content/rules/Compuware_APM.com.xml
@@ -0,0 +1,25 @@
+<!--
+	For other Compuware coverage, see Compuware.xml.
+
+
+	Insecure cookies are set for these domains:
+
+		- .compuwareapm.com
+
+-->
+<ruleset name="Compuware APM.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="community.compuwareapm.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.compuwareapm\.com$" name="^(?:AMAuthCookie|amlbcookie)$" /-->
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Compuware_Gomez.xml b/src/chrome/content/rules/Compuware_Gomez.xml
index f0cfd50b557a..67ebfe63a095 100644
--- a/src/chrome/content/rules/Compuware_Gomez.xml
+++ b/src/chrome/content/rules/Compuware_Gomez.xml
@@ -1,4 +1,12 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://gomez.com/ => https://www.gomez.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.gomez.com'")
+Fetch error: http://www.gomez.com/ => https://www.gomez.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.gomez.com'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://gomez.com/ => https://www.gomez.com/: (28, 'Connection timed out after 10001 milliseconds')
+Fetch error: http://www.gomez.com/ => https://www.gomez.com/: (28, 'Connection timed out after 10001 milliseconds')
 	For other Compuware coverage, see Compuware.xml.
 
 
@@ -7,7 +15,7 @@
 		- ^gomez.com	(expired, self-signed)
 
 -->
-<ruleset name="Compuware Gomez">
+<ruleset name="Compuware Gomez" default_off="failed ruleset test">
 
 	<target host="*.r.axf8.net" />
 	<target host="gomez.com" />
@@ -20,7 +28,7 @@
 	<rule from="^http://(\w+)\.r\.axf8\.net/"
 		to="https://$1.r.axf8.net/" />
 
-	<rule from="^https?://(?:www\.)?gomez\.com/"
+	<rule from="^http://(?:www\.)?gomez\.com/"
 		to="https://www.gomez.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Comsecuris.com.xml b/src/chrome/content/rules/Comsecuris.com.xml
new file mode 100644
index 000000000000..568b4928ed5a
--- /dev/null
+++ b/src/chrome/content/rules/Comsecuris.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="Comsecuris.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="comsecuris.com" />
+	<target host="www.comsecuris.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Comunio.de.xml b/src/chrome/content/rules/Comunio.de.xml
new file mode 100644
index 000000000000..0aca484823c0
--- /dev/null
+++ b/src/chrome/content/rules/Comunio.de.xml
@@ -0,0 +1,47 @@
+<!--
+	Chain issues:
+		- dev[1-7]
+		- jenkins
+		- staging-api
+		- staging
+
+	Cert expired:
+		- twiki
+
+	Cert mismatch:
+		- a
+		- core
+		- m
+		- m2
+		- testshop
+		- wap
+
+	TLS error:
+		- backup
+		- lb1
+		- lb2
+-->
+<ruleset name="Comunio.de">
+	<target host="comunio.de" />
+	<target host="www.comunio.de" />
+
+	<target host="ads.comunio.de" />
+	<target host="analytics.comunio.de" />
+	<target host="api.comunio.de" />
+	<target host="beta.comunio.de" />
+	<target host="blog.comunio.de" />
+	<target host="classic.comunio.de" />
+	<target host="comduo.comunio.de" />
+	<target host="mail.comunio.de" />
+	<target host="mail2.comunio.de" />
+	<target host="rpc.comunio.de" />
+	<target host="shop.comunio.de" />
+	<target host="stats.comduo.comunio.de" />
+	<target host="stats.comunio.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Comviq.se.xml b/src/chrome/content/rules/Comviq.se.xml
index f54faa32ad90..6aa2f2ced077 100644
--- a/src/chrome/content/rules/Comviq.se.xml
+++ b/src/chrome/content/rules/Comviq.se.xml
@@ -2,7 +2,6 @@
 <ruleset name="Comviq.se">
 	<target host="comviq.se" />
 	<target host="www.comviq.se" />
-	<rule from="^http://comviq\.se/" to="https://comviq.se/"/>
-	<rule from="^http://www\.comviq\.se/" to="https://www.comviq.se/"/>
+	<rule from="^http:" to="https:" />
 </ruleset>
 
diff --git a/src/chrome/content/rules/Con-tech.de.xml b/src/chrome/content/rules/Con-tech.de.xml
index 366022db11e9..0ac68a23dea9 100644
--- a/src/chrome/content/rules/Con-tech.de.xml
+++ b/src/chrome/content/rules/Con-tech.de.xml
@@ -1,4 +1,10 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ct-cds.con-tech.de/ => https://ct-cds.con-tech.de/: (7, 'Failed to connect to ct-cds.con-tech.de port 443: Connection refused')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://ct-cds.con-tech.de/ => https://ct-cds.con-tech.de/: (7, 'Failed to connect to ct-cds.con-tech.de port 443: Connection refused')
 	Nonfunctional subdomains:
 
 		- stat01	(refused)
@@ -9,7 +15,7 @@
 		- stat02	(works; expired 2012-03-01, self-signed, CN: Parallels Panel)
 
 -->
-<ruleset name="con-tech.de (partial)">
+<ruleset name="con-tech.de (partial)" default_off="failed ruleset test">
 
 	<target host="ct-cds.con-tech.de" />
 
@@ -17,7 +23,6 @@
 	<securecookie host="^ct-cds\.con-tech\.de$" name=".+" />
 
 
-	<rule from="^http://ct-cds\.con-tech\.de/"
-		to="https://ct-cds.con-tech.de/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ConSecur.xml b/src/chrome/content/rules/ConSecur.xml
index e39015a53867..1b118d4d2490 100644
--- a/src/chrome/content/rules/ConSecur.xml
+++ b/src/chrome/content/rules/ConSecur.xml
@@ -13,7 +13,6 @@
 	<securecookie host="^www\.consecur\.de$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?consecur\.de/"
-		to="https://www.consecur.de/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Concrete5.xml b/src/chrome/content/rules/Concrete5.xml
index 88fe5a910bba..ab78d56ebeb0 100644
--- a/src/chrome/content/rules/Concrete5.xml
+++ b/src/chrome/content/rules/Concrete5.xml
@@ -13,7 +13,6 @@
 	<securecookie host="^(?:www\.)?concrete5\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?concrete5\.org/"
-		to="https://$1concrete5.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ConcreteConstruction.net.xml b/src/chrome/content/rules/ConcreteConstruction.net.xml
new file mode 100644
index 000000000000..2ecb8c7bd325
--- /dev/null
+++ b/src/chrome/content/rules/ConcreteConstruction.net.xml
@@ -0,0 +1,14 @@
+<!--
+	TLS protocol error:
+		- concreteconstruction.net, equivalent to www.concreteconstruction.net
+-->
+
+<ruleset name="ConcreteConstruction.net">
+	<target host="concreteconstruction.net" />
+	<target host="www.concreteconstruction.net" />
+
+	<rule from="^http://concreteconstruction\.net/"
+		to="https://www.concreteconstruction.net/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Concur.com.xml b/src/chrome/content/rules/Concur.com.xml
new file mode 100644
index 000000000000..04eacb1d18f2
--- /dev/null
+++ b/src/chrome/content/rules/Concur.com.xml
@@ -0,0 +1,33 @@
+<!--
+	assets, fusion, and www: server is configured for rc4 only.
+
+
+	Fully covered subdomains:
+
+		- (www.)
+		- assets
+		- developer
+		- fusion
+
+-->
+<ruleset name="Concur.com">
+
+	<target host="concur.com" />
+	<target host="assets.concur.com" />
+	<target host="developer.concur.com" />
+	<target host="fusion.concur.com" />
+	<target host="www.concur.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^concur\.com$" name="^BIGipServerwww\.concur\.com$" /-->
+	<!--securecookie host="^developer\.concur\.com$" name="^BIGipServerdeveloper\.concur\.com$" /-->
+	<!--securecookie host="^\.developer\.concur\.com$" name="^SESS[0-9a-f]{32}$" /-->
+
+	<securecookie host="^(?:\.?developer\.)?concur\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Conde-Nast-mismatches.xml b/src/chrome/content/rules/Conde-Nast-mismatches.xml
index cbe1a5d1e017..711298c29a96 100644
--- a/src/chrome/content/rules/Conde-Nast-mismatches.xml
+++ b/src/chrome/content/rules/Conde-Nast-mismatches.xml
@@ -4,9 +4,6 @@
 -->
 <ruleset name="Condé Nast (mismatches)" default_off="expired, mismatch, self-signed">
 
-	<target host="allure.com" />
-	<target host="*.allure.com" />
-	<target host="jobs.arstechnica.com" />
 	<target host="thumbnailer.thestudio.condenast.com" />
 	<!--
 		Expired.
@@ -16,56 +13,26 @@
 	<target host="blog.details.com" />
 	<target host="golfdigestschool.com" />
 	<target host="www.golfdigestschool.com" />
-	<target host="vanityfair.com" />
-	<target host="www.vanityfair.com" />
 	<target host="vf.com" />
 	<target host="www.vf.com" />
 
 
-	<securecookie host="^designcentersearch\.com$" name=".*" />
-
-
-	<!--	!www doesn't work.
-				-->
-	<rule from="^https?://allure\.com/"
-		to="https://www.allure.com/" />
-
-	<!--	- Akamai
-		- At least some pages redirect to http
-							-->
-	<rule from="^http://www\.allure\.com/(cs|image)s/"
-		to="https://www.allure.com/$1s/" />
-
-	<!--	Self-signed.
-					-->
-	<rule from="^http://blog\.allure\.com/"
-		to="https://blog.allure.com/" />
-
-	<rule from="^http://jobs\.arstechnica\.com/"
-		to="https://jobs.arstechnica.com/" />
+	<securecookie host="^designcentersearch\.com$" name=".+" />
 
 	<!--	Akamai.
 				-->
 	<rule from="^http://thumbnailer\.thestudio\.condenast\.com/"
 		to="https://thumbnailer.thestudio.condenast.com/" />
 
-	<rule from="^https?://(?:www\.)?designcentersearch.com/"
+	<rule from="^http://(?:www\.)?designcentersearch\.com/"
 		to="https://designcentersearch.com/" />
 
 	<rule from="^http://blog\.details\.com/"
 		to="https://blog.details.com/" />
 
-	<rule from="^https?://(?:www\.)?golfdigestschool\.com/"
+	<rule from="^http://(?:www\.)?golfdigestschool\.com/"
 		to="https://www.golfdigestschool.com/" />
 
-	<!--	Condé Nast cert matches www.vanityfair.com
-		and stag.vanityfair.com, so presumably
-		support is forthcoming.
-							-->
-	<rule from="^https?://(?:www\.)?v(?:anityfair|f)\.com/"
-		to="https://www.vanityfair.com/" />
-
-	<rule from="^http://stag\.vanityfair\.com/"
-		to="https://stag.vanityfair.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Conde-Nast.xml b/src/chrome/content/rules/Conde-Nast.xml
index 62053347a299..f102612d09dd 100644
--- a/src/chrome/content/rules/Conde-Nast.xml
+++ b/src/chrome/content/rules/Conde-Nast.xml
@@ -4,16 +4,21 @@
 
 	Other Condé Nast rulesets:
 
-		- Ars-Technica.xml
+		- ArsTechnica.co.uk.xml
+		- ArsTechnica.com.xml
+		- ArsTechnica.net.xml
+		- Conde_Nast_Digital.com.xml
 		- Conde_Nast_Traveler.xml
+		- Conde_Nast_store.com.xml
+		- Condenet.com.xml
 		- Details.xml
-		- Golf_Digest.xml
 		- GQ.xml
-		- Redd.it.xml
-		- Reddit.xml
+		- Golf_Digest.xml
+		- Style.com.xml
 		- The-New-Yorker.xml
 		- Vanity-Fair.xml
-		- Wired.xml
+		- Wired.com.xml
+		- wired.co.uk.xml
 
 
 	webmonkey.com is hosted on Akamai.
@@ -21,29 +26,12 @@
 
 	CDN buckets:
 
-		- s3.amazonaws.com/img.condenast.co.uk/	| dvcpqzrjfwvhx.cloudfront.net	
-			- aws permanently redirects.
-
-		- dg9g3lm9lsog5.cloudfront.net
-
-			- cnda.condenast.co.uk
-
-		- dvcpqzrjfwvhx.cloudfront.net
-
-			- cdni.condenast.co.uk
-
 		- fonts.condenast.com.edgekey.net
 		- thumbnailer.thestudio.condenast.com.edgesuite.net
 		- www.condenast.com.edgekey.net
 		- www.webmonkey.com.edgesuite.net
 
 
-	Problematic subdomains:
-
-		- cdni.condenast.co.uk		(mismatched, 403 when rewritten to dvcpqzrjfwvhx.cloudfront.net)
-		- cnda.condenast.co.uk		(mismatched, CN: *.cloudfront.net)
-
-
 	Nonfunctional:
 
 
@@ -53,40 +41,17 @@
 		- arst.ch				(cert: api.arstechnica.net; shows that domain's data)
 		- images1.designcentersearch.com	(times out; data aren't on www)
 		- (www.)shopad.net			(cert: designcentersearch.com; shows that domain's data)
-		- style.com:
-			- /
-			- www				(Akamai; 503)
-				- origin, origin-www, secure, www2 don't exist
 		- www.webmonkey.com			(Akamai; 503)
 
 -->
-<ruleset name="Condé Nast (partial)">
+<ruleset name="Conde Nast.com (partial)">
 
 	<target host="condenast.com" />
-	<target host="*.condenast.com" />
-	<target host="*.condenast.co.uk" />
-	<target host="subscribe.condenastdigital.com" />
-	<target host="condenaststore.com" />
-	<target host="www.condenaststore.com" />
-	<target host="subscribe.condenet.com" />
-
-
-	<rule from="^https?://(?:www\.)?condenast\.com/"
-		to="https://www.condenast.com/" />
-
-	<rule from="^http://fonts\.condenast\.com/"
-		to="https://fonts.condenast.com/" />
-
-	<rule from="^https?://cdni\.condenast\.co\.uk/"
-		to="https://s3-eu-west-1.amazonaws.com/img.condenast.co.uk/" />
-
-	<rule from="^https?://cnda\.condenast\.co\.uk/"
-		to="https://dg9g3lm9lsog5.cloudfront.net/" />
+	<target host="www.condenast.com" />
+	<target host="fonts.condenast.com" />
 
-	<rule from="^https?://(?:www\.)?condenaststore\.com/"
-		to="https://www.condenaststore.com/" />
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://subscribe\.conden(astdigital|et)\.com/"
-		to="https://subscribe.conden$1.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Conde_Nast_Digital.com.xml b/src/chrome/content/rules/Conde_Nast_Digital.com.xml
new file mode 100644
index 000000000000..1d88343e8cd1
--- /dev/null
+++ b/src/chrome/content/rules/Conde_Nast_Digital.com.xml
@@ -0,0 +1,76 @@
+<!--
+	For problematic rules, see Conde-Nast-mismatches.xml.
+
+	Cert mismatch:
+		- ams.condenastdigital.com
+		- edg-assets.condenastdigital.com
+		- enterpriseenrollment.condenastdigital.com
+		- lyncdiscover.condenastdigital.com
+		- msoid.condenastdigital.com
+		- proposalawards.condenastdigital.com
+		- origin.condenastdigital.com
+		- services.condenastdigital.com
+		- sip.condenastdigital.com
+		- stats.condenastdigital.com
+		- origin.www.condenastdigital.com
+
+	Chain issues:
+		- ads.condenastdigital.com
+
+	Connection refused:
+		- cms2.condenastdigital.com
+		- cs.condenastdigital.com
+		- mediaflow.condenastdigital.com
+		- platform-admin.condenastdigital.com
+		- social.condenastdigital.com
+		- aws.condenastdigital.com
+	Self-signed cert:
+		- post.update.condenastdigital.com
+		- s.update.condenastdigital.com
+		- t.update.condenastdigital.com
+
+	Timeout:
+		- inet.mail.condenastdigital.com
+		- pm.condenastdigital.com
+-->
+<ruleset name="Conde Nast Digital.com (partial)">
+
+	<target host="www.condenastdigital.com" />
+
+	<target host="4d.condenastdigital.com" />
+	<target host="account.condenastdigital.com" />
+	<target host="admin.condenastdigital.com" />
+	<target host="capture.condenastdigital.com" />
+	<target host="cnads.condenastdigital.com" />
+	<target host="cnee.condenastdigital.com" />
+	<target host="cnid.condenastdigital.com" />
+	<target host="cns.condenastdigital.com" />
+	<target host="cst.condenastdigital.com" />
+	<target host="dolphin.condenastdigital.com" />
+	<target host="event.condenastdigital.com" />
+	<target host="infinityid.condenastdigital.com" />
+	<target host="media.condenastdigital.com" />
+	<target host="mobile.condenastdigital.com" />
+	<target host="pixel-ci.condenastdigital.com" />
+	<target host="pixel.condenastdigital.com" />
+	<target host="recommendations.condenastdigital.com" />
+	<target host="redirects.condenastdigital.com" />
+	<target host="result.condenastdigital.com" />
+	<target host="stag-cnads.condenastdigital.com" />
+	<target host="stag-cnee.condenastdigital.com" />
+	<target host="stag-cnid.condenastdigital.com" />
+	<target host="stag-event.condenastdigital.com" />
+	<target host="stag-user-service.condenastdigital.com" />
+	<target host="stag.condenastdigital.com" />
+	<target host="static.condenastdigital.com" />
+	<target host="subscribe.condenastdigital.com" />
+	<target host="swa.condenastdigital.com" />
+	<target host="user-service.condenastdigital.com" />
+	<target host="vulcan.condenastdigital.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
+
+
diff --git a/src/chrome/content/rules/Conde_Nast_Traveler-problematic.xml b/src/chrome/content/rules/Conde_Nast_Traveler-problematic.xml
index 9cf6b8f400f5..5e363b14b8e1 100644
--- a/src/chrome/content/rules/Conde_Nast_Traveler-problematic.xml
+++ b/src/chrome/content/rules/Conde_Nast_Traveler-problematic.xml
@@ -23,4 +23,4 @@
 	<rule from="^http://stag\.cntraveler\.com/"
 		to="https://stag.cntraveler.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Conde_Nast_Traveler.xml b/src/chrome/content/rules/Conde_Nast_Traveler.xml
index 1c07a0156a83..782df38563b7 100644
--- a/src/chrome/content/rules/Conde_Nast_Traveler.xml
+++ b/src/chrome/content/rules/Conde_Nast_Traveler.xml
@@ -29,7 +29,8 @@
 -->
 <ruleset name="Condé Nast Traveler (partial)">
 
-	<target host="*.cntraveler.com" />
+	<target host="secure.cntraveler.com" />
+	<target host="stats2.cntraveler.com" />
 
 
 	<!--	Omniture tracking cookies:
@@ -37,10 +38,9 @@
 	<securecookie host="^\.cntraveler\.com$" name="^s_\w+$" />
 
 
-	<rule from="^http://secure\.cntraveler\.com/"
-		to="https://secure.cntraveler.com/" />
 
 	<rule from="^http://stats2\.cntraveler\.com/"
 		to="https://condenast.112.2o7.net/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Conde_Nast_store.com.xml b/src/chrome/content/rules/Conde_Nast_store.com.xml
new file mode 100644
index 000000000000..89493d1a5572
--- /dev/null
+++ b/src/chrome/content/rules/Conde_Nast_store.com.xml
@@ -0,0 +1,37 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.condenaststore.com/ => https://www.condenaststore.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.condenaststore.com'")
+Fetch error: http://condenaststore.com/ => https://www.condenaststore.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.condenaststore.com'")
+
+	For problematic rules, see Conde-Nast-mismatches.xml.
+
+
+	Mixed content:
+
+		- Images, from:
+
+			- imagecache2.allposters.com *
+			- cache1.allpostersimages.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Conde Nast store.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.condenaststore.com" />
+
+	<!--	Complications:
+				-->
+	<target host="condenaststore.com" />
+
+
+	<rule from="^http://condenaststore\.com/"
+		to="https://www.condenaststore.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Condenet.com.xml b/src/chrome/content/rules/Condenet.com.xml
new file mode 100644
index 000000000000..ac351acc8fa1
--- /dev/null
+++ b/src/chrome/content/rules/Condenet.com.xml
@@ -0,0 +1,25 @@
+<!--
+	For other Condé Nast coverage, see Conde-Nast.xml.
+
+
+	^condenet.com: Dropped
+	www.condenet.com: 408, Akamai
+
+
+	Mixed content:
+
+		- Image on subscribe from www.adobe.com *
+		- Bug on subscribe from condenast.112.2o7.net *
+
+	* Secured by us
+		-
+-->
+<ruleset name="Condenet.com (partial)">
+
+	<target host="subscribe.condenet.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Condesa.xml b/src/chrome/content/rules/Condesa.xml
index d72fef18f9a7..24757bb0c76f 100644
--- a/src/chrome/content/rules/Condesa.xml
+++ b/src/chrome/content/rules/Condesa.xml
@@ -1,4 +1,4 @@
-<!--	!functional:
+<!--
 		- (www.)condesainc.com
 		- (www.)prleap.com	(cert: secure.prleap.com; shows that domain's data)
 -->
@@ -6,7 +6,6 @@
 
 	<target host="secure.prleap.com"/>
 
-	<rule from="^http://secure\.prleap\.com/"
-		to="https://secure.prleap.com/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Condominiums_for_Everyone.xml b/src/chrome/content/rules/Condominiums_for_Everyone.xml
index 6ad776e9015d..370593e2d049 100644
--- a/src/chrome/content/rules/Condominiums_for_Everyone.xml
+++ b/src/chrome/content/rules/Condominiums_for_Everyone.xml
@@ -1,17 +1,23 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://condosforeveryone.com/ => https://www.condosforeveryone.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://condosforeveryone.com/ => https://www.condosforeveryone.com/: (60, 'SSL certificate problem: self signed certificate')
 	!www times out.
 
 -->
-<ruleset name="Condominiums for Everyone">
+<ruleset name="Condominiums for Everyone" default_off="failed ruleset test">
 
 	<target host="condosforeveryone.com" />
-	<target host="*.condosforeveryone.com" />
+	<target host="www.condosforeveryone.com" />
 
 
 	<securecookie host="^\.condosforeveryone\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?condosforeveryone\.com/"
+	<rule from="^http://(?:www\.)?condosforeveryone\.com/"
 		to="https://www.condosforeveryone.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Condor.com.xml b/src/chrome/content/rules/Condor.com.xml
new file mode 100644
index 000000000000..d19a99b644e8
--- /dev/null
+++ b/src/chrome/content/rules/Condor.com.xml
@@ -0,0 +1,15 @@
+<ruleset name="Condor.com">
+  <target host=    "condor.com" />
+  <target host="www.condor.com" />
+  <target host=    "condor.de"  />
+  <target host="www.condor.de"  />
+
+  <securecookie host="^(www\.)?condor\.com$" name=".+" />
+
+  <!-- condor.com, condor.de, www.condor.de: certificate mismatch, CN=*.condor.com -->
+  <rule from="^http://condor\.com/"     to="https://www.condor.com/" />
+  <rule from="^http://condor\.de/"      to="https://www.condor.com/" />
+  <rule from="^http://www\.condor\.de/" to="https://www.condor.com/" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Conduit-data.com.xml b/src/chrome/content/rules/Conduit-data.com.xml
index dd3818adc995..00aaa0080b07 100644
--- a/src/chrome/content/rules/Conduit-data.com.xml
+++ b/src/chrome/content/rules/Conduit-data.com.xml
@@ -23,4 +23,4 @@
 	<rule from="^http://([\w-]+)\.conduit-data\.com/"
 		to="https://$1.conduit-data.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Conduit-problematic.xml b/src/chrome/content/rules/Conduit-problematic.xml
index 4c2e3e9d0c92..c701640b6455 100644
--- a/src/chrome/content/rules/Conduit-problematic.xml
+++ b/src/chrome/content/rules/Conduit-problematic.xml
@@ -2,12 +2,11 @@
 	For rules that are on by default, see Conduit.xml.
 
 -->
-<ruleset name="Conduit (problematic)" default_off="mismatch">
+<ruleset name="Conduit (problematic)" default_off="mismatched">
 
 	<target host="developers.mobile.conduit.com" />
 
 
-	<rule from="^http://developers\.mobile\.conduit\.com/"
-		to="https://developers.mobile.conduit.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Conduit.xml b/src/chrome/content/rules/Conduit.xml
index 20ccd81d69da..d1ba48ddc939 100644
--- a/src/chrome/content/rules/Conduit.xml
+++ b/src/chrome/content/rules/Conduit.xml
@@ -1,4 +1,10 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://conduit.com/ => https://conduit.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://conduit.com/ => https://conduit.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 	For problematic rules, see Conduit-problematic.xml.
 
 
@@ -15,17 +21,48 @@
 			- mobile	(ditto)
 			- wibiya
 
+
+	Fully covered subdomains:
+
+		- (www.)
+		- accounts
+		- api
+		- my
+		- sso
+		- storage
+		- toolbar
+
+
+	Mixed content:
+
+		- Ads/bugs, on:
+
+			- www from googleads.g.doubleclick.net ¹
+			- www from www.googleadservices.com ¹
+			- www from www.googletagmanager.com ²
+
+	¹ Rule disabled by default
+	² Secured by us
+
 -->
-<ruleset name="Conduit (partial)">
+<ruleset name="Conduit (partial)" default_off="failed ruleset test">
 
 	<target host="conduit.com" />
-	<target host="*.conduit.com" />
+	<target host="api.conduit.com" />
+	<target host="accounts.conduit.com" />
+	<target host="my.conduit.com" />
+	<target host="sso.conduit.com" />
+	<target host="storage.conduit.com" />
+	<target host="toolbar.conduit.com" />
+	<target host="www.conduit.com" />
+	<target host="mobilecp.conduit.com" />
+	<target host="mobilesupport.conduit.com" />
 
 
 	<securecookie host="^.*\.conduit\.com$" name=".+" />
 
 
-	<rule from="^http://((?:api|accounts|sso|storage|toolbar|www)\.)?conduit\.com/"
+	<rule from="^http://((?:api|accounts|my|sso|storage|toolbar|www)\.)?conduit\.com/"
 		to="https://$1conduit.com/" />
 
 	<!--	At least some pages 301 to http.
diff --git a/src/chrome/content/rules/Conetix.com.au.xml b/src/chrome/content/rules/Conetix.com.au.xml
new file mode 100644
index 000000000000..a250afec2830
--- /dev/null
+++ b/src/chrome/content/rules/Conetix.com.au.xml
@@ -0,0 +1,13 @@
+<ruleset name="Conetix.com.au">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="conetix.com.au" />
+	<target host="admin.conetix.com.au" />
+	<target host="www.conetix.com.au" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Confederation_of_Danish_Industry.xml b/src/chrome/content/rules/Confederation_of_Danish_Industry.xml
index 0c4a5db7f0ae..27113940ee4d 100644
--- a/src/chrome/content/rules/Confederation_of_Danish_Industry.xml
+++ b/src/chrome/content/rules/Confederation_of_Danish_Industry.xml
@@ -1,20 +1,24 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://itek.di.dk/ (200) => https://itek.di.dk/ (503)
+
 	Problematic subdomains:
 
 		- (www.)	($ & sitecollectionimages/ 404)
 
 -->
-<ruleset name="Confederation of Danish Industry (partial)">
+<ruleset name="Confederation of Danish Industry (partial)" default_off="failed ruleset test">
 
 	<target host="di.dk" />
-	<target host="*.di.dk" />
+	<target host="itek.di.dk" />
+	<target host="www.di.dk" />
 		<exclusion pattern="^http://(?:www\.)?di\.dk/(?!_layouts/)" />
 
 
 	<securecookie host="^itek\.di\.dk$" name=".+" />
 
 
-	<rule from="^http://(itek\.|www\.)?di\.dk/"
-		to="https://$1di.dk/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Confex.com.xml b/src/chrome/content/rules/Confex.com.xml
new file mode 100644
index 000000000000..366be2762c83
--- /dev/null
+++ b/src/chrome/content/rules/Confex.com.xml
@@ -0,0 +1,21 @@
+<!--
+	Mixed content:
+
+		- css on (www.)? from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Confex.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="confex.com" />
+	<target host="share.confex.com" />
+	<target host="www.confex.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Confianza_Online.xml b/src/chrome/content/rules/Confianza_Online.xml
index c74b62182b9d..d3530aa9a1c7 100644
--- a/src/chrome/content/rules/Confianza_Online.xml
+++ b/src/chrome/content/rules/Confianza_Online.xml
@@ -1,17 +1,34 @@
 <!--
 	Cert only matches www.
 
+
+	Insecure cookies are set for these hosts:
+
+		- www.confianzaonline.es
+
 -->
-<ruleset name="Confianza Online">
+<ruleset name="Confianza Online.es">
 
+	<!--	Direct rewrites:
+				-->
+	<target host="www.confianzaonline.es" />
+
+	<!--	Complications:
+				-->
 	<target host="confianzaonline.es" />
-	<target host="*.confianzaonline.es" />
 
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.confianzaonline\.es$" name="^_icl_current_language$" /-->
+
 	<securecookie host="^\.?www\.confianzaonline\.es$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?confianzaonline\.es/"
+	<rule from="^http://confianzaonline\.es/"
 		to="https://www.confianzaonline.es/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Confidence.org.pl.xml b/src/chrome/content/rules/Confidence.org.pl.xml
new file mode 100644
index 000000000000..4216d1e6cd62
--- /dev/null
+++ b/src/chrome/content/rules/Confidence.org.pl.xml
@@ -0,0 +1,19 @@
+<!--
+	2014: cert only matches	(www.)
+
+-->
+<ruleset name="Confidence.org.pl (partial)" default_off="mismatched, self-signed">
+
+	<target host="confidence.org.pl" />
+	<target host="2014.confidence.org.pl" />
+	<target host="www.confidence.org.pl" />
+
+
+	<!--	Not secured by server:
+					-->
+	<securecookie host="^2014\.confidence\.org\.pl$" name="^qtrans_cookie_test$" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Confirmit.xml b/src/chrome/content/rules/Confirmit.xml
index f17e77e078ac..aecfaf63e30a 100644
--- a/src/chrome/content/rules/Confirmit.xml
+++ b/src/chrome/content/rules/Confirmit.xml
@@ -18,13 +18,22 @@
 <ruleset name="Confirmit">
 
 	<target host="confirmit.com" />
-	<target host="*.confirmit.com" />
+	<target host="author.confirmit.com" />
+	<target host="euro.confirmit.com" />
+	<target host="us.confirmit.com" />
+	<target host="cdn.euro.confirmit.com" />
+	<target host="cdn.us.confirmit.com" />
+	<target host="author.euro.confirmit.com" />
+	<target host="reportal.euro.confirmit.com" />
+	<target host="extranet.confirmit.com" />
+	<target host="reportal.us.confirmit.com" />
+	<target host="www.confirmit.com" />
+	<target host="www10.confirmit.com" />
 
 
-	<securecookie host="^(?:.*\.)?confirmit\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://((?:author|(?:cdn\.)?(?:euro|us)|(?:author|reportal)\.euro|extranet|reportal\.us|www|www10)\.)?confirmit\.com/"
-		to="https://$1confirmit.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Confirmsubscription.com.xml b/src/chrome/content/rules/Confirmsubscription.com.xml
new file mode 100644
index 000000000000..afdb9b2af47c
--- /dev/null
+++ b/src/chrome/content/rules/Confirmsubscription.com.xml
@@ -0,0 +1,22 @@
+<!--
+	www.confirmsubscription.com: Mismatched
+
+-->
+<ruleset name="confirmsubscription.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="confirmsubscription.com" />
+	<!--
+		Complications:
+				-->
+	<target host="www.confirmsubscription.com" />
+
+
+	<rule from="^http://www\.confirmsubscription\.com/"
+		to="https://confirmsubscription.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Conformal-Systems.xml b/src/chrome/content/rules/Conformal-Systems.xml
index 5ce405fdad75..d5e88137fd48 100644
--- a/src/chrome/content/rules/Conformal-Systems.xml
+++ b/src/chrome/content/rules/Conformal-Systems.xml
@@ -1,18 +1,36 @@
-<ruleset name="Conformal Systems">
 
-	<target host="conformal.com" />
-	<target host="*.conformal.com" />
-	<target host="cyphertite.com" />
-	<target host="www.cyphertite.com" />
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://conformal.com/ => https://conformal.com/: (6, 'Could not resolve host: conformal.com')
+Fetch error: http://opensource.conformal.com/ => https://opensource.conformal.com/: (6, 'Could not resolve host: opensource.conformal.com')
+Fetch error: http://www.conformal.com/ => https://www.conformal.com/: (6, 'Could not resolve host: www.conformal.com')
+
+	Other Conformal Systems rulesets:
+
+		- Cyphertite.com.xml
+
 
+	Fully covered hosts in *conformal.com:
+
+		- (www.)?
+		- blog
+		- opensource
+
+-->
+<ruleset name="Conformal.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="conformal.com" />
+	<target host="blog.conformal.com" />
+	<target host="opensource.conformal.com" />
+	<target host="www.conformal.com" />
 
-	<securecookie host="^(.*\.)?c(onformal|yphertite)\.com$" name=".*" />
 
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(www\.)?c(onformal|yphertite)\.com/"
-		to="https://$1c$2.com/" />
 
-	<rule from="^http://(blog|opensource)\.conformal\.com/"
-		to="https://$1.conformal.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Confused.com.xml b/src/chrome/content/rules/Confused.com.xml
index 851592305f93..df6d31e17888 100644
--- a/src/chrome/content/rules/Confused.com.xml
+++ b/src/chrome/content/rules/Confused.com.xml
@@ -16,10 +16,10 @@
 	<securecookie host="^secure\.confused\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?confused\.com/([\w-]+/~/|\w+/contact-us|~/)"
+	<rule from="^http://(?:www\.)?confused\.com/([\w-]+/~/|\w+/contact-us|~/)"
 		to="https://www.confused.com/$1" />
 
 	<rule from="^http://(content|my|secure)\.confused\.com/"
 		to="https://$1.confused.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Confuzzled.xml b/src/chrome/content/rules/Confuzzled.xml
index 2675d06d8a41..887c66fd08b8 100644
--- a/src/chrome/content/rules/Confuzzled.xml
+++ b/src/chrome/content/rules/Confuzzled.xml
@@ -3,8 +3,8 @@
   <target host="www.confuzzled.org.uk" />
   <target host="reg.confuzzled.org.uk" />
 
-  <securecookie host="^(www|reg|)\.confuzzled\.org\.uk$" name=".+" />
+  <securecookie host="^(?:www|reg|)\.confuzzled\.org\.uk$" name=".+" />
 
-  <rule from="^http://(www\.)?confuzzled\.org\.uk/" to="https://www.confuzzled.org.uk/" />
+  <rule from="^http://(?:www\.)?confuzzled\.org\.uk/" to="https://www.confuzzled.org.uk/" />
   <rule from="^http://reg\.confuzzled\.org\.uk/" to="https://reg.confuzzled.org.uk/" />
 </ruleset>
diff --git a/src/chrome/content/rules/Congress.gov.xml b/src/chrome/content/rules/Congress.gov.xml
new file mode 100644
index 000000000000..2000ccc0f016
--- /dev/null
+++ b/src/chrome/content/rules/Congress.gov.xml
@@ -0,0 +1,16 @@
+<!--
+
+-->
+<ruleset name="Congress.gov">
+
+	<target host="congress.gov" />
+	<target host="www.congress.gov" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Congstar-media.de.xml b/src/chrome/content/rules/Congstar-media.de.xml
new file mode 100644
index 000000000000..71256b031da8
--- /dev/null
+++ b/src/chrome/content/rules/Congstar-media.de.xml
@@ -0,0 +1,24 @@
+<!--
+	For other congstar coverage, see Congstar.xml.
+
+-->
+<ruleset name="congstar-media.de">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="media1.congstar-media.de" />
+	<target host="media2.congstar-media.de" />
+	<target host="media3.congstar-media.de" />
+	<target host="media4.congstar-media.de" />
+	<target host="media5.congstar-media.de" />
+	<target host="media6.congstar-media.de" />
+	<target host="media7.congstar-media.de" />
+	<target host="media8.congstar-media.de" />
+	<target host="media9.congstar-media.de" />
+	<target host="media10.congstar-media.de" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Congstar.xml b/src/chrome/content/rules/Congstar.xml
index decec290d894..c2c90254dd69 100644
--- a/src/chrome/content/rules/Congstar.xml
+++ b/src/chrome/content/rules/Congstar.xml
@@ -1,17 +1,70 @@
-<ruleset name="congstar">
+<!--
+	Other congstar rulesets:
+
+		- Congstar-media.de.xml
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- congstar.de
+		- .congstar.de
+		- freundewerben.congstar.de
+		- www.congstar.de
+		- .www.congstar.de
+
+
+	Mixed content:
+
+		- Bugs, on:
+
+			- freundewerben from congstar01.webtrekk.net *
+			- prepaid from cache.addthiscdn.com *
+
+	* Secured by us
+
+	No alternative certificate subject name matches target host name:
+		- adventskalender.congstar.de
+		- handyhilfe.congstar.de
+
+-->
+<ruleset name="congstar (partial)">
 
 	<target host="congstar.de" />
-	<target host="*.congstar.de" />
+	<target host="www.congstar.de" />
+	<target host="app.congstar.de" />
+	<target host="aufladefinder.congstar.de" />
+	<target host="banner.congstar.de" />
+	<target host="callback.congstar.de" />
+	<target host="chat.congstar.de" />
+	<target host="cms.congstar.de" />
+	<target host="freundewerben.congstar.de" />
+	<target host="gadgets.congstar.de" />
+	<target host="gewinnspiel.congstar.de" />
+	<target host="gluecksrad.congstar.de" />
+	<target host="jamobil.congstar.de" />
+	<target host="m.congstar.de" />
+	<target host="personalverkauf.congstar.de" />
+	<target host="prepaid.congstar.de" />
+	<target host="vertriebsportal.congstar.de" />
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="(?:www\.)?congstar\.de$" name="BIGipServer\w+$" /-->
+	<!--securecookie host="\.congstar\.de$" name="^XTCsid$" /-->
+	<!--securecookie host="^freundewerben\.congstar\.de$" name="^PHPSESSID$" /-->
+	<!--securecookie host="\.www\.congstar\.de$" name="(?:cookies_allowed|mobile_redirect)$" /-->
 
-	<securecookie host="^.*\.congstar\.de$" name=".*" />
+	<!--	A cookie appears to be read from a script for login
+		=> restricted cookie coverage.
 
+		(https://github.com/EFForg/https-everywhere/issues/1961)
+									-->
+	<securecookie host="(?:www\.)?congstar\.de$" name="BIGipServer\w+$" />
+	<!--securecookie host=".*\.congstar\.de$" name=".*" /-->
+	<securecookie host="^freundewerben\.congstar\.de$" name=".+" />
 
-	<!--	Cert only matches *.congstar.de.	-->
-	<rule from="^https?://(?:www\.)?congstar\.de/"
-		to="https://www.congstar.de/" />
 
-	<rule from="^http://(gewinnspiel|mgm)\.congstar\.de/"
-		to="https://$1.congstar.de/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/ConnMan.xml b/src/chrome/content/rules/ConnMan.xml
index 54d82561b47a..dc81cb8f783b 100644
--- a/src/chrome/content/rules/ConnMan.xml
+++ b/src/chrome/content/rules/ConnMan.xml
@@ -1,13 +1,21 @@
-<ruleset name="ConnMan">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://connman.net/ => https://connman.net/: (7, 'Failed to connect to connman.net port 443: Connection refused')
+Fetch error: http://www.connman.net/ => https://www.connman.net/: (7, 'Failed to connect to www.connman.net port 443: Connection refused')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://connman.net/ => https://connman.net/: (7, 'Failed to connect to connman.net port 443: Connection refused')
+-->
+<ruleset name="ConnMan" default_off="failed ruleset test">
 
 	<target host="connman.net" />
-	<target host="*.connman.net" />
+	<target host="www.connman.net" />
 
 
 	<securecookie host="^\.?connman\.net$" name=".+" />
 
 
-	<rule from="^http://(www\.)?connman\.net/"
-		to="https://$1connman.net/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Connect.gov.xml b/src/chrome/content/rules/Connect.gov.xml
new file mode 100644
index 000000000000..f42e086db225
--- /dev/null
+++ b/src/chrome/content/rules/Connect.gov.xml
@@ -0,0 +1,33 @@
+<!--
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.connect.gov
+
+
+	Mixed content:
+
+		- css from fonts.googleapis.com *
+		- Image from sites.usa.gov *
+
+	* Secured by us
+
+-->
+<ruleset name="Connect.gov (false MCB)" platform="mixedcontent">
+
+	<target host="connect.gov" />
+	<target host="www.connect.gov" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.connect\.gov$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Connect.me.xml b/src/chrome/content/rules/Connect.me.xml
index efe98459d048..a747c4d71908 100644
--- a/src/chrome/content/rules/Connect.me.xml
+++ b/src/chrome/content/rules/Connect.me.xml
@@ -1,6 +1,17 @@
 <ruleset name="Connect.me">
-  <target host="connect.me"/>
+
+	<!--	Complications:
+                  The domain connect.me is
+                  currently serving an incomplete
+                  certificate chain.
+				-->
   <target host="www.connect.me"/>
 
-  <rule from="^http://(www\.)?connect\.me/" to="https://connect.me/"/>
+
+	<!--	Redirect keeps path and args,
+		but not forward slash:
+					-->
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/Connect4Fitness.xml b/src/chrome/content/rules/Connect4Fitness.xml
deleted file mode 100644
index 2ef9e0e27c7f..000000000000
--- a/src/chrome/content/rules/Connect4Fitness.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Connect4Fitness">
-
-	<target host="connect4fitness.com" />
-	<target host="*.connect4fitness.com" />
-
-
-	<securecookie host="^(?:w*\.)?connect4fitness\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?connect4fitness\.com/"
-		to="https://$1connect4fitness.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/ConnectMyPhone.com.xml b/src/chrome/content/rules/ConnectMyPhone.com.xml
index c2b1dc5f8723..85e91f955878 100644
--- a/src/chrome/content/rules/ConnectMyPhone.com.xml
+++ b/src/chrome/content/rules/ConnectMyPhone.com.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(?:www\.)?connectmyphone\.com/"
 		to="https://connectmyphone.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ConnectiCon.org.xml b/src/chrome/content/rules/ConnectiCon.org.xml
index 7e9c10029973..8e9bd2277ff7 100644
--- a/src/chrome/content/rules/ConnectiCon.org.xml
+++ b/src/chrome/content/rules/ConnectiCon.org.xml
@@ -1,8 +1,4 @@
-<!--
-	Expired 2013-07-12
-
--->
-<ruleset name="ConnectiCon.org" default_off="expired">
+<ruleset name="ConnectiCon.org">
 
 	<target host="connecticon.org" />
 	<target host="www.connecticon.org" />
@@ -11,9 +7,7 @@
 	<securecookie host="^connecticon\.org$" name=".+" />
 
 
-	<!--	www redirects to ^ over http, so copy that:
-								-->
-	<rule from="^http://(?:www\.)?connecticon\.org/"
-		to="https://connecticon.org/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Connectify.me.xml b/src/chrome/content/rules/Connectify.me.xml
new file mode 100644
index 000000000000..a55a3acc6576
--- /dev/null
+++ b/src/chrome/content/rules/Connectify.me.xml
@@ -0,0 +1,17 @@
+<!--
+	Invalid certificate:
+		- cloud.connectify.me
+-->
+
+<ruleset name="Connectify.me">
+	<target host="connectify.me" />
+	<target host="www.connectify.me" />
+	<target host="appscreens.connectify.me" />
+	<target host="d1.connectify.me" />
+	<target host="d3.connectify.me" />
+	<target host="downloads.connectify.me" />
+	<target host="downloads2.connectify.me" />
+	<target host="downloads3.connectify.me" />
+	<target host="support.connectify.me" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Connexity.com.xml b/src/chrome/content/rules/Connexity.com.xml
index eeefc44c7772..2e4cbbdf6578 100644
--- a/src/chrome/content/rules/Connexity.com.xml
+++ b/src/chrome/content/rules/Connexity.com.xml
@@ -1,21 +1,54 @@
 <!--
-	Nonfunctional subdomains:
+	Other Connexity rulesets:
 
-		- ^ *	(reset)
-		- www *	(redirects to http)
+		- Connexity.net.xml
 
-	* Mismatched, CN: pro.connexity.com
+
+	(www.)?connexity.com: Some pages redirect to http
+
+
+	Insecure cookies are set for these domains: ᶜ
+
+		- .connexity.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
 <ruleset name="Connexity.com (partial)">
 
+	<target host="connexity.com" />
 	<target host="pro.connexity.com" />
+	<target host="publisher.connexity.com" />
+	<target host="www.connexity.com" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://(?:www\.)?connexity\.com/(?:$|\w\w/$|login/$|programmatic/$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://(?:www\.)?connexity\.com/(?!/*(?:favicon\.ico|wp-content/))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://connexity.com/fr/" />
+			<test url="http://connexity.com/login/" />
+			<test url="http://www.connexity.com/programmatic/" />
+
+			<!--	-ve:
+					-->
+			<test url="http://connexity.com/favicon.ico" />
+			<test url="http://www.connexity.com/wp-content/plugins/itempropwp/assets/css/itempropwp.css" />
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.connexity\.com$" name="^rng$" /-->
 
-	<securecookie host="^pro\.connexity\.com$" name=".+" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^http://pro\.connexity\.com/"
-		to="https://pro.connexity.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Connexity.net.xml b/src/chrome/content/rules/Connexity.net.xml
index e57b1296ca69..7f4d88f8d538 100644
--- a/src/chrome/content/rules/Connexity.net.xml
+++ b/src/chrome/content/rules/Connexity.net.xml
@@ -1,21 +1,41 @@
 <!--
-	Nonfunctional subdomains:
-
-		- www	(reset; mismatched, CN: pro.connexity.net)
-
+	Empty reply:
+		- connexity.net
+		- cse.connexity.net
+		- pxl.connexity.net
+
+	Cert mismatch:
+		- www.connexity.net
+		- cse.prod.connexity.net
+		- link.connexity.net
+		- s.connexity.net
+		- t.connexity.net
+		- u.connexity.net
+
+	Cert expired:
+		- pm-rtb-fkb.connexity.net
+
+	Timeout:
+		- ax-rtb-fkb.connexity.net
+		- cm-rtb-fkb.connexity.net
+		- ox-rtb-fkb.connexity.net
+		- pp-rtb-fkb.connexity.net
+		- rtb.connexity.net
+		- yax-rtb-fkb.connexity.net
 -->
-<ruleset name="Connexity.net">
-
-	<target host="connexity.net" />
-	<target host="*.connexity.net" />
-
+<ruleset name="Connexity.net (partial)" >
 
-	<!--	Tracking cookies:
-					-->
-	<securecookie host="^\.connexity\.net$" name="^(?:COu|refresh|sync)$" />
+	<target host="api.connexity.net" />
+	<target host="cpa.connexity.net" />
+	<target host="dude.connexity.net" />
+	<target host="mxl.connexity.net" />
+	<target host="rd.connexity.net" />
+	<target host="rd2.connexity.net" />
+	<target host="up.connexity.net" />
 
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://connexity\.net/"
-		to="https://connexity.net/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Connextra.com.xml b/src/chrome/content/rules/Connextra.com.xml
index fa537313ba84..0431ddc22fdb 100644
--- a/src/chrome/content/rules/Connextra.com.xml
+++ b/src/chrome/content/rules/Connextra.com.xml
@@ -15,10 +15,23 @@
 
 		- (www.)	(refused)
 
+
+	Insecure cookies are set for these domains:
+
+		- .connextra.com
+
 -->
 <ruleset name="connextra.com (partial)">
 
-	<target host="*.connextra.com" />
+	<!--	Direct rewrites:
+				-->
+	<target host="ssl.connextra.com" />
+	<target host="workbench.connextra.com" />
+	<target host="zz.connextra.com" />
+
+	<!--	Complications:
+				-->
+	<target host="ff.connextra.com" />
 
 
 	<!--	Set by ff:
@@ -28,9 +41,9 @@
 
 
 	<rule from="^http://ff\.connextra\.com/"
-		to="https://a248.e.akamai.net/f/22/8130/7/ff.connextra.com/" />
+		to="https://ssl.connextra.com/" />
 
-	<rule from="^http://workbench\.connextra\.com/"
-		to="https://workbench.connextra.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/ConoHa.jp.xml b/src/chrome/content/rules/ConoHa.jp.xml
new file mode 100644
index 000000000000..a11ebe3b8dc3
--- /dev/null
+++ b/src/chrome/content/rules/ConoHa.jp.xml
@@ -0,0 +1,48 @@
+<!--
+	For other GMO coverage, see GMO_Internet.xml.
+
+
+	Fully covered hosts in *conoha.jp:
+
+		- (www.)?
+		- cp
+		- help
+
+
+	Insecure cookies are set for these hosts:
+
+		- cp.conoha.jp
+		- help.conoha.jp
+		- www.conoha.jp
+
+
+	Mixed content:
+
+		- Images on help from cache.img.gmo.jp *
+
+	* Secured by us
+
+-->
+<ruleset name="ConoHa.jp">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="conoha.jp" />
+	<target host="cp.conoha.jp" />
+	<target host="help.conoha.jp" />
+	<target host="www.conoha.jp" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^cp\.conoha\.jp$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^help\.conoha\.jp$" name="^cp_session$" /-->
+	<!--securecookie host="^www\.conoha\.jp$" name="^PHPSESSID$"" /-->
+
+	<securecookie host="^(?:cp|help)\.conoha\.jp$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Conrad_Electronic.xml b/src/chrome/content/rules/Conrad_Electronic.xml
new file mode 100644
index 000000000000..eb4d0e8c3a5a
--- /dev/null
+++ b/src/chrome/content/rules/Conrad_Electronic.xml
@@ -0,0 +1,128 @@
+<!--
+	Invalid certificate:
+		produktinfo.conrad.com (expired)
+		www.produktinfo.conrad.com (expired, mismatch)
+		m.conrad.at (mismatch)
+  		m.conrad.nl (mismatch)
+  		m.conrad-electronic.nl (mismatch)
+  		m.conrad.pl (mismatch)
+		conrad.sk (mismatch)
+		www.conrad.sk (mismatch)
+		velkoobchod.conrad.sk (mismatch)
+
+	Redirect to HTTP:
+		www.conrad.be
+		conrad.com
+		www.conrad.com
+		www.conrad.fr
+		www.conrad.it
+		business.conrad.it
+		www.conrad-electronic.co.uk
+
+	Refused:
+		conrad.at (redirect rule as workaround)
+		conrad.be
+		conrad.biz (redirect rule as workaround)
+		biz-conrad.ch (redirect rule as workaround)
+		m.conrad.cz
+		conrad.ch (redirect rule as workaround)
+  		conrad.de(redirect rule as workaround)
+		conrad.fr
+		conrad.hu (redirect rule as workaround)
+		conrad.it
+		conrad.nl (redirect rule as workaround)
+		conrad-electronic.co.uk
+
+	Status code mismatch:
+		api.conrad.com
+
+	Timeout:
+		m.conrad.biz
+		m.conrad.ch
+		m.biz-conrad.ch
+		m.conrad.de
+-->
+
+<ruleset name="Conrad Electronic (partial)">
+	<target host="conrad.at" />
+	<target host="www.conrad.at" />
+	<target host="business.conrad.at" />
+	<target host="conrad.biz" />
+	<target host="www.conrad.biz" />
+	<target host="biz-conrad.ch" />
+	<target host="www.biz-conrad.ch" />
+	<target host="conrad.ch" />
+	<target host="www.conrad.ch" />
+	<target host="conrad.cz" />
+	<target host="www.conrad.cz" />
+	<target host="velkoobchod.conrad.cz" />
+	<target host="conrad.de" />
+	<target host="www.conrad.de" />
+	<target host="conradelektronik.dk" />
+	<target host="www.conradelektronik.dk" />
+	<target host="m.conradelektronik.dk" />
+	<target host="conrad.hr" />
+	<target host="www.conrad.hr" />
+	<target host="m.conrad.hr" />
+	<target host="conrad.hu" />
+	<target host="www.conrad.hu" />
+	<target host="conrad.nl" />
+	<target host="www.conrad.nl" />
+	<target host="conrad-electronic.nl" />
+	<target host="www.conrad-electronic.nl" />
+	<target host="conrad.pl" />
+	<target host="www.conrad.pl" />
+	<target host="conrad.se" />
+	<target host="www.conrad.se" />
+	<target host="m.conrad.se" />
+	<target host="conrad.si" />
+	<target host="www.conrad.si" />
+	<target host="m.conrad.si" />
+
+	<!-- status code mismatch - fails test, would work fine otherwise
+	target even uses HSTS -->
+	<!--<target host="api.conrad.com" />-->
+
+	<target host="asset.conrad.com" />
+	<target host="media.conrad.com" />
+
+	<!-- rules disabled, certificate expired-->
+	<!-- <target host="produktinfo.conrad.com" />-->
+	<!-- <target host="www.produktinfo.conrad.com" />-->
+
+	<securecookie host=".+" name=".+" />
+
+    <!-- www.produktinfo.conrad.com is an alias for produktinfo.conrad.com and
+	certificate only matches produktinfo.conrad.com -->
+	<!-- rule disabled, certificate expired-->
+	<!--<rule from="^http://www\.produktinfo\.conrad\.com/"
+		to="https://produktinfo.conrad.com/"/>-->
+
+	<!-- fix sites which refuse connection without www subdomain-->
+	<rule from="^http://conrad\.at/"
+		to="https://www.conrad.at/" />
+
+	<rule from="^http://conrad\.ch/"
+		to="https://www.conrad.ch/" />
+
+	<rule from="^http://biz-conrad\.ch/"
+		to="https://www.biz-conrad.ch/" />
+
+	<rule from="^http://conrad\.biz/"
+		to="https://www.conrad.biz/" />
+
+	<rule from="^http://conrad\.de/"
+		to="https://www.conrad.de/" />
+
+	<rule from="^http://conrad\.hu/"
+		to="https://www.conrad.hu/" />
+
+	<rule from="^http://conrad\.nl/"
+		to="https://www.conrad.nl/" />
+
+	<!-- no redirects to www subdomain for broken m subdomains, the redirects seen
+	without HTTPS might be (or become) User-Agent or viewport dependent -->
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Consensus911.org.xml b/src/chrome/content/rules/Consensus911.org.xml
new file mode 100644
index 000000000000..a95cc82027aa
--- /dev/null
+++ b/src/chrome/content/rules/Consensus911.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="Consensus911.org">
+	<target host="consensus911.org" />
+	<target host="www.consensus911.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Conservatives.com.xml b/src/chrome/content/rules/Conservatives.com.xml
new file mode 100644
index 000000000000..8fa93ae0d4ca
--- /dev/null
+++ b/src/chrome/content/rules/Conservatives.com.xml
@@ -0,0 +1,27 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- conservatives.com
+		- www.conservatives.com
+
+-->
+<ruleset name="Conservatives.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="conservatives.com" />
+	<target host="www.conservatives.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^conservatives\.com$" name="^SERVERID$" /-->
+	<!--securecookie host="^www\.conservatives\.com$" name="^(?:ASP\.NET_SessionId|SERVERID|#lang=en)$" /-->
+
+	<securecookie host="^(?:www\.)?conservatives\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ConsoleBackup.com.xml b/src/chrome/content/rules/ConsoleBackup.com.xml
new file mode 100644
index 000000000000..4eead1f1bdfb
--- /dev/null
+++ b/src/chrome/content/rules/ConsoleBackup.com.xml
@@ -0,0 +1,20 @@
+<!--
+	For other GameCopyWorld coverage, see GameCopyWorld.com.xml.
+-->
+
+<ruleset name="ConsoleBackup.com">
+	<target host="consolebackup.com" />
+	<target host="www.consolebackup.com" />
+	<target host="dl.consolebackup.com" />
+	<target host="g00.consolebackup.com" />
+	<target host="g01.consolebackup.com" />
+	<target host="g10.consolebackup.com" />
+	<target host="g11.consolebackup.com" />
+	<target host="g12.consolebackup.com" />
+	<target host="g13.consolebackup.com" />
+	<target host="g21.consolebackup.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Consortium_Library.xml b/src/chrome/content/rules/Consortium_Library.xml
index 2077acb65d64..05de442c6ef8 100644
--- a/src/chrome/content/rules/Consortium_Library.xml
+++ b/src/chrome/content/rules/Consortium_Library.xml
@@ -1,13 +1,29 @@
+<!--
+
+	Problematic hosts in *consortiumlibrary.org:
+
+		- ask ᵐ
+		- catalog ᵐ
+		- cliq ᵐ
+		- libcal ᵐ
+		- libguides ᵐ
+		- picturinguaa ᵐ
+
+	ᵐ Mismatched
+
+-->
 <ruleset name="Consortium Library">
 
 	<target host="consortiumlibrary.org" />
 	<target host="www.consortiumlibrary.org" />
+	<target host="amlproxy.consortiumlibrary.org" />
+	<target host="archives.consortiumlibrary.org" />
+	<target host="proxy.consortiumlibrary.org" />
+	<target host="login.proxy.consortiumlibrary.org" />
 
+	<securecookie host=".+" name=".+" />
 
-	<securecookie host="^(?:www\.)?consortiumlibrary\.org$" name=".+" />
-
-
-	<rule from="^http://(www\.)?consortiumlibrary\.com/"
-		to="https://$1consortiumlibrary.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Constant-Contact.xml b/src/chrome/content/rules/Constant-Contact.xml
index e023fc9d1254..bbb54e5f0ba2 100644
--- a/src/chrome/content/rules/Constant-Contact.xml
+++ b/src/chrome/content/rules/Constant-Contact.xml
@@ -1,57 +1,218 @@
+
 <!--
-	Nonfunctional subdomains:
+Disabled by https-everywhere-checker because:
+Fetch error: http://news.constantcontact.com/sites/constantcontact.newshq.businesswire.com/themes/constantcontact_newshq_businesswire_com_theme/client_files/images/ctct-plus.png => https://constantcontact.newshq.businesswire.com/sites/constantcontact.newshq.businesswire.com/themes/constantcontact_newshq_businesswire_com_theme/client_files/images/ctct-plus.png: (6, 'Could not resolve host: hq2aegir1.scprod.businesswire.com')
+
+	Other Constant Contact rulesets:
+
+		- CtCtCDN.com.xml
+
+
+	Nonfunctional hosts in *constantcontact.com:
 
-		- visitor.r20 *
-		- visitor *
+		- investor ¹
+		- jobs ²
+		- support2 ³
 
-	* Times out
+	¹ Dropped
+	² Refused
+	³ Redirects to http
 
 
 	Problematic subdomains:
 
-		- blogs		(mismatched)
 		- ih		(akamai)
+		- news ²
+
+	² Mismatched
 
 
 	Partially covered subdomains:
 
-		- (www.)	(some pages redirect to http)
 		- blogs *
-		- developer	(→ www)
+		- news *	(→ constantcontact.newshq.businesswire.com)
+		- techblog *
+		- www		(some pages redirect to http)
 
 	* Some pages redirect to http
 
 
 	Fully covered subdomains:
 
+		- ^
+		- about
+		- community
+		- developer
 		- img.f2	(→ imgssl)
 		- ih		(→ origin.ih)
 		- origin.ih
 		- img		(→ imgssl)
 		- imgssl
+		- login
+		- login-p2
+		- marketplace
+		- visitor.r20
 		- survey
+		- visitor
 
--->
-<ruleset name="Constant Contact (partial)">
 
-	<target host="constantcontact.com" />
-	<target host="*.constantcontact.com" />
-		<exclusion pattern="^http://blogs\.constantcontact\.com/(?!wp-admin(?:$|[?/])|wp-content/|wp-includes/|wp-login\.php)" />
+	login-sca1: Reset over http & https
+
 
+	Insecure cookies are set for these hosts:
 
-	<securecookie host="^(?:community|origin\.ih|survey)\.constantcontact\.com$" name=".+" />
+		- .constantcontact.com
+		- about.constantcontact.com
+		- community.constantcontact.com
+		- developer.constantcontact.com
+		- login.constantcontact.com
+		- login-p2.constantcontact.com
+		- techblog.constantcontact.com
+		- visitor.constantcontact.com
+		- visitor.r20.constantcontact.com
 
 
-	<rule from="^http://((?:blogs|community|origin\.ih|survey)\.)?constantcontact\.com/"
-		to="https://$1constantcontact.com/" />
+	Mixed content:
 
-	<rule from="^http://(?:developer|www)\.constantcontact\.com/(favicon\.ico|features/signup\.jsp|(?:global-(?:login|nav)|login|styles)\.jsp|_styles/)"
-		to="https://www.constantcontact.com/$1" />
+		- Images on about from static.ctctcdn.com
+
+-->
+<ruleset name="Constant Contact.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="constantcontact.com" />
+	<target host="about.constantcontact.com" />
+	<target host="blogs.constantcontact.com" />
+	<target host="community.constantcontact.com" />
+	<target host="developer.constantcontact.com" />
+	<target host="origin.ih.constantcontact.com" />
+	<target host="imgssl.constantcontact.com" />
+	<target host="login.constantcontact.com" />
+	<target host="login-p2.constantcontact.com" />
+	<target host="marketplace.constantcontact.com" />
+	<target host="techblog.constantcontact.com" />
+	<target host="visitor.r20.constantcontact.com" />
+	<target host="survey.constantcontact.com" />
+	<target host="visitor.constantcontact.com" />
+	<target host="www.constantcontact.com" />
+
+	<!--	Complications:
+				-->
+	<target host="img.f2.constantcontact.com" />
+	<target host="ih.constantcontact.com" />
+	<target host="news.constantcontact.com" />
+
+		<exclusion pattern="^http://blogs\.constantcontact\.com/(?!wp-admin(?:$|[?/])|wp-content/|wp-includes/|wp-login\.php)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://blogs.constantcontact.com/all-constant-contact-social-media/" />
+			<test url="http://blogs.constantcontact.com/category/email-marketing/" />
+			<test url="http://blogs.constantcontact.com/email-marketing-101/" />
+			<test url="http://blogs.constantcontact.com/events/" />
+			<test url="http://blogs.constantcontact.com/interpret-email-reports/" />
+			<test url="http://blogs.constantcontact.com/library/" />
+
+			<!--	-ve:
+					-->
+			<test url="http://blogs.constantcontact.com/wp-admin" />
+			<test url="http://blogs.constantcontact.com/wp-content/themes/roots/assets/img/logo_ctct.png" />
+			<test url="http://blogs.constantcontact.com/wp-login.php" />
+
+		<exclusion pattern="^http://www\.constantcontact\.com/(?!favicon\.ico|features/signup\.jsp|login(?:$|\?)|(?:global-(?:login|nav)|login|signup|styles)\.jsp|_styles/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.constantcontact.com/campaigns" />
+			<test url="http://www.constantcontact.com/email-marketing" />
+			<test url="http://www.constantcontact.com/help/product-tutorials" />
+			<test url="http://www.constantcontact.com/index.jsp" />
+			<test url="http://www.constantcontact.com/partners "/>
+			<test url="http://www.constantcontact.com/partners/chamber" />
+			<test url="http://www.constantcontact.com/partners/solution-providers" />
+			<test url="http://www.constantcontact.com/pricing" />
+			<test url="http://www.constantcontact.com/resource-center" />
+			<test url="http://www.constantcontact.com/services" />
+			<test url="http://www.constantcontact.com/support" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.constantcontact.com/favicon.ico" />
+			<test url="http://www.constantcontact.com/features/signup.jsp" />
+			<test url="http://www.constantcontact.com/global-login.jsp" />
+			<test url="http://www.constantcontact.com/global-nav.jsp" />
+			<test url="http://www.constantcontact.com/login" />
+			<test url="http://www.constantcontact.com/login.jsp" />
+			<test url="http://www.constantcontact.com/signup.jsp" />
+			<test url="http://www.constantcontact.com/styles.jsp" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://news\.constantcontact\.com/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://news\.constantcontact\.com/+(?!sites/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://news.constantcontact.com/media-contacts" />
+			<test url="http://news.constantcontact.com/news" />
+
+			<!--	-ve:
+					-->
+			<test url="http://news.constantcontact.com/sites/constantcontact.newshq.businesswire.com/themes/constantcontact_newshq_businesswire_com_theme/client_files/images/ctct-plus.png" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://techblog\.constantcontact\.com/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://techblog\.constantcontact\.com/+(?!wp-content/|wp-login\.php)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://techblog.constantcontact.com/api/overview-of-email-marketing/" />
+			<test url="http://techblog.constantcontact.com/category/api/" />
+			<test url="http://techblog.constantcontact.com/devops/space-the-final-frontier-a-story-of-mysql-compression/" />
+			<test url="http://techblog.constantcontact.com/tech-talk/microservices-at-constant-contact/" />
+
+			<!--	-ve:
+					-->
+			<test url="http://techblog.constantcontact.com/wp-content/themes/magazine/images/logo_ctct_techblog.png" />
+			<test url="http://techblog.constantcontact.com/wp-login.php" />
+
+		<test url="http://visitor.constantcontact.com/d.jsp" />
+		<test url="http://visitor.constantcontact.com/manage/optin" />
+		<test url="http://visitor.r20.constantcontact.com/d.jsp" />
+		<test url="http://visitor.r20.constantcontact.com/manage/optin" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.constantcontact\.com$" name="^cclp_(content|partner|referral)$" /-->
+	<!--securecookie host="^about\.constantcontact\.com$" name="^JSESSIONID$" /-->
+	<!--securecookie host="^community\.constantcontact\.com$" name="^(LiSESSIONID|LithiumUserInfo|LithiumUserSecure|LithiumVisitor)$" /-->
+	<!--securecookie host="^(developer|login(-p2)?|visitor(\.r20)?)\.constantcontact\.com$" name="^BIGipServer\w+$" /-->
+	<!--securecookie host="^developer\.constantcontact\.com$" name="^(JSESSIONID|dmid)$" /-->
+	<!--securecookie host="^techblog\.constantcontact\.com$" name="^X-Mapping-fjhppofk$" /-->
+
+	<securecookie host="^\.constantcontact\.com$" name="^cclp_(?:content|partner|referral)$" />
+	<securecookie host="^(?:about|community|developer|origin\.ih|login|login-p2|visitor\.r20|survey|visitor)\.constantcontact\.com$" name=".+" />
+
+
+	<rule from="^http://img\.f2\.constantcontact\.com/"
+		to="https://imgssl.constantcontact.com/" />
 
 	<rule from="^http://ih\.constantcontact\.com/"
 		to="https://origin.ih.constantcontact.com/" />
 
-	<rule from="^http://img(?:\.f2|ssl)?\.constantcontact\.com/"
-		to="https://imgssl.constantcontact.com/" />
+	<rule from="^http://news\.constantcontact\.com/"
+		to="https://constantcontact.newshq.businesswire.com/" />
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Construx.xml b/src/chrome/content/rules/Construx.xml
index 077a7447241a..bb116dbd74db 100644
--- a/src/chrome/content/rules/Construx.xml
+++ b/src/chrome/content/rules/Construx.xml
@@ -16,7 +16,7 @@
 	<target host="www.construx.com" />
 
 
-	<rule from="^https?://(?:www\.)?construx\.com/"
+	<rule from="^http://(?:www\.)?construx\.com/"
 		to="https://construx.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Consultwebs.com.xml b/src/chrome/content/rules/Consultwebs.com.xml
new file mode 100644
index 000000000000..6c0c3b3aee9b
--- /dev/null
+++ b/src/chrome/content/rules/Consultwebs.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="Consultwebs.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="consultwebs.com" />
+	<target host="www.consultwebs.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Consumentenbond.nl.xml b/src/chrome/content/rules/Consumentenbond.nl.xml
new file mode 100644
index 000000000000..fc4a9393e647
--- /dev/null
+++ b/src/chrome/content/rules/Consumentenbond.nl.xml
@@ -0,0 +1,9 @@
+<ruleset name="Consumentenbond.nl">
+  <target host="consumentenbond.nl" />
+  <target host="www.consumentenbond.nl" />
+
+  <rule from="^http:" to="https:" />
+
+  <test url="http://www.consumentenbond.nl/juridisch-advies/" />
+  <test url="http://www.consumentenbond.nl/test/geld-verzekering/" />
+</ruleset>
diff --git a/src/chrome/content/rules/Consumer.gov.xml b/src/chrome/content/rules/Consumer.gov.xml
deleted file mode 100644
index 5db9e4104c7f..000000000000
--- a/src/chrome/content/rules/Consumer.gov.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	^: mismatched
-
--->
-<ruleset name="Consumer.gov">
-
-	<target host="consumer.gov" />
-	<target host="www.consumer.gov" />
-	<target host="consumidor.gov" />
-	<target host="www.consumidor.gov" />
-
-
-	<rule from="^https?://(?:www\.)?consum(e|ido)r\.gov/"
-		to="https://www.consum$1r.gov/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Consumer.org.hk.xml b/src/chrome/content/rules/Consumer.org.hk.xml
new file mode 100644
index 000000000000..20b5d86dcd45
--- /dev/null
+++ b/src/chrome/content/rules/Consumer.org.hk.xml
@@ -0,0 +1,50 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://webmail.consumer.org.hk/ => https://webmail.consumer.org.hk/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www4.consumer.org.hk/ => https://www4.consumer.org.hk/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+
+	Non-functional hosts
+		Couldn't connect to server:
+			 - kwah.consumer.org.hk
+
+		Timeout was reached:
+			 - beta.consumer.org.hk
+			 - choice.consumer.org.hk
+			 - smtp2.consumer.org.hk
+
+		SSL peer certificate was not OK:
+			 - www2015.consumer.org.hk
+
+		Incomplete certificate chain error:
+			 - pop3.consumer.org.hk
+
+		Status code mismatch:
+			 - www5.consumer.org.hk
+
+		4xx client error:
+			 - ftp.consumer.org.hk
+			 - mail.consumer.org.hk
+			 - smtp.consumer.org.hk
+
+		Different content:
+			 - shopsmart.consumer.org.hk
+-->
+<ruleset name="Consumer Council (partial)" default_off="failed ruleset test">
+	<target host="consumer.org.hk" />
+	<target host="www.consumer.org.hk" />
+	<target host="anywhere.consumer.org.hk" />
+	<target host="autodiscover.consumer.org.hk" />
+	<target host="box.consumer.org.hk" />
+	<target host="email.consumer.org.hk" />
+	<target host="gate.consumer.org.hk" />
+	<target host="outlook.consumer.org.hk" />
+	<target host="owa.consumer.org.hk" />
+	<target host="survey.consumer.org.hk" />
+	<target host="webmail.consumer.org.hk" />
+	<target host="www2.consumer.org.hk" />
+	<target host="www3.consumer.org.hk" />
+	<target host="www4.consumer.org.hk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ConsumerAffairs.com.xml b/src/chrome/content/rules/ConsumerAffairs.com.xml
index a1bb8c7adf30..03615e1f62da 100644
--- a/src/chrome/content/rules/ConsumerAffairs.com.xml
+++ b/src/chrome/content/rules/ConsumerAffairs.com.xml
@@ -1,14 +1,34 @@
-<!--	!functional:
-		news.consumeraffairs.com	(cert: www.consumeraffairs.com; 404)
+<!--
+	Nonfunctional hosts in *consumeraffairs.com:
+
+		- news ᵈ
+
+	ᵈ Dropped
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.consumeraffairs.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
 -->
 <ruleset name="ConsumerAffairs.com (partial)">
 
-	<target host="consumeraffairs.com"/>
-	<target host="www.consumeraffairs.com"/>
+	<target host="consumeraffairs.com" />
+	<target host="blog.consumeraffairs.com" />
+	<target host="media.consumeraffairs.com" />
+	<target host="www.consumeraffairs.com" />
+
+		<!--	Sets cookie without Secure:
+							-->
+		<!--test url="http://www.consumeraffairs.com/login/?next=/" /-->
+
+
+	<securecookie host=".+" name=".+" />
 
-	<securecookie host="^(.*\.)?consumeraffairs\.com$" name=".*"/>
 
-	<rule from="^http://(www\.)?consumeraffairs\.com/"
-		to="https://$1consumeraffairs.com/"/>
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/ConsumerReports.xml b/src/chrome/content/rules/ConsumerReports.xml
index 7275dfbd1897..b6c227975d82 100644
--- a/src/chrome/content/rules/ConsumerReports.xml
+++ b/src/chrome/content/rules/ConsumerReports.xml
@@ -1,46 +1,20 @@
-<!--
-	consumerreports.custhelp.com is handled in RightNow-clients.xml.
-
-
-	CDN buckets:
-
-		- dffe75s34hxl9.cloudfront.net
-			- static[1-4].consumerreportscdn.org
-
-		- news-consumerreports-org-1342602336.us-east-1.elb.amazonaws.com
-			- news.consumerreports.org
-
-
-	Nonfunctional domains:
-
-		- news.consumerreports.org
-
--->
-<ruleset name="Consumer Reports" platform="mixedcontent">
-
+<ruleset name="Consumer Reports">
+	<!-- consumerreports.org -->
 	<target host="consumerreports.org" />
-	<target host="*.consumerreports.org" />
-	<target host="*.consumerreportscdn.org" />
-
-
-	<securecookie host="^.*\.consumerreports\.org$" name=".+" />
-
-
-	<!--	Cert only matches www.
-					-->
-	<rule from="^http://(?:www\.)?consumerreports\.org/"
-		to="https://www.consumerreports.org/" />
-
-	<!--	Many (all?) paths 301 back.
-
-	<rule from="^https?://custhelp\.consumerreports\.org/"
-		to="https://consumerreports.custhelp.com/" /-->
-
-	<rule from="^http://ec\.consumerreports\.org/"
-		to="https://ec.consumerreports.org/" />
-
-	<rule from="^https?://static[1-4]\.consumerreportscdn\.org/"
-		to="https://dffe75s34hxl9.cloudfront.net/" />
-
+	<target host="www.consumerreports.org" />
+	<target host="custhelp.consumerreports.org" />
+	<target host="ec.consumerreports.org" />
+	<target host="news.consumerreports.org" />
+	<target host="web.consumerreports.org" />
+
+	<!-- consumerreportscdn.org -->
+	<target host="static1.consumerreportscdn.org" />
+	<target host="static2.consumerreportscdn.org" />
+	<target host="static3.consumerreportscdn.org" />
+	<target host="static4.consumerreportscdn.org" />
+	<target host="static5.consumerreportscdn.org" />
+
+	<securecookie host="^ec\.consumerreports\.org$" name=".+" />
+
+	<rule from="^http:" to="https:" />
 </ruleset>
-<!-- Rule generated by HTTPS Finder 0.77 -->
\ No newline at end of file
diff --git a/src/chrome/content/rules/ConsumerSniper.com.xml b/src/chrome/content/rules/ConsumerSniper.com.xml
deleted file mode 100644
index a7dccf746f77..000000000000
--- a/src/chrome/content/rules/ConsumerSniper.com.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="ConsumerSniper.com">
-
-	<target host="consumersniper.com" />
-	<target host="www.consumersniper.com" />
-
-
-	<securecookie host="^www\.consumersniper\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?consumersniper\.com/"
-		to="https://$1consumersniper.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Consumer_Finance.gov.xml b/src/chrome/content/rules/Consumer_Finance.gov.xml
new file mode 100644
index 000000000000..29c74b04575d
--- /dev/null
+++ b/src/chrome/content/rules/Consumer_Finance.gov.xml
@@ -0,0 +1,47 @@
+<!--
+	For other U.S. government coverage, see US-government.xml.
+
+
+	CDN buckets:
+
+		- s3.amazonaws.com/files.consumerfinance.gov/
+
+
+	Nonfunctional hosts in *consumerfinance.gov:
+
+		- files ʳ
+
+	ʳ Refused
+
+
+	^consumerfinance.gov Refused
+	www.consumerfinance.gov: Akamai
+
+
+	Insecure cookies are set for these hosts:
+
+		- exam.consumerfinance.gov
+		- help.consumerfinance.gov
+		- secure.consumerfinance.gov
+
+-->
+<ruleset name="Consumer Finance.gov (partial)">
+
+	<target host="exam.consumerfinance.gov" />
+	<target host="help.consumerfinance.gov" />
+	<target host="secure.consumerfinance.gov" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^exam\.consumerfinance\.gov$" name="^\.ASPXAUTH$" /-->
+	<!--securecookie host="^(?:help|secure)\.consumerfinance\.gov$" name="^TS[\da-f]{8}$" /-->
+
+	<securecookie host="^\." name="^_(?:_qca|gat?)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Consumers_Union.org.xml b/src/chrome/content/rules/Consumers_Union.org.xml
new file mode 100644
index 000000000000..c6c300b41575
--- /dev/null
+++ b/src/chrome/content/rules/Consumers_Union.org.xml
@@ -0,0 +1,21 @@
+<!--
+	www: mismatched
+
+
+	Fully covered subdomains:
+
+		- (www.)?	(www → ^)
+		- secure
+
+-->
+<ruleset name="Consumers Union.org">
+
+	<target host="consumersunion.org" />
+	<target host="secure.consumersunion.org" />
+	<target host="www.consumersunion.org" />
+
+
+	<rule from="^http://(?:(secure\.)|www\.)?consumersunion\.org/"
+		to="https://$1consumersunion.org/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Consumers_Win.com.xml b/src/chrome/content/rules/Consumers_Win.com.xml
new file mode 100644
index 000000000000..b09e7011583b
--- /dev/null
+++ b/src/chrome/content/rules/Consumers_Win.com.xml
@@ -0,0 +1,22 @@
+<!--
+	Mixed content:
+
+		- Images from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Cosumers Win.com">
+
+	<target host="consumerswin.com" />
+	<target host="www.consumerswin.com" />
+
+
+	<!--	Server doesn't set Secure for:
+						-->
+	<securecookie host="^(?:www\.)?consumerswin\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Contact-sys.com.xml b/src/chrome/content/rules/Contact-sys.com.xml
new file mode 100644
index 000000000000..c5321e6d9a8d
--- /dev/null
+++ b/src/chrome/content/rules/Contact-sys.com.xml
@@ -0,0 +1,8 @@
+<!--vitrina. self signed-->
+<ruleset name="Contact-sys.com">
+	<target host="contact-sys.com" />
+	<target host="www.contact-sys.com" />
+	<target host="lk.contact-sys.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ContactUs.com.xml b/src/chrome/content/rules/ContactUs.com.xml
new file mode 100644
index 000000000000..a686947a9193
--- /dev/null
+++ b/src/chrome/content/rules/ContactUs.com.xml
@@ -0,0 +1,22 @@
+<!--
+	Some (all?) pages redirect to http.
+
+-->
+<ruleset name="ContactUs.com (partial)">
+
+	<target host="contactus.com" />
+	<target host="www.contactus.com" />
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="^http://(www\.)?contactus.com/+($|login/|sign-up/)" /-->
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="^http://(www\.)?contactus.com/+(?!favicon\.ico|wp-content/|wp-includes/)" /-->
+
+
+	<rule from="^http://(www\.)?contactus\.com/(?=favicon\.ico|wp-content/|wp-includes/)"
+		to="https://$1contactus.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Contact_At_Once.com.xml b/src/chrome/content/rules/Contact_At_Once.com.xml
index b221e40177d6..5471449b4825 100644
--- a/src/chrome/content/rules/Contact_At_Once.com.xml
+++ b/src/chrome/content/rules/Contact_At_Once.com.xml
@@ -9,7 +9,6 @@
 	<target host="applications.contactatonce.com" />
 
 
-	<rule from="^http://applications\.contactatonce\.com/"
-		to="https://applications.contactatonce.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Contact_Privacy.xml b/src/chrome/content/rules/Contact_Privacy.xml
index 0db0f3ff800e..e2f01ba1165d 100644
--- a/src/chrome/content/rules/Contact_Privacy.xml
+++ b/src/chrome/content/rules/Contact_Privacy.xml
@@ -4,7 +4,6 @@
 	<target host="www.contactprivacy.com" />
 
 
-	<rule from="^http://(www\.)?contactprivacy\.com/"
-		to="https://$1contactprivacy.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Contactual.xml b/src/chrome/content/rules/Contactual.xml
deleted file mode 100644
index f7bdfa371dec..000000000000
--- a/src/chrome/content/rules/Contactual.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<ruleset name="Contactual (partial)">
-
-	<target host="mycontactual.com" />
-	<target host="*.mycontactual.com" />
-
-
-	<securecookie host="^na\d\.mycontactual\.com$" name=".+" />
-	<securecookie host="^\.?mycontactual\.com$" name="^WPJ_CM$" />
-
-
-	<rule from="^http://(na\d\.|www\.)?mycontactual\.com/"
-		to="https://$1mycontactual.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Content.ad.xml b/src/chrome/content/rules/Content.ad.xml
index 7fce3a5f36fc..5c4478d360fb 100644
--- a/src/chrome/content/rules/Content.ad.xml
+++ b/src/chrome/content/rules/Content.ad.xml
@@ -8,11 +8,17 @@
 
 		- ^	(404, valid cert)
 
+
+	These altnames don't exist:
+
+		- www.api.content.ad
+
 -->
 <ruleset name="Content.ad (partial)">
 
 	<target host="content.ad" />
-	<target host="*.content.ad" />
+	<target host="www.content.ad" />
+	<target host="api.content.ad" />
 
 
 	<securecookie host="^(?:api|www)\.content\.ad$" name=".+" />
@@ -21,7 +27,6 @@
 	<rule from="^http://(?:www\.)?content\.ad/"
 		to="https://www.content.ad/" />
 
-	<rule from="^http://api\.content\.ad/"
-		to="https://api.content.ad/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Content_Watch.xml b/src/chrome/content/rules/Content_Watch.xml
index 6a95407bf171..04f911170d75 100644
--- a/src/chrome/content/rules/Content_Watch.xml
+++ b/src/chrome/content/rules/Content_Watch.xml
@@ -1,13 +1,26 @@
-<ruleset name="Content Watch">
+<!--
+	Insecure cookies are set for these hosts:
+
+		- www.contentwatch.com ᶜ
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Content Watch.com">
 
 	<target host="contentwatch.com" />
+	<target host="erelay.contentwatch.com" />
 	<target host="www.contentwatch.com" />
 
 
-	<securecookie host="^(?:www\.)?contentwatch\.com$" name=".+" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.contentwatch\.com$" name="^(?:PHPSESSID|mid|pid)$" /-->
+
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^http://(www\.)?contentwatch\.com/"
-		to="https://$1contentwatch.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Contentabc.com.xml b/src/chrome/content/rules/Contentabc.com.xml
new file mode 100644
index 000000000000..75d9a78ae95c
--- /dev/null
+++ b/src/chrome/content/rules/Contentabc.com.xml
@@ -0,0 +1,52 @@
+<!--
+	(www.)?contentabc.com is listening for neither https nor http.
+
+
+	Problematic hosts in *contentabc.com:
+
+		- gui.secure ᵐ
+
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- ads2.contentabc.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="contentabc.com (partial)">
+
+	<target host="ads.contentabc.com" />
+	<target host="ads2.contentabc.com" />
+	<target host="ads3.contentabc.com" />
+	<target host="ads4.contentabc.com" />
+	<target host="ads5.contentabc.com" />
+	<target host="ads6.contentabc.com" />
+	<target host="ads7.contentabc.com" />
+	<target host="ads8.contentabc.com" />
+	<target host="ads9.contentabc.com" />
+	<target host="ads10.contentabc.com" />
+	<target host="ads11.contentabc.com" />
+	<target host="cdn11.contentabc.com" />
+
+		<!--	Sets cookies without Secure:
+							-->
+		<!--test url="http://ads2.contentabc.com/ads?spot_id=1" /-->
+		<!--test url="http://gui.secure.mobile.contentabc.com/images/join_pages/bank_infos/banking_info_after_may2011.png" /-->
+
+		<test url="http://cdn11.contentabc.com/ads/wkd_737x200_566897/uploadLogo.png" />
+
+
+	<!--	Secured by us:
+				-->
+	<!--securecookie host="^ads2\.contentabc\.com$" name="^adtools_fc$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Contentdn.net.xml b/src/chrome/content/rules/Contentdn.net.xml
index ed4041487af3..c045ee45ea11 100644
--- a/src/chrome/content/rules/Contentdn.net.xml
+++ b/src/chrome/content/rules/Contentdn.net.xml
@@ -5,7 +5,6 @@
 
 	<!--	www doesn't exist.
 					-->
-	<rule from="^http://contentdn\.net/"
-		to="https://contentdn.net/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Contentful.com.xml b/src/chrome/content/rules/Contentful.com.xml
new file mode 100644
index 000000000000..ec06e507f112
--- /dev/null
+++ b/src/chrome/content/rules/Contentful.com.xml
@@ -0,0 +1,38 @@
+<!--
+	Problematic hosts in *contentful.com:
+
+		- press *
+		- status *
+
+	* Mismatched
+
+-->
+<ruleset name="Contentful.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="contentful.com" />
+	<target host="be.contentful.com" />
+	<target host="images.contentful.com" />
+	<target host="static.contentful.com" />
+	<target host="support.contentful.com" />
+	<target host="www.contentful.com" />
+
+	<!--	Complications:
+				-->
+	<!--target host="press.contentful.com" /-->
+	<target host="status.contentful.com" />
+
+		<test url="http://images.contentful.com/6aks0m5y3ql5/5IRZVItla84IikQeioosYU/8252fdc19440cbd4a04f5c8fb77d25c2/Generator_Marketing_Billboard2.jpg" />
+
+
+	<!--rule from="^http://press\.contentful\.com/"
+		to="https://???.pr.co/" /-->
+
+	<rule from="^http://status\.contentful\.com/"
+		to="https://contentful.statuspage.io/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Contextly.xml b/src/chrome/content/rules/Contextly.xml
new file mode 100644
index 000000000000..0a1b24cf03cc
--- /dev/null
+++ b/src/chrome/content/rules/Contextly.xml
@@ -0,0 +1,25 @@
+<!--
+	Mismatch:
+		api.contextly.com
+		blog.contextly.com
+		press.contextly.com
+		www.rest.contextly.com
+-->
+<ruleset name="Contextly.com">
+	<target host="contextly.com" />
+	<target host="www.contextly.com" />
+	<target host="app.contextly.com" />
+	<target host="contextlysitescripts.contextly.com" />
+	<target host="dev.contextly.com" />
+	<target host="rest.contextly.com" />
+		<test url="http://rest.contextly.com/robots.txt" />
+	<target host="support.contextly.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://contextlysitescripts\.contextly\.com/"
+		to="https://c714015.ssl.cf2.rackcdn.com/" />
+		<test url="http://contextlysitescripts.contextly.com/kit/assets/2.4/widgets--page-view.css" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Contextweb.com.xml b/src/chrome/content/rules/Contextweb.com.xml
new file mode 100644
index 000000000000..3c6868482069
--- /dev/null
+++ b/src/chrome/content/rules/Contextweb.com.xml
@@ -0,0 +1,72 @@
+<!--
+	For other Pulsepoint coverage, see PulsePoint.xml.
+
+
+	CDN buckets:
+
+		- s.amazonaws.com/native-advertising/
+
+			- nm.contextweb.com
+
+
+	Nonfunctional hosts in *contextweb.com:
+
+		- openrtb *
+
+	* Handshake fails
+
+
+	bh & tag: included on 3rd-party websites
+
+
+	Insecure cookies are set for these domains: ᶜ
+
+		- .contextweb.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="contextweb.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="contextweb.com" />
+	<target host="ads.contextweb.com" />
+	<target host="bh.contextweb.com" />
+	<target host="exchange.contextweb.com" />
+	<target host="nm.contextweb.com" />
+	<target host="tag.contextweb.com" />
+	<target host="www.contextweb.com" />
+
+	<!--	Complications:
+				-->
+	<target host="blog.contextweb.com" />
+
+		<exclusion pattern="http://blog\.contextweb\.com/(?!sellingdesk$)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://blog.contextweb.com//" />
+
+			<!--	-ve:
+					-->
+			<test url="http://blog.contextweb.com/sellingdesk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.contextweb\.com$" name="^(V|pb_rtb_ev|sto-id-\d+-bh|sto-id-\d+-exchange)$" /-->
+
+	<securecookie host="^(?!blog\.)." name=".+" />
+
+
+	<!--	- Cert: *.hubspot.com
+		- Redirects like so.
+				-->
+	<rule from="^http://blog\.contextweb\.com/sellingdesk$"
+		to="https://getsatisfaction.com/contextweb" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Contiki.xml b/src/chrome/content/rules/Contiki.xml
deleted file mode 100644
index fce80d821bfb..000000000000
--- a/src/chrome/content/rules/Contiki.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="Contiki" default_off="mismatched">
-
-	<target host="contiki-os" />
-	<target host="www.contiki-os" />
-
-
-	<!--	CN: *.loopiasecure.com
-					-->
-	<rule from="^https?://(?:www\.)?contiki-os\.org/"
-		to="https://contiki-os.org/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Continent-8-Technologies.xml b/src/chrome/content/rules/Continent-8-Technologies.xml
deleted file mode 100644
index 5d8cf967101c..000000000000
--- a/src/chrome/content/rules/Continent-8-Technologies.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="Continent 8 Technologies (partial)">
-
-	<target host="ecess1.cdn.continent8.com"/>
-
-	<rule from="^http://ecess1\.cdn\.continent8\.com/"
-		to="https://ecess1.cdn.continent8.com/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Continental.xml b/src/chrome/content/rules/Continental.xml
index 502f9ffcf38b..89cbf6cca4aa 100644
--- a/src/chrome/content/rules/Continental.xml
+++ b/src/chrome/content/rules/Continental.xml
@@ -1,4 +1,18 @@
-<ruleset name="Continental" platform="mixedcontent">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.covacations.com/ => https://www.covacations.com/: (7, 'Failed to connect to www.covacations.com port 443: Connection refused')
+Fetch error: http://covacations.com/ => https://www.covacations.com/: (7, 'Failed to connect to www.covacations.com port 443: Connection refused')
+Fetch error: http://checkin.continental.com/ => https://checkin.continental.com/: (51, "SSL: no alternative certificate subject name matches target host name 'checkin.continental.com'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.continental.com/ => https://www.continental.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.continental.com'")
+Fetch error: http://continental.com/ => https://www.continental.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.continental.com'")
+Fetch error: http://www.covacations.com/ => https://www.covacations.com/: (6, 'Could not resolve host: www.covacations.com')
+Fetch error: http://covacations.com/ => https://www.covacations.com/: (6, 'Could not resolve host: covacations.com')
+Fetch error: http://checkin.continental.com/ => https://checkin.continental.com/: (7, 'Failed to connect to checkin.continental.com port 80: Connection refused')
+-->
+<ruleset name="Continental" platform="mixedcontent" default_off="failed ruleset test">
   <target host="www.continental.com" />
   <target host="continental.com" />
   <target host="www.covacations.com" />
diff --git a/src/chrome/content/rules/Contretemps.eu.xml b/src/chrome/content/rules/Contretemps.eu.xml
new file mode 100644
index 000000000000..f1377215862d
--- /dev/null
+++ b/src/chrome/content/rules/Contretemps.eu.xml
@@ -0,0 +1,8 @@
+<ruleset name="Contretemps">
+
+	<target host="contretemps.eu" />
+	<target host="www.contretemps.eu" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Contribs.org.xml b/src/chrome/content/rules/Contribs.org.xml
new file mode 100644
index 000000000000..5a8b5f8d8620
--- /dev/null
+++ b/src/chrome/content/rules/Contribs.org.xml
@@ -0,0 +1,13 @@
+<!--mirrorlist. mismatch-->
+<ruleset name="Contribs.org">
+	<target host="contribs.org" />
+	<target host="www.contribs.org" />
+	<target host="lists.contribs.org" />
+	<target host="mirror.contribs.org" />
+	<target host="wiki.contribs.org" />
+	<target host="forums.contribs.org" />
+	<target host="bugs.contribs.org" />
+	<target host="buildsys.contribs.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Contributor-Covenant.org.xml b/src/chrome/content/rules/Contributor-Covenant.org.xml
new file mode 100644
index 000000000000..42c66f29c748
--- /dev/null
+++ b/src/chrome/content/rules/Contributor-Covenant.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="Contributor-Covenant.org">
+	<target host="contributor-covenant.org" />
+	<target host="www.contributor-covenant.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Contributoria.com.xml b/src/chrome/content/rules/Contributoria.com.xml
new file mode 100644
index 000000000000..1efaadfbaec0
--- /dev/null
+++ b/src/chrome/content/rules/Contributoria.com.xml
@@ -0,0 +1,35 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://contributoria.com/ => https://contributoria.com/: (51, "SSL: no alternative certificate subject name matches target host name 'contributoria.com'")
+Fetch error: http://www.contributoria.com/ => https://www.contributoria.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.contributoria.com'")
+
+	Fully covered hosts in *contributoria.com:
+
+		- (www.)?
+
+
+	Insecure cookies are set for these domains:
+
+		- .contributoria.com
+
+-->
+<ruleset name="Contributoria.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="contributoria.com" />
+	<target host="www.contributoria.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.contributoria\.com$" name="^connect\.sid$" /-->
+
+	<securecookie host="^\.contributoria\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ControlScan.com.xml b/src/chrome/content/rules/ControlScan.com.xml
new file mode 100644
index 000000000000..894bfa7aaad2
--- /dev/null
+++ b/src/chrome/content/rules/ControlScan.com.xml
@@ -0,0 +1,37 @@
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://controlscan.com/ => https://controlscan.com/: (51, "SSL: no alternative certificate subject name matches target host name 'controlscan.com'")
+	^: cert only matches www
+
+
+	Fully covered subdomains:
+
+		- (www.)	(^ → www)
+		- payments
+		- portal
+		- smartscan
+
+-->
+<ruleset name="ControlScan.com">
+
+	<target host="controlscan.com" />
+	<target host="www.controlscan.com" />
+	<target host="payments.controlscan.com" />
+	<target host="portal.controlscan.com" />
+	<target host="smartscan.controlscan.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?controlscan\.com$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^\.controlscan\.com$" name="^ci_session$" /-->
+
+	<securecookie host="^(?:\.|www\.)?controlscan\.com$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?controlscan\.com/"
+		to="https://controlscan.com/" />
+
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Controller_Plus.xml b/src/chrome/content/rules/Controller_Plus.xml
index 32cef08fe6cc..f9c8da0bfe33 100644
--- a/src/chrome/content/rules/Controller_Plus.xml
+++ b/src/chrome/content/rules/Controller_Plus.xml
@@ -1,13 +1,12 @@
 <ruleset name="Controller Plus">
 
 	<target host="pluscontrollers.com" />
-	<target host="*.pluscontrollers.com" />
+	<target host="www.pluscontrollers.com" />
 
 
 	<securecookie host="^\.(?:www\.)?pluscontrollers\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?pluscontrollers\.com/"
-		to="https://$1pluscontrollers.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Convar.xml b/src/chrome/content/rules/Convar.xml
index 7f0e3f56a73e..d97abb6994fa 100644
--- a/src/chrome/content/rules/Convar.xml
+++ b/src/chrome/content/rules/Convar.xml
@@ -1,8 +1,16 @@
-<ruleset name="CONVAR (partial)" platform="mixedcontent">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://tuv.com/ => http://tuv.com/: (6, 'Could not resolve host: tuv.com')
+Fetch error: http://tuvdotcom.com/ => https://www.tuvdotcom.com/: (7, 'Failed to connect to www.tuvdotcom.com port 443: Connection refused')
+Fetch error: http://www.tuvdotcom.com/ => https://www.tuvdotcom.com/: (7, 'Failed to connect to www.tuvdotcom.com port 443: Connection refused')
+
+-->
+<ruleset name="CONVAR (partial)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="convar.com"/>
 	<target host="*.convar.com"/>
-		<exclusion pattern="^http://(jas|repairservice|sam)\.convar\.com/"/>
+		<exclusion pattern="^http://(?:jas|repairservice|sam)\.convar\.com/"/>
 	<target host="convar.de"/>
 	<target host="*.convar.de"/>
 	<target host="datenretter.de"/>
@@ -12,8 +20,8 @@
 	<target host="tuvdotcom.com"/>
 	<target host="www.tuvdotcom.com"/>
 
-	<securecookie host="^(.*\.)?(convar|tuvdotcom)\.com$" name=".*"/>
-	<securecookie host="^(.*\.)?datenretter\.de$" name=".*"/>
+	<securecookie host="^(?:.*\.)?(?:convar|tuvdotcom)\.com$" name=".+" />
+	<securecookie host="^(?:.*\.)?datenretter\.de$" name=".+" />
 
 	<!--	mismatch, .com hosts same data	-->
 	<rule from="^http://(www\.)?convar\.de/([\w\W]+)"
diff --git a/src/chrome/content/rules/Conversations.im.xml b/src/chrome/content/rules/Conversations.im.xml
new file mode 100644
index 000000000000..0709b76091fd
--- /dev/null
+++ b/src/chrome/content/rules/Conversations.im.xml
@@ -0,0 +1,16 @@
+<!--
+	Nonfunctional hosts in *.conversations.im:
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Conversations.im">
+	<target host="conversations.im" />
+	<target host="www.conversations.im" />
+	<target host="account.conversations.im" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Conversejs.org.xml b/src/chrome/content/rules/Conversejs.org.xml
new file mode 100644
index 000000000000..0764531c19fc
--- /dev/null
+++ b/src/chrome/content/rules/Conversejs.org.xml
@@ -0,0 +1,18 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.conversejs.org/ => https://www.conversejs.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.conversejs.org'")
+
+-->
+<ruleset name="Conversejs.org" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="conversejs.org" />
+	<target host="www.conversejs.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Conversions_Box.com.xml b/src/chrome/content/rules/Conversions_Box.com.xml
new file mode 100644
index 000000000000..d3e28046c50f
--- /dev/null
+++ b/src/chrome/content/rules/Conversions_Box.com.xml
@@ -0,0 +1,21 @@
+<!--
+	^: cert only matches *.conversionsbox.com
+
+
+	Mixed content:
+
+		- css from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Conversions Box.com" default_off="expired, self-signed">
+
+	<target host="conversionsbox.com" />
+	<target host="www.conversionsbox.com" />
+
+
+	<rule from="^http://(?:www\.)?conversionsbox\.com/"
+		to="https://www.conversionsbox.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Convert-JPG-to-PDF.net.xml b/src/chrome/content/rules/Convert-JPG-to-PDF.net.xml
new file mode 100644
index 000000000000..5bc3e77fc139
--- /dev/null
+++ b/src/chrome/content/rules/Convert-JPG-to-PDF.net.xml
@@ -0,0 +1,10 @@
+<ruleset name="Convert-JPG-to-PDF.net">
+
+	<target host="convert-jpg-to-pdf.net" />
+	<target host="www.convert-jpg-to-pdf.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Convertio.co.xml b/src/chrome/content/rules/Convertio.co.xml
new file mode 100644
index 000000000000..ef0a877f4e7b
--- /dev/null
+++ b/src/chrome/content/rules/Convertio.co.xml
@@ -0,0 +1,6 @@
+<ruleset name="Convertio.co">
+	<target host="convertio.co"/>
+	<target host="www.convertio.co"/>
+
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/Convertkit.com.xml b/src/chrome/content/rules/Convertkit.com.xml
new file mode 100644
index 000000000000..0513a4c5f6b4
--- /dev/null
+++ b/src/chrome/content/rules/Convertkit.com.xml
@@ -0,0 +1,27 @@
+<!--
+	Nonfunctional hosts in *convertkit.com:
+
+		- kb *
+
+	* WP Engine
+
+
+	Fully covered hosts in *convertkit.com:
+
+		- (www.)?
+		- app
+
+-->
+<ruleset name="ConverKit.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="convertkit.com" />
+	<target host="app.convertkit.com" />
+	<target host="www.convertkit.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Convio-mismatches.xml b/src/chrome/content/rules/Convio-mismatches.xml
index ca023646d9da..ece863bfc0de 100644
--- a/src/chrome/content/rules/Convio-mismatches.xml
+++ b/src/chrome/content/rules/Convio-mismatches.xml
@@ -4,12 +4,16 @@
 -->
 <ruleset name="Convio (mismatches)" default_off="mismatched">
 
-	<target host="*.convio.com" />
+	<!--	Direct rewrites:
+				-->
+	<target host="ir.convio.com" />
+	<target host="resources.convio.com" />
+
 		<exclusion pattern="^http://ir\.convio\.com/(?!common/)" />
 		<exclusion pattern="^http://resources\.convio\.com/(?!css/|images/)" />
 
 
-	<rule from="^http://(ir|resources)\.convio\.com/"
-		to="https://$1.convio.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Convio.xml b/src/chrome/content/rules/Convio.xml
index 6d4ebc612de8..707651fe689b 100644
--- a/src/chrome/content/rules/Convio.xml
+++ b/src/chrome/content/rules/Convio.xml
@@ -1,5 +1,9 @@
+
 <!--
-	For problematic rules, see Convio-mismathes.xml.
+Disabled by https-everywhere-checker because:
+Fetch error: http://secure.commonground.convio.com/ => https://secure.commonground.convio.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+	For problematic rules, see Convio-mismatches.xml.
 
 
 	CDN buckets:
@@ -9,38 +13,48 @@
 			- resources
 
 
-	Nonfunctional subdomains:
+	Nonfunctional hosts in *convio.net:
 
-		- service	(503; mismatched, CN: secure2.convio.net)
+		- service *
 
+	* 503
 
-	Problematic domains:
-
-		- resources.convio.com	(redirects to www.blackbaud.com; mismatched, CN: *.marketo.com)
 
+	Problematic domains:
 
-	Fully covered domains:
+		- resources.convio.com *
 
-		- secure.commonground.convio.com
+	* Redirects to www.blackbaud.com; mismatched, CN: *.marketo.com
 
 -->
-<ruleset name="Convio">
+<ruleset name="Convio" default_off="failed ruleset test">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="secure.commonground.convio.com" />
-	<target host="*.convio.net" />
 
+	<target host="secure2.convio.net" />
+	<target host="secure3.convio.net" />
+
+	<!--	Complications:
+				-->
+	<target host="customer.convio.net" />
+
+		<exclusion pattern="^http://customer\.convio\.net/(?!$)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://customer.convio.net/home" />
+			<test url="http://customer.convio.net/home.htm" />
 
-	<securecookie host="^secure\.commonground\.convio\.com$" name=".+" />
-	<securecookie host="^secure[23]\.convio\.net$" name=".+" />
 
+	<securecookie host="^\w" name=".+" />
 
-	<rule from="^http://secure\.commonground\.convio\.com/"
-		to="https://secure.commonground.convio.com/" />
 
-	<rule from="^http://customer\.convio\.net/$"
+	<rule from="^http://customer\.convio\.net/"
 		to="https://secure2.convio.net/customer/site/SPageServer" />
 
-	<rule from="^http://secure([23])\.convio\.net/"
-		to="https://secure$1.convio.net/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Conviva.xml b/src/chrome/content/rules/Conviva.xml
index 46415f9b098b..fb0ff29b3640 100644
--- a/src/chrome/content/rules/Conviva.xml
+++ b/src/chrome/content/rules/Conviva.xml
@@ -1,13 +1,7 @@
 <!--
-	Nonfunctional subdomains:
-
-		- (www.)
-
-
-	Problematic subdomains:
-
-		- livepassdl	(404, mismatched, CN: gp1.wac.edgecastcdn.net)
-
+	Cert Mismatch on:
+		- static.conviva.com
+		- lp.conviva.com
 
 	Note that livepass crossdomain.xml forbids secure access. Videos
 	themselves appear to be hosted on other CDNs, so any related
@@ -16,13 +10,16 @@
 -->
 <ruleset name="Conviva (partial)">
 
-	<target host="*.conviva.com" />
-
-
-	<rule from="^https?://livepass(?:dl)?\.conviva\.com/"
-		to="https://livepass.conviva.com/" />
+	<target host="conviva.com" />
+	<target host="community.conviva.com" />
+	<target host="developer.conviva.com" />
+	<target host="livepass.conviva.com" />
+	<target host="livepassdl.conviva.com" />
+	<target host="livepassdl2.conviva.com" />
+	<target host="pulse.conviva.com" />
+	<target host="pulse-beta.conviva.com" />
+	<target host="www.conviva.com" />
 
-	<rule from="^http://pulse\.conviva\.com/"
-		to="https://pulse.conviva.com/" />
+	<rule from="^http:" to="https:"/>
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Convox.com.xml b/src/chrome/content/rules/Convox.com.xml
new file mode 100644
index 000000000000..8f1d8fa393d1
--- /dev/null
+++ b/src/chrome/content/rules/Convox.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- docs.convox.com
+
+-->
+<ruleset name="Convox.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="convox.com" />
+	<target host="docs.convox.com" />
+	<target host="www.convox.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^docs\.convox\.com$" name="^(?:XSRF-TOKEN|connect\.sid)$" /-->
+
+	<securecookie host="^docs\.convox\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Coochey.net-falsemixed.xml b/src/chrome/content/rules/Coochey.net-falsemixed.xml
new file mode 100644
index 000000000000..2aadd633e40f
--- /dev/null
+++ b/src/chrome/content/rules/Coochey.net-falsemixed.xml
@@ -0,0 +1,12 @@
+<!--
+	For rules not causing false/broken MCB, see Coochey.net.xml.
+
+-->
+<ruleset name="Coochey.net (false MCB)" platform="mixedcontent">
+
+	<target host="www.coochey.net" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Coochey.net.xml b/src/chrome/content/rules/Coochey.net.xml
index f5f86d9ebb1b..54752f803abc 100644
--- a/src/chrome/content/rules/Coochey.net.xml
+++ b/src/chrome/content/rules/Coochey.net.xml
@@ -1,9 +1,29 @@
-<ruleset name="Coochey.net">
+<!--
+	For rules causing false/broken MCB, see Coochey.net-falsemixed.xml.
+
+
+	^coochey.net doesn't exist.
+
+
+	Mixed content:
+
+		- css from $self *
+
+		- Images from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Coochey.net (partial)">
 
-	<target host="coochey.net"/>
 	<target host="www.coochey.net"/>
+		<!--
+			Avoid false/broken MCB:
+						-->
+		<!--exclusion pattern="^http://www\.coochey\.net/+(?!favicon\.ico|wp-content/|wp-includes/)" /-->
+
 
-	<rule from="^http://(www\.)?coochey\.net/"
+	<rule from="^http://www\.coochey\.net/(?=favicon\.ico|wp-content/|wp-includes/)"
 		to="https://www.coochey.net/"/>
 
 </ruleset>
diff --git a/src/chrome/content/rules/CookMinute.com.xml b/src/chrome/content/rules/CookMinute.com.xml
new file mode 100644
index 000000000000..b3c3803c74c3
--- /dev/null
+++ b/src/chrome/content/rules/CookMinute.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="CookMinute.com">
+
+	<target host="cookminute.com" />
+	<target host="www.cookminute.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cookie_Reports.com.xml b/src/chrome/content/rules/Cookie_Reports.com.xml
index c5b9af7dd8b8..e644d1ef41d9 100644
--- a/src/chrome/content/rules/Cookie_Reports.com.xml
+++ b/src/chrome/content/rules/Cookie_Reports.com.xml
@@ -3,7 +3,6 @@
 	<target host="policy.cookiereports.com" />
 
 
-	<rule from="^http://policy\.cookiereports\.com/"
-		to="https://policy.cookiereports.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/CoolBackgrounds.io.xml b/src/chrome/content/rules/CoolBackgrounds.io.xml
new file mode 100644
index 000000000000..ba03232b39bb
--- /dev/null
+++ b/src/chrome/content/rules/CoolBackgrounds.io.xml
@@ -0,0 +1,7 @@
+<ruleset name="CoolBackgrounds.io">
+	<target host="coolbackgrounds.io" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CoolCart.Net.xml b/src/chrome/content/rules/CoolCart.Net.xml
deleted file mode 100644
index e4a9c19f518c..000000000000
--- a/src/chrome/content/rules/CoolCart.Net.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<ruleset name="CoolCart.Net">
-	<target host="coolcart.net" />
-	<target host="www.coolcart.net" />
-
-	<!-- As of June 2, 2013, setting secure cookies for all
-	cookies under the www.coolcart.net domain (by setting
-	the securecookie name param to ".+") causes problems
-	with tracking shopping cart contents. -->
-	<securecookie host="^www\.coolcart\.net$"
-			name="^ASP\.NET_SessionId$" />
-
-	<rule from="^(http://(www\.)?|https://)coolcart\.net/"
-		to="https://www.coolcart.net/" />
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/CoolLib.com.xml b/src/chrome/content/rules/CoolLib.com.xml
new file mode 100644
index 000000000000..3403bbdfad5a
--- /dev/null
+++ b/src/chrome/content/rules/CoolLib.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="CoolLib.com">
+	<target host="coollib.com" />
+	<target host="www.coollib.com" />
+	<target host="pda.coollib.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CoolMiniOrNot.com.xml b/src/chrome/content/rules/CoolMiniOrNot.com.xml
deleted file mode 100644
index b1f7b801c8bb..000000000000
--- a/src/chrome/content/rules/CoolMiniOrNot.com.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	Mixed content:
-
-		- Images on www from www *
-
-		- Ads on www from www *
-
-	* Secured by us
-
--->
-<ruleset name="CoolMiniOrNot.com">
-
-	<target host="coolminiornot.com" />
-	<target host="*.coolminiornot.com" />
-
-
-	<securecookie host="^(?:www)?\.coolminiornot\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?coolminiornot\.com/"
-		to="https://$1coolminiornot.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/CoolUtils.com.xml b/src/chrome/content/rules/CoolUtils.com.xml
new file mode 100644
index 000000000000..7f7e7e982df2
--- /dev/null
+++ b/src/chrome/content/rules/CoolUtils.com.xml
@@ -0,0 +1,33 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .coolutils.com
+
+
+	Mixed content:
+
+		- css from $self *
+		- Images from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="CoolUtils.com (false MCB)" platform="mixedcontent">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="coolutils.com" />
+	<target host="www.coolutils.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.coolutils\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.coolutils\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CoolWebScripts.com.xml b/src/chrome/content/rules/CoolWebScripts.com.xml
new file mode 100644
index 000000000000..7ee3292baa68
--- /dev/null
+++ b/src/chrome/content/rules/CoolWebScripts.com.xml
@@ -0,0 +1,27 @@
+<!--
+	For other Rose Web Services coverage, see RoseHosting.com.xml.
+
+
+	Insecure cookies are set for these hosts:
+
+		- coolwebscripts.com
+		- www.coolwebscripts.com
+
+-->
+<ruleset name="CoolWebScripts.com">
+
+	<target host="coolwebscripts.com" />
+	<target host="www.coolwebscripts.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?coolwebscripts\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^(?:www\.)?coolwebscripts\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cool_Destinations.net.xml b/src/chrome/content/rules/Cool_Destinations.net.xml
new file mode 100644
index 000000000000..ef016727fb2f
--- /dev/null
+++ b/src/chrome/content/rules/Cool_Destinations.net.xml
@@ -0,0 +1,43 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://analytics.cooldestinations.net/ => https://analytics.cooldestinations.net/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://cdn.cooldestinations.net/ => https://cdn.cooldestinations.net/: (60, 'SSL certificate problem: certificate has expired')
+
+	^cooldestinations.net: Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- analytics.cooldestinations.net
+		- www.cooldestinations.net
+
+-->
+<ruleset name="Cool Destinations.net" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="analytics.cooldestinations.net" />
+	<target host="cdn.cooldestinations.net" />
+	<target host="www.cooldestinations.net" />
+
+	<!--	Complications:
+				-->
+	<target host="cooldestinations.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^analytics\.cooldestinations\.net$" name="^_pk_uid$" /-->
+	<!--securecookie host="^www\.cooldestinations\.net$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^(?:analytics|www)\.cooldestinations\.net$" name=".+" />
+
+
+	<rule from="^http://cooldestinations\.net/"
+		to="https://www.cooldestinations.net/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cool_Key_West.xml b/src/chrome/content/rules/Cool_Key_West.xml
index f1769e2ed6af..31add8a19df2 100644
--- a/src/chrome/content/rules/Cool_Key_West.xml
+++ b/src/chrome/content/rules/Cool_Key_West.xml
@@ -13,7 +13,6 @@
 	<securecookie host="^coolkeywest\.com$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?coolkeywest\.com/"
-		to="https://coolkeywest.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Cooliris.xml b/src/chrome/content/rules/Cooliris.xml
deleted file mode 100644
index 65127b3465c6..000000000000
--- a/src/chrome/content/rules/Cooliris.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	Problematic subdomains:
-
-		- ^	(times out)
-
--->
-<ruleset name="Cooliris">
-
-	<target host="cooliris.com" />
-	<target host="*.cooliris.com" />
-
-
-
-	<rule from="^http://(?:www\.)?cooliris\.com/"
-		to="https://www.cooliris.com/" />
-
-	<rule from="^http://apps\.cooliris\.com/"
-		to="https://apps.cooliris.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Coop.ch-falsemixed.xml b/src/chrome/content/rules/Coop.ch-falsemixed.xml
new file mode 100644
index 000000000000..5d012cb0da82
--- /dev/null
+++ b/src/chrome/content/rules/Coop.ch-falsemixed.xml
@@ -0,0 +1,36 @@
+<!--
+	For rules not causing false/broken MCB, see Coop.ch.xml
+
+	Mismatching cert:
+		- ^cooperazione.ch
+
+		- ^thebodyshop.ch
+		- (www\.)?the-body-shop.ch
+-->
+<ruleset name="Coop (mixed content)" platform="mixedcontent">
+	<target host="coop.ch"/>
+	<target host="www.coop.ch"/>
+
+	<target host="cooperazione.ch"/>
+	<target host="www.cooperazione.ch"/>
+
+	<target host="jamadu.ch"/>
+	<target host="www.jamadu.ch"/>
+
+	<target host="thebodyshop.ch"/>
+	<target host="www.thebodyshop.ch"/>
+	<target host="the-body-shop.ch"/>
+	<target host="www.the-body-shop.ch"/>
+
+
+	<rule from="^http://cooperazione\.ch/"
+		to="https://www.cooperazione.ch/"/>
+
+	<rule from="^http://thebodyshop\.ch/"
+		to="https://www.thebodyshop.ch/"/>
+	<rule from="^http://(www\.)?the-body-shop\.ch/"
+		to="https://www.thebodyshop.ch/"/>
+
+	<rule from="^http:"
+		to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/Coop.ch.xml b/src/chrome/content/rules/Coop.ch.xml
index 31bba794250d..28dbac6e0da3 100644
--- a/src/chrome/content/rules/Coop.ch.xml
+++ b/src/chrome/content/rules/Coop.ch.xml
@@ -1,15 +1,115 @@
-<ruleset name="Coop.ch" platform="mixedcontent">
-        <target host="coop.ch" />
-        <target host="www.coop.ch" />
-        <target host="bankcoop.ch" />
-        <target host="www.bankcoop.ch" />
-        <target host="onlinebanking.bankcoop.ch" />
-        <target host="supercard.ch" />
-        <target host="www.supercard.ch" />
-
-        <rule from="^http://(?:www\.)?coop\.ch/" to="https://www.coop.ch/"/>
-        <rule from="^http://(?:www\.)?bankcoop\.ch/" to="https://www.bankcoop.ch/"/>
-        <rule from="^http://onlinebanking\.bankcoop\.ch/" to="https://onlinebanking.bankcoop.ch/"/>
-        <rule from="^http://(?:www\.)?supercard\.ch/" to="https://www.supercard.ch/"/>
-</ruleset>
+<!--
+	For rules causing false/broken MCB, see Coop.ch-falsemixed.xml
+
+	Related ruleset:
+		Fust.ch.xml
+
+	Mismatch:
+		- elements.coop.ch
+		- shop.coop.ch
+		- wartung.coop.ch
+
+		- advent.bankcoop.ch
+		- live.bankcoop.ch
+
+		- ^christ-swiss.ch
+
+		- ^interdiscount.ch
+
+		- ^microspot.ch
+
+
+	wrong content:
+		- (www.)cooperation-online.ch (404)
+
+	Timeout:
+		- gesundgeniessen.coop.ch
+		- weinwelt.coop.ch
+
+	HTTP redirect:
+		- neu.coop.ch
+
+	Refused:
+		- gb.bankcoop.ch
+
+	Revoked:
+		- disney.coop.ch
+-->
+<ruleset name="Coop">
+	<target host="contentimages.coop.ch"/>
+	<target host="extranet.coop.ch"/>
+	<target host="geschenkkarte.coop.ch"/>
+	<target host="grill.coop.ch"/>
+	<target host="libs.coop.ch"/>
+	<target host="mymail.coop.ch"/>
+	<target host="preview.coop.ch"/>
+	<target host="sharepoint.coop.ch"/>
+	<target host="supercardkd.coop.ch"/>
+	<target host="traiteur.coop.ch"/>
+	<target host="webedi.coop.ch"/>
+	<target host="www2.coop.ch"/>
+
+	<test url="http://libs.coop.ch/logos/165x70/logo-coop-ohne-claim-165x70.svg"/>
+
+	<target host="bauundhobby.ch"/>
+	<target host="www.bauundhobby.ch"/>
+	<target host="bricoetloisirs.ch"/>
+	<target host="www.bricoetloisirs.ch"/>
+	<target host="edileehobby.ch"/>
+	<target host="www.edileehobby.ch"/>
+
 
+	<target host="bankcoop.ch"/>
+	<target host="www.bankcoop.ch"/>
+	<target host="m.bankcoop.ch"/>
+	<target host="mobile.bankcoop.ch"/>
+	<target host="onlinebanking.bankcoop.ch"/>
+
+	<target host="cler.ch"/>
+	<target host="www.cler.ch"/>
+
+	<target host="supercard.ch"/>
+	<target host="www.supercard.ch"/>
+
+	<target host="coopzeitung.ch"/>
+	<target host="www.coopzeitung.ch"/>
+
+	<target host="coopathome.ch"/>
+	<target host="www.coopathome.ch"/>
+
+	<target host="interdiscount.ch"/>
+	<target host="www.interdiscount.ch"/>
+
+	<target host="microspot.ch"/>
+	<target host="www.microspot.ch"/>
+
+	<target host="toptip.ch"/>
+	<target host="www.toptip.ch"/>
+
+	<target host="lumimart.ch"/>
+	<target host="www.lumimart.ch"/>
+
+	<target host="impo.ch"/>
+	<target host="www.impo.ch"/>
+
+	<target host="christ-swiss.ch"/>
+	<target host="www.christ-swiss.ch"/>
+	<target host="img.christ-swiss.ch"/>
+
+	<test url="http://img.christ-swiss.ch/layout/aktionen/050-small-de.png"/>
+
+	<target host="mondovino.ch"/>
+	<target host="www.mondovino.ch"/>
+	<target host="img.mondovino.ch"/>
+
+	<rule from="^http://interdiscount\.ch/"
+		to="https://www.interdiscount.ch/"/>
+	<rule from="^http://microspot\.ch/"
+		to="https://www.microspot.ch/"/>
+	<rule from="^http://christ-swiss\.ch/"
+		to="https://www.christ-swiss.ch/"/>
+
+
+	<rule from="^http:"
+		to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/Coop.no.xml b/src/chrome/content/rules/Coop.no.xml
index 9b05c289c01c..61eb2a875189 100644
--- a/src/chrome/content/rules/Coop.no.xml
+++ b/src/chrome/content/rules/Coop.no.xml
@@ -1,9 +1,33 @@
+<!--
+	Other Coop Norge rulesets:
+
+		- coophotellkupp.com.xml
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- coop.no
+		- secure.coop.no
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
 <ruleset name="Coop.no">
-  <target host="www.coop.no" />
-  <target host="coop.no" />
-  <target host="www.coophotellkupp.com" />
-  <target host="coophotellkupp.no" />
 
-  <rule from="^http://(www\.)?coop\.no/" to="https://coop.no/"/>
-  <rule from="^http://(www\.)?coophotellkupp\.com/" to="https://www.coophotellkupp.com/"/>
+	<target host="coop.no" />
+	<target host="secure.coop.no" />
+	<target host="www.coop.no" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^coop\.no$" name="^(?:\.ASPXANONYMOUS|ASP\.NET_SessionId|AnonymousKeyEsales|currentchain|currentstoreforchain_\d+)$" /-->
+	<!--securecookie host="^secure\.coop\.no$" name="^frontend$" /-->
+
+	<securecookie host="^\." name="^_ga" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Cooperating-Objects.eu.xml b/src/chrome/content/rules/Cooperating-Objects.eu.xml
deleted file mode 100644
index 8e0b8bd0e14c..000000000000
--- a/src/chrome/content/rules/Cooperating-Objects.eu.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	^cooperating-objects.eu shows a parking page.
-
--->
-<ruleset name="Cooperating-Objects.eu">
-
-	<target host="www.cooperating-objects.eu" />
-
-
-	<securecookie host="^www\.cooperating-objects\.eu$" name=".+" />
-
-
-	<rule from="^http://www\.cooperating-objects\.eu/"
-		to="https://www.cooperating-objects.eu/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Cope-IT.xml b/src/chrome/content/rules/Cope-IT.xml
index 10289fbeff93..d07061291e2d 100644
--- a/src/chrome/content/rules/Cope-IT.xml
+++ b/src/chrome/content/rules/Cope-IT.xml
@@ -10,7 +10,6 @@
 	<securecookie host="^www\.cope-it\.at$" name=".+" />
 
 
-	<rule from="^http://www\.cope-it\.at/"
-		to="https://www.cope-it.at/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Copenhagenmarathon.dk.xml b/src/chrome/content/rules/Copenhagenmarathon.dk.xml
new file mode 100644
index 000000000000..a45b73f0bebc
--- /dev/null
+++ b/src/chrome/content/rules/Copenhagenmarathon.dk.xml
@@ -0,0 +1,11 @@
+<ruleset name="Copenhagenmarathon.dk">
+
+	<target host="copenhagenmarathon.dk" />
+	<target host="www.copenhagenmarathon.dk" />
+	<target host="2018.copenhagenmarathon.dk" />
+	<target host="map.copenhagenmarathon.dk" />
+	<target host="resultater.copenhagenmarathon.dk" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Copernic.com.xml b/src/chrome/content/rules/Copernic.com.xml
index 89e7f28608a7..7e426aa14906 100644
--- a/src/chrome/content/rules/Copernic.com.xml
+++ b/src/chrome/content/rules/Copernic.com.xml
@@ -27,7 +27,10 @@
 <ruleset name="Copernic.com (partial)">
 
 	<target host="copernic.com" />
-	<target host="*.copernic.com" />
+	<target host="www.copernic.com" />
+	<target host="go.copernic.com" />
+	<target host="images.copernic.com" />
+	<target host="mail.copernic.com" />
 
 
 	<securecookie host="^(?:go|www)\.copernic\.com$" name=".+" />
@@ -36,8 +39,6 @@
 	<rule from="^http://(?:www\.)?copernic\.com/"
 		to="https://www.copernic.com/" />
 
-	<rule from="^http://go\.copernic\.com/"
-		to="https://go.copernic.com/" />
 
 	<rule from="^http://images\.copernic\.com/"
 		to="https://www.copernic.com/images/" />
@@ -45,4 +46,5 @@
 	<rule from="^http://mail\.copernic\.com/"
 		to="https://webmail.harriscomputer.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Copernico.net.xml b/src/chrome/content/rules/Copernico.net.xml
new file mode 100644
index 000000000000..395ce6a7a067
--- /dev/null
+++ b/src/chrome/content/rules/Copernico.net.xml
@@ -0,0 +1,22 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://pims.copernico.net/ => https://pims.copernico.net/: (6, 'Could not resolve host: pims.copernico.net')
+
+-->
+<ruleset name="Copernico.net" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="copernico.net" />
+	<target host="pims.copernico.net" />
+	<target host="www.copernico.net" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Copia.Is.xml b/src/chrome/content/rules/Copia.Is.xml
new file mode 100644
index 000000000000..f163b9a474f0
--- /dev/null
+++ b/src/chrome/content/rules/Copia.Is.xml
@@ -0,0 +1,25 @@
+<!--
+	www.copia.is: Mismatched
+
+-->
+<ruleset name="Copia.Is">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="copia.is" />
+
+	<!--	Complications:
+				-->
+	<target host="www.copia.is" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://www\.copia\.is/"
+		to="https://copia.is/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Copiny.xml b/src/chrome/content/rules/Copiny.xml
index 92654869268f..3f1d7df9f745 100644
--- a/src/chrome/content/rules/Copiny.xml
+++ b/src/chrome/content/rules/Copiny.xml
@@ -7,13 +7,13 @@
 <ruleset name="Copiny (partial)">
 
 	<target host="copiny.com" />
-	<target host="*.copiny.com" />
+	<target host="static.copiny.com" />
+	<target host="www.copiny.com" />
 
 
 	<securecookie host="^\.copiny\.com$" name=".+" />
 
 
-	<rule from="^http://(static\.|www\.)?copiny\.com/"
-		to="https://$1copiny.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Copy.com.xml b/src/chrome/content/rules/Copy.com.xml
index 76b1bc48073e..43979a3ae630 100644
--- a/src/chrome/content/rules/Copy.com.xml
+++ b/src/chrome/content/rules/Copy.com.xml
@@ -20,16 +20,18 @@
 <ruleset name="Copy.com (partial)">
 
 	<target host="copy.com" />
-	<target host="*.copy.com" />
+	<target host="apiweb.copy.com" />
+	<target host="next.copy.com" />
+	<target host="www.copy.com" />
+	<target host="support.copy.com" />
 
 
 	<securecookie host="^(?:next|www)?\.copy\.com$" name=".+" />
 
 
-	<rule from="^http://((?:apiweb|next|www)\.)?copy\.com/"
-		to="https://$1copy.com/" />
 
 	<rule from="^http://support\.copy\.com/"
 		to="https://copy.zendesk.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Copyleft.org.xml b/src/chrome/content/rules/Copyleft.org.xml
new file mode 100644
index 000000000000..e1d128b9a52c
--- /dev/null
+++ b/src/chrome/content/rules/Copyleft.org.xml
@@ -0,0 +1,13 @@
+<ruleset name="copyleft.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="copyleft.org" />
+	<target host="k.copyleft.org" />
+	<target host="www.copyleft.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Copyright-Watch.org.xml b/src/chrome/content/rules/Copyright-Watch.org.xml
deleted file mode 100644
index 6202f2f44f65..000000000000
--- a/src/chrome/content/rules/Copyright-Watch.org.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	For other EFF coverage, see EFF.xml.
-
--->
-<ruleset name="Copyright-Watch.org">
-
-	<target host="copyright-watch.org" />
-	<target host="*.copyright-watch.org" />
-
-
-	<securecookie host="^\.copyright-watch\.org$" name=".+" />
-
-
-	<rule from="^http://(www\.)?copyright-watch\.org/"
-		to="https://$1copyright-watch.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Copyright_Clearance_Center.xml b/src/chrome/content/rules/Copyright_Clearance_Center.xml
index 82e0a3bb84d1..588e59caafdf 100644
--- a/src/chrome/content/rules/Copyright_Clearance_Center.xml
+++ b/src/chrome/content/rules/Copyright_Clearance_Center.xml
@@ -1,13 +1,13 @@
 <ruleset name="Copyright Clearance Center">
 
 	<target host="copyright.com" />
-	<target host="*.copyright.com" />
+	<target host="rightscentral.copyright.com" />
+	<target host="www.copyright.com" />
 
 
 	<securecookie host="^.+\.copyright\.com$" name=".+" />
 
 
-	<rule from="^http://(rightscentral\.|www\.)?copyright\.com/"
-		to="https://$1copyright.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Corban_Works.com.xml b/src/chrome/content/rules/Corban_Works.com.xml
new file mode 100644
index 000000000000..def72a3004b8
--- /dev/null
+++ b/src/chrome/content/rules/Corban_Works.com.xml
@@ -0,0 +1,34 @@
+<!--
+	^corbanworks.com: 526 (origin cert invalid)
+
+
+	Insecure cookies are set for these domains:
+
+		- .corbanworks.com
+
+-->
+<ruleset name="Corban Works.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.corbanworks.com" />
+
+	<!--	Complications:
+				-->
+	<target host="corbanworks.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.corbanworks\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.corbanworks\.com$" name=".+" />
+
+
+	<rule from="^http://corbanworks\.com/"
+		to="https://www.corbanworks.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Corbett_Report.com.xml b/src/chrome/content/rules/Corbett_Report.com.xml
new file mode 100644
index 000000000000..e0366fae05ca
--- /dev/null
+++ b/src/chrome/content/rules/Corbett_Report.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="Corbett Report.com">
+
+	<target host="corbettreport.com" />
+	<target host="www.corbettreport.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Corbin_Fisher.xml b/src/chrome/content/rules/Corbin_Fisher.xml
index c582735f76a6..f21e745f310c 100644
--- a/src/chrome/content/rules/Corbin_Fisher.xml
+++ b/src/chrome/content/rules/Corbin_Fisher.xml
@@ -11,7 +11,6 @@
 	<securecookie host="^www\.corbinfisher\.com$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?corbinfisher\.com/"
-		to="https://www.corbinfisher.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/CoreCode.xml b/src/chrome/content/rules/CoreCode.xml
index eea31103c445..b9cfe97064dd 100644
--- a/src/chrome/content/rules/CoreCode.xml
+++ b/src/chrome/content/rules/CoreCode.xml
@@ -1,14 +1,14 @@
-<ruleset name="CoreCode" default_off="mismatch">
+<ruleset name="CoreCode" default_off="mismatched">
 
 	<!--	Cert:  *.netstorage.at	-->
 	<target host="corecode.at" />
-	<target host="*.corecode.at" />
+	<target host="www.corecode.at" />
+	<target host="corebreach.corecode.at" />
 
 
-	<rule from="^https?://(?:www\.)?corecode\.at/"
+	<rule from="^http://(?:www\.)?corecode\.at/"
 		to="https://corecode.at/" />
 
-	<rule from="^http://corebreach\.corecode\.at/"
-		to="https://corebreach.corecode.at/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/CoreCommerce.xml b/src/chrome/content/rules/CoreCommerce.xml
index 6d6a4736bdd1..40f5fa3f5b77 100644
--- a/src/chrome/content/rules/CoreCommerce.xml
+++ b/src/chrome/content/rules/CoreCommerce.xml
@@ -8,13 +8,14 @@
 <ruleset name="CoreCommerce">
 
 	<target host="corecommerce.com" />
-	<target host="*.corecommerce.com" />
+	<target host="www.corecommerce.com" />
+	<target host="www15.corecommerce.com" />
+	<target host="www16.corecommerce.com" />
 
 
 	<securecookie host="^(?:www\.)?corecommerce\.com$" name=".+" />
 
 
-	<rule from="^http://(www(?:15)?\.)?corecommerce\.com/"
-		to="https://$1corecommerce.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/CoreInfrastructure.org.xml b/src/chrome/content/rules/CoreInfrastructure.org.xml
new file mode 100644
index 000000000000..36a8767b3ec6
--- /dev/null
+++ b/src/chrome/content/rules/CoreInfrastructure.org.xml
@@ -0,0 +1,19 @@
+<!--
+	Unable to get local issuer certificate:
+		applications.coreinfrastructure.org
+-->
+<ruleset name="CoreInfrastructure.org">
+
+	<target host="coreinfrastructure.org" />
+	<target host="www.coreinfrastructure.org" />
+	<target host="bestpractices.coreinfrastructure.org" />
+	<target host="master.bestpractices.coreinfrastructure.org" />
+	<target host="staging.bestpractices.coreinfrastructure.org" />
+	<target host="devstats.coreinfrastructure.org" />
+	<target host="lists.coreinfrastructure.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CoreMetrics.xml b/src/chrome/content/rules/CoreMetrics.xml
index f7a486cd6ea2..3edf724d4b38 100644
--- a/src/chrome/content/rules/CoreMetrics.xml
+++ b/src/chrome/content/rules/CoreMetrics.xml
@@ -1,50 +1,80 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://stats.surfaid.ihost.com/ => https://stats.surfaid.ihost.com/: (6, 'Could not resolve host: stats.surfaid.ihost.com')
+
 	For other IBM coverage, see IBM.xml.
 
 
 	Problematic domains:
 
-		- www.coremetrics.com	(mismatched, CN: redirect.www.ibm.com)
+		- www.coremetrics.com ᵐ
 
+	ᵐ Mismatched
 
-	Fully covered domains:
 
-		- data.cmcore.com
+	^coremetrics.com times out over both http & https.
 
-		- coremetrics.com subdomains:
 
-			- data
-			- libs
-			- testdata
-			- www		(→ www.ibm.com)
+	Insecure cookies are set for these hosts: ᶜ
 
-		- stats.surfaid.ihost.com
+		- data.coremetrics.com
+		- data.de.coremetrics.com
+		- testdata.de.coremetrics.com
+		- testdata.coremetrics.com
 
-
-	^coremetrics.com times out over both http & https.
+	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="CoreMetrics (partial)">
+<ruleset name="CoreMetrics (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="data.coremetrics.com" />
+
+	<target host="data.de.coremetrics.com" />
+	<target host="libs.de.coremetrics.com" />
+	<target host="testdata.de.coremetrics.com" />
+
+	<target host="libs.coremetrics.com" />
+	<target host="testdata.coremetrics.com" />
+
+		<!--	$ 404s, so:
+					-->
+		<test url="http://libs.de.coremetrics.com/eluminate.js" />
+
+		<!--	Sets cookies without Secure:
+							-->
+		<test url="http://data.coremetrics.com/cm" />
+		<test url="http://data.de.coremetrics.com/cm" />
+		<test url="http://testdata.de.coremetrics.com/cm" />
+		<test url="http://testdata.coremetrics.com/cm" />
 
 	<target host="data.cmcore.com" />
-	<target host="*.coremetrics.com" />
-	<target host="*.surfaid.ihost.com" />
 
+	<target host="stats.surfaid.ihost.com" />
 
-	<securecookie host="^testdata\.coremetrics\.com$" name=".+" />
-	<securecookie host="^\.surfaid\.ihost\.com$" name=".+" />
+	<!--	Complications:
+				-->
+	<target host="www.coremetrics.com" />
 
 
-	<rule from="^http://data\.cmcore\.com/"
-		to="https://data.cmcore.com/" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:test)?data\.(?:de\.)?coremetrics\.com$" name="(?:CoreID6|TestSess3)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+	<securecookie host="^\.surfaid\.ihost\.com$" name=".+" />
+
 
+	<!--	Redirect keeps all:
+					-->
 	<rule from="^http://www\.coremetrics\.com/"
 		to="https://www.ibm.com/software/marketing-solutions/coremetrics/www.redirects/" />
 
-	<rule from="^http://(data|libs|testdata)\.coremetrics\.com/"
-		to="https://$1.coremetrics.com/" />
+		<test url="http://www.coremetrics.com/index.htm" />
 
-	<rule from="^http://stats\.surfaid\.ihost\.com/"
-		to="https://stats.surfaid.ihost.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/CoreMotives.com.xml b/src/chrome/content/rules/CoreMotives.com.xml
deleted file mode 100644
index 542a88fdcc02..000000000000
--- a/src/chrome/content/rules/CoreMotives.com.xml
+++ /dev/null
@@ -1,34 +0,0 @@
-<!--
-	Ads.
-
-	For other Silverpop coverage, see Silverpop.xml.
-
-
-	Problematic subdomains:
-
-		- (www.)	(shows www.silverpop.com; mismatched, CN: www.silverpop.com)
-
-
-	Partially covered subdomains:
-
-		- (www.)	(.+ isn't identical to redirect target, doesn't redirect)
-
-
-	Fully covered subdomains:
-
-		- databroker
-
--->
-<ruleset name="CoreMotives.com">
-
-	<target host="coremotives.com" />
-	<target host="*.coremotives.com" />
-
-
-	<rule from="^http://(?:www\.)?coremotives\.com/$"
-		to="https://www.silverpop.com/marketing-products/coremotives/" />
-
-	<rule from="^http://databroker\.coremotives\.com/"
-		to="https://databroker.coremotives.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/CoreOS.com.xml b/src/chrome/content/rules/CoreOS.com.xml
index 2706267f10bb..66c733c66328 100644
--- a/src/chrome/content/rules/CoreOS.com.xml
+++ b/src/chrome/content/rules/CoreOS.com.xml
@@ -1,13 +1,20 @@
+<!--
+Similar ruleset: quay.io.xml
+
+-->
+
 <ruleset name="CoreOS.com">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="coreos.com" />
-	<target host="*.coreos.com" />
+	<target host="www.coreos.com" />
 
 
 	<securecookie host="^\.coreos\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?coreos\.com/"
-		to="https://$1coreos.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/CoreSite.com.xml b/src/chrome/content/rules/CoreSite.com.xml
deleted file mode 100644
index 87581e0347be..000000000000
--- a/src/chrome/content/rules/CoreSite.com.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)	(refused)
-
--->
-<ruleset name="CoreSite.com (partial)">
-
-	<target host="mycoresite.coresite.com" />
-
-
-	<securecookie host="^mycoresite\.coresite\.com$" name=".+" />
-
-
-	<rule from="^http://mycoresite\.coresite\.com/"
-		to="https://mycoresite.coresite.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Core_Security.com.xml b/src/chrome/content/rules/Core_Security.com.xml
index 442e031c99bc..878ef1aae10a 100644
--- a/src/chrome/content/rules/Core_Security.com.xml
+++ b/src/chrome/content/rules/Core_Security.com.xml
@@ -10,6 +10,7 @@
 
 		- www.core-sdi.com *
 		- (www.)coresecurity.com *
+		- corelabs.coresecurity.com *
 
 	* Dropped
 
@@ -39,16 +40,39 @@
 -->
 <ruleset name="Core Security.com (partial)">
 
-	<target host="*.coresecurity.com" />
+	<!--	Direct rewrites:
+				-->
+	<target host="blog.coresecurity.com" />
+	<target host="cs.coresecurity.com" />
+
+	<!--	Complications:
+				-->
+	<target host="ws.coresecurity.com" />
+
+		<exclusion pattern="^http://ws\.coresecurity\.com/+(?!css/|images/|rs/)" />
+
+			<test url="http://ws.coresecurity.com/ProtectingYourOrgfromPhishingThreatsArchived.html" />
+			<test url="http://ws.coresecurity.com/core-impact-trial-request-q314.html" />
+			<test url="http://ws.coresecurity.com/vulnerability-management-best-practices.html" />
+			<test url="http://ws.coresecurity.com/vulnerability-management-quiz.html" />
+
+			<!--	-ve:
+					-->
+			<test url="http://ws.coresecurity.com/rs/coresecurity/images/twitter_counter.png" />
 
 
 	<securecookie host="^cs\.coresecurity\.com$" name=".+" />
 
 
-	<rule from="^http://(blog|cs)\.coresecurity\.com/"
-		to="https://$1.coresecurity.com/" />
+	<!--	Redirect drops args and forward slash:
+							-->
+	<!--rule from="^http://ws\.coresecurity\.com/+(\?.*)?"
+		to="https://www.coresecurity.com/" /-->
+
+	<rule from="^http://ws\.coresecurity\.com/"
+		to="https://na-d.marketo.com/" />
 
-	<rule from="^http://ws\.coresecurity\.com/(cs|image|j|r)s/"
-		to="https://na-d.marketo.com/$1s/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Coreboot.xml b/src/chrome/content/rules/Coreboot.xml
index 9267d7608d4a..afce2a2dde23 100644
--- a/src/chrome/content/rules/Coreboot.xml
+++ b/src/chrome/content/rules/Coreboot.xml
@@ -1,36 +1,32 @@
 <!--
-	Nonfunctional subdomains:
-
-		- qa	(shows blank page)
-
-
-	Problematic subdomains:
-
-		- ^	(404)
-
-
-	Fully covered subdomains:
-
-		- (www.)	(^ → www)
-		- tracker
-
-
-	Expired 2010-10-21
+	Invalid certificate:
+		- lava.coreboot.org
 
+	Refused:
+		- testlab.coreboot.org
+		- tracker.coreboot.org
 -->
-<ruleset name="coreboot" default_off="expired" platform="cacert">
+<ruleset name="coreboot.org">
 
 	<target host="coreboot.org" />
-	<target host="*.coreboot.org" />
-
-
-	<securecookie host="^.*\.coreboot\.org$" name=".*" />
-
-
-	<rule from="^http://(?:www\.)?coreboot\.org/"
-		to="https://www.coreboot.org/" />
-
-	<rule from="^http://tracker\.coreboot\.org/"
-		to="https://tracker.coreboot.org/" />
+	<target host="www.coreboot.org" />
+	<target host="acc2017.coreboot.org" />
+	<target host="blog.coreboot.org" />
+	<target host="blogs.coreboot.org" />
+	<target host="chat.coreboot.org" />
+	<target host="code.coreboot.org" />
+	<target host="doc.coreboot.org" />
+	<target host="ecc2017.coreboot.org" />
+	<target host="git.coreboot.org" />
+	<target host="mail.coreboot.org" />
+	<target host="patchwork.coreboot.org" />
+	<target host="photos.coreboot.org" />
+	<target host="qa.coreboot.org" />
+	<target host="review.coreboot.org" />
+	<target host="ticket.coreboot.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Coreix.xml b/src/chrome/content/rules/Coreix.xml
index fd787355dfe2..2df0e91edd40 100644
--- a/src/chrome/content/rules/Coreix.xml
+++ b/src/chrome/content/rules/Coreix.xml
@@ -13,13 +13,13 @@
 <ruleset name="Coreix (partial)">
 
 	<target host="coreix.net" />
-	<target host="*.coreix.net" />
+	<target host="manage.coreix.net" />
+	<target host="www.coreix.net" />
 
 
 	<securecookie host="^(?:manage\.|www\.)?coreix\.net$" name=".+" />
 
 
-	<rule from="^http://(manage\.|www\.)?coreix\.net/"
-		to="https://$1coreix.net/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Corelio.be.xml b/src/chrome/content/rules/Corelio.be.xml
new file mode 100644
index 000000000000..3df75ab774d1
--- /dev/null
+++ b/src/chrome/content/rules/Corelio.be.xml
@@ -0,0 +1,33 @@
+<!--
+	CDN buckets:
+
+		- corelio.edgesuite.net
+
+
+	- Expired 2014-01-14
+	- CN: webhosting.be
+
+
+	Mixed content:
+
+		- css from fast.fonts.com *
+
+		- Images from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Corelio.be" default_off="expired, mismatched, self-signed">
+
+	<target host="corelio.be" />
+	<target host="www.corelio.be" />
+
+
+	<securecookie host="^(?:www\.)?corelio\.be$" name=".+" />
+
+
+	<!--	!www differs from www.
+					-->
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cork_University_Press.com.xml b/src/chrome/content/rules/Cork_University_Press.com.xml
index 40153114ab2e..5d410cad561f 100644
--- a/src/chrome/content/rules/Cork_University_Press.com.xml
+++ b/src/chrome/content/rules/Cork_University_Press.com.xml
@@ -1,7 +1,3 @@
-<!--
-	Server is configured for rc4 only.
-
--->
 <ruleset name="Cork University Press.com">
 
 	<target host="corkuniversitypress.com" />
@@ -11,7 +7,7 @@
 	<securecookie host="^(?:www\.)?corkuniversitypress\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?corkuniversitypress\.com/"
-		to="https://$1corkuniversitypress.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Corlan-Team.xml b/src/chrome/content/rules/Corlan-Team.xml
index c6732ad23394..efbcdb01d06e 100644
--- a/src/chrome/content/rules/Corlan-Team.xml
+++ b/src/chrome/content/rules/Corlan-Team.xml
@@ -1,24 +1,50 @@
 <!--
-	Mixed content:
+	Corlan Team
 
-		- Image on www from www.webutation.net *
 
-		- Ads/web bugs on www from pagead2.googlesyndication.com **
+	Problematic hosts in *corelan.be:
 
-	* Unsecurable, doesn't trip MCB anyway
-	** Secured by us, who cares
+		- redmine ʳ
+
+	ʳ Refused, preemptable redirect
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- corelan.be
+		- www.corelan.be
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="Corlan Team">
+<ruleset name="Corlan.be">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="corelan.be" />
-	<target host="*.corelan.be" />
+	<target host="www.corelan.be" />
+
+	<!--	Complications:
+				-->
+	<target host="redmine.corelan.be" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?corelan\.be$" name="^PHPSESSID$" /-->
+
+	<securecookie host=".+" name=".+" />
 
 
-	<securecookie host="^(?:w*\.)?corelan\.be$" name=".+" />
+	<!--	Redirect keeps path and args,
+		but not forward slash:
+					-->
+	<rule from="^http://redmine\.corelan\.be/+"
+		to="https://github.com/corelan" />
 
+		<test url="http://redmine.corelan.be/index.htm" />
 
-	<rule from="^http://(www\.)?corelan\.be/"
-		to="https://$1corelan.be/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Cornell.xml b/src/chrome/content/rules/Cornell.xml
index af162db65c58..4d17fe651371 100644
--- a/src/chrome/content/rules/Cornell.xml
+++ b/src/chrome/content/rules/Cornell.xml
@@ -1,54 +1,331 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://www.arts.cornell.edu/ (200) => https://www.arts.cornell.edu/ (404)
+Fetch error: http://as.cornell.edu/ => https://as.cornell.edu/: Too many redirects while fetching 'https://as.cornell.edu/'
+Fetch error: http://topeka.ccmr.cornell.edu/ => https://topeka.ccmr.cornell.edu/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://cit.cornell.edu/ => https://cit.cornell.edu/: (51, "SSL: no alternative certificate subject name matches target host name 'cit.cornell.edu'")
+Fetch error: http://www.cit.cornell.edu/ => https://www.cit.cornell.edu/: (51, "SSL: no alternative certificate subject name matches target host name 'www.cit.cornell.edu'")
+Fetch error: http://cs.cornell.edu/ => https://cs.cornell.edu/: (7, 'Failed to connect to cs.cornell.edu port 443: Connection timed out')
+Fetch error: http://sorry.hosting.cornell.edu/ => https://sorry.hosting.cornell.edu/: (51, "SSL: no alternative certificate subject name matches target host name 'sorry.hosting.cornell.edu'")
+Fetch error: http://www.human.cornell.edu/ => https://www.human.cornell.edu/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://kaust-cu.cornell.edu/ => https://kaust-cu.cornell.edu/: (6, 'Could not resolve host: kaust-cu.cornell.edu')
+Fetch error: http://www.kaust-cu.cornell.edu/ => https://www.kaust-cu.cornell.edu/: (6, 'Could not resolve host: www.kaust-cu.cornell.edu')
+Fetch error: http://shib.med.cornell.edu/ => https://shib.med.cornell.edu/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.news.cornell.edu/ => https://www.news.cornell.edu/: Too many redirects while fetching 'https://www.news.cornell.edu/'
+Fetch error: http://meeting.weill.cornell.edu/ => https://meeting.weill.cornell.edu/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://news.cornell.edu/ => https://www.news.cornell.edu/: Too many redirects while fetching 'https://www.news.cornell.edu/'
+
+	Cornell University
+
 	Other Cornell University rulesets:
 
 		- ArXiv.xml
+		- weillcornell.org.xml
 
 
 	Nonfunctional subdomains:
 
+		- (www.)?assembly	Redirects to http
+		- marswatch.astro *
 		- cmsv6.cals *
 		- hort.cals *
+		- (www.)?climatechange	404
+		- cmail **
+		- mail.cmail	Handshake fails
+		- courses	Redirects to http
+
+		- compost.css	404
+		- cwmi.css	404
+		- iris.css	404
+
+		- energyinstitute.engineering	404
 		- www.hort *
 		- (www.)law *
 		- lawschool		(shows cls-maila.law; mismatched, CN: cls-maila.law.cornell.edu)
 		- forum.lawschool **
 		- www.lawschool **
-		- (www.)news
+		- resolver.library	Redirects to web2.login.cornell.edu
+		- rmc.library *
+		- www.nrcc *
 		- www.nysaes *
+		- nysipm	Handshake fails
 		- (www.)vivo *
+		- weill ᵃ
+
+		- osra.weill ᵃ
+		- researchintegrity.weill ᵃ
+		- s010.weill ᵃ
 
+	ᵃ Shows another domain
 	* Refused
 	** Dropped
 
 
 	Problematic subdomains:
 
+		- climateinstitute.cals *
+		- css.cals *
+		- (www.)?cce *
+		- nyc.cce *
+		- ciifad *
+		- cio *
+		- www.cipa *
+
+		- acadtech.cit *
+		- collabhelp.cit *
+		- eportfoliohelp.cit *
+		- fws.cit *
+		- labs.cit *
+
+		- cuaes *
+		- dfa *
+		- einaudi	Missing certificate chain
+
+		- cies.einaudi	Missing certificate chain
+		- cmsp.einaudi	Missing certificate chain
+		- eap.einaudi	Missing certificate chain
+		- iad.einaudi	Missing certificate chain
+		- lasp.einaudi	Missing certificate chain
+		- pacs.einaudi	Missing certificate chain
+		- sap.einaudi	Missing certificate chain
+		- seap.einaudi	Missing certificate chain
+		- www.einaudi *
+
+		- global	Missing certificate chain
+		- evidencebasedliving.human *
+		- insidedfa *
+		- itnews *
+		- judicialadministrator	Mixed css
 		- cls-maila.law		(expired 2012-07-18)
+		- emergency.med ᵃ
+		- news *
+		- outlook *
+		- parents	Mixed css
+		- (www.)?socialsciences *
+		- www.sustainablecampus *
+
+	ᵃ Shows another domain, preemptable redirect
+	* Mismatched
+
+
+	These altnames do not exist:
+
+		- confluence-test.cit.cornell.edu
+		- careers.med.cornell.edu
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- confluence.cornell.edu
+
+		- alumni.weill.cornell.edu
+		- directory.weill.cornell.edu
+		- give.weill.cornell.edu
+		- jcto.weill.cornell.edu
+		- radiology.weill.cornell.edu
+		- wcmcentral.weill.cornell.edu
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css, on:
+
+			- acadtech.cit, atc.cit, collabhelp.cit, labs.cit, dos, evidencebasedliving.human, www.human, insidedfa, www.news from fonts.googleapis.com *
+			- judicialadministrator, parents from $self
 
 
-	Partially covered subdomains:
+		- Images, on:
 
-		- (www.)cals	(some pages redirect to http)
+			- www.acsf, caringcommunity, bbhelp.cit, pollinghelp.cit, videohelp.cit from $self *
+			- www.acsf from news.cornell.edu *
+			- acadtech.cit, atc.cit, collabhelp.cit, evidencebasedliving.human, smallfarms from blogs.cornell.edu *
+			- acadtech.cit, collabhelp.cit, videohelp.cit from bbhelp.cit.cornell.edu *
+			- pollinghelp.cit from cdn.printfriendly.com *
+			- (www.)?cuinfo, www.human, from www.news.cornell.edu *
+			- dos from images-cf.localist.com
+			- www.human from www.cipa.cornell.edu
+			- smallfarms from files.campus.edublogs.org *
+			- events, (www.)?sustainability from www.cornell.edu *
 
+		- favicons, on:
 
-	Fully covered subdomains:
+			- caringcommunity from www.cornell.edu *
+			- www.human from $self *
 
-		- ww3.lawschool
-		- embanner.univcomm
+	* Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="Cornell University (partial)" platform="mixedcontent">
+<ruleset name="Cornell.edu (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="cornell.edu" />
+	<target host="aap.cornell.edu" />
+	<target host="blog.acsf.cornell.edu" />
+	<target host="www.acsf.cornell.edu" />
+	<target host="kfs-prod.adminapps.cornell.edu" />
+	<target host="applicantid.cornell.edu" />
+
+	<target host="fws.arts.cornell.edu" />
+	<target host="plagiarism.arts.cornell.edu" />
+	<target host="www.arts.cornell.edu" />
+
+	<target host="as.cornell.edu" />
+	<target host="askezra.cornell.edu" />
+	<target host="bctr.cornell.edu" />
+	<target host="www.bctr.cornell.edu" />
+	<target host="blackboard.cornell.edu" />
+	<target host="www.blackboard.cornell.edu" />
+	<target host="blogs.cornell.edu" />
+	<target host="cals.cornell.edu" />
+
+	<target host="ciifad.cals.cornell.edu" />
+	<target host="cuaes.cals.cornell.edu" />
+	<target host="scs.cals.cornell.edu" />
+	<target host="www.cals.cornell.edu" />
+
+	<target host="caringcommunity.cornell.edu" />
+	<target host="topeka.ccmr.cornell.edu" />
+	<target host="smart.ciifad.cornell.edu" />
+	<target host="cit.cornell.edu" />
+
+	<target host="bbhelp.cit.cornell.edu" />
+	<target host="pollinghelp.cit.cornell.edu" />
+	<target host="videohelp.cit.cornell.edu" />
+	<target host="www.cit.cornell.edu" />
+
+	<target host="classes.cornell.edu" />
+	<target host="confluence.cornell.edu" />
+	<target host="cs.cornell.edu" />
+	<target host="www.cs.cornell.edu" />
+	<target host="www.cuabroad.cornell.edu" />
+	<target host="cuinfo.cornell.edu" />
+	<target host="www.cuinfo.cornell.edu" />
+	<target host="dos.cornell.edu" />
+	<target host="www.dfa.cornell.edu" />
+	<!--target host="einaudi.cornell.edu" /-->
+
+	<!--target host="cies.einaudi.cornell.edu" /-->
+	<!--target host="cmsp.einaudi.cornell.edu" /-->
+	<!--target host="eap.einaudi.cornell.edu" /-->
+	<!--target host="iad.einaudi.cornell.edu" /-->
+	<!--target host="lasp.einaudi.cornell.edu" /-->
+	<!--target host="pacs.einaudi.cornell.edu" /-->
+	<!--target host="sap.einaudi.cornell.edu" /-->
+	<!--target host="seap.einaudi.cornell.edu" /-->
+
+	<target host="emc2.cornell.edu" />
+	<target host="www.emc2.cornell.edu" />
+	<target host="events.cornell.edu" />
+	<target host="mygannett.gannett.cornell.edu" />
+	<target host="www.gannett.cornell.edu" />
+	<target host="giving.cornell.edu" />
+	<target host="www.giving.cornell.edu" />
+	<target host="givingday.cornell.edu" />
+	<!--target host="global.cornell.edu"/-->
+	<target host="sorry.hosting.cornell.edu" />
+	<target host="hazing.cornell.edu" />
+	<target host="www.hazing.cornell.edu" />
+	<target host="www.human.cornell.edu" />
+	<target host="it.cornell.edu" />
+	<target host="www.it.cornell.edu" />
+	<!--target host="judicialadministrator.cornell.edu"/-->
+	<target host="kaust-cu.cornell.edu" />
+	<target host="www.kaust-cu.cornell.edu" />
+	<target host="ww3.lawschool.cornell.edu" />
+	<target host="library.cornell.edu" />
+	<target host="webanalytics.library.cornell.edu" />
+	<target host="www.library.cornell.edu" />
+
+	<target host="web1.login.cornell.edu" />
+	<target host="web2.login.cornell.edu" />
+	<target host="web3.login.cornell.edu" />
+	<target host="web4.login.cornell.edu" />
+
+	<target host="med.cornell.edu" />
+	<target host="its.med.cornell.edu" />
+	<target host="shib.med.cornell.edu" />
+	<target host="www.news.cornell.edu" />
+	<target host="netid.cornell.edu" />
+	<target host="www.netid.cornell.edu" />
+	<!--target host="parents.cornell.edu"/-->
+	<target host="registrar.cornell.edu" />
+	<target host="www.registrar.cornell.edu" />
+	<target host="smallfarms.cornell.edu" />
+	<target host="studentessentials.cornell.edu" />
+	<target host="www.studentessentials.cornell.edu" />
+	<target host="sustainability.cornell.edu" />
+	<target host="www.sustainability.cornell.edu" />
+	<target host="www.sustainablefuture.cornell.edu" />
+
+	<target host="cornell-classic.univcomm.cornell.edu" />
+	<target host="embanner.univcomm.cornell.edu" />
+	<target host="media.univcomm.cornell.edu" />
+
+	<target host="alumni.weill.cornell.edu" />
+	<target host="careers.weill.cornell.edu" />
+	<target host="directory.weill.cornell.edu" />
+	<target host="emergency.weill.cornell.edu" />
+	<target host="give.weill.cornell.edu" />
+	<target host="its.weill.cornell.edu" />
+	<target host="jcto.weill.cornell.edu" />
+	<target host="library.weill.cornell.edu" />
+	<target host="meeting.weill.cornell.edu" />
+	<target host="radiology.weill.cornell.edu" />
+	<target host="studentservices.weill.cornell.edu" />
+	<target host="wcmcentral.weill.cornell.edu" />
+
+	<target host="www.cornell.edu" />
+
+		<!--	$ prints domain name, so:
+							-->
+		<test url="http://s010.med.cornell.edu/wcmc/make-a-donation.html" />
+
+	<!--	Complications:
+				-->
+	<target host="css.cals.cornell.edu" />
+	<target host="ciifad.cornell.edu" />
+	<target host="cuaes.cornell.edu" />
+	<target host="dfa.cornell.edu" />
+	<!--target host="www.einaudi.cornell.edu" /-->
+	<target host="emergency.med.cornell.edu" />
+	<target host="news.cornell.edu" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^confluence\.cornell\.edu$" name="^JSESSIONID$" /-->
+	<!--securecookie host="^(?:alumni|careers|give|jcto|radiology)\.weill\.cornell\.edu$" name="^SimpleSAMLSessionId$" /-->
+	<!--securecookie host="^directory\.weill\.cornell\.edu$" name="^JSESSIONI$$" /-->
+	<!--securecookie host="^wcmcentral\.weill\.cornell\.edu$" name="^(?:SimpleSAMLSessionId|simplesamlphp_auth_returnto)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://css\.cals\.cornell\.edu/"
+		to="https://scs.cals.cornell.edu/"/>
+
+	<rule from="^http://(ciifad|cuaes)\.cornell\.edu/"
+		to="https://$1.cals.cornell.edu/"/>
 
-	<target host="cornell.edu"/>
-	<target host="*.cornell.edu"/>
-		<!--exclusion pattern="^http://(?:www\.)?cals\.cornell\.edu/(?:$|\?|twitter/$)" /-->
-		<exclusion pattern="^http://(?:www\.)?cals\.cornell\.edu/(?!assets/|favicon\.ico|twitter/jquery\.tweet\.js)" />
+	<!--rule from="^http://www\.einaudi\.cornell\.edu/"
+		to="https://einaudi.cornell.edu/"/-->
 
+	<rule from="^http://(dfa|news)\.cornell\.edu/"
+		to="https://www.$1.cornell.edu/"/>
 
-	<securecookie host="^(?!cals\.)(?:.*\.)?cornell\.edu$" name=".+" />
+	<!--	Redirect drops path and forward
+		slash, but not args:
+					-->
+	<rule from="^http://emergency\.med\.cornell\.edu/[^?]*"
+		to="https://emergency.weill.cornell.edu/" />
 
+		<test url="http://emergency.med.cornell.edu/index.htm" />
 
-	<rule from="^http://((?:(?:www\.)?(?:cals|cs|library)|topeka\.ccmr|ww3\.lawschool|embanner\.univcomm|www)\.)?cornell\.edu/"
-		to="https://$1cornell.edu/"/>
+	<rule from="^http:"
+		to="https:"/>
 
 </ruleset>
diff --git a/src/chrome/content/rules/CorneredCat.com.xml b/src/chrome/content/rules/CorneredCat.com.xml
new file mode 100644
index 000000000000..ce8b93012d29
--- /dev/null
+++ b/src/chrome/content/rules/CorneredCat.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="CorneredCat.com">
+	<target host="corneredcat.com" />
+	<target host="www.corneredcat.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Cornify.xml b/src/chrome/content/rules/Cornify.xml
index a50b515ee692..b7209699ece3 100644
--- a/src/chrome/content/rules/Cornify.xml
+++ b/src/chrome/content/rules/Cornify.xml
@@ -1,4 +1,4 @@
-<ruleset name="Cornify" default_off="mismatch">
+<ruleset name="Cornify" default_off="mismatched">
 
 	<target host="cornify.com" />
 	<target host="www.cornify.com" />
@@ -7,7 +7,7 @@
 	<!--	- CN: secure.wookmark.com
 		- !www 301s to www
 					-->
-	<rule from="^https?://(?:www\.)?cornify\.com/"
+	<rule from="^http://(?:www\.)?cornify\.com/"
 		to="https://www.cornify.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/CorningCreditUnion.xml b/src/chrome/content/rules/CorningCreditUnion.xml
deleted file mode 100644
index ec423ebaff40..000000000000
--- a/src/chrome/content/rules/CorningCreditUnion.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="Corning Credit Union" platform="mixedcontent">
-  <target host="www.corningcu.org" />
-  <target host="corningcu.org" />
-
-  <rule from="^http://(www\.)?corningcu\.org/" to="https://corningcu.org/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/Corpimages.de.xml b/src/chrome/content/rules/Corpimages.de.xml
index 96dca0bcf55f..9d4c670a1ec0 100644
--- a/src/chrome/content/rules/Corpimages.de.xml
+++ b/src/chrome/content/rules/Corpimages.de.xml
@@ -13,7 +13,6 @@
 	<target host="www.corpimages.de" />
 
 
-	<rule from="^http://(?:www\.)?corpimages\.de/"
-		to="https://corpimages.de/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Corporate-ir.net.xml b/src/chrome/content/rules/Corporate-ir.net.xml
index 4f5ab5fad880..d1778d886691 100644
--- a/src/chrome/content/rules/Corporate-ir.net.xml
+++ b/src/chrome/content/rules/Corporate-ir.net.xml
@@ -32,24 +32,30 @@
 -->
 <ruleset name="corporate-ir.net (partial)">
 
-	<target host="*.corporate-ir.net" />
+	<target host="phx.corporate-ir.net" />
+	<target host="origin-phoenix.corporate-ir.net" />
+	<target host="origin-www.corporate-ir.net" />
 		<!--
 			Avoid any user-visible paths:
 							-->
 		<exclusion pattern="^http://(?:(?:phoenix|phx|www)\.)?corporate-ir\.net/(?!External\.File\?|HttpCombiner\.ashx|media_files/|WebSideStory/|client/\d+/\d+/css/)" />
 
 
+	<!--	Not secured by server:
+					 -->
+	<!--securecookie host="^origin-phoenix\.corporate-ir\.net$" name="^ADRUM_BT$" /-->
+
 	<!--securecookie host="^phx\.corporate-ir\.net$" name="^(agentscape-proc|agentscape-tag-devtype)$" /-->
 	<securecookie host="^origin-phoenix\.corporate-ir\.net$" name=".+" />
 
 
-	<rule from="^http://(?:(?:origin-)?media|phx)\.corporate-ir\.net/"
-		to="https://a248.e.akamai.net/f/121/1/1/phx.corporate-ir.net/" />
+	<!--	Some stylesheets generated by HttpCombiner.ashx
+		reference resources relative to root:
+							-->
+	<rule from="^http://phx\.corporate-ir\.net/HttpCombiner\.ashx"
+		to="https://origin-phoenix.corporate-ir.net/HttpCombiner.ashx" />
 
 	<rule from="^http://origin-(phoenix|www)\.corporate-ir\.net/"
 		to="https://origin-$1.corporate-ir.net/" />
 
-	<rule from="^http://(phoenix|www)\.corporate-ir\.net/"
-		to="https://a248.e.akamai.net/f/121/1/1/$1.corporate-ir.net/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Corporate_Color.xml b/src/chrome/content/rules/Corporate_Color.xml
index 5c24477af3e2..a53d6ae46349 100644
--- a/src/chrome/content/rules/Corporate_Color.xml
+++ b/src/chrome/content/rules/Corporate_Color.xml
@@ -1,6 +1,5 @@
 <!--
 	!www: cert only matches www
-
 -->
 <ruleset name="Corporate Color">
 
@@ -8,7 +7,12 @@
 	<target host="www.saimd.com" />
 
 
-	<rule from="^http://(?:www\.)?saimd\.com/"
+	<test url="http://www.saimd.com/robots.txt" />
+
+
+	<rule from="^http://saimd\.com/"
 		to="https://www.saimd.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Corporation_Service_Company.xml b/src/chrome/content/rules/Corporation_Service_Company.xml
index 6c5cd4023dbb..c64945c6c077 100644
--- a/src/chrome/content/rules/Corporation_Service_Company.xml
+++ b/src/chrome/content/rules/Corporation_Service_Company.xml
@@ -1,7 +1,10 @@
 <!--
+The following targets have been disabled at 2020-10-14 21:27:05:
+
+Fetch error: http://bl.cscglobal.com/ => https://bl.cscglobal.com/: (56, 'OpenSSL SSL_read: SSL_ERROR_SYSCALL, errno 104')
+
 	Other Corporation Service Company rulesets:
 
-		- CSCtrustedsecure.com.xml
 
 
 	Problematic domains:
@@ -16,6 +19,10 @@
 	<target host="www.corporatedomains.com" />
 	<target host="cscglobal.com" />
 	<target host="*.cscglobal.com" />
+    <test url="http://api.cscglobal.com/" />
+    <test url="http://sales.cscglobal.com/" />
+    <test url="http://my.cscglobal.com/" />
+
 	<target host="cscprotectsbrands.com" />
 	<target host="www.cscprotectsbrands.com" />
 
@@ -26,10 +33,10 @@
 	<rule from="^http://(?:www\.)?corporatedomains\.com/[^\?]*(\?.*)?"
 		to="https://www.cscglobal.com/global/web/csc/corporate-identity-protection.html$1" />
 
-	<rule from="^http://(my\.|www\.)?cscglobal\.com/"
-		to="https://$1cscglobal.com/" />
 
 	<rule from="^http://(?:www\.)?cscprotectsbrands\.com/.*"
 		to="https://www.cscglobal.com/global/web/csc/domains-and-trademarks.html" />
 
-</ruleset>
\ No newline at end of file
+  <rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Correctiv-Upload.org.xml b/src/chrome/content/rules/Correctiv-Upload.org.xml
new file mode 100644
index 000000000000..03a894db50c3
--- /dev/null
+++ b/src/chrome/content/rules/Correctiv-Upload.org.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- correctiv-upload.org
+
+-->
+<ruleset name="Correctiv-Upload.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="correctiv-upload.org" />
+	<target host="www.correctiv-upload.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^correctiv-upload\.org$" name="^S_UPLOAD$" /-->
+
+	<securecookie host="^correctiv-upload\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Corrent.org.xml b/src/chrome/content/rules/Corrent.org.xml
new file mode 100644
index 000000000000..e078b9facecf
--- /dev/null
+++ b/src/chrome/content/rules/Corrent.org.xml
@@ -0,0 +1,30 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://corrent.org/ => https://corrent.org/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.corrent.org/ => https://www.corrent.org/: (28, 'Connection timed out after 20001 milliseconds')
+
+	Insecure cookies are set for these domains:
+
+		- .corrent.org
+
+-->
+<ruleset name="Corrent.org" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="corrent.org" />
+	<target host="www.corrent.org" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.corrent\.org$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.corrent\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Corsair.com.xml b/src/chrome/content/rules/Corsair.com.xml
index b71121abd289..c8d7149500cf 100644
--- a/src/chrome/content/rules/Corsair.com.xml
+++ b/src/chrome/content/rules/Corsair.com.xml
@@ -1,22 +1,39 @@
 <!--
-	Problematic subdomains:
+	Nonfunctional subdomains:
 
-		- (www.)
-		- cwsmgmt	(shows test page; expired 2013-08-27, mismatched, CN: shop.corsair.com)
+		- ^ *
+		- cwsmgmt ²
+		- forum *
+		- gaming ³
+		- www ³
+		- www2 *
+
+	* Refused
+	² 404
+	³ 503, Akamai
+
+
+	These altnames don't exist:
+
+		- www.shop.corsair.com
 
 -->
-<ruleset name="Corsair.com">
+<ruleset name="Corsair.com (partial)">
+
+	<target host="shop.corsair.com" />
+	<target host="static.corsair.com" />
+	<target host="store.corsair.com" />
 
-	<target host="corsair.com" />
-	<target host="*.corsair.com" />
 
+	<!--	Not secured by server:
+					-->
+	<!--ssecurecookie host="^\.corsair\.com$" name="^(CUSTOMER|CUSTOMER_AUTH|CUSTOMER_INFO|CUSTOMER_SEGMENT_IDS|NEWMESSAGE|frontend)$" /-->
+	<!--ssecurecookie host="^shop\.corsair\.com$" name="^fbcsrf_\d+$" /-->
 
-	<securecookie host="^\.corsair\.com$" name=".+" />
+	<securecookie host="^shop\.corsair\.com$" name=".+" />
 
 
-	<!--	cwsmgmt & shop appear to be identical to www.
-								-->
-	<rule from="^http://(?:(?:cwsmgmt|shop|www)\.)?corsair\.com/"
-		to="https://shop.corsair.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Corvisa.com.xml b/src/chrome/content/rules/Corvisa.com.xml
new file mode 100644
index 000000000000..ab27d6bb5e2d
--- /dev/null
+++ b/src/chrome/content/rules/Corvisa.com.xml
@@ -0,0 +1,39 @@
+<!--
+	Fully covered hosts in *corvisa.com:
+
+		- (www.)?
+		- auth
+		- developers
+		- platform
+
+
+	Insecure cookies are set for these hosts:
+
+		- auth.corvisacloud.com
+		- developers.corvisa.com
+		- www.corvisacloud.com
+
+-->
+<ruleset name="Corvisa.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="corvisacloud.com" />
+	<target host="auth.corvisacloud.com" />
+	<target host="developers.corvisa.com" />
+	<target host="platform.corvisacloud.com" />
+	<target host="www.corvisacloud.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^auth\.corvisa\.com$" name="^csrftoken$" /-->
+	<!--securecookie host="^(developers|www)\.corvisa\.com$" name="^django_language$" /-->
+
+	<securecookie host="^(?:(?:auth|developers|developers|www)\.)?corvisa\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cosmo.org.xml b/src/chrome/content/rules/Cosmo.org.xml
index b94946fb10b3..ab4d0d487216 100644
--- a/src/chrome/content/rules/Cosmo.org.xml
+++ b/src/chrome/content/rules/Cosmo.org.xml
@@ -1,4 +1,9 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cosmo.org/ => https://www.cosmo.org/: (60, 'SSL certificate problem: self signed certificate')
+Fetch error: http://www.cosmo.org/ => https://www.cosmo.org/: (60, 'SSL certificate problem: self signed certificate')
+
 	Kansas Cosmosphere and Space Center
 
 
@@ -7,7 +12,7 @@
 		- ^	(works, cert only matches www)
 
 -->
-<ruleset name="Cosmo.org">
+<ruleset name="Cosmo.org" default_off="failed ruleset test">
 
 	<target host="cosmo.org" />
 	<target host="www.cosmo.org" />
@@ -19,4 +24,4 @@
 	<rule from="^http://(?:www\.)?cosmo\.org/"
 		to="https://www.cosmo.org/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Cosmopolitan.xml b/src/chrome/content/rules/Cosmopolitan.xml
index 88fd3cf6cbc3..fb64f6707ce8 100644
--- a/src/chrome/content/rules/Cosmopolitan.xml
+++ b/src/chrome/content/rules/Cosmopolitan.xml
@@ -2,27 +2,35 @@
 	Other Hearst Corporation rulesets:
 
 		- Delish.xml
-		- Hearst-Corporation.xml
-		- Hearst-Corporation-mismatches.xml
+
+
+	Nonfunctional hosts in *cosmopolitan.com:
+
+		 newsletters *
+
+	* Dropped
+
+
+	Mixed content:
+
+		- Image on www from cos.h-cdn.co *
+
+	* Rule disabled by default <= mismatched
 
 -->
-<ruleset name="Cosmopolitan (partial)" default_off="mismatch">
+<ruleset name="Cosmopolitan.com (partial)" default_off="mismatched">
 
-	<!--	Cert: subscribe.hearstmags.com	-->
+	<!--	Direct rewrites:
+				-->
 	<target host="cosmopolitan.com" />
-	<!--	Akamai	-->
 	<target host="answerology.cosmopolitan.com" />
 	<target host="www.cosmopolitan.com" />
 
 
-	<securecookie host="^www\.cosmopolitan\.com$" name=".*" />
-
+	<securecookie host="^www\.cosmopolitan\.com$" name=".+" />
 
-	<!--	!www redirects to www.	-->
-	<rule from="^http://(?:www\.)?cosmopolitan\.com/"
-		to="https://cosmopolitan.com/" />
 
-	<rule from="^http://answerology\.cosmopolitan\.com/"
-		to="https://answerology.cosmopolitan.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Cosmote.xml b/src/chrome/content/rules/Cosmote.xml
new file mode 100644
index 000000000000..385f21da909d
--- /dev/null
+++ b/src/chrome/content/rules/Cosmote.xml
@@ -0,0 +1,10 @@
+<!-- This ruleset is experimental. If you experience problems please
+	 open an issue at https://github.com/kargig/https-everywhere-greek-rules -->
+
+<ruleset name="Cosmote">
+  <target host="www.cosmote.gr" />
+
+	<securecookie host="^www\.cosmote\.gr$" name=".+" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Cossack_Labs.com.xml b/src/chrome/content/rules/Cossack_Labs.com.xml
new file mode 100644
index 000000000000..eec4855aeb65
--- /dev/null
+++ b/src/chrome/content/rules/Cossack_Labs.com.xml
@@ -0,0 +1,16 @@
+<ruleset name="Cossack Labs.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="cossacklabs.com" />
+	<target host="pwk.cossacklabs.com" />
+	<target host="www.cossacklabs.com" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Costco-static.com.xml b/src/chrome/content/rules/Costco-static.com.xml
new file mode 100644
index 000000000000..36b5f552ce48
--- /dev/null
+++ b/src/chrome/content/rules/Costco-static.com.xml
@@ -0,0 +1,20 @@
+<!--
+	For other Costco coverage, see Costco.xml.
+
+
+	Fully covered hosts in *costco-static.com:
+
+		- images
+
+-->
+<ruleset name="Costco-static.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="images.costco-static.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Costco.xml b/src/chrome/content/rules/Costco.xml
index 1286e37c2163..a358e6189370 100644
--- a/src/chrome/content/rules/Costco.xml
+++ b/src/chrome/content/rules/Costco.xml
@@ -1,15 +1,42 @@
-<ruleset name="Costco">
+<!--
 
-	<target host="costco.com"/>
-	<target host="*.costco.com"/>
+	Other Costco rulesets:
 
-	<securecookie host="^(.*\.)?costco\.com$" name=".*"/>
+		- Costco-static.com.xml
 
-	<rule from="^http://(shop\.|www\.)?costco\.com/"
-		to="https://$1costco.com/"/>
 
-	<!-- The content of content and www are actually not identical. -->
-	<!-- <rule from="^https?://content\.costco\.com/"
-		to="https://www.costco.com/"/> -->
+	Nonfunctional hosts in *costco.com:
 
+		- video *
+		- www2 ²
+
+	* Shows another domain
+	² Reset
+
+
+	Problematic hosts in *costco.com:
+
+		- shop *
+
+	* Akamai
+
+
+	These altnames don't exist:
+
+		- www.www2.costco.com
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.costco.com
+
+-->
+<ruleset name="Costco.com (partial)">
+	<target host="costco.com" />
+	<target host="www.costco.com" />
+	<target host="customerservice.costco.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"	to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Cotera.xml b/src/chrome/content/rules/Cotera.xml
index 2808af1f9023..21fb235ee147 100644
--- a/src/chrome/content/rules/Cotera.xml
+++ b/src/chrome/content/rules/Cotera.xml
@@ -1,7 +1,10 @@
 <ruleset name="Cotera (partial)">
 
 	<target host="cortera.com" />
-	<target host="*.cortera.com" />
+	<target host="www.cortera.com" />
+	<target host="blog.cortera.com" />
+	<target host="dev-blog.cortera.com" />
+	<target host="start.cortera.com" />
 
 
 	<rule from="^http://(www\.)?cortera\.com/(css|img|video|wordpress)/"
@@ -11,7 +14,7 @@
 		to="https://blog.cortera.com/" />
 
 	<!--	Cert: www	-->
-	<rule from="^https?://dev-blog\.cortera\.com/wordpress/"
+	<rule from="^http://dev-blog\.cortera\.com/wordpress/"
 		to="https://blog.cortera.com/wordpress/" />
 
 	<rule from="^http://start\.cortera\.com/(go(?:$|/)|images/)"
diff --git a/src/chrome/content/rules/Cotse.xml b/src/chrome/content/rules/Cotse.xml
index 287d13342cd1..9028cff08c80 100644
--- a/src/chrome/content/rules/Cotse.xml
+++ b/src/chrome/content/rules/Cotse.xml
@@ -2,5 +2,5 @@
   <target host="www.cotse.net" />
   <target host="cotse.net" />
 
-  <rule from="^http://(www\.)?cotse\.net/" to="https://www.cotse.net/"/>
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Cottages.com.xml b/src/chrome/content/rules/Cottages.com.xml
new file mode 100644
index 000000000000..bae0c529d146
--- /dev/null
+++ b/src/chrome/content/rules/Cottages.com.xml
@@ -0,0 +1,23 @@
+<!--
+	For other Wyndham related rulesets, see WyndhamHotels.com.xml
+
+	Non-functional hosts
+		Couldn't connect to server:
+		- mta1.mail.cottages.com
+
+		SSL peer certificate was not OK:
+		- cottages.com
+		- mail.cottages.com
+		- partnerfeeds.cottages.com
+
+		Mixed content blocking (MCB) triggered:
+		- www.cottages.com
+-->
+<ruleset name="Cottages.com" default_off="cert-invalid">
+	<target host="cottages.com" />
+	<target host="autodiscover.cottages.com" />
+	<target host="mail.cottages.com" />
+	<target host="partnerfeeds.cottages.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Cottages4you.co.uk.xml b/src/chrome/content/rules/Cottages4you.co.uk.xml
new file mode 100644
index 000000000000..b5f00cfd73e5
--- /dev/null
+++ b/src/chrome/content/rules/Cottages4you.co.uk.xml
@@ -0,0 +1,17 @@
+<!--
+	For other Wyndham related rulesets, see WyndhamHotels.com.xml
+
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- cottages4you.co.uk
+    - blog.cottages4you.co.uk
+
+  Host Redirects to cottages.com
+-->
+<ruleset name="Cottages4you.co.uk (partial)">
+	<target host="www.cottages4you.co.uk" />
+
+	<rule from="^http://www\.cottages4you\.co\.uk/"
+			to="https://www.cottages.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cottagesdirect.co.uk.xml b/src/chrome/content/rules/Cottagesdirect.co.uk.xml
new file mode 100644
index 000000000000..24bc6909e1d9
--- /dev/null
+++ b/src/chrome/content/rules/Cottagesdirect.co.uk.xml
@@ -0,0 +1,17 @@
+<!--
+	For other Wyndham related rulesets, see WyndhamHotels.com.xml
+
+	Non-functional hosts
+		Timeout was reached:
+		- cottagesdirect.co.uk
+-->
+<ruleset name="Cottagesdirect.co.uk (partial)">
+	<target host="cottagesdirect.co.uk" />
+	<target host="www.cottagesdirect.co.uk" />
+
+	<rule from="^http://cottagesdirect\.co\.uk/"
+			to="https://www.cottagesdirect.co.uk/" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Coub.com.xml b/src/chrome/content/rules/Coub.com.xml
new file mode 100644
index 000000000000..9ca0ddd73742
--- /dev/null
+++ b/src/chrome/content/rules/Coub.com.xml
@@ -0,0 +1,51 @@
+<!--
+	Nonfunctional hosts in *coub.com:
+
+		- blog *
+
+	* Tumblr
+
+	Problematic hosts in *coub.com:
+
+		- assets1-new.akamai ¹
+		- storage.akamai ¹
+		- www ²
+
+	¹ Akamai
+	² Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- coub.com
+
+-->
+<ruleset name="Coub.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="coub.com" />
+
+	<!--	Complications:
+				-->
+	<target host="assets1-new.akamai.coub.com" />
+	<target host="www.coub.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^coub\.com$" name="^(?:_coub_session_2|split)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://assets1-new\.akamai\.coub\.com/"
+		to="https://coubsecureassets-a.akamaihd.net/" />
+
+	<rule from="^http://www\.coub\.com/"
+		to="https://coub.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CouchPota.to.xml b/src/chrome/content/rules/CouchPota.to.xml
new file mode 100644
index 000000000000..e5c8cf3dbf08
--- /dev/null
+++ b/src/chrome/content/rules/CouchPota.to.xml
@@ -0,0 +1,21 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.couchpota.to/ => https://www.couchpota.to/: (51, "SSL: no alternative certificate subject name matches target host name 'www.couchpota.to'")
+
+	Mixed content:
+
+		- Images from www.gravatar.com *
+
+	* Secured by us
+
+-->
+<ruleset name="CouchPota.to" default_off="failed ruleset test">
+
+	<target host="couchpota.to" />
+	<target host="www.couchpota.to" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Couchbase.xml b/src/chrome/content/rules/Couchbase.xml
index f4d65751b237..fbcc385725c6 100644
--- a/src/chrome/content/rules/Couchbase.xml
+++ b/src/chrome/content/rules/Couchbase.xml
@@ -1,4 +1,6 @@
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://couchbase.com/ => https://couchbase.com/: Cycle detected - URL already encountered: https://www.couchbase.com/
 	CDN buckets:
 
 		- s3.amazonaws.com/packages.couchbase.com/
@@ -16,7 +18,7 @@
 
 	<target host="couchbase.com" />
 	<target host="*.couchbase.com" />
-		<!--exclusion pattern="^http://(www\.)?couchbase\.com/($|\?|(careers|couchbase-(server-admin-training|services|vs-couchdb)|documentation|downloads(-all)?|leadership|partners|press-releases|white-papers)(?|\?|/)|case-studies/?($|\?))" /-->
+		<!--exclusion pattern="^http://(www\.)?couchbase\.com/((careers|couchbase-(server-admin-training|services|vs-couchdb)|documentation|downloads(-all)?|leadership|partners|press-releases|white-papers)(?|\?|/)|case-studies/?($|\?))" /-->
 		<!--exclusion pattern="^http://(www\.)?couchbase\.com/forums/(?!misc/|sites/|user($|\?|/))" /-->
 
 
@@ -27,16 +29,16 @@
 
 	<!--	Ditto:
 				-->
-	<rule from="^http://(www\.)?couchbase\.com/develop/?(?:\?.*)?$"
+	<rule from="^http://(?:www\.)?couchbase\.com/develop/?(?:\?.*)?$"
 		to="https://www.couchbase.com/communities/all-client-libraries" />
 
-	<rule from="^http://(www\.)?couchbase\.com/((?:buzz|case-studies/\w+|communities|company|contact|couchbase-(?:open-source-project|server-java-training|server/use-cases|support)|customers|docs|forums/user|learn|presentations|why-nosql/nosql-database)(?:$|\?|/)|(?:forums/)?(?:misc|sites)/)"
-		to="https://$1couchbase.com/$2" />
+	<rule from="^http://(www\.)?couchbase\.com/(?=$|\?|(?:buzz|case-studies/\w+|communities|company|contact|couchbase-(?:open-source-project|server-java-training|server/use-cases|support)|customers|docs|forums/user|learn|presentations|why-nosql/nosql-database)(?:$|\?|/)|(?:forums/)?(?:misc|sites)/)"
+		to="https://$1couchbase.com/" />
 
-	<rule from="^http://info\.couchbase\.com/(cs|image|j|r)s/"
-		to="https://na-a.couchbase.com/$1s/" />
+	<rule from="^http://info\.couchbase\.com/(?=(?:cs|image|j|r)s/)"
+		to="https://na-a.marketo.com/" />
 
 	<rule from="^http://packages\.couchbase\.com/"
-		to="https://s3.amazonaws.com/packages.couchbase.com/" />
+		to="https://packages.couchbase.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Couchsurfing.xml b/src/chrome/content/rules/Couchsurfing.xml
deleted file mode 100644
index c7e8cea6ef9f..000000000000
--- a/src/chrome/content/rules/Couchsurfing.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="Couchsurfing">
-  <target host="www.couchsurfing.org" />
-  <target host="couchsurfing.org" />
-
-  <rule from="^http://www\.couchsurfing\.org/login\.html$" to="https://www.couchsurfing.org/login.html"/>
-</ruleset>
-
diff --git a/src/chrome/content/rules/Council_of_Europe.xml b/src/chrome/content/rules/Council_of_Europe.xml
index 80b4ea4db823..1925a6d5dccd 100644
--- a/src/chrome/content/rules/Council_of_Europe.xml
+++ b/src/chrome/content/rules/Council_of_Europe.xml
@@ -25,7 +25,9 @@
 <ruleset name="Council of Europe (partial)">
 
 	<target host="coe.int" />
-	<target host="*.coe.int" />
+	<target host="www.coe.int" />
+	<target host="hub.coe.int" />
+	<target host="piwik.coe.int" />
 
 
 	<securecookie host="^(?:hub|piwik|www)\.coe\.int$" name=".+" />
@@ -34,7 +36,6 @@
 	<rule from="^http://(?:www\.)?coe\.int/"
 		to="https://www.coe.int/" />
 
-	<rule from="^http://(hub|piwik)\.coe\.int/"
-		to="https://$1.coe.int/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Council_on_Foreign_Relations.xml b/src/chrome/content/rules/Council_on_Foreign_Relations.xml
index a25f98d4a0ef..bc7454323557 100644
--- a/src/chrome/content/rules/Council_on_Foreign_Relations.xml
+++ b/src/chrome/content/rules/Council_on_Foreign_Relations.xml
@@ -1,4 +1,7 @@
 <!--
+	on.cfr.org is handled in Bit.ly_vanity_domains.xml.
+
+
 	CDN buckets:
 
 		- d1lidwm7vls1dg.cloudfront.net
@@ -25,18 +28,20 @@
 <ruleset name="Council on Foreign Relations (partial)">
 
 	<target host="cfr.org" />
-	<target host="*.cfr.org" />
-		<exclusion pattern="^https?://(?:www\.)?cfr\.org/(?!content/.+\.(?:gif|jpg|png)$|css/|i/|login\.html)" />
+	<target host="www.cfr.org" />
+	<target host="i.cfr.org" />
+	<target host="blogs.cfr.org" />
 	<target host="secure.www.cfr.org" />
+		<exclusion pattern="^http://(?:www\.)?cfr\.org/(?!content/.+\.(?:gif|jpg|png)$|css/|i/|login\.html)" />
 
 
-	<rule from="^https?://(?:www\.)?cfr\.org/login\.html"
+	<rule from="^http://(?:www\.)?cfr\.org/login\.html"
 		to="https://secure.cfr.org/login.html" />
 
-	<rule from="^https?://(?:i\.|www\.)?cfr\.org/"
+	<rule from="^http://(?:i\.|www\.)?cfr\.org/"
 		to="https://d1lidwm7vls1dg.cloudfront.net/" />
 
 	<rule from="^http://(blogs|secure\.www)\.cfr\.org/"
 		to="https://$1.cfr.org/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/CouncilofAustralianGovernments.xml b/src/chrome/content/rules/CouncilofAustralianGovernments.xml
new file mode 100644
index 000000000000..a4c1144b7caf
--- /dev/null
+++ b/src/chrome/content/rules/CouncilofAustralianGovernments.xml
@@ -0,0 +1,7 @@
+<ruleset name="Council of Australian Governments">
+	<target host="coag.gov.au" />
+	<target host="www.coag.gov.au" />
+
+	<rule from="^http://(?:www\.)?coag\.gov\.au/"
+		to="https://www.coag.gov.au/" />
+</ruleset>
diff --git a/src/chrome/content/rules/Count_Bayesie.com.xml b/src/chrome/content/rules/Count_Bayesie.com.xml
new file mode 100644
index 000000000000..2ec0159aee8e
--- /dev/null
+++ b/src/chrome/content/rules/Count_Bayesie.com.xml
@@ -0,0 +1,34 @@
+<!--
+	Insecure cookies are set for these domains and hosts:
+
+		- .countbayesie.com
+		- www.countbayesie.com
+
+
+	Mixed content:
+
+		- Images from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Count Bayesie.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="countbayesie.com" />
+	<target host="www.countbayesie.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.countbayesie\.com$" name="^(?:__cfduid|SS_MID|cf_clearance)$" /-->
+	<!--securecookie host="^www\.countbayesie\.com$" name="^(?:JSESSIONID|crumb)$" /-->
+
+	<securecookie host="^(?:www)?\.countbayesie\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Countdown.co.nz.xml b/src/chrome/content/rules/Countdown.co.nz.xml
new file mode 100644
index 000000000000..31a329b7ce2c
--- /dev/null
+++ b/src/chrome/content/rules/Countdown.co.nz.xml
@@ -0,0 +1,34 @@
+<!--
+	For other Woolworths coverage, see Woolworths.com.au.xml
+
+
+	Nonfunctional subdomains:
+
+		- catalogues	(mismatch hostname, CN: *..dynamiccatalogue.com.au)
+		- now		(SSL handshake failed)
+		- shopmail	(expired cert)
+		- world		(timeout)
+
+-->
+<ruleset name="Countdown.co.nz">
+
+	<target host="countdown.co.nz" />
+	<target host="www.countdown.co.nz" />
+	<target host="betastage.countdown.co.nz" />
+	<target host="console.countdown.co.nz" />
+	<target host="insurance.countdown.co.nz" />
+	<target host="m.countdown.co.nz" />
+	<target host="petinsurance.countdown.co.nz" />
+	<target host="services.countdown.co.nz" />
+	<target host="shop.countdown.co.nz" />
+	<target host="shopsit.countdown.co.nz" />
+	<target host="shopuat.countdown.co.nz" />
+	<target host="stage.countdown.co.nz" />
+	<target host="supplier.countdown.co.nz" />
+	<target host="transit.countdown.co.nz" />
+
+	<securecookie host="^www\.countdown\.co\.nz$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CounterMail.com.xml b/src/chrome/content/rules/CounterMail.com.xml
index 7a66d466d62f..b40a664b8137 100644
--- a/src/chrome/content/rules/CounterMail.com.xml
+++ b/src/chrome/content/rules/CounterMail.com.xml
@@ -1,13 +1,14 @@
 <ruleset name="CounterMail.com">
-
 	<target host="countermail.com" />
-	<target host="*.countermail.com" />
-
-
-	<securecookie host="^support\.countermail\.com$" name=".+" />
-
-
-	<rule from="^http://(support\.|www\.)?countermail\.com/"
-		to="https://$1countermail.com/" />
-
-</ruleset>
\ No newline at end of file
+	<target host="www.countermail.com" />
+	<target host="db2.countermail.com" />
+	<target host="imap2.countermail.com" />
+	<target host="login1.countermail.com" />
+	<target host="support2.countermail.com" />
+	<target host="w.countermail.com" />
+	<target host="webmail.countermail.com" />
+	<target host="ww.countermail.com" />
+	<target host="wwww.countermail.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CounterPunch.org.xml b/src/chrome/content/rules/CounterPunch.org.xml
new file mode 100644
index 000000000000..ce477c62710d
--- /dev/null
+++ b/src/chrome/content/rules/CounterPunch.org.xml
@@ -0,0 +1,28 @@
+<!--
+	(www)?: shows halab.leb.net
+
+
+	Mixed content:
+
+		- favicon on store from $self *
+
+	* Secured by us
+
+
+-->
+<ruleset name="CounterPunch.org (partial)">
+
+	<target host="store.counterpunch.org" />
+		<!--
+			Redirects to http:
+						-->
+		<!--exclusion pattern="^http://store\.counterpunch\.org/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://store\.counterpunch\.org/(?!(?:cart|my-account)(?:$|[?/])|favicon\.ico|wp-content/|wp-includes/)" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CounterpartyChain.io.xml b/src/chrome/content/rules/CounterpartyChain.io.xml
new file mode 100644
index 000000000000..1e768ffde91c
--- /dev/null
+++ b/src/chrome/content/rules/CounterpartyChain.io.xml
@@ -0,0 +1,18 @@
+<!--
+	Fully covered hosts in *counterpartychain.io
+
+		- (www.)?
+
+-->
+<ruleset name="CounterpartyChain.io">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="counterpartychain.io" />
+	<target host="www.counterpartychain.io" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Counterwallet.io.xml b/src/chrome/content/rules/Counterwallet.io.xml
new file mode 100644
index 000000000000..98ef5cba452a
--- /dev/null
+++ b/src/chrome/content/rules/Counterwallet.io.xml
@@ -0,0 +1,18 @@
+<!--
+	Fully covered hosts in *counterwallet.io:
+
+		- (www.)?
+
+-->
+<ruleset name="Counterwallet.io">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="counterwallet.io" />
+	<target host="www.counterwallet.io" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Countquest.se.xml b/src/chrome/content/rules/Countquest.se.xml
index b4393a41e5eb..7be6ba78917c 100644
--- a/src/chrome/content/rules/Countquest.se.xml
+++ b/src/chrome/content/rules/Countquest.se.xml
@@ -1,6 +1,10 @@
-<!-- Another tracking firm -->
-<ruleset name="Countquest.se">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://sdc.countquest.se/ => https://sdc.countquest.se/: (28, 'Connection timed out after 20006 milliseconds')
+ Another tracking firm -->
+<ruleset name="Countquest.se" default_off="failed ruleset test">
 	<target host="sdc.countquest.se" />
-	<rule from="^http://sdc\.countquest\.se/" to="https://sdc.countquest.se/"/>
+	<rule from="^http:" to="https:" />
 </ruleset>
 
diff --git a/src/chrome/content/rules/County_Star.xml b/src/chrome/content/rules/County_Star.xml
deleted file mode 100644
index a734d24fa437..000000000000
--- a/src/chrome/content/rules/County_Star.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	For other News-Gazette coverage, see News-Gazette.xml
-
-
-	- !www: mismatched, CN: digital.news-gazette.com
-	- Some pages redirect to http
-
--->
-<ruleset name="The County Star (partial)">
-
-	<target host="county-star.com" />
-	<target host="www.county-star.com" />
-
-
-	<rule from="^http://(?:www\.)?county-star\.com/(misc/|sites/|user(?:$|\?|/))"
-		to="https://www.county-star.com/$1" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/CouponCabin.com.xml b/src/chrome/content/rules/CouponCabin.com.xml
new file mode 100644
index 000000000000..7272ddfdcbce
--- /dev/null
+++ b/src/chrome/content/rules/CouponCabin.com.xml
@@ -0,0 +1,23 @@
+<!--
+	Note: This website blocks Tor users.
+
+
+	Fully covered hosts in *couponcabin.com:
+
+		- (www.)?
+		- static
+
+-->
+<ruleset name="CouponCabin.com" default_off="needs clearnet testing">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="couponcabin.com" />
+	<target host="static.couponcabin.com" />
+	<target host="www.couponcabin.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Couponese.com.xml b/src/chrome/content/rules/Couponese.com.xml
new file mode 100644
index 000000000000..cb87e6c4ec16
--- /dev/null
+++ b/src/chrome/content/rules/Couponese.com.xml
@@ -0,0 +1,14 @@
+<!--
+	For other related rulesets, see OzBargain.com.au.xml
+
+-->
+<ruleset name="Couponese">
+
+	<target host="couponese.com" />
+	<target host="www.couponese.com" />
+
+	<securecookie host="^www\.couponese\.com$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Coupons-Inc.xml b/src/chrome/content/rules/Coupons-Inc.xml
index 25e7f9532fae..a05c9688212c 100644
--- a/src/chrome/content/rules/Coupons-Inc.xml
+++ b/src/chrome/content/rules/Coupons-Inc.xml
@@ -1,19 +1,15 @@
 <ruleset name="Coupons, Inc (partial)">
 
+	<!-- *.coupons.com -->
 	<target host="coupons.com"/>
-	<target host="*.coupons.com"/>
-	<target host="cdn.cpnscdn.com"/>
-
-	<rule from="^http://coupouns\.com/"
-		to="https://www.coupouns.com/"/>
+	<target host="www.coupons.com"/>
+	<target host="brandcaster.coupons.com"/>
+	<target host="insight.coupons.com" />
+		<test url="http://insight.coupons.com/COS20/PrintEngine.asmx" />
 
-	<rule from="^http://www\.coupons\.com/couponweb/"
-		to="https://www.coupons.com/couponweb/"/>
-
-	<rule from="^http://(access|brandcaster|downloads1|insight)\.coupons\.com/"
-		to="https://$1.coupons.com/"/>
+	<!-- *.cpnscdn.com -->
+	<target host="cdn.cpnscdn.com"/>
 
-	<rule from="^http://cdn\.cpnscdn\.com/"
-		to="https://cdn.cpnscdn.com/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/CourageCampaign.xml b/src/chrome/content/rules/CourageCampaign.xml
deleted file mode 100644
index ec2b9f60b4f4..000000000000
--- a/src/chrome/content/rules/CourageCampaign.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="Courage Campaign" platform="mixedcontent">
-	<target host="couragecampaign.org" />
-	<target host="www.couragecampaign.org" />
-	<target host="secure.couragecampaign.org" />
-
-	<rule from="^http://(?:www\.|secure\.)?couragecampaign\.org/" to="https://secure.couragecampaign.org/" />
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Courage_Campaign.org.xml b/src/chrome/content/rules/Courage_Campaign.org.xml
new file mode 100644
index 000000000000..b5987417e8f0
--- /dev/null
+++ b/src/chrome/content/rules/Courage_Campaign.org.xml
@@ -0,0 +1,19 @@
+<!--
+	Non-functional hosts
+		Timeout was reached:
+			 - o21.list.couragecampaign.org
+
+		SSL peer certificate was not OK:
+			 - act.couragecampaign.org
+			 - institute.couragecampaign.org
+			 - list.couragecampaign.org
+			 - testimony.couragecampaign.org
+-->
+<ruleset name="Courage Campaign.org (partial)">
+	<target host="couragecampaign.org" />
+	<target host="www.couragecampaign.org" />
+
+	<securecookie host="^(www\.)?couragecampaign\.org$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Courier-Post.xml b/src/chrome/content/rules/Courier-Post.xml
index bd8c7a0f053c..4a085493f9f6 100644
--- a/src/chrome/content/rules/Courier-Post.xml
+++ b/src/chrome/content/rules/Courier-Post.xml
@@ -1,4 +1,11 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://localsearch.courierpostonline.com/images/logo_planetdiscover.gif => https://chill.planetdiscover.com/images/logo_planetdiscover.gif: (6, 'Could not resolve host: chill.planetdiscover.com')
+Fetch error: http://localsearch.courierpostonline.com/sf_frameworks/gdev/css/screen.jsp?skin= => https://chill.planetdiscover.com/sf_frameworks/gdev/css/screen.jsp?skin=: (6, 'Could not resolve host: chill.planetdiscover.com')
+
+	Courier-Post
+
 	For other Gannett Company coverage, see Gannett-Company.xml.
 
 
@@ -12,45 +19,82 @@
 		- topics	(404, akamai)
 
 
-	Problematic domains:
+	Problematic hosts in courierpostonline.com:
+
+		- ^ ¹
+		- cmsimg ²
+		- deals ³
+		- localsearch ³
+		- offers ³
+
+	¹ Refused
+	² 503, akamai
+	³ Mismatched
 
-		courierpostonline.gannettdigital.com          (no https)
 
-		- courierpostonline.com subdomains:
+	Mixed content:
 
-			- ^		(no https)
-			- cmsimg	(503, akamai)
-			- deals *
-			- localsearch *
+		- css, on:
 
-	* Works; mismatched, CN: *.planetdiscover.com
+			- localsearch from $self *
+			- www from www.gannett-cdn.com
 
+		- Images, on:
 
-	Mixed images from:
+			- localsearch from $self *
+			- www from www.gannett-cdn.com
 
-		- bcdownload.gannett.edgesuite.net
-		- bc_gvpc.edgesuite.net
-		- www.gannett-cdn.com
-		- gon.gannettonline.com
-		- webmedia.newseum.org
+	* Secured by us
 
 -->
-<ruleset name="Courier-Post (partial)">
+<ruleset name="Courier Post Online.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="account.courierpostonline.com" />
+	<target host="accountsolution.courierpostonline.com" />
+	<target host="myaccount.courierpostonline.com" />
+	<target host="staticassets.courierpostonline.com" />
+	<target host="subscribe.courierpostonline.com" />
+	<!--target host="www.courierpostonline.com" /-->
+
+	<!--	Complications:
+				-->
+	<!--target host="courierpostonline.com" /-->
+	<!--target host="cmsimg.courierpostonline.com" /-->
+	<target host="localsearch.courierpostonline.com" />
+
+		<exclusion pattern="http://localsearch\.courierpostonline\.com/+(?!images/|sf_frameworks/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://localsearch.courierpostonline.com/localevents/0" />
+			<test url="http://localsearch.courierpostonline.com/localevents/add_event/" />
+			<test url="http://localsearch.courierpostonline.com/sp" />
 
-	<target host="courierpostonline.com" />
-	<target host="*.courierpostonline.com" />
+			<!--	-ve:
+					-->
+			<test url="http://localsearch.courierpostonline.com/images/logo_planetdiscover.gif" />
+			<test url="http://localsearch.courierpostonline.com/sf_frameworks/gdev/css/screen.jsp?skin=" />
 
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://offers\.courierpostonline\.com/specialoffer\?gps-source=" /-->
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="https://offers\.courierpostonline\.com/KeyGrip\.ashx" /-->
 
-	<securecookie host="^(?:www)?\.courierpostonline\.com$" name=".+" />
+		<test url="http://staticassets.courierpostonline.com/global/assets/uscp/property/courierpostonline/logo/logo_sm_white.png" />
 
 
-	<rule from="^http://(?:cmsimg\.|www\.)?courierpostonline\.com/"
-		to="https://www.courierpostonline.com/" />
+	<!--rule from="^http://(?:cmsimg\.)?courierpostonline\.com/"
+		to="https://www.courierpostonline.com/" /-->
 
-	<rule from="^http://myaccount\.courierpostonline\.com/"
-		to="https://myaccount.courierpostonline.com/" />
+	<rule from="^http://localsearch\.courierpostonline\.com/"
+		to="https://chill.planetdiscover.com/" />
 
-	<rule from="^http://localsearch\.courierpostonline\.com/sf_frameworks/"
-		to="https://chill.planetdiscover.com/sf_frameworks/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Courierpost.co.nz.xml b/src/chrome/content/rules/Courierpost.co.nz.xml
new file mode 100644
index 000000000000..8549886d22b8
--- /dev/null
+++ b/src/chrome/content/rules/Courierpost.co.nz.xml
@@ -0,0 +1,64 @@
+<!--
+	Mismatch:
+		- www.cardtocall.courierpost.co.nz
+		- leads.courierpost.co.nz
+		- www.trackandtrace.co.nz
+		- www.track.courierpost.co.nz
+
+	Timeout:
+		- ftp.courierpost.co.nz
+		- ftpuat.courierpost.co.nz
+		- survey.courierpost.co.nz
+
+	Mixed Content:
+		CSS on:
+			- finalsfever, international, internationaluat FROM ajax.googleapis.com *
+		JS on:
+			- trackandtrace, trackandtraceuat FROM cdnjs.cloudflare.com *
+		Iframe on:
+			- trackandtrace    FROM www *
+			- trackandtraceuat FROM uat *
+	* Secured by us
+-->
+<ruleset name="Courierpost.co.nz">
+	<target host="www.courierpost.co.nz" />
+	<target host="accounts.courierpost.co.nz" />
+	<target host="cardtocall.courierpost.co.nz" />
+		<target host="www.cardtocall.courierpost.co.nz" />
+		<rule from="^http://www\.cardtocall\.courierpost\.co\.nz/"
+			to="https://cardtocall.courierpost.co.nz/" />
+	<target host="content.courierpost.co.nz" />
+	<target host="contentuat.courierpost.co.nz" />
+	<target host="courierpickup.courierpost.co.nz" />
+	<target host="courierpickupuat.courierpost.co.nz" />
+	<target host="edienterpriseuat.courierpost.co.nz" />
+	<target host="edienterprise.courierpost.co.nz" />
+	<target host="freightforward.courierpost.co.nz" />
+	<target host="deliveredsmartly.courierpost.co.nz" />
+	<target host="freightforwarduat.courierpost.co.nz" />
+	<target host="finalsfever.courierpost.co.nz" />
+	<target host="international.courierpost.co.nz" />
+	<target host="internationaluat.courierpost.co.nz" />
+	<target host="cardtocalluat.courierpost.co.nz" />
+	<target host="login.courierpost.co.nz" />
+	<target host="senditnow.courierpost.co.nz" />
+	<target host="senditnowuat.courierpost.co.nz" />
+	<target host="loginuat.courierpost.co.nz" />
+	<target host="ticket-ituat.courierpost.co.nz" />
+	<target host="trackandtrace.courierpost.co.nz" />
+		<target host="www.trackandtrace.courierpost.co.nz" />
+		<rule from="^http://www\.trackandtrace\.courierpost\.co\.nz/"
+			to="https://trackandtrace.courierpost.co.nz/" />
+	<target host="userprovisioning.courierpost.co.nz" />
+	<target host="trackandtraceuat.courierpost.co.nz" />
+	<target host="verifyaddress.courierpost.co.nz" />
+	<target host="buy.courierpost.co.nz" />
+	<target host="ticket-it.courierpost.co.nz" />
+	<target host="track.courierpost.co.nz" />
+		<target host="www.track.courierpost.co.nz" />
+		<rule from="^http://www\.track\.courierpost\.co\.nz/"
+			to="https://track.courierpost.co.nz/" />
+	<target host="uat.courierpost.co.nz" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Cours_Crypto.org.xml b/src/chrome/content/rules/Cours_Crypto.org.xml
new file mode 100644
index 000000000000..cfcf8215267e
--- /dev/null
+++ b/src/chrome/content/rules/Cours_Crypto.org.xml
@@ -0,0 +1,19 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://courscrypto.org/ => https://courscrypto.org/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.courscrypto.org/ => https://www.courscrypto.org/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="Cours Crypto.org" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="courscrypto.org" />
+	<target host="www.courscrypto.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CourseFinder.io.xml b/src/chrome/content/rules/CourseFinder.io.xml
new file mode 100644
index 000000000000..73818d0c6845
--- /dev/null
+++ b/src/chrome/content/rules/CourseFinder.io.xml
@@ -0,0 +1,42 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://coursefinder.io/ => https://coursefinder.io/: (6, 'Could not resolve host: coursefinder.io')
+Fetch error: http://www.coursefinder.io/ => https://www.coursefinder.io/: (6, 'Could not resolve host: www.coursefinder.io')
+
+	Insecure cookies are set for these hosts:
+
+		- coursefinder.io
+		- www.coursefinder.io
+
+
+	Mixed content:
+
+		- Ads/bugs, from:
+
+			- ad.linksynergy.com ᵈ
+			- mproxy.banner.linksynergy.com ⁴
+			- static.shareasale.com ˢ
+
+	⁴ Unsecurable <= 404
+	ᵈ Unsecurable <= dropped
+	ˢ Secured by us
+
+-->
+<ruleset name="CourseFinder.io" default_off="failed ruleset test">
+
+	<target host="coursefinder.io" />
+	<target host="www.coursefinder.io" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?coursefinder\.io$" name="^_accredible_session$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CourseTalk.com.xml b/src/chrome/content/rules/CourseTalk.com.xml
new file mode 100644
index 000000000000..536c53d78f1e
--- /dev/null
+++ b/src/chrome/content/rules/CourseTalk.com.xml
@@ -0,0 +1,31 @@
+<!--
+	Nonfunctional hosts in *coursetalk.com:
+
+		- press ᵀ
+
+	ᵀ Tumblr/refused
+
+
+	Insecure cookies are set for these hosts:
+
+		- coursetalk.com
+		- www.coursetalk.com
+
+-->
+<ruleset name="CourseTalk.com (partial)">
+
+	<target host="coursetalk.com" />
+	<target host="www.coursetalk.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?coursetalk\.com$" name="^csrftoken$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Coursera.xml b/src/chrome/content/rules/Coursera.xml
deleted file mode 100644
index 737b041ddc19..000000000000
--- a/src/chrome/content/rules/Coursera.xml
+++ /dev/null
@@ -1,32 +0,0 @@
-<!--	Buckets:
-		coursera.s3.amazonaws.com
-		- coursera-course-photos.s3.amazonaws.com
-		- coursera-university-assets.s3.amazonaws.com
-		spark-public.s3.amazonaws.com
-		- d1rlkby5e91r2j.cloudfront.net
-		- d2wvvaown1ul17.cloudfront.net
-		- d396qusza40orc.cloudfront.net
-		- dt5zaw6a98blc.cloudfront.net
-		- duqnjvq4jwr55.cloudfront.net
-
-
-	Fully covered subdomains:
-
-		- accounts
-		- eventing
--->
-<ruleset name="Coursera">
-
-	<target host="coursera.org"/>
-	<target host="*.coursera.org"/>
-
-	<securecookie host="^(.*\.)?coursera\.org$" name=".*"/>
-
-	<!--	!www !work	-->
-	<rule from="^https?://coursera\.org/"
-		to="https://www.coursera.org/"/>
-
-	<rule from="^http://(accounts|class|eventing|www)\.coursera\.org/"
-		to="https://$1.coursera.org/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Courthouse-News-Service.xml b/src/chrome/content/rules/Courthouse-News-Service.xml
deleted file mode 100644
index a9239519cd3a..000000000000
--- a/src/chrome/content/rules/Courthouse-News-Service.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Courthouse News Service" platform="mixedcontent">
-
-	<target host="courthousenews.com" />
-	<target host="www.courthousenews.com" />
-
-
-	<securecookie host="^(www\.)?courthousenews\.com$" name=".*" />
-
-
-	<rule from="^http://(www\.)?courthousenews\.com/"
-		to="https://$1courthousenews.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/CourthouseNews.com.xml b/src/chrome/content/rules/CourthouseNews.com.xml
new file mode 100644
index 000000000000..471a9ea21714
--- /dev/null
+++ b/src/chrome/content/rules/CourthouseNews.com.xml
@@ -0,0 +1,26 @@
+<!--
+	No working URL known:
+		archive.courthousenews.com
+		beta.courthousenews.com
+		webservices.courthousenews.com
+
+	Different content http/https:
+		search.courthousenews.com
+
+	Time out:
+		files.courthousenews.com
+
+	Login required:
+		subscribers.courthousenews.com
+
+-->
+<ruleset name="Courthouse News Service">
+
+	<target host="courthousenews.com" />
+	<target host="www.courthousenews.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Courts_of_New_Zealand.xml b/src/chrome/content/rules/Courts_of_New_Zealand.xml
index 74eb4c4f89dc..0fd2f5fcb5bc 100644
--- a/src/chrome/content/rules/Courts_of_New_Zealand.xml
+++ b/src/chrome/content/rules/Courts_of_New_Zealand.xml
@@ -1,10 +1,32 @@
-<ruleset name="Courts of New Zealand">
+<!--
+	Courts of New Zealand
 
-	<target host="courtsofnz.govt.nz" />
+
+	^courtsofnz.govt.nz: Mismatched
+
+
+	Mixed content:
+
+		- Images from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Courts of NZ.govt.nz">
+
+	<!--	Direct rewrites:
+				-->
 	<target host="www.courtsofnz.govt.nz" />
 
+	<!--	Complications:
+				-->
+	<target host="courtsofnz.govt.nz" />
+
+
+	<rule from="^http://courtsofnz\.govt\.nz/"
+		to="https://www.courtsofnz.govt.nz/" />
 
-	<rule from="^http://(www\.)?courtsofnz\.govt\.nz/"
-		to="https://$1courtsofnz.govt.nz/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Cov.com.xml b/src/chrome/content/rules/Cov.com.xml
new file mode 100644
index 000000000000..c8d109df2717
--- /dev/null
+++ b/src/chrome/content/rules/Cov.com.xml
@@ -0,0 +1,34 @@
+<!--
+	^cov.com: Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.cov.com
+
+-->
+<ruleset name="Cov.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.cov.com" />
+
+	<!--	Complications:
+				-->
+	<target host="cov.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.cov\.com$" name="^(?:ASP\.NET_SessionId|SC_ANALYTICS_(?:GLOBAL|SESSION)_COOKIE|website#lang)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://cov\.com/"
+		to="https://www.cov.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Covad.com-problematic.xml b/src/chrome/content/rules/Covad.com-problematic.xml
new file mode 100644
index 000000000000..295782666ef4
--- /dev/null
+++ b/src/chrome/content/rules/Covad.com-problematic.xml
@@ -0,0 +1,22 @@
+<!--
+	For rules that are on by default, see Covad.com.xml.
+
+-->
+<ruleset name="Covad.com (problematic)" default_off="expired, self-signed">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.covad.com"/>
+
+	<!--	Complications:
+				-->
+	<target host="covad.com"/>
+
+
+	<rule from="^http://covad\.com/"
+		to="https://www.covad.com/"/>
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Covad.com.xml b/src/chrome/content/rules/Covad.com.xml
new file mode 100644
index 000000000000..9053946bfa45
--- /dev/null
+++ b/src/chrome/content/rules/Covad.com.xml
@@ -0,0 +1,47 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://my.covad.com/ => https://my.covad.com/: (60, 'SSL certificate problem: certificate has expired')
+
+	For problematic rules, see Covad.com-problematic.xml.
+
+	For other Global Capacity coverage, see Global_Capacity.com.xml.
+
+
+	Nonfunctional hosts in *covad.com:
+
+		- resource *
+
+	* 403
+
+
+	Problematic hosts in *covad.com:
+
+		- ^ ⁴
+		- www ᵉ ˢ
+	⁴ 403
+	ᵉ Expired
+	ˢ Self-signed
+
+
+	Mixed content:
+
+		- css on www from fonts.googleapis.com ¹
+		- favicon on www from globalcapacity.com ²
+		- Bug on www from c.statcounter.com ¹
+
+	¹ Secured by us
+	² Not secured by us <= expired & self-signed
+
+-->
+<ruleset name="Covad.com (partial)" default_off="failed ruleset test">
+
+	<target host="dashboard.covad.com" />
+	<target host="my.covad.com" />
+	<target host="support.covad.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Covad.net.xml b/src/chrome/content/rules/Covad.net.xml
new file mode 100644
index 000000000000..a628e30551e9
--- /dev/null
+++ b/src/chrome/content/rules/Covad.net.xml
@@ -0,0 +1,25 @@
+<!--
+	For other Global Capacity coverage, see Global_Capacity.com.xml.
+
+
+	(www.)?covad.net: Dropped
+
+-->
+<ruleset name="Covad.net">
+
+	<!--	Complications:
+				-->
+	<target host="covad.net"/>
+	<target host="www.covad.net"/>
+
+
+	<!--	Redirect drops path and forward
+		slash, but not args:
+					-->
+	<rule from="^http://(?:www\.)?covad\.net/[^?]*"
+		to="https://my.megapath.com/"/>
+
+		<test url="http://covad.net//" />
+		<test url="http://www.covad.net//" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CoverStand.com.xml b/src/chrome/content/rules/CoverStand.com.xml
new file mode 100644
index 000000000000..5ab70369f499
--- /dev/null
+++ b/src/chrome/content/rules/CoverStand.com.xml
@@ -0,0 +1,25 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://coverstand.com/ => https://coverstand.com/: (7, 'Failed to connect to coverstand.com port 443: Connection refused')
+Fetch error: http://www.coverstand.com/ => https://www.coverstand.com/: (7, 'Failed to connect to www.coverstand.com port 443: Connection refused')
+
+-->
+<ruleset name="CoverStand.com" default_off="failed ruleset test">
+
+	<target host="coverstand.com" />
+	<target host="cdn.coverstand.com" />
+	<target host="www.coverstand.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?coverstand\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^(?:www\.)?coverstand\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cover_Art_Archive.org.xml b/src/chrome/content/rules/Cover_Art_Archive.org.xml
new file mode 100644
index 000000000000..113b4380ae50
--- /dev/null
+++ b/src/chrome/content/rules/Cover_Art_Archive.org.xml
@@ -0,0 +1,24 @@
+<!--
+	For other MusicBrainz coverage, see MusicBrainz.xml.
+
+
+	www.coverartarchive.org: Mismatched
+
+-->
+<ruleset name="Cover Art Archive.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="coverartarchive.org" />
+
+	<!--	Complications:
+				-->
+	<target host="www.coverartarchive.org" />
+
+
+	<rule from="^http://www\.coverartarchive\.org/"
+		to="https://coverartarchive.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Coverage-for-All.xml b/src/chrome/content/rules/Coverage-for-All.xml
index ad40fd922a69..741c3a44463a 100644
--- a/src/chrome/content/rules/Coverage-for-All.xml
+++ b/src/chrome/content/rules/Coverage-for-All.xml
@@ -2,5 +2,6 @@
 	<target host="coverageforall.org" />
 	<target host="www.coverageforall.org" />
 
-	<rule from="^http://(?:www\.)?coverageforall\.org/" to="https://www.coverageforall.org/" />
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Coveralls.io.xml b/src/chrome/content/rules/Coveralls.io.xml
new file mode 100644
index 000000000000..6fb37e7ab351
--- /dev/null
+++ b/src/chrome/content/rules/Coveralls.io.xml
@@ -0,0 +1,42 @@
+<!--
+	CDN buckets:
+
+		- s3.amazonaws.com/assets.coveralls.io/
+
+
+	Nonfunctional hosts in *coveralls.io:
+
+		- support *
+
+	* Zendesk
+
+
+	Mixed content:
+
+		- Image on blog from s3.amazonaws.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Coveralls.io (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="coveralls.io" />
+	<target host="blog.coveralls.io" />
+	<target host="www.coveralls.io" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^coveralls\.io$" name="^(_coveralls_session|request_method)$" /-->
+	<!--securecookie host="^\.coveralls\.io$" name="^(?:__cfduid|cf_clearance)$" /-->
+	<!--securecookie host="^www\.coveralls\.io$" name="^LSW_WEB$" /-->
+
+	<securecookie host="^(?:\.|www\.)?coveralls\.io$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Covered-California.xml b/src/chrome/content/rules/Covered-California.xml
new file mode 100644
index 000000000000..23027f16bde5
--- /dev/null
+++ b/src/chrome/content/rules/Covered-California.xml
@@ -0,0 +1,54 @@
+<!--
+
+	Problematic hosts in *coveredca.com:
+
+		- ^ (timeout over https)
+		- www (redirects to http using javascript)
+		- board (mismatched)
+		- digitaltoolbox (TLS error)
+		- hbex (mismatch)
+		- itslifecare (mismatch)
+		- news (TLS error)
+
+	Problematic hosts in *coveredca.org:
+
+		- ^ (timeout over https)
+		- www (timeout over https)
+
+	Problematic hosts in *coveredcacertifiedpartners.com:
+
+		- ^ (timeout over https)
+		- www (timeout over https)
+
+-->
+<ruleset name="Covered California (partial)">
+	<target host="coveredca.com" />
+	<target host="1095.coveredca.com" />
+	<target host="anyconnect.coveredca.com" />
+	<target host="apply.coveredca.com" />
+	<target host="eadfs.coveredca.com" />
+	<target host="events.coveredca.com" />
+	<target host="intranet.coveredca.com" />
+	<target host="jobs.coveredca.com" />
+	<target host="learning.coveredca.com" />
+	<target host="planmanagement.coveredca.com" />
+	<target host="reset.coveredca.com" />
+	<target host="storefronts.coveredca.com" />
+	<target host="coveredca.org" />
+	<target host="www.coveredca.org" />
+	<target host="coveredcacertifiedpartners.com" />
+	<target host="www.coveredcacertifiedpartners.com" />
+	<target host="v.calheers.ca.gov" />
+
+	<rule from="^http://coveredca\.com/"
+		to="https://www.coveredca.com/" />
+
+	<rule from="^http://(www\.)?coveredca\.org/"
+		to="https://www.coveredca.com/" />
+
+	<rule from="^http://(www\.)?coveredcacertifiedpartners\.com/$"
+		to="https://coveredca.force.com/Certification/s/certified-partners-verification" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Coverfire.com.xml b/src/chrome/content/rules/Coverfire.com.xml
index eff5745cdc49..4b6ef0eb8d40 100644
--- a/src/chrome/content/rules/Coverfire.com.xml
+++ b/src/chrome/content/rules/Coverfire.com.xml
@@ -1,10 +1,18 @@
+<!--
+	Mixed content:
+
+		- Bug from i.creativecommons.org ˢ
+
+	ˢ Secured by us
+
+-->
 <ruleset name="Coverfire.com">
 
 	<target host="coverfire.com" />
 	<target host="www.coverfire.com" />
 
 
-	<rule from="^http://(www\.)?coverfire\.com/"
-		to="https://$1coverfire.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Coverforyou.com.xml b/src/chrome/content/rules/Coverforyou.com.xml
index 4fbba3fcd18d..44f3e59dabc4 100644
--- a/src/chrome/content/rules/Coverforyou.com.xml
+++ b/src/chrome/content/rules/Coverforyou.com.xml
@@ -1,9 +1,15 @@
+<!--
+	Invalid certificate:
+		help.coverforyou.com
+		mail.coverforyou.com
+
+-->
 <ruleset name="Coverforyou.com">
-    <target host="coverforyou.com" />
-    <target host="*.coverforyou.com" />
 
-    <rule from="^https?://coverforyou\.com/"
-        to="https://www.coverforyou.com/"/>
-    <rule from="^http://([^/:@]+)?\.coverforyou\.com/"
-        to="https://$1.coverforyou.com/" />
+	<target host="coverforyou.com" />
+	<target host="www.coverforyou.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/Coverity.com.xml b/src/chrome/content/rules/Coverity.com.xml
index 3a2c2fa7759c..2fb039ddaa39 100644
--- a/src/chrome/content/rules/Coverity.com.xml
+++ b/src/chrome/content/rules/Coverity.com.xml
@@ -1,56 +1,129 @@
-<!--
-
-	CDN buckets:
-
-		- coverity.mktoweb.com
-
-			- softwareintegrity
-
 
-	Nonfunctional subdomains:
-
-		- (www.)	(dropped)
-		- scan		(refused)
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://go.coverity.com/css/mktLPSupport.css (200) => https://na-sjf.marketo.com/css/mktLPSupport.css (403)
+Non-2xx HTTP code: http://softwareintegrity.coverity.com/css/mktLPSupport.css (200) => https://na-sjf.marketo.com/css/mktLPSupport.css (403)
+Fetch error: http://uat.communities.coverity.com/ => https://uat.communities.coverity.com/: (6, 'Could not resolve host: uat.communities.coverity.com')
+Fetch error: http://apps.uat.communities.coverity.com/ => https://apps.uat.communities.coverity.com/: (6, 'Could not resolve host: apps.uat.communities.coverity.com')
+Fetch error: http://trial.coverity.com/ => https://trial.coverity.com/: (28, 'Connection timed out after 20001 milliseconds')
 
+	Nonfunctional hosts in *coverity.com:
 
-	Problematic subdomains:
+		- blog ¹
+		- go *
+		- scan6 ²
+		- security ²
+		- softwareintegrity *
 
-		- autodiscover		(refused)
-		- blog			(dropped)
-		- softwareintegrity	(redirects to app-sjf.marketo.com)
+	¹ 403
+	* Marketo
+	² Refused
 
 
-	Partially covered subdomains:
+	Problematic hosts in *coverity.com:
 
-		- blpg			(→ communities)
-		- softwareintegrity	(→ na-sjf.marketo.com)
+		- ^ ¹
+		- autodiscover ²
+		- webstaging ¹
 
+	¹ Missing certificate chain
+	² Refused
 
-	Fully covered subdomains:
 
-		- communities
-		- uat.communities
-		- apps.uat
+	These altnames don't exist:
 
--->
-<ruleset name="Coverity.com (partial)">
+		- apps.communities.coverity.com
+		- www.communities.coverity.com
+		- scan7.coverity.com
 
-	<target host="*.coverity.com" />
 
+	Insecure cookies are set for these hosts:
 
-	<securecookie host="^(?:(?:uat\.)?communities|apps\.uat)\.coverity\.com$" name=".+" />
+		- communities.coverity.com
+		- uat.communities.coverity.com
+		- apps.uat.communities.coverity.com
 
+		- scan.coverity.com
 
-	<rule from="^http://autodiscover\.coverity\.com/"
-		to="https://autodiscover-s.outlook.com/" />
 
-	<rule from="^http://blog\.coverity\.com/[^?]*(\?.*)?"
-		to="https://communities.coverity.com/blogs/software-integrity-blog/$1" />
+	Mixed content:
 
-	<rule from="^http://((?:uat\.)?communities|apps\.uat)\.coverity\.com/"
-		to="https://$1.coverity.com/" />
+		- Image on www from webstaging.coverity.com
+		- favicon on www from $self *
 
-	<rule from="^http://softwareintegrity\.coverity\.com/(cs|image|j|r)s/"
-		to="https://na-sjf.marketo.com/$1s/" />
+	* Secured by us
 
-</ruleset>
\ No newline at end of file
+-->
+<ruleset name="Coverity.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="communities.coverity.com" />
+	<target host="uat.communities.coverity.com" />
+	<target host="apps.uat.communities.coverity.com" />
+	<target host="scan.coverity.com" />
+	<target host="scan5.coverity.com" />
+	<target host="trial.coverity.com" />
+	<!--target host="webstaging.coverity.com" /-->
+	<target host="www.coverity.com" />
+
+	<!--	Complications:
+				-->
+	<target host="coverity.com" />
+	<target host="autodiscover.coverity.com" />
+	<target host="go.coverity.com" />
+	<target host="softwareintegrity.coverity.com" />
+
+		<exclusion pattern="^http://(?:go|softwareintegrity)\.coverity\.com/+(?!css/|images/|rs/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://go.coverity.com/register-for-gartner-mq-report.html" />
+			<test url="http://softwareintegrity.coverity.com/free-trial-3.html" />
+			<test url="http://softwareintegrity.coverity.com/free-trial-coverity.html" />
+			<test url="http://softwareintegrity.coverity.com/free-trial.html" />
+
+			<!--	-ve:
+					-->
+			<test url="http://go.coverity.com/css/mktLPSupport.css" />
+			<test url="http://go.coverity.com/rs/coverity/images/body-bg.gif" />
+			<test url="http://softwareintegrity.coverity.com/css/mktLPSupport.css" />
+			<test url="http://softwareintegrity.coverity.com/rs/coverity/images/coverity-logo-white.png" />
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(uat\.|apps\.uat\.)?communities\.coverity\.com$" name="^BIGipServer\+-11-pool$" /-->
+	<!--securecookie host="^communities\.coverity\.com$" name="^(JSESSIONID|jive\.server\.info)$" /-->
+	<!--securecookie host="^scan\.coverity\.com$" name="^(_session_id|request_method)$" /-->
+
+	<securecookie host="^\." name="^__qca$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://coverity\.com/"
+		to="https://www.coverity.com/" />
+
+	<!--	For /+\w.*, redirect keeps path but not args:
+								-->
+	<rule from="^http://autodiscover\.coverity\.com/+([^?]+).*"
+		to="https://outlook.office365.com/$1" />
+
+		<test url="http://autodiscover.coverity.com/index.aspx" />
+		<test url="http://autodiscover.coverity.com/index.htm" />
+		<test url="http://autodiscover.coverity.com/index.php" />
+
+	<!--	For /+\?.*, drops args:
+						-->
+	<rule from="^http://autodiscover\.coverity\.com/.*"
+		to="https://outlook.office365.com/owa/" />
+
+		<test url="http://autodiscover.coverity.com/?foo" />
+		<test url="http://autodiscover.coverity.com//?bar" />
+
+	<rule from="^http://(?:go|softwareintegrity)\.coverity\.com/"
+		to="https://na-sjf.marketo.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CovertiLive.com.xml b/src/chrome/content/rules/CovertiLive.com.xml
index 19aa523a3f8e..d4fde88a7a74 100644
--- a/src/chrome/content/rules/CovertiLive.com.xml
+++ b/src/chrome/content/rules/CovertiLive.com.xml
@@ -9,41 +9,60 @@
 		- www.coveritlive.com.edgesuite.net
 
 
-	Problematic subdomains:
+	Nonfunctional hosts in *coveritlive.com:
 
-		- cdnsl *
-		- media *
-		- www *
+		- blog *
 
-	* Akamai
+	* Dropped
 
 
 	Some pages redirect to http://www
 
 
-	Fully covered subdomains:
+	Insecure cookies are set for these domains:
 
-		- ^
-		- cdnsl		(→ cdnssl)
-		- cdnssl
-		- secure4
-		- wwwssl
+		- .coveritlive.com
 
 -->
 <ruleset name="CoveritLive.com (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="coveritlive.com" />
-	<target host="*.coveritlive.com" />
-		<exclusion pattern="^http://www\.coveritlive\.com/(?!favicon\.ico|images/|templates/)" />
-
-
-	<rule from="^http://(?:www\.)?coveritlive\.com/"
-		to="https://coveritlive.com/" />
-
-	<rule from="^http://cdnsl(?:ssl)?\.coveritlive\.com/"
-		to="https://cdnslssl.coveritlive.com/" />
-
-	<rule from="^http://(secure4|wwwssl)\.coveritlive\.com/"
-		to="https://$1.coveritlive.com/" />
-
-</ruleset>
\ No newline at end of file
+	<target host="cdnsl.coveritlive.com" />
+	<target host="cdnslssl.coveritlive.com" />
+	<target host="media.coveritlive.com" />
+	<target host="secure4.coveritlive.com" />
+	<target host="www.coveritlive.com" />
+	<target host="wwwssl.coveritlive.com" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.coveritlive\.com/(?:customers$|index\.php\?option=|resources/supportcenter$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.coveritlive\.com/+(?!favicon\.ico|images/|templates/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.coveritlive.com/cilProducts" />
+			<test url="http://www.coveritlive.com/customers" />
+			<test url="http://www.coveritlive.com/index.php?option=" />
+			<test url="http://www.coveritlive.com/resources/supportcenter" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.coveritlive.com/favicon.ico" />
+			<test url="http://www.coveritlive.com/images/marketing/customers/transparent.gif" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.coveritlive\.com$" name="^[\da-f]{32}$" /-->
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Covisint.xml b/src/chrome/content/rules/Covisint.xml
index e6b56175124d..c95a687bfc37 100644
--- a/src/chrome/content/rules/Covisint.xml
+++ b/src/chrome/content/rules/Covisint.xml
@@ -1,21 +1,24 @@
 <!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://covisint.com/ (200) => https://covisint.com/ (500)
 	See Compuware.xml for other Compuware coverage.
 
 -->
 <ruleset name="Covisint">
 
 	<target host="covisint.com" />
-	<target host="*.covisint.com" />
+	<target host="portal.covisint.com" />
+	<target host="www.covisint.com" />
+	<target host="support.covisint.com" />
 
 
-	<securecookie host="^(.*\.)?covisint\.com$" name=".*" />
+	<securecookie host=".+" name=".+"/>
 
 
-	<rule from="^http://(portal\.|www\.)?covisint\.com/"
-		to="https://$1covisint.com/" />
 
 	<!--	reset, redirects like so over http.	-->
-	<rule from="^https?://support\.covisint\.com/"
+	<rule from="^http://support\.covisint\.com/"
 		to="https://portal.covisint.com/web/support/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Cox-Digital-Solutions-problematic.xml b/src/chrome/content/rules/Cox-Digital-Solutions-problematic.xml
index 52b00c7c7630..78fed6f6e165 100644
--- a/src/chrome/content/rules/Cox-Digital-Solutions-problematic.xml
+++ b/src/chrome/content/rules/Cox-Digital-Solutions-problematic.xml
@@ -10,7 +10,6 @@
 	<!--	Cookies are handled in Cox-Digital-Solutions.xml.	-->
 
 
-	<rule from="^http://stat\.coxds\.com/"
-		to="https://stat.coxds.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Cox-Digital-Solutions.xml b/src/chrome/content/rules/Cox-Digital-Solutions.xml
index 31f0057ac6ee..a014fe57e066 100644
--- a/src/chrome/content/rules/Cox-Digital-Solutions.xml
+++ b/src/chrome/content/rules/Cox-Digital-Solutions.xml
@@ -1,13 +1,21 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://coxds.com/ => https://www.coxdigitalsolutions.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://coxds.com/ => https://www.coxdigitalsolutions.com/: (28, 'Connection timed out after 10000 milliseconds')
 	For problematic rules, see Cox-Digital-Solutions-problematic.xml.
 
 -->
-<ruleset name="Cox Digital Solutions (partial)">
+<ruleset name="Cox Digital Solutions (partial)" default_off="failed ruleset test">
 
 	<target host="coxdigitalsolutions.com" />
 	<target host="www.coxdigitalsolutions.com" />
 	<target host="coxds.com" />
-	<target host="*.coxds.com" />
+	<target host="www.coxds.com" />
+	<target host="go.coxds.com" />
+	<target host="images.coxds.com" />
 
 
 	<securecookie host="^.+\.coxds\.com$" name=".+" />
@@ -21,10 +29,10 @@
 	<!--	- Cert: www.coxdigitalsolutions.com
 		- 301s like so
 					-->
-	<rule from="^https?://(?:www\.)?coxds\.com/"
+	<rule from="^http://(?:www\.)?coxds\.com/"
 		to="https://www.coxdigitalsolutions.com/" />
 
 	<rule from="^http://(go|images)\.coxds\.com/"
 		to="https://$1.coxds.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Cox_Communications.xml b/src/chrome/content/rules/Cox_Communications.xml
index cc2da482a036..1d6ad4d9716d 100644
--- a/src/chrome/content/rules/Cox_Communications.xml
+++ b/src/chrome/content/rules/Cox_Communications.xml
@@ -1,4 +1,6 @@
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cox.com/ => https://ww2.cox.com/: Cycle detected - URL already encountered: http://cox.com/
 	Nonfunctional domains:
 
 		- support.coxbusiness.com
@@ -43,13 +45,19 @@
 <ruleset name="Cox Communications (partial)">
 
 	<target host="cox.com" />
-	<target host="*.cox.com" />
+	<target host="ww2.cox.com" />
+	<target host="www.cox.com" />
+	<target host="framework.cox.com" />
+	<target host="images.cox.com" />
+	<target host="intercept.cox.com" />
+	<target host="store.cox.com" />
 		<exclusion pattern="^http://(?:intercept|ww2)\.cox\.com/.+\.cox(?:$|\?)" />
-	<target host="*.store.cox.com" />
-	<target host="*.cox.net" />
 	<target host="idm.east.cox.net" />
+	<target host="framework.cox.net" />
 	<target host="coxbusiness.com" />
-	<target host="*.coxbusiness.com" />
+	<target host="www.coxbusiness.com" />
+	<target host="framework.coxbusiness.com" />
+	<target host="myaccount.coxbusiness.com" />
 
 
 	<securecookie host="^\.?store\.cox\.com$" name=".+" />
@@ -58,19 +66,14 @@
 	<securecookie host="^.*\.coxbusiness\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:ww[2w]\.)?cox\.com/"
+	<rule from="^http://(?:ww[2w]\.)?cox\.com/"
 		to="https://ww2.cox.com/" />
 
-	<rule from="^http://(framework|images|intercept|store)\.cox\.com/"
-		to="https://$1.cox.com/" />
 
-	<rule from="^http://(idm\.east|framework)\.cox\.net/"
-		to="https://$1.cox.net/" />
 
-	<rule from="^https?://(?:www\.)?coxbusiness\.com/"
+	<rule from="^http://(?:www\.)?coxbusiness\.com/"
 		to="https://ww2.cox.com/business" />
 
-	<rule from="^http://(framework|myaccount)\.coxbusiness\.com/"
-		to="https://$1.coxbusiness.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Coxnewsweb.com.xml b/src/chrome/content/rules/Coxnewsweb.com.xml
index 8837e22634f0..ed2dc82e94ca 100644
--- a/src/chrome/content/rules/Coxnewsweb.com.xml
+++ b/src/chrome/content/rules/Coxnewsweb.com.xml
@@ -1,9 +1,17 @@
-<!-- if we are going to include ads and tracking info, lets atleast do it by https.-->
+<!--
+	if we are going to include ads and tracking info, lets atleast do it by https.
+
+
+	Nonfunctional hosts in *coxnewsweb.com:
+
+		- img ᵃ
+
+	ᵃ Shows alt.coxnewsweb.com
+
+-->
 <ruleset name="coxnewsweb.net">
-	<target host="coxnewsweb.com" />
-	<target host="img.coxnewsweb.com" />
 	<target host="alt.coxnewsweb.com" />
-	<rule from="^http://img\.coxnewsweb\.com/" to="https://img.coxnewsweb.com/"/>
-	<rule from="^http://alt\.coxnewsweb\.com/" to="https://alt.coxnewsweb.com/"/>
+	<rule from="^http:"
+		to="https:"/>
 </ruleset>
 
diff --git a/src/chrome/content/rules/Coy.IM.xml b/src/chrome/content/rules/Coy.IM.xml
new file mode 100644
index 000000000000..24d25bdcee55
--- /dev/null
+++ b/src/chrome/content/rules/Coy.IM.xml
@@ -0,0 +1,13 @@
+<ruleset name="Coy.IM">
+
+	<target host="coy.im" />
+	<target host="www.coy.im" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CozumPark.com.xml b/src/chrome/content/rules/CozumPark.com.xml
new file mode 100644
index 000000000000..f40122c732c2
--- /dev/null
+++ b/src/chrome/content/rules/CozumPark.com.xml
@@ -0,0 +1,43 @@
+<!--
+	Nonfunctional hosts in *cozumpark.com:
+
+		- egitim ¹
+		- tv ²
+
+	¹ Refused
+	² Dropped
+
+
+	^cozumpark.com: Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.cozumpark.com
+
+-->
+<ruleset name="CozumPark.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.cozumpark.com" />
+
+	<!--	Complications:
+				-->
+	<target host="cozumpark.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.cozumpark\.com$" name="^(ASP\.NET_SessionId|CommunityServer-LastVisitUpdated-\d+|CommunityServer-UserCookie\d+|cozumpark)$" /-->
+
+	<securecookie host="^www\.cozumpark\.com$" name=".+" />
+
+
+	<rule from="^http://cozumpark\.com/"
+		to="https://www.cozumpark.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cp.fonality.com.xml b/src/chrome/content/rules/Cp.fonality.com.xml
new file mode 100644
index 000000000000..e135a97e096e
--- /dev/null
+++ b/src/chrome/content/rules/Cp.fonality.com.xml
@@ -0,0 +1,12 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.cp.fonality.com/ => https://www.cp.fonality.com/: (6, 'Could not resolve host: www.cp.fonality.com')
+
+-->
+<ruleset name="Cp.fonality.com" default_off="failed ruleset test">
+  <target host="cp.fonality.com" />
+  <target host="www.cp.fonality.com" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Cp.pt.xml b/src/chrome/content/rules/Cp.pt.xml
new file mode 100644
index 000000000000..15a0270d2dc1
--- /dev/null
+++ b/src/chrome/content/rules/Cp.pt.xml
@@ -0,0 +1,28 @@
+<!--
+Mismatch:
+https://www2.cp.pt/
+https://www1.cp.pt/
+https://ns0.cp.pt/
+
+Redirect:
+http://venda.cp.pt
+
+Invalid cert:
+https://cloud.cp.pt/
+
+Timeout:
+https://sites.cp.pt/
+http://amf.cp.pt/
+-->
+
+<ruleset name="Cp.pt">
+  <target host="cp.pt" />
+  <target host="www.cp.pt" />
+  <target host="cpkids.cp.pt" />
+  <target host="portal.cp.pt" />
+  <target host="webmail.cp.pt" />
+  <target host="venda.cp.pt" />
+
+  <rule from="^http://cp\.pt/" to="https://www.cp.pt/" />
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Cppinstitute.org.xml b/src/chrome/content/rules/Cppinstitute.org.xml
new file mode 100644
index 000000000000..e74cd9424989
--- /dev/null
+++ b/src/chrome/content/rules/Cppinstitute.org.xml
@@ -0,0 +1,7 @@
+<ruleset name="Cppinstitute.org">
+	<target host="cppinstitute.org" />
+	<target host="www.cppinstitute.org" />
+	<target host="education.cppinstitute.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Cpunk.de.xml b/src/chrome/content/rules/Cpunk.de.xml
index 944f76d985cd..4327715abeb1 100644
--- a/src/chrome/content/rules/Cpunk.de.xml
+++ b/src/chrome/content/rules/Cpunk.de.xml
@@ -1,15 +1,25 @@
 <!--
-	Nonfunctional subdomains:
-
-		- (www.)	(shows login)
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- hg.cpunk.de
+		- imap.cpunk.de
+		- smtp.cpunk.de
+		- tresor-scripts.cpunk.de
 
+		Incomplete certificate chain error:
+		- dav.cpunk.de
+		- gpg4usb.cpunk.de
+		- gutscheingruppe.cpunk.de
+		- theaterkeller.cpunk.de
 -->
-<ruleset name="cpunk.de (partial)" platform="cacert">
-
-	<target host="gpg4usb.cpunk.de" />
-
-
-	<rule from="^http://gpg4usb\.cpunk\.de/"
-		to="https://gpg4usb.cpunk.de/" />
+<ruleset name="cpunk.de">
+	<target host="cpunk.de" />
+	<target host="www.cpunk.de" />
+	<target host="mail.cpunk.de" />
+	<target host="oc.cpunk.de" />
+	<target host="php.cpunk.de" />
+	<target host="rss.cpunk.de" />
+	<target host="webmail.cpunk.de" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Cpunks.org.xml b/src/chrome/content/rules/Cpunks.org.xml
new file mode 100644
index 000000000000..02a4e894d596
--- /dev/null
+++ b/src/chrome/content/rules/Cpunks.org.xml
@@ -0,0 +1,9 @@
+<ruleset name="Cpunks.org" >
+	<target host="cpunks.org" />
+	<target host="www.cpunks.org" />
+	<target host="lists.cpunks.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Cqc.org.uk.xml b/src/chrome/content/rules/Cqc.org.uk.xml
new file mode 100644
index 000000000000..b3dde4f39f53
--- /dev/null
+++ b/src/chrome/content/rules/Cqc.org.uk.xml
@@ -0,0 +1,11 @@
+<ruleset name="cqc.org.uk">
+	<target host="cqc.org.uk" />
+	<target host="www.cqc.org.uk" />
+	<target host="communities.cqc.org.uk" />
+	<target host="jobs.cqc.org.uk" />
+	<target host="qrp.cqc.org.uk" />
+	<target host="services.cqc.org.uk" />
+	<target host="webdataforms.cqc.org.uk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Cr.yp.to.xml b/src/chrome/content/rules/Cr.yp.to.xml
new file mode 100644
index 000000000000..2c3970c11c2b
--- /dev/null
+++ b/src/chrome/content/rules/Cr.yp.to.xml
@@ -0,0 +1,54 @@
+<!--
+	Problematic hosts in *cr.yp.to:
+
+		- rump2007 ¹
+		- rump2008 ¹
+		- rump2009 ¹
+		- rump2010 ¹
+		- rump2011 ¹
+		- snakeoil ²
+		- pairings.temporary ³
+
+
+	ᵐ Mismatched
+	¹ Bad cert
+	² connection denied
+	³ SSL error
+
+
+	www.cr.yp.to doesn't exist.
+
+-->
+<ruleset name="cr.yp.to (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="bada55.cr.yp.to" />
+	<target host="bench.cr.yp.to" />
+	<target host="binary.cr.yp.to" />
+	<target host="blog.cr.yp.to" />
+	<target host="competitions.cr.yp.to" />
+	<target host="cr.yp.to" />
+	<target host="cubehash.cr.yp.to" />
+	<target host="ed25519.cr.yp.to" />
+	<target host="eecm.cr.yp.to" />
+	<target host="eindhoven.cr.yp.to" />
+	<target host="elligator.cr.yp.to" />
+	<target host="export.cr.yp.to" />
+	<target host="nacl.cr.yp.to" />
+	<target host="pi.cr.yp.to" />
+	<target host="safecurves.cr.yp.to" />
+	<target host="smartfacts.cr.yp.to" />
+	<target host="sphincs.cr.yp.to" />
+	<target host="tweetnacl.cr.yp.to" />
+	<target host="untied.cr.yp.to" />
+
+	<test url="http://export.cr.yp.to/index.html" />
+	<test url="http://export.cr.yp.to/index.php" />
+
+	<securecookie host="^\w" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cr0.org.xml b/src/chrome/content/rules/Cr0.org.xml
new file mode 100644
index 000000000000..8c7cdbff696c
--- /dev/null
+++ b/src/chrome/content/rules/Cr0.org.xml
@@ -0,0 +1,39 @@
+<!--
+	Nonfunctional subdomains:
+
+		- blog *
+
+	* Blogger
+
+
+	Problematic subdomains:
+
+		- kernelsec *
+		- metasm *
+		- slipfest
+		- www-pw *
+
+	* Works; mismatched, CN: *.on-web.fr
+
+-->
+<ruleset name="cr0.org (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="cr0.org" />
+	<target host="www.cr0.org" />
+
+	<!--	Complications:
+				-->
+	<target host="www-pw.cr0.org" />
+
+		<!--exclusion pattern="http://(blog|kernelsec|metasm|slipfest)\.cr0\.org/" /-->
+
+
+	<rule from="^http://www-pw\.cr0\.org/"
+		to="https://www.cr0.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CrackSAT.net.xml b/src/chrome/content/rules/CrackSAT.net.xml
new file mode 100644
index 000000000000..50d36cc8ef1e
--- /dev/null
+++ b/src/chrome/content/rules/CrackSAT.net.xml
@@ -0,0 +1,6 @@
+<ruleset name="CrackSAT.net">
+	<target host="cracksat.net" />
+	<target host="www.cracksat.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Cracked.com.xml b/src/chrome/content/rules/Cracked.com.xml
new file mode 100644
index 000000000000..2ebdacd550b5
--- /dev/null
+++ b/src/chrome/content/rules/Cracked.com.xml
@@ -0,0 +1,15 @@
+<!--
+	For other Demand Media coverage, see Demand-Media.xml.
+-->
+<ruleset name="Cracked.com (partial)">
+	<target host="cracked.com" />
+	<target host="www.cracked.com" />
+	<target host="admin.cracked.com" />
+	<target host="ajax.cracked.com" />
+	<target host="secure.cracked.com" />
+	<target host="shop.cracked.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CrackedCDN.com.xml b/src/chrome/content/rules/CrackedCDN.com.xml
new file mode 100644
index 000000000000..b7913e776ce1
--- /dev/null
+++ b/src/chrome/content/rules/CrackedCDN.com.xml
@@ -0,0 +1,11 @@
+<!--
+     For other Demand Media coverage, see Demand-Media.xml.
+-->
+<ruleset name="CrackedCDN.com (partial)">
+	<target host="ui.crackedcdn.com" />
+	<target host="s3.crackedcdn.com" />
+		<test url="http://s3.crackedcdn.com/phpimages/article/0/4/0/725040_v2.jpg" />
+		<test url="http://s3.crackedcdn.com/phpimages/article/3/9/3/724393_v1.jpg" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Crackedconsole.com.xml b/src/chrome/content/rules/Crackedconsole.com.xml
index dd153d622e77..4de954c67175 100644
--- a/src/chrome/content/rules/Crackedconsole.com.xml
+++ b/src/chrome/content/rules/Crackedconsole.com.xml
@@ -1,13 +1,19 @@
-<ruleset name="crackedconsole.com">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://crackedconsole.com/ => https://crackedconsole.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.crackedconsole.com/ => https://www.crackedconsole.com/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="crackedconsole.com" default_off="failed ruleset test">
 
 	<target host="crackedconsole.com" />
-	<target host="*.crackedconsole.com" />
+	<target host="www.crackedconsole.com" />
 
 
 	<securecookie host="^\.crackedconsole\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?crackedconsole\.com/"
-		to="https://$1crackedconsole.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/CraftBanter.xml b/src/chrome/content/rules/CraftBanter.xml
index 6c7782218fbd..846aa9626fda 100644
--- a/src/chrome/content/rules/CraftBanter.xml
+++ b/src/chrome/content/rules/CraftBanter.xml
@@ -5,13 +5,13 @@
 <ruleset name="CraftBanter">
 
 	<target host="craftbanter.com" />
-	<target host="*.craftbanter.com" />
+	<target host="www.craftbanter.com" />
 
 
 	<securecookie host="^\.?craftbanter\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?craftbanter\.com/"
+	<rule from="^http://(?:www\.)?craftbanter\.com/"
 		to="https://craftbanter.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/CraftStats.com.xml b/src/chrome/content/rules/CraftStats.com.xml
index 10874320504f..44c21a2262da 100644
--- a/src/chrome/content/rules/CraftStats.com.xml
+++ b/src/chrome/content/rules/CraftStats.com.xml
@@ -1,14 +1,20 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://craftstats.com/ => https://www.craftstats.com/: (7, 'Failed to connect to www.craftstats.com port 443: Connection refused')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://craftstats.com/ => https://www.craftstats.com/: (7, 'Failed to connect to www.craftstats.com port 443: Connection refused')
 	Problematic subdomains:
 
 		- ^	(refused)
 
 
 -->
-<ruleset name="CraftStats.com">
+<ruleset name="CraftStats.com" default_off="failed ruleset test">
 
 	<target host="craftstats.com" />
-	<target host="*.craftstats.com" />
+	<target host="www.craftstats.com" />
 
 
 	<securecookie host="^(?:www)?\.craftstats\.com$" name=".+" />
@@ -17,4 +23,4 @@
 	<rule from="^http://(?:www\.)?craftstats\.com/"
 		to="https://www.craftstats.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Craft_Coffee.com.xml b/src/chrome/content/rules/Craft_Coffee.com.xml
new file mode 100644
index 000000000000..d33ce4308590
--- /dev/null
+++ b/src/chrome/content/rules/Craft_Coffee.com.xml
@@ -0,0 +1,20 @@
+<!--
+	Nonfunctional hosts in *craftcoffee.com:
+
+		- blog *
+
+	* Tumblr
+
+-->
+<ruleset name="Craft Coffee.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="craftcoffee.com" />
+	<target host="www.craftcoffee.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Crafty_Syntax.com.xml b/src/chrome/content/rules/Crafty_Syntax.com.xml
new file mode 100644
index 000000000000..55559320970e
--- /dev/null
+++ b/src/chrome/content/rules/Crafty_Syntax.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="Crafty Syntax.com" default_off="timeout">
+
+	<target host="craftysyntax.com" />
+	<target host="www.craftysyntax.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Craigslist.ca.xml b/src/chrome/content/rules/Craigslist.ca.xml
new file mode 100644
index 000000000000..ae2a0c6eae09
--- /dev/null
+++ b/src/chrome/content/rules/Craigslist.ca.xml
@@ -0,0 +1,19 @@
+<!--
+    For other Craigslist coverage, see Craigslist.org.xml.
+
+-->
+<ruleset name="Craigslist.ca">
+    <target host="craigslist.ca" />
+    <target host="*.craigslist.ca" />
+
+    <exclusion pattern="^http://blog\.craigslist\.ca/"/>
+
+    <test url="http://blog.craigslist.ca/"/>
+    <test url="http://toronto.craigslist.ca/"/>
+    <test url="http://vancouver.craigslist.ca/"/>
+
+    <securecookie host=".+" name=".+" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Craigslist.co.uk.xml b/src/chrome/content/rules/Craigslist.co.uk.xml
new file mode 100644
index 000000000000..912b6b8df86c
--- /dev/null
+++ b/src/chrome/content/rules/Craigslist.co.uk.xml
@@ -0,0 +1,19 @@
+<!--
+    For other Craigslist coverage, see Craigslist.org.xml.
+
+-->
+<ruleset name="Craigslist.co.uk">
+    <target host="craigslist.co.uk" />
+    <target host="*.craigslist.co.uk" />
+
+    <exclusion pattern="^http://blog\.craigslist\.co\.uk/"/>
+
+    <test url="http://blog.craigslist.co.uk/"/>
+    <test url="http://london.craigslist.co.uk/"/>
+    <test url="http://glasgow.craigslist.co.uk/"/>
+
+    <securecookie host=".+" name=".+" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Craigslist.org.xml b/src/chrome/content/rules/Craigslist.org.xml
index 1ddaacca830b..6158a8f6b749 100644
--- a/src/chrome/content/rules/Craigslist.org.xml
+++ b/src/chrome/content/rules/Craigslist.org.xml
@@ -1,10 +1,27 @@
+<!--
+	Other Craigslist rulesets:
+		- Craigslist.ca.xml
+		- Craigslist.co.uk.xml
+
+	Mismatched:
+		blog.craigslist.org
+-->
+
 <ruleset name="Craigslist.org">
-  <target host="craigslist.org" />
-  <target host="*.craigslist.org" />
-  
-  <exclusion pattern="^http://blog\.craigslist\.org" />
-
-  <rule from="^http://(www\.)?craigslist\.org/" to="https://www.craigslist.org/" />
-  <!-- As of 8/2013, 4th level craigslist.org domains do not support SSL. --> 
-  <rule from="^http://([^/:@.]*)\.craigslist\.org/" to="https://$1.craigslist.org/" />
+	<target host="craigslist.org" />
+	<target host="*.craigslist.org" />
+		<test url="http://losangeles.craigslist.org/" />
+		<test url="http://sfbay.craigslist.org/" />
+		<test url="http://amsterdam.craigslist.org/" />
+		<test url="http://moscow.craigslist.org/" />
+
+	<exclusion pattern="^http://blog\.craigslist\.org/" />
+		<test url="http://blog.craigslist.org/" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://craigslist\.org/" to="https://craigslist.org/" />
+
+	<!-- As of 3/2017, 4th level craigslist.org domains do not support SSL. -->
+	<rule from="^http://([\w-]+)\.craigslist\.org/" to="https://$1.craigslist.org/" />
 </ruleset>
diff --git a/src/chrome/content/rules/Crain-Communications-mismatches.xml b/src/chrome/content/rules/Crain-Communications-mismatches.xml
index 5ee82f2a6b75..b0a1155be22f 100644
--- a/src/chrome/content/rules/Crain-Communications-mismatches.xml
+++ b/src/chrome/content/rules/Crain-Communications-mismatches.xml
@@ -12,7 +12,7 @@
 
 
 	<!--	!www redirects to www.	-->
-	<rule from="^https?://(?:www\.)?btobonline\.com/"
+	<rule from="^http://(?:www\.)?btobonline\.com/"
 		to="https://www.btobonline.com/" />
 
 	<rule from="^http://mycrains\.crainsnewyork\.com/"
diff --git a/src/chrome/content/rules/Crain-Communications.xml b/src/chrome/content/rules/Crain-Communications.xml
index 3028238d02b4..55f66a96b91d 100644
--- a/src/chrome/content/rules/Crain-Communications.xml
+++ b/src/chrome/content/rules/Crain-Communications.xml
@@ -1,4 +1,16 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.amiga.adage.com/ => https://www.amiga.adage.com/: (6, 'Could not resolve host: www.amiga.adage.com')
+Fetch error: http://crainsnewyork.com/ => https://crainsnewyork.com/: (7, 'Failed to connect to crainsnewyork.com port 443: Connection refused')
+Fetch error: http://creativity-online.com/ => https://creativity-online.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.creativity-online.com/ => https://creativity-online.com/: (28, 'Connection timed out after 20000 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.amiga.adage.com/ => https://www.amiga.adage.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.amiga.adage.com'")
+Fetch error: http://crainsnewyork.com/ => https://crainsnewyork.com/: Cycle detected - URL already encountered: https://crainsnewyork.com/
+Fetch error: http://creativity-online.com/ => https://creativity-online.com/: (51, "SSL: no alternative certificate subject name matches target host name 'creativity-online.com'")
+Fetch error: http://www.creativity-online.com/ => https://creativity-online.com/: (51, "SSL: no alternative certificate subject name matches target host name 'creativity-online.com'")
 	For problematic rules, see Crain-Communications-mismatches.xml
 
 
@@ -13,21 +25,23 @@
 		- (www.)idea2009.org		(ssl_error_rx_record_too_long)
 
 -->
-<ruleset name="Crain Communications (partial)" platform="mixedcontent">
+<ruleset name="Crain Communications (partial)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="adage.com" />
-	<target host="*.adage.com" />
+	<target host="www.adage.com" />
+	<target host="amiga.adage.com" />
 	<target host="www.amiga.adage.com" />
+	<target host="gaia.adage.com" />
 	<target host="sec.crain.com" />
 	<target host="crainsnewyork.com" />
 	<!--	* for cross-domain cookies.	-->
-	<target host="*.crainsnewyork.com" />
+	<target host="www.crainsnewyork.com" />
 	<target host="creativity-online.com" />
 	<target host="www.creativity-online.com" />
 
 
-	<securecookie host="^sec\.crain\.com$" name=".*" />
-	<securecookie host="^\.crainsnewyork\.com$" name=".*" />
+	<securecookie host="^sec\.crain\.com$" name=".+" />
+	<securecookie host="^\.crainsnewyork\.com$" name=".+" />
 
 
 	<rule from="^http://(?:www\.)?adage\.com/(help/|(?:login|register)\.php)"
diff --git a/src/chrome/content/rules/Crakpass.xml b/src/chrome/content/rules/Crakpass.xml
index 5e05ee1d2237..958b5129acae 100644
--- a/src/chrome/content/rules/Crakpass.xml
+++ b/src/chrome/content/rules/Crakpass.xml
@@ -23,7 +23,6 @@
 	<target host="thumbs.deviantclip.com" />
 
 
-	<rule from="^http://thumbs\.(crakpass|dachix|deviantclip)\.com/"
-		to="https://thumbs.$1.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Craphound.xml b/src/chrome/content/rules/Craphound.xml
deleted file mode 100644
index 934edf13ac18..000000000000
--- a/src/chrome/content/rules/Craphound.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Craphound">
-
-	<target host="craphound.com" />
-	<target host="www.craphound.com" />
-
-
-	<securecookie host="^(?:www\.)?craphound\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?craphound\.com/"
-		to="https://$1craphound.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Crash-Space.xml b/src/chrome/content/rules/Crash-Space.xml
index a10213e0357f..a6e66bb4a73f 100644
--- a/src/chrome/content/rules/Crash-Space.xml
+++ b/src/chrome/content/rules/Crash-Space.xml
@@ -1,13 +1,14 @@
 <ruleset name="Crash Space">
 
 	<target host="crashspace.org" />
-	<target host="*.crashspace.org" />
+	<target host="blog.crashspace.org" />
+	<target host="www.crashspace.org" />
 
 
 	<!--	- (www.) times out over https
 		- (www.) redirects to blog over http
 							-->
-	<rule from="^https?://(?:blog\.|www\.)?crashspace\.org/"
+	<rule from="^http://(?:blog\.|www\.)?crashspace\.org/"
 		to="https://blog.crashspace.org/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/CrashPlan.xml b/src/chrome/content/rules/CrashPlan.xml
index 94f8aca46065..799ee9ddb0e2 100644
--- a/src/chrome/content/rules/CrashPlan.xml
+++ b/src/chrome/content/rules/CrashPlan.xml
@@ -7,13 +7,13 @@
 <ruleset name="CrashPlan (partial)">
 
 	<target host="crashplan.com" />
-	<target host="*.crashplan.com" />
+	<target host="helpdesk.crashplan.com" />
+	<target host="www.crashplan.com" />
 
 
-	<securecookie host="^(?:.+\.)?crashplan\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(helpdesk\.|www\.)?crashplan\.com/"
-		to="https://$1crashplan.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Crate.io.xml b/src/chrome/content/rules/Crate.io.xml
index 7284e60a08a1..79be14102bfe 100644
--- a/src/chrome/content/rules/Crate.io.xml
+++ b/src/chrome/content/rules/Crate.io.xml
@@ -1,16 +1,21 @@
-<!-- This rule was automatically generated based on an HSTS
-     preload rule in the Chromium browser.  See 
-     https://src.chromium.org/viewvc/chrome/trunk/src/net/base/transport_security_state.cc
-     for the list of preloads.  Sites are added to the Chromium HSTS
-     preload list on request from their administrators, so HTTPS should
-     work properly everywhere on this site.
- 
-     Because Chromium and derived browsers automatically force HTTPS for
-     every access to this site, this rule applies only to Firefox. -->
-<ruleset name="Crate.io" platform="firefox">
-<target host="crate.io" />
-
-<securecookie host="^crate\.io$" name=".+" />
-
-<rule from="^http://crate\.io/" to="https://crate.io/" />
+<ruleset name="Crate.io">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="crate.io" />
+	<target host="*.crate.io" />
+
+		<test url="http://cdn.crate.io/" />
+		<test url="http://www.crate.io/" />
+		<test url="http://play.crate.io/" />
+
+
+	<!--	Not secured by server: -->
+	<securecookie host="^\.?crate\.io$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
+
diff --git a/src/chrome/content/rules/CraveOnline.com.xml b/src/chrome/content/rules/CraveOnline.com.xml
deleted file mode 100644
index eb2a438ec599..000000000000
--- a/src/chrome/content/rules/CraveOnline.com.xml
+++ /dev/null
@@ -1,32 +0,0 @@
-<!--
-	CDN buckets:
-
-		- cdn.assets.craveonline.com.edgesuite.net
-
-			- a988.g.akamai.net
-
-		- pebblebed.edgesuite.net
-
-			- cdn[123]-www
-
-
-	Nonfunctional subdomains:
-
-		- (www.)	(dropped)
-		- cdn[123]-www	(504, akamai)
-
-
-	Problematic subdomains:
-
-		- cdn.assets	(works, akamai)
-
--->
-<ruleset name="CraveOnline.com (partial)">
-
-	<target host="cdn.assets.craveonline.com" />
-
-
-	<rule from="^http://cdn\.assets\.craveonline\.com/"
-		to="https://a248.e.akamai.net/f/988/9998/10/cdn.assets.craveonline.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Crazy-Egg-problematic.xml b/src/chrome/content/rules/Crazy-Egg-problematic.xml
deleted file mode 100644
index 2e74fb2a13ea..000000000000
--- a/src/chrome/content/rules/Crazy-Egg-problematic.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	For rules that are on by default, see Crazy-Egg.xml.
-
--->
-<ruleset name="Crazy Egg (problematic)" default_off="mismatched">
-
-	<target host="blog.crazyegg.com" />
-
-
-	<securecookie host="^blog\.crazyegg\.com$" name=".+" />
-
-
-	<!--	CN: *.phpfogapp.com
-					-->
-	<rule from="^http://blog\.crazyegg\.com/"
-		to="https://blog.crazyegg.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Crazy-Egg.xml b/src/chrome/content/rules/Crazy-Egg.xml
index d54ff0c28112..f41c4d4178e6 100644
--- a/src/chrome/content/rules/Crazy-Egg.xml
+++ b/src/chrome/content/rules/Crazy-Egg.xml
@@ -1,53 +1,60 @@
 <!--
-	For problematic rules, see Crazy-Egg-problematic.xml.
-
-
 	CDN buckets:
 
 		- ceblog.s3.amazonaws.com
 		- s3.amazonaws.com/new.cetrk.com/
 
 
-	Nonfunctional domains:
+	Nonfunctional hosts in *crazyegg.com:
+
+		- resources ʳ
+
+	ʳ Refused
+
+
+	Problematic hosts in *crazyegg.com:
+
+		- www.script ᵐ
+
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
 
-		- cetrk.com
+		- .crazyegg.com
+		- help.crazyegg.com
+		- www.crazyegg.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Image on help from resources.crazyegg.com ʳ
+
+	ʳ Unsecurable <= refused
 
 -->
-<ruleset name="Crazy Egg (partial)">
+<ruleset name="Crazy Egg.com (partial)">
 
 	<target host="crazyegg.com" />
-	<target host="*.crazyegg.com" />
-		<exclusion pattern="^http://(?:www\.)?crazyegg\.com/(?:$|\?)" />
-
-
-	<!--	At least the homepage redirects to http.
-
-			These paths don't:
-
-				- contact$
-				- contact/$
-				- external/
-				- help$
-				- help/
-				- images/
-				- login$
-				- login/$
-				- opt-out$
-				- opt-out/$
-				- overview$
-				- pricing$
-				- pricing/$
-				- privacy$
-				- signup$
-				- signup/pro$
-				- signup/standard$
-				- stylesheets/
-				- terms$
-
-	<rule from="^http://(www\.)?crazyegg\.com/((?:external|help|images|signup|stylesheets)(?:$|/|\?)|(?:login|opt-out|overview|pricing|terms)(?:/?$|\?))"
-		to="https://$1crazyegg.com/$2" /-->
-
-	<rule from="^http://(www\.)?crazyegg\.com/"
-		to="https://$1crazyegg.com/" />
+	<target host="blog.crazyegg.com" />
+	<target host="help.crazyegg.com" />
+	<target host="script.crazyegg.com" />
+	<target host="support.crazyegg.com" />
+	<target host="www.crazyegg.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.crazyegg\.com$" name="^(?:adxs|ce2tg)$" /-->
+	<!--securecookie host="^help\.crazyegg\.com$" name="^_help_center_session$" /-->
+	<!--securecookie host="^www\.crazyegg\.com$" name="^sid$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/CrazyBump.xml b/src/chrome/content/rules/CrazyBump.xml
index 13b7f0d5fa88..aa286ac584d5 100644
--- a/src/chrome/content/rules/CrazyBump.xml
+++ b/src/chrome/content/rules/CrazyBump.xml
@@ -1,10 +1,9 @@
-<ruleset name="CrazyBump" default_off="expired">
+<ruleset name="CrazyBump">
 
 	<target host="crazybump.com" />
 	<target host="www.crazybump.com" />
 
-
-	<rule from="^https?://(?:www\.)?crazybump\.com/"
-		to="https://crazybump.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/CrazyHD.com.xml b/src/chrome/content/rules/CrazyHD.com.xml
new file mode 100644
index 000000000000..56f02787e8cd
--- /dev/null
+++ b/src/chrome/content/rules/CrazyHD.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="CrazyHD.com">
+	<target host="crazyhd.com" />
+	<target host="www.crazyhd.com" />
+	<target host="siena.crazyhd.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Crazzed.com.xml b/src/chrome/content/rules/Crazzed.com.xml
new file mode 100644
index 000000000000..ed53fc99745d
--- /dev/null
+++ b/src/chrome/content/rules/Crazzed.com.xml
@@ -0,0 +1,25 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://crazzed.com/ => https://crazzed.com/: (7, 'Failed to connect to crazzed.com port 443: Connection refused')
+Fetch error: http://www.crazzed.com/ => https://www.crazzed.com/: (7, 'Failed to connect to www.crazzed.com port 443: Connection refused')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://crazzed.com/ => https://crazzed.com/: Cycle detected - URL already encountered: http://crazzed.com/
+-->
+<ruleset name="Crazzed.com" default_off="failed ruleset test">
+
+	<target host="crazzed.com" />
+	<target host="www.crazzed.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?crazzed\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^(?:\.|www\.)?crazzed\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Creare.co.uk.xml b/src/chrome/content/rules/Creare.co.uk.xml
new file mode 100644
index 000000000000..f5407b6d6f09
--- /dev/null
+++ b/src/chrome/content/rules/Creare.co.uk.xml
@@ -0,0 +1,44 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://creare.co.uk/ => https://creare.co.uk/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	NB: Tor users cannot view* this website due to CloudFlare settings.
+
+	See:
+
+		- https://blog.torproject.org/blog/call-arms-helping-internet-services-accept-anonymous-users
+		- https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block-Tor-
+		- https://support.cloudflare.com/hc/en-us/articles/200170206-How-do-I-turn-I-m-Under-Attack-mode-on-
+
+	* without enabling javascript, for security and privacy implications see e.g.:
+
+		- https://www.mozilla.org/security/known-vulnerabilities/firefox.html
+		- https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-fingerprinting
+		- https://panopticlick.eff.org
+
+
+	Insecure cookies are set for these domains:
+
+		- .creare.co.uk
+
+-->
+<ruleset name="Creare.co.uk" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="creare.co.uk" />
+	<target host="www.creare.co.uk" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.creare\.co\.uk$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Create.xml b/src/chrome/content/rules/Create.xml
index 30b67d160db4..a21189579ddc 100644
--- a/src/chrome/content/rules/Create.xml
+++ b/src/chrome/content/rules/Create.xml
@@ -1,11 +1,8 @@
 <!--
 	For other dmg media coverage, see Dmg_media.xml.
 
-
-	CN: *.dailymailplus.co.uk
-
 -->
-<ruleset name="Create" default_off="mismatched">
+<ruleset name="Create-DMGmedia.co.uk" default_off="refused">
 
 	<target host="create-dmgmedia.co.uk" />
 	<target host="www.create-dmgmedia.co.uk" />
@@ -14,7 +11,7 @@
 	<securecookie host="^create-dmgmedia\.co\.uk$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?create-dmgmedia\.co\.uk/"
-		to="https://create-dmgmedia.co.uk/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/CreateSpace.xml b/src/chrome/content/rules/CreateSpace.xml
index 843054194dd9..89cdc64eb1b7 100644
--- a/src/chrome/content/rules/CreateSpace.xml
+++ b/src/chrome/content/rules/CreateSpace.xml
@@ -1,8 +1,37 @@
-<ruleset name="CreateSpace">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://createspace.com/ => https://createspace.com/: (7, 'Failed to connect to createspace.com port 443: Connection timed out')
+
+	For other Amazon coverage, see Amazon.xml.
+
+
+	Fully covered hosts in *createspace.com:
+
+		- (www.)?
+		- tsw
+
+
+	Insecure cookies are set for these hosts:
+
+		- tsw.createspace.com
+		- www.createspace.com
+
+-->
+<ruleset name="CreateSpace.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
 	<target host="createspace.com" />
+	<target host="tsw.createspace.com" />
 	<target host="www.createspace.com" />
 
-	<securecookie host="^((www)?\.)?createspace\.com$" name=".+" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(tsw|www)\.createspace\.com$" name="^(JSESSIONID|session-id)$" /-->
+	<!--securecookie host="^www\.createspace\.com$" name="^jive\.server\.info$" /-->
+
+	<securecookie host="^(?:(?:tsw|www)?\.)?createspace\.com$" name=".+" />
 
-	<rule from="^http://(www\.)?createspace\.com/" to="https://www.createspace.com/" />
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Createsend.com.xml b/src/chrome/content/rules/Createsend.com.xml
new file mode 100644
index 000000000000..e80fc6bd2cc8
--- /dev/null
+++ b/src/chrome/content/rules/Createsend.com.xml
@@ -0,0 +1,16 @@
+<!--
+	Other Campaign Monitor rulesets:
+
+		- Createsend1.com.xml
+
+-->
+<ruleset name="Createsend.com (partial)">
+
+	<target host="accessnow.createsend.com" />
+	<target host="cname.createsend.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Createsend1.com.xml b/src/chrome/content/rules/Createsend1.com.xml
index 1b9f4e66d043..0c5a4db09c85 100644
--- a/src/chrome/content/rules/Createsend1.com.xml
+++ b/src/chrome/content/rules/Createsend1.com.xml
@@ -1,13 +1,16 @@
 <!--
-	Web bugs.
+	For other Campaign Monitor coverage, see Createsend.com.xml.
 
 -->
 <ruleset name="createsend1.com">
 
 	<target host="btn.createsend1.com" />
+	<target host="css.createsend1.com" />
+	<target host="img.createsend1.com" />
+	<target host="js.createsend1.com" />
 
 
-	<rule from="^http://btn\.createsend1\.com/"
-		to="https://btn.createsend1.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Creation.xml b/src/chrome/content/rules/Creation.xml
index 743ef036aa8d..99ba52fc1d06 100644
--- a/src/chrome/content/rules/Creation.xml
+++ b/src/chrome/content/rules/Creation.xml
@@ -1,22 +1,42 @@
 <!--
-	Problematic subdomains:
+	Problematic hosts in *creation.co.uk:
 
-		- ^	(cert only matches www)
+		- (www.)? ᶜ
+		- managemyaccount ᶜ
+
+	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- credit-card-asda-payments.creation.co.uk
+		- managemyaccount.creation.co.uk
+		- www.creation.co.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="Creation">
+<ruleset name="Creation.co.uk (partial)">
 
-	<target host="creation.co.uk" />
-	<target host="*.creation.co.uk" />
+	<!--target host="creation.co.uk" /-->
+	<target host="apply.creation.co.uk" />
+	<target host="credit-card-asda-payments.creation.co.uk" />
+	<target host="myaccount.creation.co.uk" />
+	<!--target host="managemyaccount.creation.co.uk" /-->
+	<!--target host="www.creation.co.uk" /-->
 
 
-	<securecookie host="^.+\.creation\.co\.uk$" name=".+" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^credit-card-asda-payments\.creation\.co\.uk$" name="^(?:ASP\.NET_SessionId|PaymentSession)$" /-->
+	<!--securecookie host="^managemyaccount\.creation\.co\.uk$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^www\.creation\.co\.uk$" name="^JSESSIONID$" /-->
 
+	<securecookie host="^\." name="^_ga" />
+	<securecookie host="^(?!\.creation\.co\.uk$)." name=".+" />
 
-	<rule from="^https?://(?:www\.)?creation\.co\.uk/"
-		to="https://www.creation.co.uk/" />
 
-	<rule from="^http://(apply|credit-card-asda-payments|(?:manage)?myaccount)\.creation\.co\.uk/"
-		to="https://$1.creation.co.uk/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Creative-Endeavors.xml b/src/chrome/content/rules/Creative-Endeavors.xml
index b74896d456ce..b631d521e990 100644
--- a/src/chrome/content/rules/Creative-Endeavors.xml
+++ b/src/chrome/content/rules/Creative-Endeavors.xml
@@ -4,7 +4,6 @@
 	<target host="www.ce1.com" />
 
 
-	<rule from="^http://(www\.)?ce1\.com/"
-		to="https://$1ce1.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Creative-serving.com.xml b/src/chrome/content/rules/Creative-serving.com.xml
index 47bfbcbf7b90..997c6d9a2b6a 100644
--- a/src/chrome/content/rules/Creative-serving.com.xml
+++ b/src/chrome/content/rules/Creative-serving.com.xml
@@ -12,7 +12,6 @@
 	<securecookie host="^ads\.creative-serving\.com$" name=".+" />
 
 
-	<rule from="^http://ads\.creative-serving\.com/"
-		to="https://ads.creative-serving.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/CreativeCommons.xml b/src/chrome/content/rules/CreativeCommons.xml
deleted file mode 100644
index a5d766cd6199..000000000000
--- a/src/chrome/content/rules/CreativeCommons.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<ruleset name="Creative Commons">
-
-	<target host="creativecommons.net" />
-	<target host="creativecommons.org" />
-	<target host="*.creativecommons.org" />
-
-
-	<rule from="^http://creativecommons\.net/"
-		to="https://creativecommons.net/" />
-
-	<rule from="^http://(i\.|api\.)?creativecommons\.org/"
-		to="https://$1creativecommons.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/CreativeCow.net.xml b/src/chrome/content/rules/CreativeCow.net.xml
new file mode 100644
index 000000000000..c056ce060912
--- /dev/null
+++ b/src/chrome/content/rules/CreativeCow.net.xml
@@ -0,0 +1,25 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://creativecow.net/ => https://creativecow.net/: (51, "SSL: no alternative certificate subject name matches target host name 'creativecow.net'")
+Fetch error: http://creativecow.com/ => https://creativecow.com/: (51, "SSL: no alternative certificate subject name matches target host name 'creativecow.com'")
+
+-->
+<ruleset name="Creative COW" default_off="failed ruleset test">
+    <target host="creativecow.net" />
+    <target host="*.creativecow.net" />
+    <target host="creativecow.com" />
+    <target host="*.creativecow.com" />
+
+    <test url="http://forums.creativecow.net/" />
+    <test url="http://forums.creativecow.com/" />
+    <test url="http://library.creativecow.net/" />
+    <test url="http://library.creativecow.com/" />
+    <test url="http://events.creativecow.net/" />
+    <test url="http://events.creativecow.com/" />
+
+    <securecookie host="^(?:www)?(?:\.)?creativecow\.(?:net|com)$" name=".+" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CreativePartnershipsAustralia.xml b/src/chrome/content/rules/CreativePartnershipsAustralia.xml
new file mode 100644
index 000000000000..7c985e23c598
--- /dev/null
+++ b/src/chrome/content/rules/CreativePartnershipsAustralia.xml
@@ -0,0 +1,7 @@
+<ruleset name="Creative Partnerships Australia">
+	<target host="creativepartnershipsaustralia.org.au" />
+	<target host="www.creativepartnershipsaustralia.org.au" />
+
+	<rule from="^http://(?:www\.)?creativepartnershipsaustralia\.org\.au/"
+		to="https://www.creativepartnershipsaustralia.org.au/" />
+</ruleset>
diff --git a/src/chrome/content/rules/CreativeSyndicator.xml b/src/chrome/content/rules/CreativeSyndicator.xml
index 50edb097aba6..25be73da5fbc 100644
--- a/src/chrome/content/rules/CreativeSyndicator.xml
+++ b/src/chrome/content/rules/CreativeSyndicator.xml
@@ -1,13 +1,21 @@
-<ruleset name="CreativeSyndicator">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ads-creativesyndicator.com/ => https://ads-creativesyndicator.com/: (28, 'Connection timed out after 20013 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://ads-creativesyndicator.com/ => https://ads-creativesyndicator.com/: (28, 'Connection timed out after 10000 milliseconds')
+-->
+<ruleset name="CreativeSyndicator" default_off="failed ruleset test">
 
 	<target host="ads-creativesyndicator.com" />
-	<target host="*.ads-creativesyndicator.com" />
+	<target host="delivery.ads-creativesyndicator.com" />
+	<target host="www.ads-creativesyndicator.com" />
 
 
 	<securecookie host="^(?:delivery|www)\.ads-creativesyndicator\.com$" name=".+" />
 
 
-	<rule from="^http://(delivery\.|www\.)?ads-creativesyndicator\.com/"
-		to="https://$1ads-creativesyndicator.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Creative_CDN.com.xml b/src/chrome/content/rules/Creative_CDN.com.xml
new file mode 100644
index 000000000000..59920b3780a1
--- /dev/null
+++ b/src/chrome/content/rules/Creative_CDN.com.xml
@@ -0,0 +1,33 @@
+<!--
+	www.creativecdn.com does not exist.
+
+
+	Insecure cookies are set for these domains: ᶜ
+
+		- .creativecdn.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Creative CDN.com">
+
+	<target host="creativecdn.com" />
+	<target host="01.creativecdn.com" />
+
+		<!--	Set cookies without Secure:
+							-->
+		<!--test url="http://creativecdn.com/tags?id" /-->
+		<!--test url="http://01.creativecdn.com/tags?id=&amp;tc=1" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="\.creativecdn\.com$" name="^(?:ts|u)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Creative_Virtual.com.xml b/src/chrome/content/rules/Creative_Virtual.com.xml
index 51106d9d04b9..91ae2f652882 100644
--- a/src/chrome/content/rules/Creative_Virtual.com.xml
+++ b/src/chrome/content/rules/Creative_Virtual.com.xml
@@ -1,37 +1,12 @@
-<!--
-	Problematic subdomains:
-
-		- (www.)	(works; self-signed, CN: 23943-8-2095429)
-		- info		(works; mismatched, CN: *.pardot.com)
-
-
-	Mixed content:
-
-		- css on www from fonts.googleapis.com *
-
-		- Images on www from www *
-
-	* Secured by us
-
--->
-<ruleset name="Creative Virtual.com" default_off="self-signed">
+<ruleset name="Creative Virtual.com">
 
 	<target host="creativevirtual.com" />
-	<target host="*.creativevirtual.com" />
-
+	<target host="www.creativevirtual.com" />
+	<target host="info.creativevirtual.com" />
 
 	<securecookie host="^www\.creativevirtual\.com$" name=".+" />
 
-
-	<rule from="^http://(?:www\.)?creativevirtual\.com/"
-		to="https://www.creativevirtual.com/" />
-
-	<rule from="^http://info\.creativevirtual\.com/l/"
-		to="https://pi.pardot.com/l/" />
-
-	<!--	Server drops path:
-					-->
-	<rule from="^http://info\.creativevirtual\.com/.*"
-		to="https://www.creativevirtual.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Creativeskills.be.xml b/src/chrome/content/rules/Creativeskills.be.xml
index 80b4f8291168..192529999c5c 100644
--- a/src/chrome/content/rules/Creativeskills.be.xml
+++ b/src/chrome/content/rules/Creativeskills.be.xml
@@ -1,13 +1,13 @@
 <ruleset name="Creativeskills.be">
 
 	<target host="creativeskills.be" />
-	<target host="*.creativeskills.be" />
+	<target host="www.creativeskills.be" />
+	<target host="mailings.creativeskills.be" />
+	<target host="tentoo.creativeskills.be" />
 
+	<securecookie host=".+" name=".+" />
 
-	<securecookie host="^\.creativeskills\.be$" name=".+" />
+	<rule from="^http:"
+		to="https:" />
 
-
-	<rule from="^http://(www\.)?creativeskills\.be/"
-		to="https://$1creativeskills.be/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/CredAbility.com.xml b/src/chrome/content/rules/CredAbility.com.xml
new file mode 100644
index 000000000000..c125c81f846f
--- /dev/null
+++ b/src/chrome/content/rules/CredAbility.com.xml
@@ -0,0 +1,17 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://intake.credability.org/ => https://intake.credability.org/: Too many redirects while fetching 'https://intake.credability.org/'
+
+-->
+<ruleset name="CredAbility.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="intake.credability.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CreditDisputeProgram.com.xml b/src/chrome/content/rules/CreditDisputeProgram.com.xml
deleted file mode 100644
index 8c21a9870fd6..000000000000
--- a/src/chrome/content/rules/CreditDisputeProgram.com.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="CreditDisputeProgram.com">
-
-	<target host="creditdisputeprogram.com" />
-	<target host="*.creditdisputeprogram.com" />
-
-
-	<securecookie host="^(?:[w.]*\.)?creditdisputeprogram\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?creditdisputeprogram\.com/"
-		to="https://$1creditdisputeprogram.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Credit_Repair_Trust.com.xml b/src/chrome/content/rules/Credit_Repair_Trust.com.xml
deleted file mode 100644
index 7df1c2ef5fa9..000000000000
--- a/src/chrome/content/rules/Credit_Repair_Trust.com.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Credit Repair Trust.com">
-
-	<target host="creditrepairtrust.com" />
-	<target host="*.creditrepairtrust.com" />
-
-
-	<securecookie host="^(?:[w.]*\.)?creditrepairtrust\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?creditrepairtrust\.com/"
-		to="https://$1creditrepairtrust.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Credit_Report_Nation.xml b/src/chrome/content/rules/Credit_Report_Nation.xml
index 9a23c705e074..75cf36ec1489 100644
--- a/src/chrome/content/rules/Credit_Report_Nation.xml
+++ b/src/chrome/content/rules/Credit_Report_Nation.xml
@@ -1,13 +1,19 @@
-<ruleset name="Credit Report Nation">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://creditreportnation.com/ => https://creditreportnation.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.creditreportnation.com/ => https://www.creditreportnation.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+-->
+<ruleset name="Credit Report Nation" default_off="failed ruleset test">
 
 	<target host="creditreportnation.com" />
-	<target host="*.creditreportnation.com" />
+	<target host="www.creditreportnation.com" />
 
 
-	<securecookie host="^(?:.*\.)?creditreportnation\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(www\.)?creditreportnation\.com/"
-		to="https://$1creditreportnation.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Credit_Suisse.xml b/src/chrome/content/rules/Credit_Suisse.xml
index ead1219c1719..57138745f4aa 100644
--- a/src/chrome/content/rules/Credit_Suisse.xml
+++ b/src/chrome/content/rules/Credit_Suisse.xml
@@ -1,13 +1,9 @@
 <ruleset name="Credit Suisse">
-
 	<target host="credit-suisse.com" />
 	<target host="www.credit-suisse.com" />
 
-
 	<securecookie host="^(?:w*\.)?credit-suisse\.com$" name=".+" />
 
-
-	<rule from="^http://(www\.)?credit-suisse\.com/"
-		to="https://$1credit-suisse.com/" />
-
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Credo_Action.com.xml b/src/chrome/content/rules/Credo_Action.com.xml
new file mode 100644
index 000000000000..b3aba0745a29
--- /dev/null
+++ b/src/chrome/content/rules/Credo_Action.com.xml
@@ -0,0 +1,34 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- act.credoaction.com
+
+
+	Mixed content:
+
+		- Image on ^ from d2omw6a1nm6pnh.cloudfront.net *
+		- favicon on ^ from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Credo Action.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="credoaction.com" />
+	<target host="act.credoaction.com" />
+	<target host="www.credoaction.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^act\.credoaction\.com$" name="^sid$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Crew.co.xml b/src/chrome/content/rules/Crew.co.xml
new file mode 100644
index 000000000000..85526108a56b
--- /dev/null
+++ b/src/chrome/content/rules/Crew.co.xml
@@ -0,0 +1,33 @@
+<!--
+	Nonfunctional hosts in *crew.co:
+
+		- blog *
+		- backstage *
+
+	* Redirects to http
+
+
+	Insecure cookies are set for these hosts:
+
+		- crew.co
+
+-->
+<ruleset name="Crew.co (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="crew.co" />
+	<target host="www.crew.co" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^crew\.co$" name="^[\da-f]{32}$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cricket_Wireless.com.xml b/src/chrome/content/rules/Cricket_Wireless.com.xml
new file mode 100644
index 000000000000..e86dae21613f
--- /dev/null
+++ b/src/chrome/content/rules/Cricket_Wireless.com.xml
@@ -0,0 +1,13 @@
+<!--
+	^: Akamai
+
+-->
+<ruleset name="Cricket Wireless.com">
+
+	<target host="cricketwireless.com" />
+	<target host="www.cricketwireless.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Crikey.xml b/src/chrome/content/rules/Crikey.xml
index 174a88832075..15e366496bc3 100644
--- a/src/chrome/content/rules/Crikey.xml
+++ b/src/chrome/content/rules/Crikey.xml
@@ -1,19 +1,29 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://media.crikey.com.au/ => https://media.crikey.com.au/: (28, 'Connection timed out after 20001 milliseconds')
+
+-->
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://crikey.com.au/ => https://crikey.com.au/: Too many redirects while fetching 'https://crikey.com.au/'
+
 	Problematic subdomains:
 
 		- offers	(works; mismatched, CN: *.unbounce.com)
 
 -->
-<ruleset name="Crikey (partial)">
+<ruleset name="Crikey (partial)" default_off="failed ruleset test">
 
 	<target host="crikey.com.au" />
-	<target host="*.crikey.com.au" />
+	<target host="media.crikey.com.au" />
+	<target host="www.crikey.com.au" />
 
 
 	<securecookie host="^www\.crikey\.com\.au$" name=".+" />
 
 
-	<rule from="^http://(media\.|www\.)?crikey\.com\.au/"
-		to="https://$1crikey.com.au/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/CrimethInc.com.xml b/src/chrome/content/rules/CrimethInc.com.xml
new file mode 100644
index 000000000000..9fd744c3bdcc
--- /dev/null
+++ b/src/chrome/content/rules/CrimethInc.com.xml
@@ -0,0 +1,18 @@
+<!--
+	Invalid certificate:
+		thecloud.crimethinc.com
+
+-->
+<ruleset name="CrimethInc.com">
+
+	<target host="crimethinc.com" />
+	<target host="www.crimethinc.com" />
+	<target host="cloudfront.crimethinc.com" />
+		<test url="http://cloudfront.crimethinc.com/images/work/3b.jpg" />
+	<target host="stealfromwork.crimethinc.com" />
+	<target host="store.crimethinc.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Criminal_Justice_Inspectorates.xml b/src/chrome/content/rules/Criminal_Justice_Inspectorates.xml
new file mode 100644
index 000000000000..07fc96bdf761
--- /dev/null
+++ b/src/chrome/content/rules/Criminal_Justice_Inspectorates.xml
@@ -0,0 +1,15 @@
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://justiceinspectorates.gov.uk/ => https://www.justiceinspectorates.gov.uk/: (6, 'Could not resolve host: justiceinspectorates.gov.uk')
+    For other UK Government coverage, see GOV.UK.xml.
+-->
+
+<ruleset name="Criminal Justice Inspectorates">
+    <target host="justiceinspectorates.gov.uk" />
+    <target host="*.justiceinspectorates.gov.uk" />
+
+    <rule from="^http://justiceinspectorates\.gov\.uk/"
+        to="https://www.justiceinspectorates.gov.uk/" />
+    <rule from="^http://([^/:@]+)\.justiceinspectorates\.gov\.uk/"
+        to="https://$1.justiceinspectorates.gov.uk/" />
+</ruleset>
diff --git a/src/chrome/content/rules/Crimtan.xml b/src/chrome/content/rules/Crimtan.xml
deleted file mode 100644
index 36d766b24bb8..000000000000
--- a/src/chrome/content/rules/Crimtan.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	Nonfunctional domains:
-
-		- (www.)crimtan.com
-		- ag.ctpsnet.com
-
--->
-<ruleset name="Crimtan (partial)">
-
-	<target host="*.ctpsnet.com" />
-
-
-	<securecookie host="^\.ctnsnet\.com$" name=".+" />
-
-
-	<rule from="^http://(cdn|i)\.ctpsnet\.com/"
-		to="https://$1.ctpsnet.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Criosweb.xml b/src/chrome/content/rules/Criosweb.xml
new file mode 100644
index 000000000000..0075045da21e
--- /dev/null
+++ b/src/chrome/content/rules/Criosweb.xml
@@ -0,0 +1,44 @@
+<ruleset name="Criosweb (partial)">
+
+	<!--	MCB: https://infoeuri.criosweb.ro/blog/	-->
+
+	<target host="infoeuri.criosweb.ro" />
+
+	<rule from="^http://infoeuri\.criosweb\.ro/$"
+		to="https://infoeuri.criosweb.ro/" />
+
+	<rule from="^http://infoeuri\.criosweb\.ro/(aplicatie|css|fonts|img|js|povestea\.php)/"
+		to="https://infoeuri.criosweb.ro/$1/" />
+		<test url="http://infoeuri.criosweb.ro/aplicatie/index.html/" />
+		<test url="http://infoeuri.criosweb.ro/css/jumbotron.css/" />
+		<test url="http://infoeuri.criosweb.ro/fonts/glyphicons-halflings-regular.woff/" />
+		<test url="http://infoeuri.criosweb.ro/img/favicon.png/" />
+		<test url="http://infoeuri.criosweb.ro/js/jquery-1.js/" />
+		<test url="http://infoeuri.criosweb.ro/povestea.php/" />
+
+	<rule from="^http://infoeuri\.criosweb\.ro/blog/wp-(content|includes)/"
+		to="https://infoeuri.criosweb.ro/blog/wp-$1/" />
+		<test url="http://infoeuri.criosweb.ro/blog/wp-content/uploads/2014/07/august-1038x576.jpg" />
+		<test url="http://infoeuri.criosweb.ro/blog/wp-includes/js/tw-sack.min.js" />
+
+
+	<!--	MCB: https://luci.criosweb.ro/	-->
+
+	<target host="luci.criosweb.ro" />
+	<exclusion pattern="^http://luci\.criosweb\.ro/$" />
+
+	<rule from="^http://luci\.criosweb\.ro/(blog/)?wp-(content|includes)/"
+		to="https://luci.criosweb.ro/$1wp-$2/" />
+		<test url="http://luci.criosweb.ro/blog/wp-content/themes/twentyfifteen/genericons/genericons.css" />
+		<test url="http://luci.criosweb.ro/blog/wp-includes/js/jquery/jquery-migrate.min.js" />
+		<test url="http://luci.criosweb.ro/wp-content/uploads/2015/11/board-config.png" />
+		<test url="http://luci.criosweb.ro/wp-includes/js/tw-sack.min.js" />
+
+
+	<!--	Directly	-->
+	<target host="criosweb.ro" />
+	<target host="www.criosweb.ro" />
+
+	<rule from="^http://(www\.)?criosweb\.ro/" to="https://$1criosweb.ro/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Crisco.com.xml b/src/chrome/content/rules/Crisco.com.xml
new file mode 100644
index 000000000000..9df7f5ca6a35
--- /dev/null
+++ b/src/chrome/content/rules/Crisco.com.xml
@@ -0,0 +1,29 @@
+<!--
+	Non-functional subdomains:
+		- $host		(r)
+		- es	(t)
+		- m.es	(t)
+		- m		(t)
+		- prod.pmc	(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Crisco">
+
+	<target host="crisco.com" />
+	<target host="www.crisco.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://crisco\.com/"
+		to="https://www.crisco.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Criteo.com.xml b/src/chrome/content/rules/Criteo.com.xml
new file mode 100644
index 000000000000..5c54f8dc1530
--- /dev/null
+++ b/src/chrome/content/rules/Criteo.com.xml
@@ -0,0 +1,185 @@
+<!--
+	Cert mismatch:
+		- widget.cn.criteo.com
+		- rakuten.dis.criteo.com
+		- account.fr.eu.criteo.com
+		- bam.fr.eu.criteo.com
+		- dis.fr.eu.criteo.com
+		- fb.rtb.fr.eu.criteo.com
+		- dis.nl.eu.criteo.com
+		- fb.rtb.nl.eu.criteo.com
+		- files.criteo.com
+		- more.criteo.com
+		- rightmedia.criteo.com
+		- staging.criteo.com
+		- translation.criteo.com
+		- fb.rtb.sv.us.criteo.com
+		- www2.criteo.com
+
+	Connection refused:
+		- o.staging.criteo.com
+		- p-front2.triskel.criteo.com
+
+	Invalid cert:
+		- *.widget.criteo.com
+		- par.service.criteo.net
+
+	Self-signed cert:
+		- amsterdam.criteo.com
+		- p-back1.triskel.criteo.com
+
+	Timeout:
+		- cn.criteo.com
+		- rtb-rubicon.hk.cn.criteo.com
+		- rtb-ssl.hk.cn.criteo.com
+		- codeofduty.criteo.com
+		- cookiecheck.criteo.com
+		- er2d2.criteo.com
+		- rtb.fr.eu.criteo.com
+		- rtb-validation.fr.eu.criteo.com
+		- bam.nl.eu.criteo.com
+		- rtb.nl.eu.criteo.com
+		- ftp-as.criteo.com
+		- fw-am5.criteo.com
+		- fw-par.criteo.com
+		- labs.criteo.com
+		- nat-pool-fr-2.criteo.com
+		- nat-pool-fr-3.criteo.com
+		- nat-pool-fr-4.criteo.com
+		- nat-pool-fr-5.criteo.com
+		- nat-pool-fr-6.criteo.com
+		- ns1.criteo.com
+		- ns13.criteo.com
+		- ns17.criteo.com
+		- ns6.criteo.com
+		- ns8.criteo.com
+		- office-fr.criteo.com
+		- office-nyc.criteo.com
+		- office-pa.criteo.com
+		- rectest.criteo.com
+		- research.criteo.com
+		- top.criteo.com
+		- p-back2.triskel.criteo.com
+		- p-front1.triskel.criteo.com
+		- p-hyp1.triskel.criteo.com
+		- rtb-ssl.sv.us.criteo.com
+
+	TLS errors:
+		- marketplace.criteo.com
+-->
+
+<ruleset name="Criteo.com (partial)">
+	<!-- criteo.com -->
+	<target host="criteo.com" />
+	<target host="www.criteo.com" />
+	<target host="accelerate.criteo.com" />
+	<target host="account.criteo.com" />
+	<target host="advertising.criteo.com" />
+	<target host="ads.as.criteo.com" />
+	<target host="cas.as.criteo.com" />
+	<target host="dis.as.criteo.com" />
+	<target host="cas.hk.as.criteo.com" />
+	<target host="cat.hk.as.criteo.com" />
+	<target host="dis.hk.as.criteo.com" />
+	<target host="info.as.criteo.com" />
+	<target host="cas.jp.as.criteo.com" />
+	<target host="cat.jp.as.criteo.com" />
+	<target host="ck.jp.as.criteo.com" />
+	<target host="dis.jp.as.criteo.com" />
+	<target host="info.jp.as.criteo.com" />
+	<target host="rdi.jp.as.criteo.com" />
+	<target host="rtax.jp.as.criteo.com" />
+	<target host="widget.jp.as.criteo.com" />
+	<target host="widget.as.criteo.com" />
+	<target host="bidder.criteo.com" />
+	<target host="blog.criteo.com" />
+	<target host="blog-fr.criteo.com" />
+	<target host="cas.criteo.com" />
+	<target host="cat.criteo.com" />
+	<target host="codeofduty.criteo.com" />
+	<target host="demo.criteo.com" />
+	<target host="dev.criteo.com" />
+	<target host="dis.criteo.com" />
+	<target host="dynamic.criteo.com" />
+	<target host="ebs.criteo.com" />
+	<target host="emailprivacy.criteo.com" />
+	<target host="cas.eu.criteo.com" />
+	<target host="dis.eu.criteo.com" />
+	<target host="cas.fr.eu.criteo.com" />
+	<target host="cat.fr.eu.criteo.com" />
+	<target host="ck.fr.eu.criteo.com" />
+	<target host="widget.fr.eu.criteo.com" />
+	<target host="ads.eu.criteo.com" />
+	<target host="info.eu.criteo.com" />
+	<target host="cas.nl.eu.criteo.com" />
+	<target host="cat.nl.eu.criteo.com" />
+	<target host="ck.nl.eu.criteo.com" />
+	<target host="widget.nl.eu.criteo.com" />
+	<target host="rdi.eu.criteo.com" />
+	<target host="rtax.eu.criteo.com" />
+	<target host="widget.eu.criteo.com" />
+	<target host="extranet.criteo.com" />
+	<target host="gem.criteo.com" />
+	<target host="gum.criteo.com" />
+	<target host="info.criteo.com" />
+	<target host="integrate.criteo.com" />
+	<target host="ir.criteo.com" />
+	<target host="kb.criteo.com" />
+	<target host="ld1.criteo.com" />
+	<target host="ld2.criteo.com" />
+	<target host="maintenance.criteo.com" />
+	<target host="marketing.criteo.com" />
+	<target host="mug.criteo.com" />
+	<target host="news.criteo.com" />
+	<target host="org-ld2.criteo.com" />
+	<target host="premium.criteo.com" />
+	<target host="preview.criteo.com" />
+	<target host="preview-par.criteo.com" />
+	<target host="preview-sv6.criteo.com" />
+	<target host="publisher.criteo.com" />
+	<target host="publishers.criteo.com" />
+	<target host="rtax.criteo.com" />
+	<target host="sslwidget.criteo.com" />
+	<target host="static.criteo.com" />
+	<target host="staticdemo.criteo.com" />
+	<target host="support.criteo.com" />
+	<target host="test.criteo.com" />
+	<target host="post.update.criteo.com" />
+	<target host="s.update.criteo.com" />
+	<target host="ads.us.criteo.com" />
+	<target host="cas.us.criteo.com" />
+	<target host="dis.us.criteo.com" />
+	<target host="info.us.criteo.com" />
+	<target host="rdi.us.criteo.com" />
+	<target host="cas.sv.us.criteo.com" />
+	<target host="cat.sv.us.criteo.com" />
+	<target host="ck.sv.us.criteo.com" />
+	<target host="dis.sv.us.criteo.com" />
+	<target host="rtax.sv.us.criteo.com" />
+	<target host="widget.sv.us.criteo.com" />
+	<target host="widget.us.criteo.com" />
+	<target host="cas.va.us.criteo.com" />
+	<target host="cat.va.us.criteo.com" />
+	<target host="dis.va.us.criteo.com" />
+	<target host="widget.criteo.com" />
+
+	<!-- criteo.net -->
+	<target host="pix.jp.as.criteo.net" />
+	<target host="static.jp.as.criteo.net" />
+	<target host="vix.as.criteo.net" />
+	<target host="pix.fr.eu.criteo.net" />
+	<target host="pix.nl.eu.criteo.net" />
+	<target host="pix.eu.criteo.net" />
+	<target host="static.eu.criteo.net" />
+	<target host="peering.criteo.net" />
+	<target host="static.criteo.net" />
+	<target host="pix.us.criteo.net" />
+	<target host="pix4.us.criteo.net" />
+	<target host="pix.sv.us.criteo.net" />
+	<target host="static.sv.us.criteo.net" />
+
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Criteo.xml b/src/chrome/content/rules/Criteo.xml
deleted file mode 100644
index 56d47956948d..000000000000
--- a/src/chrome/content/rules/Criteo.xml
+++ /dev/null
@@ -1,34 +0,0 @@
-<!--
-	Nonfunctional domains:
-
-		- criteo.com		("This website is currently in maintenance")
-		- www.criteo.com	(cert: labs.criteo.com; 403)
-
-
-	Fully covered subdomains:
-
-		- advertising
-		- cas
-		- dis
-		- labs
-		- rtax
-		- sslwidget
-		- dis.us
-
--->
-<ruleset name="Criteo (partial)">
-
-	<target host="*.criteo.com" />
-	<target host="dis.us.criteo.com" />
-
-
-	<!--	name="^(eid|uid)$"
-					-->
-	<securecookie host="^\.criteo\.com$" name=".*" />
-
-
-	<!--	cas, dis, rtax, & dis.us: included on 3rd-party websites.	-->
-	<rule from="^http://(advertising|cas|dis|labs|rtax|sslwidget|dis\.us)\.criteo\.com/"
-		to="https://$1.criteo.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Critical-Mass.xml b/src/chrome/content/rules/Critical-Mass.xml
deleted file mode 100644
index 0e325e803a0e..000000000000
--- a/src/chrome/content/rules/Critical-Mass.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)
-
--->
-<ruleset name="Critical Mass (partial)">
-
-	<target host="cm1.criticalmass.com" />
-
-
-	<securecookie host="^cm1\.criticalmass\.com$" name=".*" />
-
-
-	<rule from="^http://cm1\.criticalmass\.com/"
-		to="https://cm1.criticalmass.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Critical-Path-Internet-Services.xml b/src/chrome/content/rules/Critical-Path-Internet-Services.xml
index 1a4e1690d8c9..7239cdb53db5 100644
--- a/src/chrome/content/rules/Critical-Path-Internet-Services.xml
+++ b/src/chrome/content/rules/Critical-Path-Internet-Services.xml
@@ -5,7 +5,6 @@
 
 	<target host="secure.critpath.org"/>
 
-	<rule from="^http://secure\.critpath\.org/"
-		to="https://secure.critpath.org/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/CriticalMuslim.xml b/src/chrome/content/rules/CriticalMuslim.xml
new file mode 100644
index 000000000000..e3a045611fcd
--- /dev/null
+++ b/src/chrome/content/rules/CriticalMuslim.xml
@@ -0,0 +1,26 @@
+<!--
+	Time out:
+	- criticalmuslim.net
+	- www.criticalmuslim.net
+	- criticalmuslim.org
+	- www.criticalmuslim.org
+
+-->
+<ruleset name="Critical Muslim">
+	<target host="criticalmuslim.com" />
+	<target host="www.criticalmuslim.com" />
+
+	<target host="criticalmuslim.io" />
+	<target host="www.criticalmuslim.io" />
+
+	<target host="criticalmuslim.net" />
+	<target host="www.criticalmuslim.net" />
+
+	<target host="criticalmuslim.org" />
+	<target host="www.criticalmuslim.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://(www\.)?criticalmuslim\.(net|org)/" to="https://criticalmuslim.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Critical_Thinking.org.xml b/src/chrome/content/rules/Critical_Thinking.org.xml
new file mode 100644
index 000000000000..ca793449b360
--- /dev/null
+++ b/src/chrome/content/rules/Critical_Thinking.org.xml
@@ -0,0 +1,20 @@
+<!--
+	Mixed content:
+
+		- Images from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Critical Thinking.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="criticalthinking.org" />
+	<target host="www.criticalthinking.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Crittercism.com.xml b/src/chrome/content/rules/Crittercism.com.xml
index cc8508d98aea..3e5e01cf08ea 100644
--- a/src/chrome/content/rules/Crittercism.com.xml
+++ b/src/chrome/content/rules/Crittercism.com.xml
@@ -6,13 +6,13 @@
 -->
 <ruleset name="Crittercism.com (partial)">
 
-	<target host="*.crittercism.com" />
+	<target host="api.crittercism.com" />
+	<target host="app.crittercism.com" />
 
 
 	<securecookie host="^ap[ip]\.crittercism\.com" name=".+" />
 
 
-	<rule from="^http://ap(i|p)\.crittercism\.com/"
-		to="https://ap$1.crittercism.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Criu.org.xml b/src/chrome/content/rules/Criu.org.xml
new file mode 100644
index 000000000000..e3f969590fbf
--- /dev/null
+++ b/src/chrome/content/rules/Criu.org.xml
@@ -0,0 +1,7 @@
+<ruleset name="Criu.org">
+	<target host="criu.org" />
+	<target host="www.criu.org" />
+	<target host="patchwork.criu.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Crockotec.xml b/src/chrome/content/rules/Crockotec.xml
index 9d97ebb87e0e..c02626857502 100644
--- a/src/chrome/content/rules/Crockotec.xml
+++ b/src/chrome/content/rules/Crockotec.xml
@@ -1,16 +1,15 @@
-<ruleset name="Crockotec (partial)">
+<ruleset name="Crockotec (partial)" default_off="expired">
 
 	<target host="crocko.com"/>
-	<target host="*.crocko.com"/>
+	<target host="www.crocko.com"/>
 	<target host="easy-share.com"/>
 	<target host="www.easy-share.com"/>
 
-	<securecookie host="^\.crocko\.com$" name=".*"/>
 
-	<rule from="^http://(www\.)?crocko\.com/"
-		to="https://$1crocko.com/"/>
+	<securecookie host="^\.crocko\.com$" name=".+" />
 
-	<rule from="^http://(www\.)?easy-share\.com/"
-		to="https://$1easy-share.com/"/>
+
+	<rule from="^http:"
+		to="https:"/>
 
 </ruleset>
diff --git a/src/chrome/content/rules/Crocs.xml b/src/chrome/content/rules/Crocs.xml
index dbf5352f13d0..155fa4fa14f0 100644
--- a/src/chrome/content/rules/Crocs.xml
+++ b/src/chrome/content/rules/Crocs.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://espanol.crocs.com/ => https://espanol.crocs.com/: (51, "SSL: no alternative certificate subject name matches target host name 'espanol.crocs.com'")
+
 		- phx.corporate-ir.net
 
 			- a121.g.akamai.net
@@ -27,10 +31,12 @@
 		- images
 
 -->
-<ruleset name="Crocs">
+<ruleset name="Crocs" default_off="failed ruleset test">
 
 	<target host="crocs.com" />
-	<target host="*.crocs.com" />
+	<target host="www.crocs.com" />
+	<target host="images.crocs.com" />
+	<target host="espanol.crocs.com" />
 		<!--
 			Avoid user-visible paths:
 							-->
@@ -41,13 +47,10 @@
 	<securecookie host="^(?:espanol|www)\.crocs\.com$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?crocs\.com/"
+	<rule from="^http://crocs\.com/"
 		to="https://www.crocs.com/" />
 
-	<rule from="^http://(espanol|images)\.crocs\.com/"
-		to="https://$1.crocs.com/" />
-
-	<rule from="^http://investors\.crocs\.com/"
-		to="https://a248.akamai.net/f/121/4034/6m/investors.crocs.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Cronius.net.xml b/src/chrome/content/rules/Cronius.net.xml
new file mode 100644
index 000000000000..c2dbfa4f859e
--- /dev/null
+++ b/src/chrome/content/rules/Cronius.net.xml
@@ -0,0 +1,33 @@
+<!--
+	For other Cronius coverage, see Cronius.nl.xml.
+
+
+	- CN: www.handtekening.nl
+	- Expired 2013-02-28
+
+
+	Nonfunctional subdomains:
+
+		- static *
+
+	* 404
+
+
+	Mixed content:
+
+		- css from static *
+
+	* Unsecurable
+
+-->
+<ruleset name="Cronius.net" default_off="expired, mismatched">
+
+	<target host="webmanager.cronius.net" />
+
+
+	<securecookie host="^webmanager\.cronius\.net$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cronius.nl.xml b/src/chrome/content/rules/Cronius.nl.xml
new file mode 100644
index 000000000000..f095cc93ec36
--- /dev/null
+++ b/src/chrome/content/rules/Cronius.nl.xml
@@ -0,0 +1,32 @@
+<!--
+	Other Cronius rulesets:
+
+		- Cronius.net.xml
+
+
+	Problematic subdomains:
+
+		- email *
+
+	* Works; mismatched, CN: *.createsend.com
+
+
+	Mixed content:
+
+		- css from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Cronius.nl">
+
+	<target host="cronius.nl" />
+	<target host="www.cronius.nl" />
+
+
+	<securecookie host="^\.cronius\.nl$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cronkite-News.xml b/src/chrome/content/rules/Cronkite-News.xml
index e8ceb4f91be4..4d5784b13876 100644
--- a/src/chrome/content/rules/Cronkite-News.xml
+++ b/src/chrome/content/rules/Cronkite-News.xml
@@ -2,14 +2,14 @@
 	For other Arizona State University coverage, see Arizona-State-University.xml.
 
 -->
-<ruleset name="Cronkite News" default_off="mismatch">
+<ruleset name="Cronkite News" default_off="mismatched">
 
 	<!--	Cert: *.jmc.asu.edu	-->
 	<target host="cronkitenewsonline.com" />
 	<target host="www.cronkitenewsonline.com" />
 
 
-	<rule from="^https?://(?:www\.)?cronkitenewsonline\.com/"
+	<rule from="^http://(?:www\.)?cronkitenewsonline\.com/"
 		to="https://cronkitenewsonline.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/CrooksAndLiars.com.xml b/src/chrome/content/rules/CrooksAndLiars.com.xml
new file mode 100644
index 000000000000..33f941f55ba4
--- /dev/null
+++ b/src/chrome/content/rules/CrooksAndLiars.com.xml
@@ -0,0 +1,17 @@
+<!--
+	Invalid Certificate:
+		mediacdn.crooksandliars.com
+-->
+<ruleset name="CrooksAndLiars.com">
+	<target host="crooksandliars.com" />
+	<target host="www.crooksandliars.com" />
+	<target host="blueamerica.crooksandliars.com" />
+	<target host="embed.crooksandliars.com" />
+		<test url="http://embed.crooksandliars.com/embed/b2h4nEd1" />
+	<target host="murraywaas.crooksandliars.com" />
+	<target host="overthecliff.crooksandliars.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Cross-Pixel-Media-problematic.xml b/src/chrome/content/rules/Cross-Pixel-Media-problematic.xml
index c295c31a37e5..4a90f91e86c9 100644
--- a/src/chrome/content/rules/Cross-Pixel-Media-problematic.xml
+++ b/src/chrome/content/rules/Cross-Pixel-Media-problematic.xml
@@ -10,7 +10,6 @@
 	<!--	- Cert: localhost.localdomain
 		- Ads on 3rd-party websites
 						-->
-	<rule from="^http://pixel\.crosspixel\.net/"
-		to="https://pixel.crosspixel.net/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Cross-Pixel-Media.xml b/src/chrome/content/rules/Cross-Pixel-Media.xml
index dc0a421a7867..2453593ce460 100644
--- a/src/chrome/content/rules/Cross-Pixel-Media.xml
+++ b/src/chrome/content/rules/Cross-Pixel-Media.xml
@@ -21,7 +21,8 @@
 <ruleset name="Cross Pixel Media (partial)">
 
 
-	<target host="*.crsspxl.com" />
+	<target host="elmo.crsspxl.com" />
+	<target host="tag.crsspxl.com" />
 
 
 	<securecookie host="^(?:tag)?\.crsspxl\.com$" name=".+" />
@@ -29,10 +30,9 @@
 
 	<!--	- Both: Ads on 3rd-party websites.
 							-->
-	<rule from="^https?://elmo\.crsspxl\.com/"
+	<rule from="^http://elmo\.crsspxl\.com/"
 		to="https://d2kdqv2bboglbi.cloudfront.net/" />
 
-	<rule from="^http://tag\.crsspxl\.com/"
-		to="https://tag.crsspxl.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CrossRef.org.xml b/src/chrome/content/rules/CrossRef.org.xml
new file mode 100644
index 000000000000..a703b2873be0
--- /dev/null
+++ b/src/chrome/content/rules/CrossRef.org.xml
@@ -0,0 +1,84 @@
+<!--
+	Different content HTTP/HTTPS:
+		blog.crossref.org
+		crosstech.crossref.org
+		mr.crossref.org
+		oai.crossref.org
+		query.crossref.org
+
+	Refused:
+		clickthroughsupport.crossref.org
+		crossmarksupport.crossref.org
+		ftp.crossref.org
+		crossmarksupport.labs.crossref.org
+		tdmsupport.crossref.org
+
+	Bad certificate:
+		dx.crossref.org
+		eventdata.crossref.org
+		hdl.crossref.org
+		labs.crossref.org
+		api.labs.crossref.org
+		www.citation.labs.crossref.org
+		crosstech.labs.crossref.org
+		det.labs.crossref.org
+		extracto.labs.crossref.org
+		ncm.labs.crossref.org
+		nlabs.labs.crossref.org
+		psychoceramics.labs.crossref.org
+		search.labs.crossref.org
+		taxonomies.labs.crossref.org
+		oxford.crossref.org
+		prospect.crossref.org
+
+	No working URL known:
+		api.eventdata.crossref.org (503)
+		archive.eventdata.crossref.org (503)
+		evidence.eventdata.crossref.org
+		mailserv.crossref.org
+		pix_active.crossref.org
+		pix_standby.crossref.org
+
+-->
+<ruleset name="CrossRef.org">
+
+	<target host="crossref.org" />
+	<target host="www.crossref.org" />
+	<target host="api.crossref.org" />
+	<target host="apps.crossref.org" />
+	<target host="assets.crossref.org" />
+	<target host="community.crossref.org" />
+	<target host="crossmark.crossref.org" />
+	<target host="crossmark-cdn.crossref.org" />
+	<target host="data.crossref.org" />
+		<test url="http://data.crossref.org/reports/statusReport.html" />
+	<target host="doi.crossref.org" />
+	<target host="eventdata.crossref.org" />
+	<target host="help.crossref.org" />
+	<target host="id.crossref.org" />
+		<test url="http://id.crossref.org/reports/parser.html" />
+	<target host="labs.crossref.org" />
+	<target host="det.labs.crossref.org" />
+	<target host="nlabs.labs.crossref.org" />
+	<target host="outreach.crossref.org" />
+	<target host="search.crossref.org" />
+	<target host="support.crossref.org" />
+	<target host="test.crossref.org" />
+	<target host="testweb.crossref.org" />
+	<target host="wwwold.crossref.org" />
+
+	<rule from="^http://(det\.labs|eventdata)\.crossref\.org/"
+		to="https://www.crossref.org/services/event-data/" />
+
+	<rule from="^http://labs\.crossref\.org/"
+		to="https://www.crossref.org/labs/" />
+
+	<rule from="^http://nlabs\.labs\.crossref\.org/"
+		to="https://www.crossref.org/" />
+
+		<test url="http://nlabs.labs.crossref.org/about/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CrossWire.org.xml b/src/chrome/content/rules/CrossWire.org.xml
index e20e075cbdc9..26778857a8c4 100644
--- a/src/chrome/content/rules/CrossWire.org.xml
+++ b/src/chrome/content/rules/CrossWire.org.xml
@@ -1,19 +1,22 @@
 <!--
-	Problematic subdomains:
+	Non-functional hosts
+		SSL peer certificate was not OK:
+			 - ftp.crosswire.org
+			 - store.crosswire.org
 
-		- ^	(cert only matches *.crosswire.org)
+		Status code mismatch:
+			 - labs.crosswire.org
 
+		4xx client error:
+			 - mail.crosswire.org
 -->
-<ruleset name="CrossWire.org" default_off="self-signed">
-
+<ruleset name="CrossWire.org (partial)">
 	<target host="crosswire.org" />
 	<target host="www.crosswire.org" />
+	<target host="community.crosswire.org" />
+		<test url="http://community.crosswire.org/wiki/Category:Paratext" />
 
+	<securecookie host="^(www\.)?crosswire\.org$" name=".+" />
 
-	<securecookie host="^www\.crosswire\.org$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?crosswire\.org/"
-		to="https://www.crosswire.org/" />
-
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Crossdresser-Forum.de.xml b/src/chrome/content/rules/Crossdresser-Forum.de.xml
new file mode 100644
index 000000000000..3034ecf9fb16
--- /dev/null
+++ b/src/chrome/content/rules/Crossdresser-Forum.de.xml
@@ -0,0 +1,8 @@
+<ruleset name="Crossdresser-Forum.de">
+
+	<target host="crossdresser-forum.de"/>
+	<target host="www.crossdresser-forum.de"/>
+
+	<rule from="^http:" to="https:"/>
+
+</ruleset>
diff --git a/src/chrome/content/rules/Crossrider.xml b/src/chrome/content/rules/Crossrider.xml
index 449a50f6c6cd..d1d6b00a616f 100644
--- a/src/chrome/content/rules/Crossrider.xml
+++ b/src/chrome/content/rules/Crossrider.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://crossrider.com/ => https://crossrider.com/: (7, 'Failed to connect to crossrider.com port 443: Connection refused')
+
 	Nonfunctional domains:
 
 		- docs	(shows ^)
@@ -9,16 +13,16 @@
 		- www	(400)
 
 -->
-<ruleset name="Crossrider (partial)">
+<ruleset name="Crossrider (partial)" default_off="failed ruleset test">
 
 	<target host="crossrider.com" />
-	<target host="*.crossrider.com" />
+	<target host="www.crossrider.com" />
 
 
 	<securecookie host="^\.?crossrider\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?crossrider\.com/"
+	<rule from="^http://(?:www\.)?crossrider\.com/"
 		to="https://crossrider.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Crowd-Factory.xml b/src/chrome/content/rules/Crowd-Factory.xml
index 90ef701d9aa6..c9584c83c2fe 100644
--- a/src/chrome/content/rules/Crowd-Factory.xml
+++ b/src/chrome/content/rules/Crowd-Factory.xml
@@ -1,4 +1,14 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://crowdfactory.com/ => https://www.crowdfactory.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://socialcampaign.com/ => https://socialcampaign.com/: (7, 'Failed to connect to socialcampaign.com port 443: Connection refused')
+Fetch error: http://www.socialcampaign.com/ => https://www.socialcampaign.com/: (7, 'Failed to connect to www.socialcampaign.com port 443: Connection refused')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://crowdfactory.com/ => https://www.crowdfactory.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.crowdfactory.com'")
+Fetch error: http://socialcampaign.com/ => https://socialcampaign.com/: (28, 'Connection timed out after 10001 milliseconds')
+Fetch error: http://www.socialcampaign.com/ => https://www.socialcampaign.com/: (28, 'Connection timed out after 10001 milliseconds')
 	For other Marketo coverage, see Marketo.xml.
 
 
@@ -10,26 +20,25 @@
 	pages.crowdfactory.com cert: *.marketo.com
 
 -->
-<ruleset name="Crowd Factory">
+<ruleset name="Crowd Factory" default_off="failed ruleset test">
 
 	<target host="crowdfactory.com" />
-	<target host="*.crowdfactory.com" />
+	<target host="www.crowdfactory.com" />
+	<target host="b2c-wsinsight.crowdfactory.com" />
+	<target host="blog.crowdfactory.com" />
 	<target host="socialcampaign.com" />
 	<target host="www.socialcampaign.com" />
 
 
-	<securecookie host="^.*\.crowdfactory\.com$" name=".*" />
-	<securecookie host="^socialcampaign\.com$" name=".*" />
+	<securecookie host="^.*\.crowdfactory\.com$" name=".+" />
+	<securecookie host="^socialcampaign\.com$" name=".+" />
 
 
 	<!--	!www times out.	-->
-	<rule from="^https?://(?:www\.)?crowdfactory.com/"
+	<rule from="^http://(?:www\.)?crowdfactory\.com/"
 		to="https://www.crowdfactory.com/" />
 
-	<rule from="^http://b(2c-wsinsight|log)\.crowdfactory\.com/"
-		to="https://b$1.crowdfactory.com/" />
 
-	<rule from="^http://(www\.)?socialcampaign\.com/"
-		to="https://$1socialcampaign.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Crowd-Science.xml b/src/chrome/content/rules/Crowd-Science.xml
index 9f3a338333ae..86199be276d0 100644
--- a/src/chrome/content/rules/Crowd-Science.xml
+++ b/src/chrome/content/rules/Crowd-Science.xml
@@ -40,7 +40,11 @@
 -->
 <ruleset name="Crowd Science (partial)">
 
-	<target host="*.crowdscience.com" />
+	<target host="app.crowdscience.com" />
+	<target host="aws-app.crowdscience.com" />
+	<target host="static.crowdscience.com" />
+	<target host="secure-static.crowdscience.com" />
+	<target host="support.crowdscience.com" />
 		<exclusion pattern="http://static\.crowndscience\.com/blog/" />
 
 
diff --git a/src/chrome/content/rules/CrowdCulture.se.xml b/src/chrome/content/rules/CrowdCulture.se.xml
index b56b27aea1f2..3aca904d1b2e 100644
--- a/src/chrome/content/rules/CrowdCulture.se.xml
+++ b/src/chrome/content/rules/CrowdCulture.se.xml
@@ -11,13 +11,12 @@
 <ruleset name="CrowdCulture.se">
 
 	<target host="crowdculture.se" />
-	<target host="*.crowdculture.se" />
+	<target host="www.crowdculture.se" />
 
 
 	<securecookie host="^\.?crowdculture\.se$" name=".+" />
 
 
-	<rule from="^http://(www\.)?crowdculture\.se/"
-		to="https://$1crowdculture.se/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/CrowdJustice.co.uk.xml b/src/chrome/content/rules/CrowdJustice.co.uk.xml
new file mode 100644
index 000000000000..4d0b8a4af93a
--- /dev/null
+++ b/src/chrome/content/rules/CrowdJustice.co.uk.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .crowdjustice.co.uk
+
+-->
+<ruleset name="CrowdJustice.co.uk">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="crowdjustice.co.uk" />
+	<target host="www.crowdjustice.co.uk" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.crowdjustice\.co\.uk$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CrowdJustice.com.xml b/src/chrome/content/rules/CrowdJustice.com.xml
new file mode 100644
index 000000000000..34bf1d0e429c
--- /dev/null
+++ b/src/chrome/content/rules/CrowdJustice.com.xml
@@ -0,0 +1,16 @@
+<!--
+	Invalid Certificate:
+		r.mail.crowdjustice.com
+-->
+<ruleset name="CrowdJustice.com">
+	<target host="crowdjustice.com" />
+	<target host="www.crowdjustice.com" />
+	<target host="blog.crowdjustice.com" />
+	<target host="help.crowdjustice.com" />
+	<target host="static.crowdjustice.com" />
+		<test url="http://static.crowdjustice.com/user_content/1904549+To+David+Davis+22+03+2018_Redacted.pdf" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CrowdTangle.xml b/src/chrome/content/rules/CrowdTangle.xml
index 7277aabe390d..1dbbaa459f9f 100644
--- a/src/chrome/content/rules/CrowdTangle.xml
+++ b/src/chrome/content/rules/CrowdTangle.xml
@@ -1,19 +1,18 @@
 <!--
-	Problematic subdomains:
-
-		- ^	(pages and custom/ redirect to http, other paths work; mismatched, CN: onepagerapp.com)
-
+	Connection timed out:
+		- crowdtangle.com, equivalent to www.crowdtangle.com
 -->
-<ruleset name="CrowdTangle (partial)">
 
+<ruleset name="CrowdTangle">
 	<target host="crowdtangle.com" />
-	<target host="*.crowdtangle.com" />
-
-
-	<rule from="^https?://(?:www\.)?crowdtangle\.com/(asset|upload)s/"
-		to="https://onepagerapp.com/$1s/" />
+	<target host="www.crowdtangle.com" />
+	<target host="apps.crowdtangle.com" />
+	<target host="blog.crowdtangle.com" />
+	<target host="help.crowdtangle.com" />
+	<target host="updater.crowdtangle.com" />
 
-	<rule from="^http://prod\.crowdtangle\.com/"
-		to="https://prod.crowdtangle.com/" />
+	<rule from="^http://crowdtangle\.com/"
+		  to="https://www.crowdtangle.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Crowd_Supply.com.xml b/src/chrome/content/rules/Crowd_Supply.com.xml
new file mode 100644
index 000000000000..e790d18b707b
--- /dev/null
+++ b/src/chrome/content/rules/Crowd_Supply.com.xml
@@ -0,0 +1,30 @@
+<!--
+	Nonfunctional hosts in *crowdsupply.com:
+
+		- blog *
+
+	* Tumblr
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.crowdsupply.com
+
+-->
+<ruleset name="Crowd Supply.com (partial)">
+
+	<target host="crowdsupply.com" />
+	<target host="www.crowdsupply.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.crowdsupply\.com$" name="^(gimlet|manhattan)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Crowdcurity.com.xml b/src/chrome/content/rules/Crowdcurity.com.xml
index f69ab4f6f297..fe047d18c468 100644
--- a/src/chrome/content/rules/Crowdcurity.com.xml
+++ b/src/chrome/content/rules/Crowdcurity.com.xml
@@ -1,16 +1,39 @@
-<!-- This rule was automatically generated based on an HSTS
-     preload rule in the Chromium browser.  See
-     https://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.h
-     for the list of preloads.  Sites are added to the Chromium HSTS
-     preload list on request from their administrators, so HTTPS should
-     work properly everywhere on this site.
+<!--
+	NB: Tor users cannot view* this website due to CloudFlare settings.
 
-     Because Chromium and derived browsers automatically force HTTPS for
-     every access to this site, this rule applies only to Firefox. -->
-<ruleset name="Crowdcurity.com" platform="firefox">
-<target host="crowdcurity.com" />
+	See:
 
-<securecookie host="^crowdcurity\.com$" name=".+" />
+		- https://blog.torproject.org/blog/call-arms-helping-internet-services-accept-anonymous-users
+		- https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block-Tor-
+		- https://support.cloudflare.com/hc/en-us/articles/200170206-How-do-I-turn-I-m-Under-Attack-mode-on-
+
+	* without enabling javascript, for security and privacy implications see e.g.:
+
+		- https://www.mozilla.org/security/known-vulnerabilities/firefox.html
+		- https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-fingerprinting
+		- https://panopticlick.eff.org
+
+
+	Insecure cookies are set for these domains:
+
+		- .crowdcurity.com
+
+-->
+<ruleset name="Crowdcurity.com">
+
+	<target host="crowdcurity.com" />
+	<target host="www.crowdcurity.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.crowdcurity\.com$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
-<rule from="^http://crowdcurity\.com/" to="https://crowdcurity.com/" />
 </ruleset>
diff --git a/src/chrome/content/rules/Crowdin.com.xml b/src/chrome/content/rules/Crowdin.com.xml
new file mode 100644
index 000000000000..2c6331bdb014
--- /dev/null
+++ b/src/chrome/content/rules/Crowdin.com.xml
@@ -0,0 +1,47 @@
+<!--
+	403 status code:
+		- cdn.crowdin.com
+		- cname.crowdin.com
+
+	426 status code:
+		- ws-lb.crowdin.com
+
+	Timeout was reached:
+		- test.crowdin.com
+		- admin.test.crowdin.com
+-->
+<ruleset name="Crowdin.com">
+	<target host="crowdin.com" />
+	<target host="www.crowdin.com" />
+	<target host="api.crowdin.com" />
+		<test url="http://api.crowdin.com/api/supported-languages" />
+	<target host="blog.crowdin.com" />
+	<target host="demo.crowdin.com" />
+	<target host="downloads.crowdin.com" />
+		<test url="http://downloads.crowdin.com/docs/android-crowdsourcing.pdf" />
+	<target host="support.crowdin.com" />
+	<target host="translate.crowdin.com" />
+
+	<target host="ar.crowdin.com" />
+	<target host="be.crowdin.com" />
+	<target host="br.crowdin.com" />
+	<target host="cs.crowdin.com" />
+	<target host="de.crowdin.com" />
+	<target host="es.crowdin.com" />
+	<target host="fr.crowdin.com" />
+	<target host="hu.crowdin.com" />
+	<target host="it.crowdin.com" />
+	<target host="ja.crowdin.com" />
+	<target host="pl.crowdin.com" />
+	<target host="pt.crowdin.com" />
+	<target host="ru.crowdin.com" />
+	<target host="sk.crowdin.com" />
+	<target host="uk.crowdin.com" />
+
+	<target host="crowdin.net" />
+	<target host="www.crowdin.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Crowdrise.com.xml b/src/chrome/content/rules/Crowdrise.com.xml
new file mode 100644
index 000000000000..aae140cb52b7
--- /dev/null
+++ b/src/chrome/content/rules/Crowdrise.com.xml
@@ -0,0 +1,33 @@
+<!--
+	Invalid certificate:
+		*.cdn.crowdrise.com
+		sendgrid.crowdrise.com
+
+	No working URL known:
+		cdncustom.crowdrise.com
+		cdnfiles.crowdrise.com
+		gigya.crowdrise.com
+
+-->
+<ruleset name="Crowdrise.com">
+
+	<target host="crowdrise.com" />
+	<target host="www.crowdrise.com" />
+	<target host="cdn.crowdrise.com" />
+	<target host="gaga.crowdrise.com" />
+	<target host="reports.crowdrise.com" />
+	<target host="sq.crowdrise.com" />
+	<target host="www.sq.crowdrise.com" />
+	<target host="support.crowdrise.com" />
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.crowdrise\.com$" name="^crowdrise_session$" /-->
+
+	<securecookie host="^\.crowdrise\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cru.fr.xml b/src/chrome/content/rules/Cru.fr.xml
index 304cd421bcfd..d1d7166c1e52 100644
--- a/src/chrome/content/rules/Cru.fr.xml
+++ b/src/chrome/content/rules/Cru.fr.xml
@@ -1,27 +1,37 @@
+
 <!--
-	Fully covered subdomains:
+Disabled by https-everywhere-checker because:
+Fetch error: http://listes.cru.fr/ => https://listes.cru.fr/: (51, "SSL: no alternative certificate subject name matches target host name 'listes.cru.fr'")
+Fetch error: http://svn.cru.fr/ => https://svn.cru.fr/: (51, "SSL: no alternative certificate subject name matches target host name 'svn.cru.fr'")
+Non-2xx HTTP code: http://git.cru.fr/ (200) => https://git.renater.fr/ (403)
+
+	Nonfunctional hosts in *cru.fr:
 
-		- git		(→ git.renater.fr)
-		- listes
-		- sourcesup	(→ sourcesup.renater.fr)
-		- subversion
-		- svn
-		- www
+		- groupware *
+
+	* Plaintext reply
 
 
 	^cru.fr does not exist
 
 -->
-<ruleset name="cru.fr">
+<ruleset name="cru.fr (partial)" default_off="failed ruleset test">
 
-	<target host="*.cru.fr" />
+	<!--	Direct rewrites:
+				-->
+	<target host="listes.cru.fr" />
+	<target host="subversion.cru.fr" />
+	<target host="svn.cru.fr" />
+	<target host="www.cru.fr" />
 
+	<!--	Complications:
+				-->
+	<target host="git.cru.fr" />
+	<target host="sourcesup.cru.fr" />
 
-	<securecookie host="^www\.cru\.fr$" name=".+" />
 
+	<securecookie host="^\w" name=".+" />
 
-	<rule from="^http://(listes|subversion|svn|www)\.cru\.fr/"
-		to="https://$1.cru.fr/" />
 
 	<!--	Works over https, but redirects
 		like so over http:
@@ -29,4 +39,7 @@
 	<rule from="^http://(git|sourcesup)\.cru\.fr/"
 		to="https://$1.renater.fr/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cru.org.xml b/src/chrome/content/rules/Cru.org.xml
index f16484609c86..1a4c190f50ba 100644
--- a/src/chrome/content/rules/Cru.org.xml
+++ b/src/chrome/content/rules/Cru.org.xml
@@ -1,4 +1,6 @@
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cru.org/ => https://cru.org/: (51, "SSL: no alternative certificate subject name matches target host name 'cru.org'")
 	CDN buckets:
 
 		- d2kuvqjqp132ic.cloudfront.net
@@ -10,17 +12,12 @@
 
 	<target host="cru.org" />
 	<target host="*.cru.org" />
-
+		<test url="http://sites.cru.org/" />
+		<test url="http://stage.cru.org/" />
+		<test url="http://jobs.cru.org/" />
 
 	<securecookie host="^(?:www\.)?cru\.org$" name=".+" />
 
-
-	<rule from="^http://(www\.)?cru\.org/"
-		to="https://$1cru.org/" />
-
-	<!--	Protocol-relative links from www:
-						-->
-	<rule from="^https?://static\.cru\.org/"
-		to="https://d2kuvqjqp132ic.cloudfront.net/" />
-
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Crucial.xml b/src/chrome/content/rules/Crucial.xml
index 0d61c8734c40..9f6a114cbc44 100644
--- a/src/chrome/content/rules/Crucial.xml
+++ b/src/chrome/content/rules/Crucial.xml
@@ -13,39 +13,41 @@
 
 	Problematic subdomains:
 
-		- forum		(refused)
-		- images *
-		- scripts *
-
-	* 404; mismatched, CN: gp1.wac.edgecastcdn.net
+		- fr. mismatch
+		- communaute. mismatch
+		- guides. mismatch
+		- forum. mismatch
+		- community. mismatch
+		- forums. mismatch
+		- edge. mismatch
+		- scripts. mismatch
+		- images. mismatch
+		- guides.crucial.fr mismatch
 
 
 	Partially covered subdomains:
 
-		- (www.)	(some pages redirect to http)
-
-
-	Fully covered subdomains:
-
-		- forum		(→ crucial.i.lithium.com)
-		- images	(→ www)
-		- scripts	(→ www)
-
+		- (www.)? some pages redirect to http
+		- it. some pages redirect to http
+		- uk. some pages redirect to http
+		- eu. some pages redirect to http
+		- (www.)?crucial.de some pages redirect to http
+		- (www.)?crucial.fr some pages redirect to http
+		- (www.)?crucial.jp some pages redirect to http
 -->
-<ruleset name="Crucial.com (partial)">
-
-	<target host="crucial.com" />
-	<target host="*.crucial.com" />
-		<exclusion pattern="^http://(?:www\.)?crucial\.com/(?!favicon\.png|images\d{0,2}/|js/|css/|reviews/)" />
-
+<ruleset name="Crucial.com (partial)" default_off="prevents crucial.com loading">
 
-	<rule from="^http://crucial\.com/"
-		to="https://crucial.com/" />
+	<target host="assets.crucial.com" />
+	<target host="assets.crucial.de" />
+	<target host="assets.crucial.fr" />
+	<target host="assets.crucial.jp" />
+	<target host="pics.crucial.com" />
+	<target host="pics.crucial.de" />
+	<target host="pics.crucial.fr" />
+	<target host="pics.crucial.jp" />
 
-	<rule from="^http://(?:images|scripts|www)\.crucial\.com/"
-		to="https://www.crucial.com/" />
 
-	<rule from="^http://forum\.crucial\.com/"
-		to="https://crucial.i.lithium.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/CruisersForum.com.xml b/src/chrome/content/rules/CruisersForum.com.xml
index c06cb63895a1..892278a34ee9 100644
--- a/src/chrome/content/rules/CruisersForum.com.xml
+++ b/src/chrome/content/rules/CruisersForum.com.xml
@@ -21,7 +21,8 @@
 <ruleset name="CruisersForum.com">
 
 	<target host="cruisersforum.com" />
-	<target host="*.cruisersforum.com" />
+	<target host="cdn.cruisersforum.com" />
+	<target host="www.cruisersforum.com" />
 
 
 	<securecookie host="^(?:www)?\.cruisersforum\.com$" name=".+" />
@@ -30,4 +31,4 @@
 	<rule from="^http://(?:cdn\.|www\.)?cruisersforum\.com/"
 		to="https://www.cruisersforum.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/CrunchBase.com.xml b/src/chrome/content/rules/CrunchBase.com.xml
new file mode 100644
index 000000000000..b9d95e2db96f
--- /dev/null
+++ b/src/chrome/content/rules/CrunchBase.com.xml
@@ -0,0 +1,14 @@
+<!--
+	NB: This site blocks Tor users
+
+-->
+<ruleset name="CrunchBase.com" default_off="needs clearnet testing">
+
+	<target host="crunchbase.com" />
+	<target host="www.crunchbase.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CrunchBoard.com.xml b/src/chrome/content/rules/CrunchBoard.com.xml
new file mode 100644
index 000000000000..ab690b6d3659
--- /dev/null
+++ b/src/chrome/content/rules/CrunchBoard.com.xml
@@ -0,0 +1,22 @@
+<!--
+	For other AOL coverage, see AOL.xml.
+
+	Invalid certificate:
+		crunchboard.com
+		fr.crunchboard.com
+		services.crunchboard.com
+		uk.crunchboard.com
+
+-->
+<ruleset name="CrunchBoard.com">
+
+	<target host="crunchboard.com" />
+	<target host="www.crunchboard.com" />
+
+	<rule from="^http://crunchboard\.com/"
+		to="https://www.crunchboard.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Crunchbangplusplus.org.xml b/src/chrome/content/rules/Crunchbangplusplus.org.xml
new file mode 100644
index 000000000000..a367ac1de59c
--- /dev/null
+++ b/src/chrome/content/rules/Crunchbangplusplus.org.xml
@@ -0,0 +1,12 @@
+<ruleset name="Crunchbangplusplus.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="crunchbangplusplus.org" />
+	<target host="www.crunchbangplusplus.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Crunchyroll.com.xml b/src/chrome/content/rules/Crunchyroll.com.xml
new file mode 100644
index 000000000000..38b477f3a9fb
--- /dev/null
+++ b/src/chrome/content/rules/Crunchyroll.com.xml
@@ -0,0 +1,48 @@
+<ruleset name="Crunchyroll.com">
+	<target host="crunchyroll.com" />
+	<target host="www.crunchyroll.com" />
+	<target host="accounts.crunchyroll.com" />
+	<target host="img1.ak.crunchyroll.com" />
+	<target host="static.ak.crunchyroll.com" />
+	<target host="api.crunchyroll.com" />
+	<target host="api-manga.crunchyroll.com" />
+	<target host="app.crunchyroll.com" />
+	<target host="bento.crunchyroll.com" />
+	<target host="beta.crunchyroll.com" />
+	<target host="beta-api.crunchyroll.com" />
+	<target host="beta-stage.crunchyroll.com" />
+	<target host="beta-stage-api.crunchyroll.com" />
+	<target host="cms.crunchyroll.com" />
+	<target host="cms-manga.crunchyroll.com" />
+	<target host="cms-stage.crunchyroll.com" />
+	<target host="eec.crunchyroll.com" />
+	<target host="faspex.crunchyroll.com" />
+	<target host="help.crunchyroll.com" />
+	<target host="links.mail.crunchyroll.com" />
+	<target host="overloaded.crunchyroll.com" />
+	<target host="partnerfeed.crunchyroll.com" />
+	<target host="pl.crunchyroll.com" />
+	<target host="www.rules.crunchyroll.com" />
+	<target host="sa.crunchyroll.com" />
+	<target host="secure.crunchyroll.com" />
+	<target host="shop.crunchyroll.com" />
+	<target host="sso.crunchyroll.com" />
+	<target host="stage.crunchyroll.com" />
+	<target host="stage-accounts.crunchyroll.com" />
+	<target host="stage-admin.crunchyroll.com" />
+	<target host="stage-api.crunchyroll.com" />
+	<target host="stage-api-manga.crunchyroll.com" />
+	<target host="stage-cms-manga.crunchyroll.com" />
+	<target host="stage-eec.crunchyroll.com" />
+	<target host="stage-secure.crunchyroll.com" />
+	<target host="stage-sso.crunchyroll.com" />
+	<target host="stage-support.crunchyroll.com" />
+	<target host="staging-store.crunchyroll.com" />
+	<target host="static.crunchyroll.com" />
+	<target host="store.crunchyroll.com" />
+	<target host="support.crunchyroll.com" />
+	<target host="tienda.crunchyroll.com" />
+	<target host="upload.crunchyroll.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Crux.nu.xml b/src/chrome/content/rules/Crux.nu.xml
new file mode 100644
index 000000000000..027824f5cc1a
--- /dev/null
+++ b/src/chrome/content/rules/Crux.nu.xml
@@ -0,0 +1,34 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.crux.nu/ => https://www.crux.nu/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- crux.nu
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Crux.nu" default_off="failed ruleset test">
+
+	<target host="crux.nu" />
+	<target host="lists.crux.nu" />
+	<target host="www.crux.nu" />
+
+		<!--	Sets cookies without Secure:
+							-->
+		<!--test url="http://crux.nu/bugs/" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^crux\.nu$" name="^(?:FreeSoftware|GetFirefox|NoMicrosoft|RTFM|ReadTheFAQ|SubliminalAdvertising|ThinkB4Replying|UseLinux|VisitAU|flyspray_project|taklist_type)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CrySyS-Lab.xml b/src/chrome/content/rules/CrySyS-Lab.xml
index 3f0d01f05e6b..8390a63e2c55 100644
--- a/src/chrome/content/rules/CrySyS-Lab.xml
+++ b/src/chrome/content/rules/CrySyS-Lab.xml
@@ -4,11 +4,11 @@
 	<target host="www.crysys.hu" />
 
 
-	<securecookie host="^www\.crysys\.hu$" name=".*" />
+	<securecookie host="^www\.crysys\.hu$" name=".+" />
 
 
 	<!--	Cert only matches www.	-->
-	<rule from="^https?://(?:www\.)?crysys\.hu/"
+	<rule from="^http://(?:www\.)?crysys\.hu/"
 		to="https://www.crysys.hu/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Cryengine.com.xml b/src/chrome/content/rules/Cryengine.com.xml
new file mode 100644
index 000000000000..d19e5022c972
--- /dev/null
+++ b/src/chrome/content/rules/Cryengine.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Cryengine.com">
+  <target host="cryengine.com" />
+  <target host="www.cryengine.com" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Cryout_Creations.eu.xml b/src/chrome/content/rules/Cryout_Creations.eu.xml
new file mode 100644
index 000000000000..c9abf7c8baa4
--- /dev/null
+++ b/src/chrome/content/rules/Cryout_Creations.eu.xml
@@ -0,0 +1,30 @@
+<!--
+	Mixed content:
+
+		- css from $self *
+		- Images from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Cryout Creations.eu (partial)">
+
+	<target host="cryoutcreations.eu" />
+	<target host="www.cryoutcreations.eu" />
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="^http://www\.cryoutcreations\.eu/($|forums/f/wordpress/\w+$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://(?:www\.)?cryoutcreations\.eu/+(?!(?:contact|custom-work|premium-support)(?:$|\?)|favicon\.ico|sprites/|wp-content/|wp-includes/)" />
+		<!--
+			(Triggers broken MCB:)
+						-->
+		<!--exclusion pattern="^http://(www\.)?cryoutcreations\.eu/donate$" /-->
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CrypTrader.com.xml b/src/chrome/content/rules/CrypTrader.com.xml
new file mode 100644
index 000000000000..21d2a0ca9201
--- /dev/null
+++ b/src/chrome/content/rules/CrypTrader.com.xml
@@ -0,0 +1,28 @@
+<!--
+	Insecure cookies are set for these domains and hosts:
+
+		- cryptrader.com
+		- .cryptrader.com
+		- www.cryptrader.com
+
+-->
+<ruleset name="CrypTrader.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="cryptrader.com" />
+	<target host="www.cryptrader.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?cryptrader\.com$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^\.cryptrader\.com$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^(?:\.|www\.)?cryptrader\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CryptAByte.com.xml b/src/chrome/content/rules/CryptAByte.com.xml
new file mode 100644
index 000000000000..359e0b9642a5
--- /dev/null
+++ b/src/chrome/content/rules/CryptAByte.com.xml
@@ -0,0 +1,14 @@
+<!--
+	Refused:
+		- blog
+-->
+<ruleset name="CryptAByte.com">
+
+	<target host="cryptabyte.com" />
+	<target host="www.cryptabyte.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CryptDown.eu.xml b/src/chrome/content/rules/CryptDown.eu.xml
new file mode 100644
index 000000000000..ffd8d139ee59
--- /dev/null
+++ b/src/chrome/content/rules/CryptDown.eu.xml
@@ -0,0 +1,12 @@
+<ruleset name="CryptDown.eu">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="cryptdown.eu" />
+	<target host="www.cryptdown.eu" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cryptalloy.de-problematic.xml b/src/chrome/content/rules/Cryptalloy.de-problematic.xml
index 6f2c1d25a965..a7a80b270fbc 100644
--- a/src/chrome/content/rules/Cryptalloy.de-problematic.xml
+++ b/src/chrome/content/rules/Cryptalloy.de-problematic.xml
@@ -5,7 +5,7 @@
 <ruleset name="Cryptalloy.de (problematic)" default_off="self-signed">
 
 	<target host="cryptalloy.de" />
-	<target host="*.cryptalloy.de" />
+	<target host="www.cryptalloy.de" />
 
 
 	<securecookie host="^\.www\.cryptalloy\.de$" name=".+" />
@@ -14,4 +14,4 @@
 	<rule from="^http://(?:www\.)?cryptalloy\.de/"
 		to="https://www.cryptalloy.de/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Cryptalloy.de.xml b/src/chrome/content/rules/Cryptalloy.de.xml
index cf60fa012d7f..21591cd1cd96 100644
--- a/src/chrome/content/rules/Cryptalloy.de.xml
+++ b/src/chrome/content/rules/Cryptalloy.de.xml
@@ -22,4 +22,4 @@
 	<rule from="^http://(?:www\.)?shop\.cryptalloy\.de/"
 		to="https://www.shop.cryptalloy.de/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Cryptanalysis.xml b/src/chrome/content/rules/Cryptanalysis.xml
index 8c34c8dd547c..e0e4777e18ec 100644
--- a/src/chrome/content/rules/Cryptanalysis.xml
+++ b/src/chrome/content/rules/Cryptanalysis.xml
@@ -1,11 +1,17 @@
-<ruleset name="Cryptanalysis">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.cryptanalysis.eu/ => https://www.cryptanalysis.eu/: (51, "SSL: no alternative certificate subject name matches target host name 'www.cryptanalysis.eu'")
+
+-->
+<ruleset name="Cryptanalysis.eu" default_off="failed ruleset test">
 
 	<target host="cryptanalysis.eu"/>
 	<target host="www.cryptanalysis.eu"/>
 
-	<securecookie host="^cryptanalysis\.eu$" name=".*"/>
+	<securecookie host="^cryptanalysis\.eu$" name=".+" />
 
-	<rule from="^http://(www\.)?cryptanalysis\.eu/"
-		to="https://$1cryptanalysis.eu/"/>
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Cryptbin.com.xml b/src/chrome/content/rules/Cryptbin.com.xml
new file mode 100644
index 000000000000..61c5ff600219
--- /dev/null
+++ b/src/chrome/content/rules/Cryptbin.com.xml
@@ -0,0 +1,30 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cryptbin.com/ => https://cryptbin.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.cryptbin.com/ => https://www.cryptbin.com/: (60, 'SSL certificate problem: certificate has expired')
+
+	Insecure cookies are set for these hosts:
+
+		- cryptbin.com
+
+-->
+<ruleset name="Cryptbin.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="cryptbin.com" />
+	<target host="www.cryptbin.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^cryptbin\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^cryptbin\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CryptedMemo.com.xml b/src/chrome/content/rules/CryptedMemo.com.xml
index c51d6bfa8acd..b7e4c0d31f1b 100644
--- a/src/chrome/content/rules/CryptedMemo.com.xml
+++ b/src/chrome/content/rules/CryptedMemo.com.xml
@@ -1,13 +1,16 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cryptedmemo.com/ => https://cryptedmemo.com/: (60, 'SSL certificate problem: certificate has expired')
+
 	www doesn't exist.
 
 -->
-<ruleset name="CryptedMemo.com">
+<ruleset name="CryptedMemo.com" default_off="failed ruleset test">
 
 	<target host="cryptedmemo.com" />
 
 
-	<rule from="^http://cryptedmemo\.com/"
-		to="https://cryptedmemo.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Crypteron.com.xml b/src/chrome/content/rules/Crypteron.com.xml
new file mode 100644
index 000000000000..843efa4b73a1
--- /dev/null
+++ b/src/chrome/content/rules/Crypteron.com.xml
@@ -0,0 +1,14 @@
+<ruleset name="Crypteron.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="crypteron.com" />
+	<target host="my.crypteron.com" />
+	<target host="support.crypteron.com" />
+	<target host="www.crypteron.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Crypto.cat.xml b/src/chrome/content/rules/Crypto.cat.xml
index e1e32d250113..b7b1c1db213c 100644
--- a/src/chrome/content/rules/Crypto.cat.xml
+++ b/src/chrome/content/rules/Crypto.cat.xml
@@ -1,22 +1,13 @@
 <!--
-	This rule was automatically generated based on an HSTS
-	preload rule in the Chromium browser.  See 
-	https://src.chromium.org/viewvc/chrome/trunk/src/net/base/transport_security_state.cc
-	for the list of preloads.  Sites are added to the Chromium HSTS
-	preload list on request from their administrators, so HTTPS should
-	work properly everywhere on this site.
-
+	Problematic:
+		- blog
+		- lists
 -->
-<ruleset name="Crypto.cat ">
-
-	<target host="crypto.cat" />
-	<target host="*.crypto.cat" />
-
+<ruleset name="Crypto.cat">
+	<target host="www.crypto.cat" />
 
 	<securecookie host="^crypto\.cat$" name=".+" />
 
-
-	<rule from="^http://(blog\.|www\.)?crypto\.cat/"
-		to="https://$1crypto.cat/" />
-
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Crypto.is.xml b/src/chrome/content/rules/Crypto.is.xml
index 32cecc2fe2d9..2a7e20a6c8ec 100644
--- a/src/chrome/content/rules/Crypto.is.xml
+++ b/src/chrome/content/rules/Crypto.is.xml
@@ -1,9 +1,19 @@
-<ruleset name="Crypto.is">
+<!--
+	Nonfunctional hosts in *crypto.is:
+
+		- blog *
+		- wiki *
+
+	* Shows www.crypto.is
+
+-->
+<ruleset name="Crypto.is (partial)">
+
+	<!--	Direct rewrites:
+				-->
   <target host="crypto.is" />
-  <target host="wiki.crypto.is" />
-  <target host="blog.crypto.is" />
+	<target host="www.crypto.is" />
 
-  <rule from="^http://(?:www\.)?crypto\.is/" to="https://crypto.is/" />
-  <rule from="^http://wiki\.crypto\.is/" to="https://wiki.crypto.is/" />
-  <rule from="^http://blog\.crypto\.is/" to="https://blog.crypto.is/" />
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/CryptoCoinTalk.com.xml b/src/chrome/content/rules/CryptoCoinTalk.com.xml
new file mode 100644
index 000000000000..ffc9b157e27a
--- /dev/null
+++ b/src/chrome/content/rules/CryptoCoinTalk.com.xml
@@ -0,0 +1,43 @@
+<!--
+	Problematic hosts:
+
+		- www *
+
+	* Mismatched
+
+
+	Fully covered hosts:
+
+		- (www.)?	(www → ^)
+
+
+	Insecure cookies are set for these domains:
+
+		- .cryptocointalk.com
+
+-->
+<ruleset name="CryptoCoinTalk.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="cryptocointalk.com" />
+
+	<!--	Complications:
+				-->
+	<target host="www.cryptocointalk.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.cryptocointalk\.com$" name="^(CCTalkmodpids|CCTalksession_id)$" /-->
+
+	<securecookie host="^\.cryptocointalk\.com$" name=".+" />
+
+
+	<rule from="^http://www\.cryptocointalk\.com/"
+		to="https://cryptocointalk.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CryptoCoinsNews.com.xml b/src/chrome/content/rules/CryptoCoinsNews.com.xml
new file mode 100644
index 000000000000..eae58b26699c
--- /dev/null
+++ b/src/chrome/content/rules/CryptoCoinsNews.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="CryptoCoinsNews.com">
+
+	<target host="cryptocoinsnews.com" />
+	<target host="www.cryptocoinsnews.com" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CryptoExperts.com.xml b/src/chrome/content/rules/CryptoExperts.com.xml
new file mode 100644
index 000000000000..8c6d62a586a2
--- /dev/null
+++ b/src/chrome/content/rules/CryptoExperts.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- cryptoexperts.com
+		- www.cryptoexperts.com
+
+-->
+<ruleset name="CryptoExperts.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="cryptoexperts.com" />
+	<target host="www.cryptoexperts.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?cryptoexperts\.com$" name="^exp_(?:csrf_token|last_activity|last_visit|tracker)$" /-->
+
+	<securecookie host="^(?:www\.)?cryptoexperts\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CryptoLUX.org.xml b/src/chrome/content/rules/CryptoLUX.org.xml
index 7e6c06158ff1..63d55fb230d0 100644
--- a/src/chrome/content/rules/CryptoLUX.org.xml
+++ b/src/chrome/content/rules/CryptoLUX.org.xml
@@ -1,13 +1,19 @@
-<ruleset name="CryptoLUX.org">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cryptolux.org/ => https://cryptolux.org/: (51, "SSL: no alternative certificate subject name matches target host name 'cryptolux.org'")
+
+-->
+<ruleset name="CryptoLUX.org" default_off="failed ruleset test">
 
 	<target host="cryptolux.org" />
 	<target host="www.cryptolux.org" />
 
 
-	<securecookie host="^(?:www\.)?cryptolux\.org$" name=".+" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^http://(www\.)?cryptolux\.org/"
-		to="https://$1cryptolux.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/CryptoNetwork.com.xml b/src/chrome/content/rules/CryptoNetwork.com.xml
index 161e4071ee95..5857ee96aa1a 100644
--- a/src/chrome/content/rules/CryptoNetwork.com.xml
+++ b/src/chrome/content/rules/CryptoNetwork.com.xml
@@ -1,10 +1,23 @@
-<ruleset name="CryptoNetwork.com">
+<!--
+	^cryptonetwork.com: Server sends no certificate chain, see https://whatsmychaincert.com
+	www.cryptonetwork.com: Mismatched
 
+-->
+<ruleset name="CryptoNetwork.com" default_off="cert-chain">
+
+	<!--	Direct rewrites:
+				-->
 	<target host="cryptonetwork.com" />
+
+	<!--	Complications:
+				-->
 	<target host="www.cryptonetwork.com" />
 
 
-	<rule from="^http://(www\.)?cryptonetwork\.com/"
-		to="https://$1cryptonetwork.com/" />
+	<rule from="^http://www\.cryptonetwork\.com/"
+		to="https://cryptonetwork.com/" />
+
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/CryptoPro.ru.xml b/src/chrome/content/rules/CryptoPro.ru.xml
new file mode 100644
index 000000000000..b6e05f2bde72
--- /dev/null
+++ b/src/chrome/content/rules/CryptoPro.ru.xml
@@ -0,0 +1,22 @@
+<!--
+	^cryptopro.ru: Cert only matches www
+
+-->
+<ruleset name="CryptoPro.ru">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.cryptopro.ru" />
+
+	<!--	Complications:
+				-->
+	<target host="cryptopro.ru" />
+
+
+	<rule from="^http://cryptopro\.ru/"
+		to="https://www.cryptopro.ru/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CryptoRave.org.xml b/src/chrome/content/rules/CryptoRave.org.xml
new file mode 100644
index 000000000000..6150bd7f7c34
--- /dev/null
+++ b/src/chrome/content/rules/CryptoRave.org.xml
@@ -0,0 +1,12 @@
+<ruleset name="CryptoRave.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="cryptorave.org" />
+	<target host="www.cryptorave.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CryptoSMS.org.xml b/src/chrome/content/rules/CryptoSMS.org.xml
deleted file mode 100644
index 0a8e296d8de1..000000000000
--- a/src/chrome/content/rules/CryptoSMS.org.xml
+++ /dev/null
@@ -1,5 +0,0 @@
-<ruleset name="CryptoSMS (CAcert)" platform="cacert">
-  <target host="cryptosms.org" />
-  <target host="www.cryptosms.org" />
-  <rule from="^http://(www\.)?cryptosms\.org/" to="https://cryptosms.org/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/CryptoSeal.com.xml b/src/chrome/content/rules/CryptoSeal.com.xml
index 373fed6ca596..d517761b5203 100644
--- a/src/chrome/content/rules/CryptoSeal.com.xml
+++ b/src/chrome/content/rules/CryptoSeal.com.xml
@@ -1,20 +1,27 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cryptoseal.com/ => https://cryptoseal.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://connect.cryptoseal.com/ => https://connect.cryptoseal.com/: (6, 'Could not resolve host: connect.cryptoseal.com')
+Fetch error: http://www.cryptoseal.com/ => https://www.cryptoseal.com/: (28, 'Operation timed out after 30000 milliseconds with 0 bytes received')
+
 	Fully covered subdomains:
 
 		- (www.)
 		- connect
 
 -->
-<ruleset name="CryptoSeal.com">
+<ruleset name="CryptoSeal.com" default_off="failed ruleset test">
 
 	<target host="cryptoseal.com" />
-	<target host="*.cryptoseal.com" />
+	<target host="connect.cryptoseal.com" />
+	<target host="www.cryptoseal.com" />
 
 
 	<securecookie host="^\.cryptoseal\.com$" name=".+" />
 
 
-	<rule from="^http://(connect\.|www\.)?cryptoseal\.com/"
-		to="https://$1cryptoseal.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/CryptoThrift.com.xml b/src/chrome/content/rules/CryptoThrift.com.xml
new file mode 100644
index 000000000000..757e45a6271e
--- /dev/null
+++ b/src/chrome/content/rules/CryptoThrift.com.xml
@@ -0,0 +1,30 @@
+<!--
+	Problematic subdomains:
+
+		- support *
+
+	* Zendesk
+
+-->
+<ruleset name="CryptoThrift.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="cryptothrift.com" />
+	<target host="www.cryptothrift.com" />
+
+	<!--	Complications:
+				-->
+	<target host="support.cryptothrift.com" />
+
+
+	<securecookie host="^\.cryptothrift\.com$" name=".+" />
+
+
+	<rule from="^http://support\.cryptothrift\.com/"
+		to="https://cryptothrift.zendesk.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CryptoVPN.com.xml b/src/chrome/content/rules/CryptoVPN.com.xml
deleted file mode 100644
index 60df96eee0b7..000000000000
--- a/src/chrome/content/rules/CryptoVPN.com.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="CryptoVPN.com">
-
-	<target host="cryptovpn.com" />
-	<target host="*.cryptovpn.com" />
-
-
-	<securecookie host="^(?:my)?\.cryptovpn\.com$" name=".+" />
-
-
-	<rule from="^http://(my\.|www\.)?cryptovpn\.com/"
-		to="https://$1cryptovpn.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Crypto_Capital.co.xml b/src/chrome/content/rules/Crypto_Capital.co.xml
new file mode 100644
index 000000000000..660e9dc4344a
--- /dev/null
+++ b/src/chrome/content/rules/Crypto_Capital.co.xml
@@ -0,0 +1,28 @@
+<!--
+	Insecure cookies are set for these domains and hosts:
+
+		- .cryptocapital.co
+		- secure.cryptocapital.co
+
+-->
+<ruleset name="Crypto Capital.co">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="cryptocapital.co" />
+	<target host="secure.cryptocapital.co" />
+	<target host="www.cryptocapital.co" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.cryptocapital\.co$" name="^(?:__cfduid|cf_clearance)$" /-->
+	<!--securecookie host="^secure\.cryptocapital\.co$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^(?:secure)?\.cryptocapital\.co$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Crypto_Santa.xyz.xml b/src/chrome/content/rules/Crypto_Santa.xyz.xml
new file mode 100644
index 000000000000..b6811d8eb709
--- /dev/null
+++ b/src/chrome/content/rules/Crypto_Santa.xyz.xml
@@ -0,0 +1,28 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cryptosanta.xyz/ => https://cryptosanta.xyz/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://www.cryptosanta.xyz/ => https://www.cryptosanta.xyz/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+
+	Insecure cookies are set for these domains:
+
+		- .cryptosanta.xyz
+
+-->
+<ruleset name="Crypto Santa.xyz" default_off="failed ruleset test">
+
+	<target host="cryptosanta.xyz" />
+	<target host="www.cryptosanta.xyz" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.cryptosanta\.xyz$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.cryptosanta\.xyz$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cryptocloud.ca.xml b/src/chrome/content/rules/Cryptocloud.ca.xml
deleted file mode 100644
index 56800dc7a424..000000000000
--- a/src/chrome/content/rules/Cryptocloud.ca.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="Cryptocloud.ca">
-
-	<target host="cryptocloud.ca" />
-	<target host="www.cryptocloud.ca" />
-
-
-	<rule from="^http://(www\.)?cryptocloud\.ca/"
-		to="https://$1cryptocloud.ca/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Cryptocloud.xml b/src/chrome/content/rules/Cryptocloud.xml
deleted file mode 100644
index b0a4655ffae5..000000000000
--- a/src/chrome/content/rules/Cryptocloud.xml
+++ /dev/null
@@ -1,39 +0,0 @@
-<!--
-	Nonfunctional domains:
-
-		- blog.cryptocloud.com		(tumblr)
-
-
-	Problematic domains:
-
-		- forum.cryptocloud.com *
-		- support.cryptocloud.com *
-
-	* Redirects to http
-
--->
-<ruleset name="Cryptocloud (partial)">
-
-	<target host="cryptocloud.com" />
-	<target host="*.cryptocloud.com" />
-	<target host="cryptocloud.org" />
-	<target host="*.cryptocloud.org" />
-
-
-	<securecookie host="^(?:billing)?\.cryptocloud\.com$" name=".+" />
-	<securecookie host="^\.cryptocloud\.org$" name=".+" />
-
-
-	<rule from="^http://(billing\.|www\.)?cryptocloud\.com/"
-		to="https://$1cryptocloud.com/" />
-
-	<rule from="^http://forum\.cryptocloud\.com/"
-		to="https://cryptocloud.org/" />
-
-	<rule from="^http://support\.cryptocloud\.com/"
-		to="https://cryptocloud.kayako.com/" />
-
-	<rule from="^http://(www\.)?cryptocloud\.org/"
-		to="https://$1cryptocloud.org/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Cryptocoin_Charts.info.xml b/src/chrome/content/rules/Cryptocoin_Charts.info.xml
new file mode 100644
index 000000000000..cdfb62e55d0a
--- /dev/null
+++ b/src/chrome/content/rules/Cryptocoin_Charts.info.xml
@@ -0,0 +1,23 @@
+<!--
+	Mixed content:
+
+		- Images from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Cryptocoin Charts.info">
+
+	<target host="cryptocoincharts.info" />
+	<target host="www.cryptocoincharts.info" />
+
+
+	<!--	Server doesn't secure:
+					-->
+	<securecookie host="^www\.cryptocoincharts\.info$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CryptographyEngineering.com.xml b/src/chrome/content/rules/CryptographyEngineering.com.xml
new file mode 100644
index 000000000000..85168f8b976c
--- /dev/null
+++ b/src/chrome/content/rules/CryptographyEngineering.com.xml
@@ -0,0 +1,12 @@
+<!--
+		Secure Connection Failed:
+		cryptographyengineering.com
+		www.cryptographyengineering.com
+-->
+
+<ruleset name="CryptographyEngineering.com">
+	<target host="blog.cryptographyengineering.com" />
+
+	<securecookie host=".+" name=".+" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Cryptohaze.xml b/src/chrome/content/rules/Cryptohaze.xml
index 2fdb1fced4ca..72a6105fdfd0 100644
--- a/src/chrome/content/rules/Cryptohaze.xml
+++ b/src/chrome/content/rules/Cryptohaze.xml
@@ -1,19 +1,27 @@
 <!--
 	Nonfunctional subdomains:
 
-		- blog		(interrupted, hosted on Blogspot)
+		- (www.)? ¹
+		- blog ²
+
+	¹ Refused
+	² Blogspot
+
+
+	webtables: Dropped over http & https
 
 -->
-<ruleset name="Cryptohaze">
+<ruleset name="Cryptohaze" default_off="refused">
 
 	<target host="cryptohaze.com" />
-	<target host="*.cryptohaze.com" />
+	<target host="webtables.cryptohaze.com" />
+	<target host="www.cryptohaze.com" />
 
 
-	<securecookie host="^(?:.+\.)?cryptohaze\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(webtables\.|www\.)?cryptohaze\.com/"
-		to="https://$1cryptohaze.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Cryptojedi.org.xml b/src/chrome/content/rules/Cryptojedi.org.xml
new file mode 100644
index 000000000000..39f3686ddc0a
--- /dev/null
+++ b/src/chrome/content/rules/Cryptojedi.org.xml
@@ -0,0 +1,10 @@
+<ruleset name="cryptojedi.org">
+
+	<target host="cryptojedi.org" />
+	<target host="www.cryptojedi.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cryptologie.net.xml b/src/chrome/content/rules/Cryptologie.net.xml
new file mode 100644
index 000000000000..7eb99447aa90
--- /dev/null
+++ b/src/chrome/content/rules/Cryptologie.net.xml
@@ -0,0 +1,32 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .cryptologie.net
+
+
+	Mixed content:
+
+		- Images from i.imgur.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Cryptologie.net">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="cryptologie.net" />
+	<target host="www.cryptologie.net" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.cryptologie\.net$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.cryptologie\.net$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cryptomator.org.xml b/src/chrome/content/rules/Cryptomator.org.xml
new file mode 100644
index 000000000000..3f77d13a054e
--- /dev/null
+++ b/src/chrome/content/rules/Cryptomator.org.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .cryptomator.org
+
+-->
+<ruleset name="Cryptomator.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="cryptomator.org" />
+	<target host="www.cryptomator.org" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.cryptomator\.org$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.cryptomator\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cryptome.xml b/src/chrome/content/rules/Cryptome.xml
new file mode 100644
index 000000000000..152773c65eed
--- /dev/null
+++ b/src/chrome/content/rules/Cryptome.xml
@@ -0,0 +1,13 @@
+<!--
+	SSL error:
+		cryptome.info
+		www.cryptome.info
+-->
+<ruleset name="Cryptome.org" >
+	<target host="cryptome.org" />
+	<target host="www.cryptome.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Cryptomilk.org.xml b/src/chrome/content/rules/Cryptomilk.org.xml
index 022678b8f5f6..1a0e05e49131 100644
--- a/src/chrome/content/rules/Cryptomilk.org.xml
+++ b/src/chrome/content/rules/Cryptomilk.org.xml
@@ -1,10 +1,21 @@
+<!--
+	Nonfunctional subdomains:
+
+		- (www.) *
+
+	* Shows milliways, valid cert
+
+-->
 <ruleset name="cryptomilk.org (partial)">
 
-	<target host="*.cryptomilk.org"/>
+	<target host="blog.cryptomilk.org"/>
+	<target host="milliways.cryptomilk.org"/>
+
+
+	<securecookie host="^blog\.cryptomilk\.org$" name=".+" />
 
-	<securecookie host="^blog\.cryptomilk\.org$" name=".*"/>
 
-	<rule from="^http://(blog|milliways)\.cryptomilk\.org/"
-		to="https://$1.cryptomilk.org/"/>
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Cryptomonkeys.com.xml b/src/chrome/content/rules/Cryptomonkeys.com.xml
new file mode 100644
index 000000000000..4953d46c1c98
--- /dev/null
+++ b/src/chrome/content/rules/Cryptomonkeys.com.xml
@@ -0,0 +1,19 @@
+<!--
+	STS header includes includeSubdomains
+
+-->
+<ruleset name="Cryptomonkeys.com">
+
+	<target host="cryptomonkeys.com" />
+	<target host="*.cryptomonkeys.com" />
+
+		<test url="http://www.cryptomonkeys.com/" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Crypton.io.xml b/src/chrome/content/rules/Crypton.io.xml
new file mode 100644
index 000000000000..ae540c646c9c
--- /dev/null
+++ b/src/chrome/content/rules/Crypton.io.xml
@@ -0,0 +1,9 @@
+<ruleset name="Crypton.io">
+
+	<target host="encryptrservice.crypton.io" />
+	<target host="kloakservice.crypton.io" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cryptonator.com.xml b/src/chrome/content/rules/Cryptonator.com.xml
new file mode 100644
index 000000000000..7697ddd72d4e
--- /dev/null
+++ b/src/chrome/content/rules/Cryptonator.com.xml
@@ -0,0 +1,28 @@
+<!--
+	Fully covered hosts in *cryptonator.com:
+
+		- (www.)?
+		- cn
+		- de
+		- es
+		- fr
+		- ru
+
+-->
+<ruleset name="Cryptonator.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="cryptonator.com" />
+	<target host="cn.cryptonator.com" />
+	<target host="de.cryptonator.com" />
+	<target host="es.cryptonator.com" />
+	<target host="fr.cryptonator.com" />
+	<target host="ru.cryptonator.com" />
+	<target host="www.cryptonator.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cryptonit.xml b/src/chrome/content/rules/Cryptonit.xml
deleted file mode 100644
index 2ca8ef4d57f0..000000000000
--- a/src/chrome/content/rules/Cryptonit.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	www: cert only matches ^cryptonit.net
-
--->
-<ruleset name="cryptonit">
-
-	<target host="cryptonit.net" />
-	<target host="*.cryptonit.net" />
-
-
-	<securecookie host="^\.cryptonit\.net$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?cryptonit\.net/"
-		to="https://cryptonit.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Cryptonomicon.xml b/src/chrome/content/rules/Cryptonomicon.xml
index 2b5aabdabdfc..d2464fa26f7c 100644
--- a/src/chrome/content/rules/Cryptonomicon.xml
+++ b/src/chrome/content/rules/Cryptonomicon.xml
@@ -1,11 +1,11 @@
-<ruleset name="Cryptonomicon" default_off="mismatch">
+<ruleset name="Cryptonomicon" default_off="mismatched">
 
 	<!--	Cert: *.sites.myregisteredsite.com	-->
 	<target host="cryptonomicon.com" />
 	<target host="www.cryptonomicon.com" />
 
 
-	<rule from="^https?://(?:www\.)?cryptonomicon\.com/"
+	<rule from="^http://(?:www\.)?cryptonomicon\.com/"
 		to="https://cryptonomicon.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Cryptopals.com.xml b/src/chrome/content/rules/Cryptopals.com.xml
new file mode 100644
index 000000000000..cd5fab544219
--- /dev/null
+++ b/src/chrome/content/rules/Cryptopals.com.xml
@@ -0,0 +1,15 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+			 - www.cryptopals.com
+-->
+<ruleset name="Cryptopals.com">
+	<target host="cryptopals.com" />
+	<target host="www.cryptopals.com" />
+
+	<rule from="^http://www\.cryptopals\.com/"
+			to="https://cryptopals.com/" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Cryptoparty.xml b/src/chrome/content/rules/Cryptoparty.xml
index 1b5962b1e57e..8ce9445a48d1 100644
--- a/src/chrome/content/rules/Cryptoparty.xml
+++ b/src/chrome/content/rules/Cryptoparty.xml
@@ -1,22 +1,18 @@
+<!--
+  Refused:
+    cryptoparty.org
+-->
+
 <ruleset name="Cryptoparty">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="cryptoparty.in" />
 	<target host="www.cryptoparty.in" />
-	<target host="cryptoparty.org" />
-	<target host="www.cryptoparty.org" />
-
 
 	<securecookie host="^www\.cryptoparty\.in$" name=".+" />
-	<securecookie host="^cryptoparty\.org$" name=".+" />
-
-
-	<rule from="^http://(www\.)?cryptoparty\.in/"
-		to="https://$1cryptoparty.in/" />
 
-	<!--	- www doesn't work over https
-		- www 301s to !www over http
-						-->
-	<rule from="^https?://(?:www\.)?cryptoparty\.org/"
-		to="https://cryptoparty.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Cryptopia.co.nz.xml b/src/chrome/content/rules/Cryptopia.co.nz.xml
new file mode 100644
index 000000000000..1ea15c548b7f
--- /dev/null
+++ b/src/chrome/content/rules/Cryptopia.co.nz.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- cryptopia.co.nz
+
+-->
+<ruleset name="Cryptopia.co.nz">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="cryptopia.co.nz" />
+	<target host="www.cryptopia.co.nz" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^cryptopia\.co\.nz$" name="^__RequestVerificationToken$" /-->
+
+	<securecookie host="^cryptopia\.co\.nz$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cryptopp.com.xml b/src/chrome/content/rules/Cryptopp.com.xml
new file mode 100644
index 000000000000..1e497c772e75
--- /dev/null
+++ b/src/chrome/content/rules/Cryptopp.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="Cryptopp.com">
+  <target host="cryptopp.com" />
+  <target host="www.cryptopp.com" />
+  <target host="ftp.cryptopp.com" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Cryptostocks.com.xml b/src/chrome/content/rules/Cryptostocks.com.xml
new file mode 100644
index 000000000000..3fde9b68cd40
--- /dev/null
+++ b/src/chrome/content/rules/Cryptostocks.com.xml
@@ -0,0 +1,30 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cryptostocks.com/ => https://cryptostocks.com/: Too many redirects while fetching 'https://cryptostocks.com/'
+Fetch error: http://www.cryptostocks.com/ => https://www.cryptostocks.com/: Too many redirects while fetching 'https://www.cryptostocks.com/'
+
+	Insecure cookies are set for these domains:
+
+		- .cryptostocks.com
+
+-->
+<ruleset name="Cryptostocks.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="cryptostocks.com" />
+	<target host="www.cryptostocks.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.cryptostocks\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.cryptostocks\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cryptostorm.is.xml b/src/chrome/content/rules/Cryptostorm.is.xml
new file mode 100644
index 000000000000..d15cfa45586e
--- /dev/null
+++ b/src/chrome/content/rules/Cryptostorm.is.xml
@@ -0,0 +1,12 @@
+<ruleset name="Cryptostorm.is">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="cryptostorm.is" />
+	<target host="www.cryptostorm.is" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cryptostorm.org.xml b/src/chrome/content/rules/Cryptostorm.org.xml
new file mode 100644
index 000000000000..ceebc28aad80
--- /dev/null
+++ b/src/chrome/content/rules/Cryptostorm.org.xml
@@ -0,0 +1,32 @@
+<!--
+	Nonfunctional hosts in *cryptostorm.org:
+
+		- howto *
+
+	* Shows www.cryptostorm.org
+
+
+	Insecure cookies are set for these domains:
+
+		- .cryptostorm.org
+
+-->
+<ruleset name="Cryptostorm.org (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="cryptostorm.org" />
+	<target host="www.cryptostorm.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.cryptostorm\.org$" name="^cstorm_cookydee_(?:k|sid|u)$" /-->
+
+	<securecookie host="^\.cryptostorm\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cryptsy.com.xml b/src/chrome/content/rules/Cryptsy.com.xml
new file mode 100644
index 000000000000..280601381ca6
--- /dev/null
+++ b/src/chrome/content/rules/Cryptsy.com.xml
@@ -0,0 +1,39 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cryptsy.com/ => https://cryptsy.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.cryptsy.com/ => https://www.cryptsy.com/: (28, 'Connection timed out after 20000 milliseconds')
+
+	Nonfunctional subdomains:
+
+		- blog *
+
+	* Tumblr
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .cryptsy.com
+		- www.cryptsy.com
+
+-->
+<ruleset name="Cryptsy.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="cryptsy.com" />
+	<target host="www.cryptsy.com" />
+
+
+	<!--	Incapsula cookies
+					-->
+	<!--securecookie host="^\.cryptsy\.com$" name="^(?:incap_ses_\d+|nlbi_visid_incap)_\d+$" /-->
+	<!--securecookie host="^www\.cryptsy\.com$" name="^___utm[abm]\w+$" /-->
+
+	<securecookie host="^(?:\.|www\.)?cryptsy\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Crystal_Delights.com.xml b/src/chrome/content/rules/Crystal_Delights.com.xml
index c35ce0ae9105..fd5d02bcfd20 100644
--- a/src/chrome/content/rules/Crystal_Delights.com.xml
+++ b/src/chrome/content/rules/Crystal_Delights.com.xml
@@ -7,7 +7,6 @@
 	<securecookie host="^(?:www\.)?crystaldelights\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?crystaldelights\.com/"
-		to="https://$1crystaldelights.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Crystal_Singing_Bowls.xml b/src/chrome/content/rules/Crystal_Singing_Bowls.xml
index fa94bbfdca24..e41c2054da38 100644
--- a/src/chrome/content/rules/Crystal_Singing_Bowls.xml
+++ b/src/chrome/content/rules/Crystal_Singing_Bowls.xml
@@ -1,13 +1,12 @@
 <ruleset name="Crystal Singing Bowls">
 
 	<target host="sacredcrystalsingingbowls.com" />
-	<target host="*.sacredcrystalsingingbowls.com" />
+	<target host="www.sacredcrystalsingingbowls.com" />
 
 
 	<securecookie host="^(?:www)?\.sacredcrystalsingingbowls\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?sacredcrystalsingingbowls\.com/"
-		to="https://$1sacredcrystalsingingbowls.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Crytography.com.xml b/src/chrome/content/rules/Crytography.com.xml
new file mode 100644
index 000000000000..874c37f5fd34
--- /dev/null
+++ b/src/chrome/content/rules/Crytography.com.xml
@@ -0,0 +1,39 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cryptography.com/ => https://cryptography.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.cryptography.com/ => https://www.cryptography.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+	Insecure cookies are set for these hosts:
+
+		- cryptography.com
+		- www.cryptography.com
+
+
+	Mixed content:
+
+		- css from www.cryptography.com *
+		- Images from www.cryptography.com *
+
+	*  Secured by us
+
+-->
+<ruleset name="Crytography.com (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="cryptography.com" />
+	<target host="www.cryptography.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?cryptography\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^(?:www\.)?cryptography\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Csair.com.xml b/src/chrome/content/rules/Csair.com.xml
new file mode 100644
index 000000000000..b3171c688c8f
--- /dev/null
+++ b/src/chrome/content/rules/Csair.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Csair.com">
+	<target host="csair.com" />
+	<target host="www.csair.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Csgolounge.com.xml b/src/chrome/content/rules/Csgolounge.com.xml
new file mode 100644
index 000000000000..9390b455a33e
--- /dev/null
+++ b/src/chrome/content/rules/Csgolounge.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Csgolounge.com">
+	<target host="csgolounge.com" />
+	<target host="www.csgolounge.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Csob.sk.xml b/src/chrome/content/rules/Csob.sk.xml
new file mode 100644
index 000000000000..3996bd3c2219
--- /dev/null
+++ b/src/chrome/content/rules/Csob.sk.xml
@@ -0,0 +1,8 @@
+<ruleset name="Csob.sk">
+  <target host="csob.sk" />
+  <target host="www.csob.sk" />
+  <target host="ib24.csob.sk" />
+  <target host="bb24.csob.sk" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CspBuilder.info.xml b/src/chrome/content/rules/CspBuilder.info.xml
new file mode 100644
index 000000000000..ee613c2529fb
--- /dev/null
+++ b/src/chrome/content/rules/CspBuilder.info.xml
@@ -0,0 +1,19 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cspbuilder.info/ => https://cspbuilder.info/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.cspbuilder.info/ => https://www.cspbuilder.info/: (28, 'Connection timed out after 20001 milliseconds')
+
+-->
+<ruleset name="CspBuilder.info" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="cspbuilder.info" />
+	<target host="www.cspbuilder.info" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Css-Zen-Garden.xml b/src/chrome/content/rules/Css-Zen-Garden.xml
index 7a707a5ac526..fe968ddf24b4 100644
--- a/src/chrome/content/rules/Css-Zen-Garden.xml
+++ b/src/chrome/content/rules/Css-Zen-Garden.xml
@@ -1,4 +1,4 @@
-<ruleset name="css Zen Garden" default_off="mismatch">
+<ruleset name="css Zen Garden" default_off="mismatched">
 
 	<!--	cert: *.gridserver.com	-->
 	<target host="csszengarden.com"/>
diff --git a/src/chrome/content/rules/Css-security.com.xml b/src/chrome/content/rules/Css-security.com.xml
new file mode 100644
index 000000000000..97da25ef4efa
--- /dev/null
+++ b/src/chrome/content/rules/Css-security.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="Css-security.com">
+	<target host="css-security.com" />
+	<target host="blog.css-security.com" />
+	<target host="info.css-security.com" />
+	<target host="www.css-security.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Css3test.com.xml b/src/chrome/content/rules/Css3test.com.xml
new file mode 100644
index 000000000000..3472ce8341ff
--- /dev/null
+++ b/src/chrome/content/rules/Css3test.com.xml
@@ -0,0 +1,13 @@
+<!--
+	Mismatch:
+		- www.css3test.com
+-->
+<ruleset name="Css3test.com">
+	<target host="css3test.com" />
+	<target host="www.css3test.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://www\.css3test\.com/" to="https://css3test.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Cstatic-graphics.com.xml b/src/chrome/content/rules/Cstatic-graphics.com.xml
new file mode 100644
index 000000000000..b18a93bc9ef4
--- /dev/null
+++ b/src/chrome/content/rules/Cstatic-graphics.com.xml
@@ -0,0 +1,16 @@
+<!--
+	For other Cars.com coverage, see Cars.com.xml.
+
+
+	^cstatic-graphics.com doesn't exist.
+
+-->
+<ruleset name="Cstatic-graphics.com">
+
+	<target host="www.cstatic-graphics.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cstatic.net.xml b/src/chrome/content/rules/Cstatic.net.xml
new file mode 100644
index 000000000000..f61cdc841718
--- /dev/null
+++ b/src/chrome/content/rules/Cstatic.net.xml
@@ -0,0 +1,25 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cdn.cstatic.net/ => https://dzbb4sjawljdv.cloudfront.net/: (6, 'Could not resolve host: dzbb4sjawljdv.cloudfront.net')
+
+	For other Vox Media coverage, see Vox.com.xml.
+
+
+	CDN buckets:
+
+		- dzbb4sjawljdv.cloudfront.net	← cdn
+
+
+	^cstatic.net: Refused
+
+-->
+<ruleset name="Cstatic.net" default_off="failed ruleset test">
+
+	<target host="cdn.cstatic.net" />
+
+
+	<rule from="^http://cdn\.cstatic\.net/"
+		to="https://dzbb4sjawljdv.cloudfront.net/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Csync.org.xml b/src/chrome/content/rules/Csync.org.xml
new file mode 100644
index 000000000000..174efa2c257e
--- /dev/null
+++ b/src/chrome/content/rules/Csync.org.xml
@@ -0,0 +1,9 @@
+<ruleset name="csync.org">
+
+	<target host="csync.org" />
+	<target host="www.csync.org" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CtCtCDN.com.xml b/src/chrome/content/rules/CtCtCDN.com.xml
new file mode 100644
index 000000000000..82af2d418c36
--- /dev/null
+++ b/src/chrome/content/rules/CtCtCDN.com.xml
@@ -0,0 +1,22 @@
+<!--
+	For other Constant-Contact coverage, see Constant-Contact.xml.
+
+
+	Fully covered hosts in *.ctctcdn.com:
+
+		- static
+		- origin.static
+
+-->
+<ruleset name="CtCtCDN.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="static.ctctcdn.com" />
+	<target host="origin.static.ctctcdn.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ctrip.xml b/src/chrome/content/rules/Ctrip.xml
new file mode 100644
index 000000000000..c8faea000ff0
--- /dev/null
+++ b/src/chrome/content/rules/Ctrip.xml
@@ -0,0 +1,103 @@
+<!--
+	Failed:
+		^
+		cards.ctrip.com
+
+	Different http/https content:
+		bus.ctrip.com
+		flight.ctrip.com
+		forex.ctrip.com
+		g.ctrip.com
+
+	Incomplete cert chain:
+		crm.ws.ctrip.com
+
+	MCB:
+		you.ctrip.com
+
+	Redirects to http:
+		airbus.ctrip.com
+		card.ctrip.com
+		huodong.ctrip.com
+		jifen.ctrip.com
+		jr.ctrip.com
+		kefu.ctrip.com
+		lipin.ctrip.com
+		livechat.ctrip.com
+		my.ctrip.com
+		parking.ctrip.com
+		rails.ctrip.com
+		weekend.ctrip.com
+-->
+<ruleset name="Ctrip">
+	<!--Country or Region:-->
+	<target host="de.ctrip.com" />
+	<target host="english.ctrip.com" />
+		<target host="pages.english.ctrip.com" />
+		<target host="webresource.english.ctrip.com" />
+	<target host="es.ctrip.com" />
+	<target host="fr.ctrip.com" />
+	<target host="jp.ctrip.com" />
+	<target host="my.ctrip.com" />
+	<target host="ru.ctrip.com" />
+	<target host="www.ctrip.co.id" />
+	<target host="www.ctrip.co.kr" />
+	<target host="www.ctrip.co.th" />
+	<target host="www.ctrip.com.hk" />
+
+	<!--Directly:-->
+	<target host="www.ctrip.com" />
+	<target host="accounts.ctrip.com" />
+	<target host="b.ctrip.com" />
+	<target host="car.ctrip.com" />
+	<target host="carvbk.ctrip.com" />
+	<target host="cruise.ctrip.com" />
+	<target host="ct.ctrip.com" />
+	<target host="ebooking.ctrip.com" />
+	<target host="go.ctrip.com" />
+	<target host="hotels.ctrip.com" />
+	<target host="inn.ctrip.com" />
+	<target host="m.ctrip.com" />
+	<target host="meeting.ctrip.com" />
+	<target host="mice.ctrip.com" />
+	<target host="pages.ctrip.com" />
+	<target host="piao.ctrip.com" />
+	<target host="security.ctrip.com" />
+	<target host="smarket.ctrip.com" />
+	<target host="sme.ctrip.com" />
+	<target host="taocan.ctrip.com" />
+	<target host="tbooking.ctrip.com" />
+	<target host="trade.ctrip.com" />
+	<target host="tuan.ctrip.com" />
+	<target host="u.ctrip.com" />
+	<target host="vacations.ctrip.com" />
+
+	<target host="dimg01.c-ctrip.com" />
+	<target host="dimg02.c-ctrip.com" />
+	<target host="dimg03.c-ctrip.com" />
+	<target host="dimg04.c-ctrip.com" />
+	<target host="dimg05.c-ctrip.com" />
+	<target host="dimg06.c-ctrip.com" />
+	<target host="dimg07.c-ctrip.com" />
+	<target host="dimg08.c-ctrip.com" />
+	<target host="dimg09.c-ctrip.com" />
+	<target host="dimg10.c-ctrip.com" />
+	<target host="dimg11.c-ctrip.com" />
+	<target host="dimg12.c-ctrip.com" />
+	<target host="dimg13.c-ctrip.com" />
+	<target host="dimg14.c-ctrip.com" />
+	<target host="dimg15.c-ctrip.com" />
+	<target host="dimg16.c-ctrip.com" />
+	<target host="dimg17.c-ctrip.com" />
+	<target host="dimg18.c-ctrip.com" />
+	<target host="dimg19.c-ctrip.com" />
+	<target host="dimg20.c-ctrip.com" />
+	<target host="images3.c-ctrip.com" />
+		<test url="http://images3.c-ctrip.com/hx/201507/0709004.jpg" />
+	<target host="pages.c-ctrip.com" />
+	<target host="pic.c-ctrip.com" />
+	<target host="s.c-ctrip.com" />
+	<target host="webresource.c-ctrip.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ctrl_Alt_Del.xml b/src/chrome/content/rules/Ctrl_Alt_Del.xml
deleted file mode 100644
index 68e013ba51ba..000000000000
--- a/src/chrome/content/rules/Ctrl_Alt_Del.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<!--
-	CDN buckets:
-
-		- s3.amazonaws.com/cdn.cad-comic.com/
-
-
-	Nonfunctional subdomains:
-
-		- (www.)	(prints "The page you are looking for is temporarily unavailable.", CN: ne-r004-060cl)
-
--->
-<ruleset name="Ctrl+Alt+Del">
-
-	<target host="*.cad-comic.com" />
-		<!--
-			Points to s3.../$ for images:
-							-->
-		<exclusion pattern="^http://v\.cdn\.cad-comic\.com/css-\d+\.css" />
-
-
-	<rule from="^http://(?:v\.)?cdn\.cad-comic\.com/"
-		to="https://s3.amazonaws.com/cdn.cad-comic.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Cts-strasbourg.eu.xml b/src/chrome/content/rules/Cts-strasbourg.eu.xml
new file mode 100644
index 000000000000..9265f594ed84
--- /dev/null
+++ b/src/chrome/content/rules/Cts-strasbourg.eu.xml
@@ -0,0 +1,6 @@
+<ruleset name="Cts-strasbourg.eu">
+  <target host="cts-strasbourg.eu" />
+  <target host="www.cts-strasbourg.eu" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ctt.org.xml b/src/chrome/content/rules/Ctt.org.xml
new file mode 100644
index 000000000000..89393130dfe6
--- /dev/null
+++ b/src/chrome/content/rules/Ctt.org.xml
@@ -0,0 +1,19 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ctt.org/ => https://www.ctt.org/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.ctt.org/ => https://www.ctt.org/: (28, 'Connection timed out after 20000 milliseconds')
+
+	^: cert only matches www
+
+-->
+<ruleset name="ctt.org" default_off="failed ruleset test">
+
+	<target host="ctt.org" />
+	<target host="www.ctt.org" />
+
+
+	<rule from="^http://(?:www\.)?ctt\.org/"
+		to="https://www.ctt.org/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cubana.cu.xml b/src/chrome/content/rules/Cubana.cu.xml
new file mode 100644
index 000000000000..5cebbf51cbb1
--- /dev/null
+++ b/src/chrome/content/rules/Cubana.cu.xml
@@ -0,0 +1,12 @@
+<!--
+	Expired:
+		- desarrollo
+-->
+<ruleset name="Cubana.cu">
+	<target host="cubana.cu" />
+	<target host="www.cubana.cu" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Cubby.com.xml b/src/chrome/content/rules/Cubby.com.xml
new file mode 100644
index 000000000000..81c57a4eb863
--- /dev/null
+++ b/src/chrome/content/rules/Cubby.com.xml
@@ -0,0 +1,45 @@
+<!--
+	For other LogMeIn coverage, see LogMeIn_Inc.com.xml.
+
+
+	Problematic hosts in *cubby.com:
+
+		- blog *
+		- help *
+
+	* Mismatched
+
+
+	Fully covered hosts in *cubby.com:
+
+		- (www.)?
+		- webdav
+		- ws
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.cubby.com
+
+-->
+<ruleset name="Cubby.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="cubby.com" />
+	<target host="webdav.cubby.com" />
+	<target host="ws.cubby.com" />
+	<target host="www.cubby.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.cubby\.com$" name="^LMIorigin$" /-->
+
+	<securecookie host="^www\.cubby\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cubics.xml b/src/chrome/content/rules/Cubics.xml
index 8e13796c470c..5044ab06307c 100644
--- a/src/chrome/content/rules/Cubics.xml
+++ b/src/chrome/content/rules/Cubics.xml
@@ -1,4 +1,12 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cubplat.bidsystem.com/ => https://cubplat.bidsystem.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://cubics.com/ => https://cubplat.bidsystem.com/signup/: (28, 'Connection timed out after 20001 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://cubplat.bidsystem.com/ => https://cubplat.bidsystem.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://cubics.com/ => https://cubplat.bidsystem.com/signup/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 	For other Adknowledge coverage, see Adknowledge.xml.
 
 
@@ -7,23 +15,21 @@
 		- (www.)cubics.com	(mismatched, CN: *.bidsystem.com)
 
 -->
-<ruleset name="Cubics">
+<ruleset name="Cubics" default_off="failed ruleset test">
 
 	<target host="cubplat.bidsystem.com" />
 	<target host="cubics.com" />
-	<target host="*.cubics.com" />
+	<target host="www.cubics.com" />
+	<target host="icons.cubics.com" />
 
 
 	<securecookie host="^cubplat\.bidsystem\.com$" name=".+" />
 
 
-	<rule from="^http://cubplat\.bidsystem\.com/"
-		to="https://cubplat.bidsystem.com/" />
 
-	<rule from="^https?://(?:www\.)?cubics\.com/"
+	<rule from="^http://(?:www\.)?cubics\.com/"
 		to="https://cubplat.bidsystem.com/signup/" />
 
-	<rule from="^http://icons\.cubics\.com/"
-		to="https://icons.cubics.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Cubify.com.xml b/src/chrome/content/rules/Cubify.com.xml
new file mode 100644
index 000000000000..952df83d0b54
--- /dev/null
+++ b/src/chrome/content/rules/Cubify.com.xml
@@ -0,0 +1,15 @@
+<ruleset name="Cubify.com">
+
+	<target host="cubify.com" />
+	<target host="www.cubify.com" />
+	<target host="admin.cubify.com" />
+	<target host="bo.cubify.com" />
+	<target host="file.cubify.com" />
+	<target host="prod.cubify.com" />
+	<target host="staging.cubify.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cubify.xml b/src/chrome/content/rules/Cubify.xml
deleted file mode 100644
index f937fa5e82f8..000000000000
--- a/src/chrome/content/rules/Cubify.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	cubify.blob.core.windows.net
-
--->
-<ruleset name="Cubify" default_off="JS redirect to http">
-
-	<target host="cubify.com" />
-	<target host="www.cubify.com" />
-
-
-	<securecookie host="^cubify\.com$" name=".*" />
-
-
-	<rule from="^http://(www\.)?cubify\.com/"
-		to="https://$1cubify.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Cucumber.io.xml b/src/chrome/content/rules/Cucumber.io.xml
new file mode 100644
index 000000000000..15b54cd1697a
--- /dev/null
+++ b/src/chrome/content/rules/Cucumber.io.xml
@@ -0,0 +1,26 @@
+<!--
+  h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+
+  Host Unresolved:
+   - shouty.cucumber.io
+   - clinic
+
+  Outdated SSL version
+    - handbook (m)
+ -->
+
+<ruleset name="Cucumber.io">
+
+	<target host="cucumber.io" />
+	<target host="aruba.cucumber.io" />
+	<target host="cukenfest.cucumber.io" />
+	<target host="docs.cucumber.io" />
+	<target host="thoughts.cucumber.io" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cue.me.xml b/src/chrome/content/rules/Cue.me.xml
new file mode 100644
index 000000000000..a18e60b6ff5a
--- /dev/null
+++ b/src/chrome/content/rules/Cue.me.xml
@@ -0,0 +1,16 @@
+<ruleset name="Cue.me">
+
+	<target host="cue.me" />
+	<target host="www.cue.me" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^cue\.me$" name="^session$" /-->
+
+	<securecookie host="^cue\.me$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cueup.com.xml b/src/chrome/content/rules/Cueup.com.xml
deleted file mode 100644
index 3b99ec2917e5..000000000000
--- a/src/chrome/content/rules/Cueup.com.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!-- This rule was automatically generated based on an HSTS
-     preload rule in the Chromium browser.  See
-     https://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.h
-     for the list of preloads.  Sites are added to the Chromium HSTS
-     preload list on request from their administrators, so HTTPS should
-     work properly everywhere on this site.
-
-     Because Chromium and derived browsers automatically force HTTPS for
-     every access to this site, this rule applies only to Firefox. -->
-<ruleset name="Cueup.com" platform="firefox">
-<target host="www.cueup.com" />
-
-<securecookie host="^www\.cueup\.com$" name=".+" />
-
-<rule from="^http://www\.cueup\.com/" to="https://www.cueup.com/" />
-</ruleset>
diff --git a/src/chrome/content/rules/CufonFonts.com.xml b/src/chrome/content/rules/CufonFonts.com.xml
new file mode 100644
index 000000000000..cde81b75d3bc
--- /dev/null
+++ b/src/chrome/content/rules/CufonFonts.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="CufonFonts.com">
+	<target host="cufonfonts.com" />
+	<target host="www.cufonfonts.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CuidadoDeSalud.gov.xml b/src/chrome/content/rules/CuidadoDeSalud.gov.xml
index a3b3acc6f537..5955cc9959b0 100644
--- a/src/chrome/content/rules/CuidadoDeSalud.gov.xml
+++ b/src/chrome/content/rules/CuidadoDeSalud.gov.xml
@@ -2,9 +2,7 @@
 	<target host="cuidadodesalud.gov" />
 	<target host="www.cuidadodesalud.gov" />
 
-	<securecookie host="www\.cuidadodesalud\.gov"
-			name=".+" />
+	<securecookie host="www\.cuidadodesalud\.gov" name=".+" />
 
-	<rule from="^(http://(www\.)?|https://)cuidadodesalud\.gov/"
-		to="https://www.cuidadodesalud.gov/" />
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Cult-Labs.com.xml b/src/chrome/content/rules/Cult-Labs.com.xml
new file mode 100644
index 000000000000..3e5c2eaa96c1
--- /dev/null
+++ b/src/chrome/content/rules/Cult-Labs.com.xml
@@ -0,0 +1,35 @@
+<!--
+	Insecure cookies are set for these domains and hosts:
+
+		- cult-labs.com
+		- .cult-labs.com
+		- www.cult-labs.com
+
+
+	Mixed content:
+
+		- Images, from:
+
+			- e-jolt.co.uk
+			- sphotos-\w.ak.fbcdn.net
+			- i\d+.photobucket.com
+
+-->
+<ruleset name="Cult-Labs.com">
+
+	<target host="cult-labs.com" />
+	<target host="www.cult-labs.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?cult-labs\.com$" name="^(bblastactivity|bblastvisit|bbsessionhash|vbseo_loggedin)$" /-->
+	<!--securecookie host="^\.cult-labs\.com$" name="^__qca$" /-->
+
+	<securecookie host="^(?:\.|www\.)?cult-labs\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cultofmac.com.xml b/src/chrome/content/rules/Cultofmac.com.xml
new file mode 100644
index 000000000000..47553fb45f75
--- /dev/null
+++ b/src/chrome/content/rules/Cultofmac.com.xml
@@ -0,0 +1,37 @@
+<!--
+	Nonfunctional hosts in *.cultofmac.com:
+		buyback.cultofmac.com (HTTPS connection refused)
+		forum.cultofmac.com (Site not found)
+		api.newsstand.cultofmac.com (Server not found)
+		push.cultofmac.com (Error 404 - Not found)
+		www.push.cultofmac.com (Server not found)
+		store.cultofmac.com
+		test.cultofmac.com
+		cdn.test.cultofmac.com
+		admin.www.cultofmac.com
+-->
+<ruleset name="Cultofmac">
+
+	<target host="cultofmac.com" />
+	<target host="www.cultofmac.com" />
+	<target host="backstage.cultofmac.com" />
+	<target host="cdn.backstage.cultofmac.com" />
+	<target host="biz.cultofmac.com" />
+	<target host="business.cultofmac.com" />
+	<target host="buyersguide.cultofmac.com" />
+	<target host="cdn.cultofmac.com" />
+	<target host="deals.cultofmac.com" />
+	<target host="forums.cultofmac.com" />
+	<target host="jonyivebook.cultofmac.com" />
+	<target host="www.jonyivebook.cultofmac.com" />
+	<target host="cdn.jonyivebook.cultofmac.com" />
+	<target host="m.cultofmac.com" />
+	<target host="origin.cultofmac.com" />
+	<target host="store.cultofmac.com" />
+	<target host="test.cultofmac.com" />
+	<target host="cdn.test.cultofmac.com" />
+	<target host="admin.www.cultofmac.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cultura.no.xml b/src/chrome/content/rules/Cultura.no.xml
index 36c45af2b5c8..56ddfe029a9b 100644
--- a/src/chrome/content/rules/Cultura.no.xml
+++ b/src/chrome/content/rules/Cultura.no.xml
@@ -2,7 +2,6 @@
   <target host="cultura.no" />
   <target host="www.cultura.no" />
 
-  <rule from="^http://cultura\.no/" to="https://cultura.no/"/>
-  <rule from="^http://www\.cultura\.no/" to="https://www.cultura.no/"/>
+  <rule from="^http:" to="https:" />
 </ruleset>
 
diff --git a/src/chrome/content/rules/Cultural_Survival.org.xml b/src/chrome/content/rules/Cultural_Survival.org.xml
new file mode 100644
index 000000000000..ed1891c882b8
--- /dev/null
+++ b/src/chrome/content/rules/Cultural_Survival.org.xml
@@ -0,0 +1,28 @@
+<!--
+	Problematic hosts in *culturalsurvival.org:
+
+		- bazaar ᵐ
+
+	ᵐ Mismatched
+
+
+	Mixed content:
+
+		- css on (www.)?, bazaar from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Cultural Survival.org (partial)">
+
+	<target host="culturalsurvival.org" />
+	<target host="www.culturalsurvival.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cultures_for_Health.com.xml b/src/chrome/content/rules/Cultures_for_Health.com.xml
new file mode 100644
index 000000000000..8b1d0651dd66
--- /dev/null
+++ b/src/chrome/content/rules/Cultures_for_Health.com.xml
@@ -0,0 +1,15 @@
+<ruleset name="Cultures for Health.com">
+
+	<target host="culturesforhealth.com" />
+	<target host="cdn.culturesforhealth.com" />
+	<target host="www.culturesforhealth.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<securecookie host="^(?:www)?\.culturesforhealth.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CumbriaConstabulary.xml b/src/chrome/content/rules/CumbriaConstabulary.xml
new file mode 100644
index 000000000000..c7f5681a7137
--- /dev/null
+++ b/src/chrome/content/rules/CumbriaConstabulary.xml
@@ -0,0 +1,18 @@
+<!--
+	For Cumbria Constabulary
+
+		Works:
+
+			- www
+
+		Doesn't Work:
+
+			- $ (gives a 404)
+
+-->
+<ruleset name="Cumbria Constabulary">
+	<target host="cumbria.police.uk" />
+	<target host="www.cumbria.police.uk" />
+
+	<rule from="^http://(?:www\.)?cumbria\.police\.uk/" to="https://www.cumbria.police.uk/"/>
+</ruleset>
diff --git a/src/chrome/content/rules/Cumulus_Networks.xml b/src/chrome/content/rules/Cumulus_Networks.xml
index 7e82bbf9d5c6..0189785331c8 100644
--- a/src/chrome/content/rules/Cumulus_Networks.xml
+++ b/src/chrome/content/rules/Cumulus_Networks.xml
@@ -5,10 +5,11 @@
 <ruleset name="Cumulus Networks (partial)">
 
 	<target host="cumulusnetworks.com" />
+	<target host="support.cumulusnetworks.com" />
 	<target host="www.cumulusnetworks.com" />
+		<exclusion pattern="^http://(?:www\.)?cumulusnetworks\.com/+(?!secure/|static/)" />
 
 
-	<rule from="^http://(www\.)?cumulusnetworks\.com/s(ecure|tatic)/"
-		to="https://$1cumulusnetworks.com/s$2/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Cupcake.io.xml b/src/chrome/content/rules/Cupcake.io.xml
deleted file mode 100644
index d464087df305..000000000000
--- a/src/chrome/content/rules/Cupcake.io.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!-- This rule was automatically generated based on an HSTS
-     preload rule in the Chromium browser.  See
-     https://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.h
-     for the list of preloads.  Sites are added to the Chromium HSTS
-     preload list on request from their administrators, so HTTPS should
-     work properly everywhere on this site.
-
-     Because Chromium and derived browsers automatically force HTTPS for
-     every access to this site, this rule applies only to Firefox. -->
-<ruleset name="Cupcake.io" platform="firefox">
-<target host="cupcake.io" />
-
-<securecookie host="^cupcake\.io$" name=".+" />
-
-<rule from="^http://cupcake\.io/" to="https://cupcake.io/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Cupcake.is.xml b/src/chrome/content/rules/Cupcake.is.xml
deleted file mode 100644
index cb1a5262c214..000000000000
--- a/src/chrome/content/rules/Cupcake.is.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!-- This rule was automatically generated based on an HSTS
-     preload rule in the Chromium browser.  See
-     https://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.h
-     for the list of preloads.  Sites are added to the Chromium HSTS
-     preload list on request from their administrators, so HTTPS should
-     work properly everywhere on this site.
-
-     Because Chromium and derived browsers automatically force HTTPS for
-     every access to this site, this rule applies only to Firefox. -->
-<ruleset name="Cupcake.is" platform="firefox">
-<target host="cupcake.is" />
-
-<securecookie host="^cupcake\.is$" name=".+" />
-
-<rule from="^http://cupcake\.is/" to="https://cupcake.is/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Cupcake.xml b/src/chrome/content/rules/Cupcake.xml
deleted file mode 100644
index 73179082b804..000000000000
--- a/src/chrome/content/rules/Cupcake.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="Cupcake">
-    <target host="cupcake.io" />
-    <target host="*.cupcake.io" />
-    <target host="cupcake.is" />
-    <target host="*.cupcake.is" />
-
-    <rule from="^http://([\w-]+\.)?cupcake\.io/" to="https://$1cupcake.io/" />
-    <rule from="^http://([\w-]+\.)?cupcake\.is/" to="https://$1cupcake.is/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Cupid.xml b/src/chrome/content/rules/Cupid.xml
index c31211f1ab9e..a327bf1bf968 100644
--- a/src/chrome/content/rules/Cupid.xml
+++ b/src/chrome/content/rules/Cupid.xml
@@ -24,17 +24,38 @@
 
 		- cdn.cupid.com
 
+
+	Mixed content:
+
+		- Images on www from cdn.cdtoimge.com ¹
+
+		- Bugs, on:
+
+			- www from static.criteo.net ¹
+			- www from stat.cupidplc.com ¹
+			- www from pixel.fetchback.com ¹
+			- www from www.googleadservices.com ²
+			- www from a.triggit.com ¹
+
+	¹ Secured by us
+	² Rule disabled by default
+
 -->
 <ruleset name="Cupid (partial)">
 
 	<target host="cupid.com"/>
-	<target host="*.cupid.com"/>
+	<target host="cdn.cupid.com" />
+	<target host="ed.cupid.com" />
+	<target host="www.cupid.com" />
+		<!--
+			Redirect to http:
+						-->
 		<!--exclusion pattern="^http://www\.cupid\.com/($|\?|\w\w-\w\w/|ajax_savetimezoneoffset\.php|find-a-date\.aspx|helpprivacy\.asp|helptandc\.asp|internet-dating-conduct\.aspx|join\.asp|lostpsswd\.asp|personal-ads-membership\.aspx|privacy-statement\.aspx|spd_stories\.new\.php|static\.php)" /-->
 		<!--exclusion pattern="^http://ed.cupid.com/($|\?|helpprivacy\.asp|helptandc\.asp|static\.php)" /-->
 		<exclusion pattern="^http://ed\.cupid\.com/(?!ext\.php)" />
 
 
-	<securecookie host="^\.cupid\.com$" name="^TRACK_\w+$" />
+	<securecookie host="^\.(?:www\.)?cupid\.com$" name="^TRACK_\w+$" />
 
 
 	<rule from="^http://(cdn|ed)\.cupid\.com/"
diff --git a/src/chrome/content/rules/Cupid_plc.com.xml b/src/chrome/content/rules/Cupid_plc.com.xml
deleted file mode 100644
index 454b5ba74148..000000000000
--- a/src/chrome/content/rules/Cupid_plc.com.xml
+++ /dev/null
@@ -1,31 +0,0 @@
-<!--
-	Other Cupid plc rulesets:
-
-		- BeCoquin.com.xml
-		- BeNaughty.com.xml
-		- Cupid.xml
-		- Cupid_plc_CDN.xml
-
-
-	Fully covered subdomains:
-
-		- aff
-		- affiliates
-		- stat.ed
-		- stat.to
-		- cdn.stat.to
-		- whitelabeldating
-
--->
-<ruleset name="Cupid plc.com (partial)">
-
-	<target host="*.cupidplc.com" />
-
-
-	<securecookie host="^(?:aff|stat\.to|whitelabeldating)\.cupidplc\.com$" name=".+" />
-
-
-	<rule from="^http://(aff|affiliates|stat\.ed|(?:cdn\.)?stat\.to|whitelabeldating)\.cupidplc\.com/"
-		to="https://$1.cupidplc.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Cupid_plc_CDN.xml b/src/chrome/content/rules/Cupid_plc_CDN.xml
index 95b4f869b80c..38b52d041c5a 100644
--- a/src/chrome/content/rules/Cupid_plc_CDN.xml
+++ b/src/chrome/content/rules/Cupid_plc_CDN.xml
@@ -1,4 +1,15 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cdn.cdtoimge.com/ => https://cdn.cdtoimge.com/: Too many redirects while fetching 'https://cdn.cdtoimge.com/'
+Fetch error: http://cdn.imgstat.com/ => https://cdn.pictimgs.com/: (51, "SSL: no alternative certificate subject name matches target host name 'cdn.pictimgs.com'")
+Fetch error: http://cdn.pictimgs.com/ => https://cdn.pictimgs.com/: (51, "SSL: no alternative certificate subject name matches target host name 'cdn.pictimgs.com'")
+Fetch error: http://cdn.static2img.com/ => https://cdn.static2img.com/: (51, "SSL: no alternative certificate subject name matches target host name 'cdn.static2img.com'")
+Fetch error: http://cdn.statimgs2.com/ => https://cdn.static2img.com/: (51, "SSL: no alternative certificate subject name matches target host name 'cdn.static2img.com'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://cdn.static2img.com/ => https://cdn.static2img.com/: (51, "SSL: no alternative certificate subject name matches target host name 'cdn.static2img.com'")
+Fetch error: http://cdn.statimgs2.com/ => https://cdn.static2img.com/: (51, "SSL: no alternative certificate subject name matches target host name 'cdn.static2img.com'")
 	For other Cupid plc coverage, see Cupid_plc.com.xml.
 
 
@@ -15,7 +26,6 @@
 
 	Problematic domains:
 
-		- cdn.cdtoimge.com *
 		- cdn.imgstat.com *
 		- cdn.statimgs2.com	(403; mismatched, CN: ssl2.cdngc.net)
 
@@ -24,7 +34,7 @@
 
 	Fully covered domains:
 
-		- cdn.cdtoimge.com	(→ cdn.pictimgs.com)
+		- cdn.cdtoimge.com
 		- cdn.imgstat.com	(→ cdn.pictimgs.com)
 		- cdn.pictimgs.com
 		- cdn.static2img.com
@@ -34,7 +44,7 @@
 	Used on multiple Cupid plc sites.
 
 -->
-<ruleset name="Cupid plc CDN">
+<ruleset name="Cupid plc CDN" default_off="failed ruleset test">
 
 	<target host="cdn.cdtoimge.com" />
 	<target host="cdn.imgstat.com" />
@@ -43,10 +53,13 @@
 	<target host="cdn.statimgs2.com" />
 
 
-	<rule from="^http://cdn\.(?:cdtoimge|imgstat|pictimgs)\.com/"
+	<rule from="^http://cdn\.cdtoimge\.com/"
+		to="https://cdn.cdtoimge.com/" />
+
+	<rule from="^http://cdn\.(?:imgstat|pictimgs)\.com/"
 		to="https://cdn.pictimgs.com/" />
 
 	<rule from="^http://cdn\.stati(?:c2img|mgs2)\.com/"
 		to="https://cdn.static2img.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Curate.Us.xml b/src/chrome/content/rules/Curate.Us.xml
deleted file mode 100644
index 02f477f11319..000000000000
--- a/src/chrome/content/rules/Curate.Us.xml
+++ /dev/null
@@ -1,26 +0,0 @@
-<!--
-	Problematic domains:
-
-		- clp.ly *
-		- curate.us *
-
-	* No https
-
--->
-<ruleset name="Curate.Us (partial)">
-
-	<target host="clp.ly" />
-	<target host="curate.us" />
-	<target host="*.curate.us" />
-
-
-	<securecookie host="^\.(?:secure\.)?curate\.us$" name=".+" />
-
-
-	<rule from="^https?://(?:clp\.ly|curate\.us)/"
-		to="https://secure.curate.us/" />
-
-	<rule from="^http://(secure|www)\.curate\.us/"
-		to="https://$1.curate.us/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Curated.co.xml b/src/chrome/content/rules/Curated.co.xml
new file mode 100644
index 000000000000..c06a5a983cb1
--- /dev/null
+++ b/src/chrome/content/rules/Curated.co.xml
@@ -0,0 +1,31 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- curated.co
+		- my.curated.co
+		- www.curated.co
+
+-->
+<ruleset name="Curated.co">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="curated.co" />
+	<target host="my.curated.co" />
+	<target host="support.curated.co" />
+	<target host="www.curated.co" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^curated\.co$" name="^(?:_herald_session|pid)$" /-->
+	<!--securecookie host="^(?:www\.)?curated\.co$" name="^u_(?:campaign|content|from|lp|medium|source|term|time)$" /-->
+	<!--securecookie host="^my\.curated\.co$" name="^_herald_session$" /-->
+
+	<securecookie host="^(?:my\.|www\.)?curated\.co$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Curbed.cc.xml b/src/chrome/content/rules/Curbed.cc.xml
new file mode 100644
index 000000000000..810d03e51da7
--- /dev/null
+++ b/src/chrome/content/rules/Curbed.cc.xml
@@ -0,0 +1,17 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://f.curbed.cc/ => https://f.curbed.cc/: (28, 'Connection timed out after 20000 milliseconds')
+
+	For other Vox Media coverage, see Vox.com.xml.
+
+-->
+<ruleset name="Curbed.cc" default_off="failed ruleset test">
+
+	<target host="f.curbed.cc" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Curbed.com.xml b/src/chrome/content/rules/Curbed.com.xml
new file mode 100644
index 000000000000..e8092064b84a
--- /dev/null
+++ b/src/chrome/content/rules/Curbed.com.xml
@@ -0,0 +1,102 @@
+<!--
+	For other Vox Media coverage, see Vox.com.xml.
+
+
+	Nonfunctional hosts in *curbed.com:
+
+		- (www.)? ʳ
+		- (www.)?chicago ʳ
+		- (www.)?la ʳ
+		- (www.)?sf ʳ
+
+	ʳ Refused
+
+
+	Problematic hosts in *curbed.com:
+
+		- www.hamptons ᵐ
+
+	ᵐ Mismatched, CN: ny.curbed.com
+
+
+	Insecure cookies are set for these hosts:
+
+		- hamptons.curbed.com
+
+
+	Mixed content:
+
+		- css, on:
+
+			- hamptons, (www.)?ny from cdn.cstatic.net ˢ
+			- hamptons from fonts.googleapis.com ˢ
+
+		- Images, on:
+
+			- hamptons, (www.)?ny from ^curbed.com ʳ
+			- hamptons from hamptons.curbed.com ˢ
+			- (www.)?ny from ny.curbed.com ˢ
+			- hamptons and (www.)?ny from cdn.cstatic.net ˢ
+
+		- favicon on hamptons from hamptons ˢ
+
+		- Bugs, on:
+
+			- hamptons from b\d+.sitemeter.com ʳ
+			- hamptons from www.stumbleupon.com ˢ
+			- (www.)?ny from f.curbed.cc ˢ
+
+	ʳ Unsecurable <= refused
+	ˢ Secured by us
+
+-->
+<ruleset name="Curbed.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="hamptons.curbed.com" />
+	<target host="ny.curbed.com" />
+	<target host="www.ny.curbed.com" />
+
+	<!--	Complications:
+				-->
+	<target host="www.hamptons.curbed.com" />
+
+		<!--	404:
+				-->
+		<!--exclusion pattern="^http://hamptons\.curbed\.com/contact$" /-->
+
+		<!--	Avoid false/broken MCB:
+						-->
+		<exclusion pattern="^http://(?:www\.)?(?:hamptons|ny)\.curbed\.com/+(?!favicon\.ico|marketplace/(?:image|stylesheet)s/|uploads/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://hamptons.curbed.com/archives/2016/01/15/traditional_colorful_and_elegant_in_east_hampton_for_875m.php" />
+			<test url="http://hamptons.curbed.com/contact" />
+			<test url="http://hamptons.curbed.com/marketplace/properties" /><!--	Mixed bugs	-->
+			<test url="http://hamptons.curbed.com/tags/top" />
+
+			<!--	-ve:
+					-->
+			<test url="http://hamptons.curbed.com/favicon.ico" />
+			<test url="http://hamptons.curbed.com/marketplace/assets/properties/images/5144/9931/44593.jpg_20160114_polaroid.jpeg" />
+			<test url="http://hamptons.curbed.com/marketplace/images/dingbats/twitter-icon-15x15.png" />
+			<test url="http://hamptons.curbed.com/marketplace/stylesheets/cache/print.css" />
+			<test url="http://www.hamptons.curbed.com/uploads/shutterstock_176666024.jpg" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^hamptons\.curbed\.com$" name="^(?:_hamptons_curbed_com_marketplace_session|identity_client)$" /-->
+
+	<securecookie host="^\." name="^__qca$" />
+
+
+	<rule from="^http://www\.hamptons\.curbed\.com/"
+		to="https://hamptons.curbed.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cure53.xml b/src/chrome/content/rules/Cure53.xml
new file mode 100644
index 000000000000..f89f3afc9aa1
--- /dev/null
+++ b/src/chrome/content/rules/Cure53.xml
@@ -0,0 +1,10 @@
+<ruleset name="Cure53.de">
+
+	<target host="cure53.de" />
+	<target host="www.cure53.de" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CureSec.com.xml b/src/chrome/content/rules/CureSec.com.xml
new file mode 100644
index 000000000000..37a5087f4bd1
--- /dev/null
+++ b/src/chrome/content/rules/CureSec.com.xml
@@ -0,0 +1,23 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://curesec.com/ => https://curesec.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	Problematic subdomains:
+
+		- blackarch[12] *
+		- blog *
+
+	* Mismatched
+
+-->
+<ruleset name="CureSec.com (partial)" default_off="failed ruleset test">
+
+	<target host="curesec.com" />
+	<target host="www.curesec.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Curetheitch.xml b/src/chrome/content/rules/Curetheitch.xml
index 1d2045199cf5..bc5bbe2d1ddb 100644
--- a/src/chrome/content/rules/Curetheitch.xml
+++ b/src/chrome/content/rules/Curetheitch.xml
@@ -1,16 +1,14 @@
 <!--
-	- Cert is only valid for ^curetheitch.com
-	- ^ redirects to www
-	- Expired 2012-01-29
+	Server sends no certificate chain, see https://whatsmychaincert.com
 
 -->
-<ruleset name="Curetheitch" default_off="expired, mismatched, self-signed">
+<ruleset name="Curetheitch.com" default_off="expired, missing certificate chain">
 
 	<target host="curetheitch.com" />
 	<target host="www.curetheitch.com" />
 
 
-	<rule from="^http://(?:www\.)?curetheitch\.com/"
-		to="https://www.curetheitch.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Curling_World.com.xml b/src/chrome/content/rules/Curling_World.com.xml
deleted file mode 100644
index f6856e16f53a..000000000000
--- a/src/chrome/content/rules/Curling_World.com.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Curling World.com">
-
-	<target host="curlingworld.com" />
-	<target host="*.curlingworld.com" />
-
-
-	<securecookie host="^\.curlingworld\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?curlingworld\.com/"
-		to="https://$1curlingworld.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Curo.co.za.xml b/src/chrome/content/rules/Curo.co.za.xml
new file mode 100644
index 000000000000..215f7d6dfd24
--- /dev/null
+++ b/src/chrome/content/rules/Curo.co.za.xml
@@ -0,0 +1,25 @@
+<!--
+	www.curo.co.za: Mismatched
+
+-->
+<ruleset name="Curo.co.za" default_off="expired">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="curo.co.za" />
+
+	<!--	Complications:
+				-->
+	<target host="www.curo.co.za" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://www\.curo\.co\.za/"
+		to="https://curo.co.za/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CurrencyFair.com.xml b/src/chrome/content/rules/CurrencyFair.com.xml
new file mode 100644
index 000000000000..95f3c44d5c43
--- /dev/null
+++ b/src/chrome/content/rules/CurrencyFair.com.xml
@@ -0,0 +1,36 @@
+<!--
+	Non-functional subdomains:
+		- autodiscover	(r)
+		- b10	(t)
+		- b2	(t)
+		- b4	(t)
+		- b5	(t)
+		- b6	(t)
+		- brand.internal	(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="CurrencyFair.com">
+
+	<target host="currencyfair.com" />
+	<target host="www.currencyfair.com" />
+	<target host="api.currencyfair.com" />
+	<target host="app.currencyfair.com" />
+	<target host="assets.currencyfair.com" />
+	<target host="b1.currencyfair.com" />
+	<target host="cfex01.currencyfair.com" />
+	<target host="mail.currencyfair.com" />
+	<target host="rate-alert.currencyfair.com" />
+	<target host="tech.currencyfair.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Current-TV-mismatches.xml b/src/chrome/content/rules/Current-TV-mismatches.xml
deleted file mode 100644
index 9e32952a7e69..000000000000
--- a/src/chrome/content/rules/Current-TV-mismatches.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	For rules that are on by default, see Current-TV.xml.
-
--->
-<ruleset name="Current TV (mismatches)" default_off="mismatch">
-
-	<target host="s3.crtcdn1.net" />
-
-
-	<!--	- s3.crtcd1.net cert: *.pantherssl.com
-		- s3.crtcd1.net 403s over https
-		- www.crowd.com/static/.+ redirects to //crowd...
-		- Cert only matches *.crowd.com
-					-->
-	<rule from="^https?://(?:s3\.|crtcdn1\.net|current\.com)/(static/)"
-		to="https://www.current.com/$1" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Current-TV.xml b/src/chrome/content/rules/Current-TV.xml
deleted file mode 100644
index 1751395d223a..000000000000
--- a/src/chrome/content/rules/Current-TV.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	For problematic rules, see Current-TV-mismatches.xml.
-
-
-	Nonfunctional domains:
-
-		- i2.crtcdn1.net/images/	(cert: *.pantherssl.com; 403)
-
--->
-<ruleset name="Current TV (partial)">
-
-	<target host="current.com" />
-	<target host="www.current.com" />
-
-
-	<!--	- Cert only matches *.current.com
-		- At least some pages redirect to http
-					-->
-	<rule from="^https?://(?:www\.)?current\.com/(participate(?:$|/))"
-		to="https://www.current.com/$1" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Curse.xml b/src/chrome/content/rules/Curse.xml
new file mode 100644
index 000000000000..c6b8d430fc23
--- /dev/null
+++ b/src/chrome/content/rules/Curse.xml
@@ -0,0 +1,213 @@
+<!--
+	Other Curse rulesets:
+
+		- bukkit.org.xml
+
+	404 not found:
+		- clientupdate-v5.curse.com
+		- clientupdate.curse.com
+		- ^cursecdn.com
+		- www.cursecdn.com
+		- cf-ssl55921-protected-static-ascalon.cursecdn.com
+		- cf-ssl55921-protected-static-azeroth.cursecdn.com
+		- cf-ssl55921-protected-static-hearth.cursecdn.com
+		- cf-ssl55921-protected-static-titanium.cursecdn.com
+		- dra-media.cursecdn.com
+		- hearth.cursecdn.com
+		- hydera-media.cursecdn.com
+		- hydramedia.cursecdn.com
+		- media-copper.cursecdn.com
+		- media-leaguepedia.cursecdn.com
+		- media-marriland.cursecdn.com
+		- media-mcw.cursecdn.com
+		- media-wowstead.cursecdn.com
+		- media-yttrium.cursecdn.com
+		- media.curse.com
+		- media.cursecdn.com
+		- media01.cursecdn.com
+		- servermods.cursecdn.com
+		- static-storm.cursecdn.com
+		- titanium.cursecdn.com
+
+	Connection refused:
+		- cloudmail.curse.com
+		- old.wowace.com (521)
+		- xcom2.curse.com (521)
+
+	Mismatch:
+		- addons.curse.cursecdn.com
+		- cocotiers.curse.com
+		- web-support.curse.com
+		- www.tsw.curseforge.com
+
+	Redirect to plain:
+		- static-diablofans.cursecdn.com
+		- static-dominaria.cursecdn.com
+		- static-mamba.cursecdn.com
+		- static-seawolf.cursecdn.com
+		- static-thelab.cursecdn.com
+		- www.hearthpwn.com
+		- db.mmo-champion.com
+		- wowdb.com
+		- www.wowdb.com
+		- beta.wowdb.com
+		- ptr.wowdb.com
+		- Gamepedia.com & subdomains
+
+	Self-Signed:
+		- repos.curseforge.com
+		- svn.wowace.com
+		- hg.wowace.com
+
+	Timeout:
+		- my.curse.com
+		- media-overpwn.cursecdn.com
+		- media-spacejam.cursecdn.com
+		- static-ascalon.cursecdn.com (522)
+
+	Mixed Content:
+		- www.mmo-champion.com
+
+-->
+<ruleset name="Curse">
+
+	<target host="curse.com" />
+	<target host="www.curse.com" />
+	<target host="addon-service.curse.com" />
+	<target host="auth.curse.com" />
+	<target host="clientforum.curse.com" />
+	<target host="clientservice-upload.curse.com" />
+	<target host="clientservice-v6-beta.curse.com" />
+	<target host="clientservice.curse.com" />
+	<target host="clientsupport.curse.com" />
+	<target host="cp.curse.com" />
+	<target host="curseclient.curse.com" />
+	<target host="files.curse.com" />
+	<target host="geoservice.curse.com" />
+	<target host="landscape.curse.com" />
+	<target host="mods.curse.com" />
+	<target host="support.curse.com" />
+	<target host="testclientupdate.curse.com" />
+	<target host="wow.curse.com" />
+
+	<target host="curseapp.net" />
+	<target host="images.curseapp.net" />
+	<target host="updates.curseapp.net" />
+
+	<target host="addons-origin.cursecdn.com" />
+	<target host="addons.cursecdn.com" />
+	<target host="cdm.cursecdn.com" />
+	<target host="clientupdate-v6-aws.cursecdn.com" />
+	<target host="clientupdate-v6-mac.cursecdn.com" />
+	<target host="clientupdate-v6.cursecdn.com" />
+	<target host="fonts.cursecdn.com" />
+	<target host="ftb.cursecdn.com" />
+	<target host="futhead.cursecdn.com" />
+	<target host="hydra-images.cursecdn.com" />
+	<target host="hydra-media.cursecdn.com" />
+	<target host="lolchat.cursecdn.com" />
+	<target host="media-ascalon.cursecdn.com" />
+	<target host="media-azeroth.cursecdn.com" />
+	<target host="media-cerulean.cursecdn.com" />
+	<target host="media-corp.cursecdn.com" />
+	<target host="media-curse.cursecdn.com" />
+	<target host="media-diablofans.cursecdn.com" />
+	<target host="media-dominaria.cursecdn.com" />
+	<target host="media-elerium.cursecdn.com" />
+	<target host="media-hearth.cursecdn.com" />
+	<target host="media-mamba.cursecdn.com" />
+	<target host="media-mercury.cursecdn.com" />
+	<target host="media-minecraftforum.cursecdn.com" />
+	<target host="media-noxia.cursecdn.com" />
+	<target host="media-seawolf.cursecdn.com" />
+	<target host="media-slapshot.cursecdn.com" />
+	<target host="media-storm.cursecdn.com" />
+	<target host="media-strawpoll.cursecdn.com" />
+	<target host="media-thelab.cursecdn.com" />
+	<target host="media-titanium.cursecdn.com" />
+	<target host="media-touchdown.cursecdn.com" />
+	<target host="media-vox.cursecdn.com" />
+	<target host="media-zybez.cursecdn.com" />
+	<target host="minecraftforge.cursecdn.com" />
+	<target host="modloaders.cursecdn.com" />
+	<target host="mv-azeroth.cursecdn.com" />
+	<target host="soartex.cursecdn.com" />
+	<target host="static-azeroth.cursecdn.com"/>
+	<target host="static-cerulean.cursecdn.com" />
+	<target host="static-copper.cursecdn.com" />
+	<target host="static-corp.cursecdn.com" />
+	<target host="static-curse.cursecdn.com" />
+	<target host="static-elerium-beta.cursecdn.com" />
+	<target host="static-elerium.cursecdn.com" />
+	<target host="static-hearth.cursecdn.com" />
+	<target host="static-mercury.cursecdn.com" />
+	<target host="static-minecraftforum.cursecdn.com" />
+	<target host="static-mods-curse.cursecdn.com" />
+	<target host="static-noxia.cursecdn.com" />
+	<target host="static-overpwn.cursecdn.com" />
+	<target host="static-slapshot.cursecdn.com" />
+	<target host="static-spacejam.cursecdn.com" />
+	<target host="static-strawpoll.cursecdn.com" />
+	<target host="static-titanium.cursecdn.com" />
+	<target host="static-touchdown.cursecdn.com" />
+	<target host="static-vox.cursecdn.com" />
+	<target host="static-yttrium.cursecdn.com" />
+	<target host="trinium.cursecdn.com" />
+
+	<target host="www.curseforge.com" />
+	<target host="aoc.curseforge.com" />
+	<target host="api.curseforge.com" />
+	<target host="authors.curseforge.com" />
+	<target host="cwow.curseforge.com" />
+	<target host="firefall.curseforge.com" />
+	<target host="forums.curseforge.com" />
+	<target host="gta.curseforge.com" />
+	<target host="kerbal.curseforge.com" />
+	<target host="legacy.curseforge.com" />
+	<target host="minecraft-beta.curseforge.com" />
+	<target host="minecraft.curseforge.com" />
+	<target host="rift.curseforge.com" />
+	<target host="rom.curseforge.com" />
+	<target host="sc2.curseforge.com" />
+	<target host="skyrim.curseforge.com" />
+	<target host="store.curseforge.com" />
+	<target host="support.curseforge.com" />
+	<target host="terraria.curseforge.com" />
+	<target host="teso.curseforge.com" />
+	<target host="tsw.curseforge.com" />
+	<target host="war.curseforge.com" />
+	<target host="wildstar.curseforge.com" />
+	<target host="worldoftanks.curseforge.com" />
+	<target host="wow-beta.curseforge.com" />
+	<target host="wow.curseforge.com" />
+
+	<target host="curseinc.com" />
+	<target host="www.curseinc.com" />
+
+	<target host="mmo-champion.com" />
+	<target host="blue.mmo-champion.com" />
+	<target host="media.mmo-champion.com" />
+	<target host="raidcomp.mmo-champion.com" />
+	<target host="static.mmo-champion.com" />
+	<target host="talent.mmo-champion.com" />
+
+	<target host="sc2mapster.com" />
+	<target host="www.sc2mapster.com" />
+	<target host="wiki.sc2mapster.com" />
+
+	<target host="skyrimforge.com" />
+	<target host="www.skyrimforge.com" />
+
+	<target host="wowace.com" />
+	<target host="www.wowace.com" />
+	<target host="dev.wowace.com" />
+	<target host="files.wowace.com" />
+	<target host="forums.wowace.com" />
+	<target host="static.wowace.com" />
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Curso_de_Italiano.xml b/src/chrome/content/rules/Curso_de_Italiano.xml
index c56f979b44c5..b7fa155fa451 100644
--- a/src/chrome/content/rules/Curso_de_Italiano.xml
+++ b/src/chrome/content/rules/Curso_de_Italiano.xml
@@ -1,13 +1,13 @@
 <ruleset name="Curso de Italiano">
 
 	<target host="marconisida.com" />
-	<target host="*.marconisida.com" />
+	<target host="www.marconisida.com" />
 
 
 	<securecookie host="^\.marconisida\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?marconisida\.com/"
+	<rule from="^http://(?:www\.)?marconisida\.com/"
 		to="https://marconisida.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Curvehost.xml b/src/chrome/content/rules/Curvehost.xml
deleted file mode 100644
index c7b216b330b5..000000000000
--- a/src/chrome/content/rules/Curvehost.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="Curvehost">
-  <target host="curvehost.com"/>
-  <target host="www.curvehost.com"/>
-
-  <rule from="^http://(www\.)?curvehost\.com/" to="https://curvehost.com/"/>
-</ruleset>
-<!-- Rule generated by HTTPS Finder 0.77 -->
diff --git a/src/chrome/content/rules/Custhelp.com.xml b/src/chrome/content/rules/Custhelp.com.xml
new file mode 100644
index 000000000000..ff5117fa4333
--- /dev/null
+++ b/src/chrome/content/rules/Custhelp.com.xml
@@ -0,0 +1,64 @@
+<!--
+	For other Oracle coverage, see Oracle.xml.
+
+	For clients, see RightNow-clients.xml.
+
+
+	(www.)?: Mismatched
+	motorola-global-community: Mismatched (CN: forums.motorola.com)
+
+
+	Mixed content:
+
+		- Image on ora-fusion-apps.custhelp.com from webstandards.us.oracle.com
+
+-->
+<ruleset name="Custhelp.com">
+
+	<target host="*.custhelp.com" />
+
+		<test url="http://ora-fusion-apps.custhelp.com/" />
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^appsconnect\.custhelp\.com$" name="^HiveSession$" /-->
+	<!--securecookie host="^ora-fusion-apps\.custhelp\.com$" name="^ps_cookie$" /-->
+
+	<!--	Securing this appears to break login:
+
+			https://trac.torproject.org/projects/tor/ticket/11402
+										-->
+	<!--securecookie host="^\.[\w-]+\.custhelp\.com$" name="^ps_cookie$" /-->
+
+	<securecookie host="^.*\.custhelp\.com$" name="^(?!ps_cookie$).*" />
+
+	<!-- MCB issue -->
+	<exclusion pattern="^http://canoncanada\.custhelp\.com/" />
+
+		<test url="http://canoncanada.custhelp.com/" />
+
+	<!-- Fix #4742 -->
+	<exclusion pattern="^http://ancestryuk\.custhelp\.com/" />
+
+		<test url="http://ancestryuk.custhelp.com/" />
+
+	<!-- Redirects through a number of sites which ultimately can not be secured. -->
+	<exclusion pattern="^http://www\.custhelp\.com/" />
+
+		<test url="http://www.custhelp.com/" />
+
+	<!--	Mismatched (CN: forums.motorola.com)
+
+		http://motorola-global-community.custhelp.com/ redirects to https://forums.motorola.com/ anyway.
+
+		https://github.com/EFForg/https-everywhere/issues/4060 -->
+	<rule from="^http://motorola-global-community\.custhelp\.com/"
+		to="https://forums.motorola.com/" />
+
+		<test url="http://motorola-global-community.custhelp.com/" />
+		<test url="http://motorola-global-community.custhelp.com/pages/afe9e9ba5d" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Custodian_Vaults.com.au.xml b/src/chrome/content/rules/Custodian_Vaults.com.au.xml
new file mode 100644
index 000000000000..b284b8383b5b
--- /dev/null
+++ b/src/chrome/content/rules/Custodian_Vaults.com.au.xml
@@ -0,0 +1,20 @@
+<!--
+	Mixed content:
+
+		- css from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Custodian Vaults.com.au">
+
+	<target host="custodianvaults.com.au" />
+	<target host="www.custodianvaults.com.au" />
+
+
+	<securecookie host="^(?:w*\.)?custodianvaults\.com\.au$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CustomWheelConnection.com.xml b/src/chrome/content/rules/CustomWheelConnection.com.xml
index 4ab02f73e63d..d7b4f0c64a52 100644
--- a/src/chrome/content/rules/CustomWheelConnection.com.xml
+++ b/src/chrome/content/rules/CustomWheelConnection.com.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(www\.)?customwheelconnection\.com/(favicon\.ico|Portals/|scripts/|[sS]how(?:Category|Product)Image\.aspx)"
 		to="https://$1customwheelconnection.com/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Custom_Tiburon.xml b/src/chrome/content/rules/Custom_Tiburon.xml
deleted file mode 100644
index e917f7f0f47e..000000000000
--- a/src/chrome/content/rules/Custom_Tiburon.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Custom Tiburon">
-
-	<target host="customtiburon.com" />
-	<target host="www.customtiburon.com" />
-
-
-	<securecookie host="^(?:.*\.)?customtiburon\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?customtiburon\.com/"
-		to="https://$1customtiburon.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Customer-Lobby.xml b/src/chrome/content/rules/Customer-Lobby.xml
index bc97bc49b0c9..bf01e6494e94 100644
--- a/src/chrome/content/rules/Customer-Lobby.xml
+++ b/src/chrome/content/rules/Customer-Lobby.xml
@@ -3,13 +3,13 @@
 -->
 <ruleset name="Customer Lobby (partial)">
 
-	<target host="customerlobby.com"/>
+	<target host="customerlobby.com" />
+	<target host="www.customerlobby.com" />
 	<!--	* for cross-domain cookie	-->
-	<target host="*.customerlobby.com"/>
 
-	<securecookie host="^(.*\.)?customerlobby\.com$" name=".*"/>
 
-	<rule from="^http://(www\.)?customerlobby\.com/"
-		to="https://$1customerlobby.com/"/>
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Customer.io.xml b/src/chrome/content/rules/Customer.io.xml
index 3a853c003e91..7f4b3bb5359b 100644
--- a/src/chrome/content/rules/Customer.io.xml
+++ b/src/chrome/content/rules/Customer.io.xml
@@ -6,10 +6,11 @@
 -->
 <ruleset name="Customer.io (partial)">
 
-	<target host="*.customer.io" />
+	<target host="assets.customer.io" />
+	<target host="manage.customer.io" />
+	<target host="track.customer.io" />
 
 
-	<rule from="^http://(assets|manage|track)\.customer\.io/"
-		to="https://$1.customer.io/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Customersaas.com.xml b/src/chrome/content/rules/Customersaas.com.xml
index 1e20b0aaca4f..b8bb88286fb4 100644
--- a/src/chrome/content/rules/Customersaas.com.xml
+++ b/src/chrome/content/rules/Customersaas.com.xml
@@ -14,13 +14,10 @@
 -->
 <ruleset name="customersaas.com">
 
-	<target host="*.customersaas.com" />
+	<target host="imageservice.customersaas.com" />
+	<target host="static1.customersaas.com" />
 
 
-	<rule from="^https?://imageservice\.customersaas\.com/"
-		to="https://d35v9wsdymy32b.cloudfront.net/" />
+	<rule from="^http:" to="https:" />
 
-	<rule from="^https?://static1\.customersaas\.com/"
-		to="https://d1wawgqwk8hdm1.cloudfront.net/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Custy.com.xml b/src/chrome/content/rules/Custy.com.xml
new file mode 100644
index 000000000000..918d7d4e7b32
--- /dev/null
+++ b/src/chrome/content/rules/Custy.com.xml
@@ -0,0 +1,13 @@
+<!--
+	Chain issue, missing intermediate:
+		- www.custy.com
+
+	Invalid certificate:
+		- custy.com, equivalent to www.custy.com
+-->
+
+<ruleset name="Custy.com">
+	<target host="mailex.custy.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CuteDigi.xml b/src/chrome/content/rules/CuteDigi.xml
index eb506869c6b5..3d5c5f2de77a 100644
--- a/src/chrome/content/rules/CuteDigi.xml
+++ b/src/chrome/content/rules/CuteDigi.xml
@@ -1,13 +1,19 @@
-<ruleset name="CuteDigi">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cutedigi.com/ => https://cutedigi.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.cutedigi.com/ => https://www.cutedigi.com/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="CuteDigi" default_off="failed ruleset test">
 
 	<target host="cutedigi.com" />
-	<target host="*.cutedigi.com" />
+	<target host="www.cutedigi.com" />
 
 
 	<securecookie host="^\.www\.cutedigi\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?cutedigi\.com/"
-		to="https://$1cutedigi.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Cuttlefish.com.xml b/src/chrome/content/rules/Cuttlefish.com.xml
index 3ae8fde031db..fdcaa66be752 100644
--- a/src/chrome/content/rules/Cuttlefish.com.xml
+++ b/src/chrome/content/rules/Cuttlefish.com.xml
@@ -1,15 +1,17 @@
 <!--
-	- Cert only matches ^cuttlefish.com
-	- Expired 2010-10-09
+
+	Refused hosts in *cuttlefish.com:
+
+		- static
 
 -->
-<ruleset name="Cuttlefish.com" default_off="expired, mismatched, self-signed">
+<ruleset name="Cuttlefish.com">
 
 	<target host="cuttlefish.com" />
-	<target host="*.cuttlefish.com" />
+	<target host="www.cuttlefish.com" />
 
 
-	<rule from="^http://(?:(static\.)|www\.)?cuttlefish\.com/"
-		to="https://$1cuttlefish.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Cuusoo.xml b/src/chrome/content/rules/Cuusoo.xml
index 679aea10560a..8f03b5afd55d 100644
--- a/src/chrome/content/rules/Cuusoo.xml
+++ b/src/chrome/content/rules/Cuusoo.xml
@@ -1,42 +1,29 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://www.cuusoo.com/ (200) => https://www.cuusoo.com/ (404)
+
 	CDN buckets:
+		https://s3.amazonaws.com/cuusoo/
+		https://d3vgh2ebord16e.cloudfront.net/
 
-		- cuusoo.s3.amazonaws.com
-		- ditbeg8qmun1v.cloudfront.net
 
+	Nonfunctional domains:
+
+		- (www.)cuusoo.net      (no https)
+		- www.cuusoo.co.jp      (no https)
 
 	Problematic domains:
 
 		- blog.lego.cuusoo.com	(wordpress)
-
-
-	Partially covered domains:
-
-		- *.cuusoo.com *
-		- (www.)cuusoo.net *
-
-	* Some pages redirect to http
+		-      lego.cuusoo.com  (expired; empty page, but https working)
 
 -->
-<ruleset name="Cuusoo (partial)">
-
-	<target host="*.cuusoo.com" />
-	<target host="cuusoo.net" />
-	<target host="www.cuusoo.net" />
-
-
-	<!--	Per-client subdomains:
-					-->
-	<rule from="^http://([\w-]+)\.cuusoo\.com/(app|j)s/"
-		to="https://$1.cuusoo.com/$2s/" />
-
-	<!--	Must drop trailing slashes, otherwise
-		these redirect to http:
-						-->
-	<rule from="^http://([\w-]+)\.cuusoo\.com/(login|register)/?(\?.*)?$"
-		to="https://$.cuusoo.com/$2$3" />
-
-	<rule from="^http://(www\.)?cuusoo\.net/(common/|css/|favicon\.ico|img/|inquiry/)"
-		to="https://$1cuusoo.net/$2" />
-
-</ruleset>
\ No newline at end of file
+<ruleset name="Cuusoo.com (partial)" default_off="failed ruleset test">
+	<target host=     "cuusoo.com" />
+	<!--target host="lego.cuusoo.com" /-->
+	<target host= "www.cuusoo.com" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Cve.mitre.org.xml b/src/chrome/content/rules/Cve.mitre.org.xml
deleted file mode 100644
index 99fe9332eb6c..000000000000
--- a/src/chrome/content/rules/Cve.mitre.org.xml
+++ /dev/null
@@ -1,5 +0,0 @@
-<ruleset name="cve.mitre.org">
-	<target host="cve.mitre.org" />
-	<rule from="^http://cve\.mitre\.org/" to="https://cve.mitre.org/"/>
-</ruleset>
-
diff --git a/src/chrome/content/rules/Cvedetails.com.xml b/src/chrome/content/rules/Cvedetails.com.xml
new file mode 100644
index 000000000000..85bc7f16f263
--- /dev/null
+++ b/src/chrome/content/rules/Cvedetails.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Cvedetails.com">
+  <target host="cvedetails.com" />
+  <target host="www.cvedetails.com" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Cvent.com.xml b/src/chrome/content/rules/Cvent.com.xml
new file mode 100644
index 000000000000..9187ef261455
--- /dev/null
+++ b/src/chrome/content/rules/Cvent.com.xml
@@ -0,0 +1,42 @@
+<!--
+	Nonfunctional subdomains:
+
+		- investors *
+		- blog *
+		- hospitality *
+		- survey *
+
+	* Mismatch
+
+
+	* Secured by us
+
+-->
+<ruleset name="Cvent.com (partial)">
+
+	<target host="cvent.com" />
+	<target host="www.cvent.com" />
+	<target host="app.cvent.com" />
+	<target host="custom.cvent.com" />
+	<target host="shworldwide.cvent.com" />
+	<target host="ssc.cvent.com" />
+	<target host="guest.cvent.com" />
+
+	<!-- Fix #4520 -->
+	<exclusion pattern="^http://www\.cvent\.com/events/.*/(?!registration-)" />
+
+	<!-- These paths are related to one time events. Only URLs related to *ongoing* events are redirecting
+		to HTTP. Older test URLs will display "The page you are requesting from this event is no longer available."
+		and work with HTTPS. -->
+	<test url="http://www.cvent.com/events/csh-summit-2016/event-summary-b05896613e504f549b12ef1d73909e59.aspx?ct=48832732-1e0d-43b1-8af7-01e4e9cd58aa" />
+	<test url="http://www.cvent.com/events/csh-summit-2016/fees-b05896613e504f549b12ef1d73909e59.aspx?ct=48832732-1e0d-43b1-8af7-01e4e9cd58aa" />
+	<test url="http://www.cvent.com/events/csh-summit-2016/faqs-b05896613e504f549b12ef1d73909e59.aspx?ct=48832732-1e0d-43b1-8af7-01e4e9cd58aa" />
+	<test url="http://www.cvent.com/events/isbe-2018/custom-118-8b8c6b90d61e4194b0893e21e3ef0553.aspx" />
+
+	<securecookie host="^(?:shworldwide)?\.cvent\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cxcloud.com.xml b/src/chrome/content/rules/Cxcloud.com.xml
new file mode 100644
index 000000000000..f90e6b78c6b8
--- /dev/null
+++ b/src/chrome/content/rules/Cxcloud.com.xml
@@ -0,0 +1,27 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cxcloud.com/ => https://cxcloud.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.cxcloud.com/ => https://www.cxcloud.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://cxcloud.com/ => https://cxcloud.com/: Cycle detected - URL already encountered: http://cxcloud.com/
+Fetch error: http://www.cxcloud.com/ => https://www.cxcloud.com/: (56, 'Recv failure: Connection reset by peer')
+	For other Checkmarx coverage, see Checkmarx.com.xml.
+
+-->
+<ruleset name="Cxcloud.com" default_off="failed ruleset test">
+
+	<target host="cxcloud.com" />
+	<target host="www.cxcloud.com" />
+
+
+	<securecookie host="^(?:www\.)?cxcloud\.com$" name=".+" />
+
+
+	<!--	Server drops path and arguments:
+						-->
+	<rule from="^http://(www\.)?cxcloud\.com/.*"
+		to="https://$1cxcloud.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cxsecurity.com.xml b/src/chrome/content/rules/Cxsecurity.com.xml
new file mode 100644
index 000000000000..21f3743e6c53
--- /dev/null
+++ b/src/chrome/content/rules/Cxsecurity.com.xml
@@ -0,0 +1,16 @@
+<!--
+	www: cert only matches ^cxsecurity.com
+
+-->
+<ruleset name="cxsecurity.com">
+
+	<target host="cxsecurity.com" />
+	<target host="www.cxsecurity.com" />
+
+
+	<securecookie host="^cxsecurity\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cxt.ms.xml b/src/chrome/content/rules/Cxt.ms.xml
deleted file mode 100644
index 9e72e1cd24d7..000000000000
--- a/src/chrome/content/rules/Cxt.ms.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	CDN buckets:
-
-		- d3j09g9h9lgmkt.cloudfront.net
-
-			- s
-
--->
-<ruleset name="Cxt.ms">
-
-	<target host="*.cxt.ms" />
-
-
-	<rule from="^http://s\.cxt\.ms/"
-		to="https://d3j09g9h9lgmkt.cloudfront.net/" />
-
-	<rule from="^http://t\.cxt\.ms/"
-		to="https://t.cxt.ms/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/CyanogenMod.org.xml b/src/chrome/content/rules/CyanogenMod.org.xml
deleted file mode 100644
index e5b6b30acad0..000000000000
--- a/src/chrome/content/rules/CyanogenMod.org.xml
+++ /dev/null
@@ -1,31 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- ^ *
-		- forum *
-		- review	(refused)
-		- wiki *
-		- www	(520)
-
-	* 522
-
-
-	Fully covered subdomains:
-
-		- account
-		- download
-		- jira
-
--->
-<ruleset name="CyanogenMod.org (partial)">
-
-	<target host="*.cyanogenmod.org" />
-
-
-	<securecookie host="^jira\.cyanogenmod\.org$" name=".+" />
-
-
-	<rule from="^http://(account|download|jira)\.cyanogenmod\.org/"
-		to="https://$1.cyanogenmod.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Cyber-Security-Challenge.xml b/src/chrome/content/rules/Cyber-Security-Challenge.xml
index 7ffa2177bb5b..d59a1bbd8351 100644
--- a/src/chrome/content/rules/Cyber-Security-Challenge.xml
+++ b/src/chrome/content/rules/Cyber-Security-Challenge.xml
@@ -1,11 +1,16 @@
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cybersecuritychallenge.org.uk/ => https://www.cybersecuritychallenge.org.uk/: (28, 'Operation timed out after 15001 milliseconds with 0 bytes received')
+Fetch error: http://www.cybersecuritychallenge.org.uk/ => https://www.cybersecuritychallenge.org.uk/: (28, 'Operation timed out after 15001 milliseconds with 0 bytes received')
+-->
 <ruleset name="Cyber Security Challenge">
 	<target host="cybersecuritychallenge.org.uk" />
 	<target host="www.cybersecuritychallenge.org.uk" />
 
 
-	<securecookie host="^(www\.)?cybersecuritychallenge\.org\.uk$" name=".*" />
+	<securecookie host="^(?:www\.)?cybersecuritychallenge\.org\.uk$" name=".+" />
 
-    <rule from="^https?://cybersecuritychallenge\.org\.uk/"
+    <rule from="^http://cybersecuritychallenge\.org\.uk/"
         to="https://www.cybersecuritychallenge.org.uk/"/>
     <rule from="^http://([^/:@]+)?\.cybersecuritychallenge\.org\.uk/"
         to="https://$1.cybersecuritychallenge.org.uk/" />
diff --git a/src/chrome/content/rules/CyberAces.xml b/src/chrome/content/rules/CyberAces.xml
new file mode 100644
index 000000000000..037d4b29ac66
--- /dev/null
+++ b/src/chrome/content/rules/CyberAces.xml
@@ -0,0 +1,17 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://online.cyberaces.org/ => https://www.online.cyberaces.org/: (6, 'Could not resolve host: www.online.cyberaces.org')
+Fetch error: http://www.online.cyberaces.org/ => https://www.online.cyberaces.org/: (6, 'Could not resolve host: www.online.cyberaces.org')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://online.cyberaces.org/ => https://www.online.cyberaces.org/: (6, 'Could not resolve host: www.online.cyberaces.org')
+Fetch error: http://www.online.cyberaces.org/ => https://www.online.cyberaces.org/: (6, 'Could not resolve host: www.online.cyberaces.org')
+-->
+<ruleset name="CyberAces (partial)" default_off="failed ruleset test">
+  <target host="online.cyberaces.org" />
+  <target host="cyberaces.org" />
+  <target host="www.online.cyberaces.org" />
+
+  <rule from="^http://(?:www\.)?online\.cyberaces\.org/" to="https://www.online.cyberaces.org/" />
+</ruleset>
diff --git a/src/chrome/content/rules/CyberAgent.xml b/src/chrome/content/rules/CyberAgent.xml
index ce53b7ebf3ef..11d532b0a6b9 100644
--- a/src/chrome/content/rules/CyberAgent.xml
+++ b/src/chrome/content/rules/CyberAgent.xml
@@ -5,7 +5,7 @@
 
 
 	<!--	Cert only matches www.	-->
-	<rule from="^https?://(?:www\.)?cyberagent\.co\.jp/"
+	<rule from="^http://(?:www\.)?cyberagent\.co\.jp/"
 		to="https://www.cyberagent.co.jp/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/CyberCamp.es.xml b/src/chrome/content/rules/CyberCamp.es.xml
new file mode 100644
index 000000000000..c58d7c106930
--- /dev/null
+++ b/src/chrome/content/rules/CyberCamp.es.xml
@@ -0,0 +1,12 @@
+<ruleset name="CyberCamp.es">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="cybercamp.es" />
+	<target host="www.cybercamp.es" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CyberGhost.xml b/src/chrome/content/rules/CyberGhost.xml
index c4edcd26c6dd..9f59bea6af07 100644
--- a/src/chrome/content/rules/CyberGhost.xml
+++ b/src/chrome/content/rules/CyberGhost.xml
@@ -6,7 +6,7 @@
 	<!--	encountered:
 			- cyberghostvpn.com
 			- blog.cyberghostvpn.com	-->
-	<securecookie host="^(.*\.)?cyberghostvpn\.com$" name=".*"/>
+	<securecookie host=".+" name=".+" />
 
 	<!--	known matches:
 			- blog
diff --git a/src/chrome/content/rules/CyberPatrol.xml b/src/chrome/content/rules/CyberPatrol.xml
index 9cecc665cf99..fe7102f7be0b 100644
--- a/src/chrome/content/rules/CyberPatrol.xml
+++ b/src/chrome/content/rules/CyberPatrol.xml
@@ -1,19 +1,32 @@
 <!--
-	Nonfunctional subdomains:
+	Nonfunctional hosts in *cyberpatrol.com:
 
-		- blog		(times out)
+		- blog ᵈ
+
+	ᵈ Dropped
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.cyberpatrol.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="CyberPatrol (partial)">
+<ruleset name="CyberPatrol.com (partial)">
 
 	<target host="cyberpatrol.com" />
 	<target host="www.cyberpatrol.com" />
 
 
-	<securecookie host="^(?:www\.)?cyberpatrol\.com$" name=".+" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.cyberpatrol\.com$" name="^(?:PHPSESSID|mid|pid)$" /-->
+
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^http://(www\.)?cyberpatrol\.com/"
-		to="https://$1cyberpatrol.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/CyberPhoto-AB.xml b/src/chrome/content/rules/CyberPhoto-AB.xml
index 63139ee0c8fe..850df99bcbc1 100644
--- a/src/chrome/content/rules/CyberPhoto-AB.xml
+++ b/src/chrome/content/rules/CyberPhoto-AB.xml
@@ -1,8 +1,14 @@
-<ruleset name="CyberPhoto AB">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cyberphoto.fi/ => https://www.cyberphoto.fi/: (6, 'Could not resolve host: www.cyberphoto.fi')
+
+-->
+<ruleset name="CyberPhoto AB" default_off="failed ruleset test">
 	<target host="cyberphoto.fi"/>
-	<target host="*.cyberphoto.fi"/>
+	<target host="www.cyberphoto.fi" />
 	<target host="cyberphoto.se"/>
-	<target host="*.cyberphoto.se"/>
+	<target host="www.cyberphoto.se" />
 
 	<securecookie host="^(?:www)?\.cyberphoto\.(?:fi|se)$" name="^(?:PHPSESSID|kundvagn)$" />
 
diff --git a/src/chrome/content/rules/CyberPowerSystem.co.uk.xml b/src/chrome/content/rules/CyberPowerSystem.co.uk.xml
new file mode 100644
index 000000000000..c1ce826f8f02
--- /dev/null
+++ b/src/chrome/content/rules/CyberPowerSystem.co.uk.xml
@@ -0,0 +1,8 @@
+<ruleset name="CyberPowerSystem.co.uk">
+	<target host="cyberpowersystem.co.uk" />
+	<target host="www.cyberpowersystem.co.uk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Cyber_Stewards.org.xml b/src/chrome/content/rules/Cyber_Stewards.org.xml
new file mode 100644
index 000000000000..33861ee9e3d5
--- /dev/null
+++ b/src/chrome/content/rules/Cyber_Stewards.org.xml
@@ -0,0 +1,15 @@
+<!--
+	www.cyberstewards.org: Refused
+
+-->
+<ruleset name="Cyber Stewards.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="cyberstewards.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cyberciti.org.xml b/src/chrome/content/rules/Cyberciti.org.xml
new file mode 100644
index 000000000000..4b9bedeb0aca
--- /dev/null
+++ b/src/chrome/content/rules/Cyberciti.org.xml
@@ -0,0 +1,10 @@
+<ruleset name="Cyberciti.org">
+
+	<target host="cyberciti.org" />
+	<target host="www.cyberciti.org" />
+	<target host="s0.cyberciti.org" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cybercompex.org.xml b/src/chrome/content/rules/Cybercompex.org.xml
new file mode 100644
index 000000000000..c10bdcfb5405
--- /dev/null
+++ b/src/chrome/content/rules/Cybercompex.org.xml
@@ -0,0 +1,18 @@
+<!--
+	Private subdomain:
+		admin.cybercompex.org
+		hiring.cybercompex.org
+		jobs.cybercompex.org
+
+	Time out:
+		sans.cybercompex.org
+
+-->
+<ruleset name="Cybercompex.org">
+
+	<target host="cybercompex.org" />
+	<target host="www.cybercompex.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cybercon.xml b/src/chrome/content/rules/Cybercon.xml
index 342a530e4912..6e0084d838f5 100644
--- a/src/chrome/content/rules/Cybercon.xml
+++ b/src/chrome/content/rules/Cybercon.xml
@@ -10,13 +10,13 @@
 <ruleset name="Cybercon (partial)">
 
 	<target host="cybercon.com" />
-	<target host="*.cybercon.com" />
+	<target host="smc.cybercon.com" />
+	<target host="www.cybercon.com" />
 
 
 	<securecookie host="^\.www\.cybercon\.com$" name=".+" />
 
 
-	<rule from="^http://(smc\.|www\.)?cybercon\.com/"
-		to="https://$1cybercon.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Cyberfret.com.xml b/src/chrome/content/rules/Cyberfret.com.xml
new file mode 100644
index 000000000000..e048523c9b3a
--- /dev/null
+++ b/src/chrome/content/rules/Cyberfret.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="Cyberfret.com">
+
+	<target host="cyberfret.com" />
+	<target host="www.cyberfret.com" />
+
+
+	<securecookie host="^(?:www\.)?cyberfret\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cybergolf.com-mixedcontent.xml b/src/chrome/content/rules/Cybergolf.com-mixedcontent.xml
new file mode 100644
index 000000000000..16e2091ea0e7
--- /dev/null
+++ b/src/chrome/content/rules/Cybergolf.com-mixedcontent.xml
@@ -0,0 +1,19 @@
+<!--
+	For rules not causing MCB, see Cybergolf.com.xml.
+
+-->
+<ruleset name="Cybergolf.com (MCB)" platform="mixedcontent">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.cybergolf.com" />
+
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cybergolf.com.xml b/src/chrome/content/rules/Cybergolf.com.xml
new file mode 100644
index 000000000000..f29ec71863b7
--- /dev/null
+++ b/src/chrome/content/rules/Cybergolf.com.xml
@@ -0,0 +1,47 @@
+<!--
+	For rules causing MCB, see Cybergolf.com-mixedcontent.xml.
+
+
+	Nonfunctional hosts in *cybergolf.com:
+
+		- classic ¹
+		- news ²
+
+	¹ Handshake fails
+	² Shows another domain
+
+
+	Problematic hosts in *cybergolf.com:
+
+		- www2 *
+
+	* Mismatched
+
+
+	Mixed content:
+
+		- css, on:
+
+			- www from www2.cybergolf.com
+			- www from fonts.googleapis.com *
+
+		- Images on www from cdn.cybergolf.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Cybergolf.com (partial)">
+
+	<target host="cybergolf.com" />
+	<target host="cdn.cybergolf.com" />
+	<!--target host="www.cybergolf.com" /-->
+
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cyberleninka.ru.xml b/src/chrome/content/rules/Cyberleninka.ru.xml
new file mode 100644
index 000000000000..8d505ab35a62
--- /dev/null
+++ b/src/chrome/content/rules/Cyberleninka.ru.xml
@@ -0,0 +1,10 @@
+<!--www. mismatch-->
+<ruleset name="Cyberleninka.ru">
+	<target host="cyberleninka.ru" />
+	<target host="www.cyberleninka.ru" />
+
+	<rule from="^http://www\.cyberleninka\.ru/"
+		to="https://cyberleninka.ru/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Cybermill.xml b/src/chrome/content/rules/Cybermill.xml
index 90455d6093f4..6467b36b72c1 100644
--- a/src/chrome/content/rules/Cybermill.xml
+++ b/src/chrome/content/rules/Cybermill.xml
@@ -8,7 +8,7 @@
 	<target host="www.cybermill.com" />
 
 
-	<rule from="^https?://(?:www\.)?cybermill\.com/"
+	<rule from="^http://(?:www\.)?cybermill\.com/"
 		to="https://cybermill.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Cyberplat.ru.xml b/src/chrome/content/rules/Cyberplat.ru.xml
new file mode 100644
index 000000000000..b9c9fcc22d00
--- /dev/null
+++ b/src/chrome/content/rules/Cyberplat.ru.xml
@@ -0,0 +1,18 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://info.cyberplat.ru/ => https://info.cyberplat.ru/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+kz. mismatch
+card. mixed content-->
+<ruleset name="Cyberplat.ru" default_off="failed ruleset test">
+	<target host="cyberplat.ru" />
+	<target host="www.cyberplat.ru" />
+	<target host="info.cyberplat.ru" />
+	<target host="portal.cyberplat.ru" />
+	<target host="note.cyberplat.ru" />
+	<target host="customer.cyberplat.ru" />
+	<target host="payment.cyberplat.ru" />
+	<target host="service.cyberplat.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Cyberport.de.xml b/src/chrome/content/rules/Cyberport.de.xml
new file mode 100644
index 000000000000..403649aeb294
--- /dev/null
+++ b/src/chrome/content/rules/Cyberport.de.xml
@@ -0,0 +1,22 @@
+<!--
+	Problematic domains:
+
+		- mailing ¹
+
+	¹: Mismatch
+-->
+<ruleset name="Cyberport.de">
+
+	<target host="cyberport.de" />
+	<target host="www.cyberport.de" />
+
+	<target host="karriere.cyberport.de" />
+	<target host="m.cyberport.de" />
+	<target host="partner.cyberport.de" />
+	<target host="picture1.cyberport.de" />
+	<target host="picture2.cyberport.de" />
+	<target host="picture3.cyberport.de" />
+	<target host="picture4.cyberport.de" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Cyberport.hk.xml b/src/chrome/content/rules/Cyberport.hk.xml
new file mode 100644
index 000000000000..949d64a3ffb5
--- /dev/null
+++ b/src/chrome/content/rules/Cyberport.hk.xml
@@ -0,0 +1,91 @@
+<!--
+	Non-functional hosts
+		Couldn't resolve host name:
+			 - conference.cyberport.hk
+			 - iciss.cyberport.hk
+			 - openstack4bday.cyberport.hk
+			 - registration.cyberport.hk
+			 - wine.cyberport.hk
+
+		Couldn't connect to server:
+			 - 2014gew.cyberport.hk
+			 - ac.cyberport.hk
+			 - angelhack.cyberport.hk
+			 - ct.cyberport.hk
+			 - cvcf.cyberport.hk
+			 - edm.cyberport.hk
+			 - hackathon.cyberport.hk
+			 - hackathon2014.cyberport.hk
+			 - istartup.cyberport.hk
+			 - license.cyberport.hk
+			 - ns1.cyberport.hk
+			 - tencent.cyberport.hk
+
+		Timeout was reached:
+			 - antispam1.cyberport.hk
+			 - cloud.cyberport.hk
+			 - extsmtp.cyberport.hk
+			 - ftp.cyberport.hk
+			 - gcloud.cyberport.hk
+			 - ictinternship.cyberport.hk
+			 - intra.cyberport.hk
+			 - intranet.cyberport.hk
+			 - ipv6.cyberport.hk
+			 - mail.cyberport.hk
+			 - mail2.cyberport.hk
+			 - map.cyberport.hk
+			 - mdmnsag.cyberport.hk
+			 - mdmstore.cyberport.hk
+			 - mdmxdm.cyberport.hk
+			 - osug.cyberport.hk
+			 - signup.cyberport.hk
+			 - tryipv6.cyberport.hk
+
+		SSL peer certificate was not OK:
+			 - cyberport.hk
+			 - avshow.cyberport.hk
+			 - ccmf.cyberport.hk
+			 - cloudadmin.cyberport.hk
+			 - cupp.cyberport.hk
+			 - dece.cyberport.hk
+			 - delf.cyberport.hk
+			 - dever.cyberport.hk
+			 - ecentre.cyberport.hk
+			 - enews.cyberport.hk
+			 - exhibition.cyberport.hk
+			 - expo.cyberport.hk
+			 - friends.cyberport.hk
+			 - funland.cyberport.hk
+			 - gameon.cyberport.hk
+			 - games.cyberport.hk
+			 - gew.cyberport.hk
+			 - go.cyberport.hk
+			 - hd.cyberport.hk
+			 - innovation.cyberport.hk
+			 - internship.cyberport.hk
+			 - irc.cyberport.hk
+			 - m.cyberport.hk
+			 - offer.cyberport.hk
+			 - opendataideajam.cyberport.hk
+			 - play.cyberport.hk
+			 - webmail03.cyberport.hk
+			 - xbox.cyberport.hk
+
+		Peer certificate cannot be authenticated with given CA certificates:
+			 - arcade.cyberport.hk
+			 - icecloud.cyberport.hk
+			 - vpn.cyberport.hk
+-->
+<ruleset name="Cyberport.hk (partial)">
+	<target host="cyberport.hk" />
+	<target host="www.cyberport.hk" />
+	<target host="autodiscover.cyberport.hk" />
+	<target host="eprocure.cyberport.hk" />
+	<target host="tenantbus.cyberport.hk" />
+	<target host="webmail.cyberport.hk" />
+
+	<rule from="^http://cyberport\.hk/"
+			to="https://www.cyberport.hk/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Cyberquests.org.xml b/src/chrome/content/rules/Cyberquests.org.xml
new file mode 100644
index 000000000000..94fff1525f79
--- /dev/null
+++ b/src/chrome/content/rules/Cyberquests.org.xml
@@ -0,0 +1,5 @@
+<ruleset name="Cyberquests (Partial)">
+  <target host="quiz-uscc.cyberquests.org" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Cyberstreetwise.xml b/src/chrome/content/rules/Cyberstreetwise.xml
new file mode 100644
index 000000000000..a2b840bf7780
--- /dev/null
+++ b/src/chrome/content/rules/Cyberstreetwise.xml
@@ -0,0 +1,15 @@
+<!--
+    For other UK Government coverage, see GOV.UK.xml.
+-->
+
+<ruleset name="Cyberstreetwise">
+    <target host="cyberstreetwise.com" />
+    <target host="*.cyberstreetwise.com" />
+
+    <securecookie host=".+" name=".+"/>
+
+    <rule from="^http://cyberstreetwise\.com/"
+        to="https://www.cyberstreetwise.com/" />
+    <rule from="^http://([^/:@]+)\.cyberstreetwise\.com/"
+        to="https://$1.cyberstreetwise.com/" />
+</ruleset>
diff --git a/src/chrome/content/rules/Cybertip.ca.xml b/src/chrome/content/rules/Cybertip.ca.xml
new file mode 100644
index 000000000000..23d1cd8955e8
--- /dev/null
+++ b/src/chrome/content/rules/Cybertip.ca.xml
@@ -0,0 +1,13 @@
+<ruleset name="Cybertip.ca">
+
+	<target host="cyberaide.ca" />
+	<target host="www.cyberaide.ca" />
+	<target host="cybertip.ca" />
+	<target host="cwa.cybertip.ca" />
+	<target host="lea.cybertip.ca" />
+	<target host="www.cybertip.ca" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cyberus-Technology.de.xml b/src/chrome/content/rules/Cyberus-Technology.de.xml
new file mode 100644
index 000000000000..ad30afc3671a
--- /dev/null
+++ b/src/chrome/content/rules/Cyberus-Technology.de.xml
@@ -0,0 +1,7 @@
+<ruleset name="Cyberus-Technology.de">
+	<target host="cyberus-technology.de" />
+	<target host="www.cyberus-technology.de" />
+	<target host="blog.cyberus-technology.de" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Cyberwar.nl.xml b/src/chrome/content/rules/Cyberwar.nl.xml
new file mode 100644
index 000000000000..1e84159addb4
--- /dev/null
+++ b/src/chrome/content/rules/Cyberwar.nl.xml
@@ -0,0 +1,17 @@
+<!--
+	These altnames don't exist:
+
+		- www.blog.cyberwar.nl
+
+-->
+<ruleset name="Cyberwar.nl">
+
+	<target host="cyberwar.nl" />
+	<target host="blog.cyberwar.nl" />
+	<target host="news.cyberwar.nl" />
+	<target host="www.cyberwar.nl" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cybozu.com.xml b/src/chrome/content/rules/Cybozu.com.xml
deleted file mode 100644
index 91f7bb5c3588..000000000000
--- a/src/chrome/content/rules/Cybozu.com.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!-- This rule was automatically generated based on an HSTS
-     preload rule in the Chromium browser.  See
-     https://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.h
-     for the list of preloads.  Sites are added to the Chromium HSTS
-     preload list on request from their administrators, so HTTPS should
-     work properly everywhere on this site.
-
-     Because Chromium and derived browsers automatically force HTTPS for
-     every access to this site, this rule applies only to Firefox. -->
-<ruleset name="Cybozu.com" platform="firefox">
-<target host="cybozu.com" />
-
-<securecookie host="^cybozu\.com$" name=".+" />
-
-<rule from="^http://cybozu\.com/" to="https://cybozu.com/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Cygwin.com.xml b/src/chrome/content/rules/Cygwin.com.xml
new file mode 100644
index 000000000000..1c57d813edd0
--- /dev/null
+++ b/src/chrome/content/rules/Cygwin.com.xml
@@ -0,0 +1,17 @@
+<!--
+	For other Red Hat coverage, see Red_Hat.xml.
+-->
+<ruleset name="Cygwin.com (partial)">
+
+	<target host="cygwin.com" />
+	<target host="www.cygwin.com" />
+	<target host="ftp.cygwin.com" />
+	<target host="x.cygwin.com" />
+	<target host="xfree.cygwin.com" />
+	<target host="www.xfree.cygwin.com" />
+	<target host="xfree86.cygwin.com" />
+	<target host="www.xfree86.cygwin.com" />
+
+	<rule from="^http:"	to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cykloserver.cz.xml b/src/chrome/content/rules/Cykloserver.cz.xml
new file mode 100644
index 000000000000..592761183b7d
--- /dev/null
+++ b/src/chrome/content/rules/Cykloserver.cz.xml
@@ -0,0 +1,13 @@
+<!--
+	certificate mismatch:
+		cykloserver.cz
+-->
+<ruleset name="Cykloserver.cz">
+	<target host="cykloserver.cz" />
+	<target host="www.cykloserver.cz" />
+
+	<rule from="^http://cykloserver\.cz/"
+		to="https://www.cykloserver.cz/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Cyngn.com.xml b/src/chrome/content/rules/Cyngn.com.xml
new file mode 100644
index 000000000000..f9a821708fc8
--- /dev/null
+++ b/src/chrome/content/rules/Cyngn.com.xml
@@ -0,0 +1,47 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://account.cyngn.com/ => https://account.cyngn.com/: (6, 'Could not resolve host: account.cyngn.com')
+Fetch error: http://builds.cyngn.com/ => https://d199yez36w5w8l.cloudfront.net/: (6, 'Could not resolve host: d199yez36w5w8l.cloudfront.net')
+
+	CDN buckets:
+
+		- d199yez36w5w8l.cloudfront.net
+
+			- builds
+
+
+	Problematic hosts in *cyngn.com:
+
+		- builds *
+
+	* Cloudfront
+
+
+	Fully covered hosts in *cyngn.com:
+
+		- (www.)?
+		- account
+		- builds	(→ d199yez36w5w8l.cloudfront.net)
+
+-->
+<ruleset name="Cyngn.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="cyngn.com" />
+	<target host="account.cyngn.com" />
+	<target host="www.cyngn.com" />
+
+	<!--	Complications:
+				-->
+	<target host="builds.cyngn.com" />
+
+
+	<rule from="^http://builds\.cyngn\.com/"
+		to="https://d199yez36w5w8l.cloudfront.net/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cyphdbyhiddenbhs.onion.xml b/src/chrome/content/rules/Cyphdbyhiddenbhs.onion.xml
new file mode 100644
index 000000000000..d245a185ee37
--- /dev/null
+++ b/src/chrome/content/rules/Cyphdbyhiddenbhs.onion.xml
@@ -0,0 +1,13 @@
+<!--
+	Tor users are automatically redirected to this onion service when
+	visiting clearnet cyph.com
+
+-->
+<ruleset name="Cyphdbyhiddenbhs.onion">
+
+	<target host="cyphdbyhiddenbhs.onion" />
+	<target host="www.cyphdbyhiddenbhs.onion" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cypherpunks.ca.xml b/src/chrome/content/rules/Cypherpunks.ca.xml
new file mode 100644
index 000000000000..de7c9343a346
--- /dev/null
+++ b/src/chrome/content/rules/Cypherpunks.ca.xml
@@ -0,0 +1,27 @@
+<!--
+	No working URL known:
+		cypherpunks.ca
+		www.cypherpunks.ca
+		lists.cypherpunks.ca (403)
+		otr-help.cypherpunks.ca (403)
+
+	Bad certificate:
+		mx1.cypherpunks.ca
+		ns1.cypherpunks.ca
+		ns3.cypherpunks.ca
+
+	Secure connection failed:
+		ns2.cypherpunks.ca
+
+-->
+<ruleset name="Cypherpunks.ca">
+
+	<target host="cypherpunks.ca" />
+	<target host="www.cypherpunks.ca" />
+	<target host="lists.cypherpunks.ca" />
+	<target host="otr.cypherpunks.ca" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cyphertite.com.xml b/src/chrome/content/rules/Cyphertite.com.xml
new file mode 100644
index 000000000000..3fd210089743
--- /dev/null
+++ b/src/chrome/content/rules/Cyphertite.com.xml
@@ -0,0 +1,30 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cyphertite.com/ => https://cyphertite.com/: (6, 'Could not resolve host: cyphertite.com')
+Fetch error: http://blog.cyphertite.com/ => https://blog.cyphertite.com/: (6, 'Could not resolve host: blog.cyphertite.com')
+Fetch error: http://www.cyphertite.com/ => https://www.cyphertite.com/: (6, 'Could not resolve host: www.cyphertite.com')
+
+	For other Conformal Systems coverage, see Conformal-Systems.xml.
+
+
+	Fully covered hosts in *cyphertite.com:
+
+		- (www.)?
+		- blog
+
+-->
+<ruleset name="Cyphertite.com" default_off="failed ruleset test">
+
+	<target host="cyphertite.com" />
+	<target host="blog.cyphertite.com" />
+	<target host="www.cyphertite.com" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cypouz.com.xml b/src/chrome/content/rules/Cypouz.com.xml
new file mode 100644
index 000000000000..3750f5542786
--- /dev/null
+++ b/src/chrome/content/rules/Cypouz.com.xml
@@ -0,0 +1,20 @@
+<!--
+	No working URL known:
+		test.cypouz.com
+
+	Private subdomain:
+		wec.cypouz.com
+
+-->
+<ruleset name="cypouz.com">
+
+	<target host="cypouz.com" />
+	<target host="www.cypouz.com" />
+	<target host="photo.cypouz.com" />
+	<target host="showercounter.cypouz.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cyprus_Satellite.xml b/src/chrome/content/rules/Cyprus_Satellite.xml
index c27541548879..d124d1be4ca9 100644
--- a/src/chrome/content/rules/Cyprus_Satellite.xml
+++ b/src/chrome/content/rules/Cyprus_Satellite.xml
@@ -1,10 +1,16 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://forums.satellitecyprus.com/ => https://forums.satellitecyprus.com/: (51, "SSL: no alternative certificate subject name matches target host name 'forums.satellitecyprus.com'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://forums.satellitecyprus.com/ => https://forums.satellitecyprus.com/: (51, "SSL: no alternative certificate subject name matches target host name 'forums.satellitecyprus.com'")
 	Nonfunctional subdomains:
 
 		- (www.)	(shows default H-Sphere page; mismatched, CN: *.hostica.com)
 
 -->
-<ruleset name="Cyprus Satellite (partial)">
+<ruleset name="Cyprus Satellite (partial)" default_off="failed ruleset test">
 
 	<target host="forums.satellitecyprus.com" />
 
@@ -12,7 +18,6 @@
 	<securecookie host="^forums\.satellitecyprus\.com$" name=".+" />
 
 
-	<rule from="^http://forums\.satellitecyprus\.com/"
-		to="https://forums.satellitecyprus.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Cyscon.net.xml b/src/chrome/content/rules/Cyscon.net.xml
new file mode 100644
index 000000000000..b849c7077233
--- /dev/null
+++ b/src/chrome/content/rules/Cyscon.net.xml
@@ -0,0 +1,21 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://stats.cyscon.net/ => https://stats.cyscon.net/: (6, 'Could not resolve host: stats.cyscon.net')
+
+	(www.): dropped
+
+-->
+<ruleset name="cyscon.net (partial)" default_off="failed ruleset test">
+
+	<target host="stats.cyscon.net" />
+
+
+	<!--	Secured by server:
+					-->
+	<!--securecookie host="^stats\.cyscon\.net$" name="^PIWIK_SESSID$" /-->
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cysec_Labs.com.xml b/src/chrome/content/rules/Cysec_Labs.com.xml
new file mode 100644
index 000000000000..08a9511ed620
--- /dev/null
+++ b/src/chrome/content/rules/Cysec_Labs.com.xml
@@ -0,0 +1,20 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cyseclabs.com/ => https://cyseclabs.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.cyseclabs.com/ => https://www.cyseclabs.com/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="Cysec Labs.com" default_off="failed ruleset test">
+
+	<target host="cyseclabs.com" />
+	<target host="www.cyseclabs.com" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cyveillance.com.xml b/src/chrome/content/rules/Cyveillance.com.xml
deleted file mode 100644
index b860a4b5848d..000000000000
--- a/src/chrome/content/rules/Cyveillance.com.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!-- This rule was automatically generated based on an HSTS
-     preload rule in the Chromium browser.  See
-     https://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.h
-     for the list of preloads.  Sites are added to the Chromium HSTS
-     preload list on request from their administrators, so HTTPS should
-     work properly everywhere on this site.
-
-     Because Chromium and derived browsers automatically force HTTPS for
-     every access to this site, this rule applies only to Firefox. -->
-<ruleset name="Cyveillance.com" platform="firefox">
-<target host="www.cyveillance.com" />
-<target host="blog.cyveillance.com" />
-
-<securecookie host="^www\.cyveillance\.com$" name=".+" />
-<securecookie host="^blog\.cyveillance\.com$" name=".+" />
-
-<rule from="^http://www\.cyveillance\.com/" to="https://www.cyveillance.com/" />
-<rule from="^http://blog\.cyveillance\.com/" to="https://blog.cyveillance.com/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Czech-Technical-University-in-Prague.xml b/src/chrome/content/rules/Czech-Technical-University-in-Prague.xml
index c9555b3593d3..2a6738c9956b 100644
--- a/src/chrome/content/rules/Czech-Technical-University-in-Prague.xml
+++ b/src/chrome/content/rules/Czech-Technical-University-in-Prague.xml
@@ -1,7 +1,15 @@
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cvut.cz/ => https://www.cvut.cz/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+-->
 <ruleset name="Czech Technical University in Prague" platform="mixedcontent">
 
 	<target host="cvut.cz" />
-	<target host="*.cvut.cz" />
+	<target host="www.cvut.cz" />
+	<target host="akce.cvut.cz" />
+	<target host="helpdesk.cvut.cz" />
+	<target host="jira.cvut.cz" />
+	<target host="usermap.cvut.cz" />
 
 
 	<!--	Observed cookie domains:
@@ -12,14 +20,13 @@
 			- usermap
 			- www
 				-->
-	<securecookie host="^.*\.cvut\.cz$" name=".*" />
+	<securecookie host="^.*\.cvut\.cz$" name=".+" />
 
 
 	<!--	Cert only matches www.	-->
-	<rule from="^https?://(?:www\.)?cvut\.cz/"
+	<rule from="^http://(?:www\.)?cvut\.cz/"
 		to="https://www.cvut.cz/" />
 
-	<rule from="^http://(akce|helpdesk|jira|usermap)\.cvut\.cz/"
-		to="https://$1.cvut.cz/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/D-Technology-Weblog.xml b/src/chrome/content/rules/D-Technology-Weblog.xml
index 20a5023d263b..921fc2c33cc7 100644
--- a/src/chrome/content/rules/D-Technology-Weblog.xml
+++ b/src/chrome/content/rules/D-Technology-Weblog.xml
@@ -1,4 +1,4 @@
-<ruleset name="D' Technology Weblog" default_off="mismatch">
+<ruleset name="D' Technology Weblog" default_off="mismatched">
 
 	<!--	Cert: *.gridserver.com	-->
 	<target host="ditii.com" />
@@ -6,7 +6,7 @@
 
 
 	<!--	!www redirects to www.	-->
-	<rule from="^https?://(?:www\.)?ditii\.com/"
+	<rule from="^http://(?:www\.)?ditii\.com/"
 		to="https://www.ditii.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/D.me.xml b/src/chrome/content/rules/D.me.xml
new file mode 100644
index 000000000000..01ea055aede6
--- /dev/null
+++ b/src/chrome/content/rules/D.me.xml
@@ -0,0 +1,29 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://d.me/ => https://delicious.com/: (6, 'Could not resolve host: delicious.com')
+
+	For other Delicious coverage, see Delicious.xml.
+
+
+	Problematic domains:
+
+		- d.me			(mismatched, CN: *.delicious.com)
+
+
+	Fully covered domains:
+
+		- d.me		(→ delicious.com)
+
+-->
+<ruleset name="D.me" default_off="failed ruleset test">
+
+	<!--	Complications:
+				-->
+	<target host="d.me" />
+
+
+	<rule from="^http://d\.me/"
+		to="https://delicious.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/D.pr.xml b/src/chrome/content/rules/D.pr.xml
new file mode 100644
index 000000000000..81229b1cf600
--- /dev/null
+++ b/src/chrome/content/rules/D.pr.xml
@@ -0,0 +1,16 @@
+<!--
+	For other Droplr coverage, see Droplr.xml.
+
+-->
+<ruleset name="D.pr">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="d.pr" />
+	<target host="www.d.pr" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/D0wn.biz.xml b/src/chrome/content/rules/D0wn.biz.xml
new file mode 100644
index 000000000000..0fe1c6054747
--- /dev/null
+++ b/src/chrome/content/rules/D0wn.biz.xml
@@ -0,0 +1,12 @@
+<ruleset name="d0wn.biz">
+
+	<target host="d0wn.biz" />
+	<target host="dns.d0wn.biz" />
+	<target host="www.d0wn.biz" />
+
+	<securecookie host="^d0wn\.biz$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/D2jsp.org.xml b/src/chrome/content/rules/D2jsp.org.xml
new file mode 100644
index 000000000000..a868fdfb1941
--- /dev/null
+++ b/src/chrome/content/rules/D2jsp.org.xml
@@ -0,0 +1,18 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://d2jsp.com/ => https://d2jsp.com/: Too many redirects while fetching 'https://d2jsp.com/'
+Fetch error: http://www.d2jsp.com/ => https://www.d2jsp.com/: Too many redirects while fetching 'https://www.d2jsp.com/'
+
+-->
+<ruleset name="D2jsp.org" default_off="failed ruleset test">
+	<target host="d2jsp.org" />
+	<target host="www.d2jsp.org" />
+	<target host="d2jsp.com" />
+	<target host="www.d2jsp.com" />
+	<target host="ladderslasher.d2jsp.org" />
+	<target host="forums.d2jsp.org" />
+	<target host="games.d2jsp.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/D3.ru.xml b/src/chrome/content/rules/D3.ru.xml
new file mode 100644
index 000000000000..f1769e727e47
--- /dev/null
+++ b/src/chrome/content/rules/D3.ru.xml
@@ -0,0 +1,80 @@
+<!--
+	Other d3 rulesets:
+
+
+
+	Observed working hosts in *d3.ru:
+
+		- (www.)?
+		- 911
+		- america
+		- atheism
+		- avia
+		- bicycle
+		- cosmos
+		- football
+		- fuckscience
+		- gertruda
+		- gif
+		- goodwin
+		- historyporn
+		- img
+		- kucha
+		- kunst
+		- medicine
+		- neuroscience
+		- nostalgy
+		- physics
+		- politota
+		- psychology
+		- science
+		- story
+		- together
+		- weapons
+		- xepnya
+		- ya_morskaya_ulitochka
+		- zdorov
+
+-->
+<ruleset name="d3.ru">
+
+	<target host="d3.ru" />
+	<target host="*.d3.ru" />
+
+		<!--	Direct rewrites:
+					-->
+		<test url="http://911.d3.ru/" />
+		<test url="http://america.d3.ru/" />
+		<test url="http://atheism.d3.ru/" />
+		<test url="http://avia.d3.ru/" />
+		<test url="http://bicycle.d3.ru/" />
+		<test url="http://cosmos.d3.ru/" />
+		<test url="http://football.d3.ru/" />
+		<test url="http://fuckscience.d3.ru/" />
+		<test url="http://geology.d3.ru/" />
+		<test url="http://gertruda.d3.ru/" />
+		<test url="http://gif.d3.ru/" />
+		<test url="http://goodwin.d3.ru/" />
+		<test url="http://historyporn.d3.ru/" />
+		<test url="http://img.d3.ru/" />
+		<test url="http://kucha.d3.ru/" />
+		<test url="http://kunst.d3.ru/" />
+		<test url="http://medicine.d3.ru/" />
+		<test url="http://neuroscience.d3.ru/" />
+		<test url="http://nostalgy.d3.ru/" />
+		<test url="http://physics.d3.ru/" />
+		<test url="http://politota.d3.ru/" />
+		<test url="http://psychology.d3.ru/" />
+		<test url="http://science.d3.ru/" />
+		<test url="http://story.d3.ru/" />
+		<test url="http://together.d3.ru/" />
+		<test url="http://weapons.d3.ru/" />
+		<test url="http://www.d3.ru/" />
+		<test url="http://xepnya.d3.ru/" />
+		<test url="http://zdorov.d3.ru/" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/D4design_Studios.com.xml b/src/chrome/content/rules/D4design_Studios.com.xml
index 0b3bd449033e..a0ddc7669c59 100644
--- a/src/chrome/content/rules/D4design_Studios.com.xml
+++ b/src/chrome/content/rules/D4design_Studios.com.xml
@@ -14,7 +14,7 @@
 <ruleset name="D4design Studios.com (false MCB)" platform="mixedcontent">
 
 	<target host="d4designstudios.com" />
-	<target host="*.d4designstudios.com" />
+	<target host="www.d4designstudios.com" />
 
 
 	<securecookie host="^(?:www)?\.d4designstudios\.com$" name=".+" />
diff --git a/src/chrome/content/rules/DABBank.xml b/src/chrome/content/rules/DABBank.xml
index e85633f82fe8..4852d6ba1f9a 100644
--- a/src/chrome/content/rules/DABBank.xml
+++ b/src/chrome/content/rules/DABBank.xml
@@ -1,4 +1,33 @@
+<!--
+	Invalid certificate:
+		dab-bank.de
+		adac.dab-bank.de
+		ame.dab-bank.de
+		b2ct2.dab-bank.de
+		boerset1.dab-bank.de
+		boerset2.dab-bank.de
+		microsites.dab-bank.de
+		push.dab-bank.de
+
+	No working URL known:
+		extis.dab-bank.de
+
+	Time out:
+		jobs.dab-bank.de
+
+-->
 <ruleset name="DAB Bank">
-  <target host="*.dab-bank.de" />
-  <rule from="^http://([^/:@\.]+)\.dab-bank\.de/" to="https://$1.dab-bank.de/"/>
+
+	<target host="dab-bank.de" />
+	<target host="www.dab-bank.de" />
+	<target host="b2b.dab-bank.de" />
+	<target host="b2b-start.dab-bank.de" />
+	<target host="boerse.dab-bank.de" />
+	<target host="media.dab-bank.de" />
+
+	<rule from="^http://dab-bank\.de/"
+		to="https://www.dab-bank.de/" />
+
+	<rule from="^http:" to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/DAConsortium.xml b/src/chrome/content/rules/DAConsortium.xml
index 70b30ee9baec..152781e22455 100644
--- a/src/chrome/content/rules/DAConsortium.xml
+++ b/src/chrome/content/rules/DAConsortium.xml
@@ -22,7 +22,6 @@
 
 	<!--	!www doesn't exist.
 					-->
-	<rule from="^http://www\.dac\.co\.jp/"
-		to="https://www.dac.co.jp/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/DALnet.xml b/src/chrome/content/rules/DALnet.xml
index 83cff6832f0c..7a6b8e3a584f 100644
--- a/src/chrome/content/rules/DALnet.xml
+++ b/src/chrome/content/rules/DALnet.xml
@@ -4,7 +4,7 @@
   <target host="inspiration.dal.net"/>
   <target host="users.dal.net"/>
 
-  <securecookie host="^(.+\.)?dal\.net$" name=".*"/>
+  <securecookie host="^(?:.+\.)?dal\.net$" name=".+" />
 
   <rule from="^http://(?:www\.)?dal\.net/" to="https://www.dal.net/"/>
   <rule from="^http://(inspiration|users)\.dal\.net/" to="https://$1.dal.net/"/>
diff --git a/src/chrome/content/rules/DAR.fm.xml b/src/chrome/content/rules/DAR.fm.xml
index 0fc624744ff1..2d553b8a25dd 100644
--- a/src/chrome/content/rules/DAR.fm.xml
+++ b/src/chrome/content/rules/DAR.fm.xml
@@ -1,14 +1,38 @@
-<ruleset name="DAR.fm">
+<!--
+	Problematic hosts in *dar.fm:
+
+		- api ᵐ
+
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- dar.fm
+		- .dar.fm
+		- www.dar.fm
+
+
+	Mixed content:
+
+		- Images from various domains
+
+-->
+<ruleset name="DAR.fm (partial)">
 
 	<target host="dar.fm" />
-	<!--	* for cross-domain cookie.	-->
-	<target host="*.dar.fm" />
+	<target host="www.dar.fm" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?dar\.fm$" name="^app_sell$" /-->
+	<!--securecookie host="^\.dar\.fm$" name="^PHPSESSID$" /-->
 
+	<securecookie host=".+" name=".+" />
 
-	<securecookie host="^(.*\.)?dar\.fm$" name=".*" />
-	
 
-	<rule from="^http://(www\.)?dar\.fm/"
-		to="https://$1dar.fm/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/DARC.de.xml b/src/chrome/content/rules/DARC.de.xml
new file mode 100644
index 000000000000..df4a88763ebe
--- /dev/null
+++ b/src/chrome/content/rules/DARC.de.xml
@@ -0,0 +1,20 @@
+<!--
+	This domain contains a wildcard DNS record.
+-->
+<ruleset name="DARC.de (partial)">
+
+	<target host="darc.de" />
+	<target host="www.darc.de" />
+	<target host="contest.darc.de" />
+	<target host="www.contest.darc.de" />
+	<target host="files.darc.de" />
+	<target host="files2.darc.de" />
+	<target host="forum.darc.de" />
+	<target host="forum2.darc.de" />
+	<target host="lists.darc.de" />
+	<target host="otrs.darc.de" />
+	<target host="relaislisten.darc.de" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DARCH.ch.xml b/src/chrome/content/rules/DARCH.ch.xml
new file mode 100644
index 000000000000..695272068d20
--- /dev/null
+++ b/src/chrome/content/rules/DARCH.ch.xml
@@ -0,0 +1,13 @@
+<!--
+	For other ETH Zürich coverage, see ETH_Zurich.xml.
+
+-->
+<ruleset name="DARCH.ch" default_off="broken">
+
+	<target host="darch.ch" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DATACM.com.xml b/src/chrome/content/rules/DATACM.com.xml
new file mode 100644
index 000000000000..f6d4932223e8
--- /dev/null
+++ b/src/chrome/content/rules/DATACM.com.xml
@@ -0,0 +1,22 @@
+<!--
+	Connection refused:
+		- datacm.com, equivalent to www.datacm.com
+
+	Connection reset:
+		- www2.datacm.com
+
+	Wrong server:
+		- dol.datacm.com
+-->
+
+<ruleset name="DATACM.com">
+	<target host="datacm.com" />
+	<target host="www.datacm.com" />
+	<target host="secure10.datacm.com" />
+	<target host="transfer.datacm.com" />
+
+	<rule from="^http://datacm\.com/"
+		to="https://www.datacm.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/DATART.xml b/src/chrome/content/rules/DATART.xml
new file mode 100644
index 000000000000..761fd9619bda
--- /dev/null
+++ b/src/chrome/content/rules/DATART.xml
@@ -0,0 +1,22 @@
+<ruleset name="DATART INTERNATIONAL a.s.">
+    <target host="datart.cz" />
+    <target host="www.datart.cz" />
+    <target host="aukce.datart.cz" />
+    <target host="cloud.datart.cz" />
+    <target host="instalace.datart.cz" />
+    <target host="ipad.datart.cz" />
+    <target host="itutor.datart.cz" />
+    <target host="m.datart.cz" />
+    <target host="moderni-domacnost.datart.cz" />
+    <target host="portal.datart.cz" />
+    <target host="red.datart.cz" />
+    <target host="datart.sk" />
+    <target host="www.datart.sk" />
+    <target host="aukcie.datart.sk" />
+    <target host="instalacie.datart.sk" />
+    <target host="m.datart.sk" />
+    <target host="moderna-domacnost.datart.sk" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/DAVE.org.uk.xml b/src/chrome/content/rules/DAVE.org.uk.xml
new file mode 100644
index 000000000000..f564cf0295d9
--- /dev/null
+++ b/src/chrome/content/rules/DAVE.org.uk.xml
@@ -0,0 +1,21 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+			 - cookingvinyl.dave.org.uk
+			 - stuff.dave.org.uk
+			 - wasted.dave.org.uk
+
+		Peer certificate cannot be authenticated with given CA certificates:
+			 - family.dave.org.uk
+			 - gigs.dave.org.uk
+-->
+<ruleset name="Dave.org.uk">
+	<target host="dave.org.uk" />
+		<test url="http://dave.org.uk/wp-content/themes/twentyseventeen/assets/js/global.js?ver=1.0" />
+	<target host="www.dave.org.uk" />
+		<test url="http://www.dave.org.uk/wp-content/themes/twentyseventeen/assets/js/global.js?ver=1.0" />
+	<target host="blog.dave.org.uk" />
+	<target host="towerbridge.dave.org.uk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/DB-IP.com.xml b/src/chrome/content/rules/DB-IP.com.xml
new file mode 100644
index 000000000000..fcd3aa09dfd9
--- /dev/null
+++ b/src/chrome/content/rules/DB-IP.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="DB-IP.com">
+
+	<target host="db-ip.com" />
+	<target host="www.db-ip.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DBA.dk.xml b/src/chrome/content/rules/DBA.dk.xml
new file mode 100644
index 000000000000..e30268eca9a5
--- /dev/null
+++ b/src/chrome/content/rules/DBA.dk.xml
@@ -0,0 +1,42 @@
+<!--
+	Non-functional subdomains:
+
+		- admanageradmin	(t)
+		- autodiscover	(r)
+		- support	(i)
+		- tsgw	(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+
+	Host has wildcard DNS
+-->
+<ruleset name="DBA.dk">
+
+	<target host="dba.dk" />
+	<target host="www.dba.dk" />
+	<target host="admanager.dba.dk" />
+	<target host="api.dba.dk" />
+	<target host="blog.dba.dk" />
+	<target host="casapi.dba.dk" />
+	<target host="guide.dba.dk" />
+	<target host="gw.dba.dk" />
+	<target host="info.dba.dk" />
+	<target host="kampagne.dba.dk" />
+	<target host="listingconsole-backend.dba.dk" />
+	<target host="login.dba.dk" />
+	<target host="m.dba.dk" />
+	<target host="search.dba.dk" />
+	<target host="sikkerhed.dba.dk" />
+	<target host="umbracoadmin.dba.dk" />
+	<target host="umbracoadmin-guide.dba.dk" />
+	<target host="umbracoadmin-sikkerhed.dba.dk" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/DBS.xml b/src/chrome/content/rules/DBS.xml
new file mode 100644
index 000000000000..071831e1088e
--- /dev/null
+++ b/src/chrome/content/rules/DBS.xml
@@ -0,0 +1,35 @@
+<ruleset name="DBS">
+
+<!-- Global -->
+	<target host="www.dbs.com" />
+	<target host="dbs.com" />
+	<target host="rewards.dbs.com" />
+	<target host="careers.dbs.com" />
+
+<!-- China -->
+	<target host="www.dbs.com.cn" />
+	<target host="dbs.com.cn" />
+
+<!-- Hong Kong -->
+	<target host="www.dbs.com.hk" />
+	<target host="dbs.com.hk" />
+	<target host="cards.dbs.com.hk" />
+
+<!-- Singapore -->
+	<target host="www.dbs.com.sg" />
+	<target host="dbs.com.sg" />
+	<target host="internet-banking.dbs.com.sg" />
+
+<!-- Taiwan -->
+	<target host="www.dbs.com.tw" />
+	<target host="dbs.com.tw" />
+	<target host="internet-banking.dbs.com.tw" />
+
+
+	<rule from="^http://(?:www\.)?dbs\.([^/:@]+)/"
+	to="https://www.dbs.$1/" />
+
+	<rule from="^http:"
+	to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DBforums.xml b/src/chrome/content/rules/DBforums.xml
index 9c57704001d5..4f89fa66b763 100644
--- a/src/chrome/content/rules/DBforums.xml
+++ b/src/chrome/content/rules/DBforums.xml
@@ -1,13 +1,37 @@
-<ruleset name="dBforums">
+<!--
+	For other iNET Interactive coverage, see INet-Interactive.xml.
+
+
+	NB: Server sends no certificate chain, see https://whatsmychaincert.com
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.dbforums.com
+
+
+	Mixed content:
+
+		- css from $self *
+		- Images from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="dBforums.com" default_off="cert-chain" platform="mixedcontent">
 
 	<target host="dbforums.com" />
-	<target host="*.dbforums.com" />
+	<target host="www.dbforums.com" />
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.dbforums\.com$" name="^(?:page_count|suppress_news_overlay)$" /-->
 
 	<securecookie host="^(?:www)?\.dbforums\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?dbforums\.com/"
-		to="https://$1dbforums.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/DC801.org.xml b/src/chrome/content/rules/DC801.org.xml
new file mode 100644
index 000000000000..6aa6804164d1
--- /dev/null
+++ b/src/chrome/content/rules/DC801.org.xml
@@ -0,0 +1,9 @@
+<ruleset name="DC801.org">
+
+	<target host="dc801.org" />
+	<target host="www.dc801.org" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DCCC.org.xml b/src/chrome/content/rules/DCCC.org.xml
new file mode 100644
index 000000000000..4888b00396c0
--- /dev/null
+++ b/src/chrome/content/rules/DCCC.org.xml
@@ -0,0 +1,24 @@
+<!--
+	Fully covered subdomains:
+
+		- (www.)?
+		- action
+
+
+	Mixed content:
+
+		- Image on ^ from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="DCCC.org">
+
+	<target host="dccc.org" />
+	<target host="action.dccc.org" />
+	<target host="www.dccc.org" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DC_Comics.com.xml b/src/chrome/content/rules/DC_Comics.com.xml
index b0f3d34e2c97..fb789797ace4 100644
--- a/src/chrome/content/rules/DC_Comics.com.xml
+++ b/src/chrome/content/rules/DC_Comics.com.xml
@@ -1,16 +1,36 @@
 <!--
-	- Expired 2010-09-02
-	- CN: *.acquia-sites.com
-	- ^dccomics.com: dropped
+	Non-functional hosts
+		Couldn't connect to server:
+		- media.dccomics.com
 
--->
-<ruleset name="DC Comics.com" default_off="expired, mismatched, self-signed">
+		Timeout was reached:
+		- assets.dccomics.com
 
+		SSL peer certificate was not OK:
+		- dccomics.com
+		- batmanvsuperman.dccomics.com
+		- dcu.blog.dccomics.com
+		- mad.blog.dccomics.com
+		- vertigo.blog.dccomics.com
+		- wildstorm.blog.dccomics.com
+		- zuda.blog.dccomics.com
+		- dcublog.dccomics.com
+		- experienceatlantis.dccomics.com
+		- jointheleague.dccomics.com
+		- beta.jointheleague.dccomics.com
+		- dev.jointheleague.dccomics.com
+		- promo.dccomics.com
+		- read.dccomics.com
+		- www.read.dccomics.com
+-->
+<ruleset name="DC Comics.com">
 	<target host="dccomics.com" />
 	<target host="www.dccomics.com" />
+	<target host="dcpowervisa.dccomics.com" />
+	<target host="subscriptions.dccomics.com" />
 
-
-	<rule from="^http://(?:www\.)?dccomics\.com/"
+	<rule from="^http://dccomics\.com/"
 		to="https://www.dccomics.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/DC_Power.eu.xml b/src/chrome/content/rules/DC_Power.eu.xml
deleted file mode 100644
index 520f90f59336..000000000000
--- a/src/chrome/content/rules/DC_Power.eu.xml
+++ /dev/null
@@ -1,26 +0,0 @@
-<!--
-	Mixed content:
-
-		- css, on ^ from:
-
-			- ^ *
-			- fonts.googleapis.com *
-
-		- Images on ^ from ^ *
-
-	* Secured by us
-
--->
-<ruleset name="DC Power.eu (false MCB)" platform="mixedcontent">
-
-	<target host="dcpower.eu" />
-	<target host="*.dcpower.eu" />
-
-
-	<securecookie host="^(?:w*\.)?dcpower\.eu$" name=".+" />
-
-
-	<rule from="^http://(www\.)?dcpower\.eu/"
-		to="https://$1dcpower.eu/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/DC_Vote.org.xml b/src/chrome/content/rules/DC_Vote.org.xml
new file mode 100644
index 000000000000..7937308909fb
--- /dev/null
+++ b/src/chrome/content/rules/DC_Vote.org.xml
@@ -0,0 +1,22 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://dcvote.org/ => https://dcvote.org/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.dcvote.org/ => https://www.dcvote.org/: (60, 'SSL certificate problem: certificate has expired')
+
+	Mixed content:
+
+		- Images from ^ *
+
+	* Secured by us
+
+-->
+<ruleset name="DC Vote.org" default_off="failed ruleset test">
+
+	<target host="dcvote.org" />
+	<target host="www.dcvote.org" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DD-WRT.xml b/src/chrome/content/rules/DD-WRT.xml
index b2d442c541ef..292fa8e0f08f 100644
--- a/src/chrome/content/rules/DD-WRT.xml
+++ b/src/chrome/content/rules/DD-WRT.xml
@@ -1,36 +1,32 @@
 <!--
-	Problematic subdomains:
+	For problematic rules, see dd-wrt.com.xml.
 
-		- (www.) *
-		- shop *
 
-	* Works, cert only matches secure
+	Problematic hosts in *dd-wrt.com:
 
+		- svn ᵐ ˢ
 
-	Partially covered subdomains:
-
-		- shop		(→ www)
-
-
-	Fully covered subdomains:
-
-		- (www.)	(→ secure)
-		- secure
+	ᵐ Mismatched
+	ˢ Self-signed
 
 -->
-<ruleset name="DD-WRT">
+<ruleset name="DD-WRT.com (partial)">
 
 	<target host="dd-wrt.com" />
-	<target host="*.dd-wrt.com" />
+	<target host="secure.dd-wrt.com" />
+	<target host="shop.dd-wrt.com" />
+	<target host="www.dd-wrt.com" />
 
+		<test url="http://dd-wrt.com/site/"/>
+		<test url="http://shop.dd-wrt.com/site/"/>
+		<test url="http://www.dd-wrt.com/wiki/"/>
+		<test url="http://www.dd-wrt.com/phpBB2"/>
 
-	<securecookie host=".*\.dd-wrt\.com$" name=".+" />
 
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(?:secure\.|www\.)?dd-wrt\.com/"
-		to="https://secure.dd-wrt.com/" />
 
-	<rule from="^http://shop\.dd-wrt\.com/(\?.*)?$"
-		to="https://secure.dd-wrt.com/shop/catalog/$1" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/DD4.com.xml b/src/chrome/content/rules/DD4.com.xml
new file mode 100644
index 000000000000..839b10df2b1c
--- /dev/null
+++ b/src/chrome/content/rules/DD4.com.xml
@@ -0,0 +1,27 @@
+<!--
+	Non-functional subdomains:
+		- member	(e)
+		- payment	(e)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="DD4.com">
+
+	<target host="dd4.com" />
+	<target host="www.dd4.com" />
+	<target host="image.dd4.com" />
+	<target host="mer.dd4.com" />
+	<target host="old.dd4.com" />
+	<target host="seller.dd4.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/DDM_CDN.com.xml b/src/chrome/content/rules/DDM_CDN.com.xml
new file mode 100644
index 000000000000..112056129fd1
--- /dev/null
+++ b/src/chrome/content/rules/DDM_CDN.com.xml
@@ -0,0 +1,23 @@
+<!--
+	r: cloudfront, unknown bucket ID.
+
+-->
+<ruleset name="DDM CDN.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="fusion.ddmcdn.com" />
+	<target host="static.ddmcdn.com" />
+
+	<!--	Complications:
+				-->
+	<!--target host="r.ddmcdn.com" /-->
+
+
+	<!--rule from="^http://r\.ddmcdn\.com/"
+		to="https://???.cloudfront.net/" /-->
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DDS2DDS.com.xml b/src/chrome/content/rules/DDS2DDS.com.xml
new file mode 100644
index 000000000000..61c3d27b86e0
--- /dev/null
+++ b/src/chrome/content/rules/DDS2DDS.com.xml
@@ -0,0 +1,25 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://dds2dds.com/ => https://dds2dds.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.dds2dds.com/ => https://www.dds2dds.com/: (28, 'Connection timed out after 20000 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://kaizencrossfit.com/ => https://kaizencrossfit.com/: (51, "SSL: no alternative certificate subject name matches target host name 'kaizencrossfit.com'")
+-->
+<ruleset name="DDS2DDS.com" default_off="failed ruleset test">
+
+	<target host="dds2dds.com" />
+	<target host="www.dds2dds.com" />
+	<target host="kaizencrossfit.com" />
+	<target host="www.kaizencrossfit.com" />
+
+
+	<!--	Server doesn't set Secure for:
+						-->
+	<securecookie host="^(?:w*\.)?(?:dds2dds|kaizencrossfit)\.com$" name=".+" />
+
+
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/DDoSBreak.com.xml b/src/chrome/content/rules/DDoSBreak.com.xml
index 41a7409c3f58..2784cf7d33ee 100644
--- a/src/chrome/content/rules/DDoSBreak.com.xml
+++ b/src/chrome/content/rules/DDoSBreak.com.xml
@@ -1,4 +1,11 @@
-<ruleset name="DDoSBreak.com">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ddosbreak.com/ => https://ddosbreak.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://www.ddosbreak.com/ => https://www.ddosbreak.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+
+-->
+<ruleset name="DDoSBreak.com" default_off="failed ruleset test">
 
 	<target host="ddosbreak.com" />
 	<target host="www.ddosbreak.com" />
@@ -7,7 +14,6 @@
 	<securecookie host="^(?:www\.)?ddosbreak\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?ddosbreak\.com/"
-		to="https://$1ddosbreak.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/DE-CIX.xml b/src/chrome/content/rules/DE-CIX.xml
index 2d2e803eb0b7..0c962c59a0ee 100644
--- a/src/chrome/content/rules/DE-CIX.xml
+++ b/src/chrome/content/rules/DE-CIX.xml
@@ -11,7 +11,7 @@
 
     <exclusion pattern="^http://lg\.de-cix\.net" />
 
-    <rule from="^https?://de-cix\.net/"
+    <rule from="^http://de-cix\.net/"
         to="https://www.de-cix.net/" />
     <rule from="^http://([^/:@]+)?\.de-cix\.net/"
         to="https://$1.de-cix.net/" />
diff --git a/src/chrome/content/rules/DEALZON.com.xml b/src/chrome/content/rules/DEALZON.com.xml
new file mode 100644
index 000000000000..305bbf1b0df8
--- /dev/null
+++ b/src/chrome/content/rules/DEALZON.com.xml
@@ -0,0 +1,13 @@
+<!--
+	Non-functional hosts
+		SSL connect error:
+			 - go.dealzon.com
+-->
+<ruleset name="DEALZON.com">
+	<target host="dealzon.com" />
+	<target host="www.dealzon.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/DEALZON.xml b/src/chrome/content/rules/DEALZON.xml
deleted file mode 100644
index 207d5288bd38..000000000000
--- a/src/chrome/content/rules/DEALZON.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<ruleset name="DEALZON" default_off="self-signed">
-
-	<target host="dealzon.com"/>
-	<target host="www.dealzon.com"/>
-
-	<securecookie host="^dealzon\.com$" name=".*"/>
-
-	<rule from="^http://(?:www\.)?dealzon\.com/"
-		to="https://dealzon.com/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/DEDRA.cz.xml b/src/chrome/content/rules/DEDRA.cz.xml
new file mode 100644
index 000000000000..8422e2dc3414
--- /dev/null
+++ b/src/chrome/content/rules/DEDRA.cz.xml
@@ -0,0 +1,7 @@
+<ruleset name="Vase DEDRA s.r.o.">
+    <target host="dedra.cz" />
+    <target host="www.dedra.cz" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/DEEWR.xml b/src/chrome/content/rules/DEEWR.xml
new file mode 100644
index 000000000000..e74bdabffbe8
--- /dev/null
+++ b/src/chrome/content/rules/DEEWR.xml
@@ -0,0 +1,13 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://prisms.deewr.gov.au/ => https://prisms.deewr.gov.au/: (51, "SSL: no alternative certificate subject name matches target host name 'prisms.deewr.gov.au'")
+
+-->
+<ruleset name="DEEWR" default_off="failed ruleset test">
+	<target host="prisms.deewr.gov.au" />
+	<target host="www.prisms.deewr.gov.au" />
+
+	<rule from="^http://(?:www\.)?prisms\.deewr\.gov\.au/"
+		to="https://prisms.deewr.gov.au/" />
+</ruleset>
diff --git a/src/chrome/content/rules/DEMO.xml b/src/chrome/content/rules/DEMO.xml
index c67333c79767..685f384bafe4 100644
--- a/src/chrome/content/rules/DEMO.xml
+++ b/src/chrome/content/rules/DEMO.xml
@@ -2,17 +2,17 @@
 	For other IDG coverage, see IDG.se.xml.
 
 -->
-<ruleset name="DEMO" default_off="mismatch">
+<ruleset name="DEMO" default_off="mismatched">
 
 	<!--	Cert: www.eiseverywhere.com	-->
 	<target host="demo.com" />
 	<target host="www.demo.com" />
 
 
-	<securecookie host="^demo\.com$" name=".*" />
+	<securecookie host="^demo\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?demo\.com/"
+	<rule from="^http://(?:www\.)?demo\.com/"
 		to="https://demo.com/$1/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/DENX.de.xml b/src/chrome/content/rules/DENX.de.xml
index dda0d856ce6a..6adc4d66ab57 100644
--- a/src/chrome/content/rules/DENX.de.xml
+++ b/src/chrome/content/rules/DENX.de.xml
@@ -1,19 +1,34 @@
 <!--
-	Problematic subdomains:
+	Different HTTP/HTTPS content:
+		- ftp.denx.de
+		- ns.denx.de
+		- theia.denx.de
 
-		- ^	(cert only matches www)
+	Invalid certificate:
+		- ns2.denx.de
+		- phoibe.denx.de
 
--->
-<ruleset name="DENX.de" default_off="self-signed">
-
-	<target host="denx.de" />
-	<target host="www.denx.de" />
+	Login required:
+		- gitlab.denx.de
+		- owncloud.denx.de
 
+	MCB:
+		- theia.denx.de
 
-	<securecookie host="^www\.denx\.de$" name=".+" />
+	Passive mixed content:
+		- denx.de
+		- www.denx.de
+		- theia.denx.de
 
+	Service unavailable:
+		- jabber.denx.de
+-->
+<ruleset name="DENX.de">
+	<target host="denx.de" />
+	<target host="www.denx.de" />
+	<target host="git.denx.de" />
+	<target host="lists.denx.de" />
+	<target host="themis.denx.de" />
 
-	<rule from="^http://(?:www\.)?denx\.de/"
-		to="https://www.denx.de/" />
-
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/DF.eu.xml b/src/chrome/content/rules/DF.eu.xml
new file mode 100644
index 000000000000..d7ff1889228c
--- /dev/null
+++ b/src/chrome/content/rules/DF.eu.xml
@@ -0,0 +1,13 @@
+<ruleset name="DF.eu">
+
+	<target host="df.eu" />
+	<target host="www.df.eu" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DFN-CERT.de.xml b/src/chrome/content/rules/DFN-CERT.de.xml
new file mode 100644
index 000000000000..98db672254df
--- /dev/null
+++ b/src/chrome/content/rules/DFN-CERT.de.xml
@@ -0,0 +1,15 @@
+<!--
+	^dfn-cert.de doesn't exist.
+
+-->
+<ruleset name="DFN-CERT.de">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.dfn-cert.de" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DFTBA_Records.xml b/src/chrome/content/rules/DFTBA_Records.xml
index 7654f1593500..2a482fa5a5e1 100644
--- a/src/chrome/content/rules/DFTBA_Records.xml
+++ b/src/chrome/content/rules/DFTBA_Records.xml
@@ -1,13 +1,12 @@
 <ruleset name="DFTBA Records">
 
 	<target host="dftba.com" />
-	<target host="*.dftba.com" />
+	<target host="www.dftba.com" />
 
 
 	<securecookie host="^\.dftba\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?dftba\.com/"
-		to="https://$1dftba.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/DFiles.eu.xml b/src/chrome/content/rules/DFiles.eu.xml
new file mode 100644
index 000000000000..4eeefb12907f
--- /dev/null
+++ b/src/chrome/content/rules/DFiles.eu.xml
@@ -0,0 +1,21 @@
+<!--
+	For other Deposit Files coverage, see Deposit-Files.xml.
+
+-->
+<ruleset name="DFiles.eu">
+
+	<target host="dfiles.eu" />
+	<target host="*.dfiles.eu" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.dfiles\.eu$" name="^(referer|uprand)$" /-->
+
+	<securecookie host="^\.dfiles\.eu$" name=".+" />
+
+
+	<rule from="^http://(static\d+\.|www\.)?dfiles\.eu/"
+		to="https://$1dfiles.eu/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DGEX.com.xml b/src/chrome/content/rules/DGEX.com.xml
new file mode 100644
index 000000000000..8c2eb635ebef
--- /dev/null
+++ b/src/chrome/content/rules/DGEX.com.xml
@@ -0,0 +1,30 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://dgex.com/ => https://dgex.com/: (28, 'Operation timed out after 30007 milliseconds with 0 bytes received')
+Fetch error: http://www.dgex.com/ => https://www.dgex.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+
+	Insecure cookies are set for these
+
+		- .dgex.com
+
+-->
+<ruleset name="DGEX.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="dgex.com" />
+	<target host="www.dgex.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.dgex\.com$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.dgex\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DGzRS_Die_Seenotretter.xml b/src/chrome/content/rules/DGzRS_Die_Seenotretter.xml
new file mode 100644
index 000000000000..5b1abc650481
--- /dev/null
+++ b/src/chrome/content/rules/DGzRS_Die_Seenotretter.xml
@@ -0,0 +1,32 @@
+<!--
+	Invalid certificate:
+		bootstour.seenotretter.de
+		newsletter.seenotretter.de
+		www.werde.seenotretter.de
+
+	Timeout:
+		mx0.sicher-auf-see.de
+-->
+<ruleset name="DGzRS Die Seenotretter">
+
+	<target host="seenotretter.de" />
+	<target host="www.seenotretter.de" />
+	<target host="intra.seenotretter.de" />
+	<target host="intranet.seenotretter.de" />
+	<target host="m.seenotretter.de" />
+	<target host="mosaik.seenotretter.de" />
+	<target host="safetrx.seenotretter.de" />
+	<target host="sites.seenotretter.de" />
+	<target host="spenden.seenotretter.de" />
+	<target host="test.seenotretter.de" />
+	<target host="testament.seenotretter.de" />
+	<target host="werde.seenotretter.de" />
+
+	<!-- Sicher auf See -->
+	<target host="sicher-auf-see.de" />
+	<target host="www.sicher-auf-see.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/DHL.de.xml b/src/chrome/content/rules/DHL.de.xml
index 9872ff69ea1e..f3379e4aa548 100644
--- a/src/chrome/content/rules/DHL.de.xml
+++ b/src/chrome/content/rules/DHL.de.xml
@@ -1,9 +1,19 @@
 <ruleset name="DHL.de" platform="mixedcontent">
   <target host="dhl.de"/>
-  <target host="*.dhl.de"/>
+  <target host="www.dhl.de"/>
+  <target host="mobil.dhl.de"/>
+  <target host="mobile.dhl.de"/>
+  <target host="nolp.dhl.de"/>
+  <target host="nolb.dhl.de"/>
+  <target host="partner.dhl.de"/>
+  <target host="entwickler.dhl.de"/>
+  <target host="fcm.dhl.de"/>
 
-  <securecookie host="^(.*\.)?dhl\.de$" name=".*" />
+  <securecookie host=".+" name=".+" />
 
-  <rule from="^http://(?:www\.)?dhl\.de/" to="https://www.dhl.de/"/>
-  <rule from="^http://dhl\.de/" to="https://www.dhl.de/"/>
+  <rule from="^http://mobile\.dhl\.de/"
+	  to="https://mobil.dhl.de/" />
+
+  <rule from="^http:"
+    to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/DHS.gov.xml b/src/chrome/content/rules/DHS.gov.xml
new file mode 100644
index 000000000000..50fa637e0357
--- /dev/null
+++ b/src/chrome/content/rules/DHS.gov.xml
@@ -0,0 +1,99 @@
+<!--
+	Department of Homeland Security
+
+	For other U.S. government coverage, see US-government.xml.
+
+
+	Nonfunctioanl subdomains:
+
+		- ^ ¹
+		- llis ¹
+		- www.oig ²
+		- preview ¹
+		- (www.)?vapid ³
+
+	¹ Redirects to http
+	² 503
+	³ 504, Akamai
+
+
+	Fully covered subdomains:
+
+		- carwash
+		- esta.cbp
+		- goes-app.cbp
+		- cisomb
+		- www.llis
+		- mobilecoe
+		- preview-studyinthestates
+		- sharedservices
+		- studyinthestates
+		- universalenroll
+		- wcmaas
+
+
+	Insecure cookies are set for these hosts:
+
+		- esta.cbp.dhs.gov
+		- goes-app.cbp.dhs.gov
+		- www.llis.dhs.gov
+		- universalenroll.dhs.gov
+
+-->
+<ruleset name="DHS.gov (partial)">
+
+	<target host="carwash.dhs.gov" />
+	<target host="esta.cbp.dhs.gov" />
+	<target host="goes-app.cbp.dhs.gov" />
+	<target host="cisomb.dhs.gov" />
+	<target host="www.llis.dhs.gov" />
+	<target host="mobilecoe.dhs.gov" />
+	<target host="preview-studyinthestates.dhs.gov" />
+	<target host="sharedservices.dhs.gov" />
+	<target host="studyinthestates.dhs.gov" />
+	<target host="universalenroll.dhs.gov" />
+	<target host="wcmaas.dhs.gov" />
+	<target host="www.dhs.gov" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://dhs\.gov/($|sites/)" /-->
+		<!--exclusion pattern="^http://www\.dhs\.gov/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.dhs\.gov/+(?!misc/|profiles/dhs_gov/(?:modul|them)es/|sites/|xlibrary/videos/\w+_thumb\.jpg)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.dhs.gov/about-dhs" />
+			<test url="http://www.dhs.gov/contact-us" />
+			<test url="http://www.dhs.gov/frequently-requested-pages" />
+			<test url="http://www.dhs.gov/get-involved" />
+			<test url="http://www.dhs.gov/how-do-i/by-type" />
+			<test url="http://www.dhs.gov/news" />
+			<test url="http://www.dhs.gov/sitemap" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.dhs.gov/misc/feed.png" />
+			<test url="http://www.dhs.gov/profiles/dhs_gov/modules/features/dhs_ntas_alert/img/cambio-back.jpg" />
+			<test url="http://www.dhs.gov/profiles/dhs_gov/themes/dhs_gov_theme/logo.png" />
+			<test url="http://www.dhs.gov/sites/default/files/styles/dhs_homepage_rotator/public/15_0303_homepage.jpg" />
+			<test url="http://www.dhs.gov/xlibrary/videos/15_0303_s1_budget_thumb.jpg" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^esta\.cbp\.dhs\.gov$" name="^PERSIST_ID$" /-->
+	<!--securecookie host="^goes-app\.cbp\.dhs\.gov$" name="^(PD-H-SESSION-ID|PERSIST_ID)$" /-->
+	<!--securecookie host="^www\.llis\.dhs\.gov$" name="^FEMA_CSI_NPD_LLIS_WEB_HTTP_CK1$" /-->
+	<!--securecookie host="^universalenroll\.dhs\.gov$" name="^TS[\da-f]{8}(_\d\d)?$" /-->
+
+	<securecookie host="^(?:esta\.cbp|goes-app\.cbp|www\.llis|universalenroll)\.dhs\.gov$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DHgate.com.xml b/src/chrome/content/rules/DHgate.com.xml
index b6c384d9ba56..2636ec0aff37 100644
--- a/src/chrome/content/rules/DHgate.com.xml
+++ b/src/chrome/content/rules/DHgate.com.xml
@@ -1,47 +1,76 @@
 <!--
-	CDN buckets:
-
-		- blog.dhgate.com.cdn20.com
-		- image.dhgate.com.cdn20.com
-		- www.dhresource.com.cdn20.com
-
-
-	Nonfunctional domains:
-
-		- dhgate.com subdomains:
-
-			- blog *
-			- help	(times out)
-			- image *
-
-		- www.dhresource.com *
-
-	* 504, akamai
-
-
-	Problematic subdomains:
-
-		- ^	(times out)
-		- www	(mismatched, CN: secure.dhgate.com)
-
-
-	Mixed images on secure from image.dhgate.com & www.dhresource.com
-
+	Nonfunctional hosts on *.dhgate.com:
+
+		- ar.dhgate.com (m)
+		- bbs.dhgate.com (r)
+		- blog.dhgate.com (h)
+		- e.dhgate.com (e)
+		- gold.dhgate.com (mixed content)
+		- help.dhgate.com (h)
+		- ja.dhgate.com (m)
+		- ko.dhgate.com (m)
+		- payment.dhgate.com (no working URL known)
+		- promo.dhgate.com (mixed content)
+		- secure.dhgate.com (mixed content)
+		- seller.dhgate.com (h)
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+
+	Wildcard DNS record on dhgate.com.
 -->
-<ruleset name="DHgate.com (partial)">
+<ruleset name="DHgate.com">
 
 	<target host="dhgate.com" />
-	<target host="*.dhgate.com" />
-		<!--
-			Some (most?) pages not on secure:
-								-->
-		<exclusion pattern="^http://(?:www\.)?dhgate\.com/(?:\?.*)?$" />
-
-
-	<!--securecookie host="^\.?secure\.dhgate\.com$" name=".+" /-->
-
-
-	<rule from="^http://(?:secure\.|www\.)?dhgate\.com/"
-		to="https://secure.dhgate.com/" />
-
-</ruleset>
\ No newline at end of file
+	<target host="www.dhgate.com" />
+	<target host="au.dhgate.com" />
+	<target host="m.au.dhgate.com" />
+	<target host="ca.dhgate.com" />
+	<target host="m.ca.dhgate.com" />
+	<target host="de.dhgate.com" />
+	<target host="m.de.dhgate.com" />
+	<target host="dg.dhgate.com" />
+	<target host="es.dhgate.com" />
+	<target host="m.es.dhgate.com" />
+	<target host="fr.dhgate.com" />
+	<target host="m.fr.dhgate.com" />
+	<target host="image.dhgate.com" />
+		<test url="http://image.dhgate.com/dhs/oth/edm/2013/07/11/logo.jpg" />
+	<target host="it.dhgate.com" />
+	<target host="m.it.dhgate.com" />
+	<target host="m.dhgate.com" />
+	<target host="dht-trail.nt.dhgate.com" />
+		<test url="http://dht-trail.nt.dhgate.com/trail/trail/userinfo.php" />
+	<target host="nz.dhgate.com" />
+	<target host="m.nz.dhgate.com" />
+	<target host="o2o.dhgate.com" />
+	<target host="pt.dhgate.com" />
+	<target host="m.pt.dhgate.com" />
+	<target host="ru.dhgate.com" />
+	<target host="m.ru.dhgate.com" />
+	<target host="tr.dhgate.com" />
+	<target host="m.tr.dhgate.com" />
+	<target host="realstats.dhgate.com" />
+		<test url="http://realstats.dhgate.com/dams-feedback/biz-FeedBack-log.do" />
+	<target host="shoppingcart.dhgate.com" />
+		<test url="http://shoppingcart.dhgate.com/cart/minicart.do" />
+	<target host="survey.dhgate.com" />
+
+	<target host="www.dhresource.com" />
+		<test url="http://www.dhresource.com/dhs/oth/edm/2013/07/11/logo.jpg" />
+	<target host="css.dhresource.com" />
+	<target host="js.dhresource.com" />
+		<test url="http://js.dhresource.com/buyer/common/thirdload/load.js" />
+
+	<!-- mixed content on $ -->
+	<exclusion pattern="^http://css\.dhresource\.com/$" />
+	<test url="http://css.dhresource.com/buyer/common/image/head/logo.png" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DIYbanter.xml b/src/chrome/content/rules/DIYbanter.xml
index 85d54c22394e..b4b82679eb82 100644
--- a/src/chrome/content/rules/DIYbanter.xml
+++ b/src/chrome/content/rules/DIYbanter.xml
@@ -1,13 +1,12 @@
 <ruleset name="DIYbanter">
 
 	<target host="diybanter.com" />
-	<target host="*.diybanter.com" />
+	<target host="www.diybanter.com" />
 
 
 	<securecookie host="^(?:w*\.)?diybanter\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?diybanter\.com/"
-		to="https://$1diybanter.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/DIYbookscanner.org.xml b/src/chrome/content/rules/DIYbookscanner.org.xml
new file mode 100644
index 000000000000..5f9b900b8702
--- /dev/null
+++ b/src/chrome/content/rules/DIYbookscanner.org.xml
@@ -0,0 +1,10 @@
+<ruleset name="DIY Book Scanner">
+
+	<target host="diybookscanner.org" />
+	<target host="www.diybookscanner.org" />
+	<target host="forum.diybookscanner.org" />
+	<target host="store.diybookscanner.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DJI.xml b/src/chrome/content/rules/DJI.xml
new file mode 100644
index 000000000000..f7af8ec3fdc3
--- /dev/null
+++ b/src/chrome/content/rules/DJI.xml
@@ -0,0 +1,124 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www-dji-china.dji.com/ => https://www-dji-china.dji.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+
+	Incomplete certificate chain:
+		support.dji.com
+
+	Invalid certificate:
+		dji.com
+		link.dji.com
+		live.dji.com
+		static.dji.com
+		bbs.djicdn.com
+		bbs11.djicdn.com
+		bbs22.djicdn.com
+		event-live.djicdn.com
+		events1.djicdn.com
+		events2.djicdn.com
+		events3.djicdn.com
+		forum.djicdn.com
+		www.dji.net
+		bbs.dji.net
+		dsevents.dji.net
+		flysafe.dji.net
+		m.dji.net
+		show.dji.net
+		store.dji.net
+		videos.dji.net
+		img.videos.dji.net
+
+	Mixed content:
+		bbs1.djicdn.com
+
+	Refused:
+		event.dji.com
+
+	Secure connection failed:
+		x.dji.com
+
+	Time out:
+		api.dji.com
+		edm.dji.com
+		forum.dev.dji.com
+		live-usa.djicdn.com
+
+	Unable to connect:
+		press.dji.com
+		wiki.dji.com
+
+-->
+<ruleset name="DJI" default_off="failed ruleset test">
+	<target host="dji.com" />
+	<target host="www.dji.com" />
+	<target host="account.dji.com" />
+	<target host="accounts.dji.com" />
+	<target host="active.dji.com" />
+	<target host="aftersale.dji.com" />
+	<target host="bbs.dji.com" />
+	<target host="campaign.dji.com" />
+	<target host="click.dji.com" />
+	<target host="dds.dji.com" />
+	<target host="dev.dji.com" />
+	<target host="developer.dji.com" />
+	<target host="edu.dji.com" />
+	<target host="events.dji.com" />
+	<target host="flysafe-admin.dji.com" />
+	<target host="flysafe-api.dji.com" />
+	<target host="forum.dji.com" />
+	<target host="m.dji.com" />
+	<target host="miy.dji.com" />
+	<target host="mydjiflight.dji.com" />
+	<target host="plus.dji.com" />
+	<target host="repair.dji.com" />
+	<target host="reserve.dji.com" />
+	<target host="reserve-backend.dji.com" />
+	<target host="show.dji.com" />
+	<target host="store.dji.com" />
+	<target host="studiochina.dji.com" />
+	<target host="translator.dji.com" />
+	<target host="u.dji.com" />
+	<target host="we.dji.com" />
+	<target host="www-dji-china.dji.com" />
+
+	<target host="djicdn.com" />
+	<target host="www.djicdn.com" />
+	<target host="asset1.djicdn.com" />
+	<target host="asset2.djicdn.com" />
+	<target host="asset3.djicdn.com" />
+	<target host="asset4.djicdn.com" />
+	<target host="asset5.djicdn.com" />
+	<target host="dev1.djicdn.com" />
+	<target host="devcn.djicdn.com" />
+	<target host="devusa.djicdn.com" />
+	<target host="dl.djicdn.com" />
+	<target host="forum11.djicdn.com" />
+	<target host="forum22.djicdn.com" />
+	<target host="forum33.djicdn.com" />
+	<target host="forum44.djicdn.com" />
+	<target host="miy-cn.djicdn.com" />
+	<target host="miy-us.djicdn.com" />
+	<target host="plus.djicdn.com" />
+	<target host="product1.djicdn.com" />
+	<target host="u.djicdn.com" />
+	<target host="videocaption.djicdn.com" />
+	<target host="we1.djicdn.com" />
+	<target host="we2.djicdn.com" />
+	<target host="we3.djicdn.com" />
+	<target host="we4.djicdn.com" />
+	<target host="we5.djicdn.com" />
+	<target host="www-optimized.djicdn.com" />
+	<!--
+		www1.djicdn.com and www2.djicdn.com load in a browser but time out in Travis with:
+		(28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+	-->
+	<!--<target host="www1.djicdn.com" />-->
+	<!--<target host="www2.djicdn.com" />-->
+	<target host="www3.djicdn.com" />
+	<target host="www4.djicdn.com" />
+	<target host="www5.djicdn.com" />
+
+	<rule from="^http://dji\.com/" to="https://www.dji.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/DJKit.xml b/src/chrome/content/rules/DJKit.xml
index 355f14d1d8a1..9c6fd5da3ae5 100644
--- a/src/chrome/content/rules/DJKit.xml
+++ b/src/chrome/content/rules/DJKit.xml
@@ -1,13 +1,12 @@
 <ruleset name="DJKit">
 
 	<target host="djkit.com" />
-	<target host="*.djkit.com" />
+	<target host="www.djkit.com" />
 
 
 	<securecookie host="^\.djkit\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?djkit\.com/"
-		to="https://$1djkit.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/DKB.de.xml b/src/chrome/content/rules/DKB.de.xml
index 3d4523ec477e..48bc2c66af04 100644
--- a/src/chrome/content/rules/DKB.de.xml
+++ b/src/chrome/content/rules/DKB.de.xml
@@ -1,7 +1,30 @@
+<!--
+	Fully covered subdomains:
+
+		- dkb.de
+
+		- *.dkb.de:
+
+			- banking
+			- m
+			- www
+
+-->
 <ruleset name="Deutsche Kreditbank">
-  <target host="dkb.de" />
-  <target host="*.dkb.de" />
 
-  <rule from="^http://dkb\.de/" to="https://dkb.de/"/>
-  <rule from="^http://([^/:@\.]+)\.dkb\.de/" to="https://$1.dkb.de/"/>
+	<target host="dkb.de" />
+	<target host="*.dkb.de" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^banking\.dkb\.de$" name="^(DKBSESSID|SERVERID|javascript)$" /-->
+	<!--securecookie host="^(m|www)\.dkb\.de$" name="^JSESSIONID$" /-->
+
+	<securecookie host="^(?:banking|m|www)\.dkb\.de$" name=".+" />
+
+
+	<rule from="^http://([^/:@\.]+\.)?dkb\.de/"
+		to="https://$1dkb.de/" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/DKWiki.com.xml b/src/chrome/content/rules/DKWiki.com.xml
new file mode 100644
index 000000000000..cb1f2db8f484
--- /dev/null
+++ b/src/chrome/content/rules/DKWiki.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="DKWiki.com">
+	<target host="dkwiki.com" />
+	<target host="www.dkwiki.com" />
+	<target host="cpanel.dkwiki.com" />
+	<target host="mail.dkwiki.com" />
+	<target host="webdisk.dkwiki.com" />
+	<target host="webmail.dkwiki.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/DKiT.ie.xml b/src/chrome/content/rules/DKiT.ie.xml
new file mode 100644
index 000000000000..3ce626857717
--- /dev/null
+++ b/src/chrome/content/rules/DKiT.ie.xml
@@ -0,0 +1,98 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://help.dkit.ie/ => https://help.dkit.ie/: (6, 'Could not resolve host: help.dkit.ie')
+Fetch error: http://passwordregistration.dkit.ie/ => https://passwordregistration.dkit.ie/: (6, 'Could not resolve host: passwordregistration.dkit.ie')
+Fetch error: http://passwordreset.dkit.ie/ => https://passwordreset.dkit.ie/: (6, 'Could not resolve host: passwordreset.dkit.ie')
+
+	Dundalk Institute of Technology
+
+
+	Nonfunctional hosts in *dkit.ie:
+
+		- courses ¹
+		- docs ²
+
+	¹ Shows www.dkit.ie
+	² Refused
+
+
+	Problematic hosts in *dkit.ie:
+
+		- alumni ¹
+		- staffemail ²
+		- studentemail ²
+
+	¹ Mixed css
+	² Mismatched
+
+
+	These altnames don't exist:
+
+		- events.dkit.ie
+		- forum.dkit.ie
+		- my.dkit.ie
+		- portal.dkit.ie
+		- stor.dkit.ie
+		- student.dkit.ie
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .dkit.ie
+		- alumni.dkit.ie
+		- help.dkit.ie
+		- owncloud.dkit.ie
+		- passwordreset.dkit.ie
+
+
+	Mixed content:
+
+		- iframe on alumni from www.youtube.com *
+		- css on alumni from $self *
+		- Images on alumni from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="DKiT.ie (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<!--target host="alumni.dkit.ie" /-->
+	<target host="careers.dkit.ie" />
+	<target host="help.dkit.ie" />
+	<target host="eprints.dkit.ie" />
+	<target host="moodle.dkit.ie" />
+	<target host="owncloud.dkit.ie" />
+	<target host="passwordregistration.dkit.ie" />
+	<target host="passwordreset.dkit.ie" />
+	<target host="webmail.dkit.ie" />
+	<target host="www.dkit.ie" />
+
+	<!--	Complications:
+				-->
+	<target host="dkit.ie" />
+	<!--target host="staffemail.dkit.ie" /-->
+	<!--target host="studentemail.dkit.ie" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.dkit\.io$" name="^SESS[\da-f]{32}$" /-->
+	<!--securecookie host="^alumni\.dkit\.io$" name="^[\da-f]{32}$" /-->
+	<!--securecookie host="^help\.dkit\.io$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^owncloud\.dkit\.io$" name="^[\da-f]+$" /-->
+	<!--securecookie host="^passwordreset\.dkit\.io$" name="^(?:_ENSURE_NEW_SESSION_COOKIE_|ASP\.NET_SessionId)$" /-->
+
+	<securecookie host="^\.dkit\.io$" name="^SESS[\da-f]{32}$" />
+	<securecookie host="^(?:help|owncloud|passwordreset)\.dkit\.io$" name=".+" />
+
+
+	<rule from="^http://dkit\.ie/"
+		to="https://www.dkit.ie/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DL-rms.com.xml b/src/chrome/content/rules/DL-rms.com.xml
deleted file mode 100644
index f10f0f616188..000000000000
--- a/src/chrome/content/rules/DL-rms.com.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<!--
-	Web bugs.
-
--->
-<ruleset name="DL-rms.com">
-
-	<target host="content.dl-rms.com" />
-
-
-	<rule from="^http://content\.dl-rms\.com/"
-		to="https://content.dl-rms.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/DLitz.net.xml b/src/chrome/content/rules/DLitz.net.xml
deleted file mode 100644
index e8076de85994..000000000000
--- a/src/chrome/content/rules/DLitz.net.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="DLitz.net">
-
-	<target host="dlitz.net" />
-	<target host="www.dlitz.net" />
-
-
-	<rule from="^http://(www\.)?dlitz\.net/"
-		to="https://$1dlitz.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/DLsite.com.xml b/src/chrome/content/rules/DLsite.com.xml
new file mode 100644
index 000000000000..5a15fd314bee
--- /dev/null
+++ b/src/chrome/content/rules/DLsite.com.xml
@@ -0,0 +1,74 @@
+<!--
+	Related rules:
+	- blogimg.jp.xml
+	- DLsite.jp.xml
+
+	Non-functional hosts
+		Couldn't connect to server:
+		- circle.upload001.dlsite.com
+		- circle.upload002.dlsite.com
+		- admin.dlsite.com
+		- github.dlsite.com
+		- announce.dlsite.com
+		- dille.dlsite.com
+		- elle.dlsite.com
+		- ch.stg.dlsite.com
+		- trial.gaku.dlsite.com
+
+		Timeout was reached:
+		- maid.dlsite.com
+		- support.dlsite.com
+		- trial.origin.dlsite.com
+
+		SSL connect error:
+		- ch-info.dlsite.com
+		- eng-info.dlsite.com
+		- girls-info.dlsite.com
+		- home-info.dlsite.com
+		- staffblog.dlsite.com
+		- blog.it.dlsite.com
+		- b.dlsite.net
+
+		NXDOMAIN:
+		- www.fujita.dlsite.com
+
+		Mixed content:
+		- it.dlsite.com
+
+		SSL Connection Refused:
+		- adv.dlsite.com
+		- trinity.dlsite.com
+
+		https://trial.dlsite.com will redir to http://trial.origin.dlsite.com/error404.html,
+		but the actual trial links work, for example https://trial.dlsite.com/doujin/RJ119000/RJ118525_trial.zip
+-->
+<ruleset name="DLsite.com">
+	<target host="dlsite.com" />
+	<target host="www.dlsite.com" />
+	<target host="blog.dlsite.com" />
+	<target host="books.dlsite.com" />
+	<target host="ch.dlsite.com" />
+	<target host="ci-en.dlsite.com" />
+	<target host="click.mg.dlsite.com" />
+	<target host="comic.dlsite.com" />
+	<target host="dealer.dlsite.com" />
+	<target host="download.dlsite.com" />
+	<target host="eng.dlsite.com" />
+	<target host="home.dlsite.com" />
+	<target host="login.dlsite.com" />
+	<target host="maniax.dlsite.com" />
+	<target host="media.dlsite.com" />
+	<target host="play.dl.dlsite.com" />
+	<target host="play.dlsite.com" />
+	<target host="pro2.dlsite.com" />
+	<target host="pro.dlsite.com" />
+	<target host="ssl.dlsite.com" />
+	<target host="ssldownload.dlsite.com" />
+	<target host="trial.dlsite.com" />
+	<target host="view.mg.dlsite.com" />
+	<target host="www.origin.dlsite.com" />
+
+	<test url="http://dealer.dlsite.com/login" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/DLsite.jp.xml b/src/chrome/content/rules/DLsite.jp.xml
new file mode 100644
index 000000000000..e6ecdafcdfbe
--- /dev/null
+++ b/src/chrome/content/rules/DLsite.jp.xml
@@ -0,0 +1,10 @@
+<!--
+	Related rules:
+	- DLsite.com.xml
+-->
+
+<ruleset name="dlsite.jp">
+	<target host="img.dlsite.jp" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/DM.id.lv.xml b/src/chrome/content/rules/DM.id.lv.xml
new file mode 100644
index 000000000000..cc2cb9b6af09
--- /dev/null
+++ b/src/chrome/content/rules/DM.id.lv.xml
@@ -0,0 +1,30 @@
+<!--
+	(www.): mismatched
+
+
+	Fully covered subdomains:
+
+		- (www.)projects
+		- pkptest.projects
+
+
+	These altnames don't exist:
+
+		- www.pkptest.projects.dm.id.lv
+
+-->
+<ruleset name="DM.id.lv (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="projects.dm.id.lv" />
+	<target host="pkptest.projects.dm.id.lv" />
+	<target host="www.projects.dm.id.lv" />
+
+		<!--exclusion pattern="^http://www\.dm\.id\.lv/" /-->
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DMAchoice.org.xml b/src/chrome/content/rules/DMAchoice.org.xml
new file mode 100644
index 000000000000..9fc15060d33d
--- /dev/null
+++ b/src/chrome/content/rules/DMAchoice.org.xml
@@ -0,0 +1,13 @@
+<!--
+	For other Direct Marketing Association coverage, see The_DMA.org.xml.
+
+-->
+<ruleset name="DMAchoice.org">
+
+	<target host="dmachoice.org" />
+	<target host="www.dmachoice.org" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DMCA_Services.xml b/src/chrome/content/rules/DMCA_Services.xml
index 0a0566337927..792dfa4089c2 100644
--- a/src/chrome/content/rules/DMCA_Services.xml
+++ b/src/chrome/content/rules/DMCA_Services.xml
@@ -1,21 +1,39 @@
 <!--
+	DMCA Services
+
+
 	Problematic subdomains:
 
-		- ^
-		- images	(times out)
+		- ^ *
+
+	* Refused
+
+
+	These altnames don't exist:
+
+		- www.images.dmca.com
+
+
+	Mixed content:
+
+		- Images on www from imagse *
+
+	* Secured by us
 
 -->
-<ruleset name="DMCA Services (partial)">
+<ruleset name="DMCA.com">
 
 	<target host="dmca.com" />
-	<target host="*.dmca.com" />
-		<exclusion pattern="^https?://images\.dmca\.com/(?!.+/)" />
+	<target host="www.dmca.com" />
+	<target host="images.dmca.com" />
 
 
 	<securecookie host="^www\.dmca\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:images\.|www\.)?dmca\.com/"
+	<rule from="^http://(?:www\.)?dmca\.com/"
 		to="https://www.dmca.com/" />
 
-</ruleset>
\ No newline at end of file
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/DMLP.org.xml b/src/chrome/content/rules/DMLP.org.xml
index 60870a7da4c3..59a6579ab861 100644
--- a/src/chrome/content/rules/DMLP.org.xml
+++ b/src/chrome/content/rules/DMLP.org.xml
@@ -1,7 +1,7 @@
 <!--
 	Problematic subdomains:
 
-		- ^	(mismatched, CN: adam.law.harvard.edu)
+		- ^	(mismatched, CN: www.)
 
 
 	Some pages redirect to http.
@@ -14,11 +14,10 @@
 	<target host="dmlp.org" />
 	<target host="www.dmlp.org" />
 
+	<test url="http://dmlp.org/favicon.ico" />
+	<test url="http://www.dmlp.org/favicon.ico" />
 
-	<rule from="^http://(?:www\.)?citmedialaw\.org/"
-		to="https://www.citmedialaw.org/" />
-
-	<rule from="^http://(?:www\.)?dmlp\.org/(?!favicon\.ico|files/|misc/|modules/|sites/)"
-		to="https://www.dmlp.org/" />
+	<rule from="^http://(?:www\.)?([^/]+)/"
+		to="https://www.$1/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/DMU.xml b/src/chrome/content/rules/DMU.xml
index 85388a02022d..aeddaa34d3f5 100644
--- a/src/chrome/content/rules/DMU.xml
+++ b/src/chrome/content/rules/DMU.xml
@@ -1,16 +1,43 @@
-<!-- Would like to add hal.dmu.ac.uk which is used on the main site, but it uses a self signed cert -->
-<ruleset name="DMU">
-  <target host="dmu.ac.uk" />
-  <target host="www.dmu.ac.uk" />
-  <target host="www.library.dmu.ac.uk" />
-  <target host="chooseyourhallroom.dmu.ac.uk" />
-  <target host="idpedir.dmu.ac.uk" />
-  <target host="password.dmu.ac.uk" />
-  <target host="vle.dmu.ac.uk" />
-  <target host="webmail.dmu.ac.uk" />
-
-  <securecookie host="^(.+\.)?dmu\.ac\.uk$" name=".*"/>
-
-  <rule from="^http://dmu\.ac\.uk/" to="https://dmu.ac.uk/"/>
-  <rule from="^http://(www|www\.library|chooseyourhallroom|idpedir|password|vle|webmail)\.dmu\.ac\.uk/" to="https://$1.dmu.ac.uk/"/>
+<!--
+	Fully covered subdomains:
+
+		- (www.)?
+		- chooseyourhallroom
+		- idpedir
+		- www.library
+		- password
+		- vle
+		- webmail
+
+
+	Insecure cookies are set for these domains:
+
+		- www.dmu.ac.uk
+
+
+	Would like to add hal.dmu.ac.uk, which is used on
+	the main site, but it uses a self signed cert.
+
+-->
+<ruleset name="DMU.ac.uk (partial)">
+
+	<target host="dmu.ac.uk" />
+	<target host="chooseyourhallroom.dmu.ac.uk" />
+	<target host="idpedir.dmu.ac.uk" />
+	<target host="www.library.dmu.ac.uk" />
+	<target host="password.dmu.ac.uk" />
+	<target host="vle.dmu.ac.uk" />
+	<target host="webmail.dmu.ac.uk" />
+	<target host="www.dmu.ac.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.dmu\.ac\.uk$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^(?:(?:chooseyourhallroom|idpedir|www\.library|password|vle|webmail|www)\.)?dmu\.ac\.uk$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/DMV.org.xml b/src/chrome/content/rules/DMV.org.xml
new file mode 100644
index 000000000000..5c82bbbcacd8
--- /dev/null
+++ b/src/chrome/content/rules/DMV.org.xml
@@ -0,0 +1,10 @@
+<ruleset name="DMV.org">
+	<target host="dmv.org" />
+	<target host="www.dmv.org" />
+	<target host="local.dmv.org" />
+	<target host="static.dmv.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/DMX-Austria.xml b/src/chrome/content/rules/DMX-Austria.xml
index 82d2b2a9cec5..2af245b1b7ef 100644
--- a/src/chrome/content/rules/DMX-Austria.xml
+++ b/src/chrome/content/rules/DMX-Austria.xml
@@ -5,11 +5,11 @@
 	<target host="www.dmx-austria.at" />
 
 
-	<securecookie host="^www\.dmx-austria\.at$" name=".*" />
+	<securecookie host="^www\.dmx-austria\.at$" name=".+" />
 
 
 	<!--	!www redirects to www.	-->
-	<rule from="^https?://(?:www\.)?dmx-austria\.at/"
+	<rule from="^http://(?:www\.)?dmx-austria\.at/"
 		to="https://www.dmx-austria.at/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/DM_mailing_list.com.xml b/src/chrome/content/rules/DM_mailing_list.com.xml
new file mode 100644
index 000000000000..c18b91effc63
--- /dev/null
+++ b/src/chrome/content/rules/DM_mailing_list.com.xml
@@ -0,0 +1,17 @@
+<!--
+	For other Direct Mail coverage, see Direct_Mail_Mac.com.xml.
+
+-->
+<ruleset name="DM mailing list.com">
+
+	<target host="dm-mailinglist.com" />
+	<target host="www.dm-mailinglist.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DMflex.xml b/src/chrome/content/rules/DMflex.xml
index d2f9ba8b3841..f73b2074666a 100644
--- a/src/chrome/content/rules/DMflex.xml
+++ b/src/chrome/content/rules/DMflex.xml
@@ -2,17 +2,21 @@
 	Nonfunctional subdomains:
 
 		- ^ *		(404)
+		- serving.portal ²
 		- www *		(redirects to http)
 
 	* Mismatched, CN: serving.portal.dmflex.com
+	² Expired
 
 -->
-<ruleset name="DMflex (partial)">
+<ruleset name="DMflex.com (partial)" default_off="expired">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="serving.portal.dmflex.com" />
 
 
-	<rule from="^http://serving\.portal\.dmflex\.com/"
-		to="https://serving.portal.dmflex.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/DMoruzzi.com.xml b/src/chrome/content/rules/DMoruzzi.com.xml
new file mode 100644
index 000000000000..078e77f2c81b
--- /dev/null
+++ b/src/chrome/content/rules/DMoruzzi.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="DMoruzzi.com">
+	<target host="dmoruzzi.com" />
+	<target host="www.dmoruzzi.com" />
+	<target host="go.dmoruzzi.com" />
+	<target host="on.dmoruzzi.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/DN.dk.xml b/src/chrome/content/rules/DN.dk.xml
new file mode 100644
index 000000000000..b11b51aa4f41
--- /dev/null
+++ b/src/chrome/content/rules/DN.dk.xml
@@ -0,0 +1,30 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.dn.dk/Files/System/css/img/Danmarks-Naturfredningsforening.png => https://www.dn.dk/Files/System/css/img/Danmarks-Naturfredningsforening.png: (7, 'Failed to connect to www.dn.dk port 443: Connection refused')
+Fetch error: http://dn.dk/ => https://dn.dk/: (7, 'Failed to connect to dn.dk port 443: Connection refused')
+Fetch error: http://www.dn.dk/ => https://www.dn.dk/: (7, 'Failed to connect to www.dn.dk port 443: Connection refused')
+
+	Non-functional domains:
+
+		- fordel ¹
+		- historie ¹
+		- tur ¹
+
+	¹: Refused
+-->
+<ruleset name="DN.dk (partial)" default_off="failed ruleset test">
+	<target host="dn.dk" />
+	<target host="www.dn.dk" />
+
+	<exclusion pattern="^http://www\.dn\.dk/([dD]efault\.aspx|\?).*" />
+
+	<test url="http://www.dn.dk/default.aspx" />
+	<test url="http://www.dn.dk/Default.aspx?ID=7244" />
+	<test url="http://www.dn.dk/Default.aspx" />
+	<test url="http://www.dn.dk/?ID=7244" />
+	<test url="http://www.dn.dk/Files/System/css/img/Danmarks-Naturfredningsforening.png" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/DN.no.xml b/src/chrome/content/rules/DN.no.xml
new file mode 100644
index 000000000000..d0a5d84dd678
--- /dev/null
+++ b/src/chrome/content/rules/DN.no.xml
@@ -0,0 +1,15 @@
+<!--
+	Invalid Certificate:
+		hotell.dn.no
+		idn.dn.no
+-->
+<ruleset name="DN.no">
+	<target host="dn.no" />
+	<target host="www.dn.no" />
+	<target host="investor.dn.no" />
+	<target host="multimedia.dn.no" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"	to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/DNA.Land.xml b/src/chrome/content/rules/DNA.Land.xml
new file mode 100644
index 000000000000..8219d1a3f4de
--- /dev/null
+++ b/src/chrome/content/rules/DNA.Land.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- dna.land
+		- www.dna.land
+
+-->
+<ruleset name="DNA.Land">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="dna.land" />
+	<target host="www.dna.land" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?dna\.land$" name="^session$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DNA_Serum.xml b/src/chrome/content/rules/DNA_Serum.xml
index 4ec5e9cf2691..90c05b38e0ea 100644
--- a/src/chrome/content/rules/DNA_Serum.xml
+++ b/src/chrome/content/rules/DNA_Serum.xml
@@ -1,19 +1,32 @@
-<ruleset name="DNA Serum">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://dnaserum.com/ => https://dnaserum.com/: (28, 'Connection timed out after 20002 milliseconds')
+Fetch error: http://shop.dnaserum.com/ => https://shop.dnaserum.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.dnaserum.com/ => https://www.dnaserum.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://tepamine.com/ => https://tepamine.com/: (51, "SSL: no alternative certificate subject name matches target host name 'tepamine.com'")
+Fetch error: http://www.tepamine.com/ => https://www.tepamine.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.tepamine.com'")
+
+-->
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://dnaserum.com/ => https://dnaserum.com/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="DNA Serum" default_off="failed ruleset test">
 
 	<target host="dnaserum.com" />
-	<target host="*.dnaserum.com" />
+	<target host="shop.dnaserum.com" />
+	<target host="www.dnaserum.com" />
 	<target host="tepamine.com" />
-	<target host="*.tepamine.com" />
+	<target host="www.tepamine.com" />
 
 
 	<securecookie host="^(?:.*\.)?dnaserum\.com$" name=".+" />
 	<securecookie host="^\.tepamine\.com$" name=".+" />
 
 
-	<rule from="^http://(shop\.|www\.)?dnaserum\.com/"
-		to="https://$1dnaserum.com/" />
-
-	<rule from="^http://(www\.)?tepamine\.com/"
-		to="https://$1tepamine.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/DNB.no.xml b/src/chrome/content/rules/DNB.no.xml
new file mode 100644
index 000000000000..d9419cb004f0
--- /dev/null
+++ b/src/chrome/content/rules/DNB.no.xml
@@ -0,0 +1,71 @@
+<!--
+	DNB Bank
+
+	Other DNB Bank rulesets:
+
+		- Deltager.no.xml
+
+
+	Problematic hosts in *dnb.no:
+
+		- ^ ¹
+		- husrom ² ³
+		- www3 ²
+
+	¹ Refused
+	² Mismatched
+	³ Self-signed
+
+
+	STS header includes includeSubdomains
+
+
+	Insecure cookies are set for these hosts:
+
+		- m.dnb.no
+		- www.dnb.no
+
+
+	Mixed content:
+
+		- css on husrom from fonts.typotheque.com *
+
+	* Secured by us
+
+-->
+<ruleset name="DNB.no (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="*.dnb.no" />
+
+	<!--	Complications:
+				-->
+	<target host="dnb.no" />
+
+		<exclusion pattern="^http://(?:husrom|www3)\.dnb\.no/" />
+
+			<!--	+ve:
+					-->
+			<test url="http://husrom.dnb.no/" />
+			<test url="http://www3.dnb.no/" />
+
+		<test url="http://m.dnb.no/" />
+		<test url="http://markets.dnb.no/" />
+		<test url="http://www.dnb.no/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:m|www)\.dnb\.no$" name="^NorSegdOpSites1SessionID$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://dnb\.no/"
+		to="https://www.dnb.no/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DNC.org.xml b/src/chrome/content/rules/DNC.org.xml
new file mode 100644
index 000000000000..2ffaf9101f72
--- /dev/null
+++ b/src/chrome/content/rules/DNC.org.xml
@@ -0,0 +1,19 @@
+<!--
+	See also Democrats.org.xml.
+
+	Invalid certificate:
+		- hrb.dnc.org
+		- sendgrid.dnc.org
+
+-->
+<ruleset name="DNC.org">
+	<target host="dnc.org" />
+	<target host="www.dnc.org" />
+	<target host="frontend-assets.dnc.org" />
+		<test url="http://frontend-assets.dnc.org/dnc-logo.svg" />
+	<target host="tanto.dnc.org" />
+	<target host="toolbox.dnc.org" />
+	<target host="toolbox-stage.dnc.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/DNS-OARC.net.xml b/src/chrome/content/rules/DNS-OARC.net.xml
new file mode 100644
index 000000000000..c7c2094a05a5
--- /dev/null
+++ b/src/chrome/content/rules/DNS-OARC.net.xml
@@ -0,0 +1,24 @@
+<!--
+	^: Prints default page
+
+-->
+<ruleset name="DNS-OARC.net">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="indico.dns-oarc.net" />
+	<target host="lists.dns-oarc.net" />
+	<target host="www.dns-oarc.net" />
+
+	<!--	Special cases:
+				-->
+	<target host="dns-oarc.net" />
+
+
+	<rule from="^http://dns-oarc\.net/"
+		to="https://www.dns-oarc.net/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DNS-shop.ru.xml b/src/chrome/content/rules/DNS-shop.ru.xml
new file mode 100644
index 000000000000..1efeb2ee3eed
--- /dev/null
+++ b/src/chrome/content/rules/DNS-shop.ru.xml
@@ -0,0 +1,44 @@
+<ruleset name="DNS-shop.ru">
+	<target host="dns-shop.ru" />
+	<target host="www.dns-shop.ru" />
+	<target host="0-mx.dns-shop.ru" />
+	<target host="accounts.dns-shop.ru" />
+	<target host="an.dns-shop.ru" />
+	<target host="as.dns-shop.ru" />
+	<target host="autodiscover.dns-shop.ru" />
+	<target host="b2b.dns-shop.ru" />
+	<target host="blagoveshensk.dns-shop.ru" />
+	<target host="c.dns-shop.ru" />
+	<target host="club.dns-shop.ru" />
+	<target host="data-import.dns-shop.ru" />
+	<target host="dev-media2.dns-shop.ru" />
+	<target host="ecosystem.dns-shop.ru" />
+	<target host="links.email.dns-shop.ru" />
+	<target host="export.dns-shop.ru" />
+	<target host="git.dns-shop.ru" />
+	<target host="imap.dns-shop.ru" />
+	<target host="mail.dns-shop.ru" />
+	<target host="media2.dns-shop.ru" />
+	<target host="mm-chat.dns-shop.ru" />
+	<target host="mx.dns-shop.ru" />
+	<target host="mx2.dns-shop.ru" />
+	<target host="ns2.dns-shop.ru" />
+	<target host="pda.dns-shop.ru" />
+	<target host="pop.dns-shop.ru" />
+	<target host="profile.dns-shop.ru" />
+	<target host="purchase.dns-shop.ru" />
+	<target host="redirect.dns-shop.ru" />
+	<target host="rocket-chat.dns-shop.ru" />
+	<target host="root.dns-shop.ru" />
+	<target host="s.dns-shop.ru" />
+	<target host="service.dns-shop.ru" />
+	<target host="smtp.dns-shop.ru" />
+	<target host="space.dns-shop.ru" />
+	<target host="supplier.dns-shop.ru" />
+	<target host="vl-proxy.dns-shop.ru" />
+	<target host="vladivostok.dns-shop.ru" />
+	<target host="webapi.dns-shop.ru" />
+	<target host="yuzhno-sakhalinsk.dns-shop.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/DNSChain.net.xml b/src/chrome/content/rules/DNSChain.net.xml
new file mode 100644
index 000000000000..c9491af37aff
--- /dev/null
+++ b/src/chrome/content/rules/DNSChain.net.xml
@@ -0,0 +1,26 @@
+<!--
+	(www.)?dnschain.net: Mismatched
+
+-->
+<ruleset name="DNSChain.net">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="api.dnschain.net" />
+
+	<!--	Complications:
+				-->
+	<target host="dnschain.net" />
+	<target host="www.dnschain.net" />
+
+
+	<!--	Redirect keeps path, args,
+		and forward slash:
+					-->
+	<rule from="^http://(?:www\.)?dnschain\.net/"
+		to="https://forums.okturtles.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DNSCrypt.eu.xml b/src/chrome/content/rules/DNSCrypt.eu.xml
new file mode 100644
index 000000000000..7bac28bd30ac
--- /dev/null
+++ b/src/chrome/content/rules/DNSCrypt.eu.xml
@@ -0,0 +1,7 @@
+<ruleset name="DNSCrypt.eu">
+	<target host="dnscrypt.eu" />
+	<target host="www.dnscrypt.eu" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/DNSCurve.xml b/src/chrome/content/rules/DNSCurve.xml
new file mode 100644
index 000000000000..ada5e0335947
--- /dev/null
+++ b/src/chrome/content/rules/DNSCurve.xml
@@ -0,0 +1,11 @@
+<ruleset name="DNSCurve">
+    <target host="dnscurve.org" />
+    <target host="www.dnscurve.org" />
+    <target host="dnscurve.net" />
+    <target host="www.dnscurve.net" />
+    <target host="dnscurve.com" />
+    <target host="www.dnscurve.com" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/DNSHistory.org.xml b/src/chrome/content/rules/DNSHistory.org.xml
new file mode 100644
index 000000000000..ec1ece734e61
--- /dev/null
+++ b/src/chrome/content/rules/DNSHistory.org.xml
@@ -0,0 +1,11 @@
+<ruleset name="DNS History.org">
+
+	<target host="dnshistory.org" />
+	<target host="www.dnshistory.org" />
+
+	<securecookie host="^dnshistory\.org$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DNSQuery.org.xml b/src/chrome/content/rules/DNSQuery.org.xml
new file mode 100644
index 000000000000..58d6c4075117
--- /dev/null
+++ b/src/chrome/content/rules/DNSQuery.org.xml
@@ -0,0 +1,35 @@
+<!--
+	www.dnsquery.org: Expired
+
+
+	Insecure cookies are set for these hosts:
+
+		- dnsquery.org
+		- www.dnsquery.org
+
+-->
+<ruleset name="DNSQuery.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="dnsquery.org" />
+
+	<!--	Complications:
+				-->
+	<target host="www.dnsquery.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?dnsquery\.org$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://www\.dnsquery\.org/"
+		to="https://dnsquery.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DNSSEC-Tools.xml b/src/chrome/content/rules/DNSSEC-Tools.xml
index e80c72d2b8c4..4eacd8555e60 100644
--- a/src/chrome/content/rules/DNSSEC-Tools.xml
+++ b/src/chrome/content/rules/DNSSEC-Tools.xml
@@ -10,10 +10,9 @@
 	<target host="www.dnssec-tools.org" />
 
 
-	<securecookie host="^(www\.)?dnssec-tools\.org$" name=".*" />
+	<securecookie host="^(?:www\.)?dnssec-tools\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?dnssec-tools\.org/"
-		to="https://$1dnssec-tools.org/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/DNSSEC-Validator.cz.xml b/src/chrome/content/rules/DNSSEC-Validator.cz.xml
new file mode 100644
index 000000000000..2bdf5b8d48e9
--- /dev/null
+++ b/src/chrome/content/rules/DNSSEC-Validator.cz.xml
@@ -0,0 +1,14 @@
+<!--
+	For other CZ.NIC coverage, see Nic.cz.xml.
+
+-->
+<ruleset name="DNSSEC-Validator.cz">
+
+	<target host="dnssec-validator.cz" />
+	<target host="www.dnssec-validator.cz" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DNSWatch.info.xml b/src/chrome/content/rules/DNSWatch.info.xml
new file mode 100644
index 000000000000..a0d7e0d4fbdd
--- /dev/null
+++ b/src/chrome/content/rules/DNSWatch.info.xml
@@ -0,0 +1,12 @@
+<ruleset name="DNSWatch.info">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="dnswatch.info" />
+	<target host="www.dnswatch.info" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DNS_leak_test.com.xml b/src/chrome/content/rules/DNS_leak_test.com.xml
new file mode 100644
index 000000000000..375880e9a8aa
--- /dev/null
+++ b/src/chrome/content/rules/DNS_leak_test.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="DNS leak test.com">
+
+	<target host="dnsleaktest.com" />
+	<target host="www.dnsleaktest.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DNSdynamic.xml b/src/chrome/content/rules/DNSdynamic.xml
deleted file mode 100644
index 1c0dcb31d0fe..000000000000
--- a/src/chrome/content/rules/DNSdynamic.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	Problematic subdomains:
-
-		- myip		(mismatch, works)
-
--->
-<ruleset name="DNSdynamic">
-
-	<target host="dnsdynamic.org" />
-	<target host="www.dnsdynamic.org" />
-
-
-	<securecookie host="^(?:www\.)?dnsdynamic\.org$" name=".+" />
-
-
-	<rule from="^http://(www\.)?dnsdynamic\.org/"
-		to="https://$1dnsdynamic.org/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/DNSimple.com.xml b/src/chrome/content/rules/DNSimple.com.xml
new file mode 100644
index 000000000000..0eb5b1667353
--- /dev/null
+++ b/src/chrome/content/rules/DNSimple.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Mismatched:
+		- email (*.sendgrid.net)
+-->
+
+<ruleset name="DNSimple.com">
+	<target host="dnsimple.com" />
+	<target host="www.dnsimple.com" />
+	<target host="blog.dnsimple.com" />
+	<target host="cdn.dnsimple.com" />
+	<target host="developer.dnsimple.com" />
+	<target host="make-it-nice.dnsimple.com" />
+	<target host="newsletter.dnsimple.com" />
+	<target host="platform.dnsimple.com" />
+	<target host="sandbox.dnsimple.com" />
+	<target host="slack.dnsimple.com" />
+	<target host="staging.dnsimple.com" />
+	<target host="store.dnsimple.com" />
+	<target host="study.dnsimple.com" />
+	<target host="support.dnsimple.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/DNSstuff.com.xml b/src/chrome/content/rules/DNSstuff.com.xml
index 2a0ad6b29783..4a808243da40 100644
--- a/src/chrome/content/rules/DNSstuff.com.xml
+++ b/src/chrome/content/rules/DNSstuff.com.xml
@@ -1,13 +1,52 @@
-<ruleset name="DNSstuff.com">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.dnsstuff.com/dnsmedia/images/dnsstufflogotag.png => https://www.dnsstuff.com/dnsmedia/images/dnsstufflogotag.png: Too many redirects while fetching 'https://www.dnsstuff.com/dnsmedia/images/dnsstufflogotag.png'
+Fetch error: http://www.dnsstuff.com/images/blank.png => https://www.dnsstuff.com/images/blank.png: Too many redirects while fetching 'https://www.dnsstuff.com/images/blank.png'
+Fetch error: http://www.dnsstuff.com/member => https://www.dnsstuff.com/member: Too many redirects while fetching 'https://www.dnsstuff.com/member'
+Fetch error: http://www.dnsstuff.com/member/login/ => https://www.dnsstuff.com/member/login/: Too many redirects while fetching 'https://www.dnsstuff.com/member/login/'
+Fetch error: http://www.dnsstuff.com/member/register/ => https://www.dnsstuff.com/member/register/: Too many redirects while fetching 'https://www.dnsstuff.com/member/register/'
+Fetch error: http://www.dnsstuff.com/templates/system/css/general.css => https://www.dnsstuff.com/templates/system/css/general.css: Too many redirects while fetching 'https://www.dnsstuff.com/templates/system/css/general.css'
+
+-->
+<ruleset name="DNSstuff.com (partial)" default_off="failed ruleset test">
 
 	<target host="dnsstuff.com" />
-	<target host="*.dnsstuff.com" />
+	<target host="www.dnsstuff.com" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.dnsstuff\.com/(?:$|company$|favicon\.ico|support$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.dnsstuff\.com/+(?!dnsmedia/|images/|member(?:$|[?/])|templates/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.dnsstuff.com/company" />
+			<test url="http://www.dnsstuff.com/domain-doctor-dashboard" />
+			<test url="http://www.dnsstuff.com/favicon.ico" />
+			<test url="http://www.dnsstuff.com/mstc" />
+			<test url="http://www.dnsstuff.com/products/overview" />
+			<test url="http://www.dnsstuff.com/rblalerts" />
+			<test url="http://www.dnsstuff.com/support" />
+			<test url="http://www.dnsstuff.com/tools" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.dnsstuff.com/dnsmedia/images/dnsstufflogotag.png" />
+			<test url="http://www.dnsstuff.com/images/blank.png" />
+			<test url="http://www.dnsstuff.com/member" />
+			<test url="http://www.dnsstuff.com/member/login/" />
+			<test url="http://www.dnsstuff.com/member/register/" />
+			<test url="http://www.dnsstuff.com/templates/system/css/general.css" />
 
 
-	<securecookie host="^\.dnsstuff\.com$" name=".+" />
+	<!--securecookie host="^\.dnsstuff\.com$" name=".+" /-->
 
 
-	<rule from="^http://(www\.)?dnsstuff\.com/"
-		to="https://$1dnsstuff.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/DNTX.com.xml b/src/chrome/content/rules/DNTX.com.xml
new file mode 100644
index 000000000000..c14a6976c9b5
--- /dev/null
+++ b/src/chrome/content/rules/DNTX.com.xml
@@ -0,0 +1,18 @@
+<!--
+  Redirects to tonic.com
+	Other DNTX rulesets:
+
+	^: dropped
+
+-->
+<ruleset name="DNTX.com">
+
+	<target host="dntx.com" />
+	<target host="www.dntx.com" />
+
+
+	<securecookie host="^www\.dntx\.com$" name=".+" />
+
+  <rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DOCLIX.xml b/src/chrome/content/rules/DOCLIX.xml
deleted file mode 100644
index a9088c37cdcd..000000000000
--- a/src/chrome/content/rules/DOCLIX.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	Nonfunctional domains:
-
-		- (www.)adside.com
-		- (www.)doclix.com
-
--->
-<ruleset name="DOCLIX (partial)">
-
-	<target host="*.doclix.com" />
-
-
-	<!--	- Cert doesn't match ads
-		- Ads included on 3rd-party websites
-							-->
-	<rule from="^https?://(?:ads|track)\.doclix\.com/"
-		to="https://track.doclix.com/" />
-
-	<rule from="^http://(advertis|publish)er\.doclix\.com/"
-		to="https://$1er.doclix.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/DONGEnergy.xml b/src/chrome/content/rules/DONGEnergy.xml
new file mode 100644
index 000000000000..16236fe55370
--- /dev/null
+++ b/src/chrome/content/rules/DONGEnergy.xml
@@ -0,0 +1,59 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ditgadelys.dongenergy.dk/ => https://ditgadelys.dongenergy.dk/: (28, 'Connection timed out after 20001 milliseconds')
+
+
+	Problematic hosts:
+
+		- dongenergy.com ¹
+		- www.dongenergy.com ²
+		- assets.dongenergy.com ²
+		- brandcentre.dongenergy.com ²
+		- grien.dongenergy.com ³
+		- grida.dongenergy.com ³
+		- gri2009da.dongenergy.com ³
+		- gri2009en.dongenergy.com ³
+		- mensduventer.dongenergy.com ²
+		- windpowerpatents.dongenergy.com ²
+
+		- dongenergy.de ¹
+		- www.dongenergy.de ⁴
+
+		- dongenergy.dk ¹
+		- gis.dongenergy.dk ⁴
+		- pp.edit.test.dongenergy.dk ²
+		- windgis.dongenergy.dk ¹
+
+		- dongenergy.se ¹
+		- www.dongenergy.se ⁴
+
+		- dongenergy.co.uk ¹
+		- www.dongenergy.co.uk ⁴
+
+	¹: Timeout
+	²: Serves a broken certificate chain
+	³: Self-signed
+	⁴: Refused
+
+-->
+<ruleset name="DONG Energy" default_off="failed ruleset test">
+
+	<target host="tendering.dongenergy.com" />
+
+	<target host="dongenergy.dk" />
+	<target host="www.dongenergy.dk" />
+	<target host="cpw.dongenergy.dk" />
+	<target host="ditgadelys.dongenergy.dk" />
+	<target host="energimanager.dongenergy.dk" />
+	<target host="www.energimanager.dongenergy.dk" />
+	<target host="pims.dongenergy.dk" />
+	<target host="selvbetjening.dongenergy.dk" />
+
+	<rule from="^http://dongenergy\.dk/"
+		to="https://www.dongenergy.dk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DPB.sk.xml b/src/chrome/content/rules/DPB.sk.xml
new file mode 100644
index 000000000000..f9421204f8db
--- /dev/null
+++ b/src/chrome/content/rules/DPB.sk.xml
@@ -0,0 +1,7 @@
+<ruleset name="DPB.sk">
+	<target host="dpb.sk" />
+	<target host="www.dpb.sk" />
+	<target host="ecard.dpb.sk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/DPC-Frontier.com.xml b/src/chrome/content/rules/DPC-Frontier.com.xml
new file mode 100644
index 000000000000..3cc31c8f6a45
--- /dev/null
+++ b/src/chrome/content/rules/DPC-Frontier.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="DPC Frontier.com">
+	<target host="dpcfrontier.com" />
+	<target host="www.dpcfrontier.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/DPMC.xml b/src/chrome/content/rules/DPMC.xml
new file mode 100644
index 000000000000..0f3d42a94566
--- /dev/null
+++ b/src/chrome/content/rules/DPMC.xml
@@ -0,0 +1,27 @@
+<!--
+	Department of the Prime Minister and Cabinet
+
+
+	Insecure cookies are set for these domains:
+
+		- .dpmc.gov.au
+
+-->
+<ruleset name="DPMC.gov.au">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="dpmc.gov.au" />
+	<target host="www.dpmc.gov.au" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.dpmc\.gov\.au$" name="^citrix_ns_id.*" /-->
+
+	<securecookie host="^\.dpmc\.gov\.au$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/DR.com.tr.xml b/src/chrome/content/rules/DR.com.tr.xml
index 7be9e11b09cb..7c73d1904267 100644
--- a/src/chrome/content/rules/DR.com.tr.xml
+++ b/src/chrome/content/rules/DR.com.tr.xml
@@ -1,8 +1,22 @@
-<ruleset name="DR.com.tr">
-  <target host="www.dr.com.tr" />
-  <target host="dr.com.tr" />
-
-  <securecookie host="^(.*\.)?dr\.com\.tr$" name=".*" />
-
-  <rule from="^http://(www\.)?dr\.com\.tr/" to="https://www.dr.com.tr/" />
-</ruleset>
\ No newline at end of file
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.dr.com.tr/ => https://www.dr.com.tr/: Too many redirects while fetching 'https://www.dr.com.tr/'
+Fetch error: http://dr.com.tr/ => https://www.dr.com.tr/: Too many redirects while fetching 'https://www.dr.com.tr/'
+
+-->
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.dr.com.tr/ => https://www.dr.com.tr/: Too many redirects while fetching 'https://www.dr.com.tr/'
+Fetch error: http://dr.com.tr/ => https://www.dr.com.tr/: Too many redirects while fetching 'https://www.dr.com.tr/'
+
+-->
+<ruleset name="DR.com.tr" default_off="failed ruleset test">
+  <target host="www.dr.com.tr" />
+  <target host="dr.com.tr" />
+
+  <securecookie host=".+" name=".+" />
+
+  <rule from="^http://(?:www\.)?dr\.com\.tr/" to="https://www.dr.com.tr/" />
+</ruleset>
diff --git a/src/chrome/content/rules/DR.dk.xml b/src/chrome/content/rules/DR.dk.xml
new file mode 100644
index 000000000000..69e9a629a7c1
--- /dev/null
+++ b/src/chrome/content/rules/DR.dk.xml
@@ -0,0 +1,26 @@
+<!--
+	Mixed content:
+
+		- Images from $self *
+		- Images from pbs.twimg.com *
+
+	* Secured by us
+
+-->
+<ruleset name="DR.dk">
+
+	<target host="dr.dk" />
+	<target host="asset.dr.dk" />
+	<target host="www.dr.dk" />
+
+	<!-- Causes redirect loops: -->
+	<exclusion pattern="^http://www\.dr\.dk/(?:radio/.|mu/|assets/js/004/dr/elements/dist/swf/)" />
+
+	<test url="http://www.dr.dk/radio/ondemand/p1/bagklog-pa-p1-12" />
+	<test url="http://www.dr.dk/mu/programcard/expanded/bagklog-pa-p1-12" />
+	<test url="http://www.dr.dk/assets/js/004/dr/elements/dist/swf/audioplayer_4ba05f7811c0ca29a75c10115162a1b3.swf" />
+
+	<rule from="^http:" to="https:" />
+
+
+</ruleset>
diff --git a/src/chrome/content/rules/DRDB.xml b/src/chrome/content/rules/DRDB.xml
deleted file mode 100644
index 81b45a80482e..000000000000
--- a/src/chrome/content/rules/DRDB.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<ruleset name="DRDB" default_off="mismatch">
-
-	<target host="drbd.org"/>
-	<target host="www.drbd.org"/>
-
-	<rule from="^http://(www\.)?drdb\.org/"
-		to="https://www.drdb.org/"/>
-
-	<securecookie host="^www\.drdb\.org$" name=".*"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/DRG_Network.com.xml b/src/chrome/content/rules/DRG_Network.com.xml
new file mode 100644
index 000000000000..e7d025e6709f
--- /dev/null
+++ b/src/chrome/content/rules/DRG_Network.com.xml
@@ -0,0 +1,18 @@
+<!--
+	Nonfunctional hosts in *drgnetwork.com:
+
+		- (www.)? ʳ
+		- newsletters ʳ
+
+	ʳ Refused
+
+-->
+<ruleset name="DRG Network.com (partial)">
+
+	<target host="ssl.drgnetwork.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DRM.info.xml b/src/chrome/content/rules/DRM.info.xml
index c3570a70c3e7..b2fb2db4160b 100644
--- a/src/chrome/content/rules/DRM.info.xml
+++ b/src/chrome/content/rules/DRM.info.xml
@@ -1,13 +1,12 @@
-<ruleset name="DRM.info">
+<ruleset name="DRM.info" default_off="mismatched">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="drm.info" />
-	<target host="*.drm.info" />
+	<target host="www.drm.info" />
 
 
-	<securecookie host="^\.drm\.info$" name=".+" />
+	<rule from="^http:"
+		to="https:" />
 
-
-	<rule from="^http://(www\.)?drm\.info/"
-		to="https://$1drm.info/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/DRS.ch.xml b/src/chrome/content/rules/DRS.ch.xml
new file mode 100644
index 000000000000..7cd78a15710d
--- /dev/null
+++ b/src/chrome/content/rules/DRS.ch.xml
@@ -0,0 +1,26 @@
+<!--
+	For other SRG SSR coverage, see SRGSSR.ch.xml.
+
+	Nonfunctional hosts in *.drs.ch:
+
+		- drs.ch (t)
+		- www.drs.ch (t)
+		- audio.drs.ch (m)
+		- blog.drs.ch (t)
+		- jobs.drs.ch (t)
+		- mobile.drs.ch (t)
+		- modules.drs.ch (t)
+		- podcast.drs.ch (t)
+		- www2.drs.ch (t)
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Drs.ch (partial)">
+	<target host="pod.drs.ch" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/DSF.my.xml b/src/chrome/content/rules/DSF.my.xml
new file mode 100644
index 000000000000..a8e6bd22594b
--- /dev/null
+++ b/src/chrome/content/rules/DSF.my.xml
@@ -0,0 +1,11 @@
+<!--
+	Active mixed content:
+		- www.dsf.my
+-->
+
+<ruleset name="DSF.my" platform="mixedcontent">
+	<target host="dsf.my" />
+	<target host="www.dsf.my" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/DSLReports.xml b/src/chrome/content/rules/DSLReports.xml
new file mode 100644
index 000000000000..76105aeed5ff
--- /dev/null
+++ b/src/chrome/content/rules/DSLReports.xml
@@ -0,0 +1,38 @@
+<!--
+	Update ruleset as per following issue, https://github.com/EFForg/https-everywhere/issues/2058
+-->
+<ruleset name="DSLReports">
+
+	<target host="broadbandreports.com" />
+	<target host="www.broadbandreports.com" />
+	<target host="i.dslr.net" />
+	<target host="dslreports.ca" />
+	<target host="www.dslreports.ca" />
+	<target host="dslreports.com" />
+	<target host="www.dslreports.com" />
+
+	<!-- https://github.com/EFForg/https-everywhere/issues/6978 -->
+	<exclusion pattern="^http://www\.dslreports\.com/speedtest" />
+		<test url="http://www.dslreports.com/speedtest" />
+		<test url="http://www.dslreports.com/speedtest?httpsok=0" />
+		<test url="http://www.dslreports.com/speedtest?httpsok=1" />
+
+	<!-- JS redirect, see https://github.com/EFForg/https-everywhere/issues/8488 -->
+	<exclusion pattern="^http://www\.dslreports\.com/tools/puma6$" />
+		<test url="http://www.dslreports.com/tools/puma6" />
+	<exclusion pattern="^http://www\.dslreports\.com/front/puma6.html$" />
+		<test url="http://www.dslreports.com/front/puma6.html" />
+
+	<securecookie host="^.*\.dslreports\.com$" name=".+" />
+
+	<rule from="^http://(www\.)?broadbandreports\.com/"
+		to="https://www.dslreports.com/" />
+
+	<rule from="^http://(www\.)?dslreports\.ca/"
+		to="https://www.dslreports.com/" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DSNR-Media-Group.xml b/src/chrome/content/rules/DSNR-Media-Group.xml
index c796fc549dd9..e0a35e207cd7 100644
--- a/src/chrome/content/rules/DSNR-Media-Group.xml
+++ b/src/chrome/content/rules/DSNR-Media-Group.xml
@@ -1,4 +1,10 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ad.z5x.net/ => https://ad.rmxads.net/: (6, 'Could not resolve host: ad.rmxads.net')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://ad.z5x.net/ => https://ad.rmxads.net/: (28, 'Resolving timed out after 10519 milliseconds')
 	Nonfunctional domains:
 
 		- (www.)dsnrmg.com	(cert: localhost.localdomain; shows CentOS Apache test page)
@@ -6,14 +12,14 @@
 		- (www.)z5x.net		(times out)
 
 -->
-<ruleset name="DSNR Media Group (partial)">
+<ruleset name="DSNR Media Group (partial)" default_off="failed ruleset test">
 
 	<target host="ad.z5x.net" />
 
 
 	<!--	Cert mismatch.
 				-->
-	<rule from="^https?://ad\.z5x\.net/"
+	<rule from="^http://ad\.z5x\.net/"
 		to="https://ad.rmxads.net/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/DS_Internals.com.xml b/src/chrome/content/rules/DS_Internals.com.xml
new file mode 100644
index 000000000000..65d08a84b52f
--- /dev/null
+++ b/src/chrome/content/rules/DS_Internals.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these domains and hosts:
+
+		- dsinternals.com
+		- .dsinternals.com
+		- www.dsinternals.com
+
+-->
+<ruleset name="DS Internals.com">
+
+	<target host="dsinternals.com" />
+	<target host="www.dsinternals.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?dsinternals\.com$" name="^pll_language$" /-->
+	<!--securecookie host="^\.dsinternals\.com$" name="^ARRAffinity$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DTInt.com.xml b/src/chrome/content/rules/DTInt.com.xml
new file mode 100644
index 000000000000..066e72fc2578
--- /dev/null
+++ b/src/chrome/content/rules/DTInt.com.xml
@@ -0,0 +1,29 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://customersonly.dtint.com/ => https://customersonly.dtint.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+	(www.)?dtint.com: Refused
+
+
+	Insecure cookies are set for these hosts:
+
+		- customersonly.dtint.com
+
+-->
+<ruleset name="DTInt.com (partial)" default_off="failed ruleset test">
+
+	<target host="customersonly.dtint.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^customersonly\.dtint\.com$" name="^(?:CFID|CFTOKEN)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DTunnel.xml b/src/chrome/content/rules/DTunnel.xml
deleted file mode 100644
index b7dad8b4724a..000000000000
--- a/src/chrome/content/rules/DTunnel.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="DTunnel" platform="mixedcontent">
-  <target host="dtunnel.com" />
-  <target host="www.dtunnel.com" />
-
-  <securecookie host="^(.+\.)?dtunnel\.com$" name=".*"/>
-
-  <rule from="^http://(?:www\.)?dtunnel\.com/" to="https://dtunnel.com/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/DVDFab.xml b/src/chrome/content/rules/DVDFab.xml
index 3163070477d1..7e20af1bfb7c 100644
--- a/src/chrome/content/rules/DVDFab.xml
+++ b/src/chrome/content/rules/DVDFab.xml
@@ -1,8 +1,21 @@
-<ruleset name="DVDFab" default_off="TLS error">
-  <target host="www.dvdfab.com" />
-  <target host="www.dvdfab.net" />
-  <target host="dvdfab.com" />
-  <target host="dvdfab.net" />
+<!--
+	Nonfunctional hosts in *dvdfab.n:
+
+		- blog ᵃ
+		- forum ᵃ
+
+	ᵃ Shows secure.vidon.me
+
+
+	(www.)?dvdfab.cn: Mismatched
+
+-->
+<ruleset name="DVDFab.cn (partial)">
+
+	<target host="secure.dvdfab.cn" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
-  <rule from="^https?://(?:www\.)?dvdfab\.(com|net)/" to="https://www.dvdfab.$1/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/DVIDS_Hub.net.xml b/src/chrome/content/rules/DVIDS_Hub.net.xml
new file mode 100644
index 000000000000..b9e1c10210a0
--- /dev/null
+++ b/src/chrome/content/rules/DVIDS_Hub.net.xml
@@ -0,0 +1,48 @@
+<!--
+	Problematic domains:
+
+		- d[123].static.dvidshub.net *
+		- (www.)nasaimages.org *
+
+	* Cert only matches *.dvidshub.net
+
+
+	Mixed content:
+
+		- css from fonts.googleapis.com *
+
+		- Images, from:
+
+			- static *
+			- d[123].static *
+
+	* Secured by us
+
+-->
+<ruleset name="DVIDS Hub.net">
+
+	<target host="dvidshub.net" />
+	<target host="*.dvidshub.net" />
+	<target host="nasaimages.org" />
+	<target host="www.nasaimages.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.dvidshub\.net$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\.dvidshub\.net$" name=".+" />
+
+
+	<rule from="^http://(www\.)?dvidshub\.net/"
+		to="https://$1dvidshub.net/" />
+
+	<rule from="^http://(?:d\d\.)?static\.dvidshub\.net/"
+		to="https://static.dvidshub.net/" />
+
+	<!--	Redirect preserves path and args:
+							-->
+	<rule from="^http://(?:www\.)?nasaimages\.org/+"
+		to="https://www.dvidshub.net/unit/NASA" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DW-World.de.xml b/src/chrome/content/rules/DW-World.de.xml
new file mode 100644
index 000000000000..a1ece54b3931
--- /dev/null
+++ b/src/chrome/content/rules/DW-World.de.xml
@@ -0,0 +1,16 @@
+<!--
+	For other DW.com rulesets, see DW.com.xml
+-->
+<ruleset name="DW-World.de (partial)">
+
+	<target host="dw-world.de" />
+	<target host="www.dw-world.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<!-- Invalid certificate on https://(www.)?dw-world.de/,
+		http://(www.)?dw-world.de/ redirect to https://www.dw.com/.-->
+	<rule from="^http://(www\.)?dw-world\.de/"
+			to="https://www.dw.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DW.com.xml b/src/chrome/content/rules/DW.com.xml
new file mode 100644
index 000000000000..8d30baeed1ed
--- /dev/null
+++ b/src/chrome/content/rules/DW.com.xml
@@ -0,0 +1,81 @@
+<!--
+	See also:
+		- DW.de.xml
+		- DW-World.de.xml
+
+	Invalid certificate:
+		- buwa.dw.com
+		- nl.dw.com
+		- (*.)?nl-am.dw.com
+		- (*.)?nl-ar.dw.com
+		- (*.)?nl-bg.dw.com
+		- (*.)?nl-bn.dw.com
+		- (*.)?nl-bs.dw.com
+		- (*.)?nl-de.dw.com
+		- (*.)?nl-el.dw.com
+		- (*.)?nl-en.dw.com
+		- (*.)?nl-es.dw.com
+		- (*.)?nl-pt.dw.com
+		- (*.)?nl-ru.dw.com
+		- (*.)?nl-uk.dw.com
+		- (*.)?nl-zh.dw.com
+		- pageflow-image.dw.com
+		- radio-download.dw.com
+		- tv-download.dw.com
+
+	Timeout:
+		- deutschkurse.dw.com
+		- kickoff.dw.com
+		- mdm.dw.com
+
+	Unable to get local issuer certificate:
+		- b2bmftftp.dw.com
+-->
+<ruleset name="DW.com">
+	<target host="dw.com" />
+	<target host="www.dw.com" />
+	<target host="akademie.dw.com" />
+	<target host="akademie-anmeldung.dw.com" />
+	<target host="amp.dw.com" />
+	<target host="api.dw.com" />
+	<target host="audiodepot.dw.com" />
+	<target host="b2b.dw.com" />
+	<target host="blogs.dw.com" />
+	<target host="charts.dw.com" />
+	<target host="commons.dw.com" />
+	<target host="connect.dw.com" />
+	<target host="expedition-heimat.dw.com" />
+	<target host="fussball.dw.com" />
+	<target host="git.dw.com" />
+	<target host="harry.dw.com" />
+	<target host="jira.dw.com" />
+	<target host="learngerman.dw.com" />
+	<target host="lingofox.dw.com" />
+	<target host="m.dw.com" />
+	<target host="mediacenter.dw.com" />
+	<target host="meetings.dw.com" />
+	<target host="mft.dw.com" />
+	<target host="mobile.dw.com" />
+	<target host="multimedia.dw.com" />
+	<target host="om.dw.com" />
+	<target host="p.dw.com" />
+	<target host="partner.dw.com" />
+	<target host="player.dw.com" />
+	<target host="recruiting.dw.com" />
+	<target host="rss.dw.com" />
+	<target host="sandbox.dw.com" />
+	<target host="social.dw.com" />
+	<target host="specials.dw.com" />
+	<target host="training.dw.com" />
+	<target host="vdt.dw.com" />
+	<target host="visualdata.dw.com" />
+	<target host="visualstories.dw.com" />
+	<target host="web-mail.dw.com" />
+	<target host="webdocs.dw.com" />
+	<target host="webmo.dw.com" />
+	<target host="www9.dw.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/DW.de.xml b/src/chrome/content/rules/DW.de.xml
index 9a97e1f4ad2d..200156b1fd59 100644
--- a/src/chrome/content/rules/DW.de.xml
+++ b/src/chrome/content/rules/DW.de.xml
@@ -1,35 +1,19 @@
 <!--
-	CDN buckets:
-
-		- mediacenter.dw.de.edgesuite.net
-
-			- a38.g.akamai.net
-
-		- www.dw.de.edgesuite.net
-
-			- a1697.g.akamai.net
-
-
-	Nonfunctional subdomains:
-
-		- www7.dw-world.de *
-
-		- dw.de subdomains:
-
-			- ^ *
-			- mediacenter **
-			- www **
-
-	* http reply
-	** 503, akamai
-
+	For other DW.com rulesets, see DW.com.xml
 -->
 <ruleset name="DW.de (partial)">
 
+	<target host="dw.de" />
+	<target host="www.dw.de" />
 	<target host="social.dw.de" />
 
+	<securecookie host=".+" name=".+" />
+
+	<!-- Invalid certificate on https://(www.)?dw.de/,
+		http://(www.)?dw.de/ redirect to https://www.dw.com/.-->
+	<rule from="^http://(www\.)?dw\.de/"
+			to="https://www.dw.com/" />
 
-	<rule from="^http://social\.dw\.de/"
-		to="https://social.dw.de/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/DWCDN.net.xml b/src/chrome/content/rules/DWCDN.net.xml
new file mode 100644
index 000000000000..03e52607411a
--- /dev/null
+++ b/src/chrome/content/rules/DWCDN.net.xml
@@ -0,0 +1,29 @@
+<!--
+	Fully covered hosts in *dwcdn.net:
+
+		- datawrapper
+
+
+	Insecure cookies are set for these domains:
+
+		- .dwcdn.net
+
+-->
+<ruleset name="DWCDN.net">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="datawrapper.dwcdn.net" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.dwcdn\.net$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.dwcdn\.net$" name="^(?:__cfduid|cf_clearance)$" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DWheeler.xml b/src/chrome/content/rules/DWheeler.xml
index be3e2cfe0a1e..625f3cd28269 100644
--- a/src/chrome/content/rules/DWheeler.xml
+++ b/src/chrome/content/rules/DWheeler.xml
@@ -4,6 +4,6 @@
 	<target host="www.dwheeler.com"/>
 
 	<rule from="^http://(?:www\.)?dwheeler\.com/"
-		to="https://www.dwheeler.com/"/>
+		to="https://dwheeler.com/"/>
 
 </ruleset>
diff --git a/src/chrome/content/rules/DWin1.com.xml b/src/chrome/content/rules/DWin1.com.xml
index b7b5ba52e98d..8559d4a7d2ff 100644
--- a/src/chrome/content/rules/DWin1.com.xml
+++ b/src/chrome/content/rules/DWin1.com.xml
@@ -13,7 +13,6 @@
 	<target host="www.dwin1.com" />
 
 
-	<rule from="^http://(?:www\.)?dwin1\.com/"
-		to="https://www.dwin1.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/DYC.edu-mixedcontent.xml b/src/chrome/content/rules/DYC.edu-mixedcontent.xml
new file mode 100644
index 000000000000..779a31524690
--- /dev/null
+++ b/src/chrome/content/rules/DYC.edu-mixedcontent.xml
@@ -0,0 +1,16 @@
+<!--
+	For other DYC coverage, see DYC.edu.xml
+
+	Mixed content from calendar.dyc.edu on www.dyc.edu and careers.dyc.edu
+-->
+<ruleset name="DYC.edu (mixedcontent)" platform="mixedcontent">
+
+	<target host="dyc.edu" />
+	<target host="www.dyc.edu" />
+	<target host="careers.dyc.edu" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DYC.edu.xml b/src/chrome/content/rules/DYC.edu.xml
index 9247d695a64f..2b197364fc31 100644
--- a/src/chrome/content/rules/DYC.edu.xml
+++ b/src/chrome/content/rules/DYC.edu.xml
@@ -1,27 +1,40 @@
 <!--
 	D'Youville College
 
-
-	Problematic subdomains:
-
-		- opensource	(self-signed)
-		- virtual	(expired 2011-11-16, CN: localhost)
-
-
-	Nonfunctional subdomains:
-
-		- tweedledee	(dropped)
-
+	For other DYC coverage, see DYC.edu-mixedcontent.xml
+
+	Nonfunctional hosts in *.dyc.edu:
+		- athletics.dyc.edu (m)
+		- calendar.dyc.edu (r)
+		- library.dyc.edu (403)
+		- depts.dyc.edu (403)
+		- spartancentral.dyc.edu (m)
+
+	Mixed content from calendar.dyc.edu on www.dyc.edu and careers.dyc.edu
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
 -->
-<ruleset name="DYC.edu (partial)" default_off="expired, self-signed">
-
-	<target host="*.dyc.edu" />
-
-
-	<securecookie host="^\.opensource\.dyc\.edu$" name=".+" />
-
-
-	<rule from="^http://(opensource|virtual)\.dyc\.edu/"
-		to="https://$1.dyc.edu/" />
+<ruleset name="DYC.edu (partial)">
+
+	<target host="ads.dyc.edu" />
+		<test url="http://ads.dyc.edu/dyouville_g_freshmen/" />
+	<target host="casi.dyc.edu" />
+	<target host="faid.dyc.edu" />
+	<target host="gallery.dyc.edu" />
+	<target host="moodle.dyc.edu" />
+	<target host="portal.dyc.edu" />
+	<target host="publications.dyc.edu" />
+	<target host="services.dyc.edu" />
+		<test url="http://services.dyc.edu/Student/Home/Privacy" />
+	<target host="student.dyc.edu" />
+	<target host="voices.dyc.edu" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/DZone.com.xml b/src/chrome/content/rules/DZone.com.xml
new file mode 100644
index 000000000000..2711c0e17eda
--- /dev/null
+++ b/src/chrome/content/rules/DZone.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Nonfunctional hosts in *dzone.com:
+
+		- careers ᴶ
+
+	ᴶ Jazz/redirects to http
+
+-->
+<ruleset name="DZone.com (partial)">
+
+	<target host="dzone.com" />
+	<target host="beta.dzone.com" />
+	<target host="dz2cdn1.dzone.com" />
+	<target host="dz2cdn2.dzone.com" />
+	<target host="dz2cdn3.dzone.com" />
+	<target host="www.dzone.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Da.gd.xml b/src/chrome/content/rules/Da.gd.xml
new file mode 100644
index 000000000000..997b177ab488
--- /dev/null
+++ b/src/chrome/content/rules/Da.gd.xml
@@ -0,0 +1,10 @@
+<ruleset name="Da.gd">
+	<target host="da.gd" />
+	<target host="www.da.gd" />
+	<target host="4.da.gd" />
+	<target host="6.da.gd" />
+	<target host="ipv4.da.gd" />
+	<target host="ipv6.da.gd" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/DaWanda.xml b/src/chrome/content/rules/DaWanda.xml
index 13635a578de9..1d4d032ecb7f 100644
--- a/src/chrome/content/rules/DaWanda.xml
+++ b/src/chrome/content/rules/DaWanda.xml
@@ -42,15 +42,23 @@
 -->
 <ruleset name="DaWanda (partial)">
 
-	<target host="*.dawanda.com" />
+	<target host="assets.dawanda.com" />
+	<target host="de.dawanda.com" />
+	<target host="en.dawanda.com" />
+	<target host="es.dawanda.com" />
+	<target host="fr.dawanda.com" />
+	<target host="it.dawanda.com" />
+	<target host="nl.dawanda.com" />
+	<target host="pl.dawanda.com" />
+	<target host="img.dawanda.com" />
 		<exclusion pattern="^http://(?:de|en|es|fr|it|nl|pl)\.dawanda.com/(?!(?:account/login|cms/c/\w\w/seller-portal)(?:$|\?|/)|cms/(?:image|javascript|stylesheet)s/|_pi_/|uo/|trck/|widget/)" />
-	<target host="*.dawandastatic.com" />
+	<target host="s31.dawandastatic.com" />
+	<target host="s32.dawandastatic.com" />
 
 
-	<rule from="^http://(assets|de|en|es|fr|it|nl|pl)\.dawanda\.com/"
-		to="https://$1.dawanda.com/" />
 
-	<rule from="^https?://(?:img\.dawanda|s3[12]\.dawandastatic)\.com/"
+	<rule from="^http://(?:img\.dawanda|s3[12]\.dawandastatic)\.com/"
 		to="https://dawandaimages.s3.amazonaws.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Da_Capo_Alfine-dd.de.xml b/src/chrome/content/rules/Da_Capo_Alfine-dd.de.xml
new file mode 100644
index 000000000000..838af82cbe28
--- /dev/null
+++ b/src/chrome/content/rules/Da_Capo_Alfine-dd.de.xml
@@ -0,0 +1,20 @@
+<!--
+	Mixed content:
+
+		- Image from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Da Capo Alfine-dd.de">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="dacapoalfine-dd.de" />
+	<target host="www.dacapoalfine-dd.de" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Dabplus.ch.xml b/src/chrome/content/rules/Dabplus.ch.xml
new file mode 100644
index 000000000000..b97292bf5a44
--- /dev/null
+++ b/src/chrome/content/rules/Dabplus.ch.xml
@@ -0,0 +1,6 @@
+<ruleset name="Dabplus.ch">
+	<target host="dabplus.ch" />
+	<target host="www.dabplus.ch" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Dabplus.de.xml b/src/chrome/content/rules/Dabplus.de.xml
new file mode 100644
index 000000000000..7fb0436b8ae4
--- /dev/null
+++ b/src/chrome/content/rules/Dabplus.de.xml
@@ -0,0 +1,6 @@
+<ruleset name="Dabplus.de">
+	<target host="dabplus.de" />
+	<target host="www.dabplus.de" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Dabs.xml b/src/chrome/content/rules/Dabs.xml
index 08311ee25bc2..fabaf0d690f4 100644
--- a/src/chrome/content/rules/Dabs.xml
+++ b/src/chrome/content/rules/Dabs.xml
@@ -6,6 +6,9 @@
 
 		- ^	(times out)
 
+
+	Server is configured for rc4 only.
+
 -->
 <ruleset name="dabs (partial)">
 
@@ -14,10 +17,10 @@
 		<!--exclusion pattern="^http://www\.dabs\.com/brands/$" /-->
 
 
-	<rule from="^http://(?:www\.)?dabs\.com/(?=account|Article\.aspx|articles/|asp-images/|blank\.html|(?:blog|products/recently-viewed|wishlist)(?:$|[?/])|brands/(?!$)|[cC]ss/|checkout|clearance-corner|contact/|forms/|forum/|go/|[iI]mages/|learn-more|my-dabs|register|[sS]cripts/|SimpleContent/)"
+	<rule from="^http://(?:www\.)?dabs\.com/(?=account|Article\.aspx|articles/|asp-images/|blank\.html|(?:blog|products/recently-viewed|wishlist)(?:$|[?/])|brands/(?!$)|[cC]ss/|checkout|clearance-corner|cms/|contact/|forms/|forum/|go/|[iI]mages/|learn-more|my-dabs|register|[sS]cripts/|SimpleContent/)"
 		to="https://www.dabs.com/" />
 
 	<rule from="^http://reporting\.dabs\.com/"
 		to="https://reporting.dabs.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Daemon-systems.org.xml b/src/chrome/content/rules/Daemon-systems.org.xml
new file mode 100644
index 000000000000..aee758e65a23
--- /dev/null
+++ b/src/chrome/content/rules/Daemon-systems.org.xml
@@ -0,0 +1,15 @@
+<!--
+	^daemon-systems.org doesn't exist.
+
+-->
+<ruleset name="daemon-systems.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.daemon-systems.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DaemonPage.com.xml b/src/chrome/content/rules/DaemonPage.com.xml
new file mode 100644
index 000000000000..f688e082126e
--- /dev/null
+++ b/src/chrome/content/rules/DaemonPage.com.xml
@@ -0,0 +1,15 @@
+<!--
+	Mimatched:
+		- www.daemonpage.com
+		- autodiscover.daemonpage.com
+		- ftp.daemonpage.com
+		- mail.daemonpage.com
+		- webmail.daemonpage.com
+-->
+<ruleset name="DaemonPage.com">
+	<target host="daemonpage.com" />
+	<target host="www.daemonpage.com" />
+
+	<rule from="^http://www\.daemonpage\.com/" to="https://daemonpage.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Dafatiri.com.xml b/src/chrome/content/rules/Dafatiri.com.xml
new file mode 100644
index 000000000000..20ddcfe9efae
--- /dev/null
+++ b/src/chrome/content/rules/Dafatiri.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="Dafatiri.com" platform="mixedcontent">
+	<target host="dafatiri.com" />
+	<target host="www.dafatiri.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Dafdirect.org.xml b/src/chrome/content/rules/Dafdirect.org.xml
new file mode 100644
index 000000000000..9a0f679d0155
--- /dev/null
+++ b/src/chrome/content/rules/Dafdirect.org.xml
@@ -0,0 +1,22 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://dafdirect.org/ (200) => https://www.dafdirect.org/ (404)
+Non-2xx HTTP code: http://www.dafdirect.org/ (200) => https://www.dafdirect.org/ (404)
+
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://dafdirect.org/ (200) => https://www.dafdirect.org/ (404)
+Non-2xx HTTP code: http://www.dafdirect.org/ (200) => https://www.dafdirect.org/ (404)
+	^: cert only matches www
+
+-->
+<ruleset name="dafdirect.org" default_off="failed ruleset test">
+
+	<target host="dafdirect.org" />
+	<target host="www.dafdirect.org" />
+
+
+	<rule from="^http://(?:www\.)?dafdirect\.org/"
+		to="https://www.dafdirect.org/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Dafont.com.xml b/src/chrome/content/rules/Dafont.com.xml
deleted file mode 100644
index 501f23733f37..000000000000
--- a/src/chrome/content/rules/Dafont.com.xml
+++ /dev/null
@@ -1,65 +0,0 @@
-<!--
-	Expired 2012/11/27
-
--->
-<ruleset name="dafont.com (partial)" default_off="expired">
-
-	<target host="dafont.com" />
-	<target host="*.dafont.com" />
-		<!--	See comments below.	-->
-		<exclusion pattern="^http://(www\.)?dafont\.com/([\w\-]+\.font$|forum/($|read/))" />
-
-
-	<!--	Some pages 404 over https.
-
-		These do:
-
-			- forum/read/\d{5}/[\w\-]+
-				- e.g. dafont.com/forum/read/49221/can-anyone-identify-this-font
-			- [\w\-]+.font$
-				- e.g. dafont.com/alte-haas-grotesk.font
-
-
-		This throws an error:
-
-			- forum/$
-
-				Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/dafont/www/forum/index.php on line 1494
-
-				No message.
-
-				Nobody loves you :(
-
-
-		These don't:
-
-			- $
-			- authors.php
-			- contact.php
-			- login.php
-			- css/
-			- faq.php
-			- forum/attach/
-			- img/
-			- new.php
-			- soft.php
-			- themes.php
-			- top.php
-
-
-		/img. doesn't work over https.
-
-
-		img.dafont.com	→	dafont.com
-		www.dafont.com	→	www.dafont.com
-		dafont.com	→	dafont.com
-
-						-->
-	<rule from="^http://(?:img\.|(www\.))?dafont\.com/"
-		to="https://$1dafont.com/" />
-
-	<!--	See comments above.	-->
-	<rule from="^https://(www\.)?dafont\.com/([\w\-]+\.font$|forum/(?:$|read/))"
-		to="http://$1dafont.com/$2" downgrade="1" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Daft.ie.xml b/src/chrome/content/rules/Daft.ie.xml
index 6d70e0fa39de..3639becc7501 100644
--- a/src/chrome/content/rules/Daft.ie.xml
+++ b/src/chrome/content/rules/Daft.ie.xml
@@ -1,13 +1,15 @@
-<ruleset name="Daft.ie" default_off="causes image problems">
-
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+			 - jobs.daft.ie
+-->
+<ruleset name="Daft.ie">
 	<target host="daft.ie" />
 	<target host="www.daft.ie" />
+	<target host="api.daft.ie" />
+	<target host="touch.daft.ie" />
 
+	<securecookie host="^(www\.)?daft\.ie$" name=".+" />
 
-	<securecookie host="^www\.daft\.ie$" name=".+" />
-
-
-	<rule from="^http://(www\.)?daft\.ie/"
-		to="https://$1daft.ie/" />
-
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Daft_Media.xml b/src/chrome/content/rules/Daft_Media.xml
index 306df75a1f53..7eaaec7d55ee 100644
--- a/src/chrome/content/rules/Daft_Media.xml
+++ b/src/chrome/content/rules/Daft_Media.xml
@@ -6,14 +6,12 @@
 -->
 <ruleset name="Daft Media (partial)">
 
-	<target host="*.dmlimg.com" />
-	<target host="*.dmstatic.com" />
+	<target host="m0.dmlimg.com" />
+	<target host="m1.dmlimg.com" />
+	<target host="c0.dmstatic.com" />
+	<target host="c1.dmstatic.com" />
 
 
-	<rule from="^http://m(0|1)\.dmlimg\.com/"
-		to="https://m$1.dmlimg.com/" />
+	<rule from="^http:" to="https:" />
 
-	<rule from="^http://c(0|1)\.dmstatic\.com/"
-		to="https://c$1.dmstatic.com/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Dagbladet.no-falsemixed.xml b/src/chrome/content/rules/Dagbladet.no-falsemixed.xml
new file mode 100644
index 000000000000..507bd3faab23
--- /dev/null
+++ b/src/chrome/content/rules/Dagbladet.no-falsemixed.xml
@@ -0,0 +1,31 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://livebeta.dagbladet.no/ => https://livebeta.dagbladet.no/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	For rules not causing false/broken MCB, see Dagbladet.no.xml.
+
+-->
+<ruleset name="Dagbladet.no (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
+
+	<target host="dagbladet.no" />
+	<target host="apps.dagbladet.no" />
+	<target host="gfx.dagbladet.no" />
+	<target host="livebeta.dagbladet.no" />
+	<target host="styleguide.dagbladet.no" />
+	<target host="www.dagbladet.no" />
+
+		<!--	$ 404s, so:
+					-->
+		<test url="http://apps.dagbladet.no/mat/css/embed.0.6.0-beta.min.css" />
+		<test url="http://gfx.dagbladet.no/g4/bg-grey-btn.gif" />
+
+
+	<securecookie host="^\." name="^(?:_gat?$|_gat_|abByUrl)" />
+	<securecookie host="^(?!\.dagbladet\.no$)." name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Dagbladet.no.xml b/src/chrome/content/rules/Dagbladet.no.xml
new file mode 100644
index 000000000000..3050a4aac786
--- /dev/null
+++ b/src/chrome/content/rules/Dagbladet.no.xml
@@ -0,0 +1,116 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://konto.dagbladet.no/ => https://konto.dagbladet.no/: (6, 'Could not resolve host: konto.dagbladet.no')
+
+	For rules causing false/broken MCB, see Dagbladet.no-falsemixed.xml.
+
+
+	Nonfunctional hosts in *dagbladet.no:
+
+		- annonse ᵈ
+		- dev *
+		- fredag *
+		- go *
+		- live *
+		- wap ᵈ
+
+	* Redirects to 404
+	ᵈ Dropped
+
+
+	Insecure cookies are set for these domains: ᶜ
+
+		- .dagbladet.no
+		- login.dagbladet.no
+		- www.dagbladet.no
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Frames, on:
+
+			- livebeta, www from www.dagbladet.no ˢ
+			- livebeta from dagbladetno.enetscores.com
+
+		- css, on:
+
+			- livebeta from www.dagbladet.no ˢ
+			- www from apps.dagbladet.no ˢ
+			- www from dev.dagbladet.no
+			- www from $self
+
+		- Images, on:
+
+			- livebeta, www from gfx.dagbladet.no ˢ
+			- www from livecenter.ntb.c.bitbit.net
+			- www from dev.dagbladet.no
+			- www from $self ˢ
+			- www from dbtv.no
+			- www from www.rikstoto.no
+
+		- Ads/bugs, on:
+
+			- livebeta, www from dagbladet.tns-cs.no
+			- www from $self ˢ
+			- www from www.facebook.com ˢ
+			- www from statistik-gallup.net
+			- www from widget.tippebannere.no ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+	² Unsecurable <= refused
+
+-->
+<ruleset name="Dagbladet.no (partial)" default_off="failed ruleset test">
+
+	<!--target host="dagbladet.no" /-->
+	<!--target host="apps.dagbladet.no" /-->
+	<!--target host="gfx.dagbladet.no" /-->
+	<target host="konto.dagbladet.no" />
+	<target host="login.dagbladet.no" />
+	<!--target host="livebeta.dagbladet.no" /-->
+	<!--target host="styleguide.dagbladet.no" /-->
+	<!--target host="www.dagbladet.no" /-->
+
+		<!--	Mixed css:
+					-->
+		<!--
+		<test url="http://www.dagbladet.no/2016/07/04/tema/mat/matsiden/oppskrifter/viestad/44610417/" />
+		<test url="http://www.dagbladet.no/eavis/" />
+		<test url="http://www.dagbladet.no/film/" />
+		<test url="http://www.dagbladet.no/fotballstudio" />
+		<test url="http://www.dagbladet.no/fredag/" />
+		<test url="http://www.dagbladet.no/hestesport/" />
+		<test url="http://www.dagbladet.no/info/" />
+		<test url="http://www.dagbladet.no/interior/" />
+		<test url="http://www.dagbladet.no/klubben/" />
+		<test url="http://www.dagbladet.no/mote/" />
+		<test url="http://www.dagbladet.no/nullctrl/" />
+		<test url="http://www.dagbladet.no/tegneserie/" />
+		<test url="http://www.dagbladet.no/vaer/" />
+		-->
+
+		<!--	$ 404s, so:
+
+		<test url="http://apps.dagbladet.no/mat/css/embed.0.6.0-beta.min.css" />
+		<test url="http://gfx.dagbladet.no/g4/bg-grey-btn.gif" />
+		-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.dagbladet\.no$" name="^(?:abByUrl_test|coruscant_purchase_referer_url|dbts)$" /-->
+	<!--securecookie host="^livebeta\.dagbladet\.no$" name="^laravel_session$" /-->
+	<!--securecookie host="^login\.dagbladet\.no$" name="^coruscant_redir$" /-->
+	<!--securecookie host="^www\.dagbladet\.no$" name="^mobileshortua$" /-->
+
+	<securecookie host="^\." name="^(?:_gat?$|_gat_|abByUrl)" />
+	<securecookie host="^(?!\.dagbladet\.no$)." name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Dagenssamhalle.se.xml b/src/chrome/content/rules/Dagenssamhalle.se.xml
new file mode 100644
index 000000000000..acb7e50d83f0
--- /dev/null
+++ b/src/chrome/content/rules/Dagenssamhalle.se.xml
@@ -0,0 +1,15 @@
+<!--
+	Invalid Certificate:
+		annonsera.dagenssamhalle.se
+	Secure Connection Failed:
+		politikerenkat.dagenssamhalle.se
+		superkommuner2017.dagenssamhalle.se
+-->
+<ruleset name="Dagenssamhalle.se">
+	<target host="dagenssamhalle.se" />
+	<target host="www.dagenssamhalle.se" />
+	<target host="admin.dagenssamhalle.se" />
+	<target host="offentligamarknaden.dagenssamhalle.se" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Daily-Express.xml b/src/chrome/content/rules/Daily-Express.xml
deleted file mode 100644
index 4f5b406222b7..000000000000
--- a/src/chrome/content/rules/Daily-Express.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="Daily Express (partial)">
-
-	<target host="images.dailyexpress.co.uk" />
-
-
-	<rule from="^https?://images\.dailyexpress\.co\.uk/"
-		to="https://s3.amazonaws.com/images.dailyexpress.co.uk/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Daily-Herald.xml b/src/chrome/content/rules/Daily-Herald.xml
index 46918f72eef0..3783f73c6249 100644
--- a/src/chrome/content/rules/Daily-Herald.xml
+++ b/src/chrome/content/rules/Daily-Herald.xml
@@ -1,16 +1,23 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://dailyherald.com/ => https://dailyherald.com/: (7, 'Failed to connect to dailyherald.com port 443: Connection refused')
+
 	Nonfunctional subdomains:
 
 		- blogs		(times out)
 
 -->
-<ruleset name="Daily Herald">
+<ruleset name="Daily Herald" default_off="failed ruleset test">
 
 	<target host="dailyherald.com" />
-	<target host="*.dailyherald.com" />
+	<target host="classifieds.dailyherald.com" />
+	<target host="prev.dailyherald.com" />
+	<target host="www.dailyherald.com" />
+	<target host="homes.dailyherald.com" />
 
 
-	<securecookie host="^.*\.dailyherald\.com$" name=".*" />
+	<securecookie host="^.*\.dailyherald\.com$" name=".+" />
 
 
 	<rule from="^http://(classifieds\.|prev\.|www\.)?dailyherald\.com/"
@@ -19,7 +26,7 @@
 	<!--	- times out over https
 		- 302s like so over http
 						-->
-	<rule from="^https?://homes\.dailyherald\.com/$"
+	<rule from="^http://homes\.dailyherald\.com/$"
 		to="https://www.dailyherald.com/realestate/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Daily-Mail.xml b/src/chrome/content/rules/Daily-Mail.xml
deleted file mode 100644
index 4313d54c7e91..000000000000
--- a/src/chrome/content/rules/Daily-Mail.xml
+++ /dev/null
@@ -1,99 +0,0 @@
-<!--
-	For problematic rules, see Daily_Mail-problematic.xml.
-
-
-	CDN buckets:
-
-		- images.anm.co.uk.edgesuite.net
-
-			- a382.g.akamai.net
-			- img.dailymail.co.uk
-
-		- gs.dailymail.co.uk.edgesuite.net
-
-		- f.dailymail.co.uk.edgesuite.net
-
-			- a1913.g.akamai.net
-
-		- i.dailymail.co.uk.edgesuite.net
-
-			- a1202.g.akamai.net
-			- scripts.dailymail.co.uk
-
-		- video.dailymail.co.uk.edgesuite.net
-
-			- a1641.g.akamai.net
-
-		- www.dailymail.co.uk.edgesuite.net
-
-			- a1613.g.akamai.net
-
-		- i.mol.im.edgesuite.net
-
-			- a1158.g.akamai.net
-
-
-	Nonfunctional subdomains:
-
-		- (www.)	(redirects to http, akamai)
-		- gs		(504, akamai)
-		- rta		(404, self-signed)
-		- ted		(redirects to www, self-signed)
-
-
-	Problematic domains:
-
-		- dailymail.co.uk subdomains:
-
-			- jobs
-
-				- mismatched, CN: *.jobsite.co.uk
-				- At least some pages redirect to http
-
-				- When rewritten to www.jobsite.co.uk:
-
-					- css/ is different
-					- images/ 404s
-
-			- video *
-
-		- i.mol.im *
-
-	* Works, akamai
-
-
-	Partially covered domains:
-
-		- jobs.dailymail.co.uk	(→ www.jobsite.co.uk)
-
--->
-<ruleset name="Daily Mail (partial) ">
-
-	<target host="*.dailymail.co.uk" />
-	<target host="i.mol.im" />
-
-
-	<!--	Tracking cookies:
-					-->
-	<securecookie host="^\.dailymail\.co\.uk$" name="^(?:Akamai_?Analytics\w+|__mo|__utm)\w$" />
-
-
-	<rule from="^http://f\.dailymail\.co\.uk/"
-		to="https://a248.e.akamai.net/f/1913/2926/10m/f.dailymail.co.uk/" />
-
-	<rule from="^http://(i|scripts)\.dailymail\.co\.uk/"
-		to="https://a248.e.akamai.net/f/1202/1579/4m/$1.dailymail.co.uk/" />
-
-	<rule from="^http://img\.dailymail\.co\.uk/"
-		to="https://a248.e.akamai.net/f/382/8298/1m/img.dailymail.co.uk/" />
-
-	<rule from="^http://video\.dailymail\.co\.uk/"
-		to="https://a248.e.akamai.net/f/1641/217/4m/video.dailymail.co.uk/" />
-
-	<rule from="^http://jobs\.dailymail\.co\.uk/home/"
-		to="https://www.jobsite.co.uk/home/" />
-
-	<rule from="^http://i\.mol\.im/"
-		to="https://a248.e.akamai.net/f/1434/217/6m/i.mol.im/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Daily-Star.xml b/src/chrome/content/rules/Daily-Star.xml
index c56d19a0330c..37d5deee4894 100644
--- a/src/chrome/content/rules/Daily-Star.xml
+++ b/src/chrome/content/rules/Daily-Star.xml
@@ -1,21 +1,78 @@
-<!--	!functional:
-		- (www.)northernandshell.co.uk
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cdn.images.dailystar-uk.co.uk/img/static/placeholder.gif => https://d1gdw8d643djmp.cloudfront.net/img/static/placeholder.gif: (6, 'Could not resolve host: d1gdw8d643djmp.cloudfront.net')
+Fetch error: http://images.dailystar-uk.co.uk/ => https://d1gdw8d643djmp.cloudfront.net/: (6, 'Could not resolve host: d1gdw8d643djmp.cloudfront.net')
+Fetch error: http://cdn.images.dailystar-uk.co.uk/ => https://d1gdw8d643djmp.cloudfront.net/: (6, 'Could not resolve host: d1gdw8d643djmp.cloudfront.net')
+
+	For problematic rules, see Daily_Star-problematic.xml.
+
+
+	CDN buckets:
+
+		- images.dailystar.co.uk.s3.amazonaws.com	(forced endpoint...)
+		- images.dailystar-uk.co.uk.s3.amazonaws.com	(403)
+		- d1gdw8d643djmp.cloudfront.net <-	cdn.images.dailystar-uk.co.uk
+		- d1mlsq9roc275d.cloudfront.net	<-	images.dailystar.co.uk
+		- d3rn4gsse7yibk.cloudfront.net <-	www.dailystar.co.uk
+
+
+	!functional:
+
+		- games.dailystar.co.uk *
+
+	* Dropped
+
+
+	Problematic domains:
+
+		in *dailystar.co.uk:
+
+			- ^ ¹
+			- images ²
+			- cdn.images ³
+			- www ³
+
+		- images.dailystar-uk.co.uk ²
+		- cdn.images.dailystar-uk.co.uk ³
+
+	¹ Dropped
+	² AmazonAWS
+	³ Cloudfront
+
 -->
-<ruleset name="Daily Star (partial)" platform="mixedcontent">
+<ruleset name="Daily Star (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<!--target host="www.dailystar.co.uk"/-->
+
+	<!--	Complications:
+				-->
+	<!--target host="dailystar.co.uk"/-->
+	<target host="images.dailystar.co.uk" />
+	<target host="cdn.images.dailystar.co.uk" />
 
-	<target host="dailystar.co.uk"/>
-	<target host="www.dailystar.co.uk"/>
 	<target host="images.dailystar-uk.co.uk"/>
 	<target host="cdn.images.dailystar-uk.co.uk"/>
 
-	<securecookie host="^www\.dailystar\.co\.uk$" name=".*"/>
+		<test url="http://cdn.images.dailystar.co.uk/img/static/placeholder.gif" />
+		<test url="http://cdn.images.dailystar-uk.co.uk/img/static/placeholder.gif" />
 
-	<!--	!www doesn't work over https
-		redirects to www over http	-->
-	<rule from="^http://(?:www\.)?dailystar\.co\.uk/"
-		to="https://www.dailystar.co.uk/"/>
+
+	<!--securecookie host="." name="." /-->
+
+
+	<!--rule from="^http://dailystar\.co\.uk/"
+		to="https://www.dailystar.co.uk/"/-->
+
+	<rule from="^http://(?:cdn\.)?images\.dailystar\.co\.uk/"
+		to="https://d1mlsq9roc275d.cloudfront.net/" />
 
 	<rule from="^http://(?:cdn\.)?images\.dailystar-uk\.co\.uk/"
-		to="https://s3.amazonaws.com/images.dailystar-uk.co.uk/"/>
+		to="https://d1gdw8d643djmp.cloudfront.net/" />
+
+	<!--rule from="^http:"
+		to="https:" /-->
 
 </ruleset>
diff --git a/src/chrome/content/rules/DailyCaller.com.xml b/src/chrome/content/rules/DailyCaller.com.xml
new file mode 100644
index 000000000000..cecab011c933
--- /dev/null
+++ b/src/chrome/content/rules/DailyCaller.com.xml
@@ -0,0 +1,16 @@
+<!--
+	Invalid certificate:
+		- jobs.dailycaller.com
+		- rambo.dailycaller.com
+-->
+
+<ruleset name="DailyCaller.com">
+	<target host="dailycaller.com" />
+	<target host="www.dailycaller.com" />
+	<target host="amp.dailycaller.com" />
+	<target host="cdn.dailycaller.com" />
+	<target host="cdn01.dailycaller.com" />
+	<target host="shop.dailycaller.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/DailyDot.xml b/src/chrome/content/rules/DailyDot.xml
index 7c81aff5b4cb..926abf660cfe 100644
--- a/src/chrome/content/rules/DailyDot.xml
+++ b/src/chrome/content/rules/DailyDot.xml
@@ -1,6 +1,8 @@
 <!--
 	CDN buckets:
 
+		- s3.amazonaws.com/dailydot/
+
 		- wac.88d4.edgecastcdn.net/??88D4/
 
 			- cdn0
@@ -9,6 +11,9 @@
 	Nonfunctional subdomains:
 
 		- cdn0		(404; mismatched, CN: gp1.wac.edgecastcdn.net)
+		- media ²
+
+	² wpengine
 
 
 	Problematic subdomains:
@@ -16,19 +21,36 @@
 		- ^		(times out)
 		- bidness	(works; mismatched, CN: *.posterous.com)
 
+
+	Mixed content:
+
+		- css from fonts.googleapis.com *
+
+		- Bug from platform.tumblr.com *
+
+	* Secured by us
+
+
+	Insecure cookies are set for these domains:
+
+		- .dailydot.com
+
+	Mixed content per https://github.com/EFForg/https-everywhere/issues/1290
+
 -->
-<ruleset name="DailyDot (partial)" platform="mixedcontent">
+<ruleset name="DailyDot.com (partial)" platform="mixedcontent">
 
 	<target host="dailydot.com" />
-	<target host="*.dailydot.com" />
+	<target host="www.dailydot.com" />
 
+	<!--	Not secured by server:
+					-->
+	<securecookie host="^\.dailydot\.com$" name="^__qca$" />
 
-	<rule from="^http://(?:www\.)?dailydot\.com/"
+	<rule from="^http://dailydot\.com/"
 		to="https://www.dailydot.com/" />
 
-	<!--	Protocol-relative urls...:
-						-->
-	<rule from="^https://cdn0\.dailydot\.com/"
-		to="http://cdn0.dailydot.com/" downgrade="1" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/DailyHiit.com.xml b/src/chrome/content/rules/DailyHiit.com.xml
index 84a2ca959cf8..0e4fde850198 100644
--- a/src/chrome/content/rules/DailyHiit.com.xml
+++ b/src/chrome/content/rules/DailyHiit.com.xml
@@ -1,13 +1,12 @@
 <ruleset name="DailyHiit.com">
 
 	<target host="dailyhiit.com" />
-	<target host="*.dailyhiit.com" />
+	<target host="www.dailyhiit.com" />
 
 
 	<securecookie host="^\.dailyhiit\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?dailyhiit\.com/"
-		to="https://$1dailyhiit.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/DailyHive.com.xml b/src/chrome/content/rules/DailyHive.com.xml
new file mode 100644
index 000000000000..a161debbc881
--- /dev/null
+++ b/src/chrome/content/rules/DailyHive.com.xml
@@ -0,0 +1,14 @@
+<!--
+	Connection refused:
+		- advertise.dailyhive.com
+		- wp.sandbox.dailyhive.com
+		- sandbox.sfo1.dailyhive.com
+-->
+
+<ruleset name="DailyHive.com">
+	<target host="dailyhive.com" />
+	<target host="www.dailyhive.com" />
+	<target host="images.dailyhive.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/DailyKos.xml b/src/chrome/content/rules/DailyKos.xml
deleted file mode 100644
index f204c8ef118d..000000000000
--- a/src/chrome/content/rules/DailyKos.xml
+++ /dev/null
@@ -1,99 +0,0 @@
-<!--
-	CDN buckets:
-
-		- s3.amazonaws.com/dk-production/
-		- 1783-images-dailykos-com.voxcdn.com
-
-
-	Nonfunctional subdomains:
-
-		- comics	(cert: www; 307s to http)
-		- elections	(cert: www; 307s to http)
-		- labor		(cert: www; 301s to http)
-
--->
-<ruleset name="Dailykos (buggy)" default_off="Breaks commenting and polls">
-
-	<target host="dailykos.com" />
-	<target host="*.dailykos.com" />
-		<!--
-			Lulz. Many account-related pages 307 to http.
-
-
-			These paths 307 to http:
-
-				- accounts
-				- blog$
-				- blog/\w+$
-				- diaries$
-				- group$
-				- group/
-				- groups$
-				- groups/$
-				- login$
-				- news$
-				- news/\w[^/]*$
-				- newuser$
-				- part/user/popup/login$
-				- people$
-				- people/$
-				- user$
-				- user/
-
-
-			These paths do not:
-
-				- $
-				- c/
-				- donate$
-				- i/
-				- j/
-				- images/
-				- story/\d{4}/\d\d/\d\d/
-				- subscribe$
-
-
-			- These paths 403:
-
-				- newthread/\w+
-
-
-			https breaks login 'popup'. Works fine without JS enabled.
-							-->
-		<exclusion pattern="^http://(?:www\.)?dailykos\.com/+(?:$|\?)" />
-		<exclusion pattern="^http://(?:www\.)?dailykos\.com/(?:accounts|blog|diaries|groups?|login|new(?:s|thread|user)|part/user/popup/login|people|user)(?:$|\?|/)" />
-		<!--
-			404s.
-				-->
-		<exclusion pattern="^http://images[12]?\.dailykos\.com/assets/" />
-
-
-	<rule from="^http://(www\.)?dailykos\.com/"
-		to="https://$1dailykos.com/" />
-
-
-	<!--	At least some pages 404.
-					-->
-	<rule from="^https?://campaigns\.dailykos\.com/(dia|o|salsa)/"
-		to="https://kos.salsalabs.com/$1/" />
-
-	<rule from="^https?://helpdesk\.dailykos\.com/(help|pkg|stylesheets)/"
-		to="https://dailykos.tenderapp.com/$1/" />
-
-	<!--	404.
-			-->
-	<rule from="^https?://images[12]?\.dailykos\.com/"
-		to="https://www.dailykos.com/" />
-
-	<!--	- i/ 301s to images
-		- c/ & j/ do not
-				-->
-	<rule from="^https?://(?:comics|elections|labor)\.dailykos\.com/([cij])/"
-		to="https://www.dailykos.com/$1/" />
-
-	<!--	Doesn't fix login popout.
-
-	<rule from="^https://www\.dailykos\.com/j/([\w\-]+)\.js($|\?)"
-		to="http://www.dailykos.com/j/$1.js$2" downgrade="1" /-->
-
-</ruleset>
diff --git a/src/chrome/content/rules/DailyMail.co.uk.xml b/src/chrome/content/rules/DailyMail.co.uk.xml
new file mode 100644
index 000000000000..5542daa5bfd3
--- /dev/null
+++ b/src/chrome/content/rules/DailyMail.co.uk.xml
@@ -0,0 +1,14 @@
+<ruleset name="DailyMail.co.uk (partial)">
+	<target host="dailymail.co.uk" />
+	<target host="www.dailymail.co.uk" />
+	<target host="crta.dailymail.co.uk" />
+	<target host="fff.dailymail.co.uk" />
+	<target host="gs.dailymail.co.uk" />
+	<target host="i.dailymail.co.uk" />
+	<target host="jobs.dailymail.co.uk" />
+	<target host="scripts.dailymail.co.uk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/DailyPix.xml b/src/chrome/content/rules/DailyPix.xml
index 6f52a4b81803..773242db357f 100644
--- a/src/chrome/content/rules/DailyPix.xml
+++ b/src/chrome/content/rules/DailyPix.xml
@@ -1,15 +1,15 @@
 <ruleset name="DailyPix">
 
 	<target host="dailypix.me" />
-	<target host="*.dailypix.me" />
+	<target host="www.dailypix.me" />
 	<target host="lolzparade.com" />
-	<target host="*.lolzparade.com" />
+	<target host="www.lolzparade.com" />
 
 
 	<securecookie host="^(?:w*\.)?(?:dailypix\.me|lolzparade\.com)$" name=".+" />
 
 
-	<rule from="^http://(www\.)?(dailypix\.me|lolzparade\.com)/"
-		to="https://$1$2/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Daily_Fantasy_Radio.xml b/src/chrome/content/rules/Daily_Fantasy_Radio.xml
index 4fbeb426a14f..46cc00c8bc29 100644
--- a/src/chrome/content/rules/Daily_Fantasy_Radio.xml
+++ b/src/chrome/content/rules/Daily_Fantasy_Radio.xml
@@ -1,10 +1,19 @@
-<ruleset name="Daily Fantasy Radio">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://dailyfantasyradio.com/ => https://dailyfantasyradio.com/: (28, 'Connection timed out after 20005 milliseconds')
+Fetch error: http://www.dailyfantasyradio.com/ => https://www.dailyfantasyradio.com/: (28, 'Connection timed out after 20000 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://dailyfantasyradio.com/ => https://dailyfantasyradio.com/: (51, "SSL: no alternative certificate subject name matches target host name 'dailyfantasyradio.com'")
+Fetch error: http://www.dailyfantasyradio.com/ => https://www.dailyfantasyradio.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.dailyfantasyradio.com'")
+-->
+<ruleset name="Daily Fantasy Radio" default_off="failed ruleset test">
 
 	<target host="dailyfantasyradio.com" />
 	<target host="www.dailyfantasyradio.com" />
 
 
-	<rule from="^http://(www\.)?dailyfantasyradio\.com/"
-		to="https://$1dailyfantasyradio.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Daily_Mail-problematic.xml b/src/chrome/content/rules/Daily_Mail-problematic.xml
deleted file mode 100644
index 069343905f2d..000000000000
--- a/src/chrome/content/rules/Daily_Mail-problematic.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<!--
-	For rules that are on by default, see Daily-Mail.xml.
-
--->
-<ruleset name="Daily Mail (problematic)" default_off="mismatched">
-
-	<target host="jobs.dailymail.co.uk" />
-
-
-	<rule from="^http://jobs\.dailymail\.co\.uk/(cs|image)s/"
-		to="https://jobs.dailymail.co.uk/$1s/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Daily_Mail_and_General_Trust.xml b/src/chrome/content/rules/Daily_Mail_and_General_Trust.xml
index d14ab50e5d88..1e6a14d271e4 100644
--- a/src/chrome/content/rules/Daily_Mail_and_General_Trust.xml
+++ b/src/chrome/content/rules/Daily_Mail_and_General_Trust.xml
@@ -14,4 +14,4 @@
 	<rule from="^http://(?:www\.)?dmgt\.co\.uk/"
 		to="https://dmgt.co.uk/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Daily_NK.com.xml b/src/chrome/content/rules/Daily_NK.com.xml
new file mode 100644
index 000000000000..09f9e283073f
--- /dev/null
+++ b/src/chrome/content/rules/Daily_NK.com.xml
@@ -0,0 +1,24 @@
+<!--
+	Nonfunctional subdomains:
+
+		- japan *
+
+	* Refused
+
+
+	Mixed content:
+
+		- css from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Daily NK.com (partial)">
+
+	<target host="dailynk.com" />
+	<target host="www.dailynk.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Daily_Star-problematic.xml b/src/chrome/content/rules/Daily_Star-problematic.xml
new file mode 100644
index 000000000000..15d88c82318e
--- /dev/null
+++ b/src/chrome/content/rules/Daily_Star-problematic.xml
@@ -0,0 +1,25 @@
+<!--
+	For rules that are on by default, see Daily-Star.xml.
+
+-->
+<ruleset name="Daily Star (mismatched)" default_off="mismatched">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.dailystar.co.uk"/>
+
+	<!--	Complications:
+				-->
+	<target host="dailystar.co.uk"/>
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://dailystar\.co\.uk/"
+		to="https://www.dailystar.co.uk/"/>
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Dailyinfo.co.uk.xml b/src/chrome/content/rules/Dailyinfo.co.uk.xml
new file mode 100644
index 000000000000..1d19a1e56e06
--- /dev/null
+++ b/src/chrome/content/rules/Dailyinfo.co.uk.xml
@@ -0,0 +1,6 @@
+<ruleset name="Dailyinfo.co.uk">
+  <target host="dailyinfo.co.uk" />
+  <target host="www.dailyinfo.co.uk" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Dailymotion.xml b/src/chrome/content/rules/Dailymotion.xml
index 743100cb7ecd..cf6b7c5e6edd 100644
--- a/src/chrome/content/rules/Dailymotion.xml
+++ b/src/chrome/content/rules/Dailymotion.xml
@@ -1,69 +1,42 @@
 <!--
 	Nonfunctional domains:
-
+		- advertising.dailymotion.com
 		- blog.dailymotion.com
-		- press.dailymotion.com		(shows steaw.com, CN: www.steaw.com)
-		- proxy-46.dailymotion.com
 		- publicite.dailymotion.com
-		- publisher.dailymotion.com	(reset)
-		- vid.ak.dmcdn.net		(403, Akamai)
-		- vid2.ak.dmcdn.net		(504, akamai)
-
-
-	Problematic domains:
-
-		- ak2.static.dailymotion.com	(mismatched, CN: *.dmcdn.net)
-		- support.dmcloud.net		(mismatched, CN: *.zendesk.com)
-
 
 	Partially covered domains:
-
 		- (www.)dailymotion.com
-
 			- cdn/manifest/video/\w+.mnft 403s
 			- crossdomain.xml breaks videos
-
 -->
-<ruleset name="Dailymotion (default off)" default_off="breaks some embedded videos">
 
+<ruleset name="Dailymotion">
 	<target host="dailymotion.com" />
-	<!--
-		* for cross-domain cookie.
-					-->
+	<!-- * for cross-domain cookies -->
 	<target host="*.dailymotion.com" />
-		<!--
-			https://mail1.eff.org/pipermail/https-everywhere-rules/2012-July/001241.html
-													-->
-		<exclusion pattern="^http://(?:www\.)?dailymotion\.com/(?:cdn/[\w-]+/video/|crossdomain\.xml$)" />
-	<target host="ak2.static.dailymotion.com" />
-	<target host="*.dmcdn.net" />
-	<target host="dmcloud.net" />
-	<target host="*.dmcloud.net" />
+		<!-- https://mail1.eff.org/pipermail/https-everywhere-rules/2012-July/001241.html -->
+		<exclusion pattern="^http://(www\.)?dailymotion\.com/crossdomain\.xml$" />
+			<test url="http://dailymotion.com/crossdomain.xml" />
+			<test url="http://www.dailymotion.com/crossdomain.xml" />
 
+	<target host="*.dmcdn.net" />
 
-	<!--	Testing wrt embedded breakage.
+	<!-- Testing wrt embedded breakage -->
+	<!-- securecookie host="^.*\.dailymotion\.com$" name=".+" /-->
 
-		securecookie host="^.*\.dailymotion\.com$" name=".+" /-->
-	<!--
-		Omniture tracking cookies:
-						-->
+	<!-- Omniture tracking cookies -->
 	<securecookie host="^\.dailymotion\.com$" name="^s_\w+$" />
 	<securecookie host="^www\.dailymotion\.com$" name=".+" />
 
-
-	<rule from="^http://(erroracct\.|www\.)?dailymotion\.com/"
+	<rule from="^http://(www\.|faq\.|press\.)?dailymotion\.com/"
 		to="https://$1dailymotion.com/" />
+		<test url="http://www.dailymotion.com/" />
+		<test url="http://faq.dailymotion.com/" />
+		<test url="http://press.dailymotion.com/" />
 
-	<rule from="^http://(s\d|static(?:\d|s\d-ssl))\.dmcdn\.net/"
+	<rule from="^http://(s\d(-ssl)?|static\d)\.dmcdn\.net/"
 		to="https://$1.dmcdn.net/" />
-
-	<rule from="^https?://ak2\.static\.dailymotion\.com/"
-		to="https://static1-ssl.dmcdn.net/" />
-
-	<rule from="^http://(s\.|www\.)?dmcloud\.net/"
-		to="https://$1dmcloud.net/" />
-
-	<rule from="^https?://support\.dmcloud\.net/"
-		to="https://dmcloud.zendesk.com/" />
-
+		<test url="http://s1.dmcdn.net/" />
+		<test url="http://s1-ssl.dmcdn.net/" />
+		<test url="http://static1.dmcdn.net/" />
 </ruleset>
diff --git a/src/chrome/content/rules/Dailynous.com.xml b/src/chrome/content/rules/Dailynous.com.xml
new file mode 100644
index 000000000000..72545ad4b752
--- /dev/null
+++ b/src/chrome/content/rules/Dailynous.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="Dailynous.com">
+	<target host="dailynous.com" />
+	<target host="www.dailynous.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>  
diff --git a/src/chrome/content/rules/Daisy.net.au.xml b/src/chrome/content/rules/Daisy.net.au.xml
new file mode 100644
index 000000000000..abdf3b86fcd6
--- /dev/null
+++ b/src/chrome/content/rules/Daisy.net.au.xml
@@ -0,0 +1,6 @@
+<ruleset name="Daisy.net.au">
+	<target host="daisy.net.au" />
+	<target host="www.daisy.net.au" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Dakko.us.xml b/src/chrome/content/rules/Dakko.us.xml
index adb518b23525..d047883d43e3 100644
--- a/src/chrome/content/rules/Dakko.us.xml
+++ b/src/chrome/content/rules/Dakko.us.xml
@@ -14,7 +14,7 @@
 	<rule from="^http://(www-s\.)?dakko\.us/"
 		to="https://$1dakko.us/" />
 
-	<rule from="^https?://www\.dakko\.us/"
+	<rule from="^http://www\.dakko\.us/"
 		to="https://www-s.dakko.us/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/DalailCentre.com.xml b/src/chrome/content/rules/DalailCentre.com.xml
new file mode 100644
index 000000000000..e6276191fa0b
--- /dev/null
+++ b/src/chrome/content/rules/DalailCentre.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="DalailCentre.com">
+	<target host="dalailcentre.com" />
+	<target host="www.dalailcentre.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Dale_Macartney.com.xml b/src/chrome/content/rules/Dale_Macartney.com.xml
new file mode 100644
index 000000000000..a59bc841d6b8
--- /dev/null
+++ b/src/chrome/content/rules/Dale_Macartney.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="Dale Macartney.com" default_off="expired">
+
+	<target host="dalemacartney.com" />
+	<target host="www.dalemacartney.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Damballa.com.xml b/src/chrome/content/rules/Damballa.com.xml
new file mode 100644
index 000000000000..92242dde4d4e
--- /dev/null
+++ b/src/chrome/content/rules/Damballa.com.xml
@@ -0,0 +1,37 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://damballa.com/ => https://damballa.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.damballa.com/ => https://www.damballa.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	Problematic hosts:
+
+		- partner *
+
+	* Mismatched
+
+
+	Insecure cookies are set for these
+
+		- .damballa.com
+
+-->
+<ruleset name="Damballa.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="damballa.com" />
+	<target host="www.damballa.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.damballa\.com$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.damballa\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Damn_Small_Linux.org.xml b/src/chrome/content/rules/Damn_Small_Linux.org.xml
new file mode 100644
index 000000000000..0e21627bc3d4
--- /dev/null
+++ b/src/chrome/content/rules/Damn_Small_Linux.org.xml
@@ -0,0 +1,15 @@
+<!--
+	- Expired 2006-04-18
+	- CN: localhost.localdomain
+
+-->
+<ruleset name="Damn Small Linux.org" default_off="expired, self-signed">
+
+	<target host="damnsmalllinux.org" />
+	<target host="www.damnsmalllinux.org" />
+
+
+	<rule from="^http://(?:www\.)?damnsmalllinux\.org/"
+		to="https://damnsmalllinux.org/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Dan-Bull.xml b/src/chrome/content/rules/Dan-Bull.xml
index 50d31cadc3fe..10245ed761d5 100644
--- a/src/chrome/content/rules/Dan-Bull.xml
+++ b/src/chrome/content/rules/Dan-Bull.xml
@@ -1,4 +1,4 @@
-<ruleset name="Dan Bull" default_off="mismatch">
+<ruleset name="Dan Bull" default_off="mismatched">
 
 	<target host="itsdanbull.com"/>
 	<target host="www.itsdanbull.com"/>
@@ -6,7 +6,7 @@
 	<!--	encountered:
 			- PHPSESSID
 			- w3tc_referrer		-->
-	<securecookie host="^itsdanbull\.com$" name=".*"/>
+	<securecookie host="^itsdanbull\.com$" name=".+" />
 
 	<rule from="^http://(?:www\.)?itsdanbull\.com/"
 		to="https://itsdanbull.com/"/>
diff --git a/src/chrome/content/rules/DanBlah.com.xml b/src/chrome/content/rules/DanBlah.com.xml
new file mode 100644
index 000000000000..ee7d6605d725
--- /dev/null
+++ b/src/chrome/content/rules/DanBlah.com.xml
@@ -0,0 +1,11 @@
+<ruleset name="dan blah.com">
+
+	<target host="danblah.com" />
+	<target host="www.danblah.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DanFleisch.com.xml b/src/chrome/content/rules/DanFleisch.com.xml
new file mode 100644
index 000000000000..30029f97abd1
--- /dev/null
+++ b/src/chrome/content/rules/DanFleisch.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="DanFleisch.com">
+	<target host="danfleisch.com" />
+	<target host="www.danfleisch.com" />
+	<target host="www4.danfleisch.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/DanID.dk.xml b/src/chrome/content/rules/DanID.dk.xml
new file mode 100644
index 000000000000..f2a04a00f23a
--- /dev/null
+++ b/src/chrome/content/rules/DanID.dk.xml
@@ -0,0 +1,29 @@
+<!--
+	For other NemID coverage, see NemID.xml.
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- applet.danid.dk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="DanID.dk">
+
+	<target host="danid.dk" />
+	<target host="applet.danid.dk" />
+	<target host="www.danid.dk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^applet\.danid\.dk$" name="^JSESSIONID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Dancing_Astronaut.xml b/src/chrome/content/rules/Dancing_Astronaut.xml
index 73578e14cf6d..bf2b9857c80f 100644
--- a/src/chrome/content/rules/Dancing_Astronaut.xml
+++ b/src/chrome/content/rules/Dancing_Astronaut.xml
@@ -6,10 +6,10 @@
 -->
 <ruleset name="Dancing Astronaut (partial)">
 
-	<target host="*.dancingastronaut.com" />
+	<target host="static.dancingastronaut.com" />
+	<target host="uploads.dancingastronaut.com" />
 
 
-	<rule from="^http://(static|uploads)\.dancingastronaut\.com/"
-		to="https://$1.dancingastronaut.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/DandB.com.xml b/src/chrome/content/rules/DandB.com.xml
new file mode 100644
index 000000000000..125d43d87f5f
--- /dev/null
+++ b/src/chrome/content/rules/DandB.com.xml
@@ -0,0 +1,33 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://blog.dandb.com/ => https://blog.dandb.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://careers.dandb.com/ => https://careers.dandb.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+	Mixed content:
+
+		- Images, on:
+
+			- blog from $self *
+			- blog from assets.dandb.com *
+			- careers from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="DandB.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="dandb.com" />
+	<target host="assets.dandb.com" />
+	<target host="blog.dandb.com" />
+	<target host="careers.dandb.com" />
+	<target host="support.dandb.com" />
+	<target host="www.dandb.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DandB.xml b/src/chrome/content/rules/DandB.xml
index 4dffe31e838e..05ae507af046 100644
--- a/src/chrome/content/rules/DandB.xml
+++ b/src/chrome/content/rules/DandB.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(www\.)?dnb\.com/(auth/|product/(?:contract\.htm|support-files/))"
 		to="https://$1dnb.com/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Dandwiki.com.xml b/src/chrome/content/rules/Dandwiki.com.xml
new file mode 100644
index 000000000000..9f4519722b7b
--- /dev/null
+++ b/src/chrome/content/rules/Dandwiki.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="Dandwiki.com">
+	<target host="dandwiki.com" />
+	<target host="www.dandwiki.com" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Dangpu.com.xml b/src/chrome/content/rules/Dangpu.com.xml
new file mode 100644
index 000000000000..e239c5e03be0
--- /dev/null
+++ b/src/chrome/content/rules/Dangpu.com.xml
@@ -0,0 +1,37 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://dangpu.com/ => https://dangpu.com/: (6, 'Could not resolve host: dangpu.com')
+Fetch error: http://static.dangpu.com/ => https://static.dangpu.com/: (6, 'Could not resolve host: static.dangpu.com')
+Fetch error: http://www.dangpu.com/ => https://www.dangpu.com/: (6, 'Could not resolve host: www.dangpu.com')
+
+	Fully covered subdomains:
+
+		- (www.)?
+		- static
+
+
+	Insecure cookies are set for these domains:
+
+		- dangpu.com
+		- .dangpu.com
+
+-->
+<ruleset name="dangpu.com" default_off="failed ruleset test">
+
+	<target host="dangpu.com" />
+	<target host="static.dangpu.com" />
+	<target host="www.dangpu.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^dangpu\.com$" name="^__jsluid$" /-->
+	<!--securecookie host="^\.dangpu\.com$" name="^PDSID$" /-->
+
+	<securecookie host="^\.?dangpu\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Danhlode.com.xml b/src/chrome/content/rules/Danhlode.com.xml
index 73554a4fc5a5..5ed09d7c37e5 100644
--- a/src/chrome/content/rules/Danhlode.com.xml
+++ b/src/chrome/content/rules/Danhlode.com.xml
@@ -1,13 +1,12 @@
 <ruleset name="danhlode.com">
 
 	<target host="danhlode.com" />
-	<target host="*.danhlode.com" />
+	<target host="www.danhlode.com" />
 
 
 	<securecookie host="^\.danhlode\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?danhlode\.com/"
-		to="https://$1danhlode.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Daniel-P-Berrange.xml b/src/chrome/content/rules/Daniel-P-Berrange.xml
index 978a9235dcdc..78f8ac0a2f06 100644
--- a/src/chrome/content/rules/Daniel-P-Berrange.xml
+++ b/src/chrome/content/rules/Daniel-P-Berrange.xml
@@ -1,10 +1,10 @@
-<ruleset name="Daniel P. Berrangé">
+<ruleset name="Berrange.com">
 
 	<target host="berrange.com" />
 	<target host="www.berrange.com" />
 
 
-	<rule from="^http://(www\.)?berrange\.com/"
-		to="https://$1berrange.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Danny_Mekic.com.xml b/src/chrome/content/rules/Danny_Mekic.com.xml
new file mode 100644
index 000000000000..895b21a43bbb
--- /dev/null
+++ b/src/chrome/content/rules/Danny_Mekic.com.xml
@@ -0,0 +1,27 @@
+<!--
+	Insecure cookies are set for these domains and hosts:
+
+		- .dannymekic.com
+		- www.dannymekic.com
+
+-->
+<ruleset name="Danny Mekic.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="dannymekic.com" />
+	<target host="www.dannymekic.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.dannymekic\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+	<!--securecookie host="^www\.dannymekic\.com$" name="^_icl_current_language$" /-->
+
+	<securecookie host="^(?:www)?\.dannymekic\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DanskeBank.xml b/src/chrome/content/rules/DanskeBank.xml
new file mode 100644
index 000000000000..40b640a6dfda
--- /dev/null
+++ b/src/chrome/content/rules/DanskeBank.xml
@@ -0,0 +1,37 @@
+<!--
+Only .dk domains have been implemented so far.
+
+Domains not available over HTTPS:
+- foreninger.danskebank.dk ¹
+- insights.danskebank.dk ²
+
+¹ Connection attempts time out.
+² SSL not functional (ssl_error_rx_record_too_long).
+
+Other Danske Bank rulesets:
+- MobilePay.dk.xml
+-->
+
+<ruleset name="Danske Bank">
+  <!-- Main domains -->
+  <target host="danskebank.dk" />
+  <target host="www.danskebank.dk" />
+
+  <!-- Other domains -->
+  <target host="app.danskebank.dk" />
+  <target host="business.danskebank.dk" />
+  <target host="business2.danskebank.dk" />
+  <target host="cem.danskebank.dk" />
+  <target host="danskeanalyse.danskebank.dk" />
+  <target host="ebanking.danskebank.dk" />
+  <target host="ebanking2.danskebank.dk" />
+  <target host="mobil.danskebank.dk" />
+  <target host="netbank.danskebank.dk" />
+  <target host="netbank2.danskebank.dk" />
+  <target host="online.danskebank.dk" />
+  <target host="www-2.danskebank.dk" />
+  <target host="www.cem.danskebank.dk" />
+
+  <rule from="^http:"
+          to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Danze.com.xml b/src/chrome/content/rules/Danze.com.xml
new file mode 100644
index 000000000000..c4a8349bd7c2
--- /dev/null
+++ b/src/chrome/content/rules/Danze.com.xml
@@ -0,0 +1,21 @@
+<!--
+	Connection reset:
+		- danze.com
+		- www.danze.com
+
+	Invalid certificate:
+		- foodiecaliente.danze.com
+		- inspiration.danze.com
+		- literature.danze.com
+		- productxref.danze.com
+
+	Timed out:
+		- cp.danze.com
+-->
+
+<ruleset name="Danze.com">
+	<target host="support.danze.com" />
+	<target host="showtimereg.danze.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Dap.com.xml b/src/chrome/content/rules/Dap.com.xml
new file mode 100644
index 000000000000..040026aaff73
--- /dev/null
+++ b/src/chrome/content/rules/Dap.com.xml
@@ -0,0 +1,27 @@
+<!--
+	Active mixed content:
+		- dap.com
+		- www.dap.com
+		- alexspackling.dap.com
+
+	Connection reset:
+		- blog.dap.com
+		- canada.dap.com
+
+	Invalid certificate:
+		- dynaflexultra.dap.com
+		- platinumpatch.dap.com
+		- sealnpeel.dap.com
+		- simpleseal.dap.com
+-->
+
+<ruleset name="Dap.com">
+	<target host="3point0.dap.com" />
+	<target host="alex.dap.com" />
+	<target host="dynagrip.dap.com" />
+	<target host="kwiksealultra.dap.com" />
+	<target host="plasticwood.dap.com" />
+	<target host="rapidfusewood.dap.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Dar-us-Salam-Texas-USA.xml b/src/chrome/content/rules/Dar-us-Salam-Texas-USA.xml
new file mode 100644
index 000000000000..51489599f571
--- /dev/null
+++ b/src/chrome/content/rules/Dar-us-Salam-Texas-USA.xml
@@ -0,0 +1,25 @@
+<!--
+	See https://dar-us-salam.com/stores-branches.htm for related sites.
+
+	Invalid certificate:
+	- store.dar-us-salam.com
+	- www.darussalam.net
+
+-->
+<ruleset name="Dar-us-Salam Islamic Bookstore (Texas, USA)">
+	<target host="dar-us-salam.com" />
+	<target host="www.dar-us-salam.com" />
+
+	<target host="dusstore.com" />
+	<target host="www.dusstore.com" />
+		<test url="http://www.dusstore.com/TheNobleQuran/" />
+
+	<target host="darussalam.net" />
+		<test url="http://darussalam.net/catalogs/Catalog_English.pdf" />
+	<target host="www.darussalam.net" />
+	<target host="affiliate.darussalam.net" />
+
+	<rule from="^http://www\.darussalam\.net/" to="https://darussalam.net/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/DarAnNor.com.xml b/src/chrome/content/rules/DarAnNor.com.xml
new file mode 100644
index 000000000000..fb9e87448431
--- /dev/null
+++ b/src/chrome/content/rules/DarAnNor.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="DarAnNor.com">
+	<target host="darannor.com" />
+	<target host="www.darannor.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/DareBoost.com.xml b/src/chrome/content/rules/DareBoost.com.xml
new file mode 100644
index 000000000000..eb6b6f23ec66
--- /dev/null
+++ b/src/chrome/content/rules/DareBoost.com.xml
@@ -0,0 +1,34 @@
+<!--
+	Problematic hosts in *dareboost.com:
+
+		- blog
+
+
+	Insecure cookies are set for these hosts:
+
+		- blog.dareboost.com
+
+
+	Mixed content:
+
+		- css on blog from $self
+		- Images on blog from $self
+
+-->
+<ruleset name="DareBoost.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="dareboost.com" />
+	<target host="www.dareboost.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^blog\.dareboost\.com$" name="^(mailplan|mailplanBAK)$" /-->
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Daring_Fireball.xml b/src/chrome/content/rules/Daring_Fireball.xml
index dfb5ac2ad5c1..1a27ad4ce876 100644
--- a/src/chrome/content/rules/Daring_Fireball.xml
+++ b/src/chrome/content/rules/Daring_Fireball.xml
@@ -1,16 +1,24 @@
 <!--
-	Problematic subdomains:
-
-		- www		(mismatched)
+	www.daringfireball.net: Mismatched
 
 -->
-<ruleset name="Daring Fireball">
+<ruleset name="Daring Fireball.net">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="daringfireball.net" />
-	<target host="*.daringfireball.net" />
+	<target host="jobs.daringfireball.net" />
+	<target host="store.daringfireball.net" />
+
+	<!--	Complications:
+				-->
+	<target host="www.daringfireball.net" />
+
 
+	<rule from="^http://www\.daringfireball\.net/"
+		to="https://daringfireball.net/" />
 
-	<rule from="^https?://(?:(jobs\.|store\.)|www\.)?daringfireball\.net/"
-		to="https://$1daringfireball.net/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Darjeelin.fr.xml b/src/chrome/content/rules/Darjeelin.fr.xml
new file mode 100644
index 000000000000..493bae2d5957
--- /dev/null
+++ b/src/chrome/content/rules/Darjeelin.fr.xml
@@ -0,0 +1,32 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://darjeelin.fr/ => https://darjeelin.fr/: (35, 'error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol')
+Fetch error: http://a.darjeelin.fr/ => https://a.darjeelin.fr/: (35, 'error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol')
+Fetch error: http://i.darjeelin.fr/ => https://i.darjeelin.fr/: (35, 'error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol')
+Fetch error: http://www.darjeelin.fr/ => https://www.darjeelin.fr/: (35, 'error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol')
+
+	Insecure cookies are set for these domains:
+
+		- .darjeelin.fr
+
+-->
+<ruleset name="Darjeelin.fr" default_off="failed ruleset test">
+
+	<target host="darjeelin.fr" />
+	<target host="a.darjeelin.fr" />
+	<target host="i.darjeelin.fr" />
+	<target host="www.darjeelin.fr" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.darjeelin\.fr$" name="^PHPSESSID$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DarkMoney.cc.xml b/src/chrome/content/rules/DarkMoney.cc.xml
index e10c100aacc2..286b7c1db1e4 100644
--- a/src/chrome/content/rules/DarkMoney.cc.xml
+++ b/src/chrome/content/rules/DarkMoney.cc.xml
@@ -4,16 +4,16 @@
 		- screenshot.ru
 
 -->
-<ruleset name="DarkMoney.cc">
+<ruleset name="DarkMoney.cc" default_off="expired">
 
 	<target host="darkmoney.cc" />
-	<target host="*.darkmoney.cc" />
+	<target host="www.darkmoney.cc" />
 
 
-	<securecookie host="^(?:w*\.)?darkmoney\.cc$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(www\.)?darkmoney\.cc/"
-		to="https://$1darkmoney.cc/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/DarkSky.net.xml b/src/chrome/content/rules/DarkSky.net.xml
new file mode 100644
index 000000000000..b0d3b3bcacc5
--- /dev/null
+++ b/src/chrome/content/rules/DarkSky.net.xml
@@ -0,0 +1,32 @@
+<ruleset name="DarkSky.net">
+
+	<target host="darksky.net" />
+	<target host="www.darksky.net" />
+	<target host="api.darksky.net" />
+	<target host="blog.darksky.net" />
+	<target host="data.darksky.net" />
+	<target host="enterprise-data.darksky.net" />
+	<target host="maps.darksky.net" />
+	<target host="maps-android.darksky.net" />
+	<target host="maps-ios.darksky.net" />
+	<target host="maps-ios-multi.darksky.net" />
+	<target host="maps-raw.darksky.net" />
+	<target host="maps0.darksky.net" />
+	<target host="maps1.darksky.net" />
+	<target host="maps2.darksky.net" />
+	<target host="maps3.darksky.net" />
+	<target host="maps4.darksky.net" />
+	<target host="maps5.darksky.net" />
+	<target host="maps6.darksky.net" />
+	<target host="maps7.darksky.net" />
+	<target host="maps8.darksky.net" />
+	<target host="notifications.darksky.net" />
+	<target host="reporter.darksky.net" />
+	<target host="staging.darksky.net" />
+	<target host="status.darksky.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Dark_Reading.com.xml b/src/chrome/content/rules/Dark_Reading.com.xml
new file mode 100644
index 000000000000..b0871000e81d
--- /dev/null
+++ b/src/chrome/content/rules/Dark_Reading.com.xml
@@ -0,0 +1,44 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://events.darkreading.com/ => https://events.darkreading.com/: (28, 'Operation timed out after 30007 milliseconds with 0 bytes received')
+
+	For other UBM coverage, see UBM.xml.
+
+	Non-functional hosts
+		Timeout was reached:
+			 - jobs.darkreading.com
+
+		SSL connect error:
+			 - staging.new.darkreading.com
+			 - dev.v5.darkreading.com
+
+		Status code mismatch:
+			 - crashcourse.darkreading.com
+			 - event.darkreading.com
+			 - m.darkreading.com
+			 - registrations.darkreading.com
+			 - webinar.darkreading.com
+
+		4xx client error:
+			 - dev.darkreading.com
+			 - mobile.darkreading.com
+			 - pro.darkreading.com
+
+		Mixed content blocking (MCB) tiggered:
+			 - www.darkreading.com
+			 - events.darkreading.com
+			 - w1.darkreading.com
+-->
+<ruleset name="Dark Reading.com" platform="mixedcontent" default_off="failed ruleset test">
+	<target host="darkreading.com" />
+	<target host="www.darkreading.com" />
+	<target host="events.darkreading.com" />
+	<target host="summit.darkreading.com" />
+	<target host="v5.darkreading.com" />
+	<target host="w1.darkreading.com" />
+
+	<securecookie host="^(www\.)?darkreading\.com$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Darkcoin_Foundation.org.xml b/src/chrome/content/rules/Darkcoin_Foundation.org.xml
new file mode 100644
index 000000000000..34860168fb8e
--- /dev/null
+++ b/src/chrome/content/rules/Darkcoin_Foundation.org.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- www.darkcoinfoundation.org
+
+-->
+<ruleset name="Darkcoin Foundation.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="darkcoinfoundation.org" />
+	<target host="www.darkcoinfoundation.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.darkcoinfoundation\.org$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^www\.darkcoinfoundation\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Darkfasel.net.xml b/src/chrome/content/rules/Darkfasel.net.xml
new file mode 100644
index 000000000000..5cf540741d6d
--- /dev/null
+++ b/src/chrome/content/rules/Darkfasel.net.xml
@@ -0,0 +1,25 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+			 - jmt0.darkfasel.net
+			 - jmt3.darkfasel.net
+
+		Timeout was reached:
+			 - jmt1.darkfasel.net
+
+		SSL peer certificate was not OK:
+			 - fpletz.darkfasel.net
+			 - irc.darkfasel.net
+			 - jmt2.darkfasel.net
+-->
+<ruleset name="Darkfasel.net">
+	<target host="darkfasel.net" />
+	<target host="www.darkfasel.net" />
+	<target host="matrix.darkfasel.net" />
+	<target host="synapse.darkfasel.net" />
+	<target host="webirc.darkfasel.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Darkmail.info.xml b/src/chrome/content/rules/Darkmail.info.xml
index 4471d092d760..e8b7e093f9d9 100644
--- a/src/chrome/content/rules/Darkmail.info.xml
+++ b/src/chrome/content/rules/Darkmail.info.xml
@@ -1,6 +1,6 @@
 <ruleset name="Darkmail.info">
 <target host="www.darkmail.info"/>
 <target host="darkmail.info"/>
-<rule from="^http://(www\.)?darkmail\.info/" to="https://www.darkmail.info/"/>
+<rule from="^http:" to="https:" />
 </ruleset>
- 
+
diff --git a/src/chrome/content/rules/Darktable.org.xml b/src/chrome/content/rules/Darktable.org.xml
new file mode 100644
index 000000000000..ae10a199649e
--- /dev/null
+++ b/src/chrome/content/rules/Darktable.org.xml
@@ -0,0 +1,14 @@
+<ruleset name="darktable.org">
+
+	<target host="darktable.org" />
+	<target host="redmine.darktable.org" />
+	<target host="www.darktable.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Darmstadt_University_of_Applied_Sciences.xml b/src/chrome/content/rules/Darmstadt_University_of_Applied_Sciences.xml
index 768352c8ebad..e91e21df3d1e 100644
--- a/src/chrome/content/rules/Darmstadt_University_of_Applied_Sciences.xml
+++ b/src/chrome/content/rules/Darmstadt_University_of_Applied_Sciences.xml
@@ -40,4 +40,4 @@
 	<rule from="^http://mail\.h-da\.de/(?:\?.*)?$"
 		to="https://webmail.h-da.de/owa" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/DartSearch.net.xml b/src/chrome/content/rules/DartSearch.net.xml
new file mode 100644
index 000000000000..a9e4f7534375
--- /dev/null
+++ b/src/chrome/content/rules/DartSearch.net.xml
@@ -0,0 +1,16 @@
+<!--
+	For other Google coverage, see GoogleServices.xml.
+
+	Mismatched:
+		- cs.dartsearch.net
+		- cs.eu.dartsearch.net
+		- cs.uk.dartsearch.net
+-->
+<ruleset name="DartSearch.net">
+	<target host="clickserve.dartsearch.net" />
+	<target host="clickserve.eu.dartsearch.net" />
+	<target host="clickserve.uk.dartsearch.net" />
+	<target host="clickserve.us2.dartsearch.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Dart_Lang.org.xml b/src/chrome/content/rules/Dart_Lang.org.xml
new file mode 100644
index 000000000000..ee2535d6933f
--- /dev/null
+++ b/src/chrome/content/rules/Dart_Lang.org.xml
@@ -0,0 +1,40 @@
+<!--
+	Nonfunctional hosts:
+
+		- news *
+
+	* Handshake fails
+
+
+	^dartlang.org: Handshake fails
+
+
+	Insecure cookies are set for these hosts:
+
+		- pub.dartlang.org
+
+-->
+<ruleset name="Dart Lang.org (partial)">
+
+	<target host="dartlang.org" />
+	<target host="pub.dartlang.org" />
+	<target host="www.dartlang.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^pub\.dartlang\.org$" name="^flash$" /-->
+
+	<securecookie host="^pub\.dartlang\.org$" name=".+" />
+
+
+	<!--	Redirect keeps path, args,
+		and forward slash:
+					-->
+	<rule from="^http://dartlang\.org/"
+		to="https://www.dartlang.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Dartmouth_College.xml b/src/chrome/content/rules/Dartmouth_College.xml
index 7d7b1a4a05b0..a65c99e23c8e 100644
--- a/src/chrome/content/rules/Dartmouth_College.xml
+++ b/src/chrome/content/rules/Dartmouth_College.xml
@@ -46,10 +46,10 @@
 	<rule from="^http://((?:briefings|dimensions|library|login|tower|websso|www)\.)?dartmouth\.edu/"
 		to="https://$1dartmouth.edu/" />
 
-	<rule from="^https?://arts\.dartmouth\.edu/"
+	<rule from="^http://arts\.dartmouth\.edu/"
 		to="https://dartmouth-arts.herokuapp.com/" />
 
-	<rule from="^https?://search\.dartmouth\.edu/(?:.*)"
+	<rule from="^http://search\.dartmouth\.edu/(?:.*)"
 		to="https://www.dartmouth.edu/~search/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/DarwinProject.ac.uk.xml b/src/chrome/content/rules/DarwinProject.ac.uk.xml
new file mode 100644
index 000000000000..963fb6bd402b
--- /dev/null
+++ b/src/chrome/content/rules/DarwinProject.ac.uk.xml
@@ -0,0 +1,8 @@
+<ruleset name="DarwinProject.ac.uk">
+
+	<target host="darwinproject.ac.uk" />
+	<target host="www.darwinproject.ac.uk" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Darwinsys.com.xml b/src/chrome/content/rules/Darwinsys.com.xml
new file mode 100644
index 000000000000..3aaabaa946cb
--- /dev/null
+++ b/src/chrome/content/rules/Darwinsys.com.xml
@@ -0,0 +1,11 @@
+<ruleset name="Darwinsys.com" default_off="cert-chain">
+	<target host="darwinsys.com" />
+	<target host="www.darwinsys.com" />
+	<target host="cjp.darwinsys.com" />
+	<target host="javacook.darwinsys.com" />
+	<target host="lhbooks.darwinsys.com" />
+	<target host="pageunit.darwinsys.com" />
+	<target host="theories.darwinsys.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Das-labor.org.xml b/src/chrome/content/rules/Das-labor.org.xml
index 889ea56aee14..61c433ef754a 100644
--- a/src/chrome/content/rules/Das-labor.org.xml
+++ b/src/chrome/content/rules/Das-labor.org.xml
@@ -2,5 +2,13 @@
   <target host="das-labor.org" />
   <target host="www.das-labor.org" />
 
-  <rule from="^http://(www\.)?das-labor\.org/" to="https://www.das-labor.org/" />
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?das-labor\.org$" name="^pll_language$" /-->
+
+	<securecookie host="^(?:www\.)?das-labor\.org$" name=".+" />
+
+
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/DasErste.de.xml b/src/chrome/content/rules/DasErste.de.xml
new file mode 100644
index 000000000000..b84d0c1356ff
--- /dev/null
+++ b/src/chrome/content/rules/DasErste.de.xml
@@ -0,0 +1,92 @@
+<!--
+	Invalid certificate:
+		ctv-videos.daserste.de
+		(www.)?dailys.daserste.de
+		event-live-hds.daserste.de
+		hbbtv-videos.daserste.de
+		hds.daserste.de
+		hds-geo.daserste.de
+		hls.daserste.de
+		hls-geo.daserste.de
+		live-ut-lh.daserste.de
+		(www.)?mediathek.daserste.de
+		mvideos.daserste.de
+		mvideos-geo.daserste.de
+		pd-videos.daserste.de
+		smoothstreaming-vod.daserste.de
+		sonntagskrimis.daserste.de
+		sslcerttest.daserste.de
+		universal-vod.daserste.de
+
+	Refused:
+		www.m.daserste.de
+		mediathek-origin.daserste.de
+		progpix.daserste.de
+
+	Timeout:
+		deo-vpn.daserste.de
+		download.daserste.de
+		echovoting2010.daserste.de
+		event-live.daserste.de
+		hbbtv.daserste.de
+		hbbtv-babylon.daserste.de
+		hbbtv-tatort.daserste.de
+		lamp-c.daserste.de
+		lamp-dev-c.daserste.de
+		legespiel-dev.daserste.de
+		live-lh.daserste.de
+		m.daserste.de
+		m-service.daserste.de
+		mediathek-tua.daserste.de
+		mx[1-3].daserste.de
+		onlinequiz.daserste.de
+		programm-origin.daserste.de
+		static.daserste.de
+-->
+
+<ruleset name="DasErste.de">
+
+	<target host="daserste.de" />
+	<target host="www.daserste.de" />
+	<target host="alias.daserste.de" />
+	<target host="bauhaus.daserste.de" />
+	<target host="blogs.daserste.de" />
+	<target host="connect.daserste.de" />
+	<target host="forum.daserste.de" />
+	<target host="iosvtt.daserste.de" />
+	<target host="jumpmarks-live.daserste.de" />
+	<target host="katharinaluther.daserste.de" />
+	<target host="legespiel.daserste.de" />
+	<target host="legespiel-mdr.daserste.de" />
+	<target host="live.daserste.de" />
+	<target host="livestreamplanung.daserste.de" />
+	<target host="login.daserste.de" />
+	<target host="mail.daserste.de" />
+	<target host="mcdn.daserste.de" />
+	<target host="mcdn-live-l3.daserste.de" />
+	<target host="mcdn-live-l3-bak.daserste.de" />
+	<target host="mcdn-live-l3-dir.daserste.de" />
+	<target host="mcdn-test.daserste.de" />
+	<target host="multicdn31-bak-br.daserste.de" />
+	<target host="multicdnlv31-br.daserste.de" />
+	<target host="presse.daserste.de" />
+	<target host="previewthumbnails.daserste.de" />
+	<target host="programm.daserste.de" />
+	<target host="quizapp.daserste.de" />
+	<target host="quoten.daserste.de" />
+	<target host="reportage.daserste.de" />
+	<target host="services.daserste.de" />
+	<target host="share.daserste.de" />
+	<target host="tatas.daserste.de" />
+	<target host="test.daserste.de" />
+	<target host="themenwoche.daserste.de" />
+	<target host="tua.daserste.de" />
+	<target host="vpn.daserste.de" />
+	<target host="vpnclient.daserste.de" />
+	<target host="wetterbilder.daserste.de" />
+	<target host="wir5sind1.daserste.de" />
+	<target host="www5.daserste.de" />
+
+	<rule from="^http:"	to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Das_Parlament.xml b/src/chrome/content/rules/Das_Parlament.xml
index f6c4a89fd146..d54c46a403ac 100644
--- a/src/chrome/content/rules/Das_Parlament.xml
+++ b/src/chrome/content/rules/Das_Parlament.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.das-parlament.de/ => https://www.das-parlament.de/: (28, 'Connection timed out after 20000 milliseconds')
+
 	 Problematic domains:
 
 		- epaper	(works; mismatched, CN: www.bundestag.de)
@@ -7,12 +11,11 @@
 	^das-parlament.de doesn't exist.
 
 -->
-<ruleset name="Das Parlament (partial)">
+<ruleset name="Das Parlament (partial)" default_off="failed ruleset test">
 
 	<target host="www.das-parlament.de" />
 
 
-	<rule from="^http://www\.das-parlament\.de/"
-		to="https://www.das-parlament.de/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Dasezna.lgbt.xml b/src/chrome/content/rules/Dasezna.lgbt.xml
new file mode 100644
index 000000000000..f72425026b78
--- /dev/null
+++ b/src/chrome/content/rules/Dasezna.lgbt.xml
@@ -0,0 +1,8 @@
+<ruleset name="Dasezna.lgbt">
+	<target host="dasezna.lgbt" />
+	<target host="www.dasezna.lgbt" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Dash-Player.com.xml b/src/chrome/content/rules/Dash-Player.com.xml
new file mode 100644
index 000000000000..4d0029713620
--- /dev/null
+++ b/src/chrome/content/rules/Dash-Player.com.xml
@@ -0,0 +1,14 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.dash-player.com/ => https://www.dash-player.com/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="bitmovin GmbH" default_off="failed ruleset test">
+
+	<target host="www.dash-player.com"/>
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Dash.org.xml b/src/chrome/content/rules/Dash.org.xml
new file mode 100644
index 000000000000..27ce7577e6f7
--- /dev/null
+++ b/src/chrome/content/rules/Dash.org.xml
@@ -0,0 +1,13 @@
+<ruleset name="Dash.org">
+
+	<target host="dash.org" />
+	<target host="www.dash.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Dashpay.io.xml b/src/chrome/content/rules/Dashpay.io.xml
new file mode 100644
index 000000000000..d8896302540b
--- /dev/null
+++ b/src/chrome/content/rules/Dashpay.io.xml
@@ -0,0 +1,17 @@
+<!--
+	Invalid certificate:
+		dashninja.dashpay.io
+		explorer.dashpay.io
+
+-->
+<ruleset name="Dashpay.io">
+
+	<target host="dashpay.io" />
+	<target host="www.dashpay.io" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Dask.org.xml b/src/chrome/content/rules/Dask.org.xml
new file mode 100644
index 000000000000..2829ad1de88e
--- /dev/null
+++ b/src/chrome/content/rules/Dask.org.xml
@@ -0,0 +1,20 @@
+<ruleset name="Dask.org">
+
+	<target host="dask.org" />
+	<target host="www.dask.org" />
+
+	<target host="blog.dask.org" />
+	<target host="distributed.dask.org" />
+	<target host="docs.dask.org" />
+	<target host="examples.dask.org" />
+	<target host="image.dask.org" />
+	<target host="jobqueue.dask.org" />
+	<target host="kubernetes.dask.org" />
+	<target host="ml.dask.org" />
+	<target host="stories.dask.org" />
+	<target host="yarn.dask.org" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Dassault_Falcon.xml b/src/chrome/content/rules/Dassault_Falcon.xml
index c0f03c21228b..e2d1c6fe3792 100644
--- a/src/chrome/content/rules/Dassault_Falcon.xml
+++ b/src/chrome/content/rules/Dassault_Falcon.xml
@@ -10,21 +10,29 @@
 <ruleset name="Dassault Falcon">
 
 	<target host="dassaultfalcon.com" />
-	<target host="*.dassaultfalcon.com" />
+	<target host="customer.dassaultfalcon.com" />
+	<target host="insight.dassaultfalcon.com" />
+	<target host="sqr.dassaultfalcon.com" />
+	<target host="wtsdc.dassaultfalcon.com" />
+	<target host="www.dassaultfalcon.com" />
 	<target host="falconjet.com" />
-	<target host="*.falconjet.com" />
+	<target host="www.falconjet.com" />
+	<target host="aht.falconjet.com" />
+	<target host="cats.falconjet.com" />
+	<target host="devworks.falconjet.com" />
+	<target host="qlik.falconjet.com" />
+	<target host="spares.falconjet.com" />
+	<target host="thebridge.falconjet.com" />
+	<target host="thin.falconjet.com" />
 
 
 	<securecookie host="^.+\.(?:dassaultfalcon|falconjet)\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:dassaultfalcon|(?:www\.)?falconjet)\.com/"
+	<rule from="^http://(?:dassaultfalcon|(?:www\.)?falconjet)\.com/"
 		to="https://www.dassaultfalcon.com/" />
 
-	<rule from="^http://(customer|insight|sqr|wtsdc|www)\.dassaultfalcon\.com/"
-		to="https://$1.dassaultfalcon.com/" />
 
-	<rule from="^http://(aht|cats|devworks|qlik|spares|thebridge|thin)\.falconjet\.com/"
-		to="https://$1.falconjet.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Dassault_Systemes.xml b/src/chrome/content/rules/Dassault_Systemes.xml
index b5be60767cda..f6aa33c7729b 100644
--- a/src/chrome/content/rules/Dassault_Systemes.xml
+++ b/src/chrome/content/rules/Dassault_Systemes.xml
@@ -24,4 +24,4 @@
 	<rule from="^http://a\d\.media\.3ds\.com/"
 		to="https://www.3ds.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Dastelefonbuch.de.xml b/src/chrome/content/rules/Dastelefonbuch.de.xml
deleted file mode 100644
index f1c7bb1eec49..000000000000
--- a/src/chrome/content/rules/Dastelefonbuch.de.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="Dastelefonbuch.de">
-<target host="www2.dastelefonbuch.de"/>
-<target host="mein2.dastelefonbuch.de" />
-
-<rule from="^http://www2\.dastelefonbuch\.de/" to="https://www2.dastelefonbuch.de/"/>
-<rule from="^http://mein2\.dastelefonbuch\.de/" to="https://mein2.dastelefonbuch.de/"/>
-
-
-</ruleset>
- 
diff --git a/src/chrome/content/rules/DatStat.xml b/src/chrome/content/rules/DatStat.xml
index fb9d6ed6e61c..80938079a2bc 100644
--- a/src/chrome/content/rules/DatStat.xml
+++ b/src/chrome/content/rules/DatStat.xml
@@ -14,10 +14,10 @@
 	<securecookie host="^www\.datstat\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?datstat\.com/"
+	<rule from="^http://(?:www\.)?datstat\.com/"
 		to="https://www.datstat.com/" />
 
 	<rule from="^http://([\w-]+)\.datstathost\.com/"
 		to="https://$1.datstathost.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Data-Design-mismatches.xml b/src/chrome/content/rules/Data-Design-mismatches.xml
index 84e03bf4078c..81b49874e08e 100644
--- a/src/chrome/content/rules/Data-Design-mismatches.xml
+++ b/src/chrome/content/rules/Data-Design-mismatches.xml
@@ -1,4 +1,4 @@
-<ruleset name="Data Design (mismatches)" default_off="mismatch">
+<ruleset name="Data Design (mismatches)" default_off="mismatched">
 
 	<target host="webmercs.com"/>
 	<target host="www.webmercs.com"/>
@@ -6,7 +6,7 @@
 	<target host="www.webmercs.no"/>
 	<target host="img2.wmxstatic.com"/>
 
-	<securecookie host="^(.*\.)?webmercs\.no$" name=".*"/>
+	<securecookie host="^(?:.*\.)?webmercs\.no$" name=".+" />
 
 	<rule from="^http://(?:www\.)?webmercs\.(?:com|no)/"
 		to="https://www.webmercs.no/"/>
diff --git a/src/chrome/content/rules/Data-Design.xml b/src/chrome/content/rules/Data-Design.xml
index 30ad0cd030cb..699575eda739 100644
--- a/src/chrome/content/rules/Data-Design.xml
+++ b/src/chrome/content/rules/Data-Design.xml
@@ -2,9 +2,8 @@
 
 	<target host="secure.webmercs.com"/>
 
-	<securecookie host="^secure\.webmercs\.com$" name=".*"/>
+	<securecookie host="^secure\.webmercs\.com$" name=".+" />
 
-	<rule from="^http://secure\.webmercs\.com/"
-		to="https://secure.webmercs.com/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Data-Protection-Commissioner.xml b/src/chrome/content/rules/Data-Protection-Commissioner.xml
index c46c87249984..763b1afcae50 100644
--- a/src/chrome/content/rules/Data-Protection-Commissioner.xml
+++ b/src/chrome/content/rules/Data-Protection-Commissioner.xml
@@ -7,7 +7,6 @@
 	<securecookie host="^(?:www\.)?dataprotection\.ie$" name=".+" />
 
 
-	<rule from="^http://(www\.)?dataprotection\.ie/"
-		to="https://$1dataprotection.ie/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Data.com.xml b/src/chrome/content/rules/Data.com.xml
index 868388e3faa9..c31feb7996d0 100644
--- a/src/chrome/content/rules/Data.com.xml
+++ b/src/chrome/content/rules/Data.com.xml
@@ -15,7 +15,11 @@
 <ruleset name="Data.com">
 
 	<target host="data.com" />
-	<target host="*.data.com" />
+	<target host="www.data.com" />
+	<target host="connect.data.com" />
+	<target host="jigsaw.data.com" />
+	<target host="www.jigsaw.data.com" />
+	<target host="static.data.com" />
 
 
 	<securecookie host="^.+\.data\.com$" name=".+" />
@@ -24,7 +28,6 @@
 	<rule from="^http://(?:www\.)?data\.com/"
 		to="https://www.data.com/" />
 
-	<rule from="^http://(connect|(?:www\.)?jigsaw|static)\.data\.com/"
-		to="https://$1.data.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Data.fm.xml b/src/chrome/content/rules/Data.fm.xml
index e779111beac3..4770359cf392 100644
--- a/src/chrome/content/rules/Data.fm.xml
+++ b/src/chrome/content/rules/Data.fm.xml
@@ -1,9 +1,15 @@
-<ruleset name="data.fm">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://data.fm/ => https://data.fm/: (28, 'Connection timed out after 20000 milliseconds')
+
+-->
+<ruleset name="data.fm" default_off="failed ruleset test">
 
 	<target host="data.fm"/>
 	<target host="*.data.fm"/>
 
-	<securecookie host=".*\.data\.fm$" name=".*"/>
+	<securecookie host=".*\.data\.fm$" name=".+" />
 
 	<rule from="^http://data\.fm/"
 		to="https://data.fm/"/>
diff --git a/src/chrome/content/rules/DataCamp.com.xml b/src/chrome/content/rules/DataCamp.com.xml
new file mode 100644
index 000000000000..9ca9f9a6b8c3
--- /dev/null
+++ b/src/chrome/content/rules/DataCamp.com.xml
@@ -0,0 +1,24 @@
+<!--
+	^: refused
+
+-->
+<ruleset name="DataCamp.com">
+
+	<target host="datacamp.com" />
+	<target host="www.datacamp.com" />
+	<target host="api.datacamp.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^api\.datacamp\.com$" name="^(_datacamp_session|AWSELB|XSRF-TOKEN)$" /-->
+
+	<securecookie host="^api\.datacamp\.com$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?datacamp\.com/"
+		to="https://www.datacamp.com/" />
+
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/DataCell.xml b/src/chrome/content/rules/DataCell.xml
index a081c01ee5ea..2b91554cee0f 100644
--- a/src/chrome/content/rules/DataCell.xml
+++ b/src/chrome/content/rules/DataCell.xml
@@ -1,4 +1,8 @@
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://datacell.com/ => https://www.datacell.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://datacell.is/ => https://www.datacell.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.datacell.is/ => https://www.datacell.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 	Problematic domains:
 
 		- datacell.com *
@@ -10,7 +14,8 @@
 <ruleset name="DataCell" platform="mixedcontent">
 
 	<target host="datacell.com" />
-	<target host="*.datacell.com" />
+	<target host="www.datacell.com" />
+	<target host="paygate.datacell.com" />
 	<target host="datacell.is" />
 	<target host="www.datacell.is" />
 
@@ -21,7 +26,6 @@
 	<rule from="^http://(?:www\.)?datacell\.(?:com|is)/"
 		to="https://www.datacell.com/" />
 
-	<rule from="^http://paygate\.datacell\.com/"
-		to="https://paygate.datacell.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/DataCenterKnowledge.com.xml b/src/chrome/content/rules/DataCenterKnowledge.com.xml
index 8033b5da5b37..0a2d2f96cca6 100644
--- a/src/chrome/content/rules/DataCenterKnowledge.com.xml
+++ b/src/chrome/content/rules/DataCenterKnowledge.com.xml
@@ -1,21 +1,31 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://datacenterknowledge.com/ => https://datacenterknowledge.com/: (60, 'SSL certificate problem: certificate has expired')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://datacenterknowledge.com/ => https://datacenterknowledge.com/: Cycle detected - URL already encountered: https://datacenterknowledge.com/
+	For other iNET Interactive coverage, see INet-Interactive.xml.
+
+
 	jobs.datacenterknowledge.com lacks ssl. :(
 	openx.datacenterknowledge.com lacks ssl. :(
 -->
-<ruleset name="DataCenterKnowledge.com (partial)" platform="mixedcontent">
+<ruleset name="DataCenterKnowledge.com (partial)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="datacenterknowledge.com" />
-	<target host="*.datacenterknowledge.com" />
+	<target host="www.datacenterknowledge.com" />
+	<target host="jobs.datacenterknowledge.com" />
 		<!--	rewriting / and paths under /a/ to datacenterknowledge.jobamatic.com
 			redirects to https://www.jobamatic.com/jbb-static/home		-->
-		<exclusion pattern="^http://jobs\.datacenterknowledge\.com/($|a/)" />
+		<exclusion pattern="^http://jobs\.datacenterknowledge\.com/(?:$|a/)" />
 
 
 	<rule from="^http://(www\.)?datacenterknowledge\.com/"
 		to="https://$1datacenterknowledge.com/" />
 
 	<!--	See Simply-Hired-clients.xml for problematic jobs rules		-->
-	<rule from="^https?://jobs\.datacenterknowledge\.com/c/"
+	<rule from="^http://jobs\.datacenterknowledge\.com/c/"
 		to="https://datacenterknowledge.jobamatic.com/c/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/DataCoup.com.xml b/src/chrome/content/rules/DataCoup.com.xml
index 852fd823a483..857284cf66a3 100644
--- a/src/chrome/content/rules/DataCoup.com.xml
+++ b/src/chrome/content/rules/DataCoup.com.xml
@@ -1,25 +1,29 @@
 <!--
-	DataCoup, Inc.
+	Datacoup, Inc.
 
 
 	Nonfunctional subdomains:
 
-		- blog	(dropped)
+		- blog *
+
+	* Tumblr
 
 -->
-<ruleset name="DataCoup.com (partial)">
+<ruleset name="Datacoup.com (partial)">
 
 	<target host="datacoup.com" />
 	<target host="www.datacoup.com" />
 
 
-	<securecookie host="^datacoup\.com$" name=".+" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^datacoup\.com$" name="AWSELB$" /-->
+	<!--securecookie host="^www\.datacoup\.com$" name="^(?:_session_id|AWSELB)$" /-->
+
+	<securecookie host="^(?:www\.)?datacoup\.com$" name=".+" />
 
 
-	<!--	www redirects to ^ over http,
-		so copy that behavior:
-					-->
-	<rule from="^http://(?:www\.)?datacoup\.com/"
-		to="https://datacoup.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/DataDirect.com.xml b/src/chrome/content/rules/DataDirect.com.xml
new file mode 100644
index 000000000000..6d93684cc705
--- /dev/null
+++ b/src/chrome/content/rules/DataDirect.com.xml
@@ -0,0 +1,42 @@
+<!--
+
+	(www.)?datadirect.com: Refused
+
+
+	Insecure cookies are set for these hosts:
+
+		- blogs.datadirect.com
+
+-->
+<ruleset name="DataDirect.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="blogs.datadirect.com" />
+
+	<!--	Complications:
+				-->
+	<target host="datadirect.com" />
+	<target host="www.datadirect.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^blogs\.datadirect\.com$" name="^(PHPSESSID|wfvt_\d{10})$" /-->
+
+	<securecookie host="^blogs\.datadirect\.com$" name=".+" />
+
+
+	<!--	Redirect drops path and args,
+		but not forward slash:
+					-->
+	<rule from="^http://(?:www\.)?datadirect\.com/[^?]*"
+		to="https://www.progress.com/products/datadirect" />
+
+		<test url="http://datadirect.com/?" />
+		<test url="http://datadirect.com//" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DataHC.com.xml b/src/chrome/content/rules/DataHC.com.xml
new file mode 100644
index 000000000000..c121590b305f
--- /dev/null
+++ b/src/chrome/content/rules/DataHC.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="dataHC.com">
+
+	<target host="cdn.datahc.com" />
+	<target host="media.datahc.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DataHub.io.xml b/src/chrome/content/rules/DataHub.io.xml
new file mode 100644
index 000000000000..67631a75fa40
--- /dev/null
+++ b/src/chrome/content/rules/DataHub.io.xml
@@ -0,0 +1,17 @@
+<!--
+	Invalid certificate:
+		help.datahub.io
+
+-->
+<ruleset name="DataHub.io">
+
+	<target host="datahub.io" />
+	<target host="www.datahub.io" />
+	<target host="docs.datahub.io" />
+	<target host="old.datahub.io" />
+	<target host="pkgstore.datahub.io" />
+		<test url="http://pkgstore.datahub.io/core/un-locode/latest/data/csv/data/function-classifiers.csv" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DataMineLab.com.xml b/src/chrome/content/rules/DataMineLab.com.xml
new file mode 100644
index 000000000000..7370b7ec0d12
--- /dev/null
+++ b/src/chrome/content/rules/DataMineLab.com.xml
@@ -0,0 +1,19 @@
+<!--
+	Invalid certificate:
+		dataminelab.com
+
+-->
+<ruleset name="DataMineLab.com">
+
+	<target host="dataminelab.com" />
+	<target host="www.dataminelab.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://www\.dataminelab\.com/"
+		to="https://dataminelab.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DataQuest.io.xml b/src/chrome/content/rules/DataQuest.io.xml
new file mode 100644
index 000000000000..f7b3713bab59
--- /dev/null
+++ b/src/chrome/content/rules/DataQuest.io.xml
@@ -0,0 +1,9 @@
+<ruleset name="DataQuest.io">
+
+	<target host="dataquest.io" />
+	<target host="www.dataquest.io" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DataSavesLives.eu.xml b/src/chrome/content/rules/DataSavesLives.eu.xml
new file mode 100644
index 000000000000..19293a65dfc2
--- /dev/null
+++ b/src/chrome/content/rules/DataSavesLives.eu.xml
@@ -0,0 +1,16 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://datasaveslives.eu/ => https://datasaveslives.eu/: (51, "SSL: no alternative certificate subject name matches target host name 'datasaveslives.eu'")
+Fetch error: http://www.datasaveslives.eu/ => https://www.datasaveslives.eu/: (51, "SSL: no alternative certificate subject name matches target host name 'www.datasaveslives.eu'")
+
+-->
+<ruleset name="DataSavesLives.eu" default_off="failed ruleset test">
+
+	<target host="datasaveslives.eu" />
+	<target host="www.datasaveslives.eu" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DataTables.net.xml b/src/chrome/content/rules/DataTables.net.xml
index 43e9ec2249a0..622794115316 100644
--- a/src/chrome/content/rules/DataTables.net.xml
+++ b/src/chrome/content/rules/DataTables.net.xml
@@ -1,13 +1,26 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .datatables.net
+
+-->
 <ruleset name="DataTables.net">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="datatables.net" />
-	<target host="*.datatables.net" />
+	<target host="cdn.datatables.net" />
+	<target host="www.datatables.net" />
+
 
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.datatables\.net$" name="^(?:__cfduid|cf_clearance)$" /-->
 
 	<securecookie host="^(?:w*\.)?datatables\.net$" name=".+" />
 
 
-	<rule from="^http://(www\.)?datatables\.net/"
-		to="https://$1datatables.net/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/DataVantage.xml b/src/chrome/content/rules/DataVantage.xml
index c59f4328df2a..f7d25d27ca46 100644
--- a/src/chrome/content/rules/DataVantage.xml
+++ b/src/chrome/content/rules/DataVantage.xml
@@ -3,7 +3,6 @@
 	<target host="datavantage.com"/>
 	<target host="www.datavantage.com"/>
 
-	<rule from="^http://(www\.)?datavantage\.com/"
-		to="https://$1datavantage.com/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/DataXu.xml b/src/chrome/content/rules/DataXu.xml
index d415c7e7b663..9044e68992f0 100644
--- a/src/chrome/content/rules/DataXu.xml
+++ b/src/chrome/content/rules/DataXu.xml
@@ -1,26 +1,32 @@
 <!--
-	Nonfunctional domains:
+	Other DataXu.com rulesets:
 
-		- (www.)dataxu.com	(cert: www-srv02.sldc.dataxu.net;
-					shows CentOS test page)
+		- W55c.net.xml
+
+
+	Insecure cookies are set for these hosts:
+
+		- dataxu.com
+		- advertisers.dataxu.com
+		- www.dataxu.com
 
 -->
-<ruleset name="DataXu (partial)">
+<ruleset name="DataXu.com">
 
+	<target host="dataxu.com" />
 	<target host="advertisers.dataxu.com" />
-	<target host="*.w55c.net" />
+	<target host="www.dataxu.com" />
 
 
-	<securecookie host="^advertisers\.dataxu\.com$" name=".+" />
-	<securecookie host="^\.w55c\.net$" name=".+" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?dataxu\.com$" name="^_icl_current_language$" /-->
+	<!--securecookie host="^advertisers\.dataxu\.com$" name="^_session_id$" /-->
 
+	<securecookie host="^(?:advertisers\.|www\.)?dataxu\.com$" name=".+" />
 
-	<rule from="^http://advertisers\.dataxu\.com/"
-		to="https://advertisers.dataxu.com/" />
 
-	<!--	Included on 3rd-party websites.
-						-->
-	<rule from="^http://(i|tags)\.w55c\.net/"
-		to="https://$1.w55c.net/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Data_Center_World.com.xml b/src/chrome/content/rules/Data_Center_World.com.xml
new file mode 100644
index 000000000000..ab7715edc4d0
--- /dev/null
+++ b/src/chrome/content/rules/Data_Center_World.com.xml
@@ -0,0 +1,25 @@
+<!--
+	For other iNET Interactive coverage, see INet-Interactive.xml.
+
+
+	At least some pages redirect to http.
+
+
+	Mixed content:
+
+		- css from fonts.googleapis.com *
+		- css from vjs.zencdn.net *
+
+	* Secured by us
+
+-->
+<ruleset name="Data Center World.com (partial)">
+
+	<target host="datacenterworld.com" />
+	<target host="www.datacenterworld.com" />
+
+
+	<rule from="^http://(www\.)?datacenterworld\.com/(?=(?:[\w-]+/)?wp-(?:content|includes)/)"
+		to="https://$1datacenterworld.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Data_Conservancy.org.xml b/src/chrome/content/rules/Data_Conservancy.org.xml
new file mode 100644
index 000000000000..4c4b338c37d5
--- /dev/null
+++ b/src/chrome/content/rules/Data_Conservancy.org.xml
@@ -0,0 +1,20 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://dataconservancy.org/ => https://dataconservancy.org/: (35, 'error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure')
+Fetch error: http://www.dataconservancy.org/ => https://www.dataconservancy.org/: (35, 'error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure')
+
+-->
+<ruleset name="Data Conservancy.org" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="dataconservancy.org" />
+	<target host="scm.dataconservancy.org" />
+	<target host="www.dataconservancy.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Data_Informed.xml b/src/chrome/content/rules/Data_Informed.xml
index e6a5262f093e..f721ddf91349 100644
--- a/src/chrome/content/rules/Data_Informed.xml
+++ b/src/chrome/content/rules/Data_Informed.xml
@@ -14,4 +14,4 @@
 	<rule from="^http://(?:www\.)?data-informed\.com/"
 		to="https://data-informed.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Database.com.xml b/src/chrome/content/rules/Database.com.xml
index 32cb6b50f627..698abdd626d6 100644
--- a/src/chrome/content/rules/Database.com.xml
+++ b/src/chrome/content/rules/Database.com.xml
@@ -47,10 +47,12 @@
 -->
 <ruleset name="Database.com (partial)">
 
-	<target host="*.database.com" />
+	<target host="autodiscover.database.com" />
+	<target host="blog.database.com" />
+	<target host="login.database.com" />
+	<target host="webmail.database.com" />
 
 
-	<rule from="^http://(autodiscover|blog|login|webmail)\.database\.com/"
-		to="https://$1.database.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Databits.net.xml b/src/chrome/content/rules/Databits.net.xml
index 63223d7c0c0a..0cd1c9c7a160 100644
--- a/src/chrome/content/rules/Databits.net.xml
+++ b/src/chrome/content/rules/Databits.net.xml
@@ -1,10 +1,19 @@
-<ruleset name="databits.net">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://databits.net/ => https://databits.net/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.databits.net/ => https://www.databits.net/: (60, 'SSL certificate problem: certificate has expired')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://databits.net/ => https://databits.net/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.databits.net/ => https://www.databits.net/: (60, 'SSL certificate problem: certificate has expired')
+-->
+<ruleset name="databits.net" default_off="failed ruleset test">
 
 	<target host="databits.net" />
 	<target host="www.databits.net" />
 
 
-	<rule from="^http://(www\.)?databits\.net/"
-		to="https://$1databits.net/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Datacard.com.xml b/src/chrome/content/rules/Datacard.com.xml
new file mode 100644
index 000000000000..6c7899a1875f
--- /dev/null
+++ b/src/chrome/content/rules/Datacard.com.xml
@@ -0,0 +1,22 @@
+<!--
+	Other Datacard Group rulesets:
+
+		- Entrust.xml
+		- Entrust.com.xml
+
+
+	Non-functional hosts:
+		Timeout:
+		- careers.datacard.com
+
+-->
+<ruleset name="Datacard.com">
+
+	<target host="datacard.com" />
+	<target host="www.datacard.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DatacloudMail.ru.xml b/src/chrome/content/rules/DatacloudMail.ru.xml
new file mode 100644
index 000000000000..4111ea51fc64
--- /dev/null
+++ b/src/chrome/content/rules/DatacloudMail.ru.xml
@@ -0,0 +1,17 @@
+<!--
+	For other Mail.ru coverage, see Mail.ru.xml.
+
+-->
+<ruleset name="datacloudMail.ru">
+
+	<target host="*.datacloudmail.ru" />
+
+		<test url="http://cloclo2.datacloudmail.ru/weblink/view/G17t/xsdj41aV8" />
+		<test url="http://cloclo11.datacloudmail.ru/weblink/view/Loap/tnD9uWx3w" />
+		<test url="http://games.datacloudmail.ru/" />
+
+
+	<rule from="^http://(cloclo\d+|games)\.datacloudmail\.ru/"
+		to="https://$1.datacloudmail.ru/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DatadogHQ.com.xml b/src/chrome/content/rules/DatadogHQ.com.xml
new file mode 100644
index 000000000000..2ec17336b73a
--- /dev/null
+++ b/src/chrome/content/rules/DatadogHQ.com.xml
@@ -0,0 +1,29 @@
+<!--
+	Nonfunctional hosts in *datadoghq.com:
+
+		- docs ¹
+		- jobs ²
+
+	¹ Refused
+	² Jazz; redirects to http
+
+-->
+<ruleset name="DatadogHQ.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="app.datadoghq.com" />
+	<target host="www.datadoghq.com" />
+
+	<!--	Complications:
+				-->
+	<target host="datadoghq.com" />
+
+
+	<rule from="^http://datadoghq\.com/"
+		to="https://www.datadoghq.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Datalogix.com.xml b/src/chrome/content/rules/Datalogix.com.xml
index 0a61dbc53532..60af0c74d0f3 100644
--- a/src/chrome/content/rules/Datalogix.com.xml
+++ b/src/chrome/content/rules/Datalogix.com.xml
@@ -1,4 +1,9 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://datalogix.com/ => http://datalogix.com/: Too many redirects while fetching 'http://datalogix.com/'
+Fetch error: http://www.datalogix.com/ => http://www.datalogix.com/: Too many redirects while fetching 'http://www.datalogix.com/'
+
 	Other Datalogix rulesets:
 
 		- Nexac.com.xml
@@ -12,7 +17,7 @@
 	Some pages redirect to http.
 
 -->
-<ruleset name="Datalogix.com (partial)">
+<ruleset name="Datalogix.com (partial)" default_off="failed ruleset test">
 
 	<target host="datalogix.com" />
 	<target host="www.datalogix.com" />
@@ -21,4 +26,4 @@
 	<rule from="^http://(?:www\.)?datalogix\.com/(favicon\.ico|wp-content/|wp-includes/)"
 		to="https://www.datalogix.com/$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Datamappi.fi.xml b/src/chrome/content/rules/Datamappi.fi.xml
index c1a0d71548d3..a1356a322a5d 100644
--- a/src/chrome/content/rules/Datamappi.fi.xml
+++ b/src/chrome/content/rules/Datamappi.fi.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://datamappi.fi/ => https://www.datamappi.fi/: (7, 'Failed to connect to www.datamappi.fi port 443: Connection refused')
+
 	Problematic subdomains:
 
 		- ^	(cert only matches www)
@@ -10,10 +14,11 @@
 		- owa
 
 -->
-<ruleset name="Datamappi.fi">
+<ruleset name="Datamappi.fi" default_off="failed ruleset test">
 
 	<target host="datamappi.fi" />
-	<target host="*.datamappi.fi" />
+	<target host="www.datamappi.fi" />
+	<target host="oma.datamappi.fi" />
 
 
 	<securecookie host="^(?:oma|www)\.datamappi\.fi$" name=".+" />
@@ -22,7 +27,6 @@
 	<rule from="^http://(?:www\.)?datamappi\.fi/"
 		to="https://www.datamappi.fi/" />
 
-	<rule from="^http://oma\.datamappi\.fi/"
-		to="https://oma.datamappi.fi/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Datamind.ru.xml b/src/chrome/content/rules/Datamind.ru.xml
index 1c02a18297e0..16e557cb2156 100644
--- a/src/chrome/content/rules/Datamind.ru.xml
+++ b/src/chrome/content/rules/Datamind.ru.xml
@@ -1,12 +1,9 @@
 <ruleset name="datamind.ru">
 
-	<target host="*.pool.datamind.ru" />
+	<target host="sync.pool.datamind.ru" />
 
 
-	<securecookie host="^\.pool\.datamind\.ru$" name=".+" />
 
-
-	<rule from="^http://sync\.pool\.datamind\.ru/"
-		to="https://sync.pool.datamind.ru/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Datamonitor.com.xml b/src/chrome/content/rules/Datamonitor.com.xml
new file mode 100644
index 000000000000..5e75645fb788
--- /dev/null
+++ b/src/chrome/content/rules/Datamonitor.com.xml
@@ -0,0 +1,23 @@
+<!--
+	Nonfunctional hosts in *datamonitor.com:
+
+		- about *
+		- www **
+
+	* Refused
+	** 522
+
+-->
+<ruleset name="Datamonitor.com (partial)" default_off="522">
+
+	<target host="datamonitor.com" />
+
+
+	<securecookie host="^\." name="^(?:__cfduid|__utm\w+|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Datamonitor_Healthcare.xml b/src/chrome/content/rules/Datamonitor_Healthcare.xml
index 4534b5fc7be3..f24156ef7a21 100644
--- a/src/chrome/content/rules/Datamonitor_Healthcare.xml
+++ b/src/chrome/content/rules/Datamonitor_Healthcare.xml
@@ -1,14 +1,15 @@
 <!--
-	CN: www.fablabtacoma.com
+	- Expired 2013-11-09
+	- CN: www.fablabtacoma.com
 
 -->
-<ruleset name="Datamonitor Healthcare" default_off="mismatched">
+<ruleset name="Datamonitor Healthcare" default_off="expired, mismatched">
 
 	<target host="datamonitorhealthcare.com" />
 	<target host="www.datamonitorhealthcare.com" />
 
 
-	<rule from="^https?://(?:www\.)?datamonitorhealthcare\.com/"
+	<rule from="^http://(?:www\.)?datamonitorhealthcare\.com/"
 		to="https://www.datamonitorhealthcare.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Dataopedia.com.xml b/src/chrome/content/rules/Dataopedia.com.xml
deleted file mode 100644
index a5eaf570d1e8..000000000000
--- a/src/chrome/content/rules/Dataopedia.com.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	CDN buckets:
-
-		- startup-thumbs.s3.amazonaws.com | d2hb7m70lgc5kn.cloudfront.net
-
-			- cdn
-
-
-	Nonfunctional subdomains:
-
-		- (www.)	(refused)
-
--->
-<ruleset name="Dataopedia.com (partial)">
-
-	<target host="cdn.dataopedia.com" />
-
-
-	<rule from="^http://cdn\.dataopedia\.com/"
-		to="https://d2hb7m70lgc5kn.cloudfront.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Datapath.io.xml b/src/chrome/content/rules/Datapath.io.xml
new file mode 100644
index 000000000000..c128102cf70c
--- /dev/null
+++ b/src/chrome/content/rules/Datapath.io.xml
@@ -0,0 +1,12 @@
+<ruleset name="Datapath.io">
+
+	<target host="datapath.io" />
+	<target host="www.datapath.io" />
+
+
+	<securecookie host="^\.datapath\.io$" name="^__cfduid$" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Datapipe.co.uk.xml b/src/chrome/content/rules/Datapipe.co.uk.xml
new file mode 100644
index 000000000000..b0ab18b48ae6
--- /dev/null
+++ b/src/chrome/content/rules/Datapipe.co.uk.xml
@@ -0,0 +1,45 @@
+<!--
+	For other Datapipe coverage, see Datapipe.com.xml.
+
+
+	Insecure cookies are set for these hosts:
+
+		- datapipe.co.uk
+		- www.datapipe.co.uk
+
+
+	Mixed content:
+
+		css, on:
+
+			- www.datapipe.co.uk from fast.fonts.net ¹
+			- www.datapipe.co.uk from fonts.googleapis.com ¹
+
+		- Ads/bugs, on:
+
+			- (www.)?datapipe.co.uk from go.datapipe.com ¹
+			- (www.)?datapipe.co.uk from web-cntr-07.com ²
+
+	¹ Secured by us
+	² Unsecurable <= refused
+
+-->
+<ruleset name="Datapipe.co.uk">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="datapipe.co.uk" />
+	<target host="www.datapipe.co.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?datapipe\.co\.uk$" name="^(?:exp_last_activity|exp_last_visit|exp_tracker)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Datapipe.com-mismatches.xml b/src/chrome/content/rules/Datapipe.com-mismatches.xml
deleted file mode 100644
index 2c01290b4e62..000000000000
--- a/src/chrome/content/rules/Datapipe.com-mismatches.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--	See Datapipe.com.xml also
--->
-<ruleset name="Datapipe.com (mismatches)" default_off="Certificate mismatch, self-signed">
-
-	<target host="datapipe.cn" />
-	<target host="www.datapipe.cn" />
-	<target host="mirror.datapipe.com" />
-	<target host="mirror.datapipe.net" />
-
-	<rule from="^http://(www\.)?datapipe\.cn/"
-		to="https://www.datapipe.cn/" />
-
-	<rule from="^http://mirror\.datapipe\.(com|net)/"
-		to="https://mirror.datapipe.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Datapipe.com.xml b/src/chrome/content/rules/Datapipe.com.xml
index 4a9b602af163..093e7907f1a9 100644
--- a/src/chrome/content/rules/Datapipe.com.xml
+++ b/src/chrome/content/rules/Datapipe.com.xml
@@ -1,26 +1,87 @@
-<!--	See Datapipe.com-mismatches.xml also
+<!--
+	Other Datapipe rulesets:
+
+		- Datapipe.co.uk.xml
+		- My_Datapipe.com.xml
+		- My_Datapipe.net.xml
+
+
+	Nonfunctional domains:
+
+		- (www.)?datapipe.net *
+		- mirror.datapipe.(com|net) *
+
+	* Refused
+
+
+	Insecure cookies are set for these hosts:
+
+		- datapipe.com
+		- cloud.datapipe.com
+		- docs.cloud.datapipe.com
+		- sso.datapipe.com
+		- www.datapipe.com
+
+
+	Mixed content:
+
+		- css, on:
+
+			- www.datapipe.com from fast.fonts.net ¹
+			- www.datapipe.com from fonts.googleapis.com ¹
+
+		- Ads/bugs, on:
+
+			- (www.)?datapipe.com from go.datapipe.com ¹
+			- (www.)?datapipe.com from web-cntr-07.com ²
+
+	¹ Secured by us
+	² Unsecurable <= refused
+
 -->
 <ruleset name="Datapipe.com (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="datapipe.com" />
+	<target host="cloud.datapipe.com" />
+	<target host="docs.cloud.datapipe.com" />
 	<target host="secure.datapipe.com" />
+	<target host="sso.datapipe.com" />
 	<target host="www.datapipe.com" />
-	<target host="datapipe.co.uk" />
-	<target host="www.datapipe.co.uk" />
-	<target host="datapipe.net" />
-	<target host="www.datapipe.net" />
-	<target host="mydatapipe.com" />
-	<target host="www.mydatapipe.com" />
-	<target host="mydatapipe.net" />
-	<target host="www.mydatapipe.net" />
-
-	<rule from="^http://(www\.)?(my)?datapipe\.(com|net)/"
-		to="https://www.$2datapipe.com/" />
-
-	<rule from="^http://www\.datapipe\.co\.uk/"
-		to="https://www.datapipe.co.uk/" />
-
-	<rule from="^http://secure\.datapipe\.com/"
-		to="https://secure.datapipe.com/" />
+	<target host="datapipe.cn" />
+	<target host="www.datapipe.cn" />
+
+	<!--	Complications:
+				-->
+	<target host="go.datapipe.com" />
+
+		<exclusion pattern="^http://go\.datapipe\.com/(?!l/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://go.datapipe.com/quote_request" />
+
+			<!--	-ve:
+					-->
+			<test url="http://go.datapipe.com/l/47762/2014-08-06/2p7c" />
+
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?datapipe\.com$" name="^(?:exp_last_activity|exp_last_visit|exp_tracker)$" /-->
+	<!--securecookie host="^cloud\.datapipe\.com$" name="^_session_id$" /-->
+	<!--securecookie host="^docs\.cloud\.datapipe\.com$" name="^_cloud-docs_session$" /-->
+	<!--securecookie host="^sso\.datapipe\.com$" name="^SimpleSAMLSessionID$" /-->
+
+	<securecookie host="^(?:.+\.)?datapipe\.com$" name=".+" />
+
+
+	<rule from="^http://go\.datapipe\.com/"
+		to="https://pi.pardot.com/" />
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Datared.dk.xml b/src/chrome/content/rules/Datared.dk.xml
new file mode 100644
index 000000000000..3f2384aeb980
--- /dev/null
+++ b/src/chrome/content/rules/Datared.dk.xml
@@ -0,0 +1,21 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://datared.dk/ => https://datared.dk/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.datared.dk/ => https://datared.dk/: (60, 'SSL certificate problem: certificate has expired')
+
+	Problematic domains:
+
+		- www ¹
+
+	¹: Bad CN in cert
+-->
+<ruleset name="Datared.dk" default_off="failed ruleset test">
+
+	<target host="datared.dk" />
+	<target host="www.datared.dk" />
+
+	<rule from="^http://(?:www\.)?datared\.dk/"
+		to="https://datared.dk/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Datasheet_Catalog.com.xml b/src/chrome/content/rules/Datasheet_Catalog.com.xml
index 2c8bb956edf5..b0c2886f6b39 100644
--- a/src/chrome/content/rules/Datasheet_Catalog.com.xml
+++ b/src/chrome/content/rules/Datasheet_Catalog.com.xml
@@ -1,30 +1,24 @@
 <!--
-	CN: Parallels Panel
-
-
-	Fully covered subdomains:
-
-		- (www.)	(www → ^)
-		- pdf
-
-
 	Mixed content:
 
-		- Images on (www.) from www.yagi-antennas.com *
+		- Images on (www.)? from www.yagi-antennas.com *
 
-	* Ruleset not enabled by default, doesn't trigger MCB
+	* Ruleset disabled by default
 
 -->
-<ruleset name="Datasheet Catalog.com" default_off="self-signed">
+<ruleset name="Datasheet Catalog.com" default_off="expired, self-signed">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="datasheetcatalog.com" />
-	<target host="*.datasheetcatalog.com" />
+	<target host="pdf.datasheetcatalog.com" />
+	<target host="www.datasheetcatalog.com" />
 
 
-	<securecookie host="^pdf\.datasheetcatalog\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(?:(pdf\.)|www\.)?datasheetcatalog\.com/"
-		to="https://$1datasheetcatalog.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Datemas.de.xml b/src/chrome/content/rules/Datemas.de.xml
deleted file mode 100644
index 7a8be40d2b65..000000000000
--- a/src/chrome/content/rules/Datemas.de.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)	(redirects to web)
-
--->
-<ruleset name="Datemas.de (partial)">
-
-	<target host="web.datemas.de" />
-
-
-	<securecookie host="^web\.datemas\.de$" name=".+" />
-
-
-	<rule from="^http://web\.datemas\.de/"
-		to="https://web.datemas.de/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Datenschutz-ist-Burgerrecht.xml b/src/chrome/content/rules/Datenschutz-ist-Burgerrecht.xml
index 0abd1a261ccb..6c910b4b2ea3 100644
--- a/src/chrome/content/rules/Datenschutz-ist-Burgerrecht.xml
+++ b/src/chrome/content/rules/Datenschutz-ist-Burgerrecht.xml
@@ -1,15 +1,17 @@
-<ruleset name="Datenschutz ist Bürgerrecht">
+<!--
+	Datenschutz ist Bürgerrecht
+
+-->
+<ruleset name="Datenschutz-ist-Buergerrecht.de" default_off="refused">
 
 	<target host="datenschutz-ist-buergerrecht.de" />
-	<!--	* for cross-domain cookie.	-->
-	<target host="*.datenschutz-ist-buergerrecht.de" />
+	<target host="www.datenschutz-ist-buergerrecht.de" />
 
 
-	<securecookie host="^(www)?\.datenschutz-ist-buergerrecht\.de$" name=".*" />
+	<securecookie host="^(?:www)?\.datenschutz-ist-buergerrecht\.de$" name=".+" />
 
 
-	<!--	Cert only matches www.	-->
-	<rule from="^https?://(?:www\.)?datenschutz-ist-buergerrecht\.de/"
-		to="https://www.datenschutz-ist-buergerrecht.de/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Datenspuren.de.xml b/src/chrome/content/rules/Datenspuren.de.xml
new file mode 100644
index 000000000000..4857473a6a37
--- /dev/null
+++ b/src/chrome/content/rules/Datenspuren.de.xml
@@ -0,0 +1,9 @@
+<ruleset name="Datenspuren.de">
+
+	<target host="datenspuren.de" />
+	<target host="www.datenspuren.de" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DaumCDN.net.xml b/src/chrome/content/rules/DaumCDN.net.xml
new file mode 100644
index 000000000000..2878ce2e2f7e
--- /dev/null
+++ b/src/chrome/content/rules/DaumCDN.net.xml
@@ -0,0 +1,24 @@
+<!--
+	For other Daum Communications coverage, see Daum_Communications.xml.
+
+
+	Nonfunctional hosts in *daumcdn.net:
+
+		- i1.search *
+		- i1.shop		(reset)
+
+	* 403, CN: ssl2.cdngc.net
+
+-->
+<ruleset name="DaumCDN.net (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="i1.daumcdn.net" />
+	<target host="s1.daumcdn.net" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Daum_Communications.xml b/src/chrome/content/rules/Daum_Communications.xml
deleted file mode 100644
index 5bd6bff50e79..000000000000
--- a/src/chrome/content/rules/Daum_Communications.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<!--
-	Nonfunctional domains:
-
-		- (www.)daum.net
-		- editor.daum.net
-		- i1.search.daumcdn.net *
-		- i1.shop.daumcdn.net		(reset)
-
-	* 403, CN: ssl2.cdngc.net
-
--->
-<ruleset name="Daum Communications (partial)">
-
-	<target host="track.tiara.daum.net" />
-	<target host="*.daumcdn.net" />
-
-
-	<rule from="^http://track\.tiara\.daum\.net/"
-		to="https://track.tiara.daum.net/" />
-
-	<rule from="^http://(i|s)1\.daumcdn\.net/"
-		to="https://$11.daumcdn.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Dave_Cross.xml b/src/chrome/content/rules/Dave_Cross.xml
deleted file mode 100644
index 458f8f772934..000000000000
--- a/src/chrome/content/rules/Dave_Cross.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<!--
-	CN: Parallels Panel
--->
-<ruleset name="Dave Cross" default_off="self-siged">
-
-	<target host="dave.org.uk" />
-	<target host="www.dave.org.uk" />
-
-
-	<rule from="^https?://(?:www\.)?dave\.org\.uk/"
-		to="https://dave.org.uk/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/David-Campbell.org.xml b/src/chrome/content/rules/David-Campbell.org.xml
new file mode 100644
index 000000000000..d568275a77da
--- /dev/null
+++ b/src/chrome/content/rules/David-Campbell.org.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- david-campbell.org
+		- www.david-campbell.org
+
+-->
+<ruleset name="David-Campbell.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="david-campbell.org" />
+	<target host="www.david-campbell.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?david-campbell\.org$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^(?:www\.)?david-campbell\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/David-Tisch.xml b/src/chrome/content/rules/David-Tisch.xml
index a25911934075..18437f7fdf8e 100644
--- a/src/chrome/content/rules/David-Tisch.xml
+++ b/src/chrome/content/rules/David-Tisch.xml
@@ -5,7 +5,7 @@
 		- Equivalent to flavors-production-backgrounds.s3.amazonaws.com
 
 -->
-<ruleset name="David Tisch" default_off="mismatch">
+<ruleset name="David Tisch" default_off="mismatched">
 
 	<!--	Cert: *.flavors.me	-->
 	<target host="davidtisch.com" />
@@ -13,7 +13,7 @@
 
 
 	<!--	!www redirects to www.	-->
-	<rule from="^https?://(?:www\.)?davidtisch\.com/"
+	<rule from="^http://(?:www\.)?davidtisch\.com/"
 		to="https://www.davidtisch.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/David_Gold.xml b/src/chrome/content/rules/David_Gold.xml
index d80f582be7eb..07f6e1f1cfd7 100644
--- a/src/chrome/content/rules/David_Gold.xml
+++ b/src/chrome/content/rules/David_Gold.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(?:www\.)?davidgold\.co\.uk/"
 		to="https://www.davidgold.co.uk/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/David_Lazar.org.xml b/src/chrome/content/rules/David_Lazar.org.xml
new file mode 100644
index 000000000000..0b5acf812579
--- /dev/null
+++ b/src/chrome/content/rules/David_Lazar.org.xml
@@ -0,0 +1,18 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.davidlazar.org/ => https://www.davidlazar.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.davidlazar.org'")
+
+-->
+<ruleset name="David Lazar.org" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="davidlazar.org" />
+	<target host="www.davidlazar.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Davidlyness.com.xml b/src/chrome/content/rules/Davidlyness.com.xml
deleted file mode 100644
index d279ef60c5d3..000000000000
--- a/src/chrome/content/rules/Davidlyness.com.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!-- This rule was automatically generated based on an HSTS
-     preload rule in the Chromium browser.  See
-     https://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.h
-     for the list of preloads.  Sites are added to the Chromium HSTS
-     preload list on request from their administrators, so HTTPS should
-     work properly everywhere on this site.
-
-     Because Chromium and derived browsers automatically force HTTPS for
-     every access to this site, this rule applies only to Firefox. -->
-<ruleset name="Davidlyness.com" platform="firefox">
-<target host="davidlyness.com" />
-
-<securecookie host="^davidlyness\.com$" name=".+" />
-
-<rule from="^http://davidlyness\.com/" to="https://davidlyness.com/" />
-</ruleset>
diff --git a/src/chrome/content/rules/DavidsonTutoring.com.xml b/src/chrome/content/rules/DavidsonTutoring.com.xml
new file mode 100644
index 000000000000..483fc5f07550
--- /dev/null
+++ b/src/chrome/content/rules/DavidsonTutoring.com.xml
@@ -0,0 +1,17 @@
+<!--
+	Clock error:
+		davidsontutoring.com
+
+	Refused:
+		dev.davidsontutoring.com
+
+-->
+<ruleset name="DavidsonTutoring.com">
+
+	<target host="davidsontutoring.com" />
+	<target host="www.davidsontutoring.com" />
+
+	<rule from="^http://(www\.)?davidsontutoring\.com/"
+		to="https://www.davidsontutoring.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Davinci_Vaporizor.xml b/src/chrome/content/rules/Davinci_Vaporizor.xml
index 0fa6c5d873a1..2fb7c3911bf1 100644
--- a/src/chrome/content/rules/Davinci_Vaporizor.xml
+++ b/src/chrome/content/rules/Davinci_Vaporizor.xml
@@ -1,13 +1,12 @@
 <ruleset name="Davinci Vaporizor">
 
 	<target host="davincivaporizer.com" />
-	<target host="*.davincivaporizer.com" />
+	<target host="www.davincivaporizer.com" />
 
 
 	<securecookie host="^\.davincivaporizer\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?davincivaporizer\.com/"
-		to="https://$1davincivaporizer.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/DavisSystem.xml b/src/chrome/content/rules/DavisSystem.xml
index ade5b4269f02..f77618109326 100644
--- a/src/chrome/content/rules/DavisSystem.xml
+++ b/src/chrome/content/rules/DavisSystem.xml
@@ -1,13 +1,12 @@
 <ruleset name="DavisSystem">
 
 	<target host="davissystem.net" />
-	<target host="*.davissystem.net" />
+	<target host="www.davissystem.net" />
 
 
 	<securecookie host="^\.davissystem\.net$" name=".+" />
 
 
-	<rule from="^http://(www\.)?davissystem\.net/"
-		to="https://$1davissystem.net/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Davis_Instruments.xml b/src/chrome/content/rules/Davis_Instruments.xml
index dac03cf89ca7..88db09af5a83 100644
--- a/src/chrome/content/rules/Davis_Instruments.xml
+++ b/src/chrome/content/rules/Davis_Instruments.xml
@@ -1,15 +1,16 @@
 <ruleset name="Davis Instruments (partial)">
 
 	<target host="davis.com" />
-	<target host="*.davis.com" />
+	<target host="www.davis.com" />
+	<target host="static.davis.com" />
 
 
 	<!--	At least some pages redirect to http.
 							-->
-	<rule from="^https?://(?:www\.)?davis\.com/((?:combres\.axd|icons|images|includes|SiteAssets|Account-Profile|Forgot-Password|login|Register)(?:$|\?|/))"
+	<rule from="^http://(?:www\.)?davis\.com/((?:combres\.axd|icons|images|includes|SiteAssets|Account-Profile|Forgot-Password|login|Register)(?:$|\?|/))"
 		to="https://www.davis.com/$1/" />
 
-	<rule from="^https?://static\.davis\.com/"
+	<rule from="^http://static\.davis\.com/"
 		to="https://duaawgxv85i1i.cloudfront.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/DawatEIslami.net.xml b/src/chrome/content/rules/DawatEIslami.net.xml
new file mode 100644
index 000000000000..0c70d370584c
--- /dev/null
+++ b/src/chrome/content/rules/DawatEIslami.net.xml
@@ -0,0 +1,27 @@
+<!--
+	Invalid certificate:
+	- dawateislami.net
+
+	Refused:
+	- server.dawateislami.net
+	- stage.dawateislami.net
+	- websites.dawateislami.net
+
+	Secure connection failed:
+	- connect.dawateislami.net
+
+	Time out:
+	- departs.dawateislami.net
+
+-->
+<ruleset name="DawatEIslami.net">
+	<target host="dawateislami.net" />
+	<target host="www.dawateislami.net" />
+	<target host="data2.dawateislami.net" />
+		<test url="http://data2.dawateislami.net/mobile/static/images/apps/7/logo.png" />
+
+	<securecookie host="^(www|data2)\.dawateislami\.net$" name=".+" />
+
+	<rule from="^http://dawateislami\.net/" to="https://www.dawateislami.net/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Dawsonera.xml b/src/chrome/content/rules/Dawsonera.xml
index 9139d30de8bb..7e09f8275c9f 100644
--- a/src/chrome/content/rules/Dawsonera.xml
+++ b/src/chrome/content/rules/Dawsonera.xml
@@ -1,19 +1,27 @@
 <!--
-	Partially covered subdomains:
+	For other Bertram Trading coverage, see Betram-Trading.xml.
 
-		- (www.)	(some paths 404)
 
+	Insecure cookies are set for these hosts:
+
+		- dawsonera.com
+		- www.dawsonera.com
 
 -->
-<ruleset name="Dawsonera (partial)">
+<ruleset name="Dawsonera.com">
 
 	<target host="dawsonera.com" />
 	<target host="www.dawsonera.com" />
 
 
-	<!--	Cert only matches www.
+	<!--	Not secured by server:
 					-->
-	<rule from="^https?://(?:www\.)?dawsonera\.com/(guard/protected/|Shibboleth\.sso)"
-		to="https://wwwdawsonera.com/$1" />
+	<!--securecookie host="^(?:www\.)?dawsonera\.com$" name="^X-Mapping" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/DayZ.com.xml b/src/chrome/content/rules/DayZ.com.xml
new file mode 100644
index 000000000000..1eeb2fbe19fb
--- /dev/null
+++ b/src/chrome/content/rules/DayZ.com.xml
@@ -0,0 +1,15 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+			 - data.dayz.com
+			 - dataminidayzserverfiles.dayz.com
+-->
+<ruleset name="DayZ.com">
+	<target host="dayz.com" />
+	<target host="www.dayz.com" />
+	<target host="devhub.dayz.com" />
+	<target host="feedback.dayz.com" />
+	<target host="forums.dayz.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/DbackPolice.com.xml b/src/chrome/content/rules/DbackPolice.com.xml
index c90fc63c11a3..29c7b0282882 100644
--- a/src/chrome/content/rules/DbackPolice.com.xml
+++ b/src/chrome/content/rules/DbackPolice.com.xml
@@ -1,13 +1,16 @@
-<ruleset name="DbackPolice.com">
+<!--
+	(www.)?: Refused
+
+-->
+<ruleset name="DbackPolice.com" default_off="refused">
 
 	<target host="dbackpolice.com" />
-	<target host="*.dbackpolice.com" />
+	<target host="www.dbackpolice.com" />
 
 
 	<securecookie host="^\.(?:www\.)?dbackpolice\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?dbackpolice\.com/"
-		to="https://$1dbackpolice.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Dditscdn.com.xml b/src/chrome/content/rules/Dditscdn.com.xml
new file mode 100644
index 000000000000..80b48a0b57aa
--- /dev/null
+++ b/src/chrome/content/rules/Dditscdn.com.xml
@@ -0,0 +1,45 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://resourcex4.dditscdn.com/ => https://resourcex4.dditscdn.com/: (6, 'Could not resolve host: resourcex4.dditscdn.com')
+
+	For other Other DuoDecad IT Services coverage, see dditservices.com.xml.
+
+
+-->
+<ruleset name="dditscdn.com" default_off="failed ruleset test">
+
+	<!--target host="flash.dditscdn.com" /-->
+	<target host="gallery.dditscdn.com" />
+	<target host="img0.dditscdn.com" />
+	<target host="img1.dditscdn.com" />
+	<target host="img2.dditscdn.com" />
+	<target host="img3.dditscdn.com" />
+	<target host="resourcex1.dditscdn.com" />
+	<target host="resourcex2.dditscdn.com" />
+	<target host="resourcex3.dditscdn.com" />
+	<target host="resourcex4.dditscdn.com" />
+	<target host="static1.dditscdn.com" />
+	<target host="static2.dditscdn.com" />
+	<target host="static4.dditscdn.com" />
+
+		<!--test url="http://flash.dditscdn.com/jsm2/3976/backconn/listpagebackconn2.swf" /-->
+		<test url="http://gallery.dditscdn.com/93267b72525411c2a74a6519c2670072/99877e9eccb6cd6f55540d1cee896898.jpg" />
+		<test url="http://img0.dditscdn.com/ff268cab8d9fbae1ed7506f97496274f1e/e1bbc0706085b7d922432615ffaa21d0_erotic_445x250.jpg" />
+		<test url="http://img1.dditscdn.com/ff268cab8d9fbae1ed7506f97496274f1c/cdafa91706bcd7b0a54dd79c7d0413c5_erotic_445x250.jpg" />
+		<test url="http://img2.dditscdn.com/ff268cab8d9fbae1ed7506f97496274f1a/a4bfedd823dd348ea35918298a175f39_glamour_285x160.jpg" />
+		<test url="http://img3.dditscdn.com/css/jscrollpane.css" />
+		<test url="http://resourcex0.dditscdn.com/vd860a01b/site/npp/img/sprite/sprite_main.png" />
+		<test url="http://resourcex1.dditscdn.com/vd860a01b/site/npp/img/bg_featured_welcome.jpg" />
+		<test url="http://resourcex2.dditscdn.com/vd860a01b/site/npp/img/logo_awe_white.png" />
+		<test url="http://resourcex3.dditscdn.com/vd860a01b/site/npp/img/sprite/sprite_form.png" />
+		<test url="http://resourcex2.dditscdn.com/vd860a01b/site/npp/img/logo_awe_white.png" />
+		<test url="http://static1.dditscdn.com/jsm2/site/livejasmin/css/jasmincom-0f41e.css" />
+		<test url="http://static2.dditscdn.com/jsm2/site/livejasmin/image/background/spacer-0d63c.gif" />
+		<test url="http://static4.dditscdn.com/jsm2/site/livejasmin/image/background/jasmin_model/girls_new_performer_bg_440x248-c158e.jpg" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/De-Captcher.com.xml b/src/chrome/content/rules/De-Captcher.com.xml
new file mode 100644
index 000000000000..c8bc43329e61
--- /dev/null
+++ b/src/chrome/content/rules/De-Captcher.com.xml
@@ -0,0 +1,34 @@
+<!--
+	www.de-captcher.com: Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- de-captcher.com
+
+-->
+<ruleset name="De-Captcher.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="de-captcher.com" />
+
+	<!--	Complications:
+				-->
+	<target host="www.de-captcher.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^de-captcher\.com$" name="^JSPSESSID$" /-->
+
+	<securecookie host="^de-captcher\.com$" name=".+" />
+
+
+	<rule from="^http://www\.de-captcher\.com/"
+		to="https://de-captcher.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/De17a.com.xml b/src/chrome/content/rules/De17a.com.xml
new file mode 100644
index 000000000000..d9168e963142
--- /dev/null
+++ b/src/chrome/content/rules/De17a.com.xml
@@ -0,0 +1,17 @@
+<!--
+	Web bugs.
+
+	www doesn't exist.
+
+-->
+<ruleset name="De17a.com">
+
+	<target host="de17a.com" />
+
+
+	<securecookie host="^\.de17a\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DeNA.com.xml b/src/chrome/content/rules/DeNA.com.xml
new file mode 100644
index 000000000000..fc909466f9ac
--- /dev/null
+++ b/src/chrome/content/rules/DeNA.com.xml
@@ -0,0 +1,19 @@
+<!--
+	Invalid certificate:
+		- swet.dena.com
+
+	Timed out:
+		- design.dena.com
+		- games.dena.com
+-->
+
+<ruleset name="DeNA.com">
+	<target host="dena.com" />
+	<target host="www.dena.com" />
+	<target host="fullswing.dena.com" />
+	<target host="genom.dena.com" />
+	<target host="healthcare.dena.com" />
+	<target host="techcon.dena.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/DeSmuME.xml b/src/chrome/content/rules/DeSmuME.xml
index ede9b65e182a..87cc94770862 100644
--- a/src/chrome/content/rules/DeSmuME.xml
+++ b/src/chrome/content/rules/DeSmuME.xml
@@ -1,19 +1,24 @@
-<ruleset name="DeSmuME" default_off="self-signed">
+<!--
+	Mixed content:
+
+		- Image on wiki from $self ˢ
+		- Bugs, on ^ from from sf.net ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="DeSmuME.org">
 
-	<!--	Cert: web.tuxfamily.net	-->
 	<target host="desmume.org" />
 	<target host="forums.desmume.org" />
 	<target host="wiki.desmume.org" />
 	<target host="www.desmume.org" />
 
 
-	<securecookie host="^.*\.desmume\.org$" name=".*" />
-
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^https?://(?:www\.)?desmume\.org/"
-		to="https://desmume.org/" />
 
-	<rule from="^http://(forums|wiki)\.desmume\.org/"
-		to="https://$1.desmume.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/De_Correspondent.nl.xml b/src/chrome/content/rules/De_Correspondent.nl.xml
new file mode 100644
index 000000000000..9e3c2f700a8a
--- /dev/null
+++ b/src/chrome/content/rules/De_Correspondent.nl.xml
@@ -0,0 +1,18 @@
+<ruleset name="De Correspondent.nl">
+
+	<target host="decorrespondent.nl" />
+	<target host="dynamic.decorrespondent.nl" />
+	<target host="static.decorrespondent.nl" />
+	<target host="www.decorrespondent.nl" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^decorrespondent\.nl$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^decorrespondent\.nl$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/De_Digitale_Topschool.nl.xml b/src/chrome/content/rules/De_Digitale_Topschool.nl.xml
new file mode 100644
index 000000000000..8276becf9247
--- /dev/null
+++ b/src/chrome/content/rules/De_Digitale_Topschool.nl.xml
@@ -0,0 +1,14 @@
+<ruleset name="De Digitale Topschool.nl">
+
+	<target host="dedigitaletopschool.nl" />
+	<target host="www.dedigitaletopschool.nl" />
+
+
+	<!--	Secured by server:
+					-->
+	<!--securecookie host="^(www\.)?dedigitaletopschool\.nl$" name="^_topschool_session$" /-->
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/De_Silva.biz.xml b/src/chrome/content/rules/De_Silva.biz.xml
new file mode 100644
index 000000000000..cb3e99f2f974
--- /dev/null
+++ b/src/chrome/content/rules/De_Silva.biz.xml
@@ -0,0 +1,21 @@
+<!--
+	For other GIDNetwork coverage, see GIDNetwork.com.xml.
+
+
+	Server sends no certificate chain *
+
+	* See https://whatsmychaincert.com
+
+-->
+<ruleset name="de Silva.biz" default_off="cert-chain">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="desilva.biz" />
+	<target host="www.desilva.biz" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Deaconess-Health-System.xml b/src/chrome/content/rules/Deaconess-Health-System.xml
index af16dc1d15cb..1eee1fb566c1 100644
--- a/src/chrome/content/rules/Deaconess-Health-System.xml
+++ b/src/chrome/content/rules/Deaconess-Health-System.xml
@@ -1,10 +1,20 @@
+<!--
+	^deaconess.com: mismatched
+
+-->
 <ruleset name="Deaconess Health System">
+
 	<target host="deaconess.com" />
 	<target host="www.deaconess.com" />
 
-	<exclusion pattern="^http://(www\.)?deaconess\.com/mobile(/|$)" />
 
-	<securecookie host="^((www)?\.)?deaconess\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://deaconess\.com/"
+		to="https://www.deaconess.com/" />
+
+	<rule from="^http:"
+		to="https:" />
 
-	<rule from="^(http://(www\.)?|https://)deaconess\.com/" to="https://www.deaconess.com/" />
 </ruleset>
diff --git a/src/chrome/content/rules/Dead_Drops.com.xml b/src/chrome/content/rules/Dead_Drops.com.xml
index 6676a65d8481..45752ae5c9b8 100644
--- a/src/chrome/content/rules/Dead_Drops.com.xml
+++ b/src/chrome/content/rules/Dead_Drops.com.xml
@@ -17,7 +17,6 @@
 	<securecookie host="^(?:www\.)?deaddrops\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?deaddrops\.com/"
-		to="https://$1deaddrops.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Deadline.com.xml b/src/chrome/content/rules/Deadline.com.xml
new file mode 100644
index 000000000000..7e764498b4a5
--- /dev/null
+++ b/src/chrome/content/rules/Deadline.com.xml
@@ -0,0 +1,56 @@
+<!--
+	Problematic hosts in *deadline.com:
+
+		- jobs *
+
+	* Refused
+
+
+	Problematic hosts in *deadline.com:
+
+		- jobsearch *
+
+	* Adicio
+
+
+	Insecure cookies are set for these hosts:
+
+		- jobsearch.deadline.com
+
+
+	Mixed content:
+
+		- css, on:
+
+			- ^ from fonts.googleapis.com ¹
+			- jobsearch from deadline.pro.adicio.com ²
+
+		- Ads/bugs,  on:
+
+			- ^ from b.scorecardresearch.com ¹
+			- jobsearch from slb.adicio.com ³
+			- jobsearch from ad.doubleclick.net ⁴
+
+	¹ Secured by us
+	² Unsecurable <= refused
+	³ Unsecurable <= dropped
+	⁴ Ruleset disabled by default
+
+-->
+<ruleset name="Deadline.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="deadline.com" />
+	<target host="www.deadline.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^jobsearch\.deadline\.com$" name="^(AI_SESSID|lookidCookie)$" /-->
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Deadspin.com.xml b/src/chrome/content/rules/Deadspin.com.xml
deleted file mode 100644
index beab82f5633b..000000000000
--- a/src/chrome/content/rules/Deadspin.com.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	For other Gawker coverage, see Gawker.xml.
-
-
-	CN: *.a.ssl.fastly.net
-
--->
-<ruleset name="Deadspin.com" default_off="mismatched">
-
-	<target host="deadspin.com" />
-	<target host="*.deadspin.com" />
-
-
-	<securecookie host="^\.?deadspin\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?deadspin\.com/"
-		to="https://deadspin.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Deakin-University.xml b/src/chrome/content/rules/Deakin-University.xml
index 3ca0fbf1ad82..3eac5b4bdaa0 100644
--- a/src/chrome/content/rules/Deakin-University.xml
+++ b/src/chrome/content/rules/Deakin-University.xml
@@ -3,7 +3,6 @@
 	<target host="deakin.edu.au" />
 
 
-	<rule from="^http://deakin\.edu\.au/"
-		to="https://deakin.edu.au/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/DealCent.xml b/src/chrome/content/rules/DealCent.xml
deleted file mode 100644
index d21068b7d881..000000000000
--- a/src/chrome/content/rules/DealCent.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<ruleset name="DealCent">
-
-	<target host="dealcent.com"/>
-	<target host="www.dealcent.com"/>
-
-	<securecookie host="^dealcent\.com$" name=".*"/>
-
-	<rule from="^http://(www\.)?dealcent\.com/"
-		to="https://$1dealcent.com/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/DealExtreme.xml b/src/chrome/content/rules/DealExtreme.xml
index 821f3d6c01fa..03711068421f 100644
--- a/src/chrome/content/rules/DealExtreme.xml
+++ b/src/chrome/content/rules/DealExtreme.xml
@@ -1,26 +1,34 @@
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://dealextreme.com/ => https://dealextreme.com/: (28, 'Operation timed out after 15001 milliseconds with 0 bytes received')
+Fetch error: http://dx.com/ => https://dx.com/: (28, 'Operation timed out after 15001 milliseconds with 0 bytes received')
 	Mixed image from widgets.digg.com
 
 -->
 <ruleset name="Deal Extreme" platform="mixedcontent">
 
 	<target host="dealextreme.com" />
-	<target host="*.dealextreme.com" />
+	<target host="club.dealextreme.com" />
+	<target host="e.dealextreme.com" />
+	<target host="m.dealextreme.com" />
+	<target host="www.dealextreme.com" />
 	<target host="dx.com" />
-	<target host="*.dx.com" />
+	<target host="cart.dx.com" />
+	<target host="club.dx.com" />
+	<target host="cs.dx.com" />
+	<target host="deals.dx.com" />
+	<target host="e.dx.com" />
+	<target host="passport.dx.com" />
+	<target host="s.dx.com" />
+	<target host="www.dx.com" />
 	<target host="img.dxcdn.com" />
 
 
 	<securecookie host="^.*\.d(?:ealextreme|x)\.com$" name=".+" />
 
 
-	<rule from="^http://((?:club|e|m|www)\.)?dealextreme\.com/"
-		to="https://$1dealextreme.com/" />
 
-	<rule from="^http://((?:cart|club|cs|deals|e|passport|s|www)\.)?dx\.com/"
-		to="https://$1dx.com/" />
 
-	<rule from="^http://img\.dxcdn\.com/"
-		to="https://img.dxcdn.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/DealTime.xml b/src/chrome/content/rules/DealTime.xml
deleted file mode 100644
index ef81468f24ac..000000000000
--- a/src/chrome/content/rules/DealTime.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="DealTime (partial)">
-
-	<target host="sc.dealtime.com" />
-
-
-	<rule from="^http://sc\.dealtime\.com/"
-		to="https://sc.dealtime.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Dealer.com-mismatches.xml b/src/chrome/content/rules/Dealer.com-mismatches.xml
index 2db9fb53d437..dc596d4d2bf4 100644
--- a/src/chrome/content/rules/Dealer.com-mismatches.xml
+++ b/src/chrome/content/rules/Dealer.com-mismatches.xml
@@ -1,24 +1,37 @@
-<ruleset name="Dealer.com (mismatches)" default_off="mismatches">
+<!--
+	For other Dealer.com coverage, see Dealer.com.xml.
 
-	<!--	*.dealer.com			-->
-	<target host="dealer.com"/>
-	<target host="gatorchrysler.net"/>
-	<!--	self-signed ("ssl.certificate")
-		* for cross domain  cookie	-->
-	<target host="*.dealer.com"/>
-	<target host="*.www.dealer.com"/>
+
+	^gatorchrysler.net: <= ssl3 only
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.gatorchrysler.net
+
+-->
+<ruleset name="Gator Chrysler.net" default_off="mismatched, self-signed">
+
+	<!--	Direct rewrites:
+				-->
 	<target host="www.gatorchrysler.net"/>
 
-	<!--	encountered: .dealer.com, www.dealer.com, .www.dealer.com	-->
-	<securecookie host="^(.*\.)?dealer\.com$" name=".*"/>
-	<securecookie host="^www\.gatorchrysler\.net$" name=".*"/>
+	<!--	Complications:
+				-->
+	<target host="gatorchrysler.net"/>
+
 
-	<!--	!www redirects to www		-->
-	<rule from="^http://(?:www\.)?dealer\.com/"
-		to="https://www.dealer.com/"/>
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.gatorchrysler\.net$" name="^(?:__ssoid|JSESSIONID|ddcpoolid)$" /-->
 
-	<!--	ditto	-->
-	<rule from="^http://(?:www\.)?gatorchrysler\.net/"
+	<securecookie host="^www\.gatorchrysler\.net$" name=".+" />
+
+
+	<rule from="^http://gatorchrysler\.net/"
 		to="https://www.gatorchrysler.net/"/>
 
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/Dealer.com.xml b/src/chrome/content/rules/Dealer.com.xml
index a37367e539cd..522f7459ab20 100644
--- a/src/chrome/content/rules/Dealer.com.xml
+++ b/src/chrome/content/rules/Dealer.com.xml
@@ -1,19 +1,56 @@
-<!--	See Dealer.com-mismatches.xml for problematic rules
+<!--
+	Other Dealer.com rulesets:
+
+		Dealer.com-mismatches.xml
+
 
 	!functional:
+		- www.dealer.com *
 		- (www.)gatorweeklyads.com	(plesk default page)
+
+	* Shows default page
+
+
+	Problematic hosts in *dealer.com:
+
+		- careers ¹ ²
+
+	¹ Expired
+	² Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- apps.dealer.com
+		- cdn.dealer.com
+
 -->
 <ruleset name="Dealer.com (partial)">
 
+	<!--	Direct rewrites:
+				-->
+	<target host="dealer.com"/>
+	<target host="apps.dealer.com"/>
+	<target host="cc1.dealer.com" />
+	<target host="cc2.dealer.com" />
+	<target host="cc3.dealer.com" />
 	<target host="cdn.dealer.com"/>
 	<target host="hits.dealer.com"/>
+	<target host="login.dealer.com"/>
+	<target host="gatorchryslercllc.mycars.dealer.com" />
 	<target host="pictures.dealer.com"/>
 	<target host="static.dealer.com"/>
 
-	<rule from="^http://cdn\.dealer\.com/"
-		to="https://pictures.dealer.com/"/>
 
-	<rule from="^http://(hits|pictures|static)\.dealer\.com/"
-		to="https://$1.dealer.com/"/>
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^apps\.dealer\.com$" name="^(?:DDCROUTEID|JSESSIONID)$" /-->
+	<!--securecookie host="^cdn\.dealer\.com$" name="^ddcpoolid$" /-->
+
+	<securecookie host="^(?:apps|cdn)\.dealer\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/DealerFire.xml b/src/chrome/content/rules/DealerFire.xml
deleted file mode 100644
index 15d813671a27..000000000000
--- a/src/chrome/content/rules/DealerFire.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)	(shows default Plesk page)
-
--->
-<ruleset name="DealerFire (partial)">
-
-	<target host="cdn.dealerfire.com" />
-
-
-	<rule from="^http://cdn\.dealerfire\.com/"
-		to="https://cdn.dealerfire.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/DealerRater.com.xml b/src/chrome/content/rules/DealerRater.com.xml
index 1131ba584227..d0e5b38232bf 100644
--- a/src/chrome/content/rules/DealerRater.com.xml
+++ b/src/chrome/content/rules/DealerRater.com.xml
@@ -1,36 +1,15 @@
 <!--
-	CDN buckets:
-
-		- d17jk93jbxi6p4.cloudfront.net
-
-			- cdn-user
-
-		- d3go5n7g2hd1g0.cloudfront.net
-
-			- cdn-static
-
-
-	Some pages redirect to http.
-
+	Non-functional hosts:
+		Server misconfig:
+		- cdn-static.dealerrater.com (https ver 301 redirect to self)
 -->
-<ruleset name="DealerRater.com (partial)">
+<ruleset name="DealerRater.com">
 
 	<target host="dealerrater.com" />
 	<target host="www.dealerrater.com" />
-		<!--
-			$ redirects to http:
-						-->
-		<exclusion pattern="^http://(?:www\.)?dealerrater\.com/+(?:$|\?)" />
-		<!--exclusion pattern="^http://(www\.)?dealerrater\.com/(?!(dealer|login|password)\.aspx|favicon\.ico|os/icon/)" /-->
-
-
-	<rule from="^http://(www\.)?dealerrater\.com/"
-		to="https://$1dealerrater.com/" />
-
-	<rule from="^http://cdn-static\.dealerrater\.com/"
-		to="https://d3go5n7g2hd1g0.cloudfront.net/" />
+	<!-- target host="cdn-static.dealerrater.com" / -->
+	<target host="cdn-user.dealerrater.com" />
 
-	<rule from="^http://cdn-user\.dealerrater\.com/"
-		to="https://d17jk93jbxi6p4.cloudfront.net/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/DealerTrend.com.xml b/src/chrome/content/rules/DealerTrend.com.xml
index bef61725b032..2d4aca1f2a99 100644
--- a/src/chrome/content/rules/DealerTrend.com.xml
+++ b/src/chrome/content/rules/DealerTrend.com.xml
@@ -1,24 +1,24 @@
-<!--
-	CDN buckets:
-
-		- s3.amazonaws.com/images.dealertrend.com/
-
-
-	Nonfunctional subdomains:
-
-		- (www.)	(wpengine)
-		- assets0 *
-		- manager *
-
-	* Dropped
-
--->
-<ruleset name="DealerTrend.com (partial)">
-
-	<target host="images.dealertrend.com" />
-
-
-	<rule from="^http://images\.dealertrend\.com/"
-		to="https://s3.amazonaws.com/images.dealertrend.com/" />
-
+<ruleset name="DealerTrend.com">
+	<target host="dealertrend.com" />
+	<target host="www.dealertrend.com" />
+	<target host="api.dealertrend.com" />
+	<target host="auto-matic-marketing.dealertrend.com" />
+	<target host="carproof.dealertrend.com" />
+	<target host="cas.dealertrend.com" />
+	<target host="cfimages.dealertrend.com" />
+	<target host="fb.dealertrend.com" />
+	<target host="ftp.dealertrend.com" />
+	<target host="manager.dealertrend.com" />
+	<target host="pea.dealertrend.com" />
+	<target host="tea-can.dealertrend.com" />
+	<target host="tea-watcher.dealertrend.com" />
+	<target host="turn.dealertrend.com" />
+	<target host="vms-assets.dealertrend.com" />
+	<target host="vms-exports.dealertrend.com" />
+	<target host="vms-heroku-api1.dealertrend.com" />
+	<target host="vms-heroku-assets1.dealertrend.com" />
+	<target host="vms-heroku-prod1.dealertrend.com" />
+	<target host="vms-staging.dealertrend.com" />
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Dealfish.co.th.xml b/src/chrome/content/rules/Dealfish.co.th.xml
index d0729c7d4364..da9ebadbadde 100644
--- a/src/chrome/content/rules/Dealfish.co.th.xml
+++ b/src/chrome/content/rules/Dealfish.co.th.xml
@@ -1,6 +1,16 @@
-<ruleset name="Dealfish.co.th">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://dealfish.co.th/ => https://www.dealfish.co.th/: (51, "SSL: no alternative certificate subject name matches target host name 'www.dealfish.co.th'")
+Fetch error: http://www.dealfish.co.th/ => https://www.dealfish.co.th/: (51, "SSL: no alternative certificate subject name matches target host name 'www.dealfish.co.th'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://dealfish.co.th/ => https://www.dealfish.co.th/: (7, 'Failed to connect to www.dealfish.co.th port 443: Connection refused')
+Fetch error: http://www.dealfish.co.th/ => https://www.dealfish.co.th/: (7, 'Failed to connect to www.dealfish.co.th port 443: Connection refused')
+-->
+<ruleset name="Dealfish.co.th" default_off="failed ruleset test">
   <target host="dealfish.co.th" />
   <target host="www.dealfish.co.th" />
 
-  <rule from="^http://(www\.)?dealfish\.co\.th/" to="https://www.dealfish.co.th/" />
+  <rule from="^http://(?:www\.)?dealfish\.co\.th/" to="https://www.dealfish.co.th/" />
 </ruleset>
diff --git a/src/chrome/content/rules/Dealnews.com.xml b/src/chrome/content/rules/Dealnews.com.xml
index 5bd4efb50e27..fd494d1a5ee9 100644
--- a/src/chrome/content/rules/Dealnews.com.xml
+++ b/src/chrome/content/rules/Dealnews.com.xml
@@ -1,18 +1,57 @@
 <!--
-	Some (most?) pages redirect to http
+    Other dealnews.com rulesets:
+
+        - Dlnws.com.xml
+
+    Most https://dealnews.com/ pages redirect to http
+
+    images, static, and content are all fronted by Fastly
+    and should use their domain and cert for SSL traffic
 
 -->
 <ruleset name="dealnews.com (partial)">
 
-	<target host="dealnews.com" />
+	<!--	Direct rewrites:
+				-->
+    <target host="dealnews.com" />
 	<target host="www.dealnews.com" />
-	<target host="*.dlnws.com" />
 
+	<!--	Complications:
+				-->
+    <target host="images.dealnews.com" />
+    <target host="static.dealnews.com" />
+    <target host="content.dealnews.com" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://dealnews\.com/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://dealnews\.com/+(?!mydealnews(?:$|[?/]))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://dealnews.com/c159/Electronics/TVs/" />
+			<test url="http://dealnews.com/categories/" />
+			<test url="http://dealnews.com/editors-choice/" />
+			<test url="http://dealnews.com/pages/about.html" />
+
+			<!--	-ve:
+					-->
+			<test url="http://dealnews.com/mydealnews/" />
+
+
+    <rule from="^http://content\.dealnews\.com/"
+        to="https://dealnews.a.ssl.fastly.net/" />
+
+    <rule from="^http://images\.dealnews\.com/"
+        to="https://dealnews.a.ssl.fastly.net/images/" />
 
-	<rule from="^http://(www\.)?dealnews\.com/(lw/|mydealnews/)"
-		to="https://$1dealnews.com/$2" />
+    <rule from="^http://static\.dealnews\.com/"
+        to="https://dealnews.a.ssl.fastly.net/static/" />
 
-	<rule from="^http://s(\d)\.dlnws\.com/"
-		to="https://s$1.dlnws.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Dean-Evans-and-Associates.xml b/src/chrome/content/rules/Dean-Evans-and-Associates.xml
index d5e29f9b510b..cfaf6adb5e69 100644
--- a/src/chrome/content/rules/Dean-Evans-and-Associates.xml
+++ b/src/chrome/content/rules/Dean-Evans-and-Associates.xml
@@ -1,14 +1,84 @@
-<ruleset name="Dean Evans &amp; Associates">
 
-	<target host="dea.com" />
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://pages.dea.com/css/mktLPSupport.css (200) => https://na-ab04.marketo.com/css/mktLPSupport.css (403)
+Non-2xx HTTP code: http://pages.dea.com/rs/deanevansassoc/images/DEA-2001-LP-TY-Facebook-White.png (200) => https://na-ab04.marketo.com/rs/deanevansassoc/images/DEA-2001-LP-TY-Facebook-White.png (403)
+
+	Dean Evans & Associates
+
+
+	Nonfunctional hosts in *dea.com:
+
+		- pages ᵃ
+
+	ᵃ Marketo / shows another domain
+
+
+	^dea.com: Cert only matches *.dea.com
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.dea.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="DEA.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="asd.dea.com" />
 	<target host="www.dea.com" />
 
+		<!--	Sets cookie without Secure:
+							-->
+		<!--test url="http://www.dea.com/NewsAndEvents/Article371.aspx" /-->
+
+	<!--	Complications:
+				-->
+	<target host="dea.com" />
+	<target host="pages.dea.com" />
+
+		<exclusion pattern="^http://pages\.dea\.com/(?!/*(?:$|\?|css/|images/|rs/))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://pages.dea.com/Benchmark-Survey.html" />
+			<test url="http://pages.dea.com/Changing-Workplace-Webinar-Landing-Page.html" />
+			<test url="http://pages.dea.com/Demo-Information-Request-Form.html" />
+			<test url="http://pages.dea.com/Outgrowing-Outlook-Landing-Page.html" />
+			<test url="http://pages.dea.com/Preference-Center.html" />
+			<test url="http://pages.dea.com/RSM-Smart-Workspace.html" />
+			<test url="http://pages.dea.com/RSM-Smart-Workspace.html" />
+			<test url="http://pages.dea.com/Webinar-1-14-2016-Registration.html" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.dea\.com$" name="^ASP\.NET_SessionId$" /-->
 
-	<securecookie host="^www\.dea\.com$" name=".*" />
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^(?!pages\.)\w" name=".+" />
 
 
-	<!--	Cert only matches *.dea.com	-->
-	<rule from="^https?://(?:www\.)?dea\.com/"
+	<rule from="^http://dea\.com/"
 		to="https://www.dea.com/" />
 
+	<!--	Redirect drops args and forward slash:
+							-->
+	<rule from="^http://pages\.dea\.com/+(?:\?.*)?$"
+		to="https://www.dea.com/" />
+
+		<test url="http://pages.dea.com/?" />
+
+	<rule from="^http://pages\.dea\.com/"
+		to="https://na-ab04.marketo.com/" />
+
+		<test url="http://pages.dea.com/css/mktLPSupport.css" />
+		<test url="http://pages.dea.com/rs/deanevansassoc/images/DEA-2001-LP-TY-Facebook-White.png" />
+
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/DearBytes.com.xml b/src/chrome/content/rules/DearBytes.com.xml
new file mode 100644
index 000000000000..2dc4e3399df2
--- /dev/null
+++ b/src/chrome/content/rules/DearBytes.com.xml
@@ -0,0 +1,15 @@
+<ruleset name="DearBytes.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="dearbytes.com" />
+	<target host="www.dearbytes.com" />
+
+
+	<securecookie host="^\.(?:www\.)?dearbytes\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DeathGenerator.com.xml b/src/chrome/content/rules/DeathGenerator.com.xml
new file mode 100644
index 000000000000..fa8b9e506726
--- /dev/null
+++ b/src/chrome/content/rules/DeathGenerator.com.xml
@@ -0,0 +1,11 @@
+<!--
+	Mismatched:
+		- www
+-->
+<ruleset name="DeathGenerator.com">
+	<target host="deathgenerator.com" />
+	<target host="www.deathgenerator.com" />
+
+	<rule from="^http://www\.deathgenerator\.com/" to="https://deathgenerator.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/DeathMask.net.xml b/src/chrome/content/rules/DeathMask.net.xml
index 543129613385..dbe56702f219 100644
--- a/src/chrome/content/rules/DeathMask.net.xml
+++ b/src/chrome/content/rules/DeathMask.net.xml
@@ -1,23 +1,23 @@
-<ruleset name="DeathMask.net" default_off="expired, mismatch, self-signed">
+<!--
+	Invalid certificate:
+		boss429.deathmask.net
+		bpf.deathmask.net
+		buildxp.deathmask.net
+		dustystyx.deathmask.net
+		forums.deathmask.net
+		gila.deathmask.net
+		mail.deathmask.net
+		planetblood.deathmask.net
+		ratm.deathmask.net
+
+-->
+<ruleset name="DeathMask.net">
 
 	<target host="deathmask.net"/>
-	<target host="boss429.deathmask.net"/>
-	<target host="bpf.deathmask.net"/>
-	<target host="buildxp.deathmask.net"/>
-	<target host="dpmaster.deathmask.net"/>
-	<target host="dustystyx.deathmask.net"/>
-	<target host="films.deathmask.net"/>
-	<target host="forums.deathmask.net"/>
-	<target host="gila.deathmask.net"/>
-	<target host="mail.deathmask.net"/>
-	<target host="planetblood.deathmask.net"/>
-	<target host="ratm.deathmask.net"/>
 	<target host="www.deathmask.net"/>
+	<target host="dpmaster.deathmask.net"/>
 
-	<rule from="^http://(www\.)?deathmask\.net/"
-		to="https://www.deathmask.net/"/>
-
-	<rule from="^http://([^w]\w+)\.deathmask\.net/"
-		to="https://$1.deathmask.net/"/>
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Deb-multimedia.org.xml b/src/chrome/content/rules/Deb-multimedia.org.xml
new file mode 100644
index 000000000000..c9ec4f241b38
--- /dev/null
+++ b/src/chrome/content/rules/Deb-multimedia.org.xml
@@ -0,0 +1,10 @@
+<!--
+		Invalid certificate:
+			- ns.deb-multimedia.org
+-->
+<ruleset name="Deb-multimedia.org">
+	<target host="deb-multimedia.org" />
+	<target host="www.deb-multimedia.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Deb.li.xml b/src/chrome/content/rules/Deb.li.xml
new file mode 100644
index 000000000000..d42e15e5cf0e
--- /dev/null
+++ b/src/chrome/content/rules/Deb.li.xml
@@ -0,0 +1,14 @@
+<!--
+	For other Debian rulesets see Debian.xml
+-->
+<ruleset name="Deb.li">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="deb.li" />
+	<target host="www.deb.li" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DebConf.org-self-signed.xml b/src/chrome/content/rules/DebConf.org-self-signed.xml
new file mode 100644
index 000000000000..7fb174cf6624
--- /dev/null
+++ b/src/chrome/content/rules/DebConf.org-self-signed.xml
@@ -0,0 +1,17 @@
+<!--
+	For other DebConf coverage, see DebConf.org.xml.
+	For other Debian coverage, see Debian.xml.
+-->
+<ruleset name="DebConf.org (partial)" default_off="self-signed">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="db.debconf.org" />
+	<target host="penta.debconf.org" />
+	<target host="rt.debconf.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DebConf.org.xml b/src/chrome/content/rules/DebConf.org.xml
new file mode 100644
index 000000000000..08471f4e2ed7
--- /dev/null
+++ b/src/chrome/content/rules/DebConf.org.xml
@@ -0,0 +1,48 @@
+<!--
+	For other DebConf coverage, see DebConf.org-self-signed.xml.
+	For other Debian coverage, see Debian.xml.
+
+	Nonfunctional hosts in *debconf.org:
+
+		- debconf8 *
+		- debconf9 *
+		- debconf10 *
+		- debconf11 *
+		- mini *
+		- bucharest2015.mini *
+
+	* Shows wiki, mismatched
+
+-->
+<ruleset name="DebConf.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="debconf.org" />
+	<target host="www.debconf.org" />
+	<target host="blog.debconf.org" />
+	<target host="debconf0.debconf.org" />
+	<target host="debconf1.debconf.org" />
+	<target host="debconf2.debconf.org" />
+	<target host="debconf3.debconf.org" />
+	<target host="debconf4.debconf.org" />
+	<target host="debconf5.debconf.org" />
+	<target host="debconf6.debconf.org" />
+	<target host="debconf7.debconf.org" />
+	<target host="debconf12.debconf.org" />
+	<target host="debconf13.debconf.org" />
+	<target host="debconf14.debconf.org" />
+	<target host="debconf15.debconf.org" />
+	<target host="debconf16.debconf.org" />
+	<target host="media.debconf.org" />
+	<target host="gallery.debconf.org" />
+	<target host="wiki.debconf.org" />
+	<target host="10years.debconf.org" />
+	<target host="es.debconf.org" />
+	<target host="fr.debconf.org" />
+	<target host="miniconf10.debconf.org" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Debian-Administration.org.xml b/src/chrome/content/rules/Debian-Administration.org.xml
new file mode 100644
index 000000000000..6f08f2bf181b
--- /dev/null
+++ b/src/chrome/content/rules/Debian-Administration.org.xml
@@ -0,0 +1,11 @@
+<ruleset name="Debian-Administration.org">
+
+	<target host="debian-administration.org" />
+	<target host="www.debian-administration.org" />
+	<target host="planet.debian-administration.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Debian-Facile.org.xml b/src/chrome/content/rules/Debian-Facile.org.xml
new file mode 100644
index 000000000000..fc2b1b494156
--- /dev/null
+++ b/src/chrome/content/rules/Debian-Facile.org.xml
@@ -0,0 +1,27 @@
+<!--
+	Invalid certificate:
+		newdf.debian-facile.org
+
+	No working URL known:
+		paste.debian-facile.org
+		search.debian-facile.org
+
+	Login required:
+		webmail.debian-facile.org
+
+-->
+<ruleset name="Debian-Facile.org">
+
+	<target host="debian-facile.org" />
+	<target host="www.debian-facile.org" />
+	<target host="adhesion.debian-facile.org" />
+	<target host="collab.debian-facile.org" />
+	<target host="forum.debian-facile.org" />
+	<target host="git.debian-facile.org" />
+	<target host="images.debian-facile.org" />
+	<target host="wiki.debian-facile.org" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Debian-fr.xml b/src/chrome/content/rules/Debian-fr.xml
index 91b87a44ab70..3dede6e67f66 100644
--- a/src/chrome/content/rules/Debian-fr.xml
+++ b/src/chrome/content/rules/Debian-fr.xml
@@ -1,7 +1,47 @@
-<ruleset name="Debian-fr">
-  <target host="debian-fr.org" />
-  <target host="*.debian-fr.org" />
+<!--
+	Problematic hosts in *debian-fr.org:
+
+		- wiki ᵃ
+
+	ᵃ Shows default page
+
+
+	Insecure cookies are set for these domains:
+
+		- .debian-fr.org
+		- .www.debian-fr.org
+
+-->
+<ruleset name="Debian-fr.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="debian-fr.org" />
+	<target host="www.debian-fr.org" />
+
+	<!--	Complications:
+				-->
+	<target host="wiki.debian-fr.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.debian-fr\.org$" name="^(__cfduid|cf_clearance)$" /-->
+	<!--securecookie host="^\.www\.debian-fr\.org$" name="^phpbb3_\w+_[k|sid|u)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<!--	Redirect keeps path and args,
+		but not forward slash:
+					-->
+	<rule from="^http://wiki\.debian-fr\.org/+"
+		to="https://www.isalo.org/wiki.debian-fr/" />
+
+		<test url="http://wiki.debian-fr.org/home.php" />
+
+	<rule from="^http:"
+		to="https:" />
 
-  <rule from="^http://(www\.)?debian-fr\.org/" to="https://www.debian-fr.org/"/>
 </ruleset>
 
diff --git a/src/chrome/content/rules/Debian-self-signed.xml b/src/chrome/content/rules/Debian-self-signed.xml
deleted file mode 100644
index afc84dfe2cea..000000000000
--- a/src/chrome/content/rules/Debian-self-signed.xml
+++ /dev/null
@@ -1,54 +0,0 @@
-<!--
-	For rules that are on by default, see Debian.xml.
-
-
-	Fully covered domains:
-
-		- debconf.org subdomains:
-
-			- debconf7
-			- db
-			- gallery
-			- penta
-			- rt
-			- svn
-
-		- mentors.debian.net
-		- paste.debian.net
-
-		- debian.org subdomains:
-
-			- alioth
-			- lists.alioth
-			- buildd
-			- db
-			- ftp-master
-			- lists
-			- nagios
-			- nm
-			- wiki
-
--->
-<ruleset name="Debian (self-signed)" default_off="self-signed">
-
-	<target host="*.debconf.org" />
-	<target host="*.debian.net" />
-		<!--exclusion pattern="^http://screenshots\.debian\.net/" /-->
-	<target host="*.debian.org" />
-		<!--exclusion pattern="^http://(anonscm|bugs|ca|cdimage|incoming|packages|people|qa|packages\.qa|search|svn|www)\.debian\.org/" /-->
-		<!--
-			Handled in Debian.xml:
-						-->
-		<!--exclusion pattern="^http://wiki\.debian\.org/" /-->
-
-
-	<rule from="^http://(db|debconf7|gallery|penta|rt|svn|wiki)\.debconf\.org/"
-		to="https://$1.debconf.org/" />
-
-	<rule from="^http://(mentors|paste)\.debian\.net/"
-		to="https://$1.debian.net/" />
-
-	<rule from="^http://((?:lists\.)?alioth|buildd|db|ftp-master|lists|nagios|nm)\.debian\.org/"
-		to="https://$1.debian.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Debian.net.xml b/src/chrome/content/rules/Debian.net.xml
new file mode 100644
index 000000000000..7f883f7b37a5
--- /dev/null
+++ b/src/chrome/content/rules/Debian.net.xml
@@ -0,0 +1,59 @@
+<!--
+	For other Debian coverage, see Debian.xml.
+
+	Mismatched:
+		- debian.net
+		- www.debian.net
+
+	Expired:
+		- changelogs.debian.net
+
+	Timeout:
+		- debile.debian.net
+		- forums.debian.net
+
+	Refused:
+		- meetbot.debian.net
+-->
+<ruleset name="Debian.net (partial)">
+
+	<target host="debian.net" />
+	<target host="www.debian.net" />
+	<target host="alioth-lists.debian.net" />
+	<target host="archive.debian.net" />
+	<target host="aurel32.debian.net" />
+	<target host="ben.debian.net" />
+	<target host="binarycontrol.debian.net" />
+	<target host="bootstrap.debian.net" />
+	<target host="ca.debian.net" />
+	<target host="ci.debian.net" />
+	<target host="cloudfront.debian.net" />
+	<target host="codesearch.debian.net" />
+	<target host="cut.debian.net" />
+	<target host="debaday.debian.net" />
+	<target host="debdeltas.debian.net" />
+	<target host="dedup.debian.net" />
+	<target host="dochelp.debian.net" />
+	<target host="france.debian.net" />
+	<target host="jenkins.debian.net" />
+	<target host="meetings-archive.debian.net" />
+	<target host="mentors.debian.net" />
+	<target host="mozilla.debian.net" />
+	<target host="news.debian.net" />
+	<target host="paste.debian.net" />
+	<target host="portfolio.debian.net" />
+	<target host="reproducible.debian.net" />
+	<target host="screenshots.debian.net" />
+	<target host="sources.debian.net" />
+	<target host="sreview.debian.net" />
+	<target host="timeline.debian.net" />
+	<target host="video.debian.net" />
+	<target host="wnpp-by-tags.debian.net" />
+
+	<rule from="^http://(www\.)?debian\.net/"
+		to="https://www.debian.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Debian.xml b/src/chrome/content/rules/Debian.xml
index 959005f4115d..e54b7f3ff75c 100644
--- a/src/chrome/content/rules/Debian.xml
+++ b/src/chrome/content/rules/Debian.xml
@@ -1,65 +1,145 @@
 <!--
-	For problematic rules, see Debian-self-signed.xml.
+	Other Debian rulesets:
 
+		- DebConf.org.xml
+		- Debian.net.xml
+		- Deb.li.xml
 
-	Nonfunctional domains:
 
-		screenshots.debian.net *
+	Nonfunctional domains in *.debian.org:
 
-		debian.org subdomains:
+			- puppet-dashboard (r)
+			- security (r)
+			- sip-ws (r)
+			- ftp.us (m)
+			- ftp-master.metadata (m)
 
-			- (www.) *
-			- anonscm	(redirects to alioth; mismatched, CN: alioth.debian.org)
-			- bugs *
-			- ca		(shows db; mismatched, CN: db.debian.org)
-			- cdimage *
-			- incoming	(shows ftp-master; mismatched, CN: ftp-master.debian.org)
-			- packages *
-			- people	(reset; people.debian.org/~joerg/ is displayed
-					after fetching gpg.ganneff.de over http...)
-			- qa *
-			- packages.qa *
-			- search *
-			- svn		(shows alioth; mismatched, CN: alioth.debian.org)
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
 
-	* Refused
 
+	Partially covered hosts in *debian.org:
 
-	Problematic domains:
+		- security *	(www)
 
-		- debconf.org subdomains:
+	* At least some paths 404
+-->
+<ruleset name="Debian.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="debian.org" />
+	<target host="anonscm.debian.org" />
+	<target host="appstream.debian.org" />
+	<target host="apt.buildd.debian.org" />
+	<target host="backports.debian.org" />
+	<target host="bits.debian.org" />
+	<target host="blends.debian.org" />
+	<target host="bugs.debian.org" />
+	<target host="bugs-master.debian.org" />
+	<target host="buildd.debian.org" />
+	<target host="cdimage.debian.org" />
+	<target host="cdimage-search.debian.org" />
+	<target host="cgi.debian.org" />
+	<target host="cloud.debian.org" />
+	<target host="contributors.debian.org" />
+	<target host="d-i.debian.org" />
+	<target host="db.debian.org" />
+	<target host="deb.debian.org" />
+	<target host="debtags.debian.org" />
+	<target host="browse.dgit.debian.org" />
+	<target host="git.dgit.debian.org" />
+	<target host="dsa.debian.org" />
+	<target host="ftp-master.debian.org" />
+	<target host="api.ftp-master.debian.org" />
+	<target host="metadata.ftp-master.debian.org" />
+	<target host="get.debian.org" />
+	<target host="git.debian.org" />
+	<target host="gobby.debian.org" />
+	<target host="i18n.debian.org" />
+	<target host="incoming.debian.org" />
+	<target host="jenkins.debian.org" />
+	<target host="keyring.debian.org" />
+	<target host="l10n.debian.org" />
+	<target host="lintian.debian.org" />
+	<target host="lists.debian.org" />
+	<target host="manpages.debian.org" />
+	<target host="dyn.manpages.debian.org" />
+	<target host="ftp-master.metadata.debian.org" />
+	<target host="micronews.debian.org" />
+	<target host="mirror-master.debian.org" />
+	<target host="munin.debian.org" />
+	<target host="nagios.debian.org" />
+	<target host="nm.debian.org" />
+	<target host="onion.debian.org" />
+	<target host="packages.debian.org" />
+	<target host="people.debian.org" />
+	<target host="piuparts.debian.org" />
+	<target host="planet.debian.org" />
+	<target host="planet-search.debian.org" />
+	<target host="popcon.debian.org" />
+	<target host="incoming.ports.debian.org" />
+	<target host="www.ports.debian.org" />
+	<target host="qa.debian.org" />
+	<target host="packages.qa.debian.org" />
+	<target host="release.debian.org" />
+	<target host="rt.debian.org" />
+	<target host="rtc.debian.org" />
+	<target host="salsa.debian.org" />
+	<target host="search.debian.org" />
+	<target host="security-master.debian.org" />
+	<target host="security-team.debian.org" />
+	<target host="security-tracker.debian.org" />
+	<!--target host="sip-ws.debian.org" /-->
+	<target host="snapshot.debian.org" />
+	<target host="sso.debian.org" />
+	<target host="syncproxy2.eu.debian.org" />
+	<target host="syncproxy3.eu.debian.org" />
+	<target host="syncproxy2.wna.debian.org" />
+	<target host="syncproxy.au.debian.org" />
+	<target host="syncproxy.cna.debian.org" />
+	<target host="tracker.debian.org" />
+	<target host="udd.debian.org" />
+	<target host="veyepar.debian.org" />
+	<target host="vote.debian.org" />
+	<target host="wiki.debian.org" />
+	<target host="www.debian.org" />
+	<target host="www-master.debian.org" />
 
-			- debconf7 *
-			- db *
-			- gallery *
-			- penta *
-			- rt *
-			- svn *
+	<!--	Complications:
+				-->
+	<target host="security.debian.org" />
 
-		- mentors.debian.net *
-		- paste.debian.net *
+		<exclusion pattern="^http://security\.debian\.org/+(?!$|\?)" />
 
-		- debian.org subdomains:
+			<!--	+ve:
+					-->
+			<test url="http://security.debian.org/debian-security/" />
+			<test url="http://security.debian.org/dists/" />
+			<test url="http://security.debian.org/dists/stable/updates/" />
+			<test url="http://security.debian.org/dists/stable/updates/Release" />
+			<test url="http://security.debian.org/pool/updates/main/" />
 
-			- alioth *
-			- lists.alioth *
-			- buildd *
-			- db *
-			- ftp-master *
-			- lists *
-			- nagios *
-			- nm *
-			- wiki *
+			<!--	-ve:
+					-->
+			<test url="http://security.debian.org/?" />
 
-	* Works, self-signed
 
--->
-<ruleset name="Debian (partial)">
+	<!--	Not secured by server:
+					-->
+
+	<securecookie host="^\w" name=".+" />
 
-	<target host="wiki.debian.org" />
 
+	<rule from="^http://security\.debian\.org/+"
+		to="https://www.debian.org/security/" />
+	<rule from="^http://ftp-master\.metadata\.debian\.org/"
+		to="https://metadata.ftp-master.debian.org/" />
 
-	<rule from="^http://wiki\.debian\.org/"
-		to="https://wiki.debian.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Debianforum.de.xml b/src/chrome/content/rules/Debianforum.de.xml
new file mode 100644
index 000000000000..9dce30610caf
--- /dev/null
+++ b/src/chrome/content/rules/Debianforum.de.xml
@@ -0,0 +1,25 @@
+<!--
+	Mixed content:
+
+		- Images on planet from various domains
+
+-->
+<ruleset name="debianforum.de">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="debianforum.de" />
+	<target host="gallery.debianforum.de" />
+	<target host="mirror.debianforum.de" />
+	<target host="planet.debianforum.de" />
+	<target host="wiki.debianforum.de" />
+	<target host="www.debianforum.de" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Debuggable.xml b/src/chrome/content/rules/Debuggable.xml
index 94b665e3a96e..9a085bd037ec 100644
--- a/src/chrome/content/rules/Debuggable.xml
+++ b/src/chrome/content/rules/Debuggable.xml
@@ -5,7 +5,9 @@
 <ruleset name="Debuggable (partial)">
 
 	<target host="transloadit.com"/>
-	<target host="*.transloadit.com"/>
+	<target host="www.transloadit.com" />
+	<target host="www-eleni.transloadit.com" />
+	<target host="www-eric.transloadit.com" />
 
 	<rule from="^http://www(-eleni|-eric)?\.transloadit\.com/"
 		to="https://www$1.transloadit.com/"/>
diff --git a/src/chrome/content/rules/Debuggex.com.xml b/src/chrome/content/rules/Debuggex.com.xml
new file mode 100644
index 000000000000..fb6c0fd5d7e9
--- /dev/null
+++ b/src/chrome/content/rules/Debuggex.com.xml
@@ -0,0 +1,26 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://debuggex.com/ => https://debuggex.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.debuggex.com/ => https://www.debuggex.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+-->
+<ruleset name="Debuggex.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="debuggex.com" />
+	<target host="www.debuggex.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?debuggex\.com$" name="^session$" /-->
+
+	<securecookie host="^(?:www\.)?debuggex\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Debuggify.net.xml b/src/chrome/content/rules/Debuggify.net.xml
index e1c068f60af5..cd86408b4ce1 100644
--- a/src/chrome/content/rules/Debuggify.net.xml
+++ b/src/chrome/content/rules/Debuggify.net.xml
@@ -1,13 +1,16 @@
-<ruleset name="Debuggify.net">
+<ruleset name="Debuggify.net" default_off="521">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="debuggify.net" />
-	<target host="*.debuggify.net" />
+	<target host="cdn.debuggify.net" />
+	<target host="www.debuggify.net" />
 
 
 	<securecookie host="^\.debuggify\.net$" name=".+" />
 
 
-	<rule from="^http://(cdn\.|www\.)?debuggify\.net/"
-		to="https://$1debuggify.net/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Decadent.org.uk.xml b/src/chrome/content/rules/Decadent.org.uk.xml
new file mode 100644
index 000000000000..848e22d12b2c
--- /dev/null
+++ b/src/chrome/content/rules/Decadent.org.uk.xml
@@ -0,0 +1,11 @@
+<ruleset name="Decadent.org.uk">
+
+	<target host="www.decadent.org.uk" />
+	<target host="git.decadent.org.uk" />
+	<target host="soubrette.decadent.org.uk" />
+	<target host="womble.decadent.org.uk" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Decdna.net.xml b/src/chrome/content/rules/Decdna.net.xml
index a073d9590222..9fb5f5127a60 100644
--- a/src/chrome/content/rules/Decdna.net.xml
+++ b/src/chrome/content/rules/Decdna.net.xml
@@ -1,6 +1,13 @@
-<ruleset name="Decdna.net">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://na.decdna.net/ => https://na.decdna.net/: (6, 'Could not resolve host: na.decdna.net')
+Fetch error: http://eu.link.decdna.net/ => https://eu.link.decdna.net/: (6, 'Could not resolve host: eu.link.decdna.net')
+
+-->
+<ruleset name="Decdna.net" default_off="failed ruleset test">
 	<target host="na.decdna.net" />
 	<target host="eu.link.decdna.net" />
 
-	<rule from="^http://(na|(eu\.link))\.decdna\.net/" to="https://$1.decdna.net/" />
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Deciduous_Press.com.au.xml b/src/chrome/content/rules/Deciduous_Press.com.au.xml
index d0bcf7ba4ef6..7a6c25dfbed4 100644
--- a/src/chrome/content/rules/Deciduous_Press.com.au.xml
+++ b/src/chrome/content/rules/Deciduous_Press.com.au.xml
@@ -9,13 +9,13 @@
 <ruleset name="Deciduous Press.com.au">
 
 	<target host="deciduouspress.com.au" />
-	<target host="*.deciduouspress.com.au" />
+	<target host="images.deciduouspress.com.au" />
+	<target host="www.deciduouspress.com.au" />
 
 
 	<securecookie host="^\.deciduouspress\.com\.au$" name=".+" />
 
 
-	<rule from="^http://(images\.|www\.)?deciduouspress\.com\.au/"
-		to="https://$1deciduouspress.com.au/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Decipher_Inc.com.xml b/src/chrome/content/rules/Decipher_Inc.com.xml
index 2519c3404b03..894e8e044360 100644
--- a/src/chrome/content/rules/Decipher_Inc.com.xml
+++ b/src/chrome/content/rules/Decipher_Inc.com.xml
@@ -14,16 +14,17 @@
 <ruleset name="Decipher Inc.com">
 
 	<target host="decipherinc.com" />
-	<target host="*.decipherinc.com" />
+	<target host="www.decipherinc.com" />
+	<target host="static.decipherinc.com" />
+	<target host="v2.decipherinc.com" />
 
 
 	<securecookie host="^v2\.decipherinc\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?decipherinc\.com/"
-		to="https://$1decipherinc.com/" />
 
 	<rule from="^http://(?:static|v2)\.decipherinc\.com/"
 		to="https://v2.decipherinc.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Decision-Neuroscience-Laboratory.xml b/src/chrome/content/rules/Decision-Neuroscience-Laboratory.xml
deleted file mode 100644
index 9c5617c8b7cf..000000000000
--- a/src/chrome/content/rules/Decision-Neuroscience-Laboratory.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="Decision Neuroscience Laboratory" default_off="mismatch">
-
-	<target host="decisionneurosciencelab.org"/>
-	<target host="www.decisionneurosciencelab.org"/>
-
-	<rule from="^http://(?:www\.)?decisionneurosciencelab\.org/"
-		to="https://decisionneurosciencelab.org/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/DecisionBriefs.xml b/src/chrome/content/rules/DecisionBriefs.xml
index fb67ad86c2a0..ee7884c6d559 100644
--- a/src/chrome/content/rules/DecisionBriefs.xml
+++ b/src/chrome/content/rules/DecisionBriefs.xml
@@ -1,13 +1,14 @@
 <ruleset name="DecisionBriefs">
 
 	<target host="decisionbriefs.com" />
-	<target host="*.decisionbriefs.com" />
+	<target host="core.decisionbriefs.com" />
+	<target host="partners.decisionbriefs.com" />
+	<target host="www.decisionbriefs.com" />
 
 
-	<securecookie host="^(?:.+\.)?decisionbriefs\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://((?:core|partners|www)\.)?decisionbriefs\.com/"
-		to="https://$1decisionbriefs.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/DecisionKey.xml b/src/chrome/content/rules/DecisionKey.xml
index e01053de20df..9b564ccbb98f 100644
--- a/src/chrome/content/rules/DecisionKey.xml
+++ b/src/chrome/content/rules/DecisionKey.xml
@@ -14,7 +14,7 @@
 	<securecookie host="^www\.npddecisionkey\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?npddecisionkey\.com/"
+	<rule from="^http://(?:www\.)?npddecisionkey\.com/"
 		to="https://www.npddecisionkey.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Declaration-of-Russian-Hosting-Providers.xml b/src/chrome/content/rules/Declaration-of-Russian-Hosting-Providers.xml
index c4785eaf95b4..d3b295726f16 100644
--- a/src/chrome/content/rules/Declaration-of-Russian-Hosting-Providers.xml
+++ b/src/chrome/content/rules/Declaration-of-Russian-Hosting-Providers.xml
@@ -1,11 +1,21 @@
-<ruleset name="Declaration of Russian Hosting Providers">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://hostdeclaration.ru/ => https://hostdeclaration.ru/: (28, 'Operation timed out after 0 milliseconds with 0 out of 0 bytes received')
+Fetch error: http://www.hostdeclaration.ru/ => https://hostdeclaration.ru/: (28, 'Operation timed out after 0 milliseconds with 0 out of 0 bytes received')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://hostdeclaration.ru/ => https://hostdeclaration.ru/: (51, "SSL: no alternative certificate subject name matches target host name 'hostdeclaration.ru'")
+Fetch error: http://www.hostdeclaration.ru/ => https://hostdeclaration.ru/: (51, "SSL: no alternative certificate subject name matches target host name 'hostdeclaration.ru'")
+-->
+<ruleset name="Declaration of Russian Hosting Providers" default_off="failed ruleset test">
 
 	<!--	Cert: *.sweb.ru	-->
 	<target host="hostdeclaration.ru" />
 	<target host="www.hostdeclaration.ru" />
 
 
-	<rule from="^https?://(?:www\.)?hostdeclaration\.ru/"
+	<rule from="^http://(?:www\.)?hostdeclaration\.ru/"
 		to="https://hostdeclaration.ru/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Deco.proteste.pt.xml b/src/chrome/content/rules/Deco.proteste.pt.xml
index 6f1346ec5ee3..3a2308d07230 100644
--- a/src/chrome/content/rules/Deco.proteste.pt.xml
+++ b/src/chrome/content/rules/Deco.proteste.pt.xml
@@ -2,5 +2,5 @@
   <target host="deco.proteste.pt" />
   <target host="www.deco.proteste.pt" />
 
-  <rule from="^http://(?:www\.)?deco\.proteste\.pt/" to="https://www.deco.proteste.pt/" />
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/DecorAdventures.com.xml b/src/chrome/content/rules/DecorAdventures.com.xml
new file mode 100644
index 000000000000..7f7392086186
--- /dev/null
+++ b/src/chrome/content/rules/DecorAdventures.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="DecorAdventures.com">
+	<target host="decoradventures.com" />
+	<target host="www.decoradventures.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Decrypt_CryptoLocker.com.xml b/src/chrome/content/rules/Decrypt_CryptoLocker.com.xml
new file mode 100644
index 000000000000..9a6d414165df
--- /dev/null
+++ b/src/chrome/content/rules/Decrypt_CryptoLocker.com.xml
@@ -0,0 +1,16 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://decryptcryptolocker.com/ => https://decryptcryptolocker.com/: (7, 'Failed to connect to decryptcryptolocker.com port 443: Connection timed out')
+Fetch error: http://www.decryptcryptolocker.com/ => https://www.decryptcryptolocker.com/: (6, 'Could not resolve host: www.decryptcryptolocker.com')
+
+-->
+<ruleset name="Decrypt CryptoLocker.com" default_off="failed ruleset test">
+
+	<target host="decryptcryptolocker.com" />
+	<target host="www.decryptcryptolocker.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Decrypted_Matrix.com.xml b/src/chrome/content/rules/Decrypted_Matrix.com.xml
new file mode 100644
index 000000000000..8a0406bab646
--- /dev/null
+++ b/src/chrome/content/rules/Decrypted_Matrix.com.xml
@@ -0,0 +1,20 @@
+<!--
+	Mixed content:
+
+		- Images from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Decrypted Matrix.com">
+
+	<target host="decryptedmatrix.com" />
+	<target host="www.decryptedmatrix.com" />
+
+
+	<securecookie host="^\.decryptedmatrix\.com$" name="^__cfduid$" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Dedicated_Gaming.xml b/src/chrome/content/rules/Dedicated_Gaming.xml
index 9e467422b806..5977cec4fc33 100644
--- a/src/chrome/content/rules/Dedicated_Gaming.xml
+++ b/src/chrome/content/rules/Dedicated_Gaming.xml
@@ -1,13 +1,13 @@
 <ruleset name="Dedicated Gaming">
 
 	<target host="dedicatedgaming.com.au" />
-	<target host="*.dedicatedgaming.com.au" />
+	<target host="myaccount.dedicatedgaming.com.au" />
+	<target host="www.dedicatedgaming.com.au" />
 
 
 	<securecookie host="^(?:myaccount)?\.dedicatedgaming.com.au$" name=".+" />
 
 
-	<rule from="^http://(myaccount\.|www\.)?dedicatedgaming\.com\.au/"
-		to="https://$1dedicatedgaming.com.au/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Dedikuoti.lt.xml b/src/chrome/content/rules/Dedikuoti.lt.xml
new file mode 100644
index 000000000000..5faf94b82400
--- /dev/null
+++ b/src/chrome/content/rules/Dedikuoti.lt.xml
@@ -0,0 +1,7 @@
+<ruleset name="Dedikuoti.lt">
+	<target host="dedikuoti.lt" />
+	<target host="www.dedikuoti.lt" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Dediserve.com.xml b/src/chrome/content/rules/Dediserve.com.xml
new file mode 100644
index 000000000000..5efb4c14320d
--- /dev/null
+++ b/src/chrome/content/rules/Dediserve.com.xml
@@ -0,0 +1,24 @@
+<!--
+	Nonfunctional hosts in *dediserve.com:
+
+		- lg ᵈ
+		- news ⁿ
+
+	ᵈ Dropped
+	ⁿ Refused
+
+-->
+<ruleset name="dediserve.com (partial)">
+
+	<target host="dediserve.com" />
+	<target host="manage.dediserve.com" />
+	<target host="www.dediserve.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Deekayen.net.xml b/src/chrome/content/rules/Deekayen.net.xml
new file mode 100644
index 000000000000..1ae6fe0dd2ad
--- /dev/null
+++ b/src/chrome/content/rules/Deekayen.net.xml
@@ -0,0 +1,15 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.deekayen.net/ => https://www.deekayen.net/: (51, "SSL: no alternative certificate subject name matches target host name 'www.deekayen.net'")
+
+-->
+<ruleset name="deekayen.net" default_off="failed ruleset test">
+
+	<target host="deekayen.net" />
+	<target host="www.deekayen.net" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DeepDyve.xml b/src/chrome/content/rules/DeepDyve.xml
index ebea4a847842..2acfd269dfc7 100644
--- a/src/chrome/content/rules/DeepDyve.xml
+++ b/src/chrome/content/rules/DeepDyve.xml
@@ -13,7 +13,6 @@
 	<securecookie host="^www\.deepdyve\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?deepdyve\.com/"
-		to="https://$1deepdyve.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/DeepField-Networks.xml b/src/chrome/content/rules/DeepField-Networks.xml
index 330951b086ad..9a2581cb5fa8 100644
--- a/src/chrome/content/rules/DeepField-Networks.xml
+++ b/src/chrome/content/rules/DeepField-Networks.xml
@@ -1,12 +1,13 @@
-<ruleset name="DeepField Networks" default_off="mismatch">
+<ruleset name="DeepField Networks" default_off="mismatched">
 
 	<target host="deepfield.net" />
-	<target host="*.deepfield.net" />
+	<target host="www.deepfield.net" />
+	<target host="blog.deepfield.net" />
 
 	<!--	- Cert: ghs-ssl.googlehosted.com
 		- !www times out
 					-->
-	<rule from="^https?://(?:www\.)?deepfield\.net/"
+	<rule from="^http://(?:www\.)?deepfield\.net/"
 		to="https://www.deepfield.net/" />
 
 	<!--	Cert: *.wordpress.com	-->
diff --git a/src/chrome/content/rules/DeepSec.net.xml b/src/chrome/content/rules/DeepSec.net.xml
new file mode 100644
index 000000000000..2c6e3235347a
--- /dev/null
+++ b/src/chrome/content/rules/DeepSec.net.xml
@@ -0,0 +1,10 @@
+<ruleset name="DeepSec.net (partial)">
+
+	<target host="deepsec.net" />
+	<target host="www.deepsec.net" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Deep_Dot_Web.com.xml b/src/chrome/content/rules/Deep_Dot_Web.com.xml
new file mode 100644
index 000000000000..b4f5e8958e76
--- /dev/null
+++ b/src/chrome/content/rules/Deep_Dot_Web.com.xml
@@ -0,0 +1,32 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .deepdotweb.com
+
+
+	Mixed content:
+
+		- Bug from c.statcounter.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Deep Dot Web.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="deepdotweb.com" />
+	<target host="www.deepdotweb.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.deepdotweb\.com$" name="^(?:__cfduid|cf_clearance|ddwforum_etzsv_(?:k|sid|u))$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Deep_Politics_Forum.com.xml b/src/chrome/content/rules/Deep_Politics_Forum.com.xml
new file mode 100644
index 000000000000..d3a06824bbc3
--- /dev/null
+++ b/src/chrome/content/rules/Deep_Politics_Forum.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="Deep Politics Forum.com">
+
+	<target host="deeppoliticsforum.com" />
+	<target host="www.deeppoliticsforum.com" />
+
+
+	<securecookie host="^(?:www\.)?deeppoliticsforum\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Deepbit.net.xml b/src/chrome/content/rules/Deepbit.net.xml
deleted file mode 100644
index 803a65518704..000000000000
--- a/src/chrome/content/rules/Deepbit.net.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="Deepbit.net">
-  <target host="deepbit.net" />
-  <target host="www.deepbit.net" />
-
-  <rule from="^http://(?:www\.)?deepbit\.net/" to="https://deepbit.net/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Deepin.xml b/src/chrome/content/rules/Deepin.xml
new file mode 100644
index 000000000000..97897e3fa98e
--- /dev/null
+++ b/src/chrome/content/rules/Deepin.xml
@@ -0,0 +1,51 @@
+<!--
+	Equal to *.linuxdeepin.com:
+		cdimage.deepin.com
+
+		packages.deepin.com
+		packages.deepin.org
+
+	Expired:
+		cdimage.linuxdeepin.com
+		packages.linuxdeepin.com
+
+	Mismatch:
+		old.linuxdeepin.com
+		(www.)linuxdeepin.com
+		mantis.linuxdeepin.com
+		wiki.linuxdeepin.com
+		start.linuxdeepin.com
+		u.linuxdeepin.com
+		beta.linuxdeepin.com
+		mail.linuxdeepin.com
+
+		feedback.deepin.org
+
+	Timeout:
+		rsync.linuxdeepin.com
+-->
+
+<ruleset name="Deepin (partial)">
+	<!-- Deepin.com -->
+	<target host="deepin.com" />
+	<target host="www.deepin.com" />
+
+	<!-- Deepin.org -->
+	<target host="deepin.org" />
+	<target host="www.deepin.org" />
+	<target host="bbs.deepin.org" />
+	<target host="blog.deepin.org" />
+	<target host="api.deepin.org" />
+	<target host="account.deepin.org" />
+	<target host="login.deepin.org" />
+	<target host="wiki.deepin.org" />
+	<target host="en.bbs.deepin.org" />
+
+	<!-- Linuxdeepin.com -->
+	<target host="img1.linuxdeepin.com" />
+	<target host="img2.linuxdeepin.com" />
+	<target host="img3.linuxdeepin.com" />
+	<target host="img4.linuxdeepin.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Deezer.xml b/src/chrome/content/rules/Deezer.xml
index 5262aeb9632e..c0caa05520b1 100644
--- a/src/chrome/content/rules/Deezer.xml
+++ b/src/chrome/content/rules/Deezer.xml
@@ -1,10 +1,40 @@
-<ruleset name="Deezer">
+<!--
+Disabled because:
 
+Currently Deezer's website *generally* redirects as follows:
+
+	https://deezer.com/      301 Moved Permanantly (to www.deezer.com)
+	https://www.deezer.com/  302 Found             (to plain-http URL)
+	http://www.deezer.com/   200 OK
+
+That is, if we apply an http -> httpS rule to [www.]deezer.com most paths will
+end up being loaded via plain-http anyway.  The one (known) exception is the
+path /ajax/gw-light.php which Deezer's servers do not redirect to plain-http.
+
+If we apply the http -> httpS rule for [www.]deezer.com, the top-level document
+ends up being redirected to load via plain-http, but then makes non-redirected
+httpS XHR POST requests to gw-light.php.  Since it makes these XHR requests
+without requesting cross-origin permissions the requests fail.  The main
+symptom of this failure is that clicking on the left-hand navigation bar does
+nothing.
+-->
+<ruleset name="Deezer.com (Buggy)" default_off="breaks left-hand navigation bar links">
+
+	<!--	Direct rewrites:
+				-->
 	<target host="deezer.com" />
-	<target host="*.deezer.com" />
+	<target host="cdns-files.deezer.com" />
+	<target host="www.deezer.com" />
+
+<!--
+We can't currently add the following since the served certificates are not
+valid for these domains.
 
+	<target host="cdn-images.deezer.com" />
+	<target host="e-cdn-files.deezer.com" />
+-->
 
-	<rule from="^http://(cdns-files\.|www\.)?deezer\.com/"
-		to="https://$1deezer.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Defcon.RU.xml b/src/chrome/content/rules/Defcon.RU.xml
new file mode 100644
index 000000000000..3f1ce8b79a32
--- /dev/null
+++ b/src/chrome/content/rules/Defcon.RU.xml
@@ -0,0 +1,34 @@
+<!--
+	www.defcon.ru: Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- defcon.ru
+
+-->
+<ruleset name="Defcon.RU">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="defcon.ru" />
+
+	<!--	Complications:
+				-->
+	<target host="www.defcon.ru" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^defcon\.ru$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^defcon\.ru$" name=".+" />
+
+
+	<rule from="^http://www\.defcon\.ru/"
+		to="https://defcon.ru/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Defcon.xml b/src/chrome/content/rules/Defcon.xml
deleted file mode 100644
index 49a1b80ab73f..000000000000
--- a/src/chrome/content/rules/Defcon.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="Defcon">
- <target host="www.defcon.org" />
- <target host="defcon.org" />
-
- <rule from="^http://(www\.)?defcon\.org/" to="https://$1defcon.org/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Defectivebydesign.org.xml b/src/chrome/content/rules/Defectivebydesign.org.xml
index 3debf44a1c17..8ebfb5e1614c 100644
--- a/src/chrome/content/rules/Defectivebydesign.org.xml
+++ b/src/chrome/content/rules/Defectivebydesign.org.xml
@@ -2,5 +2,7 @@
 	<target host="defectivebydesign.org" />
 	<target host="www.defectivebydesign.org" />
 
-	<rule from="^http://(www\.)?defectivebydesign\.org/" to="https://$1defectivebydesign.org/" />
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/DefenceForceRetirementandDeathBenefitsScheme.xml b/src/chrome/content/rules/DefenceForceRetirementandDeathBenefitsScheme.xml
new file mode 100644
index 000000000000..69dd1c9e1f7a
--- /dev/null
+++ b/src/chrome/content/rules/DefenceForceRetirementandDeathBenefitsScheme.xml
@@ -0,0 +1,27 @@
+<!--
+	Defence Force Retirement and Death Benefits Scheme
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- dfrdb.gov.au
+		- .dfrdb.gov.au
+		- www.dfrdb.gov.au
+
+-->
+<ruleset name="DFRDB.gov.au">
+	<target host="dfrdb.gov.au" />
+	<target host="www.dfrdb.gov.au" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?dfrdb\.gov\.au$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^\.dfrdb\.gov\.au$" name="^HASHS_b\d+$" /-->
+
+	<securecookie host="^(?:\.|www\.)?dfrdb\.gov\.au$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/DefenceHousingAustralia.xml b/src/chrome/content/rules/DefenceHousingAustralia.xml
new file mode 100644
index 000000000000..606e004369e4
--- /dev/null
+++ b/src/chrome/content/rules/DefenceHousingAustralia.xml
@@ -0,0 +1,43 @@
+<!--
+	Defence Housing Australia
+
+
+	Problematic hosts in *dha.gov.au:
+
+		- www.invest *
+
+	* Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- invest.dha.gov.au
+
+-->
+<ruleset name="DHA.gov.au">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="dha.gov.au" />
+	<target host="invest.dha.gov.au" />
+	<target host="www.dha.gov.au" />
+
+	<!--	Complications:
+				-->
+	<target host="www.invest.dha.gov.au" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^invest\.dha\.gov\.au$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^invest\.dha\.gov\.au$" name=".+" />
+
+
+	<rule from="^http://www\.invest\.dha\.gov\.au/"
+		to="https://invest.dha.gov.au/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Defense_Industry_Daily.xml b/src/chrome/content/rules/Defense_Industry_Daily.xml
index 781ca16d5332..05fc25ee94c1 100644
--- a/src/chrome/content/rules/Defense_Industry_Daily.xml
+++ b/src/chrome/content/rules/Defense_Industry_Daily.xml
@@ -1,21 +1,37 @@
 <!--
 	Nonfunctional subdomains:
 
-		- media
-			- 301s back when rewritten to www
-			- Holds css but not js => mixedcontent
+		- media ¹ ²
+		- support ³
+
+	¹ Refused
+	² Redirects back when rewritten to www
+	³ Desk.com
+
+
+	Mixed content:
+
+		- Images from media.defenceindustrydaily.com ¹
+		- Bug from pixel.quantserve.com ²
+
+	¹ Unsecurable <= refused
+	² Secured by us
 
 -->
-<ruleset name="Defense Industry Daily (partial)" platform="mixedcontent">
+<ruleset name="Defense Industry Daily.com (partial)">
 
 	<target host="defenseindustrydaily.com" />
 	<target host="www.defenseindustrydaily.com" />
 
 
-	<securecookie host="^(?:www\.)?defenseindustrydaily\.com$" name=".+" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.defenseindustrydaily\.com$" name="^__qca$" /-->
+
+	<securecookie host="^(?:\.|www\.)?defenseindustrydaily\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?defenseindustrydaily\.com/"
-		to="https://$1defenseindustrydaily.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Defense_Nuclear_Facilities_Safety_Board.xml b/src/chrome/content/rules/Defense_Nuclear_Facilities_Safety_Board.xml
index fb0fa5d5157e..c6f4a71b0599 100644
--- a/src/chrome/content/rules/Defense_Nuclear_Facilities_Safety_Board.xml
+++ b/src/chrome/content/rules/Defense_Nuclear_Facilities_Safety_Board.xml
@@ -1,5 +1,4 @@
 <!--
-	For other U.S. government coverage, see US-government.xml.
 
 
 	dnfsbstg.prod.acquia-sites.com
@@ -11,16 +10,13 @@
 <ruleset name="Defense Nuclear Facilities Safety Board" default_off="mismatched">
 
 	<target host="dnfsbstg.prod.acquia-sites.com" />
-	<target host="*.dnfsb.gov" />
+	<target host="www.dnfsb.gov" />
 
 
 	<securecookie host="^\.dnfsb\.gov$" name=".+" />
 
 
-	<rule from="^http://dnfsbstg\.prod\.acquia-sites\.com/"
-		to="https://dnfsbstg.prod.acquia-sites.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-	<rule from="^http://www\.dnfsb\.gov/"
-		to="https://www.dnfsb.gov/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Defense_One.com.xml b/src/chrome/content/rules/Defense_One.com.xml
new file mode 100644
index 000000000000..4d5b6bd607e2
--- /dev/null
+++ b/src/chrome/content/rules/Defense_One.com.xml
@@ -0,0 +1,40 @@
+<!--
+	For other Atlantic Media coverage, see Atlantic-Media.xml.
+
+
+	^defenseone.com: Dropped
+	www.defenseone.com: Redirects to http
+
+
+	Problematic hosts in *defenseone.com:
+
+		- metrics *
+
+	* Mismatched
+
+-->
+<ruleset name="Defense One.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="cdn.defenseone.com" />
+
+	<!--	Complications:
+				-->
+	<target host="metrics.defenseone.com" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.defenseone\.com/$" /-->
+
+
+	<securecookie host="^\.defenseone\.com$" name="^s_\w+$" />
+
+
+	<rule from="^http://metrics\.defenseone\.com/"
+		to="https://atlanticmedia.122.2o7.net/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Defora.org.xml b/src/chrome/content/rules/Defora.org.xml
new file mode 100644
index 000000000000..d8043aba4ced
--- /dev/null
+++ b/src/chrome/content/rules/Defora.org.xml
@@ -0,0 +1,26 @@
+<!--
+
+	Problematic hosts in *defora.org:
+
+		- ^ (mismatched)
+		- mahce (no https)
+		- imap (no https)
+		- lists (no https)
+		- mx (no https)
+		- ftp (no https)
+		- preach (mismatched)
+
+-->
+<ruleset name="Defora.org">
+
+	<target host="defora.org" />
+	<target host="www.defora.org" />
+	<target host="git.defora.org" />
+
+	<rule from="^http://defora\.org/"
+		to="https://www.defora.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Defra.gov.uk.xml b/src/chrome/content/rules/Defra.gov.uk.xml
new file mode 100644
index 000000000000..58632745df7b
--- /dev/null
+++ b/src/chrome/content/rules/Defra.gov.uk.xml
@@ -0,0 +1,84 @@
+<!--
+	Food and Environment Research Agency
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *defra.gov.uk:
+
+		- www.cefas ⁴
+
+		- beebase.fera ³
+		- chlaramap.fera ³
+		- dogs2012.fera ³
+
+		- jncc ᵈ
+		- naei ᵈ
+		- laqm ᵇ
+		- sciencesearch ᵈ
+		- sd ᵖ
+		- uk-air ʰ
+		- wtl ʳ
+
+	³ 403
+	⁴ 404
+	ᵇ Shows default page
+	ᵈ Dropped
+	ʰ Redirects to http
+	ᵖ Plaintext reply
+	ʳ Refused
+
+
+	Problematic hosts in *defra.gov.uk:
+
+		- (www.)? ᵐ
+		- aka ᵐ
+		- aka-sd ᵐ
+		- aka-vmd ᵐ
+		- animalhealth ᵐ
+		- archive ᵐ
+		- darwin ᵐ
+		- www.fera ᵐ
+		- www.rdpenetwork ᵐ
+		- (www.)?rpa ᵐ
+		- smokecontrol ᶜ
+		- vla ᵐ
+		- ww2 ᵐ
+
+	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- secure.services.defra.gov.uk
+
+-->
+<ruleset name="Defra.gov.uk (partial)">
+
+	<target host="consult.defra.gov.uk" />
+	<target host="secure.fera.defra.gov.uk" />
+	<target host="secure.services.defra.gov.uk" />
+	<!--target host="smokecontrol.defra.gov.uk" /-->
+	<target host="vmd.defra.gov.uk" />
+	<target host="www.vmd.defra.gov.uk" />
+
+		<!--	403:
+				-->
+		<exclusion pattern="^http://secure\.fera\.defra\.gov\.uk/$" />
+
+		<test url="http://secure.fera.defra.gov.uk/browse/" />
+		<test url="http://secure.fera.defra.gov.uk/phiw/riskRegister/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^secure\.services\.defra\.gov\.uk$" name="^AlteonP$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Defsounds.xml b/src/chrome/content/rules/Defsounds.xml
index e05d9f4cef2b..96efa06becd8 100644
--- a/src/chrome/content/rules/Defsounds.xml
+++ b/src/chrome/content/rules/Defsounds.xml
@@ -1,13 +1,13 @@
-<ruleset name="Defsounds">
+<ruleset name="Defsounds.com" default_off="refused">
 
 	<target host="defsounds.com" />
-	<target host="*.defsounds.com" />
+	<target host="www.defsounds.com" />
 
 
 	<securecookie host="^\.defsounds\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?defsounds\.com/"
-		to="https://$1defsounds.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Deichmann.com.xml b/src/chrome/content/rules/Deichmann.com.xml
new file mode 100644
index 000000000000..a0c55669ea30
--- /dev/null
+++ b/src/chrome/content/rules/Deichmann.com.xml
@@ -0,0 +1,11 @@
+<ruleset name="Deichmann.com">
+
+	<target host="deichmann.com"/>
+	<target host="www.deichmann.com"/>
+	<target host="trendblog.deichmann.com"/>
+
+	<rule from="^http://(www\.)?deichmann\.com/" to="https://www.deichmann.com/"/>
+
+	<rule from="^http:" to="https:"/>
+
+</ruleset>
diff --git a/src/chrome/content/rules/Deimos.fr.xml b/src/chrome/content/rules/Deimos.fr.xml
new file mode 100644
index 000000000000..1e84c3809feb
--- /dev/null
+++ b/src/chrome/content/rules/Deimos.fr.xml
@@ -0,0 +1,18 @@
+<!--
+	Mixed content:
+		wiki.deimos.fr
+
+	Invalid certificate:
+		shenzi.deimos.fr
+
+-->
+<ruleset name="Deimos.fr">
+
+	<target host="deimos.fr" />
+	<target host="www.deimos.fr" />
+	<target host="blog.deimos.fr" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Dein.dk.xml b/src/chrome/content/rules/Dein.dk.xml
new file mode 100644
index 000000000000..2cfb78c70ff9
--- /dev/null
+++ b/src/chrome/content/rules/Dein.dk.xml
@@ -0,0 +1,16 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://dein.dk/ => https://dein.dk/: (35, 'Unknown SSL protocol error in connection to dein.dk:443 ')
+Fetch error: http://www.dein.dk/ => https://www.dein.dk/: (35, 'Unknown SSL protocol error in connection to www.dein.dk:443 ')
+
+-->
+<ruleset name="Dein.dk" default_off="failed ruleset test">
+
+	<target host="dein.dk" />
+	<target host="www.dein.dk" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DejaLu.me.xml b/src/chrome/content/rules/DejaLu.me.xml
new file mode 100644
index 000000000000..b396bb166620
--- /dev/null
+++ b/src/chrome/content/rules/DejaLu.me.xml
@@ -0,0 +1,10 @@
+<ruleset name="DejaLu.me">
+
+	<target host="dejalu.me" />
+	<target host="www.dejalu.me" />
+	<target host="d.dejalu.me" />
+		<test url="http://d.dejalu.me/beta/DejaLu.zip" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Delaware_Online.xml b/src/chrome/content/rules/Delaware_Online.xml
index fd6404cdafd1..3d86bc8403e9 100644
--- a/src/chrome/content/rules/Delaware_Online.xml
+++ b/src/chrome/content/rules/Delaware_Online.xml
@@ -26,13 +26,13 @@
 <ruleset name="Delaware Online (partial)">
 
 	<target host="delawareonline.com" />
-	<target host="*.delawareonline.com" />
+	<target host="www.delawareonline.com" />
 
 
 	<securecookie host="^www\.delawareonline\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?delawareonline\.com/"
+	<rule from="^http://(?:www\.)?delawareonline\.com/"
 		to="https://www.delawareonline.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Delaware_Technical_Community_College.xml b/src/chrome/content/rules/Delaware_Technical_Community_College.xml
new file mode 100644
index 000000000000..53435ce50f8d
--- /dev/null
+++ b/src/chrome/content/rules/Delaware_Technical_Community_College.xml
@@ -0,0 +1,8 @@
+<ruleset name="Delaware Technical Community College (partial)">
+  <target host="dtcc.edu" />
+  <target host="login.dtcc.edu" />
+  <target host="www.dtcc.edu" />
+
+  <rule from="^http://(?:www\.)?dtcc\.edu/" to="https://www.dtcc.edu/" />
+  <rule from="^http://(?:www\.)?login\.dtcc\.edu/" to="https://login.dtcc.edu/" />
+</ruleset>
diff --git a/src/chrome/content/rules/Delaware_Today.com.xml b/src/chrome/content/rules/Delaware_Today.com.xml
new file mode 100644
index 000000000000..61c0079affc2
--- /dev/null
+++ b/src/chrome/content/rules/Delaware_Today.com.xml
@@ -0,0 +1,16 @@
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://delawaretoday.com/ => http://delawaretoday.com/: Redirect for 'http://delawaretoday.com/' missing Location
+	Some pages redirect to http.
+
+-->
+<ruleset name="Delaware Today.com (partial)">
+
+	<target host="delawaretoday.com" />
+	<target host="www.delawaretoday.com" />
+
+
+	<rule from="^http://(www\.)?delawaretoday\.com/(?=[\w-]+\.png|core/|_delaware_rad/|favicon\.ico|images/)"
+		to="https://$1delawaretoday.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Delfogo_Rx.xml b/src/chrome/content/rules/Delfogo_Rx.xml
deleted file mode 100644
index 040a4019af7d..000000000000
--- a/src/chrome/content/rules/Delfogo_Rx.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	Cert only matches ^delfogo.com
-
--->
-<ruleset name="Delfogo Rx">
-
-	<target host="delfogo.com" />
-	<target host="www.delfogo.com" />
-
-
-	<securecookie host="^delfogo\.com$" name=".+" />
-
-
-	<rule from="^https?://(?:www\.)?delfogo\.com/"
-		to="https://delfogo.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Delft-University-of-Technology-mismatches.xml b/src/chrome/content/rules/Delft-University-of-Technology-mismatches.xml
index 399e5027bede..09a4af48fa76 100644
--- a/src/chrome/content/rules/Delft-University-of-Technology-mismatches.xml
+++ b/src/chrome/content/rules/Delft-University-of-Technology-mismatches.xml
@@ -2,13 +2,12 @@
 	For rules that are on by default, see Delft-University-of-Technology.xml.
 
 -->
-<ruleset name="Delft University of Technology (mismatches)" default_off="mismatch">
+<ruleset name="Delft University of Technology (mismatches)" default_off="mismatched">
 
 	<target host="faq.weblog.tudelft.nl" />
 
 
 	<!--	Cert: weblog.tudelft.nl	-->
-	<rule from="^http://faq\.weblog\.tudelft\.nl/"
-		to="https://faq.weblog.tudelft.nl/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Delft-University-of-Technology.xml b/src/chrome/content/rules/Delft-University-of-Technology.xml
index 2904471e0072..326692fb2358 100644
--- a/src/chrome/content/rules/Delft-University-of-Technology.xml
+++ b/src/chrome/content/rules/Delft-University-of-Technology.xml
@@ -28,15 +28,16 @@
 -->
 <ruleset name="Delft University of Technology (partial)">
 
-	<target host="*.tudelft.nl" />
+	<target host="intranet.tudelft.nl" />
+	<target host="netid.tudelft.nl" />
+	<target host="weblog.tudelft.nl" />
 
 
 	<!--	There is a cross-subdomain .weblog cookie, which is
 		not handled in case it is required on other domains.	-->
-	<securecookie host="^\w+\.tudelft\.nl$" name=".*" />
+	<securecookie host="^\w+\.tudelft\.nl$" name=".+" />
 
 
-	<rule from="^http://(intranet|netid|weblog)\.tudelft\.nl/"
-		to="https://$1.tudelft.nl/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Delicious.xml b/src/chrome/content/rules/Delicious.xml
deleted file mode 100644
index f42222837f04..000000000000
--- a/src/chrome/content/rules/Delicious.xml
+++ /dev/null
@@ -1,100 +0,0 @@
-<!--
-	CDN buckets:
-
-		- api-688261400.us-west-1.elb.amazonaws.com
-
-			- images.del.icio.us
-
-		- delicious.imgix.net
-
-
-	Problematic domains:
-
-		- d.me			(mismatched, CN: *.delicious.com)
-		- feeds.delicious.com *
-		- images.del.icio.us *
-
-	* Mismatched, CN: api.del.icio.us
-
-
-	Nonfunctional domains:
-
-		- blog.delicious.com	(dropped)
-
-
-	Fully covered domains:
-
-		- d.me		(→ delicious.com)
-
-		- delicious.com subdomains:
-
-			- (www.)
-			- feeds		(→ api.del.icio.us)
-			- next
-			- previous
-
-		- d-static.com
-
-		- icio.us subdomains:
-
-			- (www.)	(→ delicious.com)
-			- api
-			- del		(→ delicious.com)
-			- images	(→ api)
-
-
-	Observed cookie domains:
-
-		- .previous.delicious.com
-		- .www.delicious.com
-		- .api.del.icio.us
-
-
-	Mixed content:
-
-		- Scripts, on:
-
-			- api.del.icio.us from feeds.delicious.com *
-			- api.del.icio.us from previous.delicious.com *
-
-		- Ads, on previous.delicious.com and www.delicious.com from api.mixbit.com *
-
-	* Secured by us
-
--->
-<ruleset name="Delicious" platform="mixedcontent">
-
-	<target host="d.me" />
-	<target host="delicious.com" />
-	<target host="www.delicious.com" />
-	<target host="*.www.delicious.com" />
-	<target host="d-static.com" />
-	<target host="icio.us" />
-	<target host="*.icio.us" />
-	<target host="api.del.icio.us" />
-	<target host="*.api.del.icio.us" />
-
-
-	<securecookie host="^(.+\.)?delicious\.com$" name=".*" />
-	<securecookie host="^\.api\.del\.icio\.us$" name=".*" />
-
-
-	<rule from="^https?://d\.me/"
-		to="https://delicious.com/" />
-
-	<rule from="^http://((?:next|previous|www)\.)?delicious\.com/"
-		to="https://$1delicious.com/" />
-
-	<rule from="^https?://(?:www\.|del\.)?icio\.us/"
-		to="https://delicious.com/" />
-
-	<rule from="^https?://(?:api|images)\.del\.icio\.us/"
-		to="https://api.del.icio.us/" />
-
-	<rule from="^https?://feeds\.delicious\.com/"
-		to="https://api.del.icio.us/" />
-
-	<rule from="^http://d-static\.com/"
-		to="https://d-static.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Delico.se.xml b/src/chrome/content/rules/Delico.se.xml
index c547e99c8b87..9d93ae356417 100644
--- a/src/chrome/content/rules/Delico.se.xml
+++ b/src/chrome/content/rules/Delico.se.xml
@@ -1,7 +1,6 @@
 <ruleset name="Delico.se">
   <target host="www.delico.se" />
   <target host="delico.se" />
-  <rule from="^http://www\.delico\.se/" to="https://www.delico.se/"/>
-  <rule from="^http://delico\.se/" to="https://delico.se/"/>
+  <rule from="^http:" to="https:" />
 </ruleset>
 
diff --git a/src/chrome/content/rules/Delish.xml b/src/chrome/content/rules/Delish.xml
index f6fe6bf78ed8..2478f3750cac 100644
--- a/src/chrome/content/rules/Delish.xml
+++ b/src/chrome/content/rules/Delish.xml
@@ -1,11 +1,9 @@
 <!--
 	Other Hearst Corporation rulesets:
 
-		- Hearst-Corporation.xml
-		- Hearst-Corporation-mismatches.xml
 
 -->
-<ruleset name="Delish (partial)" default_off="mismatch">
+<ruleset name="Delish (partial)" default_off="mismatched">
 
 	<!--	Cert: subscribe.hearstmags.com	-->
 	<target host="delish.com" />
diff --git a/src/chrome/content/rules/Deliver2.xml b/src/chrome/content/rules/Deliver2.xml
new file mode 100644
index 000000000000..a252051533b8
--- /dev/null
+++ b/src/chrome/content/rules/Deliver2.xml
@@ -0,0 +1,7 @@
+<ruleset name="Deliver2">
+        <target host="deliver2.com" />
+        <target host="www.deliver2.com" />
+
+        <rule from="^http:"
+                to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Deliveras.gr.xml b/src/chrome/content/rules/Deliveras.gr.xml
new file mode 100644
index 000000000000..1a0b63a5ad21
--- /dev/null
+++ b/src/chrome/content/rules/Deliveras.gr.xml
@@ -0,0 +1,38 @@
+<!--
+	NB: Server sends no certificate chain, see https://whatsmychaincert.com
+
+
+	This ruleset is experimental. If you experience problems please
+	 open an issue at https://github.com/kargig/https-everywhere-greek-rules
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.deliveras.gr
+
+
+	Mixed content:
+
+		- Ad from ad.doubleclick.net *
+
+	* Ruleset disabled by default
+
+-->
+<ruleset name="Deliveras.gr" default_off="cert-chain">
+
+	<!--	Direct rewrites:
+				-->
+  <target host="deliveras.gr" />
+  <target host="www.deliveras.gr" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.deliveras\.gr$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^(?:www\.)?deliveras\.gr$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Delivery.com.xml b/src/chrome/content/rules/Delivery.com.xml
new file mode 100644
index 000000000000..b391d0d7efa5
--- /dev/null
+++ b/src/chrome/content/rules/Delivery.com.xml
@@ -0,0 +1,25 @@
+<!--
+	^: No altname
+
+
+	Insecure cookies are set for these domains:
+
+		- www.delivery.com
+
+-->
+<ruleset name="delivery.com">
+
+	<target host="delivery.com" />
+	<target host="www.delivery.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.delivery\.com$" name="^SEVERID$" /-->
+
+	<securecookie host="^www\.delivery\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Dell-mismatches.xml b/src/chrome/content/rules/Dell-mismatches.xml
deleted file mode 100644
index 222c446aab39..000000000000
--- a/src/chrome/content/rules/Dell-mismatches.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="Dell (mismatches)" default_off="mismatch">
-
-	<!--	cert: linux.dell.com	-->
-	<target host="lists.us.dell.com"/>
-
-	<rule from="^http://lists\.us\.dell\.com/"
-		to="https://lists.us.dell.com/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Dell.com-falsemixed.xml b/src/chrome/content/rules/Dell.com-falsemixed.xml
deleted file mode 100644
index 4a750122dfb1..000000000000
--- a/src/chrome/content/rules/Dell.com-falsemixed.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	For rules not causing false/broken MCB, see Dell.xml.
-
--->
-<ruleset name="Dell.com (false MCB)" platform="mixedcontent">
-
-	<target host="dell.com" />
-	<target host="www.dell.com" />
-		<!--
-			Handled in Dell.xml:
-						-->
-		<!--exclusion pattern="^http://(www\.)?dell\.com/+(content/|favicon\.ico)" /-->
-
-
-	<rule from="^http://(?:www\.)?dell\.com/(?!content/|favicon\.ico)"
-		to="https://www.dell.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Dell.xml b/src/chrome/content/rules/Dell.xml
index 555948a97e62..3d3a18a1c396 100644
--- a/src/chrome/content/rules/Dell.xml
+++ b/src/chrome/content/rules/Dell.xml
@@ -1,137 +1,70 @@
-<!--
-	CDN buckets:
-
-		- ccdn-global.dell.com.edgesuite.net
-
-			- a1058.g.akamai.net
-
-				- i
-
-		- dellideas.force.com 
-
-
-	Nonfunctional subdomains:
-
-		- community *
-		- content *
-		- accessories.euro	(503, akamai)
-
-	* Dropped
-
-
-	Problematic subdomains:
-
-		- accessories-cdn *
-		- media.community	(504, akamai)
-		- i *
-		- www1.la *
-		- www1-cdn.la *
-		- accessories.us	(mismatched, CN: accessories.dell.com)
-		- www-cdn *
-
-	* Works, akamai
-
-
-	Partially covered subdomains:
-
-		- community subdomains:
-
-				- de ¹
-				- en ¹
-				- es ¹
-				- fr ¹
-				- ja ¹
-				- ko ¹
-				- media		(→ en.community)
-				- pt ¹
-				- zh ¹
-
-		- partnerdirect ²
-
-	¹ cfs-file.ashx & resized-image.ashx 404, at least some pages redirect to http
-	² At least some pages redirect to http
-
-
-	Fully covered subdomains:
-
-		- (www.)		(^ → www)
-		- accessories-cdn	(→ accessories)
-		- afcs
 
-		- ap subdomains:
-
-			- chatpro
-			- cs
-			- dellchat
-
-		- b2bservices
-
-		- cdn subdomains:
-
-			- ec2
-			- si
-			- snp
-
-		- ecomm
-		- ecomm2
-		- support.euro
-		- i			(→ akamai)
-		- img
-		- mobility
-		- premier
-		- signin
-		- sso
-		- support
-		- supportapj
-		- pbar.us
-		- www1-cdn
-		- www-cdn		(→ www)
-
-
-	Mixed content:
+<!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Fetch error: http://channels.ap.dell.com/ => https://channels.ap.dell.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://channelslb.ap.dell.com/ => https://channelslb.ap.dell.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://channelspro.ap.dell.com/ => https://channelspro.ap.dell.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://chat1.ap.dell.com/ => https://chat1.ap.dell.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://chatpro.ap.dell.com/ => https://chatpro.ap.dell.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://dellchat.ap.dell.com/ => https://dellchat.ap.dell.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://b2bservices.dell.com/ => https://b2bservices.dell.com/: (7, 'Failed to connect to b2bservices.dell.com port 443: Connection refused')
+Fetch error: http://signin.dell.com/ => https://signin.dell.com/: (35, 'OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to signin.dell.com:443 ')
+Non-2xx HTTP code: http://topics-cdn.dell.com/ (200) => https://topics-cdn.dell.com/ (403)
+Fetch error: http://channels.us.dell.com/ => https://channels.us.dell.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 
-		- css on www from www-cdn *
+-->
 
-		- Images on accessories from i *
+<!--
+The following targets have been disabled at 2020-04-17 18:38:06:
 
-	* Secured by us
+Fetch error: http://financing.dell.com/ => https://financing.dell.com/: (35, 'OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to financing.dell.com:443 ')
+Fetch error: http://sso.dell.com/ => https://sso.dell.com/: (6, 'Could not resolve host: sso.dell.com')
 
+	Other Dell rulesets:
 -->
-<ruleset name="Dell (partial)">
-
+<ruleset name="Dell.com (partial)">
 	<target host="dell.com" />
-	<target host="*.dell.com" />
-		<exclusion pattern="^http://(?:\w\w|media)\.community\.dell\.com/(?![tT]hemes/)" />
-		<exclusion pattern="^http://partnerdirect\.dell\.com/(?!sites/channel/(?:Style\ Library/|\w\w_\w\w/pages/loginpage\.aspx))" />
-		<!--
-			False/broken MCB:
-						-->
-		<exclusion pattern="^http://(www\.)?dell\.com/+(?!content/|favicon\.ico)" />
-	<target host="ideastorm.com" />
-	<target host="www.ideastorm.com" />
-
-
-	<!--(?!.+\.community\.|partnerdirect\.)-->
-	<securecookie host="^(?:accessories|ecomm|support\.euro|mobility|premier|signin|support(?:apj)?)\.dell\.com$" name=".+" />
-
-
-	<rule from="^http://(www(?:-cdn)?\.)?dell\.com/"
-		to="https://www.dell.com/" />
-
-	<rule from="^http://(accessories|a?fcs|(?:chatpro|dellchat|cs)\.ap|b2bservices|(?:ec2|si|snp)\.cdn|\w\w\.community|ecomm2?|support\.euro|img|mobility|partnerdirect|premier|signin|sso|support(?:apj)?|pbar\.us|www1-cdn)\.dell\.com/"
-		to="https://$1.dell.com/" />
-
-	<rule from="^http://accessories-cdn\.dell\.com/"
-		to="https://accessories.dell.com/" />
-
-	<rule from="^http://media\.community\.dell\.com/"
-		to="https://en.community.dell.com/" />
-
-	<rule from="^http://i\.dell\.com/"
-		to="https://a248.e.akamai.net/f/1058/5566/8/i.dell.com/" />
-
-	<rule from="^http://(?:www\.)?ideastorm\.com/"
-		to="https://dellideas.secure.force.com/" />
-
+	<target host="www.dell.com" />
+	<target host="accessories.dell.com" />
+	<!-- target host="channels.ap.dell.com" /-->
+	<!-- target host="channelslb.ap.dell.com" /-->
+	<!-- target host="channelspro.ap.dell.com" /-->
+	<!-- target host="chat1.ap.dell.com" /-->
+	<!-- target host="chatpro.ap.dell.com" /-->
+	<target host="cs.ap.dell.com" />
+	<!-- target host="dellchat.ap.dell.com" /-->
+	<!-- target host="b2bservices.dell.com" /-->
+	<target host="ec2.cdn.dell.com" />
+	<target host="si.cdn.dell.com" />
+	<target host="snp.cdn.dell.com" />
+	<target host="deals.dell.com" />
+	<target host="dellupdater.dell.com" />
+	<target host="downloads.dell.com" />
+	<target host="ecomm.dell.com" />
+	<target host="ecomm2.dell.com" />
+	<target host="support.euro.dell.com" />
+	<target host="fcs.dell.com" />
+	<!-- target host="financing.dell.com" /-->
+	<target host="i.dell.com" />
+	<target host="img.dell.com" />
+	<target host="jpstore.dell.com" />
+	<target host="m.dell.com" />
+	<target host="marketing.dell.com" />
+	<target host="partnerdirect.dell.com" />
+	<target host="paymentsportal.dell.com" />
+	<target host="premier.dell.com" />
+	<!-- target host="signin.dell.com" /-->
+	<!-- target host="sso.dell.com" /-->
+	<target host="support.dell.com" />
+	<target host="supportapj.dell.com" />
+	<!-- target host="topics-cdn.dell.com" /-->
+	<!-- target host="channels.us.dell.com" /-->
+	<target host="lists.us.dell.com" />
+	<target host="pbar.us.dell.com" />
+
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
 </ruleset>
-
diff --git a/src/chrome/content/rules/DellCDN.com.xml b/src/chrome/content/rules/DellCDN.com.xml
new file mode 100644
index 000000000000..c78227b8be69
--- /dev/null
+++ b/src/chrome/content/rules/DellCDN.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="DellCDN.com">
+	<target host="www.dellcdn.com" />
+	<target host="afcs.dellcdn.com" />
+		<test url="http://afcs.dellcdn.com/csb/" />
+	<target host="fcs.dellcdn.com" />
+		<test url="http://fcs.dellcdn.com/fonts/" />
+	<target host="i.dellcdn.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Delta.com.xml b/src/chrome/content/rules/Delta.com.xml
new file mode 100644
index 000000000000..3c9d2790ae1c
--- /dev/null
+++ b/src/chrome/content/rules/Delta.com.xml
@@ -0,0 +1,33 @@
+<!--
+	Time out:
+		delta.com
+
+	Invalid certificate:
+		ir.delta.com
+		news.delta.com
+		takingoff.delta.com
+
+-->
+<ruleset name="Delta.com (partial)">
+
+	<target host="delta.com" />
+	<target host="www.delta.com" />
+	<target host="bgar.delta.com" />
+	<target host="content.delta.com" />
+		<test url="http://content.delta.com/content/dam/delta-applications/mydelta/widget/hotels.png" />
+	<target host="ja.delta.com" />
+	<target host="ko.delta.com" />
+	<target host="marketplace.delta.com" />
+	<target host="marketplaceasia.delta.com" />
+	<target host="pro.delta.com" />
+	<target host="register.delta.com" />
+		<test url="http://register.delta.com/Help/GetHelp" />
+	<target host="ssaa.delta.com" />
+		<test url="http://ssaa.delta.com/systemmsg/help.html" />
+
+	<rule from="^http://delta\.com/"
+		to="https://www.delta.com/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Delta.no.xml b/src/chrome/content/rules/Delta.no.xml
index e881df977fce..4a9ebce89781 100644
--- a/src/chrome/content/rules/Delta.no.xml
+++ b/src/chrome/content/rules/Delta.no.xml
@@ -1,6 +1,22 @@
-<ruleset name="Delta.no" platform="mixedcontent">
-  <target host="www.delta.no" />
+<!--
+	Insecure cookies are set for these hosts:
+
+		- delta.no
+		- www.delta.no
+
+-->
+<ruleset name="Delta.no">
   <target host="delta.no" />
+  <target host="www.delta.no" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?delta\.no$" name="^JSESSIONID$" /-->
+
+	<securecookie host="^(?:www\.)?delta\.no$" name=".+" />
+
 
-  <rule from="^http://(www\.)?delta\.no/" to="https://www.delta.no/"/>
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Deltager.no.xml b/src/chrome/content/rules/Deltager.no.xml
new file mode 100644
index 000000000000..a2be11c2aecc
--- /dev/null
+++ b/src/chrome/content/rules/Deltager.no.xml
@@ -0,0 +1,28 @@
+<!--
+	For other DNB Bank coverage, see DNB.no.xml.
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.deltager.no
+
+-->
+<ruleset name="Deltager.no">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="deltager.no" />
+	<target host="www.deltager.no" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.deltager\.no$" name="^(?:ASP\.NET_SessionId|SID1)" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Deluge-torrent.org.xml b/src/chrome/content/rules/Deluge-torrent.org.xml
new file mode 100644
index 000000000000..5cefc9fd30a5
--- /dev/null
+++ b/src/chrome/content/rules/Deluge-torrent.org.xml
@@ -0,0 +1,19 @@
+<!--
+	Mismatch:
+		- download.deluge-torrent.org
+		- svn.deluge-torrent.org
+-->
+<ruleset name="Deluge-torrent.org">
+
+	<target host="deluge-torrent.org"/>
+	<target host="www.deluge-torrent.org"/>
+	<target host="dev.deluge-torrent.org"/>
+	<target host="forum.deluge-torrent.org"/>
+	<target host="git.deluge-torrent.org"/>
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:"/>
+
+</ruleset>
diff --git a/src/chrome/content/rules/Deluge.xml b/src/chrome/content/rules/Deluge.xml
deleted file mode 100644
index 0259a810fd10..000000000000
--- a/src/chrome/content/rules/Deluge.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<ruleset name="Deluge" default_off="expired, mismatch">
-
-	<!--	cert: *.osuosl.org	-->
-	<target host="deluge-torrent.org"/>
-	<target host="*.deluge-torrent.org"/>
-	<!--	* for cross-domain cookie	-->
-	<target host="*.forum.deluge-torrent.org"/>
-
-	<securecookie host="^(.*\.)?deluge-torrent\.org$" name=".*"/>
-
-	<rule from="^http://(?:www\.)?deluge-torrent\.org/"
-		to="https://deluge-torrent.org/"/>
-
-	<rule from="^http://(dev|forum)\.deluge-torrent\.org/"
-		to="https://$1.deluge-torrent.org/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Delvenetworks.com.xml b/src/chrome/content/rules/Delvenetworks.com.xml
index eee824b212e9..db64c30ecb96 100644
--- a/src/chrome/content/rules/Delvenetworks.com.xml
+++ b/src/chrome/content/rules/Delvenetworks.com.xml
@@ -9,12 +9,15 @@
 			- img.delvenetworks.com
 
 -->
-<ruleset name="delvenetworks">
+<ruleset name="Delvenetworks.com">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="img.delvenetworks.com" />
+	<target host="assets.delvenetworks.com" />
+	<target host="s.delvenetworks.com" />
 
+	<rule from="^http:"
+		to="https:" />
 
-	<rule from="^http://img\.delvenetworks\.com/"
-		to="https://img.delvenetworks.com/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/DemWorks.org.xml b/src/chrome/content/rules/DemWorks.org.xml
new file mode 100644
index 000000000000..89d735395a57
--- /dev/null
+++ b/src/chrome/content/rules/DemWorks.org.xml
@@ -0,0 +1,17 @@
+<ruleset name="DemWorks.org">
+
+	<target host="demworks.org" />
+	<target host="www.demworks.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.demworks\.org$" name="^SESS[\da-f]{32}$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Demand-Base.xml b/src/chrome/content/rules/Demand-Base.xml
index f697407bbaa5..fca0bf3a64f3 100644
--- a/src/chrome/content/rules/Demand-Base.xml
+++ b/src/chrome/content/rules/Demand-Base.xml
@@ -1,17 +1,78 @@
-<ruleset name="Demandbase" platform="mixedcontent">
 
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://demandbase.demandbase.com/ => https://demandbase.demandbase.com/: (28, 'Connection timed out after 20002 milliseconds')
+Fetch error: http://leads.demandbase.com/ => https://leads.demandbase.com/: (6, 'Could not resolve host: leads.demandbase.com')
+
+	CDN buckets:
+
+		- demandbase-static-images.s3.amazonaws.com
+
+
+	Nonfunctional hosts:
+
+		- support *
+
+	* Zendesk
+
+
+	Problematic hosts:
+
+		- ^ *
+
+	* Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- auth.demandbase.com
+		- www.demandbase.com
+
+
+	Mixed content:
+
+		- css on www from fonts.googleapis.com *
+		- Bug on demandbase from leads.demandbase.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Demandbase.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="api.demandbase.com" />
+	<target host="auth.demandbase.com" />
+	<target host="dashboard.demandbase.com" />
+	<target host="demandbase.demandbase.com" />
+	<target host="leads.demandbase.com" />
+	<target host="performance.demandbase.com" />
+	<target host="www.demandbase.com" />
+
+	<!--	Complications:
+				-->
 	<target host="demandbase.com" />
-	<target host="*.demandbase.com" />
+	<!--target host="support.demandbase.com" /-->
 
 
-	<securecookie host="^(.*\.)?demandbase\.com$" name=".*" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^auth\.demandbase\.com$" name="^AWSELB$" /-->
+	<!--securecookie host="^www\.demandbase\.com$" name="^PHPSESSID$" /-->
 
+	<securecookie host=".+" name=".+"/>
 
-	<!--	Cert only matches www.	-->
-	<rule from="^https?://(?:www\.)?demandbase\.com/"
+
+	<!--	Redirect keeps forward
+		slash, path, and args:
+					-->
+	<rule from="^http://demandbase\.com/"
 		to="https://www.demandbase.com/" />
 
-	<rule from="^http://(api|demandbase|leads)\.demandbase\.com/"
-		to="https://$1.demandbase.com/" />
+	<!--rule from="^http://support.demandbase.com/.*"
+		to="https://demandbase.zendesk.com/hc" /-->
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Demand-Media-mismatches.xml b/src/chrome/content/rules/Demand-Media-mismatches.xml
deleted file mode 100644
index 97f424d647db..000000000000
--- a/src/chrome/content/rules/Demand-Media-mismatches.xml
+++ /dev/null
@@ -1,63 +0,0 @@
-<!--
-	For rules that are on by default, see Demand-Media.xml.
-
--->
-<ruleset name="Demand Media (mismatches)" default_off="mismatch">
-
-	<target host="blogburst.com" />
-	<target host="www.blogburst.com" />
-	<!--	Akamai
-				-->
-	<target host="i.crackedcdn.com" />
-	<!--
-		Moved to EdgeCast, so no longer works :(
-
-	<target host="cracked.com" />
-	<target host="*.cracked.com" /		-->
-	<!--
-		Akamai
-				-->
-	<target host="ir.demandmedia.com" />
-	<target host="photos2.demandmedia.com" />
-	<target host="create.demandstudios.com" />
-	<!--
-		Cert: greencar.com
-					-->
-	<target host="blog.golflink.com" />
-	<!--
-		Akamai
-				-->
-	<target host="trails.com" />
-	<target host="*.trails.com" />
-	<target host="typef.com" />
-	<target host="*.typef.com" />
-
-
-	<securecookie host="^blog\.golflink\.com$" name=".+" />
-	<securecookie host="^(?:.*\.)?(?:trails|typef)\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?blogburst\.com/"
-		to="https://blogburst.com/" />
-
-	<rule from="^http://i\.crackedcdn\.com/"
-		to="https://i.crackedcdn.com/" />
-
-	<!--	Moved to EdgeCast and so broke
-
-	<rule from="^http://(?:www\.)?cracked\.com/"
-		to="https://www.cracked.com/" /		-->
-
-	<rule from="^http://ir\.demandmedia\.com/"
-		to="https://ir.demandmedia.com/" />
-
-	<rule from="^http://create\.demandstudios\.com/"
-		to="https://create.demandstudios.com/" />
-
-	<rule from="^http://blog\.golflink\.com/"
-		to="https://blog.golflink.com/" />
-
-	<rule from="^http://(?:(?:cdn-)?www\.)?t(rails|ypef)\.com/"
-		to="https://www.t$1.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Demand-Media.xml b/src/chrome/content/rules/Demand-Media.xml
index 8d131320e814..493e82beb33d 100644
--- a/src/chrome/content/rules/Demand-Media.xml
+++ b/src/chrome/content/rules/Demand-Media.xml
@@ -1,94 +1,31 @@
 <!--
-	For problematic rules, see Demand-Media-mismatches.xml.
-
-
 	Other Demand Media rulesets:
-
-		- Enom.xml
-		- ENomCentral.xml
-		- Registryrocket.com.xml
-
-
-	CDN buckets:
-
-		- s3.amazonaws.com/uploadedimages.demandmedia/
-
-		- wac.5008.edgecastcdn.net/??5008/
-
-			- www.cracked.com
-
-		- i.crackedcdn.com.edgesuite.net
-
-
-	Problematic domains:
-
-		- (www.)blogburst.com		(works; mismatched, CN: www.demandstudios.com)
-		- cracked.com			(works, expired 2012-09-02)
-		- create.demandstudios.com	(works; mismatched, CN: *.sqsp.com)
-		- photos2.demandstudios.com	(works, akamai)
-
-
-	Nonfunctional domains:
-
-		- www.cracked.com		(400; mismatched, CN: gp1.wac.edgecastcdn.net)
+		+ Cracked.com.xml
+		+ CrackedCDN.com.xml
+		+ DemandStudios.com.xml
+		+ ENomCentral.xml
+		+ Enom.xml
+		+ GolfLink.com.xml
+		+ GolfLink.net.xml
+		+ Registryrocket.com.xml
+		+ Trails.com.xml
+		+ glimg.net.xml
+
+	Non-functional hosts
+		SSL peer certificate was not OK:
 		- demandmedia.com
-		- cdn-www.demandmedia.com	(503, akamai)
+		- cdn-www.demandmedia.com
+		- ir.demandmedia.com
 		- new.demandmedia.com
-		- www.demandmedia.com		(503, akamai)
-
-
-	Fully covered domains:
-
+		- photos.demandmedia.com
+		- photos1.demandmedia.com
+		- photos2.demandmedia.com
 		- rma.demandmedia.com
-
 -->
-<ruleset name="Demand Media (partial)" platform="mixedcontent">
-
-	<!--	*img.net/:	Akamai
-				-->
-	<target host="*.demandmedia.com" />
-	<target host="demandstudios.com" />
-	<target host="*.demandstudios.com" />
-	<target host="*.dmtracker.com" />
-	<target host="*.glimg.net" />
-	<target host="golflink.com" />
-	<target host="*.golflink.com" />
-	<target host="golflink.net" />
-	<target host="www.golflink.net" />
-	<target host="greencar.com" />
-	<target host="*.greencar.com" />
-	<target host="livestrong.com" />
-	<target host="*.livestrong.com" />
-	<target host="i.lsimg.net" />
-
-
-	<securecookie host="^vs\.demandmedia\.com$" name=".+" />
-	<securecookie host="^(?:.*\.)?demandstudios\.com$" name=".+" />
-	<securecookie host="^.*\.dmtracker\.com$" name=".+" />
-	<securecookie host="^www\.golflink\.com$" name=".+" />
-	<securecookie host="^(?:.*\.)?greencar\.com$" name=".+" />
-	<securecookie host="^(?:.*\.)?livestrong\.org$" name=".+" />
-
-
-	<rule from="^http://(rma|vs)\.demandmedia\.com/"
-		to="https://$1.demandmedia.com/" />
-
-	<rule from="^http://((?:cdn-)?(?:staging|www)\.)?demandstudios\.com/"
-		to="https://$1demandstudios.com/" />
-
-	<rule from="^http://(extended|vs)\.dmtracker\.com/"
-		to="https://$1.dmtracker.com/" />
-
-	<rule from="^http://(?:(?:cdn-www\.)?golflink\.com|(?:www\.)?golflink\.net|u?i\.glimg\.net)/"
-		to="https://www.golflink.com/" />
-
-	<rule from="^http://(?:(?:cdn-)?www\.)?greencar\.com/"
-		to="https://www.greencar.com/" />
-
-	<rule from="^http://(?:livestrong\.com|i\.lsimg\.net)/"
-		to="https://www.livestrong.com/" />
+<ruleset name="Demand Media (partial)">
+	<target host="www.demandmedia.com" />
 
-	<rule from="^http://www\.livestrong\.com/(login/|remind/|register/|shop(?:$|\?))"
-		to="https://www.livestrong.com/$1" />
+	<securecookie host=".+" name=".+" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Demand-Progress.xml b/src/chrome/content/rules/Demand-Progress.xml
deleted file mode 100644
index a9e3f2452a09..000000000000
--- a/src/chrome/content/rules/Demand-Progress.xml
+++ /dev/null
@@ -1,26 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- blog		(reset)
-		- (www.)	(cert: *.jottit.com; redirects there)
-
--->
-<ruleset name="Demand Progress (partial)">
-
-	<target host="demandprogress.org" />
-	<target host="*.demandprogress.org" />
-
-
-	<securecookie host="^act\.demandprogress\.org$" name=".*" />
-
-
-	<rule from="^http://(?:www\.)?demandprogress\.org/(cs|image)s/"
-		to="https://s3.amazonaws.com/s3.demandprogress.org/$1s/" />
-
-	<rule from="^http://act\.demandprogress\.org/"
-		to="https://act.demandprogress.org/" />
-
-	<rule from="^http://s3\.demandprogress\.org/"
-		to="https://s3.amazonaws.com/s3.demandprogress.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/DemandProgress.org.xml b/src/chrome/content/rules/DemandProgress.org.xml
new file mode 100644
index 000000000000..9dc1b4590c38
--- /dev/null
+++ b/src/chrome/content/rules/DemandProgress.org.xml
@@ -0,0 +1,26 @@
+<!--
+	CDN buckets:
+
+		- s3.demandprogress.org.s3.amazonaws.com
+		- d3si65a7to6ipq.cloudfront.net
+
+	No working URL known:
+		blog.demandprogress.org
+		s3.demandprogress.org
+		o.demandprogress.org
+		o12.list.demandprogress.org
+		outbound.list.demandprogress.org
+
+-->
+<ruleset name="Demand Progress">
+
+	<target host="demandprogress.org" />
+	<target host="www.demandprogress.org" />
+	<target host="act.demandprogress.org" />
+
+	<securecookie host="^(?:act)?\.demandprogress\.org$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DemandStudios.com.xml b/src/chrome/content/rules/DemandStudios.com.xml
new file mode 100644
index 000000000000..afa48cdff586
--- /dev/null
+++ b/src/chrome/content/rules/DemandStudios.com.xml
@@ -0,0 +1,23 @@
+<!--
+	For other Demand Media coverage, see Demand-Media.xml.
+
+	Non-functional hosts
+		Couldn't connect to server:
+		- create.demandstudios.com
+
+		Timeout was reached:
+		- demandstudios.com
+		- www.demandstudios.com
+		- cdn-staging.demandstudios.com
+
+		SSL peer certificate was not OK:
+		- cdn-write.demandstudios.com
+		- new.demandmedia.com
+		- write.demandstudios.com
+-->
+<ruleset name="DemandStudios.com" default_off="timeout">
+	<target host="demandstudios.com" />
+	<target host="www.demandstudios.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Demandware-mismatches.xml b/src/chrome/content/rules/Demandware-mismatches.xml
index bf7079986883..059cb8302fe2 100644
--- a/src/chrome/content/rules/Demandware-mismatches.xml
+++ b/src/chrome/content/rules/Demandware-mismatches.xml
@@ -1,9 +1,9 @@
-<ruleset name="Demandware (mismatches)" default_off="mismatch" platform="mixedcontent">
+<ruleset name="Demandware.com (mismatches)" default_off="mismatched" platform="mixedcontent">
 
 	<!--	Akamai	-->
 	<target host="investors.demandware.com"/>
 
-	<rule from="^http://investors\.demandware\.com/"
-		to="https://investors.demandware.com/"/>
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Demandware.xml b/src/chrome/content/rules/Demandware.xml
index a5a58c3a4695..242f30382f2a 100644
--- a/src/chrome/content/rules/Demandware.xml
+++ b/src/chrome/content/rules/Demandware.xml
@@ -1,26 +1,61 @@
-<!--	bucket: demandware.edgesuite.net/aabl_prd/on/demandware.static/
--->
-<ruleset name="Demandware (partial)" platform="mixedcontent">
 
-	<target host="demandware.com"/>
-	<target host="*.demandware.com"/>
-	<target host="demandware.net"/>
-	<target host="*.demandware.net"/>
-	<!--	Akamai	-->
-	<target host="demandware.edgesuite.net"/>
+<!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Fetch error: http://blog.demandware.com/ => https://blog.demandware.com/: (51, "SSL: no alternative certificate subject name matches target host name 'blog.demandware.com'")
+Fetch error: http://investors.demandware.com/ => https://investors.demandware.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://solutions.demandware.com/ => https://solutions.demandware.com/: (28, 'Connection timed out after 20000 milliseconds')
+
+	Other Demandware rulesets:
+
+		- cquotient.com.xml
+
+
+	bucket: demandware.edgesuite.net/aabl_prd/on/demandware.static/
+
+
+	Nonfunctional hosts in *demandware.com:
+
+		- calendar: Invalid certificate
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- demandware.com
+		- www.demandware.com
+		- xchange.demandware.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Images on (www.)? from www.demandware.com *
+
+	* Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Demandware.com (partial)">
 
-	<securecookie host="^(.*\.)?demandware\.com$" name=".*"/>
+	<target host="demandware.com" />
+	<target host="www.demandware.com" />
+		<test url="http://www.demandware.com/contact" />
+		<test url="http://www.demandware.com/events" />
+	<target host="account.demandware.com" />
+	<!-- target host="blog.demandware.com" /-->
+	<target host="documentation.demandware.com" />
+	<!-- target host="investors.demandware.com" /-->
+	<!-- target host="solutions.demandware.com" /-->
+	<target host="xchange.demandware.com"/>
 
-	<rule from="^http://(www\.)?demandware\.(?:com|net)/"
-		to="https://$1demandware.com/"/>
 
-	<rule from="^http://(labs|xchange)\.demandware\.com/"
-		to="https://$1.demandware.com/"/>
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?demandware\.com$" name="^(PHPSESSID|exp_csrf_token|exp_last_activity|exp_last_visit|exp_stashid|exp_tracker)$" /-->
+	<!--securecookie host="^xchange\.demandware\.com$" name="^(BIGipServerpool\w.]+|JSESSIONID|jive\.security\.context)$" /-->
 
-	<rule from="^http://sits-pod(\d+)\.demandware\.net/"
-		to="https://sits-pod$1.demandware.net/"/>
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://demandware\.edgesuite\.net/aabl_prd/on/demandware\.static/"
-		to="https://labs.demandware.com/on/demandware.static/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Demdex.net.xml b/src/chrome/content/rules/Demdex.net.xml
new file mode 100644
index 000000000000..2f9821586fa3
--- /dev/null
+++ b/src/chrome/content/rules/Demdex.net.xml
@@ -0,0 +1,42 @@
+<!--
+	For other Adobe coverage, see Adobe.xml.
+
+
+	CDN buckets:
+
+		- a248.e.akamai.net/demdex.download.akamai.com/
+
+
+	Fully covered domains:
+
+		- *.demdex.net		(per-client subdomains serving web bugs)
+
+
+	Insecure cookies are set for these domains:
+
+		- .demdex.net
+		- .dpm.demdex.net
+
+
+	If we are going to include ads and tracking info, let's at least do it by https.
+
+-->
+<ruleset name="Demdex.net">
+
+	<target host="*.demdex.net" />
+
+		<test url="http://dpm.demdex.net/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="\.demdex\.net$" name="^demdex$" /-->
+	<!--securecookie host="\.dpm\.demdex\.net$" name="^(DexLifeCycle|dexoo|dpm)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Demisexuality.org.xml b/src/chrome/content/rules/Demisexuality.org.xml
new file mode 100644
index 000000000000..6058f4997f80
--- /dev/null
+++ b/src/chrome/content/rules/Demisexuality.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="Demisexuality.org">
+	<target host="demisexuality.org" />
+	<target host="www.demisexuality.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/Demisto.com.xml b/src/chrome/content/rules/Demisto.com.xml
new file mode 100644
index 000000000000..9c2b13b03dd7
--- /dev/null
+++ b/src/chrome/content/rules/Demisto.com.xml
@@ -0,0 +1,23 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://blog.demisto.com/ => https://blog.demisto.com/: (51, "SSL: no alternative certificate subject name matches target host name 'blog.demisto.com'")
+
+	These altnames don't exist:
+
+		- www.blog.demisto.com
+
+-->
+<ruleset name="Demisto.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="demisto.com" />
+	<target host="blog.demisto.com" />
+	<target host="www.demisto.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DemocracyInAction.xml b/src/chrome/content/rules/DemocracyInAction.xml
deleted file mode 100644
index 216b248fece0..000000000000
--- a/src/chrome/content/rules/DemocracyInAction.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="DemocracyInAction">
-
-	<target host="democracyinaction.org" />
-	<target host="*.democracyinaction.org" />
-
-
-	<securecookie host="^(?:.*\.)?democracyinaction\.org$" name=".+" />
-
-
-	<rule from="^http://((?:caf|hq-org2|hq-salsa|org2|salsa|secure|www2?)\.)?democracyinaction\.org/"
-		to="https://$1democracyinaction.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/DemocracyNow.xml b/src/chrome/content/rules/DemocracyNow.xml
index d05df80e87e5..61bf327e75f2 100644
--- a/src/chrome/content/rules/DemocracyNow.xml
+++ b/src/chrome/content/rules/DemocracyNow.xml
@@ -1,20 +1,27 @@
-<!--	!functional:
-		- m.democracynow.org
+<!--
+	CDN buckets:
 
+		- dncdn.dvlabs.com
 
-	Partially covered subdomains:
 
-		- (www.)	(some [most?] pages redirect to http)
+	Nonfunctional subdomains:
+
+		- m ʳ
+
+	ʳ Refused
 
 -->
-<ruleset name="DemocracyNow (partial)">
+<ruleset name="DemocracyNow.org (partial)">
 
 	<target host="democracynow.org"/>
+	<target host="assets.democracynow.org"/>
+	<target host="ewheel.democracynow.org"/>
 	<target host="www.democracynow.org"/>
-		<!--exclusion pattern="^http://(?:www\.)?democracynow\.com/(?:$|\?|\d{4}/\d\d/\d\d/\w+/(?:/?$|\?))" /-->
 
-	<rule from="^http://(www\.)?democracynow\.org/(donate|images|resources|stylesheets)($|\?|/)"
-		to="https://$1democracynow.org/$2$3"/>
+		<test url="http://assets.democracynow.org/assets/icons/download-icon-a959dd650444e07f4d36c3d1aa36e308f08e04b99bd1190e2167d7c338bffa18.png" />
 
-</ruleset>
 
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Democrat_and_Chronicle.xml b/src/chrome/content/rules/Democrat_and_Chronicle.xml
index 890fa84a6d54..890df88ca889 100644
--- a/src/chrome/content/rules/Democrat_and_Chronicle.xml
+++ b/src/chrome/content/rules/Democrat_and_Chronicle.xml
@@ -1,4 +1,6 @@
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://democratandchronicle.com/ => https://www.democratandchronicle.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.democratandchronicle.com'")
 	For other Gannett Company coverage, see Gannett-Company.xml.
 
 
@@ -9,9 +11,12 @@
 			- feeds		(redirects to ipad; mismatched, CN: roctoday.democratandchronicle.com)
 			- rocdocs	(no https)
 			- tablet	(403, akamai)
+      - localshopping (403)
 
 		- democratandchronicle.gannettonline.com
-
+    - meetthebabies.democratandchronicle.com (no alternative SSL cert)
+    - roctoday.democratandchronicle.com (host unresolved)
+    - findnsave.democratandchronicle.com (no alternative SSL cert)
 
 	Problematic subdomains:
 
@@ -19,8 +24,6 @@
 		- cmsimg		(503, akamai)
 		- findnsave		(pages redirect to http; mismatched, CN: *.findnsave.com)
 		- ipad			(works; mismatched, CN: roctoday.democratandchronicle.com)
-		- localshopping		(works; mismatched, CN: *.shoplocal.com)
-
 
 	Mixed images from:
 
@@ -30,12 +33,17 @@
 
 	No insecure css nor scripts.
 
+  Timeout
+    - classifieds
+
 -->
 <ruleset name="Democrat and Chronicle (partial)">
 
 	<target host="democratandchronicle.com" />
-	<target host="*.democratandchronicle.com" />
-
+	<target host="cmsimg.democratandchronicle.com" />
+	<target host="www.democratandchronicle.com" />
+	<target host="closings.democratandchronicle.com" />
+	<target host="offers.democratandchronicle.com" />
 
 	<!--	Cookie domains:
 
@@ -46,17 +54,9 @@
 						-->
 	<securecookie host=".*\.democratandchronicle\.com$" name=".+" />
 
-
 	<rule from="^http://(?:cmsimg\.|www\.)?democratandchronicle\.com/"
 		to="https://www.democratandchronicle.com/" />
 
-	<rule from="^http://(classifieds|closings|meetthebabies|offers|roctoday)\.democratandchronicle\.com/"
-		to="https://$1.democratandchronicle.com/" />
-
-	<rule from="^http://findnsave\.democratandchronicle\.com/static/"
-		to="https://democratchronicle.findnsave.com/static/" />
-
-	<rule from="^http://localshopping\.democratandchronicle\.com/Content/"
-		to="https://localshopping.shoplocal.com/Content/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Democrats.org.xml b/src/chrome/content/rules/Democrats.org.xml
new file mode 100644
index 000000000000..2cfbde20a2fd
--- /dev/null
+++ b/src/chrome/content/rules/Democrats.org.xml
@@ -0,0 +1,57 @@
+<!--
+	See also DNC.org.xml.
+
+	Invalid certificate:
+		- dtmc.democrats.org
+
+	No working URL known:
+		- centrodevotacion.democrats.org
+		- convention.democrats.org
+		- ppapi.democrats.org
+
+	Time out:
+		- asdc.democrats.org
+		- developers.democrats.org
+		- directory.democrats.org
+		- factivists.democrats.org
+
+-->
+<ruleset name="Democrats.org">
+	<target host="democrats.org" />
+	<target host="www.democrats.org" />
+	<target host="2012.democrats.org" />
+		<test url="http://2012.democrats.org/page/unsubscribe" />
+	<target host="acquisitions.democrats.org" />
+	<target host="asdcdocs.democrats.org" />
+	<target host="assets.democrats.org" />
+		<test url="http://assets.democrats.org/frontend/dnc-2014/js/min/mod-core-top.min.js" />
+	<target host="commandhub.democrats.org" />
+	<target host="fbconnect.democrats.org" />
+	<target host="fileshare.democrats.org" />
+	<target host="finance.democrats.org" />
+		<test url="http://finance.democrats.org/page/contribute/FinanceOperations" />
+	<target host="future.democrats.org" />
+	<target host="impact.democrats.org" />
+	<target host="internships.democrats.org" />
+	<target host="ivy.democrats.org" />
+	<target host="live.democrats.org" />
+	<target host="makecalls.democrats.org" />
+	<target host="marketing.democrats.org" />
+		<test url="http://marketing.democrats.org/page/unsubscribe" />
+	<target host="my.democrats.org" />
+	<!-- myvote hosts graphics generated from https://democrats.org/my-vote -->
+	<target host="myvote.democrats.org" />
+	<target host="pollingplaces.democrats.org" />
+	<target host="rebuild.democrats.org" />
+	<target host="store.democrats.org" />
+	<target host="trumpaccountability.democrats.org" />
+	<target host="trumpconspiracies.democrats.org" />
+	<target host="uploads.democrats.org" />
+		<test url="http://uploads.democrats.org/Downloads/DVTF_FinalReport.pdf" />
+	<target host="victory2016.democrats.org" />
+		<test url="http://victory2016.democrats.org/page/s/florida-summer-fellow" />
+	<!-- wontvotefortrump hosts graphics (formerly?) generated from https://democrats.org/my-vote -->
+	<target host="wontvotefortrump.democrats.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Demonii.com.xml b/src/chrome/content/rules/Demonii.com.xml
new file mode 100644
index 000000000000..4225b11e03ee
--- /dev/null
+++ b/src/chrome/content/rules/Demonii.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="Demonii.com">
+
+	<target host="demonii.com" />
+	<target host="www.demonii.com" />
+
+
+	<securecookie host="^\.demonii\.com$" name="^__cfduid$" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Demonsaw.com.xml b/src/chrome/content/rules/Demonsaw.com.xml
new file mode 100644
index 000000000000..aed9d47ec56c
--- /dev/null
+++ b/src/chrome/content/rules/Demonsaw.com.xml
@@ -0,0 +1,53 @@
+<!--
+	NB: Tor users cannot view* this website due to CloudFlare settings.
+
+	See:
+
+		- https://blog.torproject.org/blog/call-arms-helping-internet-services-accept-anonymous-users
+		- https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block-Tor-
+		- https://support.cloudflare.com/hc/en-us/articles/200170206-How-do-I-turn-I-m-Under-Attack-mode-on-
+
+	* without enabling javascript, for security and privacy implications see e.g.:
+
+		- https://www.mozilla.org/security/known-vulnerabilities/firefox.html
+		- https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-fingerprinting
+		- https://panopticlick.eff.org
+
+
+	Nonfunctional hosts in *demonsaw.com:
+
+		- mail ᶠ
+
+	ᶠ Handshake fails
+
+
+	Insecure cookies are set for these domains:
+
+		- .demonsaw.com
+
+
+	Mixed content:
+
+		- css on (www.)? from fonts.googleapis.com ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="demonsaw.com (partial)">
+
+	<target host="demonsaw.com" />
+	<target host="docs.demonsaw.com" />
+	<target host="www.demonsaw.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.demonsaw\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Demos.ru.xml b/src/chrome/content/rules/Demos.ru.xml
new file mode 100644
index 000000000000..5c19b49268a7
--- /dev/null
+++ b/src/chrome/content/rules/Demos.ru.xml
@@ -0,0 +1,11 @@
+<!--(www.)? mismatch
+security. self signed
+support. self signed
+ddt. mismatch
+news. refused-->
+<ruleset name="Demos.ru (partial)">
+	<target host="reg.demos.ru" />
+	<target host="mx.demos.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Demosisto.hk.xml b/src/chrome/content/rules/Demosisto.hk.xml
new file mode 100644
index 000000000000..7ccd0578a4ff
--- /dev/null
+++ b/src/chrome/content/rules/Demosisto.hk.xml
@@ -0,0 +1,9 @@
+<ruleset name="Demosisto.hk">
+	<target host="demosisto.hk" />
+	<target host="www.demosisto.hk" />
+	<test url="http://www.demosisto.hk/assets/img/logo.2016041341.png" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Denfri.dk.xml b/src/chrome/content/rules/Denfri.dk.xml
new file mode 100644
index 000000000000..fcd56e7dc234
--- /dev/null
+++ b/src/chrome/content/rules/Denfri.dk.xml
@@ -0,0 +1,19 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://denfri.dk/ => https://denfri.dk/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.denfri.dk/ => https://www.denfri.dk/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="Denfri.dk" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="denfri.dk" />
+	<target host="www.denfri.dk" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Dengisend.ru.xml b/src/chrome/content/rules/Dengisend.ru.xml
new file mode 100644
index 000000000000..f763af3f3d5b
--- /dev/null
+++ b/src/chrome/content/rules/Dengisend.ru.xml
@@ -0,0 +1,42 @@
+<ruleset name="Dengisend.ru">
+	<target host="dengisend.ru" />
+	<target host="www.dengisend.ru" />
+	<target host="albank.dengisend.ru" />
+	<target host="alexbank.dengisend.ru" />
+	<target host="bank-enisey.dengisend.ru" />
+	<target host="bankofkazan.dengisend.ru" />
+	<target host="bankorange.dengisend.ru" />
+	<target host="bcs.dengisend.ru" />
+	<target host="clcorp.dengisend.ru" />
+	<target host="dombank.dengisend.ru" />
+	<target host="forebank.dengisend.ru" />
+	<target host="ibam.dengisend.ru" />
+	<target host="izhcombank.dengisend.ru" />
+	<target host="kamkombank.dengisend.ru" />
+	<target host="kibank.dengisend.ru" />
+	<target host="kuzbank.dengisend.ru" />
+	<target host="mpbbank.dengisend.ru" />
+	<target host="novikom.dengisend.ru" />
+	<target host="nsbank.dengisend.ru" />
+	<target host="onlime.dengisend.ru" />
+	<target host="oplataprosto.dengisend.ru" />
+	<target host="pchrb.dengisend.ru" />
+	<target host="pibank.dengisend.ru" />
+	<target host="pin-card.dengisend.ru" />
+	<target host="rgsbank.dengisend.ru" />
+	<target host="rgsbankmobile.dengisend.ru" />
+	<target host="rosinterbank.dengisend.ru" />
+	<target host="rt-iframe.dengisend.ru" />
+	<target host="rt.dengisend.ru" />
+	<target host="rtsbank.dengisend.ru" />
+	<target host="sbbank.dengisend.ru" />
+	<target host="slavcred.dengisend.ru" />
+	<target host="sputnik.dengisend.ru" />
+	<target host="tavrich.dengisend.ru" />
+	<target host="vyborg-bank.dengisend.ru" />
+	<target host="yarbank.dengisend.ru" />
+	<target host="zenit.dengisend.ru" />
+	<target host="zkb.dengisend.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Denic.de.xml b/src/chrome/content/rules/Denic.de.xml
new file mode 100644
index 000000000000..1fdbdea67a61
--- /dev/null
+++ b/src/chrome/content/rules/Denic.de.xml
@@ -0,0 +1,21 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.secure.denic.de/ => https://www.secure.denic.de/: (6, 'Could not resolve host: www.secure.denic.de')
+
+	Announcement:
+		- https://denic.de/en/denic-in-dialogue/news/4079.html
+
+	Nonfunctional subdomains:
+		- secure     -> DNS resolve error
+-->
+<ruleset name="Denic.de" default_off="failed ruleset test">
+    <target host="denic.de" />
+    <target host="www.denic.de" />
+    <target host="www.secure.denic.de" />
+
+    <securecookie host="^(www\.)?(secure\.)?denic\.de$" name=".+" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Denik.cz.xml b/src/chrome/content/rules/Denik.cz.xml
new file mode 100644
index 000000000000..7ff507eadddc
--- /dev/null
+++ b/src/chrome/content/rules/Denik.cz.xml
@@ -0,0 +1,20 @@
+<!--
+	(www.)?: dropped
+
+
+	Mixed content:
+
+		- Images on g from $self *
+		- favicon on g from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Denik.cz (partial)">
+
+	<target host="g.denik.cz" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Denis_Matsuev.xml b/src/chrome/content/rules/Denis_Matsuev.xml
index 0c6f78683824..2569427a0359 100644
--- a/src/chrome/content/rules/Denis_Matsuev.xml
+++ b/src/chrome/content/rules/Denis_Matsuev.xml
@@ -1,13 +1,19 @@
-<ruleset name="Denis Matsuev">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://matsuev.com/ => https://matsuev.com/: (60, 'SSL certificate problem: self signed certificate')
+Fetch error: http://www.matsuev.com/ => https://www.matsuev.com/: (60, 'SSL certificate problem: self signed certificate')
+
+-->
+<ruleset name="Denis Matsuev" default_off="failed ruleset test">
 
 	<target host="matsuev.com" />
-	<target host="*.matsuev.com" />
+	<target host="www.matsuev.com" />
 
 
 	<securecookie host="^\.matsuev\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?matsuev\.com/"
-		to="https://$1matsuev.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Dennikn.sk.xml b/src/chrome/content/rules/Dennikn.sk.xml
new file mode 100644
index 000000000000..e5fbf7e2dd65
--- /dev/null
+++ b/src/chrome/content/rules/Dennikn.sk.xml
@@ -0,0 +1,8 @@
+<ruleset name="Dennikn.sk">
+  <target host="dennikn.sk" />
+  <target host="www.dennikn.sk" />
+  <target host="noviny.dennikn.sk" />
+  <target host="predplatne.dennikn.sk" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Denso_Wave.xml b/src/chrome/content/rules/Denso_Wave.xml
index 525becffedfe..9d196e329146 100644
--- a/src/chrome/content/rules/Denso_Wave.xml
+++ b/src/chrome/content/rules/Denso_Wave.xml
@@ -1,4 +1,6 @@
 <!--
+Automatically by https-everywhere-checker because:
+Fetch error: http://denso-wave.com/ => https://www.denso-wave.com/: (6, 'Could not resolve host: denso-wave.com')
 	Cert only matches www.
 
 -->
@@ -11,7 +13,7 @@
 	<securecookie host="^www\.denso-wave\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?denso-wave\.com/"
+	<rule from="^http://(?:www\.)?denso-wave\.com/"
 		to="https://www.denso-wave.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/DepartmentofEducation.xml b/src/chrome/content/rules/DepartmentofEducation.xml
new file mode 100644
index 000000000000..eda0e32c2ef6
--- /dev/null
+++ b/src/chrome/content/rules/DepartmentofEducation.xml
@@ -0,0 +1,7 @@
+<ruleset name="Department of Education">
+	<target host="education.gov.au" />
+	<target host="www.education.gov.au" />
+
+	<rule from="^http://(?:www\.)?education\.gov\.au/"
+		to="https://www.education.gov.au/" />
+</ruleset>
diff --git a/src/chrome/content/rules/DepartmentofEmployment.xml b/src/chrome/content/rules/DepartmentofEmployment.xml
new file mode 100644
index 000000000000..a9d0f224c6d4
--- /dev/null
+++ b/src/chrome/content/rules/DepartmentofEmployment.xml
@@ -0,0 +1,7 @@
+<ruleset name="Department of Employment">
+	<target host="employment.gov.au" />
+	<target host="www.employment.gov.au" />
+	<target host="ministers.employment.gov.au" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/DepartmentofForeignAffairsandTrade.xml b/src/chrome/content/rules/DepartmentofForeignAffairsandTrade.xml
new file mode 100644
index 000000000000..c642bebad117
--- /dev/null
+++ b/src/chrome/content/rules/DepartmentofForeignAffairsandTrade.xml
@@ -0,0 +1,18 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://dfat.gov.au/ => https://www.dfat.gov.au/: Too many redirects while fetching 'https://www.dfat.gov.au/'
+
+-->
+<ruleset name="Department of Foreign Affairs and Trade" default_off="failed ruleset test">
+	<target host="dfat.gov.au" />
+	<target host="www.dfat.gov.au" />
+	<target host="orao.dfat.gov.au" />
+	<target host="www.orao.dfat.gov.au" />
+
+	<rule from="^http://(?:www\.)?dfat\.gov\.au/"
+		to="https://www.dfat.gov.au/" />
+
+	<rule from="^http://(?:www\.)?orao\.dfat\.gov\.au/"
+		to="https://www.orao.dfat.gov.au/" />
+</ruleset>
diff --git a/src/chrome/content/rules/DepartmentofImmigrationandBorderProtection.xml b/src/chrome/content/rules/DepartmentofImmigrationandBorderProtection.xml
new file mode 100644
index 000000000000..fce21c873c74
--- /dev/null
+++ b/src/chrome/content/rules/DepartmentofImmigrationandBorderProtection.xml
@@ -0,0 +1,25 @@
+<!--
+
+	Problematic hosts in *border.gov.au:
+
+		- ^ (http 400 over https)
+		- trs (http only)
+		- minister (timeout over https)
+		- newsroom (http only)
+
+-->
+<ruleset name="Department of Immigration and Border Protection">
+
+	<target host="border.gov.au" />
+	<target host="www.border.gov.au" />
+	<target host="appointments.border.gov.au" />
+	<target host="enable.border.gov.au" />
+	<target host="migrationblog.border.gov.au" />
+
+	<rule from="^http://border\.gov\.au/"
+		to="https://www.border.gov.au/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DepartmentofInfrastructureandRegionalDevelopment.xml b/src/chrome/content/rules/DepartmentofInfrastructureandRegionalDevelopment.xml
new file mode 100644
index 000000000000..0ef278abc63b
--- /dev/null
+++ b/src/chrome/content/rules/DepartmentofInfrastructureandRegionalDevelopment.xml
@@ -0,0 +1,7 @@
+<ruleset name="Department of Infrastructure and Regional Development">
+	<target host="infrastructure.gov.au" />
+	<target host="www.infrastructure.gov.au" />
+
+	<rule from="^http://(?:www\.)?infrastructure\.gov\.au/"
+		to="https://www.infrastructure.gov.au/" />
+</ruleset>
diff --git a/src/chrome/content/rules/Dephormation.org.uk.xml b/src/chrome/content/rules/Dephormation.org.uk.xml
index dc1ff15b571f..db33a2f91c13 100644
--- a/src/chrome/content/rules/Dephormation.org.uk.xml
+++ b/src/chrome/content/rules/Dephormation.org.uk.xml
@@ -3,4 +3,4 @@
 	<target host="www.dephormation.org.uk" />
 
 	<rule from="^http://(?:www\.)?dephormation\.org\.uk/" to="https://www.dephormation.org.uk/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Depkatalog.no.xml b/src/chrome/content/rules/Depkatalog.no.xml
new file mode 100644
index 000000000000..d2a8620ec146
--- /dev/null
+++ b/src/chrome/content/rules/Depkatalog.no.xml
@@ -0,0 +1,10 @@
+<ruleset name="Depkatalog.no">
+
+	<target host="depkatalog.no" />
+	<target host="www.depkatalog.no" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Deposit-Files.xml b/src/chrome/content/rules/Deposit-Files.xml
index 4f5fec1513c4..323a4d2f2aac 100644
--- a/src/chrome/content/rules/Deposit-Files.xml
+++ b/src/chrome/content/rules/Deposit-Files.xml
@@ -1,4 +1,9 @@
 <!--
+	Other Deposit Files rulesets:
+
+		- DFiles.eu.xml
+
+
 	Fully covered subdomains:
 
 		- static\d+:
@@ -19,12 +24,12 @@
 	<target host="depositfiles.com"/>
 	<target host="*.depositfiles.com"/>
 
-	<securecookie host="^(.*\.)?depositfiles\.com$" name=".*"/>
+	<securecookie host=".+" name=".+"/>
 
 	<rule from="^http://(static\d+\.|www\.)?depositfiles\.com/"
 		to="https://$1depositfiles.com/"/>
 
-	<rule from="^http://(ads|img3|ssl3)\.depositfiles\.com/"
+	<rule from="^http://(?:ads|img3|ssl3)\.depositfiles\.com/"
 		to="https://ssl3.depositfiles.com/"/>
 
 </ruleset>
diff --git a/src/chrome/content/rules/DepositProtection.xml b/src/chrome/content/rules/DepositProtection.xml
index 34f7e4418dff..906ac9cd72c4 100644
--- a/src/chrome/content/rules/DepositProtection.xml
+++ b/src/chrome/content/rules/DepositProtection.xml
@@ -1,8 +1,29 @@
-<ruleset name="DepositProtection">
-  <target host="depositprotection.com" />
-  <target host="www.depositprotection.com" />
+<!--
+	These altnames do not exist:
 
-  <securecookie host="^(.+\.)?depositprotection\.com$" name=".*"/>
+		- depositprotection.com
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.depositprotection.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="DepositProtection.com">
+
+	<target host="www.depositprotection.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.depositprotection\.com$" name="^(?:Computershare|TS[\da-f]{8})$" /-->
+
+	<securecookie host=".\.depositprotection\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
-  <rule from="^http://(?:www\.)?depositprotection\.com/" to="https://www.depositprotection.com/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/Depressionforums.org.xml b/src/chrome/content/rules/Depressionforums.org.xml
new file mode 100644
index 000000000000..dc865e61d01f
--- /dev/null
+++ b/src/chrome/content/rules/Depressionforums.org.xml
@@ -0,0 +1,16 @@
+<!--
+	Secure connection failed:
+	- whitedowns.depressionforums.org
+
+-->
+<ruleset name="depressionforums.org" platform="mixedcontent">
+	<target host="depressionforums.org" />
+	<target host="www.depressionforums.org" />
+	<target host="dftest3.depressionforums.org" />
+	<target host="mail.depressionforums.org" />
+	<target host="patientexperiences.depressionforums.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Deprexis.xml b/src/chrome/content/rules/Deprexis.xml
index 7511906bb8e3..58fd6201d606 100644
--- a/src/chrome/content/rules/Deprexis.xml
+++ b/src/chrome/content/rules/Deprexis.xml
@@ -1,19 +1,25 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://system3.deprexis.com/ => https://system3.deprexis.com/: (6, 'Could not resolve host: system3.deprexis.com')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://deprexis.com/ => https://deprexis.com/: (51, "SSL: no alternative certificate subject name matches target host name 'deprexis.com'")
 	Nonfunctional domains:
 
 		- (www.)deprexis.eu	(refused)
 
 -->
-<ruleset name="deprexis (partial)">
+<ruleset name="deprexis (partial)" default_off="failed ruleset test">
 
 	<target host="deprexis.com" />
-	<target host="*.deprexis.com" />
+	<target host="system3.deprexis.com" />
+	<target host="www.deprexis.com" />
 
 
 	<securecookie host="^.*\.deprexis\.com$" name=".+" />
 
 
-	<rule from="^http://(system3\.|www\.)?deprexis\.com/"
-		to="https://$1deprexis.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Deprogressive.dk.xml b/src/chrome/content/rules/Deprogressive.dk.xml
new file mode 100644
index 000000000000..8cb2f3632816
--- /dev/null
+++ b/src/chrome/content/rules/Deprogressive.dk.xml
@@ -0,0 +1,9 @@
+<ruleset name="Deprogressive.dk">
+
+	<target host="deprogressive.dk" />
+	<target host="www.deprogressive.dk" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Der-Saechsische-Datenschutzbeauftragte.xml b/src/chrome/content/rules/Der-Saechsische-Datenschutzbeauftragte.xml
index e146545b54ff..aa69e47de08f 100644
--- a/src/chrome/content/rules/Der-Saechsische-Datenschutzbeauftragte.xml
+++ b/src/chrome/content/rules/Der-Saechsische-Datenschutzbeauftragte.xml
@@ -7,7 +7,6 @@
 	<securecookie host="^(?:www\.)?saechsdsb\.de$" name=".+" />
 
 
-	<rule from="^http://(www\.)?saechsdsb\.de/"
-		to="https://$1saechsdsb.de/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Der-preis-jaeger.de.xml b/src/chrome/content/rules/Der-preis-jaeger.de.xml
index c934ecb1723b..fb4cf4bb3038 100644
--- a/src/chrome/content/rules/Der-preis-jaeger.de.xml
+++ b/src/chrome/content/rules/Der-preis-jaeger.de.xml
@@ -1,4 +1,12 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://der-preis-jaeger.de/ => https://der-preis-jaeger.de/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.der-preis-jaeger.de/ => https://www.der-preis-jaeger.de/: (60, 'SSL certificate problem: certificate has expired')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://der-preis-jaeger.de/ => https://der-preis-jaeger.de/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.der-preis-jaeger.de/ => https://www.der-preis-jaeger.de/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 	Mixed content:
 
 		- Ads/web bugs, on www from:
@@ -7,13 +15,12 @@
 			- myclipster.com
 
 -->
-<ruleset name="der-preis-jaeger.de">
+<ruleset name="der-preis-jaeger.de" default_off="failed ruleset test">
 
 	<target host="der-preis-jaeger.de" />
 	<target host="www.der-preis-jaeger.de" />
 
 
-	<rule from="^http://(www\.)?der-preis-jaeger\.de/"
-		to="https://$1der-preis-jaeger.de/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Der_Keiler.com.xml b/src/chrome/content/rules/Der_Keiler.com.xml
new file mode 100644
index 000000000000..ffaff3a5a17e
--- /dev/null
+++ b/src/chrome/content/rules/Der_Keiler.com.xml
@@ -0,0 +1,21 @@
+<!--
+	Nonfunctional subdomains:
+
+		- (www.) *
+		- coding *
+		- linux *
+		- newsgroups *
+		- unix *
+
+	* Refused
+
+-->
+<ruleset name="Der Keiler.com (partial)">
+
+	<target host="cdn.derkeiler.com" />
+
+
+	<rule from="^http://cdn\.derkeiler\.com/"
+		to="https://d30uw9rfekksi5.cloudfront.net/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Derby.gov.uk.xml b/src/chrome/content/rules/Derby.gov.uk.xml
new file mode 100644
index 000000000000..74f4fe1414a0
--- /dev/null
+++ b/src/chrome/content/rules/Derby.gov.uk.xml
@@ -0,0 +1,35 @@
+<!--
+	Derby City Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+	Non-functional hosts
+		SSL connect error:
+		- childroadsafety.derby.gov.uk
+
+		4xx client error:
+		- testweb.derby.gov.uk
+
+		Secure connection redirects to plaintext:
+		- carehomes.derby.gov.uk
+		- cmis.derby.gov.uk
+		- maps.derby.gov.uk
+		- www.derby.gov.uk
+-->
+<ruleset name="Derby.gov.uk">
+	<target host="derby.gov.uk" />
+	<target host="booklibrarycomputer.derby.gov.uk" />
+	<target host="directtoyou.derby.gov.uk" />
+	<target host="docs.derby.gov.uk" />
+	<target host="eplanning.derby.gov.uk" />
+		<test url="http://eplanning.derby.gov.uk/online-applications/" />
+	<target host="hi4em.derby.gov.uk" />
+	<target host="info4derby.derby.gov.uk" />
+	<target host="leisurecourses.derby.gov.uk" />
+	<target host="remote.derby.gov.uk" />
+	<target host="secure.derby.gov.uk" />
+		<test url="http://secure.derby.gov.uk/parking/pages/home.aspx" />
+	<target host="sip.derby.gov.uk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Deredactie.be.xml b/src/chrome/content/rules/Deredactie.be.xml
new file mode 100644
index 000000000000..975fed86d28d
--- /dev/null
+++ b/src/chrome/content/rules/Deredactie.be.xml
@@ -0,0 +1,13 @@
+<!--
+	For other VRT coverage, see Vrt.be.xml
+
+	Refused:
+		www.deredactie.be
+-->
+<ruleset name="Deredactie.be">
+    <target host="deredactie.be" />
+    <target host="m.deredactie.be" />
+    <target host="hetvooruitzicht.deredactie.be" />
+
+    <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Derpiboo.ru.xml b/src/chrome/content/rules/Derpiboo.ru.xml
deleted file mode 100644
index d93c65fe8c97..000000000000
--- a/src/chrome/content/rules/Derpiboo.ru.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="Derpiboo.ru">
-<target host="derpiboo.ru"/>
-<target host="www.derpiboo.ru"/>
-<rule from="^http://(www\.)?derpiboo\.ru/" to="https://derpiboo.ru/"/>
-</ruleset>
-<!-- Rule generated by HTTPS Finder 0.86 -->
\ No newline at end of file
diff --git a/src/chrome/content/rules/Derpibooru.xml b/src/chrome/content/rules/Derpibooru.xml
new file mode 100644
index 000000000000..6279bcb36269
--- /dev/null
+++ b/src/chrome/content/rules/Derpibooru.xml
@@ -0,0 +1,23 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://img5.derpicdn.net/img/view/2015/1/18/808969.png => https://img5.derpicdn.net/img/view/2015/1/18/808969.png: (6, 'Could not resolve host: img5.derpicdn.net')
+
+-->
+<ruleset name="Derpibooru" default_off="failed ruleset test">
+    <target host="derpiboo.ru" />
+    <target host="www.derpiboo.ru" />
+    <target host="derpicdn.net" />
+    <target host="*.derpicdn.net" />
+
+    <rule from="^http:"
+          to="https:" />
+
+    <test url="http://derpicdn.net/img/view/2014/10/18/745596.png" />
+    <test url="http://img0.derpicdn.net/img/view/2013/10/27/458085.png" />
+    <test url="http://img1.derpicdn.net/img/view/2014/1/20/529727.gif" />
+    <test url="http://img2.derpicdn.net/img/view/2014/3/14/575310.png" />
+    <test url="http://img3.derpicdn.net/img/view/2013/3/17/272788.jpeg" />
+    <test url="http://img4.derpicdn.net/img/view/2014/10/17/744576.png" />
+    <test url="http://img5.derpicdn.net/img/view/2015/1/18/808969.png" />
+</ruleset>
diff --git a/src/chrome/content/rules/Derpy.me.xml b/src/chrome/content/rules/Derpy.me.xml
new file mode 100644
index 000000000000..f539eb923544
--- /dev/null
+++ b/src/chrome/content/rules/Derpy.me.xml
@@ -0,0 +1,37 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://piwik.derpy.me/ => https://piwik.derpy.me/: (6, 'Could not resolve host: piwik.derpy.me')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://piwik.derpy.me/ => https://piwik.derpy.me/: (60, 'SSL certificate problem: self signed certificate in certificate chain')
+	www doesn't exist.
+
+
+	Mixed content:
+
+		- bug on ^ from piwik *
+
+	* Secured by us
+
+-->
+<ruleset name="derpy.me" default_off="failed ruleset test">
+
+	<target host="derpy.me" />
+	<target host="piwik.derpy.me" />
+
+
+	<!--	Secured by server:
+					-->
+	<!--securecookie host="^piwik\.derpy\.me$" name="^PIWIK_SESSID$" /-->
+	<!--
+		Not secured by server:
+					-->
+	<!--securecookie host="^derpy\.me$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^derpy\.me$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DersVerilir.net.xml b/src/chrome/content/rules/DersVerilir.net.xml
index 8de8f32bc024..9a2e0592a626 100644
--- a/src/chrome/content/rules/DersVerilir.net.xml
+++ b/src/chrome/content/rules/DersVerilir.net.xml
@@ -1,17 +1,25 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .dersverilir.net
+
+-->
 <ruleset name="DersVerilir.net">
 
-	<target host="cdn.dersver.net" />
+	<!--	Direct rewrites:
+				-->
 	<target host="dersverilir.net" />
-	<target host="*.dersverilir.net" />
+	<target host="www.dersverilir.net" />
 
 
-	<securecookie host="^\.dersverilir\.net$" name=".+" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.dersverilir\.net$" name="^(?:PHPSESSID|computer)$" /-->
 
+	<securecookie host="^\.dersverilir\.net$" name=".+" />
 
-	<rule from="^http://cdn\.dersver\.net/"
-		to="https://cdn.dersver.net/" />
 
-	<rule from="^http://(www\.)?dersverilir\.net/"
-		to="https://$1dersverilir.net/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Derwesten.de.xml b/src/chrome/content/rules/Derwesten.de.xml
index bfa80cf38a8e..eee8c4461627 100644
--- a/src/chrome/content/rules/Derwesten.de.xml
+++ b/src/chrome/content/rules/Derwesten.de.xml
@@ -1,13 +1,12 @@
 <ruleset name="Derwesten.de">
-<target host="www.derwesten.de"/>
+<target host="www.derwesten.de" />
+<target host="files1.derwesten.de" />
+<target host="shop.derwesten.de" />
 <target host="derwesten.de"/>
-<target host="shop.derwesten.de"/>
 
-<!-- problems on: waz.immowelt.de  , no tls support
-	files1.derwesten.de (cert valid for localhost.localdomain only
--->
+<!-- problems on: waz.immowelt.de  , no tls support-->
 
-<rule from="^http://(www\.)?derwesten\.de/" to="https://www.derwesten.de/"/>
-<rule from="^http://shop\.derwesten\.de/" to="https://shop.derwesten.de/"/>
+<rule from="^http://(?:www\.)?derwesten\.de/" to="https://www.derwesten.de/"/>
 
+<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Desert_News.xml b/src/chrome/content/rules/Desert_News.xml
deleted file mode 100644
index c58474467984..000000000000
--- a/src/chrome/content/rules/Desert_News.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	Some pages redirect to http
-
--->
-<ruleset name="Desert News (partial)">
-
-	<target host="desertnews.com" />
-	<target host="*.desertnews.com" />
-		<exclusion pattern="^http://(?:www\.)?desertnews\.com/(?!css/|favicon\.ico|images/|img/|js/|logo\.gif|media/|misc/)" />
-		<exclusion pattern="^http://subscribe\.desertnews\.com/(?!css/|favicon\.ico|images/|script/)" />
-
-
-	<rule from="^http://((?:static|subscribe|www)\.)?desertnews\.com/"
-		to="https://$1desertnews.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Desertory_Media.xml b/src/chrome/content/rules/Desertory_Media.xml
deleted file mode 100644
index e2e82912f1a1..000000000000
--- a/src/chrome/content/rules/Desertory_Media.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	CN: Parallels Panel
-
--->
-<ruleset name="Desertory Media" default_off="self-signed">
-
-	<target host="desertory.de" />
-	<target host="www.desertory.de" />
-
-
-	<rule from="^https?://(?:www\.)?desertory\.de/"
-		to="https://desertory.de/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/DesignAddict.xml b/src/chrome/content/rules/DesignAddict.xml
index b2f20eb7caf9..fdc841862add 100644
--- a/src/chrome/content/rules/DesignAddict.xml
+++ b/src/chrome/content/rules/DesignAddict.xml
@@ -1,13 +1,25 @@
-<ruleset name="DesignAddict">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://designaddict.com/ => https://designaddict.com/: (60, 'SSL certificate problem: self signed certificate')
+Fetch error: http://generationawake.eu/ => https://generationawake.eu/: (60, 'SSL certificate problem: self signed certificate')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://designaddict.com/ => https://designaddict.com/: (60, 'SSL certificate problem: self signed certificate')
+-->
+<ruleset name="DesignAddict" default_off="failed ruleset test">
 
 	<target host="designaddict.com" />
-	<target host="*.designaddict.com" />
+	<target host="generationawake.eu" />
+	<target host="www.designaddict.com" />
+	<target host="www.generationawake.eu" />
 
 
-	<securecookie host="^(?:.*\.)?designaddict\.com$" name=".+" />
+	<!--	Not secured by server:
+					-->
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(www\.)?designaddict\.com/"
-		to="https://$1designaddict.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Designer_News.co.xml b/src/chrome/content/rules/Designer_News.co.xml
new file mode 100644
index 000000000000..5c10c7c8798b
--- /dev/null
+++ b/src/chrome/content/rules/Designer_News.co.xml
@@ -0,0 +1,34 @@
+<!--
+	^designernews.co: Refused
+
+
+	Insecure cookies are set for these domains:
+
+		- .www.designernews.co
+
+-->
+<ruleset name="Designer News.co">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.designernews.co" />
+
+	<!--	Complications:
+				-->
+	<target host="designernews.co" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.www\.designernews\.co$" name="^_news_session$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://designernews\.co/"
+		to="https://www.designernews.co/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Designova.net.xml b/src/chrome/content/rules/Designova.net.xml
new file mode 100644
index 000000000000..4d3fb5732681
--- /dev/null
+++ b/src/chrome/content/rules/Designova.net.xml
@@ -0,0 +1,26 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://designova.net/ => https://designova.net/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.designova.net/ => https://www.designova.net/: (60, 'SSL certificate problem: certificate has expired')
+
+	Mixed content:
+
+		- css from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Designova.net" default_off="failed ruleset test">
+
+	<target host="designova.net" />
+	<target host="www.designova.net" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Desire2learn.com.xml b/src/chrome/content/rules/Desire2learn.com.xml
index a4bf989d3e80..7e34eca23daf 100644
--- a/src/chrome/content/rules/Desire2learn.com.xml
+++ b/src/chrome/content/rules/Desire2learn.com.xml
@@ -1,4 +1,6 @@
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://desire2learn.com/ => https://desire2learn.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 	Desire2learn Incorporated
 
 
@@ -27,13 +29,15 @@
 <ruleset name="Desire2learn.com">
 
 	<target host="desire2learn.com" />
-	<target host="*.desire2learn.com" />
+	<target host="community.desire2learn.com" />
+	<target host="lmscloud.edev.desire2learn.com" />
+	<target host="pt.valence.desire2learn.com" />
+	<target host="www.desire2learn.com" />
 
 
-	<securecookie host="^(?:.*\.)?desire2learn\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://((?:community|lmscloud\.edev|pt\.valence|www)\.)?desire2learn\.com/"
-		to="https://$1desire2learn.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Desjardins.xml b/src/chrome/content/rules/Desjardins.xml
new file mode 100644
index 000000000000..e325088be102
--- /dev/null
+++ b/src/chrome/content/rules/Desjardins.xml
@@ -0,0 +1,26 @@
+<!--
+
+
+	blogues.desjardins.com does not work with https at this time
+
+-->
+<ruleset name="Desjardins (partial)">
+  <target host="desjardins.com" />
+  <target host="www.desjardins.com" />
+	<target host="adpub.desjardins.com" />
+  <target host="accesd.desjardins.com" />
+  <target host="accesd.affaires.desjardins.com" />
+
+  <securecookie host="desjardins\.com$" name=".+" />
+  <securecookie host="accesd\.desjardins\.com$" name=".+" />
+  <securecookie host="accesd\.affaires\.desjardins\.com$" name=".+" />
+
+  <!-- www is needed for https on the main site -->
+  <rule from="^http://(?:www\.)?desjardins\.com/"
+	  to="https://www.desjardins.com/" />
+
+  <!-- subdomains do not work with www -->
+	<rule from="^http:"
+          to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Desk.com.xml b/src/chrome/content/rules/Desk.com.xml
index 3d543a7897a0..9950d60a233f 100644
--- a/src/chrome/content/rules/Desk.com.xml
+++ b/src/chrome/content/rules/Desk.com.xml
@@ -1,80 +1,634 @@
 <!--
-	For other Salesforce.com coverage, see Salesforce.xml.
+	Wildcard DNS records, but no wildcard SSL certificate.
 
+	Invalid certificate:
+		2600hz.desk.com
+		50c362a6.desk.com
+		astraweb.50c362a6.desk.com
+		easynews.50c362a6.desk.com
+		halogen.50c362a6.desk.com
+		highwinds-media.50c362a6.desk.com
+		newsgroup-ninja.50c362a6.desk.com
+		newshosting.50c362a6.desk.com
+		usenetserver.50c362a6.desk.com
+		6aa9d15e7.desk.com
+		abizinabox1.desk.com
+		abode.desk.com
+		accufund-inc.accufund.desk.com
+		activeweb.desk.com
+		adonis-index.adonislifestyle.desk.com
+		aerospike.desk.com
+		the-alcohol-free-shop.alcoholfree.desk.com
+		alliant.desk.com
+		alliant2.desk.com
+		allpondsolutionshelp.desk.com
+		allpetsolutions.allpondsolutionshelp.desk.com
+		answeringservicecare.desk.com
+		support.anymeeting.desk.com
+		astronomerio.desk.com
+		apica.desk.com
+		appdynamic.desk.com
+		appearhere.desk.com
+		applegate.desk.com
+		at-t-rewards-application.aquto.desk.com
+		arccos-golf.arccosgolf.desk.com
+		caddie.arccosgolf.desk.com
+		driver.arccosgolf.desk.com
+		home.arccosgolf.desk.com
+		aritzia.desk.com
+		h9.asmallorange.desk.com
+		assets.desk.com
+		assets0.desk.com
+		assets01.desk.com
+		assets02.desk.com
+		assets03.desk.com
+		assets04.desk.com
+		assets1.desk.com
+		assets2.desk.com
+		assets3.desk.com
+		production.autoslash.desk.com
+		mozo.awana.desk.com
+		batchgeo.desk.com
+		barre3.desk.com
+		bayphotolab.desk.com
+		betterment.betterment.desk.com
+		bg-click4fashion.desk.com
+		bitgold.desk.com
+		english.bitgold.desk.com
+		bitium.desk.com
+		biznessapps.desk.com
+		bombbomb.desk.com
+		chirp.bookbub.desk.com
+		bookbub.bookbub.desk.com
+		bookbub-partners.bookbub.desk.com
+		bqool.desk.com
+		braintree.desk.com
+		contact.bridgepaynetwork.desk.com
+		is.bridgepaynetwork.desk.com
+		ta.bridgepaynetwork.desk.com
+		bromium.desk.com
+		brycer.desk.com
+		the-compliance-engine-brycer-support.brycer.desk.com
+		the-compliance-engine-ahj-support.brycer.desk.com
+		the-compliance-engine-itm-support.brycer.desk.com
+		burner.desk.com
+		burningman.desk.com
+		c6d19ed1.desk.com
+		highwinds-media.c6d19ed1.desk.com
+		callgroup.desk.com
+		campayn.desk.com
+		carnegiefoundation.desk.com
+		catchoom.desk.com
+		caviar.desk.com
+		dispatch-team.caviar.desk.com
+		restaurant-support.caviar.desk.com
+		ccb.desk.com
+		chaturbate.desk.com
+		exoticads.chaturbate.desk.com
+		chexology1.desk.com
+		citiprogram.desk.com
+		engagor-help.clarabridge.desk.com
+		home.clarabridge.desk.com
+		click4fashion.desk.com
+		clickipo.desk.com
+		cognifit.desk.com
+		prime.coinbase.desk.com
+		pro.coinbase.desk.com
+		colwiz.desk.com
+		comixology.desk.com
+		gm.connexionmedia.desk.com
+		wex.connexionmedia.desk.com
+		contaazul2.desk.com
+		contactually.desk.com
+		convirza.desk.com
+		copia.desk.com
+		help.corec.desk.com
+		info.corec.desk.com
+		iroha.corec.desk.com
+		covene.desk.com
+		crowdtap.desk.com
+		mobile.crowdtap.desk.com
+		crsadvtech.desk.com
+		crunch.desk.com
+		culturedcode.desk.com
+		curb.curb.desk.com
+		customdomain.desk.com
+		cydesign.desk.com
+		breadwinner-for-quickbooks-online.daddydonkeylabs.desk.com
+		davidkennethgroup.desk.com
+		123pet-cloud.daysmart.desk.com
+		definisec.desk.com
+		detectify.desk.com
+		dhsgroup.desk.com
+		help.digerati.desk.com
+		support.digerati.desk.com
+		digidotcash.desk.com
+		infinigold.digidotcash.desk.com
+		digitalsafe.desk.com
+		retailer.doba.desk.com
+		supplier.doba.desk.com
+		domainname.desk.com
+		doodle.desk.com
+		dorsavi.desk.com
+		dotsub.desk.com
+		dripdrop.desk.com
+		duecash.desk.com
+		help.dwolla.desk.com
+		support.dwolla.desk.com
+		ebiinc.desk.com
+		ebirdsupport.desk.com
+		ecwid.desk.com
+		educationcom.desk.com
+		rocky-mountain-college-of-art-design.efaeducation.desk.com
+		the-los-angeles-film-school.efaeducation.desk.com
+		the-king-s-college.efaeducation.desk.com
+		vts-support.ehealthafrica.desk.com
+		listing-booster.electrikeye.desk.com
+		avea-and-smart.elgato.desk.com
+		customerservice.elgato.desk.com
+		customer-service-eve.elgato.desk.com
+		emusic.emusic.desk.com
+		dock.elgato.desk.com
+		eve.elgato.desk.com
+		eve-home.elgato.desk.com
+		gaming.elgato.desk.com
+		help.elgato.desk.com
+		it.elgato.desk.com
+		video.elgato.desk.com
+		endeavor-services-group-premium.endeavorservice.desk.com
+		english.desk.com
+		entap.desk.com
+		eos.desk.com
+		epydoc.desk.com
+		eqiscapitalmanagement.desk.com
+		etermax.desk.com
+		development.etermax.desk.com
+		evite.evite.desk.com
+		eurodns.desk.com
+		belong.eve.desk.com
+		belong-adsl.eve.desk.com
+		belong-nbn.eve.desk.com
+		everfi.desk.com
+		ewing.desk.com
+		fatiguescience.desk.com
+		fibaro.desk.com
+		fieldnation.desk.com
+		finalcodeinc.desk.com
+		flashnotes.desk.com
+		flightnetwork.desk.com
+		foodee.desk.com
+		casserole.formstack.desk.com
+		internal.formstack.desk.com
+		sfappsuppot.formstack.desk.com
+		fractel.desk.com
+		frankbody.desk.com
+		funkwerkiotgmbh.desk.com
+		futuri.desk.com
+		geoarmsecurity.desk.com
+		globalgiving.desk.com
+		glooko.desk.com
+		glowbase.desk.com
+		gmoglobalsign.desk.com
+		gommehdnet.desk.com
+		goodbudget.desk.com
+		goodlord.desk.com
+		agent-v1-help-centre.goodlord.desk.com
+		guarantor-and-landlord-v1-helpcentre.goodlord.desk.com
+		tenant-v1-help-centre.goodlord.desk.com
+		goodreader.desk.com
+		gptw.desk.com
+		graze.desk.com
+		graze-com.graze.desk.com
+		graze-us.graze.desk.com
+		gulden.desk.com
+		semel-oy.halda.desk.com
+		handshake.desk.com
+		headspin.desk.com
+		learner-support.healthcourse.desk.com
+		healthdata.desk.com
+		healthunlocked.desk.com
+		hecmontreal.desk.com
+		futur-etudiant.hecmontreal.desk.com
+		hellowallet.desk.com
+		help.desk.com
+		helpling.desk.com
+		cleaners.helpling.desk.com
+		highwinds.desk.com
+		hiremojo.hiremojo.desk.com
+		honeybook.desk.com
+		hotro.desk.com
+		humblesoftware.desk.com
+		icouch.desk.com
+		ideascale.desk.com
+		idonate.desk.com
+		support.idonate.desk.com
+		idtech.desk.com
+		igobono.desk.com
+		ikegps.desk.com
+		imforza.desk.com
+		info.desk.com
+		infocyte.desk.com
+		intellimark.desk.com
+		support.intellimark.desk.com
+		interdin.desk.com
+		internationalmissionboard.desk.com
+		intradyn.desk.com
+		invixium.desk.com
+		callbridge.iotum.desk.com
+		callbridge-admin-support.iotum.desk.com
+		freeconferencebeta.iotum.desk.com
+		gather.iotum.desk.com
+		gather-admin-support.iotum.desk.com
+		ntwine-partner-support.iotum.desk.com
+		ntwine-conferencing.iotum.desk.com
+		ntwineconferencing.iotum.desk.com
+		partner-support.iotum.desk.com
+		partnername-admin-support.iotum.desk.com
+		partnername-conferencing.iotum.desk.com
+		talkshoe.iotum.desk.com
+		itbit.desk.com
+		iwave.desk.com
+		izotope.desk.com
+		spire.izotope.desk.com
+		jane.desk.com
+		jibeinc.desk.com
+		jmaclending.desk.com
+		jobtarget.desk.com
+		support.vrs.jordanlawrence.desk.com
+		keeeb.desk.com
+		keyshot.desk.com
+		kijk.kijk.desk.com
+		kijiji.desk.com
+		automobile-it.kijiji.desk.com
+		kijiji.kijiji.desk.com
+		kinivo.desk.com
+		bluerigger.kinivo.desk.com
+		kitcheck.desk.com
+		knowroaming.desk.com
+		kodmyranab.desk.com
+		kognito.desk.com
+		kpschoolofmedicine.desk.com
+		kw-commercial.kwri.desk.com
+		keller-williams-realty-international.kwri.desk.com
+		kwmcangel.kwri.desk.com
+		kwri-events.kwri.desk.com
+		learnupon.desk.com
+		learnzillion.desk.com
+		leeo.desk.com
+		life-church.lifechurch.desk.com
+		lifereimagined.desk.com
+		lingotek.desk.com
+		limespot.desk.com
+		logikcull.desk.com
+		deluxe-logo-creator.logomixinc.desk.com
+		earthlinkbrandbuilder.logomixinc.desk.com
+		freelogoservices.logomixinc.desk.com
+		incauthorityservices.logomixinc.desk.com
+		logomix.logomixinc.desk.com
+		mycorpbrandlauncher.logomixinc.desk.com
+		printingnow.logomixinc.desk.com
+		loremnotipsum.desk.com
+		luminoso.desk.com
+		magnushealth.desk.com
+		majorleaguegaming.desk.com
+		marick.desk.com
+		marinerslearningsystem.desk.com
+		marketwiredsupportportal.desk.com
+		admin-help.mastmobile.desk.com
+		user-help.mastmobile.desk.com
+		bigquery.matillion.desk.com
+		redshift.matillion.desk.com
+		snowflake.matillion.desk.com
+		mbieapi.desk.com
+		medeo.desk.com
+		mediasilo.desk.com
+		medicalgorithmics.desk.com
+		support-us.medicalgorithmics.desk.com
+		meetme.desk.com
+		memsource.desk.com
+		ironman-4x4.metaltech4x4.desk.com
+		mexinsurance.desk.com
+		guide.meyouhealth.desk.com
+		mindplay.desk.com
+		help.mindplay.desk.com
+		mine123.desk.com
+		mobify.desk.com
+		mobilecause.desk.com
+		modulus.desk.com
+		mogo.desk.com
+		mixbook.mosaic.desk.com
+		mtell-customer.mtell.desk.com
+		mtell-partners.mtell.desk.com
+		multivista.multivista.desk.com
+		ops-support.multivista.desk.com
+		my1login.desk.com
+		ipsy.myglam.desk.com
+		nascarheat1.desk.com
+		nationwideeviction.desk.com
+		netmail.desk.com
+		newpointe.desk.com
+		conference.nfcb.desk.com
+		mystation.nfcb.desk.com
+		solution.nfcb.desk.com
+		neocreative.neocreative.desk.com
+		myneucoin.neucoin.desk.com
+		newtonsoftware.desk.com
+		nlogic.desk.com
+		ngpvan.desk.com
+		help.ngpvan.desk.com
+		ngp.ngpvan.desk.com
+		staging.ngpvan.desk.com
+		nicequest.desk.com
+		nicequest-espana.nicequest.desk.com
+		nicequest-et.nicequest.desk.com
+		nicequest-nl.nicequest.desk.com
+		nicequest-us.nicequest.desk.com
+		npr.desk.com
+		anonymizer.ntrepidcorp.desk.com
+		ion.ntrepidcorp.desk.com
+		the-new-york-public-library.nypl.desk.com
+		observepoint1.desk.com
+		pears.oeie.desk.com
+		officedrop.desk.com
+		dc-resource-center.okl.desk.com
+		vendor-resource-center.okl.desk.com
+		onelegal.desk.com
+		onemob.desk.com
+		opternative.desk.com
+		otixo.desk.com
+		marketplace-help-next-gen.overdrive.desk.com
+		overdrive.overdrive.desk.com
+		overdrive-marketplace-help.overdrive.desk.com
+		sooner-card.ouit-sb.desk.com
+		outmatch.desk.com
+		outscale.desk.com
+		palasocial.palainteractive.desk.com
+		palbin.desk.com
+		pandora.desk.com
+		nextbigsound.pandora.desk.com
+		knowledge-base.panjiva.desk.com
+		panjiva-inc.panjiva.desk.com
+		thunder-support-center.paperg.desk.com
+		paracogas.desk.com
+		paywhirl-v1.paywhirl.desk.com
+		paywhirl-v2.paywhirl.desk.com
+		peatix.desk.com
+		pebble.desk.com
+		peddle.desk.com
+		perfectlyposh.desk.com
+		periscopeapp.desk.com
+		perkville.desk.com
+		phin.desk.com
+		piazza.desk.com
+		pixsystem.desk.com
+		plaid.desk.com
+		plasq.desk.com
+		germany.play-i.desk.com
+		korea.play-i.desk.com
+		playnery2.desk.com
+		edsupport.plhelp.desk.com
+		hcsupport.plhelp.desk.com
+		presencelearning-education.plhelp.desk.com
+		presencelearning-healthcare.plhelp.desk.com
+		support.plhelp.desk.com
+		pntrial.desk.com
+		globalcloudfleet.positioninguniversal.desk.com
+		axon-academy-external.praetoriangroup.desk.com
+		axon-university-internal.praetoriangroup.desk.com
+		btu-academy.praetoriangroup.desk.com
+		correctionsone.praetoriangroup.desk.com
+		ems1.praetoriangroup.desk.com
+		ems1academy.praetoriangroup.desk.com
+		firerescue1.praetoriangroup.desk.com
+		granttracker.praetoriangroup.desk.com
+		localgov-academy.praetoriangroup.desk.com
+		military1.praetoriangroup.desk.com
+		policeone.praetoriangroup.desk.com
+		ppe101.praetoriangroup.desk.com
+		safariland-academy.praetoriangroup.desk.com
+		prodigylearning.desk.com
+		echop44.project44.desk.com
+		propertyroomcom.desk.com
+		protectwise.desk.com
+		proxpn.desk.com
+		punchbowl.desk.com
+		party-city.punchbowl.desk.com
+		questys.desk.com
+		quinyx.desk.com
+		rallyme.desk.com
+		rdcaviation.desk.com
+		airport-charges.rdcaviation.desk.com
+		apex.rdcaviation.desk.com
+		realself.desk.com
+		apphelp.realself.desk.com
+		rebuy-de.rebuy.desk.com
+		rebuy-it.rebuy.desk.com
+		rebuy-nl.rebuy.desk.com
+		renmicro.desk.com
+		reportallusa.desk.com
+		tablemanager.restogroup.desk.com
+		diabetes-escape-plan.resultsink.desk.com
+		flofit.resultsink.desk.com
+		hot-at-home.resultsink.desk.com
+		keto-resource.resultsink.desk.com
+		rocketfrog.desk.com
+		rpm-for-residence.rpmlf.desk.com
+		rtda.desk.com
+		rugsusa.desk.com
+		safelylocked.desk.com
+		salesforcedemo.desk.com
+		samsungsta.desk.com
+		consumers.satco.desk.com
+		professionals.satco.desk.com
+		saxo.desk.com
+		saxo-bank.saxobank.desk.com
+		scheduleonce.desk.com
+		scoutalley.desk.com
+		seattlehomepro.desk.com
+		seeq.desk.com
+		sheamoisture.sheamoisture.desk.com
+		sheetmusicdirect.desk.com
+		shopkick-germany.shopkick.desk.com
+		shopmium.desk.com
+		be-shopmium.shopmium.desk.com
+		fr-shopmium.shopmium.desk.com
+		uk-activate.shopmium.desk.com
+		showpad.desk.com
+		simpplr.desk.com
+		singlecare-member.singlecare.desk.com
+		skytree.desk.com
+		smartdnsproxy.desk.com
+		smartschool.desk.com
+		smithmicro.desk.com
+		smxemail.desk.com
+		socialengine.desk.com
+		socom-nl.desk.com
+		spoon.desk.com
+		turbosupport.spoon.desk.com
+		team.sportngin.desk.com
+		home.sportngin.desk.com
+		organization.sportngin.desk.com
+		trackwrestling.sportngin.desk.com
+		springahead.desk.com
+		user-support.softonic.desk.com
+		solio.desk.com
+		songkick.desk.com
+		songkick.songkick.desk.com
+		sorensonmedia.desk.com
+		vendor-help.sourceday.desk.com
+		spoonsupport.spoon.desk.com
+		spacetimestudios.desk.com
+		specialtyansweringservice.desk.com
+		status2.desk.com
+		stedwards.desk.com
+		streema.desk.com
+		streetlife.desk.com
+		studyblue.desk.com
+		stuvia.desk.com
+		suitabletech.desk.com
+		sumall.desk.com
+		sumitomoelectric.desk.com
+		community.support.desk.com
+		business-online-payroll.surepayroll.desk.com
+		citibusiness-payroll-manager.surepayroll.desk.com
+		runpayroll.surepayroll.desk.com
+		suntrust-online-payroll.surepayroll.desk.com
+		agents-service-centre.suresave.desk.com
+		suresave-travel-insurance.suresave.desk.com
+		swiftnav.desk.com
+		help.swipeclock.desk.com
+		helphub.swipeclock.desk.com
+		hubbasicsupport.swipeclock.desk.com
+		hubsupport.swipeclock.desk.com
+		swipeclock.swipeclock.desk.com
+		timesimplicity-partner-support.swipeclock.desk.com
+		timeworks.swipeclock.desk.com
+		timeworks-partner-support.swipeclock.desk.com
+		timeworksplus-client-support.swipeclock.desk.com
+		timeworksplus-partner-support.swipeclock.desk.com
+		workforcehubsupport.swipeclock.desk.com
+		talkatone.desk.com
+		talonone.desk.com
+		hub-support.tasktop.desk.com
+		support.tasktop.desk.com
+		tapiture.desk.com
+		taskstream.desk.com
+		taskstreamhelp.desk.com
+		tri-counties-bank.tcbk.desk.com
+		welcome.tcbk.desk.com
+		ted.desk.com
+		teded.ted.desk.com
+		telerivet.desk.com
+		self-service.telesign.desk.com
+		theweatherchannel.desk.com
+		con-edison-smart-ac-program.thinkeco.desk.com
+		cool-control.thinkeco.desk.com
+		coolnyc-con-edison.thinkeco.desk.com
+		nyserda-power-perks.thinkeco.desk.com
+		pseg-li-super-saver-room-ac-program.thinkeco.desk.com
+		smart-savings-rewards.thinkeco.desk.com
+		thinkeco.thinkeco.desk.com
+		united-illuminating.thinkeco.desk.com
+		tint.desk.com
+		turnkey-corrections.threesquaremarket.desk.com
+		tiatrosresearch.desk.com
+		tiwc.desk.com
+		tmart.tmarthk.desk.com
+		speechpal.transcribeme.desk.com
+		support.transcribeme.desk.com
+		homeaway.travelmob.desk.com
+		travelmob.travelmob.desk.com
+		flyingeagles.travelup.desk.com
+		magicholidays.travelup.desk.com
+		travelup.travelup.desk.com
+		triumphlearning.desk.com
+		trusona.desk.com
+		tutorfair.desk.com
+		tv-squared.tvsquared.desk.com
+		typesafe.desk.com
+		ultra.desk.com
+		australia.ultra.desk.com
+		beijing.ultra.desk.com
+		brasil.ultra.desk.com
+		europe.ultra.desk.com
+		japan.ultra.desk.com
+		korea.ultra.desk.com
+		mexico.ultra.desk.com
+		miami.ultra.desk.com
+		passport.ultra.desk.com
+		shanghai.ultra.desk.com
+		southafrica.ultra.desk.com
+		taiwan.ultra.desk.com
+		singapore.ultra.desk.com
+		overplay.unblock.desk.com
+		unitec.desk.com
+		universityofyork1.desk.com
+		urbanairship.desk.com
+		comms.urbaninstitute.desk.com
+		it.urbaninstitute.desk.com
+		smb-success-center.usertesting.desk.com
+		usertesting-com.usertesting.desk.com
+		usetallie.desk.com
+		home.userzoom.desk.com
+		ubivox-technologies.uvxtech.desk.com
+		vacares.desk.com
+		validic-streaming.validic.desk.com
+		vaultrooms.desk.com
+		velma.desk.com
+		velocloud.desk.com
+		viber.desk.com
+		developers.viber.desk.com
+		developers-home.viber.desk.com
+		partners.viber.desk.com
+		videoblocks.videoblocks.desk.com
+		vigillo.desk.com
+		virtualmedschool.desk.com
+		virtuozzo.desk.com
+		vitta.desk.com
+		volotea.desk.com
+		wave.desk.com
+		wd.desk.com
+		webx2.desk.com
+		cisco-spark.webx2.desk.com
+		ctg-trials.webx2.desk.com
+		huron-and-cloud-extensions.webx2.desk.com
+		washjeff.desk.com
+		wickr.desk.com
+		messenger.wickr.desk.com
+		wildtree.desk.com
+		dorms-com-helpdesk.worldhostels.desk.com
+		world-nomads-service-centre.worldnomads.desk.com
+		wrstudios.desk.com
+		cloudattract.wrstudios.desk.com
+		cloudcma.wrstudios.desk.com
+		cloud-agent-suite.wrstudios.desk.com
+		xample.desk.com
+		xlstat.desk.com
+		youcanprint.desk.com
+		youeye.desk.com
+		youversion.desk.com
+		ys.desk.com
+		zenfolio.desk.com
+		zervant.desk.com
+		zipwhip.desk.com
+		verizon-paws.zipwhip.desk.com
+		zipwhip-support2.zipwhip.desk.com
 
-	CDN buckets:
-
-		- assistlycustomers.s3.amazonaws.com
-		- assistly-production.s3.amazonaws.com
-		- assistlywebsite.s3.amazonaws.com | dwan8j4vneaa7.cloudfront.net
-		- deskcontent.s3.amazonaws.com | d1epb5gzmg3005.cloudfront.net | d3jyn100am7dxp.cloudfront.net
-		- deskwww.s3.amazonaws.com | d3e6ejlgd1t9v1.cloudfront.net
-
-		- d218iqt4mo6adh.cloudfront.net
-
-			- assets.desk.com
-			- assets[0-3].desk.com
-			- assets0[1-4].desk.com
-
-		- d3j15y3zsn7b4t.cloudfront.net
-		- d3jyn100am7dxp.cloudfront.net
-
-
-	Problematic domains:
-
-		- desk.com subdomains:
-
-			- assets *
-			- assets[0-3] *
-			- assets0[1-4] *
-
-	* cloudfront
-
-
-	Fully covered domains:
-
-		- desk.com subdomains:
-
-			- assets *
-			- assets[0-3] *
-			- assets0[1-4] *
-
-	* → d218iqt4mo6adh.cloudfront.net
-
+	Redirect to HTTP:
+		blog.desk.com
+		community.desk.com
+		get.desk.com
+		updates.desk.com
+		www1.desk.com
+		www2.desk.com
 -->
 <ruleset name="Desk.com">
-
-	<target host="assistly.com" />
-	<target host="*.assistly.com" />
 	<target host="desk.com" />
-	<target host="*.desk.com" />
-
-
-	<rule from="^http://(www\.)?assistly\.com/"
-		to="https://$1assistly.com/" />
-
-	<rule from="^http://assets\d\.assistly\.com/"
-		to="https://d1epb5gzmg3005.cloudfront.net/" />
-
-	<rule from="^http://webassets\.assistly\.com/"
-		to="https://dwan8j4vneaa7.cloudfront.net/" />
-
-	<rule from="^http://(?:www\.)?desk\.com/"
-		to="https://www.desk.com/" />
-
-	<rule from="^http://assets(?:[0-3]|0[1-4])?\.desk\.com/"
-		to="https://d218iqt4mo6adh.cloudfront.net/" />
-
-	<rule from="^http://webassets\.desk\.com/"
-		to="https://d3e6ejlgd1t9v1.cloudfront.net/" />
-
-	<!--	1st-party domains:
-
-			- dev
-			- reg
-			- support
-					-->
-	<rule from="^http://([\w-]+)\.desk\.com/"
-		to="https://$1.desk.com/" />
+	<target host="www.desk.com" />
+	<target host="cdn.desk.com" />
+	<target host="dev.desk.com" />
+	<target host="status.desk.com" />
+	<target host="webassets.desk.com" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Desktop_Summit.org.xml b/src/chrome/content/rules/Desktop_Summit.org.xml
new file mode 100644
index 000000000000..15621831e6c9
--- /dev/null
+++ b/src/chrome/content/rules/Desktop_Summit.org.xml
@@ -0,0 +1,32 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .desktopsummit.org
+
+
+	Mixed content:
+
+		- Images from dot.kde.org *
+
+	* Secured by us
+
+-->
+<ruleset name="Desktop Summit.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="desktopsummit.org" />
+	<target host="www.desktopsummit.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.desktopsummit\.org$" name="^SESS[\da-f]{32}$" /-->
+
+	<securecookie host="^\.desktopsummit\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Despora.de.xml b/src/chrome/content/rules/Despora.de.xml
deleted file mode 100644
index fe6b5604febd..000000000000
--- a/src/chrome/content/rules/Despora.de.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="Despora.de">
-  <target host="despora.de" />
-  <target host="www.despora.de" />
-
-  <rule from="^http://(www\.)?despora\.de/" to="https://despora.de/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Dessaly.com.xml b/src/chrome/content/rules/Dessaly.com.xml
new file mode 100644
index 000000000000..d7b4c74a3093
--- /dev/null
+++ b/src/chrome/content/rules/Dessaly.com.xml
@@ -0,0 +1,17 @@
+<!--
+	Fully covered hosts in *dessaly.com:
+
+		- post
+
+-->
+<ruleset name="dessaly.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="post.dessaly.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Destroy_All_Software.com.xml b/src/chrome/content/rules/Destroy_All_Software.com.xml
new file mode 100644
index 000000000000..89ee618ee811
--- /dev/null
+++ b/src/chrome/content/rules/Destroy_All_Software.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="Destroy All Software.com">
+
+	<target host="destroyallsoftware.com" />
+	<target host="www.destroyallsoftware.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Destructoid.xml b/src/chrome/content/rules/Destructoid.xml
index 888953dca206..5e9531ee8850 100644
--- a/src/chrome/content/rules/Destructoid.xml
+++ b/src/chrome/content/rules/Destructoid.xml
@@ -1,15 +1,12 @@
-<ruleset name="Destructoid (partial)" default_off="expired">
-
+<ruleset name="Destructoid.com">
 	<target host="destructoid.com"/>
-	<target host="*.destructoid.com"/>
-
-	<!--	data from bulk 2, 3, 6, and 7 appear the same.
-		In order to minimize exceptions needed,
-		rewrite to one for all.		-->
-	<rule from="^http://bulk\d\.destructoid\.com/"
-		to="https://bulk2.destructoid.com/"/>
+	<target host="www.destructoid.com"/>
+	<target host="bulk2.destructoid.com"/>
+	<target host="cdn.destructoid.com"/>
+		<test url="http://www.destructoid.com/blogs/"/>
+		<test url="http://www.destructoid.com/?t=japanator/"/>
 
-	<rule from="^http://(?:www\.)?destructoid\.com/elephant/ul/"
-		to="https://bulk2.destructoid.com/ul/"/>
+	<securecookie host=".+" name=".+" />
 
+	<rule from="^http:" to="https:"/>
 </ruleset>
diff --git a/src/chrome/content/rules/Desura.xml b/src/chrome/content/rules/Desura.xml
deleted file mode 100644
index a298cb7b546e..000000000000
--- a/src/chrome/content/rules/Desura.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)
-		- media
-
--->
-<ruleset name="Desura (partial)">
-
-	<target host="*.desura.com" />
-
-
-	<rule from="^http://s(?:ecure|tatic)\.desura\.com/"
-		to="https://secure.desura.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Desy.de.xml b/src/chrome/content/rules/Desy.de.xml
new file mode 100644
index 000000000000..034769cf176a
--- /dev/null
+++ b/src/chrome/content/rules/Desy.de.xml
@@ -0,0 +1,122 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://desy2.desy.de/ => https://desy2.desy.de/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://gansvr2.desy.de/ => https://gansvr2.desy.de/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://hasylab.desy.de/ => https://hasylab.desy.de/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://particle-physics.desy.de/ => https://particle-physics.desy.de/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://petra3.desy.de/ => https://petra3.desy.de/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://photon-science.desy.de/ => https://photon-science.desy.de/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://pitz.desy.de/ => https://pitz.desy.de/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://wiki-zeuthen.desy.de/ => https://wiki-zeuthen.desy.de/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://wof-piwik2.desy.de/ => https://wof-piwik2.desy.de/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	Nonfunctional hosts in *desy.de:
+
+		- adweb *
+		- tesla *
+		- ttfinfo2 *
+
+	* 404
+
+
+	Problematic hosts in *desy.de:
+
+		- ^ ¹
+		- beschleuniger-ideenmarkt ¹
+		- edms ¹
+		- elan ¹
+		- fh ¹
+		- flash2 ¹
+		- ilc ¹
+		- jra-srf ¹
+		- mde ¹
+		- regae ²
+		- seeding-wiki ²
+		- sflash ¹
+		- testbeam ¹
+		- vuv-fel ¹
+
+	¹ Mismatched
+	² Self-signed
+
+
+	These altnames don't exist:
+
+		- www.zeuthen.desy.de
+
+
+	Insecure cookies are set for these hosts:
+
+		- indico.desy.de
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- guest-services from $self *
+			- www-mpy from $self *
+
+		- Bugs on elan, jra-srf, particle-physics, photon-science, tesla-new, xfel from wof-piwik2.desy.de *
+
+	* Secured by us
+
+-->
+<ruleset name="Desy.de (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="bastion.desy.de" />
+	<target host="desy2.desy.de" />
+	<target host="door.desy.de" />
+	<target host="doris.desy.de" />
+	<target host="dv-zeuthen.desy.de" />
+	<target host="edmsdirect.desy.de" />
+	<target host="flash.desy.de" />
+	<target host="gansvr2.desy.de" />
+	<target host="guest-services.desy.de" />
+	<target host="hasylab.desy.de" />
+	<target host="indico.desy.de" />
+	<target host="it.desy.de" />
+	<target host="lists.desy.de" />
+	<target host="m.desy.de" />
+	<target host="mail.desy.de" />
+	<target host="particle-physics.desy.de" />
+	<target host="petra3.desy.de" />
+	<target host="photon-science.desy.de" />
+	<target host="pitz.desy.de" />
+	<target host="teamcenter.desy.de" />
+	<target host="tesla-new.desy.de" />
+	<target host="ttfinfo.desy.de" />
+	<target host="webmail.desy.de" />
+	<target host="wiki-zeuthen.desy.de" />
+	<target host="winweb.desy.de" />
+	<target host="wof-cluster.desy.de" />
+	<target host="wof-piwik2.desy.de" />
+	<target host="www-it.desy.de" />
+	<target host="www-mpy.desy.de" />
+	<target host="www-zeuthen.desy.de" />
+	<target host="www.desy.de" />
+	<target host="xfel.desy.de" />
+	<target host="zeusdp.desy.de" />
+
+	<!--	Complications:
+				-->
+	<target host="desy.de" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^indico\.desy\.de$" name="^MAKACSESSION$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://desy\.de/"
+		to="https://www.desy.de/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Details.com-falsemixed.xml b/src/chrome/content/rules/Details.com-falsemixed.xml
new file mode 100644
index 000000000000..59df37df1595
--- /dev/null
+++ b/src/chrome/content/rules/Details.com-falsemixed.xml
@@ -0,0 +1,18 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://wp-poc.details.com/ => https://wp-poc.details.com/: (6, 'Could not resolve host: wp-poc.details.com')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://wp-poc.details.com/ => https://wp-poc.details.com/: (6, 'Could not resolve host: wp-poc.details.com')
+	For rules not causing false/broken MCB, see Details.com.xml.
+
+-->
+<ruleset name="Details.com (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
+
+	<target host="wp-poc.details.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Details.xml b/src/chrome/content/rules/Details.xml
index e97751f3977f..c402bfae2a1a 100644
--- a/src/chrome/content/rules/Details.xml
+++ b/src/chrome/content/rules/Details.xml
@@ -1,26 +1,59 @@
 <!--
+	For rules causing false/broken MCB, see Details.com-falsemixed.xml.
+
 	For other Condé Nast coverage, see Conde-Nast.xml.
 
 
-	details.com is hosted on Akamai.
+	Problematic subdomains:
+
+		- ^ ¹
+		- network ²
+		- www ³
+
+	¹ Mismatched, CN: secure.details.com
+	² Works; mismatched, CN: tid.al
+	³ Akamai
 
 
 	Some pages redirect to http, including:
 
 		- epicenter/wp-content/
-		- favicon.ico
 		- images_blogs/
 		- opinion/wp-content/
 
+
+	Mixed content:
+
+		- css on wp-poc from www *
+
+		- Images, on:
+
+			- network, from:
+
+				- c15192701.r1.cf2.rackcdn.com *
+				- 46cd30968e1573f1be6a-8c2846daf2177f4f4bf5c632288c9df2.r86.cf2.rackcdn.com *
+				- f533f48d5f4caca7eca4-fc1b9f39dbc011f36431a12c21c5bdb0.r0.cf2.rackcdn.com *
+				- cdna.tid.al *
+
+			- wp-poc from $self *
+			- wp-poc from www *
+
+	* Secured by us
+
 -->
 <ruleset name="Details (partial)">
 
 	<target host="details.com" />
-	<target host="*.details.com" />
-		<exclusion pattern="^https?://(?:www\.)?details\.com/(?!css/|images/|favicon\.ico$|sandbox/)" />
+	<target host="secure.details.com" />
+	<target host="www.details.com" />
+	<target host="wp-poc.details.com" />
+		<exclusion pattern="^http://(?:www\.)?details\.com/(?!css/|images/|favicon\.ico$|sandbox/)" />
 
 
-	<rule from="^https?://(?:secure\.|www\.)?details\.com/"
+	<rule from="^http://(?:secure\.|www\.)?details\.com/"
 		to="https://secure.details.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http://wp-poc\.details\.com/(?=(?:daily-details/)?(?:files/|wp-content/)|favicon\.ico)"
+		to="https://wp-poc.details.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Detectify.xml b/src/chrome/content/rules/Detectify.xml
new file mode 100644
index 000000000000..bd2acca12cdf
--- /dev/null
+++ b/src/chrome/content/rules/Detectify.xml
@@ -0,0 +1,23 @@
+<!--
+	CDN buckets:
+
+		- detectify-labs.s3.amazonaws.com
+
+
+	Nonfunctional hosts in *detectify.com:
+
+		- labs *
+
+	* Tumblr/refused
+
+-->
+<ruleset name="Detectify.com (partial)">
+
+	<target host="detectify.com" />
+	<target host="www.detectify.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Detektor.fm.xml b/src/chrome/content/rules/Detektor.fm.xml
new file mode 100644
index 000000000000..5f58110dc9f9
--- /dev/null
+++ b/src/chrome/content/rules/Detektor.fm.xml
@@ -0,0 +1,5 @@
+<ruleset name="Detektor.fm">
+  <target host="detektor.fm" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/DeusM-clients.xml b/src/chrome/content/rules/DeusM-clients.xml
deleted file mode 100644
index 7b4613aa58a5..000000000000
--- a/src/chrome/content/rules/DeusM-clients.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	For DeusM proper coverage, see DeusM.xml.
-
--->
-<ruleset name="DeusM clients" default_off="mismatch">
-
-	<!--	Cert: deusm.com	-->
-	<target host="internetevolution.com" />
-	<target host="www.internetevolution.com" />
-
-
-	<securecookie host="^www\.internetevolution\.com$" name=".*" />
-
-
-	<!--	!www 301s to www
-					-->
-	<rule from="^https?://(?:www\.)?internetevolution\.com/"
-		to="https://www.internetevolution.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/DeusM.xml b/src/chrome/content/rules/DeusM.xml
index 500116953bed..d2f152d5d689 100644
--- a/src/chrome/content/rules/DeusM.xml
+++ b/src/chrome/content/rules/DeusM.xml
@@ -1,23 +1,32 @@
 <!--
 	For mismatches and other UBM coverage, see UBM-mismatches.xml
 
+	CDN buckets:
 
-	For clients, see DeusM-clients.xml.
+		- deusm.cachefly.net	← img.deusm.com
 
--->
-<ruleset name="DeusM (partial)">
 
-	<target host="deusm.com" />
-	<target host="*.deusm.com" />
+	Problematic hosts in *deusm.com:
+
+		- (www.)? ᵐ
+		- img ᵐ
+
+	ᵐ Mismatched
 
+-->
+<ruleset name="DeusM.com (partial)">
+
+	<!--	Complications:
+				-->
+	<target host="img.deusm.com" />
 
-	<securecookie host="^.*\.deusm\.com$" name=".*" />
 
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(payment\.)?deusm\.com/"
-		to="https://$1deusm.com/" />
 
-	<rule from="^https?://img\.deusm\.com/"
+	<rule from="^http://img\.deusm\.com/"
 		to="https://deusm.cachefly.net/" />
 
+		<test url="http://img.deusm.com/images/spacer.gif" /><!--	49 -->
+
 </ruleset>
diff --git a/src/chrome/content/rules/Deutsche-BKK.xml b/src/chrome/content/rules/Deutsche-BKK.xml
deleted file mode 100644
index 02baa1be0c1b..000000000000
--- a/src/chrome/content/rules/Deutsche-BKK.xml
+++ /dev/null
@@ -1,5 +0,0 @@
-<ruleset name="Deutsche BKK">
-<target host="www.deutschebkk.de" />
-<target host="deutschebkk.de" />
-<rule from="^http://(?:www\.)?deutschebkk\.de/" to="https://www.deutschebkk.de/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/Deutsche-Finanzagentur.de.xml b/src/chrome/content/rules/Deutsche-Finanzagentur.de.xml
new file mode 100644
index 000000000000..224245230a14
--- /dev/null
+++ b/src/chrome/content/rules/Deutsche-Finanzagentur.de.xml
@@ -0,0 +1,19 @@
+<!--
+	Timeout:
+		- bmail.deutsche-finanzagentur.de
+		- mail.deutsche-finanzagentur.de
+-->
+<ruleset name="Deutsche-Finanzagentur.de">
+
+	<target host="www.deutsche-finanzagentur.de" />
+	<target host="eas.deutsche-finanzagentur.de" />
+	<target host="mdm.deutsche-finanzagentur.de" />
+	<target host="prod.deutsche-finanzagentur.de" />
+	<target host="stage.deutsche-finanzagentur.de" />
+	<target host="wartung.deutsche-finanzagentur.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Deutsche-Rentenversicherung.de.xml b/src/chrome/content/rules/Deutsche-Rentenversicherung.de.xml
new file mode 100644
index 000000000000..114d7c1d5dcf
--- /dev/null
+++ b/src/chrome/content/rules/Deutsche-Rentenversicherung.de.xml
@@ -0,0 +1,21 @@
+<!--
+	Invalid certificate:
+		drv-bund.de
+		www.drv-bund.de
+
+-->
+<ruleset name="Deutsche-Rentenversicherung.de">
+
+	<target host="www.deutsche-rentenversicherung.de" />
+
+	<target host="www.deutsche-rentenversicherung-bund.de" />
+
+	<target host="drv-bund.de" />
+	<target host="www.drv-bund.de" />
+
+	<rule from="^http://(www\.)?drv-bund\.de/"
+		to="https://www.deutsche-rentenversicherung.de/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Deutsche-Rohstoffagentur.de.xml b/src/chrome/content/rules/Deutsche-Rohstoffagentur.de.xml
new file mode 100644
index 000000000000..5998c3a69499
--- /dev/null
+++ b/src/chrome/content/rules/Deutsche-Rohstoffagentur.de.xml
@@ -0,0 +1,15 @@
+<!--
+	Invalid certificate:
+		deutsche-rohstoffagentur.de
+-->
+<ruleset name="Deutsche-Rohstoffagentur.de">
+
+	<target host="deutsche-rohstoffagentur.de" />
+	<target host="www.deutsche-rohstoffagentur.de" />
+
+	<rule from="^http://deutsche-rohstoffagentur\.de/"
+		to="https://www.deutsche-rohstoffagentur.de/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Deutsche_Boerse.xml b/src/chrome/content/rules/Deutsche_Boerse.xml
index b945eee329b6..5fb034cc421a 100644
--- a/src/chrome/content/rules/Deutsche_Boerse.xml
+++ b/src/chrome/content/rules/Deutsche_Boerse.xml
@@ -1,12 +1,24 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://deutsche-boerse.com/ => https://www.deutsche-boerse.com/: Too many redirects while fetching 'https://www.deutsche-boerse.com/'
+Fetch error: http://www.deutsche-boerse.com/ => https://www.deutsche-boerse.com/: Too many redirects while fetching 'https://www.deutsche-boerse.com/'
+
      Deutsche Börse
+
+	Other Deutsche Börse rulesets:
+
+		- Eurex_Repo.com.xml
+		- Eurexchange.com.xml
+		- Xetra.com.xml
+
 -->
 
-<ruleset name="Deutsche Börse Group">
+<ruleset name="Deutsche Börse Group" default_off="failed ruleset test">
     <target host="deutsche-boerse.com" />
     <target host="www.deutsche-boerse.com" />
 
-    <rule from="^https?://deutsche-boerse\.com/"
+    <rule from="^http://deutsche-boerse\.com/"
         to="https://www.deutsche-boerse.com/" />
     <rule from="^http://([^/:@]+)?\.deutsche-boerse\.com/"
         to="https://$1.deutsche-boerse.com/" />
diff --git a/src/chrome/content/rules/Deutsche_Messe.xml b/src/chrome/content/rules/Deutsche_Messe.xml
index 7219f6dadea9..155b2a4d7456 100644
--- a/src/chrome/content/rules/Deutsche_Messe.xml
+++ b/src/chrome/content/rules/Deutsche_Messe.xml
@@ -1,15 +1,26 @@
 <!--
+	Deutsche Messe
+
+	Other Deutsche Messe rulesets:
+
+		- CeBIT.de.xml
+		- Hannover_Messe.de.xml
+
+
 	Nonfunctional subdomains:
 
 		- balder	(times out)
+		- daguerre ²
+
+	² Refused
 
 -->
-<ruleset name="Deutsche Messe (partial)">
+<ruleset name="Messe.de (partial)">
 
 	<target host="files.messe.de" />
 
 
-	<rule from="^http://files\.messe\.de/"
-		to="https://files.messe.de/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Deutsche_Telekom.xml b/src/chrome/content/rules/Deutsche_Telekom.xml
index 09dbaefc79bd..f615ad78dee9 100644
--- a/src/chrome/content/rules/Deutsche_Telekom.xml
+++ b/src/chrome/content/rules/Deutsche_Telekom.xml
@@ -1,72 +1,76 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.forum.telekom.de/ => https://www.forum.telekom.de/: (51, "SSL: no alternative certificate subject name matches target host name 'www.forum.telekom.de'")
+Fetch error: http://fotoservice.telekom.de/ => https://fotoservice.telekom.de/: (51, "SSL: no alternative certificate subject name matches target host name 'fotoservice.telekom.de'")
+Fetch error: http://mwl.telekom.de/ => https://mwl.telekom.de/: (51, "SSL: no alternative certificate subject name matches target host name 'mwl.telekom.de'")
+Fetch error: http://videomeet.telekom.de/ => https://videomeet.telekom.de/: (6, 'Could not resolve host: videomeet.telekom.de')
+
+	Deutsche Telekom
+
 	Other Deutsche Telekom rulesets:
 
 		- T-Mobile.xml
 		- T-Online.xml
+		- TMobile.com.xml
+		- TMobile.nl.xml
+		- TMocache.com.xml
+		- Telekom.com.xml
+		- Telekom-Partnerwelt.de.xml
+		- Telekom-Profis.de.xml
+		- Telekom-dienste.de.xml
 
 
-	Nonfunctional domains:
-
-		- tv.telekom.com	(times out)
-
-
-	Fully covered domains:
-
-		- login.idm.telekom.com
-		- accounts.login.idm.telekom.com
-
-		- telekom.de subdomains:
+	Insecure cookies are set for these domains and hosts:
 
-			- (www.)forum
-			- fotoservice
-			- hilfe
-			- konferenzen
-			- kundencenter
-			- mwl
-			- videomeet
+		- .telekom.de
+		- pix.telekom.de
+		- www.telekom.de
 
-		- meinkonto.telekom-dienste.de
 
+	Mixed content:
 
-	Mixed web bug on (www.)forum.telekom.de from stats.t-online.de
+		- Bug on (www.)?forum from stats.t-online.de
 
 -->
-<ruleset name="Deutsche Telekom">
+<ruleset name="Telekom.de" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="forum.telekom.de" />
+	<target host="www.forum.telekom.de" />
+	<target host="fotoservice.telekom.de" />
+	<target host="hilfe.telekom.de" />
+	<target host="konferenzen.telekom.de" />
+	<target host="kundencenter.telekom.de" />
+	<target host="mwl.telekom.de" />
+	<target host="pix.telekom.de" />
+	<target host="videomeet.telekom.de" />
+	<target host="www.telekom.de" />
 
-	<target host="telekom.com" />
-	<target host="*.telekom.com" />
+	<!--	Complications:
+				-->
 	<target host="telekom.de" />
-	<target host="www.telekom.de" />
-	<target host="www.wtpx-telekom.com" />
 
 
-	<securecookie host="^(?:accounts\.login)?\.idm\.telekom\.com$" name=".+" />
-	<!--
-		Are these tracking cookies?
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.telekom\.de$" name="^(?:LoginLevel|SecurityCookie|greetuser)$" /-->
+	<!--securecookie host="^pix\.telekom\.de$" name="^wteid_\d+$" /-->
+	<!--securecookie host="^www\.telekom\.de$" name="^(?:Position|sid|vpnr)$" /-->
+
+	<!--	Are these tracking cookies?
 						-->
 	<!--securecookie host="^\.telekom\.de$" name="^(xtan|xtant|xtvrn)$" /-->
-	<securecookie host="^(?:(?:www\.)?forum|fotoservice|\.?hilfe|konferenzen|kundencenter|mwl|www)\.telekom\.de$" name=".+" />
-	<securecookie host="^meinkonto\.telekom-dienste\.de$" name=".+" />
-	<securecookie host="^www\.wtpx-telekom\.com$" name=".+" />
+	<securecookie host="^\w" name=".+" />
 
 
 	<!--	Certs only match www.
 					-->
-	<rule from="^https?://(?:www\.)?telekom\.(com|de)/"
-		to="https://www.telekom.$1/" />
+	<rule from="^http://telekom\.de/"
+		to="https://www.telekom.de/" />
 
-	<rule from="^http://(accounts\.)?login\.idm\.telekom\.com/"
-		to="https://$1login.idm.telekom.com/" />
-
-	<rule from="^http://((?:www\.)?forum|fotoservice|hilfe|konferenzen|kundencenter|mwl|videomeet)\.telekom\.de/"
-		to="https://$1.telekom.de/" />
-
-	<rule from="^http://meinkonto\.telekom-dienste\.de/"
-		to="https://meinkonto.telekom-dienste.de/" />
-
-	<!--	!www doesn't exist.
-					-->
-	<rule from="^http://www\.wtpx-telekom\.com/"
-		to="https://www.wtpx-telekom.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Deutschebahn.com.xml b/src/chrome/content/rules/Deutschebahn.com.xml
new file mode 100644
index 000000000000..af55555ec83e
--- /dev/null
+++ b/src/chrome/content/rules/Deutschebahn.com.xml
@@ -0,0 +1,201 @@
+<!--
+	Certificate Chain Error:
+		arbeitswelten.deutschebahn.com
+		kundenbeirat.forum.extranet.deutschebahn.com
+		facebook.deutschebahn.com
+	Invalid Certificate:
+		abnahme-cae.deutschebahn.com
+		bestellportal-abn-test.deutschebahn.com
+		em-tippspiel.deutschebahn.com
+		autodiscover.extranet.deutschebahn.com
+		brandportal.extranet.deutschebahn.com
+		dbplanet.extranet.deutschebahn.com
+		dbtogether-abn.extranet.deutschebahn.com
+		filegateway.extranet.deutschebahn.com
+		latps-abn.extranet.deutschebahn.com
+		mediendienste.extranet.deutschebahn.com
+		mobilitaet4-0.extranet.deutschebahn.com
+		ingenieure.deutschebahn.com
+		intra.deutschebahn.com
+		puenktlichkeit.deutschebahn.com
+		register-abn.deutschebahn.com
+		register-test.deutschebahn.com
+		sso-test.service.deutschebahn.com
+		dadregio.test.service.deutschebahn.com
+		hrsso.test.service.deutschebahn.com
+		sso2fa.test.service.deutschebahn.com
+		ssocargo.test.service.deutschebahn.com
+		ssocargo-abn.test.service.deutschebahn.com
+		ssocargo-ite.test.service.deutschebahn.com
+		ssocargo-mts.test.service.deutschebahn.com
+		ssocargo-wus.test.service.deutschebahn.com
+		tech-trassenportal-st2-test.deutschebahn.com
+		trassenportal-st2-test.deutschebahn.com
+		veranstaltungen.deutschebahn.com
+		www2.deutschebahn.com
+		zb2015.deutschebahn.com
+		zb2016.deutschebahn.com
+	Timeout:
+		download-data.deutschebahn.com
+	Secure Connection Failed:
+		bahnbonus-entw.extranet.deutschebahn.com
+		ib.deutschebahn.com
+		ib2014.deutschebahn.com
+		ib2015.deutschebahn.com
+		jungebahn.deutschebahn.com
+		fzofi-gateway.tech.deutschebahn.com
+		fzofi-gateway-abnahme.tech.deutschebahn.com
+		zb.deutschebahn.com
+	Unable to Connect:
+		deutschebahn.com
+		bcm-test.extranet.deutschebahn.com
+		dbsystel-hilft.extranet.deutschebahn.com
+		dbtogether.extranet.deutschebahn.com
+		s-bahn-muenchen.extranet.deutschebahn.com
+		lokster.deutschebahn.com
+		fs-10-abn.service.deutschebahn.com
+	Forbidden (403):
+		fzit-wartung.tech.deutschebahn.com
+-->
+<ruleset name="Deutschebahn.com">
+	<target host="deutschebahn.com" />
+	<target host="www.deutschebahn.com" />
+	<target host="api.deutschebahn.com" />
+	<target host="autodiscover.deutschebahn.com" />
+	<target host="bauinfos.deutschebahn.com" />
+	<target host="bauportal.deutschebahn.com" />
+	<target host="bauportal-test.deutschebahn.com" />
+	<target host="bauprojekte.deutschebahn.com" />
+	<target host="bruecken.deutschebahn.com" />
+	<target host="bundesligatippspiel.deutschebahn.com" />
+	<target host="ceoblog.deutschebahn.com" />
+	<target host="cnr-itu-test.deutschebahn.com" />
+	<target host="data.deutschebahn.com" />
+	<target host="db-planet.deutschebahn.com" />
+	<target host="dbinvest.deutschebahn.com" />
+	<target host="dbplanet.deutschebahn.com" />
+	<target host="dbregiowerke.deutschebahn.com" />
+	<target host="developer.deutschebahn.com" />
+	<target host="documentportal.deutschebahn.com" />
+	<target host="bnv-bus.extranet.deutschebahn.com" />
+	<target host="compliance-cockpit.extranet.deutschebahn.com" />
+	<target host="dbjobservice.extranet.deutschebahn.com" />
+	<target host="dbkt.extranet.deutschebahn.com" />
+	<target host="dbzeitarbeit-mitarbeiterportal.extranet.deutschebahn.com" />
+	<target host="df3.extranet.deutschebahn.com" />
+	<target host="einkaufsbahnhof-tool.extranet.deutschebahn.com" />
+	<target host="fb.extranet.deutschebahn.com" />
+	<target host="folgeworkshop-mab.extranet.deutschebahn.com" />
+	<target host="fragen-an-den-chef.extranet.deutschebahn.com" />
+	<target host="idoc.extranet.deutschebahn.com" />
+	<target host="internal-controls-platform.extranet.deutschebahn.com" />
+	<target host="it-support-community.extranet.deutschebahn.com" />
+	<target host="it-support-community-users.extranet.deutschebahn.com" />
+	<target host="mab.extranet.deutschebahn.com" />
+	<target host="marketingportal.extranet.deutschebahn.com" />
+	<target host="mediathek.extranet.deutschebahn.com" />
+	<target host="meinvideo.extranet.deutschebahn.com" />
+	<target host="messeshop.extranet.deutschebahn.com" />
+	<target host="msx.extranet.deutschebahn.com" />
+	<target host="portal-s-bahn-berlin.extranet.deutschebahn.com" />
+	<target host="www.s21logistik.extranet.deutschebahn.com" />
+	<target host="susit.extranet.deutschebahn.com" />
+	<target host="susit-cmdb.extranet.deutschebahn.com" />
+	<target host="susit-wiki.extranet.deutschebahn.com" />
+	<target host="tfportal.extranet.deutschebahn.com" />
+	<target host="vpn.extranet.deutschebahn.com" />
+	<target host="dbnetzeenergie.vpn.extranet.deutschebahn.com" />
+	<target host="dbnetzepersonenbahnhoefe.vpn.extranet.deutschebahn.com" />
+	<target host="vpn-test.extranet.deutschebahn.com" />
+	<target host="webconferencing.extranet.deutschebahn.com" />
+	<target host="fink.deutschebahn.com" />
+	<target host="fink-abn.deutschebahn.com" />
+	<target host="fink-abn-ec.deutschebahn.com" />
+	<target host="fipo.deutschebahn.com" />
+	<target host="fipo-test.deutschebahn.com" />
+	<target host="geovdbn.deutschebahn.com" />
+	<target host="geovdbn-abn.deutschebahn.com" />
+	<target host="gruen.deutschebahn.com" />
+	<target host="io.deutschebahn.com" />
+	<target host="jobs.deutschebahn.com" />
+	<target host="karriere.deutschebahn.com" />
+	<target host="karrierenetzwerk.deutschebahn.com" />
+	<target host="mawema.deutschebahn.com" />
+	<target host="mediathek.deutschebahn.com" />
+	<target host="meinvideo.deutschebahn.com" />
+	<target host="mobil.deutschebahn.com" />
+	<target host="mrp-abn-test.deutschebahn.com" />
+	<target host="mrp-ite-test.deutschebahn.com" />
+	<target host="mrp-wus-test.deutschebahn.com" />
+	<target host="portszczecin.deutschebahn.com" />
+	<target host="register.deutschebahn.com" />
+	<target host="resale-inhouse.deutschebahn.com" />
+	<target host="reumsatz.deutschebahn.com" />
+	<target host="reumsatz-test.deutschebahn.com" />
+	<target host="rvsidee.deutschebahn.com" />
+	<target host="s21logistik-test.deutschebahn.com" />
+	<target host="secmail.deutschebahn.com" />
+	<target host="dbbox-ref.service.deutschebahn.com" />
+	<target host="dbec.service.deutschebahn.com" />
+	<target host="dbs-jira.service.deutschebahn.com" />
+	<target host="dbs-mysites.service.deutschebahn.com" />
+	<target host="dbs-partners.service.deutschebahn.com" />
+	<target host="dbs-portal.service.deutschebahn.com" />
+	<target host="dbs-wac.service.deutschebahn.com" />
+	<target host="dbsw-login.service.deutschebahn.com" />
+	<target host="dbwas.service.deutschebahn.com" />
+	<target host="dbwebex1.service.deutschebahn.com" />
+	<target host="dbwebexbusiness.service.deutschebahn.com" />
+	<target host="fs-10.service.deutschebahn.com" />
+	<target host="mynet-pha-tst.service.deutschebahn.com" />
+	<target host="nachtragsportal.service.deutschebahn.com" />
+	<target host="self.service.deutschebahn.com" />
+	<target host="sso2fa.service.deutschebahn.com" />
+	<target host="dbes.test.service.deutschebahn.com" />
+	<target host="dbsw-login.test.service.deutschebahn.com" />
+	<target host="emm.test.service.deutschebahn.com" />
+	<target host="emmvpn.test.service.deutschebahn.com" />
+	<target host="mobile.test.service.deutschebahn.com" />
+	<target host="msx.test.service.deutschebahn.com" />
+	<target host="oauth.test.service.deutschebahn.com" />
+	<target host="pxm.test.service.deutschebahn.com" />
+	<target host="sso.test.service.deutschebahn.com" />
+	<target host="van.test.service.deutschebahn.com" />
+	<target host="vds.test.service.deutschebahn.com" />
+	<target host="van.service.deutschebahn.com" />
+	<target host="vds.service.deutschebahn.com" />
+	<target host="wekan-au.service.deutschebahn.com" />
+	<target host="wekan-tu.service.deutschebahn.com" />
+	<target host="simplymeet.deutschebahn.com" />
+	<target host="skydeck.deutschebahn.com" />
+	<target host="sponsoringanfrage.deutschebahn.com" />
+	<target host="startuprelations.deutschebahn.com" />
+	<target host="stationsportal-abn.deutschebahn.com" />
+	<target host="streaming-mediathek.deutschebahn.com" />
+	<target host="dbt.tech.deutschebahn.com" />
+	<target host="fta-abna.tech.deutschebahn.com" />
+	<target host="fta-wartung.tech.deutschebahn.com" />
+	<target host="mitfahrer-app.tech.deutschebahn.com" />
+	<target host="sgh.tech.deutschebahn.com" />
+	<target host="sgp.tech.deutschebahn.com" />
+	<target host="sgp-abn.tech.deutschebahn.com" />
+	<target host="timleo.tech.deutschebahn.com" />
+	<target host="timleo-abn.tech.deutschebahn.com" />
+	<target host="timleo-test.tech.deutschebahn.com" />
+	<target host="tech-trassenportal-itu-test.deutschebahn.com" />
+	<target host="tech-trassenportal-st1-test.deutschebahn.com" />
+	<target host="tech-trassenportal-tu-test.deutschebahn.com" />
+	<target host="techtalent.deutschebahn.com" />
+	<target host="trassenportal-itu-test.deutschebahn.com" />
+	<target host="trassenportal-st1-test.deutschebahn.com" />
+	<target host="trassenportal-tu-test.deutschebahn.com" />
+	<target host="werkzeugkasten.deutschebahn.com" />
+	<target host="www1.deutschebahn.com" />
+	<target host="zugspitze-mobil.deutschebahn.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://deutschebahn\.com/" to="https://www.deutschebahn.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Deutschen-Forschungsgemeinschaft.xml b/src/chrome/content/rules/Deutschen-Forschungsgemeinschaft.xml
index b1a3724c3f0b..4d71a3f6ec66 100644
--- a/src/chrome/content/rules/Deutschen-Forschungsgemeinschaft.xml
+++ b/src/chrome/content/rules/Deutschen-Forschungsgemeinschaft.xml
@@ -9,16 +9,15 @@
 						that domain's data)
 
 -->
-<ruleset name="Deutschen Forschungsgemeinschaft (partial)" default_off="mismatch">
+<ruleset name="Deutschen Forschungsgemeinschaft (partial)" default_off="mismatched">
 
 	<!--	Cert: ssl.daad.de	-->
 	<target host="research-explorer.dfg.de" />
 
 
-	<securecookie host="^research-explorer\.dfg\.de$" name=".*" />
+	<securecookie host="^research-explorer\.dfg\.de$" name=".+" />
 
 
-	<rule from="^http://research-explorer\.dfg\.de/"
-		to="https://research-explorer.dfg.de/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Deutscher-radiopreis.de.xml b/src/chrome/content/rules/Deutscher-radiopreis.de.xml
new file mode 100644
index 000000000000..a05533a4de57
--- /dev/null
+++ b/src/chrome/content/rules/Deutscher-radiopreis.de.xml
@@ -0,0 +1,9 @@
+<ruleset name="deutscher-radiopreis.de">
+    <target host="deutscher-radiopreis.de" />
+    <target host="www.deutscher-radiopreis.de" />
+
+    <securecookie host="^(www\.)?deutscher-radiopreis\.de$" name=".+" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Deutscher_Bundestag.xml b/src/chrome/content/rules/Deutscher_Bundestag.xml
index 3ec48890992c..7090c3cdfb94 100644
--- a/src/chrome/content/rules/Deutscher_Bundestag.xml
+++ b/src/chrome/content/rules/Deutscher_Bundestag.xml
@@ -1,19 +1,28 @@
 <!--
-	Problematic subdomains:
-
-		- webarchiv	(works; mismatched, CN: blog.internetenquete.de)
-
+	Time-Out
+		bilderdienst.bundestag.de
+		pdok.bundestag.de
+		webarchiv.bundestag.de
 -->
 <ruleset name="Deutscher Bundestag (partial)">
 
 	<target host="bundestag.de" />
-	<target host="*.bundestag.de" />
-
+	<target host="www.bundestag.de" />
+	<target host="adler.bundestag.de" />
+	<target host="dip.bundestag.de" />
+	<target host="dipbt.bundestag.de" />
+	<target host="dip21.bundestag.de" />
+	<target host="epetitionen.bundestag.de" />
+	<target host="forum.bundestag.de" />
+	<target host="opac.bundestag.de" />
+	<target host="schule.bundestag.de" />
+	<target host="statistik.bundestag.de" />
+	<target host="suche.bundestag.de" />
+	<target host="visite.bundestag.de" />
+	<target host="webtv.bundestag.de" />
 
 	<securecookie host="^.+\.bundestag\.de$" name=".+" />
 
+	<rule from="^http:" to="https:"/>
 
-	<rule from="^http://((?:datenaustausch|forum|suche|www)\.)?bundestag\.de/"
-		to="https://$1bundestag.de/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Deutsches_Forschungsnetz.xml b/src/chrome/content/rules/Deutsches_Forschungsnetz.xml
new file mode 100644
index 000000000000..6cb002c621da
--- /dev/null
+++ b/src/chrome/content/rules/Deutsches_Forschungsnetz.xml
@@ -0,0 +1,39 @@
+<!--
+	Deutsches Forschungsnetz
+
+
+	STS header includes includeSubdomains.
+
+
+	^dfn.de: Mismatched
+
+-->
+<ruleset name="DFN.de">
+
+	<target host="dfn.de" />
+	<target host="*.dfn.de" />
+
+		<exclusion pattern="http://(?:airoserv4|www\.listserv|cdp\d*\.pca)\.dfn\.de/" />
+
+			<!--	+ve:
+					-->
+			<test url="http://airoserv4.dfn.de/" />
+			<test url="http://www.listserv.dfn.de/" />
+			<test url="http://cdp.pca.dfn.de/uni-erlangen-nuernberg-ca/pub/cacert/cacert.pem" />
+			<test url="http://cdp1.pca.dfn.de/global-root-ca/pub/crl/cacrl.crl" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://dfn\.de/"
+		to="https://www.dfn.de/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+		<test url="http://info.pca.dfn.de/" />
+		<test url="http://www.pki.dfn.de/" />
+		<test url="http://www.dfn.de/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Deutsches_Klimaportal.xml b/src/chrome/content/rules/Deutsches_Klimaportal.xml
new file mode 100644
index 000000000000..d3dd591388f0
--- /dev/null
+++ b/src/chrome/content/rules/Deutsches_Klimaportal.xml
@@ -0,0 +1,10 @@
+<!--
+	No DNS entry:
+		deutschesklimaportal.de
+-->
+
+<ruleset name="Deutsches Klimaportal">
+	<target host="www.deutschesklimaportal.de" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Deutschlandfunk.de.xml b/src/chrome/content/rules/Deutschlandfunk.de.xml
new file mode 100644
index 000000000000..aa033bda91c7
--- /dev/null
+++ b/src/chrome/content/rules/Deutschlandfunk.de.xml
@@ -0,0 +1,32 @@
+<!--
+	For other Deutschlandradio related rulesets, see Deutschlandradio.de.xml.
+
+	Content mismatch:
+		- st0[1-2].sslstream.dlf.de
+
+	Invalid certificate:
+		- 50jahre.deutschlandfunk.de
+		- blog.deutschlandfunk.de
+		- blogs.deutschlandfunk.de
+		- europa.deutschlandfunk.de
+		- wahlblog.deutschlandfunk.de
+		- st0[1-4].dlf.de
+-->
+<ruleset name="Deutschlandfunk.de">
+
+	<target host="deutschlandfunk.de" />
+	<target host="www.deutschlandfunk.de" />
+	<target host="assets.deutschlandfunk.de" />
+	<target host="m.deutschlandfunk.de" />
+	<target host="assets.mig.deutschlandfunk.de" />
+	<target host="assets.stage.deutschlandfunk.de" />
+	<target host="assets.test.deutschlandfunk.de" />
+	
+	<target host="dlf.de" />
+	<target host="www.dlf.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Deutschlandfunkkultur.de.xml b/src/chrome/content/rules/Deutschlandfunkkultur.de.xml
new file mode 100644
index 000000000000..7ab3342ca8fc
--- /dev/null
+++ b/src/chrome/content/rules/Deutschlandfunkkultur.de.xml
@@ -0,0 +1,18 @@
+<!--
+	For other Deutschlandradio related rulesets, see Deutschlandfunkkultur.de.xml.
+
+	Invalid certificate:
+		www.breitband.deutschlandfunkkultur.de
+-->
+<ruleset name="Deutschlandfunkkultur.de">
+
+	<target host="deutschlandfunkkultur.de" />
+	<target host="www.deutschlandfunkkultur.de" />
+	<target host="breitband.deutschlandfunkkultur.de" />
+	<target host="m.deutschlandfunkkultur.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Deutschlandfunknova.de.xml b/src/chrome/content/rules/Deutschlandfunknova.de.xml
new file mode 100644
index 000000000000..92bce48d613c
--- /dev/null
+++ b/src/chrome/content/rules/Deutschlandfunknova.de.xml
@@ -0,0 +1,14 @@
+<!--
+	For other Deutschlandradio related rulesets, see Deutschlandfunkkultur.de.xml.
+-->
+<ruleset name="Deutschlandfunknova.de">
+
+	<target host="deutschlandfunknova.de" />
+	<target host="www.deutschlandfunknova.de" />
+	<target host="static.deutschlandfunknova.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Deutschlandradio.de.xml b/src/chrome/content/rules/Deutschlandradio.de.xml
new file mode 100644
index 000000000000..71c15eb1ba04
--- /dev/null
+++ b/src/chrome/content/rules/Deutschlandradio.de.xml
@@ -0,0 +1,47 @@
+<!--
+	Other Deutschlandradio.de rulesets:
+		- Deutschlandfunk.de.xml
+		- Deutschlandfunkkultur.de.xml
+		- Deutschlandfunknova.de.xml
+
+	Cert mismatch:
+		- 20jahre.deutschlandradio.de
+		- blogs.deutschlandradio.de.de
+
+	Timeout:
+		- legacy.deutschlandradio.de
+		- mail.deutschlandradio.de
+		- mein.deutschlandradio.de
+
+	TLS errors:
+		- uc-av.deutschlandradio.de
+		- uc-webconf.deutschlandradio.de
+
+	Unable to get local issuer certificate:
+		- berlinupload.deutschlandradio.de
+		- koelnupload.deutschlandradio.de
+		- portal03.deutschlandradio.de
+-->
+<ruleset name="Deutschlandradio.de">
+
+	<target host="deutschlandradio.de" />
+	<target host="www.deutschlandradio.de" />
+	<target host="autodiscover.deutschlandradio.de" />
+	<target host="bvpn.deutschlandradio.de" />
+	<target host="dataexchange.deutschlandradio.de" />
+	<target host="ftp.deutschlandradio.de" />
+	<target host="kurzstrecke.deutschlandradio.de" />
+	<target host="kvpn.deutschlandradio.de" />
+	<target host="lyncdiscover.deutschlandradio.de" />
+	<target host="mobile.deutschlandradio.de" />
+	<target host="srv.deutschlandradio.de" />
+	<target host="uc-meeting.deutschlandradio.de" />
+	<target host="uc-proxy.deutschlandradio.de" />
+	<target host="uc-sip.deutschlandradio.de" />
+	<target host="uc-webapp.deutschlandradio.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"	to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DevConf.cz.xml b/src/chrome/content/rules/DevConf.cz.xml
new file mode 100644
index 000000000000..700d341c13d6
--- /dev/null
+++ b/src/chrome/content/rules/DevConf.cz.xml
@@ -0,0 +1,14 @@
+<!--
+	Non-functional hosts
+		Status code mismatch:
+			 - 2016.devconf.cz
+			 - openshift.devconf.cz
+-->
+<ruleset name="DevConf.cz">
+	<target host="devconf.cz" />
+	<target host="www.devconf.cz" />
+
+	<securecookie host="^(www\.)?devconf\.cz$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/DevDocs.xml b/src/chrome/content/rules/DevDocs.xml
new file mode 100644
index 000000000000..a2d0164732ad
--- /dev/null
+++ b/src/chrome/content/rules/DevDocs.xml
@@ -0,0 +1,7 @@
+<ruleset name="DevDocs">
+	<target host="devdocs.io" />
+	<target host="www.devdocs.io" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/DevStructure.xml b/src/chrome/content/rules/DevStructure.xml
index 8e4f1a8af08f..8d223f77532f 100644
--- a/src/chrome/content/rules/DevStructure.xml
+++ b/src/chrome/content/rules/DevStructure.xml
@@ -1,5 +1,15 @@
-<ruleset name="Devstructure" platform="mixedcontent">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://devstructure.com/ => https://devstructure.com/: (51, "SSL: no alternative certificate subject name matches target host name 'devstructure.com'")
+Fetch error: http://www.devstructure.com/ => https://devstructure.com/: (51, "SSL: no alternative certificate subject name matches target host name 'devstructure.com'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://devstructure.com/ => https://devstructure.com/: (51, "SSL: no alternative certificate subject name matches target host name 'devstructure.com'")
+Fetch error: http://www.devstructure.com/ => https://devstructure.com/: (51, "SSL: no alternative certificate subject name matches target host name 'devstructure.com'")
+-->
+<ruleset name="Devstructure" platform="mixedcontent" default_off="failed ruleset test">
   <target host="devstructure.com"/>
   <target host="www.devstructure.com"/>
-  <rule from="^http://(www\.)?devstructure\.com/" to="https://devstructure.com/"/>
+  <rule from="^http://(?:www\.)?devstructure\.com/" to="https://devstructure.com/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/DevZing.com.xml b/src/chrome/content/rules/DevZing.com.xml
index ba7768e7d664..08ee82c58c72 100644
--- a/src/chrome/content/rules/DevZing.com.xml
+++ b/src/chrome/content/rules/DevZing.com.xml
@@ -12,14 +12,14 @@
 <ruleset name="devZing.com">
 
 	<target host="devzing.com" />
-	<target host="*.devzing.com" />
+	<target host="support.devzing.com" />
+	<target host="www.devzing.com" />
 		<exclusion pattern="^http://(?:www\.)?devzing\.com/blog/index\.php" />
 
 
 	<securecookie host="^devzing\.com$" name=".+" />
 
 
-	<rule from="^http://(support\.|www\.)?devzing\.com/"
-		to="https://$1devzing.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Devast.io.xml b/src/chrome/content/rules/Devast.io.xml
new file mode 100644
index 000000000000..454fbc6eee0e
--- /dev/null
+++ b/src/chrome/content/rules/Devast.io.xml
@@ -0,0 +1,23 @@
+<!--
+	Timeout:
+		- 104-200-29-183
+		- 139-162-190-42
+		- 139-162-6-31
+		- 172-104-150-187
+		- 173-255-221-28
+		- 185-159-82-199
+		- 185-159-82-97
+		- 69-164-210-207
+
+	Mismatched:
+		- ftp
+		- mail
+		- pop3
+		- smtp
+-->
+<ruleset name="Devast.io">
+	<target host="devast.io" />
+	<target host="www.devast.io" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Deverge.com.xml b/src/chrome/content/rules/Deverge.com.xml
new file mode 100644
index 000000000000..5247ec5c780a
--- /dev/null
+++ b/src/chrome/content/rules/Deverge.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Deverge.com">
+	<target host="deverge.com" />
+	<target host="www.deverge.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Devever.net.xml b/src/chrome/content/rules/Devever.net.xml
new file mode 100644
index 000000000000..8e250199a90c
--- /dev/null
+++ b/src/chrome/content/rules/Devever.net.xml
@@ -0,0 +1,19 @@
+<!--
+	STS header includes includeSubdomains.
+
+-->
+<ruleset name="devever.net">
+
+	<target host="devever.net" />
+	<target host="*.devever.net" />
+
+		<test url="http://www.devever.net/" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DeviantArt.xml b/src/chrome/content/rules/DeviantArt.xml
new file mode 100644
index 000000000000..536425c7c045
--- /dev/null
+++ b/src/chrome/content/rules/DeviantArt.xml
@@ -0,0 +1,36 @@
+<!--
+	Other DeviantArt rulesets:
+		- Sta.sh.xml
+-->
+
+<ruleset name="DeviantArt">
+	<target host="deviantart.com" />
+	<target host="*.deviantart.com" />
+	<target host="deviantart.net" />
+	<target host="*.deviantart.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+	<test url="http://www.deviantart.com/" />
+	<test url="http://27d.deviantart.com/" />
+	<test url="http://chat.deviantart.com/" />
+	<test url="http://l.deviantart.com/" />
+	<test url="http://shop.deviantart.com/" />
+	<test url="http://a.deviantart.net/avatars/default.gif" />
+	<test url="http://e.deviantart.net/emoticons/b/bulletgreen.gif" />
+	<test url="http://img00.deviantart.net/ca7e/i/2013/276/d/b/pokemon___triple_charizards_by_sa_dui-d6p54in.jpg" />
+	<test url="http://img07.deviantart.net/9096/i/2014/108/f/1/cookie_monster_cupcakes_by_cakecrumbs-d5aflte.jpg" />
+	<test url="http://img14.deviantart.net/d451/i/2016/190/8/d/holtzmann_by_gido-da9d4tp.jpg" />
+	<test url="http://orig00.deviantart.net/0611/f/2008/176/c/c/superman_in_flight_by_jprart.jpg" />
+	<test url="http://orig07.deviantart.net/6841/f/2010/358/0/4/merry_christmas_everybody_by_meninasuitcase-d35krat.gif" />
+	<test url="http://orig15.deviantart.net/6a2f/f/2016/174/3/f/alexstrasza___ruby_sanctum_by_narga_lifestream-da7bkwh.jpg" />
+	<test url="http://pre02.deviantart.net/0573/th/pre/i/2015/334/e/6/149_kirby_charity_flight_by_tommygk-d9gvdft.jpg" />
+	<test url="http://pre07.deviantart.net/a2a5/th/pre/i/2016/090/9/2/glitter_trails_by_renkarts-d9x8s87.jpg" />
+	<test url="http://pre14.deviantart.net/16bf/th/pre/f/2016/189/6/6/tumbledump_xviii_by_adoradora-da9b2f7.jpg" />
+	<test url="http://st.deviantart.net/minish/deviation/artist-comment-l.gif?2" />
+	<test url="http://t00.deviantart.net/OA-TCLekcOjVR_n3_XB13rnv_0k=/300x200/filters:fixed_height(100,100):origin()/pre08/4b74/th/pre/i/2016/081/7/d/dancer_by_danika_stock-d9w38vx.jpg" />
+	<test url="http://t08.deviantart.net/2t0n7wqxjyq6VweE4c6mUm5LiIw=/300x200/filters:fixed_height(100,100):origin()/pre07/f5dc/th/pre/i/2016/126/e/1/body_reference___sitting_in_chair__legs_crossed_by_danika_stock-d9w366f.jpg" />
+	<test url="http://t15.deviantart.net/0ykeQqfSrPS7K0HEHr0yQpQe5Mw=/fit-in/150x150/filters:no_upscale():origin()/pre11/8bbd/th/pre/f/2016/189/3/8/_outro__cenrio_by_janainaart-da9aykg.jpg" />
+</ruleset>
diff --git a/src/chrome/content/rules/Deviantart-mismatches.xml b/src/chrome/content/rules/Deviantart-mismatches.xml
deleted file mode 100644
index 27c7886a1e6b..000000000000
--- a/src/chrome/content/rules/Deviantart-mismatches.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	For rules that are on by default, see Deviantart.xml.
-
--->
-<ruleset name="DeviantArt (mismatches)" default_off="Certificate mismatch">
-
-	<target host="fav.me" />
-	<target host="www.fav.me" />
-
-
-	<rule from="^http://(?:www\.)?fav\.me/"
-		to="https://fav.me/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Deviantart.xml b/src/chrome/content/rules/Deviantart.xml
deleted file mode 100644
index 4f8deefeabf5..000000000000
--- a/src/chrome/content/rules/Deviantart.xml
+++ /dev/null
@@ -1,37 +0,0 @@
-<!--
-	For problematic rules, see Deviantart-mismatches.xml.
-
-
-	ToDo: Find edgecast URL for /(fc|th)\d+.
-
--->
-<ruleset name="DeviantArt (pending)" default_off="site operator says not ready yet">
-
-	<target host="deviantart.com" />
-	<target host="*.deviantart.com" />
-	<target host="deviantart.net" />
-	<target host="*.deviantart.net" />
-
-
-	<securecookie host="^\.deviantart\.com$" name=".*" />
-
-
-	<!--	Redirects from com to net, but does so successfully by itself.
-										-->
-	<rule from="^http://([aei]|fc\d\d|s[ht]|th\d\d)\.deviantart\.(com|net)/"
-		to="https://$1.deviantart.$2/" />
-
-	<!--	This handles everything that isn't in the first rule.
-		Namely, usernames, backend, fc, th, and (www.).
-			These domains present a cert that is only
-		valid for .com.
-			Note that .net isn't used on DA, but.net does
-		redirect to .com, and we shouldn't break what would
-		otherwise work.
-			Mustn't rewrite from https here, as doing so
-		would conflict with the first rule.
-								-->
-	<rule from="^http://([^/:@\.]+\.)?deviantart\.(?:com|net)/"
-		to="https://$1deviantart.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Devil_Team.pl.xml b/src/chrome/content/rules/Devil_Team.pl.xml
new file mode 100644
index 000000000000..63969fa35379
--- /dev/null
+++ b/src/chrome/content/rules/Devil_Team.pl.xml
@@ -0,0 +1,25 @@
+<!--
+	www.devilteam.pl: Mismatched
+
+-->
+<ruleset name="Devil Team.pl">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="devilteam.pl" />
+
+	<!--	Complications:
+				-->
+	<target host="www.devilteam.pl" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://www\.devilteam\.pl/"
+		to="https://devilteam.pl/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Devolo.com.xml b/src/chrome/content/rules/Devolo.com.xml
new file mode 100644
index 000000000000..0afdda49ed6c
--- /dev/null
+++ b/src/chrome/content/rules/Devolo.com.xml
@@ -0,0 +1,17 @@
+<!--
+	Mixed content:
+
+		- Icon on (www.) from www *
+
+	* Secured by us
+
+-->
+<ruleset name="Devolo.com">
+
+	<target host="devolo.com" />
+	<target host="www.devolo.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Devolverdigital.com.xml b/src/chrome/content/rules/Devolverdigital.com.xml
new file mode 100644
index 000000000000..9fce5770ba02
--- /dev/null
+++ b/src/chrome/content/rules/Devolverdigital.com.xml
@@ -0,0 +1,13 @@
+<!--
+	Non working:
+	merch.devolverdigital.com
+	gdc.devolverdigital.com
+	fanart.devolverdigital.com
+-->
+<ruleset name="Devolverdigital.com">
+	<target host="devolverdigital.com" />
+	<target host="www.devolverdigital.com" />
+	<target host="store.devolverdigital.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Devon.gov.uk.xml b/src/chrome/content/rules/Devon.gov.uk.xml
new file mode 100644
index 000000000000..c12cd730200c
--- /dev/null
+++ b/src/chrome/content/rules/Devon.gov.uk.xml
@@ -0,0 +1,33 @@
+<!--
+	Devon County Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+	Non-functional hosts
+		Couldn't connect to server:
+		- gis.devon.gov.uk
+
+		Timeout was reached:
+		- www.devon.gov.uk
+
+		SSL peer certificate was not OK:
+		- alpha.devon.gov.uk
+		- www.directory.devon.gov.uk
+
+		Incomplete certificate chain error:
+		- services.devon.gov.uk
+-->
+<ruleset name="Devon.gov.uk">
+	<target host="devon.gov.uk" />
+	<target host="www.devon.gov.uk" />
+	<target host="beta.devon.gov.uk" />
+	<target host="new.devon.gov.uk" />
+	<target host="oneonline.devon.gov.uk" />
+	<target host="partners.devon.gov.uk" />
+
+	<rule from="^http://www\.devon\.gov\.uk/"
+			to="https://new.devon.gov.uk/" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/DevonandCornwallPolice.xml b/src/chrome/content/rules/DevonandCornwallPolice.xml
new file mode 100644
index 000000000000..5c82a507a845
--- /dev/null
+++ b/src/chrome/content/rules/DevonandCornwallPolice.xml
@@ -0,0 +1,26 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://devon-cornwall.police.uk/ => https://devon-cornwall.police.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'devon-cornwall.police.uk'")
+
+	For Devon and Cornwall Police
+
+		Works:
+
+			- $
+			- www
+			- services
+
+		Doesn't work:
+
+			- dogsection.devon-cornwall.police.uk
+			- digitalmediablog.devon-cornwall.police.uk
+
+-->
+<ruleset name="Devon and Cornwall Police" default_off="failed ruleset test">
+	<target host="devon-cornwall.police.uk" />
+	<target host="www.devon-cornwall.police.uk" />
+	<target host="services.devon-cornwall.police.uk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Devoncredit.ru.xml b/src/chrome/content/rules/Devoncredit.ru.xml
new file mode 100644
index 000000000000..f054f6ac6934
--- /dev/null
+++ b/src/chrome/content/rules/Devoncredit.ru.xml
@@ -0,0 +1,7 @@
+<ruleset name="Devoncredit.ru">
+	<target host="devoncredit.ru" />
+	<target host="www.devoncredit.ru" />
+	<target host="mib.devoncredit.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Devpen.io.xml b/src/chrome/content/rules/Devpen.io.xml
new file mode 100644
index 000000000000..a991acf78e14
--- /dev/null
+++ b/src/chrome/content/rules/Devpen.io.xml
@@ -0,0 +1,8 @@
+<ruleset name="Devpen.io">
+	<target host="devpen.io" />
+	<target host="www.devpen.io" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Devpress.com.xml b/src/chrome/content/rules/Devpress.com.xml
new file mode 100644
index 000000000000..48e89feab80c
--- /dev/null
+++ b/src/chrome/content/rules/Devpress.com.xml
@@ -0,0 +1,13 @@
+<!--
+	www: cert only matches ^devpress.com
+
+-->
+<ruleset name="Devpress.com">
+
+	<target host="devpress.com" />
+	<target host="www.devpress.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Devprom.ru.xml b/src/chrome/content/rules/Devprom.ru.xml
new file mode 100644
index 000000000000..460c97b694bf
--- /dev/null
+++ b/src/chrome/content/rules/Devprom.ru.xml
@@ -0,0 +1,26 @@
+<!--
+	Nonfunctional hosts in *devprom.ru:
+
+		- club ¹
+		- support ²
+
+	¹ 404
+	² Plaintext reply
+
+
+	NB: Server sends no certificate chain, see https://whatsmychaincert.com
+
+-->
+<ruleset name="Devprom.ru (partial)" default_off="cert-chain">
+
+	<target host="devprom.ru" />
+	<target host="www.devprom.ru" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DevsBuild.It.xml b/src/chrome/content/rules/DevsBuild.It.xml
index f2836e011f23..c0cebc1f3869 100644
--- a/src/chrome/content/rules/DevsBuild.It.xml
+++ b/src/chrome/content/rules/DevsBuild.It.xml
@@ -16,7 +16,7 @@
 	<target host="assets.devsbuild.it" />
 
 
-	<rule from="^https?://assets\.devsbuild\.it/"
+	<rule from="^http://assets\.devsbuild\.it/"
 		to="https://dwr712tf70ilz.cloudfront.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Devuan.org.xml b/src/chrome/content/rules/Devuan.org.xml
new file mode 100644
index 000000000000..d7c7b5b1de0c
--- /dev/null
+++ b/src/chrome/content/rules/Devuan.org.xml
@@ -0,0 +1,24 @@
+<!--
+	Nonfunctional subdomains:
+
+		- packages *
+
+	* Refused
+
+
+	Fully covered subdomains:
+
+		- (www.)?
+		- git
+
+-->
+<ruleset name="Devuan.org (partial)">
+
+	<target host="devuan.org" />
+	<target host="git.devuan.org" />
+	<target host="www.devuan.org" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Dex_Media.com.xml b/src/chrome/content/rules/Dex_Media.com.xml
new file mode 100644
index 000000000000..8d3d721be355
--- /dev/null
+++ b/src/chrome/content/rules/Dex_Media.com.xml
@@ -0,0 +1,86 @@
+<!--
+	Other Dex Media rulesets:
+
+		- Directorystore.com.xml
+		- SuperGuarantee.com.xml
+		- SuperMedia.xml
+		- Superpages.com.xml
+
+
+	CDN buckets:
+
+		- dexmedia-wpengine.netdna-ssl.com
+
+
+	Nonfunctional subdomains:
+
+		- findme ¹
+		- jobs ²
+		- national ³
+
+	¹ 404
+	² Refused
+	³ WP Engine
+
+
+	Problematic subdomains:
+
+		- cdn *
+
+	* Mismatched
+
+
+	Fully covered subdomains:
+
+		- (www.)?
+		- account
+		- cdn		(→ dexmedia-wpengine.netdna-ssl.com)
+		- my
+		- www
+		- www-int
+
+
+	Insecure cookies are set for these hosts:
+
+		- account.dexmedia.com
+		- my.dexmedia.com
+
+
+	Mixed content:
+
+		- Images on www from cdn.dexmedia.com
+		- Bug on my from superpagesadvert.122.2o7.net *
+
+	* Secured by us
+
+-->
+<ruleset name="Dex Media.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="dexmedia.com" />
+	<target host="account.dexmedia.com" />
+	<target host="my.dexmedia.com" />
+	<target host="www.dexmedia.com" />
+	<target host="www-int.dexmedia.com" />
+
+	<!--	Complications:
+				-->
+	<target host="cdn.dexmedia.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^account\.dexmedia\.com$" name="^JSESSIONID$" /-->
+	<!--securecookie host="^my\.dexmedia\.com$" name="^(CstrStatus|trafficSource)$" /-->
+
+	<securecookie host="^(?:account|my)\.dexmedia\.com$" name=".+" />
+
+
+	<rule from="^http://cdn\.dexmedia\.com/"
+		to="https://dexmedia-wpengine.netdna-ssl.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Dezeen.com.xml b/src/chrome/content/rules/Dezeen.com.xml
index 362882666e19..318390282220 100644
--- a/src/chrome/content/rules/Dezeen.com.xml
+++ b/src/chrome/content/rules/Dezeen.com.xml
@@ -1,15 +1,28 @@
 <!--
-	Nonfunctional subdomains:
+	Non-functional hosts
+		Couldn't connect to server:
+			 - static2.dezeen.com
 
-		- (www.)	(refused)
+		Timeout was reached:
+			 - disqus.dezeen.com
 
+		SSL peer certificate was not OK:
+			 - downloads.dezeen.com
+			 - newsletter.dezeen.com
+			 - on.dezeen.com
+			 - staging.dezeen.com
+
+		4xx client error:
+			 - admin.dezeen.com
 -->
 <ruleset name="Dezeen.com (partial)">
-
+	<target host="dezeen.com" />
+	<target host="www.dezeen.com" />
+	<target host="services.dezeen.com" />
+		<test url="http://services.dezeen.com/interiors/widget.desktop.html" />
 	<target host="static.dezeen.com" />
 
+	<securecookie host="^(www\.)?dezeen\.com$" name=".+" />
 
-	<rule from="^http://static\.dezeen\.com/"
-		to="https://static.dezeen.com/" />
-
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Dezert_Depot.xml b/src/chrome/content/rules/Dezert_Depot.xml
deleted file mode 100644
index cdef3d888c3e..000000000000
--- a/src/chrome/content/rules/Dezert_Depot.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Dezert Depot">
-
-	<target host="dezertdepot.com" />
-	<target host="*.dezertdepot.com" />
-
-
-	<securecookie host="^(?:.*\.)?dezertdepot\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?dezertdepot\.com/"
-		to="https://$1dezertdepot.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Dfri.se.xml b/src/chrome/content/rules/Dfri.se.xml
index 74fe432f922b..2867b554c9c0 100644
--- a/src/chrome/content/rules/Dfri.se.xml
+++ b/src/chrome/content/rules/Dfri.se.xml
@@ -2,5 +2,5 @@
   <target host="dfri.se" />
   <target host="www.dfri.se" />
 
-  <rule from="^http://(?:www\.)?dfri\.se/" to="https://www.dfri.se/" />
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Dgl.cx.xml b/src/chrome/content/rules/Dgl.cx.xml
new file mode 100644
index 000000000000..392add4eb1d9
--- /dev/null
+++ b/src/chrome/content/rules/Dgl.cx.xml
@@ -0,0 +1,19 @@
+<!--
+	www: cert only matches ^dgl.cx
+
+
+	Mixed content:
+
+		- Images from www.bbspot.com
+
+-->
+<ruleset name="dgl.cx">
+
+	<target host="dgl.cx" />
+	<target host="www.dgl.cx" />
+
+
+	<rule from="^http://(?:www\.)?dgl\.cx/"
+		to="https://dgl.cx/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Dhaval_Kapil.com.xml b/src/chrome/content/rules/Dhaval_Kapil.com.xml
new file mode 100644
index 000000000000..cb47c6fb1e7f
--- /dev/null
+++ b/src/chrome/content/rules/Dhaval_Kapil.com.xml
@@ -0,0 +1,39 @@
+<!--
+	NB: Tor users cannot view* this website due to CloudFlare settings.
+
+	See:
+
+		- https://blog.torproject.org/blog/call-arms-helping-internet-services-accept-anonymous-users
+		- https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block-Tor-
+		- https://support.cloudflare.com/hc/en-us/articles/200170206-How-do-I-turn-I-m-Under-Attack-mode-on-
+
+	* without enabling javascript, for security and privacy implications see e.g.:
+
+		- https://www.mozilla.org/security/known-vulnerabilities/firefox.html
+		- https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-fingerprinting
+		- https://panopticlick.eff.org
+
+
+	Insecure cookies are set for these domains:
+
+		- .dhavalkapil.com
+
+-->
+<ruleset name="Dhaval Kapil.com">
+
+	<target host="dhavalkapil.com" />
+	<target host="www.dhavalkapil.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.dhavalkapil\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DiaGrid.xml b/src/chrome/content/rules/DiaGrid.xml
index 206e3d8f4cbb..76b0abbfe227 100644
--- a/src/chrome/content/rules/DiaGrid.xml
+++ b/src/chrome/content/rules/DiaGrid.xml
@@ -16,7 +16,7 @@
 	<securecookie host="^diagrid\.org$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?dia-?grid\.org/"
+	<rule from="^http://(?:www\.)?dia-?grid\.org/"
 		to="https://diagrid.org/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Diagonalperiodico.net.xml b/src/chrome/content/rules/Diagonalperiodico.net.xml
index c43caa15f72d..068a2e783272 100644
--- a/src/chrome/content/rules/Diagonalperiodico.net.xml
+++ b/src/chrome/content/rules/Diagonalperiodico.net.xml
@@ -2,5 +2,5 @@
   <target host="diagonalperiodico.net" />
   <target host="www.diagonalperiodico.net" />
 
-  <rule from="^http://(?:www\.)?diagonalperiodico\.net/" to="https://www.diagonalperiodico.net/" />
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Diakonie.de.xml b/src/chrome/content/rules/Diakonie.de.xml
new file mode 100644
index 000000000000..1b5397276773
--- /dev/null
+++ b/src/chrome/content/rules/Diakonie.de.xml
@@ -0,0 +1,20 @@
+<!--
+	Secure connection failed:
+		www.info.diakonie.de
+-->
+<ruleset name="Diakonie.de">
+
+	<target host="diakonie.de" />
+	<target host="www.diakonie.de" />
+	<target host="bewerbung.diakonie.de" />
+	<target host="design.diakonie.de" />
+	<target host="hilfe.diakonie.de" />
+	<target host="info.diakonie.de" />
+	<target host="karriere.diakonie.de" />
+	<target host="missiononline.diakonie.de" />
+	<target host="praesident.diakonie.de" />
+	<target host="wolke.diakonie.de" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Dial_Direct.xml b/src/chrome/content/rules/Dial_Direct.xml
index 48df660a8c0f..a017bfcfb905 100644
--- a/src/chrome/content/rules/Dial_Direct.xml
+++ b/src/chrome/content/rules/Dial_Direct.xml
@@ -17,10 +17,10 @@
 	<securecookie host="^\.?www\.dialdirect\.co\.uk$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?dialdirect\.co\.uk/"
+	<rule from="^http://(?:www\.)?dialdirect\.co\.uk/"
 		to="https://www.dialdirect.co.uk/" />
 
-	<rule from="^https?://(?:www\.)?insure-systems\.co\.uk/"
+	<rule from="^http://(?:www\.)?insure-systems\.co\.uk/"
 		to="https://www.insure-systems.co.uk/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Dialogs.com.xml b/src/chrome/content/rules/Dialogs.com.xml
new file mode 100644
index 000000000000..db95397406b0
--- /dev/null
+++ b/src/chrome/content/rules/Dialogs.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- www.dialogs.com
+
+-->
+<ruleset name="Dialogs.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="dialogs.com" />
+	<target host="www.dialogs.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.dialogs\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^www\.dialogs\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Dianomi.com.xml b/src/chrome/content/rules/Dianomi.com.xml
new file mode 100644
index 000000000000..54155cdc5d73
--- /dev/null
+++ b/src/chrome/content/rules/Dianomi.com.xml
@@ -0,0 +1,24 @@
+<!--
+	Nonfunctional subdomains:
+		SSL peer certificate was not OK:
+		- www.forex.dianomi.com
+		- www.offers.dianomi.com
+		- www.retirement.dianomi.com
+		- www.smartlinks.dianomi.com
+		- www.trading.dianomi.com
+
+-->
+<ruleset name="Dianomi.com (partial)">
+
+	<target host="dianomi.com" />
+	<target host="www.dianomi.com" />
+	<target host="auoffers.dianomi.com" />
+	<target host="automotive.dianomi.com" />
+	<target host="goldinvesting.dianomi.com" />
+	<target host="my.dianomi.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Dianomi.xml b/src/chrome/content/rules/Dianomi.xml
deleted file mode 100644
index f8810a814a0c..000000000000
--- a/src/chrome/content/rules/Dianomi.xml
+++ /dev/null
@@ -1,29 +0,0 @@
-<!--
-	CDN buckets:
-
-		- d3von6il1wr7wo.cloudfront.net
-
-			- cdn
-
-
-	Nonfunctional subdomains:
-
-		- www.smartlinks	(dropped)
-
--->
-<ruleset name="dianomi (partial)" platform="mixedcontent">
-
-	<target host="dianomi.com" />
-	<target host="*.dianomi.com" />
-
-
-	<securecookie host="^(?:.*\.)?dianomi\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?dianomi\.com/"
-		to="https://www.dianomi.com/" />
-
-	<rule from="^http://cdn\.dianomi\.com/"
-		to="https://d3von6il1wr7wo.cloudfront.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Diasp.de.xml b/src/chrome/content/rules/Diasp.de.xml
index 315eaf4d3326..93dc80902125 100644
--- a/src/chrome/content/rules/Diasp.de.xml
+++ b/src/chrome/content/rules/Diasp.de.xml
@@ -1,6 +1,11 @@
 <ruleset name="Diasp.de">
+
+	<!--	Direct rewrites:
+				-->
   <target host="diasp.de" />
   <target host="www.diasp.de" />
 
-  <rule from="^http://(www\.)?diasp\.de/" to="https://diasp.de/" />
+  <rule from="^http://www\.diasp\.de/" to="https://diasp.de/" />
+
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Diasp.eu.xml b/src/chrome/content/rules/Diasp.eu.xml
index 476ce391724e..94300c36e61e 100644
--- a/src/chrome/content/rules/Diasp.eu.xml
+++ b/src/chrome/content/rules/Diasp.eu.xml
@@ -1,6 +1,18 @@
-<ruleset name="Diasp.eu">
-  <target host="diasp.eu" />
-  <target host="www.diasp.eu" />
 
-  <rule from="^http://(www\.)?diasp\.eu/" to="https://diasp.eu/" />
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.diasp.eu/ => https://www.diasp.eu/: (51, "SSL: no alternative certificate subject name matches target host name 'www.diasp.eu'")
+
+-->
+<ruleset name="Diasp.eu" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="diasp.eu" />
+	<target host="www.diasp.eu" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/Diasp.org.xml b/src/chrome/content/rules/Diasp.org.xml
deleted file mode 100644
index fef3ca378555..000000000000
--- a/src/chrome/content/rules/Diasp.org.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="Diasp.org">
-  <target host="diasp.org" />
-  <target host="www.diasp.org" />
-
-  <rule from="^http://(?:www\.)?diasp\.org/"
-          to="https://diasp.org/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/Diaspora.xml b/src/chrome/content/rules/Diaspora.xml
index 5df6a981127b..b477983027c2 100644
--- a/src/chrome/content/rules/Diaspora.xml
+++ b/src/chrome/content/rules/Diaspora.xml
@@ -1,33 +1,17 @@
 <!--
-	Problematic domains:
-
-		- diasporaproject.org		(mismatched, CN: *.heroku.com)
-		- www.diasporaproject.org	(dropped)
+	^diasporaproject.org: Dropped over http & https
 
 -->
-<ruleset name="Diaspora">
+<ruleset name="JoinDiaspora.com">
 
-	<target host="diasporafoundation.org" />
-	<target host="*.diasporafoundation.org" />
-	<target host="diasporaproject.org" />
-	<target host="www.diasporaproject.org"/>
 	<target host="joindiaspora.com" />
 	<target host="www.joindiaspora.com" />
 
 
-	<securecookie host="^(?:\.|blog\.)?diasporafoundation\.org$" name=".+" />
 	<securecookie host="^(?:www\.)?joindiaspora\.com$" name=".+" />
 
 
-	<rule from="^http://((?:blog|wiki|www)\.)?diasporafoundation\.org/"
-		to="https://$1diasporafoundation.org/" />
-
-	<!--	Server drops path:
-					-->
-	<rule from="^http://(?:www\.)?diasporaproject\.org/.*"
-		to="https://diasporafoundation.org/" />
-
-	<rule from="^http://(www\.)?joindiaspora\.com/"
-		to="https://$1joindiaspora.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/DiasporaBR.com.br.xml b/src/chrome/content/rules/DiasporaBR.com.br.xml
new file mode 100644
index 000000000000..1ec94034deaf
--- /dev/null
+++ b/src/chrome/content/rules/DiasporaBR.com.br.xml
@@ -0,0 +1,9 @@
+<ruleset name="DiasporaBR.com.br">
+
+	<target host="diasporabr.com.br" />
+	<target host="www.diasporabr.com.br" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Diaspora_Brazil.org.xml b/src/chrome/content/rules/Diaspora_Brazil.org.xml
new file mode 100644
index 000000000000..d2564a2bd7a9
--- /dev/null
+++ b/src/chrome/content/rules/Diaspora_Brazil.org.xml
@@ -0,0 +1,18 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.diasporabrazil.org/ => https://www.diasporabrazil.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.diasporabrazil.org'")
+
+-->
+<ruleset name="Diaspora Brazil.org" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="diasporabrazil.org" />
+	<target host="www.diasporabrazil.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Diaspora_Foundation.org.xml b/src/chrome/content/rules/Diaspora_Foundation.org.xml
new file mode 100644
index 000000000000..2f96dee620d0
--- /dev/null
+++ b/src/chrome/content/rules/Diaspora_Foundation.org.xml
@@ -0,0 +1,36 @@
+<!--
+	Fully covered hosts in *diasporafoundation.org:
+
+		- (www.)?
+		- blog
+		- planet
+		- wiki
+
+
+	Insecure cookies are set for these hosts:
+
+		- diasporafoundation.org
+
+-->
+<ruleset name="Diaspora Foundation.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="diasporafoundation.org" />
+	<target host="blog.diasporafoundation.org" />
+	<target host="planet.diasporafoundation.org" />
+	<target host="wiki.diasporafoundation.org" />
+	<target host="www.diasporafoundation.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^diasporafoundation\.org$" name="^(_diaspora-project-site_session|locale|request_method)$" /-->
+
+	<securecookie host="^(?:\.|blog\.)?diasporafoundation\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Dice-problematic.xml b/src/chrome/content/rules/Dice-problematic.xml
deleted file mode 100644
index 152f4a84766e..000000000000
--- a/src/chrome/content/rules/Dice-problematic.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	For rules that are on by default, see Dice.xml.
-
--->
-<ruleset name="Dice (problematic)" default_off="mismatch">
-
-	<target host="dice.com" />
-	<target host="www.dice.com" />
-		<!--
-			Handled in Dice.com.xml.
-							-->
-		<exclusion pattern="^https?://(?:www\.)?dice\.com/assets/" />
-
-
-	<!--	Cert: secure.dice.com
-					-->
-	<rule from="^https?://(?:www\.)?dice\.com/"
-		to="https://www.dice.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Dice.com.xml b/src/chrome/content/rules/Dice.com.xml
new file mode 100644
index 000000000000..d87918b34c36
--- /dev/null
+++ b/src/chrome/content/rules/Dice.com.xml
@@ -0,0 +1,30 @@
+<!--
+	Other Dice Holdings rulesets:
+		+ EFinancialCareers.xml
+		+ EFinancialCareers.cn.xml
+		+ Slashdot_Media.xml
+
+	Non-functional hosts
+		Timeout was reached:
+		- images.dice.com
+		- marketing.dice.com
+		- news.dice.com
+
+		SSL peer certificate was not OK:
+		- media.dice.com
+-->
+<ruleset name="Dice.com (partial)">
+	<target host="dice.com" />
+	<target host="www.dice.com" />
+	<target host="assets.dice.com" />
+	<target host="employer.dice.com" />
+	<target host="get.dice.com" />
+	<target host="resources.dice.com" />
+	<target host="secure.dice.com" />
+	<target host="seeker.dice.com" />
+	<target host="techtalk.dice.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Dice.xml b/src/chrome/content/rules/Dice.xml
deleted file mode 100644
index 80122a00d92b..000000000000
--- a/src/chrome/content/rules/Dice.xml
+++ /dev/null
@@ -1,39 +0,0 @@
-<!--
-	For problematic rules, see Dice-problematic.xml.
-
-
-	Other Dice Holdings rulesets:
-
-		- EFinancialCareers.xml
-		- Geeknet_Media.xml
-		- Slashdot_Media.xml
-
-
-	Nonfunctional subdomains:
-
-		- media
-		- news		(times out)
-		- seeker
-
-
-	Problematic subdomains:
-
-		- (www.)	(works; mismatched, CN: secure.dice.com)
-
--->
-<ruleset name="Dice (partial)">
-
-	<target host="dice.com" />
-	<target host="*.dice.com" />
-
-
-	<rule from="^https?://(?:www\.)?dice\.com/assets/"
-		to="https://secure.dice.com/assets/" />
-
-	<rule from="^https?://(?:www\.)?dice\.com/content/"
-		to="https://images.dice.com/external/content/" />
-
-	<rule from="^http://(assets|employer|images|secure)\.dice\.com/"
-		to="https://$1.dice.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Dicesoft.net.xml b/src/chrome/content/rules/Dicesoft.net.xml
new file mode 100644
index 000000000000..180b46b06c01
--- /dev/null
+++ b/src/chrome/content/rules/Dicesoft.net.xml
@@ -0,0 +1,9 @@
+<ruleset name="Dicesoft.net">
+
+	<target host="dicesoft.net" />
+	<target host="www.dicesoft.net" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Dict.cc.xml b/src/chrome/content/rules/Dict.cc.xml
new file mode 100644
index 000000000000..253dc5dfa1ce
--- /dev/null
+++ b/src/chrome/content/rules/Dict.cc.xml
@@ -0,0 +1,128 @@
+<!--
+	Mismatch:
+		⁻ ^
+		- contribute
+		- *.contribute
+		- forum
+		- *.forum
+		- my
+		- *.my
+		- users
+		- *.users
+
+	Incomplete chain:
+		- www9
+-->
+<ruleset name="dict.cc">
+
+	<target host="dict.cc" />
+	<target host="www.dict.cc" />
+	<target host="browse.dict.cc" />
+	<target host="pocket.dict.cc" />
+	<target host="secure.dict.cc" />
+
+	<target host="desq.dict.cc" />
+	<target host="de-sq.dict.cc" />
+	<target host="debs.dict.cc" />
+	<target host="de-bs.dict.cc" />
+	<target host="debg.dict.cc" />
+	<target host="de-bg.dict.cc" />
+	<target host="deda.dict.cc" />
+	<target host="de-da.dict.cc" />
+	<target host="deeo.dict.cc" />
+	<target host="de-eo.dict.cc" />
+	<target host="defi.dict.cc" />
+	<target host="de-fi.dict.cc" />
+	<target host="defr.dict.cc" />
+	<target host="de-fr.dict.cc" />
+	<target host="deel.dict.cc" />
+	<target host="de-el.dict.cc" />
+	<target host="deis.dict.cc" />
+	<target host="de-is.dict.cc" />
+	<target host="deit.dict.cc" />
+	<target host="de-it.dict.cc" />
+	<target host="dehr.dict.cc" />
+	<target host="de-hr.dict.cc" />
+	<target host="dela.dict.cc" />
+	<target host="de-la.dict.cc" />
+	<target host="denl.dict.cc" />
+	<target host="de-nl.dict.cc" />
+	<target host="deno.dict.cc" />
+	<target host="de-no.dict.cc" />
+	<target host="depl.dict.cc" />
+	<target host="de-pl.dict.cc" />
+	<target host="dept.dict.cc" />
+	<target host="de-pt.dict.cc" />
+	<target host="dero.dict.cc" />
+	<target host="de-ro.dict.cc" />
+	<target host="deru.dict.cc" />
+	<target host="de-ru.dict.cc" />
+	<target host="desv.dict.cc" />
+	<target host="de-sv.dict.cc" />
+	<target host="desr.dict.cc" />
+	<target host="de-sr.dict.cc" />
+	<target host="desk.dict.cc" />
+	<target host="de-sk.dict.cc" />
+	<target host="dees.dict.cc" />
+	<target host="de-es.dict.cc" />
+	<target host="decs.dict.cc" />
+	<target host="de-cs.dict.cc" />
+	<target host="detr.dict.cc" />
+	<target host="de-tr.dict.cc" />
+	<target host="dehu.dict.cc" />
+	<target host="de-hu.dict.cc" />
+	<target host="ensq.dict.cc" />
+	<target host="en-sq.dict.cc" />
+	<target host="enbs.dict.cc" />
+	<target host="en-bs.dict.cc" />
+	<target host="enbg.dict.cc" />
+	<target host="en-bg.dict.cc" />
+	<target host="enhr.dict.cc" />
+	<target host="en-hr.dict.cc" />
+	<target host="encs.dict.cc" />
+	<target host="en-cs.dict.cc" />
+	<target host="enda.dict.cc" />
+	<target host="en-da.dict.cc" />
+	<target host="ennl.dict.cc" />
+	<target host="en-nl.dict.cc" />
+	<target host="eneo.dict.cc" />
+	<target host="en-eo.dict.cc" />
+	<target host="enfi.dict.cc" />
+	<target host="en-fi.dict.cc" />
+	<target host="enfr.dict.cc" />
+	<target host="en-fr.dict.cc" />
+	<target host="enel.dict.cc" />
+	<target host="en-el.dict.cc" />
+	<target host="enhu.dict.cc" />
+	<target host="en-hu.dict.cc" />
+	<target host="enis.dict.cc" />
+	<target host="en-is.dict.cc" />
+	<target host="enit.dict.cc" />
+	<target host="en-it.dict.cc" />
+	<target host="enla.dict.cc" />
+	<target host="en-la.dict.cc" />
+	<target host="enno.dict.cc" />
+	<target host="en-no.dict.cc" />
+	<target host="enpl.dict.cc" />
+	<target host="en-pl.dict.cc" />
+	<target host="enpt.dict.cc" />
+	<target host="en-pt.dict.cc" />
+	<target host="enro.dict.cc" />
+	<target host="en-ro.dict.cc" />
+	<target host="enru.dict.cc" />
+	<target host="en-ru.dict.cc" />
+	<target host="ensr.dict.cc" />
+	<target host="en-sr.dict.cc" />
+	<target host="ensk.dict.cc" />
+	<target host="en-sk.dict.cc" />
+	<target host="enes.dict.cc" />
+	<target host="en-es.dict.cc" />
+	<target host="ensv.dict.cc" />
+	<target host="en-sv.dict.cc" />
+	<target host="entr.dict.cc" />
+	<target host="en-tr.dict.cc" />
+
+
+	<rule from="^http:"
+		to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/Dict.cn.xml b/src/chrome/content/rules/Dict.cn.xml
new file mode 100644
index 000000000000..871464899840
--- /dev/null
+++ b/src/chrome/content/rules/Dict.cn.xml
@@ -0,0 +1,46 @@
+<!--
+	Nonfunctional hosts in *.dict.cn:
+
+	r: connection refused
+		apii.*
+		app.*
+		app2.*
+		apis.*
+		audio.*
+		bdc.*
+		cas.*
+		capi.*
+		cidian.*
+		class.*
+		dc.*
+		client.*
+		fy.*
+		fuzz.*
+		ids.*
+		name.*
+		pay.*
+		uc.*
+		uhai.*
+
+-->
+<ruleset name="Dict.cn">
+	<target host="dict.cn" />
+	<target host="www.dict.cn" />
+	<target host="about.dict.cn" />
+	<target host="abbr.dict.cn" />
+	<target host="account.dict.cn" />
+	<target host="bj.dict.cn" />
+	<target host="dl.dict.cn" />
+	<target host="fanyi.dict.cn" />
+	<target host="gdh.dict.cn" />
+	<target host="hr.dict.cn" />
+	<target host="hanyu.dict.cn" />
+	<target host="hci.dict.cn" />
+	<target host="memo.dict.cn" />
+	<target host="scb.dict.cn" />
+	<target host="sh.dict.cn" />
+	<target host="shh.dict.cn" />
+	<target host="us.dict.cn" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Dictionary.com.xml b/src/chrome/content/rules/Dictionary.com.xml
new file mode 100644
index 000000000000..b135493b1410
--- /dev/null
+++ b/src/chrome/content/rules/Dictionary.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="Dictionary.com">
+	<target host="dictionary.com" />
+	<target host="www.dictionary.com" />
+	<target host="app.dictionary.com" />
+		<test url="http://app.dictionary.com/logout" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/DidierStevens.xml b/src/chrome/content/rules/DidierStevens.xml
new file mode 100644
index 000000000000..a9899301438b
--- /dev/null
+++ b/src/chrome/content/rules/DidierStevens.xml
@@ -0,0 +1,14 @@
+<!--
+        Time out:
+			- workshop.didierstevens.com
+
+-->
+
+<ruleset name="DidierStevens.com">
+	<target host="didierstevens.com" />
+	<target host="www.didierstevens.com" />
+	<target host="blog.didierstevens.com" />
+	<target host="videos.didierstevens.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Die-Linke.de-falsemixed.xml b/src/chrome/content/rules/Die-Linke.de-falsemixed.xml
new file mode 100644
index 000000000000..89c7475ac627
--- /dev/null
+++ b/src/chrome/content/rules/Die-Linke.de-falsemixed.xml
@@ -0,0 +1,16 @@
+<!--
+	For rules not causing false/broken MCB, see Die-Linke.xml.
+
+-->
+<ruleset name="Die-Linke.de (false MCB)" platform="mixedcontent">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="die-linke.de" />
+	<target host="www.die-linke.de" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Die-Linke.xml b/src/chrome/content/rules/Die-Linke.xml
index 6e1d4e2f2cfd..b0f0ed67f57f 100644
--- a/src/chrome/content/rules/Die-Linke.xml
+++ b/src/chrome/content/rules/Die-Linke.xml
@@ -1,9 +1,43 @@
-<ruleset name="Die-Linke.de" platform="mixedcontent">
-        <target host="die-linke.de" />
-        <target host="www.die-linke.de" />
-        <target host="linksmail.de" />
-        <target host="www.linksmail.de" />
-
-        <rule from="^http://(?:www\.)?die-linke\.de/" to="https://www.die-linke.de/"/>
-        <rule from="^http://(?:www\.)?linksmail\.de/" to="https://www.linksmail.de/"/>
+<!--
+	For rules causing false/broken MCB, see Die-Linke.de-falsemixed.xml.
+
+
+	Other Die Linke rulesets:
+
+		- Die_Linke-sachsen.de.xml
+		- Linksmail.de.xml
+
+
+	Insecure cookies are set for these domains:
+
+		- .die-linke.de
+
+
+	Mixed content:
+
+		- css on www from $self *
+		- Images on www from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Die-Linke.de (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<!--target host="die-linke.de" /-->
+	<target host="shop.die-linke.de" />
+	<!--target host="www.die-linke.de" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.die-linke\.de$" name="^fe_typo_user$" /-->
+
+	<!--securecookie host="^\.die-linke\.de$" name=".+" /-->
+
+
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/Die.net.xml b/src/chrome/content/rules/Die.net.xml
index 09c5daa6ae18..9f02d89cd8ad 100644
--- a/src/chrome/content/rules/Die.net.xml
+++ b/src/chrome/content/rules/Die.net.xml
@@ -1,6 +1,31 @@
-<ruleset name="Die.net">
-  <target host="die.net" />
-  <target host="www.die.net" />
+<!--
+	Nonfunctional hosts in *die.net:
+
+		- ftp ʳ
+
+	ʳ Refused
+
+
+	^die.net: handshake fails
+
+-->
+<ruleset name="Die.net (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="linux.die.net" />
+	<target host="trace.die.net" />
+	<target host="www.die.net" />
+
+	<!--	Complications:
+				-->
+	<target host="die.net" />
+
+
+	<rule from="^http://die\.net/"
+		to="https://www.die.net/" />
+
+	<rule from="^http:"
+		to="https:" />
 
-  <rule from="^http://(?:www\.)?die\.net/" to="https://www.die.net/" />
 </ruleset>
diff --git a/src/chrome/content/rules/Die_Linke-sachsen.de.xml b/src/chrome/content/rules/Die_Linke-sachsen.de.xml
new file mode 100644
index 000000000000..c8ca084730f5
--- /dev/null
+++ b/src/chrome/content/rules/Die_Linke-sachsen.de.xml
@@ -0,0 +1,15 @@
+<!--
+	For other Die Linke coverage, see Die-Linke.xml.
+
+-->
+<ruleset name="Die Linke-sachsen.de">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="mail.dielinke-sachsen.de" />
+
+
+        <rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Diesel.rs.xml b/src/chrome/content/rules/Diesel.rs.xml
new file mode 100644
index 000000000000..482ef345b13d
--- /dev/null
+++ b/src/chrome/content/rules/Diesel.rs.xml
@@ -0,0 +1,7 @@
+<ruleset name="Diesel.rs">
+	<target host="diesel.rs" />
+	<target host="discourse.diesel.rs" />
+	<target host="docs.diesel.rs" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/DieselNet.com.xml b/src/chrome/content/rules/DieselNet.com.xml
new file mode 100644
index 000000000000..6a6e0e6839e7
--- /dev/null
+++ b/src/chrome/content/rules/DieselNet.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="DieselNet.com">
+
+	<target host="dieselnet.com" />
+	<target host="www.dieselnet.com" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Diff_Checker.com.xml b/src/chrome/content/rules/Diff_Checker.com.xml
new file mode 100644
index 000000000000..4edd2e4fe2cd
--- /dev/null
+++ b/src/chrome/content/rules/Diff_Checker.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="Diff Checker.com">
+
+	<target host="diffchecker.com" />
+	<target host="www.diffchecker.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DifferenceBetween.info.xml b/src/chrome/content/rules/DifferenceBetween.info.xml
new file mode 100644
index 000000000000..372ceeb9d9c4
--- /dev/null
+++ b/src/chrome/content/rules/DifferenceBetween.info.xml
@@ -0,0 +1,11 @@
+<!--
+	Active mixed content:
+		- www.differencebetween.info
+-->
+
+<ruleset name="DifferenceBetween.info" platform="mixedcontent">
+	<target host="differencebetween.info" />
+	<target host="www.differencebetween.info" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Difference_Between.xml b/src/chrome/content/rules/Difference_Between.xml
index 036d222c3c61..5b6c7cddc81e 100644
--- a/src/chrome/content/rules/Difference_Between.xml
+++ b/src/chrome/content/rules/Difference_Between.xml
@@ -6,10 +6,11 @@
 <ruleset name="Difference Between" default_off="self-signed">
 
 	<target host="differencebetween.net" />
-	<target host="*.differencebetween.net" />
+	<target host="cdn.differencebetween.net" />
+	<target host="www.differencebetween.net" />
 
 
-	<rule from="^https?://(?:cdn\.|www\.)?differencebetween\.net/"
+	<rule from="^http://(?:cdn\.|www\.)?differencebetween\.net/"
 		to="https://www.differencebetween.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Diffoscope.xml b/src/chrome/content/rules/Diffoscope.xml
new file mode 100644
index 000000000000..7b4a65a58b55
--- /dev/null
+++ b/src/chrome/content/rules/Diffoscope.xml
@@ -0,0 +1,10 @@
+<ruleset name="Diffoscope">
+
+	<target host="diffoscope.org" />
+	<target host="www.diffoscope.org" />
+	<target host="try.diffoscope.org" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Difi.no.xml b/src/chrome/content/rules/Difi.no.xml
new file mode 100644
index 000000000000..02f8ad868132
--- /dev/null
+++ b/src/chrome/content/rules/Difi.no.xml
@@ -0,0 +1,116 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.brukerprofil.difi.no/ => https://www.brukerprofil.difi.no/: (6, 'Could not resolve host: www.brukerprofil.difi.no')
+Fetch error: http://stat.difi.no/ => https://stat.difi.no/: (6, 'Could not resolve host: stat.difi.no')
+
+	Direktoratet for forvaltning og IKT
+
+
+	Nonfunctional hosts in *difi.no:
+
+		- eid ᵈ
+		- internkontroll.infosikkerhet ᵃ
+		- kompetanseutvikling ᵃ
+		- kurs ᵃ
+		- los ᵃ
+		- oep ᵃ
+		- sosialemedier ᵈ
+		- tegnsett.standard ᵈ
+		- styleguide ᵃ
+		- tidliglcc ᵃ
+		- wcag ᵃ
+
+	ᵃ Shows another domain
+	ᵈ Dropped
+
+
+	Nonfunctional domains:
+		- tmp (ERR_TIMED_OUT)
+		- tegnsett (ERR_TIMED_OUT)
+		- idporten-sptest2 (RR_CERT_COMMON_NAME_INVALID)
+
+	Problematic hosts in *difi.no:
+
+		- standard ᵈ
+
+	ᵈ Dropped, preemptable rediret
+
+
+	STS header includes includeSubdomains
+	for brukerprofil
+
+
+	These altnames do not exist:
+
+		- www.statsquiz.difi.no
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- walter.difi.no
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<!-- Norwegian National Directorate for Management and IT-Communication -->
+<ruleset name="Difi.no (partial)" default_off="failed ruleset test">
+
+	<target host="difi.no" />
+	<target host="begrep.difi.no" />
+	<target host="brukar.difi.no" />
+	<target host="brukerprofil.difi.no" />
+	<target host="*.brukerprofil.difi.no" />
+	<target host="doc.difi.no" />
+	<target host="einnsyn.difi.no" />
+	<target host="kontaktinfo-ws-ver1.difi.no" />
+	<target host="kvalitet.difi.no" />
+	<target host="laeringsplattformen.difi.no" />
+	<target host="orglogo.difi.no" />
+	<target host="samarbeid.difi.no" />
+	<target host="smp.difi.no" />
+	<target host="stat.difi.no" />
+	<target host="statsquiz.difi.no" />
+	<target host="test-vefa.difi.no" />
+	<target host="tidstyv.difi.no" />
+	<target host="uu.difi.no" />
+	<target host="vefa.difi.no" />
+	<target host="verkty.difi.no" />
+	<target host="walter.difi.no" />
+	<target host="www.difi.no" />
+
+		<!--	includeSubdomains applies to one level only, so:
+									-->
+		<exclusion pattern="^http://(?:[^./]+\.){2,}brukerprofil\.difi\.no/" />
+
+			<!--	+ve:
+					-->
+			<test url="http://this.host.brukerprofil.difi.no/" />
+			<test url="http://exists.not.brukerprofil.difi.no/" />
+
+		<test url="http://www.brukerprofil.difi.no/" />
+
+	<!--	Complications:
+				-->
+	<target host="standard.difi.no" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^walter\.difi\.no$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<!--	Redirect drops path and forward
+		slash, but not args:
+					-->
+	<rule from="^http://standard\.difi\.no/[^?]*"
+		to="https://www.difi.no/veiledning/ikt-og-digitalisering/standarder" />
+
+		<test url="http://standard.difi.no/index.htm" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Dig.Domains.xml b/src/chrome/content/rules/Dig.Domains.xml
new file mode 100644
index 000000000000..8b681ba9c821
--- /dev/null
+++ b/src/chrome/content/rules/Dig.Domains.xml
@@ -0,0 +1,23 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .dig.domains
+
+-->
+<ruleset name="Dig.Domains">
+
+	<target host="dig.domains" />
+	<target host="www.dig.domains" />
+
+
+	<!--	Not CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.dig\.domains$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.dig\.domains$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DigBoston.com.xml b/src/chrome/content/rules/DigBoston.com.xml
new file mode 100644
index 000000000000..8c4813b995a4
--- /dev/null
+++ b/src/chrome/content/rules/DigBoston.com.xml
@@ -0,0 +1,44 @@
+<!--
+	www.digboston.com: Mixed css
+
+
+	Insecure cookies are set for these hosts:
+
+		- digboston.com
+		- www.digboston.com
+
+
+	Mixed content:
+
+		- css on www from $self *
+		- Images on www from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="DigBoston.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="digboston.com" />
+
+	<!--	Complications:
+				-->
+	<target host="www.digboston.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?digboston\.com$" name="^X-Mapping-fjhppofk$" /-->
+	<!--securecookie host="^www\.digboston\.com$" name="^(?:woocommerce_cart_hash|woocommerce_items_in_cart|wp_woocommerce_session_[\da-f]{32})$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://www\.digboston\.com/"
+		to="https://digboston.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DigCoin.com.xml b/src/chrome/content/rules/DigCoin.com.xml
new file mode 100644
index 000000000000..e83cdf19588a
--- /dev/null
+++ b/src/chrome/content/rules/DigCoin.com.xml
@@ -0,0 +1,28 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://digcoin.com/ => https://digcoin.com/: (7, 'Failed to connect to digcoin.com port 443: Connection refused')
+Fetch error: http://www.digcoin.com/ => https://www.digcoin.com/: (7, 'Failed to connect to www.digcoin.com port 443: Connection refused')
+
+	Insecure cookies are set for these domains:
+
+		- digcoin.com
+
+-->
+<ruleset name="DigCoin.com" default_off="failed ruleset test">
+
+	<target host="digcoin.com" />
+	<target host="www.digcoin.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^digcoin\.com$" name="^(_xsrf|session_id|verification)$" /-->
+
+	<securecookie host="^digcoin\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Digg.xml b/src/chrome/content/rules/Digg.xml
index 4739302d9462..bbc7607c8cab 100644
--- a/src/chrome/content/rules/Digg.xml
+++ b/src/chrome/content/rules/Digg.xml
@@ -1,33 +1,20 @@
 <!--
 	CDN buckets:
-
 		- d1ld5yzzwsuv6i.cloudfront.net
-
 			- static.digg.com
 
-
-	Nonfunctional subdomains:
-
-		- blog		(shows secure.static.tumblr.com)
-
-
-	Fully covered subdomains:
-
-		- (www.)
-		- static
-		- widgets
+	Invalid certificate:
+		- blog.digg.com
 
 -->
-<ruleset name="Digg (partial)">
 
+<ruleset name="Digg (partial)" default_off="legacy Symantec certificate">
 	<target host="digg.com" />
-	<target host="*.digg.com" />
-
+	<target host="www.digg.com" />
+	<target host="static.digg.com" />
+	<target host="widgets.digg.com" />
 
 	<securecookie host="^\.?digg\.com$" name=".+" />
 
-
-	<rule from="^http://((?:static|widgets|www)\.)?digg\.com/"
-		to="https://$1digg.com/" />
-
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Digi-Key.xml b/src/chrome/content/rules/Digi-Key.xml
index 7611a413107e..3e3f5f9e69c3 100644
--- a/src/chrome/content/rules/Digi-Key.xml
+++ b/src/chrome/content/rules/Digi-Key.xml
@@ -1,4 +1,14 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://form.digikey.com/ => https://form.digikey.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://media.digikey.com/ => https://media.digikey.com/: (52, 'Empty reply from server')
+Fetch error: http://punchout.digikey.com/ => https://punchout.digikey.com/: (52, 'Empty reply from server')
+Fetch error: http://punchouttest.digikey.com/ => https://punchouttest.digikey.com/: (52, 'Empty reply from server')
+Fetch error: http://punchout.digikey.de/ => https://punchout.digikey.de/: (52, 'Empty reply from server')
+Fetch error: http://punchouttest.digikey.de/ => https://punchouttest.digikey.de/: (52, 'Empty reply from server')
+
+
 	Nonfunctional subdomains:
 
 		- pdfcatalog
@@ -10,22 +20,38 @@
 
 
 	Fully covered subdomains:
-
-		- digikeytest
-		- dkc1
-		- dkc3
-		- form
-		- media
-		- ordering
-		- orderingtest
-		- punchout
-		- punchouttest
+		- .com:
+			- digikeytest
+			- dkc1
+			- dkc3
+			- form
+			- media
+			- punchout
+			- punchouttest
+
+		- .de:
+			- digikeytest
+			- punchout
+			- punchouttest
 
 -->
-<ruleset name="Digi-Key (partial)">
+<ruleset name="Digi-Key (partial)" default_off="failed ruleset test">
 
 	<target host="digikey.com" />
-	<target host="*.digikey.com" />
+	<target host="www.digikey.com" />
+	<target host="digikeytest.digikey.com" />
+	<target host="dkc1.digikey.com" />
+	<target host="dkc3.digikey.com" />
+	<target host="form.digikey.com" />
+	<target host="media.digikey.com" />
+	<target host="punchout.digikey.com" />
+	<target host="punchouttest.digikey.com" />
+	<target host="digikey.de" />
+	<target host="www.digikey.de" />
+	<target host="digikeytest.digikey.de" />
+	<target host="punchout.digikey.de" />
+	<target host="punchouttest.digikey.de" />
+
 		<!--
 			These paths 404:
 
@@ -35,17 +61,17 @@
 			These paths redirect to http:
 
 				- scripts/dksearch/dksus.dll
-							-->
-		<exclusion pattern="^https?://(?:www\.)?digikey\.com/(?:product-(?:detail|search)|scripts/dksearch)" />
 
+		exclusion pattern="^http://(www\.)?digikey\.(com|de)/(product-(detail|search)|scripts/dksearch)" /-->
 
-	<securecookie host="^(?!www\.).+\.digikey\.com$" name=".+" />
 
+	<securecookie host="^.*\.digikey\.(com|de)$" name=".+" />
 
-	<rule from="^https?://digikey\.com/"
-		to="https://www.digikey.com/" />
+	<!-- connection refused -->
+	<rule from="^http://digikey\.(com|de)/"
+		to="https://www.digikey.$1/" />
 
-	<rule from="^http://(digikeytest|dkc\d|form|media|ordering(?:test)?|punchout(?:test)?|www)\.digikey\.com/"
-		to="https://$1.digikey.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Digi.hu.xml b/src/chrome/content/rules/Digi.hu.xml
index 3ae096d4b16e..840c9ba9e961 100644
--- a/src/chrome/content/rules/Digi.hu.xml
+++ b/src/chrome/content/rules/Digi.hu.xml
@@ -1,10 +1,15 @@
-<ruleset name="Digi.hu">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ox.digi.hu/ => https://ox.digi.hu/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+-->
+<ruleset name="Digi.hu" default_off="failed ruleset test">
 	<target host="ugyfelkapu.digi.hu" />
 	<target host="webmail.digi.hu" />
 	<target host="ox.digi.hu" />
 	<target host="digi.hu" />
 
 	<securecookie host="^\.?digi\.hu$" name=".+" />
-	<rule from="^http://(ugyfelkapu\.|webmail\.|ox\.)?digi\.hu/"
-		to="https://$1digi.hu/" />
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Digi77.com.xml b/src/chrome/content/rules/Digi77.com.xml
new file mode 100644
index 000000000000..dc1e6e1644db
--- /dev/null
+++ b/src/chrome/content/rules/Digi77.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="Digi77.com">
+
+	<target host="digi77.com" />
+	<target host="www.digi77.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DigiBib.net.xml b/src/chrome/content/rules/DigiBib.net.xml
index b4b899645e92..cbb2a1e56535 100644
--- a/src/chrome/content/rules/DigiBib.net.xml
+++ b/src/chrome/content/rules/DigiBib.net.xml
@@ -9,10 +9,10 @@
 -->
 <ruleset name="DigiBib.net">
 
-	<target host="*.digibib.net" />
+	<target host="m.digibib.net" />
+	<target host="www.digibib.net" />
 
 
-	<rule from="^http://(m|www)\.digibib\.net/"
-		to="https://$1.digibib.net/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/DigiCert.xml b/src/chrome/content/rules/DigiCert.xml
index ae5bcde8a48a..2e9e4ecef5b0 100644
--- a/src/chrome/content/rules/DigiCert.xml
+++ b/src/chrome/content/rules/DigiCert.xml
@@ -3,17 +3,41 @@
 
 		- ocsp
 
+
+	Fully covered hosts in *digicert.com:
+
+		- (www.)?
+		- api
+		- blog
+		- content
+		- edge[1-4]
+		- login
+		- www.origin
+		- seal
+
 -->
-<ruleset name="DigiCert">
+<ruleset name="DigiCert.com">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="digicert.com" />
-	<target host="*.digicert.com" />
+	<target host="api.digicert.com" />
+	<target host="blog.digicert.com" />
+	<target host="content.digicert.com" />
+	<target host="edge1.digicert.com" />
+	<target host="edge2.digicert.com" />
+	<target host="edge3.digicert.com" />
+	<target host="edge4.digicert.com" />
+	<target host="login.digicert.com" />
+	<target host="www.origin.digicert.com" />
+	<target host="seal.digicert.com" />
+	<target host="www.digicert.com" />
 
 
-	<securecookie host="^.*\.digicert\.com$" name=".*" />
+	<securecookie host="^.*\.digicert\.com$" name=".+" />
 
 
-	<rule from="^http://((?:content|edge1|www)\.)?digicert\.com/"
-		to="https://$1digicert.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/DigiKam.org.xml b/src/chrome/content/rules/DigiKam.org.xml
new file mode 100644
index 000000000000..5b4323a23273
--- /dev/null
+++ b/src/chrome/content/rules/DigiKam.org.xml
@@ -0,0 +1,36 @@
+<!--
+	For other KDE coverage, see KDE.xml.
+
+
+	Mixed content:
+
+		- Images, from:
+
+			- $self ¹
+			- dmpop.dhcp.io ²
+			- image.dhgate.com ³
+
+		- Bug from badge.facebook.com ¹
+
+	¹ Secured by us
+	² Unsecurable <= refused
+	³ Unsecurable <= 503
+
+-->
+<ruleset name="digiKam.org">
+
+	<target host="digikam.org" />
+	<target host="www.digikam.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.digikam\.org$" name="^SESS[0-9a-f]{32}$" /-->
+
+	<securecookie host="^\.digikam\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Digia.xml b/src/chrome/content/rules/Digia.xml
index 94656de14b5b..2a736bef127b 100644
--- a/src/chrome/content/rules/Digia.xml
+++ b/src/chrome/content/rules/Digia.xml
@@ -1,7 +1,14 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://blog.qt.digia.com/ => https://blog.qt.digia.com/: (6, 'Could not resolve host: blog.qt.digia.com')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://blog.qt.digia.com/ => https://blog.qt.digia.com/: (51, "SSL: no alternative certificate subject name matches target host name 'blog.qt.digia.com'")
 	Other Digia rulesets:
 
-		- Qt.xml
+		- Qt.io.xml
+		- Qt_Cloud_Services.com.xml
 
 
 	Nonfunctional subdomains:
@@ -10,17 +17,17 @@
 		- vousikertomus2011	(ditto)
 
 -->
-<ruleset name="Digia (partial)">
+<ruleset name="Digia (partial)" default_off="failed ruleset test">
 
 	<target host="digia.com" />
-	<target host="*.digia.com" />
 	<target host="blog.qt.digia.com" />
+	<target host="qt.digia.com" />
+	<target host="www.digia.com" />
 
 
-	<securecookie host="^(?:.+\.)?digia\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(blog\.qt\.|qt\.|www\.)?digia\.com/"
-		to="https://$1digia.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Digiday.com.xml b/src/chrome/content/rules/Digiday.com.xml
index 42cf6bc93531..9aa0477eb906 100644
--- a/src/chrome/content/rules/Digiday.com.xml
+++ b/src/chrome/content/rules/Digiday.com.xml
@@ -29,7 +29,6 @@
 	<securecookie host="^(?:www\.)?digiday\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?digiday\.com/"
-		to="https://$1digiday.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Digilinux.ru.xml b/src/chrome/content/rules/Digilinux.ru.xml
index 508bfbda0498..726d541ca34f 100644
--- a/src/chrome/content/rules/Digilinux.ru.xml
+++ b/src/chrome/content/rules/Digilinux.ru.xml
@@ -23,4 +23,4 @@
 	<rule from="^http://(?:www\.)?digilinux\.ru/"
 		to="https://digilinux.ru/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Digint.ch.xml b/src/chrome/content/rules/Digint.ch.xml
new file mode 100644
index 000000000000..d8d342d43101
--- /dev/null
+++ b/src/chrome/content/rules/Digint.ch.xml
@@ -0,0 +1,6 @@
+<ruleset name="Digint.ch">
+	<target host="digint.ch" />
+	<target host="www.digint.ch" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Digiology.org.xml b/src/chrome/content/rules/Digiology.org.xml
new file mode 100644
index 000000000000..adc039eae700
--- /dev/null
+++ b/src/chrome/content/rules/Digiology.org.xml
@@ -0,0 +1,22 @@
+<!--
+	Mismatched:
+		- www
+
+	Self-signed:
+		- ftp
+		- mail
+		- ns
+		- tech
+-->
+<ruleset name="Digiology.org">
+	<target host="digiology.org" />
+	<target host="www.digiology.org" />
+	<target host="courses.digiology.org" />
+	<target host="music.digiology.org" />
+	<target host="r.digiology.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://www\.digiology\.org/" to="https://digiology.org/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Digitab-Portals.xml b/src/chrome/content/rules/Digitab-Portals.xml
deleted file mode 100644
index 191b7b0ddc98..000000000000
--- a/src/chrome/content/rules/Digitab-Portals.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	For other Kantar coverage, see TNS-Global.xml.
-
--->
-<ruleset name="Digitab Portals">
-
-	<target host="digitabportals.com" />
-	<target host="www.digitabportals.com" />
-
-
-	<securecookie host="^www\.digitabportals\.com$" name=".*" />
-
-
-	<!--	!www doesn't work over https,
-		redirects to www over http.	-->
-	<rule from="^http://(?:www\.)?digitabportals\.com/"
-		to="https://www.digitabportals.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Digital-Bond.xml b/src/chrome/content/rules/Digital-Bond.xml
index 5048b29a3a8f..d3c6c37323bc 100644
--- a/src/chrome/content/rules/Digital-Bond.xml
+++ b/src/chrome/content/rules/Digital-Bond.xml
@@ -1,15 +1,20 @@
-<ruleset name="Digital Bond">
+<ruleset name="Digital Bond.com">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="digitalbond.com" />
 	<target host="www.digitalbond.com" />
-	<target host="digibond.wpengine.netdna-cdn.com" />
 
+	<!--	Complications:
+				-->
+	<target host="digibond.wpengine.netdna-cdn.com" />
 
-	<rule from="^http://(www\.)?digitalbond\.com/"
-		to="https://$1digitalbond.com/" />
 
 	<!--	404s	-->
-	<rule from="^https?://digibond\.wpengine\.netdna-cdn\.com/"
+	<rule from="^http://digibond\.wpengine\.netdna-cdn\.com/"
 		to="https://www.digitalbond.com/" />
 
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/Digital-Networks-UK.xml b/src/chrome/content/rules/Digital-Networks-UK.xml
index b1b4bf5feaf0..4681680776bf 100644
--- a/src/chrome/content/rules/Digital-Networks-UK.xml
+++ b/src/chrome/content/rules/Digital-Networks-UK.xml
@@ -1,14 +1,28 @@
-<ruleset name="Digital Networks UK (partial)">
+<!--
+	Digital Networks UK
 
-	<target host="dnuk.com"/>
-	<target host="*.dnuk.com"/>
+-->
+<ruleset name="DNUK.com (partial)" default_off="mismatched">
 
-	<securecookie host="^secure\.dnuk\.com$" name=".*"/>
+	<!--	Direct rewrites:
+				-->
+	<target host="secure.dnuk.com" />
 
-	<rule from="^http://(?:www\.)?dnuk\.com/(_elements|images)/"
-		to="https://secure.dnuk.com/$1/"/>
+	<!--	Complications:
+				-->
+	<target host="dnuk.com" />
+	<target host="www.dnuk.com" />
 
-	<rule from="^http://secure\.dnuk\.com/"
-		to="https://secure.dnuk.com/"/>
+		<exclusion pattern="^http://(?:www\.)?dnuk\.com/(?!_elements/|images/)" />
+
+
+	<securecookie host="^secure\.dnuk\.com$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?dnuk\.com/"
+		to="https://secure.dnuk.com/" />
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Digital-River.xml b/src/chrome/content/rules/Digital-River.xml
index 0fa0963ea823..b1f8d035fb9a 100644
--- a/src/chrome/content/rules/Digital-River.xml
+++ b/src/chrome/content/rules/Digital-River.xml
@@ -1,117 +1,76 @@
 <!--
 	Other Digital River rulesets:
 
-		- Fireclick.com.xml
+		- Commerce5.com.xml
+		- Digital_River_content.net.xml
+		- Element_5.xml
+		- Esellerate.net.xml
+		- Find_My_Order.com.xml
 		- MyCommerce.xml
 		- Netflame.cc.xml
-		- SWREG.xml
+		- Share_it.com.xml
 
 
-	CDN buckets:
+	Nonfunctional hosts in *digitalriver.com:
 
-		- a248.e.akamai.net/f/248/5462/2d/images.element5.com/
+		- info *
+    - corporate
 
+	* invalid certificate\
 
-	Problematic domains:
 
-		- info.digitalriver.com		(redirects to app-sj03.marketo.com; mismatched, CN: *.marketo.com)
+	Partially covered hosts in *digitalriver.com:
+		- info		(→ na-sj03.marketo.com)
 
 
-	Partially covered domains:
+	Fully covered hosts in *digitalriver.com:
 
-		- corporate.digitalriver.com	(pages redirect to http)
-		- info.digitalriver.com		(→ na-sj03.marketo.com)
+		- (www.)?
+		- *.cfspx
+		- developers
 
-
-	Fully covered domains:
-
-		- digitalriver.com subdomains:
-
-			- (www.)
-			- *.cfspx
-			- developers
-
-			- *.img	(tracking images for esellerate):
-
-				- drh
-				- drh[12]
-				- swreg
-				- ui1
-
-			- gc
-			- store
-
-		- *.img.digitalrivercontent.net:
+		- *.img	(tracking images for esellerate):
 
 			- drh
 			- drh[12]
-			- dri[12]
 			- mycommerce
+			- swreg
 			- ui1
 
-		- (www.)findmyorder.com
-		- *.frcanalytics.com
-		- reservoir.marketstudio.net
+		- gc
+		- store
 
--->
-<ruleset name="Digital River (partial)">
 
-	<target host="cm.commerce5.com" />
-	<target host="*.digitalriver.com" />
-		<!--
-			Pages redirect to http:
-						-->
-		<exclusion pattern="^http://corporate\.digitalriver\.com/(?!DRHM/)" />
-	<target host="*.img.digitalrivercontent.net" />
-	<target host="cp.element5.com" />
-	<target host="findmyorder.com" />
-	<target host="www.findmyorder.com" />
-	<target host="*.frcanalytics.com" />
-	<target host="reservoir.marketstudio.net" />
+	Insecure cookies are set for these hosts:
 
+		- gc.digitalriver.com
 
 
-	<!--	Tracking cookie:
-				-->
-	<securecookie host="^\.digitalriver\.com$" name="^utag_\w+$" />
-	<!--	Observed cookie domains:
-
-			- cm.commerce5.com
-			- .digitalriver.com
-			- corporate.digitalriver.com
-			- developers.digitalriver.com
-			. .developers.digitalriver.com
-			- gc.digitalriver.com
-			- findmyorder.com
-			- www.findmyorder.com
-			- .marketstudio.net
-						-->
-	<securecookie host="^(?:\.?developers|gc|store)\.digitalriver\.com$" name=".+" />
-	<securecookie host="^(?:.*\.)?(?:commerce5|findmyorder)\.com$" name=".+" />
-
-
-	<rule from="^http://cm\.commerce5\.com/"
-		to="https://cm.commerce5.com/" />
-
-	<rule from="^http://((?:[\w+-]+\.cfspx|corporate|developers|gc|\w+\.img|store|www)\.)?digitalriver\.com/"
-		to="https://$1digitalriver.com/" />
+	Mixed content:
 
-	<rule from="^http://info\.digitalriver\.com/(cs|image|j|r)s/"
-		to="https://na-sj03.marketo.com/$1s/" />
+		- Images on developers from www.digitalriver.com *
 
-	<rule from="^http://(\w+)\.img\.digitalrivercontent\.net/"
-		to="https://$1.img.digitalrivercontent.net/" />
+	* Secured by us
 
-	<rule from="^http://cp\.element5\.com/"
-		to="https://cp.element5.com/"/>
-
-	<rule from="^http://(www\.)?findmyorder\.com/"
-		to="https://$1findmyorder.com/"/>
+-->
+<ruleset name="Digital River.com (partial)">
+
+	<!--	Direct rewrites:
+					-->
+	<target host="digitalriver.com" />
+	<target host="developers.digitalriver.com" />
+	<target host="gc.digitalriver.com" />
+	<target host="store.digitalriver.com" />
+	<target host="www.digitalriver.com" />
+
+	<!--	not secured by server: -->
+	<!--securecookie host="^gc\.digitalriver\.com$" name="^BIGipServerp(-\w+){5}$" /-->
+	<!--	Tracking cookie: -->
+	<securecookie host="^\.digitalriver\.com$" name="^utag_\w+$" />
 
-	<rule from="^http://([\w-]+)\.frcanalytics\.com/"
-		to="https://$1.frcanalytics.com/"/>
+	<securecookie host="^(?:\.?developers|gc|store)\.digitalriver\.com$" name=".+" />
 
-	<rule from="^http://reservoir\.marketstudio\.net/"
-		to="https://reservoir.marketstudio.net/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Digital-Transactions.xml b/src/chrome/content/rules/Digital-Transactions.xml
index 40157788a701..ba68959c2cfe 100644
--- a/src/chrome/content/rules/Digital-Transactions.xml
+++ b/src/chrome/content/rules/Digital-Transactions.xml
@@ -1,14 +1,11 @@
-<ruleset name="Digital Transactions" default_off="self-signed">
+<ruleset name="Digital Transactions">
 
-	<!--	Cert: 124.220.67.69.ynchosting.com	-->
 	<target host="digitaltransactions.net" />
 	<target host="www.digitaltransactions.net" />
 
+	<securecookie host=".+" name=".+" />
 
-	<securecookie host="^digitaltransactions\.net$" name=".*" />
-
-
-	<rule from="^https?://(?:www\.)?digitaltransactions\.net/"
-		to="https://digitaltransactions.net/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Digital-Window-mismatches.xml b/src/chrome/content/rules/Digital-Window-mismatches.xml
index 903fcf908840..c11e27ca3413 100644
--- a/src/chrome/content/rules/Digital-Window-mismatches.xml
+++ b/src/chrome/content/rules/Digital-Window-mismatches.xml
@@ -1,8 +1,10 @@
-<ruleset name="Digital Window (mismatches)" default_off="mismatch">
+<ruleset name="Digital Window (mismatches)" default_off="mismatched">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="blog.affiliatewindow.com"/>
 
-	<rule from="^http://blog\.affiliatewindow\.com/"
-		to="https://blog.affiliatewindow.com/"/>
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Digital-Window.xml b/src/chrome/content/rules/Digital-Window.xml
index 8750a1933121..96a0478eaab9 100644
--- a/src/chrome/content/rules/Digital-Window.xml
+++ b/src/chrome/content/rules/Digital-Window.xml
@@ -1,16 +1,30 @@
 <ruleset name="Digital Window (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="affiliatewindow.com"/>
-	<target host="*.affiliatewindow.com"/>
+	<target host="darwin.affiliatewindow.com"/>
+	<target host="images.affiliatewindow.com"/>
+	<!--target host="www.affiliatewindow.com"/-->
+
+	<target host="www.awin1.com"/>
+
+	<!--	Complications:
+				-->
 	<target host="awin1.com"/>
-	<target host="*.awin1.com"/>
 
-	<securecookie host="^(.*\.)?a(ffiliatewindow|win)\.com$" name=".*"/>
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.affiliatewindow\.com/us/$" /-->
+
 
-	<rule from="^http://(darwin\.|images\.|www\.)?affiliatewindow\.com/"
-		to="https://$1affiliatewindow.com/"/>
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(?:www\.)?awin1\.com/"
+
+	<rule from="^http://awin1\.com/"
 		to="https://www.awin1.com/"/>
 
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/DigitalAttackMap.com.xml b/src/chrome/content/rules/DigitalAttackMap.com.xml
new file mode 100644
index 000000000000..2fe62cec74ba
--- /dev/null
+++ b/src/chrome/content/rules/DigitalAttackMap.com.xml
@@ -0,0 +1,17 @@
+<!--
+	Secure connection failed:
+		digitalattackmap.com
+
+-->
+<ruleset name="DigitalAttackMap.com">
+
+	<target host="digitalattackmap.com" />
+	<target host="www.digitalattackmap.com" />
+
+	<rule from="^http://digitalattackmap\.com/"
+		to="https://www.digitalattackmap.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DigitalForensicsMagazine.xml b/src/chrome/content/rules/DigitalForensicsMagazine.xml
index 7c3c053618e5..8837e7efebfe 100644
--- a/src/chrome/content/rules/DigitalForensicsMagazine.xml
+++ b/src/chrome/content/rules/DigitalForensicsMagazine.xml
@@ -1,9 +1,28 @@
-<ruleset name="DigitalForensicsMagazine">
-  <target host="digitalforensicsmagazine.com" />
-  <target host="www.digitalforensicsmagazine.com" />
+<!--
+	Mixed content:
 
-  <securecookie host="^(?:.+\.)?digitalforensicsmagazine\.com$" name=".*"/>
+		- Images from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="DigitalForensicsMagazine.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="digitalforensicsmagazine.com" />
+	<target host="www.digitalforensicsmagazine.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^digitalforensicsmagazine\.com$" name="^wordpress_test_cookie" /-->
+	<!--securecookie host="^(www\.)?digitalforensicsmagazine\.com$" name="^([0-9a-f]{32}|PHPSESSID)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
-  <rule from="^http://digitalforensicsmagazine\.com/" to="https://digitalforensicsmagazine.com/"/>
-  <rule from="^http://(www)\.digitalforensicsmagazine\.com/" to="https://$1.digitalforensicsmagazine.com/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/DigitalOcean.com.xml b/src/chrome/content/rules/DigitalOcean.com.xml
new file mode 100644
index 000000000000..f3f86e2fdc0b
--- /dev/null
+++ b/src/chrome/content/rules/DigitalOcean.com.xml
@@ -0,0 +1,69 @@
+<!--
+	CORS issue:
+		- stickerseh.digitalocean.com
+
+	Connection refused:
+		- mirrors.digitalocean.com
+		- *.mirrors.digitalocean.com
+		- sysadminday.digitalocean.com
+
+	Invalid certificate:
+		- email.news.digitalocean.com
+		- pages.news.digitalocean.com
+
+	Server error:
+		- valentines.digitalocean.com
+
+	Wrong server:
+		- devkids.digitalocean.com
+
+	Insecure cookies are set for these domains and hosts:
+		- .digitalocean.com
+		- status.digitalocean.com
+-->
+<ruleset name="DigitalOcean.com">
+
+	<!-- Direct rewrites -->
+	<target host="digitalocean.com" />
+	<target host="www.digitalocean.com" />
+	<target host="api.digitalocean.com" />
+	<target host="assets.digitalocean.com" />
+	<target host="blog.digitalocean.com" />
+	<target host="cloud.digitalocean.com" />
+	<target host="cloudsupport.digitalocean.com" />
+	<target host="developers.digitalocean.com" />
+	<target host="go.digitalocean.com" />
+	<target host="hacktoberfest.digitalocean.com" />
+	<target host="status.digitalocean.com" />
+	<target host="stickers.digitalocean.com" />
+	<target host="store.digitalocean.com" />
+	<target host="try.digitalocean.com" />
+		<test url="http://try.digitalocean.com/performance/" />
+	<target host="writers.digitalocean.com" />
+
+	<!-- do.co -->
+	<target host="do.co" />
+	<target host="m.do.co" />
+
+	<!-- Not secured by server -->
+	<!--securecookie host="^\.digitalocean\.com$" name="^(__cfduid|cf_clearance)$" /-->
+	<!--securecookie host="^status\.digitalocean\.com$" name="^_status_session$" /-->
+	<!--securecookie host="^status\.digitalocean\.com$" name="^_status_session$" /-->
+
+	<securecookie host="^(?!\.cloud\.)." name=".+" />
+
+	<!--
+		https://github.com/EFForg/https-everywhere/issues/3697
+
+		Securing this cookie breaks user sessions. Presumably a script attempts to read
+		it and sets another when it can't and eventually requests become bigger than the
+		server is configured to accept.
+
+		[note to the uninitiated: "(?!" means "not followed by"]
+											-->
+	<securecookie host="^\.cloud\." name="^(?!(?:[A-Z][a-z]{2}\ ){2}\d\d\ \d{4}\ \d\d:\d\d:\d\d\ [A-Z]{3}[+-]\d{4}\ \([\w\ ]+\)$)." />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Digital_Creations.no.xml b/src/chrome/content/rules/Digital_Creations.no.xml
new file mode 100644
index 000000000000..b2301fe9a74f
--- /dev/null
+++ b/src/chrome/content/rules/Digital_Creations.no.xml
@@ -0,0 +1,17 @@
+<!--
+	CN: *.azurewebsites.net
+
+-->
+<ruleset name="Digital Creations.no" default_off="mismatched">
+
+	<target host="digitalcreations.no" />
+	<target host="www.digitalcreations.no" />
+
+
+	<securecookie host="^(?:[.\w]*\.)?digitalcreations\.no$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?digitalcreations\.no/"
+		to="https://digitalcreations.no/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Digital_Defenders.org.xml b/src/chrome/content/rules/Digital_Defenders.org.xml
new file mode 100644
index 000000000000..1cb1d1e40896
--- /dev/null
+++ b/src/chrome/content/rules/Digital_Defenders.org.xml
@@ -0,0 +1,34 @@
+<!--
+	www.digitaldefenders.org: Cert only matches ^digitaldefenders.org
+
+
+	Insecure cookies are set for these hosts:
+
+		- digitaldefenders.org
+
+-->
+<ruleset name="Digital Defenders.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="digitaldefenders.org" />
+
+	<!--	Complications:
+				-->
+	<target host="www.digitaldefenders.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^digitaldefenders\.org$" name="^wfvt_\d+$" /-->
+
+	<securecookie host="^digitaldefenders\.org$" name=".+" />
+
+
+	<rule from="^http://www\.digitaldefenders\.org/"
+		to="https://digitaldefenders.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Digital_Dollhouse.com.xml b/src/chrome/content/rules/Digital_Dollhouse.com.xml
index 993d8d2d099b..224c50d2a9e8 100644
--- a/src/chrome/content/rules/Digital_Dollhouse.com.xml
+++ b/src/chrome/content/rules/Digital_Dollhouse.com.xml
@@ -1,23 +1,39 @@
+
 <!--
-	Mixed content:
+Disabled by https-everywhere-checker because:
+Fetch error: http://digitaldollhouse.com/ => https://digitaldollhouse.com/: (7, 'Failed to connect to digitaldollhouse.com port 443: Connection refused')
+Fetch error: http://www.digitaldollhouse.com/ => https://www.digitaldollhouse.com/: (7, 'Failed to connect to www.digitaldollhouse.com port 443: Connection refused')
+
+	Problematic hosts in *digitaldollhouse.com:
+
+		- cdn *
 
-		- css on www from www *
+	* Akamai
 
-		- Images on www from www *
+
+	Mixed content:
+
+		- Images on www from cdn.digitaldollhouse.com *
 
 	* Secured by us
 
 -->
-<ruleset name="Digital Dollhouse.com (false MCB)" platform="mixedcontent">
+<ruleset name="Digital Dollhouse.com" default_off="failed ruleset test">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="digitaldollhouse.com" />
-	<target host="*.digitaldollhouse.com" />
+	<target host="www.digitaldollhouse.com" />
+
 
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.digitaldollhouse\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
 
 	<securecookie host="^\.digitaldollhouse\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?digitaldollhouse\.com/"
-		to="https://$1digitaldollhouse.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Digital_Mars.com.xml b/src/chrome/content/rules/Digital_Mars.com.xml
new file mode 100644
index 000000000000..f47acc666d22
--- /dev/null
+++ b/src/chrome/content/rules/Digital_Mars.com.xml
@@ -0,0 +1,30 @@
+<!--
+	www.digitalmars.com: Mismatched
+
+
+	Mixed content:
+
+		- Ads, from:
+
+			- rcm.amazon.com
+			- www.google.com
+
+-->
+<ruleset name="Digital Mars.com" default_off="expired, self-signed">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="digitalmars.com" />
+
+	<!--	Complications:
+				-->
+	<target host="www.digitalmars.com" />
+
+
+	<rule from="^http://www\.digitalmars\.com/"
+		to="https://digitalmars.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Digital_News_Agency.com.xml b/src/chrome/content/rules/Digital_News_Agency.com.xml
new file mode 100644
index 000000000000..e89d4426861c
--- /dev/null
+++ b/src/chrome/content/rules/Digital_News_Agency.com.xml
@@ -0,0 +1,16 @@
+<ruleset name="Digital News Agency.com">
+
+	<target host="digitalnewsagency.com" />
+	<target host="www.digitalnewsagency.com" />
+	<target host="dna-bucket-dna.cf.rawcdn.com" />
+		<test url="http://dna-bucket-dna.cf.rawcdn.com/client/logos/10/original/Vodafone_DNA.jpg" />
+
+	<securecookie host="^\.digitalnewsagency\.com$" name=".+" />
+
+	<rule from="^http://dna-bucket-dna\.cf\.rawcdn\.com/"
+		to="https://df7r7v78mcbtc.cloudfront.net/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Digital_Ocean.com.xml b/src/chrome/content/rules/Digital_Ocean.com.xml
deleted file mode 100644
index 10ed62092b5a..000000000000
--- a/src/chrome/content/rules/Digital_Ocean.com.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	Fully covered subdomains:
-
-		- (www.)
-		- cloud
-
--->
-<ruleset name="Digital Ocean.com">
-
-	<target host="digitalocean.com" />
-	<target host="*.digitalocean.com" />
-
-
-	<securecookie host="^(?:cloud|www)?\.digitalocean\.com$" name=".+" />
-
-
-	<rule from="^http://(cloud\.|www\.)?digitalocean\.com/"
-		to="https://$1digitalocean.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Digital_Pacific.com.au.xml b/src/chrome/content/rules/Digital_Pacific.com.au.xml
index d072d8479a49..32e487735973 100644
--- a/src/chrome/content/rules/Digital_Pacific.com.au.xml
+++ b/src/chrome/content/rules/Digital_Pacific.com.au.xml
@@ -1,10 +1,28 @@
+<!--
+	Mixed content:
+
+		- Images on www from ^digitalpacific.com.au *
+
+	* Secured by us
+
+-->
 <ruleset name="Digital Pacific.com.au">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="digitalpacific.com.au" />
+	<target host="onepanel.digitalpacific.com.au" />
 	<target host="www.digitalpacific.com.au" />
 
 
-	<rule from="^http://(www\.)?digitalpacific\.com\.au/"
-		to="https://$1digitalpacific.com.au/" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^onepanel\.digitalpacific\.com\.au$" name="^laravel_session$" /-->
+
+	<securecookie host="^onepanel\.digitalpacific\.com\.au$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Digital_Photography_Review.xml b/src/chrome/content/rules/Digital_Photography_Review.xml
index ce04c64d867b..ebf681767c17 100644
--- a/src/chrome/content/rules/Digital_Photography_Review.xml
+++ b/src/chrome/content/rules/Digital_Photography_Review.xml
@@ -2,6 +2,7 @@
 	CDN buckets:
 
 		- d199bk7kirt65b.cloudfront.net
+			- \d+.static.dpreview.com
 			- \d+.static.img-dpreview.com
 
 		- d3ojfab0q2dwum.cloudfront.net
@@ -27,25 +28,31 @@
 
 	* Some [most?] pages redirect to http)
 
+
+	Fully covered domains:
+
+		- \d+.static.dpreview.com *
+
+	* → d199bk7kirt65b.cloudfront.net
+
 -->
 <ruleset name="Digital Photography Review (partial)">
 
 	<target host="dpreview.com" />
-	<target host="www.dpreview.com" />
+	<target host="*.dpreview.com" />
 	<target host="*.img-dpreview.com" />
-	<target host="*.static.img-dpreview.com" />
 
 
-	<rule from="^https?://(?:www\.)?dpreview\.com/(challenges/[iI]mages/|members/register|products_data/|resources/)"
+	<rule from="^http://(?:www\.)?dpreview\.com/(challenges/[iI]mages/|members/register|products_data/|resources/)"
 		to="https://www.dpreview.com/$1" />
 
 	<rule from="^http://connect\.dpreview\.com/products_data/"
 		to="https://connect.dpreview.com/products_data/" />
 
-	<rule from="^https?://(?:a|\d+\.static)\.img-dpreview\.com/"
+	<rule from="^http://(?:a|\d+\.static)\.(?:img-)?dpreview\.com/"
 		to="https://d199bk7kirt65b.cloudfront.net/" />
 
-	<rule from="^https?://g[1-4]\.img-dpreview\.com/"
+	<rule from="^http://g[1-4]\.img-dpreview\.com/"
 		to="https://d3ojfab0q2dwum.cloudfront.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Digital_Point_Solutions.xml b/src/chrome/content/rules/Digital_Point_Solutions.xml
index ab7123d344d6..3819953e8dec 100644
--- a/src/chrome/content/rules/Digital_Point_Solutions.xml
+++ b/src/chrome/content/rules/Digital_Point_Solutions.xml
@@ -1,19 +1,36 @@
 <!--
-	Nonfunctional subdomains:
+	Digital Point Solutions
 
-		- geo	(times out)
+	Other Digital Point Solutions rulesets:
+
+		- dpstatic.com.xml
+
+
+	Insecure cookies are set for these domains: ᶜ
+
+		- .digitalpoint.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="Digital Point Solutions (partial)" default_off="expired, self-signed">
+<ruleset name="Digital Point.com">
 
 	<target host="digitalpoint.com" />
+	<target host="advertising.digitalpoint.com" />
+	<target host="forums.digitalpoint.com" />
+	<target host="geo.digitalpoint.com" />
+	<target host="tools.digitalpoint.com" />
 	<target host="www.digitalpoint.com" />
 
 
-	<!--	- Cert only matches www
-		- !www 301s to www
+	<!--	Not secured by server:
 					-->
-	<rule from="^https?://(?:www\.)?digitalpoint\.com/"
-		to="https://www.digitalpoint.com/" />
+	<!--securecookie host="^\.digitalpoint\.com$" name="^(?:__cfduid|cf_clearance|cr)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Digital_River_content.net.xml b/src/chrome/content/rules/Digital_River_content.net.xml
new file mode 100644
index 000000000000..d0f59e8f3520
--- /dev/null
+++ b/src/chrome/content/rules/Digital_River_content.net.xml
@@ -0,0 +1,27 @@
+<!--
+	For other Digital River coverage, see Digital-River.xml.
+
+
+	Fully covered domains:
+
+		- *.img.digitalrivercontent.net:
+
+			- drh
+			- drh[12]
+			- drh-fonts
+			- dri[12]
+			- mycommerce
+			- ui1
+
+-->
+<ruleset name="Digital River content.net">
+
+	<target host="*.img.digitalrivercontent.net" />
+
+		<test url="http://ui1.img.digitalrivercontent.net/drui/1.7.0.0.7.1/css/dr-stylesheet-ff-compressed.css" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Digital_Shelf_Space.xml b/src/chrome/content/rules/Digital_Shelf_Space.xml
index c475bf70f404..c1b044cbc8db 100644
--- a/src/chrome/content/rules/Digital_Shelf_Space.xml
+++ b/src/chrome/content/rules/Digital_Shelf_Space.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cdn.mypypeline.com/ => https://cdn.mypypeline.com/: (6, 'Could not resolve host: cdn.mypypeline.com')
+
 	Nonfunctional domains:
 
 		- (www.)digitalshelfspace.com *
@@ -7,12 +11,14 @@
 	* Times out
 
 -->
-<ruleset name="Digital Shelf Space (partial)">
+<ruleset name="Digital Shelf Space (partial)" default_off="failed ruleset test">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="cdn.mypypeline.com" />
 
 
-	<rule from="^http://cdn\.mypypeline\.com/"
-		to="https://cdn.mypypeline.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Digital_WPC.com.xml b/src/chrome/content/rules/Digital_WPC.com.xml
new file mode 100644
index 000000000000..802147e78ee2
--- /dev/null
+++ b/src/chrome/content/rules/Digital_WPC.com.xml
@@ -0,0 +1,70 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://connect.digitalwpc.com/ => https://connect.digitalwpc.com/: (6, 'Could not resolve host: connect.digitalwpc.com')
+
+	For other Microsoft coverage, see Microsoft.xml.
+
+
+	Problematic hosts in *digitalwpc.com:
+
+		- (www.)? *
+		- sessions *
+
+	* Mismatched
+
+
+	(www.)?: Different redirects from different paths
+
+
+	Insecure cookies are set for these domains:
+
+		- .sessions.digitalwpc.com
+
+
+	Mixed content:
+
+		- css on sessions from www.microsoft.com *
+
+	* Secured by us
+
+-->
+<ruleset name="digital WPC.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="connect.digitalwpc.com" />
+	<!--target host="sessions.digitalwpc.com" /-->
+
+	<!--	Complications:
+				-->
+	<target host="digitalwpc.com" />
+	<target host="www.digitalwpc.com" />
+
+		<exclusion pattern="^http://(?:www\.)?digitalwpc\.com/+(?!$|\?)" />
+
+			<test url="http://www.digitalwpc.com/WPC2015/Pages/Logistics.aspx" />
+			<test url="http://www.digitalwpc.com/awards/pages/home.aspx" />
+			<test url="http://www.digitalwpc.com/pages/faq.aspx" />
+			<test url="http://www.digitalwpc.com/sessions/VisionKeynotes/Pages/Keynote-Speakers.aspx" />
+			<test url="http://www.digitalwpc.com/videos/pages/videos.aspx" />
+			<test url="http://www.digitalwpc.com/wpc2013/wpcconnect/pages/home.aspx" />
+			<test url="http://www.digitalwpc.com/wpc2015/pages/registration.aspx" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.sessions.digitalwpc\.com$" name="^ARRAffinity$" /-->
+
+
+	<!--	Redirect keeps args, but not forward slash:
+								-->
+	<rule from="^http://(?:www\.)?digitalwpc\.com/+"
+		to="https://mspartner.microsoft.com/en/us/Pages/WPC/overview.aspx" />
+
+		<test url="http://www.digitalwpc.com/?" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Digitalcourage.de.xml b/src/chrome/content/rules/Digitalcourage.de.xml
new file mode 100644
index 000000000000..1b96453a0ff2
--- /dev/null
+++ b/src/chrome/content/rules/Digitalcourage.de.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .shop.digitalcourage.de
+
+-->
+<ruleset name="Digitalcourage.de">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="digitalcourage.de" />
+	<target host="shop.digitalcourage.de" />
+	<target host="www.digitalcourage.de" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.shop\.digitalcourage\.de$" name="^xploidID$" /-->
+
+	<securecookie host="^\.shop\.digitalcourage\.de$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Digitale_Diathek.xml b/src/chrome/content/rules/Digitale_Diathek.xml
index ac622ada834d..50fec52cba67 100644
--- a/src/chrome/content/rules/Digitale_Diathek.xml
+++ b/src/chrome/content/rules/Digitale_Diathek.xml
@@ -1,5 +1,5 @@
 <!--
-	Nonfunctional subdomains:
+	Nonfunctional hosts in *digitale-diathek.net:
 
 		- (www.) *
 		- login *
@@ -7,12 +7,20 @@
 	* Shows darch.ch, mismatched, CN: darch.ch
 
 -->
-<ruleset name="Digitale Diathek (partial)">
+<ruleset name="Digitale-Diathek.net (partial)">
 
-	<target host="*.digitale-diathek.net" />
+	<!--	Direct rewrites:
+				-->
+	<target host="fotomarburg.digitale-diathek.net" />
+	<target host="gta.digitale-diathek.net" />
+	<target host="khist.digitale-diathek.net" />
+	<target host="migration.digitale-diathek.net" />
+	<target host="normdaten.digitale-diathek.net" />
+	<target host="tools.digitale-diathek.net" />
+	<target host="uzh.digitale-diathek.net" />
 
 
-	<rule from="^http://(fotomarburg|gta|khist|migration|normdaten|tools|uzh)\.digitale-diathek\.net/"
-		to="https://$1.digitale-diathek.net/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Digitalegesellschaft.de.xml b/src/chrome/content/rules/Digitalegesellschaft.de.xml
index 09876d6f7a5b..f8ea2a8e4b20 100644
--- a/src/chrome/content/rules/Digitalegesellschaft.de.xml
+++ b/src/chrome/content/rules/Digitalegesellschaft.de.xml
@@ -1,6 +1,29 @@
-<ruleset name="Digitalegesellschaft">
-  <target host="www.digitalegesellschaft.de" />
-  <target host="digitalegesellschaft.de" />
+<!--
+	www.digitalegesellschaft.de: cert only matches ^digitalegesellschaft.de
+
+-->
+<ruleset name="Digitalegesellschaft.de">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="digitalegesellschaft.de" />
+
+	<!--	Complications:
+				-->
+	<target host="www.digitalegesellschaft.de" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^digitalegesellschaft\.de$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^digitalegesellschaft\.de$" name=".+" />
+
+
+	<rule from="^http://www\.digitalegesellschaft\.de/"
+		to="https://digitalegesellschaft.de/" />
+
+	<rule from="^http:"
+		to="https:" />
 
-  <rule from="^http://(?:www\.)?digitalegesellschaft\.de/" to="https://digitalegesellschaft.de/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/Digitalfernsehen.de.xml b/src/chrome/content/rules/Digitalfernsehen.de.xml
new file mode 100644
index 000000000000..55767897a42d
--- /dev/null
+++ b/src/chrome/content/rules/Digitalfernsehen.de.xml
@@ -0,0 +1,33 @@
+<!--
+	Related to digitv.de.xml
+
+	Connection failed:
+		fachhandel.digitalfernsehen.de
+		frequenzen.digitalfernsehen.de
+
+	Invalid certificate:
+		www.leserwahl.digitalfernsehen.de
+		t3red.digitalfernsehen.de
+-->
+<ruleset name="Digitalfernsehen.de" platform="mixedcontent">
+
+	<target host="digitalfernsehen.de" />
+	<target host="www.digitalfernsehen.de" />
+	<target host="api.digitalfernsehen.de" />
+	<target host="forum.digitalfernsehen.de" />
+	<target host="push.digitalfernsehen.de" />
+	<target host="sat.digitalfernsehen.de" />
+	<target host="stage.digitalfernsehen.de" />
+	<target host="wordpress.digitalfernsehen.de" />
+	<target host="wordpress-stage.digitalfernsehen.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<!-- Empty response on https://digitalfernsehen.de/,
+	http://digitalfernsehen.de/ redirects to http://www.digitalfernsehen.de/ -->
+	<rule from="^http://digitalfernsehen\.de/"
+		to="https://www.digitalfernsehen.de/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Digitaliseringsstyrelsen.xml b/src/chrome/content/rules/Digitaliseringsstyrelsen.xml
deleted file mode 100644
index 9084f5893d1c..000000000000
--- a/src/chrome/content/rules/Digitaliseringsstyrelsen.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<ruleset name="Digitaliseringsstyrelsen">
-
-	<!--	* for cross-domain cookie	-->
-	<target host="*.sikker-adgang.dk"/>
-
-	<securecookie host="^(login)?\.sikker-adgang\.dk$" name=".*"/>
-
-	<rule from="^http://login\.sikker-adgang\.dk/"
-		to="https://login.sikker-adgang.dk/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Digitalscirocco.net.xml b/src/chrome/content/rules/Digitalscirocco.net.xml
deleted file mode 100644
index b3060c8b8bf2..000000000000
--- a/src/chrome/content/rules/Digitalscirocco.net.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="digitalscirocco.net">
-
-	<target host="www.digitalscirocco.net" />
-
-
-	<securecookie host="^www\.digitalscirocco\.net$" name=".+" />
-
-
-	<rule from="^http://www\.digitalscirocco\.net/"
-		to="https://www.digitalscirocco.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Digitaltrends.com.xml b/src/chrome/content/rules/Digitaltrends.com.xml
new file mode 100644
index 000000000000..685cff64c52a
--- /dev/null
+++ b/src/chrome/content/rules/Digitaltrends.com.xml
@@ -0,0 +1,33 @@
+<!--
+	Timeout:
+		- shop
+-->
+<ruleset name="Digitaltrends.com">
+	<target host="digitaltrends.com" />
+	<target host="www.digitaltrends.com" />
+	<target host="cdn.digitaltrends.com" />
+	<target host="cdn1.digitaltrends.com" />
+	<target host="cdn2.digitaltrends.com" />
+	<target host="cdn3.digitaltrends.com" />
+	<target host="cdn4.digitaltrends.com" />
+	<target host="cdn5.digitaltrends.com" />
+	<target host="cdn6.digitaltrends.com" />
+	<target host="cdn7.digitaltrends.com" />
+	<target host="cdn8.digitaltrends.com" />
+	<target host="cdn9.digitaltrends.com" />
+	<target host="es.digitaltrends.com" />
+	<target host="icdn.digitaltrends.com" />
+	<target host="icdn1.digitaltrends.com" />
+	<target host="icdn2.digitaltrends.com" />
+	<target host="icdn3.digitaltrends.com" />
+	<target host="icdn4.digitaltrends.com" />
+	<target host="icdn5.digitaltrends.com" />
+	<target host="icdn6.digitaltrends.com" />
+	<target host="icdn7.digitaltrends.com" />
+	<target host="icdn8.digitaltrends.com" />
+	<target host="icdn9.digitaltrends.com" />
+
+	<test url="http://icdn.digitaltrends.com/image/seti_signalstospace_mem5-600x250-c.jpg" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Digitaria.xml b/src/chrome/content/rules/Digitaria.xml
index 71bae3aa2b72..bc22178ec0c5 100644
--- a/src/chrome/content/rules/Digitaria.xml
+++ b/src/chrome/content/rules/Digitaria.xml
@@ -1,4 +1,6 @@
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://redmine.digitaria.com/ => https://redmine.digitaria.com/: (7, 'Failed to connect to redmine.digitaria.com port 80: Connection refused')
 	digitaria.instellaplatform.com
 
 
@@ -11,19 +13,15 @@
 <ruleset name="Digitaria (partial)">
 
 	<target host="redmine.digitaria.com" />
-	<target host="*.insightmgr.com" />
-	<target host="*.digi.insightmgr.com" />
-	<target host="*.www.insightmgr.com" />
+	<target host="digi.insightmgr.com" />
+	<target host="www.insightmgr.com" />
 
 
 	<securecookie host="^redmine\.digitaria\.com$" name=".+" />
 	<securecookie host="^.+\.insightmgr\.com$" name=".+" />
 
 
-	<rule from="^http://redmine\.digitaria\.com/"
-		to="https://redmine.digitaria.com/" />
 
-	<rule from="^http://(digi|www)\.insightmgr\.com/"
-		to="https://$1.insightmgr.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Digitec.xml b/src/chrome/content/rules/Digitec.xml
deleted file mode 100644
index 6e8dcba6d59a..000000000000
--- a/src/chrome/content/rules/Digitec.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="Digitec.ch">
-   <target host="www.digitec.ch" />
-   <target host="digitec.ch" />
-   <securecookie host="^(.*\.)?digitec\.ch$" name=".*" />
-
-   <rule from="^http://(?:www\.)?digitec\.ch/" to="https://www.digitec.ch/"/>
-</ruleset>
-
diff --git a/src/chrome/content/rules/Digitick.com.xml b/src/chrome/content/rules/Digitick.com.xml
new file mode 100644
index 000000000000..fad8f032e439
--- /dev/null
+++ b/src/chrome/content/rules/Digitick.com.xml
@@ -0,0 +1,21 @@
+<!--
+	Invalid certificate:
+		campagne201718.digitick.com
+		crm.digitick.com
+		hotline.digitick.com
+-->
+<ruleset name="Digitick.com">
+	<target host="digitick.com" />
+	<target host="www.digitick.com" />
+	<target host="form.crm.digitick.com" />
+	<target host="static1.digitick.com" />
+	<target host="static2.digitick.com" />
+	<target host="static3.digitick.com" />
+	<target host="static4.digitick.com" />
+	<target host="static5.digitick.com" />
+	<target host="statics.digitick.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Digits.com.xml b/src/chrome/content/rules/Digits.com.xml
new file mode 100644
index 000000000000..17581df54aff
--- /dev/null
+++ b/src/chrome/content/rules/Digits.com.xml
@@ -0,0 +1,32 @@
+<!--
+	For other Twitter coverage, see Twitter.xml.
+
+
+	Nonfunctional hosts:
+
+		- get *
+
+	* Refused
+
+
+	Fully covered hosts:
+
+		- (www.)?
+		- api
+		- cdn
+
+-->
+<ruleset name="Digits.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="digits.com" />
+	<target host="api.digits.com" />
+	<target host="cdn.digits.com" />
+	<target host="www.digits.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Digium.xml b/src/chrome/content/rules/Digium.xml
index 19bf2bf6dc6a..7c26fa01bd90 100644
--- a/src/chrome/content/rules/Digium.xml
+++ b/src/chrome/content/rules/Digium.xml
@@ -7,28 +7,46 @@
 
 	Nonfunctional subdomains:
 
+		- blogs ¹
+		- developers ²
 		- kb	(redirects to http, CN: slotmatching9.salesforce.com)
+		- www ³
 		- www1
 
+	¹ Recursive redirect
+	² Refused
+	³ Redirects to http
+
+
+	Problematic subdomains:
+
+		- ^ ¹
+		- phones ²
+
+	¹ Mismatched
+	² Expired 2014
+
 -->
-<ruleset name="Digium (partial)">
+<ruleset name="Digium.com (partial)">
 
 	<target host="digium.com" />
-	<target host="*.digium.com" />
+	<target host="login.digium.com" />
+	<target host="store.digium.com" />
+	<target host="www.digium.com" />
 
 		<!--
 			Redirects to http.
 						-->
-		<exclusion pattern="^http://www\.digium\.com/en/(?:$|\?)" />
+		<exclusion pattern="^http://www\.digium\.com/(?:en/(?:$|\?|partner-portal|products$)|favicon\.ico|sites/)" />
 
 
+	<securecookie host="^\.digium\.com$" name="^__cfduid$" />
 	<securecookie host="^login\.digium\.com$" name=".+" />
 
 
 	<rule from="^http://digium\.com/"
 		to="https://www.digium.com/" />
 
-	<rule from="^http://(login|store|www)\.digium\.com/"
-		to="https://$1.digium.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Digiweb-self-signed.xml b/src/chrome/content/rules/Digiweb-self-signed.xml
index 551f24901755..44f56b451489 100644
--- a/src/chrome/content/rules/Digiweb-self-signed.xml
+++ b/src/chrome/content/rules/Digiweb-self-signed.xml
@@ -4,9 +4,6 @@
 -->
 <ruleset name="Digiweb (self-signed)" default_off="expired, self-signed">
 
-	<target host="80.93.17.6" />
-	<target host="80.93.17.242" />
-	<target host="80.93.18.36" />
 	<!--	self-signed	-->
 	<target host="uweb2.host.ie" />
 	<target host="uweb3.host.ie" />
@@ -16,19 +13,10 @@
 	<target host="www.securecerts.ie" />
 
 
-	<securecookie host="^uweb[23]\.host\.ie$" name=".*" />
-	<securecookie host="^novweb\.novara\.ie$" name=".*" />
+	<securecookie host="^uweb[23]\.host\.ie$" name=".+" />
+	<securecookie host="^novweb\.novara\.ie$" name=".+" />
 
 
-	<rule from="^https?://80\.93\.17\.6/webshell4($|/)"
-		to="https://uweb2.host.ie/webshell4$1" />
-
-	<rule from="^https?://80\.93\.17\.242/webshell4($|/)"
-		to="https://uweb3.host.ie/webshell4$1" />
-
-	<rule from="^https?://80\.93\.18\.36/webshell4($|/)"
-		to="https://novweb.novara.ie/webshell4$1" />
-
 	<rule from="^http://uweb([23])\.host\.ie/"
 		to="https://uweb$1.host.ie/" />
 
@@ -36,7 +24,7 @@
 		to="https://novweb.novara.ie/" />
 
 	<!--	Cert only matches www.	-->
-	<rule from="^https?://(?:www\.)?securecerts\.ie/"
+	<rule from="^http://(?:www\.)?securecerts\.ie/"
 		to="https://www.securecerts.ie/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Digiweb.xml b/src/chrome/content/rules/Digiweb.xml
index 5c0a213c2a2e..2f658d7d919c 100644
--- a/src/chrome/content/rules/Digiweb.xml
+++ b/src/chrome/content/rules/Digiweb.xml
@@ -1,4 +1,12 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://manage.hosting.digiweb.ie/ => https://manage.hosting.digiweb.ie/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://secureorders.digiweb.ie/ => https://secureorders.digiweb.ie/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://ncm.novarait.com/ => https://ncm.novarait.com/: (28, 'Connection timed out after 20000 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://ncm.novarait.com/ => https://ncm.novarait.com/: (7, 'Failed to connect to ncm.novarait.com port 80: Connection refused')
 	For problematic rules, see Digiweb-self-signed.xml.
 
 
@@ -26,7 +34,7 @@
 		- (www.)whoislookup.ie		(cert: novweb.novara.ie, self-signed; shows that domain's data)
 
 -->
-<ruleset name="Digiweb (partial)">
+<ruleset name="Digiweb (partial)" default_off="failed ruleset test">
 
 	<target host="manage.hosting.digiweb.ie" />
 	<target host="secureorders.digiweb.ie" />
@@ -41,27 +49,27 @@
 	<target host="www.register.ie" />
 
 
-	<securecookie host="^(?:manage\.hosting|secureorders)\.digiweb\.ie$" name=".*" />
-	<securecookie host="^(?:host|register)\.ie$" name=".*" />
-	<securecookie host="^ncm\.novarait\.com$" name=".*" />
+	<securecookie host="^(?:manage\.hosting|secureorders)\.digiweb\.ie$" name=".+" />
+	<securecookie host="^(?:host|register)\.ie$" name=".+" />
+	<securecookie host="^ncm\.novarait\.com$" name=".+" />
 
 
 	<rule from="^http://(manage\.hosting|secureorders)\.digiweb\.ie/"
 		to="https://$1.digiweb.ie/" />
 
 	<!--	Cert only matches //host.ie	-->
-	<rule from="^https?://(?:www\.)?host\.ie/"
+	<rule from="^http://(?:www\.)?host\.ie/"
 		to="https://host.ie/" />
 
 	<rule from="^http://cp\.host\.ie/"
 		to="https://cp.host.ie/" />
 
-	<!--	- pegister: cert only matches //register.ie
+	<!--	- register: cert only matches //register.ie
 		- promote: cert only matches www
 		- promote's cert has expired
 		- promote & novera redirect like so
 			-->
-	<rule from="^https?://(?:www\.)?(?:novera|promote|register)\.ie/"
+	<rule from="^http://(?:www\.)?(?:novera|promote|register)\.ie/"
 		to="https://register.ie/" />
 
 	<rule from="^http://ncm\.novarait\.com/"
diff --git a/src/chrome/content/rules/Dignity_in_Dying.org.uk.xml b/src/chrome/content/rules/Dignity_in_Dying.org.uk.xml
new file mode 100644
index 000000000000..cf449aa8aff4
--- /dev/null
+++ b/src/chrome/content/rules/Dignity_in_Dying.org.uk.xml
@@ -0,0 +1,18 @@
+<ruleset name="Dignity in Dying.org.uk (partial)">
+
+	<target host="dignityindying.org.uk" />
+	<target host="www.dignityindying.org.uk" />
+		<!--
+			Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.dignityindying\.org\.uk/+($|\?)" /-->
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="^http://www\.dignityindying\.org\.uk/+(?!favicon\.ico|support-us($|[?/])|wp-content/|wp-includes/)" /-->
+
+
+	<rule from="^http://(www\.)?dignityindying\.org\.uk/(?=favicon\.ico|support-us(?:$|[?/])|wp-content/|wp-includes/)"
+		to="https://$1dignityindying.org.uk/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Diigo.xml b/src/chrome/content/rules/Diigo.xml
index 916e0519f43d..c929060161de 100644
--- a/src/chrome/content/rules/Diigo.xml
+++ b/src/chrome/content/rules/Diigo.xml
@@ -1,13 +1,12 @@
 <ruleset name="Diigo">
 
 	<target host="diigo.com" />
-	<target host="*.diigo.com" />
+	<target host="www.diigo.com" />
 
 
 	<securecookie host="^\.diigo\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?diigo\.com/"
-		to="https://$1diigo.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Dikkenberg.net.xml b/src/chrome/content/rules/Dikkenberg.net.xml
index 49ac79a026fd..ff8e6ea66253 100644
--- a/src/chrome/content/rules/Dikkenberg.net.xml
+++ b/src/chrome/content/rules/Dikkenberg.net.xml
@@ -1,13 +1,16 @@
+<!--
+	^dikkenberg.net doesn't exist.
+
+-->
 <ruleset name="Dikkenberg.net">
 
-	<target host="dikkenberg.net" />
 	<target host="www.dikkenberg.net" />
 
 
-	<securecookie host="^(?:www\.)?dikkenberg\.net$" name=".+" />
+	<securecookie host="^www\.dikkenberg\.net$" name=".+" />
 
 
-	<rule from="^http://(www\.)?dikkenberg\.net/"
-		to="https://$1dikkenberg.net/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/DilbertFiles.org.xml b/src/chrome/content/rules/DilbertFiles.org.xml
index 80a37593abbc..a805c1f968b5 100644
--- a/src/chrome/content/rules/DilbertFiles.org.xml
+++ b/src/chrome/content/rules/DilbertFiles.org.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://secure.dilbertfiles.com/ => https://secure.dilbertfiles.com/: (60, 'SSL certificate problem: certificate has expired')
+
 	Nonfunctional subdomains:
 
 		- (www.)	(redirects to secure, valid cert)
@@ -10,7 +14,7 @@
 		- Image on secure from www
 
 -->
-<ruleset name="DilbertFiles.org (partial)" platform="mixedcontent">
+<ruleset name="DilbertFiles.org (partial)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="secure.dilbertfiles.com" />
 
@@ -18,7 +22,6 @@
 	<securecookie host="^secure\.dilbertfiles\.com$" name=".+" />
 
 
-	<rule from="^http://secure\.dilbertfiles\.com/"
-		to="https://secure.dilbertfiles.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Dilcdn.com.xml b/src/chrome/content/rules/Dilcdn.com.xml
index acab62d9e61c..36a4f6051b0a 100644
--- a/src/chrome/content/rules/Dilcdn.com.xml
+++ b/src/chrome/content/rules/Dilcdn.com.xml
@@ -17,7 +17,6 @@
 	<target host="a.dilcdn.com" />
 
 
-	<rule from="^http://a\.dilcdn\.com/"
-		to="https://a.dilcdn.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Dillinger.io.xml b/src/chrome/content/rules/Dillinger.io.xml
new file mode 100644
index 000000000000..6aae15d3fb5b
--- /dev/null
+++ b/src/chrome/content/rules/Dillinger.io.xml
@@ -0,0 +1,8 @@
+<ruleset name="Dillinger.io">
+	<target host="dillinger.io" />
+	<target host="www.dillinger.io" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Dinahosting.com.xml b/src/chrome/content/rules/Dinahosting.com.xml
new file mode 100644
index 000000000000..32d07fe05d55
--- /dev/null
+++ b/src/chrome/content/rules/Dinahosting.com.xml
@@ -0,0 +1,33 @@
+<!--
+	Other dinahosting rulesets:
+
+		- Dinahosting.pt.xml
+
+
+	Insecure cookies are set for these domains:
+
+		- .dinahosting.com
+
+-->
+<ruleset name="dinahosting.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="dinahosting.com" />
+	<target host="ca.dinahosting.com" />
+	<target host="es.dinahosting.com" />
+	<target host="gl.dinahosting.com" />
+	<target host="www.dinahosting.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.dinahosting\.com$" name="^trasno_banner_\d+(?:#meta)?$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Dinahosting.pt.xml b/src/chrome/content/rules/Dinahosting.pt.xml
new file mode 100644
index 000000000000..d3f378649861
--- /dev/null
+++ b/src/chrome/content/rules/Dinahosting.pt.xml
@@ -0,0 +1,42 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://dinahosting.pt/ => https://dinahosting.pt/: (51, "SSL: no alternative certificate subject name matches target host name 'dinahosting.pt'")
+Fetch error: http://www.dinahosting.pt/ => https://dinahosting.pt/: (51, "SSL: no alternative certificate subject name matches target host name 'dinahosting.pt'")
+
+	For other dinahosting coverage, see Dinahosting.com.xml.
+
+
+	www.dinahosting.pt: Mismatched
+
+
+	Insecure cookies are set for these domains:
+
+		- .dinahosting.pt
+
+-->
+<ruleset name="dinahosting.pt" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="dinahosting.pt" />
+
+	<!--	Complications:
+				-->
+	<target host="www.dinahosting.pt" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.dinahosting\.pt$" name="^(?:aceptadaPoliticaCookies|trasno_banner_\d+)(?:#meta)?$" /-->
+
+	<securecookie host="^\.dinahosting\.pt$" name=".+" />
+
+
+	<rule from="^http://www\.dinahosting\.pt/"
+		to="https://dinahosting.pt/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Diogo_Monica.com.xml b/src/chrome/content/rules/Diogo_Monica.com.xml
new file mode 100644
index 000000000000..709650a13a4e
--- /dev/null
+++ b/src/chrome/content/rules/Diogo_Monica.com.xml
@@ -0,0 +1,23 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .diogomonica.com
+
+-->
+<ruleset name="Diogo Monica.com">
+
+	<target host="diogomonica.com" />
+	<target host="www.diogomonica.com" />
+
+
+	<!--	CloudFlare cookies:
+				-->
+	<!--securecookie host="^\.diogomonica\.com$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Direct-Marketing-Association.xml b/src/chrome/content/rules/Direct-Marketing-Association.xml
index 7608cc238118..90db3de74ff5 100644
--- a/src/chrome/content/rules/Direct-Marketing-Association.xml
+++ b/src/chrome/content/rules/Direct-Marketing-Association.xml
@@ -1,11 +1,10 @@
 <ruleset name="Direct Marketing Association">
 
-	<target host="dma.org.uk"/>
-	<target host="*.dma.org.uk"/>
+	<target host="dma.org.uk" />
+	<target host="www.dma.org.uk" />
 
-	<securecookie host="^(.*\.)?dma\.org\.uk$" name=".*"/>
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(www\.)?dma\.org\.uk/"
-		to="https://$1dma.org.uk/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/DirectActionEverywhere.com.xml b/src/chrome/content/rules/DirectActionEverywhere.com.xml
new file mode 100644
index 000000000000..8a84f8fa590e
--- /dev/null
+++ b/src/chrome/content/rules/DirectActionEverywhere.com.xml
@@ -0,0 +1,28 @@
+<!--
+	Invalid certificate:
+		directactioneverywhere.com
+
+		www.dxetech.org
+
+	Time out:
+		discourse.directactioneverywhere.com
+
+-->
+<ruleset name="DirectActionEverywhere.com">
+
+	<target host="directactioneverywhere.com" />
+	<target host="www.directactioneverywhere.com" />
+
+	<target host="dxetech.org" />
+	<target host="chapters-map.dxetech.org" />
+	<target host="sendy.dxetech.org" />
+	<target host="static.dxetech.org" />
+		<test url="http://static.dxetech.org/analytics/out/analytics.js" />
+
+	<rule from="^http://directactioneverywhere\.com/"
+		to="https://www.directactioneverywhere.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DirectAdvert.ru.xml b/src/chrome/content/rules/DirectAdvert.ru.xml
new file mode 100644
index 000000000000..dbe10d495d40
--- /dev/null
+++ b/src/chrome/content/rules/DirectAdvert.ru.xml
@@ -0,0 +1,50 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://directadvert.ru/ => https://directadvert.ru/: (51, "SSL: no alternative certificate subject name matches target host name 'directadvert.ru'")
+
+	Nonfunctional hosts in *directadvert.ru:
+
+		- partner *
+
+	* Shows www.directadvert.ru
+
+
+	Insecure cookies are set for these domains:
+
+		- .directadvert.ru
+
+
+	Mixed content:
+
+		- Bugs, on www from:
+
+			- (www.)?megastock.ru ¹
+			- counter.rambler.ru ²
+
+	¹ Ruleset disabled by default <= self-signed
+	² Secured by us
+
+-->
+<ruleset name="DirectAdvert.ru (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="directadvert.ru" />
+	<target host="agent.directadvert.ru" />
+	<target host="code.directadvert.ru" />
+	<target host="st.directadvert.ru" />
+	<target host="www.directadvert.ru" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.directadvert\.ru$" name="^(?:da_fblikebox_show|[rt]_\d+)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DirectSpace.xml b/src/chrome/content/rules/DirectSpace.xml
index c2f0bcdbcade..b38b27485ce6 100644
--- a/src/chrome/content/rules/DirectSpace.xml
+++ b/src/chrome/content/rules/DirectSpace.xml
@@ -2,6 +2,6 @@
   <target host="directspace.net"/>
   <target host="www.directspace.net"/>
 
-  <rule from="^http://(www\.)?directspace\.net/" to="https://directspace.net/"/>
+  <rule from="^http:" to="https:" />
 </ruleset>
 <!-- Rule generated by HTTPS Finder 0.77 -->
diff --git a/src/chrome/content/rules/Direct_Line.com.xml b/src/chrome/content/rules/Direct_Line.com.xml
new file mode 100644
index 000000000000..a92e1471112f
--- /dev/null
+++ b/src/chrome/content/rules/Direct_Line.com.xml
@@ -0,0 +1,52 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://directline.com/ => https://uk3.directline.com/: (28, 'Connection timed out after 20000 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://directline.com/ => https://uk3.directline.com/: (28, 'Resolving timed out after 10517 milliseconds')
+	Problematic subdomains:
+
+		- (www.) ¹
+		- faq ²
+
+	¹ Mismatched, CN: uk3.directline.com
+	² Works; mismatched, CN: *.metafaq.com
+
+
+	Fully covered subdomains:
+
+		- (www.) ¹
+		- amendsonline
+		- faq ²
+		- uk3
+
+	¹ → uk3
+	² → directline.metafaq.com
+
+-->
+<ruleset name="Direct Line.com" default_off="failed ruleset test">
+
+	<target host="directline.com" />
+	<target host="uk3.directline.com" />
+	<target host="www.directline.com" />
+	<target host="amendsonline.directline.com" />
+	<target host="faq.directline.com" />
+	<target host="directline.metafaq.com" />
+
+
+	<!--	Server sets Secure for:
+					-->
+	<!--securecookie host="^(amendsonline|uk3)\.directline\.com$" name=".+" /-->
+	<!--securecookie host="^directline\.metafaq\.com$" name=".+" /-->
+
+
+	<rule from="^http://(?:uk3\.|www\.)?directline\.com/"
+		to="https://uk3.directline.com/" />
+
+
+	<rule from="^http://(?:faq\.directline|directline\.metafaq)\.com/"
+		to="https://directline.metafaq.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Direct_Mail_Mac.com.xml b/src/chrome/content/rules/Direct_Mail_Mac.com.xml
new file mode 100644
index 000000000000..8e7da96244db
--- /dev/null
+++ b/src/chrome/content/rules/Direct_Mail_Mac.com.xml
@@ -0,0 +1,32 @@
+<!--
+	Other Direct Mail rulesets:
+
+		- DM_mailing_list.com.xml
+
+
+	CDN buckets:
+
+		- d39okwd0art5yj.cloudfront.net	← four.cdn
+
+
+	Problematic hosts in *directmailmac.com:
+
+		- (www.)? ᵐ
+		- four.cdn ᶜ ᵐ
+
+	ᶜ Cloudfront
+	ᵐ Mismatched
+
+-->
+<ruleset name="Direct Mail Mac.com (partial)">
+
+	<!--	Complications:
+				-->
+	<target host="four.cdn.directmailmac.com" />
+
+		<test url="http://four.cdn.directmailmac.com/images/compose_icon@2x.png" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Directa.cat.xml b/src/chrome/content/rules/Directa.cat.xml
new file mode 100644
index 000000000000..8fb1df10fce9
--- /dev/null
+++ b/src/chrome/content/rules/Directa.cat.xml
@@ -0,0 +1,18 @@
+<!--
+	Mixed content:
+
+		- Ads from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Directa.cat">
+
+	<target host="directa.cat" />
+	<target host="www.directa.cat" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Directbox.xml b/src/chrome/content/rules/Directbox.xml
index 5af49c3f6190..d47f3ba302d6 100644
--- a/src/chrome/content/rules/Directbox.xml
+++ b/src/chrome/content/rules/Directbox.xml
@@ -1,16 +1,42 @@
+
+<!--
+	Invalid certificate:
+		directbox.(!com)
+		www.directbox.(!com)
+		neu.directbox.com
+
+-->
 <ruleset name="Directbox">
-  <target host="directbox.*" />
-  <target host="www.directbox.at" />
-  <target host="www.directbox.biz" />
-  <target host="www.directbox.ch" />
-  <target host="www.directbox.com" />
-  <target host="www.directbox.de" />
-  <target host="www.directbox.eu" />
-  <target host="www.directbox.info" />
-  <target host="www.directbox.net" />
-  <target host="www.directbox.tv" />
-  <target host="neu.directbox.com" />
-
-  <rule from="^http://(?:www\.)?directbox\.(?:at|biz|ch|com|de|eu|info|net|tv)/" to="https://www.directbox.com/"/>
-  <rule from="^http://neu\.directbox\.com/" to="https://neu.directbox.com/" />
-</ruleset> 
+
+	<target host="directbox.com" />
+	<target host="www.directbox.com" />
+
+	<target host="directbox.at" />
+	<target host="www.directbox.at" />
+
+	<target host="directbox.biz" />
+	<target host="www.directbox.biz" />
+
+	<target host="directbox.ch" />
+	<target host="www.directbox.ch" />
+
+	<target host="directbox.de" />
+	<target host="www.directbox.de" />
+
+	<target host="directbox.eu" />
+	<target host="www.directbox.eu" />
+
+	<target host="directbox.info" />
+	<target host="www.directbox.info" />
+
+	<target host="directbox.net" />
+	<target host="www.directbox.net" />
+
+	<target host="directbox.tv" />
+	<target host="www.directbox.tv" />
+
+	<rule from="^http://(www\.)?directbox\.(at|biz|ch|de|eu|info|net|tv)/" to="https://www.directbox.com/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Directgov-mismatches.xml b/src/chrome/content/rules/Directgov-mismatches.xml
index f132130eee1a..465901a30d3e 100644
--- a/src/chrome/content/rules/Directgov-mismatches.xml
+++ b/src/chrome/content/rules/Directgov-mismatches.xml
@@ -4,16 +4,10 @@
 -->
 <ruleset name="Directgov (mismatches)" default_off="mismatch, self-signed" platform="mixedcontent">
 
-	<!--	*.wordpress.com
-		blog is at alphagov.wordpress.com, but redirects	-->
-	<target host="digital.cabinetoffice.gov.uk" />
 	<!--	cert: Parallels Panel	-->
 	<target host="ico.jobs" />
 	<target host="www.ico.jobs" />
-	<target host="www.northdown.gov.uk" />	
-
-	<rule from="^http://digital\.cabinetoffice\.gov\.uk/"
-		to="https://digital.cabinetoffice.gov.uk/" />
+	<target host="www.northdown.gov.uk" />
 
 	<rule from="^http://epetitions\.direct\.gov\.uk/(images/|javascripts/|stylesheets/)"
 		to="https://epetitions.direct.gov.uk/$1" />
diff --git a/src/chrome/content/rules/Directgov.xml b/src/chrome/content/rules/Directgov.xml
index 7f2159eac563..5d2647679d25 100644
--- a/src/chrome/content/rules/Directgov.xml
+++ b/src/chrome/content/rules/Directgov.xml
@@ -1,19 +1,62 @@
+
 <!--
-	For rules that are off by default, see Directgov-mismatches.xml.
+Disabled by https-everywhere-checker because:
+Fetch error: http://submissions.epetitions.direct.gov.uk/ => https://submissions.epetitions.direct.gov.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'submissions.epetitions.direct.gov.uk'")
+Fetch error: http://adminnationalcareersservice.direct.gov.uk/ => https://adminnationalcareersservice.direct.gov.uk/: (6, 'Could not resolve host: adminnationalcareersservice.direct.gov.uk')
+Fetch error: http://www.nationalcareersservice.direct.gov.uk/ => https://www.nationalcareersservice.direct.gov.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'www.nationalcareersservice.direct.gov.uk'")
 
+	For rules that are off by default, see Directgov-mismatches.xml.
 
 	For other UK government coverage, see GOV.UK.xml.
 
+
+	Nonfunctional:
+
+		- (campaigns|mycouncil|origin).direct.gov.uk	(EdgeCast CDN)
+		- innovate-apps.direct.gov.uk			(self-signed)
+		- jobseekers.direct.gov.uk			(timeout)
+		- local.direct.gov.uk ᵈ
+		- think.direct.gov.uk ᵃ
+		- unistats.direct.gov.uk
+
+	ᵃ Shows another domain
+	ᵈ Dropped
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .direct.gov.uk
+		- nationalcareersservice.direct.gov.uk
+
 -->
-<ruleset name="Directgov (partial)">
+<ruleset name="Direct.gov.uk (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="submissions.epetitions.direct.gov.uk" />
+	<target host="adminnationalcareersservice.direct.gov.uk" />
+	<target host="nationalcareersservice.direct.gov.uk" />
+	<target host="www.nationalcareersservice.direct.gov.uk" />
+	<target host="www.direct.gov.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="direct.gov.uk" />
+
 
-	<target host="*.epetitions.direct.gov.uk" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.direct\.gov\.uk$" name="^BC_HA_[\da-f]{16}_[\dA-F]{8}$" /-->
+	<!--securecookie host="^nationalcareersservice\.direct\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
 
+	<securecookie host="^\.epetitions\." name=".+" />
+	<securecookie host="^\w" name=".+" />
 
-	<securecookie host="^.*\.epetitions\.direct\.gov\.uk$" name=".*" />
 
+	<rule from="^http://direct\.gov\.uk/"
+		to="https://www.direct.gov.uk/" />
 
-	<rule from="^http://submissions\.epetitions\.direct\.gov\.uk/"
-		to="https://submissions.epetitions.direct.gov.uk/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/DirectoryOpus.xml b/src/chrome/content/rules/DirectoryOpus.xml
new file mode 100644
index 000000000000..f11f74f4442b
--- /dev/null
+++ b/src/chrome/content/rules/DirectoryOpus.xml
@@ -0,0 +1,11 @@
+<ruleset name="Directory Opus">
+        <target host="www.gpsoft.com.au" />
+        <target host="resource.dopus.com" />
+
+
+        <rule from="^http:"
+                to="https:" />
+</ruleset>
+<!--	v2015-07-27
+Forum's member submitted (thread/post) content might contain 3rd-party image that is not HTTPS.
+-->
diff --git a/src/chrome/content/rules/Directorystore.com.xml b/src/chrome/content/rules/Directorystore.com.xml
new file mode 100644
index 000000000000..d06a12a0cfd4
--- /dev/null
+++ b/src/chrome/content/rules/Directorystore.com.xml
@@ -0,0 +1,62 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.directorystore.com/hottopics/best_sellers.jsp => https://www.directorystore.com/hottopics/best_sellers.jsp: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.directorystore.com/aboutus/support.jsp => https://www.directorystore.com/aboutus/support.jsp: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.directorystore.com/myaccount/index.jsp => https://www.directorystore.com/myaccount/index.jsp: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.directorystore.com/register/register.jsp => https://www.directorystore.com/register/register.jsp: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.directorystore.com/sitemap.jsp => https://www.directorystore.com/sitemap.jsp: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://directorystore.com/ => https://www.directorystore.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.directorystore.com/ => https://www.directorystore.com/: (60, 'SSL certificate problem: certificate has expired')
+
+	For other Dex Media coverage, see Dex_Media.com.xml.
+
+
+	^: Shows tree
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.directorystore.com
+
+-->
+<ruleset name="Directorystore.com (partial)" default_off="failed ruleset test">
+
+        <target host="directorystore.com"/>
+        <target host="www.directorystore.com"/>
+
+		<!--	Redirects to http:
+						-->
+		<exclusion pattern="^http://www\.directorystore\.com/index\.jsp" />
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="^http://www\.directorystore\.com/+(?!aboutus/support\.jsp|hottopics/best_sellers\.jsp|myaccount/index\.jsp|product/productdetail\.jsp|register/register\.jsp|sitemap\.jsp)" /-->
+
+			<!--	+ve:
+					-->
+			<test url="http://www.directorystore.com/index.jsp" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.directorystore.com/hottopics/best_sellers.jsp" />
+			<test url="http://www.directorystore.com/aboutus/support.jsp" />
+			<test url="http://www.directorystore.com/myaccount/index.jsp" />
+			<test url="http://www.directorystore.com/register/register.jsp" />
+			<test url="http://www.directorystore.com/sitemap.jsp" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.directorystore\.com$" name="^(JSESSIONID|NSC_xxx-\w+)$" /-->
+
+	<!--securecookie host="^(?:.*\.)?directorystore\.com$" name=".*"/-->
+
+
+	<rule from="^http://directorystore\.com/"
+		to="https://www.directorystore.com/"/>
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Directrev.com.xml b/src/chrome/content/rules/Directrev.com.xml
index f8c69ccd8b8f..05951eaffdab 100644
--- a/src/chrome/content/rules/Directrev.com.xml
+++ b/src/chrome/content/rules/Directrev.com.xml
@@ -1,12 +1,56 @@
+<!--
+	CDN buckets:
+
+		- d1gl4fdbjuiapz.cloudfront.net	← re
+		- d2wxwu28a4m0zf.cloudfront.net	← cdn
+		- az413505.vo.msecnd.net
+
+
+	Problematic hosts in *directrev.com:
+
+		- ^ ᵈ
+		- cdn ᵐ
+		- re ᵐ
+		- www ᵐ
+
+	ᵈ Dropped, preemptable redirect
+	ᵐ Cloudfront / mismatched
+
+
+	Insecure cookies are set for these domains: ᶜ
+
+		- .directrev.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
 <ruleset name="directrev.com">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="ad.directrev.com" />
 
+	<!--	Complications:
+				-->
+	<target host="cdn.directrev.com" />
+	<target host="re.directrev.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.directrev\.com$" name="^OAX$" /-->
+
+	<securecookie host="^\." name="^(?:_gat?$|_gat_|OAX$)" />
+	<securecookie host="^\w" name=".+" />
+
 
-	<securecookie host="^ad\.directrev\.com$" name=".+" />
+	<rule from="^http://cdn\.directrev\.com/"
+		to="https://d2wxwu28a4m0zf.cloudfront.net/" />
 
+	<rule from="^http://re\.directrev\.com/"
+		to="https://d1gl4fdbjuiapz.cloudfront.net/" />
 
-	<rule from="^http://ad\.directrev\.com/"
-		to="https://ad.directrev.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Dirk.to.xml b/src/chrome/content/rules/Dirk.to.xml
new file mode 100644
index 000000000000..4d8e0d5118b0
--- /dev/null
+++ b/src/chrome/content/rules/Dirk.to.xml
@@ -0,0 +1,9 @@
+<ruleset name="Dirk.to">
+
+	<target host="dirk.to" />
+	<target host="www.dirk.to" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Dirty.ru.xml b/src/chrome/content/rules/Dirty.ru.xml
new file mode 100644
index 000000000000..ab9a05f2a7e9
--- /dev/null
+++ b/src/chrome/content/rules/Dirty.ru.xml
@@ -0,0 +1,19 @@
+<!--
+	Problematic hosts in *dirty.ru:
+
+		- pit *
+
+	* Server sends no certificate chain, see https://whatsmychaincert.com
+
+-->
+<ruleset name="dirty.ru" default_off="cert-chain">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="pit.dirty.ru" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Dirxion.xml b/src/chrome/content/rules/Dirxion.xml
index ec2d68be762a..24fe7dc8dfa7 100644
--- a/src/chrome/content/rules/Dirxion.xml
+++ b/src/chrome/content/rules/Dirxion.xml
@@ -5,16 +5,16 @@
 <ruleset name="Dirxion">
 
 	<target host="dirxion.com" />
-	<target host="*.dirxion.com" />
+	<target host="www.dirxion.com" />
+	<target host="blogs.dirxion.com" />
 
 
 	<securecookie host="^.*\.dirxion\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?dirxion\.com/"
+	<rule from="^http://(?:www\.)?dirxion\.com/"
 		to="https://www.dirxion.com/" />
 
-	<rule from="^http://blogs\.dirxion\.com/"
-		to="https://blogs.dirxion.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Disability.gov.xml b/src/chrome/content/rules/Disability.gov.xml
deleted file mode 100644
index dfacc62ce286..000000000000
--- a/src/chrome/content/rules/Disability.gov.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="Disability.gov">
-	<target host="disability.gov" />
-	<target host="www.disability.gov" />
-
-	<securecookie host="^((www)?\.)?disability\.gov$" name=".+" />
-
-	<rule from="^http://(www\.)?disability\.gov/" to="https://www.disability.gov/" />
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/DisabledGo.com.xml b/src/chrome/content/rules/DisabledGo.com.xml
new file mode 100644
index 000000000000..cf26096badfa
--- /dev/null
+++ b/src/chrome/content/rules/DisabledGo.com.xml
@@ -0,0 +1,32 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://disabledgo.com/ => https://disabledgo.com/: (60, 'SSL certificate problem: certificate has expired')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://disabledgo.com/ => https://disabledgo.com/: Cycle detected - URL already encountered: https://disabledgo.com/home/
+	Mixed content:
+
+		- css from fonts.googleapis.com *
+		- favicon from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="DisabledGo.com (partial)" default_off="failed ruleset test">
+
+	<target host="disabledgo.com" />
+	<target host="www.disabledgo.com" />
+		<!--
+			Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.disabledgo\.com/($|contact-us$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.disabledgo\.com/+(?![Ff]ile[Dd]epository/|(?:forgotten-password|login-register)(?:$|[?/])|[Ss]ite/|styleresource\.webpos)" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Disc-soft.com.xml b/src/chrome/content/rules/Disc-soft.com.xml
index b5347486cba7..1a5685577b47 100644
--- a/src/chrome/content/rules/Disc-soft.com.xml
+++ b/src/chrome/content/rules/Disc-soft.com.xml
@@ -3,7 +3,7 @@
   <target host="disc-soft.com"/>
   <target host="www.disc-soft.com"/>
   <target host="img.disc-soft.com"/>
-  
+
   <rule from="^http://(secure|img)\.disc-soft\.com/" to="https://$1.disc-soft.com/"/>
-  <rule from="^http://(www\.)?disc-soft\.com/" to="https://www.disc-soft.com/"/>
-</ruleset>
\ No newline at end of file
+  <rule from="^http://(?:www\.)?disc-soft\.com/" to="https://www.disc-soft.com/"/>
+</ruleset>
diff --git a/src/chrome/content/rules/DiscoSoupe.org.xml b/src/chrome/content/rules/DiscoSoupe.org.xml
new file mode 100644
index 000000000000..a2889f5751e4
--- /dev/null
+++ b/src/chrome/content/rules/DiscoSoupe.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="DiscoSoupe.org">
+
+	<target host="discosoupe.org" />
+	<target host="www.discosoupe.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Discogs.com.xml b/src/chrome/content/rules/Discogs.com.xml
new file mode 100644
index 000000000000..0bc2c6098148
--- /dev/null
+++ b/src/chrome/content/rules/Discogs.com.xml
@@ -0,0 +1,40 @@
+<!--
+	No working URL known:
+		e.discogs.com
+		gateway.discogs.com
+		hiphop.discogs.com
+		images.discogs.com
+		lb1.discogs.com
+		lb2.discogs.com
+		mail.discogs.com
+		rock.discogs.com
+		secure.discogs.com
+		static.discogs.com
+		wiki.discogs.com
+
+	Invalid certificate:
+		s.dsimg.com
+
+-->
+<ruleset name="Discogs.com">
+
+	<target host="discogs.com" />
+	<target host="www.discogs.com" />
+	<target host="api.discogs.com" />
+	<target host="auth.discogs.com" />
+	<target host="blog.discogs.com" />
+	<target host="cdn.discogs.com" />
+	<target host="data.discogs.com" />
+	<target host="eushop.discogs.com" />
+	<target host="help.discogs.com" />
+	<target host="img.discogs.com" />
+		<test url="http://img.discogs.com/lcyu7b876P2cNYyVfK8T4iUJEbc=/300x300/filters:strip_icc():format(jpeg):mode_rgb():quality(40)/discogs-images/R-10091415-1491452827-4338.jpeg.jpg" />
+	<target host="s.discogs.com" />
+		<test url="http://s.discogs.com/dst/stylesheets/discogs.css" />
+	<target host="sellerhelp.discogs.com" />
+	<target host="support.discogs.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Discogs.xml b/src/chrome/content/rules/Discogs.xml
deleted file mode 100644
index 0c6a4c50e176..000000000000
--- a/src/chrome/content/rules/Discogs.xml
+++ /dev/null
@@ -1,29 +0,0 @@
-<!--
-	dsimg is hosted by EdgeCast.  ToDo: Find bucket
-
--->
-<ruleset name="Discogs (partial)" platform="mixedcontent">
-
-	<target host="discogs.com" />
-	<target host="www.discogs.com" />
-	<target host="images.discogsmp3.com" />
-	<target host="s.dsimg.com" />
-	<target host="s.pixogs.com" />
-
-
-	<!--	- !www 404s over https
-		- !www redirects to www over http
-					-->
-	<rule from="^https?://(?:www\.)?discogs\.com/((?:css|developers|users|images?)/|help$)"
-		to="https://www.discogs.com/$1" />
-
-	<rule from="^https?://images\.discogsmp3\.com/"
-		to="https://images.juno.co.uk/" />
-
-	<rule from="^https?://s\.dsimg\.com/"
-		to="https://www.discogs.com/" />
-
-	<rule from="^http://s\.pixogs\.com/"
-		to="https://s.pixogs.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Discojuice.org.xml b/src/chrome/content/rules/Discojuice.org.xml
index d67a5c98fef5..287b0cceb362 100644
--- a/src/chrome/content/rules/Discojuice.org.xml
+++ b/src/chrome/content/rules/Discojuice.org.xml
@@ -12,10 +12,12 @@
 -->
 <ruleset name="discojuice.org (partial)">
 
-	<target host="*.discojuice.org" />
+	<target host="engine.discojuice.org" />
+	<target host="static.discojuice.org" />
+	<target host="store.discojuice.org" />
 
 
-	<rule from="^http://(engine|static|store)\.discojuice\.org/"
-		to="https://$1.discojuice.org/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Disconnect.me.xml b/src/chrome/content/rules/Disconnect.me.xml
index 1144848710ff..4defe4da81ce 100644
--- a/src/chrome/content/rules/Disconnect.me.xml
+++ b/src/chrome/content/rules/Disconnect.me.xml
@@ -1,4 +1,5 @@
 <!--
+
 	CDN buckets:
 
 		- s3.amazonaws.com/disconnectblogimages/
@@ -9,18 +10,25 @@
 		- (www.)
 		- blog
 		- forum
+		- search
 
 -->
-<ruleset name="Disconnect.me">
+<ruleset name="Disconnect.me" >
 
 	<target host="disconnect.me" />
-	<target host="*.disconnect.me" />
+	<target host="www.disconnect.me" />
+	<target host="blog.disconnect.me" />
+	<target host="forum.disconnect.me" />
+	<target host="search.disconnect.me" />
 
 
 	<securecookie host="^blog\.disconnect\.me$" name=".+" />
 
 
-	<rule from="^http://((?:blog|forum|www)\.)?disconnect\.me/"
-		to="https://$1disconnect.me/" />
+	<rule from="^http://forum\.disconnect\.me/"
+		to="https://disconnect.me/forum/" />
+
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Discord.me.xml b/src/chrome/content/rules/Discord.me.xml
new file mode 100644
index 000000000000..99c4d68804cd
--- /dev/null
+++ b/src/chrome/content/rules/Discord.me.xml
@@ -0,0 +1,8 @@
+<ruleset name="Discord.me">
+	<target host="discord.me" />
+	<target host="www.discord.me" />
+
+	<securecookie host="^discord\.me$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/DiscountTheatre.xml b/src/chrome/content/rules/DiscountTheatre.xml
deleted file mode 100644
index ec21e2b8ea8a..000000000000
--- a/src/chrome/content/rules/DiscountTheatre.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="DiscountTheatre.com">
-
-	<target host="discounttheatre.com" />
-	<target host="www.discounttheatre.com" />
-
-	<!--	Cert doesn't match !www.	-->
-	<rule from="^http://(?:www\.)?discounttheatre\.com/"
-		to="https://www.discounttheatre.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Discourse.org.xml b/src/chrome/content/rules/Discourse.org.xml
new file mode 100644
index 000000000000..f6b714342d52
--- /dev/null
+++ b/src/chrome/content/rules/Discourse.org.xml
@@ -0,0 +1,41 @@
+<!--
+	CDN buckets:
+
+		- meta-discourse.r.worldssl.net
+
+
+	Nonfunctional subdomains:
+
+		- (www.) ¹
+		- blog ¹
+		- try ²
+
+	¹ Redirects to http, valid cert
+	² Refused
+
+	Cloudflare SSL:
+
+		- $
+		- www
+		- blog
+
+	Fully covered subdomains:
+
+		- cdn
+		- meta
+		- payments
+
+-->
+<ruleset name="Discourse.org (partial)">
+
+	<target host="discourse.org" />
+	<target host="blog.discourse.org" />
+	<target host="cdn.discourse.org" />
+	<target host="meta.discourse.org" />
+	<target host="payments.discourse.org" />
+	<target host="www.discourse.org" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Discover-Magazine.xml b/src/chrome/content/rules/Discover-Magazine.xml
deleted file mode 100644
index d845e6b238a0..000000000000
--- a/src/chrome/content/rules/Discover-Magazine.xml
+++ /dev/null
@@ -1,33 +0,0 @@
-<!--
-	CDN buckets:
-
-		- d2lcm6dnbncm78.cloudfront.net
-
-			- cdn.media.discovermagazine.com
-
-
-	Nonfunctional subdomains
-
-		- (www.)
-		- subscribe
-
--->
-<ruleset name="Discover Magazine (partial)">
-
-	<target host="*.discovermagazine.com" />
-	<target host="cdn.media.discovermagazine.com" />
-
-
-	<securecookie host="^(?:blogs|secure)\.discovermagazine\.com$" name=".+" />
-
-
-	<rule from="^http://(blogs|secure)\.discovermagazine\.com/"
-		to="https://$1.discovermagazine.com/" />
-
-	<rule from="^https?://cdn\.media\.discovermagazine\.com/"
-		to="https://d2lcm6dnbncm78.cloudfront.net/" />
-
-	<rule from="^https?://subscribe\.discovermagazine\.com/(?:digital/|\?.*)?"
-		to="https://secure.discovermagazine.com/pubs/AG/DSD/DSDDCR_Zinio_Subscription-FreeGift-update2.jsp?cds_page_id=122337&amp;cds_mag_code=DSD&amp;cds_response_key=IF28R1" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Discover-the-Truth.com.xml b/src/chrome/content/rules/Discover-the-Truth.com.xml
new file mode 100644
index 000000000000..15506fdfbed8
--- /dev/null
+++ b/src/chrome/content/rules/Discover-the-Truth.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="Discover-the-Truth.com">
+	<target host="discover-the-truth.com" />
+	<target host="www.discover-the-truth.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Discover.com.xml b/src/chrome/content/rules/Discover.com.xml
new file mode 100644
index 000000000000..1b072bde9ace
--- /dev/null
+++ b/src/chrome/content/rules/Discover.com.xml
@@ -0,0 +1,20 @@
+<!--
+	Other Discover rulesets:
+
+		- Discover_Card.com.xml
+		- Discover_Merchants.com.xml
+		- Discover_Network.com.xml
+		- Discover_Signage.com.xml
+
+-->
+<ruleset name="Discover.com">
+
+	<target host="discover.com" />
+	<target host="m.discover.com" />
+	<target host="search.discover.com" />
+	<target host="www.discover.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DiscoverBSD.com.xml b/src/chrome/content/rules/DiscoverBSD.com.xml
new file mode 100644
index 000000000000..fb77775296d7
--- /dev/null
+++ b/src/chrome/content/rules/DiscoverBSD.com.xml
@@ -0,0 +1,29 @@
+<!--
+	Mixed content:
+
+		- css on www from fonts.googleapis.com *
+
+		- Images, on:
+
+			- www from \d.bp.blogspot.com *
+			- www from hq-wall.net
+
+		- favicon on www from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="DiscoverBSD.com">
+
+	<target host="discoverbsd.com" />
+	<target host="bsdhistory.discoverbsd.com" />
+	<target host="www.discoverbsd.com" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DiscoverMagazine.com.xml b/src/chrome/content/rules/DiscoverMagazine.com.xml
new file mode 100644
index 000000000000..cb1532fe60f9
--- /dev/null
+++ b/src/chrome/content/rules/DiscoverMagazine.com.xml
@@ -0,0 +1,22 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+		- www.discovermagazine.com
+		- mblogs.discovermagazine.com
+		- subscribe.discovermagazine.com
+
+		Timeout was reached:
+		- discovermagazine.com
+		- sitecore.discovermagazine.com
+
+		SSL peer certificate was not OK:
+		- cdn.media.discovermagazine.com
+
+		Mixed content blocking (MCB) triggered:
+		- blogs.discovermagazine.com
+-->
+<ruleset name="Discover Magazine.com (partial)" platform="mixedcontent">
+	<target host="blogs.discovermagazine.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Discover_Card.com.xml b/src/chrome/content/rules/Discover_Card.com.xml
new file mode 100644
index 000000000000..016ff69ae404
--- /dev/null
+++ b/src/chrome/content/rules/Discover_Card.com.xml
@@ -0,0 +1,18 @@
+<!--
+	For other Discover coverage, see Discover.com.xml.
+
+-->
+<ruleset name="Discover Card.com">
+
+	<target host="discovercard.com" />
+	<target host="m.discovercard.com" />
+	<target host="mst0.m.discovercard.com" />
+	<target host="qsys.m.discovercard.com" />
+	<target host="mapi.discovercard.com" />
+	<target host="search.discovercard.com" />
+	<target host="www.discovercard.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Discover_Merchants.com.xml b/src/chrome/content/rules/Discover_Merchants.com.xml
new file mode 100644
index 000000000000..a85261c16bc0
--- /dev/null
+++ b/src/chrome/content/rules/Discover_Merchants.com.xml
@@ -0,0 +1,18 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://discovermerchants.com/ => https://discovermerchants.com/: (51, "SSL: no alternative certificate subject name matches target host name 'discovermerchants.com'")
+Fetch error: http://www.discovermerchants.com/ => https://www.discovermerchants.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.discovermerchants.com'")
+
+	For other Discover coverage, see Discover.com.xml
+
+-->
+<ruleset name="Discover Merchants.com" default_off="failed ruleset test">
+
+	<target host="discovermerchants.com" />
+	<target host="www.discovermerchants.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Discover_Meteor.com.xml b/src/chrome/content/rules/Discover_Meteor.com.xml
new file mode 100644
index 000000000000..e079efedf142
--- /dev/null
+++ b/src/chrome/content/rules/Discover_Meteor.com.xml
@@ -0,0 +1,41 @@
+<!--
+	Problematic hosts in *discovermeteor.com:
+
+		- ^ ʳ
+		- blog ᶜ
+
+	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
+	ʳ Refused
+
+
+	Insecure cookies are set for these hosts:
+
+		- blog.discovermeteor.com
+
+-->
+<ruleset name="Discover Meteor.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<!--target host="blog.discovermeteor.com" /-->
+	<target host="www.discovermeteor.com" />
+
+	<!--	Complications:
+				-->
+	<target host="discovermeteor.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^blog\.discovermeteor\.com$" name="^galaxy-sticky$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://discovermeteor\.com/"
+		to="https://www.discovermeteor.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Discover_Network.com.xml b/src/chrome/content/rules/Discover_Network.com.xml
new file mode 100644
index 000000000000..edc2186644c2
--- /dev/null
+++ b/src/chrome/content/rules/Discover_Network.com.xml
@@ -0,0 +1,23 @@
+<!--
+	For other Discover coverage, see Discover.com.xml
+
+
+	Nonfunctional subdomains:
+
+		- blog *
+
+	* Shows discovermerchants.com
+
+-->
+<ruleset name="Discover Network.com (partial)">
+
+	<target host="discovernetwork.com" />
+	<target host="cashlocator.discovernetwork.com" />
+	<target host="servicecenter.discovernetwork.com" />
+	<target host="www.discovernetwork.com" />
+		<!--exclusion pattern="^http://blog\.discovernetwork\.com/" /-->
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Discover_Signage.com.xml b/src/chrome/content/rules/Discover_Signage.com.xml
new file mode 100644
index 000000000000..bdd35dcbaf3e
--- /dev/null
+++ b/src/chrome/content/rules/Discover_Signage.com.xml
@@ -0,0 +1,18 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://discoversignage.com/ => https://discoversignage.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.discoversignage.com/ => https://www.discoversignage.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	For other Discover coverage, see Discover.com.xml
+
+-->
+<ruleset name="Discover Signage.com" default_off="failed ruleset test">
+
+	<target host="discoversignage.com" />
+	<target host="www.discoversignage.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Discovery-Communications.xml b/src/chrome/content/rules/Discovery-Communications.xml
index 6b09005e644d..916a00a5f8b7 100644
--- a/src/chrome/content/rules/Discovery-Communications.xml
+++ b/src/chrome/content/rules/Discovery-Communications.xml
@@ -1,18 +1,25 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://securestore.discovery.com/ => https://securestore.discovery.com/: (6, 'Could not resolve host: securestore.discovery.com')
+Fetch error: http://store.discovery.com/ => https://securestore.discovery.com/: (6, 'Could not resolve host: securestore.discovery.com')
+
+	Discovery Communications
+
+	Other Discovery Communications rulesets:
+
+		- DDM_CDN.com.xml
+
+
 	CDN buckets:
 
+		- amsarkadium-a.akamaihd.net/assets/dsc-discovery-main/
 		- discovery.custhelp.com
 		- dsc.discovery.com.edgesuite.net
 		- games.dsc.discovery.com.edgesuite.net
-
 		- netstorage.discovery.com.edgesuite.net
-
-			- a681.g.akamai.net
-
 		- news.discovery.com.edgesuite.net
 
-			- a1840.g.akamai.net
-
 		- dsc-static.edgesuite.net
 
 			- r.ddmcdn.com
@@ -22,46 +29,79 @@
 			- static.ddmcdn.com
 
 
-	Nonfunctional domains:
-
-		- discovery.com subdomains:
+	Nonfunctional hosts in *discovery.com:
 
-			- blogs
-			- dsc		(prints "This Discovery web site is down
+		- blogs
+		- dsc		(prints "This Discovery web site is down
 					for scheduled maintenance", akamai)
-			- games.dsc	(dropped)
-			- news *
-
-		- r.ddmcdn.com *
-		- static.ddmcdn.com *
+		- games.dsc ³
 
-	* 504, akamai
+	³ Refused
 
 
-	Problematic domains:
+	Problematic host in *discovery.com:
 
-		- netstorage.discovery.com *
-		- store.discovery.com *
+		- netstorage *
+		- news *
+		- store *
 
 	* Works, akamai
 
 
-	Fully covered domains:
+	Fully covered hosts in *discovery.com:
 
-		- discovery.com subdomains:
+		- (www.)?
+		- netstorage	(→ akamai)
+		- store		(→ securestore.discovery.com)
+		- securestore
 
-			- netstorage	(→ akamai)
+
+	Mixed content:
+
+		- css on news from static.ddmcdn.com ¹
+		- css on news from fonts.googleapis.com ²
+
+		- Images on news and www from r.ddmcdn.com ¹
+		- Images on news and www from static.ddmcdn.com ¹
+
+		- Ads/bugs, on:
+
+			- news from:
+
+				- tags.bkrtx.com ²
+				- pagead2.googlesyndication.com ²
+				- widgets.outbrain.com ²
+				- www.reddit.com ²
+				- b.scorecardresearch.com ²
+
+			- news and www, from:
+
+				- content.dl-rms.com ²
+				- icompass.insightexpressai.com ²
+				- js.revsci.com ²
+
+			- www from core.insightexpressai.com
+
+	¹ Rule not enabled by default <= mismatched
 
 -->
-<ruleset name="Discovery Communications (partial)">
+<ruleset name="Discovery.com (partial)" default_off="failed ruleset test">
 
-	<target host="*.discovery.com" />
+	<!--	Direct rewrites:
+				-->
+	<target host="discovery.com" />
+	<target host="securestore.discovery.com" />
+	<target host="www.discovery.com" />
 
+	<!--	Complications:
+				-->
+	<target host="store.discovery.com" />
 
-	<rule from="^http://netstorage\.discovery\.com/"
-		to="https://a248.e.akamai.net/f/681/7401/5m/netstorage.discovery.com/" />
 
-	<rule from="^http://(?:secure)?store\.discovery\.com/"
+	<rule from="^http://store\.discovery\.com/"
 		to="https://securestore.discovery.com/" />
 
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/Discovery.org.xml b/src/chrome/content/rules/Discovery.org.xml
index 3bad64e9d982..a11f49cd9de8 100644
--- a/src/chrome/content/rules/Discovery.org.xml
+++ b/src/chrome/content/rules/Discovery.org.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://discovery.org/ => https://discovery.org/: Too many redirects while fetching 'https://discovery.org/'
+
 	Mixed content:
 
 		- Images on (www.) from www *
@@ -6,13 +10,13 @@
 	* Secured by us
 
 -->
-<ruleset name="Discovery.org">
+<ruleset name="Discovery.org" default_off="failed ruleset test">
 
 	<target host="discovery.org" />
 	<target host="www.discovery.org" />
 
 
-	<rule from="^http://(www\.)?discovery\.org/"
-		to="https://$1discovery.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/DiscoveryPlace.xml b/src/chrome/content/rules/DiscoveryPlace.xml
index 4348a0483128..a42e33cf7140 100644
--- a/src/chrome/content/rules/DiscoveryPlace.xml
+++ b/src/chrome/content/rules/DiscoveryPlace.xml
@@ -1,9 +1,24 @@
-<ruleset name="Discovery Place" platform="mixedcontent">
+
+<!--
+	Login required:
+		email.discoveryplace.org
+
+	Invalid certificate:
+		online.discoveryplace.org
+		www.science.discoveryplace.org
+		*.discoveryplacekids.org
+
+-->
+<ruleset name="Discovery Place">
+
 	<target host="discoveryplace.org" />
 	<target host="www.discoveryplace.org" />
-	<target host="discoveryplacekids.org" />
-	<target host="www.discoveryplacekids.org" />
+	<target host="admin.discoveryplace.org" />
+		<test url="http://admin.discoveryplace.org/blog" />
+	<target host="kids.discoveryplace.org" />
+	<target host="nature.discoveryplace.org" />
+	<target host="science.discoveryplace.org" />
+
+	<rule from="^http:" to="https:" />
 
-	<rule from="^http://(?:www\.)?discoveryplace\.org/" to="https://www.discoveryplace.org/" />
-	<rule from="^http://(?:www\.)?discoveryplacekids\.org/" to="https://www.discoveryplacekids.org/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Discuss.io.xml b/src/chrome/content/rules/Discuss.io.xml
new file mode 100644
index 000000000000..c74a3f502946
--- /dev/null
+++ b/src/chrome/content/rules/Discuss.io.xml
@@ -0,0 +1,33 @@
+<!--
+	Nonfunctional hosts in *discuss.io:
+
+		- help *
+
+	* Zendesk
+
+
+	Insecure cookies are set for these hosts:
+
+		- discuss.io
+		- www.discuss.io
+
+-->
+<ruleset name="Discuss.io (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="discuss.io" />
+	<target host="www.discuss.io" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?discuss\.io$" name="^dio$" /-->
+
+	<securecookie host="^(?:www\.)?discuss\.io$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Discuto.io.xml b/src/chrome/content/rules/Discuto.io.xml
new file mode 100644
index 000000000000..9d2543e5f869
--- /dev/null
+++ b/src/chrome/content/rules/Discuto.io.xml
@@ -0,0 +1,13 @@
+<!--
+	^: dropped
+
+-->
+<ruleset name="Discuto.io">
+
+	<target host="discuto.io" />
+	<target host="www.discuto.io" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Dishonored.com.xml b/src/chrome/content/rules/Dishonored.com.xml
new file mode 100644
index 000000000000..fb704d92b39d
--- /dev/null
+++ b/src/chrome/content/rules/Dishonored.com.xml
@@ -0,0 +1,12 @@
+<!--
+	For other ZeniMax Media rules, see ZeniMax.com.xml
+
+-->
+<ruleset name="Dishonored.com">
+
+	<target host="dishonored.com" />
+	<target host="www.dishonored.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Diskordia.xml b/src/chrome/content/rules/Diskordia.xml
new file mode 100644
index 000000000000..7f6bb1196700
--- /dev/null
+++ b/src/chrome/content/rules/Diskordia.xml
@@ -0,0 +1,25 @@
+<!--
+
+	Connection refused:
+		- ^
+		- www
+
+	TLS error:
+		- calendar
+		- fnord
+		- mail
+		- rss
+		- sites
+		- start
+-->
+<ruleset name="Diskordia.org">
+
+	<target host="bitstaub.diskordia.org" />
+	<target host="pandroid.diskordia.org" />
+	<target host="oktahedron.diskordia.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Diskusjon.no.xml b/src/chrome/content/rules/Diskusjon.no.xml
new file mode 100644
index 000000000000..0cd4313020f7
--- /dev/null
+++ b/src/chrome/content/rules/Diskusjon.no.xml
@@ -0,0 +1,7 @@
+<ruleset name="Diskusjon.no">
+	<target host="diskusjon.no" />
+	<target host="www.diskusjon.no" />
+	<target host="wiki.diskusjon.no" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Diskusjon.xml b/src/chrome/content/rules/Diskusjon.xml
deleted file mode 100644
index b643d391219b..000000000000
--- a/src/chrome/content/rules/Diskusjon.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="Diskusjon" platform="mixedcontent">
-  <target host="diskusjon.no" />
-  <target host="www.diskusjon.no" />
-
-  <rule from="^http://diskusjon\.no/" to="https://diskusjon.no/"/>
-  <rule from="^http://www\.diskusjon\.no/" to="https://www.diskusjon.no/"/>
-</ruleset>
-
diff --git a/src/chrome/content/rules/Disman.tl.xml b/src/chrome/content/rules/Disman.tl.xml
new file mode 100644
index 000000000000..1043b893b163
--- /dev/null
+++ b/src/chrome/content/rules/Disman.tl.xml
@@ -0,0 +1,9 @@
+<ruleset name="disman.tl">
+
+	<target host="disman.tl" />
+	<target host="www.disman.tl" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Disney.co.jp.xml b/src/chrome/content/rules/Disney.co.jp.xml
index 05db6deaf83d..8c05b76a8b2b 100644
--- a/src/chrome/content/rules/Disney.co.jp.xml
+++ b/src/chrome/content/rules/Disney.co.jp.xml
@@ -1,24 +1,56 @@
 <!--
 	For other Disney coverage, see Disney_International.com.xml.
 
-
-	CDN buckets:
-
-		- www.disney.co.jp.edgesuite.net
-
-
-	Nonfunctional subdomains:
-
-		- ^	(refused)
-		- www	(503, akamai)
-
+	Non-functional hosts
+		Incomplete certificate chain:
+		- disney.co.jp
+
+		SSL peer certificate was not OK:
+		- common-lib.disney.co.jp
+		- dp.dsp.disney.co.jp
+		- event3.dsp.disney.co.jp
+		- event5.dsp.disney.co.jp
+		- pass.dsp.disney.co.jp
+		- maintenance.disney.co.jp
+
+		Status code mismatch:
+		- event6-dsp.disney.co.jp
+
+		4xx client error:
+		- find.disney.co.jp
+		- secure.disney.co.jp
+
+		5xx server error:
+		- staging.sslib-admin.disney.co.jp
 -->
 <ruleset name="Disney.co.jp (partial)">
-
-	<target host="secure.disney.co.jp" />
-
-
-	<rule from="^http://secure\.disney\.co\.jp/"
-		to="https://secure.disney.co.jp/" />
-
-</ruleset>
\ No newline at end of file
+	<target host="disney.co.jp" />
+	<target host="www.disney.co.jp" />
+	<target host="cpn.disney.co.jp" />
+	<target host="dcpshowroom.disney.co.jp" />
+	<target host="deluxe.disney.co.jp" />
+	<target host="disneypass.disney.co.jp" />
+	<target host="dlife.disney.co.jp" />
+	<target host="vod.dlife.disney.co.jp" />
+	<target host="dlife-catchup.disney.co.jp" />
+	<target host="dlog.disney.co.jp" />
+	<target host="cp.dsp.disney.co.jp" />
+	<target host="dvcmember.disney.co.jp" />
+	<target host="dx-cmp.disney.co.jp" />
+	<target host="id.disney.co.jp" />
+	<target host="kids.disney.co.jp" />
+	<target host="marvel.disney.co.jp" />
+	<target host="oneidnx.disney.co.jp" />
+	<target host="origin.disney.co.jp" />
+	<target host="secured.disney.co.jp" />
+	<target host="sp-magazine.disney.co.jp" />
+	<target host="ssreg.disney.co.jp" />
+	<target host="starwars.disney.co.jp" />
+	<target host="store.disney.co.jp" />
+	<target host="theater.disney.co.jp" />
+
+	<rule from="^http://disney\.co\.jp/"
+		to="https://www.disney.co.jp/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Disney_International.com.xml b/src/chrome/content/rules/Disney_International.com.xml
index 2a4a12feee21..09f44ce5fca3 100644
--- a/src/chrome/content/rules/Disney_International.com.xml
+++ b/src/chrome/content/rules/Disney_International.com.xml
@@ -12,13 +12,9 @@
 -->
 <ruleset name="Disney International.com (partial)">
 
-	<target host="*.disneyinternational.com" />
+	<target host="analytics.disneyinternational.com" />
 
 
-	<rule from="^http://analytics\.disneyinternational\.com/"
-		to="https://analytics.disneyinternational.com/" />
+	<rule from="^http:" to="https:" />
 
-	<rule from="^http://navbar\.disneyinternational\.com/"
-		to="https://a248.e.akamai.net/f/1304/621/5m/navbar.disneyinternational.com/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Disney_Privacy_Center.com.xml b/src/chrome/content/rules/Disney_Privacy_Center.com.xml
new file mode 100644
index 000000000000..a419513b4e92
--- /dev/null
+++ b/src/chrome/content/rules/Disney_Privacy_Center.com.xml
@@ -0,0 +1,25 @@
+<!--
+	For other Disney coverage, see Disney_International.com.xml.
+
+
+	www.disneyprivacycenter.com: Mismatched
+
+-->
+<ruleset name="Disney Privacy Center.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="disneyprivacycenter.com" />
+
+	<!--	Complications:
+				-->
+	<target host="www.disneyprivacycenter.com" />
+
+
+	<rule from="^http://www\.disneyprivacycenter\.com/"
+		to="https://disneyprivacycenter.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Dispenser.tf.xml b/src/chrome/content/rules/Dispenser.tf.xml
new file mode 100644
index 000000000000..04a4765fc592
--- /dev/null
+++ b/src/chrome/content/rules/Dispenser.tf.xml
@@ -0,0 +1,9 @@
+<!--
+  Note: www.dispenser.tf serves a 400 on both HTTP and HTTPS.
+-->
+<ruleset name="Dispenser.tf">
+  <target host="dispenser.tf" />
+  <target host="www.dispenser.tf" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Displaymarketplace.com.xml b/src/chrome/content/rules/Displaymarketplace.com.xml
deleted file mode 100644
index 0c6246161258..000000000000
--- a/src/chrome/content/rules/Displaymarketplace.com.xml
+++ /dev/null
@@ -1,27 +0,0 @@
-<!--
-	For other PulsePoint coverage, see PulsePoint.xml
-
-
-	CDN buckets:
-
-		- aperture.displaymarketplace.com.edgesuite.net
-		- edge.aperture.displaymarketplace.com.edgesuite.net
-
-
-	Problematic domains:
-
-		- aperture.displaymarketplace.com	(akamai)
-		- edge.aperture.displaymarketplace.com *
-
-	* Akamai
-
--->
-<ruleset name="displaymarketplace.com (partial)">
-
-	<target host="*.displaymarketplace.com" />
-
-
-	<rule from="^http://(?:edge\.|secure\.)?aperture\.displaymarketplace\.com/"
-		to="https://secure.aperture.displaymarketplace.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Disqus.com.xml b/src/chrome/content/rules/Disqus.com.xml
deleted file mode 100644
index a74988a7984b..000000000000
--- a/src/chrome/content/rules/Disqus.com.xml
+++ /dev/null
@@ -1,77 +0,0 @@
-<!--
-	Commenting system used by several large sites.
-
-
-	CDN buckets:
-
-		- disqus-cloudfront.s3.amazonaws.com
-
-		- d8v2sqslxfuhj.cloudfront.net
-
-			- content.disqus.com
-
-		- securemedia.disqusinc.netdna-cdn.com
-
-			- securecdn.disqus.com
-
-
-	Nonfunctional domains:
-
-		disqus.com subdomains:
-
-			- blog		(tumblr)
-			- docs		(403, mismatched, CN: *.services.disqus.com)
-			- help		(redirects to http, CN: *.desk.com)
-			- import
-			- status
-
-		- unload.disqus.net
-
-
-	Problematic subdomains:
-
-		- content	(cloudfront)
-
-
-	Fully covered subdomains:
-
-		- go
-		- juggler.services
-		- realtime.services
-
--->
-<ruleset name="Disqus (unreliable)" default_off="https://eff.org/r.5abU">
-
-	<target host="disqus.com" />
-	<target host="*.disqus.com" />
-		<!--
-			https://trac.torproject.org/projects/tor/ticket/5496
-
-			https://mail1.eff.org/pipermail/https-everywhere-rules/2012-May/001176.html
-
-		<exclusion pattern="^http://disqus\.com/next/lounge/client\.html" />
-		<exclusion pattern="^http://\w+\.disqus\.com/\d+/build/system/embed\.js"/>
-
-			See comments at top.
-							-->
-		<exclusion pattern="^http://(?:blog|docs|help|import|status)\.disqus\.com/" />
-
-
-	<securecookie host="^securecdn\.disqus\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?disqus\.com/"
-		to="https://$1disqus.com/" />
-
-	<rule from="^https?://content\.disqus\.com/"
-		to="https://d8v2sqslxfuhj.cloudfront.net/" />
-
-	<!--	mediacdn: Akamai
-					-->
-	<rule from="^https?://(?:media|secure)(?:cdn)?\.disqus\.com/"
-		to="https://securecdn.disqus.com/" />
-
-	<rule from="^http://([\w\.]+)\.disqus\.com/"
-		to="https://$1.disqus.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Disqus.xml b/src/chrome/content/rules/Disqus.xml
new file mode 100644
index 000000000000..e436d1506e30
--- /dev/null
+++ b/src/chrome/content/rules/Disqus.xml
@@ -0,0 +1,43 @@
+<!--
+	Commenting system used by several large sites.
+
+-->
+<ruleset name="Disqus">
+
+	<target host="disqus.com" />
+	<!-- Each customer has its own subdomain. STS header includes subdomains -->
+	<target host="*.disqus.com" />
+		<test url="http://www.disqus.com/" />
+		<test url="http://alternativeto-blog.disqus.com/" />
+		<test url="http://blog.disqus.com/" />
+		<test url="http://chenyufei.disqus.com/" />
+		<test url="http://community.disqus.com/" />
+		<test url="http://go.disqus.com/" />
+		<test url="http://help.disqus.com/" />
+		<test url="http://jbosstools.disqus.com/" />
+		<test url="http://nytchinese.disqus.com/" />
+		<test url="http://redirect.disqus.com/" />
+		<test url="http://refferer.disqus.com/" />
+		<test url="http://secure.disqus.com/" />
+		<test url="http://realtime.services.disqus.com/" />
+		<test url="http://juggler.services.disqus.com/" />
+		<test url="http://extract.services.disqus.com/" />
+		<test url="http://sentry.services.disqus.com/" />
+
+	<target host="a.disquscdn.com" />
+		<test url="http://a.disquscdn.com/next/embed/styles/lounge.b6e30194f7733461731644bd3f145d25.css" />
+	<target host="c.disquscdn.com" />
+		<test url="http://c.disquscdn.com/next/embed/styles/lounge.b6e30194f7733461731644bd3f145d25.css" />
+	<target host="imagerator.disquscdn.com" />
+	<target host="media.disquscdn.com" />
+		<test url="http://media.disquscdn.com/channel-docs/Mod_Playbook.pdf" />
+	<target host="uploads.disquscdn.com" />
+		<test url="http://uploads.disquscdn.com/images/b142d2c778d1939e4c0555edece4ee74eb3f18b8b9a63648623f9fa5bdf9f2fa.jpg" />
+
+	<target host="disq.us" />
+
+	<securecookie host="^disqus\.com$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Disruption_Lab.org.xml b/src/chrome/content/rules/Disruption_Lab.org.xml
new file mode 100644
index 000000000000..71a1cf57b7aa
--- /dev/null
+++ b/src/chrome/content/rules/Disruption_Lab.org.xml
@@ -0,0 +1,32 @@
+<!--
+	Insecure cookies are set for these domains and hosts:
+
+		- .disruptionlab.org
+		- www.disruptionlab.org
+
+
+	Mixed content:
+
+		- Images from static1.squarespace.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Disruption Lab.org" default_off="mismatched">
+
+	<target host="disruptionlab.org" />
+	<target host="www.disruptionlab.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.disruptionlab\.org$" name="^SS_MID$" /-->
+	<!--securecookie host="^www\.disruptionlab\.org$" name="^(?:JSESSIONID|crumb)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Distil.xml b/src/chrome/content/rules/Distil.xml
deleted file mode 100644
index 2deebfe22b64..000000000000
--- a/src/chrome/content/rules/Distil.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	Problematic domains:
-
-		- (www.)distilnetworks.com	(redirects to http, mismatched)
-		- support.distilnetworks.com	(redirects to http, desk.com)
-
--->
-<ruleset name="Distil (partial)">
-
-	<target host="distil.it" />
-	<target host="*.distil.it" />
-
-
-	<securecookie host="^portal\.distil\.it$" name=".+" />
-
-
-	<rule from="^http://(portal\.|www\.)?distil\.it/"
-		to="https://$1distil.it/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Distil_Networks.com.xml b/src/chrome/content/rules/Distil_Networks.com.xml
new file mode 100644
index 000000000000..a8d9b7ce7455
--- /dev/null
+++ b/src/chrome/content/rules/Distil_Networks.com.xml
@@ -0,0 +1,24 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://support.distilnetworks.com/ => https://support.distilnetworks.com/: (7, 'Failed to connect to support.distilnetworks.com port 443: Network is unreachable')
+
+	Other Distil Networks rulesets:
+
+
+
+	(www.)?distilnetworks.com: Redirects to http
+
+-->
+<ruleset name="Distil Networks.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="cdn.distilnetworks.com" />
+	<target host="support.distilnetworks.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Distraction.xml b/src/chrome/content/rules/Distraction.xml
deleted file mode 100644
index 98d71f94fd93..000000000000
--- a/src/chrome/content/rules/Distraction.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	For other U.S. government coverage, see US-government.xml.
-
-
-	!www: reset
--->
-<ruleset name="Distraction.gov">
-
-	<target host="distraction.gov" />
-	<target host="www.distraction.gov" />
-
-
-	<rule from="^https?://(?:www\.)?distraction\.gov/"
-		to="https://www.distraction.gov/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Distributed.net.xml b/src/chrome/content/rules/Distributed.net.xml
new file mode 100644
index 000000000000..52ecf1291eec
--- /dev/null
+++ b/src/chrome/content/rules/Distributed.net.xml
@@ -0,0 +1,22 @@
+<!--
+	Nonfunctional subdomains:
+
+	- cvs
+	- ftp
+	- www1
+	- lists
+	- n0cgi
+-->
+
+<ruleset name="distributed.net">
+	<target host="distributed.net" />
+	<target host="www.distributed.net" />
+	<target host="blogs.distributed.net" />
+	<target host="bugs.distributed.net" />
+	<target host="cgi.distributed.net" />
+	<target host="faq.distributed.net" />
+	<target host="stats.distributed.net" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/District_Sentinel.com.xml b/src/chrome/content/rules/District_Sentinel.com.xml
new file mode 100644
index 000000000000..cc8d3029da82
--- /dev/null
+++ b/src/chrome/content/rules/District_Sentinel.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Fully covered hosts in *districtsentinel.com:
+
+		- (www.)?
+
+
+	Mixed content:
+
+		- Images from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="District Sentinel.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="districtsentinel.com" />
+	<target host="www.districtsentinel.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Distrowatch.xml b/src/chrome/content/rules/Distrowatch.xml
new file mode 100644
index 000000000000..45642771ba34
--- /dev/null
+++ b/src/chrome/content/rules/Distrowatch.xml
@@ -0,0 +1,12 @@
+<ruleset name="DistroWatch">
+
+	<target host="distrowatch.com" />
+	<target host="www.distrowatch.com" />
+	<target host="distrowatch.org" />
+	<target host="www.distrowatch.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Dittdistrikt.xml b/src/chrome/content/rules/Dittdistrikt.xml
index a25d5f967956..852aca9e970d 100644
--- a/src/chrome/content/rules/Dittdistrikt.xml
+++ b/src/chrome/content/rules/Dittdistrikt.xml
@@ -1,4 +1,14 @@
-<ruleset name="Ditt Distrikt">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://dittdistrikt.no/ => https://www.dittdistrikt.no/: Too many redirects while fetching 'https://www.dittdistrikt.no/'
+Fetch error: http://www.dittdistrikt.no/ => https://www.dittdistrikt.no/: Too many redirects while fetching 'https://www.dittdistrikt.no/'
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://dittdistrikt.no/ => https://www.dittdistrikt.no/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.dittdistrikt.no/ => https://www.dittdistrikt.no/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+-->
+<ruleset name="Ditt Distrikt" default_off="failed ruleset test">
   <target host="dittdistrikt.no" />
   <target host="www.dittdistrikt.no" />
 
diff --git a/src/chrome/content/rules/DivItUp.com.xml b/src/chrome/content/rules/DivItUp.com.xml
new file mode 100644
index 000000000000..6bf4762ae020
--- /dev/null
+++ b/src/chrome/content/rules/DivItUp.com.xml
@@ -0,0 +1,16 @@
+<ruleset name="DivItUp.com">
+
+	<target host="divitup.com" />
+	<target host="www.divitup.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.divitup\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^www\.divitup\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DivXpress.com.xml b/src/chrome/content/rules/DivXpress.com.xml
new file mode 100644
index 000000000000..db2bb339ae1d
--- /dev/null
+++ b/src/chrome/content/rules/DivXpress.com.xml
@@ -0,0 +1,31 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .divxpress.com
+
+
+	Mixed content:
+
+		- css from $self
+		- Images from $self
+
+-->
+<ruleset name="DivXpress.com" default_off="expired, self-signed" platform="mixedcontent">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="divxpress.com" />
+	<target host="www.divxpress.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.divxpress\.com$" name="^lang$" /-->
+
+	<securecookie host="^\.divxpress\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Diverse.direct.xml b/src/chrome/content/rules/Diverse.direct.xml
new file mode 100644
index 000000000000..21f4454d6c1f
--- /dev/null
+++ b/src/chrome/content/rules/Diverse.direct.xml
@@ -0,0 +1,4 @@
+<ruleset name="Diverse Direct">
+	<target host="diverse.direct" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Divessi.com.xml b/src/chrome/content/rules/Divessi.com.xml
new file mode 100644
index 000000000000..01689885b082
--- /dev/null
+++ b/src/chrome/content/rules/Divessi.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Divessi.com">
+  <target host="divessi.com" />
+  <target host="www.divessi.com" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Divide.xml b/src/chrome/content/rules/Divide.xml
index d0ca5dfec421..346ca626ba5d 100644
--- a/src/chrome/content/rules/Divide.xml
+++ b/src/chrome/content/rules/Divide.xml
@@ -21,7 +21,11 @@
 -->
 <ruleset name="Divide (partial)">
 
-	<target host="*.divide.com" />
+	<target host="api.divide.com" />
+	<target host="get.divide.com" />
+	<target host="my.divide.com" />
+	<target host="blog.divide.com" />
+	<target host="support.divide.com" />
 
 
 	<rule from="^http://(api|get|my)\.divide\.com/"
@@ -33,4 +37,4 @@
 	<rule from="^http://support\.divide\.com/(generated|system)/"
 		to="https://assets.zendesk.com/$1/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Divipay.com.xml b/src/chrome/content/rules/Divipay.com.xml
new file mode 100644
index 000000000000..3ee2665afb87
--- /dev/null
+++ b/src/chrome/content/rules/Divipay.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Non-functional subdomains:
+		- vip	(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Divipay">
+
+	<target host="divipay.com" />
+	<target host="www.divipay.com" />
+	<target host="api.divipay.com" />
+	<target host="dev.app-api.divipay.com" />
+	<target host="secure.divipay.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Divshot.xml b/src/chrome/content/rules/Divshot.xml
index b6206941a3ce..6498e4ecfb65 100644
--- a/src/chrome/content/rules/Divshot.xml
+++ b/src/chrome/content/rules/Divshot.xml
@@ -9,16 +9,14 @@
 <ruleset name="Divshot">
 
 	<target host="divshot.com" />
-	<target host="*.divshot.com" />
+	<target host="app.divshot.com" />
+	<target host="www.divshot.com" />
+	<target host="a1.divshot.com" />
 
 
 	<securecookie host="^\.divshot\.com$" name=".+" />
 
 
-	<rule from="^http://(app\.|www\.)?divshot\.com/"
-		to="https://$1divshot.com/" />
+	<rule from="^http:" to="https:" />
 
-	<rule from="^https?://a1\.divshot\.com/"
-		to="https://djyhxgczejc94.cloudfront.net/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Diwi.org.xml b/src/chrome/content/rules/Diwi.org.xml
index 42d12d2cb319..ce56dac600da 100644
--- a/src/chrome/content/rules/Diwi.org.xml
+++ b/src/chrome/content/rules/Diwi.org.xml
@@ -19,13 +19,16 @@
 -->
 <ruleset name="diwi.org (partial)" default_off="self-signed">
 
-	<target host="*.diwi.org" />
+	<target host="adn.diwi.org" />
+	<target host="fox.diwi.org" />
+	<target host="schmeuf.diwi.org" />
+	<target host="titus.diwi.org" />
+	<target host="zorglub.diwi.org" />
 
 
 	<securecookie host="^titus\.diwi\.org$" name=".+" />
 
 
-	<rule from="^http://(adn|fox|schmeuf|titus|zorglub)\.diwi\.org/"
-		to="https://$1.diwi.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Dixcart.xml b/src/chrome/content/rules/Dixcart.xml
index 1f0107859e57..df5034289ef5 100644
--- a/src/chrome/content/rules/Dixcart.xml
+++ b/src/chrome/content/rules/Dixcart.xml
@@ -1,17 +1,21 @@
 <!--
-	!www: 404
+	Nonfunctional hosts in *dixcart.com:
+
+		- development ʳ
+		- stats ʳ
+
+	ʳ Refused
 
 -->
-<ruleset name="Dixcart">
+<ruleset name="Dixcart.com (partial)">
 
 	<target host="dixcart.com" />
 	<target host="www.dixcart.com" />
 
-
-	<securecookie host="^(?:www\.)?dixcart\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?dixcart\.com/"
-		to="https://www.dixcart.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Dixy.ru.xml b/src/chrome/content/rules/Dixy.ru.xml
new file mode 100644
index 000000000000..cbb2de6acaad
--- /dev/null
+++ b/src/chrome/content/rules/Dixy.ru.xml
@@ -0,0 +1,6 @@
+<ruleset name="Dixy.ru">
+	<target host="dixy.ru" />
+	<target host="www.dixy.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Diygadget.com.xml b/src/chrome/content/rules/Diygadget.com.xml
new file mode 100644
index 000000000000..2d06255f751c
--- /dev/null
+++ b/src/chrome/content/rules/Diygadget.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="diygadget.com">
+
+	<target host="diygadget.com" />
+	<target host="www.diygadget.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Dizaineriai.lt.xml b/src/chrome/content/rules/Dizaineriai.lt.xml
new file mode 100644
index 000000000000..d45f4848234b
--- /dev/null
+++ b/src/chrome/content/rules/Dizaineriai.lt.xml
@@ -0,0 +1,7 @@
+<ruleset name="Dizaineriai.lt">
+	<target host="dizaineriai.lt" />
+	<target host="www.dizaineriai.lt" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Dizzcloud.com.xml b/src/chrome/content/rules/Dizzcloud.com.xml
index 5a300eb4d85a..661d100fd7a1 100644
--- a/src/chrome/content/rules/Dizzcloud.com.xml
+++ b/src/chrome/content/rules/Dizzcloud.com.xml
@@ -4,16 +4,25 @@
 		- st	(mismatched, CN: dizzcloud.com)
 
 -->
-<ruleset name="Dizzcloud.com">
+<ruleset name="Dizzcloud.com" default_off="522">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="dizzcloud.com" />
-	<target host="*.dizzcloud.com" />
+	<target host="www.dizzcloud.com" />
+
+	<!--	Complications:
+				-->
+	<target host="st.dizzcloud.com" />
 
 
 	<securecookie host="^\.?dizzcloud\.com$" name=".+" />
 
 
-	<rule from="^http://(?:st\.|(www\.))?dizzcloud\.com/"
-		to="https://$1dizzcloud.com/" />
+	<rule from="^http://st\.dizzcloud\.com/"
+		to="https://dizzcloud.com/" />
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Django.xml b/src/chrome/content/rules/Django.xml
deleted file mode 100644
index dac3c20fe2eb..000000000000
--- a/src/chrome/content/rules/Django.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Django">
-
-	<target host="djangoproject.com" />
-	<target host="*.djangoproject.com" />
-
-
-	<securecookie host="^code\.djangoproject\.com$" name=".*" />
-
-
-	<rule from="^http://((?:code|docs|www)\.)?djangoproject\.com/"
-		to="https://$1djangoproject.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/DjangoEurope.com-problematic.xml b/src/chrome/content/rules/DjangoEurope.com-problematic.xml
new file mode 100644
index 000000000000..934cb05c0676
--- /dev/null
+++ b/src/chrome/content/rules/DjangoEurope.com-problematic.xml
@@ -0,0 +1,17 @@
+<!--
+	For rules that are on by default, see DjangoEurope.com.xml.
+
+
+	(www.): works; mismatched, CN: *.wservices.ch
+
+-->
+<ruleset name="DjangoEurope.com (mismatched)" default_off="mismatched">
+
+	<target host="djangoeurope.com" />
+	<target host="www.djangoeurope.com" />
+
+
+	<rule from="^http://(?:www\.)?djangoeurope\.com/"
+		to="https://djangoeurope.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DjangoEurope.com.xml b/src/chrome/content/rules/DjangoEurope.com.xml
new file mode 100644
index 000000000000..75f6703e6d79
--- /dev/null
+++ b/src/chrome/content/rules/DjangoEurope.com.xml
@@ -0,0 +1,15 @@
+<!--
+	For problematic rules, see DjangoEurope.com-problematic.xml.
+
+
+	(www.): works; mismatched, CN: *.wservices.ch
+
+-->
+<ruleset name="DjangoEurope.com (partial)">
+
+	<target host="panel.djangoeurope.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Django_Girls.org.xml b/src/chrome/content/rules/Django_Girls.org.xml
new file mode 100644
index 000000000000..c402bd6f60fb
--- /dev/null
+++ b/src/chrome/content/rules/Django_Girls.org.xml
@@ -0,0 +1,42 @@
+<!--
+	Nonfunctional hosts in *djangogirls.org:
+
+		- blog *
+
+	* Tumbkr
+
+
+	Problematic hosts in *djangogirls.org:
+
+		- tutorial *
+
+	* Mismatched
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .djangogirls.org
+		- tutorial.djangogirls.org
+
+-->
+<ruleset name="Django Girls.org (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="djangogirls.org" />
+	<!--target host="tutorial.djangogirls.org" /-->
+	<target host="www.djangogirls.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.djangogirls\.org$" name="^(?:__cfduid|cf_clearance)$" /-->
+	<!--securecookie host="^tutorial\.djangogirls\.org$" name="^gitbook:sess(?:\.sig)?$" /-->
+
+	<securecookie host="^\.djangogirls\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DjurRattsAlliansen.se.xml b/src/chrome/content/rules/DjurRattsAlliansen.se.xml
index ed9044884a04..5acd46223783 100644
--- a/src/chrome/content/rules/DjurRattsAlliansen.se.xml
+++ b/src/chrome/content/rules/DjurRattsAlliansen.se.xml
@@ -1,4 +1,14 @@
-<ruleset name="DjurRattsAlliansen.se" platform="mixedcontent">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.djurrattsalliansen.se/ => https://djurrattsalliansen.se/: (7, 'Failed to connect to djurrattsalliansen.se port 443: No route to host')
+Fetch error: http://djurrattsalliansen.se/ => https://djurrattsalliansen.se/: (7, 'Failed to connect to djurrattsalliansen.se port 443: No route to host')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.djurrattsalliansen.se/ => https://djurrattsalliansen.se/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://djurrattsalliansen.se/ => https://djurrattsalliansen.se/: (60, 'SSL certificate problem: certificate has expired')
+-->
+<ruleset name="DjurRattsAlliansen.se" platform="mixedcontent" default_off="failed ruleset test">
   <target host="www.djurrattsalliansen.se" />
   <target host="djurrattsalliansen.se" />
   <rule from="^http://www\.djurrattsalliansen\.se/" to="https://djurrattsalliansen.se/"/>
diff --git a/src/chrome/content/rules/Dlisted.com.xml b/src/chrome/content/rules/Dlisted.com.xml
new file mode 100644
index 000000000000..38f12d94b739
--- /dev/null
+++ b/src/chrome/content/rules/Dlisted.com.xml
@@ -0,0 +1,39 @@
+<!--
+	(www.): mismatched, CN: raspberry.pressflex.net; self-signed
+	i: 404; mismatched, CN: gp1.wac.edgecastcdn.net
+
+
+	Mixed content:
+
+		- css from i ¹
+		- css from fonts.googleapis.com ¹
+
+		- Images from i ¹
+
+		- favicon from i ¹
+
+		- Bugs, from:
+
+			- s7.addthis.com ¹
+			- z.blogads.com
+			- resources.infolinks.com ¹
+			- assets.onswipe.com ²
+			- www.readrboard.com ¹
+			- cdn.taboolasyndication.com ¹
+			- scripts.webspectator.com ¹
+
+	¹ Secured by us
+	² Not secured by us <= mismatched
+
+-->
+<ruleset name="Dlisted.com" default_off="mismatched, self-signed">
+
+	<target host="dlisted.com" />
+	<target host="i.dlisted.com" />
+	<target host="www.dlisted.com" />
+
+
+	<rule from="^http://(?:i\.|www\.)?dlisted\.com/"
+		to="https://dlisted.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Dlnws.com.xml b/src/chrome/content/rules/Dlnws.com.xml
new file mode 100644
index 000000000000..8dde71486b9e
--- /dev/null
+++ b/src/chrome/content/rules/Dlnws.com.xml
@@ -0,0 +1,18 @@
+<!--
+    For other dealnews.com coverage, see Dealnews.com.xml.
+
+    DealNews uses Fastly as their CDN and uses their domain
+    and cert for HTTPS traffic.
+
+-->
+<ruleset name="dlnws.com">
+    <target host="*.dlnws.com" />
+
+    <test url="http://s1.dlnws.com/images/spacer.gif" />
+    <test url="http://s2.dlnws.com/images/spacer.gif" />
+    <test url="http://s53.dlnws.com/images/spacer.gif" />
+
+    <rule from="^http://s(\d+)\.dlnws\.com/"
+        to="https://dealnews.a.ssl.fastly.net/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Dmesg.gr.xml b/src/chrome/content/rules/Dmesg.gr.xml
new file mode 100644
index 000000000000..d364bec95bed
--- /dev/null
+++ b/src/chrome/content/rules/Dmesg.gr.xml
@@ -0,0 +1,9 @@
+<ruleset name="dmesg.gr">
+
+	<target host="dmesg.gr" />
+	<target host="www.dmesg.gr" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Dmfs.org.xml b/src/chrome/content/rules/Dmfs.org.xml
new file mode 100644
index 000000000000..ccefa270660a
--- /dev/null
+++ b/src/chrome/content/rules/Dmfs.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="dmfs.org">
+	<target host="dmfs.org" />
+	<target host="www.dmfs.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Dmg_media.xml b/src/chrome/content/rules/Dmg_media.xml
index 5165877ccb44..4b4fb37fe140 100644
--- a/src/chrome/content/rules/Dmg_media.xml
+++ b/src/chrome/content/rules/Dmg_media.xml
@@ -17,7 +17,7 @@
 -->
 <ruleset name="dmg media (partial)">
 
-	<target host="*.and.co.uk" />
+	<target host="wa.and.co.uk" />
 
 
 	<!--	Omniture cookie:
@@ -28,4 +28,4 @@
 	<rule from="^http://wa\.and\.co\.uk/"
 		to="https://and-co-uk.122.2o7.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Dmjx.dk.xml b/src/chrome/content/rules/Dmjx.dk.xml
new file mode 100644
index 000000000000..4ea6a051972f
--- /dev/null
+++ b/src/chrome/content/rules/Dmjx.dk.xml
@@ -0,0 +1,19 @@
+<ruleset name="Dmjx.dk">
+
+	<target host="dmjx.dk" />
+	<target host="www.dmjx.dk" />
+
+	<target host="cdncss.dmjx.dk" />
+	<target host="cdnpng.dmjx.dk" />
+	<target host="cdnjpg.dmjx.dk" />
+	<target host="cdnjs.dmjx.dk" />
+
+	<securecookie host="\.?(www\.)?dmjx\.dk" name=".+" />
+
+	<rule from="^http://(www\.)?dmjx\.dk/"
+		to="https://www.dmjx.dk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Dmm.co.jp.xml b/src/chrome/content/rules/Dmm.co.jp.xml
new file mode 100644
index 000000000000..943be360429c
--- /dev/null
+++ b/src/chrome/content/rules/Dmm.co.jp.xml
@@ -0,0 +1,13 @@
+<ruleset name="Dmm.co.jp">
+	<target host="dmm.co.jp" />
+	<target host="www.dmm.co.jp" />
+	<target host="avatar-contents.dmm.co.jp" />
+	<target host="display.dmm.co.jp" />
+	<target host="games.dmm.co.jp" />
+	<target host="pics.dmm.co.jp" />
+	<target host="p.dmm.co.jp" />
+
+	<rule from="^http://dmm\.co\.jp/"
+		to="https://www.dmm.co.jp/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Dmm.com.xml b/src/chrome/content/rules/Dmm.com.xml
new file mode 100644
index 000000000000..b3005e5e3bc8
--- /dev/null
+++ b/src/chrome/content/rules/Dmm.com.xml
@@ -0,0 +1,15 @@
+<ruleset name="Dmm.com">
+	<target host="dmm.com" />
+	<target host="www.dmm.com" />
+	<target host="avatar-contents.dmm.com" />
+	<target host="img-freegames.dmm.com" />
+	<target host="p.dmm.com" />
+	<target host="pics.dmm.com" />
+	<target host="rcv.ixd.dmm.com" />
+	<target host="stat.i3.dmm.com" />
+	<target host="trac.i3.dmm.com" />
+
+	<rule from="^http://dmm\.com/"
+		to="https://www.dmm.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Dmoz.org.xml b/src/chrome/content/rules/Dmoz.org.xml
new file mode 100644
index 000000000000..18582bcd6dde
--- /dev/null
+++ b/src/chrome/content/rules/Dmoz.org.xml
@@ -0,0 +1,13 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://dmoz.org/ => https://www.dmoz.org/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.dmoz.org/ => https://www.dmoz.org/: (28, 'Connection timed out after 20000 milliseconds')
+
+-->
+<ruleset name="Dmoz.org" default_off="failed ruleset test">
+  <target host="dmoz.org" />
+  <target host="www.dmoz.org" />
+
+  <rule from="^http://(?:www\.)?dmoz\.org/" to="https://www.dmoz.org/" />
+</ruleset>
diff --git a/src/chrome/content/rules/Dmri-library.com.xml b/src/chrome/content/rules/Dmri-library.com.xml
index 0a0ba48091f5..084668570acc 100644
--- a/src/chrome/content/rules/Dmri-library.com.xml
+++ b/src/chrome/content/rules/Dmri-library.com.xml
@@ -14,4 +14,4 @@
 	<rule from="^http://c\d\.dmri-library\.com/"
 		to="https://dmri.cachefly.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Dmtmag.com.xml b/src/chrome/content/rules/Dmtmag.com.xml
new file mode 100644
index 000000000000..3887ef6e2c54
--- /dev/null
+++ b/src/chrome/content/rules/Dmtmag.com.xml
@@ -0,0 +1,11 @@
+<ruleset name="dmtmag.com" default_off="mismatched">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="cdn.dmtmag.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Dmtry.com.xml b/src/chrome/content/rules/Dmtry.com.xml
new file mode 100644
index 000000000000..c7a55de7999f
--- /dev/null
+++ b/src/chrome/content/rules/Dmtry.com.xml
@@ -0,0 +1,28 @@
+<!--
+	For other Adometry coverage, see Adometry.xml.
+
+
+	Insecure cookies are set for these domains: ᶜ
+
+		- .dmtry.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="dmtry.com">
+
+	<target host="js.dmtry.com" />
+	<target host="log.dmtry.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.dmtry\.com$" name="^aid$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DnBNor.xml b/src/chrome/content/rules/DnBNor.xml
deleted file mode 100644
index debcb13b7905..000000000000
--- a/src/chrome/content/rules/DnBNor.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="DnB Nor">
-  <target host="www.dbnnor.no" />
-  <target host="dbnnor.no" />
-
-	<rule from="^http://(?:www\.)?dnbnor\.no/" to="https://www.dnbnor.no/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/Dns-ip.net.xml b/src/chrome/content/rules/Dns-ip.net.xml
new file mode 100644
index 000000000000..4206b6c16dd5
--- /dev/null
+++ b/src/chrome/content/rules/Dns-ip.net.xml
@@ -0,0 +1,30 @@
+<!--
+	Fully covered hosts:
+
+		- (www.)?
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.dns-ip.net
+
+-->
+<ruleset name="dns-ip.net">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="dns-ip.net" />
+	<target host="www.dns-ip.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.dns-ip\.net$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^www\.dns-ip\.net$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Dnsdumpster.com.xml b/src/chrome/content/rules/Dnsdumpster.com.xml
new file mode 100644
index 000000000000..bd68f4cf25ee
--- /dev/null
+++ b/src/chrome/content/rules/Dnsdumpster.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="Dnsdumpster.com">
+	<target host="dnsdumpster.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Dnsexit.xml b/src/chrome/content/rules/Dnsexit.xml
index b9ef929697b1..4b56b4ca87c6 100644
--- a/src/chrome/content/rules/Dnsexit.xml
+++ b/src/chrome/content/rules/Dnsexit.xml
@@ -1,8 +1,8 @@
 <ruleset name="Dnsexit">
 	<target host="www.dnsexit.com" />
 	<target host="dnsexit.com" />
-	
-	<securecookie host="^(.*\.)?dnsexit\.com$" name=".*" />
-	
-	<rule from="^http://(?:www\.)?dnsexit\.com/" to="https://www.dnsexit.com/"/>
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Dntly.com.xml b/src/chrome/content/rules/Dntly.com.xml
new file mode 100644
index 000000000000..fa5bbe6dbdeb
--- /dev/null
+++ b/src/chrome/content/rules/Dntly.com.xml
@@ -0,0 +1,32 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://dntly.com/ => https://dntly.com/: (28, 'Connection timed out after 20000 milliseconds')
+
+	CDN buckets:
+
+		- donatelyproduction.s3.amazonaws.com
+
+
+	Mixed content:
+
+		- Images on mygenerositywater from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Dntly.com" default_off="failed ruleset test">
+
+	<target host="dntly.com" />
+	<target host="mygenerositywater.dntly.com" />
+	<target host="www.dntly.com" />
+
+
+	<!--	Server doesn't set Secure for:
+						-->
+	<securecookie host="^\.dntly\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Do-it.org.xml b/src/chrome/content/rules/Do-it.org.xml
new file mode 100644
index 000000000000..da71467d8a26
--- /dev/null
+++ b/src/chrome/content/rules/Do-it.org.xml
@@ -0,0 +1,26 @@
+<!--
+	www.do-it.org: Mismatched
+
+-->
+<ruleset name="Do-it.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="do-it.org" />
+
+	<!--	Complications:
+				-->
+	<target host="www.do-it.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+	<securecookie host="^\." name="^_gat?$" />
+
+
+	<rule from="^http://www\.do-it\.org/"
+		to="https://do-it.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DoNotCallRegister.xml b/src/chrome/content/rules/DoNotCallRegister.xml
new file mode 100644
index 000000000000..74e3cda68571
--- /dev/null
+++ b/src/chrome/content/rules/DoNotCallRegister.xml
@@ -0,0 +1,7 @@
+<ruleset name="Do Not Call Register">
+	<target host="donotcall.gov.au" />
+	<target host="www.donotcall.gov.au" />
+
+	<rule from="^http://(?:www\.)?donotcall\.gov\.au/"
+		to="https://www.donotcall.gov.au/" />
+</ruleset>
diff --git a/src/chrome/content/rules/Doarama.com.xml b/src/chrome/content/rules/Doarama.com.xml
new file mode 100644
index 000000000000..745c092779f5
--- /dev/null
+++ b/src/chrome/content/rules/Doarama.com.xml
@@ -0,0 +1,27 @@
+<!--
+	Time out:
+		www.doarama.com
+
+	No working URL known:
+		media.doarama.com
+		tracks.doarama.com
+		v2.doarama.com
+
+-->
+<ruleset name="Doarama.com">
+
+	<target host="doarama.com" />
+	<target host="www.doarama.com" />
+	<target host="api.doarama.com" />
+	<target host="blog.doarama.com" />
+	<target host="cesium.doarama.com" />
+		<test url="http://cesium.doarama.com/d8ff5d7-51BB56/cesiumBundle.js" />
+	<target host="embed.doarama.com" />
+
+	<rule from="^http://www\.doarama\.com/"
+		to="https://doarama.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Dobrochan.xml b/src/chrome/content/rules/Dobrochan.xml
index 6b10e216cf29..5e3134818f28 100644
--- a/src/chrome/content/rules/Dobrochan.xml
+++ b/src/chrome/content/rules/Dobrochan.xml
@@ -1,18 +1,25 @@
-<ruleset name="Dobrochan" platform="cacert">
-
+<!--
+	Non-functional hosts
+		SSL connect error:
+		- dobrochan.com
+		- www.dobrochan.com
+		- dobrochan.org
+		- www.dobrochan.org
+		- dobrochan.ru
+		- www.dobrochan.ru
+-->
+<ruleset name="Dobrochan" default_off="ssl-error">
+	<!-- dobrochan.com -->
 	<target host="dobrochan.com" />
 	<target host="www.dobrochan.com" />
+
+	<!-- *dobrochan.org -->
 	<target host="dobrochan.org" />
 	<target host="www.dobrochan.org" />
+
+	<!-- *dobrochan.ru -->
 	<target host="dobrochan.ru" />
 	<target host="www.dobrochan.ru" />
 
-
-	<securecookie host="^dobrochan\.ru$" name=".*" />
-
-
-	<!--	Cert only matches //dobrochan.ru.	-->
-	<rule from="^https?://(?:www\.)?dobrochan\.(?:com|org|ru)/"
-		to="https://dobrochan.ru/" />
-
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Docelu.pl-problematic.xml b/src/chrome/content/rules/Docelu.pl-problematic.xml
index bdf5952d1273..8400fd756da2 100644
--- a/src/chrome/content/rules/Docelu.pl-problematic.xml
+++ b/src/chrome/content/rules/Docelu.pl-problematic.xml
@@ -7,13 +7,14 @@
 -->
 <ruleset name="docelu.pl (problematic)" default_off="mismatched" platform="mixedcontent">
 
-	<target host="*.docelu.pl" />
+	<target host="imprezy.docelu.pl" />
+	<target host="rozklady.docelu.pl" />
+	<target host="zdjecia.docelu.pl" />
 
 
 	<securecookie host="^(?:imprezy|rozklady|zdjecia)?\.docelu\.pl$" name=".+" />
 
 
-	<rule from="^http://(imprezy|rozklady|zdjecia)\.docelu\.pl/"
-		to="https://$1.docelu.pl/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Docelu.pl.xml b/src/chrome/content/rules/Docelu.pl.xml
index 999c2c00eb43..1de9630069cd 100644
--- a/src/chrome/content/rules/Docelu.pl.xml
+++ b/src/chrome/content/rules/Docelu.pl.xml
@@ -1,4 +1,14 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://docelu.pl/ => https://docelu.pl/: (7, 'Failed to connect to docelu.pl port 443: Connection refused')
+Fetch error: http://trasy.docelu.pl/ => https://trasy.docelu.pl/: (7, 'Failed to connect to trasy.docelu.pl port 443: Connection refused')
+Fetch error: http://www.docelu.pl/ => https://docelu.pl/: (7, 'Failed to connect to docelu.pl port 443: Connection refused')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://docelu.pl/ => https://docelu.pl/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://trasy.docelu.pl/ => https://trasy.docelu.pl/: Pycurl fetch failed for 'http://trasy.docelu.pl/ http://www.pkt.pl/mapa-strony/miejscowosci/a/15-1/?docelu'
+Fetch error: http://www.docelu.pl/ => https://docelu.pl/: (60, 'SSL certificate problem: certificate has expired')
 	For problematic rules, see Docelu.pl-problematic.xml.
 
 
@@ -39,7 +49,7 @@
 				- ^ *
 				- i.wp.pl *
 				- b.wpimg.com *
-			
+
 
 		- Images, on:
 
@@ -80,7 +90,7 @@
 	mixedcontent due to css from ^docelu.pl, i.wp.pl, & b.wpimg.com.
 
 -->
-<ruleset name="docelu.pl (partial)" platform="mixedcontent">
+<ruleset name="docelu.pl (partial)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="docelu.pl" />
 	<target host="trasy.docelu.pl" />
@@ -90,10 +100,10 @@
 	<!--	Can we secure any wildcard cookies here safely?
 								-->
 	<!--securecookie host="^\.docelu\.pl$" name="^(reksticket|WP-cookie-info|wpsticket)" /-->
-	<securecookie host="^(?:.+\.)?docelu\.pl$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http://(?:(trasy\.)|www\.)?docelu\.pl/"
 		to="https://$1docelu.pl/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Docker.com.xml b/src/chrome/content/rules/Docker.com.xml
new file mode 100644
index 000000000000..d35d8ba0b78f
--- /dev/null
+++ b/src/chrome/content/rules/Docker.com.xml
@@ -0,0 +1,57 @@
+<!--
+	Other Docker rulesets:
+
+		- Docker.io.xml
+		- Kitematic.com.xml
+
+
+	Nonfunctional hosts in *docker.com:
+
+		- posts *
+
+	* Redirects to http
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .docker.com
+		- registry.hub.docker.com
+
+
+	Mixed content:
+
+		- Images, on blog from:
+
+			- $self *
+			- www.ycombinator.com
+
+	* Secured by us
+
+-->
+<ruleset name="Docker.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="docker.com" />
+	<target host="blog.docker.com" />
+	<target host="docs.docker.com" />
+	<target host="experimental.docker.com" />
+	<target host="forums.docker.com" />
+	<target host="hub.docker.com" />
+	<target host="registry.hub.docker.com" />
+	<target host="status.docker.com" />
+	<target host="www.docker.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.docker\.com$" name="^docker_sso_username$" /-->
+	<!--securecookie host="^registry\.hub\.docker\.com$" name="dwf_banner$" /-->
+
+	<securecookie host="^(?:www)?\.docker\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Docker.io.xml b/src/chrome/content/rules/Docker.io.xml
index 60f828119fd3..14e8ab7a72c3 100644
--- a/src/chrome/content/rules/Docker.io.xml
+++ b/src/chrome/content/rules/Docker.io.xml
@@ -1,30 +1,33 @@
 <!--
-	Problematic subdomains:
+	For other Docket coverage, see Docker.com.xml.
 
-		- ^	(dropped)
 
+	Problematic hosts in *docker.io:
 
-	Fully covered subdomains:
+		- blog *
+		- docs *
 
-		- (www.)	(^ → www)
-		- blog
-		- docs
-		- index
+	* Cert only matches *docker.com
 
 -->
-<ruleset name="docker.io">
+<ruleset name="Docker.io">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="docker.io" />
-	<target host="*.docker.io" />
+	<target host="index.docker.io" />
+	<target host="www.docker.io" />
 
+	<!--	Complications:
+				-->
+	<target host="blog.docker.io" />
+	<target host="docs.docker.io" />
 
-	<securecookie host="^www\.docker\.io$" name=".+" />
 
+	<rule from="^http://(blog|docs)\.docker\.io/"
+		to="https://$1.docker.com/" />
 
-	<rule from="^http://(?:www\.)?docker\.io/"
-		to="https://www.docker.io/" />
-
-	<rule from="^http://(blog|docs|index)\.docker\.io/"
-		to="https://$1.docker.io/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Docket_Alarm.com.xml b/src/chrome/content/rules/Docket_Alarm.com.xml
new file mode 100644
index 000000000000..e75a86fca72f
--- /dev/null
+++ b/src/chrome/content/rules/Docket_Alarm.com.xml
@@ -0,0 +1,29 @@
+<!--
+	^docketalarm.com: Handshake fails
+
+
+	Mixed content:
+
+		- Images from \d.bp.blogspot.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Docket Alarm.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.docketalarm.com" />
+
+	<!--	Complications:
+				-->
+	<target host="docketalarm.com" />
+
+
+	<rule from="^http://docketalarm\.com/"
+		to="https://www.docketalarm.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Docler.xml b/src/chrome/content/rules/Docler.xml
deleted file mode 100644
index 693162bdd909..000000000000
--- a/src/chrome/content/rules/Docler.xml
+++ /dev/null
@@ -1,5 +0,0 @@
-<ruleset name="Docler Holding">
-	<target host="www.doclerholding.com" />
-
-	<rule from="^http://www\.doclerholding\.com/" to="https://www.doclerholding.com/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Docler_Holding.com.xml b/src/chrome/content/rules/Docler_Holding.com.xml
new file mode 100644
index 000000000000..ac92757733a6
--- /dev/null
+++ b/src/chrome/content/rules/Docler_Holding.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="Docler Holding.com">
+	<target host="doclerholding.com" />
+	<target host="www.doclerholding.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Docracy.com.xml b/src/chrome/content/rules/Docracy.com.xml
new file mode 100644
index 000000000000..260cd03fb606
--- /dev/null
+++ b/src/chrome/content/rules/Docracy.com.xml
@@ -0,0 +1,17 @@
+<!--
+    Nonfunctional subdomain:
+        - $
+        - blog
+-->
+<ruleset name="Docracy.com">
+	<target host="docracy.com" />
+	<target host="www.docracy.com" />
+
+	<securecookie host="^www\.docracy\.com$" name=".+" />
+
+	<rule from="^http://docracy\.com/"
+		to="https://www.docracy.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Docs.Zone.xml b/src/chrome/content/rules/Docs.Zone.xml
new file mode 100644
index 000000000000..704a16f1dfa2
--- /dev/null
+++ b/src/chrome/content/rules/Docs.Zone.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .docs.zone
+
+-->
+<ruleset name="Docs.Zone">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="docs.zone" />
+	<target host="www.docs.zone" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.docs\.zone$" name="^(?:__cfduid|ab_variant|cf_clearance|session)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Docstoc.xml b/src/chrome/content/rules/Docstoc.xml
deleted file mode 100644
index 8b0ea4433b29..000000000000
--- a/src/chrome/content/rules/Docstoc.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--	s3.amazonaws.com/content1.docstoc.com/
-	s3.amazonaws.com/img.docstoc.com/
-
-	!functional:
-		- blog.docstream.com	(cert: *.gridserver.com; infinite redirection)
-		- platform.docstoc.com	(403)
--->
-<ruleset name="Docstoc (partial)">
-
-	<target host="docstoc.com"/>
-	<target host="*.docstoc.com"/>
-	<target host="*.docstoccdn.com"/>
-
-	<!--	!cdn cert:	EdgeCast	-->
-	<rule from="^http://(css|i|swf)\.docstoc(?:cdn)?\.com/"
-		to="https://$1.docstoccdn.com/"/>
-
-	<rule from="^http://img\.docstoc(?:cdn)?\.com/"
-		to="https://s3.amazonaws.com/img.docstoc.com/"/>
-
-	<!--	!www:	!found			-->
-	<rule from="^http://(?:www\.)?docstoc\.com/(Captcha\.ashx|cart/)"
-		to="https://www.docstoc.com/$1"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Docstorepro.com.xml b/src/chrome/content/rules/Docstorepro.com.xml
index 0d48d82444ee..bcf8e4a43b52 100644
--- a/src/chrome/content/rules/Docstorepro.com.xml
+++ b/src/chrome/content/rules/Docstorepro.com.xml
@@ -1,17 +1,20 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://docstorepro.com/ => https://docstorepro.com/: (60, 'SSL certificate problem: certificate has expired')
+
 	For other NiKec Solutions coverage, see NiKec_Solutions.xml.
 
 -->
-<ruleset name="docstorepro.com">
+<ruleset name="docstorepro.com" default_off="failed ruleset test">
 
 	<target host="docstorepro.com" />
-	<target host="*.docstorepro.com" />
+	<target host="www.docstorepro.com" />
 
 
 	<securecookie host="^\.docstorepro\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?docstorepro\.com/"
-		to="https://$1docstorepro.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Doctor_Trusted.org.xml b/src/chrome/content/rules/Doctor_Trusted.org.xml
new file mode 100644
index 000000000000..f37d3a60f7f9
--- /dev/null
+++ b/src/chrome/content/rules/Doctor_Trusted.org.xml
@@ -0,0 +1,39 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://doctortrusted.org/ => https://doctortrusted.org/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.doctortrusted.org/ => https://doctortrusted.org/: (28, 'Connection timed out after 20000 milliseconds')
+
+	www.doctortrusted.org: Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- doctortrusted.org
+
+-->
+<ruleset name="Doctor Trusted.org" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="doctortrusted.org" />
+
+	<!--	Complications:
+				-->
+	<target host="www.doctortrusted.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^doctortrusted\.org$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^doctortrusted\.org$" name=".+" />
+
+
+	<rule from="^http://www\.doctortrusted\.org/"
+		to="https://doctortrusted.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DoctorsWithoutBorders.ca.xml b/src/chrome/content/rules/DoctorsWithoutBorders.ca.xml
new file mode 100644
index 000000000000..ff75d85580ad
--- /dev/null
+++ b/src/chrome/content/rules/DoctorsWithoutBorders.ca.xml
@@ -0,0 +1,8 @@
+<ruleset name="Doctors Without Borders Canada">
+
+	<target host="doctorswithoutborders.ca" />
+	<target host="www.doctorswithoutborders.ca" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DoctorsWithoutBorders.org.xml b/src/chrome/content/rules/DoctorsWithoutBorders.org.xml
index 989840252f90..77f79e814cea 100644
--- a/src/chrome/content/rules/DoctorsWithoutBorders.org.xml
+++ b/src/chrome/content/rules/DoctorsWithoutBorders.org.xml
@@ -1,7 +1,44 @@
-<ruleset name="DoctorsWithoutBorders.org">
+<!--
+	Problematic hosts in *doctorswithoutborders.org:
+
+		- cdn *
+
+	* Fastly
+
+
+	Insecure cookies are set for these hosts:
+
+		- donate.doctorswithoutborders.org
+
+-->
+<ruleset name="DoctorsWithoutBorders.org (partial)">
+
+	<!--	Direct rewrites:
+				-->
 	<target host="doctorswithoutborders.org" />
-	<target host="www.doctorswithoutborders.org" />
-	<rule from="^http://www\.doctorswithoutborders\.org/" to="https://www.doctorswithoutborders.org/"/>
-	<rule from="^http://doctorswithoutborders\.org/" to="https://doctorswithoutborders.org/"/>
+	<target host="donate.doctorswithoutborders.org" />
+	<!--target host="www.doctorswithoutborders.org" /-->
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.doctorswithoutborders\.org/(?:article/[\w-]+$|home$)" /-->
+
+			<!--	+ve:
+					-->
+			<!--test url="http://www.doctorswithoutborders.org/article/greece-home-we-had-war-least-we-had-dignity" /-->
+			<!--test url="http://www.doctorswithoutborders.org/home" /-->
+
+		<test url="http://donate.doctorswithoutborders.org/onetime.cfm" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^donate\.doctorswithoutborders\.org$" name="^(?:CFID|CFTOKEN)$" /-->
+
+	<securecookie host="^donate\.doctorswithoutborders\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
 
diff --git a/src/chrome/content/rules/Document.no.xml b/src/chrome/content/rules/Document.no.xml
index 70d2ec161a62..f405b621cbc4 100644
--- a/src/chrome/content/rules/Document.no.xml
+++ b/src/chrome/content/rules/Document.no.xml
@@ -1,7 +1,8 @@
 <ruleset name="Document.no">
-  <target host="document.no" />
-  <target host="www.document.no" />
+	<target host="document.no" />
+	<target host="www.document.no" />
 
-  <rule from="^http://www\.document\.no/" to="https://www.document.no/" />
-  <rule from="^http://document\.no/" to="https://www.document.no/" />
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/DocumentCloud.xml b/src/chrome/content/rules/DocumentCloud.xml
index c46124025218..118e947f3689 100644
--- a/src/chrome/content/rules/DocumentCloud.xml
+++ b/src/chrome/content/rules/DocumentCloud.xml
@@ -1,22 +1,24 @@
 <!--
-	Nonfunctional subdomains:
+	ERR_SSL_PROTOCOL_ERROR:
+		- cluster
 
-		- blog		(times out)
+	Mismatched:
+		- cpanel
+		- ftp
+		- s3
+		- whm
 
+	Connection timed out:
+		- testing
 -->
-<ruleset name="DocumentCloud (partial)">
-
+<ruleset name="DocumentCloud">
 	<target host="documentcloud.org" />
-	<target host="*.documentcloud.org" />
-
-
-	<securecookie host="^www\.documentcloud\.org$" name=".+" />
-
-
-	<rule from="^http://(www\.)?documentcloud\.org/"
-		to="https://$1documentcloud.org/" />
+	<target host="www.documentcloud.org" />
+	<target host="assets.documentcloud.org" />
+	<target host="assets2.documentcloud.org" />
+	<target host="blog.documentcloud.org" />
 
-	<rule from="^http://s3\.documentcloud\.org/"
-		to="https://s3.amazonaws.com/s3.documentcloud.org/" />
+	<securecookie host=".+" name=".+" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/DocumentFoundation.org.xml b/src/chrome/content/rules/DocumentFoundation.org.xml
new file mode 100644
index 000000000000..e6cde170cd35
--- /dev/null
+++ b/src/chrome/content/rules/DocumentFoundation.org.xml
@@ -0,0 +1,33 @@
+<!--
+	Refused
+		nabble.documentfoundation.org
+
+	Invalid certificate:
+		www.blog.documentfoundation.org
+
+-->
+<ruleset name="The Document Foundation">
+
+	<target host="documentfoundation.org" />
+	<target host="www.documentfoundation.org" />
+	<target host="blog.documentfoundation.org" />
+	<target host="www.blog.documentfoundation.org" />
+	<target host="download.documentfoundation.org" />
+	<target host="downloadarchive.documentfoundation.org" />
+	<target host="owncloud.documentfoundation.org" />
+	<target host="piwik.documentfoundation.org" />
+	<target host="planet.documentfoundation.org" />
+	<target host="redmine.documentfoundation.org" />
+	<target host="translations.documentfoundation.org" />
+	<target host="wiki.documentfoundation.org" />
+
+	<securecookie host="^\." name="^__qca$" />
+	<securecookie host="^\w" name=".+" />
+
+	<rule from="^http://www\.blog\.documentfoundation\.org/"
+		to="https://blog.documentfoundation.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Document_Freedom_Day.xml b/src/chrome/content/rules/Document_Freedom_Day.xml
index 95da337f5b65..4d17422086c6 100644
--- a/src/chrome/content/rules/Document_Freedom_Day.xml
+++ b/src/chrome/content/rules/Document_Freedom_Day.xml
@@ -1,8 +1,18 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://documentfreedom.net/ => https://documentfreedom.net/: (7, 'Failed to connect to documentfreedom.net port 443: Connection refused')
+Fetch error: http://www.documentfreedom.net/ => https://www.documentfreedom.net/: (7, 'Failed to connect to www.documentfreedom.net port 443: Connection refused')
+Fetch error: http://documentfreedom.org/ => https://documentfreedom.org/: (7, 'Failed to connect to documentfreedom.org port 443: Connection refused')
+Fetch error: http://www.documentfreedom.org/ => https://www.documentfreedom.org/: (7, 'Failed to connect to www.documentfreedom.org port 443: Connection refused')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://documentfreedom.net/ => https://documentfreedom.net/: (51, "SSL: no alternative certificate subject name matches target host name 'documentfreedom.net'")
+Fetch error: http://www.documentfreedom.net/ => https://www.documentfreedom.net/: (51, "SSL: no alternative certificate subject name matches target host name 'www.documentfreedom.net'")
 	For other FSFE coverage, see FSFE.org.xml.
 
 -->
-<ruleset name="Document Freedom Day">
+<ruleset name="Document Freedom Day" default_off="failed ruleset test">
 
 	<target host="documentfreedom.net" />
 	<target host="www.documentfreedom.net" />
@@ -10,7 +20,6 @@
 	<target host="www.documentfreedom.org" />
 
 
-	<rule from="^http://(www\.)?documentfreedom\.(net|org)/"
-		to="https://$1documentfreedom.$2/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Documentchecker.com.xml b/src/chrome/content/rules/Documentchecker.com.xml
new file mode 100644
index 000000000000..d18cdbb8d299
--- /dev/null
+++ b/src/chrome/content/rules/Documentchecker.com.xml
@@ -0,0 +1,15 @@
+<!--
+	Nonfunctional hosts in *.documentchecker.com:
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Documentchecker.com">
+	<target host="documentchecker.com" />
+	<target host="www.documentchecker.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Docusign.com.xml b/src/chrome/content/rules/Docusign.com.xml
deleted file mode 100644
index 50291b041baf..000000000000
--- a/src/chrome/content/rules/Docusign.com.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="Docusign.com">
-  <target host="docusign.com" />
-  <target host="www.docusign.com" />
-
-  <rule from="^http://(www\.)?docusign\.com/" to="https://www.docusign.com/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Docusign.net.xml b/src/chrome/content/rules/Docusign.net.xml
index 1c6d6208d119..9d8889c7434b 100644
--- a/src/chrome/content/rules/Docusign.net.xml
+++ b/src/chrome/content/rules/Docusign.net.xml
@@ -2,5 +2,5 @@
   <target host="docusign.net" />
   <target host="www.docusign.net" />
 
-  <rule from="^http://(www\.)?docusign\.net/" to="https://www.docusign.net/" />
+  <rule from="^http://(?:www\.)?docusign\.net/" to="https://www.docusign.net/" />
 </ruleset>
diff --git a/src/chrome/content/rules/Dodo.com.au.xml b/src/chrome/content/rules/Dodo.com.au.xml
new file mode 100644
index 000000000000..e8c51b93911f
--- /dev/null
+++ b/src/chrome/content/rules/Dodo.com.au.xml
@@ -0,0 +1,84 @@
+<!--
+	Other related ruleset, see Dodo.com.xml
+
+	Nonfunctional subdomains:
+
+		- (www.)dodo.com.au	(¹, CN: *.dodo.com)
+		- ads		(¹, CN: *.dodo.com)
+		- allphones	²
+		- autodiscover		³
+		- business		(¹, CN: *.dodo.com)
+		- callcentre17		²
+		- callcentre33		²
+		- autodiscover.connect		³
+		- c			(¹, CN: *.dodo.com)
+		- cms			(¹, CN: *.dodo.com)
+		- connectto		(¹, CN: *.dodo.com)
+		- coverage		(¹, CN: *.dodo.com)
+		- customer		(connection error)
+		- dealer		²
+		- dealerportal		²
+		- dpg			(¹, CN: try.unbounce.com)
+		- dns1		³
+		- dns2		³
+		- (www.)dodogirlvoting		²
+		- footy		(¹, CN: www.alexhotel.com.au)
+		- google	²
+		- home		(¹, CN: *.dodo.com)
+		- hosting	⁴
+		- landing	(¹, CN: try.unbounce.com)
+		- login		(¹, CN: *.dodo.com)
+		- m			(¹, CN: *.dodo.com)
+		- postoffice01.mail-hub		⁴
+		- postoffice02.mail-hub		⁴
+		- postoffice03.mail-hub		⁴
+		- postoffice04.mail-hub		⁴
+		- media		(¹, CN: *.dodo.com)
+  		- members	⁴
+		- my		(¹, CN: *.dodo.com)
+		- new		(¹, CN: *.dodo.com)
+		- ns1		³
+		- dnscache42nx.nc.nsw		³
+		- dnscache52nx.nc.nsw		³
+		- dnscache62nx.nc.nsw		³
+		- offers		(¹, CN: try.unbounce.com)
+		- payments		(¹, CN: *.dodo.com)
+		- photos		(¹, CN: *.dodo.com)
+		- pop		³
+		- pop3		³
+		- ppm		³
+		- referrer	(connection error)
+		- retail	(¹, CN: *.dodo.com)
+		- retailra	²
+		- rugby			(¹, CN: www.alexhotel.com.au)
+		- secure	(connection error)
+		- smtp		³
+		- speedtest		³
+		- start		(¹, CN: *.dodo.com)
+		- support	(¹, CN: *.dodo.com)
+		- systemstatus		(¹, CN: *.commander.com.au)
+		- users		⁴
+		- web		(¹, CN: *.dodo.com)
+		- webmail01	⁴
+		- webmail02	⁴
+		- webmail03	⁴
+		- wholesale	(invalid cert chain)
+		- wwwwtest	(¹, CN: *.dodo.com)
+
+
+	¹ Mismatched
+	² SSL handshake failed
+	³ Connection refused
+	⁴ Timeout
+
+-->
+<ruleset name="Dodo.com.au">
+
+	<target host="accountmanagement.dodo.com.au" />
+	<target host="webmail.dodo.com.au" />
+
+  	<securecookie host="^(accountmanagement|webmail)\.dodo\.com\.au$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Dodo.com.xml b/src/chrome/content/rules/Dodo.com.xml
new file mode 100644
index 000000000000..8d20165a7ea5
--- /dev/null
+++ b/src/chrome/content/rules/Dodo.com.xml
@@ -0,0 +1,78 @@
+<!--
+	Other related ruleset, see Dodo.com.au.xml
+
+	Nonfunctional subdomains:
+
+		- accountmanagement	(¹, CN: *.dodo.com.au)
+		- adfs		(connection error)
+		- autodiscover		(connection refused)
+		- blog		(self-signed and expired cert)
+		- centralhub	(SSL handshake failed)
+		- autodiscover.connect		(connection refused)
+		- dealer		(SSL handshake failed)
+		- click.email		(¹, CN: a248.e.akamai.net)
+		- image.email		(¹, CN: a248.e.akamai.net)
+		- view.email		(¹, CN: *.s7.exacttarget.com)
+		- footy-staff		(¹, CN: www.alexhotel.com.au)
+		- google		(SSL handshake failed)
+		- www.home		(¹, CN: *.dodo.com)
+		- hybrid		(connection refused)
+		- images		(500 error)
+		- landing		(¹, CN: try.unbounce.com)
+		- postoffice01.mail-hub		(timeout)
+		- postoffice02.mail-hub		(timeout)
+		- postoffice03.mail-hub		(timeout)
+		- postoffice04.mail-hub		(timeout)
+		- members		(timeout)
+		- nbn		(¹, CN: *.go2cloud.org)
+		- pop		(connection refused)
+		- pop3		(connection refused)
+		- socialmedia		(expired cert)
+		- speedtest		(connection refused)
+		- systemstatus		(¹, CN: *.commander.com.au)
+		- track		(¹, CN: *.go2cloud.org)
+		- tracking	(¹, CN: *.go2cloud.org)
+		- users		(timeout)
+		- webmail		(¹, CN: *.dodo.com.au)
+		- whns0		(self-signed, expired cert, ¹, CN: *.dodo.com.au)
+		- whns1		(self-signed, expired cert, ¹, CN: *.dodo.com.au)
+
+
+	¹ Hostname mismatched
+
+-->
+<ruleset name="Dodo.com">
+	<target host="dodo.com" />
+	<target host="www.dodo.com" />
+	<target host="business.dodo.com" />
+	<target host="c.dodo.com" />
+	<target host="click2talk.dodo.com" />
+	<target host="cms.dodo.com" />
+	<target host="connectto.dodo.com" />
+	<target host="coverage.dodo.com" />
+	<target host="dpg.dodo.com" />
+	<target host="facebook.dodo.com" />
+	<target host="footy.dodo.com" />
+	<target host="home.dodo.com" />
+	<target host="ins.dodo.com" />
+	<target host="m.dodo.com" />
+	<target host="media.dodo.com" />
+	<target host="mobile.dodo.com" />
+	<target host="my.dodo.com" />
+	<target host="new.dodo.com" />
+	<target host="offers.dodo.com" />
+	<target host="pfs.dodo.com" />
+	<target host="retail.dodo.com" />
+	<target host="retailproducts.dodo.com" />
+	<target host="rugby.dodo.com" />
+	<target host="support.dodo.com" />
+	<target host="web.dodo.com" />
+	<target host="ws.dodo.com" />
+	<target host="www-old.dodo.com" />
+	<target host="wwwtest.dodo.com" />
+
+  	<securecookie host="^www\.dodo\.com$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Dods_People.com.xml b/src/chrome/content/rules/Dods_People.com.xml
new file mode 100644
index 000000000000..393d5f68affa
--- /dev/null
+++ b/src/chrome/content/rules/Dods_People.com.xml
@@ -0,0 +1,22 @@
+<!--
+	(www.)?: mismatched, CN: photos.dodspeople.com
+
+
+	Mixed content:
+
+		- iframe from free.timeanddate.com *
+
+	* Not secured by us <= mismatched
+
+-->
+<ruleset name="Dods People.com (partial)">
+
+	<target host="dodspeople.com" />
+	<target host="photos.dodspeople.com" />
+	<target host="www.dodspeople.com" />
+
+
+	<rule from="^http://(?:photos\.|www\.)?dodspeople\.com/"
+		to="https://photos.dodspeople.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DoesNotWork.eu.xml b/src/chrome/content/rules/DoesNotWork.eu.xml
new file mode 100644
index 000000000000..d83840c8a359
--- /dev/null
+++ b/src/chrome/content/rules/DoesNotWork.eu.xml
@@ -0,0 +1,18 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://doesnotwork.eu/ => https://doesnotwork.eu/: (7, '')
+Fetch error: http://ipv6.doesnotwork.eu/ => https://ipv6.doesnotwork.eu/: (7, '')
+Fetch error: http://www.doesnotwork.eu/ => https://www.doesnotwork.eu/: (7, '')
+
+	For other Nebezi.cz coverage, see Nebezi.cz.xml.
+-->
+<ruleset name="DoesNotWork.eu" default_off="failed ruleset test">
+	<target host="doesnotwork.eu" />
+	<target host="ipv4.doesnotwork.eu" />
+	<target host="ipv6.doesnotwork.eu" />
+	<target host="time.doesnotwork.eu" />
+	<target host="www.doesnotwork.eu" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Dof.dk.xml b/src/chrome/content/rules/Dof.dk.xml
new file mode 100644
index 000000000000..b0b61ed0d983
--- /dev/null
+++ b/src/chrome/content/rules/Dof.dk.xml
@@ -0,0 +1,25 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://dof.dk/ => https://www.dof.dk/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.dof.dk/ => https://www.dof.dk/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	Problematic subdomains:
+
+		- ^ ¹
+		- pandion ²
+
+	¹: Refused
+	²: Bad cert (CN: *.your-server.de)
+-->
+<ruleset name="Dof.dk" default_off="failed ruleset test">
+
+	<target host="dof.dk" />
+	<target host="www.dof.dk" />
+
+	<securecookie host="(?:www)?\.dof\.dk" name=".+" />
+
+	<rule from="^http://(?:www\.)?dof\.dk/"
+		to="https://www.dof.dk/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Dog_Wheelchairs_Center.com.xml b/src/chrome/content/rules/Dog_Wheelchairs_Center.com.xml
index a1955cbf4670..a0c10b9285be 100644
--- a/src/chrome/content/rules/Dog_Wheelchairs_Center.com.xml
+++ b/src/chrome/content/rules/Dog_Wheelchairs_Center.com.xml
@@ -1,13 +1,12 @@
 <ruleset name="Dog Wheelchairs Center.com">
 
 	<target host="dogwheelchairscenter.com" />
-	<target host="*.dogwheelchairscenter.com" />
+	<target host="www.dogwheelchairscenter.com" />
 
 
 	<securecookie host="^(?:www)?\.dogwheelchairscenter\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?dogwheelchairscenter\.com/"
-		to="https://$1dogwheelchairscenter.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Dogechain.info.xml b/src/chrome/content/rules/Dogechain.info.xml
new file mode 100644
index 000000000000..ccb2cd9430c0
--- /dev/null
+++ b/src/chrome/content/rules/Dogechain.info.xml
@@ -0,0 +1,7 @@
+<ruleset name="Dogechain.info">
+	<target host="dogechain.info" />
+	<target host="www.dogechain.info" />
+	<target host="my.dogechain.info" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Dogpile.com.xml b/src/chrome/content/rules/Dogpile.com.xml
new file mode 100644
index 000000000000..c5fe7f75133b
--- /dev/null
+++ b/src/chrome/content/rules/Dogpile.com.xml
@@ -0,0 +1,14 @@
+<!--
+	Timeout:
+		- dogpile.com
+-->
+<ruleset name="Dogpile.com (partial)">
+	<target host="dogpile.com" />
+	<target host="www.dogpile.com" />
+	<target host="info.dogpile.com" />
+	<target host="private.dogpile.com" />
+	<target host="results.dogpile.com" />
+
+	<rule from="^http://dogpile\.com/" to="https://www.dogpile.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/DogsbodyTechnologyLtd.xml b/src/chrome/content/rules/DogsbodyTechnologyLtd.xml
new file mode 100644
index 000000000000..96cec46e3351
--- /dev/null
+++ b/src/chrome/content/rules/DogsbodyTechnologyLtd.xml
@@ -0,0 +1,30 @@
+<ruleset name="Dogsbody Technology Ltd">
+	<target host="dogsbody.com" />
+	<target host="www.dogsbody.com" />
+	<target host="analytics.dogsbody.com" />
+	<target host="email.dogsbody.com" />
+	<target host="mirrors.dogsbody.com" />
+	<target host="monitoring.dogsbody.com" />
+	<target host="mta-sts.dogsbody.com" />
+	<target host="portal.dogsbody.com" />
+	<target host="rkhmirror.dogsbody.com" />
+	<target host="rss.dogsbody.com" />
+	<target host="static.dogsbody.com" />
+	<target host="status.dogsbody.com" />
+	<target host="support.dogsbody.com" />
+	<target host="warboard.dogsbody.com" />
+	<target host="webmail.dogsbody.com" />
+	<target host="wiki.dogsbody.com" />
+
+	<target host="dogsbodytechnology.com" />
+	<target host="www.dogsbodytechnology.com" />
+	<target host="alerts.dogsbodytechnology.com" />
+	<target host="portal.dogsbodytechnology.com" />
+	<target host="status.dogsbodytechnology.com" />
+
+	<target host="dogsbodyhosting.net" />
+	<target host="www.dogsbodyhosting.net" />
+	<target host="status.dogsbodyhosting.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Dogz_Online.xml b/src/chrome/content/rules/Dogz_Online.xml
index 2398ae9e8f9f..1ea7032f506a 100644
--- a/src/chrome/content/rules/Dogz_Online.xml
+++ b/src/chrome/content/rules/Dogz_Online.xml
@@ -1,13 +1,12 @@
 <ruleset name="Dogz Online">
 
 	<target host="dogzonline.com.au" />
-	<target host="*.dogzonline.com.au" />
+	<target host="www.dogzonline.com.au" />
 
 
 	<securecookie host="^(?:www)?\.dogzonline\.com\.au$" name=".+" />
 
 
-	<rule from="^http://(www\.)?dogzonline\.com\.au/"
-		to="https://$1dogzonline.com.au/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Doi2bib.org.xml b/src/chrome/content/rules/Doi2bib.org.xml
new file mode 100644
index 000000000000..b71feb7e1083
--- /dev/null
+++ b/src/chrome/content/rules/Doi2bib.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="Doi2bib.org">
+	<target host="doi2bib.org" />
+	<target host="www.doi2bib.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Doileak.com.xml b/src/chrome/content/rules/Doileak.com.xml
new file mode 100644
index 000000000000..6384e311d711
--- /dev/null
+++ b/src/chrome/content/rules/Doileak.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="Doileak.com">
+	<target host=    "doileak.com" />
+	<target host="www.doileak.com" />
+
+	<securecookie host="^www\.doileak\.com$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Dojo_Toolkit.org.xml b/src/chrome/content/rules/Dojo_Toolkit.org.xml
new file mode 100644
index 000000000000..b68f9d20477a
--- /dev/null
+++ b/src/chrome/content/rules/Dojo_Toolkit.org.xml
@@ -0,0 +1,48 @@
+<!--
+	Nonfunctional hosts:
+
+		- demos *
+
+	* 404
+
+
+	Fully covered hosts:
+
+		- (www.)?
+		- alex
+		- bugs
+
+
+	Insecure cookies are set for these hosts:
+
+		- bugs.dojotoolkit.org
+
+
+	Mixed content:
+
+		- css alex from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Dojo Toolkit.org (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="dojotoolkit.org" />
+	<target host="alex.dojotoolkit.org" />
+	<target host="bugs.dojotoolkit.org" />
+	<target host="www.dojotoolkit.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^bugs\.dojotoolkit\.org$" name="^(trac_form_token|trac_session)$" /-->
+
+	<securecookie host="^bugs\.dojotoolkit\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DokuWiki.org.xml b/src/chrome/content/rules/DokuWiki.org.xml
new file mode 100644
index 000000000000..53a42f93f85e
--- /dev/null
+++ b/src/chrome/content/rules/DokuWiki.org.xml
@@ -0,0 +1,30 @@
+<!--
+	Invalid certificate:
+		donate.dokuwiki.org (-> paypal.com)
+
+-->
+<ruleset name="DokuWiki">
+
+	<target host="dokuwiki.org" />
+	<target host="www.dokuwiki.org" />
+	<target host="bugs.dokuwiki.org" />
+	<target host="download.dokuwiki.org" />
+	<target host="forum.dokuwiki.org" />
+	<target host="irc.dokuwiki.org" />
+	<target host="irclog.dokuwiki.org" />
+	<target host="piggy.dokuwiki.org" />
+	<target host="pluginwiz.dokuwiki.org" />
+	<target host="pluginwizard.dokuwiki.org" />
+	<target host="search.dokuwiki.org" />
+	<target host="trans.dokuwiki.org" />
+	<target host="translate.dokuwiki.org" />
+	<target host="update.dokuwiki.org" />
+	<target host="wiki.dokuwiki.org" />
+	<target host="xref.dokuwiki.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DokuWiki.xml b/src/chrome/content/rules/DokuWiki.xml
deleted file mode 100644
index 20dff74ab2db..000000000000
--- a/src/chrome/content/rules/DokuWiki.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<ruleset name="DokuWiki (partial)" platform="cacert">
-
-	<target host="dokuwiki.org" />
-	<target host="*.dokuwiki.org" />
-		<!--	Redirect to bugs	-->
-		<exclusion pattern="^http://(dib|donate|irc|pluginwiz|search|translate|update|xref)\." />
-
-
-	<securecookie host="^.*\.dokuwiki\.org$" name=".*" />
-
-
-	<!--	Observed subdomains:
-
-			- bugs
-			- forum
-			- planet
-			- www
-
-				-->
-	<rule from="^http://(\w+\.)?dokuwiki\.org/"
-		to="https://$1dokuwiki.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/DolarToday.com.xml b/src/chrome/content/rules/DolarToday.com.xml
new file mode 100644
index 000000000000..429b170abe4a
--- /dev/null
+++ b/src/chrome/content/rules/DolarToday.com.xml
@@ -0,0 +1,30 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .dolartoday.com
+
+
+	Mixed content:
+
+		- Bug from b.scorecardresearch.com ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="DolarToday.com">
+
+	<target host="dolartoday.com" />
+	<target host="www.dolartoday.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.dolartoday\.com$" name="^(?:__cfduid|__qca|cf_clearance)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Dolezel.info.xml b/src/chrome/content/rules/Dolezel.info.xml
index 436cf97337af..1ab75702ef67 100644
--- a/src/chrome/content/rules/Dolezel.info.xml
+++ b/src/chrome/content/rules/Dolezel.info.xml
@@ -6,27 +6,22 @@
 
 	Problematic subdomains:
 
-		- darling *
 		- fatrat *
 
 	* Works; mismatched, CN: www.abclinuxu.cz
 
-
-	Fully covered subdomains:
-
-		- darling
-		- fatrat
-
 -->
 <ruleset name="dolezel.info (partial)" default_off="mismatched">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="fatrat.dolezel.info" />
 
 
-	<securecookie host="^(?:darling|fatrat)\.dolezel\.info$" name=".+" />
+	<securecookie host="^fatrat\.dolezel\.info$" name=".+" />
 
 
-	<rule from="^http://(darling|fatrat)\.dolezel\.info/"
-		to="https://$1.dolezel.info/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Dolibarr.org.xml b/src/chrome/content/rules/Dolibarr.org.xml
new file mode 100644
index 000000000000..0514ba8cf29b
--- /dev/null
+++ b/src/chrome/content/rules/Dolibarr.org.xml
@@ -0,0 +1,31 @@
+<!--
+	Connection reset:
+		- calendar
+		- mail
+		- ml
+
+	Mismatched:
+		- vmdev1
+
+	Expired:
+		- vmprod1
+
+	Self-signed:
+		- vmprod2
+		- vmprod3
+-->
+<ruleset name="Dolibarr.org">
+	<target host="dolibarr.org" />
+	<target host="www.dolibarr.org" />
+	<target host="admin.dolibarr.org" />
+	<target host="asso.dolibarr.org" />
+	<target host="demo.dolibarr.org" />
+	<target host="doxygen.dolibarr.org" />
+	<target host="nl.dolibarr.org" />
+	<target host="partners.dolibarr.org" />
+	<target host="saas.dolibarr.org" />
+	<target host="status.dolibarr.org" />
+	<target host="wiki.dolibarr.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Dolimg.com.xml b/src/chrome/content/rules/Dolimg.com.xml
index 6368e31bddb1..0180ef26abdd 100644
--- a/src/chrome/content/rules/Dolimg.com.xml
+++ b/src/chrome/content/rules/Dolimg.com.xml
@@ -44,4 +44,4 @@
 	<rule from="^http://s\.dolimg\.com/"
 		to="https://s.dolimg.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Dollar.co.uk.xml b/src/chrome/content/rules/Dollar.co.uk.xml
new file mode 100644
index 000000000000..b4f9c3f77f37
--- /dev/null
+++ b/src/chrome/content/rules/Dollar.co.uk.xml
@@ -0,0 +1,14 @@
+<!--
+	For other Dollar coverage, see Dollar.com.xml
+-->
+<ruleset name="Dollar.co.uk">
+
+	<target host="dollar.co.uk" />
+	<target host="www.dollar.co.uk" />
+	<target host="refresh.dollar.co.uk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Dollar.com.xml b/src/chrome/content/rules/Dollar.com.xml
new file mode 100644
index 000000000000..c9ab5d5eb667
--- /dev/null
+++ b/src/chrome/content/rules/Dollar.com.xml
@@ -0,0 +1,48 @@
+<!--
+	Other related rulesets:
+		- Dollar.co.uk.xml
+		- Dollar.de.xml
+		- DollarCanada.ca.xml
+
+
+	Non-functional subdomains:
+		- dblog		(t)
+		- click.emails		(m)
+		- pub.emails		(m)
+		- lac		(i)
+		- worldwide		(e)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Dollar.com">
+
+	<target host="dollar.com" />
+	<target host="www.dollar.com" />
+	<target host="cruisesinc.dollar.com" />
+	<target host="image.emails.dollar.com" />
+	<target host="htcstaging.dollar.com" />
+	<target host="m.dollar.com" />
+	<target host="media.dollar.com" />
+	<target host="mobile.dollar.com" />
+	<target host="mstaging.dollar.com" />
+	<target host="ota.dollar.com" />
+	<target host="pblog.dollar.com" />
+	<target host="prepay.dollar.com" />
+	<target host="register.dollar.com" />
+	<target host="sblog.dollar.com" />
+	<target host="stageimt.dollar.com" />
+	<target host="staging.dollar.com" />
+	<target host="stagingm.dollar.com" />
+	<target host="ww2.dollar.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Dollar.de.xml b/src/chrome/content/rules/Dollar.de.xml
new file mode 100644
index 000000000000..c85322f86e79
--- /dev/null
+++ b/src/chrome/content/rules/Dollar.de.xml
@@ -0,0 +1,12 @@
+<!--
+	For other Dollar coverage, see Dollar.com.xml
+-->
+<ruleset name="Dollar.de">
+
+	<target host="www.dollar.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/DollarCanada.ca.xml b/src/chrome/content/rules/DollarCanada.ca.xml
new file mode 100644
index 000000000000..ae1195fcbc9c
--- /dev/null
+++ b/src/chrome/content/rules/DollarCanada.ca.xml
@@ -0,0 +1,21 @@
+<!--
+	For other Dollar coverage, see Dollar.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(self-signed cert)
+
+-->
+<ruleset name="Dollar Canada.ca">
+
+	<target host="dollarcanada.ca" />
+	<target host="www.dollarcanada.ca" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://dollarcanada\.ca/"
+		to="https://www.dollarcanada.ca/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Dollar_Shave_Club.com.xml b/src/chrome/content/rules/Dollar_Shave_Club.com.xml
new file mode 100644
index 000000000000..59c3ff3b24e0
--- /dev/null
+++ b/src/chrome/content/rules/Dollar_Shave_Club.com.xml
@@ -0,0 +1,32 @@
+<!--
+	Nonfunctional hosts *dollarshaveclub.com:
+
+		- blog *
+
+	* Redirects to http
+
+
+	Insecure cookies are set for these domains:
+
+		- .dollarshaveclub.com
+
+-->
+<ruleset name="Dollar Shave Club.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="dollarshaveclub.com" />
+	<target host="www.dollarshaveclub.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.dollarshaveclub\.com$" name="^(__dscuuid|_dsc_session_id|XSRF-TOKEN)$" /-->
+
+	<securecookie host="^\.dollarshaveclub\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Dollar_a_Day.co.xml b/src/chrome/content/rules/Dollar_a_Day.co.xml
new file mode 100644
index 000000000000..82035f352b3b
--- /dev/null
+++ b/src/chrome/content/rules/Dollar_a_Day.co.xml
@@ -0,0 +1,16 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://dollaraday.co/ => https://dollaraday.co/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.dollaraday.co/ => https://www.dollaraday.co/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="Dollar a Day.co" default_off="failed ruleset test">
+
+	<target host="dollaraday.co" />
+	<target host="www.dollaraday.co" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Dolphin-emu.org.xml b/src/chrome/content/rules/Dolphin-emu.org.xml
index e900c71aa74e..0081ecc72ae5 100644
--- a/src/chrome/content/rules/Dolphin-emu.org.xml
+++ b/src/chrome/content/rules/Dolphin-emu.org.xml
@@ -16,13 +16,15 @@
 <ruleset name="dolphin-emu.org">
 
 	<target host="dolphin-emu.org" />
-	<target host="*.dolphin-emu.org" />
+	<target host="dl.dolphin-emu.org" />
+	<target host="forums.dolphin-emu.org" />
+	<target host="wiki.dolphin-emu.org" />
+	<target host="www.dolphin-emu.org" />
 
 
 	<securecookie host=".+\.dolphin-emu\.org$" name=".+" />
 
 
-	<rule from="^http://((?:dl|forums|wiki|www)\.)?dolphin-emu\.org/"
-		to="https://$1dolphin-emu.org/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Dom.bg.xml b/src/chrome/content/rules/Dom.bg.xml
new file mode 100644
index 000000000000..85c8a9a16406
--- /dev/null
+++ b/src/chrome/content/rules/Dom.bg.xml
@@ -0,0 +1,10 @@
+<ruleset name="Dom.bg">
+  <target host="dom.bg" />
+  <target host="www.dom.bg" />
+
+  <test url= "http://dom.bg/whois.html" />
+  <test url= "http://www.dom.bg/whois.html" />
+
+   <rule from="^http:"
+           to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Domain-DNS.com.xml b/src/chrome/content/rules/Domain-DNS.com.xml
index efe482a92460..570b86a8e726 100644
--- a/src/chrome/content/rules/Domain-DNS.com.xml
+++ b/src/chrome/content/rules/Domain-DNS.com.xml
@@ -11,7 +11,6 @@
 	<target host="www.domain-dns.com" />
 
 
-	<rule from="^https?://(?:www\.)?domain-dns\.com/"
-		to="https://domain-dns.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Domain-Offensive.xml b/src/chrome/content/rules/Domain-Offensive.xml
index 10eb6e6bbaad..1a817c8c7d40 100644
--- a/src/chrome/content/rules/Domain-Offensive.xml
+++ b/src/chrome/content/rules/Domain-Offensive.xml
@@ -4,10 +4,13 @@
 	<target host="www.do.de" />
 
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.do\.de$" name="^(PHPSESSID|Doo-[a-zA-Z]+)$" /-->
+
 	<securecookie host="^www\.do\.de$" name=".+" />
 
 
-	<rule from="^http://(www\.)?do\.de/"
-		to="https://$1do.de/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Domain.com.xml b/src/chrome/content/rules/Domain.com.xml
new file mode 100644
index 000000000000..8c8a4137b58c
--- /dev/null
+++ b/src/chrome/content/rules/Domain.com.xml
@@ -0,0 +1,36 @@
+<!--
+	Problematic subdomains:
+
+		- images	(shows www, valid cert)
+
+
+	Fully covered subdomains:
+
+		- (www.)	(^ → www)
+		- images	(→ secure)
+		- secure
+
+-->
+<ruleset name="Domain.com">
+
+	<target host="domain.com" />
+	<target host="www.domain.com" />
+	<target host="images.domain.com" />
+	<target host="secure.domain.com" />
+
+
+	<securecookie host="^\.domain\.com$" name=".+" />
+
+
+	<!--	!www redirects to www over http,
+		so copy that behavior:
+					-->
+	<rule from="^http://(?:www\.)?domain\.com/"
+		to="https://www.domain.com/" />
+
+	<rule from="^http://images\.domain\.com/"
+		to="https://secure.domain.com/images/" />
+
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Domain.fi.xml b/src/chrome/content/rules/Domain.fi.xml
new file mode 100644
index 000000000000..d14eb626c377
--- /dev/null
+++ b/src/chrome/content/rules/Domain.fi.xml
@@ -0,0 +1,34 @@
+<!--
+	www.domain.fi: Refused
+
+
+	Insecure cookies are set for these hosts:
+
+		- domain.fi
+
+-->
+<ruleset name="Domain.fi">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="domain.fi" />
+
+	<!--	Complications:
+				-->
+	<target host="www.domain.fi" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^domain\.fi$" name="^TS[\da-f]{8}$" /-->
+
+	<securecookie host="^domain\.fi$" name=".+" />
+
+
+	<rule from="^http://www\.domain\.fi/"
+		to="https://domain.fi/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DomainCAMP.xml b/src/chrome/content/rules/DomainCAMP.xml
index 755b86fbd173..877e839a46bd 100644
--- a/src/chrome/content/rules/DomainCAMP.xml
+++ b/src/chrome/content/rules/DomainCAMP.xml
@@ -11,13 +11,12 @@
 	<target host="www.domaincamp.de" />
 
 
-	<securecookie host="^www\.domaincamp\.de$" name=".*" />
+	<securecookie host="^www\.domaincamp\.de$" name=".+" />
 
 
 	<!--	- !www: "nicht über https verfügbar"
 		- !www 302s to www over http
 						-->
-	<rule from="^https?://(?:www\.)?domaincamp\.de/"
-		to="https://www.domaincamp.de/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/DomainCoin.net.xml b/src/chrome/content/rules/DomainCoin.net.xml
deleted file mode 100644
index 58c80c587924..000000000000
--- a/src/chrome/content/rules/DomainCoin.net.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="DomainCoin.net">
-
-	<target host="domaincoin.net" />
-	<target host="www.domaincoin.net" />
-
-
-	<securecookie host="^(?:www\.)?domaincoin\.net$" name=".+" />
-
-
-	<rule from="^http://(www\.)?domaincoin\.net/"
-		to="https://$1domaincoin.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/DomainContext.com.xml b/src/chrome/content/rules/DomainContext.com.xml
new file mode 100644
index 000000000000..3aaf6338cc43
--- /dev/null
+++ b/src/chrome/content/rules/DomainContext.com.xml
@@ -0,0 +1,41 @@
+
+<!--
+Entire ruleset disabled at 2020-09-25 16:20:22
+
+Non-2xx HTTP code: http://www.domaincontext.com/ (200) => https://www.domaincontext.com/ (404)
+
+-->
+
+<!--
+The following targets have been disabled at 2020-04-17 18:38:06:
+
+Non-2xx HTTP code: http://domaincontext.com/ (200) => https://domaincontext.com/ (404)
+Non-2xx HTTP code: http://ru.domaincontext.com/ (200) => https://ru.domaincontext.com/ (404)
+
+	Other DomainContext rulesets:
+
+
+
+	Insecure cookies are set for these domains:
+
+		- .domaincontext.com
+
+-->
+<ruleset name="DomainContext.com" default_off="failed ruleset test">
+
+	<!-- target host="domaincontext.com" /-->
+	<!-- target host="ru.domaincontext.com" /-->
+	<target host="www.domaincontext.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.domaincontext\.com$" name="^sessionid$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DomainMarket.com.xml b/src/chrome/content/rules/DomainMarket.com.xml
index e744c90bb72f..efadbe61743f 100644
--- a/src/chrome/content/rules/DomainMarket.com.xml
+++ b/src/chrome/content/rules/DomainMarket.com.xml
@@ -1,16 +1,29 @@
 <!--
 	Nonfunctional subdomains:
 
+		- blog *
 		- imgtrack	(401)
 		- lander	(refused)
 
+	* wpengine
+
+
+	Mixed content:
+
+		- Image from $self *
+
+		- favicon from $self *
+
+		- Bug from w.sharethis.com *
+
+	* Secured by us
+
 -->
 <ruleset name="DomainMarket.com (partial)">
 
 	<target host="domainmarket.com" />
 	<target host="www.domainmarket.com" />
 
-	<rule from="^http://(www\.)?domainmarket\.com/"
-		to="https://$1domainmarket.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/DomainNameSales.com.xml b/src/chrome/content/rules/DomainNameSales.com.xml
new file mode 100644
index 000000000000..70e8b4905c27
--- /dev/null
+++ b/src/chrome/content/rules/DomainNameSales.com.xml
@@ -0,0 +1,47 @@
+<!--
+	Nonfunctional hosts in *domainnamesales.com:
+
+		- cdn-s3 *
+		- dev *
+
+	* Refused
+
+
+	Fully covered hosts in *domainnamesales.com:
+
+		- (www.)?
+		- static
+
+
+	Insecure cookies are set for these domains:
+
+		- .domainnamesales.com
+
+
+	Mixed content:
+
+		- Videos on (www.)? from cdn-s3.domainnamesales.com *
+
+	* Unsecurable <= refused
+
+-->
+<ruleset name="DomainNameSales.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="domainnamesales.com" />
+	<target host="static.domainnamesales.com" />
+	<target host="www.domainnamesales.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.domainnamesales\.com$" name="^(DNSSESSID|negotiation)$" /-->
+
+	<securecookie host="^\.domainnamesales\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DomainSigma.com.xml b/src/chrome/content/rules/DomainSigma.com.xml
deleted file mode 100644
index 4c46bb761283..000000000000
--- a/src/chrome/content/rules/DomainSigma.com.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	CDN buckets:
-
-		- djtg44apx8dzy.cloudfront.net
-
-			- static
-
-
-	Nonfunctional subdomains:
-
-		- (www.)	(refused)
-
--->
-<ruleset name="DomainSigma.com (partial)">
-
-	<target host="static.domainsigma.com" />
-
-
-	<rule from="^http://static\.domainsigma\.com/"
-		to="https://djtg44apx8dzy.cloudfront.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/DomainSkate.com.xml b/src/chrome/content/rules/DomainSkate.com.xml
new file mode 100644
index 000000000000..35fad47d62b5
--- /dev/null
+++ b/src/chrome/content/rules/DomainSkate.com.xml
@@ -0,0 +1,37 @@
+<!--
+	Fully covered hosts in *domainskate.com:
+
+		- (www.)?
+		- app
+		- beta
+
+
+	Insecure cookies are set for these hosts:
+
+		- domainskate.com
+		- app.domainskate.com
+		- www.domainskate.com
+
+-->
+<ruleset name="DomainSkate.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="domainskate.com" />
+	<target host="app.domainskate.com" />
+	<target host="beta.domainskate.com" />
+	<target host="www.domainskate.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?domainskate\.com$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^app\.domainskate\.com$" name="^CAKEPHP$" /-->
+
+	<securecookie host="^(?:app\.|www\.)?domainskate\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DomainSponsor.xml b/src/chrome/content/rules/DomainSponsor.xml
deleted file mode 100644
index d6d1673a00dd..000000000000
--- a/src/chrome/content/rules/DomainSponsor.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	For other Oversee.net coverage, see Oversee.xml.
-
-
-	Nonfunctional domains:
-
-		- (www.)domainsponsor.com	(http reply)
-		- (www.)domainsponsor.org	(times out)
-
--->
-<ruleset name="DomainSponsor (partial)" platform="mixedcontent">
-
-	<target host="*.domainsponsor.com"/>
-
-
-	<securecookie host="^\.domainsponsor\.com$" name=".*"/>
-
-
-	<rule from="^http://pubman\.domainsponsor\.com/"
-		to="https://pubman.domainsponsor.com/"/>
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/DomainTools.xml b/src/chrome/content/rules/DomainTools.xml
index 44cde1129d54..7df2c006d46b 100644
--- a/src/chrome/content/rules/DomainTools.xml
+++ b/src/chrome/content/rules/DomainTools.xml
@@ -1,69 +1,70 @@
 <!--
-	Nonfunctional subdomains:
-
-		- thumbnails		(times out)
-		- origin.thumbnails
-
-
-	Problematic subdomains:
-
-		- directory *
-		- img **
-		- origin *
-		- source **
-		- whois	**
-		- www **
-
-	* Directory
-	** Times out
-
-
-	Partially covered subdomains:
-
-		- (www.)		(→ secure)
-		- blog *
-		- directory		(→ secure)
-		- marketplace *
-		- reversewhois *
-		- source		(→ secure)
-		- whois			(→ secure)
-
-	* At least some pages redirect to http
+	For rules causing false/broken MCB, see DomainTools.com-falsemixed.xml.
 
+	Nonfunctional subdomains:
+		- domaintools.com
+			- origin.thumbnails -> wrong domain
+			- support           -> wrong domain (covered in DomainTools.com-falsemixed.xml)
+			- labs              -> redirects to HTTP
+		- dt-static.com
+			- $
+			- ...
 
 	Fully covered subdomains:
-
-		- api
-		- freeapi
-		- img		(→ secure, also on origin.img)
-		- secure
-		- support
-
-
-	Targets solely for wildcard cookies:
-
-		- *.support.domaintools.com
-
+		- domaintools.com
+			- $
+			- api
+			- blog
+			- brandmonitor
+			- directory
+			- domainreport
+			- freeapi
+			- img
+			- marketplace
+			- research
+			- reverseip
+			- reversens
+			- reversewhois
+			- secure
+			- source
+			- whitelabel
+			- whois
+			- www
+			- yahoo
+
+		- dt-static.com
+			- assets
+			- images
 -->
-<ruleset name="DomainTools (partial)" platform="mixedcontent">
 
+<ruleset name="DomainTools">
 	<target host="domaintools.com" />
-	<target host="*.domaintools.com" />
-		<exclusion pattern="^http://(?:origin\.img|marketplace|reversewhois|source)\.domaintools\.com/(?!composite/|images/|ui-elements/|wp-content/|wp-includes/)" />
+	<target host="www.domaintools.com" />
+	<target host="account.domaintools.com" />
+	<target host="api.domaintools.com" />
+	<target host="blog.domaintools.com" />
+	<target host="brandmonitor.domaintools.com" />
+	<target host="directory.domaintools.com" />
+	<target host="domainreport.domaintools.com" />
+	<target host="freeapi.domaintools.com" />
+	<target host="img.domaintools.com" />
+	<target host="marketplace.domaintools.com" />
 	<target host="origin.img.domaintools.com" />
-	<target host="*.support.domaintools.com" />
-
-
-	<securecookie host="^\.support\.domaintools\.com$" name=".+" />
-
-
-	<rule from="^http://(?:directory\.|source\.|whois\.|www\.)?domaintools\.com/(email\.pgif(?:$|\?)|favicon\.png$|composite/|images/)"
-		to="https://secure.domaintools.com/$1" />
-
-	<rule from="^http://(api|blog|freeapi|origin\.img|marketplace|reversewhois|secure|support)\.domaintools\.com/"
-		to="https://$1.domaintools.com/" />
-
-	<rule from="^http://img\.domaintools\.com/"
-		to="https://secure.domaintools.com/images/" />
-
-</ruleset>
\ No newline at end of file
+	<target host="research.domaintools.com" />
+	<target host="reverseip.domaintools.com" />
+	<target host="reversens.domaintools.com" />
+	<target host="reversewhois.domaintools.com" />
+	<target host="secure.domaintools.com" />
+	<target host="source.domaintools.com" />
+	<target host="thumbnails.domaintools.com" />
+	<target host="whitelabel.domaintools.com" />
+	<target host="whois.domaintools.com" />
+	<target host="yahoo.domaintools.com" />
+
+	<target host="assets.dt-static.com" />
+	<target host="images.dt-static.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/DomainWho.is.xml b/src/chrome/content/rules/DomainWho.is.xml
new file mode 100644
index 000000000000..00ac18e25235
--- /dev/null
+++ b/src/chrome/content/rules/DomainWho.is.xml
@@ -0,0 +1,23 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://domainwho.is/ => https://domainwho.is/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://images.domainwho.is/ => https://images.domainwho.is/: (6, 'Could not resolve host: images.domainwho.is')
+Fetch error: http://styles.domainwho.is/ => https://styles.domainwho.is/: (6, 'Could not resolve host: styles.domainwho.is')
+Fetch error: http://www.domainwho.is/ => https://www.domainwho.is/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="DomainWho.is" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="domainwho.is" />
+	<target host="images.domainwho.is" />
+	<target host="styles.domainwho.is" />
+	<target host="www.domainwho.is" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Domainbox.com.xml b/src/chrome/content/rules/Domainbox.com.xml
deleted file mode 100644
index 4ca7c930f74b..000000000000
--- a/src/chrome/content/rules/Domainbox.com.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	- ^: cert only matches www
-	- Server is configured for rc4 only
-	- Some pages redirect to http
-
--->
-<ruleset name="Domainbox.com (partial)">
-
-	<target host="domainbox.com" />
-	<target host="www.domainbox.com" />
-
-
-	<rule from="^http://(?:www\.)?domainbox\.com/(?=favicon\.ico|func/|images/|inc/|sign-up(?:$|[?/]))"
-		to="https://www.domainbox.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Domaining.com.xml b/src/chrome/content/rules/Domaining.com.xml
new file mode 100644
index 000000000000..e3ca8fe973d1
--- /dev/null
+++ b/src/chrome/content/rules/Domaining.com.xml
@@ -0,0 +1,35 @@
+<!--
+	These altnames don't exist:
+
+		- www.partner.domaining.com
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- domaining.com
+		- partner.domaining.com
+		- www.domaining.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Domaining.com">
+
+	<target host="domaining.com" />
+	<target host="partner.domaining.com" />
+	<target host="www.domaining.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^domaining\.com$" name="^hclick-\d+$" /-->
+	<!--securecookie host="^partner\.domaining\.com$" name="^(?:Chk|Conversion|click-\d+/)$" /-->
+	<!--securecookie host="^www\.domaining\.com$" name="(?:LargeAds|hclick-\d+)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Domainreseller.ru.xml b/src/chrome/content/rules/Domainreseller.ru.xml
new file mode 100644
index 000000000000..b928cdee02b6
--- /dev/null
+++ b/src/chrome/content/rules/Domainreseller.ru.xml
@@ -0,0 +1,7 @@
+<ruleset name="Domainreseller.ru">
+	<target host="domainreseller.ru" />
+	<target host="www.domainreseller.ru" />
+	<target host="reg.domainreseller.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Domains_By_Proxy.xml b/src/chrome/content/rules/Domains_By_Proxy.xml
index 54d75d1d3488..5f66735ed8ad 100644
--- a/src/chrome/content/rules/Domains_By_Proxy.xml
+++ b/src/chrome/content/rules/Domains_By_Proxy.xml
@@ -7,7 +7,6 @@
 	<securecookie host="^(?:www\.)?domainsbyproxy\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?domainsbyproxy\.com/"
-		to="https://$1domainsbyproxy.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Domaintank.xml b/src/chrome/content/rules/Domaintank.xml
index ea83c12588e3..ca0bd87df378 100644
--- a/src/chrome/content/rules/Domaintank.xml
+++ b/src/chrome/content/rules/Domaintank.xml
@@ -1,3 +1,9 @@
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://processnet.hu/ => https://processnet.hu/: (51, "SSL: no alternative certificate subject name matches target host name 'processnet.hu'")
+Fetch error: http://domainrendelo.hu/ => https://domainrendelo.hu/: (51, "SSL: no alternative certificate subject name matches target host name 'domainrendelo.hu'")
+Fetch error: http://malina.hu/ => https://malina.hu/: (51, "SSL: no alternative certificate subject name matches target host name 'malina.hu'")
+-->
 <ruleset name="Domaintank">
 	<target host="*.domaintank.hu" />
 	<target host="domaintank.hu" />
diff --git a/src/chrome/content/rules/Domcomp.com.xml b/src/chrome/content/rules/Domcomp.com.xml
new file mode 100644
index 000000000000..980c82cf7396
--- /dev/null
+++ b/src/chrome/content/rules/Domcomp.com.xml
@@ -0,0 +1,20 @@
+<!--
+	^: dropped
+
+-->
+<ruleset name="domcomp.com">
+
+	<target host="domcomp.com" />
+	<target host="www.domcomp.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.domcomp\.com$" name="^PLAY_SESSION$" /-->
+
+	<securecookie host="^www\.domcomp\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Domdex.com.xml b/src/chrome/content/rules/Domdex.com.xml
index 1503792e3237..3108b48ccb1e 100644
--- a/src/chrome/content/rules/Domdex.com.xml
+++ b/src/chrome/content/rules/Domdex.com.xml
@@ -1,25 +1,40 @@
 <!--
+
 	Problematic domains:
 
-		- (www.)magnetic.com	(works, mismatched, CN: new-domdex.info)
+		- (www.)?magnetic.com	(works, mismatched, CN: new-domdex.info)
+
+
+	*.t.domdex.com: Per-client domains serving bugs
 
 
-	Fully covered subdomains:
+	Insecure cookies are set for these domains: ᶜ
 
-		- (www.)
-		- *.t		(per-client domains serving web bugs)
+		- .domdex.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="domdex.com">
+<ruleset name="domdex.com" >
 
 	<target host="domdex.com" />
-	<target host="*.domdex.com" />
+	<target host="magnetic.domdex.com" />
+	<target host="*.t.domdex.com" />
+	<target host="www.domdex.com" />
+
+		<test url="http://d.t.domdex.com/FC695KTIRE.gif" />
+		<test url="http://f.t.domdex.com/FC695KTIRE.gif" />
+		<test url="http://magnetic.t.domdex.com/1/pix.gif" />
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.domdex\.com$" name="^(?:PAD|cc)$" /-->
 
-	<securecookie host="^\.domdex\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://((?:f|magnetic|[\w-]+\.t|www)\.)?domdex\.com/"
-		to="https://$1domdex.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Domen_Kozar.com.xml b/src/chrome/content/rules/Domen_Kozar.com.xml
new file mode 100644
index 000000000000..6617e949eb37
--- /dev/null
+++ b/src/chrome/content/rules/Domen_Kozar.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="Domen Kozar.com">
+
+	<target host="domenkozar.com" />
+	<target host="www.domenkozar.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Domena.cz.xml b/src/chrome/content/rules/Domena.cz.xml
new file mode 100644
index 000000000000..160c2d8beefa
--- /dev/null
+++ b/src/chrome/content/rules/Domena.cz.xml
@@ -0,0 +1,26 @@
+<!--
+	For other IGNUM coverage, see IGNUM.xml.
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.domena.cz
+
+-->
+<ruleset name="Domena.cz">
+
+	<target host="domena.cz" />
+	<target host="www.domena.cz" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.domena\.cz$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^(?:www\.)?domena\.cz$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Domena.pl.xml b/src/chrome/content/rules/Domena.pl.xml
index 30ba983fd434..abf7bd428bda 100644
--- a/src/chrome/content/rules/Domena.pl.xml
+++ b/src/chrome/content/rules/Domena.pl.xml
@@ -13,13 +13,14 @@
 -->
 <ruleset name="Domena.pl (partial)">
 
-	<target host="*.domena.pl" />
+	<target host="domeny.domena.pl" />
+	<target host="hosting.domena.pl" />
+	<target host="poczta.domena.pl" />
 
 
 	<securecookie host="^(?:domeny|hosting|poczta)\.domena\.pl$" name=".+" />
 
 
-	<rule from="^http://(domeny|hosting|poczta)\.domena\.pl/"
-		to="https://$1.domena.pl/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Domenovy_prohlizec.cz.xml b/src/chrome/content/rules/Domenovy_prohlizec.cz.xml
new file mode 100644
index 000000000000..be0fe4495afa
--- /dev/null
+++ b/src/chrome/content/rules/Domenovy_prohlizec.cz.xml
@@ -0,0 +1,21 @@
+<!--
+	For other CZ.NIC coverage, see Nic.cz.xml.
+
+-->
+<ruleset name="Domenovy prohlizec.cz">
+
+	<target host="domenovyprohlizec.cz" />
+	<target host="www.domenovyprohlizec.cz" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.domenovyprohlizec\.cz$" name="^csrftoken$" /-->
+
+	<securecookie host="^www\.domenovyprohlizec\.cz$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Domestic-Abuse-Hotline-for-Men-and-Women.xml b/src/chrome/content/rules/Domestic-Abuse-Hotline-for-Men-and-Women.xml
deleted file mode 100644
index c1088e5b1ffb..000000000000
--- a/src/chrome/content/rules/Domestic-Abuse-Hotline-for-Men-and-Women.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<ruleset name="Domestic Abuse Helpline for Men and Women" default_off="mismatch">
-
-	<target host="dahmw.org"/>
-	<target host="www.dahmw.org"/>
-
-	<!--	www redirects to !www
-		cert:	*.powweb.com	-->
-	<rule from="^http://(?:www\.)?dahmw\.org/"
-		to="https://dahmw.org/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Dominios.xml b/src/chrome/content/rules/Dominios.xml
index 8f790a11eb89..82858fcd59bb 100644
--- a/src/chrome/content/rules/Dominios.xml
+++ b/src/chrome/content/rules/Dominios.xml
@@ -13,7 +13,7 @@
 	<securecookie host="^www\.nic\.es$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?nic\.es/"
+	<rule from="^http://(?:www\.)?nic\.es/"
 		to="https://www.nic.es/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Dominus_Temporis.com.xml b/src/chrome/content/rules/Dominus_Temporis.com.xml
new file mode 100644
index 000000000000..443333d62f64
--- /dev/null
+++ b/src/chrome/content/rules/Dominus_Temporis.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="Dominus Temporis.com">
+
+	<target host="dominustemporis.com" />
+	<target host="www.dominustemporis.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Domoticz.com.xml b/src/chrome/content/rules/Domoticz.com.xml
new file mode 100644
index 000000000000..b55a210b8342
--- /dev/null
+++ b/src/chrome/content/rules/Domoticz.com.xml
@@ -0,0 +1,29 @@
+<!--
+	NB: Server sends no certificate chain, see https://whatsmychaincert.com
+
+
+	Insecure cookies are set for these domains: ᶜ
+
+		- .domoticz.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Domoticz.com">
+
+	<target host="domoticz.com" />
+	<target host="my.domoticz.com" />
+	<target host="www.domoticz.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.domoticz\.com$" name="^phpbb3_\w+_(?:k|sid|u)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Domreg.lt.xml b/src/chrome/content/rules/Domreg.lt.xml
deleted file mode 100644
index b5fa8a095823..000000000000
--- a/src/chrome/content/rules/Domreg.lt.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	Problematic subdomains:
-
-		- ^	(cert only matches www)
-
--->
-<ruleset name="Domreg.lt">
-
-	<target host="domreg.lt" />
-	<target host="www.domreg.lt" />
-
-
-	<securecookie host="^www\.domreg\.lt$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?domreg\.lt/"
-		to="https://www.domreg.lt/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Domru.ru.xml b/src/chrome/content/rules/Domru.ru.xml
new file mode 100644
index 000000000000..0ffd8ae2a0e1
--- /dev/null
+++ b/src/chrome/content/rules/Domru.ru.xml
@@ -0,0 +1,85 @@
+<!--b2b. mismatch
+perm. redirect
+nn. redirect
+samara. redirect
+barnaul. redirect
+bryansk. redirect
+volgograd. redirect
+vlz. redirect
+voronezh. redirect
+dzr. redirect
+ekat. redirect
+izhevsk. redirect
+irkutsk. redirect
+yola. redirect
+kazan. redirect
+kirov. redirect
+krsk. redirect
+kurgan. redirect
+kursk. redirect
+lipetsk. redirect
+mgn. redirect
+chelny. redirect
+nk. redirect
+nsk. redirect
+omsk. redirect
+oren. redirect
+penza. redirect
+rostov. redirect
+ryazan. redirect
+spb. redirect
+saratov. redirect
+syzran. redirect
+tver. redirect
+tomsk. redirect
+tula. redirect
+tmn. redirect
+ulsk. redirect
+ufa. redirect
+cheb. redirect
+chel. redirect
+engels. redirect
+yar. redirect
+forum. redirect
+interzet. redirect
+tver.b2b. mismatch
+saratov.b2b. mismatch
+perm.b2b. mismatch
+chel.b2b. mismatch
+ekat.b2b. mismatch
+nsk.b2b. mismatch
+izhevsk.b2b. mismatch
+bryansk.b2b. mismatch
+kazan.b2b. mismatch
+volgograd.b2b. mismatch
+samara.b2b. mismatch
+nn.b2b. mismatch
+rostov.b2b. mismatch
+voronezh.b2b. mismatch
+oren.b2b. mismatch
+penza.b2b. mismatch
+cheb.b2b. mismatch
+tomsk.b2b. mismatch
+barnaul.b2b. mismatch
+mgn.b2b. mismatch
+ufa.b2b. mismatch
+irkutsk.b2b. mismatch
+ulsk.b2b. mismatch
+tmn.b2b. mismatch
+omsk.b2b. mismatch
+kirov.b2b. mismatch
+krsk.b2b. mismatch
+chelny.b2b. mismatch
+spb.b2b. mismatch
+yola.b2b. mismatch
+tula.b2b. mismatch
+lipetsk.b2b. mismatch
+nk.b2b. mismatch
+yar.b2b. mismatch-->
+<ruleset name="Domru.ru">
+	<target host="domru.ru" />
+	<target host="www.domru.ru" />
+	<target host="zakupki.domru.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/DonationCoder.com.xml b/src/chrome/content/rules/DonationCoder.com.xml
new file mode 100644
index 000000000000..48bb4b1943c7
--- /dev/null
+++ b/src/chrome/content/rules/DonationCoder.com.xml
@@ -0,0 +1,16 @@
+<ruleset name="DonationCoder.com">
+
+	<target host="donationcoder.com" />
+	<target host="www.donationcoder.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.donationcoder\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^www\.donationcoder\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Doncaster.gov.uk.xml b/src/chrome/content/rules/Doncaster.gov.uk.xml
new file mode 100644
index 000000000000..e869166ce740
--- /dev/null
+++ b/src/chrome/content/rules/Doncaster.gov.uk.xml
@@ -0,0 +1,105 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://doncaster.gov.uk/Eforms/BusGenEform/Boot/803 => https://doncaster.gov.uk/Eforms/BusGenEform/Boot/803: (35, 'Unknown SSL protocol error in connection to doncaster.gov.uk:443 ')
+
+	Doncaster Metropolitan Borough Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *doncaster.gov.uk:
+
+		- library ᵖ
+		- local ᵈ
+		- planning ᵈ
+		- highwoods.portal ²
+
+	² 200 "not recognised"
+	ᵈ Dropped
+	ᵖ Plaintext reply
+
+
+	Problematic hosts in *doncaster.gov.uk:
+
+		- thornegreentop.portal ᵉ ᵐ
+		- eportal.schools ᵉ ᵐ
+
+	ᵉ Expired
+	ᵐ Mismatched
+
+
+	These altnames don't exist:
+
+		- www.ems.doncaster.gov.uk
+
+
+	Insecure cookies are set for these hosts:
+
+		- pcbooking.doncaster.gov.uk
+		- www.doncaster.gov.uk
+
+-->
+<ruleset name="Doncaster.gov.uk (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="doncaster.gov.uk" />
+	<target host="apps.doncaster.gov.uk" />
+	<target host="ems.doncaster.gov.uk" />
+	<target host="pcbooking.doncaster.gov.uk" />
+	<target host="www.doncaster.gov.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="eportal.schools.doncaster.gov.uk" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.doncaster\.gov\.uk/(?:$|Eforms$|doitonline/report-abandoned-vehicles$|report-it$|services/work-jobs-training$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://(?:www\.)?doncaster\.gov\.uk/+(?!Eforms/|(?:Profile|Users)(?:$|[?/])|Themes/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.doncaster.gov.uk/Eforms" />
+			<test url="http://www.doncaster.gov.uk/cancerbuddies" />
+			<test url="http://www.doncaster.gov.uk/counciltax" />
+			<test url="http://www.doncaster.gov.uk/doitonline/report-abandoned-vehicles" />
+			<test url="http://www.doncaster.gov.uk/doncasterarchives" />
+			<test url="http://www.doncaster.gov.uk/report-it" />
+			<test url="http://www.doncaster.gov.uk/services/work-jobs-training" />
+
+			<!--	-ve:
+					-->
+			<test url="http://doncaster.gov.uk/Eforms/BusGenEform/Boot/803" />
+			<test url="http://www.doncaster.gov.uk/Profile" />
+			<test url="http://www.doncaster.gov.uk/Themes/DMBC.Theme/Content/images/template/air-quality.png" />
+			<test url="http://www.doncaster.gov.uk/Themes/DMBC.Theme/Content/stylesheets/css/DMBC-overrides.css" />
+			<test url="http://www.doncaster.gov.uk/Themes/DMBC.Theme/Styles/alerts_menu.css" />
+			<test url="http://www.doncaster.gov.uk/Users/Account/Register?ReturnUrl=" />
+			<test url="http://www.doncaster.gov.uk/Users/Account/RequestLostPassword" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^pcbooking\.doncaster\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^www\.doncaster\.gov\.uk$" name="^__RequestVerificationToken$" /-->
+
+	<securecookie host="^\." name="_gat?$" />
+	<securecookie host="^(?!www\.)\w" name=".+" />
+
+
+	<!--	Redirect forward slash, path, and args:
+							-->
+	<rule from="^http://eportal\.schools\.doncaster\.gov\.uk/.*"
+		to="https://www.engagedoncaster.co.uk/" />
+
+		<test url="http://eportal.schools.doncaster.gov.uk/Default.aspx" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Doncaster_College.xml b/src/chrome/content/rules/Doncaster_College.xml
index b441bb305034..835c25c7ea3b 100644
--- a/src/chrome/content/rules/Doncaster_College.xml
+++ b/src/chrome/content/rules/Doncaster_College.xml
@@ -36,4 +36,4 @@
 	<rule from="^http://blackboard\.don\.ac\.uk/(?:\?.*)?$"
 		to="https://don.blackboard.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Dont_Spy_On_Us.org.xml b/src/chrome/content/rules/Dont_Spy_On_Us.org.xml
new file mode 100644
index 000000000000..b1c3dabdd1f9
--- /dev/null
+++ b/src/chrome/content/rules/Dont_Spy_On_Us.org.xml
@@ -0,0 +1,9 @@
+<ruleset name="Don't Spy On Us.org.uk">
+
+	<target host="dontspyonus.org.uk" />
+	<target host="www.dontspyonus.org.uk" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Doodle.xml b/src/chrome/content/rules/Doodle.xml
deleted file mode 100644
index 291b599a30ec..000000000000
--- a/src/chrome/content/rules/Doodle.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	Some pages redirect to http
-
--->
-<ruleset name="Doodle (partial)">
-
-	<target host="doodle.com" />
-	<target host="www.doodle.com" />
-
-
-	<rule from="^http://(www\.)?doodle\.com/(builtstatic/|favicon\.ico|premium(?:$|\?|/))"
-		to="https://$1doodle.com/$2" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Doom9.org.xml b/src/chrome/content/rules/Doom9.org.xml
new file mode 100644
index 000000000000..c3da45e89775
--- /dev/null
+++ b/src/chrome/content/rules/Doom9.org.xml
@@ -0,0 +1,27 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+			 - doitfast4u.doom9.org
+			 - french.doom9.org
+			 - gknot.doom9.org
+
+		Timeout was reached:
+			 - www.doom9.org
+			 - greek.doom9.org
+			 - server4.doom9.org
+
+		SSL peer certificate was not OK:
+			 - dvd2svcd.doom9.org
+			 - foro.doom9.org
+			 - german.doom9.org
+			 - server5.doom9.org
+			 - server6.doom9.org
+			 - spanish.doom9.org
+-->
+<ruleset name="Doom9.org (partial)">
+	<target host="forum.doom9.org" />
+
+	<securecookie host="^forum\.doom9\.org$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Doom9.xml b/src/chrome/content/rules/Doom9.xml
deleted file mode 100644
index 130042ece281..000000000000
--- a/src/chrome/content/rules/Doom9.xml
+++ /dev/null
@@ -1,30 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- www	(shows forum)
-
-
-	Problematic subdomains:
-
-		- forum
-
-			- Works
-			- Expired 2012-08-09
-			- CN: www.leffster.se
-
-
-	^doom9.org does not exist
-
--->
-<ruleset name="Doom9 (partial)" default_off="expired, mismatched, self-signed">
-
-	<target host="forum.doom9.org" />
-
-
-	<securecookie host="^forum\.doom9\.org$" name=".+" />
-
-
-	<rule from="^http://forum\.doom9\.org/"
-		to="https://forum.doom9.org/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/DoomWiki.org.xml b/src/chrome/content/rules/DoomWiki.org.xml
new file mode 100644
index 000000000000..c8cb2a58761e
--- /dev/null
+++ b/src/chrome/content/rules/DoomWiki.org.xml
@@ -0,0 +1,7 @@
+<ruleset name="DoomWiki.org">
+	<target host="www.doomwiki.org" />
+	<target host="doomwiki.org" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Doomworld.com.xml b/src/chrome/content/rules/Doomworld.com.xml
new file mode 100644
index 000000000000..3c2a8895f98b
--- /dev/null
+++ b/src/chrome/content/rules/Doomworld.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="Doomworld.com">
+  <target host="doomworld.com" />
+  <target host="www.doomworld.com" />
+
+  <rule from="^http:"
+          to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Doorbell.io.xml b/src/chrome/content/rules/Doorbell.io.xml
new file mode 100644
index 000000000000..760db42de7e0
--- /dev/null
+++ b/src/chrome/content/rules/Doorbell.io.xml
@@ -0,0 +1,14 @@
+<!--
+Mismatch:
+	blog.	(Based on Tumblr)
+	status.
+
+-->
+<ruleset name="doorbell.io">
+
+	<target host="doorbell.io" />
+	<target host="embed.doorbell.io" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Dopplr.xml b/src/chrome/content/rules/Dopplr.xml
deleted file mode 100644
index 689cf76af215..000000000000
--- a/src/chrome/content/rules/Dopplr.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="Dopplr.com">
-  <target host="dopplr.com" />
-  <target host="www.dopplr.com" />
-
-  <rule from="^http://(?:www\.)?dopplr\.com/" to="https://www.dopplr.com/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Doria.fi.xml b/src/chrome/content/rules/Doria.fi.xml
new file mode 100644
index 000000000000..dbc01b95782a
--- /dev/null
+++ b/src/chrome/content/rules/Doria.fi.xml
@@ -0,0 +1,13 @@
+<!--
+	Incomplete certificate chain:
+		- s1
+-->
+<ruleset name="Doria.fi">
+	<target host="doria.fi" />
+	<target host="www.doria.fi" />
+	<target host="input.doria.fi" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Dorian-Color.xml b/src/chrome/content/rules/Dorian-Color.xml
deleted file mode 100644
index 84053545a24f..000000000000
--- a/src/chrome/content/rules/Dorian-Color.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<ruleset name="Dorian Color">
-
-	<target host="65.181.183.157"/>
-	<target host="doriancolor.com"/>
-	<target host="www.doriancolor.com"/>
-
-	<securecookie host="^(.*\.)?doriancolor\.com$" name=".*"/>
-
-	<rule from="^http://65\.181\.183\.157/"
-		to="https://doriancolor.com/"/>
-
-	<rule from="^http://(www\.)?doriancolor\.com/"
-		to="https://$1doriancolor.com/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/DorianColor.com.xml b/src/chrome/content/rules/DorianColor.com.xml
new file mode 100644
index 000000000000..63e3efcf6c63
--- /dev/null
+++ b/src/chrome/content/rules/DorianColor.com.xml
@@ -0,0 +1,11 @@
+<ruleset name="Dorian Color">
+
+	<target host="doriancolor.com" />
+	<target host="www.doriancolor.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Dormproject.ch.xml b/src/chrome/content/rules/Dormproject.ch.xml
index 7b99e6982570..fc1e618d2cd1 100644
--- a/src/chrome/content/rules/Dormproject.ch.xml
+++ b/src/chrome/content/rules/Dormproject.ch.xml
@@ -1,6 +1,5 @@
 <ruleset name="dormproject.ch">
     <target host="secure.dormproject.ch" />
 
-    <rule from="^https?://secure\.dormproject\.ch/"
-        to="https://secure.dormproject.ch/"/>
+    <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Dosomething.org.xml b/src/chrome/content/rules/Dosomething.org.xml
new file mode 100644
index 000000000000..7cd5a1ea3d70
--- /dev/null
+++ b/src/chrome/content/rules/Dosomething.org.xml
@@ -0,0 +1,6 @@
+<ruleset name="Dosomething.org">
+  <target host="dosomething.org" />
+  <target host="www.dosomething.org" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Dosowisko.net.xml b/src/chrome/content/rules/Dosowisko.net.xml
new file mode 100644
index 000000000000..a81d569c02aa
--- /dev/null
+++ b/src/chrome/content/rules/Dosowisko.net.xml
@@ -0,0 +1,27 @@
+<!--
+	Mixed content:
+
+		- Images, on:
+
+			- chorder from markowskisygitowicz.art.pl
+			- chorder from www.markowskisygitowicz.art.pl
+
+-->
+<ruleset name="dosowisko.net">
+
+	<target host="dosowisko.net" />
+	<target host="chorder.dosowisko.net" />
+	<target host="inf2011.dosowisko.net" />
+	<target host="logs.inf2011.dosowisko.net" />
+	<target host="polibuda4life.dosowisko.net" />
+	<target host="shop.sowka.dosowisko.net" />
+	<target host="www.dosowisko.net" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Dot429.xml b/src/chrome/content/rules/Dot429.xml
deleted file mode 100644
index 1a27642e966c..000000000000
--- a/src/chrome/content/rules/Dot429.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	CDN buckets:
-
-		- d1j2diro5xke84.cloudfront.net
-		- d2qmyvn67i80mw.cloudfront.net
-
--->
-<ruleset name="dot429 (partial)">
-
-	<target host="dot429.com" />
-	<target host="*.dot429.com" />
-
-
-	<!--	At least some pages 302 to http.
-							-->
-	<rule from="^http://(www\.)?dot429\.com/(blueprint|fonts|images|packages|stylesheets)/"
-		to="https://$1dot429.com/$2/" />
-
-	<rule from="^https?://cdn[1-5]\.dot429\.com/"
-		to="https://d2qmyvn67i80mw.cloudfront.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Dot5Hosting.xml b/src/chrome/content/rules/Dot5Hosting.xml
index 6130eac38410..d5e7ebe4f159 100644
--- a/src/chrome/content/rules/Dot5Hosting.xml
+++ b/src/chrome/content/rules/Dot5Hosting.xml
@@ -1,13 +1,14 @@
 <ruleset name="Dot5Hosting">
 
 	<target host="dot5hosting.com" />
-	<target host="*.dot5hosting.com" />
+	<target host="images.dot5hosting.com" />
+	<target host="secure.dot5hosting.com" />
+	<target host="www.dot5hosting.com" />
 
 
 	<securecookie host="^\.dot5hosting\.com$" name=".+" />
 
 
-	<rule from="^http://((?:images|secure|www)\.)?dot5hosting\.com/"
-		to="https://$1dot5hosting.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/DotBit.xml b/src/chrome/content/rules/DotBit.xml
index a4b5c1067b3e..866b853749c4 100644
--- a/src/chrome/content/rules/DotBit.xml
+++ b/src/chrome/content/rules/DotBit.xml
@@ -1,20 +1,55 @@
 <!--
-	Problematic subdomains:
+	Nonfunctional hosts in *dot-bit.org:
 
-		- ^	(expired 2012-12-09)
-		- www	(mismatched, CN: srv0.eu)
+		- dns *
+		- register *
+
+	* Refused
+
+
+	Problematic hosts in *dot-bit.org:
+
+		- (www.)? ¹
+		- explorer *
+
+	¹ Expired
+	* Shows cp login
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- dot-bit.org
+		- .dot-bit.org
 
 -->
-<ruleset name="DotBit" default_off="expired" platform="cacert">
+<ruleset name="Dot-BIT.org (partial)" default_off="expired">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="dot-bit.org" />
-	<target host="*.dot-bit.org" />
+	<target host="www.dot-bit.org" />
+
+	<!--	Complications:
+				-->
+	<target host="explorer.dot-bit.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^dot-bit\.org$" name="^bitcoin_dotbit_session$" /-->
+	<!--securecookie host="^\.dot-bit\.org$" name="^bitcoin_dotbit_i$" /-->
+
+	<securecookie host=".+" name=".+" />
 
 
-	<securecookie host="^(?:.*\.)?dot-bit\.org$" name=".+" />
+	<!--	Redirect keeps path and args:
+						-->
+	<rule from="^http://explorer\.dot-bit\.org/+"
+		to="https://explorer.namecoin.info/" />
 
+		<test url="http://explorer.dot-bit.org//" />
 
-	<rule from="^http://(?:www\.)?dot-bit\.org/"
-		to="https://dot-bit.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/DotCOM-host.xml b/src/chrome/content/rules/DotCOM-host.xml
index d7e6c8f9b339..bfeb7acd4839 100644
--- a/src/chrome/content/rules/DotCOM-host.xml
+++ b/src/chrome/content/rules/DotCOM-host.xml
@@ -3,10 +3,9 @@
 	<target host="dotcomhost.com" />
 	<target host="*.dotcomhost.com" />
 	<!--	* for cross-domain cookie.	-->
-	<target host="*.webmail.dotcomhost.com" />
 
 
-	<securecookie host="^(.*\.)?dotcomhost\.com$" name=".*" />
+	<securecookie host=".+" name=".+" />
 
 
 	<!--	Observed subdomains:
diff --git a/src/chrome/content/rules/DotCloud.com.xml b/src/chrome/content/rules/DotCloud.com.xml
index 5dcbc8267dc4..a59a0b1ff1e7 100644
--- a/src/chrome/content/rules/DotCloud.com.xml
+++ b/src/chrome/content/rules/DotCloud.com.xml
@@ -1,32 +1,40 @@
+
 <!--
-	Fully covered subdomains:
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.dotcloud.com/ => https://www.dotcloud.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://dotcloud.com/ => https://dotcloud.com/: (7, 'Failed to connect to dotcloud.com port 443: No route to host')
+
+	Nonfunctional hosts in *dotcloud.com:
 
-		- (www.)
-		- blog
-		- docs
-		- help
-		- status
-		- support	(→ dotcloud.zendesk.com)
+		- zerorpc ʳ
 
+	ʳ Refused
 
-	Nonfunctional subdomains:
 
-		- platform-status	(interrupted)
+	STS header includes includeSubdomains
 
 -->
-<ruleset name="dotCloud.com (partial)">
+<ruleset name="dotCloud.com (partial)" default_off="failed ruleset test">
 
 	<target host="dotcloud.com" />
 	<target host="*.dotcloud.com" />
 
+		<exclusion pattern="^http://zerorpc\.dotcloud\.com/" />
+
+			<test url="http://zerorpc.dotcloud.com/" />
+
+		<test url="http://www.dotcloud.com/" />
+
+
+	<securecookie host=".+" name=".+" />
 
-	<securecookie host="^www\.dotcloud\.com$" name=".+" />
 
+	<rule from="^http://status\.dotcloud\.com/"
+		to="https://dotcloud.statuspage.io/" />
 
-	<rule from="^http://((?:blog|docs|help|status|www)\.)?dotcloud\.com/"
-		to="https://$1dotcloud.com/" />
+		<test url="http://status.dotcloud.com/" />
 
-	<rule from="^http://support\.dotcloud\.com/"
-		to="https://dotcloud.zendesk.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/DotCologne.de.xml b/src/chrome/content/rules/DotCologne.de.xml
new file mode 100644
index 000000000000..b3f0c022fb84
--- /dev/null
+++ b/src/chrome/content/rules/DotCologne.de.xml
@@ -0,0 +1,62 @@
+<!--
+	For other NetCologne coverage, see NetCologne.xml.
+
+
+	Problematic hosts in *dotcologne.de:
+
+		- ^ ¹
+		- www ¹ ²
+
+	¹ Dropped
+	² Loops over http
+
+
+	These altnames don't exist:
+
+		- www.domainstore.dotcologne.de
+
+
+	Insecure cookies are set for these hosts:
+
+		- domainstore.dotcologne.de
+
+
+	Mixed content:
+
+		- Bug on domainstore.dotcologne.de from tracking.netcologne.de *
+
+	* Secured by us
+
+-->
+<ruleset name="DotCologne.de">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="domainstore.dotcologne.de" />
+
+	<!--	Complications:
+				-->
+	<target host="dotcologne.de" />
+	<target host="www.dotcologne.de" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^domainstore\.dotcologne\.de$" name="^BIGipServer[\w-]+$" /-->
+
+	<securecookie host="^domainstore\.dotcologne\.de$" name=".+" />
+
+
+	<!--	Redirect drops path and forward
+		slash, but not args:
+					-->
+	<rule from="^http://(?:www\.)?dotcologne\.de/[^?]*"
+		to="https://domainstore.dotcologne.de/" />
+
+		<test url="http://dotcologne.de/?" />
+		<test url="http://dotcologne.de//" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DotMailer.xml b/src/chrome/content/rules/DotMailer.xml
index d04f41ad5e52..30a810eb12cf 100644
--- a/src/chrome/content/rules/DotMailer.xml
+++ b/src/chrome/content/rules/DotMailer.xml
@@ -7,26 +7,23 @@
 <ruleset name="dotMailer (partial)">
 
 	<target host="dotmailer.com" />
-	<target host="*.dotmailer.com" />
+	<target host="www.dotmailer.com" />
+	<target host="my.dotmailer.com" />
+	<target host="support.dotmailer.com" />
 	<target host="dotmailer.co.uk" />
 	<target host="www.dotmailer.co.uk" />
-		<exclusion pattern="^https?://(?:www\.)?dotmailer\.co(?:m|\.uk)/(?!favicon\.ico|images/|m/css|login\.aspx|professional_email_marketing_solutions/professional_trial_signup)" />
+		<exclusion pattern="^http://(?:www\.)?dotmailer\.co(?:m|\.uk)/(?!favicon\.ico|images/|m/css|login\.aspx|professional_email_marketing_solutions/professional_trial_signup)" />
 	<target host="t.trackedlink.net" />
 
 
 	<securecookie host="^.+\.dotmailer\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?dotmailer\.com/"
+	<rule from="^http://(?:www\.)?dotmailer\.com/"
 		to="https://www.dotmailer.com/" />
 
-	<rule from="^http://(my|support)\.dotmailer\.com/"
-		to="https://$1.dotmailer.com/" />
 
-	<rule from="^http://(www\.)?dotmailer\.co\.uk/"
-		to="https://$1dotmailer.co.uk/" />
 
-	<rule from="^http://t\.trackedlink\.net/"
-		to="https://t.trackedlink.net/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/DotSec.com.xml b/src/chrome/content/rules/DotSec.com.xml
new file mode 100644
index 000000000000..577fa616f754
--- /dev/null
+++ b/src/chrome/content/rules/DotSec.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="DotSec.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="dotsec.com" />
+	<target host="stats.dotsec.com" />
+	<target host="www.dotsec.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Dota2lounge.com.xml b/src/chrome/content/rules/Dota2lounge.com.xml
new file mode 100644
index 000000000000..856fb7abc90b
--- /dev/null
+++ b/src/chrome/content/rules/Dota2lounge.com.xml
@@ -0,0 +1,12 @@
+<!--
+	Doesn't exist:
+	www.dota2lounge.com
+
+  Host unresolved:
+    cdn.dota2lounge.com
+-->
+<ruleset name="Dota2lounge.com" platform="mixedcontent">
+	<target host="dota2lounge.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Dota_2.com.xml b/src/chrome/content/rules/Dota_2.com.xml
new file mode 100644
index 000000000000..1c5797ae66fb
--- /dev/null
+++ b/src/chrome/content/rules/Dota_2.com.xml
@@ -0,0 +1,82 @@
+<!--
+	For other Valve Software coverage, see Valve.xml.
+
+
+	CDN buckets:
+
+		- akacdn.valve.com.edgesuite.net
+
+			- cdn
+
+
+	Nonfunctional subdomains:
+
+		- blog *
+		- dev ²
+
+	* Refused
+	² Dropped
+
+
+	^: 403; mismatched, CN: store.steampowered.com
+
+
+	Fully covered subdomains:
+
+		- (www.)	(^ → www)
+		- cdn		(→ steamcdn-a.akamaihd.net)
+		- partner
+
+
+	Mixed content:
+
+		- css on www from fonts.googleapis.com *
+		- Images on www from cdn.dota2.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Dota 2.com (partial)" default_off="Breaks steam games">
+
+	<target host="dota2.com" />
+	<target host="cdn.dota2.com" />
+	<target host="partner.dota2.com" />
+	<target host="www.dota2.com" />
+
+	<test url="http://www.dota2.com/heroes" />
+	<test url="http://dota2.com/heroes" />
+	<test url="http://www.dota2.com/jsfeed/" />
+	<test url="http://dota2.com/jsfeed/" />
+	<test url="http://dota2.com/jsfeed/heropickerdata" />
+	<test url="http://dota2.com/jsfeed/heropediadata" />
+	<test url="http://www.dota2.com/leaderboard" />
+	<test url="http://dota2.com/leaderboard" />
+	<test url="http://www.dota2.com/public/" />
+	<test url="http://dota2.com/public/" />
+	<test url="http://www.dota2.com/public/javascript" />
+	<test url="http://dota2.com/public/javascript" />
+	<test url="http://www.dota2.com/quiz" />
+	<test url="http://dota2.com/quiz" />
+	<test url="http://www.dota2.com/workshop/" />
+	<test url="http://dota2.com/workshop/" />
+	<test url="http://www.dota2.com/store" />
+	<test url="http://dota2.com/store" />
+
+	<exclusion pattern="^http://(www\.)?dota2\.com/heroes" />
+	<exclusion pattern="^http://(www\.)?dota2\.com/jsfeed/(\w+)?" />
+	<exclusion pattern="^http://(www\.)?dota2\.com/leaderboard" />
+	<exclusion pattern="^http://(www\.)?dota2\.com/public/(\w+)?" />
+	<exclusion pattern="^http://(www\.)?dota2\.com/quiz" />
+	<exclusion pattern="^http://(www\.)?dota2\.com/store" />
+	<exclusion pattern="^http://(www\.)?dota2\.com/workshop" />
+
+	<rule from="^http://dota2\.com/"
+		to="https://www.dota2.com/" />
+
+	<rule from="^http://cdn\.dota2\.com/"
+		to="https://steamcdn-a.akamaihd.net/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Dotcomsecurity.de.xml b/src/chrome/content/rules/Dotcomsecurity.de.xml
new file mode 100644
index 000000000000..bc5a1c2f0b5e
--- /dev/null
+++ b/src/chrome/content/rules/Dotcomsecurity.de.xml
@@ -0,0 +1,19 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://dotcomsecurity.de/ => https://dotcomsecurity.de/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.dotcomsecurity.de/ => https://www.dotcomsecurity.de/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="Dotcomsecurity.de" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="dotcomsecurity.de" />
+	<target host="www.dotcomsecurity.de" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Dotdeb.org.xml b/src/chrome/content/rules/Dotdeb.org.xml
new file mode 100644
index 000000000000..e48016f6d3db
--- /dev/null
+++ b/src/chrome/content/rules/Dotdeb.org.xml
@@ -0,0 +1,10 @@
+<ruleset name="Dotdeb.org">
+
+	<target host="dotdeb.org" />
+	<target host="www.dotdeb.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Doteasy-nocookie.com.xml b/src/chrome/content/rules/Doteasy-nocookie.com.xml
new file mode 100644
index 000000000000..222bf1a79f9b
--- /dev/null
+++ b/src/chrome/content/rules/Doteasy-nocookie.com.xml
@@ -0,0 +1,20 @@
+<!--
+	For other Doteasy Technology coverage, see Doteasy.com.xml
+
+
+	Fully covered hosts in *doteasy-nocookie.com:
+
+		- lib
+
+-->
+<ruleset name="Doteasy-nocookie.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="lib.doteasy-nocookie.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Doteasy.com.xml b/src/chrome/content/rules/Doteasy.com.xml
new file mode 100644
index 000000000000..c3aca2aa70f4
--- /dev/null
+++ b/src/chrome/content/rules/Doteasy.com.xml
@@ -0,0 +1,51 @@
+<!--
+	Other Doteasy Technology rulesets:
+
+		- Doteasy-nocookie.com.xml
+
+
+	Nonfunctional hosts in *doteasy.com:
+
+		- wordpress *
+
+	* Blank page
+
+
+	Fully covered hosts in *doteasy.com:
+
+		- (www.)?
+		- affiliatezone
+		- kb
+		- member
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .doteasy.com
+		- kb.doteasy.com
+		- member.doteasy.com
+
+-->
+<ruleset name="Doteasy.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="doteasy.com" />
+	<target host="affiliatezone.doteasy.com" />
+	<target host="kb.doteasy.com" />
+	<target host="member.doteasy.com" />
+	<target host="www.doteasy.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(member)?\.doteasy\.com$" name="^(CFID|CFTOKEN)$" /-->
+	<!--securecookie host="^kb\.doteasy\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^(?:kb|member)\.doteasy\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Dotomi.xml b/src/chrome/content/rules/Dotomi.xml
index 97278c8ac018..d5df4b87aa71 100644
--- a/src/chrome/content/rules/Dotomi.xml
+++ b/src/chrome/content/rules/Dotomi.xml
@@ -1,33 +1,41 @@
 <!--
 	CDN buckets:
 
-		- dotomi.squarespace.com
 		- a248.g.akamai.net/7/248/14564/20080403/dotomi.download.akamai.com/
 
-
 	Nonfunctional subdomains:
 
-		- marketers	(no https)
+		- marketers ʳ
+
+	ʳ Refused
+
+
+	Problematic hosts in *dotomi.com:
+
+		- (www.)			cert mismatch . It is only valid for akamaihd.net.
+		- usweb.dotomi.com 	cert mismatch . It is only valid for akamaihd.net.
 
+	Insecure cookies are set for these domains: ᶜ
 
-	Problematic subdomains:
+		- .dotomi.com
 
-		- (www.)	(redirects to http; mismatched, CN: *.squarespace.com)
+	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="Dotomi (partial)">
+<ruleset name="Dotomi.com (partial)">
 
-	<target host="a248.g.akamai.net" />
-	<target host="*.dotomi.com" />
+	<target host="ams-login.dotomi.com" />
+	<target host="login.dotomi.com" />
+	<target host="media.msg.dotomi.com" />
+	<target host="secure-media.msg.dotomi.com" />
 
 
-	<rule from="^http://a248\.g\.akamai\.net/7/248/14564/"
-		to="https://a248.e.akamai.net/7/248/14564/" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.dotomi\.com$" name="^DotomiUser$" /-->
 
-	<rule from="^http://(?:www\.)?dotomi\.com/(display|storage|universal)/"
-		to="https://dotomi.squarespace.com/$1/" />
 
-	<rule from="^http://login\.dotomi\.com/"
-		to="https://login.dotomi.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Dotplex.de.xml b/src/chrome/content/rules/Dotplex.de.xml
deleted file mode 100644
index c996b4fff0cf..000000000000
--- a/src/chrome/content/rules/Dotplex.de.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	Problematic subdomains:
-
-		- www	(mismatched, CN: secure.dotplex.de)
-
--->
-<ruleset name="dotplex.de">
-
-	<target host="dotplex.de" />
-	<target host="*.dotplex.de" />
-
-
-	<securecookie host="^secure\.dotplex\.de$" name=".+" />
-
-
-	<!--	^ redirects to www over http,
-		so rewrite both to secure:
-						-->
-	<rule from="^http://(?:secure\.|www\.)?dotplex\.de/"
-		to="https://secure.dotplex.de/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Dotprojects.be.xml b/src/chrome/content/rules/Dotprojects.be.xml
new file mode 100644
index 000000000000..043a41e8a1bd
--- /dev/null
+++ b/src/chrome/content/rules/Dotprojects.be.xml
@@ -0,0 +1,30 @@
+<!--
+	(www.)?dotprojects.be: Shows default page
+
+
+	Insecure cookies are set for these domains:
+
+		- .extranet.dotprojects.be
+
+-->
+<ruleset name="dotprojects.be (partial)" default_off="expired">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="extranet.dotprojects.be" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.extranet\.dotprojects\.be$" name="^SESS[\da-f]{32}$" /-->
+
+	<securecookie host="^\.extranet\.dotprojects\.be$" name=".+" />
+
+
+	<!--rule from="^http://(www\.)?dotprojects\.be/+"
+		to="https://www.crosscheck.be/" /-->
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Dotultima.com.xml b/src/chrome/content/rules/Dotultima.com.xml
deleted file mode 100644
index 1c7ceb5e9c16..000000000000
--- a/src/chrome/content/rules/Dotultima.com.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="dotultima.com">
-
-	<target host="dotultima.com" />
-	<target host="*.dotultima.com" />
-
-
-	<securecookie host="^\.dotultima\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?dotultima\.com/"
-		to="https://$1dotultima.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Dotwhat.net.xml b/src/chrome/content/rules/Dotwhat.net.xml
new file mode 100644
index 000000000000..7bd4f07ea5a3
--- /dev/null
+++ b/src/chrome/content/rules/Dotwhat.net.xml
@@ -0,0 +1,17 @@
+<!--
+    Non-functional hosts:
+
+    Invalid certificate:
+       - ftp.dotwhat.net
+
+-->
+<ruleset name="Dotwhat.net/">
+    <target host="dotwhat.net" />
+    <target host="www.dotwhat.net" />
+    <target host="webmail.dotwhat.net" />
+    <target host="cpanel.dotwhat.net" />
+
+    <securecookie host=".+" name=".+" />
+
+    <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Douban.com.xml b/src/chrome/content/rules/Douban.com.xml
new file mode 100644
index 000000000000..96d0008b58c9
--- /dev/null
+++ b/src/chrome/content/rules/Douban.com.xml
@@ -0,0 +1,37 @@
+<!--
+	Empty reply from server:
+		blackpit.douban.com
+		blackpit.douban.com
+		labs.douban.com
+
+	Redirec to http:
+		brand.douban.com
+-->
+<ruleset name="Douban.com (partial)">
+	<target host="douban.com" />
+	<target host="www.douban.com" />
+	<target host="accounts.douban.com" />
+	<target host="artist.douban.com" />
+	<target host="beijing.douban.com" />
+	<target host="blog.douban.com" />
+	<target host="book.douban.com" />
+	<target host="dongxi.douban.com" />
+	<target host="fm.douban.com" />
+	<target host="guangzhou.douban.com" />
+	<target host="help.douban.com" />
+	<target host="jobs.douban.com" />
+	<target host="m.douban.com" />
+	<target host="market.douban.com" />
+	<target host="movie.douban.com" />
+	<target host="music.douban.com" />
+	<target host="pypi.douban.com" />
+	<target host="read.douban.com" />
+	<target host="shanghai.douban.com" />
+	<target host="site.douban.com" />
+	<target host="wap.douban.com" />
+	<target host="ypy.douban.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/DoubleVerify.xml b/src/chrome/content/rules/DoubleVerify.xml
index c275a9246aa1..f2aa4090a046 100644
--- a/src/chrome/content/rules/DoubleVerify.xml
+++ b/src/chrome/content/rules/DoubleVerify.xml
@@ -1,24 +1,22 @@
 <!--
 	Nonfunctional:
 
-		- (www.)doubleverify.com	(reset)
-		- info.verifyupload.com		(cert: *.marketo.com; 404)
+		- (www.)?doubleverify.com	(Refused)
+		- info.verifyupload.com		(Marketo)
 
 
-	Fully covered subdomains:
-
-		- cdn
-		- tps30
-		- tps40
+	tps: Tracking beacon
 
 -->
-<ruleset name="DoubleVerify (partial)">
+<ruleset name="DoubleVerify.com (partial)">
 
-	<target host="*.doubleverify.com" />
+	<target host="cdn.doubleverify.com" />
+	<target host="tps30.doubleverify.com" />
+	<target host="tps40.doubleverify.com" />
+	<target host="tps10206.doubleverify.com" />
 
 
-	<!--	tps: Tracking beacon.	-->
-	<rule from="^http://(cdn|tps[34]0)\.doubleverify\.com/"
-		to="https://$1.doubleverify.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Double_Fine.xml b/src/chrome/content/rules/Double_Fine.xml
index 178ee8738b86..1294aaf7c812 100644
--- a/src/chrome/content/rules/Double_Fine.xml
+++ b/src/chrome/content/rules/Double_Fine.xml
@@ -1,13 +1,30 @@
-<ruleset name="Double Fine">
+<!--
+	Mixed content:
+
+		- css, on:
+
+			- (www.)? from www.doublefine.com *
+			- shop from partnercdn.fangamer.com
+
+		- Images, on:
+
+			- (www.)? from www.doublefine.com *
+			- (www.)? from i.imgur.com *
+			- shop from partnercdn.fangamer.com
+
+	* Secured by us
+
+-->
+<ruleset name="Double Fine.com (false MCB)" platform="mixedcontent">
 
 	<target host="doublefine.com" />
 	<target host="www.doublefine.com" />
 
 
-	<securecookie host="^(?:www\.)?doublefine\.com$" name=".+" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^http://(www\.)?doublefine\.com/"
-		to="https://$1doublefine.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Double_Robotics.com-mixedcontent.xml b/src/chrome/content/rules/Double_Robotics.com-mixedcontent.xml
new file mode 100644
index 000000000000..226490cf8357
--- /dev/null
+++ b/src/chrome/content/rules/Double_Robotics.com-mixedcontent.xml
@@ -0,0 +1,18 @@
+<!--
+	For rules not causing MCB, see Double_Robotics.com.xml.
+
+-->
+<ruleset name="Double Robotics.com (MCB)" platform="mixedcontent">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="stories.doublerobotics.com" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Double_Robotics.com-problematic.xml b/src/chrome/content/rules/Double_Robotics.com-problematic.xml
new file mode 100644
index 000000000000..c278dff54c76
--- /dev/null
+++ b/src/chrome/content/rules/Double_Robotics.com-problematic.xml
@@ -0,0 +1,17 @@
+<!--
+	For rules that are on by default, see Double_Robotics.com.xml.
+
+-->
+<ruleset name="Double Robotics.com (mismatched)" default_off="mismatched">
+
+	<target host="blog.doublerobotics.com" />
+	<target host="www.doublerobotics.com" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Double_Robotics.com.xml b/src/chrome/content/rules/Double_Robotics.com.xml
new file mode 100644
index 000000000000..0baf0e298858
--- /dev/null
+++ b/src/chrome/content/rules/Double_Robotics.com.xml
@@ -0,0 +1,78 @@
+<!--
+	For rules causing MCB, see Double_Robotics.com-mixedcontent.xml.
+
+	For problematic rules, see Double_Robotics.com-problematic.xml.
+
+
+	Nonfunctional hosts in *doublerobotics.com:
+
+		- support *
+
+	* Desk.com
+
+
+	Problematic hosts in *doublerobotics.com:
+
+		- blog ¹
+		- stories ²
+		- www ³
+
+	¹ Mismatched, CN: posthaven.com
+	² Mixed css
+	³ Cloudfront/mismatched
+
+
+	Mixed content:
+
+		- css on stories from www.doublerobotics.com
+
+		- Videos, on blog from:
+
+			- eplayer.clipsyndicate.com ¹
+			- media.mtvnservices.com
+			- player.vimeo.com ²
+			- www.youtube.com ²
+
+	¹ Unsecurable
+	² Secured by us
+
+-->
+<ruleset name="Double Robotics.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="doublerobotics.com" />
+	<target host="developer.doublerobotics.com" />
+	<target host="drive.doublerobotics.com" />
+	<target host="secure.doublerobotics.com" />
+	<!--target host="stories.doublerobotics.com" /-->
+
+	<!--	Complications:
+				-->
+	<target host="support.doublerobotics.com" />
+
+		<exclusion pattern="^http://support\.doublerobotics\.com/+(?!favicon\.ico|images/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://support.doublerobotics.com/customer/en/portal/articles/1379820-double-specifications" />
+			<test url="http://support.doublerobotics.com/customer/en/portal/articles/1843456-how-to-setup-your-double" />
+			<test url="http://support.doublerobotics.com/customer/en/portal/topics/551578-quick-troubleshooting-tips/articles" />
+
+			<!--	-ve:
+					-->
+			<test url="http://support.doublerobotics.com/favicon.ico" />
+
+
+	<!--securecookie host="^\.doublerobotics\.com$" name="^source$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://support\.doublerobotics\.com/"
+		to="https://doublerobotics.desk.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Double_the_Donation.com.xml b/src/chrome/content/rules/Double_the_Donation.com.xml
new file mode 100644
index 000000000000..67c062062f8b
--- /dev/null
+++ b/src/chrome/content/rules/Double_the_Donation.com.xml
@@ -0,0 +1,22 @@
+<!--
+	www.doublethedonation.com: Refused
+
+-->
+<ruleset name="Double the Donation.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="doublethedonation.com" />
+
+	<!--	Complications:
+				-->
+	<target host="www.doublethedonation.com" />
+
+
+	<rule from="^http://www\.doublethedonation\.com/"
+		to="https://doublethedonation.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Doubleclick.com.xml b/src/chrome/content/rules/Doubleclick.com.xml
new file mode 100644
index 000000000000..292f7f66ef84
--- /dev/null
+++ b/src/chrome/content/rules/Doubleclick.com.xml
@@ -0,0 +1,25 @@
+<!--
+	For other Google coverage, see GoogleServices.xml.
+
+
+	^doubleclick.com: Mismatched, CN: *.doubleclick.net
+
+-->
+<ruleset name="Doubleclick.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.doubleclick.com" />
+
+	<!--	Complications:
+				-->
+	<target host="doubleclick.com" />
+
+
+	<rule from="^http://doubleclick\.com/"
+		to="https://www.doubleclick.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Doubleclick.net.xml b/src/chrome/content/rules/Doubleclick.net.xml
index e047b8a99ba2..a70aeef2afd6 100644
--- a/src/chrome/content/rules/Doubleclick.net.xml
+++ b/src/chrome/content/rules/Doubleclick.net.xml
@@ -5,90 +5,76 @@
 	If we are going to include ads and tracking info, let's at least do it by https.
 
 
-	Problematic domains:
+	Problematic hosts in doubleclick.net:
 
-		- doubleclick.com	(mismatched, CN: *.doubleclick.net)
-
-		- doubleclick.net subdomains:
-
-			- *.es *
-			- *.nl *
-			- *.no *
+		- *.es *
+		- *.nl *
+		- *.no *
 
 	* Mismatched
 
 
-	Fully covered domains:
-
-		- (www.)doubleclick.com		(^ → www)
-
-		- *.doubleclick.net:
+	Fully covered hosts in *doubleclick.net:
 
-			- ad
-			- ad-ace
-			- ad-apac
-			- ad-emea
-			- *.au
-			- *.de
-			- *.es		(→ *)
-			- fls
+		- ad
+		- ad-ace
+		- ad-apac
+		- ad-emea
+		- *.au
+		- *.de
+		- *.es		(→ *)
+		- fls
 
-			- *.fls:
+		- *.fls:
 
-				- \d+
+			- \d+
 
-			- *.fr
+		- *.fr
 
-			- *.g:
+		- *.g:
 
-				- cm
-				- feedads
-				- googleads
-				- securepubads
-				- stats
-				- survey
+			- cm
+			- feedads
+			- googleads
+			- securepubads
+			- stats
+			- survey
 
-			- *.jp
-			- *.mo
-			- *.nl		(→ *)
-			- *.no		(→ *)
-			- s[01]
-			- *.uk
+		- *.jp
+		- *.mo
+		- *.nl		(→ *)
+		- *.no		(→ *)
+		- s[01]
+		- *.uk
 
-			- static
-
-		- www.googleadservices.com
-	
-
-	NB: If there's still any breakage *give details*.
+		- static
 
 -->
-<ruleset name="Doubleclick.net (testing)">
+<ruleset name="Doubleclick.net" >
 
-	<target host="doubleclick.com" />
-	<target host="www.doubleclick.com" />
 	<target host="doubleclick.net" />
 	<target host="*.doubleclick.net" />
-	<target host="www.googleadservices.com" />
-
 
-	<!--	name="^(id|test_cookie)$" /-->
-	<securecookie host="^\.doubleclick\.net$" name=".+" />
+		<test url="http://pubads.g.doubleclick.net/activity;xsp=;ord=1;num=1?gtmcb=" />
+		<test url="http://securepubads.g.doubleclick.net/static/glade.js" />
 
+		<!--	Sets cookie without Secure:
+							-->
+		<test url="http://ad.doubleclick.net/jump/ns.liliputing/general;ppos=;kw=;tile=;sz=;ord=?" />
+		<test url="http://cm.g.doubleclick.net/pixel?google_nid=&amp;google_cm=&amp;&amp;bid=&amp;newuser=&amp;google_tc=" />
+		<!--
+		<test url="http://googleads.g.doubleclick.net/pagead/viewthroughconversion/1/?value=&amp;guid=&amp;script=" />
+		-->
 
-	<rule from="^http://(?:www\.)?doubleclick\.com/"
-		to="https://www.doubleclick.com/" />
 
-	<rule from="^http://doubleclick\.net/"
-		to="https://doubleclick.net/" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.doubleclick\.net$" name="^(CheckForPermission|IDE|id|test_cookie)$" /-->
 
-	<rule from="^http://([^/:@\.]+)\.(?:es|nl|no)\.doubleclick\.net/"
-		to="https://$1.doubleclick.net/" />
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://([^/:@\.]+)(\.(?:au|de|fls|fr|g|jp|mo|uk))?\.doubleclick\.net/"
-		to="https://$1$2.doubleclick.net/" />
 
-	<rule from="^http://www\.googleadservices\.com/"
-		to="https://www.googleadservices.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Doublepimp.xml b/src/chrome/content/rules/Doublepimp.xml
index f5de519e6573..e64cb152feca 100644
--- a/src/chrome/content/rules/Doublepimp.xml
+++ b/src/chrome/content/rules/Doublepimp.xml
@@ -1,32 +1,86 @@
 <!--
-	CDN buckets:
+	Non-functional hosts
+		Couldn't connect to server:
+			 - a1-m1.doublepimp.com
+			 - afin.doublepimp.com
+			 - engine.bang.doublepimp.com
+			 - ui.bang.doublepimp.com
+			 - dean.doublepimp.com
+			 - exit.doublepimp.com
+			 - rts.fling.doublepimp.com
+			 - mail.doublepimp.com
+			 - mail2.doublepimp.com
+			 - static.manwin.doublepimp.com
+			 - media.origin.doublepimp.com
+			 - rts.phn.doublepimp.com
+			 - origin.privoy.doublepimp.com
+			 - rts.doublepimp.com
+			 - streamate.doublepimp.com
+			 - test.doublepimp.com
 
-		- wac.45EE.edgecastcdn.net
-
-			- cdn.engine.phn
-			- privoy
-
-
-	Nonfunctional subdomains:
-
-		- (www.)	(mismatched, CN: www.geomize.com)
-		- privoy	(404, mismatched, CN: gp1.wac.edgecastcdn.net)
-
-
-	Problematic subdomains:
-
-		- cdn.engine.phn	(404, mismatched, CN: gp1.wac.edgecastcdn.net)
+		Timeout was reached:
+			 - ad2.doublepimp.com
+			 - ads.doublepimp.com
+			 - cp.doublepimp.com
+			 - db.hosting.rts.fling.doublepimp.com
+			 - db2.hosting.rts.fling.doublepimp.com
+			 - hosting4.rts.fling.doublepimp.com
+			 - db.hosting.doublepimp.com
+			 - db2.hosting.doublepimp.com
+			 - rts.lj.doublepimp.com
+			 - db2.hosting.rts.lj.doublepimp.com
+			 - hosting2.rts.lj.doublepimp.com
+			 - manwin.doublepimp.com
+			 - db.hosting.rts.phn.doublepimp.com
+			 - prerelease.rts.phn.doublepimp.com
+			 - staging.rts.phn.doublepimp.com
+			 - admin.rts.doublepimp.com
+			 - conversions.rts.doublepimp.com
+			 - db.hosting.rts.doublepimp.com
+			 - staging.rts.doublepimp.com
+			 - sql.doublepimp.com
+			 - gk.streamate.doublepimp.com
+			 - db.hosting.streamate.doublepimp.com
+			 - db2.hosting.streamate.doublepimp.com
+			 - prerelease.streamate.doublepimp.com
+			 - staging.streamate.doublepimp.com
+			 - vrts.doublepimp.com
 
+		SSL peer certificate was not OK:
+			 - cdn.engine.avid.doublepimp.com
+			 - cdn.engine.bang.doublepimp.com
+			 - cuty.doublepimp.com
+			 - cdn.engine.doublepimp.com
+			 - engine.fling.doublepimp.com
+			 - cdn.engine.fling.doublepimp.com
+			 - ui.fling.doublepimp.com
+			 - cdn.engine.manwin.doublepimp.com
+			 - media.doublepimp.com
+			 - static.rts.phn.doublepimp.com
+			 - cdn.ui.phn.doublepimp.com
+			 - privoy.doublepimp.com
+			 - engine.rk.doublepimp.com
+			 - cdn.engine.rk.doublepimp.com
+			 - ui.rk.doublepimp.com
+			 - static.rts.doublepimp.com
+			 - engine.streamate.doublepimp.com
+			 - cdn.engine.streamate.doublepimp.com
+			 - static.streamate.doublepimp.com
+			 - ui.streamate.doublepimp.com
+			 - vulcan.doublepimp.com
 -->
-<ruleset name="Doublepimp (partial)">
-
-	<target host="*.doublepimp.com" />
-
-
-	<rule from="^https?://(?:cdn\.)?engine\.phn\.doublepimp\.com/"
-		to="https://engine.phn.doublepimp.com/" />
+<ruleset name="Doublepimp.com (partial)">
+	<target host="doublepimp.com" />
+	<target host="www.doublepimp.com" />
+	<target host="engine.doublepimp.com" />
+	<target host="engine.manwin.doublepimp.com" />
+	<target host="ui.manwin.doublepimp.com" />
+	<target host="engine.phn.doublepimp.com" />
+	<target host="cdn.engine.phn.doublepimp.com" />
+	<target host="ui.phn.doublepimp.com" />
+	<target host="ui.doublepimp.com" />
 
-	<rule from="^http://streamate\.doublepimp\.com/"
-		to="https://streamate.doublepimp.com/" />
+	<securecookie host=".+" name=".+" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Doutula.com.xml b/src/chrome/content/rules/Doutula.com.xml
new file mode 100644
index 000000000000..2b1dce92ed47
--- /dev/null
+++ b/src/chrome/content/rules/Doutula.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="Doutula.com">
+	<target host="doutula.com" />
+	<target host="www.doutula.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Douyu.xml b/src/chrome/content/rules/Douyu.xml
new file mode 100644
index 000000000000..b65c40950375
--- /dev/null
+++ b/src/chrome/content/rules/Douyu.xml
@@ -0,0 +1,36 @@
+<!--
+
+	Invalid certificate:
+		^douyu.com
+		pay.douyu.com
+		capi.douyucdn.cn
+
+	MCB:
+		m.douyu.com	(Break the video : Test in android firefox 48.0)
+
+	Refused:
+		tc-tct.douyucdn.cn
+
+	Timeout:
+		wan.douyu.com
+		image.wan.douyu.com
+
+-->
+
+<ruleset name="Douyu">
+
+	<target host="www.douyu.com" />
+	<target host="staticyb.douyu.com" />
+	<target host="yuba.douyu.com" />
+
+	<target host="apic.douyucdn.cn" />
+	<target host="dot.douyucdn.cn" />
+	<target host="dotcounter.douyucdn.cn" />
+	<target host="img.douyucdn.cn" />
+	<target host="rpic.douyucdn.cn" />
+	<target host="shark.douyucdn.cn" />
+	<target host="staticlive.douyucdn.cn" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Dovecot.org.xml b/src/chrome/content/rules/Dovecot.org.xml
new file mode 100644
index 000000000000..8c32dc96dd3b
--- /dev/null
+++ b/src/chrome/content/rules/Dovecot.org.xml
@@ -0,0 +1,26 @@
+<!--
+	Nonfunctional hosts in *.dovecot.org:
+		- blog.dovecot.org (p)
+
+	h: http redirect
+	m: certificate mismatch
+	p: unknown protocol error
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Dovecot.org">
+	<target host="dovecot.org" />
+	<target host="www.dovecot.org" />
+	<target host="hg.dovecot.org" />
+	<target host="pigeonhole.dovecot.org" />
+	<target host="talvi.dovecot.org" />
+	<target host="wiki.dovecot.org" />
+		<target host="master.wiki.dovecot.org" />
+	<target host="wiki1.dovecot.org" />
+		<target host="master.wiki1.dovecot.org" />
+	<target host="wiki2.dovecot.org" />
+		<target host="master.wiki2.dovecot.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Dover.gov.uk.xml b/src/chrome/content/rules/Dover.gov.uk.xml
new file mode 100644
index 000000000000..e2ad133f92fd
--- /dev/null
+++ b/src/chrome/content/rules/Dover.gov.uk.xml
@@ -0,0 +1,63 @@
+<!--
+	Dover District Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *dover.gov.uk:
+
+		- (www.)? ⁴
+		- www.mapping ⁴
+
+	⁴ 404
+
+
+	Problematic hosts in *dover.gov.uk:
+
+		- moderngov ˣ
+
+	ˣ Mixed css
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .forms.dover.gov.uk
+		- moderngov.dover.gov.uk
+		- secure.dover.gov.uk
+
+
+	Mixed content:
+
+		- css on moderngov from ^dover.gov.uk ⁴
+		- Images on moderngov from ^dover.gov.uk ⁴
+
+	⁴ Unsecurable <= 404
+
+-->
+<ruleset name="Dover.gov.uk (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="forms.dover.gov.uk" />
+	<!--target host="moderngov.dover.gov.uk" /-->
+	<target host="parking.dover.gov.uk" />
+	<target host="secure.dover.gov.uk" />
+
+		<!--	Sets cookie without Secure:
+							-->
+		<test url="http://secure.dover.gov.uk/streetcollections/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.forms\.dover\.gov\.uk$" name="^TestCookie$" /-->
+	<!--securecookie host="^(?:moderngov|secure)\.dover\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^\.forms\." name=".+" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Dovetail_Services-problematic.xml b/src/chrome/content/rules/Dovetail_Services-problematic.xml
index cdc12c9aef32..44862dc4c8c3 100644
--- a/src/chrome/content/rules/Dovetail_Services-problematic.xml
+++ b/src/chrome/content/rules/Dovetail_Services-problematic.xml
@@ -2,7 +2,7 @@
 	For rules that are on by default, see Dovetail_Services.xml.
 
 -->
-<ruleset name="Dovetail Services (problematic)" default_off="mismatch">
+<ruleset name="Dovetail Services (problematic)" default_off="mismatched">
 
 	<target host="dovetailservices.com" />
 	<target host="www.dovetailservices.com" />
@@ -15,4 +15,4 @@
 	<rule from="^http://(?:www\.)?dovetailservices\.com/"
 		to="https://www.dovetailservices.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Dovetail_Services.xml b/src/chrome/content/rules/Dovetail_Services.xml
index 63d078e44653..c7ecd362d318 100644
--- a/src/chrome/content/rules/Dovetail_Services.xml
+++ b/src/chrome/content/rules/Dovetail_Services.xml
@@ -1,14 +1,18 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://subscribeonline.co.uk/ => https://subscribeonline.co.uk/: (35, 'error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure')
+
 	For problematic rules, see Dovetail_Services-problematic.xml.
 
 -->
-<ruleset name="Dovetail Services (partial)">
+<ruleset name="Dovetail Services (partial)" default_off="failed ruleset test">
 
 	<target host="subscribeonline.co.uk" />
 	<target host="*.subscribeonline.co.uk" />
 
 
-	<securecookie host="^(?:.*\.)?subscribeonline\.co\.uk$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<!--	Clients have unique subdomains.
@@ -16,4 +20,4 @@
 	<rule from="^http://(\w+\.)?subscribeonline\.co\.uk/"
 		to="https://$1subscribeonline.co.uk/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/DownForEveryoneOrJustMe.com.xml b/src/chrome/content/rules/DownForEveryoneOrJustMe.com.xml
new file mode 100644
index 000000000000..7db4f93f191d
--- /dev/null
+++ b/src/chrome/content/rules/DownForEveryoneOrJustMe.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Non-functional subdomains:
+
+		- www	(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="DownForEveryoneOrJustMe.com">
+
+	<target host="downforeveryoneorjustme.com" />
+	<target host="www.downforeveryoneorjustme.com" />
+	<target host="staging.downforeveryoneorjustme.com" />
+
+	<rule from="^http://www\.downforeveryoneorjustme\.com/"
+		to="https://downforeveryoneorjustme.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/DownThemAll.net.xml b/src/chrome/content/rules/DownThemAll.net.xml
new file mode 100644
index 000000000000..39cfffea8b2a
--- /dev/null
+++ b/src/chrome/content/rules/DownThemAll.net.xml
@@ -0,0 +1,29 @@
+<!--
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .downthemall.net
+		- about.downthemall.net
+
+-->
+<ruleset name="DownThemAll.net (partial)">
+
+	<target host="downthemall.net"/>
+	<target host="www.downthemall.net"/>
+	<target host="about.downthemall.net"/>
+	<target host="bugs.downthemall.net"/>
+	<target host="code.downthemall.net"/>
+
+	<!--	Not secured by server
+					-->
+	<!--securecookie host="^\.downthemall\.net$" name="^(?:__cfduid|cf_clearance)$"/-->
+	<!--securecookie host="^bugs\.downthemall\.net$" name="^(?:trac_form_token|trac_session)$"/-->
+
+	<securecookie host="^\." name="^__cfduid$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DownThemAll.xml b/src/chrome/content/rules/DownThemAll.xml
deleted file mode 100644
index fb6f4f2ebab8..000000000000
--- a/src/chrome/content/rules/DownThemAll.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)
-
--->
-<ruleset name="DownThemAll (partial)">
-
-	<target host="*.downthemall.net"/>
-
-
-	<securecookie host="^bugs\.downthemall\.net$" name=".*"/>
-
-
-	<rule from="^http://(about|bugs|code)\.downthemall\.net/"
-		to="https://$1.downthemall.net/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Download-Islamic-Religion-PDF-Ebooks.com.xml b/src/chrome/content/rules/Download-Islamic-Religion-PDF-Ebooks.com.xml
new file mode 100644
index 000000000000..987a56664ef7
--- /dev/null
+++ b/src/chrome/content/rules/Download-Islamic-Religion-PDF-Ebooks.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="Download-Islamic-Religion-PDF-Ebooks.com">
+	<target host="download-islamic-religion-pdf-ebooks.com" />
+	<target host="www.download-islamic-religion-pdf-ebooks.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/DownloadHelper.net.xml b/src/chrome/content/rules/DownloadHelper.net.xml
new file mode 100644
index 000000000000..08d9055d4866
--- /dev/null
+++ b/src/chrome/content/rules/DownloadHelper.net.xml
@@ -0,0 +1,13 @@
+<ruleset name="DownloadHelper.net">
+
+	<target host="downloadhelper.net" />
+	<target host="www.downloadhelper.net" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DownloadVerse.com.xml b/src/chrome/content/rules/DownloadVerse.com.xml
index 7d6c3a2fde1d..942ba99af845 100644
--- a/src/chrome/content/rules/DownloadVerse.com.xml
+++ b/src/chrome/content/rules/DownloadVerse.com.xml
@@ -1,13 +1,12 @@
 <ruleset name="DownloadVerse.com">
 
 	<target host="downloadverse.com" />
-	<target host="*.downloadverse.com" />
+	<target host="www.downloadverse.com" />
 
 
 	<securecookie host="^(?:w*\.)?downloadverse\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?downloadverse\.com/"
-		to="https://$1downloadverse.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Downloadbox.xml b/src/chrome/content/rules/Downloadbox.xml
index d5afcaf4b8e9..b3da50cf9aeb 100644
--- a/src/chrome/content/rules/Downloadbox.xml
+++ b/src/chrome/content/rules/Downloadbox.xml
@@ -5,13 +5,13 @@
 <ruleset name="Downloadbox" default_off="self-signed" platform="mixedcontent">
 
 	<target host="downloadbox.me" />
-	<target host="*.downloadbox.me" />
+	<target host="www.downloadbox.me" />
 
 
 	<securecookie host="^\.downloadbox\.me$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?downloadbox\.me/"
+	<rule from="^http://(?:www\.)?downloadbox\.me/"
 		to="https://downloadbox.me/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Downloadster.xml b/src/chrome/content/rules/Downloadster.xml
deleted file mode 100644
index ef6116ffe821..000000000000
--- a/src/chrome/content/rules/Downloadster.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<!--
-	CDN buckets:
-
-		- d227ccvjlkns26.cloudfront.net
-
-			- media.downloadster.net
-
--->
-<ruleset name="Downloadster">
-
-	<target host="downloadster.net" />
-	<target host="*.downloadster.net" />
-
-
-	<securecookie host="^(?:w*\.)?downloadster\.net$" name=".+" />
-
-
-	<rule from="^http://(www\.)?downloadster\.net/"
-		to="https://$1downloadster.net/" />
-
-	<rule from="^http://media\.downloadster\.net/"
-		to="https://d227ccvjlkns26.cloudfront.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/DownstreamToday.com.xml b/src/chrome/content/rules/DownstreamToday.com.xml
index bd44c9b29c22..b976ff2a6945 100644
--- a/src/chrome/content/rules/DownstreamToday.com.xml
+++ b/src/chrome/content/rules/DownstreamToday.com.xml
@@ -1,8 +1,13 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://downstreamtoday.com/ => https://downstreamtoday.com/: Too many redirects while fetching 'https://downstreamtoday.com/'
+Fetch error: http://www.downstreamtoday.com/ => https://www.downstreamtoday.com/: Too many redirects while fetching 'https://www.downstreamtoday.com/'
+
 	For other Bishop Interactive coverage, see Bishop_Interactive.xml.
 
 -->
-<ruleset name="DownstreamToday.com">
+<ruleset name="DownstreamToday.com" default_off="failed ruleset test">
 
 	<target host="downstreamtoday.com" />
 	<target host="www.downstreamtoday.com" />
@@ -11,7 +16,6 @@
 	<securecookie host="^(?:www\.)?downstreamtoday\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?downstreamtoday\.com/"
-		to="https://$1downstreamtoday.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Downtown_Host.xml b/src/chrome/content/rules/Downtown_Host.xml
index 424b3948ac8d..0e434b1aa9cc 100644
--- a/src/chrome/content/rules/Downtown_Host.xml
+++ b/src/chrome/content/rules/Downtown_Host.xml
@@ -7,13 +7,13 @@
 <ruleset name="Downtown Host (partial)">
 
 	<target host="downtownhost.com" />
-	<target host="*.downtownhost.com" />
+	<target host="client.downtownhost.com" />
+	<target host="www.downtownhost.com" />
 
 
-	<securecookie host="^(?:.+\.)?downtownhost\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(client\.|www\.)?downtownhost\.com/"
-		to="https://$1downtownhost.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Dozuki.net.xml b/src/chrome/content/rules/Dozuki.net.xml
new file mode 100644
index 000000000000..6f8e3e8ff5df
--- /dev/null
+++ b/src/chrome/content/rules/Dozuki.net.xml
@@ -0,0 +1,15 @@
+<!--
+	For other Dozuki coverage, see Dozuki.xml.
+
+-->
+<ruleset name="Dozuki.net">
+
+	<!--	Special cases:
+				-->
+	<target host="cacher.dozuki.net" />
+
+
+	<rule from="^http://cacher\.dozuki\.net/"
+		to="https://d1luk0418egahw.cloudfront.net/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Dozuki.xml b/src/chrome/content/rules/Dozuki.xml
index 1f2c886a9ae8..cec3f38f5f01 100644
--- a/src/chrome/content/rules/Dozuki.xml
+++ b/src/chrome/content/rules/Dozuki.xml
@@ -1,4 +1,9 @@
 <!--
+	Other Dozuki rulesets:
+
+		- Dozuki.net.xml
+
+
 	CDN buckets:
 
 		- d17kynu4zpq5hy.cloudfront.net
@@ -8,22 +13,30 @@
 		- da2lh5cs8ikqj.cloudfront.net
 
 -->
-<ruleset name="Dozuki (partial)">
+<ruleset name="Dozuki.com (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="dozuki.com" />
-	<target host="*.dozuki.com" />
-	<target host="*.dozuki.net" />
+	<target host="ping.dozuki.com" />
+	<target host="www.dozuki.com" />
 
+		<!--	Some (most?) pages redirect to http.
+									-->
+		<!--exclusion pattern="^http://www\.dozuki\.com/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.dozuki\.com/(?!Guide/login(?:/register)?(?:$|\?))" />
 
-	<!--	Some (most?) pages redirect to http.
-							-->
-	<rule from="^http://(www\.)?dozuki\.com/Guide/login(/register)?($|\?)"
-		to="https://$1dozuki.com/Guide/login$2$3" />
+			<test url="http://www.dozuki.com/blog/" />
+			<test url="http://www.dozuki.com/demo" />
+			<test url="http://www.dozuki.com/features/mobile-access" />
+			<test url="http://www.dozuki.com/resources/our-story" />
+			<test url="http://www.dozuki.com/solutions/product-support" />
 
-	<rule from="^http://cacher\.dozuki\.net/"
-		to="https://d1luk0418egahw.cloudfront.net/" />
 
-	<rule from="^http://ping\.dozuki\.com/"
-		to="https://ping.dozuki.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Dpaydinlatma.com.xml b/src/chrome/content/rules/Dpaydinlatma.com.xml
new file mode 100644
index 000000000000..0c60c5f285f4
--- /dev/null
+++ b/src/chrome/content/rules/Dpaydinlatma.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Dpaydinlatma.com">
+	<target host="dpaydinlatma.com" />
+	<target host="www.dpaydinlatma.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Dpfoc.com.xml b/src/chrome/content/rules/Dpfoc.com.xml
new file mode 100644
index 000000000000..5de20c51187a
--- /dev/null
+++ b/src/chrome/content/rules/Dpfoc.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="dpfoc.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="dpfoc.com" />
+	<target host="www.dpfoc.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Dr-Ghanim.com.xml b/src/chrome/content/rules/Dr-Ghanim.com.xml
new file mode 100644
index 000000000000..9152193722e8
--- /dev/null
+++ b/src/chrome/content/rules/Dr-Ghanim.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="Dr-Ghanim.com">
+	<target host="dr-ghanim.com" />
+	<target host="www.dr-ghanim.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Dr-qubit.org.xml b/src/chrome/content/rules/Dr-qubit.org.xml
new file mode 100644
index 000000000000..ea696be0bba4
--- /dev/null
+++ b/src/chrome/content/rules/Dr-qubit.org.xml
@@ -0,0 +1,14 @@
+<!--
+	CN: *.geekisp.com
+
+-->
+<ruleset name="dr-qubit.org" default_off="mismatched">
+
+	<target host="dr-qubit.org" />
+	<target host="www.dr-qubit.org" />
+
+
+	<rule from="^http://(?:www\.)?dr-qubit\.org/"
+		to="https://dr-qubit.org/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DrAgnDroPbuilder.com.xml b/src/chrome/content/rules/DrAgnDroPbuilder.com.xml
deleted file mode 100644
index eefbceb569ed..000000000000
--- a/src/chrome/content/rules/DrAgnDroPbuilder.com.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="DrAgnDroPbuilder.com">
-
-	<target host="dragndropbuilder.com"/>
-	<target host="www.dragndropbuilder.com"/>
-
-	<rule from="^http://(www\.)?dragndropbuilder\.com/"
-		to="https://dragndropbuilder.com/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/DrJonathanBrown.com.xml b/src/chrome/content/rules/DrJonathanBrown.com.xml
new file mode 100644
index 000000000000..18b3360b99b8
--- /dev/null
+++ b/src/chrome/content/rules/DrJonathanBrown.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="DrJonathanBrown.com">
+	<target host="drjonathanbrown.com" />
+	<target host="www.drjonathanbrown.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/DrServer.net.xml b/src/chrome/content/rules/DrServer.net.xml
new file mode 100644
index 000000000000..44b3c96659fc
--- /dev/null
+++ b/src/chrome/content/rules/DrServer.net.xml
@@ -0,0 +1,24 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- drserver.net
+		- www.drserver.net
+
+-->
+<ruleset name="drServer.net">
+
+	<target host="drserver.net" />
+	<target host="www.drserver.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?drserver\.net$" name="^SESSID[\da-f]{4}$" /-->
+
+	<securecookie host="^(?:www\.)?drserver\.net$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DragonByte-Tech.xml b/src/chrome/content/rules/DragonByte-Tech.xml
index 1b6636d5d62a..0a83dbf1033f 100644
--- a/src/chrome/content/rules/DragonByte-Tech.xml
+++ b/src/chrome/content/rules/DragonByte-Tech.xml
@@ -1,13 +1,25 @@
-<ruleset name="DragonByte Tech">
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.dragonbyte-tech.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="DragonByte-Tech.com">
 
 	<target host="dragonbyte-tech.com" />
 	<target host="www.dragonbyte-tech.com" />
 
 
-	<securecookie host="^www\.dragonbyte-tech\.com$" name=".*" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.dragonbyte-tech\.com$" name="sessionhash$" /-->
+
+	<securecookie host="^www\.dragonbyte-tech\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?dragonbyte-tech\.com/"
-		to="https://$1dragonbyte-tech.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/DragonFly_BSD.xml b/src/chrome/content/rules/DragonFly_BSD.xml
index 7d4e47b2611f..7dea9b595825 100644
--- a/src/chrome/content/rules/DragonFly_BSD.xml
+++ b/src/chrome/content/rules/DragonFly_BSD.xml
@@ -1,32 +1,42 @@
 <!--
-	Nonfunctional subdomains:
+	Nonfunctional hosts in *dragonflybsd.org:
 
-		- gitweb	(shows bugs; mismatched, CN: bugs.dragonflybsd.org)
+		- lists *
 
+	* Refused
 
-	Problematic subdomains:
 
-		- ^	(refused)
-		- leaf	(mismatched, CN: bugs.dragonflybsd.org)
-
--->
-<ruleset name="DragonFly BSD (partial)">
+	Problematic hosts in *dragonflybsd.org:
 
+		- ^	(refused)
+ -->
+<ruleset name="DragonFly BSD.org (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="bugs.dragonflybsd.org" />
+	<target host="gitweb.dragonflybsd.org" />
+	<target host="leaf.dragonflybsd.org" />
+	<target host="mirror-master.dragonflybsd.org" />
+	<target host="www.dragonflybsd.org" />
+
+	<!--	Complications:
+				-->
 	<target host="dragonflybsd.org" />
-	<target host="*.dragonflybsd.org" />
-		<!--
-			Not all of leaf is identical to bugs:
-								-->
-		<exclusion pattern="^http://leaf\.dragonflybsd\.org/(?!cgi/web-man)" />
+
+		<test url="http://leaf.dragonflybsd.org//" />
+		<test url="http://leaf.dragonflybsd.org/cgi/web-man" />
+		<test url="http://leaf.dragonflybsd.org/mailarchive/" />
+		<test url="http://leaf.dragonflybsd.org/manpages/" />
 
 
-	<securecookie host="^bugs\.dragonflybsd\.org$" name=".+" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?dragonflybsd\.org/"
+	<rule from="^http://dragonflybsd\.org/"
 		to="https://www.dragonflybsd.org/" />
 
-	<rule from="^http://(?:bugs|leaf)\.dragonflybsd\.org/"
-		to="https://bugs.dragonflybsd.org/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/DragonFly_BSD_Digest.com.xml b/src/chrome/content/rules/DragonFly_BSD_Digest.com.xml
new file mode 100644
index 000000000000..80080e042b04
--- /dev/null
+++ b/src/chrome/content/rules/DragonFly_BSD_Digest.com.xml
@@ -0,0 +1,22 @@
+<!--
+	Mixed content:
+
+		- Images from $self *
+		- Ads from ir-na.amazon-adsystem.com *
+
+	* Secured by us
+
+-->
+<ruleset name="DragonFly BSD Digest.com">
+
+	<target host="dragonflydigest.com" />
+	<target host="www.dragonflydigest.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Dragonsreach.it.xml b/src/chrome/content/rules/Dragonsreach.it.xml
new file mode 100644
index 000000000000..70c5e5b2d320
--- /dev/null
+++ b/src/chrome/content/rules/Dragonsreach.it.xml
@@ -0,0 +1,12 @@
+<ruleset name="dragonsreach.it">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="dragonsreach.it" />
+	<target host="www.dragonsreach.it" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Draugiem.lv.xml b/src/chrome/content/rules/Draugiem.lv.xml
new file mode 100644
index 000000000000..fbc6ddae253e
--- /dev/null
+++ b/src/chrome/content/rules/Draugiem.lv.xml
@@ -0,0 +1,45 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://baratikor.com/ => https://www.baratikor.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.baratikor.com'")
+Fetch error: http://www.baratikor.com/ => https://www.baratikor.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.baratikor.com'")
+
+	Apparently, some pages started redirecting to http.
+
+
+	Everything but that which has been tested is excluded below.
+
+-->
+<ruleset name="Draugiem.lv (partial)" default_off="failed ruleset test">
+
+	<target host="baratikor.com" />
+	<target host="www.baratikor.com" />
+		<exclusion pattern="^http://(?:www\.)?(?:baratikor.com|draugiem\.lv)/+(?!$|\?|favicon\.ico|(?:forgot|help)(?:$|[?/])|upl/captcha\.php)" />
+	<target host="draugiem.lv" />
+	<target host="www.draugiem.lv" />
+	<target host="m.draugiem.lv" />
+		<exclusion pattern="^http://m\.draugiem\.lv/+(?!$|\?|favicon\.ico|v\d+/(?:cs|j)s/)" />
+	<target host="frype.com" />
+	<target host="www.frype.com" />
+	<target host="i0.frype.com" />
+	<target host="i3.frype.com" />
+	<target host="i7.frype.com" />
+	<target host="i9.frype.com" />
+		<exclusion pattern="^http://(?:www\.)?frype\.com/+(?!$|\?|favicon\.ico|(?:forgot|help)(?:$|[?/]))" />
+	<target host="ifrype.com" />
+
+
+	<rule from="^http://(?:www\.)?baratikor\.com/"
+		to="https://www.baratikor.com/" />
+
+	<rule from="^http://(?:www\.)?draugiem\.lv/"
+		to="https://www.draugiem.lv/" />
+
+
+	<rule from="^http://(?:www\.)?frype\.com/"
+		to="https://www.frype.com/" />
+
+
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/DrawQuest.xml b/src/chrome/content/rules/DrawQuest.xml
deleted file mode 100644
index 7f2e5125e4e0..000000000000
--- a/src/chrome/content/rules/DrawQuest.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	www.drawquestugc.com doesn't exist.
-
--->
-<ruleset name="DrawQuest">
-
-	<target host="drawquest.com" />
-	<target host="www.drawquest.com" />
-	<target host="drawquestugc.com" />
-	<target host="*.drawquestugc.com" />
-
-
-	<securecookie host="^drawquest\.com$" name=".+" />
-	<securecookie host="^\.drawquestugc.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?drawquest\.com/"
-		to="https://$1drawquest.com/" />
-
-	<rule from="^http://drawquestugc\.com/"
-		to="https://drawquestugc.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Drawception.xml b/src/chrome/content/rules/Drawception.xml
new file mode 100644
index 000000000000..6386842d3d69
--- /dev/null
+++ b/src/chrome/content/rules/Drawception.xml
@@ -0,0 +1,8 @@
+<ruleset name="Drawception">
+  <target host="drawception.com" />
+  <target host="www.drawception.com" />
+
+
+  <rule from="^http:" to="https:" />
+  <securecookie host="^\.?drawception\.com$" name=".+" />
+</ruleset>
diff --git a/src/chrome/content/rules/Drawing_by_Numbers.org.xml b/src/chrome/content/rules/Drawing_by_Numbers.org.xml
deleted file mode 100644
index e9d2dd66a8c5..000000000000
--- a/src/chrome/content/rules/Drawing_by_Numbers.org.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<!--
-	For other Tactical Technology coverage, see Tactical_Tech.org.xml.
-
-
-	Mixed content:
-
-		- Mixed images on ^ from i.creativecommons.org *
-
-	* Secured by us
-
--->
-<ruleset name="Drawing by Numbers.org">
-
-	<target host="drawingbynumbers.org" />
-	<target host="*.drawingbynumbers.org" />
-
-
-	<securecookie host="^\.drawingbynumbers\.org$" name=".+" />
-
-
-	<rule from="^http://(www\.)?drawingbynumbers\.org/"
-		to="https://$1drawingbynumbers.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Drawthelines.ca.xml b/src/chrome/content/rules/Drawthelines.ca.xml
new file mode 100644
index 000000000000..3fc0acfaa79d
--- /dev/null
+++ b/src/chrome/content/rules/Drawthelines.ca.xml
@@ -0,0 +1,13 @@
+<!--
+	Invalid certificate:
+		- www.drawthelines.ca
+-->
+
+<ruleset name="Drawthelines.ca">
+	<target host="drawthelines.ca" />
+	<target host="www.drawthelines.ca" />
+
+	<rule from="^http://www\.drawthelines\.ca/"
+		  to="https://drawthelines.ca/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/DrayTek.com.xml b/src/chrome/content/rules/DrayTek.com.xml
new file mode 100644
index 000000000000..cf89392361b6
--- /dev/null
+++ b/src/chrome/content/rules/DrayTek.com.xml
@@ -0,0 +1,37 @@
+<!--
+	Insecure cookies are set for these domains and hosts:
+
+		- .draytek.com
+		- myvigor.draytek.com
+		- www.draytek.com
+
+
+	Mixed content:
+
+		- Image on www from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="DrayTek.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="draytek.com" />
+	<target host="myvigor.draytek.com" />
+	<target host="www.draytek.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.draytek\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+	<!--securecookie host="^myvigor\.draytek\.com" name="^PHPSESSID$" /-->
+	<!--securecookie host="^www\.draytek\.com" name="^[\da-f]{32}$" /-->
+
+	<securecookie host=".*\.draytek\.com" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Drchrono.com.xml b/src/chrome/content/rules/Drchrono.com.xml
new file mode 100644
index 000000000000..28e9fa93361d
--- /dev/null
+++ b/src/chrome/content/rules/Drchrono.com.xml
@@ -0,0 +1,30 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://drchrono.com/ => https://drchrono.com/: Too many redirects while fetching 'https://drchrono.com/'
+
+	Insecure cookies are set for these hosts:
+
+		- drchrono.com
+		- www.drchrono.com
+
+-->
+<ruleset name="Drchrono.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="drchrono.com" />
+	<target host="www.drchrono.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?drchrono\.com$" name="^csrftoken$" /-->
+
+	<securecookie host="^(?:www\.)?drchrono\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DreamHost.xml b/src/chrome/content/rules/DreamHost.xml
index 4d8674f0ae0b..aad42680f573 100644
--- a/src/chrome/content/rules/DreamHost.xml
+++ b/src/chrome/content/rules/DreamHost.xml
@@ -1,4 +1,5 @@
 <!--
+
 	For other New Dream Network coverage, see New-Dream-Network.xml.
 
 
@@ -9,41 +10,64 @@
 
 	Nonfunctional domains:
 
-		- blog.dreamhost.com		(times out)
-		- wiki.dreamhost.com		(refused)
-		- (www.)dreamhoststatus.com
-
+		- blog.dreamhost.com			(self-signed & cert mismatch)
+		- links.dreamhost.com			(cert mismatch)
+		- objects.dreamhost.com			(cert expired)
+		- *.objects.dreamhost.com		(cert expired)
+		- whois.dreamhost.com			(refused)
+		- whoisweb.dreamhost.com		(refused)
+		- wiki.dreamhost.com			(refused)
+		- dreamhoststatus.com			(cert mismatch)
+
+
+	Note: It appears that the dreamhost.com domain has a number of subdomains under
+	which third party sites are hosted, such as http://bokane-beta.dreamhost.com/,
+	http://crookedtimber1.dreamhost.com/, and http://otismaxwell.dreamhost.com/.
+	In addition, it appears that these subdomains for third party sites do not
+	necessarily support HTTPS. Given the possibility that the dreamhost.com
+	domain may have subdomains for third party hosted sites added or removed over
+	time, it is advisable for the DreamHost ruleset to have an explicit list of
+	target domains that are redirected to HTTPS instead of a wildcard
+	*.dreamhost.com rule combined with exclusions for nonfunctional domains.
 
-	Mixed content:
+-->
+<ruleset name="DreamHost.com (partial)">
 
-		- images on www from dreamhost-com-media.objects *
+	<target host="dreamhost.com" />
+	<target host="www.dreamhost.com" />
+	<target host="abuse.dreamhost.com" />
+	<target host="api.dreamhost.com" />
+	<target host="atmail.dreamhost.com" />
+	<target host="blog.dreamhost.com" />
+	<target host="discussion.dreamhost.com" />
+	<target host="gifts.dreamhost.com" />
+	<target host="help.dreamhost.com" />
+	<target host="mailboxes.dreamhost.com" />
+	<target host="media.dreamhost.com" />
+	<target host="panel.dreamhost.com" />
+	<target host="remixer.panel.dreamhost.com" />
+	<target host="roundcube.dreamhost.com" />
+	<target host="signup.dreamhost.com" />
+	<target host="transferapproval.dreamhost.com" />
+	<target host="webftp.dreamhost.com" />
+	<target host="webmail.dreamhost.com" />
 
-	* Secured by us, doesn't trigger MCB anyway.
 
--->
-<ruleset name="DreamHost (partial)">
+	<target host="dreamhoststatus.com" />
+	<target host="www.dreamhoststatus.com" />
 
-	<target host="dreamhost.com" />
-	<target host="*.dreamhost.com" />
-		<exclusion pattern="^http://(?:blog|wiki)\.dreamhost\.com/" />
 
+	<securecookie host=".+" name=".+" />
 
-	<securecookie host="^(?:.*\.)?dreamhost\.com$" name=".+" />
 
+	<rule from="^http://blog\.dreamhost\.com/"
+		to="https://www.dreamhost.com/blog/" />
+		<test url="http://blog.dreamhost.com/2008/01/17/the-final-update/" />
 
-	<!--	Observed subdomains:
+	<rule from="^http://dreamhoststatus\.com/"
+		to="https://www.dreamhoststatus.com/" />
 
-			- discussion
-			- files
-			- gifts
-			- media
-			- dreamhost-com-media.objects
-			- panel
-			- signup
-			- webftp
-			- www
-				-->
-	<rule from="^http://([\w-]+\.(?:objects\.)?)?dreamhost\.com/"
-		to="https://$1dreamhost.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/DreamSpark.com.xml b/src/chrome/content/rules/DreamSpark.com.xml
index ba2d6ef08153..154cd6e55f62 100644
--- a/src/chrome/content/rules/DreamSpark.com.xml
+++ b/src/chrome/content/rules/DreamSpark.com.xml
@@ -1,22 +1,33 @@
+
 <!--
-	For other Microsoft coverage, see Microsoft.xml.
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.dreamspark.com/ => https://www.dreamspark.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://dreamspark.com/ => https://www.dreamspark.com/: (60, 'SSL certificate problem: certificate has expired')
 
+	For other Microsoft coverage, see Microsoft.xml.
 
-	Problematic domains:
 
-		- dreamspark.com	(dropped)
+	^dreamspark.com: Dropped
 
 -->
-<ruleset name="DreamSpark.com">
+<ruleset name="DreamSpark.com" default_off="failed ruleset test">
 
-	<target host="dreamspark.com" />
+	<!--	Direct rewrites:
+				-->
 	<target host="www.dreamspark.com" />
 
+	<!--	Complications:
+				-->
+	<target host="dreamspark.com" />
+
 
-	<securecookie host="^www\.dreamspark\.com$" name=".+" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?dreamspark\.com/"
+	<rule from="^http://dreamspark\.com/"
 		to="https://www.dreamspark.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DreamWiz.xml b/src/chrome/content/rules/DreamWiz.xml
deleted file mode 100644
index dab78132a5d3..000000000000
--- a/src/chrome/content/rules/DreamWiz.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	Nonfunctional domains:
-
-		- www.connect.kr	(cert: login.connect.kr; shows that domain's data)
-		- iphone.connect.kr	(ssl_error_rx_record_too_long)
-		- (www.)dreamwiz.com	(times out)
-		- adc.dreamwiz.com	(times out)
-		- adcnt.dreamwiz.com	(times out)
-		- ebiz.dreamwiz.com
-		- twtkr.olleh.com
-
--->
-<ruleset name="DreamWiz (partial)">
-
-	<target host="login.connect.kr" />
-	<target host="i.dreamwiz.com" />
-
-
-	<rule from="^http://login\.connect\.kr/"
-		to="https://login.connect.kr/" />
-
-	<rule from="^http://i\.dreamwiz\.com/"
-		to="https://i.dreamwiz.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Dream_News.jp.xml b/src/chrome/content/rules/Dream_News.jp.xml
new file mode 100644
index 000000000000..814abf4d0b13
--- /dev/null
+++ b/src/chrome/content/rules/Dream_News.jp.xml
@@ -0,0 +1,14 @@
+<!--
+	^: cert only matches www
+
+-->
+<ruleset name="Dream News.jp">
+
+	<target host="dreamnews.jp" />
+	<target host="www.dreamnews.jp" />
+
+
+	<rule from="^http://(?:www\.)?dreamnews\.jp/"
+		to="https://www.dreamnews.jp/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Dreampass.jp.xml b/src/chrome/content/rules/Dreampass.jp.xml
index 7a2ac999216c..5c4e69a21e98 100644
--- a/src/chrome/content/rules/Dreampass.jp.xml
+++ b/src/chrome/content/rules/Dreampass.jp.xml
@@ -1,13 +1,13 @@
 <ruleset name="dreampass.jp">
 
 	<target host="dreampass.jp" />
-	<target host="*.dreampass.jp" />
+	<target host="special.dreampass.jp" />
+	<target host="www.dreampass.jp" />
 
 
 	<securecookie host="^\.dreampass\.jp$" name=".+" />
 
 
-	<rule from="^http://(special\.|www\.)?dreampass\.jp/"
-		to="https://$1dreampass.jp/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Dreamstime-problematic.xml b/src/chrome/content/rules/Dreamstime-problematic.xml
index 2a8d675a831a..7ffa4f42c1e2 100644
--- a/src/chrome/content/rules/Dreamstime-problematic.xml
+++ b/src/chrome/content/rules/Dreamstime-problematic.xml
@@ -8,7 +8,6 @@
 		<exclusion pattern="^http://thumbs\.dreamstime\.com/site-img/" />
 
 
-	<rule from="^http://thumbs\.dreamstime\.com/"
-		to="https://thumbs.dreamstime.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Dreamstime.xml b/src/chrome/content/rules/Dreamstime.xml
index 24bfe5773bae..02f886a7e041 100644
--- a/src/chrome/content/rules/Dreamstime.xml
+++ b/src/chrome/content/rules/Dreamstime.xml
@@ -1,4 +1,6 @@
 <!--
+Automatically by https-everywhere-checker because:
+Fetch error: http://dreamstime.com/ => https://dreamstime.com/: Cycle detected - URL already encountered: https://www.dreamstime.com/
 	For problematic rules, see Dreamstime-problematic.xml.
 
 
@@ -10,8 +12,9 @@
 <ruleset name="Dreamstime (partial)" platform="mixedcontent">
 
 	<target host="dreamstime.com" />
-	<target host="*.dreamstime.com" />
-		<exclusion pattern="^https?://thumbs\.dreamstime\.com/(?!site-img/)" />
+	<target host="thumbs.dreamstime.com" />
+	<target host="www.dreamstime.com" />
+		<exclusion pattern="^http://thumbs\.dreamstime\.com/(?!site-img/)" />
 
 
 	<securecookie host="^.*\.dreamstime\.com$" name=".+" />
@@ -20,4 +23,4 @@
 	<rule from="^http://(?:thumbs\.|(www\.))?dreamstime\.com/"
 		to="https://$1dreamstime.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Dreamwidth.xml b/src/chrome/content/rules/Dreamwidth.xml
index 1eab452f3382..74cb44935217 100644
--- a/src/chrome/content/rules/Dreamwidth.xml
+++ b/src/chrome/content/rules/Dreamwidth.xml
@@ -1,19 +1,35 @@
 <!--
-	NOTE: In its current form and with the current site
-	configuration, this rule protects login passwords
-	but prevents the user from reading other users' journals!
+	Insecure cookies are set for these domains:
+
+		- .dreamwidth.org
 
 -->
-<ruleset name="Dreamwidth" default_off="breaks for non-logged-in users">
+<ruleset name="Dreamwidth.org">
 
 	<target host="dreamwidth.org" />
 	<target host="*.dreamwidth.org" />
 
+		<test url="http://s.dreamwidth.org/img/silk/identity/user.png" />
+		<test url="http://shop.dreamwidth.org/" />
+		<test url="http://support.dreamwidth.org/" />
+		<test url="http://www.dreamwidth.org/" />
+
+		<!--	Test journal subdomains.
+
+			"system" is an official journal, guaranteed to stay around.
+								-->
+		<test url="http://system.dreamwidth.org/" />
+		<test url="http://users.dreamwidth.org/system" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.dreamwidth\.org$" name="^(__cfduid|cf_clearance|ljuniq)$" /-->
 
 	<securecookie host="^\.dreamwidth\.org$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?dreamwidth\.org/"
-		to="https://www.dreamwidth.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Drews-Script-o-Rama.xml b/src/chrome/content/rules/Drews-Script-o-Rama.xml
index 7bfd5f46f46c..a7cd4abd2e89 100644
--- a/src/chrome/content/rules/Drews-Script-o-Rama.xml
+++ b/src/chrome/content/rules/Drews-Script-o-Rama.xml
@@ -1,11 +1,11 @@
-<ruleset name="Drew's Script-o-Rama" default_off="mismatch">
+<ruleset name="Drew's Script-o-Rama" default_off="mismatched">
 
 	<!--	Cert: *.sites.myregisteredsite.com	-->
 	<target host="script-o-rama.com" />
 	<target host="www.script-o-rama.com" />
 
 
-	<rule from="^https?://(?:www\.)?script-o-rama\.com/"
+	<rule from="^http://(?:www\.)?script-o-rama\.com/"
 		to="https://script-o-rama.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Drexel_University.xml b/src/chrome/content/rules/Drexel_University.xml
index 795657cacc38..4e0c7146a887 100644
--- a/src/chrome/content/rules/Drexel_University.xml
+++ b/src/chrome/content/rules/Drexel_University.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://psal.cs.drexel.edu/ => https://psal.cs.drexel.edu/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
 	Problematic subdomains:
 
 		- (www.)	(some paths 404)
@@ -10,15 +14,16 @@
 		- psal.cs
 
 -->
-<ruleset name="Drexel University (partial)">
+<ruleset name="Drexel University (partial)" default_off="failed ruleset test">
 
-	<target host="*.drexel.edu" />
+	<target host="cs.drexel.edu" />
+	<target host="psal.cs.drexel.edu" />
+	<target host="www.cs.drexel.edu" />
 
 
 	<securecookie host="^psal\.cs\.drexel\.edu$" name=".+" />
 
 
-	<rule from="^http://(psal\.|www\.)?cs\.drexel\.edu/"
-		to="https://$1cs.drexel.edu/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Dribbble.com.xml b/src/chrome/content/rules/Dribbble.com.xml
new file mode 100644
index 000000000000..15f1d5b082e1
--- /dev/null
+++ b/src/chrome/content/rules/Dribbble.com.xml
@@ -0,0 +1,29 @@
+<!--
+	dribbble-equipment.myshopify.com <=> equipment.dribbble.com
+
+
+	Nonfunctional subdomains:
+
+		- blog ¹
+		- developer ¹
+		- equipment ²
+		- help ³
+		- shop ²
+
+	¹ GitHub
+	² Shopify
+	³ Desk.com
+
+-->
+<ruleset name="Dribbble.com (partial)">
+
+	<target host="dribbble.com" />
+	<target host="www.dribbble.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+	<!--rule from="^http://equipment\.dribbble\.com/"
+		to="https://dribbble-equipment.myshopify.com/" /-->
+
+</ruleset>
diff --git a/src/chrome/content/rules/Drillisch.de.xml b/src/chrome/content/rules/Drillisch.de.xml
new file mode 100644
index 000000000000..1e112a836e91
--- /dev/null
+++ b/src/chrome/content/rules/Drillisch.de.xml
@@ -0,0 +1,21 @@
+<!--
+	Timeout:
+		cag.drillisch.de
+		extranet.drillisch.de
+-->
+<ruleset name="Drillisch.de">
+
+	<target host="drillisch.de" />
+	<target host="www.drillisch.de" />
+	<target host="freeway.drillisch.de" />
+	<target host="fta.drillisch.de" />
+	<target host="imagepool.drillisch.de" />
+	<target host="karriere.drillisch.de" />
+	<target host="owncloud.drillisch.de" />
+	<target host="pay.drillisch.de" />
+	<target host="pay-ref.drillisch.de" />
+	<target host="tracking.drillisch.de" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Drinkaware.xml b/src/chrome/content/rules/Drinkaware.xml
new file mode 100644
index 000000000000..f001386ff1a8
--- /dev/null
+++ b/src/chrome/content/rules/Drinkaware.xml
@@ -0,0 +1,16 @@
+<ruleset name="Drinkaware.co.uk">
+
+	<target host="drinkaware.co.uk" />
+	<target host="*.drinkaware.co.uk" />
+
+		<test url="http://resources.drinkaware.co.uk/" />
+		<test url="http://www.drinkaware.co.uk/" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Drive2.ru.xml b/src/chrome/content/rules/Drive2.ru.xml
new file mode 100644
index 000000000000..dedb8148fd67
--- /dev/null
+++ b/src/chrome/content/rules/Drive2.ru.xml
@@ -0,0 +1,30 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- www.drive2.ru
+
+
+	Mixed content:
+
+		- Bug from b.scorecardresearch.com *
+
+	* Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Drive2.ru">
+
+	<target host="drive2.ru" />
+	<target host="www.drive2.ru" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.drive2\.ru$" name="^_AFF$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DriveStyle_Insure.xml b/src/chrome/content/rules/DriveStyle_Insure.xml
index 4db6c626e65b..28c1c67ba54b 100644
--- a/src/chrome/content/rules/DriveStyle_Insure.xml
+++ b/src/chrome/content/rules/DriveStyle_Insure.xml
@@ -1,4 +1,11 @@
-<ruleset name="DriveStyle Insure">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://drivestyle.co.uk/ => https://drivestyle.co.uk/: (7, 'Failed to connect to drivestyle.co.uk port 443: Connection refused')
+Fetch error: http://www.drivestyle.co.uk/ => https://www.drivestyle.co.uk/: (7, 'Failed to connect to www.drivestyle.co.uk port 443: Connection refused')
+
+-->
+<ruleset name="DriveStyle Insure" default_off="failed ruleset test">
 
 	<target host="drivestyle.co.uk" />
 	<target host="www.drivestyle.co.uk" />
@@ -7,7 +14,6 @@
 	<securecookie host="^(?:www\.)?drivestyle.co.uk$" name=".+" />
 
 
-	<rule from="^http://(www\.)?drivestyle\.co\.uk/"
-		to="https://$1drivestyle.co.uk/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Drivee.xml b/src/chrome/content/rules/Drivee.xml
index 30d3146245f5..57a160f73e02 100644
--- a/src/chrome/content/rules/Drivee.xml
+++ b/src/chrome/content/rules/Drivee.xml
@@ -1,4 +1,11 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://drivee.jp/ => https://www.drivee.jp/: Too many redirects while fetching 'https://www.drivee.jp/'
+Fetch error: http://www.drivee.jp/ => https://www.drivee.jp/: Too many redirects while fetching 'https://www.drivee.jp/'
+Fetch error: http://drivee.ne.jp/ => https://www.drivee.jp/: Too many redirects while fetching 'https://www.drivee.jp/'
+Fetch error: http://www.drivee.ne.jp/ => https://www.drivee.jp/: Too many redirects while fetching 'https://www.drivee.jp/'
+
 	For other Xserver coverage, see Xserver.xml.
 
 
@@ -7,28 +14,46 @@
 		- drivee.jp *
 		- (www.)drivee.ne.jp *
 
-	* Mismached, CN: secure.drivee.ne.jp
-
-
-	Fully covered domains:
-
-		- (www.)drivee.jp	(^ → www)
-		- (www.)drivee.ne.jp	(→ www.drivee.jp)
-		- secure.drivee.ne.jp
+	* Mismatched, CN: secure.drivee.ne.jp
 
 -->
-<ruleset name="drivee">
+<ruleset name="drivee (partial)" default_off="failed ruleset test">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="drivee.jp" />
 	<target host="www.drivee.jp" />
+	<target host="secure.drivee.ne.jp" />
+
+	<!--	Complications:
+				-->
 	<target host="drivee.ne.jp" />
-	<target host="*.drivee.ne.jp" />
+	<target host="www.drivee.ne.jp" />
 
+		<!--	Redirects to http:
+						-->
+		<exclusion pattern="^http://www\.drive\.jp/(?:$|\?)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.drive.jp/?" />
+			<test url="http://www.drive.jp/?foo" />
+			<test url="http://www.drive.jp/?bar" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.drivee.jp/manual.php" />
+			<test url="http://www.drivee.jp/news.php" />
+			<test url="http://www.drivee.jp/order.php" />
+
+
+	<rule from="^http://drivee\.jp/"
+		to="https://www.drivee.jp/" />
 
-	<rule from="^http://(?:www\.)?drivee\.(?:ne\.)?jp/"
+	<rule from="^http://(?:www\.)?drivee\.ne\.jp/"
 		to="https://www.drivee.jp/" />
 
-	<rule from="^http://secure\.drivee\.ne\.jp/"
-		to="https://secure.drivee.ne.jp/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/DriversEdDirect.com.xml b/src/chrome/content/rules/DriversEdDirect.com.xml
index 8ffc97a19bdc..5ca593bc975a 100644
--- a/src/chrome/content/rules/DriversEdDirect.com.xml
+++ b/src/chrome/content/rules/DriversEdDirect.com.xml
@@ -1,6 +1,6 @@
-<ruleset name="DriversEdDirect.com">
-	<target host="www.driverseddirect.com"/>
-    <target host="driverseddirect.com"/>
-
-	<rule from="^http://(www\.)?driverseddirect\.com/" to="https://www.driverseddirect.com/"/>
-</ruleset>
+<ruleset name="DriversEdDirect.com">
+	<target host="www.driverseddirect.com"/>
+    <target host="driverseddirect.com"/>
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Dro-s.com.xml b/src/chrome/content/rules/Dro-s.com.xml
new file mode 100644
index 000000000000..6df1c6b224ba
--- /dev/null
+++ b/src/chrome/content/rules/Dro-s.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="Dro-s.com">
+	<target host="dro-s.com" />
+	<target host="www.dro-s.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Droid-Break.info.xml b/src/chrome/content/rules/Droid-Break.info.xml
new file mode 100644
index 000000000000..b0622e656640
--- /dev/null
+++ b/src/chrome/content/rules/Droid-Break.info.xml
@@ -0,0 +1,10 @@
+<ruleset name="Droid-Break">
+
+	<target host="droid-break.info" />
+	<target host="www.droid-break.info" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Drone.io.xml b/src/chrome/content/rules/Drone.io.xml
new file mode 100644
index 000000000000..dae7298d747c
--- /dev/null
+++ b/src/chrome/content/rules/Drone.io.xml
@@ -0,0 +1,29 @@
+<!--
+	Nonfunctional hosts in *drone.io:
+
+		- docs *
+
+	* Dropped
+
+
+	www.drone.io: Mismatched
+
+-->
+<ruleset name="drone.io (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="drone.io" />
+
+	<!--	Complications:
+				-->
+	<target host="www.drone.io" />
+
+
+	<rule from="^http://www\.drone\.io/"
+		to="https://drone.io/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DropDav.xml b/src/chrome/content/rules/DropDav.xml
index cd36d76a3856..18a8bd055b03 100644
--- a/src/chrome/content/rules/DropDav.xml
+++ b/src/chrome/content/rules/DropDav.xml
@@ -1,10 +1,26 @@
-<ruleset name="DropDav">
+<!--
+	Insecure cookies are set for these domains:
+
+		- .dropdav.com
+
+-->
+<ruleset name="DropDav.com">
+
+	<!--	Direct rewrites:
+				-->
   <target host="dropdav.com"/>
-  <target host="www.dropdav.com"/>
   <target host="dav.dropdav.com"/>
-  
-  <securecookie host="^(.+\.)?dropdav\.com$" name=".*"/>
+  <target host="www.dropdav.com"/>
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.dropdav\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
-  <rule from="^http://(?:www\.)?dropdav\.com/" to="https://dropdav.com/"/>
-  <rule from="^http://dav\.dropdav\.com/" to="https://dav.dropdav.com/" />
 </ruleset>
diff --git a/src/chrome/content/rules/Dropbox.xml b/src/chrome/content/rules/Dropbox.xml
index 0b115a7953c8..03593b0e3765 100644
--- a/src/chrome/content/rules/Dropbox.xml
+++ b/src/chrome/content/rules/Dropbox.xml
@@ -1,9 +1,16 @@
 <!--
+	Other Dropbox rulesets:
+
+		- Dropbox_Forum.com.xml
+
+
 	Fully covered domains:
 
 		- (www.)db.tt
 
-		- dropbox.com subdomains:
+		- dropbox.com
+
+		- [\w-]+.dropbox.com:
 
 			- blog
 			- bloghost[12]
@@ -14,12 +21,12 @@
 			- files
 			- forum
 			- forums
+			- opensource
 			- status
 			- tech
 			- v-misc
 
 		- (www.)dropboxatwork.com
-		- (www.)dropboxmail.com
 		- (www.)dropboxteam.com
 		- *.dropboxusercontent.com
 		- (www.)getdropbox.com
@@ -29,34 +36,20 @@
 
 	<target host="db.tt" />
 	<target host="www.db.tt" />
-	<target host="dropbox.com" />
-	<target host="*.dropbox.com" />
 	<target host="dropboxatwork.com" />
 	<target host="www.dropboxatwork.com" />
-	<target host="dropboxmail.com" />
-	<target host="www.dropboxmail.com" />
 	<target host="dropboxteam.com" />
 	<target host="www.dropboxteam.com" />
-	<target host="*.dropboxusercontent.com" />
 	<target host="getdropbox.com" />
 	<target host="www.getdropbox.com" />
 
 
-	<securecookie host="^(?:.*\.)?dropbox\.com$" name=".+" />
-
-
 	<rule from="^http://(www\.)?db\.tt/"
-		to="https://$1db.tt/" />
+		to="https://db.tt/" />
 
-	<rule from="^http://([\w-]+\.)?dropbox\.com/"
-		to="https://$1dropbox.com/" />
-  
-	<rule from="^http://(www\.)?dropbox(atwork|mail|team)\.com/"
+	<rule from="^http://(www\.)?dropbox(atwork|team)\.com/"
 		to="https://$1dropbox$2.com/" />
 
-	<rule from="^http://([\w-]+)\.dropboxusercontent\.com/"
-		to="https://$1.dropboxusercontent.com/" />
-
 	<rule from="^http://(www\.)?getdropbox\.com/"
 		to="https://$1getdropbox.com/" />
 
diff --git a/src/chrome/content/rules/Dropbox_Forum.com.xml b/src/chrome/content/rules/Dropbox_Forum.com.xml
new file mode 100644
index 000000000000..34711a433d2e
--- /dev/null
+++ b/src/chrome/content/rules/Dropbox_Forum.com.xml
@@ -0,0 +1,20 @@
+<!--
+	For other Dropbox coverage, see Dropbox.xml.
+
+	No working URL known:
+		forum-stage.dropboxforum.com
+
+-->
+<ruleset name="Dropbox Forum.com">
+
+
+	<target host="dropboxforum.com" />
+	<target host="www.dropboxforum.com" />
+	<target host="forum-canary.dropboxforum.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Dropcam.com.xml b/src/chrome/content/rules/Dropcam.com.xml
deleted file mode 100644
index e39426c95803..000000000000
--- a/src/chrome/content/rules/Dropcam.com.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!-- This rule was automatically generated based on an HSTS
-     preload rule in the Chromium browser.  See 
-     https://src.chromium.org/viewvc/chrome/trunk/src/net/base/transport_security_state.cc
-     for the list of preloads.  Sites are added to the Chromium HSTS
-     preload list on request from their administrators, so HTTPS should
-     work properly everywhere on this site.
- 
-     Because Chromium and derived browsers automatically force HTTPS for
-     every access to this site, this rule applies only to Firefox. -->
-<ruleset name="Dropcam.com" platform="firefox">
-  <target host="dropcam.com" />
-  <target host="www.dropcam.com" />
-
-  <securecookie host="^dropcam\.com$" name=".+" />
-  <securecookie host="^www\.dropcam\.com$" name=".+" />
-
-  <rule from="^http://dropcam\.com/" to="https://dropcam.com/" />
-  <rule from="^http://www\.dropcam\.com/" to="https://www.dropcam.com/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Droplr.xml b/src/chrome/content/rules/Droplr.xml
new file mode 100644
index 000000000000..54bab7f9d6d7
--- /dev/null
+++ b/src/chrome/content/rules/Droplr.xml
@@ -0,0 +1,16 @@
+<!--
+	Other Droplr rulesets:
+
+		- D.pr.xml
+
+-->
+<ruleset name="Droplr.com">
+	<target host="droplr.com" />
+	<target host="www.droplr.com" />
+
+	<securecookie host="^droplr\.com$" name=".+" />
+
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Drought.gov.xml b/src/chrome/content/rules/Drought.gov.xml
new file mode 100644
index 000000000000..37477dcace86
--- /dev/null
+++ b/src/chrome/content/rules/Drought.gov.xml
@@ -0,0 +1,16 @@
+<!--
+
+-->
+<ruleset name="Drought.gov">
+
+	<target host="drought.gov" />
+	<target host="www.drought.gov" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Drowned_In_Sound.com-problematic.xml b/src/chrome/content/rules/Drowned_In_Sound.com-problematic.xml
new file mode 100644
index 000000000000..67820f81aa12
--- /dev/null
+++ b/src/chrome/content/rules/Drowned_In_Sound.com-problematic.xml
@@ -0,0 +1,21 @@
+<!--
+	For rules that are on by default, see Drowned_In_Sound.com.xml.
+
+-->
+<ruleset name="Drowned In Sound.com (problematic)" default_off="mismatched">
+
+	<target host="drownedinsound.com" />
+	<target host="*.drownedinsound.com" />
+		<!--
+			Handled in Drowned_In_Sound.com.xml:
+								-->
+		<!--exclusion pattern="^http://(www\.)?drownedinsound\.com/(assets/|favicon\.ico|images/|javascripts/|static_images/)" /-->
+
+
+	<securecookie host="^\.drownedinsound\.com$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?drownedinsound\.com/(?!assets/|favicon\.ico|(?:static_)?images/|javascripts/)"
+		to="https://www.drownedinsound.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Drowned_In_Sound.com.xml b/src/chrome/content/rules/Drowned_In_Sound.com.xml
new file mode 100644
index 000000000000..d8f783539ae3
--- /dev/null
+++ b/src/chrome/content/rules/Drowned_In_Sound.com.xml
@@ -0,0 +1,40 @@
+<!--
+	For problematic rules, see Drowned_In_Sound.com-problematic.xml.
+
+
+	CDN buckets:
+
+		- dis.images.s3.amazonaws.com
+		- dis.resized.images.s3.amazonaws.com
+		- dis11.herokuapp.com
+
+
+	CN: *.herokuapp.com
+
+
+	Mixed content:
+
+		- Images, from:
+
+			- dis.images.s3.amazonaws.com *
+			- dis.resized.images.s3.amazonaws.com *
+
+		- Ads from delivery.w00tads.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Drowned In Sound.com (partial)">
+
+	<target host="drownedinsound.com" />
+	<target host="www.drownedinsound.com" />
+		<!--
+			Avoid user-visible paths:
+							-->
+		<!--exclusion pattern="^http://(www\.)?drownedinsound\.com/(?!assets/|favicon\.ico|images/|javascripts/|static_images/)" /-->
+
+
+	<rule from="^http://(?:www\.)?drownedinsound\.com/(?=assets/|favicon\.ico|(?:static_)?images/|javascripts/)"
+		to="https://dis11.herokuapp.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DrugPolicy.org.xml b/src/chrome/content/rules/DrugPolicy.org.xml
index ff6dd81db025..f006772dc2e7 100644
--- a/src/chrome/content/rules/DrugPolicy.org.xml
+++ b/src/chrome/content/rules/DrugPolicy.org.xml
@@ -1,9 +1,15 @@
-<ruleset name="drugpolicy.org">
-  <target host="www.drugpolicy.org" />
-  <target host="drugpolicy.org" />
-
-  <rule from="^http://(www\.)?drugpolicy\.org/" to="https://www.drugpolicy.org/"/>
-  <rule from="^https://drugpolicy\.org/" to="https://www.drugpolicy.org/"/>
-
-  <securecookie host="^(www)?\.drugpolicy\.org" name=".*" />
-</ruleset>
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.drugpolicy.org/ => https://www.drugpolicy.org/: Too many redirects while fetching 'https://www.drugpolicy.org/'
+Fetch error: http://drugpolicy.org/ => https://www.drugpolicy.org/: Too many redirects while fetching 'https://www.drugpolicy.org/'
+
+-->
+<ruleset name="drugpolicy.org" default_off="failed ruleset test">
+  <target host="www.drugpolicy.org" />
+  <target host="drugpolicy.org" />
+
+  <rule from="^http://(?:www\.)?drugpolicy\.org/" to="https://www.drugpolicy.org/"/>
+
+  <securecookie host="^(?:www)?\.drugpolicy\.org" name=".+" />
+</ruleset>
diff --git a/src/chrome/content/rules/Drug_Forum-problematic.xml b/src/chrome/content/rules/Drug_Forum-problematic.xml
index 552873dae6b0..35f6afc16008 100644
--- a/src/chrome/content/rules/Drug_Forum-problematic.xml
+++ b/src/chrome/content/rules/Drug_Forum-problematic.xml
@@ -10,4 +10,4 @@
 	<rule from="^http://img(\d)\.drugsforum\.eu/"
 		to="https://img$1.drugsforum.eu/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Drug_Forum.xml b/src/chrome/content/rules/Drug_Forum.xml
deleted file mode 100644
index 51f1d28369a3..000000000000
--- a/src/chrome/content/rules/Drug_Forum.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	For problematic rules, see Drug_Forum-problematic.xml.
-
-
-	Problematic domains:
-
-		- img[123].drugsforum.eu	(works, self-signed)
-
--->
-<ruleset name="Drug Forum" platform="mixedcontent">
-
-	<target host="drugs-forum.com" />
-	<target host="www.drugs-forum.com" />
-
-
-	<securecookie host="^(?:www\.)?drugs-forum\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?drugs-forum\.com/"
-		to="https://$1drugs-forum.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Drug_Science.org.uk.xml b/src/chrome/content/rules/Drug_Science.org.uk.xml
new file mode 100644
index 000000000000..092af3344589
--- /dev/null
+++ b/src/chrome/content/rules/Drug_Science.org.uk.xml
@@ -0,0 +1,31 @@
+<!--
+	CDN buckets:
+
+		- iscd.s3.amazonaws.com
+
+
+	CN: *.heroku.com
+
+
+	Mixed content:
+
+		- css from fonts.googleapis.com ¹
+
+		- Images, from:
+
+			- www.justgiving ¹
+			- img.ymlp.com ²
+
+	¹ Secured by us
+	² Unsecurable
+
+-->
+<ruleset name="Drug Science.org.uk" default_off="mismatched">
+
+	<target host="drugscience.org.uk" />
+	<target host="www.drugscience.org.uk" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Drugs-Forum.com.xml b/src/chrome/content/rules/Drugs-Forum.com.xml
new file mode 100644
index 000000000000..8de14f8e0fae
--- /dev/null
+++ b/src/chrome/content/rules/Drugs-Forum.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Note: This site blocks Tor users.
+
+	Invalid certificate:
+		att\d.drugs-forum.com
+		avatars.drugs-forum.com
+		img\d.drugs-forum.com
+		mail.drugs-forum.com
+		ns1.drugs-forum.com
+		wwws.drugs-forum.com
+
+-->
+<ruleset name="Drugs-Forum.com">
+
+	<target host="drugs-forum.com" />
+	<target host="www.drugs-forum.com" />
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^drugs-forum\.com$" name="^bbsessionhash$" /-->
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Drugstore.com.xml b/src/chrome/content/rules/Drugstore.com.xml
index fdf2f9fc1c0a..f17f5d0a13d7 100644
--- a/src/chrome/content/rules/Drugstore.com.xml
+++ b/src/chrome/content/rules/Drugstore.com.xml
@@ -1,8 +1,17 @@
 <ruleset name="drugstore.com (partial)">
 
 	<target host="drugstore.com" />
-	<target host="*.drugstore.com" />
-	<target host="*.ds-static.com" />
+	<target host="cfs.drugstore.com" />
+	<target host="dscmp1.drugstore.com" />
+	<target host="www.drugstore.com" />
+	<target host="pics.drugstore.com" />
+	<target host="pics1.drugstore.com" />
+	<target host="pics2.drugstore.com" />
+	<target host="pics3.drugstore.com" />
+	<target host="pics.ds-static.com" />
+	<target host="pics1.ds-static.com" />
+	<target host="pics2.ds-static.com" />
+	<target host="pics3.ds-static.com" />
 
 
 	<!--	At least some pages 302 to http.
diff --git a/src/chrome/content/rules/Drupal.xml b/src/chrome/content/rules/Drupal.xml
deleted file mode 100644
index 2c8bb8fbe064..000000000000
--- a/src/chrome/content/rules/Drupal.xml
+++ /dev/null
@@ -1,37 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- api *
-		- denver2012 *
-		- ftp
-		- groups *
-		- localize *
-		- munich2012 *
-		- qa *
-		- testing *
-
-	* 403: https://drupal.org/node/952992
-
-
-	Partially covered subdomains:
-
-		- portland2013 *
-		- sydney2013 *		(sites/default/files/images/laudanum-140.png loops)
-
-	* Some [most?] pages redirect to http, including login & registration
-				
--->
-<ruleset name="Drupal (partial)">
-
-	<target host="drupal.org" />
-	<target host="*.drupal.org" />
-		<exclusion pattern="^http://(?:portland|sydney)2013\.drupal\.org/(?!cart(?:$|\?|/)|sites/(?!default/files/images/laudanum-140\.png))" />
-
-
-	<rule from="^http://(?:www\.)?drupal\.org/"
-		to="https://drupal.org/" />
-
-	<rule from="^http://(association|chicago2011|lists|london2011|portland2013|sec|security|sydney2013)\.drupal\.org/"
-		to="https://$1.drupal.org/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Drupal_Gardens.com.xml b/src/chrome/content/rules/Drupal_Gardens.com.xml
new file mode 100644
index 000000000000..913a97c45879
--- /dev/null
+++ b/src/chrome/content/rules/Drupal_Gardens.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these domains and hosts:
+
+		- www.drupalgardens.com
+		- .www.drupalgardens.com
+
+-->
+<ruleset name="Drupal Gardens.com">
+
+	<target host="drupalgardens.com" />
+	<target host="www.drupalgardens.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.drupalgardens\.com$" name="^browser_version$" /-->
+	<!--securecookie host="^\.www\.drupalgardens\.com$" name="^SESS[\da-f]{32}$" /-->
+
+	<securecookie host="^\.?www\.drupalgardens\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Drweb.com.xml b/src/chrome/content/rules/Drweb.com.xml
index 1e3556d4db2b..91f24281b97f 100644
--- a/src/chrome/content/rules/Drweb.com.xml
+++ b/src/chrome/content/rules/Drweb.com.xml
@@ -1,72 +1,77 @@
-<!--
-	Nonfunctional subdomains:
-
-		- awstats	(data differs)
-		- bugs
-		- ftp		(redirects to drweb.fr, mismatched, CN: *.drweb.fr)
-		- forum
-		- info		(shows https://awstats)
-		- live
-		- people
-		- update	(data differs, mismatched, CN: *.drweb.fr)
-		- us		(shows blank tree)
-		- us1
 
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://blogs.drweb.com/ => https://blogs.drweb.com/: (7, 'Failed to connect to blogs.drweb.com port 443: Connection refused')
+Fetch error: http://online3.drweb.com/ => https://online3.drweb.com/: (6, 'Could not resolve host: online3.drweb.com')
+Fetch error: http://update.drweb.com/ => https://update.drweb.com/: (51, "SSL: no alternative certificate subject name matches target host name 'update.drweb.com'")
 
-	Problematic subdomains:
+	Dr.Web
 
-		^	(.+ redirects to www.drweb.com/$)
 
+	Nonfunctional hosts in *drweb.com:
 
-	Fully covered subdomains:
+		- awstats	(data differ)
+		- ftp ²
+		- forum ³
+		- live ³
+		- people ⁴
+		- us ²
+		- us1 ²
 
-		- (www.)	(^ → www)
-		- antifraud
-		- antitheft
-		- beta
-		- blogs
-		- buy
-		- company
-		- customers
-		- download
-		- estore
-		- f2
-		- license
-		- mobi
-		- my
-		- network
-		- news
-		- new-support
-		- online
-		- online[13]
-		- osp
-		- pa
-		- partners
-		- pda
-		- products
-		- promotions
-		- solutions
-		- st
-		- stat
-		- support
-		- training
-		- vms
-		- wiki
+	² 404
+	³ Plaintext reply
+	⁴ Refused
 
 -->
-<ruleset name="Dr.Web">
+<ruleset name="Dr Web.com" default_off="failed ruleset test">
 
 	<target host="drweb.com" />
-	<target host="*.drweb.com" />
+	<target host="antifraud.drweb.com" />
+	<target host="antitheft.drweb.com" />
+	<target host="beta.drweb.com" />
+	<target host="blogs.drweb.com" />
+	<target host="bugs.drweb.com" />
+	<target host="buy.drweb.com" />
+	<target host="company.drweb.com" />
+	<target host="customers.drweb.com" />
+	<target host="download.drweb.com" />
+	<target host="estore.drweb.com" />
+	<target host="f2.drweb.com" />
+	<target host="info.drweb.com" />
+	<target host="license.drweb.com" />
+	<target host="mobi.drweb.com" />
+	<target host="my.drweb.com" />
+	<target host="network.drweb.com" />
+	<target host="new-support.drweb.com" />
+	<target host="news.drweb.com" />
+	<target host="online.drweb.com" />
+	<target host="online1.drweb.com" />
+	<target host="online3.drweb.com" />
+	<target host="osp.drweb.com" />
+	<target host="pa.drweb.com" />
+	<target host="partners.drweb.com" />
+	<target host="pda.drweb.com" />
+	<target host="products.drweb.com" />
+	<target host="promotions.drweb.com" />
+	<target host="solutions.drweb.com" />
+	<target host="st.drweb.com" />
+	<target host="stat.drweb.com" />
+	<target host="support.drweb.com" />
+	<target host="training.drweb.com" />
+	<target host="update.drweb.com" />
+	<target host="vms.drweb.com" />
+	<target host="wiki.drweb.com" />
+	<target host="www.drweb.com" />
 
 
-	<securecookie host="^.*\.drweb\.com$" name=".+" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.drweb\.com$" name="^(drwse|lng)$" /-->
 
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(?:www\.)?drweb\.com/"
-		to="https://www.drweb.com/" />
 
-	<rule from="^http://(antifraud|antitheft|beta|blogs|buy|company|customers|download|estore|f2|license|mobi|my|network|news|online\d?|osp|pa|partners|pda|products|promotions|solutions|st|stat|(?:new-)?support|training|vms|wiki)\.drweb\.com/"
-		to="https://$1.drweb.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Drwho.virtadpt.net.xml b/src/chrome/content/rules/Drwho.virtadpt.net.xml
index 19e817fa52a8..a5207e92e09b 100644
--- a/src/chrome/content/rules/Drwho.virtadpt.net.xml
+++ b/src/chrome/content/rules/Drwho.virtadpt.net.xml
@@ -1,5 +1,6 @@
-<ruleset name="Drwho.virtadpt.net (self-signed)" default_off="self-signed">
- <target host="drwho.virtadpt.net" />
- <target host="www.drwho.virtadpt.net" />
- <rule from="^http://(www\.)?drwho\.virtadpt\.net/" to="https://drwho.virtadpt.net/"/>
+<ruleset name="Drwho.virtadpt.net">
+	<target host="drwho.virtadpt.net" />
+	<target host="www.drwho.virtadpt.net" />
+
+	<rule from="^http:" to="https:"/>
 </ruleset>
diff --git a/src/chrome/content/rules/DryIcons.com.xml b/src/chrome/content/rules/DryIcons.com.xml
index 76a6f4e26d4d..0d7bbe3080d4 100644
--- a/src/chrome/content/rules/DryIcons.com.xml
+++ b/src/chrome/content/rules/DryIcons.com.xml
@@ -1,25 +1,22 @@
 <!--
-	Problematic subdomains:
-
-		- www	(works, cert only matches ^dryicons.com)
-
-
-	Fully covered subdomains:
-
-		- (www.)	(www → ^)
-		- [abc]
+	Invalid certificate:
+		www.dryicons.com
 
 -->
 <ruleset name="DryIcons.com">
 
 	<target host="dryicons.com" />
-	<target host="*.dryicons.com" />
-
+	<target host="www.dryicons.com" />
+	<target host="a.dryicons.com" />
+	<target host="b.dryicons.com" />
+	<target host="c.dryicons.com" />
 
-	<securecookie host="^\.?dryicons\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
+	<rule from="^http://www\.dryicons\.com/"
+		to="https://dryicons.com/" />
 
-	<rule from="^http://(?:(\w\.)|www\.)?dryicons\.com/"
-		to="https://$1dryicons.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/DualShockers.com.xml b/src/chrome/content/rules/DualShockers.com.xml
index b999aeb2a854..f1bbe6010468 100644
--- a/src/chrome/content/rules/DualShockers.com.xml
+++ b/src/chrome/content/rules/DualShockers.com.xml
@@ -17,10 +17,11 @@
 -->
 <ruleset name="DualShockers.com (partial)" default_off="mismatched">
 
-	<target host="*.dualshockers.com" />
+	<target host="cdn.dualshockers.com" />
+	<target host="cdn2.dualshockers.com" />
 
 
 	<rule from="^http://cdn2?\.dualshockers\.com/"
 		to="https://935956332.r.cdn77.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Duba.com.xml b/src/chrome/content/rules/Duba.com.xml
new file mode 100644
index 000000000000..aa505e66daad
--- /dev/null
+++ b/src/chrome/content/rules/Duba.com.xml
@@ -0,0 +1,49 @@
+<!--
+	Nonfunctional hosts in *duba.com:
+
+		- game ¹
+		- gouwu ²
+		- sports ³
+		- tuan ⁴
+		- v ⁵
+
+	¹ Shows www.duba.com
+	² Shows another domain
+	³ Plaintext reply
+	⁴ Redirects to www.duba.com
+	⁵ Redirects to 50x.html
+
+
+	^duba.com: Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.duba.com
+
+-->
+<ruleset name="duba.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.duba.com" />
+
+	<!--	Complications:
+				-->
+	<target host="duba.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.duba\.com$" name="^_dbsg$" /-->
+
+	<securecookie host="^www\.duba\.com$" name=".+" />
+
+
+	<rule from="^http://duba\.com/"
+		to="https://www.duba.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Dubfire.net.xml b/src/chrome/content/rules/Dubfire.net.xml
new file mode 100644
index 000000000000..02b21e252278
--- /dev/null
+++ b/src/chrome/content/rules/Dubfire.net.xml
@@ -0,0 +1,18 @@
+<!--
+	Nonfunctional hosts in *dubfire.net:
+
+		- paranoia *
+
+	* Blogger
+
+-->
+<ruleset name="dubfire.net (partial)">
+
+	<target host="dubfire.net" />
+	<target host="www.dubfire.net" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DuckCorp.xml b/src/chrome/content/rules/DuckCorp.xml
deleted file mode 100644
index 199e0cb137d0..000000000000
--- a/src/chrome/content/rules/DuckCorp.xml
+++ /dev/null
@@ -1,30 +0,0 @@
-<!--
-	Nonfunctional mini-dweeb.org subdomains:
-
-		- dico			(shows a different domain's data)
-		- rcs-git-viewer	(ditto)
-		- www			(ditto)
-
--->
-<ruleset name="DuckCorp" default_off="self-signed">
-
-	<target host="andesi.org" />
-	<target host="*.andesi.org" />
-	<target host="mini-dweeb.org" />
-	<target host="*.mini-dweeb.org" />
-
-
-	<securecookie host="^andesi\.org$" name=".*" />
-	<securecookie host="^.*\.mini-dweeb\.org$" name=".*" />
-
-
-	<rule from="^https?://(?:www\.)?andesi\.org/"
-		to="https://andesi.org/" />
-
-	<rule from="^http://forum\.andesi\.org/"
-		to="https://forum.andesi.org/" />
-
-	<rule from="^http://(debian|lists|projects|rcs|rcs-git|users|webdesk|webmail(?:-rc|-sm)?|wiki)\.mini-dweeb\.org/"
-		to="https://$1.mini-dweeb.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/DuckDuckGo.xml b/src/chrome/content/rules/DuckDuckGo.xml
index 173a9ad9f13b..433591cfcd05 100644
--- a/src/chrome/content/rules/DuckDuckGo.xml
+++ b/src/chrome/content/rules/DuckDuckGo.xml
@@ -1,38 +1,80 @@
 <!--
-	Problematic domains:
+	Other DuckDuckGo related rulesets:
+		+ duckduckhack.com.xml
+		+ donttrack.us.xml
+		+ SpreadPrivacy.com.xml
 
-		- www.dukgo.com		(mismatched, CN: dukgo.com)
+	Non-functional hosts
+		Couldn't connect to server:
+			 - blink.duckduckgo.com
 
+		Timeout was reached:
+			 - favicons.duckduckgo.com
+			 - flash.duckduckgo.com
+			 - im.duckduckgo.com
+			 - tmbg.duckduckgo.com
+			 - va-sso1.duckduckgo.com
 
-	Fully covered domains:
+		SSL peer certificate was not OK:
+			 - www.duck.co
+			 - ideas.duckduckgo.com
+			 - mail.duckduckgo.com
+			 - va-ddgc-staging-web1.duckduckgo.com
 
-		- (www.)dukgo.com	(www → ^)
+		Peer certificate cannot be authenticated with given CA certificates:
+			 - www.ddg.gg
 
+		Couldn't resolve host:
+			 - va-l1.duckduckgo.com
+       - dukgo.com
 -->
 <ruleset name="DuckDuckGo">
-  <target host="duckduckgo.com" />
-  <target host="*.duckduckgo.com" />
-  <target host="ddg.gg" />
-  <target host="duck.co" />
-  <target host="i.duck.co" />
-	<target host="dukgo.com" />
-	<target host="www.dukgo.com" />
+	<target host="duck.co" />
+	<target host="www.duck.co" />
 
-  <exclusion pattern="^http://(help|meme)\.duckduckgo\.com/" />
+	<target host="duckduckgo.com" />
+	<target host="www.duckduckgo.com" />
+	<target host="ac.duckduckgo.com" />
+	<target host="api.duckduckgo.com" />
+	<target host="beta.duckduckgo.com" />
+	<target host="blog.duckduckgo.com" />
+	<target host="bttf.duckduckgo.com" />
+	<target host="chrome.duckduckgo.com" />
+	<target host="dub.duckduckgo.com" />
+	<target host="external-content.duckduckgo.com" />
+	<target host="ff.duckduckgo.com" />
+	<target host="help.duckduckgo.com" />
+	<target host="i.duckduckgo.com" />
+	<target host="images.duckduckgo.com" />
+	<target host="icons.duckduckgo.com" />
+		<test url="http://icons.duckduckgo.com/ip2/twitter.com.ico" />
+	<target host="karma.duckduckgo.com" />
+	<target host="meme.duckduckgo.com" />
+	<target host="moollaza.duckduckgo.com" />
+	<target host="news.duckduckgo.com" />
+	<target host="next.duckduckgo.com" />
+	<target host="r.duckduckgo.com" />
+	<target host="refresh.duckduckgo.com" />
+	<target host="reports.duckduckgo.com" />
+	<target host="safe.duckduckgo.com" />
+	<target host="settings.duckduckgo.com" />
+	<target host="shop.duckduckgo.com" />
+	<target host="staging.duckduckgo.com" />
+	<target host="start.duckduckgo.com" />
+	<target host="watrcoolr.duckduckgo.com" />
+	<target host="wiki.duckduckgo.com" />
 
-	<securecookie host="^duck\.co$" name=".*"/>
+	<target host="ddg.gg" />
+	<target host="www.ddg.gg" />
 
-  <rule from="^http://duckduckgo\.com/" to="https://duckduckgo.com/"/>
-  <rule from="^http://([^/:@\.]+)\.duckduckgo\.com/" to="https://$1.duckduckgo.com/"/>
-	<!-- TODO: What does ddg.gg/foo do? Runs query foo, redirects to homepage, or error? -->
-    <rule from="^http://ddg\.gg/$" to="https://duckduckgo.com/" />
-	
-    <rule from="^http://duck\.co/" to="https://duck.co/" />
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://i\.duck\.co/"
-		to="https://duckduckgo.com/"/>
+	<rule from="^http://www\.duck\.co/"
+			to="https://duck.co/" />
 
-	<rule from="^http://(?:www\.)?dukgo\.com/"
-		to="https://dukgo.com/" />
+	<rule from="^http://www\.ddg\.gg/"
+			to="https://ddg.gg/" />
 
+	<rule from="^http:"
+			to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Duck_DNS.org.xml b/src/chrome/content/rules/Duck_DNS.org.xml
index 7097c8188cdc..078d5c603ff0 100644
--- a/src/chrome/content/rules/Duck_DNS.org.xml
+++ b/src/chrome/content/rules/Duck_DNS.org.xml
@@ -4,10 +4,10 @@
 	<target host="www.duckdns.org" />
 
 
-	<securecookie host="^(?:www\.)?duckdns\.org$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(www\.)?duckdns\.org/"
-		to="https://$1duckdns.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Duden.de.xml b/src/chrome/content/rules/Duden.de.xml
new file mode 100644
index 000000000000..7bee19055a21
--- /dev/null
+++ b/src/chrome/content/rules/Duden.de.xml
@@ -0,0 +1,19 @@
+<!--
+	Timeout:
+		s.duden.de
+-->
+<ruleset name="Duden.de">
+
+	<target host="duden.de" />
+	<target host="www.duden.de" />
+	<target host="autodiscover.duden.de" />
+	<target host="dev.duden.de" />
+	<target host="lyncdiscover.duden.de" />
+	<target host="newsletter.duden.de" />
+	<target host="stage.duden.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Dudley.gov.uk-mixedcontent.xml b/src/chrome/content/rules/Dudley.gov.uk-mixedcontent.xml
new file mode 100644
index 000000000000..4d995f6e3d3c
--- /dev/null
+++ b/src/chrome/content/rules/Dudley.gov.uk-mixedcontent.xml
@@ -0,0 +1,23 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://moodle.dudley.gov.uk/ => https://moodle.dudley.gov.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'moodle.dudley.gov.uk'")
+Fetch error: http://www2.dudley.gov.uk/ => https://www2.dudley.gov.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'www2.dudley.gov.uk'")
+
+	For rules not causing MCB, see Dudley.gov.uk.xml.
+
+-->
+<ruleset name="Dudley.gov.uk (MCB)" platform="mixedcontent" default_off="failed ruleset test">
+
+	<target host="moodle.dudley.gov.uk" />
+	<target host="online.dudley.gov.uk" />
+	<target host="www2.dudley.gov.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Dudley.gov.uk.xml b/src/chrome/content/rules/Dudley.gov.uk.xml
new file mode 100644
index 000000000000..5aac515fa20e
--- /dev/null
+++ b/src/chrome/content/rules/Dudley.gov.uk.xml
@@ -0,0 +1,141 @@
+<!--
+	Dudley Metropolitan Borough Council
+
+	For rules causing MCB, see Dudley.gov.uk-mixedcontent.xml.
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *dudley.gov.uk:
+
+		- businessfirst ᵗ
+		- childrenscentres ʳ
+		- cmis ²
+		- planningdocuments ʳ
+		- safeguardingchildren *
+		- www.walkzone ᵃ
+		- www4 ᵗ
+
+	* Redirects to wp01.dudley.gov.uk
+	² 200 blank page
+	ᵃ Shows another domain
+	ʳ Refused
+	ᵗ Reset for >= 1 path
+
+
+	Problematic hosts in *dudley.gov.uk:
+
+		- ^ ³
+		- blackcountrycorestrategy ᵐ
+		- businesscrime ᵐ
+		- councillors ᵐ
+		- dcp ᵐ
+		- discover ᵐ
+		- drsc ᵐ
+		- gismo ᶜ
+		- glassquarter ᵐ
+		- moodle ˣ
+		- online ˣ
+		- recycling ᵐ
+		- safeguarding ᵐ
+		- www2 ˣ
+
+	³ 403
+	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
+	ᵐ Mismatched
+	ˣ Mixed css
+
+
+	Insecure cookies are set for these hosts:
+
+		- discover.dudley.gov.uk
+		- fis.dudley.gov.uk
+		- gismo.dudley.gov.uk
+		- glassquarter.dudley.gov.uk
+		- libcat.dudley.gov.uk
+		- moodle.dudley.gov.uk
+		- www2.dudley.gov.uk
+
+
+	Mixed content:
+
+		- css, on:
+
+			- moodle from $self
+			- online from gismo.dudley.gov.uk
+			- www2 from www.dudley.gov.uk
+
+		- Images, on:
+
+			- online, www2 from www.dudley.gov.uk
+			- moodle, www2 from $self
+
+-->
+<ruleset name="Dudley.gov.uk (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="fis.dudley.gov.uk" />
+	<target host="forms.dudley.gov.uk" />
+	<!--target host="gismo.dudley.gov.uk" /-->
+	<target host="libcat.dudley.gov.uk" />
+	<!--target host="moodle.dudley.gov.uk" /-->
+	<!--target host="online.dudley.gov.uk" /-->
+	<target host="payments.dudley.gov.uk" />
+	<target host="wp01.dudley.gov.uk" />
+	<target host="www.dudley.gov.uk" />
+	<!--target host="www2.dudley.gov.uk" /-->
+	<target host="www3.dudley.gov.uk" />
+	<target host="www5.dudley.gov.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="dudley.gov.uk" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.dudley\.gov\.uk/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://(?:www\.)?dudley\.gov\.uk/+(?![Ee]asy[Ss]ite(?:[Ww]eb)?/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.dudley.gov.uk/dpa" />
+			<test url="http://www.dudley.gov.uk/health/" />
+			<test url="http://www.dudley.gov.uk/payments" />
+
+			<!--	-ve:
+					-->
+			<test url="http://dudley.gov.uk/EasysiteWeb/getresource.axd?AssetID=257913&amp;type=full&amp;servicetype=Inline" />
+			<test url="http://www.dudley.gov.uk/easysiteweb/easysite/styledata/uid_12_dmbc_default/css/common_custom.css" />
+
+		<!--	Mixed css:
+					-->
+		<!--test url="http://online.dudley.gov.uk/tellmeaboutmy/" /-->
+		<!--test url="http://www2.dudley.gov.uk/parking/" /-->
+
+		<!--	Reset:
+				-->
+		<!--test url="http://businessfirst.dudley.gov.uk/business-support/" /-->
+		<!--test url="http://www4.dudley.gov.uk/rbmdsearch/" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:discover|glassquarter|libcat)\.dudley\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^fis\.dudley\.gov\.uk$" name="^PE(?:Language|Test)Cookie$" /-->
+	<!--securecookie host="^(?:gismo|www2)\.dudley\.gov\.uk$" name="^ASPSESSIONID[A-Z]{8}$" /-->
+	<!--securecookie host="^moodle\.dudley\.gov\.uk$" name="^MoodleSession$" /-->
+
+	<securecookie host="^(?!www\.)\w" name=".+" />
+
+
+	<rule from="^http://dudley\.gov\.uk/"
+		to="https://www.dudley.gov.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Dueling_Aanalogs.com.xml b/src/chrome/content/rules/Dueling_Aanalogs.com.xml
index 52ee08d0f12c..d1df262973a9 100644
--- a/src/chrome/content/rules/Dueling_Aanalogs.com.xml
+++ b/src/chrome/content/rules/Dueling_Aanalogs.com.xml
@@ -19,4 +19,4 @@
 	<rule from="^http://cdn\.duelinganalogs\.com/"
 		to="https://d2fnxgc3lifa5q.cloudfront.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Duke-Energy-Convention-Center.xml b/src/chrome/content/rules/Duke-Energy-Convention-Center.xml
index 9935792262e0..0988fc5decc2 100644
--- a/src/chrome/content/rules/Duke-Energy-Convention-Center.xml
+++ b/src/chrome/content/rules/Duke-Energy-Convention-Center.xml
@@ -1,25 +1,35 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://duke-energycenter.com/ => https://www.duke-energycenter.com/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://duke-energycenter.com/ => https://www.duke-energycenter.com/: (7, 'Failed to connect to www.duke-energycenter.com port 443: Connection refused')
+
 	Nonfunctional subdomains:
 
 		- m	(interrupted)
 
 -->
-<ruleset name="Duke Energy Convention Center (partial)">
+<ruleset name="Duke Energy Convention Center (partial)" default_off="failed ruleset test">
 
 	<target host="duke-energycenter.com" />
-	<target host="*.duke-energycenter.com" />
+	<target host="www.duke-energycenter.com" />
+	<target host="orders.duke-energycenter.com" />
 
 
-	<securecookie host="^www\.duke-energycenter\.com$" name=".*" />
+	<securecookie host="^www\.duke-energycenter\.com$" name=".+" />
 
 
 	<!--	- !www over https: 403
 		- !www works over http
 						-->
-	<rule from="^https?://(?:www\.)?duke-energycenter\.com/"
+	<rule from="^http://(?:www\.)?duke-energycenter\.com/"
 		to="https://www.duke-energycenter.com/" />
 
-	<rule from="^http://orders\.duke-energycenter\.com/"
-		to="https://orders.duke-energycenter.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Duke-University-mismatches.xml b/src/chrome/content/rules/Duke-University-mismatches.xml
deleted file mode 100644
index aac6085826a3..000000000000
--- a/src/chrome/content/rules/Duke-University-mismatches.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	For rules that are on by default, see Duke-University.xml.
-
--->
-<ruleset name="Duke University (mismatches)" default_off="mismatch, self-signed">
-
-	<target host="global.duke.edu" />
-	<target host="ondemand.duke.edu" />
-
-
-	<!--	global: self-signed
-		ondemand cert: pculture.org	-->
-	<rule from="^http://(global|ondemand)\.duke\.edu/"
-		to="https://$1.duke.edu/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Duke-University.xml b/src/chrome/content/rules/Duke-University.xml
deleted file mode 100644
index 0bba63a613d0..000000000000
--- a/src/chrome/content/rules/Duke-University.xml
+++ /dev/null
@@ -1,127 +0,0 @@
-<!--
-	For problematic rules, see Duke-University-mismatches.xml.
-
-
-	s3.amazonaws.com/s3.mirocommunity.org/duke/
-	image.cdnllnwnl.xosnetwork.com	(cert: *.hs.llnwd.net; displays blank page)
-
-
-	Nonfunctional domains:
-
-		- dukehealth.org
-		- www.dukehealth.org
-		- dukeexechealth.org		(cert: members.dukeexechealth.org; shows that domain's data)
-		- www.dukeexechealth.org	(ditto)
-		- dukemedicine.org
-		- construction.dukemedicine.org
-		- www.dukemedicine.org
-		- dukenursing.org		(cert: careers.lowes.com; shows that domain's data)
-		- www.dukenursing.org		(ditto)
-		- insidedukemedicine.org
-		- www.insidedukemedicine.org
-
-		*.duke.edu:
-
-			- $
-			- about
-			- academiccouncil	(cert: voting.academiccouncil;
-						shows that domain's data)
-			- academics		(ssl_error_rx_record_too_long)
-			- admit
-			- arts			(ssl_error_rx_record_too_long)
-			- atoz
-			- calendar		(at least some paths 404)
-			- static.calendar	(cert: calendar; redirects to calendar.duke.edu/static/;
-						displays directory listing)
-			- www.calendar		(at least some paths 404)
-			- dhts			(cert: members.dukeexechealth.org; redirects to that domain)
-			- diversity		(cert: goldenorb.trinity; shows that domain's data)
-			- dukecard		(ssl_error_rx_record_too_long)
-			- judge			(cert: catalog.library; 404s on some catalog paths)
-			- archives.mc
-			- www.mc		(cert: vml-r04-lamp02, self-signed, expired;
-						prints "This website has not yet been configured")
-			- medschool		(ditto)
-			- www.medschool		(ditto)
-			- newsoffice
-			- coegne.nursing	(cert: dusonnet.nursing; shows that subdomain's data)
-			- plasma.pratt		(prints "This is the secure site!")
-			- research		(ssl_error_rx_record_too_long)
-			- www.research		(ditto)
-			- spotlights
-			- www.spotlights
-			- stratplan		(cert: BPIRData, self-signed; 403)
-			- www.stratplan		(ditto)
-			- trustees
-			- visit
-			- www
-
-	Unknown:
-
-		- staff.dukehealth.org	(times out over http)
-
--->
-<ruleset name="Duke University (partial)" platform="mixedcontent">
-
-	<target host="*.duke.edu" />
-	<target host="www.*.duke.edu" />
-	<target host="voting.academiccouncil.duke.edu" />
-	<target host="login.dhts.duke.edu" />
-	<target host="*.library.duke.edu" />
-	<target host="www.mclibrary.duke.edu" />
-	<target host="*.nursing.duke.edu" />
-	<target host="*.oit.duke.edu" />
-	<target host="*.pratt.duke.edu" />
-	<target host="*.inside.pratt.duke.edu" />
-	<target host="goldenorb.trinity.duke.edu" />
-	<target host="members.dukeexechealth.org" />
-	<target host="goduke.com" />
-	<target host="www.goduke.com" />
-
-
-	<securecookie host="^.*\.duke\.edu$" name=".*" />
-
-
-	<!--	At least the homepage redirects to http.
-
-		Cert only matches !www.
-
-		mobile/images/ 404s.	-->
-	<rule from="^https?://(?:www\.)?library\.duke\.edu/(css/|favicon\.ico|imgs?/|sites/)"
-		to="https://library.duke.edu/$1" />
-
-	<rule from="^http://(voting\.academiccouncil|login\.dhts|fds|(?:www\.)?(?:finance|hr|security|today)|www\.finsvc|giving|(?:blogs|catalog)\.library|(?:(?:dusonnet|match|www)\.)?nursing|(?:(?:alertbar|bb-idp|brandbar|pwreset|shib|www)\.)?oit|inside\.pratt|(?:goldenorb\.)?trinity)\.duke\.edu/"
-		to="https://$1.duke.edu/" />
-
-	<!--	Cert doesn't match www.
-		www works over http.	-->
-	<rule from="^https?://(?:www\.)?giving\.duke\.edu/"
-		to="https://giving.duke.edu/" />
-
-	<!--	At least the homepage redirects to http.
-		temp/ paths redirect to http.	-->
-	<rule from="^http://www\.mclibrary\.duke\.edu/(images/|style_\w+\.css$)"
-		to="https://www.mclibrary.duke.edu/$1" />
-
-	<!--	- Cert only matches *.pratt
-		- At least some pages 302 to http
-		- files/ 302s to http
-		- wordpress/ 404s
-						-->
-	<rule from="^https?://(?:www\.)?pratt\.duke\.edu/(modul|sit)es/"
-		to="https://www.pratt.duke.edu/$1es/" />
-
-	<!--	At least some pages 302 to http.
-						-->
-	<rule from="^http://it\.pratt\.duke\.edu/(modul|sit)es/"
-		to="https://it.pratt.duke.edu/$1es/" />
-
-	<rule from="^http://members\.dukeexechealth\.org/"
-		to="https://members.dukeexechealth.org/" />
-
-	<!--	Cert mismatch, at least homepage 404s over https.	-->
-	<rule from="^https?://(?:www\.)?goduke\.com/(ads2|css|fls|images|siteMediaPlayer|pics32)/"
-		to="https://smnathletics.com/$1/" />
-
-
-</ruleset>
diff --git a/src/chrome/content/rules/Duke.edu.xml b/src/chrome/content/rules/Duke.edu.xml
new file mode 100644
index 000000000000..ebde0704a4af
--- /dev/null
+++ b/src/chrome/content/rules/Duke.edu.xml
@@ -0,0 +1,149 @@
+<!--
+	Duke University
+
+	Non-functional host in *.goduke.com
+		SSL connect error:
+			 - goduke.com
+			 - www.goduke.com
+
+	Non-functional hosts in *.duke.edu
+		Couldn't connect to server:
+			 - emergency.duke.edu
+
+		SSL connect error:
+			 - www.farm.duke.edu
+
+		SSL peer certificate was not OK:
+			 - cds.aas.duke.edu
+			 - www.dukemagazine.duke.edu
+			 - dukemed.duke.edu
+			 - maps.duke.edu
+			 - divisions.oit.duke.edu
+			 - www.pubpol.duke.edu
+			 - soc.siss.duke.edu
+			 - research.som.duke.edu
+			 - www.ssri.duke.edu
+			 - www.trinity.duke.edu
+
+		Peer certificate cannot be authenticated with given CA certificates:
+			 - admissions.duke.edu
+			 - www.env.duke.edu
+			 - www.interdisciplinary.duke.edu
+			 - visit.duke.edu
+
+		Incomplete certificate chain error:
+			 - kenan.ethics.duke.edu
+			 - exhibits2.library.duke.edu
+			 - ors.duke.edu
+
+		4xx client error:
+			 - www.genome.duke.edu
+			 - medschool.duke.edu
+			 - alertbar.oit.duke.edu
+
+		Secure connection redirects to plaintext:
+			 - calendar.duke.edu
+			 - www.fuqua.duke.edu
+			 - learnmore.duke.edu
+
+		Mixed content blocking (MCB) tiggered:
+			 - bigdata.duke.edu
+			 - www.fhi.duke.edu
+			 - lemur.duke.edu
+
+	Non-functional host in *.dukeexechealth.org
+		SSL peer certificate was not OK:
+			 - dukeexechealth.org
+			 - www.dukeexechealth.org
+
+	Non-functional host in *.dukeexecutivehealth.org:
+		SSL peer certificate was not OK:
+			 - dukeexecutivehealth.org
+			 - www.dukeexecutivehealth.org
+
+-->
+<ruleset name="Duke University (partial)">
+	<!-- *.duke.edu -->
+	<target host="duke.edu" />
+	<target host="www.duke.edu" />
+	<target host="aahvs.duke.edu" />
+	<target host="academiccouncil.duke.edu" />
+	<target host="arts.duke.edu" />
+	<target host="bassconnections.duke.edu" />
+	<target host="cit.duke.edu" />
+	<target host="civic.duke.edu" />
+	<target host="danceprogram.duke.edu" />
+	<target host="dibs.duke.edu" />
+	<target host="www.dibs.duke.edu" />
+	<target host="divinity.duke.edu" />
+	<target host="dukeforward.duke.edu" />
+	<target host="dukeperformances.duke.edu" />
+	<target host="durham.duke.edu" />
+	<target host="energy.duke.edu" />
+	<target host="english.duke.edu" />
+	<target host="entrepreneurship.duke.edu" />
+	<target host="financialaid.duke.edu" />
+	<target host="gardens.duke.edu" />
+	<target host="genome.duke.edu" />
+	<target host="giving.duke.edu" />
+	<target host="global.duke.edu" />
+	<target host="globaled.duke.edu" />
+	<target host="globalhealth.duke.edu" />
+	<target host="gradschool.duke.edu" />
+	<target host="hr.duke.edu" />
+	<target host="www.hr.duke.edu" />
+	<target host="humanitieswritlarge.duke.edu" />
+	<target host="inclusive.duke.edu" />
+	<target host="law.duke.edu" />
+	<target host="library.duke.edu" />
+	<target host="lists.duke.edu" />
+	<target host="math.duke.edu" />
+	<target host="www.math.duke.edu" />
+	<target host="mclibrary.duke.edu" />
+	<target host="mfaeda.duke.edu" />
+	<target host="music.duke.edu" />
+	<target host="my.duke.edu" />
+	<target host="www.nasher.duke.edu" />
+	<target host="newsoffice.duke.edu" />
+	<target host="nicholas.duke.edu" />
+	<target host="www.nicholas.duke.edu" />
+	<target host="nursing.duke.edu" />
+	<target host="oie.duke.edu" />
+	<target host="olv.duke.edu" />
+	<target host="pratt.duke.edu" />
+	<target host="it.pratt.duke.edu" />
+	<target host="www.pratt.duke.edu" />
+	<target host="provost.duke.edu" />
+	<target host="registrar.duke.edu" />
+	<target host="research.duke.edu" />
+	<target host="sanford.duke.edu" />
+	<target host="graduate.sanford.duke.edu" />
+	<target host="scienceandsociety.duke.edu" />
+	<target host="sites.duke.edu" />
+	<target host="socialmedia.duke.edu" />
+	<target host="stories.duke.edu" />
+	<target host="studentaffairs.duke.edu" />
+	<target host="styleguide.duke.edu" />
+	<target host="theaterstudies.duke.edu" />
+	<target host="today.duke.edu" />
+	<target host="www.today.duke.edu" />
+	<target host="travel.duke.edu" />
+	<target host="trinity.duke.edu" />
+	<target host="undergrad.duke.edu" />
+	<target host="undergraduateresearch.duke.edu" />
+	<target host="wiki.duke.edu" />
+
+	<!-- *.dukehealth.org -->
+	<target host="dukehealth.org" />
+	<target host="www.dukehealth.org" />
+
+	<!-- *.dukemedicine.org -->
+	<target host="dukemedicine.org" />
+	<target host="www.dukemedicine.org" />
+
+	<!-- *.dukenursing.org -->
+	<target host="dukenursing.org" />
+	<target host="www.dukenursing.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Dulwich.io.xml b/src/chrome/content/rules/Dulwich.io.xml
new file mode 100644
index 000000000000..13d42d72f300
--- /dev/null
+++ b/src/chrome/content/rules/Dulwich.io.xml
@@ -0,0 +1,9 @@
+<ruleset name="Dulwich.io">
+
+	<target host="dulwich.io" />
+	<target host="www.dulwich.io" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Dundee_City.gov.uk.xml b/src/chrome/content/rules/Dundee_City.gov.uk.xml
new file mode 100644
index 000000000000..1d2b9e896b41
--- /dev/null
+++ b/src/chrome/content/rules/Dundee_City.gov.uk.xml
@@ -0,0 +1,70 @@
+<!--
+	Dundee City Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *dundeecity.gov.uk:
+
+		- bygone ᵈ
+		- citycentre ᵈ
+		- idoxwarn ᵈ
+		- inspire ᵈ
+		- opac ᵈ
+		- photopolis ᵈ
+		- pplwd ᵈ
+		- webcam ᵈ
+
+	ᵈ Dropped
+
+
+	^dundeecity.gov.uk: Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- taskflow-portal.dundeecity.gov.uk
+
+-->
+<ruleset name="Dundee City.gov.uk (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="civilcontingencies.dundeecity.gov.uk" />
+	<target host="forms.dundeecity.gov.uk" />
+	<target host="mydundeeaccount.dundeecity.gov.uk" />
+	<target host="secure.dundeecity.gov.uk" />
+	<target host="taskflow-portal.dundeecity.gov.uk" />
+	<target host="www.dundeecity.gov.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="dundeecity.gov.uk" />
+
+		<!--	200 "service unavailable" over http & 403
+			over https => fetch test would fail.
+
+			This makes us stand out more, but that's
+			better than this ruleset being disabled.
+								-->
+		<exclusion pattern="^http://secure\.dundeecity\.gov\.uk/$" />
+
+		<!--	Sets cookie without Secure:
+							-->
+		<!--test url="http://taskflow-portal.dundeecity.gov.uk/portal-live/" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^taskflow-portal\.dundeecity\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://dundeecity\.gov\.uk/"
+		to="https://www.dundeecity.gov.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Dunkelangst.org.xml b/src/chrome/content/rules/Dunkelangst.org.xml
new file mode 100644
index 000000000000..cd668ea05f76
--- /dev/null
+++ b/src/chrome/content/rules/Dunkelangst.org.xml
@@ -0,0 +1,33 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://dunkelangst.org/ => https://dunkelangst.org/: (60, 'SSL certificate problem: self signed certificate')
+Fetch error: http://microblog.dunkelangst.org/ => https://microblog.dunkelangst.org/: (60, 'SSL certificate problem: self signed certificate')
+Fetch error: http://www.dunkelangst.org/ => https://www.dunkelangst.org/: (60, 'SSL certificate problem: self signed certificate')
+
+	Mixed content:
+
+		- Images, on:
+
+			- ^, microblog from $self *
+			- microblog from dunkelangst.org *
+
+	* Secured by us
+
+-->
+<ruleset name="dunkelangst.org" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="dunkelangst.org" />
+	<target host="microblog.dunkelangst.org" />
+	<target host="www.dunkelangst.org" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Duo-Security.xml b/src/chrome/content/rules/Duo-Security.xml
index ba372f4e698d..d3fb657e5c5f 100644
--- a/src/chrome/content/rules/Duo-Security.xml
+++ b/src/chrome/content/rules/Duo-Security.xml
@@ -1,28 +1,42 @@
 <!--
 	Nonfunctional subdomains:
 
-		- go		(redirects to app-sj02.marketo.com)
 		- guide		(interrupted)
 
 
-	Problematic subdomains:
+	Fully covered subdomains:
 
-		- jobs		(mismatched, CN: *.theresumator.com)
+		- go
+		- jobs
+
+
+	Insecure cookies are set for these domains:
+
+		- go
+		- jobs
+		- signup
 
 -->
-<ruleset name="Duo Security (partial)">
+<ruleset name="Duo Security.com (partial)">
 
 	<target host="duosecurity.com" />
-	<target host="*.duosecurity.com" />
+	<target host="admin.duosecurity.com" />
+	<target host="blog.duosecurity.com" />
+	<target host="dl.duosecurity.com" />
+	<target host="go.duosecurity.com" />
+	<target host="jobs.duosecurity.com" />
+	<target host="signup.duosecurity.com" />
+	<target host="www.duosecurity.com" />
 
 
-	<securecookie host="^admin\.duosecurity\.com$" name=".*" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^go\.duosecurity\.com$" name="^BIGipServersj02web-ssl4_https$" /-->
+	<!--securecookie host="^signup\.duosecurity\.com$" name="^_xsrf$" /-->
 
+	<securecookie host="^(?:admin|go|signup)\.duosecurity\.com$" name=".+" />
 
-	<rule from="^http://((?:admin|blog|dl|www)\.)?duosecurity\.com/"
-		to="https://$1duosecurity.com/" />
 
-	<rule from="^https?://jobs\.duosecurity\.com/(css|img)/"
-		to="https://duo.theresumator.com/$1/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Duo.com.xml b/src/chrome/content/rules/Duo.com.xml
new file mode 100644
index 000000000000..ebffd280a39d
--- /dev/null
+++ b/src/chrome/content/rules/Duo.com.xml
@@ -0,0 +1,36 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- insight.duo.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Duo.com">
+
+	<target host="duo.com" />
+	<target host="de.duo.com" />
+	<target host="fr.duo.com" />
+	<target host="go.duo.com" />
+	<target host="guide.duo.com" />
+	<target host="help.duo.com" />
+	<target host="insight.duo.com" />
+	<target host="kb.duo.com" />
+	<target host="labs.duo.com" />
+	<target host="signup.duo.com" />
+	<target host="status.duo.com" />
+	<target host="www.duo.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^insight\.duo\.com$" name="^session$" /-->
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Duodecim.fi.xml b/src/chrome/content/rules/Duodecim.fi.xml
index 4f25a7bc9feb..b9ee1a6f0358 100644
--- a/src/chrome/content/rules/Duodecim.fi.xml
+++ b/src/chrome/content/rules/Duodecim.fi.xml
@@ -3,8 +3,7 @@
   <target host="duodecim.fi"/>
   <target host="star.duodecim.fi"/>
   <target host="verkkokauppa.duodecim.fi"/>
-  <rule from="^http://(www\.)?duodecim\.fi/" to="https://www.duodecim.fi/"/>
+  <rule from="^http://(?:www\.)?duodecim\.fi/" to="https://www.duodecim.fi/"/>
   <rule from="^http://(star|verkkokauppa)\.duodecim\.fi/" to="https://$1.duodecim.fi/"/>
-  <rule from="^https://duodecim\.fi/" to="https://www.duodecim.fi/"/>
 </ruleset>
-<!-- Rule generated by HTTPS Finder 0.85 -->
\ No newline at end of file
+<!-- Rule generated by HTTPS Finder 0.85 -->
diff --git a/src/chrome/content/rules/Duolingo.xml b/src/chrome/content/rules/Duolingo.xml
new file mode 100644
index 000000000000..2eca1098c671
--- /dev/null
+++ b/src/chrome/content/rules/Duolingo.xml
@@ -0,0 +1,51 @@
+<!--
+	Mismatched:
+		^duolingo.cn		equal to www.duolingo.cn
+	Timeout:
+		sponsorships.duolingo.com
+-->
+<ruleset name="Duolingo.com">
+	<target host="duolingo.com" />
+	<target host="www.duolingo.com" />
+	<target host="api.duolingo.com" />
+	<target host="ar.duolingo.com" />
+	<target host="blast.duolingo.com" />
+	<target host="cs.duolingo.com" />
+	<target host="de.duolingo.com" />
+	<target host="el.duolingo.com" />
+	<target host="en.duolingo.com" />
+	<target host="englishtest.duolingo.com" />
+	<target host="es.duolingo.com" />
+	<target host="events.duolingo.com" />
+	<target host="forum.duolingo.com" />
+	<target host="fr.duolingo.com" />
+	<target host="gear.duolingo.com" />
+	<target host="hi.duolingo.com" />
+	<target host="hu.duolingo.com" />
+	<target host="id.duolingo.com" />
+	<target host="it.duolingo.com" />
+	<target host="ja.duolingo.com" />
+	<target host="ko.duolingo.com" />
+	<target host="pl.duolingo.com" />
+	<target host="pt.duolingo.com" />
+	<target host="ro.duolingo.com" />
+	<target host="ru.duolingo.com" />
+	<target host="schools.duolingo.com" />
+	<target host="support.duolingo.com" />
+	<target host="th.duolingo.com" />
+	<target host="tinycards.duolingo.com" />
+	<target host="tr.duolingo.com" />
+	<target host="uk.duolingo.com" />
+	<target host="vi.duolingo.com" />
+
+	<target host="duolingo.cn" />
+	<target host="www.duolingo.cn" />
+	<target host="api.duolingo.cn" />
+	<target host="englishtest.duolingo.cn" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://duolingo\.cn/" to="https://www.duolingo.cn/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Duply.net.xml b/src/chrome/content/rules/Duply.net.xml
new file mode 100644
index 000000000000..170796c4fd94
--- /dev/null
+++ b/src/chrome/content/rules/Duply.net.xml
@@ -0,0 +1,6 @@
+<ruleset name="Duply.net">
+	<target host="duply.net" />
+	<target host="www.duply.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/DuraSpace.org.xml b/src/chrome/content/rules/DuraSpace.org.xml
new file mode 100644
index 000000000000..b34fc1602ded
--- /dev/null
+++ b/src/chrome/content/rules/DuraSpace.org.xml
@@ -0,0 +1,60 @@
+<!--
+	Nonfunctional subdomains:
+
+		- (www.) ¹
+		- docs ²
+		- registry ¹
+
+	¹ http reply
+	² Redirects to http
+
+
+	Fully covered subdomains:
+
+		- atlas
+		- bamboo
+		- crowd
+		- jira
+		- m2
+		- svn
+		- wiki
+
+
+	These altnames don't exist:
+
+		- eris.duraspace.org
+
+
+	Mixed content:
+
+		- Image on jira from testdrive.fedora-commons.org *
+
+	* Unsecurable
+
+-->
+<ruleset name="DuraSpace.org (partial)">
+
+	<target host="*.duraspace.org" />
+		<!--exclusion pattern="^http://(docs|registry|www)\.duraspace\.org/" /-->
+
+
+	<!--	Secured by server:
+					-->
+	<!--securecookie host="^crowd\.duraspace\.org$" name="^CROWDSESSIONID$" /-->
+	<!--securecookie host="^jira\.duraspace\.org$" name="^(JIRASESSIONID|atlassian\.xsrf\.token)" /-->
+	<!--securecookie host="^wiki\.duraspace\.org$" name="^CONFSESSIONID$" /-->
+	<!--
+		Not secured by server:
+					-->
+	<!--securecookie host="^bamboo\.duraspace\.org$" name="^JSESSIONID$" /-->
+
+	<securecookie host="^bamboo\.duraspace\.org$" name=".+" />
+
+
+	<rule from="^http://(atlas|bamboo|crowd|jira|m2|svn|wiki)\.duraspace\.org/"
+		to="https://$1.duraspace.org/" />
+
+	<rule from="^http://scm\.duraspace\.org/+(?=$|\?)"
+		to="https://svn.duraspace.org/dspace/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DurhamConstabulary.xml b/src/chrome/content/rules/DurhamConstabulary.xml
new file mode 100644
index 000000000000..a4fda471847c
--- /dev/null
+++ b/src/chrome/content/rules/DurhamConstabulary.xml
@@ -0,0 +1,6 @@
+<ruleset name="Durham Constabulary">
+	<target host="durham.police.uk" />
+	<target host="www.durham.police.uk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Dustin.eu.xml b/src/chrome/content/rules/Dustin.eu.xml
new file mode 100644
index 000000000000..25e4f02af2d1
--- /dev/null
+++ b/src/chrome/content/rules/Dustin.eu.xml
@@ -0,0 +1,19 @@
+<!--
+	Other Dustin Group rulesets:
+
+		- Dustin.se.xml
+
+-->
+<ruleset name="Dustin.eu">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="dustin.eu" />
+	<target host="media.dustin.eu" />
+	<target host="www.dustin.eu" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Dustin.se.xml b/src/chrome/content/rules/Dustin.se.xml
new file mode 100644
index 000000000000..e57ffa24cb01
--- /dev/null
+++ b/src/chrome/content/rules/Dustin.se.xml
@@ -0,0 +1,37 @@
+<!--
+	For other Dustin Group coverage, see Dustin.eu.xml.
+
+
+	^dustin.se: Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.dustin.se
+
+-->
+<ruleset name="Dustin.se">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.dustin.se" />
+
+	<!--	Complications:
+				-->
+	<target host="dustin.se" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.dustin\.se$" name="^(?:__RequestVerificationToken|ASP\.NET_SessionId|CookieSession|Language|UserIdentifier)$" /-->
+
+	<securecookie host="^www\.dustin\.se$" name=".+" />
+
+
+	<rule from="^http://dustin\.se/"
+		to="https://www.dustin.se/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Dustinabbott.net.xml b/src/chrome/content/rules/Dustinabbott.net.xml
new file mode 100644
index 000000000000..21b3d8560ee6
--- /dev/null
+++ b/src/chrome/content/rules/Dustinabbott.net.xml
@@ -0,0 +1,6 @@
+<ruleset name="Dustinabbott.net">
+	<target host="dustinabbott.net" />
+	<target host="www.dustinabbott.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Dutch_Bulbs.co.uk.xml b/src/chrome/content/rules/Dutch_Bulbs.co.uk.xml
new file mode 100644
index 000000000000..0dd5ed23c45f
--- /dev/null
+++ b/src/chrome/content/rules/Dutch_Bulbs.co.uk.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- dutchbulbs.co.uk
+		- www.dutchbulbs.co.uk
+
+-->
+<ruleset name="Dutch Bulbs.co.uk">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="dutchbulbs.co.uk" />
+	<target host="www.dutchbulbs.co.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?dutchbulbs\.co\.uk$" name="^CSPWSERVERID$" /-->
+
+	<securecookie host="^(?:www\.)?dutchbulbs\.co\.uk$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Dutch_Data_Protection_Authority.xml b/src/chrome/content/rules/Dutch_Data_Protection_Authority.xml
index 336cdbc47e49..3140f7dd28e4 100644
--- a/src/chrome/content/rules/Dutch_Data_Protection_Authority.xml
+++ b/src/chrome/content/rules/Dutch_Data_Protection_Authority.xml
@@ -1,3 +1,13 @@
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://dutchdpa.nl/ => https://www.dutchdpa.nl/: (51, "SSL: no alternative certificate subject name matches target host name 'www.dutchdpa.nl'")
+Fetch error: http://www.dutchdpa.nl/ => https://www.dutchdpa.nl/: (51, "SSL: no alternative certificate subject name matches target host name 'www.dutchdpa.nl'")
+Fetch error: http://cbpweb.nl/ => https://www.cbpweb.nl/: (51, "SSL: no alternative certificate subject name matches target host name 'www.cbpweb.nl'")
+Fetch error: http://www.cbpweb.nl/ => https://www.cbpweb.nl/: (51, "SSL: no alternative certificate subject name matches target host name 'www.cbpweb.nl'")
+Fetch error: http://www.collegebeschermingpersoonsgegevens.nl/ => https://www.collegebeschermingpersoonsgegevens.nl/: (7, 'Failed to connect to www.collegebeschermingpersoonsgegevens.nl port 80: Connection refused')
+	^collegebeschermingpersoonsgegevens.nl doesn't exist.
+
+-->
 <ruleset name="Dutch Data Protection Authority">
     <target host="dutchdpa.nl" />
     <target host="www.dutchdpa.nl" />
@@ -5,21 +15,18 @@
     <target host="cbpweb.nl" />
     <target host="www.cbpweb.nl" />
 
-    <target host="collegebeschermingpersoonsgegevens.nl" />
     <target host="www.collegebeschermingpersoonsgegevens.nl" />
 
-    <rule from="^https?://dutchdpa\.nl/"
+    <rule from="^http://dutchdpa\.nl/"
         to="https://www.dutchdpa.nl/" />
     <rule from="^http://([^/:@]+)?\.dutchdpa\.nl/"
         to="https://$1.dutchdpa.nl/" />
 
-    <rule from="^https?://cbpweb\.nl/"
+    <rule from="^http://cbpweb\.nl/"
         to="https://www.cbpweb.nl/" />
     <rule from="^http://([^/:@]+)?\.cbpweb\.nl/"
         to="https://$1.cbpweb.nl/" />
 
-    <rule from="^https?://collegebeschermingpersoonsgegevens\.nl/"
-        to="https://www.collegebeschermingpersoonsgegevens.nl/" />
     <rule from="^http://([^/:@]+)?\.collegebeschermingpersoonsgegevens\.nl/"
         to="https://$1.collegebeschermingpersoonsgegevens.nl/" />
 </ruleset>
diff --git a/src/chrome/content/rules/DutyFreeIslandShop.com.xml b/src/chrome/content/rules/DutyFreeIslandShop.com.xml
new file mode 100644
index 000000000000..a2a15cfbc53c
--- /dev/null
+++ b/src/chrome/content/rules/DutyFreeIslandShop.com.xml
@@ -0,0 +1,11 @@
+<!--
+	Invalid certificate:
+		- cdn.dutyfreeislandshop.com
+-->
+
+<ruleset name="DutyFreeIslandShop.com">
+	<target host="dutyfreeislandshop.com" />
+	<target host="www.dutyfreeislandshop.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Dwarf_Fortress_Wiki.org.xml b/src/chrome/content/rules/Dwarf_Fortress_Wiki.org.xml
new file mode 100644
index 000000000000..83e93856ada5
--- /dev/null
+++ b/src/chrome/content/rules/Dwarf_Fortress_Wiki.org.xml
@@ -0,0 +1,18 @@
+<ruleset name="Dwarf Fortress Wiki.org (partial)">
+
+	<target host="dwarffortresswiki.org" />
+	<target host="www.dwarffortresswiki.org" />
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="^http://(www\.)?dwarffortresswiki\.org/+($|\?|favicon\.ico|images/|load\.php|skins/)" /-->
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="^http://(www\.)?dwarffortresswiki\.org/+(?!w/skins/common/)" /-->
+
+
+	<rule from="^http://(www\.)?dwarffortresswiki\.org/(?=w/skins/common/)"
+		to="https://$1dwarffortresswiki.org/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Dwolla.com-falsemixed.xml b/src/chrome/content/rules/Dwolla.com-falsemixed.xml
new file mode 100644
index 000000000000..0dd4d0ebcc1c
--- /dev/null
+++ b/src/chrome/content/rules/Dwolla.com-falsemixed.xml
@@ -0,0 +1,19 @@
+<!--
+	For rules not causing false/broken MCB, see Dwolla.xml.
+
+-->
+<ruleset name="Dwolla.com (false MCB)" platform="mixedcontent">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="blog.dwolla.com" />
+	<target host="press.dwolla.com" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Dwolla.xml b/src/chrome/content/rules/Dwolla.xml
index c8016d37c53d..8375d4702efc 100644
--- a/src/chrome/content/rules/Dwolla.xml
+++ b/src/chrome/content/rules/Dwolla.xml
@@ -1,13 +1,81 @@
-<ruleset name="Dwolla (partial)">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://api-devint.dwolla.com/ => https://api-devint.dwolla.com/: (7, 'Failed to connect to api-devint.dwolla.com port 443: Connection timed out')
+
+	For rules causing false/broken MCB, see Dwolla.com-falsemixed.xml.
+
+
+	Nonfunctional hosts in *dwolla.com:
+
+		- help *
+
+	* Redirects to http
+
+
+	Problematic hosts in *dwolla.com:
+
+		- blog ¹
+		- press ¹
+		- status ²
+
+	¹ Mixed css
+	² StatusPage.io/mismatched
+
+
+	Insecure cookies are set for these domains:
+
+		- .dwolla.com
+
+
+	Mixed content:
+
+		- css, on:
+
+			- blog, press from $self *
+			- press from fonts.googleapis.com *
+
+		- Images on blog, press from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Dwolla (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
 	<target host="dwolla.com" />
+	<target host="api.dwolla.com" />
+	<target host="api-devint.dwolla.com" />
+	<target host="api-uat.dwolla.com" />
+	<!--target host="blog.dwolla.com" /-->
+	<target host="cdn.dwolla.com" />
+	<target host="developers.dwolla.com" />
+	<target host="discuss.dwolla.com" />
+	<target host="docsv2.dwolla.com" />
+	<target host="jobs.dwolla.com" />
 	<target host="fisync.dwolla.com" />
+	<target host="legal.dwolla.com" />
+	<!--target host="press.dwolla.com" /-->
+	<target host="uat.dwolla.com" />
 	<target host="www.dwolla.com" />
 
-	<securecookie host="^(fisync|www)\.dwolla\.com$"
-			name=".+" />
+	<!--	Complications:
+				-->
+	<target host="status.dwolla.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.dwolla\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://status\.dwolla\.com/"
+		to="https://dwolla.statuspage.io/" />
+
+	<rule from="^http:"
+		to="https:" />
 
-	<rule from="^(http://(www\.)?|https://)dwolla\.com/"
-		to="https://www.dwolla.com/" />
-	<rule from="^http://fisync\.dwolla\.com/"
-		to="https://fisync.dwolla.com/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/DxOMark.com.xml b/src/chrome/content/rules/DxOMark.com.xml
new file mode 100644
index 000000000000..a2bfcc4b4422
--- /dev/null
+++ b/src/chrome/content/rules/DxOMark.com.xml
@@ -0,0 +1,17 @@
+<!--
+	Nonfunctional hosts in *.dxomark.com:
+
+	connection refused:
+	    - forum.dxomark.com
+-->
+<ruleset name="DxOMark.com">
+	<target host="dxomark.com" />
+	<target host="www.dxomark.com" />
+	<target host="cdn.dxomark.com" />
+	<target host="front1.dxomark.com" />
+	<target host="front2.dxomark.com" />
+	<target host="media.dxomark.com" />
+	<target host="vip-press.dxomark.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Dxw.com.xml b/src/chrome/content/rules/Dxw.com.xml
new file mode 100644
index 000000000000..55dbf83435b0
--- /dev/null
+++ b/src/chrome/content/rules/Dxw.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="dxw.com">
+
+	<target host="dxw.com" />
+	<target host="hosting.dxw.com" />
+	<target host="security.dxw.com" />
+	<target host="www.dxw.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Dyankov.eu.xml b/src/chrome/content/rules/Dyankov.eu.xml
deleted file mode 100644
index 967e8d8e1547..000000000000
--- a/src/chrome/content/rules/Dyankov.eu.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	Problematic subdomains:
-
-		- www	(cert only matches ^dyankov.eu)
-
--->
-<ruleset name="Dyankov.eu">
-
-	<target host="dyankov.eu" />
-	<target host="www.dyankov.eu" />
-
-
-	<securecookie host="^dyankov\.eu$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?dyankov\.eu/"
-		to="https://dyankov.eu/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Dydx.io.xml b/src/chrome/content/rules/Dydx.io.xml
deleted file mode 100644
index 09fffdeb1093..000000000000
--- a/src/chrome/content/rules/Dydx.io.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	Problematic subdomains:
-
-		- www	(refused)
-
--->
-<ruleset name="dydx.io">
-
-	<target host="dydx.io" />
-	<target host="*.dydx.io" />
-
-
-	<securecookie host="^\.?dydx\.io$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?dydx\.io/"
-		to="https://dydx.io/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Dyn.xml b/src/chrome/content/rules/Dyn.xml
index 05c69c5819fb..a4bd7578e069 100644
--- a/src/chrome/content/rules/Dyn.xml
+++ b/src/chrome/content/rules/Dyn.xml
@@ -1,30 +1,61 @@
 <!--
+	Other Dyn rulesets:
+
+		- Dyn_Status.com.xml
+		- Dynect.net
+
+
 	Nonfunctional domains:
 
 		- dyn.com subdomains:
 
-			- (www.)		($ redirects to http, some paths redirect erroneously)
-			- checkmyip
-			- status
+			- hub ²
+			- research ²
 
 		- (www.)dyncommunity.com
-		- (www.)dynect.net		(times out)
-		- (www.)dynstatus.com
+
+	² Refused
+
+
+	Problematic hosts in *dyn.com;
+
+		- status *
+
+	* Refused
+
+
+	Mixed content:
+
+		- Images on dyn.com from $self *
+
+	* Secured by us
 
 -->
-<ruleset name="Dyn (partial)">
+<ruleset name="Dyn.com (partial)">
 
+	<!--	Direct rewrites:
+				-->
+	<target host="dyn.com" />
 	<target host="account.dyn.com" />
+	<target host="help.dyn.com" />
+	<target host="www.dyn.com" />
 	<target host="a.dyndns.com" />
 
+	<!--	Complications:
+				-->
+	<target host="status.dyn.com" />
+
 
 	<!--securecookie host="^\.account\.dyn\.com$" name=".+" /-->
 
 
-	<rule from="^http://account\.dyn\.com/"
-		to="https://account.dyn.com/" />
+	<!--	Redirect keeps path, args,
+		and forward slash:
+					-->
+	<rule from="^http://status\.dyn\.com/"
+		to="https://www.dynstatus.com/" />
 
-	<rule from="^http://a\.dyndns\.com/"
-		to="https://a.dyndns.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/DynCDN.cc.xml b/src/chrome/content/rules/DynCDN.cc.xml
new file mode 100644
index 000000000000..b940134f22ac
--- /dev/null
+++ b/src/chrome/content/rules/DynCDN.cc.xml
@@ -0,0 +1,24 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .lx1.dyncdn.cc
+
+-->
+<ruleset name="dynCDN.cc">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="lx1.dyncdn.cc" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.dyncdn\.cc$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.dyncdn\.cc$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DynDNS.berlin.xml b/src/chrome/content/rules/DynDNS.berlin.xml
new file mode 100644
index 000000000000..3188f1dd2e7a
--- /dev/null
+++ b/src/chrome/content/rules/DynDNS.berlin.xml
@@ -0,0 +1,23 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .dyndns.berlin
+
+-->
+<ruleset name="DynDNS.berlin">
+
+	<target host="dyndns.berlin" />
+	<target host="www.dyndns.berlin" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.dyndns\.berlin$" name="^(?:lang|phpbb3_\w+-(?:k|sid|u))$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Dyn_Status.com.xml b/src/chrome/content/rules/Dyn_Status.com.xml
new file mode 100644
index 000000000000..972d2a59776d
--- /dev/null
+++ b/src/chrome/content/rules/Dyn_Status.com.xml
@@ -0,0 +1,22 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://dynstatus.com/ => https://dynstatus.com/: (51, "SSL: no alternative certificate subject name matches target host name 'dynstatus.com'")
+Fetch error: http://internal.dynstatus.com/ => https://internal.dynstatus.com/: (51, "SSL: no alternative certificate subject name matches target host name 'internal.dynstatus.com'")
+
+	For other Dyn coverage, see Dyn.xml.
+
+-->
+<ruleset name="Dyn Status.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="dynstatus.com" />
+	<target host="internal.dynstatus.com" />
+	<target host="www.dynstatus.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DynaDot.xml b/src/chrome/content/rules/DynaDot.xml
index cfde66df346a..60b406f9218d 100644
--- a/src/chrome/content/rules/DynaDot.xml
+++ b/src/chrome/content/rules/DynaDot.xml
@@ -2,7 +2,7 @@
   <target host="dynadot.com" />
   <target host="www.dynadot.com" />
 
-  <securecookie host="^(.+\.)?dynadot\.com$" name=".*"/>
+  <securecookie host=".+" name=".+" />
 
-  <rule from="^http://(?:www\.)?dynadot\.com/" to="https://www.dynadot.com/"/>
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/DynaTrace.xml b/src/chrome/content/rules/DynaTrace.xml
index 3f8b5c3960a5..010cfcec9a6a 100644
--- a/src/chrome/content/rules/DynaTrace.xml
+++ b/src/chrome/content/rules/DynaTrace.xml
@@ -1,22 +1,61 @@
 <!--
 	See Compuware.xml for other Compuware coverage.
 
+
+	Nonfunctional hosts in *dynatrace.com:
+
+		- apmblog *
+
+	* Dropped
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .dynatrace.com
+		- eservices.dynatrace.com
+		- info.dynatrace.com
+		- login.dynatrace.com
+
+
+	Mixed content:
+
+		- Images on www from $self *
+
+	* Secured by us
+
 -->
-<ruleset name="dynaTrace (partial)">
+<ruleset name="dynaTrace.com (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="dynatrace.com" />
-	<target host="*.dynatrace.com" />
+	<target host="ajax.dynatrace.com" />
+	<target host="community.dynatrace.com" />
+	<target host="eservices.dynatrace.com" />
+	<target host="info.dynatrace.com" />
+	<target host="login.dynatrace.com" />
+	<target host="support.dynatrace.com" />
+	<target host="www.dynatrace.com" />
+
+	<!--	Complications:
+				-->
+	<target host="cdn.dynatrace.com" />
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.dynatrace\.com$" name="^(?:AMAuthCookie|amlbcookie|dtCookie)$" /-->
+	<!--securecookie host="^eservices\.dynatrace\.com$" name="^ice\.push\.browser$" /-->
+	<!--securecookie host="^info\.dynatrace\.com$" name="^BIGipServer[\w-]+$" /-->
+	<!--securecookie host="^login\.dynatrace\.com$" name="^JSESSIONID$" /-->
 
-	<securecookie host="^support\.dynatrace\.com$" name=".*" />
+	<securecookie host=".+\.dynatrace\.com$" name=".+" />
 
 
-	<!--	At least some pages redirect to http.
-		cdn times out.	-->
-	<rule from="^https?://(?:(ajax\.)|cdn\.|(www\.))?dynatrace\.com/(App_Themes/|en/partner_login\.html|favicon\.ico|images/|Login/|WebResource\.axd)"
-		to="https://$1$2dynatrace.com/$3" />
+	<rule from="^http://cdn\.dynatrace\.com/"
+		to="https://www.dynatrace.com/" />
 
-	<rule from="^http://support\.dynatrace\.com/"
-		to="https://support.dynatrace.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Dynamic-net.ch.xml b/src/chrome/content/rules/Dynamic-net.ch.xml
deleted file mode 100644
index fb5845d68566..000000000000
--- a/src/chrome/content/rules/Dynamic-net.ch.xml
+++ /dev/null
@@ -1,38 +0,0 @@
-<!--
-	Nonfunctional:
-
-		- kb.dynamic-net.ch	(cert: *.ibone.ch; shows login page)
-
--->
-<ruleset name="dynamic-net.ch (partial)">
-
-	<target host="dynamic-net.ch" />
-	<target host="*.dynamic-net.ch" />
-	<target host="dynamic-support.ch" />
-	<target host="*.dynamic-support.ch" />
-	<target host="*.ibone.ch" />
-
-
-	<securecookie host="^(www\.)?dynamic-net\.ch$" name=".*" />
-	<securecookie host="^ticketsystem\.dynamic-support\.ch$" name=".*" />
-
-
-	<rule from="^http://(www\.)?dynamic-net\.ch/"
-		to="https://$1dynamic-net.ch/" />
-
-	<!--	Server redirects as so.		-->
-	<rule from="^https?://webmail\.dynamic-net\.ch/"
-		to="https://service.ibone.ch/cgi-bin/openwebmail/openwebmail.pl" />
-
-	<!--	Cert doesn't match (www.), but its data appear
-		identical to those on ticketsystem.	-->
-	<rule from="^https?://(?:www\.)?dynamic-support\.ch/"
-		to="https://ticketsystem.dynamic-support.ch/" />
-
-	<rule from="^http://ticketsystem\.dynamic-support\.ch/"
-		to="https://ticketsystem.dynamic-support.ch/" />
-
-	<rule from="^http://(mars|service)\.ibone\.ch/"
-		to="https://$1.ibone.ch/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/DynamicWeb.xml b/src/chrome/content/rules/DynamicWeb.xml
deleted file mode 100644
index a9e6bdbc1f7b..000000000000
--- a/src/chrome/content/rules/DynamicWeb.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<ruleset name="DynamicWeb" default_off="expired, self-signed">
-
-	<target host="dynamicweb.it" />
-	<target host="www.dynamicweb.it" />
-
-
-	<securecookie host="^www\.dynamicweb\.it$" name=".+" />
-
-
-	<!--	Cert only matches www.
-					-->
-	<rule from="^https?://(?:www\.)?dynamicweb\.it/"
-		to="https://www.dynamicweb.it/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Dynamic_Site_Platform.xml b/src/chrome/content/rules/Dynamic_Site_Platform.xml
index e7d844a07e1d..12223ba32d4e 100644
--- a/src/chrome/content/rules/Dynamic_Site_Platform.xml
+++ b/src/chrome/content/rules/Dynamic_Site_Platform.xml
@@ -16,16 +16,28 @@
 		- s
 		- secure
 
+
+	Insecure cookies are set for these hosts:
+
+		- s.clickability.com
+
 -->
 <ruleset name="Dynamic Site Platform">
 
-	<target host="*.clickability.com" />
+	<target host="cms.clickability.com" />
+	<target host="dev.clickability.com" />
+	<target host="s.clickability.com" />
+	<target host="secure.clickability.com" />
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^s\.clickability\.com$" name="^Stats_Session$" /-->
 
 	<securecookie host="^(?:\.?s|secure)\.clickability\.com$" name=".+" />
 
 
-	<rule from="^http://(cms|dev|s|secure)\.clickability\.com/"
-		to="https://$1.clickability.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Dynamic_Yield.com.xml b/src/chrome/content/rules/Dynamic_Yield.com.xml
index 2a11963254f0..13751d748b7d 100644
--- a/src/chrome/content/rules/Dynamic_Yield.com.xml
+++ b/src/chrome/content/rules/Dynamic_Yield.com.xml
@@ -1,23 +1,107 @@
 <!--
-	Nonfunctional subdomains:
+	Insecure cookies are set for these domains and hosts: ᶜ
 
-		- ^	(shows st)
-		- www	(shows s1a)
+		- .dynamicyield.com
+		- adm.dynamicyield.com
+		- www.dynamicyield.com
 
+	ᶜ See https://owasp.org/index.php/SecureFlag
 
-	Fully covered subdomains:
+	Cert expired:
+		- demo.eu
+		- demo1.use
 
-		- adm
+	Cert mismatch:
+		- demo
+		- webserve-564b5fde.euw1
+		- webserve-75a1d5f9.euw1
+		- webserve-7aa1d5f6.euw1
+		- portal
+		- res
+		- s3a
+		- siteground
+		- siteground-support
+		- static-lon1
+		- static-was1
+		- static-was2
+		- support-staging
+		- intel-dev-3cd56ea0.use
+		- webserve-6e59c1f2.use
+		- webserve-75bc668d.use
+		- webserve-f33d6d69.use
+		- webshot1.use
+		- webserve-250aca8a.usw2
+		- webserve-3a3283e7.usw2
+		- web4
+		- www-staging
+		- www-staging-origin
+
+	Connection refused:
+		- jump
+		- tools
+		- adm2.use
+
+	Timeout:
+		- adm1
+		- admnew
+		- cdn-preview
+		- srv1.euw1
+		- srv2.euw1
+		- srv3.euw1
+		- srv4.euw1
+		- adm.intel-intg
 		- s1a
-		- st
+		- sales-live-events1.use
+		- srv1.use
+		- srv2.use
+		- srv3.use
+		- srv5.use
+		- srv1.usw2
+		- srv2.usw2
+		- zulip
 
 -->
-<ruleset name="Dynamic Yeild.com (partial)">
+<ruleset name="Dynamic Yield.com">
+
+	<target host="dynamicyield.com" />
+	<target host="www.dynamicyield.com" />
+	<target host="adm.dynamicyield.com" />
+	<target host="ads.dynamicyield.com" />
+	<target host="api.dynamicyield.com" />
+	<target host="cdn.dynamicyield.com" />
+	<target host="dyode.dynamicyield.com" />
+	<target host="em.dynamicyield.com" />
+	<target host="et-integration.dynamicyield.com" />
+	<target host="ext.dynamicyield.com" />
+	<target host="gateway.dynamicyield.com" />
+	<target host="images.dynamicyield.com" />
+	<target host="link.dynamicyield.com" />
+	<target host="px.dynamicyield.com" />
+	<target host="rcom.dynamicyield.com" />
+	<target host="rest.dynamicyield.com" />
+	<target host="srv.dynamicyield.com" />
+	<target host="st.dynamicyield.com" />
+	<target host="static.dynamicyield.com" />
+	<target host="support.dynamicyield.com" />
+	<target host="webshot.dynamicyield.com" />
+	<target host="webshotcdn.dynamicyield.com" />
+
+		<!--	Sets cookies without Secure:
+							-->
+		<!--test url="http://www.dynamicyield.com/request-demo/" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.dynamicyield\.com$" name="^(?:_dynamicyield_session|admLoggedIn)$" /-->
+	<!--securecookie host="^adm\.dynamicyield\.com$" name="^(?:AWSELB|XSRF-TOKEN)$" /-->
+	<!--securecookie host="^www\.dynamicyield\.com$" name="^(?:PHPSESSID|wfvt_\d+)$" /-->
 
-	<target host="*.dynamicyield.com" />
+	<securecookie host="^\." name="^(?:__cfduid$|_ga|cf_clearance$)" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^http://(adm|s1a|st)\.dynamicyield\.com/"
-		to="https://$1.dynamicyield.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Dynamics.com.xml b/src/chrome/content/rules/Dynamics.com.xml
new file mode 100644
index 000000000000..057a2c981b0c
--- /dev/null
+++ b/src/chrome/content/rules/Dynamics.com.xml
@@ -0,0 +1,45 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.dynamics.com/ => https://www.dynamics.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://dynamics.com/ => https://www.dynamics.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+	For other Microsoft coverage, see Microsoft.xml.
+
+
+	^dynamics.com: Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- community.dynamics.com
+		- www.dynamics.com
+
+-->
+<ruleset name="Dynamics.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="community.dynamics.com" />
+	<target host="www.dynamics.com" />
+
+	<!--	Complications:
+				-->
+	<target host="dynamics.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^community\.dynamics\.com$" name="^AuthorizationCookie$" /-->
+	<!--securecookie host="^www\.dynamics\.com$" name="^AnonymousLocales$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://dynamics\.com/"
+		to="https://www.dynamics.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Dynamite-Data-mismatches.xml b/src/chrome/content/rules/Dynamite-Data-mismatches.xml
index 5276a3aff254..65033c300e82 100644
--- a/src/chrome/content/rules/Dynamite-Data-mismatches.xml
+++ b/src/chrome/content/rules/Dynamite-Data-mismatches.xml
@@ -1,12 +1,17 @@
-<ruleset name="Dynamite Data (mismatches)" default_off="mismatch">
+<!--
+	For rules that are on by default, see Dynamite-Data.xml.
 
-	<!--	cert: *.dynamitedata.com	-->
-	<target host="dynamitedeals.com"/>
-	<target host="*.dynamitedeals.com"/>
+-->
+<ruleset name="Dynamite Data (mismatches)" default_off="mismatched">
+
+	<target host="dynamitedeals.com" />
+	<target host="www.dynamitedeals.com" />
+
+
+	<securecookie host=".+" name=".+" />
 
-	<securecookie host="^(.*\.)?dynamitedeals\.com$" name=".*"/>
 
 	<rule from="^http://(?:www\.)?dynamitedeals\.com/"
-		to="https://dynamitedeals.com/"/>
+		to="https://dynamitedeals.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Dynamite-Data.xml b/src/chrome/content/rules/Dynamite-Data.xml
deleted file mode 100644
index ed974acd6c0d..000000000000
--- a/src/chrome/content/rules/Dynamite-Data.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<!--	See Dynamite-Data-mismatches for problematic rules
--->
-<ruleset name="Dynamite Data (partial)">
-
-	<target host="dynamitedata.com"/>
-	<target host="*.dynamitedata.com"/>
-
-	<securecookie host="^(.*\.)?dynamitedata.com$" name=".*"/>
-
-	<rule from="^http://(detonator\.|www\.)?dynamitedata\.com/"
-		to="https://$1dynamitedata.com/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/DynamoDresden.xml b/src/chrome/content/rules/DynamoDresden.xml
deleted file mode 100644
index aed765fe819e..000000000000
--- a/src/chrome/content/rules/DynamoDresden.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="Dynamo Dresden">
-        <target host="cms.dynamo-dresden.de" />
-        <securecookie host="^(.*\.)?dynamo-dresden\.de$" name=".*" />
-
-        <rule from="^http://(?:cms\.)?dynamo-dresden\.de/" to="https://cms.dynamo-dresden.de/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/Dynatech.de.xml b/src/chrome/content/rules/Dynatech.de.xml
new file mode 100644
index 000000000000..31527f1f3111
--- /dev/null
+++ b/src/chrome/content/rules/Dynatech.de.xml
@@ -0,0 +1,21 @@
+<!--
+    Nonfunctional subdomains:
+	    - $
+
+    More rulesets for sites by Mirco Neubert:
+	    - Dynavision.de
+	    - Scieneo.de
+-->
+<ruleset name="Dynatech.de">
+    <target host="dynatech.de" />
+    <target host="www.dynatech.de" />
+
+    <securecookie host="^www\.dynatech\.de" name=".+" />
+
+    <!-- Redirect broken domain -->
+    <rule from="^http://dynatech\.de/"
+            to="https://www.dynatech.de/" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Dynavision.de.xml b/src/chrome/content/rules/Dynavision.de.xml
new file mode 100644
index 000000000000..a1d7c7040d15
--- /dev/null
+++ b/src/chrome/content/rules/Dynavision.de.xml
@@ -0,0 +1,21 @@
+<!--
+    Nonfunctional subdomains:
+	    - $
+
+    More rulesets for sites by Mirco Neubert:
+        - Scieneo.de
+	    - Dynatech.de
+-->
+<ruleset name="Dynavision.de">
+    <target host="dynavision.de" />
+    <target host="www.dynavision.de" />
+
+    <securecookie host="^www\.dynavision\.de" name=".+" />
+
+    <!-- Redirect broken domain -->
+    <rule from="^http://dynavision\.de/"
+            to="https://www.dynavision.de/" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Dyne.org.xml b/src/chrome/content/rules/Dyne.org.xml
index 14943d3e981e..ce98b6819de4 100644
--- a/src/chrome/content/rules/Dyne.org.xml
+++ b/src/chrome/content/rules/Dyne.org.xml
@@ -1,21 +1,70 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://dyne.org/ => https://dyne.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
 	Nonfunctional subdomains:
 
 		- apt	(shows another domain)
+		- pix ²
+
+	² 404
+
+
+	Problematic subdomains:
+
+		- new *
+
+	* 404
+
 
+	Fully covered subdomains:
 
-	Some pages redirect to http.
+		- (www.)
+		- irc
+		- lab
+		- lists
+		- mailinglists
+		- new
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- lab, from:
+
+				- new ¹	(-> www)
+				- pix ²
+				- www ¹
+				- cvs.cinelerra.org ³
+				- freej.org ⁴
+				- www.ondarossa.info ⁵
+
+			- lists from ^ ¹
+
+	¹ Secured by us
+	² Unsecurable <= 404
+	³ Unsecurable <= refused
+	⁴ Unsecurable <= redirects to dyn.org
+	⁵ Rule disabled by default <= CAcert
 
 -->
-<ruleset name="Dyne.org (partial)">
+<ruleset name="Dyne.org (partial)" default_off="failed ruleset test">
 
 	<target host="dyne.org" />
+	<target host="irc.dyne.org" />
+	<target host="lab.dyne.org" />
+	<target host="lists.dyne.org" />
+	<target host="mailinglists.dyne.org" />
 	<target host="www.dyne.org" />
-		<!--exclusion pattern="^http://(www\.)?dyne\.org/($|\?|category/community/)" /-->
-		<!--exclusion pattern="^http://(www\.)?dyne\.org/(?!donate($|[?/])|favicon\.ico|wp-content/|wp-includes/)" /-->
+	<target host="new.dyne.org" />
+		<!--exclusion pattern="^http://(apt|pix)\.dyne\.org/" /-->
+
 
 
-	<rule from="^http://(www\.)?dyne\.org/(?=donate(?:$|[?/])|favicon\.ico|wp-content/|wp-includes/)"
-		to="https://$1dyne.org/" />
+	<rule from="^http://new\.dyne\.org/"
+		to="https://www.dyne.org/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Dynect.net.xml b/src/chrome/content/rules/Dynect.net.xml
new file mode 100644
index 000000000000..807baeb10a60
--- /dev/null
+++ b/src/chrome/content/rules/Dynect.net.xml
@@ -0,0 +1,30 @@
+<!--
+	For other Dyn coverage, see Dyn.xml.
+
+
+	(www.)?dynect.net: Refused
+
+
+	Insecure cookies are set for these domains:
+
+		- .dynect.net
+
+-->
+<ruleset name="Dynect.net (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="dns.dynect.net" />
+	<target host="email.dynect.net" />
+	<target host="manage.dynect.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.dynect\.net$" name="^(DYN_AUTH|PHPSESSID|SESSION_ID)$" /-->
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Dynu.com.xml b/src/chrome/content/rules/Dynu.com.xml
new file mode 100644
index 000000000000..304f2399d43d
--- /dev/null
+++ b/src/chrome/content/rules/Dynu.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Dynu.com">
+  <target host="dynu.com" />
+  <target host="www.dynu.com" />
+
+  <rule from="^http://(www\.)?dynu\.com/" to="https://www.dynu.com/" />
+</ruleset>
diff --git a/src/chrome/content/rules/Dyson.xml b/src/chrome/content/rules/Dyson.xml
index 57b635a595d3..59275aec40fc 100644
--- a/src/chrome/content/rules/Dyson.xml
+++ b/src/chrome/content/rules/Dyson.xml
@@ -1,4 +1,14 @@
-<ruleset name="Dyson (partial)" platform="mixedcontent">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://careers.dyson.com/ => https://www.careers.dyson.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.careers.dyson.com'")
+Fetch error: http://www.careers.dyson.com/ => https://www.careers.dyson.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.careers.dyson.com'")
+Fetch error: http://content.dyson.co.uk/ => http://content.dyson.co.uk/: (28, 'Connection timed out after 20000 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://dyson.co.uk/ => https://www.dyson.co.uk/: (7, 'Failed to connect to dyson.co.uk port 80: No route to host')
+-->
+<ruleset name="Dyson (partial)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="careers.dyson.com"/>
 	<target host="www.careers.dyson.com"/>
@@ -9,13 +19,13 @@
 	<target host="dyson.ie"/>
 	<target host="www.dyson.ie"/>
 
-	<rule from="^http://(www\.)?careers\.dyson\.com/"
+	<rule from="^http://(?:www\.)?careers\.dyson\.com/"
 		to="https://www.careers.dyson.com/"/>
 
 	<rule from="^http://media\.dyson\.com/"
 		to="https://media.dyson.com/"/>
 
-	<rule from="^http://(www\.)?dyson\.co\.uk/"
+	<rule from="^http://(?:www\.)?dyson\.co\.uk/"
 		to="https://www.dyson.co.uk/"/>
 
 	<rule from="^http://content\.dyson\.co\.uk/(common|images)/"
@@ -24,10 +34,10 @@
 	<rule from="^http://content\.dyson\.co\.uk/Images/"
 		to="https://www.dyson.co.uk/medialibrary/Images/Dyson/Site/"/>
 
-	<rule from="^http://(www\.)?dyson\.ie/"
+	<rule from="^http://(?:www\.)?dyson\.ie/"
 		to="https://www.dyson.ie/"/>
 
-	<securecookie host="^www\.careers\.dyson\.com$" name=".*"/>
-	<securecookie host="^www\.dyson\.ie$" name=".*"/>
+	<securecookie host="^www\.careers\.dyson\.com$" name=".+" />
+	<securecookie host="^www\.dyson\.ie$" name=".+" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/E-Hentai-Forums.xml b/src/chrome/content/rules/E-Hentai-Forums.xml
deleted file mode 100644
index 7a68a6f61867..000000000000
--- a/src/chrome/content/rules/E-Hentai-Forums.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="E-Hentai Forums">
-  <target host="forums.e-hentai.org" />
-  <target host="forum.e-hentai.org" />
-
-  <rule from="^http://forums?\.e-hentai\.org/"
-          to="https://forums.e-hentai.org/"/>
-  <rule from="^https://forum\.e-hentai\.org/"
-          to="https://forums.e-hentai.org/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/E-Hentai.org.xml b/src/chrome/content/rules/E-Hentai.org.xml
new file mode 100644
index 000000000000..2142b660714f
--- /dev/null
+++ b/src/chrome/content/rules/E-Hentai.org.xml
@@ -0,0 +1,34 @@
+<!--
+	Cloudflare error:
+		- g
+
+	Timeout:
+		- monitor
+		- shingata
+		- test
+
+	Mismatched:
+		- wiki
+-->
+<ruleset name="E-Hentai.org">
+	<target host="e-hentai.org" />
+	<target host="www.e-hentai.org" />
+	<target host="api.e-hentai.org" />
+	<target host="forum.e-hentai.org" />
+	<target host="forums.e-hentai.org" />
+	<target host="forumtest.e-hentai.org" />
+	<target host="g.e-hentai.org" />
+	<target host="hv.e-hentai.org" />
+	<target host="lofi.e-hentai.org" />
+	<target host="r.e-hentai.org" />
+	<target host="repo.e-hentai.org" />
+	<target host="ul.e-hentai.org" />
+	<target host="ulv.e-hentai.org" />
+	<target host="upload.e-hentai.org" />
+	<target host="wiki.e-hentai.org" />
+	<target host="xml.e-hentai.org" />
+
+	<rule from="^http://g\.e-hentai\.org/" to="https://e-hentai.org/" />
+	<rule from="^http://wiki\.e-hentai\.org/" to="https://ehwiki.org/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/E-KSF.org.xml b/src/chrome/content/rules/E-KSF.org.xml
new file mode 100644
index 000000000000..0cc47cb54c3e
--- /dev/null
+++ b/src/chrome/content/rules/E-KSF.org.xml
@@ -0,0 +1,23 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- www.e-ksf.org
+
+-->
+<ruleset name="e-KSF.org">
+
+	<target host="e-ksf.org" />
+	<target host="www.e-ksf.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.e-ksf\.org$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/E-Mail_made_in_Germany.xml b/src/chrome/content/rules/E-Mail_made_in_Germany.xml
index 1db897e9285b..93e9c68cf35f 100644
--- a/src/chrome/content/rules/E-Mail_made_in_Germany.xml
+++ b/src/chrome/content/rules/E-Mail_made_in_Germany.xml
@@ -1,6 +1,24 @@
-<ruleset name="E-Mail made in Germany">
-  <target host="e-mail-made-in-germany.de" />
+<!--
+	E-Mail made in Germany
+
+
+	^e-mail-made-in-germany.de: Revoked
+
+-->
+<ruleset name="E-Mail-made-in-Germany.de">
+
+	<!--	Direct rewrites:
+				-->
   <target host="www.e-mail-made-in-germany.de" />
 
-  <rule from="^http://(?:www\.)?e-mail-made-in-germany\.de/" to="https://www.e-mail-made-in-germany.de/" />
+	<!--	Complications:
+				-->
+  <target host="e-mail-made-in-germany.de" />
+
+
+	<rule from="^http://e-mail-made-in-germany\.de/"
+		to="https://www.e-mail-made-in-germany.de/" />
+
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/E-Plus-problematic.xml b/src/chrome/content/rules/E-Plus-problematic.xml
index 52ed88d06a41..e1032b5983c0 100644
--- a/src/chrome/content/rules/E-Plus-problematic.xml
+++ b/src/chrome/content/rules/E-Plus-problematic.xml
@@ -7,7 +7,6 @@
 	<target host="einstellungen.e-plus.com" />
 
 
-	<rule from="^http://einstellungen\.e-plus\.com/"
-		to="https://einstellungen.e-plus.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/E-Plus.xml b/src/chrome/content/rules/E-Plus.xml
index ecca19d2ee20..93c7cc933575 100644
--- a/src/chrome/content/rules/E-Plus.xml
+++ b/src/chrome/content/rules/E-Plus.xml
@@ -1,4 +1,10 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://e-plus.de/ => https://www.e-plus.de/: (7, 'Failed to connect to www.e-plus.de port 443: Connection refused')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://e-plus.de/ => https://www.e-plus.de/: (7, 'Failed to connect to www.e-plus.de port 443: Connection refused')
 	For problematic rules, see E-Plus-problematic.xml.
 
 
@@ -17,19 +23,25 @@
 		- einstellungen		(works, mismatched, CN: *.customersaas.com)
 
 -->
-<ruleset name="E-Plus (partial)">
+<ruleset name="E-Plus (partial)" default_off="failed ruleset test">
 
 	<target host="e-plus.de" />
-	<target host="*.e-plus.de" />
+	<target host="www.e-plus.de" />
+	<target host="ecc.e-plus.de" />
+	<target host="dialog.e-plus.de" />
+	<target host="metromobil.e-plus.de" />
+	<target host="mymtv.e-plus.de" />
+	<target host="norman.e-plus.de" />
+	<target host="prepaidkundenbetreuung.e-plus.de" />
+	<target host="vertragsverlaengerung.e-plus.de" />
 
 
 	<securecookie host="^.*\.e-plus\.de$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?e-plus\.de/"
+	<rule from="^http://(?:www\.)?e-plus\.de/"
 		to="https://www.e-plus.de/" />
 
-	<rule from="^http://(ecc|dialog|metromobil|mymtv|norman|prepaidkundenbetreuung|vertragsverlaengerung)\.e-plus\.de/"
-		to="https://$1.e-plus.de/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/E-Plus_Gruppe.xml b/src/chrome/content/rules/E-Plus_Gruppe.xml
index de6509f33b4f..a3cd742f88db 100644
--- a/src/chrome/content/rules/E-Plus_Gruppe.xml
+++ b/src/chrome/content/rules/E-Plus_Gruppe.xml
@@ -22,7 +22,6 @@
 	<target host="www.eplus-gruppe.de" />
 
 
-	<rule from="^https?://(?:www\.)?eplus-gruppe\.de/"
-		to="https://www.eplus-gruppe.de/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/E-Reading.club.xml b/src/chrome/content/rules/E-Reading.club.xml
new file mode 100644
index 000000000000..fe8307f737d4
--- /dev/null
+++ b/src/chrome/content/rules/E-Reading.club.xml
@@ -0,0 +1,8 @@
+<ruleset name="E-Reading.club">
+	<target host="e-reading.club" />
+	<target host="www.e-reading.club" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/E-Sports_Entertainment.xml b/src/chrome/content/rules/E-Sports_Entertainment.xml
index 11ac23746729..cab78dc32251 100644
--- a/src/chrome/content/rules/E-Sports_Entertainment.xml
+++ b/src/chrome/content/rules/E-Sports_Entertainment.xml
@@ -11,7 +11,7 @@
 -->
 <ruleset name="E-Sports Entertainment" default_off="self-signed">
 
-	<target host="*.e-sea.net" />
+	<target host="play.e-sea.net" />
 	<target host="esportsea.com" />
 	<target host="www.esportsea.com" />
 
@@ -22,4 +22,4 @@
 	<rule from="^http://(?:play\.e-sea\.net|(?:www\.)?esportsea\.com)/"
 		to="https://play.e-sea.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/E-activist.com.xml b/src/chrome/content/rules/E-activist.com.xml
new file mode 100644
index 000000000000..ac460c41698c
--- /dev/null
+++ b/src/chrome/content/rules/E-activist.com.xml
@@ -0,0 +1,20 @@
+<!--
+	For other Engaging Networks coverage, see Engaging_Networks.net.xml.
+
+-->
+<ruleset name="e-activist.com">
+
+	<target host="e-activist.com" />
+	<target host="www.e-activist.com" />
+
+
+	<!-- Fixes https://github.com/EFForg/https-everywhere/issues/7319 -->
+	<exclusion pattern="^http://www\.e-activist\.com/ea-action/" />
+
+		<test url="http://www.e-activist.com/ea-action/broadcast.record.message.click.do?ea.url.id=742999" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/E-boks.dk.xml b/src/chrome/content/rules/E-boks.dk.xml
index 592fa7b737cb..5ab26ad06877 100644
--- a/src/chrome/content/rules/E-boks.dk.xml
+++ b/src/chrome/content/rules/E-boks.dk.xml
@@ -1,6 +1,42 @@
-<ruleset name="E-boks.dk">
-  <target host="e-boks.dk" />
-  <target host="www.e-boks.dk" />
+<!--
+	Commit msg: https://trac.torproject.org/projects/tor/ticket/13275
+
+-->
+<ruleset name="E-boks.dk (partial)">
+
+	<target host="e-boks.dk" />
+	<target host="logon.e-boks.dk" />
+	<target host="minerhverv.e-boks.dk" />
+	<target host="www.e-boks.dk" />
+		<!--
+			https://github.com/EFForg/https-everywhere/issues/474
+
+			Redirect to http:
+						-->
+		<!--exclusion pattern="http://www\.e-boks\.dk/+($|\?)" /-->
+		<!--
+			404:
+				-->
+		<!--exclusion pattern="http://www\.e-boks\.dk/+(images/|stylesheet/)" /-->
+		<!--
+			https://trac.torproject.org/projects/tor/ticket/13275
+
+			Redirect to logon:
+						-->
+		<!--exclusion pattern="http://www\.e-boks\.dk/+(?!privat/senders\.aspx)" /-->
+		<!--
+			Exception(!):
+					-->
+		<exclusion pattern="http://www\.e-boks\.dk/+(?!favicon\.ico)" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(logon|minerhverv)\.e-boks\.dk$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^(?:logon|minerhverv)\.e-boks\.dk$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
 
-  <rule from="^http://(www\.)?e-boks\.dk/" to="https://www.e-boks.dk/" />
 </ruleset>
diff --git a/src/chrome/content/rules/E-cegjegyzek.hu.xml b/src/chrome/content/rules/E-cegjegyzek.hu.xml
index 02165eb4a8fa..9e1487bba246 100644
--- a/src/chrome/content/rules/E-cegjegyzek.hu.xml
+++ b/src/chrome/content/rules/E-cegjegyzek.hu.xml
@@ -2,5 +2,5 @@
   <target host="e-cegjegyzek.hu" />
   <target host="www.e-cegjegyzek.hu" />
 
-  <rule from="^http://(www\.)?e-cegjegyzek\.hu/" to="https://www.e-cegjegyzek.hu/" />
+  <rule from="^http://(?:www\.)?e-cegjegyzek\.hu/" to="https://www.e-cegjegyzek.hu/" />
 </ruleset>
diff --git a/src/chrome/content/rules/E-disclosure.ru.xml b/src/chrome/content/rules/E-disclosure.ru.xml
new file mode 100644
index 000000000000..cee68d986043
--- /dev/null
+++ b/src/chrome/content/rules/E-disclosure.ru.xml
@@ -0,0 +1,6 @@
+<ruleset name="E-disclosure.ru">
+	<target host="e-disclosure.ru" />
+	<target host="www.e-disclosure.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/E-food.gr.xml b/src/chrome/content/rules/E-food.gr.xml
new file mode 100644
index 000000000000..6ad20c3e4bad
--- /dev/null
+++ b/src/chrome/content/rules/E-food.gr.xml
@@ -0,0 +1,8 @@
+<ruleset name="e-food.gr">
+  <target host="e-food.gr" />
+  <target host="www.e-food.gr" />
+
+	<securecookie host="^(?:www\.)?e-food\.gr$" name=".+" />
+
+  <rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/E-gold.xml b/src/chrome/content/rules/E-gold.xml
index dc06f26b6e43..efe9bad95a57 100644
--- a/src/chrome/content/rules/E-gold.xml
+++ b/src/chrome/content/rules/E-gold.xml
@@ -1,14 +1,22 @@
-<!--	nonfunctional:
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://e-gold.com/ => https://www.e-gold.com/: (7, 'Failed to connect to www.e-gold.com port 443: Connection timed out')
+Fetch error: http://www.e-gold.com/ => https://www.e-gold.com/: (7, 'Failed to connect to www.e-gold.com port 443: Connection timed out')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://e-gold.com/ => https://www.e-gold.com/: (7, 'Failed to connect to www.e-gold.com port 443: Connection timed out')
+Fetch error: http://www.e-gold.com/ => https://www.e-gold.com/: (7, 'Failed to connect to www.e-gold.com port 443: Connection timed out')	nonfunctional:
 		- blog
 	mismatches:
 		- all accounts
 -->
-<ruleset name="e-gold (partial)">
+<ruleset name="e-gold (partial)" default_off="failed ruleset test">
 
 	<target host="e-gold.com"/>
 	<target host="www.e-gold.com"/>
 
-	<securecookie host="\.e-gold.com$" name=".*"/>
+	<securecookie host="\.e-gold.com$" name=".+" />
 
 	<rule from="^http://(?:www\.)?e-gold\.com/"
 		to="https://www.e-gold.com/"/>
diff --git a/src/chrome/content/rules/E-junkie.xml b/src/chrome/content/rules/E-junkie.xml
index 6b0ac2c5c6a3..c11c2385c4ea 100644
--- a/src/chrome/content/rules/E-junkie.xml
+++ b/src/chrome/content/rules/E-junkie.xml
@@ -1,15 +1,18 @@
-<ruleset name="E-junkie (partial)">
+<!--
 
-	<target host="e-junkie.com" />
-	<target host="*.e-junkie.com" />
+	Nonfunctional subdomains:
 
+		static.e-junkie.com		timeout
 
-	<!--	Some (most?) pages 301 to http.
-							-->
-	<rule from="^http://(www\.)?ejunkie\.com/(bb/images/|ecom/|ej//?(?:(?:(?:admin|contact|register)\.php|shop)(?:$|\?|/)|css/|images/|media/)|gc/)"
-		to="https://$1ejunkie.com/$2" />
+-->
+<ruleset name="E-junkie (partial)">
+
+	<target host="e-junkie.com" />
+	<target host="www.e-junkie.com" />
+	<target host="ejunkie.com" />
+	<target host="www.ejunkie.com" />
 
-	<rule from="^http://static\.e-junkie\.com/"
-		to="https://static.e-junkie.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/E-klase.lv.xml b/src/chrome/content/rules/E-klase.lv.xml
new file mode 100644
index 000000000000..6531d9745ebb
--- /dev/null
+++ b/src/chrome/content/rules/E-klase.lv.xml
@@ -0,0 +1,10 @@
+<!--
+	^: refused
+
+-->
+<ruleset name="E-klase.lv">
+  <target host="e-klase.lv" />
+  <target host="www.e-klase.lv" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/E-magazin.se.xml b/src/chrome/content/rules/E-magazin.se.xml
index b8895b8f8543..778ddffb3ed9 100644
--- a/src/chrome/content/rules/E-magazin.se.xml
+++ b/src/chrome/content/rules/E-magazin.se.xml
@@ -7,7 +7,6 @@
 	<target host="www.e-magin.se" />
 
 
-	<rule from="^http://www\.e-magin\.se/"
-		to="https://www.e-magin.se/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/E-mielenterveys.xml b/src/chrome/content/rules/E-mielenterveys.xml
index 75f8d53f1910..0bdd6d123783 100644
--- a/src/chrome/content/rules/E-mielenterveys.xml
+++ b/src/chrome/content/rules/E-mielenterveys.xml
@@ -1,4 +1,11 @@
-<ruleset name="E-mielenterveys">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://e-mielenterveys.fi/ => https://www.e-mielenterveys.fi/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.e-mielenterveys.fi/ => https://www.e-mielenterveys.fi/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="E-mielenterveys" default_off="failed ruleset test">
 	<target host="e-mielenterveys.fi"/>
 	<target host="www.e-mielenterveys.fi"/>
 
diff --git a/src/chrome/content/rules/E-pages.dk.xml b/src/chrome/content/rules/E-pages.dk.xml
new file mode 100644
index 000000000000..0a1c66f97654
--- /dev/null
+++ b/src/chrome/content/rules/E-pages.dk.xml
@@ -0,0 +1,16 @@
+<!--
+	Note: The web root redirects to visiolink.com
+	but the domain hosts content used on third
+	party sites.
+-->
+<ruleset name="E-pages.dk">
+
+	<target host="e-pages.dk" />
+	<target host="www.e-pages.dk" />
+
+	<test url="http://e-pages.dk/borsen/11838/pic/tm41.jpg" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/E-prawnik.pl.xml b/src/chrome/content/rules/E-prawnik.pl.xml
index 12761d6bef81..3dabaa9425b3 100644
--- a/src/chrome/content/rules/E-prawnik.pl.xml
+++ b/src/chrome/content/rules/E-prawnik.pl.xml
@@ -21,7 +21,9 @@
 <ruleset name="e-prawnik.pl (partial)">
 
 	<target host="e-prawnik.pl" />
-	<target host="*.e-prawnik.pl" />
+	<target host="www.e-prawnik.pl" />
+	<target host="static.e-prawnik.pl" />
+	<target host="static1.e-prawnik.pl" />
 		<!--
 			Many pages redirect to http:
 							-->
@@ -42,4 +44,4 @@
 	<rule from="^http://static1\.e-prawnik\.pl/"
 		to="https://static1.money.pl/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/E-rewards.com.xml b/src/chrome/content/rules/E-rewards.com.xml
index ee824c1a1cc0..a23cac2c2045 100644
--- a/src/chrome/content/rules/E-rewards.com.xml
+++ b/src/chrome/content/rules/E-rewards.com.xml
@@ -1,4 +1,7 @@
-<ruleset name="E-rewards.com">
-  <target host="www.e-rewards.com"/>
-  <rule from="^http://(www\.)?e-rewards\.com/" to="https://www.e-rewards.com/"/>
-</ruleset>
\ No newline at end of file
+<ruleset name="E-rewards.com">
+	<target host="e-rewards.com"/>
+	<target host="www.e-rewards.com"/>
+
+	<rule from="^http:"
+		to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/E.ON_UK.xml b/src/chrome/content/rules/E.ON_UK.xml
index 5fc7f2cd71fc..f2f422ffb333 100644
--- a/src/chrome/content/rules/E.ON_UK.xml
+++ b/src/chrome/content/rules/E.ON_UK.xml
@@ -1,5 +1,9 @@
+
 <!--
-	Nonfunctionla subdomains:
+Disabled by https-everywhere-checker because:
+Fetch error: http://stats.eon-uk.com/ => https://stats.eon-uk.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+
+	Nonfunctional subdomains:
 
 		- pressreleases		(times out)
 
@@ -7,17 +11,17 @@
 	Some pages redirect to http.
 
 -->
-<ruleset name="E.ON UK (partial)">
+<ruleset name="E.ON UK (partial)" default_off="failed ruleset test">
 
 	<target host="eon-uk.com" />
-	<target host="*.eon-uk.com" />
+	<target host="stats.eon-uk.com" />
+	<target host="www.eon-uk.com" />
 		<exclusion pattern="^http://(?:www\.)?eon-uk\.com/(?!careers/(?:Basic\.css|images/|reset\.css)|favicon\.ico|images/|eOnAssets/|mediaFiles/)" />
 
 
 	<securecookie host="^stats\.eon-uk\.com$" name=".+" />
 
 
-	<rule from="^http://(stats\.|www\.)?eon-uk\.com/"
-		to="https://$1eon-uk.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/E14N.xml b/src/chrome/content/rules/E14N.xml
deleted file mode 100644
index 08bd4ebd4d16..000000000000
--- a/src/chrome/content/rules/E14N.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	Other E14N rulesets:
-
-		- Open_Farm_Game.xml
-		- Spamicity.info.xml
-
--->
-<ruleset name="E14N">
-
-	<target host="e14n.com" />
-	<target host="www.e14n.com" />
-
-
-	<securecookie host="^e14n\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?e14n\.com/"
-		to="https://$1e14n.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/E2E-Networks.xml b/src/chrome/content/rules/E2E-Networks.xml
deleted file mode 100644
index eafcb39dff21..000000000000
--- a/src/chrome/content/rules/E2E-Networks.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)	(cert: shopping.e2enetworks.com; 302s there)
-
--->
-<ruleset name="E2E Networks (partial)">
-
-	<target host="shopping.e2enetworks.com" />
-
-
-	<securecookie host="^shopping\.e2enetworks\.com$" name=".*" />
-
-
-	<rule from="^http://shopping\.e2enetworks\.com/"
-		to="https://shopping.e2enetworks.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/E4ward.com.xml b/src/chrome/content/rules/E4ward.com.xml
index e86e2a81783f..b349b99972a9 100644
--- a/src/chrome/content/rules/E4ward.com.xml
+++ b/src/chrome/content/rules/E4ward.com.xml
@@ -1,6 +1,6 @@
 <ruleset name="E4ward.com">
   <target host="e4ward.com"/>
   <target host="www.e4ward.com"/>
-  <rule from="^http://(www\.)?e4ward\.com/" to="https://e4ward.com/"/>
+  <rule from="^http:" to="https:" />
 </ruleset>
-<!-- Rule generated by HTTPS Finder 0.85 -->
\ No newline at end of file
+<!-- Rule generated by HTTPS Finder 0.85 -->
diff --git a/src/chrome/content/rules/E621.net.xml b/src/chrome/content/rules/E621.net.xml
index c895d7523bbc..d6b671a536e5 100644
--- a/src/chrome/content/rules/E621.net.xml
+++ b/src/chrome/content/rules/E621.net.xml
@@ -7,7 +7,6 @@
 	<securecookie host="^(?:www\.)?e621\.net$" name=".+" />
 
 
-	<rule from="^http://(www\.)?e621\.net/"
-		to="https://$1e621.net/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/EAN.com.xml b/src/chrome/content/rules/EAN.com.xml
new file mode 100644
index 000000000000..2a6b1475fb33
--- /dev/null
+++ b/src/chrome/content/rules/EAN.com.xml
@@ -0,0 +1,74 @@
+<!--
+	For other Expedia coverage, see Expedia.com.xml
+
+
+	Non-functional hosts:
+
+		- ean.com
+			- dev.api	(m)
+			- dev		(t)
+			- www.dev	(t)
+			- www.developer	(t)
+			- devhub	(t)
+			- devsecure	(t)
+			- www.devsecure	(t)
+			- www.newapi	(t)
+			- api.ph	(s)
+			- rapid		(t)
+			- reservations	(t)
+			- resources	(m)
+
+		- ian.com	(m)
+			- cruises	(m)
+			- dg	(t)
+			- images	(m)
+			- origin-images	(t)
+			- vacations	(t)
+
+		- expediaaffiliate.com
+			- blog	(s)
+			- products	(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Expedia Affiliate Network">
+
+	<target host="ean.com" />
+	<target host="www.ean.com" />
+	<target host="api.ean.com" />
+	<target host="book.api.ean.com" />
+	<target host="origin-book.api.ean.com" />
+	<target host="autodiscover.ean.com" />
+	<target host="bot.ean.com" />
+	<target host="api.ch.ean.com" />
+	<target host="developer.ean.com" />
+	<target host="insights.ean.com" />
+	<target host="merchandising.ean.com" />
+	<target host="mybookings.ean.com" />
+	<target host="origin-api.ean.com" />
+	<target host="support.ean.com" />
+	<target host="test.ean.com" />
+	<target host="widget.ean.com" />
+	<target host="widgets.ean.com" />
+
+	<target host="ian.com" />
+	<target host="www.ian.com" />
+
+	<target host="expediaaffiliate.com" />
+	<target host="www.expediaaffiliate.com" />
+	<target host="merchandising.expediaaffiliate.com" />
+	<target host="signup.expediaaffiliate.com" />
+
+	<!-- certificate mismatch -->
+	<rule from="^http://ian\.com/"
+		to="https://www.ian.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/EAT.ch.xml b/src/chrome/content/rules/EAT.ch.xml
new file mode 100644
index 000000000000..eb950d995904
--- /dev/null
+++ b/src/chrome/content/rules/EAT.ch.xml
@@ -0,0 +1,20 @@
+<!--
+	Mismatch:
+		- cp
+		- www
+
+	Wrong content:
+		- blog
+-->
+<ruleset name="EAT.ch">
+	<target host="eat.ch" />
+	<target host="www.eat.ch" />
+	<target host="api.eat.ch" />
+	<target host="m.eat.ch" />
+	<target host="static.eat.ch" />
+
+	<rule from="^http://www\.eat\.ch/"
+		to="https://eat.ch/" />
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/EA_Sports.com.xml b/src/chrome/content/rules/EA_Sports.com.xml
index fc664035c0cf..90cc0f4e4af7 100644
--- a/src/chrome/content/rules/EA_Sports.com.xml
+++ b/src/chrome/content/rules/EA_Sports.com.xml
@@ -42,16 +42,15 @@
 <ruleset name="EA Sports.com (false MCB)" platform="mixedcontent">
 
 	<target host="easports.com" />
-	<target host="*.easports.com" />
+	<target host="www.easports.com" />
 
 
 	<securecookie host="\.www\.easports\.com$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?easports\.com/"
+	<rule from="^http://easports\.com/"
 		to="https://www.easports.com/" />
-
-	<rule from="^http://cdn\.www\.easports\.com/"
-		to="https://a248.e.akamai.net/f/610/1/8m/cdn.www.easports.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/EArcu.xml b/src/chrome/content/rules/EArcu.xml
index 4570cdfa69f1..f3c6f3a3faf3 100644
--- a/src/chrome/content/rules/EArcu.xml
+++ b/src/chrome/content/rules/EArcu.xml
@@ -1,13 +1,21 @@
-<ruleset name="eArcu">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://earcu.com/ => https://earcu.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+Automatically by https-everywhere-checker because:
+Fetch error: http://earcu.com/ => https://earcu.com/: (60, 'SSL certificate problem: certificate has expired')
+-->
+<ruleset name="eArcu" default_off="failed ruleset test">
 
 	<target host="earcu.com" />
-	<target host="*.earcu.com" />
+	<target host="ea1.earcu.com" />
+	<target host="www.earcu.com" />
 
 
-	<securecookie host="^(?:.*\.)?earcu\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(ea1\.|www\.)?earcu\.com/"
-		to="https://$1earcu.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/EBAS.ch.xml b/src/chrome/content/rules/EBAS.ch.xml
deleted file mode 100644
index 0ced21338c5d..000000000000
--- a/src/chrome/content/rules/EBAS.ch.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<ruleset name="eBanking - aber sicher!">
-    <target host="ebas.ch" />
-    <target host="*.ebas.ch" />
-    <target host="ebankingabersicher.ch" />
-    <target host="*.ebankingabersicher.ch" />
-
-    <securecookie host="^(.*\.)?ebas\.ch$" name=".+" />
-    <securecookie host="^(.*\.)?ebankingabersicher\.ch$" name=".+" />
-
-    <rule from="^https?://ebas\.ch/"
-        to="https://www.ebas.ch/"/>
-    <rule from="^http://([^/:@]+)?\.ebas\.ch/"
-        to="https://$1.ebas.ch/" />
-    <rule from="^https?://ebankingabersicher\.ch/"
-        to="https://www.ebankingabersicher.ch/"/>
-    <rule from="^http://([^/:@]+)?\.ebankingabersicher\.ch/"
-        to="https://$1.ebankingabersicher.ch/" />
-</ruleset>
diff --git a/src/chrome/content/rules/EBSCO-content.com.xml b/src/chrome/content/rules/EBSCO-content.com.xml
deleted file mode 100644
index 1cc076b2dbcb..000000000000
--- a/src/chrome/content/rules/EBSCO-content.com.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="EBSCO-content.com">
-
-	<target host="global.ebsco-content.com" />
-
-
-	<rule from="^http://global\.ebsco-content\.com/"
-		to="https://global.ebsco-content.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/EBSCOhost.xml b/src/chrome/content/rules/EBSCOhost.xml
index 1a82eefcc3f5..abfccd8c053a 100644
--- a/src/chrome/content/rules/EBSCOhost.xml
+++ b/src/chrome/content/rules/EBSCOhost.xml
@@ -10,7 +10,7 @@
 		<exclusion pattern="^http://www2\." />
 
 
-	<securecookie host="^(.*\.)?ebscohost\.com$" name=".*" />
+	<securecookie host="^(?:.*\.)?ebscohost\.com$" name=".+" />
 
 
 	<!--	Cert doesn't match,
diff --git a/src/chrome/content/rules/EBay-mismatches.xml b/src/chrome/content/rules/EBay-mismatches.xml
deleted file mode 100644
index 898cfc5319d5..000000000000
--- a/src/chrome/content/rules/EBay-mismatches.xml
+++ /dev/null
@@ -1,30 +0,0 @@
-<!--
-	For rules that are on by default, see EBay.xml.
-
-
-	Fully covered domains:
-
-		- pages.ebay.com
-		- di\d+.shopping.com		(→ img.shopping.com)
-		- img.shopping.com		(→ img.shopping.com)
-		- img.shoppingshadow.com	(→ img.shopping.com)
-
--->
-<ruleset name="eBay (mismatches)" default_off="mismatch">
-
-	<!--	Cert: spages.half.ebay.com	-->
-	<target host="pages.ebay.com" />
-	<target host="*.shopping.com" />
-	<target host="img.shoppingshadow.com" />
-
-
-	<rule from="^http://pages\.ebay\.com/"
-		to="https://pages.ebay.com/" />
-
-	<rule from="^https?://(?:di\d+|img)\.shopping(?:shadow)?\.com/"
-		to="https://img.shopping.com/" />
-
-	<rule from="^http://merchantsupport\.shopping\.com/(files/|public/(?!Mashery/styles/clients/))"
-		to="https://merchantsupport.shopping.com/$1" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/EBay.xml b/src/chrome/content/rules/EBay.xml
deleted file mode 100644
index 9bc3182ae4fc..000000000000
--- a/src/chrome/content/rules/EBay.xml
+++ /dev/null
@@ -1,196 +0,0 @@
-<!--
-	For problematic rules, see EBay-mismatches.xml.
-
-
-	Other eBay rulesets:
-
-		- CSdata1.com.xml
-		- Shopping.com.xml
-
-
-	Nonfunctional domains:
-
-		- ebay.com subdomains:
-
-			- announcements
-			- answercenter
-			- community
-			- deals
-			- feedback
-			- forums		(at least some paths redirect to http)
-			- frame
-			- garden
-			- groups
-			- motors
-			- hub.motors
-			- my
-			- myworld	(refused)
-			- parts
-			- qu
-			- shop
-			- socom
-			- stores
-			- viv
-
-		- cgi5.ebay.com.sg
-		- deals.ebay.co.uk
-		- myworld.ebay.co.uk
-		- vi.raptor.ebaydesc.co.uk
-		- i.ebayimg.com			(times out; doesn't translate directly to securepics)
-		- (www.)ebayinc.com		(times out)
-		- ebay-stories.com		(ditto)
-		- portalconsole.backends.ebay.eu	(redirects to login)
-
-
-	Problematic domains:
-
-			- cgi[15].ebay.com
-
-
-	Fully covered domains:
-
-		ebay.com subdomains:
-
-			- certificates
-			- cgi[15]		(→ scgi.ebay.com)
-			- giftcertificates
-			- spages.half
-			- merch
-			- ocs
-			- payments
-			- reco
-			- rover
-			- rtm			(→ srtm.ebay.com)
-			- scgi
-			- securethumbs
-			- signin
-			- srtm
-			- svcs
-			- thumbs		(→ securethumbs.ebay.com)
-
-		- cgi5.ebay.com.sg		(→ scgi.ebay.com.sg)
-		- scgi.ebay.com.sg
-		- gatekeeper.psnt.ebay.eu
-		- ebayclassifieds.com		(→ www.ebayclassifieds.com)
-		- static.ebayclassifieds.com
-		- www.ebayclassifieds.com
-		- srv.\w+.ebayrtm.com
-		- srx.\w+.ebayrtm.com		(→ srv.\w+\.ebayrtm.com)
-		- srv.ebayrtm.com
-		- srx.ebayrtm.com		(→ srv.ebayrtm.com)
-
-		- ebaystatic.com subdomains:
-
-			- gh
-			- include		(→ secureinclude.ebaystatic.com)
-			- ir			(→ secureir.ebaystatic.com)
-			- p			(→ securepics.ebaystatic.com)
-			- pics			(→ securepics.ebaystatic.com)
-			- q			(→ securepics.ebaystatic.com)
-			- rtm			(→ securertm.ebaystatic.com)
-			- secureinclude
-			- secureir
-			- securepics
-			- securertm
-			- \d.thumbs		(→ securethumbs.ebay.com)
-
-
-	Wildcard cookies:
-
-		- .gatekeeper.psnt.ebay.eu
-
--->
-<ruleset name="eBay (buggy)" default_off="https://eff.org/r.b6G9">
-
-	<target host="payments.ebay.*" />
-	<target host="*.ebay.com" />
-	<target host="payments.ebay.com.*" />
-	<target host="*.ebay.com.sg" />
-	<target host="payments.ebay.co.uk" />
-	<target host="*.psnt.ebay.eu" />
-	<target host="ebayclassifieds.com" />
-	<target host="www.ebayclassifieds.com" />
-	<target host="*.ebayrtm.com" />
-	<target host="ebaystatic.com" />
-	<target host="*.ebaystatic.com" />
-
-
-	<securecookie host="^\.?gatekeeper\.psnt\.ebay\.eu$" name=".+" />
-	<securecookie host="^\.ebayrtm\.com$" name="^CT$" />
-
-
-	<rule from="^http://((?:gift)?certificates|merch|reco|rover|scgi|securethumbs|signin|spages\.half|ocs|svcs)\.ebay\.com/"
-		to="https://$1.ebay.com/" />
-
-	<rule from="^https?://cgi[15]\.ebay\.com/"
-		to="https://scgi.ebay.com/" />
-
-	<rule from="^http://payments\.ebay\.([\w\.]{2,6})/"
-		to="https://payments.ebay.$1/" />
-
-	<rule from="^https?://s?rtm\.ebay\.com/"
-		to="https://srtm.ebay.com/" />
-
-	<!--	- thumbs\d?.ebaystatic:	Akamai, "An error occurred"
-		- thumbs.ebay: times out
-							-->
-	<rule from="^https?://thumbs\d?\.ebay(?:static)?\.com/"
-		to="https://securethumbs.ebay.com/" />
-
-	<rule from="^https?://(?:cgi5|scgi)\.ebay\.com\.sg/"
-		to="https://scgi.ebay.com.sg/" />
-
-	<rule from="^http://gatekeeper\.psnt\.ebay\.eu/"
-		to="https://gatekeeper.psnt.ebay.eu/" />
-
-	<!--	Cert only matches *.ebayclassifieds.
-							-->
-	<rule from="^https?://(?:www\.)?ebayclassifieds\.com/"
-		to="https://www.ebayclassifieds.com/" />
-
-	<rule from="^http://static(\d)?\.ebayclassifieds\.com/"
-		to="https://static$1.ebayclassifieds.com/" />
-
-	<!--	Cert doesn't match srx.
-
-		Atom matches:
-
-			- at
-			- au
-			- befr
-			- benl
-			- ca
-			- cafr
-			- ch
-			- de
-			- ebaymotors
-			- es
-			- fr
-			- hk
-			- ie
-			- in
-			- it
-			- main
-			- my
-			- nl
-			- nz
-			- ph
-			- pl
-			- sg
-			- uk
-				-->
-	<rule from="^https?://sr[vx](\.\w+)?\.ebayrtm\.com/"
-		to="https://srv$1.ebayrtm.com/" />
-
-	<rule from="^https?://gh\.ebaystatic\.com/"
-		to="https://gh.ebaystatic.com/" />
-
-	<!--	!secure: Akamai
-				-->
-	<rule from="^https?://(?:secure)?(include|ir|pics|rtm)\.ebaystatic\.com/"
-		to="https://secure$1.ebaystatic.com/" />
-
-	<rule from="^https?://[pq]\.ebaystatic\.com/"
-		to="https://securepics.ebaystatic.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/EBlastEngine.com.xml b/src/chrome/content/rules/EBlastEngine.com.xml
new file mode 100644
index 000000000000..199f1c55a2bf
--- /dev/null
+++ b/src/chrome/content/rules/EBlastEngine.com.xml
@@ -0,0 +1,48 @@
+<!--
+	For other Second Street Media coverage, see Second-Street-Media.xml.
+
+
+	Problematic hosts in *eblastengine.com:
+
+		- (www.)? *
+
+	* Mismatched
+
+
+	Fully covered hosts in *eblastengine.com:
+
+		- affiliates
+		- c *
+
+	* Included on 3rd-party websites
+
+
+	Insecure cookies are set for these hosts:
+
+		- affiliates.eblastengine.com
+		- c.eblastengine.com
+
+
+	c.eblastengine.com sets BIGipServerUPICKEM-WEB
+	cookie on whichever domain it is loaded from.
+
+-->
+<ruleset name="eBlastEngine.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="affiliates.eblastengine.com" />
+	<target host="c.eblastengine.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(affiliates|c)\.eblastengine\.com$" name="^BIGipServer[\w-]+$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/EC21.xml b/src/chrome/content/rules/EC21.xml
index c374de24a544..aa8f47dc7d0c 100644
--- a/src/chrome/content/rules/EC21.xml
+++ b/src/chrome/content/rules/EC21.xml
@@ -21,7 +21,6 @@
 	<target host="login.ec21.com" />
 
 
-	<rule from="^http://login\.ec21\.com/"
-		to="https://login.ec21.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ECC-Platform.org.xml b/src/chrome/content/rules/ECC-Platform.org.xml
new file mode 100644
index 000000000000..df804048c904
--- /dev/null
+++ b/src/chrome/content/rules/ECC-Platform.org.xml
@@ -0,0 +1,29 @@
+<!--
+	Other ECC rulesets:
+
+		- Climate-Diplomacy.org.xml
+		- New_Climate_for_Peace.org.xml
+
+-->
+<ruleset name="ECC-Platform.org">
+
+	<target host="ecc-platform.org" />
+	<target host="exhibition.ecc-platform.org" />
+	<target host="www.exhibition.ecc-platform.org" />
+	<target host="factbook.ecc-platform.org" />
+	<target host="www.factbook.ecc-platform.org" />
+	<target host="library.ecc-platform.org" />
+	<target host="www.library.ecc-platform.org" />
+	<target host="tilestream.ecc-platform.org" />
+	<target host="video.ecc-platform.org" />
+	<target host="www.video.ecc-platform.org" />
+	<target host="www.ecc-platform.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ECIX.net.xml b/src/chrome/content/rules/ECIX.net.xml
new file mode 100644
index 000000000000..ea11a3df2df9
--- /dev/null
+++ b/src/chrome/content/rules/ECIX.net.xml
@@ -0,0 +1,26 @@
+<!--
+	Refused:
+		ans1.ecix.net
+		ns1.ecix.net
+		service.ecix.net
+-->
+<ruleset name="ECIX.net">
+
+	<target host="ecix.net" />
+	<target host="www.ecix.net" />
+	<target host="birdseye.ecix.net" />
+	<target host="event.ecix.net" />
+	<target host="lg.ecix.net" />
+	<target host="lists.ecix.net" />
+	<target host="mail.ecix.net" />
+	<target host="piwik.ecix.net" />
+	<target host="portal.ecix.net" />
+
+	<!-- https://ecix.net/ redirects to https://www.ecix.net/csc,
+	http://ecix.net/ redirects to http://www.ecix.net/ -->
+	<rule from="^http://ecix\.net/"
+		to="https://www.ecix.net/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ECSI.net.xml b/src/chrome/content/rules/ECSI.net.xml
new file mode 100644
index 000000000000..5c4cb61f864d
--- /dev/null
+++ b/src/chrome/content/rules/ECSI.net.xml
@@ -0,0 +1,25 @@
+<!--
+	Problematic subdomains:
+
+	announcements (Connection failure)
+	appmail (Invalid Certificate)
+	corp (Redirects to www.heartlandecsi.com)
+	vpn (Self-signed)
+-->
+
+<ruleset name="ECSI.net">
+	<target host="www.ecsi.net" />
+	<target host="borrower.ecsi.net" />
+	<target host="cgi.ecsi.net" />
+	<target host="client.ecsi.net" />
+	<target host="easypath.ecsi.net" />
+	<target host="heartland.ecsi.net" />
+	<target host="www.heartland.ecsi.net" />
+	<target host="heartlandclient.ecsi.net" />
+	<target host="maintenance.ecsi.net" />
+	<target host="miv.ecsi.net" />
+	<target host="touchnetrefund.ecsi.net" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ECSI.xml b/src/chrome/content/rules/ECSI.xml
index 404f3fb80240..3368d93e095a 100644
--- a/src/chrome/content/rules/ECSI.xml
+++ b/src/chrome/content/rules/ECSI.xml
@@ -1,11 +1,21 @@
-<ruleset name="ECSI">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ecsi.com/ => https://www.ecsi.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.ecsi.com'")
+Fetch error: http://www.ecsi.com/ => https://www.ecsi.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.ecsi.com'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://ecsi.com/ => https://www.ecsi.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.ecsi.com'")
+Fetch error: http://www.ecsi.com/ => https://www.ecsi.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.ecsi.com'")
+-->
+<ruleset name="ECSI" default_off="failed ruleset test">
 
 	<target host="ecsi.com" />
 	<target host="www.ecsi.com" />
 
 
 	<!--	!www doesn't work over https.	-->
-	<rule from="^https?://(?:www\.)?ecsi\.com/"
+	<rule from="^http://(?:www\.)?ecsi\.com/"
 		to="https://www.ecsi.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/ECTC-online.org.xml b/src/chrome/content/rules/ECTC-online.org.xml
new file mode 100644
index 000000000000..c3a7f0740f18
--- /dev/null
+++ b/src/chrome/content/rules/ECTC-online.org.xml
@@ -0,0 +1,9 @@
+<ruleset name="ECTC-online.org">
+
+	<target host="ectc-online.org" />
+	<target host="www.ectc-online.org" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ECampus.no.xml b/src/chrome/content/rules/ECampus.no.xml
new file mode 100644
index 000000000000..c0af9862cf4e
--- /dev/null
+++ b/src/chrome/content/rules/ECampus.no.xml
@@ -0,0 +1,48 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ecampus.no/ => https://ecampus.no/: (6, 'Could not resolve host: ecampus.no')
+Fetch error: http://blog.ecampus.no/ => https://blog.ecampus.no/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.ecampus.no/ => https://www.ecampus.no/: (6, 'Could not resolve host: www.ecampus.no')
+
+	For other Uninett coverage, see Uninett.xml.
+
+
+	Problematic subdomains:
+
+		- cloudstor-support ¹
+		- tjenester ²
+
+	¹ Mismatched
+	² Getsatisfaction.com / mismatched
+
+
+	These altnames don't exist:
+
+		- webconferencing-support.ecampus.no
+		- www-ecampus.uninett.no
+
+-->
+<ruleset name="eCampus.no (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ecampus.no" />
+	<target host="blog.ecampus.no" />
+	<target host="support.ecampus.no" />
+	<target host="www.ecampus.no" />
+
+	<!--	Complications:
+				-->
+	<target host="tjenester.ecampus.no" />
+
+
+	<!--	Note: redirect doesn't add ID:
+						-->
+	<rule from="^http://tjenester\.ecampus\.no/"
+		to="https://getsatisfaction.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ECigPros.xml b/src/chrome/content/rules/ECigPros.xml
index c5cd613e045c..2160e137edc4 100644
--- a/src/chrome/content/rules/ECigPros.xml
+++ b/src/chrome/content/rules/ECigPros.xml
@@ -1,13 +1,12 @@
 <ruleset name="eCigPros">
 
 	<target host="ecigpros.com" />
-	<target host="*.ecigpros.com" />
+	<target host="www.ecigpros.com" />
 
 
-	<securecookie host="^(?:.*\.)?ecigpros\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(www\.)?ecigpros\.com/"
-		to="https://$1ecigpros.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ECommerce_Brasil.com.br.xml b/src/chrome/content/rules/ECommerce_Brasil.com.br.xml
new file mode 100644
index 000000000000..c73b10d22c78
--- /dev/null
+++ b/src/chrome/content/rules/ECommerce_Brasil.com.br.xml
@@ -0,0 +1,29 @@
+<!--
+	Insecure cookies are set for these domains and hosts:
+
+		- cursos.ecommercebrasil.com.br
+		- .cursos.ecommercebrasil.com.br
+
+-->
+<ruleset name="ECommerce Brasil.com.br">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ecommercebrasil.com.br" />
+	<target host="clube.ecommercebrasil.com.br" />
+	<target host="cursos.ecommercebrasil.com.br" />
+	<target host="www.ecommercebrasil.com.br" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^cursos\.ecommercebrasil\.com\.br$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^\.cursos\.ecommercebrasil\.com\.br$" name="^(?:currency|language)$" /-->
+
+	<securecookie host="^\.?cursos\.ecommercebrasil\.com\.br$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ECosCentric.com.xml b/src/chrome/content/rules/ECosCentric.com.xml
index 0768b7e5136f..1ea6f9b330ec 100644
--- a/src/chrome/content/rules/ECosCentric.com.xml
+++ b/src/chrome/content/rules/ECosCentric.com.xml
@@ -1,4 +1,6 @@
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ecoscentric.com/ => https://www.ecoscentric.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 	Fully covered subdomains:
 
 		- (www.)	(^ → www)
@@ -10,7 +12,10 @@
 <ruleset name="eCosCentric.com">
 
 	<target host="ecoscentric.com" />
-	<target host="*.ecoscentric.com" />
+	<target host="www.ecoscentric.com" />
+	<target host="www2.ecoscentric.com" />
+	<target host="bugzilla.ecoscentric.com" />
+	<target host="lists.ecoscentric.com" />
 
 
 	<securecookie host="^\.bugzilla\.ecoscentric\.com$" name=".+" />
@@ -22,7 +27,6 @@
 	<rule from="^http://(?:www(2)?\.)?ecoscentric\.com/"
 		to="https://www$1.ecoscentric.com/" />
 
-	<rule from="^http://(bugzilla|lists)\.ecoscentric\.com/"
-		to="https://$1.ecoscentric.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/ECrime_Research.org.xml b/src/chrome/content/rules/ECrime_Research.org.xml
new file mode 100644
index 000000000000..31f2508e94bb
--- /dev/null
+++ b/src/chrome/content/rules/ECrime_Research.org.xml
@@ -0,0 +1,24 @@
+<!--
+	For other Anti-Phishing Working Group coverage, see Anti-Phishing_Working_Group.xml.
+
+
+	www: mismatched
+
+
+	Mixed content:
+
+		- css from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="eCrime Research.org">
+
+	<target host="ecrimeresearch.org" />
+	<target host="www.ecrimeresearch.org" />
+
+
+	<rule from="^http://(?:www\.)?ecrimeresearch\.org/"
+		to="https://ecrimeresearch.org/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ECustomerOpinions.com.xml b/src/chrome/content/rules/ECustomerOpinions.com.xml
new file mode 100644
index 000000000000..69c4bd0f810d
--- /dev/null
+++ b/src/chrome/content/rules/ECustomerOpinions.com.xml
@@ -0,0 +1,37 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.ecustomeropinions.com/ => https://www.ecustomeropinions.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.ecustomeropinions.com'")
+
+	For other eDigitalResearch coverage, see EDigitalResearch.xml.
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- ecustomeropinions.com
+		- www.ecustomeropinions.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="eCustomerOpinions.com" default_off="failed ruleset test">
+
+	<target host="ecustomeropinions.com"/>
+	<target host="www.ecustomeropinions.com"/>
+
+		<!--	Sets cookie without Secure:
+							-->
+		<!--test url="http://ecustomeropinions.com/survey/img.php?sid=&amp;nojs=1" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?ecustomeropinions\.com$" name="^en-persist$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:"/>
+
+</ruleset>
diff --git a/src/chrome/content/rules/ED.gov.xml b/src/chrome/content/rules/ED.gov.xml
index a40a1c004fd2..ce0f3fb0e03f 100644
--- a/src/chrome/content/rules/ED.gov.xml
+++ b/src/chrome/content/rules/ED.gov.xml
@@ -1,58 +1,52 @@
-<ruleset name="ED.gov (partial)" platform="mixedcontent">
-  <target host="ed.gov" />
-  <target host="www.ed.gov" />
-  <target host="cbfisap.ed.gov" />
-  <target host="www.cbfisap.ed.gov" />
-  <target host="cod.ed.gov" />
-  <target host="www.cod.ed.gov" />
-  <target host="dl.ed.gov" />
-  <target host="www.dl.ed.gov" />
-  <target host="schools.dl.ed.gov" />
-  <target host="ecdrappeals.ed.gov" />
-  <target host="e-grants.ed.gov" />
-  <target host="faaaccess.ed.gov" />
-  <target host="www.faaaccess.ed.gov" />
-  <target host="fafsa.ed.gov" />
-  <target host="www.fafsa.ed.gov" />
-  <target host="fafsa.gov" />
-  <target host="www.fafsa.gov" />
-  <target host="fafsalivehelp01.ed.gov" />
-  <target host="www.fafsalivehelp01.ed.gov" />
-  <target host="fsadownload.ed.gov" />
-  <target host="www.fsadownload.ed.gov" />
-  <target host="fsaregistration.ed.gov" />
-  <target host="www.fsaregistration.ed.gov" />
-  <target host="fsawebenroll.ed.gov" />
-  <target host="www.fsawebenroll.ed.gov" />
-  <target host="ifap.ed.gov" />
-  <target host="www.ifap.ed.gov" />
-  <target host="nces.ed.gov" />
-  <target host="www.nces.ed.gov" />
-  <target host="nslds.ed.gov" />
-  <target host="www.nslds.ed.gov" />
-  <target host="pin.ed.gov" />
-  <target host="www.pin.ed.gov" />
-  <target host="sa.ed.gov" />
-  <target host="studentaid.ed.gov" />
-  <target host="www.studentaid.ed.gov" />
-  <target host="studentaid2.ed.gov" />
-  <target host="www.studentaid2.ed.gov" />
-  <target host="tcli.ed.gov" />
-  <target host="www.tcli.ed.gov" />
-  <target host="teach-ats.ed.gov" />
-  <target host="www.teach-ats.ed.gov" />
-  <target host="fafsademo.test.ed.gov" />
-  <target host="usdoedregistration.ed.gov" />
-  <target host="www.usdoedregistration.ed.gov" />
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+		- e-grants.ed.gov
 
-  <securecookie host="(^|(\.))(cbfisap|cod|dl|ecdrappeals|e-grants|faaaccess|fafsa|fsadownload|fsaregistration|fsawebenroll|ifap|nces|nslds|pin|sa|studentaid2?|tcli|teach-ats|(fafsademo\.test)|usdoedregistration)\.ed\.gov$" name=".+" />
-  <securecookie host="(^|(\.))fafsa\.gov$" name=".+" />
+		Timeout was reached:
+		- fafsalivehelp01.ed.gov
+		- www.fafsalivehelp01.ed.gov
+		- nces.ed.gov
+		- studentaid2.ed.gov
+		- www.studentaid2.ed.gov
 
-  <rule from="^https?://(dl\.)?ed\.gov/" to="https://www.$1ed.gov/" />
+		SSL peer certificate was not OK:
+		- www.cbfisap.ed.gov
+		- www.faaaccess.ed.gov
+		- www.fsaregistration.ed.gov
+		- www.nces.ed.gov
 
-  <rule from="^http://(www\.)?fafsa\.gov/" to="https://fafsa.gov/" />
+		Incomplete certificate chain error:
+		-  fsaregistration.ed.gov
 
-  <rule from="^http://((schools\.dl)|ecdrappeals|e-grants|sa|(fafsademo\.test)|www)\.ed\.gov/" to="https://$1.ed.gov/" />
-  <rule from="^((http://(www\.)?)|(https://www\.))(cbfisap|cod|faaaccess|fafsa||fafsalivehelp01||fsawebenroll|nces|pin|studentaid2?|teach-ats|usdoedregistration)\.ed\.gov/" to="https://$5.ed.gov/" />
-  <rule from="^(http://(www\.)?|https://)(dl|fsadownload|fsaregistration|ifap|nslds|tcli)\.ed\.gov/" to="https://www.$3.ed.gov/" />
-</ruleset>
\ No newline at end of file
+		4xx client error:
+		- fafsademo.test.ed.gov
+-->
+<ruleset name="ED.gov (partial)">
+	<target host="ed.gov" />
+	<target host="www.ed.gov" />
+	<target host="cbfisap.ed.gov" />
+	<target host="cod.ed.gov" />
+	<target host="ecdrappeals.ed.gov" />
+	<target host="faaaccess.ed.gov" />
+	<target host="fafsa.ed.gov" />
+	<target host="www.fafsa.ed.gov" />
+	<target host="fsadownload.ed.gov" />
+	<target host="www.fsadownload.ed.gov" />
+	<target host="fsawebenroll.ed.gov" />
+	<target host="ifap.ed.gov" />
+	<target host="www.ifap.ed.gov" />
+	<target host="nslds.ed.gov" />
+	<target host="www.nslds.ed.gov" />
+	<target host="pin.ed.gov" />
+	<target host="www.pin.ed.gov" />
+	<target host="sa.ed.gov" />
+	<target host="studentaid.ed.gov" />
+	<target host="www.studentaid.ed.gov" />
+	<target host="tcli.ed.gov" />
+	<target host="www.tcli.ed.gov" />
+	<target host="teach-ats.ed.gov" />
+	<target host="www.teach-ats.ed.gov" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/EDF_Energy.xml b/src/chrome/content/rules/EDF_Energy.xml
index ee1c3a0b5875..e322e3df04df 100644
--- a/src/chrome/content/rules/EDF_Energy.xml
+++ b/src/chrome/content/rules/EDF_Energy.xml
@@ -7,7 +7,8 @@
 <ruleset name="EDF Energy">
 
 	<target host="edfenergy.com" />
-	<target host="*.edfenergy.com" />
+	<target host="www.edfenergy.com" />
+	<target host="my-account.edfenergy.com" />
 
 
 	<securecookie host="^my-account\.edfenergy\.com$" name=".+" />
@@ -16,7 +17,6 @@
 	<rule from="^http://(?:www\.)?edfenergy\.com/"
 		to="https://www.edfenergy.com/" />
 
-	<rule from="^http://my-account\.edfenergy\.com/"
-		to="https://my-account.edfenergy.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/EDG.com.xml b/src/chrome/content/rules/EDG.com.xml
new file mode 100644
index 000000000000..a16bbb13e498
--- /dev/null
+++ b/src/chrome/content/rules/EDG.com.xml
@@ -0,0 +1,16 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://edg.com/ => https://edg.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.edg.com/ => https://www.edg.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+-->
+<ruleset name="EDG.com" default_off="failed ruleset test">
+
+	<target host="edg.com" />
+	<target host="www.edg.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/EDGAR-Online.xml b/src/chrome/content/rules/EDGAR-Online.xml
index 84ef0a14b4f2..6eb05ae39596 100644
--- a/src/chrome/content/rules/EDGAR-Online.xml
+++ b/src/chrome/content/rules/EDGAR-Online.xml
@@ -1,18 +1,68 @@
-<ruleset name="EDGAR Online">
+<!--
+	Nonfunctional hosts in *edgar-online.com:
+
+		- sec ᵈ
+
+	ᵈ Dropped
+
+
+	Problematic hosts in *edgar-online.com:
+
+		- b2i.api ᵐ
+		- shareholder.api ᵐ
+
+		- google.brand ᵐ
+		- edgar.brand ᵐ
+		- yahoo.brand ᵐ
+
+		- developer ᵐ
+
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- access.edgar-online.com
+		- help.edgar-online.com
+		- pro.edgar-online.com
+		- signup.edgar-online.com
+		- www.edgar-online.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Image on access, pro from www.edgar-online.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="EDGAR-Online.com (partial)">
 
 	<target host="edgar-online.com"/>
-	<target host="*.edgar-online.com"/>
+	<target host="access.edgar-online.com"/>
+	<target host="charts.edgar-online.com"/>
+	<target host="content.edgar-online.com"/>
+	<target host="help.edgar-online.com"/>
+	<target host="pro.edgar-online.com"/>
+	<target host="signup.edgar-online.com"/>
+	<target host="www.edgar-online.com"/>
+
+		<test url="http://content.edgar-online.com/chartiq/images/brand-edgar.png" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:access|pro)\.edgar-online\.com$" name="^(?:ASP\.NET_SessionId|AuthorizeUser)$" /-->
+	<!--securecookie host="^(?:signup|www)\.edgar-online\.com$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^help\.edgar-online\.com$" name="^ASPSESSIONID[A-Z]{8}$" /-->
 
-	<securecookie host="^(.*\.)edgar-online\.com$" name=".*"/>
+	<securecookie host="^\." name="^__qca$" />
+	<securecookie host="^\w" name=".+" />
 
-	<!--	!www doesn't work over https, redirects to homepage over http.	-->
-	<rule from="^http://edgar-online\.com/"
-		to="https://www.edgar-online.com/"/>
 
-	<!--	charts are embedded on 3rd-party websites.
-		!found any nonfunctional subdomains, encountered:
-		charts, pro, signup, www	-->
-	<rule from="^http://(\w+)\.edgar-online\.com/"
-		to="https://$1.edgar-online.com/"/>
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/EDI-Health-Group-mismatches.xml b/src/chrome/content/rules/EDI-Health-Group-mismatches.xml
index 44699c08f36d..72a571fbc1ea 100644
--- a/src/chrome/content/rules/EDI-Health-Group-mismatches.xml
+++ b/src/chrome/content/rules/EDI-Health-Group-mismatches.xml
@@ -1,9 +1,9 @@
-<ruleset name="EDI Health Group (mismatches)" default_off="mismatches">
+<ruleset name="EDI Health Group (mismatches)" default_off="mismatched">
 
 	<target host="payconnect.net"/>
 	<target host="www.payconnect.net"/>
 
-	<securecookie host="^(.*\.)?payconnect\.net$" name=".*"/>
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http://(?:www\.)?payconnect\.net/"
 		to="https://payconnect.net/"/>
diff --git a/src/chrome/content/rules/EDI-Health-Group.xml b/src/chrome/content/rules/EDI-Health-Group.xml
index acb5c36ae824..55753a824b00 100644
--- a/src/chrome/content/rules/EDI-Health-Group.xml
+++ b/src/chrome/content/rules/EDI-Health-Group.xml
@@ -3,7 +3,8 @@
 	<target host="claimconnect.net"/>
 	<target host="www.claimconnect.net"/>
 	<target host="dentalxchange.com"/>
-	<target host="*.dentalxchange.com"/>
+	<target host="www.dentalxchange.com" />
+	<target host="claimconnect.dentalxchange.com" />
 	<target host="edihealth.com"/>
 	<target host="www.edihealth.com"/>
 	<target host="edihealth.net"/>
@@ -12,8 +13,8 @@
 	<target host="www.webclaim.net"/>
 	<target host="secure.payconnect.net"/>
 
-	<securecookie host="^(.*\.)?dentalexchange\.com$" name=".*"/>
-	<securecookie host="^secure\.payconnect\.net$" name=".*"/>
+	<securecookie host="^(?:.*\.)?dentalexchange\.com$" name=".+" />
+	<securecookie host="^secure\.payconnect\.net$" name=".+" />
 
 	<rule from="^http://(?:www\.)?claimconnect\.net/"
 		to="https://www.dentalxchange.com/x/claimconnect.jsp"/>
@@ -21,13 +22,10 @@
 	<rule from="^http://(?:www\.)?(?:dentalxchange\.com|(?:edihealth|webclaim)\.net)/"
 		to="https://www.dentalxchange.com/"/>
 
-	<rule from="^http://claimconnect\.dentalxchange\.com/"
-		to="https://claimconnect.dentalxchange.com/"/>
 
 	<rule from="^http://(?:www\.)?edihealth\.com/"
 		to="https://www.dentalxchange.com/x/partners/webclaim.jsp"/>
 
-	<rule from="^http://secure\.payconnect\.net/"
-		to="https://secure.payconnect.net/"/>
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/EDI7.lu.xml b/src/chrome/content/rules/EDI7.lu.xml
deleted file mode 100644
index 5b791a19d682..000000000000
--- a/src/chrome/content/rules/EDI7.lu.xml
+++ /dev/null
@@ -1,26 +0,0 @@
-<!--
-	EDI7 Media
-
-
-	Other EDI7 Media rulesets:
-
-		- PCINpact.com.xml
-
-
-	Nonfunctional subdomains:
-
-		- (www.)	(shows www2)
-
--->
-<ruleset name="EDI7.lu (partial)">
-
-	<target host="www2.edi7.lu" />
-
-
-	<securecookie host="^www2\.edi7\.lu$" name=".+" />
-
-
-	<rule from="^http://www2\.edi7\.lu/"
-		to="https://www2.edi7.lu/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/EDP.pt.xml b/src/chrome/content/rules/EDP.pt.xml
index 73a1a57d4965..1a06e311fa8f 100644
--- a/src/chrome/content/rules/EDP.pt.xml
+++ b/src/chrome/content/rules/EDP.pt.xml
@@ -1,6 +1,53 @@
-<ruleset name="EDP.pt">
-  <target host="edp.pt" />
-  <target host="www.edp.pt" />
 
-  <rule from="^http://(?:www\.)?edp\.pt/" to="https://www.edp.pt/" />
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.edpessoa.internet.edp.pt/ => https://www.edpessoa.internet.edp.pt/: (6, 'Could not resolve host: www.edpessoa.internet.edp.pt')
+
+	Mismatch:
+	remarks.edp.pt
+	webmail.edp.pt
+	(www.)fablabedp.edp.pt
+	legacy.edp.pt
+	quemquerserextraordinario.edp.pt (and expired)
+	(www.)2050.edp.pt
+	geracaoedp.edp.pt (mismatch, self-signed, expired)
+	^edp.pt
+
+	Timeout:
+	www.voluntariado.edp.pt
+	(www.)twist.edp.pt
+	(www.)edpartners.edp.pt
+	(www.)edpannualreport.edp.pt
+
+	Refused:
+	gi.edp.pt
+	gslm.edp.pt
+	gme.edp.pt
+	geoact.edp.pt
+	c2c.edp.pt
+	www.cdme.edp.pt
+	(www.)browsedp.edp.pt
+	(www.)premioedpinovacao.edp.pt
+-->
+
+<ruleset name="Edp.pt" default_off="failed ruleset test">
+	<target host="www.edp.pt" />
+	<target host="edp.pt" />
+	<target host="edplivebands.edp.pt" />
+	<target host="comunidade.edp.pt" />
+	<target host="energia.edp.pt" />
+	<target host="edponline.edp.pt" />
+	<target host="1seculodeenergia.edp.pt" />
+	<target host="provedordocliente.edp.pt" />
+	<target host="redy.edp.pt" />
+	<target host="gestaoconsumos.edp.pt" />
+	<target host="www.edpessoa.internet.edp.pt" />
+	<target host="fapa.edp.pt" />
+	<target host="iam.edp.pt" />
+	<target host="sinergie.misy.eu" />
+	<target host="sts.edp.pt" />
+	<target host="ease.edp.pt" />
+
+	<rule from="^http://edp\.pt/" to="https://www.edp.pt/" />
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/EDRDG.org.xml b/src/chrome/content/rules/EDRDG.org.xml
new file mode 100644
index 000000000000..713f598fa383
--- /dev/null
+++ b/src/chrome/content/rules/EDRDG.org.xml
@@ -0,0 +1,13 @@
+<!--
+	edrdg.org has a wildcard DNS record, so enumerating all subdomains is impossible.
+	The certificate is only valid for www.edrdg.org, not edrdg.org or any other subdomains.
+-->
+<ruleset name="EDRDG.org">
+	<target host="edrdg.org" />
+	<target host="www.edrdg.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://edrdg\.org/" to="https://www.edrdg.org/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/EDR_CDN.com.xml b/src/chrome/content/rules/EDR_CDN.com.xml
new file mode 100644
index 000000000000..6866686f30c2
--- /dev/null
+++ b/src/chrome/content/rules/EDR_CDN.com.xml
@@ -0,0 +1,28 @@
+<!--
+	For other eDigitalResearch coverage, see EDigitalResearch.xml.
+
+
+	www.edrcdn.com: Mismatched
+
+-->
+<ruleset name="eDR CDN.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="edrcdn.com" />
+
+	<!--	Complications:
+				-->
+	<target host="www.edrcdn.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://www\.edrcdn\.com/"
+		to="https://edrcdn.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/EDRi.org.xml b/src/chrome/content/rules/EDRi.org.xml
new file mode 100644
index 000000000000..87e7d45068ce
--- /dev/null
+++ b/src/chrome/content/rules/EDRi.org.xml
@@ -0,0 +1,20 @@
+<!--
+	Mixed content:
+
+		- Images from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="EDRi.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="edri.org" />
+	<target host="www.edri.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/EDeveloperz.xml b/src/chrome/content/rules/EDeveloperz.xml
index 98509a5effef..bfec4cda301c 100644
--- a/src/chrome/content/rules/EDeveloperz.xml
+++ b/src/chrome/content/rules/EDeveloperz.xml
@@ -1,20 +1,30 @@
 <!--
-	Problematic subdomains:
+	Problematic hosts in *edeveloperz.com:
 
-		- ^	(record_too_long)
-		- www	(times out)
+		- (www.)? ʳ
+		- version5 ʳ
+
+	ʳ Refused
 
 -->
-<ruleset name="eDeveloperz (partial)">
+<ruleset name="eDeveloperz.com">
 
-	<target host="edeveloperz.com" />
-	<target host="*.edeveloperz.com" />
+	<!--	Direct rewrites:
+				-->
+	<target host="version6.edeveloperz.com" />
 
+	<!--	Complications:
+				-->
+	<target host="edeveloperz.com" />
+	<target host="version5.edeveloperz.com" />
+	<target host="www.edeveloperz.com" />
 
-	<rule from="^https?://(?:www\.)?edeveloperz\.com/([^\?]*)(?:\?.*)"
-		to="https://version5.edeveloperz.com/$1" />
+	<!--	Redirect keeps path, but not forward slash nor args:
+									-->
+	<rule from="^http://(?:version5\.|www\.)?edeveloperz\.com/+([^?]*)(?:\?.*)?"
+		to="https://version6.edeveloperz.com/$1" />
 
-	<rule from="^http://version5\.edeveloperz\.com/"
-		to="https://version5.edeveloperz.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/EDialogue.org.xml b/src/chrome/content/rules/EDialogue.org.xml
new file mode 100644
index 000000000000..4c1856985295
--- /dev/null
+++ b/src/chrome/content/rules/EDialogue.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="eDialogue.org">
+	<target host="edialogue.org" />
+	<target host="www.edialogue.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/EDigitalResearch.xml b/src/chrome/content/rules/EDigitalResearch.xml
index 02e39446e065..5315413ae1a4 100644
--- a/src/chrome/content/rules/EDigitalResearch.xml
+++ b/src/chrome/content/rules/EDigitalResearch.xml
@@ -1,11 +1,40 @@
-<ruleset name="eDigitalResearch (partial)">
 
-	<target host="ecustomeropinions.com"/>
-	<target host="www.ecustomeropinions.com"/>
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://edigitalresearch.com/ => https://edigitalresearch.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.edigitalresearch.com'")
+Fetch error: http://www.edigitalresearch.com/ => https://www.edigitalresearch.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.edigitalresearch.com'")
 
-	<securecookie host="^ecustomeropinions\.com$" name=".*"/>
+	Other eDigitalResearch rulesets:
 
-	<rule from="^http://(?:www\.)?ecustomeropinions\.com/"
-		to="https://ecustomeropinions.com/"/>
+		- ECustomerOpinions.com.xml
+		- EDR_CDN.com.xml
+
+
+	Nonfunctional hosts in *edigitalresearch.com:
+
+		- public *
+
+	* Refused
+
+
+	Mixed content:
+
+		- Images from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="eDigitalResearch.com (partial)" default_off="failed ruleset test">
+
+	<target host="edigitalresearch.com"/>
+	<target host="www.edigitalresearch.com"/>
+
+
+	<securecookie host="^\." name="^_gat?$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:"/>
 
 </ruleset>
diff --git a/src/chrome/content/rules/EDigitalSurvey.com.xml b/src/chrome/content/rules/EDigitalSurvey.com.xml
new file mode 100644
index 000000000000..bcb3d9a55f6c
--- /dev/null
+++ b/src/chrome/content/rules/EDigitalSurvey.com.xml
@@ -0,0 +1,27 @@
+<!--
+	For other eDigitalResearch coverage, see EDigitalResearch.xml.
+
+
+	Insecure cookies are set for these hosts:
+
+		- edigitalsurvey.com
+		- www.edigitalsurvey.com
+
+-->
+<ruleset name="eDigitalSurvey.com">
+
+	<target host="edigitalsurvey.com"/>
+	<target host="www.edigitalsurvey.com"/>
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?edigitalsurvey\.com$" name="^en-persist$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:"/>
+
+</ruleset>
diff --git a/src/chrome/content/rules/EDirectDebit.xml b/src/chrome/content/rules/EDirectDebit.xml
index a1d8ce2d96fa..0e932a0e1cf8 100644
--- a/src/chrome/content/rules/EDirectDebit.xml
+++ b/src/chrome/content/rules/EDirectDebit.xml
@@ -1,4 +1,9 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://edirectdebit.com/ => https://www.edirectdebit.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.edirectdebit.com/ => https://www.edirectdebit.com/: (28, 'Connection timed out after 20000 milliseconds')
+
 	Nonfunctional domains:
 
 		- edirect-debit.com	(no https)
@@ -7,7 +12,7 @@
 	!www: cert only matches www
 
 -->
-<ruleset name="eDirectDebit (partial)">
+<ruleset name="eDirectDebit (partial)" default_off="failed ruleset test">
 
 	<target host="edirectdebit.com" />
 	<target host="www.edirectdebit.com" />
@@ -16,7 +21,7 @@
 	<securecookie host="^www\.edirectdebit\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?edirectdebit\.com/"
+	<rule from="^http://(?:www\.)?edirectdebit\.com/"
 		to="https://www.edirectdebit.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/EDonorCentral.com.xml b/src/chrome/content/rules/EDonorCentral.com.xml
new file mode 100644
index 000000000000..4e4aed91df6a
--- /dev/null
+++ b/src/chrome/content/rules/EDonorCentral.com.xml
@@ -0,0 +1,14 @@
+<ruleset name="eDonorCentral.com">
+
+	<target host="edonorcentral.com" />
+	<target host="www.edonorcentral.com" />
+
+
+	<!--	Secured by server:
+					-->
+	<!--securecookie host="^(www\.)?edonorcentral\.com$" name="^ASPSESSIONID\w{8}$" /-->
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/EEQJ.xml b/src/chrome/content/rules/EEQJ.xml
deleted file mode 100644
index 6a7707a7288c..000000000000
--- a/src/chrome/content/rules/EEQJ.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="EEQJ">
-
-	<target host="eeqj.com" />
-	<target host="www.eeqj.com" />
-
-
-	<securecookie host="^eeqj\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?eeqj\.com/"
-		to="https://$1eeqj.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/EET_Group.xml b/src/chrome/content/rules/EET_Group.xml
index d342e9c79de5..97526b7c6bb9 100644
--- a/src/chrome/content/rules/EET_Group.xml
+++ b/src/chrome/content/rules/EET_Group.xml
@@ -1,18 +1,54 @@
-<ruleset name="EET Group">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://eet.eu/ => https://eet.eu/: (28, 'Connection timed out after 20001 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://eet.eu/ => https://eet.eu/: (28, 'Connection timed out after 10000 milliseconds')
+-->
+<ruleset name="EET Group" default_off="failed ruleset test">
 
 	<target host="eet.eu" />
-	<target host="*.eet.eu" />
-	<target host="*.eetgroup.com" />
-	<target host="*.eetnordic.com" />
+	<target host="s.eet.eu" />
+	<target host="www.eet.eu" />
+	<target host="at.eetgroup.com" />
+	<target host="be.eetgroup.com" />
+	<target host="ch.eetgroup.com" />
+	<target host="cz.eetgroup.com" />
+	<target host="de.eetgroup.com" />
+	<target host="dk.eetgroup.com" />
+	<target host="es.eetgroup.com" />
+	<target host="fi.eetgroup.com" />
+	<target host="fr.eetgroup.com" />
+	<target host="it.eetgroup.com" />
+	<target host="nl.eetgroup.com" />
+	<target host="no.eetgroup.com" />
+	<target host="pl.eetgroup.com" />
+	<target host="pt.eetgroup.com" />
+	<target host="se.eetgroup.com" />
+	<target host="uk.eetgroup.com" />
+	<target host="at.eetnordic.com" />
+	<target host="be.eetnordic.com" />
+	<target host="ch.eetnordic.com" />
+	<target host="cz.eetnordic.com" />
+	<target host="de.eetnordic.com" />
+	<target host="dk.eetnordic.com" />
+	<target host="es.eetnordic.com" />
+	<target host="fi.eetnordic.com" />
+	<target host="fr.eetnordic.com" />
+	<target host="it.eetnordic.com" />
+	<target host="nl.eetnordic.com" />
+	<target host="no.eetnordic.com" />
+	<target host="pl.eetnordic.com" />
+	<target host="pt.eetnordic.com" />
+	<target host="se.eetnordic.com" />
+	<target host="uk.eetnordic.com" />
 
 
 	<securecookie host="^.*\.eet(?:group|nordic)\.com$" name=".+" />
 
 
-	<rule from="^http://(s\.|www\.)?eet\.eu/"
-		to="https://$1eet.eu/" />
 
-	<rule from="^http://(at|be|ch|cz|de|dk|es|fi|fr|it|nl|no|pl|pt|se|uk)\.eet(group|nordic)\.com/"
-		to="https://$1.eet$2.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/EE_Times-mixed.xml b/src/chrome/content/rules/EE_Times-mixed.xml
index 6e2888fadb31..dfe76b2e468c 100644
--- a/src/chrome/content/rules/EE_Times-mixed.xml
+++ b/src/chrome/content/rules/EE_Times-mixed.xml
@@ -1,8 +1,14 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://video.eetimes.com/ => https://video.eetimes.com/: (6, 'Could not resolve host: video.eetimes.com')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://video.eetimes.com/ => https://video.eetimes.com/: (6, 'Could not resolve host: video.eetimes.com')
 	For rules that do not cause mixed content, see EE_Times.xml.
 
 -->
-<ruleset name="EE Times (mixed content)" platform="mixedcontent">
+<ruleset name="EE Times (mixed content)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="video.eetimes.com" />
 
@@ -10,7 +16,6 @@
 	<securecookie host="^video\.eetimes\.com$" name=".+" />
 
 
-	<rule from="^http://video\.eetimes\.com/"
-		to="https://video.eetimes.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/EE_Times.xml b/src/chrome/content/rules/EE_Times.xml
index b4b12ce99c86..468ed5adaaaf 100644
--- a/src/chrome/content/rules/EE_Times.xml
+++ b/src/chrome/content/rules/EE_Times.xml
@@ -1,4 +1,10 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://eetimes.com/ => https://eetimes.com/: (28, 'Connection timed out after 20007 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://eetimes.com/ => https://eetimes.com/: (7, 'Failed to connect to eetimes.com port 443: Connection refused')
 	For rules causing mixed content, see EE_Times-mixed.xml.
 
 	For other UBM coverage, see UBM.xml.
@@ -16,10 +22,14 @@
 		- video		(mixed iframe from sso.techonline.com & video from brightcove.vo.llnwd.net)
 
 -->
-<ruleset name="EE Times (partial)">
+<ruleset name="EE Times (partial)" default_off="failed ruleset test">
 
 	<target host="eetimes.com" />
-	<target host="*.eetimes.com" />
+	<target host="cdn.eetimes.com" />
+	<target host="confidential.eetimes.com" />
+	<target host="new.eetimes.com" />
+	<target host="www.eetimes.com" />
+	<target host="om.eetimes.com" />
 
 
 	<!--	Omniture cookies:
@@ -28,10 +38,9 @@
 	<securecookie host="^www\.eetimes\.com$" name=".+" />
 
 
-	<rule from="^http://((?:cdn|confidential|new|www)\.)?eetimes\.com/"
-		to="https://$1eetimes.com/" />
 
-	<rule from="^https?://om\.eetimes\.com/"
+	<rule from="^http://om\.eetimes\.com/"
 		to="https://eetimes-com.112.2o7.net/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/EFAIL.de.xml b/src/chrome/content/rules/EFAIL.de.xml
new file mode 100644
index 000000000000..9e6cadafed98
--- /dev/null
+++ b/src/chrome/content/rules/EFAIL.de.xml
@@ -0,0 +1,8 @@
+<ruleset name="EFAIL.de">
+	<target host="efail.de" />
+	<target host="www.efail.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/EFF.xml b/src/chrome/content/rules/EFF.xml
index 26b37c20bcb3..058042668846 100644
--- a/src/chrome/content/rules/EFF.xml
+++ b/src/chrome/content/rules/EFF.xml
@@ -1,59 +1,16 @@
 <!--
 	Other EFF rulesets:
-
-		- Copyright-Watch.org.xml
-		- Jailbreaking_Is_Not_a_Crime.org.xml
-		- Necessary_and_Proportionate.org.xml
-		- Open_Wireless_Movement.xml
-		- Trolling_Effects.org.xml
+		- Freerangekitten.com.xml
+		- IFightSurveillance.org.xml
+		- Panopticlick.com.xml
 
 -->
-<ruleset name="EFF">
 
-	<target host="eff.org" />
-	<target host="*.eff.org" />
-		<exclusion pattern="^http://action\.eff\.org/" />
-	<!--	* for cross-subdomain cookie.	-->
-	<target host="*.supporters.eff.org" />
-	<target host="defendinnovation.org" />
-	<target host="www.defendinnovation.org" />
-	<target host="globalchokepoints.org" />
-	<target host="www.globalchokepoints.org" />
+<ruleset name="EFF">
 	<target host="httpsnow.org" />
 	<target host="www.httpsnow.org" />
-	<target host="ripmixmake.org" />
-	<target host="www.ripmixmake.org" />
-
-
-	<securecookie host="^.*\.eff\.org$" name=".*" />
-
-
-	<rule from="^http://secure\.eff\.org/donate"
-		to="https://secure.eff.org/site/Donation2?idb=43804189&#x26;df_id=1200" />
-
-	<rule from="^http://secure\.eff\.org/mechaposter"
-		to="https://secure.eff.org/site/Ecommerce?VIEW_PRODUCT=true&#x26;product_id=2161&#x26;store_id=2441" />
-
-	<rule from="^http://secure\.eff\.org/wiretapping"
-		to="https://secure.eff.org/site/Donation2?idb=1344423068&#x26;df_id=1220" />
-
-	<rule from="^http://([^/:@\.]+\.)?eff\.org/"
-		to="https://$1eff.org/" />
-
-	<!--
-		This is for promoting HTTPS Everywhere to eff.org visitors, but
-		we don't want to bug people who already have it installed!
-	-->
-
-	<rule from="^https://www\.eff\.org/sites/all/themes/frontier/images/get-https-e(-chrome)?.png"
-		to="https://www.eff.org/sites/all/themes/frontier/images/got-https-e$1.png" />
-
-
-	<!--
-		Other EFF websites that support HTTPS.
-	-->
 
-	<rule from="^http://(www\.)?(defendinnovation|globalchokepoints|httpsnow|ripmixmake)\.org/"
-		to="https://$1$2.org/" />
+	<securecookie host=".+" name=".+" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/EFTPlus.asia.xml b/src/chrome/content/rules/EFTPlus.asia.xml
deleted file mode 100644
index 5840fbb7fc96..000000000000
--- a/src/chrome/content/rules/EFTPlus.asia.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	CDN buckets:
-
-		- d2a51w253vzgsa.cloudfront.net
-
--->
-<ruleset name="EFTPlus.asia">
-
-	<target host="eftplus.asia" />
-	<target host="*.eftplus.asia" />
-
-
-	<securecookie host="^(?:w*\.)?eftplus\.asia$" name=".+" />
-
-
-	<rule from="^http://(www\.)?eftplus\.asia/"
-		to="https://$1eftplus.asia/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/EFinancialCareers.cn.xml b/src/chrome/content/rules/EFinancialCareers.cn.xml
new file mode 100644
index 000000000000..fb74124aaf2b
--- /dev/null
+++ b/src/chrome/content/rules/EFinancialCareers.cn.xml
@@ -0,0 +1,67 @@
+<!--
+	For other Dice Holdings coverage, see Dice.com.xml.
+
+
+	CDN buckets:
+
+		- d7iot6i6t25i6.cloudfront.net
+
+
+	Nonfunctional hosts:
+
+		- news.efinancialcareers.cn *
+
+	* Dropped
+
+
+	^efinancialcareers.cn: Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.efinancialcareers.cn
+
+-->
+<ruleset name="eFinancialCareers.cn (partial)">
+
+	<target host="efinancialcareers.cn" />
+	<target host="www.efinancialcareers.cn" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.efinancialcareers\.cn/($|favicon\.ico)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://(?:www\.)?efinancialcareers\.cn/+(?!login|myefc/profile|resources/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.efinancialcareers.cn/jobs-Information_Technology.s019" />
+			<test url="http://efinancialcareers.cn/search" />
+			<test url="http://www.efinancialcareers.cn/search" />
+			<test url="http://www.efinancialcareers.cn/sitemap/html" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.efinancialcareers.cn/myefc/profile" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.efinancialcareers\.cn$" name="^(JSESSIONID|SID|matchingCompaniesAlertShown)$" /-->
+
+
+	<!--	Redirect keeps path and args,
+		but not forward slash:
+					-->
+	<rule from="^http://efinancialcareers\.cn/+"
+		to="https://www.efinancialcareers.cn/" />
+
+		<test url="http://efinancialcareers.cn/login" />
+		<test url="http://efinancialcareers.cn/myefc/profile" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/EFinancialCareers.xml b/src/chrome/content/rules/EFinancialCareers.xml
index d3d53ad29d3b..0524d8ac4af4 100644
--- a/src/chrome/content/rules/EFinancialCareers.xml
+++ b/src/chrome/content/rules/EFinancialCareers.xml
@@ -1,46 +1,89 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://myefc.efinancialcareers.com/ (200) => https://myefc.efinancialcareers.com/ (503)
+Non-2xx HTTP code: http://partner-myefc.efinancialcareers.com/ (200) => https://partner-myefc.efinancialcareers.com/ (503)
+Fetch error: http://news-cdn.efinancialcareers.com/ => https://d2p98mys7gexzy.cloudfront.net/: (6, 'Could not resolve host: d2p98mys7gexzy.cloudfront.net')
+
 	For other Dice Holdings coverage, see Dice.com.xml.
 
 
 	CDN buckets:
 
+		- d2p98mys7gexzy.cloudfront.net ← news-cdn
+
 		- www.efinancialcareers.com.edgesuite.net
-			- jobs.efinancialcareers.com
-			- static.efinancialcareers.com
-			- www.efinancialcareers.com
 
 
-	Nonfunctional subdomains:
+	Nonfunctional hosts in *efinancialcareers.com:
 
-		- ^
-		- jobs		(Akamai; 504)
-		- static	(Akamai; 503)
-		- www		(Akamai; 504)
-		- www-origin
+		- jobs ¹
+		- news ²
+		- recruiters ²
+		- static ³
+		- www-origin ¹
 
+	¹ Refused
+	² Dropped
+	³ Redirects to http
 
-	Problematic subdomains:
 
-		- news *
+	Problematic hosts in *efinancialcareers.com:
 
-	* CN: *.wordpress.com.  Covered in WordPress-blogs.xml.
-	Cookies thereof are secured here.
+		- news-cdn *
 
+	* Mismatched
 
-	Fully covered subdomains:
 
-		- backoffice
+	Insecure cookies are set for these domains and hosts:
+
+		- .efinancialcareers.com
+		- www.efinancialcareers.com
 
 -->
-<ruleset name="eFinancialCareers">
+<ruleset name="eFinancialCareers.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="efinancialcareers.com" />
+	<target host="backoffice.efinancialcareers.com" />
+	<target host="m.efinancialcareers.com" />
+	<target host="mbeta.efinancialcareers.com" />
+	<target host="myefc.efinancialcareers.com" />
+	<target host="partner-myefc.efinancialcareers.com" />
+	<target host="www.efinancialcareers.com" />
+
+	<!--	Complications:
+				-->
+	<target host="news-cdn.efinancialcareers.com" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.efinancialcareers\.com/($|favicon\.ico)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://(?:www\.)?efinancialcareers\.com/(?!login|myefc/profile|resources/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.efinancialcareers.com/jobs-Information_Technology.s019" />
+			<test url="http://www.efinancialcareers.com/search" />
+			<test url="http://www.efinancialcareers.com/sitemap/html" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.efinancialcareers.com/myefc/profile" />
 
-	<target host="*.efinancialcareers.com" />
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.efinancialcareers\.com$" name="^__utm\w+$" /-->
+	<!--securecookie host="^www\.efinancialcareers\.com$" name="^(JSESSIONID|SID|matchingCompaniesAlertShown)$" /-->
 
-	<securecookie host="^.*\.efinancialcareers\.com$" name=".+" />
+	<securecookie host="^\." name="^__utm" />
 
 
-	<rule from="^http://backoffice\.efinancialcareers\.com/"
-		to="https://backoffice.efinancialcareers.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/EForensics_Mag.com.xml b/src/chrome/content/rules/EForensics_Mag.com.xml
new file mode 100644
index 000000000000..d89fc1bb79f6
--- /dev/null
+++ b/src/chrome/content/rules/EForensics_Mag.com.xml
@@ -0,0 +1,23 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .eforensicsmag.com
+
+-->
+<ruleset name="eForensics Mag.com">
+
+	<target host="eforensicsmag.com" />
+	<target host="www.eforensicsmag.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.eforensicsmag\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.eforensicsmag\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/EForsa.pl.xml b/src/chrome/content/rules/EForsa.pl.xml
new file mode 100644
index 000000000000..d328cfa81ca8
--- /dev/null
+++ b/src/chrome/content/rules/EForsa.pl.xml
@@ -0,0 +1,24 @@
+<!--
+	Mixed content:
+
+		- Images from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="eForsa.pl">
+
+	<target host="eforsa.pl" />
+	<target host="www.eforsa.pl" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^eforsa\.pl$" name="^kohanasession(_data)?$" /-->
+
+	<securecookie host="^\.?eforsa\.pl$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/EFukt.com.xml b/src/chrome/content/rules/EFukt.com.xml
new file mode 100644
index 000000000000..7311b21753d1
--- /dev/null
+++ b/src/chrome/content/rules/EFukt.com.xml
@@ -0,0 +1,42 @@
+<!--
+	Nonfunctional subdomains:
+
+		- (www.)? *
+		- content ¹
+		- i ²
+
+
+	* Handshake fails
+	¹ Redirects to www
+	² Dropped
+
+
+	Mixed content:
+
+		- Images, from:
+
+			- content ¹
+			- i ¹
+
+		- Bugs from platform.twitter.com ²
+
+	¹ Unsecurable
+	² Secured by us
+
+-->
+<ruleset name="eFukt.com" default_off="handshake failure">
+
+	<target host="efukt.com" />
+	<target host="www.efukt.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?efukt\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^(?:www\.)?efukt\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/EFurnitureNY.xml b/src/chrome/content/rules/EFurnitureNY.xml
index 415f15fef6e6..0c4c7f87f3af 100644
--- a/src/chrome/content/rules/EFurnitureNY.xml
+++ b/src/chrome/content/rules/EFurnitureNY.xml
@@ -1,13 +1,12 @@
 <ruleset name="eFurnitureNY">
 
 	<target host="efurnitureny.com" />
-	<target host="*.efurnitureny.com" />
+	<target host="www.efurnitureny.com" />
 
 
-	<securecookie host="^(?:.*\.)?efurnitureny\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(www\.)?efurnitureny\.com/"
-		to="https://$1efurnitureny.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/EHIC.org.uk.xml b/src/chrome/content/rules/EHIC.org.uk.xml
new file mode 100644
index 000000000000..821991f140a3
--- /dev/null
+++ b/src/chrome/content/rules/EHIC.org.uk.xml
@@ -0,0 +1,16 @@
+<!--
+	^ehic.org.uk doesn't exist.
+
+-->
+<ruleset name="EHIC.org.uk">
+
+	<target host="www.ehic.org.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/EHWiki.org.xml b/src/chrome/content/rules/EHWiki.org.xml
new file mode 100644
index 000000000000..f1593602baae
--- /dev/null
+++ b/src/chrome/content/rules/EHWiki.org.xml
@@ -0,0 +1,14 @@
+<!--
+	For other E-Hentai.org coverage see E-Hentai.org.xml
+
+	Mismatched:
+		- test
+-->
+<ruleset name="EHWiki.org">
+	<target host="ehwiki.org" />
+	<target host="www.ehwiki.org" />
+	<target host="test.ehwiki.org" />
+
+	<rule from="^http://test\.ehwiki\.org/" to="https://ehwiki.org/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/EIA.gov.xml b/src/chrome/content/rules/EIA.gov.xml
new file mode 100644
index 000000000000..1f8836fb0c35
--- /dev/null
+++ b/src/chrome/content/rules/EIA.gov.xml
@@ -0,0 +1,43 @@
+<!--
+	U.S. Energy Information Administration
+
+
+
+	Nonfunctional hosts in *eia.gov:
+
+		- ir ᵈ
+
+	ᵈ Dropped
+
+
+	^eia.gov: Dropped
+
+
+	These altnames don't exist:
+
+		- cdn.eia.gov
+		- vizapi.eia.gov
+
+-->
+<ruleset name="EIA.gov (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="api.eia.gov" />
+	<target host="www.eia.gov" />
+
+	<!--	Complications:
+				-->
+	<target host="eia.gov" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://eia\.gov/"
+		to="https://www.eia.gov/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/EIDQ.xml b/src/chrome/content/rules/EIDQ.xml
index 3c9c4d8046cf..b46c73a0767c 100644
--- a/src/chrome/content/rules/EIDQ.xml
+++ b/src/chrome/content/rules/EIDQ.xml
@@ -1,13 +1,22 @@
-<ruleset name="EIDQ">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://eidq.org/ => https://eidq.org/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.eidq.org/ => https://www.eidq.org/: (60, 'SSL certificate problem: certificate has expired')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://eidq.org/ => https://eidq.org/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.eidq.org/ => https://www.eidq.org/: (60, 'SSL certificate problem: certificate has expired')
+-->
+<ruleset name="EIDQ" default_off="failed ruleset test">
 
 	<target host="eidq.org" />
 	<target host="www.eidq.org" />
 
 
-	<securecookie host="^(www\.)?eidq\.org$" name=".*" />
+	<securecookie host="^(?:www\.)?eidq\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?eidq\.org/"
-		to="https://$1eidq.org/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/EIS_Kent.co.uk.xml b/src/chrome/content/rules/EIS_Kent.co.uk.xml
new file mode 100644
index 000000000000..a64a0f1904a5
--- /dev/null
+++ b/src/chrome/content/rules/EIS_Kent.co.uk.xml
@@ -0,0 +1,51 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.eiskent.co.uk/ => https://www.eiskent.co.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'www.eiskent.co.uk'")
+Fetch error: http://eiskent.co.uk/ => https://www.eiskent.co.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'www.eiskent.co.uk'")
+
+	Education IT Services Kent
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	^eiskent.co.uk: Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.eiskent.co.uk
+
+
+	Mixed content:
+
+		- css from www.google.com ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="EIS Kent.co.uk" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.eiskent.co.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="eiskent.co.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.eiskent\.co\.uk$" name="^ISAWPLB\{[\dA-F]{8}(?:-[\da-f]{4}){3}-[\dA-F]{8}\}$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://eiskent\.co\.uk/"
+		to="https://www.eiskent.co.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/EKWB.com.xml b/src/chrome/content/rules/EKWB.com.xml
new file mode 100644
index 000000000000..1d5d1fd907a5
--- /dev/null
+++ b/src/chrome/content/rules/EKWB.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="EKWB Cooling Solutions">
+	<target host="ekwb.com" />
+	<target host="www.ekwb.com" />
+
+	<securecookie host="^(?:www\.)?ekwb\.com" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/EKomi.xml b/src/chrome/content/rules/EKomi.xml
deleted file mode 100644
index 7fbe00f961e3..000000000000
--- a/src/chrome/content/rules/EKomi.xml
+++ /dev/null
@@ -1,46 +0,0 @@
-<!--
-	Problematic domains:
-
-		- (www.)akomi.(at|ch)		(no https)
-		- ekomi.(co.za|it|se|sk)	(mismatched, CN: ssl.ekomi.de)
-		- ssl.ekomi.de			(mismatched, CN: www.ekomi.de)
-
-
-	Fully covered domains:
-
-		- (www.)akomi.(at|ch)		(→ www.ekomi.de)
-		- (www.)ekomi.(co.uk|de|es|fr|nl)
-		- (www.)ekomi.(co.za|it|se|sk)	(^ → www)
-		- ssl.ekomi.de			(→ www)
-		- vf-js.ekomi.de
-		- (www.)ekomi-us.com
-
--->
-<ruleset name="eKomi">
-
-	<target host="ekomi.*" />
-	<target host="www.ekomi.*" />
-	<target host="ekomi.co.*" />
-	<target host="*.ekomi.co.uk" />
-	<target host="www.ekomi.co.za" />
-	<target host="*.ekomi.de" />
-	<target host="ekomi-us.com" />
-	<target host="www.ekomi-us.com" />
-
-
-	<securecookie host="^(?:www)?\.ekomi(?:\.\w\w|\.co\.\w\w|-us\.com)$" name=".+" />
-
-
-	<rule from="^https?://(?:www\.)?ekomi\.(?:at|ch)/"
-		to="https://www.ekomi.de/" />
-
-	<rule from="^https?://ssl\.ekomi\.de/"
-		to="https://www.ekomi.de/" />
-
-	<rule from="^https?://ekomi\.(co\.za|it|se|sk)/"
-		to="https://www.ekomi.$1/" />
-
-	<rule from="^http://(vf-js\.|www\.)?ekomi(\.\w\w|\.co\.\w\w|-us\.com)/"
-		to="https://$1ekomi$2/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/ELENA-Verfahren.de.xml b/src/chrome/content/rules/ELENA-Verfahren.de.xml
index 38897ee5d1a4..8398f83ffb6d 100644
--- a/src/chrome/content/rules/ELENA-Verfahren.de.xml
+++ b/src/chrome/content/rules/ELENA-Verfahren.de.xml
@@ -1,6 +1,14 @@
-<ruleset name="ELENA">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://das-elena-verfahren.de/ => https://www.das-elena-verfahren.de/: (7, 'Failed to connect to www.das-elena-verfahren.de port 443: Connection refused')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://das-elena-verfahren.de/ => https://www.das-elena-verfahren.de/: (35, 'error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol')
+-->
+<ruleset name="ELENA" default_off="failed ruleset test">
  <target host="das-elena-verfahren.de"/>
- <target host="*.das-elena-verfahren.de"/>
+ <target host="www.das-elena-verfahren.de" />
 
- <rule from="^http://(www\.)?das-elena-verfahren\.de/" to="https://www.das-elena-verfahren.de/"/>
+ <rule from="^http://(?:www\.)?das-elena-verfahren\.de/" to="https://www.das-elena-verfahren.de/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/ELO_edge.com.xml b/src/chrome/content/rules/ELO_edge.com.xml
index edecb8b93dff..09cfce5e5d8c 100644
--- a/src/chrome/content/rules/ELO_edge.com.xml
+++ b/src/chrome/content/rules/ELO_edge.com.xml
@@ -1,4 +1,11 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://eloedge.com/ => https://eloedge.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.eloedge.com/ => https://www.eloedge.com/: (28, 'Connection timed out after 20002 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://eloedge.com/ => https://eloedge.com/: (51, "SSL: no alternative certificate subject name matches target host name 'eloedge.com'")
 	Mixed content:
 
 		- css, on ^ from:
@@ -13,16 +20,15 @@
 	* Secured by us
 
 -->
-<ruleset name="ELO edge.com (false MCB)" platform="mixedcontent">
+<ruleset name="ELO edge.com (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="eloedge.com" />
-	<target host="*.eloedge.com" />
+	<target host="www.eloedge.com" />
 
 
 	<securecookie host="^\.eloedge\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?eloedge\.com/"
-		to="https://$1eloedge.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/ELRepo.org.xml b/src/chrome/content/rules/ELRepo.org.xml
new file mode 100644
index 000000000000..424a6955632b
--- /dev/null
+++ b/src/chrome/content/rules/ELRepo.org.xml
@@ -0,0 +1,13 @@
+<ruleset name="ELRepo.org">
+
+	<target host="elrepo.org" />
+	<target host="www.elrepo.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ELTE.hu.xml b/src/chrome/content/rules/ELTE.hu.xml
index 97e286f60062..f0244f303961 100644
--- a/src/chrome/content/rules/ELTE.hu.xml
+++ b/src/chrome/content/rules/ELTE.hu.xml
@@ -51,14 +51,27 @@
 -->
 <ruleset name="ELTE.hu (partial)">
 
-	<target host="*.elte.hu" />
+	<target host="alumni.elte.hu" />
+	<target host="web.caesar.elte.hu" />
+	<target host="felveteli.elte.hu" />
+	<target host="iig.elte.hu" />
+	<target host="mars.elte.hu" />
+	<target host="minoseg.elte.hu" />
+	<target host="hallgato.neptun.elte.hu" />
+	<target host="pik.elte.hu" />
+	<target host="telefon.elte.hu" />
+	<target host="telefonkonyv.elte.hu" />
+	<target host="ugykezelo.elte.hu" />
+	<target host="webmail.elte.hu" />
+	<target host="www.elte.hu" />
+	<target host="caesar.elte.hu" />
+	<target host="www.caesar.elte.hu" />
+	<target host="webmail.caesar.elte.hu" />
 
 
 	<securecookie host="^(?:hallgato\.neptun|telefon|telefonkonyv|\.webmail)\.elte\.hu$" name=".+" />
 
 
-	<rule from="^http://(alumni|web\.caesar|felveteli|iig|mars|minoseg|hallgato\.neptun|pik|telefon|telefonkonyv|ugykezelo|webmail|www)\.elte\.hu/"
-		to="https://$1.elte.hu/" />
 
 	<rule from="^http://(?:www\.)?caesar\.elte\.hu/"
 		to="https://www.caesar.elte.hu/" />
@@ -68,4 +81,5 @@
 	<rule from="^http://webmail\.caesar\.elte\.hu/"
 		to="https://webmail.elte.hu/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/ELY-keskus.fi.xml b/src/chrome/content/rules/ELY-keskus.fi.xml
new file mode 100644
index 000000000000..2d252386f38c
--- /dev/null
+++ b/src/chrome/content/rules/ELY-keskus.fi.xml
@@ -0,0 +1,11 @@
+<ruleset name="ELY-keskus.fi">
+	<target host="ely-keskus.fi" />
+	<target host="www.ely-keskus.fi" />
+	<target host="janet.ely-keskus.fi" />
+	<target host="www.janet.ely-keskus.fi" />
+	<target host="testioag.ely-keskus.fi" />
+	<target host="turvaposti.ely-keskus.fi" />
+	<target host="turvaviesti.ely-keskus.fi" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ELabor.xml b/src/chrome/content/rules/ELabor.xml
index 7c00c75319aa..ddd0bda701af 100644
--- a/src/chrome/content/rules/ELabor.xml
+++ b/src/chrome/content/rules/ELabor.xml
@@ -15,7 +15,6 @@
 	<securecookie host="^workforceportal\.elabor\.com$" name=".+" />
 
 
-	<rule from="^http://workforceportal\.elabor\.com/"
-		to="https://workforceportal.elabor.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ELatinos.com.xml b/src/chrome/content/rules/ELatinos.com.xml
new file mode 100644
index 000000000000..0458ce46ff6c
--- /dev/null
+++ b/src/chrome/content/rules/ELatinos.com.xml
@@ -0,0 +1,31 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://elatinos.com/ => https://elatinos.com/: (6, 'Could not resolve host: elatinos.com')
+Fetch error: http://www.elatinos.com/ => https://www.elatinos.com/: (6, 'Could not resolve host: www.elatinos.com')
+
+	Mixed content:
+
+		- css from fonts.googleapis.com *
+
+		- Images from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="eLatinos.com" default_off="failed ruleset test">
+
+	<target host="elatinos.com" />
+	<target host="www.elatinos.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.elatinos\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^(?:www)?\.elatinos\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ELearnSecurity.com.xml b/src/chrome/content/rules/ELearnSecurity.com.xml
index d6d90244faf9..17d1a4e33d1a 100644
--- a/src/chrome/content/rules/ELearnSecurity.com.xml
+++ b/src/chrome/content/rules/ELearnSecurity.com.xml
@@ -1,18 +1,23 @@
 <!--
-	Nonfunctional subdomains:
+	Non-functional hosts
+		Timeout was reached:
+			 - ns1.elearnsecurity.com
 
-		- (www.)	(redirects to $, valid cert)
+		SSL peer certificate was not OK:
+			 - ns.elearnsecurity.com
 
+		4xx client error:
+			 - try.elearnsecurity.com
 -->
-<ruleset name="eLearnSecurity.com (partial)">
+<ruleset name="eLearnSecurity.com">
+	<target host="elearnsecurity.com" />
+	<target host="www.elearnsecurity.com" />
+	<target host="blog.elearnsecurity.com" />
+	<target host="community.elearnsecurity.com" />
+	<target host="members.elearnsecurity.com" />
+	<target host="supervisor.elearnsecurity.com" />
 
-	<target host="*.elearnsecurity.com" />
-
-
-	<securecookie host="^members\.elearnsecurity\.com$" name=".+" />
-
-
-	<rule from="^http://(blog|members)\.elearnsecurity\.com/"
-		to="https://$1.elearnsecurity.com/" />
+	<securecookie host=".+" name=".+" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/EMC.xml b/src/chrome/content/rules/EMC.xml
index e40452f998d7..4e643fc3ff9d 100644
--- a/src/chrome/content/rules/EMC.xml
+++ b/src/chrome/content/rules/EMC.xml
@@ -28,7 +28,7 @@
 
 	Partially covered subdomains:
 
-		- (www.)		(^ → www, some pages redirect to http)
+		- (www.)		(^ → www)
 
 
 	Fully covered subdomains:
@@ -42,6 +42,26 @@
 		- powerlink
 		- sso
 
+
+	Mixed content:
+
+		- Scripts, on www from:
+
+			- admin.brightcove.com *
+			- ajax.googleapis.com *
+
+		- Images, on www from:
+
+			- www *
+			- pbs.twimg.com *
+
+		- Web bugs, on www from:
+
+			- s7.addthis.com *
+			- img-cdn.mediaplex.com *
+
+	* Secured by us
+
 -->
 <ruleset name="EMC (partial)">
 
@@ -70,4 +90,4 @@
 	<rule from="^http://emc\.force\.com/"
 		to="https://emc.secure.force.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/EMS.xml b/src/chrome/content/rules/EMS.xml
new file mode 100644
index 000000000000..7165b46e9f36
--- /dev/null
+++ b/src/chrome/content/rules/EMS.xml
@@ -0,0 +1,37 @@
+<!--
+For other Gruner+Jahr rules look at GuJ.de.xml
+
+	Invalid certificate:
+		- emsmobile.de
+		- www.emsmobile.de
+		- adquality.emsmobile.de
+		- adstxt.emsmobile.de
+		- aqt.emsmobile.de
+		- box.emsmobile.de
+		- ctrck.emsmobile.de
+		- data.emsmobile.de
+		- data1.emsmobile.de
+		- robot.emsmobile.de
+		- ssl.emsmobile.de
+		- stats.emsmobile.de
+		- tracker.emsmobile.de
+		- weather.emsmobile.de
+
+	Timeout:
+		- stage.static.emsservice.de
+-->
+<ruleset name="EMS Native Advertising">
+
+	<target host="adctrl.emsmobile.de" />
+	<target host="hello.emsmobile.de" />
+	<target host="native.emsservice.de" />
+	<target host="static.emsservice.de" />
+	<target host="dev-dss.static.emsservice.de" />
+	<target host="tracking.emsmobile.de" />
+	<target host="traffic.emsservice.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"	to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ENS.fr.xml b/src/chrome/content/rules/ENS.fr.xml
new file mode 100644
index 000000000000..152480045412
--- /dev/null
+++ b/src/chrome/content/rules/ENS.fr.xml
@@ -0,0 +1,200 @@
+<!--
+	Nonfunctional hosts in *ens.fr:
+
+		- adres ¹
+		- annuaireweb ¹
+		- antiquite.ens ¹
+		- apres-janvier2015 ²
+		- astreea ⁶
+		- www.archicubes ¹
+		- www.archeo ¹
+		- www.archeologiesenchantier ¹
+		- ardoise ²
+		- audition ¹
+		- (www.)?barthes ²
+		- www.bib ²
+		- (www.)?genomique.biologie ⁶
+		- www.bourbaki ²
+		- culturesciences.chimie ²
+		- www.chaires-blaise-pascal ¹
+		- www.chimie ¹
+		- cirphles ¹
+		- www.cirphles ¹
+		- www.cmh ¹
+		- www.cognition ²
+		- culturemath ²
+		- www.dhta ²
+
+		- bliss.di ³
+		- brian.di ³
+		- diplome.di ³
+
+		- www.economie ²
+		- www.environnement ¹
+		- federation ¹
+		- www.foljuif ¹
+		- www.geographie ¹
+		- gershwin ⁴
+		- www.histoire ¹
+		- www.intranet ²
+		- www.jourdan ³
+		- www.lila ¹
+		- www.lkb ⁵
+		- www.lmd ³
+		- www.lps ²
+		- lumiere ³
+		- www.philosophie ¹
+		- www.presses ¹
+		- piketty.pse ²
+		- www.risc ⁴
+		- (www.)?savoirs ²
+		- savoirsenmultimedia ²
+		- www.sciences-sociales ²
+		- www.ssi ²
+		- stats-web ¹
+		- www.turbulence ¹
+		- www.tuteurs ³
+		- wavelets ⁴
+		- www1 ¹
+
+	¹ Refused
+	² Dropped
+	³ Shows another domain
+	⁴ Shows default page
+	⁵ Plaintext reply
+	⁶ Broken certificate chain
+
+
+	Problematic hosts in *ens.fr:
+
+		- astro ¹
+		- dg ¹
+		- www.dma ²
+		- ecocampus ²
+		- www.phys ³
+		- (www.)?transcriptome ²
+		- www.nuit ²
+
+	¹ Untrusted root
+	² Mismatched
+	³ Self-signed
+
+
+	^ens.fr doesn't exist.
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- astro.ens.fr
+		- www.biologie.ens.fr
+		- www.cof.ens.fr
+		- crypto.di.ens.fr
+		- cryptobib.di.ens.fr
+		- halley.ens.fr
+		- .halley.ens.fr
+		- .mail.jourdan.ens.fr
+		- .mail.lumiere.ens.fr
+		- www-mail.magbio.ens.fr
+		- www.gdr-meso.phys.ens.fr
+		- mailgate.phys.ens.fr
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- www.astreea from www.agence-nationale-recherche.fr
+			- www.astreea from www.di.ens.fr *
+			- www.astreea from fonts.googleapis.com *
+			- www.cof from $self *
+			- www.cof from www.louvre.fr
+			- www.math from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="ENS.fr (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<!--target host="astro.ens.fr" /-->
+
+	<target host="www.ens.fr" />
+
+	<target host="www.biologie.ens.fr" />
+	<target host="www.actarus.biologie.ens.fr" />
+	<target host="cloud.biologie.ens.fr" />
+	<target host="www-mail.biologie.ens.fr" />
+	<target host="zebrain.biologie.ens.fr" />
+	<target host="www.zebrain.biologie.ens.fr" />
+
+	<target host="challengedata.ens.fr" />
+	<target host="www.cof.ens.fr" />
+
+	<target host="crypto.di.ens.fr" />
+	<target host="cryptobib.di.ens.fr" />
+	<target host="www.di.ens.fr" />
+	<target host="dematec.ens.fr" />
+	<target host="www.dg.ens.fr" />
+	<target host="www.documents.ens.fr" />
+	<target host="ecocampus.ens.fr" />
+	<target host="www.ecocampus.ens.fr" />
+	<target host="git.eleves.ens.fr" />
+	<target host="www.eleves.ens.fr" />
+	<target host="hack.ens.fr" />
+	<target host="halley.ens.fr" />
+
+		<!-- Used to access papers via google scholar. Causes SSL_ERROR_RX_RECORD_TOO_LONG -->
+		<exclusion pattern="^http://halley\.ens\.fr:4550/" />
+			<test url="http://halley.ens.fr:4550/robots.txt" />
+
+	<target host="www.ibens.ens.fr" />
+	<target host="mail.jourdan.ens.fr" />
+	<target host="lists.ens.fr" />
+	<target host="mail.lumiere.ens.fr" />
+	<target host="www-mail.magbio.ens.fr" />
+	<target host="www.mail.ens.fr" />
+	<target host="www.math.ens.fr" />
+	<target host="www.gdr-meso.phys.ens.fr" />
+	<target host="mailgate.phys.ens.fr" />
+	<!--target host="www.phys.ens.fr" /-->
+	<target host="www.spi.ens.fr" />
+	<target host="sso.ens.fr" />
+	<!--target host="transcriptome.ens.fr" /-->
+	<!--target host="www.transcriptome.ens.fr" /-->
+
+	<!--	Complications:
+				-->
+	<target host="dg.ens.fr" />
+	<target host="www.dma.ens.fr" />
+
+		<!--	Mixed images:
+					-->
+		<test url="http://www.cof.ens.fr/bda/" />
+		<test url="http://www.math.ens.fr/bibliotheque/index.html" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^astro\.ens\.fr$" name="^cms-usr$" /-->
+	<!--securecookie host="^www-mail\.(?:biologie|magbio)\.ens\.fr$" name="^SQMSESSID$" /-->
+	<!--securecookie host="^www\.cof\.ens\.fr$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^crypto(?:bib)?\.ens\.fr$" name="^session_id_\w+$" /-->
+	<!--securecookie host="^halley\.ens\.fr$" name="^(?:III_SESSION_ID|SESSION_SCOPE)$" /-->
+	<!--securecookie host="^\.halley\.ens\.fr$" name="^(?:III_EXPT_FILE|SESSION_LANGUAGE)$" /-->
+	<!--securecookie host="^\.mail\.(?:jourdan|lumiere)\.ens\.fr$" name="^(?:Horde2|imp_key)$" /-->
+	<!--securecookie host="^www\.gdr-meso\.phys\.ens\.fr$" name="^CMSSESSID[\da-f]+$" /-->
+
+	<securecookie host="^(?:www-mail\.(?:biologie|magbio)|www\.cof|crypto(?:bib)?|\.?halley|\.mail\.(?:jourdan|lumiere)|www\.gdr-meso\.phys)\.ens\.fr$" name=".+" />
+
+
+	<rule from="^http://dg\.ens\.fr/"
+		to="https://www.dg.ens.fr/" />
+
+	<rule from="^http://www\.dma\.ens\.fr/"
+		to="https://www.math.ens.fr/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ENTP-clients.xml b/src/chrome/content/rules/ENTP-clients.xml
index 037305f9502f..6949e2bffd35 100644
--- a/src/chrome/content/rules/ENTP-clients.xml
+++ b/src/chrome/content/rules/ENTP-clients.xml
@@ -3,49 +3,25 @@
 	have no other rules off by default.
 
 -->
-<ruleset name="ENTP clients" default_off="mismatch">
+<ruleset name="ENTP clients" default_off="mismatched">
 
 	<!--	Cert: *.tenderapp.com	-->
 	<target host="support.arpnetworks.com" />
 		<!--	Handled in ARPNetworks.com.xml.	-->
-		<exclusion pattern="^http://support\.arpnetworks\.com/(help|pkg|stylesheets)/" />
+		<exclusion pattern="^http://support\.arpnetworks\.com/(?:help|pkg|stylesheets)/" />
 	<target host="help.flavors.me" />
 		<!--	Handled in Flavors.me.xml.	-->
-		<exclusion pattern="^http://help\.flavors\.me/(help|pkg|stylesheets)/" />
+		<exclusion pattern="^http://help\.flavors\.me/(?:help|pkg|stylesheets)/" />
 	<target host="help.goodsie.com" />
 		<!--	Handled in Goodsie.xml.		-->
-		<exclusion pattern="^http://help\.goodsie\.com/(help|pkg|stylesheets)/" />
-	<target host="support.optimizely.com" />
-		<!--	Handled in Optimizely.xml.	-->
-		<exclusion pattern="^http://support\.optimizely\.com/(help|pkg|stylesheets)/" />
-	<target host="support.preyproject.com" />
-		<!--
-			Handled in Prey.xml.
-						-->
-		<exclusion pattern="^http://support\.preyproject\.com/(?:help|pkg|stylesheets)/" />
+		<exclusion pattern="^http://help\.goodsie\.com/(?:help|pkg|stylesheets)/" />
 
 
 	<!--	support.arpnetworks cookies are handled in ARPNetworks.com.xml.	-->
-	<securecookie host="^help\.flavors\.me$" name=".*" />
-	<securecookie host="^help\.goodsie\.com$" name=".*" />
-	<!--	support.optimizely.com cookies are handled in Optimizely.xml.	-->
+	<securecookie host="^help\.flavors\.me$" name=".+" />
+	<securecookie host="^help\.goodsie\.com$" name=".+" />
 
 
-	<rule from="^http://support\.arpnetworks\.com/"
-		to="https://support.arpnetworks.com/" />
-
-	<rule from="^http://help\.flavors\.me/"
-		to="https://help.flavors.me/" />
-
-	<rule from="^http://help\.goodsie\.com/"
-		to="https://help.goodsie.com/" />
-
-	<rule from="^http://support\.optimizely\.com/"
-		to="https://support.optimizely.com/" />
-
-	<!--	Cookies are handled in Prey.xml.
-						-->
-	<rule from="^http://support\.preyproject\.com/"
-		to="https://support.preyproject.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/ENTP-mismatches.xml b/src/chrome/content/rules/ENTP-mismatches.xml
deleted file mode 100644
index 24f9bc815aa6..000000000000
--- a/src/chrome/content/rules/ENTP-mismatches.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<!--	See ENTP.xml also
--->
-<ruleset name="ENTP (mismatches)" default_off="Certificate mismatch">
-
-	<target host="help.lighthouseapp.com" />
-
-	<securecookie host="^help\.lighthouseapp\.com$" name=".*"/>
-
-	<rule from="^http://help\.lighthouseapp\.com/"
-		to="https://help.lighthouseapp.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/ENTP.xml b/src/chrome/content/rules/ENTP.xml
index 10aa7d245061..68d39e3f1099 100644
--- a/src/chrome/content/rules/ENTP.xml
+++ b/src/chrome/content/rules/ENTP.xml
@@ -1,35 +1,45 @@
-<!--	See ENTP-mismatches.xml also
+<!--
+	Other ENTP rulesets:
+
+		- Lighthouse_app.com.xml
+
+
+	CDN buckets:
+
+		- maxcdn.bootstrapcdn.com
+		- d1gqiycb7x9t7x.cloudfront.ne
+
+
+	Insecure cookies are set for these domains:
+
+		- help.tenderapp.com
 
-	d1ros97qkrwjf5.cloudfront.net
-	s3.amazonaws.com/entp-lh-avatar-production/
 -->
-<ruleset name="ENTP (partial)">
+<ruleset name="Tender Support">
 
-	<target host="lighthouseapp.com" />
-	<target host="*.lighthouseapp.com" />
-		<!--	handled in mismatches ruleset	-->
-		<exclusion pattern="^http://help\.lighthouseapp\."/>
 	<target host="tenderapp.com" />
-	<target host="asset-0.tenderapp.com" />
-	<target host="asset-1.tenderapp.com" />
-	<target host="asset-2.tenderapp.com" />
-	<target host="help.tenderapp.com" />
-	<target host="setup.tenderapp.com" />
-	<target host="www.tenderapp.com" />
-		<exclusion pattern="^http://(www\.)?tenderapp\.com/$" />
-
+	<target host="*.tenderapp.com" />
 
-	<securecookie host="^(.*\.)?tenderapp\.com$" name=".*"/>
+		<test url="http://gpgtools.tenderapp.com/" />
+		<test url="http://anki.tenderapp.com/" />
+		<test url="http://airmail.tenderapp.com/" />
+		<test url="http://scrivener.tenderapp.com/" />
+		<test url="http://barilliance.tenderapp.com/" />
+		<test url="http://honestgreen.tenderapp.com/" />
+		<test url="http://drew.tenderapp.com/" />
+		<test url="http://fitocracy.tenderapp.com/" />
+		<test url="http://crystalcommerce.tenderapp.com/" />
+		<test url="http://www.tenderapp.com/" />
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^help\.tenderapp\.com$" name="^(_tender_session|anon_token)$" /-->
 
-	<rule from="^http://(my\.|www\.)?lighthouseapp\.com/"
-		to="https://$1lighthouseapp.com/"/>
+	<!--securecookie host="^(?:.*\.)?tenderapp\.com$" name=".+" /-->
+	<securecookie host=".*\.tenderapp\.com$" name=".+" />
 
-	<!--	clients have unique subdomains.  Pages redirect to http.	-->
-	<rule from="^http://([\w\-]+)\.lighthouseapp\.com/(images/|login|pkg/|stylesheets/|users/new)"
-		to="https://$1.lighthouseapp.com/$2"/>
 
-	<rule from="^http://([\w\-]+\.)?tenderapp\.com/"
-		to="https://$1tenderapp.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/ENomCentral.xml b/src/chrome/content/rules/ENomCentral.xml
index 76d336bb8490..34e9346227cd 100644
--- a/src/chrome/content/rules/ENomCentral.xml
+++ b/src/chrome/content/rules/ENomCentral.xml
@@ -1,18 +1,11 @@
 <!--
 	For other Demand Media coverage, see Demand-Media.xml.
-
-
-	- !www: cert only matches www
-	- Some pages redirect to http
-
 -->
 <ruleset name="eNomCentral (partial)">
 
 	<target host="enomcentral.com" />
 	<target host="www.enomcentral.com" />
 
+	<rule from="^http:" to="https:" />
 
-	<rule from="^http://(?:www\.)?enomcentral\.com/(captchautil/|css/|_?images/|js/|login\.aspx|myaccount(?:$|\?|/)|(?:Script|Web)Resource\.axd|verisign-seal\.htm)"
-		to="https://www.enomcentral.com/$1" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/EOFT.xml b/src/chrome/content/rules/EOFT.xml
new file mode 100644
index 000000000000..cd25e013a6c0
--- /dev/null
+++ b/src/chrome/content/rules/EOFT.xml
@@ -0,0 +1,6 @@
+<ruleset name="EOFT">
+    <target host="eoft.eu" />
+    <target host="www.eoft.eu" />
+
+    <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/EOL.org.xml b/src/chrome/content/rules/EOL.org.xml
new file mode 100644
index 000000000000..8c8774196ec7
--- /dev/null
+++ b/src/chrome/content/rules/EOL.org.xml
@@ -0,0 +1,23 @@
+<!--
+	Invalid certificate:
+		blog.eol.org
+
+	Refused:
+		cephbase.eol.org
+		discuss.eol.org
+		eduction.eol.org
+
+-->
+<ruleset name="Encyclopedia of Life" platform="mixedcontent">
+
+	<target host="eol.org" />
+	<target host="www.eol.org" />
+	<target host="api.eol.org" />
+	<target host="editors.eol.org"/>
+	<target host="media.eol.org" />
+		<test url="http://media.eol.org/content/2014/09/20/09/18370_260_190.jpg" />
+	<target host="opendata.eol.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/EOReality.net.xml b/src/chrome/content/rules/EOReality.net.xml
index 83f75e4d7215..4648cd59b31a 100644
--- a/src/chrome/content/rules/EOReality.net.xml
+++ b/src/chrome/content/rules/EOReality.net.xml
@@ -15,7 +15,6 @@
 	<securecookie host="^billing\.eoreality\.net$" name=".+" />
 
 
-	<rule from="^http://billing\.eoreality\.net/"
-		to="https://billing.eoreality.net/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/EOS.org.xml b/src/chrome/content/rules/EOS.org.xml
new file mode 100644
index 000000000000..36374512c076
--- /dev/null
+++ b/src/chrome/content/rules/EOS.org.xml
@@ -0,0 +1,10 @@
+<ruleset name="EOS.org">
+	<target host="eos.org" />
+	<target host="www.eos.org" />
+	<target host="static.eos.org" />
+		<test url="http://static.eos.org/80126A6/osm/2016/wp-content/uploads/sites/2/2015/10/OceanScience2016_FundingOpportunities.pdf" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/EPA.gov-mixedcontent.xml b/src/chrome/content/rules/EPA.gov-mixedcontent.xml
new file mode 100644
index 000000000000..ff5d21c04e25
--- /dev/null
+++ b/src/chrome/content/rules/EPA.gov-mixedcontent.xml
@@ -0,0 +1,19 @@
+<!--
+	For rules not causing MCB, see EPA.gov.xml.
+
+-->
+<ruleset name="EPA.gov (MCB)" platform="mixedcontent">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="developer.epa.gov" />
+	<target host="watersgeo.epa.gov" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/EPA.gov.xml b/src/chrome/content/rules/EPA.gov.xml
new file mode 100644
index 000000000000..0cb37be6d171
--- /dev/null
+++ b/src/chrome/content/rules/EPA.gov.xml
@@ -0,0 +1,58 @@
+<!--
+	For rules causing MCB, see EPA.gov-mixedcontent.xml.
+
+
+
+	Nonfunctional hosts in *epa.gov:
+
+		- water *
+
+	* Dropped
+
+
+	Problematic hosts in *epa.gov:
+
+		- cfpub ¹
+		- developer ²
+		- espanol ³
+		- watersgeo ²
+		- www ³
+
+	¹ Server sends no certificate chain, see https://whatsmychaincert.com
+	² Mixed css
+	³ Akamai/mismatched
+
+
+	Mixed content:
+
+		- css, on:
+
+			- developer, espanol from $self
+			- developer from www.epa.gov
+			- developer from www2.epa.gov
+			- watersgeo from code.jquery.com
+
+		- Images, on:
+
+			- blog, espanol from $self
+			- developer from www.epa.gov
+			- developer from www2.epa.gov
+
+-->
+<ruleset name="EPA.gov (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="blog.epa.gov" />
+	<!--target host="cfpub.epa.gov" /-->
+	<!--target host="developer.epa.gov" /-->
+	<!--target host="watersgeo.epa.gov" /-->
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/EPAG.de.xml b/src/chrome/content/rules/EPAG.de.xml
new file mode 100644
index 000000000000..13af42200fbb
--- /dev/null
+++ b/src/chrome/content/rules/EPAG.de.xml
@@ -0,0 +1,11 @@
+<ruleset name="EPAG.de">
+	<target host="epag.de" />
+	<target host="www.epag.de" />
+	<target host="api.epag.de" />
+	<target host="data-use.epag.de" />
+	<target host="staging2.epag.de" />
+	<target host="www.staging2.epag.de" />
+	<target host="support.epag.de" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/EPB.xml b/src/chrome/content/rules/EPB.xml
index 7cf81e5db8e6..98dccd5a9257 100644
--- a/src/chrome/content/rules/EPB.xml
+++ b/src/chrome/content/rules/EPB.xml
@@ -1,18 +1,18 @@
 <ruleset name="EPB">
 
 	<target host="epb.net" />
-	<target host="*.epb.net" />
+	<target host="livehelp.epb.net" />
+	<target host="www.epb.net" />
 	<target host="epbfi.com" />
-	<target host="*.epbfi.com" />
+	<target host="mail.epbfi.com" />
+	<target host="livehelp.epbfi.com" />
+	<target host="phone.epbfi.com" />
+	<target host="www.epbfi.com" />
 
 
-	<securecookie host="^(?:.*\.)?epb(\.net|fi\.com)$" name=".*" />
+	<securecookie host=".+" name=".+"/>
 
 
-	<rule from="^http://(livehelp\.|www\.)?epb\.net/"
-		to="https://$1epb.net/" />
-
-	<rule from="^http://((?:mail|livehelp|phone|www)\.)?epbfi\.com/"
-		to="https://$1epbfi.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/EPEAT.xml b/src/chrome/content/rules/EPEAT.xml
deleted file mode 100644
index 20fcb59895bf..000000000000
--- a/src/chrome/content/rules/EPEAT.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="EPEAT (partial)">
-
-	<target host="ww2.epeat.net" />
-
-
-	<rule from="^http://ww2\.epeat\.com/"
-		to="https://ww2.epeat.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/EPFL.xml b/src/chrome/content/rules/EPFL.xml
index e56f85332b5b..fb9a39f3ff1d 100644
--- a/src/chrome/content/rules/EPFL.xml
+++ b/src/chrome/content/rules/EPFL.xml
@@ -1,13 +1,15 @@
 <!--
 	Nonfunctional subdomains:
 
-		- actu *
-		- actualites **
-		- mediatheque **
-		- personnes *
+		- actu ¹
+		- actualites ²
+		- hpc-dit ³
+		- mediatheque ²
+		- personnes ¹
 
-	* Times out
-	** Shows inform; mismatched, CN: inform.epfl.ch
+	¹ Times out
+	² Shows inform; mismatched, CN: inform.epfl.ch
+	³ Refused
 
 
 	Problematic subdomains:
@@ -23,6 +25,7 @@
 		- help-actu *
 		- inform-doc *
 		- kis *
+		- lacal *
 		- medias *
 		- phd *
 		- recherche *
@@ -48,13 +51,15 @@
 <ruleset name="EPFL (partial)">
 
 	<target host="epfl.ch" />
-	<target host="*.epfl.ch" />
+	<target host="inform.epfl.ch" />
+	<target host="jahia-prod.epfl.ch" />
+	<target host="winauth.epfl.ch" />
+	<target host="www.epfl.ch" />
 
 
 	<securecookie host="^(?:inform|jahia-prod)\.epfl\.ch$" name=".+" />
 
 
-	<rule from="^http://((?:inform|jahia-prod|winauth|www)\.)?epfl\.ch/"
-		to="https://$1epfl.ch/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/EPIC.xml b/src/chrome/content/rules/EPIC.xml
index 9b6fa37a12a4..5e9ee11bdb04 100644
--- a/src/chrome/content/rules/EPIC.xml
+++ b/src/chrome/content/rules/EPIC.xml
@@ -2,5 +2,5 @@
 	<target host="epic.org" />
 	<target host="www.epic.org" />
 
-	<rule from="^http://(www\.)?epic\.org/" to="https://$1epic.org/" />
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/EPay.bg.xml b/src/chrome/content/rules/EPay.bg.xml
deleted file mode 100644
index f3a9b629e45a..000000000000
--- a/src/chrome/content/rules/EPay.bg.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="ePay.bg">
-  <target host="epay.bg" />
-  <target host="www.epay.bg" />
-
-  <rule from="^http://(www\.)?epay\.bg/" to="https://www.epay.bg/" />
-</ruleset>
diff --git a/src/chrome/content/rules/EPly.com.xml b/src/chrome/content/rules/EPly.com.xml
new file mode 100644
index 000000000000..936407a6b24f
--- /dev/null
+++ b/src/chrome/content/rules/EPly.com.xml
@@ -0,0 +1,17 @@
+<!--
+	Fully covered subdomains:
+
+		- (www.)?
+		- api
+
+-->
+<ruleset name="ePly.com">
+
+	<target host="eply.com" />
+	<target host="api.eply.com" />
+	<target host="www.eply.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/EPrize.xml b/src/chrome/content/rules/EPrize.xml
index 411b3c8e40cc..8a220c573732 100644
--- a/src/chrome/content/rules/EPrize.xml
+++ b/src/chrome/content/rules/EPrize.xml
@@ -1,4 +1,18 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://eprize.com/ => https://www.eprize.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.eprize.com'")
+Fetch error: http://eprize.net/ => https://www.eprize.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.eprize.com'")
+Fetch error: http://www.eprize.net/ => https://www.eprize.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.eprize.com'")
+
+-->
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://eprize.com/ => https://www.eprize.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.eprize.com'")
+Fetch error: http://eprize.net/ => https://www.eprize.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.eprize.com'")
+Fetch error: http://www.eprize.net/ => https://www.eprize.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.eprize.com'")
+
 	Problematic domains:
 
 		- eprize.com *
@@ -7,10 +21,15 @@
 	* Cert only matches *.eprize.com
 
 -->
-<ruleset name="ePrize">
+<ruleset name="ePrize" default_off="failed ruleset test">
 
 	<target host="eprize.com" />
-	<target host="*.eprize.com" />
+	<target host="www.eprize.com" />
+	<target host="results.eprize.com" />
+	<target host="rps01.eprize.com" />
+	<target host="socialize.eprize.com" />
+	<target host="winlist.eprize.com" />
+	<target host="winlists.eprize.com" />
 	<target host="eprize.net" />
 	<target host="www.eprize.net" />
 
@@ -18,10 +37,9 @@
 	<securecookie host="^(?:rps01|socialize)\.eprize\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?eprize\.(?:com|net)/"
+	<rule from="^http://(?:www\.)?eprize\.(?:com|net)/"
 		to="https://www.eprize.com/" />
 
-	<rule from="^http://(results|rps01|socialize|winlists?)\.eprize\.com/"
-		to="https://$1.eprize.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/EQBank.ca.xml b/src/chrome/content/rules/EQBank.ca.xml
new file mode 100644
index 000000000000..999ac77c6b49
--- /dev/null
+++ b/src/chrome/content/rules/EQBank.ca.xml
@@ -0,0 +1,24 @@
+<!--
+	Chain issue, missing intermediate:
+		- mcc.eqbank.ca
+		- scc.eqbank.ca
+
+	Invalid certificate:
+		- www.edaa.eqbank.ca
+		- click.email.eqbank.ca
+		- image.email.eqbank.ca
+		- view.email.eqbank.ca
+-->
+
+<ruleset name="EQBank.ca">
+	<target host="eqbank.ca" />
+	<target host="www.eqbank.ca" />
+	<target host="alpha.eqbank.ca" />
+	<target host="beta.eqbank.ca" />
+	<target host="edaa.eqbank.ca" />
+	<target host="sec.eqbank.ca" />
+	<target host="staging.sec.eqbank.ca" />
+	<target host="staging.eqbank.ca" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/EQualit.ie.xml b/src/chrome/content/rules/EQualit.ie.xml
index 9210b8d56708..1243f138cda9 100644
--- a/src/chrome/content/rules/EQualit.ie.xml
+++ b/src/chrome/content/rules/EQualit.ie.xml
@@ -1,10 +1,17 @@
 <ruleset name="eQualit.ie">
 
 	<target host="equalit.ie" />
+	<target host="learn.equalit.ie" />
 	<target host="www.equalit.ie" />
 
 
-	<rule from="^http://(www\.)?equalit\.ie/"
-		to="https://$1equalit.ie/" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?equalit\.ie$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^(?:www\.)?equalit\.ie$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/EQuranClass.com.xml b/src/chrome/content/rules/EQuranClass.com.xml
new file mode 100644
index 000000000000..7406c5d70936
--- /dev/null
+++ b/src/chrome/content/rules/EQuranClass.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="eQuranClass.com">
+	<target host="equranclass.com" />
+	<target host="www.equranclass.com" />
+
+	<exclusion pattern="^http://www\.equranclass\.com/elearning/registration/" />
+		<test url="http://www.equranclass.com/elearning/registration/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ERA.int.xml b/src/chrome/content/rules/ERA.int.xml
new file mode 100644
index 000000000000..0b4ae484ae40
--- /dev/null
+++ b/src/chrome/content/rules/ERA.int.xml
@@ -0,0 +1,13 @@
+<!--
+	^: cert only matches www
+
+-->
+<ruleset name="ERA.int">
+
+	<target host="era.int" />
+	<target host="www.era.int" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ERC.edu.xml b/src/chrome/content/rules/ERC.edu.xml
new file mode 100644
index 000000000000..4a8332c9e18f
--- /dev/null
+++ b/src/chrome/content/rules/ERC.edu.xml
@@ -0,0 +1,33 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://courses.erc.edu/ => https://courses.erc.edu/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://faq.erc.edu/ => https://faq.erc.edu/: (28, 'Connection timed out after 20001 milliseconds')
+
+	Insecure cookies are set for these hosts:
+
+		- courses.erc.edu
+
+-->
+<ruleset name="ERC.edu" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="erc.edu" />
+	<target host="congress2015.erc.edu" />
+	<target host="courses.erc.edu" />
+	<target host="faq.erc.edu" />
+	<target host="www.erc.edu" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^courses\.erc\.edu$" name="^(?:cookie_id|language_cookie)$" /-->
+
+	<securecookie host="^courses\.erc\.edu$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ERNW.de.xml b/src/chrome/content/rules/ERNW.de.xml
new file mode 100644
index 000000000000..c547110514d3
--- /dev/null
+++ b/src/chrome/content/rules/ERNW.de.xml
@@ -0,0 +1,19 @@
+<!--
+	Other ERNW rulesets:
+
+		- Troopers.de.xml
+
+
+	^: dropped
+
+-->
+<ruleset name="ERNW.de">
+
+	<target host="ernw.de" />
+	<target host="www.ernw.de" />
+
+
+	<rule from="^http://(?:www\.)?ernw\.de/"
+		to="https://www.ernw.de/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ESB.ie.xml b/src/chrome/content/rules/ESB.ie.xml
index 25353f4f144f..d7717f0a30ee 100644
--- a/src/chrome/content/rules/ESB.ie.xml
+++ b/src/chrome/content/rules/ESB.ie.xml
@@ -1,4 +1,11 @@
-<ruleset name="ESB.ie">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.esbie.ie/ => https://www.esbie.ie/: (35, 'Unknown SSL protocol error in connection to www.esbie.ie:443 ')
+Fetch error: http://esbie.ie/ => https://esbie.ie/: (35, 'Unknown SSL protocol error in connection to esbie.ie:443 ')
+
+-->
+<ruleset name="ESB.ie" default_off="failed ruleset test">
   <target host="www.esb.ie" />
   <target host="esb.ie" />
   <target host="www.esbie.ie" />
diff --git a/src/chrome/content/rules/ESEA.net.xml b/src/chrome/content/rules/ESEA.net.xml
new file mode 100644
index 000000000000..3bb4ea110cf8
--- /dev/null
+++ b/src/chrome/content/rules/ESEA.net.xml
@@ -0,0 +1,22 @@
+<!--
+	Invalid certificate:
+		- status.esea.net
+
+	Redirects:
+		- esea.net → play.esea.net
+		- news.esea.net → play.esea.net
+-->
+<ruleset name="ESEA.net">
+	<target host="esea.net" />
+	<target host="www.esea.net" />
+	<target host="fragshack.esea.net" />
+	<target host="mdl.esea.net" />
+	<target host="news.esea.net" />
+	<target host="play.esea.net" />
+	<target host="static.esea.net" />
+		<test url="http://static.esea.net/global/configs/game.cs/265269.1487898859.cfg" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ESET.at.xml b/src/chrome/content/rules/ESET.at.xml
new file mode 100644
index 000000000000..f84df3770920
--- /dev/null
+++ b/src/chrome/content/rules/ESET.at.xml
@@ -0,0 +1,19 @@
+<!--
+	 For other ESET coverage, see Eset.xml.
+
+
+	(www.)?eset.at: Cert only matches www.sicontact.at
+
+-->
+<ruleset name="ESET.at">
+
+	<!--	Complications:
+				-->
+	<target host="eset.at" />
+	<target host="www.eset.at" />
+
+
+	<rule from="^http://(?:www\.)?eset\.at/"
+		to="https://www.sicontact.at/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ESET.co.uk.xml b/src/chrome/content/rules/ESET.co.uk.xml
new file mode 100644
index 000000000000..dc68144573fa
--- /dev/null
+++ b/src/chrome/content/rules/ESET.co.uk.xml
@@ -0,0 +1,32 @@
+<!--
+	For other ESET coverage, see Eset.xml.
+
+
+	(www.)?eset.co.uk: Dropped
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- shop.eset.co.uk
+		- .shop.eset.co.uk
+
+-->
+<ruleset name="ESET.co.uk (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="shop.eset.co.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^shop\.eset\.co\.uk$" name="^Session$" /-->
+	<!--securecookie host="^\.shop\.eset\.co\.uk$" name="^Affinity$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ESET.de.xml b/src/chrome/content/rules/ESET.de.xml
new file mode 100644
index 000000000000..1374ebe5ebfe
--- /dev/null
+++ b/src/chrome/content/rules/ESET.de.xml
@@ -0,0 +1,24 @@
+<!--
+	For other ESET coverage, see Eset.xml.
+
+
+	(www.)?eset.de: Redirects to http
+
+-->
+<ruleset name="ESET.de (partial)">
+
+	<!--	Complications:
+				-->
+	<target host="eset.de" />
+	<target host="www.eset.de" />
+
+
+	<rule from="^http://(?:www\.)?eset\.de/(?=$|\?)"
+		to="https://www.eset.com/de" />
+
+		<test url="http://eset.de/?foo" />
+		<test url="http://eset.de/?bar" />
+		<test url="http://www.eset.de/?foo" />
+		<test url="http://www.eset.de/?bar" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ESET_NOD32.xml b/src/chrome/content/rules/ESET_NOD32.xml
index 705cd32e0514..1313b1df56fe 100644
--- a/src/chrome/content/rules/ESET_NOD32.xml
+++ b/src/chrome/content/rules/ESET_NOD32.xml
@@ -1,17 +1,51 @@
 <!--
 	For other ESET coverage, see Eset.xml.
 
+
+	Nonfunctional hosts in *esetnod32.ru:
+
+		- www.startpack *
+		- v2 *
+
+	* Refused
+
+
+	^esetnod32.ru: Mismatched
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .esetnod32.ru
+		- shop.esetnod32.ru
+		- .shop.esetnod32.ru
+
 -->
-<ruleset name="ESET NOD32">
+<ruleset name="ESET NOD32.ru (partial)">
 
+	<!--	Direct rewrites:
+				-->
+	<target host="shop.esetnod32.ru" />
+	<target host="www.esetnod32.ru" />
+
+	<!--	Complications:
+				-->
 	<target host="esetnod32.ru" />
-	<target host="*.esetnod32.ru" />
 
 
-	<securecookie host="^\.esetnod32\.ru$" name=".+" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.esetnod32\.ru$" name="^PHPSESSID" /-->
+	<!--securecookie host="^shop\.esetnod32\.ru$" name="^BITRIX_SM_(LOGIN|SALEUID|SOUND_LOGIN_PLAYED|UIDH)$" /-->
+	<!--securecookie host="^\.shop\.esetnod32\.ru$" name="^(BITRIX_SM_(SALEUID|UIDH)|RMSESSID)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+	<securecookie host="^\.shop\.esetnod32\.ru$" name=".+" />
+
 
+	<rule from="^http://esetnod32\.ru/"
+		to="https://www.esetnod32.ru/" />
 
-	<rule from="^http://(www\.)?esetnod32\.ru/"
-		to="https://$1esetnod32.ru/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ESET_static.com.xml b/src/chrome/content/rules/ESET_static.com.xml
new file mode 100644
index 000000000000..2a9401a2bf78
--- /dev/null
+++ b/src/chrome/content/rules/ESET_static.com.xml
@@ -0,0 +1,16 @@
+<!--
+	For other ESET coverage, see Eset.xml.
+
+-->
+<ruleset name="ESET static.com">
+
+	<target host="*.esetstatic.com" />
+
+		<test url="http://static3.esetstatic.com/" />
+		<test url="http://www.esetstatic.com/" />
+
+
+	<rule from="^http://(static\d|www)\.esetstatic\.com/"
+		to="https://$1.esetstatic.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ESF-Works.com.xml b/src/chrome/content/rules/ESF-Works.com.xml
index 7141fa59b359..d57c040cbbfb 100644
--- a/src/chrome/content/rules/ESF-Works.com.xml
+++ b/src/chrome/content/rules/ESF-Works.com.xml
@@ -14,4 +14,4 @@
 	<rule from="^http://(?:www\.)?esf-works\.com/"
 		to="https://esf-works.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ESI-Group.com.xml b/src/chrome/content/rules/ESI-Group.com.xml
index 306cf65dbb70..8d752fec8975 100644
--- a/src/chrome/content/rules/ESI-Group.com.xml
+++ b/src/chrome/content/rules/ESI-Group.com.xml
@@ -8,10 +8,10 @@
 <ruleset name="ESI-Group.com">
 
 	<target host="esi-group.com" />
-	<target host="*.esi-group.com" />
+	<target host="myesi.esi-group.com" />
+	<target host="www.esi-group.com" />
 
 
-	<rule from="^http://(myesi\.|www\.)?esi-group\.com/"
-		to="https://$1esi-group.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/ESI.xml b/src/chrome/content/rules/ESI.xml
index 65d437388db4..ec5df4920e9e 100644
--- a/src/chrome/content/rules/ESI.xml
+++ b/src/chrome/content/rules/ESI.xml
@@ -4,13 +4,12 @@
 -->
 <ruleset name="ESI">
 
-	<target host="*.esi.dz" />
+	<target host="www.esi.dz" />
 
 
 	<securecookie host="^(?:www)?\.esi\.dz$" name=".+" />
 
 
-	<rule from="^http://www\.esi\.dz/"
-		to="https://www.esi.dz/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ESISS.xml b/src/chrome/content/rules/ESISS.xml
deleted file mode 100644
index 7497863f6cf6..000000000000
--- a/src/chrome/content/rules/ESISS.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="ESISS">
-  <target host="esiss.ac.uk" />
-  <target host="www.esiss.ac.uk" />
-
-  <securecookie host="^(.+\.)?esiss\.ac\.uk$" name=".*"/>
-
-  <rule from="^http://(?:www\.)?esiss\.ac\.uk/" to="https://www.esiss.ac.uk/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/ESJ.com.xml b/src/chrome/content/rules/ESJ.com.xml
new file mode 100644
index 000000000000..4749bfef8d6b
--- /dev/null
+++ b/src/chrome/content/rules/ESJ.com.xml
@@ -0,0 +1,28 @@
+<!--
+	For other 1105 Media coverage, see 1105_Media.com.xml.
+
+
+	Insecure cookies are set for these hosts:
+
+		- esj.com
+
+-->
+<ruleset name="ESJ.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="esj.com" />
+	<target host="www.esj.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^esj\.com$" name="^(ASP\.NET_SessionId|BIGipServerPool[\w-]+)$" /-->
+
+	<securecookie host="^esj\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ESLint.org.xml b/src/chrome/content/rules/ESLint.org.xml
new file mode 100644
index 000000000000..e83d700cf822
--- /dev/null
+++ b/src/chrome/content/rules/ESLint.org.xml
@@ -0,0 +1,12 @@
+<ruleset name="ESLint.org">
+
+	<target host="eslint.org" />
+	<target host="www.eslint.org" />
+	<target host="cn.eslint.org" />
+	<target host="jenkins.eslint.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ESOMAR.org.xml b/src/chrome/content/rules/ESOMAR.org.xml
index 8c0fbcf9208e..0e9f7db3fb0f 100644
--- a/src/chrome/content/rules/ESOMAR.org.xml
+++ b/src/chrome/content/rules/ESOMAR.org.xml
@@ -1,24 +1,42 @@
 <!--
-	Fully covered subdomains:
-
-		- (www.)
-		- directory
-		- payment
-		- rwconnect
+	Invalid certificate:
+		ana.esomar.org
+		www.ana.esomar.org
+		associations.esomar.org
+		www.directory.esomar.org
+		extranet.esomar.org
+		www.rating.esomar.org
+		survey.esomar.org
+		wiki.esomar.org
+
+	Login required:
+		cloud.esomar.org
+		library.esomar.org
+		tracker.esomar.org
+
+	Different content http/https:
+		jobs.esomar.org
+		my.esomar.org
+
+	Mixed content:
+		rwconnect.esomar.org
+		www.rwconnect.esomar.org
 
 -->
 <ruleset name="ESOMAR.org">
 
 	<target host="esomar.org" />
-	<target host="*.esomar.org" />
-
-
-	<!--securecookie host="^\.esomar\.org$" name="^civicAllowCookies$" /-->
-	<securecookie host=".*\.esomar\.org$" name="^__utm\w$" />
-	<securecookie host="^(?:directory|www)\.esomar\.org$" name=".+" />
+	<target host="www.esomar.org" />
+	<target host="2016.esomar.org" />
+	<target host="directory.esomar.org" />
+	<target host="horus.esomar.org" />
+	<target host="payment.esomar.org" />
+	<target host="yes.esomar.org" />
+	<target host="young.esomar.org" />
 
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://((?:directory|payment|rwconnect|www)\.)?esomar\.org/"
-		to="https://$1esomar.org/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ESRB.xml b/src/chrome/content/rules/ESRB.xml
index 0eb41c850029..77e4a02b14bc 100644
--- a/src/chrome/content/rules/ESRB.xml
+++ b/src/chrome/content/rules/ESRB.xml
@@ -1,6 +1,6 @@
-<ruleset name="ESRB">
-  <target host="www.esrb.org" />
-  <target host="esrb.org" />
-
-  <rule from="^http://(?:www\.)?esrb\.org/" to="https://www.esrb.org/"/>
-</ruleset>
\ No newline at end of file
+<ruleset name="ESRB">
+  <target host="www.esrb.org" />
+  <target host="esrb.org" />
+
+  <rule from="^http://(?:www\.)?esrb\.org/" to="https://www.esrb.org/"/>
+</ruleset>
diff --git a/src/chrome/content/rules/ESRI.ie.xml b/src/chrome/content/rules/ESRI.ie.xml
new file mode 100644
index 000000000000..13beb3826ff6
--- /dev/null
+++ b/src/chrome/content/rules/ESRI.ie.xml
@@ -0,0 +1,21 @@
+<!--
+	Mixed content:
+
+		- Images on www from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="ESRI.ie">
+
+	<target host="esri.ie" />
+	<target host="www.esri.ie" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ESTA_Visas.org.uk.xml b/src/chrome/content/rules/ESTA_Visas.org.uk.xml
new file mode 100644
index 000000000000..4da9a5aef2a0
--- /dev/null
+++ b/src/chrome/content/rules/ESTA_Visas.org.uk.xml
@@ -0,0 +1,33 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://estavisas.org.uk/ => https://estavisas.org.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'estavisas.org.uk'")
+Fetch error: http://www.estavisas.org.uk/ => https://www.estavisas.org.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'www.estavisas.org.uk'")
+
+	Insecure cookies are set for these domains and hosts:
+
+		- estavisas.org.uk
+		- .estavisas.org.uk
+		- www.estavisas.org.uk
+
+-->
+<ruleset name="ESTA Visas.org.uk" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="estavisas.org.uk" />
+	<target host="www.estavisas.org.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?estavisas\.org\.uk$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^\.estavisas\.org\.uk$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^(?:www\.|\.)?estavisas\.org\.uk$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ESTA_Visas.org.xml b/src/chrome/content/rules/ESTA_Visas.org.xml
index b8ed9d0ad98f..59d98e74f336 100644
--- a/src/chrome/content/rules/ESTA_Visas.org.xml
+++ b/src/chrome/content/rules/ESTA_Visas.org.xml
@@ -1,13 +1,33 @@
-<ruleset name="ESTA Visas.org">
 
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://estavisas.org/ => https://estavisas.org/: (7, 'Failed to connect to estavisas.org port 443: No route to host')
+Fetch error: http://www.estavisas.org/ => https://www.estavisas.org/: (7, 'Failed to connect to www.estavisas.org port 443: No route to host')
+
+	Insecure cookies are set for these domains and hosts:
+
+		- estavisas.org
+		- .estavisas.org
+		- www.estavisas.org
+
+-->
+<ruleset name="ESTA Visas.org" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
 	<target host="estavisas.org" />
 	<target host="www.estavisas.org" />
 
 
-	<securecookie host="^www\.estavisas\.org$" name=".+" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?estavisas\.org$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^\.estavisas\.org$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^(?:www\.|\.)?estavisas\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?estavisas\.org/"
-		to="https://$1estavisas.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/ESV.de.xml b/src/chrome/content/rules/ESV.de.xml
new file mode 100644
index 000000000000..faa3ce66ac2c
--- /dev/null
+++ b/src/chrome/content/rules/ESV.de.xml
@@ -0,0 +1,19 @@
+<!--
+	Evangelische Stiftung Volmarstein
+
+
+	^: cert only matches *.esv.de
+
+-->
+<ruleset name="ESV.de">
+
+	<target host="esv.de" />
+	<target host="www.esv.de" />
+
+
+	<securecookie host="^www\.esv\.de$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/EScholarship.org-problematic.xml b/src/chrome/content/rules/EScholarship.org-problematic.xml
new file mode 100644
index 000000000000..296e1a4a570d
--- /dev/null
+++ b/src/chrome/content/rules/EScholarship.org-problematic.xml
@@ -0,0 +1,16 @@
+<!--
+	For rules that are on by default, see EScholarship.org.xml.
+
+-->
+<ruleset name="eScholarship.org (mismatched)" default_off="mismatched">
+
+	<target host="publish.escholarship.org" />
+
+
+	<securecookie host="^publish\.escholarship\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/EScholarship.org.xml b/src/chrome/content/rules/EScholarship.org.xml
index a44f9f06c48a..d73d9c0eddca 100644
--- a/src/chrome/content/rules/EScholarship.org.xml
+++ b/src/chrome/content/rules/EScholarship.org.xml
@@ -1,24 +1,34 @@
 <!--
-	Nonfunctional subdomains:
+	For problematic rules, see EScholarship.org-problematic.xml.
 
-		- (www.)	(dropped)
+	For other University of California coverage, see University-of-California.xml.
+
+
+	Problematic subdomains:
+
+		- publish *
+
+	* Mismatched
 
 
 	Fully covered subdomains:
 
-		- publish
+		- (www.)?
 		- submit
 
 -->
 <ruleset name="eScholarship.org (partial)">
 
-	<target host="*.escholarship.org" />
+	<target host="escholarship.org" />
+	<!--target host="publish.escholarship.org" /-->
+	<target host="submit.escholarship.org" />
+	<target host="www.escholarship.org" />
 
 
-	<securecookie host="^(?:publish|submit)\.escholarship\.org$" name=".+" />
+	<securecookie host="^submit\.escholarship\.org$" name=".+" />
 
 
-	<rule from="^http://(publish|submit)\.escholarship\.org/"
-		to="https://$1.escholarship.org/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ESupport.com.xml b/src/chrome/content/rules/ESupport.com.xml
new file mode 100644
index 000000000000..0c76f73c2e35
--- /dev/null
+++ b/src/chrome/content/rules/ESupport.com.xml
@@ -0,0 +1,12 @@
+<!--
+	(www.): shows secure
+
+-->
+<ruleset name="eSupport.com (partial)">
+
+	<target host="secure.esupport.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ETAO.com.xml b/src/chrome/content/rules/ETAO.com.xml
new file mode 100644
index 000000000000..f4dbe71dc7b9
--- /dev/null
+++ b/src/chrome/content/rules/ETAO.com.xml
@@ -0,0 +1,46 @@
+<!--
+	For other Alibaba Group coverage, see Alibaba.xml.
+
+	Dropped:
+		- ^		( Redirect to www.etao.com )
+		- buy	( Redirect to www.etao.com)
+
+	Mismatch:
+		- ux
+
+	Redirects to http:
+		- m
+		- rebate
+		- s
+		- wanke
+		- web	( equal to www )
+
+	Too many redirects:
+		- ally
+
+	Unable to connect to the server:
+		- 8
+		- ruyi
+
+	Insecure cookies are set for these domains:
+		- .etao.com
+-->
+
+<ruleset name="ETAO.com (partial)">
+	<target host="www.etao.com" />
+	<target host="app.etao.com" />
+	<target host="f.etao.com" />
+	<target host="huoyan.etao.com" />
+	<target host="update.labs.etao.com" />
+	<target host="apie.m.etao.com" />
+	<target host="pass.etao.com" />
+	<target host="temai.etao.com" />
+	<target host="top.etao.com" />
+
+	<target host="etao.com" />
+	<target host="buy.etao.com" />
+	<target host="web.etao.com" />
+	<rule from="^http://(buy\.|web\.)?etao\.com/" to="https://www.etao.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ETHZ.ch-problematic.xml b/src/chrome/content/rules/ETHZ.ch-problematic.xml
new file mode 100644
index 000000000000..e8545cfb079b
--- /dev/null
+++ b/src/chrome/content/rules/ETHZ.ch-problematic.xml
@@ -0,0 +1,23 @@
+<!--
+	For rules that are on by default, see ETH_Zurich.xml.
+
+-->
+<ruleset name="ETHZ.ch (problematic)" default_off="expired, missing certificate chain">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.ethlife.ethz.ch" />
+	<target host="wiki.se.inf.ethz.ch" />
+
+	<!--	Complications:
+				-->
+	<target host="ethlife.ethz.ch" />
+
+
+	<rule from="^http://ethlife\.ethz\.ch/"
+		to="https://www.ethlife.ethz.ch/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ETH_Zurich.xml b/src/chrome/content/rules/ETH_Zurich.xml
index e9d779c13160..a296bea08c78 100644
--- a/src/chrome/content/rules/ETH_Zurich.xml
+++ b/src/chrome/content/rules/ETH_Zurich.xml
@@ -1,8 +1,27 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://e-citations.ethbib.ethz.ch/ (200) => https://e-citations.ethbib.ethz.ch/ (500)
+Fetch error: http://www.library.ethz.ch/ => https://www.library.ethz.ch/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://webgta.ethz.ch/ => https://webgta.ethz.ch/: (51, "SSL: no alternative certificate subject name matches target host name 'webgta.ethz.ch'")
+Fetch error: http://webita.ethz.ch/ => https://webita.ethz.ch/: (51, "SSL: no alternative certificate subject name matches target host name 'webita.ethz.ch'")
+Fetch error: http://www1.ethz.ch/ => https://www1.ethz.ch/: (6, 'Could not resolve host: www1.ethz.ch')
+
+	ETH Zürich
+
+	For problematic rules, see ETHZ.ch-problematic.xml.
+
+
+	Other ETH Zürich rulesets:
+
+		- DARCH.ch.xml
+		- Untergeschoss.ch.xml
+
+
 	Nonfunctional subdomains:
 
 		- addis2050 *
-		- www.alumni		(^alumni doesn't exist)
+		- www.alumni ²
 
 		- arch subdomains:
 
@@ -14,53 +33,97 @@
 			- archiv.gta *
 			- ausstellungen.gta *
 
+		- www.arch ²
+		- www.ee ²
+		- e-collection.ethbib ³
+		- www.ethbib ⁴
+		- laser.inf ***
+		- se.inf ***
+		- e-collection.library ³
+		- www.vvz ⁵
+
 	* Redirects to http, mismatched, CN: webgta.ethz.ch
+	² Redirects to www.ethz.ch
 	** Redirects to http, mismatched, CN: webita.ethz.ch
+	³ Redirects to wayf.switch.ch
+	⁴ Redirects to www.library.ethz.ch
+	*** "Website not found"
+	⁵ Refused
 
 
 	Problematic subdomains:
 
 		- ^			(times out)
+		- e-citations.ethbib ²
 		- ethlife		(cert only matches www.ethlife)
+		- www.ethlife ⁴
+		- wiki.se.inf ⁵
 
+	² Insecure renegotiation
+	⁴ Expired
+	⁵ Server sends no certificate chain, see https://whatsmychaincert.com
 
-	Fully covered subdomains:
 
-		- ^			(→ www)
-		- (www.)bilddb.arch
-		- (www.)bilddb.gta.arch
-		- (www.)media.gta.arch
-		- (www.)intern.arch
-		- (www.)it.arch
-		- www.arch		(^arch doesn't exist)
-		- ethlife		(→ www.ethlife)
-		- www.ethlife
-		- webgta
-		- webita
+	Insecure cookies are set for these hosts:
 
--->
-<ruleset name="ETH Zürich (partial)">
+		- e-citations.ethbib.ethz.ch
+		- www.library.ethz.ch
+		- wtsdc.ethz.ch
+		- www.ethz.ch
+		- www1.ethz.ch
 
-	<target host="darch.ch" />
+-->
+<ruleset name="ETHZ.ch (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="bilddb.arch.ethz.ch" />
+	<target host="www.bilddb.arch.ethz.ch" />
+	<target host="bilddb.gta.arch.ethz.ch" />
+	<target host="www.bilddb.gta.arch.ethz.ch" />
+	<target host="media.gta.arch.ethz.ch" />
+	<target host="www.media.gta.arch.ethz.ch" />
+	<target host="intern.arch.ethz.ch" />
+	<target host="www.intern.arch.ethz.ch" />
+	<target host="it.arch.ethz.ch" />
+	<target host="www.it.arch.ethz.ch" />
+
+	<target host="e-citations.ethbib.ethz.ch" />
+	<!--target host="ethlife.ethz.ch" /-->
+	<!--target host="www.ethlife.ethz.ch" /-->
+	<target host="people.inf.ethz.ch" />
+	<target host="login.library.ethz.ch" />
+	<target host="www.library.ethz.ch" />
+	<target host="piwik.ethz.ch" />
+	<target host="stat.ethz.ch" />
+	<target host="webgta.ethz.ch" />
+	<target host="tg.ethz.ch" />
+	<target host="www.tg.ethz.ch" />
+	<target host="webita.ethz.ch" />
+	<target host="wtsdc.ethz.ch" />
+	<target host="www.ethz.ch" />
+	<target host="www1.ethz.ch" />
+
+	<!--	Complications:
+				-->
 	<target host="ethz.ch" />
-	<target host="*.ethz.ch" />
-	<target host="www.ethlife.ethz.ch" />
-	<target host="*.arch.ethz.ch" />
-	<target host="www.*.arch.ethz.ch" />
-	<target host="*.gta.arch.ethz.ch" />
-	<target host="www.*.gta.arch.ethz.ch" />
 
 
-	<securecookie host="^www\.ethz\.ch$" name=".+" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^e-citations\.ethbib\.ethz\.ch$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^www\.library\.ethz\.ch$" name="^amfID$" /-->
+	<!--securecookie host="^wtsdc\.ethz\.ch$" name="^(ACOOKIE|WEBTRENDS_ID)$" /-->
+	<!--securecookie host="^www\.ethz\.ch$" name="^_shibstate_\d+_\d+$" /-->
+	<!--securecookie host="^www1\.ethz\.ch$" name="^vcmp-p16-cookie$" /-->
 
+	<securecookie host="^\w" name=".+" />
 
-	<rule from="^http://darch\.ch/"
-		to="https://darch.ch/" />
 
-	<rule from="^https?://(?:www\.)?(ethlife\.)?ethz\.ch/"
-		to="https://www.$1ethz.ch/" />
+	<rule from="^http://ethz\.ch/"
+		to="https://www.ethz.ch/" />
 
-	<rule from="^http://((?:www\.)?(?:(?:bilddb(?:\.gta)?|media\.gta|intern|it)\.)?arch|webgta|webita)\.ethz\.ch/"
-		to="https://$1.ethz.ch/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ETS.xml b/src/chrome/content/rules/ETS.xml
index 34e980fd3996..a8103d2e4e0d 100644
--- a/src/chrome/content/rules/ETS.xml
+++ b/src/chrome/content/rules/ETS.xml
@@ -1,7 +1,19 @@
 <ruleset name="ETS">
   <target host="ets.org" />
-  <target host="*.ets.org" />
+  <target host="www.ets.org" />
+  <target host="apstudio.ets.org" />
+  <target host="ept-elm.ets.org" />
+  <target host="gedcalifornia.ets.org" />
+  <target host="gresearch.ets.org" />
+  <target host="ibtsd3.ets.org" />
+  <target host="mygre.ets.org" />
+  <target host="onyx.ets.org" />
+  <target host="ppi.ets.org" />
+  <target host="srp.ets.org" />
+  <target host="title2.ets.org" />
+  <target host="toefl-registration.ets.org" />
+  <target host="toeflrts.ets.org" />
 
   <rule from="^http://(?:www\.)?ets\.org/" to="https://www.ets.org/"/>
-  <rule from="^http://(apstudio|ept-elm|gedcalifornia|gresearch|ibtsd3|mygre|onyx|ppi|srp|title2|toefl-registration|toeflrts)\.ets\.org/" to="https://$1.ets.org/"/>
-</ruleset>
\ No newline at end of file
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ETegro.xml b/src/chrome/content/rules/ETegro.xml
index 8526e08265ef..bd10e34055b4 100644
--- a/src/chrome/content/rules/ETegro.xml
+++ b/src/chrome/content/rules/ETegro.xml
@@ -2,5 +2,5 @@
         <target host="www.etegro.com" />
         <target host="etegro.com" />
 
-        <rule from="^http://(www\.)?etegro\.com/" to="https://www.etegro.com/"/>
+        <rule from="^http://(?:www\.)?etegro\.com/" to="https://www.etegro.com/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/ETicketing.co.uk.xml b/src/chrome/content/rules/ETicketing.co.uk.xml
new file mode 100644
index 000000000000..7563b1a0e13e
--- /dev/null
+++ b/src/chrome/content/rules/ETicketing.co.uk.xml
@@ -0,0 +1,15 @@
+<!--
+	For related rules, see Ticketmaster.xml
+
+-->
+<ruleset name="ETicketing.co.uk">
+
+	<target host="eticketing.co.uk" />
+	<target host="www.eticketing.co.uk" />
+	<target host="ams3pxy.eticketing.co.uk" />
+	<target host="beta.eticketing.co.uk" />
+	<target host="media.eticketing.co.uk" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/EToro.xml b/src/chrome/content/rules/EToro.xml
index 12918fbbafc3..1274478709ca 100644
--- a/src/chrome/content/rules/EToro.xml
+++ b/src/chrome/content/rules/EToro.xml
@@ -1,33 +1,47 @@
 <!--
-	Nonfunctional domains:
+	Other eToro.com related rulesets:
+		+ etorostatic.com.xml
 
-		- cdn.etoro.com	(400, CN: *.cotssl.net)
+	Non-functional hosts
+		SSL connect error:
+		- etorologsapi.etoro.com
 
+		SSL peer certificate was not OK:
+		- cdn.etoro.com
+		- partners-help.etoro.com
 
-	Problematic domains:
-
-		- etoro.com	(cert only matches www)
+		4xx client error:
+		- s3.etoro.com
 
+		5xx server error:
+		- maintenance.etoro.com
 -->
-<ruleset name="eToro (partial)" platform="mixedcontent">
-
-	<target host="copy.me" />
-	<target host="*.copy.me" />
+<ruleset name="eToro.com">
 	<target host="etoro.com" />
-	<target host="*.etoro.com" />
-
-
-	<securecookie host="^\.copy\.me$" name=".+" />
-	<securecookie host="^.*\.etoro\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?copy\.me/"
-		to="https://$1copy.me/" />
-
-	<rule from="^https?://(?:www\.)?etoro\.com/"
-		to="https://www.etoro.com/" />
-
-	<rule from="^http://(openbook|s3)\.etoro\.com/"
-		to="https://$1.etoro.com/" />
-
-</ruleset>	
+	<target host="accountstat.etoro.com" />
+	<target host="affiliates.etoro.com" />
+	<target host="api-portal.etoro.com" />
+	<target host="apptest.etoro.com" />
+	<target host="cashier.etoro.com" />
+	<target host="charts.etoro.com" />
+	<target host="content.etoro.com" />
+	<test url="http://content.etoro.com/lp/bitcoin/?gc=1" />
+	<target host="embed.etoro.com" />
+	<target host="etorologsapi.etoro.com" />
+	<target host="go.etoro.com" />
+	<target host="help.etoro.com" />
+	<target host="kyc.etoro.com" />
+	<test url="http://kyc.etoro.com/api/v1/tnc/documents/84.pdf" />
+	<target host="openbook.etoro.com" />
+	<target host="partners.etoro.com" />
+	<target host="push-demo-lightstreamer.cloud.etoro.com" />
+	<target host="referfriends.etoro.com" />
+	<target host="site.etoro.com" />
+	<target host="status.etoro.com" />
+	<target host="stocks.etoro.com" />
+	<target host="www.etoro.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/EUBA.sk.xml b/src/chrome/content/rules/EUBA.sk.xml
new file mode 100644
index 000000000000..9200a562d105
--- /dev/null
+++ b/src/chrome/content/rules/EUBA.sk.xml
@@ -0,0 +1,9 @@
+<ruleset name="Euba.sk">
+	<target host="euba.sk" />
+	<target host="www.euba.sk" />
+	<target host="old.euba.sk" />
+	<target host="helpdesk.euba.sk" />
+	<target host="jedalen.euba.sk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/EUKhost.xml b/src/chrome/content/rules/EUKhost.xml
index 35906c2691cb..61de8c8df3ad 100644
--- a/src/chrome/content/rules/EUKhost.xml
+++ b/src/chrome/content/rules/EUKhost.xml
@@ -26,13 +26,13 @@
 -->
 <ruleset name="eUKhost (partial)">
 
-	<target host="*.eukhost.com" />
+	<target host="affiliates.eukhost.com" />
+	<target host="billing.eukhost.com" />
 
 
 	<securecookie host="^billing\.eukhost\.com$" name=".+" />
 
 
-	<rule from="^http://(affiliates|billing)\.eukhost\.com/"
-		to="https://$1.eukhost.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/EUKhosting.xml b/src/chrome/content/rules/EUKhosting.xml
index f15873b83e53..9ab6fb1df09f 100644
--- a/src/chrome/content/rules/EUKhosting.xml
+++ b/src/chrome/content/rules/EUKhosting.xml
@@ -15,10 +15,10 @@
 	<target host="*.eukhosting.net" />
 
 
-	<securecookie host=".+\.eukhosting.net$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http://(?!www\.)([\w-]+)\.eukhosting\.net/"
 		to="https://$1.eukhosting.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/EUSecWest.xml b/src/chrome/content/rules/EUSecWest.xml
deleted file mode 100644
index a74d326f5cc5..000000000000
--- a/src/chrome/content/rules/EUSecWest.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<ruleset name="EUSecWest">
-
-	<target host="eusecwest.com" />
-	<target host="*.eusecwest.com" />
-
-
-	<securecookie host="^\.eusecwest\.com$" name=".+" />
-
-
-	<!--	Cert only matches ^eusecwest.com.
-							-->
-	<rule from="^https?://(?:www\.)?eusecwest\.com/"
-		to="https://eusecwest.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/EUobserver.com.xml b/src/chrome/content/rules/EUobserver.com.xml
new file mode 100644
index 000000000000..19357ee122ba
--- /dev/null
+++ b/src/chrome/content/rules/EUobserver.com.xml
@@ -0,0 +1,18 @@
+<!--
+	CDN buckets:
+
+		- s3.eu-central-1.amazonaws.com/euobs-media/
+
+-->
+<ruleset name="EUobserver.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="euobserver.com" />
+	<target host="www.euobserver.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/EUserv.de.xml b/src/chrome/content/rules/EUserv.de.xml
new file mode 100644
index 000000000000..e8c66b31f177
--- /dev/null
+++ b/src/chrome/content/rules/EUserv.de.xml
@@ -0,0 +1,28 @@
+<!--
+	Nonfunctional subdomains:
+
+		- (www.) ¹
+		- forum ²
+		- www.support ³
+
+	¹ Refused
+	² Shows ssl
+	³ Shows ssl, behaves differently from ^support
+
+-->
+<ruleset name="EUserv.de (partial)">
+
+	<target host="euserv.de" />
+	<target host="ssl.euserv.de" />
+	<target host="www.ssl.euserv.de" />
+	<target host="www.euserv.de" />
+	<target host="support.euserv.de" />
+		<exclusion pattern="^http://(?:www\.)?euserv\.de/+(?!favicon\.ico|pic/)" />
+
+
+	<rule from="^http://(?:(www\.)?ssl\.|www\.)?euserv\.de/"
+		to="https://$1ssl.euserv.de/" />
+
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/EVDrive.xml b/src/chrome/content/rules/EVDrive.xml
index 846b0e0cb890..1ef4809387f9 100644
--- a/src/chrome/content/rules/EVDrive.xml
+++ b/src/chrome/content/rules/EVDrive.xml
@@ -1,4 +1,4 @@
-<ruleset name="EVDrive (partial)" default_off="mismatch">
+<ruleset name="EVDrive (partial)" default_off="mismatched">
 
 	<!--	bluehost.com	-->
 	<target host="evdrive.com"/>
diff --git a/src/chrome/content/rules/EVEX.xml b/src/chrome/content/rules/EVEX.xml
new file mode 100644
index 000000000000..2e9fb839c1da
--- /dev/null
+++ b/src/chrome/content/rules/EVEX.xml
@@ -0,0 +1,32 @@
+<ruleset name="EVEX">
+	<!-- aeromageddon.com -->
+	<target host="aeromageddon.com" />
+	<target host="www.aeromageddon.com" />
+	<target host="cpanel.aeromageddon.com" />
+	<target host="mail.aeromageddon.com" />
+	<target host="webdisk.aeromageddon.com" />
+	<target host="webmail.aeromageddon.com" />
+
+	<!-- evex.ca -->
+	<target host="evex.ca" />
+	<target host="www.evex.ca" />
+	<target host="cpanel.evex.ca" />
+	<target host="mail.evex.ca" />
+	<target host="webdisk.evex.ca" />
+	<target host="webmail.evex.ca" />
+
+	<!-- ytest.net-->
+	<target host="ytest.net" />
+	<target host="www.ytest.net" />
+	<target host="aeromageddon.ytest.net" />
+	<target host="www.aeromageddon.ytest.net" />
+	<target host="cpanel.ytest.net" />
+	<target host="evex.ytest.net" />
+	<target host="www.evex.ytest.net" />
+	<target host="mail.ytest.net" />
+	<target host="webdisk.ytest.net" />
+	<target host="webmail.ytest.net" />
+
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/EVGA.xml b/src/chrome/content/rules/EVGA.xml
deleted file mode 100644
index eac6359f84b8..000000000000
--- a/src/chrome/content/rules/EVGA.xml
+++ /dev/null
@@ -1,62 +0,0 @@
-<ruleset name="EVGA (partial)">
-
-	<target host="evga.com" />
-	<target host="*.evga.com" />
-		<!--
-			Started redirecting to http.
-							-->
-		<exclusion pattern="^http://www\.evga\.com/forums/\w+\.aspx" />
-	<target host="evga.com.au" />
-	<target host="www.evga.com.au" />
-	<target host="evga.com.tw" />
-	<target host="www.evga.com.tw" />
-
-
-	<securecookie host="^www\.evga\.com$" name="^dbforums.*$" />
-
-
-	<!--	Cert only matches www.
-
-
-		General patterns:
-
-			- .*.asp redirects to http.
-				- Except for login pages.
-			- .*.aspx doesn't redirect to http.
-
-
-		Paths that this rule should rewrite:
-
-			- for i in aspx, css, jpg, js, swf, xml:
-				- .+/\w+.i$
-				- .+/\w+.i?
-			- .+/$
-				- NB: For paths that don't support https, server
-				  redirects to .+/.+asp$, Saving us a farktonne of effort.
-			- .+/attachments/
-			- .+/files/
-			- .+/images/
-			- .+/includes/
-			- .+/JS/
-			- /$
-			- banner/
-			- favicon.ico
-			- forumsarchive/
-			- gaming/wp-content/
-			- images/
-			- includes/
-			- login.asp$
-			- support/download/
-			- support/drivers/
-			- support/login.asp$
-			- Support/download/
-			- Support/login.asp$
-
-				-->
-	<rule from="^https?://(?:www\.)?evga\.com/((?:.+/)?(?:$|\w+\.(?:aspx|css|gif|jpg|js|png|swf|xml)($|\?)|attachments/|files/|forumsarchive/|images/|includes/|JS/)|banners/|favicon\.ico|gaming/wp-content/|(?:[sS]upport/)?login\.asp$|support/d(?:ownload|rivers)/|Support/download/)"
-		to="https://www.evga.com/$1"/>
-
-	<rule from="^https?://(?:(?:asia|[bfk]r|eu|jp|latam)\.evga\.com|(?:www\.)?evga\.com\.(?:au|tw))/((?:.+/)?images/common/|favicon\.ico$)"
-		to="https://www.evga.com/$1"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/EVoice.co.uk.xml b/src/chrome/content/rules/EVoice.co.uk.xml
index 09faf8992021..83b9c0795800 100644
--- a/src/chrome/content/rules/EVoice.co.uk.xml
+++ b/src/chrome/content/rules/EVoice.co.uk.xml
@@ -45,7 +45,4 @@
 	<rule from="^http://home\.evoice\.co\.uk/+(?=$|\?)"
 		to="https://go.evoice.co.uk/eV_UK_NS_MyWebHelp/eV_UKHelp_Left.htm" />
 
-	<rule from="^http://home\.evoice\.co\.uk/(?=.+\.gif|favicon\.ico)"
-		to="https://a248.e.akamai.net/f/347/9665/9/home.evoice.co.uk/" />
-
 </ruleset>
diff --git a/src/chrome/content/rules/EW-Scripps-Company-mismatches.xml b/src/chrome/content/rules/EW-Scripps-Company-mismatches.xml
index 13dea747a80e..16149a534b41 100644
--- a/src/chrome/content/rules/EW-Scripps-Company-mismatches.xml
+++ b/src/chrome/content/rules/EW-Scripps-Company-mismatches.xml
@@ -4,21 +4,20 @@ Some buckets:
 - cdn.cloudfiles.mosso.com
 - c34122.r22.cf0.rackcdn.com
 -->
-<ruleset name="E. W. Scripps Company (mismatches)" default_off="mismatch" platform="mixedcontent">
+<ruleset name="E. W. Scripps Company (mismatches)" default_off="mismatched" platform="mixedcontent">
 
 	<target host="m.andersonvalleypost.com"/>
 	<target host="media.andersonvalleypost.com"/>
-	<target host="*.commercialappeal.com"/>
+	<target host="blogs.commercialappeal.com" />
+	<target host="media.commercialappeal.com" />
+	<target host="web.commercialappeal.com" />
 	<target host="homes.redding.com"/>
 	<target host="web.redding.com"/>
 
-	<rule from="^http://m(edia)?\.andersonvalleypost\.com/"
-		to="https://m$1.andersonvalleypost.com/"/>
 
-	<rule from="^http://(blogs|media|web)\.commercialappeal\.com/"
-		to="https://$1.commercialappeal.com/"/>
 
 	<rule from="^http://(homes|web)\.redding\.com/"
 		to="https://$1web.redding.com/"/>
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/EW-Scripps-Company.xml b/src/chrome/content/rules/EW-Scripps-Company.xml
index f99d484b3822..74c2da464c28 100644
--- a/src/chrome/content/rules/EW-Scripps-Company.xml
+++ b/src/chrome/content/rules/EW-Scripps-Company.xml
@@ -1,8 +1,15 @@
-<!--
-	Other E. W. Scripps Company rulesets:
 
-		- Scrippsing.com.xml
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://login.andersonvalleypost.com/ => https://login.andersonvalleypost.com/: (51, "SSL: no alternative certificate subject name matches target host name 'login.andersonvalleypost.com'")
 
+Disabled by https-everywhere-checker because:
+Fetch error: http://andersonvalleypost.com/ => http://andersonvalleypost.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.redding.com'")
+Fetch error: http://www.andersonvalleypost.com/ => http://www.andersonvalleypost.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.redding.com'")
+Fetch error: http://commercialappeal.com/ => https://www.commercialappeal.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.commercialappeal.com'")
+Fetch error: http://www.commercialappeal.com/ => https://www.commercialappeal.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.commercialappeal.com'")
+Fetch error: http://redding.com/ => https://www.redding.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.redding.com'")
+Fetch error: http://www.redding.com/ => https://www.redding.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.redding.com'")
 
 	CDN buckets:
 
@@ -17,7 +24,7 @@
 		- www.theindychannel.com	(prints "Down For Maintenance", akamai)
 
 -->
-<ruleset name="E. W. Scripps Company (partial)">
+<ruleset name="E. W. Scripps Company (partial)" default_off="failed ruleset test">
 
 	<target host="andersonvalleypost.com"/>
 	<target host="login.andersonvalleypost.com"/>
diff --git a/src/chrome/content/rules/EW-online.de.xml b/src/chrome/content/rules/EW-online.de.xml
new file mode 100644
index 000000000000..54cfe23da506
--- /dev/null
+++ b/src/chrome/content/rules/EW-online.de.xml
@@ -0,0 +1,9 @@
+<ruleset name="EW-online.de">
+
+	<target host="ew-online.de" />
+	<target host="www.ew-online.de" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/EWONTFIX.com.xml b/src/chrome/content/rules/EWONTFIX.com.xml
new file mode 100644
index 000000000000..6bfac83be336
--- /dev/null
+++ b/src/chrome/content/rules/EWONTFIX.com.xml
@@ -0,0 +1,12 @@
+<!--
+	Nonfunctional hosts in *.ewontfix.com:
+		- mail
+-->
+<ruleset name="EWONTFIX.com">
+	<target host="ewontfix.com" />
+	<target host="www.ewontfix.com" />
+
+	<rule from="^http:" to="https:" />
+
+	<securecookie host=".+" name=".+" />
+</ruleset>
diff --git a/src/chrome/content/rules/EWebScapes.com.xml b/src/chrome/content/rules/EWebScapes.com.xml
new file mode 100644
index 000000000000..be0cd5b5946c
--- /dev/null
+++ b/src/chrome/content/rules/EWebScapes.com.xml
@@ -0,0 +1,23 @@
+<!--
+	For other WebDevStudios coverage, see WebDevStudios.xml.
+
+	(www.)?ewebscapes.com: Mismatched
+	clientarea.ewebscapes.com: Expired
+
+-->
+<ruleset name="EWebScapes.com (partial)">
+
+	<!--	Complications:
+				-->
+	<target host="ewebscapes.com" />
+	<target host="www.ewebscapes.com" />
+
+	<!--	Redirect keeps path and args,
+		but not forward slash:
+					-->
+	<rule from="^http://(?:www\.)?ewebscapes\.com/+"
+		to="https://webdevstudios.com/" />
+
+		<test url="http://ewebscapes.com/?" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/EWellness_magazine.xml b/src/chrome/content/rules/EWellness_magazine.xml
index 3358e1139e68..2ff2fd59bb85 100644
--- a/src/chrome/content/rules/EWellness_magazine.xml
+++ b/src/chrome/content/rules/EWellness_magazine.xml
@@ -1,4 +1,12 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ewellnessmag.com/ => https://www.ewellnessmag.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.ewellnessmag.com'")
+Fetch error: http://www.ewellnessmag.com/ => https://www.ewellnessmag.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.ewellnessmag.com'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://ewellnessmag.com/ => https://www.ewellnessmag.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.ewellnessmag.com'")
+Fetch error: http://www.ewellnessmag.com/ => https://www.ewellnessmag.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.ewellnessmag.com'")
 	Problematic subdomains:
 
 		- ^		(mismatched, CN: *.sugester.pl)
@@ -11,14 +19,14 @@
 		- cart
 
 -->
-<ruleset name="eWellness magazine (partial)">
+<ruleset name="eWellness magazine (partial)" default_off="failed ruleset test">
 
 	<target host="ewellnessmag.com" />
 	<target host="www.ewellnessmag.com" />
-		<exclusion pattern="^https?://www\.ewellnessmag\.com/(?:app/shop(?:$|\?|/login_or_register)|cart(?:$|\?))" />
+		<exclusion pattern="^http://www\.ewellnessmag\.com/(?:app/shop(?:$|\?|/login_or_register)|cart(?:$|\?))" />
 
 
-	<rule from="^https?://(?:www\.)?ewellnessmag\.com/"
+	<rule from="^http://(?:www\.)?ewellnessmag\.com/"
 		to="https://www.ewellnessmag.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/EXANTE.xml b/src/chrome/content/rules/EXANTE.xml
index afa01164c51a..27ce876f7339 100644
--- a/src/chrome/content/rules/EXANTE.xml
+++ b/src/chrome/content/rules/EXANTE.xml
@@ -7,7 +7,6 @@
 	<securecookie host="^exante\.eu$" name=".+" />
 
 
-	<rule from="^http://(www\.)?exante\.eu/"
-		to="https://$1exante.eu/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/EXIST.de.xml b/src/chrome/content/rules/EXIST.de.xml
new file mode 100644
index 000000000000..91c7487bf50b
--- /dev/null
+++ b/src/chrome/content/rules/EXIST.de.xml
@@ -0,0 +1,28 @@
+<!--
+	Bundesministerium für Wirtschaft und Technologie
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.exist.de
+
+-->
+<ruleset name="EXIST.de">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="exist.de" />
+	<target host="www.exist.de" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.exist\.de$" name="^JSESSIONID$" /-->
+
+	<securecookie host="^www\.exist\.de$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/EXXile.net.xml b/src/chrome/content/rules/EXXile.net.xml
new file mode 100644
index 000000000000..2eb02eace4b1
--- /dev/null
+++ b/src/chrome/content/rules/EXXile.net.xml
@@ -0,0 +1,21 @@
+<!--
+	CN: webserver.ispgateway.de
+
+-->
+<ruleset name="eXXile.net" default_off="mismatched, self-signed">
+
+	<target host="exxile.net" />
+	<target host="firefox.exxile.net" />
+	<target host="www.exxile.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^firefox\.exxile\.net$" name="^PHPSESSID$" /-->
+	<securecookie host="^firefox\.exxile\.net$" name=".+" />
+
+
+	<rule from="^http://(?:(firefox\.)|www\.)?exxile\.net/"
+		to="https://$1exxile.net/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/EXelate.xml b/src/chrome/content/rules/EXelate.xml
index e4cdcaf3d605..bd94e2493784 100644
--- a/src/chrome/content/rules/EXelate.xml
+++ b/src/chrome/content/rules/EXelate.xml
@@ -1,84 +1,76 @@
 <!--
-	CDN buckets:
-
-		- load.s3.amazonaws.com
-
-
-	Cert also matches these domains:
-
-		- datalinxng.exelate.com ¹
-		- dlxapi.exelate.com		(refused)
-		- texiapi.exelate.com ¹
-		- loadxl.exelator.biz ¹
-		- insight.exelator.com ²
-		- www.load.exelator.com ²
-
-	¹ Dropped
-	² Doesn't exist
-
-
-	Nonfunctional domains:
-
-		- (www.)exelate.com
-		- datalinx.exelate.com ²
-		- exchange.exelate.com ²
-		- datalinxapi.exelator.net ¹
-
-	¹ http reply
-	² Refused
-
-
-	Problematic domains:
-
-		- ad.exelate.com	(mismatched, CN: ad.yieldmanager.com)
-		- loadan.exelator.com *
-		- www.exelator.com *
-
-	* Mismatched, CN: load.exelator.com
-
-
-	Fully covered domains:
-
-		- ad.exelate.com	(→ ad.yieldmanager.com)
-		- texi.exelate.com
-
-		- exelator.com subdomains:
-
-			- load
-			- loadan	(→ load)
-			- loadeu
-			- loadm
-			- loadr
-			- loadus
-			- loadxl
-			- sandbox
-
-
-	Observed cookie domains:
-
-		- texi.exelate.com
+	Cert expired:
+		- alpha.nmc.exelate.com
+		- externalgw.alpha.nmc.exelate.com
+		- appgw.alpha.nmc.exelate.com
+
+	Connection refused:
+		- 2013awards.exelate.com
+		- bdx2016.exelate.com
+		- bdx2017.exelate.com
+
+	TLS error:
+		- www.exelator.com
+		- action.exelator.com
+		- load.exelator.com
+		- loadan.exelator.com
+		- loadeu.exelator.com
+		- loadm.exelator.com
+		- loadpm.exelator.com
+		- loadr.exelator.com
+		- loadus.exelator.com
+		- mydmp.exelator.com
+		- optout.exelator.com
+		- static.exelator.com
+		- vdna.exelator.com
+		- smart.exelator.com
+		- sandbox.exelator.com
+		- exelate.com
+		- www.exelate.com
+		- partners.exelate.com
+
+	Timeout:
+		- exelator.com
+
+	Cert mismatch:
+		- load.amexp.exelator.com
+		- eu-west.load.exelator.com
+		- eu-static.load.exelator.com
+		- us-east.load.exelator.com
+		- us-central.load.exelator.com
+		- global.load.exelator.com
+		- us-west.load.exelator.com
+		- insight-s3.exelator.com
+		- loadus.tm.ssl.exelator.com
+		- west.us.tm.exelator.com
+		- load.njexp.exelator.com
+		- load.scexp.exelator.com
+		- smart.scexp.exelator.com
+		- load.txexp.exelator.com
+		- smart.txexp.exelator.com
+		- ad.exelate.com
+		- resources.exelate.com
 
 -->
 <ruleset name="eXelate">
 
-	<target host="ad.exelate.com" />
-	<target host="*.exelator.com" />
-
+	<!--	Direct rewrites:
+				-->
+	<target host="cdn.exelator.com" />
+	<target host="load77.exelator.com" />
 
-	<securecookie host="^texi\.exelate\.com$" name=".+" />
-	<securecookie host="^\.exelator\.com$" name=".+" />
+	<target host="alpha.cdn.exelate.com" />
+	<target host="ad.exelate.com" />
+	<target host="nmc1.cdn.nmc.exelate.com" />
+	<target host="resources.cdn.nmc.exelate.com" />
+	<target host="nmc.exelate.com" />
 
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^https?://ad\.exelate\.com/"
+	<rule from="^http://ad\.exelate\.com/"
 		to="https://ad.yieldmanager.com/" />
 
-	<rule from="^http://texi\.exelate\.com/"
-		to="https://texi.exelate.com/" />
-
-	<rule from="^http://(load(?:eu|m|r|us|xl)?|sandbox)\.exelator\.com/"
-		to="https://$1.exelator.com/" />
-
-	<rule from="^http://loadan\.exelator\.com/"
-		to="https://load.exelator.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/EXiled.xml b/src/chrome/content/rules/EXiled.xml
index 88734220e5d7..9332273686ec 100644
--- a/src/chrome/content/rules/EXiled.xml
+++ b/src/chrome/content/rules/EXiled.xml
@@ -15,4 +15,4 @@
 	<rule from="^http://(?:www\.)?exiledonline\.com/(favicon\.ico|slider/|wp-content/)"
 		to="https://exiledonline.com/$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/EYE_film.nl.xml b/src/chrome/content/rules/EYE_film.nl.xml
new file mode 100644
index 000000000000..92fbe5209e00
--- /dev/null
+++ b/src/chrome/content/rules/EYE_film.nl.xml
@@ -0,0 +1,14 @@
+<!--
+	international: shows default Parallels page
+
+-->
+<ruleset name="EYE film.nl (partial)">
+
+	<target host="eyefilm.nl" />
+	<target host="www.eyefilm.nl" />
+		<!--exclusion pattern="^http://international\.eyefilm\.nl/" /-->
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/EZ-Download.xml b/src/chrome/content/rules/EZ-Download.xml
deleted file mode 100644
index beef2c58bfbc..000000000000
--- a/src/chrome/content/rules/EZ-Download.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<!--
-	CDN buckets:
-
-		- d227ccvjlkns26.cloudfront.net
-
-			- media.ez-download.com
-
--->
-<ruleset name="EZ-Download">
-
-	<target host="ez-download.com" />
-	<target host="*.ez-download.com" />
-
-
-	<securecookie host="^(?:www)?\.ez-download\.com$" name=".+" />
-
-
-	<rule from="^http://(downloader\.|www\.)?ez-download\.com/"
-		to="https://$1ez-download.com/" />
-
-	<rule from="^http://media\.ez-download\.com/"
-		to="https://d227ccvjlkns26.cloudfront.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/EZ-Web-Hosting.xml b/src/chrome/content/rules/EZ-Web-Hosting.xml
index 6d89c061258a..fd72c10801af 100644
--- a/src/chrome/content/rules/EZ-Web-Hosting.xml
+++ b/src/chrome/content/rules/EZ-Web-Hosting.xml
@@ -1,18 +1,13 @@
+<!--
+	Nonfunctional subdomains:
+	- ez\d+.ez-web-hosting.com - Every user gets a domain on ez\d+.ez-web-hosting.com/~user
+-->
 <ruleset name="EZ Web Hosting">
-
 	<target host="ez-web-hosting.com" />
-	<!--	* for cross-domain cookies.	-->
-	<target host="*.ez-web-hosting.com" />
-		<!--
-			302 to http.
-					-->
-		<exclusion pattern="^http://www\.ez-web-hosting\.com/client/(announcements|index)\.php" />
-
-
-	<securecookie host="^.*\.ez-web-hosting\.com$" name=".*" />
-
+	<target host="www.ez-web-hosting.com" />
+	<target host="church.ez-web-hosting.com" />
 
-	<rule from="^http://(www\.)?ez-web-hosting\.com/"
-		to="https://$1ez-web-hosting.com/" />
+	<securecookie host="^.*\.ez-web-hosting\.com$" name=".+" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/EZCrypt.xml b/src/chrome/content/rules/EZCrypt.xml
deleted file mode 100644
index 36aca220b682..000000000000
--- a/src/chrome/content/rules/EZCrypt.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="EZCrypt">
-
-	<target host="ezcrypt.it" />
-	<target host="www.ezcrypt.it" />
-
-
-	<rule from="^http://(www\.)?ezcrypt\.it/"
-		to="https://$1ezcrypt.it/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/EZOSHosting.xml b/src/chrome/content/rules/EZOSHosting.xml
index b73f136065c8..6c8925ed67d0 100644
--- a/src/chrome/content/rules/EZOSHosting.xml
+++ b/src/chrome/content/rules/EZOSHosting.xml
@@ -35,10 +35,12 @@
 <ruleset name="EZOSHosting (false MCB)" platform="mixedcontent">
 
 	<target host="ezoshosting.com" />
-	<target host="*.ezoshosting.com" />
+	<target host="cdn.ezoshosting.com" />
+	<target host="support.ezoshosting.com" />
+	<target host="www.ezoshosting.com" />
 
 
-	<securecookie host="^.*\.ezoshosting\.com$" name=".*" />
+	<securecookie host="^.*\.ezoshosting\.com$" name=".+" />
 
 
 	<rule from="^http://(?:cdn\.|(support\.|www\.))?ezoshosting\.com/"
diff --git a/src/chrome/content/rules/EZTV.xml b/src/chrome/content/rules/EZTV.xml
index 45b1babcbc08..4d2ec4115c09 100644
--- a/src/chrome/content/rules/EZTV.xml
+++ b/src/chrome/content/rules/EZTV.xml
@@ -1,24 +1,37 @@
-<ruleset name="EZTV">
 
-	<target host="ezimages.eu" />
-	<target host="www.ezimages.eu" />
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ezimg.it/ => https://ezimg.it/: (28, 'Operation timed out after 30000 milliseconds with 0 bytes received')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://ezrss.it/ => https://ezrss.it/: (28, 'Resolving timed out after 10518 milliseconds')
+Fetch error: http://www.ezrss.it/ => https://ezrss.it/: (28, 'Resolving timed out after 10519 milliseconds')
+Fetch error: http://eztv.it/ => https://eztv.it/: (6, 'Could not resolve host: eztv.it')
+-->
+<ruleset name="EZTV" default_off="failed ruleset test">
+
 	<target host="ezimg.it" />
-	<target host="www.ezimg.it" />
+	<target host="*.ezimg.it" />
 	<target host="ezrss.it" />
 	<target host="www.ezrss.it" />
 	<target host="eztv.it" />
-	<target host="www.eztv.it" />
+	<target host="*.eztv.it" />
 	<target host="zoink.it" />
 	<target host="www.zoink.it" />
 
 
-	<securecookie host="^eztv\.it$" name=".+" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^eztv\.it$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\.ezimg\.it$" name=".+" />
+	<securecookie host="^\.?eztv\.it$" name=".+" />
 
 
-	<rule from="^http://(www\.)?ezimg\.it/"
-		to="https://$1ezimg.it/" />
+	<rule from="^http://(www\.)?ez(img|tv)\.it/"
+		to="https://$1ez$2.it/" />
 
-	<rule from="^https?://(?:www\.)?(ezrss\.it|eztv\.it|zoink\.it|ezimages\.eu)/"
+	<rule from="^http://(?:www\.)?(ezrss\.it|zoink\.it)/"
 		to="https://$1/" />
 
 	<rule from="^http://torrent\.zoink\.it/"
diff --git a/src/chrome/content/rules/Eager.io.xml b/src/chrome/content/rules/Eager.io.xml
new file mode 100644
index 000000000000..927c882b344c
--- /dev/null
+++ b/src/chrome/content/rules/Eager.io.xml
@@ -0,0 +1,26 @@
+<!--
+	These altnames don't exist:
+
+		- store.eager.io
+
+  May 7, 2020: This service now exists with Cloudflare apps as of 2017
+
+  Refused:
+    - bus.*
+    - embedded.*
+    - dev.*
+    - status.*
+-->
+<ruleset name="eager.io">
+
+	<target host="eager.io" />
+	<target host="www.eager.io" />
+
+	<!--
+    Removing since base url now redirects to a page signaling how service is inactive
+    <rule from="^http://status\.eager\.io/"
+		to="https://eager.statuspage.io/" />
+  -->
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Eagle_Rock_Reservation.xml b/src/chrome/content/rules/Eagle_Rock_Reservation.xml
index e6e72993977b..efd5a4dbd204 100644
--- a/src/chrome/content/rules/Eagle_Rock_Reservation.xml
+++ b/src/chrome/content/rules/Eagle_Rock_Reservation.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(?:www\.)?eaglerockreservation\.org/"
 		to="https://eaglerockreservation.org/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Earl.xml b/src/chrome/content/rules/Earl.xml
deleted file mode 100644
index b1bdfd610621..000000000000
--- a/src/chrome/content/rules/Earl.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	For other SitePoint coverage, see SitePoint.xml.
-
--->
-<ruleset name="Earl">
-
-	<target host="earl.io" />
-	<target host="www.earl.io" />
-
-
-	<securecookie host="^earl\.io$" name=".+" />
-
-
-	<rule from="^http://(www\.)?earl\.io/"
-		to="https://$1earl.io/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/EarthEnv.org.xml b/src/chrome/content/rules/EarthEnv.org.xml
new file mode 100644
index 000000000000..5cfbfb6b5e32
--- /dev/null
+++ b/src/chrome/content/rules/EarthEnv.org.xml
@@ -0,0 +1,10 @@
+<ruleset name="EarthEnv.org">
+
+	<target host="earthenv.org" />
+	<target host="www.earthenv.org" />
+	<target host="data.earthenv.org" />
+		<test url="http://data.earthenv.org/streams/ReadMe.txt" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/EarthLink.xml b/src/chrome/content/rules/EarthLink.xml
index 5623f96d3cf2..fa2d88ea480b 100644
--- a/src/chrome/content/rules/EarthLink.xml
+++ b/src/chrome/content/rules/EarthLink.xml
@@ -1,23 +1,43 @@
-<ruleset name="EarthLink (partial)" default_off="Breaks certain pop-up content (such as the &quot;Find Internet access numbers&quot; option at [http://www.earthlink.net/membercenter/gethelp.faces])">
-<!-- Another possible problem is the use of the "Call Me" function (next to the "Chat Now" function) at a page such as [http://www.earthlink.net/software/staysafe.faces?tab=norton360]. This function
-displays a popup with the two options, "Live Sales Agent" and "Live Support Agent." Clicking on one of these options produces another popup which may be broken with regard to not including all of
-its content. -->
-	<target host="earthlink.biz" />
-	<target host="www.earthlink.biz" />
-	<target host="earthlink.net" />
-	<target host="webmail.atl.earthlink.net" />
+<!--
+	default_off (1): Breaks certain pop-up content, such as
+		the "Find Internet access numbers" option at
+
+		http://www.earthlink.net/membercenter/gethelp.faces
+
+
+	default_off (2): Another possible problem is the use of the "Call Me"
+		function (next to the "Chat Now" function) at a page such as
+
+		http://www.earthlink.net/software/staysafe.faces?tab=norton360
+
+		This function displays a popup with the two
+		options, "Live Sales Agent" and "Live Support Agent". Clicking
+		on one of these options produce another popup which might be
+		broken with regard to not including all of its content.
+
+
+	Non-functional hosts
+		Timeout was reached:
+			 - earthlink.net
+
+		Incomplete certificate chain error:
+			 - earthlink.biz
+			 - www.earthlink.biz
+			 - webmail.atl.earthlink.net
+			 - myvoice.earthlink.net
+			 - www.myvoice.earthlink.net
+			 - store.earthlink.net
+-->
+<ruleset name="EarthLink (partial)" default_off="other">
 	<target host="cc.earthlink.net" />
 	<target host="control.earthlink.net" />
 	<target host="hosting.earthlink.net" />
 	<target host="webmail.hosting.earthlink.net" />
 	<target host="myaccount.earthlink.net" />
 	<target host="www.myaccount.earthlink.net" />
-	<target host="myvoice.earthlink.net" />
-	<target host="www.myvoice.earthlink.net" />
 	<target host="netstatus.earthlink.net" />
 	<target host="orderstatus.earthlink.net" />
 	<target host="www.orderstatus.earthlink.net" />
-	<target host="store.earthlink.net" />
 	<target host="support.earthlink.net" />
 	<target host="www.support.earthlink.net" />
 	<target host="webmail.earthlink.net" />
@@ -25,12 +45,5 @@ its content. -->
 	<target host="www.webmail.earthlink.net" />
 	<target host="www.earthlink.net" />
 
-	<exclusion pattern="^http://(www\.)?earthlink\.net/software/.+" />
-	<exclusion pattern="^http://(www\.)?earthlink\.net/membercenter/.+" />
-
-	<rule from="^((http://(www\.)?)|(https://))earthlink\.biz/" to="https://www.earthlink.biz/" />
-
-	<rule from="^http://earthlink\.net/" to="https://www.earthlink.net/" />
-	<rule from="^http://((webmail\.atl)|cc|control|(webmail\.)?hosting|netstatus|store|(m\.webmail)|www)\.earthlink\.net/" to="https://$1.earthlink.net/" />
-	<rule from="^((http://(www\.)?)|(https://www\.))(myaccount|myvoice|orderstatus|support|webmail)\.earthlink\.net/" to="https://$5.earthlink.net/" />
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Earth_First.org.uk.xml b/src/chrome/content/rules/Earth_First.org.uk.xml
new file mode 100644
index 000000000000..54d876201be3
--- /dev/null
+++ b/src/chrome/content/rules/Earth_First.org.uk.xml
@@ -0,0 +1,21 @@
+<!--
+	Mixed content:
+
+		- Images from various domains
+
+-->
+<ruleset name="Earth First.org.uk">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="earthfirst.org.uk" />
+	<target host="www.earthfirst.org.uk" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Earth_and_Space_Research.xml b/src/chrome/content/rules/Earth_and_Space_Research.xml
index 53bb03da3c8c..1c0f2af86ce1 100644
--- a/src/chrome/content/rules/Earth_and_Space_Research.xml
+++ b/src/chrome/content/rules/Earth_and_Space_Research.xml
@@ -4,7 +4,6 @@
 	<target host="www.esr.org" />
 
 
-	<rule from="^http://(www\.)?esr\.org/"
-		to="https://$1esr.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Earwolf_Podcast_Network.xml b/src/chrome/content/rules/Earwolf_Podcast_Network.xml
index 5fc17c9bea68..b2be217513fd 100644
--- a/src/chrome/content/rules/Earwolf_Podcast_Network.xml
+++ b/src/chrome/content/rules/Earwolf_Podcast_Network.xml
@@ -21,8 +21,16 @@
 
 	* 404; mismatched, CN: *.netdna-ssl.com
 
+
+	Mixed content:
+
+		- Images from cdn *
+		- Images from cdn[234] *
+
+	* Secured by us
+
 -->
-<ruleset name="Earwolf Podcast Network">
+<ruleset name="Earwolf Podcast Network" default_off="expired cert">
 
 	<target host="earwolf.com" />
 	<target host="*.earwolf.com" />
@@ -31,7 +39,7 @@
 	<securecookie host="^(?:www\.)?earwolf\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:cdn\d?\.|(www\.))?earwolf\.com/"
+	<rule from="^http://(?:cdn\d?\.|(www\.))?earwolf\.com/"
 		to="https://$1earwolf.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Easel.ly.xml b/src/chrome/content/rules/Easel.ly.xml
new file mode 100644
index 000000000000..4a7bec4f81ce
--- /dev/null
+++ b/src/chrome/content/rules/Easel.ly.xml
@@ -0,0 +1,18 @@
+<!--
+	Not supporting HTTPS or using an invalid certificate:
+		* assets.easel.ly
+		* blog.easel.ly
+		* dev.easel.ly
+		* help.easel.ly
+		* webmail.easel.ly
+
+-->
+<ruleset name="easel.ly">
+
+	<target host="easel.ly" />
+	<target host="www.easel.ly" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Easily.co.uk.xml b/src/chrome/content/rules/Easily.co.uk.xml
index 55f9b449117e..30772707d56d 100644
--- a/src/chrome/content/rules/Easily.co.uk.xml
+++ b/src/chrome/content/rules/Easily.co.uk.xml
@@ -13,7 +13,8 @@
 <ruleset name="Easily.co.uk (partial)">
 
 	<target host="easily.co.uk" />
-	<target host="*.easily.co.uk" />
+	<target host="webmail.easily.co.uk" />
+	<target host="www.easily.co.uk" />
 
 
 	<securecookie host="^easily\.co\.uk$" name=".+" />
@@ -22,4 +23,4 @@
 	<rule from="^http://(?:(webmail\.)|www\.)?easily\.co\.uk/"
 		to="https://$1easily.co.uk/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/East-Northamptonshire.gov.uk.xml b/src/chrome/content/rules/East-Northamptonshire.gov.uk.xml
new file mode 100644
index 000000000000..a978837ac72e
--- /dev/null
+++ b/src/chrome/content/rules/East-Northamptonshire.gov.uk.xml
@@ -0,0 +1,49 @@
+<!--
+	East Northamptonshire Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *east-northamptonshire.gov.uk:
+
+		- otwebsrv ᵈ
+		- pawebsrv ᵈ
+
+	ᵈ Dropped
+
+
+	Problematic hosts in *east-northamptonshire.gov.uk:
+
+		- (www.)? ᶜ
+		- lv3 ᵉ ᵐ ˢ
+
+	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
+	ᵉ Expired
+	ᵐ Mismatched
+	ˢ Self-signed
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- www.east-northamptonshire.gov.uk
+		- .www.east-northamptonshire.gov.uk
+
+-->
+<ruleset name="East-Northamptonshire.gov.uk (partial)" default_off="cert-chain">
+
+	<target host="east-northamptonshire.gov.uk" />
+	<target host="www.east-northamptonshire.gov.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.east-northamptonshire\.gov\.uk$" name="^\w{16}$" /-->
+	<!--securecookie host="^\.www\.east-northamptonshire\.gov\.uk$" name="^TestCookie$" /-->
+
+	<securecookie host="^(?!\.east-northamptonshire\.gov\.uk$)." name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/East_Hants.gov.uk.xml b/src/chrome/content/rules/East_Hants.gov.uk.xml
new file mode 100644
index 000000000000..45b778b7833c
--- /dev/null
+++ b/src/chrome/content/rules/East_Hants.gov.uk.xml
@@ -0,0 +1,72 @@
+<!--
+	East Hampshire District Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *easthants.gov.uk:
+
+		- localplan ᶠ
+		- maps ᶠ
+
+	ᶠ Handshake fails
+
+
+	Problematic hosts in *easthants.gov.uk:
+
+		- planningpublicaccess ᶜ
+		- secure ʷ
+
+	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
+	ʷ Configured for <= ssl3 only
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .easthants.gov.uk
+		- vmpforms.easthants.gov.uk
+
+-->
+<ruleset name="East Hants.gov.uk (partial)">
+
+	<target host="easthants.gov.uk" />
+	<target host="openaccess.easthants.gov.uk" />
+	<!--target host="planningpublicaccess.easthants.gov.uk" /-->
+	<target host="vmpforms.easthants.gov.uk" />
+	<target host="www.easthants.gov.uk" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.easthants\.gov\.uk/(?:$|council-office-opening-hours$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.easthants\.gov\.uk/+(?!misc/|modules/|sites/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.easthants.gov.uk/cookies" />
+			<test url="http://www.easthants.gov.uk/council-office-opening-hours" />
+			<test url="http://www.easthants.gov.uk/flooding" />
+			<test url="http://www.easthants.gov.uk/transport" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.easthants.gov.uk/misc/menu-leaf.png" />
+			<test url="http://www.easthants.gov.uk/modules/node/node.css" />
+			<test url="http://www.easthants.gov.uk/sites/all/modules/extlink/extlink.css" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.easthants\.gov\.uk$" name="^citrix_ns_id$" /-->
+	<!--securecookie host="^vmpforms\.easthants\.gov\.uk$" name="^ASPSESSIONID[A-Z]{8}$" /-->
+
+	<securecookie host="^\." name="^citrix_ns_id$" />
+	<securecookie host="^(?!www\.)?\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/East_Lothian.gov.uk.xml b/src/chrome/content/rules/East_Lothian.gov.uk.xml
new file mode 100644
index 000000000000..24338fbdda46
--- /dev/null
+++ b/src/chrome/content/rules/East_Lothian.gov.uk.xml
@@ -0,0 +1,38 @@
+<!--
+	East Lothian Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+	Non-functional hosts
+		Timeout was reached:
+		- access.eastlothian.gov.uk
+		- elcintranet.eastlothian.gov.uk
+		- goexplore.eastlothian.gov.uk
+		- host141.eastlothian.gov.uk
+		- pipex-gw.eastlothian.gov.uk
+		- svs.eastlothian.gov.uk
+		- swivel.eastlothian.gov.uk
+
+		SSL peer certificate was not OK:
+		- collectiondates.eastlothian.gov.uk
+
+		Incomplete certificate chain error:
+		- helpfromhilda.eastlothian.gov.uk
+		- mailhost.eastlothian.gov.uk
+		- mx1.eastlothian.gov.uk
+		- newt.eastlothian.gov.uk
+-->
+<ruleset name="East Lothian.gov.uk">
+	<target host="eastlothian.gov.uk" />
+	<target host="www.eastlothian.gov.uk" />
+	<target host="elcbb.eastlothian.gov.uk" />
+	<target host="mobile.eastlothian.gov.uk" />
+	<target host="newton.eastlothian.gov.uk" />
+	<target host="pa.eastlothian.gov.uk" />
+	<target host="revselfserv.eastlothian.gov.uk" />
+	<target host="selfservice.eastlothian.gov.uk" />
+	<target host="sip.eastlothian.gov.uk" />
+	<target host="suppliers.eastlothian.gov.uk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/East_Riding.gov.uk.xml b/src/chrome/content/rules/East_Riding.gov.uk.xml
new file mode 100644
index 000000000000..d0e5cf4cd857
--- /dev/null
+++ b/src/chrome/content/rules/East_Riding.gov.uk.xml
@@ -0,0 +1,108 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://consult.eastriding.gov.uk/ (200) => https://eastriding-consult.objective.co.uk/ (500)
+
+	East Riding of Yorkshire Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *eastriding.gov.uk:
+
+		- admissions ³
+		- allerthorpeparishcouncil ᵈ
+		- barmbymoorparishcouncil ᵈ
+		- bins ³
+		- broadband ³
+		- broadbandmap ³
+		- burstwickparishcouncil ᵈ
+		- buswise ³
+		- data ³
+		- dataobs ³
+		- elloughtonparishcouncil ᵈ
+		- erpf ³
+		- ersab	³
+		- events ³
+		- fishwebsearch ³
+		- flamboroughparishcouncil ᵈ
+		- huggateparishcouncil ᵈ
+		- leisurecentres ³
+		- levenprimary ᵈ
+		- localoffer ³
+		- lockingtonparishcouncil ᵈ
+		- www.museums ³
+		- prestonparishcouncil ᵈ
+		- ruralprogrammes ³
+		- saferroadshumber ³
+		- sewerby ³
+		- shopandsave ³
+		- target45plus ³
+		- treasurehouse ᵈ
+		- walkingtheriding ³
+		- wilberfossparishcouncil ³
+		- www2 ³
+
+	³ 403
+	ᵈ Dropped
+
+
+	Problematic hosts in *eastriding.gov.uk:
+
+		- ^ ³
+		- consult ᵐ
+
+	³ 403
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- consult.eastriding.gov.uk
+		- insight.eastriding.gov.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css on library from fonts.googleapis.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="East Riding.gov.uk (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="emsonline.eastriding.gov.uk" />
+	<target host="insight.eastriding.gov.uk" />
+	<target host="library.eastriding.gov.uk" />
+	<target host="www.eastriding.gov.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="eastriding.gov.uk" />
+	<target host="consult.eastriding.gov.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^consult\.eastriding\.gov\.uk$" name="^(?:JSESSION|Server)ID$" /-->
+	<!--securecookie host="^insight\.eastriding\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://eastriding\.gov\.uk/"
+		to="https://www.eastriding.gov.uk/" />
+
+	<rule from="^http://consult\.eastriding\.gov\.uk/"
+		to="https://eastriding-consult.objective.co.uk/" />
+
+		<test url="http://consult.eastriding.gov.uk/portal/contact_us" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Eastbay-problematic.xml b/src/chrome/content/rules/Eastbay-problematic.xml
index 78fae54758b4..9367eb80294c 100644
--- a/src/chrome/content/rules/Eastbay-problematic.xml
+++ b/src/chrome/content/rules/Eastbay-problematic.xml
@@ -7,7 +7,6 @@
 	<target host="reviews.eastbay.com" />
 
 
-	<rule from="^http://reviews\.eastbay\.com/"
-		to="https://reviews.eastbay.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Eastbay.xml b/src/chrome/content/rules/Eastbay.xml
index 92deda119c93..dca7e9d312a6 100644
--- a/src/chrome/content/rules/Eastbay.xml
+++ b/src/chrome/content/rules/Eastbay.xml
@@ -1,4 +1,6 @@
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://eastbay.com/ => https://www.eastbay.com/: Cycle detected - URL already encountered: https://www.eastbay.com/
 	For problematic rules, see Eastbay-problematic.xml.
 
 
@@ -33,18 +35,18 @@
 <ruleset name="Eastbay (partial)">
 
 	<target host="eastbay.com" />
-	<target host="*.eastbay.com" />
-	<target host="*.teamsales.eastbay.com" />
-	<target host="*.www.eastbay.com" />
+	<target host="www.eastbay.com" />
+	<target host="images.eastbay.com" />
+	<target host="m.eastbay.com" />
+	<target host="teamsales.eastbay.com" />
 
 
 	<securecookie host="^.*\.eastbay\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?eastbay\.com/"
+	<rule from="^http://(?:www\.)?eastbay\.com/"
 		to="https://www.eastbay.com/" />
 
-	<rule from="^http://(images|m|teamsales)\.eastbay\.com/"
-		to="https://$1.eastbay.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Eastbay_Team_Services.xml b/src/chrome/content/rules/Eastbay_Team_Services.xml
index ac599d8ceff1..36ca8a42d24b 100644
--- a/src/chrome/content/rules/Eastbay_Team_Services.xml
+++ b/src/chrome/content/rules/Eastbay_Team_Services.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://eastbayteamservices.com/ => http://eastbayteamservices.com/: (28, 'Connection timed out after 20001 milliseconds')
+
 	For other Foot Locker rulesets, see Foot_Locker_Inc.xml.
 
 
@@ -10,16 +14,14 @@
 		- ^		(expired, cert only matches www)
 
 -->
-<ruleset name="Eastbay Team Services">
+<ruleset name="Eastbay Team Services" default_off="failed ruleset test">
 
-	<target host="eastbayteamservices.com" />
 	<target host="www.eastbayteamservices.com" />
 
 
 	<securecookie host="^www\.eastbayteamservices\.com$" name=".+" />
 
 
-	<rule from="^https?://www.eastbayteamservices\.com/"
-		to="https://www.eastbayteamservices.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Eastday.com.xml b/src/chrome/content/rules/Eastday.com.xml
new file mode 100644
index 000000000000..52cdd1fac21a
--- /dev/null
+++ b/src/chrome/content/rules/Eastday.com.xml
@@ -0,0 +1,122 @@
+<!--
+	503:
+		photo.eastday.com
+
+	Invalid certificate:
+		jiaoben.eastday.com		https://jiaoben.eastday.com/cpro/ui/cm.js
+		tongji.eastday.com		https://tongji.eastday.com/webdig.js?z=1
+
+	different http/https content:
+		login.eastday.com
+
+	MCB:
+		^
+  		finance.eastday.com
+		flashmedia.eastday.com	( break videos in imedia.eastday.com )
+		history.eastday.com
+		imedia.eastday.com
+		mtianqi.eastday.com
+		paihang.eastday.com
+		pinglun.eastday.com
+		sh.eastday.com
+		shurufa.eastday.com
+		tianqi.eastday.com
+		tj.eastday.com
+		wap.eastday.com
+-->
+<ruleset name="Eastday.com (partial)">
+
+	<!--	MCB:	-->
+	<target host="eastday.com" />
+	<target host="www.eastday.com" />
+	<exclusion pattern="^http://(www\.)?eastday\.com/(?!images/|sitemap/)" />
+		<test url="http://www.eastday.com/?=19429ien" />
+		<test url="http://www.eastday.com/?IrjZ" />
+	<rule from="^http://(www\.)?eastday\.com/(images|sitemap)/" to="https://$1eastday.com/$2/" />
+		<test url="http://eastday.com/images/thumbnailimg/month_1612/201612121815311020.jpg" />
+		<test url="http://eastday.com/sitemap/index10000.html" />
+		<test url="http://www.eastday.com/images/0928imedia/Flvplayer.swf" />
+		<test url="http://www.eastday.com/images/2005img/eastday.css" />
+		<test url="http://www.eastday.com/images/test.swf" />
+		<test url="http://www.eastday.com/sitemap/index10000.html" />
+
+	<target host="ej.eastday.com" />
+		<exclusion pattern="^http://ej\.eastday\.com/$" />
+		<test url="http://ej.eastday.com/eastday/06news/node345551/24xwrd/node748587/index.html" />
+		<test url="http://ej.eastday.com/eastday/06news/world/tjyd2013/node746014/index.html" />
+		<test url="http://ej.eastday.com/images/201306gj/css.css" />
+		<test url="http://ej.eastday.com/images/thumbnailimg/month_1612/54tg201612030759045101.jpg" />
+		<test url="http://ej.eastday.com/new/ys.css" />
+
+	<target host="ejnews.eastday.com" />
+		<exclusion pattern="^http://ejnews\.eastday\.com/$" />
+		<test url="http://ejnews.eastday.com/images/sh120113/zt.js" />
+
+	<target host="imedia.eastday.com" />
+		<exclusion pattern="^http://imedia\.eastday\.com/(?!images/)" />
+		<test url="http://imedia.eastday.com/images/2015imedia/b1.gif" />
+		<test url="http://imedia.eastday.com/node2/2015imedia/i/n8680/u8i705251.html" />
+
+	<target host="news.eastday.com" />
+		<exclusion pattern="^http://news\.eastday\.com/(?!images/)" />
+		<test url="http://news.eastday.com/eastday/06news/2013xwzx/tp/index.html" />
+		<test url="http://news.eastday.com/eastday/shouye/2013picroll/index.html" />
+		<test url="http://news.eastday.com/images/2007shxw/images/more6.gif" />
+		<test url="http://news.eastday.com/images/thumbnailimg/month_1611/201611191219189216.JPG" />
+		<test url="http://news.eastday.com/images/201306gj/2013dh.js" />
+		<test url="http://news.eastday.com/images/2007shxw/images/mtzq.swf" />
+		<test url="http://news.eastday.com/eastday/" />
+
+	<target host="paihang.eastday.com" />
+		<exclusion pattern="^http://paihang\.eastday\.com/$" />
+		<test url="http://paihang.eastday.com/120116sh/shphgd2016.html" />
+
+	<target host="pinglun.eastday.com" />
+		<exclusion pattern="^http://pinglun\.eastday\.com/(?!images/)" />
+		<test url="http://pinglun.eastday.com/images/2013pl/zt.gif" />
+		<test url="http://pinglun.eastday.com/zt/index.html" />
+
+	<target host="sh.eastday.com" />
+		<exclusion pattern="^http://sh\.eastday\.com/(?!images/)" />
+		<test url="http://sh.eastday.com/images/sh120113/t2.gif" />
+		<test url="http://sh.eastday.com/m/20161231/u1a12579224.html" />
+
+	<target host="tianqi.eastday.com" />
+		<exclusion pattern="^http://tianqi\.eastday\.com/plugin/" />
+		<test url="http://tianqi.eastday.com/air.html" />
+		<test url="http://tianqi.eastday.com/data/da.js" />
+		<test url="http://tianqi.eastday.com/jscss/v25/js/widget_v1.js" />
+		<test url="http://tianqi.eastday.com/plugin/" />
+
+	<!--	Directly:	-->
+	<target host="afpimages.eastday.com" />
+		<test url="http://afpimages.eastday.com/k.js" />
+	<target host="enjoy.eastday.com" />
+	<target host="health.eastday.com" />
+	<target host="imgmil.eastday.com" />
+		<test url="http://imgmil.eastday.com/pushimg/20161212/584e1199a779c.jpg" />
+	<target host="imgmini.eastday.com" />
+		<test url="http://imgmini.eastday.com/ttapp/girl.png" />
+	<target host="00.imgmini.eastday.com" />
+	<target host="01.imgmini.eastday.com" />
+	<target host="02.imgmini.eastday.com" />
+	<target host="03.imgmini.eastday.com" />
+	<target host="04.imgmini.eastday.com" />
+	<target host="05.imgmini.eastday.com" />
+	<target host="06.imgmini.eastday.com" />
+	<target host="07.imgmini.eastday.com" />
+	<target host="08.imgmini.eastday.com" />
+	<target host="09.imgmini.eastday.com" />
+		<test url="http://05.imgmini.eastday.com/mobile/20160827/20160827120443_b10094c4f51439e37f60ce59e827439c_1_mwpm_03200403.png" />
+	<target host="lyb.eastday.com" />
+		<test url="http://lyb.eastday.com/js/jquery.js" />
+	<target host="mini.eastday.com" />
+		<test url="http://mini.eastday.com/a/161212080919764.html" />
+		<test url="http://mini.eastday.com/world.html" />
+	<target host="mv.eastday.com" />
+		<test url="http://mv.eastday.com/vzixun/20161217/20161217112605684656260_1_06400360.mp4" />
+	<target host="shzw.eastday.com" />
+	<target host="video.eastday.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/EasterSeals.org.xml b/src/chrome/content/rules/EasterSeals.org.xml
new file mode 100644
index 000000000000..56ae9f71d709
--- /dev/null
+++ b/src/chrome/content/rules/EasterSeals.org.xml
@@ -0,0 +1,7 @@
+<ruleset name="EasterSeals.org">
+	<target host="easterseals.org" />
+	<target host="www.easterseals.org" />
+	<target host="education.easterseals.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Eastern-Collegiate-Taekwondo-Conference.xml b/src/chrome/content/rules/Eastern-Collegiate-Taekwondo-Conference.xml
deleted file mode 100644
index ec4d1e7fdc47..000000000000
--- a/src/chrome/content/rules/Eastern-Collegiate-Taekwondo-Conference.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<ruleset name="Eastern Collegiate Taekwondo Conference" default_off="mismatch">
-
-	<!--	Cert: *.bluehost.com	-->
-	<target host="ectc-online.org" />
-	<target host="www.ectc-online.org" />
-
-
-	<!--	Transfers past a certain limit (21615 < lim < 178417) throw 200 "TOO FAT"
-	<rule from="^https?://(?:www\.)?ectc-online\.org/"
-		to="https://secure.bluehost.com/~ectconli/" /-->
-
-	<rule from="^https?://(?:www\.)?ectc-online\.org/"
-		to="https://ectc-online.org/~ectconli/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Eastmon.com.au.xml b/src/chrome/content/rules/Eastmon.com.au.xml
new file mode 100644
index 000000000000..a20ffb650b7b
--- /dev/null
+++ b/src/chrome/content/rules/Eastmon.com.au.xml
@@ -0,0 +1,25 @@
+<!--
+	(www.): redirect to http
+
+
+	Mixed content:
+
+		- css on staging from staging *
+
+	* Secured by us
+
+-->
+<ruleset name="Eastmon.com.au (partial)">
+
+	<target host="staging.eastmon.com.au" />
+		<!--
+			Avoid false/broken MCB:
+						-->
+		<!--exclusion pattern="^http://staging\.eastmon\.com\.au/+(?!css/|favicon\.ico|images/)" /-->
+		<!--exclusion pattern="^http://www\.eastmon\.com\.au/" /-->
+
+
+	<rule from="^http://staging\.eastmon\.com\.au/(?=css/|favicon\.ico|images/)"
+		to="https://staging.eastmon.com.au/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Easy2coach.net.xml b/src/chrome/content/rules/Easy2coach.net.xml
index c57654fb0566..a553492c02fd 100644
--- a/src/chrome/content/rules/Easy2coach.net.xml
+++ b/src/chrome/content/rules/Easy2coach.net.xml
@@ -12,7 +12,7 @@
 		<!--exclusion pattern="^http://(?:www\.)?easy2coach\.net/(?:\w\w/|(?:free-trial-football-software|\.html|sign-up\.html)?)?(?:$|\?)" /-->
 
 
-	<rule from="^http://(www\.)?easy2coach\.net/(\w\w/(?:banquedexercicesdefoot|base-de-datos-ejercicios-futbol|calcio-bancadati-esercizi|ejercicios-de-futbol/entrenamiento-11-11|esercizio-del-mese/ci-segnali|football-exercises(?:-database|/football-training-11-11|/recommend-us)|fussballuebungen/empfehlen-sie-uns|fussball-uebungsdatenbank)\.html|/?facebook/|favicon\.ico|/?templates/)"
+	<rule from="^http://(www\.)?easy2coach\.net/(?=\w\w/(?:banquedexercicesdefoot|base-de-datos-ejercicios-futbol|calcio-bancadati-esercizi|ejercicios-de-futbol/entrenamiento-11-11|esercizio-del-mese/ci-segnali|football-exercises(?:-database|/football-training-11-11|/recommend-us)|fussballuebungen/empfehlen-sie-uns|fussball-uebungsdatenbank)\.html|/?facebook/|favicon\.ico|/?templates/)"
 		to="https://$1easy2coach.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/EasyChair.org.xml b/src/chrome/content/rules/EasyChair.org.xml
new file mode 100644
index 000000000000..1796d95d2b6c
--- /dev/null
+++ b/src/chrome/content/rules/EasyChair.org.xml
@@ -0,0 +1,41 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://easychair.org/ => https://easychair.org/: Too many redirects while fetching 'https://easychair.org/'
+
+-->
+<ruleset name="EasyChair.org (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="easychair.org" />
+	<target host="www.easychair.org" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.easychair\.org/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.easychair\.org/+(?!account/|conferences/|css/|favicon\.ico|images/)" />
+
+			<test url="http://www.easychair.org/citations.cgi" />
+			<test url="http://www.easychair.org/conference.cgi" />
+			<test url="http://www.easychair.org/coolnews.cgi" />
+			<test url="http://www.easychair.org/easychair.cgi" />
+			<test url="http://www.easychair.org/faq.cgi" />
+			<test url="http://www.easychair.org/licenses.cgi" />
+			<test url="http://www.easychair.org/users.cgi" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.easychair.org/account/signin.cgi" />
+			<test url="http://www.easychair.org/css/ad.css" />
+			<test url="http://www.easychair.org/favicon.ico" />
+			<test url="http://www.easychair.org/images/logoEC.jpg" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/EasyCruit.com.xml b/src/chrome/content/rules/EasyCruit.com.xml
new file mode 100644
index 000000000000..177be675b64d
--- /dev/null
+++ b/src/chrome/content/rules/EasyCruit.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="EasyCruit.com">
+
+	<target host="easycruit.com" />
+	<target host="www.easycruit.com" />
+
+	<target host="kmd.easycruit.com" />
+	<target host="nnit.easycruit.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/EasyDNS.xml b/src/chrome/content/rules/EasyDNS.xml
index defd993c23ee..de76451ee8e1 100644
--- a/src/chrome/content/rules/EasyDNS.xml
+++ b/src/chrome/content/rules/EasyDNS.xml
@@ -1,22 +1,116 @@
-<ruleset name="easyDNS (partial)">
 
-	<target host="easydns.net"/>
-	<target host="*.easydns.net"/>
-	<target host="easydns.com"/>
-	<target host="*.easydns.com"/>
-		<!--	blog & helpwiki time out	-->
-		<exclusion pattern="^http://(blog2?|helpwiki)\.easydns\.com/"/>
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cps.easydns.com/ => https://cps.easydns.com/: (6, 'Could not resolve host: cps.easydns.com')
+Fetch error: http://nps.easydns.com/ => https://nps.easydns.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+	Other easyDNS rulesets:
+
+		- EasyMail.ca.xml
+		- EasyWhois.com.xml
+
+
+	Nonfunctional domains:
+
+		- blog.easydns.com ¹
+		- images.easydns.com ²
+		- helpwiki.easydns.com ¹
+		- mediawiki.easydns.com ¹
+		- parked.easydns.com ³
+
+	¹ Dropped
+	² 200 "does not exist", valid cert
+	³ Refused
+
+
+
+	Problematic domains:
+
+		- (www.)easydns.net ¹
+		- blog.easydns.org ²
+
+	¹ Mismatched
+	² Works; mismatched, CN: *.easypress.ca
+
+
+	Fully covered domains:
+
+		- easydns.com
+
+		- [\w-]+.easydns.com:
+
+			- cp
+			- nps
+			- signup
+			- web
+
+		- (www.)easydns.net	(→ www.easydns.com)
+		- [\w-]+.easydns.net *
+
+	* Per-client domains
+
+
+	Observed cookie domains:
+
+		- cp.easydns.com
+		- web.easydns.com
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .easydns.com
+		- signup.easydns.com
+		- nps.easydns.com
+		- www.easydns.com
+
+
+	Mixed content:
+
+		- Ads/bugs, on:
+
+			- signup.easydns.com from ir-na.amazon-adsystem.com
+			- signup.easydns.com from ws-na.amazon-adsystem.com
+
+-->
+<ruleset name="easyDNS (partial)" default_off="failed ruleset test">
+
+	<target host="easydns.net" />
+	<target host="*.easydns.net" />
+	<target host="easydns.com" />
+	<target host="*.easydns.com" />
+
+		<exclusion pattern="^http://(?:blog2?|helpwiki|mediawiki|parked)\.easydns\.com/" />
+
+			<!--	+ve:
+					-->
+			<test url="http://blog.easydns.com/" />
+			<test url="http://blog2.easydns.com/" />
+			<test url="http://helpwiki.easydns.com/" />
+			<test url="http://mediawiki.easydns.com/" />
+			<test url="http://parked.easydns.com/" />
+
+		<test url="http://cps.easydns.com/" />
+		<test url="http://nps.easydns.com/" />
+		<test url="http://signup.easydns.com/" />
+		<test url="http://web.easydns.com/" />
+		<test url="http://www.easydns.com/" />
+
+		<test url="http://www.easydns.net/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="\.easydns\.com" name="^easyDNS_SID$" /-->
+	<!--securecookie host="(?:nps|www)\.easydns\.com" name="^PHPSESSID$" /-->
+	<!--securecookie host="signup\.easydns\.com" name="easydns_language$" /-->
+
+	<securecookie host=".*\.easydns\.(?:com|net)$" name=".+" />
 
-	<securecookie host="^.*\.easydns\.(com|net)$" name=".*"/>
 
-	<!--	Cert isn't valid for .net.
-		This is what the server does,
-		aside from https.		-->
 	<rule from="^http://(?:www\.)?easydns\.net/"
-		to="https://www.easydns.com/"/>
+		to="https://www.easydns.com/" />
 
-	<!--	clients have unique .net subdomains	-->
-	<rule from="^http://([\w\-]+\.)?easydns\.(com|net)/"
-		to="https://$1easydns.$2/"/>
+	<rule from="^http://([\w-]+\.)?easydns\.(com|net)/"
+		to="https://$1easydns.$2/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/EasyJet.com.xml b/src/chrome/content/rules/EasyJet.com.xml
new file mode 100644
index 000000000000..946cbf0915dc
--- /dev/null
+++ b/src/chrome/content/rules/EasyJet.com.xml
@@ -0,0 +1,79 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://easyjet.com/ (200) => http://easyjet.com/ (403)
+
+	Nonfunctional subdomains:
+
+		- careers ¹
+		- corporate ²
+		- mediacentre ³
+
+	¹ Shows onboarding
+	² Refused
+	³ Shows www.digitalnewsagency.com
+
+
+	Problematic subdomains:
+
+		- ^ ¹
+		- fearlessflyer ²
+
+	¹ Cert only matches www
+	² Works; self-signed, CN: Parallels Panel
+
+
+	Partially covered subdomains:
+
+		- (www.) *	(^ → www)
+		- stafftravel *
+
+	* Some pages redirect to http
+
+
+	Fully covered subdomains:
+
+		- onboarding
+		- js.sc
+		- media.sc
+
+
+	These altnames don't exist:
+
+		- sc.easyjet.com
+
+
+	Mixed content:
+
+		- Images on fearlessflyer from i.vimeocdn.com *
+
+	* Rule disabled by default
+
+-->
+<ruleset name="easyJet.com (partial)" default_off="failed ruleset test">
+
+	<target host="easyjet.com" />
+	<target host="www.easyjet.com" />
+	<target host="onboarding.easyjet.com" />
+	<target host="js.sc.easyjet.com" />
+	<target host="media.sc.easyjet.com" />
+	<target host="stafftravel.easyjet.com" />
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="^http://stafftravel\.easyjet\.com/($|en$)" /-->
+		<!--exclusion pattern="^http://www\.easyjet\.com/($|en/$|en/searchpod\.mvc/showborderless3\?)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://stafftravel\.easyjet\.com/+(?!asp/en/stafftravel\.asp|common/|favicon\.ico)" />
+		<!--exclusion pattern="^http://www\.easyjet\.com/+(?!Content/|ejcms/|favicon\.ico|fonts/)" /-->
+
+
+	<rule from="^http://(?:www\.)?easyjet\.com/(?=Content/|ejcms/|favicon\.ico|fonts/)"
+		to="https://www.easyjet.com/" />
+
+	<rule from="^http://(onboarding|(?:js|media)\.sc|stafftravel)\.easyjet\.com/"
+		to="https://$1.easyjet.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/EasyMail.ca.xml b/src/chrome/content/rules/EasyMail.ca.xml
new file mode 100644
index 000000000000..a46d1d4c2aa5
--- /dev/null
+++ b/src/chrome/content/rules/EasyMail.ca.xml
@@ -0,0 +1,36 @@
+<!--
+	For other easyDNS coverage, see EasyDNS.xml.
+
+
+	(www.)?easymail.ca: Refused
+
+-->
+<ruleset name="easyMail.ca">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="messages.easymail.ca" />
+	<target host="webmail.easymail.ca" />
+
+	<!--	Complications:
+				-->
+	<target host="easymail.ca" />
+	<target host="www.easymail.ca" />
+
+
+	<rule from="^http://(?:www\.)?easymail\.ca/$"
+		to="https://www.easydns.com/easymail-2/" />
+
+	<!--	For (?!$), redirect prepends
+		forward slash:
+						-->
+	<rule from="^http://(?:www\.)?easymail\.ca/"
+		to="https://www.easydns.com/easymail-2//" />
+
+		<test url="http://easymail.ca/?" />
+		<test url="http://www.easymail.ca/?" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/EasyNews.com.xml b/src/chrome/content/rules/EasyNews.com.xml
new file mode 100644
index 000000000000..3f0da2e311d8
--- /dev/null
+++ b/src/chrome/content/rules/EasyNews.com.xml
@@ -0,0 +1,30 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+		- mirrors.easynews.com
+
+		SSL peer certificate was not OK:
+		- files.easynews.com
+		- forteapn.easynews.com
+		- forteapn20.easynews.com
+		- forteapn60.easynews.com
+-->
+<ruleset name="EasyNews.com">
+	<target host="easynews.com" />
+	<target host="www.easynews.com" />
+	<target host="account.easynews.com" />
+	<target host="blog.easynews.com" />
+	<target host="help.easynews.com" />
+	<target host="members.easynews.com" />
+	<test url="http://members.easynews.com/login/" />
+	<target host="secure.members.easynews.com" />
+	<test url="http://secure.members.easynews.com/login/" />
+	<target host="members-dev.easynews.com" />
+	<test url="http://members-dev.easynews.com/login/" />
+	<target host="signup.easynews.com" />
+	<target host="signup2.easynews.com" />
+	<target host="www-dev.easynews.com" />
+	<target host="www2.easynews.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/EasyNews.xml b/src/chrome/content/rules/EasyNews.xml
deleted file mode 100644
index 93c2cb5ad1ba..000000000000
--- a/src/chrome/content/rules/EasyNews.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="EasyNews">
-  <target host="www.easynews.com" />
-  <target host="easynews.com" />
-  <target host="members.easynews.com" />
-
-  <rule from="^http://(?:www\.)?easynews\.com/" to="https://easynews.com/"/>
-  <rule from="^http://members\.easynews\.com/" to="https://secure.members.easynews.com/"/>
-</ruleset>
-
diff --git a/src/chrome/content/rules/EasyPDF_Cloud.xml b/src/chrome/content/rules/EasyPDF_Cloud.xml
deleted file mode 100644
index 26b6a4e01cfd..000000000000
--- a/src/chrome/content/rules/EasyPDF_Cloud.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="easyPDF Cloud">
-
-	<target host="easypdfonline.com" />
-	<target host="*.easypdfonline.com" />
-
-
-	<securecookie host="^(?:www)?\.easypdfonline\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?easypdfonline\.com/"
-		to="https://$1easypdfonline.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/EasyPost.com.xml b/src/chrome/content/rules/EasyPost.com.xml
new file mode 100644
index 000000000000..b88c2f933004
--- /dev/null
+++ b/src/chrome/content/rules/EasyPost.com.xml
@@ -0,0 +1,38 @@
+<!--
+	CDN buckets:
+
+		- easypost-static.s3.amazonaws.com
+
+
+	Problematic subdomains:
+
+		- status *
+
+	* StatusPage
+
+
+	Fully covered hosts in *easypost.com:
+
+		- (www.)?
+		- status	(→ easypost.statuspage.io)
+
+-->
+<ruleset name="EasyPost.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="easypost.com" />
+	<target host="www.easypost.com" />
+
+	<!--	Complications:
+				-->
+	<target host="status.easypost.com" />
+
+
+	<rule from="^http://status\.easypost\.com/"
+		to="https://easypost.statuspage.io/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/EasyPress.ca.xml b/src/chrome/content/rules/EasyPress.ca.xml
new file mode 100644
index 000000000000..bfc841b3b0b0
--- /dev/null
+++ b/src/chrome/content/rules/EasyPress.ca.xml
@@ -0,0 +1,12 @@
+<ruleset name="easyPress.ca">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="easypress.ca" />
+	<target host="www.easypress.ca" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/EasyVoiceBiometrics.xml b/src/chrome/content/rules/EasyVoiceBiometrics.xml
index 2ce4fa7ff418..c53b53bfde80 100644
--- a/src/chrome/content/rules/EasyVoiceBiometrics.xml
+++ b/src/chrome/content/rules/EasyVoiceBiometrics.xml
@@ -1,10 +1,10 @@
 <ruleset name="EasyVoiceBiometrics" default_off="mismatched">
 
 	<target host="easyvoicebiometrics.com" />
-	<target host="*.easyvoicebiometrics.com" />
+	<target host="www.easyvoicebiometrics.com" />
 
 
-	<securecookie host="^(?:.*\.)?easyvoicebiometrics\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http://(?:www\.)?easyvoicebiometrics\.com/"
diff --git a/src/chrome/content/rules/EasyWhois.com.xml b/src/chrome/content/rules/EasyWhois.com.xml
new file mode 100644
index 000000000000..de9201740bd4
--- /dev/null
+++ b/src/chrome/content/rules/EasyWhois.com.xml
@@ -0,0 +1,29 @@
+<!--
+	For other easyDNS coverage, see EasyDNS.xml.
+
+
+	Insecure cookies are set for these hosts:
+
+		- easywhois.com
+		- www.easywhois.com
+
+-->
+<ruleset name="easyWhois.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="easywhois.com" />
+	<target host="www.easywhois.com" />
+
+
+	<!--	Server doesn't set Secure for:
+						-->
+	<!--securecookie host="^(www\.)?easywhois\.com$" name="^EASYWHOIS_SESSID$" /-->
+
+	<securecookie host="^(?:www\.)?easywhois\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Easy_Hebergement.xml b/src/chrome/content/rules/Easy_Hebergement.xml
index 602d6db32839..09f8f71d7f13 100644
--- a/src/chrome/content/rules/Easy_Hebergement.xml
+++ b/src/chrome/content/rules/Easy_Hebergement.xml
@@ -1,7 +1,16 @@
-<ruleset name="Easy Hébergement">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://support.easy-hebergement.fr/ => https://support.easy-hebergement.fr/: (6, 'Could not resolve host: support.easy-hebergement.fr')
+
+-->
+<ruleset name="Easy Hébergement" default_off="failed ruleset test">
 
 	<target host="easy-hebergement.fr" />
-	<target host="*.easy-hebergement.fr" />
+	<target host="clients.easy-hebergement.fr" />
+	<target host="commande.easy-hebergement.fr" />
+	<target host="support.easy-hebergement.fr" />
+	<target host="www.easy-hebergement.fr" />
 	<target host="cluster1.easy-hebergement.net" />
 	<target host="www.cluster1.easy-hebergement.net" />
 
@@ -9,10 +18,6 @@
 	<securecookie host="^\.easy-hebergement\.fr$" name=".+" />
 
 
-	<rule from="^http://(clients\.|commande\.|support\.|www\.)?easy-hebergement\.fr/"
-		to="https://$1easy-hebergement.fr/" />
-
-	<rule from="^http://(www\.)?cluster1\.easy-hebergement\.net/"
-		to="https://$1cluster1.easy-hebergement.net/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Easyodds.com.xml b/src/chrome/content/rules/Easyodds.com.xml
new file mode 100644
index 000000000000..aef387e22dce
--- /dev/null
+++ b/src/chrome/content/rules/Easyodds.com.xml
@@ -0,0 +1,24 @@
+<!--
+	Mixed content:
+
+		- Ads from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Easyodds.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="easyodds.com" />
+	<target host="www.easyodds.com" />
+
+		<!--	Sets cookies without Secure:
+							-->
+		<test url="http://www.easyodds.com/revive_ads/www/delivery/lg.php?bannerid=&amp;campaignid=&amp;zoneid=&amp;loc=&amp;referer=&amp;cb=" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Easyspace-expired.xml b/src/chrome/content/rules/Easyspace-expired.xml
index 7dd415f99999..2c1cb5c6c789 100644
--- a/src/chrome/content/rules/Easyspace-expired.xml
+++ b/src/chrome/content/rules/Easyspace-expired.xml
@@ -10,7 +10,6 @@
 	<!--	Cookies are handled in Easyspace.xml.	-->
 
 
-	<rule from="^http://helpdesk\.easyspace\.com/"
-		to="https://helpdesk.easyspace.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Easyspace.xml b/src/chrome/content/rules/Easyspace.xml
index 753c050899d5..b1335ea42a43 100644
--- a/src/chrome/content/rules/Easyspace.xml
+++ b/src/chrome/content/rules/Easyspace.xml
@@ -4,26 +4,20 @@
 
 	Nonfunctional subdomains:
 
+		- ^		(dropped)
 		- blog		(all observed paths redirect to http)
 		- status	(cert: helpdesk.easyspace.com, expired; shows helpdesk's data)
+		- www		(redirects to http; mismatched, CN: www.yoursupportservices.co.uk)
 
 -->
-<ruleset name="Easyspace">
+<ruleset name="Easyspace (partial)">
 
-	<target host="easyspace.com" />
-	<target host="*.easyspace.com" />
+	<target host="controlpanel.easyspace.com" />
 
 
-	<securecookie host="^.*\.easyspace\.com$" name=".*" />
+	<securecookie host=".+" name=".+" />
 
 
-	<!--	- !www times out over https
-		- !www redirects to www over http
-					-->
-	<rule from="^https?://(?:www\.)?easyspace\.com/"
-		to="https://www.easyspace.com/" />
-
-	<rule from="^http://controlpanel\.easyspace\.com/"
-		to="https://controlpanel.easyspace.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Easywallet.org.xml b/src/chrome/content/rules/Easywallet.org.xml
index ed6a7ad982a2..beec998dbe73 100644
--- a/src/chrome/content/rules/Easywallet.org.xml
+++ b/src/chrome/content/rules/Easywallet.org.xml
@@ -7,7 +7,6 @@
 	<securecookie host="^(?:www\.)?easywallet\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?easywallet\.org/"
-		to="https://$1easywallet.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/EatbyDate.com.xml b/src/chrome/content/rules/EatbyDate.com.xml
new file mode 100644
index 000000000000..c4c638a17623
--- /dev/null
+++ b/src/chrome/content/rules/EatbyDate.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="EatByDate.com">
+	<target host="eatbydate.com" />
+	<target host="www.eatbydate.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Eater.xml b/src/chrome/content/rules/Eater.xml
index ab516de4d679..8caf3e152eb8 100644
--- a/src/chrome/content/rules/Eater.xml
+++ b/src/chrome/content/rules/Eater.xml
@@ -1,19 +1,44 @@
 <!--
-	Problematic subdomains:
+	For other Vox Media coverage, see Vox.com.xml.
 
-		- ^	(mismatched, CN:
 
+	Nonfunctional hosts in *eater.com:
 
-	Mixed css & images from cdn.cstatic.com
+		- detroit ʰ
+
+	ʰ Redirects to http
+
+
+	Problematic hosts in *eater.com:
+
+		- ^ ʳ
+		- dc ᵐ
+		- ny ᵐ
+
+	ʳ Refused
+	ᵐ Mismatched
+
+
+	Mixed content:
+
+		- Fonts on www from fonts.voxmedia.com
 
 -->
-<ruleset name="Eater" platform="mixedcontent">
+<ruleset name="Eater.com (partial)">
 
-	<target host="eater.com" />
+	<!--	Direct rewrites:
+				-->
 	<target host="www.eater.com" />
 
+	<!--	Complications:
+				-->
+	<target host="eater.com" />
+
+
+	<rule from="^http://eater\.com/"
+		to="https://www.eater.com/" />
 
-	<rule from="^http://(?:www\.)?eater\.com/"
-		to="https://eater.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Ebi.ac.uk.xml b/src/chrome/content/rules/Ebi.ac.uk.xml
index 0a6b1699c153..ac5357775b4c 100644
--- a/src/chrome/content/rules/Ebi.ac.uk.xml
+++ b/src/chrome/content/rules/Ebi.ac.uk.xml
@@ -2,5 +2,5 @@
   <target host="www.ebi.ac.uk" />
 
   <exclusion pattern="^http://www\.ebi\.ac\.uk/systems-srv/"/>
-  <rule from="^http://www\.ebi\.ac\.uk/" to="https://www.ebi.ac.uk/" />
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Ebis.ne.jp.xml b/src/chrome/content/rules/Ebis.ne.jp.xml
new file mode 100644
index 000000000000..cad4ceda8a90
--- /dev/null
+++ b/src/chrome/content/rules/Ebis.ne.jp.xml
@@ -0,0 +1,54 @@
+<!--
+	Nonfunctional hosts in *ebis.ne.jp:
+
+		- blog *
+
+	* Shows three.ne.jp
+
+
+	(www.)?ebis.ne.jp: Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- secure.ebis.ne.jp
+
+
+	Mixed content:
+
+		- Images on secure from blog.ebis.ne.jp ¹
+		- Bug on secure from le.nakanohito.jp ²
+
+	¹ Unsecurable <= shows another domain
+	² Unsecurable <= refused
+
+-->
+<ruleset name="EBiS.ne.jp">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ac.ebis.ne.jp" />
+	<target host="secure.ebis.ne.jp" />
+
+	<!--	Complications:
+				-->
+	<target host="ebis.ne.jp" />
+	<target host="www.ebis.ne.jp" />
+
+		<test url="http://ac.ebis.ne.jp/ct_tag.php?argument=" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^secure\.ebis\.ne\.jp$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^secure\.ebis\.ne\.jp$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?ebis\.ne\.jp/"
+		to="https://secure.ebis.ne.jp/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ebroder.net.xml b/src/chrome/content/rules/Ebroder.net.xml
new file mode 100644
index 000000000000..e41fbff2b9d8
--- /dev/null
+++ b/src/chrome/content/rules/Ebroder.net.xml
@@ -0,0 +1,12 @@
+<ruleset name="ebroder.net">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ebroder.net" />
+	<target host="www.ebroder.net" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ebuyer.com-falsemixed.xml b/src/chrome/content/rules/Ebuyer.com-falsemixed.xml
new file mode 100644
index 000000000000..7ae069fdde70
--- /dev/null
+++ b/src/chrome/content/rules/Ebuyer.com-falsemixed.xml
@@ -0,0 +1,19 @@
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://blog.ebuyer.com/ => https://www.ebuyer.com/blog/: (52, 'Empty reply from server')
+	For rules not causing false/broken MCB, see Ebuyer.com.xml.
+
+-->
+<ruleset name="Ebuyer.com (false MCB)" platform="mixedcontent">
+
+	<target host="blog.ebuyer.com" />
+	<target host="www.ebuyer.com" />
+
+
+	<rule from="^http://blog\.ebuyer\.com/"
+		to="https://www.ebuyer.com/blog/" />
+
+	<rule from="^http://www\.ebuyer\.com/blog(?=$|[?/])"
+		to="https://www.ebuyer.com/blog" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ebuyer.com.xml b/src/chrome/content/rules/Ebuyer.com.xml
new file mode 100644
index 000000000000..6b9db4664594
--- /dev/null
+++ b/src/chrome/content/rules/Ebuyer.com.xml
@@ -0,0 +1,89 @@
+<!--
+	Disabled per https://github.com/EFForg/https-everywhere/issues/1642
+	For rules causing false/broken MCB, see Ebuyer.com-falsemixed.xml.
+
+
+	Other Ebuyer rulesets:
+
+		- Ebyr_CDN.net.xml
+
+
+	Problematic subdomains:
+
+		- blog *
+
+	* 403/404, configured for rc4 only
+
+
+	Partially covered subdomains:
+
+		- (www.) ¹
+		- accounts ²
+
+	¹ Some pages redirect to http
+	² Some pages redirect to http://static...
+
+
+	Fully covered subdomains:
+
+		- image
+		- forums
+		- orders
+		- static
+
+
+	These altnames don't exist:
+
+		- www.accounts.ebuyer.com
+		- www.orders.ebuyer.com
+
+
+	Mixed content:
+
+		- css on www from $self *
+
+		- Images on www from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Ebuyer.com (partial)" default_off="Breaks blog">
+
+        <!--	https://e... redirects to http://w..., so we can avoid a
+		duplicate target warning by blanket-rewriting !www here.
+					-->
+	<target host="ebuyer.com" />
+	<target host="accounts.ebuyer.com" />
+	<target host="image.ebuyer.com" />
+	<target host="orders.ebuyer.com" />
+	<target host="static.ebuyer.com" />
+	<target host="www.ebuyer.com" />
+	<target host="blog.ebuyer.com" />
+		<!--
+			Avoid false/broken MCB:
+						-->
+		<!--exclusion pattern="^http://www\.ebuyer\.com/+blog($|\?)" /-->
+		<!--exclusion pattern="^http://blog\.ebuyer\.com/+(favicon\.ico|wp-content/|wp-includes/)" /-->
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="^http://www\.ebuyer\.com/+($|\?|(CSR|help)($|\?))" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.ebuyer\.com/+(?!blog/(?:favicon\.ico|index\.php\?ak_action=aktt_css|wp-content/|wp-includes/)|favicon\.ico)" />
+		<exclusion pattern="^http://accounts\.ebuyer\.com/+(?!css/|favicon\.ico|images/|js/)" />
+
+
+	<!--	Some, but not all, secured by server:
+							-->
+	<securecookie host="^forums\.ebuyer\.com$" name=".+" />
+
+
+	<rule from="^http://((?:accounts|image|orders|static|www)\.)?ebuyer\.com/"
+		to="https://$1ebuyer.com/" />
+
+	<rule from="^http://blog\.ebuyer\.com/(?=favicon\.ico|wp-content/|wp-includes/)"
+		to="https://www.ebuyer.com/blog/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ebuzzing.xml b/src/chrome/content/rules/Ebuzzing.xml
index 13b39dfc9fee..9a885683fd1d 100644
--- a/src/chrome/content/rules/Ebuzzing.xml
+++ b/src/chrome/content/rules/Ebuzzing.xml
@@ -1,4 +1,14 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ebuzzing.com/ => https://ebuzzing.com/: Too many redirects while fetching 'https://ebuzzing.com/'
+Fetch error: http://www.ebuzzing.com/ => https://ebuzzing.com/: Too many redirects while fetching 'https://ebuzzing.com/'
+Fetch error: http://ebuzzing.de/ => https://social.ebuzzing.de/: (51, "SSL: no alternative certificate subject name matches target host name 'social.ebuzzing.de'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://ebuzzing.com/ => https://ebuzzing.com/: Cycle detected - URL already encountered: https://ebuzzing.com/
+Fetch error: http://www.ebuzzing.com/ => https://ebuzzing.com/: Cycle detected - URL already encountered: https://ebuzzing.com/
+Fetch error: http://ebuzzing.de/ => https://social.ebuzzing.de/: (51, "SSL: no alternative certificate subject name matches target host name 'social.ebuzzing.de'")
 	Related rulesets:
 
 		- Buzzeff.xml
@@ -32,7 +42,7 @@
 		- www.ebuzzing.com	(prints domain name)
 
 -->
-<ruleset name="ebuzzing (partial)">
+<ruleset name="ebuzzing (partial)" default_off="failed ruleset test">
 
 	<target host="ebuzzing.com" />
 	<target host="www.ebuzzing.com" />
@@ -43,10 +53,10 @@
 	<securecookie host="^social\.ebuzzing\.de$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?ebuzzing\.com/"
+	<rule from="^http://(?:www\.)?ebuzzing\.com/"
 		to="https://ebuzzing.com/" />
 
-	<rule from="^https?://(?:www\.)?ebuzzing\.de/(\?.*)?$"
+	<rule from="^http://(?:www\.)?ebuzzing\.de/(\?.*)?$"
 		to="https://social.ebuzzing.de/$1" />
 
 	<rule from="^http://social\.ebuzzing\.de/"
diff --git a/src/chrome/content/rules/Ebyr_CDN.net.xml b/src/chrome/content/rules/Ebyr_CDN.net.xml
new file mode 100644
index 000000000000..fe7c8359267b
--- /dev/null
+++ b/src/chrome/content/rules/Ebyr_CDN.net.xml
@@ -0,0 +1,12 @@
+<!--
+	For other Ebuyer coverage, see Ebuyer.com.xml.
+
+-->
+<ruleset name="Ebyr CDN.net">
+
+	<target host="img.ebyrcdn.net" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Echo-mismatches.xml b/src/chrome/content/rules/Echo-mismatches.xml
deleted file mode 100644
index 22e798a8183b..000000000000
--- a/src/chrome/content/rules/Echo-mismatches.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Echo (mismatches)" default_off="mismatches">
-
-	<target host="aboutecho.com" />
-	<target host="www.aboutecho.com" />
-		<!--	301s to itself.	-->
-		<exclusion pattern="^http://(www\.)?aboutecho.com/(\d{4}/\d\d/\d\d|blog)/" />
-
-
-	<!--	Cert: *.gridserver.com	-->
-	<rule from="^https?://(?:www\.)?aboutecho\.com/"
-		to="https://aboutecho.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Echo.xml b/src/chrome/content/rules/Echo.xml
deleted file mode 100644
index 2e6fb7295bf4..000000000000
--- a/src/chrome/content/rules/Echo.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	For problematic rules, see Echo-mismatches.
-
-
-	Nonfunctional domains:
-
-		cdn.js-kit.com	(cert: *.hs.llnwd.net; 400)
-
--->
-<ruleset name="Echo (partial)">
-
-	<target host="js-kit.com" />
-	<target host="www.js-kit.com" />
-
-
-	<rule from="^http://(www\.)?js-kit\.com/"
-		to="https://$1js-kit.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/EchoDitto.com.xml b/src/chrome/content/rules/EchoDitto.com.xml
index 28a1964be05c..9965895b8b75 100644
--- a/src/chrome/content/rules/EchoDitto.com.xml
+++ b/src/chrome/content/rules/EchoDitto.com.xml
@@ -1,4 +1,12 @@
-<ruleset name="EchoDitto.com">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://echoditto.com/ => https://echoditto.com/: (51, "SSL: no alternative certificate subject name matches target host name 'echoditto.com'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://echoditto.com/ => https://echoditto.com/: (51, "SSL: no alternative certificate subject name matches target host name 'echoditto.com'")
+-->
+<ruleset name="EchoDitto.com" default_off="failed ruleset test">
 
 	<target host="echoditto.com" />
 	<target host="www.echoditto.com" />
@@ -7,7 +15,6 @@
 	<securecookie host="^(?:www\.)?echoditto\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?echoditto\.com/"
-		to="https://$1echoditto.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/EchoEnabled.xml b/src/chrome/content/rules/EchoEnabled.xml
deleted file mode 100644
index 0e582020b601..000000000000
--- a/src/chrome/content/rules/EchoEnabled.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="Echo Enabled">
-  <!-- Echo "real-time web platform" APIs -->
-  <target host="api.echoenabled.com" />
-  <target host="cdn.echoenabled.com" />
-
-  <rule from="^http://(api|cdn)\.echoenabled\.com/" to="https://$1.echoenabled.com/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Echoplex.us.xml b/src/chrome/content/rules/Echoplex.us.xml
new file mode 100644
index 000000000000..8326f9af644f
--- /dev/null
+++ b/src/chrome/content/rules/Echoplex.us.xml
@@ -0,0 +1,62 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://echoplex.us/ => https://echoplex.us/: (51, "SSL: no alternative certificate subject name matches target host name 'echoplex.us'")
+Fetch error: http://blog.echoplex.us/ => https://blog.echoplex.us/: (6, 'Could not resolve host: blog.echoplex.us')
+Fetch error: http://chat.echoplex.us/ => https://chat.echoplex.us/: (6, 'Could not resolve host: chat.echoplex.us')
+Fetch error: http://www.echoplex.us/ => https://echoplex.us/: (51, "SSL: no alternative certificate subject name matches target host name 'echoplex.us'")
+
+-->
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://echoplex.us/ => https://echoplex.us/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://chat.echoplex.us/ => https://chat.echoplex.us/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.echoplex.us/ => https://echoplex.us/: (60, 'SSL certificate problem: certificate has expired')
+
+	Problematic hosts in *echoplex.us:
+
+		- embed ¹
+		- shop ²
+		- www ³
+
+	¹ Expired
+	² Shopify
+	³ Mismatched
+
+
+	Fully covered hosts in *echoplex.us:
+
+		- (www.)?	(www → ^)
+		- blog
+		- chat
+
+-->
+<ruleset name="echoplex.us (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="echoplex.us" />
+	<target host="blog.echoplex.us" />
+	<target host="chat.echoplex.us" />
+	<!--target host="embed.echoplex.us" /-->
+
+	<!--	Complications:
+				-->
+	<!--target host="shop.echoplex.us" /-->
+	<target host="www.echoplex.us" />
+
+		<!--test url="http://embed.echoplex.us/embed.html?channel=" /-->
+
+
+	<!--rule from="^http://shop\.echoplex\.us/"
+		to="https://???.myshopify.com/" /-->
+
+	<rule from="^http://www\.echoplex\.us/"
+		to="https://echoplex.us/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
+
diff --git a/src/chrome/content/rules/Echothrust.com.xml b/src/chrome/content/rules/Echothrust.com.xml
index 69a1b06b7cc9..56b5ba9778d7 100644
--- a/src/chrome/content/rules/Echothrust.com.xml
+++ b/src/chrome/content/rules/Echothrust.com.xml
@@ -1,29 +1,13 @@
-<!--
-	Cert only matches www.
-
-
-	Mixed content:
-
-		- css on www from fonts.googleapis.com *
-
-		- Images, on www from:
-
-			- ^ *
-			- farm\d.static.flickr.com *
-
-	* Secured by us
-
--->
-<ruleset name="Echothrust.com" default_off="self-signed">
+<ruleset name="Echothrust.com">
 
 	<target host="echothrust.com" />
-	<target host="*.echothrust.com" />
+	<target host="www.echothrust.com" />
 
 
-	<securecookie host="^\.echothrust\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?echothrust\.com/"
-		to="https://www.echothrust.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Eclipse.xml b/src/chrome/content/rules/Eclipse.xml
index b2e5cd94ac58..f948f28732f8 100644
--- a/src/chrome/content/rules/Eclipse.xml
+++ b/src/chrome/content/rules/Eclipse.xml
@@ -1,22 +1,71 @@
 <!--
-	Nonfunctional domains:
+	Connection refused:
+		- hono.eclipse.org
+		- leshan.eclipse.org
+		- rtsc.eclipse.org
 
-		wiki.eclipse.org	(redirects to marketplace 404)
+	SSL error:
+		- rdf4j.eclipse.org
 
+	Timed out:
+		- archive.eclipse.org
+		- dirigible.eclipse.org
+		- download.eclipse.org
+		- recommenders.eclipse.org
+		- vorto.eclipse.org
+
+	Wrong server:
+		- build.eclipse.org
 -->
-<ruleset name="Eclipse (partial)">
 
+<ruleset name="Eclipse.org">
 	<target host="eclipse.org" />
-	<target host="*.eclipse.org" />
-
-
-	<securecookie host="^bugs\.eclipse\.org$" name=".*" />
-
-
-	<rule from="^http://(bugs\.|dev\.|www\.)?eclipse\.org/"
-		to="https://$1eclipse.org/" />
+	<target host="www.eclipse.org" />
+	<target host="accounts.eclipse.org" />
+	<target host="api.eclipse.org" />
+	<target host="archive-mirror.eclipse.org" />
+	<target host="babel.eclipse.org" />
+	<target host="blogs.eclipse.org" />
+	<target host="bugs.eclipse.org" />
+	<target host="che.eclipse.org" />
+	<target host="ci.eclipse.org" />
+	<target host="dev.eclipse.org" />
+	<target host="ditto.eclipse.org" />
+	<target host="events.eclipse.org" />
+	<target host="forums.eclipse.org" />
+	<target host="git.eclipse.org" />
+	<target host="help.eclipse.org" />
+	<target host="hudson.eclipse.org" />
+	<target host="iot.eclipse.org" />
+	<target host="kapua.eclipse.org" />
+	<target host="live.eclipse.org" />
+	<target host="lts.eclipse.org" />
+	<target host="marketplace.eclipse.org" />
+	<target host="mattermost.eclipse.org" />
+	<target host="mattermost-test.eclipse.org" />
+	<target host="openpass.eclipse.org" />
+	<target host="orion.eclipse.org" />
+	<target host="*.orion.eclipse.org" />
+		<test url="http://www.orion.eclipse.org/foo?bar" />
+		<test url="http://a.b.orion.eclipse.org/" />
+		<test url="http://test7.orion.eclipse.org/" />
+	<target host="packagedrone.eclipse.org" />
+	<target host="phoenix.eclipse.org" />
+	<target host="planet.eclipse.org" />
+	<target host="portal.eclipse.org" />
+	<target host="projects.eclipse.org" />
+	<target host="pulsar.eclipse.org" />
+	<target host="repo.eclipse.org" />
+	<target host="science.eclipse.org" />
+	<target host="status.eclipse.org" />
+	<target host="tuleap.eclipse.org" />
+	<target host="udc.eclipse.org" />
+	<target host="unide.eclipse.org" />
+	<target host="wiki.eclipse.org" />
+	<target host="wikitest.eclipse.org" />
 
-	<rule from="^http://marketplace(1)?\.eclipse\.org/(eclipse\.org-common|misc|modules|sites)/"
-		to="https://marketplace$1.eclipse.org/$2/" />
+	<rule from="^http://([\w.-]+)\.orion\.eclipse\.org/"
+		to="https://orion.eclipse.org/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/EclipseCon.org.xml b/src/chrome/content/rules/EclipseCon.org.xml
new file mode 100644
index 000000000000..d90c56ef990e
--- /dev/null
+++ b/src/chrome/content/rules/EclipseCon.org.xml
@@ -0,0 +1,6 @@
+<ruleset name="EclipseCon.org">
+	<target host="eclipsecon.org" />
+	<target host="www.eclipsecon.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Eclipso.ch.xml b/src/chrome/content/rules/Eclipso.ch.xml
index a9e6c3473ef6..60256403d330 100644
--- a/src/chrome/content/rules/Eclipso.ch.xml
+++ b/src/chrome/content/rules/Eclipso.ch.xml
@@ -1,6 +1,6 @@
 <ruleset name="Eclipso.ch">
 <target host="www.eclipso.ch"/>
 <target host="eclipso.ch"/>
-<rule from="^http://(www\.)?eclipso\.ch/" to="https://www.eclipso.ch/"/>
+<rule from="^http://(?:www\.)?eclipso\.ch/" to="https://www.eclipso.ch/"/>
 </ruleset>
 <!-- Rule generated by HTTPS Finder 0.91 -->
diff --git a/src/chrome/content/rules/Eclipso.xml b/src/chrome/content/rules/Eclipso.xml
index 2c8c680f15f9..a154c6ea96b4 100644
--- a/src/chrome/content/rules/Eclipso.xml
+++ b/src/chrome/content/rules/Eclipso.xml
@@ -7,5 +7,5 @@
   <securecookie host="^(?:www\.|mail\.|m\.)?eclipso\.de$" name=".+" />
 
   <rule from="^http://(?:mail\.|www\.)?eclipso\.de/" to="https://www.eclipso.de/" />
-  <rule from="^https?://m\.eclipso\.de/" to="https://www.eclipso.de/m/" />
+  <rule from="^http://m\.eclipso\.de/" to="https://www.eclipso.de/m/" />
 </ruleset>
diff --git a/src/chrome/content/rules/Ecm74.com.xml b/src/chrome/content/rules/Ecm74.com.xml
new file mode 100644
index 000000000000..380a07d8f05c
--- /dev/null
+++ b/src/chrome/content/rules/Ecm74.com.xml
@@ -0,0 +1,28 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ecm74.com/ => https://ecm74.com/: (35, 'Unknown SSL protocol error in connection to ecm74.com:443 ')
+Fetch error: http://www.ecm74.com/ => https://ecm74.com/: (35, 'Unknown SSL protocol error in connection to ecm74.com:443 ')
+
+	Ads/marketing.
+
+	For other Tractional Digital coverage, see Traction-Digital.com.xml.
+
+
+	www: cert only matches ^ecm74.com.
+
+-->
+<ruleset name="ecm74.com (partial)" default_off="failed ruleset test">
+
+	<target host="ecm74.com" />
+	<target host="www.ecm74.com" />
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="^http://(www\.)?ecm74\.com/+rp/\d+/ContestForm\.clsp" /-->
+
+
+	<rule from="^http://(?:www\.)?ecm74\.com/(?!rp/\d+/ContestForm\.clsp)"
+		to="https://ecm74.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ecma-international.org.xml b/src/chrome/content/rules/Ecma-international.org.xml
new file mode 100644
index 000000000000..c8abb7ded4fb
--- /dev/null
+++ b/src/chrome/content/rules/Ecma-international.org.xml
@@ -0,0 +1,6 @@
+<ruleset name="Ecma-international.org">
+	<target host="ecma-international.org" />
+	<target host="www.ecma-international.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/EcoDissident.net.xml b/src/chrome/content/rules/EcoDissident.net.xml
new file mode 100644
index 000000000000..dd0d9c6d1226
--- /dev/null
+++ b/src/chrome/content/rules/EcoDissident.net.xml
@@ -0,0 +1,12 @@
+<ruleset name="EcoDissident.net">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ecodissident.net" />
+	<target host="www.ecodissident.net" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ecode360.com.xml b/src/chrome/content/rules/Ecode360.com.xml
new file mode 100644
index 000000000000..19529e38826e
--- /dev/null
+++ b/src/chrome/content/rules/Ecode360.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Ecode360.com">
+  <target host="ecode360.com" />
+  <target host="www.ecode360.com" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ecoff.org.xml b/src/chrome/content/rules/Ecoff.org.xml
new file mode 100644
index 000000000000..6be15e2476e6
--- /dev/null
+++ b/src/chrome/content/rules/Ecoff.org.xml
@@ -0,0 +1,22 @@
+<!--
+	Mixed content:
+
+		- Images from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Ecoff.org">
+
+	<target host="ecoff.org" />
+	<target host="www.ecoff.org" />
+
+
+	<!--	Server doesn't set Secure for:
+						-->
+	<securecookie host="^(?:w*\.)?ecoff\.org$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ecommerce.xml b/src/chrome/content/rules/Ecommerce.xml
index 790b9e122cff..b78cac81538a 100644
--- a/src/chrome/content/rules/Ecommerce.xml
+++ b/src/chrome/content/rules/Ecommerce.xml
@@ -2,57 +2,39 @@
 	Other Ecommerce rulesets:
 
 		- Hesecure.com.xml
+		- IX_Web_Hosting.com.xml
+		- Opentransfer.com.xml
+		- Webhost.biz.xml
 
 
-	Nonfunctional domains:
+	Insecure cookies are set for these hosts:
 
-		- status.ixwebhosting.com
+		- www.ecommerce.com
 
--->
-<ruleset name="Ecommerce (partial)" platform="mixedcontent">
 
-	<target host="ecommerce.com" />
-	<target host="www.ecommerce.com" />
-	<target host="ixwebhosting.com" />
-	<target host="*.ixwebhosting.com" />
-	<target host="opentransfer.com" />
-	<target host="*.opentransfer.com" />
-	<!--	* for cross-domain cookies.	-->
-	<target host="*.webmail.opentransfer.com" />
-	<target host="webhost.biz" />
-	<target host="*.webhost.biz" />
+	Mixed content:
 
+		- css from fonts.googleapis.com *
 
-	<securecookie host="^(.*\.)?ixwebhosting\.com$" name=".*" />
-	<securecookie host="^\.webmail\.opentransfer\.com$" name=".*" />
-	<securecookie host="^manage\.webhost\.biz$" name=".*" />
+	* Secured by us
 
+-->
+<ruleset name="Ecommerce.com (partial)">
 
-	<rule from="^http://(www\.)?ecommerce\.com/"
-		to="https://$1ecommerce.com/" />
-
-	<rule from="^http://((?:assets|manage|www)\.)?ixwebhosting\.com/"
-		to="https://$1ixwebhosting.com/" />
+	<!--	Direct rewrites:
+				-->
+	<target host="ecommerce.com" />
+	<target host="www.ecommerce.com" />
 
-	<!--	- blog doesn't work over https
-		- $ redirects like so
-			-->
-	<rule from="^https?://blog\.ixwebhosting\.com/"
-		to="https://www.ixwebhosting.com/blog/" />
 
-	<!--	- Cert: *.opentransfer.com
-		- Redirects like so
-				-->
-	<rule from="^https?://email\.ixwebhosting\.com/"
-		to="https://webmail.opentransfer.com/horde/imp/" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.ecommerce\.com$" name="^(_ecommerce_session|request_method)$" /-->
 
-	<rule from="^https?://(?:www\.)?opentransfer\.com/"
-		to="https://ecommerce.com/" />
+	<securecookie host="^www\.ecommerce\.com$" name=".+" />
 
-	<rule from="^http://webmail\.opentransfer\.com/"
-		to="https://webmail.opentransfer.com/" />
 
-	<rule from="^http://(manage\.|www\.)?webhost\.biz/"
-		to="https://$1webhost.biz/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Econda-monitor.de.xml b/src/chrome/content/rules/Econda-monitor.de.xml
index 5274861127e9..dc32fbf304c7 100644
--- a/src/chrome/content/rules/Econda-monitor.de.xml
+++ b/src/chrome/content/rules/Econda-monitor.de.xml
@@ -1,10 +1,20 @@
 <!--
+	For other econda coverage, see Econda.de.xml.
+
+
 	Web bugs.
 
 
 	^econda-monitor.de times out over http.
 
 
+	Insecure cookies are set for these hosts: ᶜ
+
+		- monitor.econda-monitor.de
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
 	The following cookies are set by hosts loading these bugs:
 
 		- emos_jcsid
@@ -14,10 +24,23 @@
 -->
 <ruleset name="econda-monitor.de">
 
+	<target host="monitor.econda-monitor.de" />
+	<target host="ww1.econda-monitor.de" />
 	<target host="www.econda-monitor.de" />
 
+		<!--	Sets cookies without Secure:
+							-->
+		<!--test url="http://monitor.econda-monitor.de/r.a.c.e./login.jsp?iframe=1&amp;LOCALE=de&amp;version=2" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^monitor\.econda-monitor\.de$" name="^emos_jc[sv]id$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
 
-	<rule from="^http://www\.econda-monitor\.de/"
-		to="https://www.econda-monitor.de/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Econda.de.xml b/src/chrome/content/rules/Econda.de.xml
new file mode 100644
index 000000000000..d83bb14b31bc
--- /dev/null
+++ b/src/chrome/content/rules/Econda.de.xml
@@ -0,0 +1,62 @@
+<!--
+	Other econda rulesets:
+
+		- Econda-monitor.de.xml
+
+
+	Nonfunctional hosts in *econda.de:
+
+		- blog ⁴
+		- support ᵈ
+
+	⁴ 404
+	ᵈ Dropped
+
+
+	Problematic hosts in *econda.de:
+
+		- mail ᵐ
+
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- econda.de
+		- .econda.de
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Econda.de (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="econda.de"/>
+	<target host="support.econda.de"/>
+	<target host="www.econda.de"/>
+
+	<!--	Complications:
+				-->
+	<target host="mail.econda.de"/>
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.?econda\.de$" name="^fe_typo_user$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<!--	Redirect keeps path and args,
+		but not forward slash:
+					-->
+	<rule from="^http://mail\.econda\.de/+"
+		to="https://portal.office.com/" />
+
+		<test url="http://mail.econda.de/default.aspx" />
+
+	<rule from="^http:"
+		to="https:"/>
+
+</ruleset>
diff --git a/src/chrome/content/rules/Econoday.com.xml b/src/chrome/content/rules/Econoday.com.xml
new file mode 100644
index 000000000000..b103727547a7
--- /dev/null
+++ b/src/chrome/content/rules/Econoday.com.xml
@@ -0,0 +1,45 @@
+<!--
+	Non-functional hosts
+		Different content:
+		- broadcast.econoday.com
+		- investorjournals.econoday.com
+-->
+<ruleset name="Econoday.com">
+	<target host="econoday.com" />
+	<target host="www.econoday.com" />
+	<target host="abasic.econoday.com" />
+	<target host="anasdaq.econoday.com" />
+	<target host="aplus.econoday.com" />
+	<target host="apremium.econoday.com" />
+	<target host="b-us.econoday.com" />
+	<target host="barrons.econoday.com" />
+	<target host="basic.econoday.com" />
+	<target host="bloomberg.econoday.com" />
+	<target host="calendar.econoday.com" />
+	<target host="cityindex.econoday.com" />
+	<target host="cme-tr.econoday.com" />
+	<target host="fidelity.econoday.com" />
+	<target host="fidelity-fcm.econoday.com" />
+	<target host="fidelityfiplus.econoday.com" />
+	<target host="fidweek.econoday.com" />
+	<target host="fmmagazine.econoday.com" />
+	<target host="global.econoday.com" />
+	<target host="global-premium.econoday.com" />
+	<target host="globalbasic.econoday.com" />
+	<target host="ibd.econoday.com" />
+	<target host="idiventures.econoday.com" />
+	<target host="kbondpoint.econoday.com" />
+	<target host="mam.econoday.com" />
+	<target host="my.econoday.com" />
+	<target host="optionsclick.econoday.com" />
+	<target host="premium.econoday.com" />
+	<target host="quoddbasic.econoday.com" />
+	<target host="shop.econoday.com" />
+	<target host="store.econoday.com" />
+	<target host="us.econoday.com" />
+	<target host="wsj-global.econoday.com" />
+	<target host="wsj-us.econoday.com" />
+	<target host="www1.econoday.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Economic-Policy-Institute.xml b/src/chrome/content/rules/Economic-Policy-Institute.xml
index 183cefb319a0..07f05419c812 100644
--- a/src/chrome/content/rules/Economic-Policy-Institute.xml
+++ b/src/chrome/content/rules/Economic-Policy-Institute.xml
@@ -9,12 +9,13 @@
 -->
 <ruleset name="Economic Policy Institute (partial)">
 
-	<target host="*.epi.org" />
+	<target host="www.epi.org" />
+	<target host="my.epi.org" />
+	<target host="secure.epi.org" />
 	<!--	* for cross-domain cookie.	-->
-	<target host="*.secure.epi.org" />
 
 
-	<securecookie host="^(my|\.?secure)\.epi\.org$" name=".*" />
+	<securecookie host="^(?:my|\.?secure)\.epi\.org$" name=".+" />
 
 
 	<!--	From secure, server redirects to epi.3cdn.net/$hash.ext,
diff --git a/src/chrome/content/rules/Economist.xml b/src/chrome/content/rules/Economist.xml
index acc8816684e4..9015d8ce8b3a 100644
--- a/src/chrome/content/rules/Economist.xml
+++ b/src/chrome/content/rules/Economist.xml
@@ -2,44 +2,62 @@
 	Other Economist Group rulesets:
 
 		- Roll_Call.com.xml
+		- Static-Economist.com.xml
+		- Which_MBA.com.xml
 
 
-	CDN buckets:
+	Problematic hosts in *economist.com:
 
-		- media.economist.com.cdngc.net
+		- stats (mismatched)
+		- store (mismatched)
+		- success (expired)
 
-			- cdn.static-economist.com
+	These altnames don't exist:
 
+		- www.gmat.economist.com
+		- www.app.gmat.economist.com
+		- subscriptions.economist.com
+		- www.success.economist.com
 
-	Problematic domains:
+	Mixed content:
 
-		- cdn.static-economist.com	(works; mismatched, CN: ssl2.cdngc.net)
+		- Bugs on execed from ads.whichmba.com *
 
-
-	Fully covered domains:
-
-		- cdn.static-economist.com	(→ media.economist.com)
+	* Secured by us
 
 -->
-<ruleset name="Economist (partial)">
+<ruleset name="Economist.com (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="economist.com" />
-	<target host="*.economist.com" />
-	<target host="cdn.static-economist.com" />
-
-
-	<!--	Some pages 302 to http.
-					-->
-	<rule from="^http://(?:www\.)?economist\.com/(debate(?:$|[\?/])|favicon\.ico|sites/|user)"
-		to="https://www.economist.com/$1" />
-
-	<rule from="^http://(libertymutual|media|(?:www\.)?store)\.economist\.com/"
-		to="https://$1.economist.com/" />
+	<target host="www.economist.com" />
+	<target host="authenticate.economist.com" />
+	<target host="execed.economist.com" />
+	<target host="gmat.economist.com" />
+	<target host="app.gmat.economist.com" />
+	<target host="jobs.economist.com" />
+	<target host="media.economist.com" />
+	<target host="shop.economist.com" />
+	<target host="www.store.economist.com" />
+	<target host="subscription.economist.com" />
+	<target host="subscriptions.economist.com" />
+	<target host="ukshop.economist.com" />
+
+	<!--	Complications:
+				-->
+	<target host="stats.economist.com" />
+	<target host="store.economist.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://store\.economist\.com/"
+		to="https://shop.economist.com/" />
 
 	<rule from="^http://stats\.economist\.com/"
-		to="https://economistcomprod.122.2o7.net/" />
+		to="https://economist.122.2o7.net/" />
 
-	<rule from="^http://cdn\.static-economist\.com/"
-		to="https://media.economist.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Economist_Intelligence_Unit.xml b/src/chrome/content/rules/Economist_Intelligence_Unit.xml
index 9f39a9b33e45..e3b6ba5a9969 100644
--- a/src/chrome/content/rules/Economist_Intelligence_Unit.xml
+++ b/src/chrome/content/rules/Economist_Intelligence_Unit.xml
@@ -7,13 +7,12 @@
 <ruleset name="Economist Intelligence Unit (partial)">
 
 	<target host="eiu.com" />
-	<target host="*.eiu.com" />
+	<target host="www.eiu.com" />
 
 
 	<securecookie host="^\.eiu\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?eiu\.com/"
-		to="https://$1eiu.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Economy.com.xml b/src/chrome/content/rules/Economy.com.xml
new file mode 100644
index 000000000000..67dfc56da8d2
--- /dev/null
+++ b/src/chrome/content/rules/Economy.com.xml
@@ -0,0 +1,24 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- economy.com
+		- www.economy.com
+
+-->
+<ruleset name="Economy.com">
+
+	<target host="economy.com" />
+	<target host="www.economy.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?economy\.com$" name="^__RequestVerificationToken$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ecosia.org.xml b/src/chrome/content/rules/Ecosia.org.xml
new file mode 100644
index 000000000000..3d7f6c73dbc3
--- /dev/null
+++ b/src/chrome/content/rules/Ecosia.org.xml
@@ -0,0 +1,27 @@
+<ruleset name="Ecosia">
+	<target host="ecosia.org" />
+	<target host="*.ecosia.org" />
+	<target host="ecosia.co" />
+	
+	<test url="http://analytics.ecosia.org/analytics.js"/>
+	<test url="http://blog.ecosia.org/content/images/2018/06/We-re-now-in-Peru-and-Madagascar-1.jpg"/>
+	<test url="http://blog.ecosia.org/ecosia-financial-reports-tree-planting-receipts/"/>
+	<test url="http://blog.ecosia.org/tag/where-does-ecosia-plant-trees/"/>
+	<test url="http://fr.blog.ecosia.org/1000-arbres-en-une-journee-ou-comment-deux-femmes-bousculent-les-regles-de-lagriculture/"/>
+	<test url="http://fr.blog.ecosia.org/content/images/2020/02/spain_country_ecosia-2.jpg"/>
+	<test url="http://de.blog.ecosia.org/bleibt-hambi-2020/"/>
+	<test url="http://de.blog.ecosia.org/content/images/2020/02/header.jpg"/>
+	<test url="http://cdn.ecosia.org/indexpage/aa50167238dc1cdde5ee.js"/>
+	<test url="http://cdn.ecosia.org/og/facebook.jpg"/>
+	<test url="http://cdn.ecosia.org/manifest.json"/>
+	<test url="http://design.ecosia.org/#/Brand/Design%20principles"/>
+	<test url="http://hotels.ecosia.org/Place/Myrtle_Beach.htm"/>
+	<test url="http://info.ecosia.org/assets/scripts/bundle-21187f8dc4.js"/>
+	<test url="http://info.ecosia.org/privacy"/>
+	<test url="http://ps.ecosia.org/FVh3ot2zPwDMi43LjI.js"/>
+	<test url="http://videos-cdn.ecosia.org/video-en-81a0480ed573f7d7d5d4e58559d30ded.webm"/>
+	<test url="http://www.ecosia.org/ecosia-news"/>
+	
+	<rule from="^http:"
+          to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ecowatch.com.xml b/src/chrome/content/rules/Ecowatch.com.xml
new file mode 100644
index 000000000000..fc1ff0843a13
--- /dev/null
+++ b/src/chrome/content/rules/Ecowatch.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Ecowatch.com">
+  <target host="ecowatch.com" />
+  <target host="www.ecowatch.com" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ecustomer_support.com.xml b/src/chrome/content/rules/Ecustomer_support.com.xml
new file mode 100644
index 000000000000..8582fac53f97
--- /dev/null
+++ b/src/chrome/content/rules/Ecustomer_support.com.xml
@@ -0,0 +1,36 @@
+<!--
+	(www.)?ecustomersupport.com doesn't exist.
+
+
+	Insecure cookies are set for these hosts:
+
+		- tmobile.ecustomersupport.com
+
+
+	Mixed content:
+
+		- Bug on tmobile from sdc.t-mobile.com *
+
+	* Unsecurable <= dropped
+
+-->
+<ruleset name="ecustomer support.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="tmobile.ecustomersupport.com" />
+
+		<test url="http://tmobile.ecustomersupport.com/tMobile/tmobileEntry.do" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^tmobile\.ecustomersupport\.com$" name="^JSESSIONID$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ecwid.com.xml b/src/chrome/content/rules/Ecwid.com.xml
new file mode 100644
index 000000000000..2754efd0960d
--- /dev/null
+++ b/src/chrome/content/rules/Ecwid.com.xml
@@ -0,0 +1,23 @@
+<!--
+	Note: each customer of ecwid.com get its own subdomains,
+		at least some of them support HTTPS properly.
+
+	Non-functional hosts:
+		Incomplete certificate chain error:
+		- ideas.ecwid.com
+-->
+<ruleset name="Ecwid.com (partial)">
+
+	<target host="ecwid.com" />
+	<target host="www.ecwid.com" />
+	<target host="images-cdn.ecwid.com" />
+	<target host="kb.ecwid.com" />
+	<target host="my.ecwid.com" />
+	<target host="static.ecwid.com" />
+	<target host="support.ecwid.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ecwid.xml b/src/chrome/content/rules/Ecwid.xml
deleted file mode 100644
index 7f2c264f0daf..000000000000
--- a/src/chrome/content/rules/Ecwid.xml
+++ /dev/null
@@ -1,57 +0,0 @@
-<!--
-	CDN buckets:
-
-		- dj925myfyz5v.cloudfront.net
-
-			- static.ecwid.com
-
-		- dpbfm6h358sh7.cloudfront.net
-
-			- images-cdn.ecwid.com
-
-		- ecwid.desk.com
-
-			- help.ecwid.com
-
-		- ecwid.pbworks.com
-
-			- kb.ecwid.com
-
-		- ecwid.uservoice.com
-
-			- ideas.ecwid.com
-
-
-	Nonfunctional subdomains:
-
-		- (www.)	(redirects to http)
-		- help		(redirects to http; mismatched, CN: *.assistly.com)
-		- kb		(redirects to http; mismatched, CN: *.pbworks.com)
-
-
-	Problematic subdomains:
-
-		- ideas		(works; mismatched, CN: *.uservoice.com)
-
--->
-<ruleset name="Ecwid (partial)">
-
-	<target host="*.ecwid.com" />
-
-
-	<securecookie host="^my\.ecwid\.com$" name=".+" />
-
-
-	<rule from="^https?://images-cdn\.ecwid\.com/"
-		to="https://dpbfm6h358sh7.cloudfront.net/" />
-
-	<rule from="^https?://kb\.ecwid\.com/(f/|theme_image\.php)"
-		to="https://ecwid.pbworks.com/$1" />
-
-	<rule from="^http://my\.ecwid\.com/"
-		to="https://my.ecwid.com/" />
-
-	<rule from="^https?://static\.ecwid\.com/"
-		to="https://dj925myfyz5v.cloudfront.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Ed.ac.uk.xml b/src/chrome/content/rules/Ed.ac.uk.xml
new file mode 100644
index 000000000000..331dac10fca1
--- /dev/null
+++ b/src/chrome/content/rules/Ed.ac.uk.xml
@@ -0,0 +1,66 @@
+<!--
+	Nonfunctional subdomains:
+
+		- www.edlug *
+		- www.lib *
+		- www.maths **
+		- unixhelp ²
+
+	* Refused
+	** Shows info.maths.ed.ac.uk
+	² Shows www.ug.ucs.ed.ac.uk
+
+
+	Problematic subdomains:
+
+		- www.ug.ucs *
+		- www.inf ²
+
+	* Self-signed
+	² Some branches via HTTPS require authentication, but are public via HTTP
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .ease.ed.ac.uk
+		- info.maths.ed.ac.uk
+		- .projects.ed.ac.uk
+
+
+	Mixed content:
+
+		- Images on www.myed from www.ed.ac.uk *
+
+	* Unsecurable <= redirects to www.ease.ed.ac.uk
+
+-->
+<ruleset name="Ed.ac.uk (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.ease.ed.ac.uk" />
+        <target host="www.inf.ed.ac.uk" />
+        <target host="blog.inf.ed.ac.uk" />
+        <target host="ifriend.inf.ed.ac.uk" />
+        <target host="networks.inf.ed.ac.uk" />
+        <target host="weblogin.inf.ed.ac.uk" />
+	<target host="wiki.inf.ed.ac.uk" />
+	<target host="info.maths.ed.ac.uk" />
+	<target host="webstats.maths.ed.ac.uk" />
+	<target host="www.myed.ed.ac.uk" />
+	<target host="www.projects.ed.ac.uk" />
+	<target host="www.wiki.ed.ac.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^info\.maths\.ed\.ac\.uk$" name="^SN[\da-f]+$" /-->
+	<!--securecookie host="^\.projects\.ed\.ac\.uk$" name="^SESS[\da-f]{32}$" /-->
+
+	<securecookie host="^info\.maths\.ed\.ac\.uk$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/EdUbuntu.xml b/src/chrome/content/rules/EdUbuntu.xml
index f4514d4d954a..0595489cf5bf 100644
--- a/src/chrome/content/rules/EdUbuntu.xml
+++ b/src/chrome/content/rules/EdUbuntu.xml
@@ -1,6 +1,21 @@
-<ruleset name="EdUbuntu">
-  <target host="edubuntu.org" />
-  <target host="www.edubuntu.org" />
+<!--
+	Mixed content:
+
+		- Image on (www.)? from ^edubuntu.org ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Edubuntu.org">
+
+	<target host="edubuntu.org" />
+	<target host="wiki.edubuntu.org" />
+	<target host="www.edubuntu.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
 
-  <rule from="^http://(?:www\.)?edubuntu\.org/" to="https://edubuntu.org/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/EdWeek.org.xml b/src/chrome/content/rules/EdWeek.org.xml
new file mode 100644
index 000000000000..4d432c97db41
--- /dev/null
+++ b/src/chrome/content/rules/EdWeek.org.xml
@@ -0,0 +1,38 @@
+<!--
+	Nonfunctional subdomains:
+
+		- api *
+		- leaders *
+
+	* Refused
+
+
+	(www.): shows secure; mismatched, CN: secure.edweek.org
+
+-->
+<ruleset name="EdWeek.org (partial)">
+
+	<target host="edweek.org" />
+	<target host="www.edweek.org" />
+	<target host="myaccount.edweek.org" />
+	<target host="pddirectory.edweek.org" />
+	<target host="secure.edweek.org" />
+	<target host="sm.edweek.org" />
+	<target host="m.edweek.org" />
+		<!--exclusion pattern="^http://(api|leaders)\.edweek\.org/" /-->
+		<!--
+			Redirect to http:
+						-->
+		<exclusion pattern="^http://pddirectory\.edweek\.org/+(?:$|\?)" />
+
+
+	<rule from="^http://(?:www\.)?edweek\.org/(?=css/|favicon\.ico|images/|js/|media/)"
+		to="https://secure.edweek.org/" />
+
+	<rule from="^http://(myaccount|pddirectory|secure|sm)\.edweek\.org/"
+		to="https://$1.edweek.org/" />
+
+	<rule from="^http://m\.edweek\.org/"
+		to="https://edweek-org.122.2o7.net/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/EdX.xml b/src/chrome/content/rules/EdX.xml
index e7f97836c635..f0d92c30dca6 100644
--- a/src/chrome/content/rules/EdX.xml
+++ b/src/chrome/content/rules/EdX.xml
@@ -1,20 +1,29 @@
 <!--
-	Cert only matches *.edx.org
+	Insecure cookies are set for these domains and hosts:
+
+		- edx.org
+		- .edx.org
+		- courses.edx.org
 
 -->
-<ruleset name="edX">
+<ruleset name="edX.org">
 
 	<target host="edx.org" />
-	<target host="*.edx.org" />
+	<target host="courses.edx.org" />
+	<target host="files.edx.org" />
+	<target host="www.edx.org" />
 
 
-	<securecookie host="^(?:courses|www)\.edx\.org$" name=".+" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^edx\.org$" name="^AWSELB$" /-->
+	<!--securecookie host="^\.edx\.org$" name="^prod-edx-sessionid$" /-->
+	<!--securecookie host="^courses\.edx\.org$" name="^(?:AWSELB|csrftoken)$" /-->
 
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^https?://(?:www\.)?edx\.org/"
-		to="https://www.edx.org/" />
 
-	<rule from="^http://courses\.edx\.org/"
-		to="https://courses.edx.org/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Ed_Uncovered.com.xml b/src/chrome/content/rules/Ed_Uncovered.com.xml
new file mode 100644
index 000000000000..1b5a191d62f0
--- /dev/null
+++ b/src/chrome/content/rules/Ed_Uncovered.com.xml
@@ -0,0 +1,30 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://eduncovered.com/ => https://eduncovered.com/: Too many redirects while fetching 'https://eduncovered.com/'
+Fetch error: http://www.eduncovered.com/ => https://www.eduncovered.com/: Too many redirects while fetching 'https://www.eduncovered.com/'
+
+	Insecure cookies are set for these domains:
+
+		- .eduncovered.com
+
+-->
+<ruleset name="Ed Uncovered.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="eduncovered.com" />
+	<target host="www.eduncovered.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.eduncovered\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.eduncovered\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Edarabia.com.xml b/src/chrome/content/rules/Edarabia.com.xml
index 401416295908..74594f4dcc63 100644
--- a/src/chrome/content/rules/Edarabia.com.xml
+++ b/src/chrome/content/rules/Edarabia.com.xml
@@ -1,19 +1,23 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://edarabia.com/ => https://edarabia.com/: Too many redirects while fetching 'https://edarabia.com/'
+Fetch error: http://www.edarabia.com/ => https://www.edarabia.com/: Too many redirects while fetching 'https://www.edarabia.com/'
+
 	Problematic subdomains:
 
 		- ^	(http reply)
 
 -->
-<ruleset name="Edarabia.com">
+<ruleset name="Edarabia.com" default_off="failed ruleset test">
 
 	<target host="edarabia.com" />
-	<target host="*.edarabia.com" />
+	<target host="www.edarabia.com" />
 
 
 	<securecookie host="^\.edarabia\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?edarabia\.com/"
-		to="https://$1edarabia.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Edas.xml b/src/chrome/content/rules/Edas.xml
deleted file mode 100644
index cf360de6058b..000000000000
--- a/src/chrome/content/rules/Edas.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="Edas.info">
-  <target host="edas.info" />
-  <target host="www.edas.info" />
-
-  <rule from="^http://(?:www\.)?edas\.info/" to="https://www.edas.info/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Eddie_Izzard.xml b/src/chrome/content/rules/Eddie_Izzard.xml
index 4d861dc93239..eb89f00fb525 100644
--- a/src/chrome/content/rules/Eddie_Izzard.xml
+++ b/src/chrome/content/rules/Eddie_Izzard.xml
@@ -8,7 +8,7 @@
 	<target host="www.eddieizzard.com" />
 
 
-	<rule from="^https?://(?:www\.)?eddieizzard\.com/([^/]+/assets/|favicon\.ico|resource/)"
+	<rule from="^http://(?:www\.)?eddieizzard\.com/([^/]+/assets/|favicon\.ico|resource/)"
 		to="https://www.eddieizzard.com/$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/EdenHost.com.xml b/src/chrome/content/rules/EdenHost.com.xml
index 77e381932774..8524f0ad3784 100644
--- a/src/chrome/content/rules/EdenHost.com.xml
+++ b/src/chrome/content/rules/EdenHost.com.xml
@@ -1,13 +1,12 @@
 <ruleset name="EdenHost.com">
 
 	<target host="edenhost.com" />
-	<target host="*.edenhost.com" />
+	<target host="www.edenhost.com" />
 
 
 	<securecookie host="^\.edenhost\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?edenhost\.com/"
-		to="https://$1edenhost.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Ederdrom.de.xml b/src/chrome/content/rules/Ederdrom.de.xml
new file mode 100644
index 000000000000..81cd0ce0baf7
--- /dev/null
+++ b/src/chrome/content/rules/Ederdrom.de.xml
@@ -0,0 +1,21 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://oc.ederdrom.de/ => https://oc.ederdrom.de/: (6, 'Could not resolve host: oc.ederdrom.de')
+Fetch error: http://www.ederdrom.de/ => https://www.ederdrom.de/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="ederdrom.de" default_off="failed ruleset test">
+
+	<target host="ederdrom.de" />
+	<target host="oc.ederdrom.de" />
+	<target host="www.ederdrom.de" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Edfil.es.xml b/src/chrome/content/rules/Edfil.es.xml
deleted file mode 100644
index 212bf42e6af6..000000000000
--- a/src/chrome/content/rules/Edfil.es.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	Problematic subdomains:
-
-		- ^	(works, cert only matches www)
-
--->
-<ruleset name="Edfil.es">
-
-	<target host="edfil.es" />
-	<target host="www.edfil.es" />
-
-
-	<rule from="^http://(?:www\.)?edfil\.es/"
-		to="https://www.edfil.es/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Edge.org.xml b/src/chrome/content/rules/Edge.org.xml
new file mode 100644
index 000000000000..878eeddc6a97
--- /dev/null
+++ b/src/chrome/content/rules/Edge.org.xml
@@ -0,0 +1,25 @@
+<!--
+	Mixed content:
+
+		- Images, from:
+
+			- ecx.images-amazon.com
+			- edge.org
+			- www.edge.org
+
+-->
+<ruleset name="Edge.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="edge.org" />
+	<target host="www.edge.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/EdgeCast-networks.xml b/src/chrome/content/rules/EdgeCast-networks.xml
index aff137fd56ad..fc5e8e824c5a 100644
--- a/src/chrome/content/rules/EdgeCast-networks.xml
+++ b/src/chrome/content/rules/EdgeCast-networks.xml
@@ -1,44 +1,35 @@
 <!--
-	For problematic rules, see EdgeCast-Networks-mismatches.xml.
+Others: See Web.com.xml
 
+	Redirect to http:
+	status.edgecast.com
 
+	Mismatch:
+	blog..edgecast.com
+	large..edgecast.com
+
+	wac.*.edgecastcdn.net
+	wpc.*.edgecastcdn.net
 -->
+
 <ruleset name="EdgeCast Networks (partial)">
 
-	<target host="wac.*.edgecastcdn.net" />
-	<target host="wpc.*.edgecastcdn.net" />
+	<target host="api.edgecast.com" />
+	<target host="my.edgecast.com" />
+	<target host="partner.edgecast.com" />
+	<target host="translate.edgecast.com" />
+	<target host="wholesale.edgecast.com" />
+	<target host="www.edgecast.com" />
+
+	<target host="edgecastcdn.net" />
 	<target host="ne.edgecastcdn.net" />
 	<target host="wac.edgecastcdn.net" />
-	<target host="*.wac.edgecastcdn.net" />
-	<target host="*.wpc.edgecastcdn.net" />
-
-
-	<rule from="^http://wac(?:\.1ac1)?\.edgecastcdn\.net/"
-		to="https://wac.edgecastcdn.net/" />
-
-	<!--	Seems to be equivalent to ne1.wpc.edgecastcdn.net,
-		given that the two are identical for the buckets
-		observed at web.com (Web.com.xml).
-				-->
-	<rule from="^http://ne\.edgecastcdn\.net/"
-		to="https://ne.edgecastcdn.net/" />
-
-	<rule from="^http://g(p|s)1\.wac\.edgecastcdn\.net/"
-		to="https://g$11.wac.edgecastcdn.net/" />
-
-	<rule from="^http://wac\.\w{4}\.edgecastcdn\.net/0"
-		to="https://gp1.wac.edgecastcdn.net/0" />
-
-	<!--	Encountered in wpc.nnnn:
-
-			- 200e
-			- 437a  (/00437A/)
-			- 50b9	(/0050B9/)
-							-->
-	<rule from="^http://(?:wpc\.\w{4}|ne1\.wpc)\.edgecastcdn\.net/"
-		to="https://ne1.wpc.edgecastcdn.net/" />
+	<target host="gp1.wac.edgecastcdn.net" />
+	<target host="gs1.wac.edgecastcdn.net" />
+	<target host="ne.wac.edgecastcdn.net" />
+	<target host="gs1.wpc.edgecastcdn.net" />
+	<target host="ne1.wpc.edgecastcdn.net" />
 
-	<rule from="^http://(?:ne\.wa|gs1\.wp)c\.edgecastcdn\.net/"
-		to="https://ne.wac.edgecastcdn.net/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Edge_Snapbacks.com.xml b/src/chrome/content/rules/Edge_Snapbacks.com.xml
deleted file mode 100644
index 9a12ecc6720a..000000000000
--- a/src/chrome/content/rules/Edge_Snapbacks.com.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	For other Sylvan Company coverage, see Sylvan_Company.com.xml.
-
--->
-<ruleset name="Edge Snapbacks.com">
-
-	<target host="edgesnapbacks.com" />
-	<target host="*.edgesnapbacks.com" />
-
-
-	<securecookie host="^(?:w*\.)?edgesnapbacks\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?edgesnapbacks\.com/"
-		to="https://$1edgesnapbacks.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Edgeboss.net.xml b/src/chrome/content/rules/Edgeboss.net.xml
deleted file mode 100644
index 544285e60a43..000000000000
--- a/src/chrome/content/rules/Edgeboss.net.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<!--
-	For other Akamai coverage, see Akamai.net.xml.
-
--->
-<ruleset name="edgeboss.net (partial)">
-
-	<target host="sun.edgeboss.net" />
-
-
-	<rule from="^http://sun\.edgeboss\.net/"
-		to="https://a248.e.akamai.net/f/147/6387/5/sun.edgeboss.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Edgekey.net.xml b/src/chrome/content/rules/Edgekey.net.xml
new file mode 100644
index 000000000000..0a2baef98539
--- /dev/null
+++ b/src/chrome/content/rules/Edgekey.net.xml
@@ -0,0 +1,17 @@
+<!--
+	Fully covered hosts in *edgekey.net:
+
+		- ec2-images-amazon.test
+
+-->
+<ruleset name="Edgekey.net (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ec2-images-amazon.test.edgekey.net" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Edgerunner.com.xml b/src/chrome/content/rules/Edgerunner.com.xml
index 629cbdbefa45..c9b0fe31ce0f 100644
--- a/src/chrome/content/rules/Edgerunner.com.xml
+++ b/src/chrome/content/rules/Edgerunner.com.xml
@@ -12,7 +12,6 @@
 	<securecookie host="^store\.edgerunner\.com$" name=".+" />
 
 
-	<rule from="^http://store\.edgerunner\.com/"
-		to="https://store.edgerunner.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Edgewall-Software.xml b/src/chrome/content/rules/Edgewall-Software.xml
index fb8be29f0167..ff66e19883c1 100644
--- a/src/chrome/content/rules/Edgewall-Software.xml
+++ b/src/chrome/content/rules/Edgewall-Software.xml
@@ -1,21 +1,28 @@
 <!--
-	Nonfunctional subdomains:
+	Edgewall Software
 
-		- /		(cert matches, shows hg.edgewall.org's data)
-		- babel		(cert: /edgewall.com; shows hg.edgewall.org's data)
-		- bitten	(ditto)
-		- genshi	(ditto)
-		- posterity	(ditto)
-		- trac		(ditto)
-		- www		(ditto)
+
+	Nonfunctional hosts in *edgewall.org
+
+		- babel *
+		- bitten *
+		- genshi *
+		- posterity *
+		- trac *
+
+	* Shows ^edgewall.org
 
 -->
-<ruleset name="Edgewall Software (partial)">
+<ruleset name="Edgewall.org (partial)">
 
+	<!--	Direct rewrites:
+				-->
+	<target host="edgewall.org" />
 	<target host="hg.edgewall.org" />
+	<target host="www.edgewall.org" />
 
 
-	<rule from="^http://hg\.edgewall\.org/"
-		to="https://hg.edgewall.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Edinburgh.gov.uk.xml b/src/chrome/content/rules/Edinburgh.gov.uk.xml
new file mode 100644
index 000000000000..11180222aa02
--- /dev/null
+++ b/src/chrome/content/rules/Edinburgh.gov.uk.xml
@@ -0,0 +1,51 @@
+<!--
+	The City of Edinburgh Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *edinburgh.gov.uk:
+
+		- (www.)?budget ᵇ
+		- yourlibrary ³
+
+	³ 403
+	ᵇ Shows default page
+
+
+	These altnames don't exist:
+
+		- www.consultationhub.edinburgh.gov.uk
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- myaccount.edinburgh.gov.uk
+		- www.edinburgh.gov.uk
+		- .www.edinburgh.gov.uk
+
+-->
+<ruleset name="Edinburgh.gov.uk (partial)">
+
+	<target host="edinburgh.gov.uk" />
+	<target host="auth.edinburgh.gov.uk" />
+	<target host="my.edinburgh.gov.uk" />
+	<target host="myaccount.edinburgh.gov.uk" />
+	<target host="consultationhub.edinburgh.gov.uk" />
+	<target host="www.edinburgh.gov.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^myaccount\.edinburgh\.gov\.uk$" name="^cookietest$" /-->
+	<!--securecookie host="^www\.edinburgh\.gov\.uk$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^\.www\.edinburgh\.gov\.uk$" name="^TestCookie$" /-->
+
+	<securecookie host="^\." name="^_gat?$" />
+	<securecookie host="^(?!\.edinburgh\.gov\.uk)." name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Editmysite.com.xml b/src/chrome/content/rules/Editmysite.com.xml
new file mode 100644
index 000000000000..eeaa36b18a3d
--- /dev/null
+++ b/src/chrome/content/rules/Editmysite.com.xml
@@ -0,0 +1,52 @@
+<!--
+	For other Weebly coverage, see Weebly.xml.
+
+
+	CDN buckets:
+
+		- cdn1.editmysite.com.cdngc.net
+		- cdn2.editmysite.com.cdngc.net
+
+
+	Nonfunctional subdomains:
+
+		- preview *
+		- static *
+
+	* Times out
+
+
+	Problematic subdomains:
+
+		- ^ ¹
+		- www ²
+
+	¹ Shows weebly.com
+	² Mixed css from cdn[12]
+
+
+	Mixed content:
+
+		- css on www from cdn[12] *
+
+	* Secured by us
+
+-->
+<ruleset name="editmysite.com (partial)">
+
+	<target host="editmysite.com" />
+	<target host="www.editmysite.com" />
+	<target host="cdn1.editmysite.com" />
+	<target host="cdn2.editmysite.com" />
+		<!--
+			Avoid false/broken MCB:
+						-->
+		<exclusion pattern="^http://(?:www\.)?editmysite\.com/+(?!(?:developer/none|favicon)\.ico)" />
+
+
+	<rule from="^http://(?:www\.)?editmysite\.com/"
+		to="https://www.editmysite.com/" />
+
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Editola.xml b/src/chrome/content/rules/Editola.xml
index b7bbc777cf5a..6a6e42f44ff1 100644
--- a/src/chrome/content/rules/Editola.xml
+++ b/src/chrome/content/rules/Editola.xml
@@ -1,13 +1,21 @@
-<ruleset name="Editola">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://editola.com/ => https://editola.com/: (7, 'Failed to connect to editola.com port 443: Connection refused')
+Fetch error: http://www.editola.com/ => https://www.editola.com/: (7, 'Failed to connect to www.editola.com port 443: Connection refused')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://editola.com/ => https://editola.com/: (28, 'Connection timed out after 10000 milliseconds')
+-->
+<ruleset name="Editola" default_off="failed ruleset test">
 
 	<target host="editola.com" />
-	<target host="*.editola.com" />
+	<target host="www.editola.com" />
 
 
 	<securecookie host="^\.editola\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?editola\.com/"
-		to="https://$1editola.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/EditorConfig.org.xml b/src/chrome/content/rules/EditorConfig.org.xml
new file mode 100644
index 000000000000..976d92b2f7e2
--- /dev/null
+++ b/src/chrome/content/rules/EditorConfig.org.xml
@@ -0,0 +1,17 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- www.editorconfig.org
+		- pydocs.editorconfig.org
+-->
+<ruleset name="EditorConfig.org">
+	<target host="editorconfig.org" />
+	<target host="www.editorconfig.org" />
+	<target host="docs.editorconfig.org" />
+	<target host="javadocs.editorconfig.org" />
+
+	<rule from="^http://www\.editorconfig\.org/"
+		to="https://editorconfig.org/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Editorialmanager.com.xml b/src/chrome/content/rules/Editorialmanager.com.xml
new file mode 100644
index 000000000000..39f183615198
--- /dev/null
+++ b/src/chrome/content/rules/Editorialmanager.com.xml
@@ -0,0 +1,23 @@
+<!--
+	Problematic subdomains:
+
+		- ^ ¹
+
+	¹: Not found
+
+	Note: I think that it might also be possible to redirect
+	http://www.edmgr.com/ to https://www.editorialmanager.com.
+	This is left out to be on the safe side.
+
+-->
+<ruleset name="Editorialmanager.com">
+
+	<target host="editorialmanager.com" />
+	<target host="www.editorialmanager.com" />
+
+	<securecookie host="\.editorialmanager\.com" name=".+" />
+
+	<rule from="^http://(?:www\.)?editorialmanager\.com/"
+		to="https://www.editorialmanager.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Edlund.dk.xml b/src/chrome/content/rules/Edlund.dk.xml
new file mode 100644
index 000000000000..0eefd37dc433
--- /dev/null
+++ b/src/chrome/content/rules/Edlund.dk.xml
@@ -0,0 +1,9 @@
+<ruleset name="Edlund.dk">
+	<target host="edlund.dk" />
+	<target host="www.edlund.dk" />
+
+	<securecookie host="(www)?\.?edlund\.dk" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Edoceo.com.xml b/src/chrome/content/rules/Edoceo.com.xml
new file mode 100644
index 000000000000..6077a1d3d6e8
--- /dev/null
+++ b/src/chrome/content/rules/Edoceo.com.xml
@@ -0,0 +1,37 @@
+<!--
+	Other Edoceo rulesets:
+
+		- WeedTraQR.com.xml
+
+
+	Nonfunctional hosts in *edoceo.com:
+
+		- imperium ¹
+		- praxis ²
+
+	¹ Shows turktk.com
+	² Shows ^edoceo.com
+
+
+	Insecure cookies are set for these hosts:
+
+		- edoceo.com
+
+-->
+<ruleset name="Edoceo.com (partial)">
+
+	<target host="edoceo.com" />
+	<target host="www.edoceo.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^edoceo\.com$" name="^edoceo$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Edrive-hosting.xml b/src/chrome/content/rules/Edrive-hosting.xml
index 1a0aed2f2c46..f316eede801d 100644
--- a/src/chrome/content/rules/Edrive-hosting.xml
+++ b/src/chrome/content/rules/Edrive-hosting.xml
@@ -1,11 +1,19 @@
-<ruleset name="edrive hosting (partial)">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://edrive-hosting.cz/ => https://edrive-hosting.cz/: (60, 'SSL certificate problem: self signed certificate')
+Fetch error: http://www.edrive-hosting.cz/ => https://www.edrive-hosting.cz/: (60, 'SSL certificate problem: self signed certificate')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://edrive-hosting.cz/ => https://edrive-hosting.cz/: (51, "SSL: no alternative certificate subject name matches target host name 'edrive-hosting.cz'")
+-->
+<ruleset name="edrive hosting (partial)" default_off="failed ruleset test">
 
 	<target host="edrive-hosting.cz"/>
 	<target host="www.edrive-hosting.cz"/>
 
-	<securecookie host="^www\.edrive-hosting\.cz$" name=".*"/>
+	<securecookie host="^www\.edrive-hosting\.cz$" name=".+" />
 
-	<rule from="^http://(www\.)?edrive-hosting\.cz/"
-		to="https://$1edrive-hosting.cz/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/EduBlogs.org.xml b/src/chrome/content/rules/EduBlogs.org.xml
new file mode 100644
index 000000000000..1a581e02f3cd
--- /dev/null
+++ b/src/chrome/content/rules/EduBlogs.org.xml
@@ -0,0 +1,14 @@
+<!--
+	Remark: *.edublogs.org has a wildcard DNS record and a wildcard certificate. 
+
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- files.campus.edublogs.org
+-->
+<ruleset name="Edublogs.org">
+	<target host="edublogs.org" />
+	<target host="www.edublogs.org" />
+	<target host="campus.edublogs.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/EduId.ch.xml b/src/chrome/content/rules/EduId.ch.xml
new file mode 100644
index 000000000000..16bdbe93c380
--- /dev/null
+++ b/src/chrome/content/rules/EduId.ch.xml
@@ -0,0 +1,26 @@
+<ruleset name="Eduid (SWITCH)">
+
+	<target host="eduid.ch" />
+	<target host="login.eduid.ch" />
+	<target host="www.eduid.ch" />
+	<target host="test.login.eduid.ch" />
+	<target host="login.switch.eduid.ch" />
+	<target host="test.eduid.ch" />
+	<target host="login.aaidemo.test.eduid.ch" />
+	<target host="login.idph.test.eduid.ch" />
+	<target host="login.test.eduid.ch" />
+	<target host="login.switch.test.eduid.ch" />
+
+	<securecookie host=".+" name=".+" />
+
+	<!--
+	test.login.eduid.ch redirects to test.eduid.ch but
+	has no valid certificate.
+	-->
+	<rule from="^http://test\.login\.eduid\.ch/"
+		to="https://test.eduid.ch/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/EduPage.xml b/src/chrome/content/rules/EduPage.xml
new file mode 100644
index 000000000000..d788832fab4e
--- /dev/null
+++ b/src/chrome/content/rules/EduPage.xml
@@ -0,0 +1,20 @@
+<ruleset name="EduPage">
+	<target host="edupage.org" />
+	<target host="*.edupage.org" />
+
+	<exclusion pattern="^http://mobile\.edupage\.org/" />
+	<exclusion pattern="^http://help\.edupage\.org/" />
+
+	<securecookie host="^.+\.edupage\.org$" name="^PHPSESSID$" />
+
+	<test url="http://www.edupage.org/" />
+	<test url="http://mobile.edupage.org/" />
+	<test url="http://help.edupage.org/" />
+	<test url="http://classbook.edupage.org/" />
+	<test url="http://classregister.edupage.org/" />
+	<test url="http://klassenbuch.edupage.org/" />
+	<test url="http://tridnikniha.edupage.org/" />
+	<test url="http://gymbos.edupage.org/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Edublogs.xml b/src/chrome/content/rules/Edublogs.xml
deleted file mode 100644
index c7f972c38aba..000000000000
--- a/src/chrome/content/rules/Edublogs.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<ruleset name="Edublogs">
-
-	<target host="edublogs.org" />
-	<target host="*.edublogs.org" />
-
-
-	<securecookie host="^(?:.+\.)?edublogs\.org$" name=".+" />
-
-
-	<!--	Unique subdomains per client.
-						-->
-	<rule from="^http://([\w-]+\.)?edublogs\.org/"
-		to="https://$1edublogs.org/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/EducaCursos.xml b/src/chrome/content/rules/EducaCursos.xml
index 5e4a96d2ab61..59b87bd3f503 100644
--- a/src/chrome/content/rules/EducaCursos.xml
+++ b/src/chrome/content/rules/EducaCursos.xml
@@ -1,13 +1,12 @@
 <ruleset name="EducaCursos">
 
 	<target host="educacursos.com" />
-	<target host="*.educacursos.com" />
+	<target host="www.educacursos.com" />
 
 
 	<securecookie host="^(?:w*\.)?educacursos\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?educacursos\.com/"
-		to="https://$1educacursos.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/EducateAutism.com.xml b/src/chrome/content/rules/EducateAutism.com.xml
new file mode 100644
index 000000000000..3bcc9eb8d423
--- /dev/null
+++ b/src/chrome/content/rules/EducateAutism.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="EducateAutism.com">
+	<target host="educateautism.com" />
+	<target host="www.educateautism.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Educate_the_world.com.au.xml b/src/chrome/content/rules/Educate_the_world.com.au.xml
new file mode 100644
index 000000000000..01f8d3106e14
--- /dev/null
+++ b/src/chrome/content/rules/Educate_the_world.com.au.xml
@@ -0,0 +1,30 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://educatetheworld.com.au/ => https://educatetheworld.com.au/: (51, "SSL: no alternative certificate subject name matches target host name 'educatetheworld.com.au'")
+Fetch error: http://www.educatetheworld.com.au/ => https://www.educatetheworld.com.au/: (51, "SSL: no alternative certificate subject name matches target host name 'www.educatetheworld.com.au'")
+
+	Fully covered hosts:
+
+		- (www.)?
+
+
+	Mixed content:
+
+		- Images from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="educate the world.com.au" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="educatetheworld.com.au" />
+	<target host="www.educatetheworld.com.au" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Education-Next.xml b/src/chrome/content/rules/Education-Next.xml
deleted file mode 100644
index 08da3d0223c8..000000000000
--- a/src/chrome/content/rules/Education-Next.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<ruleset name="Education Next" default_off="mismatch, self-signed">
-
-	<!--	Cert: educationnext.hks.harvard.edu	-->
-	<target host="educationnext.org" />
-	<target host="www.educationnext.org" />
-	<target host="educationnext.hks.harvard.edu" />
-
-
-	<securecookie host="^educationnext\.org$" name=".*" />
-
-
-	<rule from="^https?://(?:www\.)?educationnext\.org/wp-content/"
-		to="https://educationnext.hks.harvard.edu/wp-content/" />
-
-	<!--	- Pages redirect back from educationnext.hks.harvard.edu
-		- files/... redirects to ...org/$
-					-->
-	<rule from="^https?://(?:www\.)?educationnext\.org/"
-		to="https://educationnext.org/" />
-
-	<rule from="^http://educationnext\.hks\.harvard\.edu/"
-		to="https://educationnext.hks.harvard.edu/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/EducationNext.org.xml b/src/chrome/content/rules/EducationNext.org.xml
new file mode 100644
index 000000000000..507270667f85
--- /dev/null
+++ b/src/chrome/content/rules/EducationNext.org.xml
@@ -0,0 +1,11 @@
+<ruleset name="EducationNext.org">
+
+	<target host="educationnext.org" />
+	<target host="www.educationnext.org" />
+
+	<securecookie host="^educationnext\.org$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Educause.xml b/src/chrome/content/rules/Educause.xml
index 68bfb4ecd079..caa1db43e683 100644
--- a/src/chrome/content/rules/Educause.xml
+++ b/src/chrome/content/rules/Educause.xml
@@ -1,15 +1,28 @@
-<ruleset name="Educause (partial)">
+<!--
+	Fully covered subdomains:
 
-	<target host="educause.edu" />
-	<target host="*.educause.edu" />
+		- (www.)?
+		- net
+
+
+	Mixed content:
+
+		- Images, on:
 
+			- www from $self *
+			- www from pbs.twimg.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Educause.edu">
+
+	<target host="educause.edu" />
+	<target host="net.educause.edu" />
+	<target host="www.educause.edu" />
 
-	<rule from="^http://(net\.)?educause\.edu/"
-		to="https://$1educause.edu/" />
 
-	<!--	Homepage and at least some
-		other pages redirect to http.	-->
-	<rule from="^http://www\.educause\.edu/(edudomain|misc|sites|user|visuals)/"
-		to="https://www.educause.edu/$1/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Eduid.cz.xml b/src/chrome/content/rules/Eduid.cz.xml
new file mode 100644
index 000000000000..5a4d318420d0
--- /dev/null
+++ b/src/chrome/content/rules/Eduid.cz.xml
@@ -0,0 +1,18 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www2.eduid.cz/ => https://www2.eduid.cz/: (51, "SSL: no alternative certificate subject name matches target host name 'www2.eduid.cz'")
+Fetch error: http://www3.eduid.cz/ => https://www3.eduid.cz/: (51, "SSL: no alternative certificate subject name matches target host name 'www3.eduid.cz'")
+
+-->
+<ruleset name="eduid.cz" default_off="failed ruleset test">
+    <target host="eduid.cz" />
+    <target host="www.eduid.cz" />
+    <target host="www2.eduid.cz" />
+    <target host="www3.eduid.cz" />
+    <target host="ds.eduid.cz" />
+    <target host="metadata.eduid.cz" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Eduroam.cz.xml b/src/chrome/content/rules/Eduroam.cz.xml
new file mode 100644
index 000000000000..e224c3e0ff49
--- /dev/null
+++ b/src/chrome/content/rules/Eduroam.cz.xml
@@ -0,0 +1,12 @@
+<ruleset name="eduroam.cz">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="eduroam.cz" />
+	<target host="www.eduroam.cz" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Eduroam.no.xml b/src/chrome/content/rules/Eduroam.no.xml
deleted file mode 100644
index 0cf0e1377ad7..000000000000
--- a/src/chrome/content/rules/Eduroam.no.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="eduroam.no">
-
-	<target host="eduroam.no" />
-	<target host="www.eduroam.no" />
-
-
-	<rule from="^http://(www\.)?eduroam\.no/"
-		to="https://$1eduroam.no/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Eduroam.org.xml b/src/chrome/content/rules/Eduroam.org.xml
deleted file mode 100644
index 7dcae38d30ac..000000000000
--- a/src/chrome/content/rules/Eduroam.org.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="eduroam.org">
-
-	<target host="eduroam.org" />
-	<target host="*.eduroam.org" />
-
-
-	<!--	^ works over https, but redirects to www
-		over http => replicate that behavior
-							-->
-	<rule from="^http://(?:www\.)?eduroam\.org/"
-		to="https://www.eduroam.org/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Eduroam_ES.xml b/src/chrome/content/rules/Eduroam_ES.xml
index eb80d1074e4a..8855cf4900ec 100644
--- a/src/chrome/content/rules/Eduroam_ES.xml
+++ b/src/chrome/content/rules/Eduroam_ES.xml
@@ -7,7 +7,6 @@
 	<target host="www.eduroam.es" />
 
 
-	<rule from="^http://www\.eduroam\.es/"
-		to="https://www.eduroam.es/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Edvina.net.xml b/src/chrome/content/rules/Edvina.net.xml
new file mode 100644
index 000000000000..051fc9966f7b
--- /dev/null
+++ b/src/chrome/content/rules/Edvina.net.xml
@@ -0,0 +1,27 @@
+<!--
+	Other Edvina rulesets:
+
+		- TLS-o-Matic.com.xml
+
+
+	www: Refused
+
+-->
+<ruleset name="Edvina.net">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="edvina.net" />
+
+	<!--	Complications:
+				-->
+	<target host="www.edvina.net" />
+
+
+	<rule from="^http://www\.edvina\.net/"
+		to="https://edvina.net/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Edward_Tufte.xml b/src/chrome/content/rules/Edward_Tufte.xml
index 0f83fed9197d..f415dd71d598 100644
--- a/src/chrome/content/rules/Edward_Tufte.xml
+++ b/src/chrome/content/rules/Edward_Tufte.xml
@@ -11,7 +11,6 @@
 	<securecookie host="^www\.edwardtufte\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?edwardtufte\.com/"
-		to="https://www.edwardtufte.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Eerdmans.com.xml b/src/chrome/content/rules/Eerdmans.com.xml
new file mode 100644
index 000000000000..5241c14fbce0
--- /dev/null
+++ b/src/chrome/content/rules/Eerdmans.com.xml
@@ -0,0 +1,24 @@
+<!--
+	^: cert only matches www
+
+
+	Mixed content:
+
+		- Images from www *
+
+	* Secured by us
+
+-->
+<ruleset name="Eerdmans.com">
+
+	<target host="eerdmans.com" />
+	<target host="www.eerdmans.com" />
+
+
+	<securecookie host="^\.eerdmans\.com$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?eerdmans\.com/"
+		to="https://www.eerdmans.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Efax.co.uk.xml b/src/chrome/content/rules/Efax.co.uk.xml
index 1d4ef591f2c2..e045c61aaab1 100644
--- a/src/chrome/content/rules/Efax.co.uk.xml
+++ b/src/chrome/content/rules/Efax.co.uk.xml
@@ -1,3 +1,7 @@
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://efax.co.uk/ => http://efax.co.uk/: (28, 'Operation timed out after 15001 milliseconds with 0 bytes received')
+-->
 <ruleset name="efax.co.uk (partial)">
 
 	<target host="efax.co.uk" />
diff --git a/src/chrome/content/rules/Efax.com.xml b/src/chrome/content/rules/Efax.com.xml
deleted file mode 100644
index fc4fd5479152..000000000000
--- a/src/chrome/content/rules/Efax.com.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	CDN buckets:
-
-		- assetsi.efax.com.edgesuite.net
-
-			- a1507.g.akamai.net
-
-		- home.efax.com
-
-			- a241.g.akamai.net
-
--->
-<ruleset name="efax.com (partial)">
-
-	<target host="assetsi.efax.com.edgesuite.net" />
-	<target host="home.efax.com" />
-
-
-	<rule from="^http://assetsi\.efax\.com\.edgesuite\.net/"
-		to="https://a248.e.akamai.net/f/1507/2902/1/assetsi.efax.com.edgesuite.net/" />
-
-	<rule from="^http://home\.efax\.com/"
-		to="https://a248.e.akamai.net/f/241/6787/6/home.efax.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Effective-Measure-mismatches.xml b/src/chrome/content/rules/Effective-Measure-mismatches.xml
index 600f2eb72431..f62d42603c88 100644
--- a/src/chrome/content/rules/Effective-Measure-mismatches.xml
+++ b/src/chrome/content/rules/Effective-Measure-mismatches.xml
@@ -1,17 +1,68 @@
 <!--
-	For rules that are on by default, see Effective-Measure.xml.
+	Other Effective Measure rulesets:
+
+		- Effective-Measure.xml
+
+
+	Problematic hosts in *effectivemeasure.com:
+
+		- ^ ¹
+		- login ²
+		- www ²
+
+	¹ Dropped
+	² Mismatched
+
+
+	Fully covered hosts in *effectivemeasure.com:
+
+		- (www.)?	(^ → www)
+		- login
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.effectivemeasure.com
+
+
+	Mixed content:
+
+		- css, on:
+
+			- www from $self
+			- www from fonts.googleapis.com *
+
+		- Images, on:
+
+			- login from www.adobe.com *
+			- www from $self
+
+	* Secured by us
 
 -->
-<ruleset name="Effective Measure (mismatches)" default_off="mismatch">
+<ruleset name="Effective Measure.com" default_off="mismatched" platform="mixedcontent">
 
-	<target host="effectivemeasure.net" />
-	<target host="www.effectivemeasure.net" />
+	<!--	Direct rewrites:
+				-->
+	<target host="login.effectivemeasure.com" />
+	<target host="www.effectivemeasure.com" />
 
+	<!--	Complications:
+				-->
+	<target host="effectivemeasure.com" />
 
-	<!--	- !www times out
-		- Akamai
+
+	<!--	Not secured by server:
 					-->
-	<rule from="^https?://(?:www\.)?effectivemeasure\.net/"
-		to="https://www.effectivemeasure.net/" />
+	<!--securecookie host="^www\.effectivemeasure\.com$" name="edd_items_in_cart$" /-->
+
+	<securecookie host="^www\.effectivemeasure\.com$" name=".+" />
+
+
+	<rule from="^http://effectivemeasure\.com/"
+		to="https://www.effectivemeasure.com/" />
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Effective-Measure.xml b/src/chrome/content/rules/Effective-Measure.xml
index 65090e6b04cf..06710f33b80f 100644
--- a/src/chrome/content/rules/Effective-Measure.xml
+++ b/src/chrome/content/rules/Effective-Measure.xml
@@ -1,30 +1,78 @@
 <!--
-	For problematic rules, see Effective-Measures-mismatches.xml.
 
+	For other Effective Measure coverage, see Effective-Measures-mismatches.xml.
 
-	Nonfunctional subdomains:
+	Timeout:
 
-		- login.effectivemeasure.com	(Akamai; 504)
+		- ^
 
--->
-<ruleset name="Effective Measure">
+	Problematic hosts in *effectivemeasure.net:
 
-	<target host="*.effectivemeasure.net" />
+		- us ¹
+		- za ²
 
+	¹ Cloudfront
+	² Akamai
 
-	<securecookie host="^\.effectivemeasure\.net$" name=".*" />
 
+	Fully covered hosts in *effectivemeasure.net:
 
-	<rule from="^http://((?:au3?|in|me|www)\.)effectivemeasure\.net/"
-		to="https://$1effectivemeasure.net/" />
+		- (www.)?
+		- au
+		- au3
+		- in
+		- me
+		- me-cdn
+		- s
+		- us	(→ us3.effectivemeasure.net)
+		- us1
+		- za	(→ za1.effectivemeasure.net)
+		- za1
 
-	<!--	za: Akamai	-->
-	<rule from="^https?://za1?\.effectivemeasure\.net/"
-		to="https://za1.effectivemeasure.net/" />
 
-	<!--	us: CloudFront.
+	Insecure cookies are set for these domains:
+
+		- .effectivemeasure.net
+
+-->
+<ruleset name="Effective Measure.net" >
+
+	<!--	Direct rewrites:
+				-->
+	<target host="effectivemeasure.net" />
+	<target host="www.effectivemeasure.net" />
+	<target host="au.effectivemeasure.net" />
+	<target host="au3.effectivemeasure.net" />
+	<target host="in.effectivemeasure.net" />
+	<target host="me.effectivemeasure.net" />
+	<target host="me-cdn.effectivemeasure.net" />
+	<target host="s.effectivemeasure.net" />
+	<target host="us1.effectivemeasure.net" />
+	<target host="za1.effectivemeasure.net" />
+
+	<!--	Complications:
 				-->
-	<rule from="^https?://us3?\.effectivemeasure\.net/"
+	<target host="us.effectivemeasure.net" />
+	<target host="za.effectivemeasure.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.effectivemeasure\.net$" name="^vt?$" /-->
+
+	<securecookie host="^\.effectivemeasure\.net$" name=".+" />
+
+
+	<rule from="^http://us\.effectivemeasure\.net/"
 		to="https://us3.effectivemeasure.net/" />
 
+	<rule from="^http://za\.effectivemeasure\.net/"
+		to="https://za1.effectivemeasure.net/" />
+
+	<rule from="^http://effectivemeasure\.net/"
+		to="https://www.effectivemeasure.net/" />
+
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/Effi.org.xml b/src/chrome/content/rules/Effi.org.xml
index fc948cb8e65a..a4a2693f58dd 100644
--- a/src/chrome/content/rules/Effi.org.xml
+++ b/src/chrome/content/rules/Effi.org.xml
@@ -1,6 +1,21 @@
+<!--
+	Invalid certificate:
+		shop.effi.org
+		snowden.effi.org
+		tor.effi.org
+
+-->
 <ruleset name="Effi.org">
-  <target host="effi.org"/>
-  <target host="www.effi.org"/>
-  <rule from="^http://(www\.)?effi\.org/" to="https://effi.org/"/>
+
+	<target host="effi.org" />
+	<target host="www.effi.org" />
+	<target host="acta.effi.org" />
+	<target host="listat.effi.org" />
+	<target host="lists.effi.org" />
+	<target host="riisto.effi.org" />
+	<target host="wiki.effi.org" />
+	<target host="winston.effi.org" />
+
+	<rule from="^http:" to="https:" />
+
 </ruleset>
-<!-- Rule generated by HTTPS Finder 0.85 -->
\ No newline at end of file
diff --git a/src/chrome/content/rules/EfficiOS.xml b/src/chrome/content/rules/EfficiOS.xml
index 8140532e4e4c..a3a1d6607a6e 100644
--- a/src/chrome/content/rules/EfficiOS.xml
+++ b/src/chrome/content/rules/EfficiOS.xml
@@ -1,13 +1,12 @@
 <ruleset name="EfficiOS">
 
 	<target host="efficios.com" />
-	<target host="*.efficios.com" />
+	<target host="www.efficios.com" />
 
 
 	<securecookie host="^\.efficios\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?efficios\.com/"
-		to="https://$1efficios.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Effiliation.xml b/src/chrome/content/rules/Effiliation.xml
index 3c1d8e5b52d8..260e56567c60 100644
--- a/src/chrome/content/rules/Effiliation.xml
+++ b/src/chrome/content/rules/Effiliation.xml
@@ -12,7 +12,6 @@
 	<securecookie host="^track\.effiliation\.com$" name=".+" />
 
 
-	<rule from="^http://track\.effiliation\.com/"
-		to="https://track.effiliation.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Egedalkommune.dk.xml b/src/chrome/content/rules/Egedalkommune.dk.xml
new file mode 100644
index 000000000000..86579f13b111
--- /dev/null
+++ b/src/chrome/content/rules/Egedalkommune.dk.xml
@@ -0,0 +1,19 @@
+<!--
+	Not covered:
+
+		- infokort ¹
+
+	¹: Refused
+-->
+
+<ruleset name="Egedalkommune.dk">
+
+	<target host="egedalkommune.dk" />
+	<target host="www.egedalkommune.dk" />
+
+	<securecookie host="^\.?www\.egedalkommune\.dk$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Egg.xml b/src/chrome/content/rules/Egg.xml
index 4e2876e1e78b..0909ab6c28d8 100644
--- a/src/chrome/content/rules/Egg.xml
+++ b/src/chrome/content/rules/Egg.xml
@@ -1,7 +1,10 @@
 <ruleset name="Egg">
-  <target host="*.egg.com"/>
+  <target host="new.egg.com" />
+  <target host="www.egg.com" />
+  <target host="your.egg.com" />
+  <target host="phonehome.egg.com" />
   <target host="egg.com"/>
 
   <rule from="^http://(?:new\.|www\.)?egg\.com/" to="https://new.egg.com/"/>
-  <rule from="^http://(your|phonehome)\.egg\.com/" to="https://$1.egg.com/"/>
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Egnyte.xml b/src/chrome/content/rules/Egnyte.xml
index 51174a204cd9..c13426d10ae4 100644
--- a/src/chrome/content/rules/Egnyte.xml
+++ b/src/chrome/content/rules/Egnyte.xml
@@ -3,7 +3,7 @@
 	<target host="egnyte.com"/>
 	<target host="*.egnyte.com"/>
 
-	<securecookie host="^(.*\.)?egnyte\.com$" name=".*"/>
+	<securecookie host=".+" name=".+" />
 
 	<!--	encountered subdomains:
 			- blog
diff --git a/src/chrome/content/rules/Egotastic.xml b/src/chrome/content/rules/Egotastic.xml
new file mode 100644
index 000000000000..81f64ba379b9
--- /dev/null
+++ b/src/chrome/content/rules/Egotastic.xml
@@ -0,0 +1,18 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://egotasticallstars.com/ => https://egotasticallstars.com/: (51, "SSL: no alternative certificate subject name matches target host name 'egotasticallstars.com'")
+Fetch error: http://www.egotasticallstars.com/ => https://www.egotasticallstars.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.egotasticallstars.com'")
+
+-->
+<ruleset name="Egotastic" default_off="failed ruleset test">
+
+	<target host="egotastic.com" />
+	<target host="www.egotastic.com" />
+	<target host="egotasticallstars.com" />
+	<target host="www.egotasticallstars.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Egy.best.xml b/src/chrome/content/rules/Egy.best.xml
new file mode 100644
index 000000000000..0f9cd6d79fcc
--- /dev/null
+++ b/src/chrome/content/rules/Egy.best.xml
@@ -0,0 +1,9 @@
+<ruleset name="Egy.best">
+	<target host="egy.best" />
+	<target host="www.egy.best" />
+	<target host="cdn.egy.best" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Egypt-Independent.xml b/src/chrome/content/rules/Egypt-Independent.xml
deleted file mode 100644
index ce0653221f0d..000000000000
--- a/src/chrome/content/rules/Egypt-Independent.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Egypt Independent" default_off="expired, mismatch, self-signed">
-
-	<!--	Cert: *.acquia-sites.com	-->
-	<target host="egyptindependent.com" />
-	<target host="www.egyptindependent.com" />
-
-
-	<!--	!www 301s to www.
-			-->
-	<rule from="^https?://(?:www\.)?egyptindependent\.com/"
-		to="https://www.egyptindependent.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Ehospice.xml b/src/chrome/content/rules/Ehospice.xml
index d2fcb644a3b1..c1ff16b79cf3 100644
--- a/src/chrome/content/rules/Ehospice.xml
+++ b/src/chrome/content/rules/Ehospice.xml
@@ -7,7 +7,6 @@
 	<securecookie host="^www\.ehospice\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?ehospice\.com/"
-		to="https://$1ehospice.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Ehosting.ca.xml b/src/chrome/content/rules/Ehosting.ca.xml
new file mode 100644
index 000000000000..af5fe40fedce
--- /dev/null
+++ b/src/chrome/content/rules/Ehosting.ca.xml
@@ -0,0 +1,49 @@
+<!--
+	Problematic domains:
+
+		- ehosting.ca subdomains:
+
+			- (www.) ¹
+			- cpanel ²
+			- renewals ²
+			- webmail ²
+
+		- (www.)mecca.ca ³
+
+	¹ Works; mismatched, CN: ssl.mecca.ca
+	² Shows www
+	³ Works; expired, mismatched, CN: *.ehosting.ca
+
+-->
+<ruleset name="ehosting.ca (partial)">
+
+	<target host="ehosting.ca" />
+	<target host="*.ehosting.ca" />
+	<target host="mecca.ca" />
+	<target host="*.mecca.ca" />
+
+
+	<!--	Not secured by server:
+					-->
+	<securecookie host="^\.?ssl\.mecca\.ca$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?(?:ehosting|mecca)\.ca/"
+		to="https://ssl.mecca.ca/" />
+
+	<!--	Redirects drops args:
+					-->
+	<rule from="^http://cpanel\.ehosting\.ca/+(?:$|\?.*)"
+		to="https://ssl.mecca.ca/service/" />
+
+	<!--	Redirects drops args:
+					-->
+	<rule from="^http://renewals\.ehosting\.ca/+(?:$|\?.*)"
+		to="https://ssl.mecca.ca/apps/payment.php" />
+
+	<!--	Redirects drops args:
+					-->
+	<rule from="^http://webmail\.ehosting\.ca/+(?:$|\?.*)"
+		to="https://ssl.mecca.ca/horde/imp/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ehosts.net.xml b/src/chrome/content/rules/Ehosts.net.xml
new file mode 100644
index 000000000000..b328beb0e9df
--- /dev/null
+++ b/src/chrome/content/rules/Ehosts.net.xml
@@ -0,0 +1,10 @@
+<ruleset name="ehosts.net">
+
+	<target host="newegg.ehosts.net" />
+	<target host="parago.ehosts.net" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ehrensenf.xml b/src/chrome/content/rules/Ehrensenf.xml
index 12d9f80e6e9b..d714f87239f5 100644
--- a/src/chrome/content/rules/Ehrensenf.xml
+++ b/src/chrome/content/rules/Ehrensenf.xml
@@ -2,7 +2,7 @@
   <target host="ehrensenf.de"/>
   <target host="www.ehrensenf.de"/>
 
-  <securecookie host="^(.*\.)?ehrensenf\.de$" name=".*" />
+  <securecookie host=".+" name=".+" />
 
   <rule from="^http://(?:www\.)?ehrensenf\.de/" to="https://www.ehrensenf.de/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/Eicar.org.xml b/src/chrome/content/rules/Eicar.org.xml
new file mode 100644
index 000000000000..0ec7ed927b0b
--- /dev/null
+++ b/src/chrome/content/rules/Eicar.org.xml
@@ -0,0 +1,21 @@
+<!--
+
+	Problematic hosts in *eicar.org:
+
+		- ^ (self-signed)
+
+-->
+<ruleset name="Eicar.org">
+
+	<target host="eicar.org" />
+	<target host="www.eicar.org" />
+	<target host="analytics.eicar.org" />
+	<target host="secure.eicar.org" />
+
+	<rule from="^http://eicar\.org/"
+		to="https://www.eicar.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Eid.lt.xml b/src/chrome/content/rules/Eid.lt.xml
index e5041e517d6a..518da8218afd 100644
--- a/src/chrome/content/rules/Eid.lt.xml
+++ b/src/chrome/content/rules/Eid.lt.xml
@@ -1,15 +1,20 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://stork.eid.lt/ => https://stork.eid.lt/: (51, "SSL: no alternative certificate subject name matches target host name 'stork.eid.lt'")
+
+Automatically by https-everywhere-checker because:
+Fetch error: http://stork.eid.lt/ => https://stork.eid.lt/: (28, 'Connection timed out after 10000 milliseconds')
 	Nonfunctional subdomains:
 
 		- (www.)	(times out)
 
 -->
-<ruleset name="eid.lt (partial)">
+<ruleset name="eid.lt (partial)" default_off="failed ruleset test">
 
 	<target host="stork.eid.lt" />
 
 
-	<rule from="^http://stork\.eid\.lt/"
-		to="https://stork.eid.lt/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Eide-ITC.no.xml b/src/chrome/content/rules/Eide-ITC.no.xml
index dc271a055ef9..ce125b5d7be1 100644
--- a/src/chrome/content/rules/Eide-ITC.no.xml
+++ b/src/chrome/content/rules/Eide-ITC.no.xml
@@ -1,8 +1,13 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://eide-itc.no/ => https://eide-itc.no/: (51, "SSL: no alternative certificate subject name matches target host name 'eide-itc.no'")
+Fetch error: http://www.eide-itc.no/ => https://eide-itc.no/: (51, "SSL: no alternative certificate subject name matches target host name 'eide-itc.no'")
+
 	Eide ITC Consulting
 
 -->
-<ruleset name="Eide-ITC.no">
+<ruleset name="Eide-ITC.no" default_off="failed ruleset test">
 
 	<target host="eide-itc.no" />
 	<target host="www.eide-itc.no" />
@@ -14,4 +19,4 @@
 	<rule from="^http://(?:www\.)?eide-itc\.no/"
 		to="https://eide-itc.no/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Eiffel.com.xml b/src/chrome/content/rules/Eiffel.com.xml
new file mode 100644
index 000000000000..15f700eeef10
--- /dev/null
+++ b/src/chrome/content/rules/Eiffel.com.xml
@@ -0,0 +1,86 @@
+<!--
+	Problematic hosts in *eiffel.com:
+
+		- activate ¹
+		- groups ²
+		- support ¹
+
+	¹ Shows www2
+	² "Invalid Server Name"
+
+
+	Fully covered hosts in *eiffel.com:
+
+		- (www.)?
+		- activate	(→ www2.eiffel.com)
+		- docs
+		- groups	(→ groups.yahoo.com)
+		- room
+		- support	(→ www2.eiffel.com)
+
+
+	These altnames don't exist:
+
+		- www.www2.eiffel.com
+
+
+	Insecure cookies are set for these domains:
+
+		- .docs.eiffel.com
+		- .room.eiffel.com
+
+-->
+<ruleset name="Eiffel.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="eiffel.com" />
+	<target host="docs.eiffel.com" />
+	<target host="room.eiffel.com" />
+	<target host="www.eiffel.com" />
+	<target host="www2.eiffel.com" />
+
+	<!--	Complications:
+				-->
+	<target host="activate.eiffel.com" />
+	<target host="groups.eiffel.com" />
+	<target host="support.eiffel.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.(docs|room)\.eiffel\.com$" name="^SESS[\da-f]{32}$" /-->
+
+	<securecookie host="^\.(?:docs|room)\.eiffel\.com$" name=".+" />
+
+
+	<!--	Redirect keeps path, but not
+		args nor forward slash:
+					-->
+	<rule from="^http://activate\.eiffel\.com/+([^?]*)(?:\?.*)?"
+		to="https://www2.eiffel.com/activate/$1" />
+
+		<test url="http://activate.eiffel.com/?f" />
+		<test url="http://activate.eiffel.com/?o" />
+		<test url="http://activate.eiffel.com//?o" />
+		<test url="http://activate.eiffel.com/?b" />
+		<test url="http://activate.eiffel.com/?a" />
+		<test url="http://activate.eiffel.com/?r" />
+
+	<!--	Redirect keeps path and args,
+		but not forward slash:
+					-->
+	<rule from="^http://groups\.eiffel\.com/+"
+		to="https://groups.yahoo.com/group/eiffel_software/" />
+
+		<test url="http://groups.eiffel.com//" />
+
+	<rule from="^http://support\.eiffel\.com/.*"
+		to="https://www2.eiffel.com/support" />
+
+		<test url="http://support.eiffel.com//" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Eimg.com.tw.xml b/src/chrome/content/rules/Eimg.com.tw.xml
new file mode 100644
index 000000000000..fd2698cb8c57
--- /dev/null
+++ b/src/chrome/content/rules/Eimg.com.tw.xml
@@ -0,0 +1,37 @@
+<!--
+	For other KKBOX coverage, see KKBOX.com.xml.
+
+
+	Problematic subdomains:
+
+		- s *
+		- www *
+
+	* Refused
+
+
+	^eimg.com.tw doesn't exist.
+
+
+	These altnames don't exist:
+
+		- www.i.eimg.com.tw
+
+-->
+<ruleset name="eimg.com.tw">
+
+	<target host="*.eimg.com.tw" />
+
+
+	<rule from="^http://i\.eimg\.com\.tw/"
+		to="https://i.eimg.com.tw/" />
+
+	<rule from="^http://s\.eimg\.com\.tw/"
+		to="https://i.kfs.io/" />
+
+	<!--	Redirects like so:
+					-->
+	<rule from="^http://www\.eimg\.com\.tw/+"
+		to="https://www.kkbox.com/about/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Eindbazen.net.xml b/src/chrome/content/rules/Eindbazen.net.xml
new file mode 100644
index 000000000000..4601ef43fc29
--- /dev/null
+++ b/src/chrome/content/rules/Eindbazen.net.xml
@@ -0,0 +1,27 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://ctf.eindbazen.net/ (200) => https://ctf.eindbazen.net/ (401)
+
+	www.eindbazen.net: Mismatched
+
+-->
+<ruleset name="Eindbazen.net" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="eindbazen.net" />
+	<target host="ctf.eindbazen.net" />
+
+	<!--	Complications:
+				-->
+	<target host="www.eindbazen.net" />
+
+
+	<rule from="^http://www\.eindbazen\.net/"
+		to="https://eindbazen.net/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Eindhoven.nl.xml b/src/chrome/content/rules/Eindhoven.nl.xml
new file mode 100644
index 000000000000..9da0990060b9
--- /dev/null
+++ b/src/chrome/content/rules/Eindhoven.nl.xml
@@ -0,0 +1,36 @@
+<!--
+	^eindhoven.nl: Dropped
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.eindhoven.nl
+
+-->
+<ruleset name="Eindhoven.nl">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="data.eindhoven.nl" />
+	<target host="dashboard.eindhoven.nl" />
+	<target host="www.eindhoven.nl" />
+
+	<!--	Complications:
+				-->
+	<target host="eindhoven.nl" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.eindhoven\.nl$" name="^JSESSIONID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://eindhoven\.nl/"
+		to="https://www.eindhoven.nl/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Eis.de.xml b/src/chrome/content/rules/Eis.de.xml
new file mode 100644
index 000000000000..ea23f129a7a1
--- /dev/null
+++ b/src/chrome/content/rules/Eis.de.xml
@@ -0,0 +1,5 @@
+<ruleset name="Eis.de">
+	<target host="images.eis.de" />
+	<target host="www.eis.de" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ejaaba.com.xml b/src/chrome/content/rules/Ejaaba.com.xml
new file mode 100644
index 000000000000..f96f264e2a5e
--- /dev/null
+++ b/src/chrome/content/rules/Ejaaba.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="Ejaaba.com">
+	<target host="ejaaba.com" />
+	<target host="www.ejaaba.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ejabberd.im.xml b/src/chrome/content/rules/Ejabberd.im.xml
new file mode 100644
index 000000000000..96cdcfdbd752
--- /dev/null
+++ b/src/chrome/content/rules/Ejabberd.im.xml
@@ -0,0 +1,12 @@
+<ruleset name="ejabberd.im">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ejabberd.im" />
+	<target host="www.ejabberd.im" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ekiga.xml b/src/chrome/content/rules/Ekiga.xml
deleted file mode 100644
index 6c42324e0af5..000000000000
--- a/src/chrome/content/rules/Ekiga.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<ruleset name="Ekiga (partial)">
-
-	<target host="ekiga.net"/>
-	<target host="www.ekiga.net"/>
-	<target host="ekiga.org"/>
-	<target host="www.ekiga.org"/>
-
-	<rule from="^http://(www\.)?ekiga\.net/"
-		to="https://ekiga.net/"/>
-
-	<rule from="^http://(www\.)?ekiga\.org/sites/all/themes/ekiga_net/"
-		to="https://ekiga.net/"/>
-
-	<securecookie host="^(www\.)?ekiga\.net$" name=".*"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Ekm_secure.co.uk.xml b/src/chrome/content/rules/Ekm_secure.co.uk.xml
new file mode 100644
index 000000000000..041687a973bc
--- /dev/null
+++ b/src/chrome/content/rules/Ekm_secure.co.uk.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- ekmsecure.co.uk
+		- www.ekmsecure.co.uk
+
+-->
+<ruleset name="Ekm secure.co.uk">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ekmsecure.co.uk" />
+	<target host="www.ekmsecure.co.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?ekmsecure\.co\.uk$" name="^ekmpowershop$" /-->
+
+	<securecookie host="^(?:www\.)?ekmsecure\.co\.uk$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ekm_secure.com.xml b/src/chrome/content/rules/Ekm_secure.com.xml
new file mode 100644
index 000000000000..5c2bce4fa8d4
--- /dev/null
+++ b/src/chrome/content/rules/Ekm_secure.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="Ekm secure.com">
+	<target host="uifw.ekmsecure.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ekoodit.fi.xml b/src/chrome/content/rules/Ekoodit.fi.xml
new file mode 100644
index 000000000000..e24b4712c286
--- /dev/null
+++ b/src/chrome/content/rules/Ekoodit.fi.xml
@@ -0,0 +1,10 @@
+<!--
+	Certificate mismatch:
+		www.ekoodit.fi
+-->
+<ruleset name="ekoodit.fi">
+		<target host="ekoodit.fi" />
+
+		<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/EksiSozluk.com.xml b/src/chrome/content/rules/EksiSozluk.com.xml
new file mode 100644
index 000000000000..931a3646ddcd
--- /dev/null
+++ b/src/chrome/content/rules/EksiSozluk.com.xml
@@ -0,0 +1,11 @@
+<ruleset name="EksiSozluk.com">
+	<target host="eksisozluk.com" />
+	<target host="www.eksisozluk.com" />
+	<target host="m.eksisozluk.com" />
+	<target host="native.eksisozluk.com" />
+	<target host="seyler.eksisozluk.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/El-Tramo.be.xml b/src/chrome/content/rules/El-Tramo.be.xml
new file mode 100644
index 000000000000..2f1e87e15fef
--- /dev/null
+++ b/src/chrome/content/rules/El-Tramo.be.xml
@@ -0,0 +1,9 @@
+<ruleset name="El-Tramo.be">
+
+	<target host="el-tramo.be" />
+	<target host="www.el-tramo.be" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ElPais.com.xml b/src/chrome/content/rules/ElPais.com.xml
new file mode 100644
index 000000000000..a50519d8f891
--- /dev/null
+++ b/src/chrome/content/rules/ElPais.com.xml
@@ -0,0 +1,164 @@
+<!--
+	Mixed content:
+		aniversario.elpais.com
+		cartelera.elpais.com
+		cursos.elpais.com
+		elpaissemanal.elpais.com
+		horoscopo.elpais.com
+		motor.elpais.com
+		smoda.elpais.com
+		suscripciones.elpais.com
+
+	Invalid certificate:
+		estaticos.aniversario.elpais.com
+		bandaancha.elpais.com
+		blogs.elpais.com
+		ciberpais.elpais.com
+		descuentos.elpais.com
+		eltiempo.elpais.com
+		fotoalbum.elpais.com (→ https://www.fotoalbum.es/)
+		estaticos.horoscopo.elpais.com
+		estaticos.motor.elpais.com
+		fichasyprecios.motor.elpais.com
+		one.elpais.com
+		tentaciones.elpais.com
+
+	Time out:
+		www.brasil.elpais.com
+		des.cartelera.elpais.com
+		www.ccaa.elpais.com
+		clasificados.elpais.com
+		cortas.elpais.com
+		www.economia.elpais.com
+		www.elviajero.elpais.com
+		empleo.elpais.com
+		www.empleo.elpais.com
+		epv.elpais.com
+		eskup.elpais.com
+		www.eskup.elpais.com
+		estilo.elpais.com
+		icon.elpais.com
+		inmobiliaria.elpais.com
+		www.inmobiliaria.elpais.com
+		www.internacional.elpais.com
+		m.elpais.com
+		movil.elpais.com
+		obranueva.elpais.com
+		www.obranueva.elpais.com
+		pda.elpais.com
+		blogs.smoda.elpais.com
+		www.sociedad.elpais.com
+		www.tecnologia.elpais.com
+		atodapantalla.tentaciones.elpais.com
+		tienda.elpais.com
+		wap.elpais.com
+
+	Refused:
+		estudiantes.elpais.com
+		recursos.estudiantes.elpais.com
+
+	No working URL known:
+		indice.elpais.com
+		m.smoda.elpais.com
+		micros.smoda.elpais.com
+		vdmedia.smoda.elpais.com
+		usuarios.elpais.com
+		vdmedia.elpais.com
+
+-->
+<ruleset name="EL PAÍS">
+
+	<target host="elpais.com" />
+	<target host="www.elpais.com" />
+	<target host="api.elpais.com" />
+	<target host="brasil.elpais.com" />
+	<target host="www.brasil.elpais.com" />
+	<target host="cat.elpais.com" />
+	<target host="ccaa.elpais.com" />
+	<target host="www.ccaa.elpais.com" />
+	<target host="ciencia.elpais.com" />
+	<target host="cincodias.elpais.com" />
+	<target host="colecciones.elpais.com" />
+	<target host="cultura.elpais.com" />
+	<target host="deportes.elpais.com" />
+	<target host="economia.elpais.com" />
+	<target host="www.economia.elpais.com" />
+	<target host="elcomidista.elpais.com" />
+	<target host="elviajero.elpais.com" />
+	<target host="www.elviajero.elpais.com" />
+	<target host="escuela.elpais.com" />
+	<target host="www.escuela.elpais.com" />
+	<target host="internacional.elpais.com" />
+	<target host="www.internacional.elpais.com" />
+	<target host="opinion.elpais.com" />
+	<target host="playertop.elpais.com" />
+		<test url="http://playertop.elpais.com/psdmedia/media/simple/js/SimpleMediaPlayer.min.js" />
+	<target host="politica.elpais.com" />
+	<target host="programacion-tv.elpais.com" />
+	<target host="pxlctl.elpais.com" />
+	<target host="resultados.elpais.com" />
+	<target host="retina.elpais.com" />
+	<target host="seguro.elpais.com" />
+	<target host="seleccion.elpais.com" />
+	<target host="servicios.elpais.com" />
+	<target host="especiales.smoda.elpais.com" />
+	<target host="sociedad.elpais.com" />
+	<target host="www.sociedad.elpais.com" />
+	<target host="tecnologia.elpais.com" />
+	<target host="www.tecnologia.elpais.com" />
+	<target host="verne.elpais.com" />
+	<target host="widgets.elpais.com" />
+
+	<target host="ep00.epimg.net" />
+		<test url="http://ep00.epimg.net/favicon.png" />
+	<target host="ep01.epimg.net" />
+		<test url="http://ep01.epimg.net/favicon.png" />
+	<target host="ep02.epimg.net" />
+		<test url="http://ep02.epimg.net/favicon.png" />
+	<target host="ep03.epimg.net" />
+		<test url="http://ep03.epimg.net/favicon.png" />
+	<target host="ep04.epimg.net" />
+		<test url="http://ep04.epimg.net/favicon.png" />
+	<target host="ep05.epimg.net" />
+		<test url="http://ep05.epimg.net/favicon.png" />
+	<target host="d500.epimg.net" />
+		<test url="http://d500.epimg.net/cincodias/imagenes/2017/06/16/midinero/1497626428_655366_1497627409_miniatura_normal.jpg" />
+	<target host="d501.epimg.net" />
+		<test url="http://d501.epimg.net/cincodias/imagenes/2017/06/16/midinero/1497626428_655366_1497627409_miniatura_normal.jpg" />
+	<target host="d502.epimg.net" />
+		<test url="http://d502.epimg.net/cincodias/imagenes/2017/06/16/midinero/1497626428_655366_1497627409_miniatura_normal.jpg" />
+	<target host="d503.epimg.net" />
+		<test url="http://d503.epimg.net/cincodias/imagenes/2017/06/16/midinero/1497626428_655366_1497627409_miniatura_normal.jpg" />
+	<target host="d504.epimg.net" />
+		<test url="http://d504.epimg.net/cincodias/imagenes/2017/06/16/midinero/1497626428_655366_1497627409_miniatura_normal.jpg" />
+	<target host="d505.epimg.net" />
+		<test url="http://d505.epimg.net/cincodias/imagenes/2017/06/16/midinero/1497626428_655366_1497627409_miniatura_normal.jpg" />
+	<target host="rt00.epimg.net" />
+		<test url="http://rt00.epimg.net/retina/imagenes/2017/06/16/tendencias/1497610158_240482_1497613729_miniatura_normal.jpg" />
+	<target host="rt01.epimg.net" />
+		<test url="http://rt01.epimg.net/retina/imagenes/2017/06/16/tendencias/1497610158_240482_1497613729_miniatura_normal.jpg" />
+	<target host="rt02.epimg.net" />
+		<test url="http://rt02.epimg.net/retina/imagenes/2017/06/16/tendencias/1497610158_240482_1497613729_miniatura_normal.jpg" />
+	<target host="rt03.epimg.net" />
+		<test url="http://rt03.epimg.net/retina/imagenes/2017/06/16/tendencias/1497610158_240482_1497613729_miniatura_normal.jpg" />
+	<target host="rt04.epimg.net" />
+		<test url="http://rt04.epimg.net/retina/imagenes/2017/06/16/tendencias/1497610158_240482_1497613729_miniatura_normal.jpg" />
+	<target host="rt05.epimg.net" />
+		<test url="http://rt05.epimg.net/retina/imagenes/2017/06/16/tendencias/1497610158_240482_1497613729_miniatura_normal.jpg" />
+	<target host="srv00.epimg.net" />
+		<test url="http://srv00.epimg.net/pdf/elpais/snapshot/2017/06/elpais/20170618Middle.jpg" />
+	<target host="srv01.epimg.net" />
+		<test url="http://srv01.epimg.net/pdf/elpais/snapshot/2017/06/elpais/20170618Middle.jpg" />
+	<target host="srv02.epimg.net" />
+		<test url="http://srv02.epimg.net/pdf/elpais/snapshot/2017/06/elpais/20170618Middle.jpg" />
+	<target host="srv03.epimg.net" />
+		<test url="http://srv03.epimg.net/pdf/elpais/snapshot/2017/06/elpais/20170618Middle.jpg" />
+
+
+
+	<rule from="^http://www\.(brasil|ccaa|economia|elviajero|internacional|sociedad|tecnologia)\.elpais\.com/"
+		to="https://$1.elpais.com/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/El_pueblo.xml b/src/chrome/content/rules/El_pueblo.xml
index af64f400bf8e..c9e4d394c95f 100644
--- a/src/chrome/content/rules/El_pueblo.xml
+++ b/src/chrome/content/rules/El_pueblo.xml
@@ -1,19 +1,25 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://elpueblo.com/ => https://elpueblo.com/: (7, 'Failed to connect to elpueblo.com port 443: Connection refused')
+Fetch error: http://www.elpueblo.com/ => https://www.elpueblo.com/: (7, 'Failed to connect to www.elpueblo.com port 443: Connection refused')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://elpueblo.com/ => https://elpueblo.com/: (7, 'Failed to connect to elpueblo.com port 443: No route to host')
 	CDN buckets:
 
 		- wac.7ee8.edgecastcdn.net/807EE8/
 
 -->
-<ruleset name="El pueblo" platform="mixedcontent">
+<ruleset name="El pueblo" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="elpueblo.com" />
-	<target host="*.elpueblo.com" />
+	<target host="www.elpueblo.com" />
 
 
 	<securecookie host="^(?:w*\.)?elpueblo\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?elpueblo\.com/"
-		to="https://$1elpueblo.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Elaf_Net_TV.xml b/src/chrome/content/rules/Elaf_Net_TV.xml
index f5b5f6d1308b..38d85fcf1dd4 100644
--- a/src/chrome/content/rules/Elaf_Net_TV.xml
+++ b/src/chrome/content/rules/Elaf_Net_TV.xml
@@ -1,13 +1,19 @@
-<ruleset name="Elaf Net TV">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://elafnettv.com/ => https://elafnettv.com/: Too many redirects while fetching 'https://elafnettv.com/'
+Fetch error: http://www.elafnettv.com/ => https://www.elafnettv.com/: Too many redirects while fetching 'https://www.elafnettv.com/'
+
+-->
+<ruleset name="Elaf Net TV" default_off="failed ruleset test">
 
 	<target host="elafnettv.com" />
-	<target host="*.elafnettv.com" />
+	<target host="www.elafnettv.com" />
 
 
 	<securecookie host="^\.(?:www\.)?elafnettv\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?elafnettv\.com/"
-		to="https://$1elafnettv.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Elal.co.il.xml b/src/chrome/content/rules/Elal.co.il.xml
new file mode 100644
index 000000000000..cacd1b5c1dfe
--- /dev/null
+++ b/src/chrome/content/rules/Elal.co.il.xml
@@ -0,0 +1,16 @@
+<!--
+	Nonfunctional hosts in *.elal.co.il:
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Elal.co.il">
+	<target host="www.elal.co.il" />
+	<target host="m.elal.co.il" />
+	<target host="www4.elal.co.il" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Elal.com.xml b/src/chrome/content/rules/Elal.com.xml
new file mode 100644
index 000000000000..944472c2140b
--- /dev/null
+++ b/src/chrome/content/rules/Elal.com.xml
@@ -0,0 +1,14 @@
+<!--
+	Nonfunctional hosts in *.elal.com:
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Elal.com">
+	<target host="www.elal.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Elance.com.xml b/src/chrome/content/rules/Elance.com.xml
new file mode 100644
index 000000000000..3ecab59231a0
--- /dev/null
+++ b/src/chrome/content/rules/Elance.com.xml
@@ -0,0 +1,23 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .elance.com
+
+-->
+<ruleset name="Elance.com">
+
+	<target host="elance.com" />
+	<target host="www.elance.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.elance\.com$" name="^(?:__cfduid|cf_clearance|locale)$" /-->
+
+	<securecookie host="^\.elance\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Elanex.biz.xml b/src/chrome/content/rules/Elanex.biz.xml
deleted file mode 100644
index 8852e1c06cdb..000000000000
--- a/src/chrome/content/rules/Elanex.biz.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!-- This rule was automatically generated based on an HSTS
-     preload rule in the Chromium browser.  See 
-     https://src.chromium.org/viewvc/chrome/trunk/src/net/base/transport_security_state.cc
-     for the list of preloads.  Sites are added to the Chromium HSTS
-     preload list on request from their administrators, so HTTPS should
-     work properly everywhere on this site.
- 
-     Because Chromium and derived browsers automatically force HTTPS for
-     every access to this site, this rule applies only to Firefox. -->
-<ruleset name="Elanex.biz" platform="firefox">
-  <target host="www.elanex.biz" />
-  <target host="elanex.biz" />
-
-  <securecookie host="^www\.elanex\.biz$" name=".+" />
-  <securecookie host="^elanex\.biz$" name=".+" />
-
-  <rule from="^http://(www\.)?elanex\.biz/" to="https://www.elanex.biz/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Elastic.co.xml b/src/chrome/content/rules/Elastic.co.xml
new file mode 100644
index 000000000000..8408c8fc1e94
--- /dev/null
+++ b/src/chrome/content/rules/Elastic.co.xml
@@ -0,0 +1,17 @@
+<ruleset name="Elastic.co">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="elastic.co" />
+	<target host="download.elastic.co" />
+	<target host="static-www.elastic.co" />
+	<target host="www.elastic.co" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ElasticTrace.com.xml b/src/chrome/content/rules/ElasticTrace.com.xml
deleted file mode 100644
index da914d6950b1..000000000000
--- a/src/chrome/content/rules/ElasticTrace.com.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="elasticTrace.com">
-
-	<target host="elastictrace.com" />
-	<target host="*.elastictrace.com" />
-
-
-	<securecookie host="^\.elastictrace\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?elastictrace\.com/"
-		to="https://$1elastictrace.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Elbadil.com.xml b/src/chrome/content/rules/Elbadil.com.xml
index 8c2a5f70d72e..62132dc55beb 100644
--- a/src/chrome/content/rules/Elbadil.com.xml
+++ b/src/chrome/content/rules/Elbadil.com.xml
@@ -9,13 +9,12 @@
 <ruleset name="elbadil.com">
 
 	<target host="elbadil.com" />
-	<target host="*.elbadil.com" />
+	<target host="www.elbadil.com" />
 
 
 	<securecookie host="^\.elbadil\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?elbadil\.com/"
-		to="https://$1elbadil.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/ElberethZone.xml b/src/chrome/content/rules/ElberethZone.xml
new file mode 100644
index 000000000000..d926cda86d9d
--- /dev/null
+++ b/src/chrome/content/rules/ElberethZone.xml
@@ -0,0 +1,29 @@
+<!--
+	Mismatched:
+		- en.www.elberethzone.net
+		- barracuda.elberethzone.net
+		- fr2.download.elberethzone.net
+		- mirror.elberethzone.net
+		- ns-hk.elberethzone.net
+		- statsvn.elberethzone.net
+-->
+<ruleset name="ElberethZone">
+	<target host="elberethzone.net" />
+	<target host="www.elberethzone.net" />
+	<target host="download.elberethzone.net" />
+	<target host="download2.elberethzone.net" />
+	<target host="download3.elberethzone.net" />
+	<target host="forum.elberethzone.net" />
+	<target host="status.elberethzone.net" />
+	<target host="translation.elberethzone.net" />
+
+	<target host="elbereth.zone" />
+	<target host="www.elbereth.zone" />
+	<target host="dashninja.elbereth.zone" />
+	<target host="dav.elbereth.zone" />
+	<target host="status.elbereth.zone" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Elcomsoft.xml b/src/chrome/content/rules/Elcomsoft.xml
index 1150c6b4fe28..afac6ffc362c 100644
--- a/src/chrome/content/rules/Elcomsoft.xml
+++ b/src/chrome/content/rules/Elcomsoft.xml
@@ -12,7 +12,6 @@
 	<target host="secure.elcomsoft.com" />
 
 
-	<rule from="^http://secure\.elcomsoft\.com/"
-		to="https://secure.elcomsoft.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ElderScrolls.com.xml b/src/chrome/content/rules/ElderScrolls.com.xml
new file mode 100644
index 000000000000..1db06ecc68ca
--- /dev/null
+++ b/src/chrome/content/rules/ElderScrolls.com.xml
@@ -0,0 +1,17 @@
+<!--
+	For other ZeniMax Media rules, see ZeniMax.com.xml
+
+	Invalid certificate:
+		static.elderscrolls.com
+
+-->
+<ruleset name="Elder Scrolls.com">
+
+	<target host="elderscrolls.com" />
+	<target host="www.elderscrolls.com" />
+	<target host="cs.elderscrolls.com" />
+	<target host="mods.elderscrolls.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ElderScrollsPortal.de.xml b/src/chrome/content/rules/ElderScrollsPortal.de.xml
new file mode 100644
index 000000000000..24b1cb921d84
--- /dev/null
+++ b/src/chrome/content/rules/ElderScrollsPortal.de.xml
@@ -0,0 +1,8 @@
+<ruleset name="ElderScrollsPortal.de">
+	<target host="elderscrollsportal.de" />
+	<target host="www.elderscrollsportal.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Elder_Scrolls_Online.com.xml b/src/chrome/content/rules/Elder_Scrolls_Online.com.xml
new file mode 100644
index 000000000000..e197540e350d
--- /dev/null
+++ b/src/chrome/content/rules/Elder_Scrolls_Online.com.xml
@@ -0,0 +1,47 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://elderscrollsonline.com/ => https://elderscrollsonline.com/: (7, 'Failed to connect to elderscrollsonline.com port 443: Connection timed out')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://elderscrollsonline.com/ => https://elderscrollsonline.com/: (7, 'Failed to connect to elderscrollsonline.com port 443: Connection timed out')
+	For other ZeniMax Media coverage, see ZeniMax-Media.xml.
+
+
+	CDN buckets:
+
+		- elderscrolls.zenimaxonline.com.edgesuite.net
+
+			- a299.g.akamai.net
+			- static
+
+
+	Problematic subdomains:
+
+		- static *
+
+	* Works, akamai
+
+
+	Mixed content:
+
+		- Images on www from static *
+
+	* Secured by us
+
+-->
+<ruleset name="Elder Scrolls Online.com" default_off="failed ruleset test">
+
+	<target host="elderscrollsonline.com" />
+	<target host="www.elderscrollsonline.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<securecookie host="^www\.elderscrollsonline\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Electoral_Commission.org.uk.xml b/src/chrome/content/rules/Electoral_Commission.org.uk.xml
new file mode 100644
index 000000000000..62da010655d4
--- /dev/null
+++ b/src/chrome/content/rules/Electoral_Commission.org.uk.xml
@@ -0,0 +1,31 @@
+<!--
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	(www.)?: 502
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- wtsdc.electoralcommission.org.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Electoral Commission.org.uk (partial)">
+
+	<target host="pefonline.electoralcommission.org.uk" />
+	<target host="wtsdc.electoralcommission.org.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^wtsdc\.electoralcommission\.org\.uk$" name="^(ACOOKIE|WEBTRENDS_ID)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Electrek.co.xml b/src/chrome/content/rules/Electrek.co.xml
new file mode 100644
index 000000000000..e0f7a56663f7
--- /dev/null
+++ b/src/chrome/content/rules/Electrek.co.xml
@@ -0,0 +1,6 @@
+<ruleset name="Electrek.co">
+	<target host="electrek.co" />
+	<target host="www.electrek.co" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Electric_Embers.xml b/src/chrome/content/rules/Electric_Embers.xml
index f4b7722d0628..22ba66c7e6dc 100644
--- a/src/chrome/content/rules/Electric_Embers.xml
+++ b/src/chrome/content/rules/Electric_Embers.xml
@@ -7,13 +7,13 @@
 -->
 <ruleset name="Electric Embers (partial)">
 
-	<target host="*.electricembers.net" />
+	<target host="internal.electricembers.net" />
+	<target host="mail.electricembers.net" />
 
 
 	<securecookie host="^mail\.electricembers\.net$" name=".+" />
 
 
-	<rule from="^http://(internal|mail)\.electricembers\.net/"
-		to="https://$1.electricembers.net/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Electric_Studio.xml b/src/chrome/content/rules/Electric_Studio.xml
index f84d92d1f5d5..5edd46715aeb 100644
--- a/src/chrome/content/rules/Electric_Studio.xml
+++ b/src/chrome/content/rules/Electric_Studio.xml
@@ -1,4 +1,10 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://clients.electricstudio.co.uk/ => https://clients.electricstudio.co.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'clients.electricstudio.co.uk'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://clients.electricstudio.co.uk/ => https://clients.electricstudio.co.uk/: (35, 'error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol')
 	CDN buckets:
 
 		- electric.electricstudiolt.netdna-cdn.com
@@ -12,12 +18,11 @@
 		- cdn		(404; mismatched, CN: *.netdna-ssl.com)
 
 -->
-<ruleset name="Electric Studio (partial)">
+<ruleset name="Electric Studio (partial)" default_off="failed ruleset test">
 
 	<target host="clients.electricstudio.co.uk" />
 
 
-	<rule from="^http://clients\.electricstudio\.co\.uk/"
-		to="https://clients.electricstudio.co.uk/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Electronic-Arts.xml b/src/chrome/content/rules/Electronic-Arts.xml
index 5cfb7e625d86..115058c5d1c5 100644
--- a/src/chrome/content/rules/Electronic-Arts.xml
+++ b/src/chrome/content/rules/Electronic-Arts.xml
@@ -1,103 +1,80 @@
 <!--
 	Other Electronic Arts rulesets:
-
 		- BioWare.xml
 		- EA_Sports.com.xml
+		- Origin.com.xml
 		- Sim_City.com.xml
 
+	Connection reset:
+		- www.info.ea.com
 
-	CDN buckets:
-
-		- a248.e.akamai.net/static.ea.com/
-		- a248.e.akamai.net/vassets.ea.com/
+	Invalid certificate:
+		- cdn.prod.crysis.ea.com
+		- eu.dragonage.com
+		- cdn.forum.ea.com
+		- o.ea.com
+		- support.ea.com, equivalent to help.ea.com
+		- om.eamobile.com, equivalent to eamobile.122.2o7.net
 
-
-	!functional:
-		- eu.dragonage.com		(cert: socialsignup.ea.com; shows that domain)
-		- (prod.)crysis.ea.com		(timeout)
-		- cdn.prod.crysis.ea.com	(Akamai; "An error occurred")
-		- eapressbox.ea.com		(timeout)
-		- forum.ea.com			(timeout)
-		- cdn.forum.ea.com		(Akamai; "An error occurred"; same data on forum)
-		- gpl.ea.com			(timeout)
-		- (www.)info.ea.com
-		- investor.ea.com		(cert: *.shareholder.com; 403)
-		- preferences.ea.com		(times out)
-		- eamobile.com			(cert: synergy-stage.eamobile.com; shows that domain's data)
-		- insideea.com			(ssl_error_rx_record_too_long)
+	Timed out:
+		- investor.ea.com
+		- resources.ea.com, equivalent to ssl.resources.ea.com
 -->
-<ruleset name="Electronic Arts (partial)" platform="mixedcontent">
 
+<ruleset name="Electronic Arts (partial)">
+	<!-- ea.com -->
 	<target host="ea.com"/>
-	<target host="*.ea.com"/>
+	<target host="www.ea.com" />
+	<target host="accounts.ea.com" />
+	<target host="activate.ea.com" />
+	<target host="answers.ea.com" />
+	<target host="click.e.ea.com" />
+	<target host="media.contentapi.ea.com" />
+		<test url="http://media.contentapi.ea.com/content/dam/able/manuals/ufc3xb1man.pdf" />
+	<target host="fonts.ea.com" />
+	<target host="forum.ea.com" />
+	<target host="forums.ea.com" />
+	<target host="gpl.ea.com" />
+	<target host="help.ea.com" />
+	<target host="info.ea.com" />
+	<target host="ir.ea.com" />
+	<target host="jobs.ea.com" />
+	<target host="www.jobs.ea.com" />
+	<target host="myaccount.ea.com" />
+	<target host="nds-network-nav.ea.com" />
+	<target host="news.ea.com" />
+	<target host="pl.ea.com" />
+		<test url="http://pl.ea.com/release/1.12.0/elements/ea-elements.html" />
+	<target host="profile.ea.com" />
+	<target host="resources.ea.com" />
+	<target host="signin.ea.com" />
+	<target host="ssl.resources.ea.com" />
+	<target host="starwars.ea.com" />
+	<target host="forums.galaxy-of-heroes.starwars.ea.com" />
+	<target host="support.ea.com" />
+	<target host="tos.ea.com" />
+	<target host="x.ea.com" />
+		<test url="http://x.ea.com/1" />
+
+	<!-- eamobile.com -->
 	<target host="om.eamobile.com"/>
 	<target host="synergy-stage.eamobile.com"/>
-	<target host="origin.com"/>
-	<target host="*.origin.com"/>
-	<target host="thesims3.com"/>
-	<target host="*.thesims3.com"/>
-	<target host="*.store.thesims3.com"/>
 
 
 	<!--	incomplete
 		.ea s_ : omniture cookies	-->
 	<securecookie host="^\.ea\.com$" name="^(CEM-session|s_.*)$"/>
-	<securecookie host="^(help|jobs|profile|ssl\.resources)\.ea\.com$" name=".*"/>
-	<securecookie host="^sso\.origin\.com$" name=".*"/>
-	<securecookie host="^(forum|\w\w|www)?\.thesims\.com$" name=".*"/>
-
+	<securecookie host="^(help|jobs|profile|ssl\.resources)\.ea\.com$" name=".+" />
 
-	<!--	cert !match !www	-->
-	<rule from="^http://ea\.com/"
-		to="https://www.ea.com/"/>
 
-	<rule from="^http://(?:(activate|ll\.assets|fonts|help|images|socialsignup|tos|www)|(?:www\.)?(jobs))\.ea\.com/"
-		to="https://$1$2.ea.com/"/>
-
-	<rule from="^http://(?:ssl\.)?resources\.ea\.com/"
+	<rule from="^http://resources\.ea\.com/"
 		to="https://ssl.resources.ea.com/"/>
 
-	<rule from="^http://(?:web-)?(static|vassets)\.ea\.com/"
-		to="https://a248.e.akamai.net/$1.ea.com/"/>
-
-	<!--	cert !match support, redirects to help	-->
 	<rule from="^http://support\.ea\.com/"
 		to="https://help.ea.com/"/>
 
 	<rule from="^http://om\.eamobile\.com/"
-		to="https://eamwebproduction.122.2o7.net/"/>
-
-	<rule from="^http://synergy-stage\.eamobile\.com/"
-		to="https://synergy-stage.eamobile.com/"/>
-
-	<!--	cert !match !www	-->
-	<rule from="^http://origin\.com/"
-		to="https://www.origin.com/"/>
-
-	<!--	most images served by Digital River	-->
-	<rule from="^http://www\.origin\.com/favicon\.ico"
-		to="https://www.origin.com/favicon.ico"/>
-
-	<rule from="^http://(activate|sso)\.origin\.com/"
-		to="https://$1.origin.com/"/>
-
-	<rule from="^http://store\.origin\.com/DRHM/Storefront/Site/"
-		to="https://store.origin.com/DRHM/Storefront/Site/"/>
-
-	<!--	llnw:	*.hs.llnwd.net
-		cert !match !www	-->
-	<rule from="^http://(?:llnw\.|www\.)?thesims3\.com/"
-		to="https://www.thesims3.com/"/>
-
-	<!--	\w\w:	country codes	-->
-	<rule from="^http://(forum|\w\w)\.thesims3\.com/"
-		to="https://$1.thesims3.com/"/>
-
-	<rule from="^http://(\w\w\.)?store\.thesims3\.com/(community|content/|css/|images/)"
-		to="https://$1store.thesims3.com/$2"/>
-
-	<!--	also on store, but cert valid & works	-->
-	<rule from="^http://llnw\.store\.thesims3\.com/"
-		to="https://llnw.store.thesims3.com/"/>
+		to="https://eamobile.122.2o7.net/"/>
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Electronic-Frontiers-Australia.xml b/src/chrome/content/rules/Electronic-Frontiers-Australia.xml
index 8ab53fae4d10..bf3cb3af13fd 100644
--- a/src/chrome/content/rules/Electronic-Frontiers-Australia.xml
+++ b/src/chrome/content/rules/Electronic-Frontiers-Australia.xml
@@ -1,10 +1,24 @@
+<!--
+	Observed cookie domains:
+
+		- . ¹
+		- .members ²
+		- www ²
+
+	¹ Secured by us
+	² Secured by server
+
+-->
 <ruleset name="Electronic Frontiers Australia">
+
 	<target host="efa.org.au" />
 	<target host="members.efa.org.au" />
 	<target host="www.efa.org.au" />
 
-	<securecookie host="^(members|(\.?www))\.efa\.org\.au$" name=".+" />
 
-	<rule from="^https?://efa\.org\.au/" to="https://www.efa.org.au/" />
-	<rule from="^http://(members|www)\.efa\.org\.au/" to="https://$1.efa.org.au/" />
-</ruleset>
\ No newline at end of file
+	<securecookie host="^(?:members|\.?www)?\.efa\.org\.au$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ElectronicInsanity.com.xml b/src/chrome/content/rules/ElectronicInsanity.com.xml
new file mode 100644
index 000000000000..d4e1fc7242df
--- /dev/null
+++ b/src/chrome/content/rules/ElectronicInsanity.com.xml
@@ -0,0 +1,31 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.electronicinsanity.com/ => https://www.electronicinsanity.com/: (7, 'Failed to connect to www.electronicinsanity.com port 443: Connection refused')
+Fetch error: http://electronicinsanity.com/ => https://www.electronicinsanity.com/: (7, 'Failed to connect to www.electronicinsanity.com port 443: No route to host')
+
+	Nonfunctional hosts in electronicinsanity.com:
+
+		- apache *
+
+	* Shows api.vistumbler.net
+
+-->
+<ruleset name="ElectronicInsanity.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.electronicinsanity.com" />
+
+	<!--	Complications:
+				-->
+	<target host="electronicinsanity.com" />
+
+
+	<rule from="^http://electronicinsanity\.com/"
+		to="https://www.electronicinsanity.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Electronic_Intifada.net.xml b/src/chrome/content/rules/Electronic_Intifada.net.xml
new file mode 100644
index 000000000000..858312a4bff2
--- /dev/null
+++ b/src/chrome/content/rules/Electronic_Intifada.net.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .electronicintifada.net
+
+-->
+<ruleset name="Electronic Intifada.net">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="electronicintifada.net" />
+	<target host="www.electronicintifada.net" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.electronicintifada\.net$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.electronicintifada\.net$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Electrospaces.net.xml b/src/chrome/content/rules/Electrospaces.net.xml
new file mode 100644
index 000000000000..afc152c2254a
--- /dev/null
+++ b/src/chrome/content/rules/Electrospaces.net.xml
@@ -0,0 +1,6 @@
+<ruleset name="Electrospaces.net">
+	<target host="electrospaces.net" />
+	<target host="www.electrospaces.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Elegant_Themes.com.xml b/src/chrome/content/rules/Elegant_Themes.com.xml
new file mode 100644
index 000000000000..d3fc0acb3d61
--- /dev/null
+++ b/src/chrome/content/rules/Elegant_Themes.com.xml
@@ -0,0 +1,31 @@
+<!--
+	These altnames don't exist:
+
+		- www.cdn.elegantthemes.com
+
+
+	Insecure cookies are set for these domains:
+
+		- .elegantthemes.com
+
+-->
+<ruleset name="Elegant Themes.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="elegantthemes.com" />
+	<target host="cdn.elegantthemes.com" />
+	<target host="www.elegantthemes.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="\.elegantthemes\.com$" name="^idev$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Elektronik-Kompendium.de.xml b/src/chrome/content/rules/Elektronik-Kompendium.de.xml
new file mode 100644
index 000000000000..cff90f2b3e59
--- /dev/null
+++ b/src/chrome/content/rules/Elektronik-Kompendium.de.xml
@@ -0,0 +1,15 @@
+<!--
+	Connection closed:
+		www.dse-faq.elektronik-kompendium.de
+-->
+<ruleset name="Elektronik-Kompendium.de">
+
+	<target host="elektronik-kompendium.de" />
+	<target host="www.elektronik-kompendium.de" />
+	<target host="dse-faq.elektronik-kompendium.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+	
+</ruleset>
diff --git a/src/chrome/content/rules/Element14.com.xml b/src/chrome/content/rules/Element14.com.xml
new file mode 100644
index 000000000000..ba9838f537fb
--- /dev/null
+++ b/src/chrome/content/rules/Element14.com.xml
@@ -0,0 +1,48 @@
+
+<!--
+The following targets have been disabled at 2020-04-17 18:38:06:
+
+Fetch error: http://element14.com/ => https://element14.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://www.element14.com/ => https://www.element14.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://beta.element14.com/ => https://beta.element14.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+
+	Element14.com related ruleset,
+
+	Non-functional hosts
+		Timeout was reached:
+			 - click.e-marketing.element14.com
+			 - mta.e-marketing.element14.com
+			 - view.e-marketing.element14.com
+			 - www.in.ftprdap.element14.com
+
+		SSL peer certificate was not OK:
+			 - m.element14.com
+			 - metrics.element14.com
+			 - us.element14.com
+
+		Peer certificate cannot be authenticated with given CA certificates:
+			 - downloads.element14.com
+			 - piregistration.element14.com
+
+		Incomplete certificate chain error:
+			 - planet.element14.com
+
+		Secure connection redirects to plaintext:
+			 - partner.element14.com
+
+		Status code mismatch:
+			 - files1.element14.com
+			 - files1beta.element14.com
+
+		Mixed Content Blocking (MCB) tiggered:
+			 - See Element14.com-Mixed.xml
+-->
+<ruleset name="Element14.com">
+	<!-- target host="element14.com" /-->
+	<!-- target host="www.element14.com" /-->
+	<target host="api.element14.com" />
+		<test url="http://api.element14.com/pffind/services/SearchService?wsdl" />
+	<!-- target host="beta.element14.com" /-->
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Element_5.xml b/src/chrome/content/rules/Element_5.xml
new file mode 100644
index 000000000000..60352a10465f
--- /dev/null
+++ b/src/chrome/content/rules/Element_5.xml
@@ -0,0 +1,49 @@
+<!--
+	For other Digital River coverage, see Digital-River.xml.
+
+
+	CDN buckets:
+
+		- a248.e.akamai.net/f/248/5462/2d/images.element5.com/
+
+
+	www.element5.com: Refused
+
+-->
+<ruleset name="element 5.com (partial)">
+
+	<!--	Direct rewrites:
+					-->
+	<target host="cp.element5.com" />
+
+	<!--	Complications:
+				-->
+	<target host="www.element5.com" />
+
+		<!--	/+\w 404s.
+					-->
+		<exclusion pattern="^http://www\.element5\.com/+(?!$|\?)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.element5.com/home.asp" />
+			<test url="http://www.element5.com/home.aspx" />
+			<test url="http://www.element5.com/home.htm" />
+			<test url="http://www.element5.com/home.php" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.element5.com//" />
+			<test url="http://www.element5.com/?" />
+
+
+
+	<!--	Redirect keeps path but not forward args:
+							-->
+	<rule from="^http://www\.element5\.com/+"
+		to="https://www.mycommerce.com/share-it" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Elementary.io.xml b/src/chrome/content/rules/Elementary.io.xml
new file mode 100644
index 000000000000..c60d69f99532
--- /dev/null
+++ b/src/chrome/content/rules/Elementary.io.xml
@@ -0,0 +1,7 @@
+<ruleset name="Elementary.io">
+  <target host="elementary.io" />
+  <target host="www.elementary.io" />
+  <target host="fra1.dl.elementary.io" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Elementary_OS.org.xml b/src/chrome/content/rules/Elementary_OS.org.xml
new file mode 100644
index 000000000000..4711c1bde61d
--- /dev/null
+++ b/src/chrome/content/rules/Elementary_OS.org.xml
@@ -0,0 +1,6 @@
+<ruleset name="ElementaryOS.org">
+  <target host="elementaryos.org" />
+  <target host="www.elementaryos.org" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ElephantLeague.org.xml b/src/chrome/content/rules/ElephantLeague.org.xml
new file mode 100644
index 000000000000..baec548b2157
--- /dev/null
+++ b/src/chrome/content/rules/ElephantLeague.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="ElephantLeague.org">
+
+	<target host="elephantleague.org" />
+	<target host="www.elephantleague.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Elfa.se.xml b/src/chrome/content/rules/Elfa.se.xml
new file mode 100644
index 000000000000..5f6c1ef75cc5
--- /dev/null
+++ b/src/chrome/content/rules/Elfa.se.xml
@@ -0,0 +1,44 @@
+
+<!--
+
+	Fully covered hosts in *elfa.se:
+
+		- (www.)?
+		- www1
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- elfa.se
+		- .elfa.se
+		- www.elfa.se
+		- www1.elfa.se
+
+	Connection refused:
+
+		- www1.elfa.se
+
+-->
+<ruleset name="Elfa.se" >
+
+	<!--	Direct rewrites:
+				-->
+	<target host="elfa.se" />
+	<target host="www.elfa.se" />
+	<target host="www1.elfa.se" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www1?\.)?elfa\.se$" name="^(JSESSIONID|saplb_\*)$" /-->
+	<!--securecookie host="^\.elfa\.se$" name="^BC_HA_[\da-f]{16}_[\dA-F]{8}$" /-->
+
+	<securecookie host="^(?:\.|www1?\.)?elfa\.se$" name=".+" />
+
+	<rule from="^http://www1\.elfa\.se/"
+		to="https://www.elfa.se/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Elgas.com.au.xml b/src/chrome/content/rules/Elgas.com.au.xml
new file mode 100644
index 000000000000..0a0a6bdc03a8
--- /dev/null
+++ b/src/chrome/content/rules/Elgas.com.au.xml
@@ -0,0 +1,19 @@
+<!--
+	HTTP redirects to NXDOMAIN:
+		- secure.elgas.com.au
+
+	Invalid certificate:
+		- lng.elgas.com.au
+		- trade.elgas.com.au
+
+	Wrong server:
+		- testserver.elgas.com.au
+-->
+
+<ruleset name="Elgas.com.au">
+	<target host="elgas.com.au" />
+	<target host="www.elgas.com.au" />
+	<target host="emap.elgas.com.au" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Elgiganten.se.xml b/src/chrome/content/rules/Elgiganten.se.xml
deleted file mode 100644
index 450f75f29bb2..000000000000
--- a/src/chrome/content/rules/Elgiganten.se.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="Elgiganten.se">
-	<target host="elgiganten.se" />
-	<rule from="^http://elgiganten\.se/" to="https://www.elgiganten.se/"/>
-	<rule from="^http://www\.elgiganten\.se/" to="https://www.elgiganten.se/"/>
-</ruleset>
-
diff --git a/src/chrome/content/rules/Elgiganten.xml b/src/chrome/content/rules/Elgiganten.xml
new file mode 100644
index 000000000000..e9353a1725da
--- /dev/null
+++ b/src/chrome/content/rules/Elgiganten.xml
@@ -0,0 +1,35 @@
+<!--
+	Problematic domains:
+		- annons.elgiganten.se ¹
+		- blog.ebooks.elgiganten.se ¹
+		- (www.)?.ebooks.elgiganten.(dk|se) ²
+		- foto.elgiganten.(dk|se) ¹
+		- metrics.elgiganten.(dk|se) ¹
+		- presentjakten.elgiganten.se ¹
+		- pressroom.elgiganten.dk ¹
+		- tilbudsavis.elgiganten.dk ¹
+
+	¹ Mismatched
+	² Timeout
+
+	Note: Some product pages trigger false MCB; see
+	https://github.com/EFForg/https-everywhere/issues/3245
+-->
+<ruleset name="Elgiganten (partial)">
+
+	<target host="elgiganten.dk" />
+	<target host="www.elgiganten.dk" />
+	<target host="onlinebackup.elgiganten.dk" />
+
+	<target host="elgiganten.se" />
+	<target host="www.elgiganten.se" />
+	<target host="onlinebackup.elgiganten.se" />
+
+	<exclusion pattern="http://www.elgiganten.(dk|se)/(product|INTERSHOP)/" />
+	<test url="http://www.elgiganten.dk/product/hvidevarer/vaskemaskine/EWP1472TDW/electrolux-inspiration-vaskemaskine-ewp1472tdw" />
+	<test url="http://www.elgiganten.se/product/hvidevarer/vaskemaskine/EWP1472TDW/electrolux-inspiration-vaskemaskine-ewp1472tdw" />
+	<test url="http://www.elgiganten.dk/INTERSHOP/web/WFS/store-elgigantenDK-Site/da_DK/-/DKK/CC_ViewCollectAtStore-ShowCustomerInfo?SKU=ALCWATCHWH" />
+	<test url="http://www.elgiganten.se/INTERSHOP/web/WFS/store-elgigantenDK-Site/da_DK/-/DKK/CC_ViewCollectAtStore-ShowCustomerInfo?SKU=ALCWATCHWH" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Eli-Lilly.xml b/src/chrome/content/rules/Eli-Lilly.xml
index 429bf90a0ba2..95699606d714 100644
--- a/src/chrome/content/rules/Eli-Lilly.xml
+++ b/src/chrome/content/rules/Eli-Lilly.xml
@@ -4,10 +4,9 @@
 	<target host="lillypad.lilly.com" />
 
 
-	<securecookie host="^lillypad\.lilly\.c(a|om)$" name=".*" />
+	<securecookie host="^lillypad\.lilly\.c(?:a|om)$" name=".+" />
 
 
-	<rule from="^http://lillypad\.lilly\.c(a|om)/"
-		to="https://lillypad.lilly.c$1/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Elie_Bursztein.xml b/src/chrome/content/rules/Elie_Bursztein.xml
index 5f4a296b274e..12c92d209421 100644
--- a/src/chrome/content/rules/Elie_Bursztein.xml
+++ b/src/chrome/content/rules/Elie_Bursztein.xml
@@ -4,7 +4,6 @@
 	<target host="www.elie.im" />
 
 
-	<rule from="^http://(www\.)?elie\.im/"
-		to="https://$1elie.im/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Elijah-Laboratories.xml b/src/chrome/content/rules/Elijah-Laboratories.xml
index a24d21a00d05..3ee59b903e02 100644
--- a/src/chrome/content/rules/Elijah-Laboratories.xml
+++ b/src/chrome/content/rules/Elijah-Laboratories.xml
@@ -5,7 +5,7 @@
 
 
 	<!--	Cert only matches //elilabs.com	-->
-	<rule from="^https?://(?:www\.)?elilabs\.com/"
+	<rule from="^http://(?:www\.)?elilabs\.com/"
 		to="https://elilabs.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Eliomotors.com.xml b/src/chrome/content/rules/Eliomotors.com.xml
new file mode 100644
index 000000000000..4f9ee88c6a4f
--- /dev/null
+++ b/src/chrome/content/rules/Eliomotors.com.xml
@@ -0,0 +1,18 @@
+<!--
+
+	Nonfunctional domains:
+
+		- ir (wrong cert)
+		- admin (mixed content)
+		- eliogenuine (wrong content)
+		- go (mismatch)
+
+-->
+<ruleset name="Eliomotors.com">
+	<target host="eliomotors.com" />
+	<target host="www.eliomotors.com" />
+	<target host="reservations.eliomotors.com" />
+	<target host="support.eliomotors.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/EliteKeyboards.com.xml b/src/chrome/content/rules/EliteKeyboards.com.xml
deleted file mode 100644
index 70434d878361..000000000000
--- a/src/chrome/content/rules/EliteKeyboards.com.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="EliteKeyboards.com">
-
-	<target host="elitekeyboards.com" />
-	<target host="www.elitekeyboards.com" />
-
-
-	<rule from="^http://(www\.)?elitekeyboards\.com/"
-		to="https://$1elitekeyboards.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Elite_Casting_Network.com.xml b/src/chrome/content/rules/Elite_Casting_Network.com.xml
new file mode 100644
index 000000000000..8586de08d95c
--- /dev/null
+++ b/src/chrome/content/rules/Elite_Casting_Network.com.xml
@@ -0,0 +1,25 @@
+<!--
+	CDN buckets:
+
+		- ecn.cdncloud.netdna-cdn.com
+
+			- cdn
+
+
+	Some pages redirect to http.
+
+-->
+<ruleset name="Elite Casting Network.com (partial)">
+
+	<target host="elitecastingnetwork.com" />
+	<target host="www.elitecastingnetwork.com" />
+	<target host="cdn.elitecastingnetwork.com" />
+
+
+	<rule from="^http://(www\.)?elitecastingnetwork\.com/(?=favicon\.ico|img/|min/)"
+		to="https://$1elitecastingnetwork.com/" />
+
+	<rule from="^http://cdn\.elitecastingnetwork\.com/"
+		to="https://ecn-cdncloud.netdna-ssl.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Elitepartner.de.xml b/src/chrome/content/rules/Elitepartner.de.xml
new file mode 100644
index 000000000000..f954c2a9787a
--- /dev/null
+++ b/src/chrome/content/rules/Elitepartner.de.xml
@@ -0,0 +1,8 @@
+<ruleset name="Elitepartner.de">
+<target host="partnervermittlung.elitepartner.de" />
+<target host="www.partnervermittlung.elitepartner.de" />
+<target host="www.elitepartner.de" />
+<target host="static.ep.elitem.net" />
+
+<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Elixir-Lang.org.xml b/src/chrome/content/rules/Elixir-Lang.org.xml
new file mode 100644
index 000000000000..367ec3d71f31
--- /dev/null
+++ b/src/chrome/content/rules/Elixir-Lang.org.xml
@@ -0,0 +1,11 @@
+<!--
+	Expired:
+		- www (fixed by this ruleset)
+-->
+<ruleset name="Elixir-Lang.org">
+	<target host="elixir-lang.org" />
+	<target host="www.elixir-lang.org" />
+
+	<rule from="^http://www\.elixir-lang\.org/" to="https://elixir-lang.org/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Elizabeth_Smart_Foundation.xml b/src/chrome/content/rules/Elizabeth_Smart_Foundation.xml
index edbb0c6b5345..37d14d245916 100644
--- a/src/chrome/content/rules/Elizabeth_Smart_Foundation.xml
+++ b/src/chrome/content/rules/Elizabeth_Smart_Foundation.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(?:www\.)?elizabethsmartfoundation\.org/wp-content/"
 		to="https://esf.websocially.com/wp-content/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Elle.com.xml b/src/chrome/content/rules/Elle.com.xml
index 05b28e05ab20..efd5447f2d00 100644
--- a/src/chrome/content/rules/Elle.com.xml
+++ b/src/chrome/content/rules/Elle.com.xml
@@ -28,10 +28,6 @@
 
 	<target host="elle.com" />
 	<target host="*.elle.com" />
-		<!--
-			Avoid user-visible paths:
-							-->
-		<!--exclusion pattern="^http://(www\.)?elle\.com/(?!api_static/|cm/|favicon\.ico)" /-->
 		<!--
 			Links resources relative to /:
 							-->
@@ -42,9 +38,6 @@
 		<!--exclusion pattern="^http://dating\.elle\.com/(affiliates|login/reset|whitelabel)?($|\?)" /-->
 
 
-	<rule from="^http://(?:www\.)?elle\.com/(?=api_static/|cm/(?!elle/styles/)|favicon\.ico)"
-		to="https://a248.e.akamai.net/f/1023/4429/1m/www.elle.com/" />
-
 	<rule from="^http://dating\.elle\.com/(?=assets/|bridge\.js|favicon\.ico|login/*(?:$|\?)|whitelabel/elle/header\.html)"
 		to="https://dating.elle.com/" />
 
@@ -53,4 +46,4 @@
 	<rule from="^http://service\.elle\.com/.*"
 		to="https://w1.buysub.com/servlet/CSGateway?cds_mag_code=ELM" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Elliptic-Technologies.xml b/src/chrome/content/rules/Elliptic-Technologies.xml
index 15fd70a27c0e..24847efd423a 100644
--- a/src/chrome/content/rules/Elliptic-Technologies.xml
+++ b/src/chrome/content/rules/Elliptic-Technologies.xml
@@ -1,13 +1,19 @@
-<ruleset name="Elliptic Technologies">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://elliptictech.com/ => https://elliptictech.com/: (51, "SSL: no alternative certificate subject name matches target host name 'elliptictech.com'")
+Fetch error: http://www.elliptictech.com/ => https://www.elliptictech.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.elliptictech.com'")
+
+-->
+<ruleset name="Elliptic Technologies" default_off="failed ruleset test">
 
 	<target host="elliptictech.com" />
 	<target host="www.elliptictech.com" />
 
 
-	<securecookie host="^(www\.)?elliptictech\.com$" name=".*" />
+	<securecookie host="^(?:www\.)?elliptictech\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?elliptictech\.com/"
-		to="https://$1elliptictech.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Ello.co.xml b/src/chrome/content/rules/Ello.co.xml
new file mode 100644
index 000000000000..6600f4e276aa
--- /dev/null
+++ b/src/chrome/content/rules/Ello.co.xml
@@ -0,0 +1,13 @@
+<!--
+	Blocks tor; "Access To Website Blocked"
+
+-->
+<ruleset name="Ello.co">
+
+	<target host="ello.co" />
+	<target host="www.ello.co" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Elmbridge.gov.uk.xml b/src/chrome/content/rules/Elmbridge.gov.uk.xml
new file mode 100644
index 000000000000..e3bf6dbee581
--- /dev/null
+++ b/src/chrome/content/rules/Elmbridge.gov.uk.xml
@@ -0,0 +1,72 @@
+<!--
+	Elmbridge Borough Council
+
+	For rules causing MCB, see Elmbridge.gov.uk-falsemixed.xml.
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *elmbridge.gov.uk:
+
+		- (www.)? ᵈ
+		- edocs ᵈ
+		- emaps ᵃ
+		- images ᵃ
+		- petitions ᵗ
+
+	ᵃ Shows another domain
+	ᵈ Dropped
+	ᵗ Reset
+
+
+	Problematic hosts in *elmbridge.gov.uk:
+
+		- consult ᵐ ˢ
+		- mygov ˣ
+
+	ᵐ Mismatched
+	ˢ Self-signed
+	ˣ Mixed css
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- benefits.elmbridge.gov.uk
+		- mygov.elmbridge.gov.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css on mygov from www.elmbridge.gov.uk ᵈ
+
+		- Images, on:
+
+			- consult, mygov from images.elmbridge.gov.uk ᵃ
+			- mygov from www.elmbridge.gov.uk ᵈ
+
+		- favicon on mygov from www.elmbridge.gov.uk ᵈ
+
+	ᵃ Unsecurable <= shows another domain
+	ᵈ Unsecurable <= connection dropped
+
+-->
+<ruleset name="Elmbridge.gov.uk (partial)">
+
+	<target host="benefits.elmbridge.gov.uk" />
+	<!--starget host="mygov.elmbridge.gov.uk" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^benefits\.elmbridge\.gov\.uk$" name="^(?:\.ASPXAUTH|ASP\.NET_SessionId$)" /-->
+	<!--securecookie host="^mygov\.elmbridge\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ElmyWeb.com.xml b/src/chrome/content/rules/ElmyWeb.com.xml
new file mode 100644
index 000000000000..662821c3ff49
--- /dev/null
+++ b/src/chrome/content/rules/ElmyWeb.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="ElmyWeb.com">
+	<target host="elmyweb.com" />
+	<target host="www.elmyweb.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Elo_Concursos.com.br.xml b/src/chrome/content/rules/Elo_Concursos.com.br.xml
new file mode 100644
index 000000000000..3e0cafd0130c
--- /dev/null
+++ b/src/chrome/content/rules/Elo_Concursos.com.br.xml
@@ -0,0 +1,20 @@
+<!--
+	www: cert only matches ^eloconcursos.com.br.
+
+-->
+<ruleset name="Elo Concursos.com.br">
+
+	<target host="eloconcursos.com.br" />
+	<target host="www.eloconcursos.com.br" />
+
+
+	<!--	 Not secured by server:
+					-->
+	<!--securecookie host="^eloconcursos\.com\.br$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^eloconcursos\.com\.br$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Elo_Global_e-services.xml b/src/chrome/content/rules/Elo_Global_e-services.xml
index 83f4758e57b6..73fe6532e999 100644
--- a/src/chrome/content/rules/Elo_Global_e-services.xml
+++ b/src/chrome/content/rules/Elo_Global_e-services.xml
@@ -1,4 +1,13 @@
-<ruleset name="Elo Global e-services">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://elotouchexpress.com/ => https://elotouchexpress.com/: (35, 'Unknown SSL protocol error in connection to elotouchexpress.com:443 ')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://elotouchexpress.com/ => https://elotouchexpress.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.elotouchexpress.com/ => https://www.elotouchexpress.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+-->
+<ruleset name="Elo Global e-services" default_off="failed ruleset test">
 
 	<target host="elotouchexpress.com" />
 	<target host="www.elotouchexpress.com" />
@@ -7,7 +16,6 @@
 	<securecookie host="^(?:www\.)?elotouchexpress\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?elotouchexpress\.com/"
-		to="https://$1elotouchexpress.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Eloqua-clients.xml b/src/chrome/content/rules/Eloqua-clients.xml
deleted file mode 100644
index 0babfb0e3d11..000000000000
--- a/src/chrome/content/rules/Eloqua-clients.xml
+++ /dev/null
@@ -1,27 +0,0 @@
-<!--
-	This ruleset is for Eloqua clients that otherwise have no rules off by default.
-
--->
-<ruleset name="Eloqua clients" default_off="mismatch">
-
-	<!--	Cert: secure.eloqua.com
-					-->
-	<target host="connect.astaro.com" />
-	<target host="go.brightcove.com" />
-	<target host="info.vmware.com" />
-	<target host="understanding.webtrends.com" />
-
-
-	<rule from="^http://connect\.astaro\.com/"
-		to="https://connect.astaro.com/" />
-
-	<rule from="^http://go\.brightcove\.com/"
-		to="https://go.brightcove.com/" />
-
-	<rule from="^http://info\.vmware\.com/"
-		to="https://info.vmware.com/" />
-
-	<rule from="^http://understanding\.webtrends\.com/"
-		to="https://understanding.webtrends.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Eloqua-mismatches.xml b/src/chrome/content/rules/Eloqua-mismatches.xml
index 08d26b39667e..23b4e02ced68 100644
--- a/src/chrome/content/rules/Eloqua-mismatches.xml
+++ b/src/chrome/content/rules/Eloqua-mismatches.xml
@@ -4,19 +4,25 @@
 -->
 <ruleset name="Eloqua (mismatches)" default_off="expired, mismatched, self-signed">
 
-	<target host="*.eloqua.com" />
+	<!--	Direct rewrites:
+				-->
+	<target host="media.eloqua.com" />
+	<target host="now.eloqua.com" />
+	<target host="succeed.eloqua.com" />
+	<target host="web.eloqua.com" />
 	<target host="useitandsee.com" />
-	<target host="*.useitandsee.com" />
 
+	<!--	Special cases:
+				-->
+	<target host="www.useitandsee.com" />
 
-	<securecookie host=".*\.eloqua\.com$" name=".+" />
-	<securecookie host="(?:.*\.)?useitandsee\.com$" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
 
-	<rule from="^http://(blog|media|succeed|web)\.eloqua\.com/"
-		to="https://$1.eloqua.com/" />
-
-	<rule from="^http://(?:www\.)?useitandsee\.com/"
+	<rule from="^http://www\.useitandsee\.com/"
 		to="https://useitandsee.com/" />
 
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/Eloqua.xml b/src/chrome/content/rules/Eloqua.xml
index ba4e8f28bccf..c1702584081f 100644
--- a/src/chrome/content/rules/Eloqua.xml
+++ b/src/chrome/content/rules/Eloqua.xml
@@ -1,39 +1,29 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cloudconnectors.eloqua.com/ => https://cloudconnectors.eloqua.com/: (6, 'Could not resolve host: cloudconnectors.eloqua.com')
+
 	For problematic rules, see Eloqua-mismatches.xml.
 
 	For other Oracle coverage, see Oracle.xml.
 
-
-	Other Eloqua rulesets:
-
-		- Eloqua-clients.xml
-
-
 	CDN buckets:
 
 		- now.eloqua.com.edgesuite.net
 
 			- images.marketing.eloqua.com
 
-		- wildcard.en25.com.edgekey.net
-
-		- amda-p9fb4.client.shareholder.com
-
-			- investor.eloqua.com
-
 
 	Nonfunctional domains:
 
 		- eloqua.com subdomains:
 
-			- (www.)		(no https)
+			- (www.)? ʰ
 			- businesscenter *
-			- investor *
-			- topliners *
 
 		- eloquaexperience.com
-		- *.en25.com
 
+	ʰ Redirects to http
 	* Times out
 
 
@@ -41,26 +31,36 @@
 
 		-  eloqua.com subdomains:
 
-			- blog			(works; expired 2011-03-04, CN: localhost.localdomain)
+			- blog ¹
+			- elqcdn ᴬ
 			- images.marketing	(works, akamai)
 			- media			(works; mismatched, CN: *.clickability.com)
 			- now *
 			- succeed		(works; mismatched, CN: *.t.eloqua.com)
+			- topliners		(Redirects to http)
 			- web			(works; expired 2013-02-08, self-signed, CN: plesk)
 
 		- (www.)useitandsee.com *
 
+	ᴬ Akamai / mismatched
+	¹ Shows another domain
 	* Mismatched, CN: secure.eloqua.com
 
 
-	Fully covered domains:
+	Partially covered hosts:
 
-		- (www.)elq.to		(→ bit.ly)
+		- now *
+
+	* Satisfying fetch tests
+
+
+	Fully covered domains:
 
 		- eloqua.com subdomains:
 
+			- blog			(→ blogs.oracle.com)
+			- login
 			- images.marketing	(→ s33.t)
-			- now			(→ secure)
 			- secure
 			- static
 
@@ -70,36 +70,86 @@
 				- s2624
 				- s33
 
-		- img.en25.com
+			- topliners		(→ community.oracle.com)
 
--->
-<ruleset name="Eloqua">
 
-	<target host="*.eloqua.com" />
-	<target host="elq.to" />
-	<target host="www.elq.to" />
-	<target host="img.en25.com" />
+	Insecure cookies are set for these domains and hosts: ᶜ
 
+		- .eloqua.com
+		- cloudconnectors.eloqua.com
+		- .login.eloqua.com
+		- now.eloqua.com
+		- .secure.p03.eloqua.com
+		- .secure.eloqua.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Eloqua.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="cloudconnectors.eloqua.com" />
+	<target host="login.eloqua.com" />
+	<target host="secure.p03.eloqua.com" />
+	<target host="secure.eloqua.com" />
+	<target host="static.eloqua.com" />
+	<target host="*.t.eloqua.com" />
+
+	<!--	Special cases:
+				-->
+	<target host="blog.eloqua.com" />
+	<target host="images.marketing.eloqua.com" />
+	<target host="now.eloqua.com" />
+	<target host="topliners.eloqua.com" />
+
+		<!--	Satisfy fetch tests:
+						-->
+		<exclusion pattern="^http://now\.eloqua\.com/(?!EloquaImages/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://now.eloqua.com/FormsLogin.aspx" />
+
+			<!--	-ve:
+					-->
+			<test url="http://now.eloqua.com/EloquaImages/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.eloqua\.com$" name="^(ELOQUA|ELQSTATUS)$" /-->
+	<!--securecookie host="^cloudconnectors\.eloqua\.com$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^(\.login|now|\.secure\.p03|\.secure)\.eloqua\.com$" name="^culture$" /-->
 
 	<securecookie host="^\.eloqua\.com$" name="^EL(?:OQUA|QSTATUS)$" />
+	<securecookie host="^(?:cloudconnectors|\.login|\.secure)\.eloqua\.com$" name=".+" />
 
 
-	<rule from="^http://investor\.eloqua\.com/common/"
-		to="https://investor.shareholder.com/common/" />
+	<!--	Redirect keeps path, args, and forward slash:
+								-->
+	<rule from="^http://blog\.eloqua\.com/"
+		to="https://blogs.oracle.com/marketingcloud//" />
+
+	<rule from="^http://images\.marketing\.eloqua\.com/$"
+		to="https://login.eloqua.com/" />
 
 	<rule from="^http://images\.marketing\.eloqua\.com/"
 		to="https://s33.t.eloqua.com/" />
 
+		<test url="http://images.marketing.eloqua.com/Web/Eloqua/" />
+
 	<rule from="^http://now\.eloqua\.com/"
 		to="https://secure.eloqua.com/" />
 
-	<rule from="^http://(secure|static|\w\d+\.t)\.eloqua\.com/"
-		to="https://$1.eloqua.com/" />
+	<!--	Redirect drops path, args, and forward slash:
+								-->
+	<rule from="^http://topliners\.eloqua\.com/.*"
+		to="https://community.oracle.com/community/topliners/" />
 
-	<rule from="^http://(?:www\.)?elq\.to/"
-		to="https://bit.ly/" />
+		<test url="http://topliners.eloqua.com/welcomeelcome" />
 
-	<rule from="^http://img\.en25\.com/"
-		to="https://img.en25.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Eloquent_JavaScript.net.xml b/src/chrome/content/rules/Eloquent_JavaScript.net.xml
index 0de63a23b2d8..4c84237c2d3b 100644
--- a/src/chrome/content/rules/Eloquent_JavaScript.net.xml
+++ b/src/chrome/content/rules/Eloquent_JavaScript.net.xml
@@ -1,10 +1,13 @@
-<ruleset name="Eloquent JavaScript.net">
-
+<!--
+	Wildcard DNS:
+		https://www.eloquentjavascript.net/Eloquent_JavaScript.pdf
+-->
+<ruleset name="Eloquent_JavaScript.net">
 	<target host="eloquentjavascript.net" />
 	<target host="www.eloquentjavascript.net" />
+	<target host="fr.eloquentjavascript.net" />
 
+	<rule from="^http://www\.eloquentjavascript\.net/" to="https://eloquentjavascript.net/" />
 
-	<rule from="^http://(www\.)?eloquentjavascript\.net/"
-		to="https://$1eloquentjavascript.net/" />
-
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Els-CDN.com.xml b/src/chrome/content/rules/Els-CDN.com.xml
new file mode 100644
index 000000000000..3f8bc53d9187
--- /dev/null
+++ b/src/chrome/content/rules/Els-CDN.com.xml
@@ -0,0 +1,24 @@
+<!--
+	For other Elsevier coverage, see Elsevier.xml.
+
+	No working URL known:
+		cert1-*.els-cdn.com
+
+-->
+<ruleset name="Els-CDN.com (partial)">
+
+	<target host="ac.els-cdn.com" />
+		<!-- Test url looks like it's leaking a private key. Confirmed working 11/2017 -->
+	<target host="ars.els-cdn.com" />
+		<test url="http://ars.els-cdn.com/content/image/1-s2.0-S0008621517304457-mmc1.pdf" />
+	<target host="cdn.els-cdn.com" />
+		<test url="http://cdn.els-cdn.com/sd/clear.gif" />
+	<target host="origin-ars.els-cdn.com" />
+	<target host="origin-cdn.els-cdn.com" />
+
+	<securecookie host="^origin-ars\.els-cdn\.com$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Elsevier-mismatches.xml b/src/chrome/content/rules/Elsevier-mismatches.xml
deleted file mode 100644
index 9401f1e25f5d..000000000000
--- a/src/chrome/content/rules/Elsevier-mismatches.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	For rules that are on by default, see Elsevier.xml.
-
--->
-<ruleset name="Elsevier (mismatches)" default_off="mismatches">
-
-	<target host="ac.els-cdn.com" />
-
-
-	<!--	Akamai.
-			-->
-	<rule from="^http://ac\.els-cdn\.com/"
-		to="https://ac.els-cdn.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Elsevier-mixedcontent.xml b/src/chrome/content/rules/Elsevier-mixedcontent.xml
deleted file mode 100644
index 8bce1612b07d..000000000000
--- a/src/chrome/content/rules/Elsevier-mixedcontent.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	For domains without mixed content, see Elsevier.xml.
-
--->
-<ruleset name="Elsevier (mixedcontent)" platform="mixedcontent">
-
-	<target host="elsevier.com" />
-	<target host="www.elsevier.com" />
-	<target host="*.www.elsevier.com" />
-
-
-	<securecookie host="^\.www\.elsevier\.com$" name=".+" />
-
-
-	<rule from="^https?://(?:www\.)?elsevier\.com/"
-		to="https://www.elsevier.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Elsevier.ca.xml b/src/chrome/content/rules/Elsevier.ca.xml
new file mode 100644
index 000000000000..dd3a968e2184
--- /dev/null
+++ b/src/chrome/content/rules/Elsevier.ca.xml
@@ -0,0 +1,27 @@
+<!--
+	For other Elsevier coverage, see Elsevier.xml.
+
+
+	Insecure cookies are set for these hosts:
+
+		- elsevier.ca
+		- www.elsevier.ca
+
+-->
+<ruleset name="Elsevier.ca">
+
+	<target host="elsevier.ca" />
+	<target host="www.elsevier.ca" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?elsevier\.ca$" name="^currentURL$" /-->
+
+	<securecookie host="^(?:www\.)?elsevier\.ca$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Elsevier.xml b/src/chrome/content/rules/Elsevier.xml
index c0337a973afe..4a440f0fccb9 100644
--- a/src/chrome/content/rules/Elsevier.xml
+++ b/src/chrome/content/rules/Elsevier.xml
@@ -1,97 +1,60 @@
 <!--
-	For domains with mixed content, see Elsevier-mixedcontent.xml.
-
-	For problematic rules, see Elsevier-mismatches.xml
-
-
 	Other Elsevier rulesets:
 
+		- Els-CDN.com.xml
+		- Elsevier.ca.xml
+		- Elsevier_Health.com.xml
+		- Elsevier_Health.com.au.xml
 		- Journal_of_Affective_Disorders.xml
 		- Journal-of-Bodywork-and-Movement-Therapies.xml
-		- SciVerse.xml
 		- Scopus.xml
 
 
 	CDN buckets:
 
 		- elseviercdn.squizltd.netdna-cdn.com
+		- cdn.elsevier.com
 
-			- cdn.elsevier.com
-			- -ssl doesn't exist
-
-
-	Problematic domains:
-
-		- elsevier.com subdomains:
-
-			- ^		(cert only matches www)
-			- www		(mixed content from cdn)
-			- cdn		(404, mismatched, CN: *.netdna-ssl.com)
-
-		- loginptr.elsevierhealth.com	(cert: secure.elsevierhealth.com)
-
-
-	Nonfunctional domains:
-
-		- res.journals.elsevier.com
-
-
-	Fully covered domains:
-
-		- ees.elsevier.com
-		- support.elsevier.com
 
+	Invalid certificate:
+		www.ethics.elservier.com
+		res.journals.elsevier.com
+		cdn.elservier.com
+		developers.elsevier.com
+		www.ees.elsevier.com
 
-	Targets solely for wildcard cookies:
-
-		- *.secure.elsevierhealth.com
+	Refused:
+		reprints.elsevier.com
 
 -->
-<ruleset name="Elsevier (partial)">
-
-	<target host="*.els-cdn.com" />
-	<target host="elsevier.ca" />
-	<target host="www.elsevier.ca" />
-	<target host="*.elsevier.com" />
-		<exclusion pattern="^http://www\.developers\.elsevier\.com/($|action)" />
-	<target host="elsevierhealth.com" />
-	<target host="*.elsevierhealth.com" />
-	<target host="elsevierhealth.com.au" />
-	<target host="www.elsevierhealth.com.au" />
-	<target host="elsevierhealth.co.uk" />
-	<target host="www.elsevierhealth.co.uk" />
-
-
-	<securecookie host="^origin-ars\.els-cdn\.com$" name=".*" />
-	<securecookie host="^www\.elsevier\.ca$" name=".*" />
-	<securecookie host="^(?!\.www\.elsevier\.).*\.elsevier\.com$" name=".+" />
-	<securecookie host="(.*\.)?elsevierhealth\.co(m(\.au)?|\.uk)$" name=".*" />
-
-
-	<rule from="^https?://(?:origin-)?(ars|cdn)\.els-cdn\.com/"
-		to="https://origin-$1.els-cdn.com/" />
-
-
-	<rule from="^https?://(?:www\.)?elsevier\.ca/"
-		to="https://www.elsevier.ca/" />
-
-	<rule from="^https?://(?:www\.)?developers\.elsevier\.com/"
+<ruleset name="Elsevier.com (partial)">
+
+	<target host="elsevier.com" />
+	<target host="www.elsevier.com" />
+	<target host="acw.elsevier.com" />
+	<target host="api.elsevier.com" />
+	<target host="auth.elsevier.com" />
+	<target host="covers.elsevier.com" />
+	<target host="dev.elsevier.com" />
+	<target host="developers.elsevier.com" />
+	<target host="www.developers.elsevier.com" />
+	<target host="ees.elsevier.com" />
+	<target host="www.ees.elsevier.com" />
+	<target host="evolve.elsevier.com" />
+	<target host="help.elsevier.com" />
+	<target host="linkinghub.elsevier.com" />
+	<target host="pa.elsevier.com" />
+	<target host="support.elsevier.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://developers\.elsevier\.com/"
 		to="https://www.developers.elsevier.com/" />
 
-	<rule from="^http://(acw|auth|covers|ees|linkinghub|pa|support)\.elsevier\.com/"
-		to="https://$1.elsevier.com/" />
-
-
-	<rule from="^http://(www\.)?((?:asia|eu|mea|us)\.)?elsevierhealth\.com/"
-		to="https://$1$2elsevierhealth.com/" />
-
-	<rule from="^http://secure\.elsevierhealth\.com/"
-		to="https://secure.elsevierhealth.com/" />
-
-	<rule from="^https?://(?:www\.)?elsevierhealth\.com\.au/"
-		to="https://www.elsevierhealth.com.au/" />
+	<rule from="^http://www\.ees\.elsevier\.com/"
+		to="https://ees.elsevier.com/" />
 
-	<rule from="^http://(www\.)?elsevierhealth\.co\.uk/"
-		to="https://$1elsevierheath.co.uk/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Elsevier_Health.com.au.xml b/src/chrome/content/rules/Elsevier_Health.com.au.xml
new file mode 100644
index 000000000000..d726a4a3fe39
--- /dev/null
+++ b/src/chrome/content/rules/Elsevier_Health.com.au.xml
@@ -0,0 +1,17 @@
+<!--
+	For other Elsevier coverage, see Elsevier.xml.
+
+-->
+<ruleset name="Elsevier Health.com.au">
+
+	<target host="elsevierhealth.com.au" />
+	<target host="www.elsevierhealth.com.au" />
+
+
+	<securecookie host=".+" name=".+"/>
+
+
+	<rule from="^http://(?:www\.)?elsevierhealth\.com\.au/"
+		to="https://www.elsevierhealth.com.au/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Elsevier_Health.com.xml b/src/chrome/content/rules/Elsevier_Health.com.xml
new file mode 100644
index 000000000000..bc3db9e7f5f6
--- /dev/null
+++ b/src/chrome/content/rules/Elsevier_Health.com.xml
@@ -0,0 +1,48 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://asia.elsevierhealth.com/ => https://asia.elsevierhealth.com/: (51, "SSL: no alternative certificate subject name matches target host name 'asia.elsevierhealth.com'")
+Fetch error: http://www.asia.elsevierhealth.com/ => https://www.asia.elsevierhealth.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.asia.elsevierhealth.com'")
+Fetch error: http://www.elsevierhealth.com/ => https://www.elsevierhealth.com/: (7, 'Failed to connect to www.elsevierhealth.com port 443: Connection refused')
+
+	Other Elsevier coverage, see Elsevier.xml.
+
+
+	loginptr: Reset over http & https
+	secure: Reset over http & https
+
+
+	Problematic hosts in *elsevierhealth.com:
+
+		- (www.)?asia *
+
+	* Mismatched
+
+-->
+<ruleset name="Elsevier Health.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="asia.elsevierhealth.com" />
+	<target host="www.asia.elsevierhealth.com" />
+	<target host="eu.elsevierhealth.com" />
+	<target host="www.eu.elsevierhealth.com" />
+	<!--target host="secure.jbs.elsevierhealth.com" /-->
+	<target host="mea.elsevierhealth.com" />
+	<target host="www.mea.elsevierhealth.com" />
+	<target host="us.elsevierhealth.com" />
+	<target host="www.us.elsevierhealth.com" />
+	<target host="www.elsevierhealth.com" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://secure\.jbs\.elsevierhealth\.com/$" /-->
+
+
+	<securecookie host=".+" name=".+"/>
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Elster.de.xml b/src/chrome/content/rules/Elster.de.xml
new file mode 100644
index 000000000000..8142c162d612
--- /dev/null
+++ b/src/chrome/content/rules/Elster.de.xml
@@ -0,0 +1,10 @@
+<ruleset name="Elster.de">
+	<target host="www.elster.de" />
+	<target host=    "elster.de" />
+	<target host="www.elsteronline.de" />
+	<target host=    "elsteronline.de" />
+	<!-- mismatching cert: blog.elster.de -->
+
+	<rule from="^http:"
+	        to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Eltartar_War.xml b/src/chrome/content/rules/Eltartar_War.xml
deleted file mode 100644
index 26a6d8bc5617..000000000000
--- a/src/chrome/content/rules/Eltartar_War.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Eltartar War">
-
-	<target host="eltatar.com" />
-	<target host="*.eltatar.com" />
-
-
-	<securecookie host="^(?:.*\.)?eltartar\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?eltartar\.com/"
-		to="https://$1eltartar.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/EludeVisibility.org.xml b/src/chrome/content/rules/EludeVisibility.org.xml
new file mode 100644
index 000000000000..cefe18585dc0
--- /dev/null
+++ b/src/chrome/content/rules/EludeVisibility.org.xml
@@ -0,0 +1,35 @@
+<!--
+	Mismatched:
+		- shop
+-->
+
+<ruleset name="EludeVisibility.org">
+	<target host="eludevisibility.org" />
+	<target host="www.eludevisibility.org" />
+	<target host="danktrans.eludevisibility.org" />
+	<target host="www.danktrans.eludevisibility.org" />
+	<target host="dejap.eludevisibility.org" />
+	<target host="www.dejap.eludevisibility.org" />
+	<target host="dvdtranslations.eludevisibility.org" />
+	<target host="www.dvdtranslations.eludevisibility.org" />
+	<target host="fusoya.eludevisibility.org" />
+	<target host="www.fusoya.eludevisibility.org" />
+	<target host="grimmtranslations.eludevisibility.org" />
+	<target host="www.grimmtranslations.eludevisibility.org" />
+	<target host="hemp.eludevisibility.org" />
+	<target host="www.hemp.eludevisibility.org" />
+	<target host="jpntrans.eludevisibility.org" />
+	<target host="www.jpntrans.eludevisibility.org" />
+	<target host="mijet.eludevisibility.org" />
+	<target host="www.mijet.eludevisibility.org" />
+	<target host="princess.eludevisibility.org" />
+	<target host="www.princess.eludevisibility.org" />
+	<target host="smkdan.eludevisibility.org" />
+	<target host="www.smkdan.eludevisibility.org" />
+	<target host="yojimbo.eludevisibility.org" />
+	<target host="www.yojimbo.eludevisibility.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/EmacsWiki.org.xml b/src/chrome/content/rules/EmacsWiki.org.xml
new file mode 100644
index 000000000000..310dc2ec0798
--- /dev/null
+++ b/src/chrome/content/rules/EmacsWiki.org.xml
@@ -0,0 +1,25 @@
+<!--
+	^emacswiki.org: Mismatched
+
+-->
+<ruleset name="EmacsWiki.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.emacswiki.org" />
+
+	<!--	Complications:
+				-->
+	<target host="emacswiki.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://emacswiki\.org/"
+		to="https://www.emacswiki.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Email-lists.org.xml b/src/chrome/content/rules/Email-lists.org.xml
new file mode 100644
index 000000000000..9b97b7965341
--- /dev/null
+++ b/src/chrome/content/rules/Email-lists.org.xml
@@ -0,0 +1,12 @@
+<ruleset name="email-lists.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="email-lists.org" />
+	<target host="www.email-lists.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Emaileri.fi.xml b/src/chrome/content/rules/Emaileri.fi.xml
index 0161b0ba8fbc..206587e52390 100644
--- a/src/chrome/content/rules/Emaileri.fi.xml
+++ b/src/chrome/content/rules/Emaileri.fi.xml
@@ -5,8 +5,8 @@
   <target host="emaileri.net"/>
   <target host="www.emaileri.com"/>
   <target host="emaileri.com"/>
-  <rule from="^http://(www\.)?emaileri\.fi/" to="https://www.emaileri.fi/"/>
-  <rule from="^https?://(www\.)?emaileri\.net/" to="https://www.emaileri.fi/"/>
-  <rule from="^https?://(www\.)?emaileri\.com/" to="https://www.emaileri.fi/"/>
+  <rule from="^http://(?:www\.)?emaileri\.fi/" to="https://www.emaileri.fi/"/>
+  <rule from="^http://(?:www\.)?emaileri\.net/" to="https://www.emaileri.fi/"/>
+  <rule from="^http://(?:www\.)?emaileri\.com/" to="https://www.emaileri.fi/"/>
 </ruleset>
-<!-- Rule generated by HTTPS Finder 0.85 -->
\ No newline at end of file
+<!-- Rule generated by HTTPS Finder 0.85 -->
diff --git a/src/chrome/content/rules/Emailprivacytester.com.xml b/src/chrome/content/rules/Emailprivacytester.com.xml
deleted file mode 100644
index aaba2eb9fc71..000000000000
--- a/src/chrome/content/rules/Emailprivacytester.com.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!-- This rule was automatically generated based on an HSTS
-     preload rule in the Chromium browser.  See
-     https://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.h
-     for the list of preloads.  Sites are added to the Chromium HSTS
-     preload list on request from their administrators, so HTTPS should
-     work properly everywhere on this site.
-
-     Because Chromium and derived browsers automatically force HTTPS for
-     every access to this site, this rule applies only to Firefox. -->
-<ruleset name="Emailprivacytester.com" platform="firefox">
-<target host="emailprivacytester.com" />
-
-<securecookie host="^emailprivacytester\.com$" name=".+" />
-
-<rule from="^http://emailprivacytester\.com/" to="https://emailprivacytester.com/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Emailvision.xml b/src/chrome/content/rules/Emailvision.xml
index 15d8ee6d9e41..e304d4907e18 100644
--- a/src/chrome/content/rules/Emailvision.xml
+++ b/src/chrome/content/rules/Emailvision.xml
@@ -1,4 +1,10 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://emailvision.com/ => https://emailvision.com/: (51, "SSL: no alternative certificate subject name matches target host name 'emailvision.com'")
+
+Automatically by https-everywhere-checker because:
+Fetch error: http://emailvision.com/ => https://emailvision.com/: (60, 'SSL certificate problem: self signed certificate')
 	Nonfunctional domains:
 
 		- emailvision.com subdomains:
@@ -20,7 +26,7 @@
 	* Works, mismatched, CN: *.emv3.com
 
 -->
-<ruleset name="Emailvision (partial)">
+<ruleset name="Emailvision (partial)" default_off="failed ruleset test">
 
 	<target host="emailvision.com" />
 	<target host="*.emailvision.com" />
@@ -34,10 +40,10 @@
 	<rule from="^http://(www\.)?emailvision\.com/"
 		to="https://$1emailvision.com/" />
 
-	<rule from="^https?://(?:www\.)?emv3\.com/"
+	<rule from="^http://(?:www\.)?emv3\.com/"
 		to="https://emv3.emv3.com/" />
 
 	<rule from="^http://(ase|emv\d|p\dtre|tre)\.emv3\.com/"
 		to="https://$1.emv3.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Emap_Awards.xml b/src/chrome/content/rules/Emap_Awards.xml
index 77e73b5823be..98c6bffea01f 100644
--- a/src/chrome/content/rules/Emap_Awards.xml
+++ b/src/chrome/content/rules/Emap_Awards.xml
@@ -1,4 +1,11 @@
-<ruleset name="Emap Awards">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://emapawards.com/ => https://emapawards.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.emapawards.com/ => https://www.emapawards.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+-->
+<ruleset name="Emap Awards" default_off="failed ruleset test">
 
 	<target host="emapawards.com" />
 	<target host="www.emapawards.com" />
@@ -7,7 +14,6 @@
 	<securecookie host="^(?:www\.)?emapawards\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?emapawards\.com/"
-		to="https://$1emapawards.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Embed.ly.xml b/src/chrome/content/rules/Embed.ly.xml
new file mode 100644
index 000000000000..a7b6c069a25d
--- /dev/null
+++ b/src/chrome/content/rules/Embed.ly.xml
@@ -0,0 +1,79 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://t.embed.ly/ => https://t.embed.ly/: (28, 'Operation timed out after 30003 milliseconds with 0 bytes received')
+
+	Other Embedly rulesets:
+
+		- Embedly.com.xml
+
+
+	Nonfunctional subdomains:
+
+		- ^ ¹
+		- blog ²
+		- support ³
+
+	¹ Redirects to http
+	² Tumblr
+	³ Zendesk
+
+
+	Fully covered subdomains:
+
+		- api
+		- api-cdn
+		- app
+		- cdn
+		- i
+		- t
+		- www
+
+
+	Insecure cookies are set for these domains:
+
+		- api.embed.ly
+
+-->
+<ruleset name="Embed.ly (partial)" default_off="failed ruleset test">
+
+	<target host="api.embed.ly" />
+	<target host="api-cdn.embed.ly" />
+	<target host="app.embed.ly" />
+	<target host="cdn.embed.ly" />
+	<target host="i.embed.ly" />
+	<target host="t.embed.ly" />
+	<target host="www.embed.ly" />
+
+	<!--	Complications:
+				-->
+	<target host="support.embed.ly" />
+
+		<exclusion pattern="^http://support\.embed\.ly/(?!favicon\.ico|images/|support/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://support.embed.ly/hc/communities/public/questions/202224445-Image-Resize-returning-broken-images" />
+			<test url="http://support.embed.ly/hc/communities/public/questions/202224805-not-support-vk-com" />
+			<test url="http://support.embed.ly/hc/en-us/articles/204266065-Unsafe-JavaScript" />
+			<test url="http://support.embed.ly/hc/en-us/articles/204266155-Vimeo-Domain-Restrictions" />
+
+			<!--	-ve:
+					-->
+			<test url="http://support.embed.ly/favicon.ico" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^api\.embed\.ly$" name="^em_beagle_eid$" /-->
+
+	<securecookie host="^ap[ip]\.embed\.ly$" name=".+" />
+
+
+	<rule from="^http://support\.embed\.ly/"
+		to="https://embedly.zendesk.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Embedded_ARM.com.xml b/src/chrome/content/rules/Embedded_ARM.com.xml
new file mode 100644
index 000000000000..380e336c45cc
--- /dev/null
+++ b/src/chrome/content/rules/Embedded_ARM.com.xml
@@ -0,0 +1,27 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://embeddedarm.com/ => https://embeddedarm.com/: (51, "SSL: no alternative certificate subject name matches target host name 'embeddedarm.com'")
+
+	Nonfunctional hosts in *embeddedarm.com:
+
+		- forum ʳ
+		- wiki ᵃ
+
+	ᵃ Shows www.embeddedarm.com
+	ʳ Refused
+
+-->
+<ruleset name="Embedded ARM.com (partial)" default_off="failed ruleset test">
+
+	<target host="embeddedarm.com" />
+	<target host="www.embeddedarm.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Embedded_Analytics.com.xml b/src/chrome/content/rules/Embedded_Analytics.com.xml
new file mode 100644
index 000000000000..0f314bd4c8cf
--- /dev/null
+++ b/src/chrome/content/rules/Embedded_Analytics.com.xml
@@ -0,0 +1,16 @@
+<ruleset name="Embedded Analytics.com">
+
+	<target host="embeddedanalytics.com" />
+	<target host="www.embeddedanalytics.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.embeddedanalytics\.com$" name="^eaid$" /-->
+
+	<securecookie host="^\.embeddedanalytics\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Embedly.com.xml b/src/chrome/content/rules/Embedly.com.xml
new file mode 100644
index 000000000000..c649f2f7892b
--- /dev/null
+++ b/src/chrome/content/rules/Embedly.com.xml
@@ -0,0 +1,16 @@
+<!--
+	For other Embedly coverage, see Embed.ly.xml.
+	Rule breaks videos on genius.com
+
+-->
+<ruleset name="Embedly.com" default_off="breaks site">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="cdn.embedly.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Embedresponsively.com.xml b/src/chrome/content/rules/Embedresponsively.com.xml
new file mode 100644
index 000000000000..4a944041159e
--- /dev/null
+++ b/src/chrome/content/rules/Embedresponsively.com.xml
@@ -0,0 +1,15 @@
+<!--
+    Non-functional hosts:
+
+       Invalid certificate:
+
+       - ftp.embedresponsively.com
+       - ssh.embedresponsively.com
+
+-->
+<ruleset name="Embedresponsively.com">
+   <target host="embedresponsively.com" />
+   <target host="www.embedresponsively.com" />
+
+   <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Emberjs.com.xml b/src/chrome/content/rules/Emberjs.com.xml
new file mode 100644
index 000000000000..ae79d83a8fe7
--- /dev/null
+++ b/src/chrome/content/rules/Emberjs.com.xml
@@ -0,0 +1,30 @@
+<!--
+	Invalid certificate:
+		docs.emberjs.com
+		docs.edge.emberjs.com
+
+	Timeout:
+		builds.emberjs.com
+-->
+<ruleset name="Emberjs.com">
+
+	<target host="emberjs.com" />
+	<target host="www.emberjs.com" />
+	<target host="api.emberjs.com" />
+	<target host="api-store.emberjs.com" />
+	<target host="blog.emberjs.com" />
+	<target host="cli.emberjs.com" />
+	<target host="deprecations.emberjs.com" />
+	<target host="discuss.emberjs.com" />
+	<target host="fastboot.emberjs.com" />
+	<target host="guides.emberjs.com" />
+	<target host="help-wanted.emberjs.com" />
+	<target host="jobs.emberjs.com" />
+	<target host="octane-guides-preview.emberjs.com" />
+	<target host="tutorials.emberjs.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Emcraft.com.xml b/src/chrome/content/rules/Emcraft.com.xml
new file mode 100644
index 000000000000..ca85ec053001
--- /dev/null
+++ b/src/chrome/content/rules/Emcraft.com.xml
@@ -0,0 +1,24 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://order.emcraft.com/ => https://order.emcraft.com/: (6, 'Could not resolve host: order.emcraft.com')
+
+-->
+<ruleset name="Emcraft.com" default_off="failed ruleset test">
+
+	<target host="emcraft.com" />
+	<target host="order.emcraft.com" />
+	<target host="www.emcraft.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?emcraft\.com$" name="^[0-9a-f]{32}$" /-->
+	<!--securecookie host="^order\.emcraft\.com$" name="^(ASPSESSIONID[A-Z]{8}|vsettings)$" /-->
+
+	<securecookie host="^(?:order\.|www\.)?emcraft\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Emediate.dk.xml b/src/chrome/content/rules/Emediate.dk.xml
index 3b378880f7e8..051e2b2aa934 100644
--- a/src/chrome/content/rules/Emediate.dk.xml
+++ b/src/chrome/content/rules/Emediate.dk.xml
@@ -1,24 +1,32 @@
 <!--
-	Problematic subdomains:
+	For other Cxense coverage, see CXense.xml.
 
-		- cdn1	(times out)
 
+	Problematic hosts in *emediate.dk:
 
-	Fully covered subdomains:
+		- cdn1 ᵈ
 
-		- ad1
-		- cdn1	(→ ad1)
+	ᵈ Dropped, equivalent to another domain
 
 -->
-<ruleset name="emediate.dk">
+<ruleset name="Emediate.dk">
 
-	<target host="*.emediate.dk" />
+	<!--	Direct rewrites:
+				-->
+	<target host="ad1.emediate.dk" />
 
+	<!--	Complications:
+				-->
+	<target host="cdn1.emediate.dk" />
 
-	<securecookie host="^ad1\.emediate\.dk$" name=".+" />
 
+	<securecookie host="^\w" name=".+" />
 
-	<rule from="^http://(?:ad|cdn)1\.emediate\.dk/"
+
+	<rule from="^http://cdn1\.emediate\.dk/"
 		to="https://ad1.emediate.dk/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Emediate.eu.xml b/src/chrome/content/rules/Emediate.eu.xml
deleted file mode 100644
index a39c3e7c3f73..000000000000
--- a/src/chrome/content/rules/Emediate.eu.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="Emediate.eu">
-
-	<target host="eas4.emediate.eu" />
-
-
-	<securecookie host="^eas4\.emediate\.eu$" name=".+" />
-
-
-	<rule from="^http://eas4\.emediate\.eu/"
-		to="https://eas4.emediate.eu/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Emediate.se.xml b/src/chrome/content/rules/Emediate.se.xml
new file mode 100644
index 000000000000..f935c902b90c
--- /dev/null
+++ b/src/chrome/content/rules/Emediate.se.xml
@@ -0,0 +1,32 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- eas3.emediate.se
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="emediate.se">
+
+	<target host="e2.emediate.se" />
+	<target host="eas3.emediate.se" />
+
+		<test url="http://eas3.emediate.se/pixel.gif" />
+		<test url="http://eas3.emediate.se/media/17/101/191866/AstralTV_LuukunMainosnauha_syyskuu2014_665x30.jpg" />
+
+		<!--	Sets cookies without Secure:
+							-->
+		<!--test url="http://eas3.emediate.se/eas?cu=1;cre=img" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^eas3\.emediate\.se$" name="^eas_(?:geo|uid)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Emep.org.xml b/src/chrome/content/rules/Emep.org.xml
new file mode 100644
index 000000000000..a43c1951fe0e
--- /dev/null
+++ b/src/chrome/content/rules/Emep.org.xml
@@ -0,0 +1,6 @@
+<ruleset name="Emep.org">
+	<target host="emep.org" />
+	<target host="www.emep.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Emerald.xml b/src/chrome/content/rules/Emerald.xml
index 29220ba0749d..9b460e703e57 100644
--- a/src/chrome/content/rules/Emerald.xml
+++ b/src/chrome/content/rules/Emerald.xml
@@ -1,13 +1,22 @@
-<ruleset name="Emerald">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://emeraldinsight.com/ => https://emeraldinsight.com/: Too many redirects while fetching 'https://emeraldinsight.com/'
+Fetch error: http://www.emeraldinsight.com/ => https://www.emeraldinsight.com/: Too many redirects while fetching 'https://www.emeraldinsight.com/'
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://emeraldinsight.com/ => https://emeraldinsight.com/: Cycle detected - URL already encountered: https://emeraldinsight.com/action/cookieAbsent
+Fetch error: http://www.emeraldinsight.com/ => https://www.emeraldinsight.com/: Cycle detected - URL already encountered: https://www.emeraldinsight.com/action/cookieAbsent
+-->
+<ruleset name="Emerald" default_off="failed ruleset test">
 
 	<target host="emeraldinsight.com" />
 	<target host="www.emeraldinsight.com" />
 
 
-	<securecookie host="^(www\.)?emeraldinsight\.com$" name=".*" />
+	<securecookie host="^(?:www\.)?emeraldinsight\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?emeraldinsight\.com/"
-		to="https://$1emeraldinsight.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/EmergeConference.ca.xml b/src/chrome/content/rules/EmergeConference.ca.xml
new file mode 100644
index 000000000000..5d9d6819dd2b
--- /dev/null
+++ b/src/chrome/content/rules/EmergeConference.ca.xml
@@ -0,0 +1,6 @@
+<ruleset name="EmergeConference.ca">
+	<target host="emergeconference.ca" />
+	<target host="www.emergeconference.ca" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/EmergingThreats.net.xml b/src/chrome/content/rules/EmergingThreats.net.xml
new file mode 100644
index 000000000000..eb2791589721
--- /dev/null
+++ b/src/chrome/content/rules/EmergingThreats.net.xml
@@ -0,0 +1,22 @@
+<!--
+	Invalid certificate:
+		apidocs.emergingthreats.net
+		doc.emergingthreats.net
+		docs.emergingthreats.net
+		query.emergingthreats.net
+		tools.emergingthreats.net
+
+-->
+<ruleset name="EmergingThreats.net">
+
+	<target host="emergingthreats.net" />
+	<target host="www.emergingthreats.net" />
+	<target host="lists.emergingthreats.net" />
+	<target host="portal.emergingthreats.net" />
+	<target host="rules.emergingthreats.net" />
+	<target host="support.emergingthreats.net" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Emily.St.xml b/src/chrome/content/rules/Emily.St.xml
new file mode 100644
index 000000000000..d99122910d7a
--- /dev/null
+++ b/src/chrome/content/rules/Emily.St.xml
@@ -0,0 +1,20 @@
+<!--
+	Problematic subdomains:
+
+		- dav ¹
+		- www ²
+
+	¹ Expired, mismatched
+	² Mismatched
+
+-->
+<ruleset name="Emily.St (partial)">
+
+	<target host="emily.st" />
+	<target host="www.emily.st" />
+
+
+	<rule from="^http://(?:www\.)?emily\.st/"
+		to="https://emily.st/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Emojione.com.xml b/src/chrome/content/rules/Emojione.com.xml
new file mode 100644
index 000000000000..4cc8536bf205
--- /dev/null
+++ b/src/chrome/content/rules/Emojione.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="Emojione.com">
+	<target host="emojione.com" />
+	<target host="www.emojione.com" />
+	<target host="demos.emojione.com" />
+	<target host="admin.emojione.com" />
+	<target host="api.emojione.com" />
+	<target host="oembed.emojione.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Emojipedia.org.xml b/src/chrome/content/rules/Emojipedia.org.xml
new file mode 100644
index 000000000000..970a5216e9c8
--- /dev/null
+++ b/src/chrome/content/rules/Emojipedia.org.xml
@@ -0,0 +1,12 @@
+<ruleset name="Emojipedia">
+
+	<target host="emojipedia.org" />
+	<target host="www.emojipedia.org" />
+	<target host="blog.emojipedia.org" />
+
+  	<securecookie host="^emojipedia\.org$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/EmoryHealthcare.xml b/src/chrome/content/rules/EmoryHealthcare.xml
new file mode 100644
index 000000000000..bafd53df64e3
--- /dev/null
+++ b/src/chrome/content/rules/EmoryHealthcare.xml
@@ -0,0 +1,25 @@
+<!--
+	403:
+	- patientaccess
+	- download (also on http, no test url found)
+
+	Mismatch:
+		- ^
+		- search
+
+	Various mixed content issues on www
+-->
+<ruleset name="EmoryHealthcare" platform="mixedcontent">
+	<target host="emoryhealthcare.org" />
+	<target host="www.emoryhealthcare.org" />
+	<target host="ehn.emoryhealthcare.org" />
+	<target host="events.emoryhealthcare.org" />
+	<target host="mdsupport.emoryhealthcare.org" />
+
+	<securecookie host="^www\.emoryhealthcare\.org$" name=".+" />
+
+	<rule from="^http://emoryhealthcare\.org/"
+		to="https://www.emoryhealthcare.org/"/>
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Emory_University.xml b/src/chrome/content/rules/Emory_University.xml
index 6f0c4d69b098..ad18d8e2a144 100644
--- a/src/chrome/content/rules/Emory_University.xml
+++ b/src/chrome/content/rules/Emory_University.xml
@@ -22,7 +22,7 @@
 	<target host="www.emory.edu" />
 
 
-	<rule from="^https?://(?:www\.)?emory\.edu/"
+	<rule from="^http://(?:www\.)?emory\.edu/"
 		to="https://www.emory.edu/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/EmpFlix.xml b/src/chrome/content/rules/EmpFlix.xml
index 4aa246c4ec9f..c6eb43e19e6c 100644
--- a/src/chrome/content/rules/EmpFlix.xml
+++ b/src/chrome/content/rules/EmpFlix.xml
@@ -1,40 +1,30 @@
 <!--
-	For other T'nAflix coverage, see Tnaflix.xml.
+	Closes: https://github.com/EFForg/https-everywhere/issues/3336
 
 
-	CN: payment.empflix.com
+	For other T'nAflix coverage, see Tnaflix.xml.
 
 
-	Nonfunctional subdomains:
+	Nonfunctional hosts in *empflix.com:
 
 		- static *
 		- s[1-4].static *
 
 	* Times out
 
-
-	Problematic subdomains:
-
-		- (www.)	(mismatched, CN: payment.empflix.com)
-		- www-edge	(404, CN: systemcdn.net)
-
-
-	Fully covered subdomains:
-
-		- (www.)	(→ payment)
-		- payment
-		- www-edge	(→ payment)
-
 -->
-<ruleset name="EmpFlix (partial)" platform="mixedcontent">
+<ruleset name="EmpFlix.com (partial)">
 
+	<target host="empflix.com" />
 	<target host="payment.empflix.com" />
+	<target host="www.empflix.com" />
+	<target host="www-edge.empflix.com" />
 
 
-	<securecookie host="^payment\.empflix\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^https?://(?:payment\.|www(?:-edge)?\.)?empflix.com/"
-		to="https://payment.empflix.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Empeopled.com.xml b/src/chrome/content/rules/Empeopled.com.xml
new file mode 100644
index 000000000000..fae47166b829
--- /dev/null
+++ b/src/chrome/content/rules/Empeopled.com.xml
@@ -0,0 +1,27 @@
+<!--
+	Insecure cookies are set for these domains and hosts:
+
+		- empeopled.com
+		- .empeopled.com
+
+-->
+<ruleset name="Empeopled.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="empeopled.com" />
+	<target host="www.empeopled.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^empeopled\.com$" name="^(?:inv|inv_uid|page_session_id)$" /-->
+	<!--securecookie host="^\.empeopled\.com$" name="^(?:__cfduid|__utm\w+|cf_clearance)$" /-->
+
+	<securecookie host="^\.?empeopled\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/EmpireStateCollege.xml b/src/chrome/content/rules/EmpireStateCollege.xml
index eefbbd73a7be..a9d0b687f09a 100644
--- a/src/chrome/content/rules/EmpireStateCollege.xml
+++ b/src/chrome/content/rules/EmpireStateCollege.xml
@@ -2,5 +2,5 @@
   <target host="www.esc.edu" />
   <target host="esc.edu" />
 
-  <rule from="^http://(www\.)?esc\.edu/" to="https://www.esc.edu/"/>
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Employease.xml b/src/chrome/content/rules/Employease.xml
deleted file mode 100644
index 6409e9a914ba..000000000000
--- a/src/chrome/content/rules/Employease.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	For other Automatic Data Processing coverage, see Automatic_Data_Processing.xml.
-
-
-	Nonfunctional subdomains:
-
-		- (www.)
-
--->
-<ruleset name="Employease (partial)">
-
-	<target host="*.eease.com" />
-
-
-	<securecookie host="^(?:adp|home)\.eease\.com$" name=".+" />
-
-
-	<rule from="^http://(adp|home)\.eease\.com/"
-		to="https://$1.eease.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Employeeexpress.gov.xml b/src/chrome/content/rules/Employeeexpress.gov.xml
deleted file mode 100644
index 24f2ed40e8be..000000000000
--- a/src/chrome/content/rules/Employeeexpress.gov.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="Employeeexpress.gov">
-	<target host="employeeexpress.gov" />
-	<target host="www.employeeexpress.gov" />
-
-	<securecookie host="^(www\.)?employeeexpress\.gov$" name=".+" />
-
-	<rule from="^((http://(www\.)?)|https://)employeeexpress\.gov/" to="https://www.employeeexpress.gov/" />
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/EmploymentLaw101.ca.xml b/src/chrome/content/rules/EmploymentLaw101.ca.xml
new file mode 100644
index 000000000000..1bf643392672
--- /dev/null
+++ b/src/chrome/content/rules/EmploymentLaw101.ca.xml
@@ -0,0 +1,6 @@
+<ruleset name="EmploymentLaw101.ca">
+	<target host="employmentlaw101.ca" />
+	<target host="www.employmentlaw101.ca" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Emply.net.xml b/src/chrome/content/rules/Emply.net.xml
new file mode 100644
index 000000000000..80d48fe9503d
--- /dev/null
+++ b/src/chrome/content/rules/Emply.net.xml
@@ -0,0 +1,10 @@
+<ruleset name="Emply.net">
+	<target host="herlev.emply.net" />
+
+	<test url="http://herlev.emply.net/overview/herlev.aspx?mediaId=f1fb8e12-1928-4328-88fd-9918a34a2bf2" />
+
+	<securecookie host="herlev\.emply\.net" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Emporio_Alberghiero.com.xml b/src/chrome/content/rules/Emporio_Alberghiero.com.xml
new file mode 100644
index 000000000000..4775b6bc2389
--- /dev/null
+++ b/src/chrome/content/rules/Emporio_Alberghiero.com.xml
@@ -0,0 +1,14 @@
+<ruleset name="Emporio Alberghiero.com">
+
+	<target host="emporioalberghiero.com" />
+	<target host="www.emporioalberghiero.com" />
+
+
+	<!--	Server doesn't set Secure for:
+						-->
+	<securecookie host="^\.(?:www\.)?emporioalberghiero\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Empstatic.com.xml b/src/chrome/content/rules/Empstatic.com.xml
new file mode 100644
index 000000000000..f4bbae8322ce
--- /dev/null
+++ b/src/chrome/content/rules/Empstatic.com.xml
@@ -0,0 +1,13 @@
+<!--
+	For other T'nAflix coverage, see Tnaflix.xml.
+
+-->
+<ruleset name="Empstatic.com">
+
+	<target host="img.empstatic.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Emptypage.jp.xml b/src/chrome/content/rules/Emptypage.jp.xml
new file mode 100644
index 000000000000..f7fdb889d546
--- /dev/null
+++ b/src/chrome/content/rules/Emptypage.jp.xml
@@ -0,0 +1,16 @@
+<!--
+	Connection closed:
+	- fuyugomori.emptypage.jp
+	- pearlyhailstone.emptypage.jp
+
+	Invalid certificate:
+		- tumblr.emptypage.jp
+-->
+
+<ruleset name="Emptypage.jp">
+	<target host="emptypage.jp" />
+	<target host="www.emptypage.jp" />
+	<target host="blog.emptypage.jp" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Emptywheel.net.xml b/src/chrome/content/rules/Emptywheel.net.xml
new file mode 100644
index 000000000000..fb6b4dc47334
--- /dev/null
+++ b/src/chrome/content/rules/Emptywheel.net.xml
@@ -0,0 +1,40 @@
+<!--
+	NB: Tor users cannot view* this website due to CloudFlare settings.
+
+	See:
+
+		- https://blog.torproject.org/blog/call-arms-helping-internet-services-accept-anonymous-users
+		- https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block-Tor-
+		- https://support.cloudflare.com/hc/en-us/articles/200170206-How-do-I-turn-I-m-Under-Attack-mode-on-
+
+	* without enabling javascript, for security and privacy implications see e.g.:
+
+		- https://www.mozilla.org/security/known-vulnerabilities/firefox.html
+		- https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-fingerprinting
+		- https://panopticlick.eff.org
+
+
+	Insecure cookies are set for these domains:
+
+		- .emptywheel.net
+
+-->
+<ruleset name="emptywheel.net">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="emptywheel.net" />
+	<target host="www.emptywheel.net" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.emptywheel\.net$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ems-ph.org.xml b/src/chrome/content/rules/Ems-ph.org.xml
new file mode 100644
index 000000000000..f81f91d4e4b6
--- /dev/null
+++ b/src/chrome/content/rules/Ems-ph.org.xml
@@ -0,0 +1,14 @@
+<!--
+	Note:
+		Individual book/journal pages require resources from
+		http://cdn.mathjax.org/ which fails as mixed content
+		in some browsers.
+-->
+<ruleset name="ems-ph.org (partial)">
+
+	<target host="ems-ph.org" />
+	<target host="www.ems-ph.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Emsisoft.com.xml b/src/chrome/content/rules/Emsisoft.com.xml
index 9d109abdc35f..f7bff14c9c82 100644
--- a/src/chrome/content/rules/Emsisoft.com.xml
+++ b/src/chrome/content/rules/Emsisoft.com.xml
@@ -1,7 +1,44 @@
-<ruleset name="Emsisoft">
+<!--
+	Mixed content:
+
+		- Images on support from $self *
+
+	* Secured by us
+
+
+	Problematic subdomains:
+
+		- changeblog *
+
+	$ redirects to blog
+
+-->
+<ruleset name="Emsisoft (partial)">
 	<target host="emsisoft.com" />
+	<target host="blog.emsisoft.com" />
+	<target host="cc.emsisoft.com" />
+	<target host="changeblog.emsisoft.com" />
+	<target host="support.emsisoft.com" />
 	<target host="www.emsisoft.com" />
-	<rule from="^http://www\.emsisoft\.com/" to="https://www.emsisoft.com/"/>
-	<rule from="^http://emsisoft\.com/" to="https://www.emsisoft.com/"/>
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="^http://blog\.emsisoft\.com/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://(?:blog|changeblog)\.emsisoft\.com/+(?!wp-content/|wp-includes/)" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^cc\.emsisoft\.com$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^support\.emsisoft\.com$" name="^session_id$" /-->
+	<!--securecookie host="^www\.emsisoft\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^(?:support|www)\.emsisoft\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
 </ruleset>
 
diff --git a/src/chrome/content/rules/EmuNewz-Network.xml b/src/chrome/content/rules/EmuNewz-Network.xml
deleted file mode 100644
index ae75037a1026..000000000000
--- a/src/chrome/content/rules/EmuNewz-Network.xml
+++ /dev/null
@@ -1,34 +0,0 @@
-<ruleset name="EnmuNewz Network" default_off="mismatch">
-
-	<!--	Cert: www.codebackbone.com	-->
-	<target host="arcadeflex.com" />
-	<target host="www.arcadeflex.com" />
-	<target host="emunewz.net" />
-	<target host="www.emunewz.net" />
-	<!--	* for cross-domain cookies.	-->
-	<target host="*.www.emunews.net" />
-	<target host="jpcsp.org" />
-	<target host="www.jpcsp.org" />
-	<target host="pcsp-emu.com" />
-	<target host="www.pcsp-emu.com" />
-	<target host="pspudb.com" />
-	<!--	Ditto	-->
-	<target host="*.pspudb.com" />
-	<target host="yaupspe.com" />
-	<target host="www.yaupspe.com" />
-
-
-	<securecookie host="^.*\.emunews\.net$" name=".*" />
-	<securecookie host="^.*\.p(csp-emu|spudb)\.com$" name=".*" />
-
-
-	<rule from="^https?://(?:www\.)?(arcadeflex|pcsp-emu|pspudb|yaupspe)\.com/"
-		to="https://$1.com/" />
-
-	<rule from="^https?://(?:www\.)?emunewz\.net/"
-		to="https://emunewz.net/" />
-
-	<rule from="^https?://(?:www\.)?jpcsp\.org/"
-		to="https://jpcsp.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/EmuNewz.net.xml b/src/chrome/content/rules/EmuNewz.net.xml
new file mode 100644
index 000000000000..583925b6a3be
--- /dev/null
+++ b/src/chrome/content/rules/EmuNewz.net.xml
@@ -0,0 +1,10 @@
+<ruleset name="EmuNewz.net">
+
+	<target host="emunewz.net" />
+	<target host="www.emunewz.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Emulate.su.xml b/src/chrome/content/rules/Emulate.su.xml
index b520b33d084a..f864dc77f91b 100644
--- a/src/chrome/content/rules/Emulate.su.xml
+++ b/src/chrome/content/rules/Emulate.su.xml
@@ -1,8 +1,13 @@
+<!--
+	(www.)?emulate.su: Refused
+
+-->
 <ruleset name="Emulate.su (partial)" default_off="self-signed">
 
 	<target host="a320.emulate.su" />
 
-	<rule from="^http://a320\.emulate\.su/"
-		to="https://a320.emulate.su/" />
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/EmulationStation.org.xml b/src/chrome/content/rules/EmulationStation.org.xml
new file mode 100644
index 000000000000..5ea869c7a96d
--- /dev/null
+++ b/src/chrome/content/rules/EmulationStation.org.xml
@@ -0,0 +1,14 @@
+<!--
+	Problematic subdomains:
+		- www (mismatched, CN = emulationstation.org)
+-->
+
+<ruleset name="EmulationStation.org">
+	<target host="emulationstation.org" />
+	<target host="www.emulationstation.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://www\.emulationstation\.org/" to="https://emulationstation.org/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Emulex.xml b/src/chrome/content/rules/Emulex.xml
index dfada5728390..e5107fd1dc6f 100644
--- a/src/chrome/content/rules/Emulex.xml
+++ b/src/chrome/content/rules/Emulex.xml
@@ -1,13 +1,21 @@
-<ruleset name="Emulex">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://emulex.com/ => https://emulex.com/: (51, "SSL: no alternative certificate subject name matches target host name 'emulex.com'")
+
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://emulex.com/ (200) => https://emulex.com/ (303)
+-->
+<ruleset name="Emulex" default_off="failed ruleset test">
 
 	<target host="emulex.com" />
-	<target host="*.emulex.com" />
+	<target host="www.emulex.com" />
+	<target host="wwwqa.emulex.com" />
 
 
-	<securecookie host="^(.*\.)?emulex\.com$" name=".*" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(www(?:qa)?\.)?emulex\.com/"
-		to="https://$1emulex.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/En-Pro.com.xml b/src/chrome/content/rules/En-Pro.com.xml
new file mode 100644
index 000000000000..3f55049606cf
--- /dev/null
+++ b/src/chrome/content/rules/En-Pro.com.xml
@@ -0,0 +1,11 @@
+<!--
+	Connection refused:
+		- autodiscover.en-pro.com
+-->
+
+<ruleset name="En-Pro.com">
+	<target host="en-pro.com" />
+	<target host="www.en-pro.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/En25.com.xml b/src/chrome/content/rules/En25.com.xml
new file mode 100644
index 000000000000..da4eba34bd0d
--- /dev/null
+++ b/src/chrome/content/rules/En25.com.xml
@@ -0,0 +1,28 @@
+<!--
+	For other Oracle coverage, see Oracle.xml.
+
+
+	CDN buckets:
+
+		- wildcard.en25.com.edgekey.net
+
+
+	Nonfunctional domains:
+
+		- *.en25.com
+
+	* Times out
+
+-->
+<ruleset name="en25.com (partial)">
+
+	<target host="img.en25.com" />
+	<target host="img03.en25.com" />
+
+		<test url="http://img03.en25.com/EloquaImages/clients/2checkout/%7Bc53ac216-ad65-44e0-8ef5-b257076895fd%7D_icon_download_small_white.png" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Enahost.com.xml b/src/chrome/content/rules/Enahost.com.xml
new file mode 100644
index 000000000000..261c8210e903
--- /dev/null
+++ b/src/chrome/content/rules/Enahost.com.xml
@@ -0,0 +1,65 @@
+<!--
+	Partially covered hosts in *enahost.com:
+
+		- my *
+
+	* Some pages redirect to http
+
+
+	Fully covered hosts in *enahost.com:
+
+		- (www.)?
+		- piwik
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.enahost.com
+
+-->
+<ruleset name="Enahost.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="enahost.com" />
+	<target host="my.enahost.com" />
+	<target host="piwik.enahost.com" />
+	<target host="www.enahost.com" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://my\.enahost\.com/index\.php$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://my\.enahost\.com/+(?!favicon\.ico|(?:clientarea|pwreset|register)\.php|templates/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://my.enahost.com/index.php" />
+			<test url="http://my.enahost.com/index.php?" />
+			<test url="http://my.enahost.com/index.php?f" />
+			<test url="http://my.enahost.com/index.php?o" />
+			<test url="http://my.enahost.com//index.php?o" />
+			<test url="http://my.enahost.com/index.php?b" />
+
+			<!--	-ve:
+					-->
+			<test url="http://my.enahost.com/clientarea.php" />
+			<test url="http://my.enahost.com/favicon.ico" />
+			<test url="http://my.enahost.com/pwreset.php" />
+			<test url="http://my.enahost.com/register.php" />
+			<test url="http://my.enahost.com/templates/defaultLN/css/reset.css" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.enahost\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^www\.enahost\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Enaza.ru.xml b/src/chrome/content/rules/Enaza.ru.xml
new file mode 100644
index 000000000000..68a03d9805eb
--- /dev/null
+++ b/src/chrome/content/rules/Enaza.ru.xml
@@ -0,0 +1,37 @@
+<!--
+	Mismatch:
+	demo.activeboy.enaza.ru
+	rt.enaza.ru
+	ufanet.enaza.ru
+
+	Redirect:
+	activeboy.enaza.ru
+	up.enaza.ru
+
+	Mixed content:
+	alfa.enaza.ru
+	eset.enaza.ru
+	wimc.alarchenkov.dev.enaza.ru
+-->
+
+<ruleset name="Enaza.ru">
+	<target host="enaza.ru" />
+	<target host="www.enaza.ru" />
+	<target host="billingproxy.enaza.ru" />
+	<target host="enter.enaza.ru" />
+	<target host="oks.enaza.ru" />
+	<target host="uks.enaza.ru" />
+	<target host="files2.enaza.ru" />
+	<target host="disel.enaza.ru" />
+	<target host="tvingo.enaza.ru" />
+	<target host="team.enaza.ru" />
+	<target host="jira.enaza.ru" />
+	<target host="redmine.enaza.ru" />
+	<target host="static.enaza.ru" />
+	<target host="books.enaza.ru" />
+	<target host="netbynet.enaza.ru" />
+	<target host="pntl.enaza.ru" />
+	<target host="dev.enaza.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Encipher.It.xml b/src/chrome/content/rules/Encipher.It.xml
new file mode 100644
index 000000000000..d36105750cd0
--- /dev/null
+++ b/src/chrome/content/rules/Encipher.It.xml
@@ -0,0 +1,30 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.encipher.it/ => https://www.encipher.it/: (51, "SSL: no alternative certificate subject name matches target host name 'www.encipher.it'")
+
+	Insecure cookies are set for these hosts:
+
+		- encipher.it
+		- www.encipher.it
+
+-->
+<ruleset name="Encipher.It" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="encipher.it" />
+	<target host="www.encipher.it" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?encipher\.it$" name="^connect\.sess$" /-->
+
+	<securecookie host="^(?:www\.)?encipher\.it$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Encoding.com.xml b/src/chrome/content/rules/Encoding.com.xml
new file mode 100644
index 000000000000..bd4d2c9b2f99
--- /dev/null
+++ b/src/chrome/content/rules/Encoding.com.xml
@@ -0,0 +1,18 @@
+<!--
+	Mixed content:
+
+		- css on help from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Encoding.com">
+
+	<target host="encoding.com" />
+	<target host="help.encoding.com" />
+	<target host="www.encoding.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Encosia.xml b/src/chrome/content/rules/Encosia.xml
index 312b5fb2292e..defd93a8658a 100644
--- a/src/chrome/content/rules/Encosia.xml
+++ b/src/chrome/content/rules/Encosia.xml
@@ -1,9 +1,18 @@
-<ruleset name="Encosia" platform="mixedcontent">
-  <target host="encosia.com" />
-  <target host="www.encosia.com" />
-  <target host="i.encosia.com" />
 
-  <securecookie host="^(.+\.)?encosia\.com$" name=".*"/>
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://encosia.com/ => https://encosia.com/: (35, 'error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure')
+Fetch error: http://www.encosia.com/ => https://www.encosia.com/: (35, 'error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure')
 
-  <rule from="^http://(?:www\.|i\.)?encosia\.com/" to="https://encosia.com/"/>
+	Mismatch:
+		- i
+-->
+<ruleset name="Encosia" default_off="failed ruleset test">
+	<target host="encosia.com" />
+	<target host="www.encosia.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/EncounteringIslam.org.xml b/src/chrome/content/rules/EncounteringIslam.org.xml
new file mode 100644
index 000000000000..15c7c0a6de22
--- /dev/null
+++ b/src/chrome/content/rules/EncounteringIslam.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="EncounteringIslam.org">
+	<target host="encounteringislam.org" />
+	<target host="www.encounteringislam.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Encrypt.to.xml b/src/chrome/content/rules/Encrypt.to.xml
new file mode 100644
index 000000000000..64cae9d83958
--- /dev/null
+++ b/src/chrome/content/rules/Encrypt.to.xml
@@ -0,0 +1,35 @@
+<!--
+	www.encrypt.to: Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- encrypt.to
+		- www.encrypt.to
+
+-->
+<ruleset name="Encrypt.to">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="encrypt.to" />
+
+	<!--	Complications:
+				-->
+	<target host="www.encrypt.to" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?encrypt\.to$" name="^_encryptto_session$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://www\.encrypt\.to/"
+		to="https://encrypt.to/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/EncryptEverything.ca.xml b/src/chrome/content/rules/EncryptEverything.ca.xml
new file mode 100644
index 000000000000..44fe034af111
--- /dev/null
+++ b/src/chrome/content/rules/EncryptEverything.ca.xml
@@ -0,0 +1,6 @@
+<ruleset name="EncryptEverything.ca">
+	<target host="encrypteverything.ca" />
+	<target host="www.encrypteverything.ca" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Encryptmas.org.xml b/src/chrome/content/rules/Encryptmas.org.xml
new file mode 100644
index 000000000000..1336fa1663c9
--- /dev/null
+++ b/src/chrome/content/rules/Encryptmas.org.xml
@@ -0,0 +1,16 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://encryptmas.org/ => https://encryptmas.org/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.encryptmas.org/ => https://www.encryptmas.org/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="Encryptmas.org" default_off="failed ruleset test">
+
+	<target host="encryptmas.org" />
+	<target host="www.encryptmas.org" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Encryptr.org.xml b/src/chrome/content/rules/Encryptr.org.xml
new file mode 100644
index 000000000000..2b7d0ae1890c
--- /dev/null
+++ b/src/chrome/content/rules/Encryptr.org.xml
@@ -0,0 +1,23 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://encryptr.org/ => https://encryptr.org/: (7, 'Failed to connect to encryptr.org port 443: No route to host')
+Fetch error: http://www.encryptr.org/ => https://www.encryptr.org/: (7, 'Failed to connect to www.encryptr.org port 443: No route to host')
+
+	These altnames don't exist:
+
+		- secure.encryptr.org
+
+-->
+<ruleset name="Encryptr.org" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="encryptr.org" />
+	<target host="www.encryptr.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Encyclopatia.ru.xml b/src/chrome/content/rules/Encyclopatia.ru.xml
new file mode 100644
index 000000000000..9c27f073efe0
--- /dev/null
+++ b/src/chrome/content/rules/Encyclopatia.ru.xml
@@ -0,0 +1,10 @@
+<!--
+	Mismatched:
+		- mail
+-->
+<ruleset name="Encyclopatia.ru">
+	<target host="encyclopatia.ru" />
+	<target host="www.encyclopatia.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Encyclopedia-Astronautica.xml b/src/chrome/content/rules/Encyclopedia-Astronautica.xml
index 7e3a4635fa22..97dc43501db2 100644
--- a/src/chrome/content/rules/Encyclopedia-Astronautica.xml
+++ b/src/chrome/content/rules/Encyclopedia-Astronautica.xml
@@ -5,7 +5,7 @@
 	<target host="www.astronautix.com" />
 
 
-	<rule from="^https?://(?:www\.)?astronautix\.com/"
+	<rule from="^http://(?:www\.)?astronautix\.com/"
 		to="https://astronautix.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Encyclopedia_Dramatica.xml b/src/chrome/content/rules/Encyclopedia_Dramatica.xml
deleted file mode 100644
index 3f36f6276d54..000000000000
--- a/src/chrome/content/rules/Encyclopedia_Dramatica.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Encyclopedia Dramatica">
-
-	<target host="encyclopediadramatica.se" />
-	<target host="*.encyclopediadramatica.se" />
-
-
-	<securecookie host="^\.?encyclopediadramatica\.se$" name=".+" />
-
-
-	<rule from="^http://(images\.|static\.|www\.)?encyclopediadramatica\.se/"
-		to="https://$1encyclopediadramatica.se/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/EndNote_Web.xml b/src/chrome/content/rules/EndNote_Web.xml
index b507ffb59cf5..fca8196f2439 100644
--- a/src/chrome/content/rules/EndNote_Web.xml
+++ b/src/chrome/content/rules/EndNote_Web.xml
@@ -11,7 +11,6 @@
 	<securecookie host="^www\.myendnoteweb\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?myendnoteweb\.com/"
-		to="https://$1myendnoteweb.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/End_Point.com.xml b/src/chrome/content/rules/End_Point.com.xml
new file mode 100644
index 000000000000..6a4d934423c8
--- /dev/null
+++ b/src/chrome/content/rules/End_Point.com.xml
@@ -0,0 +1,34 @@
+<!--
+	Nonfunctional hosts in *endpoint.com:
+
+		- blog *
+
+	* Blogspot
+
+
+	Fully covered hosts in *endpoint.com:
+
+		- (www.)?
+		- jon
+
+
+	Mixed content:
+
+		- css on jon from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="End Point.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="endpoint.com" />
+	<target host="jon.endpoint.com" />
+	<target host="www.endpoint.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Endace.xml b/src/chrome/content/rules/Endace.xml
index 7ecbf6658f96..05626a8c1ed3 100644
--- a/src/chrome/content/rules/Endace.xml
+++ b/src/chrome/content/rules/Endace.xml
@@ -1,4 +1,6 @@
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://endace.com/ => https://www.endace.com/: (6, 'Could not resolve host: endace.com')
 	Nonfunctional subdomains:
 
 		- blog	(ssl_error_rx_record_too_long)
@@ -7,19 +9,19 @@
 <ruleset name="Endace">
 
 	<target host="endace.com" />
-	<target host="*.endace.com" />
+	<target host="www.endace.com" />
+	<target host="support.endace.com" />
 
 
-	<securecookie host="^.*\.endace\.com$" name=".*" />
+	<securecookie host="^.*\.endace\.com$" name=".+" />
 
 
 	<!--	Cert only matches *.endace.com.
 					-->
-	<rule from="^https?://(?:www\.)?endace\.com/"
+	<rule from="^http://(?:www\.)?endace\.com/"
 		to="https://www.endace.com/" />
 
 
-	<rule from="^http://support\.endace\.com/"
-		to="https://support.endace.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/EnderUNIX.xml b/src/chrome/content/rules/EnderUNIX.xml
deleted file mode 100644
index d3512945f87c..000000000000
--- a/src/chrome/content/rules/EnderUNIX.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- sysctl	(cert: www.snakeoil.dom; shows www's data)
-
--->
-<ruleset name="EnderUNIX (partial)" default_off="expired, mismatch, self-signed">
-
-	<!--	Cert: www.snakeoil.dom	-->
-	<target host="enderunix.org" />
-	<target host="www.enderunix.org" />
-
-
-	<rule from="^https?://(?:www\.)?enderunix\.org/"
-		to="https://enderunix.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Endesa.pt.xml b/src/chrome/content/rules/Endesa.pt.xml
new file mode 100644
index 000000000000..b9568eff6a20
--- /dev/null
+++ b/src/chrome/content/rules/Endesa.pt.xml
@@ -0,0 +1,6 @@
+<ruleset name="Endesa.pt">
+	<target host="endesa.pt" />
+	<target host="www.endesa.pt" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Endora.cz.xml b/src/chrome/content/rules/Endora.cz.xml
new file mode 100644
index 000000000000..a84b3deaf8b1
--- /dev/null
+++ b/src/chrome/content/rules/Endora.cz.xml
@@ -0,0 +1,23 @@
+<!--
+	Mismatched:
+		- (www.)wordpress.endora.cz
+		- *.srv\d+.endora.cz (customer domains)
+	Redirect to http://
+		- (www.)endora.cz
+-->
+<ruleset name="Endora.cz">
+    <target host="webadmin.endora.cz" />
+    <target host="podpora.endora.cz" />
+    <target host="sql1.endora.cz" />
+    <target host="sql2.endora.cz" />
+    <target host="sql3.endora.cz" />
+    <target host="sql4.endora.cz" />
+    <target host="sql5.endora.cz" />
+    <target host="sql6.endora.cz" />
+    <target host="sql7.endora.cz" />
+    <target host="sql8.endora.cz" />
+    <target host="sql9.endora.cz" />
+    <target host="sqla.endora.cz" />
+
+    <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Endrift.com.xml b/src/chrome/content/rules/Endrift.com.xml
new file mode 100644
index 000000000000..55ab84cdb80d
--- /dev/null
+++ b/src/chrome/content/rules/Endrift.com.xml
@@ -0,0 +1,15 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.endrift.com/ => https://www.endrift.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.endrift.com'")
+
+-->
+<ruleset name="Endrift.com" default_off="failed ruleset test">
+
+	<target host="endrift.com" />
+	<target host="www.endrift.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Enecto.com.xml b/src/chrome/content/rules/Enecto.com.xml
new file mode 100644
index 000000000000..2639c79abcbb
--- /dev/null
+++ b/src/chrome/content/rules/Enecto.com.xml
@@ -0,0 +1,21 @@
+<!--
+	^: redirects to https://www
+	www: 404; mismatched, CN: hotelroom7.mainloop.net
+
+-->
+<ruleset name="Enecto.com (partial)">
+
+	<target host="ac.enecto.com" />
+	<target host="partner.enecto.com" />
+	<target host="pf3.enecto.com" />
+	<target host="trk.enecto.com" />
+
+
+	<!--	Secured by server:
+					-->
+	<!--securecookie host="^(ac|partner|pf3)\.enecto\.com$" name="^JSESSIONID$" /-->
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Energetix.xml b/src/chrome/content/rules/Energetix.xml
index 636a537d5e10..f00dc0f76fc9 100644
--- a/src/chrome/content/rules/Energetix.xml
+++ b/src/chrome/content/rules/Energetix.xml
@@ -1,19 +1,23 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://files.goenergetix.com/ => https://files.goenergetix.com/: (60, 'SSL certificate problem: certificate has expired')
+
 	Nonfunctional subdomains:
 
 		- blog		(shows RHEL test page)
 
 -->
-<ruleset name="Energetix (partial)">
+<ruleset name="Energetix (partial)" default_off="failed ruleset test">
 
 	<target host="goenergetix.com" />
-	<target host="*.goenergetix.com" />
+	<target host="files.goenergetix.com" />
+	<target host="www.goenergetix.com" />
 
 
 	<securecookie host="^\.goenergetix\.com$" name=".+" />
 
 
-	<rule from="^http://(files\.|www\.)?goenergetix\.com/"
-		to="https://$1goenergetix.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/EnergiWatch.xml b/src/chrome/content/rules/EnergiWatch.xml
new file mode 100644
index 000000000000..19c0a9cd0a40
--- /dev/null
+++ b/src/chrome/content/rules/EnergiWatch.xml
@@ -0,0 +1,32 @@
+<!--
+	Not covered:
+		s7.addthis.com
+		adserver.adtech.de
+
+
+	www: Mismatched
+
+
+	Remark:
+		This page gets content from other *watch.dk-domains,
+		not all of which work flawlessly with HTTPS Everywhere
+		at the moment (take finanswatch.dk for instance).
+
+-->
+<ruleset name="EnergiWatch.dk">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="energiwatch.dk" />
+
+	<!--	Complications:
+				-->
+	<target host="www.energiwatch.dk" />
+
+
+	<rule from="^http://www\.energiwatch\.dk/"
+		to="https://energiwatch.dk/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Energinet.dk.xml b/src/chrome/content/rules/Energinet.dk.xml
new file mode 100644
index 000000000000..09ab9d58d26d
--- /dev/null
+++ b/src/chrome/content/rules/Energinet.dk.xml
@@ -0,0 +1,34 @@
+<!--
+	Problematic domains:
+
+		- ^ ¹
+
+	¹: Mismatch
+-->
+<ruleset name="Energinet.dk (partial)">
+
+	<target host="energinet.dk" />
+	<target host="www.energinet.dk" />
+
+	<!-- Causes redirect loops -->
+	<exclusion pattern="^http://(www\.)?energinet\.dk/(DA|EN)/" />
+
+		<!-- Matching exception pattern -->
+		<test url="http://energinet.dk/DA/Sider/default.aspx" />
+		<test url="http://energinet.dk/EN/Sider/default.aspx" />
+		<test url="http://www.energinet.dk/DA/El/Sider/Elsystemet-lige-nu.aspx" />
+		<test url="http://www.energinet.dk/EN/El/Sider/Elsystemet-lige-nu.aspx" />
+
+		<!-- Not matching exception pattern -->
+		<test url="http://www.energinet.dk/SiteCollectionImages/Forside/el_kort.jpg" />
+		<test url="http://www.energinet.dk/_layouts/1033/Energinet/Styles/Images/energinetlogo.gif" />
+
+	<!-- Serves different content on HTTP and HTTPS -->
+	<exclusion pattern="http://(www.)?energinet.dk/_layouts/internet.oversaettelse/oversaettelse.aspx" />
+
+		<test url="http://energinet.dk/_layouts/internet.oversaettelse/oversaettelse.aspx" />
+		<test url="http://www.energinet.dk/_layouts/internet.oversaettelse/oversaettelse.aspx" />
+
+	<rule from="^http://(www\.)?energinet\.dk/" to="https://www.energinet.dk/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Energy.gov.xml b/src/chrome/content/rules/Energy.gov.xml
index c6932e6e168e..c4b90b675e3b 100644
--- a/src/chrome/content/rules/Energy.gov.xml
+++ b/src/chrome/content/rules/Energy.gov.xml
@@ -1,46 +1,262 @@
+
 <!--
-	For other U.S. government coverage, see US-government.xml.
+Disabled by https-everywhere-checker because:
+Fetch error: http://etrans.energy.gov/ => https://etrans.energy.gov/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://hydrogen.energy.gov/ => https://hydrogen.energy.gov/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.hydrogen.energy.gov/ => https://www.hydrogen.energy.gov/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.nnsa.energy.gov/ => https://www.nnsa.energy.gov/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www1.energy.gov/ => https://www1.energy.gov/: (6, 'Could not resolve host: www1.energy.gov')
+Fetch error: http://www3.energy.gov/ => https://www3.energy.gov/: (6, 'Could not resolve host: www3.energy.gov')
+
+	NB: sp2.oata.../$ redirects to 401
+	?=> fetch check failure
+
 
 
 	Nonfunctional subdomains:
 
-		- (www.) *
-		- blogs *
-		- www.eere		(redirects to http)
-		- (www.)eereblogs	(shows www3)
+		- (www.)? ᵈ
+		- www.annualmeritreview ᵈ
+		- artificialretina ᵃ
+		- betterbuildingsinitiative ᵃ
+		- betterbuildingssolutioncenter ᵃ
+		- blogs ᵈ
+
+		- apps1.eere *
+		- apps2.eere ʳ
+		- apps3.eere ʳ
+		- buildingsdatabook.eere ᵈ
+
+		- (www.)?eereblogs ᵃ
+		- www.etec ᵈ
+		- genomics ᵃ
+		- genomicscience ᵃ
+		- hhs ʰ
+		- www.id ³
+		- inlcab ᵈ
+		- www.pgdpcab ᵈ
+		- science ʳ
 
-	* Blogs
+		- ars.science ʳ
+		- climatemodeling.science ᵃ
+		- doeic.science ⁴
+		- emforum.science ⁴
+		- pamsexternalhelp.science ʷ
+		- tes.science ᵃ
 
+		- solaramericacommunities ʳ
+		- (www.)?wipp **
 
-	Problematic subdomains:
+	* Redirects to www.eere.energy.gov
+	** Login page
+	³ 403
+	⁴ 404
+	ᵃ Shows another domain
+	ᵈ Dropped
+	ʰ Redirects to http
+	ʳ Refused
+	ʷ Weak ephemereal keys
 
-		- afdc		(cert only matches www.afdc)
+
+	Problematic hosts in *energy.gov:
+
+		- basc ᵃ
+		- catalyst ᵐ
+		- app.fossil ᵉ ᵘ
+		- www.fossil ᵐ
+		- minorityinternships ᵐ
+		- (www.)?shalegas ᴬ
+		- unconventional ᴬ
+
+	ᴬ Akamai / mismatched
+	ᵃ Shows www4.eere.energy.gov, preemptable redirect
+	ᵉ Expired
+	ᵐ Mismatched
+	ᵘ Untrusted root
 
 
 	Partially covered subdomains:
 
-		- (www.)afdc	(^ → www, some pages redirects to http)
+		- (www.)?afdc ʰ
+
+	ʰ Some pages redirect to http
+
+
+	These altnames do not exist:
+
+		- heatingoil-test.fossil.energy.gov
+		- refinedproduct-test.fossil.energy.gov
+		- gnda2.energy.gov
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- www.afdc.energy.gov
+		- .buildingdata.energy.gov
+		- buildingenergyscore.energy.gov
+		- cleancities.energy.gov
+		- techportal.eere.energy.gov
+		- www.hydrogen.energy.gov
+		- .federalfleets.energy.gov
+		- mailinglist.science.energy.gov
+		- pamspublic.science.energy.gov
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
 
+		- Images, on:
 
-	Fully covered subdomains:
+			- www.afdc, cleancities from www.eereblogs.energy.gov ⁴
+			- nnsa from $self *
 
-		- www1.eere
-		- www3.eere
+	⁴ Unsecurable <= 404
+	* See https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="Energy.gov (partial)">
+<ruleset name="Energy.gov (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="afdc.energy.gov" />
+	<target host="www.afdc.energy.gov" />
+	<target host="buildingdata.energy.gov" />
+	<target host="buildingenergyscore.energy.gov" />
+	<target host="cleancities.energy.gov" />
+	<target host="eere.energy.gov" />
+
+	<target host="techportal.eere.energy.gov" />
+	<target host="www.eere.energy.gov" />
+	<target host="www1.eere.energy.gov" />
+	<target host="www4.eere.energy.gov" />
+	<target host="www5.eere.energy.gov" />
+
+	<target host="sp.eota.energy.gov" />
+	<target host="etrans.energy.gov" />
+	<target host="federalfleets.energy.gov" />
+	<target host="fossil.energy.gov" />
+	<target host="heatingoil.fossil.energy.gov" />
+	<target host="refinedproduct.fossil.energy.gov" />
+	<target host="gnda.energy.gov" />
+	<target host="hydrogen.energy.gov" />
+	<target host="www.hydrogen.energy.gov" />
+	<target host="nnsa.energy.gov" />
+	<target host="www.nnsa.energy.gov" />
+	<target host="sp2.eota.energy.gov" />
+	<target host="olc.energy.gov" />
+	<target host="rpsc.energy.gov" />
+	<target host="mailinglist.science.energy.gov" />
+	<target host="pamspublic.science.energy.gov" />
+	<target host="www1.energy.gov" />
+	<target host="www3.energy.gov" />
+
+	<!--	Complications:
+				-->
+	<target host="basc.energy.gov" />
+	<target host="www.fossil.energy.gov" />
+	<target host="minorityinternships.energy.gov" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.afdc\.energy\.gov/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://(?:www\.)?afdc\.energy\.gov/(?!/*(?:(?:\w+/)?(?:asset|image|pdf)s/|(?:prep|publications|widgets)(?:$|[?/])))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.afdc.energy.gov/calc/" />
+			<test url="http://www.afdc.energy.gov/case/" />
+			<test url="http://www.afdc.energy.gov/case/9" />
+			<test url="http://www.afdc.energy.gov/data/" />
+			<test url="http://www.afdc.energy.gov/data/10322" />
+			<test url="http://www.afdc.energy.gov/laws/11382" />
+			<test url="http://www.afdc.energy.gov/laws/6449" />
+			<test url="http://www.afdc.energy.gov/locator/" />
+			<test url="http://www.afdc.energy.gov/states/" />
+			<test url="http://www.afdc.energy.gov/states/mi" />
+			<test url="http://www.afdc.energy.gov/tools" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.afdc.energy.gov/assets/print-8338c21247074a3b58385cfa89b6cd21.css" />
+			<test url="http://www.afdc.energy.gov/images/station_loc_icon_29_r.png" />
+			<!--test url="http://www.afdc.energy.gov/pdfs/freedomcar_plan.pdf" /-->
+			<test url="http://www.afdc.energy.gov/prep/" /><!--	sets cookies without Secure -->
+			<test url="http://www.afdc.energy.gov/publications/" />
+			<test url="http://www.afdc.energy.gov/widgets/" /><!--	mixed images -->
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.eere\.energy\.gov/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://(?:www\.)?eere\.energy\.gov/(?!/*i(?:mag|nclud)es/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.eere.energy.gov/financing/" />
+			<test url="http://www.eere.energy.gov/islandsplaybook/" />
+			<test url="http://www.eere.energy.gov/site_administration/privacy.html" />
+
+			<!--	-ve:
+					-->
+			<test url="http://eere.energy.gov/images/spacer.gif" />
+			<test url="http://www.eere.energy.gov/includes/reset.css" />
+
+		<!--	Mixed images:
+					-->
+		<!--test url="http://cleancities.energy.gov/blog" /-->
+		<!--test url="http://nnsa.energy.gov/aboutus/ourprograms/defenseprograms/futurescienceandtechnologyprograms/asc/ascnewsletters/ascmar13" /-->
+
+		<!--	$ prints "NOTICE", so:
+							-->
+		<test url="http://www1.eere.energy.gov/guidance/default.aspx?pid=2&amp;spid=1" />
+		<test url="http://www4.eere.energy.gov/seeaction/resources" />
+		<test url="http://www5.eere.energy.gov/office_eere/current_budget.php" />
+
+		<!--	$ redirects to ^energy.gov, so:
+							-->
+		<test url="http://fossil.energy.gov/facilities/netl" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.afdc\.energy\.gov$" name="PHPSESSID$" /-->
+	<!--securecookie host="^\.(?:buildingdata|federalfleets)\.energy\.gov$" name="^BNI_" /-->
+	<!--securecookie host="^buildingenergyscore\.energy\.gov$" name="^(?:_session_id|TS[\da-f]{8})$" /-->
+	<!--securecookie host="^(?:cleancities|techportal\.eere|www\.hydrogen)\.energy\.gov$" name="^BNI_$" /-->
+	<!--securecookie host="^(?:mailinglist|pamspublic)\.science\.energy\.gov$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^(?!www\.afdc\.)\w" name=".+" />
+
 
-	<target host="*.energy.gov" />
-		<!--exclusion pattern="^http://(www\.)?afdc\.energy\.gov/(?!(\w+/)?(asset|image)s/)" /-->
+	<!--	Redirect keeps path and args,
+		but not forward slash:
+					-->
+	<rule from="^http://basc\.energy\.gov/+"
+		to="https://basc.pnnl.gov/" />
 
+		<test url="http://basc.energy.gov/content/help" />
 
-	<securecookie host="^$" name=".+" />
+	<rule from="^http://www\.fossil\.energy\.gov/"
+		to="https://fossil.energy.gov/" />
 
+	<!--	Redirect keeps path but not forward slash
+		nor args, and appends forward slash:
+							-->
+	<rule from="^http://minorityinternships\.energy\.gov/+([^?]*).*"
+		to="https://www.doemeispp.org/$1/" />
 
-	<rule from="^http://(?:www\.)?afdc\.energy\.gov/(?=(?:\w+/)?(?:asset|image)s/)"
-		to="https://www.afdc.energy.gov/" />
+		<test url="http://minorityinternships.energy.gov/blog" />
+		<test url="http://minorityinternships.energy.gov/faq" />
+		<test url="http://minorityinternships.energy.gov/home" />
 
-	<rule from="^http://www(1|3)\.eere\.energy\.gov/"
-		to="https://www$1.eere.energy.gov/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/EnergyMadeEasy.xml b/src/chrome/content/rules/EnergyMadeEasy.xml
new file mode 100644
index 000000000000..06a2a368f907
--- /dev/null
+++ b/src/chrome/content/rules/EnergyMadeEasy.xml
@@ -0,0 +1,7 @@
+<ruleset name="Energy Made Easy">
+	<target host="energymadeeasy.gov.au" />
+	<target host="www.energymadeeasy.gov.au" />
+
+	<rule from="^http://(?:www\.)?energymadeeasy\.gov\.au/"
+		to="https://www.energymadeeasy.gov.au/" />
+</ruleset>
diff --git a/src/chrome/content/rules/EnergyStar.xml b/src/chrome/content/rules/EnergyStar.xml
index aeb2ca022671..3b8493e03715 100644
--- a/src/chrome/content/rules/EnergyStar.xml
+++ b/src/chrome/content/rules/EnergyStar.xml
@@ -1,7 +1,17 @@
+<!--
+
+
+	Mixed content:
+
+		- Images from $self *
+
+	* Secured by us
+
+-->
 <ruleset name="EnergyStar">
   <target host="www.energystar.gov" />
   <target host="energystar.gov" />
 
-  <rule from="^http://(?:www\.)?energystar\.gov/" to="https://www.energystar.gov/"/>
+  <rule from="^http:" to="https:" />
 </ruleset>
 
diff --git a/src/chrome/content/rules/Energy_Live_News.com.xml b/src/chrome/content/rules/Energy_Live_News.com.xml
new file mode 100644
index 000000000000..934988565de6
--- /dev/null
+++ b/src/chrome/content/rules/Energy_Live_News.com.xml
@@ -0,0 +1,29 @@
+<!--
+	Todo: separate resources (which don't redir to www)
+
+
+	www: expired 2013-09-15
+
+
+	Mixed content:
+
+		- css from fonts.googleapis.com *
+
+		- Images from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Energy Live News.com" default_off="expired, self-signed">
+
+	<target host="energylivenews.com" />
+	<target host="www.energylivenews.com" />
+
+
+	<securecookie host="^\.energylivenews\.com$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?energylivenews\.com/"
+		to="https://www.energylivenews.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Enfield.gov.uk.xml b/src/chrome/content/rules/Enfield.gov.uk.xml
new file mode 100644
index 000000000000..eba1ee8dfd06
--- /dev/null
+++ b/src/chrome/content/rules/Enfield.gov.uk.xml
@@ -0,0 +1,95 @@
+<!--
+	Enfield Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *enfield.gov.uk:
+
+		- adultsocialcaremarketplace ᵃ
+
+	ᵃ Shows another domain
+
+
+	Problematic hosts in *enfield.gov.uk
+
+		- consult ᵐ
+
+	ᵐ Mismatched
+
+
+	These altnames do not exist:
+
+		- jobs.enfield.gov.uk
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- enfield.gov.uk
+		- .enfield.gov.uk
+		- .enfield.gov.uk
+		- auth.enfield.gov.uk
+		- .auth.enfield.gov.uk
+		- consult.enfield.gov.uk
+		- new.enfield.gov.uk
+		- .new.enfield.gov.uk
+		- .newcg.enfield.gov.uk
+		- parentportal.enfield.gov.uk
+		- www.enfield.gov.uk
+		- .www.enfield.gov.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Images on (www.)? from www.enfield.gov.uk ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Enfield.gov.uk (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="enfield.gov.uk" />
+	<target host="auth.enfield.gov.uk" />
+	<target host="www.jobs.enfield.gov.uk" />
+	<target host="new.enfield.gov.uk" />
+	<target host="newcg.enfield.gov.uk" />
+	<target host="parentportal.enfield.gov.uk" />
+	<target host="ssl.enfield.gov.uk" />
+	<target host="www.enfield.gov.uk" />
+
+		<!--	Mixed images:
+					-->
+		<!--test url="http://www.enfield.gov.uk/site/" /-->
+
+	<!--	Complications:
+				-->
+	<target host="consult.enfield.gov.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?enfield\.gov\.uk$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^\.enfield\.gov\.uk$" name="^TestCookie$" /-->
+	<!--securecookie host="^auth\.enfield\.gov\.uk$" name="^__RequestVerificationToken_\w+$" /-->
+	<!--securecookie host="^\.(?:auth|new|newcg)\.enfield\.gov\.uk$" name="^ARRAffinity$" /-->
+	<!--securecookie host="^consult\.enfield\.gov\.uk$" name="^(?:JSESSION|Server)ID$" /-->
+	<!--securecookie host="^new\.enfield\.gov\.uk$" name="^anonprofile$" /-->
+	<!--securecookie host="^parentportal\.enfield\.gov\.uk$" name="^MY_SESSION_[\dA-F]+$" /-->
+	<!--securecookie host="^www\.enfield\.gov\.uk$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^\.www\.enfield\.gov\.uk$" name="^DragDropCookieID$" /-->
+
+	<securecookie host="^(?!\.enfield\.gov\.uk$)." name=".+" />
+	<securecookie host="^\." name="^TestCookie$" />
+
+
+	<rule from="^http://consult\.enfield\.gov\.uk/"
+		to="https://enfield-consult.objective.co.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Engadget.com.xml b/src/chrome/content/rules/Engadget.com.xml
index dfb21d0f069c..c6a174622817 100644
--- a/src/chrome/content/rules/Engadget.com.xml
+++ b/src/chrome/content/rules/Engadget.com.xml
@@ -2,33 +2,32 @@
 	For other AOL coverage, see AOL.xml.
 
 
-	CDN buckets:
+	Nonfunctional hosts in *engadget.com:
 
-		- v6v4.win.blogsmith.aol.com.aol.akadns.net
+		- feeds ¹
 
-			- www.engadget.com
-
-		- win.blogsmith.aol.com.aol.akadns.net
-
-			- alt.engadget.com
-			- hd.engadget.com
-			- mobile.engadget.com
-
-
-	Nonfunctional subdomains:
-
-		- (www.)
-		- alt
-		- hd
-		- mobile
+	¹ Refused
 
 -->
-<ruleset name="Engadget.com (partial)">
-
-	<target host="profiles.engadget.com" />
-
-
-	<rule from="^http://profiles\.engadget\.com/"
-		to="https://profiles.engadget.com/" />
+<ruleset name="Engadget.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="engadget.com" />
+	<target host="www.engadget.com" />
+	<target host="chinese.engadget.com" />
+	<target host="cn.engadget.com" />
+	<target host="de.engadget.com" />
+	<target host="guce.engadget.com" />
+	<target host="japanese.engadget.com" />
+	<target host="live.engadget.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/EngageSciences.xml b/src/chrome/content/rules/EngageSciences.xml
index b957f3815dd8..5a80bf295f76 100644
--- a/src/chrome/content/rules/EngageSciences.xml
+++ b/src/chrome/content/rules/EngageSciences.xml
@@ -1,19 +1,26 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://engagesciences.com/ => https://engagesciences.com/: (7, 'Failed to connect to engagesciences.com port 443: Connection timed out')
+Fetch error: http://www.engagesciences.com/ => https://www.engagesciences.com/: (7, 'Failed to connect to www.engagesciences.com port 443: Connection timed out')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://engagesciences.com/ => https://engagesciences.com/: (7, 'Failed to connect to engagesciences.com port 443: Connection refused')
 	Nonfunctional domains:
 
 		- (www.)ngx.me		(shows another domain; mismatched, CN: *.engagesciences.com)
 
 -->
-<ruleset name="EngageSciences (partial)">
+<ruleset name="EngageSciences (partial)" default_off="failed ruleset test">
 
 	<target host="engagesciences.com" />
-	<target host="*.engagesciences.com" />
+	<target host="app.engagesciences.com" />
+	<target host="www.engagesciences.com" />
 
 
 	<securecookie host="^(?:app\.|www\.)?engagesciences\.com$" name=".+" />
 
 
-	<rule from="^http://(app\.|www\.)?engagesciences\.com/"
-		to="https://$1engagesciences.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Engage_Media.org.xml b/src/chrome/content/rules/Engage_Media.org.xml
new file mode 100644
index 000000000000..ff69868440af
--- /dev/null
+++ b/src/chrome/content/rules/Engage_Media.org.xml
@@ -0,0 +1,33 @@
+<!--
+	Nonfunctional subdomains:
+
+		- videos *
+
+	* Redirects to www.engagemedia.org
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.engagemedia.org
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Engage Media.org (partial)">
+
+	<target host="engagemedia.org" />
+	<target host="crm.engagemedia.org" />
+	<target host="www.engagemedia.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.engagemedia\.org$" name="^I18N_LANGUAGE$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Engaged_Doncaster.co.uk.xml b/src/chrome/content/rules/Engaged_Doncaster.co.uk.xml
new file mode 100644
index 000000000000..c0d7ae0c75db
--- /dev/null
+++ b/src/chrome/content/rules/Engaged_Doncaster.co.uk.xml
@@ -0,0 +1,22 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.doncaster.engagedoncaster.co.uk/ => https://www.doncaster.engagedoncaster.co.uk/: (6, 'Could not resolve host: www.doncaster.engagedoncaster.co.uk')
+
+	For other UK government coverage, see GOV.UK.xml.
+
+-->
+<ruleset name="Engaged Doncaster.co.uk" default_off="failed ruleset test">
+
+	<target host="engagedoncaster.co.uk" />
+	<target host="commonroom.engagedoncaster.co.uk" />
+	<target host="www.doncaster.engagedoncaster.co.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Engaging_Networks.net.xml b/src/chrome/content/rules/Engaging_Networks.net.xml
new file mode 100644
index 000000000000..6f329e404010
--- /dev/null
+++ b/src/chrome/content/rules/Engaging_Networks.net.xml
@@ -0,0 +1,17 @@
+<!--
+
+	Other Engaging Networks rulesets:
+
+		- E-activist.com.xml
+
+-->
+<ruleset name="Engaging Networks.net">
+
+	<target host="engagingnetworks.net" />
+	<target host="www.engagingnetworks.net" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Engelschall.com.xml b/src/chrome/content/rules/Engelschall.com.xml
index 3e76a94297db..6aa67561e530 100644
--- a/src/chrome/content/rules/Engelschall.com.xml
+++ b/src/chrome/content/rules/Engelschall.com.xml
@@ -1,9 +1,9 @@
-<ruleset name="Engelschall.com" default_off="self-signed">
+<ruleset name="Engelschall.com">
 
-	<target host="engelschall.com"/>
-	<target host="www.engelschall.com"/>
+	<target host="engelschall.com" />
+	<target host="www.engelschall.com" />
 
-	<rule from="^http://(?:www\.)?engelschall\.com/"
-		to="https://engelschall.com/"/>
+	<rule from="^http://(www\.)?engelschall\.com/"
+		to="https://engelschall.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Engelsystem.de.xml b/src/chrome/content/rules/Engelsystem.de.xml
new file mode 100644
index 000000000000..ab119e411f30
--- /dev/null
+++ b/src/chrome/content/rules/Engelsystem.de.xml
@@ -0,0 +1,9 @@
+<ruleset name="Engelsystem.de">
+
+	<target host="engelsystem.de" />
+	<target host="www.engelsystem.de" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Engine_Yard.com.xml b/src/chrome/content/rules/Engine_Yard.com.xml
new file mode 100644
index 000000000000..263dfafc7261
--- /dev/null
+++ b/src/chrome/content/rules/Engine_Yard.com.xml
@@ -0,0 +1,24 @@
+<!--
+	Fully covered subdomains:
+
+		- (www.)?
+		- blog
+		- support.cloud
+		- login
+
+-->
+<ruleset name="Engine Yard.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="engineyard.com" />
+	<target host="blog.engineyard.com" />
+	<target host="support.cloud.engineyard.com" />
+	<target host="login.engineyard.com" />
+	<target host="www.engineyard.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Engineering.com.xml b/src/chrome/content/rules/Engineering.com.xml
index f250e3e570ef..78c1bfbfb0cd 100644
--- a/src/chrome/content/rules/Engineering.com.xml
+++ b/src/chrome/content/rules/Engineering.com.xml
@@ -1,24 +1,11 @@
-<!--
-	CDN buckets:
-
-		- d2gm6q2bvqrwiz.cloudfront.net
-
-			- file2
-
-
-	Some pages redirect to http.
-
--->
 <ruleset name="Engineering.com (partial)">
 
 	<target host="engineering.com" />
-	<target host="*.engineering.com" />
-
-
-	<rule from="^http://(www\.)?engineering\.com/(?=[dD]esktop[mM]odules/|favicon\.ico|js/|Login\.aspx|Portals/|[rR]esources/|(?:Telerik\.Web\.UI\.)?WebResource\.axd)"
-		to="https://$1engineering.com/" />
+	<target host="www.engineering.com" />
+	<target host="file1.engineering.com" />
+	<test url="http://file1.engineering.com/scripts/jquery.hoverIntent.min.js" />
+	<target host="file2.engineering.com" />
 
-	<rule from="^http://file2\.engineering\.com/"
-		to="https://d2gm6q2bvqrwiz.cloudfront.net/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Engineering_for_Change.org.xml b/src/chrome/content/rules/Engineering_for_Change.org.xml
new file mode 100644
index 000000000000..6acf6a690c1a
--- /dev/null
+++ b/src/chrome/content/rules/Engineering_for_Change.org.xml
@@ -0,0 +1,36 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- engineeringforchange.org
+		- www.engineeringforchange.org
+
+
+	Mixed content:
+
+		- Images, from:
+
+			- s3.amazonaws.com *
+			- www.engineeringforchange.org *
+
+	* Secured by us
+
+-->
+<ruleset name="Engineering for Change.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="engineeringforchange.org" />
+	<target host="www.engineeringforchange.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?engineeringforchange\.org$" name="^X-Mapping-" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/English-Country-Cottages.co.uk.xml b/src/chrome/content/rules/English-Country-Cottages.co.uk.xml
new file mode 100644
index 000000000000..0b25e4bb5554
--- /dev/null
+++ b/src/chrome/content/rules/English-Country-Cottages.co.uk.xml
@@ -0,0 +1,20 @@
+<!--
+	For other Wyndham related rulesets, see WyndhamHotels.com.xml
+
+	Non-functional hosts
+		Timeout was reached:
+		- english-country-cottages.co.uk
+
+		Mixed content blocking (MCB) triggered:
+		- www.english-country-cottages.co.uk
+-->
+<ruleset name="English-Country-Cottages.co.uk" platform="mixedcontent">
+	<target host="english-country-cottages.co.uk" />
+	<target host="www.english-country-cottages.co.uk" />
+
+	<rule from="^http://english-country-cottages\.co\.uk/"
+		to="https://www.english-country-cottages.co.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/English-Heritage.org.uk.xml b/src/chrome/content/rules/English-Heritage.org.uk.xml
index 5727478e22c4..e98cc96c817e 100644
--- a/src/chrome/content/rules/English-Heritage.org.uk.xml
+++ b/src/chrome/content/rules/English-Heritage.org.uk.xml
@@ -4,30 +4,43 @@
 		- English-Heritage_shop.org.uk.xml
 
 
-	^english-heritage.org.uk doesn't exist.
+	Nonfunctional hosts in *english-heritage.org.uk:
 
+		- list	(refused)
+		- www (JS http redirect)
 
-	Nonfunctional subdomains:
 
-		- list	(refused)
+	^english-heritage.org.uk does not exist.
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.english-heritage.org.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
 
 
 	Mixed content:
 
-		- Images on www from www *
+		- Images on www from $self ˢ
 
-	* Secured by us
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="English-Heritage.org.uk (partial)">
+<ruleset name="English-Heritage.org.uk (partial)" default_off="js redirect to http">
 
 	<target host="www.english-heritage.org.uk" />
 
 
-	<securecookie host="^www\.english-heritage\.org\.uk$" name=".+" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.english-heritage\.org\.uk$" name="^(?:ASP\.NET_SessionId|ehmob)$" /-->
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^http://www\.english-heritage\.org\.uk/"
-		to="https://www.english-heritage.org.uk/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/English-Heritage_shop.org.uk.xml b/src/chrome/content/rules/English-Heritage_shop.org.uk.xml
index 8ca0b9fabd6e..693cefaa4f68 100644
--- a/src/chrome/content/rules/English-Heritage_shop.org.uk.xml
+++ b/src/chrome/content/rules/English-Heritage_shop.org.uk.xml
@@ -1,22 +1,25 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://english-heritageshop.org.uk/ => https://english-heritageshop.org.uk/: Too many redirects while fetching 'https://english-heritageshop.org.uk/'
+Fetch error: http://www.english-heritageshop.org.uk/ => https://www.english-heritageshop.org.uk/: Too many redirects while fetching 'https://www.english-heritageshop.org.uk/'
+
 	For other English Heritage coverage, see English-Heritage.org.uk.xml.
 
 
 	CN: www.safepayments.com
 
-	Note: server is configured for rc4 only.
-
 -->
-<ruleset name="English-Heritage shop.org.uk" default_off="mismatched">
+<ruleset name="English-Heritage shop.org.uk" default_off="failed ruleset test">
 
 	<target host="english-heritageshop.org.uk" />
-	<target host="*.english-heritageshop.org.uk" />
+	<target host="www.english-heritageshop.org.uk" />
 
 
 	<securecookie host="^\.english-heritageshop\.org\.uk$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?english-heritageshop\.org\.uk/"
-		to="https://www.english-heritageshop.org.uk/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/EnglishPage.com.xml b/src/chrome/content/rules/EnglishPage.com.xml
new file mode 100644
index 000000000000..fe7f99f4adca
--- /dev/null
+++ b/src/chrome/content/rules/EnglishPage.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="EnglishPage.com">
+	<target host="englishpage.com" />
+	<target host="www.englishpage.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/EnhanceIE.xml b/src/chrome/content/rules/EnhanceIE.xml
index e6aff086b990..3de35769c829 100644
--- a/src/chrome/content/rules/EnhanceIE.xml
+++ b/src/chrome/content/rules/EnhanceIE.xml
@@ -1,14 +1,15 @@
-<ruleset name="EnhanceIE" default_off="mismatch">
+<ruleset name="EnhanceIE.com" default_off="mismatched">
 
-	<!--	Cert: www.fiddler2.com	-->
+	<!--	Direct rewrites:
+				-->
 	<target host="enhanceie.com"/>
 	<target host="www.enhanceie.com"/>
 
 
-	<securecookie host="^enhanceie\.com$" name=".*"/>
+	<securecookie host="^enhanceie\.com$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?enhanceie\.com/"
-		to="https://enhanceie.com/"/>
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/EnhanceViews.com.xml b/src/chrome/content/rules/EnhanceViews.com.xml
new file mode 100644
index 000000000000..bbc2de499bc4
--- /dev/null
+++ b/src/chrome/content/rules/EnhanceViews.com.xml
@@ -0,0 +1,16 @@
+<!--
+	Mismatched:
+		- autowatcher.enhanceviews.com (CN: 10kshare.com)
+-->
+
+<ruleset name="EnhanceViews.com">
+	<target host="enhanceviews.com" />
+	<target host="www.enhanceviews.com" />
+
+	<target host="enhanceviews.net" />
+	<target host="www.enhanceviews.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Enigmail.net.xml b/src/chrome/content/rules/Enigmail.net.xml
index 740254874e6e..06acff305ee8 100644
--- a/src/chrome/content/rules/Enigmail.net.xml
+++ b/src/chrome/content/rules/Enigmail.net.xml
@@ -3,11 +3,7 @@
 	<target host="enigmail.net" />
 	<target host="www.enigmail.net" />
 
-
-	<!--	^ redirects to www over http,
-		so copy that behavior:
-					-->
-	<rule from="^http://(?:www\.)?enigmail\.net/"
-		to="https://www.enigmail.net/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Eniro.xml b/src/chrome/content/rules/Eniro.xml
index 013eabbdd445..5cd3d498ab39 100644
--- a/src/chrome/content/rules/Eniro.xml
+++ b/src/chrome/content/rules/Eniro.xml
@@ -1,14 +1,20 @@
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://eniro.se/ => https://eniro.se/: Cycle detected - URL already encountered: https://eniro.se/
 	Fully covered domains:
 
 		- adsrv.ads.eniro.com
 
 -->
-<ruleset name="Eniro (partial)" platform="mixedcontent">
+<ruleset name="Eniro (partial)">
 
 	<target host="*.eniro.com"/>
 	<target host="eniro.se"/>
 	<target host="*.eniro.se"/>
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="^http://www\.eniro\.com/(?:$|\?)" /-->
 
 
 	<securecookie host="^\.adsrv\.ads\.eniro\.com$" name=".+" />
diff --git a/src/chrome/content/rules/Enjin.xml b/src/chrome/content/rules/Enjin.xml
index 5d60df9fa0a3..170bde252cd9 100644
--- a/src/chrome/content/rules/Enjin.xml
+++ b/src/chrome/content/rules/Enjin.xml
@@ -1,41 +1,38 @@
 <!--
-	CDN buckets:
+	IMPORTANT INFORMATION:
 
-		- s3.amazonaws.com/files.enjin.com/
-
-		- d2umfjgc9kwn9b.cloudfront.net
-			- assets-cloud.enjin.com
+	Sites, developed by the public, created on the Enjin Network have the ability to force
+	HTTP or HTTPS themselves. If they enable HTTPS, the site will automatically force a
+	HTTPS connection. You cannot add a rule to force HTTPS for sites that specifically
+	request to force the HTTP protocol, doing so will cause a redirect loop
+	(between the HTTP and HTTPS protocols) to occur.
 
+	This functionality may be altered in the near future to ensure all sites use HTTPS and proxy
+	insecure material (such as scripts, stylesheets and images) through a HTTPS-enabled proxy.
 -->
-<ruleset name="Enjin">
 
+<ruleset name="Enjin" platform="mixedcontent">
+	<!-- Enjin Network -->
 	<target host="enjin.com" />
-	<target host="*.enjin.com" />
-	<target host="*.www.enjin.com" />
-	<target host="resources.guild-hosting.net" />
-
-
-	<!--	Guild subdomains set wildcard cookies. In
-		order to secure them, we'd have to target
-		each and every guild's subdomain...
-							-->
-	<securecookie host="^(?:.*\.)?enjin\.com$" name=".+" />
-
-
-	<rule from="^https?://assets-cloud\.enjin\.com/"
-		to="https://d2umfjgc9kwn9b.cloudfront.net/" />
-
-	<rule from="^https?://files\.enjin\.com/"
-		to="https://s3.amazonaws.com/files.enjin.com/" />
-
-	<!--	Guilds have unique subdomains.
-						-->
-	<rule from="^http://([\w\-]+\.)?enjin\.com/"
-		to="https://$1enjin.com/" />
-
-	<!--	CN: *.enjin.com
-				-->
-	<rule from="^https?://resources\.guild-hosting\.net/"
-		to="https://resources.enjin.com/" />
-
-</ruleset>
\ No newline at end of file
+	<target host="www.enjin.com" />
+	<target host="support.enjin.com" />
+	<target host="id.enjin.com" />
+	<target host="api.enjin.com" />
+
+	<!-- CDN Rules -->
+	<target host="assets-cloud.enjin.com" />
+	<target host="files-cloud.enjin.com" />
+	<target host="images-cloud.enjin.com" />
+	<target host="assets.enjin.com" />
+	<target host="files.enjin.com" />
+	<target host="images.enjin.com" />
+
+	<test url="http://assets-cloud.enjin.com/ext/test.html" />
+	<test url="http://assets.enjin.com/ext/test.html" />
+	<test url="http://files-cloud.enjin.com/ext/test.html" />
+	<test url="http://files.enjin.com/ext/test.html" />
+	<test url="http://images-cloud.enjin.com/ext/test.html" />
+	<test url="http://images.enjin.com/ext/test.html" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Enjoy.com.xml b/src/chrome/content/rules/Enjoy.com.xml
new file mode 100644
index 000000000000..62fffef45e90
--- /dev/null
+++ b/src/chrome/content/rules/Enjoy.com.xml
@@ -0,0 +1,21 @@
+<!--
+	CDN bucket:
+		- cdn.shopify.com
+
+	Non-functional subdomain:
+		- blog			(hostname mismatch, CN: *.wordpress.com, wordpress.com)
+		- enjoy.com		(hostname mismatch, CN: *.myshopify.com, myshopify.com)
+-->
+<ruleset name="Enjoy.com (partial)">
+	<target host=    "enjoy.com" />
+	<target host="www.enjoy.com" />
+
+	<securecookie host="^www\.enjoy\.com$" name=".+" />
+
+	<!--	hostname mismatch: -->
+	<rule from="^http://enjoy\.com/"
+		to="https://www.enjoy.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Enlightenment.org.xml b/src/chrome/content/rules/Enlightenment.org.xml
new file mode 100644
index 000000000000..10b229bcbd6e
--- /dev/null
+++ b/src/chrome/content/rules/Enlightenment.org.xml
@@ -0,0 +1,27 @@
+<!--
+	Content mismatch:
+		ci.enlightenment.org
+		e5.enlightenment.org
+		lists.enlightenment.org
+
+	Invalid certificate:
+		smtp.enlightenment.org
+
+	Timeout:
+		e5v1.enlightenment.org
+		e5v2.enlightenment.org
+-->
+<ruleset name="Enlightenment.org">
+
+	<target host="enlightenment.org" />
+	<target host="www.enlightenment.org" />
+	<target host="docs.enlightenment.org" />
+	<target host="download.enlightenment.org" />
+	<target host="git.enlightenment.org" />
+	<target host="phab.enlightenment.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Enlightenment.xml b/src/chrome/content/rules/Enlightenment.xml
deleted file mode 100644
index 1ae7a7c8dbd6..000000000000
--- a/src/chrome/content/rules/Enlightenment.xml
+++ /dev/null
@@ -1,57 +0,0 @@
-<!--
-	Fully covered subdomains:
-
-		- (www.)
-		- build
-		- docs
-		- download
-		- git
-		- phab
-		- planet
-		- trac
-		- web
-
-
-	Observed cookie domains:
-
-		- docs
-		- .phab
-		- trac
-
-
-	Mixed content:
-
-		- Images, on:
-
-			- planet, from:
-
-				- www *
-				- ngc891.blogdns.net **
-				- farm\d.static.flickr.com *
-				- i.imgur.com *
-				- feeds.wordpress.com *
-
-			- web from www *
-			- web from api.flattr.com *
-			- www from www *
-			- www from api.flattr.com *
-
-		- Web bugs on planet from stats.wordpress.com *
-
-	* Secured by us, doesn't trip MCB anyway
-	** Self-signed, doesn't trip MCB anyway
-
--->
-<ruleset name="Enlightenment">
-
-	<target host="enlightenment.org" />
-	<target host="*.enlightenment.org" />
-
-
-	<securecookie host=".*\.enlightenment\.org$" name=".+" />
-
-
-	<rule from="^http://((?:build|docs|download|git|phab|planet|trac|web|www)\.)?enlightenment\.org/"
-		to="https://$1enlightenment.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Enom.xml b/src/chrome/content/rules/Enom.xml
index c3b749a4d853..e12cc6f3af7b 100644
--- a/src/chrome/content/rules/Enom.xml
+++ b/src/chrome/content/rules/Enom.xml
@@ -1,19 +1,11 @@
 <!--
 	For other Demand Media coverage, see Demand-Media.xml.
-
-
-	Many pages redirect to http, though there may
-	be more than are handled here that don't.
-
 -->
-<ruleset name="eNom (partial)">
+<ruleset name="eNom.com (partial)">
 
 	<target host="enom.com" />
 	<target host="www.enom.com" />
-		<exclusion pattern="^http://(?:www\.)?enom\.com/(?!login|signup/).*\.aspx(?:$|\?)" />
-
 
-	<rule from="^http://(www\.)?enom\.com/"
-		to="https://$1enom.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Enpass.io.xml b/src/chrome/content/rules/Enpass.io.xml
new file mode 100644
index 000000000000..9f48d64ed42a
--- /dev/null
+++ b/src/chrome/content/rules/Enpass.io.xml
@@ -0,0 +1,15 @@
+<ruleset name="Enpass.io">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="enpass.io" />
+	<target host="www.enpass.io" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Enphase-Energy.xml b/src/chrome/content/rules/Enphase-Energy.xml
index 623ed825c06f..b3d019463a0b 100644
--- a/src/chrome/content/rules/Enphase-Energy.xml
+++ b/src/chrome/content/rules/Enphase-Energy.xml
@@ -1,31 +1,68 @@
 <!--
-	Nonfunctional:
+	Other Enphase Energy rulesets:
 
-		- investor	(cert: *.shareholder.com; 403)
+		- Enphase_Energy.com.xml
+
+
+	Nonfunctional hosts in *enphase.com:
+
+		- info ¹
+		- investor ²
+
+	¹ Marketo
+	² Dropped
+
+
+	www.enphase.com: Mismatched
 
 -->
-<ruleset name="Enphase Energy (partial)" platform="mixedcontent">
+<ruleset name="Enphase.com (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="enphase.com"/>
+	<target host="www2.enphase.com"/>
+
+	<!--	Complications:
+				-->
+	<target host="info.enphase.com"/>
 	<target host="www.enphase.com"/>
-	<target host="enphaseenergy.com"/>
-	<target host="*.enphaseenergy.com"/>
 
+		<exclusion pattern="^http://info\.enphase\.com/+(?!$|\?|css/|images/|rs/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://info.enphase.com/2015-02-AU-Event-California-Dreamin_Registration.html/" />
+			<test url="http://info.enphase.com/2015-0707-NA-Newsletter-Partner_Intersolar-2015-Learn-More.html" />
+			<test url="http://info.enphase.com/AC-Rocks_2014.html" />
+			<test url="http://info.enphase.com/Enphase-Training-Anywhere-2015.html" />
+			<test url="http://info.enphase.com/FolsomLabs.html" />
+			<test url="http://info.enphase.com/NL_Collateral.html" />
+			<test url="http://info.enphase.com/newsletter-signup" />
+
+			<!--	-ve:
+					-->
+			<test url="http://info.enphase.com//" />
+			<test url="http://info.enphase.com/?" />
+			<test url="http://info.enphase.com/?f" />
+			<test url="http://info.enphase.com/?o" />
+			<test url="http://info.enphase.com/?b" />
+			<test url="http://info.enphase.com/css/mktLPSupportCompat.css" />
+			<test url="http://info.enphase.com/rs/129-YCL-825/images/ENPH_rev2_Logo_white.png" />
 
-	<securecookie host="^enlighten\.enphaseenergy\.com$" name=".*"/>
 
+	<!--	Redirect drops args and forward slash:
+							-->
+	<rule from="^http://info\.enphase\.com/+(?:\?.*)?$"
+		to="https://enphase.com/"/>
 
-	<!--	enphaseenergy.com:
-			- Presents cert for enphase.com
-			- Redirects to enphase.com.	-->
-	<rule from="^http://(www\.)?enphase(?:energy)?\.com/"
-		to="https://$1enphase.com/"/>
+	<rule from="^http://info\.enphase\.com/"
+		to="https://na-abb.marketo.com/" />
 
-	<!--	Pages redirect to http.		-->
-	<rule from="^http://community\.enphaseenergy\.com/favicon\.png"
-		to="https://getsatisfaction.com/favicon.png"/>
+	<rule from="^http://www\.enphase\.com/"
+		to="https://enphase.com/"/>
 
-	<rule from="^http://(assets1|enlighten)\.enphaseenergy\.com/"
-		to="https://$1.enphaseenergy.com/"/>
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Enphase_Energy.com.xml b/src/chrome/content/rules/Enphase_Energy.com.xml
new file mode 100644
index 000000000000..dc62a857a710
--- /dev/null
+++ b/src/chrome/content/rules/Enphase_Energy.com.xml
@@ -0,0 +1,46 @@
+<!--
+	For other Enphase Energy coverage, see Enphase-Energy.xml.
+
+
+	Nonfunctional hosts in *enphaseenergy.com:
+
+		- community *
+
+	* WP Engine
+
+
+	(www.)?enphaseenergy.com: Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- enlighten.enphaseenergy.com
+
+-->
+<ruleset name="Enphase Energy.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="assets1.enphaseenergy.com"/>
+	<target host="enlighten.enphaseenergy.com"/>
+
+	<!--	Complications:
+				-->
+	<target host="enphaseenergy.com"/>
+	<target host="www.enphaseenergy.com"/>
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^enlighten\.enphaseenergy\.com$" name="^locale$" /-->
+
+	<securecookie host="^enlighten\.enphaseenergy\.com$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?enphaseenergy\.com/"
+		to="https://enphase.com/"/>
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/EnricoZini.org.xml b/src/chrome/content/rules/EnricoZini.org.xml
new file mode 100644
index 000000000000..08f31c14377f
--- /dev/null
+++ b/src/chrome/content/rules/EnricoZini.org.xml
@@ -0,0 +1,11 @@
+<!--
+	Wrong server:
+		- cal.enricozini.org
+-->
+
+<ruleset name="EnricoZini.org">
+	<target host="enricozini.org" />
+	<target host="www.enricozini.org" />
+
+ 	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ens-lyon.org.xml b/src/chrome/content/rules/Ens-lyon.org.xml
index 03cdface117e..1de614c71826 100644
--- a/src/chrome/content/rules/Ens-lyon.org.xml
+++ b/src/chrome/content/rules/Ens-lyon.org.xml
@@ -1,23 +1,27 @@
 <!--
-	Fully covered subdomains:
+	No working URL known:
+		git.ens-lyon.org
+		pat.perso.ens-lyon.org
+		smtp.ens-lyon.org
+		sonata.ens-lyon.org
+		svn.ens-lyon.org
+		toccata.ens-lyon.org
 
-		- (www.)
-		- blog
-		- cvs
-		- git
-		- svn
-		- toccata
-		- web
-		- wiki
+	Timeout:
+		interens.ens-lyon.org
+
+	Different content http/https:
+		wiki.ens-lyon.org
 
 -->
-<ruleset name="ens-lyon.org" platform="cacert">
+<ruleset name="ens-lyon.org">
 
 	<target host="ens-lyon.org" />
-	<target host="*.ens-lyon.org" />
-
+	<target host="www.ens-lyon.org" />
+	<target host="listes.ens-lyon.org" />
+	<target host="web.ens-lyon.org" />
 
-	<rule from="^http://((?:blog|cvs|git|svn|toccata|web|wiki|www)\.)?ens-lyon\.org/"
-		to="https://$1ens-lyon.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Ensighten.com.xml b/src/chrome/content/rules/Ensighten.com.xml
new file mode 100644
index 000000000000..6e63df7bc6b4
--- /dev/null
+++ b/src/chrome/content/rules/Ensighten.com.xml
@@ -0,0 +1,18 @@
+<!--
+	Invalid certificate:
+		ui.ensighten.com
+
+-->
+<ruleset name="Ensighten.com">
+
+	<target host="ensighten.com" />
+	<target host="www.ensighten.com" />
+	<target host="manage.ensighten.com" />
+	<target host="nexus.ensighten.com" />
+		<test url="http://nexus.ensighten.com/mobile2/ios/html/sbs/sbstwgios/default/tag_container.html?cid=trending" />
+	<target host="success.ensighten.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ensighten.xml b/src/chrome/content/rules/Ensighten.xml
deleted file mode 100644
index 6aa9eaae9db5..000000000000
--- a/src/chrome/content/rules/Ensighten.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<ruleset name="Ensighten">
-
-	<target host="ensighten.com" />
-	<target host="*.ensighten.com" />
-
-
-	<securecookie host="^ui\.ensighten\.com$" name=".*" />
-
-
-	<!--	Cert only matches www.	-->
-	<rule from="^https?://(?:www\.)?ensighten\.com/"
-		to="https://www.ensighten.com/" />
-
-	<rule from="^http://(nexus|ui)\.ensighten\.com/"
-		to="https://$1.ensighten.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Ensignia_mail.com.xml b/src/chrome/content/rules/Ensignia_mail.com.xml
new file mode 100644
index 000000000000..8be6c1bda79b
--- /dev/null
+++ b/src/chrome/content/rules/Ensignia_mail.com.xml
@@ -0,0 +1,21 @@
+<!--
+	store: Redirects to ^ensigniamail.com
+
+
+	Mixed content:
+
+		- css on ^ from fonts.googleapis.com ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="Ensignia mail.com (partial)">
+
+	<target host="ensigniamail.com" />
+	<target host="www.ensigniamail.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ensimag.fr.xml b/src/chrome/content/rules/Ensimag.fr.xml
new file mode 100644
index 000000000000..20a86d4038ee
--- /dev/null
+++ b/src/chrome/content/rules/Ensimag.fr.xml
@@ -0,0 +1,44 @@
+<!--
+	Nonfunctional subdomains:
+
+		- (www.)? ¹
+		- anciens ²
+		- cse ²
+		- listes ²
+
+	¹ Refused
+	² Shows intranet
+
+
+	Fully covered subdomains:
+
+		- ensiwiki
+		- inside
+		- intranet
+		- relint
+		- webmail
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- inside from $self *
+			- ensiwiki from $self *
+			- ensiwiki from upload.wikimedia.org *
+
+	* Secured by us
+
+-->
+<ruleset name="Ensimag.fr (partial)">
+
+	<target host="ensiwiki.ensimag.fr" />
+	<target host="inside.ensimag.fr" />
+	<target host="intranet.ensimag.fr" />
+	<target host="relint.ensimag.fr" />
+	<target host="webmail.ensimag.fr" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Entanet-mismatches.xml b/src/chrome/content/rules/Entanet-mismatches.xml
index 1f70ec8a2c71..0e3eaf758d3c 100644
--- a/src/chrome/content/rules/Entanet-mismatches.xml
+++ b/src/chrome/content/rules/Entanet-mismatches.xml
@@ -1,11 +1,11 @@
-<ruleset name="Entanet (mismatches)" default_off="mismatch">
+<ruleset name="Entanet (mismatches)" default_off="mismatched">
 
 	<target host="entadsl.com"/>
 	<target host="www.entadsl.com"/>
 	<target host="entagroup.com"/>
 	<target host="www.entagroup.com"/>
 
-	<securecookie host="^(.*\.)?entadsl\.com$" name=".*"/>
+	<securecookie host="^(?:.*\.)?entadsl\.com$" name=".+" />
 
 	<rule from="^http://(?:www\.)?entadsl\.com/"
 		to="https://entadsl.com/"/>
diff --git a/src/chrome/content/rules/Entanet.xml b/src/chrome/content/rules/Entanet.xml
index 3d18eb70aafb..56c11adf9c13 100644
--- a/src/chrome/content/rules/Entanet.xml
+++ b/src/chrome/content/rules/Entanet.xml
@@ -1,20 +1,41 @@
-<ruleset name="Entanet (partial)" platform="mixedcontent">
+<!--
+	Other Entanet rulesets:
 
-	<target host="enta.net"/>
-	<target host="*.enta.net"/>
-	<target host="voipuserportal.co.uk"/>
-	<target host="www.voipuserportal.co.uk"/>
+		- voipuserportal.co.uk.xml
 
-	<securecookie host="^(.*\.)?enta\.net$" name=".*"/>
-	<securecookie host="^(.*\.)?voipuserportal\.co\.uk$" name=".*"/>
 
-	<rule from="^http://enta\.net/"
-		to="https://www.enta.net/"/>
+	Nonfunctional hosts in *enta.net:
 
-	<rule from="^http://(billing|synergi|www)\.enta\.net/"
-		to="https://$1.enta.net/"/>
+		- noc ʳ
 
-	<rule from="^http://(www\.)?voipuserportal\.co\.uk/"
-		to="https://$1voipuserportal.co.uk/"/>
+	ʳ Refused
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- billing.enta.net
+		- synergi.enta.net
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Enta.net (partial)">
+
+	<target host="enta.net" />
+	<target host="billing.enta.net" />
+	<target host="synergi.enta.net" />
+	<target host="www.enta.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^billing\.enta\.net$" name="^(?:PHPSESSID|ci_session)$" /-->
+	<!--securecookie host="^synergi\.enta\.net$" name="^PHPSESSID$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:"/>
 
 </ruleset>
diff --git a/src/chrome/content/rules/Enterprise.com.xml b/src/chrome/content/rules/Enterprise.com.xml
new file mode 100644
index 000000000000..7bcb21840461
--- /dev/null
+++ b/src/chrome/content/rules/Enterprise.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Enterprise.com">
+  <target host="enterprise.com" />
+  <target host="www.enterprise.com" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Enterprise_CIO_Forum.com.xml b/src/chrome/content/rules/Enterprise_CIO_Forum.com.xml
index 6773e2bc09eb..b0af3142d350 100644
--- a/src/chrome/content/rules/Enterprise_CIO_Forum.com.xml
+++ b/src/chrome/content/rules/Enterprise_CIO_Forum.com.xml
@@ -6,7 +6,8 @@
 <ruleset name="Enterprise CIO Forum.com" default_off="expired, mismatched, self-signed">
 
 	<target host="enterprisecioforum.com" />
-	<target host="*.enterprisecioforum.com" />
+	<target host="cdn.enterprisecioforum.com" />
+	<target host="www.enterprisecioforum.com" />
 
 
 	<securecookie host="^www\.enterprisecioforum\.com$" name=".+" />
@@ -15,4 +16,4 @@
 	<rule from="^http://(?:cdn\.|www\.)?enterprisecioforum\.com/"
 		to="https://www.enterprisecioforum.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Enterprisers_Project.com.xml b/src/chrome/content/rules/Enterprisers_Project.com.xml
new file mode 100644
index 000000000000..3be3eb5b04d5
--- /dev/null
+++ b/src/chrome/content/rules/Enterprisers_Project.com.xml
@@ -0,0 +1,16 @@
+<!--
+	For other Red Hat coverage, see Red_Hat.xml.
+
+-->
+<ruleset name="Enterprisers Project.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="enterprisersproject.com" />
+	<target host="www.enterprisersproject.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Entertainment-Consumers-Association-mismatches.xml b/src/chrome/content/rules/Entertainment-Consumers-Association-mismatches.xml
deleted file mode 100644
index 9b6984139978..000000000000
--- a/src/chrome/content/rules/Entertainment-Consumers-Association-mismatches.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="Entertainment Consumer's Association (mismatches)" default_off="mismatch">
-
-	<!--	cert:	theeca.com	-->
-	<target host="ecaforums.com"/>
-	<target host="www.ecaforums.com"/>
-
-	<rule from="^http://(?:www\.)ecaforums\.com/((?:fil|modul|sit)e|newsletter)s/"
-		to="https://www.ecaforums.com/$1s/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Entertainment-Consumers-Association.xml b/src/chrome/content/rules/Entertainment-Consumers-Association.xml
deleted file mode 100644
index 893eb19c6539..000000000000
--- a/src/chrome/content/rules/Entertainment-Consumers-Association.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<!--	theecareportsdev2010.ecasitebuild.com
-
-	!functional:
-		- (www.)gameculture.com		(cert: www.theeca.com; 404)
-		- (www.)gamepolitics.com	(ditto)
-
-	See Entertainment-Consumers-Association-mismatches for problematic rules.
--->
-<ruleset name="Entertainment Consumer's Association (partial)" platform="mixedcontent">
-
-	<target host="theeca.com"/>
-	<target host="*.theeca.com"/>
-
-
-	<!--	Tracking cookies from ssl.google-analytics.com:
-								-->
-	<securecookie host="^\.theeca\.com$" name="__utm\w$" />
-
-
-	<!--	cert !match !www	-->
-	<rule from="^http://(?:www\.)theeca\.com/(favicon\.ico|files/|misc/|modules/|newsletters/|sites/)"
-		to="https://www.theeca.com/$1"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Entertainment.ie.xml b/src/chrome/content/rules/Entertainment.ie.xml
index 9348bf849483..58088e168957 100644
--- a/src/chrome/content/rules/Entertainment.ie.xml
+++ b/src/chrome/content/rules/Entertainment.ie.xml
@@ -1,14 +1,21 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://entertainment.ie/ => https://entertainment.ie/: Too many redirects while fetching 'https://entertainment.ie/'
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://entertainment.ie/ => https://entertainment.ie/: Cycle detected - URL already encountered: https://entertainment.ie/
 	Problematic subdomains:
 
 		- images	(mismatched, CN: entertainment.ie)
 		- www		(500, valid cert)
 
 -->
-<ruleset name="entertainment.ie">
+<ruleset name="entertainment.ie" default_off="failed ruleset test">
 
 	<target host="entertainment.ie" />
-	<target host="*.entertainment.ie" />
+	<target host="images.entertainment.ie" />
+	<target host="www.entertainment.ie" />
 
 
 	<securecookie host="^entertainment\.ie$" name=".+" />
@@ -17,4 +24,4 @@
 	<rule from="^http://(?:images\.|www\.)?entertainment\.ie/"
 		to="https://entertainment.ie/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Entertainment_Weekly.xml b/src/chrome/content/rules/Entertainment_Weekly.xml
index c852c8ce823a..55090ff5d01a 100644
--- a/src/chrome/content/rules/Entertainment_Weekly.xml
+++ b/src/chrome/content/rules/Entertainment_Weekly.xml
@@ -16,7 +16,9 @@
 <ruleset name="Entertainment Weekly (partial)" default_off="mismatched">
 
 	<target host="ew.com" />
-	<target host="*.ew.com" />
+	<target host="www.ew.com" />
+	<target host="popwatch.ew.com" />
+	<target host="tvrecaps.ew.com" />
 
 
 	<securecookie host="^\.ew\.com$" name=".+" />
@@ -25,7 +27,6 @@
 	<rule from="^http://(?:www\.)?ew\.com/"
 		to="https://www.ew.com/" />
 
-	<rule from="^http://(popwatch|tvrecaps)\.ew\.com/"
-		to="https://$1.ew.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/EntheoShop.xml b/src/chrome/content/rules/EntheoShop.xml
index c0da9866d930..848790280725 100644
--- a/src/chrome/content/rules/EntheoShop.xml
+++ b/src/chrome/content/rules/EntheoShop.xml
@@ -3,10 +3,9 @@
 	<target host="shop.entheogene.de" />
 
 
-	<securecookie host="^shop\.entheogene\.de$" name=".*" />
+	<securecookie host="^shop\.entheogene\.de$" name=".+" />
 
 
-	<rule from="^http://shop\.entheogene\.de/"
-		to="https://shop.entheogene.de/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Enthought.com.xml b/src/chrome/content/rules/Enthought.com.xml
index a7b58f41e820..881ef4af97f6 100644
--- a/src/chrome/content/rules/Enthought.com.xml
+++ b/src/chrome/content/rules/Enthought.com.xml
@@ -15,23 +15,43 @@
 	Fully covered subdomains:
 
 		- (www.)
-		- mail
 		- public
+		- store
 		- support
+		- training
 		- www2
 
+
+	mail: Dropped over http & https
+
+
+	Insecure cookies are set for these domains:
+
+		- .enthought.com
+
 -->
 <ruleset name="Enthought.com (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="enthought.com" />
-	<target host="*.enthought.com" />
+	<target host="public.enthought.com" />
+	<target host="store.enthought.com" />
+	<target host="support.enthought.com" />
+	<target host="training.enthought.com" />
+	<target host="www.enthought.com" />
+	<target host="www2.enthought.com" />
 		<!--exclusion pattern="^http://(blog|code)\." /-->
 
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.enthought\.com$" name="^csrftoken$" /-->
+
 	<securecookie host="^(?:support\.|www2?\.)?enthought\.com$" name=".+" />
 
 
-	<rule from="^http://((?:mail|public|support|www2?)\.)?enthought\.com/"
-		to="https://$1enthought.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/EntroPay.xml b/src/chrome/content/rules/EntroPay.xml
index 5c4d1bda3780..219e7844acf6 100644
--- a/src/chrome/content/rules/EntroPay.xml
+++ b/src/chrome/content/rules/EntroPay.xml
@@ -13,10 +13,10 @@
 	<securecookie host="^.*\.entropay\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?entropay\.com/"
+	<rule from="^http://(?:www\.)?entropay\.com/"
 		to="https://www.entropay.com/" />
 
 	<rule from="^http://(payment-solutions|secure2)\.entropay\.com/"
 		to="https://$1.entropay.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Entropia.de.xml b/src/chrome/content/rules/Entropia.de.xml
deleted file mode 100644
index 2c21bacdfd1a..000000000000
--- a/src/chrome/content/rules/Entropia.de.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!-- This rule was automatically generated based on an HSTS
-     preload rule in the Chromium browser.  See 
-     https://src.chromium.org/viewvc/chrome/trunk/src/net/base/transport_security_state.cc
-     for the list of preloads.  Sites are added to the Chromium HSTS
-     preload list on request from their administrators, so HTTPS should
-     work properly everywhere on this site.
- 
-     Because Chromium and derived browsers automatically force HTTPS for
-     every access to this site, this rule applies only to Firefox. -->
-<ruleset name="Entropia.de" platform="firefox">
-  <target host="entropia.de" />
-  <target host="www.entropia.de" />
-
-  <securecookie host="^entropia\.de$" name=".+" />
-  <securecookie host="^www\.entropia\.de$" name=".+" />
-
-  <rule from="^http://(www\.)?entropia\.de/" to="https://entropia.de/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Entropy_Wave.xml b/src/chrome/content/rules/Entropy_Wave.xml
index eaa7dceb6ae0..ea5b72097ec9 100644
--- a/src/chrome/content/rules/Entropy_Wave.xml
+++ b/src/chrome/content/rules/Entropy_Wave.xml
@@ -4,8 +4,10 @@
 		- code	(cert: www; shows www)
 
 -->
-<ruleset name="Entropy Wave (partial)">
+<ruleset name="Entropy Wave.com (partial)" default_off="expired">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="entropywave.com" />
 	<target host="www.entropywave.com" />
 
@@ -13,7 +15,7 @@
 	<securecookie host="^(?:www\.)?entropywave\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?entropywave\.com/"
-		to="https://$1entropywave.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Entroware.com.xml b/src/chrome/content/rules/Entroware.com.xml
new file mode 100644
index 000000000000..b048a56b3469
--- /dev/null
+++ b/src/chrome/content/rules/Entroware.com.xml
@@ -0,0 +1,28 @@
+<!--
+	Insecure cookies are set for these domains and hosts:
+
+		- entroware.com
+		- .entroware.com
+		- www.entroware.com
+
+-->
+<ruleset name="Entroware.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="entroware.com" />
+	<target host="www.entroware.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?entroware\.com$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^\.entroware\.com$" name="^(?:currency|language)$" /-->
+
+	<securecookie host="^(?:\.|www\.)?entroware\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Entrust.com.xml b/src/chrome/content/rules/Entrust.com.xml
new file mode 100644
index 000000000000..ce4a5a1d80b2
--- /dev/null
+++ b/src/chrome/content/rules/Entrust.com.xml
@@ -0,0 +1,32 @@
+<!--
+	For other Datacard Group coverage, see Datacard.com.xml.
+
+
+	Problematic subdomains:
+
+		- go *
+
+	* Eloqua
+
+
+	Fully covered hosts in *entrust.com:
+
+		- (www.)?
+		- cssm
+		- secure
+
+-->
+<ruleset name="Entrust.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="entrust.com" />
+	<target host="cssm.entrust.com" />
+	<target host="secure.entrust.com" />
+	<target host="www.entrust.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Entrust.xml b/src/chrome/content/rules/Entrust.xml
index 211862647cc9..12082a0d4eb5 100644
--- a/src/chrome/content/rules/Entrust.xml
+++ b/src/chrome/content/rules/Entrust.xml
@@ -1,9 +1,70 @@
-<ruleset name="Entrust (partial)">
 
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://home.entrust.net/ => https://home.entrust.net/: (56, 'SSL read: error:00000000:lib(0):func(0):reason(0), errno 104')
+
+	For other Datacard Group coverage, see Datacard.com.xml.
+
+
+	Nonfunctional subdomains:
+
+		- sslinstallcheck *
+
+	* Dropped
+
+-->
+<ruleset name="Entrust.net (partial)" default_off="failed ruleset test">
+
+	<target host="entrust.net" />
+	<target host="buy.entrust.net" />
+	<target host="enroll.entrust.net" />
+	<target host="home.entrust.net" />
+	<target host="login.entrust.net" />
+	<target host="managed.entrust.net" />
 	<target host="seal.entrust.net" />
+	<target host="www.entrust.net" />
+
+		<!--	Blank page:
+					-->
+		<!--exclusion pattern="^http://www\.entrust\.net/$" /-->
+		<!--
+			404:
+				-->
+		<!--exclusion pattern="^http://www\.entrust\.net/(images/(?!new/)|includes/)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.entrust\.net/(?!css/|customer_support/|ev/|favicon\.ico|images/new/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.entrust.net/affiliates.htm" />
+			<test url="http://www.entrust.net/images/themes/entrust-datacard.jpg" />
+			<test url="http://www.entrust.net/includes/bjqs.css" />
+			<test url="http://www.entrust.net/quickstart/" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.entrust.net/css/browser-qa.headers.css" />
+			<test url="http://www.entrust.net/customer_support/contact.cfm" />
+			<test url="http://www.entrust.net/ev/misuse.cfm" />
+			<test url="http://www.entrust.net/favicon.ico" />
+			<test url="http://www.entrust.net/images/new/header-white-arrow.gif" />
+			<test url="http://www.entrust.net/includes/bjqs.css" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^buy\.entrust\.net$" name="^(BIGipServer~ECS_PROD~buy\.entrust\.net\.443|JSESSIONID)$" /-->
+	<!--securecookie host="^\.go\.entrust\.net$" name="^ELOQUA$" /-->
+	<!--securecookie host="^home\.entrust\.net$" name="^BIGipServer~ECS_PROD~home\.entrust\.net\.443$" /-->
+	<!--securecookie host="^login\.entrust\.net$" name="^BIGipServer~ECS_PROD~login\.entrust\.net\.443$" /-->
+	<!--securecookie host="^managed\.entrust\.net$" name="^(BIGipServer~ECS_PROD~managed\.entrust\.net\.443|CFID|CFTOKEN|JSESSIONID)$" /-->
+
+	<securecookie host="^(?:buy|home|login|managed)\.entrust\.net$" name=".+" />
 
 
-	<rule from="^http://seal\.entrust\.net/"
-		to="https://seal.entrust.net/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Enum.ru.xml b/src/chrome/content/rules/Enum.ru.xml
new file mode 100644
index 000000000000..9cff3ac8fd9b
--- /dev/null
+++ b/src/chrome/content/rules/Enum.ru.xml
@@ -0,0 +1,9 @@
+<ruleset name="Enum.ru">
+	<target host="enum.ru" />
+	<target host="www.enum.ru" />
+	<target host="auth.enum.ru" />
+	<target host="enumdemobank.enum.ru" />
+	<target host="service.enum.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Envato-static.com.xml b/src/chrome/content/rules/Envato-static.com.xml
new file mode 100644
index 000000000000..7a445887e10d
--- /dev/null
+++ b/src/chrome/content/rules/Envato-static.com.xml
@@ -0,0 +1,27 @@
+<!--
+	For other Envato coverage, see Envato.com.xml.
+
+
+	CDN buckets:
+
+		- dmypbau5frl9g.cloudfront.net
+		- dmypbau5frl9g.cloudfront.net
+
+			- [0-3]
+
+
+	^: dropped
+
+
+	www doesn't exist.
+
+-->
+<ruleset name="Envato-static.com (partial)">
+
+	<target host="*.envato-static.com" />
+
+
+	<rule from="^http://\d\.envato-static\.com/"
+		to="https://dmypbau5frl9g.cloudfront.net/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Envato.com-problematic.xml b/src/chrome/content/rules/Envato.com-problematic.xml
new file mode 100644
index 000000000000..3da79741d17d
--- /dev/null
+++ b/src/chrome/content/rules/Envato.com-problematic.xml
@@ -0,0 +1,17 @@
+<!--
+	For rules that are on by default, see Envato.com.xml.
+
+-->
+<ruleset name="Envato.com (mismatched)" default_off="mismatched">
+
+	<target host="envato.com" />
+	<target host="www.envato.com" />
+
+
+	<securecookie host="^www\.envato\.com$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?envato\.com/"
+		to="https://www.envato.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Envato.com.xml b/src/chrome/content/rules/Envato.com.xml
new file mode 100644
index 000000000000..421662dcf2fc
--- /dev/null
+++ b/src/chrome/content/rules/Envato.com.xml
@@ -0,0 +1,50 @@
+<!--
+	For problematic rules, see Envato.com-problematic.xml.
+
+
+	Other Envato rulesets:
+
+		- Envato-static.com.xml
+
+
+	CDN buckets:
+
+		- d1ohp0h9n9u652.cloudfront.net
+
+		- d2mdw063ttlqtq.cloudfront.net
+
+			- [0-3].s3
+
+
+	Problematic subdomains:
+
+		- ^ ¹
+		- [0-3].s3 ²
+		- www ³
+
+	¹ Refused
+	² cloudfront
+	³ Works; mismatched, CN: *.herokuapp.com
+
+
+	Mixed content:
+
+		- css from fast.fonts.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Envato.com (partial)">
+
+	<target host="*.s3.envato.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.envato\.com$" name="^request_method$" /-->
+
+
+	<rule from="^http://\d\.s3\.envato\.com/"
+		to="https://d2mdw063ttlqtq.cloudfront.net/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Envirotrend-mismatches.xml b/src/chrome/content/rules/Envirotrend-mismatches.xml
index c55ef722bc95..cf8b529f4938 100644
--- a/src/chrome/content/rules/Envirotrend-mismatches.xml
+++ b/src/chrome/content/rules/Envirotrend-mismatches.xml
@@ -1,24 +1,23 @@
 <ruleset name="Envirotrend (mismatches)" default_off="expired, mismatch">
 
 	<target host="envirostyles.ca"/>
-	<target host="*.envirostyles.ca"/>
+	<target host="www.envirostyles.ca" />
 	<target host="sakittome.com"/>
 	<target host="www.sakittome.com"/>
 	<target host="svc079.wic859dp.server-web.com"/>
 
-	<rule from="^http://(www\.)?envirostyles\.ca/"
+	<rule from="^http://(?:www\.)?envirostyles\.ca/"
 		to="https://envirostyles.ca/"/>
 
-	<rule from="^http://(www\.)?sakittome\.com/"
+	<rule from="^http://(?:www\.)?sakittome\.com/"
 		to="https://sakittome.com/"/>
 
-	<rule from="^http://svc079\.wic859dp\.server-web\.com/"
-		to="https://svc079.wic859dp.server-web.com/"/>
 
 
-	<securecookie host="^\.envirostyles\.ca$" name=".*"/>
-	<securecookie host="^(www\.)?sakittome\.com$" name=".*"/>
-	<securecookie host="^svc079\.wic859dp\.server-web\.com$" name=".*"/>
+	<securecookie host="^\.envirostyles\.ca$" name=".+" />
+	<securecookie host="^(?:www\.)?sakittome\.com$" name=".+" />
+	<securecookie host="^svc079\.wic859dp\.server-web\.com$" name=".+" />
 
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Envirotrend.xml b/src/chrome/content/rules/Envirotrend.xml
index 216bfee5c9e4..60ccd420e438 100644
--- a/src/chrome/content/rules/Envirotrend.xml
+++ b/src/chrome/content/rules/Envirotrend.xml
@@ -1,11 +1,21 @@
-<ruleset name="Envirotrend (partial)" platform="mixedcontent">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://envirotrend.com.au/ => https://envirotrend.com.au/: (51, "SSL: no alternative certificate subject name matches target host name 'envirotrend.com.au'")
+Fetch error: http://www.envirotrend.com.au/ => https://envirotrend.com.au/: (51, "SSL: no alternative certificate subject name matches target host name 'envirotrend.com.au'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://envirotrend.com.au/ => https://envirotrend.com.au/: (51, "SSL: no alternative certificate subject name matches target host name 'envirotrend.com.au'")
+Fetch error: http://www.envirotrend.com.au/ => https://envirotrend.com.au/: (51, "SSL: no alternative certificate subject name matches target host name 'envirotrend.com.au'")
+-->
+<ruleset name="Envirotrend (partial)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="envirotrend.com.au"/>
 	<target host="www.envirotrend.com.au"/>
 
-	<rule from="^http://(www\.)?envirotrend\.com\.au/"
+	<rule from="^http://(?:www\.)?envirotrend\.com\.au/"
 		to="https://envirotrend.com.au/"/>
 
-	<securecookie host="^(www.)?envirotrend\.com\.au" name=".*"/>
+	<securecookie host="^(?:www.)?envirotrend\.com\.au" name=".+" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Envision-Financial.xml b/src/chrome/content/rules/Envision-Financial.xml
new file mode 100644
index 000000000000..11c10cad5330
--- /dev/null
+++ b/src/chrome/content/rules/Envision-Financial.xml
@@ -0,0 +1,17 @@
+<!--
+	Incomplete certificate chain:
+		- dashband.envisionfinancial.ca
+-->
+
+<ruleset name="Envision Financial">
+	<target host="envisionfinancial.ca" />
+	<target host="www.envisionfinancial.ca" />
+	<target host="keepingitsimple.envisionfinancial.ca" />
+	<target host="loanprep.envisionfinancial.ca" />
+	<target host="mdws.envisionfinancial.ca" />
+	<target host="refer.envisionfinancial.ca" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Envoy_Media_Group.com.xml b/src/chrome/content/rules/Envoy_Media_Group.com.xml
new file mode 100644
index 000000000000..a7d3a7e93ec8
--- /dev/null
+++ b/src/chrome/content/rules/Envoy_Media_Group.com.xml
@@ -0,0 +1,40 @@
+<!--
+	Other Envoy Media Group rulesets:
+
+		- Revstr.com.xml
+		- Sure-assist.com.xml
+
+
+	Nonfunctional hosts in *envoymediagroup.com:
+
+		- blog *
+
+	* 521
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .envoymediagroup.com
+		- www.envoymediagroup.com
+
+-->
+<ruleset name="Envoy Media Group.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="envoymediagroup.com" />
+	<target host="www.envoymediagroup.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.envoymediagroup\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+	<!--securecookie host="^www\.envoymediagroup\.com$" name="^(?:PHPSESSID|la_ht|p_ct)$" /-->
+
+	<securecookie host="^(?:www)?\.envoymediagroup\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Envoyer.io.xml b/src/chrome/content/rules/Envoyer.io.xml
new file mode 100644
index 000000000000..5c0dde166df9
--- /dev/null
+++ b/src/chrome/content/rules/Envoyer.io.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- envoyer.io
+		- www.envoyer.io
+
+-->
+<ruleset name="Envoyer.io">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="envoyer.io" />
+	<target host="www.envoyer.io" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?envoyer\.io$" name="^(?:XSRF-TOKEN|[\da-f]{32}|laravel_session)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/EoPortal.org-problematic.xml b/src/chrome/content/rules/EoPortal.org-problematic.xml
new file mode 100644
index 000000000000..db47af9612af
--- /dev/null
+++ b/src/chrome/content/rules/EoPortal.org-problematic.xml
@@ -0,0 +1,22 @@
+<!--
+	For rules that are on by default, see EoPortal.xml.
+
+
+	NB: Server sends no certificate chain, see https://whatsmychaincert.com
+
+-->
+<ruleset name="eoPortal.org (missing certificate chain)" default_off="cert-chain">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="services.eoportal.org" />
+	<target host="wiki.services.eoportal.org" />
+
+
+	<securecookie host="^wiki\.services\.eoportal\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/EoPortal.xml b/src/chrome/content/rules/EoPortal.xml
index 44e616f8c841..b073cb1b373c 100644
--- a/src/chrome/content/rules/EoPortal.xml
+++ b/src/chrome/content/rules/EoPortal.xml
@@ -1,21 +1,51 @@
 <!--
-	Nonfunctional subdomains:
+	For problematic rules, see EoPortal.org-problematic.xml.
 
-		- www	(times out)
 
+	Problematic hosts in *eoportal.org:
 
-	^eoportal.org doesn't exist.
+		- services *
+		- wiki.services *
+
+	* Server sends no certificate chain, see https://whatsmychaincert.com
+
+
+	www.eoportal.org doesn't exist.
+
+
+	These altnames don't exist:
+
+		- www.services.eoportal.org
+		- www.wiki.services.eoportal.org
+
+
+	Insecure cookies are set for these hosts:
+
+		- wiki.services.eoportal.org
 
 -->
-<ruleset name="eoPortal (partial)">
+<ruleset name="eoPortal.org (partial)">
 
+	<!--	Direct rewrites:
+				-->
+	<target host="eoportal.org" />
 	<target host="directory.eoportal.org" />
+	<target host="events.eoportal.org" />
+	<target host="images.eoportal.org" />
+	<target host="jobs.eoportal.org" />
+	<target host="news.eoportal.org" />
+	<!--target host="services.eoportal.org" /-->
+	<!--target host="wiki.services.eoportal.org" /-->
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^wiki\.services\.eoportal\.org$" name="^(?:PHPSESSID|runs_before_js_detect)$" /-->
 
-	<securecookie host="^directory\.eoportal\.org$" name=".+" />
+	<securecookie host="^wiki\.services\.eoportal\.org$" name=".+" />
 
 
-	<rule from="^http://directory\.eoportal\.org/"
-		to="https://directory.eoportal.org/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Eole-Water.xml b/src/chrome/content/rules/Eole-Water.xml
index 1b0f90373eba..fa947ef7ed23 100644
--- a/src/chrome/content/rules/Eole-Water.xml
+++ b/src/chrome/content/rules/Eole-Water.xml
@@ -5,7 +5,7 @@
 	<target host="eolewater.com"/>
 	<target host="www.eolewater.com"/>
 
-	<securecookie host="^www\.eolewater\.com$" name=".*"/>
+	<securecookie host="^www\.eolewater\.com$" name=".+" />
 
 	<rule from="^http://(?:www\.)?eolewater\.com/"
 		to="https://www.eolewater.com/"/>
diff --git a/src/chrome/content/rules/Epartnershub.com.xml b/src/chrome/content/rules/Epartnershub.com.xml
index 71fc4a6a3bf8..e493b9c4410f 100644
--- a/src/chrome/content/rules/Epartnershub.com.xml
+++ b/src/chrome/content/rules/Epartnershub.com.xml
@@ -16,4 +16,4 @@
 	<rule from="^http://(\w+)\.epartnershub\.com/(App_Themes/|Checkout/|CommonCss/|[lL]ogin\.aspx)"
 		to="https://$1.epartnershub.com/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Epek.xml b/src/chrome/content/rules/Epek.xml
index 850686405326..7d19c9ab3b41 100644
--- a/src/chrome/content/rules/Epek.xml
+++ b/src/chrome/content/rules/Epek.xml
@@ -19,10 +19,9 @@
 	<target host="signin.epek.com" />
 
 
-	<securecookie host="^signin\.epek\.com$" name=".*" />
+	<securecookie host="^signin\.epek\.com$" name=".+" />
 
 
-	<rule from="^http://signin\.epek\.com/"
-		to="https://signin.epek.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Ephotozine.com.xml b/src/chrome/content/rules/Ephotozine.com.xml
new file mode 100644
index 000000000000..0e9aa971d403
--- /dev/null
+++ b/src/chrome/content/rules/Ephotozine.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Ephotozine.com">
+	<target host="ephotozine.com" />
+	<target host="www.ephotozine.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Epic-Systems.xml b/src/chrome/content/rules/Epic-Systems.xml
index f52374fea647..3438c713eda4 100644
--- a/src/chrome/content/rules/Epic-Systems.xml
+++ b/src/chrome/content/rules/Epic-Systems.xml
@@ -1,34 +1,18 @@
-<!--
-	Nonfunctional subdomains:
-
-		- councils	(redirects to www)
-		- ugm		(redirects to www)
-
--->
-<ruleset name="Epic Systems (partial)">
+<ruleset name="Epic.com">
 
 	<target host="epic.com" />
 	<target host="*.epic.com" />
-		<exclusion pattern="^http://(www\.)?epic\.com/($|(?:about-index|contact|recognition-index|relationships-index|sitemap)\.php)" />
-
-
-	<securecookie host="^\w+\.epic\.com$" name=".*" />
-
-
-	<!--	- Homepage redirects to http
-
-		- At least these paths 404:
-
-			- about-index.php
-			- contact.php
-			- recognition-index.php
-			- relationships-index.php
-			- sitemap.php
-			-->
-	<rule from="^http://(www\.)?epic\.com/(images/|layout/)"
-		to="https://$1epic.com/$2" />
-
-	<rule from="^http://(access|eventregistration|sites|userweb)\.epic\.com/"
-		to="https://$1.epic.com/" />
+		<test url="http://access.epic.com/" />
+		<test url="http://career.epic.com/" />
+		<test url="http://councils.epic.com/" />
+		<test url="http://eventregistration.epic.com/" />
+		<test url="http://sites.epic.com/" />
+		<test url="http://ugm.epic.com/" />
+		<test url="http://userweb.epic.com/" />
+
+	<securecookie host="^\w+\.epic\.com$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Epic_Games.xml b/src/chrome/content/rules/Epic_Games.xml
index 36da364f822c..2b338029c293 100644
--- a/src/chrome/content/rules/Epic_Games.xml
+++ b/src/chrome/content/rules/Epic_Games.xml
@@ -1,6 +1,7 @@
 <!--
 	Other Epic Games rulesets:
 
+		- Fortnite.com.xml
 		- Unreal_Engine.xml
 
 
@@ -11,17 +12,83 @@
 
 	Fully covered subdomains:
 
+		- forums
 		- udn
 
+
+	Insecure cookies are set for these domains and hosts:
+
+		- forums.epicgames.com
+		- .forums.epicgames.com
+
+
+	These altnames don't exist:
+
+		- www.udn.epicgames.com
+
+
+	Mixed content;
+
+		- Images, on:
+
+			- ^ from $self *
+			- ^ from pbs.twimg.com *
+			- udn from $self *
+
+	* Secured by us
+
 -->
-<ruleset name="Epic Games (partial)">
+<ruleset name="Epic Games.com (partial)">
 
 	<target host="epicgames.com" />
-	<target host="*.epicgames.com" />
-		<exclusion pattern="^http://(?:www\.)?epicgames\.com/(?!favicon\.ico|files/|css/|img/|js/|mediaplayer/)" />
+	<target host="forums.epicgames.com" />
+	<target host="udn.epicgames.com" />
+	<target host="www.epicgames.com" />
+		<!--
+			Redirects to http:
+						-->
+		<!--exclusion pattern="^http://(www\.)?epicgames\.com/($|about/$|community/$|news-events/$|news/[\w-]+/$|store/$|support/$|technology/$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://(?:www\.)?epicgames\.com/(?!about$|favicon\.ico|files/|css/|games$|img/|js/|mediaplayer/|news-events$|support$|technology$)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://epicgames.com/about/" />
+			<test url="http://epicgames.com/community/" />
+			<test url="http://epicgames.com/events/" />
+			<test url="http://epicgames.com/events/rss" />
+			<test url="http://epicgames.com/games/" />
+			<test url="http://epicgames.com/news/" />
+			<test url="http://epicgames.com/news/highlights-from-the-xbox-and-playstation-e3-briefings" />
+			<test url="http://epicgames.com/news-events/" />
+			<test url="http://epicgames.com/store/" />
+			<test url="http://epicgames.com/support/" />
+			<test url="http://epicgames.com/technology/" />
+
+			<!--	-ve:
+					-->
+			<test url="http://epicgames.com/about" />
+			<test url="http://epicgames.com/css/all.css" />
+			<test url="http://epicgames.com/favicon.ico" />
+			<test url="http://epicgames.com/files/home/icon.epic_.png" />
+			<test url="http://epicgames.com/games" />
+			<test url="http://epicgames.com/img/mail-icon.png" />
+			<test url="http://epicgames.com/news-events" />
+			<test url="http://epicgames.com/support" />
+			<test url="http://epicgames.com/technology" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^forums\.epicgames\.com$" name="^forums-epicgames-member$" /-->
+	<!--securecookie host="^\.forums\.epicgames\.com$" name="bb_sessionhash$" /-->
+
+	<securecookie host="^\.?forums\.epicgames\.com$" name=".+" />
 
 
-	<rule from="^http://(udn\.|www\.)?epicgames\.com/"
-		to="https://$1epicgames.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Epilepsy-Foundation-America.xml b/src/chrome/content/rules/Epilepsy-Foundation-America.xml
index fe97f3944349..1169e08b6ae7 100644
--- a/src/chrome/content/rules/Epilepsy-Foundation-America.xml
+++ b/src/chrome/content/rules/Epilepsy-Foundation-America.xml
@@ -1,6 +1,16 @@
-<ruleset name="Epilepsy Foundation of America" platform="mixedcontent">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://epilepsyfoundation.org/ => https://www.epilepsyfoundation.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.epilepsyfoundation.org'")
+Fetch error: http://www.epilepsyfoundation.org/ => https://www.epilepsyfoundation.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.epilepsyfoundation.org'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://epilepsyfoundation.org/ => https://www.epilepsyfoundation.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.epilepsyfoundation.org'")
+Fetch error: http://www.epilepsyfoundation.org/ => https://www.epilepsyfoundation.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.epilepsyfoundation.org'")
+-->
+<ruleset name="Epilepsy Foundation of America" platform="mixedcontent" default_off="failed ruleset test">
 	<target host="epilepsyfoundation.org" />
 	<target host="www.epilepsyfoundation.org" />
 
 	<rule from="^http://(?:www\.)?epilepsyfoundation\.org/" to="https://www.epilepsyfoundation.org/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Epilepsy-Ontario.xml b/src/chrome/content/rules/Epilepsy-Ontario.xml
index 6b1936c57af9..2ee3a508647a 100644
--- a/src/chrome/content/rules/Epilepsy-Ontario.xml
+++ b/src/chrome/content/rules/Epilepsy-Ontario.xml
@@ -1,11 +1,17 @@
-<ruleset name="Epilepsy Ontario" platform="mixedcontent">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://epilepsyontario.org/ => https://www.epilepsyontario.org/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.epilepsyontario.org/ => https://www.epilepsyontario.org/: (60, 'SSL certificate problem: certificate has expired')
+
+Automatically by https-everywhere-checker because:
+Fetch error: http://epilepsyontario.org/ => https://www.epilepsyontario.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.epilepsyontario.org'")
+Fetch error: http://www.epilepsyontario.org/ => https://www.epilepsyontario.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.epilepsyontario.org'")
+-->
+<ruleset name="Epilepsy Ontario" platform="mixedcontent" default_off="failed ruleset test">
 	<target host="epilepsyontario.org" />
 	<target host="www.epilepsyontario.org" />
 
 	<rule from="^http://(?:www\.)?epilepsyontario\.org/" to="https://www.epilepsyontario.org/" />
 
-	<!-- Invoking https://epilepsyontario.org/ gives a certificate
-	error, so redirect https://epilepsyontario.org/ to
-	https://www.epilepsyontario.org/ -->
-	<rule from="^https://epilepsyontario\.org/" to="https://www.epilepsyontario.org/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Epix_Media.co.uk.xml b/src/chrome/content/rules/Epix_Media.co.uk.xml
new file mode 100644
index 000000000000..e6c20366b6bf
--- /dev/null
+++ b/src/chrome/content/rules/Epix_Media.co.uk.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .epixmedia.co.uk
+
+-->
+<ruleset name="Epix Media.co.uk">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="epixmedia.co.uk" />
+	<target host="www.epixmedia.co.uk" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.epixmedia\.co\.uk$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.epixmedia\.co\.uk$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Epls.gov.xml b/src/chrome/content/rules/Epls.gov.xml
deleted file mode 100644
index c5d467e66cc8..000000000000
--- a/src/chrome/content/rules/Epls.gov.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="Epls.gov">
-	<target host="epls.gov" />
-	<target host="www.epls.gov" />
-
-	<securecookie host="(^|\.)epls\.gov$" name=".+" />
-
-	<rule from="^(http://(www\.)?|(https://))epls\.gov/" to="https://www.epls.gov/" />
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/EpochStats.com.xml b/src/chrome/content/rules/EpochStats.com.xml
new file mode 100644
index 000000000000..f2644045a798
--- /dev/null
+++ b/src/chrome/content/rules/EpochStats.com.xml
@@ -0,0 +1,30 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://epochstats.com/ => https://epochstats.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.epochstats.com/ => https://www.epochstats.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	For other Epoch coverage, see Epoch.com.xml.
+
+
+	Fully covered hosts in *epochstats.com:
+
+		- (www.)?
+		- hits
+		- sales
+
+-->
+<ruleset name="EpochStats.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="epochstats.com" />
+	<target host="hits.epochstats.com" />
+	<target host="sales.epochstats.com" />
+	<target host="www.epochstats.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/EpochTimes.com.xml b/src/chrome/content/rules/EpochTimes.com.xml
new file mode 100644
index 000000000000..27b85038bfb5
--- /dev/null
+++ b/src/chrome/content/rules/EpochTimes.com.xml
@@ -0,0 +1,19 @@
+<!--
+	For other Epoch Times related rulesets, see TheEpochTimes.com.xml.
+
+	Non-functional hosts
+		SSL connect error:
+		- epochtimes.com
+		- ad.epochtimes.com
+-->
+<ruleset name="EpochTimes.com (partial)">
+	<target host="epochtimes.com" />
+	<target host="www.epochtimes.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://epochtimes\.com/"
+		to="https://www.epochtimes.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Epoch_Times.xml b/src/chrome/content/rules/Epoch_Times.xml
deleted file mode 100644
index 4630fd1af251..000000000000
--- a/src/chrome/content/rules/Epoch_Times.xml
+++ /dev/null
@@ -1,34 +0,0 @@
-<!--
-	Nonfunctional domains:
-
-		- subscribe.theepochtimes.com	(times out)
-
-
-	Problematic domains:
-
-		- ad.epochtimes.com
-			- CN: yet8.acosm.com
-
-		- (www.)theepochtimes.com
-			- CN: Epoch Times
-			- At least some pages redirect to http
-
-
--->
-<ruleset name="Epoch Times (partial)" default_off="expired, mismatched, self-signed">
-
-	<target host="ad.epochtimes.com" />
-	<target host="theepochtimes.com" />
-	<target host="www.theepochtimes.com" />
-
-
-	<securecookie host="^ad\.epochtimes\.com$" name=".+" />
-
-
-	<rule from="^http://ad\.epochtimes\.com/"
-		to="https://ad.epochtimes.com/" />
-
-	<rule from="^https?://(?:www\.)?theepochtimes\.com/n2/(images|wp-content)/"
-		to="https://www.theepochtimes.com/n2/$1/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Epoxate.com.xml b/src/chrome/content/rules/Epoxate.com.xml
index ff66f2dbdcf6..37a43994bdf8 100644
--- a/src/chrome/content/rules/Epoxate.com.xml
+++ b/src/chrome/content/rules/Epoxate.com.xml
@@ -1,16 +1,15 @@
-<!-- This rule was automatically generated based on an HSTS
-     preload rule in the Chromium browser.  See 
-     https://src.chromium.org/viewvc/chrome/trunk/src/net/base/transport_security_state.cc
-     for the list of preloads.  Sites are added to the Chromium HSTS
-     preload list on request from their administrators, so HTTPS should
-     work properly everywhere on this site.
- 
-     Because Chromium and derived browsers automatically force HTTPS for
-     every access to this site, this rule applies only to Firefox. -->
-<ruleset name="Epoxate.com" platform="firefox">
-  <target host="epoxate.com" />
 
-  <securecookie host="^epoxate\.com$" name=".+" />
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://epoxate.com/ => https://epoxate.com/: (35, 'Unknown SSL protocol error in connection to epoxate.com:443 ')
 
-  <rule from="^http://epoxate\.com/" to="https://epoxate.com/" />
+-->
+<ruleset name="Epoxate.com" default_off="failed ruleset test">
+	<target host="epoxate.com" />
+	<target host="www.epoxate.com" />
+
+	<securecookie host="^epoxate\.com$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Epsilon-Telecom.xml b/src/chrome/content/rules/Epsilon-Telecom.xml
new file mode 100644
index 000000000000..e917e39f85f6
--- /dev/null
+++ b/src/chrome/content/rules/Epsilon-Telecom.xml
@@ -0,0 +1,13 @@
+<!-- self-signed:
+		- web
+-->
+
+<ruleset name="Epsilon Telecommunications GmbH">
+
+	<target host="epsilon-telecom.de"/>
+	<target host="shop.epsilon-telecom.de"/>
+	<target host="www.epsilon-telecom.de"/>
+
+	<rule from="^http:" to="https:"/>
+
+</ruleset>
diff --git a/src/chrome/content/rules/Epson.xml b/src/chrome/content/rules/Epson.xml
index 8acc61d275d0..4c0d85430a03 100644
--- a/src/chrome/content/rules/Epson.xml
+++ b/src/chrome/content/rules/Epson.xml
@@ -1,33 +1,56 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://epson.ca/ => https://www.epson.ca/: Too many redirects while fetching 'https://www.epson.ca/'
+Fetch error: http://www.epson.ca/ => https://www.epson.ca/: Too many redirects while fetching 'https://www.epson.ca/'
+Fetch error: http://epson.com.mx/ => https://global.latin.epson.com/mx: Too many redirects while fetching 'https://global.latin.epson.com/mx'
+Fetch error: http://www.epson.com.mx/ => https://global.latin.epson.com/mx: Too many redirects while fetching 'https://global.latin.epson.com/mx'
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://epson.com.mx/ => https://global.latin.epson.com/mx: (6, 'Could not resolve host: epson.com.mx')
+Fetch error: http://www.epson.com.mx/ => https://global.latin.epson.com/mx: Redirect for 'http://www.epson.com.mx/' missing Location
 
 	Nonfunctional:
 
 		- global.epson.com	(cert: netporter.ebz.epson.net; 403)
 		- (www.)epson.jp
 
+
+	Mixed content:
+
+		- Ads/web bugs, on www.epson.com from:
+
+			- epson.112.2o7.net *
+			- www.googleadservices.com *
+
+	* Secured by us
+
 -->
-<ruleset name="Epson.com (partial)" platform="mixedcontent">
+<ruleset name="Epson.com (partial)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="epson.ca" />
 	<target host="www.epson.ca" />
 	<target host="epson.com" />
-	<target host="*.epson.com" />
-		<exclusion pattern="^http://(?:www\.)?epson\.com/cgi-bin/Store/consumer/"/>
-		<exclusion pattern="^http://(?:www\.)?epson\.com/cgi-bin/Store/jsp/Product/Photos\.do"/>
-		<!--	URLs such as http://www.epson.com/snowleopard	-->
-		<exclusion pattern="^http://(www\.)?epson\.com/([a-zA-Z][a-zA-Z\d]+){1}$"/>
+	<target host="www.epson.com" />
 	<target host="global.latin.epson.com" />
+	<target host="pos.epson.com" />
+	<target host="was.epson.com" />
+		<exclusion pattern="^http://(?:www\.)?epson\.com/cgi-bin/Store/consumer/(?!cross_sell\.jsp)"/>
+		<exclusion pattern="^http://(?:www\.)?epson\.com/cgi-bin/Store/jsp/Product/(?:Overview|Photos)\.do"/>
+		<!--	URLs such as http://www.epson.com/snowleopard	-->
+		<exclusion pattern="^http://(?:www\.)?epson\.com/(?:[a-zA-Z][a-zA-Z\d]+){1}$"/>
 	<target host="epson.com.mx" />
 	<target host="www.epson.com.mx" />
-	<target host="*.epson.jp" />
+	<target host="cform.epson.jp" />
+	<target host="shop.epson.jp" />
 
 
-	<securecookie host="^(.*\.)?epson\.c(a|om)$" name=".*" />
+	<securecookie host="^(?:.*\.)?epson\.c(?:a|om)$" name=".+" />
 
 
 	<!--	ca: cert only matches www.
 		com: !www times out.	-->
-	<rule from="^https?://(?:www\.)?epson\.c(a|om)/"
+	<rule from="^http://(?:www\.)?epson\.c(a|om)/"
 		to="https://www.epson.c$1/" />
 
 	<!--	At least some pages redirect to http.
@@ -50,7 +73,7 @@
 
 	<!--	Cert only matches global.*
 		Redirects as so.	-->
-	<rule from="^https?://(?:www\.)?epson\.com\.mx/"
+	<rule from="^http://(?:www\.)?epson\.com\.mx/"
 		to="https://global.latin.epson.com/mx" />
 
 	<rule from="^http://cform\.epson\.jp/"
diff --git a/src/chrome/content/rules/Equality_Trust.org.uk.xml b/src/chrome/content/rules/Equality_Trust.org.uk.xml
new file mode 100644
index 000000000000..d7a2a0b5f81b
--- /dev/null
+++ b/src/chrome/content/rules/Equality_Trust.org.uk.xml
@@ -0,0 +1,22 @@
+<!--
+	Mixed content:
+
+		- css from fast.fonts.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Equality Trust.org.uk">
+
+	<target host="equalitytrust.org.uk" />
+	<target host="www.equalitytrust.org.uk" />
+
+
+	<!--	Secured by server:
+					-->
+	<!--securecookie host="^\.equalitytrust\.org\.uk$" name="^SSESS[\da-f]{32}$" /-->
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Equifax.xml b/src/chrome/content/rules/Equifax.xml
new file mode 100644
index 000000000000..968e148dbb82
--- /dev/null
+++ b/src/chrome/content/rules/Equifax.xml
@@ -0,0 +1,57 @@
+<!--
+	Non-functional hosts
+		Mismatch:
+			- inform.equifax.com
+			- app.inform.equifax.com
+
+			- consumer.equifax.com
+			- www.consumer.equifax.com
+
+			- emortgage.equifax.com
+			- eport.equifax.com
+
+		Incomplete chain:
+			- help.equifax.com
+			- help-en.equifax.ca
+			- help-fr.equifax.ca
+
+		Connection timeout:
+			- emscert.equifax.com
+-->
+
+<ruleset name="Equifax">
+
+	<target host="equifax.com" />
+	<target host="www.equifax.com" />
+	<target host="www.ai.equifax.com" />
+	<target host="www.alerts.equifax.com" />
+	<target host="blog.equifax.com" />
+	<target host="aa.econsumer.equifax.com" />
+	<target host="www.econsumer.equifax.com" />
+	<target host="www.emortgage.equifax.com" />
+	<target host="www.eport.equifax.com" />
+	<target host="www.freeze.equifax.com" />
+	<target host="insight.equifax.com" />
+	<target host="investor.equifax.com" />
+	<target host="tcs.equifax.com" />
+
+	<!-- Equifax breach domains -->
+	<target host="equifaxsecurity2017.com" />
+	<target host="www.equifaxsecurity2017.com" />
+
+	<!-- Equifax Canada domains -->
+	<target host="equifax.ca" />
+	<target host="www.equifax.ca" />
+	<target host="consumer.equifax.ca" />
+	<target host="www.consumer.equifax.ca" />
+	<target host="www.econsumer.equifax.ca" />
+
+	<target host="equifaxcreditwatch.ca" />
+	<target host="www.equifaxcreditwatch.ca" />
+
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/EquifaxBreachSettlement.com.xml b/src/chrome/content/rules/EquifaxBreachSettlement.com.xml
new file mode 100644
index 000000000000..6dc80b717cc9
--- /dev/null
+++ b/src/chrome/content/rules/EquifaxBreachSettlement.com.xml
@@ -0,0 +1,17 @@
+<!--
+	Timeout:
+		email.equifaxbreachsettlement.com
+	Unable to Connect:
+		autodiscover.equifaxbreachsettlement.com
+-->
+<ruleset name="EquifaxBreachSettlement.com">
+	<target host="equifaxbreachsettlement.com" />
+	<target host="www.equifaxbreachsettlement.com" />
+	<target host="contactus.equifaxbreachsettlement.com" />
+	<target host="eligibility.equifaxbreachsettlement.com" />
+	<target host="secure.equifaxbreachsettlement.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/EquifaxCanada.xml b/src/chrome/content/rules/EquifaxCanada.xml
deleted file mode 100644
index 524359c7d4e8..000000000000
--- a/src/chrome/content/rules/EquifaxCanada.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="EquifaxCanada" default_off="Certificate mismatch">
-  <target host="*.econsumer.equifax.ca" />
-<!-- for eg. https://www.econsumer.equifax.ca/canadaotc/showmyequifax.ehtml?locale_code=en_CA -->
-  <rule from="^http://([^/:@]*)\.econsumer\.equifax\.com/" to="https://$1.econsumer.equifax.ca/"/>
-</ruleset>
-
diff --git a/src/chrome/content/rules/Equinix.com-problematic.xml b/src/chrome/content/rules/Equinix.com-problematic.xml
deleted file mode 100644
index bad89cbb300d..000000000000
--- a/src/chrome/content/rules/Equinix.com-problematic.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	For rules that are on by default, see Equinix.com.xml.
-
-
-	Fully covered subdomains
-
-		- www
-
--->
-<ruleset name="Equinix.com (problematic)" default_off="mismatched">
-
-	<target host="www.equinix.com" />
-		<!--
-			Handled in Equinix.com.xml:
-							-->
-		<!--exclusion pattern="^http://www\.equinix\.com/(img/|local/(?!new/css/ui/jquery-ui\.css)|ss/)" /-->
-
-
-	<securecookie host="^www\.equinix\.com$" name=".+" />
-
-
-	<rule from="^http://www\.equinix\.com/(?!img/|local/(?!new/css/ui/jquery-ui\.css)|ss/)"
-		to="https://www.equinix.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Equinix.com.xml b/src/chrome/content/rules/Equinix.com.xml
index ae30a3fcf16a..0e696a741034 100644
--- a/src/chrome/content/rules/Equinix.com.xml
+++ b/src/chrome/content/rules/Equinix.com.xml
@@ -1,89 +1,202 @@
 <!--
-	For problematic rules, see Equinix.com-problematic.xml.
-
-
-	CDN buckets:
-
-		- domain.equinix.com.edgesuite.net
-
-			- a90.b.akamai.net
-			- qa.mobile.equinix.com
-			- www.equinix.com
-
-
-	Nonfunctional subdomains:
-
-		- eceemarketplace *
-		- pilot.eceemarketplace *
-		- qa.mobile		(504, akamai)
-		- welcome		(dropped)
-
-	* 503, valid cert
-
-
-	Problematic subdomains:
-
-		- www	(works, akamai)
-
-
-	Partially covered subdomains:
-
-		- www *
-
-	* → akamai, avoiding user-visible paths, rest
-	  covered in Equinix.com-problematic.xml.
-
-
-	Fully covered subdomains
-
-		- ^
-		- esp.ap
-		- esp2.ap
-		- uat.eceemarketplace
-		- equinix-direct
-		- ethernetportal
-		- demo.ethernetportal
-		- pilot.ethernetportal
-		- ix
-		- pilot.ix
-		- marketplace
-		- pilot.marketplace
-		- portal
-		- mobile.portal
-		- portaltest
-		- portalpilot
-		- mobile.portalpilot
+	Non-functional subdomains:
+
+		- access	(t)
+		- ap	(s)
+		- cas.ap	(t)
+		- esp.ap	(t)
+		- esp2.ap	(t)
+		- lists.ap	(r)
+		- lyncdiscover.ap	(m)
+		- misentry.ap	(r)
+		- misentry-pri.ap	(r)
+		- misentry-sec.ap	(r)
+		- sg-exchange.ap	(s)
+		- sip.ap	(m)
+		- aplyncwebext	(s)
+		- apm-sg	(s)
+		- apps	(t)
+		- pilot.blog	(s)
+		- cdn	(m)
+		- config	(s)
+		- customerone	(s)
+		- diapi	(s)
+		- dideveloper	(s)
+		- diinvoicemapper	(r)
+		- ecc	(r)
+		- eccp	(r)
+		- ecoinfo	(r)
+		- www.equimail	(t)
+		- esd	(e)
+		- eu	(s)
+		- www.eu	(s)
+		- br1.zh1.corp.eu	(r)
+		- fa0-1-1398.br1.zh1.corp.eu	(r)
+		- equmail.eu	(t)
+		- lyncdiscover.eu	(m)
+		- mail.eu	(t)
+		- misentry-sec.eu	(t)
+		- missentry.eu	(r)
+		- rsm.eu	(s)
+		- sip.eu	(m)
+		- webconf.eu	(r)
+		- eulyncwebext	(s)
+		- ftp	(t)
+		- globalprotect-sh	(t)
+		- gms	(s)
+		- go	(r)
+		- go2	(r)
+		- gsko	(s)
+		- help	(e)
+		- ns1.hkg	(t)
+		- info	(m)
+		- info2	(m)
+		- invest	(m)
+		- investor	(m)
+		- invoicemapper	(r)
+		- ip	(t)
+		- kiwi	(r)
+		- ld4nsauth01	(t)
+		- lodestar	(s)
+		- lyncdiscover	(m)
+		- uat.marketplace	(t)
+		- mcfeely	(t)
+		- mdm	(e)
+		- media	(m)
+		- misentry	(r)
+		- misentry-sec	(r)
+		- misentryo365	(r)
+		- misentryonprem2013	(r)
+		- qa.mobile	(403)
+		- ocs-ap	(r)
+		- ocs-eu	(r)
+		- ocs-us	(r)
+		- pki	(s)
+		- www.preview-dcm	(s)
+		- www.prod-dcm	(s)
+		- qaapi	(s)
+		- qadeveloper	(r)
+		- qainvoicemapper	(s)
+		- rubidium2	(t)
+		- sandboxapi	(s)
+		- sandboxdeveloper	(s)
+		- sg1nsauth01	(t)
+		- sgw	(t)
+		- ns1.sgw	(t)
+		- ns4.sgw	(t)
+		- postman202.sgw	(t)
+		- postmantp2.sgw	(t)
+		- sip	(m)
+		- smartview-streaming	(s)
+		- uat.smartview-streaming	(r)
+		- sonusgw	(r)
+		- ssodev	(e)
+		- sv2ironport01	(r)
+		- sv2lxwebauth01	(t)
+		- taner	(t)
+		- testpartner	(m)
+		- thousandeyes	(e)
+		- uatblog	(s)
+		- uatinvoicemapper	(s)
+		- webcon-ap	(t)
+		- webmail-ch	(r)
+		- webmail-fr	(r)
+		- webmail-hk	(r)
+		- webmail-ld	(r)
+		- webmail-sg	(r)
+		- welcome	(t)
+		- autodiscover.wip	(m)
+		- blog.wip	(s)
+		- pilot.blog.wip	(s)
+		- vpn.wip	(m)
+
+	e: expired certificate
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
 
 -->
-<ruleset name="Equinix.com (partial)">
+<ruleset name="Equinix">
 
 	<target host="equinix.com" />
-	<target host="*.equinix.com" />
-		<!--
-			Avoid user-visible paths:
-							-->
-		<!--exclusion pattern="^http://www\.equinix\.com/(?!img/|local/|ss/)" /-->
-		<!--
-			Links resources relative to /:
-							-->
-		<!--exclusion pattern="^http://www\.equinix\.com/local/new/css/ui/jquery-ui\.css" /-->
-		<!--
-			These don't:
-					-->
-		<!--exclusion pattern="^http://www\.equinix\.com/local/new/css/(?!home|layout|print|v2/callout_boxes|v2/home)\.css" /-->
-
-
-	<!--	Tracking cookies:
-					-->
-	<securecookie host="^\.equinix\.com$" name="^_(?:mkto_trk|_utm\w)$" />
-	<!--securecookie host="^((esp2?\.ap|uat\.eceemarketplace|equinix-direct|(demo\.|pilot\.)?ethernetportal|(pilot\.)?ix|(pilot\.)?marketplace|(mobile\.)?portal|(mobile\.)?portalpilot|portaltest)\.)?equinix\.com$" name=".+" /-->
-	<securecookie host="^(?:.+\.)?equinix\.com$" name=".+" />
-
-
-	<rule from="^http://((?:esp2?\.ap|uat\.eceemarketplace|equinix-direct|(?:demo\.|pilot\.)?ethernetportal|(?:pilot\.)?(?:ix|marketplace)|(?:mobile\.)?portal(?:pilot)?|portaltest)\.)?equinix\.com/"
-		to="https://$1equinix.com/" />
-
-	<rule from="^http://www\.equinix\.com/(?=img/|local/(?!new/css/ui/jquery-ui\.css)|ss/)"
-		to="https://a248.e.akamai.net/f/90/7583/3h/www.equinix.com/" />
-
-</ruleset>
\ No newline at end of file
+	<target host="www.equinix.com" />
+	<target host="autodiscover.ap.equinix.com" />
+	<target host="api.equinix.com" />
+	<target host="autodiscover.equinix.com" />
+	<target host="bg.equinix.com" />
+	<target host="blog.equinix.com" />
+	<target host="cloudexchangeportal.equinix.com" />
+	<target host="developer.equinix.com" />
+	<target host="disalesappapi.equinix.com" />
+	<target host="ecx-resources.equinix.com" />
+	<target host="equimail.equinix.com" />
+	<target host="autodiscover.eu.equinix.com" />
+	<target host="forum.equinix.com" />
+	<target host="globalprotect.equinix.com" />
+	<target host="globalprotect-ch.equinix.com" />
+	<target host="globalprotect-dc.equinix.com" />
+	<target host="globalprotect-fr.equinix.com" />
+	<target host="globalprotect-gv.equinix.com" />
+	<target host="globalprotect-ld.equinix.com" />
+	<target host="globalprotect-me.equinix.com" />
+	<target host="globalprotect-os.equinix.com" />
+	<target host="globalprotect-pa.equinix.com" />
+	<target host="globalprotect-sg.equinix.com" />
+	<target host="globalprotect-sv.equinix.com" />
+	<target host="globaluatcxp.equinix.com" />
+	<target host="identity.equinix.com" />
+	<target host="test.identity.equinix.com" />
+	<target host="ix.equinix.com" />
+	<target host="marketplace.equinix.com" />
+	<target host="test.mkp.equinix.com" />
+	<target host="monitoring.equinix.com" />
+	<target host="myapps.equinix.com" />
+	<target host="myapps-ch.equinix.com" />
+	<target host="owamail.equinix.com" />
+	<target host="partnercentral.equinix.com" />
+	<target host="partnerdirectory.equinix.com" />
+	<target host="portal.equinix.com" />
+	<target host="mobile.portal.equinix.com" />
+	<target host="portalpilot.equinix.com" />
+	<target host="mobile.portalpilot.equinix.com" />
+	<target host="portaltest.equinix.com" />
+	<target host="mobile.portaltest.equinix.com" />
+	<target host="portaluatb.equinix.com" />
+	<target host="qasalesappapi.equinix.com" />
+	<target host="salesappapi.equinix.com" />
+	<target host="siebelopenui.equinix.com" />
+	<target host="uat.smartview.equinix.com" />
+	<target host="sso.equinix.com" />
+	<target host="www.staging-dcm.equinix.com" />
+	<target host="tr.equinix.com" />
+	<target host="uatapi.equinix.com" />
+	<target host="uatcloudexchangeportal.equinix.com" />
+	<target host="uatdeveloper.equinix.com" />
+	<target host="uatsalesappapi.equinix.com" />
+	<target host="vip.equinix.com" />
+	<target host="vipregister.equinix.com" />
+	<target host="vpn.equinix.com" />
+	<target host="vpn-am.equinix.com" />
+	<target host="vpn-ap.equinix.com" />
+	<target host="vpn-ch.equinix.com" />
+	<target host="vpn-eu.equinix.com" />
+	<target host="vpn-fr.equinix.com" />
+	<target host="vpn-hk.equinix.com" />
+	<target host="vpn-ld.equinix.com" />
+	<target host="vpn-sg.equinix.com" />
+	<target host="vpn-sv.equinix.com" />
+	<target host="vpn-sy.equinix.com" />
+	<target host="vpn-ty.equinix.com" />
+	<target host="webmail.equinix.com" />
+	<target host="webmail-sv.equinix.com" />
+	<target host="www.workbench.equinix.com" />
+	<target host="www.test.workbench.equinix.com" />
+
+  	<securecookie host="^www\.equinix\.com$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Equip.org.xml b/src/chrome/content/rules/Equip.org.xml
new file mode 100644
index 000000000000..4d4d2b25aeab
--- /dev/null
+++ b/src/chrome/content/rules/Equip.org.xml
@@ -0,0 +1,15 @@
+<ruleset name="Equip.org (partial)">
+
+	<target host="equip.org" />
+	<target host="www.equip.org" />
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="^http://(www\.)?equip\.org/+($|\?|connect/|favicon\.ico)" /-->
+		<!--exclusion pattern="^http://(www\.)?equip\.org/+(?!wp-content/|wp-includes/)" /-->
+
+
+	<rule from="^http://(www\.)?equip\.org/wp-(?=content/|includes/)"
+		to="https://$1equip.org/wp-" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Equity.xml b/src/chrome/content/rules/Equity.xml
index 47c6cb82e5fb..a8a30c1e8597 100644
--- a/src/chrome/content/rules/Equity.xml
+++ b/src/chrome/content/rules/Equity.xml
@@ -9,7 +9,6 @@
 
 	<!--	Cert only matches www.
 					-->
-	<rule from="^https?://(?:www\.)?equity\.org\.uk/"
-		to="https://www.equity.org.uk/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/EquityZen.com.xml b/src/chrome/content/rules/EquityZen.com.xml
new file mode 100644
index 000000000000..720bb409ebce
--- /dev/null
+++ b/src/chrome/content/rules/EquityZen.com.xml
@@ -0,0 +1,22 @@
+<!--
+	Fully covered hosts in *equityzen.com:
+
+		- (www.)?
+		- dev
+		- staging
+
+-->
+<ruleset name="EquityZen.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="equityzen.com" />
+	<target host="dev.equityzen.com" />
+	<target host="staging.equityzen.com" />
+	<target host="www.equityzen.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ercpe.de.xml b/src/chrome/content/rules/Ercpe.de.xml
new file mode 100644
index 000000000000..9011164a943a
--- /dev/null
+++ b/src/chrome/content/rules/Ercpe.de.xml
@@ -0,0 +1,12 @@
+<ruleset name="ercpe.de">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ercpe.de" />
+	<target host="www.ercpe.de" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Erdgeist.xml b/src/chrome/content/rules/Erdgeist.xml
index 3d7346c93e88..b5bba8836f2d 100644
--- a/src/chrome/content/rules/Erdgeist.xml
+++ b/src/chrome/content/rules/Erdgeist.xml
@@ -1,10 +1,10 @@
-<ruleset name="erdgeist">
+<ruleset name="erdgeist.org">
 
 	<target host="erdgeist.org" />
 	<target host="www.erdgeist.org" />
 
 
-	<rule from="^http://(www\.)?erdgeist\.org/"
-		to="https://$1erdgeist.org/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Ergon.ch.xml b/src/chrome/content/rules/Ergon.ch.xml
new file mode 100644
index 000000000000..f3aa7f93efd7
--- /dev/null
+++ b/src/chrome/content/rules/Ergon.ch.xml
@@ -0,0 +1,17 @@
+<ruleset name="Eregon.ch">
+
+	<target host="ergon.ch" />
+	<target host="secure.ergon.ch" />
+	<target host="techzone.ergon.ch" />
+	<target host="www.ergon.ch" />
+
+
+	<!--	Secured by server:
+					-->
+	<!--securecookie host="^\.ergon\.ch$" name="^SES_SESS-S$" /-->
+	<!--securecookie host="^techzone\.ergon\.ch$" name="^AL_SESS-S$" /-->
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ErgotechGroup.com.xml b/src/chrome/content/rules/ErgotechGroup.com.xml
new file mode 100644
index 000000000000..8467573cdf7b
--- /dev/null
+++ b/src/chrome/content/rules/ErgotechGroup.com.xml
@@ -0,0 +1,19 @@
+<!--
+	Connection closed:
+		- blog.ergotechgroup.com
+		- webmail.ergotechgroup.com
+
+	Invalid certificate:
+		- autodiscover.ergotechgroup.com
+-->
+
+<ruleset name="ErgotechGroup.com">
+	<target host="ergotechgroup.com" />
+	<target host="www.ergotechgroup.com" />
+	<target host="cpanel.ergotechgroup.com" />
+	<target host="mail.ergotechgroup.com" />
+	<target host="shop.ergotechgroup.com" />
+	<target host="webdisk.ergotechgroup.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Erhvervsstyrelsen.dk.xml b/src/chrome/content/rules/Erhvervsstyrelsen.dk.xml
new file mode 100644
index 000000000000..13c0a585b9dc
--- /dev/null
+++ b/src/chrome/content/rules/Erhvervsstyrelsen.dk.xml
@@ -0,0 +1,12 @@
+<ruleset name="Erhvervsstyrelsen.dk">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="erhvervsstyrelsen.dk" />
+	<target host="www.erhvervsstyrelsen.dk" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Eric_W.us.xml b/src/chrome/content/rules/Eric_W.us.xml
new file mode 100644
index 000000000000..4100793da90a
--- /dev/null
+++ b/src/chrome/content/rules/Eric_W.us.xml
@@ -0,0 +1,9 @@
+<ruleset name="Eric W.us">
+
+	<target host="ericw.us" />
+	<target host="www.ericw.us" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ericsson.xml b/src/chrome/content/rules/Ericsson.xml
index d06d5646e79a..4ea71cf265d5 100644
--- a/src/chrome/content/rules/Ericsson.xml
+++ b/src/chrome/content/rules/Ericsson.xml
@@ -1,16 +1,21 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://webtrends-lb.ericsson.net/ => https://webtrends-lb.ericsson.net/: (28, 'Connection timed out after 20001 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://webtrends-lb.ericsson.net/ => https://webtrends-lb.ericsson.net/: (7, 'Failed to connect to webtrends-lb.ericsson.net port 80: No route to host')
 	Nonfunctional subdomains:
 
 		- ^
 		- www	(redirects to http, akamai)
 
 -->
-<ruleset name="Ericsson (partial)">
+<ruleset name="Ericsson (partial)" default_off="failed ruleset test">
 
 	<target host="webtrends-lb.ericsson.net" />
 
 
-	<rule from="^http://webtrends-lb\.ericsson\.net/"
-		to="https://webtrends-lb.ericsson.net/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Erinn.org.xml b/src/chrome/content/rules/Erinn.org.xml
new file mode 100644
index 000000000000..858811abd2c1
--- /dev/null
+++ b/src/chrome/content/rules/Erinn.org.xml
@@ -0,0 +1,19 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://erinn.org/ => https://erinn.org/: (7, 'Failed to connect to erinn.org port 443: Connection refused')
+Fetch error: http://www.erinn.org/ => https://www.erinn.org/: (7, 'Failed to connect to www.erinn.org port 443: Connection refused')
+
+-->
+<ruleset name="erinn.org" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="erinn.org" />
+	<target host="www.erinn.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Erlang.org.xml b/src/chrome/content/rules/Erlang.org.xml
new file mode 100644
index 000000000000..0a9b5a904d85
--- /dev/null
+++ b/src/chrome/content/rules/Erlang.org.xml
@@ -0,0 +1,22 @@
+<!--
+	Timeout:
+		- rsync1.erlang.org
+		- svn.erlang.org
+		- svn1.erlang.org
+		- www1.erlang.org
+
+	Mismatched:
+		- hel.erlang.org
+		- rsync.erlang.org
+		- rsync2.erlang.org
+-->
+<ruleset name="Erlang.org">
+	<target host="erlang.org" />
+	<target host="www.erlang.org" />
+	<target host="admin.erlang.org" />
+	<target host="blog.erlang.org" />
+	<target host="bugs.erlang.org" />
+	<target host="www2.erlang.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Erlang.xml b/src/chrome/content/rules/Erlang.xml
deleted file mode 100644
index 29a58d66f481..000000000000
--- a/src/chrome/content/rules/Erlang.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<ruleset name="Erlang (partial)" default_off="expired, mismatch">
-
-	<!--	Cert: demo.erlang.org	-->
-	<target host="erlang.org" />
-	<target host="www.erlang.org" />
-
-
-	<!--	- !www times out
-		- At least some pages 302 to http
-					-->
-	<rule from="^https://(?:www\.)?erlang\.org/(\w+\.css$|images/|upload/)"
-		to="https://www.erlang.org/$1" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Ernst-and-Young.xml b/src/chrome/content/rules/Ernst-and-Young.xml
index 9e38fbd6f5f0..011397d7e8de 100644
--- a/src/chrome/content/rules/Ernst-and-Young.xml
+++ b/src/chrome/content/rules/Ernst-and-Young.xml
@@ -7,14 +7,17 @@
 <ruleset name="Ernst &amp; Young (partial)">
 
 	<target host="ey.com" />
-	<target host="*.ey.com" />
+	<target host="webforms.ey.com" />
+	<target host="www.ey.com" />
+	<target host="clientportal.ey.com" />
+	<target host="eyonline.ey.com" />
 
 
 	<!--	Note that if www were to become different
 		from webforms, we may need not to handle
 		cross-domain cookies.
 					-->
-	<securecookie host="^.*\.ey\.com$" name=".*" />
+	<securecookie host="^.*\.ey\.com$" name=".+" />
 
 
 	<!--	- Cert only matches webforms
@@ -23,7 +26,6 @@
 	<rule from="^http://(?:webforms\.|www\.)?ey\.com/"
 		to="https://webforms.ey.com/" />
 
-	<rule from="^http://(clientportal|eyonline)\.ey\.com/"
-		to="https://$1.ey.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Ero-advertising.com.xml b/src/chrome/content/rules/Ero-advertising.com.xml
new file mode 100644
index 000000000000..dec1a860479e
--- /dev/null
+++ b/src/chrome/content/rules/Ero-advertising.com.xml
@@ -0,0 +1,35 @@
+<!--
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- ero-advertising.com
+		- .ero-advertising.com
+		- userpanel.ero-advertising.com
+		- www.ero-advertising.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Ero-Advertising.com">
+
+	<target host="ero-advertising.com" />
+	<target host="adspaces.ero-advertising.com" />
+	<target host="banners.ero-advertising.com" />
+	<target host="data.ero-advertising.com" />
+	<target host="speedclicks.ero-advertising.com" />
+	<target host="userpanel.ero-advertising.com" />
+	<target host="www.ero-advertising.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?ero-advertising\.com$" name="^session$" /-->
+	<!--securecookie host="^\.ero-advertising\.com$" name="^(?:spcheck|uvid)$" /-->
+	<!--securecookie host="^userpanel\.ero-advertising\.com$" name="^eroads_userpanel_session_native$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Eroakirkosta.fi.xml b/src/chrome/content/rules/Eroakirkosta.fi.xml
index 517f605d8579..11d408e1771e 100644
--- a/src/chrome/content/rules/Eroakirkosta.fi.xml
+++ b/src/chrome/content/rules/Eroakirkosta.fi.xml
@@ -3,7 +3,6 @@
 	<target host="eroakirkosta.fi" />
 	<target host="www.eroakirkosta.fi" />
 
-	<rule from="^http://(www\.)?eroakirkosta\.fi/"
-		to="https://$1eroakirkosta.fi/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Erooups.xml b/src/chrome/content/rules/Erooups.xml
index 8002369d8547..b1db44418ebc 100644
--- a/src/chrome/content/rules/Erooups.xml
+++ b/src/chrome/content/rules/Erooups.xml
@@ -1,19 +1,14 @@
-<!--
-	Nonfunctional subdomains:
-
-		- content
-
--->
-<ruleset name="Erooups" default_off="Invalid certificate" platform="mixedcontent">
+<ruleset name="Erooups.com" default_off="shows default page">
 
 	<target host="erooups.com" />
+	<target host="content.erooups.com" />
 	<target host="www.erooups.com" />
 
 
-	<securecookie host="^erooups\.com$" name=".+" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?erooups\.com/"
-		to="https://erooups.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Erowid.xml b/src/chrome/content/rules/Erowid.xml
index 75230e8ad0cf..f94f3c8db3d0 100644
--- a/src/chrome/content/rules/Erowid.xml
+++ b/src/chrome/content/rules/Erowid.xml
@@ -5,7 +5,7 @@
   <target host="*.www.erowid.org" />
   <target host="erowid.org" />
 
-	<securecookie host="^\.www\.erowid\.org$" name=".*"/>
+	<securecookie host="^\.www\.erowid\.org$" name=".+" />
 
   <rule from="^http://(?:www\.)?erowid\.(?:com|org)/" to="https://www.erowid.org/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/Errorception.com.xml b/src/chrome/content/rules/Errorception.com.xml
new file mode 100644
index 000000000000..aec587a11c90
--- /dev/null
+++ b/src/chrome/content/rules/Errorception.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="Errorception.com">
+
+	<target host="errorception.com" />
+	<target host="www.errorception.com" />
+
+	<!--	refused
+	target host="blog.errorception.com" /
+					-->
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Es.gy-problematic.xml b/src/chrome/content/rules/Es.gy-problematic.xml
new file mode 100644
index 000000000000..edffc0c0d939
--- /dev/null
+++ b/src/chrome/content/rules/Es.gy-problematic.xml
@@ -0,0 +1,16 @@
+<!--
+	For rules that are on by default, see Es.gy.xml.
+
+-->
+<ruleset name="es.gy (expired)" default_off="expired">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="es.gy" />
+	<target host="www.es.gy" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Es.gy.xml b/src/chrome/content/rules/Es.gy.xml
new file mode 100644
index 000000000000..0601cf3aba0a
--- /dev/null
+++ b/src/chrome/content/rules/Es.gy.xml
@@ -0,0 +1,31 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://bbs.es.gy/ => https://bbs.es.gy/: (51, "SSL: no alternative certificate subject name matches target host name 'bbs.es.gy'")
+
+	For problematic rules, see Es.gy-problematic.xml.
+
+
+	(www.)?: Expired
+
+-->
+<ruleset name="es.gy (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<!--target host="es.gy" /-->
+	<target host="bbs.es.gy" />
+	<!--target host="www.es.gy" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^bbs\.es\.gy$" name="^_forum_session$" /-->
+
+	<securecookie host="^bbs\.es\.gy$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Escrow.com.xml b/src/chrome/content/rules/Escrow.com.xml
new file mode 100644
index 000000000000..c98fb8e113bd
--- /dev/null
+++ b/src/chrome/content/rules/Escrow.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .escrow.com
+
+-->
+<ruleset name="Escrow.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="escrow.com" />
+	<target host="secureapi.escrow.com" />
+	<target host="www.escrow.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.escrow\.com$" name="^__qca$" /-->
+
+	<securecookie host="^\.escrow\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Escrow_Live.net.xml b/src/chrome/content/rules/Escrow_Live.net.xml
new file mode 100644
index 000000000000..cfa3e4145e0c
--- /dev/null
+++ b/src/chrome/content/rules/Escrow_Live.net.xml
@@ -0,0 +1,33 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.escrowlive.net/ => https://www.escrowlive.net/: (7, 'Failed to connect to www.escrowlive.net port 443: Connection refused')
+
+	For other NCC Group coverage, see NCC_Group.com.xml.
+
+
+	^: refused
+
+-->
+<ruleset name="Escrow Live.net" default_off="failed ruleset test">
+
+	<target host="escrowlive.net" />
+	<target host="www.escrowlive.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.escrowlive\.net$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^www\.escrowlive\.net$" name=".+" />
+
+
+	<!--	Redirect drops path but not args:
+							-->
+	<rule from="^http://escrowlive\.net/[^?]*"
+		to="https://www.nccgroup.com/services/software-escrow-services.aspx" />
+
+	<rule from="^http://www\.escrowlive\.net/"
+		to="https://www.escrowlive.net/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Eseeky.com.xml b/src/chrome/content/rules/Eseeky.com.xml
deleted file mode 100644
index 8ea360c1fa2e..000000000000
--- a/src/chrome/content/rules/Eseeky.com.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="eseeky.com">
-
-	<target host="eseeky.com" />
-	<target host="*.eseeky.com" />
-
-
-	<securecookie host="^(?:w*\.)?eseeky\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?eseeky\.com/"
-		to="https://$1eseeky.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Esellerate.net.xml b/src/chrome/content/rules/Esellerate.net.xml
new file mode 100644
index 000000000000..a5e2abd43406
--- /dev/null
+++ b/src/chrome/content/rules/Esellerate.net.xml
@@ -0,0 +1,57 @@
+<!--
+	For other Digital River coverage, see Digital-River.xml.
+
+
+	Problematic hosts in *esellerate.net:
+
+		- shopper *
+		- support *
+
+	* Mismatched
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .esellerate.net
+		- affiliates.esellerate.net
+		- shopper.esellerate.net
+		- store1.esellerate.net
+		- store2.esellerate.net
+		- store5.esellerate.net
+		- store6.esellerate.net
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- shopper from $self
+			- shopper from support.esellerate.net
+			- shopper from d1.parature.com
+
+-->
+<ruleset name="Esellerate.net (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="esellerate.net" />
+	<target host="activate.esellerate.net" />
+	<target host="affiliates.esellerate.net" />
+	<target host="help.esellerate.net" />
+	<target host="publishers.esellerate.net" />
+	<target host="store.esellerate.net" />
+	<target host="store1.esellerate.net" />
+	<target host="store2.esellerate.net" />
+	<target host="store3.esellerate.net" />
+	<target host="store5.esellerate.net" />
+	<target host="store6.esellerate.net" />
+	<target host="www.esellerate.net" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Eset.xml b/src/chrome/content/rules/Eset.xml
index 83667f1540a7..52385a58138a 100644
--- a/src/chrome/content/rules/Eset.xml
+++ b/src/chrome/content/rules/Eset.xml
@@ -1,7 +1,12 @@
 <!--
 	Other ESET rulesets:
 
+		- ESET.at.xml
+		- ESET.co.uk.xml
+		- ESET.de.xml
 		- ESET_NOD32.xml
+		- ESET_static.com.xml
+		- Sicontact.at.xml
 
 
 	CDN buckets:
@@ -11,13 +16,12 @@
 
 	Nonfunctional domains:
 
-		- (www.)eset.co.uk *
-
-		- eset.com subdomains:
+		- in *eset.com:
 
 			- cart
 			- download *
-			- shop *
+			- support *
+			- webfilter *
 
 		- (www.)virusradar.com *
 		- (www.)welivesecurity.com *
@@ -25,71 +29,65 @@
 	* Times out
 
 
-	Problematic domains:
-
-		- (www.)eset.at *
-		- (www.)eset.de		(redirects to http, valid cert)
-		- sicontact.at *
-
-	* Cert only matches www.sicontact.at
-
+	Problematic hosts in *eset.com:
 
-	Partially covered domains:
+		- blog *
+		- kb * **
 
-		- blog.eset.com *
-		- kb.eset.com *
+	* Server sends no certificate chain, see https://whatsmychaincert.com
+	** Expired
 
-	* At least some pages redirect to http
 
+	These altnames don't exist:
 
-	Fully covered domains:
+		- www.kb.eset.com
 
-		- shop.eset.co.uk
-		- (www.)eset.at			(→ www.sicontact.at)
 
-		- eset.com subdomains:
+	Insecure cookies are set for these domains and hosts:
 
-			- (www.)
-			- go
-			- my
-
-		- static\d.esetstatic.com
-		- www.esetstatic.com
-		- (www.)sicontact.at		(^ → www)
+		- forum.eset.com
+		- shop.eset.com
+		- .shop.eset.com
 
 -->
-<ruleset name="ESET (partial)">
-
-	<target host="eset.*" />
-	<target host="www.eset.*" />
-	<target host="shop.eset.co.uk" />
-	<target host="eset.com" />
-	<target host="*.eset.com" />
-		<exclusion pattern="^http://blog\.eset\.com/(?!wp-content/)" />
-		<exclusion pattern="^http://kb\.eset\.com/(?!esetkb/a(?:pp|sset)s/)" />
-	<target host="*.esetstatic.com" />
-	<target host="sicontact.at" />
-	<target host="*.sicontact.at" />
-
-
-	<securecookie host="^shop\.eset\.co\.uk$" name=".+" />
-	<securecookie host="^(?:go|my)\.eset\.com$" name=".+" />
-	<securecookie host="^\.www\.sicontact\.at$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?(?:ese|sicontac)t\.at/"
-		to="https://www.sicontact.at/" />
-
-	<rule from="^http://shop\.eset\.co\.uk/"
-		to="https://shop.eset.co.uk/" />
-
-	<rule from="^http://((?:blog|go|kb|my|www)\.)?eset\.com/"
-		to="https://$1eset.com/" />
-
-	<rule from="^http://(static\d|www)\.esetstatic\.com/"
-		to="https://$1.esetstatic.com/" />
-
-	<rule from="^http://(?:www\.)?eset\.de/(\?.*)?$"
-		to="https://www.eset.com/de$1" />
-
-</ruleset>
\ No newline at end of file
+<ruleset name="ESET.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<!--<target host="eset.com" /> page redirected on server side, and this breaks ESET Banking and Payment protection -->
+	<target host="anti-theft.eset.com" />
+	<!--target host="blog.eset.com" /-->
+	<target host="help.eset.com" />
+	<target host="ela.eset.com" />
+	<target host="eshop.eset.com" />
+	<target host="forum.eset.com" />
+	<target host="go.eset.com" />
+	<!--target host="kb.eset.com" /-->
+	<target host="my.eset.com" />
+	<target host="login.eset.com" />
+	<target host="parentalcontrol.eset.com" />
+	<target host="shop.eset.com" />
+	<target host="socialmediascanner.eset.com" />
+	<target host="www.eset.com" />
+
+		<!--exclusion pattern="^http://kb\.eset\.com/(?!esetkb/a(?:pp|sset)s/)" /-->
+
+			<!--	-ve:
+					-->
+			<!--test url="http://kb.eset.com/esetkb/assets/2015012901/split/images/logo-bottom.png" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^forum\.eset\.com$" name="^session_id$" /-->
+	<!--securecookie host="^shop\.eset\.com$" name="^JSESSIONID$" /-->
+	<!--securecookie host="^\.shop\.eset\.com$" name="^(NLShopperId|NlVisitorId)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+	<securecookie host="^\.shop\.eset\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Eskimi.com.xml b/src/chrome/content/rules/Eskimi.com.xml
new file mode 100644
index 000000000000..8ba81c79eff0
--- /dev/null
+++ b/src/chrome/content/rules/Eskimi.com.xml
@@ -0,0 +1,33 @@
+<!--
+	Nonfunctional hosts in *.eskimi.com:
+		- business.eskimi.com (m)
+		- games.eskimi.com (m)
+		- music.eskimi.com (r)
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+
+	Wildcard DNS and cert. Users get their own subdomain.
+-->
+<ruleset name="Eskimi.com">
+	<target host="eskimi.com" />
+	<target host="*.eskimi.com" />
+
+	<test url="http://www.eskimi.com/" />
+	<test url="http://bar.eskimi.com/" />
+	<test url="http://ecc.eskimi.com/" />
+	<test url="http://foo.eskimi.com/" />
+	<test url="http://m.eskimi.com/" />
+
+	<exclusion pattern="http://business\.eskimi\.com/" />
+	<exclusion pattern="http://games\.eskimi\.com/" />
+	<exclusion pattern="http://music\.eskimi\.com/" />
+	<test url="http://business.eskimi.com/" />
+	<test url="http://games.eskimi.com/" />
+	<test url="http://music.eskimi.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Esolangs.org.xml b/src/chrome/content/rules/Esolangs.org.xml
new file mode 100644
index 000000000000..e535418108e5
--- /dev/null
+++ b/src/chrome/content/rules/Esolangs.org.xml
@@ -0,0 +1,9 @@
+<ruleset name="Esolangs.org">
+        <target host="esolangs.org" />
+        <target host="www.esolangs.org" />
+
+        <rule from="^http:"
+                to="https:" />
+
+        <securecookie host="^(?:www\.)?esolangs\.org$" name=".+" />
+</ruleset>
diff --git a/src/chrome/content/rules/Espacejeux.xml b/src/chrome/content/rules/Espacejeux.xml
index 9dea3f6d25e5..280d327e4a84 100644
--- a/src/chrome/content/rules/Espacejeux.xml
+++ b/src/chrome/content/rules/Espacejeux.xml
@@ -1,7 +1,6 @@
 <ruleset name="espacejeux">
   <target host="www.espacejeux.com"/>
   <target host="espacejeux.com"/>
-  <rule from="^http://(www\.)?espacejeux\.com/" 
-          to="https://www.espacejeux.com/"/>
-  <securecookie host="^(.*\.)?espacejeux\.com$" name=".*"/>
+  <rule from="^http:" to="https:" />
+  <securecookie host=".+" name=".+" />
 </ruleset>
diff --git a/src/chrome/content/rules/EspagnolFacile.com.xml b/src/chrome/content/rules/EspagnolFacile.com.xml
new file mode 100644
index 000000000000..cd3dab2cc798
--- /dev/null
+++ b/src/chrome/content/rules/EspagnolFacile.com.xml
@@ -0,0 +1,11 @@
+<!--
+	See for related rulesets: FrancaisFacile.com.xml
+-->
+<ruleset name="EspagnolFacile.com">
+	<target host="espagnolfacile.com" />
+	<target host="www.espagnolfacile.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Esper.net.xml b/src/chrome/content/rules/Esper.net.xml
new file mode 100644
index 000000000000..7f59dfd5165f
--- /dev/null
+++ b/src/chrome/content/rules/Esper.net.xml
@@ -0,0 +1,9 @@
+<ruleset name="Esper.net">
+
+	<target host="esper.net" />
+	<target host="www.esper.net" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Espionage_app.com.xml b/src/chrome/content/rules/Espionage_app.com.xml
new file mode 100644
index 000000000000..948a72e11dca
--- /dev/null
+++ b/src/chrome/content/rules/Espionage_app.com.xml
@@ -0,0 +1,13 @@
+<!--
+	For other Tao Effect rulesets, see Tao_Effect.com.xml.
+-->
+<ruleset name="Espionage app.com">
+
+	<target host="espionageapp.com" />
+	<target host="www.espionageapp.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Espra.com.xml b/src/chrome/content/rules/Espra.com.xml
deleted file mode 100644
index 1e0a3331dbe2..000000000000
--- a/src/chrome/content/rules/Espra.com.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!-- This rule was automatically generated based on an HSTS
-     preload rule in the Chromium browser.  See
-     https://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.h
-     for the list of preloads.  Sites are added to the Chromium HSTS
-     preload list on request from their administrators, so HTTPS should
-     work properly everywhere on this site.
-
-     Because Chromium and derived browsers automatically force HTTPS for
-     every access to this site, this rule applies only to Firefox. -->
-<ruleset name="Espra.com" platform="firefox">
-<target host="espra.com" />
-
-<securecookie host="^espra\.com$" name=".+" />
-
-<rule from="^http://espra\.com/" to="https://espra.com/" />
-</ruleset>
diff --git a/src/chrome/content/rules/EspressoBin.net.xml b/src/chrome/content/rules/EspressoBin.net.xml
new file mode 100644
index 000000000000..bff5b643eba5
--- /dev/null
+++ b/src/chrome/content/rules/EspressoBin.net.xml
@@ -0,0 +1,11 @@
+<!--
+	Invalid certificate:
+		- wiki.espressobin.net
+-->
+
+<ruleset name="EspressoBin.net">
+	<target host="espressobin.net" />
+	<target host="www.espressobin.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Esri.xml b/src/chrome/content/rules/Esri.xml
index 3174fa2db02e..fa86e0a9d1e7 100644
--- a/src/chrome/content/rules/Esri.xml
+++ b/src/chrome/content/rules/Esri.xml
@@ -52,7 +52,20 @@
 -->
 <ruleset name="Esri (partial)">
 
-	<target host="*.esri.com" />
+	<target host="autodiscover.esri.com" />
+	<target host="customers.esri.com" />
+	<target host="ecasapi.esri.com" />
+	<target host="esribc.esri.com" />
+	<target host="esriwd.esri.com" />
+	<target host="events.esri.com" />
+	<target host="legacy.esri.com" />
+	<target host="promos.esri.com" />
+	<target host="redowa.esri.com" />
+	<target host="rss.esri.com" />
+	<target host="service.esri.com" />
+	<target host="training.esri.com" />
+	<target host="uel.esri.com" />
+	<target host="webaccounts.esri.com" />
 	<target host="myesri.com" />
 	<target host="www.myesri.com" />
 
@@ -61,10 +74,9 @@
 	<securecookie host="^(?:customers|ecasapi|esribc|events|redowa|training)\.esri\.com$" name=".+" />
 
 
-	<rule from="^http://(autodiscover|customers|ecasapi|esribc|esriwd|events|legacy|promos|redowa|rss|service|training|uel|webaccounts)\.esri\.com/"
-		to="https://$1.esri.com/" />
 
 	<rule from="^http://(?:www\.)?myesri\.com/"
 		to="https://myesri.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/EssaysReasy.xml b/src/chrome/content/rules/EssaysReasy.xml
index c87841269e5e..94b65b0303b0 100644
--- a/src/chrome/content/rules/EssaysReasy.xml
+++ b/src/chrome/content/rules/EssaysReasy.xml
@@ -1,11 +1,11 @@
-<ruleset name="essaysReasy.net" default_off="mismatch">
+<ruleset name="essaysReasy.net" default_off="mismatched">
 
 	<target host="essaysreasy.com"/>
 	<target host="www.essaysreasy.com"/>
 	<target host="essaysreasy.net"/>
 	<target host="www.essaysreasy.net"/>
 
-	<securecookie host="^essaysreasy\.net$" name=".*"/>
+	<securecookie host="^essaysreasy\.net$" name=".+" />
 
 	<rule from="^http://(?:www\.)?essaysreasy\.(com|net)/"
 		to="https://essaysreasy.$1/"/>
diff --git a/src/chrome/content/rules/Essex.gov.uk.xml b/src/chrome/content/rules/Essex.gov.uk.xml
new file mode 100644
index 000000000000..65cdb2c294cc
--- /dev/null
+++ b/src/chrome/content/rules/Essex.gov.uk.xml
@@ -0,0 +1,59 @@
+<!--
+	Essex County Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *essex.gov.uk:
+
+		- children ³
+		- dnn ³
+		- librarybookings ³
+		- microsites ᶠ
+		- planning ᵈ
+		- schools ³
+
+	³ 403
+	ᵈ Dropped
+	ᶠ Handshake fails
+
+
+	Problematic hosts in *essex.gov.uk:
+
+		- wwwtest ⁵
+
+	⁵ Some, but not all, pages 500
+
+
+	Insecure cookies are set for these hosts:
+
+		- classiccatalogue.essex.gov.uk
+		- weisf.essex.gov.uk
+		- www.essex.gov.uk
+
+-->
+<ruleset name="Essex.gov.uk (partial)">
+
+	<target host="essex.gov.uk" />
+	<target host="classiccatalogue.essex.gov.uk" />
+	<target host="forms.essex.gov.uk" />
+	<target host="weisf.essex.gov.uk" />
+	<target host="www.essex.gov.uk" />
+
+		<!--	500:
+				-->
+		<!--test url="http://wwwtest.essex.gov.uk/Health-Social-Care/carers/Essex-Young-Carers/Pages/Default.aspx" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^classiccatalogue\.essex\.gov\.uk$" name="^CSP(?:SESSIONID|WSERVERID$)" /-->
+	<!--securecookie host="^(?:weisf|www)\.essex\.gov\.uk$" name="^ISAWPLB\{[\dA-F]{8}(?:-[\dA-F]{4}){3}-[\dA-F]{12}\}$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/EssexPolice.xml b/src/chrome/content/rules/EssexPolice.xml
new file mode 100644
index 000000000000..add95801b9e2
--- /dev/null
+++ b/src/chrome/content/rules/EssexPolice.xml
@@ -0,0 +1,18 @@
+<!--
+  For Essex Police
+
+    Works:
+
+      - www
+
+    Mismatch:
+
+      - $
+
+-->
+<ruleset name="Essex Police">
+  <target host="essex.police.uk" />
+  <target host="www.essex.police.uk" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Estara.com.xml b/src/chrome/content/rules/Estara.com.xml
deleted file mode 100644
index c864955ce00c..000000000000
--- a/src/chrome/content/rules/Estara.com.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	For other Oracle coverage, see Oracle.xml.
-
-
-	as00 sets a fs_nocache_guid cookie on
-	whichever domain it is loaded from.
-
--->
-<ruleset name="estara.com">
-
-	<target host="*.estara.com" />
-
-
-	<securecookie host="^\.estara\.com$" name=".+" />
-
-
-	<rule from="^http://(as00|webcare)\.estara\.com/"
-		to="https://$1.estara.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Estonia_Evoting.org.xml b/src/chrome/content/rules/Estonia_Evoting.org.xml
new file mode 100644
index 000000000000..4ba0c649de0b
--- /dev/null
+++ b/src/chrome/content/rules/Estonia_Evoting.org.xml
@@ -0,0 +1,9 @@
+<ruleset name="Estonia Evoting.org">
+
+	<target host="estoniaevoting.org" />
+	<target host="www.estoniaevoting.org" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Estonian_Public_Broadcasting.xml b/src/chrome/content/rules/Estonian_Public_Broadcasting.xml
index 422a8f72d306..8167b853ed66 100644
--- a/src/chrome/content/rules/Estonian_Public_Broadcasting.xml
+++ b/src/chrome/content/rules/Estonian_Public_Broadcasting.xml
@@ -1,4 +1,10 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://err.ee/ => https://err.ee/: Too many redirects while fetching 'https://err.ee/'
+Fetch error: http://otse.err.ee/ => https://otse.err.ee/: Too many redirects while fetching 'https://otse.err.ee/'
+Fetch error: http://www.err.ee/ => https://www.err.ee/: Too many redirects while fetching 'https://www.err.ee/'
+
 	Nonfunctional subdomains:
 
 		- ajakava.dev		(404)
@@ -23,16 +29,17 @@
 	*** No https
 
 -->
-<ruleset name="Estonian Public Broadcasting (partial)">
+<ruleset name="Estonian Public Broadcasting (partial)" default_off="failed ruleset test">
 
 	<target host="err.ee" />
-	<target host="*.err.ee" />
+	<target host="ext.err.ee" />
+	<target host="otse.err.ee" />
+	<target host="www.err.ee" />
 
 
-	<securecookie host="^(?:.+\.)?err\.ee$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(ext\.|otse\.|www\.)?err\.ee/"
-		to="https://$1err.ee/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/EtaLabs.net.xml b/src/chrome/content/rules/EtaLabs.net.xml
new file mode 100644
index 000000000000..6d9ba52d3968
--- /dev/null
+++ b/src/chrome/content/rules/EtaLabs.net.xml
@@ -0,0 +1,14 @@
+<!--
+	Mismatched:
+		- etalabs.net
+-->
+<ruleset name="EtaLabs.net">
+	<target host="etalabs.net" />
+	<target host="www.etalabs.net" />
+	<target host="git.etalabs.net" />
+
+	<rule from="^http://etalabs\.net/" to="https://www.etalabs.net/" />
+	<rule from="^http:" to="https:" />
+
+	<securecookie host=".+" name=".+" />
+</ruleset>
diff --git a/src/chrome/content/rules/Etapestry.com.xml b/src/chrome/content/rules/Etapestry.com.xml
index 48ccf139ef8c..554c95e7847f 100644
--- a/src/chrome/content/rules/Etapestry.com.xml
+++ b/src/chrome/content/rules/Etapestry.com.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://www.etapestry.com/?f (200) => https://www.blackbaud.com/fundraising-crm/etapestry-donor-management.aspx?f (404)
+
 	For other Blackbaud coverage, see Blackbaud.xml.
 
 
@@ -7,22 +11,36 @@
 		- (www.)	(mismatched, CN: *.blackbaud.com)
 
 -->
-<ruleset name="etapestry.com">
+<ruleset name="etapestry.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="app.etapestry.com" />
 
+	<!--	Complications:
+				-->
 	<target host="etapestry.com" />
-	<target host="*.etapestry.com" />
+	<target host="www.etapestry.com" />
 
 
 	<securecookie host="^app\.etapestry\.com$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?etapestry\.com/(\?.*)?$"
-		to="https://www.blackbaud.com/fundraising-crm/etapestry-donor-management.aspx$1" />
+	<rule from="^http://(?:www\.)?etapestry\.com/(?=$|\?)"
+		to="https://www.blackbaud.com/fundraising-crm/etapestry-donor-management.aspx" />
+
+		<test url="http://etapestry.com/?" />
+		<test url="http://www.etapestry.com/?" />
+		<test url="http://www.etapestry.com/?f" />
 
 	<rule from="^http://(?:www\.)?etapestry\.com/.+"
 		to="https://www.blackbaud.com/page.aspx?pid=209" />
 
-	<rule from="^http://app\.etapestry\.com/"
-		to="https://app.etapestry.com/" />
+		<test url="http://www.etapestry.com/analytics/" />
+		<test url="http://www.etapestry.com/education/" />
+		<test url="http://www.etapestry.com/forms" />
+
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Etarget.hu.xml b/src/chrome/content/rules/Etarget.hu.xml
new file mode 100644
index 000000000000..e6ec49794306
--- /dev/null
+++ b/src/chrome/content/rules/Etarget.hu.xml
@@ -0,0 +1,28 @@
+<!--
+	For other Etarget coverage, see Etarget.xml.
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.etarget.hu
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Etarget.hu">
+
+	<target host="etarget.hu" />
+	<target host="www.etarget.hu" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.etarget\.hu$" name="^SESS$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Etarget.ro.xml b/src/chrome/content/rules/Etarget.ro.xml
new file mode 100644
index 000000000000..e1cf1eed22c6
--- /dev/null
+++ b/src/chrome/content/rules/Etarget.ro.xml
@@ -0,0 +1,39 @@
+<!--
+	For other Etarget coverage, see Etarget.xml.
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.etarget.ro
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Image on www.etarget.ro from share.etarget.sk ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Etarget.ro">
+
+	<target host="etarget.ro" />
+	<target host="www.etarget.ro" />
+
+		<!--	Mixed image:
+					-->
+		<!--test url="http://www.etarget.ro/download" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.etarget\.ro$" name="^SESS$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Etarget.sk.xml b/src/chrome/content/rules/Etarget.sk.xml
new file mode 100644
index 000000000000..dae72b75f2a1
--- /dev/null
+++ b/src/chrome/content/rules/Etarget.sk.xml
@@ -0,0 +1,30 @@
+<!--
+	For other Etarget coverage, see Etarget.xml.
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.etarget.sk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Etarget.sk">
+
+	<target host="etarget.sk" />
+	<target host="share.etarget.sk" />
+	<target host="www.etarget.sk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.etarget\.sk$" name="^SESS$" /-->
+
+	<securecookie host="^\." name="^optimizely" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Etarget.xml b/src/chrome/content/rules/Etarget.xml
index 94fedc89c88d..8381925e4992 100644
--- a/src/chrome/content/rules/Etarget.xml
+++ b/src/chrome/content/rules/Etarget.xml
@@ -1,22 +1,33 @@
 <!--
-	\w\w in \w\w.search.etargetnet.com: country codes
+	Other Etarget rulesets:
+
+		- Etarget.hu.xml
+		- Etarget.ro.xml
+		- Etarget.sk.xml
+		- Etarget_net.com.xml
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.etarget.cz
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="Etarget (partial)">
+<ruleset name="Etarget.cz">
 
-	<target host="etarget.*" />
-	<target host="www.etarget.*" />
-	<target host="search.etargetnet.com" />
-	<target host="*.search.etargetnet.com" />
+	<target host="etarget.cz" />
+	<target host="www.etarget.cz" />
 
 
-	<securecookie host="^(?:www\.)?etarget\.\w\w$" name=".+" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.etarget\.cz$" name="^SESS$" /-->
 
+	<securecookie host="^\w" name=".+" />
 
-	<rule from="^http://(www\.)?etarget\.(cz|hu|ro|sk)/"
-		to="https://$1etarget.$2/" />
 
-	<rule from="^http://(\w\w\.)?search\.etargetnet\.com/"
-		to="https://$1search.etargetnet.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Etarget_net.com.xml b/src/chrome/content/rules/Etarget_net.com.xml
new file mode 100644
index 000000000000..987b2b369bf4
--- /dev/null
+++ b/src/chrome/content/rules/Etarget_net.com.xml
@@ -0,0 +1,19 @@
+<!--
+	For other Etarget coverage, see Etarget.xml.
+
+
+	\w\w in \w\w.search.etargetnet.com: country codes
+
+-->
+<ruleset name="Etarget net.com">
+
+	<target host="search.etargetnet.com" />
+	<target host="*.search.etargetnet.com" />
+
+		<test url="http://cz.search.etargetnet.com/" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Eth0.nl.xml b/src/chrome/content/rules/Eth0.nl.xml
new file mode 100644
index 000000000000..b3df5de07dd4
--- /dev/null
+++ b/src/chrome/content/rules/Eth0.nl.xml
@@ -0,0 +1,22 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://tickets.eth-0.nl/ => https://tickets.eth-0.nl/: (28, 'Connection timed out after 20001 milliseconds')
+
+-->
+<ruleset name="eth0.nl" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+
+	<target host="eth-0.nl" />
+	<target host="secure.eth-0.nl" />
+	<target host="tickets.eth-0.nl" />
+	<target host="wiki.eth-0.nl" />
+	<target host="www.eth-0.nl" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/EtherCalc.net.xml b/src/chrome/content/rules/EtherCalc.net.xml
new file mode 100644
index 000000000000..09917a843154
--- /dev/null
+++ b/src/chrome/content/rules/EtherCalc.net.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .ethercalc.net
+
+-->
+<ruleset name="EtherCalc.net">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ethercalc.net" />
+	<target host="www.ethercalc.net" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.ethercalc\.net$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.ethercalc\.net$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ethereum.org.xml b/src/chrome/content/rules/Ethereum.org.xml
new file mode 100644
index 000000000000..b1010238b3c5
--- /dev/null
+++ b/src/chrome/content/rules/Ethereum.org.xml
@@ -0,0 +1,23 @@
+<!--
+	Invalid certificate:
+		devcon.ethereum.org
+		wiki.ethereum.org (503 over http)
+
+-->
+<ruleset name="Ethereum.org">
+
+	<target host="ethereum.org" />
+	<target host="www.ethereum.org" />
+	<target host="blog.ethereum.org" />
+	<target host="bounty.ethereum.org" />
+	<target host="forum.ethereum.org" />
+	<target host="geth.ethereum.org" />
+	<target host="remix.ethereum.org" />
+	<target host="wallet.ethereum.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Etherscamdb.info.xml b/src/chrome/content/rules/Etherscamdb.info.xml
new file mode 100644
index 000000000000..aeeb9a219a15
--- /dev/null
+++ b/src/chrome/content/rules/Etherscamdb.info.xml
@@ -0,0 +1,7 @@
+<ruleset name="Etherscamdb.info">
+	<target host="etherscamdb.info" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ethersheet.org.xml b/src/chrome/content/rules/Ethersheet.org.xml
new file mode 100644
index 000000000000..731874ed4b92
--- /dev/null
+++ b/src/chrome/content/rules/Ethersheet.org.xml
@@ -0,0 +1,12 @@
+<ruleset name="Ethersheet.org" default_off="expired">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ethersheet.org" />
+	<target host="www.ethersheet.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ethical_Hacker.Net.xml b/src/chrome/content/rules/Ethical_Hacker.Net.xml
new file mode 100644
index 000000000000..fcb5bfc92548
--- /dev/null
+++ b/src/chrome/content/rules/Ethical_Hacker.Net.xml
@@ -0,0 +1,49 @@
+<!--
+	Insecure cookies are set for these hosts and domains:
+
+		- ethicalhacker.net
+		- .ethicalhacker.net
+		- www.ethicalhacker.net
+
+
+	Mixed content:
+
+		- iframes from www.youtube.com ¹
+
+		- css from fonts.googleapis.com ¹
+
+		- Images, from:
+
+			- 2014.confidence.org.pl ²
+			- www.elearnsecurity.com ¹
+			- www.infosec-world.com ³
+			- showmecon.parametersecurity.com ¹
+			- www.sourceconference.com ⁴
+			- img.youtube.com ¹
+
+	¹ Secured by us
+	² Not secured by us <= mismatched & self-signed cert
+	³ Not secured by us <= refused
+	⁴ Rule disabled by default <= expired cert
+
+-->
+<ruleset name="Ethical Hacker.Net (false MCB)" platform="mixedcontent">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ethicalhacker.net" />
+	<target host="www.ethicalhacker.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?ethicalhacker\.net$" name="^wfvt_-\d+$" /-->
+	<!--securecookie host="^\.ethicalhacker\.net$" name="(^phpbb3_\w{5}_k|phpbb3_\w{5}_sid|phpbb3_\w{5}_u)$" /-->
+
+	<securecookie host="^(?:\.|www\.)?ethicalhacker\.net$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/EthicsPoint.com.xml b/src/chrome/content/rules/EthicsPoint.com.xml
index 11c557cb4c9f..8d328a11e723 100644
--- a/src/chrome/content/rules/EthicsPoint.com.xml
+++ b/src/chrome/content/rules/EthicsPoint.com.xml
@@ -1,12 +1,17 @@
-<ruleset name="EthicsPoint.com (partial)">
+<ruleset name="EthicsPoint.com">
 
+	<target host="ethicspoint.com" />
 	<target host="secure.ethicspoint.com" />
+	<target host="www.ethicspoint.com" />
 
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^secure\.ethicspoint\.com$" name="^BIGipServer~LB_Prod_Web~SECURE_Prod_secure\.ethicspoint\.com_Pool$" /-->
+
 	<securecookie host="^secure\.ethicspoint\.com$" name=".+" />
 
 
-	<rule from="^http://secure\.ethicspoint\.com/"
-		to="https://secure.ethicspoint.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Ethn.io.xml b/src/chrome/content/rules/Ethn.io.xml
index 0bdf2adc6437..d2a92188d957 100644
--- a/src/chrome/content/rules/Ethn.io.xml
+++ b/src/chrome/content/rules/Ethn.io.xml
@@ -7,7 +7,7 @@
 <ruleset name="Ethn.io">
 
 	<target host="ethn.io" />
-	<target host="*.ethn.io" />
+	<target host="www.ethn.io" />
 
 
 	<securecookie host="^\.ethn\.io$" name=".+" />
@@ -16,4 +16,4 @@
 	<rule from="^http://(?:www\.)?ethn\.io/"
 		to="https://ethn.io/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Ethnologue.xml b/src/chrome/content/rules/Ethnologue.xml
index ba308255b81d..61975b0d4736 100644
--- a/src/chrome/content/rules/Ethnologue.xml
+++ b/src/chrome/content/rules/Ethnologue.xml
@@ -12,7 +12,6 @@
 
 	<!--	!www doesn't exist.
 					-->
-	<rule from="^http://www\.ethnologue\.com/"
-		to="https://www.ethnologue.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Ethos-OS.org.xml b/src/chrome/content/rules/Ethos-OS.org.xml
index 7329a761d5ba..274dc897081c 100644
--- a/src/chrome/content/rules/Ethos-OS.org.xml
+++ b/src/chrome/content/rules/Ethos-OS.org.xml
@@ -2,10 +2,9 @@
 	Problematic subdomains:
 
 		- ^	(refused)
-		- www	(works, expired 2013-08-16)
 
 -->
-<ruleset name="Ethos-OS.org" default_off="expired">
+<ruleset name="Ethos-OS.org">
 
 	<target host="ethos-os.org" />
 	<target host="www.ethos-os.org" />
@@ -18,4 +17,4 @@
 	<rule from="^http://(?:www\.)?ethos-os\.org/"
 		to="https://www.ethos-os.org/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Ethos_Custom_Brands.xml b/src/chrome/content/rules/Ethos_Custom_Brands.xml
index 164c870c04a1..8c9e579fc3db 100644
--- a/src/chrome/content/rules/Ethos_Custom_Brands.xml
+++ b/src/chrome/content/rules/Ethos_Custom_Brands.xml
@@ -1,13 +1,18 @@
-<ruleset name="Ethos Custom Brands">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ethoscustombrands.com/ => https://ethoscustombrands.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+-->
+<ruleset name="Ethos Custom Brands" default_off="failed ruleset test">
 
 	<target host="ethoscustombrands.com" />
-	<target host="*.ethoscustombrands.com" />
+	<target host="www.ethoscustombrands.com" />
 
 
 	<securecookie host="^(?:www)?\.ethoscustombrands\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)ethoscustombrands\.com/"
-		to="https://$1ethoscustombrands.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Etipos.sk.xml b/src/chrome/content/rules/Etipos.sk.xml
new file mode 100644
index 000000000000..65aeac60745c
--- /dev/null
+++ b/src/chrome/content/rules/Etipos.sk.xml
@@ -0,0 +1,6 @@
+<ruleset name="Etipos.sk">
+  <target host="etipos.sk" />
+  <target host="www.etipos.sk" />
+
+  <rule from="^http://(?:www\.)?etipos\.sk/" to="https://www.etipos.sk/" />
+</ruleset>
diff --git a/src/chrome/content/rules/Etiqa.com.my.xml b/src/chrome/content/rules/Etiqa.com.my.xml
new file mode 100644
index 000000000000..06df24214f86
--- /dev/null
+++ b/src/chrome/content/rules/Etiqa.com.my.xml
@@ -0,0 +1,58 @@
+<!--
+	For other Maybank coverage, see Maybank.com.xml
+
+
+	Non-functional subdomains:
+
+		- (www.)etiqa.com.my	(h)
+		- bpp	(e)
+		- dev.bpp	(t)
+		- cgs	(r)
+		- cls	(r)
+		- clsgl	(r)
+		- d	(m)
+		- dcatalyst	(m)
+		- edmtrace	(m)
+		- insc1	(t)
+		- insc2	(t)
+		- intranet	(r)
+		- lpappuat1	(t)
+		- partner	(e)
+		- pentaagent	(t)
+		- t	(empty reply)
+		- w	(HTTP 400 error)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Etiqa Insurance">
+
+	<!-- only MyAccount & getonline directories are functional -->
+	<target host="etiqa.com.my" />
+	<target host="www.etiqa.com.my" />
+	<target host="academy.etiqa.com.my" />
+	<target host="agentmail.etiqa.com.my" />
+	<target host="media.etiqa.com.my" />
+	<target host="t.etiqa.com.my" />
+	<target host="w.etiqa.com.my" />
+
+	<securecookie host=".+" name=".+" />
+
+	<!-- only MyAccount & getonline directories are functional -->
+	<exclusion pattern="^http://(www\.)?etiqa\.com\.my/(?!getonline|MyAccount)" />
+
+		<test url="http://etiqa.com.my/en/personal" />
+		<test url="http://www.etiqa.com.my/asset/css/home.min.css" />
+		<test url="http://etiqa.com.my/getonline/asset/img/1471350479558.png" />
+		<test url="http://www.etiqa.com.my/getonline/asset/img/claims-care.png" />
+		<test url="http://etiqa.com.my/MyAccount/login" />
+		<test url="http://www.etiqa.com.my/MyAccount/login" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Etnasoft.com.xml b/src/chrome/content/rules/Etnasoft.com.xml
new file mode 100644
index 000000000000..758a70645595
--- /dev/null
+++ b/src/chrome/content/rules/Etnasoft.com.xml
@@ -0,0 +1,33 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://hd.etnasoft.com/ => https://hd.etnasoft.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://old.etnasoft.com/ => https://old.etnasoft.com/: (6, 'Could not resolve host: old.etnasoft.com')
+
+	Ruleset for etnasoft.com.
+
+	Not supporting HTTPS or using an invalid certificate:
+		* cisco.etnasoft.com
+		* m.etnasoft.com
+		* mobile.etnasoft.com
+		* new.etnasoft.com
+		* robot.etnasoft.com
+		* smtp.etnasoft.com
+		* support.etnasoft.com
+		* tasks.etnasoft.com
+		* webmail.etnasoft.com
+-->
+<ruleset name="etnasoft.com" default_off="failed ruleset test">
+
+	<target host="etnasoft.com" />
+
+	<target host="blog.etnasoft.com" />
+	<target host="hd.etnasoft.com" />
+	<target host="old.etnasoft.com" />
+	<target host="www.etnasoft.com" />
+	<target host="zabbix.etnasoft.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Etouches.xml b/src/chrome/content/rules/Etouches.xml
index 5bff6c70b575..19a8f8d68779 100644
--- a/src/chrome/content/rules/Etouches.xml
+++ b/src/chrome/content/rules/Etouches.xml
@@ -6,10 +6,10 @@
 	<target host="www.etouches.com" />
 
 
-	<securecookie host="^(?:www\.)?e(?:iseverywhere|touches)\.com$" name=".*" />
+	<securecookie host="^(?:www\.)?e(?:iseverywhere|touches)\.com$" name=".+" />
 
 
-	<rule from="^https?://(www\.)?e(iseverywhere|touches)\.com/"
-		to="https://$1e$2.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Etracker.xml b/src/chrome/content/rules/Etracker.xml
index 0ae062ac9df2..7e0e0542bef4 100644
--- a/src/chrome/content/rules/Etracker.xml
+++ b/src/chrome/content/rules/Etracker.xml
@@ -1,40 +1,97 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://autodiscover.etracker.com/ => https://autodiscover.etracker.com/: (6, 'Could not resolve host: autodiscover.etracker.com')
+Fetch error: http://owa.etracker.com/ => https://owa.etracker.com/: (6, 'Could not resolve host: owa.etracker.com')
+
+	Nonfunctional hosts in *etracker.com:
+
+		- editor *
+
+	* 200 "an error has occurred"
+
+
 	Problematic domains:
 
-		- (www.)sedotracker.com		(mismatched)
+		- etracker.de *
+		- (www.)?sedotracker.com *
+		- visitormotion.com *
+
+	* Mismatched
+
+
+	These altnames don't exist:
+
+		- mail.etracker.com
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- partner.etracker.de
+		- www.etracker.de
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
 
 
 	code.etracker.com sets ist and _vm_u cookies
 	on whichever domain it is loaded from.
 
 -->
-<ruleset name="etracker">
+<ruleset name="etracker (partial)" default_off="failed ruleset test">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="etracker.com" />
 	<target host="*.etracker.com" />
-	<target host="etracker.de" />
+	<target host="partner.etracker.de" />
 	<target host="www.etracker.de" />
-	<target host="visitormotion.com" />
 	<target host="www.visitormotion.com" />
 
+	<!--	Complications:
+				-->
+	<target host="etracker.de" />
+	<target host="visitormotion.com" />
+
+		<exclusion pattern="^http://editor\.etracker\.com/" />
 
-	<securecookie host="^(.*\.)?etracker\.(com|de)$" name=".*" />
+			<!--	+ve:
+					-->
+			<test url="http://editor.etracker.com/" />
 
+		<test url="http://application.etracker.com/" />
+		<test url="http://autodiscover.etracker.com/" />
+		<test url="http://beta.etracker.com/" />
+		<test url="http://code.etracker.com/" />
+		<test url="http://owa.etracker.com/" />
+		<test url="http://partnerportal.etracker.com/" />
+		<test url="http://visitorvoice.etracker.com/" />
+		<test url="http://ws.etracker.com/" />
+		<test url="http://www.etracker.com/" />
+
+		<!--	Sets cookie without Secure:
+							-->
+		<!--test url="http://www.etracker.de/cnt_css.php?et=&amp;v=&amp;java=n&amp;et_easy=0&amp;et_pagename=&amp;et_areas=&amp;et_ilevel=0&amp;et_target=&amp;et_lpage=0&amp;et_trig=0&amp;et_se=0&amp;et_cust=0&amp;et_basket=&amp;et_url=&amp;et_tag=&amp;et_sub=&amp;et_organisation=&amp;et_demographic=" /-->
 
-	<!--	!www: cert mismatch.
-				-->
-	<rule from="^http://(?:www\.)?etracker\.(com|de)/"
-		to="https://www.etracker.$1/" />
 
-	<rule from="^http://(\w+)\.etracker\.(com|de)/"
-		to="https://$1.etracker.$2/" />
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^partner\.etracker\.de$" name="^etrbo$" /-->
+	<!--securecookie host="^www\.etracker\.de$" name="^etcnt_\d+$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://etracker\.de/"
+		to="https://www.etracker.de/" />
 
 	<rule from="^http://(?:www\.)?sedotracker\.com/"
 		to="https://www.etracker.de/" />
 
-	<!--	Cert mismatch.
-				-->
-	<rule from="^http://(?:www\.)?visitormotion\.com/"
+	<rule from="^http://visitormotion\.com/"
 		to="https://www.visitormotion.com/" />
 
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/Etrade.com.xml b/src/chrome/content/rules/Etrade.com.xml
new file mode 100644
index 000000000000..b808dc5607fb
--- /dev/null
+++ b/src/chrome/content/rules/Etrade.com.xml
@@ -0,0 +1,18 @@
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cdn.etrade.net/ => https://cdn.etrade.net/: (28, 'Operation timed out after 15001 milliseconds with 0 bytes received')
+-->
+<ruleset name="Etrade.com">
+
+	<target host="etrade.com" />
+	<target host="about.etrade.com" />
+	<target host="career.etrade.com" />
+	<target host="global.etrade.com" />
+	<target host="us.etrade.com" />
+	<target host="www.etrade.com" />
+	<target host="cdn.etrade.net" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Etravelway.com.xml b/src/chrome/content/rules/Etravelway.com.xml
index 80690710fa42..58159b7c107c 100644
--- a/src/chrome/content/rules/Etravelway.com.xml
+++ b/src/chrome/content/rules/Etravelway.com.xml
@@ -1,6 +1,37 @@
-<ruleset name="Etravelway.com">
-  <target host="etravelway.com" />
-  <target host="www.etravelway.com" />
+<!--
+	NB: server sends no certificate chain, see https://whatsmychaincert.com
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- etravelway.com
+		- www.etravelway.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Images from www.etravelway.com ˢ
+		- Bug from hits3.truehits.net
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="eTravelWay.com" default_off="cert-chain">
+
+	<target host="etravelway.com" />
+	<target host="www.etravelway.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?etravelway\.com$" name="^ASPSESSIONID[A-Z]{8}$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
-  <rule from="^http://(www\.)?etravelway\.com/" to="https://www.etravelway.com/" />
 </ruleset>
diff --git a/src/chrome/content/rules/Etre_Shop.com.xml b/src/chrome/content/rules/Etre_Shop.com.xml
index 04b95e3755b1..2d8c8e558ea1 100644
--- a/src/chrome/content/rules/Etre_Shop.com.xml
+++ b/src/chrome/content/rules/Etre_Shop.com.xml
@@ -1,19 +1,41 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://etreshop.com/ => https://etreshop.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.etreshop.com/ => https://www.etreshop.com/: (60, 'SSL certificate problem: certificate has expired')
+
 	Nonfunctional subdomains:
 
 		- aw12	(shows www)
 
+
+	Insecure cookies are set for these hosts:
+
+		- www.etreshop.com
+
+
+	Mixed content:
+
+		- css on www from $self *
+		- Images on www from $self *
+
+	* Secured by us
+
 -->
-<ruleset name="Etre Shop.com (partial)">
+<ruleset name="Etre Shop.com (partial)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="etreshop.com" />
 	<target host="www.etreshop.com" />
 
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.etreshop\.com$" name="^PHPSESSID$" /-->
+
 	<securecookie host="^www\.etreshop\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?etreshop\.com/"
-		to="https://$1etreshop.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Etre_Touchy.com.xml b/src/chrome/content/rules/Etre_Touchy.com.xml
index b47658cb3252..c2f56c52258c 100644
--- a/src/chrome/content/rules/Etre_Touchy.com.xml
+++ b/src/chrome/content/rules/Etre_Touchy.com.xml
@@ -10,8 +10,30 @@
 	<target host="etretouchy.com" />
 	<target host="www.etretouchy.com" />
 
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.etrytouchy\.com/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.etrytouchy\.com/+(?!favicon\.ico|images/|styles/)" />
 
-	<rule from="^http://(?:www\.)?etrytouchy\.com/(favicon\.ico|images/|styles/)"
-		to="https://www.etrytouchy.com/$1" />
+			<!--	+ve:
+					-->
+			<test url="http://www.etretouchy.com/about/" />
+			<test url="http://www.etretouchy.com/about/what/" />
+			<test url="http://www.etretouchy.com/buy/" />
+			<test url="http://www.etretouchy.com/collection/" />
+			<test url="http://www.etretouchy.com/subscribe/" />
 
-</ruleset>
\ No newline at end of file
+			<!--	-ve:
+					-->
+			<test url="http://www.etretouchy.com/favicon.ico" />
+			<test url="http://www.etretouchy.com/images/logo.png" />
+			<test url="http://www.etretouchy.com/styles/base.css" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Etrend.sk.xml b/src/chrome/content/rules/Etrend.sk.xml
new file mode 100644
index 000000000000..90fe45271240
--- /dev/null
+++ b/src/chrome/content/rules/Etrend.sk.xml
@@ -0,0 +1,45 @@
+<!--
+	Nonfunctional hosts in *.etrend.sk:
+
+	http redirect:
+		- kancelarie.etrend.sk
+		- www.kancelarie.etrend.sk
+		- sklady.etrend.sk
+	certificate mismatch:
+		- finhit.etrend.sk
+		- www.letenky.etrend.sk
+		- www.m.etrend.sk
+	connection refused:
+		- poistenie.etrend.sk
+		- vrtietpsom.etrend.sk
+	mixed content:
+		- novostavby.etrend.sk
+-->
+<ruleset name="Etrend.sk">
+	<target host="etrend.sk" />
+	<target host="www.etrend.sk" />
+	<target host="blog.etrend.sk" />
+	<target host="csr.etrend.sk" />
+	<target host="delikatesy.etrend.sk" />
+	<target host="ekonomika.etrend.sk" />
+	<target host="firmy.etrend.sk" />
+	<target host="forum.etrend.sk" />
+	<target host="fwd.etrend.sk" />
+	<target host="gazduj.etrend.sk" />
+	<target host="konferencie.etrend.sk" />
+	<target host="letenky.etrend.sk" />
+	<target host="medialne.blog.etrend.sk" />
+	<target host="medialne.etrend.sk" />
+	<target host="myslimekonomicky.etrend.sk" />
+	<target host="reality.etrend.sk" />
+	<target host="reality.inspiracie.etrend.sk" />
+	<target host="restauracie.etrend.sk" />
+	<target host="staging.etrend.sk" />
+	<target host="www.staging.etrend.sk" />
+	<target host="technologie.etrend.sk" />
+	<target host="trading.etrend.sk" />
+	<target host="vino.etrend.sk" />
+	<target host="zdravezdravotnictvo.etrend.sk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Etsy.xml b/src/chrome/content/rules/Etsy.xml
index ace77f0253a4..4741aba3123b 100644
--- a/src/chrome/content/rules/Etsy.xml
+++ b/src/chrome/content/rules/Etsy.xml
@@ -1,28 +1,26 @@
 <!--
-	CDN buckets:
-
-		- s3.amazonaws.com/siteassets.etsy.com/
+	Invalid certificate:
+		www.*.esty.com
 
 -->
 <ruleset name="Etsy (partial)">
 
 	<target host="etsy.com" />
 	<target host="*.etsy.com" />
-		<exclusion pattern="^http://(?:de\.|fr\.|www\.)?etsy\.com/(?:\w\w/)?(?:about|android|apps|browse|community|error\.php|forums(?:_user_threads\.php)?|help|ipad|iphone|listing/\d+|mobile|people|press|registry|reopen_account\.php|sell|teams|treasury)(?:$|\?|/)" />
-		<!--exclusion pattern="^http://(www\.)?etsy\.com/(?!assets/|(blog|(\w\w/)?(cart|signin)|clientlog)($|[?/])|(\w\w/)?forgot_password\.php|images/)" /-->
+		<test url="http://aaronsuncamacho.etsy.com/" />
+		<test url="http://thepigeonletters.etsy.com/" />
+		<test url="http://xusah.etsy.com/" />
 	<target host="*.etsystatic.com" />
-
+		<test url="http://img0.etsystatic.com/" />
+		<test url="http://img1.etsystatic.com/" />
+		<test url="http://img2.etsystatic.com/" />
 
 	<!--	This site has rewrites back to HTTP and various other issues.
-		That makes asecurecookie directive highly inadvisable.
+		That makes a securecookie directive highly inadvisable.
 
 	<securecookie host="^\.etsy\.com$" name=".+" /-->
 
-
-	<rule from="^http://((?:de|fr|ny-image\d|system|www)\.)?etsy\.com/"
-		to="https://$1etsy.com/" />
-
-	<rule from="^http://(img\d|site|www)\.etsystatic\.com/"
-		to="https://$1.etsystatic.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Ettus.com.xml b/src/chrome/content/rules/Ettus.com.xml
new file mode 100644
index 000000000000..223616c12263
--- /dev/null
+++ b/src/chrome/content/rules/Ettus.com.xml
@@ -0,0 +1,15 @@
+<!--
+	Some pages redirect to http
+
+-->
+<ruleset name="Ettus.com (partial)">
+
+	<target host="ettus.com" />
+	<target host="www.ettus.com" />
+		<!--exclusion pattern="^http://(www\.)?ettus.com/+(?!(account|cart|login|product/quick-order)($|[?/])|assets/|content/|favicon\.ico|images)" /-->
+
+
+	<rule from="^http://(www\.)?ettus\.com/(?=(?:account|cart|login|product/quick-order)(?:$|[?/])|assets/|content/|favicon\.ico|images/)"
+		to="https://$1ettus.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/EuP_Network.xml b/src/chrome/content/rules/EuP_Network.xml
index 3e75fde3e1ad..69efa43bcee4 100644
--- a/src/chrome/content/rules/EuP_Network.xml
+++ b/src/chrome/content/rules/EuP_Network.xml
@@ -4,7 +4,7 @@
 		- (www.)	(mismatch, CN: webserver.ispgateway.de)
 
 -->
-<ruleset name="EuP Network" default_off="mismatch">
+<ruleset name="EuP Network" default_off="mismatched">
 
 	<target host="eup-network.de" />
 	<target host="www.eup-network.de" />
@@ -15,7 +15,7 @@
 
 	<!--	!www redirects to www.
 					-->
-	<rule from="^https?://(?:www\.)?eup-network\.de/"
+	<rule from="^http://(?:www\.)?eup-network\.de/"
 		to="https://www.eup-network.de/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Eucalyptus.com.xml b/src/chrome/content/rules/Eucalyptus.com.xml
new file mode 100644
index 000000000000..b2f70b89fb9a
--- /dev/null
+++ b/src/chrome/content/rules/Eucalyptus.com.xml
@@ -0,0 +1,16 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://eucalyptus.com/ => https://eucalyptus.com/: (51, "SSL: no alternative certificate subject name matches target host name 'eucalyptus.com'")
+
+-->
+<ruleset name="Eucalyptus.com" default_off="failed ruleset test">
+
+	<target host="eucalyptus.com" />
+	<target host="www.eucalyptus.com" />
+	<target host="support.eucalyptus.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/EurActiv.com.xml b/src/chrome/content/rules/EurActiv.com.xml
new file mode 100644
index 000000000000..b9d777146247
--- /dev/null
+++ b/src/chrome/content/rules/EurActiv.com.xml
@@ -0,0 +1,34 @@
+<!--
+	No working URL known:
+		ads.euractiv.com
+
+	Refused:
+		agenda.euractiv.com
+		archive.euractiv.com
+		beta.euractiv.com
+		jobs.euractiv.com
+		pr.euractiv.com
+		wikidossiers.euractiv.com
+
+	Secure connection failed:
+		brief.euractiv.com
+
+	Different content http/https:
+		events.euractiv.com
+		pdf.euractiv.com
+
+	Invalid certificate:
+		video.euractiv.com
+
+-->
+<ruleset name="EurActiv.com">
+
+	<target host="euractiv.com" />
+	<target host="www.euractiv.com" />
+	<target host="accounts.euractiv.com" />
+	<target host="assets.euractiv.com" />
+	<target host="support.euractiv.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Eurex_Repo.com.xml b/src/chrome/content/rules/Eurex_Repo.com.xml
new file mode 100644
index 000000000000..b7e0561ac187
--- /dev/null
+++ b/src/chrome/content/rules/Eurex_Repo.com.xml
@@ -0,0 +1,33 @@
+<!--
+	For other Deutsche Börse Group coverage, see Deutsche_Boerse.xml.
+
+
+	^: Mismatched
+
+
+	These altnames don't exist:
+
+		- www.member.eurexrepo.com
+
+-->
+<ruleset name="Eurex Repo.com (partial)">
+
+	<target host="eurexrepo.com" />
+	<target host="www.eurexrepo.com" />
+	<target host="member.eurexrepo.com" />
+		<!--
+			Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.eurexrepo\.com/repo-en/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.eurexrepo\.com/+(?!blob/|image/|resources/)" />
+
+
+	<rule from="^http://(?:www\.)?eurexrepo\.com/"
+		to="https://www.eurexrepo.com/" />
+
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Eurexchange.com.xml b/src/chrome/content/rules/Eurexchange.com.xml
new file mode 100644
index 000000000000..65c8ab5dfa97
--- /dev/null
+++ b/src/chrome/content/rules/Eurexchange.com.xml
@@ -0,0 +1,30 @@
+<!--
+	For other Deutsche Börse Group coverage, see Deutsche_Boerse.xml.
+
+
+	^: mismatched
+
+
+	These altnames don't exist:
+
+		- www.member.eurexchange.com
+
+-->
+<ruleset name="Eurexchange.com (partial)">
+
+	<target host="eurexchange.com" />
+	<target host="www.eurexchange.com" />
+	<target host="member.eurexchange.com" />
+
+	<test url="http://www.eurexchange.com/exchange-de/kontakte-de" />
+	<test url="http://www.eurexchange.com/exchange-de/ressourcen/regelwerke" />
+	<test url="http://www.eurexchange.com/exchange-en/contacts" />
+	<test url="http://www.eurexchange.com/resources/" />
+
+	<rule from="^http://(?:www\.)?eurexchange\.com/"
+		to="https://www.eurexchange.com/" />
+
+	<rule from="^http://member\.eurexchange\.com/"
+		to="https://member.eurexchange.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Euro-IX.xml b/src/chrome/content/rules/Euro-IX.xml
index 513241062736..8ba7a63f48f2 100644
--- a/src/chrome/content/rules/Euro-IX.xml
+++ b/src/chrome/content/rules/Euro-IX.xml
@@ -1,6 +1,25 @@
-<ruleset name="Euro-ix.net" platform="mixedcontent">
+<!--
+	Insecure cookies are set for these hosts:
+
+		- euro-ix.net
+		- www.euro-ix.net
+
+-->
+<ruleset name="Euro-IX.net">
+
+<!--	Direct rewrites:
+			-->
   <target host="euro-ix.net" />
   <target host="www.euro-ix.net" />
 
-  <rule from="^http://(?:www\.)?euro-ix\.net/" to="https://www.euro-ix.net/" />
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?euro-ix\.net$" name="^(?:csrftoken|django_language)$" /-->
+
+	<securecookie host="^(?:www\.)?euro-ix\.net$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/EuroAds.se.xml b/src/chrome/content/rules/EuroAds.se.xml
deleted file mode 100644
index 384f104a136f..000000000000
--- a/src/chrome/content/rules/EuroAds.se.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="EuroAds.se (partial)">
-
-	<target host="banner.euroads.se" />
-
-
-	<rule from="^http://banner\.euroads\.se/"
-		to="https://banner.euroads.se/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/EuroBSDcon.org-falsemixed.xml b/src/chrome/content/rules/EuroBSDcon.org-falsemixed.xml
new file mode 100644
index 000000000000..34aed3c355cb
--- /dev/null
+++ b/src/chrome/content/rules/EuroBSDcon.org-falsemixed.xml
@@ -0,0 +1,16 @@
+<!--
+	For rules not causing false/broken MCB, see EuroBSDcon.org.xml.
+
+-->
+<ruleset name="EuroBSDcon.org (false MCB)" platform="mixedcontent">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="2012.eurobsdcon.org" />
+	<target host="2013.eurobsdcon.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/EuroBSDcon.org.xml b/src/chrome/content/rules/EuroBSDcon.org.xml
new file mode 100644
index 000000000000..26a7208683b1
--- /dev/null
+++ b/src/chrome/content/rules/EuroBSDcon.org.xml
@@ -0,0 +1,71 @@
+<!--
+	For rules causing false/broken MCB, see EuroBSDcon.org-falsemixed.xml.
+
+
+	Nonfunctional hosts in *eurobsdcon.org:
+
+		- 2001 ¹
+		- 2004 ²
+		- 2005 ³
+		- 2009 ⁴
+		- 2010 ¹
+		- ticketshop ¹
+
+	¹ Plaintext reply
+	² Redirects to http
+	³ 403
+	⁴ Shows another domain
+
+
+	Problematic hosts in *eurobsdcon.org:
+
+		- 2008 ¹ ² ³
+		- 2012 ⁴
+		- 2013 ⁴
+
+	¹ Expired
+	² Mismatched
+	³ Self-signed
+	⁴ Mixed css
+
+
+	Insecure cookies are set for these hosts:
+
+		- 2015.eurobsdcon.org
+
+
+	Mixed content:
+
+		- css on 201[23] from $self
+
+		- Images, on:
+
+			- 2008 from www.aful.org
+			- 201[23] from $self
+
+-->
+<ruleset name="EuroBSDcon.org (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="eurobsdcon.org" />
+	<target host="2011.eurobsdcon.org" />
+	<!--target host="2012.eurobsdcon.org" /-->
+	<!--target host="2013.eurobsdcon.org" /-->
+	<target host="2014.eurobsdcon.org" />
+	<target host="2015.eurobsdcon.org" />
+	<target host="lists.eurobsdcon.org" />
+	<target host="www.eurobsdcon.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^2015\.eurobsdcon\.org$" name="^wfvt_\d+$" /-->
+
+	<securecookie host="^2015\.eurobsdcon\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/EuroDNS.com-problematic.xml b/src/chrome/content/rules/EuroDNS.com-problematic.xml
new file mode 100644
index 000000000000..645dc5ebada2
--- /dev/null
+++ b/src/chrome/content/rules/EuroDNS.com-problematic.xml
@@ -0,0 +1,13 @@
+<!--
+	For rules that are on by default, see EuroDNS.com.xml.
+
+-->
+<ruleset name="EuroDNS.com (problematic)" default_off="expired, mismatched, self-signed">
+
+	<target host="blog.eurodns.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/EuroDNS.com.xml b/src/chrome/content/rules/EuroDNS.com.xml
new file mode 100644
index 000000000000..f191aeb6e1d0
--- /dev/null
+++ b/src/chrome/content/rules/EuroDNS.com.xml
@@ -0,0 +1,63 @@
+<!--
+	For problematic rules, see EuroDNS.com-problematic.xml.
+
+
+	Nonfunctional subdomains:
+
+		- help		(desk.com)
+
+
+	Problematic subdomains:
+
+		- blog		(works, CN: Parallels Panel)
+		- cdn3		(dropped)
+
+
+	Fully covered subdomains:
+
+		- (www.)
+		- affiliate
+		- cdn3		(→ static)
+		- static
+
+
+	Insecure cookies are set for these hosts:
+
+		- affiliate.eurodns.com
+
+
+	Mixed content:
+
+		- Images on blog from blog *
+
+	* Secured by us
+
+-->
+<ruleset name="EuroDNS.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="eurodns.com" />
+	<target host="affiliate.eurodns.com" />
+	<target host="static.eurodns.com" />
+	<target host="www.eurodns.com" />
+
+	<!--	Complications:
+				-->
+	<target host="cdn3.eurodns.com" />
+
+
+	<!--	Not secured by server:
+				-->
+	<securecookie host="^affiliate\.eurodns\.com$" name="^CAKEPHP$" />
+
+	<securecookie host="^(?:affiliate|www)\.eurodns\.com$" name=".+" />
+
+
+	<rule from="^http://cdn3\.eurodns\.com/"
+		to="https://static.eurodns.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/EuroFlorist.no.xml b/src/chrome/content/rules/EuroFlorist.no.xml
index 86a72d4ca161..6a1896612fc3 100644
--- a/src/chrome/content/rules/EuroFlorist.no.xml
+++ b/src/chrome/content/rules/EuroFlorist.no.xml
@@ -10,7 +10,8 @@
 <ruleset name="EuroFlorist.no (partial)">
 
 	<target host="euroflorist.no" />
-	<target host="*.euroflorist.no" />
+	<target host="www.euroflorist.no" />
+	<target host="bedrift.euroflorist.no" />
 		<!--exclusion pattern="^http://(www\.)?euroflorist\.no/($|\?|(En/Pages/Cart|Pages/Register)($|\?))" /-->
 		<exclusion pattern="^http://(?:bedrift\.|www\.)?euroflorist\.no/(?!Css/|Domains/|favicon\.ico|Images/|(?:En/)?Pages/CaptchaImage|Products/|(?:Script|Web)Resource\.axd|Scripts/)" />
 
@@ -21,7 +22,6 @@
 	<rule from="^http://(?:www\.)?euroflorist\.no/"
 		to="https://www.euroflorist.no/" />
 
-	<rule from="^http://bedrift\.euroflorist\.no/"
-		to="https://bedrift.euroflorist.no/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/EuroIntegration.com.ua.xml b/src/chrome/content/rules/EuroIntegration.com.ua.xml
new file mode 100644
index 000000000000..6c18f9cd14e5
--- /dev/null
+++ b/src/chrome/content/rules/EuroIntegration.com.ua.xml
@@ -0,0 +1,16 @@
+<!--
+	Different HTTP/HTTPS content:
+		online.eurointegration.com.ua
+		online2.eurointegration.com.ua
+		online3.eurointegration.com.ua
+		pda.eurointegration.com.ua
+
+	Time out:
+		navigator.eurointegration.com.ua
+-->
+<ruleset name="EuroIntegration.com.ua">
+	<target host="eurointegration.com.ua"/>
+	<target host="www.eurointegration.com.ua"/>
+
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/EuroPriSe.xml b/src/chrome/content/rules/EuroPriSe.xml
index ba7b4ba92212..2b8e08357563 100644
--- a/src/chrome/content/rules/EuroPriSe.xml
+++ b/src/chrome/content/rules/EuroPriSe.xml
@@ -3,7 +3,7 @@
 	<target host="european-privacy-seal.eu"/>
 	<target host="www.european-privacy-seal.eu"/>
 
-	<rule from="^http://(www\.)?european-privacy-seal\.eu/"
+	<rule from="^http://(?:www\.)?european-privacy-seal\.eu/"
 		to="https://www.european-privacy-seal.eu/"/>
 
 </ruleset>
diff --git a/src/chrome/content/rules/EuroPython.xml b/src/chrome/content/rules/EuroPython.xml
index 549160fa43cd..eb2f1fb5ac74 100644
--- a/src/chrome/content/rules/EuroPython.xml
+++ b/src/chrome/content/rules/EuroPython.xml
@@ -1,13 +1,40 @@
-<ruleset name="EuroPython">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ep2012.europython.eu/ => https://ep2012.europython.eu/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://ep2013.europython.eu/ => https://ep2013.europython.eu/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://ep2014.europython.eu/ => https://ep2014.europython.eu/: (60, 'SSL certificate problem: certificate has expired')
+
+	Nonfunctional hosts in *europython.eu:
+
+		- blog *
+
+	* Tumblr
+
+
+	Insecure cookies are set for these hosts:
+
+		- ep2015.europython.eu
+
+-->
+<ruleset name="EuroPython.eu" default_off="failed ruleset test">
 
 	<target host="europython.eu" />
-	<target host="*.europython.eu" />
+	<target host="ep2012.europython.eu" />
+	<target host="ep2013.europython.eu" />
+	<target host="ep2014.europython.eu" />
+	<target host="ep2015.europython.eu" />
+	<target host="www.europython.eu" />
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="ep2015\.europython\.eu$" name="^django_language$" /-->
 
-	<securecookie host="^ep2013\.europython\.eu$" name=".+" />
+	<securecookie host=".+\.europython\.eu$" name=".+" />
 
 
-	<rule from="^http://(ep201[23]\.|www\.)?europython\.eu/"
-		to="https://$1europython.eu/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/EuroSmartz.xml b/src/chrome/content/rules/EuroSmartz.xml
index 66c97a024368..83f7002e0caf 100644
--- a/src/chrome/content/rules/EuroSmartz.xml
+++ b/src/chrome/content/rules/EuroSmartz.xml
@@ -7,7 +7,7 @@
 
 	<!--	Cert only matches u15....
 		Data appear to be identical.	-->
-	<rule from="^https://(?:(?:mobile\.|www\.)?eurosmartz|u15404278\.onlinehome-server)\.com/"
+	<rule from="^http://(?:(?:mobile\.|www\.)?eurosmartz|u15404278\.onlinehome-server)\.com/"
 		to="https://u15404278.onlinehome-server.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Eurodiet.xml b/src/chrome/content/rules/Eurodiet.xml
index 39cfbac9c7d7..3433f7e2dd7e 100644
--- a/src/chrome/content/rules/Eurodiet.xml
+++ b/src/chrome/content/rules/Eurodiet.xml
@@ -9,7 +9,7 @@
 	<target host="www.eurodiet.co.uk" />
 
 
-	<rule from="^https?://(?:www\.)?eurodiet\.co\.uk/_design/"
+	<rule from="^http://(?:www\.)?eurodiet\.co\.uk/_design/"
 		to="https://www.eurodiet.co.uk/_design/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Euroforum-problematic.xml b/src/chrome/content/rules/Euroforum-problematic.xml
index 12786794dbcf..845bfab95d23 100644
--- a/src/chrome/content/rules/Euroforum-problematic.xml
+++ b/src/chrome/content/rules/Euroforum-problematic.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(?:www\.)?euroforum\.de/"
 		to="https://www.euroforum.de/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Euroforum.xml b/src/chrome/content/rules/Euroforum.xml
index 06b1706aadeb..54308e33a9b2 100644
--- a/src/chrome/content/rules/Euroforum.xml
+++ b/src/chrome/content/rules/Euroforum.xml
@@ -28,13 +28,13 @@
 
 	<target host="euroforum.com" />
 	<target host="www.euroforum.com" />
-	<target host="*.euroforum.de" />
+	<target host="static.euroforum.de" />
+	<target host="static2.euroforum.de" />
 
 
-	<rule from="^http://(www\.)?euroforum\.com/"
-		to="https://$1euroforum.com/" />
 
 	<rule from="^http://static2?\.euroforum\.de/"
 		to="https://d30az3luf8nwkb.cloudfront.net/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Eurofurence.xml b/src/chrome/content/rules/Eurofurence.xml
index fd8b0906b59b..91d981bf395c 100644
--- a/src/chrome/content/rules/Eurofurence.xml
+++ b/src/chrome/content/rules/Eurofurence.xml
@@ -3,5 +3,5 @@
 
   <securecookie host="^forum\.eurofurence\.org$" name=".+" />
 
-  <rule from="^http://forum\.eurofurence\.org/" to="https://forum.eurofurence.org/" />
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Eurogamer-problematic.xml b/src/chrome/content/rules/Eurogamer-problematic.xml
index a60a54db6065..44ae6a07d45f 100644
--- a/src/chrome/content/rules/Eurogamer-problematic.xml
+++ b/src/chrome/content/rules/Eurogamer-problematic.xml
@@ -2,15 +2,15 @@
 	For rules that are on by default, see Eurogamer.xml.
 
 -->
-<ruleset name="Eurogamer (expired)" default_off="expired">
+<ruleset name="Eurogamer.net (expired)" default_off="expired">
 
 	<target host="ads.eurogamer.net" />
 
 
-	<securecookie host="^ads\.eurogamer\.net$" name=".+" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^http://ads\.eurogamer\.net/"
-		to="https://ads.eurogamer.net/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Eurogamer.xml b/src/chrome/content/rules/Eurogamer.xml
index 0b3b6050d85d..eb8839c7d301 100644
--- a/src/chrome/content/rules/Eurogamer.xml
+++ b/src/chrome/content/rules/Eurogamer.xml
@@ -2,22 +2,19 @@
 	For rules that are off by default, see Eurogamer-problematic.xml.
 
 
-	CDN buckets:
+	Problematic hosts in *eurogamer.net:
 
-		- images.vg247.com.s3.amazonaws.com | d2f23iedlijwim.cloudfront.net
-			- aws permanently redirects
+		- ads ᵉ
+
+	ᵉ Expired
 
 -->
-<ruleset name="Eurogamer (partial)">
+<ruleset name="Eurogamer.net (partial)">
 
 	<target host="images.eurogamer.net" />
-	<target host="images.vg247.com" />
-
 
-	<rule from="^http://images\.eurogamer\.net/"
-		to="https://images.eurogamer.net/" />
 
-	<rule from="^http://images\.vg247\.com/"
-		to="https://d2f23iedlijwim.cloudfront.net/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Eurogap.cz.xml b/src/chrome/content/rules/Eurogap.cz.xml
index f67f736c1aef..e4baba71b639 100644
--- a/src/chrome/content/rules/Eurogap.cz.xml
+++ b/src/chrome/content/rules/Eurogap.cz.xml
@@ -10,7 +10,6 @@
 	<securecookie host="^dealers\.eurogap\.cz$" name=".+" />
 
 
-	<rule from="^http://dealers\.eurogap\.cz/"
-		to="https://dealers.eurogap.cz/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Euroland.com.xml b/src/chrome/content/rules/Euroland.com.xml
new file mode 100644
index 000000000000..9c10f6239ed6
--- /dev/null
+++ b/src/chrome/content/rules/Euroland.com.xml
@@ -0,0 +1,17 @@
+<ruleset name="Euroland.com">
+
+	<target host="euroland.com" />
+	<target host="tools.euroland.com" />
+	<target host="www.euroland.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(tools\.|www\.)?euroland\.com$" name="^(ISAWPLB\{[0-9A-F]{8}-([0-9A-F]{4}-){2}[0-9A-F]{8}\}|Settings)$" /-->
+
+	<securecookie host="^(?:tools\.|www\.)?euroland\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Europa-Apotheek.com.xml b/src/chrome/content/rules/Europa-Apotheek.com.xml
new file mode 100644
index 000000000000..c38ee44cec1a
--- /dev/null
+++ b/src/chrome/content/rules/Europa-Apotheek.com.xml
@@ -0,0 +1,34 @@
+<!--
+	^europa-apotheek.com: Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.europa-apotheek.com
+
+-->
+<ruleset name="Europa-Apotheek.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.europa-apotheek.com" />
+
+	<!--	Complications:
+				-->
+	<target host="europa-apotheek.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.europa-apotheek\.com$" name="^(?:JSURFERID|xscbcus)$" /-->
+
+	<securecookie host="^www\.europa-apotheek\.com$" name=".+" />
+
+
+	<rule from="^http://europa-apotheek\.com/"
+		to="https://www.europa-apotheek.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Europa.eu-falsemixed.xml b/src/chrome/content/rules/Europa.eu-falsemixed.xml
new file mode 100644
index 000000000000..448d33188342
--- /dev/null
+++ b/src/chrome/content/rules/Europa.eu-falsemixed.xml
@@ -0,0 +1,18 @@
+<!--
+	For rules not causing false/broken MCB, see Europa.eu.xml.
+
+-->
+<ruleset name="Europa.eu (false MCB)" platform="mixedcontent">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="een.ec.europa.eu" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Europa.eu.xml b/src/chrome/content/rules/Europa.eu.xml
index d01c03e6ff4e..f2691efe5dbc 100644
--- a/src/chrome/content/rules/Europa.eu.xml
+++ b/src/chrome/content/rules/Europa.eu.xml
@@ -1,52 +1,233 @@
 <!--
-	Almost everything on europa.eu is missconfigured. but there are some exceptions.
+	Almost everything on europa.eu is misconfigured, but there are some exceptions.
+
+	For rules causing false/broken MCB, see Europa.eu-falsemixed.xml.
+
+	Nonfunctional hosts in *europa.eu:
+		- ^ ¹
+		- curia ¹
+
+		- eacea.ec ʰ
+		- inspire.ec ᵈ
+		- trade.ec ⁴
+
+		- archive.eiopa ʳ
+		- m.europarl ᵈ
+		- eurovoc ¹
+		- www.iss ʳ
+		- (www.)ombudsman ᵈ
+		- formex.publications ʳ
+		- ted ᵈ
+		- whoiswho ¹
+
+	¹ 400
+	⁴ 403; mismatched, CN: europa.eu
+	ᵈ Dropped
+	ʰ Redirects to http
+	ʳ Refused
+
+	Problematic hosts in *europa.eu:
+		- video.consilium ᶜ ᵐ
+		- een.ec ˣ
+		- eeas ᵐ
+		- www.eeas ³ ᵐ
+		- www.tmview ᵐ
+
+	³ 403, preemptable redirect
+	ᶜ Cloudfront
+	ᵐ Mismatched
+	ˣ Mixed css
+
+	Partially covered hosts in *europa.eu:
+		- www.consilium ʰ
+		- cordis ʰ
+		- ec ²
+
+	ʰ Some pages redirect to http
+	² $ 400s
+
+	Insecure cookies are set for these domains and hosts:
+		- bookshop.europa.eu
+		- ec.europa.eu
+		- .een.ec.europa.eu
+		- www.ecb.europa.eu
+		- eiopa.europa.eu
+		- .erc.europa.eu
+		- oami.europa.eu
+		- publication.europa.eu
 
+	Mixed content:
+		- css on een.ec from $self ˢ
 
-	Nonfunctional subdomains:
-
-		- ^	(403, valid cert)
-		- ec	(403)
-		- eur-lex	(shows ^; mismatched, CN: europa.eu)
-		- (www.)ombudsman	(times out)
-
-
-	Partially covered subdomains:
-
-		- cordis	(some pages redirect to http)
-
-
-	Fully covered subdomains:
-
-		- www.europol
+		- Images, on:
 
+			- een.ec from ec.europa.eu
+			- een.ec from $self ˢ
+			- www.europol from www.europol ˢ
 
-	Mixed content:
+		- Bugs, on:
 
-		- Image on www.europol from www.europol *
-	
-	* Secured by us
+			- cordis from sdc-cordis.mainstrat.com ˢ
+			- publications from $self ˢ
 
+	ˢ Secured by us
 -->
-<ruleset name="Europa.eu">
-
+<ruleset name="Europa.eu (partial)">
+	<!-- Direct rewrites: -->
+	<target host="bookshop.europa.eu" />
+	<target host="subscriptions-dsms.consilium.europa.eu" />
+	<target host="www.consilium.europa.eu" />
+	<target host="cordis.europa.eu" />
+	<target host="www.easa.europa.eu" />
+	<target host="www.eba.europa.eu" />
+	<target host="ec.europa.eu" />
+
+	<!--target host="een.ec.europa.eu" /-->
+	<target host="joinup.ec.europa.eu" />
+	<target host="webgate.ec.europa.eu" />
+
+	<target host="www.ecb.europa.eu" />
+	<target host="eiopa.europa.eu" />
+	<target host="enisa.europa.eu" />
+	<target host="www.enisa.europa.eu" />
+	<target host="erc.europa.eu" />
+	<target host="eur-lex.europa.eu" />
+	<target host="www.europarl.europa.eu" />
+	<target host="www.europol.europa.eu" />
+	<target host="oami.europa.eu" />
+	<target host="open-data.europa.eu" />
+	<target host="publications.europa.eu" />
+
+	<!-- Complications: -->
 	<target host="www.ecb.eu" />
-	<target host="*.europa.eu" />
-		<!--exclusion pattern="^http://cordis\.europa\.eu/+($|\?|css/|erawatch/css/|erawatch/icons/|favicon\.ico|guidance/icons/|live-edit/css/)" /-->
-		<exclusion pattern="^http://cordis\.europa\.eu/+(?!icons/|js/|wel/template-)" />
-
-
-	<!--securecookie host="^\.europol\.europa\.eu$" name="^SESS\w32$" /-->
-
-
-	<rule from="^http://www\.ecb(?:\.europa)?\.eu/"
-		to="https://www.ecb.europa.eu/" />
-
-	<rule from="^http://(?:www\.)?consilium\.europa\.eu/"
-		to="https://www.consilium.europa.eu/" />
-
-	<rule from="^http://(cordis|joinup\.ec|www\.europol)\.europa\.eu/"
-		to="https://$1.europa.eu/" />
 
-    <rule from="^http://(?:www\.)?easa\.europa\.eu/"
-        to="https://www.easa.europa.eu/" />
+	<target host="consilium.europa.eu" />
+	<target host="easa.europa.eu" />
+	<target host="www.tmview.europa.eu" />
+
+		<!-- Redirects to http: -->
+		<!--exclusion pattern="^http://www\.consilium\.europa\.eu/(?:\w\w/$|\w\w/(?:contact|home)/$|en/splash/?requested=%2f)" /-->
+		<!-- Exceptions: -->
+		<exclusion pattern="http://www\.consilium\.europa\.eu/+(?!content/|favicon\.ico|images/|uedocs/|uploadedImages/)" />
+
+			<!-- +ve: -->
+			<test url="http://www.consilium.europa.eu/en/contact/" />
+			<test url="http://www.consilium.europa.eu/en/home/" />
+			<test url="http://www.consilium.europa.eu/es/home/" />
+			<test url="http://www.consilium.europa.eu/fr/" />
+			<test url="http://www.consilium.europa.eu/it/" />
+			<test url="http://www.consilium.europa.eu/mt/" />
+			<test url="http://www.consilium.europa.eu/ro/" />
+
+			<!-- -ve: -->
+			<test url="http://www.consilium.europa.eu/content/css/ie-global.css" />
+			<test url="http://www.consilium.europa.eu/content/icons/customtile.png" />
+			<test url="http://www.consilium.europa.eu/content/images/logo.png" />
+			<test url="http://www.consilium.europa.eu/favicon.ico" />
+			<test url="http://www.consilium.europa.eu/images/council-loading.gif" />
+			<test url="http://www.consilium.europa.eu/uploadedImages/Multimedia/Photos/Image-library/logos/20160101-NLpresidency-Home.png?n=6368&amp;targetTypeId=tablet" />
+
+		<!-- Redirects to http: -->
+		<!--exclusion pattern="^http://cordis\.europa\.eu/+($|\?|erawatch/css/|erawatch/icons/|guidance/$|home_\w\w\.html|live-edit/css/|scienceweek/$)" /-->
+		<!-- Exceptions: -->
+		<exclusion pattern="^http://cordis\.europa\.eu/+(?!account/|common/arc/|css/|favicon\.ico|guidance/(?:cs|icon)s/|icons/|js/|scienceweek/+(?!$|\?)|wel/template-)" />
+
+			<!-- +ve: -->
+			<test url="http://cordis.europa.eu/archive/home_en.html" />
+			<test url="http://cordis.europa.eu/growth/" />
+			<test url="http://cordis.europa.eu/guidance/" />
+			<test url="http://cordis.europa.eu/guidance/home_en.html" />
+			<test url="http://cordis.europa.eu/home_en.html" />
+			<test url="http://cordis.europa.eu/ictresults/" />
+			<test url="http://cordis.europa.eu/incubators/library.htm" />
+			<test url="http://cordis.europa.eu/life/" />
+			<test url="http://cordis.europa.eu/liguria/infra_en.html" />
+			<test url="http://cordis.europa.eu/liguria/rd_en.html" />
+			<test url="http://cordis.europa.eu/malopolska/intro_en.html" />
+			<test url="http://cordis.europa.eu/nmp/past_highlights.htm" />
+			<test url="http://cordis.europa.eu/research-eu/magazine_en.html" />
+			<test url="http://cordis.europa.eu/scienceweek/" />
+			<test url="http://cordis.europa.eu/stuttgart/intro_en.html" />
+
+			<!-- -ve: -->
+			<test url="http://cordis.europa.eu/account/login_en" />
+			<test url="http://cordis.europa.eu/common/arc/css/cordis_archive.css" />
+			<test url="http://cordis.europa.eu/common/arc/icons/banner-archive_en.gif" />
+			<test url="http://cordis.europa.eu/css/content-home.css" />
+			<test url="http://cordis.europa.eu/css/splash.css" />
+			<test url="http://cordis.europa.eu/favicon.ico" />
+			<test url="http://cordis.europa.eu/guidance/css/styles.css" />
+			<test url="http://cordis.europa.eu/guidance/icons/nav-triangle.png" />
+			<test url="http://cordis.europa.eu/icons/op-cordis.png" />
+			<test url="http://cordis.europa.eu/scienceweek/css.css" />
+			<test url="http://cordis.europa.eu/scienceweek/exp_funzone.htm" />
+			<test url="http://cordis.europa.eu/scienceweek/home.htm" />
+			<test url="http://cordis.europa.eu/scienceweek/icons/logob.gif" />
+			<test url="http://cordis.europa.eu/scienceweek/media_press.htm" />
+
+		<!-- Redirects to http: -->
+		<!--exclusion pattern="^http://ec\.europa\.eu/index_en.htm /-->
+
+		<!-- 404: -->
+		<!--exclusion pattern="^http://ec\.europa\.eu/(?:ec_portal/(?:2016/images|stylesheets)/|growth/$|growth/contact/index_\w\w\.htm||index_\w\w\.htm|programmes/$|growth/tools-databases/newsroom/cf/_getimage\.cfm\?doc_id=)" /-->
+
+		<!-- Exceptions: -->
+		<exclusion pattern="^http://ec\.europa\.eu/(?!/*(?:(?:commission|eures|eusurvey|futurium|jrc|research)(?:$|[?/])|enterprise/images/|growth/(?:heroes/template|images|stylesheets)/|wel/))" />
+
+			<!-- +ve: -->
+			<test url="http://ec.europa.eu/anti_fraud/index_en.htm" />
+			<test url="http://ec.europa.eu/atoz_en.htm" />
+			<test url="http://ec.europa.eu/avservices/" />
+			<test url="http://ec.europa.eu/carol/" />
+			<test url="http://ec.europa.eu/cyprus/" />
+			<test url="http://ec.europa.eu/ec_portal/2016/images/btn-arrow-more.png" />
+			<test url="http://ec.europa.eu/ec_portal/stylesheets/styles-splash.css" />
+			<test url="http://ec.europa.eu/geninfo/query/search_en.html" />
+			<test url="http://ec.europa.eu/greece/index_el.htm" />
+			<test url="http://ec.europa.eu/growth/" />
+			<test url="http://ec.europa.eu/growth/contact/index_en.htm" />
+			<test url="http://ec.europa.eu/growth/tools-databases/newsroom/cf/_getimage.cfm?doc_id=8076" />
+			<test url="http://ec.europa.eu/index_en.htm" />
+			<test url="http://ec.europa.eu/sitemap/index_en.htm" />
+
+			<!-- -ve: -->
+			<test url="http://ec.europa.eu/commission" />
+			<test url="http://ec.europa.eu/enterprise/images/2013/bk_news_active.png" />
+			<test url="http://ec.europa.eu/eures" />
+			<test url="http://ec.europa.eu/eusurvey/" />
+			<test url="http://ec.europa.eu/eusurvey/runner/H2020SSOpenall" />
+			<test url="http://ec.europa.eu/futurium/" />
+			<test url="http://ec.europa.eu/growth/heroes/template/v2/images/eu-loading.gif" />
+			<test url="http://ec.europa.eu/growth/images/template-2014/banner/banner-en.gif" />
+			<test url="http://ec.europa.eu/growth/stylesheets/template-2014/entr-common.css" />
+			<test url="http://ec.europa.eu/jrc/" />
+			<test url="http://ec.europa.eu/research/participants/portal/desktop/en/opportunities/h2020/calls/erc-2016-stg.html" />
+			<test url="http://ec.europa.eu/wel/template-2013/images/logo/logo_en.gif" />
+			<test url="http://ec.europa.eu/wel/template-2013/stylesheets/ec.css" />
+
+		<test url="http://oami.europa.eu/knowledge/" />
+		<test url="http://oami.europa.eu/ohimportal/en/" />
+
+	<!-- Not secured by server: -->
+	<!--securecookie host="^bookshop\.europa\.eu$" name="^(?:pg|s)id$" /-->
+	<!--securecookie host="^ec\.europa\.eu$" name="^(?:EURES_LF_(?:MARKETPLACE|PLUGINS)_SESSIONID|JSESSIONID|JSESSIONIDEUSURVEY)$" /-->
+	<!--securecookie host="^\.(?:een\.ec|erc|europol)\.europa\.eu$" name="^SESS[\da-f]{32}$" /-->
+	<!--securecookie host="^www\.ecb\.europa\.eu$" name="^BIGipServerPOOL\.www\.ecb\.europa\.eu_HTTPS$" /-->
+	<!--securecookie host="^eiopa\.europa\.eu$" name="^(?:NSC_|SearchSession$)" /-->
+	<!--securecookie host="^oami\.europa\.eu$" name="^b{15}$" /-->
+	<!--securecookie host="^publications\.europa\.eu$" name="^JSESSIONID$" /-->
+
+	<securecookie host="^\." name="^_gat?$" />
+	<securecookie host="^(?:bookshop|www\.ecb|eiopa|oami|publications)\.europa\.eu$" name=".+" />
+	<securecookie host="^ec\.europa\.eu$" name="^JSESSIONIDEUSURVEY$" />
+
+	<rule from="^http://www\.ecb\.eu/" to="https://www.ecb.europa.eu/" />
+
+	<rule from="^http://(consilium|easa)\.europa\.eu/" to="https://www.$1.europa.eu/" />
+
+	<!-- Redirect drops path, args and forward slash: -->
+	<rule from="^http://www\.tmview\.europa\.eu/.*" to="https://www.tmdn.org/tmview/" />
+		<test url="http://www.tmview.europa.eu/tmview/welcome.html" />
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Europcar-Group.com.xml b/src/chrome/content/rules/Europcar-Group.com.xml
new file mode 100644
index 000000000000..bd6cfc4a9bb6
--- /dev/null
+++ b/src/chrome/content/rules/Europcar-Group.com.xml
@@ -0,0 +1,18 @@
+<!--
+	For other Europcar coverage, see Europcar.com.xml
+-->
+<ruleset name="Europcar Group.com">
+
+	<target host="europcar-group.com" />
+	<target host="www.europcar-group.com" />
+	<target host="finance.europcar-group.com" />
+	<target host="investors.europcar-group.com" />
+
+	<target host="europcar-mobility-group.com" />
+	<target host="www.europcar-mobility-group.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Europcar.co.nz.xml b/src/chrome/content/rules/Europcar.co.nz.xml
new file mode 100644
index 000000000000..b098ace14995
--- /dev/null
+++ b/src/chrome/content/rules/Europcar.co.nz.xml
@@ -0,0 +1,36 @@
+<!--
+	For other Europcar coverage, see Europcar.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(i)
+		- blog		(m)
+		- car-rental		(ssl connection error)
+		- movingsamsway		(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Europcar.co.nz">
+
+	<target host="europcar.co.nz" />
+	<target host="www.europcar.co.nz" />
+	<target host="b2b.europcar.co.nz" />
+	<target host="faq.europcar.co.nz" />
+	<target host="faq-test.europcar.co.nz" />
+	<target host="m.europcar.co.nz" />
+	<target host="mobile.europcar.co.nz" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://europcar\.co\.nz/"
+		to="https://www.europcar.co.nz/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Europcar.com.au.xml b/src/chrome/content/rules/Europcar.com.au.xml
new file mode 100644
index 000000000000..0921463fbece
--- /dev/null
+++ b/src/chrome/content/rules/Europcar.com.au.xml
@@ -0,0 +1,35 @@
+<!--
+	For other Europcar coverage, see Europcar.com.xml
+
+
+	Non-functional subdomains:
+		- blog	(m)
+		- memberships	(t)
+		- movingsamsway	(m)
+		- roadtrip	(m)
+		- sslvpn	(t)
+		- webportal	(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Europcar.com.au">
+
+	<target host="europcar.com.au" />
+	<target host="www.europcar.com.au" />
+	<target host="b2b.europcar.com.au" />
+	<target host="faq.europcar.com.au" />
+	<target host="faq-test.europcar.com.au" />
+	<target host="m.europcar.com.au" />
+	<target host="mobile.europcar.com.au" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Europcar.de.xml b/src/chrome/content/rules/Europcar.de.xml
new file mode 100644
index 000000000000..c97da523cc35
--- /dev/null
+++ b/src/chrome/content/rules/Europcar.de.xml
@@ -0,0 +1,46 @@
+<!--
+	For other Europcar coverage, see Europcar.com.xml
+
+
+	Non-functional subdomains:
+		- blog	(m)
+		- businessplus	(i)
+		- content	(i)
+		- faq-test	(m)
+		- m		(i)
+		- mfts	(e)
+		- mobile	(i)
+		- movingsamsway	(m)
+		- roadtrip	(m)
+		- your-selection	(i)
+		- www.your-selection	(i)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Europcar.de">
+
+	<target host="europcar.de" />
+	<target host="www.europcar.de" />
+	<target host="faq.europcar.de" />
+	<target host="firstnews.europcar.de" />
+	<target host="germany.europcar.de" />
+	<target host="news.europcar.de" />
+	<target host="service.europcar.de" />
+	<target host="autoboerse.service.europcar.de" />
+	<target host="chauffeur.service.europcar.de" />
+	<target host="serviceuat.europcar.de" />
+	<target host="autoboerse.serviceuat.europcar.de" />
+	<target host="chauffeur.serviceuat.europcar.de" />
+	<target host="umzugsmaterial.europcar.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Europcar.es.xml b/src/chrome/content/rules/Europcar.es.xml
new file mode 100644
index 000000000000..ca81e97ee47f
--- /dev/null
+++ b/src/chrome/content/rules/Europcar.es.xml
@@ -0,0 +1,31 @@
+<!--
+	For other Europcar coverage, see Europcar.com.xml
+
+
+	Non-functional subdomains:
+		- blog		(m)
+		- movingsamsway		(m)
+		- roadtrip		(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Europcar.es">
+
+	<target host="europcar.es" />
+	<target host="www.europcar.es" />
+	<target host="faq.europcar.es" />
+	<target host="faq-test.europcar.es" />
+	<target host="m.europcar.es" />
+	<target host="mobile.europcar.es" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Europcar.fr.xml b/src/chrome/content/rules/Europcar.fr.xml
new file mode 100644
index 000000000000..1c03e5b1e7b0
--- /dev/null
+++ b/src/chrome/content/rules/Europcar.fr.xml
@@ -0,0 +1,38 @@
+<!--
+	For other Europcar coverage, see Europcar.com.xml
+
+
+	Non-functional subdomains:
+		- blog	(m)
+		- calendrier-avent	(t)
+		- cartes	(i)
+		- ea	(t)
+		- faq-test	(i)
+		- movingsamsway	(m)
+		- roadtrip	(m)
+		- services	(i)
+		- student-box	(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Europcar.fr">
+
+	<target host="europcar.fr" />
+	<target host="www.europcar.fr" />
+	<target host="autoliberte.europcar.fr" />
+	<target host="faq.europcar.fr" />
+	<target host="m.europcar.fr" />
+	<target host="mobile.europcar.fr" />
+	<target host="mobilite.europcar.fr" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Europcar.it.xml b/src/chrome/content/rules/Europcar.it.xml
new file mode 100644
index 000000000000..e652e1c77d01
--- /dev/null
+++ b/src/chrome/content/rules/Europcar.it.xml
@@ -0,0 +1,53 @@
+<!--
+	For other Europcar coverage, see Europcar.com.xml
+
+
+	Non-functional subdomains:
+		- areabusiness	(r)
+		- blog	(m)
+		- careers	(r)
+		- convenzionita		(r)
+		- enelmia	(r)
+		- europnews	(r)
+		- flotta	(r)
+		- franchisee		(r)
+		- images	(r)
+		- movingsamsway		(m)
+		- roadtrip	(m)
+		- afl.sw	(i)
+		- geco.sw	(t)
+		- nemo.sw	(t)
+		- urent.sw	(r)
+		- winity.sw	(m)
+		- xclienti.sw	(t)
+		- xlogin.sw	(t)
+		- telepass	(r)
+		- viaggiacongusto	(r)
+		- whyeuropcar	(r)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Europcar.it">
+
+	<target host="europcar.it" />
+	<target host="www.europcar.it" />
+	<target host="consegna-auto-domicilio.europcar.it" />
+	<target host="faq.europcar.it" />
+	<target host="faq-test.europcar.it" />
+	<target host="m.europcar.it" />
+	<target host="mobile.europcar.it" />
+	<target host="selection.europcar.it" />
+	<target host="ecarweb.sw.europcar.it" />
+	<target host="gotit.sw.europcar.it" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Europe-Consommateurs.eu.xml b/src/chrome/content/rules/Europe-Consommateurs.eu.xml
new file mode 100644
index 000000000000..33a7127cde7b
--- /dev/null
+++ b/src/chrome/content/rules/Europe-Consommateurs.eu.xml
@@ -0,0 +1,8 @@
+<ruleset name="Europe-Consommateurs.eu">
+	<target host="europe-consommateurs.eu" />
+	<target host="www.europe-consommateurs.eu" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/EuropePMC.org.xml b/src/chrome/content/rules/EuropePMC.org.xml
new file mode 100644
index 000000000000..c89a551640b4
--- /dev/null
+++ b/src/chrome/content/rules/EuropePMC.org.xml
@@ -0,0 +1,25 @@
+<!--
+	Invalid certificate:
+		www.europepmc.org
+		dev.europepmc.org
+		labs.europepmc.org
+
+	Secure connection failed:
+		blog.europepmc.org
+
+-->
+<ruleset name="EuropePMC.org">
+
+	<target host="europepmc.org" />
+	<target host="www.europepmc.org" />
+	<target host="beta.europepmc.org" />
+	<target host="plus.europepmc.org" />
+	<target host="test.europepmc.org" />
+
+	<rule from="^http://www\.europepmc\.org/"
+		to="https://europepmc.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Europe_Miniatures.xml b/src/chrome/content/rules/Europe_Miniatures.xml
deleted file mode 100644
index 4878f178ed96..000000000000
--- a/src/chrome/content/rules/Europe_Miniatures.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	- Expired 2009-06-05
-	- CN: plesk
-
--->
-<ruleset name="Europe Minatures" default_off="expired, self-signed">
-
-	<target host="europe-miniatures.com" />
-	<target host="www.europe-miniatures.com" />
-
-
-	<rule from="^http://(?:www\.)?europe-miniatures\.com/"
-		to="https://europe-miniatures.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/European-Bioinformatics-Institute.xml b/src/chrome/content/rules/European-Bioinformatics-Institute.xml
index de558f7d6346..26960355c2dc 100644
--- a/src/chrome/content/rules/European-Bioinformatics-Institute.xml
+++ b/src/chrome/content/rules/European-Bioinformatics-Institute.xml
@@ -4,7 +4,6 @@
 
 
 	<!--	!www doesn't exist.	-->
-	<rule from="^http://www\.ebi\.co\.uk/"
-		to="https://www.ebi.co.uk/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/European-Nuclear-Society.xml b/src/chrome/content/rules/European-Nuclear-Society.xml
index 3c3af1661156..d78300c89006 100644
--- a/src/chrome/content/rules/European-Nuclear-Society.xml
+++ b/src/chrome/content/rules/European-Nuclear-Society.xml
@@ -5,7 +5,6 @@
 
 
 	<!--	!www prints "It works!" over https.	-->
-	<rule from="^https?://(?:www\.)?euronuclear\.org/"
-		to="https://www.euronuclear.org/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/European-Nuclear-Young-Generation-Forum.xml b/src/chrome/content/rules/European-Nuclear-Young-Generation-Forum.xml
index 905209744703..c87faa8b38b3 100644
--- a/src/chrome/content/rules/European-Nuclear-Young-Generation-Forum.xml
+++ b/src/chrome/content/rules/European-Nuclear-Young-Generation-Forum.xml
@@ -1,15 +1,15 @@
-<ruleset name="European Nuclear Young Generation Forum" default_off="mismatch">
+<ruleset name="European Nuclear Young Generation Forum" default_off="mismatched">
 
 	<!--	Cert: *.onebit.cz	-->
 	<target host="enygf.eu" />
 	<target host="www.enygf.eu" />
 
 
-	<securecookie host="^www\.enygf\.eu$" name=".*" />
+	<securecookie host="^www\.enygf\.eu$" name=".+" />
 
 
 	<!--	!www redirects to www.	-->
-	<rule from="^https?://(?:www\.)?enygf\.eu/"
+	<rule from="^http://(?:www\.)?enygf\.eu/"
 		to="https://www.enygf.eu/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/European-Southern-Observatory.xml b/src/chrome/content/rules/European-Southern-Observatory.xml
index 5e7aa662eca0..1b227ec5353a 100644
--- a/src/chrome/content/rules/European-Southern-Observatory.xml
+++ b/src/chrome/content/rules/European-Southern-Observatory.xml
@@ -1,11 +1,16 @@
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://eso.org/ => https://www.eso.org/: Cycle detected - URL already encountered: https://www.eso.org/public/
+Fetch error: http://www.eso.org/ => https://www.eso.org/: Cycle detected - URL already encountered: https://www.eso.org/public/
+-->
 <ruleset name="European Southern Observatory (partial)">
 
 	<target host="eso.org"/>
 	<target host="www.eso.org"/>
-		<exclusion pattern="^http://www\.eso\.org/public/(austria|belgium-(de|fr|nl)|brazil|chile|czechrepublic|denmark|finland|france|germany|italy|netherlands|portugal|spain|sweden)/"/>
+		<exclusion pattern="^http://www\.eso\.org/public/(?:austria|belgium-(?:de|fr|nl)|brazil|chile|czechrepublic|denmark|finland|france|germany|italy|netherlands|portugal|spain|sweden)/"/>
 		<exclusion pattern="^http://www\.eso\.org/public/news(?:$|\?|/)" />
 
-	<rule from="^http://(www\.)?eso\.org/"
+	<rule from="^http://(?:www\.)?eso\.org/"
 		to="https://www.eso.org/"/>
 
 </ruleset>
diff --git a/src/chrome/content/rules/EuropeanCensorshop.eu.xml b/src/chrome/content/rules/EuropeanCensorshop.eu.xml
deleted file mode 100644
index a7233621567c..000000000000
--- a/src/chrome/content/rules/EuropeanCensorshop.eu.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	Nonfunctional:
-
-		- tpb.europeancensorship.eu	(cert: www.europeancensorship.eu)
-
--->
-<ruleset name="EuropeanCensorship.eu (partial)">
-
-	<target host="europeancensorship.eu" />
-	<target host="www.europeancensorship.eu" />
-
-	<rule from="^http://(www\.)?europeancensorship\.eu/"
-		to="https://$1europeancensorship.eu/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/EuropeanSSL.xml b/src/chrome/content/rules/EuropeanSSL.xml
index 718a085d3095..2ebc3a113003 100644
--- a/src/chrome/content/rules/EuropeanSSL.xml
+++ b/src/chrome/content/rules/EuropeanSSL.xml
@@ -8,7 +8,9 @@
 <ruleset name="EuropeanSSL">
 
 	<target host="europeanssl.eu" />
-	<target host="*.europeanssl.eu" />
+	<target host="secure.europeanssl.eu" />
+	<target host="www.europeanssl.eu" />
+	<target host="www.secure.europeanssl.eu" />
 
 
 	<securecookie host="^secure\.europeanssl\.eu$" name=".+" />
@@ -17,4 +19,4 @@
 	<rule from="^http://(?:www\.)?(?:secure\.)?europeanssl\.eu/"
 		to="https://secure.europeanssl.eu/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/European_Energy_Exchange.xml b/src/chrome/content/rules/European_Energy_Exchange.xml
index 881eadd86e96..d62dcb764aec 100644
--- a/src/chrome/content/rules/European_Energy_Exchange.xml
+++ b/src/chrome/content/rules/European_Energy_Exchange.xml
@@ -12,7 +12,8 @@
 <ruleset name="European Energy Exchange (partial)">
 
 	<target host="eex.com" />
-	<target host="*.eex.com" />
+	<target host="www.eex.com" />
+	<target host="cdn.eex.com" />
 
 
 	<securecookie host="^\.eex\.com$" name="^sakura_session$" />
@@ -21,7 +22,6 @@
 	<rule from="^http://(?:www\.)?eex\.com/"
 		to="https://www.eex.com/" />
 
-	<rule from="^http://cdn\.eex\.com/"
-		to="https://cdn.eex.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/European_Space_Agency.xml b/src/chrome/content/rules/European_Space_Agency.xml
index 49ec877c8f0e..502ae1b163b8 100644
--- a/src/chrome/content/rules/European_Space_Agency.xml
+++ b/src/chrome/content/rules/European_Space_Agency.xml
@@ -1,14 +1,62 @@
+
 <!--
-	Some pages redirect to http
+Disabled by https-everywhere-checker because:
+Fetch error: http://eo-sso-idp.eo.esa.int/ => https://eo-sso-idp.eo.esa.int/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://eogrid.esrin.esa.int/ => https://eogrid.esrin.esa.int/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://esa.int/ => https://www.esa.int/: Too many redirects while fetching 'https://www.esa.int/'
+
+	European Space Agency
+
+
+	Nonfunctional hosts in *esa.int:
+
+		- blogs		(refused)
+		- sci ²
+
+	² Reset
+
+
+	Some pages redirect to http.
 
 -->
-<ruleset name="European Space Agency (partial)">
+<ruleset name="ESA.int (partial)" default_off="failed ruleset test">
 
-	<target host="esa.int" />
+	<!--	Direct rewrites:
+				-->
+	<target host="eo-sso-idp.eo.esa.int" />
+	<target host="eogrid.esrin.esa.int" />
 	<target host="www.esa.int" />
 
+	<!--	Complications:
+				-->
+	<target host="esa.int" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.esa\.int/ESA$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.esa\.int/(?!extension/|var/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.esa.int/ESA" />
+			<test url="http://www.esa.int/Education" />
+			<test url="http://www.esa.int/For_Media" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.esa.int/extension/esa_ext/design/esn2/images/layout/social/views.png" />
+
+
+	<securecookie host="^(?!www\.)\w" name=".+" />
+
+
+	<rule from="^http://esa\.int/"
+		to="https://www.esa.int/" />
 
-	<rule from="^http://(?:www\.)?esa\.int/(extension|var)/"
-		to="https://www.esa.int/$1/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Eurovision.de.xml b/src/chrome/content/rules/Eurovision.de.xml
new file mode 100644
index 000000000000..5c3b043299b2
--- /dev/null
+++ b/src/chrome/content/rules/Eurovision.de.xml
@@ -0,0 +1,15 @@
+<!--
+	Mixed content:
+		- www.ndr.de *
+
+	* secured by us
+-->
+<ruleset name="Eurovision.de">
+    <target host="eurovision.de" />
+    <target host="www.eurovision.de" />
+
+    <securecookie host="^(www\.)?eurovision\.de$" name=".+" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Eurovision.tv.xml b/src/chrome/content/rules/Eurovision.tv.xml
new file mode 100644
index 000000000000..3dcc311bbe58
--- /dev/null
+++ b/src/chrome/content/rules/Eurovision.tv.xml
@@ -0,0 +1,13 @@
+<ruleset name="ESC">
+	<target host="eurovision.tv"/>
+	<target host="*.eurovision.tv"/>
+
+	<rule from="^http:"
+		to="https:" />
+
+	<test url="http://60th.eurovision.tv/" />
+	<test url="http://matchmaker.eurovision.tv/" />
+	<test url="http://shop.eurovision.tv/" />
+	<test url="http://www.eurovision.tv/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Eurowings.com.xml b/src/chrome/content/rules/Eurowings.com.xml
new file mode 100644
index 000000000000..2af9e6e084ec
--- /dev/null
+++ b/src/chrome/content/rules/Eurowings.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Eurowings.com (partial)">
+	<target host="eurowings.com" />
+	<target host="www.eurowings.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Eustace.io.xml b/src/chrome/content/rules/Eustace.io.xml
new file mode 100644
index 000000000000..2ec4b0334414
--- /dev/null
+++ b/src/chrome/content/rules/Eustace.io.xml
@@ -0,0 +1,12 @@
+<!--
+	Nonfunctional hosts in *.eustace.io:
+		- eustace.io
+		- www.eustace.io
+-->
+<ruleset name="Eustace.io">
+	<target host="blog.eustace.io" />
+	<target host="pendulum.eustace.io" />
+	<target host="poetry.eustace.io" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/EvEGer.xml b/src/chrome/content/rules/EvEGer.xml
index e2bdbd7f2665..11bd32a74386 100644
--- a/src/chrome/content/rules/EvEGer.xml
+++ b/src/chrome/content/rules/EvEGer.xml
@@ -1,6 +1,6 @@
 <ruleset name="Eveger">
   <target host="eveger.de" />
   <target host="www.eveger.de" />
- 
-  <rule from="^http://(www\.)?eveger\.de/" to="https://www.eveger.de/" />
+
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Evanced.info.xml b/src/chrome/content/rules/Evanced.info.xml
new file mode 100644
index 000000000000..a490b918e358
--- /dev/null
+++ b/src/chrome/content/rules/Evanced.info.xml
@@ -0,0 +1,23 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://evanced.info/ => https://evanced.info/: (51, "SSL: no alternative certificate subject name matches target host name 'evanced.info'")
+
+-->
+<ruleset name="evanced.info" default_off="failed ruleset test">
+
+	<target host="evanced.info" />
+	<target host="ca.evanced.info" />
+	<target host="www.evanced.info" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(ca\.)?evanced\.info$" name="^AWSELB$" /-->
+
+	<securecookie host="^(?:ca\.)?evanced\.info$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Evaske.com.xml b/src/chrome/content/rules/Evaske.com.xml
new file mode 100644
index 000000000000..a999eafb8572
--- /dev/null
+++ b/src/chrome/content/rules/Evaske.com.xml
@@ -0,0 +1,24 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://evaske.com/ => https://evaske.com/: Too many redirects while fetching 'https://evaske.com/'
+Fetch error: http://www.evaske.com/ => https://www.evaske.com/: Too many redirects while fetching 'https://www.evaske.com/'
+Fetch error: http://clients.evaske.com/ => https://clients.evaske.com/: Too many redirects while fetching 'https://clients.evaske.com/'
+
+	Problematic:
+		- dev (Some sites serve wrong content)
+-->
+<ruleset name="Evaske.com" default_off="failed ruleset test">
+
+	<target host="evaske.com" />
+	<target host="www.evaske.com" />
+	<target host="clients.evaske.com" />
+
+
+	<securecookie host="^(?:clients|www)\.evaske\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Evbstatic.com.xml b/src/chrome/content/rules/Evbstatic.com.xml
new file mode 100644
index 000000000000..05ce32c9acfb
--- /dev/null
+++ b/src/chrome/content/rules/Evbstatic.com.xml
@@ -0,0 +1,15 @@
+<!--
+	For other Eventbrite coverage, see Eventbrite.xml.
+
+-->
+<ruleset name="Evbstatic.com">
+
+	<target host="cdn.evbstatic.com" />
+
+		<test url="http://cdn.evbstatic.com/s3-build/6632-rc2015-10-05_12.04-02c6003/django/images/sprites/eb_badge_icon.png" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Evbuc.com.xml b/src/chrome/content/rules/Evbuc.com.xml
new file mode 100644
index 000000000000..2af7409483aa
--- /dev/null
+++ b/src/chrome/content/rules/Evbuc.com.xml
@@ -0,0 +1,33 @@
+<!--
+	For other Eventbrite coverage, see Eventbrite.xml.
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .evbuc.com
+		- s.evbuc.com
+
+-->
+<ruleset name="EvbUC.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="cdn.evbuc.com" />
+	<target host="s.evbuc.com" />
+
+		<test url="http://cdn.evbuc.com/px-sandbox/tracking.html?event_id=&amp;path=&amp;organizer_uid=" />
+		<test url="http://s.evbuc.com/https_proxy?url=" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.evbuc\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+	<!--securecookie host="^s\.evbuc\.com$" name="^SERVERID$" /-->
+
+	<securecookie host="^s?\.evbuc\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Evenmere.org.xml b/src/chrome/content/rules/Evenmere.org.xml
new file mode 100644
index 000000000000..bbbedffddac8
--- /dev/null
+++ b/src/chrome/content/rules/Evenmere.org.xml
@@ -0,0 +1,30 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://blog.evenmere.org/ => https://blog.evenmere.org/: (6, 'Could not resolve host: blog.evenmere.org')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://blog.evenmere.org/ => https://blog.evenmere.org/: (6, 'Could not resolve host: blog.evenmere.org')
+	NB: Tor users cannot view* this website due to CloudFlare settings.
+
+	See:
+
+		- https://blog.torproject.org/blog/call-arms-helping-internet-services-accept-anonymous-users
+		- https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block-Tor-
+		- https://support.cloudflare.com/hc/en-us/articles/200170206-How-do-I-turn-I-m-Under-Attack-mode-on-
+
+	* without enabling javascript, for security and privacy implications see e.g.:
+
+		- https://www.mozilla.org/security/known-vulnerabilities/firefox.html
+		- https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-fingerprinting
+		- https://panopticlick.eff.org
+
+-->
+<ruleset name="evenmere.org (partial)" default_off="failed ruleset test">
+
+	<target host="blog.evenmere.org" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/EventOverload.xml b/src/chrome/content/rules/EventOverload.xml
index a0eba0593ae8..8e7cfe505ad3 100644
--- a/src/chrome/content/rules/EventOverload.xml
+++ b/src/chrome/content/rules/EventOverload.xml
@@ -1,13 +1,21 @@
-<ruleset name="EventOverload">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://eventoverload.com/ => https://eventoverload.com/: (51, "SSL: no alternative certificate subject name matches target host name 'eventoverload.com'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://eventoverload.com/ => https://eventoverload.com/: (60, 'SSL certificate problem: self signed certificate')
+-->
+<ruleset name="EventOverload" default_off="failed ruleset test">
 
 	<target host="eventoverload.com" />
-	<target host="*.eventoverload.com" />
+	<target host="static.eventoverload.com" />
+	<target host="www.eventoverload.com" />
 
 
 	<securecookie host="^\.?eventoverload\.com$" name=".+" />
 
 
-	<rule from="^http://(static\.|www\.)?eventoverload\.com/"
-		to="https://$1eventoverload.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Eventbrite.co.uk.xml b/src/chrome/content/rules/Eventbrite.co.uk.xml
new file mode 100644
index 000000000000..043b2e6419f1
--- /dev/null
+++ b/src/chrome/content/rules/Eventbrite.co.uk.xml
@@ -0,0 +1,49 @@
+<!--
+	For other Eventbrite coverage, see Eventbrite.xml.
+
+
+	Nonfunctional domains:
+
+		- help.eventbrite.co.uk *
+
+	* Refused
+
+
+	Fully covered domains:
+
+		- *.eventbrite.co.uk:
+
+			- www
+
+
+	Insecure cookies are set for these domains:
+
+		- .eventbrite.co.uk
+		- www.eventbrite.co.uk
+
+-->
+<ruleset name="Eventbrite.co.uk">
+
+	<target host="eventbrite.co.uk" />
+	<target host="*.eventbrite.co.uk" />
+		<exclusion pattern="^http://help\.eventbrite\.co\.uk/" />
+
+			<test url="http://help.eventbrite.co.uk/" />
+
+		<test url="http://www.eventbrite.co.uk/" />
+
+
+	<!--	Not secured by server:
+						-->
+	<!--securecookie host="^\.eventbrite\.co\.uk$" name="^(G|SP|csrftoken|eblang|mgref|mgrefby)$" /-->
+	<!--securecookie host="^www\.eventbrite\.co\.uk$" name="^(SERVERID|experiments_enrolled|mgsignup)$" /-->
+
+  <!--
+  https://trac.torproject.org/projects/tor/ticket/8056
+	<securecookie host="^(?:.*\.)?eventbrite\.co\.uk$" name=".+" />
+  -->
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Eventbrite.xml b/src/chrome/content/rules/Eventbrite.xml
index 63e7c1d768aa..4db60ae5f202 100644
--- a/src/chrome/content/rules/Eventbrite.xml
+++ b/src/chrome/content/rules/Eventbrite.xml
@@ -1,16 +1,46 @@
-<ruleset name="Eventbrite">
+<!--
+	Other Eventbrite rulesets:
+
+		- Evbstatic.com.xml
+		- Evbuc.com.xml
+		- Eventbrite.co.uk.xml
+		- eventbrite.de.xml
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- eventbrite.com
+		- .eventbrite.com
+		- ($account).eventbrite.com
+
+-->
+<ruleset name="Eventbrite.com">
 
 	<target host="eventbrite.com" />
 	<target host="*.eventbrite.com" />
-	<target host="eventbrite.co.uk" />
-	<target host="*.eventbrite.co.uk" />
 
-  <!--
-  https://trac.torproject.org/projects/tor/ticket/8056
-	<securecookie host="^(?:.*\.)?eventbrite\.co(?:m|\.uk)$" name=".+" />
-  -->
+		<test url="http://ebmedia.eventbrite.com/" />
+		<test url="http://evbdn.eventbrite.com/" />
+		<test url="http://fonts.eventbrite.com/" />
+		<test url="http://www.eventbrite.com/" />
+
+		<!--	Accounts:
+				-->
+		<test url="http://secretcon.eventbrite.com/" />
+
+
+	<!--	Not secured by server:
+						-->
+	<!--securecookie host="^eventbrite\.com$" name="^(AN|SERVERID|ebEventToTrack|ebcrumb)$" /-->
+	<!--securecookie host="^\.eventbrite\.com$" name="^(G|SP|csrftoken|eblang|ebtv|mgaff\d+|mgref|mgrefby)$" /-->
+	<!--securecookie host="^($account)\.eventbrite\.com$" name="^(AN|SERVERID|ebEventToTrack)$" /-->
+
+	<!--	https://trac.torproject.org/projects/tor/ticket/8056
+								-->
+	<!--securecookie host="^(?:.*\.)?eventbrite\.com$" name=".+" /-->
+
 
-	<rule from="^http://([^/:@]*\.)?eventbrite\.co(m|\.uk)/"
-		to="https://$1eventbrite.co$2/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Eventim.co.il.xml b/src/chrome/content/rules/Eventim.co.il.xml
new file mode 100644
index 000000000000..024d11bfdf07
--- /dev/null
+++ b/src/chrome/content/rules/Eventim.co.il.xml
@@ -0,0 +1,25 @@
+<!--
+	For other Eventim coverage, see Eventim.com.xml.
+
+	Problematic domains:
+		- eventim.co.il (m)
+
+	h: http redirect
+	m: certificate mismatch
+	n: no secure protocol supported
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Eventim.co.il">
+	<target host="eventim.co.il" />
+	<target host="www.eventim.co.il" />
+	<target host="secure.eventim.co.il" />
+	<target host="staging.eventim.co.il" />
+
+	<rule from="^http://eventim\.co\.il/"
+		to="https://www.eventim.co.il/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Eventim.co.uk.xml b/src/chrome/content/rules/Eventim.co.uk.xml
new file mode 100644
index 000000000000..9c98e62c0bdf
--- /dev/null
+++ b/src/chrome/content/rules/Eventim.co.uk.xml
@@ -0,0 +1,27 @@
+<!--
+	For other Eventim coverage, see Eventim.com.xml.
+
+	Problematic domains:
+		- eventim.co.uk (m)
+		- ticketnews.eventim.co.uk (p)
+
+	h: http redirect
+	m: certificate mismatch
+	n: no secure protocol supported
+	p: plaintext response
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Eventim.co.uk">
+	<target host="eventim.co.uk" />
+	<target host="www.eventim.co.uk" />
+	<target host="secure.eventim.co.uk" />
+	<target host="staging.eventim.co.uk" />
+
+	<rule from="^http://eventim\.co\.uk/"
+		to="https://www.eventim.co.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Eventim.com.br.xml b/src/chrome/content/rules/Eventim.com.br.xml
new file mode 100644
index 000000000000..9ffe3e3c6976
--- /dev/null
+++ b/src/chrome/content/rules/Eventim.com.br.xml
@@ -0,0 +1,23 @@
+<!--
+	For other Eventim coverage, see Eventim.com.xml.
+
+	Problematic domains:
+		- eventim.com.br (m)
+
+	h: http redirect
+	m: certificate mismatch
+	n: no secure protocol supported
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Eventim.com.br">
+	<target host="eventim.com.br" />
+	<target host="www.eventim.com.br" />
+
+	<rule from="^http://eventim\.com\.br/"
+		to="https://www.eventim.com.br/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Eventim.com.xml b/src/chrome/content/rules/Eventim.com.xml
new file mode 100644
index 000000000000..4bf19edb97fa
--- /dev/null
+++ b/src/chrome/content/rules/Eventim.com.xml
@@ -0,0 +1,70 @@
+<!--
+	Other Eventim rulesets:
+
+		- Eventim.co.il.xml
+		- Eventim.co.uk.xml
+		- Eventim.com.br.xml
+		- Eventim.cu.xml
+		- Eventim.de.xml
+		- Eventim.fr.xml
+		- Eventim.nl.xml
+		- Eventim.no.xml
+		- Eventim.pl.xml
+		- Eventim.se.xml
+		- Eventim.sk.xml
+		- Getgo.de.xml
+		- Lippupiste_Oy.xml
+		- Oeticket.xml
+		- Parter.ru.xml
+		- Paytoll.xml
+		- Ticketcorner.ch.xml
+
+	Problematic domains:
+		- eventim.bg (h)
+		- www.eventim.bg (h)
+		- secure.eventim.bg (m)
+
+		- eventim.com (t)
+		- www.eventim.com (t)
+
+		- eventim.cz (m)
+		- www.eventim.cz (t)
+
+		- eventim.hr (h)
+		- www.eventim.hr (h)
+
+		- eventim.hu (h)
+		- www.eventim.hu (h)
+
+		- eventim.ro (h)
+		- www.eventim.ro (h)
+
+		- eventim.rs (h)
+		- www.eventim.rs (h)
+
+		- eventim.si (h)
+		- www.eventim.si (h)
+
+	h: http redirect
+	m: certificate mismatch
+	n: no secure protocol supported
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Eventim.com">
+	<target host="api.eventim.com" />
+		<test url="http://api.eventim.com/eticket/api/html/eticket/download/assets/vendor/css.escape.js" />
+	<target host="autograph.eventim.com" />
+	<target host="content.eventim.com" />
+		<test url="http://content.eventim.com/static/uploaded/at/files/280b1f3b8225e4e68ccf54194f76142a.pdf" />
+	<target host="join.eventim.com" />
+		<test url="http://join.eventim.com/robots.txt" />
+	<target host="mam.eventim.com" />
+	<target host="redbullairrace.eventim.com" />
+	<target host="sma.eventim.com" />
+	<target host="tcc.eventim.com" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Eventim.cu.xml b/src/chrome/content/rules/Eventim.cu.xml
new file mode 100644
index 000000000000..3da2dfc169bc
--- /dev/null
+++ b/src/chrome/content/rules/Eventim.cu.xml
@@ -0,0 +1,23 @@
+<!--
+	For other Eventim coverage, see Eventim.com.xml.
+
+	Problematic domains:
+		- eventim.cu (t)
+
+	h: http redirect
+	m: certificate mismatch
+	n: no secure protocol supported
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Eventim.cu">
+	<target host="eventim.cu" />
+	<target host="www.eventim.cu" />
+
+	<rule from="^http://eventim\.cu/"
+		to="https://www.eventim.cu/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Eventim.de.xml b/src/chrome/content/rules/Eventim.de.xml
new file mode 100644
index 000000000000..6044ff36137f
--- /dev/null
+++ b/src/chrome/content/rules/Eventim.de.xml
@@ -0,0 +1,29 @@
+<!--
+	For other Eventim coverage, see Eventim.com.xml.
+
+	Problematic domains:
+		- eventim.de (m)
+		- blog.eventim.de (n)
+		- ticketnews.eventim.de (n)
+
+	h: http redirect
+	m: certificate mismatch
+	n: no secure protocol supported
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Eventim.de">
+	<target host="eventim.de" />
+	<target host="www.eventim.de" />
+	<target host="corporate.eventim.de" />
+	<target host="kino.eventim.de" />
+	<target host="secure.eventim.de" />
+	<target host="webreporting.eventim.de" />
+
+	<rule from="^http://eventim\.de/"
+		to="https://www.eventim.de/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Eventim.fr.xml b/src/chrome/content/rules/Eventim.fr.xml
new file mode 100644
index 000000000000..cdd6cd6b62d5
--- /dev/null
+++ b/src/chrome/content/rules/Eventim.fr.xml
@@ -0,0 +1,23 @@
+<!--
+	For other Eventim coverage, see Eventim.com.xml.
+
+	Problematic domains:
+		- eventim.fr (m)
+
+	h: http redirect
+	m: certificate mismatch
+	n: no secure protocol supported
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Eventim.fr">
+	<target host="eventim.fr" />
+	<target host="www.eventim.fr" />
+
+	<rule from="^http://eventim\.fr/"
+		to="https://www.eventim.fr/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Eventim.nl.xml b/src/chrome/content/rules/Eventim.nl.xml
new file mode 100644
index 000000000000..6592b59aef38
--- /dev/null
+++ b/src/chrome/content/rules/Eventim.nl.xml
@@ -0,0 +1,30 @@
+<!--
+	For other Eventim coverage, see Eventim.com.xml.
+
+	Problematic domains:
+		- eventim.nl (m)
+
+	h: http redirect
+	m: certificate mismatch
+	n: no secure protocol supported
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Eventim.nl">
+	<target host="eventim.nl" />
+	<target host="www.eventim.nl" />
+	<target host="acties.eventim.nl" />
+	<target host="bankgiroloterij.eventim.nl" />
+	<target host="groepen.eventim.nl" />
+	<target host="postcodeloterij.eventim.nl" />
+	<target host="secure.eventim.nl" />
+	<target host="sport.eventim.nl" />
+	<target host="web.eventim.nl" />
+
+	<rule from="^http://eventim\.nl/"
+		to="https://www.eventim.nl/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Eventim.no.xml b/src/chrome/content/rules/Eventim.no.xml
new file mode 100644
index 000000000000..cbe2b5fdf97e
--- /dev/null
+++ b/src/chrome/content/rules/Eventim.no.xml
@@ -0,0 +1,23 @@
+<!--
+	For other Eventim coverage, see Eventim.com.xml.
+
+	Problematic domains:
+		- eventim.no (m)
+
+	h: http redirect
+	m: certificate mismatch
+	n: no secure protocol supported
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Eventim.no">
+	<target host="eventim.no" />
+	<target host="www.eventim.no" />
+
+	<rule from="^http://eventim\.no/"
+		to="https://www.eventim.no/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Eventim.pl.xml b/src/chrome/content/rules/Eventim.pl.xml
new file mode 100644
index 000000000000..598080c0d959
--- /dev/null
+++ b/src/chrome/content/rules/Eventim.pl.xml
@@ -0,0 +1,25 @@
+<!--
+	For other Eventim coverage, see Eventim.com.xml.
+
+	Problematic domains:
+		- eventim.pl (m)
+		- m.eventim.pl (t)
+
+	h: http redirect
+	m: certificate mismatch
+	n: no secure protocol supported
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Eventim.pl">
+	<target host="eventim.pl" />
+	<target host="www.eventim.pl" />
+	<target host="secure.eventim.pl" />
+
+	<rule from="^http://eventim\.pl/"
+		to="https://www.eventim.pl/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Eventim.se.xml b/src/chrome/content/rules/Eventim.se.xml
new file mode 100644
index 000000000000..55ff1cb41231
--- /dev/null
+++ b/src/chrome/content/rules/Eventim.se.xml
@@ -0,0 +1,24 @@
+<!--
+	For other Eventim coverage, see Eventim.com.xml.
+
+	Problematic domains:
+		- eventim.se (m)
+
+	h: http redirect
+	m: certificate mismatch
+	n: no secure protocol supported
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Eventim.se">
+	<target host="eventim.se" />
+	<target host="www.eventim.se" />
+	<target host="secure.eventim.se" />
+
+	<rule from="^http://eventim\.se/"
+		to="https://www.eventim.se/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Eventim.sk.xml b/src/chrome/content/rules/Eventim.sk.xml
new file mode 100644
index 000000000000..0212000bba53
--- /dev/null
+++ b/src/chrome/content/rules/Eventim.sk.xml
@@ -0,0 +1,23 @@
+<!--
+	For other Eventim coverage, see Eventim.com.xml.
+
+	Problematic domains:
+		- eventim.sk (m)
+
+	h: http redirect
+	m: certificate mismatch
+	n: no secure protocol supported
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Eventim.sk">
+	<target host="eventim.sk" />
+	<target host="www.eventim.sk" />
+
+	<rule from="^http://eventim\.sk/"
+		to="https://www.eventim.sk/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Eventim.xml b/src/chrome/content/rules/Eventim.xml
deleted file mode 100644
index b68cadb86f67..000000000000
--- a/src/chrome/content/rules/Eventim.xml
+++ /dev/null
@@ -1,94 +0,0 @@
-<!--
-	Other Eventim rulesets:
-
-		- Lippupiste_Oy.xml
-		- Oeticket.xml
-		- Paytoll.xml
-		- Ticketcorner.xml
-
-
-	Problematic domains:
-
-		- eventim.bg *
-		- eventim.co.il
-		- eventim.co.uk
-		- eventim.cz
-		- eventim.de
-		- eventim.hr *
-		- eventim.hu *
-		- eventim.nl
-		- eventim.pl
-		- eventim.ro *
-		- eventim.se
-		- eventim.si *
-
-	* Mismatched, cert only matches www
-
-
-	Partially covered domains:
-
-		- (www.)eventim.bg *	(^ → www)
-		- (www.)eventim.hr *	(^ → www)
-		- (www.)eventim.hu *	(^ → www)
-		- (www.)eventim.ro *	(^ → www)
-		- (www.)eventim.si *	(^ → www)
-
-	* Some (most?) pages redirect to http
-
-
-	Fully covered domains:
-
-		- content.eventim.com
-		- ru.content.eventim.com
-		- (www.)eventim.co.il		(^ → www)
-		- secure.eventim.co.il
-		- (www.)eventim.co.uk		(^ → www)
-		- secure.eventim.co.uk
-		- (www.)eventim.cz		(^ → www)
-		- secure.eventim.cz
-		- (www.)eventim.de		(^ → www)
-		- secure.eventim.de
-		- (www.)eventim.nl		(^ → www)
-		- secure.eventim.nl
-		- (www.)eventim.pl		(^ → www)
-		- secure.eventim.pl
-		- (www.)eventim.se		(^ → www)
-		- secure.eventim.se
-
-
-	Targets solely for wildcard cookies:
-
-		- *.eventim.se
-
--->
-<ruleset name="Eventim (partial)">
-
-	<target host="eventim.*" />
-	<target host="secure.eventim.*" />
-	<target host="www.eventim.*" />
-		<exclusion pattern="^https?://(?:www\.)?eventim\.bg/(?!bg/moyat_profil/|bg/sign-in/)" />
-		<exclusion pattern="^https?://(?:www\.)?eventim\.hr/(?!hr/my_account/|hr/sign-in/)" />
-		<exclusion pattern="^https?://(?:www\.)?eventim\.hu/(?!hu/felhasznaloi_profilom/|hu/sign-in/)" />
-		<exclusion pattern="^https?://(?:www\.)?eventim\.ro/(?!ro/contul_meu/|ro/sign-in/)" />
-		<exclusion pattern="^https?://(?:www\.)?eventim\.si/(?!si/moj_racun/|si/sign-in/)" />
-	<target host="eventim.co.*" />
-	<target host="content.eventim.com" />
-	<target host="ru.content.eventim.com" />
-	<target host="*.eventim.co.il" />
-	<target host="*.eventim.co.uk" />
-	<target host="*.eventim.se" />
-
-
-	<securecookie host="^.*\.eventim\.se$" name=".+" />
-
-
-	<rule from="^https?://(?:www\.)?eventim\.(bg|cz|co\.il|co\.uk|de|hr|hu|nl|pl|ro|se|si)/"
-		to="https://www.eventim.$1/" />
-
-	<rule from="^http://(ru\.)?content\.eventim\.com/"
-		to="https://$1content.eventim.com/" />
-
-	<rule from="^http://secure\.eventim\.(co\.il|co\.uk|cz|de|nl|pl|se)/"
-		to="https://secure.eventim.$1/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Eventpoint.com.xml b/src/chrome/content/rules/Eventpoint.com.xml
new file mode 100644
index 000000000000..1f1942196d17
--- /dev/null
+++ b/src/chrome/content/rules/Eventpoint.com.xml
@@ -0,0 +1,34 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://acs-stage.eventpoint.com/ => https://acs-stage.eventpoint.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+	Nonfunctional hosts in *eventpoint.com:
+
+		- ^ ¹
+		- www ²
+
+	¹ Dropped
+	² Redirects to http
+
+
+	Fully covered hosts in *eventpoint.com:
+
+		- acs-stage
+
+-->
+<ruleset name="Eventpoint.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="acs-stage.eventpoint.com" />
+
+		<!--	Redirects to http://www.../$
+							-->
+		<!--exclusion pattern="^http://www\.eventpoint\.com/($|wp-content/)" /-->
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Events.ch.xml b/src/chrome/content/rules/Events.ch.xml
new file mode 100644
index 000000000000..6aabc2c9b203
--- /dev/null
+++ b/src/chrome/content/rules/Events.ch.xml
@@ -0,0 +1,20 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://events.ch/ => https://events.ch/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.events.ch/ => https://www.events.ch/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	Mismatch:
+		- s3.cf.events.ch
+		- test.events.ch
+		- www.doswald.events.ch
+		- www.fmr.events.ch
+		- www.a.events.ch
+-->
+<ruleset name="Events.ch" default_off="failed ruleset test">
+	<target host="events.ch" />
+	<target host="www.events.ch" />
+	<target host="static.events.ch" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/EverMap.com.xml b/src/chrome/content/rules/EverMap.com.xml
new file mode 100644
index 000000000000..48cd9b7fa244
--- /dev/null
+++ b/src/chrome/content/rules/EverMap.com.xml
@@ -0,0 +1,20 @@
+<!--
+	www: Cert only matches ^evermap.com
+
+-->
+<ruleset name="EverMap.com">
+
+	<target host="evermap.com" />
+	<target host="www.evermap.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?evermap\.com$" name="^ASPSESSIONID[A-Z]{8}$" /-->
+
+	<securecookie host="^(?:www\.)?evermap\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Everest_Technology.xml b/src/chrome/content/rules/Everest_Technology.xml
index e0d2c510ff61..0057fb45deb4 100644
--- a/src/chrome/content/rules/Everest_Technology.xml
+++ b/src/chrome/content/rules/Everest_Technology.xml
@@ -1,7 +1,25 @@
-<ruleset name="Everest Technology">
+<!--
+	Everest Technology
+
+
+	Insecure cookies are set for these domains: ᶜ
+
+		- .everesttech.net
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Everest Tech.net">
 
 	<target host="*.everesttech.net" />
 
+		<test url="http://pixel.everesttech.net/" />
+		<test url="http://pixel.everesttech.net/1/v" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.everesttech\.net$" name="^(ev_t2|everest_g_v2|everest_session_v2|gglck)$" /-->
 
 	<securecookie host="^\.everesttech\.net$" name=".+" />
 
@@ -11,4 +29,4 @@
 	<rule from="^http://pixel(\d*)\.everesttech\.net/"
 		to="https://pixel$1.everesttech.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Evergage.com-problematic.xml b/src/chrome/content/rules/Evergage.com-problematic.xml
deleted file mode 100644
index a5d626571d4e..000000000000
--- a/src/chrome/content/rules/Evergage.com-problematic.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	For rules that are on by default, see Evergage.com.xml.
-
--->
-<ruleset name="Evergage.com (problematic)" default_off="expired, mismatched, self-signed">
-
-	<target host="evergage.com" />
-	<target host="www.evergage.com" />
-
-
-	<securecookie host="^www\.evergage\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?evergage\.com/"
-		to="https://www.evergage.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Evergage.com.xml b/src/chrome/content/rules/Evergage.com.xml
index aaee0505b5f8..cb0e2d8b54a5 100644
--- a/src/chrome/content/rules/Evergage.com.xml
+++ b/src/chrome/content/rules/Evergage.com.xml
@@ -1,14 +1,14 @@
 <!--
-	For problematic rules, see Evergage.com-problematic.xml.
+	Nonfunctional hosts in *evergage.com:
 
+		- ^ ¹
+		- www ²
 
-	Problematic subdomains:
+	¹ Refused
+	² WP Engine
 
-		- ^	(dropped)
-		- www	(works; expired 2010-09-02, self-signed, CN: *.acquia-sites.com)
 
-
-	Fully covered subdomains:
+	Fully covered hosts in *evergage.com:
 
 		- cdn
 		- login
@@ -16,13 +16,16 @@
 -->
 <ruleset name="Evergage.com (partial)">
 
-	<target host="*.evergage.com" />
+	<!--	Direct rewrites:
+				-->
+	<target host="cdn.evergage.com" />
+	<target host="login.evergage.com" />
 
 
 	<securecookie host="^\.?login\.evergage\.com$" name=".+" />
 
 
-	<rule from="^http://(cd|logi)n\.evergage\.com/"
-		to="https://$1n.evergage.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Evermeet.cx.xml b/src/chrome/content/rules/Evermeet.cx.xml
new file mode 100644
index 000000000000..34d5b23c51e3
--- /dev/null
+++ b/src/chrome/content/rules/Evermeet.cx.xml
@@ -0,0 +1,15 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.evermeet.cx/ => https://www.evermeet.cx/: (51, "SSL: no alternative certificate subject name matches target host name 'www.evermeet.cx'")
+
+-->
+<ruleset name="evermeet.cx" default_off="failed ruleset test">
+
+	<target host="evermeet.cx" />
+	<target host="www.evermeet.cx" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Evernote-problematic.xml b/src/chrome/content/rules/Evernote-problematic.xml
deleted file mode 100644
index 706c5496e8a8..000000000000
--- a/src/chrome/content/rules/Evernote-problematic.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	For rules that are on by default, see Evernote.xml.
-
--->
-<ruleset name="Evernote (problematic)" default_off="mismatched">
-
-	<target host="devcup.evernote.com" />
-	<target host="2012.devcup.evernote.com" />
-	<target host="ru-support.evernote.com" />
-
-
-	<rule from="^http://([\w\.-]+)\.evernote\.com/"
-		to="https://$1.evernote.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Evernote.com.xml b/src/chrome/content/rules/Evernote.com.xml
new file mode 100644
index 000000000000..b56192a0afd1
--- /dev/null
+++ b/src/chrome/content/rules/Evernote.com.xml
@@ -0,0 +1,28 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+			 - devcup.evernote.com
+
+		Timeout was reached:
+			 - 2012.devcup.evernote.com
+
+		SSL peer certificate was not OK:
+			 - ru-support.evernote.com
+-->
+<ruleset name="Evernote.com (partial)">
+	<target host="evernote.com" />
+	<target host="blog.evernote.com" />
+	<target host="cdn1.evernote.com" />
+	<target host="dev.evernote.com" />
+	<target host="discussion.evernote.com" />
+	<target host="sandbox.evernote.com" />
+	<target host="shop.evernote.com" />
+	<target host="support.evernote.com" />
+	<target host="translate.evernote.com" />
+	<target host="trunk.evernote.com" />
+	<target host="www.evernote.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Evernote.xml b/src/chrome/content/rules/Evernote.xml
deleted file mode 100644
index fae4ad0ba27c..000000000000
--- a/src/chrome/content/rules/Evernote.xml
+++ /dev/null
@@ -1,40 +0,0 @@
-<!--
-	For problematic rules, see Evernote-problematic.xml.
-
-
-	Nonfunctional subdomains:
-
-		- discussion
-		- pootle
-		- translate	(times out)
-
-
-	Problematic subdomains:
-
-		- devcup *
-		- 2012.devcup *
-		- ru-support	(works, mismatched, CN: vmeste.bank24.ru)
-		- shop		(redirects to http, mismatched, CN: *.myshopify.com)
-
-	* Works, mismatched, CN: *.challengepost.com
-
--->
-<ruleset name="Evernote (partial)">
-
-	<target host="evernote.com" />
-	<target host="*.evernote.com" />
-
-
-	<securecookie host="^(?:.*\.)?evernote\.com$" name=".+" />
-
-
-	<rule from="^http://((?:blog|dev|sandbox|support|trunk|www)\.)?evernote\.com/"
-		to="https://$1evernote.com/" />
-
-	<rule from="^https?://discussion\.evernote\.com/public/style_images/"
-		to="https://i2.wp.com/discussion.evernote.com/public/style_images/" />
-
-	<rule from="^https?://shop\.evernote\.com/"
-		to="https://evernote.myshopify.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Everplans.com.xml b/src/chrome/content/rules/Everplans.com.xml
new file mode 100644
index 000000000000..362f7d8d9e20
--- /dev/null
+++ b/src/chrome/content/rules/Everplans.com.xml
@@ -0,0 +1,22 @@
+<!--
+	Fully covered subdomains:
+
+		- (www.)
+		- my
+
+-->
+<ruleset name="Everplans.com">
+
+	<target host="everplans.com" />
+	<target host="my.everplans.com" />
+	<target host="www.everplans.com" />
+
+
+	<!--	Secured by server:
+					-->
+	<!--securecookie host="^my\.everplans\.com$" name="^_everplans_session$" /-->
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Every_Angle_Media.xml b/src/chrome/content/rules/Every_Angle_Media.xml
index e7265d5a7bc8..ba8cbedbf78b 100644
--- a/src/chrome/content/rules/Every_Angle_Media.xml
+++ b/src/chrome/content/rules/Every_Angle_Media.xml
@@ -1,4 +1,4 @@
-<ruleset name="Every Angle Media">
+<ruleset name="Every Angle Media" default_off="mismatched">
 
 	<target host="everyanglemedia.com" />
 	<target host="www.everyanglemedia.com" />
@@ -7,7 +7,7 @@
 	<securecookie host="^(?:www\.)?everyanglemedia\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?everyanglemedia\.com/"
-		to="https://$1everyanglemedia.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/EverydayGiftCards.com.au.xml b/src/chrome/content/rules/EverydayGiftCards.com.au.xml
new file mode 100644
index 000000000000..deda7033fec6
--- /dev/null
+++ b/src/chrome/content/rules/EverydayGiftCards.com.au.xml
@@ -0,0 +1,14 @@
+<!--
+	For other Woolworths coverage, see Woolworths.com.au.xml
+-->
+<ruleset name="EverydayGiftCards.com.au">
+
+	<target host="everydaygiftcards.com.au" />
+	<target host="www.everydaygiftcards.com.au" />
+	<target host="manage.everydaygiftcards.com.au" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Everyday_Health.xml b/src/chrome/content/rules/Everyday_Health.xml
index 9a7fe31dc5c9..4dba57c36ad9 100644
--- a/src/chrome/content/rules/Everyday_Health.xml
+++ b/src/chrome/content/rules/Everyday_Health.xml
@@ -1,24 +1,27 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://everydayhealth.com/ => https://everydayhealth.com/: Too many redirects while fetching 'https://everydayhealth.com/'
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://everydayhealth.com/ => https://everydayhealth.com/: Cycle detected - URL already encountered: https://www.everydayhealth.com/
 	Nonfunctional domains:
 
 		- corporate.everydayhealth.com
 
 -->
-<ruleset name="Everyday Health (partial)">
+<ruleset name="Everyday Health (partial)" default_off="failed ruleset test">
 
 	<target host="images.agoramedia.com" />
-	<target host="everydayhealth.com" />
-	<target host="*.everydayhealth.com" />
 	<target host="images.waterfrontmedia.com" />
+	<target host="everydayhealth.com" />
+	<target host="content.everydayhealth.com" />
+	<target host="www.everydayhealth.com" />
 
 
 	<securecookie host="^www\.everydayhealth\.com$" name=".+" />
 
 
-	<rule from="^http://images\.(agora|waterfront)media\.com/"
-		to="https://images.$1media.com/" />
-
-	<rule from="^http://(content\.|www\.)?everydayhealth\.com/"
-		to="https://$1everydayhealth.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Everyday_Hero.xml b/src/chrome/content/rules/Everyday_Hero.xml
index b413be157f4a..78338ca786e6 100644
--- a/src/chrome/content/rules/Everyday_Hero.xml
+++ b/src/chrome/content/rules/Everyday_Hero.xml
@@ -7,19 +7,17 @@
 <ruleset name="Everyday Hero">
 
 	<target host="everydayhero.com" />
-	<target host="*.everydayhero.com" />
+	<target host="give.everydayhero.com" />
+	<target host="passport.everydayhero.com" />
+	<target host="www.everydayhero.com" />
 	<target host="everydayhero.com.au" />
-	<target host="*.everydayhero.com.au" />
+	<target host="www.everydayhero.com.au" />
 
 
 	<securecookie host="^\.(?:passport\.)?everydayhero\.com$" name=".+" />
 	<securecookie host="^(?:www\.)?everydayhero\.com\.au$" name=".+" />
 
 
-	<rule from="^http://(give\.|passport\.|www\.)?everydayhero\.com/"
-		to="https://$1everydayhero.com/" />
+	<rule from="^http:" to="https:" />
 
-	<rule from="^http://(www\.)?everydayhero\.com\.au/"
-		to="https://$1everydayhero.com.au/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Everydayfeminism.com.xml b/src/chrome/content/rules/Everydayfeminism.com.xml
new file mode 100644
index 000000000000..4d7cd27d0ee1
--- /dev/null
+++ b/src/chrome/content/rules/Everydayfeminism.com.xml
@@ -0,0 +1,13 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://everydayfeminism.com/ => https://everydayfeminism.com/: Too many redirects while fetching 'https://everydayfeminism.com/'
+Fetch error: http://www.everydayfeminism.com/ => https://www.everydayfeminism.com/: Too many redirects while fetching 'https://www.everydayfeminism.com/'
+
+-->
+<ruleset name="Everydayfeminism.com" default_off="failed ruleset test">
+	<target host="everydayfeminism.com" />
+	<target host="www.everydayfeminism.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Everyone_is_Gay.com.xml b/src/chrome/content/rules/Everyone_is_Gay.com.xml
index 29cce7260837..7c357ddcb1a9 100644
--- a/src/chrome/content/rules/Everyone_is_Gay.com.xml
+++ b/src/chrome/content/rules/Everyone_is_Gay.com.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(?:www\.)?everyoneisgay\.com/"
 		to="https://www.everyoneisgay.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Everything4bet.xml b/src/chrome/content/rules/Everything4bet.xml
deleted file mode 100644
index 44213b7c2c9e..000000000000
--- a/src/chrome/content/rules/Everything4bet.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="everything4bet">
-
-	<target host="everything4bet.net" />
-	<target host="*.everything4bet.net" />
-
-
-	<securecookie host="^(?:w*\.)?everything4bet\.net$" name=".+" />
-
-
-	<rule from="^http://(www\.)?everything4bet\.net/"
-		to="https://$1everything4bet.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Everything_Everywhere.xml b/src/chrome/content/rules/Everything_Everywhere.xml
index c79657b85ed3..083b63891840 100644
--- a/src/chrome/content/rules/Everything_Everywhere.xml
+++ b/src/chrome/content/rules/Everything_Everywhere.xml
@@ -1,6 +1,5 @@
 <!--
 	CDN buckets:
-
 		- assets[67].ee.co.uk.s3-external-3.amazonaws.com
 		- business-orange-live-orangedigital.s3.amazonaws.com
 		- ee-cookies.s3.amazonaws.com
@@ -8,53 +7,32 @@
 		- ee-nav.s3.amazonaws.com
 		- ee-static.s3.amazonaws.com
 		- ee-tagging.s3.amazonaws.com
-
 		- edev.i.lithium.com
-
 			- community
-
 		- c1400017.r17.cf3.rackcdn.com
-
 			- assets10
-
 		- c1400021.r21.cf3.rackcdn.com
-
 			- assets12
-
 		- c1400022.r22.cf3.rackcdn.com
-
 			- assets11
-
 		- c1400023.r23.stream.cf3.rackcdn.com
-
 			- assets13
-
 		- c1400024.ssl.cf3.rackcdn.com
-
 			- assets14
 
-
 	Nonfunctional subdomains:
-
 		- help		(times out)
 
-
 	Problematic subdomains:
-
 		- jobs		(works, self-signed)
 
-
-
-	Partially covered subdomains:
-
-		- business	(some pages redirect to http)
-
+	Timeout:
+		- assets[1-5]
+		- explore
 
 	Fully covered subdomains:
-
 		- (www.)
 		- apply
-		- assets[1-5]
 		- assets[67]	(→ s3-eu-west-1.amazonaws.com)
 		- assets1[012]	(→ ssl.cf3.rackcdn.com)
 		- broadband
@@ -63,21 +41,26 @@
 		- my
 		- shop
 		- storefinder
-
 -->
-<ruleset name="Everything Everywhere (partial)">
-
+<ruleset name="Everything_Everywhere (partial)">
 	<target host="ee.co.uk" />
-	<target host="*.ee.co.uk" />
-		<exclusion pattern="^http://business\.ee\.co\.uk/(?!favicon\.ico|misc/|modules/|sites/)" />
-
-
-	<!--securecookie host="^\.ee\.co\.uk$" name=".+" /-->
-	<securecookie host="^(?:(?:apply|broadband|community|explore|my|shop|storefinder)\.)?ee\.co\.uk$" name=".+" />
-
-
-	<rule from="^http://((?:apply|assets[1-5]|broadband|business|community|explore|my|shop|storefinder|www)\.)?ee\.co\.uk/"
-		to="https://$1ee.co.uk/" />
+	<target host="www.ee.co.uk" />
+	<target host="apply.ee.co.uk" />
+	<target host="broadband.ee.co.uk" />
+	<target host="business.ee.co.uk" />
+	<target host="community.ee.co.uk" />
+	<target host="myaccount.ee.co.uk" />
+	<target host="shop.ee.co.uk" />
+	<target host="storefinder.ee.co.uk" />
+	<target host="assets6.ee.co.uk" />
+	<target host="assets7.ee.co.uk" />
+	<target host="assets10.ee.co.uk" />
+	<target host="assets11.ee.co.uk" />
+	<target host="assets12.ee.co.uk" />
+	<target host="assets13.ee.co.uk" />
+	<target host="assets14.ee.co.uk" />
+
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http://assets6\.ee\.co\.uk/"
 		to="https://s3-eu-west-1.amazonaws.com/assets6.ee.co.uk/" />
@@ -100,4 +83,5 @@
 	<rule from="^http://assets14\.ee\.co\.uk/"
 		to="https://c1400024.ssl.cf3.rackcdn.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Evidon.xml b/src/chrome/content/rules/Evidon.xml
index e69b429bca41..5afbbf5d82c9 100644
--- a/src/chrome/content/rules/Evidon.xml
+++ b/src/chrome/content/rules/Evidon.xml
@@ -1,34 +1,56 @@
 <!--
-	blog.evidon.com is handled in WordPress-blogs.xml.
-
-
-	CDN buckets:
-
-		- www.betteradvertising.com.edgesuite.net
-			- cdn.betteradvertising.com
-
-
-	Problematic domains:
-
-		- cdn.betteradvertising.com	(akamai, works, → cdn.beterad.com)
-
+	Other Evidon related rulesets:
+		+ Ghostery.com.xml
+
+	Self-signed cert:
+		- betteradvertising.com
+		- www.betteradvertising.com
+		- betrad.com
+		- www.betrad.com
+		- blog.evidon.com
+
+	Cert expired:
+		- my.betteradvertising.com
+		- ads.evidon.com
+		- my.evidon.com
+
+	Cert mismatch:
+		- cdn.betteradvertising.com
+		- cdn.evidon.com
+		- em.evidon.com
+
+	Connection refused:
+		- graphite.evidon.com
 -->
 <ruleset name="Evidon Inc (partial)">
 
-	<target host="*.betrad.com"/>
-	<target host="*.betteradvertising.com"/>
-	<target host="*.evidon.com"/>
-
-	<rule from="^http://(c|cdn|l)\.betrad\.com/"
-		to="https://$1.betrad.com/"/>
-
-	<rule from="^https?://cdn\.(?:betteradvertising|evidon)\.com/"
-		to="https://cdn.betrad.com/" />
-
-	<rule from="^http://my\.betteradvertising\.com/"
-		to="https://my.betteradvertising.com/"/>
-
-	<rule from="^http://(info|my)\.evidon\.com/"
-		to="https://$1.evidon.com/"/>
-
+	<!-- *betrad.com -->
+
+	<target host="c.betrad.com" />
+	<target host="cdn.betrad.com" />
+	<target host="l.betrad.com" />
+	<target host="optout.betrad.com" />
+
+	<!-- *evidon.com -->
+	<target host="evidon.com" />
+	<target host="www.evidon.com" />
+
+	<target host="account.evidon.com"/>
+	<target host="c.evidon.com"/>
+	<target host="cop.evidon.com"/>
+	<target host="extension-cdn.evidon.com"/>
+	<target host="info.evidon.com"/>
+	<target host="insights.evidon.com"/>
+	<target host="l3.evidon.com"/>
+	<target host="marketing.evidon.com"/>
+	<target host="mcm.evidon.com"/>
+	<target host="optout.evidon.com"/>
+	<target host="owneriq.evidon.com"/>
+	<target host="privacy.evidon.com"/>
+	<target host="privacyapi.evidon.com"/>
+	<target host="publisher.evidon.com"/>
+	<target host="signon.evidon.com"/>
+	<target host="trackermap.evidon.com"/>
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Evil_32.com.xml b/src/chrome/content/rules/Evil_32.com.xml
new file mode 100644
index 000000000000..3f9c6774b00a
--- /dev/null
+++ b/src/chrome/content/rules/Evil_32.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="Evil 32.com">
+
+	<target host="evil32.com" />
+	<target host="www.evil32.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Evisa-Vietnam.Com.xml b/src/chrome/content/rules/Evisa-Vietnam.Com.xml
index cac1e44d1528..26c0da65d6ce 100644
--- a/src/chrome/content/rules/Evisa-Vietnam.Com.xml
+++ b/src/chrome/content/rules/Evisa-Vietnam.Com.xml
@@ -1,13 +1,26 @@
-<ruleset name="Evisa-Vietnam.Com">
+<!--
+	Insecure cookies are set for these hosts:
 
+		- evisa-vietnam.com
+		- www.evisa-vietnam.com
+
+-->
+<ruleset name="Evisa-Vietnam.com" default_off="expired">
+
+	<!--	Direct rewrites:
+				-->
 	<target host="evisa-vietnam.com" />
-	<target host="*.evisa-vietnam.com" />
+	<target host="www.evisa-vietnam.com" />
+
 
+	<!--	Not secured by server:
+					-->
+	<securecookie host="^(www\.)?evisa-vietnam\.com$" name="^[\da-f]{32}$" />
 
-	<securecookie host="^w*\.evisa-vietnam\.com$" name=".+" />
+	<securecookie host="^(?:www\.)?evisa-vietnam\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?evisa-vietnam\.com/"
-		to="https://$1evisa-vietnam.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Evm.dk.xml b/src/chrome/content/rules/Evm.dk.xml
new file mode 100644
index 000000000000..db8fd70673f8
--- /dev/null
+++ b/src/chrome/content/rules/Evm.dk.xml
@@ -0,0 +1,7 @@
+<ruleset name="Evm.dk">
+	<target host="evm.dk" />
+	<target host="www.evm.dk" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/EvoTronix.xml b/src/chrome/content/rules/EvoTronix.xml
index 990b51986e48..4bcb0e45d61b 100644
--- a/src/chrome/content/rules/EvoTronix.xml
+++ b/src/chrome/content/rules/EvoTronix.xml
@@ -1,35 +1,19 @@
 <!--
-	CDN buckets:
+	Problematic hosts in *evotronix.com:
 
-		- evotronix.evotronix.netdna-cdn.com
+		- faq ᵐ
 
-			- -ssl doesn't exist
-
-
-	Nonfunctional subdomains:
-
-		- faq *
-		- forum *
-
-	* Shows ^
-
-
-	Problematic subdomains:
-
-		- www		(cert only matches ^evotronix.com)
+	ᵐ Mismatched
 
 -->
-<ruleset name="EvoTronix (partial)">
+<ruleset name="EvoTronix.com (partial)">
 
 	<target host="evotronix.com" />
-	<target host="*.evotronix.com" />
-	<target host="evotronix.evotronix.netdna-cdn.com" />
-
+	<target host="mail.evotronix.com" />
+	<target host="www.evotronix.com" />
 
-	<rule from="^https?://(?:www\.)?evotronix(?:\.netdna-cdn)?\.com/"
-		to="https://evotronix.com/" />
 
-	<rule from="^https://f(aq|orum)\.evotronix\.com/"
-		to="http://f$1.evotronix.com/" downgrade="1" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/EvolMed.com.xml b/src/chrome/content/rules/EvolMed.com.xml
new file mode 100644
index 000000000000..55912416ca8e
--- /dev/null
+++ b/src/chrome/content/rules/EvolMed.com.xml
@@ -0,0 +1,11 @@
+<ruleset name="EvolMed.com">
+
+	<target host="evolmed.com" />
+	<target host="www.evolmed.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Evoliatis.com.xml b/src/chrome/content/rules/Evoliatis.com.xml
new file mode 100644
index 000000000000..edc21ec55b7d
--- /dev/null
+++ b/src/chrome/content/rules/Evoliatis.com.xml
@@ -0,0 +1,19 @@
+<!--
+	Invalid certificate:
+		cloud.evoliatis.com
+		ref.evoliatis.com
+
+	Mixed content from fonts.googleapis.com:
+		evoliatis.com
+		www.evoliatis.com
+
+-->
+<ruleset name="Evoliatis.com" platform="mixedcontent">
+
+	<target host="evoliatis.com" />
+	<target host="www.evoliatis.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Evoliatis.xml b/src/chrome/content/rules/Evoliatis.xml
deleted file mode 100644
index 952ebb2f078f..000000000000
--- a/src/chrome/content/rules/Evoliatis.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<!--	Nonfunctional:
-		www.evoliatis.com	(cert: antares.evoliatis.fr; pages redirect to http, wp-content not found)
--->
-
-<ruleset name="Evoliatis (partial)" default_off="mismatch, self-signed">
-
-	<!--	castor.evoliatis.fr	-->
-	<target host="ref.evoliatis.com"/>
-
-	<rule from="^http://ref\.evoliatis\.com/"
-		to="https://ref.evoliatis.com/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Evoluted.net.xml b/src/chrome/content/rules/Evoluted.net.xml
new file mode 100644
index 000000000000..4b91ff3c1e6f
--- /dev/null
+++ b/src/chrome/content/rules/Evoluted.net.xml
@@ -0,0 +1,29 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- evoluted.net
+		- www.evoluted.net
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Evoluted.net" default_off="testing">
+
+	<target host="evoluted.net" />
+	<target host="assets.evoluted.net" />
+	<target host="www.evoluted.net" />
+
+		<test url="http://assets.evoluted.net/assets/img/client-logos/nhs.png" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?evoluted\.net$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Evonomics.com.xml b/src/chrome/content/rules/Evonomics.com.xml
new file mode 100644
index 000000000000..423bde7be1bf
--- /dev/null
+++ b/src/chrome/content/rules/Evonomics.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="Evonomics">
+
+	<target host="evonomics.com" />
+	<target host="www.evonomics.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Evozi.com.xml b/src/chrome/content/rules/Evozi.com.xml
new file mode 100644
index 000000000000..5bf748fc960d
--- /dev/null
+++ b/src/chrome/content/rules/Evozi.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="Evozi">
+	<target host="evozi.com" />
+	<target host="apps.evozi.com" />
+	<target host="storage.evozi.com" />
+	<target host="www.evozi.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Eweka.nl.xml b/src/chrome/content/rules/Eweka.nl.xml
new file mode 100644
index 000000000000..c656e3e9f4f9
--- /dev/null
+++ b/src/chrome/content/rules/Eweka.nl.xml
@@ -0,0 +1,24 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- eweka.nl
+		- www.eweka.nl
+
+-->
+<ruleset name="Eweka.nl">
+
+	<target host="eweka.nl" />
+	<target host="www.eweka.nl" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?eweka\.nl$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ex10.biz.xml b/src/chrome/content/rules/Ex10.biz.xml
new file mode 100644
index 000000000000..033562a2c8d8
--- /dev/null
+++ b/src/chrome/content/rules/Ex10.biz.xml
@@ -0,0 +1,25 @@
+<!--
+	For other Ikoula coverage, see Ikoula.com.xml.
+
+
+	^ex10.biz: Shows another domain
+
+-->
+<ruleset name="Ex10.biz">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.ex10.biz" />
+
+	<!--	Complications:
+				-->
+	<target host="ex10.biz" />
+
+
+	<rule from="^http://ex10\.biz/"
+		to="https://www.ex10.biz/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ex_Libris.xml b/src/chrome/content/rules/Ex_Libris.xml
index bf0d85a6b495..85ec0d13e07e 100644
--- a/src/chrome/content/rules/Ex_Libris.xml
+++ b/src/chrome/content/rules/Ex_Libris.xml
@@ -21,4 +21,4 @@
 	<rule from="^http://(?:\w+sfx\.|sfx)hosted\.exlibrisgroup\.com/"
 		to="https://sfxhosted.exlibrisgroup.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Ex_Ratione.com.xml b/src/chrome/content/rules/Ex_Ratione.com.xml
new file mode 100644
index 000000000000..895ccde3db34
--- /dev/null
+++ b/src/chrome/content/rules/Ex_Ratione.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="Ex Ratione.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="exratione.com" />
+	<target host="mail.exratione.com" />
+	<target host="www.exratione.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ExaVault.com.xml b/src/chrome/content/rules/ExaVault.com.xml
new file mode 100644
index 000000000000..ef5ec5f0771d
--- /dev/null
+++ b/src/chrome/content/rules/ExaVault.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="ExaVault.com">
+
+	<target host="exavault.com" />
+	<target host="www.exavault.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Exaccess.ru.xml b/src/chrome/content/rules/Exaccess.ru.xml
index 07f6e84d3e39..be6335b6b875 100644
--- a/src/chrome/content/rules/Exaccess.ru.xml
+++ b/src/chrome/content/rules/Exaccess.ru.xml
@@ -6,10 +6,10 @@
 -->
 <ruleset name="exaccess.ru (partial)">
 
-	<target host="*.exaccess.ru" />
+	<target host="dynamic.exaccess.ru" />
+	<target host="static.exaccess.ru" />
 
 
-	<rule from="^http://(dynam|stat)ic\.exaccess\.ru/"
-		to="https://$1ic.exaccess.ru/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Exacom.sk.xml b/src/chrome/content/rules/Exacom.sk.xml
new file mode 100644
index 000000000000..38f5d3c67a19
--- /dev/null
+++ b/src/chrome/content/rules/Exacom.sk.xml
@@ -0,0 +1,19 @@
+<!--
+	(www.)?: Mismatched
+
+-->
+<ruleset name="Exacom.sk">
+
+	<!--	Complications:
+				-->
+  <target host="exacom.sk" />
+  <target host="www.exacom.sk" />
+
+	<!--	Redirect keeps path and args,
+		but not forward slash:
+					-->
+	<rule from="^http://(?:www\.)?exacom\.sk/+"
+		to="https://www.exahost.com/" />
+
+		<test url="http://www.exacom.sk//" />
+</ruleset>
diff --git a/src/chrome/content/rules/ExactTarget-mismatches.xml b/src/chrome/content/rules/ExactTarget-mismatches.xml
index 09f38cf46f76..daafdd947eed 100644
--- a/src/chrome/content/rules/ExactTarget-mismatches.xml
+++ b/src/chrome/content/rules/ExactTarget-mismatches.xml
@@ -2,7 +2,7 @@
 	See ExactTarget.xml for rules that are on by default.
 
 -->
-<ruleset name="ExactTarget (mismatches)" default_off="mismatches">
+<ruleset name="ExactTarget (mismatches)" default_off="mismatched">
 
 	<!--	Cert: *.compendiumblog.com	-->
 	<target host="blog.exacttarget.com" />
@@ -10,7 +10,6 @@
 	<target host="partners.exacttarget.com" />
 
 
-	<rule from="^http://(blog|partners)\.exacttarget\.com/"
-		to="https://$1.exacttarget.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/ExactTarget.xml b/src/chrome/content/rules/ExactTarget.xml
index de93662714e8..b6dd415dcc46 100644
--- a/src/chrome/content/rules/ExactTarget.xml
+++ b/src/chrome/content/rules/ExactTarget.xml
@@ -1,22 +1,267 @@
+
 <!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Fetch error: http://3sixty.exacttarget.com/ => https://3sixty.exacttarget.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://imh.boa.exacttarget.com/ => https://imh.boa.exacttarget.com/: (51, "SSL: no alternative certificate subject name matches target host name 'imh.boa.exacttarget.com'")
+Fetch error: http://email.exacttarget.com/ => https://email.exacttarget.com/: (51, "SSL: no alternative certificate subject name matches target host name 'email.exacttarget.com'")
+Fetch error: http://nexus.exacttarget.com/ => https://nexus.exacttarget.com/: (51, "SSL: no alternative certificate subject name matches target host name 'nexus.exacttarget.com'")
+Fetch error: http://partners.exacttarget.com/ => https://partners.exacttarget.com/: (51, "SSL: no alternative certificate subject name matches target host name 'partners.exacttarget.com'")
+Fetch error: http://auth.poc.exacttarget.com/ => https://auth.poc.exacttarget.com/: (6, 'Could not resolve host: auth.poc.exacttarget.com')
+Fetch error: http://imh.poc.exacttarget.com/ => https://imh.poc.exacttarget.com/: (6, 'Could not resolve host: imh.poc.exacttarget.com')
+Fetch error: http://auth.s1.qa2.exacttarget.com/ => https://auth.s1.qa2.exacttarget.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://auth.s2.qa2.exacttarget.com/ => https://auth.s2.qa2.exacttarget.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://imh.s1.qa2.exacttarget.com/ => https://imh.s1.qa2.exacttarget.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://imh.s2.qa2.exacttarget.com/ => https://imh.s2.qa2.exacttarget.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://mc.s1.qa2.exacttarget.com/ => https://mc.s1.qa2.exacttarget.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://mc.s2.qa2.exacttarget.com/ => https://mc.s2.qa2.exacttarget.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://auth.s100.exacttarget.com/ => https://auth.s100.exacttarget.com/: (51, "SSL: no alternative certificate subject name matches target host name 'auth.s100.exacttarget.com'")
+Fetch error: http://auth.test.exacttarget.com/ => https://auth.test.exacttarget.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://members.test.exacttarget.com/ => https://members.test.exacttarget.com/: (28, 'Operation timed out after 30002 milliseconds with 0 bytes received')
+
 	See ExactTarget-mismatches.xml for problematic rules.
 
+	Other ExactTarget rulesets:
+
+		- Fuelcdn.com.xml
+
+
+	CDN buckets:
+
+		- akamai-san1.exacttarget.com.edgekey.net
+
+			- image.s4
+
+		- image.s100.exacttarget.com.edgesuite.net
+
+			- prg-image-dr.global
+
+		- images.s4.exacttarget.com.edgesuite.net
+
+			- images.s4
+
+		- images.s5.exacttarget.com.edgesuite.net
+
+			- image.boa
+
+		- images.s6.exacttarget.com.edgesuite.net
+
+			- prg-image.global
+
+
+	Nonfunctional subdomains:
+
+		- click.poc *
+		- view.virt ²
+
+	* Dropped *
+
+
+	Problematic subdomains:
+
+		- image.boa ¹
+		- prg-image.global ¹
+		- prg-image-dr.global ¹
+		- images.s4 ¹
+		- auth.s5 ²
+		- images.s5 ¹
+		- imh.s5 ³
+
+	¹ Works, akamai
+	² Mismatched, CN: auth.boa.exacttarget.com
+	³ Mismatched, CN: *.boa.exacttarget.com
+
+
+	Fully covered subdomains:
+
+		- (www.)	(^ → www)
+		- 3sixty
+
+		- auth.boa
+		- click.boa
+		- imh.boa
+		- mc.boa
+
+		- brandcdn
+		- click
+		- email
+		- image
+		- imh
+		- mc
+		- members
+		- nexus
+		- pages
+		- partners
+
+		- auth.poc
+		- imh.poc
+		- mc.poc
+
+		- auth.s1.qa1
+		- imh.s1.qa1
+		- mc.s1.qa1
+		- auth.s2.qa1
+		- imh.s2.qa1
+		- mc.s2.qa1
+
+		- auth.s1.qa2
+		- imh.s1.qa2
+		- mc.s1.qa2
+		- auth.s2.qa2
+		- imh.s2.qa2
+		- mc.s2.qa2
+
+		- imh.s1.qa3
+		- mc.s1.qa3
+
+		- auth.s1
+		- mc.s1
+		- auth.s100
+		- mc.s100
+
+		- auth.s4
+		- click.s4
+		- image.s4
+		- images.s4	(→ image.s4)
+		- imh.s4
+		- mc.s4
+		- members.s4
+
+		- mc.s5
+		- members.s5
+
+		- auth.s6
+		- click.s6
+		- image.s6
+		- imh.s6
+		- mc.s6
+		- members.s6
+
+		- auth.s7
+		- click.s7
+		- image.s7
+		- mc.s7
+		- members.s7
+
+		- auth.s8
+		- click.s8
+		- image.s8
+		- members.s8
+		- mc.s8
+
+		- auth.test
+		- mc.test
+		- members.test
+
+
+	These altnames don't exist:
+
+		- akamai-san1.exacttarget.com
+		- akamai-san4.exacttarget.com
+		- akamai-san5.exacttarget.com
+		- akamai-san6.exacttarget.com
+		- auth.exacttarget.com
+		- auth-san.exacttarget.com
+		- auth.global.exacttarget.com
+		- auth.qa1.exacttarget.com
+		- auth.qa2.exacttarget.com
+		- auth.qa3.exacttarget.com
+		- click.test.exacttarget.com
+
+
+	Mixed content:
+
+		- Images on members.s7 from image.exct.net
+
 -->
-<ruleset name="ExactTarget (partial)" platform="mixedcontent">
+<ruleset name="ExactTarget (partial)">
 
 	<target host="exacttarget.com" />
+	<target host="www.exacttarget.com" />
+	<!-- target host="3sixty.exacttarget.com" /-->
+	<target host="auth.boa.exacttarget.com" />
+	<target host="click.boa.exacttarget.com" />
+	<!-- target host="imh.boa.exacttarget.com" /-->
+	<target host="mc.boa.exacttarget.com" />
+	<target host="brandcdn.exacttarget.com" />
+	<target host="click.exacttarget.com" />
+	<!-- target host="email.exacttarget.com" /-->
+	<target host="image.exacttarget.com" />
+	<target host="imh.exacttarget.com" />
+	<target host="mc.exacttarget.com" />
+	<target host="members.exacttarget.com" />
+	<!-- target host="nexus.exacttarget.com" /-->
+	<target host="pages.exacttarget.com" />
+	<!-- target host="partners.exacttarget.com" /-->
+	<!-- target host="auth.poc.exacttarget.com" /-->
+	<!-- target host="imh.poc.exacttarget.com" /-->
+	<target host="mc.poc.exacttarget.com" />
+	<target host="auth.s1.qa1.exacttarget.com" />
+	<!-- target host="auth.s1.qa2.exacttarget.com" /-->
+	<target host="auth.s1.qa3.exacttarget.com" />
+	<target host="auth.s2.qa1.exacttarget.com" />
+	<!-- target host="auth.s2.qa2.exacttarget.com" /-->
+	<target host="auth.s2.qa3.exacttarget.com" />
+	<target host="imh.s1.qa1.exacttarget.com" />
+	<!-- target host="imh.s1.qa2.exacttarget.com" /-->
+	<target host="imh.s1.qa3.exacttarget.com" />
+	<target host="imh.s2.qa1.exacttarget.com" />
+	<!-- target host="imh.s2.qa2.exacttarget.com" /-->
+	<target host="imh.s2.qa3.exacttarget.com" />
+	<target host="mc.s1.qa1.exacttarget.com" />
+	<!-- target host="mc.s1.qa2.exacttarget.com" /-->
+	<target host="mc.s1.qa3.exacttarget.com" />
+	<target host="mc.s2.qa1.exacttarget.com" />
+	<!-- target host="mc.s2.qa2.exacttarget.com" /-->
+	<target host="mc.s2.qa3.exacttarget.com" />
 	<target host="auth.s1.exacttarget.com" />
-	<target host="*.exacttarget.com" />
+	<target host="mc.s1.exacttarget.com" />
+	<!-- target host="auth.s100.exacttarget.com" /-->
+	<target host="mc.s100.exacttarget.com" />
+	<target host="auth.s4.exacttarget.com" />
+	<target host="click.s4.exacttarget.com" />
+	<target host="image.s4.exacttarget.com" />
+	<target host="imh.s4.exacttarget.com" />
+	<target host="mc.s4.exacttarget.com" />
+	<target host="members.s4.exacttarget.com" />
+	<target host="mc.s5.exacttarget.com" />
+	<target host="members.s5.exacttarget.com" />
+	<target host="auth.s6.exacttarget.com" />
+	<target host="click.s6.exacttarget.com" />
+	<target host="image.s6.exacttarget.com" />
+	<target host="imh.s6.exacttarget.com" />
+	<target host="mc.s6.exacttarget.com" />
+	<target host="members.s6.exacttarget.com" />
+	<target host="auth.s7.exacttarget.com" />
+	<target host="click.s7.exacttarget.com" />
+	<target host="image.s7.exacttarget.com" />
+	<target host="mc.s7.exacttarget.com" />
+	<target host="members.s7.exacttarget.com" />
+	<target host="auth.s8.exacttarget.com" />
+	<target host="click.s8.exacttarget.com" />
+	<target host="image.s8.exacttarget.com" />
+	<target host="mc.s8.exacttarget.com" />
+	<target host="members.s8.exacttarget.com" />
+	<!-- target host="auth.test.exacttarget.com" /-->
+	<target host="mc.test.exacttarget.com" />
+	<!-- target host="members.test.exacttarget.com" /-->
+	<target host="images.s4.exacttarget.com" />
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^3sixty\.exacttarget\.com$" name="^(\.ASPXANONYMOUS|language)$" /-->
 
-	<securecookie host="^(.*\.)?exacttarget\.com$" name=".*" />
+	<securecookie host=".+" name=".+"/>
 
 
 	<!--	Cert doesn't match !www.	-->
 	<rule from="^http://(?:www\.)?exacttarget\.com/"
 		to="https://www.exacttarget.com/" />
 
-	<rule from="^http://(3sixty|members|nexus|pages|auth\.s1)\.exacttarget\.com/"
-		to="https://$1.exacttarget.com/" />
 
+	<rule from="^http://images\.s4\.exacttarget\.com/"
+		to="https://image.s4.exacttarget.com/" />
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Exactag.xml b/src/chrome/content/rules/Exactag.xml
index d75b59e09ae7..4ce26b868263 100644
--- a/src/chrome/content/rules/Exactag.xml
+++ b/src/chrome/content/rules/Exactag.xml
@@ -1,18 +1,45 @@
 <!--
-	www shows dr
+	Cert expired:
+		- api.sandbox.exactag.com
 
+	Cert mismatch:
+		- support.exactag.com
+
+	Chain issues:
+		- developers.exactag.com
+		- feeds.exactag.com
+		- staging.exactag.com
+
+	Timeout:
+		- sftp.exactag.com
 -->
 <ruleset name="Exactag (partial)">
 
 	<target host="exactag.com" />
-	<target host="*.exactag.com" />
-		<exclusion pattern="^http://(?:www\.)?exactag\.com/(?!_extjs/|_jquery/|_js/|auth/)" />
-
+	<target host="www.exactag.com" />
 
-	<securecookie host="^(?:dr|m)\.exactag\.com$" name=".+" />
+	<target host="attributionstest.exactag.com" />
+	<target host="c.exactag.com" />
+	<target host="cdn-gm.exactag.com" />
+	<target host="cdn-quisma.exactag.com" />
+	<target host="cdn.exactag.com" />
+	<target host="dashboards.exactag.com" />
+	<target host="demodashboards.exactag.com" />
+	<target host="dr.exactag.com" />
+	<target host="info.exactag.com" />
+	<target host="jobs.exactag.com" />
+	<target host="login.exactag.com" />
+	<target host="m.exactag.com" />
+	<target host="mblog.exactag.com" />
+	<target host="otto.exactag.com" />
+	<target host="ticket.exactag.com" />
+	<target host="tp-emea.exactag.com" />
+	<target host="tpemea.exactag.com" />
+	<target host="w.exactag.com" />
+	<target host="wiki.exactag.com" />
 
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(cdn\.|dr\.|m\.|www\.)?exactag\.com/"
-		to="https://$1exactag.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ExamService.com.tw.xml b/src/chrome/content/rules/ExamService.com.tw.xml
new file mode 100644
index 000000000000..b57295367f5d
--- /dev/null
+++ b/src/chrome/content/rules/ExamService.com.tw.xml
@@ -0,0 +1,11 @@
+<!--
+	Invalid certificate:
+		group.examservice.com.tw (incomplete certificate chain)
+
+-->
+<ruleset name="ExamService.com.tw">
+	<target host="www.examservice.com.tw" />
+	<target host="changeadd.examservice.com.tw" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Examine.xml b/src/chrome/content/rules/Examine.xml
new file mode 100644
index 000000000000..ac09bf0a74da
--- /dev/null
+++ b/src/chrome/content/rules/Examine.xml
@@ -0,0 +1,9 @@
+<ruleset name="Examine">
+
+	<target host="examine.com" />
+	<target host="www.examine.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Examiner.com.xml b/src/chrome/content/rules/Examiner.com.xml
index 2a077542c66d..b43bd200c76b 100644
--- a/src/chrome/content/rules/Examiner.com.xml
+++ b/src/chrome/content/rules/Examiner.com.xml
@@ -1,4 +1,10 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://examiner.com/ => https://examiner.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://examiner.com/ => https://examiner.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 	Nonfunctional examiner.com subdomains:
 
 		- apply
@@ -12,14 +18,14 @@
 		- cdn.exm.nr	(works; mismatched, CN: gp1.wac.edgecastcdn.net)
 
 -->
-<ruleset name="examiner.com (partial)">
+<ruleset name="examiner.com (partial)" default_off="failed ruleset test">
 
 	<target host="examiner.com" />
 	<target host="*.examiner.com" />
 		<!--
 			Redirects to http.
 
-		<exclusion pattern="^http://www\.examiner\.com/(automotive-in-national$|auto-reviews$|cats$|handheld-games$|card-games$|happy-hour$|tag/|topic/)" /-->
+		<exclusion pattern="^http://www\.examiner\.com/(?:automotive-in-national$|auto-reviews$|cats$|handheld-games$|card-games$|happy-hour$|tag/|topic/)" /-->
 		<exclusion pattern="^http://www\.examiner\.com/tag/" />
 		<!--
 			Seems there's a pattern where [\w-]+$ (generally) does not work and [\w-]+/[\w/-]+ works.
@@ -41,10 +47,10 @@
 	<rule from="^http://www\.examiner\.com/([^\?]+)(?:\?cid=.*)$"
 		to="https://www.examiner.com/$1" />
 
-	<rule from="^https?://stats\.examiner\.com/"
+	<rule from="^http://stats\.examiner\.com/"
 		to="https://examiner-com.122.2o7.net/" />
 
-	<rule from="^https?://cdn\.exm\.nr/"
+	<rule from="^http://cdn\.exm\.nr/"
 		to="https://cdn2-b.examiner.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Examp1e.net.xml b/src/chrome/content/rules/Examp1e.net.xml
new file mode 100644
index 000000000000..2ed8d4da8cc7
--- /dev/null
+++ b/src/chrome/content/rules/Examp1e.net.xml
@@ -0,0 +1,22 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://examp1e.net/ => https://examp1e.net/: (60, 'SSL certificate problem: certificate has expired')
+
+	These altnames don't exist:
+
+		- www.examp1e.net
+
+-->
+<ruleset name="examp1e.net" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="examp1e.net" />
+	<target host="h2o.examp1e.net" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ExcT.net.xml b/src/chrome/content/rules/ExcT.net.xml
new file mode 100644
index 000000000000..471d114cd538
--- /dev/null
+++ b/src/chrome/content/rules/ExcT.net.xml
@@ -0,0 +1,14 @@
+<!--
+	For other ExactTarget coverage, see ExactTarget.xml.
+
+-->
+<ruleset name="ExcT.net">
+
+	<target host="cl.exct.net" />
+	<target host="image.exct.net" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Excaliburfilms.xml b/src/chrome/content/rules/Excaliburfilms.xml
new file mode 100644
index 000000000000..52013a20fce9
--- /dev/null
+++ b/src/chrome/content/rules/Excaliburfilms.xml
@@ -0,0 +1,17 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://images.excaliburfilms.com/ => https://images.excaliburfilms.com/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="Excaliburfilms (partial)" default_off="failed ruleset test">
+
+	<!-- target host="excaliburfilms.com" - no content -->
+	<target host="images.excaliburfilms.com" />
+	<target host="secure.excaliburfilms.com" />
+	<!-- target host="www.excaliburfilms.com" - no content -->
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ExchangeWire.com.xml b/src/chrome/content/rules/ExchangeWire.com.xml
new file mode 100644
index 000000000000..e3368c87d34c
--- /dev/null
+++ b/src/chrome/content/rules/ExchangeWire.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- www.exchangewire.com
+
+-->
+<ruleset name="ExchangeWire.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="exchangewire.com" />
+	<target host="www.exchangewire.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.exchangewire\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^www\.exchangewire\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Excitations.com.xml b/src/chrome/content/rules/Excitations.com.xml
index dd4a3ee07fbb..49f74e4119e7 100644
--- a/src/chrome/content/rules/Excitations.com.xml
+++ b/src/chrome/content/rules/Excitations.com.xml
@@ -1,13 +1,12 @@
 <ruleset name="Excitations.com">
 
 	<target host="excitations.com" />
-	<target host="*.excitations.com" />
+	<target host="www.excitations.com" />
 
 
 	<securecookie host="^(?:www)?\.excitations\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?excitations\.com/"
-		to="https://$1excitations.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Exclusive_X.xml b/src/chrome/content/rules/Exclusive_X.xml
index c33d0e87fb0f..dd4217f0f954 100644
--- a/src/chrome/content/rules/Exclusive_X.xml
+++ b/src/chrome/content/rules/Exclusive_X.xml
@@ -1,13 +1,12 @@
 <ruleset name="Exclusive X">
 
 	<target host="exclusivex.com" />
-	<target host="*.exclusivex.com" />
+	<target host="www.exclusivex.com" />
 
 
-	<securecookie host="^(?:.*\.)?exclusivex\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(www\.)?exclusivex\.com/"
-		to="https://$1exclusivex.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Executive_Interviews.biz.xml b/src/chrome/content/rules/Executive_Interviews.biz.xml
new file mode 100644
index 000000000000..7a46f6865042
--- /dev/null
+++ b/src/chrome/content/rules/Executive_Interviews.biz.xml
@@ -0,0 +1,26 @@
+<!--
+	Other Executive Interviews rulesets:
+
+		- Executive_Interviews.com.xml
+
+
+	^: refused
+
+
+	Mixed content:
+
+		- Image from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Executive Interviews.biz">
+
+	<target host="executiveinterviews.biz" />
+	<target host="www.executiveinterviews.biz" />
+
+
+	<rule from="^http://(?:www\.)?executiveinterviews\.biz/"
+		to="https://www.executiveinterviews.biz/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Executive_Interviews.com.xml b/src/chrome/content/rules/Executive_Interviews.com.xml
new file mode 100644
index 000000000000..2a07bc74de9a
--- /dev/null
+++ b/src/chrome/content/rules/Executive_Interviews.com.xml
@@ -0,0 +1,15 @@
+<!--
+	For other Executive Interviews coverage, see Executive_Interviews.biz.xml.
+
+
+	^executiveinterviews.com doesn't exist.
+
+-->
+<ruleset name="Executive Interviews.com">
+
+	<target host="www.executiveinterviews.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Exede.xml b/src/chrome/content/rules/Exede.xml
deleted file mode 100644
index 3c47266cf80d..000000000000
--- a/src/chrome/content/rules/Exede.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)	(times out)
-
--->
-<ruleset name="Exede (partial)">
-
-	<target host="order.exede.com" />
-
-
-	<securecookie host="^order\.exede\.com$" name=".+" />
-
-
-	<rule from="^http://order\.exede\.com/"
-		to="https://order.exede.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Exeter_Friendly_Society.xml b/src/chrome/content/rules/Exeter_Friendly_Society.xml
index bd47775692b2..302125ebcbfb 100644
--- a/src/chrome/content/rules/Exeter_Friendly_Society.xml
+++ b/src/chrome/content/rules/Exeter_Friendly_Society.xml
@@ -1,4 +1,11 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://exeterfamily.co.uk/ => https://www.exeterfamily.co.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'www.exeterfamily.co.uk'")
+Fetch error: http://www.exeterfamily.co.uk/ => https://www.exeterfamily.co.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'www.exeterfamily.co.uk'")
+Fetch error: http://exeterfriendly.co.uk/ => https://www.exeterfamily.co.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'www.exeterfamily.co.uk'")
+Fetch error: http://www.exeterfriendly.co.uk/ => https://www.exeterfamily.co.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'www.exeterfamily.co.uk'")
+
 	Problematic domains:
 
 		- exeterfamily.co.uk *
@@ -7,7 +14,7 @@
 	* Times out
 
 -->
-<ruleset name="Exeter Friendly Society">
+<ruleset name="Exeter Friendly Society" default_off="failed ruleset test">
 
 	<target host="exeterfamily.co.uk" />
 	<target host="www.exeterfamily.co.uk" />
@@ -24,4 +31,4 @@
 	<rule from="^http://(?:www\.)?exeterfriendly\.co\.uk/(?:\?.*)?$"
 		to="https://www.exeterfamily.co.uk/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Exhale.xml b/src/chrome/content/rules/Exhale.xml
index 4ad10fe0b22b..2e8b84c04e69 100644
--- a/src/chrome/content/rules/Exhale.xml
+++ b/src/chrome/content/rules/Exhale.xml
@@ -2,18 +2,21 @@
 	Problematic domains:
 
 		- (www.)4exhale.org	(502; mismatched, CN: *.electricembers.net)
+		- mail.exhaleprovoice.org	(mismatched, CN: *.outlook.com)
 
 -->
 <ruleset name="Exhale">
 
+	<target host="4exhale.org" />
+	<target host="www.4exhale.org" />
 	<target host="exhaleprovoice.org" />
 	<target host="www.exhaleprovoice.org" />
-
+	<target host="layout.exhaleprovoice.org" />
 
 	<rule from="^http://(?:www\.)?4exhale\.org/"
 		to="https://exhaleprovoice.org/" />
 
-	<rule from="^http://(www\.)?exhaleprovoice\.org/"
-		to="https://$1exhaleprovoice.org/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Exherbo-Linux.xml b/src/chrome/content/rules/Exherbo-Linux.xml
deleted file mode 100644
index 6f687ecba0e0..000000000000
--- a/src/chrome/content/rules/Exherbo-Linux.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	!functional subdomains:
-		- (www.)	(cert: bugs.exherbo.org; shows that domain's data)
-		- bugs		(ditto)
-		- paludis	(ditto)
-		- summer	(ditto)
--->
-<ruleset name="Exherbo Linux (CAcert, partial)" platform="cacert">
-
-	<target host="bugs.exherbo.org"/>
-
-	<securecookie host="^bugs\.exherbo\.org$" name=".*"/>
-
-	<rule from="^http://bugs\.exherbo\.org/"
-		to="https://bugs.exherbo.org/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Exherbo.org.xml b/src/chrome/content/rules/Exherbo.org.xml
new file mode 100644
index 000000000000..903035c08432
--- /dev/null
+++ b/src/chrome/content/rules/Exherbo.org.xml
@@ -0,0 +1,38 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+			 - 01.gw.exherbo.org
+			 - mozart.exherbo.org
+
+		SSL peer certificate was not OK:
+			 - smtp.exherbo.org
+
+		Peer certificate cannot be authenticated with given CA certificates:
+			 - bach.exherbo.org
+			 - beethoven.exherbo.org
+			 - gade.exherbo.org
+
+		Incomplete certificate chain error:
+			 - distfiles.exherbo.org
+-->
+<ruleset name="Exherbo.org">
+	<target host="exherbo.org" />
+	<target host="www.exherbo.org" />
+	<target host="bugs.exherbo.org" />
+	<target host="cgit.exherbo.org" />
+	<target host="commits.exherbo.org" />
+	<target host="dev.exherbo.org" />
+	<target host="gerrit.exherbo.org" />
+	<target host="git.exherbo.org" />
+	<target host="lists.exherbo.org" />
+	<target host="mail.exherbo.org" />
+	<target host="packages.exherbo.org" />
+	<target host="paludis.exherbo.org" />
+	<target host="planet.exherbo.org" />
+	<target host="summer.exherbo.org" />
+	<target host="tchaikovsky.exherbo.org" />
+
+	<securecookie host="^(www\.)?exherbo\.org$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Exim.org.xml b/src/chrome/content/rules/Exim.org.xml
index a1cf8ea6ba44..6adc8b9a8879 100644
--- a/src/chrome/content/rules/Exim.org.xml
+++ b/src/chrome/content/rules/Exim.org.xml
@@ -1,18 +1,29 @@
 <!--
-	Nonfunctional subdomains:
-
-		- ^ *	(valid cert)
-		- www *	(mismatched, CN: lists.exim.org)
-
-	* Shows lists
+	Nonfunctional hosts in *.exim.org:
+		- docs.exim.org (m)
+		- www.pl.exim.org (m)
 
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
 -->
-<ruleset name="Exim.org (partial)">
+<ruleset name="Exim.org">
 
+	<target host="exim.org" />
+	<target host="www.exim.org" />
+	<target host="bugs.exim.org" />
+	<target host="buildfarm.exim.org" />
+	<target host="downloads.exim.org" />
+	<target host="ftp.exim.org" />
+	<target host="git.exim.org" />
 	<target host="lists.exim.org" />
+	<target host="vcs.exim.org" />
+	<target host="wiki.exim.org" />
 
 
-	<rule from="^http://lists\.exim\.org/"
-		to="https://lists.exim.org/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Exinda.xml b/src/chrome/content/rules/Exinda.xml
index cfe4250f5723..3e0d2670a8f1 100644
--- a/src/chrome/content/rules/Exinda.xml
+++ b/src/chrome/content/rules/Exinda.xml
@@ -7,16 +7,17 @@
 -->
 <ruleset name="Exinda (partial)">
 
-	<target host="*.exinda.com" />
+	<target host="go.exinda.com" />
+	<target host="support.exinda.com" />
 
 
 	<securecookie host="^support\.exinda\.com$" name=".+" />
 
 
-	<rule from="^https?://go\.exinda\.com/(cs|image|r)s/"
+	<rule from="^http://go\.exinda\.com/(cs|image|r)s/"
 		to="https://na-sjf.marketo.com/$1s/" />
 
 	<rule from="^http://support\.exinda\.com/"
 		to="https://support.exinda.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Exitec.xml b/src/chrome/content/rules/Exitec.xml
deleted file mode 100644
index bafc922c152a..000000000000
--- a/src/chrome/content/rules/Exitec.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	Nonfunctional domains:
-
-		- (www.)exitec.de	(shows default CentOS page; mismatched, CN: www.bluemovie.net)
-
--->
-<ruleset name="Exitec (partial)">
-
-	<target host="traq.exitec.com" />
-
-
-	<rule from="^http://traq\.exitec\.com/"
-		to="https://traq.exitec.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Exlibris.ch.xml b/src/chrome/content/rules/Exlibris.ch.xml
new file mode 100644
index 000000000000..8c4081d35c9e
--- /dev/null
+++ b/src/chrome/content/rules/Exlibris.ch.xml
@@ -0,0 +1,15 @@
+<!--
+	For other Migros coverage, see Migros.xml.
+
+	HTTP redirect:
+		- m.exlibris.ch
+
+	Mismatch:
+		- imgsoft.exlibris.ch
+-->
+<ruleset name="Exlibris.ch">
+	<target host="exlibris.ch" />
+	<target host="www.exlibris.ch" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Exmasters.com.xml b/src/chrome/content/rules/Exmasters.com.xml
index 1af406901640..cc28ec54a743 100644
--- a/src/chrome/content/rules/Exmasters.com.xml
+++ b/src/chrome/content/rules/Exmasters.com.xml
@@ -18,7 +18,6 @@
 	<securecookie host="^admin\.exmasters\.com$" name=".+" />
 
 
-	<rule from="^http://admin\.exmasters\.com/"
-		to="https://admin.exmasters.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Exmo.com.xml b/src/chrome/content/rules/Exmo.com.xml
new file mode 100644
index 000000000000..e023dcda49ed
--- /dev/null
+++ b/src/chrome/content/rules/Exmo.com.xml
@@ -0,0 +1,34 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://merchant.exmo.com/ => https://merchant.exmo.com/: (6, 'Could not resolve host: merchant.exmo.com')
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .exmo.com
+		- www.exmo.com
+
+-->
+<ruleset name="Exmo.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="exmo.com" />
+	<target host="merchant.exmo.com" />
+	<target host="www.exmo.com" />
+
+		<test url="http://exmo.com/?ref=" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.exmo\.com$" name="^(?:incap_ses_\d+_\d+|visid_incap_\d+|ref)$" /-->
+	<!--securecookie host="^www\.exmo\.com$" name="^___utmv[abm]\w+$" /-->
+
+	<securecookie host="^(?:www)?\.exmo\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Exoclick.xml b/src/chrome/content/rules/Exoclick.xml
index a56168b3f182..6b2cec8b404f 100644
--- a/src/chrome/content/rules/Exoclick.xml
+++ b/src/chrome/content/rules/Exoclick.xml
@@ -1,39 +1,56 @@
 <!--
 	Nonfunctional domains:
 
-		- ads.exoclick.com *
 		- custom.exoclick.com *
 		- (www.)exoclickmobile.com
 
 	* Dropped
 
 
-	Problematic domains:
+	Problematic hosts in *exoclick.com:
 
-		- exoclick.com 			(refused)
-		- www-static.exoclick.com	(dropped)
+		- www-static *
 
+	* Dropped, equivalent to another domain
 
-	Fully covered subdomains:
 
-		- www-static	(→ www)
+	Insecure cookies are set for these domains:
+
+		- .exoclick.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="Exoclick (partial)">
+<ruleset name="Exoclick.com (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="exoclick.com" />
-	<target host="*.exoclick.com" />
+	<target host="ads.exoclick.com" />
+	<target host="main.exoclick.com" />
+	<target host="static.exoclick.com" />
+	<target host="syndication.exoclick.com" />
+	<target host="www.exoclick.com" />
+
+	<!--	Complications:
+				-->
+	<target host="www-static.exoclick.com" />
+
+		<test url="http://main.exoclick.com/img-click.php?idzone=" />
+		<test url="http://syndication.exoclick.com/ads-iframe-display.php?idzone=&amp;output=img&amp;type=" />
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.exoclick\.com$" name="^(?:img_click_\d+|impressions|lng|PHPSESSID|tag|__utm\w|__uvt)$" /-->
 
-	<!--	name="^(impressions|lng|PHPSESSID|tag|__utm\w)$"
-								-->
-	<securecookie host="^\.exoclick\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(?:www\.|www-static\.)?exoclick\.com/"
+	<rule from="^http://www-static\.exoclick\.com/"
 		to="https://www.exoclick.com/" />
 
-	<rule from="^http://syndication\.exoclick\.com/"
-		to="https://syndication.exoclick.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Exodus.io.xml b/src/chrome/content/rules/Exodus.io.xml
new file mode 100644
index 000000000000..70ce79d79ad1
--- /dev/null
+++ b/src/chrome/content/rules/Exodus.io.xml
@@ -0,0 +1,28 @@
+<!--
+	Cert mismatch:
+		- downloads.exodus.io
+		- help.exodus.io
+		- support.exodus.io
+
+	Self-signed cert:
+		- etc.exodus.io
+		- eth.exodus.io
+
+	TLS error:
+		- ethereumclassic.exodus.io
+		- mail.exodus.io
+-->
+<ruleset name="Exodus.io">
+
+	<target host="exodus.io" />
+	<target host="www.exodus.io" />
+
+	<target host="ethereum.exodus.io" />
+	<target host="factom.exodus.io" />
+	<target host="insight-btc0.exodus.io" />
+	<target host="litecoin-insight.exodus.io" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ExootLab.xml b/src/chrome/content/rules/ExootLab.xml
deleted file mode 100644
index 1b6488c49144..000000000000
--- a/src/chrome/content/rules/ExootLab.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="ExootLab">
-
-	<target host="exootlab.com" />
-	<target host="www.exootlab.com" />
-
-
-	<securecookie host="^www\.exootlab\.com$" name=".*" />
-
-
-	<rule from="^http://(www\.)?exootlab\.com/"
-		to="https://$1exootlab.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/ExoticVM.com.xml b/src/chrome/content/rules/ExoticVM.com.xml
new file mode 100644
index 000000000000..9c14880b0188
--- /dev/null
+++ b/src/chrome/content/rules/ExoticVM.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="ExoticVM.com">
+	<target host="exoticvm.com" />
+	<target host="www.exoticvm.com" />
+	<target host="mail.exoticvm.com" />
+	<target host="webmail.exoticvm.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Expanded_Support.com.xml b/src/chrome/content/rules/Expanded_Support.com.xml
new file mode 100644
index 000000000000..158f4d753be6
--- /dev/null
+++ b/src/chrome/content/rules/Expanded_Support.com.xml
@@ -0,0 +1,29 @@
+<!--
+	For other Micro Focus coverage, see Micro_Focus.com.xml.
+
+
+	Problematic domains:
+
+		- www.expandedsupport.com ¹
+
+	¹ Cert only matches ^expandedsupport.com
+
+-->
+<ruleset name="Expanded Support.com" default_off="refused">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="expandedsupport.com" />
+
+	<!--	Complications:
+				-->
+	<target host="www.expandedsupport.com" />
+
+
+	<securecookie host="^expandedsupport\.com$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?expandedsupport\.com/"
+		to="https://expandedsupport.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Expedia.at.xml b/src/chrome/content/rules/Expedia.at.xml
new file mode 100644
index 000000000000..51a7cdacfa58
--- /dev/null
+++ b/src/chrome/content/rules/Expedia.at.xml
@@ -0,0 +1,40 @@
+<!--
+	For other Expedia coverage, see Expedia.com.xml
+
+
+	Non-functional subdomains:
+		- $self		(t)
+		- www.booking	(t)
+		- deals		(r)
+		- ferienwohnung	(i)
+		- inside	(t)
+		- support	(i)
+		- wwph		(r)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Expedia.at">
+
+	<target host="expedia.at" />
+	<target host="www.expedia.at" />
+	<target host="access.expedia.at" />
+	<target host="apim.expedia.at" />
+	<target host="booking.expedia.at" />
+	<target host="kreuzfahrten.expedia.at" />
+	<target host="widgets.partners.expedia.at" />
+	<target host="ski.expedia.at" />
+	<target host="urlaub.expedia.at" />
+
+	<!-- timeout -->
+	<rule from="^http://expedia\.at/"
+		to="https://www.expedia.at/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Expedia.be.xml b/src/chrome/content/rules/Expedia.be.xml
new file mode 100644
index 000000000000..be36622ad262
--- /dev/null
+++ b/src/chrome/content/rules/Expedia.be.xml
@@ -0,0 +1,35 @@
+<!--
+	For other Expedia coverage, see Expedia.com.xml
+
+
+	Non-functional subdomains:
+		- $self		(t)
+		- deals		(r)
+		- eurostar	(t)
+		- support	(i)
+		- vakantiehuizen	(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Expedia.be">
+
+	<target host="expedia.be" />
+	<target host="www.expedia.be" />
+	<target host="access.expedia.be" />
+	<target host="apim.expedia.be" />
+	<target host="widgets.partners.expedia.be" />
+	<target host="uitnodigen.expedia.be" />
+
+	<!-- timeout -->
+	<rule from="^http://expedia\.be/"
+		to="https://www.expedia.be/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Expedia.ca.xml b/src/chrome/content/rules/Expedia.ca.xml
new file mode 100644
index 000000000000..044969d752a5
--- /dev/null
+++ b/src/chrome/content/rules/Expedia.ca.xml
@@ -0,0 +1,62 @@
+<!--
+	For other Expedia coverage, see Expedia.com.xml
+
+
+	Non-functional subdomains:
+
+		- $self		(t)
+		- alberta	(m)
+		- americanadventure	(m)
+		- customercare	(i)
+		- dreamitdoit	(m)
+		- eliteplus	(m)
+		- explorebc	(m)
+		- g	(r)
+		- gap	(r)
+		- golf	(t)
+		- press	(r)
+		- recherche	(m)
+		- salledepresse	(r)
+		- search	(m)
+		- support	(i)
+		- booking.vacations	(t)
+		- wwph	(r)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Expedia.ca">
+
+	<target host="expedia.ca" />
+	<target host="www.expedia.ca" />
+	<target host="access.expedia.ca" />
+	<target host="allinclusiveforgroups.expedia.ca" />
+	<target host="apim.expedia.ca" />
+	<target host="arizonaadventuremeter.expedia.ca" />
+	<target host="bcexplorer.expedia.ca" />
+	<target host="cruise.expedia.ca" />
+	<target host="dealcalendar.expedia.ca" />
+	<target host="discoveryouraloha.expedia.ca" />
+	<target host="flights.expedia.ca" />
+	<target host="goldcoast.expedia.ca" />
+	<target host="groups.expedia.ca" />
+	<target host="fr.groups.expedia.ca" />
+	<target host="widgets.partners.expedia.ca" />
+	<target host="rental-cars.expedia.ca" />
+	<target host="thingstodo.expedia.ca" />
+	<target host="travelblog.expedia.ca" />
+	<target host="usnationalparks.expedia.ca" />
+	<target host="utah.expedia.ca" />
+
+	<!-- timeout -->
+	<rule from="^http://expedia\.ca/"
+		to="https://www.expedia.ca/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Expedia.ch.xml b/src/chrome/content/rules/Expedia.ch.xml
new file mode 100644
index 000000000000..c140f8b5ed8f
--- /dev/null
+++ b/src/chrome/content/rules/Expedia.ch.xml
@@ -0,0 +1,30 @@
+<!--
+	For other Expedia coverage, see Expedia.com.xml
+
+
+	Non-functional subdomains:
+		- ferienwohnung	(t)
+		- location-vacances	(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Expedia.ch">
+
+	<target host="expedia.ch" />
+	<target host="www.expedia.ch" />
+	<target host="apim.expedia.ch" />
+	<target host="badeferien.expedia.ch" />
+	<target host="croisieres.expedia.ch" />
+	<target host="kreuzfahrten.expedia.ch" />
+	<target host="ski.expedia.ch" />
+	<target host="urlaub.expedia.ch" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Expedia.cn.xml b/src/chrome/content/rules/Expedia.cn.xml
new file mode 100644
index 000000000000..35778dc3f6e4
--- /dev/null
+++ b/src/chrome/content/rules/Expedia.cn.xml
@@ -0,0 +1,29 @@
+<!--
+	For other Expedia coverage, see Expedia.com.xml
+
+
+	Non-functional subdomains:
+		- $self (t)
+
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Expedia.cn">
+
+	<target host="expedia.cn" />
+	<target host="www.expedia.cn" />
+	<target host="us.expedia.cn" />
+
+	<!-- timeout -->
+	<rule from="^http://expedia\.cn/"
+		to="https://www.expedia.cn/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Expedia.co.id.xml b/src/chrome/content/rules/Expedia.co.id.xml
new file mode 100644
index 000000000000..28c8d309b6da
--- /dev/null
+++ b/src/chrome/content/rules/Expedia.co.id.xml
@@ -0,0 +1,31 @@
+<!--
+	For other Expedia coverage, see Expedia.com.xml
+
+
+	Non-functional subdomains:
+		- deals	(t)
+		- enfaq	(t)
+		- faq	(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Expedia.co.id">
+
+	<target host="expedia.co.id" />
+	<target host="www.expedia.co.id" />
+	<target host="access.expedia.co.id" />
+	<target host="apim.expedia.co.id" />
+	<target host="m.expedia.co.id" />
+	<target host="msn.expedia.co.id" />
+	<target host="widgets.partners.expedia.co.id" />
+	<target host="rent-a-car.expedia.co.id" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Expedia.co.in.xml b/src/chrome/content/rules/Expedia.co.in.xml
new file mode 100644
index 000000000000..6f07a4f75d8c
--- /dev/null
+++ b/src/chrome/content/rules/Expedia.co.in.xml
@@ -0,0 +1,38 @@
+<!--
+	For other Expedia coverage, see Expedia.com.xml
+
+
+	Non-functional subdomains:
+		- americanadventure	(m)
+		- backick	(t)
+		- deals	(t)
+		- dreamitdoit	(m)
+		- faq	(r)
+		- holidayplanner	(m)
+		- press	(r)
+		- support	(i)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Expedia.co.in">
+
+	<target host="expedia.co.in" />
+	<target host="www.expedia.co.in" />
+	<target host="access.expedia.co.in" />
+	<target host="apim.expedia.co.in" />
+	<target host="car-rental.expedia.co.in" />
+	<target host="domestic-air-tickets.expedia.co.in" />
+	<target host="m.expedia.co.in" />
+	<target host="msn.expedia.co.in" />
+	<target host="widgets.partners.expedia.co.in" />
+	<target host="travelblog.expedia.co.in" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Expedia.co.jp.xml b/src/chrome/content/rules/Expedia.co.jp.xml
new file mode 100644
index 000000000000..cd67c8dbc5da
--- /dev/null
+++ b/src/chrome/content/rules/Expedia.co.jp.xml
@@ -0,0 +1,43 @@
+<!--
+	For other Expedia coverage, see Expedia.com.xml
+
+
+	Non-functional subdomains:
+		- alberta	(m)
+		- deals	(t)
+		- faq	(r)
+		- www.findexbear	(r)
+		- holidayplanner	(m)
+		- press	(r)
+		- rental-car	(m)
+		- ryokan	(t)
+		- service	(i)
+		- support	(i)
+		- tm	(t)
+		- tour	(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Expedia.co.jp">
+
+	<target host="expedia.co.jp" />
+	<target host="www.expedia.co.jp" />
+	<target host="access.expedia.co.jp" />
+	<target host="apim.expedia.co.jp" />
+	<target host="jal.expedia.co.jp" />
+	<target host="m.expedia.co.jp" />
+	<target host="mastercardtravel.expedia.co.jp" />
+	<target host="msn.expedia.co.jp" />
+	<target host="ninemsn.expedia.co.jp" />
+	<target host="widgets.partners.expedia.co.jp" />
+	<target host="welove.expedia.co.jp" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Expedia.co.kr.xml b/src/chrome/content/rules/Expedia.co.kr.xml
new file mode 100644
index 000000000000..7abef76197f3
--- /dev/null
+++ b/src/chrome/content/rules/Expedia.co.kr.xml
@@ -0,0 +1,34 @@
+<!--
+	For other Expedia coverage, see Expedia.com.xml
+
+
+	Non-functional subdomains:
+		- americanadventure	(m)
+		- deals		(t)
+		- enfaq		(t)
+		- faq		(t)
+		- support	(i)
+		- wwch		(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Expedia.co.kr">
+
+	<target host="expedia.co.kr" />
+	<target host="www.expedia.co.kr" />
+	<target host="access.expedia.co.kr" />
+	<target host="apim.expedia.co.kr" />
+	<target host="m.expedia.co.kr" />
+	<target host="widgets.partners.expedia.co.kr" />
+	<target host="rent-a-car.expedia.co.kr" />
+	<target host="travelblog.expedia.co.kr" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Expedia.co.nz.xml b/src/chrome/content/rules/Expedia.co.nz.xml
new file mode 100644
index 000000000000..3f03ee538d7f
--- /dev/null
+++ b/src/chrome/content/rules/Expedia.co.nz.xml
@@ -0,0 +1,32 @@
+<!--
+	For other Expedia coverage, see Expedia.com.xml
+
+
+	Non-functional subdomains:
+		- feedback	(r)
+		- press		(r)
+		- support	(i)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Expedia.co.nz">
+
+	<target host="expedia.co.nz" />
+	<target host="www.expedia.co.nz" />
+	<target host="access.expedia.co.nz" />
+	<target host="airpacific.expedia.co.nz" />
+	<target host="apim.expedia.co.nz" />
+	<target host="blog.expedia.co.nz" />
+	<target host="widgets.partners.expedia.co.nz" />
+	<target host="tagme.expedia.co.nz" />
+	<target host="m.tagme.expedia.co.nz" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Expedia.co.th.xml b/src/chrome/content/rules/Expedia.co.th.xml
new file mode 100644
index 000000000000..b671afc88329
--- /dev/null
+++ b/src/chrome/content/rules/Expedia.co.th.xml
@@ -0,0 +1,32 @@
+<!--
+	For other Expedia coverage, see Expedia.com.xml
+
+
+	Non-functional subdomains:
+		- deals	(t)
+		- enfaq	(r)
+		- faq	(r)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Expedia.co.th">
+
+	<target host="expedia.co.th" />
+	<target host="www.expedia.co.th" />
+	<target host="access.expedia.co.th" />
+	<target host="apim.expedia.co.th" />
+	<target host="m.expedia.co.th" />
+	<target host="msn.expedia.co.th" />
+	<target host="widgets.partners.expedia.co.th" />
+	<target host="rent-a-car.expedia.co.th" />
+	<target host="travelblog.expedia.co.th" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Expedia.co.uk.xml b/src/chrome/content/rules/Expedia.co.uk.xml
new file mode 100644
index 000000000000..01e41515c973
--- /dev/null
+++ b/src/chrome/content/rules/Expedia.co.uk.xml
@@ -0,0 +1,94 @@
+<!--
+	For other Expedia coverage, see Expedia.com.xml
+
+
+	Non-functional subdomains:
+
+		- expedia.co.uk	(t)
+		- abudhabiconcierge	(r)
+		- advertising	(t)
+		- alberta	(m)
+		- americanadventure	(m)
+		- bacarditriangle	(m)
+		- booking	(r)
+		- britishcolumbia	(r)
+		- click	(m)
+		- deals	(r)
+		- dreamitdoit	(m)
+		- elite	(t)
+		- eurostar	(t)
+		- explorebc	(m)
+		- findyourmelia	(m)
+		- holidayplanner	(m)
+		- inside	(m)
+		- jordan	(r)
+		- letyourselfgo	(r)
+		- traveliq.lufthansa	(m)
+		- packageholidays	(r)
+		- pioneer	(m)
+		- press	(r)
+		- referafriend	(t)
+		- snowgroupbookingapp	(t)
+		- support	(i)
+		- thingstodo	(m)
+		- www.vangogh2015	(m)
+		- win	(r)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Expedia.co.uk">
+
+	<target host="expedia.co.uk" />
+	<target host="www.expedia.co.uk" />
+	<target host="accent-map.expedia.co.uk" />
+	<target host="access.expedia.co.uk" />
+	<target host="apim.expedia.co.uk" />
+	<target host="bcexplorer.expedia.co.uk" />
+	<target host="blog.expedia.co.uk" />
+	<target host="christmas-past.expedia.co.uk" />
+	<target host="christmas-spirit.expedia.co.uk" />
+	<target host="city-budget.expedia.co.uk" />
+	<target host="city-cycling.expedia.co.uk" />
+	<target host="city-history.expedia.co.uk" />
+	<target host="exploresydney.expedia.co.uk" />
+	<target host="germanytravelmatch.expedia.co.uk" />
+	<target host="goldcoast.expedia.co.uk" />
+	<target host="groups.expedia.co.uk" />
+	<target host="hangzhou.expedia.co.uk" />
+	<target host="hollandtripbuilder.expedia.co.uk" />
+	<target host="india-guide.expedia.co.uk" />
+	<target host="language-of-love.expedia.co.uk" />
+	<target host="london-street-food.expedia.co.uk" />
+	<target host="movie-quote-phrasebook.expedia.co.uk" />
+	<target host="www.muchmorocco.expedia.co.uk" />
+	<target host="myreallondon.expedia.co.uk" />
+	<target host="myrealstockholm.expedia.co.uk" />
+	<target host="newsouthwales.expedia.co.uk" />
+	<target host="widgets.partners.expedia.co.uk" />
+	<target host="photography.expedia.co.uk" />
+	<target host="playlister.expedia.co.uk" />
+	<target host="roadtrips.expedia.co.uk" />
+	<target host="seesydney.expedia.co.uk" />
+	<target host="the-world-in-tune.expedia.co.uk" />
+	<target host="torontostopover.expedia.co.uk" />
+	<target host="trains.expedia.co.uk" />
+	<target host="usnationalparks.expedia.co.uk" />
+	<target host="utah.expedia.co.uk" />
+	<target host="vc.expedia.co.uk" />
+	<target host="visitdenmark.expedia.co.uk" />
+	<target host="www.visitdenmark.expedia.co.uk" />
+	<target host="worldofmusic.expedia.co.uk" />
+
+	<!-- timeout -->
+	<rule from="^http://expedia\.co\.uk/"
+		to="https://www.expedia.co.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Expedia.com.ar.xml b/src/chrome/content/rules/Expedia.com.ar.xml
new file mode 100644
index 000000000000..18eaba1091ca
--- /dev/null
+++ b/src/chrome/content/rules/Expedia.com.ar.xml
@@ -0,0 +1,31 @@
+<!--
+	For other Expedia coverage, see Expedia.com.xml
+
+
+	Non-functional subdomains:
+		- $self		(t)
+		- m		(t)
+		- support	(i)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Expedia.com.ar">
+
+	<target host="expedia.com.ar" />
+	<target host="www.expedia.com.ar" />
+	<target host="access.expedia.com.ar" />
+	<target host="apim.expedia.com.ar" />
+
+	<!-- timeout -->
+	<rule from="^http://expedia\.com\.ar/"
+		to="https://www.expedia.com.ar/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Expedia.com.au.xml b/src/chrome/content/rules/Expedia.com.au.xml
new file mode 100644
index 000000000000..69c4db2fdaaf
--- /dev/null
+++ b/src/chrome/content/rules/Expedia.com.au.xml
@@ -0,0 +1,67 @@
+<!--
+	For other Expedia coverage, see Expedia.com.xml
+
+
+	Non-functional subdomains:
+
+		- expedia.com.au	(t)
+		- alberta	(m)
+		- americanadventure	(m)
+		- backick	(t)
+		- blog	(i)
+		- comp	(t)
+		- cruise	(t)
+		- deals	(t)
+		- dnsw	(i)
+		- explorebc	(m)
+		- faq	(t)
+		- feedback	(r)
+		- www.gourmethuntervalley	(s)
+		- insider	(e)
+		- ninemsn	(t)
+		- www.passlikealocal	(s)
+		- press	(r)
+		- support	(i)
+		- www.swans	(t)
+		- sydneysecrets	(m)
+		- tagme	(t)
+		- travelwithmastercard	(i)
+		- www.vividsydney	(s)
+		- yahoo	(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Expedia.com.au">
+
+	<target host="expedia.com.au" />
+	<target host="www.expedia.com.au" />
+	<target host="access.expedia.com.au" />
+	<target host="amexadventure.expedia.com.au" />
+	<target host="apim.expedia.com.au" />
+	<target host="bcexplorer.expedia.com.au" />
+	<target host="discoveryouraloha.expedia.com.au" />
+	<target host="dj-tohoku.expedia.com.au" />
+	<target host="dothent.expedia.com.au" />
+	<target host="goalittlefurther.expedia.com.au" />
+	<target host="goldcoast.expedia.com.au" />
+	<target host="newsouthwales.expedia.com.au" />
+	<target host="widgets.partners.expedia.com.au" />
+	<target host="southwestengland.expedia.com.au" />
+	<target host="usnationalparks.expedia.com.au" />
+	<target host="utah.expedia.com.au" />
+	<target host="whereintheworld.expedia.com.au" />
+	<target host="www.whereintheworld.expedia.com.au" />
+
+	<!-- timeout -->
+	<rule from="^http://expedia\.com\.au/"
+		to="https://www.expedia.com.au/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Expedia.com.br.xml b/src/chrome/content/rules/Expedia.com.br.xml
new file mode 100644
index 000000000000..ef0862f7e044
--- /dev/null
+++ b/src/chrome/content/rules/Expedia.com.br.xml
@@ -0,0 +1,28 @@
+<!--
+	For other Expedia coverage, see Expedia.com.xml
+
+
+	Non-functional subdomains:
+		- aventuraamericana	(m)
+		- support	(i)(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Expedia.com.br">
+
+	<target host="expedia.com.br" />
+	<target host="www.expedia.com.br" />
+	<target host="access.expedia.com.br" />
+	<target host="apim.expedia.com.br" />
+	<target host="m.expedia.com.br" />
+	<target host="viajando.expedia.com.br" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Expedia.com.hk.xml b/src/chrome/content/rules/Expedia.com.hk.xml
new file mode 100644
index 000000000000..55a54d767d6d
--- /dev/null
+++ b/src/chrome/content/rules/Expedia.com.hk.xml
@@ -0,0 +1,35 @@
+<!--
+	For other Expedia coverage, see Expedia.com.xml
+
+
+	Non-functional subdomains:
+		- cnfaq		(r)
+		- deals		(t)
+		- faq		(r)
+		- zhfaq		(r)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Expedia.com.hk">
+
+	<target host="expedia.com.hk" />
+	<target host="www.expedia.com.hk" />
+	<target host="access.expedia.com.hk" />
+	<target host="amexadventure.expedia.com.hk" />
+	<target host="apim.expedia.com.hk" />
+	<target host="car-rental.expedia.com.hk" />
+	<target host="dj-tohoku.expedia.com.hk" />
+	<target host="m.expedia.com.hk" />
+	<target host="widgets.partners.expedia.com.hk" />
+	<target host="rmb.expedia.com.hk" />
+	<target host="travelblog.expedia.com.hk" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Expedia.com.my.xml b/src/chrome/content/rules/Expedia.com.my.xml
new file mode 100644
index 000000000000..cab5e53258c9
--- /dev/null
+++ b/src/chrome/content/rules/Expedia.com.my.xml
@@ -0,0 +1,34 @@
+<!--
+	For other Expedia coverage, see Expedia.com.xml
+
+
+	Non-functional subdomains:
+		- backick	(t)
+		- deals		(t)
+		- dreamitdoit	(m)
+		- faq		(r)
+		- press		(r)
+		- support	(i)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Expedia.com.my">
+
+	<target host="expedia.com.my" />
+	<target host="www.expedia.com.my" />
+	<target host="access.expedia.com.my" />
+	<target host="apim.expedia.com.my" />
+	<target host="car-rental.expedia.com.my" />
+	<target host="m.expedia.com.my" />
+	<target host="widgets.partners.expedia.com.my" />
+	<target host="travelblog.expedia.com.my" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Expedia.com.ph.xml b/src/chrome/content/rules/Expedia.com.ph.xml
new file mode 100644
index 000000000000..e48d19fdb321
--- /dev/null
+++ b/src/chrome/content/rules/Expedia.com.ph.xml
@@ -0,0 +1,30 @@
+<!--
+	For other Expedia coverage, see Expedia.com.xml
+
+
+	Non-functional subdomains:
+		- backick	(t)
+		- deals		(t)
+		- faq		(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Expedia.com.ph">
+
+	<target host="expedia.com.ph" />
+	<target host="www.expedia.com.ph" />
+	<target host="access.expedia.com.ph" />
+	<target host="apim.expedia.com.ph" />
+	<target host="m.expedia.com.ph" />
+	<target host="widgets.partners.expedia.com.ph" />
+	<target host="rent-a-car.expedia.com.ph" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Expedia.com.sg.xml b/src/chrome/content/rules/Expedia.com.sg.xml
new file mode 100644
index 000000000000..c398ae3c8132
--- /dev/null
+++ b/src/chrome/content/rules/Expedia.com.sg.xml
@@ -0,0 +1,37 @@
+<!--
+	For other Expedia coverage, see Expedia.com.xml
+
+
+	Non-functional subdomains:
+		- backick	(t)
+		- blog		(t)
+		- deals		(t)
+		- faq		(t)
+		- goldcoast	(m)
+		- press		(r)
+		- support	(i)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Expedia.com.sg">
+
+	<target host="expedia.com.sg" />
+	<target host="www.expedia.com.sg" />
+	<target host="access.expedia.com.sg" />
+	<target host="amexadventure.expedia.com.sg" />
+	<target host="apim.expedia.com.sg" />
+	<target host="car-rental.expedia.com.sg" />
+	<target host="m.expedia.com.sg" />
+	<target host="msn.expedia.com.sg" />
+	<target host="widgets.partners.expedia.com.sg" />
+	<target host="travelblog.expedia.com.sg" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Expedia.com.tw.xml b/src/chrome/content/rules/Expedia.com.tw.xml
new file mode 100644
index 000000000000..50124af17431
--- /dev/null
+++ b/src/chrome/content/rules/Expedia.com.tw.xml
@@ -0,0 +1,30 @@
+<!--
+	For other Expedia coverage, see Expedia.com.xml
+
+
+	Non-functional subdomains:
+		- deals		(t)
+		- faq		(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Expedia.com.tw">
+
+	<target host="expedia.com.tw" />
+	<target host="www.expedia.com.tw" />
+	<target host="access.expedia.com.tw" />
+	<target host="apim.expedia.com.tw" />
+	<target host="car-rental.expedia.com.tw" />
+	<target host="m.expedia.com.tw" />
+	<target host="widgets.partners.expedia.com.tw" />
+	<target host="travelblog.expedia.com.tw" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Expedia.com.vn.xml b/src/chrome/content/rules/Expedia.com.vn.xml
new file mode 100644
index 000000000000..e7da1b01684d
--- /dev/null
+++ b/src/chrome/content/rules/Expedia.com.vn.xml
@@ -0,0 +1,28 @@
+<!--
+	For other Expedia coverage, see Expedia.com.xml
+
+
+	Non-functional subdomains:
+		- faq		(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Expedia.com.vn">
+
+	<target host="expedia.com.vn" />
+	<target host="www.expedia.com.vn" />
+	<target host="access.expedia.com.vn" />
+	<target host="apim.expedia.com.vn" />
+	<target host="car-rental.expedia.com.vn" />
+	<target host="m.expedia.com.vn" />
+	<target host="widgets.partners.expedia.com.vn" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Expedia.com.xml b/src/chrome/content/rules/Expedia.com.xml
new file mode 100644
index 000000000000..d8b1003edcb3
--- /dev/null
+++ b/src/chrome/content/rules/Expedia.com.xml
@@ -0,0 +1,241 @@
+<!--
+	Other related rulesets:
+
+		- Expedia.at.xml
+		- Expedia.be.xml
+		- Expedia.ca.xml
+		- Expedia.ch.xml
+		- Expedia.cn.xml
+		- Expedia.co.id.xml
+		- Expedia.co.in.xml
+		- Expedia.co.jp.xml
+		- Expedia.co.kr.xml
+		- Expedia.co.nz.xml
+		- Expedia.co.th.xml
+		- Expedia.co.uk.xml
+		- Expedia.com.ar.xml
+		- Expedia.com.au.xml
+		- Expedia.com.br.xml
+		- Expedia.com.hk.xml
+		- Expedia.com.my.xml
+		- Expedia.com.ph.xml
+		- Expedia.com.sg.xml
+		- Expedia.com.tw.xml
+		- Expedia.com.vn.xml
+		- Expedia.de.xml
+		- Expedia.dk.xml
+		- Expedia.es.xml
+		- Expedia.fi.xml
+		- Expedia.fr.xml
+		- Expedia.ie.xml
+		- Expedia.it.xml
+		- Expedia.mx.xml
+		- Expedia.nl.xml
+		- Expedia.no.xml
+		- Expedia.se.xml
+		- EAN.com.xml
+		- travel-assets.com.xml
+		- trvl-media.com.xml
+		- trvl-px.com.xml
+
+
+	Non-functional subdomains:
+
+		- expedia.com	(t)
+		- services.access	(e)
+		- ads	(r)
+		- aroundtheworld	(i)
+		- atappdgeo	(t)
+		- blog	(m)
+		- bookingchanges	(e)
+		- cctoken	(i)
+		- content	(r)
+		- contentadmintools	(r)
+		- test.contracts	(t)
+		- cruisedesk	(i)
+		- cruisetools	(r)
+		- customer	(r)
+		- int.dc-legacy	(i)
+		- dctk	(m)
+		- dmr	(i)
+		- eliteplus	(m)
+		- eurekakb	(i)
+		- exch07mail	(m)
+		- euro.expert	(r)
+		- extras	(r)
+		- game	(m)
+		- gemma	(t)
+		- greatbritaincdn	(e)
+		- traveliq.greece	(m)
+		- hotels	(t)
+		- int1-voyager.lab	(t)
+		- int2-voyager.lab	(t)
+		- int3-voyager.lab	(t)
+		- int4-voyager.lab	(t)
+		- trn1-voyager.lab	(t)
+		- link	(m)
+		- lss	(t)
+		- lyncaccess	(t)
+		- lyncphaccess	(t)
+		- m	(t)
+		- mastercard	(r)
+		- mesa	(e)
+		- molecule	(i)
+		- mslps	(m)
+		- www.muchmorocco	(r)
+		- mx1a	(r)
+		- news	(m)
+		- om	(m)
+		- partner	(r)
+		- pnl	(t)
+		- amptracking.prod	(i)
+		- amp-flex-analytics-service.ap-southeast-1.prod	(i)
+		- hopscotch-star.ap-southeast-1.prod	(t)
+		- www.hopscotch-star.ap-southeast-1.prod	(t)
+		- wwwexpediacom.hopscotch-star.ap-southeast-1.prod	(t)
+		- amp-flex-analytics-service.eu-west-1.prod	(i)
+		- hopscotch-star.eu-west-1.prod	(t)
+		- wwwexpediacom.hopscotch-star.eu-west-1.prod	(t)
+		- reviews.prod	(m)
+		- amp-flex-analytics-service.us-east-1.prod	(i)
+		- collector-proxy-web.us-east-1.prod	(m)
+		- hopscotch-star.us-east-1.prod	(t)
+		- amp-flex-analytics-service.us-west-2.prod	(i)
+		- thumbnails.prod-p	(t)
+		- rateshop	(m)
+		- reviews	(m)
+		- search	(m)
+		- service	(i)
+		- sitespectadmin	(t)
+		- stjude	(e)
+		- support	(i)
+		- synapps	(r)
+		- armbiqlikdev.test	(t)
+		- testconnect	(t)
+		- testconnect2	(t)
+		- shop.test.travelocity	(i)
+		- parardha.vcilab	(t)
+		- www.viewfinder	(t)
+		- visitbritain	(s)
+		- visitflorida	(i)
+		- voyager	(i)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Expedia.com">
+
+	<target host="expedia.com" />
+	<target host="www.expedia.com" />
+	<target host="access.expedia.com" />
+	<target host="admedia.expedia.com" />
+	<target host="advertising.expedia.com" />
+	<target host="www.advertising.expedia.com" />
+	<target host="blog.advertising.expedia.com" />
+	<target host="info.advertising.expedia.com" />
+	<target host="api.expedia.com" />
+	<target host="apim.expedia.com" />
+	<target host="arizonaadventuremeter.expedia.com" />
+	<target host="australiaconcierge.expedia.com" />
+	<target host="autodiscover.expedia.com" />
+	<target host="bcexplorer.expedia.com" />
+	<target host="ews.booking.expedia.com" />
+	<target host="compliance.expedia.com" />
+	<target host="contracts.expedia.com" />
+	<target host="conversations.expedia.com" />
+	<target host="cruise.expedia.com" />
+	<target host="dc.expedia.com" />
+	<target host="discovercancun.expedia.com" />
+	<target host="discoveryouraloha.expedia.com" />
+	<target host="dj-tohoku.expedia.com" />
+	<target host="esp.expedia.com" />
+	<target host="esp1.expedia.com" />
+	<target host="eureka.expedia.com" />
+	<target host="de.eureka.expedia.com" />
+	<target host="es.eureka.expedia.com" />
+	<target host="fr.eureka.expedia.com" />
+	<target host="it.eureka.expedia.com" />
+	<target host="pt.eureka.expedia.com" />
+	<target host="fiestamericana.expedia.com" />
+	<target host="flights.expedia.com" />
+	<target host="goalittlefurther.expedia.com" />
+	<target host="goldcoast.expedia.com" />
+	<target host="groups.expedia.com" />
+	<target host="it.groups.expedia.com" />
+	<target host="ko.groups.expedia.com" />
+	<target host="no.groups.expedia.com" />
+	<target host="sv.groups.expedia.com" />
+	<target host="hackathon.expedia.com" />
+	<target host="hollandtripbuilder.expedia.com" />
+	<target host="media.int.expedia.com" />
+	<target host="thumbnails.int.expedia.com" />
+	<target host="cms-esp-services-web.us-west-2.int.expedia.com" />
+	<target host="contracts.lab.expedia.com" />
+	<target host="li.expedia.com" />
+	<target host="loc.expedia.com" />
+	<target host="lyncdiscover.expedia.com" />
+	<target host="mail.expedia.com" />
+	<target host="media.expedia.com" />
+	<target host="media1.expedia.com" />
+	<target host="media2.expedia.com" />
+	<target host="media3.expedia.com" />
+	<target host="merchantpoint.expedia.com" />
+	<target host="newsroom.expedia.com" />
+	<target host="offersvc.expedia.com" />
+	<target host="oms.expedia.com" />
+	<target host="widgets.partners.expedia.com" />
+	<target host="collector.prod.expedia.com" />
+	<target host="shortly.prod.expedia.com" />
+	<target host="userhistory-web.us-east-1.prod.expedia.com" />
+	<target host="bumi-service.us-west-2.prod.expedia.com" />
+	<target host="campaign-tracker.us-west-2.prod.expedia.com" />
+	<target host="deadpool-trover.us-west-2.prod.expedia.com" />
+	<target host="dialog-web.us-west-2.prod.expedia.com" />
+	<target host="threepp-destination-service.prod-p.expedia.com" />
+	<target host="redirect.expedia.com" />
+	<target host="rental-cars.expedia.com" />
+	<target host="reviewsvc.expedia.com" />
+	<target host="searchsolutions.expedia.com" />
+	<target host="sip.expedia.com" />
+	<target host="southwestengland.expedia.com" />
+	<target host="ssodecaf.expedia.com" />
+	<target host="suggest.expedia.com" />
+	<target host="suggestch.expedia.com" />
+	<target host="sweepstakes.expedia.com" />
+	<target host="taapapiprod.expedia.com" />
+	<target host="taapapistage.expedia.com" />
+	<target host="taas.expedia.com" />
+	<target host="techblog.expedia.com" />
+	<target host="thingstodo.expedia.com" />
+	<target host="thumbnails.expedia.com" />
+	<target host="forum.tools.expedia.com" />
+	<target host="torontostopover.expedia.com" />
+	<target host="travelnevada.expedia.com" />
+	<target host="triplane.expedia.com" />
+	<target host="post.update.expedia.com" />
+	<target host="s.update.expedia.com" />
+	<target host="urgency.expedia.com" />
+	<target host="urgency-predictions.expedia.com" />
+	<target host="apim.useast1.expedia.com" />
+	<target host="usnationalparks.expedia.com" />
+	<target host="apim.uswest2.expedia.com" />
+	<target host="utah.expedia.com" />
+	<target host="viewfinder.expedia.com" />
+	<target host="visitarizona.expedia.com" />
+	<target host="weddings.expedia.com" />
+	<target host="whereintheworld.expedia.com" />
+	<target host="www.whereintheworld.expedia.com" />
+	<target host="xsell.expedia.com" />
+
+	<!-- timeout -->
+	<rule from="^http://expedia\.com/"
+		to="https://www.expedia.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Expedia.de.xml b/src/chrome/content/rules/Expedia.de.xml
new file mode 100644
index 000000000000..31bbbbf78e8f
--- /dev/null
+++ b/src/chrome/content/rules/Expedia.de.xml
@@ -0,0 +1,78 @@
+<!--
+	For other Expedia coverage, see Expedia.com.xml
+
+
+	Non-functional subdomains:
+
+		- expedia.de	(t)
+		- amerikanischesabenteuer	(m)
+		- autan	(m)
+		- www.booking	(m)
+		- business	(t)
+		- charter	(i)
+		- deals	(r)
+		- entdecker	(r)
+		- ferienwohnung	(i)
+		- findedeinmelia	(m)
+		- gruppen	(r)
+		- inside	(t)
+		- jordan	(r)
+		- traveliq.lufthansa	(m)
+		- maps	(t)
+		- marketing	(r)
+		- meeting	(r)
+		- msn	(t)
+		- partner		- (r)
+		- partners	(r)
+		- pauschal	(i)
+		- pioneer	(m)
+		- press	(t)
+		- reisen	(t)
+		- reisewende	(m)
+		- rundreisen	(t)
+		- strand-inspirator	(r)
+		- support	(i)
+		- www.vangogh2015	(m)
+		- werbung	(t)
+		- widgets	(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Expedia.de">
+
+	<target host="expedia.de" />
+	<target host="www.expedia.de" />
+	<target host="access.expedia.de" />
+	<target host="apim.expedia.de" />
+	<target host="blog.expedia.de" />
+	<target host="booking.expedia.de" />
+	<target host="buchung.expedia.de" />
+	<target host="www.booking.cb.expedia.de" />
+	<target host="globetrotter.expedia.de" />
+	<target host="hangzhou.expedia.de" />
+	<target host="hollandtripbuilder.expedia.de" />
+	<target host="kreuzfahrten.expedia.de" />
+	<target host="mitmachen.expedia.de" />
+	<target host="mobilepauschal.expedia.de" />
+	<target host="newsouthwales.expedia.de" />
+	<target host="widgets.partners.expedia.de" />
+	<target host="pauschalreisen.expedia.de" />
+	<target host="ski.expedia.de" />
+	<target host="urlaub.expedia.de" />
+	<target host="usa-nationalparks.expedia.de" />
+	<target host="www.visitdenmark.expedia.de" />
+	<target host="visitutah.expedia.de" />
+
+	<!-- connection timeout -->
+	<rule from="^http://expedia\.de/"
+		to="https://www.expedia.de/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Expedia.dk.xml b/src/chrome/content/rules/Expedia.dk.xml
new file mode 100644
index 000000000000..daf7b4ae946e
--- /dev/null
+++ b/src/chrome/content/rules/Expedia.dk.xml
@@ -0,0 +1,46 @@
+<!--
+	For other Expedia coverage, see Expedia.com.xml
+
+
+	Non-functional subdomains:
+		- $self		(t)
+		- deals		(r)
+		- feriebolig	(i)
+		- fly		(t)
+		- guiden	(r)
+		- partners	(r)
+		- roskilde	(m)
+		- support	(i)
+		- widgets	(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Expedia.dk">
+
+	<target host="expedia.dk" />
+	<target host="www.expedia.dk" />
+	<target host="access.expedia.dk" />
+	<target host="apim.expedia.dk" />
+	<target host="blog.expedia.dk" />
+	<target host="dansk-brewtopia.expedia.dk" />
+	<target host="germanytravelmatch.expedia.dk" />
+	<target host="greatmoments.expedia.dk" />
+	<target host="myreallondon.expedia.dk" />
+	<target host="widgets.partners.expedia.dk" />
+	<target host="playlister.expedia.dk" />
+	<target host="tilmeld-dig.expedia.dk" />
+	<target host="vc.expedia.dk" />
+
+	<!-- connection timeout -->
+	<rule from="^http://expedia\.dk/"
+		to="https://www.expedia.dk/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Expedia.es.xml b/src/chrome/content/rules/Expedia.es.xml
new file mode 100644
index 000000000000..85ebc043a4f2
--- /dev/null
+++ b/src/chrome/content/rules/Expedia.es.xml
@@ -0,0 +1,45 @@
+<!--
+	For other Expedia coverage, see Expedia.com.xml
+
+
+	Non-functional subdomains:
+
+		- expedia.es	(t)
+		- casas-vacaciones	(t)
+		- cruceros	(t)
+		- deals	(r)
+		- paquetes-vacacionales	(t)
+		- pioneer	(m)
+		- prensa	(r)
+		- press	(t)
+		- secretosdeviaje	(m)
+		- suenalohazlorealidad	(m)
+		- support	(i)
+		- widgets	(t)
+		- win	(r)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Expedia.es">
+
+	<target host="expedia.es" />
+	<target host="www.expedia.es" />
+	<target host="access.expedia.es" />
+	<target host="amazingmoments.expedia.es" />
+	<target host="apim.expedia.es" />
+	<target host="inicio.expedia.es" />
+	<target host="widgets.partners.expedia.es" />
+
+	<!-- connection timeout -->
+	<rule from="^http://expedia\.es/"
+		to="https://www.expedia.es/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Expedia.fi.xml b/src/chrome/content/rules/Expedia.fi.xml
new file mode 100644
index 000000000000..07d96a6eaad6
--- /dev/null
+++ b/src/chrome/content/rules/Expedia.fi.xml
@@ -0,0 +1,31 @@
+<!--
+	For other Expedia coverage, see Expedia.com.xml
+
+
+	Non-functional subdomains:
+		- opas		(r)
+		- wwph		(r)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Expedia.fi">
+
+	<target host="expedia.fi" />
+	<target host="www.expedia.fi" />
+	<target host="alvarin-maailma.expedia.fi" />
+	<target host="apim.expedia.fi" />
+	<target host="blogi.expedia.fi" />
+	<target host="myreallondon.expedia.fi" />
+	<target host="playlister.expedia.fi" />
+	<target host="support.expedia.fi" />
+	<target host="vc.expedia.fi" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Expedia.fr.xml b/src/chrome/content/rules/Expedia.fr.xml
new file mode 100644
index 000000000000..de52d961f8db
--- /dev/null
+++ b/src/chrome/content/rules/Expedia.fr.xml
@@ -0,0 +1,53 @@
+<!--
+	For other Expedia coverage, see Expedia.com.xml
+
+
+	Non-functional subdomains:
+
+		- expedia.fr	(t)
+		- click	(m)
+		- croisiere	(r)
+		- deals	(r)
+		- espace	(r)
+		- lexplorateur	(r)
+		- location-vacances	(t)
+		- locationsvacances	(t)
+		- m	(t)
+		- partners	(r)
+		- pioneer	(m)
+		- press	(t)
+		- presse	(t)
+		- publicite	(t)
+		- referafriend	(t)
+		- sncf	(r)
+		- support	(i)
+		- www.vangogh2015	(m)
+		- voyages	(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Expedia.fr">
+
+	<target host="expedia.fr" />
+	<target host="www.expedia.fr" />
+	<target host="access.expedia.fr" />
+	<target host="apim.expedia.fr" />
+	<target host="blog.expedia.fr" />
+	<target host="decouvertes.expedia.fr" />
+	<target host="hangzhou.expedia.fr" />
+	<target host="widgets.partners.expedia.fr" />
+	<target host="vacances.expedia.fr" />
+
+	<!-- connection timeout -->
+	<rule from="^http://expedia\.fr/"
+		to="https://www.expedia.fr/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Expedia.ie.xml b/src/chrome/content/rules/Expedia.ie.xml
new file mode 100644
index 000000000000..e52afd602dc7
--- /dev/null
+++ b/src/chrome/content/rules/Expedia.ie.xml
@@ -0,0 +1,32 @@
+<!--
+	For other Expedia coverage, see Expedia.com.xml
+
+
+	Non-functional subdomains:
+		- blog		(m)
+		- deals		(r)
+		- inside	(r)
+		- partners	(r)
+		- support	(i)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Expedia.ie">
+
+	<target host="expedia.ie" />
+	<target host="www.expedia.ie" />
+	<target host="access.expedia.ie" />
+	<target host="apim.expedia.ie" />
+	<target host="groups.expedia.ie" />
+	<target host="m.expedia.ie" />
+	<target host="widgets.partners.expedia.ie" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Expedia.it.xml b/src/chrome/content/rules/Expedia.it.xml
new file mode 100644
index 000000000000..0ec376973cfb
--- /dev/null
+++ b/src/chrome/content/rules/Expedia.it.xml
@@ -0,0 +1,46 @@
+<!--
+	For other Expedia coverage, see Expedia.com.xml
+
+
+	Non-functional subdomains:
+
+		- expedia.it	(t)
+		- advertising	(t)
+		- autan	(m)
+		- case-vacanze	(t)
+		- esploratori	(r)
+		- notizie	(r)
+		- pacchetti-vacanze	(t)
+		- pioneer	(m)
+		- support	(i)
+		- widgets	(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Expedia.it">
+
+	<target host="expedia.it" />
+	<target host="www.expedia.it" />
+	<target host="access.expedia.it" />
+	<target host="amazingmoments.expedia.it" />
+	<target host="apim.expedia.it" />
+	<target host="hangzhou.expedia.it" />
+	<target host="hollandtripbuilder.expedia.it" />
+	<target host="partecipa.expedia.it" />
+	<target host="widgets.partners.expedia.it" />
+	<target host="vacanze-mare.expedia.it" />
+	<target host="www.visitdenmark.expedia.it" />
+
+	<!-- connection timeout -->
+	<rule from="^http://expedia\.it/"
+		to="https://www.expedia.it/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Expedia.mx.xml b/src/chrome/content/rules/Expedia.mx.xml
new file mode 100644
index 000000000000..00f45f1bc5be
--- /dev/null
+++ b/src/chrome/content/rules/Expedia.mx.xml
@@ -0,0 +1,35 @@
+<!--
+	For other Expedia coverage, see Expedia.com.xml
+
+
+	Non-functional subdomains:
+		- aventuraamericana	(m)
+		- www.citibanamex	(t)
+		- www.prensa		(m)
+		- support		(i)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Expedia.mx">
+
+	<target host="expedia.mx" />
+	<target host="www.expedia.mx" />
+	<target host="access.expedia.mx" />
+	<target host="apim.expedia.mx" />
+	<target host="blog.expedia.mx" />
+	<target host="citibanamex.expedia.mx" />
+	<target host="eeuu-parquesnacionales.expedia.mx" />
+	<target host="grupos.expedia.mx" />
+	<target host="es.grupos.expedia.mx" />
+	<target host="m.expedia.mx" />
+	<target host="widgets.partners.expedia.mx" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Expedia.nl.xml b/src/chrome/content/rules/Expedia.nl.xml
new file mode 100644
index 000000000000..9af71240b318
--- /dev/null
+++ b/src/chrome/content/rules/Expedia.nl.xml
@@ -0,0 +1,43 @@
+<!--
+	For other Expedia coverage, see Expedia.com.xml
+
+
+	Non-functional subdomains:
+		- deals		(r)
+		- over		(r)
+		- partners	(r)
+		- pioneer	(m)
+		- support	(i)
+		- vakantiehuizen	(t)
+		- wwph		(r)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Expedia.nl">
+
+	<target host="expedia.nl" />
+	<target host="www.expedia.nl" />
+	<target host="access.expedia.nl" />
+	<target host="amazingmoments.expedia.nl" />
+	<target host="apim.expedia.nl" />
+	<target host="blog.expedia.nl" />
+	<target host="germanytravelmatch.expedia.nl" />
+	<target host="inspiratie.expedia.nl" />
+	<target host="lastminute.expedia.nl" />
+	<target host="m.expedia.nl" />
+	<target host="pakketreizen.expedia.nl" />
+	<target host="widgets.partners.expedia.nl" />
+	<target host="ski.expedia.nl" />
+	<target host="uitnodigen.expedia.nl" />
+	<target host="vakantie.expedia.nl" />
+	<target host="vakanties.expedia.nl" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Expedia.no.xml b/src/chrome/content/rules/Expedia.no.xml
new file mode 100644
index 000000000000..2e5191968789
--- /dev/null
+++ b/src/chrome/content/rules/Expedia.no.xml
@@ -0,0 +1,44 @@
+<!--
+	For other Expedia coverage, see Expedia.com.xml
+
+
+	Non-functional subdomains:
+		- expedia.no	(t)
+		- deals		(r)
+		- guiden	(r)
+		- partners	(r)
+		- support	(i)
+		- widgets	(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Expedia.no">
+
+	<target host="expedia.no" />
+	<target host="www.expedia.no" />
+	<target host="access.expedia.no" />
+	<target host="apim.expedia.no" />
+	<target host="blogg.expedia.no" />
+	<target host="greatmoments.expedia.no" />
+	<target host="harryholetour.expedia.no" />
+	<target host="historiske-oslo.expedia.no" />
+	<target host="kollektivtrafikk.expedia.no" />
+	<target host="myreallondon.expedia.no" />
+	<target host="widgets.partners.expedia.no" />
+	<target host="playlister.expedia.no" />
+	<target host="registrer-deg.expedia.no" />
+	<target host="vc.expedia.no" />
+
+	<!-- connection timeout -->
+	<rule from="^http://expedia\.no/"
+		to="https://www.expedia.no/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Expedia.se.xml b/src/chrome/content/rules/Expedia.se.xml
new file mode 100644
index 000000000000..471459537469
--- /dev/null
+++ b/src/chrome/content/rules/Expedia.se.xml
@@ -0,0 +1,44 @@
+<!--
+	For other Expedia coverage, see Expedia.com.xml
+
+
+	Non-functional subdomains:
+		- expedia.se	(t)
+		- deals		(r)
+		- guiden	(r)
+		- semesterhus	(i)
+		- support	(i)
+		- widgets	(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Expedia.se">
+
+	<target host="expedia.se" />
+	<target host="www.expedia.se" />
+	<target host="access.expedia.se" />
+	<target host="apim.expedia.se" />
+	<target host="blogg.expedia.se" />
+	<target host="greatmoments.expedia.se" />
+	<target host="malmohus-slott.expedia.se" />
+	<target host="myreallondon.expedia.se" />
+	<target host="myrealstockholm.expedia.se" />
+	<target host="widgets.partners.expedia.se" />
+	<target host="playlister.expedia.se" />
+	<target host="registrera-dig.expedia.se" />
+	<target host="smaker-sverige.expedia.se" />
+	<target host="vc.expedia.se" />
+
+	<!-- connection timeout -->
+	<rule from="^http://expedia\.se/"
+		to="https://www.expedia.se/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Expedia.xml b/src/chrome/content/rules/Expedia.xml
deleted file mode 100644
index c33c1e29b62c..000000000000
--- a/src/chrome/content/rules/Expedia.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<ruleset name="Expedia">
-
-	<target host="expedia.com" />
-	<target host="*.expedia.com" />
-	<target host="expedia.co.uk" />
-	<target host="*.expedia.co.uk" />
-
-
-	<securecookie host="^\.expedia\.co(?:om|\.uk)$" name=".+" />
-
-
-	<!--	Cert only matches *.expedia.com.
-							-->
-	<rule from="^https?://(?:www\.)?expedia\.com/"
-		to="https://www.expedia.com/" />
-
-	<rule from="^http://media\.expedia\.com/"
-		to="https://media.expedia.com/" />
-
-	<rule from="^http://(www\.)?expedia\.co\.uk/"
-		to="https://$1expedia.co.uk/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/ExpeditedSSL.com.xml b/src/chrome/content/rules/ExpeditedSSL.com.xml
new file mode 100644
index 000000000000..33fbf2b79a0e
--- /dev/null
+++ b/src/chrome/content/rules/ExpeditedSSL.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="ExpeditedSSL.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="expeditedssl.com" />
+	<target host="www.expeditedssl.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Experian.xml b/src/chrome/content/rules/Experian.xml
index 0e4d74ed3c36..bd287fe020cd 100644
--- a/src/chrome/content/rules/Experian.xml
+++ b/src/chrome/content/rules/Experian.xml
@@ -1,29 +1,18 @@
 <!--
 	Other Experian rulesets:
 
+		- Audience_IQ.com.xml
 		- CheetahMail.xml
-
-
-	Problematic domains:
-
-		- experian.com		(cert only matches www)
+		- Chtah.net.xml
+		- Fagms.net.xml
 
 -->
-<ruleset name="Experian">
+<ruleset name="Experian (partial)">
 
 	<target host="experian.com" />
 	<target host="www.experian.com" />
 	<target host="experian.experiandirect.com" />
-	<target host="*.experian.experiandirect.com" />
-
-
-	<securecookie host="^\.?experian\.experiandirect\.com$" name=".+" />
-
-
-	<rule from="^https?://(?:www\.)?experian\.com/"
-		to="https://www.experian.com/" />
 
-	<rule from="^http://experian\.experiandirect\.com/"
-		to="https://experian.experiandirect.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Experience-Days.xml b/src/chrome/content/rules/Experience-Days.xml
index c438471d5e48..e4f26e8103de 100644
--- a/src/chrome/content/rules/Experience-Days.xml
+++ b/src/chrome/content/rules/Experience-Days.xml
@@ -2,9 +2,7 @@
 	<target host="experiencedays.co.uk" />
 	<target host="www.experiencedays.co.uk" />
 
-	<securecookie host="^www\.experiencedays\.co\.uk$"
-			name=".+" />
+	<securecookie host="^www\.experiencedays\.co\.uk$" name=".+" />
 
-	<rule from="^(https://|http://(www\.)?)experiencedays\.co\.uk/"
-		to="https://www.experiencedays.co.uk/" />
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Explainxkcd.com.xml b/src/chrome/content/rules/Explainxkcd.com.xml
new file mode 100644
index 000000000000..8c4afa80af02
--- /dev/null
+++ b/src/chrome/content/rules/Explainxkcd.com.xml
@@ -0,0 +1,20 @@
+<!--
+    Notes:
+      - Cloudflare SSL
+
+    Mixed content:
+      - All sites
+        - pictures by explainxkcd.com *
+        - pictures by upload.wikimedia.org *
+        - pictures by creativecommons.org/licensebuttons.net *
+        - captcha on register page (excluded) *
+
+      * Secured by us
+-->
+<ruleset name="Explainxkcd.com" platform="mixedcontent">
+    <target host="www.explainxkcd.com" />
+    <target host="explainxkcd.com" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Exploit.IN.xml b/src/chrome/content/rules/Exploit.IN.xml
new file mode 100644
index 000000000000..df2f65b1e09b
--- /dev/null
+++ b/src/chrome/content/rules/Exploit.IN.xml
@@ -0,0 +1,34 @@
+<!--
+	www.exploit.in: Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- exploit.in
+
+-->
+<ruleset name="Exploit.IN">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="exploit.in" />
+
+	<!--	Complications:
+				-->
+	<target host="www.exploit.in" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^exploit\.in$" name="^session_id$" /-->
+
+	<securecookie host="^exploit\.in$" name=".+" />
+
+
+	<rule from="^http://www\.exploit\.in/"
+		to="https://exploit.in/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ExploitHub.com.xml b/src/chrome/content/rules/ExploitHub.com.xml
new file mode 100644
index 000000000000..b3fe1d8aa63b
--- /dev/null
+++ b/src/chrome/content/rules/ExploitHub.com.xml
@@ -0,0 +1,14 @@
+<!--
+	www: cert only matches ^exploithub.com
+
+-->
+<ruleset name="ExploitHub.com">
+
+	<target host="exploithub.com" />
+	<target host="www.exploithub.com" />
+
+
+	<rule from="^http://(?:www\.)?exploithub\.com/"
+		to="https://exploithub.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ExploreB2B.com.xml b/src/chrome/content/rules/ExploreB2B.com.xml
new file mode 100644
index 000000000000..48b7ce344caf
--- /dev/null
+++ b/src/chrome/content/rules/ExploreB2B.com.xml
@@ -0,0 +1,25 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://exploreb2b.com/ => https://exploreb2b.com/: (7, 'Failed to connect to exploreb2b.com port 443: Connection refused')
+Fetch error: http://www.exploreb2b.com/ => https://www.exploreb2b.com/: (7, 'Failed to connect to www.exploreb2b.com port 443: Connection refused')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://exploreb2b.com/ => https://exploreb2b.com/: (28, 'Operation timed out after 15001 milliseconds with 0 bytes received')
+-->
+<ruleset name="exploreB2B.com" default_off="failed ruleset test">
+
+	<target host="exploreb2b.com" />
+	<target host="www.exploreb2b.com" />
+
+
+	<securecookie host="^\.exploreb2b\.com$" name=".+" />
+	<!--
+		Server sets Secure for:
+					-->
+	<!--securecookie host="^(www\.)?exploreb2b\.com$" name=".+" /-->
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ExploreFlask.com.xml b/src/chrome/content/rules/ExploreFlask.com.xml
new file mode 100644
index 000000000000..a7fb87bc7eba
--- /dev/null
+++ b/src/chrome/content/rules/ExploreFlask.com.xml
@@ -0,0 +1,11 @@
+<!--
+	Nonfunctional hosts in *.exploreflask.com:
+		- www
+-->
+<ruleset name="ExploreFlask.com">
+	<target host="exploreflask.com" />
+
+	<rule from="^http:" to="https:" />
+
+	<securecookie host=".+" name=".+" />
+</ruleset>
diff --git a/src/chrome/content/rules/Explosm.net.xml b/src/chrome/content/rules/Explosm.net.xml
index 3a0d5b5e088a..067c49009f44 100644
--- a/src/chrome/content/rules/Explosm.net.xml
+++ b/src/chrome/content/rules/Explosm.net.xml
@@ -1,4 +1,10 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://explosm.net/ => https://explosm.net/: Too many redirects while fetching 'https://explosm.net/'
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://explosm.net/ => https://explosm.net/: Cycle detected - URL already encountered: https://explosm.net/
 		- explosmstore.myshopify.com
 
 			- store
@@ -18,19 +24,19 @@
 	a problem for mixed content blockers.
 
 -->
-<ruleset name="Explosm.net (partial)">
+<ruleset name="Explosm.net (partial)" default_off="failed ruleset test">
 
 	<target host="explosm.net" />
-	<target host="*.explosm.net" />
+	<target host="www.explosm.net" />
+	<target host="store.explosm.net" />
 
 
 	<securecookie host="^\.explosm\.net$" name=".+" />
 
 
-	<rule from="^http://(www\.)?explosm\.net/"
-		to="https://$1explosm.net/" />
 
 	<rule from="^http://store\.explosm\.net/"
 		to="https://explosmstore.myshopify.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Expo2020.xml b/src/chrome/content/rules/Expo2020.xml
new file mode 100644
index 000000000000..d71efa5423b2
--- /dev/null
+++ b/src/chrome/content/rules/Expo2020.xml
@@ -0,0 +1,21 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://grant.expo2020dubai.ae/ => https://grant.expo2020dubai.ae/: (51, "SSL: no alternative certificate subject name matches target host name 'grant.expo2020dubai.ae'")
+
+	404:
+		- www.expo2020dubai.ae
+
+	Invalid:
+		- stage.expo2020dubai.ae
+
+	Mixed content:
+		- expo2020dubai.ae
+
+-->
+<ruleset name="Expo 2020 (partial)" default_off="failed ruleset test">
+	<target host="esource.expo2020dubai.ae" />
+	<target host="grant.expo2020dubai.ae" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Exponential.com.xml b/src/chrome/content/rules/Exponential.com.xml
new file mode 100644
index 000000000000..66f783a2931f
--- /dev/null
+++ b/src/chrome/content/rules/Exponential.com.xml
@@ -0,0 +1,27 @@
+<!--
+	Other Exponential rulesets:
+
+		- Tribal_Fusion.com.xml
+
+
+	Nonfunctional hosts in *exponential.com:
+
+		- (www.) ¹
+		- blog ¹
+		- showcase ²
+
+	¹ Handshake fails
+	² Dropped
+
+-->
+<ruleset name="Exponential.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="tags.expo9.exponential.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Export.gov.xml b/src/chrome/content/rules/Export.gov.xml
new file mode 100644
index 000000000000..5ec3d9d1adb6
--- /dev/null
+++ b/src/chrome/content/rules/Export.gov.xml
@@ -0,0 +1,29 @@
+<!--
+	Different content http/https:
+		2016.export.gov
+
+	Invalid certificate:
+		apps.export.gov
+		help.export.gov
+		tcc.export.gov
+
+	Login required:
+		build.export.gov
+
+	Time out:
+		ese.export.gov
+		files.export.gov
+		tse.export.gov
+
+-->
+<ruleset name="Export.gov">
+
+	<target host="export.gov" />
+	<target host="www.export.gov" />
+	<target host="search.export.gov" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ExposeFacts.org.xml b/src/chrome/content/rules/ExposeFacts.org.xml
new file mode 100644
index 000000000000..202b7ae94726
--- /dev/null
+++ b/src/chrome/content/rules/ExposeFacts.org.xml
@@ -0,0 +1,14 @@
+<!--
+	www: Refused
+
+-->
+<ruleset name="ExposeFacts.org">
+
+	<target host="exposefacts.org" />
+	<target host="www.exposefacts.org" />
+
+
+	<rule from="^http://(?:www\.)?exposefacts\.org/"
+		to="https://exposefacts.org/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Exposing_the_Invisible.org.xml b/src/chrome/content/rules/Exposing_the_Invisible.org.xml
new file mode 100644
index 000000000000..e6f1ab269434
--- /dev/null
+++ b/src/chrome/content/rules/Exposing_the_Invisible.org.xml
@@ -0,0 +1,27 @@
+<!--
+	For other Tactical Technology coverage, see Tactical_Tech.org.xml.
+
+
+	Insecure cookies are set for these hosts:
+
+		- exposingtheinvisible.org
+		- www.exposingtheinvisible.org
+
+-->
+<ruleset name="Exposing the Invisible.org">
+
+	<target host="exposingtheinvisible.org" />
+	<target host="www.exposingtheinvisible.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="(?:www\.)?exposingtheinvisible\.org$" name="^_eti_session$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Exposure.co.xml b/src/chrome/content/rules/Exposure.co.xml
new file mode 100644
index 000000000000..5c4811c63160
--- /dev/null
+++ b/src/chrome/content/rules/Exposure.co.xml
@@ -0,0 +1,76 @@
+<!--
+	CDN buckets:
+
+		- exposure-media.s3.amazonaws.com
+		- d1dh4fomm3d62b.cloudfront.net
+		- exposure.imgix.net
+
+
+	Nonfunctional hosts in *exposure.co:
+
+		- changes *
+		- gettingstarted *
+
+	* Tumblr / refused
+
+
+	Problematic hosts in *exposure.co:
+
+		- support *
+
+	* Mismatched
+
+
+	Fully covered hosts in *exposure.co:
+
+		- (www.)?
+		- featured
+		- * ¹
+
+	¹ Per-account vhosts
+
+
+	Insecure cookies are set for these domains: ᶜ
+
+		- .exposure.co
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Exposure.co (partial)">
+
+	<target host="exposure.co" />
+	<target host="*.exposure.co" />
+
+		<exclusion pattern="^http://(?:[^./]+\.){2,}exposure\.co/" />
+
+			<!--	+ve:
+					-->
+			<test url="http://this.host.exposure.co/" />
+			<test url="http://exists.not.exposure.co/" />
+
+		<exclusion pattern="^http://(?:changes|gettingstarted|support)\.exposure\.co/" />
+
+			<!--	+ve:
+					-->
+			<test url="http://changes.exposure.co/" />
+			<test url="http://gettingstarted.exposure.co/" />
+			<test url="http://support.exposure.co/" />
+
+		<test url="http://charitywater.exposure.co/" />
+		<test url="http://featured.exposure.co/" />
+		<test url="http://wwf.exposure.co/" />
+		<test url="http://www.exposure.co/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.exposure\.co$" name="^_exposure_session$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Express-VPN.xml b/src/chrome/content/rules/Express-VPN.xml
deleted file mode 100644
index 0d3c060e81c5..000000000000
--- a/src/chrome/content/rules/Express-VPN.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="Express-VPN.com">
-  <target host="express-vpn.com" />
-  <target host="www.express-vpn.com" />
-
-  <rule from="^http://(?:www\.)express-vpn\.com/"
-          to="https://www.express-vpn.com/" />
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Express.co.uk.xml b/src/chrome/content/rules/Express.co.uk.xml
new file mode 100644
index 000000000000..978c0e910324
--- /dev/null
+++ b/src/chrome/content/rules/Express.co.uk.xml
@@ -0,0 +1,48 @@
+<!--
+	Invalid certificate:
+		api.express.co.uk
+		competitions.express.co.uk
+		facuppredictor.express.co.uk
+		images.express.co.uk
+		*.info.express.co.uk
+		local.express.co.uk
+		microsites.express.co.uk
+		news.express.co.uk
+
+	Refused:
+		broadband.express.co.uk
+
+	Time out:
+		football-stats.express.co.uk
+		games.express.co.uk
+
+	Private subdomain:
+		gateway.express.co.uk
+
+	No working URL known:
+		login.express.co.uk
+
+	Different content http/https:
+		shop.express.co.uk
+
+-->
+<ruleset name="Express.co.uk">
+
+	<target host="express.co.uk" />
+	<target host="www.express.co.uk" />
+	<target host="cdn.images.express.co.uk" />
+	<target host="www.shop.express.co.uk" />
+
+	<!--	Secured by server:
+					-->
+	<!--securecookie host="^www\.express\.co\.uk$" name="^CAKEPHP$" /-->
+	<!--
+		Not secured by server:
+					-->
+	<!--securecookie host="^www\.express\.co\.uk$" name="^weatherData_Weather$" /-->
+	<securecookie host="^www\.express\.co\.uk$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Express.de.xml b/src/chrome/content/rules/Express.de.xml
new file mode 100644
index 000000000000..314d873ac8ab
--- /dev/null
+++ b/src/chrome/content/rules/Express.de.xml
@@ -0,0 +1,32 @@
+<!--
+	This domain contains a wildcard DNS record.
+
+	No alternative certificate subject name matches target host name:
+	- boerse.express.de
+	- formulare.express.de
+	- tvprogramm.express.de
+
+	Timeout:
+	- aboservice.express.de
+-->
+<ruleset name="Express.de (partial)">
+
+	<target host="express.de" />
+	<target host="www.express.de" />
+	<target host="amp.express.de" />
+	<target host="biallo.express.de" />
+	<target host="consent.express.de" />
+	<target host="epages.express.de" />
+	<target host="horoskope.express.de" />
+	<target host="leserreisen.express.de" />
+	<target host="mobil.express.de" />
+	<target host="shop.express.de" />
+	<target host="specials.express.de" />
+	<target host="static.express.de" />
+	<target host="termine.express.de" />
+	<target host="track.express.de" />
+	<target host="wetter.express.de" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Expresscoin.com.xml b/src/chrome/content/rules/Expresscoin.com.xml
new file mode 100644
index 000000000000..8f6933107ca0
--- /dev/null
+++ b/src/chrome/content/rules/Expresscoin.com.xml
@@ -0,0 +1,47 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://expresscoin.com/ => https://expresscoin.com/: (51, "SSL: no alternative certificate subject name matches target host name 'expresscoin.com'")
+Fetch error: http://accounts.expresscoin.com/ => https://accounts.expresscoin.com/: (6, 'Could not resolve host: accounts.expresscoin.com')
+
+	Nonfunctional subdomains:
+
+		- blog *
+
+	* tumblr
+
+
+	Fully covered hosts in *expresscoin.com:
+
+		- (www.)?
+		- accounts
+
+
+	Insecure cookies are set for these hosts:
+
+		- expresscoin.com
+		- accounts.expresscoin.com
+		- www.expresscoin.com
+
+-->
+<ruleset name="expresscoin.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="expresscoin.com" />
+	<target host="accounts.expresscoin.com" />
+	<target host="www.expresscoin.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?expresscoin\.com$" name="^laravel_session$" /-->
+	<!--securecookie host="^accounts\.expresscoin\.com$" name="^exp_req_url$" /-->
+
+	<securecookie host="^(?:\.|accounts\.|www\.)?expresscoin\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Expressen.se.xml b/src/chrome/content/rules/Expressen.se.xml
new file mode 100644
index 000000000000..8f2a12ff0468
--- /dev/null
+++ b/src/chrome/content/rules/Expressen.se.xml
@@ -0,0 +1,26 @@
+<!-- 
+
+ 	Invalid certificate:
+
+		- goteborgsgirot.expressen.se (mismatch)
+-->
+
+<ruleset name="Expressen.se">
+
+	<target host="expressen.se" />
+	<target host="www.expressen.se" />
+
+	<target host="annons.expressen.se" />
+	<target host="bloggar.expressen.se" />
+	<target host="etidning.expressen.se" />
+	<target host="extra.expressen.se" />
+	<target host="kampanj.expressen.se" />
+	<target host="login.expressen.se" />
+	<target host="magasin.expressen.se" />
+	<target host="mittkok.expressen.se" />
+	<target host="rabattkoder.expressen.se" />
+	<target host="spel.expressen.se" />
+
+	<rule from="^http:" to="https:" />
+	
+</ruleset>
diff --git a/src/chrome/content/rules/Extabit.xml b/src/chrome/content/rules/Extabit.xml
index 9d459141a6fa..378a2b740a94 100644
--- a/src/chrome/content/rules/Extabit.xml
+++ b/src/chrome/content/rules/Extabit.xml
@@ -16,7 +16,9 @@
 <ruleset name="Extabit (partial)" default_off="expired">
 
 	<target host="extabit.com" />
-	<target host="*.extabit.com" />
+	<target host="st.extabit.com" />
+	<target host="webmaster.extabit.com" />
+	<target host="www.extabit.com" />
 
 
 	<!--	info, extau, and vs are sent to guest\d\d
@@ -34,10 +36,10 @@
 	This matches all of those listed, and
 	not those sent to guest\d\d.
 					-->
-	<securecookie host="^\.extabit\.com$" name="^(\w|\w{3}|\w{6,}|einfo)$" />
+	<securecookie host="^\.extabit\.com$" name="^(?:\w|\w{3}|\w{6,}|einfo)$" />
 
 
-	<rule from="^https?://(?:st\.|webmaster\.|www\.)?extabit\.com/"
+	<rule from="^http://(?:st\.|webmaster\.|www\.)?extabit\.com/"
 		to="https://extabit.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Extatic.org.xml b/src/chrome/content/rules/Extatic.org.xml
index 92e3c39e1a32..1532baea156b 100644
--- a/src/chrome/content/rules/Extatic.org.xml
+++ b/src/chrome/content/rules/Extatic.org.xml
@@ -1,21 +1,18 @@
 <!--
-	Problematic subdomains:
+	Invalid certificate:
+		bugs.extatic.org
 
-		- bugs *
-		- www *
-
-	* Works, mismatched, CN: secure.extatic.org
-
-
-	^extatic.org prints IP
+	Refused:
+		mail.extatic.org
+		secure.extatic.org
 
 -->
-<ruleset name="extatic.org (partial)">
-
-	<target host="*.extatic.org" />
+<ruleset name="extatic.org">
 
+	<target host="extatic.org" />
+	<target host="www.extatic.org" />
 
-	<rule from="^http://(?:secure|www)\.extatic\.org/"
-		to="https://secure.extatic.org/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Extension_Defender.com.xml b/src/chrome/content/rules/Extension_Defender.com.xml
new file mode 100644
index 000000000000..d90befcdebe6
--- /dev/null
+++ b/src/chrome/content/rules/Extension_Defender.com.xml
@@ -0,0 +1,20 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://extensiondefender.com/ => https://extensiondefender.com/: (7, 'Failed to connect to extensiondefender.com port 443: Connection refused')
+Fetch error: http://www.extensiondefender.com/ => https://www.extensiondefender.com/: (7, 'Failed to connect to www.extensiondefender.com port 443: Connection refused')
+
+-->
+<ruleset name="Extension Defender.com" default_off="failed ruleset test">
+
+	<target host="extensiondefender.com" />
+	<target host="www.extensiondefender.com" />
+
+
+	<securecookie host="^\.extensiondefender\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Extensis.com-problematic.xml b/src/chrome/content/rules/Extensis.com-problematic.xml
new file mode 100644
index 000000000000..ea432a1ebcba
--- /dev/null
+++ b/src/chrome/content/rules/Extensis.com-problematic.xml
@@ -0,0 +1,13 @@
+<!--
+	For rules that are on by default, see Extensis.com.xml.
+
+-->
+<ruleset name="Extensis.com (mismatched)" default_off="mismatched">
+
+	<target host="marketing.extensis.com"/>
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Extensis.com.xml b/src/chrome/content/rules/Extensis.com.xml
new file mode 100644
index 000000000000..b6d365efec6f
--- /dev/null
+++ b/src/chrome/content/rules/Extensis.com.xml
@@ -0,0 +1,80 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www2.extensis.com/ => https://www2.extensis.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www2.extensis.com'")
+
+	For problematic rules, see Extensis.com-problematic.xml.
+
+	For other Celartem coverage, see Celartem.xml.
+
+
+	Nonfunctional subdomains:
+
+		- 313 ¹
+		- blog ³
+		- channels ¹
+		- fo4rums ³
+
+	¹ Dropped
+	² Shows default Amazon Linux page; self-signed, CN: ip-10-217-58-111
+	³ Refused
+
+
+	Problematic subdomains:
+
+		- blog-cache[12] *
+		- blog-cache-css *
+		- marketing *
+
+	* Mismatched
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .extensis.com
+		- secure.extensis.com
+		- www.extensis.com
+
+-->
+<ruleset name="Extensis.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="extensis.com" />
+	<target host="secure.extensis.com" />
+	<target host="www.extensis.com" />
+	<target host="www-cache-css.extensis.com" />
+	<target host="www-cache1.extensis.com" />
+	<target host="www-cache2.extensis.com" />
+	<target host="www-cache3.extensis.com" />
+	<target host="www-cache4.extensis.com" />
+	<target host="www-cache5.extensis.com" />
+	<target host="www2.extensis.com" />
+
+	<!--	Complications:
+				-->
+	<!--target host="blog-cache-css.extensis.com" /-->
+	<!--target host="blog-cache1.extensis.com" /-->
+	<!--target host="blog-cache2.extensis.com" /-->
+	<!--target host="blog-cache3.extensis.com" /-->
+	<!--target host="blog-cache4.extensis.com" /-->
+	<!--target host="blog-cache5.extensis.com" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.extensis\.com$" name="^wp\d+$" /-->
+	<!--securecookie host="^secure\.extensis\.com$" name="^AWSELB$" /-->
+	<!--securecookie host="^www\.extensis\.com$" name="^_icl_current_language$" /-->
+
+	<securecookie host="^(?:secure|www)?\.extensis\.com$" name=".+" />
+
+
+	<!--rule from="^http://blog-cache(-css|[1-5])\.extensis\.com/"
+		to="https://???.cloudfront.net/" /-->
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Extra_Lunch_Money.xml b/src/chrome/content/rules/Extra_Lunch_Money.xml
index f60c37447d74..c27769f3fbcf 100644
--- a/src/chrome/content/rules/Extra_Lunch_Money.xml
+++ b/src/chrome/content/rules/Extra_Lunch_Money.xml
@@ -12,16 +12,16 @@
 <ruleset name="Extra Lunch Money">
 
 	<target host="extralunchmoney.com" />
-	<target host="*.extralunchmoney.com" />
+	<target host="www.extralunchmoney.com" />
+	<target host="imageassets.extralunchmoney.com" />
 
 
 	<securecookie host="^\.?extralunchmoney\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?extralunchmoney\.com/"
-		to="https://$1extralunchmoney.com/" />
 
 	<rule from="^http://imageassets\.extralunchmoney\.com/"
 		to="https://1c2b4e3d78d00f8d775f-9944ec653f3e6c54804d49fe85e91fe7.ssl.cf2.rackcdn.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Extratorrent.com.xml b/src/chrome/content/rules/Extratorrent.com.xml
new file mode 100644
index 000000000000..4c14f5a5f7e3
--- /dev/null
+++ b/src/chrome/content/rules/Extratorrent.com.xml
@@ -0,0 +1,40 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://etproxy.com/ => https://etproxy.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://www.etproxy.com/ => https://www.etproxy.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://extratorrent.life/ => https://extratorrent.life/: (28, 'Operation timed out after 30006 milliseconds with 0 bytes received')
+Fetch error: http://www.extratorrent.life/ => https://www.extratorrent.life/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://extratorrent.one/ => https://extratorrent.one/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://www.extratorrent.one/ => https://www.extratorrent.one/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://extratorrentonline.com/ => https://extratorrentonline.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://www.extratorrentonline.com/ => https://www.extratorrentonline.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+
+static.etproxy.com different content
+-->
+<ruleset name="Extratorrent.com" default_off="failed ruleset test">
+
+	<target host="extratorrent.com" />
+	<target host="www.extratorrent.com" />
+	<target host="extratorrent.cc" />
+	<target host="www.extratorrent.cc" />
+	<target host="etproxy.com" />
+	<target host="www.etproxy.com" />
+	<target host="extratorrent.life" />
+	<target host="www.extratorrent.life" />
+	<target host="extratorrent.one" />
+	<target host="www.extratorrent.one" />
+	<target host="extratorrent.works" />
+	<target host="www.extratorrent.works" />
+	<target host="extratorrentonline.com" />
+	<target host="www.extratorrentonline.com" />
+
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Extreme-Dm.com.xml b/src/chrome/content/rules/Extreme-Dm.com.xml
index c3c4d60f1bb2..39e36b4880f4 100644
--- a/src/chrome/content/rules/Extreme-Dm.com.xml
+++ b/src/chrome/content/rules/Extreme-Dm.com.xml
@@ -20,11 +20,13 @@
 -->
 <ruleset name="Extreme-Dm.com (partial)">
 
-	<target host="*.extreme-dm.com"/>
+	<target host="nht-2.extreme-dm.com" />
+	<target host="nht-3.extreme-dm.com" />
+	<target host="t0.extreme-dm.com" />
+	<target host="t1.extreme-dm.com" />
+	<target host="w1.extreme-dm.com" />
 
 
-	<rule from="^http://nht-(2|3)\.extreme-dm\.com/"
-		to="https://nht-$1.extreme-dm.com/" />
 
 	<rule from="^http://t[01]\.extreme-dm\.com/"
 		to="https://t1.extreme-dm.com/"/>
@@ -32,4 +34,5 @@
 	<rule from="^http://w1\.extreme-dm\.com/"
 		to="https://t1.extreme-dm.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Extreme-Light-Infrastructure.xml b/src/chrome/content/rules/Extreme-Light-Infrastructure.xml
deleted file mode 100644
index caafdc18f383..000000000000
--- a/src/chrome/content/rules/Extreme-Light-Infrastructure.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	/ssl7.ovh.net/~extremel/
-
--->
-<ruleset name="Extreme Light Infrastructure">
-
-	<target host="extreme-light-infrastructure.eu" />
-	<target host="www.extreme-light-infrastructure.eu" />
-
-
-	<!--	Cert: ssl7.ovh.net
-					-->
-	<rule from="^https?://(?:www\.)?extreme-light-infrastructure.eu/"
-		to="https://ssl7.ovh.net/~extremel/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Extreme-Tracking.xml b/src/chrome/content/rules/Extreme-Tracking.xml
index 984fd8c48b02..6d0a59e69e46 100644
--- a/src/chrome/content/rules/Extreme-Tracking.xml
+++ b/src/chrome/content/rules/Extreme-Tracking.xml
@@ -22,7 +22,6 @@
 	<target host="www.extremetracking.com" />
 
 
-	<rule from="^http://(?:www\.)?extremetracking\.com/"
-		to="https://extremetracking.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/ExtremeTacticalDynamics.com.xml b/src/chrome/content/rules/ExtremeTacticalDynamics.com.xml
new file mode 100644
index 000000000000..35d7dfebc02b
--- /dev/null
+++ b/src/chrome/content/rules/ExtremeTacticalDynamics.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="ExtremeTacticalDynamics.com">
+	<target host="extremetacticaldynamics.com" />
+	<target host="www.extremetacticaldynamics.com" />
+	<target host="images.extremetacticaldynamics.com" />
+	<target host="images2.extremetacticaldynamics.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ExtremeTech.com.xml b/src/chrome/content/rules/ExtremeTech.com.xml
new file mode 100644
index 000000000000..371e1a42882f
--- /dev/null
+++ b/src/chrome/content/rules/ExtremeTech.com.xml
@@ -0,0 +1,32 @@
+<!--
+	Invalid certificate:
+		- discuss.extremetech.com
+		- metrics.extremetech.com
+		- shop.extremetech.com
+
+	Timed out:
+		- extremetech.com, equivalent to www.extremetech.com
+		- mailing.enews.extremetech.com
+-->
+
+<ruleset name="ExtremeTech.com">
+	<target host="extremetech.com" />
+	<target host="www.extremetech.com" />
+	<target host="bbstatic.extremetech.com" />
+	<target host="*.g00.extremetech.com" />
+		<test url="http://c-7npsfqifvt34x24e3y4cletmoylvkx2edmpvegspoux2eofu.g00.extremetech.com/g00/3_c-7x78x78x78.fyusfnfufdi.dpn_/c-7NPSFQIFVT34x24iuuqtx3ax2fx2fe3y4cletmoylvk.dmpvegspou.ofux2f3909255_411.kqhx3fj21d.nbslx3djnbhf_$/$" />
+		<test url="http://c-7npsfqifvt34x24mx2ecfusbex2edpn.g00.extremetech.com/g00/3_c-7x78x78x78.fyusfnfufdi.dpn_/c-7NPSFQIFVT34x24iuuqtx3ax2fx2fm.cfusbe.dpnx2ftjufx2fw4x2f771x2f254x2f0x2f3x2f3x2f2x2f3159x3fj21d.nbslx3djnbhf_$/$" />
+		<test url="http://c-7npsfqifvt34x24tfdvsfqvcbetx2ehx2eepvcmfdmjdlx2eofu.g00.extremetech.com/g00/3_c-7x78x78x78.fyusfnfufdi.dpn_/c-7NPSFQIFVT34x24iuuqtx3ax2fx2ftfdvsfqvcbet.h.epvcmfdmjdl.ofux2fhqux2fqvcbet_jnqm_316.ktx3fj21d.nbslx3dtdsjqu_$/$" />
+	<target host="product.extremetech.com" />
+	<target host="product2.extremetech.com" />
+	<target host="product3.extremetech.com" />
+	<target host="product4.extremetech.com" />
+	<target host="static.extremetech.com" />
+
+	<securecookie host="^www\.extremetech\.com$" name=".+" />
+
+	<rule from="^http://extremetech\.com/"
+		  to="https://www.extremetech.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Extreme_Digital.xml b/src/chrome/content/rules/Extreme_Digital.xml
deleted file mode 100644
index 73bd6ecdb4dc..000000000000
--- a/src/chrome/content/rules/Extreme_Digital.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<!-- Nonfunctional subdomains:
-	 - foto.edigital.hu
--->
-<ruleset name="Extreme Digital" platform="mixedcontent">
-	<target host="www.edigital.hu" />
-
-	<securecookie host="^www\.edigital\.hu$" name=".+" />
-	<rule from="^http://www\.edigital\.hu/" to="https://www.edigital.hu/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Extreme_Tech.com.xml b/src/chrome/content/rules/Extreme_Tech.com.xml
deleted file mode 100644
index 5ef72729986e..000000000000
--- a/src/chrome/content/rules/Extreme_Tech.com.xml
+++ /dev/null
@@ -1,56 +0,0 @@
-<!--
-	For problematic rules, see Ziff-Davis-mismatches.xml.
-
-	For other Ziff Davis coverage, see Ziff-Davis.xml.
-
-
-	CDN buckets:
-
-		- extremetech.com.112.2o7.net
-
-			- metrics
-
-		- www.extremetech.com.edgesuite.net
-
-			- a574.g.akamai.net
-
-
-	Nonfunctional domains:
-
-		- discuss.extremetech.com
-
-
-	Problematic subdomains:
-
-		- ^	(works; expired 2012-06-09, self-signed, cert only matches www)
-		- www	(works, akamai)
-
-
-	Partially covered subdomains:
-
-		- (www.)	(→ akamai, avoiding user-visible paths)
-
--->
-<ruleset name="Extreme Tech.com (partial)">
-
-	<target host="extremetech.com" />
-	<target host="*.extremetech.com" />
-		<!--
-			Avoid user-visible paths:
-							-->
-		<exclusion pattern="^http://(?:www\.)?extremetech\.com/(?!cobrand-header/|wp-content/|wp-includes/)" />
-
-
-	<!--	Tracking cookies:
-					-->
-	<securecookie host="^\.extremetech\.com$" name="^(?:s_\w+|__utm)\w$" />
-	<securecookie host="^www\.extremetech\.com$" name="^_chartbeat2$" />
-
-
-	<rule from="^http://(?:www\.)?extremetech\.com/"
-		to="https://a248.e.akamai.net/f/574/7105/8d/www.extremetech.com/" />
-
-	<rule from="^http://metrics\.extremetech\.com/"
-		to="https://extremetech-com.122.2o7.net/"/>
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/EyeReturn_Marketing.com.xml b/src/chrome/content/rules/EyeReturn_Marketing.com.xml
new file mode 100644
index 000000000000..fd9053c0e43e
--- /dev/null
+++ b/src/chrome/content/rules/EyeReturn_Marketing.com.xml
@@ -0,0 +1,18 @@
+<!--
+	Other eyeReturn Marketing rulesets:
+
+
+
+	CDN buckets:
+
+		- ermi.wpengine.com
+
+-->
+<ruleset name="eyeReturn Marketing.com (partial)">
+
+	<target host="eyereturnmarketing.com" />
+	<target host="www.eyereturnmarketing.com" />
+
+  <rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/EyeTech.xml b/src/chrome/content/rules/EyeTech.xml
index 25a401675e65..c297fd8eeeba 100644
--- a/src/chrome/content/rules/EyeTech.xml
+++ b/src/chrome/content/rules/EyeTech.xml
@@ -1,10 +1,23 @@
-<ruleset name="EyeTech">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://eyetechds.com/ => https://eyetechds.com/: (51, "SSL: no alternative certificate subject name matches target host name 'eyetechds.com'")
+Fetch error: http://www.eyetechds.com/ => https://www.eyetechds.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.eyetechds.com'")
+
+-->
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://eyetechds.com/ => https://eyetechds.com/: (51, "SSL: no alternative certificate subject name matches target host name 'eyetechds.com'")
+Fetch error: http://www.eyetechds.com/ => https://www.eyetechds.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.eyetechds.com'")
+
+-->
+<ruleset name="EyeTech" default_off="failed ruleset test">
 
 	<target host="eyetechds.com" />
 	<target host="www.eyetechds.com" />
 
 
-	<rule from="^http://(www\.)?eyetechds\.com/"
-		to="https://$1eyetechds.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Eyeboot.com.xml b/src/chrome/content/rules/Eyeboot.com.xml
new file mode 100644
index 000000000000..0663d5dbdbc6
--- /dev/null
+++ b/src/chrome/content/rules/Eyeboot.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="Eyeboot.com">
+	<target host="eyeboot.com" />
+	<target host="www.eyeboot.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Eyeviewads.com.xml b/src/chrome/content/rules/Eyeviewads.com.xml
new file mode 100644
index 000000000000..1be7773b8dc4
--- /dev/null
+++ b/src/chrome/content/rules/Eyeviewads.com.xml
@@ -0,0 +1,27 @@
+<!--
+	Invalid certificate:
+		beacon.eyeviewads.com
+		samples.eyeviewads.com
+
+	Time out:
+		connectad.eyeviewads.com
+		videoiq-backoffice.eyeviewades.com
+
+-->
+<ruleset name="eyeviewads.com">
+
+	<target host="ads.eyeviewads.com" />
+	<target host="bidder.eyeviewads.com" />
+	<target host="fpc.eyeviewads.com" />
+	<target host="js.eyeviewads.com" />
+	<target host="pixeltrack.eyeviewads.com" />
+	<target host="serve.eyeviewads.com" />
+	<target host="static.eyeviewads.com" />
+	<target host="track.eyeviewads.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Eyny.com.xml b/src/chrome/content/rules/Eyny.com.xml
new file mode 100644
index 000000000000..a31051620ffd
--- /dev/null
+++ b/src/chrome/content/rules/Eyny.com.xml
@@ -0,0 +1,26 @@
+<!--
+	This domain has wildcard certificate and DNS records.
+
+	Active mixed content:
+		- (*.)?eyny.com, from www.facebook.com
+			- https://eyny.com/thread-9439862-1-1.html
+			- https://eyny.com/thread-10612510-1-1.html
+
+	Bad redirect:
+		- eyny.com, equivalent to eyny.com/index.php
+		- www.eyny.com, equivalent to www.eyny.com/index.php
+-->
+
+<ruleset name="Eyny.com" platform="mixedcontent">
+	<target host="eyny.com" />
+	<target host="*.eyny.com" />
+		<test url="http://www.eyny.com/" />
+		<test url="http://blog.eyny.com/" />
+		<test url="http://bt.eyny.com/" />
+		<test url="http://video.eyny.com/" />
+
+	<rule from="^http://(www\.)?eyny\.com/$"
+		  to="https://$1eyny.com/index.php" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/EzAccessory.com.xml b/src/chrome/content/rules/EzAccessory.com.xml
index 29c0933b94f8..25049ec5f6be 100644
--- a/src/chrome/content/rules/EzAccessory.com.xml
+++ b/src/chrome/content/rules/EzAccessory.com.xml
@@ -7,7 +7,6 @@
 	<securecookie host="^(?:www\.)?ezaccessory\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?ezaccessory\.com/"
-		to="https://$1ezaccessory.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/EzDing.com.tw.xml b/src/chrome/content/rules/EzDing.com.tw.xml
new file mode 100644
index 000000000000..2724b0f6580d
--- /dev/null
+++ b/src/chrome/content/rules/EzDing.com.tw.xml
@@ -0,0 +1,37 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ezding.com.tw/ => https://ezding.com.tw/: (28, 'Connection timed out after 20001 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://ezding.com.tw/ => https://ezding.com.tw/: (28, 'Connection timed out after 10001 milliseconds')
+	Nonfunctional subdomains:
+
+		- b2b ¹
+		- travel ²
+
+	¹ Dropped
+	² Refused
+
+
+	Mixed content:
+
+		- Images on www from travel *
+
+	* Unsecurable
+
+-->
+<ruleset name="ezDing.com.tw (partial)" default_off="failed ruleset test">
+
+	<target host="ezding.com.tw" />
+	<target host="www.ezding.com.tw" />
+
+
+	<!--	Some, but not all, secured by server:
+							-->
+	<securecookie host="^www\.ezding\.com\.tw$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/EziBuy.com.xml b/src/chrome/content/rules/EziBuy.com.xml
new file mode 100644
index 000000000000..cea4c517a3e4
--- /dev/null
+++ b/src/chrome/content/rules/EziBuy.com.xml
@@ -0,0 +1,57 @@
+<!--
+	For other Woolworths coverage, see Woolworths.com.au.xml
+
+
+	Nonfunctional subdomains:
+
+		- ezibuy.com
+			- static-bs.aws	(HTTP 401 error)
+			- static-eb.aws	(HTTP 401 error)
+
+		- ezibuy.com.au
+			- blog		(mismatch hostname, CN: *.aws.ezibuy.com)
+			- e	(mismatch hostname, CN: *.rsys5.net)
+			- luckybunny	(SSL handshake failed)
+			- plus-size-blog	(mismatch hostname, CN: *.openhost.net.nz)
+			- santasclues	(SSL handshake failed)
+
+		- ezibuy.co.nz
+			- blog	(mismatch hostname, CN: *.aws.ezibuy.com)
+			- connect	(invalid certificate chain)
+			- legacy	(timeout)
+			- mail		(timeout)
+			- mail2		(timeout)
+			- matrix	(mismatch hostname, CN: *.aws.ezibuy.com)
+			- plus-size-blog	(mismatch hostname, CN: *.openhost.net.nz)
+			- santasclues	(SSL handshake failed)
+
+-->
+<ruleset name="EziBuy.com">
+
+	<target host="ezibuy.com" />
+	<target host="www.ezibuy.com" />
+	<target host="build.aws.ezibuy.com" />
+	<target host="media-prod.aws.ezibuy.com" />
+	<target host="media-sit.aws.ezibuy.com" />
+	<target host="www-eb-sit.aws.ezibuy.com" />
+	<target host="www-lss-sit.aws.ezibuy.com" />
+	<target host="www-prod.aws.ezibuy.com" />
+	<target host="www-sit.aws.ezibuy.com" />
+	<target host="media.ezibuy.com" />
+
+	<target host="ezibuy.com.au" />
+	<target host="www.ezibuy.com.au" />
+	<target host="m.ezibuy.com.au" />
+
+	<target host="ezibuy.co.nz" />
+	<target host="www.ezibuy.co.nz" />
+	<target host="autodiscover.ezibuy.co.nz" />
+	<target host="e.ezibuy.co.nz" />
+	<target host="m.ezibuy.co.nz" />
+	<target host="webmail.ezibuy.co.nz" />
+
+	<securecookie host="^www\.ezibuy\.com$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/EzineArticles.xml b/src/chrome/content/rules/EzineArticles.xml
index 097950f83465..a30ae02123dc 100644
--- a/src/chrome/content/rules/EzineArticles.xml
+++ b/src/chrome/content/rules/EzineArticles.xml
@@ -11,7 +11,8 @@
 -->
 <ruleset name="EzineArticles (partial)">
   <target host="ezinearticles.com" />
-  <target host="*.ezinearticles.com" />
+  <target host="www.ezinearticles.com" />
+  <target host="img.ezinearticles.com" />
 		<!--
 			Many pages started redirecting to http:
 
@@ -22,10 +23,9 @@
 
   <rule from="^http://(?:www\.)?ezinearticles\.com/" to="https://ezinearticles.com/"/>
 
-	<rule from="^http://img\.ezinearticles\.com/"
-		to="https://img.ezinearticles.com/" />
 
   <!--
   <rule from="^http://(blog|shop|subscriptions)\.ezinearticles\.com/" to="https://$1.ezinearticles.com/"/>
   -->
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/F-CDN.com.xml b/src/chrome/content/rules/F-CDN.com.xml
new file mode 100644
index 000000000000..911bf5c788b8
--- /dev/null
+++ b/src/chrome/content/rules/F-CDN.com.xml
@@ -0,0 +1,13 @@
+<!--
+	For other Freelancer coverage, see Freelancer.xml.
+
+-->
+<ruleset name="F-CDN.com">
+
+	<target host="*.f-cdn.com" />
+
+
+	<rule from="^http://(\d)\.f-cdn\.com/"
+		to="https://$1.f-cdn.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/F-Droid.xml b/src/chrome/content/rules/F-Droid.xml
index 52628f164b5b..32ad4139fbc5 100644
--- a/src/chrome/content/rules/F-Droid.xml
+++ b/src/chrome/content/rules/F-Droid.xml
@@ -1,13 +1,14 @@
-<ruleset name="F-Droid">
+<ruleset name="F-Droid.org">
 
 	<target host="f-droid.org" />
 	<target host="www.f-droid.org" />
+	<target host="forum.f-droid.org" />
+	<target host="test.f-droid.org" />
+	<target host="verification.f-droid.org" />
 
+	<securecookie host=".+" name=".+" />
 
-	<securecookie host="^(?:www\.)?f-droid\.org$" name=".+" />
+	<rule from="^http:"
+		to="https:" />
 
-
-	<rule from="^http://(www\.)?f-droid\.org/"
-		to="https://$1f-droid.org/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/F-Secure.com-breakchat.xml b/src/chrome/content/rules/F-Secure.com-breakchat.xml
deleted file mode 100644
index e175513b7229..000000000000
--- a/src/chrome/content/rules/F-Secure.com-breakchat.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	For rules that are on by default, see F-Secure.xml.
-
--->
-<ruleset name="F-Secure.com (break chat)" default_off="breaks support chats">
-
-	<target host="f-secure.com" />
-	<target host="www.f-secure.com" />
-		<!--
-			Handled in F-Secure.xml:
-						-->
-		<exclusion pattern="^http://www\.f-secure\.com/.+\.(?:css|gif|ico|jpg|js|png)$" />
-
-
-
-	<securecookie host="^www\.f-secure\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?f-secure\.com/"
-		to="https://$1f-secure.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/F-Secure.xml b/src/chrome/content/rules/F-Secure.xml
index 630e96cf3bf2..fb4be2659bb1 100644
--- a/src/chrome/content/rules/F-Secure.xml
+++ b/src/chrome/content/rules/F-Secure.xml
@@ -1,6 +1,14 @@
-<!--
-	For problematic rules, see F-Secure.com-breakchat.xml.
 
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://analysis.f-secure.com/ => https://analysis.f-secure.com/: (6, 'Could not resolve host: analysis.f-secure.com')
+Fetch error: http://backup.f-secure.com/ => https://backup.f-secure.com/: (7, 'Failed to connect to backup.f-secure.com port 443: Network is unreachable')
+Fetch error: http://browsingprotection.f-secure.com/ => https://browsingprotection.f-secure.com/: (7, 'Failed to connect to browsingprotection.f-secure.com port 443: Connection refused')
+Fetch error: http://login.f-secure.com/ => https://login.f-secure.com/: (6, 'Could not resolve host: login.f-secure.com')
+Fetch error: http://backup.ob.f-secure.com/ => https://backup.ob.f-secure.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://safelinks.f-secure.com/ => https://safelinks.f-secure.com/: (6, 'Could not resolve host: safelinks.f-secure.com')
+Fetch error: http://safeprofile.f-secure.com/ => https://safeprofile.f-secure.com/: (6, 'Could not resolve host: safeprofile.f-secure.com')
+Fetch error: http://trial.f-secure.com/ => https://trial.f-secure.com/: (6, 'Could not resolve host: trial.f-secure.com')
 
 	CDN buckets:
 
@@ -17,51 +25,37 @@
 		- fsecured.i.lithium.com
 
 
+	Nonfunctional hosts in *f-secure.com:
+
+		- safeandsavvy ʰ
+
+	ʰ Redirects to http
+
+
 	Problematic subdomains:
 
 		- backup	(mismatched, CN: backup.ob.f-secure.com)
-		- campaigns	(works, akamai)
-		- freedome	(mismatched, CN: *.herokuapp.com)
-		- safeandsavvy	(wordpress)
 		- sp		(works, mismatched, CN: europe.f-secure.com)
 
+	⁴ Works; mismatched, CN: www.younited.com
+
+
+	estore: Dropped over http & https
+
 
-	Partially covered subdomains:
-
-		- (www.)	(avoiding breaking chat)
-		- campaigns	(→ www, [^?/]+ 404s)
-		- freedome	(→ fs-freedome-production-site.herokuapp.com, $ redirects back)
-
-
-	Fully covered subdomains:
-
-		- (www.)	(^ → www)
-		- backup
-		- browsingprotection
-		- cgi
-		- community
-		- download
-		- estore	(→ my)
-		- europe
-		- kic
-		- login
-		- msp
-		- my
-		- mysafe
-		- newsletter
-		- backup.ob
-		- partnerportal
-		- safelinks
-		- safeprofile
-		- search
-		- shop
-		- download.sp
-		- sp		(→ www)
-		- store
-		- webmail *
-		- webmailmy *
-
-	* Server is configured for rc4 only
+	These altnames don't exist:
+
+		- ma.f-secure.com
+		- www.my.f-secure.com
+
+
+	Insecure cookies are set for these hosts and domains:
+
+		- .f-secure.com
+		- community.f-secure.com
+		- kic.f-secure.com
+		- my.f-secure.com
+		- .my.f-secure.com
 
 
 	Mixed content:
@@ -79,45 +73,77 @@
 
 				- www ¹
 				- www.haloscan.com ²
+				- creative.metalyzer.com ¹
 				- statse.webtrendslive.com ¹
 
 	¹ Secured by us
 	² Unsecurable
 
 -->
-<ruleset name="F-Secure (partial)">
-
-	<!--	Avoiding duplicate
-		target warning...
-					-->
-	<!--target host="f-secure.com" /-->
-	<target host="*.f-secure.com" />
-		<!--
-			Avoid breaking chat:
+<ruleset name="F-Secure.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="f-secure.com" />
+	<target host="analysis.f-secure.com" />
+	<target host="backup.f-secure.com" />
+	<target host="browsingprotection.f-secure.com" />
+	<target host="campaigns.f-secure.com" />
+	<target host="cgi.f-secure.com" />
+	<target host="community.f-secure.com" />
+	<target host="download.f-secure.com" />
+	<target host="europe.f-secure.com" />
+	<target host="freedome.f-secure.com" />
+	<target host="home.f-secure.com" />
+	<target host="kic.f-secure.com" />
+	<target host="login.f-secure.com" />
+	<target host="msp.f-secure.com" />
+	<target host="my.f-secure.com" />
+	<target host="mysafe.f-secure.com" />
+	<target host="newsletter.f-secure.com" />
+	<target host="backup.ob.f-secure.com" />
+	<target host="partnerportal.f-secure.com" />
+	<target host="privacy.f-secure.com" />
+	<target host="safelinks.f-secure.com" />
+	<target host="safeprofile.f-secure.com" />
+	<target host="search.f-secure.com" />
+	<target host="shop.f-secure.com" />
+	<target host="download.sp.f-secure.com" />
+	<target host="store.f-secure.com" />
+	<target host="trial.f-secure.com" />
+	<target host="webmail.f-secure.com" />
+	<target host="www.f-secure.com" />
+	<target host="www2.f-secure.com" />
+	<target host="www-stats-so.f-secure.com" />
+
+	<!--	Complications:
+				-->
+	<!--target host="estore.f-secure.com" /-->
+	<target host="sp.f-secure.com" />
+
+		<!--	Avoid breaking chat:
 						-->
-		<exclusion pattern="^http://www\.f-secure\.com/+(?!.+\.(?:css|gif|ico|jpg|js|png)$)" />
-		<!--
-			[^?/]+ 404s
-					-->
-		<exclusion pattern="^http://campaign\.f-secure\.com/+(?!\?).+" />
+		<!--exclusion pattern="^http://www\.f-secure\.com/+(?!.+\.(?:css|gif|ico|jpg|js|png)$)" /-->
 
 
-	<securecookie host="^(?:.*\.)?f-secure\.com$" name=".+" />
-
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.f-secure\.com$" name="^(__qca|country|mbox|s_vi)$" /-->
+	<!--securecookie host="^community\.f-secure\.com$" name="^Lithium(UserInfo|UserSecure|Visitor)$" /-->
+	<!--securecookie host="^kic\.f-secure\.com$" name="^(csrftoken|sessionid)$" /-->
+	<!--securecookie host="^my\.f-secure\.com$" name="^(COOKIE_SUPPORT|GUEST_LANGUAGE_ID|JSESSIONID)$" /-->
+	<!--securecookie host="^\.my\.f-secure\.com$" name="^MALB$" /-->
 
-	<rule from="^http://(www\.)?f-secure\.com/"
-		to="https://$1f-secure.com/" />
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(analysis|backup(?:\.ob)?|cgi|community|browsingprotection|download(?:\.sp)?|europe|kic|login|msp|my|mysafe|newsletter|partnerportal|safelinks|safeprofile|search|shop|store|webmail|webmailmy)\.f-secure\.com/"
-		to="https://$1.f-secure.com/" />
 
-	<rule from="^http://(?:campaign|sp)\.f-secure\.com/"
+	<rule from="^http://sp\.f-secure\.com/"
 		to="https://www.f-secure.com/" />
 
-	<rule from="^http://estore\.f-secure\.com/"
-		to="https://my.f-secure.com/" />
+	<!--rule from="^http://estore\.f-secure\.com/"
+		to="https://my.f-secure.com/" /-->
 
-	<rule from="^http://freedome\.f-secure\.com/(?=img/|js/)"
-		to="https://fs-freedome-production-site.herokuapp.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/F35.com.xml b/src/chrome/content/rules/F35.com.xml
deleted file mode 100644
index 6d8d407d2535..000000000000
--- a/src/chrome/content/rules/F35.com.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="F35.com">
-
-	<target host="f35.com" />
-	<target host="www.f35.com" />
-
-
-	<securecookie host="^www\.f35\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?f35\.com/"
-		to="https://$1f35.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/F3images.com.xml b/src/chrome/content/rules/F3images.com.xml
new file mode 100644
index 000000000000..22edda53fcda
--- /dev/null
+++ b/src/chrome/content/rules/F3images.com.xml
@@ -0,0 +1,21 @@
+<!--
+	CDN buckets:
+
+		- a248.e.akamai.net/f/248/74614/30d/www.f3images.com/
+
+
+	^f3images.com doesn't exist.
+
+-->
+<ruleset name="f3images.com">
+
+	<target host="*.f3images.com" />
+
+
+	<securecookie host="^\.f3images\.com$" name=".+" />
+
+
+	<rule from="^http://(c\d|www)\.f3images\.com/"
+		to="https://$1.f3images.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/F5-mismatches.xml b/src/chrome/content/rules/F5-mismatches.xml
deleted file mode 100644
index 40fb731cdb39..000000000000
--- a/src/chrome/content/rules/F5-mismatches.xml
+++ /dev/null
@@ -1,30 +0,0 @@
-<!--
-	For rules that are on by default, see F5.xml.
-
--->
-<ruleset name="F5 (mismatches)" default_off="mismatch">
-
-	<!--	Cert:	www.f5.com	-->
-	<target host="f5.com.cn" />
-	<target host="www.f5.com.cn" />
-	<target host="f5networks.*" />
-	<target host="www.f5networks.*" />
-	<target host="f5networks.com.br" />
-	<target host="www.f5networks.com.br" />
-	<target host="f5networks.co.uk" />
-	<target host="www.f5networks.co.uk" />
-
-
-	<securecookie host="^www\.f5\.com\.cn$" name=".*" />
-	<securecookie host="^www\.f5networks\.(?:com\.br|co\.uk|cz|[ds]e|es|fr|it|[np]l)$" name=".*" />
-
-
-	<!--	!www redirects to www.	-->
-	<rule from="^https?://(?:www\.)?f5\.com\.cn/"
-		to="https://www.f5.com.cn/" />
-
-	<!--	!www redirects to www.	-->
-	<rule from="^https?://(?:www\.)?f5networks\.(com\.br|co\.uk|cz|[ds]e|es|fr|it|[np]l)/"
-		to="https://www.f5networks.$1/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/F5.com.xml b/src/chrome/content/rules/F5.com.xml
new file mode 100644
index 000000000000..c8567aef8738
--- /dev/null
+++ b/src/chrome/content/rules/F5.com.xml
@@ -0,0 +1,33 @@
+<!--
+	Other F5.com related rulesets:
+		+ F5_Networks.co.jp.xml
+
+	Non-functional hosts
+		Timeout was reached:
+		- clouddocs.f5.com
+-->
+<ruleset name="F5.com">
+	<target host="activate.f5.com" />
+	<target host="ask.f5.com" />
+	<target host="askf5.f5.com" />
+	<target host="cdn.f5.com" />
+	<target host="certification.f5.com" />
+	<target host="devcentral.f5.com" />
+	<target host="dmcdn.f5.com" />
+	<target host="downloads.f5.com" />
+	<target host="engage.f5.com" />
+	<target host="f5.com" />
+	<target host="interact.f5.com" />
+	<target host="login.f5.com" />
+	<target host="partners.f5.com" />
+	<target host="secure.f5.com" />
+	<target host="strongbox.f5.com" />
+	<target host="support.f5.com" />
+	<target host="websupport.f5.com" />
+	<target host="wemakeappsgo.f5.com" />
+	<target host="www.f5.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/F5.xml b/src/chrome/content/rules/F5.xml
deleted file mode 100644
index 2ec40ae6709c..000000000000
--- a/src/chrome/content/rules/F5.xml
+++ /dev/null
@@ -1,36 +0,0 @@
-<!--
-	For problematic rules, see F5-mismatches.xml.
-
-
-	Nonfunctional subdomains:
-
-
-		- support.f5.com	(redirects to login)
-
-
-	f5.com.tw & f5networks.co.kr doesn't work over http => status unknown.
-
--->
-<ruleset name="F5">
-
-	<target host="f5.com" />
-	<target host="*.f5.com" />
-	<target host="f5networks.co.jp" />
-	<target host="www.f5networks.co.jp" />
-
-
-	<securecookie host="^.*\.f5\.com$" name=".*" />
-
-
-	<!--	Cert only matches www.	-->
-	<rule from="^https?://(?:www\.)?f5\.com/"
-		to="https://www.f5.com/" />
-
-	<rule from="^http://(devcentral|login)\.f5\.com/"
-		to="https://$1.f5.com/" />
-
-	<!--	At least the homepage displays a link to http.	-->
-	<rule from="^http://(www\.)?f5networks\.co\.jp/(images|shared)/"
-		to="https://$1f5networks.co.jp/$2/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/F5_Networks.co.jp.xml b/src/chrome/content/rules/F5_Networks.co.jp.xml
new file mode 100644
index 000000000000..de8448f8fe6f
--- /dev/null
+++ b/src/chrome/content/rules/F5_Networks.co.jp.xml
@@ -0,0 +1,13 @@
+<!--
+	For other F5.com coverage, see
+		+ F5.com.xml
+
+-->
+<ruleset name="F5 Networks.co.jp">
+
+	<target host="f5networks.co.jp" />
+	<target host="www.f5networks.co.jp" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/FAANCollegeNetwork.xml b/src/chrome/content/rules/FAANCollegeNetwork.xml
index ea16977f2aa1..7b23264c5393 100644
--- a/src/chrome/content/rules/FAANCollegeNetwork.xml
+++ b/src/chrome/content/rules/FAANCollegeNetwork.xml
@@ -1,6 +1,33 @@
-<ruleset name="FAAN College Network" default_off="Certificate domain mismatch">
+<!--
+	(www.)?: Refused
+
+-->
+<ruleset name="FAAN College Network.org">
+
+	<!--	Complications:
+				-->
 	<target host="faancollegenetwork.org" />
 	<target host="www.faancollegenetwork.org" />
 
-	<rule from="^http://(?:www\.)?faancollegenetwork\.org/" to="https://www.faancollegenetwork.org/" />
-</ruleset>
\ No newline at end of file
+
+	<!--	Redirect drops args and forward slash:
+							-->
+	<rule from="^http://(?:www\.)?faancollegenetwork\.org/+(?:\?.*)?$"
+		to="https://www.foodallergy.org/resources-for/colleges-universities/college-food-allergy-program" />
+
+		<test url="http://faancollegenetwork.org//" />
+		<test url="http://faancollegenetwork.org/?" />
+		<test url="http://www.faancollegenetwork.org//" />
+		<test url="http://www.faancollegenetwork.org/?" />
+
+	<!--	Redirect drops args and forward
+		slash, but not path:
+						-->
+	<rule from="^http://(?:www\.)?faancollegenetwork\.org/+"
+		to="https://www.foodallergy.org/resources-for/colleges-universities/college-food-allergy-program/" />
+
+		<test url="http://faancollegenetwork.org/index.asp" />
+		<test url="http://faancollegenetwork.org//index.asp" />
+		<test url="http://www.faancollegenetwork.org/index.asp" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/FAFSA.gov.xml b/src/chrome/content/rules/FAFSA.gov.xml
new file mode 100644
index 000000000000..38e775abaf1c
--- /dev/null
+++ b/src/chrome/content/rules/FAFSA.gov.xml
@@ -0,0 +1,16 @@
+<!--
+
+-->
+<ruleset name="FASFA.gov">
+
+	<target host="fafsa.gov" />
+	<target host="www.fafsa.gov" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/FAPMC.xml b/src/chrome/content/rules/FAPMC.xml
index b46b12a57d0c..50fb6894f766 100644
--- a/src/chrome/content/rules/FAPMC.xml
+++ b/src/chrome/content/rules/FAPMC.xml
@@ -11,7 +11,7 @@
 	<target host="www.fapmc.ru" />
 
 
-	<rule from="^https?://(?:www\.)?fapmc\.ru/"
+	<rule from="^http://(?:www\.)?fapmc\.ru/"
 		to="https://www.fapmc.ru/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/FAU.org.xml b/src/chrome/content/rules/FAU.org.xml
index 09ca9812a053..bd13e2726166 100644
--- a/src/chrome/content/rules/FAU.org.xml
+++ b/src/chrome/content/rules/FAU.org.xml
@@ -1,6 +1,63 @@
-<ruleset name="Freie Arbeiterinnen- und Arbeiter-Union (FAU) (CAcert)" platform="cacert mixedcontent">
-  <target host="www.fau.org" />
-  <target host="fau.org" />
+<!--
+	No working URL known:
+		admin.fau.org
+		bonn2.fau.org
+		www.bonn2.fau.org
+		forum.fau.org
+		wordpress.fau.org
+
+	Invalid certificate:
+		admin1.fau.org
+		analytics1.fau.org
+		bielefeld.fau.org
+		extranet1.fau.org
+		plone.fau.org
+
+	Different content http/https:
+		www.berlin.fau.org
+
+	Mixed content:
+		duesseldorf.fau.org
+		www.duesseldorf.fau.org
+
+-->
+<ruleset name="Freie Arbeiterinnen- und Arbeiter-Union (FAU)">
+
+	<target host="fau.org" />
+	<target host="www.fau.org" />
+	<target host="berlin.fau.org" />
+	<target host="bremen.fau.org" />
+	<target host="bremen2.fau.org" />
+	<target host="www.bremen2.fau.org" />
+	<target host="deliverunion.fau.org" />
+	<target host="www.deliverunion.fau.org" />
+	<target host="dresden.fau.org" />
+	<target host="duisburg.fau.org" />
+	<target host="www.duisburg.fau.org" />
+	<target host="extranet.fau.org" />
+	<target host="freiburg.fau.org" />
+	<target host="www.freiburg.fau.org" />
+	<target host="halle.fau.org" />
+	<target host="www.halle.fau.org" />
+	<target host="hamburg.fau.org" />
+	<target host="www.hamburg.fau.org" />
+	<target host="hannover.fau.org" />
+	<target host="www.hannover.fau.org" />
+	<target host="as.hannover.fau.org" />
+	<target host="www.as.hannover.fau.org" />
+	<target host="ggb.hannover.fau.org" />
+	<target host="www.ggb.hannover.fau.org" />
+	<target host="kiel.fau.org" />
+	<target host="www.kiel.fau.org" />
+	<target host="list.fau.org" />
+	<target host="muenster.fau.org" />
+	<target host="www.muenster.fau.org" />
+	<target host="piwik.fau.org" />
+	<target host="polls.fau.org" />
+	<target host="stuttgart.fau.org" />
+	<target host="www.stuttgart.fau.org" />
+	<target host="webmail.fau.org" />
+
+	<rule from="^http:" to="https:"/>
 
-  <rule from="^http://(?:www\.)?fau\.org/" to="https://www.fau.org/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/FAZ-mismatches.xml b/src/chrome/content/rules/FAZ-mismatches.xml
deleted file mode 100644
index 5c106e3f2bf3..000000000000
--- a/src/chrome/content/rules/FAZ-mismatches.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--	See FAZ.xml also
--->
-<ruleset name="FAZ (mismatches)" default_off="Certificate mismatch">
-
-	<target host="kulturkalender.faz.net"/>
-	<target host="software-portal.faz.net"/>
-	<target host="fazschule.net"/>
-	<target host="www.fazschule.net"/>
-
-	<rule from="^http://(kulturkalender|software-portal)\.faz\.net/" to="https://$1.faz.net/"/>
-
-	<rule from="^http://(www\.)?fazschule\.net/" to="https://www.fazschule.net/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/FAZ.xml b/src/chrome/content/rules/FAZ.xml
index bef596975abf..502c6e4cdef0 100644
--- a/src/chrome/content/rules/FAZ.xml
+++ b/src/chrome/content/rules/FAZ.xml
@@ -1,35 +1,78 @@
-<!--	See FAZ-mismatches.xml also
+<!--
+	Invalid certificate:
+		- faz-community.faz.net
+		- quelleinternet.faz.net
+		- berufundchance.fazjob.net
+
+	Timeout:
+		- literaturkalender.faz.net
+		- kulturkalender.faz.net
+		- ^fazjob.net
+		- agbs.fazjob.net
+		- news.fazschule.net
 -->
-<ruleset name="FAZ (broken)" default_off="redirects back to http">
-  <target host="faz.de"/>
-  <target host="www.faz.de"/>
-  <target host="faz-institute.de"/>
-  <target host="*.faz-institute.de"/>
-  <target host="faz.net"/>
-  <target host="faz-community.faz.net"/>
-  <target host="gets.faz.net"/>
-  <target host="kfz-versicherung.faz.net"/>
-  <target host="oersenlexikon.faz.net"/>
-  <target host="ts.faz.net"/>
-  <target host="verlag.faz.net"/>
-  <target host="www.faz.net"/>
-  <target host="fazjob.net"/>
-  <target host="rebrush-oas.fazjob.net"/>
-  <target host="services.fazjob.net"/>
-  <target host="www.fazjob.net"/>
-
-  <rule from="^http://fazarchive\.faz\.net/(content|css|images)/" to="https://fazarchive.faz.net/$1/"/>
-
-  <rule from="^http://(faz-community|gets|kfz-versicherung|oersenlexikon|ts)\.faz\.net/" to="https://$1.faz.net/"/>
-
-  <rule from="^http://(verlag\.|www\.)?faz\.(de|net)/(2\.5\.7/|cacheproxy300|f30|favicon\.ico|img/|l\.gif|polopoly_fs/)" to="https://www.faz.net/$2"/>
-
-  <rule from="^http://(www\.)?faz(job\.net|-institute\.de)/" to="https://faz$2/"/>
-
-  <rule from="^http://(rebrush-oas|services)\.fazjob\.net/" to="https://$1.fazjob.net/"/>
-
-  <securecookie host="^\.faz-institut\.de$" name=".*"/>
-  <securecookie host="^faz-community\.faz\.net$" name=".*"/>
-  <securecookie host="^(www\.)?fazjob\.net$" name=".*"/>
+<ruleset name="FAZ (partial)">
+
+	<target host="faz.net" />
+	<target host="www.faz.net" />
+	<target host="50plus.faz.net" />
+	<target host="abo.faz.net" />
+	<target host="blogs.faz.net" />
+	<target host="boersenlexikon.faz.net" />
+	<target host="boersenspiel.faz.net" />
+	<target host="dynamic.faz.net" />
+		<test url="http://dynamic.faz.net/red/2016/pendler/Pendler.pdf" />
+	<target host="event.faz.net" />
+	<target host="fazarchiv.faz.net" />
+	<target host="gets.faz.net" />
+	<target host="hochschulanzeiger.faz.net" />
+	<target host="immobilien.faz.net" />
+	<target host="immobilienmarkt.faz.net" />
+	<target host="kfz-versicherung.faz.net" />
+	<target host="lebenswege.faz.net" />
+	<target host="m.faz.net" />
+	<target host="media0.faz.net" />
+	<target host="media1.faz.net" />
+	<target host="media2.faz.net" />
+	<target host="media3.faz.net" />
+	<target host="media4.faz.net" />
+	<target host="media5.faz.net" />
+	<target host="media6.faz.net" />
+	<target host="media7.faz.net" />
+	<target host="media8.faz.net" />
+	<target host="media9.faz.net" />
+	<target host="rhein-main-veranstaltungen.faz.net" />
+	<target host="software-portal.faz.net" />
+	<target host="tarife.faz.net" />
+	<target host="ts.faz.net" />
+	<target host="tv.faz.net" />
+	<target host="verlag.faz.net" />
+	<target host="wetter.faz.net" />
+
+	<target host="faz.de" />
+	<target host="www.faz.de" />
+
+	<target host="www.fazjob.net" />
+	<target host="m.fazjob.net" />
+	<target host="rebrush-oas.fazjob.net" />
+	<target host="jobsuche-hochschulanzeiger.fazjob.net" />
+
+	<target host="fazschule.net" />
+	<target host="www.fazschule.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://rebrush-oas\.fazjob\.net/"
+		to="https://stellenmarkt.faz.net/" />
+
+	<rule from="^http://jobsuche-hochschulanzeiger\.fazjob\.net/"
+		to="https://stellenmarkt.faz.net/" />
+
+	<!-- Invalid certificate on https://(www.)?faz.de/,
+		http://(www.)?faz.de/ redirects to https://www.faz.net/. -->
+	<rule from="^http://(www\.)?faz\.de/"
+			to="https://www.faz.net/" />
+
+	<rule from="^http:"	to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/FB18.de.xml b/src/chrome/content/rules/FB18.de.xml
deleted file mode 100644
index 8646c3af9f19..000000000000
--- a/src/chrome/content/rules/FB18.de.xml
+++ /dev/null
@@ -1,5 +0,0 @@
-<ruleset name="FB18_Forum">
-  <target host="www.fb18.de"/>
-  <target host="fb18.de"/>
-  <rule from="^http://(?:www\.)?fb18\.de/" to="https://www.fb18.de/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/FBINAA.org.xml b/src/chrome/content/rules/FBINAA.org.xml
new file mode 100644
index 000000000000..f3589de55ebc
--- /dev/null
+++ b/src/chrome/content/rules/FBINAA.org.xml
@@ -0,0 +1,11 @@
+<!--
+	Wildcard DNS records:
+		- *.fbinaa.org
+-->
+
+<ruleset name="FBINAA.org">
+	<target host="fbinaa.org" />
+	<target host="www.fbinaa.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/FC2.com.xml b/src/chrome/content/rules/FC2.com.xml
index 9ecef54875f1..87242a2bf3ee 100644
--- a/src/chrome/content/rules/FC2.com.xml
+++ b/src/chrome/content/rules/FC2.com.xml
@@ -24,7 +24,11 @@
 -->
 <ruleset name="FC2.com (partial)">
 
-	<target host="*.fc2.com" />
+	<target host="blog.fc2.com" />
+	<target host="form1ssl.fc2.com" />
+	<target host="id.fc2.com" />
+	<target host="secure.id.fc2.com" />
+	<target host="rentalserver1.fc2.com" />
 
 
 	<!--securecookie host="^\.fc2\.com$" name="^(?:fgcv|incap_ses_\d+_\d+|visid_incap_\d+)$" /-->
@@ -32,7 +36,6 @@
 	<securecookie host="^(?:\.?blog|id|secure\.id|media3)\.fc2\.com$" name=".+" />
 
 
-	<rule from="^http://(blog|form1ssl|id|secure\.id|media3|rentalserver1)\.fc2\.com/"
-		to="https://$1.fc2.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/FCA.org.uk.xml b/src/chrome/content/rules/FCA.org.uk.xml
new file mode 100644
index 000000000000..07061375ad04
--- /dev/null
+++ b/src/chrome/content/rules/FCA.org.uk.xml
@@ -0,0 +1,36 @@
+
+<!--
+The following targets have been disabled at 2020-04-17 18:38:06:
+
+Fetch error: http://connect.fca.org.uk/ => https://connect.fca.org.uk/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://handbook.fca.org.uk/ => https://handbook.fca.org.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'handbook.fca.org.uk'")
+
+	Nonfunctional hosts in *fca.org.uk:
+
+		- scamsmart *
+
+	* Refused
+
+  SSL, no matching certs
+    - small-firms.fca.org.uk
+
+-->
+<ruleset name="FCA.org.uk (partial)">
+
+	<target host="fca.org.uk" />
+	<!-- target host="connect.fca.org.uk" /-->
+	<target host="gabriel.fca.org.uk" />
+	<!-- target host="handbook.fca.org.uk" /-->
+	<target host="www.handbook.fca.org.uk" />
+	<target host="marketoversight.fca.org.uk" />
+	<target host="register.fca.org.uk" />
+	<target host="www.fca.org.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/FCBarcelonaClan.com.xml b/src/chrome/content/rules/FCBarcelonaClan.com.xml
new file mode 100644
index 000000000000..4af995b9de6b
--- /dev/null
+++ b/src/chrome/content/rules/FCBarcelonaClan.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="FCBarcelonaClan.com">
+	<target host="fcbarcelonaclan.com" />
+	<target host="www.fcbarcelonaclan.com" />
+	<target host="forum.fcbarcelonaclan.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/FCO.gov.uk.xml b/src/chrome/content/rules/FCO.gov.uk.xml
new file mode 100644
index 000000000000..f4815e54115b
--- /dev/null
+++ b/src/chrome/content/rules/FCO.gov.uk.xml
@@ -0,0 +1,116 @@
+<!--
+	Foreign & Commonwealth Office
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *fco.gov.uk:
+
+		- blogs *
+
+	* Dropped
+
+
+	Problematic hosts in *fco.gov.uk:
+
+		- (www.)? *
+		- centralcontent *
+		- ukinusa *
+
+	* Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.visa4uk.fco.gov.uk
+
+-->
+<ruleset name="FCO.gov.uk (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.visa4uk.fco.gov.uk" />
+	<target host="web-analytics.fco.gov.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="fco.gov.uk" />
+	<target host="centralcontent.fco.gov.uk" />
+	<target host="ukinusa.fco.gov.uk" />
+	<target host="www.fco.gov.uk" />
+
+		<!--	/(?!/*($|\?|resources/)) 404s:
+						-->
+		<exclusion pattern="^http://(?:centralcontent\.|www\.)?fco\.gov\.uk/(?!/*(?:$|\?))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://centralcontent.fco.gov.uk/resources/en/pdf/central-content-pdfs/bno-b-form.pdf" />
+			<test url="http://centralcontent.fco.gov.uk/resources/en/pdf/electoral-assistance-full" />
+			<test url="http://centralcontent.fco.gov.uk/resources/en/pdf/human-rights-reports/human-rights-report-2009" />
+			<test url="http://www.fco.gov.uk/atas" />
+			<test url="http://www.fco.gov.uk/directory/" />
+			<test url="http://www.fco.gov.uk/fgm" />
+			<test url="http://www.fco.gov.uk/travel" />
+
+			<!--	-ve:
+					-->
+			<test url="http://fco.gov.uk//?foo" />
+			<test url="http://centralcontent.fco.gov.uk//?foo" />
+			<test url="http://www.fco.gov.uk//?foo" />
+
+		<exclusion pattern="^http://ukinusa\.fco\.gov\.uk/(?!/*(?:$|\?|(?:houston|seattle)(?:$|[?/])))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://ukinusa.fco.gov.uk/home.asp" />
+			<test url="http://ukinusa.fco.gov.uk/home.aspx" />
+			<test url="http://ukinusa.fco.gov.uk/home.htm" />
+			<test url="http://ukinusa.fco.gov.uk/home.php" />
+			<test url="http://ukinusa.fco.gov.uk/index.asp" />
+			<test url="http://ukinusa.fco.gov.uk/index.aspx" />
+			<test url="http://ukinusa.fco.gov.uk/index.htm" />
+			<test url="http://ukinusa.fco.gov.uk/index.html" />
+			<test url="http://ukinusa.fco.gov.uk/index.php" />
+
+			<!--	-ve:
+					-->
+			<test url="http://ukinusa.fco.gov.uk/?" />
+			<test url="http://ukinusa.fco.gov.uk/houston" />
+			<test url="http://ukinusa.fco.gov.uk/houston/" />
+			<test url="http://ukinusa.fco.gov.uk/seattle" />
+			<test url="http://ukinusa.fco.gov.uk/seattle/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.visa4uk\.fco\.gov\.uk$" name="^(?:TS[\da-f]{8}(?:_\d+)?|V4CookieInfo)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<!--	\d+ is unpredictable :(
+					-->
+	<!--rule from="^http://centralcontent\.fco\.gov\.uk/resources/en/pdf/([\w-]+)$"
+		to="https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/\d+/$1.pdf" /-->
+
+	<!--	Redirect drops args and forward slash:
+							-->
+	<rule from="^http://(?:centralcontent\.|www\.)?fco\.gov\.uk/.*"
+		to="https://www.gov.uk/government/organisations/foreign-commonwealth-office" />
+
+	<rule from="^http://ukinusa\.fco\.gov\.uk/houston.*"
+		to="https://www.gov.uk/government/world/organisations/british-consulate-general-houston" />
+
+	<rule from="^http://ukinusa\.fco\.gov\.uk/seattle.*"
+		to="https://www.gov.uk/government/world/organisations/british-consulate-general-san-francisco" />
+
+	<!--	Redirect drops args and forward slash:
+						-->
+	<rule from="^http://ukinusa\.fco\.gov\.uk/.*"
+		to="https://www.gov.uk/government/world/usa" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/FCPA-Blog.xml b/src/chrome/content/rules/FCPA-Blog.xml
index b142f2a9bccf..b1ba61eb294a 100644
--- a/src/chrome/content/rules/FCPA-Blog.xml
+++ b/src/chrome/content/rules/FCPA-Blog.xml
@@ -1,4 +1,18 @@
-<ruleset name="FCPA Blog (partial)">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://fcpablog.com/ => https://fcpablog.squarespace.com/: Too many redirects while fetching 'https://fcpablog.squarespace.com/'
+Fetch error: http://www.fcpablog.com/ => https://fcpablog.squarespace.com/: Too many redirects while fetching 'https://fcpablog.squarespace.com/'
+
+-->
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://fcpablog.com/ => https://fcpablog.squarespace.com/: Too many redirects while fetching 'https://fcpablog.squarespace.com/'
+Fetch error: http://www.fcpablog.com/ => https://fcpablog.squarespace.com/: Too many redirects while fetching 'https://fcpablog.squarespace.com/'
+
+-->
+<ruleset name="FCPA Blog (partial)" default_off="failed ruleset test">
 
 	<target host="fcpablog.com"/>
 	<target host="www.fcpablog.com"/>
diff --git a/src/chrome/content/rules/FCW.com.xml b/src/chrome/content/rules/FCW.com.xml
new file mode 100644
index 000000000000..271e9a77d9f5
--- /dev/null
+++ b/src/chrome/content/rules/FCW.com.xml
@@ -0,0 +1,35 @@
+<!--
+	For other 1105 Media coverage, see 1105_Media.com.xml.
+
+
+	Problematic hosts in *fcw.com:
+
+		- digital ¹ ²
+
+	¹ Mismatched
+	² Mixed css
+
+
+	Mixed content:
+
+		- css on digital from static.cdn.realviewdigital.com *
+		- Images on digital from downloads.realviewtechnologies.com *
+
+	* Secured by us
+
+-->
+<ruleset name="FCW.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="fcw.com" />
+	<target host="www.fcw.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/FDA.gov.xml b/src/chrome/content/rules/FDA.gov.xml
new file mode 100644
index 000000000000..358827024ced
--- /dev/null
+++ b/src/chrome/content/rules/FDA.gov.xml
@@ -0,0 +1,38 @@
+<!--
+	U.S. Food and Drug Administration
+
+
+	Nonfunctional hosts in *fda.gov:
+
+		- blogs *
+		- www *
+
+	* Redirects to http
+
+
+	^fda.gov: 400 over http & https
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.accessdata.fda.gov
+
+-->
+<ruleset name="FDA.gov (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.accessdata.fda.gov" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.accessdata\.fda\.gov$" name="^(?:BIGipServer|CFID$|CFTOKEN$)" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/FDF.org.uk.xml b/src/chrome/content/rules/FDF.org.uk.xml
new file mode 100644
index 000000000000..b3b89491e77e
--- /dev/null
+++ b/src/chrome/content/rules/FDF.org.uk.xml
@@ -0,0 +1,27 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- fdf.org.uk
+		- www.fdf.org.uk
+
+-->
+<ruleset name="FDF.org.uk">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="fdf.org.uk" />
+	<target host="www.fdf.org.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?fdf\.org\.uk$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^fdf\.org\.uk$" name="^rotator_promoblock_\d+_index$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/FDOPK.org.xml b/src/chrome/content/rules/FDOPK.org.xml
new file mode 100644
index 000000000000..ff39bcd96920
--- /dev/null
+++ b/src/chrome/content/rules/FDOPK.org.xml
@@ -0,0 +1,14 @@
+<!--
+	Login required:
+		webmail.fdopk.org
+
+-->
+<ruleset name="FDOPK.org">
+
+	<target host="fdopk.org" />
+	<target host="www.fdopk.org" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/FDossena.com.xml b/src/chrome/content/rules/FDossena.com.xml
new file mode 100644
index 000000000000..ccbd032db513
--- /dev/null
+++ b/src/chrome/content/rules/FDossena.com.xml
@@ -0,0 +1,17 @@
+<ruleset name="FDossena.com">
+	<target host="fdossena.com" />
+	<target host="www.fdossena.com" />
+	<target host="downloads.fdossena.com" />
+	<target host="www.downloads.fdossena.com" />
+	<target host="hbx.fdossena.com" />
+	<target host="www.hbx.fdossena.com" />
+	<target host="mail.fdossena.com" />
+	<target host="ocd.fdossena.com" />
+	<target host="www.ocd.fdossena.com" />
+	<target host="speedtest.fdossena.com" />
+	<target host="www.speedtest.fdossena.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/FE-DDIS.dk.xml b/src/chrome/content/rules/FE-DDIS.dk.xml
new file mode 100644
index 000000000000..7de32abebeff
--- /dev/null
+++ b/src/chrome/content/rules/FE-DDIS.dk.xml
@@ -0,0 +1,22 @@
+<!--
+	www.fe-ddis.dk: 404
+
+-->
+<ruleset name="FE-DDIS.dk">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="fe-ddis.dk" />
+
+	<!--	Complications:
+				-->
+	<target host="www.fe-ddis.dk" />
+
+
+	<rule from="^http://www\.fe-ddis\.dk/"
+		to="https://fe-ddis.dk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/FEE.org.xml b/src/chrome/content/rules/FEE.org.xml
new file mode 100644
index 000000000000..b54fe0ecb668
--- /dev/null
+++ b/src/chrome/content/rules/FEE.org.xml
@@ -0,0 +1,20 @@
+<!--
+	Foundation for Economic Education
+
+
+	Mixed content:
+
+		- Images from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="FEE.org">
+
+	<target host="fee.org" />
+	<target host="www.fee.org" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/FF7.fr.xml b/src/chrome/content/rules/FF7.fr.xml
new file mode 100644
index 000000000000..e987f4ef6342
--- /dev/null
+++ b/src/chrome/content/rules/FF7.fr.xml
@@ -0,0 +1,23 @@
+<!--
+	Mismatched:
+		- _jabber._tcp
+		- _xmpp-client._tcp
+		- _xmpp-server._tcp
+		- _sip._udp
+		- imp
+		- jabber
+		- mail
+		- pop3
+		- sip
+		- smtp
+		- squirrel
+
+	Refused:
+		- audio
+-->
+<ruleset name="FF7.fr">
+	<target host="ff7.fr" />
+	<target host="www.ff7.fr" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/FFMPEG.xml b/src/chrome/content/rules/FFMPEG.xml
index fd17d0da3c1f..043835d0b8b8 100644
--- a/src/chrome/content/rules/FFMPEG.xml
+++ b/src/chrome/content/rules/FFMPEG.xml
@@ -3,24 +3,22 @@
 
 		- fate	(refused)
 
-
-	Fully covered subdomains:
-
-		- (www.)
-		- lists
-		- trac
-
 -->
-<ruleset name="FFMPEG.org">
+<ruleset name="FFmpeg.org">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="ffmpeg.org" />
-	<target host="*.ffmpeg.org" />
+	<target host="lists.ffmpeg.org" />
+	<target host="samples.ffmpeg.org" />
+	<target host="trac.ffmpeg.org" />
+	<target host="www.ffmpeg.org" />
 
 
 	<securecookie host="^trac\.ffmpeg\.org$" name=".+" />
 
 
-	<rule from="^http://((?:lists|trac|www)\.)?ffmpeg\.org/"
-		to="https://$1ffmpeg.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/FFSG.org.xml b/src/chrome/content/rules/FFSG.org.xml
new file mode 100644
index 000000000000..58f75eae8b82
--- /dev/null
+++ b/src/chrome/content/rules/FFSG.org.xml
@@ -0,0 +1,19 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.ffsg.org/ => https://www.ffsg.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.ffsg.org'")
+
+-->
+<ruleset name="FFSG.org" default_off="failed ruleset test">
+
+	<target host="ffsg.org" />
+	<target host="www.ffsg.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/FHEM.de.xml b/src/chrome/content/rules/FHEM.de.xml
new file mode 100644
index 000000000000..e4f8e9da1893
--- /dev/null
+++ b/src/chrome/content/rules/FHEM.de.xml
@@ -0,0 +1,19 @@
+<ruleset name="FHEM.de">
+
+	<target host="fhem.de" />
+	<target host="www.fhem.de" />
+	<target host="cloud.fhem.de" />
+	<target host="commandref.fhem.de" />
+	<target host="conf.fhem.de" />
+	<target host="debian.fhem.de" />
+	<target host="fhem-test.fhem.de" />
+	<target host="forum.fhem.de" />
+	<target host="svn.fhem.de" />
+	<target host="verein.fhem.de" />
+	<target host="wiki.fhem.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/FHI.se.xml b/src/chrome/content/rules/FHI.se.xml
deleted file mode 100644
index 2a0654c31a77..000000000000
--- a/src/chrome/content/rules/FHI.se.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="FHI.se" platform="mixedcontent">
-	<target host="fhi.se" />
-	<target host="www.fhi.se" />
-	<rule from="^http://www\.fhi\.se/" to="https://www.fhi.se/"/>
-	<rule from="^http://fhi\.se/" to="https://fhi.se/"/>
-</ruleset>
-
diff --git a/src/chrome/content/rules/FHNW.ch.xml b/src/chrome/content/rules/FHNW.ch.xml
new file mode 100644
index 000000000000..b523d87d32e2
--- /dev/null
+++ b/src/chrome/content/rules/FHNW.ch.xml
@@ -0,0 +1,28 @@
+<!--
+	Nonfunctional subdomains:
+
+		- (www.) ¹
+		- m ²
+
+	¹ Redirects to aai-logon
+	² Redirects to http
+
+
+	These altnames don't exist:
+
+		- www.en.fhnw.ch
+
+-->
+<ruleset name="FHNW.ch (partial)">
+
+	<target host="aai-logon.fhnw.ch" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.fhnw\.ch$" name="^_saml_sp$" /-->
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/FIDH.org.xml b/src/chrome/content/rules/FIDH.org.xml
new file mode 100644
index 000000000000..bd27d5047b7f
--- /dev/null
+++ b/src/chrome/content/rules/FIDH.org.xml
@@ -0,0 +1,18 @@
+<!--
+	Mixed content:
+
+		- Image from free-syrian-voices.org
+
+-->
+<ruleset name="FIDH.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="fidh.org" />
+	<target host="www.fidh.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/FIDO_Alliance.org.xml b/src/chrome/content/rules/FIDO_Alliance.org.xml
new file mode 100644
index 000000000000..fc5367195f38
--- /dev/null
+++ b/src/chrome/content/rules/FIDO_Alliance.org.xml
@@ -0,0 +1,41 @@
+<!--
+	NB: Tor users cannot view* this website due to CloudFlare settings.
+
+	See:
+
+		- https://blog.torproject.org/blog/call-arms-helping-internet-services-accept-anonymous-users
+		- https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block-Tor-
+		- https://support.cloudflare.com/hc/en-us/articles/200170206-How-do-I-turn-I-m-Under-Attack-mode-on-
+
+	* without enabling javascript, for security and privacy implications see e.g.:
+
+		- https://www.mozilla.org/security/known-vulnerabilities/firefox.html
+		- https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-fingerprinting
+		- https://panopticlick.eff.org
+
+
+	Insecure cookies are set for these domains:
+
+		- .fidoalliance.org
+
+-->
+<ruleset name="FIDO Alliance.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="fidoalliance.org" />
+	<target host="www.fidoalliance.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^fidoalliance\.org$" name="^(exp_last_activity|exp_last_visit|exp_tracker)$" /-->
+	<!--securecookie host="^\.fidoalliance\.org$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/FIGUE.com.xml b/src/chrome/content/rules/FIGUE.com.xml
index 8da7fe50edb6..4e8c23fef9a9 100644
--- a/src/chrome/content/rules/FIGUE.com.xml
+++ b/src/chrome/content/rules/FIGUE.com.xml
@@ -18,7 +18,8 @@
 <ruleset name="FIGUE.com (partial)">
 
 	<target host="figue.com" />
-	<target host="*.figue.com" />
+	<target host="cdn1.figue.com" />
+	<target host="www.figue.com" />
 		<!--exclusion pattern="^http://(?:www\.)?figue\.com/(?!(?:about|customer|looks|travel-blog)(?:$|[?/])|favicon\.ico|media/|skin/)" /-->
 		<exclusion pattern="^http://(?:www\.)?figue\.com/+(?:$|\?)" />
 
@@ -29,4 +30,4 @@
 	<rule from="^http://(?:cdn1\.|www\.)?figue\.com/"
 		to="https://www.figue.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/FIME.me.xml b/src/chrome/content/rules/FIME.me.xml
new file mode 100644
index 000000000000..5de56ac2e5d3
--- /dev/null
+++ b/src/chrome/content/rules/FIME.me.xml
@@ -0,0 +1,20 @@
+<!--
+	Mixed content:
+
+		- favicon from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="FIME.me">
+
+	<target host="fime.me" />
+	<target host="www.fime.me" />
+
+
+	<securecookie host="^\.fime\.me$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/FINANZEN.NET.xml b/src/chrome/content/rules/FINANZEN.NET.xml
new file mode 100644
index 000000000000..5e611a90950a
--- /dev/null
+++ b/src/chrome/content/rules/FINANZEN.NET.xml
@@ -0,0 +1,76 @@
+<!--
+	Connection closed:
+		- appcore-bo.finanzen.net
+		- appcore-ch.finanzen.net
+		- appcore-de.finanzen.net
+		- appcore-nl.finanzen.net
+		- appcore-us.finanzen.net
+		- payment.finanzen.net
+
+	Invalid certificate:
+		- anleihen.finanzen.net
+		- ftp2.finanzen.net
+		- g.finanzen.net
+		- hebelprodukte.finanzen.net
+		- mobiledesk.finanzen.net
+		- mobiledeskpro.finanzen.net
+		- mobiledesktrading.finanzen.net
+		- optionsscheine.finanzen.net
+		- ratgeberlink.finanzen.net
+		- realtime.finanzen.net
+		- tradingdesk-beta.finanzen.net
+		- vorsorge.finanzen.net
+		- welt-export.finanzen.net
+		- zertifikate.finanzen.net
+
+	Non-2xx HTTP code:
+		- traderfox.finanzen.net
+
+	Refused:
+		- dataexport.finanzen.net
+
+	Timeout:
+		- cache.finanzen.net
+		- krankenkassenvergleich.finanzen.net
+		- mx[1-4].messaging.finanzen.net
+-->
+<ruleset name="FINANZEN.NET">
+
+	<target host="finanzen.net" />
+	<target host="www.finanzen.net" />
+	<target host="analysen.finanzen.net" />
+	<target host="bankentest.finanzen.net" />
+	<target host="bild.finanzen.net" />
+	<target host="boersenblog.finanzen.net" />
+	<target host="c.finanzen.net" />
+	<target host="charts.finanzen.net" />
+	<target host="cma.finanzen.net" />
+	<target host="cmau8.finanzen.net" />
+	<target host="derivate.finanzen.net" />
+	<target host="findataproxy.finanzen.net" />
+	<target host="finweltproxy.finanzen.net" />
+	<target host="fondsdetail.finanzen.net" />
+	<target host="forum.finanzen.net" />
+	<target host="forum-media.finanzen.net" />
+	<target host="images.finanzen.net" />
+	<target host="m.finanzen.net" />
+	<target host="mdsngpush.finanzen.net" />
+	<target host="messaging.finanzen.net" />
+	<target host="my.finanzen.net" />
+	<target host="nl.finanzen.net" />
+	<target host="oppenheim.finanzen.net" />
+	<target host="scripts.finanzen.net" />
+	<target host="secure.finanzen.net" />
+	<target host="shchart.finanzen.net" />
+	<target host="styles.finanzen.net" />
+	<target host="tracking.finanzen.net" />
+	<target host="trading.finanzen.net" />
+	<target host="tradingdesk.finanzen.net" />
+	<target host="webexport.finanzen.net" />
+	<target host="zertifikat.finanzen.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/FKFeV.de.xml b/src/chrome/content/rules/FKFeV.de.xml
new file mode 100644
index 000000000000..9f9461884f3d
--- /dev/null
+++ b/src/chrome/content/rules/FKFeV.de.xml
@@ -0,0 +1,16 @@
+<!--
+	Invalid certificate:
+		- new.fkfev.de
+-->
+<ruleset name="FKFeV.de">
+
+	<target host="fkfev.de" />
+	<target host="www.fkfev.de" />
+	<target host="chat.fkfev.de" />
+	<target host="slack.fkfev.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/FLIF.info.xml b/src/chrome/content/rules/FLIF.info.xml
new file mode 100644
index 000000000000..23582be18493
--- /dev/null
+++ b/src/chrome/content/rules/FLIF.info.xml
@@ -0,0 +1,17 @@
+<!--
+	Nonfunctional hosts in *.flif.info:
+		- www (m)
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="FLIF.info">
+	<target host="flif.info" />
+	<target host="www.flif.info" />
+
+	<rule from="^http://www\.flif\.info/" to="https://flif.info/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/FLOSS-Shop.de.xml b/src/chrome/content/rules/FLOSS-Shop.de.xml
new file mode 100644
index 000000000000..beae6f2a200f
--- /dev/null
+++ b/src/chrome/content/rules/FLOSS-Shop.de.xml
@@ -0,0 +1,15 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- floss-shop.de
+-->
+<ruleset name="FLOSS-Shop.de">
+	<target host="floss-shop.de" />
+	<target host="www.floss-shop.de" />
+
+	<rule from="^http://floss-shop\.de/"
+			to="https://www.floss-shop.de/" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/FLOSSManuals.xml b/src/chrome/content/rules/FLOSSManuals.xml
index 4f40676c96d5..6473696a08c9 100644
--- a/src/chrome/content/rules/FLOSSManuals.xml
+++ b/src/chrome/content/rules/FLOSSManuals.xml
@@ -1,16 +1,22 @@
 <!--
-	Expired 2012-05-26
+	Mixed content:
+
+		- Bug from dabuttonfactory.com *
+
+	* Unsecurable <= dropped
 
 -->
-<ruleset name="FLOSSManuals.net (expired)" default_off="expired">
+<ruleset name="FLOSSManuals.net">
 
 	<target host="flossmanuals.net" />
 	<target host="en.flossmanuals.net" />
 	<target host="www.flossmanuals.net" />
 
-	<rule from="^http://(?:en\.|www\.)?flossmanuals\.net/"
-		to="https://flossmanuals.net/" />
 
-	<securecookie host="^flossmanuals\.net$" name=".*"/>
+	<securecookie host="^flossmanuals\.net$" name=".+" />
+
+
+	<rule from="^http://(?:en\.|(www\.))?flossmanuals\.net/"
+		to="https://$1flossmanuals.net/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/FMSA.de.xml b/src/chrome/content/rules/FMSA.de.xml
new file mode 100644
index 000000000000..8d381d0c7dd3
--- /dev/null
+++ b/src/chrome/content/rules/FMSA.de.xml
@@ -0,0 +1,23 @@
+<!--
+	Invalid certificate:
+		prod.fmsa.de
+
+	Timeout:
+		abnahme-euba.fmsa.de
+		euba.fmsa.de
+		test-euba.fmsa.de
+-->
+<ruleset name="FMSA.de">
+	<!-- Federal Agency for Financial Market Stabilisation -->
+
+	<target host="fmsa.de" />
+	<target host="www.fmsa.de" />
+
+	<!-- Content mismatch on https://fmsa.de/,
+	http://fmsa.de/ redirects to http://www.fmsa.de/ -->
+	<rule from="^http://fmsa\.de/"
+		to="https://www.fmsa.de/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/FMV.se.xml b/src/chrome/content/rules/FMV.se.xml
index 900c78569b71..8b9fd323851d 100644
--- a/src/chrome/content/rules/FMV.se.xml
+++ b/src/chrome/content/rules/FMV.se.xml
@@ -1,7 +1,15 @@
-<ruleset name="FMV.se" platform="mixedcontent">
+<!--
+	403 Forbidden:
+		logistikportalen.fmv.se
+		isd.fmv.se
+		fsd.fmv.se
+		plcs.fmv.se
+-->
+<ruleset name="FMV.se" >
 	<target host="fmv.se" />
 	<target host="www.fmv.se" />
-	<rule from="^http://www\.fmv\.se/" to="https://www.fmv.se/"/>
-	<rule from="^http://fmv\.se/" to="https://www.fmv.se/"/>
-</ruleset>
 
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/FMyLife.com.xml b/src/chrome/content/rules/FMyLife.com.xml
index e46978e8c9f7..16e9f8d39f53 100644
--- a/src/chrome/content/rules/FMyLife.com.xml
+++ b/src/chrome/content/rules/FMyLife.com.xml
@@ -1,30 +1,19 @@
 <!--
 	For other Beta & Cie coverage, see Beta-and-Cie.xml.
 
+	03.2018: all included subdomains fail.
 
-	CDN buckets:
+	HTTP 504:
+		cdn6.fmylife.com
+		cdn7.fmylife.com
+		media.fmylife.com
 
-		- betacie.cachefly.net
-
-			- cdn\d.fmylife.com
-
-		- fmylife-betaetcompagnie.netdna-ssl.com
-
-
-	Problematic subdomains:
-
-		- cdn[1-5]	(mismatched, CN: *.cachefly.net)
-		- media		(works; mismatched, CN: cdn.betacie.com)
-
-
-	Fully covered subdomains:
-
-		- (www.)
-		- cdn[1-5]	(→ betacie.cachefly.net)
-		- media		(→ cdn.betacie.com)
+	HTTP 521:
+		fmylife.com
+		www.fmylife.com
 
 -->
-<ruleset name="FMyLife.com">
+<ruleset name="FMyLife.com" default_off="other">
 
 	<target host="fmylife.com" />
 	<target host="*.fmylife.com" />
@@ -42,4 +31,4 @@
 	<rule from="^http://media\.fmylife\.com/"
 		to="https://cdn.betacie.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/FN_Cash.com.xml b/src/chrome/content/rules/FN_Cash.com.xml
new file mode 100644
index 000000000000..a937c9925711
--- /dev/null
+++ b/src/chrome/content/rules/FN_Cash.com.xml
@@ -0,0 +1,20 @@
+<!--
+	Ads.
+
+-->
+<ruleset name="FN Cash.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="fncash.com" />
+	<target host="static.fncash.com" />
+	<target host="www.fncash.com" />
+
+
+	<securecookie host="^\.?www\.fncash\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/FN_Mag.co-falsemixed.xml b/src/chrome/content/rules/FN_Mag.co-falsemixed.xml
index 3e2b68bb4a53..62f3dc93e3ec 100644
--- a/src/chrome/content/rules/FN_Mag.co-falsemixed.xml
+++ b/src/chrome/content/rules/FN_Mag.co-falsemixed.xml
@@ -1,17 +1,23 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://fnmag.co/ => https://fnmag.co/: (35, 'error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol')
+Fetch error: http://www.fnmag.co/ => https://www.fnmag.co/: (35, 'error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://fnmag.co/ => https://fnmag.co/: (35, 'error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol')
 	For rules not causing false/broken mixed content, see FN_Mag.co.xml.
 
 -->
-<ruleset name="FN Mag.co (false MCB)" platform="mixedcontent">
+<ruleset name="FN Mag.co (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="fnmag.co" />
-	<target host="*.fnmag.co" />
+	<target host="www.fnmag.co" />
 
 
 	<securecookie host="^(?:www)?\.fnmag\.co$" name=".+" />
 
 
-	<rule from="^http://(www\.)?fnmag\.co/"
-		to="https://$1fnmag.co/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/FN_Mag.co.xml b/src/chrome/content/rules/FN_Mag.co.xml
deleted file mode 100644
index 089e232d847e..000000000000
--- a/src/chrome/content/rules/FN_Mag.co.xml
+++ /dev/null
@@ -1,37 +0,0 @@
-<!--
-	For rules causing false/broken MCB, see FN_Mag.co-falsemixed.xml.
-
-
-	CDN buckets:
-
-		- d3riqfjibuvp3c.cloudfront.net
-
-			- cdn
-			- cdn5
-
-
-	Mixed content:
-
-		- css, on ^ from:
-
-			- cdn *
-			- fonts.googleapis.com *
-
-		- Images, on ^ from:
-
-			- cdn5 *
-			- \d.gravatar.com *
-
-	* Secured by us
-
--->
-<ruleset name="FN Mag.co (partial)">
-
-	<target host="cdn.fnmag.co" />
-	<target host="cdn5.fnmag.co" />
-
-
-	<rule from="^http://cdn5?\.fnmag\.co/"
-		to="https://d3riqfjibuvp3c.cloudfront.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/FOM_Networks.com.xml b/src/chrome/content/rules/FOM_Networks.com.xml
index 918281d1acb9..ecbaf5c460bf 100644
--- a/src/chrome/content/rules/FOM_Networks.com.xml
+++ b/src/chrome/content/rules/FOM_Networks.com.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(?:www\.)?fomnetworks\.com/"
 		to="https://fomnetworks.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/FORCE11.org.xml b/src/chrome/content/rules/FORCE11.org.xml
new file mode 100644
index 000000000000..99e0a2641219
--- /dev/null
+++ b/src/chrome/content/rules/FORCE11.org.xml
@@ -0,0 +1,12 @@
+<ruleset name="FORCE11.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="force11.org" />
+	<target host="www.force11.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/FOSSBazaar.org.xml b/src/chrome/content/rules/FOSSBazaar.org.xml
index 9a0daf2d33ee..0d5af7a9a16c 100644
--- a/src/chrome/content/rules/FOSSBazaar.org.xml
+++ b/src/chrome/content/rules/FOSSBazaar.org.xml
@@ -7,11 +7,14 @@
 	<target host="fossbazaar.org" />
 	<target host="*.fossbazaar.org" />
 
+		<test url="http://fossbazaar.org/news/" />
+		<test url="http://www.fossbazaar.org/" />
 
-	<securecookie host="^(.*\.)?fossbazaar\.org$" name=".*" />
+
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http://(\w+\.)?fossbazaar\.org/"
 		to="https://$1fossbazaar.org/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/FOX-Toolkit.xml b/src/chrome/content/rules/FOX-Toolkit.xml
deleted file mode 100644
index 2eb6834ea746..000000000000
--- a/src/chrome/content/rules/FOX-Toolkit.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<ruleset name="FOX Toolkit" default_off="self-signed">
-
-	<target host="fox-toolkit.net" />
-	<target host="*.fox-toolkit.net" />
-	<target host="fox-toolkit.org" />
-	<target host="*.fox-toolkit.org" />
-
-
-	<!--	.net just redirects to .org.	-->
-	<rule from="^https?://www\.fox-toolkit\.(?:net|org)/"
-		to="https://fox-toolkit.org/" />
-
-	<rule from="^http://(blog|www)\.fox-toolkit\.(?:net|org)/"
-		to="https://$1.fox-toolkit.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/FPJ_Intel.com.xml b/src/chrome/content/rules/FPJ_Intel.com.xml
new file mode 100644
index 000000000000..1cd06599740e
--- /dev/null
+++ b/src/chrome/content/rules/FPJ_Intel.com.xml
@@ -0,0 +1,15 @@
+<ruleset name="FPJ Intel.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="fpjintel.com" />
+	<target host="www.fpjintel.com" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/FP_Complete.com.xml b/src/chrome/content/rules/FP_Complete.com.xml
new file mode 100644
index 000000000000..601cd7eb0e3b
--- /dev/null
+++ b/src/chrome/content/rules/FP_Complete.com.xml
@@ -0,0 +1,36 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://haskell.fpcomplete.com/ => https://haskell.fpcomplete.com/: (6, 'Could not resolve host: haskell.fpcomplete.com')
+
+	Fully covered hosts in *fpcomplete.com:
+
+		- (www.)?
+		- haskell
+
+
+	Insecure cookies are set for these hosts:
+
+		- fpcomplete.com
+		- www.fpcomplete.com
+
+-->
+<ruleset name="FP Complete.com" default_off="failed ruleset test">
+
+	<target host="fpcomplete.com" />
+	<target host="haskell.fpcomplete.com" />
+	<target host="www.fpcomplete.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?fpcomplete\.com$" name="^AWSELB$" /-->
+	<!--securecookie host="^www\.fpcomplete\.com$" name="^(_SESSION|NB_SRVID|nm_transient_id)$" /-->
+
+	<securecookie host="^(?:www\.)?fpcomplete\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/FR.de.xml b/src/chrome/content/rules/FR.de.xml
new file mode 100644
index 000000000000..a90c3836f974
--- /dev/null
+++ b/src/chrome/content/rules/FR.de.xml
@@ -0,0 +1,50 @@
+<!--
+	Invalid certificate:
+		abo-cms.fr.de
+		admin.fr.de
+		autodiscover.fr.de
+		admin.agenturen.fr.de
+		e-kiosk.fr.de
+		info.fr.de
+		lyncdiscover.fr.de
+		newsletter.fr.de
+		relaunch.fr.de
+		sip.fr.de
+		staging.fr.de
+
+	Timeout:
+		ipadapp.fr.de
+		json-mobil.fr.de
+		json-newsapp.fr.de
+		login.fr.de
+		meet.fr.de
+		static[1-3]?.fr.de
+-->
+<ruleset name="FR.de">
+
+	<target host="fr.de" />
+	<target host="www.fr.de" />
+	<target host="abo.fr.de" />
+	<target host="beta-meinabo.fr.de" />
+	<target host="dev-meinabo.fr.de" />
+	<target host="epaper.fr.de" />
+	<target host="epaper-ifr.fr.de" />
+	<target host="fr7.fr.de" />
+	<target host="www.fr7.fr.de" />
+	<target host="leserreisen.fr.de" />
+	<target host="leserservice.fr.de" />
+	<target host="m.fr.de" />
+	<target host="mail.fr.de" />
+	<target host="meinabo.fr.de" />
+	<target host="panthermedia.fr.de" />
+	<target host="partner.fr.de" />
+	<target host="themenwelten.fr.de" />
+	<target host="vwdweb2.fr.de" />
+	<target host="wiki.fr.de" />
+	<target host="zukunft.fr.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/FREAK_Attack.com.xml b/src/chrome/content/rules/FREAK_Attack.com.xml
new file mode 100644
index 000000000000..32b396c8c261
--- /dev/null
+++ b/src/chrome/content/rules/FREAK_Attack.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="FREAK Attack.com">
+
+	<target host="freakattack.com" />
+	<target host="www.freakattack.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/FREECULTR.xml b/src/chrome/content/rules/FREECULTR.xml
index 49d60e93427d..7edfa26377ff 100644
--- a/src/chrome/content/rules/FREECULTR.xml
+++ b/src/chrome/content/rules/FREECULTR.xml
@@ -1,20 +1,31 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://freecultr.com/ => https://www.freecultr.com/: (6, 'Could not resolve host: www.freecultr.com')
+
+-->
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://freecultr.com/ => https://www.freecultr.com/: (7, 'Failed to connect to www.freecultr.com port 443: Connection timed out')
+
 	Problematic subdomains:
 
 		- ^		(cert only matches www)
 		- static
 
 -->
-<ruleset name="FREECULTR">
+<ruleset name="FREECULTR" default_off="failed ruleset test">
 
 	<target host="freecultr.com" />
-	<target host="*.freecultr.com" />
+	<target host="static.freecultr.com" />
+	<target host="www.freecultr.com" />
 
 
 	<securecookie host="^\.freecultr\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:static\.|www\.)?freecultr\.com/"
+	<rule from="^http://(?:static\.|www\.)?freecultr\.com/"
 		to="https://www.freecultr.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/FRUCT.org.xml b/src/chrome/content/rules/FRUCT.org.xml
new file mode 100644
index 000000000000..6c8b9dc92772
--- /dev/null
+++ b/src/chrome/content/rules/FRUCT.org.xml
@@ -0,0 +1,76 @@
+<!--
+	Nonfunctional hosts in *fruct.org:
+
+		- lists ¹
+		- mbt ²
+		- (www.)?md ¹
+		- (www.)?rusmart ¹
+		- vyatka.yar ¹
+
+	¹ Shows another domain
+	² Refused
+
+
+	Problematic hosts in *fruct.org:
+
+		- licence ¹
+		- (www.)?mdd ¹
+		- social ²
+		- reviews.yar ³
+		- www.yar ¹
+
+	¹ Mismatched
+	² Mixed css
+	³ Self-signed
+
+
+	These altnames don't exist:
+
+		- www.licence.fruct.org
+		- www.lists.fruct.org
+		- www.webmail.fruct.org
+		- www.reviews.yar.fruct.org
+		- www.vyatka.yar.fruct.org
+
+
+	Mixed content:
+
+		- css on social from $self
+
+		- Images, on:
+
+			- (www.)?, (www.)?forum from ssl.gstatic.com *
+			- (www.)?forum from ^fruct.org *
+			- social from $self
+
+-->
+<ruleset name="FRUCT.org (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="fruct.org" />
+	<target host="forum.fruct.org" />
+	<target host="www.forum.fruct.org" />
+	<target host="projects.fruct.org" />
+	<target host="www.projects.fruct.org" />
+	<!--target host="social.fruct.org" /-->
+	<!--target host="www.social.fruct.org" /-->
+	<target host="webmail.fruct.org" />
+	<target host="www.fruct.org" />
+	<target host="yar.fruct.org" />
+
+	<!--	Complications:
+				-->
+	<target host="www.yar.fruct.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://www\.yar\.fruct\.org/"
+		to="https://yar.fruct.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/FSA.go.jp.xml b/src/chrome/content/rules/FSA.go.jp.xml
new file mode 100644
index 000000000000..9954138f9223
--- /dev/null
+++ b/src/chrome/content/rules/FSA.go.jp.xml
@@ -0,0 +1,32 @@
+<!--
+	Financial Services Agency
+
+
+	^fsa.go.jp doesn't exist.
+
+-->
+<ruleset name="FSA.go.jp (partial)">
+
+	<target host="www.fsa.go.jp" />
+		<!--
+			403:
+						-->
+		<!--exclusion pattern="^http://www\.fsa\.go\.jp/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.fsa\.go\.jp/(?!sesc/watch/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.fsa.go.jp/index.html" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.fsa.go.jp/sesc/watch/index.html" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/FSCS.org.uk.xml b/src/chrome/content/rules/FSCS.org.uk.xml
new file mode 100644
index 000000000000..a39eaacee02c
--- /dev/null
+++ b/src/chrome/content/rules/FSCS.org.uk.xml
@@ -0,0 +1,34 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- protected.fscs.org.uk
+
+
+	Mixed content:
+
+		- css on protected from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="FSCS.org.uk (partial)">
+
+	<target host="protected.fscs.org.uk" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.fscs\.org\.uk/$" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^protected\.fscs\.org\.uk$" name="^(?:ASP\.NET_SessionId|X-Mapping-\w+)$" /-->
+
+	<securecookie host="^\." name="^_gat?$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/FSDN.com.xml b/src/chrome/content/rules/FSDN.com.xml
new file mode 100644
index 000000000000..b3c08c144690
--- /dev/null
+++ b/src/chrome/content/rules/FSDN.com.xml
@@ -0,0 +1,12 @@
+<!--
+	Slashdot stores most of their stuff here.
+-->
+
+<ruleset name="FSDN.com">
+	<target host="a.fsdn.com" />
+	<target host="c.fsdn.com" />
+
+		<test url="http://a.fsdn.com/sd/classic.css" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/FSF-mismatches.xml b/src/chrome/content/rules/FSF-mismatches.xml
deleted file mode 100644
index 8e7661645f37..000000000000
--- a/src/chrome/content/rules/FSF-mismatches.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="FSF (self-signed)" default_off="self-signed">
-
-	<target host="fsfla.org"/>
-	<target host="www.fsfla.org"/>
-
-	<!--	cert !match !www	-->
-	<rule from="^http://(?:www\.)?fsfla\.org/"
-		to="https://www.fsfla.org/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/FSF.xml b/src/chrome/content/rules/FSF.xml
index d7505b28a344..a0fad3c6b320 100644
--- a/src/chrome/content/rules/FSF.xml
+++ b/src/chrome/content/rules/FSF.xml
@@ -1,75 +1,71 @@
 <!--
 	Other Free Software Foundation rulesets:
 
+		- GMP_Lib.org.xml
 		- GNU.org.xml
 		- GnuPG.org.xml
 
 
 	Nonfunctional domains:
 
-		- shop.fsf.org		(redirects to http):
-		- specialk.nongnu.org	(dropped)
-
-
-	Fully covered domains:
-
-		- fsf.org subdomains:
-
-			- cas
+		- specialk.nongnu.org (m)
+		- bugs.gnewsense.org (m)
 
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
 -->
 <ruleset name="Free Software Foundation">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="fsf.org" />
-	<target host="*.fsf.org" />
+	<target host="www.fsf.org" />
+	<target host="cas.fsf.org" />
+	<target host="crm.fsf.org" />
+	<target host="directory.fsf.org" />
+	<target host="donate.fsf.org" />
+	<target host="emailselfdefense.fsf.org" />
+	<target host="my.fsf.org" />
+	<target host="mirror.fsf.org" />
+	<target host="patron.fsf.org" />
+	<target host="piwik.fsf.org" />
+	<target host="shop.fsf.org" />
+	<target host="static.fsf.org" />
+	<target host="status.fsf.org" />
+	<target host="u.fsf.org" />
+
+	<target host="nongnu.org" />
+	<target host="www.nongnu.org" />
+	<target host="lists.nongnu.org" />
+	<target host="savannah.nongnu.org" />
+	<target host="download.savannah.nongnu.org" />
+
+	<!--	Complications:
+				-->
 	<target host="bugs.gnewsense.org" />
 
-        <target host="*.nongnu.org" />
-		<!--exclusion pattern="^http://specialk\.nongnu\.org/" /-->
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^my\.fsf\.org$" name="^_ZopeId$" /-->
 
 	<!--	There's a cross-domain session cookie, which is not
 		handled in case it's used on unsecurable pages.
 			In particular, shop.fsf.org is not fully
 		securable, and seems to share a login system with www.
 		-->
-	<securecookie host="^(\.crm|my|status)\.fsf\.org$" name=".*" />
-
-
-	<rule from="^http://((?:cas|crm|my|static|status|u|www)\.)?fsf\.org/"
-		to="https://$1fsf.org/" />
-
-	<!--	- Shows www's data over https
-		- 301s like so over http
-						-->
-	<rule from="^http://donate\.fsf\.org/"
-		to="https://my.fsf.org/donate/" />
-
-	<!--	- Shows www data over https
-		- Redirects like so over http
-			-->
-	<rule from="^http://patron\.fsf\.org/"
-		to="https://www.fsf.org/patrons" />
-
-	<!--	These paths redirect to http:
-
-			- $
-			- cart/$
-			- category/\w+/$
-			- product/\w+/$
-
-		There may be more than are handled here that don't.
-			-->
-	<rule from="^http://shop\.fsf\.org/(faq/$|jf$|static/|termsofsale/$)"
-		to="https://shop.fsf.org/$1" />
+	<securecookie host="^(?:\.crm|my|status)\.fsf\.org$" name=".+" />
 
 	<!--	Redirects like so.
 					-->
-
-	<rule from="^http://bugs\.gnewsense\.org/(?:.*)"
+	<rule from="^http://bugs\.gnewsense\.org/.*"
 		to="https://savannah.nongnu.org/bugs/?group=gnewsense" />
 
-        <rule from="^http://(lists|savannah)\.nongnu\.org/"
-		to="https://$1.nongnu.org/" />
+		<test url="http://bugs.gnewsense.org//" />
+
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/FSFE.org-mismatches.xml b/src/chrome/content/rules/FSFE.org-mismatches.xml
deleted file mode 100644
index fcbd4eb5d235..000000000000
--- a/src/chrome/content/rules/FSFE.org-mismatches.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<!--
-	For rules that are on by default, see FSFE.org.xml.
-
--->
-<ruleset name="FSFE.org (mismatches)" default_off="mismatch, self-signed">
-
-	<target host="piwik.fsfe.org"/>
-
-
-	<rule from="^http://piwik\.fsfe\.org/"
-		to="https://piwik.fsfe.org/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/FSFE.org.xml b/src/chrome/content/rules/FSFE.org.xml
index eaa8605e5c44..c4e09a15d9ad 100644
--- a/src/chrome/content/rules/FSFE.org.xml
+++ b/src/chrome/content/rules/FSFE.org.xml
@@ -1,43 +1,54 @@
-<!--
-	For problematic rules, see FSFE.org-mismatches.xml.
 
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://crm.fsfe.org/ => https://crm.fsfe.org/: (51, "SSL: no alternative certificate subject name matches target host name 'crm.fsfe.org'")
+Fetch error: http://vote.fsfe.org/ => https://vote.fsfe.org/: (60, 'SSL certificate problem: certificate has expired')
 
 	Other FSFE rulesets:
 
+		- DRM.info.xml
 		- Document_Freedom_Day.xml
+		- FSFEurope.org.xml
+		- Free_Your_Android.org.xml
+
 
+	Nonfunctional hosts in *fsfe.org:
 
-	Nonfunctional domains:
+		- download *
+		- piwik ²
+		- planet ³
 
-		- l.fsfe.org	(shows server status, valid cert)
+	* Redirects to ^fsfe.org
+	² Shows registration.fsfe.org
+	³ Redirects to blogs.fsfe.org
 
 
-	Problematic domains:
+	Mixed content:
 
-		- (www.)freeyourandroid.org		(prints status page)
-		- piwik.fsfe.org			(self-signed, mismatched, CN: curie.fsfeurope.org)
+		- Image on blogs from $self *
+
+	* Secured by us
 
 -->
-<ruleset name="FSFE.org (partial)">
+<ruleset name="FSFE.org (partial)" default_off="failed ruleset test">
 
-	<target host="freeyourandroid.org" />
-	<target host="www.freeyourandroid.org" />
+	<!--	Direct rewrites:
+				-->
 	<target host="fsfe.org" />
-	<target host="*.fsfe.org" />
-	<target host="fsfeurope.org" />
-	<target host="*.fsfeurope.org" />
+	<target host="blogs.fsfe.org" />
+	<target host="crm.fsfe.org" />
+	<target host="fellowship.fsfe.org" />
+	<target host="l.fsfe.org" />
+	<target host="registration.fsfe.org" />
+	<target host="vote.fsfe.org" />
+	<target host="wiki.fsfe.org" />
+	<target host="www.fsfe.org" />
 
 
 	<securecookie host="^(?:fellowship|vote)\.fsfe\.org$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?freeyourandroid\.org/(?:.*)"
-		to="https://fsfe.org/campaigns/android/android.html" />
-
-	<rule from="^http://((?:blogs|crm|fellowship|vote|wiki|www)\.)?fsfe\.org/"
-		to="https://$1fsfe.org/" />
-
-	<rule from="^http://(blogs\.|fellowship\.|www\.)?fsfeurope\.org/"
-		to="https://$1fsfeurope.org/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/FSFEurope.org.xml b/src/chrome/content/rules/FSFEurope.org.xml
new file mode 100644
index 000000000000..5b34efa0785e
--- /dev/null
+++ b/src/chrome/content/rules/FSFEurope.org.xml
@@ -0,0 +1,26 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://fsfeurope.org/ => https://fsfeurope.org/: (51, "SSL: no alternative certificate subject name matches target host name 'fsfeurope.org'")
+Fetch error: http://blogs.fsfeurope.org/ => https://blogs.fsfeurope.org/: (51, "SSL: no alternative certificate subject name matches target host name 'blogs.fsfeurope.org'")
+Fetch error: http://fellowship.fsfeurope.org/ => https://fellowship.fsfeurope.org/: (51, "SSL: no alternative certificate subject name matches target host name 'fellowship.fsfeurope.org'")
+Fetch error: http://www.fsfeurope.org/ => https://www.fsfeurope.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.fsfeurope.org'")
+
+	For other Free Software Foundation Europe coverage, see FSFE.org.xml.
+
+-->
+<ruleset name="FSFEurope.org (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="fsfeurope.org" />
+	<target host="blogs.fsfeurope.org" />
+	<target host="fellowship.fsfeurope.org" />
+	<target host="mail.fsfeurope.org" />
+	<target host="www.fsfeurope.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/FSFLA.org.xml b/src/chrome/content/rules/FSFLA.org.xml
new file mode 100644
index 000000000000..c2bca749e50f
--- /dev/null
+++ b/src/chrome/content/rules/FSFLA.org.xml
@@ -0,0 +1,23 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+			 - ns1.linux-libre.fsfla.org
+
+		SSL connect error:
+			 - lxoliva.fsfla.org
+
+		SSL peer certificate was not OK:
+			 - drm.fsfla.org
+			 - ns2.linux-libre.fsfla.org
+			 - ns1.fsfla.org
+			 - ns2.fsfla.org
+			 - wiki.fsfla.org
+-->
+<ruleset name="FSF Latin America">
+	<target host="fsfla.org" />
+	<target host="www.fsfla.org" />
+	<target host="linux-libre.fsfla.org" />
+	<target host="www.linux-libre.fsfla.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/FSU.edu.xml b/src/chrome/content/rules/FSU.edu.xml
new file mode 100644
index 000000000000..ce6852694f96
--- /dev/null
+++ b/src/chrome/content/rules/FSU.edu.xml
@@ -0,0 +1,114 @@
+<!--
+	Florida State University
+
+
+	Nonfunctional subdomains:
+
+		- www.academic-guide ¹
+		- brightfutures ²
+		- calendar ³
+		- care ⁴
+		- acm.cs ⁵
+		- visit.cs ⁶
+		- ww2.cs ⁷
+		- facsenate ⁴
+		- learningforlife ⁴
+		- www.sc.my ⁴
+		- servicecenter ⁴
+		- undergrad ¹
+
+	¹ Dropped
+	² Shows www
+	³ Interrupted
+	⁴ Refused
+	⁵ Shows CentOS test page, valid cert
+	⁶ Shows visitwww.cs
+	⁷ Works, self-signed
+
+
+	Problematic subdomains:
+
+		- smtpin.cs *
+		- visitwww.cs *
+
+	* Works; Expired, self-signed
+
+
+	Fully covered subdomains:
+
+		- (www.)
+		- (www.)admissions
+		- campus
+		- cas
+
+		- service.cs
+		- system.cs
+		- webmail.cs
+		- www.cs
+		- www1.cs
+
+		- financialaid
+		- foundation
+		- (www.)my
+		- one
+		- apps.oti
+		- cfprd.oti
+		- (www.)registrar
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- apps.oti from $self ¹
+			- (www.)registrar from registrar ¹
+			- (www.)registrar from brightfutures ²
+
+		- favicons on financialaid and www from www ¹
+
+	¹ Secured by us
+	² Unsecurable <= 404
+
+-->
+<ruleset name="FSU.edu (partial)">
+
+	<target host="fsu.edu" />
+	<target host="admissions.fsu.edu" />
+	<target host="www.admissions.fsu.edu" />
+	<target host="campus.fsu.edu" />
+	<target host="cas.fsu.edu" />
+	<target host="service.cs.fsu.edu" />
+	<target host="system.cs.fsu.edu" />
+	<target host="webmail.cs.fsu.edu" />
+	<target host="www.cs.fsu.edu" />
+	<target host="financialaid.fsu.edu" />
+	<target host="foundation.fsu.edu" />
+	<target host="my.fsu.edu" />
+	<target host="www.my.fsu.edu" />
+	<target host="one.fsu.edu" />
+	<target host="registrar.fsu.edu" />
+	<target host="www.registrar.fsu.edu" />
+	<target host="www.fsu.edu" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?admissions\.fsu\.edu$" name="^BIGipServer~ITS-MSTS~cf_admissions_https_pool$" /-->
+	<!--securecookie host="^(www\.)?(admissions|registrar)\.fsu\.edu$" name="^avr(_\d+){6}$" /-->
+	<!--securecookie host="^campus\.fsu\.edu$" name="^^(BIGipServer~ODL~bb_campus_https_pool|session_id)$" /-->
+	<!--securecookie host="^cas\.fsu\.edu$" name="^BIGipServer~ITS-Middleware~casprd-https-pool$" /-->
+	<!--securecookie host="^smtpin\.cs\.fsu\.edu$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^(webmail|www)\.cs\.fsu\.edu$" name="^bla$" /-->
+	<!--securecookie host="^foundation\.fsu\.edu$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^(www\.)?my\.fsu\.edu$" name="^1HourCookie$" /-->
+	<!--securecookie host="^one\.fsu\.edu$" name="^(ASP\.NET_SessionId|VisitorGuid)$" /-->
+	<!--securecookie host="^apps\.oti\.fsu\.edu$" name="^BIGipServer~Middleware-SecureApps~appsprd_https_pool$" /-->
+	<!--securecookie host="^cfprd\.oti\.fsu\.edu$" name="^(BIGipServer~Middleware-SecureApps~cfprd_https_pool|CFID|CFTOKEN|JSESSIONID)$" /-->
+	<!--securecookie host="^(www\.)?registrar\.fsu\.edu$" name="^BIGipServer~ITS-MSTS~cf_registrar_https_pool$" /-->
+
+	<securecookie host="^(?:(?:www\.)?admissions|campus|cas|w(?:ebmail|ww)\.cs|foundation|(?:www\.)?my|one|(?:apps|cfprd)\.oti|(?:www\.)?registrar)\.fsu\.edu$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/FS_CDN.org.xml b/src/chrome/content/rules/FS_CDN.org.xml
new file mode 100644
index 000000000000..0b473d4fc7c4
--- /dev/null
+++ b/src/chrome/content/rules/FS_CDN.org.xml
@@ -0,0 +1,10 @@
+<!--
+	Related:
+		LDS.org.xml.
+-->
+<ruleset name="FS_CDN.org">
+	<target host="edge.fscdn.org" />
+		<test url="http://edge.fscdn.org/assets/img/FamilySearch-donation-guidelines-Revised-04292016-55aeebad1fb45bdf05de2f103dd7b4f0.pdf" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/FS_Data.xml b/src/chrome/content/rules/FS_Data.xml
index bacad43de6d6..358c8070e67a 100644
--- a/src/chrome/content/rules/FS_Data.xml
+++ b/src/chrome/content/rules/FS_Data.xml
@@ -1,13 +1,34 @@
-<ruleset name="FS Data">
+<!--
+	Nonfunctional hosts in *fsdata.se:
+
+		- status *
+
+	* Refused
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- fsdata.se
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="FS Data.se (partial)">
 
 	<target host="fsdata.se" />
-	<target host="*.fsdata.se" />
+	<target host="devwp.fsdata.se" />
+	<target host="webmail.fsdata.se" />
+	<target host="www.fsdata.se" />
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^fsdata\.se$" name="^PHPSESSID$" /-->
 
-	<securecookie host="^(?:webmail\.)?fsdata\.se$" name=".+" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^http://(webmail\.|www\.)?fsdata\.se/"
-		to="https://$1fsdata.se/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/FS_ISAC.com.xml b/src/chrome/content/rules/FS_ISAC.com.xml
new file mode 100644
index 000000000000..c75355eb9b50
--- /dev/null
+++ b/src/chrome/content/rules/FS_ISAC.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="FS ISAC.com">
+
+	<target host="fsisac.com" />
+	<target host="portal.fsisac.com" />
+	<target host="www.fsisac.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/FSharp.org.xml b/src/chrome/content/rules/FSharp.org.xml
new file mode 100644
index 000000000000..38c4613a7275
--- /dev/null
+++ b/src/chrome/content/rules/FSharp.org.xml
@@ -0,0 +1,21 @@
+<!--
+	Invalid certificate:
+		community.fsharp.org
+		foundation.fsharp.org
+-->
+<ruleset name="FSharp.org">
+
+	<target host="fsharp.org" />
+	<target host="www.fsharp.org" />
+	<target host="forums.fsharp.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<!-- Invalid certificate on https://www.fsharp.org/,
+	http://www.fsharp.org/ redirects to http://fsharp.org/. -->
+	<rule from="^http://www\.fsharp\.org/"
+		to="https://fsharp.org/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/FTD.de.xml b/src/chrome/content/rules/FTD.de.xml
deleted file mode 100644
index 95f5db82e84a..000000000000
--- a/src/chrome/content/rules/FTD.de.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="FTD.de" platform="mixedcontent">
-  <target host="www.ftd.de" />
-  <target host="ftd.de" />
-
-  <rule from="^http://(?:www\.)?ftd\.de/" to="https://www.ftd.de/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/FTL_Game.com.xml b/src/chrome/content/rules/FTL_Game.com.xml
new file mode 100644
index 000000000000..409d39889208
--- /dev/null
+++ b/src/chrome/content/rules/FTL_Game.com.xml
@@ -0,0 +1,27 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ftlgame.com/ => https://ftlgame.com/: (51, "SSL: no alternative certificate subject name matches target host name 'ftlgame.com'")
+Fetch error: http://www.ftlgame.com/ => https://www.ftlgame.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.ftlgame.com'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://ftlgame.com/ => https://ftlgame.com/: (7, 'Failed to connect to ftlgame.com port 443: Connection refused')
+	Mixed content:
+
+		- iframe from www.humblebundle.com *
+
+	* Secured by us
+
+-->
+<ruleset name="FTL Game.com (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
+
+	<target host="ftlgame.com" />
+	<target host="www.ftlgame.com" />
+
+
+	<securecookie host="^\.ftlgame\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/FU-Berlin.de.xml b/src/chrome/content/rules/FU-Berlin.de.xml
new file mode 100644
index 000000000000..cac23874cef5
--- /dev/null
+++ b/src/chrome/content/rules/FU-Berlin.de.xml
@@ -0,0 +1,19 @@
+<!--
+	Freie Universität Berlin
+
+	Nonfunctional subdomains:
+
+		- (www.)spline.inf	(shows doku.spline; mismatched, CN: doku.spline.inf.fu-berlin.de)
+		- ftp.spline.inf ²
+		- vm-keyserver.spline.inf (mismatched, CN: keyserver.spline.inf.fu-berlin.de)
+
+	² Shows tor.spline.inf.fu-berlin.de
+-->
+
+<ruleset name="FU-Berlin.de (partial)">
+	<target host="doku.spline.inf.fu-berlin.de" />
+	<target host="tor.spline.inf.fu-berlin.de" />
+	<target host="keyserver.spline.inf.fu-berlin.de" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/FX_Prime.com.xml b/src/chrome/content/rules/FX_Prime.com.xml
new file mode 100644
index 000000000000..195f84ab5e94
--- /dev/null
+++ b/src/chrome/content/rules/FX_Prime.com.xml
@@ -0,0 +1,36 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://mirror.fxprime.com/ => https://mirror.fxprime.com/: (28, 'Connection timed out after 20005 milliseconds')
+
+	For other GMO coverage, see GMO_Internet.xml.
+
+
+	^: refused
+
+
+	Fully covered hosts in *fxprime.com:
+
+		- (www.)?	(^ → www)
+		- mirror
+
+-->
+<ruleset name="FX Prime.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="mirror.fxprime.com" />
+	<target host="www.fxprime.com" />
+
+	<!--	Complications:
+				-->
+	<target host="fxprime.com" />
+
+
+	<rule from="^http://fxprime\.com/"
+		to="https://www.fxprime.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/FX_Systems.xml b/src/chrome/content/rules/FX_Systems.xml
index cf8b00265f0d..85876225651e 100644
--- a/src/chrome/content/rules/FX_Systems.xml
+++ b/src/chrome/content/rules/FX_Systems.xml
@@ -1,13 +1,21 @@
-<ruleset name="FX Systems">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://fxsystems.com/ => https://fxsystems.com/: (7, 'Failed to connect to fxsystems.com port 443: Connection refused')
+Fetch error: http://www.fxsystems.com/ => https://www.fxsystems.com/: (7, 'Failed to connect to www.fxsystems.com port 443: Connection refused')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://fxsystems.com/ => https://fxsystems.com/: (51, "SSL: no alternative certificate subject name matches target host name 'fxsystems.com'")
+-->
+<ruleset name="FX Systems" default_off="failed ruleset test">
 
 	<target host="fxsystems.com" />
-	<target host="*.fxsystems.com" />
+	<target host="www.fxsystems.com" />
 
 
 	<securecookie host="^\.fxsystems.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?fxsystems\.com/"
-		to="https://$1fxsystems.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/FYBSG.com.xml b/src/chrome/content/rules/FYBSG.com.xml
new file mode 100644
index 000000000000..c5373bef5f2d
--- /dev/null
+++ b/src/chrome/content/rules/FYBSG.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="FYBSG.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="fybsg.com" />
+	<target host="www.fybsg.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/FYB_SE.se.xml b/src/chrome/content/rules/FYB_SE.se.xml
new file mode 100644
index 000000000000..723e8deb9367
--- /dev/null
+++ b/src/chrome/content/rules/FYB_SE.se.xml
@@ -0,0 +1,12 @@
+<ruleset name="FYB SE.se">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="fybse.se" />
+	<target host="www.fybse.se" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/FabLab_Tacoma.xml b/src/chrome/content/rules/FabLab_Tacoma.xml
index 9215c7dc2784..6ac372b63d84 100644
--- a/src/chrome/content/rules/FabLab_Tacoma.xml
+++ b/src/chrome/content/rules/FabLab_Tacoma.xml
@@ -7,7 +7,6 @@
 	<securecookie host="^(?:www\.)?fablabtacoma\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?fablabtacoma\.com/"
-		to="https://$1fablabtacoma.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Fab_Lab_Truck.nl.xml b/src/chrome/content/rules/Fab_Lab_Truck.nl.xml
new file mode 100644
index 000000000000..214eb3c11c1a
--- /dev/null
+++ b/src/chrome/content/rules/Fab_Lab_Truck.nl.xml
@@ -0,0 +1,9 @@
+<ruleset name="Fab Lab Truck.nl">
+
+	<target host="fablabtruck.nl" />
+	<target host="www.fablabtruck.nl" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Fabian_Keil.de.xml b/src/chrome/content/rules/Fabian_Keil.de.xml
new file mode 100644
index 000000000000..a7e03eb68792
--- /dev/null
+++ b/src/chrome/content/rules/Fabian_Keil.de.xml
@@ -0,0 +1,10 @@
+<ruleset name="Fabian Keil.de">
+
+	<target host="fabiankeil.de" />
+	<target host="www.fabiankeil.de" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Fabricatorz.xml b/src/chrome/content/rules/Fabricatorz.xml
index 5b4d6da336eb..57de986c9bc4 100644
--- a/src/chrome/content/rules/Fabricatorz.xml
+++ b/src/chrome/content/rules/Fabricatorz.xml
@@ -1,19 +1,24 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://fabricatorz.com/ => https://fabricatorz.com/: (51, "SSL: no alternative certificate subject name matches target host name 'fabricatorz.com'")
+
 	Problematic subdomains:
 
 		- ^	(mismatched)
 
 -->
-<ruleset name="Fabricatorz">
+<ruleset name="Fabricatorz" default_off="failed ruleset test">
 
 	<target host="fabricatorz.com" />
-	<target host="*.fabricatorz.com" />
+	<target host="private.fabricatorz.com" />
+	<target host="www.fabricatorz.com" />
 
 
 	<securecookie host="^fabricatorz\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:(private\.)|www\.)?fabricatorz\.com/"
+	<rule from="^http://(?:(private\.)|www\.)?fabricatorz\.com/"
 		to="https://$1fabricatorz.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Facebook.xml b/src/chrome/content/rules/Facebook.xml
index c2b938d200fc..36a86a53828e 100644
--- a/src/chrome/content/rules/Facebook.xml
+++ b/src/chrome/content/rules/Facebook.xml
@@ -2,6 +2,10 @@
 	Other Facebook rulesets:
 
 		- Facebook_Studio.xml
+		- Facebook_ccTLDs.xml
+		- Fb.com.xml
+		- Messenger.com.xml
+		- PrivateCore.com.xml
 
 
 	CDN buckets:
@@ -11,11 +15,12 @@
 		- fbcdn-profile-a.akamaihd.net
 		- fbcdn-sphotos-a.akamaihd.net
 		- fbcdn-sphotos-[a-h]-a.akamaihd.net
+		- fbcdn-vthumb-a.akamaihd.net
 		- fbexternal-a.akamaihd.net
 		- fbstatic-a.akamaihd.net
 		- s-static.ak.facebook.com.edgekey.net
 		- s-static.ak.fbcdn.net.edgekey.net
-		- profile.ak.facebook.com.edgesuite.net 
+		- profile.ak.facebook.com.edgesuite.net
 		- dragon.ak.fbcdn.net.edgesuite.net
 		- external.ak.fbcdn.net.edgesuite.net
 
@@ -29,188 +34,77 @@
 
 		- static.ak.connect.facebook.com.edgesuite.net
 
-	foo.ak.fbcdn.net	<=>	fb(cdn-)?foo-a.akamaihd.net
 
+	Problematic hosts in *facebook.com:
 
-	Nonfunctional domains:
-
-		investor.fb.com		(504, valid cert)
-
-
-	Problematic domains:
-
-		- facebook.com:
-
-			- external.ak *
-			- profile.ak *
-			- connect *
-			- www.connect	(shows www)
-
-		- on.fb.me
-		- dragon.ak.fbcdn.net *
-		- photos-[a-h].ak.fbcdn.net	*
+		- external.ak *
+		- profile.ak *
+		- connect *
+		- www.connect	(shows www)
+		- l.prod ³
 
 	* akamai
+	³ Fails to redirect
 
 
-	Fully covered domains:
+	These altnames don't exist:
 
-		- facebook.com subdomains:
+		- prod.facebook.com
+		- www.v6.facebook.com
 
-			- (www.)
-			- s-static.ak
-			- b.s-static.ak
-			- api
-			- api-read
-			- apps
-			- connect
-			- developers
-			- graph
-			- login
-			- m
-			- pixel
-			- ssl
-			- static-ak
-			- www.v6
-			- \w\w-\w\w 	(language-specific subdomains)
 
-		- connect.facebook.net
-		- newsroom.fb.com
-		- on.fb.me
+	Insecure cookies are set for these domains: ᶜ
 
-		- fbcdn.net subdomains:
+		- .facebook.com
 
-			- dragon.ak		(→ fbcdn-dragon-a.akamaihd.net)
-			- photos-[a-h].ak
-			- s-static.ak
-
-			- *.xx:
-
-				- profile-a
-				- profile-a-ord
-				- scontent-02
-				- scontent-b-ord
-				- sphotos
-				- sphotos-b
+	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="Facebook">
-
-	<target host="facebook.*" />
-	<target host="www.facebook.*" />
-	<target host="*.facebook.com" />
-	<target host="*.facebook.de" />
-	<target host="*.facebook.dk" />
-	<target host="*.facebook.es" />
-	<target host="*.facebook.fr" />
-	<target host="*.facebook.jp" />
-	<target host="*.facebook.mx" />
-	<target host="connect.facebook.net" />
-	<target host="*.facebook.no" />
-	<target host="*.facebook.se" />
-	<target host="fb.com" />
-	<target host="*.fb.com" />
-	<target host="on.fb.me" />
-	<target host="*.fbcdn.net" />
-
-
-	<securecookie host="^(?:.*\.)?facebook\.com$" name="(?:c_user|lu|sct|xs)" />
-    <securecookie host="^\.facebook\.com$" name=".+" />
-	<securecookie host="^newsroom\.fb\.com$" name=".+" />
-
-	<rule from="^https?://f(?:acebook|b)\.com/"
-		to="https://www.facebook.com/" />
-
-	<rule from="^https?://www\.f(?:acebook|b)\.com/"
-		to="https://www.facebook.com/" />
-
-	<rule from="^https?://(\w\w-\w\w|(?:b\.)?s-static\.ak|api|api-read|apps|badge|blog|connect|developers|graph|login|m|pixel|ssl|static-ak|www\.v6)\.facebook\.com/"
-		to="https://$1.facebook.com/" />
-
-	<!--	Also on fbstatic-a.akamaihd.net, but this is what the servers do.
-								-->
-	<rule from="^https?://static\.ak\.facebook\.com/"
-		to="https://s-static.ak.facebook.com/" />
-
-	<rule from="^http://www\.connect\.facebook\.com/"
-		to="https://connect.facebook.com/" />
-
-	<!--		Cert doesn't match and
-		this is what the server does.
-						-->
-	<rule from="^https?://(?:www\.)?facebook\.(?:be|is|it|nl|us)/"
-		to="https://www.facebook.com/" />
-
-	<!--	Ditto.
-			-->
-	<rule from="^https?://(?:de-de\.|fr-fr\.|www\.)?facebook\.(de|fr)/"
-		to="https://$1-$1.facebook.com/"/>
-
-	<!--	Ditto.
-			-->
-	<rule from="^https?://(?:da-dk\.|www\.)?facebook\.dk/"
-		to="https://da-dk.facebook.com/" />
-
-	<!--	Ditto.
-			-->
-	<rule from="^https?://(?:es-es\.|www\.)?facebook\.(?:es|mx)/"
-		to="https://es-es.facebook.com/" />
-
-	<!--	Ditto.
-			-->
-	<rule from="^https?://(?:ja-jp\.|www\.)?facebook\.jp/"
-		to="https://ja-jp.facebook.com/" />
-
-	<!--	Ditto.
-			-->
-	<rule from="^https?://(?:nb-no\.|www\.)?facebook\.no/"
-		to="https://nb-no.facebook.com/" />
-
-	<!--	Ditto.
-			-->
-	<rule from="^https?://(?:sv-se\.|www\.)?facebook\.se/"
-		to="https://sv-se.facebook.com/" />
-
-	<rule from="^https?://connect\.facebook\.net/"
-		to="https://connect.facebook.net/"/>
-
-	<rule from="^https?://newsroom\.fb\.com/"
-		to="https://newsroom.fb.com/" />
-
-	<rule from="^https?://on\.fb\.me/"
-		to="https://bit.ly/" />
-
-	<rule from="^https?://dragon\.ak\.fbcdn\.net/"
-		to="https://fbcdn-dragon-a.akamaihd.net/" />
-
-	<!--	Akamai.
-			-->
-	<rule from="^https?://external\.ak\.fbcdn\.net/"
-		to="https://fbexternal-a.akamaihd.net/" />
-
-	<rule from="^https?://photos-([a-h])\.ak\.fbcdn\.net/"
-		to="https://fbcdn-sphotos-$1-a.akamaihd.net/" />
-
-	<rule from="^https?://profile\.ak\.fbcdn\.net/"
-		to="https://fbcdn-profile-a.akamaihd.net/" />
-
-	<rule from="^https?://(?:a\d\.)?sphotos\.ak\.fbcdn\.net/"
-		to="https://fbcdn-sphotos-a.akamaihd.net/" />
-
-	<!--	- Akamai
-		- Data are also on static.facebook.com
-							-->
-	<rule from="^https?://(?:static\.connect|(?:s-)?static)\.ak\.fbcdn\.net/"
-		to="https://s-static.ak.fbcdn.net/" />
-
-	<rule from="^https?://([^@:\./]+)(\.xx)?\.fbcdn\.net/"
-		to="https://$1$2.fbcdn.net/" />
-
-	<!--	Bing maps. Should be generalized and moved at some point.
-
-		Cert only matches *.tiles.virtualearth.net.
-								-->
-	<rule from="^https?://fb\.ecn\.api\.tiles\.virtualearth\.net/"
-		to="https://api.tiles.virtualearth.net/" />
-
+<ruleset name="Facebook.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host=              "facebook.com" />
+	<target host=          "api.facebook.com" />
+	<target host=     "api-read.facebook.com" />
+	<target host=         "apps.facebook.com" />
+	<target host=        "badge.facebook.com" />
+	<target host=         "blog.facebook.com" />
+	<target host=         "code.facebook.com" />
+	<target host=      "connect.facebook.com" />
+	<target host=        "da-dk.facebook.com" />
+	<target host=        "de-de.facebook.com" />
+	<target host=   "developers.facebook.com" />
+	<target host=        "es-es.facebook.com" />
+	<target host=        "fr-fr.facebook.com" />
+	<target host= "govtrequests.facebook.com" />
+	<target host=        "graph.facebook.com" />
+	<target host=        "ja-jp.facebook.com" />
+	<target host=            "l.facebook.com" />
+	<target host=           "lm.facebook.com" />
+	<target host=        "login.facebook.com" />
+	<target host=       "mbasic.facebook.com" />
+	<target host=        "nb-no.facebook.com" />
+	<target host=        "pixel.facebook.com" />
+	<target host=    "code.prod.facebook.com" />
+	<target host=     "www.prod.facebook.com" />
+	<target host=     "research.facebook.com" />
+	<target host=        "sv-se.facebook.com" />
+	<target host=          "ssl.facebook.com" />
+	<target host=    "static-ak.facebook.com" />
+	<target host=        "touch.facebook.com" />
+	<target host=          "www.facebook.com" />
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.facebook\.com$" name="^(datr|m_ts|reg_ext_ref|reg_fb_gate|reg_fb_ref)$" /-->
+	<!--
+		Others observed:
+				-->
+	<!--securecookie host="^(?:.*\.)?facebook\.com$" name="(?:c_user|lu|sct|xs)" /-->
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/FacebookCoreWWWi.onion.xml b/src/chrome/content/rules/FacebookCoreWWWi.onion.xml
new file mode 100644
index 000000000000..e9b74393eeb5
--- /dev/null
+++ b/src/chrome/content/rules/FacebookCoreWWWi.onion.xml
@@ -0,0 +1,27 @@
+<!--
+	For other Facebook coverage, see Facebook.xml.
+
+	This ruleset covers Facebook onion services on Tor.
+
+-->
+<ruleset name="Facebook Onion Service">
+
+	<target host="facebookcorewwwi.onion" />
+	<target host="*.facebookcorewwwi.onion" />
+
+		<test url="http://developers.facebookcorewwwi.onion/" />
+		<test url="http://m.facebookcorewwwi.onion/" />
+		<test url="http://www.facebookcorewwwi.onion/" />
+
+	<target host="*.xx.fbcdn23dssr3jqnq.onion" />
+
+		<test url="http://static.xx.fbcdn23dssr3jqnq.onion/rsrc.php/v3/yw/l/0,cross/BiATacNWkhp.css" />
+		<test url="http://scontent.xx.fbcdn23dssr3jqnq.onion/v/t39.2365-6/851585_216271631855613_2121533625_n.png?oh=7a437b0bae2ba8efc157cf6564ce1440&amp;oe=5ADC6020" />
+		<test url="http://external-lht6-1.xx.fbcdn23dssr3jqnq.onion/safe_image.php" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Facebook_Studio.xml b/src/chrome/content/rules/Facebook_Studio.xml
index 640f05376877..4d3d3458eab9 100644
--- a/src/chrome/content/rules/Facebook_Studio.xml
+++ b/src/chrome/content/rules/Facebook_Studio.xml
@@ -1,25 +1,26 @@
-<!--
-	For other Facebook coverage, see Facebook.xml.
-
-
-	Problematic subdomains:
 
-		- ^	(cert only matches *.facebook-studio.com)
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://fadmin.facebook-studio.com/ => https://fadmin.facebook-studio.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.facebook-studio.com/ => https://www.facebook-studio.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.facebook-studio.com'")
+Fetch error: http://facebook-studio.com/ => https://www.facebook-studio.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.facebook-studio.com'")
 
+	For other Facebook coverage, see Facebook.xml.
 
-	Fully covered subdomains:
 
-		- (www.)	(^ → www)
-		- fadmin
+	 ^facebook-studio.com: Cert only matches *.facebook-studio.com
 
 -->
-<ruleset name="Facebook Studio">
+<ruleset name="Facebook-Studio.com" default_off="failed ruleset test">
 
 	<target host="facebook-studio.com" />
 	<target host="*.facebook-studio.com" />
 
+		<test url="http://fadmin.facebook-studio.com/" />
+		<test url="http://www.facebook-studio.com/" />
+
 
-	<securecookie host=".+\.facebook-studio\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http://facebook-studio\.com/"
@@ -28,4 +29,4 @@
 	<rule from="^http://(\w+)\.facebook-studio\.com/"
 		to="https://$1.facebook-studio.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Facebook_ccTLDs.xml b/src/chrome/content/rules/Facebook_ccTLDs.xml
new file mode 100644
index 000000000000..892e13b578aa
--- /dev/null
+++ b/src/chrome/content/rules/Facebook_ccTLDs.xml
@@ -0,0 +1,94 @@
+<!--
+	For other Facebook coverage, see Facebook.xml.
+
+
+	Nonfunctional domains:
+
+		facebook.mx                  (all 5 IPs don't answer on port 80)
+
+-->
+<ruleset name="Facebook ccTLDs">
+
+	<target host=      "facebook.be" />
+	<target host=  "www.facebook.be" />
+	<target host=      "facebook.de" />
+	<target host="de-de.facebook.de" />
+	<target host=  "www.facebook.de" />
+	<target host=      "facebook.dk" />
+	<target host="da-dk.facebook.dk" />
+	<target host=  "www.facebook.dk" />
+	<target host=      "facebook.es" />
+	<target host="es-es.facebook.es" />
+	<target host=  "www.facebook.es" />
+	<target host=      "facebook.fr" />
+	<target host="fr-fr.facebook.fr" />
+	<target host=  "www.facebook.fr" />
+	<target host=      "facebook.is" />
+	<target host=  "www.facebook.is" />
+	<target host=      "facebook.it" />
+	<target host=  "www.facebook.it" />
+	<target host=      "facebook.jp" />
+	<target host="ja-jp.facebook.jp" />
+	<target host=  "www.facebook.jp" />
+	<!-- doesn't answer on port 80
+	<target host=      "facebook.mx" />
+	-->
+	<target host="es-es.facebook.mx" />
+	<target host=  "www.facebook.mx" />
+	<target host=      "facebook.nl" />
+	<target host=  "www.facebook.nl" />
+	<target host=      "facebook.no" />
+	<target host="nb-no.facebook.no" />
+	<target host=  "www.facebook.no" />
+	<target host=      "facebook.se" />
+	<target host="sv-se.facebook.se" />
+	<target host=  "www.facebook.se" />
+	<target host=      "facebook.us" />
+	<target host=  "www.facebook.us" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<!--		Cert doesn't match and
+		this is what the server does.
+						-->
+	<rule from="^http://(?:www\.)?facebook\.(?:be|is|it|nl|us)/"
+		to="https://www.facebook.com/" />
+
+	<!--	Ditto.
+			-->
+	<rule from="^http://(?:de-de\.|www\.)?facebook\.de/"
+		to="https://de-de.facebook.com/"/>
+
+	<!--	Ditto.
+			-->
+	<rule from="^http://(?:da-dk\.|www\.)?facebook\.dk/"
+		to="https://da-dk.facebook.com/" />
+
+	<!--	Ditto.
+			-->
+	<rule from="^http://(?:es-es\.|www\.)?facebook\.(?:es|mx)/"
+		to="https://es-es.facebook.com/" />
+
+        <!--    Ditto.
+		        -->
+        <rule from="^http://(?:fr-fr\.|www\.)?facebook\.fr/"
+                to="https://fr-fr.facebook.com/"/>
+
+	<!--	Ditto.
+			-->
+	<rule from="^http://(?:ja-jp\.|www\.)?facebook\.jp/"
+		to="https://ja-jp.facebook.com/" />
+
+	<!--	Ditto.
+			-->
+	<rule from="^http://(?:nb-no\.|www\.)?facebook\.no/"
+		to="https://nb-no.facebook.com/" />
+
+	<!--	Ditto.
+			-->
+	<rule from="^http://(?:sv-se\.|www\.)?facebook\.se/"
+		to="https://sv-se.facebook.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Facepunch.com.xml b/src/chrome/content/rules/Facepunch.com.xml
index a8714c86f6be..06eb961c7ec8 100644
--- a/src/chrome/content/rules/Facepunch.com.xml
+++ b/src/chrome/content/rules/Facepunch.com.xml
@@ -1,13 +1,47 @@
-<ruleset name="Facepunch.com">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://wiki.facepunch.com/ => https://wiki.facepunch.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+	Problematic hosts in *facepunch.com:
+
+		- api ᵐ
+		- prototypes ᵐ
+
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- .facepunch.com
+		- .api.facepunch.com
+		- lab.facepunch.com
+		- prototypes.facepunch.com
+		- .prototypes.facepunch.com
+		- wiki.facepunch.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Facepunch.com (partial)" default_off="failed ruleset test">
 
 	<target host="facepunch.com" />
-	<target host="*.facepunch.com" />
+	<target host="lab.facepunch.com" />
+	<target host="wiki.facepunch.com" />
+	<target host="www.facepunch.com" />
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.facepunch\.com$" name="^(?:__cfduid|bb_sessionhash|cf_clearance)$" /-->
+	<!--securecookie host="^\.(?:api|prototypes)\.facepunch\.com$" name="^ARRAffinity$" /-->
+	<!--securecookie host="^(?:lab|prototypes)\.facepunch\.com$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^wiki\.facepunch\.com$" name="^JSESSIONID$" /-->
 
-	<securecookie host="^\.facepunch\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(www\.)?facepunch\.com/"
-		to="https://$1facepunch.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Facetz.net.xml b/src/chrome/content/rules/Facetz.net.xml
deleted file mode 100644
index 71141e8c811c..000000000000
--- a/src/chrome/content/rules/Facetz.net.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	Web bugs.
-
--->
-<ruleset name="facetz.net">
-
-	<target host="*.facetz.net" />
-
-
-	<!--	name="^uuid$"
-				-->
-	<securecookie host="^\.facetz\.net$" name=".+" />
-
-
-	<rule from="^http://front\.facetz\.net/"
-		to="https://front.facetz.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/FactCheck.org.xml b/src/chrome/content/rules/FactCheck.org.xml
new file mode 100644
index 000000000000..e0b10d6ad47e
--- /dev/null
+++ b/src/chrome/content/rules/FactCheck.org.xml
@@ -0,0 +1,33 @@
+<!--
+	Invalid certificate:
+		tracking.factcheck.org
+
+	Secure connection failed:
+		dev.factcheck.org
+
+	No working URL known:
+		cf.factcheck.org
+		origin.factcheck.org
+
+	Different content http/https:
+		unspun.factcheck.org
+
+-->
+<ruleset name="Fact Check.org">
+
+	<target host="factcheck.org" />
+	<target host="www.factcheck.org" />
+	<target host="cdn.factcheck.org" />
+		<test url="http://cdn.factcheck.org/UploadedFiles/hospitalworker-150x150.jpg" />
+	<target host="m.factcheck.org" />
+	<target host="qvga.factcheck.org" />
+	<target host="transcripts.factcheck.org" />
+	<target host="video.factcheck.org" />
+		<test url="http://video.factcheck.org/play/hIUWgdX%2BbwI" />
+	<target host="static.video.factcheck.org" />
+		<test url="http://static.video.factcheck.org/img/FC-Logo.png" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/FactWire.org.xml b/src/chrome/content/rules/FactWire.org.xml
new file mode 100644
index 000000000000..bead08b9510d
--- /dev/null
+++ b/src/chrome/content/rules/FactWire.org.xml
@@ -0,0 +1,14 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- office.factwire.org
+		- www2.factwire.org
+-->
+<ruleset name="FactWire.org">
+	<target host="factwire.org" />
+	<target host="www.factwire.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Factiva.com.xml b/src/chrome/content/rules/Factiva.com.xml
new file mode 100644
index 000000000000..c9a1bba42b15
--- /dev/null
+++ b/src/chrome/content/rules/Factiva.com.xml
@@ -0,0 +1,30 @@
+<!--
+	Connection reset:
+		- customer.kb.factiva.com
+
+	Invalid certificate:
+		- factiva.com, equivalent to www.factiva.com
+		- de.factiva.com, equivalent to www.factiva.com
+		- dfweb4.global.factiva.com
+
+	Expired:
+		logos.int.factiva.com
+-->
+<ruleset name="Factiva.com">
+	<target host="factiva.com" />
+	<target host="www.factiva.com" />
+	<target host="customer.factiva.com" />
+	<target host="de.factiva.com" />
+	<target host="developer.factiva.com" />
+	<target host="global.factiva.com" />
+	<target host="jp.factiva.com" />
+	<target host="viewer.factiva.com" />
+	<target host="widgets.factiva.com" />
+
+	<securecookie host="^.*\.factiva\.com$" name=".+" />
+
+	<rule from="^http://(de\.)?factiva\.com/"
+		to="https://www.factiva.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Factor.cc.xml b/src/chrome/content/rules/Factor.cc.xml
deleted file mode 100644
index 3fd3d1fa46fb..000000000000
--- a/src/chrome/content/rules/Factor.cc.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!-- This rule was automatically generated based on an HSTS
-     preload rule in the Chromium browser.  See 
-     https://src.chromium.org/viewvc/chrome/trunk/src/net/base/transport_security_state.cc
-     for the list of preloads.  Sites are added to the Chromium HSTS
-     preload list on request from their administrators, so HTTPS should
-     work properly everywhere on this site.
- 
-     Because Chromium and derived browsers automatically force HTTPS for
-     every access to this site, this rule applies only to Firefox. -->
-<ruleset name="Factor.cc" platform="firefox">
-  <target host="factor.cc" />
-  <target host="www.factor.cc" />
-
-  <securecookie host="^factor\.cc$" name=".+" />
-  <securecookie host="^www\.factor\.cc$" name=".+" />
-
-  <rule from="^http://(www\.)?factor\.cc/" to="https://factor.cc/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Factorable.net.xml b/src/chrome/content/rules/Factorable.net.xml
index a121d281af44..28dc86ffa514 100644
--- a/src/chrome/content/rules/Factorable.net.xml
+++ b/src/chrome/content/rules/Factorable.net.xml
@@ -4,7 +4,6 @@
 	<target host="www.factorable.net" />
 
 
-	<rule from="^http://(www\.)?factorable\.net/"
-		to="https://$1factorable.net/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Factory_Expo_Home_Centers.xml b/src/chrome/content/rules/Factory_Expo_Home_Centers.xml
index d8f1a4663632..d8f29d2e7207 100644
--- a/src/chrome/content/rules/Factory_Expo_Home_Centers.xml
+++ b/src/chrome/content/rules/Factory_Expo_Home_Centers.xml
@@ -3,46 +3,42 @@
 
 		- Park_Models_Direct.xml
 
-
 	Nonfunctional domains:
+		SSL errors:
+		- prestigehomes.com
+		- www.prestigehomes.com
 
-		- (www.)prestigehomes.com	(502)
-
+		Mismatched:
+		- factorydirectcabins.com
+		- www.factorydirectcabins.com
 -->
 <ruleset name="Factory Expo Home Centers">
 
 	<target host="azchampion.com" />
-	<target host="*.azchampion.com" />
+	<target host="www.azchampion.com" />
 	<target host="cimacorp.net" />
 	<target host="www.cimacorp.net" />
 	<target host="expohomes.com" />
-	<target host="*.expohomes.com" />
+	<target host="www.expohomes.com" />
 	<target host="expomobilehomes.com" />
-	<target host="*.expomobilehomes.com" />
-	<target host="factorydirectcabins.com" />
-	<target host="*.factorydirectcabins.com" />
+	<target host="www.expomobilehomes.com" />
 	<target host="factoryexpo.net" />
-	<target host="*.factoryexpo.net" />
+	<target host="www.factoryexpo.net" />
 	<target host="factoryexpodirect.com" />
-	<target host="*.factoryexpodirect.com" />
+	<target host="www.factoryexpodirect.com" />
 	<target host="factoryexpohomes.com" />
-	<target host="*.factoryexpohomes.com" />
+	<target host="www.factoryexpohomes.com" />
 	<target host="factoryhomesale.com" />
 	<target host="www.factoryhomesale.com" />
 	<target host="factoryselecthomes.com" />
-	<target host="*.factoryselecthomes.com" />
+	<target host="www.factoryselecthomes.com" />
 	<target host="fbhexpo.com" />
-	<target host="*.fbhexpo.com" />
-
+	<target host="www.fbhexpo.com" />
 
-	<securecookie host="^(?:.*\.)?(?:azchampion|expo(?:mobile)?homes|factory(?:directcabins|expo(?:direct|expohomes|mobilehomes)|homesale|selecthomes)|fbhexpo)\.com$" name=".+" />
-	<securecookie host="^(?:.*\.)?(?:cimacorp|factoryexpo)\.net$" name=".+" />
 
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(www\.)?(azchampion|expo(?:mobile)?homes|factory(?:directcabins|expo(?:direct|expohomes|mobilehomes)|homesale|selecthomes)|fbhexpo)\.com/"
-		to="https://$1$2.com/" />
 
-	<rule from="^http://(www\.)?(cimacorp|factoryexpo)\.net/"
-		to="https://$1$2.net/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Faculty_Diversity.org.xml b/src/chrome/content/rules/Faculty_Diversity.org.xml
new file mode 100644
index 000000000000..942c4e8ac4d3
--- /dev/null
+++ b/src/chrome/content/rules/Faculty_Diversity.org.xml
@@ -0,0 +1,21 @@
+<!--
+	CN: *.site-ym.com
+
+-->
+<ruleset name="Faculty Diversity.org" default_off="mismatched">
+
+	<target host="facultydiversity.org" />
+	<target host="www.facultydiversity.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?facultydiversity\.org$" name="^(ASP\.NET_SessionId|apvc)$" /-->
+	<!--securecookie host="^www\.facultydiversity\.org$" name="^(-1_ShoppingCart|ASPSession|ASPSESSIONID[A-Z]{8})$" /-->
+
+	<securecookie host="^(?:www\.)?facultydiversity\.org$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Fagms.net.xml b/src/chrome/content/rules/Fagms.net.xml
new file mode 100644
index 000000000000..6e04c1b581d8
--- /dev/null
+++ b/src/chrome/content/rules/Fagms.net.xml
@@ -0,0 +1,16 @@
+<!--
+	For other Experian coverage, see Experian.xml.
+
+
+	^: cert only matches www
+
+-->
+<ruleset name="fagms.net">
+
+	<target host="fagms.net" />
+	<target host="www.fagms.net" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Fail2ban.org.xml b/src/chrome/content/rules/Fail2ban.org.xml
new file mode 100644
index 000000000000..fc1736d5d4af
--- /dev/null
+++ b/src/chrome/content/rules/Fail2ban.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="Fail2ban.org">
+	<target host="fail2ban.org" />
+	<target host="www.fail2ban.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Failure-Magazine.xml b/src/chrome/content/rules/Failure-Magazine.xml
index 3f9efe904995..180efae4bd4e 100644
--- a/src/chrome/content/rules/Failure-Magazine.xml
+++ b/src/chrome/content/rules/Failure-Magazine.xml
@@ -1,11 +1,12 @@
-<ruleset name="Failure Magazine" default_off="mismatch">
+<ruleset name="Failure Magazine" default_off="mismatched">
 
 	<!--	all: cert: *.gridserver.com	-->
 	<target host="failuremag.com"/>
 	<!--	* for cross-domain cookie	-->
-	<target host="*.failuremag.com"/>
+	<target host="origin.failuremag.com" />
+	<target host="www.failuremag.com" />
 
-	<securecookie host="^(.*\.)?failuremag\.com$" name=".*"/>
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http://(?:origin\.|www\.)?failuremag\.com/"
 		to="https://failuremag.com/"/>
diff --git a/src/chrome/content/rules/FairWorkCommission.xml b/src/chrome/content/rules/FairWorkCommission.xml
new file mode 100644
index 000000000000..323456b50387
--- /dev/null
+++ b/src/chrome/content/rules/FairWorkCommission.xml
@@ -0,0 +1,7 @@
+<ruleset name="Fair Work Commission">
+	<target host="fwc.gov.au" />
+	<target host="www.fwc.gov.au" />
+
+	<rule from="^http://(?:www\.)?fwc\.gov\.au/"
+		to="https://www.fwc.gov.au/" />
+</ruleset>
diff --git a/src/chrome/content/rules/FairWorkOmbudsman.xml b/src/chrome/content/rules/FairWorkOmbudsman.xml
new file mode 100644
index 000000000000..896452500b63
--- /dev/null
+++ b/src/chrome/content/rules/FairWorkOmbudsman.xml
@@ -0,0 +1,7 @@
+<ruleset name="Fair Work Ombudsman">
+	<target host="fairwork.gov.au" />
+	<target host="www.fairwork.gov.au" />
+
+	<rule from="^http://(?:www\.)?fairwork\.gov\.au/"
+		to="https://www.fairwork.gov.au/" />
+</ruleset>
diff --git a/src/chrome/content/rules/Fairfax-Digital.xml b/src/chrome/content/rules/Fairfax-Digital.xml
index 3b7046dffe1f..2abceeb90c5d 100644
--- a/src/chrome/content/rules/Fairfax-Digital.xml
+++ b/src/chrome/content/rules/Fairfax-Digital.xml
@@ -1,4 +1,10 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ads.afraccess.com/ => https://ads.afraccess.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://ads.afraccess.com/ => https://ads.afraccess.com/: (28, 'Connection timed out after 10000 milliseconds')
 	Other Fairfax Media rulesets:
 
 		- Find-a-Babysitter.xml
@@ -44,17 +50,13 @@
 		- (www.)theage.com.au			(ditto)
 
 -->
-<ruleset name="Fairfax Digital (partial)">
+<ruleset name="Fairfax Digital (partial)" default_off="failed ruleset test">
 
 	<target host="ads.afraccess.com" />
 	<target host="membercentre.fairfax.com.au" />
 
-	<securecookie host="^membercentre\.fairfax\.com\.au$" name=".*" />
-
-	<rule from="^http://ads\.afraccess\.com/"
-		to="https://ads.afraccess.com/" />
+	<securecookie host="^membercentre\.fairfax\.com\.au$" name=".+" />
 
-	<rule from="^http://membercentre\.fairfax\.com\.au/"
-		to="https://membercentre.fairfax.com.au/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Fairfax_Public_Access.xml b/src/chrome/content/rules/Fairfax_Public_Access.xml
index 510366c0b9b1..23e35c45f3fa 100644
--- a/src/chrome/content/rules/Fairfax_Public_Access.xml
+++ b/src/chrome/content/rules/Fairfax_Public_Access.xml
@@ -8,13 +8,13 @@
 <ruleset name="Fairfax Public Access">
 
 	<target host="fcac.org" />
-	<target host="*.fcac.org" />
+	<target host="www.fcac.org" />
 
 
 	<securecookie host="^\.fcac\.org$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?fcac\.org/"
+	<rule from="^http://(?:www\.)?fcac\.org/"
 		to="https://www.fcac.org/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Fairphone.com.xml b/src/chrome/content/rules/Fairphone.com.xml
new file mode 100644
index 000000000000..9064eab75ce5
--- /dev/null
+++ b/src/chrome/content/rules/Fairphone.com.xml
@@ -0,0 +1,66 @@
+<!--
+	Partially covered hosts in *fairphone.com:
+
+		- shop ʰ
+
+	ʰ Some pages redirect to http
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- fairphone.com
+		- forum.fairphone.com
+		- shop.fairphone.com
+		- .shop.fairphone.com
+		- www.fairphone.com
+
+-->
+<ruleset name="Fairphone.com (partial)">
+
+	<target host="fairphone.com" />
+	<target host="forum.fairphone.com" />
+	<target host="shop.fairphone.com" />
+	<target host="www.fairphone.com" />
+	<target host="code.fairphone.com" />
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://shop\.fairphone\.com/($|customer/$|fairphone\.html$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://shop\.fairphone\.com/(?!/*(?:(?:checkout/cart|customer/account)(?:$|[?/])|favicon\.ico|media/|skin/))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://shop.fairphone.com/accessories.html" />
+			<test url="http://shop.fairphone.com/blacktranslucent-1.html" />
+			<test url="http://shop.fairphone.com/bluematte-1.html" />
+			<test url="http://shop.fairphone.com/fairphone.html" />
+			<test url="http://shop.fairphone.com/payment-page.html" />
+			<test url="http://shop.fairphone.com/spareparts.html" />
+			<test url="http://shop.fairphone.com/spareparts/display.html" />
+			<test url="http://shop.fairphone.com/transparent-1.html" />
+
+			<!--	-ve:
+					-->
+			<test url="http://shop.fairphone.com/checkout/cart" />
+			<test url="http://shop.fairphone.com/customer/account" /><!--	sets cookie without Secure -->
+			<test url="http://shop.fairphone.com/favicon.ico" />
+			<test url="http://shop.fairphone.com/media/catalog/product/cache/2/small_image/140x/9df78eab33525d08d6e5fb8d27136e95/b/a/battery445.jpg" />
+			<test url="http://shop.fairphone.com/skin/frontend/fairphone/fairphone/images/logo.png" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?fairphone\.com$" name="^GHCLSERVID$" /-->
+	<!--securecookie host="^forum\.fairphone\.com$" name="^_forum_session$" /-->
+	<!--securecookie host="^shop\.fairphone\.com$" name="^VISITED$" /-->
+	<!--securecookie host="^\.shop\.fairphone\.com$" name="^frontend$" /-->
+
+	<securecookie host="^(?!shop\.)\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/FaithBooks.co.uk.xml b/src/chrome/content/rules/FaithBooks.co.uk.xml
new file mode 100644
index 000000000000..e0800f288db0
--- /dev/null
+++ b/src/chrome/content/rules/FaithBooks.co.uk.xml
@@ -0,0 +1,8 @@
+<ruleset name="FaithBooks.co.uk">
+	<target host="faithbooks.co.uk" />
+	<target host="www.faithbooks.co.uk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Faith_in_Motion.com.au.xml b/src/chrome/content/rules/Faith_in_Motion.com.au.xml
new file mode 100644
index 000000000000..278e0da37e64
--- /dev/null
+++ b/src/chrome/content/rules/Faith_in_Motion.com.au.xml
@@ -0,0 +1,14 @@
+<!--
+	Some pages redirect to http.
+
+-->
+<ruleset name="Faith in Motion.com.au (partial)">
+
+	<target host="faithinmotion.com.au" />
+	<target host="www.faithinmotion.com.au" />
+
+
+	<rule from="^http://(www\.)?faithinmotion\.com\.au/(?=favicon\.ico|my-account(?:$|[?/])|wp-content/|wp-includes/)"
+		to="https://$1faithinmotion.com.au/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/FakaHeda.eu.xml b/src/chrome/content/rules/FakaHeda.eu.xml
new file mode 100644
index 000000000000..2fb1cea141ec
--- /dev/null
+++ b/src/chrome/content/rules/FakaHeda.eu.xml
@@ -0,0 +1,7 @@
+<ruleset name="FakaHeda.eu">
+    <target host="fakaheda.eu" />
+    <target host="www.fakaheda.eu" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Fakturownia.xml b/src/chrome/content/rules/Fakturownia.xml
index c539a18a6d58..bea5cd3f838d 100644
--- a/src/chrome/content/rules/Fakturownia.xml
+++ b/src/chrome/content/rules/Fakturownia.xml
@@ -19,13 +19,12 @@
 <ruleset name="Fakturownia (partial)">
 
 	<target host="fakturownia.pl" />
-	<target host="*.fakturownia.pl" />
+	<target host="www.fakturownia.pl" />
 
 
 	<securecookie host="^\.fakturownia\.pl$" name=".+" />
 
 
-	<rule from="^http://(www\.)?fakturownia\.pl/"
-		to="https://$1fakturownia.pl/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Falcon-UAV.com.xml b/src/chrome/content/rules/Falcon-UAV.com.xml
index 00be4ab99725..80fd345abec8 100644
--- a/src/chrome/content/rules/Falcon-UAV.com.xml
+++ b/src/chrome/content/rules/Falcon-UAV.com.xml
@@ -1,6 +1,7 @@
 <!--
-	CN: *.squarespace.com
-		
+	^: Refused
+	www CN: *.squarespace.com
+
 -->
 <ruleset name="Falcon-UAV.com (partial)" default_off="mismatched">
 
diff --git a/src/chrome/content/rules/Falkirk.gov.uk.xml b/src/chrome/content/rules/Falkirk.gov.uk.xml
new file mode 100644
index 000000000000..06e4699a10e1
--- /dev/null
+++ b/src/chrome/content/rules/Falkirk.gov.uk.xml
@@ -0,0 +1,20 @@
+<!--
+	Falkirk Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+	Non-functional hosts
+		Timeout was reached:
+		- edevelopment.falkirk.gov.uk
+
+		SSL peer certificate was not OK:
+		- beta.falkirk.gov.uk
+		- collections.falkirk.gov.uk
+-->
+<ruleset name="Falkirk.gov.uk (partial)">
+	<target host="falkirk.gov.uk" />
+	<target host="www.falkirk.gov.uk" />
+	<target host="homespot.falkirk.gov.uk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Falkvinge_on_Infopolicy.xml b/src/chrome/content/rules/Falkvinge_on_Infopolicy.xml
index e75326e0368c..3b334f660cad 100644
--- a/src/chrome/content/rules/Falkvinge_on_Infopolicy.xml
+++ b/src/chrome/content/rules/Falkvinge_on_Infopolicy.xml
@@ -18,13 +18,12 @@
 <ruleset name="Falkvinge on Infopolicy">
 
 	<target host="falkvinge.net" />
-	<target host="*.falkvinge.net" />
+	<target host="www.falkvinge.net" />
 
 
 	<securecookie host="^\.falkvinge\.net$" name=".+" />
 
 
-	<rule from="^http://(www\.)?falkvinge\.net/"
-		to="https://$1falkvinge.net/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Fallout_4.com.xml b/src/chrome/content/rules/Fallout_4.com.xml
new file mode 100644
index 000000000000..632f3ea08f28
--- /dev/null
+++ b/src/chrome/content/rules/Fallout_4.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="Fallout 4.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="fallout4.com" />
+	<target host="www.fallout4.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/FallsCreek.com.au.xml b/src/chrome/content/rules/FallsCreek.com.au.xml
new file mode 100644
index 000000000000..e92d99947d6e
--- /dev/null
+++ b/src/chrome/content/rules/FallsCreek.com.au.xml
@@ -0,0 +1,22 @@
+<!--
+	For other Merlin Entertainments coverage, see Merlin-Entertainments.xml.
+
+	Non-functional subdomain:
+		- masterplan		(cert mismatch, CN: *.sunshinecoast.qld.gov.au)
+
+	Mixed content:
+		- Font from fonts.gstatic.com *
+		- Font from fast.fonts.com *
+		- Image from chuckasnowie.com.au
+
+	* Secured by us
+-->
+<ruleset name="Falls Creek Resort" platform="mixedcontent">
+	<target host="fallscreek.com.au" />
+	<target host="www.fallscreek.com.au" />
+
+	<securecookie host="www\.fallscreek\.com\.au$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Familie-redlich.xml b/src/chrome/content/rules/Familie-redlich.xml
index c374223d9a1a..e36b17212a49 100644
--- a/src/chrome/content/rules/Familie-redlich.xml
+++ b/src/chrome/content/rules/Familie-redlich.xml
@@ -3,14 +3,15 @@
 	<!--	Cert: webserver.ispgateway.de
 						-->
 	<target host="familie-redlich.de" />
-	<target host="*.familie-redlich.de" />
+	<target host="systeme.familie-redlich.de" />
+	<target host="www.familie-redlich.de" />
 	<target host="www.systeme.familie-redlich.de" />
 
 
 	<securecookie host="^(?:systeme\.)?familie-redlich\.de$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?(systeme\.)?familie-redlich\.de/"
+	<rule from="^http://(?:www\.)?(systeme\.)?familie-redlich\.de/"
 		to="https://$1familie-redlich.de/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Family-Christian-Stores.xml b/src/chrome/content/rules/Family-Christian-Stores.xml
index 4efdbd517d43..66fb1a375d69 100644
--- a/src/chrome/content/rules/Family-Christian-Stores.xml
+++ b/src/chrome/content/rules/Family-Christian-Stores.xml
@@ -1,14 +1,21 @@
-<ruleset name="Family Christian Stores">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://familychristian.com/ => https://familychristian.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://media.familychristian.com/ => https://media.familychristian.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.familychristian.com/ => https://www.familychristian.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+-->
+<ruleset name="Family Christian Stores" default_off="failed ruleset test">
 
 	<target host="familychristian.com" />
-	<target host="*.familychristian.com" />
-	<target host="*.www.familychristian.com" />
+	<target host="media.familychristian.com" />
+	<target host="www.familychristian.com" />
 
 
-	<securecookie host="^\.?www\.familychristian\.com$" name=".*" />
+	<securecookie host="^\.?www\.familychristian\.com$" name=".+" />
 
 
-	<rule from="^http://(media\.|www\.)?familychristian\.com/"
-		to="https://$1familychristian.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/FamilySearch.org.xml b/src/chrome/content/rules/FamilySearch.org.xml
new file mode 100644
index 000000000000..fe54104f20f4
--- /dev/null
+++ b/src/chrome/content/rules/FamilySearch.org.xml
@@ -0,0 +1,57 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://donate.familysearch.org/ => https://donate.familysearch.org/: (51, "SSL: no alternative certificate subject name matches target host name 'donate.familysearch.org'")
+
+-->
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ident.familysearch.org/ => https://ident.familysearch.org/: (28, 'Connection timed out after 10000 milliseconds')
+
+	For other Church of Jesus Christ of Latter-day Saints coverage, see TheChurchofJesusChristofLatterdaySaints.xml.
+
+
+	Fully covered subdomains:
+
+		- (www.)?
+		- contact
+		- donate
+		- help
+		- ident
+		- indexing
+		- new
+
+
+	Insecure cookies are set for these hosts:
+
+		- familysearch.org
+		- donate.familysearch.org
+		- indexing.familysearch.org
+
+-->
+<ruleset name="FamilySearch.org" default_off="failed ruleset test">
+
+	<target host="familysearch.org" />
+	<target host="contact.familysearch.org" />
+	<target host="donate.familysearch.org" />
+	<target host="help.familysearch.org" />
+	<target host="ident.familysearch.org" />
+	<target host="indexing.familysearch.org" />
+	<target host="new.familysearch.org" />
+	<target host="www.familysearch.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(new\.)?familysearch\.org$" name="^fs_experiments$" /-->
+	<!--securecookie host="^donate\.familysearch\.org$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^indexing\.familysearch\.org$" name="^ADRUM(_\d+){3}$" /-->
+
+	<securecookie host="^(?:(?:donate|indexing|new)\.)?familysearch\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Family_Medicine_Association.xml b/src/chrome/content/rules/Family_Medicine_Association.xml
index 112f65444f52..0d5ef4e90b30 100644
--- a/src/chrome/content/rules/Family_Medicine_Association.xml
+++ b/src/chrome/content/rules/Family_Medicine_Association.xml
@@ -1,13 +1,35 @@
+<!--
+	^fmaba.com: Expired
+
+
+	Insecure cookies are set for these domains:
+
+		- .fmaba.com
+
+
+-->
 <ruleset name="Family Medicine Association">
 
+	<!--	Direct rewrites:
+			-->
+	<target host="www.fmaba.com" />
+
+	<!--	Complications:
+				-->
 	<target host="fmaba.com" />
-	<target host="*.fmaba.com" />
 
 
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.fmaba\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+
 	<securecookie host="^\.fmaba\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?fmaba\.com/"
-		to="https://$1famaba.com/" />
+	<rule from="^http://fmaba\.com/"
+		to="https://www.fmaba.com/" />
+
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/FamousFolks.ca.xml b/src/chrome/content/rules/FamousFolks.ca.xml
new file mode 100644
index 000000000000..d4d7c633ba77
--- /dev/null
+++ b/src/chrome/content/rules/FamousFolks.ca.xml
@@ -0,0 +1,38 @@
+<!--
+	Active mixed content:
+		- cf.famousfolks.ca
+		- mccaincapitaldev.famousfolks.ca
+		- northstar.famousfolks.ca
+		- unclebens.famousfolks.ca
+	Invalid certificate:
+		- andovercapital.famousfolks.ca
+-->
+
+<ruleset name="FamousFolks.ca">
+	<target host="famousfolks.ca" />
+	<target host="www.famousfolks.ca" />
+	<target host="blueelephant.famousfolks.ca" />
+	<target host="blueelephant2.famousfolks.ca" />
+	<target host="edenpark.famousfolks.ca" />
+	<target host="flyjazz.famousfolks.ca" />
+	<target host="dev.flyjazz.famousfolks.ca" />
+	<target host="empericus.famousfolks.ca" />
+	<target host="flyjazzbeta.famousfolks.ca" />
+	<target host="flyjazzdev.famousfolks.ca" />
+	<target host="gardengangsters.famousfolks.ca" />
+	<target host="garrison.famousfolks.ca" />
+	<target host="host.famousfolks.ca" />
+	<target host="matchedashlofts.famousfolks.ca" />
+	<target host="mccaincapital.famousfolks.ca" />
+	<target host="mscience.famousfolks.ca" />
+	<target host="dev.mscience.famousfolks.ca" />
+	<target host="nutro.famousfolks.ca" />
+	<target host="scaffolding.famousfolks.ca" />
+	<target host="shecann.famousfolks.ca" />
+	<target host="dev.shecann.famousfolks.ca" />
+	<target host="skyhi.famousfolks.ca" />
+	<target host="ulnooweg.famousfolks.ca" />
+	<target host="yourrighttoknow.famousfolks.ca" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/FanFiction.xml b/src/chrome/content/rules/FanFiction.xml
index 34d001ed4705..eee015aa18ff 100644
--- a/src/chrome/content/rules/FanFiction.xml
+++ b/src/chrome/content/rules/FanFiction.xml
@@ -1,19 +1,23 @@
 <!--
-	Nonfunctional domains:
-
-		- www.fanfiction.net	($ redirects to http, other pages 404; valid cert)
+	^fanfiction.net: Dropped
 
 -->
-<ruleset name="FanFiction (partial)">
+<ruleset name="FanFiction.net">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="m.fanfiction.net" />
-	<target host="ffcdn2012.fictionpressllc.netdna-cdn.com" />
+	<target host="www.fanfiction.net" />
+
+	<!--	Complications:
+				-->
+	<target host="fanfiction.net" />
 
 
-	<rule from="^http://m\.fanfiction\.net/"
-		to="https://m.fanfiction.net/" />
+	<rule from="^http://fanfiction\.net/"
+		to="https://www.fanfiction.net/" />
 
-	<rule from="^http://ffcdn2012\.fictionpressllc\.netdna-cdn\.com/"
-		to="https://ffcdn2012-fictionpressllc.netdna-ssl.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Fanatics.xml b/src/chrome/content/rules/Fanatics.xml
index a3b1c838da65..b33faa449937 100644
--- a/src/chrome/content/rules/Fanatics.xml
+++ b/src/chrome/content/rules/Fanatics.xml
@@ -7,7 +7,8 @@
 <ruleset name="Fanatics (partial)">
 
 	<target host="fanatics.com" />
-	<target host="*.fanatics.com" />
+	<target host="www.fanatics.com" />
+	<target host="st.fanatics.com" />
 
 
 	<securecookie host="^st\.fanatics\.com$" name=".+" />
@@ -22,4 +23,4 @@
 	<rule from="^http://st\.fanatics\.com/"
 		to="https://st.fanatics.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Fanboy.xml b/src/chrome/content/rules/Fanboy.xml
index e6377de846ce..fa9c51700982 100644
--- a/src/chrome/content/rules/Fanboy.xml
+++ b/src/chrome/content/rules/Fanboy.xml
@@ -1,13 +1,46 @@
-<ruleset name="Fanboy">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://forums.fanboy.co.nz/ => https://forums.fanboy.co.nz/: (6, 'Could not resolve host: forums.fanboy.co.nz')
+
+	NB: Tor users cannot view* this website due to CloudFlare settings.
+
+	See:
+
+		- https://blog.torproject.org/blog/call-arms-helping-internet-services-accept-anonymous-users
+		- https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block-Tor-
+		- https://support.cloudflare.com/hc/en-us/articles/200170206-How-do-I-turn-I-m-Under-Attack-mode-on-
+
+	* without enabling javascript, for security and privacy implications see e.g.:
+
+		- https://www.mozilla.org/security/known-vulnerabilities/firefox.html
+		- https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-fingerprinting
+		- https://panopticlick.eff.org
+
+
+	Insecure cookies are set for these domains:
+
+		- .fanboy.co.nz
+
+-->
+<ruleset name="Fanboy.co.nz" default_off="failed ruleset test">
 
 	<target host="fanboy.co.nz" />
-	<target host="*.fanboy.co.nz" />
+	<target host="forums.fanboy.co.nz" />
+	<target host="hg.fanboy.co.nz" />
+	<target host="secure.fanboy.co.nz" />
+	<target host="www.fanboy.co.nz" />
+
 
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.fanboy\.co\.nz$" name="^(__cfduid|cf_clearance)$" /-->
 
-	<securecookie host="^(.+\.)?fanboy\.co\.nz$" name=".*" />
+	<securecookie host="^(?:.+\.)?fanboy\.co\.nz$" name=".+" />
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
 
 
-	<rule from="^http://((?:forums|hg|secure|www)\.)?fanboy\.co\.nz/"
-		to="https://$1fanboy.co.nz/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Fandago.xml b/src/chrome/content/rules/Fandago.xml
index 85e78577a5e9..7636a3cabb72 100644
--- a/src/chrome/content/rules/Fandago.xml
+++ b/src/chrome/content/rules/Fandago.xml
@@ -1,10 +1,19 @@
-<ruleset name="Fandago">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://fandago.com/ => https://fandago.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.fandago.com/ => https://www.fandago.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://fandago.com/ => https://fandago.com/: Redirect for 'http://famdengo.com' missing Location
+Fetch error: http://www.fandago.com/ => https://www.fandago.com/: Redirect for 'http://famdengo.com' missing Location
+-->
+<ruleset name="Fandago" default_off="failed ruleset test">
 
 	<target host="fandago.com" />
 	<target host="www.fandago.com" />
 
 
-	<rule from="^http://(www\.)?fandago\.com/"
-		to="https://$1fandago.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Fandango.xml b/src/chrome/content/rules/Fandango.xml
index e58e4cc72966..df6517881c23 100644
--- a/src/chrome/content/rules/Fandango.xml
+++ b/src/chrome/content/rules/Fandango.xml
@@ -1,25 +1,24 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://fandango.com/ => https://fandango.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://content.fandango.com/ => https://content.fandango.com/: (28, 'Connection timed out after 20000 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://statf.com/ => https://a248.e.akamai.net/f/248/9057/1d/content.fandango.com/: (28, 'Connection timed out after 10000 milliseconds')
 	For other Comcast coverage, see Comcast.xml.
 
 -->
-<ruleset name="Fandango (partial)" platform="mixedcontent">
+<ruleset name="Fandango (partial)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="fandango.com"/>
-	<target host="*.fandango.com"/>
-	<target host="statf.com"/>
-	<target host="www.statf.com"/>
-
-
-	<securecookie host="^(www)?\.?fandango\.com$" name=".*"/>
-
+	<target host="content.fandango.com"/>
+	<target host="www.fandango.com"/>
 
-	<rule from="^http://fandango\.com/"
-		to="https://www.fandango.com/"/>
 
-	<rule from="^http://(content\.|www\.)?fandango\.com/"
-		to="https://$1fandango.com/"/>
+	<securecookie host="^(?:www)?\.?fandango\.com$" name=".+" />
 
-	<rule from="^http://(?:images\.fandango|(?:www\.)?statf)\.com/"
-		to="https://a248.e.akamai.net/f/248/9057/1d/content.fandango.com/"/>
+	<rule from="^http:"
+		to="https:"/>
 
 </ruleset>
diff --git a/src/chrome/content/rules/Fangamer.xml b/src/chrome/content/rules/Fangamer.xml
index 200924fa95dd..71ac8c24bef1 100644
--- a/src/chrome/content/rules/Fangamer.xml
+++ b/src/chrome/content/rules/Fangamer.xml
@@ -1,17 +1,30 @@
+<!--
+	Problematic hosts in *fangamer.com:
+
+		- partnercdn *
+
+	* Tor users blocked by CloudFlare settings
+
+-->
 <ruleset name="Fangamer (partial)">
 
+	<!--	Direct rewrites:
+				-->
+	<!--target host="partnercdn.fangamer.com" /> <- needs clearnet testing	-->
 	<target host="secure.fangamer.com" />
+
 	<target host="fangamer.net" />
 	<target host="www.fangamer.net" />
 
 
-	<securecookie host="^secure\.fangamer\.com$" name=".+" />
-
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
 
-	<rule from="^http://secure\.fangamer\.com/"
-		to="https://secure.fangamer.com/" />
 
-	<rule from="^https?://(?:www\.)?fangamer\.net/"
+	<rule from="^http://(?:www\.)?fangamer\.net/"
 		to="https://fangamer.myshopify.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Fanhattan.xml b/src/chrome/content/rules/Fanhattan.xml
deleted file mode 100644
index a5ff0b920d18..000000000000
--- a/src/chrome/content/rules/Fanhattan.xml
+++ /dev/null
@@ -1,26 +0,0 @@
-<!--
-	CDN buckets:
-
-		- d1zm4mmpsrckwj.cloudfront.net
-
--->
-<ruleset name="Fanhatten (partial)">
-
-	<target host="fanhattan.com" />
-	<target host="*.fanhattan.com" />
-	<target host="cf2.imgobject.com" />
-
-
-	<!--	- !www times out over https
-		- !www redirects to www over http
-			-->
-	<rule from="^https?://(?:www\.)?fanhattan\.com/"
-		to="https://www.fanhattan.com/" />
-
-	<rule from="^http://blog\.fanhattan\.com/"
-		to="https://blog.fanhattan.com/" />
-
-	<rule from="^https?://cf2\.imgobject\.com/"
-		to="https://d1zm4mmpsrckwj.cloudfront.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Fanli.com.xml b/src/chrome/content/rules/Fanli.com.xml
new file mode 100644
index 000000000000..bc81b82cc47d
--- /dev/null
+++ b/src/chrome/content/rules/Fanli.com.xml
@@ -0,0 +1,33 @@
+<!--
+	Other Fanli rulesets:
+		- 51fanli.net.xml
+
+	CI test error:
+		ubt[0-9].fanli.com
+
+	MCB:
+		gongyi.fanli.com
+-->
+<ruleset name="Fanli.com">
+	<target host="fanli.com" />
+	<target host="www.fanli.com" />
+	<target host="9.fanli.com" />
+	<target host="event.fanli.com" />
+		<test url="http://event.fanli.com/web/api/event/e/key/130809item3/action/click/" />
+	<target host="f.fanli.com" />
+	<target host="fun.fanli.com" />
+		<test url="http://fun.fanli.com/topheader/www.51fanli.com" />
+	<target host="haitao.fanli.com" />
+	<target host="help.fanli.com" />
+	<target host="huodong.fanli.com" />
+		<test url="http://huodong.fanli.com/webapp/smartphone" />
+	<target host="m.fanli.com" />
+	<target host="passport.fanli.com" />
+	<target host="super.fanli.com" />
+	<target host="taobao.fanli.com" />
+	<target host="travel.fanli.com" />
+	<target host="xiaozu.fanli.com" />
+	<target host="zhide.fanli.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Fanoe.dk.xml b/src/chrome/content/rules/Fanoe.dk.xml
new file mode 100644
index 000000000000..f9e7012364dc
--- /dev/null
+++ b/src/chrome/content/rules/Fanoe.dk.xml
@@ -0,0 +1,18 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://fanoe.dk/ => https://fanoe.dk/: (51, "SSL: no alternative certificate subject name matches target host name 'fanoe.dk'")
+Fetch error: http://www.fanoe.dk/ => https://www.fanoe.dk/: (51, "SSL: no alternative certificate subject name matches target host name 'www.fanoe.dk'")
+
+-->
+<ruleset name="Fanoe.dk" default_off="failed ruleset test">
+
+	<target host="fanoe.dk" />
+	<target host="www.fanoe.dk" />
+
+	<securecookie host="^(www\.)?fanoe\.dk$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Fansub.co.xml b/src/chrome/content/rules/Fansub.co.xml
new file mode 100644
index 000000000000..96e56dd5107e
--- /dev/null
+++ b/src/chrome/content/rules/Fansub.co.xml
@@ -0,0 +1,15 @@
+<!--
+	Mismatch:
+		- chihiro.fansub.co
+		- forums.fansub.co
+
+	Refused:
+		- iseng.fansub.co
+		- oyatsu.fansub.co
+-->
+<ruleset name="Fansub.co">
+	<target host="fansub.co" />
+	<target host="www.fansub.co" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Fantia.jp.xml b/src/chrome/content/rules/Fantia.jp.xml
new file mode 100644
index 000000000000..bca9933d0675
--- /dev/null
+++ b/src/chrome/content/rules/Fantia.jp.xml
@@ -0,0 +1,10 @@
+<ruleset name="Fantia.jp">
+	<target host="fantia.jp" />
+	<target host="www.fantia.jp" />
+	<target host="help.fantia.jp" />
+	<target host="spotlight.fantia.jp" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Fantlab.ru.xml b/src/chrome/content/rules/Fantlab.ru.xml
new file mode 100644
index 000000000000..e285955b9735
--- /dev/null
+++ b/src/chrome/content/rules/Fantlab.ru.xml
@@ -0,0 +1,6 @@
+<ruleset name="Fantlab.ru">
+  <target host="fantlab.ru" />
+  <target host="www.fantlab.ru" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Faq-o-matic.net.xml b/src/chrome/content/rules/Faq-o-matic.net.xml
new file mode 100644
index 000000000000..dc7e1f1e8223
--- /dev/null
+++ b/src/chrome/content/rules/Faq-o-matic.net.xml
@@ -0,0 +1,8 @@
+<ruleset name="Faq-o-matic.net">
+
+	<target host="faq-o-matic.net"/>
+	<target host="www.faq-o-matic.net"/>
+
+	<rule from="^http:" to="https:"/>
+
+</ruleset>
diff --git a/src/chrome/content/rules/FarManager.xml b/src/chrome/content/rules/FarManager.xml
new file mode 100644
index 000000000000..e9aa9136302e
--- /dev/null
+++ b/src/chrome/content/rules/FarManager.xml
@@ -0,0 +1,11 @@
+<ruleset name="FarManager">
+    <target host="farmanager.com" />
+    <target host="www.farmanager.com" />
+    <target host="api.farmanager.com" />
+    <target host="bugs.farmanager.com" />
+    <target host="enforum.farmanager.com" />
+    <target host="forum.farmanager.com" />
+    <target host="plugring.farmanager.com" />
+
+    <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Faraday_sec.com.xml b/src/chrome/content/rules/Faraday_sec.com.xml
new file mode 100644
index 000000000000..0fbd1f893591
--- /dev/null
+++ b/src/chrome/content/rules/Faraday_sec.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="Faraday sec.com">
+
+	<target host="faradaysec.com" />
+	<target host="www.faradaysec.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Fareham.gov.uk.xml b/src/chrome/content/rules/Fareham.gov.uk.xml
new file mode 100644
index 000000000000..5f59075deb0c
--- /dev/null
+++ b/src/chrome/content/rules/Fareham.gov.uk.xml
@@ -0,0 +1,38 @@
+<!--
+	Fareham Borough Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *fareham.gov.uk:
+
+		- eoc ᵈ
+		- moderngov ᵈ
+
+	ᵈ Dropped
+
+
+	^fareham.gov.uk: 404
+
+-->
+<ruleset name="Fareham.gov.uk (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.fareham.gov.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="fareham.gov.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://fareham\.gov\.uk/"
+		to="https://www.fareham.gov.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Fark.xml b/src/chrome/content/rules/Fark.xml
index 0450f174cc85..8b2fd04b7fa9 100644
--- a/src/chrome/content/rules/Fark.xml
+++ b/src/chrome/content/rules/Fark.xml
@@ -1,35 +1,31 @@
 <!--
-	Some pages redirect to http
+	Invalid certificate:
+		go.fark.net
 
-
-
-	Nonfunctional fark.com subdomains:
-
-		- beerspill
-
-
-	Problematic subdomains:
-
-		- ^	(mismatched)
+	See https://trac.torproject.org/projects/tor/ticket/15763
 
 -->
-<ruleset name="Fark (partial)">
+<ruleset name="Fark">
 
+	<!-- Fark.com -->
 	<target host="fark.com" />
-	<target host="*.fark.com" />
+	<target host="www.fark.com" />
+	<target host="app.fark.com" />
+	<target host="beerspill.fark.com" />
+	<target host="beta.fark.com" />
+	<target host="m.beta.fark.com" />
+	<target host="m.fark.com" />
+	<target host="total.fark.com" />
+	<target host="m.total.fark.com" />
+	<target host="totalbeta.fark.com" />
+	<target host="m.totalbeta.fark.com" />
+
+	<!-- Fark.net -->
 	<target host="img.fark.net" />
 
+	<securecookie host=".+" name=".+" />
 
-	<securecookie host="^(?:gw|shop)\.fark\.com$" name=".+" />
-
-
-	<rule from="^https?://(?:www\.)?fark\.com/(blog|comments/|feedback|forgotpassword|ll$|newuser|psbrowser|quiz|submit/|users)"
-		to="https://www.fark.com/$1" />
-
-	<rule from="^http://(app|beta|gw|m|shop|ssl|(?:m\.)?total)\.fark\.com/"
-		to="https://$1.fark.com/" />
-
-	<rule from="^http://img\.fark\.net/"
-		to="https://img.fark.net/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/FarmLogs.com.xml b/src/chrome/content/rules/FarmLogs.com.xml
new file mode 100644
index 000000000000..5afbe04103b2
--- /dev/null
+++ b/src/chrome/content/rules/FarmLogs.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .farmlogs.com
+
+-->
+<ruleset name="FarmLogs.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="farmlogs.com" />
+	<target host="app.farmlogs.com" />
+	<target host="www.farmlogs.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.farmlogs\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.farmlogs\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Farmaciforbundet.se.xml b/src/chrome/content/rules/Farmaciforbundet.se.xml
deleted file mode 100644
index 883c5edc275e..000000000000
--- a/src/chrome/content/rules/Farmaciforbundet.se.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<!-- farmaciforbundet.se is a swedish labour union -->
-<ruleset name="Farmaciforbundet.se">
-	<target host="farmaciforbundet.se" />
-	<target host="www.farmaciforbundet.se" />
-	<rule from="^http://farmaciforbundet\.se/" to="https://www.farmaciforbundet.se/"/>
-	<rule from="^http://www\.farmaciforbundet\.se/" to="https://www.farmaciforbundet.se/"/>
-</ruleset>
-
diff --git a/src/chrome/content/rules/Farmers_Development_Organization.xml b/src/chrome/content/rules/Farmers_Development_Organization.xml
deleted file mode 100644
index cc9f85d42ef8..000000000000
--- a/src/chrome/content/rules/Farmers_Development_Organization.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- webmail	(shows www)
-
-
-	- CN: plesk
-	- Expired 2012-08-23
-
--->
-<ruleset name="Farmers Development Organization (partial)" default_off="expired, self-signed">
-
-	<target host="fdopk.org" />
-	<target host="www.fdopk.org" />
-
-
-	<rule from="^http://(?:www\.)?fdopk\.org/"
-		to="https://fdopk.org/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Faround.net.xml b/src/chrome/content/rules/Faround.net.xml
index 2abaf35afc87..ae67b3b41a6c 100644
--- a/src/chrome/content/rules/Faround.net.xml
+++ b/src/chrome/content/rules/Faround.net.xml
@@ -1,4 +1,10 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://faround.net/ => https://www.faround.net/: (28, 'Connection timed out after 20001 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://faround.net/ (200) => https://www.faround.net/ (403)
 	Problematic subdomains:
 
 		- ^	(CN: Parallels Panel)
@@ -15,10 +21,10 @@
 	* Secured by us
 
 -->
-<ruleset name="Faround.net (false MCB)" platform="mixedcontent">
+<ruleset name="Faround.net (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="faround.net" />
-	<target host="*.faround.net" />
+	<target host="www.faround.net" />
 
 
 	<securecookie host="^(?:www)?\.faround\.net$" name=".+" />
diff --git a/src/chrome/content/rules/Fashion_Dip.xml b/src/chrome/content/rules/Fashion_Dip.xml
deleted file mode 100644
index 03b13976c03f..000000000000
--- a/src/chrome/content/rules/Fashion_Dip.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Fashion Dip">
-
-	<target host="fashiondip.com" />
-	<target host="*.fashiondip.com" />
-
-
-	<securecookie host="^(?:w*\.)?fashiondip\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?fashiondip\.com/"
-		to="https://$1fashiondip.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Fashionwalker.com.xml b/src/chrome/content/rules/Fashionwalker.com.xml
new file mode 100644
index 000000000000..9e1226d0dc2f
--- /dev/null
+++ b/src/chrome/content/rules/Fashionwalker.com.xml
@@ -0,0 +1,15 @@
+<!--
+
+	Problematic subdomains:
+
+		- www	(invalid cert)
+
+-->
+<ruleset name="Fashionwalker.com">
+
+	<target host="fashionwalker.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Fass.se.xml b/src/chrome/content/rules/Fass.se.xml
index 49cb53f41a4c..234c7f529cda 100644
--- a/src/chrome/content/rules/Fass.se.xml
+++ b/src/chrome/content/rules/Fass.se.xml
@@ -1,8 +1,19 @@
-<!-- medica info.. medical info should be private -->
+<!--
+	Problematic subdomains:
+
+		- dtd.fass.se (403)
+		- admin.fass.se ("not enough values to unpack")
+-->
 <ruleset name="Fass.se">
 	<target host="fass.se" />
 	<target host="www.fass.se" />
-	<rule from="^http://fass\.se/" to="https://www.fass.se/"/>
-	<rule from="^http://www\.fass\.se/" to="https://www.fass.se/"/>
+	<target host="akademi.fass.se" />
+	<target host="bok.fass.se" />
+	<target host="framtid.fass.se" />
+	<target host="m.fass.se" />
+	<target host="mobil.fass.se" />
+	<target host="webservice.fass.se" />
+	<target host="ws.fass.se" />
+	
+	<rule from="^http:" to="https:"/>
 </ruleset>
-
diff --git a/src/chrome/content/rules/Fast-Company.xml b/src/chrome/content/rules/Fast-Company.xml
index aefdcbd7fa54..716a11dcbf9f 100644
--- a/src/chrome/content/rules/Fast-Company.xml
+++ b/src/chrome/content/rules/Fast-Company.xml
@@ -1,35 +1,51 @@
+
 <!--
-	CDN buckets:
+The following targets have been disabled at 2020-04-17 18:38:06:
+
+Fetch error: http://m.fastcompany.com/ => https://m.fastcompany.com/: (6, 'Could not resolve host: m.fastcompany.com')
+
+	Other Fast Company rulesets:
+
+		- Fast_Co_Design.com.xml
+
+
+	Nonfunctional subdomains:
 
-		- d1ajghcs7o3h5q.cloudfront.net
+		- mediakit *
 
-			- [a-e].fastcompany.net
+	* Refused
 
 
-	Problematic subdomains:
+	^fastcompany.com: Refused
 
-		- ^	(refused)
-		- [a-e]	(cloudfront)
+
+	Mixed content:
+
+		- Ad on www from www *
+
+	* Secured by us
 
 -->
-<ruleset name="Fast Company (partial)">
+<ruleset name="Fast Company.com (partial)">
 
+	<!--	Direct rewrites:
+				-->
+	<!-- target host="m.fastcompany.com" /-->
+	<target host="magazine.fastcompany.com" />
+	<target host="www.fastcompany.com" />
+
+	<!--	Complications:
+				-->
 	<target host="fastcompany.com" />
-	<target host="*.fastcompany.com" />
 
 
-	<securecookie host="^magazine\.fastcompany\.com$" name=".*" />
+	<securecookie host="^magazine\.fastcompany\.com$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?fastcompany\.com/"
+	<rule from="^http://fastcompany\.com/"
 		to="https://www.fastcompany.com/" />
 
-	<!--	Protocol-relative links from www:
-							-->
-	<rule from="^https?://[a-e]\.fastcompany\.net/"
-		to="https://d1ajghcs7o3h5q.cloudfront.net/" />
-
-	<rule from="^http://magazine\.fastcompany\.com/"
-		to="https://magazine.fastcompany.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Fast-Web-Media.xml b/src/chrome/content/rules/Fast-Web-Media.xml
index 7fa0d0b502fe..85c0b452b10d 100644
--- a/src/chrome/content/rules/Fast-Web-Media.xml
+++ b/src/chrome/content/rules/Fast-Web-Media.xml
@@ -1,10 +1,22 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://fwmapps.co.uk/ => https://fwmapps.co.uk/: (6, 'Could not resolve host: fwmapps.co.uk')
+
+-->
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://fastwebmedia.com/ => https://fastwebmedia.com/: (7, 'Failed to connect to fastwebmedia.com port 443: Connection timed out')
+Fetch error: http://www.fastwebmedia.com/ => https://www.fastwebmedia.com/: (7, 'Failed to connect to www.fastwebmedia.com port 443: Connection timed out')
+Fetch error: http://fwmapps.co.uk/ => https://fwmapps.co.uk/: (6, 'Could not resolve host: fwmapps.co.uk')
+
 	Nonfunctional domains:
 
 		- (www.)fastwebmedia.gr
 
 -->
-<ruleset name="Fast Web Media (partial)">
+<ruleset name="Fast Web Media (partial)" default_off="failed ruleset test">
 
 	<target host="fastwebmedia.com" />
 	<target host="www.fastwebmedia.com" />
@@ -23,4 +35,4 @@
 	<rule from="^http://([\w\-]+\.)?fwmapps\.co\.uk/"
 		to="https://$1fwmapps.co.uk/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Fast.com.xml b/src/chrome/content/rules/Fast.com.xml
new file mode 100644
index 000000000000..2cb97446b85b
--- /dev/null
+++ b/src/chrome/content/rules/Fast.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="Fast.com">
+	<target host="fast.com" />
+	<target host="www.fast.com" />
+	<target host="api.fast.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/FastDomain.xml b/src/chrome/content/rules/FastDomain.xml
index f6666383abac..6d8defc187c8 100644
--- a/src/chrome/content/rules/FastDomain.xml
+++ b/src/chrome/content/rules/FastDomain.xml
@@ -1,9 +1,10 @@
 <ruleset name="FastDomain">
 
 	<target host="fastdomain.com" />
-	<target host="*.fastdomain.com" />
+	<target host="partner.fastdomain.com" />
+	<target host="webmail.fastdomain.com" />
+	<target host="www.fastdomain.com" />
 
-	<rule from="^http://(partner\.|webmail\.|www\.)?fastdomain\.com/"
-		to="https://$1fastdomain.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/FastShare.cz.xml b/src/chrome/content/rules/FastShare.cz.xml
new file mode 100644
index 000000000000..9ae0bc3a94bd
--- /dev/null
+++ b/src/chrome/content/rules/FastShare.cz.xml
@@ -0,0 +1,26 @@
+<!--
+	Mixed content:
+
+		- Images from img *
+
+	* Secured by us
+
+-->
+<ruleset name="FastShare.cz">
+
+	<target host="fastshare.cz" />
+	<target host="img.fastshare.cz" />
+	<target host="www.fastshare.cz" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.fastshare\.cz$" name="^lang$" /-->
+	<!--securecookie host="^\.(www\.)?fastshare\.cz$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\.(?:www\.)?fastshare\.cz$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/FastSpring-mismatches.xml b/src/chrome/content/rules/FastSpring-mismatches.xml
deleted file mode 100644
index 6970b9e1af7a..000000000000
--- a/src/chrome/content/rules/FastSpring-mismatches.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	For rules that are on by default, see FastSpring.xml.
-
--->
-<ruleset name="FastSpring (mismatches)" default_off="mismatch">
-
-	<target host="fastspringblog.com" />
-	<target host="www.fastspringblog.com" />
-
-
-	<!--	Cert: *.gridserver.com	-->
-	<rule from="^https?://(?:www\.)?fastspringblog\.com/"
-		to="https://fastspringblog.com/" />
-
-	<!--	- Cert: www.saasy.com
-		- !www 301s to www
-					-->
-	<rule from="^https?://(?:www\.)?fastspringstore\.com/"
-		to="https://www.fastspringstore.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/FastSpring.com.xml b/src/chrome/content/rules/FastSpring.com.xml
new file mode 100644
index 000000000000..b1728f528f09
--- /dev/null
+++ b/src/chrome/content/rules/FastSpring.com.xml
@@ -0,0 +1,21 @@
+<!--
+	Non-functional hosts
+		Timeout was reached:
+		- jira.fastspring.com
+
+		Mismatched:
+		- resource.fastspring.com
+-->
+<ruleset name="FastSpring.com (partial)">
+	<target host="fastspring.com" />
+	<target host="www.fastspring.com" />
+	<target host="go.fastspring.com" />
+	<target host="info.fastspring.com" />
+	<target host="jitbit.fastspring.com" />
+	<target host="sites.fastspring.com" />
+	<target host="springboard.fastspring.com" />
+	<target host="status.fastspring.com" />
+	<target host="support.fastspring.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/FastSpring.xml b/src/chrome/content/rules/FastSpring.xml
deleted file mode 100644
index a93f3ca1a436..000000000000
--- a/src/chrome/content/rules/FastSpring.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	For problematic rules, see FastSpring-mismatches.xml.
-
-
-	CDN buckets:
-
-		- dcnz2rrcot657.cloudfront.net
-		- dxezhqhj7t42i.cloudfront.net
-
--->
-<ruleset name="FastSpring">
-
-	<target host="fastspring.com" />
-	<target host="*.fastspring.com" />
-
-
-	<securecookie host="^.*\.fastspring\.com$" name=".*" />
-
-
-	<rule from="^http://((?:resource|sites|springboard|www)\.)?fastspring\.com/"
-		to="https://$1fastspring.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/FastWebHost.com-mismatches.xml b/src/chrome/content/rules/FastWebHost.com-mismatches.xml
index 4fa5f0a417ef..c2db10d2cc46 100644
--- a/src/chrome/content/rules/FastWebHost.com-mismatches.xml
+++ b/src/chrome/content/rules/FastWebHost.com-mismatches.xml
@@ -1,10 +1,9 @@
-<ruleset name="FastWebHost.com (mismatches)" default_off="mismatch">
+<ruleset name="FastWebHost.com (mismatches)" default_off="mismatched">
 
 	<target host="webmail.fastwebhost.com"/>
 
-	<securecookie host="^webmail\.fastwebhost\.com$" name=".*"/>
+	<securecookie host="^webmail\.fastwebhost\.com$" name=".+" />
 
-	<rule from="^http://webmail\.fastwebhost\.com/"
-		to="https://webmail.fastwebhost.com/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/FastWebHost.com.xml b/src/chrome/content/rules/FastWebHost.com.xml
index 19ea74d1ec76..d531b1dfa51a 100644
--- a/src/chrome/content/rules/FastWebHost.com.xml
+++ b/src/chrome/content/rules/FastWebHost.com.xml
@@ -1,5 +1,3 @@
-<!--	See FastWebHost.com-mismatches.xml for problematic rules.
--->
 <ruleset name="FastWebHost.com (partial)">
 
 	<target host="ehostpros.com"/>
@@ -8,12 +6,8 @@
 	<target host="support.fastwebhost.com"/>
 	<target host="www.fastwebhost.com"/>
 
-	<securecookie host="^(support|www)\.fastwebhost\.com$" name=".*"/>
+	<securecookie host="^(?:support|www)\.fastwebhost\.com$" name=".+" />
 
-	<rule from="^http://(www\.)?ehostpros\.com/"
-		to="https://$1ehostpros.com/"/>
-
-	<rule from="^http://(support\.|www\.)?fastwebhost\.com/"
-		to="https://$1fastwebhost.com/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Fast_Co_Design.com.xml b/src/chrome/content/rules/Fast_Co_Design.com.xml
new file mode 100644
index 000000000000..187fdbf07d38
--- /dev/null
+++ b/src/chrome/content/rules/Fast_Co_Design.com.xml
@@ -0,0 +1,16 @@
+<!--
+	For other Fast Company coverage, see Fast-Company.xml.
+
+
+	^: refused
+
+-->
+<ruleset name="Fast Co Design.com">
+
+	<target host="fastcodesign.com" />
+	<target host="www.fastcodesign.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Fast_Serv.com.xml b/src/chrome/content/rules/Fast_Serv.com.xml
new file mode 100644
index 000000000000..b42660156460
--- /dev/null
+++ b/src/chrome/content/rules/Fast_Serv.com.xml
@@ -0,0 +1,28 @@
+<!--
+	Problematic hosts in *fastserv.com:
+
+		- status ᶜ
+
+	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
+
+-->
+<ruleset name="Fast Serv.com (partial)">
+
+	<target host="fastserv.com" />
+	<target host="portal.fastserv.com" />
+	<!--target host="status.fastserv.com" /-->
+	<target host="www.fastserv.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^status\.fastserv\.com$" name="^(announcer-revision|announcer-state)" /-->
+	<!--securecookie host="^www\.fastserv\.com$" name="^(PHPSESSID|exp_last_activity|exp_last_visit|exp_tracker|lz_userid)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Fast_and_the_Furious.xml b/src/chrome/content/rules/Fast_and_the_Furious.xml
index fa18e2436742..b929c478be38 100644
--- a/src/chrome/content/rules/Fast_and_the_Furious.xml
+++ b/src/chrome/content/rules/Fast_and_the_Furious.xml
@@ -16,4 +16,4 @@
 	<rule from="^http://(?:www\.)?thefastandthefurious\.com/"
 		to="https://www.thefastandthefurious.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/FasterBadger.com.xml b/src/chrome/content/rules/FasterBadger.com.xml
new file mode 100644
index 000000000000..7c448a1a4cbe
--- /dev/null
+++ b/src/chrome/content/rules/FasterBadger.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- fasterbadger.com
+		- www.fasterbadger.com
+
+-->
+<ruleset name="FasterBadger.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="fasterbadger.com" />
+	<target host="www.fasterbadger.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?fasterbadger\.com$" name="^s$" /-->
+
+	<securecookie host="^(?:www\.)?fasterbadger\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Fasthosts.xml b/src/chrome/content/rules/Fasthosts.xml
index d55595af19c5..da0e625654c3 100644
--- a/src/chrome/content/rules/Fasthosts.xml
+++ b/src/chrome/content/rules/Fasthosts.xml
@@ -10,27 +10,49 @@
 
 	<target host="fasthosts.co.uk" />
 	<target host="*.fasthosts.co.uk" />
+		<test url="http://admin.fasthosts.co.uk/" />
+		<test url="http://login.fasthosts.co.uk/" />
+		<test url="http://order.fasthosts.co.uk/" />
 	<target host="*.prositehosting.co.uk" />
 	<target host="ukreg.com" />
 	<target host="www.ukreg.com" />
 
+	<securecookie host="^.*\.fasthosts\.co\.uk$" name=".+" />
+	<securecookie host="^www\.ukreg\.com$" name=".+" />
 
-	<securecookie host="^.*\.fasthosts\.co\.uk$" name=".*" />
-	<securecookie host="^www\.ukreg\.com$" name=".*" />
+	<!--
+		2018 Update:
+		JS no longer in use at this path
 
+		https://trac.torproject.org/projects/tor/ticket/11373
+
+		Tracking script that redirects pages to http.
+
+		favicon picked simply because it is
+		(or should be) innocuous:
+
+		<rule from="^https://www\.fasthosts\.co\.uk/js/track\.js"
+			to="https://www.fasthosts.co.uk/favicon.ico" />
+	-->
 
 	<!--	Cert only matches www.	-->
-	<rule from="^https?://(?:www\.)?fasthosts\.co\.uk/"
+	<rule from="^http://(?:www\.)?fasthosts\.co\.uk/"
 		to="https://www.fasthosts.co.uk/" />
 
-	<rule from="^http://(admin|login|order)\.fasthosts\.co\.uk/"
-		to="https://$1.fasthosts.co.uk/" />
-
-	<rule from="^http://secure(\d|1[0-3-9]|2[0-4])\.prositehosting\.co\.uk/"
+	<rule from="^http://secure(\d|1[013-9]|2[0-4]|5[26])\.prositehosting\.co\.uk/"
 		to="https://secure$1.prositehosting.co.uk/" />
+		<test url="http://secure32.prositehosting.co.uk/" />
+		<test url="http://secure4.prositehosting.co.uk/" />
+		<test url="http://secure3.prositehosting.co.uk/" />
+		<test url="http://secure5.prositehosting.co.uk/" />
+		<test url="http://secure6.prositehosting.co.uk/" />
+		<test url="http://secure41.prositehosting.co.uk/" />
+		<test url="http://secure33.prositehosting.co.uk/" />
 
 	<!--	Cert only matches www.	-->
-	<rule from="^https?://(?:www\.)?ukreg\.com/"
+	<rule from="^http://(?:www\.)?ukreg\.com/"
 		to="https://www.ukreg.com/" />
 
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Fastly.net.xml b/src/chrome/content/rules/Fastly.net.xml
new file mode 100644
index 000000000000..424ea23daa27
--- /dev/null
+++ b/src/chrome/content/rules/Fastly.net.xml
@@ -0,0 +1,64 @@
+<!--
+	For other Fastly coverage, see Fastly.xml.
+
+	Nonfunctional domains:
+
+		- *.global.prod.fastly.net
+		- purge.fastly.net	(times out)
+
+
+	Fully covered domains:
+
+		- *.fastly.net:
+
+			- control
+			- mirrors
+			- assets1.fastly.com.a.prod	(→ fastly.a.ssl.fastly.net)
+
+			- *.a.ssl:
+
+				- fastly
+				- fastly-assets
+
+-->
+<ruleset name="Fastly.net (partial)">
+
+	<target host="*.fastly.net" />
+		<test url="http://swiftype-proxy-fastly.a.ssl.fastly.net/embed.js" />
+		<test url="http://virtual-host-discourse.global.ssl.fastly.net/" />
+		<test url="http://naytev.global.ssl.fastly.net/" />
+
+		<exclusion pattern="^http://(?!assets1\.fastly\.com\.a\.prod\.)[\w.-]+\.prod\.fastly\.net/" />
+		<test url="http://www.example.com.global.prod.fastly.net/" />
+		<test url="http://www.loveholidays.com.global.prod.fastly.net/" />
+		<test url="http://www.cosmopolitan.com.global.prod.fastly.net/" />
+
+		<exclusion pattern="^http://purge\.fastly\.net/" />
+		<test url="http://purge.fastly.net/" />
+		<!-- Discourse forum software uses a font for its icons. When the HTTP URL
+				 for these fonts gets upgraded, it triggers the CORS bug,
+				 https://github.com/EFForg/https-everywhere/issues/49.
+				 This caused problems on rust-lang.org and Boing Boing:
+				 https://github.com/EFForg/https-everywhere/issues/1365
+				 https://github.com/EFForg/https-everywhere/issues/1597
+				The paths have a predictable pattern so we can exclude all instances even though they exist on different hostnames.
+				-->
+		<exclusion pattern="^http://[\w.-]+/assets/fontawesome-webfont-" />
+		<test url="http://boingboing.global.ssl.fastly.net/assets/fontawesome-webfont-eeaf3e983ade434b10eda37dfbd6c6d7.woff?http://bbs.boingboing.net&amp;amp;2&amp;v=4.3.0" />
+		<test url="http://virtual-host-discourse.global.ssl.fastly.net/assets/fontawesome-webfont-73827efc2a64a873027d05873d392cb6.eot?http://users.rust-lang.org&amp;amp;2&amp;v=4.3.0" />
+		<test url="http://boingboing.global.ssl.fastly.net/assets/fontawesome-webfont-743c128c2e48ae20145724e61f9998b4.ttf?http://bbs.boingboing.net" />
+
+	<!-- Periscope.tv live streaming is broken by rewrite of player resources -->
+
+	<exclusion pattern="^http://periscope\-prod\-[\w.-]+\.global\.ssl\.fastly\.net" />
+	<test url="http://periscope-prod-eu-central-1.global.ssl.fastly.net" />
+	<test url="http://periscope-prod-us-west-1.global.ssl.fastly.net" />
+
+	<rule from="^http://assets1\.fastly\.com\.a\.prod\.fastly\.net/"
+		to="https://fastly.a.ssl.fastly.net/" />
+	<test url="http://assets1.fastly.com.a.prod.fastly.net/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Fastly.xml b/src/chrome/content/rules/Fastly.xml
index de05164768d0..f847e650f5f1 100644
--- a/src/chrome/content/rules/Fastly.xml
+++ b/src/chrome/content/rules/Fastly.xml
@@ -1,4 +1,9 @@
 <!--
+	Other Fastly rulesets:
+
+		- Fastly.net.xml
+
+
 	CDN buckets:
 
 		- assets1.fastly.com.a.prod.fastly.net
@@ -7,74 +12,38 @@
 		- fastly.zendesk.com
 
 
-	Nonfunctional domains:
-
-		- purge.fastly.net	(times out)
-
-
-	Problematic domains:
-
-		- fastly.com	(times out)
-
-
-	Fully covered domains:
-
-		- fastly.com subdomains:
-
-			- (www.)	(^ → www)
-			- api
-			- app
-			- beacon
-			- beta
-			- blog
-			- debug
-			- maintenance
-
-		- *.fastly.net:
+	Fully covered hosts in *fastly.com:
 
-			- control
-			- mirrors
-			- assets1.fastly.com.a.prod	(→ fastly.a.ssl.fastly.net)
-
-			- *.a.ssl:
-
-				- fastly
-				- fastly-assets
-
-		- *.imgix.net
-		- *.parsecdn.com
+		- (www.)?
+		- api
+		- app
+		- beacon
+		- beta
+		- blog
+		- community
+		- debug
+		- docs
+		- maintenance
 
 -->
-<ruleset name="Fastly">
+<ruleset name="Fastly.com">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="fastly.com" />
-	<target host="*.fastly.com" />
-	<target host="*.fastly.net" />
-		<exclusion pattern="^http://purge\.fastly\.net/" />
-	<target host="*.fastssl.net" />
-	<target host="*.imgix.net" />
-	<target host="parsecdn.com" />
-
-
-	<rule from="^http://(?:www\.)?fastly\.com/"
-		to="https://www.fastly.com/" />
-
-	<rule from="^http://(ap[ip]|beacon|beta|blog|debug|maintenance)\.fastly\.com/"
-		to="https://$1.fastly.com/" />
-
-	<rule from="^https?://assets1\.fastly\.com\.a\.prod\.fastly\.net/"
-		to="https://fastly.a.ssl.fastly.net/" />
-
-	<rule from="^http://([^@:/]+)\.fastly\.net/"
-		to="https://$1.fastly.net/" />
-
-	<rule from="^http://([\w-]+)\.fastssl\.net/"
-		to="https://$1.fastssl.net/" />
-
-	<rule from="^http://([\w-]+)\.imgix\.net/"
-		to="https://$1.immgix.net/" />
-
-	<rule from="^http://([\w-]+)\.parsecdn\.com/"
-		to="https://$1.parsecdn.com/" />
+	<target host="api.fastly.com" />
+	<target host="app.fastly.com" />
+	<target host="beacon.fastly.com" />
+	<target host="beta.fastly.com" />
+	<target host="blog.fastly.com" />
+	<target host="community.fastly.com" />
+	<target host="debug.fastly.com" />
+	<target host="docs.fastly.com" />
+	<target host="maintenance.fastly.com" />
+	<target host="www.fastly.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Fastmail.xml b/src/chrome/content/rules/Fastmail.xml
index 834bf1769b8c..68fb968519d5 100644
--- a/src/chrome/content/rules/Fastmail.xml
+++ b/src/chrome/content/rules/Fastmail.xml
@@ -1,13 +1,44 @@
-<ruleset name="Fastmail">
+<!--
+	Other Fastmail rulesets:
 
+		- Listbox.xml
+		- Pobox.xml
+		- topicbox.com.xml 
+		- user.fm.xml
+
+	HSTS:
+
+		- fastmail.com
+
+	Problematic subdomains:
+
+		- fbl	 					(mismatched, CN: *.returnpath.net, returnpath.net )
+		- user-customized subdomains of fastmail.fm	(connection refused, e.g. fhapgood, artwork, startupguide)
+
+	More domains:
+
+		- https://www.fastmail.com/about/ourdomains.html
+		- fastmailteam.com
+		- *.user.fm
+-->
+<ruleset name="Fastmail (partial)">
 	<target host="fastmail.fm" />
-	<target host="*.fastmail.fm" />
+	<target host="www.fastmail.fm" />
+	<target host="beta.fastmail.fm" />
+	<target host="qa.fastmail.fm" />
+	<target host="status.fastmail.fm" />
 
+	<target host="fastmail.blog" />
+	<target host="www.fastmail.blog" />
 
-	<securecookie host="^\.www\.fastmail\.fm$" name=".+" />
+	<target host="www.fastmailfbl.com" />
+	
+	<target host="fastmailstatus.com" />
+	<target host="www.fastmailstatus.com" />
 
+	<target host="www.fastmailusercontent.com" />
 
-	<rule from="^http://(www\.)?fastmail\.fm/"
-		to="https://$1fastmail.fm/" />
+	<target host="jmap.io" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Fastweb.com.xml b/src/chrome/content/rules/Fastweb.com.xml
new file mode 100644
index 000000000000..22ffefbf6086
--- /dev/null
+++ b/src/chrome/content/rules/Fastweb.com.xml
@@ -0,0 +1,55 @@
+<!--
+	For other Monster coverage, see Monster.xml.
+
+-->
+<ruleset name="Fastweb.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.fastweb.com" />
+
+	<!--	Complications:
+				-->
+	<target host="fastweb.com" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.fastweb\.com/(?:$|users/forgot_password$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.fastweb\.com/+(?!assets/|images/|login(?:$|[?/])|nfs/|uploads/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.fastweb.com/about" />
+			<test url="http://www.fastweb.com/career-planning" />
+			<test url="http://www.fastweb.com/college-search" />
+			<test url="http://www.fastweb.com/contact_us" />
+			<test url="http://www.fastweb.com/content/faq" />
+			<test url="http://www.fastweb.com/content/how_fastweb_works" />
+			<test url="http://www.fastweb.com/content/press" />
+			<test url="http://www.fastweb.com/content/sitemap" />
+			<test url="http://www.fastweb.com/help" />
+			<test url="http://www.fastweb.com/student-life" />
+			<!--
+				Send your new password in the clear...:
+									-->
+			<test url="http://www.fastweb.com/users/forgot_password" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.fastweb.com/assets/theme/grid/fw_logo_small_white_on_blue_106x27.png" />
+			<test url="http://www.fastweb.com/images/admarker.png" />
+			<test url="http://www.fastweb.com/login" />
+			<test url="http://www.fastweb.com/nfs/fastweb/static/hp_sprites/iconography_4col_2rows_120x120_s.png" />
+			<test url="http://www.fastweb.com/uploads/navigation_image_photo/photo/2034475/caption_access-fastwebs-scholarship-search-widget.gif" />
+
+
+	<rule from="^http://fastweb\.com/"
+		to="https://www.fastweb.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/FatCow-Web-Hosting.xml b/src/chrome/content/rules/FatCow-Web-Hosting.xml
index 002cc0ca79be..3221fe577fd9 100644
--- a/src/chrome/content/rules/FatCow-Web-Hosting.xml
+++ b/src/chrome/content/rules/FatCow-Web-Hosting.xml
@@ -3,7 +3,7 @@
 	<target host="fatcow.com"/>
 	<target host="*.fatcow.com"/>
 
-	<securecookie host="^(.*\.)?fatcow\.com$" name=".*"/>
+	<securecookie host=".+" name=".+" />
 
 	<!-- sometimes appends :443	-->
 	<rule from="^http://(\w+\.)?fatcow\.com(:443)?/"
diff --git a/src/chrome/content/rules/FatWallet.com.xml b/src/chrome/content/rules/FatWallet.com.xml
new file mode 100644
index 000000000000..89d94be2fd17
--- /dev/null
+++ b/src/chrome/content/rules/FatWallet.com.xml
@@ -0,0 +1,50 @@
+<!--
+	Insecure cookies are set for these domains and hosts:
+
+		- .fatwallet.com
+		- www.fatwallet.com
+
+-->
+<ruleset name="FatWallet.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="fatwallet.com" />
+	<target host="static.fatwallet.com" />
+	<target host="www.fatwallet.com" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.fatwallet\.com/(?:$|forums/|password-help/)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.fatwallet\.com/+(?!favicon\.ico|login(?:$|[?/]))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.fatwallet.com/blog/" />
+			<test url="http://www.fatwallet.com/forums/" />
+			<test url="http://www.fatwallet.com/password-help/" />
+			<test url="http://www.fatwallet.com/support/contact/general/" />
+			<test url="http://www.fatwallet.com/tell-a-friend/" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.fatwallet.com/favicon.ico" />
+			<test url="http://www.fatwallet.com/login" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.fatwallet\.com$" name="^(?:incap_ses|nlbi|visid_incap)_\d+$" /-->
+	<!--securecookie host="^www\.fatwallet\.com$" name="^___utm[abm]+$" /-->
+
+	<securecookie host="^\.fatwallet\.com$" name="^(?:incap_ses|nlbi|visid_incap)_\d+$" />
+	<securecookie host="^www\.fatwallet\.com$" name="^___utm[abm]+$" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/FaviconKit.com.xml b/src/chrome/content/rules/FaviconKit.com.xml
new file mode 100644
index 000000000000..ec383dac59c4
--- /dev/null
+++ b/src/chrome/content/rules/FaviconKit.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="FaviconKit.com">
+	<target host="faviconkit.com" />
+	<target host="www.faviconkit.com" />
+	<target host="api.faviconkit.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Favrskov.dk.xml b/src/chrome/content/rules/Favrskov.dk.xml
new file mode 100644
index 000000000000..57091eee857b
--- /dev/null
+++ b/src/chrome/content/rules/Favrskov.dk.xml
@@ -0,0 +1,11 @@
+<ruleset name="Favrskov.dk">
+
+	<target host="favrskov.dk" />
+	<target host="www.favrskov.dk" />
+
+	<securecookie host="^(www\.)?favrskov\.dk$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Favstar.fm.xml b/src/chrome/content/rules/Favstar.fm.xml
new file mode 100644
index 000000000000..1167b4cdd561
--- /dev/null
+++ b/src/chrome/content/rules/Favstar.fm.xml
@@ -0,0 +1,4 @@
+<ruleset name="Favstar.fm">
+	<target host="favstar.fm"/>
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/FaxCritics.xml b/src/chrome/content/rules/FaxCritics.xml
deleted file mode 100644
index cd530461a41d..000000000000
--- a/src/chrome/content/rules/FaxCritics.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="FaxCritics">
-
-	<target host="faxcritics.com" />
-	<target host="*.faxcritics.com" />
-
-
-	<securecookie host="^\.faxcritics.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?faxcritics\.com/"
-		to="https://$1faxcritics.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Fax_Big_Brother.com.xml b/src/chrome/content/rules/Fax_Big_Brother.com.xml
new file mode 100644
index 000000000000..98a51bbfd0f2
--- /dev/null
+++ b/src/chrome/content/rules/Fax_Big_Brother.com.xml
@@ -0,0 +1,20 @@
+<!--
+	For other Fight for the Future coverage, see Fight-for-the-Future.xml.
+
+
+	Insecure cookies are set for these domains:
+
+		- .faxbigbrother.com
+
+-->
+<ruleset name="Fax Big Brother.com">
+
+	<target host="faxbigbrother.com" />
+	<target host="www.faxbigbrother.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Fax_Robot.com.xml b/src/chrome/content/rules/Fax_Robot.com.xml
new file mode 100644
index 000000000000..2787141a2c6f
--- /dev/null
+++ b/src/chrome/content/rules/Fax_Robot.com.xml
@@ -0,0 +1,30 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://faxrobot.com/ => https://faxrobot.com/: (28, 'Operation timed out after 30003 milliseconds with 0 bytes received')
+Fetch error: http://www.faxrobot.com/ => https://www.faxrobot.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+
+	Insecure cookies are set for these domains:
+
+		- .faxrobot.com
+
+-->
+<ruleset name="Fax Robot.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="faxrobot.com" />
+	<target host="www.faxrobot.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.faxrobot\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.faxrobot\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Fazekas.xml b/src/chrome/content/rules/Fazekas.xml
index b221a0d473c3..c00fef9a1c5c 100644
--- a/src/chrome/content/rules/Fazekas.xml
+++ b/src/chrome/content/rules/Fazekas.xml
@@ -1,5 +1,17 @@
-<ruleset name="Fazekas">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://fazekas.hu/ => https://fazekas.hu/: Too many redirects while fetching 'https://fazekas.hu/'
+Fetch error: http://www.fazekas.hu/ => https://fazekas.hu/: Too many redirects while fetching 'https://fazekas.hu/'
+
+-->
+<ruleset name="Fazekas" default_off="failed ruleset test">
+	<target host="fazekas.hu" />
 	<target host="www.fazekas.hu" />
+	<target host="sas.fazekas.hu" />
+	<target host="summertime.fazekas.hu" />
 
-	<rule from="^http://www\.fazekas\.hu/" to="https://www.fazekas.hu/" />
+	<rule from="^http://(?:www\.)?fazekas\.hu/" to="https://fazekas.hu/" />
+	<rule from="^http://sas\.fazekas\.hu/" to="https://sas.fazekas.hu/" />
+	<rule from="^http://summertime\.fazekas\.hu/" to="https://summertime.fazekas.hu/" />
 </ruleset>
diff --git a/src/chrome/content/rules/Fb.com.xml b/src/chrome/content/rules/Fb.com.xml
new file mode 100644
index 000000000000..fd76cd32d114
--- /dev/null
+++ b/src/chrome/content/rules/Fb.com.xml
@@ -0,0 +1,28 @@
+<!--
+	For other Facebook coverage, see Facebook.xml.
+
+
+	Nonfunctional hosts in *fb.com:
+
+		investor *
+
+	* 504, valid cert
+
+-->
+<ruleset name="Fb.com (partial)">
+
+	<target host=                "fb.com" />
+	<target host=    "facebook360.fb.com" />
+	<target host="instantarticles.fb.com" />
+	<target host=       "newsroom.fb.com" />
+	<target host=  "rightsmanager.fb.com" />
+	<target host= "threatexchange.fb.com" />
+	<target host=            "www.fb.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Fb_F8.com.xml b/src/chrome/content/rules/Fb_F8.com.xml
new file mode 100644
index 000000000000..9f6e0f49ee74
--- /dev/null
+++ b/src/chrome/content/rules/Fb_F8.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="Fb F8.com">
+
+	<target host="fbf8.com" />
+	<target host="www.fbf8.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Fbk.info.xml b/src/chrome/content/rules/Fbk.info.xml
new file mode 100644
index 000000000000..1f62ff20a383
--- /dev/null
+++ b/src/chrome/content/rules/Fbk.info.xml
@@ -0,0 +1,30 @@
+<!--
+www.fbk.info ⁴
+
+⁴ self signed
+-->
+<ruleset name="Fbk.info">
+	<target host="fbk.info" />
+	<target host="www.fbk.info" />
+	<target host="6may.fbk.info" />
+	<target host="20.fbk.info" />
+	<target host="blackbox.fbk.info" />
+	<target host="dacha.fbk.info" />
+	<target host="deputat.fbk.info" />
+	<target host="donate.fbk.info" />
+	<target host="email.fbk.info" />
+	<target host="fetisov.fbk.info" />
+	<target host="md.fbk.info" />
+	<target host="money.fbk.info" />
+	<target host="pension.fbk.info" />
+	<target host="petrograd.fbk.info" />
+	<target host="prokuror.fbk.info" />
+	<target host="report.fbk.info" />
+	<target host="sochi.fbk.info" />
+	<target host="team.fbk.info" />
+	<target host="yakunin.fbk.info" />
+
+	<rule from="^http://www\.fbk\.info/" to="https://fbk.info/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Fcitx-im.org.xml b/src/chrome/content/rules/Fcitx-im.org.xml
new file mode 100644
index 000000000000..de9613313d8a
--- /dev/null
+++ b/src/chrome/content/rules/Fcitx-im.org.xml
@@ -0,0 +1,9 @@
+<ruleset name="Fcitx-im.org">
+
+	<target host="fcitx-im.org" />
+	<target host="www.fcitx-im.org" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Fdworlds.net.xml b/src/chrome/content/rules/Fdworlds.net.xml
new file mode 100644
index 000000000000..a063c508db61
--- /dev/null
+++ b/src/chrome/content/rules/Fdworlds.net.xml
@@ -0,0 +1,40 @@
+<!--
+	Nonfunctional subdomains:
+
+		- forum *
+
+	* Dropped
+
+
+	Mixed content:
+
+		- Bugs, on:
+
+			- (www.)? from c.bigmir.net ¹
+			- (www.)? from hit25.hotlog.ru ²
+			- (www.)? from counter.rambler.ru ³
+
+		- Images on (www.)? from www ³
+
+	¹ Unsecurable <= reset
+	² Unsecurable <= refused
+	³ Secured by us
+
+-->
+<ruleset name="fdworlds.net (partial)">
+
+	<target host="fdworlds.net" />
+	<target host="www.fdworlds.net" />
+		<!--
+			Redirects to http:
+						-->
+		<!--exclusion pattern="^http://(www\.)?fdworlds\.net/($|index\.php)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://(?:www\.)?fdworlds\.net/+(?!favicon\.ico|forum/$|img/|(?:about|laws|news|reg|top)\.php)" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/FeatherCoin.xml b/src/chrome/content/rules/FeatherCoin.xml
index 9a1a4ccf2f29..3aeb2b624333 100644
--- a/src/chrome/content/rules/FeatherCoin.xml
+++ b/src/chrome/content/rules/FeatherCoin.xml
@@ -12,7 +12,6 @@
 	<securecookie host="^forum\.feathercoin\.com$" name=".+" />
 
 
-	<rule from="^http://forum\.feathercoin\.com/"
-		to="https://forum.feathercoin.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Febas.de.xml b/src/chrome/content/rules/Febas.de.xml
index 97b9cd4f7d6d..315aa0bb9ba4 100644
--- a/src/chrome/content/rules/Febas.de.xml
+++ b/src/chrome/content/rules/Febas.de.xml
@@ -8,7 +8,6 @@
 	<target host="www.febas.de" />
 
 
-	<rule from="^http://(?:www\.)?febas\.de/"
-		to="https://www.febas.de/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/FedEx.com-problematic.xml b/src/chrome/content/rules/FedEx.com-problematic.xml
deleted file mode 100644
index 72bab2eaac30..000000000000
--- a/src/chrome/content/rules/FedEx.com-problematic.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	For rules that are on by default, see FedEx.com.xml.
-
--->
-<ruleset name="FedEx.com (problematic, false MCB)" default_off="mismatched" platform="mixedcontent">
-
-	<target host="*.van.fedex.com" />
-
-
-	<securecookie host="^\.blog\.van\.fedex\.com$" name=".+" />
-
-
-	<rule from="^http://(blog|news)\.van\.fedex\.com/"
-		to="https://$1.van.fedex.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/FedEx.com.xml b/src/chrome/content/rules/FedEx.com.xml
index 343e2568a94c..79d9afe2500a 100644
--- a/src/chrome/content/rules/FedEx.com.xml
+++ b/src/chrome/content/rules/FedEx.com.xml
@@ -1,64 +1,47 @@
 <!--
-	For problematic rules, see FedEx.com-problematic.xml.
-
-
-		- fedex.com.d2.sc.omtrdc.net 
-
-			- metrics
-
-
-	Problematic subdomains:
-
-		- metrics	(mismatched, CN: *.d2.sc.omtrdc.net)
-		- blog.van	(mismatched, CN: *.gridserver.com)
-		- news.van	(CN: Parallels Panel)
-
-
-	Partially covered subdomains:
-
-		- (www.) *
-		- m *
-		- wwwtest *
-
-	* Some pages redirect to http, others 404
-
-
-	Mixed content:
-
-		- css, on:
-
-			- news.van from news.van *
-			- news.van from www *
-
-		- Images, on:
-
-			- news.van from images *
-			- news.van from news.van *
-
-	* Secured by us
-
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- fedex.com
+		- metrics.fedex.com
+		- www.ftn.fedex.com
+
+		Peer certificate cannot be authenticated with given CA certificates:
+		- access.van.fedex.com
+		- blog.van.fedex.com
+		- news.van.fedex.com
+
+		Different content:
+		- m.fedex.com
+
+		Mixed content blocking (MCB) triggered:
+		- crossborder.fedex.com
 -->
 <ruleset name="FedEx.com (partial)">
-
 	<target host="fedex.com" />
-	<target host="*.fedex.com" />
-		<exclusion pattern="^http://m\.fedex\.com/+(?!img/)" />
-		<exclusion pattern="^http://wwwtest\.fedex\.com/(?!css/|images/)" />
-
-
-	<securecookie host="^\.fedex\.com$" name="^s_\w+$" />
-
-
-	<!--	^ redirects to www over http
-		so copy that behavior:
-					-->
-	<rule from="^http://(?:www\.)?fedex\.com/(?=css/|images/|myprofile/)"
+	<target host="www.fedex.com" />
+	<target host="careers.fedex.com" />
+	<target host="customcritical.fedex.com" />
+	<target host="ftn.fedex.com" />
+	<target host="getrewards.fedex.com" />
+	<target host="groundwarehousejobs.fedex.com" />
+	<target host="images.fedex.com" />
+	<target host="local.fedex.com" />
+	<target host="psg.office.fedex.com" />
+	<target host="oo.blue.fedex.com" />
+	<target host="pilot.fedex.com" />
+	<target host="printonline.fedex.com" />
+	<target host="samedaycity.fedex.com" />
+	<target host="supplychain.fedex.com" />
+	<target host="wwwtest.fedex.com" />
+	
+	<exclusion pattern="^http://www\.fedex\.com/kr/" />
+
+	<test url="http://www.fedex.com/kr/docs/" />
+	<test url="http://www.fedex.com/kr/registration/" />
+	<test url="http://www.fedex.com/kr/tools/commercialinvoice.html" />
+
+	<rule from="^http://fedex\.com/"
 		to="https://www.fedex.com/" />
 
-	<rule from="^http://(images|m|wwwtest)\.fedex\.com/"
-		to="https://$1.fedex.com/" />
-
-	<rule from="^http://metrics\.fedex\.com/"
-		to="https://fedex-com.d2.sc.omtrdc.net/" />
-
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Federal-Bureau-of-Investigation.xml b/src/chrome/content/rules/Federal-Bureau-of-Investigation.xml
index 9420fe971892..afae4b498905 100644
--- a/src/chrome/content/rules/Federal-Bureau-of-Investigation.xml
+++ b/src/chrome/content/rules/Federal-Bureau-of-Investigation.xml
@@ -1,16 +1,42 @@
 <!--
-	For other US government coverage, see US-government.xml.
+	Federal Bureau of Investigation
+
+
+
+	Insecure cookies are set for these domains:
+
+		- .fbi.gov
 
 -->
-<ruleset name="Federal Bureau of Investigation (partial)" platform="mixedcontent">
+<ruleset name="FBI.gov">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="foia.fbi.gov" />
+	<target host="forms.fbi.gov" />
+	<target host="tips.fbi.gov" />
+	<target host="vault.fbi.gov" />
+	<target host="www.fbi.gov" />
 
+	<!--	Complications:
+				-->
 	<target host="fbi.gov" />
-	<target host="*.fbi.gov" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.fbi\.gov$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.fbi\.gov$" name="^(?:__cfduid|cf_clearance)$" />
+
 
 	<rule from="^http://fbi\.gov/"
 		to="https://www.fbi.gov/" />
 
-	<rule from="^http://((?:foia|forms|tips|vault|www)\.)?fbi\.gov/"
-		to="https://$1fbi.gov/" />
+	<rule from="^http://foia\.fbi\.gov/"
+		to="https://www.fbi.gov/foia/" />
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Federal-Communications-Commission.xml b/src/chrome/content/rules/Federal-Communications-Commission.xml
index da932725b785..0d5949fcee67 100644
--- a/src/chrome/content/rules/Federal-Communications-Commission.xml
+++ b/src/chrome/content/rules/Federal-Communications-Commission.xml
@@ -1,4 +1,6 @@
 <!--
+	Federal Communications Commission
+
 	See US-government.xml for other US government coverage.
 
 
@@ -12,41 +14,73 @@
 		- ^		(shows transition; mismatched, CN: transition.fcc.gov)
 		- publicsafety	(times out)
 		- reboot *
+		- transition (404 on http://transition.fcc.gov/Daily_Releases/Daily_Digest/2015/dd2015.html)
+		- apps (404, expired)
+		- fjallfoss (404)
+    - stations (unresolved)
 
 	* Times out
 
 
-	Partially covered subdomains:
+	Partially covered hosts in *fcc.gov:
 
-		- publicsafety	(→ www)
-		- reboot	(→ www)
+		- hraunfoss	(/edocs_public/attachmatch/(?!$))
 
+-->
+<ruleset name="FCC.gov (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<!--target host="apps.fcc.gov" /-->
+	<target host="data.fcc.gov" />
+	<target host="fjallfoss.fcc.gov" />
+	<target host="licensing.fcc.gov" />
+	<target host="transition.fcc.gov" />
+	<target host="www.fcc.gov" />
+
+	<!--	Complications:
+				-->
+	<target host="fcc.gov" />
+	<target host="hraunfoss.fcc.gov" />
 
-	Fully covered subdomains:
+		<!-- <exclusion pattern="^http://hraunfoss\.fcc\.gov/(?!edocs_public/attachmatch/(?!$))" />
+			<test url="http://hraunfoss.fcc.gov/edocs_public/attachmatch/DA-10-893A1.pdf" />
+			<test url="http://hraunfoss.fcc.gov/edocs_public/attachmatch/DOC-235879A1.pdf" />
+      <test url="http://hraunfoss.fcc.gov/edocs_public/attachmatch/FCC-13-64A1.pdf" /> -->
 
-		- (www.)	(^ → www)
-		- apps
-		- data
-		- fjallfoss
-		- licensing
-		- stations
-		- transition
+		<!--	apps and fjalloss have been disabled in response to
+			https://github.com/EFForg/https-everywhere/issues/2874.
 
--->
-<ruleset name="Federal Communications Commission (partial)">
+			Considering the pattern of what works and what doesn't
+			isn't known yet, let's include only what we know to work
+			as we find it.
+
+			exclusions and tests are left for commentary and potential
+			future use.
+
+	<test url="http://hraunfoss.fcc.gov/edocs_public/attachmatch/DOC-235879A1.txt" />
+	<test url="http://hraunfoss.fcc.gov/edocs_public/attachmatch/DOC-235879A1.pdf" />
 
-	<target host="fcc.gov" />
-	<target host="*.fcc.gov" />
 
+			<test url="http://apps.fcc.gov/ecfs/" />
+			<test url="http://fjallfoss.fcc.gov/ecfs2/" />
 
-	<securecookie host="^.*\.fcc\.gov$" name=".*" />
+			This used to 404:
 
+		<test url="http://transition.fcc.gov/Daily_Releases/Daily_Digest/2015/dd2015.html" />
 
-	<rule from="^https?://fcc\.gov/"
+
+	<securecookie host=".*\.fcc\.gov$" name=".+" />
+
+
+	<rule from="^http://fcc\.gov/"
 		to="https://www.fcc.gov/" />
 
-	<rule from="^http://(apps|data|fjallfoss|licensing|stations|transition|www)\.fcc\.gov/"
-		to="https://$1.fcc.gov/" />
+		Redirects like so:
+	<rule from="^http://hraunfoss\.fcc\.gov/edocs_public/attachmatch/"
+		to="https://apps.fcc.gov/edocs_public/attachmatch/" />
+
+	 These rules need tests:
 
 	<rule from="^http://publicsafety\.fcc\.gov/(?:\?.*)?$"
 		to="https://www.fcc.gov/pshs/" />
@@ -57,4 +91,9 @@
 	<rule from="^http://reboot\.fcc\.gov/data(?:\?.*)?$"
 		to="https://www.fcc.gov/data" />
 
+	-->
+
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/Federal-Deposit-Insurance-Corporation.xml b/src/chrome/content/rules/Federal-Deposit-Insurance-Corporation.xml
index 34879d747230..c6b00e8d2ae1 100644
--- a/src/chrome/content/rules/Federal-Deposit-Insurance-Corporation.xml
+++ b/src/chrome/content/rules/Federal-Deposit-Insurance-Corporation.xml
@@ -1,19 +1,30 @@
 <!--
-	For other US government coverage, see US-government.xml.
+	Federal Deposit Insurance Corporation
+
+
+
+	^fdic.gov: Cert only matches www
 
 -->
-<ruleset name="Federal Deposit Insurance Corporation">
+<ruleset name="FDIC.gov">
 
+	<!--	Direct rewrites:
+				-->
+	<target host="www.fdic.gov" />
+	<target host="www2.fdic.gov" />
+
+	<!--	Complications:
+				-->
 	<target host="fdic.gov" />
-	<target host="*.fdic.gov" />
 
 
-	<securecookie host="^.*\.fdic\.gov$" name=".*" />
+	<securecookie host=".+" name=".+" />
+
 
+	<rule from="^http://fdic\.gov/"
+		to="https://www.fdic.gov/" />
 
-	<!--	!www: Cert only matches www.
-						-->
-	<rule from="^https?://(?:www(2)?\.)?fdic\.gov/"
-		to="https://www$1.fdic.gov/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Federal-Office-for-Information-Security.xml b/src/chrome/content/rules/Federal-Office-for-Information-Security.xml
index b3b3d1848f94..240392a79131 100644
--- a/src/chrome/content/rules/Federal-Office-for-Information-Security.xml
+++ b/src/chrome/content/rules/Federal-Office-for-Information-Security.xml
@@ -1,3 +1,7 @@
+<!--
+
+	For other bund.de coverages, see Verwaltung_Online.xml.
+-->
 <ruleset name="Federal Office for Information Security">
 
 	<target host="www.bsi.de" />
@@ -17,12 +21,12 @@
 
 	<!--	Cert doesn't match !www.
 						-->
-	<rule from="^https?://(?:www\.)?bsi-fuer-buerger\.de/"
+	<rule from="^http://(?:www\.)?bsi-fuer-buerger\.de/"
 		to="https://www.bsi-fuer-buerger.de/" />
 
 	<!--	Ditto.
 			-->
-	<rule from="^https?://(?:www\.)?bsi\.bund\.de/"
+	<rule from="^http://(?:www\.)?bsi\.bund\.de/"
 		to="https://www.bsi.bund.de/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Federal-Register.xml b/src/chrome/content/rules/Federal-Register.xml
index 909ef79d3903..8d4c448b4685 100644
--- a/src/chrome/content/rules/Federal-Register.xml
+++ b/src/chrome/content/rules/Federal-Register.xml
@@ -1,11 +1,27 @@
-<ruleset name="Federal Register">
+<!--
+	Office of the Federal Register
 
-	<target host="federalregister.gov"/>
-	<target host="www.federalregister.gov"/>
 
-	<rule from="^http://(www\.)?federalregister\.gov/"
-		to="https://www.federalregister.gov/"/>
 
-	<securecookie host="^www\.federalregister\.gov$" name=".*"/>
+	Insecure cookies are set for these hosts:
+
+		- www.federalregister.gov
+
+-->
+<ruleset name="Federal Register.gov">
+
+	<target host="federalregister.gov" />
+	<target host="www.federalregister.gov" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.federalregister\.gov$" name="^ab_group$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/FederalShariatCourt.gov.pk.xml b/src/chrome/content/rules/FederalShariatCourt.gov.pk.xml
new file mode 100644
index 000000000000..433665e35a48
--- /dev/null
+++ b/src/chrome/content/rules/FederalShariatCourt.gov.pk.xml
@@ -0,0 +1,8 @@
+<ruleset name="FederalShariatCourt.gov.pk">
+	<target host="federalshariatcourt.gov.pk" />
+	<target host="www.federalshariatcourt.gov.pk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Federal_Aviation_Administration.xml b/src/chrome/content/rules/Federal_Aviation_Administration.xml
index e6f0d3d7bbfc..d50cf8582b68 100644
--- a/src/chrome/content/rules/Federal_Aviation_Administration.xml
+++ b/src/chrome/content/rules/Federal_Aviation_Administration.xml
@@ -1,21 +1,30 @@
 <!--
-	^faa.gov doesn't exist
+	Federal Aviation Administration
+
+
 
+	Nonfunctional hosts in faa.gov:
 
-	Nonfunctional subdomains:
+		- rgl *
 
-		- rgl	(times out)
+	* Dropped
+
+
+	^faa.gov doesn't exist
 
 -->
-<ruleset name="Federal Aviation Administration (partial)">
+<ruleset name="FAA.gov (partial)">
 
+	<target host="my.faa.gov" />
+	<target host="auth.smext.faa.gov" />
+	<target host="register.smext.faa.gov" />
 	<target host="www.faa.gov" />
 
 
-	<securecookie host="^www\.faa\.gov$" name=".+" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^http://www\.faa\.gov/"
-		to="https://www.faa.gov/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Federal_Business_Opportunities.xml b/src/chrome/content/rules/Federal_Business_Opportunities.xml
deleted file mode 100644
index 7af7e81a51d9..000000000000
--- a/src/chrome/content/rules/Federal_Business_Opportunities.xml
+++ /dev/null
@@ -1,28 +0,0 @@
-<!--
-	For other U.S. government coverage, see US-government.xml.
-
-
-	Certs only match www.
-
-
-	Targets solely for wildcard cookies:
-
-		- *.www.fbo.gov
-
--->
-<ruleset name="Federal Business Opportunities">
-
-	<target host="fbo.gov" />
-	<target host="*.fbo.gov" />
-	<target host="*.www.fbo.gov" />
-	<target host="fedbizopps.gov" />
-	<target host="www.fedbizopps.gov" />
-
-
-	<securecookie host="^(?:.*\.)?fbo\.gov$" name=".+" />
-
-
-	<rule from="^https?://(?:www\.)?f(bo|edbizopps)\.gov/"
-		to="https://www.f$1.gov/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Federal_Emergency_Management_Agency.xml b/src/chrome/content/rules/Federal_Emergency_Management_Agency.xml
index 0ada2ef7e7e5..151601437bb1 100644
--- a/src/chrome/content/rules/Federal_Emergency_Management_Agency.xml
+++ b/src/chrome/content/rules/Federal_Emergency_Management_Agency.xml
@@ -2,7 +2,7 @@
     <target host="fema.gov" />
     <target host="*.fema.gov" />
 
-    <rule from="^https?://fema\.gov/"
+    <rule from="^http://fema\.gov/"
         to="https://www.fema.gov/"/>
     <rule from="^http://([^/:@]+)?\.fema\.gov/"
         to="https://$1.fema.gov/" />
diff --git a/src/chrome/content/rules/Federal_Office_of_Administration.xml b/src/chrome/content/rules/Federal_Office_of_Administration.xml
index e043d3ec39e9..16f457f38357 100644
--- a/src/chrome/content/rules/Federal_Office_of_Administration.xml
+++ b/src/chrome/content/rules/Federal_Office_of_Administration.xml
@@ -1,13 +1,69 @@
-<ruleset name="Federal Office of Administration">
+<!--
+	Federal Office of Administration
 
-	<target host="bva.bund.de" />
+
+	^bva.bund.de: Mismatched
+
+
+	These altnames don't exist:
+
+		- bafoegonline.bva.bund.de
+
+
+	Insecure cookies are set for these hosts:
+
+		- bezuegerechner.bva.bund.de
+		- gsb.download.bva.bund.de
+		- www.bva.bund.de
+
+
+	Mixed content:
+
+		- Image on gsb.download from www.adobe.com ˢ
+
+	ˢ Secured by us
+
+
+	Invalid certificate:
+		- gsb.download.bva.bund.de
+		- test7.gsb.bva.bund.de
+
+
+	For other bund.de coverages, see Verwaltung_Online.xml.
+
+-->
+<ruleset name="BVA.bund.de">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.bafoegonline.bva.bund.de" />
+	<target host="bezuegerechner.bva.bund.de" />
+	<target host="kolep.bva.bund.de" />
+	<target host="isasonline.bva.bund.de" />
 	<target host="www.bva.bund.de" />
 
+	<!--	Complications:
+				-->
+	<target host="bva.bund.de" />
+
+		<!--	Mixed images:
+					-->
+		<!--test url="http://gsb.download.bva.bund.de/BPRA/Bellevue/" /-->
+
 
-	<securecookie host="^www\.bva\.bund\.de$" name=".+" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^bezuegerechner\.bva\.bund\.de$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^gsb\.download\.bva\.bund\.de$" name="^(?:TS[\da-f]{8}|server-id)$" /-->
+	<!--securecookie host="^www\.bva\.bund\.de$" name="^(?:JSESSIONID|TS[\da-f]{8}|server-id)$" /-->
 
+	<securecookie host="^\w" name=".+" />
 
-	<rule from="^https?://(?:www\.)?bva\.bund\.de/"
+
+	<rule from="^http://bva\.bund\.de/"
 		to="https://www.bva.bund.de/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Federal_Reserve.org.xml b/src/chrome/content/rules/Federal_Reserve.org.xml
new file mode 100644
index 000000000000..8378f1416bac
--- /dev/null
+++ b/src/chrome/content/rules/Federal_Reserve.org.xml
@@ -0,0 +1,39 @@
+<!--
+	Federal Reserve Bank
+
+	For other U.S. government coverage, see US-government.xml.
+
+
+	Problematic hosts in *federalreserve.org:
+
+		- profilefrs ᵘ
+
+	ᵘ Untrusted root
+
+
+	Insecure cookies are set for these hosts:
+
+		- ews-sdc.federalreserve.org
+		- knowledgecentral.federalreserve.org
+
+-->
+<ruleset name="Federal Reserve.org (partial)">
+
+	<target host="ews-sdc.federalreserve.org" />
+	<target host="knowledgecentral.federalreserve.org" />
+	<target host="profile.federalreserve.org" />
+	<target host="www.federalreserve.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^ews-sdc\.federalreserve\.org$" name="^WEBTRENDS_ID$" /-->
+	<!--securecookie host="^knowledgecentral\.federalreserve\.org$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Federal_Reserve.xml b/src/chrome/content/rules/Federal_Reserve.xml
deleted file mode 100644
index 211db355a6a1..000000000000
--- a/src/chrome/content/rules/Federal_Reserve.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="Federal Reserve">
-    <target host="federalreserve.gov" />
-    <target host="*.federalreserve.gov" />
-
-    <rule from="^https?://federalreserve\.gov/"
-        to="https://www.federalreserve.gov/"/>
-    <rule from="^http://([^/:@]+)?\.federalreserve\.gov/"
-        to="https://$1.federalreserve.gov/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Federal_Soup.xml b/src/chrome/content/rules/Federal_Soup.xml
new file mode 100644
index 000000000000..4766d76f6937
--- /dev/null
+++ b/src/chrome/content/rules/Federal_Soup.xml
@@ -0,0 +1,8 @@
+<ruleset name="Federal Soup">
+    <target host="federalsoup.com" />
+    <target host="catalog.federalsoup.com" />
+    <target host="forum.federalsoup.com" />
+
+    <rule from="^http:"
+        to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Federal_Trade_Commission.xml b/src/chrome/content/rules/Federal_Trade_Commission.xml
index f8465817e7f7..d437b183b929 100644
--- a/src/chrome/content/rules/Federal_Trade_Commission.xml
+++ b/src/chrome/content/rules/Federal_Trade_Commission.xml
@@ -1,33 +1,47 @@
+
 <!--
-	For other U.S. government coverage, see US-government.xml.
 
+	Nonfunctional hosts in *ftc.gov:
+
+		- search ³
 
-	Nonfunctional subdomains:
+	³ 403
 
-		- (www.)	(https differs from http)
-		- search	(403, mismatched)
 
+	Problematic hosts in *ftc.gov:
 
-	Partially covered subdomains:
+		- eis ⁱ
+		- edit.staging ᵐ
+		- staging ᵐ
 
-		- business	(at least some pages redirect to http)
+	ⁱ Incomplete certificate chain
+	ᵐ Mismatched
 
 -->
-<ruleset name="Federal Trade Commission (partial)">
+<ruleset name="FTC.gov (partial)">
+
+	<target host="ftc.gov" />
+	<target host="bulkorder.ftc.gov" />
+	<target host="bulkorder2.ftc.gov" />
 
-	<target host="*.ftc.gov" />
-		<exclusion pattern="^http://business\.ftc\.gov/(?!misc/|modules/|sites/)" />
-	<target host="ftccomplaintassistant.gov" />
-	<target host="www.ftccomplaintassistant.gov" />
+	<target host="edit.bulkorder.ftc.gov" />
+	<target host="www.bulkorder.ftc.gov" />
 
+	<target host="business.ftc.gov" />
+	<target host="www.business.ftc.gov" />
+	<target host="consumer.ftc.gov" />
+	<target host="www.consumer.ftc.gov" />
+	<target host="consumidor.ftc.gov" />
+	<target host="www.consumidor.ftc.gov" />
+	<target host="edit.ftc.gov" />
+	<target host="loadtest.ftc.gov" />
+	<target host="www.ftc.gov" />
 
-	<securecookie host="^bulkorder\.ftc\.gov$" name=".+" />
 
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(bulkorder|business|(?:www\.)?consum(?:e|ido)r)\.ftc\.gov/"
-		to="https://$1.ftc.gov/" />
 
-	<rule from="^http://(www\.)?ftccomplaintassistant\.gov/"
-		to="https://$1ftccomplaintassistant.gov/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Federated-Investors.xml b/src/chrome/content/rules/Federated-Investors.xml
index 35b69c0aeab8..f615eac6bb11 100644
--- a/src/chrome/content/rules/Federated-Investors.xml
+++ b/src/chrome/content/rules/Federated-Investors.xml
@@ -1,4 +1,13 @@
-<ruleset name="Federated Investors (partial)">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://federatedinvestors.com/ => https://federatedinvestors.com/: (35, 'error:14077458:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 unrecognized name')
+Fetch error: http://www.federatedinvestors.com/ => https://www.federatedinvestors.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://federatedinvestors.com/ => https://federatedinvestors.com/: (51, "SSL: no alternative certificate subject name matches target host name 'federatedinvestors.com'")
+-->
+<ruleset name="Federated Investors (partial)" default_off="failed ruleset test">
 
 	<target host="federatedinvestors.com" />
 	<target host="www.federatedinvestors.com" />
diff --git a/src/chrome/content/rules/Federated-Media-Publishing.xml b/src/chrome/content/rules/Federated-Media-Publishing.xml
index b7b1ccafa9f8..0eab2409af53 100644
--- a/src/chrome/content/rules/Federated-Media-Publishing.xml
+++ b/src/chrome/content/rules/Federated-Media-Publishing.xml
@@ -1,29 +1,38 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://federatedmedia.net/ => https://federatedmedia.net/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.federatedmedia.net/ => https://www.federatedmedia.net/: (60, 'SSL certificate problem: certificate has expired')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://federatedmedia.net/ => https://federatedmedia.net/: (60, 'SSL certificate problem: self signed certificate')
+Fetch error: http://www.federatedmedia.net/ => https://www.federatedmedia.net/: (60, 'SSL certificate problem: self signed certificate')
 	Nonfunctional domains:
 
 		- cm.cdn.fm
 
 -->
-<ruleset name="Federated Media Publishing (partial)">
+<ruleset name="Federated Media Publishing (partial)" default_off="failed ruleset test">
 
 	<target host="federatedmedia.net" />
 	<target host="www.federatedmedia.net" />
-	<target host="*.fmpub.net" />
+	<target host="keywords.fmpub.net" />
+	<target host="r1.fmpub.net" />
+	<target host="static.fmpub.net" />
+	<target host="tenzing.fmpub.net" />
+	<target host="static-cf.fmpub.net" />
 
 
 	<securecookie host="^.*\.fmpub\.net$" name=".+" />
-	<securecookie host="^www\.federatedmedia\.net$" name=".*" />
+	<securecookie host="^www\.federatedmedia\.net$" name=".+" />
 
 
-	<rule from="^http://(www\.)?federatedmedia\.net/"
-		to="https://$1federatedmedia.net/" />
 
 	<!--	Ads included on 3rd-party websites.	-->
-	<rule from="^http://(keywords|r1|static|tenzing)\.fmpub\.net/"
-		to="https://$1.fmpub.net/" />
 
 	<!--	Ditto.	-->
-	<rule from="^https?://static-cf\.fmpub\.net/"
+	<rule from="^http://static-cf\.fmpub\.net/"
 		to="https://fmpub.cachefly.net/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Federation-of-American-Scientists.xml b/src/chrome/content/rules/Federation-of-American-Scientists.xml
index c26631c01fa2..6186e0f3c990 100644
--- a/src/chrome/content/rules/Federation-of-American-Scientists.xml
+++ b/src/chrome/content/rules/Federation-of-American-Scientists.xml
@@ -1,20 +1,34 @@
-<ruleset name="Federation of American Scientists" platform="mixedcontent">
 
-	<target host="fas.org" />
-	<target host="*.fas.org" />
-	<!--	* for cross-domain cookie.	-->
-	<target host="*.members.fas.org" />
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://members.fas.org/ => https://members.fas.org/: (6, 'Could not resolve host: members.fas.org')
+
+	Federation of American Scientists
+
+
+	Insecure cookies are set for these domains:
 
+		- .fas.org
 
-	<!--	Observed cookie domains:
+-->
+<ruleset name="FAS.org" default_off="failed ruleset test">
 
-			- ^.members
+	<!--	Direct rewrites:
+				-->
+	<target host="fas.org" />
+	<target host="members.fas.org" />
+	<target host="www.fas.org" />
+
+
+	<!--	CloudFlare cookies:
 					-->
-	<securecookie host="^.*\.fas\.org$" name=".*" />
+	<!--securecookie host="^\.fas\.org$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host=".*\.fas\.org$" name=".+" />
 
 
-	<rule from="^http://(members\.|www\.)?fas\.org/"
-		to="https://$1fas.org/"/>
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
 
diff --git a/src/chrome/content/rules/Federation-of-Small-Businesses.xml b/src/chrome/content/rules/Federation-of-Small-Businesses.xml
index 1af2fccc7628..b80e846770e6 100644
--- a/src/chrome/content/rules/Federation-of-Small-Businesses.xml
+++ b/src/chrome/content/rules/Federation-of-Small-Businesses.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://fsb.org.uk/ => http://fsb.org.uk/: (28, 'Connection timed out after 10000 milliseconds')
+
 	Nonfunctional domains:
 
 		- forum.fsb.org.uk	(times out)
@@ -7,10 +11,11 @@
 <ruleset name="Federation of Small Businesses (partial)">
 
 	<target host="fsb.org.uk" />
-	<target host="*.fsb.org.uk" />
+	<target host="www.fsb.org.uk" />
+	<target host="join.fsb.org.uk" />
 
 
-	<securecookie host="^join\.fsb\.org\.uk$" name=".*" />
+	<securecookie host="^join\.fsb\.org\.uk$" name=".+" />
 
 
 	<!--	- !www times out over https
@@ -25,7 +30,7 @@
 			- membership/images/slider/
 
 				-->
-	<rule from="^https?://(?:www\.)?fsb\.org\.uk/(general/imag|Templat)es/"
+	<rule from="^http://(?:www\.)?fsb\.org\.uk/(general/imag|Templat)es/"
 		to="https://www.fsb.org.uk/$1es/" />
 
 	<rule from="^http://join\.fsb\.org\.uk/"
diff --git a/src/chrome/content/rules/Fedge_NO.com.xml b/src/chrome/content/rules/Fedge_NO.com.xml
new file mode 100644
index 000000000000..64875969a5d6
--- /dev/null
+++ b/src/chrome/content/rules/Fedge_NO.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="Fedge NO.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="fedgeno.com" />
+	<target host="www.fedgeno.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Fedora.xml b/src/chrome/content/rules/Fedora.xml
deleted file mode 100644
index 3ae802c65f7b..000000000000
--- a/src/chrome/content/rules/Fedora.xml
+++ /dev/null
@@ -1,93 +0,0 @@
-<!--
-	For problematic rules, see Fedora_Project-problematic.xml.
-
-
-	Other Fedora Project rulesets:
-
-		- Fedora_Hosted.org.xml
-
-
-	Nonfunctional domains:
-
-		- \w+.fedorapeople.org		(unique domain per person)
-
-		- fedoraproject.org subdomains:
-
-			- directory *
-			- infrastructure	(dropped)
-			- ols **
-			- pki *
-			- planet **
-			- publictest04 **
-
-	* Redirects to www.aeolusproject.org; mismatched, CN: *.aeolusproject.org
-	** Refused
-
-
-	Problematic domains:
-
-		- pkgs.fedoraproject.org	(works, self-signed)
-
-
-	Fully covered domains:
-
-		- fedoraproject.org subdomains:
-
-			- (www.)
-			- admin
-			- alt
-			- apps
-			- archives
-			- badges
-			- blogs
-			- boot
-			- dl
-			- docs
-			- download
-			- get
-			- join
-			- lists
-			- meetbot
-			- mirrors
-			- paste
-			- retrace
-			- spins
-			- start
-			- talk		
-
-
-	Mixed content:
-
-		- css on start from ^ ***
-
-		- Images, on:
-
-			- badges from infrastructure **
-			- badges from cdn.libravatar.org *
-			- start from ^ *
-			- start from www *
-
-	* Secured by us
-	** Unsecurable, doesn't trip MCB
-	*** Secured by us, seems to affect printing only
-
--->
-<ruleset name="Fedora Project">
-
-	<target host="fedoraproject.org" />
-	<target host="*.fedoraproject.org" />
-		<!--
-			Causes false/broken MCB
-
-			Update: seems to have been fixed
-							-->
-		<!--exclusion pattern="^http://start\.fedoraproject\." /-->
-
-
-	<securecookie host="^(?:.*\.)?fedoraproject\.org$" name=".+" />
-
-
-	<rule from="^http://((?:admin|alt|apps|archives|badges|blogs|boot|dl|docs|download|get|join|lists|meetbot|mirrors|paste|retrace|spins|start|talk|www)\.)?fedoraproject\.org/"
-		to="https://$1fedoraproject.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Fedora_Hosted.org.xml b/src/chrome/content/rules/Fedora_Hosted.org.xml
deleted file mode 100644
index 21e06ee1eb02..000000000000
--- a/src/chrome/content/rules/Fedora_Hosted.org.xml
+++ /dev/null
@@ -1,33 +0,0 @@
-<!--
-	For other Fedora Project coverage, see Fedora.xml.
-
-
-	Nonfunctional subdomains:
-
-		- svn		(redirects to ^ and 404s, valid cert)
-
-
-	Fully covered subdomains:
-
-		- (www.)	(www → ^)
-		- git
-		- lists
-
--->
-<ruleset name="Fedora Hosted.org (partial)">
-
-	<target host="fedorahosted.org" />
-	<target host="*.fedorahosted.org" />
-		<!--exclusion pattern="^http://svn\." /-->
-
-
-	<securecookie host="^fedorahosted\.org$" name=".+" />
-
-
-	<!--	www redirects to ^ over http,
-		so copy that behavior:
-					-->
-	<rule from="^http://(?:(git\.|lists\.)|www\.)?fedorahosted\.org/"
-		to="https://$1fedorahosted.org/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Fedora_Magazine.org.xml b/src/chrome/content/rules/Fedora_Magazine.org.xml
deleted file mode 100644
index 41f80d4b6ce4..000000000000
--- a/src/chrome/content/rules/Fedora_Magazine.org.xml
+++ /dev/null
@@ -1,31 +0,0 @@
-<!--
-	Problematic subdomains:
-
-		- www	(redirects to apps.fedoraproject.org)
-
-
-	Mixed content:
-
-		- css on ^ from ^ *
-
-		- Images, on ^ from:
-
-			- ^ *
-			- \d.gravatar.com *
-
-	* Secured by us
-
--->
-<ruleset name="Fedora Magazine.org (false MCB)" platform="mixedcontent">
-
-	<target host="fedoramagazine.org" />
-	<target host="www.fedoramagazine.org" />
-
-
-	<securecookie host="^fedoramagazine\.org$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?fedoramagazine\.org/"
-		to="https://fedoramagazine.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Fedora_Project-problematic.xml b/src/chrome/content/rules/Fedora_Project-problematic.xml
deleted file mode 100644
index 5ce3142e580b..000000000000
--- a/src/chrome/content/rules/Fedora_Project-problematic.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<!--
-	For rules that are on by default, see Fedora.xml.
-
--->
-<ruleset name="Fedora Project (problematic)" default_off="self-signed">
-
-	<target host="pkgs.fedoraproject.org" />
-
-
-	<rule from="^http://pkgs\.fedoraproject\.org/"
-		to="https://pkgs.fedoraproject.org/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Fedorainfracloud.org.xml b/src/chrome/content/rules/Fedorainfracloud.org.xml
new file mode 100644
index 000000000000..c5e805830d26
--- /dev/null
+++ b/src/chrome/content/rules/Fedorainfracloud.org.xml
@@ -0,0 +1,25 @@
+<!--
+	Nonfunctional hosts in *.fedorainfracloud.org:
+		- developer.fedorainfracloud.org (r)
+		- faitout.fedorainfracloud.org (t)
+		- grafana.fedorainfracloud.org (e)
+		- graphite.fedorainfracloud.org (e)
+		- modularity.fedorainfracloud.org (s)
+		- piwik.fedorainfracloud.org (s)
+		- testdays.fedorainfracloud.org (r)
+
+	r: connection refused
+	e: expired certificate
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Fedora Infrastructure Cloud">
+	<target host="fedorainfracloud.org" />
+	<target host="www.fedorainfracloud.org" />
+	<target host="copr.fedorainfracloud.org" />
+	<target host="taiga.fedorainfracloud.org" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/FeeFighters.xml b/src/chrome/content/rules/FeeFighters.xml
index e28f6bb54649..8e9083ef307d 100644
--- a/src/chrome/content/rules/FeeFighters.xml
+++ b/src/chrome/content/rules/FeeFighters.xml
@@ -1,8 +1,18 @@
-<ruleset name="FeeFighters" platform="mixedcontent">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://feefighters.com/ => https://feefighters.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.feefighters.com/ => https://feefighters.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://feefighters.com/ => https://feefighters.com/: (51, "SSL: no alternative certificate subject name matches target host name 'feefighters.com'")
+Fetch error: http://www.feefighters.com/ => https://feefighters.com/: (51, "SSL: no alternative certificate subject name matches target host name 'feefighters.com'")
+-->
+<ruleset name="FeeFighters" platform="mixedcontent" default_off="failed ruleset test">
   <target host="feefighters.com" />
   <target host="www.feefighters.com" />
 
-  <securecookie host="^(.+\.)?feefighters\.com$" name=".*"/>
+  <securecookie host=".+" name=".+" />
 
   <rule from="^http://(?:www\.)?feefighters\.com/" to="https://feefighters.com/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/Feed2JS.org.xml b/src/chrome/content/rules/Feed2JS.org.xml
index 153e69343dd8..e9b2d7b9a5ac 100644
--- a/src/chrome/content/rules/Feed2JS.org.xml
+++ b/src/chrome/content/rules/Feed2JS.org.xml
@@ -4,7 +4,6 @@
 	<target host="www.feed2js.org" />
 
 
-	<rule from="^http://(www\.)?feed2js\.org/"
-		to="https://$1feed2js.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/FeedBlitz.xml b/src/chrome/content/rules/FeedBlitz.xml
index f0ce57de572b..904ce9fbb220 100644
--- a/src/chrome/content/rules/FeedBlitz.xml
+++ b/src/chrome/content/rules/FeedBlitz.xml
@@ -1,8 +1,6 @@
 <!--
 	CDN buckets:
 
-		- s3.amazonaws.com/assets.feedblitz.com/
-		- s3.amazonaws.com/users.feedblitz.com/
 		- ne1.wpc.edgecastcdn.net/0002B4/
 
 		- cee47999521ce01e5baae088241054d9.edgesuite.net
@@ -35,9 +33,6 @@
 		- t		(→ ei.rlcdn.com)
 		- users *
 
-	* → s3.amazonaws.com
-
-
 	Mixed content:
 
 		- Images, on:
@@ -62,17 +57,18 @@
 <ruleset name="FeedBlitz">
 
 	<target host="feedblitz.com" />
-	<target host="*.feedblitz.com" />
-
-
-	<securecookie host="^w*\.feedblitz\.com$" name=".*" />
-
+	<target host="archive.feedblitz.com" />
+	<target host="blog.feedblitz.com" />
+	<target host="feeds.feedblitz.com" />
+	<target host="p.feedblitz.com" />
+	<target host="www.feedblitz.com" />
+	<target host="assets.feedblitz.com" />
+	<target host="users.feedblitz.com" />
+	<target host="spnsrs.feedblitz.com" />
+	<target host="t.feedblitz.com" />
 
-	<rule from="^http://((?:archive|blog|feeds|p|www)\.)?feedblitz\.com/"
-		to="https://$1feedblitz.com/" />
 
-	<rule from="^http://(asset|user)s\.feedblitz\.com/"
-		to="https://s3.amazonaws.com/$1s.feedblitz.com/" />
+	<securecookie host="^w*\.feedblitz\.com$" name=".+" />
 
 	<!--	Redirects like so:
 					-->
@@ -82,4 +78,5 @@
 	<rule from="^http://t\.feedblitz\.com/"
 		to="https://ei.rlcdn.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/FeedBurner.xml b/src/chrome/content/rules/FeedBurner.xml
index 97828daffcd8..c55e9596e908 100644
--- a/src/chrome/content/rules/FeedBurner.xml
+++ b/src/chrome/content/rules/FeedBurner.xml
@@ -1,23 +1,20 @@
 <!--
 	For other Google coverage, see GoogleServices.xml
 
-
-	Nonfunctional subdomains:
-
-		- (www.)	(redirects to www.google.com; mismatched, CN: *.google.com)
-		- feeds *
-		- feeds2 *
-
-	* 404; mismatched, CN: google.com
+	Mixed content:
+		- Images on feeds from various domains
 
 -->
-<ruleset name="FeedBurner (partial)">
+<ruleset name="FeedBurner.com">
 
 	<target host="feedburner.com" />
 	<target host="www.feedburner.com" />
+	<target host="feeds.feedburner.com" />
+	<target host="feeds2.feedburner.com" />
+	<target host="feedproxy.feedburner.com" />
+	<target host="ping.feedburner.com" />
 
+	<rule from="^http:"
+		to="https:" />
 
-	<rule from="^http://(?:www\.)?feedburner\.com/"
-		to="https://feedburner.google.com/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/FeedPress.me.xml b/src/chrome/content/rules/FeedPress.me.xml
new file mode 100644
index 000000000000..6eacd1780944
--- /dev/null
+++ b/src/chrome/content/rules/FeedPress.me.xml
@@ -0,0 +1,18 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.feedpress.me/ => https://www.feedpress.me/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="FeedPress.me" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="feedpress.me" />
+	<target host="www.feedpress.me" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Feedbackify.com.xml b/src/chrome/content/rules/Feedbackify.com.xml
new file mode 100644
index 000000000000..9eb53a8c0430
--- /dev/null
+++ b/src/chrome/content/rules/Feedbackify.com.xml
@@ -0,0 +1,23 @@
+<!--
+	CDN buckets:
+
+		- fby-css.s3.amazonaws.com
+		- s3.amazonaws.com/fby-form
+		- fby-img.s3.amazonaws.com
+
+-->
+<ruleset name="Feedbackify.com">
+
+	<target host="feedbackify.com" />
+	<target host="cdn.feedbackify.com" />
+	<target host="www.feedbackify.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<securecookie host="^www\.feedbackify\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Feedbox.com.xml b/src/chrome/content/rules/Feedbox.com.xml
deleted file mode 100644
index 8f7d86b7fef3..000000000000
--- a/src/chrome/content/rules/Feedbox.com.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	(www.): dropped
-
--->
-<ruleset name="Feedbox.com (partial)">
-
-	<target host="my.feedbox.com" />
-
-
-	<securecookie host="^my\.feedbox\.com$" name=".+" />
-
-
-	<rule from="^http://my\.feedbox\.com/"
-		to="https://my.feedbox.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Feedjit.xml b/src/chrome/content/rules/Feedjit.xml
index 63364a5b9a68..a869e860e139 100644
--- a/src/chrome/content/rules/Feedjit.xml
+++ b/src/chrome/content/rules/Feedjit.xml
@@ -16,4 +16,4 @@
 	<rule from="^http://(www\.)?feedjit\.com/(favicon\.ico|images/|plansPricing/|pro/|rush/|static/)"
 		to="https://$1feedjit.com/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Feedly.com.xml b/src/chrome/content/rules/Feedly.com.xml
index c080f83b32ac..e5c97cb2cfae 100644
--- a/src/chrome/content/rules/Feedly.com.xml
+++ b/src/chrome/content/rules/Feedly.com.xml
@@ -1,33 +1,25 @@
 <!--
-	Problematic subdomains:
-
-		- blog	(wordpress)
-
-
-	Fully covered subdomains:
-
-		- (www.)
-		- cloud
-		- s3
-
-
 	Mixed content:
 
-		- Images on www from s3 *
+		- Images on www from s3.feedly.com *
 
 	* Secured by us
 
 -->
-<ruleset name="feedly.com (partial)">
+<ruleset name="feedly.com">
 
 	<target host="feedly.com" />
-	<target host="*.feedly.com" />
+	<target host="blog.feedly.com" />
+	<target host="cloud.feedly.com" />
+	<target host="s3.feedly.com" />
+	<target host="www.feedly.com" />
 
 
-	<securecookie host="^(?:www\.)?feedly\.com$" name=".+" />
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^http://((?:cloud|s3|www)\.)?feedly\.com/"
-		to="https://$1feedly.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Feedmyinbox.xml b/src/chrome/content/rules/Feedmyinbox.xml
index 97eb53fb4b23..cd259f42fc09 100644
--- a/src/chrome/content/rules/Feedmyinbox.xml
+++ b/src/chrome/content/rules/Feedmyinbox.xml
@@ -1,8 +1,15 @@
-<ruleset name="FeedMyInbox">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.feedmyinbox.com/ => https://www.feedmyinbox.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://feedmyinbox.com/ => https://www.feedmyinbox.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+-->
+<ruleset name="FeedMyInbox" default_off="failed ruleset test">
   <target host="www.feedmyinbox.com" />
   <target host="feedmyinbox.com" />
 
-  <securecookie host="^(.*\.)?feedmyinbox\.com$" name=".*" />
+  <securecookie host=".+" name=".+" />
 
   <rule from="^http://(?:www\.)?feedmyinbox\.com/" to="https://www.feedmyinbox.com/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/Feedsportal.com.xml b/src/chrome/content/rules/Feedsportal.com.xml
new file mode 100644
index 000000000000..d51d1bca0502
--- /dev/null
+++ b/src/chrome/content/rules/Feedsportal.com.xml
@@ -0,0 +1,22 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://stats.feedsportal.com/ => https://stats.feedsportal.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+	CDN buckets:
+
+		- res3.feedsportal.com.s3.amazonaws.com
+
+
+	www: refused
+
+-->
+<ruleset name="Feedsportal.com (partial)" default_off="failed ruleset test">
+
+	<target host="stats.feedsportal.com" />
+		<!--exclusion pattern="^http://(res3|www)\.feedsportal\.com/" /-->
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Feefo.xml b/src/chrome/content/rules/Feefo.xml
index f10f1320ad86..c1730539461a 100644
--- a/src/chrome/content/rules/Feefo.xml
+++ b/src/chrome/content/rules/Feefo.xml
@@ -11,7 +11,7 @@
 	<securecookie host="^www\.feefo\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?feefo\.com/"
+	<rule from="^http://(?:www\.)?feefo\.com/"
 		to="https://www.feefo.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Fefe.xml b/src/chrome/content/rules/Fefe.xml
index 5cb2c7b538e8..4bb576b970b8 100644
--- a/src/chrome/content/rules/Fefe.xml
+++ b/src/chrome/content/rules/Fefe.xml
@@ -1,6 +1,40 @@
-<ruleset name="Fefe" platform="cacert">
+<!--
+	Nonfunctional hosts in *fefe.de:
+
+		- bulk *
+
+	* invalid certificate
+
+	       - dl *
+
+
+	Problematic hosts in *fefe.de:
+
+		- cvs *
+		- dl *
+		- a.mx *
+
+	* Server sends no certificate chain, see https://whatsmychaincert.com
+
+
+	Fully covered hosts in *fefe.de:
+
+		- blog
+		- cvs
+		- dl
+		- a.mx
+		- ptrace
+		- www
+
+
+	^fefe.de doesn't exist.
+
+-->
+<ruleset name="Fefe.de (partial)">
   <target host="blog.fefe.de" />
+        <target host="ptrace.fefe.de" />
+        <target host="www.fefe.de" />
 
-  <rule from="^http://blog\.fefe\.de/" to="https://blog.fefe.de/"/>
+        <rule from="^http:"
+                to="https:" />
 </ruleset>
-
diff --git a/src/chrome/content/rules/Feide.xml b/src/chrome/content/rules/Feide.xml
index d8df1c374b24..c5fa9cb0b395 100644
--- a/src/chrome/content/rules/Feide.xml
+++ b/src/chrome/content/rules/Feide.xml
@@ -1,61 +1,65 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://openwiki.feide.no/ => https://openwiki.feide.no/: (6, 'Could not resolve host: openwiki.feide.no')
+Fetch error: http://wiki.feide.no/ => https://wiki.feide.no/: (6, 'Could not resolve host: wiki.feide.no')
+
 	For other Uninett coverage, see Uninett.xml.
 
 
-	Fully covered subdomains:
-
-		- (www.)
-		- api
-		- crawler
-		- demo
-		- idp.demo
-		- sp[1-4].demo
-		- docs
-		- foodle
-		- fwtest
-		- idp
-		- idp-dev
-		- innsyn
-		- kunde
-		- logout
-		- metadata
-		- openidp
-		- openwiki
-		- ow
-		- rnd
-		- beta.rnd
-		- translation.rnd
-		- sp-test
-		- tools
-		- wiki
-
-
-	Observed cookie domains:
-
-		- .
-		- .crawler
-		- idp.demo
-		- sp\d.demo
-		- .fwtest
-		- idp
-		- openidp
-		- rnd
-		- translation.rnd
-		- sp-test
-		- tools
-		- www
+	Insecure cookies are set for these hosts:
+
+		- idp.feide.no
+		- rnd.feide.no
+		- sp-test.feide.no
+
+
+	Mixed content:
+
+		- iframe on rnd from www.youtube.com ˢ
+		- Images on rnd from clippings.erlang.no ᵐ
+
+	ᵐ Not secured by us <= mismatched
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="Feide">
+<ruleset name="Feide.no" default_off="failed ruleset test">
 
 	<target host="feide.no" />
-	<target host="*.feide.no" />
+	<target host="api.feide.no" />
+	<target host="crawler.feide.no" />
+	<target host="docs.feide.no" />
+	<target host="fwtest.feide.no" />
+	<target host="idp.feide.no" />
+	<target host="idp-dev.feide.no" />
+	<target host="innsyn.feide.no" />
+	<target host="kunde.feide.no" />
+	<target host="logout.feide.no" />
+	<target host="metadata.feide.no" />
+	<target host="openidp.feide.no" />
+	<target host="openwiki.feide.no" />
+	<target host="rnd.feide.no" />
+	<target host="translation.rnd.feide.no" />
+	<target host="sp-test.feide.no" />
+	<target host="tools.feide.no" />
+	<target host="wiki.feide.no" />
+	<target host="www.feide.no" />
+
+		<!--	Sets cookie without Secure:
+							-->
+		<!--test url="http://idp.feide.no/simplesaml/module.php/feide/login.php?language=en" /-->
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^idp\.feide\.no$" name="^language$" /-->
+	<!--securecookie host="^rnd\.feide\.no$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^sp-test\.feide\.no$" name="^SimplieSAMLSessionId$" /-->
 
-	<securecookie host=".*\.feide\.no$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://((?:api|crawler|(?:idp\.|sp\d\.)?demo|docs|foodle|fwtest|idp|idp-dev|innsyn|kunde|logout|metadata|openidp|openwiki|ow|rnd|(?:beta|translation)\.rnd|sp-test|tools|wiki|www)\.)?feide\.no/"
-		to="https://$1feide.no/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Feit-Electric-Company.xml b/src/chrome/content/rules/Feit-Electric-Company.xml
deleted file mode 100644
index 9a4c66032ebd..000000000000
--- a/src/chrome/content/rules/Feit-Electric-Company.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="Feit Electric Company (partial)" platform="mixedcontent">
-
-	<target host="feitbulbs.com"/>
-	<target host="www.feitbulbs.com"/>
-
-	<rule from="^http://(?:www\.)?feitbulb\.com/"
-		to="https://secure1.voloper.net/feitbulbs/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Femtoduino.com.xml b/src/chrome/content/rules/Femtoduino.com.xml
index 97f94af28db5..10e564317987 100644
--- a/src/chrome/content/rules/Femtoduino.com.xml
+++ b/src/chrome/content/rules/Femtoduino.com.xml
@@ -7,7 +7,6 @@
 	<securecookie host="^www\.femtoduino\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?femtoduino\.com/"
-		to="https://$1femtoduino.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Fence_Center.com.xml b/src/chrome/content/rules/Fence_Center.com.xml
index 2c932ba8158c..63d4d8a1f010 100644
--- a/src/chrome/content/rules/Fence_Center.com.xml
+++ b/src/chrome/content/rules/Fence_Center.com.xml
@@ -1,10 +1,15 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://fencecenter.com/ => https://www.fencecenter.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.fencecenter.com/ => https://www.fencecenter.com/: (60, 'SSL certificate problem: certificate has expired')
+
 	Problematic subdomains:
 
 		- ^	(cert only matches www)
 
 -->
-<ruleset name="Fence Center.com">
+<ruleset name="Fence Center.com" default_off="failed ruleset test">
 
 	<target host="fencecenter.com" />
 	<target host="www.fencecenter.com" />
@@ -16,4 +21,4 @@
 	<rule from="^http://(?:www\.)?fencecenter\.com/"
 		to="https://www.fencecenter.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Fender.com-problematic.xml b/src/chrome/content/rules/Fender.com-problematic.xml
index 3d16e39f019b..fe519bc3badb 100644
--- a/src/chrome/content/rules/Fender.com-problematic.xml
+++ b/src/chrome/content/rules/Fender.com-problematic.xml
@@ -5,13 +5,11 @@
 <ruleset name="Fender.com (problematic)" default_off="mismatched">
 
 	<target host="customcare.fender.com" />
-	<target host="*.customcare.fender.com" />
 
 
 	<securecookie host="^\.customcare\.fender\.com$" name=".+" />
 
 
-	<rule from="^http://customcare\.fender\.com/"
-		to="https://customcare.fender.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Fender.com.xml b/src/chrome/content/rules/Fender.com.xml
index e30390810058..27cd16aabde7 100644
--- a/src/chrome/content/rules/Fender.com.xml
+++ b/src/chrome/content/rules/Fender.com.xml
@@ -16,7 +16,7 @@
 <ruleset name="Fender.com (partial)">
 
 	<target host="fender.com" />
-	<target host="*.fender.com" />
+	<target host="www.fender.com" />
 
 
 	<securecookie host="^(?:www)?\.fender\.com$" name=".+" />
@@ -25,4 +25,4 @@
 	<rule from="^http://(?:www\.)?fender\.com/"
 		to="https://www.fender.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Fenland.gov.uk.xml b/src/chrome/content/rules/Fenland.gov.uk.xml
new file mode 100644
index 000000000000..3542cc59156c
--- /dev/null
+++ b/src/chrome/content/rules/Fenland.gov.uk.xml
@@ -0,0 +1,87 @@
+<!--
+	Fenland District Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Insecure cookies are set for these hosts:
+
+		- fenland.gov.uk
+		- www.fenland.gov.uk
+
+-->
+<ruleset name="Fenland.gov.uk (partial)">
+
+	<target host="fenland.gov.uk" />
+	<target host="www.fenland.gov.uk" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://(?:www\.)?fenland\.gov\.uk/(?:article/10471/Apply-for-it$|home$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://(?:www\.)?fenland\.gov\.uk/+(?!CHttpHandler\.ashx|(?:HEF|article/(?:10909/Request-asbestos-bags|10910/Request-Housing-Advice|10919/Trade-or-Clinical-Waste-collection|10922/Request-an-extra-blue-bin|10923/Assisted-collection|3127/Apply-for-large-or-bulky-items-to-be-collected-Household-waste|3128/Make-a-Land-Charges-search)|cemeteryenquiry|ierform|landchargessearch|marketenquiry|streetnamingandnumbering|treesandhedges)(?:$|[?/])|\w+/(?:css|images|template)/|media/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://fenland.gov.uk/accessibility" />
+			<test url="http://www.fenland.gov.uk/article/10027/By-Post" />
+			<test url="http://www.fenland.gov.uk/article/10466/Consultations" />
+			<test url="http://www.fenland.gov.uk/article/10471/Apply-for-it" />
+			<test url="http://www.fenland.gov.uk/article/10584/The-2015-LGC-Winner" />
+			<test url="http://www.fenland.gov.uk/article/13048/Were-not-mucking-about---clean-up-after-your-dog-or-face-a-fine" />
+			<test url="http://www.fenland.gov.uk/article/1165/New-Vision-Fitness" />
+			<test url="http://www.fenland.gov.uk/article/2916/Jobs" />
+			<test url="http://www.fenland.gov.uk/article/2917/Planning-Register" />
+			<test url="http://www.fenland.gov.uk/article/2919/Council-Tax" />
+			<test url="http://www.fenland.gov.uk/article/5382/Connecting-Cambridgeshire" />
+			<test url="http://www.fenland.gov.uk/article/5910/The-2014-MJ-Winner/" />
+			<test url="http://www.fenland.gov.uk/article/6273/Source-Cambridgeshire" />
+			<test url="http://www.fenland.gov.uk/article/9124/Golden-Age-Partners" />
+			<test url="http://www.fenland.gov.uk/article/9597/Report-a-problem-with-the-appearance-of-our-Cemeteries" />
+			<test url="http://www.fenland.gov.uk/communityhouse" />
+			<test url="http://www.fenland.gov.uk/help" />
+			<test url="http://www.fenland.gov.uk/home" />
+			<test url="http://www.fenland.gov.uk/publicaccess/" />
+			<test url="http://www.fenland.gov.uk/sitemap" />
+			<test url="http://www.fenland.gov.uk/tourism" />
+			<test url="http://www.fenland.gov.uk/yourcouncil" />
+
+			<!--	-ve:
+					-->
+			<test url="http://fenland.gov.uk/CHttpHandler.ashx?id=9038&amp;p=0" />
+			<test url="http://www.fenland.gov.uk/HEF" />
+			<test url="http://www.fenland.gov.uk/aksfenland/images/att3535.pdf" />
+			<test url="http://www.fenland.gov.uk/article/10909/Request-asbestos-bags" />
+			<test url="http://www.fenland.gov.uk/article/10910/Request-Housing-Advice" />
+			<test url="http://www.fenland.gov.uk/article/10919/Trade-or-Clinical-Waste-collection" />
+			<test url="http://www.fenland.gov.uk/article/10922/Request-an-extra-blue-bin" />
+			<test url="http://www.fenland.gov.uk/article/10923/Assisted-collection" />
+			<test url="http://www.fenland.gov.uk/article/3127/Apply-for-large-or-bulky-items-to-be-collected-Household-waste" />
+			<test url="http://www.fenland.gov.uk/article/3128/Make-a-Land-Charges-search" />
+			<test url="http://www.fenland.gov.uk/cemeteryenquiry" />
+			<test url="http://www.fenland.gov.uk/fenland/css/cookies.css" />
+			<test url="http://www.fenland.gov.uk/fenland/images/yellowbox-tl.gif" />
+			<test url="http://www.fenland.gov.uk/fenland/template/home/css/home.css" />
+			<test url="http://www.fenland.gov.uk/ierform" />
+			<test url="http://www.fenland.gov.uk/landchargessearch" />
+			<test url="http://www.fenland.gov.uk/marketenquiry" />
+			<test url="http://www.fenland.gov.uk/media/image/l/8/Community.jpg" />
+			<test url="http://www.fenland.gov.uk/openregister" />
+			<test url="http://www.fenland.gov.uk/streetnamingandnumbering" />
+			<test url="http://www.fenland.gov.uk/treesandhedges" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^fenland\.gov\.uk$" name="^(?:ASP\.NET_SessionId|clientvars)$" /-->
+	<!--securecookie host="^www\.fenland\.gov\.uk$" name="^(?:ASP\.NET_SessionId|TextOnlyX|clientvars|mode)$" /-->
+
+	<!--securecookie host="^(?!www\.)\w" name="." /-->
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/FeqhBook.com.xml b/src/chrome/content/rules/FeqhBook.com.xml
new file mode 100644
index 000000000000..b3632b6e04b2
--- /dev/null
+++ b/src/chrome/content/rules/FeqhBook.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="FeqhBook.com">
+	<target host="feqhbook.com" />
+	<target host="www.feqhbook.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/FeqhUp.com.xml b/src/chrome/content/rules/FeqhUp.com.xml
new file mode 100644
index 000000000000..1e22e901ffbe
--- /dev/null
+++ b/src/chrome/content/rules/FeqhUp.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="FeqhUp.com" platform="mixedcontent">
+	<target host="feqhup.com" />
+	<target host="www.feqhup.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/FeqhWeb.com.xml b/src/chrome/content/rules/FeqhWeb.com.xml
new file mode 100644
index 000000000000..8f4f64bb7a81
--- /dev/null
+++ b/src/chrome/content/rules/FeqhWeb.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="FeqhWeb.com">
+	<target host="feqhweb.com" />
+	<target host="www.feqhweb.com" />
+	<target host="book.feqhweb.com" />
+	<target host="www.book.feqhweb.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Feral.io.xml b/src/chrome/content/rules/Feral.io.xml
new file mode 100644
index 000000000000..f782c9615db9
--- /dev/null
+++ b/src/chrome/content/rules/Feral.io.xml
@@ -0,0 +1,18 @@
+<!--
+	For other Feral Hosting coverage, see Feral_Hosting.com.xml.
+
+-->
+<ruleset name="Feral.io">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="feral.io" />
+	<target host="network.feral.io" />
+	<target host="status.feral.io" />
+	<target host="www.feral.io" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Feral_Hosting.com.xml b/src/chrome/content/rules/Feral_Hosting.com.xml
new file mode 100644
index 000000000000..18883fabfda3
--- /dev/null
+++ b/src/chrome/content/rules/Feral_Hosting.com.xml
@@ -0,0 +1,23 @@
+<!--
+	Other Feral Hosting rulesets:
+
+		- Feral.io.xml
+
+
+	(www.)?feralhosting.com includes includeSubdomains in HSTS header.
+
+-->
+<ruleset name="Feral Hosting.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="feralhosting.com" />
+	<target host="*.feralhosting.com" />
+
+		<test url="http://www.feralhosting.com/" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Feralinteractive.com.xml b/src/chrome/content/rules/Feralinteractive.com.xml
new file mode 100644
index 000000000000..acdc59edf32e
--- /dev/null
+++ b/src/chrome/content/rules/Feralinteractive.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Feralinteractive.com">
+  <target host="feralinteractive.com" />
+  <target host="www.feralinteractive.com" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ferienhaus-emsland-suzan.de.xml b/src/chrome/content/rules/Ferienhaus-emsland-suzan.de.xml
new file mode 100644
index 000000000000..d02e106be6e5
--- /dev/null
+++ b/src/chrome/content/rules/Ferienhaus-emsland-suzan.de.xml
@@ -0,0 +1,15 @@
+<!--
+	Nonfunctional hosts in *.ferienhaus-emsland-suzan.de:
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Ferienhaus-emsland-suzan.de">
+	<target host="ferienhaus-emsland-suzan.de" />
+	<target host="www.ferienhaus-emsland-suzan.de" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ferienhaus-seepark-eiken.de.xml b/src/chrome/content/rules/Ferienhaus-seepark-eiken.de.xml
new file mode 100644
index 000000000000..81c36009edb9
--- /dev/null
+++ b/src/chrome/content/rules/Ferienhaus-seepark-eiken.de.xml
@@ -0,0 +1,15 @@
+<!--
+	Nonfunctional hosts in *.ferienhaus-seepark-eiken.de:
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Ferienhaus-seepark-eiken.de">
+	<target host="ferienhaus-seepark-eiken.de" />
+	<target host="www.ferienhaus-seepark-eiken.de" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/FermatsLibrary.com.xml b/src/chrome/content/rules/FermatsLibrary.com.xml
new file mode 100644
index 000000000000..c68a04beabcc
--- /dev/null
+++ b/src/chrome/content/rules/FermatsLibrary.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="FermatsLibrary.com">
+	<target host="fermatslibrary.com" />
+	<target host="www.fermatslibrary.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Fermi_National_Accelerator_Laboratory.xml b/src/chrome/content/rules/Fermi_National_Accelerator_Laboratory.xml
index 3c9202593432..32941fb84a77 100644
--- a/src/chrome/content/rules/Fermi_National_Accelerator_Laboratory.xml
+++ b/src/chrome/content/rules/Fermi_National_Accelerator_Laboratory.xml
@@ -1,22 +1,149 @@
-<!--
-	Nonfunctional subdomains:
 
-		- www-boone *
-		- www-coupp *
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://astro.fnal.gov/ => https://astro.fnal.gov/: (28, 'Connection timed out after 20001 milliseconds')
 
-	* prints "VHOSTS - Home Page", valid cert
+	403 under HTTPS only:
+		ncs.fnal.gov
 
--->
-<ruleset name="Fermi National Accelerator Laboratory (partial)">
+	Different HTTP/HTTPS content:
+		www-tele.fnal.gov
 
-	<target host="fnal.gov" />
-	<target host="*.fnal.gov" />
+	Invalid certificate:
+		larp.fnal.gov
+		lqcd.fnal.gov , also has invalid certificate chain
+		minerva05.fnal.gov
+		mnvevd1.fnal.gov
+		usqcd.fnal.gov
 
+	Mixed content:
+		ed.fnal.gov , broken calendar at right
+		eddata.fnal.gov , example: https://eddata.fnal.gov/lasso/program_search/show_workshops_catalog.shtml
+		iarc.fnal.gov
+		muon-g-2.fnal.gov
+		neutrino.fnal.gov
+		ppd.fnal.gov
+		sustainability.fnal.gov
+		www-microboone.fnal.gov
 
-	<securecookie host="^(?:.*\.)?fnal\.gov$" name=".+" />
+	Redirects to HTTP:
+		esh.fnal.gov
+		computing.fnal.gov
+		glideinwms.fnal.gov
+		uspas.fnal.gov
 
+	Time out:
+		art.fnal.gov
+		caif.fnal.gov
+		conferences.fnal.gov
+		diversity.fnal.gov
+		fermiworks.fnal.gov
+		fife.fnal.gov
+		ftbf.fnal.gov
+		fulla.fnal.gov
+		get-connected.fnal.gov
+		hr.fnal.gov
+		icfa.fnal.gov
+		lcls-ii.fnal.gov
+		library.fnal.gov
+		linux1.fnal.gov
+		minerva.fnal.gov
+		networking.fnal.gov
+		news.fnal.gov
+		npc.fnal.gov
+		opss.fnal.gov
+		orientation.fnal.gov
+		pac.fnal.gov
+		pi0s.fnal.gov
+		programplanning.fnal.gov
+		td.fnal.gov
+		techpubs.fnal.gov
+		theory.fnal.gov
+		vms.fnal.gov
+		vmsstreamer1.fnal.gov
+		fermilab.jobs
+		www.fermilab.jobs
 
-	<rule from="^http://(www\.)?fnal\.gov/"
-		to="https://$1fnal.gov/" />
+-->
+<ruleset name="Fermi National Accelerator Laboratory" default_off="failed ruleset test">
+	<target host="fnal.gov" />
+	<target host="www.fnal.gov" />
+	<target host="annie.fnal.gov" />
+	<target host="asta.fnal.gov" />
+	<target host="astro.fnal.gov" />
+	<target host="bigdataexpress.fnal.gov" />
+	<target host="bss.fnal.gov" />
+	<target host="calendar.fnal.gov" />
+	<target host="ccd.fnal.gov" />
+	<target host="cd-docdb.fnal.gov" />
+	<target host="cdcvs.fnal.gov" />
+	<target host="cdorg.fnal.gov" />
+	<target host="cms.fnal.gov" />
+	<target host="compass.fnal.gov" />
+	<target host="des.fnal.gov" />
+	<target host="detectors.fnal.gov" />
+	<target host="docdb.fnal.gov" />
+	<target host="drdonlincoln.fnal.gov" />
+	<target host="emop.fnal.gov" />
+	<target host="epp.fnal.gov" />
+	<target host="fast.fnal.gov" />
+	<target host="fermilinux.fnal.gov" />
+	<target host="fess.fnal.gov" />
+	<target host="fnkits.fnal.gov" />
+	<target host="fop.fnal.gov" />
+	<target host="gratia.fnal.gov" />
+	<target host="hcpss.fnal.gov" />
+	<target host="history.fnal.gov" />
+	<target host="holometer.fnal.gov" />
+	<target host="home.fnal.gov" />
+	<target host="iifc.fnal.gov" />
+	<target host="ilc.fnal.gov" />
+	<target host="indico.fnal.gov" />
+	<target host="ktev.fnal.gov" />
+	<target host="lariat.fnal.gov" />
+	<target host="larpdocs.fnal.gov" />
+	<target host="lbne.fnal.gov" />
+	<target host="lbnf.fnal.gov" />
+	<target host="lpc.fnal.gov" />
+	<target host="lutece.fnal.gov" />
+	<target host="mail-migration.fnal.gov" />
+	<target host="map.fnal.gov" />
+	<target host="mars.fnal.gov" />
+	<target host="mcfm.fnal.gov" />
+	<target host="mu2e.fnal.gov" />
+	<target host="muon.fnal.gov" />
+	<target host="nusoft.fnal.gov" />
+	<target host="nuss.fnal.gov" />
+	<target host="ocsr.fnal.gov" />
+	<target host="orgs.fnal.gov" />
+	<target host="password-reset.fnal.gov" />
+	<target host="passwordreset.fnal.gov" />
+	<target host="pbar.fnal.gov" />
+	<target host="pip2.fnal.gov" />
+	<target host="prep.fnal.gov" />
+	<target host="pxie.fnal.gov" />
+	<target host="qcdloop.fnal.gov" />
+	<target host="quarknet.fnal.gov" />
+	<target host="radiate.fnal.gov" />
+	<target host="sbn.fnal.gov" />
+	<target host="sbn-nd.fnal.gov" />
+	<target host="security.fnal.gov" />
+	<target host="sorry.fnal.gov" />
+	<target host="synoptic.fnal.gov" />
+	<target host="t962.fnal.gov" />
+	<target host="tevatron.fnal.gov" />
+	<target host="tevewwg.fnal.gov" />
+	<target host="tevnphwg.fnal.gov" />
+	<target host="vector-offsite.fnal.gov" />
+	<target host="wdrs.fnal.gov" />
+	<target host="web.fnal.gov" />
+	<target host="www-bd.fnal.gov" />
+	<target host="www-boone.fnal.gov" />
+	<target host="www-coupp.fnal.gov" />
+	<target host="www-d0.fnal.gov" />
+	<target host="www-nova.fnal.gov" />
+	<target host="www-numi.fnal.gov" />
+	<target host="xoc.fnal.gov" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/FernUni-Hagen.de.xml b/src/chrome/content/rules/FernUni-Hagen.de.xml
new file mode 100644
index 000000000000..3bec2bca8e42
--- /dev/null
+++ b/src/chrome/content/rules/FernUni-Hagen.de.xml
@@ -0,0 +1,48 @@
+<!--
+	University of Hagen
+
+
+	^: mismatched, CN: www.fernuni-hagen.de
+
+
+	Fully covered subdomains:
+
+		- (www.)	(^ → www)
+		- account
+		- blog
+		- cl-www
+		- moodle
+		- www.ub
+		- vu
+		- wiki
+
+
+	Mixed content:
+
+		- Image on blog from blog *
+
+	* Secured by us
+
+-->
+<ruleset name="FernUni-Hagen.de">
+
+	<target host="fernuni-hagen.de" />
+	<target host="www.fernuni-hagen.de" />
+	<target host="cl-www.fernuni-hagen.de" />
+	<target host="account.fernuni-hagen.de" />
+	<target host="blog.fernuni-hagen.de" />
+	<target host="moodle.fernuni-hagen.de" />
+	<target host="www.ub.fernuni-hagen.de" />
+	<target host="vu.fernuni-hagen.de" />
+	<target host="wiki.fernuni-hagen.de" />
+
+
+	<securecookie host="^(?:account|moodle|wiki)\.fernuni-hagen\.de$" name=".+" />
+
+
+	<rule from="^http://(?:(cl-)?www\.)?fernuni-hagen\.de/"
+		to="https://$1www.fernuni-hagen.de/" />
+
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ferris_State_University-problematic.xml b/src/chrome/content/rules/Ferris_State_University-problematic.xml
index dd38186c6b44..e1f234883583 100644
--- a/src/chrome/content/rules/Ferris_State_University-problematic.xml
+++ b/src/chrome/content/rules/Ferris_State_University-problematic.xml
@@ -9,7 +9,6 @@
 	<target host="calendar.ferris.edu" />
 
 
-	<rule from="^http://calendar\.ferris\.edu/"
-		to="https://calendar.ferris.edu/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Ferris_State_University.xml b/src/chrome/content/rules/Ferris_State_University.xml
index 5ee7fee73c8c..451cdf192742 100644
--- a/src/chrome/content/rules/Ferris_State_University.xml
+++ b/src/chrome/content/rules/Ferris_State_University.xml
@@ -27,14 +27,17 @@
 -->
 <ruleset name="Ferris State University (partial)">
 
-	<target host="*.ferris.edu" />
+	<target host="ebill.ferris.edu" />
+	<target host="fsuban2.ferris.edu" />
+	<target host="m.ferris.edu" />
+	<target host="mysfu.ferris.edu" />
+	<target host="passwordhelp.ferris.edu" />
 		<exclusion pattern="^http://myfsu.ferris.edu/cp/home/loginf" />
 
 
 	<securecookie host="^(?!myfsu)\.ferris\.edu$" name=".+" />
 
 
-	<rule from="^http://(ebill|fsuban2|m|mysfu|passwordhelp)\.ferris\.edu(:9000)?/"
-		to="https://$1.ferris.edu$2/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Festeirice.com.br.xml b/src/chrome/content/rules/Festeirice.com.br.xml
new file mode 100644
index 000000000000..0b80ba812625
--- /dev/null
+++ b/src/chrome/content/rules/Festeirice.com.br.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .festeirice.com.br
+
+-->
+<ruleset name="Festeirice.com.br">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="festeirice.com.br" />
+	<target host="www.festeirice.com.br" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.festeirice\.com\.br$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.festeirice\.com\.br$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Festivus_Games.com.xml b/src/chrome/content/rules/Festivus_Games.com.xml
new file mode 100644
index 000000000000..ec9c37f891fb
--- /dev/null
+++ b/src/chrome/content/rules/Festivus_Games.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="Festivus Games.com">
+
+	<target host="festivusgames.com" />
+	<target host="www.festivusgames.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/FetLife.xml b/src/chrome/content/rules/FetLife.xml
deleted file mode 100644
index 4f2dab70ed4d..000000000000
--- a/src/chrome/content/rules/FetLife.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	CDN buckets:
-
-		- flassets.a.ssl.fastly.net
-		- flpics0.a.ssl.fastly.net
-		- flpics2.a.ssl.fastly.net
-
--->
-<ruleset name="FetLife">
-  <target host="*.fetlife.com" />
-  <target host="fetlife.com" />
-
-  <securecookie host="^(.*\.)?fetlife\.com$" name=".*" />
-
-  <rule from="^http://(?:www\.)?fetlife\.com/"
-      to="https://fetlife.com/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/FetShop.co.uk.xml b/src/chrome/content/rules/FetShop.co.uk.xml
index 22d6181dc15f..8d247ee264dd 100644
--- a/src/chrome/content/rules/FetShop.co.uk.xml
+++ b/src/chrome/content/rules/FetShop.co.uk.xml
@@ -23,7 +23,9 @@
 <ruleset name="FetShop.co.uk">
 
 	<target host="fetshop.co.uk" />
-	<target host="*.fetshop.co.uk" />
+	<target host="www.fetshop.co.uk" />
+	<target host="cdn.fetshop.co.uk" />
+	<target host="cdn-test.fetshop.co.uk" />
 
 
 	<securecookie host="^\.www\.fetshop\.co\.uk$" name=".+" />
@@ -38,4 +40,4 @@
 	<rule from="^http://cdn-test\.fetshop\.co\.uk/"
 		to="https://4001-test-iamnoonesolution.netdna-ssl.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/FetchBack.xml b/src/chrome/content/rules/FetchBack.xml
deleted file mode 100644
index 164ccaa42f9a..000000000000
--- a/src/chrome/content/rules/FetchBack.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<ruleset name="FetchBack">
-
-	<target host="fetchback.com"/>
-	<target host="*.fetchback.com"/>
-
-	<securecookie host="^(.*\.)?fetchback\.com$" name=".*"/>
-
-	<rule from="^http://(\w+\.)?fetchback\.com/"
-		to="https://$1fetchback.com/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Fewo-mehrtens.de.xml b/src/chrome/content/rules/Fewo-mehrtens.de.xml
new file mode 100644
index 000000000000..e26011b981f3
--- /dev/null
+++ b/src/chrome/content/rules/Fewo-mehrtens.de.xml
@@ -0,0 +1,8 @@
+<ruleset name="Fewo-mehrtens.de">
+	<target host="www.fewo-mehrtens.de" />
+	<target host="fewo-mehrtens.de" />
+
+	<securecookie host="^(www\.)?fewo-mehrtens\.de$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/FftFEF.org.xml b/src/chrome/content/rules/FftFEF.org.xml
new file mode 100644
index 000000000000..9ca0e5d8bdad
--- /dev/null
+++ b/src/chrome/content/rules/FftFEF.org.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- .fftfef.org
+
+-->
+<ruleset name="FftFEF.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="fftfef.org" />
+	<target host="donate.fftfef.org" />
+	<target host="www.fftfef.org" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.fftfef\.org$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.fftfef\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Fhserve.com.xml b/src/chrome/content/rules/Fhserve.com.xml
index eb4902f6ce7d..662c31bb21bc 100644
--- a/src/chrome/content/rules/Fhserve.com.xml
+++ b/src/chrome/content/rules/Fhserve.com.xml
@@ -1,32 +1,48 @@
 <!--
-	Ads/web bugs.
+	For other OpenX coverage, see OpenX.xml.
 
-	For other MediaHub coverage, see MediaHub.xml.
 
+	CDN buckets:
 
-	Fully covered subdomains:
+		- i.fhserve.com.cdn.cloudflare.net
 
-		- (www.)
-		- secure
 
+	Nonfunctional hosts in *fhserve.com:
 
-	Observed cookie domains:
+		- i *
 
-		- ^
-		- secure
-		- www
+	* 521
+
+
+	Problematic hosts in *fhserve.com:
+
+		- ^ ¹
+		- www ²
+
+	¹ Shows contact form
+	² Server sends no certificate chain, see https://whatsmychaincert.com
+
+
+	Fully covered hosts in *fhserve.com:
+
+		- (www.)?	(^ → www)
 
 -->
-<ruleset name="fhserve.com (partial)">
+<ruleset name="fhserve.com" default_off="cert-chain">
 
-	<target host="fhserve.com" />
-	<target host="*.fhserve.com" />
+	<!--	Direct rewrites:
+				-->
+	<target host="www.fhserve.com" />
 
+	<!--	Complications:
+				-->
+	<target host="fhserve.com" />
 
-	<securecookie host="^(?:.+\.)?fhserve\.com$" name=".+" />
 
+	<rule from="^http://fhserve\.com/"
+		to="https://www.fhserve.com/" />
 
-	<rule from="^http://(secure\.|www\.)?fhserve\.com/"
-		to="https://$1fhserve.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/FiannaFail.xml b/src/chrome/content/rules/FiannaFail.xml
index 53503171d76d..cf68759f3632 100644
--- a/src/chrome/content/rules/FiannaFail.xml
+++ b/src/chrome/content/rules/FiannaFail.xml
@@ -1,6 +1,7 @@
 <ruleset name="Fianna Fail">
-  <target host="www.fiannafail.ie" />
-  <target host="fiannafail.ie" />
+	<target host="www.fiannafail.ie" />
+	<target host="fiannafail.ie" />
 
-  <rule from="^http://(?:www\.)?fiannafail\.ie/" to="https://secure.fiannafail.ie/"/>
+	<rule from="^http:"
+		to="https:"/>
 </ruleset>
diff --git a/src/chrome/content/rules/Fibank.xml b/src/chrome/content/rules/Fibank.xml
index e923440ac0c2..e79766b9bd0e 100644
--- a/src/chrome/content/rules/Fibank.xml
+++ b/src/chrome/content/rules/Fibank.xml
@@ -4,6 +4,6 @@
   <target host="*.e-fibank.bg" />
   <target host="e-fibank.bg" />
 
-  <rule from="^http://(www\.)?fibank\.bg/"  to="https://www.fibank.bg/" />
-  <rule from="^http://([^/:@\.]+\.)?e-fibank\.bg/" to="https://e-fibank.bg/" />
+  <rule from="^http://(?:www\.)?fibank\.bg/"  to="https://www.fibank.bg/" />
+  <rule from="^http://(?:[^/:@\.]+\.)?e-fibank\.bg/" to="https://e-fibank.bg/" />
 </ruleset>
diff --git a/src/chrome/content/rules/Ficora.fi.xml b/src/chrome/content/rules/Ficora.fi.xml
new file mode 100644
index 000000000000..ef81b3a07e57
--- /dev/null
+++ b/src/chrome/content/rules/Ficora.fi.xml
@@ -0,0 +1,37 @@
+<!--
+	^ficora.fi: Refused
+
+
+	Insecure cookies are set for these hosts:
+
+		- eservices.ficora.fi
+		- www.ficora.fi
+
+-->
+<ruleset name="Ficora.fi">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="eservices.ficora.fi" />
+	<target host="www.ficora.fi" />
+
+	<!--	Complications:
+				-->
+	<target host="ficora.fi" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^eservices\.ficora\.fi$" name="^(?:ASP\.NET_SessionId|TS[\da-f]{8})$" /-->
+	<!--securecookie host="^www\.ficora\.fi$" name="^TS[\da-f]{8}$" /-->
+
+	<securecookie host="^(?:eservices|www)\.ficora\.fi$" name=".+" />
+
+
+	<rule from="^http://ficora\.fi/"
+		to="https://www.ficora.fi/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/FictionPress.com.xml b/src/chrome/content/rules/FictionPress.com.xml
new file mode 100644
index 000000000000..07ffe1b825be
--- /dev/null
+++ b/src/chrome/content/rules/FictionPress.com.xml
@@ -0,0 +1,28 @@
+<!--
+	Problematic hosts in *fictionpress.com:
+
+		- ^ ¹
+		- blog ²
+
+	¹ Dropped
+	² Mismatched
+
+-->
+<ruleset name="FictionPress.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.fictionpress.com" />
+
+	<!--	Complications:
+				-->
+	<target host="fictionpress.com" />
+
+
+	<rule from="^http://fictionpress\.com/"
+		to="https://www.fictionpress.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Fictiv.com.xml b/src/chrome/content/rules/Fictiv.com.xml
new file mode 100644
index 000000000000..34ffce80306f
--- /dev/null
+++ b/src/chrome/content/rules/Fictiv.com.xml
@@ -0,0 +1,22 @@
+<!--
+	^fictiv.com: Refused
+
+-->
+<ruleset name="Fictiv.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.fictiv.com" />
+
+	<!--	Complications:
+				-->
+	<target host="fictiv.com" />
+
+
+	<rule from="^http://fictiv\.com/"
+		to="https://www.fictiv.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Fidelity.com.hk.xml b/src/chrome/content/rules/Fidelity.com.hk.xml
new file mode 100644
index 000000000000..43cba3c04e28
--- /dev/null
+++ b/src/chrome/content/rules/Fidelity.com.hk.xml
@@ -0,0 +1,74 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+		- author.pension.fidelity.com.hk
+		- author.pensionnp.fidelity.com.hk
+		- author.retirement.fidelity.com.hk
+		- author.retirementnp.fidelity.com.hk
+
+		Timeout was reached:
+		- eclub.fidelity.com.hk
+		- email.fidelity.com.hk
+		- investeeportal.fidelity.com.hk
+		- pension.fidelity.com.hk
+		- schemenp.fidelity.com.hk
+		- www99.webxpress.fidelity.com.hk
+		- www99.fidelity.com.hk
+
+		SSL connect error:
+		- api.fidelity.com.hk
+		- cat.api.fidelity.com.hk
+		- api-uat.fidelity.com.hk
+		- gateway-cat.fidelity.com.hk
+		- hkweb-uat.fidelity.com.hk
+		- m.fidelity.com.hk
+		- m-uat.fidelity.com.hk
+		- m11.fidelity.com.hk
+		- m22.fidelity.com.hk
+		- vpn-uat.fidelity.com.hk
+		- webxpress.fidelity.com.hk
+		- www.webxpress.fidelity.com.hk
+		- www11.webxpress.fidelity.com.hk
+
+		SSL peer certificate was not OK:
+		- retirementnp.fidelity.com.hk
+		- tpa.fidelity.com.hk
+		- cat.webxpress.fidelity.com.hk
+		- www22.webxpress.fidelity.com.hk
+
+		Incomplete certificate chain error:
+		- voip.fidelity.com.hk
+
+		4xx client error:
+		- pensionnp.fidelity.com.hk
+		- qdii11.fidelity.com.hk
+		- qdii22.fidelity.com.hk
+-->
+<ruleset name="Fidelity.com.hk">
+	<target host="fidelity.com.hk" />
+	<target host="www.fidelity.com.hk" />
+	<target host="cat.fidelity.com.hk" />
+	<target host="collaborate.fidelity.com.hk" />
+	<target host="gateway.fidelity.com.hk" />
+	<target host="cat.gateway.fidelity.com.hk" />
+	<target host="email.ws.m.fidelity.com.hk" />
+	<target host="page.ws.m.fidelity.com.hk" />
+	<target host="email.mpf.fidelity.com.hk" />
+	<target host="page.mpf.fidelity.com.hk" />
+	<target host="new.fidelity.com.hk" />
+	<target host="qdii.fidelity.com.hk" />
+	<target host="cat.qdii.fidelity.com.hk" />
+	<target host="retirement.fidelity.com.hk" />
+	<target host="secure.fidelity.com.hk" />
+	<target host="secure11.fidelity.com.hk" />
+	<target host="secure22.fidelity.com.hk" />
+	<target host="vpn.fidelity.com.hk" />
+	<target host="email.ws.fidelity.com.hk" />
+	<target host="page.ws.fidelity.com.hk" />
+	<target host="www11.fidelity.com.hk" />
+	<target host="www22.fidelity.com.hk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Fidelity.com.xml b/src/chrome/content/rules/Fidelity.com.xml
new file mode 100644
index 000000000000..d5c313de2478
--- /dev/null
+++ b/src/chrome/content/rules/Fidelity.com.xml
@@ -0,0 +1,89 @@
+<!--
+	CDN buckets:
+
+		- personal.fidelity.com.edgesuite.net
+
+
+	Nonfunctional subdomains:
+
+		- activequote ¹
+		- personal ²
+
+	¹ Dropped
+	² 504, Akamai
+
+
+	Problematic subdomains:
+
+		- research *
+
+	* Mismatched, CN: *.wsodqa.com
+
+
+	Fully covered subdomains:
+
+		- (www.)?
+		- charitablegift
+		- fixedincome
+		- eresearch
+		- login
+		- membership
+		- moneymovement
+		- news
+		- oltx
+		- research2
+		- researchtools
+		- screener
+		- scs
+
+
+	These altnames don't exist:
+
+		- www.news.fidelity.com
+
+
+	Insecure cookies are set for these domains:
+
+		- .fidelity.com
+		- charitablegift.fidelity.com
+		- login.fidelity.com
+
+
+	Mixed content:
+
+		- Images on www from personal *
+
+	* Unsecurable <= 504
+
+-->
+<ruleset name="Fidelity.com (partial)">
+
+	<target host="fidelity.com" />
+	<target host="charitablegift.fidelity.com" />
+	<target host="eresearch.fidelity.com" />
+	<target host="fixedincome.fidelity.com" />
+	<target host="login.fidelity.com" />
+	<target host="membership.fidelity.com" />
+	<target host="moneymovement.fidelity.com" />
+	<target host="news.fidelity.com" />
+	<target host="oltx.fidelity.com" />
+	<target host="research2.fidelity.com" />
+	<target host="researchtools.fidelity.com" />
+	<target host="screener.fidelity.com" />
+	<target host="scs.fidelity.com" />
+	<target host="www.fidelity.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.fidelity\.com$" name="^MC$" /-->
+	<!--securecookie host="^charitablegift\.fidelity\.com$" name="^AMURCC$" /-->
+	<!--securecookie host="^login\.fidelity\.com$" name="^RMDC$" /-->
+
+	<securecookie host="^\.fidelity\.com$" name="^MC$" />
+	<securecookie host="^(?:charitablegift|login)\.fidelity\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/FierceFinance.xml b/src/chrome/content/rules/FierceFinance.xml
deleted file mode 100644
index bfefd28edbe4..000000000000
--- a/src/chrome/content/rules/FierceFinance.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	For other FierceMarkets coverage, see FierceMarkets.xml.
-
-
-	At least some pages redirect to http.
-
--->
-<ruleset name="FierceFinance (partial)">
-
-	<target host="fiercefinance.com" />
-	<target host="www.fiercefinance.com" />
-
-
-	<rule from="^http://(www\.)?fiercefinance\.com/(fil|sit)es/"
-		to="https://$1fiercefinance.com/$2es/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/FierceMarkets.xml b/src/chrome/content/rules/FierceMarkets.xml
index 63d7cc84c1af..a71dbe11443f 100644
--- a/src/chrome/content/rules/FierceMarkets.xml
+++ b/src/chrome/content/rules/FierceMarkets.xml
@@ -1,50 +1,21 @@
 <!--
 	Other FierceMarkets rulesets:
-
-		- FierceFinance.xml
 		- FiercePharma.xml
-		- FierceWireless.xml
-
-
-	CDN buckets:
-
-		- d2pkycnpovhofp.cloudfront.net
-			- assets.fiercemarkets.net
-
-
-	Problematic domains:
-
-		- assets.fiercemarkets.com	(mismatched, CN: www.fiercefinance.com)
-		- static.fiercemarkets.com	(shows secure, CN: secure.fiercemarkets.com)
-
 
-	Fully covered domains:
-
-		- assets.fiercemarkets.com	(→ www.fiercefinance.com)
+	Non-functional hosts:
+		Timeout:
+		- fiercemarkets.com
 		- secure.fiercemarkets.com
-		- static.fiercemarkets.com	(→ d2pkycnpovhofp.cloudfront.net)
-		- assets.fiercemarkets.net	(→ d2pkycnpovhofp.cloudfront.net)
-
-
+		- static.fiercemarkets.com
 -->
 <ruleset name="FierceMarkets (partial)">
 
-	<target host="*.fiercemarkets.com" />
+	<target host="www.fiercemarkets.com" />
+	<target host="assets.fiercemarkets.com" />
 	<target host="assets.fiercemarkets.net" />
-	<target host="fiercewireless.com" />
-	<target host="www.fiercewireless.com" />
-
-
-	<rule from="^http://secure\.fiercemarkets\.com/"
-		to="https://secure.fiercemarkets.com/" />
-
-	<rule from="^http://assets\.fiercemarkets\.com/"
-		to="https://www.fiercefinance.com/" />
-
-	<rule from="^https?://(?:static\.fiercemarkets\.com|assets\.fiercemarkets\.net)/"
-		to="https://d2pkycnpovhofp.cloudfront.net/" />
+		<test url="http://assets.fiercemarkets.net/public/SNY38294_20150205_Results_en.pdf" />
+		<test url="http://assets.fiercemarkets.net/public/sanofiq3.pdf" />
 
-	<rule from="^https?://(?:www\.)?fiercewireless\.com/(files|sites)/"
-		to="https://d2pkycnpovhofp.cloudfront.net/$1/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/FiercePharma.xml b/src/chrome/content/rules/FiercePharma.xml
index d06f58565a0f..b0103fdd8b37 100644
--- a/src/chrome/content/rules/FiercePharma.xml
+++ b/src/chrome/content/rules/FiercePharma.xml
@@ -11,7 +11,7 @@
 	<target host="www.fiercepharma.com" />
 
 
-	<rule from="^https?://(?:www\.)?fiercepharma\.com/(fil|sit)es/"
+	<rule from="^http://(?:www\.)?fiercepharma\.com/(fil|sit)es/"
 		to="https://www.fiercepharma.com/$1es/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/FierceWireless-problematic.xml b/src/chrome/content/rules/FierceWireless-problematic.xml
deleted file mode 100644
index 726278be97cd..000000000000
--- a/src/chrome/content/rules/FierceWireless-problematic.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	For rules that are on by default, see FierceWireless.xml.
-
-
-	Cert only matches www.
-
--->
-<ruleset name="FierceWireless (self-signed)" default_off="self-signed">
-
-	<target host="fiercewireless.com" />
-	<target host="www.fiercewireless.com" />
-		<exclusion pattern="^https?://(?:www\.)?fiercewireless\.com/(?:files|sites)/" />
-
-
-	<rule from="^https?://(?:www\.)?fiercewireless\.com/"
-		to="https://www.fiercewireless.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/FierceWireless.xml b/src/chrome/content/rules/FierceWireless.xml
deleted file mode 100644
index aa7f10f8eb6e..000000000000
--- a/src/chrome/content/rules/FierceWireless.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	For other FierceMarkets coverage, see FierceMarkets.xml.
-
-
-	For problematic rules, see FierceWireless-problematic.xml.
-
--->
-<ruleset name="FierceWireless (partial)">
-
-	<target host="fiercewireless.com" />
-	<target host="*.fiercewireless.com" />
-
-
-	<rule from="^https?://(?:www\.)?fiercewireless\.com/(files|sites)/"
-		to="https://d2pkycnpovhofp.cloudfront.net/$1/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Fife_Direct.org.uk.xml b/src/chrome/content/rules/Fife_Direct.org.uk.xml
new file mode 100644
index 000000000000..5ce12c6fc258
--- /dev/null
+++ b/src/chrome/content/rules/Fife_Direct.org.uk.xml
@@ -0,0 +1,47 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://m.fifedirect.org.uk/ => https://m.fifedirect.org.uk/: (6, 'Could not resolve host: m.fifedirect.org.uk')
+
+	Fife Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- fifedirect.org.uk
+		- m.fifedirect.org.uk
+		- www.fifedirect.org.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Images on www from publications.1fife.org.uk ⁴
+
+	⁴ Unsecurable <= 404
+
+-->
+<ruleset name="Fife Direct.org.uk" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="fifedirect.org.uk" />
+	<target host="m.fifedirect.org.uk" />
+	<target host="vf.fifedirect.org.uk" />
+	<target host="www.fifedirect.org.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:m\.|www\.)?fifedirect\.org\.uk$" name="^CF(?:GLOBALS|ID|TOKEN)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Fifi.Org.xml b/src/chrome/content/rules/Fifi.Org.xml
index 783798680b66..71818980d15f 100644
--- a/src/chrome/content/rules/Fifi.Org.xml
+++ b/src/chrome/content/rules/Fifi.Org.xml
@@ -6,13 +6,10 @@
 -->
 <ruleset name="Fifi.Org (partial)" default_off="self-signed">
 
-	<target host="*.fifi.org" />
+	<target host="secure.fifi.org" />
 
 
-	<securecookie host="^\.fifi\.org$" name=".+" />
 
+	<rule from="^http:" to="https:" />
 
-	<rule from="^http://secure\.fifi\.org/"
-		to="https://secure.fifi.org/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/FifthThirdBank.xml b/src/chrome/content/rules/FifthThirdBank.xml
index 6b84edda756f..e82692cdca52 100644
--- a/src/chrome/content/rules/FifthThirdBank.xml
+++ b/src/chrome/content/rules/FifthThirdBank.xml
@@ -1,9 +1,27 @@
+<!--
+	Invalid certificate:
+		contactforms.53.com
+		reo.53.com
+		securitiesadvisors.53.com
+
+	Wildcard DNS but without wildcard certificate.
+
+-->
 <ruleset name="Fifth Third Bank">
-  <target host="53.com" />
-  <target host="*.53.com" />
-
-  <rule from="^http://53\.com/"
-          to="https://www.53.com/" />
-  <rule from="^http://(reo|sdg2|www)\.53\.com/"
-          to="https://$1.53.com/" />
-</ruleset>
\ No newline at end of file
+
+	<target host="53.com" />
+	<target host="www.53.com" />
+	<target host="commercialcard.53.com" />
+	<target host="direct.53.com" />
+	<target host="express.53.com" />
+	<target host="life360.53.com" />
+	<target host="locations.53.com" />
+	<target host="pages.offers.53.com" />
+	<target host="rewards.53.com" />
+	<target host="sdg2.53.com" />
+	<target host="secure.53.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Fifthhorseman.net.xml b/src/chrome/content/rules/Fifthhorseman.net.xml
new file mode 100644
index 000000000000..058ff926bd14
--- /dev/null
+++ b/src/chrome/content/rules/Fifthhorseman.net.xml
@@ -0,0 +1,24 @@
+<!--
+	Nonfunctional subdomains:
+
+		- ^ ¹
+		- web ²
+		- www ²
+
+	¹ Shows pair.com; mismatched, CN: *.pair.com
+	² 403; mismatched, CN: dkg.fifthhorseman.net
+
+
+	These altnames don't exist:
+
+		- www.dkg.fifthhorseman.net
+
+-->
+<ruleset name="fifthhorseman.net (partial)">
+
+	<target host="dkg.fifthhorseman.net" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Fig.co.xml b/src/chrome/content/rules/Fig.co.xml
new file mode 100644
index 000000000000..b9fd55dbc99c
--- /dev/null
+++ b/src/chrome/content/rules/Fig.co.xml
@@ -0,0 +1,8 @@
+<ruleset name="Fig.co">
+	<target host="fig.co" />
+	<target host="www.fig.co" />
+	<target host="blog.fig.co" />
+	<target host="help.fig.co" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Fight-for-the-Future-mismatches.xml b/src/chrome/content/rules/Fight-for-the-Future-mismatches.xml
index 34fbacb4d33c..b3668772731a 100644
--- a/src/chrome/content/rules/Fight-for-the-Future-mismatches.xml
+++ b/src/chrome/content/rules/Fight-for-the-Future-mismatches.xml
@@ -5,24 +5,21 @@
 <ruleset name="Fight fot the Future (mismatches)" default_off="mismatch, self-signed">
 
 	<target host="americancensorship.org" />
-	<target host="*.americancensorship.org" />
+	<target host="www.americancensorship.org" />
 	<!--	cert:	*.heroku.com	-->
 	<target host="congresstmi.org" />
 	<target host="www.congresstmi.org" />
-	<target host="fightforthefuture.org" />
-	<target host="*.fightforthefuture.org" />
+	<target host="a.fightforthefuture.org" />
 	<target host="freebieber.org" />
 	<target host="www.freebieber.org" />
-	<target host="internetdefenseleague.org" />
-	<target host="www.internetdefenseleague.org" />
 	<target host="privacyisawesome.com" />
 	<target host="www.privacyisawesome.com" />
 	<target host="sopastrike.com" />
 	<target host="www.sopastrike.com" />
 
 
-	<securecookie host="^(.*\.)?americancensorship\.org$" name=".*" />
-	<securecookie host="^a\.fightforthefuture\.org$" name=".*" />
+	<securecookie host="^(?:.*\.)?americancensorship\.org$" name=".+" />
+	<securecookie host="^a\.fightforthefuture\.org$" name=".+" />
 
 
 	<!--	my now presents two certs, one after the other:
@@ -37,22 +34,21 @@
 
 		=> Commented out and added (www.) below for now.
 
-	<rule from="^https?://(?:www\.|(my\.))?americancensorship\.org/"
+	<rule from="^http://(?:www\.|(my\.))?americancensorship\.org/"
 		to="https://$1americancensorship.org/" /-->
 
-	<rule from="^https?://(?:www\.)?(americancensorship|congresstmi|freebieber|internetdefenseleague)\.org/"
+	<rule from="^http://(?:www\.)?(americancensorship|congresstmi|freebieber)\.org/"
 		to="https://$1.org/" />
 
 	<!--	- //privacyisawesome.com doesn't work over https
 		- Redirects to www over http
 						-->
-	<rule from="^https?://(?:www\.)?(fightforthefuture\.org|privacyisawesome\.com)/"
-		to="https://www.$1/" />
+	<rule from="^http://(?:www\.)?privacyisawesome\.com/"
+		to="https://www.privacyisawesome.com/" />
 
-	<rule from="^http://a\.fightforthefuture\.org/"
-		to="https://a.fightforthefuture.org/" />
 
-	<rule from="^https?://(?:www\.)?sopastrike\.com/"
+	<rule from="^http://(?:www\.)?sopastrike\.com/"
 		to="https://sopastrike.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Fight-for-the-Future.xml b/src/chrome/content/rules/Fight-for-the-Future.xml
index 3511603b45c2..fad239547ec2 100644
--- a/src/chrome/content/rules/Fight-for-the-Future.xml
+++ b/src/chrome/content/rules/Fight-for-the-Future.xml
@@ -4,13 +4,20 @@
 
 	Other Fight for the Future rulesets:
 
+		- decidethefuture.org.xml
+		- dontbreakourphones.org.xml
+		- Fax_Big_Brother.com.xml
+		- Free_Chelsea.com.xml
 		- Internet_Defense_League.xml
+		- Reset_the_Net.org.xml
+		- You_Betrayed_us.org.xml
 
 
 	Buckets at:
 
 		- s3.amazonaws.com/fftf.media/
 		- s3.amazonaws.com/s3.fightforthefuture.org
+		- fftforg.heroku.com
 		- autostatic-cl1.vanilladev.com:4043/fftf.vanillaforums.com/
 
 
@@ -20,12 +27,18 @@
 		- (www.)iworkfortheinternet.org
 
 -->
-<ruleset name="Fight for the Future (partial)">
+<ruleset name="Fight for the Future.org (partial)">
 
+	<target host="fightforthefuture.org" />
+	<target host="www.fightforthefuture.org" />
+	<target host="cms.fightforthefuture.org" />
+	<target host="donate.fightforthefuture.org" />
 	<target host="s3.fightforthefuture.org" />
+	<target host="shop.fightforthefuture.org" />
 
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^https?://s3\.fightforthefuture\.org/"
-		to="https://s3.amazonaws.com/s3.fightforthefuture.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Fight_Aging.org.xml b/src/chrome/content/rules/Fight_Aging.org.xml
new file mode 100644
index 000000000000..87443c5fac9e
--- /dev/null
+++ b/src/chrome/content/rules/Fight_Aging.org.xml
@@ -0,0 +1,13 @@
+<ruleset name="Fight Aging.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="fightaging.org" />
+	<target host="mail.fightaging.org" />
+	<target host="www.fightaging.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Figshare.xml b/src/chrome/content/rules/Figshare.xml
deleted file mode 100644
index c690f49f2ef3..000000000000
--- a/src/chrome/content/rules/Figshare.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="figshare">
-
-	<target host="figshare.com" />
-	<target host="www.figshare.com" />
-
-
-	<rule from="^http://(www\.)?figshare\.com/"
-		to="https://$1figshare.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Fiksu.com.xml b/src/chrome/content/rules/Fiksu.com.xml
new file mode 100644
index 000000000000..9627b49404cb
--- /dev/null
+++ b/src/chrome/content/rules/Fiksu.com.xml
@@ -0,0 +1,32 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- pt.fiksu.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Fiksu.com">
+
+	<target host="fiksu.com" />
+	<target host="a.fiksu.com" />
+	<target host="dashboard.fiksu.com" />
+	<target host="pt.fiksu.com" />
+	<target host="www.fiksu.com" />
+
+		<!--	Sets cookie without Secure:
+							-->
+		<!--test url="http://pt.fiksu.com/pixel?partnerid=" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^pt\.fiksu\.com$" name="^fiksu-partner-userid$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/File.io.xml b/src/chrome/content/rules/File.io.xml
new file mode 100644
index 000000000000..a03e0cc96360
--- /dev/null
+++ b/src/chrome/content/rules/File.io.xml
@@ -0,0 +1,6 @@
+<ruleset name="File.io">
+	<target host="file.io" />
+	<target host="www.file.io" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/FileBox.xml b/src/chrome/content/rules/FileBox.xml
deleted file mode 100644
index aefd9ed4ced2..000000000000
--- a/src/chrome/content/rules/FileBox.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<ruleset name="FileBox">
-
-	<target host="filebox.tv"/>
-	<target host="www.filebox.tv"/>
-
-	<securecookie host="^(.*\.)filebox\.tv$" name=".*"/>
-
-	<rule from="^http://(www\.)?filebox\.tv/"
-		to="https://$1filebox.tv/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/FileFactory.xml b/src/chrome/content/rules/FileFactory.xml
index 98dfa1a32063..213e5121c52c 100644
--- a/src/chrome/content/rules/FileFactory.xml
+++ b/src/chrome/content/rules/FileFactory.xml
@@ -1,30 +1,37 @@
-<!--
-	Nonfunctional subdomains:
-
-		- support	(redirects to http, CN: *.desk.com)
-
 
-	Problematic domains:
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://help.filefactory.com/ => https://help.filefactory.com/: Too many redirects while fetching 'https://help.filefactory.com/'
+Fetch error: http://support.filefactory.com/ => https://support.filefactory.com/: Too many redirects while fetching 'https://support.filefactory.com/'
 
-		- cdn		(CN: gp1.wac.edgecastcdn.net)
+	Problematic hosts in *filefactory.com:
 
+		- cdn *
 
-	Expired 2012-12-19
+	* Mismatched
 
 -->
-<ruleset name="FileFactory (partial, expired)" default_off="expired">
+<ruleset name="FileFactory.com (partial)" default_off="failed ruleset test">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="filefactory.com" />
-	<target host="*.filefactory.com" />
+	<target host="help.filefactory.com" />
+	<target host="support.filefactory.com" />
+	<target host="www.filefactory.com" />
 
+	<!--	Complications:
+				-->
+	<target host="cdn.filefactory.com" />
 
-	<securecookie host="^(?:.*\.)?filefactory\.com$" name=".+" />
 
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(www\.)?filefactory\.com/"
-		to="https://$1filefactory.com/" />
 
-	<rule from="^https?://cdn\.filefactory\.com/"
+	<rule from="^http://cdn\.filefactory\.com/"
 		to="https://www.filefactory.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/FileFormat.info.xml b/src/chrome/content/rules/FileFormat.info.xml
new file mode 100644
index 000000000000..c64b89943d9f
--- /dev/null
+++ b/src/chrome/content/rules/FileFormat.info.xml
@@ -0,0 +1,20 @@
+<!--
+	403 Forbidden:
+		- samples.fileformat.info
+
+	MCB and mixed content:
+		- blog.fileformat.info
+
+	Unable to connect:
+		- fileformat.info
+		- fonts.fileformat.info
+-->
+<ruleset name="FileFormat.info" platform="mixedcontent">
+	<target host="fileformat.info" />
+	<target host="www.fileformat.info" />
+	<target host="blog.fileformat.info" />
+	<target host="emoji.fileformat.info" />
+
+	<rule from="^http://fileformat\.info/" to="https://www.fileformat.info/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/FileHoot.com.xml b/src/chrome/content/rules/FileHoot.com.xml
new file mode 100644
index 000000000000..58bfa4b5629f
--- /dev/null
+++ b/src/chrome/content/rules/FileHoot.com.xml
@@ -0,0 +1,44 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://filehoot.com/ => https://filehoot.com/: (7, 'Failed to connect to filehoot.com port 443: Connection refused')
+Fetch error: http://www.filehoot.com/ => https://www.filehoot.com/: (7, 'Failed to connect to www.filehoot.com port 443: Connection refused')
+
+	Insecure cookies are set for these domains:
+
+		- .filehoot.com
+
+
+	Mixed content:
+
+		- css, from:
+
+			- filehoot.com ¹
+			- fonts.googleapis.com ¹
+
+		- Images from filehoot.com ¹
+		- Ads from cdn.adnotch.com ²
+
+	¹ Secured by us
+	² Unsecurable <= connection refused
+
+-->
+<ruleset name="FileHoot.com (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="filehoot.com" />
+	<target host="www.filehoot.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.filehoot\.com$" name="^(?:__cfduid|cf_clearance|lang)$" /-->
+
+	<securecookie host="^\.filehoot\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/FilePost.com.xml b/src/chrome/content/rules/FilePost.com.xml
deleted file mode 100644
index bfd372520936..000000000000
--- a/src/chrome/content/rules/FilePost.com.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="FilePost.com">
-
-	<target host="filepost.com" />
-	<target host="*.filepost.com" />
-
-
-	<securecookie host="^\.filepost\.com$" name=".+" />
-
-
-	<rule from="^http://(fs\d+\.|www\.)?filepost\.com/"
-		to="https://$1filepost.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/FileRio.in.xml b/src/chrome/content/rules/FileRio.in.xml
index 19b7a04fd742..272ef217675e 100644
--- a/src/chrome/content/rules/FileRio.in.xml
+++ b/src/chrome/content/rules/FileRio.in.xml
@@ -1,4 +1,10 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://filerio.in/ => https://filerio.in/: (60, 'SSL certificate problem: certificate has expired')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://filerio.in/ => https://filerio.in/: (60, 'SSL certificate problem: certificate has expired')
 	Cert only matches ^filerio.in
 
 
@@ -13,10 +19,10 @@
 	* Secured by us
 
 -->
-<ruleset name="FileRio.in (false MCB)" platform="mixedcontent">
+<ruleset name="FileRio.in (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="filerio.in" />
-	<target host="*.filerio.in" />
+	<target host="www.filerio.in" />
 
 
 	<securecookie host="^\.filerio\.in$" name=".+" />
diff --git a/src/chrome/content/rules/FileTarget.net.xml b/src/chrome/content/rules/FileTarget.net.xml
new file mode 100644
index 000000000000..0a0b59285f6b
--- /dev/null
+++ b/src/chrome/content/rules/FileTarget.net.xml
@@ -0,0 +1,19 @@
+<!--
+	For other GameCopyWorld coverage, see GameCopyWorld.com.xml.
+-->
+
+<ruleset name="FileTarget.net">
+	<target host="filetarget.net" />
+	<target host="www.filetarget.net" />
+	<target host="bc2.filetarget.net" />
+	<target host="gcw.filetarget.net" />
+	<target host="ih1.filetarget.net" />
+	<target host="ih4.filetarget.net" />
+	<target host="ih6.filetarget.net" />
+	<target host="ih9.filetarget.net" />
+	<target host="pwk.filetarget.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/FileTrip.net.xml b/src/chrome/content/rules/FileTrip.net.xml
index 54c24d73011e..93108a0372aa 100644
--- a/src/chrome/content/rules/FileTrip.net.xml
+++ b/src/chrome/content/rules/FileTrip.net.xml
@@ -1,23 +1,22 @@
 <!--
-	Nonfunctional subdomains:
 
-		- s4	(refused)
+	Problematic hosts in *filetrip.net:
 
-
-	- Expired 2013-07-10
-	- Cert only matches ^filetrip.net
+		- www (mismatched)
 
 -->
-<ruleset name="FileTrip.net (partial)" default_off="expired">
+<ruleset name="FileTrip.net (partial)">
 
 	<target host="filetrip.net" />
 	<target host="www.filetrip.net" />
-
+	<target host="s4.filetrip.net" />
 
 	<securecookie host="^filetrip\.net$" name=".+" />
 
-
-	<rule from="^http://(?:www\.)?filetrip\.net/"
+	<rule from="^http://www\.filetrip\.net/"
 		to="https://filetrip.net/" />
 
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/FileZilla.xml b/src/chrome/content/rules/FileZilla.xml
deleted file mode 100644
index d18626909d42..000000000000
--- a/src/chrome/content/rules/FileZilla.xml
+++ /dev/null
@@ -1,33 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- trac	(refused)
-
-
-	Fully covered subdomains:
-
-		- (www.)
-		- forum
-		- svn
-		- wiki
-
-
-	Observed cookie domains:
-
-		- .forum
-		- wiki
-
--->
-<ruleset name="FileZilla (partial)">
-
-	<target host="filezilla-project.org" />
-	<target host="*.filezilla-project.org" />
-
-
-	<securecookie host=".*\.filezilla-project\.org$" name=".+" />
-
-
-	<rule from="^http://((?:forum|svn|wiki|www)\.)?filezilla-project\.org/"
-		to="https://$1filezilla-project.org/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Filebyid.com.xml b/src/chrome/content/rules/Filebyid.com.xml
new file mode 100644
index 000000000000..38961a7864d6
--- /dev/null
+++ b/src/chrome/content/rules/Filebyid.com.xml
@@ -0,0 +1,16 @@
+<!--
+	NB: Server sends no certificate chain, see https://whatsmychaincert.com
+
+-->
+<ruleset name="filebyid.com" default_off="cert-chain">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="filebyid.com" />
+	<target host="www.filebyid.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Filecloud.io.xml b/src/chrome/content/rules/Filecloud.io.xml
deleted file mode 100644
index 74cf4a86c278..000000000000
--- a/src/chrome/content/rules/Filecloud.io.xml
+++ /dev/null
@@ -1,28 +0,0 @@
-<!--
-	CDN buckets:
-
-		- filecloud.dfhostingltd.netdna-cdn.com
-
-			- cdn
-			- -ssl doesn't exist
-
-
-	Problematic subdomains:
-
-		- (www.)	(mismatched, CN: secure.filecloud.io)
-		- cdn		(404)
-
--->
-<ruleset name="filecloud.io">
-
-	<target host="filecloud.io" />
-	<target host="*.filecloud.io" />
-
-
-	<securecookie host="^\.filecloud\.io$" name=".+" />
-
-
-	<rule from="^https?://(?:(?:cdn|secure|www)\.)?filecloud\.io/"
-		to="https://secure.filecloud.io/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Filemobile-mismatches.xml b/src/chrome/content/rules/Filemobile-mismatches.xml
index 2c3645551cf2..f17d81d98c24 100644
--- a/src/chrome/content/rules/Filemobile-mismatches.xml
+++ b/src/chrome/content/rules/Filemobile-mismatches.xml
@@ -2,12 +2,12 @@
 	For rules that are on by default, see Filemobile.xml.
 
 -->
-<ruleset name="Filemobile (mismatches)" default_off="mismatched">
+<ruleset name="Filemobile.com (mismatches)" default_off="mismatched">
 
 	<target host="bugreport.filemobile.com" />
 
 
-	<rule from="^http://bugreport\.filemobile\.com/"
-		to="https://bugreport.filemobile.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Filemobile.xml b/src/chrome/content/rules/Filemobile.xml
deleted file mode 100644
index 89822458acc1..000000000000
--- a/src/chrome/content/rules/Filemobile.xml
+++ /dev/null
@@ -1,54 +0,0 @@
-<!--
-	For problematic rules, see Filemobile-mismatches.xml.
-
-
-	Other Filemobile rulesets:
-
-		- Media_Factory.xml
-
-
-	CDN buckets:
-
-		- assets.filemobile.com.s3.amazonaws.com
-
-		- s3.amazonaws.com/storage.filemobile.com/
-
-		- d2ksawk1637r8x.cloudfront.net
-
-			- cimg.filemobile.com
-
-
-	Problematic subdomains:
-
-		- bugreport	(CN: *.mediafactory.fm; works)
-
-
-	- Fully covered subdomains:
-
-		- (www.)
-		- assets
-		- cimg		(→ d2ksawk1637r8x.cloudfront.net)
-		- developer
-		- storage
-		- rstorage
-
--->
-<ruleset name="Filemobile (partial)">
-
-	<target host="filemobile.com" />
-	<target host="*.filemobile.com" />
-
-
-	<securecookie host="^(?:.+\.)?filemobile\.com$" name=".+" />
-
-
-	<rule from="^https?://(assets|storage)\.filemobile\.com/"
-		to="https://s3.amazonaws.com/$1.filemobile.com/" />
-
-	<rule from="^http://(developer\.|rstorage\.|www\.)?filemobile\.com/"
-		to="https://$1filemobile.com/" />
-
-	<rule from="^https?://cimg\.filemobile\.com/"
-		to="https://d2ksawk1637r8x.cloudfront.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Filepicker.io.xml b/src/chrome/content/rules/Filepicker.io.xml
new file mode 100644
index 000000000000..a830bc7ad91c
--- /dev/null
+++ b/src/chrome/content/rules/Filepicker.io.xml
@@ -0,0 +1,26 @@
+<ruleset name="Filestack">
+
+	<!--	Direct rewrites:
+				-->
+	<target host=           "filestack.com" />
+	<target host=      "blog.filestack.com" />
+	<target host=       "dev.filestack.com" />
+	<target host=       "www.filestack.com" />
+	<target host=    "assets.filestackapi.com" />
+	<target host=           "filepicker.com" />
+	<target host="developers.filepicker.com" />
+	<target host=       "www.filepicker.com" />
+	<target host=           "filepicker.io" />
+	<target host=       "api.filepicker.io" />
+	<target host=       "cdn.filepicker.io" />
+	<target host="developers.filepicker.io" />
+	<target host=    "dialog.filepicker.io" />
+	<target host= "providers.filepicker.io" />
+	<target host=       "www.filepicker.io" />
+
+	<securecookie host="^.*\.?filestack\.com$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Files.poulsander.com.xml b/src/chrome/content/rules/Files.poulsander.com.xml
deleted file mode 100644
index 35eb44081b4e..000000000000
--- a/src/chrome/content/rules/Files.poulsander.com.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="files.poulsander.com" default_off="self-signed">
-
-	<target host="files.poulsander.com" />
-
-
-	<rule from="^http://files\.poulsander\.com/"
-		to="https://files.poulsander.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/FilesCrunch.xml b/src/chrome/content/rules/FilesCrunch.xml
index da4fe3bb539b..039cdd7ed38c 100644
--- a/src/chrome/content/rules/FilesCrunch.xml
+++ b/src/chrome/content/rules/FilesCrunch.xml
@@ -6,10 +6,10 @@
 	<target host="www.filescrunch.com" />
 
 
-	<securecookie host="^filescrunch\.com$" name=".*" />
+	<securecookie host="^filescrunch\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?filescrunch\.com/"
+	<rule from="^http://(?:www\.)?filescrunch\.com/"
 		to="https://filescrunch.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Film-Threat.xml b/src/chrome/content/rules/Film-Threat.xml
index 30e3a63445a4..1ab2cc52aa4e 100644
--- a/src/chrome/content/rules/Film-Threat.xml
+++ b/src/chrome/content/rules/Film-Threat.xml
@@ -1,13 +1,21 @@
-<ruleset name="Film Threat">
 
-	<target host="filmthreat.com"/>
-	<target host="*.filmthreat.com"/>
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://filmthreat.com/ => https://filmthreat.com/: (7, 'Failed to connect to filmthreat.com port 443: Connection refused')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://filmthreat.com/ => https://filmthreat.com/: (60, 'SSL certificate problem: self signed certificate')
+-->
+<ruleset name="Film Threat" default_off="failed ruleset test">
+
+	<target host="filmthreat.com" />
+	<target host="media.filmthreat.com" />
+	<target host="media2.filmthreat.com" />
+	<target host="www.filmthreat.com" />
 	<!--	for cross-domain cookie		-->
-	<target host="*.www.filmthreat.com"/>
 
-	<securecookie host="^(.*\.)?filmthreat\.com$" name=".*"/>
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(media2?\.|www\.)?filmthreat\.com/"
-		to="https://$1filmthreat.com/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/FilmBreak.xml b/src/chrome/content/rules/FilmBreak.xml
deleted file mode 100644
index 5e8626f23659..000000000000
--- a/src/chrome/content/rules/FilmBreak.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<!--
-	CDN buckets:
-
-		- s3.amazonaws.com/filmbreak_production/
-
-
-	Problematic subdomains:
-
-		- ^
-
--->
-<ruleset name="FilmBreak">
-
-	<target host="filmbreak.com" />
-	<target host="*.filmbreak.com" />
-
-
-	<securecookie host="^(?:www)?\.filmbreak\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?filmbreak\.com/"
-		to="https://$1filmbreak.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/FilmTrack.xml b/src/chrome/content/rules/FilmTrack.xml
index 0c96f4ad36e0..9a03d11c6a06 100644
--- a/src/chrome/content/rules/FilmTrack.xml
+++ b/src/chrome/content/rules/FilmTrack.xml
@@ -9,7 +9,7 @@
 	<target host="*.filmtrackonline.com" />
 
 
-	<securecookie host="^.+\.filmtrackonline\.com$" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
 
 	<rule from="^http://([\w-]+)\.filmtrackonline\.com/"
@@ -18,4 +18,4 @@
 	<rule from="^http://([\w-]+)\.extranet2\.filmtrackonline\.com/"
 		to="https://$1.filmtrackonline.com/extranet/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Film_Linc.com-falsemixed.xml b/src/chrome/content/rules/Film_Linc.com-falsemixed.xml
new file mode 100644
index 000000000000..3a8f707fad3c
--- /dev/null
+++ b/src/chrome/content/rules/Film_Linc.com-falsemixed.xml
@@ -0,0 +1,15 @@
+<!--
+	For rules not causing false/broken MCB, see Film_Linc.com.xml.
+
+-->
+<ruleset name="Film Linc.com (false MCB)" platform="mixedcontent">
+
+	<target host="www.filmlinc.com" />
+
+
+	<securecookie host="^(?:www)?\.filmlinc\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Film_Linc.com.xml b/src/chrome/content/rules/Film_Linc.com.xml
new file mode 100644
index 000000000000..e615b7234148
--- /dev/null
+++ b/src/chrome/content/rules/Film_Linc.com.xml
@@ -0,0 +1,42 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://filmlinc.com/ => https://filmlinc.com/: (51, "SSL: no alternative certificate subject name matches target host name 'filmlinc.com'")
+
+	For rules causing false/broken MCB, see Film_Linc.com-falsemixed.xml.
+
+
+	Mixed content:
+
+		- css on www from www *
+
+		- Images on www from ^ *
+
+		- Ads/bugs on www from fw.adsafeprotected.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Film Linc.com (partial)" default_off="failed ruleset test">
+
+	<target host="filmlinc.com" />
+	<target host="secure.filmlinc.com" />
+	<target host="www.filmlinc.com" />
+		<!--
+			Avoid false/broken MCB:
+						-->
+		<exclusion pattern="^http://www\.filmlinc\.com/(?!\?css=|assets/|favicon\.ico|page/-/)" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?filmlinc\.com$" name="^X-Mapping-\+$" /-->
+	<!--securecookie host="^\.filmlinc\.com$" name="^(exp_last_activity|exp_last_visit|exp_tracker)$" /-->
+	<securecookie host="^\.secure\.filmlinc\.com$" name="^X-CheckNode$" />
+
+	<securecookie host="^(?:\.secure\.)?filmlinc\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Filmdates.co.uk.xml b/src/chrome/content/rules/Filmdates.co.uk.xml
index f33a20431bfa..053294820c5e 100644
--- a/src/chrome/content/rules/Filmdates.co.uk.xml
+++ b/src/chrome/content/rules/Filmdates.co.uk.xml
@@ -24,4 +24,4 @@
 	<rule from="^http://(?:www\.)?filmdates\.co\.uk/(?=(?:content|reminders|widget(?!/details))(?:$|[?/])|css/|dummy\.html|favicon\.ico|headshots/|images/|js/|posters/|tools/)"
 		to="https://www.filmdates.co.uk/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Filmlair.xml b/src/chrome/content/rules/Filmlair.xml
deleted file mode 100644
index 672d629da356..000000000000
--- a/src/chrome/content/rules/Filmlair.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	CDN buckets:
-
-		- gs1.wac.edgecastcdn.net/8051D5/
-
--->
-<ruleset name="Filmlair">
-
-	<target host="filmlair.com" />
-	<target host="www.filmlair.com" />
-
-
-	<securecookie host="^(?:www\.)?filmlair\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?filmlair\.com/"
-		to="https://$1filmlair.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Filmlash.com.xml b/src/chrome/content/rules/Filmlash.com.xml
index 4f50c1002332..722e226f7bc9 100644
--- a/src/chrome/content/rules/Filmlash.com.xml
+++ b/src/chrome/content/rules/Filmlash.com.xml
@@ -12,13 +12,12 @@
 <ruleset name="filmlash.com (partial)">
 
 	<target host="filmlush.com" />
-	<target host="*.filmlush.com" />
+	<target host="www.filmlush.com" />
 
 
 	<securecookie host="^(?:w*\.)?filmlush\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?filmlush\.com/"
-		to="https://$1filmlush.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Filmon.com.xml b/src/chrome/content/rules/Filmon.com.xml
new file mode 100644
index 000000000000..4b5ccbc16b2a
--- /dev/null
+++ b/src/chrome/content/rules/Filmon.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Mixed content:
+
+		- Images from gingerclam.com *
+
+	* Unsecurable <= plaintext reply
+
+-->
+<ruleset name="Filmon.com">
+
+	<target host="filmon.com" />
+	<target host="static.filmon.com" />
+	<target host="www.filmon.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?filmon\.com$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^www\.filmon\.com$" name="^lang$" /-->
+
+	<securecookie host="^(?:www\.)?filmon\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Filter.xml b/src/chrome/content/rules/Filter.xml
index 7325b4a9b135..408649cd0433 100644
--- a/src/chrome/content/rules/Filter.xml
+++ b/src/chrome/content/rules/Filter.xml
@@ -9,4 +9,4 @@
 	<rule from="^http://(www\.)?filterdigital\.com/(CaptchaType\.ashx|[cC]onnections/[bB]log/(?:editors/tiny_mce/|image\.axd|pics/|themes/)|[rR]es/(?:img/|screen\.css))"
 		to="https://$1filterdigital.com/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/FilterBypass.me.xml b/src/chrome/content/rules/FilterBypass.me.xml
new file mode 100644
index 000000000000..7547c7b63fa1
--- /dev/null
+++ b/src/chrome/content/rules/FilterBypass.me.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- www.filterbypass.me
+
+-->
+<ruleset name="FilterBypass.me">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="filterbypass.me" />
+	<target host="www.filterbypass.me" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.filterbypass\.me$" name="^s$" /-->
+
+	<securecookie host="^www\.filterbypass\.me$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Filtrala.org.xml b/src/chrome/content/rules/Filtrala.org.xml
new file mode 100644
index 000000000000..c2609155d070
--- /dev/null
+++ b/src/chrome/content/rules/Filtrala.org.xml
@@ -0,0 +1,12 @@
+<ruleset name="Filtrala.org">
+
+	<target host="filtrala.org" />
+	<target host="www.filtrala.org" />
+
+
+	<securecookie host="^\.filtrala.org$" name="^__cfduid$" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Fimserve.com.xml b/src/chrome/content/rules/Fimserve.com.xml
new file mode 100644
index 000000000000..eb6a944b0538
--- /dev/null
+++ b/src/chrome/content/rules/Fimserve.com.xml
@@ -0,0 +1,28 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://delb.opt.fimserve.com/ => https://delb.opt.fimserve.com/: (6, 'Could not resolve host: delb.opt.fimserve.com')
+Fetch error: http://trgc.opt.fimserve.com/ => https://trgc.opt.fimserve.com/: (6, 'Could not resolve host: trgc.opt.fimserve.com')
+
+-->
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://delb.opt.fimserve.com/ => https://delb.opt.fimserve.com/: (6, 'Could not resolve host: delb.opt.fimserve.com')
+Fetch error: http://trgc.opt.fimserve.com/ => https://trgc.opt.fimserve.com/: (6, 'Could not resolve host: trgc.opt.fimserve.com')
+
+	For other Rubicon Project coverage, see Rubicon-Project.xml.
+
+-->
+<ruleset name="fimserve.com" default_off="failed ruleset test">
+
+	<target host="*.opt.fimserve.com" />
+
+		<test url="http://delb.opt.fimserve.com/" />
+		<test url="http://trgc.opt.fimserve.com/" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Final-Score.xml b/src/chrome/content/rules/Final-Score.xml
index 2b1fa2407ef0..119eb56da78d 100644
--- a/src/chrome/content/rules/Final-Score.xml
+++ b/src/chrome/content/rules/Final-Score.xml
@@ -17,24 +17,25 @@
 <ruleset name="Final-Score">
 
 	<target host="final-score.com" />
-	<target host="*.final-score.com" />
-	<target host="*.e.final-score.com" />
-	<target host="*.www.final-score.com" />
+	<target host="www.final-score.com" />
+	<target host="ebm.e.final-score.com" />
+	<target host="f.e.final-score.com" />
+	<target host="images.final-score.com" />
+	<target host="m.final-score.com" />
 
 
 	<securecookie host="^.*\.final-score\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?final-score\.com/"
+	<rule from="^http://(?:www\.)?final-score\.com/"
 		to="https://www.final-score.com/" />
 
-	<rule from="^https?://ebm\.e\.final-score\.com/"
+	<rule from="^http://ebm\.e\.final-score\.com/"
 		to="https://ebm.cheetahmail.com/" />
 
-	<rule from="^https?://f\.e\.final-score\.com/"
+	<rule from="^http://f\.e\.final-score\.com/"
 		to="https://f.chtah.com/" />
 
-	<rule from="^http://(images|m)\.final-score\.com/"
-		to="https://$1.final-score.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Final4Ever.xml b/src/chrome/content/rules/Final4Ever.xml
index b2fc4b722dbb..e25eef022302 100644
--- a/src/chrome/content/rules/Final4Ever.xml
+++ b/src/chrome/content/rules/Final4Ever.xml
@@ -1,14 +1,45 @@
 <!--
-	Cert only matches ^final4ever.com
+	Insecure cookies are set for these domains and hosts:
+
+		- final4ever.com
+		- .final4ever.com
+
+
+	Mixed content:
+
+		- css from js.final4ever.com *
+
+		- Images, on:
+
+			- (www.)? from res.cloudinary.com *
+			- (www.)? from cdn.final4ever.com *
+			- (www.)? from img02.final4ever.com *
+			- (www.)? from rss.final4ever.com *
+
+	* Secured by us
 
 -->
-<ruleset name="Final4Ever" default_off="mismatched, self-signed">
+<ruleset name="Final4Ever.com (false MCB)" platform="mixedcontent">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="final4ever.com" />
-	<target host="*.final4ever.com" />
+	<target host="cdn.final4ever.com" />
+	<target host="img02.final4ever.com" />
+	<target host="js.final4ever.com" />
+	<target host="rss.final4ever.com" />
+	<target host="www.final4ever.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^final4ever\.com$" name="^bbsessionhash$" /-->
+	<!--securecookie host="^\.final4ever\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.?final4ever\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:cdn\.|(js\.|rss\.)|www\.)?final4ever\.com/"
-		to="https://$1final4ever.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Finalrewind.net.xml b/src/chrome/content/rules/Finalrewind.net.xml
deleted file mode 100644
index 3a2051faacd8..000000000000
--- a/src/chrome/content/rules/Finalrewind.net.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<!--
-	Fully covered subdomains:
-
-		- ^
-		- cgi
-		- feh
-		- git
-		- man
-		- vrrf
-
-
-	www doesn't exist.
-
--->
-<ruleset name="finalrewind.net" platform="cacert">
-
-	<target host="finalrewind.net" />
-	<target host="*.finalrewind.net" />
-
-
-	<rule from="^http://((?:cgi|feh|git|man|vrrf)\.)?finalrewind\.net/"
-		to="https://$1finalrewind.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Finalsite.xml b/src/chrome/content/rules/Finalsite.xml
index 59df86e34fef..8b4b7384dce1 100644
--- a/src/chrome/content/rules/Finalsite.xml
+++ b/src/chrome/content/rules/Finalsite.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://finalsite.com/ => https://finalsite.com/: (51, "SSL: no alternative certificate subject name matches target host name 'finalsite.com'")
+
 	Nonfunctional subdomains:
 
 		- info	(503, akamai)
@@ -15,16 +19,21 @@
 		- secureprivate
 
 -->
-<ruleset name="finalsite (partial)">
+<ruleset name="finalsite (partial)" default_off="failed ruleset test">
 
 	<target host="finalsite.com" />
-	<target host="*.finalsite.com" />
+	<target host="demo.finalsite.com" />
+	<target host="securecss.finalsite.com" />
+	<target host="securedata.finalsite.com" />
+	<target host="secureimages.finalsite.com" />
+	<target host="securejs.finalsite.com" />
+	<target host="secureprivate.finalsite.com" />
+	<target host="www.finalsite.com" />
 
 
 	<securecookie host="^(?:www)?\.finalsite\.com$" name=".+" />
 
 
-	<rule from="^http://((?:demo|secure(?:css|data|images|js|private)|www)\.)?finalsite\.com/"
-		to="https://$1finalsite.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Finam.xml b/src/chrome/content/rules/Finam.xml
index 1ea05e2ac02c..c021d7af8ee3 100644
--- a/src/chrome/content/rules/Finam.xml
+++ b/src/chrome/content/rules/Finam.xml
@@ -1,10 +1,17 @@
-<ruleset name="Finam (partial)">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://fb.finam.ru/ => https://fb.finam.ru/: (28, 'Connection timed out after 20007 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://fb.finam.ru/ => https://fb.finam.ru/: (28, 'Connection timed out after 10001 milliseconds')
+-->
+<ruleset name="Finam (partial)" default_off="failed ruleset test">
 
 	<target host="fb.finam.ru"/>
 
-	<rule from="^http://fb\.finam\.ru/"
-		to="https://fb.finam.ru/"/>
+	<rule from="^http:" to="https:" />
 
-	<securecookie host="^fb\.finam\.ru$" name=".*"/>
+	<securecookie host="^fb\.finam\.ru$" name=".+" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Financial-Content.xml b/src/chrome/content/rules/Financial-Content.xml
deleted file mode 100644
index a5896cef6476..000000000000
--- a/src/chrome/content/rules/Financial-Content.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)	(at least some paths 404)
-
--->
-<ruleset name="Financial Content (partial)">
-
-	<target host="*.financialcontent.com" />
-
-
-	<rule from="^http://(chart|images|js|markets)\.financialcontent\.com/"
-		to="https://$1.financialcontent.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Financial-Cryptography.xml b/src/chrome/content/rules/Financial-Cryptography.xml
deleted file mode 100644
index d7c10bc7527f..000000000000
--- a/src/chrome/content/rules/Financial-Cryptography.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="Financial Cryptography" platform="cacert">
-
-	<target host="financialcryptography.com" />
-	<target host="www.financialcryptography.com" />
-
-
-	<rule from="^http://(www\.)?financialcryptography\.com/"
-		to="https://$1financialcryptography.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/FinancialContent.com.xml b/src/chrome/content/rules/FinancialContent.com.xml
new file mode 100644
index 000000000000..c4c929f39af7
--- /dev/null
+++ b/src/chrome/content/rules/FinancialContent.com.xml
@@ -0,0 +1,18 @@
+<!--
+	Non-functional hosts
+		Timeout was reached:
+		- financialcontent.com
+
+		Incomplete certificate chain error:
+		- chart.financialcontent.com
+
+		Mixed content blocking (MCB) triggered:
+		- www.financialcontent.com
+-->
+<ruleset name="Financial Content.com (partial)">
+	<target host="images.financialcontent.com" />
+	<target host="js.financialcontent.com" />
+	<target host="markets.financialcontent.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/FinancialHacks.ca.xml b/src/chrome/content/rules/FinancialHacks.ca.xml
new file mode 100644
index 000000000000..e3b5a9ef2c56
--- /dev/null
+++ b/src/chrome/content/rules/FinancialHacks.ca.xml
@@ -0,0 +1,6 @@
+<ruleset name="FinancialHacks.ca">
+	<target host="financialhacks.ca" />
+	<target host="www.financialhacks.ca" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Financial_Industry_Regulatory_Authority.xml b/src/chrome/content/rules/Financial_Industry_Regulatory_Authority.xml
index fb39b6766514..0d9e766d8ffa 100644
--- a/src/chrome/content/rules/Financial_Industry_Regulatory_Authority.xml
+++ b/src/chrome/content/rules/Financial_Industry_Regulatory_Authority.xml
@@ -1,10 +1,9 @@
 <ruleset name="Financial Industry Regulatory Authority">
-
 	<target host="finra.org" />
 	<target host="www.finra.org" />
 
-
-	<rule from="^http://(www\.)?finra\.org/"
-		to="https://$1finra.org/" />
-
-</ruleset>
\ No newline at end of file
+	<rule from="^http://finra\.org/"
+		to="https://www.finra.org/" />
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Financial_Post.com.xml b/src/chrome/content/rules/Financial_Post.com.xml
index 477fd721d58b..669da1875c37 100644
--- a/src/chrome/content/rules/Financial_Post.com.xml
+++ b/src/chrome/content/rules/Financial_Post.com.xml
@@ -53,20 +53,14 @@
 -->
 <ruleset name="Financial Post.com (partial)">
 
-	<target host="*.financialpost.com" />
+	<target host="idms.financialpost.com" />
 		<!--
 			Exclude pages pages so as to avoid mixed css:
 									-->
 		<exclusion pattern="^http://idms\.financialpost\.com/(?!charts/|images/|js/|watchlist/\w+\.ajax\?)" />
 
 
-	<rule from="^http://wpmedia\.business\.financialpost\.com/"
-		to="https://a248.e.akamai.net/f/1467/2885/4d/wpmedia.business.financialpost.com/" />
-
 	<rule from="^http://idms\.financialpost\.com/"
 		to="https://www.financialpost.idmanagedsolutions.com/" />
 
-	<rule from="^http://wpmedia\.opinion\.financialpost\.com/"
-		to="https://a248.e.akamai.net/f/1582/1145/2d/wpmedia.opinion.financialpost.com/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Financial_Times.xml b/src/chrome/content/rules/Financial_Times.xml
index 0efe4d7ea89a..e187ec24e9e3 100644
--- a/src/chrome/content/rules/Financial_Times.xml
+++ b/src/chrome/content/rules/Financial_Times.xml
@@ -1,81 +1,64 @@
 <!--
-	CDN buckets:
+	Other Financial Times rulesets:
+		+ ft-static.com.xml
 
-		- media.ft.com.edgesuite.net
-		- s1.media.ft.com.edgesuite.net
-		- search.ft.com.edgesuite.net 
-		- www.ft.com.edgesuite.net
-		- im.ft-static.com.edgesuite.net
-		- s[1-4].ft-static.com.edgesuite.net
+	Non-functional hosts
+		Couldn't connect to server:
+		- discussions.ft.com
+		- funds.ft.com
+		- membership.ft.com
 
+		SSL connect error:
+		- ftcorporate.ft.com
 
-	Nonfunctional domains:
-
-		- ft.com subdomains:
-
-			- ^			(times out)
-			- aboutus *
-			- blogs			(503, akamai)
-			- media *
-			- s1.media *
-			- test.media *
-			- reg.test.media *
-			- s[123].test.media *
-			- search		(504, akamai)
-			- www			(redirects to http, akamai)
-
-		- im.ft-static.com *
-		- s1.ft-static.com *
-
-	* 503, akamai
-	* Redirects to www.ft.com, akamai
-
-
-	Problematic domains:
-
-		- s4.media.ft.com		(works, akamai)
-
-
-	Partially covered domains:
-
-		- markets.ft.com *
-		- registration.ft.com *
-
-	* Some pages redirect to http
-
-
-	Fully covered domains:
-
-		- ft.com subdomains:
-
-			- cdn.markets
-			- stats
-			- track
+		SSL peer certificate was not OK:
+		- webservices.ft.com
 
+		Redirects to HTTP:
+		- announce.ft.com
 -->
 <ruleset name="Financial Times (partial)">
-
-	<target host="*.ft.com" />
-		<exclusion pattern="^http://markets\.ft\.com/(?!favicon\.ico|RESEARCH/uploadhandler/)" />
-		<exclusion pattern="^http://registration\.ft\.com/(?!Common/|favicon\.ico|registration/barrier)" />
-	<target host="*.ft-static.com" />
-
-
-	<!--	Tracking cookies set by track:
-						-->
-	<securecookie host="^\.ft\.com$" name="^(?:AYSC|AYSC_C|FTUserTrack)$" />
-
-
-	<rule from="^http://(force|(?:cdn\.)?markets|(?:api|orc)\.memb|registration|stats|track)\.ft\.com/"
-		to="https://$1.ft.com/" />
-
-	<rule from="^http://s4\.media\.ft\.com/"
-		to="https://s4.ft-static.com/" />
-
-	<rule from="^http://on\.ft\.com/"
-		to="https://bit.ly/" />
-
-	<rule from="^http://(reg|s4|(?:reg|s4)\.test)\.ft-static\.com/"
-		to="https://$1.ft-static.com/" />
-
-</ruleset>
\ No newline at end of file
+	<target host="ft.com" />
+	<target host="aboutus.ft.com" />
+	<target host="accounts.ft.com" />
+	<target host="blogs.ft.com" />
+	<target host="buildservice.ft.com" />
+	<target host="enterprise.ft.com" />
+	<target host="force.ft.com" />
+	<target host="ftepaper.ft.com" />
+	<target host="help.ft.com" />
+	<target host="howtospendit.ft.com" />
+	<target host="live.ft.com" />
+	<target host="markets.ft.com" />
+	<target host="cdn.markets.ft.com" />
+	<target host="myaccount.ft.com" />
+	<target host="media.ft.com" />
+	<target host="im.media.ft.com" />
+	<target host="s1.media.ft.com" />
+	<target host="s4.media.ft.com" />
+	<target host="nbe.ft.com" />
+	<target host="next.ft.com" />
+	<target host="next-geebee.ft.com" />
+	<target host="origami.ft.com" />
+	<target host="build.origami.ft.com" />
+	<target host="origami-build.ft.com" />
+	<target host="propertylistings.ft.com" />
+	<target host="rankings.ft.com" />
+	<target host="register.ft.com" />
+	<target host="registration.ft.com" />
+	<target host="s3o.ft.com" />
+	<target host="search.ft.com" />
+	<target host="spoor-api.ft.com" />
+	<target host="static-render-p.ft.com" />
+	<target host="stats.ft.com" />
+	<target host="sub.ft.com" />
+	<target host="subscribe.ft.com" />
+	<target host="the125.ft.com" />
+	<target host="video.ft.com" />
+	<target host="image.webservices.ft.com" />
+	<target host="navigation.webservices.ft.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Financialtrans.com.xml b/src/chrome/content/rules/Financialtrans.com.xml
index 5ad12754ff9a..389d77c10196 100644
--- a/src/chrome/content/rules/Financialtrans.com.xml
+++ b/src/chrome/content/rules/Financialtrans.com.xml
@@ -1,9 +1,10 @@
 <ruleset name="financialtrans.com">
 
-	<target host="*.financialtrans.com" />
+	<target host="www.financialtrans.com" />
+	<target host="www2.financialtrans.com" />
+	<target host="www3.financialtrans.com" />
 
 
-	<rule from="^http://www(2|3)?\.financialtrans\.com/"
-		to="https://www$1.financialtrans.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Financnahitparada.sk.xml b/src/chrome/content/rules/Financnahitparada.sk.xml
new file mode 100644
index 000000000000..f7211d2c67eb
--- /dev/null
+++ b/src/chrome/content/rules/Financnahitparada.sk.xml
@@ -0,0 +1,11 @@
+<ruleset name="Financnahitparada.sk">
+  <target host="financnahitparada.sk" />
+  <target host="www.financnahitparada.sk" />
+
+  <target host="poistenie.financnahitparada.sk" />
+  <target host="www.poistenie.financnahitparada.sk" />
+
+  <rule from="^http://(?:www\.)?financnahitparada\.sk/" to="https://www.financnahitparada.sk/" />
+
+  <rule from="^http://(?:www\.)?poistenie\.financnahitparada\.sk/" to="https://www.poistenie.financnahitparada.sk/" />
+</ruleset>
diff --git a/src/chrome/content/rules/FinansWatch.xml b/src/chrome/content/rules/FinansWatch.xml
new file mode 100644
index 000000000000..52819166909e
--- /dev/null
+++ b/src/chrome/content/rules/FinansWatch.xml
@@ -0,0 +1,16 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.finanswatch.dk/ => https://www.finanswatch.dk/: (51, "SSL: no alternative certificate subject name matches target host name 'www.finanswatch.dk'")
+
+  This renders poorly. The style sheet
+    http://finanswatch.dk/template/fwVer1-0/css/fw_global.css?rev=35794
+  is essential for the layout but is served through http.
+-->
+<ruleset name="FinansWatch (mixed content)" platform="mixedcontent" default_off="failed ruleset test">
+	<target host="finanswatch.dk" />
+	<target host="www.finanswatch.dk" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Finansportalen.no.xml b/src/chrome/content/rules/Finansportalen.no.xml
new file mode 100644
index 000000000000..371fd20f755e
--- /dev/null
+++ b/src/chrome/content/rules/Finansportalen.no.xml
@@ -0,0 +1,33 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://stat.finansportalen.no/ => https://stat.finansportalen.no/: (6, 'Could not resolve host: stat.finansportalen.no')
+
+	Insecure cookies are set for these hosts:
+
+		- finansportalen.no
+		- stat.finansportalen.no
+		- www.finansportalen.no
+
+-->
+<ruleset name="Finansportalen.no" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="finansportalen.no" />
+	<target host="stat.finansportalen.no" />
+	<target host="www.finansportalen.no" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?finansportalen\.no$" name="^(?:AWSELB|PHPSESSID|pll_language)$" /-->
+	<!--securecookie host="^stat\.finansportalen\.no$" name="^AWSELB$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Finanssialan-Keskusliitto.xml b/src/chrome/content/rules/Finanssialan-Keskusliitto.xml
index f3babefd1f51..0552ad9f0d8b 100644
--- a/src/chrome/content/rules/Finanssialan-Keskusliitto.xml
+++ b/src/chrome/content/rules/Finanssialan-Keskusliitto.xml
@@ -1,10 +1,16 @@
-<ruleset name="Finanssialan Keskusliitto">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://fkl.fi/ => https://fkl.fi/: (7, 'Failed to connect to fkl.fi port 443: Connection refused')
+Fetch error: http://www.fkl.fi/ => https://www.fkl.fi/: (7, 'Failed to connect to www.fkl.fi port 443: Connection refused')
+
+-->
+<ruleset name="Finanssialan Keskusliitto" default_off="failed ruleset test">
 	<target host="fkl.fi"/>
 	<target host="www.fkl.fi"/>
 	<target host="extranet.fkl.fi"/>
 
 	<securecookie host="^extranet\.fkl\.fi$" name=".+" />
 
-	<rule from="^http://(extranet\.|www\.)?fkl\.fi/"
-		to="https://$1fkl.fi/"/>
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Finanzberatung_Max_Herbst.xml b/src/chrome/content/rules/Finanzberatung_Max_Herbst.xml
index 3c8ae536a78b..71e4f102d9f7 100644
--- a/src/chrome/content/rules/Finanzberatung_Max_Herbst.xml
+++ b/src/chrome/content/rules/Finanzberatung_Max_Herbst.xml
@@ -12,10 +12,11 @@
 -->
 <ruleset name="Finanzberatung Max Herbst (partial)">
 
-	<target host="*.fmh.de" />
+	<target host="cdn3.fmh.de" />
+	<target host="rechner.fmh.de" />
 
 
-	<rule from="^https?://(?:cdn3|rechner)\.fmh\.de/"
+	<rule from="^http://(?:cdn3|rechner)\.fmh\.de/"
 		to="https://rechner.fmh.de/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Finavia.fi.xml b/src/chrome/content/rules/Finavia.fi.xml
index 5b64dd0986ff..87cacbed396f 100644
--- a/src/chrome/content/rules/Finavia.fi.xml
+++ b/src/chrome/content/rules/Finavia.fi.xml
@@ -2,7 +2,6 @@
 	<target host="finavia.fi"/>
 	<target host="www.finavia.fi"/>
 
-	<rule from="^http://(www\.)?finavia\.fi/"
-		to="https://$1finavia.fi/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Find-a-Babysitter.xml b/src/chrome/content/rules/Find-a-Babysitter.xml
index 1a678b691623..c835c3179e39 100644
--- a/src/chrome/content/rules/Find-a-Babysitter.xml
+++ b/src/chrome/content/rules/Find-a-Babysitter.xml
@@ -12,7 +12,7 @@
 	<target host="www.findababysitter.com.au" />
 
 	<!--	Cert doesn't match !www.	-->
-	<rule from="^https?://findababysitter.com.au/"
+	<rule from="^http://findababysitter\.com\.au/"
 		to="https://www.findababysitter.com.au/" />
 
 	<rule from="^http://www\.findababysitter\.com\.au/(Account/|[cC]ontent/)"
diff --git a/src/chrome/content/rules/Find-n-Save.xml b/src/chrome/content/rules/Find-n-Save.xml
index 9966f7692e28..3940c5c8816a 100644
--- a/src/chrome/content/rules/Find-n-Save.xml
+++ b/src/chrome/content/rules/Find-n-Save.xml
@@ -1,18 +1,76 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cdn.findnsave.com/ => https://d3ne1tggqg4fzy.cloudfront.net/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+
+	CDN buckets:
+
+		- imagecdn.findnsave.com.cdngc.net
+
+			- imagecdn
+			- imagecdn-\d
+
+		- d10yv8m6mggaen.cloudfront.net
+
+			- content
+
+		- d3ne1tggqg4fzy.cloudfront.net
+
+			- cdn
+
+
 	Nonfunctional subdomains:
 
-		- (www.)
+		- imagecdn ¹
+		- imagecdn-[012]	(403; mismatched, CN: ssl2.cdngc.net)
+		- imagecdn-[34] ¹
+
+	¹ 403; mismatched, CN: support2.cdnetworks.net
+
+
+	Paths rewritten from imagecdn(-\d)? to cdn give blank pages or 504.
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- sfgate from imagecdn-3.findnsave.com
+			- www from imagecdn-[0-3].findnsave.com
+
 
 -->
-<ruleset name="Find n Save (partial)">
+<ruleset name="Find n Save.com (partial)" default_off="failed ruleset test">
 
-	<target host="*.findnsave.com" />
+	<!--	Direct rewrites:
+				-->
+	<target host="findnsave.com" />
+	<target host="sfgate.findnsave.com" />
+	<target host="www.findnsave.com" />
 
+	<!--	Complications:
+				-->
+	<target host="cdn.findnsave.com" />
+	<target host="content.findnsave.com" />
 
-	<rule from="^https?://cdn\.findnsave\.com/"
+		<test url="http://www.findnsave.com/privacy/" />
+		<test url="http://www.findnsave.com/trademark/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:sfgate|www)\.findnsave\.com$" name="^csrftoken$" /-->
+
+	<securecookie host="^(?:sfgate|\.?www)\.findnsave\.com$" name=".+" />
+
+
+	<rule from="^http://cdn\.findnsave\.com/"
 		to="https://d3ne1tggqg4fzy.cloudfront.net/" />
 
-	<rule from="^https?://content\.findnsave\.com/"
+	<rule from="^http://content\.findnsave\.com/"
 		to="https://d10yv8m6mggaen.cloudfront.net/" />
 
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/FindArticles.com.xml b/src/chrome/content/rules/FindArticles.com.xml
new file mode 100644
index 000000000000..8e64a95e07e1
--- /dev/null
+++ b/src/chrome/content/rules/FindArticles.com.xml
@@ -0,0 +1,20 @@
+<!--
+	For other CBS coverage, see CBS.xml.
+
+	Non-functional hosts
+		Mixed content blocking (MCB) triggered:
+		- findarticles.com
+		- www.findarticles.com
+		- de.findarticles.com
+		- fr.findarticles.com
+-->
+<ruleset name="FindArticles.com" platform="mixedcontent">
+	<target host="findarticles.com" />
+	<target host="www.findarticles.com" />
+	<target host="de.findarticles.com" />
+	<target host="es.findarticles.com" />
+	<target host="fr.findarticles.com" />
+	<target host="mx.findarticles.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/FindIP-Address.com.xml b/src/chrome/content/rules/FindIP-Address.com.xml
new file mode 100644
index 000000000000..19bbbecf2743
--- /dev/null
+++ b/src/chrome/content/rules/FindIP-Address.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="Find IP-Address.com" >
+	<target host="findip-address.com" />
+	<target host="www.findip-address.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/FindLegalForms.com.xml b/src/chrome/content/rules/FindLegalForms.com.xml
index 7419570b5087..2d6d260aec7f 100644
--- a/src/chrome/content/rules/FindLegalForms.com.xml
+++ b/src/chrome/content/rules/FindLegalForms.com.xml
@@ -1,37 +1,20 @@
 <!--
-	CDN buckets:
-
-		- wac.b2cd.edgecastcdn.net/??B2CD/
-
-			- cdn
-
-		- www.wac.b2cd.edgecastcdn.net/??82CD/
-
-			- www
-
-
-	Problematic subdomains:
-
-		- ^	(cert only matches www)
-		- cdn	(works; mismatched, CN: gp1.wac.edgecastcdn.net)
-
-
-	Mixed content:
-
-		- css on www from cdn *
-
-		- Images on www from cdn *
-
-	* Unsecurable
+	Secure connection failed:
+		newsletter.findlegalforms.com
 
 -->
-<ruleset name="FindLegalForms.com (partial)" platform="mixedcontent">
+<ruleset name="FindLegalForms.com">
 
 	<target host="findlegalforms.com" />
 	<target host="www.findlegalforms.com" />
-
-
-	<rule from="^http://(?:www\.)?findlegalforms\.com/"
-		to="https://www.findlegalforms.com/" />
+	<target host="au.findlegalforms.com" />
+	<target host="canada.findlegalforms.com" />
+	<target host="india.findlegalforms.com" />
+	<target host="test.findlegalforms.com" />
+	<target host="uk.findlegalforms.com" />
+	<target host="www2.findlegalforms.com" />
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/FindRetros.com.xml b/src/chrome/content/rules/FindRetros.com.xml
new file mode 100644
index 000000000000..ac23f6db69ff
--- /dev/null
+++ b/src/chrome/content/rules/FindRetros.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Mixed content:
+
+		- Images, from:
+
+			- www.gravatar.com ¹
+			- i\d+.tinypic.com ²
+
+	¹ Secured by us
+	² Unsecurable
+
+-->
+<ruleset name="FindRetros.com">
+
+	<target host="findretros.com" />
+	<target host="www.findretros.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<securecookie host="^(?:w*\.)?findretros\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/FindTheBest.xml b/src/chrome/content/rules/FindTheBest.xml
index 0265346a3e9e..205977e854c5 100644
--- a/src/chrome/content/rules/FindTheBest.xml
+++ b/src/chrome/content/rules/FindTheBest.xml
@@ -1,4 +1,14 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://findthebest.com/ => https://findthebest.com/: (51, "SSL: no alternative certificate subject name matches target host name 'findthebest.com'")
+
+-->
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://findthebest.com/ => https://findthebest.com/: (51, "SSL: no alternative certificate subject name matches target host name 'findthebest.com'")
+
 	CDN buckets:
 
 		- d3jpkdcwyize5y.cloudfront.net
@@ -8,17 +18,23 @@
 			- img1.findthebest.com
 
 
-	Nonfunctional subdomains:
+	Fully covered domains:
+
+		- [\w-]+.findthebest.com:
 
-		- (www.)
+			- (www.)
+			- cdn\d?
+			- img1
+			- *		(per-client domains)
 
 -->
-<ruleset name="FindTheBest (partial)">
+<ruleset name="FindTheBest.com" default_off="failed ruleset test">
 
+	<target host="findthebest.com" />
 	<target host="*.findthebest.com" />
 
 
-	<rule from="^https?://(?:cdn|img)\d?\.findthebest\.com/"
-		to="https://d3jpkdcwyize5y.cloudfront.net/" />
+	<rule from="^http://([\w-]+\.)?findthebest\.com/"
+		to="https://$1findthebest.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Find_My_Order.com.xml b/src/chrome/content/rules/Find_My_Order.com.xml
new file mode 100644
index 000000000000..8e759d97d05d
--- /dev/null
+++ b/src/chrome/content/rules/Find_My_Order.com.xml
@@ -0,0 +1,26 @@
+<!--
+	For other Digital River coverage, see Digital-River.xml.
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.findmyorder.com
+
+-->
+<ruleset name="Find My Order.com">
+
+	<target host="findmyorder.com" />
+	<target host="www.findmyorder.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.findmyorder\.com$" name="^(BIGipServerp(-\w+){4}-findmyorder|JSESSIONID|VISITOR_ID|X-DR-CURRENCY|X-DR-LOCALE|X-DR-THEME)$" /-->
+
+	<securecookie host="^(?:www\.)?findmyorder\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Find_a_Grave.xml b/src/chrome/content/rules/Find_a_Grave.xml
index dd2039a6fd1a..c64699c346b8 100644
--- a/src/chrome/content/rules/Find_a_Grave.xml
+++ b/src/chrome/content/rules/Find_a_Grave.xml
@@ -12,7 +12,8 @@
 <ruleset name="Find a Grave (partial)">
 
 	<target host="findagrave.com" />
-	<target host="*.findagrave.com" />
+	<target host="secure.findagrave.com" />
+	<target host="www.findagrave.com" />
 		<!--
 			Redirects back to www:
 						-->
@@ -22,4 +23,4 @@
 	<rule from="^http://(?:secure\.|www\.)?findagrave\.com/"
 		to="https://secure.findagrave.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Findgravy.com.xml b/src/chrome/content/rules/Findgravy.com.xml
new file mode 100644
index 000000000000..a6def9b61970
--- /dev/null
+++ b/src/chrome/content/rules/Findgravy.com.xml
@@ -0,0 +1,45 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://findgravy.com/ => https://findgravy.com/: (51, "SSL: no alternative certificate subject name matches target host name 'findgravy.com'")
+Fetch error: http://img01.findgravy.com/ => https://img01.findgravy.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://img02.findgravy.com/ => https://img02.findgravy.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://img03.findgravy.com/ => https://img03.findgravy.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://img04.findgravy.com/ => https://img04.findgravy.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.findgravy.com/ => https://www.findgravy.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.findgravy.com'")
+
+	Insecure cookies are set for these hosts:
+
+		- findgravy.com
+
+
+	Mixed content:
+
+		- favicon on ^ from favicon.domainsigma.com *
+
+	* Not secured by us <= mismatched (forced endpoint)
+
+-->
+<ruleset name="find Gravy.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="findgravy.com" />
+	<target host="img01.findgravy.com" />
+	<target host="img02.findgravy.com" />
+	<target host="img03.findgravy.com" />
+	<target host="img04.findgravy.com" />
+	<target host="www.findgravy.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^findgravy\.com$" name="^connect\.sid$" /-->
+
+	<securecookie host="^findgravy\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Findlawimages.com.xml b/src/chrome/content/rules/Findlawimages.com.xml
new file mode 100644
index 000000000000..4bb0c3b2abf1
--- /dev/null
+++ b/src/chrome/content/rules/Findlawimages.com.xml
@@ -0,0 +1,9 @@
+<!--
+        Refused:
+                findlawimages.com
+-->
+<ruleset name="Findlaw Images">
+	<target host="www.findlawimages.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Fine_Art_America.xml b/src/chrome/content/rules/Fine_Art_America.xml
index 573a122542f3..5202dae43dba 100644
--- a/src/chrome/content/rules/Fine_Art_America.xml
+++ b/src/chrome/content/rules/Fine_Art_America.xml
@@ -1,30 +1,64 @@
 <!--
 	CDN buckets:
 
-		- render-889924663.us-east-1.elb.amazonaws.com
-			- render.fineartamerica.com
-
 		- s3.amazonaws.com/images.fineartamerica.com/
+		- render-889924663.us-east-1.elb.amazonaws.com ← render.fineartamerica.com
+
+
+	Problematic hosts in *fineartamerica.com:
+
+		- images ᵐ
+		- imageslocal ᵐ
+		- render ʳ
+
+	ᵐ Mismatched
+	ʳ Refused
+
 
+	Insecure cookies are set for these hosts:
 
-	Problematic subdomains:
+		- fineartamerica.com
 
-		- render
+
+	Mixed content:
+
+		- iframe on ^ from www.youtube.com *
+
+		- Images, on:
+
+			- ^ from $self *
+			- ^ from images.fineartamerica.com *
+			- ^ from imageslocal.fineartamerica.com *
+			- ^ from render.fineartamerica.com *
+
+	* Secured by us
 
 -->
-<ruleset name="Fine Art America">
+<ruleset name="Fine Art America.com" platform="mixedcontent">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="fineartamerica.com" />
-	<target host="*.fineartamerica.com" />
+	<target host="www.fineartamerica.com" />
+
+	<!--	Complications:
+				-->
+	<target host="images.fineartamerica.com" />
+	<target host="imageslocal.fineartamerica.com" />
+	<target host="render.fineartamerica.com" />
 
 
-	<securecookie host="^(?:www\.)?fineartamerica\.com$" name=".+" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^fineartamerica\.com$" name="^PHPSESSID$" /-->
 
+	<securecookie host="^\." name="^__utm" />
+	<securecookie host="^\w" name=".+" />
 
-	<rule from="^http://(?:render\.|(www\.))?fineartamerica\.com/"
-		to="https://$1fineartamerica.com/" />
+	<rule from="^http://(?:imageslocal|render)\.fineartamerica\.com/"
+		to="https://fineartamerica.com/" />
 
-	<rule from="^https?://images\.fineartamerica\.com/"
-		to="https://s3.amazonaws.com/images.fineartamerica.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Fineproxy.org-problematic.xml b/src/chrome/content/rules/Fineproxy.org-problematic.xml
index 816c345eb2bd..6e118ccc3fa3 100644
--- a/src/chrome/content/rules/Fineproxy.org-problematic.xml
+++ b/src/chrome/content/rules/Fineproxy.org-problematic.xml
@@ -11,7 +11,6 @@
 	<securecookie host="^billingproxy\.fineproxy\.org$" name=".+" />
 
 
-	<rule from="^http://billingproxy\.fineproxy\.org/"
-		to="https://billingproxy.fineproxy.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Fineproxy.org.xml b/src/chrome/content/rules/Fineproxy.org.xml
index 5894dcc2ce62..720d8eed1e4b 100644
--- a/src/chrome/content/rules/Fineproxy.org.xml
+++ b/src/chrome/content/rules/Fineproxy.org.xml
@@ -1,30 +1,68 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://forum.fineproxy.org/ => https://forum.fineproxy.org/: (6, 'Could not resolve host: forum.fineproxy.org')
+
 	For problematic rules, see Fineproxy.org-problematic.xml.
 
 
+	Nonfunctional hosts in *fineproxy.org:
+
+		- vpn *
+
+	* Shows another domain
+
+
 	Problematic subdomains:
 
 		- billingproxy	(self-signed)
+		- www ¹ ²
+
+	¹ Self-signed
+	² Mismatched
+
 
+	Insecure cookies are set for these domains:
 
-	Fully covered subdomains:
+		- .fineproxy.org
 
-		- (www.)
-		- buy
-		- forum
-		- vpn
+
+	Mixed content:
+
+		- css, on:
+
+			- ^ from $self *
+			- forum from futbolki3d.org
+
+		- Images on forum from futbolki3d.org
+
+	* Secured by us
 
 -->
-<ruleset name="Fineproxy.org (partial)">
+<ruleset name="Fineproxy.org (partial)" platform="mixedcontent" default_off="failed ruleset test">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="fineproxy.org" />
-	<target host="*.fineproxy.org" />
+	<target host="buy.fineproxy.org" />
+	<target host="forum.fineproxy.org" />
+
+	<!--	Complications:
+				-->
+	<target host="www.fineproxy.org" />
 
 
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.fineproxy\.org$" name="^(?:__cfduid|cf_clearance)$" /-->
+
 	<securecookie host="^\.(?:forum\.)?fineproxy\.org$" name=".+" />
 
 
-	<rule from="^http://((?:buy|forum|vpn|www)\.)?fineproxy\.org/"
-		to="https://$1fineproxy.org/" />
+	<rule from="^http://www\.fineproxy\.org/"
+		to="https://fineproxy.org/" />
+
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Finmozg.ru.xml b/src/chrome/content/rules/Finmozg.ru.xml
index 4ee9fde031e4..084e08e342b2 100644
--- a/src/chrome/content/rules/Finmozg.ru.xml
+++ b/src/chrome/content/rules/Finmozg.ru.xml
@@ -8,7 +8,6 @@
 	<target host="www.finmozg.ru" />
 
 
-	<rule from="^http://(?:www\.)?finmozg\.ru/"
-		to="https://finmozg.ru/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Finn.xml b/src/chrome/content/rules/Finn.xml
index c52c79207c1c..34393be8747a 100644
--- a/src/chrome/content/rules/Finn.xml
+++ b/src/chrome/content/rules/Finn.xml
@@ -7,7 +7,6 @@
   <exclusion pattern="^http://oppdrag\.finn\.no/"/>
   <exclusion pattern="^http://katalog\.finn\.no/"/>
   <exclusion pattern="^http://www\.katalog\.finn\.no/"/>
-  <rule from="^http://finn\.no/" to="https://finn.no/"/>
-  <rule from="^http://www\.finn\.no/" to="https://www.finn.no/"/>
+  <rule from="^http:" to="https:" />
 </ruleset>
 
diff --git a/src/chrome/content/rules/FinnChristiansen.de.xml b/src/chrome/content/rules/FinnChristiansen.de.xml
new file mode 100644
index 000000000000..5bfdb6dc7eae
--- /dev/null
+++ b/src/chrome/content/rules/FinnChristiansen.de.xml
@@ -0,0 +1,18 @@
+<!--
+	Mixed content:
+
+		- css from $self
+
+-->
+<ruleset name="FinnChristiansen.de" default_off="cert-chain">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="finnchristiansen.de" />
+	<target host="www.finnchristiansen.de" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Finna.fi.xml b/src/chrome/content/rules/Finna.fi.xml
new file mode 100644
index 000000000000..0fe06079164a
--- /dev/null
+++ b/src/chrome/content/rules/Finna.fi.xml
@@ -0,0 +1,33 @@
+<!--
+	STS header specifies includeSubDomains.
+
+
+	Insecure cookies are set for these hosts:
+
+		- aalto.finna.fi
+		- www.finna.fi
+
+-->
+<ruleset name="Finna.fi">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="finna.fi" />
+	<target host="*.finna.fi" />
+
+		<test url="http://aalto.finna.fi/" />
+		<test url="http://piwik.finna.fi/" />
+		<test url="http://www.finna.fi/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:aalto|www)\.finna\.fi$" name="^PHPSESSID$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Finto.fi.xml b/src/chrome/content/rules/Finto.fi.xml
new file mode 100644
index 000000000000..e1ec37c588a8
--- /dev/null
+++ b/src/chrome/content/rules/Finto.fi.xml
@@ -0,0 +1,18 @@
+<!--
+	finto.fi has both a wildcard DNS record and a wildcard certificate, so enumerating all subdomains is impossible.
+-->
+<ruleset name="Finto.fi">
+	<target host="finto.fi" />
+	<target host="www.finto.fi" />
+	<target host="analytics.finto.fi" />
+	<target host="api.finto.fi" />
+	<target host="ehdotus.dev.finto.fi" />
+	<target host="vocbench.dev.finto.fi" />
+	<target host="ehdotus.finto.fi" />
+	<target host="legacy.finto.fi" />
+	<target host="staging.finto.fi" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Fio.bank.xml b/src/chrome/content/rules/Fio.bank.xml
new file mode 100644
index 000000000000..a5fa73d407a0
--- /dev/null
+++ b/src/chrome/content/rules/Fio.bank.xml
@@ -0,0 +1,11 @@
+<!--
+	No route:
+		- ns1
+		- ns2
+-->
+<ruleset name="Fio.bank">
+	<target host="fio.bank" />
+	<target host="www.fio.bank" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Fio.cz.xml b/src/chrome/content/rules/Fio.cz.xml
new file mode 100644
index 000000000000..c39fb0f5794a
--- /dev/null
+++ b/src/chrome/content/rules/Fio.cz.xml
@@ -0,0 +1,152 @@
+<!--
+	Incomplete certificate chain:
+		- jahodnik
+		- sb
+
+	Expired:
+		- ns12
+
+	Mismatched:
+		- acs-ds-mc
+		- acs-ds-visa
+		- acs-gw-cde1
+		- acs-gw-cde2
+		- akcie
+		- aron
+		- ftp
+		- wiki
+		- www-adm
+
+	Self-signed:
+		- podepisovac1
+		- podepisovac2
+		- testacs
+
+	Refused:
+		- boleslavgw
+		- bragw
+		- bratislavagw
+		- breclavgw
+		- brno2gw
+		- brnogw
+		- cisco-optika-vviss
+		- frydekgw
+		- fwd
+		- hgw
+		- hodoningw
+		- hradecgw
+		- hradistegw
+		- jecnagw
+		- jihlavagw
+		- kali
+		- kladnogw
+		- klatovygw
+		- kolingw
+		- kromerizgw
+		- liberecgw
+		- nachodgw
+		- ogw
+		- ologw
+		- olomoucgw
+		- opavagw
+		- ostravagw
+		- pankracgw
+		- pardubicegw
+		- prostejovgw
+		- radlickagw
+		- rybnagw
+		- strakonicegw
+		- sumperkgw
+		- svitavygw
+		- taborgw
+		- trebicgw
+		- trutnovgw
+		- ustinlgw
+		- ustinogw
+		- varygw
+		- wwwx
+		- zdargw
+		- zlingw
+
+	No route:
+		- cisco-csp
+		- cms-cde1
+		- cms-cde2
+		- dexter3
+		- dsbox1
+		- dsbox2
+		- estman1dev
+		- fiopr-gw1
+		- jahodnik1
+		- jahodnik2
+		- millenium1
+		- nat
+		- neconoveho
+		- ns
+		- ns1
+		- ns11
+		- ns2
+		- odette
+		- odile
+		- rezerva-jahodnik-plovouci
+		- rezerva1-jahodnik2
+		- rezerva2-jahodnik2
+		- rothbart
+		- router
+		- router1
+		- router2
+		- router3
+		- siegfried
+		- sofia
+		- ssb
+		- streamer2
+		- swan
+		- swan2
+		- swan2gw
+		- univnet1
+		- univnet2
+		- valkyra1
+		- valkyra1cdeweb-cde1
+		- valkyra2
+		- valkyra2cdeweb-cde2
+		- vpn1
+		- vpn2
+		- vpn3
+		- vviss
+		- vviss-ns
+		- vviss-smtp
+		- vviss-www
+		- xetra-cisco
+
+	Time out:
+		- aladin
+		- bgw
+		- budejovicegw
+		- cbgw
+		- ceskebubgw
+		- cisco-gts
+		- cisco-optika-millenium
+		- dmz1-millenium
+		- millenium
+		- millenium-gts
+		- millenium-www
+		- millennium
+		- podpis
+		- smtp-out
+		- smtp1
+		- smtp2
+		- streamer
+		- streamer1
+-->
+<ruleset name="Fio.cz">
+	<target host="fio.cz" />
+	<target host="www.fio.cz" />
+	<target host="acs.fio.cz" />
+	<target host="ib.fio.cz" />
+	<target host="m.fio.cz" />
+	<target host="www1.fio.cz" />
+	<target host="www2.fio.cz" />
+	<target host="www3.fio.cz" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Fio.hu.xml b/src/chrome/content/rules/Fio.hu.xml
new file mode 100644
index 000000000000..61dbe9788f54
--- /dev/null
+++ b/src/chrome/content/rules/Fio.hu.xml
@@ -0,0 +1,11 @@
+<!--
+	Time out:
+		- ^
+-->
+<ruleset name="Fio.hu">
+	<target host="fio.hu" />
+	<target host="www.fio.hu" />
+
+	<rule from="^http://fio\.hu/" to="https://www.fio.hu/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Fio.pl.xml b/src/chrome/content/rules/Fio.pl.xml
new file mode 100644
index 000000000000..3548b8af8241
--- /dev/null
+++ b/src/chrome/content/rules/Fio.pl.xml
@@ -0,0 +1,14 @@
+<!--
+	Mismatched:
+		- www1
+
+	Time out:
+		- ^
+-->
+<ruleset name="Fio.pl">
+	<target host="fio.pl" />
+	<target host="www.fio.pl" />
+
+	<rule from="^http://fio\.pl/" to="https://www.fio.pl/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Fio.sk.xml b/src/chrome/content/rules/Fio.sk.xml
new file mode 100644
index 000000000000..9f0589d5a20d
--- /dev/null
+++ b/src/chrome/content/rules/Fio.sk.xml
@@ -0,0 +1,14 @@
+<!--
+	Mismatched:
+		- ^
+		- www-adm
+-->
+<ruleset name="Fio.sk">
+	<target host="fio.sk" />
+	<target host="www.fio.sk" />
+	<target host="ib.fio.sk" />
+	<target host="m.fio.sk" />
+
+	<rule from="^http://fio\.sk/" to="https://www.fio.sk/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/FireEmblemWiki.org.xml b/src/chrome/content/rules/FireEmblemWiki.org.xml
new file mode 100644
index 000000000000..402ba8ccdd13
--- /dev/null
+++ b/src/chrome/content/rules/FireEmblemWiki.org.xml
@@ -0,0 +1,22 @@
+<!--
+	FireEmblemWiki.org has a wildcard DNS record.
+-->
+
+<ruleset name="FireEmblemWiki.org">
+	<target host="fireemblemwiki.org" />
+	<target host="www.fireemblemwiki.org" />
+	<target host="129test.fireemblemwiki.org" />
+	<target host="www.129test.fireemblemwiki.org" />
+	<target host="archives.fireemblemwiki.org" />
+	<target host="www.archives.fireemblemwiki.org" />
+	<target host="beta.fireemblemwiki.org" />
+	<target host="www.beta.fireemblemwiki.org" />
+	<target host="cpanel.fireemblemwiki.org" />
+	<target host="mail.fireemblemwiki.org" />
+	<target host="webdisk.fireemblemwiki.org" />
+	<target host="webmail.fireemblemwiki.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/FireEye.xml b/src/chrome/content/rules/FireEye.xml
index ff53b49fdf85..d4d408280b74 100644
--- a/src/chrome/content/rules/FireEye.xml
+++ b/src/chrome/content/rules/FireEye.xml
@@ -1,49 +1,49 @@
 <!--
-	Nonfunctional subdomains:
-
-		- ^
-		- blog
-		- www		(503)
-
-
-	Problematic subdomains:
-
-		- ^	(refused)
-
-
-	Partially covered subdomains:
-
-		- www2		(pages redirect to app-i.marketo.com)
-
-
-	Mixed content:
-
-		- css on www from www *
-
-		- Images on www from www **
-
-		- Ad on www from ad.doubleclick.net **
-
-	* Secured by us, formatting for a social button
-	** Secured by us
-
+	Refused/Nonfunctional:
+		aiws.*
+		api.eu*
+		ati.*
+		autodiscover.*
+		avsuite-.*
+		bmw-.*
+		docs.*
+		drop.*
+		edulabs.
+		emea.*
+		engvpn.*
+		event-registration.*
+		faude-.*
+		hex.*
+		ir*.
+		jira.eng.*
+		learning.*
+		mirprd*.
+		selab.emea.*
+		user[0-9].*
+		validation.eng.*
+		vpn.selab.emea.*
+
+	Invalid Certificate:
+		arc.*
+
+	Redirects to Microsoft:
+		aware.fireeye.com
 -->
-<ruleset name="FireEye (partial)">
-
-	<target host="fireeeye.com" />
-	<target host="*.fireeeye.com" />
-
-
-	<securecookie host="^www\.fireeye\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?fireeye\.com/"
-		to="https://www.fireeye.com/" />
-
-	<rule from="^http://csportal\.fireeye\.com/"
-		to="https://csportal.fireeye.com/" />
-
-	<rule from="^https?://www2\.fireeye\.com/(cs|image|j|r)s/"
-		to="https://na-i.marketo.com/$1s/" />
-
-</ruleset>
+<ruleset name="FireEye">
+	<target host="fireeye.com" />
+	<target host="ambassadors.fireeye.com" />
+	<target host="apps.fireeye.com" />
+	<target host="brand.fireeye.com" />
+	<target host="community.fireeye.com" />
+	<target host="connect.fireeye.com" />
+	<target host="console.eu.fireeye.com" />
+	<target host="content.fireeye.com" />
+	<target host="education.fireeye.com" />
+	<target host="etp.eu.fireeye.com" />
+	<target host="investors.fireeye.com" />
+	<target host="support.fireeye.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/FireHost.xml b/src/chrome/content/rules/FireHost.xml
index ee3a4fd259be..839e2342c19c 100644
--- a/src/chrome/content/rules/FireHost.xml
+++ b/src/chrome/content/rules/FireHost.xml
@@ -1,13 +1,17 @@
-<!--	ne.wac.edgecastcdn.net/001415/assets/
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://firehost.com/ => http://firehost.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+	ne.wac.edgecastcdn.net/001415/assets/
 	ne.wac.edgecastcdn.net/801415/firehost.com/
 -->
-<ruleset name="FireHost (partial)">
+<ruleset name="FireHost (partial)" default_off="failed ruleset test">
 
 	<target host="firehost.com"/>
 	<target host="*.firehost.com"/>
-		<exclusion pattern="^http://www\.firehost\.com/(company|compare|customers|details/[\w\-]+\w|secure-hosting(/[^/]?/)?|solutions)?$"/>
+		<exclusion pattern="^http://www\.firehost\.com/(?:company|compare|customers|details/[\w\-]+\w|secure-hosting(?:/[^/]?/)?|solutions)?$"/>
 
-	<securecookie host="^(.*\.)?firehost\.com$" name=".*"/>
+	<securecookie host=".+" name=".+"/>
 
 	<rule from="^http://(www\.)?firehost\.com/(/_CaptchaImage\.axd|assets/|cart|company/contact|partners|protected/|secure-hosting/[\w\-]+/configure)"
 		to="https://$1firehost.com/$1"/>
diff --git a/src/chrome/content/rules/FireSmoke.ca.xml b/src/chrome/content/rules/FireSmoke.ca.xml
new file mode 100644
index 000000000000..b10987e0cc56
--- /dev/null
+++ b/src/chrome/content/rules/FireSmoke.ca.xml
@@ -0,0 +1,6 @@
+<ruleset name="FireSmoke.ca">
+	<target host="firesmoke.ca" />
+	<target host="www.firesmoke.ca" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Firebase.xml b/src/chrome/content/rules/Firebase.xml
index b796f2313a1d..87b3a5b92d8c 100644
--- a/src/chrome/content/rules/Firebase.xml
+++ b/src/chrome/content/rules/Firebase.xml
@@ -1,19 +1,34 @@
 <!--
 	Nonfunctional subdomains:
 
-		- status
+		- firebaseio.com	(could not resolve host)
 
 -->
-<ruleset name="Firebase (partial)">
+<ruleset name="Firebase.com (partial)">
 
 	<target host="firebase.com" />
-	<target host="*.firebase.com" />
-
+	<target host="www.firebase.com" />
+	<target host="auth.firebase.com" />
+	<target host="cdn.firebase.com" />
+	<target host="firebaseapp.com" />
+
+	<!-- wildcard is necessary to support many subdomains -->
+	<target host="*.firebaseapp.com" />
+	<target host="*.firebaseio.com" />
+
+		<test url="http://firechat.firebaseapp.com/" />
+		<test url="http://sandbox-tutorial.firebaseapp.com/" />
+		<test url="http://simpleformv3.firebaseapp.com/" />
+		<test url="http://www.firebaseapp.com/" />
+		<test url="http://firebase-website.firebaseio.com/" />
+		<test url="http://s-softlayer.firebaseio.com/" />
+		<test url="http://s-usc1c-nss-101.firebaseio.com/" />
 
 	<securecookie host="^auth\.firebase\.com$" name=".+" />
+	<securecookie host="^.*\.firebaseapp\.com$" name=".+" />
+	<securecookie host="^.*\.firebaseio\.com$" name=".+" />
 
+	<rule from="^http:"
+		to="https:" />
 
-	<rule from="^http://(auth\.|www\.)?firebase\.com/"
-		to="https://$1firebase.com/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Fireclick.com.xml b/src/chrome/content/rules/Fireclick.com.xml
deleted file mode 100644
index a8f44675c90e..000000000000
--- a/src/chrome/content/rules/Fireclick.com.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	For other Digital River coverage, see Digital-River.xml
-
-
-	Nonfunctional subdomains:
-
-		- index *
-		- www *
-
-	* Refused
-
--->
-<ruleset name="Fireclick.com (partial)">
-
-	<target host="my.fireclick.com" />
-
-
-	<rule from="^http://my\.fireclick\.com/"
-		to="https://my.fireclick.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Firedoglake.xml b/src/chrome/content/rules/Firedoglake.xml
index 4de73e520caf..90623e612bc1 100644
--- a/src/chrome/content/rules/Firedoglake.xml
+++ b/src/chrome/content/rules/Firedoglake.xml
@@ -1,10 +1,20 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://members.firedoglake.com/ => https://members.firedoglake.com/: (51, "SSL: no alternative certificate subject name matches target host name 'members.firedoglake.com'")
+
+-->
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://members.firedoglake.com/ => https://members.firedoglake.com/: (51, "SSL: no alternative certificate subject name matches target host name 'members.firedoglake.com'")
+
 	Nonfunctional subdomains:
 
 		- static1
 
 -->
-<ruleset name="Firedoglake (partial)">
+<ruleset name="Firedoglake (partial)" default_off="failed ruleset test">
 
 	<target host="members.firedoglake.com" />
 
@@ -12,7 +22,6 @@
 	<securecookie host="^members\.firedoglake\.com$" name=".+" />
 
 
-	<rule from="^http://members\.firedoglake\.com/"
-		to="https://members.firedoglake.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Firedrive.com.xml b/src/chrome/content/rules/Firedrive.com.xml
new file mode 100644
index 000000000000..c13f68a1f534
--- /dev/null
+++ b/src/chrome/content/rules/Firedrive.com.xml
@@ -0,0 +1,27 @@
+<!--
+	At least some pages redirect to http.
+
+-->
+<ruleset name="Firedrive.com (partial)">
+
+	<target host="firedrive.com" />
+	<target host="*.firedrive.com" />
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="^http://(www\.)?firedrive\.com/+($|\?)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://(?:www\.)?firedrive\.com/+(?!favicon\.ico)" />
+
+
+	<!--	Not secured by server:
+					-->
+	<securecookie host="^(?:auth|dl|stats)\.firedrive\.com$" name=".+" />
+
+
+	<rule from="^http://((?:auth|dl|media-b\d+|static|stats|www)\.)?firedrive\.com/"
+		to="https://$1firedrive.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Firefox.com.xml b/src/chrome/content/rules/Firefox.com.xml
new file mode 100644
index 000000000000..dea849b61639
--- /dev/null
+++ b/src/chrome/content/rules/Firefox.com.xml
@@ -0,0 +1,41 @@
+<!--
+	For other Mozilla coverage, see Mozilla.xml.
+
+	Mismatching certificate:
+		- detectportal.firefox.com
+
+	These altnames don't exist:
+		- scrypt.accounts.firefox.com
+-->
+<ruleset name="Firefox.com">
+	<target host="firefox.com" />
+	<target host="*.firefox.com" />
+
+		<test url="http://www.firefox.com/" />
+		<test url="http://accounts.firefox.com/" />
+		<test url="http://api.accounts.firefox.com/" />
+		<test url="http://oauth.accounts.firefox.com/" />
+		<test url="http://profile.accounts.firefox.com/" />
+		<test url="http://verifier.accounts.firefox.com/" />
+		<test url="http://color.firefox.com/" />
+		<test url="http://design.firefox.com/" />
+		<test url="http://hello.firefox.com/" />
+		<test url="http://screenshots.firefox.com/" />
+		<test url="http://screenshotscdn.firefox.com/static/img/mozilla.svg" />
+		<test url="http://send.firefox.com/" />
+		<test url="http://testpilot.firefox.com/" />
+
+	<!-- Used to detect captive portals, requires plain HTTP -->
+	<exclusion pattern="http://detectportal\.firefox\.com/" />
+		<test url="http://detectportal.firefox.com/" />
+
+	<target host="firefoxusercontent.com" />
+	<target host="screenshots.firefoxusercontent.com" />
+		<test url="http://screenshots.firefoxusercontent.com/images/a4c03361-f597-4c4c-ba43-2dad0fe0584e.png" />
+	<target host="screenshotscdn.firefoxusercontent.com" />
+		<test url="http://screenshotscdn.firefoxusercontent.com/images/a4c03361-f597-4c4c-ba43-2dad0fe0584e.png" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Firefox.net.cn.xml b/src/chrome/content/rules/Firefox.net.cn.xml
new file mode 100644
index 000000000000..78fd5951181d
--- /dev/null
+++ b/src/chrome/content/rules/Firefox.net.cn.xml
@@ -0,0 +1,9 @@
+<ruleset name="Firefox.net.cn">
+
+	<target host="firefox.net.cn" />
+	<target host="www.firefox.net.cn" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Firefox_OS_Devices.org.xml b/src/chrome/content/rules/Firefox_OS_Devices.org.xml
new file mode 100644
index 000000000000..3e6dd8e024b0
--- /dev/null
+++ b/src/chrome/content/rules/Firefox_OS_Devices.org.xml
@@ -0,0 +1,31 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- firefoxosdevices.org
+
+
+	These altnames don't exist:
+
+		- www.static.firefoxosdevices.org
+
+-->
+<ruleset name="Firefox OS Devices.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="firefoxosdevices.org" />
+	<target host="static.firefoxosdevices.org" />
+	<target host="www.firefoxosdevices.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^firefoxosdevices\.org$" name="^PHPSESSID" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Firelady.com.xml b/src/chrome/content/rules/Firelady.com.xml
new file mode 100644
index 000000000000..2f1f2c38e14b
--- /dev/null
+++ b/src/chrome/content/rules/Firelady.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="Firelady.com">
+
+	<target host="firelady.com" />
+	<target host="www.firelady.com" />
+
+
+	<securecookie host="^\.firelady\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Firemail.de.xml b/src/chrome/content/rules/Firemail.de.xml
index e348488f40eb..bf83a6ee933c 100644
--- a/src/chrome/content/rules/Firemail.de.xml
+++ b/src/chrome/content/rules/Firemail.de.xml
@@ -1,6 +1,6 @@
 <ruleset name="Firemail.de">
 <target host="www.firemail.de"/>
 <target host="firemail.de"/>
-<rule from="^http://(www\.)?firemail\.de/" to="https://www.firemail.de/"/>
+<rule from="^http:" to="https:" />
 </ruleset>
 <!-- Rule generated by HTTPS Finder 0.91 -->
diff --git a/src/chrome/content/rules/Firm24.com.xml b/src/chrome/content/rules/Firm24.com.xml
new file mode 100644
index 000000000000..e452a32a4484
--- /dev/null
+++ b/src/chrome/content/rules/Firm24.com.xml
@@ -0,0 +1,24 @@
+<!--
+	Mixed content:
+
+		- Images from $self *
+
+		- css from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Firm24.com">
+
+	<target host="firm24.com" />
+	<target host="www.firm24.com" />
+
+
+	<!--	Server doesn't set Secure for:
+						-->
+	<securecookie host="^(?:www\.)?firm24\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Firmas.lv.xml b/src/chrome/content/rules/Firmas.lv.xml
new file mode 100644
index 000000000000..56afb796916c
--- /dev/null
+++ b/src/chrome/content/rules/Firmas.lv.xml
@@ -0,0 +1,6 @@
+<ruleset name="Firmas.lv">
+  <target host="firmas.lv" />
+  <target host="www.firmas.lv" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Firmware.netgate.com.xml b/src/chrome/content/rules/Firmware.netgate.com.xml
new file mode 100644
index 000000000000..85d9333457d0
--- /dev/null
+++ b/src/chrome/content/rules/Firmware.netgate.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Firmware.netgate.com">
+  <target host="firmware.netgate.com" />
+  <target host="www.firmware.netgate.com" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/First-Central-State-Bank.xml b/src/chrome/content/rules/First-Central-State-Bank.xml
index 7ae6decacbe4..b9667326abf2 100644
--- a/src/chrome/content/rules/First-Central-State-Bank.xml
+++ b/src/chrome/content/rules/First-Central-State-Bank.xml
@@ -1,9 +1,25 @@
-<ruleset name="First Central State Bank">
+<!--
+	First Central State Bank
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.firstcentralsb.com
+
+-->
+<ruleset name="First Central SB.com">
 	<target host="firstcentralsb.com" />
 	<target host="*.firstcentralsb.com" />
 
-	<securecookie host="(^|\.)firstcentralsb\.com$" name=".+" />
+		<test url="http://www.firstcentralsb.com/" />
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.firstcentralsb\.com$" name="^[\da-f]{32}$" /-->
+
+	<securecookie host="^(?:^|\.)firstcentralsb\.com$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
 
-	<rule from="^http://firstcentralsb\.com/" to="https://www.firstcentralsb.com/" />
-	<rule from="^http://(([a-zA-Z0-9\-])+\.)firstcentralsb\.com/" to="https://$1firstcentralsb.com/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/FirstChoiceLiquor.com.au.xml b/src/chrome/content/rules/FirstChoiceLiquor.com.au.xml
new file mode 100644
index 000000000000..711bbed5ec80
--- /dev/null
+++ b/src/chrome/content/rules/FirstChoiceLiquor.com.au.xml
@@ -0,0 +1,23 @@
+<!--
+	For other Coles coverage, see Coles.com.au.xml
+
+
+	Non-functional subdomains:
+		- beta		(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="First Choice Liquor">
+
+	<target host="firstchoiceliquor.com.au" />
+	<target host="www.firstchoiceliquor.com.au" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/FirstDEDIC.ru.xml b/src/chrome/content/rules/FirstDEDIC.ru.xml
new file mode 100644
index 000000000000..8bbdeee34d6f
--- /dev/null
+++ b/src/chrome/content/rules/FirstDEDIC.ru.xml
@@ -0,0 +1,21 @@
+<!--
+	Nonfunctional hosts in *firstdedic.ru:
+
+		- lg ᵇ
+
+	ᵇ Shows default page
+
+-->
+<ruleset name="FirstDEDIC.ru (partial)">
+
+	<target host="firstdedic.ru" />
+	<target host="www.firstdedic.ru" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/FirstGiving.com.xml b/src/chrome/content/rules/FirstGiving.com.xml
new file mode 100644
index 000000000000..80ebc57ed0b1
--- /dev/null
+++ b/src/chrome/content/rules/FirstGiving.com.xml
@@ -0,0 +1,33 @@
+<!--
+	No working URL known:
+		accountingapi.firstgiving.com
+		wcf.accountingapi.firstgiving.com
+		api.firstgiving.com
+		graphapi.firstgiving.com
+		recurringdonations.firstgiving.com
+		reporting.firstgiving.com
+
+	Time out:
+		blog.firstgiving.com
+		qa.firstgiving.com
+
+	Invalid certificate:
+		go.firstgiving.com
+		info.firstgiving.com
+		support.firstgiving.com
+
+-->
+<ruleset name="FirstGiving.com">
+
+	<target host="firstgiving.com" />
+	<target host="www.firstgiving.com" />
+	<target host="app.firstgiving.com" />
+	<target host="assets.firstgiving.com" />
+	<target host="donate.firstgiving.com" />
+	<target host="donatenowstaging.firstgiving.com" />
+	<target host="donatetab.firstgiving.com" />
+	<target host="graphapi-widget.firstgiving.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/FirstGiving.xml b/src/chrome/content/rules/FirstGiving.xml
deleted file mode 100644
index 6ece73c45a8c..000000000000
--- a/src/chrome/content/rules/FirstGiving.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="FirstGiving" platform="mixedcontent">
-	<target host="firstgiving.com" />
-	<target host="www.firstgiving.com" />
-
-	<rule from="^(http://(www\.)?|https://)firstgiving\.com/" to="https://www.firstgiving.com/" />
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/FirstLook.media.xml b/src/chrome/content/rules/FirstLook.media.xml
new file mode 100644
index 000000000000..c172b442d6bc
--- /dev/null
+++ b/src/chrome/content/rules/FirstLook.media.xml
@@ -0,0 +1,16 @@
+<!--
+	Dropped:
+	- k6jyto7zq7xxriux.onion
+	- www.k6jyto7zq7xxriux.onion
+-->
+
+<ruleset name="FirstLook.media">
+	<target host="firstlook.media" />
+	<target host="www.firstlook.media" />
+	<target host="code.firstlook.media" />
+	<target host="rss.prod.firstlook.media" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/FirstTag.xml b/src/chrome/content/rules/FirstTag.xml
new file mode 100644
index 000000000000..2c6c44adb345
--- /dev/null
+++ b/src/chrome/content/rules/FirstTag.xml
@@ -0,0 +1,7 @@
+<ruleset name="FirstTag.de">
+<target host="t4ft.de" />
+	<target host="c.t4ft.de" />
+
+<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/FirstTechFed.com.xml b/src/chrome/content/rules/FirstTechFed.com.xml
new file mode 100644
index 000000000000..57c2bb0bfd0f
--- /dev/null
+++ b/src/chrome/content/rules/FirstTechFed.com.xml
@@ -0,0 +1,11 @@
+<ruleset name="FirstTechFed.com">
+  <target host=       "firsttechfed.com" />
+  <target host="online.firsttechfed.com" />
+  <target host=   "www.firsttechfed.com" />
+  <target host=  "www2.firsttechfed.com" />
+
+  <securecookie host=".+" name=".+" />
+
+  <rule from="^http:"
+          to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/FirstVDS.ru.xml b/src/chrome/content/rules/FirstVDS.ru.xml
new file mode 100644
index 000000000000..33c23c870a9e
--- /dev/null
+++ b/src/chrome/content/rules/FirstVDS.ru.xml
@@ -0,0 +1,33 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://firstvds.ru/ => https://firstvds.ru/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.firstvds.ru/ => https://www.firstvds.ru/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	Nonfunctional hosts in *firstvds.ru:
+
+		- forum ᵈ
+
+	ᵈ Dropped
+
+-->
+<ruleset name="FirstVDS.ru (partial)" default_off="failed ruleset test">
+
+	<target host="firstvds.ru" />
+	<target host="my.firstvds.ru" />
+	<target host="www.firstvds.ru" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.firstvds\.ru$" name="^billmgrlang5$" /-->
+	<!--securecookie host="^my\.firstvds\.ru$" name="^billmgrses5$" /-->
+
+	<securecookie host="^\w" name=".+" />
+	<securecookie host="^\." name="^(?:_gat?$|billmgr)" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/FirstWednesday.lgbt.xml b/src/chrome/content/rules/FirstWednesday.lgbt.xml
new file mode 100644
index 000000000000..b4d1489658fe
--- /dev/null
+++ b/src/chrome/content/rules/FirstWednesday.lgbt.xml
@@ -0,0 +1,8 @@
+<ruleset name="FirstWednesday.lgbt">
+	<target host="firstwednesday.lgbt" />
+	<target host="www.firstwednesday.lgbt" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/First_Amendment_Center.org-problematic.xml b/src/chrome/content/rules/First_Amendment_Center.org-problematic.xml
deleted file mode 100644
index 2126b9b12a74..000000000000
--- a/src/chrome/content/rules/First_Amendment_Center.org-problematic.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	For rules that are on by default, see First_Amendment_Center.org.xml.
-
--->
-<ruleset name="First Amendment Center.org (problematic)" default_off="mismatched">
-
-	<target host="www.firstamendmentcenter.org" />
-		<!--
-			Handled in First_Amendment_Center.org.xml:
-									-->
-		<exclusion pattern="^http://www\.firstamendmentcenter\.org/madison/" />
-
-
-	<rule from="^http://www\.firstamendmentcenter\.org/"
-		to="https://www.firstamendmentcenter.org/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/First_Amendment_Center.org.xml b/src/chrome/content/rules/First_Amendment_Center.org.xml
index 8fde769351d5..986f86e9f452 100644
--- a/src/chrome/content/rules/First_Amendment_Center.org.xml
+++ b/src/chrome/content/rules/First_Amendment_Center.org.xml
@@ -1,31 +1,22 @@
 <!--
-	For problematic rules, see First_Amendment_Center.org-problematic.xml.
-
-
-	CDN buckets:
-
-		- s111617.gridserver.com
-
-
 	CN: *.gridserver.com
 
 
-	^firstamendmentcenter.org does not exist.
+	Mixed content:
+
+		- Images from www.firstamendmentcenter.org
 
 -->
-<ruleset name="First Amendment Center.org (partial)">
+<ruleset name="First Amendment Center.org" default_off="mismatched">
 
-	<target host="*.firstamendmentcenter.org" />
-		<!--
-			Avoid user-visible paths:
-							-->
-		<exclusion pattern="^http://www\.firstamendmentcenter\.org/(?!madison/)" />
+	<target host="firstamendmentcenter.org" />
+	<target host="www.firstamendmentcenter.org" />
 
 
 	<securecookie host="^\.firstamendmentcenter\.org$" name="^__utm\w$" />
 
 
-	<rule from="^http://www\.firstamendmentcenter\.org/"
-		to="https://s111617.gridserver.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/First_Amendment_Coalition.xml b/src/chrome/content/rules/First_Amendment_Coalition.xml
index 130aa38974fe..eee7e007e1fb 100644
--- a/src/chrome/content/rules/First_Amendment_Coalition.xml
+++ b/src/chrome/content/rules/First_Amendment_Coalition.xml
@@ -4,7 +4,7 @@
 		- www	(wpengine)
 
 -->
-<ruleset name="First Amendment Coalition">
+<ruleset name="First Amendment Coalition" default_off="expired">
 
 	<target host="firstamendmentcoalition.org" />
 	<target host="www.firstamendmentcoalition.org" />
@@ -13,4 +13,4 @@
 	<rule from="^http://(?:www\.)?firstamendmentcoalition\.org/"
 		to="https://firstamendmentcoalition.org/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/First_Class_Magazine.se.xml b/src/chrome/content/rules/First_Class_Magazine.se.xml
new file mode 100644
index 000000000000..ce29e93f1d40
--- /dev/null
+++ b/src/chrome/content/rules/First_Class_Magazine.se.xml
@@ -0,0 +1,21 @@
+<!--
+	www.firstclassmagazine.se: mismatched
+
+
+	Mixed content:
+
+		- Images on www from media ¹
+
+	¹ Secured by us
+
+-->
+<ruleset name="First Class Magazine.se">
+
+	<target host="firstclassmagazine.se" />
+	<target host="media.firstclassmagazine.se" />
+	<target host="www.firstclassmagazine.se" />
+
+	<securecookie host="^\." name="^__cfduid$" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/First_Integrity.com.xml b/src/chrome/content/rules/First_Integrity.com.xml
new file mode 100644
index 000000000000..ac83a81c677a
--- /dev/null
+++ b/src/chrome/content/rules/First_Integrity.com.xml
@@ -0,0 +1,23 @@
+<!--
+	Mixed content:
+
+		- Images from www.firstintegrity.com *
+
+	* Secured by us
+
+-->
+<ruleset name="First Integrity.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="firstintegrity.com" />
+	<target host="www.firstintegrity.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Firstfloor-Electronix.xml b/src/chrome/content/rules/Firstfloor-Electronix.xml
index 4c31ead16a9e..157787709c43 100644
--- a/src/chrome/content/rules/Firstfloor-Electronix.xml
+++ b/src/chrome/content/rules/Firstfloor-Electronix.xml
@@ -5,7 +5,7 @@
 	<target host="www.firstfloor.org" />
 
 
-	<rule from="^https?://(?:www\.)?firstfloor\.org/"
+	<rule from="^http://(?:www\.)?firstfloor\.org/"
 		to="https://firstfloor.org/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Firsts.com.xml b/src/chrome/content/rules/Firsts.com.xml
new file mode 100644
index 000000000000..454ce3274557
--- /dev/null
+++ b/src/chrome/content/rules/Firsts.com.xml
@@ -0,0 +1,21 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://firsts.com/ => https://firsts.com/: (51, "SSL: no alternative certificate subject name matches target host name 'firsts.com'")
+Fetch error: http://www.firsts.com/ => https://www.firsts.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.firsts.com'")
+
+	For other Vodafone Group coverage, see Vodafone.xml.
+
+-->
+<ruleset name="Firsts.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="firsts.com" />
+	<target host="www.firsts.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/FishBase.us.xml b/src/chrome/content/rules/FishBase.us.xml
index 43b7c712dc8f..9836d85ac5e3 100644
--- a/src/chrome/content/rules/FishBase.us.xml
+++ b/src/chrome/content/rules/FishBase.us.xml
@@ -1,18 +1,11 @@
-<!--
-	- Expired 2012-07-27
-	- Cert only matches www
-
--->
-<ruleset name="FishBase.us" default_off="expired, self-signed">
+<ruleset name="FishBase.us" platform="mixedcontent">
 
 	<target host="fishbase.us" />
 	<target host="www.fishbase.us" />
 
-
 	<securecookie host="^www\.fishbase\.us$" name=".+" />
 
+	<rule from="^http:"
+		to="https:" />
 
-	<rule from="^http://(?:www\.)?fishbase\.us/"
-		to="https://www.fishbase.us/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/FishNet_Security.com.xml b/src/chrome/content/rules/FishNet_Security.com.xml
new file mode 100644
index 000000000000..7aaede8728f5
--- /dev/null
+++ b/src/chrome/content/rules/FishNet_Security.com.xml
@@ -0,0 +1,22 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://fishnetsecurity.com/ => https://fishnetsecurity.com/: (60, 'SSL certificate problem: self signed certificate')
+Fetch error: http://www.fishnetsecurity.com/ => https://www.fishnetsecurity.com/: (60, 'SSL certificate problem: self signed certificate')
+
+-->
+<ruleset name="FishNet Security.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="fishnetsecurity.com" />
+	<target host="www.fishnetsecurity.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Fishshell.com.xml b/src/chrome/content/rules/Fishshell.com.xml
new file mode 100644
index 000000000000..66d86cc0b27f
--- /dev/null
+++ b/src/chrome/content/rules/Fishshell.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Fishshell.com">
+	<target host="fishshell.com" />
+	<target host="www.fishshell.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Fiskeriverket.se.xml b/src/chrome/content/rules/Fiskeriverket.se.xml
deleted file mode 100644
index 8ab2c60a5651..000000000000
--- a/src/chrome/content/rules/Fiskeriverket.se.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<!-- already enforces https. adding to prevent sslstrips on port 80 -->
-<ruleset name="Fiskeriverket.se" platform="mixedcontent">
-	<target host="fiskeriverket.se" />
-	<target host="www.fiskeriverket.se" />
-	<rule from="^http://fiskeriverket\.se/" to="https://www.fiskeriverket.se/"/>
-	<rule from="^http://www\.fiskeriverket\.se/" to="https://www.fiskeriverket.se/"/>
-</ruleset>
-
diff --git a/src/chrome/content/rules/FitBit.xml b/src/chrome/content/rules/FitBit.xml
index 4c6c799d66d5..c49f68d1c980 100644
--- a/src/chrome/content/rules/FitBit.xml
+++ b/src/chrome/content/rules/FitBit.xml
@@ -1,34 +1,62 @@
-<!--
-	CDN buckets:
-
-		- s3.amazonaws.com/fitbit.production/ | d6y8zfzc2qfsl.cloudfront.net
-		- fitbit.assistly.com
-		- fitbit.theresumator.com
-
-
-	Nonfunctional subdomains:
-
-		- blog		(redirects to innovaeframelessfittings.com, mismatched)
-		- help		(redirects to http, mismatched, CN: *.assistly.com)
-		- jobs		(redirects to http, mismatched, CN: *.theresumator.com)
 
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://android-client.fitbit.com/ => https://android-client.fitbit.com/: Too many redirects while fetching 'https://android-client.fitbit.com/'
+Fetch error: http://desktop-client.fitbit.com/ => https://desktop-client.fitbit.com/: Too many redirects while fetching 'https://desktop-client.fitbit.com/'
+Fetch error: http://iphone-client.fitbit.com/ => https://iphone-client.fitbit.com/: Too many redirects while fetching 'https://iphone-client.fitbit.com/'
+Fetch error: http://client.fitbit.com/ => https://client.fitbit.com/: Too many redirects while fetching 'https://client.fitbit.com/'
+Fetch error: http://m.fitbit.com/ => https://m.fitbit.com/: (6, 'Could not resolve host: m.fitbit.com')
+
+	Forwards to HTTP (March 2016):
+		- staticcs.fitbit.com
+		- static0.fitbit.com
+		- static1.fitbit.com
+		- static2.fitbit.com
+		- static3.fitbit.com
+		- static4.fitbit.com
+		- static5.fitbit.com
+		- static6.fitbit.com
+		- static7.fitbit.com
+		- static8.fitbit.com
+		- static9.fitbit.com
+
+	Invalid (March 2016):
+		- support.fitbit.com
+		- www.lp.fitbit.com
+		- lp.fitbit.com
+		- cache.fitbit.com (https://d6y8zfzc2qfsl.cloudfront.net/)
 -->
-<ruleset name="FitBit" platform="mixedcontent">
+<ruleset name="FitBit" default_off="failed ruleset test">
 
 	<target host="fitbit.com" />
-	<target host="*.fitbit.com" />
-
-
-	<securecookie host="^(?:.+\.)?fitbit\.com$" name=".+" />
-
-
-	<rule from="^http://((?:api|client|dev|m|qa3store(?:-static\d)?|static\d|store-\w\w|wiki|www)\.)?fitbit\.com/"
-		to="https://$1fitbit.com/" />
-
-	<rule from="^https?://cache\.fitbit\.com/"
-		to="https://d6y8zfzc2qfsl.cloudfront.net/" />
-
-	<rule from="^https?://jobs\.fitbit\.com/(css|img)/"
-		to="https://fitbit.theresumator.com/$1/" />
+	<target host="www.fitbit.com" />
+	<target host="blog.fitbit.com" />
+	<target host="help.fitbit.com" />
+	<target host="jobs.fitbit.com" />
+	<target host="community.fitbit.com" />
+	<target host="api.fitbit.com" />
+	<target host="android-api.fitbit.com" />
+	<target host="android-client.fitbit.com" />
+	<target host="desktop-api.fitbit.com" />
+	<target host="desktop-client.fitbit.com" />
+	<target host="iphone-api.fitbit.com" />
+	<target host="iphone-client.fitbit.com" />
+	<target host="client.fitbit.com" />
+	<target host="dev.fitbit.com" />
+	<target host="m.fitbit.com" />
+	<target host="wiki.fitbit.com" />
+	<target host="jira.fitbit.com" />
+	<target host="corporate.fitbit.com" />
+	<target host="fitforgood.fitbit.com" />
+	<target host="assets.fitbit.com" />
+	<target host="investor.fitbit.com" />
+	<target host="status.fitbit.com" />
+	<target host="strava.fitbit.com" />
+	<target host="contact.fitbit.com" />
+	<target host="ifttt.fitbit.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/FitStudio.com.xml b/src/chrome/content/rules/FitStudio.com.xml
new file mode 100644
index 000000000000..5fa797aa6950
--- /dev/null
+++ b/src/chrome/content/rules/FitStudio.com.xml
@@ -0,0 +1,70 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://fitstudio.com/ => https://fitstudio.com/: (56, 'SSL read: error:00000000:lib(0):func(0):reason(0), errno 104')
+
+	For other Sears Holdings coverage, see Sears.com.xml.
+
+
+		fitstudio.ideafit.com
+
+			- fitnessconnect
+
+
+	Problematic subdomains:
+
+		- fitnessconnect	(redirects to http; mismatched, CN: *.ideafit.com)
+
+
+	Partially covered subdomains:
+
+		- fitnessconnect	($ redirects to http)
+
+
+	Fully covered subdomains:
+
+		- (www.)
+		- blog
+		- gear
+		- polls
+		- sweeps
+
+
+	Mixed content:
+
+		- Images on polls from blog *
+
+		- Web bugs, on:
+
+			- blog from blog *
+			- polls from oascentral.sears.com
+
+	* Secured by us
+
+-->
+<ruleset name="FitStudio.com (partial)" default_off="failed ruleset test">
+
+	<target host="fitstudio.com" />
+	<target host="blog.fitstudio.com" />
+	<target host="gear.fitstudio.com" />
+	<target host="polls.fitstudio.com" />
+	<target host="sweeps.fitstudio.com" />
+	<target host="www.fitstudio.com" />
+	<target host="fitnessconnect.fitstudio.com" />
+		<!--
+			Redirects to http:
+						-->
+		<!--exclusion pattern="^http://fitnessconnect\.fitstudio\.com/+(fitnessconnect-search)?($|\?)" /-->
+
+
+	<!--securecookie host="^(\.?blog|\.gear|\.polls|\.?sweeps|www)?\.fitstudio\.com$" name=".+" /-->
+	<securecookie host=".*\.fitstudio\.com$" name=".+" />
+
+
+	<rule from="^http://((?:blog|gear|polls|sweeps|www)\.)?fitstudio\.com/"
+		to="https://$1fitstudio.com/" />
+
+	<rule from="^http://fitnessconnect\.fitstudio\.com/(?=favicon\.ico|files/|misc/|sites/)"
+		to="https://fitstudio.ideafit.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Fitgirl-repacks.site.xml b/src/chrome/content/rules/Fitgirl-repacks.site.xml
new file mode 100644
index 000000000000..4e1a517e6234
--- /dev/null
+++ b/src/chrome/content/rules/Fitgirl-repacks.site.xml
@@ -0,0 +1,6 @@
+<ruleset name="Fitgirl-repacks.site">
+	<target host="fitgirl-repacks.site" />
+	<target host="www.fitgirl-repacks.site" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Fitness_Market.xml b/src/chrome/content/rules/Fitness_Market.xml
index 29f9009a73a0..4cab6288a524 100644
--- a/src/chrome/content/rules/Fitness_Market.xml
+++ b/src/chrome/content/rules/Fitness_Market.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(www\.)?fitnessmarket\.com\.au/(favicon\.ico|shop/(?:(?:antibot_)?image\.php|cart\.php\?mode=checkout|images/|skin/|var/))"
 		to="https://$1fitnessmarket.com.au/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Fitocracy.xml b/src/chrome/content/rules/Fitocracy.xml
new file mode 100644
index 000000000000..66b883cf936b
--- /dev/null
+++ b/src/chrome/content/rules/Fitocracy.xml
@@ -0,0 +1,18 @@
+<!--
+	Non-functional subdomain:
+		- blog			(refused)
+		- /knowledge		(redirect to http)
+-->
+<ruleset name="Fitocracy (partial)">
+	<target host="fitocracy.com" />
+	<target host="www.fitocracy.com" />
+
+	<securecookie host="^www\.fitocracy\.com$" name=".+" />
+
+	<exclusion pattern="^http://www.fitocracy.com/knowledge/" />
+
+		<test url="http://www.fitocracy.com/knowledge/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Fiuza.me.xml b/src/chrome/content/rules/Fiuza.me.xml
index 4cbd9f99a1f2..9d2094fd4e2d 100644
--- a/src/chrome/content/rules/Fiuza.me.xml
+++ b/src/chrome/content/rules/Fiuza.me.xml
@@ -1,9 +1,16 @@
-<ruleset name="fiuza.me">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://fiuza.me/ => https://fiuza.me/: (7, 'Failed to connect to fiuza.me port 443: Connection refused')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://fiuza.me/ => https://fiuza.me/: (60, 'SSL certificate problem: self signed certificate')
+-->
+<ruleset name="fiuza.me" default_off="failed ruleset test">
 
 	<target host="fiuza.me" />
 
 
-	<rule from="^http://fiuza\.me/"
-		to="https://fiuza.me/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/FiveBooks.com.xml b/src/chrome/content/rules/FiveBooks.com.xml
new file mode 100644
index 000000000000..7c973b698c28
--- /dev/null
+++ b/src/chrome/content/rules/FiveBooks.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="FiveBooks.com">
+	<target host="fivebooks.com" />
+	<target host="www.fivebooks.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/FiveTV.xml b/src/chrome/content/rules/FiveTV.xml
index 68f5392c2bec..7d66a07baea2 100644
--- a/src/chrome/content/rules/FiveTV.xml
+++ b/src/chrome/content/rules/FiveTV.xml
@@ -1,7 +1,52 @@
-<ruleset name="FiveTV" platform="mixedcontent">
-  <target host="*.five.tv" />
-  <target host="five.tv" />
+<!--
+	For other Channel 5 Broadcasting coverage, see Channel-5.xml.
+
+
+	Nonfunctional hosts in *five.tv:
+
+		- fwd *
+
+	* Refused
+
+
+	Problematic hosts in *five.tv:
+
+		- (www.)? ¹ ²
+		- about ¹
+		- demand ¹ ²
+		- oas ¹
+
+	¹ Mismatched
+	² Server sends no certificate chain, see https://whatsmychaincert.com
+
+
+	Mixed content:
+
+		- Images on about from wwwcdn.channel5.com *
+		- Bug on about from uk.sitestat.com *
+
+	* Secured by us
+
+-->
+<ruleset name="FiveTV (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<!--target host="five.tv" /-->
+	<!--target host="about.five.tv" /-->
+	<!--target host="competitions.channel5.com" /-->
+	<!--target host="demand.five.tv" /-->
+	<!--target host="www.five.tv" /-->
+
+	<!--	Complications:
+				-->
+	<target host="oas.five.tv" />
+
+
+	<rule from="^http://oas\.five\.tv/"
+		to="https://oasc07.247realmedia.com/"/>
+
+	<!--rule from="^http:"
+		to="https:" /-->
 
-  <rule from="^http://(?:www\.)?five\.tv/" to="https://www.five.tv/"/>
-  <rule from="^http://(about|demand|fwd|sso)\.five\.tv/" to="https://$1.five.tv/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/FixMyStreet.com.xml b/src/chrome/content/rules/FixMyStreet.com.xml
new file mode 100644
index 000000000000..f5bb4fe87e39
--- /dev/null
+++ b/src/chrome/content/rules/FixMyStreet.com.xml
@@ -0,0 +1,14 @@
+<!--
+	For other mySociety coverage, see MySociety.co.uk.xml.
+
+-->
+<ruleset name="FixMyStreet.com">
+
+	<target host="fixmystreet.com" />
+	<target host="www.fixmystreet.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/FixUnix.xml b/src/chrome/content/rules/FixUnix.xml
index d76b4cdb4f7a..d50f0b23317f 100644
--- a/src/chrome/content/rules/FixUnix.xml
+++ b/src/chrome/content/rules/FixUnix.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://c.fixunix.com/ => https://d2yvm6gxdmpjqc.cloudfront.net/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+
 	For other InfNX coverage, see InfNX.xml.
 
 
@@ -9,12 +13,10 @@
 			- c
 
 
-	Nonfunctional subdomains:
-
-		- (www.)	(http reply)
+	(www.)?fixunix.com: Plaintext reply
 
 -->
-<ruleset name="FixUnix (partial)">
+<ruleset name="FixUnix.com (partial)" default_off="failed ruleset test">
 
 	<target host="c.fixunix.com" />
 
@@ -22,4 +24,4 @@
 	<rule from="^http://c\.fixunix\.com/"
 		to="https://d2yvm6gxdmpjqc.cloudfront.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Fixer.io.xml b/src/chrome/content/rules/Fixer.io.xml
new file mode 100644
index 000000000000..9080f1b27fba
--- /dev/null
+++ b/src/chrome/content/rules/Fixer.io.xml
@@ -0,0 +1,19 @@
+<!--
+	Problematic domains:
+
+		- ^ ¹
+		- www ²
+
+	¹: Timeout
+	²: Bad CN in cert
+-->
+<ruleset name="Fixer.io (partial)">
+
+	<target host="api.fixer.io" />
+
+	<test url="http://api.fixer.io/latest?symbols=SEK" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/FixingTao.com.xml b/src/chrome/content/rules/FixingTao.com.xml
new file mode 100644
index 000000000000..729bd15a8cf3
--- /dev/null
+++ b/src/chrome/content/rules/FixingTao.com.xml
@@ -0,0 +1,13 @@
+<!--
+	Invalid certificate:
+		www.fixingtao.com (ERR_EMPTY_RESPONSE over http)
+
+-->
+<ruleset name="Fixing Tao.com">
+
+	<target host="fixingtao.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Fizy.com.xml b/src/chrome/content/rules/Fizy.com.xml
new file mode 100644
index 000000000000..96fb12e90cbb
--- /dev/null
+++ b/src/chrome/content/rules/Fizy.com.xml
@@ -0,0 +1,23 @@
+<!--
+	CDN buckets:
+		0.fizy-i.mncdn.com
+
+	Invalid certificate:
+		club.fizy.com
+		konser.fizy.com
+		music.fizy.com
+		ozel.fizy.com
+
+	Mixed content:
+		fizy.com/explore/ (Due to invalid mncdn.com certificate)
+ -->
+
+<ruleset name="fizy.com (partial)" platform="mixedcontent">
+	<target host="fizy.com" />
+
+	<securecookie host=".+" name="^_sid$" />
+	<securecookie host=".+" name="^_t$" />
+	<securecookie host=".+" name="^JSESSIONID$" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Flagrate.org.xml b/src/chrome/content/rules/Flagrate.org.xml
new file mode 100644
index 000000000000..e6704f6c5063
--- /dev/null
+++ b/src/chrome/content/rules/Flagrate.org.xml
@@ -0,0 +1,26 @@
+<!--
+	For other Webnium coverage, see Webnium.co.jp.xml.
+
+
+	www doesn't exist.
+
+
+	Mixed content:
+
+		- Web bug from ghbtns.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Flagrate.org">
+
+	<target host="flagrate.org" />
+
+
+	<securecookie host="^\.flagrate\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Flameeyes.xml b/src/chrome/content/rules/Flameeyes.xml
deleted file mode 100644
index 48d902ee0b16..000000000000
--- a/src/chrome/content/rules/Flameeyes.xml
+++ /dev/null
@@ -1,47 +0,0 @@
-<!--
-	Problematic subdomains:
-
-		- ^		(refused)
-
-
-	Fully covered subdomains:
-
-		- (www.)	(^ → www)
-		- blog
-
-
-	Mixed content:
-
-		- Ad on www from api.flattr.com *
-
-	* Secured by us
-
--->
-<ruleset name="Flameeyes">
-
-	<target host="flameeyes.eu" />
-	<target host="*.flameeyes.eu" />
-
-
-	<securecookie host="^blog\.flameeyes\.eu$" name=".+" />
-
-
-	<!--	Server drops args with path:
-						-->
-	<rule from="^http://flameeyes\.eu/+(?=[^?]+)(?:\?.*)?"
-		to="https://www.flameeyes.eu/" />
-
-	<!--	But not without:
-					-->
-	<rule from="^http://flameeyes\.eu/+(?=\?.+)"
-		to="https://www.flameeyes.eu/" />
-
-	<!--	And drops singular ?:
-					-->
-	<rule from="^http://flameeyes\.eu/+\?$"
-		to="https://www.flameeyes.eu/" />
-
-	<rule from="^http://(blog|www)\.flameeyes\.eu/"
-		to="https://$1.flameeyes.eu/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/FlamingSpork.com.xml b/src/chrome/content/rules/FlamingSpork.com.xml
new file mode 100644
index 000000000000..f8398187ce22
--- /dev/null
+++ b/src/chrome/content/rules/FlamingSpork.com.xml
@@ -0,0 +1,41 @@
+<!--
+	Problematic subdomains:
+
+		- bugzilla *
+
+	* [^/?]+ doesn't redirect; mismatched, CN: www.flamingspork.com
+
+-->
+<ruleset name="FlamingSpork.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="flamingspork.com" />
+	<target host="www.flamingspork.com" />
+
+	<!--	Complications:
+				-->
+	<target host="bugzilla.flamingspork.com" />
+
+		<exclusion pattern="^http://bugzilla\.flamingspork\.com/+(?!$|\?)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://bugzilla.flamingspork.com/home" />
+			<test url="http://bugzilla.flamingspork.com/home.asp" />
+			<test url="http://bugzilla.flamingspork.com/home.aspx" />
+			<test url="http://bugzilla.flamingspork.com/home.htm" />
+			<test url="http://bugzilla.flamingspork.com/home.php" />
+
+
+	<!--	Redirect drops args:
+					-->
+	<rule from="^http://bugzilla\.flamingspork\.com/.*"
+		to="https://bugs.launchpad.net/memberdb" />
+
+		<test url="http://bugzilla.flamingspork.com/?" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Flappening.watch.xml b/src/chrome/content/rules/Flappening.watch.xml
new file mode 100644
index 000000000000..0f168ce7bfe3
--- /dev/null
+++ b/src/chrome/content/rules/Flappening.watch.xml
@@ -0,0 +1,9 @@
+<ruleset name="Flappening.watch">
+
+	<target host="flappening.watch" />
+	<target host="www.flappening.watch" />
+	<target host="cpanel.flappening.watch" />
+	<target host="mail.flappening.watch" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Flash-mp3-player.net.xml b/src/chrome/content/rules/Flash-mp3-player.net.xml
index 6ffb8127b0ab..c106abe9009a 100644
--- a/src/chrome/content/rules/Flash-mp3-player.net.xml
+++ b/src/chrome/content/rules/Flash-mp3-player.net.xml
@@ -1,9 +1,8 @@
-<ruleset name="flash-mp3-player.net (partial)" default_off="mismatch">
+<ruleset name="flash-mp3-player.net (partial)" default_off="mismatched">
 
 	<!--	Cert: 240plan.ovh.net	-->
 	<target host="flash-mp3-player.net" />
 
-	<rule from="^http://flash-mp3-player\.net/"
-		to="https://flash-mp3-player.net/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Flashback.org.xml b/src/chrome/content/rules/Flashback.org.xml
deleted file mode 100644
index eea1e91d0e02..000000000000
--- a/src/chrome/content/rules/Flashback.org.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<!-- already enforces https. adding to prevent sslstrips on port 80 -->
-<ruleset name="Flashback.org">
-	<target host="flashback.org" />
-	<target host="www.flashback.org" />
-	<rule from="^http://flashback\.org/" to="https://www.flashback.org/"/>
-	<rule from="^http://www\.flashback\.org/" to="https://www.flashback.org/"/>
-</ruleset>
-
diff --git a/src/chrome/content/rules/Flashrom.xml b/src/chrome/content/rules/Flashrom.xml
index eba282a3bb74..6fb5e531e85f 100644
--- a/src/chrome/content/rules/Flashrom.xml
+++ b/src/chrome/content/rules/Flashrom.xml
@@ -1,14 +1,23 @@
-<ruleset name="flashrom" default_off="expired, mismatch" platform="cacert">
+<!--
+	Problematic hosts in *flashrom.org:
+
+		- buildbot ᵘ
+
+	ᵘ Untrusted root
+
+-->
+<ruleset name="flashrom.org (partial)">
 
-	<!--	Cert: www.coreboot.org	-->
 	<target host="flashrom.org" />
+	<target host="download.flashrom.org" />
+	<target host="paste.flashrom.org" />
 	<target host="www.flashrom.org" />
 
 
-	<securecookie host="^flashrom\.org$" name=".*" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?flashrom\.org/"
-		to="https://flashrom.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Flashtalking.xml b/src/chrome/content/rules/Flashtalking.xml
index 220a1018abbc..114425e7a8b1 100644
--- a/src/chrome/content/rules/Flashtalking.xml
+++ b/src/chrome/content/rules/Flashtalking.xml
@@ -6,23 +6,30 @@
 			- www.flashtalking.com
 
 
-	Nonfunctional domains:
+	Mixed content:
 
-		- flashtalking.com	(404; mismatched, CN: *.flashtalking.net)
-		- www.flashtalking.com	(404, akamai)
+		- css on www.flashtalking.com from ajax.googleapis.com *
+		- css on www.flashtalking.com from fonts.googleapis.com *
+
+	* Secured by us
 
 -->
 <ruleset name="Flashtalking (partial)">
 
+	<target host="flashtalking.com" />
+	<target host="cdn.flashtalking.com" />
 	<target host="servedby.flashtalking.com" />
 	<target host="flashtalking.net" />
 	<target host="www.flashtalking.net" />
 
 
-	<rule from="^http://servedby\.flashtalking\.com/"
-		to="https://servedby.flashtalking.com/" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.flashtalking\.com$" name="^flashtalkingad1$" /-->
+
+	<securecookie host="^\.flashtalking\.com$" name=".+" />
+
 
-	<rule from="^http://(www\.)?flashtalking\.net/"
-		to="https://$1flashtalking.net/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Flaska.net.xml b/src/chrome/content/rules/Flaska.net.xml
new file mode 100644
index 000000000000..6edbe9ff0da8
--- /dev/null
+++ b/src/chrome/content/rules/Flaska.net.xml
@@ -0,0 +1,43 @@
+<!--
+	Nonfunctional subdomains:
+
+		- jkt *
+
+	* Shows Scientific Linux test page
+
+
+	^: cert only matches *.flaska.net
+
+
+	Observed cookie domains:
+
+		- projects *
+
+	* Secured by us <= not secured by server
+
+
+	Mixed content:
+
+		- Images on trojita from images.sourceforge.net *
+
+	* Secured by us
+
+-->
+<ruleset name="Flaska.net (partial)" default_off="cert-chain">
+
+	<target host="*.flaska.net" />
+		<!--exclusion pattern="^http://jkt\.flaska\.net/" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<securecookie host="^projects\.flaska\.net$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?flaska\.net/"
+		to="https://www.flaska.net/" />
+
+	<rule from="^http://(projects|trojita)\.flaska\.net/"
+		to="https://$1.flaska.net/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/FlatKill.org.xml b/src/chrome/content/rules/FlatKill.org.xml
new file mode 100644
index 000000000000..e5bb278fc905
--- /dev/null
+++ b/src/chrome/content/rules/FlatKill.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="FlatKill.org">
+	<target host="flatkill.org" />
+	<target host="www.flatkill.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Flatline_Security.com.xml b/src/chrome/content/rules/Flatline_Security.com.xml
new file mode 100644
index 000000000000..66412f499ed3
--- /dev/null
+++ b/src/chrome/content/rules/Flatline_Security.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="Flatline Security.com">
+
+	<target host="flatlinesecurity.com" />
+	<target host="www.flatlinesecurity.com" />
+
+
+	<securecookie host="^\.flatlinesecurity\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Flattr.net.xml b/src/chrome/content/rules/Flattr.net.xml
new file mode 100644
index 000000000000..949d84eaf3ed
--- /dev/null
+++ b/src/chrome/content/rules/Flattr.net.xml
@@ -0,0 +1,51 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://static2.flattr.net/ => https://static2.flattr.net/: (51, "SSL: no alternative certificate subject name matches target host name 'static2.flattr.net'")
+Fetch error: http://static3.flattr.net/ => https://static3.flattr.net/: (51, "SSL: no alternative certificate subject name matches target host name 'static3.flattr.net'")
+Fetch error: http://static4.flattr.net/ => https://static4.flattr.net/: (51, "SSL: no alternative certificate subject name matches target host name 'static4.flattr.net'")
+
+	For other Flattr coverage, see Flattr.xml.
+
+
+	Nonfunctional hosts:
+
+		- blog.flattr.net ¹
+		- developers.flattr.net ²
+
+	¹ Refused
+	² 500
+
+
+	Problematic hosts:
+
+		- (www.)?flattr.net ¹
+
+	¹ Mismatched
+
+-->
+<ruleset name="Flattr.net (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="static.flattr.net" />
+	<target host="static2.flattr.net" />
+	<target host="static3.flattr.net" />
+	<target host="static4.flattr.net" />
+
+	<!--	Complications:
+				-->
+	<target host="flattr.net" />
+	<target host="www.flattr.net" />
+
+
+	<!--	Redirect keeps forward
+		slash, path and args:
+				-->
+	<rule from="^http://(?:www\.)?flattr\.net/"
+		to="https://flattr.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Flattr.xml b/src/chrome/content/rules/Flattr.xml
index 3bec7dea3a6b..f8f669342e0c 100644
--- a/src/chrome/content/rules/Flattr.xml
+++ b/src/chrome/content/rules/Flattr.xml
@@ -1,4 +1,9 @@
 <!--
+	Other Flattr rulesets:
+
+		- Flattr.net.xml
+
+
 	Nonfunctional subdomains:
 
 		- blog *
@@ -6,13 +11,28 @@
 
 	* Refused
 
+
+	Insecure cookies are set for these domains:
+
+		- .flattr.com
+
 -->
-<ruleset name="Flattr">
-  <target host="*.flattr.com" />
+<ruleset name="Flattr.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
   <target host="flattr.com" />
+	<target host="api.flattr.com" />
+	<target host="button.flattr.com" />
+	<target host="www.flattr.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.flattr\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host=".+" name=".+" />
 
-	<securecookie host="^(.*\.)?flattr\.com$" name=".*"/>
 
-  <rule from="^http://(?:www\.)?flattr\.com/" to="https://flattr.com/" />
-  <rule from="^http://api\.flattr\.com/" to="https://api.flattr.com/" />
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Flavors.me.xml b/src/chrome/content/rules/Flavors.me.xml
deleted file mode 100644
index b46b784eca70..000000000000
--- a/src/chrome/content/rules/Flavors.me.xml
+++ /dev/null
@@ -1,33 +0,0 @@
-<!--
-	Most of help.flavors.me is handled in ENTP-clients.xml.
-
-
-	CDN buckets:
-
-	- d1c4j9e82wzmkz.cloudfront.net
-	- d1y65ifo1occf8.cloudfront.net/f2300b6/
-	- flavors-production-backgrounds.s3.amazonaws.com
-		- Equivalent to dygz78ls5cy51.cloudfront.net
-	- flavors-production-profile-images.s3.amazonaws.com
-		- Equivalent to dgxx4eluoh5w5.cloudfront.net
-
-
-	Nonfunctional subdomains:
-
-		- blog	(hosted on Tumblr)
-
--->
-<ruleset name="Flavors.me">
-
-	<target host="flavors.me" />
-	<target host="*.flavors.me" />
-
-
-	<rule from="^http://((?:de|es|fr|jp|n[lo]|pt|ru|sv|www)\.)?flavors\.me/"
-		to="https://$1flavors.me/" />
-
-	<rule from="^https?://help\.flavors\.me/(help|pkg|stylesheets)/"
-		to="https://asset-2.tenderapp.com/$1/" />
-
-
-</ruleset>
diff --git a/src/chrome/content/rules/Fleet_Networks.xml b/src/chrome/content/rules/Fleet_Networks.xml
deleted file mode 100644
index da1901daba89..000000000000
--- a/src/chrome/content/rules/Fleet_Networks.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)	(shows cent-virt-1-web.stabilityhosting.com, mismatched)
-
-
-	Problematic subdomains:
-
-		- www.hosting	(cert only matches ^hosting)
-
-
-	Some pages redirect to http
-
--->
-<ruleset name="Fleet Networks (partial)">
-
-	<target host="hosting.fleetnetworks.net" />
-
-
-	<rule from="^http://(?:www\.)?hosting\.fleetnetworks\.net/csa/((?:clientarea|register)\.php|images/|includes/|templates/)"
-		to="https://hosting.fleetnetworks.net/csa/$1" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Flex_Investments.xml b/src/chrome/content/rules/Flex_Investments.xml
deleted file mode 100644
index 0a3d0e576023..000000000000
--- a/src/chrome/content/rules/Flex_Investments.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Flex Investments">
-
-	<target host="flexinvestments.net" />
-	<target host="*.flexinvestments.net" />
-
-
-	<securecookie host="^(?:w*\.)?flexinvestments\.net$" name=".+" />
-
-
-	<rule from="^http://(www\.)?flexinvestments\.net/"
-		to="https://$1flexinvestments.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Flexport.com.xml b/src/chrome/content/rules/Flexport.com.xml
new file mode 100644
index 000000000000..1a0b0661343b
--- /dev/null
+++ b/src/chrome/content/rules/Flexport.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="Flexport.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="flexport.com" />
+	<target host="learn.flexport.com" />
+	<target host="www.flexport.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Flexyourrights.org.xml b/src/chrome/content/rules/Flexyourrights.org.xml
new file mode 100644
index 000000000000..b4a6a4c77fe1
--- /dev/null
+++ b/src/chrome/content/rules/Flexyourrights.org.xml
@@ -0,0 +1,6 @@
+<ruleset name="Flexyourrights.org">
+	<target host="flexyourrights.org" />
+	<target host="www.flexyourrights.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Flic.kr.xml b/src/chrome/content/rules/Flic.kr.xml
new file mode 100644
index 000000000000..89103a7fd446
--- /dev/null
+++ b/src/chrome/content/rules/Flic.kr.xml
@@ -0,0 +1,27 @@
+<!--
+	For other Yahoo coverage, see Yahoo.xml.
+
+
+	Insecure cookies are set for these domains:
+
+		- .flic.kr
+
+-->
+<ruleset name="Flic.kr">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="flic.kr" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.flic\.kr$" name="^BX$" /-->
+
+	<securecookie host="^\.flic\.kr$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Flickr.net.xml b/src/chrome/content/rules/Flickr.net.xml
new file mode 100644
index 000000000000..0a6dce3c1375
--- /dev/null
+++ b/src/chrome/content/rules/Flickr.net.xml
@@ -0,0 +1,27 @@
+<!--
+	For other Yahoo coverage, see Yahoo.xml.
+
+
+	Timeout on (www.)
+
+
+	Insecure cookies are set for these domains:
+
+		- blog.flickr.net
+
+-->
+<ruleset name="Flickr.net">
+
+	<target host="blog.flickr.net" />
+	<target host="code.flickr.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^blog\.flickr\.net$" name="^cookie_l10n$" /-->
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Flickr.xml b/src/chrome/content/rules/Flickr.xml
index cb9307756e1f..d8b24b348aa1 100644
--- a/src/chrome/content/rules/Flickr.xml
+++ b/src/chrome/content/rules/Flickr.xml
@@ -1,52 +1,84 @@
 <!--
 	For other Yahoo coverage, see Yahoo.xml.
 
+	Different content HTTP/HTTPS:
+		amt.flickr.com
+		auto-up.flickr.com
+		bup.flickr.com
+		up.flickr.com
 
-	Problematic domains:
+	Invalid certificate:
+		rw.api.flickr.com
+		code.flickr.com (expired)
+		hv-static.flickr.com
+		\d.hv-static.flickr.com
+		images.flickr.com (broken chain)
+		photos\d.flickr.com
+		search.flickr.com (broken chain)
 
-		- flickr.com subdomains:
+	No working URL known:
+		appletv.flickr.com
+		heartbeat.flickr.com
 
-			- ^
-			- api
-			- code
+	Time out:
+		blog.flickr.com
 
-		- blog.flickr.net *
-		- code.flickr.net *	
+	Insecure cookies are set for these domains and hosts: ᶜ
 
-	* Mismatched, handled in WordPress-blogs.xml
-
--->
-<ruleset name="Flickr (partial)">
-
-	<target host="flic.kr" />
-	<target host="flickr.com" />
-	<target host="*.flickr.com" />
-		<exclusion pattern="^http://api\.flickr.com/(?!services/)" />
-	<target host="*.staticflickr.com" />
-
-
-	<securecookie host=".*\.flickr\.com$" name=".+" />
+		- .flickr.com
+		- www.flickr.com
 
+	Note: current_identity (.flickr.com) is read
+	via script and so cannot be secured.
 
-	<rule from="^http://flic\.kr/f/"
-		to="https://www.flickr.com/short_urls.gne?favorites=" />
+		https://github.com/EFForg/https-everywhere/issues/239
 
-	<rule from="^http://flic\.kr/p/"
-		to="https://www.flickr.com/photo.gne?short=" />
+	other cookies also seem to need excluding. securecookie
+	requires work from someone with a Flickr account.
 
-	<rule from="^http://flic\.kr/ps/"
-		to="https://www.flickr.com/short_urls.gne?photostream=" />
+		https://github.com/EFForg/https-everywhere/issues/728
 
-	<rule from="^http://flic\.kr/s/"
-		to="https://www.flickr.com/short_urls.gne?photoset=" />
-
-	<rule from="^http://(?:api\.|www\.)?flickr\.com/"
-		to="https://www.flickr.com/" />
-
-	<rule from="^http://s(ecure|tatic)\.flickr\.com/"
-		to="https://s$1.flickr.com/" />
-
-	<rule from="^http://farm(\d+)\.static(\.)?flickr\.com/"
-		to="https://farm$1.static$2flickr.com/" />
+-->
+<ruleset name="Flickr.com">
 
-</ruleset>
\ No newline at end of file
+	<target host="flickr.com" />
+	<target host="www.flickr.com" />
+	<target host="api.flickr.com" />
+		<test url="http://api.flickr.com/services/rest/" />
+		<exclusion pattern="^http://api\.flickr\.com/$" /><!-- 404 -->
+	<target host="blog.flickr.com" />
+	<target host="embedr.flickr.com" />
+	<target host="m.flickr.com" />
+	<target host="secure.flickr.com" />
+	<target host="static.flickr.com" />
+	<target host="*.static.flickr.com" />
+		<test url="http://farm1.static.flickr.com/" />
+		<test url="http://farm2.static.flickr.com/" />
+		<test url="http://farm3.static.flickr.com/" />
+		<test url="http://farm4.static.flickr.com/" />
+		<test url="http://farm5.static.flickr.com/" />
+		<test url="http://farm6.static.flickr.com/" />
+		<test url="http://farm7.static.flickr.com/" />
+		<test url="http://farm8.static.flickr.com/" />
+		<test url="http://farm9.static.flickr.com/" />
+	<target host="widgets.flickr.com" />
+
+
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.flickr\.com$" name="^(BX|admsort|cookie_session|current_identity|density|ffs|fldetectedlang|flrb|flrbcr|flrbgdrp|flrbgmrp|flrbgrp|flrbp|flrbs|fltoto|just_registered|localization|memsort|modsort|photoPHS|photoPWS|vp|xb)$" /-->
+	<!--securecookie host="^www\.flickr\.com$" name="^(liqph|liqpw|ywandp)" /-->
+
+	<!-- https://github.com/EFForg/https-everywhere/issues/728
+	<securecookie host=".*\.flickr\.com$" name="^(?!current_identity$).+" />-->
+
+
+	<rule from="^http://blog\.flickr\.com/"
+		to="https://blog.flickr.net/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Flightaware.xml b/src/chrome/content/rules/Flightaware.xml
index 9828e5e04a6c..5edbf0bd9182 100644
--- a/src/chrome/content/rules/Flightaware.xml
+++ b/src/chrome/content/rules/Flightaware.xml
@@ -1,9 +1,65 @@
-<ruleset name="Flightaware">
-    <target host="flightaware.com" />
-    <target host="*.flightaware.com" />
-
-    <rule from="^https?://flightaware\.com/"
-        to="https://flightaware.com/" />
-    <rule from="^http://([A-Za-z][A-Za-z])?\.flightaware\.com/"
-        to="https://$1.flightaware.com/" />
+<!--
+	Nonfunctional hosts in *flightaware.com:
+
+		- embed ⁴
+
+	⁴ 404
+
+
+	Insecure cookies are set for these domains: ᶜ
+
+		- .flightaware.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="FlightAware.com (partial)">
+
+	<target host="flightaware.com" />
+	<target host="*.flightaware.com" />
+
+		<exclusion pattern="^(?!http://((?:[a-z][a-z]|discussions|origin|photos|www)\.)?flightaware\.com/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://embed.flightaware.com/" />
+			<test url="http://embed.flightaware.com/live/airport/EGSS" />
+			<test url="http://embed.flightaware.com/live/airport/KLAX" />
+			<test url="http://embed.flightaware.com/live/airport/KLGA/" />
+			<test url="http://embed.flightaware.com/live/airport/KSLC" />
+			<test url="http://embed.flightaware.com/live/airport/VIDP" />
+			<test url="http://embed.flightaware.com/squawks/link/1/24_hours/new/54407/Aircraft_Incident_Isles_de_Madeleine_Quebec" />
+
+		<test url="http://ar.flightaware.com/" />
+		<test url="http://de.flightaware.com/" />
+		<test url="http://discussions.flightaware.com/" />
+		<test url="http://es.flightaware.com/" />
+		<test url="http://fr.flightaware.com/" />
+		<test url="http://he.flightaware.com/" />
+		<test url="http://it.flightaware.com/" />
+		<test url="http://ja.flightaware.com/" />
+		<test url="http://ko.flightaware.com/" />
+		<test url="http://nl.flightaware.com/" />
+		<test url="http://origin.flightaware.com/" />
+		<test url="http://photos.flightaware.com/photos/retriever/6f1d0e0d2a15978b8ce249c457f1a4f371d42e81" />
+		<test url="http://pt.flightaware.com/" />
+		<test url="http://ru.flightaware.com/" />
+		<test url="http://sv.flightaware.com/" />
+		<test url="http://tr.flightaware.com/" />
+		<test url="http://uk.flightaware.com/" />
+		<test url="http://www.flightaware.com/" />
+		<test url="http://zh.flightaware.com/" />
+
+
+	<!--	Not seured by server:
+					-->
+	<!--securecookie host="^\.flightaware\.com$" name="^phpbb3_\w+_(?:k|sid|u)$" /-->
+
+	<securecookie host="^\." name="^(?:__qca$|phpbb3_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/Flightglobal-mismatches.xml b/src/chrome/content/rules/Flightglobal-mismatches.xml
index 7c1d3068dd59..c1d042774798 100644
--- a/src/chrome/content/rules/Flightglobal-mismatches.xml
+++ b/src/chrome/content/rules/Flightglobal-mismatches.xml
@@ -2,14 +2,12 @@
 	For rules that are on by default, see Flightloader.xml.
 
 -->
-<ruleset name="Flightglobal (mismatches)" default_off="mismatch">
+<ruleset name="Flightglobal (mismatches)" default_off="mismatched">
 
 	<!--	Cert: secure.mediastorehouse.com	-->
-	<target host="flightglobalimages.com" />
 	<target host="www.flightglobalimages.com" />
 
 	<!--	!www times out.		-->
-	<rule from="^http://(?:www\.)flightglobalimages\.com/"
-		to="https://www.flightglobalimages.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Flightglobal.xml b/src/chrome/content/rules/Flightglobal.xml
index 0fb999029fac..118e78816aa4 100644
--- a/src/chrome/content/rules/Flightglobal.xml
+++ b/src/chrome/content/rules/Flightglobal.xml
@@ -5,7 +5,8 @@
 <ruleset name="Flightglobal (partial)" platform="mixedcontent">
 
 	<target host="flightglobal.com" />
-	<target host="*.flightglobal.com" />
+	<target host="www.flightglobal.com" />
+	<target host="pro.flightglobal.com" />
 	<target host="flightglobalshop.com" />
 	<target host="www.flightglobalshop.com" />
 
@@ -15,7 +16,7 @@
 			- pro
 			- www
 				-->
-	<securecookie host="^.*\.flightglobal\.com$" name=".*" />
+	<securecookie host="^.*\.flightglobal\.com$" name=".+" />
 
 	<!--	!www doesn't work.	-->
 	<rule from="^http://(?:www\.)?flightglobal\.com/"
diff --git a/src/chrome/content/rules/Flinq.de.xml b/src/chrome/content/rules/Flinq.de.xml
deleted file mode 100644
index dc97b9900b8e..000000000000
--- a/src/chrome/content/rules/Flinq.de.xml
+++ /dev/null
@@ -1,5 +0,0 @@
-<ruleset name="Flinq.de (redirects)" default_off="redirect loops">
-<target host="www.flinq.de"/>
-<rule from="^http://(www\.)?flinq\.de/" to="https://www.flinq.de/"/>
-</ruleset>
- 
diff --git a/src/chrome/content/rules/Flinto.com.xml b/src/chrome/content/rules/Flinto.com.xml
index bc523d986d48..351b663f3d52 100644
--- a/src/chrome/content/rules/Flinto.com.xml
+++ b/src/chrome/content/rules/Flinto.com.xml
@@ -10,7 +10,7 @@
 
 	Problematic subdomains:
 
-		- ^	(dropped)
+		- ^	(refused)
 		- blog	(cloudfront)
 
 
@@ -27,7 +27,8 @@
 <ruleset name="Flinto.com (partial)">
 
 	<target host="flinto.com" />
-	<target host="*.flinto.com" />
+	<target host="www.flinto.com" />
+	<target host="blog.flinto.com" />
 		<!--
 			Avoid user-visible paths:
 							-->
@@ -43,4 +44,4 @@
 	<rule from="^http://blog\.flinto\.com/"
 		to="https://d2xxitgvta5ie.cloudfront.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Flipagram.com.xml b/src/chrome/content/rules/Flipagram.com.xml
new file mode 100644
index 000000000000..f0ba7c8f1b87
--- /dev/null
+++ b/src/chrome/content/rules/Flipagram.com.xml
@@ -0,0 +1,31 @@
+<!--
+	Fully covered hosts:
+
+		- (www.)?
+
+
+	Insecure cookies are set for these hosts:
+
+		- flipagram.com
+		- www.flipagram.com
+
+-->
+<ruleset name="Flipagram.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="flipagram.com" />
+	<target host="www.flipagram.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?flipagram\.com$" name="^(_cs|[\da-f]{32})$" /-->
+
+	<securecookie host="^(?:www\.)?flipagram\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Flipboard.xml b/src/chrome/content/rules/Flipboard.xml
index 473051c4e813..c9034bd79af3 100644
--- a/src/chrome/content/rules/Flipboard.xml
+++ b/src/chrome/content/rules/Flipboard.xml
@@ -4,20 +4,44 @@
 		- d2jsycj2ly2vqh.cloudfront.net
 
 
-	Nonfunctional subdomains:
+	Fully covered subdomains:
 
-		- (www.)	(times out)
+		- (www.)
+		- accounts
+		- cdn
+		- editor
+		- s
+		- share
+
+
+	Insecure cookies are set for these hosts:
+
+		- flipboard.com
+		- accounts.flipboard.com
+		- editor.flipboard.com
 
 -->
-<ruleset name="Flipboard (partial)">
+<ruleset name="Flipboard.com (partial)">
+
+	<target host="flipboard.com" />
+	<target host="accounts.flipboard.com" />
+	<target host="cdn.flipboard.com" />
+	<target host="editor.flipboard.com" />
+	<target host="share.flipboard.com" />
+	<target host="s.flipboard.com" />
+	<target host="www.flipboard.com" />
 
-	<target host="*.flipboard.com" />
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^flipboard\.com$" name="^_csrfKey$" /-->
+	<!--securecookie host="^accounts\.flipboard\.com$" name="^(_csrfKey|cc)$" /-->
+	<!--securecookie host="^editor\.flipboard\.com$" name="^_csrfKey$" /-->
 
-	<securecookie host="^editor\.flipboard\.com$" name=".+" />
+	<securecookie host="^(?:accounts|editor)\.flipboard\.com$" name=".+" />
 
 
-	<rule from="^http://(editor|share)\.flipboard\.com/"
-		to="https://$1.flipboard.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Flipkart.com.xml b/src/chrome/content/rules/Flipkart.com.xml
new file mode 100644
index 000000000000..dcea9338c57a
--- /dev/null
+++ b/src/chrome/content/rules/Flipkart.com.xml
@@ -0,0 +1,34 @@
+<!--
+	Nonfunctional subdomains:
+
+		- img[2-9].flipkart.com (m)
+
+	m: mismatch
+-->
+<ruleset name="Flipkart.com">
+	<target host="flipkart.com" />
+	<target host="www.flipkart.com" />
+	<target host="adp.flipkart.com" />
+	<target host="ads.flipkart.com" />
+	<target host="affiliate.flipkart.com" />
+	<target host="beta-seller.flipkart.com" />
+	<target host="dl.flipkart.com" />
+	<target host="flit.flipkart.com" />
+	<target host="img1a.flixcart.com" />
+	<target host="maps.flipkart.com" />
+	<target host="rukminim1.flixcart.com" />
+	<target host="seller.flipkart.com" />
+	<target host="sellers.flipkart.com" />
+	<target host="sentry.flipkart.com" />
+	<target host="axis.store.flipkart.com" />
+	<target host="itzcash.store.flipkart.com" />
+	<target host="offers.store.flipkart.com" />
+	<target host="yahoo.store.flipkart.com" />
+	<target host="stories.flipkart.com" />
+
+	<test url="http://rukminim1.flixcart.com/www/716/234/promos/07/08/2017/d6052723-1c2b-45cc-94dc-5e87f7c7489b.png" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Flippa.xml b/src/chrome/content/rules/Flippa.xml
index a36cc3d26a3c..fa644b61a449 100644
--- a/src/chrome/content/rules/Flippa.xml
+++ b/src/chrome/content/rules/Flippa.xml
@@ -3,22 +3,18 @@
 
 		- d2v0xkmuwm96du.cloudfront.net
 
-
-	Problematic subdomains:
-
-		- www	(cert only matches ^flippa.com)
-
 -->
-<ruleset name="Flippa">
+<ruleset name="Flippa.com">
 
 	<target host="flippa.com" />
+	<target host="dealflow.flippa.com" />
 	<target host="www.flippa.com" />
 
 
 	<securecookie host="^flippa\.com$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?flippa\.com/"
-		to="https://flippa.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Flite.xml b/src/chrome/content/rules/Flite.xml
deleted file mode 100644
index a87b0ab93da2..000000000000
--- a/src/chrome/content/rules/Flite.xml
+++ /dev/null
@@ -1,54 +0,0 @@
-<!--
-	Other Flite rulesets:
-
-		- Widgetbox.com.xml
-
-
-	CDN buckets:
-
-		- awseb-flite-home-219083002.us-east-1.elb.amazonaws.com/...
-			- www.flite.com
-
-		- s3-website-us-east-1.amazonaws.com/...
-			- e.flite.com
-
-
-	Nonfunctional subdomains:
-
-		- ^
-		- e
-		- www
-
-
-	Partially covered domains:
-
-		- press		(CN: *.squarespace.com; at least some pages redirect to http)
-
-
-	Fully covered domains:
-
-		- console
-		- p		(ads)
-		- r		(web bugs)
-		- s
-		- t
-
--->
-<ruleset name="Flite (partial)">
-
-	<target host="*.flite.com" />
-
-
-	<!--	Tracking cookie:
-					-->
-	<securecookie host="^\.flite\.com$" name="^__uuc2$" />
-	<securecookie host="^console\.flite\.com$" name=".+" />
-
-
-	<rule from="^http://(console|[prst])\.flite\.com/"
-		to="https://$1.flite.com/" />
-
-	<rule from="^http://press\.flite\.com/(display/|favicon\.ico|layout/|storage/|universal/)"
-		to="https://pressflite.squarespace.com/$1" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Flitto.com.xml b/src/chrome/content/rules/Flitto.com.xml
new file mode 100644
index 000000000000..b24b3c09294b
--- /dev/null
+++ b/src/chrome/content/rules/Flitto.com.xml
@@ -0,0 +1,20 @@
+<!--
+	!www: http reply
+
+-->
+<ruleset name="Flitto.com">
+
+	<target host="flitto.com" />
+	<target host="www.flitto.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.flitto\.com$" name="^(connect\.sid|lang_id)$" /-->
+
+	<securecookie host="^www\.flitto\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/FlixBus.xml b/src/chrome/content/rules/FlixBus.xml
new file mode 100644
index 000000000000..905bbe2d94e4
--- /dev/null
+++ b/src/chrome/content/rules/FlixBus.xml
@@ -0,0 +1,37 @@
+<ruleset name="FlixBus">
+	<target host=     "flixbus.de" />
+	<target host= "www.flixbus.de" />
+	<target host="shop.flixbus.de" />
+	<target host=     "flixbus.com" />
+	<target host= "www.flixbus.com" />
+	<target host="shop.flixbus.com" />
+	<target host=     "flixbus.at" />
+	<target host= "www.flixbus.at" />
+	<target host="shop.flixbus.at" />
+	<target host=     "flixbus.be" />
+	<target host= "www.flixbus.be" />
+	<target host="shop.flixbus.be" />
+	<target host=     "flixbus.cz" />
+	<target host= "www.flixbus.cz" />
+	<target host="shop.flixbus.cz" />
+	<target host=     "flixbus.dk" />
+	<target host= "www.flixbus.dk" />
+	<target host="shop.flixbus.dk" />
+	<target host=     "flixbus.fr" />
+	<target host= "www.flixbus.fr" />
+	<target host="shop.flixbus.fr" />
+	<target host=     "flixbus.it" />
+	<target host= "www.flixbus.it" />
+	<target host="shop.flixbus.it" />
+	<target host=     "flixbus.nl" />
+	<target host= "www.flixbus.nl" />
+	<target host="shop.flixbus.nl" />
+	<target host=     "flixbus.se" />
+	<target host= "www.flixbus.se" />
+	<target host="shop.flixbus.se" />
+
+  	<securecookie host="^.*\.flixbus\..*$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/FlixDen.xml b/src/chrome/content/rules/FlixDen.xml
index d017f1387cf1..0eb4e81109a0 100644
--- a/src/chrome/content/rules/FlixDen.xml
+++ b/src/chrome/content/rules/FlixDen.xml
@@ -1,4 +1,11 @@
-<ruleset name="FlixDen">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://flixden.com/ => https://flixden.com/: (51, "SSL: no alternative certificate subject name matches target host name 'flixden.com'")
+Fetch error: http://www.flixden.com/ => https://www.flixden.com/: (6, 'Could not resolve host: www.flixden.com')
+
+-->
+<ruleset name="FlixDen" default_off="failed ruleset test">
 
 	<target host="flixden.com" />
 	<target host="www.flixden.com" />
@@ -7,7 +14,6 @@
 	<securecookie host="^(?:www\.)?flixden\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?flixden\.com/"
-		to="https://$1flixden.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Flixster.xml b/src/chrome/content/rules/Flixster.xml
index 99866482686a..2334da3fbd2c 100644
--- a/src/chrome/content/rules/Flixster.xml
+++ b/src/chrome/content/rules/Flixster.xml
@@ -1,62 +1,120 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://community.flixster.com/ => https://community.flixster.com/: (6, 'Could not resolve host: community.flixster.com')
+Fetch error: http://static.flixstercdn.com/ => https://static.flixstercdn.com/: (51, "SSL: no alternative certificate subject name matches target host name 'static.flixstercdn.com'")
+
 	CDN buckets:
 
+		- s3.amazonaws.com/flx-content-prod/
+		- s3-us-west-2.amazonaws.com/flx-editorial-wordpress/
 		- content[89].flixster.com.cdngc.net
+		- d13ep5guamtyyh.cloudfront.net
+		- d24r6fwyxzsri1.cloudfront.net
 
 		- flixster-001.inscname.net
 
 			- instart[0-3]
 
 
+	Nonfunctional hosts in *flixster.com:
+
+		- careers *
+
+	* No supported ciphers
+
+
 	Problematic domains:
 
 		- content[89].flixster.com	(403; mismatched, CN: ssl2.cdngc.net)
 		- instart[0-3].flixster.com	(504; mismatched, CN: ssl001.insnw.net)
+		- support.dcplus.flixster.com	(Parature / mismatched)
+		- support.ultraviolet.flixster.com	(Parature / mismatched)
+
 
+	These altnames do not exist:
 
-	Partially covered domains:
+		- www.de.flixster.com
 
-		- (www.)flixster.com	(some pages redirect to http)
 
+	Insecure cookies are set for these domains and hosts: ᶜ
 
-	Fully covered domains:
+		- .flixster.com
+		- admin.flixster.com
+		- de.flixster.com
+		- se.flixster.com
+		- support.ultraviolet.flixster.com
+		- video.flixster.com
+		- www.flixster.com
 
-		- flixster.com subdomains:
+	ᶜ See https://owasp.org/index.php/SecureFlag
 
-			- community
-			- content[67]
-			- content8	(→ content6)
-			- content9	(→ content7)
-			- instart[02]	(→ content6)
-			- instart[13]	(→ content7)
 
-		- static.flixstercdn.com
+	Mixed content:
+
+		- Images, on:
+
+			- support.ultraviolet from $self
+			- support.ultraviolet from d1.parature.com
+			- www from d18i5l0cp5i5h1.cloudfront.net ˢ
+			- www from resizing.flixster.com ˢ
+
+		- Bugs, on:
+
+			- www from warnerbros.112.2o7.net ˢ
+			- www from b.scorecardresearch.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="Flixster (partial)">
+<ruleset name="Flixster (partial)" default_off="failed ruleset test">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="flixster.com" />
-	<target host="*.flixster.com" />
-		<!--
-			Redirect to http:
-						-->
-		<exclusion pattern="^http://(?:www\.)?flixster\.com/(?!docs/|favicon\.ico|(?:login|register)(?:$|[?/])|login-gate/|register-frame/|site/)" />
+	<target host="admin.flixster.com" />
+	<target host="community.flixster.com" />
+	<target host="content6.flixster.com" />
+	<target host="content7.flixster.com" />
+	<target host="de.flixster.com" />
+	<target host="resizing.flixster.com" />
+	<target host="se.flixster.com" />
+	<target host="redeem.flixster.com" />
+	<target host="static6.flixster.com" />
+	<target host="video.flixster.com" />
+	<target host="www.flixster.com" />
+
 	<target host="static.flixstercdn.com" />
 
+	<!--	Complications:
+				-->
+	<target host="content8.flixster.com" />
+	<target host="content9.flixster.com" />
+	<target host="instart0.flixster.com" />
+	<target host="instart1.flixster.com" />
+	<target host="instart2.flixster.com" />
+	<target host="instart3.flixster.com" />
+
 
-	<securecookie host="^community\.flixster\.com$" name=".+" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.flixster\.com$" name="^(?:country|language|login_notice|prev_lang)$" /-->
+	<!--securecookie host="^admin\.flixster\.com$" name="^JSESSIONID$" /-->
+	<!--securecookie host="^(?:de|se|video)\.flixster\.com$" name="^_Web_session$" /-->
+	<!--securecookie host="^support\.ultraviolet\.flixster\.com$" name="^(FM_PERSIST|ParaturePortalSessionID|newMetricsView)$" /-->
+	<!--securecookie host="^www\.flixster\.com$" name="^ServerID$" /-->
 
+	<securecookie host="^\." name="^(?:__qca$|s_v)" />
+	<securecookie host="^\w" name=".+" />
 
-	<rule from="^http://(community\.|www\.)?flixster\.com/"
-		to="https://$1flixster.com/" />
 
-	<rule from="^http://(?:instart[02]|content[68])\.flixster\.com/"
+	<rule from="^http://(?:instart[02]|content8)\.flixster\.com/"
 		to="https://content6.flixster.com/" />
 
-	<rule from="^http://(?:content[79]|instart[13])\.flixster\.com/"
+	<rule from="^http://(?:content9|instart[13])\.flixster\.com/"
 		to="https://content7.flixster.com/" />
 
-	<rule from="^http://static\.flixstercdn\.com/"
-		to="https://static.flixstercdn.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Floating_Hospital.org.xml b/src/chrome/content/rules/Floating_Hospital.org.xml
new file mode 100644
index 000000000000..c438bd3ebfe7
--- /dev/null
+++ b/src/chrome/content/rules/Floating_Hospital.org.xml
@@ -0,0 +1,24 @@
+<!--
+	For other Tufts University coverage, see Tufts.edu.xml.
+
+
+	^: mismatched
+
+-->
+<ruleset name="Floating Hospital.org">
+
+	<target host="floatinghospital.org" />
+	<target host="www.floatinghospital.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.floatinghospital\.org$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^www\.floatinghospital\.org$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?floatinghospital\.org/"
+		to="https://www.floatinghospital.org/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Flocabulary.com.xml b/src/chrome/content/rules/Flocabulary.com.xml
new file mode 100644
index 000000000000..191c17cfead5
--- /dev/null
+++ b/src/chrome/content/rules/Flocabulary.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- www.flocabulary.com
+
+-->
+<ruleset name="Flocabulary.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="flocabulary.com" />
+	<target host="static.flocabulary.com" />
+	<target host="www.flocabulary.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.flocabulary\.com$" name="^(csrftoken|sessionid)$" /-->
+
+	<securecookie host="^www\.flocabulary\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Flockport.com.xml b/src/chrome/content/rules/Flockport.com.xml
new file mode 100644
index 000000000000..7b4d85dc3a3c
--- /dev/null
+++ b/src/chrome/content/rules/Flockport.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- community.flockport.com
+
+-->
+<ruleset name="Flockport.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="flockport.com" />
+	<target host="community.flockport.com" />
+	<target host="www.flockport.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^community\.flockport\.com$" name="^express\.sid$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Floek.net.xml b/src/chrome/content/rules/Floek.net.xml
new file mode 100644
index 000000000000..e46ba57660b8
--- /dev/null
+++ b/src/chrome/content/rules/Floek.net.xml
@@ -0,0 +1,37 @@
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://binefreund.de/ => https://www.floek.net/: (51, "SSL: no alternative certificate subject name matches target host name 'binefreund.de'")
+	Problematic domains:
+
+		- binefreund.de		(shows schwimm)
+		- www.binefreund.de *
+		- floek.net *
+
+	* Mismatched, CN: schwimm.binefreund.de
+
+
+	Mixed content:
+
+		- Web bug from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Floek.net">
+
+	<target host="binefreund.de" />
+	<target host="www.binefreund.de" />
+	<target host="schwimm.binefreund.de" />
+	<target host="floek.net" />
+	<target host="www.floek.net" />
+
+
+	<securecookie host="^www\.floek\.net$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?(?:binefreund\.de|floek\.net)/"
+		to="https://www.floek.net/" />
+
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/FlokiNET.is.xml b/src/chrome/content/rules/FlokiNET.is.xml
new file mode 100644
index 000000000000..9236cabf3e09
--- /dev/null
+++ b/src/chrome/content/rules/FlokiNET.is.xml
@@ -0,0 +1,34 @@
+<!--
+	Non-functional subdomain:
+		- (www.)billing.flokinet.com		(some pages redirect to HTTP)
+
+
+	STS header includes includeSubDomains
+
+-->
+<ruleset name="FlokiNET.is (partial)">
+
+
+	<target host="billing.flokinet.com" />
+	<target host="www.billing.flokinet.com" />
+
+		<exclusion pattern="^http://(www\.)?billing\.flokinet\.com/?$"/>
+
+			<test url="http://billing.flokinet.com/" />
+			<test url="http://www.billing.flokinet.com/" />
+
+		<exclusion pattern="^http://(www\.)?billing\.flokinet\.com/(announcements|downloads|index|knowledgebase)\.php"/>
+
+			<test url="http://billing.flokinet.com/announcements.php" />
+			<test url="http://billing.flokinet.com/downloads.php" />
+			<test url="http://billing.flokinet.com/index.php" />
+			<test url="http://www.billing.flokinet.com/index.php" />
+			<test url="http://billing.flokinet.com/knowledgebase.php" />
+
+	<securecookie host="^(?!billing\.)\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Floor64-mismatches.xml b/src/chrome/content/rules/Floor64-mismatches.xml
deleted file mode 100644
index 29bb9dec5989..000000000000
--- a/src/chrome/content/rules/Floor64-mismatches.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="Floor64 (mismatches)" default_off="mismatch">
-
-	<target host="listserv.techdirt.com" />
-
-
-	<rule from="^http://listserv\.techdirt\.com/"
-		to="https://listserv.techdirt.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Floor64.xml b/src/chrome/content/rules/Floor64.xml
index 775b6f02170a..dd7fc021d70a 100644
--- a/src/chrome/content/rules/Floor64.xml
+++ b/src/chrome/content/rules/Floor64.xml
@@ -1,16 +1,12 @@
-<!--
-	Other Floor64 rulesets:
-
-		- Techdirt.xml
-
--->
 <ruleset name="Floor64 (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="insightcommunity.com" />
 	<target host="www.insightcommunity.com" />
 
 
-	<rule from="^http://(www\.)?insightcommunity\.com/"
-		to="https://$1insightcommunity.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Florida-Center-for-Library-Automation.xml b/src/chrome/content/rules/Florida-Center-for-Library-Automation.xml
index 63582221ff42..10320929b24a 100644
--- a/src/chrome/content/rules/Florida-Center-for-Library-Automation.xml
+++ b/src/chrome/content/rules/Florida-Center-for-Library-Automation.xml
@@ -6,10 +6,10 @@
 -->
 <ruleset name="Florida Center for Library Automation (partial)">
 
-	<target host="*.fcla.edu" />
+	<target host="fclaweb.fcla.edu" />
+	<target host="metalib.fcla.edu" />
 
 
-	<rule from="^http://(fclaweb|metalib)\.fcla\.edu/"
-		to="https://$1.fcla.edu/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Florida-Institute-of-Technology.xml b/src/chrome/content/rules/Florida-Institute-of-Technology.xml
index 34d9c4780ed2..75763cef517d 100644
--- a/src/chrome/content/rules/Florida-Institute-of-Technology.xml
+++ b/src/chrome/content/rules/Florida-Institute-of-Technology.xml
@@ -1,4 +1,13 @@
-<ruleset name="Florida Institute of Technology (partial)" platform="mixedcontent">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://webmail.fit.edu/ => https://webmail.fit.edu/: (6, 'Could not resolve host: webmail.fit.edu')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://spam.fit.edu/ => https://spam.fit.edu/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://webmail.fit.edu/ => https://webmail.fit.edu/: (6, 'Could not resolve host: webmail.fit.edu')
+-->
+<ruleset name="Florida Institute of Technology (partial)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="fit.edu" />
 	<target host="alumni.fit.edu" />
@@ -16,13 +25,13 @@
 	<target host="webmail.fit.edu" />
 	<target host="www.fit.edu" />
 
-	<rule from="^http://(www\.)?fit\.edu/"
+	<rule from="^http://(?:www\.)?fit\.edu/"
 		to="https://www.fit.edu/" />
 
 	<rule from="^http://(411|(asset|ca|c|event|list|pantherpas|service|track)s|alumni|media|online|spam|webmail)\.fit\.edu/"
 		to="https://$1.fit.edu/" />
 
-	<rule from="^http://(go|(portal\.)?my)\.fit\.edu/"
+	<rule from="^http://(?:go|my|portal\.my)\.fit\.edu/"
 		to="https://portal.my.fit.edu/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/FloridaPolitics.com.xml b/src/chrome/content/rules/FloridaPolitics.com.xml
new file mode 100644
index 000000000000..5f2a421912da
--- /dev/null
+++ b/src/chrome/content/rules/FloridaPolitics.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="FloridaPolitics.com">
+	<target host="floridapolitics.com" />
+	<target host="www.floridapolitics.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Florida_Today.xml b/src/chrome/content/rules/Florida_Today.xml
index 01068749abe6..e66c98893b52 100644
--- a/src/chrome/content/rules/Florida_Today.xml
+++ b/src/chrome/content/rules/Florida_Today.xml
@@ -1,76 +1,46 @@
 <!--
 	For other Gannett Company coverage, see Gannett-Company.xml.
 
-
-	CDN buckets:
-
-		- san1.gmti.gannett.edgekey.net
-
-			- www.floridatoday.com
-
-		- img.gannett.edgesuite.net 
-			- cmsimg.floridatoday.com
-
-
-	Nonfunctional domains:
-
-		- classifieds.flatoday.com
-
-
-	Problematic domains:
-
-		- cmsimg.floridatoday.com		(Akamai; 503)
-		- deals.floridatoday.com		(CN: *.planetdiscover.com)
-		- origin-cmsimg.floridaytoday.com	(no https)
-		- search.floridatoday.com		(CN: *.planetdiscover.com)
-
-
-	Fully covered domains:
-
-		- ads.flatdy.net
-		- floridatoday.com
-		- cmsimg.floridatoday.com
-		- deals.floridatoday.com
-		- origin-cmsimg.floridatoday.com
-		- origin-www.floridatoday.com
-		- search.floridatoday.com
-		- www.floridatoday.com
-
+	Non-functional hosts:
+		Timeout was reached:
+		- classifieds.floridatoday.com
+		- classifieds-prod.floridatoday.com
+
+		SSL peer certificate was not OK:
+		- findnsave.floridatoday.com
+
+		Incomplete certificate chain error:
+		- local.floridatoday.com
+
+		Mixed content blocking (MCB) triggered:
+		- blogs.floridatoday.com
+		- events.floridatoday.com
+		- realestate.floridatoday.com
+		- solutions.floridatoday.com
 -->
-<ruleset name="Florida Today (partial)" platform="mixedcontent">
-
-	<target host="ads.flatdy.com" />
+<ruleset name="Florida Today">
 	<target host="floridatoday.com" />
-	<target host="*.floridatoday.com" />
-
-
-	<!--	Observed cookie domains:
-
-			- ads.flatdy.com
-			- floridatoday.com
-			- .floridatoday.com
-			- www.floridatoday.com
-						-->
-	<securecookie host="^(?:.*\.)fl(?:atd|oridatoda)y\.com$" name=".+" />
-
-
-	<rule from="^http://ads\.flatdy\.net/"
-		to="https://ads.flatdy.net/" />
-
-	<rule from="^https?://(?:(?:origin-)?cmsimg\.)?floridatoday\.com/"
-		to="https://www.floridatoday.com/" />
-
-	<!--	origin-www works with https.
-						-->
-	<rule from="^http://((?:origin-)?www)\.floridatoday\.com/"
-		to="https://$1.floridatoday.com/" />
-
-	<!--	Fails to redirect properly.
-						-->
-	<rule from="^https?://deals\.floridatoday\.com/(?:$|\?)"
-		to="https://brevardco.planetdiscover.com/sp?aff=1180" />
-
-	<rule from="^https?://(?:deals|search)\.floridatoday\.com/"
-		to="https://brevardco.planetdiscover.com/" />
-
-</ruleset>
\ No newline at end of file
+	<target host="www.floridatoday.com" />
+	<target host="account.floridatoday.com" />
+	<target host="amp.floridatoday.com" />
+	<target host="archive.floridatoday.com" />
+	<target host="cm.floridatoday.com" />
+	<target host="content-static.floridatoday.com" />
+	<target host="data.floridatoday.com" />
+	<target host="help.floridatoday.com" />
+	<target host="jobs.floridatoday.com" />
+	<target host="mocux.floridatoday.com" />
+	<target host="offers.floridatoday.com" />
+	<target host="phxux.floridatoday.com" />
+	<target host="profile.floridatoday.com" />
+	<target host="rssfeeds.floridatoday.com" />
+	<target host="static.floridatoday.com" />
+		<test url="http://static.floridatoday.com/privacy/" />
+	<target host="tickets.floridatoday.com" />
+	<target host="uw-media.floridatoday.com" />
+	<target host="ux.floridatoday.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/FlowingData.com.xml b/src/chrome/content/rules/FlowingData.com.xml
new file mode 100644
index 000000000000..7d041b302d9e
--- /dev/null
+++ b/src/chrome/content/rules/FlowingData.com.xml
@@ -0,0 +1,19 @@
+<!--
+	Invalid certificate:
+		book.flowingdata.com
+		datasets.flowingdata.com
+		forums.flowingdata.com
+		media.flowingdata.com
+		projects.flowingdata.com
+		webmail.flowingdata.com
+
+-->
+<ruleset name="FlowingData.com">
+
+	<target host="flowingdata.com" />
+	<target host="www.flowingdata.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Flownative.com.xml b/src/chrome/content/rules/Flownative.com.xml
new file mode 100644
index 000000000000..c796d7391e14
--- /dev/null
+++ b/src/chrome/content/rules/Flownative.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="Flownative.com">
+
+	<target host="flownative.com" />
+	<target host="www.flownative.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Flowplayer.org.xml b/src/chrome/content/rules/Flowplayer.org.xml
index 24dd9989f956..4e38d7d13286 100644
--- a/src/chrome/content/rules/Flowplayer.org.xml
+++ b/src/chrome/content/rules/Flowplayer.org.xml
@@ -17,7 +17,6 @@
 	<target host="releases.flowplayer.org" />
 
 
-	<rule from="^http://releases\.flowplayer\.org/"
-		to="https://releases.flowplayer.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Flowtab.com.xml b/src/chrome/content/rules/Flowtab.com.xml
index 63f1de53d16f..8e19e9edc012 100644
--- a/src/chrome/content/rules/Flowtab.com.xml
+++ b/src/chrome/content/rules/Flowtab.com.xml
@@ -1,4 +1,10 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://flowtab.com/ => https://flowtab.com/: (60, 'SSL certificate problem: certificate has expired')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://flowtab.com/ => https://flowtab.com/: (60, 'SSL certificate problem: certificate has expired')
 	CDN buckets:
 
 		- dxluo93d48m7d.cloudfront.net
@@ -6,20 +12,19 @@
 			- cdn.flowtab.mobi
 
 -->
-<ruleset name="Flowtab.com">
+<ruleset name="Flowtab.com" default_off="failed ruleset test">
 
 	<target host="flowtab.com" />
-	<target host="*.flowtab.com" />
+	<target host="www.flowtab.com" />
 	<target host="cdn.flowtab.mobi" />
 
 
 	<securecookie host="^(?:w*\.)?flowtab\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?flowtab\.com/"
-		to="https://$1flowtab.com/" />
 
 	<rule from="^http://cdn\.flowtab\.mobi/"
 		to="https://dxluo93d48m7d.cloudfront.net/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Fluctis_Hosting.com.xml b/src/chrome/content/rules/Fluctis_Hosting.com.xml
new file mode 100644
index 000000000000..fbf89b3e10c5
--- /dev/null
+++ b/src/chrome/content/rules/Fluctis_Hosting.com.xml
@@ -0,0 +1,26 @@
+<!--
+	www: 503
+
+
+	Some pages redirect to http.
+
+-->
+<ruleset name="Fluctis Hosting.com (partial)">
+
+	<target host="fluctishosting.com" />
+	<target host="*.fluctishosting.com" />
+		<!--
+			Redirects to http:
+						-->
+		<!--exclusion pattern="^http://(www\.)?fluctishosting\.com/+whmcs/(announcements\.php|index\.php)?($|[?/])" /-->
+
+
+	<!--	Tracking cookies:
+					-->
+	<securecookie host="^\.fluctishosting\.com$" name="^__utm\w+$" />
+
+
+	<rule from="^http://(?:www\.)?fluctishosting\.com/(?!whmcs/(?:announcements\.php|index\.php)?(?:$|[?/]))"
+		to="https://fluctishosting.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/FluentInTurkish.com.xml b/src/chrome/content/rules/FluentInTurkish.com.xml
new file mode 100644
index 000000000000..dd3fa08aa5e4
--- /dev/null
+++ b/src/chrome/content/rules/FluentInTurkish.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="FluentInTurkish.com">
+	<target host="fluentinturkish.com" />
+	<target host="www.fluentinturkish.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Fluid_Hosting.com.xml b/src/chrome/content/rules/Fluid_Hosting.com.xml
index efd716ca1c73..812275aed2aa 100644
--- a/src/chrome/content/rules/Fluid_Hosting.com.xml
+++ b/src/chrome/content/rules/Fluid_Hosting.com.xml
@@ -14,13 +14,13 @@
 <ruleset name="Fluid Hosting.com (partial)">
 
 	<target host="fluidhosting.com" />
-	<target host="*.fluidhosting.com" />
+	<target host="support.fluidhosting.com" />
+	<target host="www.fluidhosting.com" />
 
 
 	<securecookie host="^support\.fluidhosting\.com$" name=".+" />
 
 
-	<rule from="^http://(support\.|www\.)?fluidhosting\.com/"
-		to="https://$1fluidhosting.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Flurry-problematic.xml b/src/chrome/content/rules/Flurry-problematic.xml
index defcfa92702c..22f97633d414 100644
--- a/src/chrome/content/rules/Flurry-problematic.xml
+++ b/src/chrome/content/rules/Flurry-problematic.xml
@@ -10,7 +10,6 @@
 	<securecookie host="^blog\.flurry\.com$" name=".+" />
 
 
-	<rule from="^http://blog\.flurry\.com/"
-		to="https://blog.flurry.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Flurry.xml b/src/chrome/content/rules/Flurry.xml
index 70fbf6664f85..3db31551f5b2 100644
--- a/src/chrome/content/rules/Flurry.xml
+++ b/src/chrome/content/rules/Flurry.xml
@@ -15,13 +15,13 @@
 -->
 <ruleset name="Flurry">
 
-	<target host="*.flurry.com" />
+	<target host="cdn.flurry.com" />
+	<target host="dev.flurry.com" />
 
 
 	<securecookie host="^dev\.flurry\.com$" name=".+" />
 
 
-	<rule from="^http://(cdn|dev)\.flurry\.com/"
-		to="https://$1.flurry.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/FlutterToday.com.xml b/src/chrome/content/rules/FlutterToday.com.xml
deleted file mode 100644
index 9b166d3a0d4e..000000000000
--- a/src/chrome/content/rules/FlutterToday.com.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	Some pages redirect to http.
-
-
-	Mixed content:
-
-		- Images on www from www *
-
-	* Secured by us
-
--->
-<ruleset name="FlutterToday.com (partial)">
-
-	<target host="fluttertoday.com" />
-	<target host="www.fluttertoday.com" />
-
-
-	<rule from="^http://(www\.)?fluttertoday\.com/(?=deals/(?:account(?:$|[?/])|flavor/css/|wp-content/|wp-includes/)|favicon\.ico)"
-		to="https://$1fluttertoday.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Flux.xml b/src/chrome/content/rules/Flux.xml
new file mode 100644
index 000000000000..0b2625497c98
--- /dev/null
+++ b/src/chrome/content/rules/Flux.xml
@@ -0,0 +1,24 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- justgetflux.com
+		- www.justgetflux.com
+
+-->
+<ruleset name="F.lux">
+
+	<target host="justgetflux.com" />
+	<target host="www.justgetflux.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^justgetflux\.com$" name="^(?:express\.sid|uid)$" /-->
+	<!--securecookie host="^www\.justgetflux\.com$" name="^uid$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/FluxBB.xml b/src/chrome/content/rules/FluxBB.xml
index 7362c049bc00..31bce9872e31 100644
--- a/src/chrome/content/rules/FluxBB.xml
+++ b/src/chrome/content/rules/FluxBB.xml
@@ -1,16 +1,23 @@
-<ruleset name="FluxBB.org (partial)">
+<!--
+	Insecure cookies are set for these domains:
+
+		- .fluxbb.org
+
+-->
+<ruleset name="FluxBB.org">
 
 	<target host="fluxbb.org" />
 	<target host="www.fluxbb.org" />
-		<!--
-			Another case of the stupids.
 
-			Pages have started redirecting to http, including *login* & *registration* pages.
-							-->
-		<exclusion pattern="^http://(www\.)?fluxbb\.org/($|.+((/|\.php|\.html)($|\?)))" />
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.fluxbb\.org$" name="^flux_lang$" /-->
+
+	<securecookie host="^\.fluxbb\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?fluxbb\.org/"
-		to="https://$1fluxbb.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/FluxCards.de.xml b/src/chrome/content/rules/FluxCards.de.xml
new file mode 100644
index 000000000000..87887721b2c7
--- /dev/null
+++ b/src/chrome/content/rules/FluxCards.de.xml
@@ -0,0 +1,9 @@
+<ruleset name="FluxCards.de">
+
+	<target host="fluxcards.de" />
+	<target host="www.fluxcards.de" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Fluxx.io.xml b/src/chrome/content/rules/Fluxx.io.xml
new file mode 100644
index 000000000000..f25651f7ca19
--- /dev/null
+++ b/src/chrome/content/rules/Fluxx.io.xml
@@ -0,0 +1,42 @@
+<!--
+	Problematic hosts in *fluxx.io:
+
+		- blog *
+		- info *
+
+	* HubSpot
+
+
+	Insecure cookies are set for these hosts:
+
+		- blog.fluxx.io
+		- info.fluxx.io
+
+
+	Mixed content:
+
+		- Images on ^ from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Fluxx.io (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="fluxx.io" />
+	<!--target host="blog.fluxx.io" /-->
+	<!--target host="info.fluxx.io" /-->
+	<target host="macfound.fluxx.io" />
+	<target host="www.fluxx.io" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:blog|info)\.fluxx\.info$" name="^hsPagesViewedThisSession$" /-->
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/FlyEdelweiss.com.xml b/src/chrome/content/rules/FlyEdelweiss.com.xml
new file mode 100644
index 000000000000..8148801c6d36
--- /dev/null
+++ b/src/chrome/content/rules/FlyEdelweiss.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="FlyEdelweiss.com (partial)">
+	<target host="flyedelweiss.com" />
+	<target host="www.flyedelweiss.com" />
+	<target host="booking.flyedelweiss.com" />
+
+	<!-- https://flyedelweiss.com: connection reset -->
+	<rule from="^http://flyedelweiss\.com/"
+		to="https://www.flyedelweiss.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Flybuys.xml b/src/chrome/content/rules/Flybuys.xml
new file mode 100644
index 000000000000..3c5b693b4a83
--- /dev/null
+++ b/src/chrome/content/rules/Flybuys.xml
@@ -0,0 +1,6 @@
+<ruleset name="Flybuys">
+	<target host="flybuys.com.au" />
+	<target host="www.flybuys.com.au" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Flyerify.com.xml b/src/chrome/content/rules/Flyerify.com.xml
new file mode 100644
index 000000000000..b1090842f0c4
--- /dev/null
+++ b/src/chrome/content/rules/Flyerify.com.xml
@@ -0,0 +1,17 @@
+<!--
+	Wildcard certificate and DNS records:
+		- flyerify.com
+-->
+
+<ruleset name="Flyerify.com">
+	<target host="flyerify.com" />
+	<target host="*.flyerify.com" />
+		<test url="http://www.flyerify.com/" />
+		<test url="http://foodymart.flyerify.com/" />
+		<test url="http://fresonbros.flyerify.com/" />
+
+	<!-- flyerify.com -->
+	<!-- *.flyerify.com -->
+	<rule from="^http://([\w-]+\.)?flyerify\.com/"
+		to="https://$1flyerify.com/" />
+</ruleset>
diff --git a/src/chrome/content/rules/FlyersRights.com.xml b/src/chrome/content/rules/FlyersRights.com.xml
new file mode 100644
index 000000000000..b4d5e486f5a3
--- /dev/null
+++ b/src/chrome/content/rules/FlyersRights.com.xml
@@ -0,0 +1,33 @@
+<!--
+	For other Flyers Rights related rulesets, see FlyersRights.org.xml.
+
+	Non-functional hosts
+
+		Couldn't connect to server:
+		- smtp.flyersrights.com
+
+		Timeout was reached:
+		- imap.flyersrights.com
+		- pop.flyersrights.com
+		- mail.flyersrights.com
+
+		SSL connect error:
+		- anything.flyersrights.com
+
+		SSL peer certificate was not OK:
+		- flyersrights.com
+		- www.flyersrights.com
+		- ftp.flyersrights.com
+		- email.flyersrights.com
+		- mobilemail.flyersrights.com
+		- pda.flyersrights.com
+		- e.flyersrights.com
+		- webmail.flyersrights.com
+-->
+<ruleset name="FlyersRights.com">
+	<target host="flyersrights.com" />
+	<target host="www.flyersrights.com" />
+
+	<rule from="^http://(www\.)?flyersrights\.com/"
+			to="https://www.flyersrights.org/" />
+</ruleset>
diff --git a/src/chrome/content/rules/FlyersRights.org.xml b/src/chrome/content/rules/FlyersRights.org.xml
index 1db963b16091..bdf1694d0dad 100644
--- a/src/chrome/content/rules/FlyersRights.org.xml
+++ b/src/chrome/content/rules/FlyersRights.org.xml
@@ -1,19 +1,37 @@
 <!--
-	Problematic domains:
+	Other Flyers Rights related rulesets:
+		+ FlyersRights.com.xml
 
-		- (www.)flyersrights.com	(times out)
-		- (www.)flyersrights.org	(CN: anything.flyersrights.com)
+	Non-functional hosts:
+		Couldn't connect to server:
+		- smtp.flyersrights.org
 
+		Timeout was reached:
+		- imap.flyersrights.org
+		- pop.flyersrights.org
+
+		SSL peer certificate was not OK:
+		- admin.flyersrights.org
+		- mail.flyersrights.org
+		- email.flyersrights.org
+		- ftp.flyersrights.org
+		- sucuriip.flyersrights.org
+		- e.flyersrights.org
+		- pda.flyersrights.org
+		- webmail.flyersrights.org
+		- mobilemail.flyersrights.org
+		- www.admin.flyersrights.org
+
+		Peer certificate cannot be authenticated with given CA certificates:
+		- new.flyersrights.org
 -->
-<ruleset name="FlyersRights.org">
+<ruleset name="Flyers Rights.org">
 
-	<target host="flyersrights.com" />
-	<target host="*.flyersrights.com" />
 	<target host="flyersrights.org" />
 	<target host="www.flyersrights.org" />
+	
+	<securecookie host=".+" name=".+" />
 
+	<rule from="^http:" to="https:" />
 
-	<rule from="^https?://(?:anything\.|www\.)?flyersrights\.(?:com|org)/"
-		to="https://anything.flyersrights.com/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Flyertalk.com.xml b/src/chrome/content/rules/Flyertalk.com.xml
new file mode 100644
index 000000000000..5dbec9bcd908
--- /dev/null
+++ b/src/chrome/content/rules/Flyertalk.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Flyertalk.com" platform="mixedcontent">
+  <target host="flyertalk.com" />
+  <target host="www.flyertalk.com" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Flyertown.xml b/src/chrome/content/rules/Flyertown.xml
index 77fe42005bf4..3576028518fe 100644
--- a/src/chrome/content/rules/Flyertown.xml
+++ b/src/chrome/content/rules/Flyertown.xml
@@ -7,7 +7,6 @@
 	<securecookie host="^www\.flyertown\.ca$" name=".+" />
 
 
-	<rule from="^http://(www\.)?flyertown\.ca/"
-		to="https://$1flyertown.ca/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Flygo-Aviation.com.xml b/src/chrome/content/rules/Flygo-Aviation.com.xml
new file mode 100644
index 000000000000..2f548cc9d1b1
--- /dev/null
+++ b/src/chrome/content/rules/Flygo-Aviation.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="Flygo-Aviation.com">
+	<target host="flygo-aviation.com" />
+	<target host="www.flygo-aviation.com" />
+	<target host="phpmyadmin.flygo-aviation.com" />
+	<target host="web.flygo-aviation.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Flying_Cameras.xml b/src/chrome/content/rules/Flying_Cameras.xml
deleted file mode 100644
index 66e4edb3b9bb..000000000000
--- a/src/chrome/content/rules/Flying_Cameras.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Flying Cameras">
-
-	<target host="flyingcameras.ca" />
-	<target host="*.flyingcameras.ca" />
-
-
-	<securecookie host="^\.(?:www\.)?flyingcameras\.ca$" name=".+" />
-
-
-	<rule from="^http://(www\.)?flyingcameras\.ca/"
-		to="https://$1flyingcameras.ca/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Flying_Meat.xml b/src/chrome/content/rules/Flying_Meat.xml
index 9ba9ab04eccc..352d70aa0bce 100644
--- a/src/chrome/content/rules/Flying_Meat.xml
+++ b/src/chrome/content/rules/Flying_Meat.xml
@@ -17,10 +17,11 @@
 <ruleset name="Flying Meat (partial)">
 
 	<target host="flyingmeat.com" />
-	<target host="*.flyingmeat.com" />
+	<target host="secure.flyingmeat.com" />
+	<target host="www.flyingmeat.com" />
 
 
 	<rule from="^http://(?:secure\.|www\.)?flyingmeat\.com/"
 		to="https://secure.flyingmeat.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Flyn.org.xml b/src/chrome/content/rules/Flyn.org.xml
new file mode 100644
index 000000000000..6ad7e5a4afde
--- /dev/null
+++ b/src/chrome/content/rules/Flyn.org.xml
@@ -0,0 +1,12 @@
+<ruleset name="Flyn.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="flyn.org" />
+	<target host="www.flyn.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Flyspray.org.xml b/src/chrome/content/rules/Flyspray.org.xml
new file mode 100644
index 000000000000..2c9c8dd0c369
--- /dev/null
+++ b/src/chrome/content/rules/Flyspray.org.xml
@@ -0,0 +1,20 @@
+<!--
+	Nonfunctional hosts in *.flyspray.org:
+		- flyspray.org (m)
+		- scm.flyspray.org (m)
+		- snaps.flyspray.org (m)
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Flyspray.org">
+	<target host="flyspray.org" />
+	<target host="www.flyspray.org" />
+	<target host="bugs.flyspray.org" />
+
+	<rule from="^http://flyspray\.org/" to="https://www.flyspray.org/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Fmod.xml b/src/chrome/content/rules/Fmod.xml
index faed7f6fb81e..1900212ceb96 100644
--- a/src/chrome/content/rules/Fmod.xml
+++ b/src/chrome/content/rules/Fmod.xml
@@ -1,11 +1,32 @@
-<ruleset name="fmod" default_off="mismatch">
+<!--
+	CN: www.control.tierra.net
+
+
+	Insecure cookies are set for these hosts:
+
+		- fmod.org
+		- www.fmod.org
+
+
+	Mixed content:
+
+		- Images from www.fmod.org
+
+-->
+<ruleset name="fmod.org" default_off="mismatched">
 
-	<!--	Cert:	 www.control.tierra.net	-->
 	<target host="fmod.org" />
 	<target host="www.fmod.org" />
 
 
-	<rule from="^https?://(?:www\.)?fmod\.org/"
-		to="https://fmod.org/" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?fmod\.org$" name="^(?:PHPSESSID|sabai_user_device)$" /-->
+
+	<securecookie host="^(?:www\.)?fmod\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Fnac.pt.xml b/src/chrome/content/rules/Fnac.pt.xml
new file mode 100644
index 000000000000..d45dc24b8991
--- /dev/null
+++ b/src/chrome/content/rules/Fnac.pt.xml
@@ -0,0 +1,24 @@
+<!--
+	Refused:
+	mc.fnac.pt
+
+	Mismatch:
+	(www.fnac.pt)
+	expert.fnac.pt
+	www.foto.fnac.pt
+	foto.fnac.pt
+	multimedia.fnac.pt
+
+	Timeout:
+	www.revistaestante.fnac.pt
+	bilheteira.fnac.pt
+	espectaculos.fnac.pt
+	conteudos.fnac.pt
+-->
+
+<ruleset name="Fnac.pt">
+	<target host="secure.fnac.pt" />
+	<target host="mp.fnac.pt" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Fnac.xml b/src/chrome/content/rules/Fnac.xml
index c069e69776c7..8b10cb03f9aa 100644
--- a/src/chrome/content/rules/Fnac.xml
+++ b/src/chrome/content/rules/Fnac.xml
@@ -15,7 +15,7 @@
 	<target host="www.fnacspectacles.com" />
 
 
-	<rule from="^https?://(?:www\.)?fnacspectacles\.com/(aide\.do(?:$|\?)|banniere/|css/|images/|js/|static/)"
+	<rule from="^http://(?:www\.)?fnacspectacles\.com/(aide\.do(?:$|\?)|banniere/|css/|images/|js/|static/)"
 		to="https://www.fnacspectacles.com/$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Fobos.de.xml b/src/chrome/content/rules/Fobos.de.xml
new file mode 100644
index 000000000000..ad651149b1ed
--- /dev/null
+++ b/src/chrome/content/rules/Fobos.de.xml
@@ -0,0 +1,9 @@
+<ruleset name="Fobos.de">
+
+	<target host="fobos.de" />
+	<target host="www.fobos.de" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Focaljet.com.xml b/src/chrome/content/rules/Focaljet.com.xml
index 98579b0237bb..fe2e55fb7dd6 100644
--- a/src/chrome/content/rules/Focaljet.com.xml
+++ b/src/chrome/content/rules/Focaljet.com.xml
@@ -1,13 +1,21 @@
-<ruleset name="focaljet.com">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://focaljet.com/ => https://focaljet.com/: (51, "SSL: no alternative certificate subject name matches target host name 'focaljet.com'")
+Fetch error: http://www.focaljet.com/ => https://www.focaljet.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.focaljet.com'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://focaljet.com/ => https://focaljet.com/: (60, 'SSL certificate problem: self signed certificate')
+-->
+<ruleset name="focaljet.com" default_off="failed ruleset test">
 
 	<target host="focaljet.com" />
-	<target host="*.focaljet.com" />
+	<target host="www.focaljet.com" />
 
 
 	<securecookie host="^\.focaljet\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?focaljet\.com/"
-		to="https://$1focaljet.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Focloir.ie.xml b/src/chrome/content/rules/Focloir.ie.xml
new file mode 100644
index 000000000000..57ed0335edc6
--- /dev/null
+++ b/src/chrome/content/rules/Focloir.ie.xml
@@ -0,0 +1,13 @@
+<!--
+	Secure connection failed:
+		corpas.focloir.ie
+
+	Time out:
+		breis.focloir.ie
+-->
+<ruleset name="Focloir.ie">
+	<target host="focloir.ie"/>
+	<target host="www.focloir.ie"/>
+
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/Focus.de-mixedcontent.xml b/src/chrome/content/rules/Focus.de-mixedcontent.xml
deleted file mode 100644
index 1f05ad1fd613..000000000000
--- a/src/chrome/content/rules/Focus.de-mixedcontent.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<!--
-	For domains without mixed content, see Focus.de.xml.
-
--->
-<ruleset name="Focus.de (mixed content)" platform="mixedcontent">
-
-	<target host="m.focus.de" />
-
-
-	<rule from="^http://m\.focus\.de/"
-		to="https://m.focus.de/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Focus.de.xml b/src/chrome/content/rules/Focus.de.xml
index f04eeb180e88..dd131b264a53 100644
--- a/src/chrome/content/rules/Focus.de.xml
+++ b/src/chrome/content/rules/Focus.de.xml
@@ -1,37 +1,32 @@
 <!--
-	For domains with mixed content, see Focus.de-mixedcontent.xml.
-
-
-	Nonfunctional subdomains:
-
-		- festgeld
-		- images.fragen
-		- tagesgeld
-		- unternehmen
-		- wetter
-
-
-	Problematic subdomains:
-
-		- ^		(cert only matches *.focus.de)
-		- bausparen	(works, mismatched, CN: rechner.fmh.de)
-		- p4		(akamai)
-		- strompreise	(works, mismatched, CN: partner.vxcp.de)
+	Invalid certificate:
+		p4.focus.de
 
+	Timeout:
+		onlinespiele.focus.de
 -->
-<ruleset name="Focus.de">
+<ruleset name="Focus.de (partial)">
 
 	<target host="focus.de" />
-	<target host="*.focus.de" />
-
-
-	<securecookie host="^(?:www)?\.focus\.de$" name=".+" />
-
-
-	<rule from="^https?://(?:www\.)?focus\.de/"
-		to="https://www.focus.de/" />
-
-	<rule from="^http://p[04]\.focus\.de/"
-		to="https://p0.focus.de/" />
+	<target host="www.focus.de" />
+	<target host="bausparen.focus.de" />
+	<target host="festgeld.focus.de" />
+	<target host="fragen.focus.de" />
+	<target host="gutscheine.focus.de" />
+	<target host="kleinanzeige.focus.de" />
+	<target host="m.focus.de" />
+	<target host="medipreis.focus.de" />
+	<target host="p5.focus.de" />
+	<target host="pdf.focus.de" />
+	<target host="static.focus.de" />
+	<target host="stellenangebote.focus.de" />
+	<target host="strompreise.focus.de" />
+	<target host="tagesgeld.focus.de" />
+	<target host="unternehmen.focus.de" />
+	<target host="wetter.focus.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"	to="https:"/>
 
 </ruleset>
diff --git a/src/chrome/content/rules/FocusTeam.ma.xml b/src/chrome/content/rules/FocusTeam.ma.xml
new file mode 100644
index 000000000000..1d53002c852c
--- /dev/null
+++ b/src/chrome/content/rules/FocusTeam.ma.xml
@@ -0,0 +1,8 @@
+<ruleset name="FocusTeam.ma">
+	<target host="focusteam.ma" />
+	<target host="www.focusteam.ma" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Focus_Camera.com.xml b/src/chrome/content/rules/Focus_Camera.com.xml
index 48662e9cb391..a70cd57a22c2 100644
--- a/src/chrome/content/rules/Focus_Camera.com.xml
+++ b/src/chrome/content/rules/Focus_Camera.com.xml
@@ -1,13 +1,12 @@
 <ruleset name="Focus Camera.com">
 
 	<target host="focuscamera.com" />
-	<target host="*.focuscamera.com" />
+	<target host="www.focuscamera.com" />
 
 
 	<securecookie host="^\.(?:www\.)?focuscamera\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?focuscamera\.com/"
-		to="https://$1focuscamera.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Focus_on_Learning_Center.com.xml b/src/chrome/content/rules/Focus_on_Learning_Center.com.xml
new file mode 100644
index 000000000000..d5a1138fda71
--- /dev/null
+++ b/src/chrome/content/rules/Focus_on_Learning_Center.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="Focus on Learning Center.com">
+
+	<target host="focusonlearningcenter.com" />
+	<target host="www.focusonlearningcenter.com" />
+
+
+	<securecookie host="^(?:www\.)?focusonlearningcenter\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/FodevareWatch.xml b/src/chrome/content/rules/FodevareWatch.xml
new file mode 100644
index 000000000000..8120b944324d
--- /dev/null
+++ b/src/chrome/content/rules/FodevareWatch.xml
@@ -0,0 +1,23 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.fodevarewatch.dk/ => https://www.fodevarewatch.dk/: (51, "SSL: no alternative certificate subject name matches target host name 'www.fodevarewatch.dk'")
+
+	Not covered:
+		s7.addthis.com
+		adserver.adtech.de
+
+	Remark:
+		This page gets content from other *watch.dk-domains,
+		not all of which work flawlessly with HTTPS Everywhere
+		at the moment (take finanswatch.dk for instance).
+
+-->
+
+<ruleset name="FodevareWatch" default_off="failed ruleset test">
+	<target host="fodevarewatch.dk" />
+	<target host="www.fodevarewatch.dk" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/FogBugz.com.xml b/src/chrome/content/rules/FogBugz.com.xml
index 1551fb5d4fb0..b0ff0dbe1115 100644
--- a/src/chrome/content/rules/FogBugz.com.xml
+++ b/src/chrome/content/rules/FogBugz.com.xml
@@ -12,7 +12,7 @@
 		- (www.)	(mismatched, CN: *.fogcreek.com)
 
 
-	FUlly covered subdomains:
+	Fully covered subdomains:
 
 		- (www.)	(→ www.fogcreek.com)
 		- d2l
@@ -35,4 +35,4 @@
 	<rule from="^http://d2l\.fogbugz\.com/"
 		to="https://d2l.fogbugz.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/FogCreek.com.xml b/src/chrome/content/rules/FogCreek.com.xml
new file mode 100644
index 000000000000..9058dcf3cf52
--- /dev/null
+++ b/src/chrome/content/rules/FogCreek.com.xml
@@ -0,0 +1,24 @@
+<!--
+	Mixed content:
+		help.fogcreek.com
+
+	Invalid certificate:
+		maintenance.fogcreek.com
+
+-->
+<ruleset name="FogCreek.com">
+
+	<target host="fogcreek.com" />
+	<target host="www.fogcreek.com" />
+	<target host="blog.fogcreek.com" />
+	<target host="discuss.fogcreek.com" />
+	<target host="secure.fogcreek.com" />
+	<target host="shop.fogcreek.com" />
+	<target host="status.fogcreek.com" />
+	<target host="redirect.fogcreek.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Fog_Creek.xml b/src/chrome/content/rules/Fog_Creek.xml
deleted file mode 100644
index 84758c4d84b4..000000000000
--- a/src/chrome/content/rules/Fog_Creek.xml
+++ /dev/null
@@ -1,38 +0,0 @@
-<!--
-	Other Fog Creek rulesets:
-
-		- Fog_Creek.xml
-		- Trello.xml
-
-
-	Nonfunctional subdomains:
-
-		- blog	(dropped)
-
-
-	Fully covered subdoamins:
-
-		- (www.)
-		- secure
-
-
-	Mixed content:
-
-		- Image on www from www.adobe.com *
-
-	* Secured by us, doesn't trip MCB
-
--->
-<ruleset name="Fog Creek">
-
-	<target host="fogcreek.com" />
-	<target host="*.fogcreek.com" />
-
-
-	<securecookie host="^(?:secure\.|\.)?fogcreek\.com$" name=".+" />
-
-
-	<rule from="^http://(secure\.|www\.)?fogcreek\.com/"
-		to="https://$1fogcreek.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Fokus.no.xml b/src/chrome/content/rules/Fokus.no.xml
index d29ee657bcbe..af512b3596e9 100644
--- a/src/chrome/content/rules/Fokus.no.xml
+++ b/src/chrome/content/rules/Fokus.no.xml
@@ -1,4 +1,14 @@
-<ruleset name="Fokus Bank">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://fokus.no/ => https://www.fokus.no/: (7, 'Failed to connect to www.fokus.no port 443: Connection timed out')
+Fetch error: http://www.fokus.no/ => https://www.fokus.no/: (7, 'Failed to connect to www.fokus.no port 443: Connection timed out')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://fokus.no/ => https://www.fokus.no/: (7, 'Failed to connect to www.fokus.no port 443: Connection timed out')
+Fetch error: http://www.fokus.no/ => https://www.fokus.no/: (7, 'Failed to connect to www.fokus.no port 443: Connection timed out')
+-->
+<ruleset name="Fokus Bank" default_off="failed ruleset test">
   <target host="fokus.no" />
   <target host="www.fokus.no" />
 
diff --git a/src/chrome/content/rules/Fold.cm.xml b/src/chrome/content/rules/Fold.cm.xml
new file mode 100644
index 000000000000..bc8827df76d2
--- /dev/null
+++ b/src/chrome/content/rules/Fold.cm.xml
@@ -0,0 +1,12 @@
+<ruleset name="Fold.cm">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="fold.cm" />
+	<target host="www.fold.cm" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/FoldingCoin.net.xml b/src/chrome/content/rules/FoldingCoin.net.xml
new file mode 100644
index 000000000000..987b5bcc6830
--- /dev/null
+++ b/src/chrome/content/rules/FoldingCoin.net.xml
@@ -0,0 +1,13 @@
+<ruleset name="FoldingCoin.net" >
+
+	<target host="foldingcoin.net" />
+	<target host="www.foldingcoin.net" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Folding_Forum.org.xml b/src/chrome/content/rules/Folding_Forum.org.xml
new file mode 100644
index 000000000000..1f508a1db82d
--- /dev/null
+++ b/src/chrome/content/rules/Folding_Forum.org.xml
@@ -0,0 +1,10 @@
+<ruleset name="Folding Forum.org">
+
+	<target host="foldingforum.org" />
+	<target host="www.foldingforum.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Foliovision.com.xml b/src/chrome/content/rules/Foliovision.com.xml
new file mode 100644
index 000000000000..b7f6f0c91a4a
--- /dev/null
+++ b/src/chrome/content/rules/Foliovision.com.xml
@@ -0,0 +1,36 @@
+<!--
+	www.foliovision.com: Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- foliovision.com
+
+-->
+<ruleset name="Foliovision.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="foliovision.com" />
+
+	<!--	Complications:
+				-->
+	<target host="www.foliovision.com" />
+
+		<test url="http://foliovision.com/support/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^foliovision\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^foliovision\.com$" name=".+" />
+
+
+	<rule from="^http://www\.foliovision\.com/"
+		to="https://foliovision.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Folkets.dk.xml b/src/chrome/content/rules/Folkets.dk.xml
new file mode 100644
index 000000000000..d42387afce7f
--- /dev/null
+++ b/src/chrome/content/rules/Folkets.dk.xml
@@ -0,0 +1,10 @@
+<ruleset name="Folkets.dk">
+
+	<target host="folkets.dk" />
+	<target host="www.folkets.dk" />
+
+	<securecookie host="(?:www)?\.folkets\.dk" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Folksam.se.xml b/src/chrome/content/rules/Folksam.se.xml
index b01405b43b73..4ab3729bba16 100644
--- a/src/chrome/content/rules/Folksam.se.xml
+++ b/src/chrome/content/rules/Folksam.se.xml
@@ -1,8 +1,55 @@
-<!-- This is a swedish insurance company -->
-<ruleset name="Folksam.se" platform="mixedcontent">
+<!-- This is a swedish insurance company 
+
+	Problematic subdomains:
+	
+		- Certificate common name:
+		
+			- arbetsgivare.folksam.se
+			- www2.folksam.se
+			- bilhandlare.folksam.se
+			- sip.folksam.se
+			- vasaloppet.folksam.se
+			- jobba.folksam.se
+			- lyncdiscover.folksam.se
+			- fastigheter.folksam.se
+			- trafikbarometern.folksam.se
+			- sparbankensyd.folksam.se
+			- kanslobarometern.folksam.se
+			- omoss.folksam.se
+			
+		- Incomplete Certificate chain:
+		
+			- ravpn.folksam.se
+	
+		- Content mismatch:
+
+			- atcloudservices.folksam.se
+			- cloudservices.folksam.se
+
+		- Connection refused:
+
+			- sip.folksam.se
+			- dpoc.folksam.se
+-->
+<ruleset name="Folksam.se">
 	<target host="folksam.se" />
 	<target host="www.folksam.se" />
-	<rule from="^http://www\.folksam\.se/" to="https://www.folksam.se/"/>
-	<rule from="^http://folksam\.se/" to="https://www.folksam.se/"/>
+	<target host="access.folksam.se" />
+	<target host="blogg.folksam.se" />
+	<target host="digitalassistent.folksam.se" />
+	<target host="inlogg.folksam.se" />
+	<target host="ir.folksam.se" />
+	<target host="kartsok.folksam.se" />
+	<target host="media.folksam.se" />
+	<target host="mis.folksam.se" />
+	<target host="nyhetsrum.folksam.se" />
+	<target host="partners.folksam.se" />
+	<target host="rdw.folksam.se" />
+	<target host="secure.folksam.se" />
+	<target host="stat.folksam.se" />
+	<target host="smetrics.folksam.se" />
+	<target host="secure.stst.folksam.se" />
+	<target host="vdi.folksam.se" />
+	
+	<rule from="^http:" to="https:"/>
 </ruleset>
-
diff --git a/src/chrome/content/rules/Fomori.org.xml b/src/chrome/content/rules/Fomori.org.xml
new file mode 100644
index 000000000000..5efede39fc72
--- /dev/null
+++ b/src/chrome/content/rules/Fomori.org.xml
@@ -0,0 +1,14 @@
+<!--
+	www: cert only matches ^fomori.org
+
+-->
+<ruleset name="fomori.org" default_off="self-signed">
+
+	<target host="fomori.org" />
+	<target host="www.fomori.org" />
+
+
+	<rule from="^http://(?:www\.)?fomori\.org/"
+		to="https://fomori.org/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/FontMarketplace.com.xml b/src/chrome/content/rules/FontMarketplace.com.xml
new file mode 100644
index 000000000000..f07a97719e44
--- /dev/null
+++ b/src/chrome/content/rules/FontMarketplace.com.xml
@@ -0,0 +1,26 @@
+<!--
+	For other Monotype Imaging coverage, see Monotype-Imaging.xml.
+
+
+	(www.)?fontmarketplace.com: Mismatched
+
+-->
+<ruleset name="FontMarketplace.com (partial)">
+
+	<!--	Complications:
+				-->
+	<target host="fontmarketplace.com" />
+	<target host="www.fontmarketplace.com" />
+
+
+	<!--	Redirect keeps args but not forward slash:
+							-->
+	<rule from="^http://(?:www\.)?fontmarketplace\.com/+(?=$|\?)"
+		to="https://www.fonts.com/" />
+
+		<test url="http://fontmarketplace.com/?" />
+		<test url="http://fontmarketplace.com//" />
+		<test url="http://www.fontmarketplace.com/?" />
+		<test url="http://www.fontmarketplace.com//" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Fontdeck.xml b/src/chrome/content/rules/Fontdeck.xml
index 4fa9b256765e..465f310beeef 100644
--- a/src/chrome/content/rules/Fontdeck.xml
+++ b/src/chrome/content/rules/Fontdeck.xml
@@ -1,15 +1,63 @@
-<!--	Bucket at s3.amazonaws.com/fontdeck/
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.fontdeck.com/login => https://fontdeck.com/login: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.fontdeck.com/register => https://fontdeck.com/register: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.fontdeck.com/images/logos/print-logo.png => https://fontdeck.com/images/logos/print-logo.png: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.fontdeck.com/stylesheets/core.css => https://fontdeck.com/stylesheets/core.css: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://f.fontdeck.com/ => https://f.fontdeck.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.fontdeck.com/ => https://fontdeck.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+	CDN buckets:
+
+		- s3.amazonaws.com/fontdeck/
+
+
+	Nonfunctional subdomains:
+
+		- blog *
+
+	* Tumblr
+
+
+	www: cert only matches ^fontdeck.com
+
 -->
-<ruleset name="Fontdeck (partial)">
+<ruleset name="Fontdeck.com (partial)" default_off="failed ruleset test">
+
+	<target host="fontdeck.com" />
+	<target host="f.fontdeck.com" />
+	<target host="www.fontdeck.com" />
+		<!--
+			Redirects to http:
+						-->
+		<!--exclusion pattern="http://fontdeck\.com/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="http://fontdeck\.com/(?!images/|login$|register$|stylesheets/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://fontdeck.com/about" />
+			<test url="http://fontdeck.com/contact" />
+			<test url="http://fontdeck.com/foundries" />
+			<test url="http://fontdeck.com/showcase" />
+			<test url="http://fontdeck.com/support" />
+			<test url="http://fontdeck.com/typefaces" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.fontdeck.com/login" />
+			<test url="http://www.fontdeck.com/register" />
+			<test url="http://www.fontdeck.com/images/logos/print-logo.png" />
+			<test url="http://www.fontdeck.com/stylesheets/core.css" />
 
-	<target host="fontdeck.com"/>
-	<target host="f.fontdeck.com"/>
-	<target host="www.fontdeck.com"/>
 
-	<rule from="^http://(www\.)?fontdeck\.com/(images/|login$|register$|stylesheets/)"
-		to="https://fontdeck.com/$2"/>
+	<rule from="^http://www\.fontdeck\.com/"
+		to="https://fontdeck.com/" />
 
-	<rule from="^http://f\.fontdeck\.com/"
-		to="https://f.fontdeck.com/"/>
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Fonticons.com.xml b/src/chrome/content/rules/Fonticons.com.xml
new file mode 100644
index 000000000000..8a30b8e6597e
--- /dev/null
+++ b/src/chrome/content/rules/Fonticons.com.xml
@@ -0,0 +1,20 @@
+<!--
+	Problematic hosts in *fonticons.com:
+
+		- blog *
+
+	* Mismatched
+
+-->
+<ruleset name="Fonticons.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="fonticons.com" />
+	<target host="www.fonticons.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Fonts.com.xml b/src/chrome/content/rules/Fonts.com.xml
new file mode 100644
index 000000000000..0ee3646a6825
--- /dev/null
+++ b/src/chrome/content/rules/Fonts.com.xml
@@ -0,0 +1,29 @@
+<!--
+	For other Monotype Imaging coverage, see Monotype-Imaging.xml.
+
+	Time out:
+		fast10.fonts.com
+		webfonts.fonts.com
+		www.webfonts.fonts.com
+
+	Invalid certficate:
+		blog.fonts.com
+		www0\d.fonts.com
+
+-->
+<ruleset name="Fonts.com (partial)">
+
+	<target host="fonts.com" />
+	<target host="www.fonts.com" />
+	<target host="fast.fonts.com" />
+		<test url="http://fast.fonts.com/FontsCom/Live/static/2.15.134.0/img/apple-touch-icon-57x57.png" />
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.blog\.fonts\.com$" name="^ARRAffinity$" /-->
+	<!--securecookie host="^www\.fonts\.com$" name="^ProfileTicket$" /-->
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Fonts.net.xml b/src/chrome/content/rules/Fonts.net.xml
new file mode 100644
index 000000000000..037385947968
--- /dev/null
+++ b/src/chrome/content/rules/Fonts.net.xml
@@ -0,0 +1,42 @@
+<!--
+	For other Monotype Imaging coverage, see Monotype-Imaging.xml.
+
+
+	CDN buckets:
+
+		- cs26.wac.edgecastcdn.net
+
+			- cdnbadge.fonts.net
+			- cdncms.fonts.net
+
+
+	Nonfunctional domains:
+
+		- ^fonts.net *
+		- cdnbadge.fonts.net ¹
+
+	* 403
+	¹ 404
+
+
+	Problematic domains:
+
+		- cdncms.fonts.net ²
+
+	² Works; mismatched, CN: *.fonts.com
+
+-->
+<ruleset name="Fonts.net (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="fast.fonts.net" />
+
+
+	<!--rule from="^http://www\.fonts\.net/"
+		to="https://www.linotype.com/" /-->
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Fontspring.xml b/src/chrome/content/rules/Fontspring.xml
index e0567ef28ba9..b443454c1c48 100644
--- a/src/chrome/content/rules/Fontspring.xml
+++ b/src/chrome/content/rules/Fontspring.xml
@@ -1,14 +1,45 @@
-<ruleset name="Fontspring">
+<!--
+	Problematic subdomains:
+
+		- cdn4 *
+		- cdn[1-5] *
+
+	* Mismatched, CN: www.fontspring.com
+
+
+	Mixed content:
+
+		- Images on www from cdn\d? *
+
+	* Secured by us
+
+-->
+<ruleset name="Fontspring (partial)">
 
 	<target host="fontspring.com" />
-	<!--	* for cross-domain cookie.	-->
 	<target host="*.fontspring.com" />
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="^http://www\.fontspring\.com/+((blog|fonts/[\w-]+|foundry/[\w-]+)($|\?)|ffdemo/css/)" /-->
+		<!--
+			Exceptions (5, 4, ...):
+						-->
+		<!--exclusion pattern="^http://www\.fontspring\.com/+(?!account($|[?/])|cache_assets/|favicon\.ico|fnt_imgs/|(fonts|fresh)/*($|\?)|poster_imgs/|presentation_20140401/|tools/)" /-->
 
 
-	<securecookie host="^\.fontspring.com$" name=".*" />
+	<!--securecookie host="^\.fontspring.com$" name=".*" /-->
 
 
-	<rule from="^http://(www\.)?fontspring\.com/"
+	<!--	Redirects to http:
+					-->
+	<rule from="^http://www\.fontspring\.com/fonts/(?=$|\?)"
+		to="https://www.fontspring.com/fonts" />
+
+	<rule from="^http://(www\.)?fontspring\.com/(?=account(?:$|[?/])|cache_assets/|favicon\.ico|fnt_imgs/|(?:fonts|fresh)/*(?:$|\?)|poster_imgs/|presentation_20140401/|tools/)"
 		to="https://$1fontspring.com/" />
 
+	<rule from="^http://cdn\d\.fontspring\.com/"
+		to="https://www.fontspring.com/" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/FooFighters.xml b/src/chrome/content/rules/FooFighters.xml
index c448cc40cf91..a933da4b5ca4 100644
--- a/src/chrome/content/rules/FooFighters.xml
+++ b/src/chrome/content/rules/FooFighters.xml
@@ -2,7 +2,7 @@
   <target host="foofighters.com" />
   <target host="www.foofighters.com" />
 
-  <securecookie host="^(.+\.)?foofighters\.com$" name=".*"/>
+  <securecookie host=".+" name=".+" />
 
-  <rule from="^http://(?:www\.)?foofighters\.com/" to="https://www.foofighters.com/"/>
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Foocorp.net.xml b/src/chrome/content/rules/Foocorp.net.xml
new file mode 100644
index 000000000000..954e391bb508
--- /dev/null
+++ b/src/chrome/content/rules/Foocorp.net.xml
@@ -0,0 +1,38 @@
+<!--
+	Nonfunctional hosts in *foocorp.net:
+
+		- (www.)? *
+		- social *
+
+	* Shows gnu.io
+
+
+	Problematic hosts in *foocorp.net:
+
+		- bugz ¹ ²
+
+	¹ Expired
+	² Untrusted root
+
+
+	Fully covered hosts in *foocorp.net:
+
+		- bugz
+
+
+	These altnames don't exist:
+
+		- www.bugz.foocorp.net
+
+-->
+<ruleset name="Foocorp.net (partial)" default_off="expired, untrusted root">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="bugz.foocorp.net" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Food-Allergy-Initiative.xml b/src/chrome/content/rules/Food-Allergy-Initiative.xml
index 23220fae47c8..bb939f30a2f0 100644
--- a/src/chrome/content/rules/Food-Allergy-Initiative.xml
+++ b/src/chrome/content/rules/Food-Allergy-Initiative.xml
@@ -1,6 +1,10 @@
-<ruleset name="Food Allergy Initiative">
+<!--
+	See also: Foodallergy.org.xml
+-->
+<ruleset name="Food Allergy Initiative (mismatch)" default_off="mismatch">
 	<target host="faiusa.org" />
 	<target host="www.faiusa.org" />
 
-	<rule from="^http://(?:www\.)?faiusa\.org/" to="https://www.faiusa.org/" />
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/FoodAndWaterWatch.org.xml b/src/chrome/content/rules/FoodAndWaterWatch.org.xml
new file mode 100644
index 000000000000..f5e15f7cc91e
--- /dev/null
+++ b/src/chrome/content/rules/FoodAndWaterWatch.org.xml
@@ -0,0 +1,25 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://edit.foodandwaterwatch.org/ (200) => https://edit.foodandwaterwatch.org/ (521)
+
+	Invalid certificate:
+		act.foodandwaterwatch.org
+
+	No working URL known:
+		documents.foodandwaterwatch.org (502)
+
+-->
+<ruleset name="Food &amp; Water Watch" default_off="failed ruleset test">
+
+	<target host="foodandwaterwatch.org" />
+	<target host="www.foodandwaterwatch.org" />
+	<target host="edit.foodandwaterwatch.org" />
+	<target host="secure.foodandwaterwatch.org" />
+	<target host="staging.foodandwaterwatch.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"	to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/FoodRepublic.com.xml b/src/chrome/content/rules/FoodRepublic.com.xml
new file mode 100644
index 000000000000..064f692366aa
--- /dev/null
+++ b/src/chrome/content/rules/FoodRepublic.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="FoodRepublic.com">
+	<target host="foodrepublic.com" />
+	<target host="www.foodrepublic.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/FoodSafety.gov.xml b/src/chrome/content/rules/FoodSafety.gov.xml
deleted file mode 100644
index d9c2ef799232..000000000000
--- a/src/chrome/content/rules/FoodSafety.gov.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	For other U.S. goverment coverage, see US-government.xml.
-
-
-	CDN buckets:
-
-		- www.foodsafety.gov.edgesuite.net
-
--->
-<ruleset name="FoodSafety.gov" default_off="Akamai">
-
-	<target host="foodsafety.gov" />
-	<target host="www.foodsafety.gov" />
-
-
-	<!--	!www 301s to www.
-					-->
-	<rule from="^https?://(?:www\.)?foodsafety\.gov/"
-		to="https://www.foodsafety.gov/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Food_Hub.xml b/src/chrome/content/rules/Food_Hub.xml
deleted file mode 100644
index a04f7e95e396..000000000000
--- a/src/chrome/content/rules/Food_Hub.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	For other APN News & Media coverage, see APN_News_and_Media.xml.
-
--->
-<ruleset name="Food Hub">
-
-	<target host="foodhub.co.nz" />
-	<target host="www.foodhub.co.nz" />
-
-
-	<securecookie host="^(?:www\.)?foodhub\.co\.nz$" name=".+" />
-
-
-	<rule from="^http://(www\.)?foodhub\.co\.nz/"
-		to="https://$1foodhub.co.nz/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Food_Protection_Task_Force.com.xml b/src/chrome/content/rules/Food_Protection_Task_Force.com.xml
index 90467e90c602..2b634b01f2ba 100644
--- a/src/chrome/content/rules/Food_Protection_Task_Force.com.xml
+++ b/src/chrome/content/rules/Food_Protection_Task_Force.com.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(www\.)?foodprotectiontaskforce\.com/(dfsr2/|member(?:$|[?/]))"
 		to="https://$1foodprotectiontaskforce.com/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Food_and_Water_Watch.xml b/src/chrome/content/rules/Food_and_Water_Watch.xml
deleted file mode 100644
index bbeebd25ed34..000000000000
--- a/src/chrome/content/rules/Food_and_Water_Watch.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	Problematic subdomains:
-
-		- act	(shows secure3; mismatched, CN: secure3.convio.net)
-
--->
-<ruleset name="Food &amp; Water Watch (partial)">
-
-	<target host="foodandwaterwatch.org" />
-	<target host="*.foodandwaterwatch.org" />
-
-
-	<securecookie host="^(?:w*\.)?foodandwaterwatch\.org$" name=".+" />
-
-
-	<rule from="^http://act\.foodandwaterwatch\.org/site/Donation"
-		to="https://secure3.convio.net/fww/site/Donation" />
-
-	<rule from="^http://(www\.)?foodandwaterwatch\.org/"
-		to="https://$1foodandwaterwatch.org/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Foodallergy.org.xml b/src/chrome/content/rules/Foodallergy.org.xml
index 8674191b940f..a8879b1ff1d8 100644
--- a/src/chrome/content/rules/Foodallergy.org.xml
+++ b/src/chrome/content/rules/Foodallergy.org.xml
@@ -1,6 +1,28 @@
-<ruleset name="Food Allergy &amp; Anaphylaxis Network">
+<!--
+	Food Allergy & Anaphylaxis Network
+
+
+	Insecure cookies are set for these hosts:
+
+		- foodallergy.org
+		- www.foodallergy.org
+
+-->
+<ruleset name="Food Allergy.org">
+
+	<!--	Direct rewrites:
+				-->
 	<target host="foodallergy.org"/>
 	<target host="www.foodallergy.org"/>
 
-	<rule from="^http://(?:www\.)?foodallergy\.org/" to="https://www.foodallergy.org/" />
-</ruleset>
\ No newline at end of file
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?foodallergy\.org$" name="^(?:ASP\.NET_SessionId|CSRF_TOKEN|NSC_[\w-]+|VisitorGuid)$" /-->
+
+	<securecookie host="^(?:www\.)?foodallergy\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Foodl.org.xml b/src/chrome/content/rules/Foodl.org.xml
index beb0d8af3127..4e9901b88984 100644
--- a/src/chrome/content/rules/Foodl.org.xml
+++ b/src/chrome/content/rules/Foodl.org.xml
@@ -17,7 +17,9 @@
 <ruleset name="Foodl.org">
 
 	<target host="foodl.org" />
-	<target host="*.foodl.org" />
+	<target host="www.foodl.org" />
+	<target host="beta.foodl.org" />
+	<target host="deploy.foodl.org" />
 
 
 	<securecookie host="^(?:beta\.|deploy\.)?foodl\.org$" name=".+" />
@@ -26,7 +28,6 @@
 	<rule from="^http://(?:www\.)?foodl\.org/"
 		to="https://foodl.org/" />
 
-	<rule from="^http://(beta|deploy)\.foodl\.org/"
-		to="https://$1.foodl.org/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Foodler.com.xml b/src/chrome/content/rules/Foodler.com.xml
new file mode 100644
index 000000000000..5edb3fea99de
--- /dev/null
+++ b/src/chrome/content/rules/Foodler.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Foodler">
+    <target host="foodler.com" />
+    <target host="www.foodler.com" />
+
+    <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Foodwatch.org.xml b/src/chrome/content/rules/Foodwatch.org.xml
new file mode 100644
index 000000000000..35451fe267ee
--- /dev/null
+++ b/src/chrome/content/rules/Foodwatch.org.xml
@@ -0,0 +1,14 @@
+<!-- Cert not valid for
+	- foodwatch.de
+	- foodwatch.fr
+	- foodwatch.nl
+-->
+<ruleset name="Foodwatch.org">
+
+	<target host="foodwatch.org"/>
+	<target host="www.foodwatch.org"/>
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Fool-CDN.com.xml b/src/chrome/content/rules/Fool-CDN.com.xml
new file mode 100644
index 000000000000..bdc717fa884a
--- /dev/null
+++ b/src/chrome/content/rules/Fool-CDN.com.xml
@@ -0,0 +1,18 @@
+<!--
+	For other Motley Fool related rulesets, see Motley-Fool.xml
+-->
+<ruleset name="Fool CDN.com">
+
+	<target host="foolcdn.com" />
+	<target host="c.foolcdn.com" />
+	<target host="g.foolcdn.com" />
+	<target host="h.foolcdn.com" />
+	<target host="j.foolcdn.com" />
+	<target host="n.foolcdn.com" />
+	<target host="s.foolcdn.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Foot_Locker.xml b/src/chrome/content/rules/Foot_Locker.xml
index 34fc88daad9e..9eae20212091 100644
--- a/src/chrome/content/rules/Foot_Locker.xml
+++ b/src/chrome/content/rules/Foot_Locker.xml
@@ -7,46 +7,26 @@
 		- unlocked-uploads.s3.amazonaws.com
 
 
-	Nonfunctional domains:
+	Nonfunctional hosts in *footlocker.com:
 
-		- unlocked.footlocker.com
-		- www.foot-locker.co.uk
+		- unlocked
 
 
-	Problematic subdomains:
-
-		- ^	(expired, only matches www)
-
-
-	Fully covered subdomains:
-
-		- ^	(→ www)
-		- images
-		- m
-		- www
-
-
-	Targets solely for wildcard cookies:
-
-		- *.www.footlocker.com
+	www.footlocker.com: Blocks Tor users
 
 -->
-<ruleset name="Foot Locker (partial)">
-
+<ruleset name="Foot Locker.com (partial)" default_off="needs clearnet testing">
 
 	<target host="footlocker.com" />
-	<target host="*.footlocker.com" />
-	<target host="*.www.footlocker.com" />
-
-
-	<securecookie host="^.*\.footlocker\.com$" name=".+" />
+	<target host="images.footlocker.com" />
+	<target host="m.footlocker.com" />
+	<target host="www.footlocker.com" />
 
 
-	<rule from="^https?://(?:www\.)?footlocker\.com/"
-		to="https://www.footlocker.com/" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(images|m)\.footlocker\.com/"
-		to="https://$1.footlocker.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Foot_Locker_Canada.xml b/src/chrome/content/rules/Foot_Locker_Canada.xml
index 406782813612..3778645562eb 100644
--- a/src/chrome/content/rules/Foot_Locker_Canada.xml
+++ b/src/chrome/content/rules/Foot_Locker_Canada.xml
@@ -10,13 +10,13 @@
 <ruleset name="Foot Locker Canada">
 
 	<target host="footlocker.ca" />
-	<target host="*.footlocker.ca" />
+	<target host="www.footlocker.ca" />
 
 
 	<securecookie host="^.*\.footlocker\.ca$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?footlocker\.ca/"
+	<rule from="^http://(?:www\.)?footlocker\.ca/"
 		to="https://www.footlocker.ca/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Foot_Locker_Europe.xml b/src/chrome/content/rules/Foot_Locker_Europe.xml
deleted file mode 100644
index 4c530711552e..000000000000
--- a/src/chrome/content/rules/Foot_Locker_Europe.xml
+++ /dev/null
@@ -1,31 +0,0 @@
-<!--
-	For other Foot Locker coverage, see Foot_Locker_Inc.xml.
-
-
-	Nonfunctional subdomains:
-
-		- images	(redirects to 404 page)
-
-
-	Problematic subdomains:
-
-		- ^	(mismatched)
-
-
-	- At least some pages redirect to http
-	- Mixed data are only images and so shouldn't be a problem
-
--->
-<ruleset name="Foot Locker Europe (partial)">
-
-	<target host="footlocker.eu" />
-	<target host="www.footlocker.eu" />
-
-
-	<rule from="^https?://(?:www\.)?footlocker\.eu/(ns/|secure/|WebResource\.axd)"
-		to="https://www.footlocker.eu/$1" />
-
-	<rule from="^https?://(?:www\.)?footlocker\.eu/(\w\w/)/(\w\w)/(k/|s/|ShoppingCart\.aspx)/"
-		to="https://www.footlocker.eu/$1/$2/secure/$3" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Foot_Locker_Inc.xml b/src/chrome/content/rules/Foot_Locker_Inc.xml
index 95ad8be2434a..1c45c490df49 100644
--- a/src/chrome/content/rules/Foot_Locker_Inc.xml
+++ b/src/chrome/content/rules/Foot_Locker_Inc.xml
@@ -9,7 +9,6 @@
 		- Footaction_USA.xml
 		- Foot_Locker.xml
 		- Foot_Locker_Canada.xml
-		- Foot_Locker_Europe.xml
 		- Kids_Foot_Locker.xml
 		- Lady_Foot_Locker.xml
 
@@ -25,7 +24,7 @@
 	<target host="www.footlocker-inc.com" />
 
 
-	<rule from="^https?://(?:www\.)?footlocker-inc\.com/"
+	<rule from="^http://(?:www\.)?footlocker-inc\.com/"
 		to="https://www.footlocker-inc.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Footaction_USA.xml b/src/chrome/content/rules/Footaction_USA.xml
index 9c2b67c69f69..2357fe38c2cb 100644
--- a/src/chrome/content/rules/Footaction_USA.xml
+++ b/src/chrome/content/rules/Footaction_USA.xml
@@ -18,17 +18,17 @@
 <ruleset name="Footaction USA">
 
 	<target host="footaction.com" />
-	<target host="*.footaction.com" />
-	<target host="*.www.footaction.com" />
+	<target host="www.footaction.com" />
+	<target host="images.footaction.com" />
+	<target host="m.footaction.com" />
 
 
 	<securecookie host="^.*\.footaction\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?footaction\.com/"
+	<rule from="^http://(?:www\.)?footaction\.com/"
 		to="https://www.footaction.com/" />
 
-	<rule from="^http://(images|m)\.footaction\.com/"
-		to="https://$1.footaction.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Football_Fanatics.xml b/src/chrome/content/rules/Football_Fanatics.xml
index bb782afeb3a4..63624cf8888a 100644
--- a/src/chrome/content/rules/Football_Fanatics.xml
+++ b/src/chrome/content/rules/Football_Fanatics.xml
@@ -21,4 +21,4 @@
 	<rule from="^http://(\w+)\.footballfanatics\.com/"
 		to="https://$1.footballfanatics.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Footholds.net.xml b/src/chrome/content/rules/Footholds.net.xml
index 17591585d366..f5d27b688c57 100644
--- a/src/chrome/content/rules/Footholds.net.xml
+++ b/src/chrome/content/rules/Footholds.net.xml
@@ -14,4 +14,4 @@
 	<rule from="^http://([\w-]+)\.footholds\.net/"
 		to="https://$1.footholds.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Footprint.net.xml b/src/chrome/content/rules/Footprint.net.xml
new file mode 100644
index 000000000000..0d4758a49907
--- /dev/null
+++ b/src/chrome/content/rules/Footprint.net.xml
@@ -0,0 +1,8 @@
+<ruleset name="footprint.net (partial)">
+
+	<target host="secure.footprint.net" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/FootprintCalculator.org.xml b/src/chrome/content/rules/FootprintCalculator.org.xml
new file mode 100644
index 000000000000..08fec7f43ead
--- /dev/null
+++ b/src/chrome/content/rules/FootprintCalculator.org.xml
@@ -0,0 +1,18 @@
+<!--
+	Time out
+		footprintcalculator.org
+
+-->
+<ruleset name="FootprintCalculator.org">
+
+	<target host="footprintcalculator.org" />
+	<target host="www.footprintcalculator.org" />
+	<target host="geoip.footprintcalculator.org" />
+
+	<rule from="^http://footprintcalculator\.org/"
+		to="https://www.footprintcalculator.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Forabank.ru.xml b/src/chrome/content/rules/Forabank.ru.xml
new file mode 100644
index 000000000000..eca2ce8c0315
--- /dev/null
+++ b/src/chrome/content/rules/Forabank.ru.xml
@@ -0,0 +1,32 @@
+<!--
+card.forabank.ru ⁴
+cashback-card.forabank.ru ⁴
+www.ipoteka.forabank.ru ¹
+mx1.kaluga.forabank.ru ³
+mx1.forabank.ru ³
+ns02.forabank.ru ³
+perm.forabank.ru ³
+rio-card.forabank.ru ⁴
+riocard.forabank.ru ³
+sun-card.forabank.ru ⁴
+mail.yar.forabank.ru ³
+acquiring.forabank.ru different content
+acquiring1.forabank.ru different content
+bonus.forabank.ru different content
+ftp.forabank.ru different content
+old.forabank.ru different content
+vip.forabank.ru different content
+
+
+¹ mismatch
+³ timed out
+⁴ self signed
+-->
+<ruleset name="forabank.ru">
+	<target host="forabank.ru" />
+	<target host="www.forabank.ru" />
+	<target host="dbo.forabank.ru" />
+	<target host="online.forabank.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Forbes.com.xml b/src/chrome/content/rules/Forbes.com.xml
new file mode 100644
index 000000000000..b7472f4bbaf9
--- /dev/null
+++ b/src/chrome/content/rules/Forbes.com.xml
@@ -0,0 +1,30 @@
+<!--
+	Other Forbes rulesets:
+	- Forbes_Magazine.xml
+
+	Invalid certificate:
+	- cmo-practice.forbes.com
+	- www.cmo-practice.forbes.com
+	- custom.forbes.com
+	- www.custom.forbes.com
+	- insights.forbes.com
+	- on.forbes.com
+
+	Refused connection:
+	- beta.forbes.com
+-->
+
+<ruleset name="Forbes.com (partial)">
+	<target host="forbes.com" />
+	<target host="www.forbes.com" />
+	<target host="blogs.forbes.com" />
+	<target host="blogs-images.forbes.com" />
+	<target host="esp.forbes.com" />
+	<target host="i.forbesimg.com" />
+	<target host="images.forbes.com" />
+	<target host="specials-images.forbesimg.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Forbes_Magazine-mixed.xml b/src/chrome/content/rules/Forbes_Magazine-mixed.xml
deleted file mode 100644
index 74f536b2314a..000000000000
--- a/src/chrome/content/rules/Forbes_Magazine-mixed.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<!--
-	For rules not causing mixed content, see Forbes_Magazine.xml.
-
--->
-<ruleset name="Forbes Magazine (mixed content)" platform="mixedcontent">
-
-	<target host="blogs.forbes.com" />
-
-
-	<rule from="^http://blogs\.forbes\.com/"
-		to="https://blogs.forbes.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Forbes_Magazine.xml b/src/chrome/content/rules/Forbes_Magazine.xml
index 79a38c88b8b7..5cd792e264a7 100644
--- a/src/chrome/content/rules/Forbes_Magazine.xml
+++ b/src/chrome/content/rules/Forbes_Magazine.xml
@@ -1,86 +1,21 @@
 <!--
-	For rules causing mixed content, see Forbes_Magazine-mixed.xml.
+	For other Forbes coverage, see Forbes.com.xml.
 
+	Fully covered subdomains:
 
-	CDN buckets:
-
-		- blogs-images.forbes.com.edgesuite.net
-
-			- a1015.g1.akamai.net
-
-		- images.forbes.com.edgesuite.net
-		- i.forbesimg.com.edgesuite.net
-
-		- b-i.forbesimg.com.edgesuite.net
-
-			- a1621.g1.akamai.net
-
-
-	Nonfunctional domains:
-
-		- (www.)forbes.com		(refused)
-		- images.forbes.com		(Akamai; 503)
-		- video.forbes.com
-		- i.forbesimg.com		(Akamai; 503)
-
-
-	Problematic domains:
-
-		- blogs.forbes.com		(mixed css from i.forbesimg.com)
-		- blogs-images.forbes.com	(works, akamai)
-		- newsletters.forbes.com	(works, cert only matches www.newsletters)
-		- b-i.forbesimg.com	(works, akamai)
-
-
-	Partially covered domains:
-
-		- (www.)newsletters.forbes.com	(some pages redirect to http)
-
-
-	Fully covered domains:
-
-		- blogs-images.forbes.com
-		- e-subscriptions.forbes.com
-		- b-i.forbesimg.com
-
-
-	Mixed content:
-
-		- css on blogs.forbes.com from i.forbesimg.com
-		- images on blogs.forbes.com from images.forbes.com
-
+		- (www.)?	(mismatch, self-signed)
+		- subs		(timeout)
 -->
-<ruleset name="Forbes Magazine">
+<ruleset name="Forbes Magazine.com" platform="mixedcontent" default_off="mismatch, self-signed">
 
-	<target host="*.forbes.com" />
-	<target host="b-i.forbesimg.com" />
 	<target host="forbesmagazine.com" />
-	<target host="*.forbesmagazine.com" />
-	<target host="*.www.forbesmagazine.com" />
-
-
-	<securecookie host="^www\.newsletters\.forbes\.com$" name="^fc\w+$" />
-	<securecookie host="^.+\.forbesmagazine\.com$" name=".+" />
-
-
-	<rule from="^http://blog-images\.forbes\.com/"
-		to="https://a248.e.akamai.net/f/1015/2073/5m/blog-images.forbes.com/" />
-
-	<rule from="^http://(e-subscriptions|secureads)\.forbes\.com/"
-		to="https://$1.forbes.com/" />
+	<target host="www.forbesmagazine.com" />
 
-	<rule from="^http://(?:www\.)?newsletters\.forbes\.com/(DRHM/|favicon\.ico|store\?Action=(?:AddItemToRequisition|DisplayPage)(?:$|[?/]))"
-		to="https://www.newsletters.forbes.com/$1" />
 
-	<rule from="^http://b-i\.forbesimg\.com/"
-		to="https://a248.e.akamai.net/f/1621/3914/8d/b-i.forbesimg.com/" />
+	<securecookie host=".+\.forbesmagazine\.com$" name=".+" />
 
-	<!--	Cert only matches www.
-					-->
-	<rule from="^https?://(?:www\.)?forbesmagazine\.com/"
-		to="https://www.forbesmagazine.com/" />
 
-	<rule from="^http://subs\.forbesmagazine\.com/"
-		to="https://subs.forbesmagazine.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Forbrukerraadet.xml b/src/chrome/content/rules/Forbrukerraadet.xml
index c30aef7e31da..caaebb5b4466 100644
--- a/src/chrome/content/rules/Forbrukerraadet.xml
+++ b/src/chrome/content/rules/Forbrukerraadet.xml
@@ -1,6 +1,16 @@
-<ruleset name="Forbrukerraadet">
-  <target host="www.forbrukerportalen.no" />
-  <target host="forbrukerportalen.no" />
-
-  <rule from="^http://(?:www\.)?forbrukerportalen\.no/" to="https://forbrukerportalen.no/"/>
-</ruleset>
\ No newline at end of file
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.forbrukerportalen.no/ => https://forbrukerportalen.no/: (51, "SSL: no alternative certificate subject name matches target host name 'forbrukerportalen.no'")
+Fetch error: http://forbrukerportalen.no/ => https://forbrukerportalen.no/: (51, "SSL: no alternative certificate subject name matches target host name 'forbrukerportalen.no'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.forbrukerportalen.no/ => https://forbrukerportalen.no/: (28, 'Connection timed out after 10000 milliseconds')
+Fetch error: http://forbrukerportalen.no/ => https://forbrukerportalen.no/: (28, 'Connection timed out after 10001 milliseconds')
+-->
+<ruleset name="Forbrukerraadet" default_off="failed ruleset test">
+  <target host="www.forbrukerportalen.no" />
+  <target host="forbrukerportalen.no" />
+
+  <rule from="^http://(?:www\.)?forbrukerportalen\.no/" to="https://forbrukerportalen.no/"/>
+</ruleset>
diff --git a/src/chrome/content/rules/Ford.xml b/src/chrome/content/rules/Ford.xml
index 177d2b74c603..5f1327f6ce32 100644
--- a/src/chrome/content/rules/Ford.xml
+++ b/src/chrome/content/rules/Ford.xml
@@ -1,10 +1,10 @@
 <ruleset name="Ford (partial)">
 
-	<target host="*.ford.com" />
+	<target host="developer.ford.com" />
+	<target host="media.ford.com" />
 		<exclusion pattern="^http://media\.ford\.com/(?!graphics/|images/|include/)" />
 
 
-	<rule from="^http://(developer|media)\.ford\.com/"
-		to="https://$1.ford.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Fordela.com.xml b/src/chrome/content/rules/Fordela.com.xml
index 698fe8294e12..c3e35f276e71 100644
--- a/src/chrome/content/rules/Fordela.com.xml
+++ b/src/chrome/content/rules/Fordela.com.xml
@@ -1,4 +1,10 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://fordela.com/ => https://www.fordela.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://fordela.com/ => https://www.fordela.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 	Problematic subdomains:
 
 		- ^	(works; mismatched, CN: *.powerspeaking.com)
@@ -23,10 +29,12 @@
 	* Secured by us
 
 -->
-<ruleset name="Fordela.com">
+<ruleset name="Fordela.com" default_off="failed ruleset test">
 
 	<target host="fordela.com" />
-	<target host="*.fordela.com" />
+	<target host="www.fordela.com" />
+	<target host="goldmember.fordela.com" />
+	<target host="vms.fordela.com" />
 
 
 	<securecookie host=".*\.fordela\.com$" name=".+" />
@@ -35,7 +43,6 @@
 	<rule from="^http://(?:www\.)?fordela\.com/"
 		to="https://www.fordela.com/" />
 
-	<rule from="^http://(goldmember|vms)\.fordela\.com/"
-		to="https://$1.fordela.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/ForeSee_Results.com.xml b/src/chrome/content/rules/ForeSee_Results.com.xml
index d9e1770b726c..1d776e5843c0 100644
--- a/src/chrome/content/rules/ForeSee_Results.com.xml
+++ b/src/chrome/content/rules/ForeSee_Results.com.xml
@@ -15,13 +15,15 @@
 
 		- css on www from code.jquery.com *
 
-	* No noticable effect
+	* No noticeable effect
 
 -->
 <ruleset name="ForeSee Results.com">
 
 	<target host="foreseeresults.com" />
-	<target host="*.foreseeresults.com" />
+	<target host="www.foreseeresults.com" />
+	<target host="events.foreseeresults.com" />
+	<target host="portal2.foreseeresults.com" />
 
 
 	<securecookie host="^(?:portal2)?\.foreseeresults\.com$" name=".+" />
@@ -30,7 +32,6 @@
 	<rule from="^http://(?:www\.)?foreseeresults\.com/"
 		to="https://www.foreseeresults.com/" />
 
-	<rule from="^http://(events|portal2)\.foreseeresults\.com/"
-		to="https://$1.foreseeresults.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Forecast.io.xml b/src/chrome/content/rules/Forecast.io.xml
new file mode 100644
index 000000000000..7616da799848
--- /dev/null
+++ b/src/chrome/content/rules/Forecast.io.xml
@@ -0,0 +1,44 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.forecast.io/ => https://www.forecast.io/: (51, "SSL: no alternative certificate subject name matches target host name 'www.forecast.io'")
+
+	Nonfunctional hosts in *forecast.io:
+
+		- blog *
+
+	* Redirects to ^forecast.io
+
+
+	Insecure cookies are set for these hosts:
+
+		- developer.forecast.io
+
+
+	Mixed content:
+
+		- css on ^ from fast.fonts.com *
+		- favicon on ^ from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Forecast.io" default_off="failed ruleset test">
+
+<!--	Direct rewrites:
+			-->
+  <target host="forecast.io" />
+	<target host="api.forecast.io" />
+	<target host="developer.forecast.io" />
+  <target host="www.forecast.io" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^developer\.forecast\.io$" name="^_session_id$" /-->
+
+	<securecookie host="^developer\.forecast\.io$" name=".+" />
+
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ForeignPolicy.com.xml b/src/chrome/content/rules/ForeignPolicy.com.xml
index 80e9df29c367..dc4539bcd0fa 100644
--- a/src/chrome/content/rules/ForeignPolicy.com.xml
+++ b/src/chrome/content/rules/ForeignPolicy.com.xml
@@ -1,35 +1,179 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://secure.foreignpolicy.com/sites/all/themes/fp/projects/identity/identity-reset.css => https://secure.foreignpolicy.com/sites/all/themes/fp/projects/identity/identity-reset.css: (51, "SSL: no alternative certificate subject name matches target host name 'secure.foreignpolicy.com'")
+Fetch error: http://id.foreignpolicy.com/ => https://id.foreignpolicy.com/: (6, 'Could not resolve host: id.foreignpolicy.com')
+Fetch error: http://secure.foreignpolicy.com/ => https://secure.foreignpolicy.com/: (51, "SSL: no alternative certificate subject name matches target host name 'secure.foreignpolicy.com'")
+Fetch error: http://turtlebay.foreignpolicy.com/ => https://turtlebay.foreignpolicy.com/: (7, 'Failed to connect to turtlebay.foreignpolicy.com port 443: Connection refused')
+
+	NB: p://subscribe.../$ redirects to s://...$
+	503 ?=> fetch test failure
+
+
 	CDN buckets:
 
 		- www.foreignpolicy.com.edgesuite.net
 
-			- a1165.g1.akamai.net
-			- blog
 			- ideas
 			- killerapps
-			- www
 
 
-	Problematic subdomains:
+	Problematic hosts in *foreignpolicy.com:
+
+		- blog ¹
+		- ideas ²
+		- jobs  ¹
+		- killerapps ²
+		- the-e-r-podcast ᵐ
+		- thecable ¹
+		- turtlebay ¹
+
+	ᵐ Mismatched
+	¹ Refused, preemptable redirect
+	² Wordpress / mismatched
+
+
+	Partially covered hosts in *foreignpolicy.com:
+
+		- fpgroup ʰ
+
+	ʰ Some pages redirect to http
+
 
-		- ^		(refused)
-		- blog *
-		- ideas		(some pages work, others 403; akamai)
-		- jobs **
-		- killerapps *
-		- thecable **
-		- turtlebay **
-		- www *
+	Insecure cookies are set for these domains and hosts: ᶜ
 
-	* Works, akamai
-	** Works; mismatched, CN: acquia-sites.com
+		- .foreignpolicy.com
+		- id.foreignpolicy.com
+		- www.foreignpolicy.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Images on ^ from www.slate.com *
+
+		- Bugs, on:
+
+			- ^, 2015globalthinkers from wpni.112.2o7.net *
+			- ^ from b.scorecardresearch.com *
+
+	* Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="ForeignPolicy.com (partial)" default_off="mismatched">
+<ruleset name="ForeignPolicy.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="foreignpolicy.com" />
+	<target host="2015globalthinkers.foreignpolicy.com" />
+	<target host="fpgroup.foreignpolicy.com" />
+	<target host="id.foreignpolicy.com" />
+	<target host="secure.foreignpolicy.com" />
+	<target host="subscribe.foreignpolicy.com" />
+	<target host="www.foreignpolicy.com" />
+
+	<!--	Complications:
+				-->
+	<target host="blog.foreignpolicy.com" />
+	<target host="ideas.foreignpolicy.com" />
+	<target host="jobs.foreignpolicy.com" />
+	<target host="thecable.foreignpolicy.com" />
+	<target host="turtlebay.foreignpolicy.com" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://fpgroup\.foreignpolicy\.com/(?:$|downloads/$|subscribe/$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://fpgroup\.foreignpolicy\.com/(?!/*wp-content/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://fpgroup.foreignpolicy.com/downloads/" />
+			<test url="http://fpgroup.foreignpolicy.com/subscribe/" />
+
+			<!--	-ve:
+					-->
+			<test url="http://fpgroup.foreignpolicy.com/wp-content/themes/foreignpolicy/img/upper-shadow.png" />
+
+		<!--	$ 404s, so:
+					-->
+		<test url="http://secure.foreignpolicy.com/sites/all/themes/fp/projects/identity/identity-reset.css" />
+
+		<!--	$ 403s, so:
+					-->
+		<test url="http://subscribe.foreignpolicy.com/FRP/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.foreignpolicy\.com" name="^wapo_sess_id$" /-->
+	<!--securecookie host="^id\.foreignpolicy\.com" name="^JSESSIONID$" /-->
+
+	<securecookie host="^\." name="^(?:_gat?$|_gat_|s_v)" />
+	<securecookie host="^(?!fpgroup\.)\w" name=".+" />
+
+
+	<!--	Redirect drops args and forward slash:
+							-->
+	<rule from="^http://blog\.foreignpolicy\.com/+(?:\?.*)?$"
+		to="https://foreignpolicy.com/channel/passport/" />
+
+		<test url="http://blog.foreignpolicy.com//" />
+		<test url="http://blog.foreignpolicy.com/?" />
+
+	<!--	Redirect keeps args but not forward slash:
+							-->
+	<rule from="^http://ideas\.foreignpolicy\.com/+(?=$|\?)"
+		to="https://foreignpolicy.com/" />
+
+		<test url="http://ideas.foreignpolicy.com//" />
+		<test url="http://ideas.foreignpolicy.com/?" />
+
+	<!--	Redirect drops args and forward slash:
+							-->
+	<rule from="^http://thecable\.foreignpolicy\.com/+(?:\?.*)?$"
+		to="https://foreignpolicy.com/channel/the-cable/" />
+
+		<test url="http://thecable.foreignpolicy.com//" />
+		<test url="http://thecable.foreignpolicy.com/?" />
+
+	<!--	Redirect drops args and forward slash:
+							-->
+	<rule from="^http://theturtlebay\.foreignpolicy\.com/+(?:\?.*)?$"
+		to="https://foreignpolicy.com/category/turtle-bay/" />
+
+		<test url="http://theturtlebay.foreignpolicy.com//" />
+		<test url="http://theturtlebay.foreignpolicy.com/?" />
+
+	<!--	Redirect keeps path, args, and forward slash:
+								-->
+	<rule from="^http://(?:blog|thecable|theturtlebay)\.foreignpolicy\.com/"
+		to="https://foreignpolicy.com/" />
+
+		<test url="http://blog.foreignpolicy.com/index" />
+		<test url="http://thecable.foreignpolicy.com/index" />
+		<test url="http://theturtlebay.foreignpolicy.com/index" />
+
+	<!--	Redirect keeps path, args, and forward slash:
+								-->
+	<rule from="^http://ideas\.foreignpolicy\.com/"
+		to="https://foreignpolicy.com/" />
+
+		<test url="http://ideas.foreignpolicy.com//index" />
+		<test url="http://ideas.foreignpolicy.com//index?utm=" />
+
+	<!--	Redirect drops path, args, and forward slash:
+								-->
+	<rule from="^http://jobs\.foreignpolicy\.com/.*"
+		to="https://foreignpolicy.com/employment-opportunities/" />
 
-	<target host="*.foreignpolicy.com" />
+		<test url="http://jobs.foreignpolicy.com//" />
+		<test url="http://jobs.foreignpolicy.com/?" />
 
-	<rule from="^http://(jobs|thecable|turtlebay)\.foreignpolicy\.com/"
-		to="https://$1.foreignpolicy.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Foreign_Affairs.com.xml b/src/chrome/content/rules/Foreign_Affairs.com.xml
new file mode 100644
index 000000000000..3171325a9ee2
--- /dev/null
+++ b/src/chrome/content/rules/Foreign_Affairs.com.xml
@@ -0,0 +1,31 @@
+<!--
+	Problematic subdomains:
+
+		- jobs *
+
+	* Jobthread
+
+-->
+<ruleset name="Foreign Affairs.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="foreignaffairs.com" />
+	<target host="files.foreignaffairs.com" />
+	<target host="subs.foreignaffairs.com" />
+	<target host="www.foreignaffairs.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.foreignaffairs\.com$" name="^(?:incap_ses_\d+|nlbi|visid_incap)_\d+$" /-->
+	<!--securecookie host="^www\.foreignaffairs\.com$" name="^(?:___utm[abm]\w+|fpc)$" /-->
+
+	<securecookie host="^\.foreignaffairs\.com$" name="^(?:incap_ses_\d+|nlbi|visid_incap)_\d+$" />
+	<securecookie host="^www\.foreignaffairs\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Foreningen_for_Dansk_Internethandel.xml b/src/chrome/content/rules/Foreningen_for_Dansk_Internethandel.xml
index 7c798e56e8a6..4d8e9e78de7e 100644
--- a/src/chrome/content/rules/Foreningen_for_Dansk_Internethandel.xml
+++ b/src/chrome/content/rules/Foreningen_for_Dansk_Internethandel.xml
@@ -9,7 +9,6 @@
 	<target host="cookie.fdih.dk" />
 
 
-	<rule from="^http://cookie\.fdih\.dk/"
-		to="https://cookie.fdih.dk/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Forensic_Institute.nl.xml b/src/chrome/content/rules/Forensic_Institute.nl.xml
new file mode 100644
index 000000000000..c0dd4b8f143e
--- /dev/null
+++ b/src/chrome/content/rules/Forensic_Institute.nl.xml
@@ -0,0 +1,30 @@
+<!--
+	^forensicinstitute.nl: Invalid cert
+
+
+	STS header includes includeSubdomains
+
+-->
+<ruleset name="Forensic Institute.nl">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="*.forensicinstitute.nl" />
+
+	<!--	Complications:
+				-->
+	<target host="forensicinstitute.nl" />
+
+		<test url="http://www.forensicinstitute.nl/" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://forensicinstitute\.nl/"
+		to="https://www.forensicinstitute.nl/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Forensics.ca.xml b/src/chrome/content/rules/Forensics.ca.xml
new file mode 100644
index 000000000000..11d78239dd21
--- /dev/null
+++ b/src/chrome/content/rules/Forensics.ca.xml
@@ -0,0 +1,6 @@
+<ruleset name="Forensics.ca">
+	<target host="forensics.ca" />
+	<target host="www.forensics.ca" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Foresight.org.xml b/src/chrome/content/rules/Foresight.org.xml
index bd57cd2bce1b..fb0e6de6ea47 100644
--- a/src/chrome/content/rules/Foresight.org.xml
+++ b/src/chrome/content/rules/Foresight.org.xml
@@ -5,7 +5,7 @@
 <ruleset name="Foresight.org">
 
 	<target host="foresight.org" />
-	<target host="*.foresight.org" />
+	<target host="www.foresight.org" />
 
 
 	<securecookie host="^\.foresight\.org$" name=".+" />
diff --git a/src/chrome/content/rules/ForestSangha.org.xml b/src/chrome/content/rules/ForestSangha.org.xml
new file mode 100644
index 000000000000..b5c19a93e461
--- /dev/null
+++ b/src/chrome/content/rules/ForestSangha.org.xml
@@ -0,0 +1,16 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.forestsangha.org/ => https://www.forestsangha.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.forestsangha.org'")
+
+-->
+<ruleset name="Forest Sangha" default_off="failed ruleset test">
+        <target host="forestsangha.org" />
+        <target host="www.forestsangha.org" />
+        <target host="forestsangha-163c.kxcdn.com" />
+
+        <securecookie host="^(?:www)?(?:\.)?forestsangha\.org$" name=".+" />
+
+        <rule from="^http:"
+                to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Foresters.com.xml b/src/chrome/content/rules/Foresters.com.xml
new file mode 100644
index 000000000000..f5b20e1abc34
--- /dev/null
+++ b/src/chrome/content/rules/Foresters.com.xml
@@ -0,0 +1,19 @@
+<!--
+	Nonfunctional hosts in *.foresters.com:
+
+    sip.foresters.com (r)
+    adadfs.foresters.com (r)
+    dialin.foresters.com (r)
+    meet.foresters.com (r)
+    pc.foresters.com (r)
+
+-->
+<ruleset name="Foresters.com">
+	<target host="foresters.com" />
+  <target host="*.foresters.com" />
+    <test url="http://brand.foresters.com/" />
+    <test url="http://blog.foresters.com/" />
+    <test url="http://my.foresters.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Foresters.xml b/src/chrome/content/rules/Foresters.xml
deleted file mode 100644
index 2350861be2b8..000000000000
--- a/src/chrome/content/rules/Foresters.xml
+++ /dev/null
@@ -1,36 +0,0 @@
-<!--
-	Other Foresters rulesets:
-
-		- Childrens_Mutual.xml
-
-
-	Problematic domains:
-
-		- (www.)foresters.biz *
-		- foresters.com *
-
-	* Cert only matches *.foresters.com
-
--->
-<ruleset name="Foresters">
-
-	<target host="foresters.*" />
-	<target host="www.foresters.biz" />
-	<target host="*.foresters.com" />
-
-
-	<securecookie host="^\.foresters\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?foresters\.biz/.*"
-		to="https://www.foresters.com/" />
-
-	<!--	Server drops path like so:
-						-->
-	<rule from="^http://foresters\.com/.*"
-		to="https://www.foresters.com/" />
-
-	<rule from="^http://www\.foresters\.com/"
-		to="https://www.foresters.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/ForeverNew.xml b/src/chrome/content/rules/ForeverNew.xml
new file mode 100644
index 000000000000..2c0b7b735998
--- /dev/null
+++ b/src/chrome/content/rules/ForeverNew.xml
@@ -0,0 +1,8 @@
+<!-- infinite scroll breaks due to MCB -->
+<ruleset name="Forever New" platform="mixedcontent">
+	<target host="forevernew.com.au" />
+	<target host="www.forevernew.com.au" />
+
+	<rule from="^http://(www\.)?forevernew\.com\.au/"
+			to="https://www.forevernew.com.au/" />
+</ruleset>
diff --git a/src/chrome/content/rules/Forex-Metal.xml b/src/chrome/content/rules/Forex-Metal.xml
index b8ff3814ef63..864b500a3a9f 100644
--- a/src/chrome/content/rules/Forex-Metal.xml
+++ b/src/chrome/content/rules/Forex-Metal.xml
@@ -1,9 +1,16 @@
-<ruleset name="Forex-Metal">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://forex-metal.com/ => https://forex-metal.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.forex-metal.com/ => https://forex-metal.com/: (28, 'Connection timed out after 20008 milliseconds')
+
+-->
+<ruleset name="Forex-Metal" default_off="failed ruleset test">
 
 	<target host="forex-metal.com"/>
 	<target host="www.forex-metal.com"/>
 
-	<securecookie host="^forex-metal\.com$" name=".*"/>
+	<securecookie host="^forex-metal\.com$" name=".+" />
 
 	<rule from="^http://(?:www\.)?forex-metal\.com/"
 		to="https://forex-metal.com/"/>
diff --git a/src/chrome/content/rules/Forex.com.xml b/src/chrome/content/rules/Forex.com.xml
index 6c07bea77a7f..29e632b3f701 100644
--- a/src/chrome/content/rules/Forex.com.xml
+++ b/src/chrome/content/rules/Forex.com.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://forex.com/ => https://secure.forex.com/: Too many redirects while fetching 'https://secure.forex.com/'
+
 	Problematic subdomains:
 
 		- ^	(times out)
@@ -23,10 +27,18 @@
 		- jp	(403; mismatched, CN: ssl2.cdngc.net)
 
 -->
-<ruleset name="Forex.com (partial)">
+<ruleset name="Forex.com (partial)" default_off="failed ruleset test">
 
 	<target host="forex.com" />
-	<target host="*.forex.com" />
+	<target host="www.forex.com" />
+	<target host="apply.forex.com" />
+	<target host="assets.forex.com" />
+	<target host="myaccount.forex.com" />
+	<target host="practice.forex.com" />
+	<target host="practice15.forex.com" />
+	<target host="secure.forex.com" />
+	<target host="secure15.forex.com" />
+	<target host="previewtrade.forex.com" />
 
 
 	<securecookie host="^(?:myaccount|(?:practic|secur)e(?:15)?|previewtrade)\.forex\.com$" name=".+" />
@@ -35,7 +47,6 @@
 	<rule from="^http://(?:www\.)?forex\.com/"
 		to="https://secure.forex.com/" />
 
-	<rule from="^http://(apply|assets|myaccount|(?:practic|secur)e(?:15)?|previewtrade)\.forex\.com/"
-		to="https://$1.forex.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ForexCT.xml b/src/chrome/content/rules/ForexCT.xml
index 908ba0fd408d..cd3f669c0e87 100644
--- a/src/chrome/content/rules/ForexCT.xml
+++ b/src/chrome/content/rules/ForexCT.xml
@@ -11,21 +11,19 @@
 <ruleset name="ForexCT (partial)">
 
 	<target host="forexct.com" />
-	<target host="*.forexct.com" />
-		<exclusion pattern="^https?://(?:cn\.|www\.)?forexct\.com/(?![iI]mages/|styles/)" />
+	<target host="cn.forexct.com" />
+	<target host="www.forexct.com" />
+		<exclusion pattern="^http://(?:cn\.|www\.)?forexct\.com/(?![iI]mages/|styles/)" />
 	<target host="forexctlogin.tradenetworks.com" />
 
 
 	<securecookie host="^forexctlogin\.tradenetworks\.com$" name=".+" />
 
 
-	<rule from="^https?://forexct\.com/"
+	<rule from="^http://forexct\.com/"
 		to="https://www.forexct.com/" />
 
-	<rule from="^http://(cn|www)\.forexct\.com/"
-		to="https://$1.forexct.com/" />
 
-	<rule from="^http://forexctlogin\.tradenetworks\.com/"
-		to="https://forexctlogin.tradenetworks.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ForgeFields.com-problematic.xml b/src/chrome/content/rules/ForgeFields.com-problematic.xml
new file mode 100644
index 000000000000..693b24adcd44
--- /dev/null
+++ b/src/chrome/content/rules/ForgeFields.com-problematic.xml
@@ -0,0 +1,17 @@
+<!--
+	For rules that are on by default, see ForgeFields.com.xml.
+
+-->
+<ruleset name="ForgeFields.com (mismatched)" default_off="mismatched">
+
+	<target host="shop.forgefields.com" />
+
+
+	<!--	Server doesn't set Secure for:
+						-->
+	<securecookie host="^\.?shop\.forgefields\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Forge_Software.xml b/src/chrome/content/rules/Forge_Software.xml
deleted file mode 100644
index 23203ba46257..000000000000
--- a/src/chrome/content/rules/Forge_Software.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Forge Software">
-
-	<target host="forgesoftware.com" />
-	<target host="*.forgesoftware.com" />
-
-
-	<securecookie host="^(?:w*\.)?forgesoftware\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?forgesoftware\.com/"
-		to="https://$1forgesoftware.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Forgifs.com.xml b/src/chrome/content/rules/Forgifs.com.xml
new file mode 100644
index 000000000000..36b3e3ec9118
--- /dev/null
+++ b/src/chrome/content/rules/Forgifs.com.xml
@@ -0,0 +1,24 @@
+<!--
+	(www.)4gifs.com: mismatched, CN: forgifs.com
+
+-->
+<ruleset name="forgifs.com">
+
+	<target host="4gifs.com" />
+	<target host="www.4gifs.com" />
+	<target host="forgifs.com" />
+	<target host="*.forgifs.com" />
+
+
+	<securecookie host="^\.forgifs\.com$" name=".+" />
+
+
+	<!--	Redirect keeps path and args:
+						-->
+	<rule from="^http://(?:www\.)?4gifs\.com/+"
+		to="https://forgifs.com/" />
+
+	<rule from="^http://(www\.)?forgifs\.com/"
+		to="https://$1forgifs.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ForgottenLands.eu.xml b/src/chrome/content/rules/ForgottenLands.eu.xml
index ce5cc066acac..108cc503c6cf 100644
--- a/src/chrome/content/rules/ForgottenLands.eu.xml
+++ b/src/chrome/content/rules/ForgottenLands.eu.xml
@@ -13,7 +13,8 @@
 <ruleset name="ForgottenLands.eu">
 
 	<target host="forgottenlands.eu" />
-	<target host="*.forgottenlands.eu" />
+	<target host="www.forgottenlands.eu" />
+	<target host="vote.forgottenlands.eu" />
 
 
 	<securecookie host="^(?:vote)?\.forgottenlands\.eu$" name=".+" />
@@ -22,7 +23,6 @@
 	<rule from="^http://(?:www\.)?forgottenlands\.eu/"
 		to="https://www.forgottenlands.eu/" />
 
-	<rule from="^http://vote\.forgottenlands\.eu/"
-		to="https://vote.forgottenlands.eu/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ForisWine.xml b/src/chrome/content/rules/ForisWine.xml
index e9b28cdd5ce4..7ee3ca0b8ce2 100644
--- a/src/chrome/content/rules/ForisWine.xml
+++ b/src/chrome/content/rules/ForisWine.xml
@@ -1,4 +1,11 @@
-<ruleset name="Foris Wine">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://foriswine.com/ => https://www.foriswine.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.foriswine.com'")
+Fetch error: http://www.foriswine.com/ => https://www.foriswine.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.foriswine.com'")
+
+-->
+<ruleset name="Foris Wine" default_off="failed ruleset test">
   <target host="foriswine.com" />
   <target host="www.foriswine.com" />
 
diff --git a/src/chrome/content/rules/FormAssembly.com.xml b/src/chrome/content/rules/FormAssembly.com.xml
index e81899bb7f56..b1714f794ae2 100644
--- a/src/chrome/content/rules/FormAssembly.com.xml
+++ b/src/chrome/content/rules/FormAssembly.com.xml
@@ -1,13 +1,17 @@
 <!--
+	Other FormAssembly rulesets:
+
+		- Tfaforms.com.xml
+
+
 	Nonfunctional domains:
 
 		- status.formassembly.com
 
 
 	Problematic subdomains:
-	
+
 		- (www.) *	(CN: secure.formassembly.com)
-		- secure *	(expired)
 
 	* Redirects to www3.formassembly.com
 
@@ -16,29 +20,24 @@
 
 		- (www.)formassembly.com
 		- app.formassembly.com
-		- secure.formassembly.com
 		- www3.formassembly.com
-		- (www.)tfaforms.com
 
 -->
 <ruleset name="FormAssembly.com (partial)">
 
+	<target host="formassembly.com" />
+	<target host="app.formassembly.com" />
+	<target host="www.formassembly.com" />
 	<target host="www3.formassembly.com" />
-	<target host="tfaforms.com" />
-	<target host="www.tfaforms.com" />
 
 
 	<securecookie host="^.+\.formassembly\.com$" name=".+" />
-	<securecookie host="^(?:www\.)?tfaforms\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:secure\.|www3?\.)?formassembly\.com/"
+	<rule from="^http://(?:www\.)?formassembly\.com/"
 		to="https://www3.formassembly.com/" />
 
-	<rule from="^http://app\.formassembly\.com/"
-		to="https://app.formassembly.com/" />
-
-	<rule from="^http://(www\.)?tfaforms\.com/"
-		to="https://$1tfaforms.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/FormKeep.com.xml b/src/chrome/content/rules/FormKeep.com.xml
new file mode 100644
index 000000000000..36996580ab25
--- /dev/null
+++ b/src/chrome/content/rules/FormKeep.com.xml
@@ -0,0 +1,28 @@
+<!--
+	For other thoughtbot coverage, see Thoughtbot.com.xml.
+
+
+	Insecure cookies are set for these hosts:
+
+		- formkeep.com
+
+-->
+<ruleset name="FormKeep.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="formkeep.com" />
+	<target host="www.formkeep.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^formkeep\.com$" name="^_formkeep_session$" /-->
+
+	<securecookie host="^formkeep\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/FormSanity.com.xml b/src/chrome/content/rules/FormSanity.com.xml
new file mode 100644
index 000000000000..e0693c5b2928
--- /dev/null
+++ b/src/chrome/content/rules/FormSanity.com.xml
@@ -0,0 +1,40 @@
+<!--
+	www: refused
+
+
+	staging: Dropped over http & https
+
+
+	Insecure cookies are set for these hosts:
+
+		- formsanity.com
+		- download.formsanity.com
+
+-->
+<ruleset name="FormSanity.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="formsanity.com" />
+	<target host="download.formsanity.com" />
+
+	<!--	Complications:
+				-->
+	<target host="www.formsanity.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^formsanity\.com$" name="^_fps-ui_session$" /-->
+	<!--securecookie host="^download\.formsanity\.com$" name="^_awstest_session$" /-->
+
+	<securecookie host="^(?:download\.)?formsanity\.com$" name=".+" />
+
+
+	<rule from="^http://www\.formsanity\.com/"
+		to="https://formsanity.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/FormatDynamics.com.xml b/src/chrome/content/rules/FormatDynamics.com.xml
index 73280c0a7e25..a7ead80cf7ed 100644
--- a/src/chrome/content/rules/FormatDynamics.com.xml
+++ b/src/chrome/content/rules/FormatDynamics.com.xml
@@ -1,4 +1,9 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://formatdynamics.com/ => https://formatdynamics.com/: (35, 'error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol')
+Fetch error: http://www.formatdynamics.com/ => https://www.formatdynamics.com/: (35, 'error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol')
+
 	Other FormatDynamics rulesets:
 
 		- CleanPrint.net.xml
@@ -9,16 +14,15 @@
 		- new	(http reply)
 
 -->
-<ruleset name="FormatDynamics.com">
+<ruleset name="FormatDynamics.com" default_off="failed ruleset test">
 
 	<target host="formatdynamics.com" />
-	<target host="*.formatdynamics.com" />
+	<target host="www.formatdynamics.com" />
 
 
 	<securecookie host="^\.formatdynamics\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?formatdynamics\.com/"
-		to="https://$1formatdynamics.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Formilux.org.xml b/src/chrome/content/rules/Formilux.org.xml
new file mode 100644
index 000000000000..1c2d61bf002f
--- /dev/null
+++ b/src/chrome/content/rules/Formilux.org.xml
@@ -0,0 +1,26 @@
+<!--
+	^ & ftp: cert only matches www
+
+
+	Expired 2013-07-21
+
+-->
+<ruleset name="Formilux.org" default_off="expired, mismatched, self-signed">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ftp.formilux.org" />
+	<target host="www.formilux.org" />
+
+	<!--	Complications:
+				-->
+	<target host="formilux.org" />
+
+
+	<rule from="^http://formilux\.org/"
+		to="https://www.formilux.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Formspring.xml b/src/chrome/content/rules/Formspring.xml
deleted file mode 100644
index 008ffccb3c91..000000000000
--- a/src/chrome/content/rules/Formspring.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="Formspring (broken)" default_off="invalid certificates">
-  <target host="formspring.me"/>
-  <target host="*.formspring.me"/>
-
-  <rule from="^http://(www\.)?formspring\.me/" to="https://www.formspring.me/"/>
-  <rule from="^http://([\w\-]+)\.formspring\.me/" to="https://$1.formspring.me/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/Formstack.xml b/src/chrome/content/rules/Formstack.xml
index 2c1b5edfdbde..0328795d9cc1 100644
--- a/src/chrome/content/rules/Formstack.xml
+++ b/src/chrome/content/rules/Formstack.xml
@@ -1,27 +1,49 @@
 <!--
 	Nonfunctional subdomains:
 
-		blog *
-		support *
+		- \w+ *
 
-	* Shows formconcierge.com; expired, mismatched, CN: formconcierge.com
+	* Redirects to http, per-client domains
+
+
+	These altnames don't exist:
+
+		- www.support.formstack.com
+
+
+	Insecure cookies are set for these hosts:
+
+		- $user.formstack.com
+		- www.formstack.com
+
+
+	Mixed content:
+
+		- css on blog from fonts.googleapis.com *
+		- Images on blog from $self *
+
+	* Secured by us
 
 -->
-<ruleset name="Formstack (partial)">
+<ruleset name="Formstack.com (partial)">
 
 	<target host="formstack.com" />
-	<target host="*.formstack.com" />
+	<target host="bi.formstack.com" />
+	<target host="blog.formstack.com" />
+	<target host="static.formstack.com" />
+	<target host="support.formstack.com" />
+	<target host="www.formstack.com" />
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^bi\.formstack\.com$" name="^(?:FormSpringForm(?:Session|View)\d+|rgisanonymous|rguserid|rguuid)$" /-->
+	<!--securecookie host="^www\.formstack\.com$" name="^(rgisanonymous|rguserid|rguuid)$" /-->
 
-	<rule from="^http://(www\.)?formstack\.com/"
-		to="https://$1formstack.com/" />
+	<securecookie host="^(?:bi|www)\.formstack\.com$" name=".+" />
 
-	<rule from="^http://blog\.formstack\.com/favicon\.ico$"
-		to="https://www.formstack.com/favicon.ico" />
 
-	<!--	content_shadow_bg.jpg has different hue.
-							-->
-	<rule from="^http://(?:blog\.formstack\.com/wp-content/themes/fontstack-theme|support\.formstack\.com/assets)/images/bg\.jpg$"
-		to="https://www.formstack.com/assets/images/bg.jpg" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Fornex.com.xml b/src/chrome/content/rules/Fornex.com.xml
index ad51170651bd..3cbaa46d563a 100644
--- a/src/chrome/content/rules/Fornex.com.xml
+++ b/src/chrome/content/rules/Fornex.com.xml
@@ -16,7 +16,6 @@
 	<securecookie host="^fornex\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?fornex\.com/"
-		to="https://$1fornex.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Forocoches.com.xml b/src/chrome/content/rules/Forocoches.com.xml
new file mode 100644
index 000000000000..96710566ceef
--- /dev/null
+++ b/src/chrome/content/rules/Forocoches.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="Forocoches">
+
+	<target host="forocoches.com" />
+	<target host="*.forocoches.com" />
+
+  <rule from="^http://forocoches\.com/" to="https://forocoches.com/"/>
+  <rule from="^http://([^/:@]*)\.forocoches\.com/" to="https://$1.forocoches.com/"/>
+
+</ruleset>
diff --git a/src/chrome/content/rules/Forsakringskassan.se.xml b/src/chrome/content/rules/Forsakringskassan.se.xml
index 3cb0401147fa..eb1659954f64 100644
--- a/src/chrome/content/rules/Forsakringskassan.se.xml
+++ b/src/chrome/content/rules/Forsakringskassan.se.xml
@@ -1,7 +1,23 @@
-<ruleset name="Forsakringskassan.se" platform="mixedcontent">
-  <target host="www.forsakringskassan.se" />
-  <target host="forsakringskassan.se" />
-  <rule from="^http://www\.forsakringskassan\.se/" to="https://www.forsakringskassan.se/"/>
-  <rule from="^http://forsakringskassan\.se/" to="https://www.forsakringskassan.se/"/>
-</ruleset>
+<!--
+	Timeout:
+		forslag.forsakringskassan.se
+		separeradeforaldrar.forsakringskassan.se
+		separationspodden.forsakringskassan.se
+	Invalid Certificate:
+		lagrummet.forsakringskassan.se
+	Missing certificate chain:
+		kassakollen.forsakringskassan.se
+-->
+<ruleset name="Forsakringskassan.se">
+	<target host="forsakringskassan.se" />
+	<target host="www.forsakringskassan.se" />
+	<target host="download.forsakringskassan.se" />
+	<target host="driftmeddelande.forsakringskassan.se" />
+	<target host="foraldrakollen.forsakringskassan.se" />
+	<target host="gate1.forsakringskassan.se" />
+	<target host="m.forsakringskassan.se" />
+
+	<securecookie host=".+" name=".+" />
 
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Forsiden.xml b/src/chrome/content/rules/Forsiden.xml
index fbd25ffbf763..2b1f9384c1b6 100644
--- a/src/chrome/content/rules/Forsiden.xml
+++ b/src/chrome/content/rules/Forsiden.xml
@@ -1,4 +1,10 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://fvn.no/ => https://www.fvn.no/: Too many redirects while fetching 'https://www.fvn.no/'
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://fvn.no/ => https://www.fvn.no/: Cycle detected - URL already encountered: https://www.fvn.no/
 	Problematic subdomains:
 
 		- ^ *
@@ -7,10 +13,11 @@
 	* Works; mismatched, CN: www.aftenposten.no
 
 -->
-<ruleset name="Forsiden (partial)">
+<ruleset name="Forsiden (partial)" default_off="failed ruleset test">
 
 	<target host="fvn.no" />
-	<target host="*.fvn.no" />
+	<target host="www.fvn.no" />
+	<target host="kundesenter.fvn.no" />
 
 
 	<securecookie host="^kundesenter\.fvn\.no$" name=".+" />
@@ -19,7 +26,6 @@
 	<rule from="^http://(?:www\.)?fvn\.no/"
 		to="https://www.fvn.no/" />
 
-	<rule from="^http://kundesenter\.fvn\.no/"
-		to="https://kundesenter.fvn.no/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Forsvarsforbundet.se.xml b/src/chrome/content/rules/Forsvarsforbundet.se.xml
index b13379eeedab..cad7d24db9a4 100644
--- a/src/chrome/content/rules/Forsvarsforbundet.se.xml
+++ b/src/chrome/content/rules/Forsvarsforbundet.se.xml
@@ -1,4 +1,3 @@
-<!-- forsvarsforbundet.se is a swedish labour union -->
 <ruleset name="Forsvarsforbundet.se">
 	<target host="forsvarsforbundet.se" />
 	<target host="www.forsvarsforbundet.se" />
diff --git a/src/chrome/content/rules/Forthnet.gr.xml b/src/chrome/content/rules/Forthnet.gr.xml
new file mode 100644
index 000000000000..0263b535caf8
--- /dev/null
+++ b/src/chrome/content/rules/Forthnet.gr.xml
@@ -0,0 +1,19 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://services.forthnet.gr/ => https://services.forthnet.gr/: (56, 'SSL read: error:00000000:lib(0):func(0):reason(0), errno 104')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://webmail.forthnet.gr/ => https://webmail.forthnet.gr/: (28, 'Operation timed out after 0 milliseconds with 0 out of 0 bytes received')
+Fetch error: http://services.forthnet.gr/ => https://services.forthnet.gr/: (56, 'Recv failure: Connection reset by peer') This ruleset is experimental. If you experience problems please
+	 open an issue at https://github.com/kargig/https-everywhere-greek-rules -->
+
+<ruleset name="Forthnet" default_off="failed ruleset test">
+  <target host="webmail.forthnet.gr" />
+  <target host="services.forthnet.gr" />
+
+	<securecookie host="^webmail.forthnet\.gr$" name=".+" />
+	<securecookie host="^services.forthnet\.gr$" name=".+" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/FortiGuard.com.xml b/src/chrome/content/rules/FortiGuard.com.xml
new file mode 100644
index 000000000000..a0a265d74016
--- /dev/null
+++ b/src/chrome/content/rules/FortiGuard.com.xml
@@ -0,0 +1,46 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://api.fortiguard.com/ => https://api.fortiguard.com/: (7, 'Failed to connect to api.fortiguard.com port 443: Connection refused')
+
+	For other Fortinet coverage, see Fortinet.com.xml.
+
+
+	Nonfunctional hosts in *fortiguard.com:
+
+		- threatmap *
+
+	* Refused
+
+
+	Problematic hosts in *fortiguard.com:
+
+		- (www.)? ¹
+		- metal ²
+
+	¹ Mixed css
+	² Self-signed
+
+
+	Mixed content:
+
+		- css on (www.)? from code.jquery.com *
+
+	* Secured by us
+
+-->
+<ruleset name="FortiGuard.com" platform="mixedcontent" default_off="failed ruleset test">
+
+	<target host="fortiguard.com" />
+	<target host="api.fortiguard.com" />
+	<target host="premier.fortiguard.com" />
+	<target host="www.fortiguard.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Fortinet.com.xml b/src/chrome/content/rules/Fortinet.com.xml
new file mode 100644
index 000000000000..b0dfb2f7164e
--- /dev/null
+++ b/src/chrome/content/rules/Fortinet.com.xml
@@ -0,0 +1,56 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://partners.fortinet.com/ => https://partners.fortinet.com/: (60, 'SSL certificate problem: self signed certificate')
+
+	Other Fortinet rulesets:
+
+		- FortiGuard.com.xml
+
+
+	Nonfunctional subdomains:
+
+		- cookbook ¹
+		- docs ²
+		- investor ¹
+		- kb ¹
+		- pub.kb ¹
+		- jobs ¹
+
+	¹ Refused
+	² Plaintext reply
+
+
+	Insecure cookies are set for these hosts:
+
+		- fortinet.com
+		- forum.fortinet.com
+		- partners.fortinet.com
+		- www.fortinet.com
+
+-->
+<ruleset name="Fortinet.com (partial)" default_off="failed ruleset test">
+
+	<target host="fortinet.com" />
+	<target host="blog.fortinet.com" />
+	<target host="forum.fortinet.com" />
+	<target host="partners.fortinet.com" />
+	<target host="support.fortinet.com" />
+	<target host="video.fortinet.com" />
+	<target host="www.fortinet.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?fortinet\.com$" name="^Fortinet" /-->
+	<!--securecookie host="^(partners\.|www\.)?fortinet\.com$" name="^cookiesession1" /-->
+	<!--securecookie host="^forum\.fortinet\.com$" name="^(ASPPG\.ASPPGSession|ASPPGbackURL|ASPPGpreURL|ASPPGvisitedThreads)$" /-->
+	<!--securecookie host="^www\.fortinet\.com$" name="^[a-z]{7}" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Fortnite.com.xml b/src/chrome/content/rules/Fortnite.com.xml
new file mode 100644
index 000000000000..50225786126d
--- /dev/null
+++ b/src/chrome/content/rules/Fortnite.com.xml
@@ -0,0 +1,46 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://alpha.fortnite.com/ => https://alpha.fortnite.com/: (6, 'Could not resolve host: alpha.fortnite.com')
+
+	For other Epic Games coverage, see Epic_Games.xml.
+
+
+	Fully covered subdomains:
+
+		- (www.)?
+		- alpha
+
+
+	These altnames don't exist:
+
+		- www.alpha.fortnite.com
+
+
+	Insecure cookies are set for these hosts:
+
+		- fortnite.com
+		- alpha.fortnite.com
+		- www.fortnite.com
+
+-->
+<ruleset name="Fortnite.com" default_off="failed ruleset test">
+
+	<target host="fortnite.com" />
+	<target host="alpha.fortnite.com" />
+	<target host="www.fortnite.com" />
+
+		<test url="http://www.fortnite.com/blog" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(alpha\.|www\.)?fortnite\.com$" name="^AWSELB$" /-->
+
+	<securecookie host="^(?:alpha\.|www\.)?fortnite\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Fortum.xml b/src/chrome/content/rules/Fortum.xml
index ad8482d6a7b1..a36b93b0bd9f 100644
--- a/src/chrome/content/rules/Fortum.xml
+++ b/src/chrome/content/rules/Fortum.xml
@@ -2,9 +2,12 @@
 	<target host="fortum.com" />
 	<target host="www.fortum.com" />
 
-	<securecookie host="^(?:.*\.)?fortum\.com$" name=".+"/>
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.fortum\.com$" name="^ASP\.NET_SessionId$" /-->
 
-	<rule from="^http://(?:www\.)?fortum\.com/"
-		to="https://www.fortum.com/"/>
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Fortumo.xml b/src/chrome/content/rules/Fortumo.xml
new file mode 100644
index 000000000000..207dc7c72997
--- /dev/null
+++ b/src/chrome/content/rules/Fortumo.xml
@@ -0,0 +1,20 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://developers.fortumo.com/ => https://developers.fortumo.com/: (6, 'Could not resolve host: developers.fortumo.com')
+
+	CDN bucket:
+		- dyq29inb4n9ck.cloudfront.net
+-->
+
+<ruleset name="Fortumo" default_off="failed ruleset test">
+	<target host="fortumo.com" />
+	<target host="blog.fortumo.com" />
+	<target host="developers.fortumo.com" />
+	<target host="www.fortumo.com" />
+
+  	<securecookie host="^.*\.fortumo\.com$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Fortune.com.xml b/src/chrome/content/rules/Fortune.com.xml
new file mode 100644
index 000000000000..752659953e9b
--- /dev/null
+++ b/src/chrome/content/rules/Fortune.com.xml
@@ -0,0 +1,28 @@
+<!--
+	For other Time Inc coverage, see Time_Inc.xml.
+	Default off because ruleset breaks articles, see
+	https://github.com/EFForg/https-everywhere/issues/2251
+
+
+	www: refused
+
+
+	Mixed content:
+
+		- css from fonts.timeinc.net *
+
+		- favicon from \d.gravatar.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Fortune.com" default_off="Breaks site">
+
+	<target host="fortune.com" />
+	<target host="www.fortune.com" />
+
+
+	<rule from="^http://(?:www\.)?fortune\.com/"
+		to="https://fortune.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/FortuneTango.xml b/src/chrome/content/rules/FortuneTango.xml
deleted file mode 100644
index 77d46a14b785..000000000000
--- a/src/chrome/content/rules/FortuneTango.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<ruleset name="FortuneTango">
-
-	<target host="fortunetango.com"/>
-	<target host="www.fortunetango.com"/>
-
-	<securecookie host="^(www\.)?fortunetango\.com$" name=".*"/>
-
-	<rule from="^http://(www\.)?fortunetango\.com/"
-		to="https://$1fortunetango.com/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Fortune_Affiliates.com.xml b/src/chrome/content/rules/Fortune_Affiliates.com.xml
new file mode 100644
index 000000000000..a63a5a8da3e9
--- /dev/null
+++ b/src/chrome/content/rules/Fortune_Affiliates.com.xml
@@ -0,0 +1,37 @@
+<!--
+	Nonfunctional hosts in *fortuneaffiliates.com:
+
+		- (www.)? *
+		- de *
+		- es *
+		- fr *
+		- it *
+		- jp *
+		- se *
+
+	* Refused
+
+
+	Insecure cookies are set for these hosts:
+
+		- secure.fortuneaffiliates.com
+
+-->
+<ruleset name="Fortune Affiliates.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="secure.fortuneaffiliates.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^secure\.fortuneaffiliates\.com$" name="^(?:ASP\.NET_SessionId|MT?B|ST)$" /-->
+
+	<securecookie host="^secure\.fortuneaffiliates\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ForumBlog.org.xml b/src/chrome/content/rules/ForumBlog.org.xml
index c40c9ae24119..f5a260712877 100644
--- a/src/chrome/content/rules/ForumBlog.org.xml
+++ b/src/chrome/content/rules/ForumBlog.org.xml
@@ -1,13 +1,17 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://forumblog.org/ (200) => https://forumblog.org/ (525)
+
 	Problematic subdomains:
 
 		- www	(expired 2012-12-27, only matches ^forumblog.org, self-signed)
 
 -->
-<ruleset name="ForumBlog.org">
+<ruleset name="ForumBlog.org" default_off="failed ruleset test">
 
 	<target host="forumblog.org" />
-	<target host="*.forumblog.org" />
+	<target host="www.forumblog.org" />
 
 
 	<securecookie host="^\.?forumblog\.org$" name=".+" />
diff --git a/src/chrome/content/rules/ForumIslam.com.xml b/src/chrome/content/rules/ForumIslam.com.xml
new file mode 100644
index 000000000000..32abf91a3417
--- /dev/null
+++ b/src/chrome/content/rules/ForumIslam.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="ForumIslam.com">
+	<target host="forumislam.com" />
+	<target host="www.forumislam.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Forum_Wizard.xml b/src/chrome/content/rules/Forum_Wizard.xml
index d7ddaeee53ab..e6599d260d4b 100644
--- a/src/chrome/content/rules/Forum_Wizard.xml
+++ b/src/chrome/content/rules/Forum_Wizard.xml
@@ -1,16 +1,42 @@
 <!--
-	CN: final4ever.com
+	Problematic hosts in *forumwizard.net:
+
+		- w *
+
+	* Self-signed
+
+
+	Mixed content:
+
+		- Images on (www.)? from cdn.forumwizard.net *
+
+	* Secured by us
 
 -->
-<ruleset name="Forum Wizard" default_off="mismatched, self-signed">
+<ruleset name="Forum Wizard.net">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="forumwizard.net" />
+	<target host="cdn.forumwizard.net" />
+	<target host="www.forumwizard.net" />
+
+	<!--	Complications:
+				-->
+	<target host="w.forumwizard.net" />
+
 
-	<target host="*.forumwizard.net" />
+	<!--	Direct rewrites:
+				-->
+	<!--securecookie host="^\.forumwizard\.net$" name="^(?:__cfduid|bbsessionhash|cf_clearance)$" /-->
 
+	<securecookie host="^\.forumwizard\.net$" name=".+" />
 
-	<!--securecookie host="^\.forumwizard\.net$" name=".+" /-->
 
+	<rule from="^http://w\.forumwizard\.net/"
+		to="https://www.forumwizard.net/" />
 
-	<rule from="^http://(cdn|w|is\.www)\.forumwizard\.net/"
-		to="https://$1.forumwizard.net/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Forumatic.xml b/src/chrome/content/rules/Forumatic.xml
index d535e69a6d5a..7ec5ba8996bf 100644
--- a/src/chrome/content/rules/Forumatic.xml
+++ b/src/chrome/content/rules/Forumatic.xml
@@ -1,19 +1,23 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://forumatic.com/ => https://forumatic.com/: (35, 'error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol')
+Fetch error: http://www.forumatic.com/ => https://www.forumatic.com/: (35, 'error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol')
+
 	Nonfunctional subdomains:
 
 		- support	(redirects to www; mismatched, CN: www.forumatic.com)
 
 -->
-<ruleset name="Forumatic (partial)">
+<ruleset name="Forumatic (partial)" default_off="failed ruleset test">
 
 	<target host="forumatic.com" />
-	<target host="*.forumatic.com" />
+	<target host="www.forumatic.com" />
 
 
 	<securecookie host="^\.forumatic\.com$" name="^PHPSESSID$" />
 
 
-	<rule from="^http://(www\.)?forumatic\.com/"
-		to="https://$1forumatic.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Forums_fur_Naturfotografen.xml b/src/chrome/content/rules/Forums_fur_Naturfotografen.xml
index 5682c493f6b7..d9ab4d08ae3c 100644
--- a/src/chrome/content/rules/Forums_fur_Naturfotografen.xml
+++ b/src/chrome/content/rules/Forums_fur_Naturfotografen.xml
@@ -5,13 +5,13 @@
 <ruleset name="Forums für Naturfotografen">
 
 	<target host="naturfotografen-forum.de" />
-	<target host="*.naturfotografen-forum.de" />
+	<target host="www.naturfotografen-forum.de" />
 
 
 	<securecookie host="^\.?naturfotografen-forum\.de$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?naturfotografen-forum\.de/"
+	<rule from="^http://(?:www\.)?naturfotografen-forum\.de/"
 		to="https://naturfotografen-forum.de/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Foscam-BG.com.xml b/src/chrome/content/rules/Foscam-BG.com.xml
new file mode 100644
index 000000000000..699e1afbe9e9
--- /dev/null
+++ b/src/chrome/content/rules/Foscam-BG.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="Foscam-BG.com">
+
+	<target host="foscam-bg.com" />
+	<target host="www.foscam-bg.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Fosdem.org.xml b/src/chrome/content/rules/Fosdem.org.xml
deleted file mode 100644
index 7f61d7f00259..000000000000
--- a/src/chrome/content/rules/Fosdem.org.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- video		(cert valid; 404)
-
--->
-<ruleset name="FOSDEM.org (partial)">
-
-	<target host="fosdem.org" />
-	<target host="*.fosdem.org" />
-
-
-	<rule from="^http://((?:archive|www)\.)?fosdem\.org/"
-		to="https://$1fosdem.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Fosscon.us.xml b/src/chrome/content/rules/Fosscon.us.xml
new file mode 100644
index 000000000000..1a5988e8e9df
--- /dev/null
+++ b/src/chrome/content/rules/Fosscon.us.xml
@@ -0,0 +1,15 @@
+<!--
+     Problematic domains:
+        - www ¹
+    ¹: Mismatch
+-->
+<ruleset name="Fosscon.us">
+
+    <target host="fosscon.us" />
+    <target host="www.fosscon.us" />
+
+    <securecookie host=".+" name=".+" />
+
+    <rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Fossil-SCM.org.xml b/src/chrome/content/rules/Fossil-SCM.org.xml
new file mode 100644
index 000000000000..ecfb04fe679b
--- /dev/null
+++ b/src/chrome/content/rules/Fossil-SCM.org.xml
@@ -0,0 +1,13 @@
+<!--
+	^: mismatched
+
+-->
+<ruleset name="Fossil-SCM.org">
+
+	<target host="fossil-scm.org" />
+	<target host="www.fossil-scm.org" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Fotki.xml b/src/chrome/content/rules/Fotki.xml
index 946d45011417..3f5e57270ce6 100644
--- a/src/chrome/content/rules/Fotki.xml
+++ b/src/chrome/content/rules/Fotki.xml
@@ -1,43 +1,18 @@
 <!--
-	CDN buckets:
 
-		- fotki.cachefly.net
-			- images.fotki.com
+    Fotki does not use cachefly anymore
 
-
-	Nonfunctional subdomains:
-
-		- about *
-		- client *
-		- contests *
-		- downloads *
-		- help *
-		- host *
-		- myaccount *
-		- search *
-		- signup *
-
-	* 503, mismatched, CN: secure.fotki.com
-
-
-	Problematic subdomains:
-
-		- images	(mismatched, CN: *.cachefly.net)
-		- login		(503, mismatched, CN: secure.fotki.com)
+    Most of subdomains should just work now with https
 
 -->
 <ruleset name="Fotki (partial)">
 
 	<target host="*.fotki.com" />
 
+	<rule from="^http:"
+		to="https:" />
 
-	<rule from="^https?://images\.fotki\.com/"
-		to="https://fotki.cachefly.net/" />
-
-	<rule from="^https?://login\.fotki\.com/($|\?.*)"
-		to="https://secure.fotki.com/login$1" />
-
-	<rule from="^http://secure\.fotki\.com/"
-		to="https://secure.fotki.com/" />
+	<test url="http://www.fotki.com/" />
+	<test url="http://images.fotki.com/pixel.gif" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/FotoForensics.com.xml b/src/chrome/content/rules/FotoForensics.com.xml
new file mode 100644
index 000000000000..fcb285f17286
--- /dev/null
+++ b/src/chrome/content/rules/FotoForensics.com.xml
@@ -0,0 +1,28 @@
+<!--
+	Invalid certificate:
+		- fotoforensic.com, equivalent to fotoforensics.com
+		- www.fotoforensic.com, equivalent to www.fotoforensics.com
+-->
+
+<ruleset name="FotoForensics.com">
+
+	<target host="fotoforensic.com" />
+	<target host="www.fotoforensic.com" />
+	<target host="fotoforensics.com" />
+	<target host="www.fotoforensics.com" />
+	<target host="axt.fotoforensics.com" />
+	<target host="ff2.fotoforensics.com" />
+	<target host="ipv4.fotoforensics.com" />
+	<target host="ipv6.fotoforensics.com" />
+	<target host="lab.fotoforensics.com" />
+	<target host="login.fotoforensics.com" />
+
+	<rule from="^http://fotoforensic\.com/"
+		to="https://fotoforensics.com/" />
+
+	<rule from="^http://www\.fotoforensic\.com/"
+		to="https://www.fotoforensics.com/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/FotoPigeon.xml b/src/chrome/content/rules/FotoPigeon.xml
index d8d9719c5791..fa98f43502d3 100644
--- a/src/chrome/content/rules/FotoPigeon.xml
+++ b/src/chrome/content/rules/FotoPigeon.xml
@@ -1,17 +1,36 @@
+
 <!--
-	!www: cert only matches www
+Disabled by https-everywhere-checker because:
+Fetch error: http://fotopigeon.com/ => https://fotopigeon.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.fotopigeon.com/ => https://www.fotopigeon.com/: (28, 'Connection timed out after 20000 milliseconds')
+
+	Fully covered hosts in *fotopigeon.com:
+
+		- (www.)?
+
+
+	Insecure cookies are set for these hosts:
+
+		- fotopigeon.com
+		- www.fotopigeon.com
 
 -->
-<ruleset name="FotoPigeon">
+<ruleset name="FotoPigeon.com" default_off="failed ruleset test">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="fotopigeon.com" />
 	<target host="www.fotopigeon.com" />
 
 
-	<securecookie host="^www\.fotopigeon\.com$" name=".+" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?fotopigeon\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^(?:www\.)?fotopigeon\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?fotopigeon\.com/"
-		to="https://www.fotopigeon.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Fotoblur.xml b/src/chrome/content/rules/Fotoblur.xml
deleted file mode 100644
index b1f09ad29cd5..000000000000
--- a/src/chrome/content/rules/Fotoblur.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	Problematic subdomains:
-
-		^	(404s)
-
--->
-<ruleset name="Fotoblur">
-
-	<target host="fotoblur.com" />
-	<target host="www.fotoblur.com" />
-
-
-	<securecookie host="^www\.fotoblur\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?fotoblur\.com/"
-		to="https://www.fotoblur.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Fotocommunity.de.xml b/src/chrome/content/rules/Fotocommunity.de.xml
new file mode 100644
index 000000000000..54d17144630e
--- /dev/null
+++ b/src/chrome/content/rules/Fotocommunity.de.xml
@@ -0,0 +1,53 @@
+<!--
+	Problematic subdomains:
+
+		- images *
+
+	* Dropped
+
+
+	Some pages redirect to http.
+
+
+	Mixed content:
+
+		- iframe on www from fotocommunity-fanshop.spreadshirt.de *
+
+		- css on www from $self *
+
+		- Images on www from origin.images *
+
+	* Secured by us
+
+-->
+<ruleset name="fotocommunity.de (partial)">
+
+	<target host="fotocommunity.de" />
+	<target host="*.fotocommunity.de" />
+		<!--
+			Mixed css from $self:
+						-->
+		<!--exclusion pattern="^http://(www\.)?fotocommunity\.de/+(info/Datenschutz|forum/|serverstatus/)($|\?)" /-->
+		<!--
+			Mixed iframe from fotocommunity-fanshop.spreadshirt.de:
+										-->
+		<!--exclusion pattern="^http://(www\.)?fotocommunity\.de/+fanshop($|[?/])" /-->
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="^http://(www\.)?fotocommunity\.de/+($|\?)" /-->
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="^http://(www\.)?fotocommunity\.de/+(?!(blog|serverstatus)/wp-(content|includes)/|blog/\?sccss=|(calendar|fotos-kaufen|fotowissen|html-sitemaps|login|mediathek|models|registrieren|sitemap)($|[?/])|css/|css-2/|css-static/|favicon\.ico|fcAssets/|gfx/|(Hilfe|pc/pc/channel/\d+/\w+/\w+/display/\d+)($|\?)|market-[\w-]+\.php|model-sedcard/|static/|wikiAssets/)" /-->
+
+
+	<rule from="^http://(www\.)?fotocommunity\.de/(?=(?:blog|serverstatus)/wp-(?:content|includes)/|blog/\?sccss=|(?:calendar|fotos-kaufen|fotowissen|html-sitemaps|login|mediathek|models|registrieren|sitemap)(?:$|[?/])|css/|css-2/|css-static/|favicon\.ico|fcAssets/|gfx/|(?:Hilfe|pc/pc/channel/\d+/\w+/\w+/display/\d+)(?:$|\?)|market-[\w-]+\.php|model-sedcard/|static/|wikiAssets/)"
+		to="https://$1fotocommunity.de/" />
+
+	<!--	This is what the server does, so follow suit:
+								-->
+	<rule from="^http://(?:origin\.)?images\.fotocommunity\.de/"
+		to="https://origin.images.fotocommunity.de/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Fotolab.sk_cz.xml b/src/chrome/content/rules/Fotolab.sk_cz.xml
new file mode 100644
index 000000000000..fb20c94dd1b6
--- /dev/null
+++ b/src/chrome/content/rules/Fotolab.sk_cz.xml
@@ -0,0 +1,36 @@
+<!--
+	Photo printing services Fotolab.sk, Fotolab.cz
+
+	certificate mismatch:
+		- m.fotolab.cz
+		- m.fotolab.sk
+
+	mixed content:
+		- fotoobrazy.fotolab.cz
+
+	timeout on https:
+		- klub.fotolab.cz
+
+	self signed:
+		adventnykalendar.fotolab.sk
+		blog.fotolab.sk
+-->
+<ruleset name="Fotolab.sk_cz">
+	<target host="fotolab.cz" />
+	<target host="www.fotolab.cz" />
+	<target host="fotolab.sk" />
+	<target host="www.fotolab.sk" />
+	<target host="blog.fotolab.cz" />
+	<target host="eshop.fotolab.cz" />
+	<target host="obrazy.fotolab.cz" />
+	<target host="sutaz.fotolab.sk" />
+
+	<rule from="^http://eshop\.fotolab\.cz/"
+		to="https://www.fotolab.cz/eshop/" />
+	<rule from="^http://obrazy\.fotolab\.cz/"
+		to="https://www.fotolab.cz/fotoobrazy.html" />
+	<rule from="^http://sutaz\.fotolab\.sk/"
+		to="https://www.fotolab.sk/sutaze/fotosutaze.html" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/FoulaBook.com.xml b/src/chrome/content/rules/FoulaBook.com.xml
new file mode 100644
index 000000000000..6925ca9d88f3
--- /dev/null
+++ b/src/chrome/content/rules/FoulaBook.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="FoulaBook.com">
+	<target host="foulabook.com" />
+	<target host="www.foulabook.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Foundation-Source.xml b/src/chrome/content/rules/Foundation-Source.xml
index 97bb341e15b9..f2a80c697213 100644
--- a/src/chrome/content/rules/Foundation-Source.xml
+++ b/src/chrome/content/rules/Foundation-Source.xml
@@ -1,13 +1,15 @@
 <ruleset name="Foundation Source">
 
 	<target host="foundationsource.com" />
-	<target host="*.foundationsource.com" />
+	<target host="access.foundationsource.com" />
+	<target host="fsol.foundationsource.com" />
+	<target host="online.foundationsource.com" />
+	<target host="www.foundationsource.com" />
 
 
-	<securecookie host="^(.*\.)?foundationsource\.com$" name=".*" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://((?:access|fsol|online|www)\.)?foundationsource\.com/"
-		to="https://$1foundationsource.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Foundation_Beyond_Belief.org.xml b/src/chrome/content/rules/Foundation_Beyond_Belief.org.xml
index 1145d673eb6d..b3e2915b4fd7 100644
--- a/src/chrome/content/rules/Foundation_Beyond_Belief.org.xml
+++ b/src/chrome/content/rules/Foundation_Beyond_Belief.org.xml
@@ -9,13 +9,12 @@
 <ruleset name="Foundation Beyond Belief.org">
 
 	<target host="foundationbeyondbelief.org" />
-	<target host="*.foundationbeyondbelief.org" />
+	<target host="www.foundationbeyondbelief.org" />
 
 
 	<securecookie host="^\.foundationbeyondbelief\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?foundationbeyondbelief\.org/"
-		to="https://$1foundationbeyondbelief.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Founding_Fathers.xml b/src/chrome/content/rules/Founding_Fathers.xml
index 9df20a0fc184..4672c1f6aff4 100644
--- a/src/chrome/content/rules/Founding_Fathers.xml
+++ b/src/chrome/content/rules/Founding_Fathers.xml
@@ -8,7 +8,7 @@
 	<target host="www.foundingfathers.info" />
 
 
-	<rule from="^https?://(?:www\.)?foundingfathers\.info/"
+	<rule from="^http://(?:www\.)?foundingfathers\.info/"
 		to="https://foundingfathers.info/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/FountainMagazine.com.xml b/src/chrome/content/rules/FountainMagazine.com.xml
new file mode 100644
index 000000000000..6048acbb4deb
--- /dev/null
+++ b/src/chrome/content/rules/FountainMagazine.com.xml
@@ -0,0 +1,14 @@
+<!--
+	Time out:
+	- essay.fountainmagazine.com
+
+-->
+<ruleset name="FountainMagazine.com">
+	<target host="fountainmagazine.com" />
+	<target host="www.fountainmagazine.com" />
+	<target host="blog.fountainmagazine.com" />
+
+	<securecookie host="^(www|blog)\.fountainmagazine\.com$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Fourecks.de.xml b/src/chrome/content/rules/Fourecks.de.xml
new file mode 100644
index 000000000000..0e828f169cbc
--- /dev/null
+++ b/src/chrome/content/rules/Fourecks.de.xml
@@ -0,0 +1,46 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://fourecks.de/ => https://fourecks.de/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://kilbeggan.fourecks.de/ => https://kilbeggan.fourecks.de/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.fourecks.de/ => https://fourecks.de/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	Problematic hosts:
+
+		- www *
+
+	* Mismatched
+
+
+	Fully covered hosts:
+
+		- (www.)?	(www → ^)
+		- kilbeggan
+
+
+	Mixed content:
+
+		- Image on ^ from kilbeggan.fourecks.de *
+
+	* Secured by us
+
+-->
+<ruleset name="fourecks.de" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="fourecks.de" />
+	<target host="kilbeggan.fourecks.de" />
+
+	<!--	Complications:
+				-->
+	<target host="www.fourecks.de" />
+
+
+	<rule from="^http://www\.fourecks\.de/"
+		to="https://fourecks.de/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Fourmilab.ch.xml b/src/chrome/content/rules/Fourmilab.ch.xml
new file mode 100644
index 000000000000..ae083820038d
--- /dev/null
+++ b/src/chrome/content/rules/Fourmilab.ch.xml
@@ -0,0 +1,8 @@
+<ruleset name="Fourmilab.ch">
+	<target host="fourmilab.ch" />
+	<target host="www.fourmilab.ch" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Fourmilab.xml b/src/chrome/content/rules/Fourmilab.xml
deleted file mode 100644
index 27ac84b50de9..000000000000
--- a/src/chrome/content/rules/Fourmilab.xml
+++ /dev/null
@@ -1,40 +0,0 @@
-<!--
-	!www: cert only matches www
-
--->
-<ruleset name="Fourmilab (partial)">
-
-	<target host="fourmilab.ch" />
-	<target host="www.fourmilab.ch" />
-		<exclusion pattern="^http://(?:www\.)?fourmilab\.ch/(?:cgi-bin/(?:uncgi/)?Earth\?|images/(?:c1995o1/$|flash/g-audio-player\.swf))" />
-
-
-	<securecookie host="^www\.fourmilab\.ch$" name=".+" />
-
-
-	<rule from="^http(?:://(?:www\.)?|s://)fourmilab\.ch/"
-		to="https://www.fourmilab.ch/" />
-
-	<!--	Without the following downgrade rule, the "Comet C/1996 B2 (Hyakutake) Images"
-		hyperlink near the bottom of the page at http://www.fourmilab.ch/images/c1995o1/
-		does not work. (February 26, 2013.)
-							-->
-	<rule from="^https://www\.fourmilab\.ch/images/c1995o1/$"
-		to="http://www.fourmilab.ch/images/c1995o1/" downgrade="1" />
-
-	<!--	Without the following downgrade rule, the image on the page
-		at http://www.fourmilab.ch/cship/figures/Gdoppler1.html may
-		not display properly. (February 26, 2013.)
-							-->
-	<rule from="^https://www\.fourmilab\.ch/cship/figures/Gdoppler1\.html"
-		to="http://www.fourmilab.ch/cship/figures/Gdoppler1.html" downgrade="1" />
-
-	<!--	Without the following downgrade rule, images requested via the URL
-		starting with http://www.fourmilab.com.ch/cgi-bin/uncgi/Earth? or
-		http://www.fourmilab.com.ch/cgi-bin/Earth? may not load completely.
-		(February 26, 2013.)
-					-->
-	<rule from="^https://(?:www\.)?fourmilab\.ch/cgi-bin/(?:uncgi/)?Earth\?"
-		to="http://www.fourmilab.ch/cgi-bin/Earth?" downgrade="1" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Foursquare.com.xml b/src/chrome/content/rules/Foursquare.com.xml
index 67b889a74a54..dc8c24495b8d 100644
--- a/src/chrome/content/rules/Foursquare.com.xml
+++ b/src/chrome/content/rules/Foursquare.com.xml
@@ -1,6 +1,17 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://translate.foursquare.com/ => https://translate.foursquare.com/: (6, 'Could not resolve host: translate.foursquare.com')
+
+	Other Foursquare rulesets:
+
+		- 4sqi.net.xml
+
+
 	CDN buckets:
 
+		- s3.amazonaws.com/playfoursquare/
+
 		- foursquare.wpengine.netdna-cdn.com
 
 			- blog.foursquare.com
@@ -12,36 +23,78 @@
 
 	Nonfunctional subdomains:
 
-		- blog *
-		- engineering *
+		- blog ¹
+		- business ²
+		- engineering ³
 
-	* Redirects to http
+	¹ Tumblr
+	² Refused
+	³ WP Engine
 
 
 	Problematic subdomains:
 
-		- business	(works, mismatched, CN: *.sqarespace.com)
 		- redirect	(mismatched, CN: foursquare.com)
-		- support	(mismatched, CN: *.zendesk.com)
 
--->
-<ruleset name="Foursquare.com (partial)">
-
-	<target host="*.4sqi.net" />
-	<target host="foursquare.com" />
-	<target host="*.foursquare.com" />
 
+	Fully covered hosts in *foursquare.com:
 
-	<securecookie host="^(?:.*\.)?foursquare\.com$" name=".+" />
+		- (www.)?
+		- api
+		- de
+		- developer
+		- es
+		- fr
+		- id
+		- it
+		- ja
+		- ko
+		- lv
+		- pt
+		- ru
+		- th
+		- tr
+		- support
+		- translate
 
 
-	<rule from="^http://(is\d|ss[01l])\.4sqi\.net/"
-		to="https://$1.4sqi.net/" />
+	Insecure cookies are set for these domains:
 
-	<rule from="^http://((?:api|de|developer|es|fr|id|it|ja|ko|lv|pt|ru|th|tr|translate|www)\.)?foursquare\.com/"
-		to="https://$1foursquare.com/" />
+		- .foursquare.com
 
-	<rule from="^https?://support\.foursquare\.com/generated/"
-		to="https://generated.zendesk.com/generated/" />
+-->
+<ruleset name="Foursquare.com (partial)" default_off="failed ruleset test">
 
-</ruleset>
\ No newline at end of file
+	<!--	Direct rewrites:
+				-->
+	<target host="foursquare.com" />
+	<target host="api.foursquare.com" />
+	<target host="de.foursquare.com" />
+	<target host="developer.foursquare.com" />
+	<target host="es.foursquare.com" />
+	<target host="fr.foursquare.com" />
+	<target host="id.foursquare.com" />
+	<target host="it.foursquare.com" />
+	<target host="ja.foursquare.com" />
+	<target host="ko.foursquare.com" />
+	<target host="lv.foursquare.com" />
+	<target host="pt.foursquare.com" />
+	<target host="ru.foursquare.com" />
+	<target host="th.foursquare.com" />
+	<target host="tr.foursquare.com" />
+	<target host="support.foursquare.com" />
+	<target host="translate.foursquare.com" />
+	<target host="www.foursquare.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.foursquare\.com$" name="^bbhive$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Fout.jp.xml b/src/chrome/content/rules/Fout.jp.xml
index b5bc0b636051..16a6eddd18b6 100644
--- a/src/chrome/content/rules/Fout.jp.xml
+++ b/src/chrome/content/rules/Fout.jp.xml
@@ -17,7 +17,9 @@
 -->
 <ruleset name="Fout.jp (partial)">
 
-	<target host="*.fout.jp" />
+	<target host="cnt.fout.jp" />
+	<target host="dsp.fout.jp" />
+	<target host="js.fout.jp" />
 
 
 	<!--	Set by cnt:
@@ -25,7 +27,6 @@
 	<securecookie host="^\.fout\.jp$" name="^uid$" />
 
 
-	<rule from="^http://(cnt|dsp|js)\.fout\.jp/"
-		to="https://$1.fout.jp/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Fox-IT.com.xml b/src/chrome/content/rules/Fox-IT.com.xml
new file mode 100644
index 000000000000..82743c4a472e
--- /dev/null
+++ b/src/chrome/content/rules/Fox-IT.com.xml
@@ -0,0 +1,11 @@
+<ruleset name="Fox-IT.com">
+
+	<target host="fox-it.com" />
+	<target host="clientportal.fox-it.com" />
+	<target host="www.fox-it.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Fox-News.xml b/src/chrome/content/rules/Fox-News.xml
new file mode 100644
index 000000000000..6757552ec4b2
--- /dev/null
+++ b/src/chrome/content/rules/Fox-News.xml
@@ -0,0 +1,54 @@
+<!--
+	For other News Corporation coverage, see News-Corporation.xml.
+
+	Active mixed content:
+		- foxnews.com
+		- www.foxnews.com
+
+	Connection closed:
+		- feeds.foxnews.com
+
+	Connection timed out:
+		- imag.foxnews.com
+		- live.foxnews.com
+		- affiliates.radio.foxnews.com
+		- foxnewsinsider.com
+		- www.foxnewsinsider.com
+
+	Invalid certificate:
+		- insider.foxnews.com
+		- beta.video.insider.foxnews.com
+		- latino.foxnews.com
+		- magazine.foxnews.com
+		- metrics.foxnews.com
+		- m.radio.foxnews.com
+-->
+
+<ruleset name="Fox News">
+	<!-- fbnstatic.com -->
+	<target host="www.fbnstatic.com" />
+	<target host="global.fncstatic.com" />
+
+	<!-- foxbusiness.com -->
+	<target host="foxbusiness.com" />
+	<target host="www.foxbusiness.com" />
+	<target host="video.foxbusiness.com" />
+	<target host="beta.video.foxbusiness.com" />
+
+	<!-- foxnews.com -->
+	<target host="a57.foxnews.com" />
+	<target host="ads.foxnews.com" />
+	<target host="help.foxnews.com" />
+	<target host="video.imag.foxnews.com" />
+	<target host="video.insider.foxnews.com" />
+	<target host="video.latino.foxnews.com" />
+	<target host="beta.video.latino.foxnews.com" />
+	<target host="nation.foxnews.com" />
+	<target host="radio.foxnews.com" />
+	<target host="video.foxnews.com" />
+
+	<!-- foxnewsinsider.com -->
+	<target host="facebook.foxnewsinsider.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Fox_News.xml b/src/chrome/content/rules/Fox_News.xml
deleted file mode 100644
index d29853b3b5ef..000000000000
--- a/src/chrome/content/rules/Fox_News.xml
+++ /dev/null
@@ -1,69 +0,0 @@
-<!--
-	For other News Corporation coverage, see News-Corporation.xml.
-
-
-	Nonfunctional domains:
-
-		- (www.)fbnstatic.com *
-		- (www.)foxbusiness.com *
-
-		- foxnews.com subdomains:
-
-			- (www.) *
-			- latino *
-			- magazine		(503, akamai)
-			- nation **
-			- radio **
-
-		- (www.)foxnewsinsider		(403; self-signed, CN: nmweb01)
-
-	* 404, akamai
-	** 403, akamai
-
-
-	Problematic domains:
-
-		- www.fbnstatic.com *
-		- global.fncstatic.com *
-		- ureport.foxnews.com		(works; mismatched, CN: *.filemobile.com)
-
-	* Works, akamai
-
--->
-<ruleset name="Fox News (partial)">
-
-	<target host="www.fbnstatic.com" />
-	<target host="global.fncstatic.com" />
-		<!--
-			- css:	503
-			- js: 404
-					-->
-		<exclusion pattern="^https?://(?:www\.fbn|global\.fnc)static\.com/static/(?:.+/)?(?:j|cs)s/" />
-	<target host="*.foxbusiness.com" />
-	<target host="*.foxnews.com" />
-	<target host="facebook.foxnewsinsider.com" />
-	<target host="foxnews.ramp.com" />
-
-
-	<rule from="^https?://(www\.fbn|global\.fnc)static\.com/"
-		to="https://a57.foxnews.com/$1static.com/" />
-
-	<rule from="^http://(beta\.)?video\.foxbusiness\.com/"
-		to="https://$1video.foxbusiness.com/" />
-
-	<rule from="^http://(a57|ads|video\.(?:imag|insider|latino|ureport)|live|video|beta\.video(?:\.latino)?)\.foxnews\.com/"
-		to="https://$1.foxnews.com/" />
-
-	<rule from="^https?://metrics\.foxnews\.com/"
-		to="https://foxnews.112.2o7.net/" />
-
-	<rule from="^https?://uereport\.foxnews\.com/services/"
-		to="https://filemobile.com/services/" />
-
-	<rule from="^http://facebook\.foxnewsinsider\.com/"
-		to="https://facebook.foxnewsinsider.com/" />
-
-	<rule from="^http://foxnews\.ramp\.com/"
-		to="https://foxnews.ramp.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Foxitsoftware.xml b/src/chrome/content/rules/Foxitsoftware.xml
new file mode 100644
index 000000000000..ffa09a378f3d
--- /dev/null
+++ b/src/chrome/content/rules/Foxitsoftware.xml
@@ -0,0 +1,31 @@
+<!--
+	Nonfunctional hosts in *foxitsoftware.com:
+
+		- blog ¹
+		- forums ¹
+		- tickets ²
+
+	¹ Shows another domain
+	² Refused
+
+-->
+<ruleset name="Foxitsoftware.com (partial)">
+
+	<target host="foxitsoftware.com" />
+	<target host="www.foxitsoftware.com" />
+
+		<test url="http://www.foxitsoftware.com/PDF_Editor/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="\.foxitsoftware\.com$" name="^FoxitWebsite(?:CC|LANG)$" /-->
+	<!--securecookie host="\.www\.foxitsoftware\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\." name="^_gat?$" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Foxtvmedia.com.xml b/src/chrome/content/rules/Foxtvmedia.com.xml
deleted file mode 100644
index f5b4ef9ea5b2..000000000000
--- a/src/chrome/content/rules/Foxtvmedia.com.xml
+++ /dev/null
@@ -1,26 +0,0 @@
-<!--
-	CDN buckets:
-
-		- worldnow.edgesuite.net
-
-			- a948.ga.akamai.net
-			- content
-
-
-	Fully covered subdomains:
-
-		- content	(→ ftpcontent.worldnow.com)
-
-
-	(www.) doesn't exist.
-
--->
-<ruleset name="foxtvmedia.com">
-
-	<target host="content.foxtvmedia.com" />
-
-
-	<rule from="^http://content\.foxtvmedia\.com/"
-		to="https://a248.e.akamai.net/m/948/4989/3/ftpcontent.worldnow.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/FoxyCart.com.xml b/src/chrome/content/rules/FoxyCart.com.xml
index 2b497f8e8703..a36d5a37a4b7 100644
--- a/src/chrome/content/rules/FoxyCart.com.xml
+++ b/src/chrome/content/rules/FoxyCart.com.xml
@@ -41,14 +41,16 @@
 -->
 <ruleset name="FoxyCart.com (partial)">
 
-	<target host="foxycart.com" />
-	<target host="*.foxycart.com" />
+	<target host="admin.foxycart.com" />
+	<target host="cdn.foxycart.com" />
+	<target host="docs.foxycart.com" />
+	<target host="forum.foxycart.com" />
+	<target host="wiki.foxycart.com" />
 
 
 	<securecookie host="^(?:admin|docs|forum|wiki)\.foxycart\.com$" name=".+" />
 
 
-	<rule from="^http://(admin|cdn|docs|forum|wiki)\.foxycart\.com/"
-		to="https://$1.foxycart.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Foxydeal.de-falsemixed.xml b/src/chrome/content/rules/Foxydeal.de-falsemixed.xml
index ea3b8166f071..1b40e1632c23 100644
--- a/src/chrome/content/rules/Foxydeal.de-falsemixed.xml
+++ b/src/chrome/content/rules/Foxydeal.de-falsemixed.xml
@@ -1,8 +1,13 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://foxydeal.de/ => https://foxydeal.de/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://foxydeal.com/ => https://foxydeal.de/: (28, 'Connection timed out after 20001 milliseconds')
+
 	For rules not causing false/broken MCB, see Foxydeal.de.xml.
 
 -->
-<ruleset name="foxydeal.de (false MCB)" platform="mixedcontent">
+<ruleset name="foxydeal.de (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="foxydeal.de" />
 	<target host="*.foxydeal.de" />
diff --git a/src/chrome/content/rules/Foxydeal.de.xml b/src/chrome/content/rules/Foxydeal.de.xml
index 4f35334bc5b8..5695e99485de 100644
--- a/src/chrome/content/rules/Foxydeal.de.xml
+++ b/src/chrome/content/rules/Foxydeal.de.xml
@@ -1,4 +1,10 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://foxydeal.de/ => http://foxydeal.de/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.foxydeal.de/ => http://www.foxydeal.de/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://foxydeal.com/ => http://foxydeal.com/: (28, 'Connection timed out after 20001 milliseconds')
+
 	For rules causing false/broken MCB, see Foxydeal.de-falsemixed.xml.
 
 
@@ -16,7 +22,7 @@
 	* Secured by us
 
 -->
-<ruleset name="foxydeal.de (partial)">
+<ruleset name="foxydeal.de (partial)" default_off="failed ruleset test">
 
 	<target host="foxydeal.de" />
 	<target host="www.foxydeal.de" />
diff --git a/src/chrome/content/rules/Fprnt.com.xml b/src/chrome/content/rules/Fprnt.com.xml
new file mode 100644
index 000000000000..9a7b5410979a
--- /dev/null
+++ b/src/chrome/content/rules/Fprnt.com.xml
@@ -0,0 +1,30 @@
+<!--
+	Bugs.
+
+
+	www.fprnt.com doesn't exist.
+
+
+	Insecure cookies are set for these domains:
+
+		- .fprnt.com
+
+-->
+<ruleset name="fprnt.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="fprnt.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.fprnt\.com$" name="^user$" /-->
+
+	<securecookie host="^\.fprnt\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Fqtag.com.xml b/src/chrome/content/rules/Fqtag.com.xml
new file mode 100644
index 000000000000..32e9113220b3
--- /dev/null
+++ b/src/chrome/content/rules/Fqtag.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="Fqtag.com">
+	<target host="fqtag.com" />
+	<target host="www.fqtag.com" />
+	<target host="c.fqtag.com" />
+	<target host="new.fqtag.com" />
+	<target host="s.fqtag.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/FrOSCon.xml b/src/chrome/content/rules/FrOSCon.xml
new file mode 100644
index 000000000000..51755e41abd5
--- /dev/null
+++ b/src/chrome/content/rules/FrOSCon.xml
@@ -0,0 +1,22 @@
+<ruleset name="FrOSCon">
+
+	<target host="www.froscon.de"/>
+	<target host="froscon.de"/>
+	<target host="www.froscon.org"/>
+	<target host="programm.froscon.org"/>
+	<target host="programm.froscon.de"/>
+	<target host="ruby.froscon.org"/>
+	<target host="ruby.froscon.de"/>
+	<target host="helfer.froscon.de"/>
+	<target host="helfer.froscon.org"/>
+	<target host="froglabs.froscon.org"/>
+	<target host="froglabs.froscon.de"/>
+	<target host="kids.froscon.de"/>
+	<target host="kids.froscon.org"/>
+	<target host="m.froscon.de"/>
+	<!-- cert not valid on froscon.tv-->
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Frack.nl.xml b/src/chrome/content/rules/Frack.nl.xml
new file mode 100644
index 000000000000..47d1181d075a
--- /dev/null
+++ b/src/chrome/content/rules/Frack.nl.xml
@@ -0,0 +1,12 @@
+<ruleset name="Frack.nl">
+
+	<target host="frack.nl" />
+	<target host="www.frack.nl" />
+
+
+	<securecookie host="^(?:www\.)?frack\.nl$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Fraglive.xml b/src/chrome/content/rules/Fraglive.xml
deleted file mode 100644
index 6a3c8a19cc3c..000000000000
--- a/src/chrome/content/rules/Fraglive.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Fraglive">
-
-	<target host="fraglive.cl" />
-	<target host="*.fraglive.cl" />
-
-
-	<securecookie host="^(?:w*\.)?fraglive\.cl$" name=".+" />
-
-
-	<rule from="^http://(www\.)?fraglive\.cl/"
-		to="https://$1fraglive.cl/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Frama.io.xml b/src/chrome/content/rules/Frama.io.xml
new file mode 100644
index 000000000000..7503a3cf39b9
--- /dev/null
+++ b/src/chrome/content/rules/Frama.io.xml
@@ -0,0 +1,16 @@
+<!--
+	No working URL known:
+		frama.io
+
+-->
+<ruleset name="Frama.io">
+
+	<!-- Each user gets their own subdomain -->
+	<target host="*.frama.io" />
+		<test url="http://dflinux.frama.io/thebeginnershandbook/lcdd01-debian/" />
+		<test url="http://mabu.frama.io/HeartTempo/" />
+		<test url="http://zeduckmaster.frama.io/2016/how-to-create-a-custom-rendering-in-a-qt5-widget/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Framasoft.xml b/src/chrome/content/rules/Framasoft.xml
new file mode 100644
index 000000000000..b48712454818
--- /dev/null
+++ b/src/chrome/content/rules/Framasoft.xml
@@ -0,0 +1,9 @@
+<ruleset name="Framasoft">
+        <target host="framadate.org" />
+        <target host="framindmap.org" />
+
+		<securecookie host=".+" name=".+" />
+
+        <rule from="^http:"
+                to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/FrancaisFacile.com.xml b/src/chrome/content/rules/FrancaisFacile.com.xml
new file mode 100644
index 000000000000..70700a7e744d
--- /dev/null
+++ b/src/chrome/content/rules/FrancaisFacile.com.xml
@@ -0,0 +1,21 @@
+<!--
+	Related rulesets:
+		AllemandFacile.com.xml
+		AnglaisFacile.com.xml
+		EspagnolFacile.com.xml
+		Italien-Facile.com.xml
+		MathematiquesFaciles.com.xml
+		MesExercices.com.xml
+		MesOutils.com.xml
+		NLFacile.com.xml
+		ToLearnEnglish.com.xml
+		TousLesCours.com.xml
+-->
+<ruleset name="FrancaisFacile.com">
+	<target host="francaisfacile.com" />
+	<target host="www.francaisfacile.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/France-Universite-Numerique-MOOC.fr.xml b/src/chrome/content/rules/France-Universite-Numerique-MOOC.fr.xml
new file mode 100644
index 000000000000..a05b86302f2c
--- /dev/null
+++ b/src/chrome/content/rules/France-Universite-Numerique-MOOC.fr.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- www.france-universite-numerique-mooc.fr
+
+-->
+<ruleset name="France-Universite-Numerique-MOOC.fr">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="france-universite-numerique-mooc.fr" />
+	<target host="www.france-universite-numerique-mooc.fr" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.france-universite-numerique-mooc\.fr$" name="(?:csrftoken|sessionid)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/FranceTVInfo.fr.xml b/src/chrome/content/rules/FranceTVInfo.fr.xml
new file mode 100644
index 000000000000..6f2234395de1
--- /dev/null
+++ b/src/chrome/content/rules/FranceTVInfo.fr.xml
@@ -0,0 +1,46 @@
+<!--
+	Time out:
+		francetvinfo.fr
+
+	Mixed content:
+		geopolis.francetvinfo.fr
+
+	Different content HTTP/HTTPS:
+		m.geopolis.francetvinfo.fr
+
+	Invalid certificate:
+		municipaly.francetvinfo.fr
+
+-->
+<ruleset name="FranceTVInfo.fr">
+
+	<target host="francetvinfo.fr" />
+	<target host="www.francetvinfo.fr" />
+	<target host="backoffice.francetvinfo.fr" />
+	<target host="blog.francetvinfo.fr" />
+	<target host="france3-regions.blog.francetvinfo.fr" />
+	<target host="broadcast.francetvinfo.fr" />
+		<test url="http://broadcast.francetvinfo.fr/lives/4e9efb1a1cc6f04d9800002c" />
+	<target host="concours.francetvinfo.fr" />
+	<target host="culturebox.francetvinfo.fr" />
+	<target host="m.culturebox.francetvinfo.fr" />
+	<target host="france3-regions.francetvinfo.fr" />
+	<target host="m.france3-regions.francetvinfo.fr" />
+	<target host="la1ere.francetvinfo.fr" />
+	<target host="m.la1ere.francetvinfo.fr" />
+	<target host="live.francetvinfo.fr" />
+		<test url="http://live.francetvinfo.fr/assets/widget_live.css" />
+	<target host="loisirs.francetvinfo.fr" />
+	<target host="meteo.francetvinfo.fr" />
+	<target host="mobile.francetvinfo.fr" />
+	<target host="operation.francetvinfo.fr" />
+	<target host="sport.francetvinfo.fr" />
+	<target host="stream.francetvinfo.fr" />
+
+	<rule from="^http://francetvinfo\.fr/"
+		to="https://www.francetvinfo.fr/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Franceserv.xml b/src/chrome/content/rules/Franceserv.xml
index c09ffea233cc..ba108cc785a4 100644
--- a/src/chrome/content/rules/Franceserv.xml
+++ b/src/chrome/content/rules/Franceserv.xml
@@ -7,7 +7,6 @@
 	<securecookie host="^www\.franceserv\.fr$" name=".+" />
 
 
-	<rule from="^http://(www\.)?franceserv\.fr/"
-		to="https://$1franceserv.fr/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Franchise_Gator.com.xml b/src/chrome/content/rules/Franchise_Gator.com.xml
new file mode 100644
index 000000000000..9d6879478b58
--- /dev/null
+++ b/src/chrome/content/rules/Franchise_Gator.com.xml
@@ -0,0 +1,58 @@
+<!--
+	^franchisegator.com: Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.franchisegator.com
+
+-->
+<ruleset name="Franchise Gator.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.franchisegator.com" />
+
+	<!--	Complications:
+				-->
+	<target host="franchisegator.com" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.franchisegator\.com/$" /-->
+		<!--
+			404:
+				-->
+		<!--exclusion pattern="^http://www\.franchisegator\.com/(assets|images)/.+\.(cf|ic)\.[\dA-Za-z]{10}\.css" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://(?:www\.)?franchisegator\.com/+(?!dashboard(?:$|[?/])|tracker\.php)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://franchisegator.com/articles/" />
+			<test url="http://www.franchisegator.com/industries/" />
+			<test url="http://www.franchisegator.com/international/" />
+			<test url="http://www.franchisegator.com/lists/" />
+			<test url="http://www.franchisegator.com/videos/" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.franchisegator.com/tracker.php?action=visit&amp;g_id=" />
+			<test url="http://franchisegator.com/dashboard/" />
+			<test url="http://www.franchisegator.com/dashboard/forgot_password.php" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.franchisegator\.com$" name="^PHPSESSID$" /-->
+
+
+	<rule from="^http://franchisegator\.com/"
+		to="https://www.franchisegator.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Francis_Kim.co.xml b/src/chrome/content/rules/Francis_Kim.co.xml
new file mode 100644
index 000000000000..601e9f0276f6
--- /dev/null
+++ b/src/chrome/content/rules/Francis_Kim.co.xml
@@ -0,0 +1,13 @@
+<ruleset name="Francis Kim.co">
+
+	<target host="franciskim.co" />
+	<target host="www.franciskim.co" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Frank_Timis.xml b/src/chrome/content/rules/Frank_Timis.xml
deleted file mode 100644
index 72f1c98984fb..000000000000
--- a/src/chrome/content/rules/Frank_Timis.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	!www works over neither http nor https
-
--->
-<ruleset name="Frank Timis">
-
-	<target host="*.franktimis.com" />
-
-
-	<securecookie host="^\.franktimis\.com$" name=".+" />
-
-
-	<rule from="^http://www\.franktimis\.com/"
-		to="https://www.franktimis.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Franken.de.xml b/src/chrome/content/rules/Franken.de.xml
new file mode 100644
index 000000000000..8552c29a7781
--- /dev/null
+++ b/src/chrome/content/rules/Franken.de.xml
@@ -0,0 +1,32 @@
+<!--
+	Kommunikationsnetz Franken
+
+
+	^: http reply
+
+-->
+<ruleset name="Franken.de">
+
+	<target host="franken.de" />
+	<target host="www.franken.de" />
+	<target host="cloud.franken.de" />
+	<target host="kerio.franken.de" />
+
+
+	<!--	Secured by server:
+					-->
+	<!--securecookie host="^cloud\.franken\.de$" name="^DokuWiki$" /-->
+	<!--
+		Not secured by server:
+					-->
+	<!--securecookie host="^www\.franken\.de$" name="^(PHPSESSID|fe_typo_user)$" /-->
+
+	<securecookie host="^www\.franken\.de$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?franken\.de/"
+		to="https://www.franken.de/" />
+
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Frankfurtkanu.de.xml b/src/chrome/content/rules/Frankfurtkanu.de.xml
new file mode 100644
index 000000000000..2e906b7d5406
--- /dev/null
+++ b/src/chrome/content/rules/Frankfurtkanu.de.xml
@@ -0,0 +1,24 @@
+<!--
+	Nonfunctional hosts in *.frankfurtkanu.de:
+	cms.frankfurtkanu.de
+	ebbok.frankfurtkanu.de
+	files.frankfurtkanu.de
+	mx0.frankfurtkanu.de
+	outrigger.frankfurtkanu.de
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Frankfurtkanu.de">
+	<target host="frankfurtkanu.de" />
+	<target host="www.frankfurtkanu.de" />
+	<target host="mmc.frankfurtkanu.de" />
+	<target host="www.mmc.frankfurtkanu.de" />
+
+	<rule from="^http:" to="https:" />
+
+	<securecookie host=".+" name=".+" />
+</ruleset>
diff --git a/src/chrome/content/rules/Frankie_Boyle.com.xml b/src/chrome/content/rules/Frankie_Boyle.com.xml
deleted file mode 100644
index e59081aae324..000000000000
--- a/src/chrome/content/rules/Frankie_Boyle.com.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="Frankie Boyle.com">
-
-	<target host="frankieboyle.com" />
-	<target host="www.frankieboyle.com" />
-
-
-	<rule from="^http://(www\.)?frankieboyle\.com/"
-		to="https://$1frankieboyle.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Franklin_Veaux.com.xml b/src/chrome/content/rules/Franklin_Veaux.com.xml
new file mode 100644
index 000000000000..3c8f59a004c4
--- /dev/null
+++ b/src/chrome/content/rules/Franklin_Veaux.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="Franklin Veaux.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="franklinveaux.com" />
+	<target host="www.franklinveaux.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Franklin_W_Olin_College_of_Engineering.xml b/src/chrome/content/rules/Franklin_W_Olin_College_of_Engineering.xml
index 6c9ed1e2c894..63c4f9f817b8 100644
--- a/src/chrome/content/rules/Franklin_W_Olin_College_of_Engineering.xml
+++ b/src/chrome/content/rules/Franklin_W_Olin_College_of_Engineering.xml
@@ -1,16 +1,23 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://olin.edu/ => https://olin.edu/: (51, "SSL: no alternative certificate subject name matches target host name 'olin.edu'")
+Fetch error: http://www.olin.edu/ => https://www.olin.edu/: Too many redirects while fetching 'https://www.olin.edu/'
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://olin.edu/ => https://olin.edu/: (51, "SSL: no alternative certificate subject name matches target host name 'olin.edu'")
+Fetch error: http://www.olin.edu/ => https://www.olin.edu/: Cycle detected - URL already encountered: https://www.olin.edu/
 	Nonfunctional subdomains:
 
 		- ieee		(times out)
 
 -->
-<ruleset name="Franklin W. Olin College of Engineering">
+<ruleset name="Franklin W. Olin College of Engineering" default_off="failed ruleset test">
 
 	<target host="olin.edu" />
 	<target host="www.olin.edu" />
 
 
-	<rule from="^http://(www\.)?olin\.edu/"
-		to="https://$1olin.edu/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Franziska_Wellner.de.xml b/src/chrome/content/rules/Franziska_Wellner.de.xml
new file mode 100644
index 000000000000..834a3ac88774
--- /dev/null
+++ b/src/chrome/content/rules/Franziska_Wellner.de.xml
@@ -0,0 +1,33 @@
+<!--
+	Nonfunctional hosts in *franziskawellner.de:
+
+		- owncloud *
+
+	* Shows www.franziskawellner.de
+
+
+	Insecure cookies are set for these hosts:
+
+		- mail.franziskawellner.de
+
+-->
+<ruleset name="Franziska Wellner.de (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="franziskawellner.de" />
+	<target host="mail.franziskawellner.de" />
+	<target host="www.franziskawellner.de" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^mail\.franziskawellner\.de$" name="^SQMSESSID$" /-->
+
+	<securecookie host="^mail\.franziskawellner\.de$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Frascati_Cafe.nl.xml b/src/chrome/content/rules/Frascati_Cafe.nl.xml
new file mode 100644
index 000000000000..f7c7ef02efa6
--- /dev/null
+++ b/src/chrome/content/rules/Frascati_Cafe.nl.xml
@@ -0,0 +1,14 @@
+<ruleset name="Frascati Cafe.nl">
+
+	<target host="frascaticafe.nl" />
+	<target host="www.frascaticafe.nl" />
+
+
+	<securecookie host="^\w" name=".+" />
+	<securecookie host="^\." name="^_gat?$" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Frascati_Producties.nl.xml b/src/chrome/content/rules/Frascati_Producties.nl.xml
new file mode 100644
index 000000000000..3ae2d97e391f
--- /dev/null
+++ b/src/chrome/content/rules/Frascati_Producties.nl.xml
@@ -0,0 +1,26 @@
+<!--
+	^frascatiproducties.nl: Mismatched
+
+-->
+<ruleset name="Frascati Producties.nl">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.frascatiproducties.nl" />
+
+	<!--	Complications:
+				-->
+	<target host="frascatiproducties.nl" />
+
+
+	<securecookie host="^\." name="^_gat?$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://frascatiproducties\.nl/"
+		to="https://www.frascatiproducties.nl/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Frascati_Theater.nl.xml b/src/chrome/content/rules/Frascati_Theater.nl.xml
new file mode 100644
index 000000000000..cdb57dff254c
--- /dev/null
+++ b/src/chrome/content/rules/Frascati_Theater.nl.xml
@@ -0,0 +1,26 @@
+<!--
+	^frascatitheater.nl: Mismatched
+
+-->
+<ruleset name="Frascati Theater.nl">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.frascatitheater.nl" />
+
+	<!--	Complications:
+				-->
+	<target host="frascatitheater.nl" />
+
+
+	<securecookie host="^\." name="^_gat?$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://frascatitheater\.nl/"
+		to="https://www.frascatitheater.nl/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Fraser_Xu.me.xml b/src/chrome/content/rules/Fraser_Xu.me.xml
new file mode 100644
index 000000000000..09a6b2c4f9f4
--- /dev/null
+++ b/src/chrome/content/rules/Fraser_Xu.me.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .fraserxu.me
+
+-->
+<ruleset name="Fraser Xu.me">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="fraserxu.me" />
+	<target host="www.fraserxu.me" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.fraserxu\.me$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.fraserxu\.me$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Fraternal-Order-of-Locksport.xml b/src/chrome/content/rules/Fraternal-Order-of-Locksport.xml
index 632338b3d099..7f01f62b2052 100644
--- a/src/chrome/content/rules/Fraternal-Order-of-Locksport.xml
+++ b/src/chrome/content/rules/Fraternal-Order-of-Locksport.xml
@@ -3,7 +3,7 @@
 	<target host="bloomingtonfools.org"/>
 	<target host="www.bloomingtonfools.org"/>
 
-	<securecookie host="^www\.bloomingtonfools\.org$" name=".*"/>
+	<securecookie host="^www\.bloomingtonfools\.org$" name=".+" />
 
 	<!--	cert !match !www	-->
 	<rule from="^http://(?:www\.)?bloomingtonfools\.org/"
diff --git a/src/chrome/content/rules/FraudLabs.com.xml b/src/chrome/content/rules/FraudLabs.com.xml
new file mode 100644
index 000000000000..39ba5e851765
--- /dev/null
+++ b/src/chrome/content/rules/FraudLabs.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="FraudLabs.com">
+
+	<target host="fraudlabs.com" />
+	<target host="www.fraudlabs.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Frauenpg.ch.xml b/src/chrome/content/rules/Frauenpg.ch.xml
new file mode 100644
index 000000000000..6de0f1cf3609
--- /dev/null
+++ b/src/chrome/content/rules/Frauenpg.ch.xml
@@ -0,0 +1,6 @@
+<ruleset name="Frauenpg.ch">
+	<target host="frauenpg.ch" />
+	<target host="www.frauenpg.ch" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Fraunhofer.xml b/src/chrome/content/rules/Fraunhofer.xml
index ce355d579702..4af972e9c83b 100644
--- a/src/chrome/content/rules/Fraunhofer.xml
+++ b/src/chrome/content/rules/Fraunhofer.xml
@@ -1,23 +1,40 @@
 <!--
 	Nonfunctional subdomains:
 
-		- (www.)hhi *
-		- jp.hhi *
-
-	* Self-signed, mismatched, CN: svn.hhi.fraunhofer.de
+		many (see https://www.fraunhofer.de/de/institute-einrichtungen.html)
 
 -->
-<ruleset name="Fraunhofer (partial)" default_off="mismatch, self-signed">
+<ruleset name="Fraunhofer (partial)">
 
-	<target host="scai.fraunhofer.de"/>
+	<target host="www.fraunhofer.de"/>
 	<target host="www.scai.fraunhofer.de"/>
-	<!--	mismatch	-->
-	<target host="izb.fraunhofer.de"/>
-	<target host="www.izb.fraunhofer.de"/>
+	<target host="www.fit.fraunhofer.de"/>
+	<target host="www.aisec.fraunhofer.de"/>
+	<target host="www.igd.fraunhofer.de"/>
+	<target host="www.iais.fraunhofer.de"/>
+	<target host="www.fkie.fraunhofer.de"/>
+	<target host="www.fokus.fraunhofer.de"/>
+	<target host="www.sit.fraunhofer.de"/>
+	<target host="www.ipk.fraunhofer.de"/>
+	<target host="www.irb.fraunhofer.de"/>
+	<target host="www.isst.fraunhofer.de"/>
 
-	<securecookie host="^(.*\.)?(izb|scai)\.fraunhofer\.de$" name=".*"/>
+	<target host="fraunhofer.de"/>
+	<target host="scai.fraunhofer.de"/>
+	<target host="fit.fraunhofer.de"/>
+	<target host="aisec.fraunhofer.de"/>
+	<target host="igd.fraunhofer.de"/>
+	<target host="iais.fraunhofer.de"/>
+	<target host="fkie.fraunhofer.de"/>
+	<target host="fokus.fraunhofer.de"/>
+	<target host="sit.fraunhofer.de"/>
+	<target host="ipk.fraunhofer.de"/>
+	<target host="irb.fraunhofer.de"/>
+	<target host="isst.fraunhofer.de"/>
 
-	<rule from="^http://(?:www\.)?(izb|scai)\.fraunhofer\.de/"
-		to="https://www.$1.fraunhofer.de/"/>
+	<securecookie host="^(?:.*\.)?(?:izb|scai)\.fraunhofer\.de$" name=".+" />
 
+	<rule
+	  from="^http://(www\.)?((scai|fit|aisec|igd|iais|fkie|fokus|sit|ipk|irb|isst)\.)?fraunhofer\.de/"
+ 	  to="https://www.$2fraunhofer.de/" />
 </ruleset>
diff --git a/src/chrome/content/rules/Frdic.com.xml b/src/chrome/content/rules/Frdic.com.xml
new file mode 100644
index 000000000000..696210a77161
--- /dev/null
+++ b/src/chrome/content/rules/Frdic.com.xml
@@ -0,0 +1,28 @@
+<!--
+	Nonfunctional hosts in *.frdic.com:
+
+	http redirect
+		bbs.frdic.com
+		cn4.frdic.com
+		cn1b.frdic.com
+		cn1-1.frdic.com
+		my.frdic.com
+
+	connection refused
+		beta.frdic.com
+		api.frdic.com
+		services.frdic.com
+
+	Invalid certificate
+		wiki.gateway.frdic.com
+-->
+<ruleset name="Frdic.com">
+	<target host="frdic.com" />
+	<target host="www.frdic.com" />
+	<target host="bbs.frdic.com" />
+	<target host="cn3b.frdic.com" />
+	<target host="eu.frdic.com" />
+	<target host="my.frdic.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Fred_and_Pickles.xml b/src/chrome/content/rules/Fred_and_Pickles.xml
index 86da3c082a4c..34b82565af26 100644
--- a/src/chrome/content/rules/Fred_and_Pickles.xml
+++ b/src/chrome/content/rules/Fred_and_Pickles.xml
@@ -1,13 +1,19 @@
-<ruleset name="Fred and Pickles">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://fredandpickles.co.uk/ => https://fredandpickles.co.uk/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://www.fredandpickles.co.uk/ => https://www.fredandpickles.co.uk/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+
+-->
+<ruleset name="Fred and Pickles" default_off="failed ruleset test">
 
 	<target host="fredandpickles.co.uk" />
-	<target host="*.fredandpickles.co.uk" />
+	<target host="www.fredandpickles.co.uk" />
 
 
 	<securecookie host="^\.fredandpickles\.co\.uk$" name=".+" />
 
 
-	<rule from="^http://(www\.)?fredandpickles\.co\.uk/"
-		to="https://$1fredandpickles.co.uk/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Fredericia.dk.xml b/src/chrome/content/rules/Fredericia.dk.xml
new file mode 100644
index 000000000000..60fdf52bdac9
--- /dev/null
+++ b/src/chrome/content/rules/Fredericia.dk.xml
@@ -0,0 +1,18 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://fredericia.dk/ => https://fredericia.dk/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.fredericia.dk/ => https://www.fredericia.dk/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+-->
+<ruleset name="Fredericia.dk" default_off="failed ruleset test">
+
+	<target host="fredericia.dk" />
+	<target host="www.fredericia.dk" />
+
+	<securecookie host="^(www\.)?fredericia\.dk" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Frederikshavn.dk.xml b/src/chrome/content/rules/Frederikshavn.dk.xml
new file mode 100644
index 000000000000..0a2442984c4a
--- /dev/null
+++ b/src/chrome/content/rules/Frederikshavn.dk.xml
@@ -0,0 +1,11 @@
+<ruleset name="Frederikshavn.dk">
+
+	<target host="frederikshavn.dk" />
+	<target host="www.frederikshavn.dk" />
+
+	<securecookie host="^\.?frederikshavn\.dk" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Frederikssund.dk.xml b/src/chrome/content/rules/Frederikssund.dk.xml
new file mode 100644
index 000000000000..ecbeb1858e4a
--- /dev/null
+++ b/src/chrome/content/rules/Frederikssund.dk.xml
@@ -0,0 +1,18 @@
+<!--
+	Not covered:
+
+		- infokort
+
+-->
+
+<ruleset name="Frederikssund.dk">
+
+	<target host="frederikssund.dk" />
+	<target host="www.frederikssund.dk" />
+
+	<securecookie host="^\.?www\.frederikssund\.dk" name=".+" />
+
+	<rule from="^http://(www\.)?frederikssund\.dk/"
+		to="https://www.frederikssund.dk/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Free-TV-Video-Online.me.xml b/src/chrome/content/rules/Free-TV-Video-Online.me.xml
new file mode 100644
index 000000000000..dfe8cfecdb70
--- /dev/null
+++ b/src/chrome/content/rules/Free-TV-Video-Online.me.xml
@@ -0,0 +1,26 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://free-tv-video-online.me/ => https://free-tv-video-online.me/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://www.free-tv-video-online.me/ => https://www.free-tv-video-online.me/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+
+	Mixed content:
+
+		- Image from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Free-TV-Video-Online.me" default_off="failed ruleset test">
+
+	<target host="free-tv-video-online.me" />
+	<target host="www.free-tv-video-online.me" />
+
+
+	<securecookie host="^\.free-tv-video-online\.me$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/FreeBSD.org.xml b/src/chrome/content/rules/FreeBSD.org.xml
new file mode 100644
index 000000000000..50674cb0f679
--- /dev/null
+++ b/src/chrome/content/rules/FreeBSD.org.xml
@@ -0,0 +1,81 @@
+<!--
+	Nonfunctional hosts in *freebsd.org:
+
+		- ftp-archive ¹
+		- pkgbeta ²
+		- portscout ²
+		- portsmon ²
+		- tinderbox ²
+
+	¹ Timeout
+	² Refused
+
+
+	Nonfunctional hosts in [lang].freebsd.org:
+
+		- ftp ¹
+		- lists ¹
+		- mailman ¹
+		- www ¹
+
+	¹ Refused
+
+
+	Problematic hosts in *freebsd.org:
+
+		- ftp 		(¹, CN: download.freebsd.org)
+		- tinderbox 	(¹, CN: www.des.no)
+
+	¹ Mismatched
+
+
+	These altnames do not exist:
+
+		- www.people.freebsd.org
+		- www.wiki.freebsd.org
+
+
+	Insecure cookies are set for these domains: ᶜ
+
+		- .bugs.freebsd.org
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="FreeBSD.org (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="freebsd.org" />
+	<target host="www.freebsd.org" />
+	<target host="admbugs.freebsd.org" />
+	<target host="bugs.freebsd.org" />
+	<target host="bugs.au.freebsd.org" />
+	<target host="www.bugs.au.freebsd.org" />
+	<target host="docs.freebsd.org" />
+	<target host="download.freebsd.org" />
+	<target host="election.freebsd.org" />
+	<target host="forums.freebsd.org" />
+	<target host="lists.freebsd.org" />
+	<target host="man.freebsd.org" />
+	<target host="p4db.freebsd.org" />
+	<target host="people.freebsd.org" />
+	<target host="perforce.freebsd.org" />
+	<target host="pkg.freebsd.org" />
+	<target host="reviews.freebsd.org" />
+	<target host="security.freebsd.org" />
+	<target host="svn.freebsd.org" />
+	<target host="svnweb.freebsd.org" />
+	<target host="vuxml.freebsd.org" />
+	<target host="wiki.freebsd.org" />
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.bugs\.freebsd\.org$" name="^Bugzilla_login_request_cookie$" /-->
+
+	<securecookie host="^(?!\.freebsd\.org$)." name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/FreeBSD.xml b/src/chrome/content/rules/FreeBSD.xml
deleted file mode 100644
index d97e38ecfb0b..000000000000
--- a/src/chrome/content/rules/FreeBSD.xml
+++ /dev/null
@@ -1,60 +0,0 @@
-<!--
-	Credit: https://mail1.eff.org/pipermail/https-everywhere-rules/2013-June/001629.html
-
-
-	Nonfunctional subdomains:
-
-		- ftp		(times out)
-		- portsmon *
-		- tinderbox *
-
-	* Refused
-
-
-	Problematic subdomains:
-
-		- ^		(interrupted)
-		- bwwwdyn **
-		- docs *
-		- election **
-		- p4db *
-		- portaudit *
-		- security *
-		- svn		(refused)
-
-	** Works; expired 2013-04-02, self-signed
-	* Works; mismatched, CN: www.freebsd.org
-
-
-	Fully covered subdomains:
-
-		- (www.)	(^ → www)
-		- admbugs
-		- forums
-		- lists
-		- security	(→ www)
-		- svn		(→ svnweb)
-
--->
-<ruleset name="FreeBSD (partial) ">
-
-	<target host="freebsd.org" />
-	<target host="*.freebsd.org" />
-
-
-	<securecookie host="^(?:admbug|forum)s\.freebsd\.org$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?freebsd\.org/"
-		to="https://www.freebsd.org/" />
-
-	<rule from="^http://(admbugs|forums|lists|svnweb|wiki)\.freebsd\.org/"
-		to="https://$1.freebsd.org/" />
-
-	<rule from="^http://security\.freebsd\.org/"
-		to="https://www.freebsd.org/security/" />
-
-	<rule from="^http://svn\.freebsd\.org/"
-		to="https://svnweb.freebsd.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/FreeBSDNews.com.xml b/src/chrome/content/rules/FreeBSDNews.com.xml
new file mode 100644
index 000000000000..6bdb7d769c7a
--- /dev/null
+++ b/src/chrome/content/rules/FreeBSDNews.com.xml
@@ -0,0 +1,19 @@
+<!--
+	Mixed content:
+
+		- Image from 3d2ixy3hf5o5dllmr3zqz2qc.wpengine.netdna-cdn.com
+
+-->
+<ruleset name="FreeBSDNews.com">
+
+	<target host="freebsdnews.com" />
+	<target host="www.freebsdnews.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/FreeBSD_Foundation.org.xml b/src/chrome/content/rules/FreeBSD_Foundation.org.xml
new file mode 100644
index 000000000000..fab2fa5b6950
--- /dev/null
+++ b/src/chrome/content/rules/FreeBSD_Foundation.org.xml
@@ -0,0 +1,17 @@
+<ruleset name="FreeBSD Foundation.org">
+
+	<target host="freebsdfoundation.org" />
+	<target host="www.freebsdfoundation.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?freebsdfoundation\.org$" name="^_freebsd_foundation_app_session$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/FreeBSoft.org.xml b/src/chrome/content/rules/FreeBSoft.org.xml
index e7e9574c753e..6df3b39ac8c9 100644
--- a/src/chrome/content/rules/FreeBSoft.org.xml
+++ b/src/chrome/content/rules/FreeBSoft.org.xml
@@ -4,9 +4,7 @@
 		- www *
 		- beta **
 		- cvs **
-		- devel *
-		- git **
-		- live *
+		- lists
 
 	* Shows www.ktn.cz, valid cert
 	** 500, valid cert
@@ -23,10 +21,15 @@
 -->
 <ruleset name="FreeBSoft.org (partial)">
 
-	<target host="*.freebsoft.org" />
+	<target host="freebsoft.org" />
+	<target host="devel.freebsoft.org" />
+	<target host="git.freebsoft.org" />
+	<target host="its.freebsoft.org" />
+	<target host="live.freebsoft.org" />
+	<target host="www.freebsoft.org" />
 
 
-	<rule from="^http://(i|lis)ts\.freebsoft\.org/"
-		to="https://$1ts.freebsoft.org/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/FreeBin.xml b/src/chrome/content/rules/FreeBin.xml
deleted file mode 100644
index 4c026cae30a8..000000000000
--- a/src/chrome/content/rules/FreeBin.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="FreeBin" default_off="Certificate mismatch">
-
-	<target host="freebin.org" />
-	<target host="www.freebin.org" />
-
-	<rule from="^http://(www\.)?freebin\.org/"
-		to="https://freebin.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/FreeBusy.io.xml b/src/chrome/content/rules/FreeBusy.io.xml
new file mode 100644
index 000000000000..b97fa332cbd7
--- /dev/null
+++ b/src/chrome/content/rules/FreeBusy.io.xml
@@ -0,0 +1,7 @@
+<ruleset name="FreeBusy.io">
+	<target host="freebusy.io" />
+	<target host="www.freebusy.io" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/FreeDesktop.xml b/src/chrome/content/rules/FreeDesktop.xml
index c9d7f2ec2776..7a634ad137af 100644
--- a/src/chrome/content/rules/FreeDesktop.xml
+++ b/src/chrome/content/rules/FreeDesktop.xml
@@ -1,121 +1,55 @@
 <!--
-	Nonfunctional domains:
-
-		- (www.)cairographics.org *
-		- lists.cairographics.org **
-
-		- freedesktop.org subdomains:
-
-			- cgit		(refused)
-			- download *
-			- gstreamer *
-			- lists **
-			- patchwork *
-			- planet *
-			- poppler *
-			- portland *
-			- specifications **
-			- standards **
-			- wayland *
-			- xcb *
-			- xorg *
-
-	* Shows secure.freedesktop.org; mismatched, CN: secure.freedesktop.org
-	** http reply
-
-
-	Problematic subdomains:
-
-		- (www.) *
-		- apoc *
-		- bugzilla	(mismatched, CN: bugs.freedesktop.org)
-		- dri *
-		- gypsy *
-		- ldtp *
-		- libbsd *
-		- libdlo *
-		- liboil *
-		- libopenraw *
-		- nice *
-		- nouveau *
-		- people	($ 404s, ~.../ works; mismatched, CN: secure.freedesktop.org)
-		- pm-utils *
-		- sitewranglers *
-		- swfdec *
-		- telepathy *
-		- testrepo *
-		- wiki		(mismatched, CN: secure.freedesktop.org)
-
-	* Shows secure.freedesktop.org
-
-
-	Partially covered subdomains:
-
-		- people	(→ secure, $ 404s)
-		- (www.)	(→ ^, software/ 404s)
-
-
-	Fully covered subdomains:
-
-		- apoc *
-		- dri *
-		- bugs
-		- bugzilla	(→ bugs)
-		- gypsy *
-		- ldtp *
-		- libbsd *
-		- libdlo *
-		- liboil *
-		- libopenraw *
-		- nice *
-		- nouveau *
-		- pm-utils *
-		- secure
-		- sitewranglers *
-		- swfdec *
-		- telepathy *
-		- testrepo *
-		- wiki *
-
-	* → freedesktop.org
-
+	Mismatched:
+		- download.freedesktop.org
+		- sitewranglers.freedesktop.org
+		- swfdec.freedesktop.org
+		- tango.freedesktop.org
 -->
 <ruleset name="freedesktop.org (partial)">
-
 	<target host="freedesktop.org" />
-	<target host="*.freedesktop.org" />
-		<!--
-			404:
-				-->
-		<exclusion pattern="^http://(?:www\.)?freedesktop\.org/software(?:$|[?/])" />
-		<!--
-			$ is not identical:
-						-->
-		<exclusion pattern="^http://people\.freedesktop\.org/(?!~)" />
-
-
-	<securecookie host="^bugs\.freedesktop\.org$" name=".+" />
-
-
-	<rule from="^http://freedesktop\.org/wiki(\?.*)?$"
-		to="https://freedesktop.org/www$1" />
-
-	<rule from="^http://freedesktop\.org/(?:wiki/)?"
-		to="https://freedesktop.org/www/" />
-
-	<rule from="^http://(apoc|dri|gypsy|ldtp|libbsd|libdlo|liboil|libopenraw|nice|nouveau|pm-utils|sitewranglers|swfdec|telepathy|testrepo|www)\.freedesktop\.org/wiki(\?.*)?$"
-		to="https://freedesktop.org/$1$2" />
-
-	<rule from="^http://(apoc|dri|gypsy|ldtp|libbsd|libdlo|liboil|libopenraw|nice|nouveau|pm-utils|sitewranglers|swfdec|telepathy|testrepo|www)\.freedesktop\.org/(?:wiki/)?"
-		to="https://freedesktop.org/$1/" />
-
-	<rule from="^http://bug(?:s|zilla)\.freedesktop\.org/"
-		to="https://bugs.freedesktop.org/" />
-
-	<rule from="^http://(?:peopl|secur)e\.freedesktop\.org/"
-		to="https://secure.freedesktop.org/" />
-
-	<rule from="^http://wiki\.freedesktop\.org/"
-		to="https://freedesktop.org/" />
-
+	<target host="www.freedesktop.org" />
+	<target host="apoc.freedesktop.org" />
+	<target host="bugs.freedesktop.org" />
+	<target host="bugzilla.freedesktop.org" />
+	<target host="cgit.freedesktop.org" />
+	<target host="dbus.freedesktop.org" />
+	<target host="dri.freedesktop.org" />
+	<target host="fontconfig.freedesktop.org" />
+	<target host="freetype.freedesktop.org" />
+	<target host="gitlab.freedesktop.org" />
+	<target host="gstreamer.freedesktop.org" />
+	<target host="gypsy.freedesktop.org" />
+	<target host="hal.freedesktop.org" />
+	<target host="icon-theme.freedesktop.org" />
+	<target host="ldtp.freedesktop.org" />
+	<target host="libbsd.freedesktop.org" />
+	<target host="libdlo.freedesktop.org" />
+	<target host="liboil.freedesktop.org" />
+	<target host="libopenraw.freedesktop.org" />
+	<target host="libspectre.freedesktop.org" />
+	<target host="lists.freedesktop.org" />
+	<target host="mesa.freedesktop.org" />
+	<target host="nice.freedesktop.org" />
+	<target host="nouveau.freedesktop.org" />
+	<target host="patchwork.freedesktop.org" />
+	<target host="people.freedesktop.org" />
+	<target host="piglit.freedesktop.org" />
+	<target host="planet.freedesktop.org" />
+	<target host="pm-utils.freedesktop.org" />
+	<target host="poppler.freedesktop.org" />
+	<target host="portland.freedesktop.org" />
+	<target host="secure.freedesktop.org" />
+	<target host="specifications.freedesktop.org" />
+	<target host="standards.freedesktop.org" />
+	<target host="telepathy.freedesktop.org" />
+	<target host="wayland.freedesktop.org" />
+	<target host="wiki.freedesktop.org" />
+	<target host="xcb.freedesktop.org" />
+	<target host="xorg.freedesktop.org" />
+
+	<test url="http://people.freedesktop.org/~airlied/" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/FreeFind.xml b/src/chrome/content/rules/FreeFind.xml
index 0733e89f4711..ed4fd8f371b3 100644
--- a/src/chrome/content/rules/FreeFind.xml
+++ b/src/chrome/content/rules/FreeFind.xml
@@ -1,17 +1,30 @@
-<ruleset name="FreeFind">
+<!--
+	Other FreeFind rulesets:
+
+		- ChangeDetection.com.xml
+
+
+	Insecure cookies are set for these domains:
+
+		- .freefind.com
+
+-->
+<ruleset name="FreeFind.com">
 
 	<target host="freefind.com" />
-	<target host="*.freefind.com" />
+	<target host="control.freefind.com" />
+	<target host="search.freefind.com" />
+	<target host="www.freefind.com" />
 
 
-	<securecookie host="^(?:control|search|www)\.freefind\.com$"
-			name=".+" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="\.freefind\.com$" name="^ref$" /-->
 
+	<securecookie host="^(?:control|search|www)?\.freefind\.com$" name=".+" />
 
-	<rule from="^http(?:://(?:www\.)?|s://)freefind\.com/"
-		to="https://www.freefind.com/" />
 
-	<rule from="^http://(control|search)\.freefind\.com/"
-		to="https://$1.freefind.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/FreePDFHosting.com.xml b/src/chrome/content/rules/FreePDFHosting.com.xml
new file mode 100644
index 000000000000..c690f67dbbb5
--- /dev/null
+++ b/src/chrome/content/rules/FreePDFHosting.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="FreePDFHosting.com">
+	<target host="freepdfhosting.com" />
+	<target host="www.freepdfhosting.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/FreePascal.org.xml b/src/chrome/content/rules/FreePascal.org.xml
new file mode 100644
index 000000000000..9370596527c1
--- /dev/null
+++ b/src/chrome/content/rules/FreePascal.org.xml
@@ -0,0 +1,28 @@
+<!--
+	Invalid certificate:
+		lazarus.freepascal.org
+		www.lazarus.freepascal.org
+		lists.lazarus.freepascal.org
+
+	SSL protocol error:
+		wiki.lazarus.freepascal.org
+		wiki.freepascal.org
+
+-->
+<ruleset name="FreePascal.org">
+
+	<target host="freepascal.org" />
+	<target host="www.freepascal.org" />
+	<target host="bugs.freepascal.org" />
+	<target host="docs.freepascal.org" />
+	<target host="foundation.freepascal.org" />
+	<target host="idefix.freepascal.org" />
+	<target host="forum.lazarus.freepascal.org" />
+	<target host="mantis.freepascal.org" />
+	<target host="svn.freepascal.org" />
+		<test url="http://svn.freepascal.org/feeds/" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/FreePress.net.xml b/src/chrome/content/rules/FreePress.net.xml
new file mode 100644
index 000000000000..eec0b63f6515
--- /dev/null
+++ b/src/chrome/content/rules/FreePress.net.xml
@@ -0,0 +1,19 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+		- agenda.freepress.net
+
+		SSL peer certificate was not OK:
+		- conference.freepress.net
+		- s3.freepress.net
+-->
+<ruleset name="Free Press.net">
+	<target host="freepress.net" />
+	<target host="www.freepress.net" />
+	<target host="act.freepress.net" />
+	<target host="act2.freepress.net" />
+	
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/FreeRADIUS.org.xml b/src/chrome/content/rules/FreeRADIUS.org.xml
new file mode 100644
index 000000000000..fb881907d3a4
--- /dev/null
+++ b/src/chrome/content/rules/FreeRADIUS.org.xml
@@ -0,0 +1,21 @@
+<!--
+	Invalid Certificate:
+		- bugs.freeradius.org
+		- ftp.freeradius.org
+		- git.freeradius.org
+		- lists.freeradius.org
+		- mail.freeradius.org
+		- ns2.freeradius.org
+		- power.freeradius.org
+		- luajit.wiki.freeradius.org
+-->
+
+<ruleset name="FreeRADIUS.org">
+	<target host="freeradius.org" />
+	<target host="www.freeradius.org" />
+	<target host="doc.freeradius.org" />
+	<target host="wiki.freeradius.org" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/FreeSWITCH.org.xml b/src/chrome/content/rules/FreeSWITCH.org.xml
new file mode 100644
index 000000000000..a49e1a480007
--- /dev/null
+++ b/src/chrome/content/rules/FreeSWITCH.org.xml
@@ -0,0 +1,27 @@
+<!--
+	Expired:
+		- sidious.freeswitch.org
+-->
+<ruleset name="FreeSWITCH.org">
+
+	<target host="freeswitch.org" />
+	<target host="www.freeswitch.org" />
+	<target host="confluence.freeswitch.org" />
+	<target host="docs.freeswitch.org" />
+	<target host="files.freeswitch.org" />
+	<target host="jira.freeswitch.org" />
+	<target host="lists.freeswitch.org" />
+	<target host="pastebin.freeswitch.org" />
+	<target host="wiki.freeswitch.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^wiki\.freeswitch\.org$" name="^mediawiki_session$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/FreeScoreNation.com.xml b/src/chrome/content/rules/FreeScoreNation.com.xml
new file mode 100644
index 000000000000..61057f20d3c0
--- /dev/null
+++ b/src/chrome/content/rules/FreeScoreNation.com.xml
@@ -0,0 +1,20 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://freescorenation.com/ => https://freescorenation.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.freescorenation.com/ => https://www.freescorenation.com/: (28, 'Connection timed out after 20000 milliseconds')
+
+-->
+<ruleset name="FreeScoreNation.com" default_off="failed ruleset test">
+
+	<target host="freescorenation.com" />
+	<target host="www.freescorenation.com" />
+
+
+	<securecookie host="^(?:\.|www\.)?freescorenation\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/FreeSoundEffects.com.xml b/src/chrome/content/rules/FreeSoundEffects.com.xml
new file mode 100644
index 000000000000..6f0347d361a9
--- /dev/null
+++ b/src/chrome/content/rules/FreeSoundEffects.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="FreeSoundEffects.com">
+	<target host="freesoundeffects.com" />
+	<target host="www.freesoundeffects.com" />
+
+	<securecookie host="(^|\.)freesoundeffects\.com$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/FreeStyler.WS.xml b/src/chrome/content/rules/FreeStyler.WS.xml
new file mode 100644
index 000000000000..fb3e9f35779c
--- /dev/null
+++ b/src/chrome/content/rules/FreeStyler.WS.xml
@@ -0,0 +1,6 @@
+<ruleset name="FreeStyler.WS">
+	<target host="freestyler.ws" />
+	<target host="www.freestyler.ws" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/FreeThesaurus.com.xml b/src/chrome/content/rules/FreeThesaurus.com.xml
new file mode 100644
index 000000000000..69f79a5fc94c
--- /dev/null
+++ b/src/chrome/content/rules/FreeThesaurus.com.xml
@@ -0,0 +1,18 @@
+<!--
+	For other related rulesets, see TheFreeDictionary.com.xml
+
+	Wildcard DNS and cert. Host responds to any subdomain.
+-->
+<ruleset name="FreeThesaurus.com">
+	<target host="freethesaurus.com" />
+	<target host="*.freethesaurus.com" />
+
+		<test url="http://www.freethesaurus.com/" />
+		<test url="http://encyclopedia.freethesaurus.com/" />
+		<test url="http://pt.freethesaurus.com/" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/FreeUnlocks.com.xml b/src/chrome/content/rules/FreeUnlocks.com.xml
index bbe09f704a5c..47172d9a0b14 100644
--- a/src/chrome/content/rules/FreeUnlocks.com.xml
+++ b/src/chrome/content/rules/FreeUnlocks.com.xml
@@ -17,13 +17,13 @@
 <ruleset name="FreeUnlocks.com">
 
 	<target host="freeunlocks.com" />
-	<target host="*.freeunlocks.com" />
+	<target host="www.freeunlocks.com" />
 
 
 	<securecookie host="^(?:www)?\.freeunlocks\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?freeunlocks\.com/"
-		to="https://$1freeunlocks.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/FreeUtopia.org.xml b/src/chrome/content/rules/FreeUtopia.org.xml
new file mode 100644
index 000000000000..da63e77a6454
--- /dev/null
+++ b/src/chrome/content/rules/FreeUtopia.org.xml
@@ -0,0 +1,11 @@
+<ruleset name="Free Utopia.org">
+
+	<target host="freeutopia.org" />
+	<target host="www.freeutopia.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/FreeWheel-problematic.xml b/src/chrome/content/rules/FreeWheel-problematic.xml
index 64ef5cdbe424..bd7e3b5d4e96 100644
--- a/src/chrome/content/rules/FreeWheel-problematic.xml
+++ b/src/chrome/content/rules/FreeWheel-problematic.xml
@@ -5,13 +5,13 @@
 <ruleset name="FreeWheel (self-signed)" default_off="expired, self-signed">
 
 	<target host="freewheel.tv" />
-	<target host="*.freewheel.tv" />
+	<target host="www.freewheel.tv" />
 
 
 	<securecookie host="^\.?freewheel\.tv$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?freewheel\.tv/"
+	<rule from="^http://(?:www\.)?freewheel\.tv/"
 		to="https://freewheel.tv/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/FreeWheel.xml b/src/chrome/content/rules/FreeWheel.xml
index 2205a0c9a70d..592b1654b087 100644
--- a/src/chrome/content/rules/FreeWheel.xml
+++ b/src/chrome/content/rules/FreeWheel.xml
@@ -1,4 +1,10 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://mrm.freewheel.tv/ => https://mrm.freewhell.tv/: (6, 'Could not resolve host: mrm.freewhell.tv')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://mrm.freewheel.tv/ => https://mrm.freewhell.tv/: (6, 'Could not resolve host: mrm.freewhell.tv')
 	For problematic rules, see FreeWheel-problematic.xml.
 
 
@@ -12,11 +18,11 @@
 		- m1.fwmrm.net	(503, akamai)
 
 -->
-<ruleset name="FreeWheel (partial)">
+<ruleset name="FreeWheel (partial)" default_off="failed ruleset test">
 
 	<target host="mrm.freewheel.tv" />
-	<target host="*.fwmrm.net" />
 	<target host="2912a.v.fwmrm.net" />
+	<target host="2df7d.v.fwmrm.net" />
 
 
 	<securecookie host="^.*\.fwmrm\.net$" name=".+" />
@@ -28,7 +34,6 @@
 
 	<!--	Included on 3rd-party websites.
 							-->
-	<rule from="^http://2(912a|df7d)\.v\.fwmrm\.net/"
-		to="https://2$1.v.fwmrm.net/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Free_Bible_Software.com.xml b/src/chrome/content/rules/Free_Bible_Software.com.xml
index 647eb47baa2a..1548eed788a1 100644
--- a/src/chrome/content/rules/Free_Bible_Software.com.xml
+++ b/src/chrome/content/rules/Free_Bible_Software.com.xml
@@ -1,13 +1,29 @@
-<ruleset name="Free Bible Software.com">
+<!--
+	NB: Server sends no certificate chain, see https://whatsmychaincert.com
+
+
+	Insecure cookies are set for these hosts:
+
+		- freebiblesoftware.com
+		- development.freebiblesoftware.com
+		- www.freebiblesoftware.com
+
+-->
+<ruleset name="Free Bible Software.com" default_off="cert-chain">
 
 	<target host="freebiblesoftware.com" />
-	<target host="*.freebiblesoftware.com" />
+	<target host="development.freebiblesoftware.com" />
+	<target host="www.freebiblesoftware.com" />
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:development\.|www\.)?freebiblesoftware\.com$" name="^ASPSESSIONID[A-Z]$" /-->
 
 	<securecookie host="^(?:development\.|www\.)?freebiblesoftware\.com$" name=".+" />
 
 
-	<rule from="^http://(development\.|www\.)?freebiblesoftware\.com/"
-		to="https://$1freebiblesoftware.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Free_Chelsea.com.xml b/src/chrome/content/rules/Free_Chelsea.com.xml
new file mode 100644
index 000000000000..463c5acafbaa
--- /dev/null
+++ b/src/chrome/content/rules/Free_Chelsea.com.xml
@@ -0,0 +1,26 @@
+<!--
+	For other Fight for the Future coverage, see Fight-for-the-Future.xml.
+
+
+	Insecure cookies are set for these domains:
+
+		- .freechelsea.com
+
+	Refused:
+		freechelsea.com
+
+-->
+<ruleset name="Free Chelsea.com">
+
+	<target host="freechelsea.com" />
+	<target host="www.freechelsea.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://freechelsea\.com/"
+		to="https://www.freechelsea.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Free_Language.org.xml b/src/chrome/content/rules/Free_Language.org.xml
new file mode 100644
index 000000000000..24b5a53d3621
--- /dev/null
+++ b/src/chrome/content/rules/Free_Language.org.xml
@@ -0,0 +1,36 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .freelanguage.org
+
+
+	Mixed content:
+
+		- css from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Free Language.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="freelanguage.org" />
+	<target host="www.freelanguage.org" />
+
+		<!--	Mixed css from googleapis:
+						-->
+		<test url="http://freelanguage.org/video-screencasts" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.freelanguage\.org$" name="^SESS[\da-f]$" /-->
+
+	<securecookie host="^\.freelanguage\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Free_Movement.org.uk.xml b/src/chrome/content/rules/Free_Movement.org.uk.xml
new file mode 100644
index 000000000000..c37f8ebbd69d
--- /dev/null
+++ b/src/chrome/content/rules/Free_Movement.org.uk.xml
@@ -0,0 +1,18 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://freemovement.org.uk/ => https://freemovement.org.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'freemovement.org.uk'")
+
+-->
+<ruleset name="Free Movement.org.uk" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="freemovement.org.uk" />
+	<target host="www.freemovement.org.uk" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Free_Press.xml b/src/chrome/content/rules/Free_Press.xml
deleted file mode 100644
index 4b915966a70a..000000000000
--- a/src/chrome/content/rules/Free_Press.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)
-
--->
-<ruleset name="Free Press (partial)">
-
-	<target host="act.freepress.net" />
-
-
-	<securecookie host="^act\.freepress\.net$" name=".+" />
-
-
-	<rule from="^http://act\.freepress\.net/"
-		to="https://act.freepress.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Free_Press_Unlimited.org.xml b/src/chrome/content/rules/Free_Press_Unlimited.org.xml
new file mode 100644
index 000000000000..56c3a9499a01
--- /dev/null
+++ b/src/chrome/content/rules/Free_Press_Unlimited.org.xml
@@ -0,0 +1,12 @@
+<ruleset name="Free Press Unlimited.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="freepressunlimited.org" />
+	<target host="www.freepressunlimited.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Free_Rainbow_Tables.xml b/src/chrome/content/rules/Free_Rainbow_Tables.xml
index b40ea1fb49f4..d432247fc857 100644
--- a/src/chrome/content/rules/Free_Rainbow_Tables.xml
+++ b/src/chrome/content/rules/Free_Rainbow_Tables.xml
@@ -1,4 +1,11 @@
-<ruleset name="Free Rainbow Tables">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://freerainbowtables.com/ => https://freerainbowtables.com/: (7, 'Failed to connect to freerainbowtables.com port 443: Connection refused')
+Fetch error: http://www.freerainbowtables.com/ => https://www.freerainbowtables.com/: (7, 'Failed to connect to www.freerainbowtables.com port 443: Connection refused')
+
+-->
+<ruleset name="Free Rainbow Tables.com" default_off="failed ruleset test">
 
 	<target host="freerainbowtables.com" />
 	<target host="www.freerainbowtables.com" />
@@ -7,7 +14,7 @@
 	<securecookie host="^(?:www\.)?freerainbowtables\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?freerainbowtables\.com/"
-		to="https://$1freerainbowtables.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Free_Speech.org.xml b/src/chrome/content/rules/Free_Speech.org.xml
new file mode 100644
index 000000000000..913ec8fe1518
--- /dev/null
+++ b/src/chrome/content/rules/Free_Speech.org.xml
@@ -0,0 +1,10 @@
+<ruleset name="Free Speech.org">
+
+	<target host="freespeech.org" />
+	<target host="www.freespeech.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Free_State_Project.org.xml b/src/chrome/content/rules/Free_State_Project.org.xml
new file mode 100644
index 000000000000..b43575385b05
--- /dev/null
+++ b/src/chrome/content/rules/Free_State_Project.org.xml
@@ -0,0 +1,35 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://pledge.freestateproject.org/ => https://pledge.freestateproject.org/: (7, 'Failed to connect to pledge.freestateproject.org port 443: Connection refused')
+
+	These altnames don't exist:
+
+		- www.pledge.freestateproject.org
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .freestateproject.org
+		- pledge.freestateproject.org
+
+-->
+<ruleset name="Free State Project.org" default_off="failed ruleset test">
+
+	<target host="freestateproject.org" />
+	<target host="pledge.freestateproject.org" />
+	<target host="www.freestateproject.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.freestateproject\.org$" name="^ubvt$" /-->
+	<!--securecookie host="^pledge\.freestateproject\.org$" name="^ub(?:pv|vs)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Free_TV_Online.com.xml b/src/chrome/content/rules/Free_TV_Online.com.xml
new file mode 100644
index 000000000000..9ec707557805
--- /dev/null
+++ b/src/chrome/content/rules/Free_TV_Online.com.xml
@@ -0,0 +1,22 @@
+<!--
+	Expired 2013-10-05
+
+-->
+<ruleset name="Free TV Online.com (partial)" default_off="expired">
+
+	<target host="freetvonline.com" />
+	<target host="www.freetvonline.com" />
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="^http://www\.freetvonline\.com/+($|\?|favicon\.ico)" /-->
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="^http://www\.freetvonline\.com/+(?!css/|images/|showImages/)" /-->
+
+
+	<rule from="^http://(?:www\.)?freetvonline\.com/(?=css/|images/|showImages/)"
+		to="https://www.freetvonline.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Free_Your_Android.org.xml b/src/chrome/content/rules/Free_Your_Android.org.xml
new file mode 100644
index 000000000000..fb4954dc8c94
--- /dev/null
+++ b/src/chrome/content/rules/Free_Your_Android.org.xml
@@ -0,0 +1,16 @@
+<!--
+	For other Free Software Foundation Europe coverage, see FSFE.org.xml.
+
+-->
+<ruleset name="Free Your Android.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="freeyourandroid.org" />
+	<target host="www.freeyourandroid.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Free_practice_tests.org.xml b/src/chrome/content/rules/Free_practice_tests.org.xml
new file mode 100644
index 000000000000..b100712b2960
--- /dev/null
+++ b/src/chrome/content/rules/Free_practice_tests.org.xml
@@ -0,0 +1,21 @@
+<!--
+	For other Clément Dupuis coverage, see CCCure.com.xml.
+
+
+	Mixed content:
+
+		- Ad from cccure.training *
+
+	* Secured by us
+
+-->
+<ruleset name="Free practice tests.org">
+
+	<target host="freepracticetests.org" />
+	<target host="www.freepracticetests.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Freebase.xml b/src/chrome/content/rules/Freebase.xml
index b693d0d28ca4..57d689f2a107 100644
--- a/src/chrome/content/rules/Freebase.xml
+++ b/src/chrome/content/rules/Freebase.xml
@@ -1,31 +1,47 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://api.freebase.com/ => https://api.freebase.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://res.freebase.com/ => https://res.freebase.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://static.freebase.com/ => https://static.freebase.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.freebase.com/ => https://www.freebase.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://freebase.com/ => https://www.freebase.com/: (60, 'SSL certificate problem: certificate has expired')
+
+	Other Freebase rulesets:
+
+		- Freebaselibs.com.xml
+
+
 	Nonfunctional subdomains:
 
 		- lists	(times out)
 		- wiki
 
+
+	^freebase.com: Handshake fails
+
 -->
-<ruleset name="Freebase (partial)">
+<ruleset name="Freebase.com (partial)" default_off="failed ruleset test">
 
+	<!--	Direct rewrites:
+				-->
+	<target host="api.freebase.com" />
+	<target host="res.freebase.com" />
+	<target host="static.freebase.com" />
+	<target host="www.freebase.com" />
+
+	<!--	Complications:
+				-->
 	<target host="freebase.com" />
-	<target host="*.freebase.com" />
-	<target host="freebaselibs.com" />
 
 
-	<securecookie host="^.*\.freebase\.com$" name=".*" />
+	<securecookie host=".*\.freebase\.com$" name=".+" />
 
 
-	<!--	Cert only matches *.freebase.com.	-->
-	<rule from="^https?://(?:www\.)?freebase\.com/"
+	<rule from="^http://freebase\.com/"
 		to="https://www.freebase.com/" />
 
-	<rule from="^http://(api|res|static)\.freebase\.com/"
-		to="https://$1.freebase.com/" />
-
-	<!--	- www doesn't exist
-		- Cert only matches *.freebase.com
-							-->
-	<rule from="^https?://freebaselibs\.com/"
-		to="https://static.freebase.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Freebaselibs.com.xml b/src/chrome/content/rules/Freebaselibs.com.xml
new file mode 100644
index 000000000000..317f6c9c9d80
--- /dev/null
+++ b/src/chrome/content/rules/Freebaselibs.com.xml
@@ -0,0 +1,22 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://freebaselibs.com/ => https://static.freebase.com/: (60, 'SSL certificate problem: certificate has expired')
+
+	For other Freebase coverage, see Freebase.xml.
+
+
+	^freebaselibs.com: Handshake fails
+
+-->
+<ruleset name="Freebaselibs.com" default_off="failed ruleset test">
+
+	<!--	Complications:
+				-->
+	<target host="freebaselibs.com" />
+
+
+	<rule from="^http://freebaselibs\.com/"
+		to="https://static.freebase.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Freecall.com.xml b/src/chrome/content/rules/Freecall.com.xml
new file mode 100644
index 000000000000..e27197345f5d
--- /dev/null
+++ b/src/chrome/content/rules/Freecall.com.xml
@@ -0,0 +1,19 @@
+<!--
+	Nonfunctional hosts in *.freecall.com:
+
+	versions.freecall.com refused
+	sip.freecall.com timeout
+	download.freecall.com refused
+	ftp.freecall.com refused (non http or https)
+	client.freecall.com refused
+	dns.freecall.com timeout
+	common.freecall.com refused
+	stun.freecall.com refused
+
+-->
+<ruleset name="Freecall.com">
+	<target host="freecall.com" />
+	<target host="www.freecall.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Freecause.xml b/src/chrome/content/rules/Freecause.xml
index 4587c02d7741..70f238dc3961 100644
--- a/src/chrome/content/rules/Freecause.xml
+++ b/src/chrome/content/rules/Freecause.xml
@@ -1,6 +1,13 @@
-<ruleset name="Freecause">
-  <target host="freecause.com" />
-  <target host="*.freecause.com" />
-
-  <rule from="^http://(www\.)?freecause\.com/" to="https://freecause/"/>
-</ruleset>
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://freecause.com/ => https://freecause.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.freecause.com/ => https://www.freecause.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+-->
+<ruleset name="Freecause.com" default_off="failed ruleset test">
+  <target host="freecause.com" />
+  <target host="www.freecause.com" />
+
+  <rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/Freeciv.org.xml b/src/chrome/content/rules/Freeciv.org.xml
new file mode 100644
index 000000000000..3441416a4aaf
--- /dev/null
+++ b/src/chrome/content/rules/Freeciv.org.xml
@@ -0,0 +1,21 @@
+<!--
+	Nonfunctional hosts in *freeciv.org:
+
+		- (www.)? ʳ
+		- forum ʳ
+
+	ʳ Refused
+
+-->
+<ruleset name="Freeciv.org (partial)">
+
+	<target host="play.freeciv.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Freecode.xml b/src/chrome/content/rules/Freecode.xml
index f94bead9f951..be40651f907c 100644
--- a/src/chrome/content/rules/Freecode.xml
+++ b/src/chrome/content/rules/Freecode.xml
@@ -1,10 +1,14 @@
-<ruleset name="Freecode (partial)">
+<!--
+	For other Dice Holdings coverage, see Dice.xml.
+
+-->
+<ruleset name="Freecode.com (partial)" default_off="refused">
 
 	<target host="freecode.com" />
 	<target host="www.freecode.com" />
 
 
-	<rule from="^http://(?:www\.)?freecode\.com/(avatars|images|password_resets|screenshots|session|user)/"
-		to="https://freecode.com/$1/" />
+	<rule from="^http://(?:www\.)?freecode\.com/(?=avatars/|images/|password_resets/|screenshots/|session/|user/)"
+		to="https://freecode.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Freecycle.xml b/src/chrome/content/rules/Freecycle.xml
index 710b4f65f95f..9046834c289b 100644
--- a/src/chrome/content/rules/Freecycle.xml
+++ b/src/chrome/content/rules/Freecycle.xml
@@ -1,10 +1,15 @@
-<ruleset name="Freecycle (partial)">
 
-	<target host="*.freecycle.org"/>
+<ruleset name="Freecycle.org (partial)">
 
-	<securecookie host="^(web)?mail\.freecycle\.org$" name=".*"/>
+	<target host="butler.freecycle.org"/>
+	<target host="mail.freecycle.org"/>
+	<target host="webmail.freecycle.org"/>
+	<target host="my.freecycle.org"/>
+	<target host="www.freecycle.org"/>
+	<target host="groups.freecycle.org"/>
 
-	<rule from="^http://(butler|(web)?mail)\.freecycle\.org/"
-		to="https://$1.freecycle.org/"/>
+	<securecookie host="^(?:web)?mail\.freecycle\.org$" name=".+" />
+
+	<rule from="^http:"	to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Freed0m4All.net.xml b/src/chrome/content/rules/Freed0m4All.net.xml
new file mode 100644
index 000000000000..f42bfc5e5bdd
--- /dev/null
+++ b/src/chrome/content/rules/Freed0m4All.net.xml
@@ -0,0 +1,45 @@
+<!--
+	Nonfunctional subdomains:
+
+		- blog ¹
+		- pgp ²
+
+	¹ Tumblr
+	² Shows another domain
+
+
+	Fully covered subdomains:
+
+		- (www.)?
+		- chat
+		- cryptoanarchy
+		- kiwi
+		- status
+
+
+	Insecure cookies are set for these domains:
+
+		- .freed0m4all.net
+
+-->
+<ruleset name="Freed0m4All.net (partial)" default_off="timeout">
+
+	<target host="freed0m4all.net" />
+	<target host="chat.freed0m4all.net" />
+	<target host="cryptoanarchy.freed0m4all.net" />
+	<target host="kiwi.freed0m4all.net" />
+	<target host="status.freed0m4all.net" />
+	<target host="www.freed0m4all.net" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.freed0m4all\.net$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Freedom-IP.com.xml b/src/chrome/content/rules/Freedom-IP.com.xml
new file mode 100644
index 000000000000..29f222809191
--- /dev/null
+++ b/src/chrome/content/rules/Freedom-IP.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="Freedom-IP.com">
+
+	<target host="freedom-ip.com" />
+	<target host="www.freedom-ip.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Freedom-from-Religion-Foundation.xml b/src/chrome/content/rules/Freedom-from-Religion-Foundation.xml
index 3f2fbb0f70c1..77dfac1e3be1 100644
--- a/src/chrome/content/rules/Freedom-from-Religion-Foundation.xml
+++ b/src/chrome/content/rules/Freedom-from-Religion-Foundation.xml
@@ -1,14 +1,13 @@
 <ruleset name="Freedom from Religion Foundation (partial)">
 
 	<target host="ffrf.org" />
-	<target host="*.ffrf.org" />
+	<target host="www.ffrf.org" />
 		<exclusion pattern="^http://(?:www\.)?ffrf\.org/news/radio(?:$|\?|/)" />
 
 
 	<securecookie host="^\.?ffrf\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?ffrf\.org/"
-		to="https://$1ffrf.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Freedom-to-Connect.xml b/src/chrome/content/rules/Freedom-to-Connect.xml
index e8bafb5e729f..7ae4bb486c08 100644
--- a/src/chrome/content/rules/Freedom-to-Connect.xml
+++ b/src/chrome/content/rules/Freedom-to-Connect.xml
@@ -4,7 +4,7 @@
 	<target host="www.freedom-to-connect.net" />
 
 
-	<rule from="^https?://(?:www\.)?freedom-to-connect\.net/"
+	<rule from="^http://(?:www\.)?freedom-to-connect\.net/"
 		to="https://freedom-to-connect.net/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Freedom-to-Tinker.xml b/src/chrome/content/rules/Freedom-to-Tinker.xml
index 8ed9b0fc3f14..7263d389ca34 100644
--- a/src/chrome/content/rules/Freedom-to-Tinker.xml
+++ b/src/chrome/content/rules/Freedom-to-Tinker.xml
@@ -1,13 +1,13 @@
-<ruleset name="Freedom to Tinker">
+<ruleset name="Freedom to Tinker.com">
 
 	<target host="freedom-to-tinker.com" />
 	<target host="www.freedom-to-tinker.com" />
 
 
-	<securecookie host="^(?:.*\.)?freedom-to-tinker.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(www\.)?freedom-to-tinker\.com/"
-		to="https://$1freedom-to-tinker.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/FreedomBoxFoundation.org.xml b/src/chrome/content/rules/FreedomBoxFoundation.org.xml
new file mode 100644
index 000000000000..aba6f4b697fb
--- /dev/null
+++ b/src/chrome/content/rules/FreedomBoxFoundation.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="FreedomBoxFoundation.org" platform="mixedcontent">
+
+	<target host="freedomboxfoundation.org" />
+	<target host="www.freedomboxfoundation.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/FreedomDefined.org.xml b/src/chrome/content/rules/FreedomDefined.org.xml
new file mode 100644
index 000000000000..51d14064bf8f
--- /dev/null
+++ b/src/chrome/content/rules/FreedomDefined.org.xml
@@ -0,0 +1,14 @@
+<!--
+	Definition of Free Cultural Works (freedomdefined.org)
+
+	Known non-HTTPS host in *.freedomdefined.org:
+
+		- www.freedomdefined.org (redirects to freedomdefined.org)
+
+-->
+<ruleset name="FreedomDefined.org">
+	<target host="freedomdefined.org" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/FreedomPop.com.xml b/src/chrome/content/rules/FreedomPop.com.xml
index ca177831daf6..f8dab207a9cb 100644
--- a/src/chrome/content/rules/FreedomPop.com.xml
+++ b/src/chrome/content/rules/FreedomPop.com.xml
@@ -1,13 +1,39 @@
-<ruleset name="FreedomPop.com">
+<!--
+	Nonfunctional subdomains:
+
+		- blog *
+		- jobs *
+
+	* http reply
+
+
+	Observed cookie domains:
+
+		- . *
+		- www *
+
+	* Secured by us <= not secured by server
+
+
+	Mixed content:
+
+		- css on www from fonts.googleapis.com *
+
+		- Images on forums from cdn.vanillaforums.com *
+
+	* Secured by us
+
+-->
+<ruleset name="FreedomPop.com (partial)">
 
 	<target host="freedompop.com" />
-	<target host="*.freedompop.com" />
+	<target host="www.freedompop.com" />
 
 
 	<securecookie host="^(?:www)?\.freedompop\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?freedompop\.com/"
-		to="https://$1freedompop.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Freedom_Inc.nl.xml b/src/chrome/content/rules/Freedom_Inc.nl.xml
new file mode 100644
index 000000000000..1921262aacc6
--- /dev/null
+++ b/src/chrome/content/rules/Freedom_Inc.nl.xml
@@ -0,0 +1,22 @@
+<!--
+	www.freedominc.nl: Mismatched
+
+-->
+<ruleset name="Freedom Inc.nl">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="freedominc.nl" />
+
+	<!--	Complications:
+				-->
+	<target host="www.freedominc.nl" />
+
+
+	<rule from="^http://www\.freedominc\.nl/"
+		to="https://freedominc.nl/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Freedom_Online_Coalition.com.xml b/src/chrome/content/rules/Freedom_Online_Coalition.com.xml
new file mode 100644
index 000000000000..e962948231c0
--- /dev/null
+++ b/src/chrome/content/rules/Freedom_Online_Coalition.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="Freedom Online Coalition.com">
+
+	<target host="freedomonlinecoalition.com" />
+	<target host="www.freedomonlinecoalition.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Freedom_not_Fear.org.xml b/src/chrome/content/rules/Freedom_not_Fear.org.xml
new file mode 100644
index 000000000000..d13885b5a675
--- /dev/null
+++ b/src/chrome/content/rules/Freedom_not_Fear.org.xml
@@ -0,0 +1,10 @@
+<ruleset name="Freedom not Fear.org">
+
+	<target host="freedomnotfear.org" />
+	<target host="www.freedomnotfear.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Freedom_of_the_Press_Foundation.xml b/src/chrome/content/rules/Freedom_of_the_Press_Foundation.xml
deleted file mode 100644
index 8a6d3b273f14..000000000000
--- a/src/chrome/content/rules/Freedom_of_the_Press_Foundation.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Freedom of the Press Foundation">
-
-	<target host="pressfreedomfoundation.org" />
-	<target host="*.pressfreedomfoundation.org" />
-
-
-	<securecookie host="^\.pressfreedomfoundation\.org$" name=".+" />
-
-
-	<rule from="^http://(www\.)?pressfreedomfoundation\.org/"
-		to="https://$1pressfreedomfoundation.org/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Freedombox.xml b/src/chrome/content/rules/Freedombox.xml
deleted file mode 100644
index b8169fa55afe..000000000000
--- a/src/chrome/content/rules/Freedombox.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="Freedombox Foundation" platform="mixedcontent">
-  <target host="freedomboxfoundation.org" />
-  <target host="www.freedomboxfoundation.org" />
-
-  <rule from="^http://(?:www\.)?freedomboxfoundation\.org/" to="https://www.freedomboxfoundation.org/"/>
-</ruleset>
-
diff --git a/src/chrome/content/rules/Freedomhouse.org.xml b/src/chrome/content/rules/Freedomhouse.org.xml
new file mode 100644
index 000000000000..72c96ac577aa
--- /dev/null
+++ b/src/chrome/content/rules/Freedomhouse.org.xml
@@ -0,0 +1,6 @@
+<ruleset name="Freedomhouse.org">
+	<target host="freedomhouse.org" />
+	<target host="www.freedomhouse.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Freefilm.to.xml b/src/chrome/content/rules/Freefilm.to.xml
new file mode 100644
index 000000000000..c28d109db493
--- /dev/null
+++ b/src/chrome/content/rules/Freefilm.to.xml
@@ -0,0 +1,9 @@
+<!--
+    Movies server
+-->
+<ruleset name="Freefilm.to">
+	<target host="freefilm.to" />
+	<target host="www.freefilm.to" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Freegeoip.net.xml b/src/chrome/content/rules/Freegeoip.net.xml
new file mode 100644
index 000000000000..844e9db12cf8
--- /dev/null
+++ b/src/chrome/content/rules/Freegeoip.net.xml
@@ -0,0 +1,15 @@
+<ruleset name="freegeoip.net">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="freegeoip.net" />
+	<target host="www.freegeoip.net" />
+
+
+	<securecookie host="^\.freegeoip\.net$" name="^cf_clearance$" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Freelancer.xml b/src/chrome/content/rules/Freelancer.xml
index 1c4c531300a2..2b56d3eb9d0e 100644
--- a/src/chrome/content/rules/Freelancer.xml
+++ b/src/chrome/content/rules/Freelancer.xml
@@ -1,15 +1,26 @@
+<!--
+	other Freelancer rulesets:
+
+		- F-CDN.com.xml
+
+
+	Mixed content:
+
+		- Ads/web bugs on (www.)freelancer.com from cdn1.freelancer.com *
+
+	* Secured by us
+
+-->
 <ruleset name="Freelancer">
 
 	<target host="freelancer.com" />
 	<target host="*.freelancer.com" />
 	<!--	*s for cross-domain cookies.	-->
-	<target host="*.www.freelancer.com" />
 	<target host="freelancer.co.uk" />
 	<target host="*.freelancer.co.uk" />
-	<target host="*.www.freelancer.co.uk" />
 
 
-	<securecookie host="^(.*\.)?freelancer\.co(m|\.uk)$" name=".*" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http://(cdn\d+\.|www\.)?freelancer\.co(m|\.uk)/"
diff --git a/src/chrome/content/rules/Freelancers_Union.org.xml b/src/chrome/content/rules/Freelancers_Union.org.xml
new file mode 100644
index 000000000000..9b8bf95d0bc7
--- /dev/null
+++ b/src/chrome/content/rules/Freelancers_Union.org.xml
@@ -0,0 +1,36 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://freelancersunion.org/ => https://freelancersunion.org/: (51, "SSL: no alternative certificate subject name matches target host name 'freelancersunion.org'")
+
+	Insecure cookies are set for these hosts:
+
+		- www.freelancersunion.org
+
+
+	Mixed content:
+
+		- Bug on www from bs.serving-sys.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Freelancers Union.org" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="freelancersunion.org" />
+	<target host="www.freelancersunion.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.freelancersunion\.org$" name="^django_language$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Freelansim.ru.xml b/src/chrome/content/rules/Freelansim.ru.xml
new file mode 100644
index 000000000000..e6e8dea11ffa
--- /dev/null
+++ b/src/chrome/content/rules/Freelansim.ru.xml
@@ -0,0 +1,28 @@
+<!--
+	For other TM coverage, see TMtm.ru.xml.
+
+
+	www: redirects to brainstorage.me; mismatched, CN: habrahabr.ru
+
+
+	Some pages redirect to http.
+
+-->
+<ruleset name="Freelansim.ru (partial)">
+
+	<target host="freelansim.ru" />
+	<target host="www.freelansim.ru" />
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="^http://freelansim\.ru/+($|users/sign_in$|tasks$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="^http://freelansim\.ru/+(?!assets/|favicon\.ico|favicon\.png)" /-->
+
+
+	<rule from="^http://(?:www\.)?freelansim\.ru/(?=assets/|favicon\.ico|favicon\.png)"
+		to="https://freelansim.ru/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Freelibrary.org.xml b/src/chrome/content/rules/Freelibrary.org.xml
new file mode 100644
index 000000000000..772d7ee955e3
--- /dev/null
+++ b/src/chrome/content/rules/Freelibrary.org.xml
@@ -0,0 +1,14 @@
+<!--
+	Missing certificate chain:
+		- freelibrary.org
+		- www.freelibrary.org
+
+	Mismatched:
+		- find.freelibrary.org
+-->
+<ruleset name="Freelibrary.org">
+	<target host="libwww.freelibrary.org" />
+	<target host="know.freelibrary.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Freemailer.ch.xml b/src/chrome/content/rules/Freemailer.ch.xml
new file mode 100644
index 000000000000..6e80cf68ee94
--- /dev/null
+++ b/src/chrome/content/rules/Freemailer.ch.xml
@@ -0,0 +1,6 @@
+<ruleset name="Freemailer.ch">
+  <target host="freemailer.ch" />
+  <target host="www.freemailer.ch" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Freenet.de.xml b/src/chrome/content/rules/Freenet.de.xml
index df1d10977967..6ebf86c48f40 100644
--- a/src/chrome/content/rules/Freenet.de.xml
+++ b/src/chrome/content/rules/Freenet.de.xml
@@ -1,4 +1,9 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://mload.freenet.de/ => https://mload.freenet.de/: (28, 'Operation timed out after 0 milliseconds with 0 out of 0 bytes received')
+Fetch error: http://www.mload.freenet.de/ => https://www.mload.freenet.de/: (35, 'error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol')
+
 	CDN buckets:
 
 		- freenet.comon.ergebnis-dienst.de
@@ -19,7 +24,6 @@
 		- domain **
 		- download *
 		- dsl *
-		- email *
 		- emailblog	(dropped)
 		- erotik *
 		- fahrschule	(redirects to pocketfahrschule.de; mismatched, CN: pocketfahrschule.de
@@ -43,7 +47,7 @@
 	** Redirects to http, expired 2013-09-26
 
 
-	Problematic bdomains:
+	Problematic domains:
 
 		- freenet.de subdomains:
 
@@ -69,21 +73,48 @@
 			- code		(→ secure)
 			- (www.)mload
 			- power
+			- email
 			- secure
 			- webmail
-			- reg.webmail
 
 		- blob.freent.de	(→ secure.freenet.de)
 		- code.freent.de	(→ secure.freenet.de)
 
+
+	reg.webmail: Dropped over http & https
+
+
+	Insecure cookies are set for these domains:
+
+		- .freenet.de
+
 -->
-<ruleset name="freenet.de (partial)">
+<ruleset name="freenet.de (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="abakus.freenet.de" />
+	<target host="email.freenet.de" />
+	<target host="mload.freenet.de" />
+	<target host="www.mload.freenet.de" />
+	<target host="power.freenet.de" />
+	<target host="secure.freenet.de" />
+	<target host="webmail.freenet.de" />
+
+	<!--	Special cases:
+				-->
+	<target host="blob.freenet.de" />
+	<target host="code.freenet.de" />
+
+	<target host="blob.freent.de" />
+	<target host="code.freent.de" />
 
-	<target host="*.freenet.de" />
-	<target host="*.freent.de" />
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.freenet\.de$" name="^regfrnsecurity$" /-->
 
-	<securecookie host="^(?:(?:w*\.)?mload|\.reg)\.webmail\.freenet\.de$" name=".+" />
+	<securecookie host="^(?:w*\.)?mload\.webmail\.freenet\.de$" name=".+" />
 
 
 	<rule from="^http://abakus\.freenet\.de/"
@@ -92,7 +123,7 @@
 	<rule from="^http://(?:blob|code)\.freene?t\.de/"
 		to="https://secure.freenet.de/" />
 
-	<rule from="^http://((?:www\.)?mload|power|secure|(?:reg\.)?webmail)\.freenet\.de/"
-		to="https://$1.freenet.de/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Freenet.xml b/src/chrome/content/rules/Freenet.xml
deleted file mode 100644
index 9c8f6bbba98d..000000000000
--- a/src/chrome/content/rules/Freenet.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Freenet">
-
-	<target host="freenetproject.org" />
-	<target host="*.freenetproject.org" />
-
-
-	<securecookie host="^.*\.freenetproject\.org$" name=".*" />
-
-
-	<rule from="^http://((?:bugs|checksums|downloads|emu|(?:new-|old-)?wiki|www)\.)?freenetproject\.org/"
-		to="https://freenetproject.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Freenode-problematic.xml b/src/chrome/content/rules/Freenode-problematic.xml
deleted file mode 100644
index db1745673456..000000000000
--- a/src/chrome/content/rules/Freenode-problematic.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	For rules that are on by default, see Freenode.net.xml.
-
--->
-<ruleset name="Freenode (mismatches)" default_off="mismatch">
-
-	<!--	Cert: *.osuosl.org
-					-->
-	<target host="lists.freenode.net" />
-
-
-	<rule from="^http://lists\.freenode\.net/"
-		to="https://lists.freenode.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Freenode.net.xml b/src/chrome/content/rules/Freenode.net.xml
deleted file mode 100644
index 45ba259d1a93..000000000000
--- a/src/chrome/content/rules/Freenode.net.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	For problematic rules, see Freenode-problematic.xml.
-
--->
-<ruleset name="Freenode">
-
-	<target host="freenode.net" />
-	<target host="*.freenode.net" />
-
-
-	<securecookie host="^.+\.freenode\.net$" name=".+" />
-
-
-	<rule from="^http://((?:blog|dev|webchat|www)\.)?freenode\.net/"
-		to="https://$1freenode.net/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Freenom.com.xml b/src/chrome/content/rules/Freenom.com.xml
new file mode 100644
index 000000000000..45b596ac7dde
--- /dev/null
+++ b/src/chrome/content/rules/Freenom.com.xml
@@ -0,0 +1,22 @@
+<!--
+	Active mixed content:
+		- whois.freenom.com
+
+	Weak certificate:
+		- partners.freenom.com, equivalent to my.freenom.com
+-->
+
+<ruleset name="Freenom.com">
+	<target host="freenom.com" />
+	<target host="www.freenom.com" />
+	<target host="api.freenom.com" />
+	<target host="my.freenom.com" />
+	<target host="partners.freenom.com" />
+	<target host="register.freenom.com" />
+	<target host="resellers.freenom.com" />
+
+	<rule from="^http://partners\.freenom\.com/"
+		to="https://my.freenom.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Freenom.world.xml b/src/chrome/content/rules/Freenom.world.xml
new file mode 100644
index 000000000000..3dbb9b40ca18
--- /dev/null
+++ b/src/chrome/content/rules/Freenom.world.xml
@@ -0,0 +1,6 @@
+<ruleset name="Freenom.world">
+	<target host="freenom.world" />
+	<target host="www.freenom.world" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Freeones.xml b/src/chrome/content/rules/Freeones.xml
new file mode 100644
index 000000000000..6404b4dcd106
--- /dev/null
+++ b/src/chrome/content/rules/Freeones.xml
@@ -0,0 +1,192 @@
+<!--
+	Invalid certificate:
+		amateure.freeones.com
+		discounts.freeones.com
+		game.freeones.com
+		pov.freeones.com
+
+	No working URL known:
+		cdn.beta.freeones.com
+
+	Refused connection:
+		flv.freeones.com
+		miss.freeones.com
+		videostore.freeones.com
+
+	Secure connection failed:
+		livecams.freeones.com
+
+	Time out:
+		blog.freeones.com
+		flashvideos.freeones.com
+		flvlb.freeones.com
+		lcs.freeones.com
+		links.freeones.com
+		masterphp.freeones.com
+		oldvideos.freeones.com
+		store.freeones.com
+
+-->
+<ruleset name="Freeones">
+	<target host="freeones.com"/>
+	<target host="www.freeones.com"/>
+	<target host="ae.freeones.com"/>
+	<target host="au.freeones.com"/>
+	<target host="board.freeones.com"/>
+	<target host="cn.freeones.com"/>
+	<target host="commy.freeones.com"/>
+	<target host="coza.freeones.com"/>
+	<target host="de.freeones.com"/>
+	<target host="flv.freeones.com"/>
+	<target host="forum.freeones.com"/>
+	<target host="gh1.freeones.com"/>
+	<target host="gh1photos.freeones.com"/>
+	<target host="gh2.freeones.com"/>
+	<target host="gh2photos.freeones.com"/>
+	<target host="gh3.freeones.com"/>
+	<target host="gh3photos.freeones.com"/>
+	<target host="gh4.freeones.com"/>
+	<target host="gh4photos.freeones.com"/>
+	<target host="img.freeones.com"/>
+	<target host="jscss.freeones.com"/>
+		<test url="http://jscss.freeones.com/banners/comfr_reviews_right.js"/>
+	<target host="m.freeones.com"/>
+	<target host="my.freeones.com"/>
+	<target host="ph.freeones.com"/>
+	<target host="photos.freeones.com"/>
+	<target host="reviews.freeones.com"/>
+	<target host="rr-lb.freeones.com"/>
+	<target host="sg.freeones.com"/>
+	<target host="soa.freeones.com"/>
+	<target host="thumbnails.freeones.com"/>
+	<target host="us-rr-lb.freeones.com"/>
+	<target host="uslb.freeones.com"/>
+	<target host="videolb.freeones.com"/>
+		<test url="http://videolb.freeones.com/fo/001/kv/C7/kvC7gb9ecDCAQaEDoDMcd8/list.smil"/>
+	<target host="videos.freeones.com"/>
+	<target host="videosnew.freeones.com"/>
+	<target host="vn.freeones.com"/>
+
+	<target host="freeones.com.br"/>
+	<target host="www.freeones.com.br"/>
+	<target host="freeones.com.co"/>
+	<target host="www.freeones.com.co"/>
+	<target host="freeones.com.es"/>
+	<target host="www.freeones.com.es"/>
+	<target host="freeones.com.gt"/>
+	<target host="www.freeones.com.gt"/>
+	<target host="freeones.com.mx"/>
+	<target host="www.freeones.com.mx"/>
+	<target host="freeones.com.pe"/>
+	<target host="www.freeones.com.pe"/>
+	<target host="freeones.com.pr"/>
+	<target host="www.freeones.com.pr"/>
+	<target host="freeones.com.py"/>
+	<target host="www.freeones.com.py"/>
+	<target host="freeones.com.tr"/>
+	<target host="www.freeones.com.tr"/>
+	<target host="freeones.com.tw"/>
+	<target host="www.freeones.com.tw"/>
+	<target host="freeones.com.ua"/>
+	<target host="www.freeones.com.ua"/>
+	<target host="freeones.com.uy"/>
+	<target host="www.freeones.com.uy"/>
+	<target host="freeones.com.ve"/>
+	<target host="www.freeones.com.ve"/>
+
+	<target host="freeones.am"/>
+	<target host="www.freeones.am"/>
+	<target host="freeones.at"/>
+	<target host="www.freeones.at"/>
+	<target host="freeones.be"/>
+	<target host="www.freeones.be"/>
+	<target host="freeones.bz"/>
+	<target host="www.freeones.bz"/>
+	<target host="freeones.ca"/>
+	<target host="www.freeones.ca"/>
+	<target host="freeones.cc"/>
+	<target host="www.freeones.cc"/>
+	<target host="freeones.ch"/>
+	<target host="www.freeones.ch"/>
+	<target host="freeones.cl"/>
+	<target host="www.freeones.cl"/>
+	<target host="freeones.co.cr"/>
+	<target host="www.freeones.co.cr"/>
+	<target host="freeones.co.il"/>
+	<target host="www.freeones.co.il"/>
+	<target host="freeones.co.in"/>
+	<target host="www.freeones.co.in"/>
+	<target host="freeones.co.kr"/>
+	<target host="www.freeones.co.kr"/>
+	<target host="freeones.co.nz"/>
+	<target host="www.freeones.co.nz"/>
+	<target host="freeones.co.uk"/>
+	<target host="www.freeones.co.uk"/>
+	<target host="freeones.cz"/>
+	<target host="www.freeones.cz"/>
+	<target host="freeones.dk"/>
+	<target host="www.freeones.dk"/>
+	<target host="freeones.ec"/>
+	<target host="www.freeones.ec"/>
+	<target host="freeones.es"/>
+	<target host="www.freeones.es"/>
+	<target host="freeones.fi"/>
+	<target host="www.freeones.fi"/>
+	<target host="freeones.fr"/>
+	<target host="www.freeones.fr"/>
+	<target host="freeones.gr"/>
+	<target host="www.freeones.gr"/>
+	<target host="freeones.hk"/>
+	<target host="www.freeones.hk"/>
+	<target host="freeones.hu"/>
+	<target host="www.freeones.hu"/>
+	<target host="freeones.ie"/>
+	<target host="www.freeones.ie"/>
+	<target host="freeones.im"/>
+	<target host="www.freeones.im"/>
+	<target host="freeones.it"/>
+	<target host="www.freeones.it"/>
+	<target host="freeones.jp"/>
+	<target host="www.freeones.jp"/>
+	<target host="freeones.la"/>
+	<target host="www.freeones.la"/>
+	<target host="freeones.li"/>
+	<target host="www.freeones.li"/>
+	<target host="freeones.lu"/>
+	<target host="www.freeones.lu"/>
+	<target host="freeones.lv"/>
+	<target host="www.freeones.lv"/>
+	<target host="freeones.nl"/>
+	<target host="www.freeones.nl"/>
+	<target host="freeones.no"/>
+	<target host="www.freeones.no"/>
+	<target host="freeones.nu"/>
+	<target host="www.freeones.nu"/>
+	<target host="freeones.pl"/>
+	<target host="www.freeones.pl"/>
+	<target host="freeones.pt"/>
+	<target host="www.freeones.pt"/>
+	<target host="freeones.ru"/>
+	<target host="www.freeones.ru"/>
+	<target host="freeones.se"/>
+	<target host="www.freeones.se"/>
+	<target host="freeones.si"/>
+	<target host="www.freeones.si"/>
+	<target host="freeones.sk"/>
+	<target host="www.freeones.sk"/>
+	<target host="freeones.tk"/>
+	<target host="www.freeones.tk"/>
+	<target host="freeones.tm"/>
+	<target host="www.freeones.tm"/>
+	<target host="freeones.to"/>
+	<target host="www.freeones.to"/>
+	<target host="freeones.tv"/>
+	<target host="www.freeones.tv"/>
+	<target host="freeones.vg"/>
+	<target host="www.freeones.vg"/>
+	<target host="freeones.ws"/>
+	<target host="www.freeones.ws"/>
+
+	<rule from="^http://flv\.freeones\.com/" to="https://videos.freeones.com/"/>
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/Freeplane.org.xml b/src/chrome/content/rules/Freeplane.org.xml
new file mode 100644
index 000000000000..fe557c6b31c8
--- /dev/null
+++ b/src/chrome/content/rules/Freeplane.org.xml
@@ -0,0 +1,17 @@
+<!--
+	Connection reset:
+		freeplane.org
+
+-->
+<ruleset name="Freeplane.org">
+
+	<target host="freeplane.org" />
+	<target host="www.freeplane.org" />
+
+	<rule from="^http://freeplane\.org/"
+		to="https://www.freeplane.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Freerangekitten.com.xml b/src/chrome/content/rules/Freerangekitten.com.xml
new file mode 100644
index 000000000000..2d0170a8251c
--- /dev/null
+++ b/src/chrome/content/rules/Freerangekitten.com.xml
@@ -0,0 +1,11 @@
+<!--
+	Domain controlled by EFF and used for HTTPS Everywhere testing suite
+	For other EFF coverage, see EFF.xml.
+
+-->
+<ruleset name="Freerangekitten.com">
+	<target host="freerangekitten.com" />
+	<target host="www.freerangekitten.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Freescale.com.xml b/src/chrome/content/rules/Freescale.com.xml
index defb2e192144..c24755ec54b0 100644
--- a/src/chrome/content/rules/Freescale.com.xml
+++ b/src/chrome/content/rules/Freescale.com.xml
@@ -1,4 +1,17 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://apps.community.freescale.com/ => https://apps.community.freescale.com/: (6, 'Could not resolve host: apps.community.freescale.com')
+Fetch error: http://apps.community-uat.freescale.com/ => https://apps.community-uat.freescale.com/: (6, 'Could not resolve host: apps.community-uat.freescale.com')
+Fetch error: http://community-cache.freescale.com/ => https://community-cache.freescale.com/: (6, 'Could not resolve host: community-cache.freescale.com')
+Fetch error: http://community-cache-uat.freescale.com/ => https://community-cache-uat.freescale.com/: (6, 'Could not resolve host: community-cache-uat.freescale.com')
+Fetch error: http://community.freescale.com/ => https://community.freescale.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://community-uat.freescale.com/ => https://community-uat.freescale.com/: (6, 'Could not resolve host: community-uat.freescale.com')
+Fetch error: http://fdc.freescale.com/ => https://fdc.freescale.com/: (6, 'Could not resolve host: fdc.freescale.com')
+
+	Commit comment: https://trac.torproject.org/projects/tor/ticket/10821
+
+
 	CDN buckets:
 
 		- www.corporate-ir.net.edgesuite.net
@@ -10,12 +23,12 @@
 
 			- cache
 			- cache-uat
+			- images
+			- styles
 
 		- freescale.https.internapcdn.net
 
-			- images
 			- media
-			- styles
 
 
 	Problematic subdomains:
@@ -50,7 +63,7 @@
 		- styles-uat
 
 
-	Overved cookie domains:
+	Observed cookie domains:
 
 		- community
 		- community-uat
@@ -72,10 +85,24 @@
 	* Secured by us
 
 -->
-<ruleset name="Freescale.com (partial)">
-
+<ruleset name="Freescale.com (partial)" default_off="failed ruleset test">
+
+	<target host="apps.community.freescale.com" />
+	<target host="apps.community-uat.freescale.com" />
+	<target host="cache.freescale.com" />
+	<target host="cache-uat.freescale.com" />
+	<target host="community-cache.freescale.com" />
+	<target host="community-cache-uat.freescale.com" />
+	<target host="community.freescale.com" />
+	<target host="community-uat.freescale.com" />
+	<target host="fdc.freescale.com" />
 	<target host="freescale.com" />
-	<target host="*.freescale.com" />
+	<target host="images.freescale.com" />
+	<target host="images-uat.freescale.com" />
+	<target host="styles.freescale.com" />
+	<target host="styles-uat.freescale.com" />
+	<target host="www.freescale.com" />
+
 		<exclusion pattern="^http://(?:www\.)?freescale\.com/(?!favicon\.ico|files/|(?:idp|ruhp|security|webapp)(?:$|[?/])|js/|recommendation/|shared/)" />
 
 
@@ -85,16 +112,10 @@
 	<!--	^ redirects to www over http,
 		so copy that behavior:
 					-->
-	<rule from="^http://(?:www\.)?freescale\.com/"
+	<rule from="^http://freescale\.com/"
 		to="https://www.freescale.com/" />
 
-	<rule from="^http://cache(-uat)?\.freescale\.com/"
-		to="https://cache$1.freescale.com/freescale/ssl/" />
-
-	<rule from="^http://(community(?:-cache)?(?:-uat)?|apps\.community(?:-uat)?|fdc|(?:imag|styl)es(?:-uat)?)\.freescale\.com/"
-		to="https://$1.freescale.com/" />
-
-	<rule from="^http://investors\.freescale\.com/(client|WebSideStory)/"
-		to="https://a248.e.akamai.net/f/121/103/5m/investors.freescale.com/$1/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Freesound.org.xml b/src/chrome/content/rules/Freesound.org.xml
new file mode 100644
index 000000000000..02fc912e0345
--- /dev/null
+++ b/src/chrome/content/rules/Freesound.org.xml
@@ -0,0 +1,22 @@
+<!--
+	Invalid certificate:
+		barcelona.freesound.org
+		beta.freesound.org
+		help.freesound.org
+
+	Mixed content:
+		blog.freesound.org
+
+-->
+<ruleset name="Freesound.org">
+
+	<target host="freesound.org" />
+	<target host="www.freesound.org" />
+	<target host="datasets.freesound.org" />
+	<target host="labs.freesound.org" />
+	<target host="test.freesound.org" /><!-- Needs test url -->
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Freesound.xml b/src/chrome/content/rules/Freesound.xml
deleted file mode 100644
index d8f5c3259e49..000000000000
--- a/src/chrome/content/rules/Freesound.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Freesound" default_off="mismatch, self-signed">
-
-	<!--	Cert: tabasco.upf.edu	-->
-	<target host="freesound.org" />
-	<target host="www.freesound.org" />
-
-
-	<!--	!www 302s to www.
-					-->
-	<rule from="^https?://(?:www\.)?freesound\.org/"
-		to="https://www.freesound.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Freestyle-Capital.xml b/src/chrome/content/rules/Freestyle-Capital.xml
index 1ac8031e3525..343b20afde21 100644
--- a/src/chrome/content/rules/Freestyle-Capital.xml
+++ b/src/chrome/content/rules/Freestyle-Capital.xml
@@ -4,7 +4,7 @@
 	<target host="www.freestyle.vc" />
 
 
-	<rule from="^https?://(?:www\.)?freestyle\.vc/"
+	<rule from="^http://(?:www\.)?freestyle\.vc/"
 		to="https://freestyle.vc/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Freethought_Blogs.com.xml b/src/chrome/content/rules/Freethought_Blogs.com.xml
new file mode 100644
index 000000000000..91932734ec2e
--- /dev/null
+++ b/src/chrome/content/rules/Freethought_Blogs.com.xml
@@ -0,0 +1,30 @@
+<!--
+	Mixed content:
+
+		- Ads/bugs, from:
+
+			- www.facebook.com
+			- ecx.images-amazon.com
+			- cdn.stumbleupon.com
+			- www.stumbleupon.com
+			- platform.twitter.com
+			- widgets.wp.com
+
+-->
+<ruleset name="Freethought Blogs.com (partial)">
+
+	<target host="freethoughtblogs.com" />
+	<target host="www.freethoughtblogs.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.freethoughtblogs\.com$" name="^(__cfduid|__qca|cf_clearance)$" /-->
+
+	<securecookie host="^\.freethoughtblogs\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Freetz.org.xml b/src/chrome/content/rules/Freetz.org.xml
new file mode 100644
index 000000000000..9b2dbf572d13
--- /dev/null
+++ b/src/chrome/content/rules/Freetz.org.xml
@@ -0,0 +1,14 @@
+<!--
+	Invalid certificate:
+		- svn.freetz.org
+		- trac.freetz.org
+-->
+<ruleset name="Freetz.org">
+	<target host="freetz.org" />
+	<target host="www.freetz.org" />
+	<target host="trac.freetz.org" />
+
+	<rule from="^http://trac\.freetz\.org/" to="https://freetz.org/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Freexxx.pro.xml b/src/chrome/content/rules/Freexxx.pro.xml
deleted file mode 100644
index 10f6765d6a7c..000000000000
--- a/src/chrome/content/rules/Freexxx.pro.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="Freexxx.pro" default_off="self-signed">
-
-	<!--	Cert: plesk	-->
-	<target host="freexxx.pro" />
-	<target host="www.freexxx.pro" />
-
-	<rule from="^http://(?:www\.)?freexxx\.pro/"
-		to="https://freexxx.pro/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Freezone.co.uk.xml b/src/chrome/content/rules/Freezone.co.uk.xml
new file mode 100644
index 000000000000..8084065bdb37
--- /dev/null
+++ b/src/chrome/content/rules/Freezone.co.uk.xml
@@ -0,0 +1,48 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://support.freezone.co.uk/ => https://support.freezone.co.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'support.freezone.co.uk'")
+
+	Problematic hosts in *freezone.co.uk:
+
+		- ^ ¹
+		- freemail ²
+
+	¹ Mismatched
+	² Server sends no certificate chain, see https://whatsmychaincert.com
+
+
+	Insecure cookies are set for these domains:
+
+		- .freezone.co.uk
+
+-->
+<ruleset name="Freezone.co.uk (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<!--target host="freemail.freezone.co.uk" /-->
+	<target host="my.freezone.co.uk" />
+	<target host="order.freezone.co.uk" />
+	<target host="support.freezone.co.uk" />
+	<target host="www.freezone.co.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="freezone.co.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.freezone\.co\.uk$" name="^PHPSESSID$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://freezone\.co\.uk/"
+		to="https://www.freezone.co.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Freie-Universitat-Berlin.xml b/src/chrome/content/rules/Freie-Universitat-Berlin.xml
deleted file mode 100644
index 47303ca09c7b..000000000000
--- a/src/chrome/content/rules/Freie-Universitat-Berlin.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)spline.inf	(shows doku.spline; mismatched, CN: doku.spline.inf.fu-berlin.de)
-
--->
-<ruleset name="Freie Universität Berlin (partial)">
-
-	<target host="doku.spline.inf.fu-berlin.de" />
-
-
-	<rule from="^http://doku\.spline\.inf\.fu-berlin\.de/"
-		to="https://doku.spline.inf.fu-berlin.de/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Freifunk-Ansbach.de.xml b/src/chrome/content/rules/Freifunk-Ansbach.de.xml
new file mode 100644
index 000000000000..e273e08a1d24
--- /dev/null
+++ b/src/chrome/content/rules/Freifunk-Ansbach.de.xml
@@ -0,0 +1,15 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.freifunk-ansbach.de/ => https://www.freifunk-ansbach.de/: (51, "SSL: no alternative certificate subject name matches target host name 'www.freifunk-ansbach.de'")
+
+-->
+<ruleset name="Freifunk-Ansbach.de" default_off="failed ruleset test">
+
+	<target host="freifunk-ansbach.de" />
+	<target host="www.freifunk-ansbach.de" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Freifunk-Bremen.xml b/src/chrome/content/rules/Freifunk-Bremen.xml
new file mode 100644
index 000000000000..c2c48b9cfd3b
--- /dev/null
+++ b/src/chrome/content/rules/Freifunk-Bremen.xml
@@ -0,0 +1,39 @@
+<!--
+	For other rulesets covering freifunk.net, see: Freifunk.xml
+
+	Connection failed:
+		dns.bremen.freifunk.net
+		pads.bremen.freifunk.net
+
+	Content mismatch:
+		lists.bremen.freifunk.net
+		mail.bremen.freifunk.net
+
+	Invalid certificate:
+		www.bremen.freifunk.net
+
+	Not found:
+		batman.breminale.bremen.freifunk.net
+		emanager.breminale.bremen.freifunk.net
+		map.breminale.bremen.freifunk.net
+		events.bremen.freifunk.net
+-->
+<ruleset name="Freifunk Bremen">
+
+	<target host="bremen.freifunk.net" />
+	<target host="cloud.bremen.freifunk.net" />
+	<target host="downloads.bremen.freifunk.net" />
+	<target host="grafana.bremen.freifunk.net" />
+	<target host="huginn.bremen.freifunk.net" />
+	<target host="jenkins.bremen.freifunk.net" />
+	<target host="map.bremen.freifunk.net" />
+	<target host="monitoring.bremen.freifunk.net" />
+	<target host="status.bremen.freifunk.net" />
+	<target host="tiles.bremen.freifunk.net" />
+	<target host="wiki.bremen.freifunk.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Freifunk-FFM.xml b/src/chrome/content/rules/Freifunk-FFM.xml
new file mode 100644
index 000000000000..6702d125b300
--- /dev/null
+++ b/src/chrome/content/rules/Freifunk-FFM.xml
@@ -0,0 +1,33 @@
+<!--
+	For other rulesets covering freifunk.net, see: Freifunk.xml
+
+	Connection failed:
+		monitoring.ffm.freifunk.net
+
+	Not found:
+		hopglass.ffm.freifunk.net
+		register.ffm.freifunk.net
+		sstats.ffm.freifunk.net
+		stats.ffm.freifunk.net
+		www1.ffm.freifunk.net
+-->
+<ruleset name="Freifunk Frankfurt am Main">
+
+	<target host="ffm.freifunk.net" />
+	<target host="api.ffm.freifunk.net" />
+	<target host="dl.ffm.freifunk.net" />
+	<target host="2.dl.ffm.freifunk.net" />
+	<target host="grafana.ffm.freifunk.net" />
+	<target host="graphite.ffm.freifunk.net" />
+	<target host="map.ffm.freifunk.net" />
+	<target host="prometheus.ffm.freifunk.net" />
+	<target host="tiles.ffm.freifunk.net" />
+	<target host="v4.ffm.freifunk.net" />
+	<target host="wiki.ffm.freifunk.net" />
+	<target host="yanic.ffm.freifunk.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Freifunk-Goettingen.de.xml b/src/chrome/content/rules/Freifunk-Goettingen.de.xml
new file mode 100644
index 000000000000..0c0698dcf603
--- /dev/null
+++ b/src/chrome/content/rules/Freifunk-Goettingen.de.xml
@@ -0,0 +1,13 @@
+<ruleset name="Freifunk-Goettingen.de">
+	<target host="freifunk-goettingen.de" />
+	<target host="www.freifunk-goettingen.de" />
+	<target host="goettingen.freifunk.net" />
+
+	<!-- mismatch -->
+	<rule from="^http://goettingen\.freifunk\.net/(.*)"
+		to="https://freifunk-goettingen.de/$1" />
+	<test url="http://goettingen.freifunk.net/favicon.ico" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Freifunk-Kreis-GT.xml b/src/chrome/content/rules/Freifunk-Kreis-GT.xml
new file mode 100644
index 000000000000..c311168ecc4f
--- /dev/null
+++ b/src/chrome/content/rules/Freifunk-Kreis-GT.xml
@@ -0,0 +1,11 @@
+<ruleset name="Freifunk Kreis GT">
+
+	<target host="freifunk-kreisgt.de" />
+	<target host="www.freifunk-kreisgt.de" />
+	<target host="forum.freifunk-kreisgt.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Freifunk-Nordwest.xml b/src/chrome/content/rules/Freifunk-Nordwest.xml
new file mode 100644
index 000000000000..6f66c93f5646
--- /dev/null
+++ b/src/chrome/content/rules/Freifunk-Nordwest.xml
@@ -0,0 +1,59 @@
+<!--
+	Connection failed:
+		runner02.ffnw.de
+
+	Invalid certificate:
+		www.ffnw.de
+		inventar.ffnw.de
+		mesh.ffnw.de
+		piwik.ffnw.de
+		srv01.ffnw.de
+		stats.ffnw.de
+
+	Not found:
+		as206313.ffnw.de
+		lg.as206313.ffnw.de
+		autoupdate.ffnw.de
+		blog.ffnw.de
+		invalid.ffnw.de
+		invoices.ffnw.de
+		phpmyadmin.ffnw.de
+		shop.ffnw.de
+		support2.ffnw.de
+-->
+<ruleset name="Freifunk Nordwest">
+
+	<target host="ffnw.de" />
+	<target host="cloud.ffnw.de" />
+	<target host="dev.ffnw.de" />
+	<target host="dns.ffnw.de" />
+	<target host="dns2.ffnw.de" />
+	<target host="firmware.ffnw.de" />
+	<target host="git.ffnw.de" />
+	<target host="grafana.ffnw.de" />
+	<target host="hoodgen.ffnw.de" />
+	<target host="invoice.ffnw.de" />
+	<target host="lists.ffnw.de" />
+	<target host="mail.ffnw.de" />
+	<target host="map.ffnw.de" />
+	<target host="matter.ffnw.de" />
+	<target host="mediawiki.ffnw.de" />
+	<target host="mitglied.ffnw.de" />
+	<target host="mitglieder.ffnw.de" />
+	<target host="mw.ffnw.de" />
+	<target host="netmon.ffnw.de" />
+	<target host="api.netmon.ffnw.de" />
+	<target host="odoo.ffnw.de" />
+	<target host="oldwiki.ffnw.de" />
+	<target host="pfa.ffnw.de" />
+	<target host="repo.ffnw.de" />
+	<target host="srv11.ffnw.de" />
+	<target host="support.ffnw.de" />
+	<target host="webmail.ffnw.de" />
+	<target host="wiki.ffnw.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Freifunk.xml b/src/chrome/content/rules/Freifunk.xml
index d3a72e5caac4..149469a8e2b8 100644
--- a/src/chrome/content/rules/Freifunk.xml
+++ b/src/chrome/content/rules/Freifunk.xml
@@ -1,12 +1,91 @@
-<ruleset name="Freifunk (partial)" default_off="expired, mismatch" platform="cacert">
+<!--
+	Other rulesets for freifunk.net:
+		- Freifunk-Bremen.xml
+		- Freifunk-FFM.xml
+		- ortenau.freifunk.net.xml
+
+	Nonfunctional subdomains:
+
+		- global ¹
+
+	¹ Refused
+
+
+	Problematic subdomains:
+
+		- community ¹
+		- events ²
+		- facebook ¹
+		- impress ¹
+		- mailinglisten ¹
+		- piwik ³
+		- twitter ¹
+		- umfragen ¹
+		- vimeo ¹
+		- youtube ¹
+
+	¹ CAcert, expired, mismatched
+	² CAcert, expired
+	³ CAcert
+-->
+<ruleset name="Freifunk.net">
 
 	<target host="freifunk.net"/>
-	<target host="*.freifunk.net"/>
-		<exclusion pattern="^http://blog\.freifunk\.net"/>
+	<target host="www.freifunk.net"/>
+	<target host="anon.freifunk.net"/>
+	<target host="www.anon.freifunk.net"/>
+	<target host="api.freifunk.net"/>
+	<target host="api-viewer.freifunk.net"/>
+	<target host="blog.freifunk.net"/>
+	<target host="bug.freifunk.net"/>
+	<target host="facebook.freifunk.net"/>
+	<target host="forum.freifunk.net"/>
+	<target host="blog.guetersloh.freifunk.net"/>
+	<target host="hamburg.freifunk.net"/>
+	<target host="ics.freifunk.net"/>
+	<target host="pad.freifunk.net"/>
+	<target host="prgenerator.freifunk.net"/>
+	<target host="radio.freifunk.net"/>
+	<target host="rss.freifunk.net"/>
+	<target host="twitter.freifunk.net"/>
+	<target host="vimeo.freifunk.net"/>
+	<target host="wiki.freifunk.net"/>
+	<target host="youtube.freifunk.net"/>
+
+        <securecookie host="^(bug|forum|blog\.guetersloh|pad)\.freifunk\.net$" name=".+" />
+
+	<test url="http://facebook.freifunk.net/foo" />
+	<test url="http://facebook.freifunk.net/bar" />
+	<test url="http://twitter.freifunk.net/foo" />
+	<test url="http://twitter.freifunk.net/bar" />
+	<test url="http://vimeo.freifunk.net/foo" />
+	<test url="http://vimeo.freifunk.net/bar" />
+	<test url="http://youtube.freifunk.net/foo" />
+	<test url="http://youtube.freifunk.net/bar" />
+
+	<!--	Redirect drops path but not args:
+							-->
+	<rule from="^http://facebook\.freifunk\.net/[^?]*"
+		to="https://www.facebook.com/pages/Freifunk/54553170762" />
+	<test url="http://facebook.freifunk.net/?fref=nf" />
+
+	<rule from="^http://twitter\.freifunk\.net/[^?]*"
+		to="https://twitter.com/freifunk" />
+	<test url="http://twitter.freifunk.net/?src=hash" />
+
+	<rule from="^http://vimeo\.freifunk\.net/[^?]*"
+		to="https://vimeo.com/user20804353" />
+	<test url="http://vimeo.freifunk.net/?src=hash" />
+
+	<rule from="^http://youtube\.freifunk\.net/[^?]*"
+		to="https://www.youtube.com/user/FREIFUNK2013" />
+	<test url="http://youtube.freifunk.net/?v=RoKQQ5a6E1Q" />
 
-	<rule from="^http://(\w+\.)?freifunk\.net/"
-		to="https://$1freifunk.net/"/>
+	<!-- Invalid certificate on https://www.freifunk.net/ -->
+	<rule from="^http://www\.freifunk\.net/"
+		to="https://freifunk.net/" />
 
-	<securecookie host=".*freifunk\.net$" name=".*"/>
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Freifunk_Gera-Greiz.xml b/src/chrome/content/rules/Freifunk_Gera-Greiz.xml
new file mode 100644
index 000000000000..3e54517c22a0
--- /dev/null
+++ b/src/chrome/content/rules/Freifunk_Gera-Greiz.xml
@@ -0,0 +1,22 @@
+<!--
+	Relations:
+		- community of the registered association Bürgernetz Gera-Greiz
+		  (Buergernetz-Gera-Greiz.de.xml)
+
+	Nonfunctional subdomains:
+		- gw1 ¹
+		- gw3 ¹
+	¹ Refused
+-->
+<ruleset name="Freifunk Gera-Greiz">
+	<target host="freifunk-gera-greiz.de"/>
+	<target host="www.freifunk-gera-greiz.de"/>
+	<target host="gw2.freifunk-gera-greiz.de"/>
+
+	<securecookie host="^www\.freifunk-gera-greiz\.de$" name=".+" />
+
+	<test url="http://www.freifunk-gera-greiz.de/favicon.ico"/>
+
+	<rule from="^http:"
+	      to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/Freight_Calculator_Australia.xml b/src/chrome/content/rules/Freight_Calculator_Australia.xml
deleted file mode 100644
index 4e0e37237e6d..000000000000
--- a/src/chrome/content/rules/Freight_Calculator_Australia.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	Cert only matches ^freightcalculator.com.au
-
--->
-<ruleset name="Freight Calculator Australia" default_off="self-signed">
-
-	<target host="freightcalculator.com.au" />
-	<target host="www.freightcalculator.com.au" />
-
-
-	<rule from="^http://(?:www\.)?freightcalculator\.com\.au/"
-		to="https://freightcalculator.com.au/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Freitag.xml b/src/chrome/content/rules/Freitag.xml
index 3bfaa1061c5f..6e45b1cada3d 100644
--- a/src/chrome/content/rules/Freitag.xml
+++ b/src/chrome/content/rules/Freitag.xml
@@ -1,6 +1,11 @@
-<ruleset name="Der Freitag" default_off="self signed">
-  <target host="www.freitag.de" />
-  <target host="freitag.de" />
+<ruleset name="Der Freitag">
+    <target host="freitag.de" />
+    <target host="www.freitag.de" />
+    <target host="digital.freitag.de" />
+    <target host="abo.freitag.de" />
 
-  <rule from="^http://(?:www\.)?freitag\.de/" to="https://www.freitag.de/"/>
+    <securecookie host="^(www\.|digital\.|abo\.)?freitag\.de" name=".+" />
+
+    <rule from="^http:"
+	        to="https:"/>
 </ruleset>
diff --git a/src/chrome/content/rules/French-Country-Cottages.co.uk.xml b/src/chrome/content/rules/French-Country-Cottages.co.uk.xml
new file mode 100644
index 000000000000..5bc4fe812916
--- /dev/null
+++ b/src/chrome/content/rules/French-Country-Cottages.co.uk.xml
@@ -0,0 +1,18 @@
+<!--
+	Non-functional hosts
+		Timeout was reached:
+		- french-country-cottages.co.uk
+
+		Mixed content blocking (MCB) triggered:
+		- www.french-country-cottages.co.uk
+-->
+<ruleset name="French-Country-Cottages.co.uk" platform="mixedcontent">
+	<target host="french-country-cottages.co.uk" />
+	<target host="www.french-country-cottages.co.uk" />
+
+	<rule from="^http://french-country-cottages\.co\.uk/"
+			to="https://www.french-country-cottages.co.uk/" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/French-National-Centre-for-Scientific-Research.xml b/src/chrome/content/rules/French-National-Centre-for-Scientific-Research.xml
index 401dcefdecb9..04a8ec0f1744 100644
--- a/src/chrome/content/rules/French-National-Centre-for-Scientific-Research.xml
+++ b/src/chrome/content/rules/French-National-Centre-for-Scientific-Research.xml
@@ -1,18 +1,220 @@
+
 <!--
-	Nonfunctional:
+Disabled by https-everywhere-checker because:
+Fetch error: http://ccsdlib.ccsd.cnrs.fr/ => https://ccsdlib.ccsd.cnrs.fr/: (6, 'Could not resolve host: ccsdlib.ccsd.cnrs.fr')
+Fetch error: http://ccsdlib-preprod.ccsd.cnrs.fr/ => https://ccsdlib-preprod.ccsd.cnrs.fr/: (6, 'Could not resolve host: ccsdlib-preprod.ccsd.cnrs.fr')
+Fetch error: http://janus.dsi.cnrs.fr/ => https://janus.dsi.cnrs.fr/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://labintel.dsi.cnrs.fr/ => https://labintel.dsi.cnrs.fr/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://nouba.dsi.cnrs.fr/ => https://nouba.dsi.cnrs.fr/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://support.dsi.cnrs.fr/ => https://support.dsi.cnrs.fr/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://labintel.cnrs.fr/ => https://labintel.cnrs.fr/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	French National Centre for Scientific Research
+
+
+	Nonfunctional subdomains:
+
+		- cartedevoeux ¹
+		- www.cil ⁷
+		- (www.)?ccsd ²
+		- blog.ccsd ³
+		- heloise.ccsd ²
+		- support.ccsd ⁴
+		- devlog		Dropped
+		- www.dr6 ⁸
+		- crls.dsi ⁷
+		- dossiers.dsi ⁷
+		- ecoinfo ⁷
+		- edutheque ⁵
+		- www.insu.cnrs.fr *
+		- www.iscc ⁶
+		- calcul.math ¹
+		- images.math ⁷
+		- obtenir ⁶
+		- phototheque ³
+		- qualite-en-recherche *
+		- rbdd *
+		- www.urec		400
+		- videotheque ⁸
+		- wikiradio ³
+		- www ⁸
+		- www2 ⁸
+
+	¹ Shows default page
+	² Handshake fails
+	³ Refused
+	⁴ Plaintext reply
+	⁵ Redirects to www.artifica.fr
+	⁶ Redirects to www.dsi
+	⁷ Shows another domain
+	⁸ 403
+	* Redirects to http
+
+
+	Problematic subdomains:
+
+		- wayf.dsi ¹
+		- lpmmc.grenoble *
+		- intranet ¹
+		- igc.services *
+		- www.sg ²
+
+	¹ Insecure renegotiation
+	* Untrusted root
+	² Mismatched, CN: www.dgdr.cnrs.fr
+
+
+	Partially covered subdomains:
+
+		- www *
+
+	* $ 403s, some paths redirect to http
+
+
+	Fully covered subdomains:
+
+		- ccsdlib.ccsd
+		- ccsdlib-preprod.ccsd
+		- thumb.ccsd
+
+		- cnrsformation
+		- www.dgdr
+		- docutiles
+		- wayf.dsi
+		- emploi
+		- intranet
+		- lejournal
+		- www.sg	(→ www.dgdr)
+		- www2
+
+
+	^cnrs.fr doesn't exist.
+
+
+	These altnames don't exist:
+
+		- default.https.cnrs.fr
+		- igh.cnrs.fr
+
 
-		- www.insu.cnrs.fr	(ssl_error_rx_record_too_long)
+	Insecure cookies are set for these hosts: ᶜ
+
+		- nouba.dsi.cnrs.fr
+		- support.dsi.cnrs.fr
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- emploi from $self ˢ
+			- emploi from www ˢ
+			- lpmmc.grenoble from $self
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="French National Centre for Scientific Research (partial)" default_off="self-signed">
+<ruleset name="CNRS.fr (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="cas.cnrs.fr" />
+
+	<target host="ccsdlib.ccsd.cnrs.fr" />
+	<target host="ccsdlib-preprod.ccsd.cnrs.fr" />
+	<target host="thumb.ccsd.cnrs.fr" />
+	<target host="piwik-hal.ccsd.cnrs.fr" />
+
+	<target host="cnrsformation.cnrs.fr" />
+	<target host="www.dgdr.cnrs.fr" />
+	<target host="docutiles.cnrs.fr" />
+
+	<target host="aresu.dsi.cnrs.fr" />
+	<target host="infocentre.dsi.cnrs.fr" />
+	<target host="intranet.dsi.cnrs.fr" />
+	<target host="janus.dsi.cnrs.fr" />
+	<target host="labintel.dsi.cnrs.fr" />
+	<target host="nouba.dsi.cnrs.fr" />
+	<target host="sesame.dsi.cnrs.fr" />
+	<target host="support.dsi.cnrs.fr" />
+	<target host="vhphttp.dsi.cnrs.fr" />
+	<target host="wayf.dsi.cnrs.fr" />
+	<target host="web-ast.dsi.cnrs.fr" />
+	<target host="www.dsi.cnrs.fr" />
+
+	<target host="emploi.cnrs.fr" />
+	<!--target host="lpmmc.grenoble.cnrs.fr" /-->
+	<target host="www.igh.cnrs.fr" />
+	<target host="ftp.igh.cnrs.fr" />
 
-	<target host="cnrs.fr" />
+	<target host="intranet.cnrs.fr" />
+	<target host="janus.cnrs.fr" />
+	<target host="labintel.cnrs.fr" />
+	<target host="lejournal.cnrs.fr" />
+	<!--target host="igc.services.cnrs.fr" /-->
+	<target host="sesame.cnrs.fr" />
+	<target host="www.simbad.cnrs.fr" />
+	<target host="tempo.cnrs.fr" />
+	<target host="www.utinam.cnrs.fr" />
 	<target host="www.cnrs.fr" />
 
-	<!--	!www doesn't work.
-		cnrs.fr/$ throws 403.
-		cnrs.fr/ins2i/$ redirects to www.	-->
-	<rule from="^http://(?:www\.)?cnrs\.fr/ins2i/(images|IMG|plugins|styles)/"
-		to="https://www.cnrs.fr/ins2i/$1/" />
+	<!--	Complications:
+				-->
+	<target host="www.sg.cnrs.fr" />
+
+		<!--	403:
+				-->
+		<!--exclusion pattern="http://www2?\.cnrs\.fr/$" /-->
+		<!--
+			Redirects to http:
+						-->
+		<!--exclusion pattern="http://www\.cnrs\.fr/ins2i/($|spip\.php)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.cnrs\.fr/(?!/*ins2i/(?:images|IMG|plugins|squelettes/css|styles)/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.cnrs.fr/aquitaine/" />
+			<test url="http://www.cnrs.fr/climate" />
+			<test url="http://www.cnrs.fr/dgds/" />
+			<test url="http://www.cnrs.fr/editions" />
+			<test url="http://www.cnrs.fr/in2p3" />
+			<test url="http://www.cnrs.fr/ins2i/spip.php" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.cnrs.fr/ins2i/images/logo-cnrs.gif" />
+			<test url="http://www.cnrs.fr/ins2i/plugins/auto/Lecteur_multimedia/player.css" />
+			<test url="http://www.cnrs.fr/ins2i/squelettes/css/enluminurestypo.css" />
+			<test url="http://www.cnrs.fr/ins2i/styles/print.css" />
+			<test url="http://www.cnrs.fr/ins2i/IMG/png/idris-web.png" />
+
+		<!--	404:
+				-->
+		<!--exclusion pattern="^http://www2\.cnrs\.fr/(band/3\.htm|presse/communique/|sites/)" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^nouba\.dsi\.cnrs\.fr$" name="^BIGipServer[\w-]+$" /-->
+	<!--securecookie host="^support\.dsi\.cnrs\.fr$" name="^WEBXI_ID$" /-->
+
+	<securecookie host="^(?:nouba|support)\.dsi\.cnrs\.fr$" name=".+" />
+
+
+	<!--	Redirect drops path but not args:
+							-->
+	<rule from="^http://www\.sg\.cnrs\.fr/[^?]*"
+		to="https://www.dgdr.cnrs.fr/" />
+
+		<test url="http://www.sg.cnrs.fr/?" />
+		<test url="http://www.sg.cnrs.fr//" />
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/FrenchLeaks.fr.xml b/src/chrome/content/rules/FrenchLeaks.fr.xml
new file mode 100644
index 000000000000..b319d5897495
--- /dev/null
+++ b/src/chrome/content/rules/FrenchLeaks.fr.xml
@@ -0,0 +1,9 @@
+<ruleset name="FrenchLeaks.fr">
+
+	<target host="frenchleaks.fr" />
+	<target host="www.frenchleaks.fr" />
+	<target host="secure.frenchleaks.fr" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/FrenchTV.to.xml b/src/chrome/content/rules/FrenchTV.to.xml
new file mode 100644
index 000000000000..8b754e44900e
--- /dev/null
+++ b/src/chrome/content/rules/FrenchTV.to.xml
@@ -0,0 +1,9 @@
+<ruleset name="FrenchTV.to">
+
+	<target host="frenchtv.to" />
+	<target host="www.frenchtv.to" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Frequentis.com-falsemixed.xml b/src/chrome/content/rules/Frequentis.com-falsemixed.xml
deleted file mode 100644
index 34669c9447ef..000000000000
--- a/src/chrome/content/rules/Frequentis.com-falsemixed.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	For rules not causing false/broken MCB, see Frequentis.com.xml.
-
--->
-<ruleset name="Frequentis.com (false MCB)" platform="mixedcontent">
-
-	<target host="www.frequentis.com" />
-		<!--
-			Handled in Frequentis.com.xml:
-							-->
-		<exclusion pattern="^http://www\.frequentis\.com/+(favicon\.ico|fileadmin/|typo3temp/)" />
-
-
-	<securecookie host="^www.frequentis\.com$" name=".+" />
-
-
-	<rule from="^http://www\.frequentis\.com/(?!favicon\.ico|fileadmin/|typo3temp/)"
-		to="https://www.frequentis.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Frequentis.com.xml b/src/chrome/content/rules/Frequentis.com.xml
index 782b323e50b8..f83f2f09c80a 100644
--- a/src/chrome/content/rules/Frequentis.com.xml
+++ b/src/chrome/content/rules/Frequentis.com.xml
@@ -1,26 +1,34 @@
 <!--
-	For rules causing false/broken MCB, see Frequentis.com-falsemixed.xml.
+	^ and www redirect to http.
+
+	We can only secure static files
 
 -->
 <ruleset name="Frequentis.com (partial)">
 
 	<target host="frequentis.com" />
-	<target host="*.frequentis.com" />
-		<!--
-			Avoid false/broken MCB:
-						-->
-		<exclusion pattern="^http://www\.frequentis\.com/+(?!favicon\.ico|fileadmin/|typo3temp/)" />
-		<!--
-			https://... redirects to http://www...., so we can avoid
-			a duplicate target warning by blanket-rewriting ^.	-->
+	<target host="www.frequentis.com" />
+
+	<!--
+		Redirect to http. Needed to exclude implicit URL from tests
+	-->
+	<exclusion pattern="^http://(www\.)?frequentis\.com/$" />
+
 
+	<rule from="^http://(www\.)?frequentis\.com/favicon\.ico$"
+		to="https://$1frequentis.com/favicon.ico" />
 
-	<!--	Tracking cookies:
-					-->
-	<securecookie host="^\.frequentis\.com$" name="^s_\w+$" />
+		<test url="http://frequentis.com/favicon.ico" />
 
+	<rule from="^http://(www\.)?frequentis\.com/(fileadmin|typo3temp)/"
+		to="https://$1frequentis.com/$2/" />
 
-	<rule from="^http://(www\.)?frequentis\.com/"
-		to="https://$1frequentis.com/" />
+		<test url="http://www.frequentis.com/fileadmin/content/headerbilder/france/public_transport_home.jpg" />
+		<test url="http://www.frequentis.com/fileadmin/_processed_/csm_logo_e24e6fe3ab.png" />
+		<test url="http://www.frequentis.com/fileadmin/content/headerbilder/france/public_safety_home.jpg" />
+		<test url="http://www.frequentis.com/fileadmin/system/assets/img/background/header_stripe_layout1.gif" />
+		<test url="http://www.frequentis.com/fileadmin/system/assets/img/background/map_infopoint_bg.png" />
+		<test url="http://www.frequentis.com/fileadmin/system/assets/img/header_main_nav_sprite.png" />
+		<test url="http://www.frequentis.com/typo3temp/_processed_/csm_Coast-Guard-Rescue_istock_e9128d5828.jpg" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/FreshBSD.org.xml b/src/chrome/content/rules/FreshBSD.org.xml
new file mode 100644
index 000000000000..80502af9f9c4
--- /dev/null
+++ b/src/chrome/content/rules/FreshBSD.org.xml
@@ -0,0 +1,23 @@
+<!--
+	www: mismatched
+
+-->
+<ruleset name="FreshBSD.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="freshbsd.org" />
+	<target host="secure.freshbsd.org" />
+
+	<!--	Complications:
+				-->
+	<target host="www.freshbsd.org" />
+
+
+	<rule from="^http://www\.freshbsd\.org/"
+		to="https://freshbsd.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/FreshBooks.xml b/src/chrome/content/rules/FreshBooks.xml
deleted file mode 100644
index a30b701c9a50..000000000000
--- a/src/chrome/content/rules/FreshBooks.xml
+++ /dev/null
@@ -1,34 +0,0 @@
-<!--
-	Nonfunctional domains:
-
-		- community.freshbooks.com *
-		- developers.freshbooks.com *
-
-	* Redirects to http, valid cert
-
-
-	Partially covered domains:
-
-		- (www.)freshbooks.com	($ redirects to secure)
-
--->
-<ruleset name="FreshBooks (partial)">
-
-	<target host="fb-assets.com" />
-	<target host="www.fb-assets.com" />
-	<target host="freshbooks.com" />
-	<target host="*.freshbooks.com" />
-		<exclusion pattern="^http://(?:www\.)?freshbooks\.com/(?!cache/|images/|javascript/|styles/)" />
-		<exclusion pattern="^http://(?:community|developers)\." />
-
-
-	<securecookie host="^(?!www\.).+\.freshbooks\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?fb-assets\.com/"
-		to="https://$1fb-assets.com/" />
-
-	<rule from="^http://([\w-]+\.)?freshbooks\.com/"
-		to="https://$1freshbooks.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/FreshFlowers.com.au.xml b/src/chrome/content/rules/FreshFlowers.com.au.xml
new file mode 100644
index 000000000000..a0ee36224b1c
--- /dev/null
+++ b/src/chrome/content/rules/FreshFlowers.com.au.xml
@@ -0,0 +1,11 @@
+<ruleset name="FreshFlowers.com.au">
+
+	<target host="freshflowers.com.au" />
+	<target host="www.freshflowers.com.au" />
+	<target host="cdn.freshflowers.com.au" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/FreshFromThePot.com.xml b/src/chrome/content/rules/FreshFromThePot.com.xml
new file mode 100644
index 000000000000..72be7c0e343d
--- /dev/null
+++ b/src/chrome/content/rules/FreshFromThePot.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="FreshFromThePot.com">
+	<target host="freshfromthepot.com" />
+	<target host="www.freshfromthepot.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Freshapps.com.xml b/src/chrome/content/rules/Freshapps.com.xml
new file mode 100644
index 000000000000..8588b1a69374
--- /dev/null
+++ b/src/chrome/content/rules/Freshapps.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="Freshapps">
+
+	<target host="freshapps.com" />
+	<target host="www.freshapps.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Freshcode.club.xml b/src/chrome/content/rules/Freshcode.club.xml
new file mode 100644
index 000000000000..1e0324198422
--- /dev/null
+++ b/src/chrome/content/rules/Freshcode.club.xml
@@ -0,0 +1,29 @@
+<!--
+	NB: Tor users cannot view* this website due to CloudFlare settings.
+
+        See:
+
+                - https://blog.torproject.org/blog/call-arms-helping-internet-services-accept-anonymous-users
+                - https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block-Tor-
+                - https://support.cloudflare.com/hc/en-us/articles/200170206-How-do-I-turn-I-m-Under-Attack-mode-on-
+
+        * without enabling javascript, for security and privacy implications see e.g.:
+
+                - https://www.mozilla.org/security/known-vulnerabilities/firefox.html
+                - https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-fingerprinting
+                - https://panopticlick.eff.org
+
+-->
+<ruleset name="freshcode.club">
+
+	<target host="freshcode.club" />
+	<target host="www.freshcode.club" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Freshdesk.com.xml b/src/chrome/content/rules/Freshdesk.com.xml
new file mode 100644
index 000000000000..841c276be0b6
--- /dev/null
+++ b/src/chrome/content/rules/Freshdesk.com.xml
@@ -0,0 +1,20 @@
+<!--
+	Remark: *.freshdesk.com has a wildcard DNS record.
+
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- static.freshdesk.com
+		- static1.freshdesk.com
+		- static2.freshdesk.com
+		- static3.freshdesk.com
+		- static4.freshdesk.com
+		- static5.freshdesk.com
+-->
+<ruleset name="Freshdesk.com">
+	<target host="freshdesk.com" />
+	<target host="www.freshdesk.com" />
+	<target host="assets.freshdesk.com" />
+	<target host="blog.freshdesk.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Freshdesk.xml b/src/chrome/content/rules/Freshdesk.xml
deleted file mode 100644
index 033c81028dcd..000000000000
--- a/src/chrome/content/rules/Freshdesk.xml
+++ /dev/null
@@ -1,39 +0,0 @@
-<!--
-	CDN buckets:
-
-		- assets.freshdesk.com.s3.amazonaws.com
-	cdn.freshdesk.com.s3.amazonaws.com
-
-		- d3o14s01j0qbic.cloudfront.net
-
-			- static
-			- static[1-5]
-
-
-	Nonfunctional subdomains:
-
-		- (www.)	(no https)
-		- blog		(shows default nginx_ssl page; mismatched, CN: freshdesk.com)
-
--->
-<ruleset name="Freshdesk (partial)">
-
-	<target host="*.freshdesk.com" />
-		<exclusion pattern="^http://(?:blog|www)\." />
-
-
-	<rule from="^http://assets\.freshdesk\.com/"
-		to="https://s3.amazonaws.com/assets.freshdesk.com/" />
-
-	<rule from="^http://cdn\.freshdesk\.com/"
-		to="https://s3.amazonaws.com/cdn.freshdesk.com/" />
-
-	<rule from="^http://static[1-5]?\.freshdesk\.com/"
-		to="https://d3o14s01j0qbic.cloudfront.net/" />
-
-	<!--	Per-client subdomains:
-					-->
-	<rule from="^http://([\w-]+)\.freshdesk\.com/"
-		to="https://$1.freshdesk.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Freshmilk.de.xml b/src/chrome/content/rules/Freshmilk.de.xml
index d13500298907..53de75afe6dc 100644
--- a/src/chrome/content/rules/Freshmilk.de.xml
+++ b/src/chrome/content/rules/Freshmilk.de.xml
@@ -21,13 +21,13 @@
 <ruleset name="Freshmilk.de" default_off="self-signed">
 
 	<target host="freshmilk.de" />
-	<target host="*.freshmilk.de" />
+	<target host="www.freshmilk.de" />
+	<target host="nettv.freshmilk.de" />
 
 
 	<rule from="^http://(?:www\.)?freshmilk\.de/"
 		to="https://www.freshmilk.de/" />
 
-	<rule from="^http://nettv\.freshmilk\.de/"
-		to="https://nettv.freshmilk.de/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Freshmilk.tv.xml b/src/chrome/content/rules/Freshmilk.tv.xml
deleted file mode 100644
index 4c7efa69d6dd..000000000000
--- a/src/chrome/content/rules/Freshmilk.tv.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	Problematic subdomains:
-
-		- (www.)	(404, valid cert)
-
--->
-<ruleset name="Freshmilk.tv (partial)">
-
-	<target host="freshmilk.tv" />
-	<target host="*.freshmilk.tv" />
-		<exclusion pattern="^http://(?:www\.)?freshmilk\.tv/+(?!media/|static/)" />
-
-
-	<rule from="^http://(?:hub\.|www\.)?freshmilk\.tv/"
-		to="https://hub.freshmilk.tv/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Freshports.org.xml b/src/chrome/content/rules/Freshports.org.xml
index 150bb0d89a9e..a74ecdbf0fd6 100644
--- a/src/chrome/content/rules/Freshports.org.xml
+++ b/src/chrome/content/rules/Freshports.org.xml
@@ -1,6 +1,23 @@
+<!--
+	Mixed content:
+
+		- Bugs, from:
+
+			- www.google-analytics.com *
+			- ads.unixathome.org
+
+	* Secured by us
+
+-->
 <ruleset name="Freshports.org">
-  <target host="freshports.org" />
-  <target host="www.freshports.org" />
 
-  <rule from="^http://(www\.)?freshports\.org/" to="https://www.freshports.org/" />
+	<target host="freshports.org" />
+	<target host="www.freshports.org" />
+
+
+	<securecookie host="^\.freshports\.org$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/Fressnapf.de.xml b/src/chrome/content/rules/Fressnapf.de.xml
new file mode 100644
index 000000000000..acfcf162ed41
--- /dev/null
+++ b/src/chrome/content/rules/Fressnapf.de.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- www.fressnapf.de
+
+-->
+<ruleset name="Fressnapf.de">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="fressnapf.de" />
+	<target host="www.fressnapf.de" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.fressnapf\.de$" name="^JSESSIONID$" /-->
+
+	<securecookie host="^www\.fressnapf\.de$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/FriBID.se.xml b/src/chrome/content/rules/FriBID.se.xml
index 13a552c05a99..6c676ed19a33 100644
--- a/src/chrome/content/rules/FriBID.se.xml
+++ b/src/chrome/content/rules/FriBID.se.xml
@@ -3,6 +3,5 @@
   <target host="www.fribid.se" />
   <!-- all subdomains work over HTTPS, but the cert has www only -->
 
-  <rule from="^http://fribid\.se/" to="https://fribid.se/"/>
-  <rule from="^http://www\.fribid\.se/" to="https://www.fribid.se/"/>
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Frictional-Games.xml b/src/chrome/content/rules/Frictional-Games.xml
index 4cd5fbfd5fe0..477c683f297c 100644
--- a/src/chrome/content/rules/Frictional-Games.xml
+++ b/src/chrome/content/rules/Frictional-Games.xml
@@ -1,11 +1,11 @@
 <ruleset name="Frictional Games (partial)">
 
-	<target host="frictionalgames.com"/>
-	<target host="*.frictionalgames.com"/>
+	<target host="frictionalgames.com" />
+	<target host="shelf.frictionalgames.com" />
+	<target host="www.frictionalgames.com" />
 
-	<securecookie host="^(.*\.)?frictionalgames\.com$" name=".*"/>
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(shelf\.|www\.)?frictionalgames\.com/"
-		to="https://$1frictionalgames.com/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Frida.re.xml b/src/chrome/content/rules/Frida.re.xml
new file mode 100644
index 000000000000..9ab826932fde
--- /dev/null
+++ b/src/chrome/content/rules/Frida.re.xml
@@ -0,0 +1,15 @@
+<!--
+	Refused:
+		frida.re
+
+-->
+<ruleset name="Frida.re">
+	<target host="frida.re" />
+	<target host="www.frida.re" />
+	<target host="build.frida.re" />
+	<target host="codeshare.frida.re" />
+
+	<rule from="^http://frida\.re/"
+		to="https://www.frida.re/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Fridge.xml b/src/chrome/content/rules/Fridge.xml
deleted file mode 100644
index 98bba8a13354..000000000000
--- a/src/chrome/content/rules/Fridge.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="Fridge">
-  <target host="frid.ge" />
-  <target host="www.frid.ge" />
-
-  <securecookie host="^(.+\.)?frid\.ge$" name=".*"/>
-
-  <rule from="^http://(?:www\.)?frid\.ge/" to="https://frid.ge/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/Friedhoff.org.xml b/src/chrome/content/rules/Friedhoff.org.xml
new file mode 100644
index 000000000000..4c5365beee7d
--- /dev/null
+++ b/src/chrome/content/rules/Friedhoff.org.xml
@@ -0,0 +1,13 @@
+<!--
+	www: cert only matches ^friedhoff.org
+
+-->
+<ruleset name="Friedhoff.org">
+
+	<target host="friedhoff.org" />
+	<target host="www.friedhoff.org" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/FriendFinder.xml b/src/chrome/content/rules/FriendFinder.xml
index 3f5c396b9962..47efbdbbef14 100644
--- a/src/chrome/content/rules/FriendFinder.xml
+++ b/src/chrome/content/rules/FriendFinder.xml
@@ -1,7 +1,15 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://media.friendfinder.com/ => https://media.friendfinder.com/: (6, 'Could not resolve host: media.friendfinder.com')
+
 	Other FriendFinder rulesets:
 
 		- Adult-FriendFinder.xml
+		- Cams.com.xml
+		- Pop6.com.xml
+		- Securedataimages.com.xml
+		- Steamray.com.xml
 
 
 	CDN buckets:
@@ -12,52 +20,65 @@
 			- graphics.pop6.com
 
 
-	Problematic domains:
+	Problematic hosts in *friendfinder.com:
+
+		- (www.)?		(works, mismatched, CN: secure.friendfinder.com)
+		- graphics *
+		- photos *
+		- piclist *
 
-		- friendfinder.com subdomains:
+	* Works, mismatched, CN: *.securedataimages.com
 
-			- (www.)		(works, mismatched, CN: secure.friendfinder.com)
-			- graphics *
-			- photos *
-			- piclist *
 
-		- (www.)pop6.com		(works, mismatched, CN: secure.adultfriendfinder.com)
-		- graphics.pop6.com *
+	These altnames do not exist:
+
+		- www.secure.friendfinder.com
 
-	* Works, mismatched, CN: *.securedataimages.com
 
+	Insecure cookies are set for these domains: ᶜ
 
-	Fully covered domains:
+		- .friendfinder.com
 
-		- friendfinder.com subdomains:
+	ᶜ See https://owasp.org/index.php/SecureFlag
 
-			- (www.)			(→ secure.friendfinder.com)
-			- graphics			(→ secureimage.securedataimages.com)
-			- photos			(→ secureimage.securedataimages.com)
-			- piclist			(→ secureimage.securedataimages.com)
-			- secure
 
-		- (www.)pop6.com			(→ secure.friendfinder.com)
-		- graphics.pop6.com			(→ secureimage.securedataimages.com)
-		- secureimage.securedataimages.com
+	Mixed content:
+
+		- Bug on secure from media.friendfinder.com *
+
+	* Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="FriendFinder">
+<ruleset name="FriendFinder.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="media.friendfinder.com" />
+	<target host="secure.friendfinder.com" />
 
+	<!--	Complications:
+				-->
 	<target host="friendfinder.com" />
-	<target host="*.friendfinder.com" />
-	<target host="pop6.com" />
-	<target host="*.pop6.com" />
-	<target host="secureimage.securedataimages.com" />
+	<target host="graphics.friendfinder.com" />
+	<target host="photos.friendfinder.com" />
+	<target host="piclist.friendfinder.com" />
+	<target host="www.friendfinder.com" />
 
 
-	<securecookie host="^\.friendfinder\.com$" name=".+" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.friendfinder\.com$" name="^(AB_TRACKING|HISTORY|IP_COUNTRY|LOCATION_FROM_IP|PrefID|REFERRAL_URL|click_id_time|ff_tr|ff_who|v_hash)$" /-->
 
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^https?://(?:secure\.|www\.)?(?:friendfinder|pop6)\.com/"
+
+	<rule from="^http://(?:www\.)?friendfinder\.com/"
 		to="https://secure.friendfinder.com/" />
 
-	<rule from="^https?://(?:graphics|photos|piclist|secureimage)\.(?:friendfinder|pop6|securedataimages)\.com/"
+	<rule from="^http://(?:graphics|photos|piclist)\.friendfinder\.com/"
 		to="https://secureimage.securedataimages.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Friendfeed.xml b/src/chrome/content/rules/Friendfeed.xml
deleted file mode 100644
index 8fb007489cf3..000000000000
--- a/src/chrome/content/rules/Friendfeed.xml
+++ /dev/null
@@ -1,30 +0,0 @@
-<!--
-	Nonfunctional:
-
-		- blog.friendfeed.com	(times out)
-
--->
-<ruleset name="Friendfeed">
-
-	<target host="friendfeed.com" />
-	<target host="*.friendfeed.com" />
-	<target host="friendfeed-media.com" />
-	<target host="m.friendfeed-media.com" />
-
-
-	<securecookie host="^\.friendfeed\.com$" name="^AT$" />
-	<securecookie host="^friendfeed-media\.com$" name=".*" />
-
-
-	<!--	www.friendfeed-media redirects as so.	-->
-	<rule from="^http://(?:www\.)?friendfeed(?:-media)?\.com/"
-		to="https://friendfeed.com/" />
-
-	<rule from="^http://blog\.friendfeed\.com/favicon\.ico"
-		to="https://www.blogger.com/favicon.ico" />
-
-	<!--	!m redirects to m.	-->
-	<rule from="^http://(?:m\.)?friendfeed-media\.com/"
-		to="https://s3.amazonaws.com/friendfeed-media/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/FriendlyDuck.com.xml b/src/chrome/content/rules/FriendlyDuck.com.xml
new file mode 100644
index 000000000000..675ec688dc1a
--- /dev/null
+++ b/src/chrome/content/rules/FriendlyDuck.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- friendlyduck.com
+		- www.friendlyduck.com
+
+-->
+<ruleset name="FriendlyDuck.com">
+
+	<target host="friendlyduck.com" />
+	<target host="m.friendlyduck.com" />
+	<target host="www.friendlyduck.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?friendlyduck\.com$" name="^CF(?:ID|TOKEN)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Friendly_Bracelets.com.xml b/src/chrome/content/rules/Friendly_Bracelets.com.xml
new file mode 100644
index 000000000000..51423e72fbab
--- /dev/null
+++ b/src/chrome/content/rules/Friendly_Bracelets.com.xml
@@ -0,0 +1,23 @@
+<!--
+	Problematic subdomains:
+
+		- blog *
+
+	* Works; mismatched, CN: tools.sisidra.lv
+
+
+	Mixed content:
+
+		- Images on blog from blog
+
+-->
+<ruleset name="Friendly Bracelets.com (partial)">
+
+	<target host="friendlybracelets.com" />
+	<target host="www.friendlybracelets.com" />
+		<!--exclusion pattern="http://blog\.friendlybracelets\.com/" /-->
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Friendpaste.com.xml b/src/chrome/content/rules/Friendpaste.com.xml
new file mode 100644
index 000000000000..b904a94624ff
--- /dev/null
+++ b/src/chrome/content/rules/Friendpaste.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- friendpaste.com
+		- www.friendpaste.com
+
+-->
+<ruleset name="Friendpaste.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="friendpaste.com" />
+	<target host="www.friendpaste.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?friendpaste\.com$" name="^FRIENDPASTE_SID$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Friends-of-WikiLeaks.xml b/src/chrome/content/rules/Friends-of-WikiLeaks.xml
deleted file mode 100644
index e81b87efe2c7..000000000000
--- a/src/chrome/content/rules/Friends-of-WikiLeaks.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	www times out.
-
--->
-<ruleset name="Friends of WikiLeaks">
-
-	<target host="wlfriends.org" />
-	<target host="www.wlfriends.org" />
-
-
-	<securecookie host="^wlfriends\.org$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?wlfriends\.org/"
-		to="https://wlfriends.org/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Friends.nico.xml b/src/chrome/content/rules/Friends.nico.xml
new file mode 100644
index 000000000000..6d99ca8f8036
--- /dev/null
+++ b/src/chrome/content/rules/Friends.nico.xml
@@ -0,0 +1,11 @@
+<!--
+	For more NicoVideo related rulesets, see Nicovideo.jp.xml
+
+-->
+<ruleset name="Friends.nico">
+	<target host="friends.nico" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Friendster.xml b/src/chrome/content/rules/Friendster.xml
index 5c157f98bfb2..35d4b4d5d783 100644
--- a/src/chrome/content/rules/Friendster.xml
+++ b/src/chrome/content/rules/Friendster.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://assets0.frndcdn.net/ => https://d3outgkpos8q21.cloudfront.net/: (6, 'Could not resolve host: d3outgkpos8q21.cloudfront.net')
+
 	CDN buckets:
 
 		- d3lihw2jc2z1gc.cloudfront.net
@@ -22,7 +26,7 @@
 	Some pages redirect to http
 
 -->
-<ruleset name="Friendster (partial)">
+<ruleset name="Friendster (partial)" default_off="failed ruleset test">
 
 	<target host="friendster.com" />
 	<target host="www.friendster.com" />
@@ -35,4 +39,4 @@
 	<rule from="^http://assets0\.frndcdn\.net/"
 		to="https://d3outgkpos8q21.cloudfront.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Frim.nl.xml b/src/chrome/content/rules/Frim.nl.xml
index a8ebc280db40..e9e2a96fd7d4 100644
--- a/src/chrome/content/rules/Frim.nl.xml
+++ b/src/chrome/content/rules/Frim.nl.xml
@@ -1,13 +1,14 @@
 <ruleset name="frim.nl" default_off="self-signed">
 
 	<target host="frim.nl"/>
-	<target host="*.frim.nl"/>
+	<target host="www.frim.nl" />
+	<target host="frim.frim.nl" />
+	<target host="gitx.frim.nl" />
 
 	<!--	cert doesn't match /frim.nl	-->
 	<rule from="^http://(?:www\.)?frim\.nl/"
 		to="https://www.frim.nl/"/>
 
-	<rule from="^http://(frim|gitx)\.frim\.nl/"
-		to="https://$1.frim.nl/"/>
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Frivillighetshuset.no.xml b/src/chrome/content/rules/Frivillighetshuset.no.xml
new file mode 100644
index 000000000000..29cbc134e32c
--- /dev/null
+++ b/src/chrome/content/rules/Frivillighetshuset.no.xml
@@ -0,0 +1,23 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.frivillighetshuset.no/ => https://www.frivillighetshuset.no/: (51, "SSL: no alternative certificate subject name matches target host name 'www.frivillighetshuset.no'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.frivillighetshuset.no/ => https://www.frivillighetshuset.no/: (6, 'Could not resolve host: frivillighetshuset.noi')
+	Mixed content:
+
+		- css from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Frivillighetshuset.no" default_off="failed ruleset test">
+
+	<target host="frivillighetshuset.no" />
+	<target host="www.frivillighetshuset.no" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/From-UA.com.xml b/src/chrome/content/rules/From-UA.com.xml
new file mode 100644
index 000000000000..e2338879058b
--- /dev/null
+++ b/src/chrome/content/rules/From-UA.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="From-UA.com" >
+	<target host="from-ua.com" />
+	<target host="www.from-ua.com" />
+	<target host="fb.from-ua.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Fromorbit.com.xml b/src/chrome/content/rules/Fromorbit.com.xml
new file mode 100644
index 000000000000..a39f6edbcd0e
--- /dev/null
+++ b/src/chrome/content/rules/Fromorbit.com.xml
@@ -0,0 +1,17 @@
+<!--
+	Mixed content:
+
+		- Images from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="fromorbit.com">
+
+	<target host="fromorbit.com" />
+	<target host="www.fromorbit.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/FrontEndChecklist.io.xml b/src/chrome/content/rules/FrontEndChecklist.io.xml
new file mode 100644
index 000000000000..6f8faa501961
--- /dev/null
+++ b/src/chrome/content/rules/FrontEndChecklist.io.xml
@@ -0,0 +1,7 @@
+<ruleset name="FrontEndChecklist.io">
+	<target host="frontendchecklist.io" />
+	<target host="www.frontendchecklist.io" />
+	<target host="develop.frontendchecklist.io" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Frontier-Network-and-Computing-Systems.xml b/src/chrome/content/rules/Frontier-Network-and-Computing-Systems.xml
index 1f366b742558..026853d4dc88 100644
--- a/src/chrome/content/rules/Frontier-Network-and-Computing-Systems.xml
+++ b/src/chrome/content/rules/Frontier-Network-and-Computing-Systems.xml
@@ -1,9 +1,38 @@
-<ruleset name="Frontier Network and Computing Systems">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://fcns.eu/ => https://fcns.eu/: (7, 'Failed to connect to fcns.eu port 443: Connection refused')
+
+	www: dropped
+
+
+	Mixed content:
+
+		- css from $self ¹
+
+		- Images, from
+
+			-  $self ²
+			-  upload.wikimedia.org ²
+
+	¹ Secured by us, minimal effect
+	² Secured by us
+
+-->
+<ruleset name="Frontier Network and Computing Systems" default_off="failed ruleset test">
 
 	<target host="fcns.eu"/>
-	<target host="*.fcns.eu"/>
+	<target host="www.fcns.eu" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^fcns\.eu$" name="^(PHPSESSID|wordpress_test_cookie)$" /-->
+
+	<securecookie host="^fcns\.eu$" name=".+" />
+
 
-	<rule from="^http://(webid\.|www\.)?fcns\.eu/"
-		to="https://$1fcns.eu/"/>
+	<rule from="^http://(?:www\.)?fcns\.eu/"
+		to="https://fcns.eu/"/>
 
 </ruleset>
diff --git a/src/chrome/content/rules/Frontier.co.uk.xml b/src/chrome/content/rules/Frontier.co.uk.xml
index aadb76186848..f6d33620a0a8 100644
--- a/src/chrome/content/rules/Frontier.co.uk.xml
+++ b/src/chrome/content/rules/Frontier.co.uk.xml
@@ -19,13 +19,15 @@
 <ruleset name="Frontier.co.uk (partial)">
 
 	<target host="frontier.co.uk" />
-	<target host="*.frontier.co.uk" />
+	<target host="elite.frontier.co.uk" />
+	<target host="kinectimals.frontier.co.uk" />
+	<target host="lostwinds.frontier.co.uk" />
+	<target host="www.frontier.co.uk" />
 
 
 	<securecookie host="^(?:(?:elite|kinectimals|lostwinds|www)\.)?frontier\.co\.uk$" name=".+" />
 
 
-	<rule from="^http://((?:elite|kinectimals|lostwinds|www)\.)?frontier\.co\.uk/"
-		to="https://$1frontier.co.uk/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/FrontlineDefenders.xml b/src/chrome/content/rules/FrontlineDefenders.xml
index 96b64392d480..4711b4c34e65 100644
--- a/src/chrome/content/rules/FrontlineDefenders.xml
+++ b/src/chrome/content/rules/FrontlineDefenders.xml
@@ -1,20 +1,24 @@
 <!--
-	Mixed content:
+	Insecure cookies are set for these domains:
 
-		- Images on (www.) from www *
+		- .frontlinedefenders.org
 
-		- Web bug on (www.) from w.sharethis.com *
+-->
+<ruleset name="Frontline Defenders.org">
 
-	* Secured by us
+	<!--	Direct rewrites:
+				-->
+	<target host="frontlinedefenders.org" />
+	<target host="www.frontlinedefenders.org" />
 
--->
-<ruleset name="Frontline Defenders">
-  <target host="*.frontlinedefenders.org" />
-  <target host="frontlinedefenders.org" />
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.frontlinedefenders\.org$" name="^SESS[\da-f]{32}$" /-->
 
-	<securecookie host="^(?:w*\.)?frontlinedefenders\.org$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-  <rule from="^http://(www\.)?frontlinedefenders\.org/" to="https://$1frontlinedefenders.org/"/>
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Frooition_Software.xml b/src/chrome/content/rules/Frooition_Software.xml
index 13969f5a5837..34386cdf45fd 100644
--- a/src/chrome/content/rules/Frooition_Software.xml
+++ b/src/chrome/content/rules/Frooition_Software.xml
@@ -7,10 +7,11 @@
 -->
 <ruleset name="Frooition Software (partial)">
 
-	<target host="*.frooition.com" />
+	<target host="freedom.frooition.com" />
+	<target host="my.frooition.com" />
+	<target host="secure.frooition.com" />
 
 
-	<rule from="^http://(freedom|my|secure)\.frooition\.com/"
-		to="https://$1.frooition.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/FrootVPN.com.xml b/src/chrome/content/rules/FrootVPN.com.xml
new file mode 100644
index 000000000000..99e609c951fa
--- /dev/null
+++ b/src/chrome/content/rules/FrootVPN.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- www.frootvpn.com
+
+-->
+<ruleset name="FrootVPN.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="frootvpn.com" />
+	<target host="www.frootvpn.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.frootvpn\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^www\.frootvpn\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/FrostWire.xml b/src/chrome/content/rules/FrostWire.xml
index 01556662e070..91f5a6353816 100644
--- a/src/chrome/content/rules/FrostWire.xml
+++ b/src/chrome/content/rules/FrostWire.xml
@@ -2,7 +2,6 @@
 
 	<target host="static.frostwire.com"/>
 
-	<rule from="^http://static\.frostwire\.com/"
-		to="https://s3.amazonaws.com/static.frostwire.com/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Frostmourne-WoW.eu.xml b/src/chrome/content/rules/Frostmourne-WoW.eu.xml
index b19e91717ac8..de0675db53b4 100644
--- a/src/chrome/content/rules/Frostmourne-WoW.eu.xml
+++ b/src/chrome/content/rules/Frostmourne-WoW.eu.xml
@@ -17,7 +17,6 @@
 	<securecookie host="^img\.frostmourne-wow\.eu$" name=".+" />
 
 
-	<rule from="^http://img\.frostmourne-wow\.eu/"
-		to="https://img.frostmourne-wow.eu/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/FrozenCPU.com.xml b/src/chrome/content/rules/FrozenCPU.com.xml
index 3a78d313ba7e..7313f690fed4 100644
--- a/src/chrome/content/rules/FrozenCPU.com.xml
+++ b/src/chrome/content/rules/FrozenCPU.com.xml
@@ -1,13 +1,12 @@
 <ruleset name="FrozenCPU.com">
 
 	<target host="frozencpu.com" />
-	<target host="*.frozencpu.com" />
+	<target host="www.frozencpu.com" />
 
 
 	<securecookie host="^\.www\.frozencpu\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?frozencpu\.com/"
-		to="https://$1frozencpu.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Frozen_Yoghurt_Franchise.xml b/src/chrome/content/rules/Frozen_Yoghurt_Franchise.xml
index dd057fa22439..897bd692fe2e 100644
--- a/src/chrome/content/rules/Frozen_Yoghurt_Franchise.xml
+++ b/src/chrome/content/rules/Frozen_Yoghurt_Franchise.xml
@@ -1,13 +1,21 @@
-<ruleset name="Frozen Yoghurt Franchise">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://frozen-yogurt-franchise.org/ => https://frozen-yogurt-franchise.org/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.frozen-yogurt-franchise.org/ => https://www.frozen-yogurt-franchise.org/: (28, 'Connection timed out after 20000 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://frozen-yogurt-franchise.org/ => https://frozen-yogurt-franchise.org/: (51, "SSL: no alternative certificate subject name matches target host name 'frozen-yogurt-franchise.org'")
+-->
+<ruleset name="Frozen Yoghurt Franchise" default_off="failed ruleset test">
 
 	<target host="frozen-yogurt-franchise.org" />
-	<target host="*.frozen-yogurt-franchise.org" />
+	<target host="www.frozen-yogurt-franchise.org" />
 
 
 	<securecookie host="^\.frozen-yogurt-franchise.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?frozen-yogurt-franchise\.org/"
-		to="https://$1frozen-yogurt-franchise.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Frozentux.net.xml b/src/chrome/content/rules/Frozentux.net.xml
new file mode 100644
index 000000000000..7520ce980911
--- /dev/null
+++ b/src/chrome/content/rules/Frozentux.net.xml
@@ -0,0 +1,10 @@
+<ruleset name="Frozentux.net">
+
+	<target host="frozentux.net" />
+	<target host="www.frozentux.net" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Frugalware.org.xml b/src/chrome/content/rules/Frugalware.org.xml
new file mode 100644
index 000000000000..3327b76790cf
--- /dev/null
+++ b/src/chrome/content/rules/Frugalware.org.xml
@@ -0,0 +1,41 @@
+<!--
+	Invalid certficate:
+		darcs.frugalware.org
+		dors.frugalware.org
+		git.frugalware.org
+		lists.frugalware.org
+		packages.frugalware.org
+		planet.frugalware.org
+		wiki.frugalware.org
+    bugs.frugalware.org
+
+	Private subdomain:
+		webmail.frugalware.org
+
+	Non functional over https for various reasons:
+		www\d.frugalware.org
+		rsync\d.frugalware.org
+
+  Unresolved host:
+    - planet.frugalware.org
+
+-->
+<ruleset name="Frugalware.org">
+
+	<target host="frugalware.org" />
+	<target host="www.frugalware.org" />
+	<target host="lists.frugalware.org" />
+	<target host="packages.frugalware.org" />
+
+	<securecookie host="^.+\.frugalware\.org$" name=".+" />
+
+	<rule from="^http://lists\.frugalware\.org/"
+		to="https://frugalware.org/mailman/listinfo/" />
+
+	<rule from="^http://packages\.frugalware\.org/"
+		to="https://frugalware.org/packages/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Frugalware_Linux.xml b/src/chrome/content/rules/Frugalware_Linux.xml
deleted file mode 100644
index de6858ffa467..000000000000
--- a/src/chrome/content/rules/Frugalware_Linux.xml
+++ /dev/null
@@ -1,32 +0,0 @@
-<!--
-	Problematic subdomains:
-
-		- ^		(works, mismatched, CN: webmail.frugalware.org)
-		- bugs *
-		- forums *
-		- webmail *
-		- wiki *
-		- www		(works, mismatched, CN: void.ironiq.eu)
-
-	* Self-signed
-
-
-	Targets solely for wildcard cookies:
-
-		- *.forums.frugalware.org
-
--->
-<ruleset name="Frugalware Linux" default_off="mismatched, self-signed">
-
-	<target host="frugalware.org" />
-	<target host="*.frugalware.org" />
-	<target host="*.forums.frugalware.org" />
-
-
-	<securecookie host="^.+\.frugalware\.org$" name=".+" />
-
-
-	<rule from="^http://(?:((?:bugs|forums|webmail|wiki)\.)|www\.)?frugalware\.org/"
-		to="https://$1frugalware.org/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Fruit_Ninja.xml b/src/chrome/content/rules/Fruit_Ninja.xml
index f185d0fed982..b8f36fa53c4c 100644
--- a/src/chrome/content/rules/Fruit_Ninja.xml
+++ b/src/chrome/content/rules/Fruit_Ninja.xml
@@ -1,24 +1,19 @@
-<!--
-	CDN buckets:
-
-		- gp1.wac.edgecastcdn.net/0076FF/hbwebmedia/
-		- cdn.toyfoundry.net/store.fruitninja.com/
-
-
-	Nonfunctional subdomains:
-
-		- (www.)
-
--->
-<ruleset name="Fruit Ninja (partial)">
-
+<ruleset name="Fruit Ninja.com">
+	<target host="fruitninja.com" />
+	<target host="www.fruitninja.com" />
+	<target host="academy.fruitninja.com" />
+	<target host="anniversary.fruitninja.com" />
+	<target host="beta.fruitninja.com" />
+	<target host="dev.beta.fruitninja.com" />
+	<target host="fx.fruitninja.com" />
+	<target host="kinect.fruitninja.com" />
+	<target host="r.fruitninja.com" />
+	<target host="shop.fruitninja.com" />
 	<target host="store.fruitninja.com" />
+	<target host="vr.fruitninja.com" />
+	<target host="dev.vr.fruitninja.com" />
 
+	<securecookie host=".+" name=".+" />
 
-	<securecookie host="^store\.fruitninja\.com$" name=".+" />
-
-
-	<rule from="^http://store\.fruitninja\.com/"
-		to="https://store.fruitninja.com/" />
-
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Frys-mismatches.xml b/src/chrome/content/rules/Frys-mismatches.xml
index bc7c2e0d5d10..e8ee87a24fcd 100644
--- a/src/chrome/content/rules/Frys-mismatches.xml
+++ b/src/chrome/content/rules/Frys-mismatches.xml
@@ -2,7 +2,7 @@
 	For rules that are on by default, see Frys.xml.
 
 -->
-<ruleset name="Frys (mismatches)" default_off="mismatch">
+<ruleset name="Frys (mismatches)" default_off="mismatched">
 
 	<target host="frys.com" />
 	<target host="www.frys.com" />
diff --git a/src/chrome/content/rules/Frys.xml b/src/chrome/content/rules/Frys.xml
index bc72916e770b..ea237c4e4b87 100644
--- a/src/chrome/content/rules/Frys.xml
+++ b/src/chrome/content/rules/Frys.xml
@@ -4,18 +4,23 @@
 -->
 <ruleset name="Frys (partial)">
 
-	<target host="*.frys.com" />
+	<target host="images.frys.com" />
+	<target host="shop1.frys.com" />
+	<target host="shop2.frys.com" />
+	<target host="shop3.frys.com" />
+	<target host="shop4.frys.com" />
+	<target host="shop5.frys.com" />
+	<target host="shop6.frys.com" />
 
 
-	<securecookie host="^.*\.frys\.com$" name=".*" />
+	<securecookie host=".+" name=".+"/>
 
 
 	<!--	Guilty of giving ExtremeTech http
 		data on https pages.	-->
-	<rule from="^https?://images\.frys\.com/"
+	<rule from="^http://images\.frys\.com/"
 		to="https://frys.hs.llnwd.net/e1/" />
 
-	<rule from="^http://shop([1-6])\.frys\.com/"
-		to="https://shop$1.frys.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Fshare.vn.xml b/src/chrome/content/rules/Fshare.vn.xml
index 4b331199074e..6837c3e7cec0 100644
--- a/src/chrome/content/rules/Fshare.vn.xml
+++ b/src/chrome/content/rules/Fshare.vn.xml
@@ -1,13 +1,12 @@
 <ruleset name="Fshare.vn">
 
 	<target host="fshare.vn" />
-	<target host="*.fshare.vn" />
+	<target host="www.fshare.vn" />
 
 
 	<securecookie host="^(?:www)?\.fshare\.vn$" name=".+" />
 
 
-	<rule from="^http://(www\.)?fshare\.vn/"
-		to="https://$1fshare.vn/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Fstoppers.com.xml b/src/chrome/content/rules/Fstoppers.com.xml
new file mode 100644
index 000000000000..05d9cadcbc9e
--- /dev/null
+++ b/src/chrome/content/rules/Fstoppers.com.xml
@@ -0,0 +1,22 @@
+<!--
+	CDN buckets:
+
+		- s3.amazonaws.com/s3.fstoppers.com/
+
+-->
+<ruleset name="Fstoppers.com">
+
+	<target host="fstoppers.com" />
+	<target host="www.fstoppers.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?fstoppers\.com$" name="^AWSELB$" /-->
+
+	<securecookie host="^(?:www\.)?fstoppers\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Fuck-You-Cash.xml b/src/chrome/content/rules/Fuck-You-Cash.xml
index d15f5af397e2..49b57d26eda5 100644
--- a/src/chrome/content/rules/Fuck-You-Cash.xml
+++ b/src/chrome/content/rules/Fuck-You-Cash.xml
@@ -1,12 +1,11 @@
 <!--	!functional
 		home.fuckyoucash.com	(sec_error_reused_issuer_and_serial)
 -->
-<ruleset name="Fuck You Cash" default_off="mismatch">
+<ruleset name="Fuck You Cash" default_off="mismatched">
 
 	<!--	securebillingservices.com	-->
 	<target host="join.fuckyoucash.com"/>
 
-	<rule from="^http://join\.fuckyoucash\.com/"
-		to="https://join.fuckyoucash.com/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/FuckOffGoogle.de.xml b/src/chrome/content/rules/FuckOffGoogle.de.xml
new file mode 100644
index 000000000000..33ddda745fed
--- /dev/null
+++ b/src/chrome/content/rules/FuckOffGoogle.de.xml
@@ -0,0 +1,11 @@
+<ruleset name="FuckOffGoogle.de">
+	<target host="fuckoffgoogle.de" />
+	<target host="www.fuckoffgoogle.de" />
+	<target host="lists.fuckoffgoogle.de" />
+		<test url="http://lists.fuckoffgoogle.de/cgi-bin/mailman/admin" />
+	<target host="wiki.fuckoffgoogle.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Fuel_Economy.xml b/src/chrome/content/rules/Fuel_Economy.xml
index 4d9e70a8ecc4..af76816c5a5f 100644
--- a/src/chrome/content/rules/Fuel_Economy.xml
+++ b/src/chrome/content/rules/Fuel_Economy.xml
@@ -1,20 +1,16 @@
 <!--
-	For other U.S. government coverage, see US-government.xml.
-
-
-	Cert only matches www
 
 -->
-<ruleset name="Fuel Economy">
+<ruleset name="Fuel Economy.gov">
 
 	<target host="fueleconomy.gov" />
 	<target host="www.fueleconomy.gov" />
 
 
-	<securecookie host="^www\.fueleconomy\.gov$" name=".+" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?fueleconomy\.gov/"
-		to="https://www.fueleconomy.gov/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Fuelcdn.com.xml b/src/chrome/content/rules/Fuelcdn.com.xml
new file mode 100644
index 000000000000..4f61f119ff6c
--- /dev/null
+++ b/src/chrome/content/rules/Fuelcdn.com.xml
@@ -0,0 +1,21 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://editor.fuelcdn.com/ => https://editor.fuelcdn.com/: (51, "SSL: no alternative certificate subject name matches target host name 'editor.fuelcdn.com'")
+
+	For other ExactTarget coverage, see ExactTarget.xml.
+
+-->
+<ruleset name="fuelcdn.com" default_off="failed ruleset test">
+
+	<target host="fuelcdn.com" />
+	<target host="editor.fuelcdn.com" />
+	<target host="www.fuelcdn.com" />
+
+
+	<securecookie host="^\.fuelcdn\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Fuerza_Popular.xml b/src/chrome/content/rules/Fuerza_Popular.xml
deleted file mode 100644
index de83da0c717f..000000000000
--- a/src/chrome/content/rules/Fuerza_Popular.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	fuerzapopularpe.keikoperu.com
-
-
-	Nonfunctional domains:
-
-		- (www.)fuerzapopular.com	(no https)
-
--->
-<ruleset name="Fuerza Popular (partial)">
-
-	<target host="fuerzapopularpe.keikoperu.com" />
-	<target host="fuerzapopular.pe" />
-	<target host="www.fuerzapopular.pe" />
-
-
-	<rule from="^http://(?:fuerzapopularpe\.keikoperu\.com|(?:www\.)?fuerzapopular\.pe)/(banner/|favicon\.ico|wp-content/)"
-		to="https://secure.bluehost.com/~keikoper/fuerzapopular.pe/$1" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Fujirumors.com.xml b/src/chrome/content/rules/Fujirumors.com.xml
new file mode 100644
index 000000000000..720c063bf24c
--- /dev/null
+++ b/src/chrome/content/rules/Fujirumors.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Fujirumors.com">
+	<target host="fujirumors.com" />
+	<target host="www.fujirumors.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Fujitsu.xml b/src/chrome/content/rules/Fujitsu.xml
index 6542220ca252..57f91d2578c4 100644
--- a/src/chrome/content/rules/Fujitsu.xml
+++ b/src/chrome/content/rules/Fujitsu.xml
@@ -1,42 +1,32 @@
 <!--
-	Nonfunctioning jp paths:
+	Fujitsu related rulesets:
+		+ fmworld.net.xml
+		+ fujitsu-webmart.com.xml
 
-		- _jptoppromotion/jad/banner.png
-
--->
-<ruleset name="Fujitsu (partial)" platform="mixedcontent">
-
-	<target host="fmworld.net" />
-	<target host="*.fmworld.net" />
-	<target host="jp.fujitsu.com" />
-	<target host="img.jp.fujitsu.com" />
-		<exclusion pattern="^http://(img\.)?jp\.fujitsu\.com/imgv4/jp/" />
-	<target host="fujitsu-webmart.com" />
-	<target host="www.fujitsu-webmart.com" />
-	<!--	* for cross-subdomain cookie.	-->
-	<target host="*.www.fujitsu-webmart.com" />
-
-
-	<securecookie host="^.*\.fmworld\.net$" name=".*" />
-	<securecookie host="^.*\.fujitsu-webmart\.com$" name=".*" />
+	Non-functional hosts in *.fujitsu.com:
+		SSL connect error:
+		- sports-topics.jp.fujitsu.com
 
+		SSL peer certificate was not OK:
+		- img.jp.fujitsu.com
 
-	<!--	Cert only matches www.	-->
-	<rule from="^https?://(?:www\.)?fmworld\.net/"
-		to="https://www.fmworld.net/" />
+		Self-signed certificate chain error:
+		- www.fei.fujitsu.com
 
-	<rule from="^http://azby\.fmworld\.net/"
-		to="https://azby.fmworld.net/" />
-
-	<!--	img 404s	-->
-	<rule from="^https?://img\.jp\.fujitsu\.com/"
-		to="https://jp.fujitsu.com/" />
-
-	<rule from="^http://jp\.fujitsu\.com/(cgi-bin|cssv4|imgv[34])/"
-		to="https://jp.fujitsu.com/$1/" />
-
-	<!--	Cert only matches www.	-->
-	<rule from="^https?://(?:www\.)?fujitsu-webmart\.com/"
-		to="https://www.fujitsu-webmart.com/" />
+-->
+<ruleset name="Fujitsu (partial)">
+	<target host="fujitsu.com" />
+	<target host="www.fujitsu.com" />
+	<target host="tech.fjct.fujitsu.com" />
+	<target host="www.fom.fujitsu.com" />
+	<target host="blog.global.fujitsu.com" />
+	<target host="digitalworkplace.global.fujitsu.com" />
+	<target host="jp.fujitsu.com" />
+	<target host="cloud-direct.jp.fujitsu.com" />
+	<target host="journal.jp.fujitsu.com" />
+	<target host="seminar.jp.fujitsu.com" />
+	<target host="pr.fujitsu.com" />
+	<target host="scansnap.fujitsu.com" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Fukuchi.org.xml b/src/chrome/content/rules/Fukuchi.org.xml
index 05d6920d0df3..a37a3f01e7d5 100644
--- a/src/chrome/content/rules/Fukuchi.org.xml
+++ b/src/chrome/content/rules/Fukuchi.org.xml
@@ -13,4 +13,4 @@
 	<rule from="^http://(?:www\.)?fukuchi\.org/"
 		to="https://fukuchi.org/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Fulcrum_Biometrics.xml b/src/chrome/content/rules/Fulcrum_Biometrics.xml
index b3c46c9dddc0..dc63680fa875 100644
--- a/src/chrome/content/rules/Fulcrum_Biometrics.xml
+++ b/src/chrome/content/rules/Fulcrum_Biometrics.xml
@@ -11,7 +11,6 @@
 	<securecookie host="^(?:www\.)?fulcrumbiometrics\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?fulcrumbiometrics\.com/"
-		to="https://$1fulcrumbiometrics.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Full-Circle-Studies.xml b/src/chrome/content/rules/Full-Circle-Studies.xml
index a67b32bc1401..f18a35b03942 100644
--- a/src/chrome/content/rules/Full-Circle-Studies.xml
+++ b/src/chrome/content/rules/Full-Circle-Studies.xml
@@ -4,15 +4,27 @@
 		- ScorecardResearch.com.xml
 		- SecureStudies.com.xml
 
+
+	Insecure cookies are set for these hosts:
+
+		- fullcirclestudies.com
+		- www.fullcirclestudies.com
+
 -->
-<ruleset name="Full Circle Studies (partial)">
+<ruleset name="Full Circle Studies.com (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="fullcirclestudies.com"/>
 	<target host="www.fullcirclestudies.com"/>
 
-	<securecookie host="^(.*\.)?fullcirclestudies\.com$" name=".*"/>
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?fullcirclestudies\.com$" name="^CSCompanyWebSession$" /-->
+
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(?:www\.)?fullcirclestudies\.com/"
-		to="https://www.fullcirclestudies.com/"/>
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/FullContact.com.xml b/src/chrome/content/rules/FullContact.com.xml
new file mode 100644
index 000000000000..571e0e2099cb
--- /dev/null
+++ b/src/chrome/content/rules/FullContact.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="FullContact.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="fullcontact.com" />
+	<target host="static-cdn.fullcontact.com" />
+	<target host="www.fullcontact.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/FullSlate.xml b/src/chrome/content/rules/FullSlate.xml
new file mode 100644
index 000000000000..13eeaa03f2d6
--- /dev/null
+++ b/src/chrome/content/rules/FullSlate.xml
@@ -0,0 +1,17 @@
+<ruleset name="Full Slate">
+	<target host="fullslate.com" />
+	<target host="*.fullslate.com" />
+
+	<test url="http://www.fullslate.com/" />
+	<test url="http://app.fullslate.com/" />
+	<test url="http://dudamobile.fullslate.com/" />
+	<test url="http://touchofenergy.fullslate.com/" />
+
+	<exclusion pattern="^http://blog\.fullslate\.com/" />
+		<test url="http://blog.fullslate.com/" />
+	<exclusion pattern="^http://support\.fullslate\.com/" />
+		<test url="http://support.fullslate.com/" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/FullStory.com.xml b/src/chrome/content/rules/FullStory.com.xml
new file mode 100644
index 000000000000..01c373061bc0
--- /dev/null
+++ b/src/chrome/content/rules/FullStory.com.xml
@@ -0,0 +1,37 @@
+<!--
+	Nonfunctional hosts in *fullstory.com:
+
+		- blog *
+
+	* Refused
+
+
+	Problematic hosts in *fullstory.com:
+
+		- help *
+
+	* Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- help.fullstory.com
+
+-->
+<ruleset name="FullStory.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="fullstory.com" />
+	<target host="www.fullstory.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^help\.fullstory\.com$" name="^(?:_session_id|current_user_language)$" /-->
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/FullTraffic.xml b/src/chrome/content/rules/FullTraffic.xml
index 260a057a2729..f3769a191141 100644
--- a/src/chrome/content/rules/FullTraffic.xml
+++ b/src/chrome/content/rules/FullTraffic.xml
@@ -5,11 +5,11 @@
 <ruleset name="FullTraffic (partial)">
 
 	<target host="fulltraffic.net" />
-	<target host="*.fulltraffic.net" />
+	<target host="static.fulltraffic.net" />
+	<target host="www.fulltraffic.net" />
 		<exclusion pattern="^http://(?:www\.)?fulltraffic\.net/(?!(?:cart|create_account|login)(?:$|\?))" />
 
 
-	<rule from="^http://(static\.|www\.)?fulltraffic\.net/"
-		to="https://$1fulltraffic.net/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Full_Signal.xml b/src/chrome/content/rules/Full_Signal.xml
index cb1348de2570..bcba7564f327 100644
--- a/src/chrome/content/rules/Full_Signal.xml
+++ b/src/chrome/content/rules/Full_Signal.xml
@@ -16,7 +16,6 @@
 	<target host="static.thefullsignal.com" />
 
 
-	<rule from="^https?://static\.thefullsignal\.com/"
-		to="https://d1jy4z176wg3x.cloudfront.net/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Fullerton.edu.xml b/src/chrome/content/rules/Fullerton.edu.xml
index 8ecc3a6e038c..75e3f5aa25f7 100644
--- a/src/chrome/content/rules/Fullerton.edu.xml
+++ b/src/chrome/content/rules/Fullerton.edu.xml
@@ -1,4 +1,6 @@
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://fullerton.edu/ => https://fullerton.edu/: (51, "SSL: no alternative certificate subject name matches target host name 'fullerton.edu'")
 	California State University, Fullerton
 
 
@@ -87,16 +89,36 @@
 <ruleset name="Fullerton.edu (partial)">
 
 	<target host="fullerton.edu" />
-	<target host="*.fullerton.edu" />
+	<target host="business.fullerton.edu" />
+	<target host="www.business.fullerton.edu" />
+	<target host="calstate.fullerton.edu" />
+	<target host="csuftraining.fullerton.edu" />
+	<target host="diversity.fullerton.edu" />
+	<target host="ehis.fullerton.edu" />
+	<target host="ehs.fullerton.edu" />
+	<target host="exchange.fullerton.edu" />
+	<target host="finance.fullerton.edu" />
+	<target host="giving.fullerton.edu" />
+	<target host="hr.fullerton.edu" />
+	<target host="library.fullerton.edu" />
+	<target host="www.library.fullerton.edu" />
+	<target host="my.fullerton.edu" />
+	<target host="parking.fullerton.edu" />
+	<target host="police.fullerton.edu" />
+	<target host="pp.fullerton.edu" />
+	<target host="riskmanagement.fullerton.edu" />
+	<target host="training.fullerton.edu" />
+	<target host="vpait.fullerton.edu" />
+	<target host="www.fullerton.edu" />
+	<target host="rmehs.fullerton.edu" />
 
 
 	<securecookie host="^(?:(?:calstate|diversity|ehis|ehs|exchange|finance|hr|my|parking|police|riskmanagement|training|vpait|www)\.)?fullerton\.edu$" name=".+" />
 
 
-	<rule from="^http://((?:(?:www\.)?business|calstate|csuftraining|diversity|ehis|ehs|exchange|finance|giving|hr|(?:www\.)?library|my|parking|police|pp|riskmanagement|training|vpait|www)\.)?fullerton\.edu/"
-		to="https://$1fullerton.edu/" />
 
 	<rule from="^http://rmehs\.fullerton\.edu/"
 		to="https://ehis.fullerton.edu/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Fullrate.xml b/src/chrome/content/rules/Fullrate.xml
index 0b9dd33f0b41..b20a99143127 100644
--- a/src/chrome/content/rules/Fullrate.xml
+++ b/src/chrome/content/rules/Fullrate.xml
@@ -1,19 +1,8 @@
-<!--
-	Problematic subdomains:
-
-		- forum		(self-signed)
-
--->
-<ruleset name="Fullrate (partial)">
-
+<ruleset name="Fullrate">
 	<target host="fullrate.dk" />
 	<target host="www.fullrate.dk" />
+	<target host="forum.fullrate.dk" />
 
-
-	<securecookie host="^www\.fullrate\.dk$" name=".+" />
-
-
-	<rule from="^http://(www\.)?fullrate\.dk/"
-		to="https://$1fullrate.dk/" />
-
-</ruleset>
\ No newline at end of file
+	<rule from="^http://(www\.)?fullrate\.dk/" to="https://www.fullrate.dk/"/>
+	<rule from="^http://forum\.fullrate\.dk/" to="https://forum.fullrate.dk/"/>
+</ruleset>
diff --git a/src/chrome/content/rules/FundRazr.com.xml b/src/chrome/content/rules/FundRazr.com.xml
new file mode 100644
index 000000000000..ec5ff8251e02
--- /dev/null
+++ b/src/chrome/content/rules/FundRazr.com.xml
@@ -0,0 +1,45 @@
+<!--
+	CDN buckets:
+
+		- s3.amazonaws.com/fundrazr-platform/
+
+
+	Nonfunctional subdomains:
+
+		- blog ¹
+		- business ¹
+		- support ²
+
+	¹ Redirects to http, valid cert
+	² zendesk
+
+
+	Fully covered subdomains:
+
+		- (www.)
+		- poweredby
+
+-->
+<ruleset name="FundRazr.com (partial)">
+
+	<target host="fundrazr.com" />
+	<target host="poweredby.fundrazr.com" />
+	<target host="www.fundrazr.com" />
+	<target host="support.fundrazr.com" />
+
+
+	<!--	Some, but not all, secured by server:
+							-->
+	<securecookie host="^(?:www\.)?fundrazr\.com$" name=".+" />
+
+
+	<rule from="^http://(poweredby\.|www\.)?fundrazr\.com/"
+		to="https://$1fundrazr.com/" />
+
+	<!--	Most (all?) other resources loaded from
+		^fndrazr.com or zendesk cdn:
+						-->
+	<rule from="^http://support\.fundrazr\.com/favicon\.ico"
+		to="https://fundrazr.zendesk.com/favicon.ico" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/FundaGeek.xml b/src/chrome/content/rules/FundaGeek.xml
index ef650e02eb00..0e5ad66266e4 100644
--- a/src/chrome/content/rules/FundaGeek.xml
+++ b/src/chrome/content/rules/FundaGeek.xml
@@ -1,10 +1,24 @@
+<!--
+	Nonfunctional subdomains:
+
+		- mail *
+
+	* Refused
+
+
+	(www.)?: Refused
+
+-->
 <ruleset name="FundaGeek (partial)">
 
 	<target host="*.fundageek.com"/>
 
-	<securecookie host="^(mail|www)\.fundageek\.com$" name=".*"/>
+	<!--	Redirect keeps path but not args:
+							-->
+	<rule from="^http://(?:www\.)?fundageek\.com/+([^?]*).*"
+		to="https://gogetfunding.com/$1"/>
 
-	<rule from="^http://(mail\.|www\.)?fundageek\.com/"
-		to="https://$1fundageek.com/"/>
+	<!--rule from="^http://mail\.fundageek\.com/"
+		to="https://mail.fundageek.com/"/-->
 
 </ruleset>
diff --git a/src/chrome/content/rules/Fundacion_Televisa.org.xml b/src/chrome/content/rules/Fundacion_Televisa.org.xml
index 9352cb3e402e..5e70d0650e7a 100644
--- a/src/chrome/content/rules/Fundacion_Televisa.org.xml
+++ b/src/chrome/content/rules/Fundacion_Televisa.org.xml
@@ -1,4 +1,5 @@
 <!--
+
 	Mixed content:
 
 		- css on www from www *
@@ -13,13 +14,12 @@
 <ruleset name="Fundacion Televisa.org (false MCB)" platform="mixedcontent">
 
 	<target host="fundaciontelevisa.org" />
-	<target host="*.fundaciontelevisa.org" />
+	<target host="www.fundaciontelevisa.org" />
 
 
 	<securecookie host="^\.fundaciontelevisa\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?fundaciontelevisa\.org/"
-		to="https://$1fundaciontelevisa.org/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/FundersClub.com.xml b/src/chrome/content/rules/FundersClub.com.xml
new file mode 100644
index 000000000000..435a495358e9
--- /dev/null
+++ b/src/chrome/content/rules/FundersClub.com.xml
@@ -0,0 +1,16 @@
+<ruleset name="FundersClub.com">
+
+	<target host="fundersclub.com" />
+	<target host="www.fundersclub.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^fundersclub\.com$" name="^(csrftoken|sessionid)$" /-->
+
+	<securecookie host="^fundersclub\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Fundinfo.com.xml b/src/chrome/content/rules/Fundinfo.com.xml
new file mode 100644
index 000000000000..c2f018068c95
--- /dev/null
+++ b/src/chrome/content/rules/Fundinfo.com.xml
@@ -0,0 +1,38 @@
+<!--
+	Invalid certificate:
+		blob.fundinfo.com
+
+	No working URL known:
+		meet.fundinfo.com
+		ucweb.fundinfo.com
+
+	Login required:
+		microsites.fundinfo.com
+
+	Different content HTTP/HTTPS:
+		tv.fundinfo.com
+
+-->
+<ruleset name="fundinfo.com">
+
+	<target host="fundinfo.com" />
+	<target host="www.fundinfo.com" />
+	<target host="about.fundinfo.com" />
+	<target host="api.fundinfo.com" />
+	<target host="datafeed.fundinfo.com" />
+	<target host="datahub.fundinfo.com" />
+	<target host="digital.fundinfo.com" />
+	<target host="ftpwebclient.fundinfo.com" />
+	<target host="gateway.fundinfo.com" />
+	<target host="kiid.fundinfo.com" />
+	<target host="media.fundinfo.com" />
+		<test url="http://media.fundinfo.com/design/css/jquery-ui/jquery-ui-1.8.16.custom.css" />
+	<target host="mobile.fundinfo.com" />
+	<target host="paperboy.fundinfo.com" />
+	<target host="trendscout.fundinfo.com" />
+	<target host="validate.fundinfo.com" />
+	<target host="web.fundinfo.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Funet.fi.xml b/src/chrome/content/rules/Funet.fi.xml
new file mode 100644
index 000000000000..aa36054b25ec
--- /dev/null
+++ b/src/chrome/content/rules/Funet.fi.xml
@@ -0,0 +1,17 @@
+<ruleset name="funet.fi">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.funet.fi" />
+	<target host="haka.funet.fi" />
+	<target host="haka-ds.funet.fi" />
+	<target host="nic.funet.fi" />
+	<target host="www.nic.funet.fi" />
+	<target host="ftp.funet.fi" />
+	<target host="www.ftp.funet.fi" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Funio.com.xml b/src/chrome/content/rules/Funio.com.xml
new file mode 100644
index 000000000000..b8aaacd0630e
--- /dev/null
+++ b/src/chrome/content/rules/Funio.com.xml
@@ -0,0 +1,46 @@
+<!--
+	Problematic hosts in *funio.com:
+
+		- blog *
+
+	* Blocks Tor users
+
+
+	Fully covered hosts in *funio.com:
+
+		- (www.)?
+		- hub
+		- secure
+
+
+	Insecure cookies are set for these domains:
+
+		- .funio.com
+		- .dns.funio.com
+		- .hub.funio.com
+		- .kb.funio.com
+		- .secure.funio.com
+
+-->
+<ruleset name="Funio.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="funio.com" />
+	<target host="hub.funio.com" />
+	<target host="secure.funio.com" />
+	<target host="www.funio.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.funio\.com$" name="^(_srvFEP|PHPSESSID|hub_lang)$" /-->
+	<!--securecookie host="^\.(dns|hub|kb|secure)\.funio\.com$" name="^hub_lang$" /-->
+
+	<securecookie host="^\.(?:hub\.|secure\.)?funio\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Funker530.com.xml b/src/chrome/content/rules/Funker530.com.xml
new file mode 100644
index 000000000000..1bbe6c9c3a34
--- /dev/null
+++ b/src/chrome/content/rules/Funker530.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="Funker530.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="funker530.com" />
+	<target host="www.funker530.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Funky_Android.com.xml b/src/chrome/content/rules/Funky_Android.com.xml
index ab555fa3c982..d72b7d44b4be 100644
--- a/src/chrome/content/rules/Funky_Android.com.xml
+++ b/src/chrome/content/rules/Funky_Android.com.xml
@@ -1,8 +1,20 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://funkyandroid.com/ => https://funkyandroid.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.funkyandroid.com/ => https://funkyandroid.com/: (28, 'Connection timed out after 20000 milliseconds')
+
+-->
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://funkyandroid.com/ => https://funkyandroid.com/: (51, "SSL: no alternative certificate subject name matches target host name 'funkyandroid.com'")
+Fetch error: http://www.funkyandroid.com/ => https://funkyandroid.com/: (51, "SSL: no alternative certificate subject name matches target host name 'funkyandroid.com'")
+
 	Cert only matches ^funkyandroid.com
 
 -->
-<ruleset name="Funky Android.com">
+<ruleset name="Funky Android.com" default_off="failed ruleset test">
 
 	<target host="funkyandroid.com" />
 	<target host="www.funkyandroid.com" />
diff --git a/src/chrome/content/rules/Funstockdigital.co.uk.xml b/src/chrome/content/rules/Funstockdigital.co.uk.xml
new file mode 100644
index 000000000000..e6b014da0ee2
--- /dev/null
+++ b/src/chrome/content/rules/Funstockdigital.co.uk.xml
@@ -0,0 +1,6 @@
+<ruleset name="Funstockdigital.co.uk">
+  <target host="funstockdigital.co.uk" />
+  <target host="www.funstockdigital.co.uk" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Funtoo.org.xml b/src/chrome/content/rules/Funtoo.org.xml
new file mode 100644
index 000000000000..7dfc100e9a99
--- /dev/null
+++ b/src/chrome/content/rules/Funtoo.org.xml
@@ -0,0 +1,30 @@
+<!--
+	Nonfunctional subdomains:
+
+		- (www.) *
+		- forums *
+		- git *
+
+	* Refused
+
+
+	Insecure cookies are set for these domains:
+
+		- bugs.funtoo.org
+
+-->
+<ruleset name="Funtoo.org (partial)">
+
+	<target host="bugs.funtoo.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^bugs\.funtoo\.org$" name="^(JSESSIONID|atlassian\.xsrf\.token)$" /-->
+
+	<securecookie host="^bugs\.funtoo\.org$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Furaffinity.xml b/src/chrome/content/rules/Furaffinity.xml
index f16ac8cb010b..8a4c368bf315 100644
--- a/src/chrome/content/rules/Furaffinity.xml
+++ b/src/chrome/content/rules/Furaffinity.xml
@@ -1,14 +1,30 @@
-<ruleset name="Furaffinity">
-  <target host="furaffinity.net" />
-  <target host="www.furaffinity.net" />
-  <target host="sfw.furaffinity.net" />
-  <target host="ox.furaffinity.net" />
-  <target host="d.facdn.net" />
-
-  <securecookie host="^(www|sfw|ox|)\.furaffinity\.net$" name=".+" />
-
-  <rule from="^http://(www\.)?furaffinity\.net/" to="https://www.furaffinity.net/" />
-  <rule from="^http://sfw\.furaffinity\.net/" to="https://sfw.furaffinity.net/" />
-  <rule from="^http://ox\.furaffinity\.net/" to="https://ox.furaffinity.net/" />
-  <rule from="^http://d\.facdn\.net/" to="https://d.facdn.net/" />
+<!--
+	Nonfunctional subdomains:
+
+		- help *
+
+	* Redirects to www.web-site-scripts.com; mismatched, CN: *.host4kb.com
+
+-->
+<ruleset name="Furaffinity (partial)">
+
+	<target host="d.facdn.net" />
+	<target host="t.facdn.net" />
+	<target host="furaffinity.net" />
+	<target host="forums.furaffinity.net" />
+	<target host="ox.furaffinity.net" />
+	<target host="sfw.furaffinity.net" />
+	<target host="www.furaffinity.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.furaffinity.net$" name="^b$" /-->
+	<!--securecookie host="^forums\.furaffinity.net$" name="^bb_sessionhash$" /-->
+
+	<securecookie host="^(?:forums|ox|sfw|www)?\.furaffinity\.net$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/Furqan.co.xml b/src/chrome/content/rules/Furqan.co.xml
new file mode 100644
index 000000000000..957804de7c51
--- /dev/null
+++ b/src/chrome/content/rules/Furqan.co.xml
@@ -0,0 +1,8 @@
+<ruleset name="Furqan.co">
+	<target host="furqan.co" />
+	<target host="www.furqan.co" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Furry.ch.xml b/src/chrome/content/rules/Furry.ch.xml
new file mode 100644
index 000000000000..ea4c6ecb8344
--- /dev/null
+++ b/src/chrome/content/rules/Furry.ch.xml
@@ -0,0 +1,9 @@
+<ruleset name="Furry.ch">
+	<target host="furry.ch" />
+	<target host="www.furry.ch" />
+	<target host="glc.furry.ch" />
+
+    <securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Further.xml b/src/chrome/content/rules/Further.xml
index ab37183b39bf..105d846b96c3 100644
--- a/src/chrome/content/rules/Further.xml
+++ b/src/chrome/content/rules/Further.xml
@@ -7,13 +7,13 @@
 <ruleset name="Further">
 
 	<target host="further.co.uk" />
-	<target host="*.further.co.uk" />
+	<target host="www.further.co.uk" />
 
 
 	<securecookie host="^(?:www)?\.further\.co\.uk$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?further\.co\.uk/"
+	<rule from="^http://(?:www\.)?further\.co\.uk/"
 		to="https://www.further.co.uk/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Fuscia.info.xml b/src/chrome/content/rules/Fuscia.info.xml
deleted file mode 100644
index 144fc66989aa..000000000000
--- a/src/chrome/content/rules/Fuscia.info.xml
+++ /dev/null
@@ -1,30 +0,0 @@
-<!--
-	Problematic subdomains:
-
-		- www	(cert only matches ^fuscia.info)
-
-
-	Mixed content:
-
-		- Images, on ^ from:
-
-			- ^ *
-			- fuscia.inrialpes.fr **
-
-	* Secured by us
-	** Unsecurable
-
--->
-<ruleset name="fuscia.info">
-
-	<target host="fuscia.info" />
-	<target host="www.fuscia.info" />
-
-
-	<securecookie host="^fuscia\.info$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?fuscia\.info/"
-		to="https://fuscia.info/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Fused.xml b/src/chrome/content/rules/Fused.xml
index 1da93ac93866..2608c1828a64 100644
--- a/src/chrome/content/rules/Fused.xml
+++ b/src/chrome/content/rules/Fused.xml
@@ -1,13 +1,39 @@
-<ruleset name="Fused (partial)">
+<!--
+	Fully covered subdomains:
+
+		- (www.)
+		- clients
+
+		- s\d+:
+
+			- s7
+			- s1[56]
+
+		- soapbox
+		- support
+
+
+	Mixed content:
+
+		- favicon on www from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Fused">
 
 	<target host="fused.com" />
 	<target host="*.fused.com" />
 
 
-	<securecookie host="^support\.fused\.com$" name=".+" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^clients\.fused\.com$" name="^WHMCS\w+$" /-->
+
+	<securecookie host="^(?:clients|support)\.fused\.com$" name=".+" />
 
 
-	<rule from="^http://((?:s7|s16|support|www)\.)?fused\.com/"
+	<rule from="^http://((?:clients|s\d+|soapbox|support|www)\.)?fused\.com/"
 		to="https://$1fused.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Fusion-lifestyle.com.xml b/src/chrome/content/rules/Fusion-lifestyle.com.xml
new file mode 100644
index 000000000000..970e9b395968
--- /dev/null
+++ b/src/chrome/content/rules/Fusion-lifestyle.com.xml
@@ -0,0 +1,13 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://fusion-lifestyle.com/ => https://www.fusion-lifestyle.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.fusion-lifestyle.com/ => https://www.fusion-lifestyle.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+-->
+<ruleset name="Fusion-lifestyle.com" default_off="failed ruleset test">
+  <target host="fusion-lifestyle.com" />
+  <target host="www.fusion-lifestyle.com" />
+
+  <rule from="^http://(www\.)?fusion-lifestyle\.com/" to="https://www.fusion-lifestyle.com/" />
+</ruleset>
diff --git a/src/chrome/content/rules/FusionForge.xml b/src/chrome/content/rules/FusionForge.xml
index c5ef0621e7b4..fa7af5753a60 100644
--- a/src/chrome/content/rules/FusionForge.xml
+++ b/src/chrome/content/rules/FusionForge.xml
@@ -1,11 +1,13 @@
-<ruleset name="FusionForge">
+<ruleset name="FusionForge.org">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="fusionforge.org"/>
-	<target host="*.fusionforge.org"/>
+	<target host="www.fusionforge.org"/>
 
-	<securecookie host="^(.*\.)?fusionforge.org$" name=".*"/>
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(www\.)?fusionforge\.org/"
-		to="https://$1fusionforge.org/"/>
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/FusionIO.xml b/src/chrome/content/rules/FusionIO.xml
index c1c4884cc210..4d99096908d2 100644
--- a/src/chrome/content/rules/FusionIO.xml
+++ b/src/chrome/content/rules/FusionIO.xml
@@ -1,13 +1,22 @@
-<ruleset name="FusionIO">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://fusionio.com/ => https://fusionio.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+-->
+<ruleset name="FusionIO" default_off="failed ruleset test">
 
 	<target host="fusionio.com" />
-	<target host="*.fusionio.com" />
+	<target host="quote.fusionio.com" />
+	<target host="support.fusionio.com" />
+	<target host="mail.fusionio.com" />
+	<target host="webmail.fusionio.com" />
+	<target host="www.fusionio.com" />
 
 
-	<securecookie host="^(.*\.)?fusionio\.com$" name=".*" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://((?:quote|support|(?:web)?mail|www)\.)?fusionio\.com/"
-		to="https://$1fusionio.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/FusionNet.xml b/src/chrome/content/rules/FusionNet.xml
deleted file mode 100644
index ed3c19fa7d71..000000000000
--- a/src/chrome/content/rules/FusionNet.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="FusionNet" platform="mixedcontent">
-  <target host="fusion-net.co.uk" />
-  <target host="www.fusion-net.co.uk" />
-
-  <securecookie host="^(.+\.)?fusion-net.co.uk$" name=".*"/>
-
-  <rule from="^http://fusion-net\.co\.uk/" to="https://fusion-net.co.uk/"/>
-  <rule from="^http://www\.fusion-net\.co\.uk/" to="https://www.fusion-net.co.uk/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/Fusion_Digital.io.xml b/src/chrome/content/rules/Fusion_Digital.io.xml
new file mode 100644
index 000000000000..3616f97f2833
--- /dev/null
+++ b/src/chrome/content/rules/Fusion_Digital.io.xml
@@ -0,0 +1,18 @@
+<!--
+	For other Medium coverage, see Medium.xml.
+
+
+	(www.)?fusiondigital.io: Shows invoice.psx360.com
+
+-->
+<ruleset name="Fusion Digital.io (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="blog.fusiondigital.io" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Fuskator.com.xml b/src/chrome/content/rules/Fuskator.com.xml
new file mode 100644
index 000000000000..85651b74a759
--- /dev/null
+++ b/src/chrome/content/rules/Fuskator.com.xml
@@ -0,0 +1,23 @@
+<!--
+	Invalid certificate:
+		mail.fuskator.com
+-->
+<ruleset name="Fuskator.com">
+	<target host="fuskator.com" />
+	<target host="www.fuskator.com" />
+	<target host="i1.fuskator.com" />
+	<target host="i2.fuskator.com" />
+	<target host="i3.fuskator.com" />
+	<target host="i4.fuskator.com" />
+	<target host="i5.fuskator.com" />
+	<target host="i6.fuskator.com" />
+	<target host="i7.fuskator.com" />
+	<target host="i8.fuskator.com" />
+  	<target host="i9.fuskator.com" />
+	<target host="images.fuskator.com" />
+	<target host="imgsrv.fuskator.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Fust.ch.xml b/src/chrome/content/rules/Fust.ch.xml
new file mode 100644
index 000000000000..59aa6529fd8b
--- /dev/null
+++ b/src/chrome/content/rules/Fust.ch.xml
@@ -0,0 +1,38 @@
+<!--
+	For related rules, see Coop.ch.xml
+
+
+	Invalid certificate:
+		academy.fust.ch
+		www.academy.fust.ch
+		www.bad.fust.ch
+		cuisines.fust.ch
+		files.fust.ch (broken chain)
+		kuechen.fust.ch
+		www.kuechen.fust.ch
+		shop.fust.ch
+
+	No working URL known:
+		transfer.fust.ch
+		webservice.fust.ch
+
+	Login required:
+		umfragen.fust.ch
+		xenlogin.fust.ch
+
+-->
+<ruleset name="Fust.ch">
+
+	<target host="fust.ch" />
+	<target host="www.fust.ch" />
+	<target host="blog.fust.ch" />
+	<target host="www.blog.fust.ch" />
+<!--	<target host="files.fust.ch" />
+			<test url="http://files.fust.ch/prospekte/" /> -->
+	<target host="m.fust.ch" />
+	<target host="webservice.fust.ch" />
+		<test url="http://webservice.fust.ch/register_user?email=foo@bar" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Futura-Sciences.com.xml b/src/chrome/content/rules/Futura-Sciences.com.xml
new file mode 100644
index 000000000000..3c455785906e
--- /dev/null
+++ b/src/chrome/content/rules/Futura-Sciences.com.xml
@@ -0,0 +1,18 @@
+<!--
+	Invalid Certificate:
+		futura-sciences.com
+		astro2009.futura-sciences.com
+		emploi.futura-sciences.com
+-->
+<ruleset name="Futura-Sciences.com">
+	<target host="futura-sciences.com" />
+	<target host="www.futura-sciences.com" />
+	<target host="blogs.futura-sciences.com" />
+	<target host="forums.futura-sciences.com" />
+	<target host="fr.cdn.v5.futura-sciences.com" />
+		<test url="http://fr.cdn.v5.futura-sciences.com/builds/pdf/dossier/0-999/366-turbocodes.pdf" />
+
+	<rule from="^http://futura-sciences\.com/" to="https://www.futura-sciences.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Future-Publishing-mismatches.xml b/src/chrome/content/rules/Future-Publishing-mismatches.xml
index 7832175e651f..aa201f01f8ef 100644
--- a/src/chrome/content/rules/Future-Publishing-mismatches.xml
+++ b/src/chrome/content/rules/Future-Publishing-mismatches.xml
@@ -8,7 +8,6 @@
 	<target host="prg.gamesradar.com" />
 
 
-	<rule from="^http://prg\.(computerandvideogames|gamesradar)\.com/"
-		to="https://prg.$1.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Future-Publishing.xml b/src/chrome/content/rules/Future-Publishing.xml
deleted file mode 100644
index ae987002c395..000000000000
--- a/src/chrome/content/rules/Future-Publishing.xml
+++ /dev/null
@@ -1,48 +0,0 @@
-<!--
-	For problematic rules, see Future-Publishing-mismatches.xml.
-
-
-	CDN buckets:
-
-		- cdn.futurepublishing.c.footprint.net
-
-			- cdn.medialib.computerandvideogames.com
-
-		- cdn.medialib.oxm.co.uk.c.footprint.net
-		- cdn.static.oxm.co.uk.c.footprint.net
-
-
-	Problematic domains:
-
-		- computerandvideogames.com *
-		- prg.computerandvideogames.com **
-		- cdn.static.computerandvideogames.com *
-		- prg.gamesradar.com **
-
-	* Times out
-	** Akamai
-
-
-	Nonfunctional domains:
-
-		- medialib.computerandvideogames.com		(data identical to cdn)
-		- cdn.medialib.computerandvideogames.com	(times out, data not on www.../(medialib|templates)/)
-		- medialib.oxm.co.uk *
-		- static.oxm.co.uk *
-
-	* Redirects to computerandvideogames.com; mismatched, CN: www.computerandvideogames.com
-
--->
-<ruleset name="Future Publishing (partial)">
-
-	<target host="computerandvideogames.com" />
-	<target host="*.computerandvideogames.com" />
-
-
-	<rule from="^http://(?:www\.)?computerandvideogames\.com/(reg|templates)/"
-		to="https://www.computerandvideogames.com/$1/" />
-
-	<rule from="^http://(?:cdn\.)?static\.computerandvideogames\.com/"
-		to="https://www.computerandvideogames.com/templates/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/FutureLearn.com.xml b/src/chrome/content/rules/FutureLearn.com.xml
new file mode 100644
index 000000000000..5055ca9f6161
--- /dev/null
+++ b/src/chrome/content/rules/FutureLearn.com.xml
@@ -0,0 +1,23 @@
+<!--
+	Observed cookie domains:
+
+		- . ¹
+		- www ²
+
+	¹ Secured by us
+	² Some secured by server, the rest by us
+
+-->
+<ruleset name="FutureLearn.com">
+
+	<target host="futurelearn.com" />
+	<target host="ugc.futurelearn.com" />
+	<target host="www.futurelearn.com" />
+
+
+	<securecookie host="^(?:www)?\.futurelearn\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/FutureQuest.net.xml b/src/chrome/content/rules/FutureQuest.net.xml
index 22734b63c196..b735e798a6aa 100644
--- a/src/chrome/content/rules/FutureQuest.net.xml
+++ b/src/chrome/content/rules/FutureQuest.net.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.service.futurequest.net/ => https://www.service.futurequest.net/: (51, "SSL: no alternative certificate subject name matches target host name 'www.service.futurequest.net'")
+
 	Nonfunctional domains:
 
 		- (www.)futurequest.net
@@ -11,10 +15,9 @@
 		- (www.)questadmin.net		(shows secure, mismatched)
 
 -->
-<ruleset name="FutureQuest (partial)">
+<ruleset name="FutureQuest (partial)" default_off="failed ruleset test">
 
 	<target host="*.futurequest.net" />
-	<target host="www.service.futurequest.net" />
 	<target host="questadmin.net" />
 	<target host="*.questadmin.net" />
 
@@ -25,7 +28,7 @@
 	<rule from="^http://(www\.)?se(cur|rvic)e\.futurequest\.net/"
 		to="https://$1se$2e.futurequest.net/" />
 
-	<rule from="^https?://(?:www\.)?questadmin\.net/(?:$|\?.*)"
+	<rule from="^http://(?:www\.)?questadmin\.net/(?:$|\?.*)"
 		to="https://secure.questadmin.net/cgi-ssl/mgr.py/login" />
 
 	<rule from="^http://secure\.questadmin\.net/"
diff --git a/src/chrome/content/rules/Futureboy.us.xml b/src/chrome/content/rules/Futureboy.us.xml
new file mode 100644
index 000000000000..1c4fd02b9b2d
--- /dev/null
+++ b/src/chrome/content/rules/Futureboy.us.xml
@@ -0,0 +1,10 @@
+<ruleset name="futureboy.us">
+
+	<target host="futureboy.us" />
+	<target host="www.futureboy.us" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Futurity.org.xml b/src/chrome/content/rules/Futurity.org.xml
index 2ac278edffaf..60aba807580f 100644
--- a/src/chrome/content/rules/Futurity.org.xml
+++ b/src/chrome/content/rules/Futurity.org.xml
@@ -1,14 +1,7 @@
-<!--
-	!www: cert only matches www
-
--->
-<ruleset name="Futurity.org">
-
+<ruleset name="Futurity.org" default_off="http redirect">
 	<target host="futurity.org" />
 	<target host="www.futurity.org" />
 
-
-	<rule from="^http://(?:www\.)?futurity\.org/"
-		to="https://www.futurity.org/" />
-
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Fw.to.xml b/src/chrome/content/rules/Fw.to.xml
new file mode 100644
index 000000000000..ec28f7d1c97f
--- /dev/null
+++ b/src/chrome/content/rules/Fw.to.xml
@@ -0,0 +1,23 @@
+<!--
+	For other Gigya coverage, see Gigya.xml.
+
+
+	Problematic hosts:
+
+		- fw.to *
+
+	* Mismatched
+
+
+	www doesn't exist.
+
+-->
+<ruleset name="fw.to" default_off="mismatched">
+
+	<target host="fw.to" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Fwdcdn.com.xml b/src/chrome/content/rules/Fwdcdn.com.xml
new file mode 100644
index 000000000000..58f5f2e41d3e
--- /dev/null
+++ b/src/chrome/content/rules/Fwdcdn.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="fwdcdn.com">
+
+	<target host="*.fwdcdn.com" />
+
+
+	<rule from="^http://([\w-]+)\.fwdcdn\.com/"
+		to="https://$1.fwdcdn.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Fxguide.com.xml b/src/chrome/content/rules/Fxguide.com.xml
deleted file mode 100644
index 2f782c47b5be..000000000000
--- a/src/chrome/content/rules/Fxguide.com.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	Some pages redirect to http
-
--->
-<ruleset name="fxguide.com (partial)">
-
-	<target host="fxguide.com" />
-	<target host="*.fxguide.com" />
-		<exclusion pattern="^http://(?:www\.)?fxguide\.com/(?!(?:articles|contact|faq|insider|podcasts|quicktakes)(?:$|\?|/)|favicon\.ico|forums/(?:clientscript/||css\.php|images/)|wp-admin/|wp-content/|wp-login\.php)" />
-
-
-	<rule from="^http://(?:www\.)?fxguide\.com/wp-admin/"
-		to="https://ipa.fxguide.com/wp-admin/" />
-
-	<rule from="^http://(ipa\.|www\.)?fxguide\.com/"
-		to="https://$1fxguide.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Fxphd.xml b/src/chrome/content/rules/Fxphd.xml
index 89581c1f539e..ec275220ee7c 100644
--- a/src/chrome/content/rules/Fxphd.xml
+++ b/src/chrome/content/rules/Fxphd.xml
@@ -1,13 +1,12 @@
 <ruleset name="fxphd">
 
 	<target host="fxphd.com" />
-	<target host="*.fxphd.com" />
+	<target host="www.fxphd.com" />
 
 
 	<securecookie host="^(?:w*\.)?fxphd\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?fxphd\.com/"
-		to="https://$1fxphd.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Fylde.gov.uk.xml b/src/chrome/content/rules/Fylde.gov.uk.xml
new file mode 100644
index 000000000000..a2449aff8392
--- /dev/null
+++ b/src/chrome/content/rules/Fylde.gov.uk.xml
@@ -0,0 +1,30 @@
+<!--
+	Fylde Borough Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *fylde.gov.uk:
+
+		- extranet ᵈ
+		- m ᵃ
+		- www3 ᵈ
+		- www4 ᵈ
+
+	ᵃ Shows another domain
+	ᵈ Dropped
+
+-->
+<ruleset name="Fylde.gov.uk (partial)">
+
+	<target host="fylde.gov.uk" />
+	<target host="www.fylde.gov.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/G-Central.xml b/src/chrome/content/rules/G-Central.xml
deleted file mode 100644
index 9940771d0507..000000000000
--- a/src/chrome/content/rules/G-Central.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="G Central">
-
-	<target host="gcentral.biz" />
-	<target host="www.gcentral.biz" />
-
-
-	<rule from="^http://(www\.)?gcentral\.biz/"
-		to="https://$1gcentral.biz/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/G-Data-Software.xml b/src/chrome/content/rules/G-Data-Software.xml
new file mode 100644
index 000000000000..46f55be167a4
--- /dev/null
+++ b/src/chrome/content/rules/G-Data-Software.xml
@@ -0,0 +1,108 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.gdata.co.mx/ => https://www.gdata.co.mx/: (6, 'Could not resolve host: www.gdata.co.mx')
+
+
+	Other G Data Software rulesets:
+
+		- Security_Experten.com.xml
+
+
+	Nonfunctional domains:
+
+		- (www.)gdata.tw		(timeout)
+
+
+	Problematic domains:
+
+		- gdata.nl 				**
+		- gdata.pl				**
+		- (www.)gdatasoftware.be 		*
+		- gdata-software.com			(cert only matches www)
+		- (www.)gdatasoftware.com.br 		*
+		- (www.)gdatasoftware.in 		*
+		- (www.)gdatasoftware.mx 		*
+		- tr.gdatasoftware.com			redirects to sm.aresis.com.tr
+
+	* Mismatched, CN: www.gdata.de, www.gdata.at, www.gdata.be, www.gdata.ch, www.gdata.es, www.gdata.fr, www.gdata.it, www.gdata.nl, www.gdata.pt, www.gdatasoftware.co.uk
+	** Times out
+
+
+	Fully covered domains:
+
+		- (www.)gdata.at
+		- (www.)gdata.be
+		- (www.)gdata.ch
+		- (www.)gdata.co.jp
+		- (www.)gdata.com.mx
+		- (www.)gdata.de
+		- (www.)gdata.es
+		- (www.)gdata.fr
+		- (www.)gdata.it
+		- (www.)gdata.nl
+		- www.gdata.pl
+		- static.gdata.pl
+		- (www.)gdata.pt
+		- (www.)gdatasoftware.be	(→ www.gdata.be)
+		- (www.)gdatasoftware.co.uk
+
+		- gdatasoftware.com subdomains:
+
+			- (www.)
+			- br
+			- in
+			- jp
+			- mx
+			- public
+			- ru
+			- static
+			- statistic
+
+		- (www.)gdata-software.com	(^ → www)
+		- (www.)gdatasoftware.com.br	(→ br.gdatasoftware.com)
+		- (www.)gdatasoftware.in	(→ in.gdatasoftware.com)
+
+
+	Missing tw coverage => partial
+
+-->
+<ruleset name="G DATA Software (partial)" default_off="failed ruleset test">
+	<target host="gdata.at" />
+	<target host="www.gdata.at" />
+	<target host="gdata.be" />
+	<target host="www.gdata.be" />
+	<target host="gdata.ch" />
+	<target host="www.gdata.ch" />
+	<target host="gdata.co.jp" />
+	<target host="www.gdata.co.jp" />
+	<target host="gdata.com.mx" />
+	<target host="www.gdata.co.mx" />
+	<target host="gdata.de" />
+	<target host="www.gdata.de" />
+	<target host="gdata.es" />
+	<target host="www.gdata.es" />
+	<target host="gdata.fr" />
+	<target host="www.gdata.fr" />
+	<target host="gdata.it" />
+	<target host="www.gdata.it" />
+	<target host="gdata.nl" />
+	<target host="www.gdata.nl" />
+	<target host="*.gdata.pl" />
+	<target host="gdata.pt" />
+	<target host="www.gdata.pt" />
+	<target host="gdatasoftware.co.uk" />
+	<target host="www.gdatasoftware.co.uk" />
+	<target host="gdatasoftware.com" />
+	<target host="*.gdatasoftware.com" />
+	<target host="www.gdata-software.com" />
+
+	<securecookie host="^www\.gdata\.(at|be|co\.jp|com\.mx|ch|de|es|fr|it|nl|pl|pt)$" name=".+" />
+	<securecookie host="^www\.gdatasoftware\.co\.uk$" name=".+" />
+	<securecookie host="^(br|in|jp|mx|ru|www)\.gdatasoftware\.com$" name=".+" />
+	<securecookie host="^www\.gdata-software\.com$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/G10_Code.xml b/src/chrome/content/rules/G10_Code.xml
deleted file mode 100644
index 59981d1ad930..000000000000
--- a/src/chrome/content/rules/G10_Code.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- ftp
-
--->
-<ruleset name="g10 Code (partial)" default_off="mismatched, self-signed">
-
-	<target host="g10code.com" />
-	<target host="*.g10code.com" />
-
-
-	<rule from="^http://(?:www\.)?g10code\.com/"
-		to="https://g10code.com/" />
-
-	<rule from="^http://(bugs|kerckhoffs)\.g10code\.com/"
-		to="https://$1.g10code.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/G2_Crowd.com.xml b/src/chrome/content/rules/G2_Crowd.com.xml
new file mode 100644
index 000000000000..3bb3a018b4cf
--- /dev/null
+++ b/src/chrome/content/rules/G2_Crowd.com.xml
@@ -0,0 +1,44 @@
+<!--
+	Nonfunctional hosts in *g2crowd.com:
+
+		- about *
+
+	* Dropped
+
+
+	^g2crowd.com: Dropped
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.g2crowd.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="G2 Crowd.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.g2crowd.com" />
+
+	<!--	Complications:
+				-->
+	<target host="g2crowd.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.g2crowd\.com$$" name="^(?:_session_id|events_distinct_id)$" /-->
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://g2crowd\.com/"
+		to="https://www.g2crowd.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/G2a.com.xml b/src/chrome/content/rules/G2a.com.xml
new file mode 100644
index 000000000000..f2ec5156b88e
--- /dev/null
+++ b/src/chrome/content/rules/G2a.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="G2a.com">
+	<target host="g2a.com" />
+	<target host="www.g2a.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/G2play.net.xml b/src/chrome/content/rules/G2play.net.xml
new file mode 100644
index 000000000000..48a73be05438
--- /dev/null
+++ b/src/chrome/content/rules/G2play.net.xml
@@ -0,0 +1,6 @@
+<ruleset name="G2play.net">
+  <target host="g2play.net" />
+  <target host="www.g2play.net" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/G33kinfo.com.xml b/src/chrome/content/rules/G33kinfo.com.xml
new file mode 100644
index 000000000000..05892e5e6697
--- /dev/null
+++ b/src/chrome/content/rules/G33kinfo.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="G33kinfo.com">
+
+	<target host="g33kinfo.com" />
+	<target host="www.g33kinfo.com" />
+	<target host="mail.g33kinfo.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/G5.gov.xml b/src/chrome/content/rules/G5.gov.xml
deleted file mode 100644
index 76209016e24f..000000000000
--- a/src/chrome/content/rules/G5.gov.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="G5 - US Department of Education">
-	<target host="g5.gov" />
-	<target host="www.g5.gov" />
-
-	<securecookie host="(^|\.)g5\.gov$" name=".+" />
-
-	<rule from="^(http://(www\.)?|https://)g5\.gov/" to="https://www.g5.gov/" />
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/GAB.ai.xml b/src/chrome/content/rules/GAB.ai.xml
new file mode 100644
index 000000000000..f41f22287120
--- /dev/null
+++ b/src/chrome/content/rules/GAB.ai.xml
@@ -0,0 +1,18 @@
+<!--
+	Redirects to HTTP:
+		- shop
+-->
+
+<ruleset name="GAB.ai">
+	<target host="gab.ai" />
+	<target host="www.gab.ai" />
+	<target host="files.gab.ai" />
+	<target host="ipr.gab.ai" />
+	<target host="ipr2.gab.ai" />
+	<target host="tv.gab.ai" />
+	<target host="v2.gab.ai" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/GAC.edu.xml b/src/chrome/content/rules/GAC.edu.xml
new file mode 100644
index 000000000000..95b339d790e4
--- /dev/null
+++ b/src/chrome/content/rules/GAC.edu.xml
@@ -0,0 +1,28 @@
+<!--
+	For other Gustavus Adolphus College coverage, see Gustavus.edu.xml.
+
+
+	www.gac.edu: Mismatched
+
+-->
+<ruleset name="GAC.edu">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="gac.edu" />
+	<target host="static0.gac.edu" />
+	<target host="static1.gac.edu" />
+	<target host="static2.gac.edu" />
+
+	<!--	Complications:
+				-->
+	<target host="www.gac.edu" />
+
+
+	<rule from="^http://www\.gac\.edu/"
+		to="https://gac.edu/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GAIA_Host_Collective.xml b/src/chrome/content/rules/GAIA_Host_Collective.xml
index a7d0a4c7ab1f..dcca48c4f88f 100644
--- a/src/chrome/content/rules/GAIA_Host_Collective.xml
+++ b/src/chrome/content/rules/GAIA_Host_Collective.xml
@@ -1,13 +1,14 @@
 <ruleset name="GAIA Host Collective">
 
 	<target host="gaiahost.coop" />
-	<target host="*.gaiahost.coop" />
+	<target host="securehost4.gaiahost.coop" />
+	<target host="securemail2.gaiahost.coop" />
+	<target host="www.gaiahost.coop" />
 
 
-	<securecookie host="^(?:.+\.)?gaiahost\.coop$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://((?:securehost4|securemail2|www)\.)?gaiahost\.coop/"
-		to="https://$1gaiahost.coop/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/GAME.se.xml b/src/chrome/content/rules/GAME.se.xml
index d259dfb09069..c6ae22b233b7 100644
--- a/src/chrome/content/rules/GAME.se.xml
+++ b/src/chrome/content/rules/GAME.se.xml
@@ -1,9 +1,12 @@
-<ruleset name="GAME.se (partial)">
+<!--
+	secure: Reset
+
+-->
+<ruleset name="GAME.se (partial)" default_off="connection reset">
 
 	<target host="secure.game.se" />
 
 
-	<rule from="^http://secure\.game\.se/"
-		to="https://secure.game.se/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/GAMEPOD.hu.xml b/src/chrome/content/rules/GAMEPOD.hu.xml
new file mode 100644
index 000000000000..88a339bcf0ff
--- /dev/null
+++ b/src/chrome/content/rules/GAMEPOD.hu.xml
@@ -0,0 +1,14 @@
+<!--
+	Invalid certificate:
+		www.gamepod.hu
+
+-->
+<ruleset name="GAMEPOD.hu">
+	<target host="gamepod.hu" />
+	<target host="www.gamepod.hu" />
+	<target host="m.gamepod.hu" />
+
+	<rule from="^http://www\.gamepod\.hu/"
+		to="https://gamepod.hu/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/GAcollege411.org.xml b/src/chrome/content/rules/GAcollege411.org.xml
new file mode 100644
index 000000000000..58d21c25a9eb
--- /dev/null
+++ b/src/chrome/content/rules/GAcollege411.org.xml
@@ -0,0 +1,23 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://gacollege411.org/ => https://gacollege411.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://secure.gacollege411.org/ => https://secure.gacollege411.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.gacollege411.org/ => https://www.gacollege411.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	Fully covered subdomains:
+
+		- (www.)?
+		- secure
+
+-->
+<ruleset name="GAcollege411.org" default_off="failed ruleset test">
+
+	<target host="gacollege411.org" />
+	<target host="secure.gacollege411.org" />
+	<target host="www.gacollege411.org" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GBAtemp.net.xml b/src/chrome/content/rules/GBAtemp.net.xml
new file mode 100644
index 000000000000..ce5ada5b06d0
--- /dev/null
+++ b/src/chrome/content/rules/GBAtemp.net.xml
@@ -0,0 +1,27 @@
+<!--
+	Insecure cookies are set for these domains and hosts:
+
+		- gbatemp.net
+		- .gbatemp.net
+
+-->
+<ruleset name="GBAtemp.net">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="gbatemp.net" />
+	<target host="www.gbatemp.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^gbatemp\.net$" name="xf_session$" /-->
+	<!--securecookie host="^\.gbatemp\.net$" name="^__qca$" /-->
+
+	<securecookie host="^\.?gbatemp\.net$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GBConsult.info.xml b/src/chrome/content/rules/GBConsult.info.xml
new file mode 100644
index 000000000000..e62be7168f3f
--- /dev/null
+++ b/src/chrome/content/rules/GBConsult.info.xml
@@ -0,0 +1,25 @@
+<!--
+	Remark: *.gbconsult.info has a wildcard DNS record without a wildcard certificate
+
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- bohoomil.com
+		- www.gbconsult.info
+-->
+<ruleset name="GBConsult.info (partial)">
+	<!-- *bohoomil.com -->
+	<target host="bohoomil.com" />
+
+	<!-- *gbconsult.info -->
+	<target host="gbconsult.info" />
+	<target host="www.gbconsult.info" />
+
+	<rule from="^http://bohoomil\.com/"
+		  	to="https://gbconsult.info/" />
+
+	<rule from="^http://www\.gbconsult\.info/"
+		  	to="https://gbconsult.info/" />
+
+	<rule from="^http:"
+		  	to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/GBP.ma.xml b/src/chrome/content/rules/GBP.ma.xml
new file mode 100644
index 000000000000..a66d731105c3
--- /dev/null
+++ b/src/chrome/content/rules/GBP.ma.xml
@@ -0,0 +1,35 @@
+<!--
+	Different HTTP/HTTPS content:
+		cibonline.gbp.ma
+	Forbidden 403:
+		www.gbp.ma
+		bourse.gbp.ma
+		crcatm.gbp.ma
+		uplinegroup.gbp.ma
+	Invalid Certificate:
+		gbp.ma
+		www.8congres.gbp.ma
+		www.mai.gbp.ma
+		www.uplinegroup.gbp.ma
+		www.vivalis.gbp.ma
+-->
+<ruleset name="GBP.ma">
+	<target host="admingbp.gbp.ma" />
+	<target host="banquepopulaireentreprise.gbp.ma" />
+	<target host="bladihissab.gbp.ma" />
+	<target host="bpbourse.gbp.ma" />
+	<target host="bpnet.gbp.ma" />
+	<target host="jedeviensclient.gbp.ma" />
+	<target host="maiassur.gbp.ma" />
+		<test url="http://maiassur.gbp.ma/extranet/" />
+	<target host="marocleasing.gbp.ma" />
+	<target host="marocleasingnet.gbp.ma" />
+	<target host="mediafinance.gbp.ma" />
+	<target host="oauth2.gbp.ma" />
+		<test url="http://oauth2.gbp.ma/Auth/Password/" />
+	<target host="trade.gbp.ma" />
+		<test url="http://trade.gbp.ma/bcp/fr/controle/OubliPasse.asp/" />
+	<target host="ventemai.gbp.ma" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/GCHQ-Careers.co.uk.xml b/src/chrome/content/rules/GCHQ-Careers.co.uk.xml
new file mode 100644
index 000000000000..9a5d65b555a2
--- /dev/null
+++ b/src/chrome/content/rules/GCHQ-Careers.co.uk.xml
@@ -0,0 +1,19 @@
+<!--
+	For other UK government coverage, see GOV.UK.xml.
+
+-->
+<ruleset name="GCHQ-Careers.co.uk">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="gchq-careers.co.uk" />
+	<target host="www.gchq-careers.co.uk" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GCIon.com.xml b/src/chrome/content/rules/GCIon.com.xml
new file mode 100644
index 000000000000..7e059f293919
--- /dev/null
+++ b/src/chrome/content/rules/GCIon.com.xml
@@ -0,0 +1,31 @@
+<!--
+	For other Gannett Company coverage, see Gannett-Company.xml.
+
+
+	Nonfunctional hosts in *gcion.com:
+
+		- cherryhi.ur *
+
+	* Refused
+
+
+	Problematic hosts in *gcion.com:
+
+		- newspaper.app30.ur ¹ ²
+
+	¹ Expired 2012-04-29
+	² Mismatched
+
+-->
+<ruleset name="GCion.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="accountsolution.gcion.com" />
+	<target host="myaccount.gcion.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GCM_Asia.com.xml b/src/chrome/content/rules/GCM_Asia.com.xml
index fd43eedb4081..449dfb1afeb1 100644
--- a/src/chrome/content/rules/GCM_Asia.com.xml
+++ b/src/chrome/content/rules/GCM_Asia.com.xml
@@ -12,11 +12,11 @@
 <ruleset name="GCM Asia.com (partial)">
 
 	<target host="gcmasia.com" />
-	<target host="*.gcmasia.com" />
+	<target host="web.gcmasia.com" />
+	<target host="www.gcmasia.com" />
 		<exclusion pattern="^http://(?:www\.)?gcmasia\.com/(?!favicon\.ico|_Incapsula_Resource(?:$|\?)|open-real-account(?:$|[?/])|Templates/|tools/|Uploaded/|WebResource\.axd)" />
 
 
-	<rule from="^http://(web\.|www\.)?gcmasia\.com/"
-		to="https://$1gcmasia.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/GCM_Computers.com.xml b/src/chrome/content/rules/GCM_Computers.com.xml
new file mode 100644
index 000000000000..9b2ebe2efb6f
--- /dev/null
+++ b/src/chrome/content/rules/GCM_Computers.com.xml
@@ -0,0 +1,18 @@
+<!--
+	Server is configured for rc4 only.
+
+-->
+<ruleset name="GCM Computers.com">
+
+	<target host="gcmcomputers.com" />
+	<target host="cp.gcmcomputers.com" />
+	<target host="webmail.gcmcomputers.com" />
+	<target host="www.gcmcomputers.com" />
+
+
+	<securecookie host="^(?:(?:cp|\.webmail|www)\.)?gcmcomputers\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GCaptain.com.xml b/src/chrome/content/rules/GCaptain.com.xml
index a7a07519e5e5..ce98b37d330a 100644
--- a/src/chrome/content/rules/GCaptain.com.xml
+++ b/src/chrome/content/rules/GCaptain.com.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://cfs1.gcaptain.com/ (200) => https://d2m8pnbf2v4ae2.cloudfront.net/ (403)
+
 	CDN buckets:
 
 		- d2m8pnbf2v4ae2.cloudfront.net
@@ -24,17 +28,40 @@
 	* cloudfront
 
 -->
-<ruleset name="gCaptain.com (partial)">
+<ruleset name="gCaptain.com (partial)" default_off="failed ruleset test">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="gcaptain.com" />
-	<target host="*.gcaptain.com" />
+	<target host="www.gcaptain.com" />
 
+	<!--	Complications:
+				-->
+	<target host="c.gcaptain.com" />
+	<target host="cf.gcaptain.com" />
+	<target host="cfs1.gcaptain.com" />
 
-	<securecookie host="^gcaptain\.com$" name=".+" />
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://(www\.)?gcaptain\.com/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://(?:www\.)?gcaptain\.com/+(?!images/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://gcaptain.com/about/" />
+			<test url="http://gcaptain.com/category/interesting/" />
+			<test url="http://gcaptain.com/contact/" />
 
+			<!--	-ve:
+					-->
+			<test url="http://gcaptain.com/images/footer-logo.png" />
+
+
+	<securecookie host="^gcaptain\.com$" name=".+" />
 
-	<rule from="^http://(www\.)?gcaptain\.com/"
-		to="https://$1gcaptain.com/" />
 
 	<rule from="^http://c\.gcaptain\.com/"
 		to="https://d32gw8q6pt8twd.cloudfront.net/" />
@@ -42,7 +69,7 @@
 	<rule from="^http://cf\.gcaptain\.com/"
 		to="https://d38ecmhxsvwui3.cloudfront.net/" />
 
-	<rule from="^http://cfs1\.gcaptain\.com/"
-		to="https://d2m8pnbf2v4ae2.cloudfront.net/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/GCemetery.co.xml b/src/chrome/content/rules/GCemetery.co.xml
new file mode 100644
index 000000000000..e9cebf282abf
--- /dev/null
+++ b/src/chrome/content/rules/GCemetery.co.xml
@@ -0,0 +1,8 @@
+<ruleset name="GCemetery.co">
+	<target host="gcemetery.co" />
+	<target host="www.gcemetery.co" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/GChat.com.xml b/src/chrome/content/rules/GChat.com.xml
index edabb53e8d41..fcf7f554bb41 100644
--- a/src/chrome/content/rules/GChat.com.xml
+++ b/src/chrome/content/rules/GChat.com.xml
@@ -1,13 +1,12 @@
 <ruleset name="GChat.com">
 
 	<target host="gchat.com" />
-	<target host="*.gchat.com" />
+	<target host="www.gchat.com" />
 
 
 	<securecookie host="^\.gchat\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?gchat\.com/"
-		to="https://$1gchat.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/GDA-Portal.de.xml b/src/chrome/content/rules/GDA-Portal.de.xml
new file mode 100644
index 000000000000..6aea7cae63d0
--- /dev/null
+++ b/src/chrome/content/rules/GDA-Portal.de.xml
@@ -0,0 +1,8 @@
+<ruleset name="GDA-Portal.de">
+
+	<target host="gda-portal.de" />
+	<target host="www.gda-portal.de" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GEANT.net.xml b/src/chrome/content/rules/GEANT.net.xml
new file mode 100644
index 000000000000..7fa572a408a5
--- /dev/null
+++ b/src/chrome/content/rules/GEANT.net.xml
@@ -0,0 +1,104 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://geant3.archive.geant.net/_layouts/images/fgimg.png => https://geant3.archive.geant.net/_layouts/images/fgimg.png: (51, "SSL: no alternative certificate subject name matches target host name 'geant3.archive.geant.net'")
+Fetch error: http://geant3.archive.geant.net/Style%20Library/Geant/css/GEANTPublic4.css => https://geant3.archive.geant.net/Style%20Library/Geant/css/GEANTPublic4.css: (51, "SSL: no alternative certificate subject name matches target host name 'geant3.archive.geant.net'")
+Fetch error: http://geant3.archive.geant.net/style%20Library/Geant/images/hbox_top_grey_left_rev.gif => https://geant3.archive.geant.net/style%20Library/Geant/images/hbox_top_grey_left_rev.gif: (51, "SSL: no alternative certificate subject name matches target host name 'geant3.archive.geant.net'")
+Fetch error: http://weblogin2.geant.net/ => https://weblogin2.geant.net/: (28, 'Connection timed out after 20000 milliseconds')
+
+-->
+
+<!--
+	For other GÉANT Association coverage, see GEANT.org.xml.
+
+
+	Fully covered subdomains:
+
+		- crowd
+		- nrenservices
+		- weblogin2
+
+
+	Partially covered subdomains:
+
+		- geant3.archive ¹
+		- www ²
+
+	¹ Some paths redirect to weblogin.dante.net
+	² Some paths redirect to weblogin2
+
+
+	Observed cookie domains:
+
+		- crowd
+		- www
+
+-->
+<ruleset name="GEANT.net (partial)" default_off="failed ruleset test">
+
+	<target host="geant3.archive.geant.net" />
+	<target host="crowd.geant.net" />
+	<target host="nrenservices.geant.net" />
+	<target host="weblogin2.geant.net" />
+	<target host="www.geant.net" />
+		<!--
+			These paths redirect to weblogin.dante.net:
+									-->
+		<!--exclusion pattern="^http://geant3\.archive\.geant\.net/+($|\?|pages/home\.aspx|PublishingImages/)" /-->
+		<!--
+			These paths redirect to weblogin2
+								-->
+		<!--exclusion pattern="^http://www\.geant\.net/+($|\?|Documents/|MediaCentreEvents/news/|pages/contact\.aspx|Pages/default\.aspx|PublishingImages/|Resources/Media_Library/|Services/_layouts/)" /-->
+		<!--
+			404:
+				-->
+		<!--exclusion pattern="^http://(geant3\.archive|www)\.geant\.net/favicon\.ico" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://geant3\.archive\.geant\.net/(?!_layouts/|_login/|_wpresources/|[sS]tyle%20Library/|_trust/|WebResource\.axd\?)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://geant3.archive.geant.net/About_GEANT" />
+			<test url="http://geant3.archive.geant.net/Events" />
+			<test url="http://geant3.archive.geant.net/Media_Centre" />
+			<test url="http://geant3.archive.geant.net/Pages/contactus.aspx" />
+			<test url="http://geant3.archive.geant.net/PublishingImages/terabit_banner.jpg" />
+			<test url="http://geant3.archive.geant.net/Research" />
+			<test url="http://geant3.archive.geant.net/favicon.ico" />
+			<test url="http://geant3.archive.geant.net/WebResource.axd" />
+
+			<!--	-ve:
+					-->
+
+			<test url="http://geant3.archive.geant.net/_layouts/images/fgimg.png" />
+			<test url="http://geant3.archive.geant.net/Style%20Library/Geant/css/GEANTPublic4.css" />
+			<test url="http://geant3.archive.geant.net/style%20Library/Geant/images/hbox_top_grey_left_rev.gif" />
+
+		<exclusion pattern="^http://www\.geant\.net/+(?!_catalogs/|_layouts/|_login/|Style%20Library/|_trust/|WebResource\.axd)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.geant.net/About/Pages/home.aspx" />
+			<test url="http://www.geant.net/Banner/data1/images/ga_banner.jpg" />
+			<test url="http://www.geant.net/Banner/engine1/style.css" />
+			<test url="http://www.geant.net/Pages/GEANT-Gateway.aspx" />
+			<test url="http://www.geant.net/Users/Pages/home.aspx" />
+			<test url="http://www.geant.net/pages/contact.aspx" />
+			<test url="http://www.geant.net/pages/sitemap.aspx" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.geant.net/_catalogs/masterpage/GN3PlusMaster/favicon.ico" />
+			<test url="http://www.geant.net/_layouts/15/images/spcommon.png" />
+			<test url="http://www.geant.net/WebResource.axd" />
+
+
+	<securecookie host="^crowd\.geant\.net$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GEANT.org.xml b/src/chrome/content/rules/GEANT.org.xml
new file mode 100644
index 000000000000..92527d5d6b8e
--- /dev/null
+++ b/src/chrome/content/rules/GEANT.org.xml
@@ -0,0 +1,76 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://login.geant.org/ => https://login.geant.org/: (51, "SSL: no alternative certificate subject name matches target host name 'login.geant.org'")
+Fetch error: http://test-login.geant.org/ => https://test-login.geant.org/: (6, 'Could not resolve host: test-login.geant.org')
+
+-->
+
+<!--
+	GÉANT Association
+
+	Other GÉANT Association rulesets:
+
+		- GEANT.net.xml
+		- REFEDS.org.xml
+		- TACAR.org
+		- Terena.org.xml
+
+
+	Nonfunctional subdomains:
+
+		- ^ ¹
+		- rs-www ¹
+		- uat-www ¹
+		- www ²
+
+	¹ 404
+	² Redirects to login
+
+
+	Fully covered subdomains:
+
+		- adfs
+		- login
+		- test-login
+		- wiki
+
+
+	These altnames don't exist:
+
+		- adfs2.geant.org
+		- adfs3.geant.org
+		- compendium.geant.org
+		- crypto-filesender.geant.org
+		- cryptosender.geant.org
+		- eventr.geant.org
+		- filesender.geant.org
+		- intranet.geant.org
+		- prod-intranet.geant.org
+		- prod-www.geant.org
+		- test-adfs.geant.org
+		- test-adfs2.geant.org
+		- test-adfs3.geant.org
+		- test-intranet.geant.org
+		- test-www.geant.org
+		- tnc15.geant.org
+		- tnc16.geant.org
+		- tnc17.geant.org
+		- uat-adfs.geant.org
+		- uat-adfs2.geant.org
+		- uat-adfs3.geant.org
+		- uat-intranet.geant.org
+
+-->
+<ruleset name="GEANT.org (partial)" default_off="failed ruleset test">
+
+	<target host="adfs.geant.org" />
+	<target host="login.geant.org" />
+	<target host="test-login.geant.org" />
+	<target host="wiki.geant.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GEBlogs.com.xml b/src/chrome/content/rules/GEBlogs.com.xml
new file mode 100644
index 000000000000..e75fbe1c4533
--- /dev/null
+++ b/src/chrome/content/rules/GEBlogs.com.xml
@@ -0,0 +1,11 @@
+<ruleset name="GEBlogs.com (partial)">
+	<target host="geblogs.com" />
+	<target host="www.geblogs.com" />
+	<target host="brazil.geblogs.com" />
+	<target host="careers.geblogs.com" />
+	<target host="geforcee.geblogs.com" />
+	<target host="visualization.geblogs.com" />
+
+	<rule from="^http://geblogs\.com/" to="https://www.geblogs.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/GEMoney.xml b/src/chrome/content/rules/GEMoney.xml
new file mode 100644
index 000000000000..f96c28fd8455
--- /dev/null
+++ b/src/chrome/content/rules/GEMoney.xml
@@ -0,0 +1,16 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://apply.gemoney.com.au/ => https://apply.gemoney.com.au/: (35, 'Unknown SSL protocol error in connection to apply.gemoney.com.au:443 ')
+Fetch error: http://28degrees-online.gemoney.com.au/ => https://28degrees-online.gemoney.com.au/: (35, 'Unknown SSL protocol error in connection to 28degrees-online.gemoney.com.au:443 ')
+
+-->
+<ruleset name="GE Money" default_off="failed ruleset test">
+	<target host="gemoney.com.au" />
+	<target host="www.gemoney.com.au" />
+	<target host="apply.gemoney.com.au" />
+	<target host="28degrees-online.gemoney.com.au" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/GENEVI.org.xml b/src/chrome/content/rules/GENEVI.org.xml
deleted file mode 100644
index a05935847485..000000000000
--- a/src/chrome/content/rules/GENEVI.org.xml
+++ /dev/null
@@ -1,27 +0,0 @@
-<!--
-	GENIVI Alliance
-
-
-	Nonfunctional subdomains:
-
-		- (www.)	(refused)
-
-
-	Fully covered subdomains:
-
-		- bugs
-		- projects
-
--->
-<ruleset name="GENEVI.org (partial)">
-
-	<target host="*.genivi.org" />
-
-
-	<securecookie host="^(?:bug|project)s\.genivi\.org$" name=".+" />
-
-
-	<rule from="^http://(bug|project)s\.genivi\.org/"
-		to="https://$1s.genivi.org/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/GENI.xml b/src/chrome/content/rules/GENI.xml
index 28539c8514e0..2690799ac6fa 100644
--- a/src/chrome/content/rules/GENI.xml
+++ b/src/chrome/content/rules/GENI.xml
@@ -1,16 +1,44 @@
 <!--
 	Nonfunctional subdomains:
 
-		- groups
+		- groups *
+
+	* Refused
+
+
+	Fully covered hosts in *geni.net:
+
+		- (www.)?
+		- portal
+
+
+	Insecure cookies are set for these hosts:
+
+		- portal.geni.net
+
+
+	Mixed content:
+
+		- Images on www from $self *
+
+	* Secured by us
 
 -->
-<ruleset name="GENI (partial)">
+<ruleset name="GENI.net (partial)">
 
 	<target host="geni.net" />
+	<target host="portal.geni.net" />
 	<target host="www.geni.net" />
 
 
-	<rule from="^http://(www\.)?geni\.net/"
-		to="https://$1geni.net/" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^portal\.geni\.net$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^portal\.geni\.net$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/GER-WLAN.de.xml b/src/chrome/content/rules/GER-WLAN.de.xml
new file mode 100644
index 000000000000..27c792b0c19e
--- /dev/null
+++ b/src/chrome/content/rules/GER-WLAN.de.xml
@@ -0,0 +1,10 @@
+<ruleset name="GER-WLAN">
+
+	<target host="ger-wlan.de" />
+	<target host="www.ger-wlan.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GETMEIN.com.xml b/src/chrome/content/rules/GETMEIN.com.xml
new file mode 100644
index 000000000000..8a789cba3fd8
--- /dev/null
+++ b/src/chrome/content/rules/GETMEIN.com.xml
@@ -0,0 +1,35 @@
+<!--
+	For other Live Nation coverage, see LiveNation.com.xml
+
+	Non-functional hosts
+		Couldn't connect to server:
+		- autodiscover.getmein.com
+
+		Timeout was reached:
+		- mta.e.getmein.com
+		- mta2.e.getmein.com
+		- view.e.getmein.com
+
+		SSL peer certificate was not OK:
+		- click.e.getmein.com
+		- image.e.getmein.com
+		- reviews.getmein.com
+		- sociable.getmein.com
+-->
+<ruleset name="GETMEIN.com">
+	<target host="getmein.com" />
+	<target host="www.getmein.com" />
+	<target host="affiliates.getmein.com" />
+	<target host="api.getmein.com" />
+	<target host="ats.getmein.com" />
+	<target host="connect.getmein.com" />
+	<target host="downloads.getmein.com" />
+	<target host="express.getmein.com" />
+	<target host="iservices.getmein.com" />
+	<target host="media.getmein.com" />
+	<target host="origin-media.getmein.com" />
+	<target host="secure.getmein.com" />
+	<target host="survey.getmein.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/GF-Financial.xml b/src/chrome/content/rules/GF-Financial.xml
new file mode 100644
index 000000000000..561a3a6bb0ce
--- /dev/null
+++ b/src/chrome/content/rules/GF-Financial.xml
@@ -0,0 +1,9 @@
+<ruleset name="GF Financial Group">
+	<target host="gffg.com" />
+	<target host="www.gffg.com" />
+	<target host="mdws.gffg.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/GFI-Italia.com.xml b/src/chrome/content/rules/GFI-Italia.com.xml
new file mode 100644
index 000000000000..15d0d5f28505
--- /dev/null
+++ b/src/chrome/content/rules/GFI-Italia.com.xml
@@ -0,0 +1,44 @@
+<!--
+	For other GFI Software Development coverage, see GFI_Software_Development.xml.
+
+
+	^gfi-italia.com: Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.gfi-italia.com
+
+
+	Mixed content:
+
+		- Bug on www.gfi-italia.com from pixel.fetchback.com *
+
+	* Secured by us
+
+-->
+<ruleset name="GFI-Italia.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.gfi-italia.com" />
+
+	<!--	Complications:
+				-->
+	<target host="gfi-italia.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.gfi-italia\.com$" name="^(?:ASP\.NET_SessionId|EntryURL|SC_ANALYTICS_(?:GLOBAL|SESSION)_COOKIE)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://gfi-italia\.com/"
+		to="https://www.gfi-italia.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GFI.nl.xml b/src/chrome/content/rules/GFI.nl.xml
new file mode 100644
index 000000000000..2473a78df858
--- /dev/null
+++ b/src/chrome/content/rules/GFI.nl.xml
@@ -0,0 +1,44 @@
+<!--
+	For other GFI Software Development coverage, see GFI_Software_Development.xml.
+
+
+	^gfi.nl: Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.gfi.nl
+
+
+	Mixed content:
+
+		- Bug on www from pixel.fetchback.com *
+
+	* Secured by us
+
+-->
+<ruleset name="GFI.nl">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.gfi.nl" />
+
+	<!--	Complications:
+				-->
+	<target host="gfi.nl" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.gfi\.nl$" name="^(?:ASP\.NET_SessionId|EntryURL|SC_ANALYTICS_(?:GLOBAL|SESSION)_COOKIE)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://gfi\.nl/"
+		to="https://www.gfi.nl/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GFI_Cloud.xml b/src/chrome/content/rules/GFI_Cloud.xml
index 42b55678bce4..24f5285c3d6b 100644
--- a/src/chrome/content/rules/GFI_Cloud.xml
+++ b/src/chrome/content/rules/GFI_Cloud.xml
@@ -1,8 +1,13 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://gficloud.com/ => https://gficloud.com/: (60, 'SSL certificate problem: self signed certificate')
+Fetch error: http://www.gficloud.com/ => https://www.gficloud.com/: (60, 'SSL certificate problem: certificate has expired')
+
 	For other GFI Software Development coverage, see GFI_Software_Development.xml.
 
 -->
-<ruleset name="GFI Cloud">
+<ruleset name="GFI Cloud" default_off="failed ruleset test">
 
 	<target host="gficloud.com" />
 	<target host="www.gficloud.com" />
@@ -14,4 +19,4 @@
 	<rule from="^http://((?:forgot|login|redirect|signup|www)\.)?gficloud\.com/"
 		to="https://$1gficloud.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/GFI_Hispana.com.xml b/src/chrome/content/rules/GFI_Hispana.com.xml
new file mode 100644
index 000000000000..d9c27e81b7c1
--- /dev/null
+++ b/src/chrome/content/rules/GFI_Hispana.com.xml
@@ -0,0 +1,44 @@
+<!--
+	For other GFI Software Development coverage, see GFI_Software_Development.xml.
+
+
+	^gfihispana.com: Mismatched, CN: *.gif.com
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.gfihispana.com
+
+
+	Mixed content:
+
+		- Bug on www.gfihispana.com from pixel.fetchback.com *
+
+	* Secured by us
+
+-->
+<ruleset name="GFI Hispana.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.gfihispana.com" />
+
+	<!--	Complications:
+				-->
+	<target host="gfihispana.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.gfihispana\.com$" name="^(?:ASP\.NET_SessionId|EntryURL)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://gfihispana\.com/"
+		to="https://www.gfihispana.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GFI_Software.de.xml b/src/chrome/content/rules/GFI_Software.de.xml
new file mode 100644
index 000000000000..a87ef305db29
--- /dev/null
+++ b/src/chrome/content/rules/GFI_Software.de.xml
@@ -0,0 +1,44 @@
+<!--
+	For other GFI Software Development coverage, see GFI_Software_Development.xml.
+
+
+	^gfisoftware.de: Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.gfisoftware.de
+
+
+	Mixed content:
+
+		- Bug on www.gfisoftware.de from pixel.fetchback.com *
+
+	* Secured by us
+
+-->
+<ruleset name="GFI Software.de">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.gfisoftware.de" />
+
+	<!--	Complications:
+				-->
+	<target host="gfisoftware.de" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.gfisoftware\.de$" name="^(?:ASP\.NET_SessionId|EntryURL)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://gfisoftware\.de/"
+		to="https://www.gfisoftware.de/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GFI_Software_Development.xml b/src/chrome/content/rules/GFI_Software_Development.xml
index 3b93acb724a5..6cd0eb9845d9 100644
--- a/src/chrome/content/rules/GFI_Software_Development.xml
+++ b/src/chrome/content/rules/GFI_Software_Development.xml
@@ -1,72 +1,101 @@
 <!--
-	Other GFI Software Development rulesets:
+	Fixes: https://github.com/EFForg/https-everywhere/issues/4305
 
-		- GFI_Cloud.xml
 
+	For rules causing false/broken MCB, see gfi.com-falsemixed.xml.
+
+	Other GFI Software Development rulesets:
 
-	Nonfunctional domains:
+		- GFI.nl.xml
+		- GFI-Italia.com.xml
+		- GFI_Cloud.xml
+		- GFI_Hispana.com.xml
+		- GFI_Software.de.xml
+		- GFS_France.com.xml
 
-		- kbase.gfi.com		(redirects to cutomers login, valid cert)
 
+	Nonfunctional hosts in *gfi.com:
 
-	Problematic domains:
+		- kb ¹
+		- kbase ²
 
-		- kb.gfi.com		(redirects to http; mismatched, CN: slotmatching2.salesforce.com)
-		- gfi.nl *
-		- gfihispana.com *
-		- gfi-italia.com *
-		- gfisoftware.de *
-		- gfsfrance.com *
+	¹ Redirects to http
+	² redirects to customers login
 
-	* Mismatched, CN: *.gif.com
 
+	Insecure cookies are set for these domains and hosts:
 
-	Partially covered domains:
+		- .gfi.com
+		- www.gfi.com
 
-		- kb.gfi.com		(→ gfi.secure.force.com)
 
+	Mixed content:
 
-	Fully covered domains:
+		- css on www.gfi.com from $self *
+		- Images on www.gfi.com from $self *
+		- Bug on www.gfi.com from pixel.fetchback.com *
 
-		- (www.)gfi.com
-		- customers.gfi.com
-		- (www.)gfi.nl		(^ → www)
-		- (www.)gfihispana.com	(^ → www)
-		- (www.)gfi-italia.com	(^ → www)
-		- (www.)gfisoftware.de	(^ → www)
-		- (www.)gfsfrance.com	(^ → www)
+	* Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="GFI Software Development (partial)">
+<ruleset name="GFI.com (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="gfi.com" />
-	<target host="*.gfi.com" />
-	<target host="gfi.nl" />
-	<target host="www.gfi.nl" />
-	<target host="gfihispana.com" />
-	<target host="www.gfihispana.com" />
-	<target host="gfi-italia.com" />
-	<target host="www.gfi-italia.com" />
-	<target host="gfisoftware.de" />
-	<target host="www.gfisoftware.de" />
-	<target host="gfsfrance.com" />
-	<target host="www.gfsfrance.com" />
+	<target host="customers.gfi.com" />
+	<target host="www.gfi.com" />
+
+	<!--	Complications:
+				-->
+	<target host="kb.gfi.com" />
+
+		<!--	Avoid broken MCB:
+						-->
+		<exclusion pattern="^http://www\.gfi\.com/blog/(?!wp-content/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.gfi.com/blog/" />
+			<test url="http://www.gfi.com/blog/hold-off-on-upgrading-to-net-framework-4-6-1/" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.gfi.com/blog/wp-content/plugins/wp-postratings/postratings-css.css" />
+
+		<!--exclusion pattern="^http://kb\.gfi\.com/(?!partnersurvey/site/|resource/)" /-->
+		<exclusion pattern="^http://kb\.gfi\.com/(?!resource/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://kb.gfi.com/articles/SkyNet_Article/How-to-upgrade-to-GFI-EventsManager-2013" />
+			<test url="http://kb.gfi.com/supportcommunity/" />
+			<test url="http://kb.gfi.com/supportcontact" />
+
+			<!--	-ve:
+					-->
+			<test url="http://kb.gfi.com/resource/1427501560000/CSSimages/imgskynet.png" />
 
 
-	<securecookie host="^(?:customers\.|www\.)?gfi\.com$" name=".+" />
-	<securecookie host="^www\.gf(?:i\.nl|ihispana\.com|i-italia\.com|isoftware\.de|sfrance\.com)$" name=".+" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.gfi\.com$" name="^EntryURL$" /-->
+	<!--securecookie host="^www\.gfi\.com$" name="^(?:ASP\.NET_SessionId|EntryURL|SC_ANALYTICS_(?:GLOBAL|SESSION)_COOKIE|adv|loc)$" /-->
 
+	<securecookie host="^\." name="^_gat?$" />
+	<securecookie host="^(?!www\.)\w" name=".+" />
+	<securecookie host="^www\." name="^(?:ASP\.NET_SessionId$|EntryURL$|SC_ANALYTICS|adv$|loc$)" />
 
-	<rule from="^http://(customers\.|www\.)?gfi\.com/"
-		to="https://$1gfi.com/" />
 
-	<rule from="^https?://kb\.gfi\.com/partnersurvey/site/"
-		to="https://gfi.secure.force.com/partnersurvey/site/" />
+	<!--	Needs test:
+				-->
+	<!--rule from="^http://kb\.gfi\.com/partnersurvey/site/"
+		to="https://gfi.secure.force.com/partnersurvey/site/" /-->
 
-	<rule from="^https?://kb\.gfi\.com/resource/"
+	<rule from="^http://kb\.gfi\.com/resource/"
 		to="https://gfi.secure.force.com/partnersurvey/resource/" />
 
-	<rule from="^https?://(?:www\.)?gf(i\.nl|ihispana\.com|i-italia\.com|isoftware\.de|sfrance\.com)/"
-		to="https://www.gf$1/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/GFS_France.com.xml b/src/chrome/content/rules/GFS_France.com.xml
new file mode 100644
index 000000000000..76d59dfb61b6
--- /dev/null
+++ b/src/chrome/content/rules/GFS_France.com.xml
@@ -0,0 +1,44 @@
+<!--
+	For other GFI Software Development coverage, see GFI_Software_Development.xml.
+
+
+	^gfsfrance.com: Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.gfsfrance.com
+
+
+	Mixed content:
+
+		- Bug on www.gfsfrance.com from pixel.fetchback.com *
+
+	* Secured by us
+
+-->
+<ruleset name="GFS France.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.gfsfrance.com" />
+
+	<!--	Complications:
+				-->
+	<target host="gfsfrance.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.gfsfrance\.com$" name="^(?:ASP\.NET_SessionId|EntryURL|SC_ANALYTICS_(?:GLOBAL|SESSION)_COOKIE)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://gfsfrance\.com/"
+		to="https://www.gfsfrance.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GH_static.com.xml b/src/chrome/content/rules/GH_static.com.xml
new file mode 100644
index 000000000000..5eaceb9462f8
--- /dev/null
+++ b/src/chrome/content/rules/GH_static.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="GH static.com">
+
+	<target host="cdn.ghstatic.com" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GHacks.net.xml b/src/chrome/content/rules/GHacks.net.xml
new file mode 100644
index 000000000000..22f5f85a9e41
--- /dev/null
+++ b/src/chrome/content/rules/GHacks.net.xml
@@ -0,0 +1,14 @@
+<ruleset name="ghacks.net">
+	<target host="ghacks.net"/>
+	<target host="www.ghacks.net"/>
+	<target host="cdn.ghacks.net"/>
+		<exclusion pattern="^http://cdn\.ghacks\.net/$"/>
+		<test url="http://cdn.ghacks.net/wp-content/plugins/social-media-feather/synved-social/image/social/regular/96x96/rss.png"/>
+		<test url="http://cdn.ghacks.net/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1"/>
+	<target host="deals.ghacks.net"/>
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://(www\.|deals\.)?ghacks\.net/" to="https://$1ghacks.net/"/>
+	<rule from="^http://cdn\.ghacks\.net/(wp-content|wp-includes)/" to="https://cdn.ghacks.net/$1/"/>
+</ruleset>
diff --git a/src/chrome/content/rules/GHash.IO.xml b/src/chrome/content/rules/GHash.IO.xml
new file mode 100644
index 000000000000..9544bb878203
--- /dev/null
+++ b/src/chrome/content/rules/GHash.IO.xml
@@ -0,0 +1,25 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ghash.io/ => https://ghash.io/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://ws.ghash.io/ => https://ws.ghash.io/: (6, 'Could not resolve host: ws.ghash.io')
+Fetch error: http://www.ghash.io/ => https://www.ghash.io/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="GHash.IO" default_off="failed ruleset test">
+
+	<target host="ghash.io" />
+	<target host="ws.ghash.io" />
+	<target host="www.ghash.io" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.ghash\.io$" name="^connect\.sid$" /-->
+
+	<securecookie host="^\.ghash\.io$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GIDApp.com.xml b/src/chrome/content/rules/GIDApp.com.xml
new file mode 100644
index 000000000000..38a3fc429d6c
--- /dev/null
+++ b/src/chrome/content/rules/GIDApp.com.xml
@@ -0,0 +1,28 @@
+<!--
+	For other GIDNetwork coverage, see GIDNetwork.com.xml.
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.gidapp.com
+
+-->
+<ruleset name="GIDApp.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="gidapp.com" />
+	<target host="www.gidapp.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.gidapp\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^www\.gidapp\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GIDForums.com.xml b/src/chrome/content/rules/GIDForums.com.xml
new file mode 100644
index 000000000000..5a87efe60100
--- /dev/null
+++ b/src/chrome/content/rules/GIDForums.com.xml
@@ -0,0 +1,23 @@
+<!--
+	For other GIDNetwork coverage, see GIDNetwork.com.xml.
+
+
+	Mixed content:
+
+		- Image from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="GIDForums.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="gidforums.com" />
+	<target host="www.gidforums.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GIDNetwork.com.xml b/src/chrome/content/rules/GIDNetwork.com.xml
new file mode 100644
index 000000000000..eb2dc4be7e6e
--- /dev/null
+++ b/src/chrome/content/rules/GIDNetwork.com.xml
@@ -0,0 +1,44 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://samia.gidnetwork.com/ => https://samia.gidnetwork.com/: (60, 'SSL certificate problem: certificate has expired')
+
+	Other GIDNetwork rulesets:
+
+		- De_Silva.biz.xml
+		- GIDApp.com.xml
+		- GIDForums.com.xml
+
+
+	Problematic hosts:
+
+		- (www.)? *
+
+	* Server sends no certificate chain, see https://whatsmychaincert.com
+
+
+	Insecure cookies are set for these domains:
+
+		- .gidnetwork.com
+
+-->
+<ruleset name="GIDNetwork.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<!--target host="gidnetwork.com" /-->
+	<target host="samia.gidnetwork.com" />
+	<!--target host="www.gidnetwork.com" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.gidnetwork.com$" name="^dex$" /-->
+
+	<!--securecookie host="^\.gidnetwork.com$" name=".+" /-->
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GIPS.xml b/src/chrome/content/rules/GIPS.xml
new file mode 100644
index 000000000000..848b4f16d055
--- /dev/null
+++ b/src/chrome/content/rules/GIPS.xml
@@ -0,0 +1,8 @@
+<ruleset name="Hehner Reus Systems GmbH">
+
+	<target host="www.gipsprojekt.de"/>
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GISTI.org.xml b/src/chrome/content/rules/GISTI.org.xml
new file mode 100644
index 000000000000..5aefff862267
--- /dev/null
+++ b/src/chrome/content/rules/GISTI.org.xml
@@ -0,0 +1,14 @@
+<!--
+	Different content http/https:
+		ocean.gisti.org
+
+-->
+<ruleset name="GISTI.org">
+
+	<target host="gisti.org" />
+	<target host="www.gisti.org" />
+	<target host="boutique.gisti.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GJ_Open.com.xml b/src/chrome/content/rules/GJ_Open.com.xml
new file mode 100644
index 000000000000..905a48cc3f0b
--- /dev/null
+++ b/src/chrome/content/rules/GJ_Open.com.xml
@@ -0,0 +1,27 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .gjopen.com
+		- .www.gjopen.com
+
+-->
+<ruleset name="GJ Open.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="gjopen.com" />
+	<target host="www.gjopen.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.gjopen\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+	<!--securecookie host="^\.www\.gjopen\.com$" name="^_flyover_forecasts_session$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GKG.xml b/src/chrome/content/rules/GKG.xml
index f0ceff5028d4..1dd001adc4f7 100644
--- a/src/chrome/content/rules/GKG.xml
+++ b/src/chrome/content/rules/GKG.xml
@@ -2,7 +2,7 @@
   <target host="gkg.net" />
   <target host="www.gkg.net" />
 
-  <securecookie host="^(.+\.)?gkg\.net$" name=".*"/>
+  <securecookie host=".+" name=".+" />
 
-  <rule from="^http://(?:www\.)?gkg\.net/" to="https://www.gkg.net/"/>
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/GKVnet-ag.de.xml b/src/chrome/content/rules/GKVnet-ag.de.xml
new file mode 100644
index 000000000000..43bf7ca7d1e0
--- /dev/null
+++ b/src/chrome/content/rules/GKVnet-ag.de.xml
@@ -0,0 +1,10 @@
+<ruleset name="GKVnet-ag.de">
+	<target host="www.gkvnet-ag.de" />
+
+	<test url="http://www.gkvnet-ag.de/svnet-online/" />
+
+	<rule from="^http://www\.gkvnet-ag\.de/$"
+		to="https://www.gkvnet-ag.de/svnet-online/" />
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/GLAAD.org.xml b/src/chrome/content/rules/GLAAD.org.xml
new file mode 100644
index 000000000000..a4b804e7a830
--- /dev/null
+++ b/src/chrome/content/rules/GLAAD.org.xml
@@ -0,0 +1,29 @@
+<!--
+	Refused:
+		action.glaad.org
+
+	Invalid certificate:
+		allychallenge.glaad.org
+		dev.glaad.org
+		fightforourfuture.glaad.org
+		peaceandacceptance.glaad.org
+		spiritday.glaad.org
+		twitter.glaad.org (incomplete certificate chain)
+
+	Time out:
+		archive.glaad.org
+		files.glaad.org
+		latheater.glaad.org
+		nytheater.glaad.org
+		theater.glaad.org
+
+-->
+<ruleset name="GLAAD.org">
+
+	<target host="glaad.org" />
+	<target host="www.glaad.org" />
+	<target host="shop.glaad.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GLAD.org.xml b/src/chrome/content/rules/GLAD.org.xml
new file mode 100644
index 000000000000..0b3487c84118
--- /dev/null
+++ b/src/chrome/content/rules/GLAD.org.xml
@@ -0,0 +1,19 @@
+<!--
+	Secure connection failed:
+		blog.glad.org
+
+	Invalid certificate:
+		code.glad.org
+		legacy.glad.org
+		tc.glad.org
+
+-->
+<ruleset name="GLAD.org">
+	<target host="glad.org" />
+	<target host="www.glad.org" />
+	<target host="secure.glad.org" />
+		<test url="http://secure.glad.org/page/contribute/donate" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GLAD.xml b/src/chrome/content/rules/GLAD.xml
deleted file mode 100644
index 613e4c299769..000000000000
--- a/src/chrome/content/rules/GLAD.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<ruleset name="GLAD (Gay &amp; Lesbian Advocates &amp; Defenders)" platform="mixedcontent">
-	<target host="glad.org" />
-	<target host="*.glad.org" />
-
-	<rule from="^http://(?:www\.)?glad\.org/" to="https://www.glad.org/" />
-	<rule from="^http://([a-zA-Z0-9\-]+)\.glad\.org/" to="https://$1.glad.org/" />
-
-	<!-- Invoking https://glad.org/ produces a certificate error, so redirect
-	https://glad.org/ to https://www.glad.org/ -->
-	<rule from="^https://glad\.org/" to="https://www.glad.org/" />
-</ruleset>
diff --git a/src/chrome/content/rules/GLS.de.xml b/src/chrome/content/rules/GLS.de.xml
index 5b897188b94f..6ca3db346210 100644
--- a/src/chrome/content/rules/GLS.de.xml
+++ b/src/chrome/content/rules/GLS.de.xml
@@ -1,9 +1,17 @@
+<!--
+    Nonfunctional subdomains:
+        - laden            -> wrong domain
+        - sharedichdrum    -> no secure protocols supported
+        - mikrokreditfonds -> wrong domains
+        - news             -> wrong domain
+-->
 <ruleset name="GLS Bank">
-<!-- blog.gls.de has different content on https -->
-  <target host="www.gls.de"/>
-  <target host="gls.de"/>
-  <target host="gls.gls-service.de"/>
+    <target host="gls.de"/>
+    <target host="www.gls.de"/>
+    <target host="blog.gls.de"/>
 
-  <rule from="^http://(www\.)?gls\.de/" to="https://www.gls.de/"/>
-  <rule from="^http://gls\.gls-service\.de/" to="https://gls.gls-service.de/"/>
+    <securecookie host="^(www\.|blog\.)?gls\.de" name=".+" />
+
+    <rule from="^http:"
+            to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/GMO.com.xml b/src/chrome/content/rules/GMO.com.xml
new file mode 100644
index 000000000000..9e7e729212c4
--- /dev/null
+++ b/src/chrome/content/rules/GMO.com.xml
@@ -0,0 +1,29 @@
+<!--
+	^gmo.com: cert only matches www
+
+-->
+<ruleset name="GMO.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.gmo.com" />
+
+	<!--	Complications:
+				-->
+	<target host="gmo.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.gmo\.com$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^www\.gmo\.com$" name=".+" />
+
+
+	<rule from="^http://gmo\.com/"
+		to="https://www.gmo.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GMO_BB.jp.xml b/src/chrome/content/rules/GMO_BB.jp.xml
new file mode 100644
index 000000000000..f38ce03848b8
--- /dev/null
+++ b/src/chrome/content/rules/GMO_BB.jp.xml
@@ -0,0 +1,45 @@
+<!--
+	For other GMO coverage, see GMO_Internet.xml.
+
+
+	(www.): refused
+
+
+	Fully covered subdomains:
+
+		- file
+		- help
+		- ssl
+		- webmail
+
+
+	Mixed content:
+
+		- Images on help from cache.img.gmo.jp *
+
+	* Secured by us
+
+-->
+<ruleset name="GMO BB.jp (partial)">
+
+	<target host="file.gmobb.jp" />
+	<target host="help.gmobb.jp" />
+	<target host="ssl.gmobb.jp" />
+	<target host="webmail.gmobb.jp" />
+		<!--exclusion pattern="http://www\.gmobb\.jp/" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.gmobb\.jp" name="^CGISESSID$" /-->
+	<!--securecookie host="^file\.gmobb\.jp" name="^PHPSESSID$" /-->
+	<!--securecookie host="^help\.gmobb\.jp" name="^cp_session$" /-->
+	<!--securecookie host="^webmail\.gmobb\.jp" name="^SQMSESSID$" /-->
+
+	<securecookie host="^(?:file|help|webmail)\.gmobb\.jp" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GMO_Cloud.com.xml b/src/chrome/content/rules/GMO_Cloud.com.xml
new file mode 100644
index 000000000000..b37245628d68
--- /dev/null
+++ b/src/chrome/content/rules/GMO_Cloud.com.xml
@@ -0,0 +1,113 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://contact.gmocloud.com/ => https://contact.gmocloud.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	For other GMO coverage, see GMO_Internet.xml.
+
+
+	Nonfunctional subdomains:
+
+		- th *
+
+	* Dropped
+
+
+	Problematic subdomains:
+
+		- blog ¹
+		- w *
+
+	¹ Mismatched
+	* Works; expired, self-signed
+
+
+	Fully covered subdomains:
+
+		- (www.)
+		- blog		(→ www.gmocloud.com)
+		- contact
+		- ir
+		- order
+		- partner
+		- private
+		- private-c
+		- shared
+		- support
+		- us
+		- vps
+		- vpsportal
+
+
+	home: Dropped over http & https
+
+
+	Insecure cookies are set for these hosts:
+
+		- contact.gmocloud.com
+		- order.gmocloud.com
+		- www.gmocloud.com
+
+
+	Mixed content:
+
+		- css on us from fonts.googleapis.com ²
+
+		- Images, on:
+
+			- ir, private, private-c, vps, w, from cache.img.gmo.jp
+			- ir from www.stockweather.co.jp ³
+
+		- Bugs, on private, private-c, shared, support, vps, from www.google.com ²
+
+	¹ Secured by us, minor
+	² Secured by us
+	³ Unsecurable <= 404
+
+-->
+<ruleset name="GMO Cloud.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="gmocloud.com" />
+	<target host="contact.gmocloud.com" />
+	<target host="ir.gmocloud.com" />
+	<target host="order.gmocloud.com" />
+	<target host="partner.gmocloud.com" />
+	<target host="private.gmocloud.com" />
+	<target host="private-c.gmocloud.com" />
+	<target host="shared.gmocloud.com" />
+	<target host="support.gmocloud.com" />
+	<target host="us.gmocloud.com" />
+	<target host="vps.gmocloud.com" />
+	<target host="vpsportal.gmocloud.com" />
+	<target host="www.gmocloud.com" />
+
+	<!--	Complications:
+				-->
+	<target host="blog.gmocloud.com" />
+
+		<!--exclusion pattern="^http://(th|w)\.gmocloud\.com/" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(contact|www)\.gmocloud\.com$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^order\.gmocloud\.com$" name="^(ASP\.NET_SessionId|gmocloudneworder)$" /-->
+
+	<securecookie host="^(?:contact|order|www)\.gmocloud\.com$" name=".+" />
+
+
+	<!--	Redirect drops path and forward
+		slash, but not args:
+					-->
+	<rule from="^http://blog\.gmocloud\.com/[^?]*"
+		to="https://www.gmocloud.com/" />
+
+		<test url="http://blog.gmocloud.com/?" />
+		<test url="http://blog.gmocloud.com//" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GMO_Cloud.us.xml b/src/chrome/content/rules/GMO_Cloud.us.xml
new file mode 100644
index 000000000000..b8580707ee41
--- /dev/null
+++ b/src/chrome/content/rules/GMO_Cloud.us.xml
@@ -0,0 +1,23 @@
+<!--
+	For other GMO coverage, see GMO_Internet.xml.
+
+
+	(www.) doesn't exist.
+
+-->
+<ruleset name="GMO Cloud.us">
+
+	<target host="my.gmocloud.us" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^my\.gmocloud\.us$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^my\.gmocloud\.us$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GMO_Internet.xml b/src/chrome/content/rules/GMO_Internet.xml
index bdea9af6ee2e..ee79c64018a2 100644
--- a/src/chrome/content/rules/GMO_Internet.xml
+++ b/src/chrome/content/rules/GMO_Internet.xml
@@ -1,21 +1,100 @@
 <!--
+	Other GMO rulesets:
+
+		- Click-Sec.com.xml
+		- ConoHa.jp.xml
+		- FX_Prime.com.xml
+		- GlobalSign.xml
+		- GMO_BB.jp.xml
+		- GMO_Cloud.com.xml
+		- GMO_Cloud.us.xml
+		- GMO_Registry.com.xml
+		- GMO_server.jp.xml
+		- Hello.tokyo.xml
+		- Heteml.jp.xml
+		- InterQ.or.jp.xml
+		- Isle.jp.xml
+		- Kumapon.jp.xml
+		- MakeShop.jp.xml
+		- MyVPS.jp.xml
+		- OmakaseWeb.com.xml
+		- Onamae.com.xml
+		- Onamae-server.com.xml
+		- Quicktranslate.com.xml
+		- RapidSite.jp.xml
+		- Rentalserver.jp.xml
+		- Rocketnet.jp.xml
+		- Tenten.vn.xml
+		- Win-rd.jp.xml
+
+
 	Nonfunctional subdomains:
 
 		- error
-		- img
 		- cache.im	(reset)
+		- help.point *
+
+	² Refused
+	* Dropped
+
+
+	Problematic subdomains:
+
+		- img *
+
+	* Refused
+
+
+	Fully covered subdomains:
+
+		- cache.img
+		- img		(-> cache.img)
+		- point
+		- secure
+		- support
+
+
+	mng: Dropped over http & https
+
+
+	Insecure cookies are set for these hosts:
+
+		- point.gmo.jp
+
+
+	Mixed content:
+
+		- css on cloud from cache.img *
+
+		- Images on cloud from cache.img *
+
+	* Secured by us
 
 -->
-<ruleset name="GMO Internet (partial)">
+<ruleset name="GMO.jp (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="gmo.jp" />
-	<target host="*.gmo.jp" />
+	<target host="cloud.gmo.jp" />
+	<target host="cache.img.gmo.jp" />
+	<target host="ir.gmo.jp" />
+	<target host="point.gmo.jp" />
+	<target host="recruit.gmo.jp" />
+	<target host="secure.gmo.jp" />
+	<target host="support.gmo.jp" />
+	<target host="www.gmo.jp" />
 
+	<!--	Complications:
+				-->
+	<target host="img.gmo.jp" />
 
-	<securecookie host="^mng\.gmo\.jp$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
+	<rule from="^http://img\.gmo\.jp/"
+		to="https://cache.img.gmo.jp/" />
 
-	<rule from="^http://(mng\.|www\.)?gmo\.jp/"
-		to="https://$1gmo.jp/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/GMO_Registry.com.xml b/src/chrome/content/rules/GMO_Registry.com.xml
new file mode 100644
index 000000000000..217a3dbb04f6
--- /dev/null
+++ b/src/chrome/content/rules/GMO_Registry.com.xml
@@ -0,0 +1,39 @@
+<!--
+	For other GMO coverage, see GMO_Internet.xml.
+
+
+	(www.)?gmo-registry.com: Expired
+
+
+	Mixed content:
+
+		- Images on www.gmoregistry.com from cache.img.gmo.jp
+
+-->
+<ruleset name="GMO Registry.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="gmoregistry.com" />
+	<target host="www.gmoregistry.com" />
+
+	<!--	Complications:
+				-->
+	<target host="gmo-registry.com" />
+	<target host="www.gmo-registry.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.gmoregistry\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^www\.gmoregistry\.com$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?gmo-registry\.com/"
+		to="https://www.gmoregistry.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GMO_server.jp.xml b/src/chrome/content/rules/GMO_server.jp.xml
new file mode 100644
index 000000000000..57f8047e928f
--- /dev/null
+++ b/src/chrome/content/rules/GMO_server.jp.xml
@@ -0,0 +1,21 @@
+<!--
+	For other GMO Internet coverage, see GMO_Internet.xml.
+
+
+	Mixed content:
+
+		- Image from www.gmo.jp *
+
+	* Secured by us
+
+-->
+<ruleset name="GMO server.jp">
+
+	<target host="gmoserver.jp" />
+	<target host="www.gmoserver.jp" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GMPG.org.xml b/src/chrome/content/rules/GMPG.org.xml
new file mode 100644
index 000000000000..6039b50b6dbe
--- /dev/null
+++ b/src/chrome/content/rules/GMPG.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="GMPG.org">
+
+	<target host="gmpg.org" />
+	<target host="www.gmpg.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GMP_Lib.org.xml b/src/chrome/content/rules/GMP_Lib.org.xml
new file mode 100644
index 000000000000..77af5d8d8a18
--- /dev/null
+++ b/src/chrome/content/rules/GMP_Lib.org.xml
@@ -0,0 +1,16 @@
+<!--
+	For other GNU coverage, see GNU.xml.
+
+-->
+<ruleset name="GMP Lib.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="gmplib.org" />
+	<target host="www.gmplib.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GMRU.net.xml b/src/chrome/content/rules/GMRU.net.xml
new file mode 100644
index 000000000000..c83e1bff4623
--- /dev/null
+++ b/src/chrome/content/rules/GMRU.net.xml
@@ -0,0 +1,17 @@
+<ruleset name="GMRU.net">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="allods.cdn.gmru.net" />
+	<target host="bb.cdn.gmru.net" />
+	<target host="dn.cdn.gmru.net" />
+	<target host="jd.cdn.gmru.net" />
+	<target host="pw.cdn.gmru.net" />
+	<target host="sf.cdn.gmru.net" />
+	<target host="wf.cdn.gmru.net" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GMX.xml b/src/chrome/content/rules/GMX.xml
index a18ae4cd19fc..57e43f0a6914 100644
--- a/src/chrome/content/rules/GMX.xml
+++ b/src/chrome/content/rules/GMX.xml
@@ -1,128 +1,51 @@
 <!--
-	For other United Internet coverage, see United-Internet.xml.
-
-
-		CDN buckets:
 
-			- gmx.con-tech.de
-
-				- kino.gmx.de
+	For other United Internet coverage, see United-Internet.xml.
 
-			- gmx.ivwbox.de
 
+	CDN buckets:
+		- gmx.con-tech.de
+		- kino.gmx.de
+		- gmx.ivwbox.de
 
 	Nonfunctional domains:
-
-		- kino.gmx.de		(redirects to www.govento.de; mismatched, CN: ct-cds.con-tech.de)
-		- newsroom.gmx.net	(refused)
-
-
-	Fully covered domains:
-
-		- (www.)gmx.at		(^ → www)
-		- (www.)gmx.ca		(→ www.gmx.com)
-		- (www.)gmx.ch		(^ → www)
-		- (www.)gmx.co.uk	(^ → www)
-
-		- gmx.com subdomains:
-
-			- (www.)	(^ → www)
-			- help
-			- images
-			- service
-			- storage-file-eu
-
-		- (www.)gmx.de		(→ www.gmx.net)
-		- mobile.gmx.de
-		- (www.)gmx.fr		(^ → www)
-		- (www.)gmx.it		(→ www.gmx.com)
-
-		- gmx.net subdomains:
-
-			- (www.)	(^ → www)
-			- dl
-			- hilfe
-			- images
-			- img
-			- js
-			- mailings
-			- registrierung
-			- sec-i0
-			- service
-			- suche
-
-		- (www.)gmx.ru		(→ www.gmx.com)
-		- (www.)gmx.se		(→ www.gmx.com)
-
-
-	Observed cookie domains:
-
-		- .gmx.de
-		- mobile.gmx.de
-
-		- gmx.net subdomains:
-
-			- .
-			- .suche
-			- service
-			- www
-			- .www
+		- www.gmx.biz			¹
+		- (www.)gmx.ca			²
+		- www.gmx.cc			¹
+		- www.gmx.co.in			²
+		- www.gmx.com.tr		²
+
+		- kino.gmx.de			(redirects to www.govento.de; mismatched, CN: ct-cds.con-tech.de)
+		- www.gmx.info			¹
+		- www.gmx.li			¹
+		- www.gmx.lu			¹
+
+		- www.gmx.org			¹
+		- www.gmx.ph			²
+		- (www.)gmx.ru			²
+		- (www.)gmx.se			²
+		- www.gmx.sg			²
+		- www.gmx.tm			¹
+		- www.gmx.tw			²
+
+	¹ hostname mismatch, CN: *.gmx.net
+	² hostname mismatch, CN: *.mail.com
 
 -->
-<ruleset name="GMX" platform="mixedcontent">
-
-	<target host="gmx.*" />
-	<target host="www.gmx.*" />
-	<target host="gmx.co.uk"/>
-	<target host="www.gmx.co.uk" />
-	<target host="*.gmx.com" />
-	<target host="mobile.gmx.de" />
-	<target host="*.gmx.net" />
-
-
-	<!--securecookie host="^\.gmx\.de$" name="^(NG_USERID|ns_sample)$" /-->
-	<securecookie host="^mobile\.gmx\.de$" name=".+" />
-	<!--securecookie host="^\.gmx\.net$" name="^(emos_webde_sid|emos_webde_vid|ns_sample|ps-cid|psid|SSID|SSLB_P|SSRT|SSSC)$" /-->
-	<securecookie host="^(?:service|\.suche|\.?www)?\.gmx\.net$" name=".+" />
-
-
-	<rule from="^http://(dl|hilfe|images|img|js|mailings|registrierung|sec-i0|suche)\.gmx\.net/"
-		to="https://$1.gmx.net/" />
-
-	<!--	In countries like se, it, ca, and ru, www.gmx.cctld redirects
-		to www.gmx.com; we may as well secure that a bit but it should
-		work regardless of whether we got all of these countries.
-	-->
-	<rule from="^http://(?:www\.)?gmx\.(?:ca|it|se|ru)/"
-		to="https://www.gmx.com/"/>
-
-	<!--	In these domains GMX supports SSL right at the homepage
-
-		https://gmx.com appears to work but hopefully
-		redirecting away won't break anything.
-	-->
-	<rule from="^http://(?:www\.)?gmx\.(at|ch|com|co\.uk|fr|net)/"
-		to="https://www.gmx.$1/" />
-
-	<!--	gmx.de lives at gmx.net
-					-->
-	<rule from="^http://(?:www\.)?gmx\.de/"
-		to="https://www.gmx.net/" />
-
-	<!--	A lot of the back-end work is reportedly done by service.gmx.*
-										-->
-	<rule from="^http://service\.gmx\.(com|net)/"
-		to="https://service.gmx.$1/" />
-
-	<rule from="^http://(help|images)\.gmx\.com/"
-		to="https://$1.gmx.com/" />
-	
-	 <!--	Gmx file storage service (WebDAV)
-							-->
-	<rule from="^http://storage-file-eu\.gmx\.com/"
-		to="https://storage-file-eu.gmx.com/" />
-
-	<rule from="^http://mobile\.gmx\.de/"
-		to="https://mobile.gmx.de/" />
-
+<ruleset name="GMX (partial)">
+	<target host=                "gmx.biz" />
+	<target host=                "gmx.cc" />
+	<target host=                "gmx.co.in" />
+	<target host=                "gmx.com.tr" />
+	<target host=                "gmx.info" />
+	<target host=                "gmx.li" />
+	<target host=                "gmx.lu" />
+	<target host=                "gmx.org" />
+	<target host=                "gmx.ph" />
+	<target host=                "gmx.sg" />
+	<target host=                "gmx.tm" />
+	<target host=                "gmx.tw" />
+
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/GND-Tech.com-problematic.xml b/src/chrome/content/rules/GND-Tech.com-problematic.xml
index d7b968a180cb..ac79302f090e 100644
--- a/src/chrome/content/rules/GND-Tech.com-problematic.xml
+++ b/src/chrome/content/rules/GND-Tech.com-problematic.xml
@@ -5,7 +5,7 @@
 <ruleset name="GND-Tech.com (problematic)" default_off="expired, self-signed" platform="mixedcontent">
 
 	<target host="gnd-tech.com" />
-	<target host="*.gnd-tech.com" />
+	<target host="www.gnd-tech.com" />
 
 
 	<securecookie host="^\.gnd-tech\.com$" name=".+" />
diff --git a/src/chrome/content/rules/GNOME-falsemixed.xml b/src/chrome/content/rules/GNOME-falsemixed.xml
index bbcc43ba9596..2b25fda12597 100644
--- a/src/chrome/content/rules/GNOME-falsemixed.xml
+++ b/src/chrome/content/rules/GNOME-falsemixed.xml
@@ -1,14 +1,19 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://news.gnome.org/ => https://news.gnome.org/: Too many redirects while fetching 'https://news.gnome.org/'
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://news.gnome.org/ => https://news.gnome.org/: Cycle detected - URL already encountered: https://news.gnome.org/
 	For rules not causing false/broken MCB, see GNOME.xml.
 
 -->
-<ruleset name="GNOME (false MCB)" platform="mixedcontent">
+<ruleset name="GNOME (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="blogs.gnome.org" />
 	<target host="news.gnome.org" />
 
 
-	<rule from="^http://(blog|new)s\.gnome\.org/"
-		to="https://$1s.gnome.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/GNOME.xml b/src/chrome/content/rules/GNOME.xml
index ca84d6b61a9c..a81b3e7bb2d4 100644
--- a/src/chrome/content/rules/GNOME.xml
+++ b/src/chrome/content/rules/GNOME.xml
@@ -2,6 +2,11 @@
 	For rules causing false/broken MCB, see GNOME-falsemixed.xml
 
 
+	Other GNOME rulesets:
+
+		- Gnumeric.org.xml
+
+
 	Nonfunctional domains:
 
 		- gnome.asia subdomains:
@@ -12,8 +17,6 @@
 
 		- gnome.org subdomains:
 
-			- art		(prints "ok"; self-signed, CN: CentOS-63-64-minimal)
-			- ftp		(refused)
 			- jabber **
 			- webapps **
 			- webapps2 **
@@ -53,6 +56,7 @@
 			- extensions
 			- foundation
 			- git
+			- glade
 			- help
 			- ldap		(→ www)
 			- l10n
@@ -92,18 +96,19 @@
 
 		- Images, on:
 
+			- blogs from $self *
 			- blogs from planet *
 			- blogs from www *
 			- git from www-old *
 			- mail from www *
 			- mail from www-old *
 			- mango from www *
-			- news from blogs *
 			- news from planet *
 			- news from www *
-			- news from www-old *
+			- news from upload.wikimedia.org *
 			- planet from blogs
 			- planet from \d.bp.blogspot.com *
+			- planet from i.minus.com *
 			- planet from \w+.files.wordpress.com *
 			- planet from s0.wp.com *
 			- projects from ^ *
@@ -132,7 +137,7 @@
 		<!--
 			Causes false/broken MCB:
 							-->
-		<exclusion pattern="^http://(?:blog|new)s\.gnome\.org/" />
+		<exclusion pattern="^http://(blog|new)s\.gnome\.org/" />
 	<target host="gnomejournal.org" />
 	<target host="www.gnomejournal.org" />
 	<target host="gupnp.org" />
@@ -142,19 +147,19 @@
 	<securecookie host="^(?:.*\.)?gnome\.org$" name=".+" />
 
 
-	<rule from="^http://((?:admin|api|blogs|bugs|bugzilla|(?:\w+\.)?bugzilla-attachments|build|cloud|developer|download|etherpad|extensions|foundation|git|help|l10n|library|live|mail|mango|meetbot|nagios|news|ostree|people|planet|progress|projects|rt|static|usability|vote|webstats|wiki|www)\.)?gnome\.org/"
+	<rule from="^http://((?:admin|api|art|blogs|bugs|bugzilla|(?:\w+\.)?bugzilla-attachments|build|cloud|developer|download|etherpad|extensions|foundation|ftp|git|glade|help|l10n|library|live|mail|mango|meetbot|nagios|news|ostree|people|planet|progress|projects|rt|static|usability|vote|webstats|wiki|www)\.)?gnome\.org/"
 		to="https://$1gnome.org/" />
 
 	<rule from="^http://ldap\.gnome\.org/"
 		to="https://www.gnome.org/" />
 
 	<rule from="^http://src\.gnome\.org/"
-		to="https://git.gnome.org/" />
+		to="https://git.gnome.org/browse/" />
 
-	<rule from="^http://(?:www\.)?gnomejournal\.org/"
+	<rule from="^http://(www\.)?gnomejournal\.org/"
 		to="https://www.gnome.org/" />
 
-	<rule from="^http://(?:www\.)?gupnp\.org/"
+	<rule from="^http://(www\.)?gupnp\.org/"
 		to="https://live.gnome.org/GUPnP/" />
 
 
diff --git a/src/chrome/content/rules/GNS3.com.xml b/src/chrome/content/rules/GNS3.com.xml
new file mode 100644
index 000000000000..796f3eab95fa
--- /dev/null
+++ b/src/chrome/content/rules/GNS3.com.xml
@@ -0,0 +1,62 @@
+<!--
+	Nonfunctional hosts in *gns3.com:
+
+		- academy-support *
+
+	* Zendesk
+
+
+	Problematic hosts in *gns3.com:
+
+		- academy ¹ ²
+
+	¹ Mismatched
+	² Mixed css
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .gns3.com
+		- academy.gns3.com
+		- community.gns3.com
+
+
+	Mixed content:
+
+		- css, on:
+
+			- academy from www.gns3.com ¹
+			- www from fonts.googleapis.com ¹
+
+		- Images, on:
+
+			- academy from www.gns3.com ¹
+			- community from new.gns3.net ²
+
+	¹ Secured by us
+	² Not secured by us <= expired
+
+-->
+<ruleset name="GNS3.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="gns3.com" />
+	<target host="community.gns3.com" />
+	<target host="www.gns3.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.gns3\.com$" name="^(?:__cfduid|__qca|cf_clearance)$" /-->
+	<!--securecookie host="^academy\.gns3\.com$" name="(?:_session_id|ahoy_track|ahoy_visit|ahoy_visitor)$" /-->
+	<!--securecookie host="^community\.gns3\.com$" name="^BIGipServer[\w.]+$" /-->
+
+	<securecookie host="^\.gns3\.com$" name="^(?:__cfduid|__qca|cf_clearance)$" />
+	<securecookie host="^community\.gns3\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GNU.io.xml b/src/chrome/content/rules/GNU.io.xml
new file mode 100644
index 000000000000..a18615332dbf
--- /dev/null
+++ b/src/chrome/content/rules/GNU.io.xml
@@ -0,0 +1,22 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.gnu.io/ => https://www.gnu.io/: (51, "SSL: no alternative certificate subject name matches target host name 'www.gnu.io'")
+
+    Notes:
+	    - $, www
+            - Cloudflare SSL
+-->
+<ruleset name="GNU.io" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="gnu.io" />
+	<target host="www.gnu.io" />
+	<target host="git.gnu.io" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GNU.org.xml b/src/chrome/content/rules/GNU.org.xml
index 019f7146cce8..f2c04c9df916 100644
--- a/src/chrome/content/rules/GNU.org.xml
+++ b/src/chrome/content/rules/GNU.org.xml
@@ -1,49 +1,113 @@
 <!--
-	For other Free Software Foundation coverage, see FSF.xml.
-
-
-	Nonfunctional subdomains:
-
-		- ftpmirror
-		- gcc			(shows sourceware.org; mismatched, CN: www.sourceware.org)
-		- download.savannah	(refused)
-		- git.savannah
-
-
-	Problematic domains:
-
-		- (www.)classpath.org	(shows gnu.org; mismatched, CN: www.gnu.org)
-		- mail.gnu.org		(dropped)
-
-
-	Fully covered domains:
-
-		- (www.)classpath.org	(→ www.gnu.org)
-
-		- gnu.org subdomains:
-
-			- (www.)
-			- lists
-			- mail		(→ lists)
-			- savannah
-
+For other Free Software Foundation coverage, see FSF.xml.
+
+Invalid certificate:
+	20121227-hydra.gnu.org
+	arch.gnu.org
+	autoconfig.gnu.org
+	cvs.gnu.org
+	git.gnu.org
+	gnudist.gnu.org
+	health.gnu.org
+	lims.gnu.org
+	savanah.gnu.org
+	savanna.gnu.org
+	arch0.savannah.gnu.org
+	audio-video0.savannah.gnu.org
+	download0.savannah.gnu.org
+	download-mirror0.savannah.gnu.org
+	frontend0.savannah.gnu.org
+	ftpmirror0.savannah.gnu.org
+	git0.savannah.gnu.org
+	web.git0.savannah.gnu.org
+	vcs0.savannah.gnu.org
+	subversions.gnu.org
+	audio-video0.sv.gnu.org
+	download0.sv.gnu.org
+	download-mirror0.sv.gnu.org
+	frontend0.sv.gnu.org
+	ftpmirror0.sv.gnu.org
+	web.git.sv.gnu.org
+	web.git0.sv.gnu.org
+	vcs0.sv.gnu.org
+	wildebeest.gnu.org
+
+Refused connection:
+	eggs.gnu.org
+	www.ie.gnu.org
+	korea.gnu.org
+	mail.gnu.org
+	smalltalk.gnu.org
+	www.smalltalk.gnu.org
+	www.tw.gnu.org
+
+Timeout:
+	mgt.savannah.gnu.org
+	seeder.gnu.org
 -->
-<ruleset name="GNU.org (partial)">
-
-	<target host="gnu.org" />
-	<target host="*.gnu.org" />
-
-
-	<rule from="^http://(?:www\.)?classpath\.org/$"
-		to="https://www.gnu.org/software/classpath/" />
-
-        <rule from="^http://(www\.)?gnu\.org/"
-		to="https://$1gnu.org/" />
-
-        <rule from="^http://(lists|savannah)\.gnu\.org/"
-		to="https://$1.gnu.org/" />
-
-	<rule from="^http://mail\.gnu\.org/"
-		to="https://lists.gnu.org/" />
-
+<ruleset name="GNU.org">
+	<target host="gnu.org"/>
+	<target host="www.gnu.org"/>
+	<target host="alpha.gnu.org"/>
+	<target host="audio-video.gnu.org"/>
+	<target host="bugs.gnu.org"/>
+	<target host="cvs.gnu.org"/>
+	<target host="debbugs.gnu.org"/>
+	<target host="eggs.gnu.org"/>
+	<target host="elpa.gnu.org"/>
+	<target host="ftp.gnu.org"/>
+	<target host="ftpmirror.gnu.org"/>
+	<target host="gcc.gnu.org"/>
+	<target host="git.gnu.org"/>
+	<target host="hurd.gnu.org"/>
+	<target host="www.hurd.gnu.org"/>
+	<target host="hydra.gnu.org"/>
+	<test url="http://hydra.gnu.org/status/"/>
+	<target host="mirror.hydra.gnu.org"/>
+	<target host="lists.gnu.org"/>
+	<target host="mail.gnu.org"/>
+	<target host="planet.gnu.org" />
+	<target host="rt.gnu.org"/>
+	<target host="savanah.gnu.org"/>
+	<target host="savanna.gnu.org"/>
+	<target host="savannah.gnu.org"/>
+	<target host="arch.savannah.gnu.org"/>
+	<target host="audio-video.savannah.gnu.org"/>
+	<target host="bzr.savannah.gnu.org"/>
+	<target host="cvs.savannah.gnu.org"/>
+	<target host="web.cvs.savannah.gnu.org"/>
+	<target host="dl.savannah.gnu.org"/>
+	<target host="download.savannah.gnu.org"/>
+	<target host="download-mirror.savannah.gnu.org"/>
+	<target host="agn.frontend0.savannah.gnu.org"/>
+	<target host="ftpmirror.savannah.gnu.org"/>
+	<target host="git.savannah.gnu.org"/>
+	<target host="web.git.savannah.gnu.org"/>
+	<target host="gnu-ftpmirror.savannah.gnu.org"/>
+	<target host="hg.savannah.gnu.org"/>
+	<target host="mgt0.savannah.gnu.org"/>
+	<target host="svn.savannah.gnu.org"/>
+	<target host="vcs0.savannah.gnu.org"/>
+	<target host="subversions.gnu.org"/>
+	<target host="sv.gnu.org"/>
+	<target host="arch.sv.gnu.org"/>
+	<target host="audio-video.sv.gnu.org"/>
+	<target host="bzr.sv.gnu.org"/>
+	<target host="cvs.sv.gnu.org"/>
+	<target host="web.cvs.sv.gnu.org"/>
+	<target host="dl.sv.gnu.org"/>
+	<target host="download.sv.gnu.org"/>
+	<target host="download-mirror.sv.gnu.org"/>
+	<target host="agn.frontend0.sv.gnu.org"/>
+	<target host="ftpmirror.sv.gnu.org"/>
+	<target host="git.sv.gnu.org"/>
+	<target host="gnu-ftpmirror.sv.gnu.org"/>
+	<target host="hg.sv.gnu.org"/>
+	<target host="svn.sv.gnu.org"/>
+	<target host="vcs0.sv.gnu.org"/>
+
+	<rule from="^http://(cvs|git|vcs0\.savannah|vcs0\.sv)\.gnu\.org/" to="https://bzr.savannah.gnu.org/"/>
+	<rule from="^http://(eggs|mail)\.gnu\.org/" to="https://lists.gnu.org/"/>
+	<rule from="^http://(savanah|savanna|subversions)\.gnu\.org/" to="https://savannah.gnu.org/"/>
+	<rule from="^http:" to="https:"/>
 </ruleset>
diff --git a/src/chrome/content/rules/GNU_Radio.org.xml b/src/chrome/content/rules/GNU_Radio.org.xml
new file mode 100644
index 000000000000..f63a0be38f3f
--- /dev/null
+++ b/src/chrome/content/rules/GNU_Radio.org.xml
@@ -0,0 +1,16 @@
+<ruleset name="GNU Radio.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="gnuradio.org" />
+	<target host="www.gnuradio.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+	<securecookie host="^\." name="(?:__cfduid|cf_clearance)$" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GNUnet.xml b/src/chrome/content/rules/GNUnet.xml
deleted file mode 100644
index 5ab6846678e6..000000000000
--- a/src/chrome/content/rules/GNUnet.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="GNUnet">
-
-	<target host="gnunet.org" />
-	<target host="*.gnunet.org" />
-
-
-	<securecookie host="^(.*\.)?gnunet\.org$" name=".*" />
-
-
-	<rule from="^http://(www\.)?gnunet\.org/"
-		to="https://$1gnunet.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/GNUsocial.de.xml b/src/chrome/content/rules/GNUsocial.de.xml
new file mode 100644
index 000000000000..24b272cb4196
--- /dev/null
+++ b/src/chrome/content/rules/GNUsocial.de.xml
@@ -0,0 +1,34 @@
+<!--
+	www: Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- gnusocial.de
+
+-->
+<ruleset name="GNUsocial.de">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="gnusocial.de" />
+
+	<!--	Complications:
+				-->
+	<target host="www.gnusocial.de" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^gnusocial\.de$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^gnusocial\.de$" name=".+" />
+
+
+	<rule from="^http://www\.gnusocial\.de/"
+		to="https://gnusocial.de/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GNUsocial.no.xml b/src/chrome/content/rules/GNUsocial.no.xml
new file mode 100644
index 000000000000..c95d24f3f057
--- /dev/null
+++ b/src/chrome/content/rules/GNUsocial.no.xml
@@ -0,0 +1,30 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.gnusocial.no/ => https://www.gnusocial.no/: (51, "SSL: no alternative certificate subject name matches target host name 'www.gnusocial.no'")
+
+	Insecure cookies are set for these hosts:
+
+		- gnusocial.no
+		- www.gnusocial.no
+
+-->
+<ruleset name="GNUsocial.no" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="gnusocial.no" />
+	<target host="www.gnusocial.no" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?gnusocial\.no$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^(?:www\.)?gnusocial\.no$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GO.com.xml b/src/chrome/content/rules/GO.com.xml
deleted file mode 100644
index 18e0daf1a0e8..000000000000
--- a/src/chrome/content/rules/GO.com.xml
+++ /dev/null
@@ -1,221 +0,0 @@
-<!--
-	CDN buckets:
-
-		- a248.e.akamai.net/f/12/621/5m/proxy.espn.go.com/
-		- s3.amazonaws.com/avatars.espn.go.com/
-
-		- a.espncdn.com.edgesuite.net
-
-		- adisneyparks.disney.go.com.edgesuite.net
-
-		- wdig-03.vo.llnwd.net
-
-			- .hs. does not exist
-			- aglobal.go.com
-
-		- wdig-24.vo.llnwd.net
-
-			- .hs. does not exist
-			- ahome.go.com
-
-
-	Nonfunctional domains:
-
-		- a.abc.com **
-
-		- go.com subdomains:
-
-			- (www.)
-
-			- abc subdomains:
-
-				- beta *
-				- media
-				- cdn.media **	(same data on media.abc.go.com)
-
-			- abclocal ***
-			- cdn.abclocal **	(same data on abclocal.go.com)
-
-			- disneydvd.disney ***
-
-			- espn subdomains:
-
-				- espndeportes ***
-				- espndeportes-assets **
-				- insider ***
-				- search ***
-				- soccernet ***
-				- soccernet-akamai **
-				- sports ***
-
-			- transfer ***
-
-	* Dropped
-	** 503, akamai
-	*** Refused
-
-
-	Problematic domains:
-
-		- a[12]?.espncdn.com *
-		- g.espncdn.com **
-
-		- aglobal.go.com ***
-		- ahome.go.com ***
-		- weblogger01.data			(works, expired 2013-04-11)
-		- adisneyparks.disney.go.com **
-		- corporate.disney.go.com		(works; expired 2013-06-26)
-		- scripts.parksmedia.disney.go.com **
-
-		- espn.go.com subdomains:
-
-			- assets *
-			- avatars **
-			- games-ak **
-
-	* 503, akamai
-	** Works, akamai
-	*** 400; mismatched, CN: *.hs.llnwd.net
-
-
-	Partially covered domains:
-
-		- a.espncdn.com		(→ akamai)
-		- a[12].espncdn.com	(→ akamai)
-		- games-ak.espn.go.com	(→ akamai)
-
-
-	Fully covered domains:
-
-		- g.espncdn.com		(→ akamai)
-
-		- go.com subdomains:
-
-			- abc
-			- aglobal	(→ global)
-			- ctologgerdev01.analytics
-
-			- disney subdomains:
-
-				- ^
-				- ahome		(→ home)
-				- analytics
-				- adisneyparks	(→ akamai)
-				- disneyparks
-				- disneyworld
-				- home
-				- mobile
-				- scripts.parksmedia	(→ akamai)
-				- quickquote
-
-			- espn subdomains:
-
-				- ^
-				- assets	(→ akamai)
-				- avatars	(→ akamai)
-				- broadband
-				- games
-				- proxy
-				- r
-				- s
-				- streak
-
-			- global
-			- globalregsession
-			- marvelstore
-			- register
-			- sw88
-			- tredir
-
-
-	Observed cookie domains:
-
-		- .
-
-		- disney subdomains:
-
-			- .
-			- disneyparks
-			- .disneyparks
-			- disneyworld
-			- .disneyworld
-			- quickquote
-
-		- espn subdomains:
-
-			- ^
-			- .
-			- .games
-			- proxy
-			- r
-			- s
-			- search
-			- streak
-
-
-	Mixed content:
-
-		- Images on disneyparks.disney from www.disney.co.jp *
-
-	* Unsecurable, doesn't trip MCB
-
-
-	Mixed content breaks videos for Chrome: https://eff.org/r.a8nc
-
--->
-<ruleset name="GO.com (partial)" platform="mixedcontent">
-
-	<target host="a248.e.akamai.net" />
-	<target host="*.go.com" />
-	<target host="*.espncdn.com" />
-		<!--
-			404s when rewritten to akamai.
-
-			This excludes images only:
-							-->
-		<exclusion pattern="^http://a\d?\.espncdn\.com/(?:espn360|media/motion)/" />
-
-
-	<!--securecookie host="^\.go\.com$" name="^(contentLocale|ctoArPageName|DE2|dpsc|DS|fsr\.a|fsr\.paused|gi|SWID)$" /-->
-	<!--
-		Tracking cookies:
-					-->
-	<securecookie host="^\.go\.com$" name="^(?:mbox|s_pers|s_sess|s_vi)$" />
-	<!--securecookie host="^\.disney\.go\.com$" name="^wam_reg$" /-->
-	<securecookie host="^(?:(?:\.?disneyparks|\.?disneyworld|quickquote)\.disney|(?:(?:\.games|proxy|[rs]|streak)\.)?espn)\.go\.com$" name=".+" />
-	<!--securecookie host="^\.espn\.go\.com$" name="^(AcceptCookies|broadbandAccess|country|espncc|ESPN_WindowNameStorage|lang|langPref|_omnicwtest|pluginCheck|userAB)$" /-->
-
-
-	<rule from="^http://(abc|ctologgerdev01\.analytics|(?:(?:analytics|disneyparks|disneyworld|mobile|quickquote)\.)?disney|(?:(?:broadband|games|proxy|[rs]|streak)\.)?espn|globalregsession|marvelstore|register|sw88|tredir)\.go\.com/"
-		to="https://$1.go.com/" />
-
-	<rule from="^http://a?(home\.disney|global)\.go\.com/"
-		to="https://$1.go.com/" />
-
-	<rule from="^http://adisneyparks\.disney\.go\.com/"
-		to="https://a248.e.akamai.net/f/1806/621/5m/adisneyparks.disney.go.com/" />
-
-	<rule from="^http://scripts\.parksmedia\.disney\.go\.com/"
-		to="https://a248.e.akamai.net/f/1940/621/5m/scripts.parksmedia.disney.go.com/" />
-
-	<!--	404s when rewritten to akamai.
-
-		NB: This rule must be above the one to akamai:
-								-->
-	<rule from="^http://games-ak\.espn\.go\.com/(banners|img)/"
-		to="https://games.espn.go.com/$1/" />
-
-	<!--	Ditto:
-				-->
-	<rule from="^https?://g\.espncdn\.com/flb/static/"
-		to="https://games.espn.go.com/flb/static/" />
-
-	<rule from="^http://(?:(?:a\d?|g)\.espncdn|(?:assets|avatars|games-ak)\.espn\.go)\.com/"
-		to="https://a248.e.akamai.net/f/12/621/5m/proxy.espn.go.com/" />
-
-	<!--	The following is pointed to from ...espn.go.com/combiner/ :
-										-->
-	<rule from="^https://a248\.e\.akamai\.net/f/12/621/5m/proxy\.espn\.go\.com/media/motion/"
-		to="http://a.espncdn.com/media/motion/" downgrade="1" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/GOG.com.xml b/src/chrome/content/rules/GOG.com.xml
new file mode 100644
index 000000000000..01444d43a0ef
--- /dev/null
+++ b/src/chrome/content/rules/GOG.com.xml
@@ -0,0 +1,16 @@
+<ruleset name="GOG.com">
+	<target host="gog.com" />
+	<target host="www.gog.com" />
+	<target host="images-1.gog.com" />
+	<target host="images-2.gog.com" />
+	<target host="images-3.gog.com" />
+	<target host="images-4.gog.com" />
+	<target host="secure.gog.com" />
+	<target host="static.gog.com" />
+	<target host="www4-static1.gog.com" />
+	<target host="www4-static4.gog.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/GOOD.is.xml b/src/chrome/content/rules/GOOD.is.xml
new file mode 100644
index 000000000000..9e0765f584f7
--- /dev/null
+++ b/src/chrome/content/rules/GOOD.is.xml
@@ -0,0 +1,23 @@
+<!--
+	Unable to Connect:
+		goodstatic.com
+		www.goodstatic.com
+	Invalid Certificate:
+		shop.good.is
+-->
+<ruleset name="GOOD.is (partial)">
+	<target host="good.is" />
+	<target host="www.good.is" />
+	<target host="community.good.is" />
+	<target host="education.good.is" />
+	<target host="food.good.is" />
+	<target host="health.good.is" />
+	<target host="money.good.is" />
+	<target host="sports.good.is" />
+
+	<target host="assets.goodstatic.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/GOV.UK.xml b/src/chrome/content/rules/GOV.UK.xml
index 46361a376f5b..c87a8043bd7c 100644
--- a/src/chrome/content/rules/GOV.UK.xml
+++ b/src/chrome/content/rules/GOV.UK.xml
@@ -1,63 +1,446 @@
 <!--
 	For rules that are off by default, see Directgov-mismatches.xml.
 
-
 	Other UK government rulesets:
-
+		- Aberdeen_City.gov.uk.xml
+		- Aberdeenshire.gov.uk.xml
+		- adur.gov.uk.xml
+		- adur-worthing.gov.uk.xml
+		- allerdale.gov.uk.xml
+		- ambervalley.gov.uk.xml
+		- Angus.gov.uk.xml
+		- Arun.gov.uk.xml
+		- ashford.gov.uk.xml
+		- askthe.police.uk.xml
+		- Assembly.Wales.xml
+		- audit.wales.xml
+		- aylesburyvaledc.gov.uk.xml
+		- barnet.gov.uk.xml
+		- Barnsley.gov.uk.xml
+		- basildon.gov.uk.xml
+		- Bassetlaw.gov.uk.xml
+		- bedford.gov.uk.xml
+		- bedfordcornexchange.co.uk.xml
+		- bikeability.org.uk.xml
+		- birmingham.gov.uk.xml
+		- blackburn.gov.uk.xml
+		- Blackpool.gov.uk.xml
+		- bracknell-forest.gov.uk.xml
+		- Brent.gov.uk.xml
+		- Bathnes.gov.uk.xml
+		- bolton.gov.uk.xml
+		- Bournemouth.gov.uk.xml
+		- Bradford.gov.uk.xml
+		- Braintree.gov.uk.xml
+		- bridgend.gov.uk.xml
+		- bristol.gov.uk.xml
+		- Bromley.gov.uk.xml
+		- bromsgrove.gov.uk.xml
+		- broxtowe.gov.uk.xml
+		- Btp.police.uk.xml
+		- buckscc.gov.uk.xml
+		- Burnley.gov.uk.xml
+		- bury.gov.uk.xml
+		- Business_Link.gov.uk.xml
+		- buywithconfidence.gov.uk.xml
 		- Cabinet_Office.xml
+		- Cabinet-Office.gov.uk.xml
 		- Cadw.xml
-		- Companies_House.xml
+		- Calderdale.gov.uk.xml
+		- cambridge.gov.uk.xml
+		- cambridgeshire.gov.uk.xml
+		- cambridgeshire.net.xml
+		- Camden.gov.uk.xml
+		- cannockchasedc.gov.uk.xml
+		- Canterbury.gov.uk.xml
+		- cardiff.gov.uk.xml
+		- carecareersdevon.org.uk.xml
+		- carlisle.gov.uk.xml
+		- Cefas.co.uk.xml
+		- central-lincs.org.uk.xml
+		- ceop.police.uk.xml
+		- Ceredigion.gov.uk.xml
+		- Charnwood.gov.uk.xml
+		- Cherwell.gov.uk.xml
+		- Cheshire.gov.uk.xml
+		- cheshire.police.uk.xml
+		- Cheshire_East.gov.uk.xml
+		- cheshirewestandchester.gov.uk.xml
+		- chesterfield.gov.uk.xml
+		- chichester.gov.uk.xml
+		- childrenscommissioner.gov.uk.xml
+		- chorley.gov.uk.xml
+		- City_of_London.gov.uk.xml
+		- civilservice.gov.uk.xml
+		- Colchester.gov.uk.xml
+		- college.police.uk.xml
+		- communities.gov.uk.xml
+		- CompaniesHouse.xml
+		- copeland.gov.uk.xml
+		- cotswold.gov.uk.xml
+		- coursedirectoryproviderportal.org.uk.xml
+		- coventry.gov.uk.xml
+		- Criminal_Justice_Inspectorates.xml
+		- crowthornepc.org.uk.xml
+		- croydon.gov.uk.xml
+		- cumbria.gov.uk.xml
+		- Cyberstreetwise.xml
+		- data.gov.uk.xml
+		- dataexchangewales.org.uk.xml
+		- decc.gov.uk.xml
+		- Defra.gov.uk.xml
+		- Derby.gov.uk.xml
+		- derbyshire.gov.uk.xml
+		- derbyshireyouthinc.com.xml
+		- detini.gov.uk.xml
+		- Devon.gov.uk.xml
+		- devonjobs.gov.uk.xml
+		- dft.gov.uk.xml
+		- dhsspsni.gov.uk.xml
 		- Directgov.xml
+		- Doncaster.gov.uk.xml
+		- Dover.gov.uk.xml
+		- Dudley.gov.uk.xml
+		- dudleyfoi.org.uk.xml
+		- Dundee_City.gov.uk.xml
+		- EIS_Kent.co.uk.xml
+		- East_Hants.gov.uk.xml
+		- East_Lothian.gov.uk.xml
+		- East-Northamptonshire.gov.uk.xml
+		- East_Riding.gov.uk.xml
+		- eaststaffsbc.gov.uk.xml
+		- eastsussex.gov.uk.xml
+		- ecgd.gov.uk.xml
+		- Edinburgh.gov.uk.xml
+		- education.gov.uk.xml
+		- Elmbridge.gov.uk.xml
+		- Electoral_Commission.org.uk.xml
+		- Enfield.gov.uk.xml
+		- Engaged_Doncaster.co.uk.xml
+		- environment-agency.gov.uk.xml
+		- erewash.gov.uk.xml
+		- Essex.gov.uk.xml
+		- exportingisgreat.gov.uk.xml
+		- Falkirk.gov.uk.xml
+		- Fareham.gov.uk.xml
+		- Fenland.gov.uk.xml
+		- fife.gov.uk.xml
+		- Fife_Direct.org.uk.xml
+		- food.gov.uk.xml
+		- forestry.gov.uk.xml
+		- Fylde.gov.uk.xml
+		- GCHQ-Careers.co.uk.xml
 		- Gambling_Commission.xml
+		- Gateshead.gov.uk.xml
+		- Glasgow.gov.uk.xml
+		- glasgowconsult.co.uk.xml
+		- Gloucestershire.gov.uk.xml
+		- guildford.gov.uk.xml
+		- Gov.Wales.xml
+		- great-yarmouth.gov.uk.xml
+		- HMRC.gov.uk.xml
+		- Hackney.gov.uk.xml
+		- halton.gov.uk.xml
+		- Hants.gov.uk.xml
+		- Hastings.gov.uk.xml
+		- havant.gov.uk.xml
+		- Havering.gov.uk.xml
+		- Herefordshire.gov.uk.xml
+		- Hertsdirect.org.xml
+		- highland.gov.uk.xml
+		- Hillingdon.gov.uk.xml
+		- Hinckley-Bosworth.gov.uk.xml
+		- Hinckley_and_Bosworth_online.org.uk.xml
+		- homebid.org.uk.xml
+		- homeoffice.gov.uk.xml
+		- hscic.gov.uk.xml
+		- hse.gov.uk.xml
+		- ICO.org.uk.xml
+		- idea.gov.uk.xml
+		- IWight.com.xml
+		- Independent.gov.uk.xml
+		- Ipswich.gov.uk.xml
+		- Islington.gov.uk.xml
 		- Judiciary_of_England_and_Wales.xml
+		- KCC.digital.xml
+		- KCC_Media_Hub.net.xml
+		- Kent.gov.uk.xml
+		- Kettering.gov.uk.xml
+		- Kirklees.gov.uk.xml
+		- lambeth.gov.uk.xml
+		- lancashire.gov.uk.xml
+		- lancaster.gov.uk.xml
+		- LBHF.gov.uk.xml
+		- Leeds.gov.uk.xml
+		- Leicestershire.gov.uk.xml
+		- legislation.gov.uk.xml
+		- lewes.gov.uk.xml
+		- lewisham.gov.uk.xml
+		- lichfielddc.gov.uk.xml
+		- Lincoln.gov.uk.xml
+		- Lincolnshire.gov.uk.xml
+		- Lincs_to_the_Past.com.xml
+		- London.gov.uk.xml
+		- london-fire.gov.uk.xml
 		- Looking_Local.xml
-		- Met-Office.xml
+		- lsc.gov.uk.xml
+		- Maidstone.gov.uk.xml
+		- maldon.gov.uk.xml
+		- Manchester.gov.uk.xml
+		- mansfield.gov.uk.xml
+		- Merton.gov.uk.xml
+		- met.police.uk.xml
+		- MetOffice.gov.uk.xml
 		- MI5.xml
+		- Midlothian.gov.uk.xml
+		- Milton-Keynes.gov.uk.xml
 		- Ministry_of_Justice.xml
+		- molevalley.gov.uk.xml
+		- Monmouthshire.gov.uk.xml
+		- mpfemployers.org.uk.xml
+		- mpfmembers.org.uk.xml
+		- mpfund.uk.xml
+		- Myjobscotland.gov.uk.xml
+		- N-Kesteven.gov.uk.xml
+		- N-Somerset.gov.uk.xml
+		- NationalArchivesGovUK.xml
+		- nationalparks.gov.uk.xml
+		- Newcastle.gov.uk.xml
+		- newcastle-staffs.gov.uk.xml
+		- nidirect.gov.uk.xml
+		- norfolk.gov.uk.xml
+		- northamptonshire.gov.uk.xml
+		- northumberland.gov.uk.xml
+		- northlincs.gov.uk.xml
+		- North-Herts.gov.uk.xml
+		- North_Warks.gov.uk.xml
+		- northyorks.gov.uk.xml
+		- nuneatonandbedworth.gov.uk.xml
+		- nypf.org.uk.xml
+		- ofsted.gov.uk.xml
+		- orr.gov.uk.xml
+		- oxford.gov.uk.xml
+		- oxfordshire.gov.uk.xml
+		- parliament.uk.xml
+		- Pendle.gov.uk.xml
+		- Peterborough.gov.uk.xml
+		- planningportal.gov.uk.xml
+		- plymouth.gov.uk.xml
+		- Portsmouth.gov.uk.xml
+		- powys.gov.uk.xml
+		- preston.gov.uk.xml
+		- Race_to_Health.co.uk.xml
+		- rbkc.gov.uk.xml
+		- rbwm.gov.uk.xml
+		- Redbridge.gov.uk.xml
+		- recycleforsurrey.org.uk.xml
+		- redditchbc.gov.uk.xml
+		- Ribble_Valley.gov.uk.xml
+		- richmond.gov.uk.xml
+		- Richmondshire.gov.uk.xml
+		- Rochford.gov.uk.xml
+		- Rossendale.gov.uk.xml
+		- Rother.gov.uk.xml
+		- Rotherham.gov.uk.xml
+		- Rugby.gov.uk.xml
+		- runnymede.gov.uk.xml
+		- rutland.gov.uk.xml
+		- Ryedale.gov.uk.xml
+		- salford.gov.uk.xml
+		- sandwell.gov.uk.xml
+		- scambs.gov.uk.xml
+		- scarborough.gov.uk.xml
+		- Scot_Borders.gov.uk.xml
+		- Scotland.gov.uk.xml
+		- scotland.police.uk.xml
 		- Secret_Intelligence_Service.xml
+		- sepa.org.uk.xml
+		- sesplan.gov.uk.xml
+		- Sevenoaks.gov.uk.xml
+		- Sheffield.gov.uk.xml
+		- shropshire.gov.uk.xml
+		- Slough.gov.uk.xml
+		- sns.gov.uk.xml
+		- Solihull.gov.uk.xml
+		- Somerset.gov.uk.xml
+		- southend-on-the-move.org.uk.xml
+		- South_Lanarkshire.gov.uk.xml
+		- south-wales.police.uk.xml
+		- Southampton.gov.uk.xml
+		- southdowns.gov.uk.xml
+		- Southend.gov.uk.xml
+		- South_Glos.gov.uk.xml
+		- southoxon.gov.uk.xml
+		- Southwark.gov.uk.xml
+		- spelthorne.gov.uk.xml
+		- sstaffs.gov.uk.xml
+		- staffordbc.gov.uk.xml
+		- Staffordshire.gov.uk.xml
+		- stalbans.gov.uk.xml
+		- Statistics.gov.uk.xml
+		- Stirling.gov.uk.xml
+		- stockport.gov.uk.xml
+		- stoke.gov.uk.xml
+		- stratford.gov.uk.xml
+		- surreycc.gov.xml
+		- surreyheath.gov.uk.xml
+		- surreyheath-online.gov.uk.xml
+		- sutton.gov.uk.xml
+		- swale.gov.uk.xml
+		- tameside.gov.uk.xml
+		- tamworth.gov.uk.xml
+		- TMBC.gov.uk.xml
+		- Taunton_Deane.gov.uk.xml
+		- telford.gov.uk.xml
+		- tellmescotland.gov.uk.xml
+		- thamesvalley.police.uk.xml
+		- The_Gazette.xml
+		- thepensionsregulator.gov.uk.xml
+		- theplacetelford.com.xml
+		- Torbay.gov.uk.xml
+		- toughchoices.co.uk.xml
 		- Transport_for_London.xml
 		- UK-Department-for-Business-Innovation-and-Skills.xml
-		- UK-Information-Commissioners-Office.xml
 		- UK_Intellectual_Property_Office.xml
 		- UKLocalGovernment.xml
+		- valelearning.com.xml
+		- Vale_of_Glamorgan.gov.uk.xml
+		- voa.gov.uk.xml
+		- wakefield.gov.uk.xml
+		- Wales.gov.uk.xml
+		- walsall.gov.uk.xml
+		- Waltham_Forest.gov.uk.xml
+		- wao.gov.uk.xml
+		- Warrington.gov.uk.xml
+		- warwickdc.gov.uk.xml
+		- warwickshire.gov.uk.xml
+		- watford.gov.uk.xml
+		- waverly.gov.uk.xml
+		- wealden.gov.uk.xml
+		- Wellingborough.gov.uk.xml
+		- westberks.gov.uk.xml
+		- West_Devon.gov.uk.xml
+		- West-Lindsey.gov.uk.xml
+		- westlancs.gov.uk.xml
+		- westlancsdc.gov.uk.xml
+		- westlothian.gov.uk.xml
+		- west-norfolk.gov.uk.xml
+		- West_Sussex.gov.uk.xml
+		- Westminster.gov.uk.xml
+		- Westoxon.gov.uk.xml
+		- Wigan.gov.uk.xml
+		- wiltshire.police.uk.xml
+		- Wirral.gov.uk.xml
+		- woking.gov.uk.xml
+		- wokingham.gov.uk.xml
+		- worcestershire.gov.uk.xml
+		- wychavon.gov.uk.xml
+		- wyre.gov.uk.xml
+		- wyreforestdc.gov.uk.xml
+		- yourchoiceyourhome.org.uk.xml
 
-
-	Nonfunctional:
-
-		- gcloud.civilservice.gov.uk
-		- (campaigns|mycouncil|origin).direct.gov.uk	(EdgeCast CDN)
-		- innovate-apps.direct.gov.uk			(self-signed)
-		- jobseekers.direct.gov.uk			(timeout)
-		- unistats.direct.gov.uk
-		- (www.)electoralcommission.org.uk		(ditto)
-		- centralcontent.fco.gov.uk			(500)
-		- share.fco.gov.uk				(500; !on www)
-		- www.fco.gov.uk				(redirects to http)
-		- www.fsa.gov.uk				(403, valid cert)
+Nonfunctional:
+		- (www.)?acoba.gov.uk ᵈ
+		- (www.)?acpo.police.uk **
+		- www.arundeltowncouncil.gov.uk *
+		- (www.)?ashfield-dc.gov.uk ***
+		- (www.)?bognorregis.gov.uk *
+		- (www.)?btpa.police.uk ᵇ
+		- www.citycoastcountryside.co.uk *
+		- (www.)?challenge16.co.uk ⁴
+		- (www.)?coldencommon-pc.gov.uk ᵈ
+		- (www.)?communityforums.org.uk ᵈ
+		- (www.)?crawley.gov.uk ᵈ
+		- (www.)?derbyshirepartnership.gov.uk ᵈ
+		- (www.)electoralcommission.org.uk (ditto)
+		- www.felphampc.gov.uk *
+		- www.fsa.gov.uk (403, valid cert)
+		- (www.)?gmp.police.uk ᵈ
+		- guide.hfea.gov.uk **
+		- www.hfea.gov.uk **
+		- (www.)?highpeak.gov.uk ᵈ
+		- faqs.highpeak.gov.uk **
+		- openaccess.highpeak.gov.uk **
+		- planning.highpeak.gov.uk **
+		- www2.highpeak.gov.uk **
+		- (www.)?humbersidefire.gov.uk ᵇ
 		- (www.)independentgroup.lga.gov.uk
-		- (www.)maib.co.uk				(cert: aib-cms.co.uk; shows that domain's data)
+		- www.lothian-vjb.gov.uk **
+		- (www.)maib.co.uk (cert: aib-cms.co.uk; shows that domain's data)
+		- maps.malvernhills.gov.uk ᵈ
+		- moderngov.malvernhills.gov.uk ᵈ
+		- www.malvernhills.gov.uk
+		- swict.malvernhills.gov.uk **
+		- www.malvernhills.gov.uk **
+		- (www.)?merseysidepensionfund.org.uk ᵇ
+		- (www.)?nationalcrimeagency.gov.uk **
+		- (www.)?newbury.gov.uk ᵈ
+		- www.nimdta.gov.uk ²
+		- maps.northyorkmoors.org.uk ᵈ
+		- planning.northyorkmoors.org.uk **
+		- www.nottinghamshire.gov.uk ʰ
 		- (www.)official-documents.gov.uk
 		- (www.)oft.gov.uk
-		- (www.)publications.parliament.uk
-
--->
-<ruleset name="GOV.UK">
-
-	<target host="gov.uk" />
-	<target host="*.gov.uk" />
-	<target host="*.businesslink.gov.uk" />
-	<target host="assets.digital.cabinet-office.gov.uk" />
-	<target host="www.direct.gov.uk" />
-	<target host="centralcontent-stage.fco.gov.uk" />
-
+		- collectionsearch.pkc.gov.uk ᵈ
+		- eplanning.pkc.gov.uk **
+		- licensingregister.pkc.gov.uk ᵈ
+		- localapps.pkc.gov.uk ᵈ
+		- netloan.pkc.gov.uk ᵈ
+		- parkinggateway.pkc.gov.uk ᵈ
+		- www.pkc.gov.uk **
+		- (www.)?saa.gov.uk **
+		- planning.snowdonia-npa.gov.uk ᵈ
+		- (www.)?southwales-fire.gov.uk ³
+		- (www.)?staffsmoorlands.gov.uk ᵈ
+		- publicaccess.staffsmoorlands.gov.uk **
+		- (www.)?stalbanslsp.org.uk ᵃ
+		- statistics.gov.scot ⁴
+		- www.threerivers.gov.uk ²
+		- www2.threerivers.gov.uk ¹
+		- www3.threerivers.gov.uk ᵈ
+		- www.unisonpowys.org.uk ᵇ
+		- www.uttlesford.gov.uk ᵈ
+		- beta.worcester.gov.uk ʳ
+		- city.worcester.gov.uk ʳ
+		- councillor.worcester.gov.uk ʳ
+		- mayor.worcester.gov.uk ʳ
+		- peregrine.worcester.gov.uk ʳ
+		- planning.worcester.gov.uk ᵈ
+		- selfserve.worcester.gov.uk ʳ
+		- www.worcester.gov.uk ʳ
+		- www.wyremarkets.co.uk ᵈ
+		- (www.)?yaptonpc.gov.uk ᵈ
 
-        <securecookie host="^centralcontent-stage\.fco\.gov\.uk$" name=".+" />
+	¹ 401
+	² 200 blank page
+	³ 403
+	⁴ 404
+	ᵃ Shows another domain
+	ᵇ Shows default page
+	ᵈ Dropped
+	ʰ Redirects to http
+	* Interrupted
+	** Refused
+	*** 200 "Under Construction"
 
+	Problematic domains:
+		- (www.)?dartmoor.gov.uk ᵐ
+		- (www.)?dh.gov.uk ᵐ
+		- (www.)?jobcentreplus.gov.uk ᵐ
+		- (www.)?northyorkmoors.org.uk ᶜ ᵐ
+		- (www.)?rail-reg.gov.uk ᵉ ᵐ ˢ
+		- (www.)?snowdonia-npa.gov.uk ᶜ ᵐ
+		- bin.uttlesford.gov.uk ʷ
 
-	<rule from="^http://((?:online|www)\.(?:businesslink|direct)\.|assets\.digital\.cabinet-office\.|centralcontent-stage\.fco\.|www\.)?gov\.uk/"
-		to="https://$1gov.uk/" />
-
-	<rule from="^https?://(businesslink|direct)\.gov\.uk/"
-		to="https://www.$1.gov.uk/" />
+	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
+	ᵉ Expired
+	ᵐ Mismatched
+	ˢ Self-signed
+	ʷ Configured for weak ciphers only
+-->
+<ruleset name="GOV.UK">
+  <target host="gov.uk" />
+	<target host="www.gov.uk" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/GO_Transit.xml b/src/chrome/content/rules/GO_Transit.xml
index 55f4a4e2f76a..96bb6a14d778 100644
--- a/src/chrome/content/rules/GO_Transit.xml
+++ b/src/chrome/content/rules/GO_Transit.xml
@@ -1,5 +1,5 @@
 <!--
-	Nonfuncional subdomains:
+	Nonfunctional subdomains:
 
 		- ^		(400; mismatched, CN: secure03.gotransit.com)
 		- gotransitnlb	(shows secure01; mismatched, CN: secure01.gotransit.com)
@@ -21,4 +21,4 @@
 	<rule from="^http://(onthegoalerts|secure\d*)\.gotransit\.com/"
 		to="https://$1.gotransit.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/GP.se.xml b/src/chrome/content/rules/GP.se.xml
new file mode 100644
index 000000000000..cb44629aa6d7
--- /dev/null
+++ b/src/chrome/content/rules/GP.se.xml
@@ -0,0 +1,63 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://gp.se/ => https://gp.se/: (7, 'Failed to connect to gp.se port 443: Connection refused')
+
+	oasc00454.247realmedia.com <=> sifomedia.gp.se
+
+
+	Nonfunctional subdomains:
+
+		- blogg ¹
+		- info ²
+
+	¹ Shows gp.oderland.com
+	² Redirects to www
+
+	Problematic subdomains:
+
+		- sifomedia *
+
+	* Mismatched
+
+
+	Mixed content:
+
+		- Images from $self ¹
+		- Images from csp.picsearch.com ²
+
+		- Ads/bugs, on www from:
+
+			- sifomedia ¹
+			- fusion.adtoma.com
+			- atemda.com ¹
+			- s.atemda.com
+			- ad.crwdcntrl.net ¹
+			- tags.crwdcntrl.net ¹
+			- www.e-pages.dk ²
+			- b.scorecardresearch.com ¹
+
+	¹ Secured by us
+	² Unsecurable <= refused
+
+-->
+<ruleset name="GP.se (partial)" default_off="failed ruleset test">
+
+	<target host="gp.se" />
+	<target host="info.gp.se" />
+	<target host="www.gp.se" />
+	<target host="sifomedia.gp.se" />
+		<!--exclusion pattern="^http://blogg\.gp\.se/" /-->
+		<!--
+			Some (all?) resources are common across info and www:
+										-->
+		<exclusion pattern="^http://info\.gp\.se/(?!image_processor/|polopoly_fs/)" />
+
+
+	<rule from="^http://(?:info\.|(www\.))?gp\.se/"
+		to="https://$1gp.se/" />
+
+	<rule from="^http://sifomedia\.gp\.se/"
+		to="https://oasc16.247realmedia.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GP2X.de.xml b/src/chrome/content/rules/GP2X.de.xml
deleted file mode 100644
index 9ea1c3689ebd..000000000000
--- a/src/chrome/content/rules/GP2X.de.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="GP2X.de (partial)" default_off="Certificate mismatch">
-
-	<target host="gp2x.de" />
-	<target host="www.gp2x.de" />
-
-	<rule from="^http://(www\.)?gp2x\.de/shop"
-		to="https://gp2x.de/shop" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/GPDN.de.xml b/src/chrome/content/rules/GPDN.de.xml
new file mode 100644
index 000000000000..dd7d57ea74cd
--- /dev/null
+++ b/src/chrome/content/rules/GPDN.de.xml
@@ -0,0 +1,8 @@
+<ruleset name="GPDN.de">
+
+	<target host="gpdn.de" />
+	<target host="www.gpdn.de" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GPFI.xml b/src/chrome/content/rules/GPFI.xml
index 17bcd0714aa7..d209d649a5b6 100644
--- a/src/chrome/content/rules/GPFI.xml
+++ b/src/chrome/content/rules/GPFI.xml
@@ -1,10 +1,18 @@
-<ruleset name="GPFI">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://gpfi.org/ => https://gpfi.org/: (7, 'Failed to connect to gpfi.org port 443: Connection refused')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://gpfi.org/ => https://gpfi.org/: (51, "SSL: no alternative certificate subject name matches target host name 'gpfi.org'")
+Fetch error: http://www.gpfi.org/ => https://www.gpfi.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.gpfi.org'")
+-->
+<ruleset name="GPFI" default_off="failed ruleset test">
 
 	<target host="gpfi.org" />
 	<target host="www.gpfi.org" />
 
 
-	<rule from="^http://(www\.)?gpfi\.org/"
-		to="https://$1gpfi.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/GPGTools.org.xml b/src/chrome/content/rules/GPGTools.org.xml
new file mode 100644
index 000000000000..389e43cdcd12
--- /dev/null
+++ b/src/chrome/content/rules/GPGTools.org.xml
@@ -0,0 +1,21 @@
+<!--
+	Invalid certificate:
+		nightly.gpgtools.org
+
+-->
+<ruleset name="GPGTools.org">
+
+	<target host="gpgtools.org" />
+	<target host="www.gpgtools.org" />
+	<target host="nightly.gpgtools.org" />
+	<target host="old.gpgtools.org" />
+	<target host="releases.gpgtools.org" />
+	<target host="support.gpgtools.org" />
+
+	<rule from="^http://nightly\.gpgtools\.org/"
+		to="https://releases.gpgtools.org/nightlies/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GPGTools.xml b/src/chrome/content/rules/GPGTools.xml
deleted file mode 100644
index 8c7a163c0000..000000000000
--- a/src/chrome/content/rules/GPGTools.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	Problematic subdomains:
-
-		- support	(mismatched, CN: *.tenderapp.com)
-
--->
-<ruleset name="GPGTools (partial)">
-
-	<target host="gpgtools.org" />
-	<target host="*.gpgtools.org" />
-		<exclusion pattern="http://support." />
-
-
-	<rule from="^http://([^/:@]+\.)?gpgtools\.org/"
-		to="https://$1gpgtools.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/GPLHost.xml b/src/chrome/content/rules/GPLHost.xml
deleted file mode 100644
index 5c8ad3ad9c31..000000000000
--- a/src/chrome/content/rules/GPLHost.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)	(shows dtc)
-
--->
-<ruleset name="GPLHost (partial)">
-
-	<target host="dtc.gplhost.com"/>
-	<target host="dtc.*.gplhost.com"/>
-	<target host="dtc.gplhost.co.uk"/>
-
-	<securecookie host="^dtc\.\w+\.gplhost\.com$" name=".*"/>
-
-	<rule from="^http://dtc(\.sharedfr|\.node\d{1,5})?\.gplhost\.com/"
-		to="https://dtc$1.gplhost.com/"/>
-
-	<rule from="^http://dtc\.gplhost\.co\.uk/"
-		to="https://dtc.gplhost.co.uk/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/GPShopper.com.xml b/src/chrome/content/rules/GPShopper.com.xml
index 296529504819..6e38a6d8505c 100644
--- a/src/chrome/content/rules/GPShopper.com.xml
+++ b/src/chrome/content/rules/GPShopper.com.xml
@@ -7,10 +7,11 @@
 -->
 <ruleset name="GPShopper.com (partial)">
 
-	<target host="*.gpshopper.com" />
+	<target host="analytics.gpshopper.com" />
+	<target host="cdn.gpshopper.com" />
+	<target host="static.gpshopper.com" />
 
 
-	<rule from="^http://(analytics|cdn|static)\.gpshopper\.com/"
-		to="https://$1.gpshopper.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/GPUGRID.net.xml b/src/chrome/content/rules/GPUGRID.net.xml
new file mode 100644
index 000000000000..5f76cedcd8ce
--- /dev/null
+++ b/src/chrome/content/rules/GPUGRID.net.xml
@@ -0,0 +1,9 @@
+<ruleset name="GPUGRID.net">
+  <target host=    "gpugrid.net" />
+  <target host="www.gpugrid.net" />
+
+  <securecookie host="^.*\.gpugrid\.net$" name=".+" />
+
+  <rule from="^http:"
+    to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/GPUL.org.xml b/src/chrome/content/rules/GPUL.org.xml
index f495cba82d9c..419fcf484424 100644
--- a/src/chrome/content/rules/GPUL.org.xml
+++ b/src/chrome/content/rules/GPUL.org.xml
@@ -1,13 +1,31 @@
-<ruleset name="GPUL.org (partial)" platform="mixedcontent">
 
-	<target host="gpul.org"/>
-	<target host="www.gpul.org"/>
-	<target host="guadec.org"/>
-	<target host="2012.guadec.org"/>
-	<target host="www.guadec.org"/>
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://gpul.org/ => https://gpul.org/: (35, 'error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol')
+Fetch error: http://www.gpul.org/ => https://gpul.org/: (35, 'error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol')
 
-	<rule from="^http://(www\.)?gpul\.org/" to="https://gpul.org/"/>
+	Nonfunctional domains:
 
-	<rule from="^http://(2012\.|www\.)?guadec\.org/sites/" to="https://gpul.org/sites/"/>
+		- planet *
+		- stuff *
+
+	* Shows www
+
+
+	Mixed content:
+
+		- Images on (www.)? from ^ *
+
+	* Secured by us
+
+-->
+<ruleset name="GPUL.org (partial)" default_off="failed ruleset test">
+
+	<target host="gpul.org" />
+	<target host="www.gpul.org" />
+
+
+	<rule from="^http://(?:www\.)?gpul\.org/"
+		to="https://gpul.org/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/GP_ehosting.com.xml b/src/chrome/content/rules/GP_ehosting.com.xml
new file mode 100644
index 000000000000..a5c83d5c31b9
--- /dev/null
+++ b/src/chrome/content/rules/GP_ehosting.com.xml
@@ -0,0 +1,19 @@
+<!--
+	(www.)?gpehosting.com doesn't exist.
+
+-->
+<ruleset name="GP ehosting.com">
+
+	<target host="ctracking.gpehosting.com" />
+	<target host="faasand.gpehosting.com" />
+	<target host="nasastg.gpehosting.com" />
+	<target host="wiki.gpehosting.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GPodder.xml b/src/chrome/content/rules/GPodder.xml
index 1c3aee3e1126..badff4f936fa 100644
--- a/src/chrome/content/rules/GPodder.xml
+++ b/src/chrome/content/rules/GPodder.xml
@@ -1,27 +1,25 @@
 <!--
-	Nonfunctional gpodder.org subdomains:
+	Nonfunctional hosts in *gpodder.org:
 
-		- blog	(interrupted; hosted on Blogger)
-		- wiki	(CN: ycits01.yellowcod.com; shows that domain)
+		- blog ᶠ
+		- wiki ᵃ
+
+	ᵃ Shows another domain
+	ᶠ Blogger/handshake fails
 
 -->
 <ruleset name="gPodder (partial)">
 
 	<target host="gpodder.net" />
+	<target host="www.gpodder.net" />
 	<target host="bugs.gpodder.org" />
-	<target host="*.bugs.gpodder.org" />
-
 
-	<securecookie host="^gpodder\.org$" name=".+" />
-	<securecookie host="^\.bugs\.gpodder\.org$" name=".+" />
 
+	<securecookie host="^\w" name=".+" />
+	<securecookie host="^\.bugs\." name=".+" />
 
-	<!--	Cert only matches ^gpodder.net.
-						-->
-	<rule from="^https?://(?:www\.)?gpodder\.net/"
-		to="https://gpodder.net/" />
 
-	<rule from="^http://bugs\.gpodder\.org/"
-		to="https://bugs.gpodder.org/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/GQ.xml b/src/chrome/content/rules/GQ.xml
index dbbd2cc2b36b..be426e152cbd 100644
--- a/src/chrome/content/rules/GQ.xml
+++ b/src/chrome/content/rules/GQ.xml
@@ -2,33 +2,46 @@
 	For other Condé Nast coverage, see Conde-Nast.xml.
 
 
-	Nonfunctional domains:
+	Nonfunctional hosts in *gq.com:
 
-		- promotions.gq.com	(revoked)
+		- promotions *
 
+	* Revoked
 
-	Problematic domains:
 
-		- gq.com
-		- www.gq.com	(works, at least some pages redirect to http, akamai)
+	Problematic hosts in *gq.com:
+
+		- ^ ¹
+		- media ²
+
+	¹ Refused
+	² Fastly
+
+
+	Mixed content:
+
+		- Images on www.qq.com from media.gq.com *
+
+	* Not secured by us <= mismatched
 
 -->
-<ruleset name="GQ (partial)">
+<ruleset name="GQ.com (partial)">
 
-	<target host="gq.com" />
-	<target host="*.gq.com" />
-		<exclusion pattern="^https?://(?:www\.)?gq\.com/(?!css/|images/)" />
-	<target host="gq-magazine.co.uk" />
-	<target host="www.gq-magazine.co.uk" />
+	<!--	Direct rewrites:
+				-->
+	<target host="secure.gq.com" />
+	<target host="subscribe.gq.com" />
+	<target host="www.gq.com" />
 
+	<!--	Complications:
+				-->
+	<target host="gq.com" />
 
-	<rule from="^https?://(?:secure\.|www\.)?gq\.com/"
-		to="https://secure.gq.com/" />
 
-	<rule from="^http://subscribe\.gq\.com/"
-		to="https://subscribe.gq.com/" />
+	<rule from="^http://gq\.com/"
+		to="https://www.gq.com/" />
 
-	<rule from="^https?://(?:www\.)?gq-magazine\.co\.uk/_/"
-		to="https://d3u12z27ui3vom.cloudfront.net/GQ/343431a42aff/" />
+	<rule from="^http:"
+		to="https:"  />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/GRC.com.xml b/src/chrome/content/rules/GRC.com.xml
index d0a193d300ce..95604cb12d05 100644
--- a/src/chrome/content/rules/GRC.com.xml
+++ b/src/chrome/content/rules/GRC.com.xml
@@ -1,19 +1,35 @@
-<ruleset name="Gibson Research">
+<!--
+	Other Gibson Research Corporation rulesets:
+
+		- GRCtech.com.xml
+
+
+	Fully covered hosts in *grc.com:
+
+		- (www.)?
+		- media
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.grc.com
+
+-->
+<ruleset name="GRC.com">
 
 	<target host="grc.com" />
+	<target host="media.grc.com" />
 	<target host="www.grc.com" />
-	<target host="www.grctech.com" />
 
 
-	<securecookie host="^www\.grc(?:tech)?\.com$" name=".*" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.grc\.com$" name="^(ppag|tpag)$" /-->
 
+	<securecookie host="^www\.grc\.com$" name=".+" />
 
-	<rule from="^http://(www\.)?grc\.com/"
-		to="https://$1grc.com/" />
 
-	<!--	!www doesn't exist.
-					-->
-	<rule from="^http://www\.grctech\.com/"
-		to="https://www.grctech.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/GRCtech.com.xml b/src/chrome/content/rules/GRCtech.com.xml
new file mode 100644
index 000000000000..1a9c75287413
--- /dev/null
+++ b/src/chrome/content/rules/GRCtech.com.xml
@@ -0,0 +1,30 @@
+<!--
+	For other Gibson Research Corporation coverage, see GRC.com.xml.
+
+
+	These altnames don't exist:
+
+		- grctech.com
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.grctech.com
+
+-->
+<ruleset name="GRCtech.com">
+
+	<target host="www.grctech.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.grctech\.com$" name="^(pcss|pimg|tcss|timg)$" /-->
+
+	<securecookie host="^www\.grctech\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GRML.org.xml b/src/chrome/content/rules/GRML.org.xml
new file mode 100644
index 000000000000..a615829d8aba
--- /dev/null
+++ b/src/chrome/content/rules/GRML.org.xml
@@ -0,0 +1,19 @@
+<!--
+	Fully covered hosts in *grml.org:
+
+		- (www.)?
+		- wiki
+-->
+<ruleset name="GRML.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="grml.org" />
+	<target host="wiki.grml.org" />
+	<target host="www.grml.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GRSecurity.net.xml b/src/chrome/content/rules/GRSecurity.net.xml
deleted file mode 100644
index 15062e6747ec..000000000000
--- a/src/chrome/content/rules/GRSecurity.net.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="GRSecurity.net">
-	<target host="grsecurity.net" />
-	<target host="*.grsecurity.net" />
-	<target host="*.forums.grsecurity.net" />
-	<rule from="^http://(?:www\.)?(cvsweb\.|forums\.|pax\.)?grsecurity\.net/" to="https://$1grsecurity.net/"/>
-
-	<securecookie host="^\.forums\.grsecurity\.net$" name=".*" />
-</ruleset>
-
diff --git a/src/chrome/content/rules/GRSecurity.xml b/src/chrome/content/rules/GRSecurity.xml
new file mode 100644
index 000000000000..1a8c1168f59b
--- /dev/null
+++ b/src/chrome/content/rules/GRSecurity.xml
@@ -0,0 +1,37 @@
+<!--
+	Nonfunctional hosts in *.grsecurity.net:
+		- mail.grsecurity.net (m)
+		- store.grsecurity.net (e)
+    - cvsweb.grsecurity.org (m)
+
+	Nonfunctional hosts in *.grsecurity.org:
+		- cvsweb.grsecurity.org (m)
+		- forums.grsecurity.org (m)
+		- mail.grsecurity.org (m)
+		- pax.grsecurity.org (m)
+		- store.grsecurity.org (e)
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="GRSecurity">
+	<target host="grsecurity.org" />
+	<target host="www.grsecurity.org" />
+	<target host="forums.grsecurity.org" />
+	<target host="pax.grsecurity.org" />
+
+	<target host="grsecurity.net" />
+	<target host="www.grsecurity.net" />
+	<target host="forums.grsecurity.net" />
+	<target host="pax.grsecurity.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://forums\.grsecurity\.org/" to="https://forums.grsecurity.net/" />
+	<rule from="^http://pax\.grsecurity\.org/" to="https://pax.grsecurity.net/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/GRUN_Software.xml b/src/chrome/content/rules/GRUN_Software.xml
index 52284952a494..19bb7839d752 100644
--- a/src/chrome/content/rules/GRUN_Software.xml
+++ b/src/chrome/content/rules/GRUN_Software.xml
@@ -11,7 +11,6 @@
 	<securecookie host="^www\.gruen\.net$" name=".+" />
 
 
-	<rule from="^http://(www\.)?gruen\.net/"
-		to="https://$1gruen.net/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/GS-media.de.xml b/src/chrome/content/rules/GS-media.de.xml
deleted file mode 100644
index 9cfcc7f249eb..000000000000
--- a/src/chrome/content/rules/GS-media.de.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	Ads.
-
-	For other GameSports coverage, see GameSports.net.xml.
-
-
-	^gs-media.de doesn't exist.
-
--->
-<ruleset name="GS-media.de">
-
-	<target host="*.gs-media.de" />
-
-
-	<securecookie host="^\.gs-media\.de" name=".+" />
-
-
-	<rule from="^http://(css|flags|netbar|themes|www)\.gs-media\.de/"
-		to="https://$1.gs-media.de/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/GSA.gov.xml b/src/chrome/content/rules/GSA.gov.xml
new file mode 100644
index 000000000000..ddcd64406ba8
--- /dev/null
+++ b/src/chrome/content/rules/GSA.gov.xml
@@ -0,0 +1,20 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://fbopen.gsa.gov/ => https://fbopen.gsa.gov/: (6, 'Could not resolve host: fbopen.gsa.gov')
+
+	General Services Administration
+
+
+-->
+<ruleset name="GSA.gov (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="18f.gsa.gov" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GSI-Commerce.xml b/src/chrome/content/rules/GSI-Commerce.xml
index b2e2d33806c0..85ab18cf94ea 100644
--- a/src/chrome/content/rules/GSI-Commerce.xml
+++ b/src/chrome/content/rules/GSI-Commerce.xml
@@ -1,9 +1,8 @@
-<ruleset name="GSI Commerce" default_off="mismatch">
+<ruleset name="GSI Commerce" default_off="mismatched">
 
 	<target host="qpbs.imageg.net"/>
 
 	<!--	Akamai, !at origin nor origin-qpbs	-->
-	<rule from="^http://qpbs\.imageg\.net/"
-		to="https://qpbs.imageg.net/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/GSI.de.xml b/src/chrome/content/rules/GSI.de.xml
new file mode 100644
index 000000000000..f94b9a2d298e
--- /dev/null
+++ b/src/chrome/content/rules/GSI.de.xml
@@ -0,0 +1,22 @@
+<!--
+	Mixed content:
+
+		- Bug on (www.)? from www.gsi.de *
+
+	* Secured by us
+
+-->
+<ruleset name="GSI.de">
+
+	<target host="gsi.de" />
+	<target host="wiki.gsi.de" />
+	<target host="www.gsi.de" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GSL-Co2.com.xml b/src/chrome/content/rules/GSL-Co2.com.xml
new file mode 100644
index 000000000000..bfbeeebfffc8
--- /dev/null
+++ b/src/chrome/content/rules/GSL-Co2.com.xml
@@ -0,0 +1,22 @@
+<!--
+	Mixed content:
+
+		- Flash on (www.)? from www.gsl-co2.com ˢ
+		- Image on (www.)? from www.gsl-co2.com ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="GSL-Co2.com" platform="mixedcontent">
+
+	<target host="gsl-co2.com" />
+	<target host="www.gsl-co2.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GSMArena.com.xml b/src/chrome/content/rules/GSMArena.com.xml
new file mode 100644
index 000000000000..6053bbe4d377
--- /dev/null
+++ b/src/chrome/content/rules/GSMArena.com.xml
@@ -0,0 +1,47 @@
+<!--
+	Non-functional subdomains:
+		- gsmarena.com		(mismatch hostname, CN: m.gsmarena.com)
+		- a		(connection refused)
+		- adsnew	(connection refused)
+		- blog		(mixed content)
+		- mblog		(mixed context)
+		- i		(mismatch hostname, CN: st.gsmarena.com)
+		- img		(mismatch hostname, CN: a.gsmarena.com)
+		- main		(mismatch hostname, CN: m.gsmarena.com)
+		- sp		(mismatch hostname, CN: st.gsmarena.com)
+		- st3		(mismatch hostname, CN: st.gsmarena.com)
+		- svn		(mismatch hostname, CN: mail.gsmarena.com)
+
+-->
+<ruleset name="GSMArena.com">
+	<target host="gsmarena.com" />
+	<target host="www.gsmarena.com" />
+	<target host="a2.gsmarena.com" />
+	<target host="ads.gsmarena.com" />
+	<target host="adsn.gsmarena.com" />
+	<target host="cdn.gsmarena.com" />
+	<target host="cdn2.gsmarena.com" />
+	<target host="m.gsmarena.com" />
+	<target host="mail.gsmarena.com" />
+	<target host="mb.gsmarena.com" />
+	<target host="mobile.gsmarena.com" />
+	<target host="mw.gsmarena.com" />
+	<target host="mydbadmin.gsmarena.com" />
+	<target host="observium.gsmarena.com" />
+	<target host="p2.gsmarena.com" />
+	<target host="p2n.gsmarena.com" />
+	<target host="pic.gsmarena.com" />
+	<target host="pica.gsmarena.com" />
+	<target host="st.gsmarena.com" />
+	<target host="st2.gsmarena.com" />
+	<target host="xads.gsmarena.com" />
+
+  	<securecookie host="^www\.gsmarena\.com$" name=".+" />
+
+  	<!-- mismatch hostname -->
+	<rule from="^http://gsmarena\.com/"
+		to="https://www.gsmarena.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/GSU.edu-falsemixed.xml b/src/chrome/content/rules/GSU.edu-falsemixed.xml
new file mode 100644
index 000000000000..c5c7af4d5675
--- /dev/null
+++ b/src/chrome/content/rules/GSU.edu-falsemixed.xml
@@ -0,0 +1,17 @@
+<!--
+	For rules not causing false/broken MCB, see GSU.edu.xml.
+
+-->
+<ruleset name="GSU.edu (false MCB)" platform="mixedcontent">
+
+	<target host="gsu.edu" />
+	<target host="www.gsu.edu" />
+
+
+	<securecookie host="^www\.gsu\.edu$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?gsu\.edu/"
+		to="https://www.gsu.edu/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GSU.edu.xml b/src/chrome/content/rules/GSU.edu.xml
new file mode 100644
index 000000000000..5698744ed4eb
--- /dev/null
+++ b/src/chrome/content/rules/GSU.edu.xml
@@ -0,0 +1,156 @@
+<!--
+	For rules causing false/broken MCB, see GSU.edu-falsemixed.xml.
+
+
+	Nonfunctional subdomains:
+
+		- admissions ¹
+		- advisement ¹
+		- aeadmin1 ¹
+		- aysps ¹
+		- banner ¹
+		- biomedical ¹
+		- calendar ¹
+		- campuslife ¹
+		- career ¹
+		- (www.)cas ¹
+		- codeofconduct ¹
+		- dining ¹
+		- education ¹
+		- emeriti ¹
+		- employment ¹
+		- enrollment
+		- events ¹
+		- facilities ¹
+		- faculty ¹
+		- finance ¹
+		- tools.finance ¹
+		- ga ¹
+		- giving ¹
+		- graduate ¹
+		- health ¹
+		- honors ¹
+		- hr ¹
+		- employees.hr ¹
+		- managers.hr ¹
+		- retirees.hr ¹
+		- innovation ¹
+		- international ¹
+		- isss ¹
+		- law ¹
+		- lawlibrary ¹
+		- library ¹
+		- magazine ¹
+		- map ¹
+		- myhousing ¹
+		- mystudyabroad ¹
+		- news ¹
+		- hyperphysics.phy-astr ¹
+		- policies.oie ¹
+		- parking ¹
+		- pr ¹
+		- president ¹
+		- provost ¹
+		- publichealth ¹
+		- recreation ¹
+		- registrar ¹
+		- research ¹
+		- ursa.research ¹
+		- robinson ¹
+		- safety ¹
+		- senate ¹
+		- services ¹
+		- sfs ¹
+		- snhp ¹
+		- strategic ¹
+		- studentaffairs ¹
+		- studenthandbook ¹
+		- success.students ¹
+		- technology ¹
+		- travel ²
+		- universityattorney ¹
+		- veterans ¹
+		- welcome ¹
+
+	¹ Refused
+	² Shows webservices; mismatched, CN: webservices.gsu.edu
+
+
+	^: refused
+
+
+	Fully covered subdomains:
+
+		- campusid
+		- inb.gosolar
+		- www.gosolar
+		- paws
+		- sendafile
+		- gsu.view
+		- webservices
+
+
+	These altnames don't exist:
+
+		- www.campusid.gsu.edu
+		- www.paws.gsu.edu
+		- www.sendafile.gsu.edu
+		- www.webservices.gsu.edu
+
+
+	Mixed content:
+
+		- css, on:
+
+			- www from $self ¹
+			- www from fonts.googleapis.com ¹
+
+		- Images, on:
+
+			- www from $self ¹
+			- www from aeadmin1 ²
+			- www from scontent-a.cdninstagram.com ¹
+
+	¹ Secured by us
+	² Unsecurable <= refused
+
+-->
+<ruleset name="GSU.edu (partial)">
+
+	<target host="gsu.edu" />
+	<target host="www.gsu.edu" />
+	<target host="campusid.gsu.edu" />
+	<target host="inb.gosolar.gsu.edu" />
+	<target host="www.gosolar.gsu.edu" />
+	<target host="paws.gsu.edu" />
+	<target host="sendafile.gsu.edu" />
+	<target host="gsu.view.gsu.edu" />
+	<target host="webservices.gsu.edu" />
+		<!--
+			Avoid false/broken MCB:
+						-->
+		<!--exclusion pattern="^http://(www\.)?gsu\.edu/+(?!wp-content/|wp-includes/)" /-->
+
+
+	<!--	Secured by server:
+					-->
+	<!--securecookie host="^\.gsu\.edu$" name="^fos\.secure\.web\.server$" /-->
+	<!--securecookie host="^sendafile\.gsu\.edu$" name="^_filetransfer_session$" /-->
+	<!--
+		Not secured by server:
+					-->
+	<!--securecookie host="^\.gsu\.edu$" name="^(fos\.web\.server|runId)$" /-->
+	<!--securecookie host="^campusid\.gsu\.edu$" name="^(ASP\.NET_SessionId|TestCookieName|language\.User)$" /-->
+	<!--securecookie host="^paws\.gsu\.edu$" name="^(BIPIPLuminisProd|JSESSIONID|UserAgentId|cookies)$" /-->
+	<!--securecookie host="^www\.gsu\.edu$" name="^X-Mapping-\w{9]$" /-->
+
+	<securecookie host="^(?:campusid|paws)\.gsu\.edu$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?gsu\.edu/(?=wp-content/|wp-includes/)"
+		to="https://www.gsu.edu/" />
+
+	<rule from="^http://(campusid|(?:inb|www)\.gosolar|paws|sendafile|gsu\.view|webservices)\.gsu\.edu/"
+		to="https://$1.gsu.edu/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GStreamer.xml b/src/chrome/content/rules/GStreamer.xml
deleted file mode 100644
index c61e6c9bbabe..000000000000
--- a/src/chrome/content/rules/GStreamer.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	CDN buckets:
-
-		- d2688lj8lursqz.cloudfront.net
-
-
-	Nonfunctional subdomains:
-
-		- (www.) *
-		- docs *
-
-	* Times out
-
--->
-<ruleset name="GStreamer (partial)">
-
-	<target host="cdn.gstreamer.com" />
-
-
-	<rule from="^http://cdn\.gstreamer\.com/"
-		to="https://d2688lj8lursqz.cloudfront.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/GTCs-Online.xml b/src/chrome/content/rules/GTCs-Online.xml
deleted file mode 100644
index dc0beff53076..000000000000
--- a/src/chrome/content/rules/GTCs-Online.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<ruleset name="GTC's Online">
-	<target host="gtcsonline.mycashflow.fi"/>
-	<target host="*.gtcsonline.mycashflow.fi"/>
-	<target host="peliaika.fi"/>
-	<target host="www.peliaika.fi"/>
-
-	<securecookie host="^\.gtcsonline\.mycashflow\.fi$" name=".+" />
-
-	<rule from="^http://(?:www\.)peliaika\.fi/"
-		to="https://gtcsonline.mycashflow.fi/"/>
-
-	<rule from="^http://gtcsonline\.mycashflow\.fi/"
-		to="https://gtcsonline.mycashflow.fi/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/GTK-apps.org.xml b/src/chrome/content/rules/GTK-apps.org.xml
new file mode 100644
index 000000000000..911307988d00
--- /dev/null
+++ b/src/chrome/content/rules/GTK-apps.org.xml
@@ -0,0 +1,12 @@
+<!--
+	For other openDesktop rules, see openDesktop.org.xml
+
+-->
+<ruleset name="GTK-apps.org">
+
+	<target host="gtk-apps.org" />
+	<target host="www.gtk-apps.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GTRK.TV.xml b/src/chrome/content/rules/GTRK.TV.xml
new file mode 100644
index 000000000000..5fc6e68686c0
--- /dev/null
+++ b/src/chrome/content/rules/GTRK.TV.xml
@@ -0,0 +1,9 @@
+<ruleset name="GTRK.TV" >
+	<target host="gtrk.tv" />
+	<target host="www.gtrk.tv" />
+	<target host="pano.gtrk.tv" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/GTT.net.xml b/src/chrome/content/rules/GTT.net.xml
new file mode 100644
index 000000000000..a9a7ed7349ab
--- /dev/null
+++ b/src/chrome/content/rules/GTT.net.xml
@@ -0,0 +1,33 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .gtt.net
+
+
+	Mixed content:
+
+		- css from $self *
+		- Images from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="GTT.net (false MCB)" platform="mixedcontent">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="gtt.net" />
+	<target host="www.gtt.net" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.gtt\.net$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.gtt\.net$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GU.se.xml b/src/chrome/content/rules/GU.se.xml
index ad6a910cbea0..3255f934c0c1 100644
--- a/src/chrome/content/rules/GU.se.xml
+++ b/src/chrome/content/rules/GU.se.xml
@@ -1,9 +1,40 @@
-<!-- Gothenburg university -->
-<!-- lots of subdomains lack ssl, and the site does less intelligent rewriteing. how to fix?.-->
-<ruleset name="GU.se" platform="mixedcontent">
-	<target host="www.gu.se" />
-	<target host="gu.se" />
-	<rule from="^http://gu\.se/" to="https://www.gu.se/"/>
-	<rule from="^http://www\.gu\.se/" to="https://www.gu.se/"/>
-</ruleset>
+<!--
+	Gothenburg university
+
+
+lots of subdomains lack ssl, and the site does less intelligent rewriting. how to fix?
+
+
+	(www.): redirects to http
+
+
+	Fully covered subdomains:
+
+		- gupea.ub
+		- webresources
 
+-->
+<ruleset name="GU.se">
+
+	<target host="gupea.ub.gu.se" />
+	<target host="webresources.gu.se" />
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="^http://www\.gu\.se/+($|\?|digitalAssets/)" /-->
+
+
+	<!--	Secured by server:
+					-->
+	<!--securecookie host="^webresources\.gu\.se$" name="^JSESSIONID$" /-->
+	<!--
+		Not secured by server:
+					-->
+	<!--securecookie host="^gupea\.ub\.gu\.se$" name="^JSESSIONID$" /-->
+
+	<securecookie host="^gupea\.ub\.gu\.se$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GUADEC.org.xml b/src/chrome/content/rules/GUADEC.org.xml
new file mode 100644
index 000000000000..be1c3c4353cd
--- /dev/null
+++ b/src/chrome/content/rules/GUADEC.org.xml
@@ -0,0 +1,31 @@
+<!--
+	Problematic domains:
+
+		- 2012.guadac.org *
+
+	* Mismatched, CN: www.gpul.org
+
+
+	Mixed content:
+
+		- iframe on 2012.guadac.org from www.youtube.com *
+
+		- 2012.guadac.org from www *
+		- 2012.guadac.org from farm\d.staticflickr.com *
+
+	* Secured by us
+
+-->
+<ruleset name="GUADEC.org (partial)">
+
+	<target host="guadec.org"/>
+	<target host="2012.guadec.org"/>
+	<target host="www.guadec.org"/>
+
+
+	<rule from="^http://(www\.)?guadec\.org/"
+		to="https://$1guadec.org/" />
+
+	<rule from="^http://2012\.guadec\.org/sites/" to="https://guadec.org/sites/"/>
+
+</ruleset>
diff --git a/src/chrome/content/rules/GUUG.de.xml b/src/chrome/content/rules/GUUG.de.xml
new file mode 100644
index 000000000000..89a9c7e655e3
--- /dev/null
+++ b/src/chrome/content/rules/GUUG.de.xml
@@ -0,0 +1,6 @@
+<ruleset name="GUUG.de">
+  <target host="guug.de" />
+  <target host="www.guug.de" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/GVC-Credit-Union.xml b/src/chrome/content/rules/GVC-Credit-Union.xml
new file mode 100644
index 000000000000..e270481deb56
--- /dev/null
+++ b/src/chrome/content/rules/GVC-Credit-Union.xml
@@ -0,0 +1,9 @@
+<ruleset name="GVC Credit Union">
+	<target host="gvccu.com" />
+	<target host="www.gvccu.com" />
+	<target host="mdws.gvccu.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/GVNTube.com.xml b/src/chrome/content/rules/GVNTube.com.xml
index 9290d283d09a..730e857b2a1e 100644
--- a/src/chrome/content/rules/GVNTube.com.xml
+++ b/src/chrome/content/rules/GVNTube.com.xml
@@ -16,4 +16,4 @@
 	<rule from="^http://(?:www\.)?gvntube\.com/(favicon\.ico|images/|javascripts/|login(?:$|\?|/)|media/|stylesheets/)"
 		to="https://gvntube.com/$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/G_Data_Software.xml b/src/chrome/content/rules/G_Data_Software.xml
deleted file mode 100644
index 949321385be7..000000000000
--- a/src/chrome/content/rules/G_Data_Software.xml
+++ /dev/null
@@ -1,124 +0,0 @@
-<!--
-	Av vendor. Includes plaintext from st.gdata-software.com
-
-
-	Nonfunctional domains:
-
-		- (www.)gdata.tw	(shows ZyWALL login, CN: usg50h_C86C870035B6)
-
-
-	Problematic domains:
-
-		- gdata.at *
-		- gdata.be *
-		- gdata.ch *
-		- gdata.de **
-		- gdata.es *
-		- gdata.fr *
-		- gdata.it *
-		- gdata.nl *
-		- gdata.pt *
-		- (www.)gdatasoftware.be *
-		- (www.)gdata.co.jp *
-		- gdatasoftware.co.uk *
-		- mx.gdatasoftware.com **
-		- gdata-software.com		(cert only matches www)
-		- (www.)gdatasoftware.com.br *
-		- (www.)gdatasoftware.in *
-		- (www.)gdatasoftware.mx *
-
-	* Mismatched
-	** Times out
-
-
-	Fully covered domains:
-
-		- (www.)gdata.at		(^ → www)
-		- (www.)gdata.be		(^ → www)
-		- (www.)gdata.ch		(^ → www)
-		- (www.)gdata.co.jp		(→ jp.gdatasoftware.com)
-		- (www.)gdata.de		(^ → www)
-		- (www.)gdata.es		(^ → www)
-		- (www.)gdata.fr		(^ → www)
-		- (www.)gdata.it		(^ → www)
-		- (www.)gdata.nl		(^ → www)
-		- (www.)gdata.pl
-		- static.gdata.pl
-		- (www.)gdata.pt		(^ → www)
-		- (www.)gdatasoftware.be	(→ www.gdata.be)
-		- (www.)gdatasoftware.co.uk	(^ → www)
-
-		- gdatasoftware.com subdomains:
-
-			- (www.)
-			- br
-			- in
-			- jp
-			- public
-			- ru
-			- static
-			- tr
-
-		- (www.)gdata-software.com	(^ → www)
-		- (www.)gdatasoftware.com.br	(→ br.gdatasoftware.com)
-		- (www.)gdatasoftware.in	(→ in.gdatasoftware.com)
-
-
-	Missing mx & tw coverage => partial
-
--->
-<ruleset name="G Data Software (partial)">
-
-	<target host="gdata.*" />
-	<target host="www.gdata.*" />
-	<target host="gdata.co.jp" />
-	<target host="www.gdata.co.jp" />
-	<target host="*.gdata.pl" />
-	<target host="gdatasoftware.*" />
-	<target host="www.gdatasoftware.*" />
-	<target host="gdatasoftware.co.uk" />
-	<target host="www.gdatasoftware.co.uk" />
-	<target host="*.gdatasoftware.com" />
-	<target host="gdata-software.com" />
-	<target host="www.gdata-software.com" />
-	<target host="gdatasoftware.com.br" />
-	<target host="www.gdatasoftware.com.br" />
-
-
-	<securecookie host="^www\.gdata\.(?:at|be|ch|de|es|fr|it|nl|pt)$" name=".+" />
-	<securecookie host="^\.www\.gdata\.pl$" name=".+" />
-	<securecookie host="^www\.gdatasoftware\.co\.uk$" name=".+" />
-	<securecookie host="^(?:br|in|jp|ru|tr|www)\.gdatasoftware\.com$" name=".+" />
-	<securecookie host="^www\.gdata-software\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?gdata\.(at|be|ch|de|es|fr|it|nl|pt)/"
-		to="https://www.gdata.$1/" />
-
-	<rule from="^http://(?:www\.)?gdatasoftware\.be/"
-		to="https://www.gdata.be/" />
-
-	<!--	Protocol-relative links from jp.gdatasoftware.com:
-									-->
-	<rule from="^https?://(?:www\.)?gdata\.co\.jp/"
-		to="https://jp.gdatasoftware.com/" />
-
-	<rule from="^http://(static\.|www\.)?gdata\.pl/"
-		to="https://$1gdata.pl/" />
-
-	<rule from="^http://(?:www\.)?gdatasoftware\.co\.uk/"
-		to="https://www.gdatasoftware.co.uk/" />
-
-	<rule from="^http://((?:br|jp|public|ru|static|tr|www)\.)?gdatasoftware\.com/"
-		to="https://$1gdatasoftware.com/" />
-
-	<rule from="^http://(?:www\.)?gdata-software\.com/"
-		to="https://www.gdata-software.com/" />
-
-	<rule from="^http://(?:www\.)?gdatasoftware\.com\.br/"
-		to="https://br.gdatasoftware.com/" />
-
-	<rule from="^http://(?:www\.)?gdatasoftware\.in/"
-		to="https://in.gdatasoftware.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Gaatur_u_stig_slapen.nl.xml b/src/chrome/content/rules/Gaatur_u_stig_slapen.nl.xml
new file mode 100644
index 000000000000..2491e44c1816
--- /dev/null
+++ b/src/chrome/content/rules/Gaatur_u_stig_slapen.nl.xml
@@ -0,0 +1,19 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://gaaturustigslapen.nl/ => https://gaaturustigslapen.nl/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.gaaturustigslapen.nl/ => https://www.gaaturustigslapen.nl/: (28, 'Connection timed out after 20001 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://gaaturustigslapen.nl/ => https://gaaturustigslapen.nl/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.gaaturustigslapen.nl/ => https://www.gaaturustigslapen.nl/: (60, 'SSL certificate problem: certificate has expired')
+-->
+<ruleset name="Gaatur u stig slapen.nl" default_off="failed ruleset test">
+
+	<target host="gaaturustigslapen.nl" />
+	<target host="www.gaaturustigslapen.nl" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Gab.com.xml b/src/chrome/content/rules/Gab.com.xml
new file mode 100644
index 000000000000..c7698ef413dc
--- /dev/null
+++ b/src/chrome/content/rules/Gab.com.xml
@@ -0,0 +1,38 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- www.blog.gab.com
+		- docker.develop.gab.com
+		- eng-001.develop.gab.com
+		- eng-002.develop.gab.com
+		- www.news.gab.com
+		- develop.pro.gab.com
+
+		5xx server error:
+		- api.gab.com
+		- demo-on.gab.com
+-->
+<ruleset name="Gab.com">
+	<target host="gab.com" />
+	<target host="www.gab.com" />
+	<target host="apps.gab.com" />
+	<target host="beam.gab.com" />
+	<target host="blog.gab.com" />
+	<target host="btcpay.gab.com" />
+	<target host="business.gab.com" />
+	<target host="chat.gab.com" />
+	<target host="code.gab.com" />
+	<target host="develop.gab.com" />
+	<target host="develop-chat.gab.com" />
+	<target host="dissenter-shop.gab.com" />
+	<target host="help.gab.com" />
+	<target host="news.gab.com" />
+	<target host="pro.gab.com" />
+	<target host="shop.gab.com" />
+	<target host="trends.gab.com" />
+	<target host="tweetbot.gab.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Gabor_Szathmari.me.xml b/src/chrome/content/rules/Gabor_Szathmari.me.xml
new file mode 100644
index 000000000000..cb60d7642bd0
--- /dev/null
+++ b/src/chrome/content/rules/Gabor_Szathmari.me.xml
@@ -0,0 +1,51 @@
+<!--
+	NB: Tor users cannot view* this website due to CloudFlare settings.
+
+	See:
+
+		- https://blog.torproject.org/blog/call-arms-helping-internet-services-accept-anonymous-users
+		- https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block-Tor-
+		- https://support.cloudflare.com/hc/en-us/articles/200170206-How-do-I-turn-I-m-Under-Attack-mode-on-
+
+	* without enabling javascript, for security and privacy implications see e.g.:
+
+		- https://www.mozilla.org/security/known-vulnerabilities/firefox.html
+		- https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-fingerprinting
+		- https://panopticlick.eff.org
+
+
+	^gaborszathmari.me: 404
+
+
+	Insecure cookies are set for these domains:
+
+		- .gaborszathmari.me
+
+-->
+<ruleset name="Dhaval Kapil.me">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="blog.gaborszathmari.me" />
+	<target host="www.gaborszathmari.me" />
+
+	<!--	Complications:
+				-->
+	<target host="gaborszathmari.me" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.gaborszathmari\.me$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+
+
+	<rule from="^http://gaborszathmari\.me/"
+		to="https://blog.gaborszathmari.me/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Gabry.hu.xml b/src/chrome/content/rules/Gabry.hu.xml
index 768a5a8583a0..e9e55f49dbd3 100644
--- a/src/chrome/content/rules/Gabry.hu.xml
+++ b/src/chrome/content/rules/Gabry.hu.xml
@@ -1,7 +1,36 @@
-<ruleset name="Gabry.hu" platform="mixedcontent">
-	<target host="www.gabry.hu" />
+<!--
+	NB: Server sends no certificate chain, see https://whatsmychaincert.com
+
+
+	Insecure cookies are set for these hosts:
+
+		- gabry.hu
+		- www.gabry.hu
+
+
+	Mixed content:
+
+		- Bugs from statelit.hu *
+
+	* Unsecurable <= 404
+
+-->
+<ruleset name="Gabry.hu" default_off="expired, missing certificate chain">
+
+	<!--	Direct rewrites:
+				-->
 	<target host="gabry.hu" />
+	<target host="www.gabry.hu" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?gabry\.hu$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^(?:www\.)?gabry\.hu$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
-	<securecookie host="^(www\.)?gabry\.hu$" name=".+" />
-	<rule from="^http://(www\.)?gabry\.hu/" to="https://$1gabry.hu/" />
 </ruleset>
diff --git a/src/chrome/content/rules/Gadget-o.xml b/src/chrome/content/rules/Gadget-o.xml
deleted file mode 100644
index d1179d421bd4..000000000000
--- a/src/chrome/content/rules/Gadget-o.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	CDN buckets:
-
-		- d2bmlokt20co86.cloudfront.net
-
--->
-<ruleset name="Gadget-o">
-
-	<target host="gadget-o.com" />
-	<target host="*.gadget-o.com" />
-
-
-	<securecookie host="^\.gadget-o.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?gadget-o\.com/"
-		to="https://$1gadget-o.com/" />
-
-	<rule from="^https?://assets\.gadget-o\.com/"
-		to="https://d2bmlokt20co86.cloudfront.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Gaia-GIS.it.xml b/src/chrome/content/rules/Gaia-GIS.it.xml
new file mode 100644
index 000000000000..4aaaf3512a52
--- /dev/null
+++ b/src/chrome/content/rules/Gaia-GIS.it.xml
@@ -0,0 +1,16 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://gaia-gis.it/ => https://gaia-gis.it/: (51, "SSL: no alternative certificate subject name matches target host name 'gaia-gis.it'")
+
+-->
+<ruleset name="Gaia-GIS.it" default_off="failed ruleset test">
+
+	<target host="gaia-gis.it" />
+	<target host="www.gaia-gis.it" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GaiaOnline.xml b/src/chrome/content/rules/GaiaOnline.xml
index 3d202ef0bed8..0e27bb3ff36f 100644
--- a/src/chrome/content/rules/GaiaOnline.xml
+++ b/src/chrome/content/rules/GaiaOnline.xml
@@ -1,27 +1,30 @@
 <!-- Comment: "This ruleset seems to work except for registering as a new user.  The avatar system isn't fully supported so there's an exclusion rule for that.  The site does some weird stuff with domain names they only use for https so users who also have NoScript will have to add yahooapis and llnwd.net to get certain features such as dressing their avatar and browsing the site's tabs to work normally." -->
+<!--
+	Problematic domains:
 
+		- gaiaonlinehelp.com *
+
+	* Refused
+
+-->
 <ruleset name="Gaia Online (breaks registration)" default_off="registration, avatar system not fully supported">
       <target host="gaiaonline.com" />
       <target host="*.gaiaonline.com" />
-      <target host="*.cdn.gaiaonline.com" />
       <target host="*.gaiaonlinehelp.com" />
-      <target host="*.gaia.hs.llnwd.net" />
 
 <exclusion pattern="^http://a2\.cdn\.gaiaonline\.com/"/>
 
-<securecookie host="^.gaiaonline\.com$" name=".*" />
-      
+<securecookie host="^.gaiaonline\.com$" name=".+" />
+
       <rule from="^http://gaiaonline\.com/"
             to="https://www.gaiaonline.com/" />
       <rule from="^http://([^/:@\.]+)\.gaiaonline\.com/"
            to="https://$1.gaiaonline.com/" />
-      <rule from="^http://([^/:@\.]+)\.gaia\.hs\.llnwd\.net/"
-           to="https://$1.gaia.hs.llnwd.net/" />
       <rule from="^http://([^/:@\.]+)\.cdn\.gaiaonline\.com/"
             to="https://$1.cdn.gaiaonline.com/" />
       <rule from="^http://gaiaonlinehelp\.com/"
-            to="https://www.gaiaonlinehelp.com/" />      
+            to="https://www.gaiaonlinehelp.com/" />
       <rule from="^http://([^/:@\.]+)\.gaiaonlinehelp\.com/"
            to="https://$1.gaiaonlinehelp.com/" />
-      
+
 </ruleset>
diff --git a/src/chrome/content/rules/Gajim.xml b/src/chrome/content/rules/Gajim.xml
index c172187a67ae..8107dad3ddf9 100644
--- a/src/chrome/content/rules/Gajim.xml
+++ b/src/chrome/content/rules/Gajim.xml
@@ -1,13 +1,36 @@
-<ruleset name="Gajim (partial)" platform="cacert">
+<!--
+	Insecure cookies are set for these hosts:
+
+		- paste.gajim.org
+		- trac.gajim.org
+
+-->
+<ruleset name="Gajim.org">
 
 	<target host="gajim.org" />
-	<target host="*.gajim.org" />
+	<target host="conference.gajim.org" />
+	<target host="devel.gajim.org" />
+	<target host="hg.gajim.org" />
+	<target host="lists.gajim.org" />
+	<target host="paste.gajim.org" />
+	<target host="python-nbxmpp.gajim.org" />
+	<target host="trac.gajim.org" />
+	<target host="trac-plugins.gajim.org" />
+	<target host="translate.gajim.org" />
+	<target host="www.gajim.org" />
+	<target host="www2.gajim.org" />
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^conference\.gajim\.org$" name="^csrftoken$" /-->
+	<!--securecookie host="^paste\.gajim\.org$" name="^ci_session$" /-->
+	<!--securecookie host="^trac\.gajim\.org$" name="^(trac_form_token|trac_session)$" /-->
 
-	<securecookie host="^(?:.*\.)?gajim\.org$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(?:(trac\.)|www\.)?gajim\.org/"
-		to="https://$1gajim.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Galaxis.xml b/src/chrome/content/rules/Galaxis.xml
index 5f5120344fe3..582116e96369 100644
--- a/src/chrome/content/rules/Galaxis.xml
+++ b/src/chrome/content/rules/Galaxis.xml
@@ -1,13 +1,12 @@
 <ruleset name="Galaxis.at">
 
 	<target host="galaxis.at" />
-	<target host="*.galaxis.at" />
+	<target host="www.galaxis.at" />
 
 
 	<securecookie host="^(?:www)?\.galaxis\.at$" name=".+" />
 
 
-	<rule from="^http://(www\.)?galaxis\.at/"
-		to="https://$1galaxis.at/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Galaxy_Project.org.xml b/src/chrome/content/rules/Galaxy_Project.org.xml
new file mode 100644
index 000000000000..9cfcee156145
--- /dev/null
+++ b/src/chrome/content/rules/Galaxy_Project.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="Galaxy Project.org (partial)">
+
+	<target host="wiki.galaxyproject.org" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Galiciana.gal.xml b/src/chrome/content/rules/Galiciana.gal.xml
new file mode 100644
index 000000000000..07154e573207
--- /dev/null
+++ b/src/chrome/content/rules/Galiciana.gal.xml
@@ -0,0 +1,14 @@
+<!--
+	Invalid certificate:
+		galiciana.gal
+
+	www.galiciana.gal does not exist.
+
+-->
+<ruleset name="Galiciana.gal">
+	<target host="arquivo.galiciana.gal" />
+	<target host="biblioteca.galiciana.gal" />
+	<target host="datos-abertos.galiciana.gal" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Gallup.xml b/src/chrome/content/rules/Gallup.xml
index c6cb4d538be0..fc3ef864b9d3 100644
--- a/src/chrome/content/rules/Gallup.xml
+++ b/src/chrome/content/rules/Gallup.xml
@@ -1,11 +1,18 @@
 <ruleset name="Gallup (partial)">
 
 	<target host="gallup.com" />
+	<target host="content.gallup.com" />
 	<target host="www.gallup.com" />
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="^http://www\.gallup\.com/(favicon\.ico|poll/\d+/[\w-]+\.aspx)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.gallup\.com/+(?!Assets/)" />
 
 
-	<!--	At least some pages redirect to http.	-->
-	<rule from="^http://(www\.)?gallup\.com/Assets/"
-		to="https://$1gallup.com/Assets/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Galois.com.xml b/src/chrome/content/rules/Galois.com.xml
new file mode 100644
index 000000000000..de81b06978ec
--- /dev/null
+++ b/src/chrome/content/rules/Galois.com.xml
@@ -0,0 +1,30 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://galois.com/ => https://galois.com/: Too many redirects while fetching 'https://galois.com/'
+Fetch error: http://corp.galois.com/ => https://galois.com/: Too many redirects while fetching 'https://galois.com/'
+Fetch error: http://www.galois.com/ => https://www.galois.com/: Too many redirects while fetching 'https://www.galois.com/'
+
+	Mixed content:
+
+		- Images on corp from ^ *
+
+	* Secured by us
+
+-->
+<ruleset name="Galois.com" default_off="failed ruleset test">
+
+	<target host="galois.com" />
+	<target host="corp.galois.com" />
+	<target host="www.galois.com" />
+
+
+	<!--	Redirects as so:
+				-->
+	<rule from="^http://corp\.galois\.com/$"
+		to="https://galois.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GamCare.xml b/src/chrome/content/rules/GamCare.xml
index afc33b01f249..5618ed946f53 100644
--- a/src/chrome/content/rules/GamCare.xml
+++ b/src/chrome/content/rules/GamCare.xml
@@ -1,12 +1,22 @@
-<ruleset name="GamCare (partial)" platform="mixedcontent">
+<!--
+	Nonfunctional hosts in *gamcare.org.uk:
+
+		- (www.)? *
+		- secure *
+
+	* 522
+
+-->
+<ruleset name="GamCare.org.uk (partial)" default_off="522">
 
 	<target host="gamcare.org.uk" />
-	<target host="*.gamcare.org.uk" />
+	<target host="secure.gamcare.org.uk" />
+	<target host="www.gamcare.org.uk" />
 
 
 	<!--	Homepage redirects to www.
 		Other pages don't exist on secure.	-->
-	<rule from="^https?://(?:secure\.|www\.)?gamcare\.org\.uk/((?:forum/)?cs|image)s/"
+	<rule from="^http://(?:secure\.|www\.)?gamcare\.org\.uk/((?:forum/)?cs|image)s/"
 		to="https://secure.gamcare.org.uk/$1s/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/GambleID.xml b/src/chrome/content/rules/GambleID.xml
index 7cf7ff4b106c..c4d34b4addbf 100644
--- a/src/chrome/content/rules/GambleID.xml
+++ b/src/chrome/content/rules/GambleID.xml
@@ -1,13 +1,21 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://gambleid.com/ => https://www.gambleid.com/: (60, 'SSL certificate problem: certificate has expired')
+
 	Problematic subdomains:
 
 		- ^	(no https)
 
 -->
-<ruleset name="GambleID">
+<ruleset name="GambleID" default_off="failed ruleset test">
 
 	<target host="gambleid.com" />
-	<target host="*.gambleid.com" />
+	<target host="www.gambleid.com" />
+	<target host="admin.gambleid.com" />
+	<target host="developer.gambleid.com" />
+	<target host="enterprise.gambleid.com" />
+	<target host="myaccount.gambleid.com" />
 
 
 	<!--	Observed cookie subdomains:
@@ -24,7 +32,6 @@
 	<rule from="^http://(?:www\.)?gambleid\.com/"
 		to="https://www.gambleid.com/" />
 
-	<rule from="^http://(admin|developer|enterprise|myaccount)\.gambleid\.com/"
-		to="https://$1.gambleid.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Gambling_Commission.xml b/src/chrome/content/rules/Gambling_Commission.xml
index 0f3be3d6a491..7307293c8478 100644
--- a/src/chrome/content/rules/Gambling_Commission.xml
+++ b/src/chrome/content/rules/Gambling_Commission.xml
@@ -4,15 +4,28 @@
 
 	Nonfunctional subdomains:
 
-		- www			(shows secure, mismatched)
+		- www *
+
+	* Shows secure
+
+
+	Insecure cookies are set for these domains:
+
+		- secure.gamblingcommission.gov.uk
 
 -->
-<ruleset name="Gambling Commission (partial)">
+<ruleset name="Gambling Commission.gov.uk (partial)">
 
 	<target host="secure.gamblingcommission.gov.uk" />
 
 
-	<rule from="^http://secure\.gamblingcommission\.gov\.uk/"
-		to="https://secure.gamblingcommission.gov.uk/" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^secure\.gamblingcommission\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^secure\.gamblingcommission\.gov\.uk$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Gambling_Portal_Webmasters_Association.xml b/src/chrome/content/rules/Gambling_Portal_Webmasters_Association.xml
index dadb37e94e6f..42a3bdc3d035 100644
--- a/src/chrome/content/rules/Gambling_Portal_Webmasters_Association.xml
+++ b/src/chrome/content/rules/Gambling_Portal_Webmasters_Association.xml
@@ -9,7 +9,6 @@
 	<target host="certify.gpwa.org" />
 
 
-	<rule from="^http://certify\.gpwa\.org/"
-		to="https://certify.gpwa.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Game-Link.xml b/src/chrome/content/rules/Game-Link.xml
index edeceba5c411..22f345c38546 100644
--- a/src/chrome/content/rules/Game-Link.xml
+++ b/src/chrome/content/rules/Game-Link.xml
@@ -7,19 +7,20 @@
 <ruleset name="Game Link (partial)">
 
 	<target host="gamelink.com" />
-	<target host="*.gamelink.com" />
+	<target host="www.gamelink.com" />
+	<target host="gfx3.gamelink.com" />
 
 
 	<!--	- Cert only matches *.gamelink.com
 		- Many pages redirect to http
 				-->
-	<rule from="^https?://(?:www\.)?gamelink\.com/(login|shipping)\.jhtml($|[;\?])"
+	<rule from="^http://(?:www\.)?gamelink\.com/(login|shipping)\.jhtml($|[;\?])"
 		to="https://www.gamelink.com/$1.jhtml$2" />
 
 	<!--	- Cert: *.hs.llnwd.net
 		- Throws 400
 				-->
-	<rule from="^https?://gfx3\.gamelink\.com/"
+	<rule from="^http://gfx3\.gamelink\.com/"
 		to="https://gamelink.hs.llnwd.net/e1/images/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Game-Show-Network.xml b/src/chrome/content/rules/Game-Show-Network.xml
index 9282b8eedf20..fa06ce137f30 100644
--- a/src/chrome/content/rules/Game-Show-Network.xml
+++ b/src/chrome/content/rules/Game-Show-Network.xml
@@ -1,13 +1,23 @@
-<ruleset name="Game Show Network (partial)">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.tv.gsn.com/ => https://www.tv.gsn.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.tv.gsn.com/ => https://www.tv.gsn.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+-->
+<ruleset name="Game Show Network (partial)" default_off="failed ruleset test">
 
 	<target host="gsn.com"/>
-	<target host="*.gsn.com"/>
-	<target host="www.tv.gsn.com"/>
+	<target host="tv.gsn.com" />
+	<target host="www.tv.gsn.com" />
+	<target host="www.gsn.com" />
 	<target host="worldwinner.com"/>
-	<target host="*.worldwinner.com"/>
+	<target host="www.worldwinner.com" />
+	<target host="cdn.worldwinner.com" />
 
 	<!--	forum cookies	-->
-	<securecookie host="^(www\.)?gsn\.com$" name="^bb_.*$"/>
+	<securecookie host="^(?:www\.)?gsn\.com$" name="^bb_.*$"/>
 
 	<!--	cert !match !www	-->
 	<rule from="^http://(?:www\.)?tv\.gsn\.com/"
diff --git a/src/chrome/content/rules/Game.co.uk.xml b/src/chrome/content/rules/Game.co.uk.xml
new file mode 100644
index 000000000000..3c8eebb1a1e6
--- /dev/null
+++ b/src/chrome/content/rules/Game.co.uk.xml
@@ -0,0 +1,6 @@
+<ruleset name="Game.co.uk">
+  <target host="game.co.uk" />
+  <target host="www.game.co.uk" />
+
+  <rule from="^http://(?:www\.)?game\.co\.uk/" to="https://www.game.co.uk/" />
+</ruleset>
diff --git a/src/chrome/content/rules/GameCopyWorld.click.xml b/src/chrome/content/rules/GameCopyWorld.click.xml
new file mode 100644
index 000000000000..f309bded515b
--- /dev/null
+++ b/src/chrome/content/rules/GameCopyWorld.click.xml
@@ -0,0 +1,19 @@
+<!--
+	For other GameCopyWorld coverage, see GameCopyWorld.com.xml.
+
+	Expired:
+		- rd1
+-->
+
+<ruleset name="GameCopyWorld.click">
+	<target host="gamecopyworld.click" />
+	<target host="www.gamecopyworld.click" />
+	<target host="g1.gamecopyworld.click" />
+	<target host="g2.gamecopyworld.click" />
+	<target host="g3.gamecopyworld.click" />
+	<target host="g4.gamecopyworld.click" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/GameCopyWorld.com.xml b/src/chrome/content/rules/GameCopyWorld.com.xml
new file mode 100644
index 000000000000..6a35c87faa44
--- /dev/null
+++ b/src/chrome/content/rules/GameCopyWorld.com.xml
@@ -0,0 +1,56 @@
+<!--
+	Other GameCopyWorld rulesets:
+		+ ConsoleBackup.com.xml
+		+ FileTarget.net.xml
+		+ GameCopyWorld.click.xml
+		+ GameCopyWorld.eu.xml
+		+ WireTarget.com.xml
+
+	Expired:
+		- rd1
+
+	SSL protocol error:
+		- mail
+-->
+
+<ruleset name="GameCopyWorld.com">
+	<target host="gamecopyworld.com" />
+	<target host="www.gamecopyworld.com" />
+	<target host="d01.gamecopyworld.com" />
+	<target host="d02.gamecopyworld.com" />
+	<target host="d03.gamecopyworld.com" />
+	<target host="d04.gamecopyworld.com" />
+	<target host="dl.gamecopyworld.com" />
+	<target host="ih1.gamecopyworld.com" />
+	<target host="ih2.gamecopyworld.com" />
+	<target host="ih4.gamecopyworld.com" />
+	<target host="ih6.gamecopyworld.com" />
+	<target host="m0001.gamecopyworld.com" />
+	<target host="m0002.gamecopyworld.com" />
+	<target host="m0003.gamecopyworld.com" />
+	<target host="m0004.gamecopyworld.com" />
+	<target host="m0005.gamecopyworld.com" />
+	<target host="m0006.gamecopyworld.com" />
+	<target host="m0007.gamecopyworld.com" />
+	<target host="m0008.gamecopyworld.com" />
+	<target host="m0010.gamecopyworld.com" />
+	<target host="m0014.gamecopyworld.com" />
+	<target host="m0015.gamecopyworld.com" />
+	<target host="m0016.gamecopyworld.com" />
+	<target host="m0018.gamecopyworld.com" />
+	<target host="m0020.gamecopyworld.com" />
+	<target host="m0025.gamecopyworld.com" />
+	<target host="m0026.gamecopyworld.com" />
+	<target host="m0162.gamecopyworld.com" />
+	<target host="m0163.gamecopyworld.com" />
+	<target host="m1009.gamecopyworld.com" />
+	<target host="m1010.gamecopyworld.com" />
+	<target host="m1011.gamecopyworld.com" />
+	<target host="m2010.gamecopyworld.com" />
+	<target host="pid.gamecopyworld.com" />
+	<target host="protectionid.gamecopyworld.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/GameCopyWorld.eu.xml b/src/chrome/content/rules/GameCopyWorld.eu.xml
new file mode 100644
index 000000000000..016570ab4919
--- /dev/null
+++ b/src/chrome/content/rules/GameCopyWorld.eu.xml
@@ -0,0 +1,24 @@
+<!--
+	For other GameCopyWorld coverage, see GameCopyWorld.com.xml.
+
+	Expired:
+		- rd1
+
+ 	SSL protocol error:
+		- mail
+-->
+
+<ruleset name="GameCopyWorld.eu">
+	<target host="gamecopyworld.eu" />
+	<target host="www.gamecopyworld.eu" />
+	<target host="dl.gamecopyworld.eu" />
+	<target host="g1.gamecopyworld.eu" />
+	<target host="g3.gamecopyworld.eu" />
+	<target host="g5.gamecopyworld.eu" />
+	<target host="m0001.gamecopyworld.eu" />
+	<target host="search.gamecopyworld.eu" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/GameDev.net.xml b/src/chrome/content/rules/GameDev.net.xml
index dfea167a0e67..1f9d70b973f6 100644
--- a/src/chrome/content/rules/GameDev.net.xml
+++ b/src/chrome/content/rules/GameDev.net.xml
@@ -26,11 +26,11 @@
 <ruleset name="GameDev.net (partial)">
 
 	<target host="gamedev.net" />
-	<target host="*.gamedev.net" />
-		<exclusion pattern="^https?://(?:www\.)?gamedev\.net/page/" />
+	<target host="public.gamedev.net" />
+	<target host="www.gamedev.net" />
+		<exclusion pattern="^http://(?:www\.)?gamedev\.net/page/" />
 
 
-	<rule from="^http://(public\.|www\.)?gamedev\.net/"
-		to="https://$1gamedev.net/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/GameFly.xml b/src/chrome/content/rules/GameFly.xml
index 68c6d072938a..041f39446686 100644
--- a/src/chrome/content/rules/GameFly.xml
+++ b/src/chrome/content/rules/GameFly.xml
@@ -1,21 +1,48 @@
-<ruleset name="GameFly">
+<!--
+	Other GameFly rulesets:
 
-	<target host="gamefly.com" />
+		- GameFly_CDN.com.xml
+
+
+	Problematic hosts:
+
+		- gamefly.co.uk ¹
+		- www.gamefly.co.uk ²
+
+		- gamefly.com ³
+		- api.gamefly.com ²
+		- digital.gamefly.com ²
+		- m.gamefly.com ²
+		- www.gamefly.com ²
+
+	¹ Dropped
+	² Blocks Tor users
+	³ Refused
+
+-->
+<ruleset name="GameFly" default_off="needs clearnet testing">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.gamefly.co.uk" />
+
+	<target host="digital.gamefly.com" />
+	<target host="m.gamefly.com" />
 	<target host="www.gamefly.com" />
+
+	<!--	Complications:
+				-->
 	<target host="gamefly.co.uk" />
-	<target host="www.gamefly.co.uk" />
-	<target host="*.gameflycdn.com" />
+	<target host="gamefly.com" />
 
 
-	<securecookie host="^www\.gamefly\.co(?:m|\.uk)$" name=".+" />
+	<securecookie host="^www\.gamefly\.co(?:\.uk|m)$" name=".+" />
 
 
-	<!--	Certs only match www.
-					-->
-	<rule from="^http://(?:www\.)?gamefly\.co(m|\.uk)/"
+	<rule from="^http://gamefly\.co(\.uk|m)/"
 		to="https://www.gamefly.co$1/" />
 
-	<rule from="^http://gamefly(1|2)?\.gameflycdn\.com/"
-		to="https://gamefly$1.gameflycdn.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/GameFly_CDN.com.xml b/src/chrome/content/rules/GameFly_CDN.com.xml
new file mode 100644
index 000000000000..e57c324f5ab9
--- /dev/null
+++ b/src/chrome/content/rules/GameFly_CDN.com.xml
@@ -0,0 +1,18 @@
+<!--
+	For other GameFly coverage, see GameFly.xml.
+
+-->
+<ruleset name="GameFly CDN.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="cms.gameflycdn.com" />
+	<target host="gamefly.gameflycdn.com" />
+	<target host="gamefly1.gameflycdn.com" />
+	<target host="gamefly2.gameflycdn.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GameHouse.xml b/src/chrome/content/rules/GameHouse.xml
index 3f4f04127793..de0e86b8e4f1 100644
--- a/src/chrome/content/rules/GameHouse.xml
+++ b/src/chrome/content/rules/GameHouse.xml
@@ -1,27 +1,34 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://gamehouse.com/ => https://www.gamehouse.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://ad.ghfusion.com/ => https://ad.ghfusion.com/: (6, 'Could not resolve host: ad.ghfusion.com')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://gamehouse.com/ => https://www.gamehouse.com/: Cycle detected - URL already encountered: https://www.gamehouse.com/
+Fetch error: http://ad.ghfusion.com/ => https://ad.ghfusion.com/: (6, 'Could not resolve host: ad.ghfusion.com')
 	CDN buckets:
 
 		- dlr6ze9oohko6.cloudfront.net
 
 -->
-<ruleset name="GameHouse">
+<ruleset name="GameHouse" default_off="failed ruleset test">
 
 	<target host="gamehouse.com" />
-	<target host="*.gamehouse.com" />
+	<target host="www.gamehouse.com" />
+	<target host="media.gamehouse.com" />
+	<target host="support.gamehouse.com" />
 	<target host="ad.ghfusion.com" />
 
 
-	<securecookie host="^.*\.gamehouse\.com$" name=".*" />
+	<securecookie host="^.*\.gamehouse\.com$" name=".+" />
 
 
 	<!--	Cert only matches www.	-->
-	<rule from="^https?://(?:www\.)?gamehouse\.com/"
+	<rule from="^http://(?:www\.)?gamehouse\.com/"
 		to="https://www.gamehouse.com/" />
 
-	<rule from="^http://(media|support)\.gamehouse\.com/"
-		to="https://$1.gamehouse.com/" />
 
-	<rule from="^http://ad\.ghfusion\.com/"
-		to="https://ad.ghfusion.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/GameInformer.xml b/src/chrome/content/rules/GameInformer.xml
index 0002e2261d47..b31a201d4cb5 100644
--- a/src/chrome/content/rules/GameInformer.xml
+++ b/src/chrome/content/rules/GameInformer.xml
@@ -3,10 +3,7 @@
 
 		- media1.gameinformer.edgesuite.net
 
-		- optimizedresources.gamestop.com.edgesuite.net
-
-			- a1910.b.akamai.net
-			- media-2
+		- optimizedresources.gamestop.com.edgesuite.net ← media-2.gameinformer.com
 
 
 	Nonfunctional subdomains:
@@ -19,28 +16,43 @@
 		- media-2	(works, akamai)
 
 
-	Fully covered subdomains:
+	Insecure cookies are set for these domains and hosts:
+
+		- .gameinformer.com
+		- www.gameinformer.com
+
+
+	Mixed content:
 
-		- (www.)
-		- media-2	(→ akamai)
+		- Images on www from media1.gameinformer.com ¹
 
+		- Bugs, on:
 
-	Mixed images on www from media1
+			- www from www.facebook.com ²
+			- www from b.scorecardresearch.com ²
+
+
+	¹ Unsecurable <= 504
+	² Secured by us
 
 -->
-<ruleset name="GameInformer (partial)">
+<ruleset name="GameInformer.com (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="gameinformer.com" />
-	<target host="*.gameinformer.com" />
+	<target host="www.gameinformer.com" />
 
 
-	<securecookie host="^(?:www)?\.gameinformer\.com$" name=".+" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.gameinformer\.com$" name="^(?:AuthorizationCookie|CommunityServer-UserCookie\d+|SCC|SMC|SRC|SSPIDER)$" /-->
+	<!--securecookie host="^www\.gameinformer\.com$" name="^(?:CommunityServer-LastVisitUpdated-\d+|akamai-cookie)$" /-->
 
+	<securecookie host="^(?:www)?\.gameinformer\.com$" name=".+" />
 
-	<rule from="^http://(www\.)?gameinformer\.com/"
-		to="https://$1gameinformer.com/" />
 
-	<rule from="^http://media-2\.gameinformer\.com/"
-		to="https://a248.e.akamai.net/f/1910/8732/10h/media-2.gameinformer.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/GamePro.de.xml b/src/chrome/content/rules/GamePro.de.xml
new file mode 100644
index 000000000000..189db9703ec0
--- /dev/null
+++ b/src/chrome/content/rules/GamePro.de.xml
@@ -0,0 +1,26 @@
+<!--
+	This domain contains a wildcard DNS record.
+
+	Invalid certificate:
+		- gamestar.dewww
+		- leseraktion
+		- w3
+		- www.wwww
+-->
+<ruleset name="GamePro.de">
+
+	<target host="gamepro.de" />
+	<target host="www.gamepro.de" />
+	<target host="ewww.gamepro.de" />
+	<target host="images.gamepro.de" />
+	<target host="m.gamepro.de" />
+	<target host="newsletter.gamepro.de" />
+	<target host="ssl.gamepro.de" />
+	<target host="ww.gamepro.de" />
+	<target host="wwww.gamepro.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GameSports.net-falsemixed.xml b/src/chrome/content/rules/GameSports.net-falsemixed.xml
deleted file mode 100644
index b8deb64c2d9f..000000000000
--- a/src/chrome/content/rules/GameSports.net-falsemixed.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	For rules not causing false/broken MCB, see GameSports.net.xml.
-
--->
-<ruleset name="GameSports.net (false MCB)" platform="mixedcontent">
-
-	<target host="gamesports.net" />
-	<target host="broadcasting.gamesports.net" />
-
-
-	<securecookie host="^broadcasting\.gamesports\.net$" name=".+" />
-
-
-	<rule from="^http://(?:broadcasting\.)?gamesports\.net/"
-		to="https://broadcasting.gamesports.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/GameSports.net.xml b/src/chrome/content/rules/GameSports.net.xml
deleted file mode 100644
index 88f7efc82ab0..000000000000
--- a/src/chrome/content/rules/GameSports.net.xml
+++ /dev/null
@@ -1,77 +0,0 @@
-<!--
-	For rules causing false/broken MCB, see GameSports.net-falsemixed.xml.
-
-	Other GameSports rulesets:
-
-		- GS-media.de.xml
-
-
-	Problematic subdomains:
-
-		- ^		(interrupted)
-
-		- cdn subdomains: *
-
-			- css
-			- netbar
-
-	* Depth mismatched
-
-
-	Partially covered subdomains:
-
-		- broadcasting	(avoiding false/broken MCB)
-
-
-	Fully covered subdomains:
-
-		- cdn subdomains:
-
-			- css		(→ css.gs-media.de)
-			- flags		(→ flags.gs-media.de)
-			- netbar	(→ netbar.gs-media.de)
-			- themes	(→ themes.gs-media.de)
-
-		- forum
-		- static
-		- www
-
-
-	Mixed content:
-
-		- css on broadcasting from static *
-
-		- Images, on:
-
-			- broadcasting from static *
-			- forum from broadcasting *
-			- forum from forum *
-
-		- Ads/web bugs, on:
-
-			- broadcasting from css.gs-media.de
-			- broadcasting from www4.smartadserver.com *
-			- forum from www4.smartadserver.com *
-
-	* Secured by us
-
--->
-<ruleset name="GameSports.net (partial)">
-
-	<target host="*.gamesports.net" />
-		<!--
-			Avoid false/broken MCB:
-						-->
-		<exclusion pattern="^http://broadcasting\.gamesports\.net/+(?!images/)" />
-
-
-	<securecookie host="^\.gamesports\.net$" name="^gs_\w+$" />
-
-
-	<rule from="^http://(broadcasting|forum|static|www)\.gamesports\.net/"
-		to="https://$1.gamesports.net/" />
-
-	<rule from="^http://(css|flags|netbar|themes)\.cdn\.gamesports\.net/"
-		to="https://$1.gs-media.de/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/GameSpot.com.xml b/src/chrome/content/rules/GameSpot.com.xml
new file mode 100644
index 000000000000..8954e3e8bb2a
--- /dev/null
+++ b/src/chrome/content/rules/GameSpot.com.xml
@@ -0,0 +1,21 @@
+<!--
+	For other CBS coverage, see CBS.xml.
+
+	Mismatched:
+		- userimage
+-->
+<ruleset name="GameSpot.com (partial)">
+	<target host="gamespot.com" />
+	<target host="www.gamespot.com" />
+	<target host="auth.gamespot.com" />
+	<target host="static.gamespot.com" />
+	<target host="static1.gamespot.com" />
+	<target host="static2.gamespot.com" />
+	<target host="static3.gamespot.com" />
+	<target host="static4.gamespot.com" />
+	<target host="static5.gamespot.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/GameSpot.xml b/src/chrome/content/rules/GameSpot.xml
deleted file mode 100644
index 87b56eef1bed..000000000000
--- a/src/chrome/content/rules/GameSpot.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	For other CBS coverage, see CBS.xml.
-
-
-	Nonfunctional domains:
-
-		- userimage.gamespot.com	(ditto)
-		- im(age|g[12].gamespotcdn.net	(Akamai; "An error occurred"; all equivalent)
-
--->
-<ruleset name="GameSpot (partial)">
-
-	<target host="*.gamespot.com" />
-
-
-	<rule from="^http://(fuse|u[ks])\.gamespot\.com/"
-		to="https://$1.gamespot.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/GameStop.xml b/src/chrome/content/rules/GameStop.xml
index 014c4516fc28..5e5cda604b5a 100644
--- a/src/chrome/content/rules/GameStop.xml
+++ b/src/chrome/content/rules/GameStop.xml
@@ -1,8 +1,11 @@
 <!--
 	At least some pages redirect to http
 
+
+	https://github.com/EFForg/https-everywhere/issues/1287
+
 -->
-<ruleset name="GameStop">
+<ruleset name="GameStop" default_off="broken">
 
 	<target host="gamestop.com" />
 	<target host="*.gamestop.com" />
@@ -11,4 +14,4 @@
 	<rule from="^http://(www\.)?gamestop\.com/(?:(.+/images|[cC]ommon|gs/(?:landing|merchincludes)|INTL|JavaScript|mrkt)/|.+\.css$)"
 		to="https://$1gamestop.com/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/GameTechWiki.com.xml b/src/chrome/content/rules/GameTechWiki.com.xml
new file mode 100644
index 000000000000..33e823710726
--- /dev/null
+++ b/src/chrome/content/rules/GameTechWiki.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="GameTechWiki.com">
+	<target host="gametechwiki.com" />
+	<target host="www.gametechwiki.com" />
+	<target host="emulation.gametechwiki.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/GameTree.xml b/src/chrome/content/rules/GameTree.xml
index 06afef846a54..0fc00ca1dc34 100644
--- a/src/chrome/content/rules/GameTree.xml
+++ b/src/chrome/content/rules/GameTree.xml
@@ -1,18 +1,29 @@
-<ruleset name="GameTree">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://gametreedeveloper.com/ => https://gametreedeveloper.com/: (60, 'SSL certificate problem: self signed certificate in certificate chain')
+Fetch error: http://www.gametreedeveloper.com/ => https://www.gametreedeveloper.com/: (60, 'SSL certificate problem: self signed certificate in certificate chain')
+Fetch error: http://gametreelinux.com/ => https://gametreedeveloper.com/: (60, 'SSL certificate problem: self signed certificate in certificate chain')
+
+	(www.)gametreelinux.com: plaintext reply
+
+-->
+<ruleset name="GameTree" default_off="failed ruleset test">
 
 	<target host="gametreedeveloper.com" />
 	<target host="www.gametreedeveloper.com" />
 	<target host="gametreelinux.com"/>
-	<target host="*.gametreelinux.com"/>
+	<target host="www.gametreelinux.com" />
+	<target host="cdn.gametreelinux.com" />
 
 
-	<securecookie host="^gametreedeveloper\.com$" name=".*" />
+	<securecookie host="^gametreedeveloper\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?gametree(developer|linux)\.com/"
-		to="https://$1gametree$2.com/" />
+	<rule from="^http://(www\.)?gametree(?:developer|linux)\.com/"
+		to="https://$1gametreedeveloper.com/" />
 
-	<rule from="^https?://cdn\.gametreelinux\.com/"
+	<rule from="^http://cdn\.gametreelinux\.com/"
 		to="https://d303q111h1m66t.cloudfront.net/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Gamebillet.com.xml b/src/chrome/content/rules/Gamebillet.com.xml
new file mode 100644
index 000000000000..03aea3fa8a10
--- /dev/null
+++ b/src/chrome/content/rules/Gamebillet.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Gamebillet.com">
+  <target host="gamebillet.com" />
+  <target host="www.gamebillet.com" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Gamedesire.net.xml b/src/chrome/content/rules/Gamedesire.net.xml
new file mode 100644
index 000000000000..4fb7f21037f0
--- /dev/null
+++ b/src/chrome/content/rules/Gamedesire.net.xml
@@ -0,0 +1,154 @@
+<!--
+	(oh boy...)
+
+
+	CDN buckets:
+
+		- 04079b3c5fffcb144679-73bdb3f152213b22052a33e18373fccd.r93.cf1.rackcdn.com <=> photos-76
+
+		- 17ce5d735a99c6d96ee6-947a6139d03941c2771ec84916445494.r12.cf1.rackcdn.com <=> photos-17
+
+		- 289d643eaa9a1888ba4c-04f12471bcdb95cca3eeca2eb5591ec9.r69.cf1.rackcdn.com <=> photos-38
+
+		- 3daaecb033373e0b2101-70b1b2585d1b9a060f1c8b9e7768ed38.r76.cf1.rackcdn.com <=> photos-13
+
+		- 551442956d1acb2b1ac1-b6b048cb71860b8f89a51e8ff21479aa.r62.cf1.rackcdn.com <=> photos-11
+
+		- 573a22c7efb0251d38f2-87b36d2522973cbc189ecd1c3c4899eb.r3.cf1.rackcdn.com <=> photos-8
+
+		- 60b63af08206a373f3af-736369e37fca9c51db6ab510561606c6.r46.cf1.rackcdn.com <=> photos-4
+
+		- 614a85fb3d3c967a8ec5-1d529e27d70978c2b79448c725df2738.r68.cf1.rackcdn.com <=> photos-7
+
+		- 621677fdefd90f85a52a-b6139ea58ae4d364e7b4bd4667a1c497.r87.cf1.rackcdn.com <=> photos-5
+
+		- 6c0411fb3fc0be77b0de-2e254e45e3a9aa8529b4e5d95b3b5673.r87.cf1.rackcdn.com <=> photos-16
+
+		- 73a523f744d40ef6e1ea-e266b9b68094d09351772a92303a5498.r16.cf1.rackcdn.com <=> photos-15
+
+		- 888908a8a91b641e6a67-7e55c3863a20b7cd1941980d016517fa.r38.cf1.rackcdn.com <=> photos-3
+
+		- 9c355a3ef7902c58f8c3-2968a6ed64c8971ba68b842decd2980d.r89.cf1.rackcdn.com <=> photos-9
+
+		- 9f68ec267a18e90d8671-d946aa0389f9fea95272af17b1d5e649.r21.cf1.rackcdn.com <=> photos-74
+
+		- a3e605ccc7eed766293f-bbc3afff9c06ca2e8d6ce9265e4caf01.r53.cf1.rackcdn.com <=> photos-50
+
+		- ad56e3f3b0461354e2ad-bb1a290b34928b15a9266ba73adc445e.r74.cf1.rackcdn.com <=> photos-14
+
+		- af8d3a47a81718cefa81-092f7446244ae8acdfdac8010fb979cd.r49.cf1.rackcdn.com <=> photos-6
+
+		- b223bd47ce46d2ab6b47-12643ce45db55bfccbbdf83d0572b127.r99.cf1.rackcdn.com <=> photos-48
+
+		- b6092b1ede836d275575-c3f6d1586b2580acbe6579e8eb935fd7.r43.cf1.rackcdn.com <=> photos-12
+
+		- c913c7fbe304b76ded85-f041eef37cfea00a1dcae6859e4fae41.r89.cf1.rackcdn.com <=> photos-42
+
+		- d3673d8f8c3a865506dc-7d83ed208f9667477016ebfe6ac5ce62.r82.cf1.rackcdn.com <=> photos-10
+
+		- e3228179915a08bd7e37-5d69d236ea985bd6e2070d8724d53456.r86.cf1.rackcdn.com <=> photos-1
+
+		- e3f51024f050759f7996-7353508386eef0cf2e5b88063e9df0e2.r22.cf1.rackcdn.com <=> photos-2
+
+
+	Problematic subdomains:
+
+		- photos-\d *
+		- photos-\d\d *
+
+	* Works, akamai
+
+-->
+<ruleset name="gamedesire.net (partial)">
+
+	<target host="photos-1.gamedesire.net" />
+	<target host="photos-2.gamedesire.net" />
+	<target host="photos-3.gamedesire.net" />
+	<target host="photos-4.gamedesire.net" />
+	<target host="photos-5.gamedesire.net" />
+	<target host="photos-6.gamedesire.net" />
+	<target host="photos-7.gamedesire.net" />
+	<target host="photos-8.gamedesire.net" />
+	<target host="photos-9.gamedesire.net" />
+	<target host="photos-10.gamedesire.net" />
+	<target host="photos-11.gamedesire.net" />
+	<target host="photos-12.gamedesire.net" />
+	<target host="photos-13.gamedesire.net" />
+	<target host="photos-15.gamedesire.net" />
+	<target host="photos-16.gamedesire.net" />
+	<target host="photos-17.gamedesire.net" />
+	<target host="photos-38.gamedesire.net" />
+	<target host="photos-42.gamedesire.net" />
+	<target host="photos-48.gamedesire.net" />
+	<target host="photos-50.gamedesire.net" />
+	<target host="photos-74.gamedesire.net" />
+	<target host="photos-76.gamedesire.net" />
+
+
+	<rule from="^http://photos-1\.gamedesire\.net/"
+		to="https://e3228179915a08bd7e37-5d69d236ea985bd6e2070d8724d53456.ssl.cf1.rackcdn.com/" />
+
+	<rule from="^http://photos-2\.gamedesire\.net/"
+		to="https://e3f51024f050759f7996-7353508386eef0cf2e5b88063e9df0e2.ssl.cf1.rackcdn.com/" />
+
+	<rule from="^http://photos-3\.gamedesire\.net/"
+		to="https://888908a8a91b641e6a67-7e55c3863a20b7cd1941980d016517fa.ssl.cf1.rackcdn.com/" />
+
+	<rule from="^http://photos-4\.gamedesire\.net/"
+		to="https://60b63af08206a373f3af-736369e37fca9c51db6ab510561606c6.ssl.cf1.rackcdn.com/" />
+
+	<rule from="^http://photos-5\.gamedesire\.net/"
+		to="https://621677fdefd90f85a52a-b6139ea58ae4d364e7b4bd4667a1c497.ssl.cf1.rackcdn.com/" />
+
+	<rule from="^http://photos-6\.gamedesire\.net/"
+		to="https://af8d3a47a81718cefa81-092f7446244ae8acdfdac8010fb979cd.ssl.cf1.rackcdn.com/" />
+
+	<rule from="^http://photos-7\.gamedesire\.net/"
+		to="https://614a85fb3d3c967a8ec5-1d529e27d70978c2b79448c725df2738.ssl.cf1.rackcdn.com/" />
+
+	<rule from="^http://photos-8\.gamedesire\.net/"
+		to="https://573a22c7efb0251d38f2-87b36d2522973cbc189ecd1c3c4899eb.ssl.cf1.rackcdn.com/" />
+
+	<rule from="^http://photos-9\.gamedesire\.net/"
+		to="https://9c355a3ef7902c58f8c3-2968a6ed64c8971ba68b842decd2980d.ssl.cf1.rackcdn.com/" />
+
+	<rule from="^http://photos-10\.gamedesire\.net/"
+		to="https://d3673d8f8c3a865506dc-7d83ed208f9667477016ebfe6ac5ce62.ssl.cf1.rackcdn.com/" />
+
+	<rule from="^http://photos-11\.gamedesire\.net/"
+		to="https://551442956d1acb2b1ac1-b6b048cb71860b8f89a51e8ff21479aa.ssl.cf1.rackcdn.com/" />
+
+	<rule from="^http://photos-12\.gamedesire\.net/"
+		to="https://b6092b1ede836d275575-c3f6d1586b2580acbe6579e8eb935fd7.ssl.cf1.rackcdn.com/" />
+
+	<rule from="^http://photos-13\.gamedesire\.net/"
+		to="https://3daaecb033373e0b2101-70b1b2585d1b9a060f1c8b9e7768ed38.ssl.cf1.rackcdn.com/" />
+
+	<rule from="^http://photos-15\.gamedesire\.net/"
+		to="https://73a523f744d40ef6e1ea-e266b9b68094d09351772a92303a5498.ssl.cf1.rackcdn.com/" />
+
+	<rule from="^http://photos-16\.gamedesire\.net/"
+		to="https://6c0411fb3fc0be77b0de-2e254e45e3a9aa8529b4e5d95b3b5673.ssl.cf1.rackcdn.com/" />
+
+	<rule from="^http://photos-17\.gamedesire\.net/"
+		to="https://17ce5d735a99c6d96ee6-947a6139d03941c2771ec84916445494.ssl.cf1.rackcdn.com/" />
+
+	<rule from="^http://photos-38\.gamedesire\.net/"
+		to="https://289d643eaa9a1888ba4c-04f12471bcdb95cca3eeca2eb5591ec9.ssl.cf1.rackcdn.com/" />
+
+	<rule from="^http://photos-42\.gamedesire\.net/"
+		to="https://c913c7fbe304b76ded85-f041eef37cfea00a1dcae6859e4fae41.ssl.cf1.rackcdn.com/" />
+
+	<rule from="^http://photos-48\.gamedesire\.net/"
+		to="https://b223bd47ce46d2ab6b47-12643ce45db55bfccbbdf83d0572b127.ssl.cf1.rackcdn.com/" />
+
+	<rule from="^http://photos-50\.gamedesire\.net/"
+		to="https://a3e605ccc7eed766293f-bbc3afff9c06ca2e8d6ce9265e4caf01.ssl.cf1.rackcdn.com/" />
+
+	<rule from="^http://photos-74\.gamedesire\.net/"
+		to="https://9f68ec267a18e90d8671-d946aa0389f9fea95272af17b1d5e649.ssl.cf1.rackcdn.com/" />
+
+	<rule from="^http://photos-76\.gamedesire\.net/"
+		to="https://04079b3c5fffcb144679-73bdb3f152213b22052a33e18373fccd.ssl.cf1.rackcdn.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Gamefactory.jp.xml b/src/chrome/content/rules/Gamefactory.jp.xml
new file mode 100644
index 000000000000..db328dfc0125
--- /dev/null
+++ b/src/chrome/content/rules/Gamefactory.jp.xml
@@ -0,0 +1,13 @@
+<!--
+	^gamefactory.jp doesn't exist.
+
+-->
+<ruleset name="Gamefactory.jp">
+
+	<target host="www.gamefactory.jp" />
+
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Gameladen.xml b/src/chrome/content/rules/Gameladen.xml
index e7cc2ac4ee41..17bc77bd7d81 100644
--- a/src/chrome/content/rules/Gameladen.xml
+++ b/src/chrome/content/rules/Gameladen.xml
@@ -1,13 +1,12 @@
 <ruleset name="Gameladen">
 
 	<target host="gameladen.com" />
-	<target host="*.gameladen.com" />
+	<target host="www.gameladen.com" />
 
 
 	<securecookie host="^\.gameladen\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?gameladen\.com/"
-		to="https://$1gameladen.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Gameological_Society.xml b/src/chrome/content/rules/Gameological_Society.xml
index b91401ff11ac..23391af32e04 100644
--- a/src/chrome/content/rules/Gameological_Society.xml
+++ b/src/chrome/content/rules/Gameological_Society.xml
@@ -14,11 +14,12 @@
 <ruleset name="The Gameological Society (partial)">
 
 	<target host="gameological.com" />
-	<target host="*.gameological.com" />
+	<target host="quickman.gameological.com" />
+	<target host="www.gameological.com" />
 		<exclusion pattern="^http://(?:www\.)?gameological\.com/(?!favicon\.ico)" />
 
 
 	<rule from="^http://(?:quickman\.|www\.)?gameological\.com/"
 		to="https://douky4lqbffj8.cloudfront.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Gameplorer.de.xml b/src/chrome/content/rules/Gameplorer.de.xml
new file mode 100644
index 000000000000..16ec851e0768
--- /dev/null
+++ b/src/chrome/content/rules/Gameplorer.de.xml
@@ -0,0 +1,58 @@
+<!--
+	Cert mismatch:
+	- www.blackd.de
+	- mail.elderscrollsbote.de
+
+	- embed.exiled.eu
+
+	- all.gameplorer.de
+	- cdn.gameplorer.de
+	- diablo.gameplorer.de
+	- gw.gameplorer.de
+	- lol.gameplorer.de
+	- rift.gameplorer.de
+	- simssocial.gameplorer.de
+	- skyrama.gameplorer.de
+	- static.gameplorer.de
+	- stats.gameplorer.de
+	- tera.gameplorer.de
+	- tes.gameplorer.de
+	- (www.)tes.gameplorer.de
+	- tsw.gameplorer.de
+	- widgets.gameplorer.de
+	- wow.gameplorer.de
+
+	- dieb.guildwarscore.de
+	- ele.guildwarscore.de
+	- krieger.guildwarscore.de
+	- mesmer.guildwarscore.de
+	- nekro.guildwarscore.de
+	- waechter.guildwarscore.de
+	- waldlaeufer.guildwarscore.de
+
+	- embed.hearthstoneheroes.de
+	- img.hearthstoneheroes.de
+	- sg.hearthstoneheroes.de
+	- static.hearthstoneheroes.de
+
+	TLS not supported:
+		- gameplorer.de
+
+	TLS problems:
+		- elderscrollsbote.de
+		- exiled.eu
+		- www.guildwarscore.de
+		- hearthstoneheroes.de
+-->
+
+<ruleset name="GamePlorer.de (partial)">
+
+	<target host="www.elderscrollsbote.de" />
+	<target host="www.exiled.eu" />
+	<target host="www.gameplorer.de" />
+	<target host="www.hearthstoneheroes.de" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Gamer-network.net.xml b/src/chrome/content/rules/Gamer-network.net.xml
new file mode 100644
index 000000000000..a3d9e4d0d646
--- /dev/null
+++ b/src/chrome/content/rules/Gamer-network.net.xml
@@ -0,0 +1,44 @@
+<!--
+	Mismatched:
+		- staging.gamer-network.net
+		- www.beta-eurogamer-nl.beta.gamer-network.net
+		- www.preview-eurogamer-be.preview.gamer-network.net
+		- www.preview-eurogamer-de.preview.gamer-network.net
+		- www.preview-eurogamer-nl.preview.gamer-network.net
+		- www.preview-usgamer-net.preview.gamer-network.net
+		- preview.gamer-network.net
+		- cfa.gamer-network.net
+
+	Timeout:
+		- craig-mormont.dev.gamer-network.net
+		- dev.gamer-network.net
+		- izzy-rockpapershotgun-propjoe.dev.gamer-network.net
+		- www.mms-p2.gamer-network.net
+		- www.mms-test.dev.gamer-network.net
+
+	Expired:
+		- littleboy-eg*.gamer-network.net
+		- bigboy.gamer-network.net
+-->
+<ruleset name="Gamer-network.net">
+	<target host="gamer-network.net" />
+	<target host="www.gamer-network.net" />
+	<target host="beta-eurogamer-nl.beta.gamer-network.net" />
+	<target host="beta.gamer-network.net" />
+	<target host="www.beta.gamer-network.net" />
+	<target host="beta-rockpapershotgun-com.gamer-network.net" />
+	<target host="cdn.gamer-network.net" />
+	<target host="curatorgator.gamer-network.net" />
+	<target host="gpoll.gamer-network.net" />
+	<target host="gquiz.gamer-network.net" />
+	<target host="mms-p2.dev.gamer-network.net" />
+	<target host="mms-test.dev.gamer-network.net" />
+	<target host="mormont.gamer-network.net" />
+	<target host="preview-eurogamer-be.preview.gamer-network.net" />
+	<target host="preview-eurogamer-de.preview.gamer-network.net" />
+	<target host="preview-eurogamer-nl.preview.gamer-network.net" />
+	<target host="www.preview.gamer-network.net" />
+	<target host="preview-usgamer-net.preview.gamer-network.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/GamerSky.com.xml b/src/chrome/content/rules/GamerSky.com.xml
new file mode 100644
index 000000000000..543f259901ce
--- /dev/null
+++ b/src/chrome/content/rules/GamerSky.com.xml
@@ -0,0 +1,157 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+		- soso.gamersky.com
+
+		Timeout was reached:
+		- abbs.gamersky.com
+		- ac1.gamersky.com
+		- ac2.gamersky.com
+		- ac3.gamersky.com
+		- ac4.gamersky.com
+		- bt1.gamersky.com
+		- bt2.gamersky.com
+		- bt5.gamersky.com
+		- d6.gamersky.com
+		- d8.gamersky.com
+		- ftp6.gamersky.com
+		- sy.ht.gamersky.com
+		- m.gamersky.com
+		- pay1.gamersky.com
+		- pop3.gamersky.com
+		- sy.gamersky.com
+
+		SSL connect error:
+		- gamersky.com
+		- ayuansjz.gamersky.com
+		- d3.gamersky.com
+		- ftp2.gamersky.com
+		- ftp2a.gamersky.com
+		- ftp2b.gamersky.com
+		- ftp3.gamersky.com
+		- ftp4.gamersky.com
+		- ftp7.gamersky.com
+		- ftp8.gamersky.com
+		- instrument.gamersky.com
+		- sheis.gamersky.com
+		- smtp.gamersky.com
+		- www3.gamersky.com
+
+		SSL peer certificate was not OK:
+		- yeyou.img.gamersky.com
+		- mail.gamersky.com
+
+		4xx client error:
+		- adb.gamersky.com
+		- adb2.gamersky.com
+		- adb3.gamersky.com
+		- am.gamersky.com
+		- am2.gamersky.com
+		- app.gamersky.com
+		- appapi2click.gamersky.com
+		- atest.gamersky.com
+		- ayeyou.gamersky.com
+		- ayuan.gamersky.com
+		- bbsimg.gamersky.com
+		- btfile.gamersky.com
+		- click.gamersky.com
+		- cms.gamersky.com
+		- d2.gamersky.com
+		- d4.gamersky.com
+		- db2.gamersky.com
+		- db3.gamersky.com
+		- db4.gamersky.com
+		- db5.gamersky.com
+		- db6.gamersky.com
+		- db7.gamersky.com
+		- dev.gamersky.com
+		- external.gamersky.com
+		- flash.gamersky.com
+		- image.gamersky.com
+		- img.gamersky.com
+		- img1.gamersky.com
+		- img2.gamersky.com
+		- img3.gamersky.com
+		- img4.gamersky.com
+		- img6.gamersky.com
+		- img7.gamersky.com
+		- imgf.gamersky.com
+		- imgf1.gamersky.com
+		- imggif.gamersky.com
+		- imgs.gamersky.com
+		- j.gamersky.com
+		- ja.gamersky.com
+		- ja1.gamersky.com
+		- ja2.gamersky.com
+		- mqttd.gamersky.com
+		- op.gamersky.com
+		- pad.gamersky.com
+		- steamapi.gamersky.com
+		- sx.gamersky.com
+		- t.gamersky.com
+		- tag.gamersky.com
+		- up.gamersky.com
+		- vote.gamersky.com
+		- zhidao.gamersky.com
+
+		Redirects to HTTP:
+		- bbs.gamersky.com
+
+		Mixed content blocking (MCB) triggered:
+		- cm.gamersky.com
+		- cm1.gamersky.com
+		- launch.gamersky.com
+		- launch1.gamersky.com
+		- pay.gamersky.com
+		- so.gamersky.com
+		- tech.gamersky.com
+-->
+<ruleset name="GamerSky.com">
+	<target host="gamersky.com" />
+	<target host="www.gamersky.com" />
+	<target host="a.gamersky.com" />
+	<target host="acg.gamersky.com" />
+	<target host="android.gamersky.com" />
+	<target host="appapi.gamersky.com" />
+	<target host="appapi2.gamersky.com" />
+	<target host="appapitest.gamersky.com" />
+	<target host="blizzcon.gamersky.com" />
+	<target host="bns.gamersky.com" />
+	<target host="chinajoy.gamersky.com" />
+	<target host="club.gamersky.com" />
+	<target host="codol.gamersky.com" />
+	<target host="csgo.gamersky.com" />
+	<target host="donghua.gamersky.com" />
+	<target host="down.gamersky.com" />
+	<target host="e3.gamersky.com" />
+	<target host="emu.gamersky.com" />
+	<target host="esports.gamersky.com" />
+	<target host="fahao.gamersky.com" />
+	<target host="gamescom.gamersky.com" />
+	<target host="h5.gamersky.com" />
+	<target host="i.gamersky.com" />
+	<target host="i1.gamersky.com" />
+	<target host="itest.gamersky.com" />
+	<target host="ku.gamersky.com" />
+	<target host="link.gamersky.com" />
+	<target host="live.gamersky.com" />
+	<target host="notify.gamersky.com" />
+	<target host="ol.gamersky.com" />
+	<target host="ow.gamersky.com" />
+	<target host="owesports.gamersky.com" />
+	<target host="pic.gamersky.com" />
+	<target host="shouyou.gamersky.com" />
+	<target host="tgs.gamersky.com" />
+	<target host="tv.gamersky.com" />
+	<target host="u.gamersky.com" />
+	<target host="v.gamersky.com" />
+	<target host="vr.gamersky.com" />
+	<target host="wap.gamersky.com" />
+	<target host="web.gamersky.com" />
+	<target host="wow.gamersky.com" />
+	<target host="wt.gamersky.com" />
+	<target host="yeyou.gamersky.com" />
+
+	<rule from="^http://gamersky\.com/" to="https://www.gamersky.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Gamersfirst.com.xml b/src/chrome/content/rules/Gamersfirst.com.xml
index 0cd6c857ba2f..0027bc99389e 100644
--- a/src/chrome/content/rules/Gamersfirst.com.xml
+++ b/src/chrome/content/rules/Gamersfirst.com.xml
@@ -2,7 +2,7 @@
   <target host="www.gamersfirst.com"/>
   <target host="gamersfirst.com"/>
   <target host="merchants.gamersfirst.com"/>
-  <rule from="^http://(www\.)?gamersfirst\.com/" to="https://www.gamersfirst.com/"/>
+  <rule from="^http://(?:www\.)?gamersfirst\.com/" to="https://www.gamersfirst.com/"/>
   <rule from="^http://merchants\.gamersfirst\.com/" to="https://merchants.gamersfirst.com/"/>
 </ruleset>
-<!-- Rule generated by HTTPS Finder 0.85 -->
\ No newline at end of file
+<!-- Rule generated by HTTPS Finder 0.85 -->
diff --git a/src/chrome/content/rules/Games-Reviews.net.xml b/src/chrome/content/rules/Games-Reviews.net.xml
new file mode 100644
index 000000000000..6cdebd3be2b1
--- /dev/null
+++ b/src/chrome/content/rules/Games-Reviews.net.xml
@@ -0,0 +1,8 @@
+<ruleset name="Games-Reviews.net">
+	<target host="games-reviews.net" />
+	<target host="www.games-reviews.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/GamesOnly.xml b/src/chrome/content/rules/GamesOnly.xml
new file mode 100644
index 000000000000..49d4e516605e
--- /dev/null
+++ b/src/chrome/content/rules/GamesOnly.xml
@@ -0,0 +1,6 @@
+<ruleset name="GamesOnly.at">
+    <target host="gamesonly.at" />
+    <target host="www.gamesonly.at" />
+
+    <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Gamesites.cz.xml b/src/chrome/content/rules/Gamesites.cz.xml
new file mode 100644
index 000000000000..d109317e4ca6
--- /dev/null
+++ b/src/chrome/content/rules/Gamesites.cz.xml
@@ -0,0 +1,7 @@
+<ruleset name="Gamesites.cz">
+    <target host="gamesites.cz" />
+    <target host="www.gamesites.cz" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Gamesrocket.de.xml b/src/chrome/content/rules/Gamesrocket.de.xml
new file mode 100644
index 000000000000..48d09985a9e9
--- /dev/null
+++ b/src/chrome/content/rules/Gamesrocket.de.xml
@@ -0,0 +1,6 @@
+<ruleset name="Gamesrocket.de">
+  <target host="gamesrocket.de" />
+  <target host="www.gamesrocket.de" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Gamestar.de.xml b/src/chrome/content/rules/Gamestar.de.xml
new file mode 100644
index 000000000000..d351400521f7
--- /dev/null
+++ b/src/chrome/content/rules/Gamestar.de.xml
@@ -0,0 +1,6 @@
+<ruleset name="Gamestar.de">
+<target host="images.gamestar.de" />
+<!-- www redirects to plain http currently -->
+
+<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Gamestar_Mechanic.xml b/src/chrome/content/rules/Gamestar_Mechanic.xml
index e597fc5ed328..439a974679a7 100644
--- a/src/chrome/content/rules/Gamestar_Mechanic.xml
+++ b/src/chrome/content/rules/Gamestar_Mechanic.xml
@@ -32,16 +32,33 @@
 <ruleset name="Gamestar Mechanic">
 
 	<target host="gamestarmechanic.com" />
-	<target host="*.gamestarmechanic.com" />
+	<target host="chalkable.gamestarmechanic.com" />
+	<target host="chalkable.stage.gamestarmechanic.com" />
+	<target host="edmodo.gamestarmechanic.com" />
+	<target host="edmodo.stage.gamestarmechanic.com" />
+	<target host="lti.gamestarmechanic.com" />
+	<target host="lti.stage.gamestarmechanic.com" />
+	<target host="schoology.gamestarmechanic.com" />
+	<target host="schoology.stage.gamestarmechanic.com" />
+	<target host="cq.gamestarmechanic.com" />
+	<target host="dev.gamestarmechanic.com" />
+	<target host="dyn.gamestarmechanic.com" />
+	<target host="ltps.gamestarmechanic.com" />
+	<target host="msu.gamestarmechanic.com" />
+	<target host="njbegich.gamestarmechanic.com" />
+	<target host="q2l.gamestarmechanic.com" />
+	<target host="ramapo.gamestarmechanic.com" />
+	<target host="stmarysschool.gamestarmechanic.com" />
+	<target host="www.gamestarmechanic.com" />
+	<target host="cdn.gamestarmechanic.com" />
 
 
 	<securecookie host=".*\.gamestarmechanic\.com$" name=".+" />
 
 
-	<rule from="^http://((?:(?:chalkable|edmodo|lti|schoology)?(?:\.stage)?|cq|dev|dyn|ltps|msu|njbegich|q2l|ramapo|stmarysschool|www)\.)?gamestarmechanic\.com/"
-		to="https://$1gamestarmechanic.com/" />
 
-	<rule from="^https?://cdn\.gamestarmechanic\.com/"
+	<rule from="^http://cdn\.gamestarmechanic\.com/"
 		to="https://d1uoa9d4t4btfa.cloudfront.net/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Gameswelt.de.xml b/src/chrome/content/rules/Gameswelt.de.xml
new file mode 100644
index 000000000000..aaaaf0a65e85
--- /dev/null
+++ b/src/chrome/content/rules/Gameswelt.de.xml
@@ -0,0 +1,7 @@
+<ruleset name="Gameswelt.de">
+<target host="www.gameswelt.de" />
+<target host="mediang.gameswelt.net" />
+<target host="static.gameswelt.net" />
+
+<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Gametracker.com.xml b/src/chrome/content/rules/Gametracker.com.xml
index aecfd86715e2..7aa81d70ba82 100644
--- a/src/chrome/content/rules/Gametracker.com.xml
+++ b/src/chrome/content/rules/Gametracker.com.xml
@@ -1,7 +1,6 @@
-<ruleset name="Gametracker.com (partial)">
+<ruleset name="Gametracker.com">
   <target host="www.gametracker.com"/>
   <target host="gametracker.com"/>
-  <target host="image.www.gametracker.com"/>
-  <rule from="^http://(www\.)?gametracker\.com/" to="https://www.gametracker.com/"/>
-  <rule from="^http://image\.www\.gametracker\.com/" to="https://image.www.gametracker.com/"/>
-</ruleset>
\ No newline at end of file
+  <target host="image.gametracker.com"/>
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Gamewithyourbrain.com.xml b/src/chrome/content/rules/Gamewithyourbrain.com.xml
new file mode 100644
index 000000000000..45b9afd34b5d
--- /dev/null
+++ b/src/chrome/content/rules/Gamewithyourbrain.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="Gamewithyourbrain">
+
+	<target host="gamewithyourbrain.com" />
+	<target host="www.gamewithyourbrain.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Gamezebo.xml b/src/chrome/content/rules/Gamezebo.xml
index 0b1def9ec3ae..84d0a639f9fd 100644
--- a/src/chrome/content/rules/Gamezebo.xml
+++ b/src/chrome/content/rules/Gamezebo.xml
@@ -1,4 +1,6 @@
 <!--
+Automatically by https-everywhere-checker because:
+Fetch error: http://gamezebo.com/ => https://gamezebo.com/: (28, 'Connection timed out after 10000 milliseconds')
 	CDN buckets:
 
 		- c346205.r5.cf1.rackcdn.com
@@ -25,4 +27,4 @@
 	<rule from="^http://qa\.gamezebo\.com/gamezebov\d/"
 		to="https://www.gamezebo.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Gamigo.com.xml b/src/chrome/content/rules/Gamigo.com.xml
new file mode 100644
index 000000000000..f5d352622dea
--- /dev/null
+++ b/src/chrome/content/rules/Gamigo.com.xml
@@ -0,0 +1,89 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://de.gamigo.com/ => https://de.gamigo.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://nl.gamigo.com/ => https://nl.gamigo.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://support.gamigo.com/ => https://support.gamigo.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	Problematic hosts in *gamigo.com:
+
+		- ^ ¹
+		- client.cdn *
+		- en.start ² ³
+		- us ¹
+
+	¹ Dropped
+	* Akamai
+	² Expired
+	³ Mismatched
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .gamigo.com
+		- fiesta.gamigo.com
+		- support.gamigo.com
+
+
+	Mixed content:
+
+		- css on dev-lounge from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="gamigo.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="assets.cdn.gamigo.com" />
+	<target host="de.gamigo.com" />
+	<target host="dev-lounge.gamigo.com" />
+	<target host="en.gamigo.com" />
+	<target host="es.gamigo.com" />
+	<target host="fiesta.gamigo.com" />
+	<target host="fr.gamigo.com" />
+	<target host="nl.gamigo.com" />
+	<target host="pl.gamigo.com" />
+	<target host="pt.gamigo.com" />
+	<target host="ru.gamigo.com" />
+	<!--target host="en.start.gamigo.com" /-->
+	<target host="support.gamigo.com" />
+	<target host="tr.gamigo.com" />
+	<target host="www.gamigo.com" />
+
+	<!--	Complications:
+				-->
+	<target host="gamigo.com" />
+	<!--target host="client.cdn.gamigo.com" /-->
+	<target host="us.gamigo.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.gamigo\.com$" name="^BIGipServer[\w.]+$"  /-->
+	<!--securecookie host="^fiesta\.gamigo\.com$" name="^fo_(?:session|vo_security)$" /-->
+	<!--securecookie host="^support\.gamigo\.com$" name="^(?:PHPSESSID|SWIFT_client|SWIFT_sessionid40)$"  /-->
+
+	<securecookie host="^\.gamigo\.com$" name="^BIGipServer[\w.]+$" />
+	<securecookie host="^\w.*\.gamigo\.com$" name=".+" />
+
+
+	<rule from="^http://gamigo\.com/"
+		to="https://www.gamigo.com/" />
+
+	<!--rule from="^http://client\.cdn\.gamigo\.com/"
+		to="https://???.akamaihd.net/" /-->
+
+	<!--	Redirect drops path and forward
+		slash, but not args:
+					-->
+	<rule from="^http://us\.gamigo\.com/[^?]*"
+		to="https://en.gamigo.com/" />
+
+		<test url="http://us.gamigo.com//" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Gaminator.xml b/src/chrome/content/rules/Gaminator.xml
deleted file mode 100644
index 2e944fb50ae9..000000000000
--- a/src/chrome/content/rules/Gaminator.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	Problematic domains:
-
-		- (www.)gaminatorslots.com	(expired 2012-05-18)
-
--->
-<ruleset name="Gaminator">
-
-	<target host="gaminatorslots.com" />
-	<target host="www.gaminatorslots.com" />
-	<target host="slotsgaminator.com" />
-	<target host="*.slotsgaminator.com" />
-
-
-	<securecookie host="^w*\.slotsgaminator\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?(?:gaminatorslots|slotsgaminator)\.com/"
-		to="https://$1slotsgaminator.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/GamingOnLinux.com.xml b/src/chrome/content/rules/GamingOnLinux.com.xml
new file mode 100644
index 000000000000..c5a8d583c15d
--- /dev/null
+++ b/src/chrome/content/rules/GamingOnLinux.com.xml
@@ -0,0 +1,11 @@
+<ruleset name="GamingOnLinux.com">
+
+	<target host="gamingonlinux.com" />
+	<target host="www.gamingonlinux.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Gamma-Group.xml b/src/chrome/content/rules/Gamma-Group.xml
deleted file mode 100644
index 12a53a57e815..000000000000
--- a/src/chrome/content/rules/Gamma-Group.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<ruleset name="Gamma Group">
-
-	<target host="gammagroup.com" />
-	<target host="www.gammagroup.com" />
-
-
-	<!--	!www doesn't work over https.	-->
-	<rule from="^https?://(?:www\.)?gammagroup\.com/"
-		to="https://www.gammagroup.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/GammaE.com.xml b/src/chrome/content/rules/GammaE.com.xml
index 51e60e93b5da..896412e5a581 100644
--- a/src/chrome/content/rules/GammaE.com.xml
+++ b/src/chrome/content/rules/GammaE.com.xml
@@ -13,7 +13,8 @@
 <ruleset name="GammaE.com">
 
 	<target host="gammae.com" />
-	<target host="*.gammae.com" />
+	<target host="www.gammae.com" />
+	<target host="ad2.gammae.com" />
 
 
 	<securecookie host="^ad2\.gammae\.com$" name=".+" />
@@ -22,7 +23,6 @@
 	<rule from="^http://(?:www\.)?gammae\.com/"
 		to="https://www.gammae.com/" />
 
-	<rule from="^http://ad2\.gammae\.com/"
-		to="https://ad2.gammae.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Gamona.de.xml b/src/chrome/content/rules/Gamona.de.xml
new file mode 100644
index 000000000000..fe565c56a855
--- /dev/null
+++ b/src/chrome/content/rules/Gamona.de.xml
@@ -0,0 +1,4 @@
+<ruleset name="Gamona.de">
+<target host="www.gamona.de" />
+<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Gandi.xml b/src/chrome/content/rules/Gandi.xml
index 8b9b9a011127..1edf47555ef3 100644
--- a/src/chrome/content/rules/Gandi.xml
+++ b/src/chrome/content/rules/Gandi.xml
@@ -7,5 +7,5 @@
   <rule from="^http://uk\.gandi\.net/([^?#]*)(?:\?([^#]+))?(#.*)?$" to="https://www.gandi.net/$1?lang=en&#x26;$2$3" />
   <rule from="^http://(blog|cal|wiki)\.gandi\.net/" to="https://$1.gandi.net/"/>
 
-  <securecookie host="^(?:(?:blog|cal|en|es|uk|wiki|www)\.)?gandi\.net$" name=".*" />
+  <securecookie host="^(?:(?:blog|cal|en|es|uk|wiki|www)\.)?gandi\.net$" name=".+" />
 </ruleset>
diff --git a/src/chrome/content/rules/Gang_Land_News.xml b/src/chrome/content/rules/Gang_Land_News.xml
index 8fd5360e1010..bf8a66b30dc6 100644
--- a/src/chrome/content/rules/Gang_Land_News.xml
+++ b/src/chrome/content/rules/Gang_Land_News.xml
@@ -1,13 +1,12 @@
 <ruleset name="Gang Land News">
 
 	<target host="ganglandnews.com" />
-	<target host="*.ganglandnews.com" />
+	<target host="www.ganglandnews.com" />
 
 
 	<securecookie host="^\.(?:www\.)?ganglandnews\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?ganglandnews\.com/"
-		to="https://$1ganglandnews.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Ganjoor.net.xml b/src/chrome/content/rules/Ganjoor.net.xml
new file mode 100644
index 000000000000..8910c069cf61
--- /dev/null
+++ b/src/chrome/content/rules/Ganjoor.net.xml
@@ -0,0 +1,15 @@
+<!--
+	Invalid Certificate:
+		ava.ganjoor.net
+		blog.ganjoor.net
+		c.ganjoor.net
+		epub.ganjoor.net
+		v.ganjoor.net
+-->
+<ruleset name="Ganjoor.net">
+	<target host="ganjoor.net"/>
+	<target host="www.ganjoor.net"/>
+	<target host="i.ganjoor.net"/>
+
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/Gannett-Company.xml b/src/chrome/content/rules/Gannett-Company.xml
index f431015b544b..11045d12dcf5 100644
--- a/src/chrome/content/rules/Gannett-Company.xml
+++ b/src/chrome/content/rules/Gannett-Company.xml
@@ -1,15 +1,21 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://deals.montomeryadvertiser.com/ => http://deals.montomeryadvertiser.com/: (6, 'Could not resolve host: deals.montomeryadvertiser.com')
+Fetch error: http://classifieds.nncogannett.com/ => https://classifieds.nncogannett.com/: (28, 'Connection timed out after 20000 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://ssl1.gmti.com/ => https://ssl1.gmti.com/: (7, 'Failed to connect to ssl1.gmti.com port 80: Connection refused')
+Fetch error: http://deals.montomeryadvertiser.com/ => http://deals.montomeryadvertiser.com/: (6, 'Could not resolve host: deals.montomeryadvertiser.com')
 	Other Gannett Company rulesets:
 
-		- Army_Times.xml
+		- ArmyTimes.com.xml
 		- Asbury_Park_Press.xml
 		- Asheville_Citizen-Times.xml
 		- Bucyrus_Telegraph_Forum.xml
 		- Cincinnati.com.xml
 		- Coloradoan.xml
-		- Gannet-Company.xml
-		- Gannett-cdn.com.xml
-		- GannettLocal.xml
+		- GCIon.com.xml
 		- Azcentral.com.xml
 		- Battle_Creek_Enquirer.xml
 		- Baxter_Bulletin.xml
@@ -35,6 +41,9 @@
 		- Zanesville_Times_Recorder.xml
 
 
+	usat.ly is handled in Bit.ly_vanity_domains.xml.
+
+
 	www.gannett.com/section/WHOWEARE06
 
 
@@ -42,11 +51,15 @@
 
 		- gntbcstglobal.112.2o7.net
 
+		- s3-us-west-2.amazonaws.com/gannettdigital-static-web/
+
 		- bcdownload.gannett.edgesuite.net
 
-		- img.gannett.edgesuite.net 
+		- img.gannett.edgesuite.net
 			- cmsimg.floridatoday.com
 
+		- i.usatoday.net.edgesuite.net
+
 
 	Nonfunctional domains:
 
@@ -63,9 +76,9 @@
 		- floridatoday.gon.gannettonline.com
 		- gon.gannettonline.com			(no https)
 		- static.gcion.net			(no https)
-		- cherryhi.ur.gcion.com			(no https)
 		- montgomeryadvertiser.com
 		- www.montgomeryadvertiser.com		(Akamai; 503)
+		- i.usatoday.net *
 		- www.vipjacksonmag.com			(no https)
 
 	* 503, akamai
@@ -73,7 +86,6 @@
 
 	Problematic domains:
 
-		- newspaper.app30.ur.gcion.com		(works; expired 2012-04-29, depth mismatched)
 		- deals.montomeryadvertiser.com		(CN: *.planetdiscover.com)
 
 
@@ -98,11 +110,10 @@
 		- classifieds.nncogannett.com
 
 -->
-<ruleset name="Gannett Company (partial)">
+<ruleset name="Gannett Company (partial)" default_off="failed ruleset test">
 
 	<target host="*.dmslocal.com" />
 	<target host="*.gannett.com" />
-	<target host="myaccount.gcion.com" />
 	<target host="ssl1.gmti.com" />
 	<target host="deals.montomeryadvertiser.com" />
 	<target host="classifieds.nncogannett.com" />
@@ -125,13 +136,10 @@
 	<rule from="^http://benefits\.gannett\.com/[^\?]*(\?.*)?"
 		to="https://www.benefitsweb.com/gannett.html$1" />
 
-	<rule from="^http://myaccount\.gcion\.com/"
-		to="https://myaccount.gcion.com/" />
-
 	<rule from="^http://ssl1\.gmti\.com/"
 		to="https://ssl1.gmti.com/" />
 
-	<rule from="^https?://deals\.montgomeryadvertiser\.com/"
+	<rule from="^http://deals\.montgomeryadvertiser\.com/"
 		to="https://montgom.planetdiscover.com/" />
 
 	<rule from="^http://classifieds\.nncogannett\.com/"
diff --git a/src/chrome/content/rules/Gannett-cdn.com.xml b/src/chrome/content/rules/Gannett-cdn.com.xml
deleted file mode 100644
index 360f63db96bf..000000000000
--- a/src/chrome/content/rules/Gannett-cdn.com.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	For other Gannett Company coverage, see Gannett-Company.xml.
-
-
-	CDN buckets:
-
-		- www.gannett-cdn.com.edgesuite.net
-
--->
-<ruleset name="gannett-cdn.com (partial)">
-
-	<target host="www.gannett-cdn.com" />
-		<!--
-			503:
-				-->
-		<!--exclusion pattern="^http://www\.gannett-cdn\.com/(?:charts|media|-mm-)/" /-->
-
-
-	<rule from="^http://www\.gannett-cdn\.com/static/"
-		to="https://a248.e.akamai.net/f/1467/1/g2/www.gannett-cdn.com/static/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/GannettLocal.xml b/src/chrome/content/rules/GannettLocal.xml
deleted file mode 100644
index dc226d00e4e6..000000000000
--- a/src/chrome/content/rules/GannettLocal.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	For other Gannett Company coverage, see Gannett-Company.xml.
-
-
-	Nonfunctional subdomains:
-
-		- (www.)	(http reply)
-
--->
-<ruleset name="GannettLocal (partial)">
-
-	<target host="*.gannettlocal.com" />
-
-
-	<securecookie host="^(?:support|wiki)\.gannettlocal\.com$" name=".+" />
-
-
-	<rule from="^http://(support|wiki)\.gannettlocal\.com/"
-		to="https://$1.gannettlocal.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Gannett_Ridge.xml b/src/chrome/content/rules/Gannett_Ridge.xml
index d085915b73f7..464874f36b63 100644
--- a/src/chrome/content/rules/Gannett_Ridge.xml
+++ b/src/chrome/content/rules/Gannett_Ridge.xml
@@ -1,4 +1,17 @@
-<ruleset name="Gannett Ridge">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://gannettridge.com/ => https://gannettridge.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+-->
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://gannettridge.com/ => https://gannettridge.com/: (51, "SSL: no alternative certificate subject name matches target host name 'gannettridge.com'")
+Fetch error: http://www.gannettridge.com/ => https://www.gannettridge.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.gannettridge.com'")
+
+-->
+<ruleset name="Gannett Ridge" default_off="failed ruleset test">
 
 	<target host="gannettridge.com" />
 	<target host="www.gannettridge.com" />
@@ -7,7 +20,6 @@
 	<securecookie host="^(?:www\.)?gannettridge\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?gannettridge\.com/"
-		to="https://$1gannettridge.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Ganttproject.biz-mixedcontent.xml b/src/chrome/content/rules/Ganttproject.biz-mixedcontent.xml
new file mode 100644
index 000000000000..b7b7e1b8b4ea
--- /dev/null
+++ b/src/chrome/content/rules/Ganttproject.biz-mixedcontent.xml
@@ -0,0 +1,13 @@
+<!--
+	See also:
+		+ Ganttproject.biz.xml
+
+	Site contains various mixed content from Google.
+-->
+<ruleset name="Ganttproject.biz" platform="mixedcontent">
+	<target host="ganttproject.biz" />
+	<target host="www.ganttproject.biz" />
+
+	<rule from="^http://ganttproject\.biz/" to="https://www.ganttproject.biz/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ganttproject.biz.xml b/src/chrome/content/rules/Ganttproject.biz.xml
new file mode 100644
index 000000000000..cd01779ebcfa
--- /dev/null
+++ b/src/chrome/content/rules/Ganttproject.biz.xml
@@ -0,0 +1,25 @@
+<!--
+	See also:
+		+ Ganttproject.biz-mixedcontent.xml
+
+	Nonfunctional hosts in *.ganttproject.biz:
+		- ganttproject.biz (f)
+		- www.ganttproject.biz (mixed content)
+		- webdav.ganttproject.biz (f)
+
+	f: secure connection failed
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Ganttproject.biz (partial)">
+	<target host="cloud.ganttproject.biz" />
+	<target host="dl.ganttproject.biz" />
+	<target host="docs.ganttproject.biz" />
+	<target host="forum.ganttproject.biz" />
+	<target host="help.ganttproject.biz" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ganz_eStore.com.xml b/src/chrome/content/rules/Ganz_eStore.com.xml
new file mode 100644
index 000000000000..43f8c4200caa
--- /dev/null
+++ b/src/chrome/content/rules/Ganz_eStore.com.xml
@@ -0,0 +1,20 @@
+<!--
+	- ^	(cert only matches *.ganzestore.com)
+
+-->
+<ruleset name="Ganz eStore.com (partial)">
+
+	<target host="ganzestore.com" />
+	<target host="www.ganzestore.com" />
+	<target host="adimages.ganzestore.com" />
+
+
+	<securecookie host="^(?:www\.)?ganzestore\.com$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?ganzestore\.com/"
+		to="https://www.ganzestore.com/" />
+
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/GarageGames.xml b/src/chrome/content/rules/GarageGames.xml
index b03a161ce08c..0d82608da043 100644
--- a/src/chrome/content/rules/GarageGames.xml
+++ b/src/chrome/content/rules/GarageGames.xml
@@ -1,13 +1,20 @@
-<ruleset name="GarageGames">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://service.garagegames.com/ => https://service.garagegames.com/: (6, 'Could not resolve host: service.garagegames.com')
+
+-->
+<ruleset name="GarageGames" default_off="failed ruleset test">
 
 	<target host="garagegames.com" />
-	<target host="*.garagegames.com" />
+	<target host="service.garagegames.com" />
+	<target host="static.garagegames.com" />
+	<target host="www.garagegames.com" />
 
 
 	<securecookie host="^\.garagegames\.com$" name=".+" />
 
 
-	<rule from="^http://(service\.|static\.|www\.)?garagegames\.com/"
-		to="https://$1garagegames.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Garcinia_Cambogia_VitalMend.com.xml b/src/chrome/content/rules/Garcinia_Cambogia_VitalMend.com.xml
new file mode 100644
index 000000000000..b65997ba2f79
--- /dev/null
+++ b/src/chrome/content/rules/Garcinia_Cambogia_VitalMend.com.xml
@@ -0,0 +1,28 @@
+<!--
+	For other VitalMend coverage, see VitalMend.com.xml.
+
+
+	Some pages redirect to http.
+
+-->
+<ruleset name="Garcinia Cambogia VitalMend.com (partial)">
+
+	<target host="garciniacambogiavitalmend.com" />
+	<target host="www.garciniacambogiavitalmend.com" />
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="^http://(www\.)?garciniacambogiavitalmend.com/+($|\?|blog/$|cart/$|purchase/$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="^http://(www\.)?garciniacambogiavitalmend.com/+(checkout($|[?/])|favicon\.ico|wp-content/|wp-includes/)" /-->
+
+
+	<securecookie host="^\.garciniacambogiavitalmend\.com$" name="^__qca$" />
+
+
+	<rule from="^http://(www\.)?garciniacambogiavitalmend\.com/(?=checkout(?:$|[?/])|favicon\.ico|wp-content/|wp-includes/)"
+		to="https://$1garciniacambogiavitalmend.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Gardening-Know-How.com.xml b/src/chrome/content/rules/Gardening-Know-How.com.xml
new file mode 100644
index 000000000000..0bcfef01ca05
--- /dev/null
+++ b/src/chrome/content/rules/Gardening-Know-How.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="Gardening Know How.com">
+
+	<target host="gardeningknowhow.com" />
+	<target host="www.gardeningknowhow.com" />
+	<target host="blog.gardeningknowhow.com" />
+	<target host="questions.gardeningknowhow.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Garfield.com.xml b/src/chrome/content/rules/Garfield.com.xml
new file mode 100644
index 000000000000..d1ccfe25a19d
--- /dev/null
+++ b/src/chrome/content/rules/Garfield.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="Garfield.com">
+  <target host="garfield.com" />
+  <target host="www.garfield.com" />
+  <target host="licensee.garfield.com" />
+
+  <rule from="^http://(?:www\.)?garfield\.com/" to="https://garfield.com/" />
+  <rule from="^http://licensee\.garfield\.com/" to="https://licensee.garfield.com/" />
+</ruleset>
diff --git a/src/chrome/content/rules/Garron.me.xml b/src/chrome/content/rules/Garron.me.xml
new file mode 100644
index 000000000000..345e17845684
--- /dev/null
+++ b/src/chrome/content/rules/Garron.me.xml
@@ -0,0 +1,12 @@
+<ruleset name="Garron.me">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="garron.me" />
+	<target host="www.garron.me" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GarryPotter.net.xml b/src/chrome/content/rules/GarryPotter.net.xml
new file mode 100644
index 000000000000..0221f315495f
--- /dev/null
+++ b/src/chrome/content/rules/GarryPotter.net.xml
@@ -0,0 +1,8 @@
+<ruleset name="GarryPotter.net">
+	<target host="garrypotter.net" />
+	<target host="www.garrypotter.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Gartner.com.xml b/src/chrome/content/rules/Gartner.com.xml
index 63ec87330e7b..aec9f8025a73 100644
--- a/src/chrome/content/rules/Gartner.com.xml
+++ b/src/chrome/content/rules/Gartner.com.xml
@@ -2,30 +2,107 @@
 	Problematic subdomains:
 
 		- ^ *
+		- blogs ²
+		- investor ³
 		- na[123].www *
 
 	* Cert only matches www
+	² Mixed css
+	³ corporate-ir.net
+
+
+	Insecure cookies are set for these domains:
+
+		- .gartner.com
+		- my.gartner.com
+		- www.gartner.com
+
+
+	Mixed content:
+
+		- css, on:
+
+			- blogs from $self *
+			- investor from www *
+			- investor from phx.corporate-ir.net *
+			- my from $self *
+
+		- Images, on:
+
+			- blogs from imagesrv *
+			- blogs from www *
+		- Images www from on na[123].www *
+
+	* Secured by us
 
 -->
 <ruleset name="Gartner.com (partial)">
 
+	<!--	Direct rewrites:
+				-->
+	<target host="blogs.gartner.com" />
+	<target host="imagesrv.gartner.com" />
+	<target host="my.gartner.com" />
+	<target host="www.gartner.com" />
+
+	<!--	Complications:
+				-->
 	<target host="gartner.com" />
-	<target host="*.gartner.com" />
-		<!--
-			Started redirecting to http.
+	<target host="na1.www.gartner.com" />
+	<target host="na2.www.gartner.com" />
+	<target host="na3.www.gartner.com" />
+
+		<!--	Avoid broken MCB:
+						-->
+		<exclusion pattern="^http://blogs\.gartner\.com/+(?!favicon\.ico|gbn-feed(?:$|[?/])|wp-content/|wp-includes/)" />
+
+			<test url="http://blogs.gartner.com/blog/category/big-data/" />
+			<test url="http://blogs.gartner.com/blog/category/it-cost-optimization/" />
+			<test url="http://blogs.gartner.com/blog/category/mobile/" />
+			<test url="http://blogs.gartner.com/blog/category/trends-predictions/" />
+			<test url="http://blogs.gartner.com/digital-marketing/" />
+			<test url="http://blogs.gartner.com/gartner-public-web-participation-guidelines/" />
+			<test url="http://blogs.gartner.com/mark_driver" />
+
+			<!--	-ve:
+					-->
+			<test url="http://blogs.gartner.com/favicon.ico" />
+			<test url="http://blogs.gartner.com/gbn-feed" />
+			<test url="http://blogs.gartner.com/wp-content/themes/gbn_home_2015/images/gartner-logo.gif" />
+
+		<!--	Started redirecting to http.
 							-->
-		<exclusion pattern="^http://www\.gartner\.com/.+\.jsp(?:$|\?)" />
+		<exclusion pattern="^http://www\.gartner\.com/(?!SignIn\.jsp).+\.jsp(?:$|\?)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.gartner.com/technology/about.jsp" />
+			<test url="http://www.gartner.com/technology/contact/contact_gartner.jsp" />
+			<test url="http://www.gartner.com/technology/home.jsp" />
+			<test url="http://www.gartner.com/technology/research.jsp" />
+			<test url="http://www.gartner.com/technology/site-index.jsp" />
+			<test url="http://www.gartner.com/technology/topics/cloud-computing.jsp" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.gartner.com/imagesrv/images/gartner136.gif" />
+			<test url="http://www.gartner.com/login/loginInitAction.do" />
+			<test url="http://www.gartner.com/user/registration/prospect" />
 
 
-	<!--	Commented for the reason above.
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.gartner\.com$" name="^(MKTSESSIONID|WebLogicSession)$" /-->
+	<!--securecookie host="^my\.gartner\.com$" name="^(MY_GARTNER_JSESSIONID|TS[\d0-9]{8})$" /-->
+	<!--securecookie host="^www\.gartner\.com$" name="^(_op_aixPageId|LoginWLSessionID|TS[\d0-9]{8})$" /-->
 
-	<securecookie host="^www\.gartner\.com$" name=".+" /-->
+	<securecookie host="^my\.gartner\.com$" name=".+" />
 
 
-	<rule from="^http://(?:(?:na\d\.)?www\.)?gartner\.com/"
+	<rule from="^http://(?:na\d\.www\.)?gartner\.com/"
 		to="https://www.gartner.com/" />
 
-	<rule from="^http://(imagesrv|my)\.gartner\.com/"
-		to="https://$1.gartner.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Gary_Johnson_2012.xml b/src/chrome/content/rules/Gary_Johnson_2012.xml
deleted file mode 100644
index 459e5f21faf6..000000000000
--- a/src/chrome/content/rules/Gary_Johnson_2012.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Gary Johnson 2012">
-
-	<target host="garyjohnson2012.com" />
-	<target host="*.garyjohnson2012.com" />
-
-
-	<securecookie host="^(?:.*\.)?garyjohnson2012\.com$" name=".+" />
-
-
-	<rule from="^http://(donate\.|www\.)?garyjohnson2012\.com/"
-		to="https://$1garyjohnson2012.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Gasngrills.com.xml b/src/chrome/content/rules/Gasngrills.com.xml
index 23ca2ad7956e..bd5840e439be 100644
--- a/src/chrome/content/rules/Gasngrills.com.xml
+++ b/src/chrome/content/rules/Gasngrills.com.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(www\.)?gasngrills\.com/(images/|index\.php\?(?:.+&amp;)?dispatch=(?:auth\.login_form|image\.captcha|profiles\.add)|skins/)"
 		to="https://$1gasngrills.com/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Gate-Crashing-Org.xml b/src/chrome/content/rules/Gate-Crashing-Org.xml
index 49b5e44601a0..6892bea7d42d 100644
--- a/src/chrome/content/rules/Gate-Crashing-Org.xml
+++ b/src/chrome/content/rules/Gate-Crashing-Org.xml
@@ -2,7 +2,6 @@
 
 	<target host="gate.crashing.org"/>
 
-	<rule from="^http://gate\.crashing\.org/"
-		to="https://gate.crashing.org/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Gateshead.gov.uk.xml b/src/chrome/content/rules/Gateshead.gov.uk.xml
new file mode 100644
index 000000000000..0333da24e12a
--- /dev/null
+++ b/src/chrome/content/rules/Gateshead.gov.uk.xml
@@ -0,0 +1,68 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://gateshead.gov.uk/ => https://gateshead.gov.uk/: Too many redirects while fetching 'https://gateshead.gov.uk/'
+Fetch error: http://www.gateshead.gov.uk/ => https://www.gateshead.gov.uk/: Too many redirects while fetching 'https://www.gateshead.gov.uk/'
+
+	Gateshead Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *gateshead.gov.uk:
+
+		- public ³
+
+	³ 403
+
+
+	Problematic hosts in *gateshead.gov.uk:
+
+		- hpac ᵐ
+		- leisurebookings ᶜ
+		- myservice ᶜ
+		- online ᶜ
+
+	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- jobshop.gateshead.gov.uk
+		- leisurebookings.gateshead.gov.uk
+
+
+	Mixed content:
+
+		- iframe on (www.)? from www.bing.com ˢ
+		- css on (www.)? from fonts.googleapis.com ˢ
+		- Images on (www.)?, online from www.gateshead.gov.uk ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="Gateshead.gov.uk (partial)" default_off="failed ruleset test">
+
+	<target host="gateshead.gov.uk" />
+	<target host="consultation.gateshead.gov.uk" />
+	<target host="jobshop.gateshead.gov.uk" />
+	<target host="lcsa.gateshead.gov.uk" />
+	<!--target host="leisurebookings.gateshead.gov.uk" /-->
+	<!--target host="myservice.gateshead.gov.uk" /-->
+	<!--target host="online.gateshead.gov.uk" /-->
+	<target host="www.gateshead.gov.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:jobshop|leisurebookings)\.gateshead\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^\." name="^_gat?$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Gateway-State-Bank.xml b/src/chrome/content/rules/Gateway-State-Bank.xml
index ef037c1a141f..f7a92c9865e7 100644
--- a/src/chrome/content/rules/Gateway-State-Bank.xml
+++ b/src/chrome/content/rules/Gateway-State-Bank.xml
@@ -1,9 +1,28 @@
-<ruleset name="Gateway State Bank" platform="mixedcontent">
+<!--
+	Gateway State Bank
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.gatewaysb.com
+
+-->
+<ruleset name="Gateway SB.com">
+
 	<target host="gatewaysb.com" />
 	<target host="*.gatewaysb.com" />
 
-	<securecookie host="(^|\.)gatewaysb\.com$" name=".+" />
+		<test url="http://www.gatewaysb.com/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.gatewaysb\.com$" name="^[\da-f]{32}$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://([\w-]+\.)?gatewaysb\.com/"
+		to="https://$1gatewaysb.com/" />
 
-	<rule from="^http://gatewaysb\.com/" to="https://www.gatewaysb.com/" />
-	<rule from="^http://(([a-zA-Z0-9\-])+\.)gatewaysb\.com/" to="https://$1gatewaysb.com/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Gatwick_Airport.xml b/src/chrome/content/rules/Gatwick_Airport.xml
index 6a9dbab6cd7e..35cb20702faf 100644
--- a/src/chrome/content/rules/Gatwick_Airport.xml
+++ b/src/chrome/content/rules/Gatwick_Airport.xml
@@ -2,7 +2,7 @@
     <target host="gatwickairport.com" />
     <target host="*.gatwickairport.com" />
 
-    <rule from="^https?://gatwickairport\.com/"
+    <rule from="^http://gatwickairport\.com/"
         to="https://www.gatwickairport.com/"/>
     <rule from="^http://([^/:@]+)?\.gatwickairport\.com/"
         to="https://$1.gatwickairport.com/" />
diff --git a/src/chrome/content/rules/Gavel_Buddy.com.xml b/src/chrome/content/rules/Gavel_Buddy.com.xml
index 55b5ae6fb829..9ed8f80319d3 100644
--- a/src/chrome/content/rules/Gavel_Buddy.com.xml
+++ b/src/chrome/content/rules/Gavel_Buddy.com.xml
@@ -2,7 +2,6 @@
 	Other Gavel Buddy rulesets:
 
 		- BidItBob.com.xml
-		- Gavel_Buddy_Live.com.xml
 
 
 	Mixed content:
@@ -21,7 +20,6 @@
 	<securecookie host="^(?:www\.)?gavelbuddy\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?gavelbuddy\.com/"
-		to="https://$1gavelbuddy.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Gavel_Buddy_Live.com.xml b/src/chrome/content/rules/Gavel_Buddy_Live.com.xml
deleted file mode 100644
index d229989892c5..000000000000
--- a/src/chrome/content/rules/Gavel_Buddy_Live.com.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	For other Gavel Buddy coverage, see Gavel_Buddy.com.xml.
-
--->
-<ruleset name="Gavel Buddy Live.com">
-
-	<target host="gavelbuddylive.com" />
-	<target host="*.gavelbuddylive.com" />
-
-
-	<securecookie host="^(?:w*\.)?gavelbuddylive\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?gavelbuddylive\.com/"
-		to="https://$1gavelbuddylive.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Gavin-Newsom.xml b/src/chrome/content/rules/Gavin-Newsom.xml
index c9ca22ab0b18..10e6c71c7d64 100644
--- a/src/chrome/content/rules/Gavin-Newsom.xml
+++ b/src/chrome/content/rules/Gavin-Newsom.xml
@@ -1,14 +1,14 @@
-<ruleset name="Gavin Newsom" default_off="mismatch">
+<ruleset name="Gavin Newsom" default_off="mismatched">
 
 	<!--	Cert:	*.ngphost.com	-->
 	<target host="gavinnewsom.com" />
 	<target host="www.gavinnewsom.com" />
 
 
-	<securecookie host="^gavinnewsom\.com$" name=".*" />
+	<securecookie host="^gavinnewsom\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?gavinnewsom\.com/"
+	<rule from="^http://(?:www\.)?gavinnewsom\.com/"
 		to="https://gavinnewsom.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Gawker.xml b/src/chrome/content/rules/Gawker.xml
index cd728af343c5..457162bc8f0b 100644
--- a/src/chrome/content/rules/Gawker.xml
+++ b/src/chrome/content/rules/Gawker.xml
@@ -1,64 +1,72 @@
 <!--
 	Other Gawker rulesets:
-
-		- Deadspin.com.xml
-		- Gawkerassets.com.xml
-		- Gizmodo.com.xml
-		- Io9.com.xml
-		- Jalopnik.com.xml
-		- Jezebel.com.xml
-		- Kotaku.com.xml
-		- Lifehacker.com.xml
-
+		- Kinja-img.com.xml
+		- Kinja-static.com.xml
 
 	CDN buckets:
-
 		- kinja.desk.com
-
 			- help.gawker.com
-
 		- a.prod.fastly.net
-
 			- api.gawker.com
 			- cache.gawker.com
 			- login.gawker.com
 
-
-	Nonfunctional domains:
-
-		- feeds.gawker.com	(interrupted)
-		- www.gizmodo.com.au	(dropped)
-
-
-	Problematic domains:
-
-		- (www.)gawker.com *
-		- api.gawker.com *
-		- cache.gawker.com *
-		- feeds.gawker.com	(interrupted)
-		- help.gawker.com	(desk.com)
-		- login.gawker.com *
-
-	* Works; mismatched, CN: *.a.ssl.fastly.net
-
+	Mismatch:
+		- gawker.com
+		- www.gawker.com
+		- advertising.gawker.com
+		- antiviral.gawker.com
+		- blackbag.gawker.com
+		- cache.gawker.com
+		- defamer.gawker.com
+		- disputations.gawker.com
+		- dog.gawker.com
+		- domesticity.gawker.com
+		- drugs.gawker.com
+		- fortressamerica.gawker.com
+		- help.gawker.com
+		- internet.gawker.com
+		- justice.gawker.com
+		- morningafter.gawker.com
+		- phasezero.gawker.com
+		- rankings.gawker.com
+		- review.gawker.com
+		- sausage.gawker.com
+		- sonyhack.gawker.com
+		- thevane.gawker.com
+		- thewest.gawker.com
+		- tktk.gawker.com
+		- valleywag.gawker.com
+
+	Closed:
+		- feeds.gawker.com
+
+  No HTTPS
+    - api.gawker.com
+    - legal.gawker.com
+    - live.gawker.com
+    - login.gawker.com
+    - slow.gawker.com
+
+	Insecure cookies are set for these hosts: ᶜ
+		- gawker.com
+		- (column_name).gawker.com
+		- www.gawker.com
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+	Mixed content:
+		- Ads / bugs on ^, (column_name) from sb.scorecardresearch.com ˢ
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 -->
-<ruleset name="Gawker" default_off="mismatched">
-
-	<target host="gawker.com" />
-	<target host="*.gawker.com" />
-	<target host="cache.gawkerassets.com" />
-
-
-	<securecookie host="^(?:.*\.)?gawker\.com$" name=".+" />
-
-
-	<rule from="^http://(?:((?:api|cache|login)\.)|www\.)?gawker\.com/"
-		to="https://$1gawker.com/" />
+<ruleset name="Gawker.com">
+	<!--	Complications:	-->
+	<target host="feeds.gawker.com" />
 
-	<rule from="^http://help\.gawker\.com/images/"
-		to="https://d3jyn100am7dxp.cloudfront.net/images/" />
+	<!--	Not secured by server:	-->
+	<!--securecookie host="^(column_name\.|www\.)?gawker\.com$" name="^geocc$" /-->
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://cache\.gawkerassets\.com/"
-		to="https://cache.gawkerassets.com/" />
+	<rule from="^http://feeds\.gawker\.com/"
+		to="https://feeds.feedburner.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Gawkerassets.com.xml b/src/chrome/content/rules/Gawkerassets.com.xml
deleted file mode 100644
index e24f0536004a..000000000000
--- a/src/chrome/content/rules/Gawkerassets.com.xml
+++ /dev/null
@@ -1,36 +0,0 @@
-<!--
-	For other Gawker coverage, see Gawker.xml.
-
-
-	CDN buckets:
-
-		- img.gawkerassets.com.s3.amazonaws.com
-
-		- a.prod.fastly.net
-
-			- cache.gawkerassets.com
-			- img.gawkerassets.com
-
-
-	Nonfunctional subdomains:
-
-		- ganja		(refused)
-
-
-	Problematic subdomains:
-
-		- cache *
-		- img *
-
-	* Works; mismatched, CN: *.a.ssl.fastly.net
-
--->
-<ruleset name="Gawkerassets.com (partial)">
-
-	<target host="img.gawkerassets.com" />
-
-
-	<rule from="^http://img\.gawkerassets\.com/"
-		to="https://s3.amazonaws.com/img.gawkerassets.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Gay-Torrents.net.xml b/src/chrome/content/rules/Gay-Torrents.net.xml
new file mode 100644
index 000000000000..229e170605ea
--- /dev/null
+++ b/src/chrome/content/rules/Gay-Torrents.net.xml
@@ -0,0 +1,19 @@
+<ruleset name="Gay-Torrents.net">
+	<target host="gay-torrents.net" />
+	<target host="*.gay-torrents.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+	<test url="http://www.gay-torrents.net/" />
+	<test url="http://static.gay-torrents.net/" />
+	<test url="http://1lx307s6h4.gay-torrents.net/" />
+	<test url="http://2uxyqic034.gay-torrents.net/" />
+	<test url="http://2zf5eyriox.gay-torrents.net/" />
+	<test url="http://3eavwuq780.gay-torrents.net/" />
+	<test url="http://3eo8gkpm7w.gay-torrents.net/" />
+	<test url="http://forum.gay-torrents.net/" />
+	<test url="http://free.gay-torrents.net/" />
+	<test url="http://gallery.gay-torrents.net/" />
+</ruleset>
diff --git a/src/chrome/content/rules/Gay180.xml b/src/chrome/content/rules/Gay180.xml
deleted file mode 100644
index 5f22fc6bcdc8..000000000000
--- a/src/chrome/content/rules/Gay180.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Gay180">
-
-	<target host="gay180.com" />
-	<target host="*.gay180.com" />
-
-
-	<securecookie host="^\.gay180\.com$" name=".+" />
-
-
-	<rule from="^http://(join\.|www\.)?gay180\.com/"
-		to="https://$1gay180.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/GayBoysTube.com.xml b/src/chrome/content/rules/GayBoysTube.com.xml
new file mode 100644
index 000000000000..ac8e64ffbdd2
--- /dev/null
+++ b/src/chrome/content/rules/GayBoysTube.com.xml
@@ -0,0 +1,14 @@
+<!--
+	GayBoysTube.com has a wildcard DNS record.
+-->
+
+<ruleset name="GayBoysTube.com">
+	<target host="gayboystube.com" />
+	<target host="www.gayboystube.com" />
+	<target host="cdn.gayboystube.com" />
+	<target host="media.gayboystube.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/GayGent.lgbt.xml b/src/chrome/content/rules/GayGent.lgbt.xml
new file mode 100644
index 000000000000..6277140b8178
--- /dev/null
+++ b/src/chrome/content/rules/GayGent.lgbt.xml
@@ -0,0 +1,8 @@
+<ruleset name="GayGent.lgbt">
+	<target host="gaygent.lgbt" />
+	<target host="www.gaygent.lgbt" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/GayRadio.lgbt.xml b/src/chrome/content/rules/GayRadio.lgbt.xml
new file mode 100644
index 000000000000..b6bbef245c1c
--- /dev/null
+++ b/src/chrome/content/rules/GayRadio.lgbt.xml
@@ -0,0 +1,8 @@
+<ruleset name="GayRadio.lgbt">
+	<target host="gayradio.lgbt" />
+	<target host="www.gayradio.lgbt" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/GayRomeo.com.xml b/src/chrome/content/rules/GayRomeo.com.xml
new file mode 100644
index 000000000000..0cdd70ed67f0
--- /dev/null
+++ b/src/chrome/content/rules/GayRomeo.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="GayRomeo.com">
+
+	<target host="www.gayromeo.com" />
+	<target host="gayromeo.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GaySaltLake.com.xml b/src/chrome/content/rules/GaySaltLake.com.xml
new file mode 100644
index 000000000000..603be4c7729c
--- /dev/null
+++ b/src/chrome/content/rules/GaySaltLake.com.xml
@@ -0,0 +1,13 @@
+<!--
+	Fix mixed content issue from https://qpages.com/
+
+-->
+<ruleset name="GaySaltLake.com">
+
+	<target host="qpages.gaysaltlake.com" />
+		<test url="http://qpages.gaysaltlake.com/wp-content/themes/cityguide/design/img/ico/ico_facebook.png" />
+
+	<rule from="^http://qpages\.gaysaltlake\.com/"
+		to="https://qpages.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GaySexPositionsGuide.com.xml b/src/chrome/content/rules/GaySexPositionsGuide.com.xml
new file mode 100644
index 000000000000..f471cec2690d
--- /dev/null
+++ b/src/chrome/content/rules/GaySexPositionsGuide.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="GaySexPositionsGuide.com">
+	<target host="gaysexpositionsguide.com" />
+	<target host="www.gaysexpositionsguide.com" />
+	<target host="assets.gaysexpositionsguide.com" />
+	<target host="mail.gaysexpositionsguide.com" />
+	<target host="mail2.gaysexpositionsguide.com" />
+	<target host="tumblr.gaysexpositionsguide.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/GaySwap.com.xml b/src/chrome/content/rules/GaySwap.com.xml
new file mode 100644
index 000000000000..56aa118bc023
--- /dev/null
+++ b/src/chrome/content/rules/GaySwap.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- gayswap.com
+		- www.gayswap.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="GaySwap.com">
+
+	<target host="gayswap.com" />
+	<target host="www.gayswap.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?gayswap\.com$" name="^ReferralID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GayTorrents.xml b/src/chrome/content/rules/GayTorrents.xml
deleted file mode 100644
index 310dadc05983..000000000000
--- a/src/chrome/content/rules/GayTorrents.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="GayTorrents">
-	<target host="gaytorrents.net" />
-	<target host="www.gaytorrents.net" />
-
-	<rule from="^http://(?:www\.)?gaytorrents\.net/"
-		to="https://www.gaytorrents.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Gayakuman.xml b/src/chrome/content/rules/Gayakuman.xml
index 29cd8ec338bc..236af9e7ac61 100644
--- a/src/chrome/content/rules/Gayakuman.xml
+++ b/src/chrome/content/rules/Gayakuman.xml
@@ -1,4 +1,4 @@
-<ruleset name="Gayakuman" default_off="mismatch">
+<ruleset name="Gayakuman" default_off="mismatched">
 
 	<!--	startlogic.com	-->
 	<target host="gayakuman.com"/>
diff --git a/src/chrome/content/rules/Gazeta.ru.xml b/src/chrome/content/rules/Gazeta.ru.xml
new file mode 100644
index 000000000000..dc69015a1945
--- /dev/null
+++ b/src/chrome/content/rules/Gazeta.ru.xml
@@ -0,0 +1,29 @@
+<!--
+	These altnames do not exist:
+
+		- pg.gazeta.ru
+
+
+	Mixed content:
+
+		- Bug on www from b.scorecardresearch.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Gazeta.ru">
+	<target host="gazeta.ru" />
+	<target host="img.gazeta.ru" />
+	<target host="m.gazeta.ru" />
+	<target host="static.gazeta.ru" />
+	<target host="www.gazeta.ru" />
+
+		<test url="http://img.gazeta.ru/files3/619/10504619/91ced26470d91ad6c095d11fc3819ea8-pic64-64x36-10631.jpg" />
+		<test url="http://static.gazeta.ru/nm2012/i/quotes/finam_head.png" />
+
+
+	<securecookie host="^\." name="^_ga" />
+
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Gazetaexpress.com.xml b/src/chrome/content/rules/Gazetaexpress.com.xml
new file mode 100644
index 000000000000..32ec9d6622e0
--- /dev/null
+++ b/src/chrome/content/rules/Gazetaexpress.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="Gazetaexpress.com" platform="mixedcontent">
+	<target host="gazetaexpress.com" />
+	<target host="www.gazetaexpress.com" />
+	<target host="m.gazetaexpress.com" />
+	<target host="merrejep.gazetaexpress.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Gdl-hof.de.xml b/src/chrome/content/rules/Gdl-hof.de.xml
new file mode 100644
index 000000000000..2c0ed9c4e168
--- /dev/null
+++ b/src/chrome/content/rules/Gdl-hof.de.xml
@@ -0,0 +1,11 @@
+<!--
+  For other GDL coverage, see Gdl.de.xml.
+-->
+<ruleset name="Gdl-hof.de">
+	<target host="gdl-hof.de" />
+	<target host="www.gdl-hof.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Gdl-kempten.de.xml b/src/chrome/content/rules/Gdl-kempten.de.xml
new file mode 100644
index 000000000000..4777f08b6518
--- /dev/null
+++ b/src/chrome/content/rules/Gdl-kempten.de.xml
@@ -0,0 +1,11 @@
+<!--
+  For other GDL coverage, see Gdl.de.xml.
+-->
+<ruleset name="Gdl-kempten.de">
+	<target host="gdl-kempten.de" />
+	<target host="www.gdl-kempten.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Gdl-m.de.xml b/src/chrome/content/rules/Gdl-m.de.xml
new file mode 100644
index 000000000000..7003d18d3c9b
--- /dev/null
+++ b/src/chrome/content/rules/Gdl-m.de.xml
@@ -0,0 +1,11 @@
+<!--
+  For other GDL coverage, see Gdl.de.xml.
+-->
+<ruleset name="Gdl-m.de">
+	<target host="gdl-m.de" />
+	<target host="www.gdl-m.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Gdl-nn.de.xml b/src/chrome/content/rules/Gdl-nn.de.xml
new file mode 100644
index 000000000000..476fa8b4012e
--- /dev/null
+++ b/src/chrome/content/rules/Gdl-nn.de.xml
@@ -0,0 +1,11 @@
+<!--
+  For other GDL coverage, see Gdl.de.xml.
+-->
+<ruleset name="Gdl-nn.de">
+	<target host="gdl-nn.de" />
+	<target host="www.gdl-nn.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Gdl-og-gera.de.xml b/src/chrome/content/rules/Gdl-og-gera.de.xml
new file mode 100644
index 000000000000..ff2575617040
--- /dev/null
+++ b/src/chrome/content/rules/Gdl-og-gera.de.xml
@@ -0,0 +1,11 @@
+<!--
+  For other GDL coverage, see Gdl.de.xml.
+-->
+<ruleset name="Gdl-og-gera.de">
+	<target host="gdl-og-gera.de" />
+	<target host="www.gdl-og-gera.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Gdl-sbahn-berlin.de.xml b/src/chrome/content/rules/Gdl-sbahn-berlin.de.xml
new file mode 100644
index 000000000000..fc09d139722e
--- /dev/null
+++ b/src/chrome/content/rules/Gdl-sbahn-berlin.de.xml
@@ -0,0 +1,11 @@
+<!--
+  For other GDL coverage, see Gdl.de.xml.
+-->
+<ruleset name="Gdl-sbahn-berlin.de">
+	<target host="gdl-sbahn-berlin.de" />
+	<target host="www.gdl-sbahn-berlin.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Gdl.de.xml b/src/chrome/content/rules/Gdl.de.xml
new file mode 100644
index 000000000000..dec0846a54d3
--- /dev/null
+++ b/src/chrome/content/rules/Gdl.de.xml
@@ -0,0 +1,155 @@
+<!--
+	Other GDL rulesets:
+		- Gdlhamm.de.xml
+		- Gdl-hof.de.xml
+		- Gdl-kempten.de.xml
+		- Gdl-m.de.xml
+		- Gdl-nn.de.xml
+		- Gdl-og-gera.de.xml 
+		- Gdl-sbahn-berlin.de.xml
+
+	Server-side SSL Error:
+		- gdl-aachen.de
+		- gdl-friedrichshafen.de
+		- gdl.koeln (geoTLD)
+		- gdl-mühldorf.de (xn- -gdl-mhldorf-xhb.de)
+		- gdl-plochingen.de
+		- gdl-tuebingen.de
+
+	Mismatched:
+		- umfrage.gdl.de
+		- gdl-bremen.de
+		- gdl-garmisch.de
+		- gdl-heilbronn.de
+		- gdl-kassel.de
+		- gdl-kornwestheim.de
+		- gdl-regensburg.de
+		- gdl-ulm.de
+		- gdl-weiden-schwandorf.de
+		- gdl-wuerzburg.de
+
+	Mixed content:
+		- gdl-bayern.de
+		
+	Plaintext response on HTTPS:
+		- www.jugend.gdl.de
+
+ 	Other Connection Issue:
+		- gdl-og-dresden.de
+		- gdl-ludwigshafen.de
+		- gdl-nord.de
+		- gdl-worms.de
+-->
+<ruleset name="Gdl.de (partial)">
+	<target host="gdl.de" />
+	<target host="www.gdl.de" />
+	<target host="hgs.gdl.de" />
+	<target host="jugend.gdl.de" />
+	<target host="www.jugend.gdl.de" />
+	<target host="pub.gdl.de" />
+	<target host="uploads.gdl.de" />
+	
+	<target host="bezirk-bayern.gdl.de" />
+	<target host="og-augsburg.gdl.de" />
+	<target host="og-bamberg.gdl.de" />
+	<target host="og-donauwoerth.gdl.de" />
+	<target host="og-ingolstadt.gdl.de" />
+	<target host="og-landshut.gdl.de" />
+	<target host="og-muenchenhbf.gdl.de" />
+	<target host="og-steinhausen.gdl.de" />
+	<target host="og-nuernberg.gdl.de" />
+	<target host="og-regensburg.gdl.de" />
+
+	<target host="bezirk-htm.gdl.de" />
+	<target host="og-bebra.gdl.de" />
+	<target host="og-darmstadt.gdl.de" />
+	<target host="og-erfurt.gdl.de" />
+	<target host="og-frankfurtmain.gdl.de" />
+	<target host="og-friedberg.gdl.de" />
+	<target host="og-fulda.gdl.de" />
+	<target host="og-gera.gdl.de" />
+	<target host="og-giessen.gdl.de" />
+	<target host="og-hanau.gdl.de" />
+	<target host="og-kassel.gdl.de" />
+	<target host="og-koblenz.gdl.de" />
+	<target host="og-weimar.gdl.de" />
+	<target host="og-wiesbaden.gdl.de" />
+
+	<target host="bezirk-md.gdl.de" />
+	<target host="og-aue.gdl.de" />
+	<target host="og-chemnitz.gdl.de" />
+	<target host="og-engelsdorf.gdl.de" />
+	<target host="og-goerlitz.gdl.de" />
+	<target host="og-hoyerswerda.gdl.de" />
+	<target host="og-leipzig.gdl.de" />
+	<target host="og-magdeburg.gdl.de" />
+	<target host="og-reichenbach.gdl.de" />
+	<target host="og-roeblingen.gdl.de" />
+	<target host="og-stendal.gdl.de" />
+	<target host="og-zittau.gdl.de" />
+
+	<target host="bezirk-no.gdl.de" />
+	<target host="og-angermuende.gdl.de" />
+	<target host="og-berlinfw.gdl.de" />
+	<target host="og-cottbus.gdl.de" />
+	<target host="og-eberswalde.gdl.de" />
+	<target host="og-frankfurtoder.gdl.de" />
+	<target host="og-neubrandenburg.gdl.de" />
+	<target host="og-pankow.gdl.de" />
+	<target host="og-rostock.gdl.de" />
+	<target host="og-schoeneweide.gdl.de" />
+	<target host="og-seddin.gdl.de" />
+	<target host="og-wismar.gdl.de" />
+	<target host="og-wustermark.gdl.de" />
+
+	<target host="bezirk-nord.gdl.de" />
+	<target host="og-kaltenkirchen.gdl.de" />
+	<target host="og-braunschweig.gdl.de" />
+	<target host="og-bremerhaven.gdl.de" />
+	<target host="og-goslar.gdl.de" />
+	<target host="og-altona.gdl.de" />
+	<target host="og-hamburghbf.gdl.de" />
+	<target host="og-ohlsdorf.gdl.de" />
+	<target host="og-hannover.gdl.de" />
+	<target host="og-kiel.gdl.de" />
+	<target host="og-lehrte.gdl.de" />
+	<target host="og-maschen.gdl.de" />
+	<target host="og-oldenburg.gdl.de" />
+	<target host="og-ostfriesland.gdl.de" />
+	<target host="og-osnabrueck.gdl.de" />
+	<target host="og-seelze.gdl.de" />
+
+	<target host="bezirk-nrw.gdl.de" />
+	<target host="og-bestwig.gdl.de" />
+	<target host="og-duesseldorf.gdl.de" />
+	<target host="og-essen.gdl.de" />
+	<target host="og-gremberg.gdl.de" />
+	<target host="og-hagen.gdl.de" />
+	<target host="og-hamm.gdl.de" />
+	<target host="og-koeln.gdl.de" />
+	<target host="og-lippstadt.gdl.de" />
+	<target host="og-moenchengladbach.gdl.de" />
+	<target host="og-oberhausen.gdl.de" />
+	<target host="og-siegen.gdl.de" />
+	<target host="og-wuppertal.gdl.de" />
+
+	<target host="bezirk-sw.gdl.de" />
+	<target host="og-bodenseeneckar.gdl.de" />
+	<target host="og-freiburg.gdl.de" />
+	<target host="og-haltingen.gdl.de" />
+	<target host="og-heidelberg.gdl.de" />
+	<target host="og-heilbronn.gdl.de" />
+	<target host="og-karlsruhe.gdl.de" />
+	<target host="og-lauda.gdl.de" />
+	<target host="og-ludwigshafen.gdl.de" />
+	<target host="og-offenburg.gdl.de" />
+	<target host="og-saarbrueckenpv.gdl.de" />
+	<target host="og-stuttgart.gdl.de" />
+	<target host="og-tuebingen.gdl.de" />
+	<target host="og-villingen.gdl.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://www\.jugend\.gdl\.de/" to="https://jugend.gdl.de/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Gdlhamm.de.xml b/src/chrome/content/rules/Gdlhamm.de.xml
new file mode 100644
index 000000000000..be10341df702
--- /dev/null
+++ b/src/chrome/content/rules/Gdlhamm.de.xml
@@ -0,0 +1,11 @@
+<!--
+  For other GDL coverage, see Gdl.de.xml.
+-->
+<ruleset name="Gdlhamm.de">
+	<target host="gdlhamm.de" />
+	<target host="www.gdlhamm.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/GeForce.com.xml b/src/chrome/content/rules/GeForce.com.xml
new file mode 100644
index 000000000000..eb9effb1b885
--- /dev/null
+++ b/src/chrome/content/rules/GeForce.com.xml
@@ -0,0 +1,34 @@
+<!--
+	For other NVidia coverage, see NVidia.xml.
+
+	Dropped:
+		- ^ (fixed by this ruleset)
+
+	Mismatched:
+		lots of language subdomains, like "cn", "fr" and "uk".
+-->
+
+<ruleset name="GeForce.com">
+	<target host="geforce.com" />
+	<target host="www.geforce.com" />
+	<target host="esports.geforce.com" />
+	<target host="forums.geforce.com" />
+	<target host="anz.forums.geforce.com" />
+	<target host="th.forums.geforce.com" />
+	<target host="gfwsl.geforce.com" />
+	<target host="origin-redeem.geforce.com" />
+	<target host="redeem.geforce.com" />
+	<target host="stagegeforce.geforce.com" />
+	<target host="www.stagegeforce.geforce.com" />
+	<target host="chn.stagegeforce.geforce.com" />
+	<target host="gbr.stagegeforce.geforce.com" />
+	<target host="gfwsl.stagegeforce.geforce.com" />
+	<target host="twn.stagegeforce.geforce.com" />
+	<target host="demo.uk.geforce.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://geforce\.com/" to="https://www.geforce.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Geany.org.xml b/src/chrome/content/rules/Geany.org.xml
index 1e601e92ff1f..b3b74d8f9ad9 100644
--- a/src/chrome/content/rules/Geany.org.xml
+++ b/src/chrome/content/rules/Geany.org.xml
@@ -1,25 +1,26 @@
 <!--
-	Problematic subdomains:
-
-		- ^	(cert only matches *.geany.org
-
-
-	Mixed content:
-
-		- css on www from www *
-
-		- Images on www from www *
-
-	* Secured by us
+	No working URL known:
+		mail.geany.org
 
 -->
-<ruleset name="Geany.org (false MCB)" platform="cacert mixedcontent">
+<ruleset name="Geany.org">
 
 	<target host="geany.org" />
 	<target host="www.geany.org" />
-
-
-	<rule from="^http://(?:www\.)?geany\.org/"
-		to="https://www.geany.org/" />
+	<target host="download.geany.org" />
+	<target host="git.geany.org" />
+	<target host="i18n.geany.org" />
+	<target host="irc.geany.org" />
+	<target host="lists.geany.org" />
+	<target host="newsletter.geany.org" />
+	<target host="nightly.geany.org" />
+	<target host="nopaste.geany.org" />
+	<target host="pastebin.geany.org" />
+	<target host="plugins.geany.org" />
+	<target host="plugins2.geany.org" />
+	<target host="wiki.geany.org" />
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/GearBest.com.xml b/src/chrome/content/rules/GearBest.com.xml
new file mode 100644
index 000000000000..c95ab60f8542
--- /dev/null
+++ b/src/chrome/content/rules/GearBest.com.xml
@@ -0,0 +1,54 @@
+<!--
+	Non-functional subdomains:
+		- e3ai		(m)
+		- edm		(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="GearBest.com">
+
+	<target host="gearbest.com" />
+	<target host="www.gearbest.com" />
+	<target host="affiliate.gearbest.com" />
+	<target host="br.gearbest.com" />
+	<target host="cart.gearbest.com" />
+	<target host="cashier.gearbest.com" />
+	<target host="checkout.gearbest.com" />
+	<target host="css.gearbest.com" />
+	<target host="de.gearbest.com" />
+	<target host="des.gearbest.com" />
+	<target host="es.gearbest.com" />
+	<target host="fr.gearbest.com" />
+	<target host="gloimg.gearbest.com" />
+	<target host="her.gearbest.com" />
+	<target host="it.gearbest.com" />
+	<target host="login.gearbest.com" />
+	<target host="m.gearbest.com" />
+	<target host="new.gearbest.com" />
+	<target host="order.gearbest.com" />
+	<target host="pt.gearbest.com" />
+	<target host="review.gearbest.com" />
+	<target host="ru.gearbest.com" />
+	<target host="security.gearbest.com" />
+	<target host="support.gearbest.com" />
+	<target host="annex.support.gearbest.com" />
+	<target host="tr.gearbest.com" />
+	<target host="uidesign.gearbest.com" />
+	<target host="uk.gearbest.com" />
+	<target host="us.gearbest.com" />
+	<target host="user.gearbest.com" />
+	<target host="vapor.gearbest.com" />
+
+	<target host="css.gbtcdn.com" />
+	<target host="des.gbtcdn.com" />
+	<target host="uidesign.gbtcdn.com" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/GearSourceEurope.xml b/src/chrome/content/rules/GearSourceEurope.xml
index 48cc148d75de..c0cc5902a7b6 100644
--- a/src/chrome/content/rules/GearSourceEurope.xml
+++ b/src/chrome/content/rules/GearSourceEurope.xml
@@ -1,19 +1,54 @@
 <!--
-	Nonfunctional subdomains:
+	Nonfunctional hosts in *gearsourceeurope.com:
 
-		- cdn	(redirects to www)
+		- cdn *
+
+	* Redirects to www.gearsourceeurope.com
+
+
+	Insecure cookies are set for these domains:
+
+		- .gearsourceeurope.com
 
 -->
-<ruleset name="GearSourceEurope (partial)">
+<ruleset name="GearSourceEurope.com (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="gearsourceeurope.com" />
-	<target host="*.gearsourceeurope.com" />
+	<target host="www.gearsourceeurope.com" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.gearsourceeurope\.com/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.gearsourceeurope\.com/+(?!general/(?:dsplogin|registration)(?:$|[?/]))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.gearsourceeurope.com/catalog/latest" />
+			<test url="http://www.gearsourceeurope.com/catalog/listing/79217" />
+			<test url="http://www.gearsourceeurope.com/email" />
+			<test url="http://www.gearsourceeurope.com/general/feedback" />
+			<test url="http://www.gearsourceeurope.com/needzone" />
+			<test url="http://www.gearsourceeurope.com/page/faqs" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.gearsourceeurope.com/general/registration" />
+			<test url="http://www.gearsourceeurope.com/general/dsplogin" />
+
 
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.gearsourceeurope\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
 
-	<securecookie host="^(?:www)?\.gearsourceeurope\.com$" name=".+" />
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
 
 
-	<rule from="^http://(www\.)?gearsourceeurope\.com/"
-		to="https://$1gearsourceeurope.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Gearhog.xml b/src/chrome/content/rules/Gearhog.xml
index 37ed22b9e0e4..4470e3cf0a8b 100644
--- a/src/chrome/content/rules/Gearhog.xml
+++ b/src/chrome/content/rules/Gearhog.xml
@@ -1,3 +1,7 @@
+<!--
+	^: Refused
+
+-->
 <ruleset name="Gearhog (default off)" default_off="Certificate mismatch">
 
 	<target host="www.gearhog.com" />
diff --git a/src/chrome/content/rules/Gearman.xml b/src/chrome/content/rules/Gearman.xml
index 850c8014a8d7..b3a40097a510 100644
--- a/src/chrome/content/rules/Gearman.xml
+++ b/src/chrome/content/rules/Gearman.xml
@@ -4,12 +4,12 @@
 	<target host="www.gearman.org" />
 
 
-	<securecookie host="^gearman\.org$" name=".*" />
+	<securecookie host="^gearman\.org$" name=".+" />
 
 
 	<!--	Cert only matches ^gearman.org.
 						-->
-	<rule from="^https?://(?:www\.)?gearman\.org/"
+	<rule from="^http://(?:www\.)?gearman\.org/"
 		to="https://gearman.org/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Gearslutz.com.xml b/src/chrome/content/rules/Gearslutz.com.xml
new file mode 100644
index 000000000000..ae1177c178b2
--- /dev/null
+++ b/src/chrome/content/rules/Gearslutz.com.xml
@@ -0,0 +1,22 @@
+<!--
+	These altnames don't exist:
+
+		- www.static.gearslutz.com
+
+
+	Fully covered subdomains:
+
+		- (www.)?
+		- static
+
+-->
+<ruleset name="Gearslutz.com">
+
+	<target host="gearslutz.com" />
+	<target host="static.gearslutz.com" />
+	<target host="www.gearslutz.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Gearworks_Manufacturing.xml b/src/chrome/content/rules/Gearworks_Manufacturing.xml
index bababeac4821..d23f07c6c9c2 100644
--- a/src/chrome/content/rules/Gearworks_Manufacturing.xml
+++ b/src/chrome/content/rules/Gearworks_Manufacturing.xml
@@ -1,13 +1,21 @@
-<ruleset name="Gearworks Manufacturing">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://gearworkstire.com/ => https://gearworkstire.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.gearworkstire.com/ => https://www.gearworkstire.com/: (28, 'Connection timed out after 20005 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://gearworkstire.com/ => https://gearworkstire.com/: (28, 'Connection timed out after 10000 milliseconds')
+-->
+<ruleset name="Gearworks Manufacturing" default_off="failed ruleset test">
 
 	<target host="gearworkstire.com" />
-	<target host="*.gearworkstire.com" />
+	<target host="www.gearworkstire.com" />
 
 
-	<securecookie host="^(?:.*\.)?gearworkstire\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(www\.)?gearworkstire\.com/"
-		to="https://$1gearworkstire.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Geccdn.net.xml b/src/chrome/content/rules/Geccdn.net.xml
new file mode 100644
index 000000000000..4b3ec9b3039e
--- /dev/null
+++ b/src/chrome/content/rules/Geccdn.net.xml
@@ -0,0 +1,28 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- i41.geccdn.net
+
+-->
+<ruleset name="geccdn.net">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="*.geccdn.net" />
+
+		<test url="http://i41.geccdn.net/site/htmlarea/images/footer-signuptitle.png" />
+		<test url="http://i71.geccdn.net/skuimages/medium/C19-2003_chiclet01_ac_mn_7869891.jpg" />
+		<test url="http://i104.geccdn.net/site/img/logo.png" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^i41\.geccdn\.net$" name="^TS[\da-f]{8}$" /-->
+
+	<securecookie host="^i\d+\.geccdn\.net$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Geef.nl.xml b/src/chrome/content/rules/Geef.nl.xml
index 4157ac5e1053..a386542dae7f 100644
--- a/src/chrome/content/rules/Geef.nl.xml
+++ b/src/chrome/content/rules/Geef.nl.xml
@@ -4,16 +4,64 @@
 		- geef.nl	(times out)
 
 
-	Some pages redirect to http.
+	Some pages redirect to http (including registration - passwords, personal info, etc.)
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.geef.nl
 
 -->
-<ruleset name="Geef.nl">
+<ruleset name="Geef.nl (partial)">
 
-	<target host="geef.nl" />
+	<!--	Direct rewrites:
+				-->
 	<target host="www.geef.nl" />
 
+	<!--	Complications:
+				-->
+	<target host="geef.nl" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.geef\.nl/($|account/nieuw2$|account/socialmedia$)" /-->
+
+		<!--	Exceptions:
+					-->
+		<exclusion pattern="^http://www\.geef\.nl/(?!assets/|commons/|css/|donatiemodule/|externalMod\.php|favicon\.ico|images/|js/|login|upload/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.geef.nl/account/nieuw" />
+			<test url="http://www.geef.nl/account/nieuw2" />
+			<test url="http://www.geef.nl/account/socialmedia" />
+			<test url="http://www.geef.nl/evenement/nieuw" />
+			<test url="http://www.geef.nl/faq" />
+			<test url="http://www.geef.nl/helpdesk" />
+			<test url="http://www.geef.nl/kaart" />
+			<test url="http://www.geef.nl/rss/acties" />
+			<test url="http://www.geef.nl/tip" />
+			<test url="http://www.geef.nl/wachtwoord/opvragen" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.geef.nl/donatiemodule/faq/en" />
+			<test url="http://www.geef.nl/donatiemodule/taal" />
+			<test url="http://www.geef.nl/favicon.ico" />
+			<test url="http://www.geef.nl/assets/css/style.css" />
+			<test url="http://www.geef.nl/login" />
+			<test url="http://www.geef.nl/upload/groep/image/thumb/1379097072_unilever-logo.jpg" />
+
+
+	<!--	Not secured by server;
+					-->
+	<!--securecookie host="^www\.geef\.nl$" name="^gef_session$" /-->
+
+
+	<rule from="^http://geef\.nl/"
+		to="https://www.geef.nl/" />
 
-	<rule from="^https?://(?:www\.)?geef\.nl/(commons/|css/|externalMod\.php|favicon\.ico|images/|js/|login|upload/)"
-		to="https://www.geef.nl/$1" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Geek.com.xml b/src/chrome/content/rules/Geek.com.xml
index 9bee62f4bf46..9d67a0e58407 100644
--- a/src/chrome/content/rules/Geek.com.xml
+++ b/src/chrome/content/rules/Geek.com.xml
@@ -1,9 +1,21 @@
-<ruleset name="Geek.com" default_off="Certificate mismatch">
-	<target host="*.geek.com" />
-	<target host="geek.com" />
+<!--
+Certificate mismatch:
+	mobile.geek.com
 
-	<securecookie host="^(.*\.)?geek\.com$" name=".*" />
+Timeout:
+	geek.com
 
-	<rule from="^http://(?:www\.)?geek\.com/" to="https://www.geek.com/"/>
-</ruleset>
+Refused connection:
+	subscribe.geek.com
+-->
+<ruleset name="Geek.com">
+	<target host="www.geek.com" />
+	<target host="bbstatic.geek.com" />
+	<target host="mobile.geek.com" />
+	<target host="origin.geek.com" />
+	<target host="origin-www.geek.com" />
+	<target host="static.geek.com" />
 
+	<rule from="^http://mobile\.geek\.com/" to="https://www.geek.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Geek.net.xml b/src/chrome/content/rules/Geek.net.xml
deleted file mode 100644
index 404af4acac54..000000000000
--- a/src/chrome/content/rules/Geek.net.xml
+++ /dev/null
@@ -1,27 +0,0 @@
-<!--
-	CDN buckets:
-
-		- d2hfi8wofzzjwf.cloudfront.net
-			- cdn.asset.geek.net
-
--->
-<ruleset name="Geek.net">
-
-	<target host="*.geek.net" />
-	<target host="geek.net" />
-	<target host="cdn.asset.geek.net" />
-
-
-	<securecookie host="^geek\.net$" name=".*"/>
-
-
-	<rule from="^http://(www\.)?geek\.net/"
-		to="https://$1geek.net/"/>
-
-	<rule from="^https?://cdn\.asset\.geek\.net/"
-		to="https://d2hfi8wofzzjwf.cloudfront.net/" />
-
-	<rule from="^https?://investors\.geek\.net/common/"
-		to="https://investor.shareholder.com/common/"/>
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/GeekGhost.net.xml b/src/chrome/content/rules/GeekGhost.net.xml
new file mode 100644
index 000000000000..83d8fa7a9c82
--- /dev/null
+++ b/src/chrome/content/rules/GeekGhost.net.xml
@@ -0,0 +1,19 @@
+<!--
+	SSL protocol error:
+		- www.account.geekghost.net
+		- www.support.geekghost.net
+
+	Mismatched:
+		- mail.geekghost.net
+		- ns1.geekghost.net
+-->
+<ruleset name="GeekGhost.net">
+	<target host="geekghost.net" />
+	<target host="www.geekghost.net" />
+	<target host="account.geekghost.net" />
+	<target host="cdn.geekghost.net" />
+	<target host="status.geekghost.net" />
+	<target host="support.geekghost.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/GeekISP.com.xml b/src/chrome/content/rules/GeekISP.com.xml
new file mode 100644
index 000000000000..6bc028c4bf16
--- /dev/null
+++ b/src/chrome/content/rules/GeekISP.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="GeekISP.com">
+
+	<target host="geekisp.com" />
+	<target host="www.geekisp.com" />
+
+
+	<securecookie host="^(?:www\.)?geekisp\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GeekPark.xml b/src/chrome/content/rules/GeekPark.xml
new file mode 100644
index 000000000000..45e00a8e3399
--- /dev/null
+++ b/src/chrome/content/rules/GeekPark.xml
@@ -0,0 +1,32 @@
+<!--
+	Warn：https://github.com/EFForg/https-everywhere/pull/5042#issuecomment-234782358
+
+	Related:
+		Qbox.me.xml
+-->
+
+<ruleset name="GeekPark (partial)">
+
+	<!--	clouddn and qiniudn only has http, but it equals to main hosts	-->
+	<target host="7mnpep.com2.z0.glb.clouddn.com" />
+	<target host="7mnpep.com2.z0.glb.qiniucdn.com" />
+	<target host="geekpark-img.qiniudn.com" />
+	<target host="gpk-new.qiniudn.com" />
+
+	<rule from="^http://7mnpep\.com2\.z0\.glb\.clouddn\.com/"
+		to="https://dn-geekpark-new.qbox.me/" />
+		<test url="http://7mnpep.com2.z0.glb.clouddn.com/assets/application-3eea58a1bd577fe4da48dddfa65a7275.js" />
+
+	<rule from="^http://7mnpep\.com2\.z0\.glb\.qiniucdn\.com/"
+		to="https://dn-geekpark-new.qbox.me/" />
+		<test url="http://7mnpep.com2.z0.glb.qiniucdn.com/uploads/user/avatar/000/154/695/medium_3c8ff7128cd48fb1aa9ef258ffe5b0e4.png" />
+
+	<rule from="^http://geekpark-img\.qiniudn\.com/"
+		to="https://dn-geekpark-new.qbox.me/" />
+		<test url="http://geekpark-img.qiniudn.com/uploads/reading/seed/6a69221d85271be3194ba7cb76d49340.png" />
+
+	<rule from="^http://gpk-new\.qiniudn\.com/"
+		to="https://dn-geekpark-new.qbox.me/" />
+		<test url="http://gpk-new.qiniudn.com/assets/application-177c73324f0e5e9780d102790d44fbeb.js" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GeekTime.com.xml b/src/chrome/content/rules/GeekTime.com.xml
new file mode 100644
index 000000000000..b7ec85b3de7a
--- /dev/null
+++ b/src/chrome/content/rules/GeekTime.com.xml
@@ -0,0 +1,15 @@
+<!--
+	Invalid certificate:
+		cdn.geektime.com
+		idesk.geektime.com
+		intelligence.geektime.com
+
+-->
+<ruleset name="GeekTime.com">
+
+	<target host="geektime.com" />
+	<target host="www.geektime.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GeekWire.com.xml b/src/chrome/content/rules/GeekWire.com.xml
new file mode 100644
index 000000000000..ce2e063bbfe2
--- /dev/null
+++ b/src/chrome/content/rules/GeekWire.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="GeekWire.com (partial)">
+
+	<target host="geekwire.com"/>
+	<target host="www.geekwire.com"/>
+	<target host="cdn.geekwire.com"/>
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GeekWire.xml b/src/chrome/content/rules/GeekWire.xml
deleted file mode 100644
index 92b9700edce7..000000000000
--- a/src/chrome/content/rules/GeekWire.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="GeekWire (partial)">
-
-	<target host="cdn.geekwire.com"/>
-
-	<rule from="^http://cdn\.geekwire\.com/"
-		to="https://s3.amazonaws.com/geekwire/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/GeekZu.xml b/src/chrome/content/rules/GeekZu.xml
new file mode 100644
index 000000000000..c96c69b17b89
--- /dev/null
+++ b/src/chrome/content/rules/GeekZu.xml
@@ -0,0 +1,16 @@
+<!--
+	No exist:
+		^(www.)?
+
+	Mismatch:
+		fdn.
+-->
+<ruleset name="GeekZu">
+
+	<target host="cdn.geekzu.org" />
+	<target host="fonts.geekzu.org" />
+	<target host="sdn.geekzu.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Geek_Girls_Guide.com.xml b/src/chrome/content/rules/Geek_Girls_Guide.com.xml
new file mode 100644
index 000000000000..9420c49ea825
--- /dev/null
+++ b/src/chrome/content/rules/Geek_Girls_Guide.com.xml
@@ -0,0 +1,32 @@
+<!--
+	Insecure cookies are set for these domains and hosts:
+
+		- www.geekgirlsguide.com
+		- .www.geekgirlsguide.com
+
+
+	Mixed content:
+
+		- audio from traffic.libsyn.com
+
+-->
+<ruleset name="Geek Girls Guide.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="geekgirlsguide.com" />
+	<target host="www.geekgirlsguide.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.geekgirlsguide\.com$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^\.www\.geekgirlsguide\.com$" name="^content_rotator_\d+$" /-->
+
+	<securecookie host="^\.?www\.geekgirlsguide\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Geek_Tech_Labs.com.xml b/src/chrome/content/rules/Geek_Tech_Labs.com.xml
index 00d58c81f7bf..5dd2490c3040 100644
--- a/src/chrome/content/rules/Geek_Tech_Labs.com.xml
+++ b/src/chrome/content/rules/Geek_Tech_Labs.com.xml
@@ -1,4 +1,11 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://geektechlabs.com/ => https://www.geektechlabs.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.geektechlabs.com/ => https://www.geektechlabs.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://mysql.geektechlabs.com/ => https://mysql.geektechlabs.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+
 	Problematic subdomains:
 
 		- ^	(prints "down for maintenance"; mismatched, CN: cryptonetwork.com)
@@ -15,7 +22,7 @@
 		- Ads/web bugs, on www from:
 
 			- feedads.g.doubleclick.net *
-			- feeds.feedburner.com **
+			- feeds.feedburner.com *
 			- cache.gawker.com ***
 			- ads.pheedo.com *
 			- a.rfihub.com *
@@ -25,16 +32,17 @@
 	*** Rule not on by default, doesn't trip MCB
 
 -->
-<ruleset name="Geek Tech Labs.com">
+<ruleset name="Geek Tech Labs.com" default_off="failed ruleset test">
 
 	<target host="geektechlabs.com" />
-	<target host="*.geektechlabs.com" />
+	<target host="www.geektechlabs.com" />
+	<target host="mysql.geektechlabs.com" />
 
 
-	<rule from="^http://(?:www\.)?geektechlabs\.com/"
+	<rule from="^http://geektechlabs\.com/"
 		to="https://www.geektechlabs.com/" />
 
-	<rule from="^http://mysql\.geektechlabs\.com/"
-		to="https://mysql.geektechlabs.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Geekbuying.com.xml b/src/chrome/content/rules/Geekbuying.com.xml
new file mode 100644
index 000000000000..bcf1a616e2b6
--- /dev/null
+++ b/src/chrome/content/rules/Geekbuying.com.xml
@@ -0,0 +1,51 @@
+<!--
+	Non-functional subdomains:
+		- api	(d)
+		- blog	(d)
+		- blogimage	(d)
+		- promotion	(d)
+		- rc	(d)
+		- smartphone	(d)
+		- tvbox	(d)
+		- vr	(d)
+		- wholesale	(d)
+
+	d: redirection error
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Geekbuying.com">
+
+	<target host="geekbuying.com" />
+	<target host="www.geekbuying.com" />
+	<target host="ar.geekbuying.com" />
+	<target host="content1.geekbuying.com" />
+	<target host="content2.geekbuying.com" />
+	<target host="de.geekbuying.com" />
+	<target host="el.geekbuying.com" />
+	<target host="es.geekbuying.com" />
+	<target host="fr.geekbuying.com" />
+	<target host="hu.geekbuying.com" />
+	<target host="image1.geekbuying.com" />
+	<target host="image2.geekbuying.com" />
+	<target host="image3.geekbuying.com" />
+	<target host="image4.geekbuying.com" />
+	<target host="it.geekbuying.com" />
+	<target host="iw.geekbuying.com" />
+	<target host="ja.geekbuying.com" />
+	<target host="m.geekbuying.com" />
+	<target host="nl.geekbuying.com" />
+	<target host="pl.geekbuying.com" />
+	<target host="pt.geekbuying.com" />
+	<target host="ru.geekbuying.com" />
+	<target host="th.geekbuying.com" />
+	<target host="tr.geekbuying.com" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Geekdo-static.com.xml b/src/chrome/content/rules/Geekdo-static.com.xml
new file mode 100644
index 000000000000..4f75cca81ee7
--- /dev/null
+++ b/src/chrome/content/rules/Geekdo-static.com.xml
@@ -0,0 +1,15 @@
+<!--
+	For other BoardGameGeek coverage, see BoardGameGeek.com.xml.
+
+-->
+<ruleset name="Geekdo-static.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="cf.geekdo-static.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Geekevents.org.xml b/src/chrome/content/rules/Geekevents.org.xml
new file mode 100644
index 000000000000..6e23c1f6745b
--- /dev/null
+++ b/src/chrome/content/rules/Geekevents.org.xml
@@ -0,0 +1,12 @@
+<ruleset name="Geekevents.org">
+
+	<target host="geekevents.org" />
+	<target host="www.geekevents.org" />
+
+
+	<securecookie host="^\.geekevents\.org$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Geekhack.org.xml b/src/chrome/content/rules/Geekhack.org.xml
new file mode 100644
index 000000000000..63dd7f012b31
--- /dev/null
+++ b/src/chrome/content/rules/Geekhack.org.xml
@@ -0,0 +1,23 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- geekhack.org
+
+-->
+<ruleset name="geekhack.org">
+
+	<target host="geekhack.org" />
+	<target host="www.geekhack.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^geekhack\.org$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^geekhack\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Geekheim.de.xml b/src/chrome/content/rules/Geekheim.de.xml
index d7fab509a36f..663bf3a80aa6 100644
--- a/src/chrome/content/rules/Geekheim.de.xml
+++ b/src/chrome/content/rules/Geekheim.de.xml
@@ -3,7 +3,6 @@
 	<target host="frank.geekheim.de" />
 
 
-	<rule from="^http://frank\.geekheim\.de/"
-		to="https://frank.geekheim.de/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Geekify.xml b/src/chrome/content/rules/Geekify.xml
index cde453fbe1b7..9a82e8a3d720 100644
--- a/src/chrome/content/rules/Geekify.xml
+++ b/src/chrome/content/rules/Geekify.xml
@@ -1,8 +1,12 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.geekify.com.au/ => http://www.geekify.com.au/: (6, 'Could not resolve host: www.geekify.com.au')
+
 	Some pages redirect to http.
 
 -->
-<ruleset name="Geekify (partial)">
+<ruleset name="Geekify (partial)" default_off="failed ruleset test">
 
 	<target host="geekify.com.au" />
 	<target host="www.geekify.com.au" />
@@ -11,4 +15,4 @@
 	<rule from="^http://(www\.)?geekify\.com\.au/(data/|fpss/|images/|sites/|user(?:$|\?|/))"
 		to="https://$1geekify.com.au/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Geeknet_Media-problematic.xml b/src/chrome/content/rules/Geeknet_Media-problematic.xml
deleted file mode 100644
index 93d939638931..000000000000
--- a/src/chrome/content/rules/Geeknet_Media-problematic.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<!--
-	For rules that are on by default, see Geeknet_Media.xml.
-
--->
-<ruleset name="Geeknet Media (problematic)" default_off="mismatched">
-
-	<target host="library.geeknetmedia.com" />
-
-
-	<rule from="^http://library\.geeknetmedia\.com/"
-		to="https://library.geeknetmedia.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Geeknet_Media.xml b/src/chrome/content/rules/Geeknet_Media.xml
index 17a1e8e40629..6b31ac5126be 100644
--- a/src/chrome/content/rules/Geeknet_Media.xml
+++ b/src/chrome/content/rules/Geeknet_Media.xml
@@ -1,17 +1,4 @@
-<!--
-	For problematic rules, see Geeknet_Media-problematic.xml.
-
-
-	For other Dice Holdings coverage, see Dice.xml.
-
-
-	Problematic subdomains:
-
-		- library	(mismatched, CN: *.sourceforge.net)
-		- www		(cert only matches ^geeknetmedia.com)
-
--->
-<ruleset name="Geeknet Media (partial)">
+<ruleset name="Geek Net Media.com" default_off="404">
 
 	<target host="geeknetmedia.com" />
 	<target host="www.geeknetmedia.com" />
@@ -20,7 +7,7 @@
 	<securecookie host="^geeknetmedia\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?geeknetmedia\.com/"
-		to="https://geeknetmedia.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Geeksphone.com.xml b/src/chrome/content/rules/Geeksphone.com.xml
new file mode 100644
index 000000000000..a6a09a5d4b33
--- /dev/null
+++ b/src/chrome/content/rules/Geeksphone.com.xml
@@ -0,0 +1,47 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://geeksphone.com/ => https://geeksphone.com/: (60, 'SSL certificate problem: certificate has expired')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://geeksphone.com/ => https://geeksphone.com/: (60, 'SSL certificate problem: certificate has expired')
+	CDN buckets:
+
+		- d337ou2hengace.cloudfront.net
+
+			- downloads.geeksphone.com
+
+
+	Mixed content:
+
+		- css on forum from fonts.googleapis.com *
+
+		- Images on forum from shop *
+
+	* Secured by us
+
+-->
+<ruleset name="Geeksphone.com" default_off="failed ruleset test">
+
+	<target host="geeksphone.com" />
+	<target host="forum.geeksphone.com" />
+	<target host="shop.geeksphone.com" />
+	<target host="www.geeksphone.com" />
+	<target host="downloads.geeksphone.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?geeksphone\.com$" name="^_icl_current_language$" /-->
+	<!--securecookie host="^(forum|shop)\.geeksphone\.com$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^\.shop\.geeksphone\.com$" name="^[0-9a-f]{32}$" /-->
+
+	<securecookie host="^(?:(?:forum|\.?shop|www)\.)?geeksphone\.com$" name=".+" />
+
+
+
+	<rule from="^http://downloads\.geeksphone\.com/"
+		to="https://d337ou2hengace.cloudfront.net/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Geektimes.ru.xml b/src/chrome/content/rules/Geektimes.ru.xml
new file mode 100644
index 000000000000..5905ee358fd4
--- /dev/null
+++ b/src/chrome/content/rules/Geektimes.ru.xml
@@ -0,0 +1,38 @@
+<!--
+	For other TM coverage, see TMtm.ru.xml.
+
+
+	Insecure cookies are set for these hosts:
+
+		- special.geektimes.ru
+
+
+	Mixed content:
+
+		- css on lab from fonts.googleapis.com ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="Geektimes.ru (partial)">
+
+	<target host="geektimes.ru" />
+	<!--target host="api.geektimes.ru" />	403 vs 503 - needs tests -->
+	<target host="lab.geektimes.ru" />
+	<target host="m.geektimes.ru" />
+	<target host="special.geektimes.ru" />
+	<target host="www.geektimes.ru" />
+
+		<!--	Sets cookie without secure:
+							-->
+		<!--test url="http://special.geektimes.ru/captcha/" /-->
+
+
+	<!--securecookie host="^special\.geektimes\.ru$" name="^captcha$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Gegl.org.xml b/src/chrome/content/rules/Gegl.org.xml
new file mode 100644
index 000000000000..c69c932a228c
--- /dev/null
+++ b/src/chrome/content/rules/Gegl.org.xml
@@ -0,0 +1,10 @@
+<!--
+	Mismatched:
+		- ftp
+-->
+<ruleset name="Gegl.org" default_off="expired">
+	<target host="gegl.org" />
+	<target host="www.gegl.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Gehrcke.de.xml b/src/chrome/content/rules/Gehrcke.de.xml
new file mode 100644
index 000000000000..c59699fae7c4
--- /dev/null
+++ b/src/chrome/content/rules/Gehrcke.de.xml
@@ -0,0 +1,34 @@
+<!--
+	www.gehrcke.de: Mismatched, self-signed
+
+
+	Insecure cookies are set for these domains:
+
+		- .gehrcke.de
+
+-->
+<ruleset name="Gehrcke.de">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="gehrcke.de" />
+
+	<!--	Complications:
+				-->
+	<target host="www.gehrcke.de" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.gehrcke\.de$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://www\.gehrcke\.de/"
+		to="https://gehrcke.de/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Geht.net.xml b/src/chrome/content/rules/Geht.net.xml
new file mode 100644
index 000000000000..55f7744525b9
--- /dev/null
+++ b/src/chrome/content/rules/Geht.net.xml
@@ -0,0 +1,31 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://hydra.geht.net/ => https://hydra.geht.net/: (7, 'Failed to connect to hydra.geht.net port 443: Connection refused')
+
+	(www.)?geht.net: Refused
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- hydra.geht.net
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="geht.net (partial)" default_off="failed ruleset test">
+
+	<target host="hydra.geht.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^hydra\.geht\.net$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Geizhals.at.xml b/src/chrome/content/rules/Geizhals.at.xml
new file mode 100644
index 000000000000..26fbec0a87d2
--- /dev/null
+++ b/src/chrome/content/rules/Geizhals.at.xml
@@ -0,0 +1,17 @@
+<!--
+	For other Preisvergleich Internet Services coverage, see Preisvergleich-Internet-Services.xml.
+
+-->
+<ruleset name="Geizhals.at">
+
+	<target host="geizhals.at" />
+	<target host="forum.geizhals.at" />
+	<target host="gewinnspiel.geizhals.at" />
+	<target host="unternehmen.geizhals.at" />
+	<target host="www.geizhals.at" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Geizhals.de.xml b/src/chrome/content/rules/Geizhals.de.xml
new file mode 100644
index 000000000000..6dec537b42e8
--- /dev/null
+++ b/src/chrome/content/rules/Geizhals.de.xml
@@ -0,0 +1,14 @@
+<!--
+	For other Preisvergleich Internet Services coverage, see Preisvergleich-Internet-Services.xml.
+
+-->
+<ruleset name="Geizhals.de">
+
+	<target host="geizhals.de" />
+	<target host="forum.geizhals.de" />
+	<target host="www.geizhals.de" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Geizhals.eu.xml b/src/chrome/content/rules/Geizhals.eu.xml
new file mode 100644
index 000000000000..6ef04b9c91c5
--- /dev/null
+++ b/src/chrome/content/rules/Geizhals.eu.xml
@@ -0,0 +1,9 @@
+<!--
+	For other Preisvergleich Internet Services coverage, see Preisvergleich-Internet-Services.xml.
+-->
+<ruleset name="Geizhals.eu">
+	<target host="geizhals.eu" />
+	<target host="www.geizhals.eu" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Gem.co.xml b/src/chrome/content/rules/Gem.co.xml
new file mode 100644
index 000000000000..4641a63e09be
--- /dev/null
+++ b/src/chrome/content/rules/Gem.co.xml
@@ -0,0 +1,35 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.gem.co/ => https://www.gem.co/: (51, "SSL: no alternative certificate subject name matches target host name 'www.gem.co'")
+
+	Nonfunctional hosts in *gem.co:
+
+		- blog ¹
+		- guide ²
+
+	¹ Tumblr
+	² Refused
+
+
+	Fully covered hosts in *gem.co:
+
+		- (www.)?
+		- api
+		- my
+
+-->
+<ruleset name="Gem.co (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="gem.co" />
+	<target host="api.gem.co" />
+	<target host="my.gem.co" />
+	<target host="www.gem.co" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GemCutter.org.xml b/src/chrome/content/rules/GemCutter.org.xml
new file mode 100644
index 000000000000..a800fd3addd5
--- /dev/null
+++ b/src/chrome/content/rules/GemCutter.org.xml
@@ -0,0 +1,15 @@
+<!--
+	For other RubyGem rulesets, see RubyGems.org.xml
+
+	Invalid certificate:
+		gemcutter.org
+
+-->
+<ruleset name="GemCutter.org">
+
+	<target host="gemcutter.org" />
+
+	<rule from="^http://gemcutter\.org/"
+		to="https://rubygems.org/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Gemalto.com-problematic.xml b/src/chrome/content/rules/Gemalto.com-problematic.xml
new file mode 100644
index 000000000000..f608e9d9b7cf
--- /dev/null
+++ b/src/chrome/content/rules/Gemalto.com-problematic.xml
@@ -0,0 +1,17 @@
+<!--
+	For rules that are on by default, see Gemalto.com.xml.
+
+-->
+<ruleset name="Gemalto.com (expired, self-signed)" default_off="expired, self-signed">
+
+	<target host="support.gemalto.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<securecookie host="^support\.gemalto\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Gemalto.com.xml b/src/chrome/content/rules/Gemalto.com.xml
new file mode 100644
index 000000000000..408959b3bc66
--- /dev/null
+++ b/src/chrome/content/rules/Gemalto.com.xml
@@ -0,0 +1,75 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://allynisconnect1.gemalto.com/ => https://allynisconnect1.gemalto.com/: (6, 'Could not resolve host: allynisconnect1.gemalto.com')
+
+	For problematic rules, see Gemalto.com-problematic.xml.
+
+
+	Nonfunctional subdomains:
+
+		- ^ ¹
+		- www ²
+
+	¹ 403
+	² Redirects to http
+
+
+	Problematic subdomains:
+
+		- support *
+
+	* Works; expired 2012-12-06, self-signed, CN: vgerndvud358
+
+
+	Fully covered subdomains:
+
+		- allynisconnect1
+		- boutique
+		- webstore
+
+
+	Insecure cookies are set for these hosts:
+
+		- boutique.gemalto.com
+		- support.gemalto.com
+		- webstore.gemalto.com
+
+
+	Mixed content:
+
+		- css on support from static.jquery.com ¹
+		- favicon on support from $self ²
+		- Web bugs on webstore from fr.sitestat.com ³
+
+	¹ Unsecurable <= 504
+	² Secured in -problematic.xml <= bad cert
+	³ Secured by us
+
+-->
+<ruleset name="Gemalto.com (partial)" default_off="failed ruleset test">
+
+	<target host="allynisconnect1.gemalto.com" />
+	<target host="boutique.gemalto.com" />
+	<target host="webstore.gemalto.com" />
+		<!--
+			Bad cert:
+					-->
+		<!--exclusion pattern="^http://support\.gemalto\.com/" /-->
+		<!--
+			Redirects to http:
+								-->
+		<!--exclusion pattern="^http://www\.gemalto\.com/($|_catalogs/masterpage/Gemalto/assets/|_layouts/15/images/|gemalto/gemalto/s|favicon\.ico|Mobile-site/linqus-site/PublishingImages/mobile/mcommerce/trusted-service-hub/|SiteCollectionImages/P_Teaser/|Style\ Library/en-US/Themable/Core\ Styles/)" /-->
+
+
+	<!--	Server doesn't secure:
+					-->
+	<!--securecookie host="^(boutique|webstore)\.gemalto\.com$" name="^sid$" /-->
+
+	<securecookie host="^(?:boutique|webstore)\.gemalto\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Gemius.com.xml b/src/chrome/content/rules/Gemius.com.xml
new file mode 100644
index 000000000000..d549a8a5edea
--- /dev/null
+++ b/src/chrome/content/rules/Gemius.com.xml
@@ -0,0 +1,50 @@
+<!--
+	For other Gemius coverage, see Gemius.xml.
+
+
+	^: 404
+
+
+	Fully covered subdomains:
+
+		- (www.)?	(^ → www)
+		- heatmap
+		- traffic
+
+
+	Insecure cookies are set for these hosts:
+
+		- gemius.com
+		- heatmap.gemius.com
+		- www.gemius.com
+
+-->
+<ruleset name="Gemius.com (partial)">
+
+	<target host="gemius.com" />
+	<target host="heatmap.gemius.com" />
+	<target host="traffic.gemius.com" />
+	<target host="www.gemius.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^gemius\.com$" name="^[BF]E_USER_AUTH$" /-->
+	<!--securecookie host="^(www\.)?gemius\.com$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^heatmap\.gemius\.com$" name="^ghm_productpage$" /-->
+
+	<securecookie host="^(?:heatmap\.|www\.)?gemius\.com$" name=".+" />
+
+
+	<!--	Redirect keeps path and args,
+		but not forward slash:
+					-->
+	<rule from="^http://gemius\.com/+"
+		to="https://www.gemius.com/" />
+
+		<test url="http://gemius.com//homepage.html" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Gemius.xml b/src/chrome/content/rules/Gemius.xml
index 99e1ee870cbe..89143b61f1c0 100644
--- a/src/chrome/content/rules/Gemius.xml
+++ b/src/chrome/content/rules/Gemius.xml
@@ -1,24 +1,36 @@
 <!--
-	Problematic subdomains:
+	Other Gemius rulesets:
 
-		- ^	(cert only matches *.gemius.pl)
+		- Gemius.com.xml
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- .hit.gemius.pl
+		- www.gemius.pl
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="Gemius">
+<ruleset name="Gemius.pl">
 
 	<target host="gemius.pl" />
-	<target host="*.gemius.pl" />
+	<target host="*.hit.gemius.pl" />
+	<target host="www.gemius.pl" />
+
+		<test url="http://mailua.hit.gemius.pl/redot.gif" />
+		<test url="http://yandexgaua.hit.gemius.pl/redot.gif" />
 
 
-	<securecookie host="^(?:\.hit|www)\.gemius\.pl$" name=".+" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.hit\.gemius\.pl$" name="^Gtest$" /-->
+	<!--securecookie host="^www\.gemius\.pl$" name="^PHPSESSID$" /-->
 
+	<securecookie host="^(?!\.gemius\.pl$)." name=".+" />
 
-	<rule from="^http://(?:www\.)?gemius\.pl/"
-		to="https://www.gemius.pl/" />
 
-	<!--	Web bugs:
-				-->
-	<rule from="^http://([^@:/]+)\.hit\.gemius\.pl/"
-		to="https://$1.hit.gemius.pl/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Gemklub.xml b/src/chrome/content/rules/Gemklub.xml
index 6031e70d7313..8ae207fe1b83 100644
--- a/src/chrome/content/rules/Gemklub.xml
+++ b/src/chrome/content/rules/Gemklub.xml
@@ -1,5 +1,11 @@
-<ruleset name="G&#233;mklub">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.gemklub.hu/ => https://www.gemklub.hu/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="G&#233;mklub" default_off="failed ruleset test">
 	<target host="www.gemklub.hu" />
 
-	<rule from="^http://www\.gemklub\.hu/" to="https://www.gemklub.hu/" />
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Gemnasium.com.xml b/src/chrome/content/rules/Gemnasium.com.xml
new file mode 100644
index 000000000000..b79a9fa4fde7
--- /dev/null
+++ b/src/chrome/content/rules/Gemnasium.com.xml
@@ -0,0 +1,30 @@
+<!--
+	Problematic subdomains:
+
+		- blog ¹
+		- support ²
+
+	¹ Refused
+	² Mismatched
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .gemnasium.com
+
+-->
+<ruleset name="Gemnasium.com (partial)">
+
+	<target host="gemnasium.com" />
+	<target host="www.gemnasium.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.gemnasium\.com$" name="^^(__cfduid|cf_clearance)$" /-->
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Gemseek.com.xml b/src/chrome/content/rules/Gemseek.com.xml
new file mode 100644
index 000000000000..51caef0062b3
--- /dev/null
+++ b/src/chrome/content/rules/Gemseek.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- gemseek.com
+		- www.gemseek.com
+
+-->
+<ruleset name="Gemseek.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="gemseek.com" />
+	<target host="www.gemseek.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?gemseek\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GenGes.com.xml b/src/chrome/content/rules/GenGes.com.xml
index f226ddf865fd..20251b9119cd 100644
--- a/src/chrome/content/rules/GenGes.com.xml
+++ b/src/chrome/content/rules/GenGes.com.xml
@@ -1,13 +1,18 @@
-<ruleset name="GenGes.com">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.genges.com/ => https://www.genges.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.genges.com'")
+
+-->
+<ruleset name="GenGes.com" default_off="failed ruleset test">
 
 	<target host="genges.com" />
-	<target host="*.genges.com" />
+	<target host="www.genges.com" />
 
 
 	<securecookie host="^\.genges\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?genges\.com/"
-		to="https://$1genges.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/GenNextFoundation.org.xml b/src/chrome/content/rules/GenNextFoundation.org.xml
new file mode 100644
index 000000000000..df8e8d8804a0
--- /dev/null
+++ b/src/chrome/content/rules/GenNextFoundation.org.xml
@@ -0,0 +1,9 @@
+<ruleset name="GenNextFoundation.org">
+
+	<target host="gennextfoundation.org" />
+	<target host="www.gennextfoundation.org" />
+	<target host="cdn.gennextfoundation.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Genbank.ru.xml b/src/chrome/content/rules/Genbank.ru.xml
new file mode 100644
index 000000000000..49a67df0578a
--- /dev/null
+++ b/src/chrome/content/rules/Genbank.ru.xml
@@ -0,0 +1,7 @@
+<ruleset name="Genbank.ru">
+	<target host="genbank.ru" />
+	<target host="www.genbank.ru" />
+	<target host="ibank2.genbank.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/General-Electric.xml b/src/chrome/content/rules/General-Electric.xml
deleted file mode 100644
index a2c9bf6cf1e2..000000000000
--- a/src/chrome/content/rules/General-Electric.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="General Electric (partial)">
-
-	<target host="files.*.geblogs.com"/>
-
-	<rule from="^http://files\.([^\.]+)\.geblogs\.com/"
-		to="https://s3.amazonaws.com/files.$1.geblogs.com/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/General-Logistics-Systems.xml b/src/chrome/content/rules/General-Logistics-Systems.xml
index 69ce6303ef58..937d40a49f8d 100644
--- a/src/chrome/content/rules/General-Logistics-Systems.xml
+++ b/src/chrome/content/rules/General-Logistics-Systems.xml
@@ -4,12 +4,11 @@
 	<target host="www.gls-group.eu" />
 
 
-	<securecookie host="^www\.gls-group\.eu$" name=".*" />
+	<securecookie host="^www\.gls-group\.eu$" name=".+" />
 
 
 	<!--	Cert only matches *.gls-group.eu.
 							-->
-	<rule from="^https?://(?:www\.)?gls-group\.eu/"
-		to="https://www.gls-group.eu/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/General-anzeiger-bonn.de.xml b/src/chrome/content/rules/General-anzeiger-bonn.de.xml
new file mode 100644
index 000000000000..525bd671447b
--- /dev/null
+++ b/src/chrome/content/rules/General-anzeiger-bonn.de.xml
@@ -0,0 +1,13 @@
+<!--
+  Host unresolved:
+    - epaper.general-anzeiger-bonn.de
+ -->
+
+<ruleset name="General-anzeiger-bonn.de">
+	<target host="general-anzeiger-bonn.de" />
+	<target host="www.general-anzeiger-bonn.de" />
+	<target host="trauer.general-anzeiger-bonn.de" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Generalitat-of-Catalonia.xml b/src/chrome/content/rules/Generalitat-of-Catalonia.xml
index d2d7a74277fb..4f0e393c9acb 100644
--- a/src/chrome/content/rules/Generalitat-of-Catalonia.xml
+++ b/src/chrome/content/rules/Generalitat-of-Catalonia.xml
@@ -1,9 +1,18 @@
-<ruleset name="Generalitat of Catalonia (partial)" platform="mixedcontent">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://gencat.cat/ => https://gencat.cat/: (51, "SSL: no alternative certificate subject name matches target host name 'gencat.cat'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://gencat.cat/ => https://gencat.cat/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+-->
+<ruleset name="Generalitat of Catalonia (partial)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="gencat.cat"/>
-	<target host="*.gencat.cat"/>
+	<target host="www.gencat.cat" />
+	<target host="www20.gencat.cat" />
 
-	<securecookie host="^(.*[^0]*\.)?gencat\.cat$" name=".*"/>
+	<securecookie host="^(?:.*[^0]*\.)?gencat\.cat$" name=".+" />
 
 	<rule from="^http://(www\.)?gencat\.cat/"
 		to="https://$1gencat.cat/"/>
diff --git a/src/chrome/content/rules/GeneseePhoto.com.xml b/src/chrome/content/rules/GeneseePhoto.com.xml
new file mode 100644
index 000000000000..2410e2a165cc
--- /dev/null
+++ b/src/chrome/content/rules/GeneseePhoto.com.xml
@@ -0,0 +1,19 @@
+<!--
+	No working URL known:
+		www.geneseephoto.com
+
+-->
+<ruleset name="Genesee Photo Systems">
+
+	<target host="geneseephoto.com" />
+	<target host="www2.geneseephoto.com" />
+
+	<target host="okpartypix.com" />
+	<target host="www.okpartypix.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Genesee_Photo_Systems.xml b/src/chrome/content/rules/Genesee_Photo_Systems.xml
deleted file mode 100644
index 19e1aea6176e..000000000000
--- a/src/chrome/content/rules/Genesee_Photo_Systems.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<ruleset name="Genesee Photo Systems">
-
-	<target host="geneseephoto.com" />
-	<target host="*.geneseephoto" />
-	<target host="okpartypix.com" />
-	<target host="*.okpartypix.com" />
-
-
-	<securecookie host="^\.(?:geneseephoto|okpartypix)\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?(geneseephoto|okpartypix)\.com/"
-		to="https://$1$2.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Genesis-Technologies.xml b/src/chrome/content/rules/Genesis-Technologies.xml
index f6eea74b7ef4..8ccc927cd9b9 100644
--- a/src/chrome/content/rules/Genesis-Technologies.xml
+++ b/src/chrome/content/rules/Genesis-Technologies.xml
@@ -7,7 +7,6 @@
 	<securecookie host="^(?:www\.)?genesis-technologies\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?genesis-technologies\.com/"
-		to="https://$1genesis-technologies.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Genesis4gamer.de.xml b/src/chrome/content/rules/Genesis4gamer.de.xml
new file mode 100644
index 000000000000..77e15175ebd9
--- /dev/null
+++ b/src/chrome/content/rules/Genesis4gamer.de.xml
@@ -0,0 +1,15 @@
+<!--
+	(www.)?genesis4gamer.de: Refused
+
+-->
+<ruleset name="genesis4gamer.de (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="webstats.genesis4gamer.de" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Genesys-Hannover.de.xml b/src/chrome/content/rules/Genesys-Hannover.de.xml
new file mode 100644
index 000000000000..4dd4cc26c50c
--- /dev/null
+++ b/src/chrome/content/rules/Genesys-Hannover.de.xml
@@ -0,0 +1,13 @@
+<ruleset name="Genesys-Hannover.de">
+
+	<target host="genesys-hannover.de" />
+	<target host="www.genesys-hannover.de" />
+
+	<!-- Invalid certificate on https://genesys-hannover.de/,
+	http://genesys-hannover.de/ redirects to http://www.genesys-hannover.de/ -->
+	<rule from="^http://genesys-hannover\.de/"
+		to="https://www.genesys-hannover.de/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Genivi.org.xml b/src/chrome/content/rules/Genivi.org.xml
new file mode 100644
index 000000000000..ab55129a9fb8
--- /dev/null
+++ b/src/chrome/content/rules/Genivi.org.xml
@@ -0,0 +1,47 @@
+<!--
+	Invalid certificate:
+		genivi.org
+		bugs.genivi.org
+		memberapp.genivi.org
+		members.genivi.org
+		wiki.projects.genivi.org
+		publicgit.genivi.org
+		test.genivi.org
+		wiki.genivi.org
+
+	Refused:
+		fossology.genivi.org
+
+	Login required:
+		go.genivi.org
+
+	Secure connection failed:
+		docs.projects.genivi.org
+
+	Different content http/https:
+		git.projects.genivi.org
+		sota.genivi.org
+
+	No working URL known:
+		svn.genivi.org
+
+-->
+<ruleset name="Genivi.org">
+
+	<target host="genivi.org" />
+	<target host="www.genivi.org" />
+	<target host="collab.genivi.org" />
+	<target host="lists.genivi.org" />
+	<target host="mail.genivi.org" />
+	<target host="projects.genivi.org" />
+	<target host="at.projects.genivi.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://genivi\.org/"
+		to="https://www.genivi.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Genofond.org.xml b/src/chrome/content/rules/Genofond.org.xml
new file mode 100644
index 000000000000..ee8ce3d21ce3
--- /dev/null
+++ b/src/chrome/content/rules/Genofond.org.xml
@@ -0,0 +1,14 @@
+<!--
+	Invalid Certificate:
+		www.genofond.org
+-->
+<ruleset name="Genofond.org">
+	<target host="genofond.org" />
+	<target host="www.genofond.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://www\.genofond\.org/" to="https://genofond.org/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Genome.gov.xml b/src/chrome/content/rules/Genome.gov.xml
new file mode 100644
index 000000000000..545a8fea95d4
--- /dev/null
+++ b/src/chrome/content/rules/Genome.gov.xml
@@ -0,0 +1,8 @@
+<ruleset name="Genome.gov">
+
+	<target host="genome.gov" />
+	<target host="www.genome.gov" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Gentle_labs.com.xml b/src/chrome/content/rules/Gentle_labs.com.xml
index a0c8b97e9797..9302e2fbbf58 100644
--- a/src/chrome/content/rules/Gentle_labs.com.xml
+++ b/src/chrome/content/rules/Gentle_labs.com.xml
@@ -1,26 +1,39 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://results.gentlelabs.com/ => https://results.gentlelabs.com/: (6, 'Could not resolve host: results.gentlelabs.com')
+Fetch error: http://store.gentlelabs.com/ => https://store.gentlelabs.com/: (6, 'Could not resolve host: store.gentlelabs.com')
+Fetch error: http://www.gentlelabs.com/ => https://www.gentlelabs.com/: (6, 'Could not resolve host: www.gentlelabs.com')
+Fetch error: http://gentlelabs.com/ => https://www.gentlelabs.com/: (6, 'Could not resolve host: www.gentlelabs.com')
+
 	CDN buckets:
 
 		- dl5db4br4ix6p.cloudfront.net
 
 
-	Fully covered subdomains:
-
-		- (www.)
-		- results
-		- store
+	^gentlelabs.com: Refused
 
 -->
-<ruleset name="Gentle labs.com">
+<ruleset name="Gentle labs.com" default_off="failed ruleset test">
 
+	<!--	Direct rewrites:
+				-->
+	<target host="results.gentlelabs.com" />
+	<target host="store.gentlelabs.com" />
+	<target host="www.gentlelabs.com" />
+
+	<!--	Complications:
+				-->
 	<target host="gentlelabs.com" />
-	<target host="*.gentlelabs.com" />
 
 
 	<securecookie host="^\.gentlelabs\.com$" name=".+" />
 
 
-	<rule from="^http://((?:results|store|www)\.)?gentlelabs\.com/"
-		to="https://$1gentlelabs.com/" />
+	<rule from="^http://gentlelabs\.com/"
+		to="https://www.gentlelabs.com/" />
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Gentoo-cacert.xml b/src/chrome/content/rules/Gentoo-cacert.xml
deleted file mode 100644
index 3412e92d8283..000000000000
--- a/src/chrome/content/rules/Gentoo-cacert.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	For rules that are on by default, see Gentoo.xml.
-
--->
-<ruleset name="Gentoo (cacert)" platform="cacert">
-
-	<target host="bugs.gentoo.org" />
-	<target host="*.bugs.gentoo.org" />
-
-
-	<securecookie host="bugs\.gentoo\.org$" name=".+" />
-
-
-	<rule from="^http://(\d+\.)?bugs\.gentoo\.org/"
-		to="https://$1bugs.gentoo.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Gentoo-eV.org.xml b/src/chrome/content/rules/Gentoo-eV.org.xml
new file mode 100644
index 000000000000..d46c7a0dd291
--- /dev/null
+++ b/src/chrome/content/rules/Gentoo-eV.org.xml
@@ -0,0 +1,9 @@
+<ruleset name="Gentoo-eV.org">
+
+	<target host="gentoo-ev.org" />
+	<target host="www.gentoo-ev.org" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Gentoo.xml b/src/chrome/content/rules/Gentoo.xml
index 365fea996f6b..fa20250dd6b1 100644
--- a/src/chrome/content/rules/Gentoo.xml
+++ b/src/chrome/content/rules/Gentoo.xml
@@ -1,42 +1,42 @@
 <!--
-	For rules subject to cacert certificates, see Gentoo-cacert.xml.
-
+	NB: If a host ceases to exist, just remove the respective test.
 
 	Nonfunctional subdomains:
 
-		- anoncvs *
-		- distfiles	(support varies between mirrors resolved to)
-		- mirrorstats *
-		- sources *
-		- viewcvstest *
-
-	* Times out
-
-
-	Problematic subdomains:
-
-		- bugs *
-		- \d+.bugs *
+		- distfiles ᵐ
+		- forums-lb ¹
+		- forums-web1 ³
+		- viewcvstest ¹
 
-	* cacert
+	ᵐ Mismatched
+	¹ Invalid certificate
+	³ Shows bugs
 
 
 	Fully covered subdomains:
 
-		- (www.)
-		- ads
+		- (www.)?
+		- anoncvs
+		- anongit
 		- archives
 		- blogs
 		- bouncer
+		- bugs
+		- \d+.bugs
+		- cgit
 		- council
-		- council-webapp
 		- dev
 		- devmanual
+		- distfiles	(→ gentoo.osuosl.org)
 		- foundation
 		- forums
-		- forums-lb
-		- forums-web[12]
+		- forums-web2
 		- games
+		- get
+		- gitweb
+		- infra-status
+		- kde
+		- mirrorstats
 		- overlays
 		- git.overlays
 		- svn.overlays
@@ -45,33 +45,86 @@
 		- planet
 		- qa-reports
 		- security
-		- sidebar
+		- sources
 		- store
 		- wiki
 
 
-	Mixed images on planet from various domains.
+	Insecure cookies are set for these hosts:
+
+		- bugs.gentoo.org
+
+
+	Mixed content:
+
+		- Images on planet from various domains
+
+		- favicon on anoncvs from www.gentoo.org *
+
+		- Ads/bugs, on archive from:
+
+			- images.paypal.com *
+
+	* Secured by us
 
 -->
-<ruleset name="Gentoo (partial) ">
+<ruleset name="Gentoo.org (partial)">
 
 	<target host="gentoo.org" />
 	<target host="*.gentoo.org" />
-		<exclusion pattern="^http://(?:anoncvs|bugs|\d+\.bugs|distfiles|mirrorstats|sources|viewcvstest)\." />
-
 
-	<!--	Observed cookie subdomains:
-
-			- blogs
-			- bugs
-			- ^\.forums
-			- overlays
-			- wiki
+		<exclusion pattern="^http://forums-lb\.gentoo\.org/" />
+			<test url="http://forums-lb.gentoo.org/" />
+		<exclusion pattern="^http://forums-web1\.gentoo\.org/" />
+			<test url="http://forums-web1.gentoo.org/" />
+		<exclusion pattern="^http://viewcvstest\.gentoo\.org/" />
+			<test url="http://viewcvstest.gentoo.org/" />
+
+		<test url="http://anoncvs.gentoo.org/" />
+		<test url="http://anongit.gentoo.org/" />
+		<test url="http://archives.gentoo.org/" />
+		<test url="http://blogs.gentoo.org/" />
+		<test url="http://bouncer.gentoo.org/" />
+		<test url="http://bugs.gentoo.org/" />
+		<test url="http://cgit.gentoo.org/" />
+		<test url="http://council.gentoo.org/" />
+		<test url="http://dev.gentoo.org/" />
+		<test url="http://devmanual.gentoo.org/" />
+		<test url="http://foundation.gentoo.org/" />
+		<test url="http://forums.gentoo.org/" />
+		<test url="http://forums-web2.gentoo.org/" />
+		<test url="http://games.gentoo.org/" />
+		<test url="http://get.gentoo.org/" />
+		<test url="http://gitweb.gentoo.org/" />
+		<test url="http://infra-status.gentoo.org/" />
+		<test url="http://kde.gentoo.org/" />
+		<test url="http://mirrorstats.gentoo.org/" />
+		<test url="http://overlays.gentoo.org/" />
+		<!--test url="http://git.overlays.gentoo.org/" /-->
+		<test url="http://packages.gentoo.org/" />
+		<test url="http://piwik.gentoo.org/" />
+		<test url="http://planet.gentoo.org/" />
+		<test url="http://qa-reports.gentoo.org/" />
+		<test url="http://security.gentoo.org/" />
+		<test url="http://sources.gentoo.org/" />
+		<test url="http://store.gentoo.org/" />
+		<test url="http://wiki.gentoo.org/" />
+		<test url="http://www.gentoo.org/" />
+
+
+	<!--	Not secured by server:
 					-->
+	<!--securecookie host="^bugs\.gentoo\.org$" name="^(BUGLIST|LASTORDER)$" /-->
+
 	<securecookie host=".*\.gentoo\.org$" name=".+" />
 
 
-	<rule from="^http://([\w\.-]+\.)?gentoo\.org/"
-		to="https://$1gentoo.org/" />
+	<rule from="^http://distfiles\.gentoo\.org/"
+		to="https://gentoo.osuosl.org/" />
+
+		<test url="http://distfiles.gentoo.org/" />
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/GentooQuebec.org.xml b/src/chrome/content/rules/GentooQuebec.org.xml
deleted file mode 100644
index c8c03af2f08a..000000000000
--- a/src/chrome/content/rules/GentooQuebec.org.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	Expired 2013-06-04
-
--->
-<ruleset name="GentooQuebec.org" default_off="expired">
-
-	<target host="gentooquebec.org" />
-	<target host="*.gentooquebec.org" />
-
-
-	<securecookie host="^\.?gentooquebec\.org$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?gentooquebec\.org/"
-		to="https://gentooquebec.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/GenusDebatten.se.xml b/src/chrome/content/rules/GenusDebatten.se.xml
new file mode 100644
index 000000000000..510cbaef67cf
--- /dev/null
+++ b/src/chrome/content/rules/GenusDebatten.se.xml
@@ -0,0 +1,9 @@
+<ruleset name="GenusDebatten.se">
+	<target host="genusdebatten.se" />
+	<target host="www.genusdebatten.se" />
+	<target host="mail.genusdebatten.se" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Genymotion.com.xml b/src/chrome/content/rules/Genymotion.com.xml
new file mode 100644
index 000000000000..91d882d1be4b
--- /dev/null
+++ b/src/chrome/content/rules/Genymotion.com.xml
@@ -0,0 +1,26 @@
+<!--
+	^genymotion.com: Self-signed
+
+-->
+<ruleset name="Genymotion.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.genymotion.com" />
+
+	<!--	Complications:
+				-->
+	<target host="genymotion.com" />
+
+
+	<securecookie host="^\." name="^_gat?$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://genymotion\.com/"
+		to="https://www.genymotion.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GeoAmigo.xml b/src/chrome/content/rules/GeoAmigo.xml
deleted file mode 100644
index 88882ed8349d..000000000000
--- a/src/chrome/content/rules/GeoAmigo.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="GeoAmigo">
-
-	<target host="geoamigo.com" />
-	<target host="www.geoamigo.com" />
-
-
-	<securecookie host="^(?:www\.)?geoamigo\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?geoamigo\.com/"
-		to="https://$1geoamigo.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/GeoCoder.xml b/src/chrome/content/rules/GeoCoder.xml
index d385614eaf99..c270861c3464 100644
--- a/src/chrome/content/rules/GeoCoder.xml
+++ b/src/chrome/content/rules/GeoCoder.xml
@@ -1,12 +1,33 @@
-<ruleset name="GeoCoder.ca" default_off="expired, mismatch">
 
-	<!--	d1.d.de.static.xlhost.com	-->
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.geocoder.ca/ => https://www.geocoder.ca/: Too many redirects while fetching 'https://www.geocoder.ca/'
+
+	Insecure cookies are set for these hosts:
+
+		- geocoder.ca
+		- www.geocoder.ca
+
+
+	Mixed content:
+
+		- css from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="GeoCoder.ca" default_off="failed ruleset test">
+
 	<target host="geocoder.ca"/>
 	<target host="www.geocoder.ca"/>
 
-	<securecookie host="^(.*\.)?geocoder\.ca$" name=".*"/>
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?geocoder\.ca$" name="^geocoder_ca$" /-->
+
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(?:www\.)?geocoder\.ca/"
-		to="https://geocoder.ca/"/>
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/GeoGebra.org.xml b/src/chrome/content/rules/GeoGebra.org.xml
new file mode 100644
index 000000000000..5711ec2f6952
--- /dev/null
+++ b/src/chrome/content/rules/GeoGebra.org.xml
@@ -0,0 +1,78 @@
+<!--
+	Fully covered hosts in *geogebra.org:
+
+		- (www.)?
+		- blog
+		- community
+		- download
+		- events
+		- forum
+		- gathering
+		- static
+		- tube
+		- tube-test
+		- vanillatest
+		- web
+		- wiki
+		- wikitest
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- geogebra.org
+		- .geogebra.org
+		- blog.geogebra.org
+		- community.geogebra.org
+		- events.geogebra.org
+		- forum.geogebra.org
+		- .forum.geogebra.org
+		- gathering.geogebra.org
+		- tube.geogebra.org
+		- tube-test.geogebra.org
+		- vanillatest.geogebra.org
+		- wiki.geogebra.org
+		- www.geogebra.org
+
+
+	Mixed content:
+
+		- Images on tube from tube-test.geogebra.org *
+
+	* Secured by us
+
+-->
+<ruleset name="GeoGebra.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="geogebra.org" />
+	<target host="blog.geogebra.org" />
+	<target host="community.geogebra.org" />
+	<target host="download.geogebra.org" />
+	<target host="events.geogebra.org" />
+	<target host="forum.geogebra.org" />
+	<target host="gathering.geogebra.org" />
+	<target host="static.geogebra.org" />
+	<target host="tube.geogebra.org" />
+	<target host="tube-test.geogebra.org" />
+	<target host="wikitest.geogebra.org" />
+	<target host="vanillatest.geogebra.org" />
+	<target host="web.geogebra.org" />
+	<target host="wiki.geogebra.org" />
+	<target host="www.geogebra.org" />
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(tube\.|www\.)?geogebra\.org$" name="^(GGBSESSID|ZDEDebuggerPresent)$" /-->
+	<!--securecookie host="^\.geogebra\.org$" name="^GeoGebraLangUI$" /-->
+	<!--securecookie host="^(blog|community|forum|tube-test|vanillatest|wiki)\.geogebra\.org$" name="^ZDEDebuggerPresent$" /-->
+	<!--securecookie host="^(events|gathering)\.geogebra\.org$" name="^(PHPSESSID|ZDEDebuggerPresent)$" /-->
+	<!--securecookie host="^\.forum\.geogebra\.org$" name="^phpbb3_\w+_(k|sid|u)$" /-->
+
+	<securecookie host="^(?:(?:blog|community|events|\.?forum|gathering|tube|tube-test|vanillatest|wiki|www)?\.)?geogebra\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GeoPlatform.gov.xml b/src/chrome/content/rules/GeoPlatform.gov.xml
new file mode 100644
index 000000000000..2873738aef92
--- /dev/null
+++ b/src/chrome/content/rules/GeoPlatform.gov.xml
@@ -0,0 +1,18 @@
+<ruleset name="GeoPlatform.gov">
+
+	<target host="geoplatform.gov" />
+	<target host="idp.geoplatform.gov" />
+	<target host="www.geoplatform.gov" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^idp\.geoplatform\.gov$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Geo_Listening.com.xml b/src/chrome/content/rules/Geo_Listening.com.xml
index 1c87a292254e..8cb7d7c5d6d6 100644
--- a/src/chrome/content/rules/Geo_Listening.com.xml
+++ b/src/chrome/content/rules/Geo_Listening.com.xml
@@ -14,7 +14,6 @@
 	<target host="www.geolistening.com" />
 
 
-	<rule from="^http://(www\.)?geolistening\.com/"
-		to="https://$1geolistening.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Geocaching.com.xml b/src/chrome/content/rules/Geocaching.com.xml
new file mode 100644
index 000000000000..1fa7401796ac
--- /dev/null
+++ b/src/chrome/content/rules/Geocaching.com.xml
@@ -0,0 +1,42 @@
+<!--
+	For other Groundspeak coverage, see Groundspeak.com.xml.
+
+
+	Nonfunctional hosts in *.geocaching.com:
+
+		- status.geocaching.com (t)
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+
+
+	Insecure cookies are set for these hosts:
+
+		- shop.geocaching.com
+		- www.geocaching.com
+-->
+<ruleset name="Geocaching.com">
+
+	<target host="geocaching.com" />
+	<target host="www.geocaching.com" />
+	<target host="blog.geocaching.com" />
+	<target host="forums.geocaching.com" />
+	<target host="img.geocaching.com" />
+	<target host="shop.geocaching.com" />
+	<target host="apidevelopers.geocaching.com" />
+	<target host="payments.geocaching.com" />
+	<target host="newsroom.geocaching.com" />
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.geocaching\.com$" name="^(__RequestVerificationToken|ASP\.NET_SessionId)$" /-->
+	<!--securecookie host="^shop\.geocaching\.com$" name="^(CUSTOMER|CUSTOMER_AUTH|CUSTOMER_INFO|CUSTOMER_SEGMENT_IDS|NEWMESSAGE|frontend)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Geoclub.de.xml b/src/chrome/content/rules/Geoclub.de.xml
new file mode 100644
index 000000000000..292c497c5336
--- /dev/null
+++ b/src/chrome/content/rules/Geoclub.de.xml
@@ -0,0 +1,32 @@
+<!--
+	Nonfunctional subdomains:
+
+		- forum *
+		- podcast *
+		- wfs *
+		- yapis *
+
+	* mismatch
+
+
+	These altnames don't exist:
+
+		- www.forum.geoclub.de
+
+
+	Insecure cookies are set for these domains:
+
+		- .geoclub.de
+
+-->
+<ruleset name="Geoclub.de (partial)">
+
+	<target host="geoclub.de" />
+	<target host="www.geoclub.de" />
+
+	<securecookie host="^\.geoclub\.de$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GeometryExpressions.com.xml b/src/chrome/content/rules/GeometryExpressions.com.xml
new file mode 100644
index 000000000000..a2920fdb0b21
--- /dev/null
+++ b/src/chrome/content/rules/GeometryExpressions.com.xml
@@ -0,0 +1,20 @@
+<!--
+	Invalid Certificate:
+		www.new.geometryexpressions.com
+		atlas.geometryexpressions.com
+		w.geometryexpressions.com
+		m.geometryexpressions.com
+		cemf.geometryexpressions.com
+		ww.geometryexpressions.com
+
+	Wildcard DNS.
+-->
+<ruleset name="GeometryExpressions.com">
+	<target host="geometryexpressions.com" />
+	<target host="www.geometryexpressions.com" />
+	<target host="journal.geometryexpressions.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/George-Mason-University.xml b/src/chrome/content/rules/George-Mason-University.xml
index 041476817d15..cf565fe5f31a 100644
--- a/src/chrome/content/rules/George-Mason-University.xml
+++ b/src/chrome/content/rules/George-Mason-University.xml
@@ -1,4 +1,18 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://today.gmu.edu/images/header.gif => https://today.gmu.edu/images/header.gif: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://today.gmu.edu/css/today_mason.css => https://today.gmu.edu/css/today_mason.css: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://eagle.gmu.edu/ => https://eagle.gmu.edu/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://peoplefinder.gmu.edu/ => https://peoplefinder.gmu.edu/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://policy.gmu.edu/ => https://policy.gmu.edu/: (51, "SSL: no alternative certificate subject name matches target host name 'policy.gmu.edu'")
+Fetch error: http://welcomeweek.gmu.edu/ => https://welcomeweek.gmu.edu/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+-->
+
 <!--
+	George Mason University
+
 	Other George Mason University rulesets:
 
 		- Mercatus-Center.xml
@@ -6,25 +20,146 @@
 
 	Nonfunctional subdomains:
 
+		- ofpslive ¹
 		- wireless	(shows www, mismatched)
 
+	¹ 403
+
+
+	Problematic subdomains:
+
+		- spgia *
+		- today ²
+
+	* Mismatched
+	² Mixed css
+
 
 	Partially covered domains:
 
 		- mason		($ prints "/opt/shtdocs works!")
+		- ulife ²
+
+	² Some pages redirect to http
+
+
+	Fully covered subdomains:
+
+		- (www.)?	(^ → www)
+		- chnm
+		- eagle
+		- getconnected
+		- itservices
+		- login
+		- mlpassword
+		- password
+		- peoplefinder
+		- policy
+		- si
+		- welcomeweek
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .gmu.edu
+		- eagle.gmu.edu
+		- peoplefinder.gmu.edu
+
+
+	Mixed content:
+
+		- Fonts on itservices from themes.googleusercontent.com
+
+		- Images, on:
+
+			- today from $self
+			- today from l.yimg.com
+			- welcomeweek from $self
+
+		- favicon on ulassessment from gmu.edu
+
+		- Ads/bugs, on:
+
+			- ulassessmen from image.exct.net
+			- si from www.facebook.com
 
 -->
-<ruleset name="George Mason University (partial)" platform="mixedcontent">
+<ruleset name="GMU.edu (partial)" default_off="failed ruleset test">
 
 	<target host="gmu.edu"/>
-	<target host="*.gmu.edu"/>
-		<exclusion pattern="^http://mason\.gmu\.edu/(?!~)" />
+	<target host="chnm.gmu.edu"/>
+	<target host="eagle.gmu.edu" />
+	<target host="getconnected.gmu.edu" />
+	<target host="itservices.gmu.edu"/>
+	<target host="login.gmu.edu" />
+	<target host="mason.gmu.edu"/>
+	<target host="mlpassword.gmu.edu" />
+	<target host="password.gmu.edu" />
+	<target host="peoplefinder.gmu.edu" />
+	<target host="policy.gmu.edu"/>
+	<target host="si.gmu.edu"/>
+	<target host="today.gmu.edu" />
+	<target host="ulassessment.gmu.edu" />
+	<target host="ulife.gmu.edu"/>
+	<target host="welcomeweek.gmu.edu" />
 	<target host="www.gmu.edu"/>
 
+		<exclusion pattern="^http://mason\.gmu\.edu/(?!~)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://mason.gmu.edu//" />
+
+			<!--	-ve:
+					-->
+			<test url="http://mason.gmu.edu/~iacs/" />
+
+		<!--	Avoid broken MCB:
+						-->
+		<exclusion pattern="^http://today\.gmu\.edu/+(?!css/|images/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://today.gmu.edu/announcements/" />
+			<test url="http://today.gmu.edu/rss.php" />
+			<test url="http://today.gmu.edu/request.php" />
+
+			<!--	-ve:
+					-->
+			<test url="http://today.gmu.edu/images/header.gif" />
+			<test url="http://today.gmu.edu/css/today_mason.css" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://ulife\.gmu\.edu/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://ulife\.gmu\.edu/+(?!wp-content/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://ulife.gmu.edu/blog/" />
+			<test url="http://ulife.gmu.edu/calendar/" />
+			<test url="http://ulife.gmu.edu/home/" />
+
+			<!--	-ve:
+					-->
+			<test url="http://ulife.gmu.edu/wp-content/themes/kuma-cub/images/ul_title.png" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.gmu\.edu$" name="^people_finder$" /-->
+	<!--securecookie host="^(eagle|peoplefinder)\.gmu\.edu$" name="people_finder_number_results$" /-->
+
+	<securecookie host="^(?:eagle|peoplefinder)\.gmu\.edu$" name=".+" />
+
+
 	<rule from="^http://gmu\.edu/"
 		to="https://www.gmu.edu/"/>
 
-	<rule from="^http://(chnm|mason|www)\.gmu\.edu/"
-		to="https://$1.gmu.edu/"/>
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/George-Washington-University.xml b/src/chrome/content/rules/George-Washington-University.xml
index c7075ed970b1..7c66db28306c 100644
--- a/src/chrome/content/rules/George-Washington-University.xml
+++ b/src/chrome/content/rules/George-Washington-University.xml
@@ -1,22 +1,46 @@
 <!--
+	George Washington University
+
+
 	Nonfunctional subdomains:
 
 		- (www.)campusadvisories	(302s to www.gwu.edu/staticfile/GW/Global/403.html)
 		- docs.law
 		- www.law
 
+
+	Partially covered subdomains:
+
+		- www.seas *
+
+	* Avoiding broken MCB
+
+
+	Mixed content:
+
+		- css on www.seas from $self *
+		- Images on www.seas from $self *
+		- favicon on www.seas from $self *
+
+	* Secured by us
+
 -->
-<ruleset name="George Washington University (partial)">
+<ruleset name="GWU.edu (partial)">
 
-	<target host="*.gwu.edu" />
+	<target host="gwtoday.gwu.edu" />
+	<target host="www.seas.gwu.edu" />
+	<target host="www.gwu.edu" />
+		<!--
+			Avoid broken MCB:
+						-->
+		<exclusion pattern="^http://www\.seas\.gwu\.edu/+(?!~|favicon\.ico|sites/)" />
 
 
-	<securecookie host="^.*\.gwu\.edu$" name=".*" />
+	<securecookie host=".+" name=".+" />
 
 
 	<!--	!www doesn't exist.
 					-->
-	<rule from="^http://(gwtoday|www)\.gwu\.edu/"
-		to="https://$1.gwu.edu/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Georgetown_University.xml b/src/chrome/content/rules/Georgetown_University.xml
index df8c2b51bdc7..dae4fabfd067 100644
--- a/src/chrome/content/rules/Georgetown_University.xml
+++ b/src/chrome/content/rules/Georgetown_University.xml
@@ -1,234 +1,656 @@
 <!--
+	For rules causing MCB, see georgetown.edu-mixedcontent.xml.
+
+
+	CDN buckets:
+
+		- s3.amazonaws.com/global-db-public
+
+
 	Nonfunctional subdomains:
 
-		- acmcu ¹
-		- africanstudies ¹
-		- asianstudies ²
+		- alumni ʰ
 		- assessment ³
-		- benefits ⁴
-		- bioethics ⁵
 		- biomedgrad ²
-		- biomedicalprograms ²
-		- bmcb ¹
-		- bsfs ²
+		- bookstore ʳ
 		- canzps ¹
 		- cbbc ⁶
-		- ccas ²
+		- ccpe ᵇ
 		- cdmc ³
-		- ceres ²
-		- cges ²
-		- cirs ⁴
-		- clas ¹
 		- www.cnir ⁶
-		- college ⁷
-		- contact ⁷
 		- conversation ³
 		- csd ⁸
-		- csj ³
 		- csl				(redirects to http, self-signed)
 		- css ²
 		- ctc ¹
-		- (www.)dml ¹
+		- ctls ᵃ
+		- courses ᵃ
 		- doyle ³
-		- drugdiscovery ¹
-		- ehs ⁶
-		- emergencymanagement ²
-		- events ⁷
-		- explore ⁷
-		- finaid ²
+		- events ᵃ
 		- financialaffairs ⁶
-		- fishercenter ¹
 		- gervaseprograms ⁴
-		- ghd ²
-		- giving ²
-		- giwps ²
-		- gms ²
-		- grad ²
+		- giving ʰ
+		- gnulab ᶠ
 		- gucchd ¹
 		- gumail			(reset)
 		- gumc ¹
 		- h ³
-		- ibd ²
+		- instructionalcontinuity	(200 "DNS or server configuration error")
 		- isd ¹
 		- isim ²
 		- www.isis			(interrupted)
-		- iwpsd ²
 		- journal ³
-		- kennedyinstitute ⁵
-		- lannan ³
 		- linguistics ⁴
 		- mlc.linguistics ³
-		- lombardi			(shows www3; mismatched, CN: www3.georgetown.edu)
 		- lwp ³
-		- maps				(401, valid cert)
-		- medicine ¹
+		- magazine ᵃ
 		- memory ⁶
-		- microbiology ¹
-		- mortara ²
 		- dev.msb ⁹
 		- stg.msb ⁹
-		- msfs ²
 		- narrative ³
-		- neuro ⁸
-		- nhs ¹
-		- ora ⁶
-		- pharmacology ⁶
-		- pjc ⁴
+		- masm.physics ᵃ
 		- police ²
 		- policies ⁴
 		- publicsafety ²
-		- registrar ²
-		- riskmanagement ⁴
-		- safety ²
-		- scs				(shows www12; mismatched, CN: www12.georgetown.edu)
-		- search			(shows www13; mismatched, CN: www13.georgetown.edu)
-		- sem ²
+		- scs ʰ
 		- sips ³
-		- sfs ²
-		- qatar.sfs ⁴
-		- som ¹
-		- sustainability ²
-		- uis ²
-		- search.uis			(redirects to http; mismatched, CN: foo.ent.google.com)
 		- web ²
-		- woodstock ⁸
-		- writing ³
-		- writingcenter ³
+		- writing	(200 "DNS or server configuration error")
+		- writingcenter	(200 "DNS or server configuration error")
 
 	¹ Shows www2; mismatched, CN: www2.georgetown.edu
 	² Times out
-	³ Shows blog.provost, valid cert
+	³ Shows blog. cert
 	⁴ Shows www1; mismatched, CN: www1.georgetown.edu
 	⁵ Shows www11; mismatched, CN: www11.georgetown.edu
 	⁶ Shows www9; mismatched, CN: www9.georgetown.edu
 	⁷ Shows www15; mismatched, CN: www15.georgetown.edu
 	⁸ Shows www8; mismatched, CN: www8.georgetown.edu
 	⁹ 503; mismatched, CN: acquia-sites.com
+	ᵃ Shows another domain
+	ᵇ Shows default page
+	ᶠ Handshake fails
+	ʰ Redirects to http
+	ʳ Refused
 
 
 	Problematic subdomains:
 
-		- dante ¹
-		- researchguides.dml ²
+		- ^ ᵐ
+		- advancement ᵉ ᵐ
+		- alumni-resources ᵐ
+		- bpe ᵐ
+		- campaign ᵉ
+		- crm ᵐ
+		- dante ᵐ
+		- dbbb ᵐ
 		- digital ¹
+
+		- rooms.dml ᵐ
+		- guides.dml ᵐ
+		- researchguides.dml ²
+		- www.dml ᵐ
+
+		- everywhere ᵐ
+		- facilities-apps ᶜ
+		- blog.giwps ᵐ
+		- globaleducation ᵐ
+		- www.gumc ᵐ
+		- gusa ¹ * **
+		- iwpsd ᵐ
 		- keyform		(shows www4; mismatched, CN: www4.georgetown.edu)
-		- www.catalog.library	(cert only matches ^catalog.library)
-		- guides.library ²
-		- proxy.library		(cert only matches *.proxy.library)
+
+		- answers.library ᵐ
+		- www.catalog.library ᵐ
+		- guides.library ᵐ
+		- proxy.library ᵐ
+
 		- www.ll ³
-		- www.msb ³
+		- lynda			(200 "DNS or server configuration error")
+		- www.msb ᵐ	404
+		- mspp ᵐ
 		- my ⁴
-		- preparedness ⁴
-		- ui.uis		(works; mismatched, CN: www1.georgetown.edu)
-		- www10			(mismatched, CN: www4.georgetown.edu)
-		- www13			(works; expired 2013-01-30)
-		- www14			(works; expired 2012-04-26)
-
+		- netid ᵐ
+		- nursing ᵐ
+		- ocaf ᵐ
+		- osp ᵐ
+		- otm ᵐ
+		- outdoored			(200 "DNS or server configuration error")
+		- pjc ᵐ
+		- preparedness ᵐ
+		- sem ᵐ
+		- servicecenter ᵐ
+		- news.sfs ᵐ
+		- signin ᵐ
+		- sites ᵐ
+		- adifferentdialogue.studentaffairs ᵐ
+		- ui.uis ᵐ
+		- woodstock			(200 "DNS or server configuration error")
+		- www[12389] ᵐ
+		- www1[12] ᵐ
+		- yates ᵐ
+
+	* Preemptable redirect
+	** Mismatched cert at redirect destination
 	¹ Prints "DNS or server configuration error", valid cert
 	² Redirects to http; mismatched, CN: *.libguides.com
 	³ No https
 	⁴ Works; mismatched, CN: georgetown.edu
+	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
+	ᵉ Expired
+	ᵐ Mismatched
 
 
 	Partially covered subdomains:
 
-		- researchguides.dml	(→ libguides.com)
-		- guides.library	(→ libguides.com)
 		- www.ll		(→ www.law)
 
 
-	Fully covered subdomains:
-
-		- (www.)
-		- alumni
-		- secure.alumni
-		- apps
-		- campus
-
-		- cndls subdomains:
-
-			- ^
-			- media
-			- pilot
-
-		- commons
-		- blogs.commons
-		- dante			(→ blogs.commons)
-		- digital		(→ www.library)
-		- digitalcommons
-		- eaplus
-		- gdc
-		- gle
-		- gquads
-		- gucms-mgmt
-		- gucms-ui
-		- guevents
-		- gusa
-		- gushare
-		- hoyalink
-		- itel
-		- keyform		(→ www4)
-
-		- law subdomains:
-
-			- autodiscover
-			- legacy
-			- mail
-			- schedule
-			- www
-
-		- library subdomains:
-
-			- (www.)
-			- (www.)catalog	(www → ^)
-			- illiad
-			- (www.)proxy	(^ → www)
-			- repository
-			- resources
-
-		- m
-		- mail
-		- mobile
-		- (www.)msb		(www → ^)
-		- myaccess
-		- mydante-public
-		- netid-mgmt
-		- pegasus
-		- preparedness		(→ www)
-		- blog.provost
-		- blog.sfs
-		- signin
-		- sites
-		- wiki.uis
-		- uis-bboard-[56]
-		- www[1-57-9]
-		- www1[1235-9]
+	These altnames do not exist:
+
+		- calendar.georgetown.edu
+		- docs.georgetown.edu
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- .georgetown.edu
+		- africanamericanstudies.georgetown.edu
+		- art.georgetown.edu
+		- benefits.georgetown.edu
+		- biasreporting.georgetown.edu
+		- biology.georgetown.edu
+		- biomedicalprograms.georgetown.edu
+		- campus.georgetown.edu
+		- catholicstudies.georgetown.edu
+		- cfr.georgetown.edu
+		- cledsp.georgetown.edu
+		- commons.georgetown.edu
+		- contact.georgetown.edu
+		- csj.georgetown.edu
+		- drugdiscovery.georgetown.edu
+		- eaplus.georgetown.edu
+		- ehs.georgetown.edu
+		- eval.georgetown.edu
+		- guevents.georgetown.edu
+		- gucprof.georgetown.edu
+		- healthphysics.georgetown.edu
+		- hoyakids.georgetown.edu
+		- internalaudit.georgetown.edu
+		- jobs.georgetown.edu
+		- kennedyinstitute.georgetown.edu
+
+		- apps.law.georgetown.edu
+		- mail.law.georgetown.edu
+		- schedule.law.georgetown.edu
+		- www.law.georgetown.edu
+
+		- catalog.georgetown.edu
+		- .catalog.georgetown.edu
+		- catalog.library.georgetown.edu
+		- .catalog.library.georgetown.edu
+		- staffwiki.library.georgetown.edu
+
+		- m.georgetown.edu
+		- medievalstudies.georgetown.edu
+		- msb.georgetown.edu
+		- provost.georgetown.edu
+		- rotc.georgetown.edu
+		- portal.scs.georgetown.edu
+		- security.georgetown.edu
+		- seo.georgetown.edu
+		- shibb-idp.georgetown.edu
+		- som.georgetown.edu
+		- studentaffairs.georgetown.edu
+		- studentliving.georgetown.edu
+		- threatassessment.georgetown.edu
+		- trasportation.georgetown.edu
+		- tumorbiology.georgetown.edu
+		- wgsp.georgetown.edu
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css, on:
+
+			- answers.library, guides.library, msb from fonts.googleapis.com ˢ
+			- units from ui.uis.georgetown.edu ᵐ
+			- units from $self ˢ
+			- units from www2.georgetown.edu ˢ
+			- www1[5-8] from explore.georgetown.edu *
+
+		- Images, on:
+
+			- asianstudies from i.imgur.com ˢ
+			- guides.dml from dml.georgetown.edu ˢ
+			- answers.library, guides.library from library.georgetown.edu ˢ
+			- answers.library, guides.library from www.library.georgetown.edu ˢ
+			- maps from maps.google.com ˢ
+			- futures, msb, physics, registrar, sfs, studenthealth, uis, units from $self ˢ
+			- mortara from megaicons.net
+			- netid-mgmt, blog.sfs gucms-ui.georgetown.edu ˢ
+			- scs from kbpublisher.gu-scs.com ᵉ
+			- qatar.sfs from pbs.twimg.com ˢ
+			- veterans from militaryfriendly.com ˢ
+
+		- Bugs, on:
+
+			- msb from bs.serving-sys.com ˢ
+
+	ᵉ Not secured by us <= expired
+	ᵐ Not secured by us <= mismatched
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+	* $ is not linked to, nor does it  appear as though meant
+	  be accessed, so this should not be a problem.
 
 -->
-<ruleset name="Georgetown University" platform="mixedcontent">
-
+<ruleset name="Georgetown University (partial)" default_off="testing">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="acmcu.georgetown.edu" />
+	<target host="adifferentdialogue.georgetown.edu" />
+	<target host="africanamericanstudies.georgetown.edu" />
+	<target host="africanstudies.georgetown.edu" />
+	<target host="secure.alumni.georgetown.edu" />
+	<target host="americanstudies.georgetown.edu" />
+	<target host="anesthesiology.georgetown.edu" />
+	<target host="apps.georgetown.edu" />
+	<target host="art.georgetown.edu" />
+	<target host="asianstudies.georgetown.edu" />
+	<target host="auxiliary.georgetown.edu" />
+	<target host="benefits.georgetown.edu" />
+	<target host="biasreporting.georgetown.edu" />
+	<target host="bioethics.georgetown.edu" />
+	<target host="bioethicsarchive.georgetown.edu" />
+	<target host="biology.georgetown.edu" />
+	<target host="biomedicalprograms.georgetown.edu" />
+	<target host="biomedicalresearch.georgetown.edu" />
+	<target host="biostatistics.georgetown.edu" />
+	<target host="bmcb.georgetown.edu" />
+	<target host="box.georgetown.edu" />
+	<target host="bsfs.georgetown.edu" />
+	<target host="bulletin.georgetown.edu" />
+	<target host="campus.georgetown.edu" />
+	<target host="campusministry.georgetown.edu" />
+	<target host="campusplan.georgetown.edu" />
+	<target host="canzps.georgetown.edu" />
+	<target host="capitalbreastcare.georgetown.edu" />
+	<target host="careers.georgetown.edu" />
+	<target host="catholicstudies.georgetown.edu" />
+	<target host="ccas.georgetown.edu" />
+	<target host="ceres.georgetown.edu" />
+	<target host="cets.georgetown.edu" />
+	<target host="cges.georgetown.edu" />
+	<target host="cfr.georgetown.edu" />
+	<target host="chemistry.georgetown.edu" />
+	<target host="cirs.georgetown.edu" />
+	<target host="cjc.georgetown.edu" />
+	<target host="clas.georgetown.edu" />
+	<target host="classics.georgetown.edu" />
+	<target host="cled.georgetown.edu" />
+	<target host="cledsp.georgetown.edu" />
+	<target host="clinicaltrials.georgetown.edu" />
+	<target host="cndls.georgetown.edu" />
+
+	<target host="apps.cndls.georgetown.edu" />
+	<target host="media.cndls.georgetown.edu" />
+	<target host="pilot.cndls.georgetown.edu" />
+
+	<target host="college.georgetown.edu" />
+	<target host="communityengagement.georgetown.edu" />
+	<target host="compliance.georgetown.edu" />
+	<target host="commencement.georgetown.edu" />
+	<target host="commons.georgetown.edu" />
+	<target host="blogs.commons.georgetown.edu" />
+	<target host="contact.georgetown.edu" />
+	<target host="continuity.georgetown.edu" />
+	<target host="coo.georgetown.edu" />
+	<target host="counsel.georgetown.edu" />
+	<target host="csj.georgetown.edu" />
+	<target host="css.georgetown.edu" />
+	<target host="digitalcommons.georgetown.edu" />
+	<target host="dml.georgetown.edu" />
+	<target host="drugdiscovery.georgetown.edu" />
+	<target host="eaplus.georgetown.edu" />
+	<target host="efl.georgetown.edu" />
+	<target host="ehs.georgetown.edu" />
+	<target host="emergencymanagement.georgetown.edu" />
+	<target host="english.georgetown.edu" />
+	<target host="ethicslab.georgetown.edu" />
+	<target host="eval.georgetown.edu" />
+	<target host="eventspace.georgetown.edu" />
+	<target host="explore.georgetown.edu" />
+	<target host="facilities.georgetown.edu" />
+	<!--target host="facilities-apps.georgetown.edu" /-->
+	<target host="facultyhandbook.georgetown.edu" />
+	<target host="facultysenate.georgetown.edu" />
+	<target host="family.georgetown.edu" />
+	<target host="familymedicine.georgetown.edu" />
+	<target host="filmandmediastudies.georgetown.edu" />
+	<target host="finaid.georgetown.edu" />
+	<target host="fishercenter.georgetown.edu" />
+	<target host="futures.georgetown.edu" />
+	<target host="gaap.georgetown.edu" />
+	<target host="gcsc.georgetown.edu" />
+	<target host="gdc.georgetown.edu" />
+	<target host="getinvolved.georgetown.edu" />
+	<target host="ghd.georgetown.edu" />
+	<target host="giwps.georgetown.edu" />
+	<target host="global.georgetown.edu" />
+	<target host="globalfutures.georgetown.edu" />
+	<target host="gms.georgetown.edu" />
+	<target host="gocard.georgetown.edu" />
+	<target host="governance.georgetown.edu" />
+	<target host="gquads.georgetown.edu" />
+	<target host="grad.georgetown.edu" />
+	<target host="gu360.georgetown.edu" />
+	<target host="gucms-ui.georgetown.edu" />
+	<target host="guevents.georgetown.edu" />
+	<target host="gumc.georgetown.edu" />
+	<target host="ofaa.gumc.georgetown.edu" />
+	<target host="gumcprof.georgetown.edu" />
+	<target host="healthphysics.georgetown.edu" />
+	<target host="help.georgetown.edu" />
+	<target host="highschoolbioethics.georgetown.edu" />
+	<target host="housing.georgetown.edu" />
+	<target host="hoyakids.georgetown.edu" />
+	<target host="hoyalink.georgetown.edu" />
+	<target host="hr.georgetown.edu" />
+	<target host="ibd.georgetown.edu" />
+	<target host="icbi.georgetown.edu" />
+	<target host="internalaudit.georgetown.edu" />
+	<target host="investments.georgetown.edu" />
+	<target host="isim.georgetown.edu" />
+	<target host="itel.georgetown.edu" />
+	<target host="jobs.georgetown.edu" />
+	<target host="journalism.georgetown.edu" />
+	<target host="justiceandpeace.georgetown.edu" />
+	<target host="kennedyinstitute.georgetown.edu" />
+	<target host="lannan.georgetown.edu" />
+
+	<target host="apps.law.georgetown.edu" />
+	<target host="autodiscover.law.georgetown.edu" />
+	<target host="illiad.law.georgetown.edu" />
+	<target host="legacy.law.georgetown.edu" />
+	<target host="mail.law.georgetown.edu" />
+	<target host="schedule.law.georgetown.edu" />
+	<target host="sp.law.georgetown.edu" />
+	<target host="www.law.georgetown.edu" />
+
+	<target host="library.georgetown.edu" />
+
+	<target host="catalog.library.georgetown.edu" />
+	<target host="repository.library.georgetown.edu" />
+	<target host="login.proxy.library.georgetown.edu" />
+	<target host="www.proxy.library.georgetown.edu" />
+	<target host="resources.library.georgetown.edu" />
+	<target host="staffwiki.library.georgetown.edu" />
+	<target host="www.library.georgetown.edu" />
+
+	<target host="lombardi.georgetown.edu" />
+	<target host="lombardigala.georgetown.edu" />
+	<target host="m.georgetown.edu" />
+	<target host="mail.georgetown.edu" />
+	<target host="maincampusresearch.georgetown.edu" />
+	<target host="maps.georgetown.edu" />
+	<target host="masterplanning.georgetown.edu" />
+	<target host="mccourt.georgetown.edu" />
+	<target host="medcourseeval.georgetown.edu" />
+	<target host="medicine.georgetown.edu" />
+	<target host="medievalstudies.georgetown.edu" />
+	<target host="microbiology.georgetown.edu" />
+	<target host="www.middleware.georgetown.edu" />
+	<target host="missionandministry.georgetown.edu" />
+	<target host="mobile.georgetown.edu" />
+	<target host="mortara.georgetown.edu" />
+	<target host="msb.georgetown.edu" />
+	<target host="msfs.georgetown.edu" />
+	<target host="myaccess.georgetown.edu" />
+	<target host="mydante-public.georgetown.edu" />
+	<target host="netid-mgmt.georgetown.edu" />
+	<target host="neuro.georgetown.edu" />
+	<target host="neurology.georgetown.edu" />
+	<target host="nhs.georgetown.edu" />
+	<target host="oncology.georgetown.edu" />
+	<target host="ora.georgetown.edu" />
+	<target host="orientation.georgetown.edu" />
+	<target host="osvpr.georgetown.edu" />
+	<target host="otc.georgetown.edu" />
+	<target host="password.georgetown.edu" />
+	<target host="pathology.georgetown.edu" />
+	<target host="pediatrics.georgetown.edu" />
+	<target host="pegasus.georgetown.edu" />
+	<target host="performingarts.georgetown.edu" />
+	<target host="pes.georgetown.edu" />
+	<target host="pharmacology.georgetown.edu" />
+	<target host="physics.georgetown.edu" />
+	<target host="site.physics.georgetown.edu" />
+	<target host="president.georgetown.edu" />
+	<target host="protectionofminors.georgetown.edu" />
+	<target host="provost.georgetown.edu" />
+	<target host="blog.provost.georgetown.edu" />
+	<target host="publicaffairs.georgetown.edu" />
+	<target host="radiology.georgetown.edu" />
+	<target host="recreation.georgetown.edu" />
+	<target host="registrar.georgetown.edu" />
+	<target host="rehabmedicine.georgetown.edu" />
+	<target host="riskmanagement.georgetown.edu" />
+	<target host="rotc.georgetown.edu" />
+	<target host="ruesch.georgetown.edu" />
+	<target host="s2erc.georgetown.edu" />
+	<target host="safety.georgetown.edu" />
+	<target host="portal.scs.georgetown.edu" />
+	<target host="static.scs.georgetown.edu" />
+	<target host="schedule.georgetown.edu" />
+	<target host="search.georgetown.edu" />
+	<target host="security.georgetown.edu" />
+	<target host="seo.georgetown.edu" />
+	<target host="sexualassault.georgetown.edu" />
+	<target host="sfs.georgetown.edu" />
+	<target host="blog.sfs.georgetown.edu" />
+	<target host="qatar.sfs.georgetown.edu" />
+	<target host="shibb-idp.georgetown.edu" />
+	<target host="sociology.georgetown.edu" />
+	<target host="softmatter.georgetown.edu" />
+	<target host="som.georgetown.edu" />
+	<target host="spi.georgetown.edu" />
+	<target host="staffaap.georgetown.edu" />
+	<target host="studentaccounts.georgetown.edu" />
+	<target host="studentaffairs.georgetown.edu" />
+	<target host="studentconduct.georgetown.edu" />
+	<target host="studenthealth.georgetown.edu" />
+	<target host="studentliving.georgetown.edu" />
+	<target host="studyabroad.georgetown.edu" />
+	<target host="sustainability.georgetown.edu" />
+	<target host="threatassessment.georgetown.edu" />
+	<target host="transportation.georgetown.edu" />
+	<target host="tumorbiology.georgetown.edu" />
+	<target host="uadmissions.georgetown.edu" />
+	<target host="uis.georgetown.edu" />
+	<target host="search.uis.georgetown.edu" />
+	<target host="ttdrupallb1.uis.georgetown.edu" />
+	<target host="wiki.uis.georgetown.edu" />
+	<target host="undocumented.georgetown.edu" />
+	<!--target host="units.georgetown.edu" /-->
+	<target host="veterans.georgetown.edu" />
+	<target host="visualidentity.georgetown.edu" />
+	<target host="wellness.georgetown.edu" />
+	<target host="wgsp.georgetown.edu" />
+	<target host="www.georgetown.edu" />
+	<target host="www15.georgetown.edu" />
+	<target host="www16.georgetown.edu" />
+	<target host="www17.georgetown.edu" />
+	<target host="www18.georgetown.edu" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://portal\.scs\.georgetown\.edu/(?:index\.jsp|search/publicCourseAdvancedSearch\.do)" /-->
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="^http://portal\.scs\.georgetown\.edu/(?!/*(?:3rdPartyTools/deployed/yui2/treeview/assets/|(?:coursebasket/publicCourseBasket|portal/logon|portal/logonInstructor)\.do(?:$|\?)|css/))" /-->
+		<!--
+			Reduce non-Tor distinguishability:
+								-->
+		<exclusion pattern="^http://portal\.scs\.georgetown\.edu/(?!/*(?:coursebasket/publicCourseBasket|portal/logon|portal/logonInstructor)\.do(?:$|\?))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://portal.scs.georgetown.edu/index.jsp" />
+			<test url="http://portal.scs.georgetown.edu/search/publicCourseAdvancedSearch.do?method=load&amp;" />
+			<test url="http://portal.scs.georgetown.edu/search/publicCourseSearchDetails.do?method=load" />
+			<test url="http://portal.scs.georgetown.edu/search/publicCourseSearchDetails.do?method=load&amp;courseId=14480" />
+			<test url="http://portal.scs.georgetown.edu/search/publicCourseSearchDetails.do?method=load&amp;courseId=14558" />
+			<test url="http://portal.scs.georgetown.edu/search/publicCourseSearchDetails.do?method=load&amp;courseId=15799232" />
+			<test url="http://portal.scs.georgetown.edu/search/publicCourseSearchDetails.do?method=load&amp;courseId=15825131" />
+
+			<!--	-ve:
+					-->
+			<!--	sets cookie without Secure: -->
+			<!--
+			<test url="http://portal.scs.georgetown.edu/Shibboleth.sso/Login?target=https%3A%2F%2Fportal.scs.georgetown.edu%2Fportal%2FlogonInstructor.do%3Fmethod%3DcallbackEmbeddedLogonInstructor" />
+			<test url="http://portal.scs.georgetown.edu/3rdPartyTools/deployed/yui2/treeview/assets/skins/sam/treeview.css" />
+			-->
+			<test url="http://portal.scs.georgetown.edu/coursebasket/publicCourseBasket.do?method=load" />
+			<!--
+			<test url="http://portal.scs.georgetown.edu/css/clearfix.css" />
+			<test url="http://portal.scs.georgetown.edu/images/1x1.gif" />
+			-->
+			<test url="http://portal.scs.georgetown.edu/portal/logon.do?method=load" />
+			<test url="http://portal.scs.georgetown.edu/portal/logonInstructor.do?method=load" />
+
+		<!--	$ shows default page, so:
+							-->
+		<test url="http://apps.cndls.georgetown.edu/kb/Main_Page" />
+		<test url="http://schedule.law.georgetown.edu/MasterCalendar/" />
+		<test url="http://static.scs.georgetown.edu/www/i2/_.gif" />
+
+		<!--	Sets cookie without Secure:
+							-->
+		<!--test url="http://guevents.georgetown.edu/auth/login" /-->
+		<!--test url="http://eval.georgetown.edu/etw/ets/et.asp?nxappid=GU2&amp;nxmid=start" /-->
+		<!--test url="http://medcourseeval.georgetown.edu/etw/ets/et.asp?nxappid=GU2&amp;nxmid=start" /-->
+
+		<!--	Mixed css:
+					-->
+		<!--test url="http://units.georgetown.edu/gumc/lombardi/magazine/288045.html" /-->
+
+		<test url="http://media.cndls.georgetown.edu/media_eportfoliodemo/css/reset.css" />
+		<test url="http://gucms-ui.georgetown.edu/gu/shared/media/screen/marker-list.gif" />
+
+	<!--	Complications:
+				-->
 	<target host="georgetown.edu" />
-	<target host="*.georgetown.edu" />
-
-
-	<!--securecookie host="^\.library\.georgetown\.edu$" name="SESS\d{32}$" /-->
-	<securecookie host="^(?:secure\.alumni|campus|commons|eaplus|gle|gquads|gucms-mgmt|guevents|gushare|hoyalink|(?:mail|schedule|www)\.law|(?:\.?catalog|repository)\.library|m|msb|myaccess|mydante-public|wiki\.uis|uis-bboard-\d|www[134])\.georgetown\.edu$" name=".+" />
+	<target host="bpe.georgetown.edu" />
+	<target host="crm.georgetown.edu" />
+	<target host="dbbb.georgetown.edu" />
+	<target host="digital.georgetown.edu" />
+	<target host="www.dml.georgetown.edu" />
+	<target host="globaleducation.georgetown.edu" />
+	<target host="iwpsd.georgetown.edu" />
+	<target host="keyform.georgetown.edu" />
+	<target host="www.catalog.library.georgetown.edu" />
+	<target host="proxy.library.georgetown.edu" />
+	<target host="www.ll.georgetown.edu" />
+	<target host="lynda.georgetown.edu" />
+	<target host="www.msb.georgetown.edu" />
+	<target host="mspp.georgetown.edu" />
+	<target host="netid.georgetown.edu" />
+	<target host="nursing.georgetown.edu" />
+	<target host="ocaf.georgetown.edu" />
+	<target host="osp.georgetown.edu" />
+	<target host="otm.georgetown.edu" />
+	<target host="outdoored.georgetown.edu" />
+	<target host="pjc.georgetown.edu" />
+	<target host="preparedness.georgetown.edu" />
+	<target host="sem.georgetown.edu" />
+	<target host="news.sfs.georgetown.edu" />
+	<target host="adifferentdialogue.studentaffairs.georgetown.edu" />
+	<target host="woodstock.georgetown.edu" />
+	<target host="www2.georgetown.edu" />
+	<target host="yates.georgetown.edu" />
+
+		<exclusion pattern="^http://www\.ll\.georgetown\.edu/(?!(?:services/|services/ill/)?(?:$|\?))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.ll.georgetown.edu/default.asp" />
+			<test url="http://www.ll.georgetown.edu/default.aspx" />
+			<test url="http://www.ll.georgetown.edu/favicon.ico" />
+			<test url="http://www.ll.georgetown.edu/index.htm" />
+			<test url="http://www.ll.georgetown.edu/index.html" />
+			<test url="http://www.ll.georgetown.edu/index.php" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.georgetown\.edu$" name="^_georgetownglobaldatabase_session$" /-->
+	<!--securecookie host="^(?:africanamericanstudies|art|benefits|biasreporting|biology|biomedicalprograms|catholicstudies|cfr|cledsp|csj|drugdiscovery|ehs|healthphysics|hoyakids|internalaudit|medievalstudies|msb|provost|rotc|security|som|studentaffairs|studentliving|threatassessment|transportation|tumorbiology|wgsp)\.georgetown\.edu$" name="^(?:NO_CACHE|SimpleSAMLSessionID)$" /-->
+	<!--securecookie host="^campus\.georgetown\.edu$" name="^(?:ADRUM_BT|session_id)$" /-->
+	<!--securecookie host="^(?:commons|contact|eaplus)\.georgetown\.edu$" name="^csrftoken$" /-->
+	<!--securecookie host="^eval\.georgetown\.edu$" name="^(?:CFTK|NXM_MOBILE_FONT|NXM_MOBILE_MODE)$" /-->
+	<!--securecookie host="^guevents\.georgetown\.edu$" name="^_session_id$" /-->
+	<!--securecookie host="^(?:gumcprof|staffwiki\.library)\.georgetown\.edu$" name="^JSESSIONID$" /-->
+	<!--securecookie host="^jobs\.georgetown\.edu$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^kennedyinstitute\.georgetown\.edu$" name="^(?:PHPSESSID|wfvt_\d+)$" /-->
+	<!--securecookie host="^(?:apps|www)\.law\.georgetown\.edu$" name="^(?:CFID|CFTOKEN)$" /-->
+	<!--securecookie host="^mail\.law\.georgetown\.edu$" name="^(?:ISAWPLB\{[\dA-F]+\}|cadata|sessionid)$$" /-->
+	<!--securecookie host="^\.(?:catalog\.)?library\.georgetown\.edu$" name="^(?:III_EXPT_FILE|III_SESSION_ID|SESSION_LANGUAGE)$" /-->
+	<!--securecookie host="^(?:www\.)?catalog\.library\.georgetown\.edu$" name="^SESSION_SCOPE$" /-->
+	<!--securecookie host="^m\.georgetown\.edu$" name="^(?:_kgouuid$|X-Mapping-)" /-->
+	<!--securecookie host="^portal\.scs\.georgetown\.edu$" name="^(?:_shibstate_[\da-f]{8}|JSESSIONID)$" /-->
+	<!--securecookie host="^(?:schedule\.law|seo)\.georgetown\.edu$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^shibb-idp\.georgetown\.edu$" name="^SHIBBP$" /-->
+
+	<securecookie host="^\." name="^(?:_ga|III_EXPT_FILE$|III_SESSION_ID$|SESSION_LANGUAGE$)" />
+	<securecookie host="^(?:secure\.alumni|campus|commons|eaplus|gquads|gucms-mgmt|guevents|hoyalink|(?:mail|schedule|www)\.law|(?:\.?catalog|repository)\.library|m|msb|myaccess|wiki\.uis|uis-bboard-\d|www[134])\.georgetown\.edu$" name=".+" />
+
+
+	<rule from="^http://georgetown\.edu/"
+		to="https://www.georgetown.edu/" />
+
+	<rule from="^http://bpe\.georgetown\.edu/"
+		to="https://pes.georgetown.edu/" />
+
+		<test url="http://bpe.georgetown.edu/faculty-staff" />
+
+	<!--	Redirect keeps all:
+					-->
+	<rule from="^http://crm\.georgetown\.edu/"
+		to="https://gu360.georgetown.edu/" />
+
+		<test url="http://crm.georgetown.edu/about" />
+
+	<!--	Redirect keeps all:
+					-->
+	<rule from="^http://dbbb\.georgetown\.edu/"
+		to="https://biostatistics.georgetown.edu/" />
+
+		<test url="http://dbbb.georgetown.edu/about" />
 
+	<rule from="^http://digital\.georgetown\.edu/"
+		to="https://www.library.georgetown.edu/digital/" />
 
-	<rule from="^http://((?:(?:secure\.)?alumni|apps|campus|(?:media\.|pilot\.)?cndls|(?:blogs\.|digital)?commons|eaplus|gdc|gle|gquads|gucms-(?:mgmt|ui)|guevents|gusa|gushare|hoyalink|itel|(?:autodiscover|legacy|mail|msb|schedule|www)\.law|(?:(?:catalog|illiad|(?:login|www)\.proxy|repository|resources|www)\.)?library|m|mail|mobile|myaccess|mydante-public|netid-mgmt|pegasus|blog\.provost|blog\.sfs|signin|sites|wiki\.uis|uis-bboard-\d|www\d?|www1[1235-9])\.)?georgetown\.edu/"
-		to="https://$1georgetown.edu/" />
-
-	<rule from="^http://www\.(catalog\.library|msb)\.georgetown\.edu/"
+	<rule from="^http://www\.(dml|catalog\.library|msb)\.georgetown\.edu/"
 		to="https://$1.georgetown.edu/" />
 
-	<rule from="^http://dante\.georgetown\.edu/"
-		to="https://blogs.commons.georgetown.edu/mydante/" />
+	<!--	Redirect keeps all:
+					-->
+	<rule from="^http://globaleducation\.georgetown\.edu/"
+		to="https://studyabroad.georgetown.edu/" />
 
-	<rule from="^http://digital\.georgetown\.edu/"
-		to="https://www.library.georgetown.edu/digital/" />
+		<test url="http://globaleducation.georgetown.edu/alerts" />
+
+	<!--	Redirect drops all:
+					-->
+	<rule from="^http://iwpsd\.georgetown\.edu/.*"
+		to="https://giwps.georgetown.edu/#domain-redirected" />
 
-	<rule from="^http://(?:researchguides\.dml|guides\.library)\.georgetown\.edu/(css\d*|data|js)/"
-		to="https://libguides.com/$1/" />
+		<test url="http://iwpsd.georgetown.edu/index.htm" />
 
 	<rule from="^http://keyform\.georgetown\.edu/"
 		to="https://www4.georgetown.edu/uis/keybridge/keyform/" />
@@ -236,16 +658,133 @@
 	<rule from="^http://proxy\.library\.georgetown\.edu/"
 		to="https://www.proxy.library.georgetown.edu/" />
 
-	<rule from="^http://www\.ll\.georgetown\.edu/(\?.*)?$"
-		to="https://www.law.georgetown.edu/library/$1" />
+	<rule from="^http://www\.ll\.georgetown\.edu/(?=$|\?)"
+		to="https://www.law.georgetown.edu/library/" />
+
+	<rule from="^http://www\.ll\.georgetown\.edu/services/(?=$|\?)"
+		to="https://www.law.georgetown.edu/library/about/services-policies/" />
+
+		<test url="http://www.ll.georgetown.edu/services/" />
+
+	<rule from="^http://www\.ll\.georgetown\.edu/services/ill/"
+		to="https://www.law.georgetown.edu/library/about/services-policies/interlibrary-loan.cfm" />
+
+		<test url="http://www.ll.georgetown.edu/services/ill/" />
+
+	<!--	Redirect drops path and forward
+		slash, but not args:
+					-->
+	<rule from="^http://lynda\.georgetown\.edu/[^?]*"
+		to="https://www.library.georgetown.edu/lynda" />
+
+		<test url="http://lynda.georgetown.edu/index.htm" />
+
+	<!--	Redirect keeps all:
+					-->
+	<rule from="^http://mspp\.georgetown\.edu/"
+		to="https://mccourt.georgetown.edu/" />
+
+		<test url="http://mspp.georgetown.edu/news/" />
+
+	<!--	Redirect drops all:
+					-->
+	<rule from="^http://netid\.georgetown\.edu/.*"
+		to="https://uis.georgetown.edu/netid-passwords" />
+
+		<test url="http://netid.georgetown.edu/index.htm" />
+
+	<!--	Redirect drops all:
+					-->
+	<rule from="^http://nursing\.georgetown\.edu/.*"
+		to="https://nhs.georgetown.edu/nursing" />
+
+		<test url="http://nursing.georgetown.edu/index.htm" />
+
+	<!--	Redirect drops all:
+					-->
+	<rule from="^http://ocaf\.georgetown\.edu/.*"
+		to="https://getinvolved.georgetown.edu/reserving-spaces" />
+
+		<test url="http://ocaf.georgetown.edu/index.htm" />
+
+	<!--	Redirect drops all:
+					-->
+	<rule from="^http://osp\.georgetown\.edu/.*"
+		to="https://maincampusresearch.georgetown.edu/osp" />
+
+		<test url="http://osp.georgetown.edu/index.htm" />
+
+	<!--	Redirect keeps all:
+					-->
+	<rule from="^http://otm\.georgetown\.edu/"
+		to="https://transportation.georgetown.edu/" />
+
+		<test url="http://otm.georgetown.edu/guts" />
+
+	<!--	Redirect drops path and forward
+		slash, but not args:
+					-->
+	<rule from="^http://outdoored\.georgetown\.edu/[^?]*"
+		to="https://blogs.commons.georgetown.edu/outdoored/" />
+
+		<test url="http://outdoored.georgetown.edu/trips/" />
+
+	<!--	Redirect keeps all:
+					-->
+	<rule from="^http://pjc\.georgetown\.edu/"
+		to="https://cjc.georgetown.edu/" />
+
+		<test url="http://pjc.georgetown.edu/events/past" />
+
+	<rule from="^http://preparedness\.georgetown\.edu/[^?]*"
+		to="https://www.georgetown.edu/campus-life/safety-and-emergency-preparedness/" />
+
+		<test url="http://preparedness.georgetown.edu/index.htm" />
+
+	<!--	Redirect drops all:
+					-->
+	<rule from="^http://sem\.georgetown\.edu/.*"
+		to="https://safety.georgetown.edu/#domain-redirected" />
+
+		<test url="http://sem.georgetown.edu/trips/" />
+
+	<!--	Redirect drops all:
+					-->
+	<rule from="^http://news\.sfs\.georgetown\.edu/.*"
+		to="https://news.sfs.georgetown.edu/" />
+
+		<test url="http://news.sfs.georgetown.edu/summersfs-gretchen-knoth/" />
+
+	<!--	Redirect drops all:
+					-->
+	<rule from="^http://adifferentdialogue\.studentaffairs\.georgetown\.edu/.*"
+		to="https://adifferentdialogue.georgetown.edu/#domain-redirected" />
+
+		<test url="http://adifferentdialogue.studentaffairs.georgetown.edu/video/facilitator-experience" />
+
+	<!--	Redirect keeps all:
+					-->
+	<!--	Redirect drops path and forward
+		slash, but not args:
+					-->
+	<rule from="^http://woodstock\.georgetown\.edu/[^?]*"
+		to="https://www.library.georgetown.edu/woodstock" />
+
+		<test url="http://woodstock.georgetown.edu/library" />
+
+	<rule from="^http://www2\.georgetown\.edu/"
+		to="https://units.georgetown.edu/" />
+
+		<test url="http://www2.georgetown.edu/gumc/lombardi/magazine/ksefiles/css/screen.css" />
 
-	<rule from="^http://www\.ll\.georgetown\.edu/services/(\?.*)?$"
-		to="https://www.law.georgetown.edu/library/about/services-policies/$1" />
+	<!--	Redirect drops all:
+					-->
+	<rule from="^http://yates\.georgetown\.edu/.*"
+		to="https://recreation.georgetown.edu/yates/#domain-redirected&amp;mssg=no" />
 
-	<rule from="^http://www\.ll\.georgetown\.edu/services/ill/(\?.*)?$"
-		to="https://www.law.georgetown.edu/library/about/services-policies/interlibrary-loan.cfm$1" />
+		<test url="http://yates.georgetown.edu/club-sports" />
 
-	<rule from="^http://preparedness\.georgetown\.edu/[^\?]*(\?.*)?"
-		to="https://www.georgetown.edu/campus-life/safety-and-emergency-preparedness/$1" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Georgia_Innocence_Project.xml b/src/chrome/content/rules/Georgia_Innocence_Project.xml
deleted file mode 100644
index b4e759898141..000000000000
--- a/src/chrome/content/rules/Georgia_Innocence_Project.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	- Expired 2004-05-08
-	- Cert only matches ^ga-innocenceproject.org
-
--->
-<ruleset name="Georgia Innocence Project" default_off="expired, self-signed">
-
-	<target host="ga-innocenceproject.org" />
-	<target host="www.ga-innocenceproject.org" />
-
-
-	<rule from="^http://(?:www\.)?ga-innocenceproject\.org/"
-		to="https://ga-innocenceproject.org/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Georgie_Girl_Australia.xml b/src/chrome/content/rules/Georgie_Girl_Australia.xml
deleted file mode 100644
index e7cccb16f015..000000000000
--- a/src/chrome/content/rules/Georgie_Girl_Australia.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	Some pages redirect to http.
-
--->
-<ruleset name="Georgie Girl Australia (partial)">
-
-	<target host="georgiegirl.com.au" />
-	<target host="www.georgiegirl.com.au" />
-
-
-	<rule from="^http://(www\.)?georgiegirl\.com\.au/(data/|fpss/|images/|sites/|user(?:$|\?|/))"
-		to="https://$1georgiegirl.com.au/$2" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Geotrust.xml b/src/chrome/content/rules/Geotrust.xml
index 28ea98eb6004..f8200a25f3a8 100644
--- a/src/chrome/content/rules/Geotrust.xml
+++ b/src/chrome/content/rules/Geotrust.xml
@@ -1,13 +1,36 @@
+
+<!--
+The following targets have been disabled at 2020-04-17 18:38:06:
+
+Fetch error: http://gesc.geotrust.com/ => https://gesc.geotrust.com/: (51, "SSL: no alternative certificate subject name matches target host name 'gesc.geotrust.com'")
+
+	Fully covered subdomains:
+
+		- (www.)
+		- enterprise-security-center
+		- gesc
+		- products
+		- seal
+		- security-center
+		- smarticon
+
+  Nonfunctional hosts
+    - knowledge.geotrust.com (r)
+
+-->
 <ruleset name="GeoTrust">
 
 	<target host="geotrust.com" />
-	<target host="*.geotrust.com" />
-
+	<target host="www.geotrust.com" />
+	<target host="enterprise-security-center.geotrust.com" />
+	<!-- target host="gesc.geotrust.com" /-->
+	<target host="products.geotrust.com" />
+	<target host="seal.geotrust.com" />
+	<target host="security-center.geotrust.com" />
+	<target host="smarticon.geotrust.com" />
 
-	<rule from="^http://(?:www\.)?geotrust\.com/"
-		to="https://www.geotrust.com/" />
+	<securecookie host="^(?:knowledge)?\.geotrust\.com$" name=".+" />
 
-	<rule from="^http://smarticon\.geotrust\.com/"
-		to="https://smarticon.geotrust.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Geovation.uk.xml b/src/chrome/content/rules/Geovation.uk.xml
new file mode 100644
index 000000000000..1967f11eef9f
--- /dev/null
+++ b/src/chrome/content/rules/Geovation.uk.xml
@@ -0,0 +1,17 @@
+<!--
+	For other Ordnance Survey coverage, see Ordnance_Survey.xml.
+
+-->
+<ruleset name="Geovation.uk">
+
+	<target host="geovation.uk" />
+	<target host="www.geovation.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Geozentrum-Hannover.de.xml b/src/chrome/content/rules/Geozentrum-Hannover.de.xml
new file mode 100644
index 000000000000..6078075c565d
--- /dev/null
+++ b/src/chrome/content/rules/Geozentrum-Hannover.de.xml
@@ -0,0 +1,9 @@
+<ruleset name="Geozentrum-Hannover.de">
+
+	<target host="www.geozentrum-hannover.de" />
+	<target host="ausschreibungen.geozentrum-hannover.de" />
+	<target host="geodak.geozentrum-hannover.de" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Gephi.org.xml b/src/chrome/content/rules/Gephi.org.xml
new file mode 100644
index 000000000000..1fe9b61db0ee
--- /dev/null
+++ b/src/chrome/content/rules/Gephi.org.xml
@@ -0,0 +1,14 @@
+<ruleset name="Gephi.org">
+
+	<target host="gephi.org" />
+	<target host="www.gephi.org" />
+	<target host="consortium.gephi.org" />
+	<target host="forum.gephi.org" />
+	<target host="marketplace.gephi.org" />
+	<target host="wiki.gephi.org" />
+
+	<securecookie host="^.+\.gephi\.org$" name=".+" />
+
+	<rule from="^http:"	to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Gephi.xml b/src/chrome/content/rules/Gephi.xml
deleted file mode 100644
index c032ba2cdf16..000000000000
--- a/src/chrome/content/rules/Gephi.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Gephi">
-
-	<target host="gephi.org" />
-	<target host="*.gephi.org" />
-
-
-	<securecookie host="^.+\.gephi\.org$" name=".+" />
-
-
-	<rule from="^http://((?:consortium|forum|marketplace|wiki|www)\.)?gephi\.org/"
-		to="https://$1gephi.org/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Geraspora.xml b/src/chrome/content/rules/Geraspora.xml
index 594b65a79e03..005e06c47bb1 100644
--- a/src/chrome/content/rules/Geraspora.xml
+++ b/src/chrome/content/rules/Geraspora.xml
@@ -2,5 +2,5 @@
   <target host="pod.geraspora.de" />
   <target host="www.pod.geraspora.de" />
 
-  <rule from="^http://(www\.)?pod\.geraspora\.de/" to="https://pod.geraspora.de/" />
+  <rule from="^http://(?:www\.)?pod\.geraspora\.de/" to="https://pod.geraspora.de/" />
 </ruleset>
diff --git a/src/chrome/content/rules/German-Academic-Exchange-Service.xml b/src/chrome/content/rules/German-Academic-Exchange-Service.xml
index 9112c52e5367..9708a4724b32 100644
--- a/src/chrome/content/rules/German-Academic-Exchange-Service.xml
+++ b/src/chrome/content/rules/German-Academic-Exchange-Service.xml
@@ -1,14 +1,15 @@
 <ruleset name="German Academic Exchange Service">
 
 	<target host="daad.de" />
-	<target host="*.daad.de" />
+	<target host="ssl.daad.de" />
+	<target host="www.daad.de" />
 
 
-	<securecookie host="^ssl\.daad\.de$" name=".*" />
+	<securecookie host="^ssl\.daad\.de$" name=".+" />
 
 
 	<!--	Cert only matches ssl.	-->
-	<rule from="^https?://(?:(?:ssl|www)\.)?daad\.de/"
+	<rule from="^http://(?:(?:ssl|www)\.)?daad\.de/"
 		to="https://ssl.daad.de/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/German-Design-Council.xml b/src/chrome/content/rules/German-Design-Council.xml
index dbb71175e2b8..95bcd90ebafd 100644
--- a/src/chrome/content/rules/German-Design-Council.xml
+++ b/src/chrome/content/rules/German-Design-Council.xml
@@ -1,11 +1,10 @@
 <ruleset name="German Design Council">
 
-	<target host="german-design-council.de"/>
-	<target host="*.german-design-council.de"/>
+	<target host="german-design-council.de" />
+	<target host="www.german-design-council.de" />
 
-	<securecookie host="^(.*\.)?german-design-council\.de$" name=".*"/>
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(www\.)?german-design-council\.de/"
-		to="https://$1german-design-council.de/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/GermanTV.xml b/src/chrome/content/rules/GermanTV.xml
index 4334a19a2e4e..c11d22c05f45 100644
--- a/src/chrome/content/rules/GermanTV.xml
+++ b/src/chrome/content/rules/GermanTV.xml
@@ -1,13 +1,12 @@
 <ruleset name="GermanTV">
 
 	<target host="germantv.net" />
-	<target host="*.germantv.net" />
+	<target host="www.germantv.net" />
 
 
 	<securecookie host="^(?:w*\.)?germantv\.net$" name=".+" />
 
 
-	<rule from="^http://(www\.)?germantv\.net/"
-		to="https://$1germantv.net/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/German_Center_for_Neurodegenerative_Diseases.xml b/src/chrome/content/rules/German_Center_for_Neurodegenerative_Diseases.xml
index 7cb7fd89f2c4..7d2e4e5e050d 100644
--- a/src/chrome/content/rules/German_Center_for_Neurodegenerative_Diseases.xml
+++ b/src/chrome/content/rules/German_Center_for_Neurodegenerative_Diseases.xml
@@ -7,7 +7,6 @@
 	<securecookie host="^www\.dzne\.de$" name=".+" />
 
 
-	<rule from="^http://(www\.)?dzne\.de/"
-		to="https://$1dzne.de/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/German_Privacy_Foundation.xml b/src/chrome/content/rules/German_Privacy_Foundation.xml
index 8ac668297858..129b894f7aa9 100644
--- a/src/chrome/content/rules/German_Privacy_Foundation.xml
+++ b/src/chrome/content/rules/German_Privacy_Foundation.xml
@@ -1,9 +1,3 @@
-<!--
-	Other German Privacy Foundation rulesets:
-
-		- Privacybox.de.xml
-
--->
 <ruleset name="German Privacy Foundation">
 
 	<target host="privacyfoundation.de" />
@@ -13,7 +7,6 @@
 	<securecookie host="^(?:www\.)?privacyfoundation\.de$" name=".+" />
 
 
-	<rule from="^http://(www\.)privacyfoundation\.de/"
-		to="https://$1privacyfoundation.de/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Gerv.net.xml b/src/chrome/content/rules/Gerv.net.xml
new file mode 100644
index 000000000000..1b8aa76c147d
--- /dev/null
+++ b/src/chrome/content/rules/Gerv.net.xml
@@ -0,0 +1,9 @@
+<ruleset name="Gerv.net">
+
+	<target host="gerv.net" />
+	<target host="blog.gerv.net" />
+	<target host="www.gerv.net" />
+
+	<rule from="^http:" to="https:"/>
+
+</ruleset>
diff --git a/src/chrome/content/rules/GesellschaftInformatik.xml b/src/chrome/content/rules/GesellschaftInformatik.xml
new file mode 100644
index 000000000000..ad7e6142675d
--- /dev/null
+++ b/src/chrome/content/rules/GesellschaftInformatik.xml
@@ -0,0 +1,6 @@
+<ruleset name="Gesellschaft fuer Informatik">
+    <target host="gi.de" />
+    <target host="www.gi.de" />
+
+    <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Gesetze-im-internet.de.xml b/src/chrome/content/rules/Gesetze-im-internet.de.xml
new file mode 100644
index 000000000000..58f0f2536e68
--- /dev/null
+++ b/src/chrome/content/rules/Gesetze-im-internet.de.xml
@@ -0,0 +1,8 @@
+<ruleset name="Gesetze-im-Internet.de">
+    <target host="www.gesetze-im-internet.de" />
+
+    <securecookie host="^www\.gesetze-im-internet\.de" name=".+" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Get-Digital.es.xml b/src/chrome/content/rules/Get-Digital.es.xml
new file mode 100644
index 000000000000..4c3f06711158
--- /dev/null
+++ b/src/chrome/content/rules/Get-Digital.es.xml
@@ -0,0 +1,28 @@
+<!--
+	For other getDigital coverage, see Getdigital.de.xml.
+
+
+	Insecure cookies are set for these domains:
+
+		- .get-digital.es
+		- .www.get-digital.es
+
+-->
+<ruleset name="get-Digital.es">
+
+	<target host="get-digital.es"/>
+	<target host="www.get-digital.es"/>
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.get-digital\.es$" name="^gdsession3$" /-->
+	<!--securecookie host="^\.www\.get-digital\.es$" name="^gdsession2?$" /-->
+
+	<securecookie host="^\.(?:www\.)?get-digital\.es$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Get-Digital.it.xml b/src/chrome/content/rules/Get-Digital.it.xml
new file mode 100644
index 000000000000..4979018c5acd
--- /dev/null
+++ b/src/chrome/content/rules/Get-Digital.it.xml
@@ -0,0 +1,28 @@
+<!--
+	For other getDigital coverage, see Getdigital.de.xml.
+
+
+	Insecure cookies are set for these domains:
+
+		- .get-digital.it
+		- .www.get-digital.it
+
+-->
+<ruleset name="get-Digital.it">
+
+	<target host="get-digital.it"/>
+	<target host="www.get-digital.it"/>
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.get-digital\.it$" name="^gdsession3$" /-->
+	<!--securecookie host="^\.www\.get-digital\.it$" name="^gdsession2?$" /-->
+
+	<securecookie host="^\.(?:www\.)?get-digital\.it$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Get-Digital.nl.xml b/src/chrome/content/rules/Get-Digital.nl.xml
new file mode 100644
index 000000000000..95ed3b5a08b1
--- /dev/null
+++ b/src/chrome/content/rules/Get-Digital.nl.xml
@@ -0,0 +1,28 @@
+<!--
+	For other getDigital coverage, see Getdigital.de.xml.
+
+
+	Insecure cookies are set for these domains:
+
+		- .get-digital.nl
+		- .www.get-digital.nl
+
+-->
+<ruleset name="get-Digital.nl">
+
+	<target host="get-digital.nl"/>
+	<target host="www.get-digital.nl"/>
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.get-digital\.nl$" name="^gdsession3$" /-->
+	<!--securecookie host="^\.www\.get-digital\.nl$" name="^gdsession2?$" /-->
+
+	<securecookie host="^\.(?:www\.)?get-digital\.nl$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Get.CM.xml b/src/chrome/content/rules/Get.CM.xml
new file mode 100644
index 000000000000..9bb6d09fc9fb
--- /dev/null
+++ b/src/chrome/content/rules/Get.CM.xml
@@ -0,0 +1,16 @@
+<!--
+	For other CyanogenMod.org coverage, see CyanogenMod.org.xml.
+
+-->
+<ruleset name="Get.CM" default_off="expired">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="get.cm" />
+	<target host="www.get.cm" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Get.It.xml b/src/chrome/content/rules/Get.It.xml
deleted file mode 100644
index 3146dba46b7d..000000000000
--- a/src/chrome/content/rules/Get.It.xml
+++ /dev/null
@@ -1,31 +0,0 @@
-<!--
-	CDN buckets:
-
-		- detect.get.it.s3.amazonaws.com
-
-			- detect
-
-
-	Fully covered subdomains:
-
-		- (www.)
-		- detect	(→ s3.amazonaws.com)
-		- media
-
--->
-<ruleset name="Get.It">
-
-	<target host="get.it" />
-	<target host="*.get.it" />
-
-
-	<securecookie host="^\.get.it$" name=".+" />
-
-
-	<rule from="^http://(media\.|www\.)?get\.it/"
-		to="https://$1get.it/" />
-
-	<rule from="^http://detect\.get\.it/"
-		to="https://s3.amazonaws.com/detect.get.it/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Get.it.xml b/src/chrome/content/rules/Get.it.xml
new file mode 100644
index 000000000000..88968e510802
--- /dev/null
+++ b/src/chrome/content/rules/Get.it.xml
@@ -0,0 +1,8 @@
+<ruleset name="Get.it">
+	<target host="get.it" />
+	<target host="www.get.it" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/GetAwayGrey.xml b/src/chrome/content/rules/GetAwayGrey.xml
index 59b03d909f98..2b300046f446 100644
--- a/src/chrome/content/rules/GetAwayGrey.xml
+++ b/src/chrome/content/rules/GetAwayGrey.xml
@@ -1,13 +1,12 @@
 <ruleset name="GetAwayGrey">
 
 	<target host="getawaygrey.com" />
-	<target host="*.getawaygrey.com" />
+	<target host="www.getawaygrey.com" />
 
 
 	<securecookie host="^\.getawaygrey\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?getawaygrey\.com/"
-		to="https://$1getawaygrey.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/GetChef.com.xml b/src/chrome/content/rules/GetChef.com.xml
new file mode 100644
index 000000000000..2e606192e21d
--- /dev/null
+++ b/src/chrome/content/rules/GetChef.com.xml
@@ -0,0 +1,22 @@
+<!--
+	Invalid certificate:
+		pages.getchef.com
+
+-->
+<ruleset name="Get Chef.com">
+
+	<target host="getchef.com" />
+	<target host="www.getchef.com" />
+	<target host="community.getchef.com" />
+	<target host="docs.getchef.com" />
+	<target host="downloads.getchef.com" />
+	<target host="learn.getchef.com" />
+	<target host="manage.getchef.com" />
+	<target host="status.getchef.com" />
+	<target host="summit.getchef.com" />
+	<target host="supermarket.getchef.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GetChute.com.xml b/src/chrome/content/rules/GetChute.com.xml
new file mode 100644
index 000000000000..345354f1080c
--- /dev/null
+++ b/src/chrome/content/rules/GetChute.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="GetChute.com (partial)">
+
+	<target host="getchute.com" />
+	<target host="www.getchute.com" />
+	<target host="auth.getchute.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/GetChute.xml b/src/chrome/content/rules/GetChute.xml
deleted file mode 100644
index ebf7cff3c521..000000000000
--- a/src/chrome/content/rules/GetChute.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- www
-
-	^getchute.com works, but 302s to https://www, which doesn't.
-
--->
-<ruleset name="GetChute (partial)">
-
-	<target host="*.getchute.com" />
-
-
-	<rule from="^https?://auth\.getchute\.com/"
-		to="https://auth.getchute.com/" />
-
-	<!--	301s to media.getchute.com.s3.amazonaws.com
-									-->
-	<rule from="^https?://media\.getchute\.com/"
-		to="https://s3.amazonaws.com/media.getchute.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/GetClicky.com.xml b/src/chrome/content/rules/GetClicky.com.xml
new file mode 100644
index 000000000000..8eaebabbac3c
--- /dev/null
+++ b/src/chrome/content/rules/GetClicky.com.xml
@@ -0,0 +1,20 @@
+<!--
+	For other clicky rulesets, see Clicky.com.xml
+
+	Wilcard DNS and certificate
+
+-->
+<ruleset name="GetClicky.com">
+
+	<target host="getclicky.com" />
+	<target host="*.getclicky.com" />
+		<test url="http://www.getclicky.com/" />
+		<test url="http://freewebs.getclicky.com/" />
+		<test url="http://static.getclicky.com/js" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://([\w-]+\.)?getclicky\.com/"
+		to="https://$1getclicky.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GetCloak.com.xml b/src/chrome/content/rules/GetCloak.com.xml
new file mode 100644
index 000000000000..5e1c59dc45ad
--- /dev/null
+++ b/src/chrome/content/rules/GetCloak.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="GetCloak.com">
+
+	<target host="getcloak.com" />
+	<target host="www.getcloak.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GetCloudApp.com.xml b/src/chrome/content/rules/GetCloudApp.com.xml
new file mode 100644
index 000000000000..a25346e3258d
--- /dev/null
+++ b/src/chrome/content/rules/GetCloudApp.com.xml
@@ -0,0 +1,14 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- status.getcloudapp.com
+-->
+<ruleset name="GetCloudApp.com (partial)">
+	<target host="getcloudapp.com" />
+	<target host="www.getcloudapp.com" />
+	<target host="info.getcloudapp.com" />
+	<target host="share.getcloudapp.com" />
+	<target host="support.getcloudapp.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/GetClouder.com.xml b/src/chrome/content/rules/GetClouder.com.xml
new file mode 100644
index 000000000000..47208141ed65
--- /dev/null
+++ b/src/chrome/content/rules/GetClouder.com.xml
@@ -0,0 +1,25 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://getclouder.com/ => https://getclouder.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://dev.getclouder.com/ => https://dev.getclouder.com/: (51, "SSL: no alternative certificate subject name matches target host name 'dev.getclouder.com'")
+Fetch error: http://my.getclouder.com/ => https://my.getclouder.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://tutorials.getclouder.com/ => https://tutorials.getclouder.com/: (51, "SSL: no alternative certificate subject name matches target host name 'tutorials.getclouder.com'")
+Fetch error: http://www.getclouder.com/ => https://www.getclouder.com/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="GetClouder.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="getclouder.com" />
+	<target host="dev.getclouder.com" />
+	<target host="my.getclouder.com" />
+	<target host="tutorials.getclouder.com" />
+	<target host="www.getclouder.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GetDigital-Blog.de.xml b/src/chrome/content/rules/GetDigital-Blog.de.xml
new file mode 100644
index 000000000000..9d3f3b8c0c1e
--- /dev/null
+++ b/src/chrome/content/rules/GetDigital-Blog.de.xml
@@ -0,0 +1,14 @@
+<!--
+	For other getDigital coverage, see Getdigital.de.xml.
+
+-->
+<ruleset name="getDigital-Blog.de">
+
+	<target host="getdigital-blog.de" />
+	<target host="www.getdigital-blog.de" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GetDigital.co.uk.xml b/src/chrome/content/rules/GetDigital.co.uk.xml
new file mode 100644
index 000000000000..3edb074d75dc
--- /dev/null
+++ b/src/chrome/content/rules/GetDigital.co.uk.xml
@@ -0,0 +1,28 @@
+<!--
+	For other getDigital coverage, see Getdigital.de.xml.
+
+
+	Insecure cookies are set for these domains:
+
+		- .getdigital.co.uk
+		- .www.getdigital.co.uk
+
+-->
+<ruleset name="getDigital.co.uk">
+
+	<target host="getdigital.co.uk"/>
+	<target host="www.getdigital.co.uk"/>
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.getdigital\.co\.uk$" name="^gdsession3$" /-->
+	<!--securecookie host="^\.www\.getdigital\.co\.uk$" name="^gdsession2?$" /-->
+
+	<securecookie host="^\.(?:www\.)?getdigital\.co\.uk$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GetDigital.eu.xml b/src/chrome/content/rules/GetDigital.eu.xml
new file mode 100644
index 000000000000..6c59f63f2ad7
--- /dev/null
+++ b/src/chrome/content/rules/GetDigital.eu.xml
@@ -0,0 +1,28 @@
+<!--
+	For other getDigital coverage, see Getdigital.de.xml.
+
+
+	Insecure cookies are set for these domains:
+
+		- .getdigital.eu
+		- .www.getdigital.eu
+
+-->
+<ruleset name="getDigital.eu">
+
+	<target host="getdigital.eu" />
+	<target host="www.getdigital.eu" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.getdigital\.eu$" name="^gdsession3$" /-->
+	<!--securecookie host="^\.www\.getdigital\.eu$" name="^gdsession2?$" /-->
+
+	<securecookie host="^\.(?:www\.)?getdigital\.eu$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GetDigital.fr.xml b/src/chrome/content/rules/GetDigital.fr.xml
new file mode 100644
index 000000000000..06e3dbee92e0
--- /dev/null
+++ b/src/chrome/content/rules/GetDigital.fr.xml
@@ -0,0 +1,28 @@
+<!--
+	For other getDigital coverage, see Getdigital.de.xml.
+
+
+	Insecure cookies are set for these domains:
+
+		- .getdigital.fr
+		- .www.getdigital.fr
+
+-->
+<ruleset name="getDigital.fr">
+
+	<target host="getdigital.fr"/>
+	<target host="www.getdigital.fr"/>
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.getdigital\.fr$" name="^gdsession3$" /-->
+	<!--securecookie host="^\.www\.getdigital\.fr$" name="^gdsession2?$" /-->
+
+	<securecookie host="^\.(?:www\.)?getdigital\.fr$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GetFirebug.xml b/src/chrome/content/rules/GetFirebug.xml
index 2e1cfec9123e..837f131c19fb 100644
--- a/src/chrome/content/rules/GetFirebug.xml
+++ b/src/chrome/content/rules/GetFirebug.xml
@@ -1,20 +1,8 @@
-<!--
-	Mixed content:
-
-		- Script on www from feeds.delicious.com *
-
-		- Images on www from blog *
-
-	* Secured by us
-
--->
-<ruleset name="GetFirebug (false MCB)" platform="mixedcontent">
-
-	<target host="getfirebug.com" />
-	<target host="*.getfirebug.com" />
-
-
-	<rule from="^http://(blog\.|www\.)?getfirebug\.com/"
-		to="https://$1getfirebug.com/" />
+<ruleset name="GetFirebug">
+    <target host="getfirebug.com" />
+    <target host="www.getfirebug.com" />
+    <target host="blog.getfirebug.com" />
 
+    <rule from="^http:"
+            to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/GetGlue.xml b/src/chrome/content/rules/GetGlue.xml
index 6bc75d0ae014..3db3b54874b4 100644
--- a/src/chrome/content/rules/GetGlue.xml
+++ b/src/chrome/content/rules/GetGlue.xml
@@ -1,4 +1,6 @@
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://getglue.com/ => https://getglue.com/: (51, "SSL: no alternative certificate subject name matches target host name 'tvtag.com'")
 	CDN buckets:
 
 		- s3.amazonaws.com/widgets.getglue.com/
@@ -7,16 +9,13 @@
 <ruleset name="GetGlue">
 
 	<target host="getglue.com" />
-	<target host="*.getglue.com" />
+	<target host="www.getglue.com" />
+	<target host="widgets.getglue.com" />
 
 
 	<securecookie host="^www\.getglue\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?getglue\.com/"
-		to="https://$1getglue.com/" />
+	<rule from="^http:" to="https:" />
 
-	<rule from="^http://widgets\.getglue\.com/"
-		to="https://s3.amazonaws.com/widgets.getglue.com/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/GetHarvest.com.xml b/src/chrome/content/rules/GetHarvest.com.xml
index 3477b5ba3d74..71bf1c38455d 100644
--- a/src/chrome/content/rules/GetHarvest.com.xml
+++ b/src/chrome/content/rules/GetHarvest.com.xml
@@ -27,4 +27,4 @@
 	<rule from="^http://(?:asset\d\.|(www\.))?getharvest\.com/"
 		to="https://$1getharvest.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/GetOutline.org.xml b/src/chrome/content/rules/GetOutline.org.xml
new file mode 100644
index 000000000000..908f143313a9
--- /dev/null
+++ b/src/chrome/content/rules/GetOutline.org.xml
@@ -0,0 +1,17 @@
+<!--
+	For other Google coverage, see GoogleServices.xml.
+
+	Problematic subdomains:
+		- metrics-prod (mismatched, CN=*.google.com)
+		- metrics-test (mismatched, CN=*.google.com)
+-->
+
+<ruleset name="GetOutline.org">
+	<target host="getoutline.org" />
+	<target host="www.getoutline.org" />
+	<target host="dev.getoutline.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/GetPelican.com.xml b/src/chrome/content/rules/GetPelican.com.xml
new file mode 100644
index 000000000000..4d54c4c501ec
--- /dev/null
+++ b/src/chrome/content/rules/GetPelican.com.xml
@@ -0,0 +1,15 @@
+<!--
+	Invalid certificate:
+		docs.getpelican.com
+
+-->
+<ruleset name="GetPelican.com">
+
+	<target host="getpelican.com" />
+	<target host="www.getpelican.com" />
+	<target host="blog.getpelican.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GetPersonas.com.xml b/src/chrome/content/rules/GetPersonas.com.xml
new file mode 100644
index 000000000000..6b246728e7b9
--- /dev/null
+++ b/src/chrome/content/rules/GetPersonas.com.xml
@@ -0,0 +1,11 @@
+<!--
+	For other Mozilla coverage, see Mozilla.xml.
+
+-->
+<ruleset name="GetPersonas.com">
+
+	<target host="www.getpersonas.com" /><!-- → https://addons.mozilla.org/firefox/themes/ -->
+
+	<rule from="^http:"	to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GetPersonas.xml b/src/chrome/content/rules/GetPersonas.xml
deleted file mode 100644
index f3e879647e46..000000000000
--- a/src/chrome/content/rules/GetPersonas.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	For other Mozilla coverage, see Mozilla.xml.
-
--->
-<ruleset name="GetPersonas.com" platform="mixedcontent">
-
-	<target host="getpersonas.com" />
-	<target host="www.getpersonas.com" />
-
-
-        <rule from="^http://(www\.)?getpersonas\.com/"
-		to="https://$1getpersonas.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/GetPocket.com.xml b/src/chrome/content/rules/GetPocket.com.xml
index b54f2b6d6afc..884cc283ae9f 100644
--- a/src/chrome/content/rules/GetPocket.com.xml
+++ b/src/chrome/content/rules/GetPocket.com.xml
@@ -1,31 +1,22 @@
 <!--
-	CDN buckets:
-
-		- d7x5nblzs94me.cloudfront.net
-
-		- readitlater.desk.com
-
-			- help
-
-
-	Nonfunctional subdomains:
-
-		- help	(desk.com)
+	Invalid certificate:
+		assets.getpocket.com
+		e.getpocket.com
 
 -->
-<ruleset name="GetPocket.com (partial)">
+<ruleset name="GetPocket.com">
 
 	<target host="getpocket.com" />
-	<target host="*.getpocket.com" />
-
-
-	<securecookie host="^\.getpocket\.com$" name=".+" />
-
+	<target host="www.getpocket.com" />
+	<target host="api.getpocket.com" />
+	<target host="beta.api.getpocket.com" />
+	<target host="help.getpocket.com" />
+	<target host="text.getpocket.com" />
+	<target host="widgets.getpocket.com" />
 
-	<rule from="^http://help\.getpocket\.com/favicon\.ico"
-		to="https://d3jyn100am7dxp.cloudfront.net/favicon.ico" />
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(widgets\.|www\.)?getpocket\.com/"
-		to="https://$1getpocket.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/GetPocketbook.com.xml b/src/chrome/content/rules/GetPocketbook.com.xml
new file mode 100644
index 000000000000..8a14ae227bcb
--- /dev/null
+++ b/src/chrome/content/rules/GetPocketbook.com.xml
@@ -0,0 +1,16 @@
+<!--
+	Time out:
+		email.getpocketbook.com
+
+-->
+<ruleset name="GetPocketbook.com">
+
+	<target host="getpocketbook.com" />
+	<target host="www.getpocketbook.com" />
+	<target host="help.getpocketbook.com" />
+	<target host="stg.getpocketbook.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GetResponse.com.xml b/src/chrome/content/rules/GetResponse.com.xml
new file mode 100644
index 000000000000..8edb539fa058
--- /dev/null
+++ b/src/chrome/content/rules/GetResponse.com.xml
@@ -0,0 +1,79 @@
+<!--
+	Problematic subdomains:
+
+		- apidocs *
+		- blog *
+		- br *
+		- connect *
+		- dev *
+
+	* Works, mismatched
+
+
+	Partially covered subdomains:
+
+		- support *
+
+	* Avoiding false/broken MCB
+
+
+	Fully covered subdomains:
+
+		- (www.)
+		- api
+		- api2
+		- app
+		- cdn
+		- multimedia
+		- secure
+		- static
+		- support-panel
+
+
+	Mixed content:
+
+		- css, on:
+
+			- apidocs from $self ¹
+			- blog from $self ¹
+			- connect from $self ¹
+			- support from $self ²
+
+		- Images, on:
+
+			- apidocs from $self ¹
+			- blog from $self ¹
+			- support from $self ²
+
+		- favicon, on:
+
+			- blog from $self ¹
+			- support from $self ²
+
+	¹ Not secured by us <= mismatched
+	² Secured by us
+
+-->
+<ruleset name="GetResponse.com (partial)">
+
+	<target host="getresponse.com" />
+	<target host="api.getresponse.com" />
+	<target host="api2.getresponse.com" />
+	<target host="app.getresponse.com" />
+	<target host="cdn.getresponse.com" />
+	<target host="multimedia.getresponse.com" />
+	<target host="secure.getresponse.com" />
+	<target host="static.getresponse.com" />
+	<target host="support.getresponse.com" />
+	<target host="support-panel.getresponse.com" />
+	<target host="www.getresponse.com" />
+		<!--exclusion pattern="^http://(apidocs|blog|br|connect|dev)\.getresponse\.com/" /-->
+		<!--
+			Avoid false/broken MCB:
+						-->
+		<exclusion pattern="^http://support\.getresponse\.com/+(?!uploads/|wp-content/|wp-includes/)" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GetTraffic.com.xml b/src/chrome/content/rules/GetTraffic.com.xml
index aa0b2aafc12f..d7f21a76caad 100644
--- a/src/chrome/content/rules/GetTraffic.com.xml
+++ b/src/chrome/content/rules/GetTraffic.com.xml
@@ -1,17 +1,22 @@
 <!--
+	(www.)?: Expired
+
+
 	Fully covered subdomains:
 
-		- (www.)
 		- cdn-w
 
 -->
-<ruleset name="GetTraffic.com">
+<ruleset name="GetTraffic.com (partial)">
 
-	<target host="gettraffic.com" />
-	<target host="*.gettraffic.com" />
+	<!--	Direct rewrites:
+				-->
+	<!--target host="gettraffic.com" /-->
+	<target host="cdn-w.gettraffic.com" />
+	<!--target host="www.gettraffic.com" /-->
 
 
-	<rule from="^http://(cdn-w\.|www\.)?gettraffic\.com/"
-		to="https://$1gettraffic.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/GetVoIP.com.xml b/src/chrome/content/rules/GetVoIP.com.xml
new file mode 100644
index 000000000000..6010616f3e0a
--- /dev/null
+++ b/src/chrome/content/rules/GetVoIP.com.xml
@@ -0,0 +1,39 @@
+<!--
+	NB: Tor users cannot view* this website due to CloudFlare settings.
+
+	See:
+
+		- https://blog.torproject.org/blog/call-arms-helping-internet-services-accept-anonymous-users
+		- https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block-Tor-
+		- https://support.cloudflare.com/hc/en-us/articles/200170206-How-do-I-turn-I-m-Under-Attack-mode-on-
+
+	* without enabling javascript, for security and privacy implications see e.g.:
+
+		- https://www.mozilla.org/security/known-vulnerabilities/firefox.html
+		- https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-fingerprinting
+		- https://panopticlick.eff.org
+
+
+	Insecure cookies are set for these domains:
+
+		- .getvoip.com
+
+-->
+<ruleset name="GetVoIP.com">
+
+	<target host="getvoip.com" />
+	<target host="www.getvoip.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.getvoip\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Get_ASGard.com.xml b/src/chrome/content/rules/Get_ASGard.com.xml
new file mode 100644
index 000000000000..2044bfb0149d
--- /dev/null
+++ b/src/chrome/content/rules/Get_ASGard.com.xml
@@ -0,0 +1,33 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://getasgard.com/ => https://getasgard.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://www.getasgard.com/ => https://www.getasgard.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+
+	For other Paragon Initiave Enterprise coverage, see Paragon_IE.com.xml.
+
+
+	Insecure cookies are set for these domains:
+
+		- .getasgard.com
+
+-->
+<ruleset name="Get ASGard.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="getasgard.com" />
+	<target host="www.getasgard.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.getasgard\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Get_Ambassador.com.xml b/src/chrome/content/rules/Get_Ambassador.com.xml
new file mode 100644
index 000000000000..1d5e36540b41
--- /dev/null
+++ b/src/chrome/content/rules/Get_Ambassador.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Other Ambassador rulesets:
+
+		- Mbsy.co.xml
+
+
+	Nonfunctional hosts in *getambassador.com:
+
+		- support *
+
+	* Desk.com
+
+-->
+<ruleset name="get Ambassador.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="getambassador.com" />
+	<target host="my.getambassador.com" />
+	<target host="www.getambassador.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Get_Beagle.co.xml b/src/chrome/content/rules/Get_Beagle.co.xml
new file mode 100644
index 000000000000..2a08711df5a0
--- /dev/null
+++ b/src/chrome/content/rules/Get_Beagle.co.xml
@@ -0,0 +1,30 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://getbeagle.co/ => https://getbeagle.co/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://app.getbeagle.co/ => https://app.getbeagle.co/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.getbeagle.co/ => https://www.getbeagle.co/: (28, 'Connection timed out after 20000 milliseconds')
+
+	For other Citrix coverage, see Citrix.xml.
+
+
+	Nonfunctional hosts in *getbeagle.co:
+
+		- blog *
+
+	* Tumblr
+
+-->
+<ruleset name="Get Beagle.co (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="getbeagle.co" />
+	<target host="app.getbeagle.co" />
+	<target host="www.getbeagle.co" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Get_Clef.com.xml b/src/chrome/content/rules/Get_Clef.com.xml
new file mode 100644
index 000000000000..f939a1eefb9e
--- /dev/null
+++ b/src/chrome/content/rules/Get_Clef.com.xml
@@ -0,0 +1,44 @@
+<!--
+	Nonfunctional hosts in *getclef.com:
+
+		- blog *
+
+	* Refused
+
+
+	Problematic hosts in *getclef.com:
+
+		- docs *
+		- support *
+
+	* Mismatched
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .getclef.com
+		- docs.getclef.com
+		- support.getclef.com
+
+-->
+<ruleset name="get Clef.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="getclef.com" />
+	<target host="www.getclef.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.getclef\.com$" name="^(__cfduid|cf_clearance)$" /-->
+	<!--securecookie host="^docs\.getclef\.com$" name="^(XSRF-TOKEN|connect\.sid)$" /-->
+	<!--securecookie host="^support\.getclef\.com$" name="^PLAY_SESSION$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Get_Composer.org.xml b/src/chrome/content/rules/Get_Composer.org.xml
new file mode 100644
index 000000000000..aa82dbf2f983
--- /dev/null
+++ b/src/chrome/content/rules/Get_Composer.org.xml
@@ -0,0 +1,9 @@
+<ruleset name="Get Composer.org">
+
+	<target host="getcomposer.org" />
+	<target host="www.getcomposer.org" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Get_Final.com.xml b/src/chrome/content/rules/Get_Final.com.xml
new file mode 100644
index 000000000000..26c398a478c8
--- /dev/null
+++ b/src/chrome/content/rules/Get_Final.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="get Final.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="getfinal.com" />
+	<target host="www.getfinal.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Get_Foxy_Proxy.org.xml b/src/chrome/content/rules/Get_Foxy_Proxy.org.xml
index bb142e1ee78a..c11fc67d542a 100644
--- a/src/chrome/content/rules/Get_Foxy_Proxy.org.xml
+++ b/src/chrome/content/rules/Get_Foxy_Proxy.org.xml
@@ -1,16 +1,17 @@
 <!--
-	Nonfunctional subdomains:
-
-		- forums	(refused)
-
+	Mismatch:
+		- defender
+		- digdug
+		- ford
+		- robotron
 -->
 <ruleset name="Get Foxy Proxy.org (partial)">
-
 	<target host="getfoxyproxy.org" />
 	<target host="www.getfoxyproxy.org" />
+	<target host="code.getfoxyproxy.org" />
+	<target host="docs.getfoxyproxy.org" />
+	<target host="forums.getfoxyproxy.org" />
 
-
-	<rule from="^http://(www\.)?getfoxyproxy\.org/"
-		to="https://$1getfoxyproxy.org/" />
-
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Get_I2P.net.xml b/src/chrome/content/rules/Get_I2P.net.xml
new file mode 100644
index 000000000000..c6c4ab5657e0
--- /dev/null
+++ b/src/chrome/content/rules/Get_I2P.net.xml
@@ -0,0 +1,10 @@
+<ruleset name="Get I2P.net">
+
+	<target host="geti2p.net" />
+	<target host="www.geti2p.net" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Get_KeepSafe.com.xml b/src/chrome/content/rules/Get_KeepSafe.com.xml
new file mode 100644
index 000000000000..aeeefad43f8d
--- /dev/null
+++ b/src/chrome/content/rules/Get_KeepSafe.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="get KeepSafe.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="getkeepsafe.com" />
+	<target host="www.getkeepsafe.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Get_Lantern.org.xml b/src/chrome/content/rules/Get_Lantern.org.xml
new file mode 100644
index 000000000000..a3c8a86696ba
--- /dev/null
+++ b/src/chrome/content/rules/Get_Lantern.org.xml
@@ -0,0 +1,9 @@
+<ruleset name="Get Lantern.org">
+
+	<target host="getlantern.org" />
+	<target host="www.getlantern.org" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Get_Mailbird.com.xml b/src/chrome/content/rules/Get_Mailbird.com.xml
new file mode 100644
index 000000000000..1031a3bab9ec
--- /dev/null
+++ b/src/chrome/content/rules/Get_Mailbird.com.xml
@@ -0,0 +1,15 @@
+<ruleset name="get Mailbird.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="getmailbird.com" />
+	<target host="www.getmailbird.com" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Get_Meadow.com.xml b/src/chrome/content/rules/Get_Meadow.com.xml
new file mode 100644
index 000000000000..cf406e730df0
--- /dev/null
+++ b/src/chrome/content/rules/Get_Meadow.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="get Meadow.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="getmeadow.com" />
+	<target host="www.getmeadow.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Get_Out_of_Debt_Guy.xml b/src/chrome/content/rules/Get_Out_of_Debt_Guy.xml
deleted file mode 100644
index 787a2aa3ed6f..000000000000
--- a/src/chrome/content/rules/Get_Out_of_Debt_Guy.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<ruleset name="Get Out of Debt Guy">
-
-	<target host="getoutofdebt.org" />
-	<target host="*.getoutofdebt.org" />
-
-
-	<securecookie host="^\.getoutofdebt\.org$" name=".+" />
-
-
-	<rule from="^http://(www\.)?getoutofdebt\.org/"
-		to="https://$1getoutofdebt.org/" />
-
-	<rule from="^https?://cdn\d*\.getoutofdebt\.org/"
-		to="https://d3iekd80gadj25.cloudfront.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Get_Rave.com.xml b/src/chrome/content/rules/Get_Rave.com.xml
new file mode 100644
index 000000000000..09ba82f70cce
--- /dev/null
+++ b/src/chrome/content/rules/Get_Rave.com.xml
@@ -0,0 +1,27 @@
+<!--
+	^getrave.com: Refused
+
+-->
+<ruleset name="Get Rave.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.getrave.com" />
+
+	<!--	Complications:
+				-->
+	<target host="getrave.com" />
+
+
+	<!--	Redirect keeps path and args,
+		but not forward slash:
+					-->
+	<rule from="^http://getrave\.com/+"
+		to="https://www.getrave.com/" />
+
+		<test url="http://getrave.com//login/jjc" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Get_Safe_Online.xml b/src/chrome/content/rules/Get_Safe_Online.xml
new file mode 100644
index 000000000000..09f87a9da1d9
--- /dev/null
+++ b/src/chrome/content/rules/Get_Safe_Online.xml
@@ -0,0 +1,27 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- getsafeonline.org
+		- www.getsafeonline.org
+
+-->
+<ruleset name="Get Safe Online.org">
+
+	<target host="getsafeonline.org" />
+	<target host="*.getsafeonline.org" />
+
+		<test url="http://staging.getsafeonline.org/" />
+		<test url="http://www.getsafeonline.org/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?getsafeonline\.org$" name="^exp_(?:last_activity|last_visit|tracker)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Get_Scroll.com.xml b/src/chrome/content/rules/Get_Scroll.com.xml
new file mode 100644
index 000000000000..be769416b9a7
--- /dev/null
+++ b/src/chrome/content/rules/Get_Scroll.com.xml
@@ -0,0 +1,42 @@
+<!--
+	NB: Tor users cannot view* this website due to CloudFlare settings.
+
+	See:
+
+		- https://blog.torproject.org/blog/call-arms-helping-internet-services-accept-anonymous-users
+		- https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block-Tor-
+		- https://support.cloudflare.com/hc/en-us/articles/200170206-How-do-I-turn-I-m-Under-Attack-mode-on-
+
+	* without enabling javascript, for security and privacy implications see e.g.:
+
+		- https://www.mozilla.org/security/known-vulnerabilities/firefox.html
+		- https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-fingerprinting
+		- https://panopticlick.eff.org
+
+
+	www.getscroll.com doesn't exist.
+
+
+	Insecure cookies are set for these domains:
+
+		- .getscroll.com
+
+-->
+<ruleset name="Get Scroll.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="getscroll.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.getscroll\.com$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Get_ShareX.com.xml b/src/chrome/content/rules/Get_ShareX.com.xml
new file mode 100644
index 000000000000..931505f18152
--- /dev/null
+++ b/src/chrome/content/rules/Get_ShareX.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .getsharex.com
+
+-->
+<ruleset name="Get ShareX.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="getsharex.com" />
+	<target host="www.getsharex.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.getsharex\.com$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Get_Shine.com.xml b/src/chrome/content/rules/Get_Shine.com.xml
index ac6bf6eca8e0..a209b4d70494 100644
--- a/src/chrome/content/rules/Get_Shine.com.xml
+++ b/src/chrome/content/rules/Get_Shine.com.xml
@@ -1,7 +1,13 @@
-<ruleset name="get Shine.com">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://getshine.com/ => https://www.getshine.com/: Too many redirects while fetching 'https://www.getshine.com/'
+
+-->
+<ruleset name="get Shine.com" default_off="failed ruleset test">
 
 	<target host="getshine.com" />
-	<target host="*.getshine.com" />
+	<target host="www.getshine.com" />
 
 
 	<securecookie host="^\.getshine\.com$" name=".+" />
diff --git a/src/chrome/content/rules/Get_Syme.com.xml b/src/chrome/content/rules/Get_Syme.com.xml
deleted file mode 100644
index 09d0a44dc696..000000000000
--- a/src/chrome/content/rules/Get_Syme.com.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	Cert only matches ^getsyme.com
-
--->
-<ruleset name="get Syme.com">
-
-	<target host="getsyme.com" />
-	<target host="www.getsyme.com" />
-
-
-	<rule from="^http://(?:www\.)?getsyme\.com/"
-		to="https://getsyme.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Get_Tag.mobi.xml b/src/chrome/content/rules/Get_Tag.mobi.xml
new file mode 100644
index 000000000000..909e2e4df1e7
--- /dev/null
+++ b/src/chrome/content/rules/Get_Tag.mobi.xml
@@ -0,0 +1,17 @@
+<!--
+	For other Microsoft coverage, see Microsoft.xml.
+
+
+	CN: tag.microsoft.com
+
+-->
+<ruleset name="Get Tag.mobi" default_off="mismatched">
+
+	<target host="gettag.mobi" />
+	<target host="www.gettag.mobi" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Get_jaco.com.xml b/src/chrome/content/rules/Get_jaco.com.xml
new file mode 100644
index 000000000000..92198d53733b
--- /dev/null
+++ b/src/chrome/content/rules/Get_jaco.com.xml
@@ -0,0 +1,41 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://getjaco.com/ => https://getjaco.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .getjaco.com
+		- bo.getjaco.com
+		- bo-staging.getjaco.com
+
+
+	Mixed content:
+
+		- css on www from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="get jaco.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="getjaco.com" />
+	<target host="bo.getjaco.com" />
+	<target host="bo-staging.getjaco.com" />
+	<target host="www.getjaco.com" />
+
+		<test url="http://bo.getjaco.com/backoffice/login" />
+		<test url="http://bo.getjaco.com/build/recorder.js" />
+		<test url="http://bo-staging.getjaco.com/backoffice/login" />
+		<test url="http://bo-staging.getjaco.com/build/recorder.js" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Getclicky.xml b/src/chrome/content/rules/Getclicky.xml
deleted file mode 100644
index 1a7f694a1c44..000000000000
--- a/src/chrome/content/rules/Getclicky.xml
+++ /dev/null
@@ -1,41 +0,0 @@
-<!--
-	Partially covered domains:
-
-		- (www.)clicky.com	(some pages redirect to http)
-
-
-	Fully covered domains:
-
-		- cdn.staticstuff.net
-
--->
-<ruleset name="GetClicky">
-
-	<target host="clicky.com" />
-	<target host="www.clicky.com" />
-	<target host="getclicky.com" />
-	<target host="*.getclicky.com" />
-	<target host="staticstuff.net" />
-	<target host="*.staticstuff.net" />
-
-
-	<securecookie host="^(?:.*\.)?getclicky\.com$" name=".+" />
-	<securecookie host="^(?:.*\.)?staticstuff\.net$" name=".+" />
-
-
-	<rule from="^http://(www\.)?clicky\.com/(favicon\.ico|user(?:$|\?|/))"
-		to="https://$1clicky.com/$2" />
-
-	<rule from="^http://([^/:@\.]+\.)?getclicky\.com/"
-		to="https://$1getclicky.com/" />
-
-	<rule from="^http://(?:win\.|www\.)?staticstuff\.net/"
-		to="https://win.staticstuff.net/" />
-
-	<rule from="^http://hello\.staticstuff\.net/"
-		to="https://hello.staticstuff.net/" />
-
-	<rule from="^http://cdn\.staticstuff\.net/"
-		to="https://cdn.staticstuff.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Getdigital.de.xml b/src/chrome/content/rules/Getdigital.de.xml
index db045fc68934..2c92777ab2f2 100644
--- a/src/chrome/content/rules/Getdigital.de.xml
+++ b/src/chrome/content/rules/Getdigital.de.xml
@@ -1,6 +1,58 @@
-<ruleset name="Getdigital.de" platform="mixedcontent">
-  <target host="www.getdigital.de"/>
-  <target host="getdigital.de"/>
+<!--
+	Other getDigital rulesets:
+
+		- Get-Digital.es.xml
+		- Get-Digital.it.xml
+		- Get-Digital.nl.xml
+		- GetDigital.co.uk.xml
+		- GetDigital.eu.xml
+		- GetDigital.fr.xml
+		- GetDigital-Blog.de.xml
+
+
+	Insecure cookies are set for these domains:
+
+		- .getdigital.de
+		- .binary.getdigital.de
+		- .hex.getdigital.de
+		- .leet.getdigital.de
+		- .www.getdigital.de
+
+
+	Invalid certificate:
+
+		- new.getdigital.de
+
+
+	Mixed content:
+
+		- Images on www from www.getdigital-blog.de *
+
+
+	Timeout:
+
+		- binary.getdigital.de
+		- hex.getdigital.de
+		- hodor.getdigital.de
+		- leet.getdigital.de
+
+	* Secured by us
+
+-->
+<ruleset name="getDigital.de">
+
+	<target host="getdigital.de"/>
+	<target host="www.getdigital.de"/>
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.getdigital\.de$" name="^gdsession3$" /-->
+	<!--securecookie host="^\.(?:www)\.getdigital\.de$" name="^gdsession2?$" /-->
+
+	<securecookie host="^\.(?:www\.)?getdigital\.de$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
 
-  <rule from="^http://(www\.)?getdigital\.de/" to="https://www.getdigital.de/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/Getdns_API.net.xml b/src/chrome/content/rules/Getdns_API.net.xml
new file mode 100644
index 000000000000..7db0dbb1f45f
--- /dev/null
+++ b/src/chrome/content/rules/Getdns_API.net.xml
@@ -0,0 +1,15 @@
+<ruleset name="getdns API.net">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="getdnsapi.net" />
+	<target host="www.getdnsapi.net" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Getemoji.com.xml b/src/chrome/content/rules/Getemoji.com.xml
new file mode 100644
index 000000000000..0fc276c5e0f1
--- /dev/null
+++ b/src/chrome/content/rules/Getemoji.com.xml
@@ -0,0 +1,17 @@
+<!--
+	Nonfunctional hosts in *.getemoji.com:
+		- classic.getemoji.com (t)
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Getemoji.com">
+	<target host="getemoji.com" />
+	<target host="www.getemoji.com" />
+	<target host="blog.getemoji.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Getgo.de.xml b/src/chrome/content/rules/Getgo.de.xml
new file mode 100644
index 000000000000..60ee27dcb23e
--- /dev/null
+++ b/src/chrome/content/rules/Getgo.de.xml
@@ -0,0 +1,27 @@
+<!--
+	For other Eventim coverage, see Eventim.com.xml.
+
+	Problematic domains:
+		- getgo.de (m)
+		- newsletter.getgo.de (m)
+
+	h: http redirect
+	m: certificate mismatch
+	n: no secure protocol supported
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Getgo.de">
+	<target host="getgo.de" />
+	<target host="www.getgo.de" />
+	<target host="service.getgo.de" />
+		<test url="http://service.getgo.de/robots.txt" />
+	<target host="secure.getgo.de" />
+
+	<rule from="^http://getgo\.de/"
+		to="https://www.getgo.de/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Getgo.xml b/src/chrome/content/rules/Getgo.xml
deleted file mode 100644
index c55e82d47e9f..000000000000
--- a/src/chrome/content/rules/Getgo.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	For other Eventim coverage, see Eventim.xml.
-
-
-	Problematic domains:
-
-		 getgo.de
-
--->
-<ruleset name="getgo">
-
-	<target host="getgo.de" />
-	<target host="*.getgo.de" />
-
-
-	<securecookie host="^.*\.getgo\.de$" name=".+" />
-
-
-	<rule from="^https?://(?:www\.)?getgo\.de/"
-		to="https://www.getgo.de/" />
-
-	<rule from="^http://secure\.getgo\.de/"
-		to="https://secure.getgo.de/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Getmybalance.xml b/src/chrome/content/rules/Getmybalance.xml
new file mode 100644
index 000000000000..25554ad9e4cb
--- /dev/null
+++ b/src/chrome/content/rules/Getmybalance.xml
@@ -0,0 +1,17 @@
+<!--
+    Nonfunctional (sub)domains:
+        * www.getmybalance.ca (without www) -> DNS error
+        * getmymgmbalance.com (without www) -> DNS error
+-->
+<ruleset name="GetMyBalance">
+    <target host="getmybalance.com" />
+    <target host="www.getmybalance.com" />
+    <target host="www.getmybalance.ca" />
+    <target host="www.getmymgmbalance.com" />
+
+    <!-- https://regex101.com/r/rM1rQ0/1 -->
+    <securecookie host="^((www\.)?getmybalance\.com)|(www.getmybalance.ca)|(www.getmymgmbalance.com)" name=".+" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Getprice.xml b/src/chrome/content/rules/Getprice.xml
index 9cb1c515307e..bd99664db251 100644
--- a/src/chrome/content/rules/Getprice.xml
+++ b/src/chrome/content/rules/Getprice.xml
@@ -3,7 +3,6 @@
 	<target host="secure.getprice.com.au" />
 
 
-	<rule from="^http://secure\.getprice\.com\.au/"
-		to="https://secure.getprice.com.au/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Getsatisfaction.com-mismatches.xml b/src/chrome/content/rules/Getsatisfaction.com-mismatches.xml
deleted file mode 100644
index 9d54e2d29ce6..000000000000
--- a/src/chrome/content/rules/Getsatisfaction.com-mismatches.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	For rules that are on by default, see Getsatisfaction.com.xml.
-
-
-	http://info.getsatisfaction.com/contact_sales.html	-	404
-
--->
-<ruleset name="Getsatisfaction.com (mismatches)" default_off="expired, mismatched">
-
-	<target host="blog.getsatisfaction.com"/>
-	<target host="product.getsatisfaction.com"/>
-
-
-	<rule from="^http://(blog|product)\.getsatisfaction\.com/"
-		to="https://$1.getsatisfaction.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Getsatisfaction.com.xml b/src/chrome/content/rules/Getsatisfaction.com.xml
index af940647ce61..57f30371f2db 100644
--- a/src/chrome/content/rules/Getsatisfaction.com.xml
+++ b/src/chrome/content/rules/Getsatisfaction.com.xml
@@ -1,6 +1,8 @@
-<!--
-	For problematic rules, see Getsatisfaction.com-mismatches.xml.
 
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://blog.getsatisfaction.com/ => https://blog.getsatisfaction.com/: (51, "SSL: no alternative certificate subject name matches target host name 'blog.getsatisfaction.com'")
+Fetch error: http://info.getsatisfaction.com/ => https://info.getsatisfaction.com/: (6, 'Could not resolve host: info.getsatisfaction.com')
 
 	Other Getsatisfaction.com rulesets:
 
@@ -28,34 +30,92 @@
 	* Equivalent to getsatisfaction.com
 
 
-	Problematic getsatisfaction.com subdomains:
+	Nonfunctional domains:
 
-		- blog *
-		- info		(marketo)
-		- product *
+		- (www.)ccpact.com
+		- status.getsatisfaction.com *
 
-	* Mismatched, CN: page.ly
+	* Tumblr / redirects to www.tumblr.com
 
 
-	Nonfunctional domains:
+	These altnames don't exist:
 
-		- (www.)ccpact.com
-		- status.getsatisfaction.com
+		- www.education.getsatisfaction.com
+		- www.info.getsatisfaction.com
 
--->
-<ruleset name="Getsatisfaction.com" platform="mixedcontent">
-
-	<target host="getsatisfaction.com" />
-	<target host="*.getsatisfaction.com" />
 
+	Mixed content:
 
-	<securecookie host="^\.getsatisfaction\.com$" name=".+" />
+		- css on info from cloud.webtype.com *
+		- Images on info, product from $self *
+		- Bug on product from www.facebook.com *
 
+	* Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
-	<rule from="^http://(assets\d\.|www\.)?getsatisfaction\.com/"
-		to="https://$1getsatisfaction.com/" />
+-->
+<ruleset name="Getsatisfaction.com (partial)" default_off="failed ruleset test">
 
-	<rule from="^http://info\.getsatisfaction\.com/(cs|j|r)s/"
-		to="https://na-sjh.marketo.com/$1s/" />
+	<target host="getsatisfaction.com" />
+	<target host="assets1.getsatisfaction.com" />
+	<target host="assets2.getsatisfaction.com" />
+	<target host="assets3.getsatisfaction.com" />
+	<target host="assets4.getsatisfaction.com" />
+	<target host="auth.getsatisfaction.com" />
+	<target host="blog.getsatisfaction.com" />
+	<target host="c.getsatisfaction.com" />
+	<target host="da.getsatisfaction.com" />
+	<target host="education.getsatisfaction.com" />
+	<target host="es.getsatisfaction.com" />
+	<target host="fi.getsatisfaction.com" />
+	<target host="fr.getsatisfaction.com" />
+	<target host="info.getsatisfaction.com" />
+	<target host="it.getsatisfaction.com" />
+	<target host="nb.getsatisfaction.com" />
+	<target host="nl.getsatisfaction.com" />
+	<target host="product.getsatisfaction.com" />
+	<target host="sslproxy.getsatisfaction.com" />
+	<target host="sv.getsatisfaction.com" />
+	<target host="www.getsatisfaction.com" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://blog\.getsatisfaction\.com/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="^http://blog\.getsatisfaction\.com/(?!/*wp-content/)" /-->
+
+			<!--	+ve:
+					-->
+			<!--
+			<test url="http://blog.getsatisfaction.com/category/infographics/" />
+			<test url="http://blog.getsatisfaction.com/home/page/2/" />
+			-->
+
+			<!--	-ve:
+					-->
+			<!--
+			<test url="http://blog.getsatisfaction.com/wp-content/themes/GetSatisfaction_new/images/default_thumb.png" />
+			-->
+
+		<!--	$ 404s, so:
+					-->
+		<test url="http://c.getsatisfaction.com/freeagent/topics/prepayments_and_general_journal_entries" />
+
+		<!--	$ redirects to ^getsatisfaction.com, so:
+									-->
+		<test url="http://sslproxy.getsatisfaction.com/sslproxy/SWhAdDNLMG5zdGFuVGlWeiuU7qIoMUA0jlW5m_nenARXkCN3FBTVyiSpdB2Xn5SS_rFGAEiKrXPqaCFcc0FQnw==" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.getsatisfaction\.com$" name="^(?:_sfn_session|avatar_url|canonical_name|logged_in|token_hash|token_issue_date|user_id|user_name|user_nick|use_real_name)$" /-->
+	<!--securecookie host="^education\.getsatisfaction\.com$" name="^wfvt_\d+$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Getty.edu.xml b/src/chrome/content/rules/Getty.edu.xml
index caf4a868f8d2..4ec5913cde97 100644
--- a/src/chrome/content/rules/Getty.edu.xml
+++ b/src/chrome/content/rules/Getty.edu.xml
@@ -15,7 +15,8 @@
 <ruleset name="Getty.edu">
 
 	<target host="getty.edu" />
-	<target host="*.getty.edu" />
+	<target host="www.getty.edu" />
+	<target host="shop.getty.edu" />
 
 
 	<rule from="^http://(?:www\.)?getty\.edu/"
diff --git a/src/chrome/content/rules/Getty_Images-problematic.xml b/src/chrome/content/rules/Getty_Images-problematic.xml
index 09b59285bb3d..1cea45f8a7b4 100644
--- a/src/chrome/content/rules/Getty_Images-problematic.xml
+++ b/src/chrome/content/rules/Getty_Images-problematic.xml
@@ -8,7 +8,7 @@
 	<target host="e.gettyimages.com" />
 
 
-	<rule from="^http://(contributors|e)\.gettyimages\.com/"
-		to="https://$1.gettyimages.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Getty_Images.xml b/src/chrome/content/rules/Getty_Images.xml
index 5691bf1b826d..c0e1a5e9d85d 100644
--- a/src/chrome/content/rules/Getty_Images.xml
+++ b/src/chrome/content/rules/Getty_Images.xml
@@ -1,9 +1,17 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://gettyimages.com.au/cart => https://www.gettyimages.com.au/cart: Too many redirects while fetching 'https://www.gettyimages.com.au/cart'
+Fetch error: http://developers.gettyimages.com/ => https://developers.gettyimages.com/: (51, "SSL: no alternative certificate subject name matches target host name 'developers.gettyimages.com'")
+Fetch error: http://spectrum.gettyimages.com/ => https://spectrum.gettyimages.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://secure.stage-gettyimages.co.nz/ => https://secure.stage-gettyimages.co.nz/: (51, "SSL: no alternative certificate subject name matches target host name 'secure.stage-gettyimages.co.nz'")
+
 	For problematic rules, see Getty_Images-problematic.xml.
 
 
 	CDN buckets:
 
+		- content.developer.mashery.com.s3.amazonaws.com
 		- cache.gettyimages.com.edgesuite.net
 
 
@@ -31,48 +39,520 @@
 
 	Problematic domains:
 
-		- gettyimages.(ae|at|be|ca|ch|co.jp|co.nz|co.uk|com.au|de|dk|es|fi|fr|ie|in|it|nl|no|pt|se) *
-		- www.gettyimages.(ae|at|be|ca|ch|co.jp|co.nz|co.uk|com.au|de|dk|es|fi|fr|ie|in|it|nl|no|pt|se) **
+		- gettyimages.(ae|at|be|ca|ch|co.jp|co.nz|co.uk|com.au|de|dk|es|fi|fr|ie|in|it|nl|no|pt|se) ᵐ
 
 		- gettyimages.com subdomains:
 
-			- ^			(redirects to secure; mismatched, CN: SECURE.GETTYIMAGES.COM)
+			- ^ ᵐ
+			- assigments ᶜ
 			- cache			(works, akamai)
+			- contribute ᶜ
 			- contributors		(works; expired 2012-03-04, self-signed)
 			- e			(works; mismatched, CN: secure.eloqua.com)
-			- www			(redirects to www.secure, akamai)
+			- licensecompliance ᵐ
+			- mediamanager ᵐ
+			- remote ᵐ
+			- upload ᶜ
+
+	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
+	ᵐ Mismatched
+
+
+	Partially covered domains:
+
+		- (www.)?gettyimages.(ae|at|be|ca|ch|co.jp|co.nz|co.uk|com|com.au|de|dk|es|fi|fr|ie|in|it|nl|no|pt|se) ʰ
+		- developer.gettyimages.com ʰ
+
+	ʰ Some pages redirect to http
+
+
+	These altnames do not exist:
+
+		- www.api.gettyimages.com
+		- www.assignments.gettyimages.com
+		- www.citrix.gettyimages.com
+		- www.contribute.gettyimages.com
+		- www.copyrightcompliance.gettyimages.com
+		- www.delivery.gettyimages.com
+		- www.mail.gettyimages.com
+		- www.spectrum.gettyimages.com
+		- www.upload.gettyimages.com
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- .gettyimages.ae
+		- secure.gettyimages.ae
+		- www.gettyimages.ae
+		- .gettyimages.at
+		- secure.gettyimages.at
+		- www.gettyimages.at
+		- .gettyimages.be
+		- secure.gettyimages.be
+		- www.gettyimages.be
+		- .gettyimages.ca
+		- secure.gettyimages.ca
+		- www.gettyimages.ca
+		- .gettyimages.ch
+		- secure.gettyimages.ch
+		- www.gettyimages.ch
+		- .gettyimages.co.jp
+		- secure.gettyimages.co.jp
+		- www.gettyimages.co.jp
+		- .gettyimages.co.nz
+		- secure.gettyimages.co.nz
+		- www.gettyimages.co.nz
+		- .gettyimages.co.uk
+		- secure.gettyimages.co.uk
+		- www.gettyimages.co.uk
 
-	* Pages redirect to http; mismatched, CN: SECURE.GETTYIMAGES.COM
-	** Pages redirect to http, akamai
+		- .gettyimages.com
+		- api.gettyimages.com
+		- assignments.gettyimages.com
+		- contribute.gettyimages.com
+		- copyrightcompliance.gettyimages.com
+		- .copyrightcompliance.gettyimages.com
+		- developer.gettyimages.com
+		- mail.gettyimages.com
+		- maildr.gettyimages.com
+		- mediamanager.gettyimages.com
+		- mm.gettyimages.com
+		- secure.gettyimages.com
+		- upload.gettyimages.com
+		- www.gettyimages.com
+
+		- .gettyimages.com.au
+		- secure.gettyimages.com.au
+		- www.gettyimages.com.au
+		- .gettyimages.de
+		- secure.gettyimages.de
+		- www.gettyimages.de
+		- .gettyimages.dk
+		- secure.gettyimages.dk
+		- www.gettyimages.dk
+		- .gettyimages.es
+		- secure.gettyimages.es
+		- www.gettyimages.es
+		- .gettyimages.fi
+		- secure.gettyimages.fi
+		- www.gettyimages.fi
+		- .gettyimages.fr
+		- secure.gettyimages.fr
+		- www.gettyimages.fr
+		- .gettyimages.ie
+		- secure.gettyimages.ie
+		- www.gettyimages.ie
+		- .gettyimages.in
+		- secure.gettyimages.in
+		- www.gettyimages.in
+		- .gettyimages.it
+		- secure.gettyimages.it
+		- www.gettyimages.it
+		- .gettyimages.nl
+		- secure.gettyimages.nl
+		- www.gettyimages.nl
+		- .gettyimages.no
+		- secure.gettyimages.no
+		- www.gettyimages.no
+		- .gettyimages.pt
+		- secure.gettyimages.pt
+		- www.gettyimages.pt
+		- .gettyimages.se
+		- secure.gettyimages.se
+		- www.gettyimages.se
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- api, developer from gettyimages.mashery.com
+			- mediamanager from $self
+
+		- favicons, on:
+
+			- api from $self ˢ
+			- developer from api.gettyimages.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="Getty Images (partial)">
-
-	<target host="gettyimages.*" />
-	<target host="secure.gettyimages.*" />
-	<target host="www.gettyimages.*" />
-	<target host="gettyimages.co.*" />
-	<target host="secure.gettyimages.co.*" />
-	<target host="www.gettyimages.co.*" />
-	<target host="*.gettyimages.com" />
-	<target host="gettyimages.com.au" />
-	<target host="*.gettyimages.com.au" />
-		<exclusion pattern="^https?://www\.gettyimages\.(?:ae|at|be|ca|ch|co\.(?:jp|nz|uk)|com\.au|de|dk|es|fi|fr|i[ent]|nl|no|pt|se)/(?!cms/|CMS/|favicon\.ico|[iI]mages/|jQuery/|scripts/|style/)" />
-	<target host="secure.stage-gettyimages.*" />
-	<target host="secure.stage-gettyimages.co.*" />
+<ruleset name="Getty Images (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="secure.gettyimages.ae" />
+	<target host="www.gettyimages.ae" />
+
+	<target host="secure.gettyimages.at" />
+	<target host="www.gettyimages.at" />
+
+	<target host="secure.gettyimages.be" />
+	<target host="www.gettyimages.be" />
+
+	<target host="secure.gettyimages.ca" />
+	<target host="www.gettyimages.ca" />
+
+	<target host="secure.gettyimages.ch" />
+	<target host="www.gettyimages.ch" />
+
+	<target host="secure.gettyimages.co.jp" />
+	<target host="www.gettyimages.co.jp" />
+
+	<target host="secure.gettyimages.co.nz" />
+	<target host="www.gettyimages.co.nz" />
+
+	<target host="secure.gettyimages.co.uk" />
+	<target host="www.gettyimages.co.uk" />
+
+	<target host="api.gettyimages.com" />
+	<!--target host="assignments.gettyimages.com" /-->
+	<target host="autodiscover.gettyimages.com" />
+	<target host="citrix.gettyimages.com" />
+	<target host="connect.gettyimages.com" />
+	<!--target host="contribute.gettyimages.com" /-->
+	<target host="contributorsystems.gettyimages.com" />
+	<target host="copyrightcompliance.gettyimages.com" />
+	<target host="delivery.gettyimages.com" />
+	<target host="developer.gettyimages.com" />
+	<target host="developers.gettyimages.com" />
+	<target host="embed.gettyimages.com" />
+	<target host="embed-cdn.gettyimages.com" />
+	<target host="mail.gettyimages.com" />
+	<target host="maildr.gettyimages.com" />
+	<target host="mixer.gettyimages.com" />
+	<target host="mm.gettyimages.com" />
+	<target host="secure.gettyimages.com" />
+	<target host="spectrum.gettyimages.com" />
+	<!--target host="upload.gettyimages.com" /-->
+	<target host="www.gettyimages.com" />
+
+	<target host="secure.gettyimages.com.au" />
+	<target host="www.gettyimages.com.au" />
+
+	<target host="secure.gettyimages.de" />
+	<target host="www.gettyimages.de" />
+
+	<target host="secure.gettyimages.dk" />
+	<target host="www.gettyimages.dk" />
+
+	<target host="secure.gettyimages.es" />
+	<target host="www.gettyimages.es" />
+
+	<target host="secure.gettyimages.fi" />
+	<target host="www.gettyimages.fi" />
+
+	<target host="secure.gettyimages.fr" />
+	<target host="www.gettyimages.fr" />
+
+	<target host="secure.gettyimages.ie" />
+	<target host="www.gettyimages.ie" />
+
+	<target host="secure.gettyimages.in" />
+	<target host="www.gettyimages.in" />
+
+	<target host="secure.gettyimages.it" />
+	<target host="www.gettyimages.it" />
+
+	<target host="secure.gettyimages.nl" />
+	<target host="www.gettyimages.nl" />
+
+	<target host="secure.gettyimages.no" />
+	<target host="www.gettyimages.no" />
+
+	<target host="secure.gettyimages.pt" />
+	<target host="www.gettyimages.pt" />
+
+	<target host="secure.gettyimages.se" />
+	<target host="www.gettyimages.se" />
+
+	<target host="secure.stage-gettyimages.ae" />
+	<target host="secure.stage-gettyimages.be" />
+	<target host="secure.stage-gettyimages.ca" />
+	<target host="secure.stage-gettyimages.ch" />
+	<target host="secure.stage-gettyimages.co.nz" />
+	<target host="secure.stage-gettyimages.co.uk" />
+	<target host="secure.stage-gettyimages.com" />
 	<target host="secure.stage-gettyimages.com.au" />
+	<target host="secure.stage-gettyimages.de" />
+	<target host="secure.stage-gettyimages.es" />
+	<target host="secure.stage-gettyimages.ie" />
+	<target host="secure.stage-gettyimages.in" />
+	<target host="secure.stage-gettyimages.it" />
+	<target host="secure.stage-gettyimages.nl" />
+	<target host="secure.stage-gettyimages.se" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.gettyimages\.(?:a[et]|be|c[ah]|co\.(?:jp|nz|uk)|com|com\.au|d[ek]|es|f[ir]|i[ent]|n[lo]|pt|se)/(?:$|company/privacy-policy$|contactus$|creative-images$|editorial-images$|feedback$|favicon\.ico|footage$|landing/assets/|music$|stories$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://(?:www\.)?gettyimages\.(?:a[et]|be|c[ah]|co\.(?:jp|nz|uk)|com|com\.au|d[ek]|es|f[ir]|i[ent]|n[lo]|pt|se)/(?!/*(?:[Cc][Mm][Ss]/|Fonts/|gi-resources/|[Ii]mages/|(?:cart|purchase/cart|register|sign-in)(?:$|[?/])|[Ss]tyle/|Views/\w+/Shared/images/|purchase-assets/|sign-in/assets/))" />
+
+			<!--	+ve:
+					-->
+			<!--
+			<test url="http://gettyimages.ae/Scripts/html5.js" />
+			<test url="http://gettyimages.ae/company/privacy-policy" />
+			-->
+			<test url="http://gettyimages.ae/contactus" />
+			<!--
+			<test url="http://gettyimages.ae/creative-images" />
+			<test url="http://gettyimages.ae/editorial-images" />
+			<test url="http://gettyimages.ae/favicon.ico" />
+			<test url="http://gettyimages.ae/feedback" />
+			<test url="http://gettyimages.ae/footage" />
+			<test url="http://gettyimages.ae/landing/assets/unisporkal_engine/images/getty-logo-1816218381653e0c1ea3a09df6a70b97.svg" />
+			<test url="http://gettyimages.ae/scripts/CookieAlert/CookieAlertBootStrapper.js" />
+			<test url="http://gettyimages.ae/scripts/FontTracking.js" />
+			<test url="http://gettyimages.ae/scripts/LiveChat.js" />
+			<test url="http://www.gettyimages.ae/scripts/Music/Shared.js" />
+			<test url="http://www.gettyimages.ae/scripts/Tracking/AppMeasurement.js" />
+			<test url="http://www.gettyimages.ae/scripts/Tracking/VisitorAPI.js" />
+			<test url="http://www.gettyimages.ae/scripts/core.js" />
+			<test url="http://www.gettyimages.ae/scripts/head.js" />
+			<test url="http://www.gettyimages.ae/scripts/mobile.js" />
+			<test url="http://www.gettyimages.ae/scripts/mobile/viewport_size.js" />
+			<test url="http://www.gettyimages.ae/scripts/shared-high-traffic.js" />
+			<test url="http://www.gettyimages.ae/scripts/thirdparty.js" />
+			-->
+			<test url="http://www.gettyimages.ae/music" />
+			<!--
+			<test url="http://www.gettyimages.ae/stories" />
+			-->
+
+			<test url="http://gettyimages.at/contactus" />
+			<test url="http://www.gettyimages.at/music" />
+
+			<test url="http://gettyimages.be/contactus" />
+			<test url="http://www.gettyimages.be/music" />
 
+			<test url="http://gettyimages.ca/contactus" />
+			<test url="http://www.gettyimages.ca/music" />
 
-	<securecookie host="^.+\.gettyimages\.com$" name=".+" />
+			<test url="http://gettyimages.ch/contactus" />
+			<test url="http://www.gettyimages.ch/music" />
 
+			<test url="http://gettyimages.co.jp/contactus" />
+			<test url="http://www.gettyimages.co.jp/music" />
 
-	<rule from="^https?://(?:secure\.|www\.)?(stage-)?gettyimages\.(ae|at|be|ca|ch|co\.(?:jp|nz|uk)|com\.au|de|dk|es|fi|fr|i[ent]|nl|no|pt|se)/"
-		to="https://secure.$1gettyimages.$2/" />
+			<test url="http://gettyimages.co.nz/contactus" />
+			<test url="http://www.gettyimages.co.nz/music" />
 
-	<rule from="^https?://(?:cache|delivery)\.gettyimages\.com/"
+			<test url="http://gettyimages.co.uk/contactus" />
+			<test url="http://www.gettyimages.co.uk/music" />
+
+			<test url="http://gettyimages.com/contactus" />
+			<test url="http://www.gettyimages.com/music" />
+
+			<test url="http://gettyimages.com.au/contactus" />
+			<test url="http://www.gettyimages.com.au/music" />
+
+			<test url="http://gettyimages.de/contactus" />
+			<test url="http://www.gettyimages.de/music" />
+
+			<test url="http://gettyimages.dk/contactus" />
+			<test url="http://www.gettyimages.dk/music" />
+
+			<test url="http://gettyimages.es/contactus" />
+			<test url="http://www.gettyimages.es/music" />
+
+			<test url="http://gettyimages.fi/contactus" />
+			<test url="http://www.gettyimages.fi/music" />
+
+			<test url="http://gettyimages.fr/contactus" />
+			<test url="http://www.gettyimages.fr/music" />
+
+			<test url="http://gettyimages.ie/contactus" />
+			<test url="http://www.gettyimages.ie/music" />
+
+			<test url="http://gettyimages.in/contactus" />
+			<test url="http://www.gettyimages.in/music" />
+
+			<test url="http://gettyimages.it/contactus" />
+			<test url="http://www.gettyimages.it/music" />
+
+			<test url="http://gettyimages.nl/contactus" />
+			<test url="http://www.gettyimages.nl/music" />
+
+			<test url="http://gettyimages.no/contactus" />
+			<test url="http://www.gettyimages.no/music" />
+
+			<test url="http://gettyimages.pt/contactus" />
+			<test url="http://www.gettyimages.pt/music" />
+
+			<test url="http://gettyimages.se/contactus" />
+			<test url="http://www.gettyimages.se/music" />
+
+			<!--	-ve:
+					-->
+			<test url="http://gettyimages.ae/CMS/Styles/imports/widgets/bootstrap/primary_hgroup.css" />
+			<test url="http://gettyimages.ae/Fonts/LubalinMd-eot.eot" />
+			<test url="http://gettyimages.ae/Style/Responsive.css" />
+			<test url="http://gettyimages.ae/Views/Music/Shared/images/music-cart.png" />
+			<test url="http://gettyimages.ae/cart" />
+			<test url="http://gettyimages.ae/gi-resources/css/arrows.png" />
+			<test url="http://gettyimages.ae/gi-resources/images/Editorial-Images/self_select_panel.png" />
+			<test url="http://www.gettyimages.ae/images/HomePage/GettyImagesDark.png" />
+			<test url="http://www.gettyimages.ae/purchase-assets/unisporkal_engine/images/down_arrow.png" />
+			<test url="http://www.gettyimages.ae/register" />
+			<test url="http://www.gettyimages.ae/sign-in" />
+			<test url="http://www.gettyimages.ae/sign-in/assets/unisporkal_engine/images/down_arrow.png" />
+			<test url="http://www.gettyimages.ae/style/compiled/HeaderFooter.css?v=0707" />
+
+			<test url="http://gettyimages.at/cart" />
+			<test url="http://www.gettyimages.at/sign-in" />
+
+			<test url="http://gettyimages.be/cart" />
+			<test url="http://www.gettyimages.be/sign-in" />
+
+			<test url="http://gettyimages.ca/cart" />
+			<test url="http://www.gettyimages.ca/sign-in" />
+
+			<test url="http://gettyimages.ch/cart" />
+			<test url="http://www.gettyimages.ch/sign-in" />
+
+			<test url="http://gettyimages.co.jp/cart" />
+			<test url="http://www.gettyimages.co.jp/sign-in" />
+
+			<test url="http://gettyimages.co.nz/cart" />
+			<test url="http://www.gettyimages.co.nz/sign-in" />
+
+			<test url="http://gettyimages.co.uk/cart" />
+			<test url="http://www.gettyimages.co.uk/sign-in" />
+
+			<test url="http://gettyimages.com/cart" />
+			<test url="http://www.gettyimages.com/sign-in" />
+
+			<test url="http://gettyimages.com.au/cart" />
+			<test url="http://www.gettyimages.com.au/sign-in" />
+
+			<test url="http://gettyimages.de/cart" />
+			<test url="http://www.gettyimages.de/sign-in" />
+
+			<test url="http://gettyimages.es/cart" />
+			<test url="http://www.gettyimages.es/sign-in" />
+
+			<test url="http://gettyimages.nl/cart" />
+			<test url="http://www.gettyimages.nl/sign-in" />
+
+			<test url="http://gettyimages.no/cart" />
+			<test url="http://www.gettyimages.no/sign-in" />
+
+			<test url="http://gettyimages.pt/cart" />
+			<test url="http://www.gettyimages.pt/sign-in" />
+
+			<test url="http://gettyimages.se/cart" />
+			<test url="http://www.gettyimages.se/sign-in" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://developer\.gettyimages\.com/(?:$|\w\w$|contact$|docs/Home$|forum$|forum\.rss$|faq_general$|page/FAQ_content$|profile/\d+$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://developer\.gettyimages\.com/(?!/*(?:files/|(?:login|member/(?:lost|lost-username|register))(?:$|[?/])|public/))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://developer.gettyimages.com/contact" />
+			<test url="http://developer.gettyimages.com/de" />
+			<test url="http://developer.gettyimages.com/docs/Home" />
+			<test url="http://developer.gettyimages.com/forum" />
+			<test url="http://developer.gettyimages.com/forum.rss" />
+			<test url="http://developer.gettyimages.com/faq_general" />
+			<test url="http://developer.gettyimages.com/page/FAQ_content" />
+			<test url="http://developer.gettyimages.com/page/FAQ_search" />
+			<test url="http://developer.gettyimages.com/profile/1862552" />
+
+			<!--	-ve:
+					-->
+			<test url="http://developer.gettyimages.com/files/divider.png" />
+			<test url="http://developer.gettyimages.com/login" /><!--	sets cookie without Secure -->
+			<test url="http://developer.gettyimages.com/member/lost-username" />
+			<test url="http://developer.gettyimages.com/member/register" />
+			<test url="http://developer.gettyimages.com/member/lost" />
+			<test url="http://developer.gettyimages.com/public/Mashery/images/required.gif" />
+
+		<!--	Set cookie without Secure:
+							-->
+		<test url="http://api.gettyimages.com/member/register" />
+		<test url="http://embed.gettyimages.com/embed/185730400?et=&amp;SeoLinks=&amp;sig=" />
+
+		<test url="http://delivery.gettyimages.com/comp/56283680.jpg?x=x&amp;dasite=GettyImages&amp;ef=2&amp;ev=1&amp;dareq=AB27D0502010942195534B1B9E10FCFB9824E6268726A00CAC9EDBE4E6F952F6" />
+		<test url="http://embed-cdn.gettyimages.com/css/214/normalize.css" />
+
+	<!--	Complications:
+				-->
+	<target host="gettyimages.ae" />
+	<target host="gettyimages.at" />
+	<target host="gettyimages.be" />
+	<target host="gettyimages.ca" />
+	<target host="gettyimages.ch" />
+	<target host="gettyimages.co.jp" />
+	<target host="gettyimages.co.uk" />
+	<target host="gettyimages.co.nz" />
+
+	<target host="gettyimages.com" />
+	<target host="licensecompliance.gettyimages.com" />
+	<target host="remote.gettyimages.com" />
+
+	<target host="gettyimages.com.au" />
+	<target host="gettyimages.de" />
+	<target host="gettyimages.dk" />
+	<target host="gettyimages.es" />
+	<target host="gettyimages.fi" />
+	<target host="gettyimages.fr" />
+	<target host="gettyimages.ie" />
+	<target host="gettyimages.in" />
+	<target host="gettyimages.it" />
+	<target host="gettyimages.nl" />
+	<target host="gettyimages.no" />
+	<target host="gettyimages.pt" />
+	<target host="gettyimages.se" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.gettyimages\.(?:ae|at|be|ca|ch|co\.(?:jp|nz|uk)|com|com\.au|de|dk|es|fi|fr|ie|in|it|nl|no|pt|se)$" name="^(?:ASP\.NET_SessionId|auth|gig|giu|tg|uc|unisess|vis)$" /-->
+	<!--securecookie host="^(?:secure|www)\.gettyimages\.(?:ae|at|be|ca|ch|co\.(?:jp|nz|uk)|com|com\.au|de|dk|es|fi|fr|ie|in|it|nl|no|pt|se)$" name="^(?:gilp|gisi|gisp|trk|nmusicc)$" /-->
+	<!--securecookie host="^(?:api|developer)\.gettyimages\.com$" name="^MASH$" /-->
+	<!--securecookie host="^(?:assigments|mm)\.gettyimages\.com$" name="^(?:JSESSIONID$|NSC_)" /-->
+	<!--securecookie host="^contribute\.gettyimages\.com$" name="^_session_id$" /-->
+	<!--securecookie host="^copyrightcompliance\.gettyimages\.com$" name="^lang$" /-->
+	<!--securecookie host="^\.copyrightcompliance\.gettyimages\.com$" name="^lcuc$" /-->
+	<!--securecookie host="^mail\.gettyimages\.com$" name="^(?:cadata|sessionid)$" /-->
+	<!--securecookie host="^upload\.gettyimages\.com$" name="^_aip_session_id$" /-->
+
+	<securecookie host="^\." name="^(?:__qca$|_gat?$|_gat_|s_v)" />
+	<securecookie host="^(?!developer\.|www\.).+\.gettyimages\.com$" name=".+" />
+
+
+	<rule from="^http://gettyimages\.([^./]+|co\.(?:jp|nz|uk)|com\.au)/"
+		to="https://www.gettyimages.$1/" />
+
+	<rule from="^http://cache\.gettyimages\.com/"
 		to="https://delivery.gettyimages.com/" />
 
-	<rule from="^http://(api|assignments|autodiscover|callawaygolf|contribute|contributorsystems|developer|licensecompliance|mail|maildr|mixer|mm|remote|secure|upload)\.gettyimages\.com/"
-		to="https://$1.gettyimages.com/" />
+		<test url="http://cache.gettyimages.com/comp/56283659.jpg?x=x&amp;dasite=GettyImages&amp;ef=2&amp;ev=1&amp;dareq=AB27D0502010942195534B1B9E10FCFB8D2A00A18B2A4DE7AC9EDBE4E6F952F6" />
+
+	<!--	Redirect keeps path and args,
+		but not forward slash:
+					-->
+	<rule from="^http://licensecompliance\.gettyimages\.com/+"
+		to="https://copyrightcompliance.gettyimages.com/" />
+
+		<test url="http://licensecompliance.gettyimages.com/index.htm" />
+
+	<!--	Redirect keeps all:
+					-->
+	<rule from="^http://remote\.gettyimages\.com/"
+		to="https://citrix.gettyimages.com/" />
+
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Gexpro.com.xml b/src/chrome/content/rules/Gexpro.com.xml
new file mode 100644
index 000000000000..62327c26d6f2
--- /dev/null
+++ b/src/chrome/content/rules/Gexpro.com.xml
@@ -0,0 +1,17 @@
+<!--
+	Fully covered subdomains:
+
+		- (www.)?
+		- media
+
+-->
+<ruleset name="Gexpro.com">
+
+	<target host="gexpro.com" />
+	<target host="media.gexpro.com" />
+	<target host="www.gexpro.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GfK_Etilize.xml b/src/chrome/content/rules/GfK_Etilize.xml
index a6da4d6ba9e4..0f9dbdfb1de3 100644
--- a/src/chrome/content/rules/GfK_Etilize.xml
+++ b/src/chrome/content/rules/GfK_Etilize.xml
@@ -9,7 +9,6 @@
 	<target host="content.etilize.com" />
 
 
-	<rule from="^http://content\.etilize\.com/"
-		to="https://content.etilize.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Gfx.ms.xml b/src/chrome/content/rules/Gfx.ms.xml
new file mode 100644
index 000000000000..c7dc677aa9b0
--- /dev/null
+++ b/src/chrome/content/rules/Gfx.ms.xml
@@ -0,0 +1,17 @@
+<!--
+	For other Microsoft coverage, see Microsoft.xml.
+
+-->
+<ruleset name="gfx.ms">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="a.gfx.ms" />
+	<target host="auth.gfx.ms" />
+	<target host="mem.gfx.ms" />
+		<test url="http://mem.gfx.ms/meversion?partner=retailstore" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Gfycat.com.xml b/src/chrome/content/rules/Gfycat.com.xml
new file mode 100644
index 000000000000..5d88f661370a
--- /dev/null
+++ b/src/chrome/content/rules/Gfycat.com.xml
@@ -0,0 +1,29 @@
+<!--
+	Wildcard DNS and certificate.
+
+-->
+<ruleset name="Gfycat.com">
+
+	<target host="gfycat.com" />
+	<target host="*.gfycat.com" />
+
+		<!-- First level subdomains -->
+		<test url="http://www.gfycat.com/" />
+		<test url="http://assets.gfycat.com/gfycat.js" />
+		<test url="http://thumbs.gfycat.com/AgileExaltedGreyhounddog-size_restricted.gif" />
+
+		<!-- Second level subdomains -->
+		<test url="http://1.sockets.gfycat.com/" />
+
+		<!-- Tests for wildcard DNS -->
+		<test url="http://testurl1.gfycat.com/" />
+		<test url="http://testurl2.gfycat.com/" />
+		<test url="http://testurl3.gfycat.com/" />
+		<test url="http://testurl4.gfycat.com/" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ghazali.org.xml b/src/chrome/content/rules/Ghazali.org.xml
new file mode 100644
index 000000000000..4bcc7615c8f2
--- /dev/null
+++ b/src/chrome/content/rules/Ghazali.org.xml
@@ -0,0 +1,10 @@
+<!--
+	Secure Connection Failed:
+		blog.ghazali.org
+-->
+<ruleset name="Ghazali.org">
+	<target host="ghazali.org" />
+	<target host="www.ghazali.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ghidra-SRE.org.xml b/src/chrome/content/rules/Ghidra-SRE.org.xml
new file mode 100644
index 000000000000..7e13126d3943
--- /dev/null
+++ b/src/chrome/content/rules/Ghidra-SRE.org.xml
@@ -0,0 +1,9 @@
+<!--
+	For other National Security Agency coverage, see National-Security-Agency.xml
+-->
+<ruleset name="Ghidra-SRE.org">
+	<target host="ghidra-sre.org" />
+	<target host="www.ghidra-sre.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ghirardelligiftguides.com.xml b/src/chrome/content/rules/Ghirardelligiftguides.com.xml
index 160b20b248f2..7317433bdb31 100644
--- a/src/chrome/content/rules/Ghirardelligiftguides.com.xml
+++ b/src/chrome/content/rules/Ghirardelligiftguides.com.xml
@@ -1,13 +1,21 @@
-<ruleset name="ghirardelligiftguides.com">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ghirardelligiftguides.com/ => https://ghirardelligiftguides.com/: (51, "SSL: no alternative certificate subject name matches target host name 'ghirardelligiftguides.com'")
+Fetch error: http://www.ghirardelligiftguides.com/ => https://www.ghirardelligiftguides.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.ghirardelligiftguides.com'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://ghirardelligiftguides.com/ => https://ghirardelligiftguides.com/: (51, "SSL: no alternative certificate subject name matches target host name 'ghirardelligiftguides.com'")
+-->
+<ruleset name="ghirardelligiftguides.com" default_off="failed ruleset test">
 
 	<target host="ghirardelligiftguides.com" />
-	<target host="*.ghirardelligiftguides.com" />
+	<target host="www.ghirardelligiftguides.com" />
 
 
 	<securecookie host="^(?:w*\.)?ghirardelligiftguides\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?ghirardelligiftguides\.com/"
-		to="https://$1ghirardelligiftguides.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Ghisler.com.xml b/src/chrome/content/rules/Ghisler.com.xml
new file mode 100644
index 000000000000..713e6bd7d003
--- /dev/null
+++ b/src/chrome/content/rules/Ghisler.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="Ghisler.com">
+	<target host="ghisler.com" />
+	<target host="www.ghisler.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ghost.org.xml b/src/chrome/content/rules/Ghost.org.xml
new file mode 100644
index 000000000000..37d592e5f00b
--- /dev/null
+++ b/src/chrome/content/rules/Ghost.org.xml
@@ -0,0 +1,46 @@
+<!--
+	No working URL known:
+		casper.ghost.org
+		streams.ghost.org
+
+	Invalid certificate:
+		cdn.ghost.org
+		email.ghost.org
+
+	Refused:
+		desktop-updates.ghost.org
+
+-->
+<ruleset name="Ghost.org">
+
+	<target host="ghost.org" />
+	<target host="www.ghost.org" />
+	<target host="academy.ghost.org" />
+	<target host="api.ghost.org" />
+	<target host="apps.ghost.org" />
+	<target host="auth.ghost.org" />
+	<target host="blog.ghost.org" />
+	<target host="count.ghost.org" />
+	<target host="dev.ghost.org" />
+	<target host="docs.ghost.org" />
+	<target host="en.ghost.org" />
+	<target host="forum.ghost.org" />
+	<target host="gscan.ghost.org" />
+	<target host="help.ghost.org" />
+	<target host="ideas.ghost.org" />
+	<target host="marketplace.ghost.org" />
+	<target host="my.ghost.org" />
+	<target host="offline.ghost.org" />
+	<target host="shop.ghost.org" />
+	<target host="slack.ghost.org" />
+	<target host="status.ghost.org" />
+	<target host="support.ghost.org" />
+	<target host="themes.ghost.org" />
+	<target host="updates.ghost.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ghostbin.com.xml b/src/chrome/content/rules/Ghostbin.com.xml
new file mode 100644
index 000000000000..b78ea7e54e54
--- /dev/null
+++ b/src/chrome/content/rules/Ghostbin.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Ghostbin.com">
+	<target host="ghostbin.com" />
+	<target host="www.ghostbin.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ghostery.com.xml b/src/chrome/content/rules/Ghostery.com.xml
new file mode 100644
index 000000000000..bc28c36387f6
--- /dev/null
+++ b/src/chrome/content/rules/Ghostery.com.xml
@@ -0,0 +1,53 @@
+<!--
+	For other Evidon coverage, see Evidon.xml.
+
+	Non-functional hosts
+		Couldn't connect to server:
+			 - em.ghostery.com
+
+		SSL peer certificate was not OK:
+			 - c.ghostery.com
+			 - info.ghostery.com
+
+		4xx client error:
+			 - apps.ghostery.com
+			 - ba-cdn.ghostery.com
+			 - d.ghostery.com
+			 - logo.ghostery.com
+			 - safe-browsing-quorum.ghostery.com
+			 - staging.ghostery.com
+			 - staging-d.ghostery.com
+
+		5xx server error:
+			 - oldstage.ghostery.com
+
+		Mixed content blocking (MCB) triggered:
+			 - account.ghostery.com
+			 - signon.ghostery.com
+-->
+<ruleset name="Ghostery.com">
+	<target host="ghostery.com" />
+	<target host="www.ghostery.com" />
+	<target host="cdn.ghostery.com" />
+	<target host="cmp-cdn.ghostery.com" />
+		<test url="http://cmp-cdn.ghostery.com/link?id=501" />
+	<target host="consumerapi.ghostery.com" />
+	<target host="docs.ghostery.com" />
+	<target host="extension.ghostery.com" />
+	<target host="gcache.ghostery.com" />
+		<test url="http://gcache.ghostery.com/it/apps/facebook_connect" />
+	<target host="ghostery-collector.ghostery.com" />
+	<target host="ghostery-sign.ghostery.com" />
+	<target host="l.ghostery.com" />
+	<target host="marketing.ghostery.com" />
+	<target host="mcm.ghostery.com" />
+	<target host="privacy.ghostery.com" />
+	<target host="roi.ghostery.com" />
+	<target host="safe-browsing.ghostery.com" />
+	<target host="trackermap.ghostery.com" />
+	<target host="trackermapapi.ghostery.com" />
+	<target host="trackermaplive.ghostery.com" />
+	<target host="trackermapwebapi.ghostery.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ghostery.xml b/src/chrome/content/rules/Ghostery.xml
deleted file mode 100644
index 1058cc2f2e18..000000000000
--- a/src/chrome/content/rules/Ghostery.xml
+++ /dev/null
@@ -1,30 +0,0 @@
-<!--
-	Fully covered subdomains:
-
-		- purplebox
-
-
-	Mixed content:
-
-		- Images:
-
-			- on purplebox from purplebox *
-			- on purplebox from cdn.memegenerator.net **
-
-	* Secured by us, doesn't trip MCB anyway
-	** Unsecurable, doesn't trip MCB anyway
-
--->
-<ruleset name="Ghostery">
-
-	<target host="ghostery.com" />
-	<target host="*.ghostery.com" />
-
-
-	<rule from="^http://(?:www\.)?ghostery\.com/"
-		to="https://www.ghostery.com/" />
-
-	<rule from="^http://purplebox\.ghostery\.com/"
-		to="https://purplebox.ghostery.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Ghostery_Enterprise.com.xml b/src/chrome/content/rules/Ghostery_Enterprise.com.xml
new file mode 100644
index 000000000000..e6ce46e4f82d
--- /dev/null
+++ b/src/chrome/content/rules/Ghostery_Enterprise.com.xml
@@ -0,0 +1,38 @@
+<!--
+	For other Evidon coverage, see Evidon.xml.
+
+	Non-functional hosts
+		Timeout was reached:
+			 - choices.ghosteryenterprise.com
+
+		SSL peer certificate was not OK:
+			 - ghosteryenterprise.com
+			 - www.ghosteryenterprise.com
+			 - livescan.ghosteryenterprise.com
+
+		Peer certificate cannot be authenticated with given CA certificates:
+			 - cdn.ghosteryenterprise.com
+			 - help.ghosteryenterprise.com
+			 - my-cdn.ghosteryenterprise.com
+			 - site-cdn.ghosteryenterprise.com
+			 - site-cdn1.ghosteryenterprise.com
+			 - site-cdn10.ghosteryenterprise.com
+			 - site-cdn2.ghosteryenterprise.com
+			 - site-cdn3.ghosteryenterprise.com
+			 - site-cdn4.ghosteryenterprise.com
+			 - site-cdn5.ghosteryenterprise.com
+			 - site-cdn6.ghosteryenterprise.com
+			 - site-cdn7.ghosteryenterprise.com
+			 - site-cdn8.ghosteryenterprise.com
+			 - site-cdn9.ghosteryenterprise.com
+
+
+-->
+<ruleset name="Ghostery Enterprise.com">
+	<target host="app.ghosteryenterprise.com" />
+	<target host="my.ghosteryenterprise.com" />
+	<target host="staging2my.ghosteryenterprise.com" />
+	<target host="trackermapibm.ghosteryenterprise.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ghostnote_app.com.xml b/src/chrome/content/rules/Ghostnote_app.com.xml
new file mode 100644
index 000000000000..4fdd9021dedb
--- /dev/null
+++ b/src/chrome/content/rules/Ghostnote_app.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="Ghostnote app.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ghostnoteapp.com" />
+	<target host="www.ghostnoteapp.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ghostscript.com.xml b/src/chrome/content/rules/Ghostscript.com.xml
new file mode 100644
index 000000000000..1ff039f1a1e1
--- /dev/null
+++ b/src/chrome/content/rules/Ghostscript.com.xml
@@ -0,0 +1,14 @@
+<!--
+	Expired/Mismatch:
+		- downloads.ghostscript.com
+		- svn.ghostscript.com
+-->
+<ruleset name="Ghostscript.com">
+	<target host="ghostscript.com" />
+	<target host="www.ghostscript.com" />
+	<target host="bugs.ghostscript.com" />
+	<target host="git.ghostscript.com" />
+	<target host="twiki.ghostscript.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ghowen.me.xml b/src/chrome/content/rules/Ghowen.me.xml
new file mode 100644
index 000000000000..1f0d139abb19
--- /dev/null
+++ b/src/chrome/content/rules/Ghowen.me.xml
@@ -0,0 +1,18 @@
+<!--
+	Mixed content:
+
+		- Bug from www.w3.org
+
+-->
+<ruleset name="ghowen.me">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ghowen.me" />
+	<target host="www.ghowen.me" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GiBlod.xml b/src/chrome/content/rules/GiBlod.xml
index 0c9c87337b1f..f82131d1a9a0 100644
--- a/src/chrome/content/rules/GiBlod.xml
+++ b/src/chrome/content/rules/GiBlod.xml
@@ -2,5 +2,5 @@
   <target host="www.giblod.no" />
   <target host="giblod.no" />
 
-  <rule from="^http://(?:www\.)?giblod\.no/" to="https://www.giblod.no/"/>
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/GiNaC.de.xml b/src/chrome/content/rules/GiNaC.de.xml
index aca1fa0adbc4..2ba9e3efe464 100644
--- a/src/chrome/content/rules/GiNaC.de.xml
+++ b/src/chrome/content/rules/GiNaC.de.xml
@@ -1,13 +1,11 @@
 <!--
-	^ginac.de doesn't exist.
-
+	GiNaC.de: GiNaC is Not a CAS
 -->
-<ruleset name="GiNaC.de" default_off="self-signed">
-
+<ruleset name="GiNaC.de">
+	<target host="ginac.de" />
 	<target host="www.ginac.de" />
 
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://www\.ginac\.de/"
-		to="https://www.ginac.de/" />
-
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Giant_Bomb.com.xml b/src/chrome/content/rules/Giant_Bomb.com.xml
new file mode 100644
index 000000000000..d4bd8acb7910
--- /dev/null
+++ b/src/chrome/content/rules/Giant_Bomb.com.xml
@@ -0,0 +1,15 @@
+<!--
+	For other CBS coverage, see CBS.xml.
+-->
+<ruleset name="Giant Bomb.com (partial)">
+
+	<target host="giantbomb.com" />
+	<target host="www.giantbomb.com" />
+	<target host="auth.giantbomb.com" />
+	<target host="store.giantbomb.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Giardini.biz.xml b/src/chrome/content/rules/Giardini.biz.xml
new file mode 100644
index 000000000000..52b4adcb1573
--- /dev/null
+++ b/src/chrome/content/rules/Giardini.biz.xml
@@ -0,0 +1,11 @@
+<!--
+	Refused:
+		css.giardini.biz
+		js.giardini.biz
+		old.giardini.biz
+-->
+<ruleset name="giardini.biz">
+	<target host="www.giardini.biz" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Gibraltar.gov.gi.xml b/src/chrome/content/rules/Gibraltar.gov.gi.xml
new file mode 100644
index 000000000000..1ba60a25c69d
--- /dev/null
+++ b/src/chrome/content/rules/Gibraltar.gov.gi.xml
@@ -0,0 +1,31 @@
+<!--
+	Problematic hosts in *gibraltar.gov.gi:
+
+		- ^ *
+
+	Mismatched
+
+
+	Fully covered hosts in *gibraltar.gov.gi:
+
+		- (www.)?	(^ → www)
+
+-->
+<ruleset name="Gibraltar.gov.gi">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.gibraltar.gov.gi" />
+
+	<!--	Complications:
+				-->
+	<target host="gibraltar.gov.gi" />
+
+
+	<rule from="^http://gibraltar\.gov\.gi/"
+		to="https://www.gibraltar.gov.gi/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GifBook.io.xml b/src/chrome/content/rules/GifBook.io.xml
new file mode 100644
index 000000000000..fb6985c1f079
--- /dev/null
+++ b/src/chrome/content/rules/GifBook.io.xml
@@ -0,0 +1,25 @@
+<!--
+	For other levels.io coverage, see Levels.io.xml.
+
+
+	www.gifbook.io: Redirects to http$
+
+-->
+<ruleset name="GifBook.io">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="gifbook.io" />
+
+	<!--	Complications:
+				-->
+	<target host="www.gifbook.io" />
+
+
+	<rule from="^http://www\.gifbook\.io/"
+		to="https://gifbook.io/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Gif_Gratis.net.xml b/src/chrome/content/rules/Gif_Gratis.net.xml
new file mode 100644
index 000000000000..fa4e6f25c991
--- /dev/null
+++ b/src/chrome/content/rules/Gif_Gratis.net.xml
@@ -0,0 +1,21 @@
+<!--
+	CN: Parallels Panel
+
+
+	Mixed content:
+
+		- Images from www *
+
+	* Secured by us
+
+-->
+<ruleset name="Gif Gratis.net" default_off="expired, self-signed">
+
+	<target host="gifgratis.net" />
+	<target host="www.gifgratis.net" />
+
+
+	<rule from="^http://(?:www\.)?gifgratis\.net/"
+		to="https://www.gifgratis.net/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Gifsauce.xml b/src/chrome/content/rules/Gifsauce.xml
deleted file mode 100644
index 83daaf234f44..000000000000
--- a/src/chrome/content/rules/Gifsauce.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="Gifsauce" default_off="Certificate mismatch">
-
-  <target host="gifsauce.us" />
-  <target host="www.gifsauce.us" />
-
-  <rule from="^http://(www\.)?gifsauce\.us/"
-          to="https://gifsauce.us/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/GiftTool.com.xml b/src/chrome/content/rules/GiftTool.com.xml
new file mode 100644
index 000000000000..e15f195a9ed5
--- /dev/null
+++ b/src/chrome/content/rules/GiftTool.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="GiftTool.com">
+
+	<target host="gifttool.com" />
+	<target host="www.gifttool.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GiftedandTalented.com.xml b/src/chrome/content/rules/GiftedandTalented.com.xml
new file mode 100644
index 000000000000..5b8c7ba39e1c
--- /dev/null
+++ b/src/chrome/content/rules/GiftedandTalented.com.xml
@@ -0,0 +1,33 @@
+<!--
+	Nonfunctional hosts in *giftedandtalented.com:
+
+		- support *
+
+	* Zendesk
+
+
+	Insecure cookies are set for these hosts:
+
+		- giftedandtalented.com
+		- www.giftedandtalented.com
+
+-->
+<ruleset name="GiftedandTalented.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="giftedandtalented.com" />
+	<target host="www.giftedandtalented.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?giftedandtalented\.com$" name="^AWSELB$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Gifyo.xml b/src/chrome/content/rules/Gifyo.xml
deleted file mode 100644
index 8a81f1a8d25c..000000000000
--- a/src/chrome/content/rules/Gifyo.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- stream[23]	(times out)
-
-	stream\d only hosts gifs, which shouldn't
-	be a problem for Chrome at the moment.
-
--->
-<ruleset name="gifyo (partial)">
-
-	<target host="gifyo.com" />
-	<target host="www.gifyo.com" />
-
-
-	<securecookie host="^(?:www\.)?gifyo\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?gifyo\.com/"
-		to="https://$1gifyo.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/GigaOM.xml b/src/chrome/content/rules/GigaOM.xml
index 8cef539f3957..ed1757145644 100644
--- a/src/chrome/content/rules/GigaOM.xml
+++ b/src/chrome/content/rules/GigaOM.xml
@@ -1,24 +1,97 @@
 <!--
-	about & event.gigaom.com are handled in WordPress-blogs.xml.
+	For other Knowingly Inc. coverage, see knowingly.com.xml.
 
 
-	Nonfunctional subdomains:
+	CDN buckets:
 
-		- ^	(301s to http)
+		- gigaom-pro-files.s3.amazonaws.com
+
+
+	Nonfunctional hosts in *gigaom.com:
+
+		- event ʳ
+		- events ᵖ
+
+	ᵖ Plaintext reply
+	ʳ Refused
+
+
+	Problematic hosts in *gigaom.com:
+
+		- jobs ᵐ
+		- support ʰ
+		- techjobs ³
+
+	³ 403
+	ʰ Zendesk / redirects to http
+	ᵐ Mismatched, CN: www.jobthread.com
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- gigaom.com
+		- .gigaom.com
+		- about.gigaom.com
+		- accounts.gigaom.com
+		- research.gigaom.com
+		- www.gigaom.com
+
+
+	Mixed content:
+
+		- css on jobs from www.gigaom.com ˢ
+		- Web bugs on ^, jobs from b.scorecardresearch.com ˢ
+
+	ˢ Secured by us
 
 -->
-<ruleset name="GigaOM (partial)">
+<ruleset name="GigaOM.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="gigaom.com" />
+	<target host="about.gigaom.com" />
+	<target host="accounts.gigaom.com" />
+	<target host="research.gigaom.com" />
+	<target host="www.gigaom.com" />
+
+	<!--	Complications:
+				-->
+	<target host="jobs.gigaom.com" />
+
+		<!--	Formerly redirected to http:
+							-->
+		<test url="http://research.gigaom.com/analysts" />
+		<test url="http://research.gigaom.com/topic/buyers-lens" />
+		<test url="http://research.gigaom.com/webinars" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:(?:about|accounts|research|www)\.)?gigaom\.com$" name="^X-Mapping-" /-->
+
+	<securecookie host="^\." name="^_(?:_qca|gat?)$" />
+	<securecookie host="^(?!jobs\.)\w" name=".+" />
 
-	<target host="*.gigaom.com" />
 
+	<rule from="^http://jobs\.gigaom\.com/"
+		to="https://www.jobthread.com/" />
 
-	<securecookie host="^pro\.gigaom\.com$" name=".*" />
+		<exclusion pattern="^http://jobs\.gigaom\.com/+(?!files/|images/|partners/)" />
 
+			<!--	+ve:
+					-->
+			<test url="http://jobs.gigaom.com/jt/syndication/feeds.php" />
+			<test url="http://jobs.gigaom.com/post" />
+			<test url="http://jobs.gigaom.com/search" />
+			<test url="http://jobs.gigaom.com/search?" />
 
-	<rule from="^https?://jobs\.gigaom\.com/(image|file|partner)s/"
-		to="https://www.jobthread.com/$1s/" />
+			<!--	-ve:
+					-->
+			<test url="http://jobs.gigaom.com/files/post_job_images/4117872/4117872.png" />
+			<test url="http://jobs.gigaom.com/partners/jobthread/css/shared.css" />
 
-	<rule from="^http://pro\.gigaom\.com/"
-		to="https://pro.gigaom.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/GigaSize.xml b/src/chrome/content/rules/GigaSize.xml
index 560aaa5157d0..d0ee5fc39fe2 100644
--- a/src/chrome/content/rules/GigaSize.xml
+++ b/src/chrome/content/rules/GigaSize.xml
@@ -1,11 +1,17 @@
-<ruleset name="GigaSize (partial)" platform="mixedcontent">
 
-	<target host="gigasize.com"/>
-	<target host="*.gigasize.com"/>
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://gigasize.com/ => https://gigasize.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.gigasize.com/ => https://www.gigasize.com/: (60, 'SSL certificate problem: certificate has expired')
 
-	<securecookie host="^(.*\.)?gigasize\.com$" name=".*"/>
+-->
+<ruleset name="GigaSize (partial)" platform="mixedcontent" default_off="failed ruleset test">
 
-	<rule from="^http://(www\.)?gigasize\.com/"
-		to="https://$1gigasize.com/"/>
+	<target host="gigasize.com" />
+	<target host="www.gigasize.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Gigabyte.cn.xml b/src/chrome/content/rules/Gigabyte.cn.xml
new file mode 100644
index 000000000000..29b38f11243c
--- /dev/null
+++ b/src/chrome/content/rules/Gigabyte.cn.xml
@@ -0,0 +1,21 @@
+<!--
+	Top-level domain does not exist.
+
+	Invalid certificate:
+		- m
+		- fans
+
+	Mismatched:
+		- b2b
+		- download
+		- cnbpm
+
+	Timeout:
+		- jidian
+-->
+<ruleset name="Gigabyte.cn">
+	<target host="www.gigabyte.cn" />
+	<target host="eip.nb.gigabyte.cn" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Gigabyte.com.xml b/src/chrome/content/rules/Gigabyte.com.xml
new file mode 100644
index 000000000000..e49ca311805f
--- /dev/null
+++ b/src/chrome/content/rules/Gigabyte.com.xml
@@ -0,0 +1,153 @@
+<!--
+	NXDOMAIN: ^
+
+	Timeout:
+		- vga.cn
+		- gcenter
+		- gmx1
+		- grmapart
+		- log
+		- global.manage
+		- mbuws
+		- msoa3-cki
+		- mb.srm
+		- mb.srm
+		- peripheral.srm
+		- b2b.test
+		- cn.test
+		- fr.test
+		- global.test
+		- tw.test
+		- us.test
+		- vn.test
+		- websys
+
+	Mismatched:
+		- ar
+		- arabic
+		- au
+		- bd
+		- be
+		- br
+		- test.bsy
+		- ca
+		- cl
+		- cz
+		- de
+		- mb.download
+		- arabic.english
+		- manage.esupport
+		- faq
+		- manage.faq
+		- fr
+		- gamescom
+		- global
+		- gr.global
+		- hu.global
+		- pt.global
+		- ua.global
+		- grma
+		- id
+		- il
+		- in
+		- ir
+		- jp
+		- kr
+		- latam
+		- ldap
+		- lu
+		- md
+		- mx
+		- ni
+		- nl
+		- persian
+		- pl
+		- pop3
+		- ro
+		- ru
+		- se
+		- smtp
+		- th
+		- tr
+		- uk
+		- us
+		- uy
+		- vn
+		- za
+
+	Incomplete certificate chain:
+		- admin
+		- test.global
+		- m
+		- public
+		- public4
+		- tw
+
+	Refused:
+		- az
+		- ba
+		- bg
+		- cy
+		- dreamhack
+		- edi-test
+		- ee
+		- es
+		- ge
+		- gr
+		- gsq
+		- hu
+		- it
+		- kg
+		- me
+		- sk
+		- ua
+		- yu
+
+	SSL protocol error:
+		- forum.b2b
+		- partner.br
+
+	Connection reset:
+		- battlefield
+		- businesscenter.ca
+		- b2b.inside-test
+		- club
+		- member
+		- ud9
+		- usb3
+
+	Expired:
+		- computex
+		- smartchat
+
+	HTTP != HTTPS:
+		- ggts
+
+	Network is unreachable:
+		- forum.latam
+-->
+<ruleset name="Gigabyte.com">
+	<target host="www.gigabyte.com" />
+	<target host="autodiscover.gigabyte.com" />
+	<target host="b2b.gigabyte.com" />
+	<target host="reseller.b2b.gigabyte.com" />
+	<target host="csr.gigabyte.com" />
+	<target host="download.gigabyte.com" />
+	<target host="download1.gigabyte.com" />
+	<target host="e-service.gigabyte.com" />
+	<target host="eip.gigabyte.com" />
+	<target host="esupport.gigabyte.com" />
+	<target host="event.gigabyte.com" />
+	<target host="ggcs.gigabyte.com" />
+	<target host="ibpm.gigabyte.com" />
+	<target host="event.latam.gigabyte.com" />
+	<target host="marketing.gigabyte.com" />
+	<target host="passport.gigabyte.com" />
+	<target host="reseller.gigabyte.com" />
+	<target host="static.gigabyte.com" />
+	<target host="store.gigabyte.com" />
+	<target host="partner.uk.gigabyte.com" />
+	<target host="webmail.gigabyte.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Gigabyte.us.xml b/src/chrome/content/rules/Gigabyte.us.xml
new file mode 100644
index 000000000000..01da3ca162f1
--- /dev/null
+++ b/src/chrome/content/rules/Gigabyte.us.xml
@@ -0,0 +1,28 @@
+<!--
+	Mismatched:
+		- ^
+		- www
+		- forum
+		- battlefield
+
+	Self-signed:
+		- m
+
+	No certificates sent:
+		- event
+		- reseller
+		- businesscenter
+		- rebate
+		- brix
+		- rma
+-->
+<ruleset name="Gigabyte.us (partial)">
+	<target host="store.gigabyte.us" />
+	<target host="download.gigabyte.us" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+	<test url="http://download.gigabyte.us/FileList/BIOS/mb_bios_z390-aorus-pro-wifi_f9a.zip" />
+</ruleset>
diff --git a/src/chrome/content/rules/Gigaclear.com.xml b/src/chrome/content/rules/Gigaclear.com.xml
index ec15e9dc18b9..51808cd487d0 100644
--- a/src/chrome/content/rules/Gigaclear.com.xml
+++ b/src/chrome/content/rules/Gigaclear.com.xml
@@ -1,7 +1,5 @@
 <!--
-	Nonfunctional subdomains:
-
-		- (www.)	(refused)
+	(www.)?gigaclear.com: Refused
 
 -->
 <ruleset name="Gigaclear.com (partial)">
@@ -9,10 +7,10 @@
 	<target host="portal.gigaclear.com" />
 
 
-	<securecookie host="^portal\.gigaclear\.com$" name=".+" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^http://portal\.gigaclear\.com/"
-		to="https://portal.gigaclear.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Gigafreak.net.xml b/src/chrome/content/rules/Gigafreak.net.xml
new file mode 100644
index 000000000000..f0b63addbfd9
--- /dev/null
+++ b/src/chrome/content/rules/Gigafreak.net.xml
@@ -0,0 +1,12 @@
+<ruleset name="gigafreak.net">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="gigafreak.net" />
+	<target host="www.gigafreak.net" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Gigahost.dk.xml b/src/chrome/content/rules/Gigahost.dk.xml
deleted file mode 100644
index b5050461e0b9..000000000000
--- a/src/chrome/content/rules/Gigahost.dk.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!-- This rule was automatically generated based on an HSTS
-     preload rule in the Chromium browser.  See
-     https://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.h
-     for the list of preloads.  Sites are added to the Chromium HSTS
-     preload list on request from their administrators, so HTTPS should
-     work properly everywhere on this site.
-
-     Because Chromium and derived browsers automatically force HTTPS for
-     every access to this site, this rule applies only to Firefox. -->
-<ruleset name="Gigahost.dk" platform="firefox">
-<target host="webmail.gigahost.dk" />
-<target host="pay.gigahost.dk" />
-<target host="controlcenter.gigahost.dk" />
-
-<securecookie host="^webmail\.gigahost\.dk$" name=".+" />
-<securecookie host="^pay\.gigahost\.dk$" name=".+" />
-<securecookie host="^controlcenter\.gigahost\.dk$" name=".+" />
-
-<rule from="^http://webmail\.gigahost\.dk/" to="https://webmail.gigahost.dk/" />
-<rule from="^http://pay\.gigahost\.dk/" to="https://pay.gigahost.dk/" />
-<rule from="^http://controlcenter\.gigahost\.dk/" to="https://controlcenter.gigahost.dk/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Gigamon.com.xml b/src/chrome/content/rules/Gigamon.com.xml
new file mode 100644
index 000000000000..a2a343c1e435
--- /dev/null
+++ b/src/chrome/content/rules/Gigamon.com.xml
@@ -0,0 +1,20 @@
+<!--
+	Problematic hosts in *gigamon.com:
+
+		- investor *
+
+	* corporate-ir.net
+
+-->
+<ruleset name="Gigamon.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="gigamon.com" />
+	<target host="www.gigamon.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Gigantic_Tickets.xml b/src/chrome/content/rules/Gigantic_Tickets.xml
index e5d85636367a..1361d49ab14b 100644
--- a/src/chrome/content/rules/Gigantic_Tickets.xml
+++ b/src/chrome/content/rules/Gigantic_Tickets.xml
@@ -1,19 +1,26 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ynot.gigantic.com/ => https://ynot.gigantic.com/: Too many redirects while fetching 'https://ynot.gigantic.com/'
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://gigantic.com/ => https://gigantic.com/: Redirect for 'http://gigantic.com/' missing Location
 	Nonfunctional subdomains:
 
 		- dashboard	(shows default CentOS page)
 
 -->
-<ruleset name="Gigantic Tickets (partial)">
+<ruleset name="Gigantic Tickets (partial)" default_off="failed ruleset test">
 
 	<target host="gigantic.com" />
-	<target host="*.gigantic.com" />
+	<target host="cdn.gigantic.com" />
+	<target host="ynot.gigantic.com" />
+	<target host="www.gigantic.com" />
 
 
-	<securecookie host="^(?:.+\.)?gigantic\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(cdn\.|ynot\.|www\.)?gigantic\.com/"
-		to="https://$1gigantic.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Gigantti.fi.xml b/src/chrome/content/rules/Gigantti.fi.xml
new file mode 100644
index 000000000000..3ed007d334b3
--- /dev/null
+++ b/src/chrome/content/rules/Gigantti.fi.xml
@@ -0,0 +1,7 @@
+<ruleset name="Gigantti.fi">
+  <target host="www.gigantti.fi" />
+
+  <securecookie host="^www\.gigantti\.fi$" name=".+" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Gigaone.pl.xml b/src/chrome/content/rules/Gigaone.pl.xml
new file mode 100644
index 000000000000..96190b816e63
--- /dev/null
+++ b/src/chrome/content/rules/Gigaone.pl.xml
@@ -0,0 +1,6 @@
+<ruleset name="gigaone.pl">
+  <target host="gigaone.pl" />
+  <target host="www.gigaone.pl" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Gigaserver.xml b/src/chrome/content/rules/Gigaserver.xml
index 1c8b14808a55..63c78a4e2f1f 100644
--- a/src/chrome/content/rules/Gigaserver.xml
+++ b/src/chrome/content/rules/Gigaserver.xml
@@ -13,12 +13,11 @@
 	<target host="*.gigaserver.cz" />
 		<!--	Self-signed, handled in
 			Seonet-Multimedia.xml	-->
-		<exclusion pattern="^http://(blog|kb)\." />
+		<exclusion pattern="^http://(?:blog|kb)\." />
 	<!--	* for cross-subdomain cookie.	-->
-	<target host="*.www.gigaserver.cz" />
 
 
-	<securecookie host="^(.*\.)?gigaserver\.cz$" name=".*" />
+	<securecookie host=".+" name=".+" />
 
 
 	<!--	Observed subdomains:
diff --git a/src/chrome/content/rules/GigeNET.com.xml b/src/chrome/content/rules/GigeNET.com.xml
new file mode 100644
index 000000000000..91ceb557ebd5
--- /dev/null
+++ b/src/chrome/content/rules/GigeNET.com.xml
@@ -0,0 +1,43 @@
+<!--
+	Other GigeNET rulesets:
+
+		- GigeNET_Cloud.com.xml
+		- The_G_Cloud.com.xml
+
+
+	Nonfunctional domains:
+
+		- (www.)ddosprotection.com	(refused)
+
+
+	Mixed content:
+
+		- css on www from fonts.googleapis.com
+
+		- Images on www from (www.) *
+
+		- Web bugs, on www from:
+
+			- www.facebook.com *
+			- maps.google.com *
+
+	* Secured by us
+
+-->
+<ruleset name="GigeNET.com">
+
+	<target host="gigenet.com" />
+	<target host="manage.gigenet.com" />
+	<target host="www.gigenet.com" />
+
+
+	<!--	Tracking cookies:
+					-->
+	<!--securecookie host="^\.gigenet\.com$" name="^_(_ar_v4|te_|_utm\w+)$" /-->
+	<securecookie host="^\.gigenet\.com$" name=".+" />
+	<securecookie host="^manage\.gigenet\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GigeNET_Cloud.com.xml b/src/chrome/content/rules/GigeNET_Cloud.com.xml
new file mode 100644
index 000000000000..bb419e911316
--- /dev/null
+++ b/src/chrome/content/rules/GigeNET_Cloud.com.xml
@@ -0,0 +1,40 @@
+<!--
+	For other GigeNET coverage, see GigeNET.com.xml.
+
+
+	Problematic domains:
+
+		- gigenetcloud.gigenet.net	(mismatched, CN: *.gigenetcloud.com)
+
+
+	Fully covered domains:
+
+		- gigenetcloud.gigenet.net	(→ gigenetcloud.com)
+		- (www.)gigenetcloud.com
+		- orders.gigenetcloud.com
+
+
+	Mixed content:
+
+		- Images on (www.) from gigenetcloud.gigenet.net *
+
+	* Secured by us
+
+-->
+<ruleset name="GigeNET Cloud.com">
+
+	<target host="gigenetcloud.gigenet.net" />
+	<target host="gigenetcloud.com" />
+	<target host="www.gigenetcloud.com" />
+
+
+	<securecookie host="^orders\.gigenetcloud\.com$" name=".+" />
+
+
+	<rule from="^http://gigenetcloud\.gigenet\.net/"
+		to="https://gigenetcloud.com/" />
+
+	<rule from="^http://(orders\.|www\.)?gigenetcloud\.com/"
+		to="https://$1gigenetcloud.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Gigster.com.xml b/src/chrome/content/rules/Gigster.com.xml
new file mode 100644
index 000000000000..57c7e1f107ba
--- /dev/null
+++ b/src/chrome/content/rules/Gigster.com.xml
@@ -0,0 +1,16 @@
+<ruleset name="Gigster.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="gigster.com" />
+	<target host="app.gigster.com" />
+	<target host="www.gigster.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Gigya.xml b/src/chrome/content/rules/Gigya.xml
index 8af43f5fe9de..4e3a156ab244 100644
--- a/src/chrome/content/rules/Gigya.xml
+++ b/src/chrome/content/rules/Gigya.xml
@@ -1,4 +1,17 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://info.gigya.com/rs/gigya/images/PeopleUsingDevices.jpg (200) => https://na-sjf.marketo.com/rs/gigya/images/PeopleUsingDevices.jpg (403)
+Fetch error: http://staging.blog.gigya.com/ => https://staging.blog.gigya.com/: (51, "SSL: no alternative certificate subject name matches target host name 'staging.blog.gigya.com'")
+Fetch error: http://counters.gigya.com/ => https://counters.gigya.com/: (6, 'Could not resolve host: counters.gigya.com')
+Fetch error: http://staging.www.gigya.com/ => https://staging.www.gigya.com/: (51, "SSL: no alternative certificate subject name matches target host name 'staging.www.gigya.com'")
+Fetch error: http://uploads.www.gigya.com/ => https://uploads.www.gigya.com/: (51, "SSL: no alternative certificate subject name matches target host name 'uploads.www.gigya.com'")
+
+	Other Gigya rulesets:
+
+		- Fw.to.xml
+
+
 	CDN buckets:
 
 		- cdns.gigya.com.edgekey.net
@@ -7,30 +20,143 @@
 
 	Nonfunctional subdomains:
 
-		- blog
+		- demo ¹
 		- developers	(at least some pages & files redirect to http, CN: *.mindtouch.us)
 		- info		(/ redirects to app-f.marketo.com, other paths 404; CN: *.marketo.com)
 
+	¹ Shows blog
+
+
+	Problematic hosts:
+
+		- ^ ¹
+		- blog ²
+
+	¹ Expired
+	² Mixed css
+
 
 	Problematic subdomains:
 
 		- cdn	(akamai)
 
+
+	Fully covered hosts:
+
+		- (www.)?	(^ → www)
+		- staging.blog
+		- cdn		(→ cdns.gigya.com)
+		- cdns
+		- console
+		- counters
+		- origin
+		- platform
+		- staging.www
+		- uploads.www
+
+
+	Insecure cookies are set for these hosts:
+
+		- staging.blog.gigya.com
+
+
+	Mixed content:
+
+		- css, on:
+
+			- blog from $self *
+			- blog, staging.blog from fonts.googleapis.com *
+
+		- Images, on:
+
+			- blog from $self *
+			- blog, staging.blog from info.gigya.com *
+			- blog, staging.blog from uploads.www.gigya.com *
+
+	* Secured by us
+
 -->
-<ruleset name="Gigya (partial)" platform="mixedcontent">
+<ruleset name="Gigya.com (partial)" default_off="failed ruleset test">
 
+	<!--	Direct rewrites:
+				-->
+	<target host="blog.gigya.com" />
+	<target host="staging.blog.gigya.com" />
+	<target host="cdns.gigya.com" />
+	<target host="console.gigya.com" />
+	<target host="counters.gigya.com" />
+	<target host="origin.gigya.com" />
+	<target host="platform.gigya.com" />
+	<target host="www.gigya.com" />
+	<target host="staging.www.gigya.com" />
+	<target host="uploads.www.gigya.com" />
+
+	<!--	Complications:
+				-->
 	<target host="gigya.com" />
-	<target host="*.gigya.com" />
-		<exclusion pattern="^http://(?:www\.)?gigya\.com/(?:careers/|company/?|contact-us/|media-coverage/|press-room/|privacy-board/|social-media-resources/)$" />
+	<target host="cdn.gigya.com" />
+	<target host="info.gigya.com" />
+
+		<!--	Avoid broken MCB:
+					-->
+		<exclusion pattern="^http://blog\.gigya\.com/+(?!wp-content/)" />
+
+			<test url="http://blog.gigya.com/customer-spotlight-hbr/" />
+			<test url="http://blog.gigya.com/sxswi-2015-recap-highlights-from-the-gigya-grill/" />
+			<test url="http://blog.gigya.com/the-4-levels-of-customer-understanding/" />
+
+			<!--	-ve:
+					-->
+			<test url="http://blog.gigya.com/wp-content/plugins/gigya-socialize-for-wordpress/features/share/gigya_share.css" />
 
+		<exclusion pattern="^http://info\.gigya\.com/+(?!$|\?|css/|images/|rs/)" />
 
-	<rule from="^http://((?:counters|origin|www)\.)?gigya\.com/"
-		to="https://$1gigya.com/" />
+			<!--	+ve:
+					-->
+			<test url="http://info.gigya.com/GigyaVideoOverviewForm.html" />
+			<test url="http://info.gigya.com/Identity.html" />
+			<test url="http://info.gigya.com/LIIdentity.html" />
+			<test url="http://info.gigya.com/Marketers-eCourse.html" />
+			<test url="http://info.gigya.com/guide-to-social-infrastructure.html" />
+			<test url="http://info.gigya.com/stop-using-the-wrong-data-guide.html" />
+			<test url="http://info.gigya.com/sxsw" />
+			<test url="http://blog.gigya.com/the-landscape-of-social-login-sharing-consumers-want-choice/" />
+			<test url="http://info.gigya.com/winning-with-gamification.html" />
 
-	<rule from="^https://(www\.)?gigya\.com/(careers/|company/?|contact-us/|media-coverage/|press-room/|privacy-board/|social-media-resources/)$"
-		to="http://$1gigya.com/$2" downgrade="1" />
+			<!--	-ve:
+					-->
+			<test url="http://info.gigya.com/rs/gigya/images/PeopleUsingDevices.jpg" />
 
-	<rule from="^http://cdns?\.gigya\.com/"
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^staging\.blog\.gigya\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^staging\.blog\.gigya\.com$" name=".+" />
+
+
+	<rule from="^http://gigya\.com/"
+		to="https://www.gigya.com/" />
+
+	<rule from="^http://cdn\.gigya\.com/"
 		to="https://cdns.gigya.com/" />
 
+	<!--	Redirect drops forward
+		slash and args:
+					-->
+	<rule from="^http://info\.gigya\.com/+(?:\?.*)?$"
+		to="https://www.gigya.com/" />
+
+			<test url="http://info.gigya.com/?f" />
+			<test url="http://info.gigya.com/?o" />
+			<test url="http://info.gigya.com/?b" />
+			<test url="http://info.gigya.com/?a" />
+			<test url="http://info.gigya.com/?r" />
+
+	<rule from="^http://info\.gigya\.com/"
+		to="https://na-sjf.marketo.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/Gihyo.jp.xml b/src/chrome/content/rules/Gihyo.jp.xml
new file mode 100644
index 000000000000..dd56097151e4
--- /dev/null
+++ b/src/chrome/content/rules/Gihyo.jp.xml
@@ -0,0 +1,38 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.gihyo.jp/ => https://gihyo/: (6, 'Could not resolve host: gihyo')
+
+	www.gihyo.jp: Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- gihyo.jp
+
+-->
+<ruleset name="Gihyo.jp" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="gihyo.jp" />
+
+	<!--	Complications:
+				-->
+	<target host="www.gihyo.jp" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^gihyo\.jp$" name="^SN[\da-f]{16}$" /-->
+
+	<securecookie host="^gihyo\.jp$" name=".+" />
+
+
+	<rule from="^http://www\.gihyo\.jp/"
+		to="https://gihyo/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GijsK.com.xml b/src/chrome/content/rules/GijsK.com.xml
new file mode 100644
index 000000000000..9b37168aee27
--- /dev/null
+++ b/src/chrome/content/rules/GijsK.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="GijsK.com">
+	<target host="gijsk.com" />
+	<target host="www.gijsk.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/GileadHIV.com.xml b/src/chrome/content/rules/GileadHIV.com.xml
new file mode 100644
index 000000000000..ba0195463b66
--- /dev/null
+++ b/src/chrome/content/rules/GileadHIV.com.xml
@@ -0,0 +1,14 @@
+<!--
+	Time out:
+		franchiseguide.gileadhiv.com
+-->
+<ruleset name="GileadHIV.com">
+
+	<target host="gileadhiv.com" />
+	<target host="www.gileadhiv.com" />
+	<target host="services.gileadhiv.com" />
+		<test url="http://services.gileadhiv.com/pdf/DESCOVY/Important_Facts" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Gimmickwear.xml b/src/chrome/content/rules/Gimmickwear.xml
index e2b0c0b32ee3..dea23a4c44a8 100644
--- a/src/chrome/content/rules/Gimmickwear.xml
+++ b/src/chrome/content/rules/Gimmickwear.xml
@@ -1,13 +1,12 @@
 <ruleset name="Gimmickwear">
 
 	<target host="gimmickwear.com" />
-	<target host="*.gimmickwear.com" />
+	<target host="www.gimmickwear.com" />
 
 
 	<securecookie host="^\.(?:www\.)?gimmickwear\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?gimmickwear\.com/"
-		to="https://$1gimmickwear.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/GinjFo.com.xml b/src/chrome/content/rules/GinjFo.com.xml
new file mode 100644
index 000000000000..969d513e0a01
--- /dev/null
+++ b/src/chrome/content/rules/GinjFo.com.xml
@@ -0,0 +1,16 @@
+<!--
+	Mismatched:
+		- ^
+-->
+
+<ruleset name="GinjFo.com" default_off="cert-chain">
+	<target host="ginjfo.com" />
+	<target host="www.ginjfo.com" />
+	<target host="openx.ginjfo.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://ginjfo\.com/" to="https://www.ginjfo.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Gionn.net.xml b/src/chrome/content/rules/Gionn.net.xml
new file mode 100644
index 000000000000..53483a945305
--- /dev/null
+++ b/src/chrome/content/rules/Gionn.net.xml
@@ -0,0 +1,23 @@
+<!--
+	www.gionn.net: Unresolved
+
+	Insecure cookies are set for these domains:
+
+		- .gionn.net
+-->
+<ruleset name="gionn.net">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="gionn.net" />
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.gionn\.net$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Giphy.com.xml b/src/chrome/content/rules/Giphy.com.xml
index b47153e44926..e010d8dae895 100644
--- a/src/chrome/content/rules/Giphy.com.xml
+++ b/src/chrome/content/rules/Giphy.com.xml
@@ -1,34 +1,64 @@
-<!--
-	CDN buckets:
-
-		- d16jfyletng9p5.cloudfront.net
 
-			- media
-			- media[1-4]
+<!--
+	Insecure cookies are set for these domains:
 
+		- .giphy.com
 
-	Problematic subdomains:
+	Invalid certificate:
+		blog.giphy.com
 
-		- media ¹
-		- media[1-4] ¹
-		- media[6-9] ²
-		- media\d\d+ ²
-		- www		(refused)
+	Time out:
+		gifdanceparty.giphy.com
+		happyholidays.giphy.com
+		labs.giphy.com
+		twitter.giphy.com
 
-	¹ cloudfront
-	² Cert only matches ^giphy.com 
+	Refused:
+		gj.giphy.com
 
 -->
 <ruleset name="Giphy.com">
 
 	<target host="giphy.com" />
-	<target host="*.giphy.com" />
+	<target host="www.giphy.com" />
+	<target host="api.giphy.com" />
+	<target host="i.giphy.com" />
+		<test url="http://i.giphy.com/l0NhYcNShN2E296cE.gif" />
+	<target host="labs.giphy.com" />
+	<target host="media.giphy.com" />
+		<test url="http://media.giphy.com/media/xT1XH20RPY6rBmMBLa/giphy-loop.mp4" />
+	<target host="media0.giphy.com" />
+		<test url="http://media0.giphy.com/media/26tnmHJ2V8ZU3mbxm/200w.mp4" />
+	<target host="media1.giphy.com" />
+		<test url="http://media1.giphy.com/media/l3nWl5bhBoim7glNu/giphy-downsized.gif" />
+	<target host="media2.giphy.com" />
+		<test url="http://media2.giphy.com/media/l0NwuvFERvrjszjd6/200w.mp4" />
+	<target host="media3.giphy.com" />
+		<test url="http://media3.giphy.com/media/fLNQD3RQpAEYE/200w.mp4" />
+	<target host="media4.giphy.com" />
+		<test url="http://media4.giphy.com/media/3o7buiMZ5CbJ4imGnm/giphy.mp4" />
+	<target host="outlook.giphy.com" />
+	<target host="p.giphy.com" />
+	<target host="pingback.giphy.com" />
+	<target host="stickers.giphy.com" />
+		<test url="http://stickers.giphy.com/92e/92ed6cbd-51d3-451c-bcc2-c36ed0e1b4f1/unbordered-150.png" />
+	<target host="tv.giphy.com" />
+	<target host="twitter.giphy.com" />
+	<target host="upload.giphy.com" />
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.giphy\.com$" name="^__qca$" /-->
+
+	<securecookie host="^\.giphy\.com$" name=".+" />
 
+	<rule from="^http://labs\.giphy\.com/"
+		to="https://giphy.com/labs/" />
 
-	<rule from="^http://(?:www\.)?giphy\.com/"
-		to="https://giphy.com/" />
+	<rule from="^http://twitter\.giphy\.com/"
+		to="https://giphy.com/posts/giphy-makes-twitter-uploads-even-easier//" />
 
-	<rule from="^http://media\d*\.giphy\.com/"
-		to="https://d16jfyletng9p5.cloudfront.net/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Girl_Scouts.xml b/src/chrome/content/rules/Girl_Scouts.xml
index cbb38e823e77..c866dda1ca41 100644
--- a/src/chrome/content/rules/Girl_Scouts.xml
+++ b/src/chrome/content/rules/Girl_Scouts.xml
@@ -1,29 +1,25 @@
 <!--
 	Nonfunctional subdomains:
 
-		- blog		(blogspot)
-		- catalog *
 		- forgirls *
 
 	* No https
 
-
-	!www: blank page, valid cert
+    !www: 'OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection
 
 -->
 <ruleset name="Girl Scouts (partial)">
 
 	<target host="girlscouts.org" />
 	<target host="www.girlscouts.org" />
-
+	<target host="blog.girlscouts.org" />
 
 	<securecookie host="^www\.girlscouts\.org$" name=".+" />
 
-
-	<rule from="^http://(?:www\.)?girlscouts\.org/"
+	<rule from="^http://girlscouts\.org/"
 		to="https://www.girlscouts.org/" />
 
-	<rule from="^https?://blog\.girlscouts\.org/favicon\.ico"
-		to="https://www.blogger.com/favicon.ico" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/GirlsChannel.net.xml b/src/chrome/content/rules/GirlsChannel.net.xml
new file mode 100644
index 000000000000..1c5da27de335
--- /dev/null
+++ b/src/chrome/content/rules/GirlsChannel.net.xml
@@ -0,0 +1,13 @@
+<!--
+	Non-functional hosts
+		4xx client error:
+		- mail.girlschannel.net
+		- test.girlschannel.net
+-->
+<ruleset name="GirlsChannel.net">
+	<target host="girlschannel.net" />
+	<target host="www.girlschannel.net" />
+	<target host="info.girlschannel.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Girls_Out_West.com.xml b/src/chrome/content/rules/Girls_Out_West.com.xml
new file mode 100644
index 000000000000..5904b332840e
--- /dev/null
+++ b/src/chrome/content/rules/Girls_Out_West.com.xml
@@ -0,0 +1,88 @@
+<!--
+	For rules causing false/broken MCB, see Girls_Out_West.com-falsemixed.xml.
+
+	Other Girls Out West rulesets:
+
+		- Girls_Out_West_Free_Stuff.com.xml
+
+
+	Problematic hosts in *girlsoutwest.com:
+
+		- forum ¹
+		- forums ²
+
+	¹ Mixed css
+	² Mismatched
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .girlsoutwest.com
+		- forum.girlsoutwest.com
+		- join.girlsoutwest.com
+		- list.girlsoutwest.com
+		- nats.girlsoutwest.com
+
+
+	Mixed content:
+
+		- css on forum from $self
+		- Images on forum from $self
+		- Ad on tour from www.rabbitporno.com
+
+-->
+<ruleset name="Girls Out West.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="girlsoutwest.com" />
+	<target host="forum.girlsoutwest.com" />
+	<target host="galleries.girlsoutwest.com" />
+	<target host="join.girlsoutwest.com" />
+	<target host="list.girlsoutwest.com" />
+	<target host="members.girlsoutwest.com" />
+	<target host="nats.girlsoutwest.com" />
+	<target host="tour.girlsoutwest.com" />
+	<target host="www.girlsoutwest.com" />
+
+	<!--	Complications:
+				-->
+	<target host="forums.girlsoutwest.com" />
+
+		<!--	Avoid broken MCB:
+						-->
+		<exclusion pattern="^http://forums?\.girlsoutwest\.com/+(?!clientscript/|cron\.php|favicon\.ico|images/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://forum.girlsoutwest.com/activity.php" />
+			<test url="http://forum.girlsoutwest.com/calendar.php" />
+			<test url="http://forum.girlsoutwest.com/forumdisplay.php" />
+			<test url="http://forums.girlsoutwest.com/forumdisplay.php?do=markread&amp;markreadhash=guest" />
+			<test url="http://forums.girlsoutwest.com/register.php" />
+			<test url="http://forums.girlsoutwest.com/showgroups.php" />
+
+			<!--	-ve:
+					-->
+			<test url="http://forum.girlsoutwest.com/clientscript/vbulletin_css/style00042l/forumhome-rollup.css" />
+			<test url="http://forum.girlsoutwest.com/cron.php?rand=1" />
+			<test url="http://forums.girlsoutwest.com/favicon.ico" />
+			<test url="http://forums.girlsoutwest.com/images/metro/violet_red/misc/navbit-home.png" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.girlsoutwest\.com$" name="^(?:nats|nats_cookie|nats_sess|nats_unique|pcah)$" /-->
+	<!--securecookie host="^forum\.girlsoutwest\.com$" name="^bb_sessionhash$" /-->
+	<!--securecookie host="^(?:join|list|nats)\.girlsoutwest\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^(?!forum\.)." name=".+" />
+
+
+	<rule from="^http://forums\.girlsoutwest\.com/"
+		to="https://forum.girlsoutwest.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Girls_Out_West_Free_Stuff.com.xml b/src/chrome/content/rules/Girls_Out_West_Free_Stuff.com.xml
new file mode 100644
index 000000000000..f3d1124431eb
--- /dev/null
+++ b/src/chrome/content/rules/Girls_Out_West_Free_Stuff.com.xml
@@ -0,0 +1,14 @@
+<!--
+	For other Girls Out West coverage, see Girls_Out_West.com.xml.
+
+-->
+<ruleset name="Girls Out West Free Stuff.com">
+
+	<target host="girlsoutwestfreestuff.com" />
+	<target host="www.girlsoutwestfreestuff.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Gismeteo.ru.xml b/src/chrome/content/rules/Gismeteo.ru.xml
new file mode 100644
index 000000000000..38c741a505bd
--- /dev/null
+++ b/src/chrome/content/rules/Gismeteo.ru.xml
@@ -0,0 +1,52 @@
+<!--
+	Nonfunctional hosts in *gismeteo.ru:
+
+		- tours ¹
+		- tourism ²
+
+	¹ Shows another domain
+	² Redirects to http
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- www.gismeteo.ru
+		- .www.gismeteo.ru
+
+-->
+<ruleset name="Gismeteo.ru (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="gismeteo.ru" />
+	<target host="beta.gismeteo.ru" />
+	<target host="bst1.gismeteo.ru" />
+	<target host="bst2.gismeteo.ru" />
+	<target host="bst3.gismeteo.ru" />
+	<target host="bst4.gismeteo.ru" />
+	<target host="bst5.gismeteo.ru" />
+	<target host="bst6.gismeteo.ru" />
+	<target host="bst7.gismeteo.ru" />
+	<target host="bst8.gismeteo.ru" />
+	<target host="st2.gismeteo.ru" />
+	<target host="st3.gismeteo.ru" />
+	<target host="st4.gismeteo.ru" />
+	<target host="st5.gismeteo.ru" />
+	<target host="st6.gismeteo.ru" />
+	<target host="st7.gismeteo.ru" />
+	<target host="st8.gismeteo.ru" />
+	<target host="www.gismeteo.ru" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.gismeteo\.ru$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^\.www\.gismeteo\.ru$" name="^redirect$" /-->
+
+	<securecookie host="^\.?www\.gismeteo\.ru$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Gismeteo.ua.xml b/src/chrome/content/rules/Gismeteo.ua.xml
new file mode 100644
index 000000000000..ac9ddfcc4a7a
--- /dev/null
+++ b/src/chrome/content/rules/Gismeteo.ua.xml
@@ -0,0 +1,29 @@
+<!--
+	Insecure cookies are set for these domains and hosts:
+
+		- www.gismeteo.ua
+		- .www.gismeteo.ua
+
+-->
+<ruleset name="Gismeteo.ua">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="gismeteo.ua" />
+	<target host="s1.gismeteo.ua" />
+	<target host="s2.gismeteo.ua" />
+	<target host="www.gismeteo.ua" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.gismeteo\.ua$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^\.www\.gismeteo\.ua$" name="^autocity$" /-->
+
+	<securecookie host="^\.?www\.gismeteo\.ua$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Git.io.xml b/src/chrome/content/rules/Git.io.xml
new file mode 100644
index 000000000000..edcb7c8a763e
--- /dev/null
+++ b/src/chrome/content/rules/Git.io.xml
@@ -0,0 +1,13 @@
+<!--
+	For other GitHub coverage, see Github.xml.
+-->
+<ruleset name="Git.io">
+
+	<target host="git.io" />
+	<target host="www.git.io" />
+
+	<test url="http://git.io/vzorI" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Git.xml b/src/chrome/content/rules/Git.xml
index 43c16506465c..5dfc01dab721 100644
--- a/src/chrome/content/rules/Git.xml
+++ b/src/chrome/content/rules/Git.xml
@@ -1,9 +1,9 @@
-<ruleset name="Git" default_off="mismatch">
+<ruleset name="Git">
 
 	<target host="git-scm.com"/>
 	<target host="www.git-scm.com"/>
 
-	<rule from="^http://(?:www\.)?git-scm\.com/"
-		to="https://git-scm.com/"/>
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/GitBook.com.xml b/src/chrome/content/rules/GitBook.com.xml
new file mode 100644
index 000000000000..6e7e3854f9ec
--- /dev/null
+++ b/src/chrome/content/rules/GitBook.com.xml
@@ -0,0 +1,35 @@
+<!--
+	Other GitBook IO rulesets:
+		- GitBook.io.xml
+
+	Reset:
+		- gitbook.com
+
+	Mismatch:
+		- downloads.editor.gitbook.com
+		- help.enterprise.gitbook.com
+		- jobs.gitbook.com
+		- status.gitbook.com
+		- styleguide.gitbook.com
+-->
+<ruleset name="GitBook.com">
+	<target host="gitbook.com" />
+	<target host="www.gitbook.com" />
+	<target host="api.gitbook.com" />
+	<target host="cdn.gitbook.com" />
+	<target host="developer.gitbook.com" />
+	<target host="enterprise.gitbook.com" />
+	<target host="git.gitbook.com" />
+	<target host="help.gitbook.com" />
+	<target host="nuts.gitbook.com" />
+	<target host="plugins.gitbook.com" />
+	<target host="rousseau.gitbook.com" />
+	<target host="slack.gitbook.com" />
+	<target host="slack-service.gitbook.com" />
+	<target host="toolchain.gitbook.com" />
+
+	<rule from="^http://gitbook\.com/"
+		to="https://www.gitbook.com/" />
+
+	<rule from="^http:"	to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/GitBook.io.xml b/src/chrome/content/rules/GitBook.io.xml
new file mode 100644
index 000000000000..fd53251e21cb
--- /dev/null
+++ b/src/chrome/content/rules/GitBook.io.xml
@@ -0,0 +1,32 @@
+<!--
+	For other GitBook IO coverage, see GitBook.com.xml.
+
+	Timeout:
+		- gitbook.io
+		- help.gitbook.io
+
+	Problematic subdomains:
+		- ^ *
+		- push ³
+		- status ²
+		- www ³
+	* Refused
+	³ Mismatched
+	² statuspage.io
+-->
+<ruleset name="GitBook.IO (partial)">
+	<target host="gitbook.io" />
+	<target host="www.gitbook.io" />
+	<target host="help.gitbook.io" />
+	<target host="push.gitbook.io" />
+	<target host="status.gitbook.io" />
+
+	<rule from="^http://(www\.)?gitbook\.io/"
+		to="https://www.gitbook.com/" />
+	<rule from="^http://help\.gitbook\.io/"
+		to="https://help.gitbook.com/" />
+	<rule from="^http://push\.gitbook\.io/"
+		to="https://git.gitbook.com/" />
+	<rule from="^http://status\.gitbook\.io/"
+		to="https://githubio.statuspage.io/" />
+</ruleset>
diff --git a/src/chrome/content/rules/GitCDN.link.xml b/src/chrome/content/rules/GitCDN.link.xml
new file mode 100644
index 000000000000..f7f551148440
--- /dev/null
+++ b/src/chrome/content/rules/GitCDN.link.xml
@@ -0,0 +1,14 @@
+<!--
+	Invalid Certificate:
+		ip.gitcdn.link
+-->
+<ruleset name="GitCDN.link">
+	<target host="gitcdn.link" />
+	<target host="www.gitcdn.link" />
+	<target host="cdn.gitcdn.link" />
+	<target host="min.gitcdn.link" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/GitCDN.xyz.xml b/src/chrome/content/rules/GitCDN.xyz.xml
new file mode 100644
index 000000000000..8a3c8077687b
--- /dev/null
+++ b/src/chrome/content/rules/GitCDN.xyz.xml
@@ -0,0 +1,14 @@
+<!--
+	Invalid Certificate:
+		ip.gitcdn.xyz
+-->
+<ruleset name="GitCDN.xyz">
+	<target host="gitcdn.xyz" />
+	<target host="www.gitcdn.xyz" />
+	<target host="cdn.gitcdn.xyz" />
+	<target host="min.gitcdn.xyz" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/GitCafe.xml b/src/chrome/content/rules/GitCafe.xml
deleted file mode 100644
index 225a18153384..000000000000
--- a/src/chrome/content/rules/GitCafe.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-	blog (cannot connect)
-
--->
-<ruleset name="GitCafe (partial)">
-	<target host="gitcafe.com" />
-	<target host="www.gitcafe.com" />
-
-	<securecookie host="^www\.gitcafe\.com$"
-			name=".+" />
-
-	<rule from="^http://(www\.)?gitcafe\.com/"
-		to="https://$1gitcafe.com/" />
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/GitCop.com.xml b/src/chrome/content/rules/GitCop.com.xml
new file mode 100644
index 000000000000..d2af5a90124b
--- /dev/null
+++ b/src/chrome/content/rules/GitCop.com.xml
@@ -0,0 +1,17 @@
+<ruleset name="GitCop.com">
+
+	<target host="gitcop.com" />
+	<target host="www.gitcop.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^gitcop\.com$" name="^_gitcop_session$" /-->
+
+	<securecookie host="^gitcop\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GitFoo.com.xml b/src/chrome/content/rules/GitFoo.com.xml
new file mode 100644
index 000000000000..1f371d6a051e
--- /dev/null
+++ b/src/chrome/content/rules/GitFoo.com.xml
@@ -0,0 +1,12 @@
+<!--
+	Mismatched:
+		mail.gitfoo.com
+-->
+<ruleset name="GitFoo.com">
+	<target host="gitfoo.com" />
+	<target host="www.gitfoo.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/GitGud.io.xml b/src/chrome/content/rules/GitGud.io.xml
new file mode 100644
index 000000000000..57327cfbda07
--- /dev/null
+++ b/src/chrome/content/rules/GitGud.io.xml
@@ -0,0 +1,15 @@
+<!--
+	Mismatched:
+		- www (gitgud.io)
+-->
+
+<ruleset name="GitGud.io">
+	<target host="gitgud.io" />
+	<target host="www.gitgud.io" />
+	<target host="chat.gitgud.io" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://www\.gitgud\.io/" to="https://gitgud.io/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/GitHub.xml b/src/chrome/content/rules/GitHub.xml
new file mode 100644
index 000000000000..6d48b0a203d4
--- /dev/null
+++ b/src/chrome/content/rules/GitHub.xml
@@ -0,0 +1,28 @@
+<!--
+	HSTS preloaded:
+		- github.com
+		- *.github.com
+
+	Other GitHub rulesets:
+		- Choosealicense.com.xml
+		- Github-Pages.xml
+		- githubassets.com.xml
+		- Guag.es.xml
+		- Speaker_Deck.com.xml
+-->
+<ruleset name="GitHub">
+	<target host="github.io" />
+
+
+	<target host="avatars0.githubusercontent.com" />
+	<target host="avatars1.githubusercontent.com" />
+	<target host="avatars2.githubusercontent.com" />
+	<target host="avatars3.githubusercontent.com" />
+	<target host="camo.githubusercontent.com" />
+	<target host="raw.githubusercontent.com" />
+	<target host="render.githubusercontent.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/GitLab.com.xml b/src/chrome/content/rules/GitLab.com.xml
new file mode 100644
index 000000000000..990245b91ad1
--- /dev/null
+++ b/src/chrome/content/rules/GitLab.com.xml
@@ -0,0 +1,61 @@
+<!--
+	Other GitLab rulesets:
+		- GitLab.io.xml
+
+	No working URL known:
+		www.about.gitlab.com
+		piwik.gitlab.com
+		registry.gitlab.com
+
+	Invalid certificate:
+		arewefastyet.gitlab.com
+		doc.gitlab.com
+
+	Time out:
+		contributors.gitlab.com
+		demo.gitlab.com
+
+	Login required:
+		dev.gitlab.org
+		license.gitlab.com
+		packages.gitlab.com
+		prometheus.gitlab.com
+		redash.gitlab.com
+		version.gitlab.com
+
+	Refused:
+		stats.gitlab.com
+
+-->
+<ruleset name="GitLab.com">
+
+	<target host="gitlab.com" />
+	<target host="www.gitlab.com" />
+	<target host="about.gitlab.com" />
+	<target host="blog.gitlab.com" />
+	<target host="chef.gitlab.com" />
+	<target host="swedish.chef.gitlab.com" />
+	<target host="customers.gitlab.com" />
+	<target host="doc.gitlab.com" />
+	<target host="docs.gitlab.com" />
+	<target host="feedback.gitlab.com" />
+	<target host="forum.gitlab.com" />
+	<target host="get.gitlab.com" />
+	<target host="page.gitlab.com" />
+	<target host="staging.gitlab.com" />
+	<target host="support.gitlab.com" />
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^gitlab\.com$" name="^request_method$" /-->
+	<!--securecookie host="^\.gitlab\.com$" name="^^(__cfduid|cf_clearance)$$" /-->
+	<securecookie host="^\w" name=".+" />
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+
+	<rule from="^http://doc\.gitlab\.com/"
+		to="https://docs.gitlab.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GitLab.io.xml b/src/chrome/content/rules/GitLab.io.xml
new file mode 100644
index 000000000000..eea97a475761
--- /dev/null
+++ b/src/chrome/content/rules/GitLab.io.xml
@@ -0,0 +1,38 @@
+<!--
+	For other GitLab coverage, see GitLab.com.xml.
+
+-->
+<ruleset name="GitLab Pages">
+
+	<target host="gitlab.io"/>
+	<target host="*.gitlab.io"/>
+
+		<test url="http://www.gitlab.io/"/>
+		<test url="http://pages.gitlab.io/"/>
+		<test url="http://maxlaumeister.gitlab.io/"/>
+		<test url="http://moshmage.gitlab.io/" />
+		<test url="http://weel.gitlab.io/" />
+
+	<securecookie host=".+" name=".+" />
+
+	<!-- GitLab.io doesn't support TLS on 4th level domains.
+
+		From their documentation:
+		"When using Pages under the general domain of a GitLab instance (*.example.io), you
+		cannot use HTTPS with sub-subdomains. That means that if your username/groupname
+		contains a dot, for example foo.bar, the domain foo.bar.example.io will not work.
+		This is a limitation of the HTTP Over TLS protocol. HTTP pages will continue to
+		work provided you don't redirect HTTP to HTTPS."
+
+		https://web.archive.org/web/20170121211447/http://docs.gitlab.com/ee/pages/README.html#limitations
+
+		<test url="http://jordi.torne.gitlab.io/csvio-f90/" />
+	-->
+
+	<rule from="^http://([\w-]+)\.gitlab\.io/"
+		to="https://$1.gitlab.io/"/>
+
+	<rule from="^http://gitlab\.io/"
+		to="https://gitlab.io/"/>
+
+</ruleset>
diff --git a/src/chrome/content/rules/GitList.org.xml b/src/chrome/content/rules/GitList.org.xml
new file mode 100644
index 000000000000..2203393ef2ee
--- /dev/null
+++ b/src/chrome/content/rules/GitList.org.xml
@@ -0,0 +1,15 @@
+<!--
+	Mismatch:
+		www.gitlist.org
+-->
+<ruleset name="GitList.org">
+	<target host="gitlist.org" />
+	<target host="www.gitlist.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://www\.gitlist\.org/"
+		to="https://gitlist.org/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Github-Pages.xml b/src/chrome/content/rules/Github-Pages.xml
new file mode 100644
index 000000000000..86c627e10fb5
--- /dev/null
+++ b/src/chrome/content/rules/Github-Pages.xml
@@ -0,0 +1,33 @@
+<!--
+	For other GitHub coverage, see Github.xml.
+-->
+<ruleset name="GitHub Pages">
+
+	<target host="*.github.io" />
+
+	<!-- random test urls -->
+	<test url="http://ansible.github.io/" />
+	<test url="http://google.github.io/" />
+	<test url="http://mozilla.github.io/" />
+	<test url="http://twitter.github.io/" />
+
+	<exclusion pattern="^http://duckietv\.github\.io/DuckieTV/?" />
+		<test url="http://duckietv.github.io/DuckieTV" />
+		<test url="http://duckietv.github.io/DuckieTV/" />
+
+	<exclusion pattern="^http://googletrends\.github\.io/iframe-scaffolder" />
+		<test url="http://googletrends.github.io/iframe-scaffolder" />
+		<test url="http://googletrends.github.io/iframe-scaffolder/" />
+
+	<exclusion pattern="^http://schizoduckie\.github\.io/DuckieTorrent/?" />
+	<exclusion pattern="^http://schizoduckie\.github\.io/PimpMyuTorrent/?" />
+		<test url="http://schizoduckie.github.io/DuckieTorrent" />
+		<test url="http://schizoduckie.github.io/DuckieTorrent/" />
+		<test url="http://schizoduckie.github.io/PimpMyuTorrent" />
+		<test url="http://schizoduckie.github.io/PimpMyuTorrent/" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"	to="https:"/>
+
+</ruleset>
diff --git a/src/chrome/content/rules/Github.xml b/src/chrome/content/rules/Github.xml
deleted file mode 100644
index 2017e976a3f2..000000000000
--- a/src/chrome/content/rules/Github.xml
+++ /dev/null
@@ -1,77 +0,0 @@
-<!--
-	Other GitHub rulesets:
-
-		- Guag.es.xml
-		- Speaker_Deck.com.xml
-
-
-	CDN buckets:
-
-		- github.global.ssl.fastly.net
-		- a248.e.akamai.net/assets.github.com/
-		- a248.e.akamai.net/camo.github.com/
-		- s3.amazonaws.com/github/ | d24z2fz21y4fag.cloudfront.net
-
-
-	Problematic domains:
-
-		- support.github.com	(works; mismatched, CN: github.com)
-		- rg3.github.io		(works; mismatched, CN: *.github.com)
-
-
-	Fully covered domains:
-
-		- github.com subdomains:
-
-			- (www.)
-			- assets\d+
-			- cloud		(→ bugs.genivi.org)
-			- f.cloud
-			- codeload
-			- developer
-			- eclipse
-			- enterprise
-			- gist
-			- help
-			- identicons
-			- jobs
-			- mac
-			- mobile
-			- nodeload
-			- octodex
-			- pages
-			- raw
-			- rg3
-			- status
-			- support	(→ ^github.com)
-			- wiki
-			- windows
-
-		- collector.githubapp.com
-
--->
-<ruleset name="GitHub">
-
-	<target host="github.com" />
-	<target host="*.github.com" />
-	<target host="collector.githubapp.com" />
-
-
-	<securecookie host="^(?:.*\.)?github\.com$" name=".+" />
-
-
-	<rule from="^http://((?:assets\d+|f\.cloud|codeload|developer|eclipse|enterprise|gist|help|identicons|jobs|mac|mobile|nodeload|octodex|pages|raw|rg3|status|wiki|windows|www)\.)?github\.com/"
-		to="https://$1github.com/" />
-
-	<rule from="^http://cloud\.github\.com/"
-		to="https://d24z2fz21y4fag.cloudfront.net/" />
-
-	<!--	Server drops path:
-					-->
-	<rule from="^http://support\.github\.com/[^?]*(\?.*)?"
-		to="https://github.com/contact$1" />
-
-	<rule from="^http://collector\.githubapp\.com/"
-		to="https://collector.githubapp.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Gitian.org.xml b/src/chrome/content/rules/Gitian.org.xml
new file mode 100644
index 000000000000..23cec68768bb
--- /dev/null
+++ b/src/chrome/content/rules/Gitian.org.xml
@@ -0,0 +1,13 @@
+<!--
+	www: cert only matches ^gitian.org
+
+-->
+<ruleset name="Gitian.org">
+
+	<target host="gitian.org" />
+	<target host="www.gitian.org" />
+
+	<rule from="^http://(www\.)?gitian\.org/"
+		to="https://gitian.org/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Gitorious.xml b/src/chrome/content/rules/Gitorious.xml
deleted file mode 100644
index f27f1a31e6cb..000000000000
--- a/src/chrome/content/rules/Gitorious.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="Gitorious">
-  <target host="gitorious.org" />
-  <target host="*.gitorious.org" />
-	<exclusion pattern="^http://(blog|en|status)\.gitorious\.org/"/>
-
-	<securecookie host=".*\.gitorious\.org$" name=".*"/>
-
-  <rule from="^http://gitorious\.org/"
-	  to="https://gitorious.org/"/>
-  <rule from="^http://([^/:@\.]+)\.gitorious\.org/"
-	  to="https://$1.gitorious.org/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/Gitshell.com.xml b/src/chrome/content/rules/Gitshell.com.xml
new file mode 100644
index 000000000000..8f4250434688
--- /dev/null
+++ b/src/chrome/content/rules/Gitshell.com.xml
@@ -0,0 +1,30 @@
+<!--
+	Problematic subdomains:
+
+		- blog *
+
+	* Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- gitshell.com
+
+-->
+<ruleset name="Gitshell.com (partial)">
+
+	<target host="gitshell.com" />
+	<target host="www.gitshell.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^gitshell\.com$" name="^csrftoken$" /-->
+
+	<securecookie host="^gitshell\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Gitter.im.xml b/src/chrome/content/rules/Gitter.im.xml
new file mode 100644
index 000000000000..2ded4faa46e8
--- /dev/null
+++ b/src/chrome/content/rules/Gitter.im.xml
@@ -0,0 +1,63 @@
+<!--
+	Nonfunctional host in *gitter.im:
+
+		- blog ³
+		- next ʳ
+
+	³ 403
+	ʳ Refused
+
+
+	Problematic host in *gitter.im:
+
+		- support ᵐ
+
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- billing.gitter.im
+		- developer.gitter.im
+		- irc.gitter.im
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Gitter.im (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="gitter.im" />
+	<target host="badges.gitter.im" />
+	<target host="billing.gitter.im" />
+	<target host="cdn01.gitter.im" />
+	<target host="cdn02.gitter.im" />
+	<target host="cdn03.gitter.im" />
+	<target host="developer.gitter.im" />
+	<target host="irc.gitter.im" />
+	<target host="sidecar.gitter.im" />
+	<target host="update.gitter.im" />
+	<target host="www.gitter.im" />
+
+	<!--	Special cases:
+				-->
+	<target host="support.gitter.im" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(billing|developer|irc)\.gitter\.im$" name="^connect\.sid$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://support\.gitter\.im/.*"
+		to="https://gitter.zendesk.com/hc" />
+
+		<test url="http://support.gitter.im/?foo" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Gittigidiyor.net.xml b/src/chrome/content/rules/Gittigidiyor.net.xml
new file mode 100644
index 000000000000..2652e767569d
--- /dev/null
+++ b/src/chrome/content/rules/Gittigidiyor.net.xml
@@ -0,0 +1,30 @@
+<!--
+	Nonfunctional hosts in *.gittigidiyor.net:
+
+		- gittigidiyor.net	(secure connection failed)
+		- www.gittigidiyor.net	(secure connection failed)
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="GittiGidiyor.net">
+
+	<target host="mcdn01.gittigidiyor.net" />
+		<test url="http://mcdn01.gittigidiyor.net/29801/tn24/298011980_tn24_0.jpg" />
+	<target host="mcdnaff03.gittigidiyor.net" />
+	<target host="st.gittigidiyor.net" />
+	<target host="st2.gittigidiyor.net" />
+
+	<!-- /$ doesn't work with HTTPS -->
+	<exclusion pattern="^http://st\.gittigidiyor\.net/$" />
+		<test url="http://st.gittigidiyor.net/rsrc/devgg/images/ebay-pt.png" />
+
+	<exclusion pattern="^http://st2\.gittigidiyor\.net/$" />
+		<test url="http://st2.gittigidiyor.net/fred/framework/assets/img/core/main/simple-modal-close.png" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Gittip.com.xml b/src/chrome/content/rules/Gittip.com.xml
deleted file mode 100644
index 6b62a34d41a9..000000000000
--- a/src/chrome/content/rules/Gittip.com.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	CDN buckets:
-
-		- assets-gittipllc.netdna-ssl.com
-
--->
-<ruleset name="Gittip.com">
-
-	<target host="gittip.com" />
-	<target host="www.gittip.com" />
-
-
-	<securecookie host="^www\.gittip\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?gittip\.com/"
-		to="https://$1gittip.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Give-Kids-the-World.xml b/src/chrome/content/rules/Give-Kids-the-World.xml
index 092b2f3b395c..9d85fda672ff 100644
--- a/src/chrome/content/rules/Give-Kids-the-World.xml
+++ b/src/chrome/content/rules/Give-Kids-the-World.xml
@@ -1,23 +1,53 @@
-<ruleset name="Give Kids the World" platform="mixedcontent">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://gktw.org/ => https://gktw.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.gktw.org/ => https://www.gktw.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://givekidstheworld.org/ => https://gktw.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.givekidstheworld.org/ => https://www.gktw.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://secure.gktw.org/ => https://secure.gktw.org/: (60, 'SSL certificate problem: certificate has expired')
+
+	Supported domains:
+
+	gktw.org
+	www.gktw.org
+	secure.gktw.org
+	www.givekidstheworldstore.org
+
+	Unsupported domains:
+
+	support.gktw.org		(cert mismatch; cert is for secure2.convio.net)
+	givekidstheworld.org		(cert mismatch; cert is only valid for gktw.org and *.gktw.org)*
+	www.givekidstheworld.org	(ditto)*
+	givekidstheworldstore.org	(redirects to HTTP)**
+
+	Notes:
+	*	The ruleset redirects givekidstheworld.org to gktw.org and redirects www.givekidstheworld.org
+		to www.gktw.org; the givekidstheworld.org and gktw.org domains appear to have the same content.
+	**	The ruleset redirects givekidstheworldstore.org to www.givekidstheworldstore.org; both appear
+		to have the same content.
+-->
+<ruleset name="Give Kids the World" platform="mixedcontent" default_off="failed ruleset test">
 	<target host="gktw.org" />
 	<target host="www.gktw.org" />
-	<target host="gktw.com" />
-	<target host="www.gktw.com" />
 	<target host="givekidstheworld.org" />
 	<target host="www.givekidstheworld.org" />
-	<target host="givekidstheworld.com" />
-	<target host="www.givekidstheworld.com" />
 	<target host="secure.gktw.org" />
-	
+
 	<target host="givekidstheworldstore.org" />
 	<target host="www.givekidstheworldstore.org" />
 
-	<securecookie host="^secure\.gktw\.org$" name=".+" />
+	<securecookie host="^(?:secure|www)\.gktw\.org$" name=".+" />
 
 	<securecookie host="^www\.givekidstheworldstore\.org$" name=".+" />
 
-	<rule from="^http://secure\.gktw\.org/" to="https://secure.gktw.org/" />
-	<rule from="^https?://(?:www\.)?(?:gktw|givekidstheworld)\.(?:com|org)/" to="https://secure.gktw.org/" />
+	<rule from="^http://(www\.)?gktw\.org/"
+			to="https://$1gktw.org/" />
+	<rule from="^http://(www\.)?givekidstheworld\.org/"
+			to="https://$1gktw.org/" />
+	<rule from="^http://secure\.gktw\.org/"
+			to="https://secure.gktw.org/" />
 
-	<rule from="^http://(?:www\.)?givekidstheworldstore\.org/" to="https://www.givekidstheworldstore.org/" />
+	<rule from="^http://(?:www\.)?givekidstheworldstore\.org/"
+			to="https://www.givekidstheworldstore.org/" />
 </ruleset>
diff --git a/src/chrome/content/rules/GiveDirect.xml b/src/chrome/content/rules/GiveDirect.xml
index bab62b8c6c0f..e77f7e0015a9 100644
--- a/src/chrome/content/rules/GiveDirect.xml
+++ b/src/chrome/content/rules/GiveDirect.xml
@@ -7,7 +7,6 @@
 	<securecookie host="^(?:www\.)?givedirect\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?givedirect\.org/"
-		to="https://$1givedirect.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/GiveDirectly.org.xml b/src/chrome/content/rules/GiveDirectly.org.xml
new file mode 100644
index 000000000000..39be2bf9861c
--- /dev/null
+++ b/src/chrome/content/rules/GiveDirectly.org.xml
@@ -0,0 +1,10 @@
+<ruleset name="GiveDirectly.org">
+
+	<target host="givedirectly.org" />
+	<target host="www.givedirectly.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Givex.xml b/src/chrome/content/rules/Givex.xml
index acd01883f360..5af3b1564c03 100644
--- a/src/chrome/content/rules/Givex.xml
+++ b/src/chrome/content/rules/Givex.xml
@@ -29,4 +29,4 @@
 	<rule from="^http://wwws(-\w\w\d)?\.givex\.com/"
 		to="https://wwws$1.givex.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/GivingComfort.org.xml b/src/chrome/content/rules/GivingComfort.org.xml
index 2c47a37c7e35..c3a89a996b87 100644
--- a/src/chrome/content/rules/GivingComfort.org.xml
+++ b/src/chrome/content/rules/GivingComfort.org.xml
@@ -1,4 +1,19 @@
-<ruleset name="GivingComfort.org">
+<!--
+	Nonfunctional domains:
+
+		- (www.)?givingconfort.com *
+
+	* Refused
+
+
+	Problematic domains:
+
+		- (www.)?givingcomfort.org *
+
+	* Mismatched
+
+-->
+<ruleset name="GivingComfort.org" default_off="mismatched">
 
 	<target host="givingcomfort.com" />
 	<target host="www.givingcomfort.com" />
@@ -6,7 +21,7 @@
 	<target host="www.givingcomfort.org" />
 
 
-	<rule from="^http://(www\.)?givingcomfort\.(com|org)/"
-		to="https://$1givingcomfort.$2/" />
+	<rule from="^http://(www\.)?givingcomfort\.(?:com|org)/"
+		to="https://$1givingcomfort.org/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/GivingPrograms.com.xml b/src/chrome/content/rules/GivingPrograms.com.xml
index 6a3db060a200..c92909fd3c2f 100644
--- a/src/chrome/content/rules/GivingPrograms.com.xml
+++ b/src/chrome/content/rules/GivingPrograms.com.xml
@@ -1,17 +1,24 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://giving.givingprograms.com/ => https://giving.givingprograms.com/: (6, 'Could not resolve host: giving.givingprograms.com')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://givingprograms.com/ => https://givingprograms.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 	Mixed css from amerigives.com (expired 2013-03-08)
 
 -->
-<ruleset name="GivingPrograms.com" platform="mixedcontent">
+<ruleset name="GivingPrograms.com" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="givingprograms.com" />
-	<target host="*.givingprograms.com" />
+	<target host="giving.givingprograms.com" />
+	<target host="verify.givingprograms.com" />
+	<target host="www.givingprograms.com" />
 
 
-	<securecookie host="^(?:.+\.)?givingprograms\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(giving\.|verify\.|www\.)?givingprograms\.com/"
-		to="https://$1givingprograms.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Givskudzoo.dk.xml b/src/chrome/content/rules/Givskudzoo.dk.xml
new file mode 100644
index 000000000000..0de8aad9d555
--- /dev/null
+++ b/src/chrome/content/rules/Givskudzoo.dk.xml
@@ -0,0 +1,12 @@
+<!--
+	Subdomains not covered:
+		- tv ¹
+	¹ Bad CN in cert
+-->
+<ruleset name="Givskudzoo.dk">
+	<target host="givskudzoo.dk" />
+	<target host="www.givskudzoo.dk" />
+
+	<rule from="^http://(www\.)?givskudzoo\.dk/"
+		to="https://www.givskudzoo.dk/" />
+</ruleset>
diff --git a/src/chrome/content/rules/Gixen.xml b/src/chrome/content/rules/Gixen.xml
new file mode 100644
index 000000000000..53d380dde1ed
--- /dev/null
+++ b/src/chrome/content/rules/Gixen.xml
@@ -0,0 +1,12 @@
+<ruleset name="Gixen">
+	<target host="gixen.com" />
+	<target host="www.gixen.com" />
+
+	<!-- Fix infinite redirect, see:
+		https://github.com/EFForg/https-everywhere/issues/6365 -->
+	<exclusion pattern="^http://www\.gixen\.com/index\.php$" />
+		<test url="http://www.gixen.com/index.php" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Gizmag.xml b/src/chrome/content/rules/Gizmag.xml
index a58586f4464e..24d66b3d9185 100644
--- a/src/chrome/content/rules/Gizmag.xml
+++ b/src/chrome/content/rules/Gizmag.xml
@@ -3,16 +3,37 @@
 
 		- s3.amazonaws.com/files.gizmag.com/ | d1ad9ekm4vh0vj.cloudfront.net
 		- s3.amazonaws.com/gizmag-images/ | d3fvptmknnj7i1.cloudfront.net
+		- gizmag-images.imgix.net
 
 
-	Nonfunctional subdomains:
+	www.gizmag.com: Redirects to http
 
-		- (www.)	(refused)
+
+	Problematic hosts in *gizmag.com:
+
+		- img ᵐ
+		- img-[23] ᵐ
+
+	ᵐ Mismatched
 
 -->
-<ruleset name="Gizmag (partial)">
+<ruleset name="Gizmag.com (partial)">
 
-	<target host="*.gizmag.com" />
+	<!--	Complications:
+				-->
+	<target host="files.gizmag.com" />
+	<target host="images.gizmag.com" />
+	<target host="img.gizmag.com" />
+	<target host="img-2.gizmag.com" />
+	<target host="img-3.gizmag.com" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.gizmag\.com/(?:$|about/)" /-->
+
+			<!--	+ve:
+					-->
+			<!--test url="http://www.gizmag.com/about/" /-->
 
 
 	<rule from="^http://files\.gizmag\.com/"
@@ -21,4 +42,7 @@
 	<rule from="^http://images\.gizmag\.com/"
 		to="https://d3fvptmknnj7i1.cloudfront.net/" />
 
+	<rule from="^http://img(?:-\d)?\.gizmag\.com/"
+		to="https://gizmag-images.imgix.net/" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/Gizmodo.com.xml b/src/chrome/content/rules/Gizmodo.com.xml
deleted file mode 100644
index 0a49e9797881..000000000000
--- a/src/chrome/content/rules/Gizmodo.com.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	For other Gawker coverage, see Gawker.com.xml.
-
-
-	CN: *.a.ssl.fastly.net
-
--->
-<ruleset name="Gizmodo.com" default_off="mismatched">
-
-	<target host="gizmodo.com" />
-	<target host="*.gizmodo.com" />
-
-
-	<securecookie host="^\.?gizmodo\.com$" name=".+" />
-
-
-	<rule from="^http://(?:(cache\.|us\.)|www\.)?gizmodo\.com/"
-		to="https://$1gizmodo.com//" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/GladRags.com.xml b/src/chrome/content/rules/GladRags.com.xml
new file mode 100644
index 000000000000..866c465a29f8
--- /dev/null
+++ b/src/chrome/content/rules/GladRags.com.xml
@@ -0,0 +1,50 @@
+<!--
+	Nonfunctional hosts in *gladrags.com:
+
+		- blog *
+
+	* Redirects to emailmarketing.techxpress.net
+
+
+	(www.)?: Mismatched
+
+
+	Fully covered hosts in *gladrags.com:
+
+		- (www.)?	(→ secure.gladrags.com)
+		- secure
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .gladrags.com
+		- secure.gladrags.com
+
+-->
+<ruleset name="GladRags.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="secure.gladrags.com" />
+
+	<!--	Complications:
+				-->
+	<target host="gladrags.com" />
+	<target host="www.gladrags.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.gladrags\.com$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^secure\.gladrags\.com$" name="^ct$" /-->
+
+	<securecookie host="^secure\.gladrags\.com$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?gladrags\.com/"
+		to="https://secure.gladrags.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Glam.xml b/src/chrome/content/rules/Glam.xml
index 73d3e2383e4b..fa255ecae8d1 100644
--- a/src/chrome/content/rules/Glam.xml
+++ b/src/chrome/content/rules/Glam.xml
@@ -1,4 +1,9 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www2.glam.com/ => https://swww2.glam.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://swww2.glam.com/ => https://swww2.glam.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+
 	CDN buckets:
 
 		- glam.com.edgekey.net
@@ -40,23 +45,23 @@
 	* → akamai
 
 -->
-<ruleset name="Glam (partial)">
+<ruleset name="Glam (partial)" default_off="failed ruleset test">
 
-	<target host="*.glam.com" />
+	<target host="www2.glam.com" />
+	<target host="swww2.glam.com" />
+	<target host="swww22.glam.com" />
+	<target host="swww35.glam.com" />
+	<target host="www22.glam.com" />
+	<target host="www35t.glam.com" />
 
 
 	<securecookie host="^\.glam\.com$" name=".+" />
 
 
-	<rule from="^http://s?www2\.glam\.com/"
+	<rule from="^http://www2\.glam\.com/"
 		to="https://swww2.glam.com/" />
 
-	<!--	Also on swww35:
-				-->
-	<rule from="^http://www35\.glam\.com/"
-		to="https://a248.e.akamai.net/f/391/9986/10h/www35.glam.com/" />
-
-	<rule from="^http://(swww22|swww35|www22|www35t)\.glam\.com/"
-		to="https://$1.glam.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Glamorous_UK.xml b/src/chrome/content/rules/Glamorous_UK.xml
index 7447af440b90..62297f02afbc 100644
--- a/src/chrome/content/rules/Glamorous_UK.xml
+++ b/src/chrome/content/rules/Glamorous_UK.xml
@@ -1,17 +1,23 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://glamorousuk.com/ => https://glamorousuk.com/: (51, "SSL: no alternative certificate subject name matches target host name 'glamorousuk.com'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://glamorousuk.com/ => https://glamorousuk.com/: (51, "SSL: no alternative certificate subject name matches target host name 'glamorousuk.com'")
 	Cert only matches glamorousuk.com.
 
 -->
-<ruleset name="Glamorous UK">
+<ruleset name="Glamorous UK" default_off="failed ruleset test">
 
 	<target host="glamorousuk.com" />
-	<target host="*.glamorousuk.com" />
+	<target host="www.glamorousuk.com" />
 
 
 	<securecookie host="^\.glamorousuk\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?glamorousuk\.com/"
+	<rule from="^http://(?:www\.)?glamorousuk\.com/"
 		to="https://glamorousuk.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Glarner_Kantonalbank.xml b/src/chrome/content/rules/Glarner_Kantonalbank.xml
deleted file mode 100644
index 3b4858f20e24..000000000000
--- a/src/chrome/content/rules/Glarner_Kantonalbank.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<ruleset name="Glarner Kantonalbank">
-    <target host="glkb.ch" />
-    <target host="*.glkb.ch" />
-
-    <securecookie host="^(.*\.)?glkb\.ch$" name=".+" />
-
-    <rule from="^https?://glkb\.ch/"
-        to="https://www.glkb.ch/"/>
-    <rule from="^http://([^/:@]+)?\.glkb\.ch/"
-        to="https://$1.glkb.ch/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Glasgow.gov.uk.xml b/src/chrome/content/rules/Glasgow.gov.uk.xml
new file mode 100644
index 000000000000..11f4e3cd787b
--- /dev/null
+++ b/src/chrome/content/rules/Glasgow.gov.uk.xml
@@ -0,0 +1,81 @@
+<!--
+	Glasgow City Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+	Non-functional hosts
+		Timeout was reached:
+		- cpmesseg01s.glasgow.gov.uk
+		- cpmesseg02s.glasgow.gov.uk
+		- cpmesseg03s.glasgow.gov.uk
+		- cpmesseg04s.glasgow.gov.uk
+		- linked.glasgow.gov.uk
+		- mail.glasgow.gov.uk
+		- mail2.glasgow.gov.uk
+		- mobilevpn.glasgow.gov.uk
+		- myconnections-qas.glasgow.gov.uk
+		- myservices.glasgow.gov.uk
+
+		SSL connect error:
+		- glasgowsign.glasgow.gov.uk
+		- www.libcat.glasgow.gov.uk
+
+		SSL peer certificate was not OK:
+		- 3sccallbackuserservices.glasgow.gov.uk
+		- iframe.glasgow.gov.uk
+		- malawi.glasgow.gov.uk
+		- parkingcallbacktestus.glasgow.gov.uk
+		- parkingcallbackus.glasgow.gov.uk
+		- parkingtest.glasgow.gov.uk
+
+		Peer certificate cannot be authenticated with given CA certificates:
+		- futurecity.glasgow.gov.uk
+		- api.open.glasgow.gov.uk
+		- dataservices.open.glasgow.gov.uk
+		- developers.open.glasgow.gov.uk
+		- optic.open.glasgow.gov.uk
+		- services.glasgow.gov.uk
+
+		Incomplete certificate chain error:
+		- connect.glasgow.gov.uk
+		- csdev.glasgow.gov.uk
+		- csprod.glasgow.gov.uk
+		- csstage.glasgow.gov.uk
+		- cstest.glasgow.gov.uk
+		- csuat.glasgow.gov.uk
+		- da.glasgow.gov.uk
+		- dashboard.glasgow.gov.uk
+		- www.dashboard.glasgow.gov.uk
+		- data.glasgow.gov.uk
+		- directaccess.glasgow.gov.uk
+		- map.glasgow.gov.uk
+		- open.glasgow.gov.uk
+		- www.slis.glasgow.gov.uk
+
+		Self-signed certificate chain error:
+		- access-glasgow1.glasgow.gov.uk
+		- access-glasgow2.glasgow.gov.uk
+
+		Status code mismatch:
+		- publicaccess.glasgow.gov.uk
+-->
+<ruleset name="Glasgow.gov.uk">
+	<target host="glasgow.gov.uk" />
+	<target host="www.glasgow.gov.uk" />
+	<target host="awcgs.glasgow.gov.uk" />
+	<target host="awseg.glasgow.gov.uk" />
+	<target host="integration.glasgow.gov.uk" />
+	<target host="www.mapping.glasgow.gov.uk" />
+	<target host="onlineservices.glasgow.gov.uk" />
+	<target host="parking.glasgow.gov.uk" />
+	<target host="parkingpermits.glasgow.gov.uk" />
+	<target host="peccallbackuserservices.glasgow.gov.uk" />
+	<target host="spx.glasgow.gov.uk" />
+	<target host="spx2.glasgow.gov.uk" />
+	<target host="testmapping.glasgow.gov.uk" />
+	<target host="youraccount.glasgow.gov.uk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Glass-Craft-and-Bead-Expo.xml b/src/chrome/content/rules/Glass-Craft-and-Bead-Expo.xml
index c41feff1fbb0..f11285fbf276 100644
--- a/src/chrome/content/rules/Glass-Craft-and-Bead-Expo.xml
+++ b/src/chrome/content/rules/Glass-Craft-and-Bead-Expo.xml
@@ -6,7 +6,6 @@
 
 	<!--	Cert doesn't match !www.
 						-->
-	<rule from="^https?://(?:www\.)?glasscraftexpo\.com/"
-		to="https://www.glasscraftexpo.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Glassdoor.xml b/src/chrome/content/rules/Glassdoor.xml
index bc54a7039694..d0ed8af12c53 100644
--- a/src/chrome/content/rules/Glassdoor.xml
+++ b/src/chrome/content/rules/Glassdoor.xml
@@ -1,45 +1,68 @@
 <!--
-	Problematic domains:
 
-		- glassdoor.ca *
-		- ads.glassdoor.com	(cloudfront)
-		- glassdoor.com.au *
-		- glassdoor.co.in *
-		- glassdoor.co.uk *
+	Other Glassdoor rulesets:
 
-	* Mismatched, CN: *.glassdoor.com
+		- glassdoor.ca.xml
+		- glassdoor.co.in.xml
+		- glassdoor.co.uk.xml
+		- glassdoor.com.au.xml
 
 
-	Partially covered subdomains:
+	CDN buckets:
 
-		- (www.)	(some pages redirect to http)
+		- d3uryx0fdgatve.cloudfront.net
 
--->
-<ruleset name="Glassdoor (partial)">
 
-	<target host="glassdoor.com" />
-	<target host="*.glassdoor.com" />
-		<exclusion pattern="^http://(?:www\.)?glassdoor\.c(?:a|om|om\.au|o\.in|o\.uk)/(?!images/|profile/)" />
-	<target host="glassdoor.com.au" />
-	<target host="*.glassdoor.com.au" />
-	<target host="glassdoor.co.*" />
-	<target host="*.glassdoor.co.in" />
-	<target host="*.glassdoor.co.uk" />
+	Nonfunctional hosts in *glassdoor.com:
+
+		- help ʰ
+		- blog-content ʰ
+		- jobs ¹
+		- resources ᵃ ²
+
+	¹ 521
+	² 403
+	ᵃ Marketo / shows another domain
+	ʰ Redirects to http
+
 
+	Insecure cookies are set for these domains and hosts: ᶜ
 
-	<securecookie host="^static\.glassdoor\.com$" name=".+" />
+		- glassdoor.com
+		- .glassdoor.com
+		- www.glassdoor.com
 
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Glassdoor.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="glassdoor.com" />
+	<target host="ads.glassdoor.com" />
+	<target host="b2b-assets.glassdoor.com" />
+	<target host="static.glassdoor.com" />
+	<target host="static1.glassdoor.com" />
+	<target host="static2.glassdoor.com" />
+	<target host="static3.glassdoor.com" />
+	<target host="static4.glassdoor.com" />
+	<target host="static5.glassdoor.com" />
+	<target host="media.glassdoor.com" />
+	<target host="www.glassdoor.com" />
 
-	<rule from="^http://(media\.|static\.|www\.)?glassdoor\.com/"
-		to="https://$1glassdoor.com/" />
+	<!--    Not secured by server:
+					-->
+	<!--securecookie host="^glassdoor\.com$" name="^ARPNTS$" /-->
+	<!--securecookie host="^\.glassdoor\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+	<!--securecookie host="^www\.glassdoor\.com$" name="^(?:_uac|ARPNTS|gdId)$" /-->
 
-	<rule from="^https?://ads\.glassdoor\.com/"
-		to="https://d3uryx0fdgatve.cloudfront.net/" />
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^https?://glassdoor\.c(a|om\.au|o\.in|o\.uk)/"
-		to="https://www.glassdoor.c$1/" />
+	<!--	Redirect drops forward slash and args:
+							-->
 
-	<rule from="^http://(static|www)\.glassdoor\.c(a|om\.au|o\.in|o\.uk)/"
-		to="https://$1.glassdoor.c$2/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Glasses.com.xml b/src/chrome/content/rules/Glasses.com.xml
index b83d3d0ba2f1..996fa5aaa6d7 100644
--- a/src/chrome/content/rules/Glasses.com.xml
+++ b/src/chrome/content/rules/Glasses.com.xml
@@ -1,15 +1,19 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://media.glasses.com/ => https://media.glasses.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
 	Some pages redirect to http.
 
 -->
-<ruleset name="Glasses.com (partial)">
+<ruleset name="Glasses.com (partial)" default_off="failed ruleset test">
 
 	<target host="glasses.com" />
-	<target host="*.glasses.com" />
+	<target host="media.glasses.com" />
+	<target host="www.glasses.com" />
 		<exclusion pattern="^http://(?:www\.)?glasses\.com/(?!images/|javascript/|product-detail/get-flyout/|production_minified/|__ssobj/|user/login-modal/)" />
 
 
-	<rule from="^http://(media\.|www\.)?glasses\.com/"
-		to="https://$1glasses.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Glassesusa.com.xml b/src/chrome/content/rules/Glassesusa.com.xml
new file mode 100644
index 000000000000..d99184d3c530
--- /dev/null
+++ b/src/chrome/content/rules/Glassesusa.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Glassesusa.com">
+  <target host="glassesusa.com" />
+  <target host="www.glassesusa.com" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Glb_img.com.xml b/src/chrome/content/rules/Glb_img.com.xml
new file mode 100644
index 000000000000..203d0ab114dd
--- /dev/null
+++ b/src/chrome/content/rules/Glb_img.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="Glb img.com (partial)">
+
+	<target host="s.glbimg.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Gleam.io.xml b/src/chrome/content/rules/Gleam.io.xml
new file mode 100644
index 000000000000..ef4e26d51195
--- /dev/null
+++ b/src/chrome/content/rules/Gleam.io.xml
@@ -0,0 +1,22 @@
+<!--
+	Login required:
+		email.gleam.io
+		stage.gleam.io
+		stage-b.gleam.io
+
+-->
+<ruleset name="Gleam">
+
+	<target host="gleam.io" />
+	<target host="www.gleam.io" />
+	<target host="blog.gleam.io" />
+	<target host="js.gleam.io" />
+		<test url="http://js.gleam.io/assets/main-c409a764bd4644ca9ee6bdad0dc410815616f00d2e081241e720ba5579a6e33a.css" />
+	<target host="preview.gleam.io" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Gleam.xml b/src/chrome/content/rules/Gleam.xml
deleted file mode 100644
index 961744de5a0c..000000000000
--- a/src/chrome/content/rules/Gleam.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	www doesn't exist.
-
--->
-<ruleset name="Gleam">
-
-	<target host="gleam.io" />
-
-
-	<securecookie host="^gleam\.io$" name=".+" />
-
-
-	<rule from="^http://(js\.)?gleam\.io/"
-		to="https://$1gleam.io/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/GlenScott.xml b/src/chrome/content/rules/GlenScott.xml
index d3a5a49bb5de..811242d4a06a 100644
--- a/src/chrome/content/rules/GlenScott.xml
+++ b/src/chrome/content/rules/GlenScott.xml
@@ -2,7 +2,7 @@
   <target host="glenscott.net" />
   <target host="www.glenscott.net" />
 
-  <securecookie host="^(.+\.)?glenscott\.net$" name=".*"/>
+  <securecookie host=".+" name=".+" />
 
-  <rule from="^http://(?:www\.)?glenscott\.net/" to="https://www.glenscott.net/"/>
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Glenoit.com.xml b/src/chrome/content/rules/Glenoit.com.xml
deleted file mode 100644
index 0c20b697f613..000000000000
--- a/src/chrome/content/rules/Glenoit.com.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Glenoit.com">
-
-	<target host="glenoit.com" />
-	<target host="www.glenoit.com" />
-
-
-	<securecookie host="^(?:www\.)?glenoit\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?glenoit\.com/"
-		to="https://$1glenoit.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Glerups.xml b/src/chrome/content/rules/Glerups.xml
new file mode 100644
index 000000000000..2954609b6ecb
--- /dev/null
+++ b/src/chrome/content/rules/Glerups.xml
@@ -0,0 +1,9 @@
+<ruleset name="Glerups">
+    <target host="glerups.dk" />
+    <target host="*.glerups.dk" />
+
+    <rule from="^http://glerups\.dk/"
+        to="https://www.glerups.dk/" />
+    <rule from="^http://([^/:@]+)\.glerups\.dk/"
+        to="https://$1.glerups.dk/" />
+</ruleset>
diff --git a/src/chrome/content/rules/GlimmerBlocker.org.xml b/src/chrome/content/rules/GlimmerBlocker.org.xml
new file mode 100644
index 000000000000..4cb042b2c601
--- /dev/null
+++ b/src/chrome/content/rules/GlimmerBlocker.org.xml
@@ -0,0 +1,17 @@
+<ruleset name="GlimmerBlocker.org">
+
+	<target host="glimmerblocker.org" />
+	<target host="www.glimmerblocker.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^glimmerblocker\.org$" name="^trac_(?:form_token|session)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Glispa.com.xml b/src/chrome/content/rules/Glispa.com.xml
index 1326c39a7092..61c6d39e54b7 100644
--- a/src/chrome/content/rules/Glispa.com.xml
+++ b/src/chrome/content/rules/Glispa.com.xml
@@ -6,7 +6,6 @@
 	<securecookie host="^ads\.glispa\.com$" name=".+" />
 
 
-	<rule from="^http://ads\.glispa\.com/"
-		to="https://ads.glispa.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/GlitterBank.xml b/src/chrome/content/rules/GlitterBank.xml
index 1aff99c83d77..7e6eb6c818d8 100644
--- a/src/chrome/content/rules/GlitterBank.xml
+++ b/src/chrome/content/rules/GlitterBank.xml
@@ -6,10 +6,10 @@
 
 	<!--	Prone to 503 "too many requests".
 
-	<rule from="^https?://(?:www\.)?glitterbank\.com/"
+	<rule from="^http://(?:www\.)?glitterbank\.com/"
 		to="https://secure.hostmonster.com/~glitterb/" /-->
 
-	<rule from="^https?://(?:www\.)?glitterbank\.com/flag/"
+	<rule from="^http://(?:www\.)?glitterbank\.com/flag/"
 		to="https://secure.hostmonster.com/~glitterb/flag/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/GloDLS.to.xml b/src/chrome/content/rules/GloDLS.to.xml
new file mode 100644
index 000000000000..8cd312af7536
--- /dev/null
+++ b/src/chrome/content/rules/GloDLS.to.xml
@@ -0,0 +1,24 @@
+<ruleset name="GloDLS.to">
+	<target host="glodls.to" />
+	<target host="www.glodls.to" />
+	<target host="fbgroup.glodls.to" />
+	<target host="forum.glodls.to" />
+	<target host="forums.glodls.to" />
+	<target host="forums2.glodls.to" />
+	<target host="ftp.glodls.to" />
+	<target host="glostatus.glodls.to" />
+	<target host="imghost.glodls.to" />
+	<target host="live.glodls.to" />
+	<target host="mail.glodls.to" />
+	<target host="media.glodls.to" />
+	<target host="mg.glodls.to" />
+	<target host="ns1.glodls.to" />
+	<target host="ns2.glodls.to" />
+	<target host="paedia.glodls.to" />
+	<target host="smdb.glodls.to" />
+	<target host="tmdb.glodls.to" />
+	<target host="tracker.glodls.to" />
+	<target host="venturead.glodls.to" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Global-Footprint-Network.xml b/src/chrome/content/rules/Global-Footprint-Network.xml
index 2901d5625637..0b2094888b3b 100644
--- a/src/chrome/content/rules/Global-Footprint-Network.xml
+++ b/src/chrome/content/rules/Global-Footprint-Network.xml
@@ -4,11 +4,11 @@
 	<target host="www.footprintnetwork.org" />
 
 
-	<securecookie host="^www\.footprintnetwork\.org$" name=".*" />
+	<securecookie host="^www\.footprintnetwork\.org$" name=".+" />
 
 
 	<!--	Cert only matches www.	-->
-	<rule from="^https?://(?:www\.)?footprintnetwork\.org/"
+	<rule from="^http://(?:www\.)?footprintnetwork\.org/"
 		to="https://www.footprintnetwork.org/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Global-Investor-Relations.xml b/src/chrome/content/rules/Global-Investor-Relations.xml
index d2565f8d2386..2f949cf2c04e 100644
--- a/src/chrome/content/rules/Global-Investor-Relations.xml
+++ b/src/chrome/content/rules/Global-Investor-Relations.xml
@@ -1,10 +1,15 @@
-<ruleset name="Global Investor Relations">
+<!--
+	www.g-ir.com: Dropped
+	(www.)?investorrelations.co.uk: Dropped
+	ww7.investorrelations.co.uk: Dropped
+
+-->
+<ruleset name="Global Investor Relations" default_off="refused">
 
-	<target host="g-ir.com"/>
 	<target host="www.g-ir.com"/>
 	<target host="ww7.investorrelations.co.uk"/>
 
-	<securecookie host="^ww7\.investorrelations\.co\.uk$" name=".*"/>
+	<securecookie host="^ww7\.investorrelations\.co\.uk$" name=".+" />
 
 	<rule from="^http://(?:(?:www\.)g-ir\.com|ww7\.investorrelations\.co\.uk)/"
 		to="https://ww7.investorrelations.co.uk/"/>
diff --git a/src/chrome/content/rules/Global-Marine-Networks.xml b/src/chrome/content/rules/Global-Marine-Networks.xml
index 1f62d13a5c6b..2b196f1a14b1 100644
--- a/src/chrome/content/rules/Global-Marine-Networks.xml
+++ b/src/chrome/content/rules/Global-Marine-Networks.xml
@@ -1,4 +1,12 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://globalmarinenet.com/ => https://globalmarinenet.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.globalmarinenet.com/ => https://www.globalmarinenet.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://globalmarinenet.com/ => https://globalmarinenet.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.globalmarinenet.com/ => https://www.globalmarinenet.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 	d1n2i0nchws850.cloudfront.net
 
 
@@ -8,18 +16,17 @@
 		- web	(ditto)
 
 -->
-<ruleset name="Global Marine Networks (partial)">
+<ruleset name="Global Marine Networks (partial)" default_off="failed ruleset test">
 
 	<target host="globalmarinenet.com" />
 	<target host="www.globalmarinenet.com" />
 	<!--	* for cross-domain cookie.	-->
-	<target host="*.www.globalmarinenet.com" />
 
 
-	<securecookie host="^\.www\.globalmarinenet\.com$" name=".*" />
+
+	<securecookie host="^\.www\.globalmarinenet\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?globalmarinenet\.com/"
-		to="https://$1globalmarinenet.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Global-Marketing-Strategies.xml b/src/chrome/content/rules/Global-Marketing-Strategies.xml
index 686084340699..881ca7555db3 100644
--- a/src/chrome/content/rules/Global-Marketing-Strategies.xml
+++ b/src/chrome/content/rules/Global-Marketing-Strategies.xml
@@ -1,11 +1,24 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://fanpagegeneratorpro.com/ => https://fanpagegeneratorpro.com/: (51, "SSL: no alternative certificate subject name matches target host name 'fanpagegeneratorpro.com'")
+Fetch error: http://www.fanpagegeneratorpro.com/ => https://www.fanpagegeneratorpro.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.fanpagegeneratorpro.com'")
+Fetch error: http://howtowriteabookasap.com/ => https://howtowriteabookasap.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.howtowriteabookasap.com/ => https://www.howtowriteabookasap.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://fanpagegeneratorpro.com/ => https://fanpagegeneratorpro.com/: (60, 'SSL certificate problem: self signed certificate')
+Fetch error: http://www.fanpagegeneratorpro.com/ => https://www.fanpagegeneratorpro.com/: (60, 'SSL certificate problem: self signed certificate')
+Fetch error: http://howtowriteabookasap.com/ => https://howtowriteabookasap.com/: (51, "SSL: no alternative certificate subject name matches target host name 'howtowriteabookasap.com'")
+Fetch error: http://www.howtowriteabookasap.com/ => https://www.howtowriteabookasap.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.howtowriteabookasap.com'")
 	Other Global Marketing Strategies rulesets:
 
+		- Rhino_Support.com.xml
 		- Shopper_Approved.com.xml
 		- Trust-Guard.com.xml
 
 -->
-<ruleset name="Global Marketing Strategies (partial)" platform="mixedcontent">
+<ruleset name="Global Marketing Strategies (partial)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="fanpagegeneratorpro.com" />
 	<target host="www.fanpagegeneratorpro.com" />
@@ -15,8 +28,6 @@
 	<target host="www.howtowriteabookasap.com" />
 	<target host="professionalprivacypolicy.com" />
 	<target host="www.professionalprivacypolicy.com" />
-	<target host="rhinosupport.com" />
-	<target host="*.rhinosupport.com" />
 	<target host="termsofservicegenerator.com" />
 	<target host="www.termsofservicegenerator.com" />
 	<target host="whatsuccesstakes.com" />
@@ -25,26 +36,9 @@
 
 	<securecookie host="^www\.(?:free|professional)privacypolicy\.com$" name=".+" />
 	<securecookie host="^(?:www\.)?howtowriteabookasap\.com$" name=".+" />
-	<securecookie host="^\.rhinesupport\.com$" name=".+" />
 	<securecookie host="^www\.termsofservicegenerator\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?fanpagegeneratorpro\.com/"
-		to="https://$1fanpagegeneratorpro.com/" />
-
-	<rule from="^http://(www\.)?(free|professional)privacypolicy\.com/"
-		to="https://$1$2privacypolicy.com/" />
-
-	<rule from="^http://(www\.)?howtowriteabookasap\.com/"
-		to="https://$1howtowriteabookasap.com/" />
-
-	<rule from="^http://(fanpagegeneratorpro\.|www\.)?rhinosupport\.com/"
-		to="https://$1rhinosupport.com/" />
-
-	<rule from="^http://(www\.)?termsofservicegenerator\.com/"
-		to="https://$1termsofservicegenerator.com/" />
-
-	<rule from="^http://(www\.)?whatsuccesstakes\.com/"
-		to="https://$1whatsuccesstakes.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Global-Witness.xml b/src/chrome/content/rules/Global-Witness.xml
deleted file mode 100644
index eddcd10a4707..000000000000
--- a/src/chrome/content/rules/Global-Witness.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<ruleset name="Global Witness">
-
-	<target host="globalwitness.org" />
-	<!--	* for cross-domain cookie.	-->
-	<target host="*.globalwitness.org" />
-
-
-	<securecookie host="^.*\.globalwitness\.org$" name=".*" />
-
-	<!--	!www doesn't work over https,
-		redirects to www over http.	-->
-	<rule from="^https?://(?:www\.)?globalwitness\.org/"
-		to="https://www.globalwitness.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/GlobalConnect.dk.xml b/src/chrome/content/rules/GlobalConnect.dk.xml
new file mode 100644
index 000000000000..10ef10e41ab8
--- /dev/null
+++ b/src/chrome/content/rules/GlobalConnect.dk.xml
@@ -0,0 +1,49 @@
+<!--
+	Incomplete certificate chain:
+		- ^
+		- www
+		- techvpn1
+
+	Refused:
+		- escalation
+		- test
+
+	Self-signed:
+		- gccmg
+		- ldap
+		- ssl
+		- vpn
+
+	Mismatched:
+		- booking2
+		- fibertjek
+		- ipv6
+		- link
+		- sip
+		- support
+		- web
+-->
+<ruleset name="GlobalConnect.dk (partial)">
+	<target host="autodiscover.globalconnect.dk" />
+	<target host="booking.globalconnect.dk" />
+	<target host="bookinguk.globalconnect.dk" />
+	<target host="citrix.globalconnect.dk" />
+	<target host="develop.globalconnect.dk" />
+	<target host="eng.globalconnect.dk" />
+	<target host="extranet.globalconnect.dk" />
+	<target host="insight.globalconnect.dk" />
+	<target host="my.globalconnect.dk" />
+	<target host="dash.my.globalconnect.dk" />
+	<target host="mytest.globalconnect.dk" />
+	<target host="omc.globalconnect.dk" />
+	<target host="rnj.globalconnect.dk" />
+	<target host="tracker.globalconnect.dk" />
+	<target host="tw.globalconnect.dk" />
+	<target host="tysktest.globalconnect.dk" />
+	<target host="ug.globalconnect.dk" />
+	<target host="vip.globalconnect.dk" />
+	<target host="webmail.globalconnect.dk" />
+	<target host="xms.globalconnect.dk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/GlobalSign.xml b/src/chrome/content/rules/GlobalSign.xml
index b1a28efba8b9..090cd473eacf 100644
--- a/src/chrome/content/rules/GlobalSign.xml
+++ b/src/chrome/content/rules/GlobalSign.xml
@@ -1,95 +1,88 @@
 <!--
-	Nonfunctional globalsign.com subdomains:
-
-		- be *		(mismatched, CN: kantoor.went.be)
-		- www.be *
-		- br		(redirects to www.br.inter.net; mismatched, CN: www.br.inter.net)
-		- expired **
-		- passport **
-		- secure	(502, valid cert)
-
-	* Data differ between http & https
-	** Refused
-
-
-	Problematic globalsign.com subdomains:
-
-		- apac		(mismatched, CN: www.globalsign.com.sg)
-		- blog		(redirects erroneously, valid cert)
-		- dev.cn	(mismatched, CN: cn.globalsign.com)
-
-
-	Fully covered domains:
-
-		- globalsign.com subdomains:
-
-			- (www.)
-			- apac		(→ www.globalsign.com.sg)
-			- archive
-			- blog
-			- cn
-			- dev
-			- eu
-			- hk
-			- dev\.hk
-			- profile
-			- revoked
-			- seal
-			- sslcheck
-			- ssif1
-			- static[12]
-			- status
-			- system
-			- systemeu
-			- systemus
-			- th
-			- dev.th
-
-		- (www.)globalsign.co.in
-		- (www.)globalsign.com.au
-		- (www.)globalsign.com.sg
-		- (www.)globalsign.co.uk
-		- (www.)globalsign.de
-		- (www.)globalsign.es
-		- (www.)globalsign.eu
-		- m.globalsign.eu	
-		- (www.)globalsign.fr
-		- www.globalsign.net
-		- (www.)globalsign.nl
-
-
-	^globalsign.net doesn't exist.
+	For other GMO coverage, see GMO_Internet.xml.
 
--->
-<ruleset name="GlobalSign">
-
-	<target host="globalsign.*" />
-	<target host="www.globalsign.*" />
-	<target host="globalsign.co.*" />
-	<target host="*.globalsign.com" />
-	<target host="globalsign.com.*" />
-	<target host="www.globalsign.com.*" />
-	<target host="www.globalsign.co.in" />
-	<target host="*.globalsign.co.uk" />
-	<target host="*.globalsign.eu" />
+	Non-functional hosts in *globalsign.com
+		Couldn't connect to server:
+			 - expired.globalsign.com
+
+		SSL peer certificate was not OK:
+			 - apac.globalsign.com
 
+		Peer certificate cannot be authenticated with given CA certificates:
+			 - dev.cn.globalsign.com
 
-	<securecookie host="^(?:.*\.)?globalsign\.(?:com|co\.uk|eu)$" name=".+" />
+		Incomplete certificate chain error:
+			 - revoked.globalsign.com
+-->
+<ruleset name="GlobalSign (partial)">
+	<!-- *globalsign.com.au -->
+	<target host="globalsign.com.au" />
+	<target host="www.globalsign.com.au" />
+
+	<!-- *globalsign.com -->
+	<target host="globalsign.com" />
+	<target host="www.globalsign.com" />
+	<target host="apac.globalsign.com" />
+	<target host="cn.globalsign.com" />
+	<target host="dev.globalsign.com" />
+	<target host="e-sign.globalsign.com" />
+	<target host="eu.globalsign.com" />
+	<target host="hk.globalsign.com" />
+	<target host="jp.globalsign.com" />
+	<target host="profile.globalsign.com" />
+	<target host="seal.globalsign.com" />
+	<target host="secure.globalsign.com" />
+	<target host="ssif1.globalsign.com" />
+	<target host="sslcheck.globalsign.com" />
+	<target host="static1.globalsign.com" />
+	<target host="static2.globalsign.com" />
+	<target host="status.globalsign.com" />
+	<target host="system.globalsign.com" />
+	<target host="systemeu.globalsign.com" />
+	<target host="systemus.globalsign.com" />
+	<target host="th.globalsign.com" />
+
+	<!-- *globalsign.de -->
+	<target host="globalsign.de" />
+	<target host="www.globalsign.de" />
+
+	<!-- *globalsign.es -->
+	<target host="globalsign.es" />
+	<target host="www.globalsign.es" />
+
+	<!-- *globalsign.eu -->
+	<target host="globalsign.eu" />
+	<target host="m.globalsign.eu" />
+	<target host="www.globalsign.eu" />
+
+	<!-- *globalsign.fr -->
+	<target host="globalsign.fr" />
+	<target host="www.globalsign.fr" />
+
+	<!-- *globalsign.co.in -->
+	<target host="globalsign.co.in" />
+	<target host="www.globalsign.co.in" />
 
+	<!-- *globalsign.net -->
+	<target host="www.globalsign.net" />
 
-	<rule from="^http://((?:archive|cn|dev|eu|hk|dev\.hk|profile|revoked|seal|ssif1|sslcheck|static\d|status|system(?:eu|us)?|th|dev\.th|www)\.)?globalsign\.com/"
-		to="https://$1globalsign.com/" />
+	<!-- *globalsign.nl -->
+	<target host="globalsign.nl" />
+	<target host="www.globalsign.nl" />
 
-	<rule from="^https?://apac\.globalsign\.com/"
-		to="https://www.globalsign.com.sg/" />
+	<!-- *globalsign.com.sg -->
+	<target host="globalsign.com.sg" />
+	<target host="www.globalsign.com.sg" />
 
-	<rule from="^http://blog\.globalsign\.com/"
-		to="https://www.globalsign.com/blog" />
+	<!-- *globalsign.co.uk -->
+	<target host="globalsign.co.uk" />
+	<target host="www.globalsign.co.uk" />
 
-	<rule from="^http://(www\.)?globalsign\.(co(?:\.in|\.uk|m\.au|m\.sg)|de|es|eu|fr|net|nl)/"
-		to="https://$1globalsign.$2/" />
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://m\.globalsign\.eu/"
-		to="https://m.globalsign.eu/" />
+	<rule from="^http://apac\.globalsign\.com/"
+			to="https://www.globalsign.com.sg/" />
 
+	<rule from="^http:"
+			to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/GlobalTestSupply.com.xml b/src/chrome/content/rules/GlobalTestSupply.com.xml
new file mode 100644
index 000000000000..ccbca9dd0b7f
--- /dev/null
+++ b/src/chrome/content/rules/GlobalTestSupply.com.xml
@@ -0,0 +1,14 @@
+<!--
+	Invalid certificate:
+		globaltestsupply.com
+
+-->
+<ruleset name="Globaltestsupply.com">
+
+	<target host="globaltestsupply.com"/>
+	<target host="www.globaltestsupply.com"/>
+
+	<rule from="^http://(www\.)?globaltestsupply\.com/"
+		to="https://www.globaltestsupply.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GlobalTestSupply.xml b/src/chrome/content/rules/GlobalTestSupply.xml
deleted file mode 100644
index 9c780b7d87c7..000000000000
--- a/src/chrome/content/rules/GlobalTestSupply.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="Globaltestsupply">
-  <target host="www.globaltestsupply.com"/>
-  <target host="globaltestsupply.com"/>
-  <rule from="^http://(www\.)?globaltestsupply\.com/" to="https://www.globaltestsupply.com/"/>
-</ruleset>
-<!-- Rule generated by HTTPS Finder 0.77 -->
diff --git a/src/chrome/content/rules/Global_2000.at.xml b/src/chrome/content/rules/Global_2000.at.xml
new file mode 100644
index 000000000000..853cd41371f9
--- /dev/null
+++ b/src/chrome/content/rules/Global_2000.at.xml
@@ -0,0 +1,20 @@
+<!--
+	Fully covered hosts in *global2000.at:
+
+		- (www.)?
+		- helfen
+
+-->
+<ruleset name="Global 2000.at">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="global2000.at" />
+	<target host="helfen.global2000.at" />
+	<target host="www.global2000.at" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Global_Amici.xml b/src/chrome/content/rules/Global_Amici.xml
deleted file mode 100644
index 81eb0bf01da5..000000000000
--- a/src/chrome/content/rules/Global_Amici.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	Expired 2011-11-10
-
--->
-<ruleset name="Global Amici" default_off="expired">
-
-	<target host="globalamicistore.com" />
-	<target host="*.globalamicistore.com" />
-
-
-	<securecookie host="^\.globalamicistore\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?globalamicistore\.com/"
-		to="https://www.globalamicistore.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Global_Bersih.xml b/src/chrome/content/rules/Global_Bersih.xml
index e9a248549719..760014cdc122 100644
--- a/src/chrome/content/rules/Global_Bersih.xml
+++ b/src/chrome/content/rules/Global_Bersih.xml
@@ -1,13 +1,12 @@
 <ruleset name="Global Bersih">
 
 	<target host="globalbersih.org" />
-	<target host="*.globalbersih.org" />
+	<target host="www.globalbersih.org" />
 
 
 	<securecookie host="^(?:w*\.)?globalbersih.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?globalbersih\.org/"
-		to="https://$1globalbersih.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Global_Capacity.com.xml b/src/chrome/content/rules/Global_Capacity.com.xml
new file mode 100644
index 000000000000..531b9c285842
--- /dev/null
+++ b/src/chrome/content/rules/Global_Capacity.com.xml
@@ -0,0 +1,64 @@
+<!--
+	Other Global Capacity rulesets:
+
+		- Covad.com.xml
+		- Covad.net.xml
+		- MegaPath_Wholesale.com.xml
+
+
+	Problematic hosts in *globalcapacity.com:
+
+		- (www.)? ¹ ²
+		- blog ³
+		- info ³
+		- www ¹ ²
+
+	¹ Expired
+	² Self-signed
+	³ Hubspot
+
+
+	Insecure cookies are set for these hosts:
+
+		- globalcapacity.com
+		- blog.globalcapacity.com
+		- clm.globalcapacity.com
+		- info.globalcapacity.com
+		- myaccount.globalcapacity.com
+
+
+	Mixed content:
+
+		- Images on info from cdn\d.hubspot.net *
+		- favicon on info from cdn\d.hubspot.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Global Capacity.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<!--target host="globalcapacity.com" /-->
+	<!--target host="blog.globalcapacity.com" /-->
+	<target host="clm.globalcapacity.com" />
+	<target host="connect.globalcapacity.com" />
+	<!--target host="info.globalcapacity.com" /-->
+	<target host="myaccount.globalcapacity.com" />
+	<!--target host="www.globalcapacity.com" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^globalcapacity\.com$" name="^(?:global-prod_(?:csrf_token|last_activity|tracker))$" /-->
+	<!--securecookie host="^clm\.globalcapacity\.com$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^(?:blog|info)\.globalcapacity\.com$" name="^hsPagesViewedThisSession$" /-->
+	<!--securecookie host="^myaccount\.globalcapacity\.com$" name="^(?:JSESSIONID|ServerID)$" /-->
+
+	<securecookie host="^(?:clm|myaccount)\.globalcapacity\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Global_Cloud_Xchange.com.xml b/src/chrome/content/rules/Global_Cloud_Xchange.com.xml
new file mode 100644
index 000000000000..3c32a3d5cc32
--- /dev/null
+++ b/src/chrome/content/rules/Global_Cloud_Xchange.com.xml
@@ -0,0 +1,48 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cdn.globalcloudxchange.com/ => https://d6v3rabjzlopt.cloudfront.net/: Too many redirects while fetching 'https://d6v3rabjzlopt.cloudfront.net/'
+
+	CDN buckets:
+
+		- d6v3rabjzlopt.cloudfront.net
+
+			- cdn.globalcloudxchange.com
+
+
+	Nonfunctional subdomains:
+
+		- (www.) ¹
+		- iglobalcom ²
+
+	¹ Dropped
+	² Refused
+
+
+	Problematic subdomains:
+
+		- cdn ¹
+		- gcxcare ²
+
+	¹ Cloudflare
+	² Insecure renegotiation
+
+-->
+<ruleset name="Global Cloud Xchange.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="gcxcare.globalcloudxchange.com" />
+
+	<!--	Complications:
+				-->
+	<target host="cdn.globalcloudxchange.com" />
+
+
+	<rule from="^http://cdn\.globalcloudxchange\.com/"
+		to="https://d6v3rabjzlopt.cloudfront.net/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Global_HIV_Me_Info.org.xml b/src/chrome/content/rules/Global_HIV_Me_Info.org.xml
new file mode 100644
index 000000000000..59487aa7f28f
--- /dev/null
+++ b/src/chrome/content/rules/Global_HIV_Me_Info.org.xml
@@ -0,0 +1,18 @@
+<!--
+	Mixed content:
+
+		- Image from ^
+
+		- Ad from globalhivmeinfo-ads.icfwebservices.com
+
+-->
+<ruleset name="Global HIV Me Info.org" default_off="mismatched">
+
+	<target host="globalhivmeinfo.org" />
+	<target host="www.globalhivmeinfo.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Global_Human_Rights.org.xml b/src/chrome/content/rules/Global_Human_Rights.org.xml
new file mode 100644
index 000000000000..d0d36684fc18
--- /dev/null
+++ b/src/chrome/content/rules/Global_Human_Rights.org.xml
@@ -0,0 +1,46 @@
+<!--
+	Some pages redirect to http.
+
+
+	Insecure cookies are set for these hosts:
+
+		- globalhumanrights.org
+		- www.globalhumanrights.org
+
+-->
+<ruleset name="Global Human Rights.org (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="globalhumanrights.org" />
+	<target host="www.globalhumanrights.org" />
+		<!--
+			Redirects to http:
+						-->
+		<!--exclusion pattern="^http://(?:www\.)?globalhumanrights\.org/($|act-now/donate-now$)" /-->
+
+		<!--	Exceptions:
+					-->
+		<exclusion pattern="^http://(?:www\.)?globalhumanrights\.org/+(?!act-now/donate-now/|wp-content/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://globalhumanrights.org/es/" />
+			<test url="http://globalhumanrights.org/fr/" />
+			<test url="http://globalhumanrights.org/grants/" />
+
+			<!--	-ve:
+					-->
+			<test url="http://globalhumanrights.org/act-now/donate-now/" />
+			<test url="http://globalhumanrights.org/wp-content/themes/fghr/img/pattern.png" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?globalhumanrights\.org$" name="^_icl_current_language$" /-->
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Global_Network.pl.xml b/src/chrome/content/rules/Global_Network.pl.xml
new file mode 100644
index 000000000000..f2080d5c6630
--- /dev/null
+++ b/src/chrome/content/rules/Global_Network.pl.xml
@@ -0,0 +1,36 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://globalnetwork.pl/ => https://globalnetwork.pl/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.globalnetwork.pl/ => https://globalnetwork.pl/: (60, 'SSL certificate problem: certificate has expired')
+
+	Problematic hosts:
+
+		- www *
+
+	* Mismatched
+
+
+	Fully covered hosts:
+
+		- (www.)?	(www → ^)
+
+-->
+<ruleset name="Global Network.pl" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="globalnetwork.pl" />
+
+	<!--	Complications:
+				-->
+	<target host="www.globalnetwork.pl" />
+
+
+	<rule from="^http://www\.globalnetwork\.pl/"
+		to="https://globalnetwork.pl/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Global_Network_Initiative.org.xml b/src/chrome/content/rules/Global_Network_Initiative.org.xml
new file mode 100644
index 000000000000..5279f9d1d6cf
--- /dev/null
+++ b/src/chrome/content/rules/Global_Network_Initiative.org.xml
@@ -0,0 +1,10 @@
+<ruleset name="Global Network Initiative.org">
+
+	<target host="globalnetworkinitiative.org" />
+	<target host="www.globalnetworkinitiative.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Global_Perspectives_Canada.xml b/src/chrome/content/rules/Global_Perspectives_Canada.xml
deleted file mode 100644
index e79020b5c143..000000000000
--- a/src/chrome/content/rules/Global_Perspectives_Canada.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Global Perspectives Canada">
-
-	<target host="globalperspectivescanada.com" />
-	<target host="*.globalperspectivescanada.com" />
-
-
-	<securecookie host="^\.globalperspectivescanada.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?globalperspectivescanada\.com/"
-		to="https://$1globalperspectivescanada.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Global_Policy_Forum.xml b/src/chrome/content/rules/Global_Policy_Forum.xml
index f52c7f0cec63..69a402c075fb 100644
--- a/src/chrome/content/rules/Global_Policy_Forum.xml
+++ b/src/chrome/content/rules/Global_Policy_Forum.xml
@@ -13,7 +13,6 @@
 	<securecookie host="^www\.globalpolicy\.org$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?globalpolicy\.org/"
-		to="https://www.globalpolicy.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Global_Promote.xml b/src/chrome/content/rules/Global_Promote.xml
index 71ea60a731ec..9e399a67f824 100644
--- a/src/chrome/content/rules/Global_Promote.xml
+++ b/src/chrome/content/rules/Global_Promote.xml
@@ -14,4 +14,4 @@
 	<rule from="^http://(?:www\.)?globalpromote\.com/"
 		to="https://globalpromote.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Global_Research.ca.xml b/src/chrome/content/rules/Global_Research.ca.xml
new file mode 100644
index 000000000000..9eaaca886041
--- /dev/null
+++ b/src/chrome/content/rules/Global_Research.ca.xml
@@ -0,0 +1,13 @@
+<!--
+	(www.): 200 "Error"
+
+-->
+<ruleset name="Global Research.ca (partial)">
+
+	<target host="store.globalresearch.ca" />
+		<!--exclusion pattern="http://www\.globalresearch\.ca/" /-->
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Global_Sources.xml b/src/chrome/content/rules/Global_Sources.xml
index cdd25852dcda..e42f487b7abe 100644
--- a/src/chrome/content/rules/Global_Sources.xml
+++ b/src/chrome/content/rules/Global_Sources.xml
@@ -1,4 +1,10 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://globalsources.com/ => https://www.globalsources.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.globalsources.com'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://globalsources.com/ => https://www.globalsources.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.globalsources.com'")
 	CDN buckets:
 
 		- p.globalsources.com.edgesuite.net
@@ -19,19 +25,20 @@
 	p serves images only.
 
 -->
-<ruleset name="Global Sources (partial)">
+<ruleset name="Global Sources (partial)" default_off="failed ruleset test">
 
 	<target host="globalsources.com" />
-	<target host="*.globalsources.com" />
+	<target host="s.globalsources.com" />
+	<target host="www.globalsources.com" />
+	<target host="login.globalsources.com" />
 
 
 	<securecookie host="^w*\.globalsources\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:s\.|www\.)?globalsources\.com/"
+	<rule from="^http://(?:s\.|www\.)?globalsources\.com/"
 		to="https://www.globalsources.com/" />
 
-	<rule from="^http://login\.globalsources\.com/"
-		to="https://login.globalsources.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Global_Voices_Online.org.xml b/src/chrome/content/rules/Global_Voices_Online.org.xml
new file mode 100644
index 000000000000..404afd3423e9
--- /dev/null
+++ b/src/chrome/content/rules/Global_Voices_Online.org.xml
@@ -0,0 +1,125 @@
+<!--
+	CDN buckets:
+
+		- static.globalvoices.s3.amazonaws.com
+
+
+	Nonfunctional subdomains:
+
+		- img		(404, valid cert)
+		- summit2012	("server error", valid cert)
+
+
+	Fully covered subdomains:
+
+		- (www.)
+		- advocacy
+		- ar
+		- ay
+		- aym
+		- bn
+		- books
+		- da
+		- de
+		- el
+		- es
+		- fa
+		- fr
+		- hu
+		- id
+		- it
+		- jp
+		- ko
+		- mg
+		- mk
+		- nl
+		- pl
+		- pt
+		- rising
+		- ru
+		- sr
+		- sv
+		- sw
+		- zh
+
+
+	Mixed content:
+
+		- css on advocacy and rising from fonts.googleapis.com ¹
+
+		- Images, on:
+
+			- ^, advocacy, ar, ay, bn, books, el, es, fa, it, jp, ko, mk, pt, and rising from $self ¹
+			- ar, ay, aym, bn, ca, de, el, es, fa, fr, hu, id, jp, ko, mk, mg, nl, pl, pt, ru, sr, sv, sw, and zh from ^ ¹
+			- es and mk from advocacy ¹
+			- aym from ay ¹
+			- da from bn ¹
+			- it from books ¹
+			- ay, aym, ca, de, pl, and sv from es ¹
+			- mk from fr ¹
+			- ar, bn, el, es, fa, fr, hu, id, pl, and sr from img ²
+			- id from jp ¹
+			- ar, de, fr, and sv from pt ¹
+			- ar, ay, aym, and mk from rising ¹
+			- da from summit2012 ²
+			- id from www ¹
+			- ^, advocacy, ar, ay, aym, bn, ca, da, de, el, es, fa, hu, id, it, jp, ko, mg, mk, nl, pl, pt, rising, ru, sr, sv, sw, and zh from static.globalvoices.s3.amazonaws.com ¹
+			- hu from atlatszo.hu ³
+			- bn from photos1.blogger.com ¹
+			- advocacy and rising from creativecommons.org ¹
+			- fr from farm\d.static.flickr.com ¹
+			- fr from a\d.twimg.com ¹
+			- da from verdensnyt.dk ²
+
+		- Web bugs, on:
+
+			- ^ from pixel.quantserve.com ¹
+			- advocacy, es, and fr from www.facebook.com ¹
+			- id from badge.facebook.com ¹
+
+	¹ Secured by us
+	² Unsecurable
+	³ Rule disabled by default
+
+-->
+<ruleset name="Global Voices Online.org (partial)">
+
+	<target host="globalvoicesonline.org" />
+	<target host="advocacy.globalvoicesonline.org" />
+	<target host="ar.globalvoicesonline.org" />
+	<target host="ay.globalvoicesonline.org" />
+	<target host="aym.globalvoicesonline.org" />
+	<target host="bn.globalvoicesonline.org" />
+	<target host="books.globalvoicesonline.org" />
+	<target host="da.globalvoicesonline.org" />
+	<target host="de.globalvoicesonline.org" />
+	<target host="el.globalvoicesonline.org" />
+	<target host="es.globalvoicesonline.org" />
+	<target host="fa.globalvoicesonline.org" />
+	<target host="fr.globalvoicesonline.org" />
+	<target host="hu.globalvoicesonline.org" />
+	<target host="id.globalvoicesonline.org" />
+	<target host="it.globalvoicesonline.org" />
+	<target host="jp.globalvoicesonline.org" />
+	<target host="ko.globalvoicesonline.org" />
+	<target host="mg.globalvoicesonline.org" />
+	<target host="mk.globalvoicesonline.org" />
+	<target host="nl.globalvoicesonline.org" />
+	<target host="pl.globalvoicesonline.org" />
+	<target host="pt.globalvoicesonline.org" />
+	<target host="rising.globalvoicesonline.org" />
+	<target host="ru.globalvoicesonline.org" />
+	<target host="sr.globalvoicesonline.org" />
+	<target host="sv.globalvoicesonline.org" />
+	<target host="sw.globalvoicesonline.org" />
+	<target host="www.globalvoicesonline.org" />
+	<target host="zh.globalvoicesonline.org" />
+		<!--exclusion pattern="^http://(img|summit2012)\." /-->
+
+
+	<securecookie host="^\.(?:\w+\.)?globalvoicesonline\.org$" name=".+" />
+
+
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Global_Web.co.uk.xml b/src/chrome/content/rules/Global_Web.co.uk.xml
new file mode 100644
index 000000000000..31bab0ddf256
--- /dev/null
+++ b/src/chrome/content/rules/Global_Web.co.uk.xml
@@ -0,0 +1,26 @@
+<!--
+	^globalweb.co.uk: Shows default page
+
+-->
+<ruleset name="Global Web.co.uk">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="static.globalweb.co.uk" />
+	<target host="www.globalweb.co.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="globalweb.co.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://globalweb\.co\.uk/"
+		to="https://www.globalweb.co.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Globalclimatemarch.org.xml b/src/chrome/content/rules/Globalclimatemarch.org.xml
new file mode 100644
index 000000000000..ff4f7a100b4b
--- /dev/null
+++ b/src/chrome/content/rules/Globalclimatemarch.org.xml
@@ -0,0 +1,19 @@
+<!--
+	Certificate is signed for IP address, not domain name.
+
+-->
+<ruleset name="Globalclimatemarch.org" default_off="cert-invalid">
+
+	<target host="globalclimatemarch.org" />
+	<target host="www.globalclimatemarch.org" />
+
+	<securecookie host="^globalclimatemarch\.org" name=".+" />
+
+	<!-- redirect www subdomain to main domain -->
+	<rule from="^http://www\.globalclimatemarch\.org/"
+		to="https://globalclimatemarch.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Globaloneteam.com.xml b/src/chrome/content/rules/Globaloneteam.com.xml
new file mode 100644
index 000000000000..f698ebcfc6d7
--- /dev/null
+++ b/src/chrome/content/rules/Globaloneteam.com.xml
@@ -0,0 +1,48 @@
+<!--
+	For other InterContinental Hotels Group PLC coverage, see IHG_PLC.com.xml.
+
+
+	(www.): mismatched, CN: www.ihgmerlin.com
+
+
+	Fully covered subdomains:
+
+		- (www.)	(→ me2.ihgmerlin.com & www.ihgmerlin.com)
+		- dsso
+		- sso
+		- sso-qa
+
+-->
+<ruleset name="globaloneteam.com">
+
+	<target host="globaloneteam.com" />
+	<target host="*.globaloneteam.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.globaloneteam\.com$" name="^SMIDENTITY$" /-->
+	<!--securecookie host="^dsso\.globaloneteam\.com$" name="^BIGipServersec_DSSO_80$" /-->
+	<!--securecookie host="^sso\.globaloneteam\.com$" name="^BIGipServersec_Siteminder_\d+$" /-->
+	<!--securecookie host="^sso-qa\.globaloneteam\.com$" name="^BIGipServerSiteMinder_QA_DMZ_\d+$" /-->
+
+	<securecookie host="^(?:dsso|sso|sso-qa)\.globaloneteam\.com$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?globaloneteam\.com/(?=$|\?)"
+		to="https://me2.ihgmerlin.com/web/merlin/home" />
+
+	<!--	Redirect drops path but not args:
+						-->
+	<rule from="^http://(?:www\.)?globaloneteam\.com//[^?]*"
+		to="https://www.ihgmerlin.com/portal/server.pt?" />
+
+	<!--	Redirect keeps path and args:
+						-->
+	<rule from="^http://(?:www\.)?globaloneteam\.com/"
+		to="https://me2.ihgmerlin.com/me2-vanity-url-portlet/redirect/" />
+
+	<rule from="^http://(dsso|sso|sso-qa)\.globaloneteam\.com/"
+		to="https://$1.globaloneteam.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Globalscaletechnologies.com.xml b/src/chrome/content/rules/Globalscaletechnologies.com.xml
index fb5ddcfc3ca5..bfafd53dfa96 100644
--- a/src/chrome/content/rules/Globalscaletechnologies.com.xml
+++ b/src/chrome/content/rules/Globalscaletechnologies.com.xml
@@ -1,13 +1,12 @@
 <ruleset name="Global Scale Technologies">
 
 	<target host="globalscaletechnologies.com" />
-	<target host="*.globalscaletechnologies.com" />
+	<target host="www.globalscaletechnologies.com" />
 
 
-	<securecookie host="^(.*\.)?globalscaletechnologies\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(www\.)?globalscaletechnologies\.com/"
-		to="https://$1globalscaletechnologies.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Globaltap.com.xml b/src/chrome/content/rules/Globaltap.com.xml
index bbe44fc3010d..f9af471e2386 100644
--- a/src/chrome/content/rules/Globaltap.com.xml
+++ b/src/chrome/content/rules/Globaltap.com.xml
@@ -11,13 +11,13 @@
 <ruleset name="Globaltap.com">
 
 	<target host="globaltap.com" />
-	<target host="*.globaltap.com" />
+	<target host="billing.globaltap.com" />
+	<target host="www.globaltap.com" />
 
 
 	<securecookie host="^billing\.globaltap\.com$" name=".+" />
 
 
-	<rule from="^http://(billing\.|www\.)?globaltap\.com/"
-		to="https://$1globaltap.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Globalways.net.xml b/src/chrome/content/rules/Globalways.net.xml
new file mode 100644
index 000000000000..859697618ee7
--- /dev/null
+++ b/src/chrome/content/rules/Globalways.net.xml
@@ -0,0 +1,34 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- globalways.net
+		- www.globalways.net
+
+
+	Mixed content:
+
+		- css on careers from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Globalways.net">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="globalways.net" />
+	<target host="careers.globalways.net" />
+	<target host="www.globalways.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?globalways\.net$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^(?:www\.)?globalways\.net$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Globat.com.xml b/src/chrome/content/rules/Globat.com.xml
new file mode 100644
index 000000000000..d368f2787bc5
--- /dev/null
+++ b/src/chrome/content/rules/Globat.com.xml
@@ -0,0 +1,11 @@
+<ruleset name="Globat.com">
+
+	<target host="globat.com" />
+	<target host="www.globat.com" />
+	<target host="secure.globat.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Globat.xml b/src/chrome/content/rules/Globat.xml
deleted file mode 100644
index 799529991847..000000000000
--- a/src/chrome/content/rules/Globat.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Globat">
-
-	<target host="globat.com" />
-	<target host="*.globat.com" />
-
-
-	<securecookie host="^\.globat\.com$" name=".*" />
-
-
-	<rule from="^http://(secure\.|www\.)?globat\.com(?:443)?/"
-		to="https://$1globat.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/GlobeAndMail.xml b/src/chrome/content/rules/GlobeAndMail.xml
deleted file mode 100644
index 31b75ad78410..000000000000
--- a/src/chrome/content/rules/GlobeAndMail.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	Nonfunctional:
-
-		- beta.images.theglobeandmail.com		(Akamai; "An error occurred")
-		- origin-beta.images.theglobeandmail.com	(times out)
-
--->
-<ruleset name="TheGlobeAndMail (cert warning)" default_off="akamai">
-
-	<target host="theglobeandmail.com" />
-	<target host="www.theglobeandmail.com" />
-
-
-	<rule from="^https?://(?:www\.)?theglobeandmail\.com/"
-		to="https://www.theglobeandmail.com/" />
-
-</ruleset>
-
diff --git a/src/chrome/content/rules/Globes.xml b/src/chrome/content/rules/Globes.xml
index bb3e29035693..c72a28472150 100644
--- a/src/chrome/content/rules/Globes.xml
+++ b/src/chrome/content/rules/Globes.xml
@@ -21,7 +21,6 @@
 	<securecookie host="^www\.globes\.co\.il$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?globes\.co\.il/"
-		to="https://www.globes.co.il/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Globetrotter.xml b/src/chrome/content/rules/Globetrotter.xml
new file mode 100644
index 000000000000..048bb0dc1669
--- /dev/null
+++ b/src/chrome/content/rules/Globetrotter.xml
@@ -0,0 +1,6 @@
+<ruleset name="Globetrotter">
+    <target host="globetrotter.de" />
+    <target host="www.globetrotter.de" />
+
+    <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Globevestor.com.xml b/src/chrome/content/rules/Globevestor.com.xml
new file mode 100644
index 000000000000..17b7bc903f56
--- /dev/null
+++ b/src/chrome/content/rules/Globevestor.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Globevestor.com">
+	<target host="globevestor.com" />
+	<target host="www.globevestor.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Globus-Online.xml b/src/chrome/content/rules/Globus-Online.xml
index 6b9c912f7e60..9a82e44b7b8e 100644
--- a/src/chrome/content/rules/Globus-Online.xml
+++ b/src/chrome/content/rules/Globus-Online.xml
@@ -7,13 +7,13 @@
 <ruleset name="Globus Online">
 
 	<target host="globusonline.org" />
-	<target host="*.globusonline.org" />
+	<target host="support.globusonline.org" />
+	<target host="www.globusonline.org" />
 
 
-	<securecookie host="^(.*\.)?globusonline\.org$" name=".*" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(support\.|www\.)?globusonline\.org/"
-		to="https://$1globusonline.org/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Globus.ch.xml b/src/chrome/content/rules/Globus.ch.xml
new file mode 100644
index 000000000000..f50b484acab7
--- /dev/null
+++ b/src/chrome/content/rules/Globus.ch.xml
@@ -0,0 +1,12 @@
+<!--
+	Mismatch:
+		- mails.globus.ch
+-->
+<ruleset name="Globus.ch">
+	<target host="globus.ch" />
+	<target host="www.globus.ch" />
+	<target host="events.globus.ch" />
+	<target host="sso.globus.ch" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Globus.xml b/src/chrome/content/rules/Globus.xml
index abcb524ef2d0..bab645c3fc1d 100644
--- a/src/chrome/content/rules/Globus.xml
+++ b/src/chrome/content/rules/Globus.xml
@@ -14,10 +14,9 @@
 	<target host="dev.globus.org" />
 
 
-	<securecookie host="^dev\.globus\.org$" name=".*" />
+	<securecookie host="^dev\.globus\.org$" name=".+" />
 
 
-	<rule from="^http://dev\.globus\.org/"
-		to="https://dev.globus.org/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Glose.com.xml b/src/chrome/content/rules/Glose.com.xml
new file mode 100644
index 000000000000..883c3a81d218
--- /dev/null
+++ b/src/chrome/content/rules/Glose.com.xml
@@ -0,0 +1,13 @@
+<!--
+	www: 401
+
+-->
+<ruleset name="Glose.com">
+
+	<target host="glose.com" />
+	<target host="www.glose.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Gloucestershire.gov.uk.xml b/src/chrome/content/rules/Gloucestershire.gov.uk.xml
new file mode 100644
index 000000000000..4819af656bf3
--- /dev/null
+++ b/src/chrome/content/rules/Gloucestershire.gov.uk.xml
@@ -0,0 +1,29 @@
+<!--
+	For other UK government coverage, see GOV.UK.xml.
+
+	Non-functional hosts
+		Couldn't connect to server:
+		- caps.gloucestershire.gov.uk
+		- planning.gloucestershire.gov.uk
+		- ww3.gloucestershire.gov.uk
+
+		Timeout was reached:
+		- gistest.gloucestershire.gov.uk
+		- glostext.gloucestershire.gov.uk
+
+		SSL peer certificate was not OK:
+		- adulteducation.gloucestershire.gov.uk
+
+		Status code mismatch:
+		- ww5.gloucestershire.gov.uk
+-->
+<ruleset name="Gloucestershire.gov.uk (partial)">
+	<target host="gloucestershire.gov.uk" />
+	<target host="www.gloucestershire.gov.uk" />
+	<target host="emsonline.gloucestershire.gov.uk" />
+		<test url="http://emsonline.gloucestershire.gov.uk/CitizenPortal/Account/Login?ReturnUrl=%2FCitizenPortal%2F" />
+	<target host="myjobs.gloucestershire.gov.uk" />
+	<target host="mytempjobs.gloucestershire.gov.uk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/GloucestershireConstabulary.xml b/src/chrome/content/rules/GloucestershireConstabulary.xml
new file mode 100644
index 000000000000..9075454e1b5a
--- /dev/null
+++ b/src/chrome/content/rules/GloucestershireConstabulary.xml
@@ -0,0 +1,6 @@
+<ruleset name="Gloucestershire Constabulary">
+	<target host="gloucestershire.police.uk" />
+	<target host="www.gloucestershire.police.uk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Glowing.com.xml b/src/chrome/content/rules/Glowing.com.xml
new file mode 100644
index 000000000000..f0151c530c5b
--- /dev/null
+++ b/src/chrome/content/rules/Glowing.com.xml
@@ -0,0 +1,20 @@
+<!--
+	Nonfunctional hosts in *glowing.com:
+
+		- blog *
+
+	* Tumblr
+
+-->
+<ruleset name="Glowing.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="glowing.com" />
+	<target host="www.glowing.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Glueckspost.ch.xml b/src/chrome/content/rules/Glueckspost.ch.xml
new file mode 100644
index 000000000000..5cd3646d1f5c
--- /dev/null
+++ b/src/chrome/content/rules/Glueckspost.ch.xml
@@ -0,0 +1,7 @@
+<ruleset name="Glueckspost.ch">
+	<target host="glueckspost.ch" />
+	<target host="www.glueckspost.ch" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Gluster.org.xml b/src/chrome/content/rules/Gluster.org.xml
new file mode 100644
index 000000000000..906471ea8557
--- /dev/null
+++ b/src/chrome/content/rules/Gluster.org.xml
@@ -0,0 +1,35 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://gluster.org/ => https://gluster.org/: (51, "SSL: no alternative certificate subject name matches target host name 'gluster.org'")
+Fetch error: http://forge.gluster.org/ => https://forge.gluster.org/: (6, 'Could not resolve host: forge.gluster.org')
+
+	For other Red Hat coverage, see Red_Hat.xml.
+
+
+	Fully covered hosts in *gluster.org:
+
+		- (www.)?
+		- forge
+
+-->
+<ruleset name="Gluster.org" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="gluster.org" />
+	<target host="forge.gluster.org" />
+	<target host="www.gluster.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.forge\.gluster\.org$" name="^_gitorious_sess$" /-->
+
+	<securecookie host="^\.forge\.gluster\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Glype.xml b/src/chrome/content/rules/Glype.xml
index 72da56fc9ac0..d7f48f53107b 100644
--- a/src/chrome/content/rules/Glype.xml
+++ b/src/chrome/content/rules/Glype.xml
@@ -6,9 +6,8 @@
 	<target host="glype.com"/>
 	<target host="www.glype.com"/>
 
-	<securecookie host="^www\.glype\.com$" name=".*"/>
+	<securecookie host="^www\.glype\.com$" name=".+" />
 
-	<rule from="^http://(www\.)?glype\.com/"
-		to="https://$1glype.com/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Glyph.im.xml b/src/chrome/content/rules/Glyph.im.xml
index 501d68e59b05..b2b3edec48f8 100644
--- a/src/chrome/content/rules/Glyph.im.xml
+++ b/src/chrome/content/rules/Glyph.im.xml
@@ -1,10 +1,18 @@
-<ruleset name="glyph.im">
 
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.glyph.im/ => https://www.glyph.im/: (51, "SSL: no alternative certificate subject name matches target host name 'www.glyph.im'")
+
+-->
+<ruleset name="glyph.im" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
 	<target host="glyph.im" />
 	<target host="www.glyph.im" />
 
 
-	<rule from="^http://(www\.)?glyph\.im/"
-		to="https://$1glyph.im/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Glyphicons.com.xml b/src/chrome/content/rules/Glyphicons.com.xml
new file mode 100644
index 000000000000..026d384cee69
--- /dev/null
+++ b/src/chrome/content/rules/Glyphicons.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="Glyphicons.com">
+    <target host="glyphicons.com" />
+    <target host="www.glyphicons.com" />
+    <securecookie host="^(www\.)?glyphicons\.com$" name=".+" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Gmedianetworks.com.xml b/src/chrome/content/rules/Gmedianetworks.com.xml
deleted file mode 100644
index 7119f72f33ce..000000000000
--- a/src/chrome/content/rules/Gmedianetworks.com.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	CDN buckets:
-
-		- dn6540p04s3vz.cloudfront.net
-
-			- staticcdn.gmedianetworks.com
-
-
-	(www.) doesn't exist.
-
--->
-<ruleset name="gmedianetworks.com">
-
-	<target host="*.gmedianetworks.com" />
-
-
-	<rule from="^http://static\.gmedianetworks\.com/"
-		to="https://static.gmedianetworks.com/" />
-
-	<rule from="^http://staticcdn\.gmedianetworks\.com/"
-		to="https://dn6540p04s3vz.cloudfront.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Gml.cz.xml b/src/chrome/content/rules/Gml.cz.xml
new file mode 100644
index 000000000000..68a7b6e749fc
--- /dev/null
+++ b/src/chrome/content/rules/Gml.cz.xml
@@ -0,0 +1,16 @@
+<!--
+	Mismatch:
+		knihovna.gml.cz
+	Secure Connection Failed:
+		posta.gml.cz
+	Different Content:
+		tisk.gml.cz
+-->
+<ruleset name="Gymnázium Matyáše Lercha">
+    <target host="gml.cz" />
+    <target host="www.gml.cz" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Gna.org-problematic.xml b/src/chrome/content/rules/Gna.org-problematic.xml
deleted file mode 100644
index ba87268d8473..000000000000
--- a/src/chrome/content/rules/Gna.org-problematic.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<!--
-	For rules that are on by default, see Gna.xml.
-
--->
-<ruleset name="Gna.org (self-signed)" default_off="self-signed">
-
-	<target host="mail.gna.org" />
-
-
-	<rule from="^http://mail\.gna\.org/"
-		to="https://mail.gna.org/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Gna.xml b/src/chrome/content/rules/Gna.xml
index f11613709caf..6255f33c975b 100644
--- a/src/chrome/content/rules/Gna.xml
+++ b/src/chrome/content/rules/Gna.xml
@@ -1,29 +1,25 @@
 <!--
-	For problematic rules, see Gna.org-problematic.xml.
+	Nonfunctional hosts in *gna.org:
 
+		- about ʳ
+		- download ᵖ
+		- svn ᵖ
 
-	Nonfunctional subdomains:
+	ᵖ Plaintext reply
+	ʳ Refused
 
-		- about
-		- download *
-		- svn	(ssl_error_rx_record_too_long)
 
-	* http reply
-
-
-	Problematic subdomains:
-
-		- mail
+	NB: server sends no certificate chain, see https://whatsmychaincert.com
 
 -->
-<ruleset name="Gna (partial)" platform="cacert">
+<ruleset name="Gna.org (partial)" default_off="cert-chain">
 
 	<target host="gna.org" />
+	<target host="mail.gna.org" />
 	<target host="www.gna.org" />
 
 
-	<!--	Cert doesn't match www.	-->
-	<rule from="^https?://(?:www\.)?gna\.org/"
-		to="https://gna.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Gngr.info.xml b/src/chrome/content/rules/Gngr.info.xml
new file mode 100644
index 000000000000..42369061a300
--- /dev/null
+++ b/src/chrome/content/rules/Gngr.info.xml
@@ -0,0 +1,15 @@
+<!--
+	www: mismatched
+
+-->
+<ruleset name="gngr.info">
+
+	<target host="gngr.info" />
+	<target host="blog.gngr.info" />
+	<target host="www.gngr.info" />
+
+
+	<rule from="^http://(?:(blog\.)|www\.)?gngr\.info/"
+		to="https://$1gngr.info/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Gnome-look.org.xml b/src/chrome/content/rules/Gnome-look.org.xml
new file mode 100644
index 000000000000..23dbd20952b3
--- /dev/null
+++ b/src/chrome/content/rules/Gnome-look.org.xml
@@ -0,0 +1,12 @@
+<!--
+	For other openDesktop rules, see openDesktop.org.xml
+
+-->
+<ruleset name="Gnome-look.org">
+
+	<target host="gnome-look.org" />
+	<target host="www.gnome-look.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Gnosis-Software.xml b/src/chrome/content/rules/Gnosis-Software.xml
deleted file mode 100644
index 532b7c60c222..000000000000
--- a/src/chrome/content/rules/Gnosis-Software.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="Gnosis Software" default_off="Certificate mismatch">
-
-	<target host="gnosis.cx" />
-	<target host="www.gnosis.cx" />
-
-	<rule from="^http://(www\.)?gnosis\.cx/"
-		to="https://gnosis.cx/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/GnuCash.xml b/src/chrome/content/rules/GnuCash.xml
new file mode 100644
index 000000000000..ffa6a75b7ee8
--- /dev/null
+++ b/src/chrome/content/rules/GnuCash.xml
@@ -0,0 +1,14 @@
+<ruleset name="GnuCash">
+
+	<target host="gnucash.org" />
+	<target host="lists.gnucash.org" />
+	<target host="svn.gnucash.org" />
+	<target host="wiki.gnucash.org" />
+	<target host="www.gnucash.org" />
+
+	<securecookie host="(^|\.)(lists|svn|wiki|www)\.gnucash\.org$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GnuPG.com.xml b/src/chrome/content/rules/GnuPG.com.xml
new file mode 100644
index 000000000000..fd8694281751
--- /dev/null
+++ b/src/chrome/content/rules/GnuPG.com.xml
@@ -0,0 +1,18 @@
+<!--
+	See also: GnuPG.org.xml
+
+	Invalid certificate:
+		support.gnupg.com
+-->
+<ruleset name="GnuPG.com">
+
+	<target host="gnupg.com" />
+	<target host="www.gnupg.com" />
+	<target host="demo.gnupg.com" />
+	<target host="ellsberg.gnupg.com" />
+	<target host="preview.gnupg.com" />
+	<target host="zetkin.gnupg.com" />
+
+	<rule from="^http:"	to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GnuPG.org-problematic.xml b/src/chrome/content/rules/GnuPG.org-problematic.xml
deleted file mode 100644
index 7264c7f28e65..000000000000
--- a/src/chrome/content/rules/GnuPG.org-problematic.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	For rules that are on by default, see GnuPG.org.xml.
-
--->
-<ruleset name="GnuPG.org (self-signed)" default_off="self-signed">
-
-	<target host="bugs.gnupg.org" />
-	<target host="git.gnupg.org" />
-
-
-	<rule from="^http://bugs\.gnupg\.org/"
-		to="https://bugs.g10code.com/" />
-
-	<rule from="^http://git\.gnupg\.org/"
-		to="https://git.gnupg.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/GnuPG.org.xml b/src/chrome/content/rules/GnuPG.org.xml
index e2cfc67f0a79..4a50f1b5db1a 100644
--- a/src/chrome/content/rules/GnuPG.org.xml
+++ b/src/chrome/content/rules/GnuPG.org.xml
@@ -1,35 +1,48 @@
 <!--
-	For problematic rules, see GnuPG.org-problematic.xml.
-
-	For other Free Software Foundation coverage, see FSF.xml.
-
-
-	Nonfunctional subdomains:
-
-		- blog *
-		- ftp *
-
-	* Refused
-
-
-	Problematic subdomains:
-
-		- bugs	(works; mismatched, CN: kerckhoffs.g10code.com)
-
-
-	Fully covered subdomains:
-
-		- (www.)
-		- lists
-
+	See also: GnuPG.com.xml
+
+	Bad certificate:
+		al-kindi.gnupg.org
+		alberti.gnupg.org
+		blog.gnupg.org
+		cvs.gnupg.org
+		jenkins.gnupg.org
+		logo-contest.gnupg.org
+		www.tla-friendly.gnupg.org
+		www-old.gnupg.org
+
+	Non-2xx HTTP code:
+		media.gnupg.org
+
+	Refused:
+		ftp.gnupg.org
+
+	SSL: no alternative certificate subject name matches target host name:
+		www.wiki.gnupg.org
+
+	Timeout:
+		pt.gnupg.org
+		trithemius.gnupg.org
 -->
-<ruleset name="GnuPG.org (partial)" platform="cacert">
+<ruleset name="GnuPG.org">
 
 	<target host="gnupg.org" />
-	<target host="*.gnupg.org" />
-
-
-	<rule from="^http://(lists\.|www\.)?gnupg\.org/"
-		to="https://$1gnupg.org/" />
+	<target host="www.gnupg.org" />
+	<target host="bugs.gnupg.org" />
+	<target host="chat.gnupg.org" />
+	<target host="dev.gnupg.org" />
+	<target host="git.gnupg.org" />
+	<target host="gitstats.gnupg.org" />
+	<target host="jabber.gnupg.org" />
+	<target host="lists.gnupg.org" />
+	<target host="openpgpkey.gnupg.org" />
+	<target host="preview.gnupg.org" />
+	<target host="test.gnupg.org" />
+	<target host="versions.gnupg.org" />
+		<test url="http://versions.gnupg.org/swdb.lst" />
+	<target host="wiki.gnupg.org" />
+	<target host="xmpp.gnupg.org" />
+
+	<rule from="^http:"	to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/GnuTLS.org.xml b/src/chrome/content/rules/GnuTLS.org.xml
index 0e98f3602aa8..4ebcdd7ae3aa 100644
--- a/src/chrome/content/rules/GnuTLS.org.xml
+++ b/src/chrome/content/rules/GnuTLS.org.xml
@@ -1,20 +1,22 @@
 <!--
-	Nonfunctional subdomains:
+	Invalid certificate:
+		www.mod.gnutls.org
+		www2.gnutls.org
 
-		- (www.)	(refused)
-
-
-	Problematic subdomains:
-
-		- lists		(works; mismatched, CN: trithemius.gnupg.org)
+	Refused:
+		ftp.gnutls.org
+		nmav.gnutls.org
 
+	Timeout:
+		gitlab.gnutls.org
 -->
-<ruleset name="GnuTLS.org (partial)" default_off="mismatched" platform="cacert">
+<ruleset name="GnuTLS.org">
 
+	<target host="gnutls.org" />
+	<target host="www.gnutls.org" />
 	<target host="lists.gnutls.org" />
+	<target host="mod.gnutls.org" />
 
-
-	<rule from="^http://lists\.gnutls\.org/"
-		to="https://lists.gnutls.org/" />
+	<rule from="^http:"	to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Gnuheter.org.xml b/src/chrome/content/rules/Gnuheter.org.xml
index b8d31a290b56..90fdbeb5477e 100644
--- a/src/chrome/content/rules/Gnuheter.org.xml
+++ b/src/chrome/content/rules/Gnuheter.org.xml
@@ -1,6 +1,7 @@
-<ruleset name="Gnuheter.org" default_off="invalid certificate">
+<ruleset name="Gnuheter.org" default_off="mismatched">
 	<target host="gnuheter.org" />
 	<target host="www.gnuheter.org" />
-	<rule from="^http://www\.gnuheter\.org/" to="https://www.gnuheter.org/"/>
-	<rule from="^http://gnuheter\.org/" to="https://gnuheter.org/"/>
+
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Gnumeric.org.xml b/src/chrome/content/rules/Gnumeric.org.xml
new file mode 100644
index 000000000000..eaae04232dd2
--- /dev/null
+++ b/src/chrome/content/rules/Gnumeric.org.xml
@@ -0,0 +1,14 @@
+<!--
+	For other GNOME coverage, see GNOME.xml.
+
+-->
+<ruleset name="Gnumeric.org" default_off="self-signed">
+
+	<target host="gnumeric.org" />
+	<target host="www.gnumeric.org" />
+
+
+	<rule from="^http://(?:www\.)?gnumeric\.org/"
+		to="https://www.gnumeric.org/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Gnumonks.org.xml b/src/chrome/content/rules/Gnumonks.org.xml
deleted file mode 100644
index 31a6ff637101..000000000000
--- a/src/chrome/content/rules/Gnumonks.org.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="Gnumonks.org (CAcert, partial)" platform="cacert">
-
-	<target host="laforge.gnumonks.org" />
-	<target host="lists.gnumonks.org" />
-	<target host="svn.gnumonks.org" />
-
-	<rule from="^http://(laforge|lists|svn)\.gnumonks\.org/"
-		to="https://$1.gnumonks.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Go2Arena.com.xml b/src/chrome/content/rules/Go2Arena.com.xml
index 9e232102675e..df4a1b9ecdd9 100644
--- a/src/chrome/content/rules/Go2Arena.com.xml
+++ b/src/chrome/content/rules/Go2Arena.com.xml
@@ -1,13 +1,15 @@
 <ruleset name="Go2Arena.com">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="go2arena.com" />
-	<target host="*.go2arena.com" />
+	<target host="www.go2arena.com" />
 
 
 	<securecookie host="^\.(?:www\.)?go2arena\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?go2arena\.com/"
-		to="https://$1go2arena.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Go8.edu.au.xml b/src/chrome/content/rules/Go8.edu.au.xml
new file mode 100644
index 000000000000..86f84517d4f4
--- /dev/null
+++ b/src/chrome/content/rules/Go8.edu.au.xml
@@ -0,0 +1,23 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .go8.edu.au
+
+-->
+<ruleset name="Go8.edu.au">
+
+	<target host="go8.edu.au" />
+	<target host="www.go8.edu.au" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.go8\.edu\.au$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GoAbroad.com.xml b/src/chrome/content/rules/GoAbroad.com.xml
deleted file mode 100644
index a734c0279099..000000000000
--- a/src/chrome/content/rules/GoAbroad.com.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="GoAbroad.com (partial)">
-
-	<target host="secure.goabroad.com" />
-
-
-	<rule from="^http://secure\.goabroad\.com/"
-		to="https://secure.goabroad.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/GoAruna.com.xml b/src/chrome/content/rules/GoAruna.com.xml
index 8b04ea6ff707..cc7e10278910 100644
--- a/src/chrome/content/rules/GoAruna.com.xml
+++ b/src/chrome/content/rules/GoAruna.com.xml
@@ -13,7 +13,7 @@
 <ruleset name="GoAruna.com (partial)" default_off="expired">
 
 	<target host="goaruna.com" />
-	<target host="*.goaruna.com" />
+	<target host="www.goaruna.com" />
 		<!--
 			Redirect to http:
 						-->
@@ -27,4 +27,4 @@
 	<rule from="^http://(?:www\.)?goaruna\.com/(?=account(?:$|[?/])|favicon\.ico|images/|javascripts/|stylesheets/)"
 		to="https://goaruna.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/GoCoin.com.xml b/src/chrome/content/rules/GoCoin.com.xml
new file mode 100644
index 000000000000..65bc9c68f74c
--- /dev/null
+++ b/src/chrome/content/rules/GoCoin.com.xml
@@ -0,0 +1,48 @@
+<!--
+	CDN buckets:
+
+		- gocoin-developers.s3.amazonaws.com
+
+
+	Problematic subdomains:
+
+		- help *
+
+	* Tender
+
+
+	Mixed content:
+
+		- Images on help from gocoin-developers.s3.amazonaws.com *
+
+	* Secured by us
+
+-->
+<ruleset name="GoCoin.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="gocoin.com" />
+	<target host="dashboard.gocoin.com" />
+	<target host="www.gocoin.com" />
+
+	<!--	Complications:
+				-->
+	<target host="help.gocoin.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?gocoin\.com$" name="^keystone\.sid$" /-->
+	<!--securecookie host="^dashboard\.gocoin\.com$" name="^connect\.sid$" /-->
+
+	<securecookie host="^(?:\.|dashboard\.|www\.)?gocoin\.com$" name=".+" />
+
+
+	<rule from="^http://help\.gocoin\.com/"
+		to="https://gocoin.tenderapp.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GoDaddy.net.xml b/src/chrome/content/rules/GoDaddy.net.xml
new file mode 100644
index 000000000000..2a75a7d9d7b8
--- /dev/null
+++ b/src/chrome/content/rules/GoDaddy.net.xml
@@ -0,0 +1,43 @@
+<!--
+	For other GoDaddy coverage, see GoDaddy.xml.
+
+
+	Fully covered hosts in *godaddy.net:
+
+		- aboutus
+		- investors
+		- newsroom
+
+
+	Insecure cookies are set for these hosts:
+
+		- aboutus.godaddy.net
+		- investors.godaddy.net
+		- newsroom.godaddy.net
+
+
+	These altnames don't exist:
+
+		- www.newsroom.godaddy.net
+
+-->
+<ruleset name="GoDaddy.net">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="aboutus.godaddy.net" />
+	<target host="investors.godaddy.net" />
+	<target host="newsroom.godaddy.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(aboutus|investors|newsroom)\.godaddy\.net$" name="^(ASP.NET_SessionId|\w+\.godaddy\.net_Q4_ASPX_PUBLIC_LanguageId)$" /-->
+
+	<securecookie host="^(?:aboutus|investors|newsroom)\.godaddy\.net$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GoDaddy.xml b/src/chrome/content/rules/GoDaddy.xml
index 8a8408cbf62d..305ee7cf306d 100644
--- a/src/chrome/content/rules/GoDaddy.xml
+++ b/src/chrome/content/rules/GoDaddy.xml
@@ -1,19 +1,26 @@
 <!--
-	Nonfunctional domains:
+The following targets have been disabled at 2020-09-25 16:20:22:
 
-		- video.godaddy.com	(at least some pages redirect to http)
+Fetch error: http://idp.m.godaddy.com/user/retrieveloginname.aspx?spkey= => https://idp.m.godaddy.com/user/retrieveloginname.aspx?spkey=: (28, 'Connection timed out after 20001 milliseconds')
+
+	Other GoDaddy rulesets:
 
+		- GoDaddy.net.xml
+		- GoDaddy_mobile.com.xml
+		- Instantpage.me.xml
 
-	Problematic domains:
 
-		- instantpage.me	(dropped)
-		- www.instantpage.me	(works; mismatched, CN: admin.instantpage.me)
+	Nonfunctional subdomains:
 
+		- shops.godaddy.com ¹
+		- video.godaddy.com	(at least some pages redirect to http)
 
-	Partially covered domains:
+	¹ Dropped
 
-		- support.godaddy.com	(some pages redirect to http)
+	Problematic subdomains:
 
+		- community (mismatched)
+		- support (incomplete certificate chain)
 
 	Fully covered domains:
 
@@ -21,59 +28,167 @@
 
 			- (www.)
 			- auctions
+
+			- *.auctions:
+
+				- \w\w
+
+			- cart
 			- certs
-			- community
 			- idp
 			- img
 			- m
-			- \w\w.m
+
+			- *.m:
+
+				- \w\w
+				- idp
+
 			- mcc
 			- mya
 			- seal
-			- shops
 			- who
-
-		- (www.)godaddymobile.com
-
-		- instantpage.me subdomains:
-
-			- ^	(→ www.godaddy.com)
-			- admin
-			- www	(→ admin)
-
-		- (www.)tdnam.com
+			- ar
+			- au
+			- be
+			- br
+			- ca
+			- cl
+			- co
+			- dk
+			- de
+			- es
+			- fr
+			- in
+			- ie
+			- it
+			- my
+			- mx
+			- nl
+			- nz
+			- no
+			- at
+			- pk
+			- pe
+			- ph
+			- pl
+			- pt
+			- ch
+			- sg
+			- za
+			- fi
+			- se
+			- supportcenter
+			- tr
+			- uk
+			- ve
+			- who
+			- gr
+			- ru
+			- ua
+
+
+	These altnames don't exist:
+
+		- www.cart.godaddy.com
+		- www.idp.godaddy.com
+		- www.img.godaddy.com
+		- www.idp.m.godaddy.com
+		- www.mcc.godaddy.com
+		- www.mya.godaddy.com
+		- www.support.godaddy.com
+		- www.supportcenter.godaddy.com
+		- www.who.godaddy.com
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .godaddy.com
+		- \w\w.godaddy.com
+		- .auctions.godaddy.com
+		- cart.godaddy.com
+		- idp.godaddy.com
+		- \w\w.m.godaddy.com
+		- idp.m.godaddy.com
+		- mcc.godaddy.com
+		- mya.godaddy.com
+		- supportcenter.godaddy.com
+		- who.godaddy.com
 
 -->
-<ruleset name="GoDaddy (partial)">
+<ruleset name="GoDaddy.com (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="godaddy.com" />
-	<target host="*.godaddy.com" />
-		<exclusion pattern="^http://support\.godaddy\.com/(?!files/|wp-content/)" />
-	<target host="godaddymobile.com" />
-	<target host="*.godaddymobile.com" />
-	<target host="instantpage.me" />
-	<target host="*.instantpage.me" />
-	<target host="tdnam.com" />
-	<target host="www.tdnam.com" />
-
-
-	<securecookie host="^(?:.*\.)?godaddy\.com$" name=".+" />
-	<securecookie host="^\.godaddymobile\.com$" name=".+" />
-
-
-	<rule from="^http://((?:auctions|certs|community|idp|img|m|\w\w\.m|mcc|mya|seal|shops|support|who|www)\.)?godaddy\.com/"
-		to="https://$1godaddy.com/" />
-
-	<rule from="^http://(www\.)?godaddymobile\.com/"
-		to="https://$1godaddymobile.com/" />
-
-	<rule from="^http://instantpage\.me/"
-		to="https://www.godaddy.com/default.aspx" />
-
-	<rule from="^http://(?:admin|www)\.instantpage\.me/"
-		to="https://admin.instantpage.me/" />
-
-	<rule from="^http://(www\.)?tdnam\.com/"
-		to="https://$1tdnam.com/" />
+	<target host="auctions.godaddy.com" />
+	<target host="*.auctions.godaddy.com" />
+    <test url="http://pe.auctions.godaddy.com/" />
+    <test url="http://pl.auctions.godaddy.com/" />
+    <test url="http://ca.auctions.godaddy.com/" />
+
+	<target host="cart.godaddy.com" />
+	<target host="certs.godaddy.com" />
+	<target host="img.godaddy.com" />
+	<target host="m.godaddy.com" />
+	<target host="*.m.godaddy.com" />
+    <test url="http://pe.m.godaddy.com/" />
+    <test url="http://se.m.godaddy.com/" />
+    <test url="http://sg.m.godaddy.com/" />
+    <test url="http://ca.m.godaddy.com/" />
+
+  <target host="mcc.godaddy.com" />
+	<target host="mya.godaddy.com" />
+	<target host="seal.godaddy.com" />
+	<target host="supportcenter.godaddy.com" />
+	<target host="who.godaddy.com" />
+	<target host="www.godaddy.com" />
+	<target host="ar.godaddy.com" />
+	<target host="au.godaddy.com" />
+	<target host="be.godaddy.com" />
+	<target host="br.godaddy.com" />
+	<target host="ca.godaddy.com" />
+	<target host="cl.godaddy.com" />
+	<target host="co.godaddy.com" />
+	<target host="dk.godaddy.com" />
+	<target host="de.godaddy.com" />
+	<target host="es.godaddy.com" />
+	<target host="fr.godaddy.com" />
+	<target host="in.godaddy.com" />
+	<target host="ie.godaddy.com" />
+	<target host="it.godaddy.com" />
+	<target host="my.godaddy.com" />
+	<target host="mx.godaddy.com" />
+	<target host="nl.godaddy.com" />
+	<target host="nz.godaddy.com" />
+	<target host="no.godaddy.com" />
+	<target host="at.godaddy.com" />
+	<target host="pk.godaddy.com" />
+	<target host="pe.godaddy.com" />
+	<target host="ph.godaddy.com" />
+	<target host="pl.godaddy.com" />
+	<target host="pt.godaddy.com" />
+	<target host="ch.godaddy.com" />
+	<target host="sg.godaddy.com" />
+	<target host="za.godaddy.com" />
+	<target host="fi.godaddy.com" />
+	<target host="se.godaddy.com" />
+	<target host="tr.godaddy.com" />
+	<target host="uk.godaddy.com" />
+	<target host="ve.godaddy.com" />
+	<target host="gr.godaddy.com" />
+	<target host="ru.godaddy.com" />
+	<target host="ua.godaddy.com" />
+
+	<test url="http://nl.auctions.godaddy.com/" />
+
+	<securecookie host=".+" name=".+" />
+
+ <!-- SSL error, redirect to www-->
+  <rule from="^http://godaddy\.com/"
+		to="https://www.godaddy.com/" />
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/GoDaddy_mobile.com.xml b/src/chrome/content/rules/GoDaddy_mobile.com.xml
new file mode 100644
index 000000000000..fbe4a5f1ead2
--- /dev/null
+++ b/src/chrome/content/rules/GoDaddy_mobile.com.xml
@@ -0,0 +1,36 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://godaddymobile.com/ (200) => https://godaddymobile.com/ (403)
+
+	For other GoDaddy coverage, see GoDaddy.xml.
+
+
+	Fully covered hosts in *godaddymobile.com:
+
+		- (www.)?
+
+
+	Insecure cookies are set for these domains:
+
+		- .godaddymobile.com
+
+-->
+<ruleset name="GoDaddy mobile.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="godaddymobile.com" />
+	<target host="www.godaddymobile.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.godaddymobile\.com$" name="^(countrysite1|language1|market)$" /-->
+
+	<securecookie host="^\.godaddymobile\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/GoDoc.org.xml b/src/chrome/content/rules/GoDoc.org.xml
new file mode 100644
index 000000000000..8776fa98ab26
--- /dev/null
+++ b/src/chrome/content/rules/GoDoc.org.xml
@@ -0,0 +1,10 @@
+<ruleset name="GoDoc.org">
+
+	<target host="godoc.org" />
+	<target host="www.godoc.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GoEmerchant.xml b/src/chrome/content/rules/GoEmerchant.xml
index 0bc20d95c293..22d7b56fe04f 100644
--- a/src/chrome/content/rules/GoEmerchant.xml
+++ b/src/chrome/content/rules/GoEmerchant.xml
@@ -1,13 +1,16 @@
-<ruleset name="GoEmerchant">
+<ruleset name="GoEmerchant.com">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="goemerchant.com" />
-	<target host="*.goemerchant.com" />
+	<target host="secure.goemerchant.com" />
+	<target host="www.goemerchant.com" />
 
 
 	<securecookie host="^(?:secure)\.gomerchant\.com$" name=".+" />
 
 
-	<rule from="^http://(secure\.|www\.)?goemerchant\.com/"
-		to="https://$1goemerchant.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/GoExplore.net.xml b/src/chrome/content/rules/GoExplore.net.xml
new file mode 100644
index 000000000000..97956ea31bac
--- /dev/null
+++ b/src/chrome/content/rules/GoExplore.net.xml
@@ -0,0 +1,35 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://static.goexplore.net/ => https://static.goexplore.net/: (60, 'SSL certificate problem: certificate has expired')
+
+	Other ESET rulesets:
+		- Eset.xml
+		- ESET.at.xml
+		- ESET.co.uk.xml
+		- ESET.de.xml
+		- ESET_NOD32.xml
+		- ESET_static.com.xml
+		- Sicontact.at.xml
+-->
+<ruleset name="GoExplore.net" default_off="failed ruleset test">
+	<target host=       "goexplore.net" />
+	<target host=   "www.goexplore.net" />
+	<target host="static.goexplore.net" />
+
+	<!--
+	Exclusion for buggy URL (which sometimes redirects to HTTP), more information: https://github.com/EFForg/https-everywhere/pull/3083
+	https://regex101.com/r/vC6jX8/1
+	-->
+	<exclusion pattern="^http:\/\/www\.goexplore\.net\/they-did-what\/payments-evolution-sheep-to-smartphones" />
+	<test url="http://www.goexplore.net/they-did-what/payments-evolution-sheep-to-smartphones" />
+
+  	<securecookie host="^www\.goexplore\.net$" name=".+" />
+
+	<!-- cert only matches www -->
+	<rule from="^http://goexplore\.net/"
+		to="https://www.goexplore.net/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/GoFrugal.xml b/src/chrome/content/rules/GoFrugal.xml
index 3b6f2fab1e61..042daaea0905 100644
--- a/src/chrome/content/rules/GoFrugal.xml
+++ b/src/chrome/content/rules/GoFrugal.xml
@@ -5,15 +5,17 @@
 		- www	(interrupted)
 
 -->
-<ruleset name="GoFrugal (partial)">
+<ruleset name="GoFrugal.com (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="mydiscussion.gofrugal.com" />
 
 
 	<securecookie host="^mydiscussion\.gofrugal\.com$" name=".+" />
 
 
-	<rule from="^http://mydiscussion\.gofrugal\.com/"
-		to="https://mydiscussion.gofrugal.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/GoFundMe.xml b/src/chrome/content/rules/GoFundMe.xml
index 7a7fdafdc77a..bb7d56e4d018 100644
--- a/src/chrome/content/rules/GoFundMe.xml
+++ b/src/chrome/content/rules/GoFundMe.xml
@@ -4,16 +4,19 @@
 		- 2dbdd5116ffa30a49aa8-c03f075f8191fb4e60e74b907071aee8.ssl.cf1.rackcdn.com
 
 -->
-<ruleset name="GoFundMe">
+<ruleset name="GoFundMe.com">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="gofundme.com" />
-	<target host="*.gofundme.com" />
+	<target host="funds.gofundme.com" />
+	<target host="www.gofundme.com" />
 
 
 	<securecookie host="^(?:funds)?\.gofundme\.com$" name=".+" />
 
 
-	<rule from="^http://(funds\.|www\.)?gofundme\.com/"
-		to="https://$1gofundme.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/GoGetSSL.com.xml b/src/chrome/content/rules/GoGetSSL.com.xml
new file mode 100644
index 000000000000..4797a6ddcd05
--- /dev/null
+++ b/src/chrome/content/rules/GoGetSSL.com.xml
@@ -0,0 +1,22 @@
+<ruleset name="GoGetSSL.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="gogetssl.com" />
+	<target host="dev.gogetssl.com" />
+	<target host="my.gogetssl.com" />
+	<target host="rus.gogetssl.com" />
+	<target host="sandbox.gogetssl.com" />
+	<target host="support.gogetssl.com" />
+	<target host="webmail.gogetssl.com" />
+	<target host="www.gogetssl.com" />
+
+		<!--	Work around buggy fetch tester:
+							-->
+		<exclusion pattern="^http://dev\.gogetssl\.com/$" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GoPayment.com.xml b/src/chrome/content/rules/GoPayment.com.xml
new file mode 100644
index 000000000000..9a6c852990e1
--- /dev/null
+++ b/src/chrome/content/rules/GoPayment.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="GoPayment.com">
+	<target host="gopayment.com" />
+	<target host="www.gopayment.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/GoRails.com.xml b/src/chrome/content/rules/GoRails.com.xml
new file mode 100644
index 000000000000..1c0ed61a88f7
--- /dev/null
+++ b/src/chrome/content/rules/GoRails.com.xml
@@ -0,0 +1,16 @@
+<!--
+	For other One Month coverage, see One Month.com.
+
+-->
+<ruleset name="GoRails.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="gorails.com" />
+	<target host="www.gorails.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GoSoapBox.xml b/src/chrome/content/rules/GoSoapBox.xml
index 31983ed1e681..2010579bcb61 100644
--- a/src/chrome/content/rules/GoSoapBox.xml
+++ b/src/chrome/content/rules/GoSoapBox.xml
@@ -2,16 +2,15 @@
 	!www: record_too_long
 
 -->
-<ruleset name="GoSoapBox">
+<ruleset name="GoSoapBox.com">
 
 	<target host="gosoapbox.com" />
-	<target host="*.gosoapbox.com" />
+	<target host="www.gosoapbox.com" />
 
 
 	<securecookie host="^\.gosoapbox\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?gosoapbox\.com/"
-		to="https://www.gosoapbox.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/GoSquared.com.xml b/src/chrome/content/rules/GoSquared.com.xml
index 64c2b69760d7..e8161a08086e 100644
--- a/src/chrome/content/rules/GoSquared.com.xml
+++ b/src/chrome/content/rules/GoSquared.com.xml
@@ -7,6 +7,8 @@
 	Fully covered subdomains:
 
 		- (www.)
+		- cdn
+		- engineering
 		- static
 		- wix
 
@@ -14,13 +16,17 @@
 <ruleset name="GoSquared.com">
 
 	<target host="gosquared.com" />
-	<target host="*.gosquared.com" />
+	<target host="cdn.gosquared.com" />
+	<target host="engineering.gosquared.com" />
+	<target host="static.gosquared.com" />
+	<target host="wix.gosquared.com" />
+	<target host="www.gosquared.com" />
 
 
 	<securecookie host="^\.gosquared\.com$" name=".+" />
 
 
-	<rule from="^http://((?:static|wix|www)\.)?gosquared\.com/"
-		to="https://$1gosquared.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/GoStats.xml b/src/chrome/content/rules/GoStats.xml
deleted file mode 100644
index 385edf710a21..000000000000
--- a/src/chrome/content/rules/GoStats.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	CDN buckets:
-
-		- gostats.cachefly.net
-			- cdn.gsstatic.com
-
--->
-<ruleset name="GoStats (partial)">
-
-	<target host="gostats.com" />
-	<target host="*.gostats.com" />
-	<target host="www.ssl.gostats.com" />
-	<target host="cdn.gsstatic.com" />
-
-
-	<rule from="^https?://(?:www\.)?gostats\.com/js/"
-		to="https://ssl.gostats.com/js/" />
-
-	<rule from="^http://(www\.)?ssl\.gostats\.com/"
-		to="https://$1ssl.gostats.com/" />
-
-	<rule from="^https?://cdn\.gsstatic\.com/"
-		to="https://gostats.cachefly.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/GoToAssist.com.xml b/src/chrome/content/rules/GoToAssist.com.xml
new file mode 100644
index 000000000000..6e7df7635b30
--- /dev/null
+++ b/src/chrome/content/rules/GoToAssist.com.xml
@@ -0,0 +1,39 @@
+<!--
+	For other Citrix coverage, see Citrix.xml.
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.gotoassist.com
+
+-->
+<ruleset name="GoToAssist.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="gotoassist.com" />
+	<target host="www2.gotoassist.com" />
+
+	<!--	Complications:
+				-->
+	<target host="www.gotoassist.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.gotoassist\.com$" name="^JSESSIONID$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<!--	Redirects to http first...
+					-->
+	<rule from="^http://www\.gotoassist\.com/remote_support/"
+		to="https://www.gotoassist.com/remote-support/" />
+
+		<test url="http://www.gotoassist.com/remote_support/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GoToMeeting.com.xml b/src/chrome/content/rules/GoToMeeting.com.xml
new file mode 100644
index 000000000000..9892e76feff5
--- /dev/null
+++ b/src/chrome/content/rules/GoToMeeting.com.xml
@@ -0,0 +1,45 @@
+<!--
+	For other Citrix coverage, see Citrix.xml.
+
+
+	Insecure cookies are set for these hosts:
+
+		- global.gotomeeting.com
+		- www.gotomeeting.com
+
+
+	Mixed content:
+
+		- Images on blog from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="GoToMeeting.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="gotomeeting.com" />
+	<target host="blog.gotomeeting.com" />
+	<target host="community.gotomeeting.com" />
+	<target host="global.gotomeeting.com" />
+	<target host="s.gotomeeting.com" />
+	<target host="www.gotomeeting.com" />
+	<target host="www1.gotomeeting.com" />
+	<target host="www2.gotomeeting.com" />
+	<target host="www3.gotomeeting.com" />
+	<target host="www4.gotomeeting.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^global\.gotomeeting\.com$" name="^ADRUM_[\d_]+$" /-->
+	<!--securecookie host="^www\.gotomeeting\.com$" name="^JSESSIONID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GoToTraining.com.xml b/src/chrome/content/rules/GoToTraining.com.xml
new file mode 100644
index 000000000000..89826731747c
--- /dev/null
+++ b/src/chrome/content/rules/GoToTraining.com.xml
@@ -0,0 +1,20 @@
+<!--
+	For other Citrix coverage, see Citrix.xml.
+
+-->
+<ruleset name="GoToTraining.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="gototraining.com" />
+	<target host="student.gototraining.com" />
+	<target host="www.gototraining.com" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GoToWebinar.com.xml b/src/chrome/content/rules/GoToWebinar.com.xml
new file mode 100644
index 000000000000..8f87cbd78536
--- /dev/null
+++ b/src/chrome/content/rules/GoToWebinar.com.xml
@@ -0,0 +1,43 @@
+<!--
+	For other Citrix coverage, see Citrix.xml.
+
+
+	Nonfunctional hosts in *gotowebinar.com:
+
+		- images
+
+
+	^gotowebinar.com: Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- attendee.gotowebinar.com
+
+-->
+<ruleset name="GoToWebinar.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="attendee.gotowebinar.com" />
+	<target host="www.gotowebinar.com" />
+
+	<!--	Complications:
+				-->
+	<target host="gotowebinar.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^attendee\.gotowebinar\.com$" name="^(ADRUM_\d\d_\d_\d|JSESSIONID)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://gotowebinar\.com/"
+		to="https://www.gotowebinar.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GoUrl.io.xml b/src/chrome/content/rules/GoUrl.io.xml
new file mode 100644
index 000000000000..a3b63a1b6ddc
--- /dev/null
+++ b/src/chrome/content/rules/GoUrl.io.xml
@@ -0,0 +1,13 @@
+<ruleset name="GoUrl.io">
+
+	<target host="gourl.io" />
+	<target host="www.gourl.io" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GoWork.pl.xml b/src/chrome/content/rules/GoWork.pl.xml
new file mode 100644
index 000000000000..dfd33aee649b
--- /dev/null
+++ b/src/chrome/content/rules/GoWork.pl.xml
@@ -0,0 +1,48 @@
+<!--
+	Some pages redirect to http.
+
+
+	Mixed content:
+
+		- Web bugs from gapl.hit.gemius.pl *
+
+	* Secured by us
+
+-->
+<ruleset name="GoWork.pl (partial)">
+
+	<target host="gowork.pl" />
+	<target host="www.gowork.pl" />
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="^http://(www\.)?gowork\.pl/+($|\?|pracodawca_ogloszenie_bez_rejestracji1($|[?/]))" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://(?:www\.)?gowork\.pl/+(?!css/|favicon\.ico|images/|js/|logowanie(?:$|[?/])|xml/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://gowork.pl/?" />
+			<test url="http://gowork.pl/?" />
+			<test url="http://gowork.pl//?" />
+			<test url="http://gowork.pl/pracodawca_ogloszenie_bez_rejestracji1" />
+			<test url="http://gowork.pl/pracodawca_ogloszenie_bez_rejestracji1?" />
+			<test url="http://gowork.pl/pracodawca_ogloszenie_bez_rejestracji1/" />
+			<test url="http://gowork.pl/pracodawca_ogloszenie_bez_rejestracji1/?" />
+			<test url="http://gowork.pl//pracodawca_ogloszenie_bez_rejestracji1" />
+			<test url="http://gowork.pl//pracodawca_ogloszenie_bez_rejestracji1?" />
+			<test url="http://gowork.pl//pracodawca_ogloszenie_bez_rejestracji1/" />
+			<test url="http://gowork.pl//pracodawca_ogloszenie_bez_rejestracji1/?" />
+
+			<!--	-ve:
+					-->
+			<test url="http://gowork.pl/favicon.ico" />
+			<test url="http://gowork.pl/logowanie" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Go_Lucid.co.xml b/src/chrome/content/rules/Go_Lucid.co.xml
new file mode 100644
index 000000000000..20483696bdc1
--- /dev/null
+++ b/src/chrome/content/rules/Go_Lucid.co.xml
@@ -0,0 +1,28 @@
+<!--
+	Other Lucid Software rulesets:
+
+		- Lucidchart.com.xml
+		- Lucidpress.com.xml
+
+
+	^golucid.co: Refused
+
+-->
+<ruleset name="Go Lucid.co">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.golucid.co" />
+
+	<!--	Complications:
+				-->
+	<target host="golucid.co" />
+
+
+	<rule from="^http://golucid\.co/"
+		to="https://www.golucid.co/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Go_Mohu.com.xml b/src/chrome/content/rules/Go_Mohu.com.xml
new file mode 100644
index 000000000000..6bc71bdcc8d3
--- /dev/null
+++ b/src/chrome/content/rules/Go_Mohu.com.xml
@@ -0,0 +1,24 @@
+<!--
+	Nonfunctional subdomains:
+
+		- (www.) *
+
+	* Redirects to store; mismatched, CN: store.gomohu.com
+
+-->
+<ruleset name="Go Mohu.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="store.gomohu.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<securecookie host="^\.store\.gomohu\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Go_Rickshaw.com.xml b/src/chrome/content/rules/Go_Rickshaw.com.xml
new file mode 100644
index 000000000000..b8d128e55b14
--- /dev/null
+++ b/src/chrome/content/rules/Go_Rickshaw.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="Go Rickshaw.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="gorickshaw.com" />
+	<target host="www.gorickshaw.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Go_Turkey.com.xml b/src/chrome/content/rules/Go_Turkey.com.xml
new file mode 100644
index 000000000000..e7220b09f9d6
--- /dev/null
+++ b/src/chrome/content/rules/Go_Turkey.com.xml
@@ -0,0 +1,25 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://goturkey.com/ => https://goturkey.com/: (35, 'Unknown SSL protocol error in connection to goturkey.com:443 ')
+Fetch error: http://www.goturkey.com/ => https://www.goturkey.com/: (35, 'Unknown SSL protocol error in connection to www.goturkey.com:443 ')
+
+	Mixed content:
+
+		- Images from www.adobe.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Go Turkey.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="goturkey.com" />
+	<target host="www.goturkey.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Go_Ubiquiti.com.xml b/src/chrome/content/rules/Go_Ubiquiti.com.xml
new file mode 100644
index 000000000000..34595592d132
--- /dev/null
+++ b/src/chrome/content/rules/Go_Ubiquiti.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Fully covered hosts in *goubiquiti.com:
+
+		- (www.)?
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.goubiquiti.com
+
+-->
+<ruleset name="go Ubiquiti.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="goubiquiti.com" />
+	<target host="www.goubiquiti.com" />
+
+
+	<securecookie host="^www\.goubiquiti\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Go_Walker.org.xml b/src/chrome/content/rules/Go_Walker.org.xml
new file mode 100644
index 000000000000..7c518508351a
--- /dev/null
+++ b/src/chrome/content/rules/Go_Walker.org.xml
@@ -0,0 +1,39 @@
+<!--
+	www.gowalker.org: Mismatched
+
+
+	These altnames don't exist:
+
+		- genome.gowalker.org
+
+
+	Insecure cookies are set for these hosts:
+
+		- gowalker.org
+
+-->
+<ruleset name="Go Walker.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="gowalker.org" />
+
+	<!--	Complications:
+				-->
+	<target host="www.gowalker.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^gowalker\.org$" name="^(MacaronSession|lang)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://www\.gowalker\.org/"
+		to="https://gowalker.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Go_eShow.com.xml b/src/chrome/content/rules/Go_eShow.com.xml
deleted file mode 100644
index 13cac172d6ae..000000000000
--- a/src/chrome/content/rules/Go_eShow.com.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="Go eShow.com">
-
-	<target host="goeshow.com" />
-	<target host="*.goeshow.com" />
-
-
-	<rule from="^http://((?:admin|s4|www)\.)?goeshow\.com/"
-		to="https://$1goeshow.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/GoalWorthy.com.xml b/src/chrome/content/rules/GoalWorthy.com.xml
index 94e5b228a893..7b3ca749c988 100644
--- a/src/chrome/content/rules/GoalWorthy.com.xml
+++ b/src/chrome/content/rules/GoalWorthy.com.xml
@@ -1,13 +1,25 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .goalworthy.com
+
+-->
 <ruleset name="GoalWorthy.com">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="goalworthy.com" />
-	<target host="*.goalworthy.com" />
+	<target host="www.goalworthy.com" />
+
 
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.goalworthy\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
 
 	<securecookie host="^(?:w*\.)?goalworthy\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?goalworthy\.com/"
-		to="https://$1goalworthy.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Goaldet.com.xml b/src/chrome/content/rules/Goaldet.com.xml
deleted file mode 100644
index f61d693f1522..000000000000
--- a/src/chrome/content/rules/Goaldet.com.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	Mixed images from www.sport24.gr
-
--->
-<ruleset name="Goaldet.com">
-
-	<target host="goaldet.com" />
-	<target host="*.goaldet.com" />
-
-
-	<securecookie host="^(?:w*\.)?goaldet.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?goaldet\.com/"
-		to="https://$1goaldet.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Gobot.io.xml b/src/chrome/content/rules/Gobot.io.xml
new file mode 100644
index 000000000000..a66f4aedaa7f
--- /dev/null
+++ b/src/chrome/content/rules/Gobot.io.xml
@@ -0,0 +1,7 @@
+<ruleset name="Gobot.io">
+	<target host="gobot.io" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Gocardless.com.xml b/src/chrome/content/rules/Gocardless.com.xml
deleted file mode 100644
index a71e25fbb366..000000000000
--- a/src/chrome/content/rules/Gocardless.com.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!-- This rule was automatically generated based on an HSTS
-     preload rule in the Chromium browser.  See
-     https://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.h
-     for the list of preloads.  Sites are added to the Chromium HSTS
-     preload list on request from their administrators, so HTTPS should
-     work properly everywhere on this site.
-
-     Because Chromium and derived browsers automatically force HTTPS for
-     every access to this site, this rule applies only to Firefox. -->
-<ruleset name="Gocardless.com" platform="firefox">
-<target host="gocardless.com" />
-
-<securecookie host="^gocardless\.com$" name=".+" />
-
-<rule from="^http://gocardless\.com/" to="https://gocardless.com/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Gocontigo.com.xml b/src/chrome/content/rules/Gocontigo.com.xml
new file mode 100644
index 000000000000..563c78dba9b9
--- /dev/null
+++ b/src/chrome/content/rules/Gocontigo.com.xml
@@ -0,0 +1,14 @@
+<!--
+	Invalid certificate:
+	- sip.gocontigo.com
+
+	Time out:
+	- media.gocontigo.com
+-->
+
+<ruleset name="Gocontigo.com">
+	<target host="gocontigo.com" />
+	<target host="www.gocontigo.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/GodPraksis.no.xml b/src/chrome/content/rules/GodPraksis.no.xml
new file mode 100644
index 000000000000..76e237bfec71
--- /dev/null
+++ b/src/chrome/content/rules/GodPraksis.no.xml
@@ -0,0 +1,19 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://godpraksis.no/ => https://godpraksis.no/: (7, 'Failed to connect to godpraksis.no port 443: Connection refused')
+Fetch error: http://www.godpraksis.no/ => https://www.godpraksis.no/: (7, 'Failed to connect to www.godpraksis.no port 443: Connection refused')
+
+-->
+<ruleset name="GodPraksis.no" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="godpraksis.no" />
+	<target host="www.godpraksis.no" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Goddard-Group.xml b/src/chrome/content/rules/Goddard-Group.xml
deleted file mode 100644
index b8a87d55d45f..000000000000
--- a/src/chrome/content/rules/Goddard-Group.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<ruleset name="The Goddard Group" default_off="self-signed">
-
-	<target host="garygoddard.com"/>
-	<target host="*.garygoddard.com"/>
-
-	<securecookie host="^(.*\.)?garygoddard\.com$" name=".*"/>
-
-	<rule from="^http://(?:www\.)?garygoddard\.com/"
-		to="https://www.garygoddard.com/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Godville.xml b/src/chrome/content/rules/Godville.xml
index 166c16feabd9..835e4dcedacd 100644
--- a/src/chrome/content/rules/Godville.xml
+++ b/src/chrome/content/rules/Godville.xml
@@ -2,5 +2,5 @@
   <target host="www.godvillegame.com" />
   <target host="godvillegame.com" />
 
-  <rule from="^http://(www\.)?godvillegame\.com/" to="https://godvillegame.com/"/>
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Goeswhere.com.xml b/src/chrome/content/rules/Goeswhere.com.xml
new file mode 100644
index 000000000000..13483b4996d5
--- /dev/null
+++ b/src/chrome/content/rules/Goeswhere.com.xml
@@ -0,0 +1,22 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.goeswhere.com/ => https://www.goeswhere.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.goeswhere.com'")
+
+-->
+<ruleset name="goeswhere.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="goeswhere.com" />
+	<target host="blog.goeswhere.com" />
+	<target host="git.goeswhere.com" />
+	<target host="puttytray.goeswhere.com" />
+	<target host="ssl.goeswhere.com" />
+	<target host="www.goeswhere.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Gogoair.xml b/src/chrome/content/rules/Gogoair.xml
new file mode 100644
index 000000000000..2265bb068005
--- /dev/null
+++ b/src/chrome/content/rules/Gogoair.xml
@@ -0,0 +1,17 @@
+<ruleset name="Gogo">
+
+	<!--	Direct rewrites:
+				-->
+    <target host="gogoair.com"/>
+
+	<!--	Complications:
+				-->
+    <target host="www.gogoair.com"/>
+    <target host="gogoinflight.com"/>
+    <target host="www.gogoinflight.com"/>
+
+
+    <rule from="^http://(?:www\.gogoair|(?:www\.)?gogoinflight)\.com/" to="https://gogoair.com/"/>
+
+    <rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/Gogobot.xml b/src/chrome/content/rules/Gogobot.xml
index 217109e67c6f..76b07d5a34d8 100644
--- a/src/chrome/content/rules/Gogobot.xml
+++ b/src/chrome/content/rules/Gogobot.xml
@@ -7,16 +7,11 @@
 	* Refused
 
 
-	Problematic domains:
-
-		- gbot.me	(dropped)
-
-
 	Fully covered domains:
 
 		- gbot.me subdomains:
 
-			- ^	(→ bit.ly)
+			- ^	(→ bit.ly covered in Bitly_branded_short_domains.xml)
 			- be
 			- cdn
 			- cdn[1-4]
@@ -29,6 +24,7 @@
 
 			- (www.)
 			- api
+			- be
 			- dev
 			- mdev
 			- stg
@@ -36,22 +32,30 @@
 -->
 <ruleset name="Gogobot (partial)">
 
-	<target host="gbot.me" />
-	<target host="*.gbot.me" />
-	<target host="gogobot.com" />
-	<target host="*.gogobot.com" />
+	<!--	Direct rewrites:
+				-->
+	<target host="be.gbot.me" />
+	<target host="cdn.gbot.me" />
+	<target host="cdn1.gbot.me" />
+	<target host="cdn2.gbot.me" />
+	<target host="cdn3.gbot.me" />
+	<target host="cdn4.gbot.me" />
+	<target host="static.gbot.me" />
+	<target host="static-dev.gbot.me" />
+	<target host="static-mdev.gbot.me" />
+	<target host="static-stg.gbot.me" />
 
+	<target host="gogobot.com" />
+	<target host="api.gogobot.com" />
+	<target host="be.gogobot.com" />
+	<target host="dev.gogobot.com" />
+	<target host="mdev.gogobot.com" />
+	<target host="stg.gogobot.com" />
+	<target host="www.gogobot.com" />
 
 	<securecookie host=".*\.g(?:bot\.me|ogobot\.com)$" name=".+" />
 
+	<rule from="^http:"
+		to="https:" />
 
-	<rule from="^http://gbot\.me/"
-		to="https://bit.ly/" />
-
-	<rule from="^http://(be|cdn\d?|static(?:-m?dev|-stg)?)\.gbot\.me/"
-		to="https://$1.gbot.me/" />
-
-	<rule from="^http://((?:api|be|m?dev|stg|www)\.)?gogobot\.com/"
-		to="https://$1gogobot.com/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Gogoyoko.xml b/src/chrome/content/rules/Gogoyoko.xml
index 0276080f9c18..5da13f514448 100644
--- a/src/chrome/content/rules/Gogoyoko.xml
+++ b/src/chrome/content/rules/Gogoyoko.xml
@@ -4,17 +4,18 @@
 		- blog	(cert: www; 302s there)
 
 -->
-<ruleset name="gogoyoko (partial)">
+<ruleset name="gogoyoko.com (partial)" default_off="refused">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="gogoyoko.com" />
-	<!--	* for cross-domain cookie.	-->
-	<target host="*.gogoyoko.com" />
+	<target host="www.gogoyoko.com" />
 
 
-	<securecookie host="^.*\.gogoyoko\.com$" name=".*" />
+	<securecookie host=".*\.gogoyoko\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?gogoyoko\.com/"
-		to="https://$1gogoyoko.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/GoingUp.xml b/src/chrome/content/rules/GoingUp.xml
index 0ae0ca1f27e9..6b5bf3e49bee 100644
--- a/src/chrome/content/rules/GoingUp.xml
+++ b/src/chrome/content/rules/GoingUp.xml
@@ -1,14 +1,20 @@
-<ruleset name="GoingUp (partial)">
+<ruleset name="GoingUp.com (partial)">
 
+	<!--	Direct rewrites:
+				-->
+	<target host="counter.goingup.com"/>
+	<target host="www.goingup.com"/>
+
+	<!--	Complications:
+				-->
 	<target host="goingup.com"/>
-	<target host="*.goingup.com"/>
 
-	<securecookie host="^(counter|www)\.goingup\.com$" name=".*"/>
+	<securecookie host="^(?:counter|www)\.goingup\.com$" name=".+" />
 
 	<rule from="^http://goingup\.com/"
 		to="https://www.goingup.com/"/>
 
-	<rule from="^http://(counter|www)\.goingup\.com/"
-		to="https://$1.goingup.com/"/>
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Goip.de.xml b/src/chrome/content/rules/Goip.de.xml
new file mode 100644
index 000000000000..6ceb0fdd8f83
--- /dev/null
+++ b/src/chrome/content/rules/Goip.de.xml
@@ -0,0 +1,6 @@
+<ruleset name="Goip.de">
+	<target host="goip.de" />
+	<target host="www.goip.de" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/GoldenSunWiki.net.xml b/src/chrome/content/rules/GoldenSunWiki.net.xml
new file mode 100644
index 000000000000..8a7b4c72a180
--- /dev/null
+++ b/src/chrome/content/rules/GoldenSunWiki.net.xml
@@ -0,0 +1,9 @@
+<ruleset name="GoldenSunWiki.net">
+	<target host="goldensunwiki.net" />
+	<target host="www.goldensunwiki.net" />
+	<target host="beta.goldensunwiki.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Golden_Adventures.xml b/src/chrome/content/rules/Golden_Adventures.xml
index f918ed04fe1e..d33d72cf75e7 100644
--- a/src/chrome/content/rules/Golden_Adventures.xml
+++ b/src/chrome/content/rules/Golden_Adventures.xml
@@ -1,13 +1,28 @@
-<ruleset name="Golden Adventures">
 
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://goldenadventures.com/ => https://goldenadventures.com/: (7, 'Failed to connect to goldenadventures.com port 443: Connection refused')
+Fetch error: http://www.goldenadventures.com/ => https://www.goldenadventures.com/: (7, 'Failed to connect to www.goldenadventures.com port 443: Connection refused')
+
+-->
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://goldenadventures.com/ => https://goldenadventures.com/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="Golden Adventures.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
 	<target host="goldenadventures.com" />
-	<target host="*.goldenadventures.com" />
+	<target host="www.goldenadventures.com" />
 
 
 	<securecookie host="^\.goldenadventures\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?goldenadventures\.com/"
-		to="https://$1goldenadventures.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Golden_Charter.xml b/src/chrome/content/rules/Golden_Charter.xml
index 6d5c1459431b..b6f8d40df8b3 100644
--- a/src/chrome/content/rules/Golden_Charter.xml
+++ b/src/chrome/content/rules/Golden_Charter.xml
@@ -35,4 +35,4 @@
 	<rule from="^http://(?:www\.)?mygoldencharter\.co\.uk/"
 		to="https://mygoldencharter.co.uk/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Golden_Frog.com.xml b/src/chrome/content/rules/Golden_Frog.com.xml
index 9d9fde1a8633..705173b9f83e 100644
--- a/src/chrome/content/rules/Golden_Frog.com.xml
+++ b/src/chrome/content/rules/Golden_Frog.com.xml
@@ -1,19 +1,62 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://app.dumptruck.goldenfrog.com/ => https://app.dumptruck.goldenfrog.com/: (28, 'Connection timed out after 20001 milliseconds')
+
 	CDN buckets:
 
 		- images-goldenfrog.netdna-ssl.com
 
 
-	Some pages redirect to http.
+	Nonfunctional subdomains:
+
+		- dumptruck *
+
+	* Shows www
+
+
+	Problematic subdomains:
+
+		- ideas *
+
+	* Uservoice
+
+
+	Fully covered subdomains:
+
+		- (www.)?
+		- app.dumptruck
+		- support
+
+
+	These altnames don't exist:
+
+		- www.support.goldenfrog.com
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.goldenfrog.com
 
 -->
-<ruleset name="Golden Frog.com (partial)">
+<ruleset name="Golden Frog.com (partial)" default_off="failed ruleset test">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="goldenfrog.com" />
+	<target host="app.dumptruck.goldenfrog.com" />
+	<target host="support.goldenfrog.com" />
 	<target host="www.goldenfrog.com" />
 
 
-	<rule from="^http://(www\.)?goldenfrog\.com/(?=css/|js/|login(?:$|[?/]))"
-		to="https://$1goldenfrog.com/" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.goldenfrog\.com$" name="^(JSESSIONID|locale)$" /-->
+
+	<securecookie host="^www\.goldenfrog\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Goldenarium.xml b/src/chrome/content/rules/Goldenarium.xml
deleted file mode 100644
index 1f13ac805023..000000000000
--- a/src/chrome/content/rules/Goldenarium.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Goldenarium">
-
-	<target host="goldenarium.com" />
-	<target host="*.goldenarium.com" />
-
-
-	<securecookie host="^(?:.*\.)?goldenarium\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?goldenarium\.com/"
-		to="https://$1goldenarium.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Goldenline.pl.xml b/src/chrome/content/rules/Goldenline.pl.xml
new file mode 100644
index 000000000000..93dbafe9e84c
--- /dev/null
+++ b/src/chrome/content/rules/Goldenline.pl.xml
@@ -0,0 +1,18 @@
+<!--
+	HTTP only:
+	- kariera.goldenline.pl
+	- blog.goldenline.pl
+
+	Certificate mismatch (Zendesk):
+	- pomoc.goldenline.pl
+-->
+<ruleset name="Goldenline.pl">
+	<target host="goldenline.pl" />
+	<target host="www.goldenline.pl" />
+	<target host="rekrutacja.goldenline.pl" />
+	<target host="adserver.goldenline.pl" />
+	<target host="promo.goldenline.pl" />
+	<target host="panel.goldenline.pl" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Goldkeys.net.xml b/src/chrome/content/rules/Goldkeys.net.xml
index f18bcfc70ad8..5c06dbc8f41d 100644
--- a/src/chrome/content/rules/Goldkeys.net.xml
+++ b/src/chrome/content/rules/Goldkeys.net.xml
@@ -1,27 +1,15 @@
 <!--
-	Nonfunctional domains:
-
-		- goldkeys.net *
-		- (www.)goldkeys.org *
-
-	* http reply
-
-
-	Problematic domains:
-
-		- www.goldkeys.net	(mismatched, CN: portal.goldkeys.org)
-
+	Non-functional hosts
+		Different content:
+		- ovasight.goldkeys.net
+		- signet.goldkeys.net
 -->
-<ruleset name="Goldkeys.net (partial)">
-
-	<target host="*.goldkeys.net" />
-	<target host="portal.goldkeys.org" />
-
-
-	<securecookie host="^portal\.goldkeys\.net$" name=".+" />
-
-
-	<rule from="^http://(?:portal|www)\.goldkeys\.(net|org)/"
-		to="https://portal.goldkeys.$1/" />
-
+<ruleset name="Goldkeys.net">
+	<target host="goldkeys.net" />
+	<target host="www.goldkeys.net" />
+	<target host="check.goldkeys.net" />
+	<target host="hub.goldkeys.net" />
+	<target host="portal.goldkeys.net" />
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Goldkeys.org.xml b/src/chrome/content/rules/Goldkeys.org.xml
new file mode 100644
index 000000000000..fc7d6fa453f6
--- /dev/null
+++ b/src/chrome/content/rules/Goldkeys.org.xml
@@ -0,0 +1,12 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- check.goldkeys.org
+		- portal.goldkeys.org
+-->
+<ruleset name="Goldkeys.org">
+	<target host="goldkeys.org" />
+	<target host="www.goldkeys.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Goldlit.ru.xml b/src/chrome/content/rules/Goldlit.ru.xml
new file mode 100644
index 000000000000..e6c52322f595
--- /dev/null
+++ b/src/chrome/content/rules/Goldlit.ru.xml
@@ -0,0 +1,12 @@
+<!--
+	Refused connection:
+		www.goldlit.ru
+-->
+<ruleset name="Goldlit.ru">
+	<target host="goldlit.ru"/>
+	<target host="www.goldlit.ru"/>
+	<target host="cf.goldlit.ru"/>
+
+	<rule from="^http://www\.goldlit\.ru/" to="https://goldlit.ru/"/>
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/Goldmann.pl.xml b/src/chrome/content/rules/Goldmann.pl.xml
new file mode 100644
index 000000000000..63f048f58aef
--- /dev/null
+++ b/src/chrome/content/rules/Goldmann.pl.xml
@@ -0,0 +1,37 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://secure.goldmann.pl/ => https://secure.goldmann.pl/: (6, 'Could not resolve host: secure.goldmann.pl')
+
+	Problematic hosts:
+
+		- www *
+
+	* Mismatched
+
+
+	Fully covered hosts:
+
+		- (www.)?	(www → ^)
+		- secure
+
+-->
+<ruleset name="Goldmann.pl" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="goldmann.pl" />
+	<target host="secure.goldmann.pl" />
+
+	<!--	Complications:
+				-->
+	<target host="www.goldmann.pl" />
+
+
+	<rule from="^http://www\.goldmann\.pl/"
+		to="https://goldmann.pl/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Goldsboro_Web_Development.xml b/src/chrome/content/rules/Goldsboro_Web_Development.xml
index a594d20068bf..55d4ab67968a 100644
--- a/src/chrome/content/rules/Goldsboro_Web_Development.xml
+++ b/src/chrome/content/rules/Goldsboro_Web_Development.xml
@@ -1,13 +1,28 @@
-<ruleset name="Goldsboro Web Development">
 
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://my.goldsborowebdevelopment.com/ => https://my.goldsborowebdevelopment.com/: (51, "SSL: no alternative certificate subject name matches target host name 'my.goldsborowebdevelopment.com'")
+
+-->
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://my.goldsborowebdevelopment.com/ => https://my.goldsborowebdevelopment.com/: (6, 'Could not resolve host: my.goldsborowebdevelopment.com')
+
+-->
+<ruleset name="Goldsboro Web Development.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
 	<target host="goldsborowebdevelopment.com" />
-	<target host="*.goldsborowebdevelopment.com" />
+	<target host="my.goldsborowebdevelopment.com" />
+	<target host="www.goldsborowebdevelopment.com" />
 
 
 	<securecookie host="^\.?goldsborowebdevelopment.com$" name=".+" />
 
 
-	<rule from="^http://(my\.|www\.)?goldsborowebdevelopment\.com/"
-		to="https://$1goldsborowebdevelopment.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Goldstar.xml b/src/chrome/content/rules/Goldstar.xml
index 92308c7366ae..6c883360af4b 100644
--- a/src/chrome/content/rules/Goldstar.xml
+++ b/src/chrome/content/rules/Goldstar.xml
@@ -3,28 +3,35 @@
 
 		- ^	(cert only matches www)
 		- gifts	(mismatched, CN: *.myshopify.com)
-
+    - i.goldstar.com (unresolved)
 
 	Some pages redirect to http
 
+  CDN:
+    images - i.gse.io
+
 -->
 <ruleset name="Goldstar (partial)">
 
 	<target host="goldstar.com" />
-	<target host="*.goldstar.com" />
-		<exclusion pattern="^http://(?:i\.|www\.)?goldstar\.com/(?:company|help|my_tickets|series|weekendapp)(?:$|\?|/)" />
-
-
-	<securecookie host="^(?:i|images|www)\.goldstar\.com$" name=".+" />
+	<target host="www.goldstar.com" />
+	<target host="gifts.goldstar.com" />
+	<target host="images.goldstar.com" />
+		<!--
+      Outdated pattern
+      <exclusion pattern="^http://(?:i\.|www\.)?goldstar\.com/(?:company|help|my_tickets|series|weekendapp)(?:$|\?|/)" /> 
+    -->
 
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http://(?:www\.)?goldstar\.com/"
 		to="https://www.goldstar.com/" />
-
-	<rule from="^http://gifts\.goldstar\.com/"
-		to="https://goldstar.myshopify.com/" />
-
-	<rule from="^http://i(mages)?\.goldstar\.com/"
-		to="https://i$1.goldstar.com/" />
-
-</ruleset>
\ No newline at end of file
+    <test url="http://goldstar.com/oakland-east-bay/categories/online" />
+  <!--
+    Shop no longer up
+    <rule from="^http://gifts\.goldstar\.com/"
+      to="https://goldstar.myshopify.com/" />
+  -->
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Golem.de.xml b/src/chrome/content/rules/Golem.de.xml
new file mode 100644
index 000000000000..580eee6c786a
--- /dev/null
+++ b/src/chrome/content/rules/Golem.de.xml
@@ -0,0 +1,58 @@
+<!--
+	Invalid certificate:
+		dev1.golem.de
+		*.damoh.golem.de
+
+	Not found:
+		damoh.golem.de
+		stage1.golem.de
+
+	Refused:
+		hybrid[1-3].golem.de
+		video2.golem.de
+		www[1-3].golem.de
+
+	Timeout:
+		mail.golem.de
+		speedkit.golem.de
+		vcs1.golem.de
+		whitepaperdb.golem.de
+-->
+<ruleset name="Golem.de">
+
+	<target host="golem.de" />
+	<target host="www.golem.de" />
+	<target host="4scotty-dev.golem.de" />
+	<target host="account.golem.de" />
+	<target host="ads.golem.de" />
+	<target host="api.golem.de" />
+	<target host="backend.golem.de" />
+	<target host="cpx.golem.de" />
+	<target host="cpxl.golem.de" />
+	<target host="ecruos.golem.de" />
+	<target host="events.golem.de" />
+	<target host="forum.golem.de" />
+	<target host="hits.golem.de" />
+	<target host="imode.golem.de" />
+	<target host="intra.golem.de" />
+	<target host="jobs.golem.de" />
+	<target host="login.golem.de" />
+	<target host="m.golem.de" />
+	<target host="markt.golem.de" />
+	<target host="nl.golem.de" />
+	<target host="podcast.golem.de" />
+	<target host="preisvergleich.golem.de" />
+	<target host="profis.golem.de" />
+	<target host="redirect.golem.de" />
+	<target host="rss.golem.de" />
+	<target host="scr.golem.de" />
+	<target host="scr3.golem.de" />
+	<target host="sidebar.golem.de" />
+	<target host="suche.golem.de" />
+	<target host="video.golem.de" />
+	<target host="wap.golem.de" />
+	<target host="www6.golem.de" />
+
+	<rule from="^http:" to="https:"/>
+
+</ruleset>
diff --git a/src/chrome/content/rules/GolfLink.com.xml b/src/chrome/content/rules/GolfLink.com.xml
new file mode 100644
index 000000000000..7bf914afd3c4
--- /dev/null
+++ b/src/chrome/content/rules/GolfLink.com.xml
@@ -0,0 +1,14 @@
+<!--
+	For other Demand Media coverage, see Demand-Media.xml.
+
+	Non-functional hosts
+		Timeout was reached:
+		- blog.golflink.com
+-->
+<ruleset name="GolfLink.com (partial)">
+	<target host="golflink.com" />
+	<target host="www.golflink.com" />
+	<target host="cdn-www.golflink.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/GolfLink.net.xml b/src/chrome/content/rules/GolfLink.net.xml
new file mode 100644
index 000000000000..9e646aaf0ea3
--- /dev/null
+++ b/src/chrome/content/rules/GolfLink.net.xml
@@ -0,0 +1,18 @@
+<!--
+	For other Demand Media coverage, see Demand-Media.xml.
+
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- golflink.net
+		- www.golflink.net
+		- staging.golflink.net
+		- a.staging.golflink.net
+		- b.staging.golflink.net
+-->
+<ruleset name="Golflink.net" default_off="cert-invalid">
+	<target host="golflink.net" />
+	<target host="www.golflink.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
+
diff --git a/src/chrome/content/rules/GolfRev.com.xml b/src/chrome/content/rules/GolfRev.com.xml
new file mode 100644
index 000000000000..0c81e4bf2ef8
--- /dev/null
+++ b/src/chrome/content/rules/GolfRev.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="GolfRev.com">
+
+	<target host="golfrev.com" />
+	<target host="www.golfrev.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Golf_Course_Industry.xml b/src/chrome/content/rules/Golf_Course_Industry.xml
index d2c691b3b350..60f1ffaaa6e9 100644
--- a/src/chrome/content/rules/Golf_Course_Industry.xml
+++ b/src/chrome/content/rules/Golf_Course_Industry.xml
@@ -11,7 +11,7 @@
 	<securecookie host="^www\.golfcourseindustry\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?golfcourseindustry\.com/"
+	<rule from="^http://(?:www\.)?golfcourseindustry\.com/"
 		to="https://www.golfcourseindustry.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Golf_Digest.xml b/src/chrome/content/rules/Golf_Digest.xml
index df88bc04a7d5..ca57eef54556 100644
--- a/src/chrome/content/rules/Golf_Digest.xml
+++ b/src/chrome/content/rules/Golf_Digest.xml
@@ -1,39 +1,88 @@
 <!--
 	For other Condé Nast coverage, see Conde-Nast.xml.
 
+	Non-functional hosts
+		Couldn't connect to server:
+			 - ci.golfdigest.com
+			 - courses.golfdigest.com
+			 - email.golfdigest.com
+			 - give.golfdigest.com
+			 - handicap.golfdigest.com
+			 - hotlist.golfdigest.com
+			 - pay.golfdigest.com
+			 - www.pay.golfdigest.com
+			 - preview.golfdigest.com
+			 - aws.preview.golfdigest.com
+			 - renew.golfdigest.com
+			 - www.renew.golfdigest.com
+			 - video.golfdigest.com
 
-	golfdigest is hosted on imavex.com and imavex.vo.llnwd.net.
+		Timeout was reached:
+			 - mail5671.email.golfdigest.com
+			 - mindgamequiz.golfdigest.com
+			 - sitelife.golfdigest.com
+			 - sso.golfdigest.com
+			 - stage.subscribe.golfdigest.com
 
-		ToDo: find buckets
+		SSL peer certificate was not OK:
+			 - aws.blog.golfdigest.com
+			 - blogs.golfdigest.com
+			 - links.email.golfdigest.com
+			 - reply.email.golfdigest.com
+			 - li.golfdigest.com
+			 - perks.golfdigest.com
+			 - secure-stag.golfdigest.com
+			 - origin.stag.golfdigest.com
+			 - aws.stag-blog.golfdigest.com
+			 - stats.golfdigest.com
+			 - stats2.golfdigest.com
+			 - aws.www.golfdigest.com
+			 - origin.www.golfdigest.com
 
+		Peer certificate cannot be authenticated with given CA certificates:
+			 - bags.golfdigest.com
+			 - pushcarts.golfdigest.com
 
-	Some pages redirect to http, including:
+		Status code mismatch:
+			 - result.golfdigest.com
 
-		- epicenter/wp-content/
-		- favicon.ico
-		- images_blogs/
-		- opinion/wp-content/
+		4xx client error:
+			 - event.golfdigest.com
+			 - stag-blog.golfdigest.com
+			 - stag-media.golfdigest.com
 
+		Secure connection redirects to plaintext:
+			 - golfdigest.com
+			 - www.golfdigest.com
+			 - photos.golfdigest.com
+			 - prod.golfdigest.com
+			 - stag.golfdigest.com
 -->
-<ruleset name="Golf Digest (partial)">
-
-	<target host="golfdigest.com" />
-	<target host="*.golfdigest.com" />
-		<exclusion pattern="^https?://(?:www\.)?golfdigest\.com/(?!css/|images/|favicon\.ico$|sandbox/)" />
-	<target host="golfdigestinsiders.com" />
-	<target host="www.golfdigestinsiders.com" />
+<ruleset name="Gold Digest (partial)">
 
+	<target host="12days.golfdigest.com" />
+	<target host="ballots.golfdigest.com" />
+	<target host="blog.golfdigest.com" />
+		<test url="http://blog.golfdigest.com/cgi-bin/mt.cgi" />
+	<target host="legacy.golfdigest.com" />
+	<target host="media.golfdigest.com" />
+		<test url="http://media.golfdigest.com/photos/58eaf56a9990bd663951f8d0/1:1/w_355,c_limit/2017_Masters_Sun_DF_1863%2520%281%29.jpg" />
+		<test url="http://media.golfdigest.com/photos/58ecfe97372b404f1e861fa3/1:1/w_355,c_limit/170411-sergio-angela-th.jpg" />
+		<test url="http://media.golfdigest.com/photos/58ee136b6e01293acb0aa78f/1:1/w_355,c_limit/_JC19357.jpg" />
+	<target host="panelists.golfdigest.com" />
+	<target host="secure.golfdigest.com" />
+	<target host="sstats.golfdigest.com" />
+	<target host="subscribe.golfdigest.com" />
+	<target host="subscriptions.golfdigest.com" />
 
-	<securecookie host="^www\.golfdigestinsiders\.com$" name=".+" />
+	<securecookie host="^secure\.golfdigest\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:secure\.|www\.)?golfdigest\.com/"
-		to="https://secure.golfdigest.com/" />
+	<target host="golfdigestinsiders.com" />
+	<target host="www.golfdigestinsiders.com" />
 
-	<rule from="^http://subscribe\.golfdigest\.com/"
-		to="https://subscribe.golfdigest.com/" />
+	<securecookie host="^(www\.)?golfdigestinsiders.com$" name=".+" />
 
-	<rule from="^http://(www\.)?golfdigestinsiders\.com/"
-		to="https://$1golfdigestinsiders.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Golfsuisse.ch.xml b/src/chrome/content/rules/Golfsuisse.ch.xml
new file mode 100644
index 000000000000..2ad4433db779
--- /dev/null
+++ b/src/chrome/content/rules/Golfsuisse.ch.xml
@@ -0,0 +1,12 @@
+<!--
+	404:
+	- m.
+-->
+<ruleset name="Golfsuisse.ch (partial)" platform="mixedcontent">
+	<target host="golfsuisse.ch" />
+	<target host="www.golfsuisse.ch" />
+	<target host="test.golfsuisse.ch" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/GolosIslama.xml b/src/chrome/content/rules/GolosIslama.xml
new file mode 100644
index 000000000000..4a58f9a72191
--- /dev/null
+++ b/src/chrome/content/rules/GolosIslama.xml
@@ -0,0 +1,11 @@
+<ruleset name="GolosIslama">
+	<target host="golosislama.com" />
+	<target host="www.golosislama.com" />
+
+	<target host="golosislama.ru" />
+	<target host="www.golosislama.ru" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Gondor.xml b/src/chrome/content/rules/Gondor.xml
deleted file mode 100644
index 729e679f34e1..000000000000
--- a/src/chrome/content/rules/Gondor.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<ruleset name="Gondor">
-
-	<target host="*.gondor.co" />
-	<target host="gondor.io" />
-	<target host="www.gondor.io" />
-
-
-	<securecookie host=".+\.gondor\.co$" name=".+" />
-	<securecookie host="^gondor\.io$" name=".+" />
-
-
-	<rule from="^http://([\w-]+)\.gondor\.co/"
-		to="https://$1.gondor.co/" />
-
-	<rule from="^http://(www\.)?gondor\.io/"
-		to="https://$1gondor.io/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Goo.im.xml b/src/chrome/content/rules/Goo.im.xml
new file mode 100644
index 000000000000..4019341665d0
--- /dev/null
+++ b/src/chrome/content/rules/Goo.im.xml
@@ -0,0 +1,12 @@
+<ruleset name="Goo.im" default_off="expired">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="goo.im" />
+	<target host="www.goo.im" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Good.net.xml b/src/chrome/content/rules/Good.net.xml
deleted file mode 100644
index 1e7318f077a8..000000000000
--- a/src/chrome/content/rules/Good.net.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="Good.net">
-  <target host="good.net" />
-  <target host="goodnet.com" />
-  <target host="this-download-would-be-faster-with-a-premium-account-at-good.net" />
-  <target host="*.good.net" />
-  <target host="*.goodnet.com" />
-  <target host="*.this-download-would-be-faster-with-a-premium-account-at-good.net" />
-
-  <rule from="^http://([^/]+)/" to="https://$1/" />
-</ruleset>
diff --git a/src/chrome/content/rules/GoodSmile.info.xml b/src/chrome/content/rules/GoodSmile.info.xml
new file mode 100644
index 000000000000..c9b098f80a7a
--- /dev/null
+++ b/src/chrome/content/rules/GoodSmile.info.xml
@@ -0,0 +1,35 @@
+<!--
+	Non-functional hosts
+		SSL connect error:
+		- goodsmile.info
+
+		Invalid Certificate:
+		- img.goodsmile.info
+
+		Mixed content blocking (MCB) triggered:
+		- partner.goodsmile.info
+-->
+<ruleset name="Good Smile.info">
+	<target host="goodsmile.info" />
+	<target host="www.goodsmile.info" />
+	<target host="cf.goodsmile.info" />
+		<test url="http://cf.goodsmile.info/GSCSite/gscimg/btn_search_ee7700.png" />
+		<test url="http://cf.goodsmile.info/GSCSite/gscimg/logo_gsc.png" />
+	<target host="event.goodsmile.info" />
+	<target host="images.goodsmile.info" />
+		<test url="http://images.goodsmile.info/cgm/images/product/20181207/7881/56575/large/102be28774f0a08639361d0158a3421f.jpg" />
+		<test url="http://images.goodsmile.info/cgm/images/product/20181214/7905/56743/large/8b83550b88d4a4393a4f396a7ea349dc.jpg" />
+		<test url="http://images.goodsmile.info/cgm/images/product/20180817/7533/53877/large/6910e0a8526e452537caa77161459980.jpg" />
+	<target host="m.goodsmile.info" />
+	<target host="mamitan.goodsmile.info" />
+	<target host="mikatan.goodsmile.info" />
+	<target host="nendoroid300.goodsmile.info" />
+	<target host="static.goodsmile.info" />
+		<test url="http://static.goodsmile.info/assets/application-64a56e0626d8ff027817214adc7341e3.css" />
+	<target host="support.goodsmile.info" />
+
+	<rule from="^http://goodsmile\.info/"
+			to="https://www.goodsmile.info/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Goodreads.xml b/src/chrome/content/rules/Goodreads.xml
index 78112119d64a..436094e04273 100644
--- a/src/chrome/content/rules/Goodreads.xml
+++ b/src/chrome/content/rules/Goodreads.xml
@@ -1,12 +1,18 @@
-<ruleset name="Goodreads (partial)">
+<!--
+	Other Goodreads rulesets:
+		+ Gr-assets.com.xml
 
-	<target host="goodreads.com"/>
-	<target host="*.goodreads.com"/>
+	Non-functional hosts:
+		Mismatched:
+		- photo.goodreads.com
+
+-->
+<ruleset name="Goodreads.com">
 
-	<rule from="^http://(www\.)?goodreads\.com/assets/"
-		to="https://$1goodreads.com/assets/"/>
+	<target host="goodreads.com"/>
+	<target host="www.goodreads.com" />
 
-	<rule from="^http://photo\.goodreads\.com/"
-		to="https://s3.amazonaws.com/photo.goodreads.com/"/>
+	<securecookie host=".+" name=".+" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Goodsearch.xml b/src/chrome/content/rules/Goodsearch.xml
index 15ffdb44b29b..4d6342904d1f 100644
--- a/src/chrome/content/rules/Goodsearch.xml
+++ b/src/chrome/content/rules/Goodsearch.xml
@@ -9,7 +9,7 @@
 	<target host="www.goodsearch.com" />
 
 
-	<rule from="^https?://(?:www\.)?goodsearch\.com/(_gfx/|assets/|favicon\.ico|legacy/|register|Registration\.aspx|ResourceHandler\.ashx)"
+	<rule from="^http://(?:www\.)?goodsearch\.com/(_gfx/|assets/|favicon\.ico|legacy/|register|Registration\.aspx|ResourceHandler\.ashx)"
 		to="https://www.goodsearch.com/$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Goodsie.xml b/src/chrome/content/rules/Goodsie.xml
deleted file mode 100644
index 5df2574d8060..000000000000
--- a/src/chrome/content/rules/Goodsie.xml
+++ /dev/null
@@ -1,29 +0,0 @@
-<!--
-	help.goodsie.com is handled mostly in ENTP-clients.xml.
-
-
-	d1bn1ndebsjcoa.cloudfront.net/e641ea0/
-
-
-	Nonfunctional subdomains:
-
-		- blog		(hosted on Tumblr)
-		- feedback
-
--->
-<ruleset name="Goodsie (partial)" platform="mixedcontent">
-
-	<target host="goodsie.com" />
-	<target host="www.goodsie.com" />
-
-
-	<securecookie host="^goodsie\.com$" name=".*" />
-
-
-	<!--	- www over https: "store hidden"
-		- redirects to !www over http.
-					-->
-	<rule from="^https?://(?:www\.)?goodsie\.com/"
-		to="https://goodsie.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Goodzer.com.xml b/src/chrome/content/rules/Goodzer.com.xml
new file mode 100644
index 000000000000..66dbe2ce550a
--- /dev/null
+++ b/src/chrome/content/rules/Goodzer.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="Goodzer.com">
+
+	<target host="goodzer.com" />
+	<target host="www.goodzer.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Google-Analytics.com.xml b/src/chrome/content/rules/Google-Analytics.com.xml
new file mode 100644
index 000000000000..5e9f35a61c7d
--- /dev/null
+++ b/src/chrome/content/rules/Google-Analytics.com.xml
@@ -0,0 +1,24 @@
+<!--
+	For other Google rulesets, see GoogleServices.xml
+
+	Domain currently preloaded
+
+	Invalid certificate:
+		cctldtest.google-analytics.com
+
+-->
+<ruleset name="Google-Analytics">
+
+	<target host="google-analytics.com" />
+		<test url="http://google-analytics.com/analytics.js" />
+	<target host="www.google-analytics.com" />
+		<test url="http://www.google-analytics.com/analytics.js" />
+	<target host="click.google-analytics.com" />
+	<target host="ssl.google-analytics.com" />
+		<test url="http://ssl.google-analytics.com/analytics.js" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Google-mismatches.xml b/src/chrome/content/rules/Google-mismatches.xml
deleted file mode 100644
index de9d3eb18e7d..000000000000
--- a/src/chrome/content/rules/Google-mismatches.xml
+++ /dev/null
@@ -1,26 +0,0 @@
-<!--
-
-	Problematic domains:
-
-		- (www.)apture.com	(works, mismatched, CN: *.google.com)
-
--->
-<ruleset name="Google (mismatches)" default_off="mismatches">
-
-	<!--	Akamai	-->
-	<target host="js.admeld.com"/>
-	<target host="apture.com" />
-	<target host="www.apture.com" />
-	<target host="googleartproject.com"/>
-	<target host="www.googleartproject.com"/>
-
-	<rule from="^http://js\.admeld\.com/"
-		to="https://js.admeld.com/"/>
-
-	<rule from="^https?://(?:www\.)?apture\.com/"
-		to="https://apture.com/" />
-
-	<rule from="^http://(?:www\.)?googleartproject\.com/"
-		to="https://www.googleartproject.com/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Google.com_Subdomains.xml b/src/chrome/content/rules/Google.com_Subdomains.xml
new file mode 100644
index 000000000000..8bc6fe425668
--- /dev/null
+++ b/src/chrome/content/rules/Google.com_Subdomains.xml
@@ -0,0 +1,148 @@
+<!--
+	See Google.com_Subdomains_Complex.html for rules that don't match the simple rule here
+	For other Google coverage, see GoogleServices.xml
+
+	Nonfunctional domains:
+
+		- partnerpage.google.com *
+		- picasa.google.com *
+		- www.picasa.google.com ²
+		- www.photo.google.com
+		- safebrowsing.clients.google.com	(404, mismatched)
+		- (www.)googlesyndicatedsearch.com	(404; mismatched, CN: google.com)
+		- buttons.googlesyndication.com *
+
+	* 404, valid cert
+	² 404; mismatched, CN: www.google.com
+
+	Problematic domains:
+
+		- www.goo.gl		(404; mismatched, CN: *.google.com)
+
+		- www.news.google.ca ²
+
+		- google.com subdomains:
+
+			- cbks0 ****
+			- earth *
+			- gg		($ 404s)
+			- knoll *
+			- scholar **
+			- suggestqueries (different content http/https)
+			- trends *
+
+
+	Partially covered domains:
+
+		- google.cctld subdomains:
+
+			- scholar	(→ www)
+
+		- google.com subdomains:
+
+			- (www.)
+			- cbks0		($ 404s)
+			- gg		($ 404s)
+			- news		(→ www)
+			- scholar	(→ www)
+-->
+<ruleset name="Google.com Subdomains">
+	<target host="admin.google.com" />
+	<target host="alerts.google.com" />
+	<target host="apis.google.com" />
+	<target host="chart.apis.google.com" />
+		<test url="http://chart.apis.google.com/chart?cht=p3&amp;chd=t:60,40&amp;chs=250x100&amp;chl=Hello|World" />
+	<target host="appengine.google.com" />
+	<target host="cast.google.com" />
+	<target host="cbks0.google.com" />
+	<target host="cert-test.sandbox.google.com" />
+	<target host="chrome.google.com" />
+		<!-- See the complex ruleset for clients\d -->
+		<!-- See the complex ruleset for *.clients\d -->
+	<target host="cloud.google.com" />
+	<target host="code.google.com" />
+	<target host="codesearch.google.com" />
+	<target host="contacts.google.com" />
+		<target host="*.corp.google.com" />
+			<test url="http://discovery.corp.google.com/" />
+			<test url="http://ideas.corp.google.com/" />
+			<test url="http://login.corp.google.com/" />
+			<test url="http://next.dasher-qa.corp.google.com/" /><!-- 3rd level subdomain -->
+			<test url="http://onepick.corp.google.com/" />
+	<target host="developers.google.com" />
+	<target host="dl.google.com" />
+	<target host="docs.google.com" />
+		<!-- See the complex ruleset for docs\d -->
+		<!-- See the complex ruleset for \d\.docs -->
+	<target host="drive.google.com" />
+	<target host="earth.google.com" />
+	<target host="encrypted.google.com" />
+		<!-- See the complex ruleset for encrypted-tbn\d -->
+	<target host="feedburner.google.com" />
+	<target host="feedproxy.google.com" />
+	<target host="fiber.google.com" />
+	<target host="gg.google.com" />
+	<target host="glass.google.com" />
+	<target host="goto.google.com" />
+	<target host="health.google.com" />
+	<target host="helpouts.google.com" />
+	<target host="history.google.com" />
+	<target host="hostedtalkgadget.google.com" />
+	<target host="investor.google.com" />
+	<target host="ipv4.google.com" />
+	<target host="ipv6.google.com" />
+	<target host="khms.google.com" />
+	<target host="khms0.google.com" />
+		<test url="http://khms0.google.com/kh/v=157&amp;src=app&amp;x=5&amp;y=0&amp;z=3" />
+		<!-- test url 404s but I couldn't find any that still worked -->
+	<target host="khms1.google.com" />
+		<test url="http://khms1.google.com/kh/v=157&amp;src=app&amp;x=5&amp;y=0&amp;z=3" />
+		<!-- test url 404s but I couldn't find any that still worked -->
+	<target host="khms2.google.com" />
+	<target host="khms3.google.com" />
+	<target host="knol.google.com" />
+	<target host="knoll.google.com" />
+	<target host="mail.google.com" />
+		<target host="chatenabled.mail.google.com" />
+	<!-- See GoogleMaps.xml for maps -->
+	<target host="maps-api-ssl.google.com" />
+		<test url="http://maps-api-ssl.google.com/maps/api/js?sensor=false" />
+	<target host="mw2.google.com" />
+	<target host="pack.google.com" />
+	<target host="photo.google.com" />
+	<target host="photos.google.com" />
+	<target host="www.photos.google.com" />
+	<target host="pki.google.com" />
+	<target host="play.google.com" />
+	<target host="plus.google.com" />
+		<target host="plus.sandbox.google.com" />
+	<target host="plusone.google.com" />
+	<target host="productforums.google.com" />
+	<target host="profiles.google.com" />
+	<target host="safebrowsing.google.com" />
+	<target host="safebrowsing-cache.google.com" />
+	<target host="sb-ssl.google.com" />
+	<!-- see Google.tld_Subdomains.xml for scholar -->
+	<target host="script.google.com" />
+	<target host="security.google.com" />
+	<target host="services.google.com" />
+	<target host="shopping.google.com" />
+	<target host="sites.google.com" />
+	<target host="slides.google.com" />
+	<target host="sorry.google.com" />
+	<target host="spreadsheets.google.com" />
+	<target host="support.google.com" />
+	<target host="talk.google.com" />
+	<!-- See the complex ruleset for tbn\d -->
+	<target host="tools.google.com" />
+	<target host="trends.google.com" />
+	<target host="videos.google.com" />
+	<target host="wallet.google.com" />
+
+	<securecookie host="^(\.code|login\.corp|developers|docs|\d\.docs|fiber|mail|plus|\.?productforums|support)\.google\.com$" name=".+" />
+	<securecookie host="^maps-api-ssl\.google\.com$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Google.com_Subdomains_Complex.xml b/src/chrome/content/rules/Google.com_Subdomains_Complex.xml
new file mode 100644
index 000000000000..7914cadde67a
--- /dev/null
+++ b/src/chrome/content/rules/Google.com_Subdomains_Complex.xml
@@ -0,0 +1,75 @@
+<!--
+	Other Google rulesets:
+		- See Google.com_Subdomains.html for rules that don't match the complex rule here
+		- See GoogleServices.xml for the list
+-->
+<ruleset name="Google.com Subdomains (Complex)">
+	<target host="*.google.com" />
+
+	<rule from="^http://clients\d\.google\.com/"
+			to="https://clients1.google.com/" />
+		<test url="http://clients1.google.com/tools/pso/ping" />
+		<test url="http://clients2.google.com/tools/pso/ping" />
+		<test url="http://clients3.google.com/tools/pso/ping" />
+		<!--
+			The need for clients\d -> clients1
+
+			"http://clients2.google.com/complete/search?hl=ja&client=hp&expIds=17259,24660,24729,24745&q=m&cp=1"
+			HTTP/1.1 200 OK
+			"https://clients2.google.com/complete/search?hl=ja&client=hp&expIds=17259,24660,24729,24745&q=m&cp=1"
+			HTTP/1.1 404 Not Found
+			"https://clients1.google.com/complete/search?hl=ja&client=hp&expIds=17259,24660,24729,24745&q=m&cp=1"s
+			HTTP/1.1 200 OK
+		-->
+		<!-- This is needed for OCSP responder to work.
+			If OCSP checking is set to hard-fail the user-agent might have troubles accessing some HTTPS sites
+		-->
+		<exclusion pattern="^http://clients\d\.google\.com/ocsp"/>
+			<test url="http://clients1.google.com/ocsp" />
+			<test url="http://clients2.google.com/ocsp" />
+			<test url="http://clients3.google.com/ocsp" />
+
+		<!--
+			Captive portal detection of Google.
+			Many captive portals break TLS, so exempt this redirect URL.
+			See also GitHub bug #368 and #8921
+		-->
+		<exclusion pattern="^http://clients\d\.google\.com/generate_204$"/>
+			<test url="http://clients1.google.com/generate_204" />
+			<test url="http://clients2.google.com/generate_204" />
+			<test url="http://clients3.google.com/generate_204" />
+
+	<rule from="^http://(docs\d)\.google\.com/"
+			to="https://$1.google.com/" />
+			<test url="http://docs1.google.com/" />
+			<test url="http://docs2.google.com/" />
+			<test url="http://docs3.google.com/" />
+
+	<rule from="^http://(\d\.docs)\.google\.com/"
+			to="https://$1.google.com/" />
+			<test url="http://1.docs.google.com/" />
+			<test url="http://2.docs.google.com/" />
+			<test url="http://3.docs.google.com/" />
+
+	<rule from="^http://(spreadsheets\d)\.google\.com/"
+			to="https://$1.google.com/" />
+		<test url="http://spreadsheets1.google.com/" />
+		<test url="http://spreadsheets2.google.com/" />
+		<test url="http://spreadsheets3.google.com/" />
+
+	<rule from="^http://(?:encrypted-)?tbn(\d)\.google\.com/"
+		to="https://encrypted-tbn$1.google.com/" />
+		<test url="http://encrypted-tbn1.google.com/" />
+		<test url="http://encrypted-tbn2.google.com/" />
+		<test url="http://encrypted-tbn3.google.com/" />
+		<test url="http://tbn1.google.com/" />
+		<test url="http://tbn2.google.com/" />
+		<test url="http://tbn3.google.com/" />
+
+	<rule from="^http://([\w-]+)\.clients\.google\.com/"
+		to="https://$1.clients.google.com/" />
+		<test url="http://foo.clients.google.com/bar" />
+		<test url="http://bar.clients.google.com/" />
+		<test url="http://foobar.clients.google.com/foobar" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Google.org.xml b/src/chrome/content/rules/Google.org.xml
index d6cc47881ba2..7ce26e73b15c 100644
--- a/src/chrome/content/rules/Google.org.xml
+++ b/src/chrome/content/rules/Google.org.xml
@@ -1,14 +1,15 @@
 <!--
-	For other Google coverage, see GoogleServices.xml.
-
+	For other Google coverage, see GoogleServices.xml
 -->
 <ruleset name="Google.org">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="google.org" />
 	<target host="www.google.org" />
 
 
-	<rule from="^http://(www\.)?google\.org/"
-		to="https://$1google.org/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Google.tld_Subdomains.xml b/src/chrome/content/rules/Google.tld_Subdomains.xml
new file mode 100644
index 000000000000..442c669a6796
--- /dev/null
+++ b/src/chrome/content/rules/Google.tld_Subdomains.xml
@@ -0,0 +1,186 @@
+
+<!--
+	For other Google coverage, see GoogleServices.xml
+
+	This ruleset is subdomains that exist on google.tld (not just google.com)
+
+-->
+<ruleset name="Google.tld Subdomains">
+	<!--
+		failure: *.google.* failed: The target host must be a hostname, not URL, and must use at most one wildcard.
+	-->
+	<target host="accounts.google.*" />
+	<target host="groups.google.*" />
+	<target host="images.google.*" />
+	<target host="m.google.*" />
+	<target host="maps.google.*" />
+	<target host="news.google.*" />
+	<target host="scholar.google.*" />
+
+	<target host="accounts.google.com.*" />
+	<target host="adwords.google.com.*" />
+	<target host="groups.google.com.*" />
+	<target host="images.google.com.*" />
+	<target host="maps.google.com.*" />
+	<target host="news.google.com.*" />
+	<target host="translate.google.com.*" />
+
+	<securecookie host="^(adwords|m|maps|translate)\.google\.[\w.]{2,6}$" name=".+" />
+
+	<rule from="^http://(accounts|adwords|groups|images|m|maps|news|scholar|translate)\.google\.((com?\.)?\w{2,3})/"
+			to="https://$1.google.$2/" />
+
+		<test url="http://accounts.google.ca/" />
+		<test url="http://accounts.google.ru/" />
+		<test url="http://accounts.google.cn/" />
+		<test url="http://accounts.google.hk/" />
+		<test url="http://accounts.google.ge/" />
+		<test url="http://accounts.google.af/" />
+		<test url="http://accounts.google.lv/" />
+		<test url="http://accounts.google.pk/" />
+		<test url="http://accounts.google.jp/" />
+		<test url="http://accounts.google.de/" />
+
+    <test url="http://accounts.google.com/" />
+		<test url="http://accounts.google.com.au/" />
+    <test url="http://accounts.google.com.mx/" />
+    <test url="http://accounts.google.com.ge/" />
+    <test url="http://accounts.google.com.cy/" />
+    <test url="http://accounts.google.com.af/" />
+    <test url="http://accounts.google.com.et/" />
+    <test url="http://accounts.google.com.lb/" />
+    <test url="http://accounts.google.com.ai/" />
+    <test url="http://accounts.google.com.hk/" />
+
+		<test url="http://adwords.google.com.au/" />
+    <test url="http://adwords.google.com.mx/" />
+    <test url="http://adwords.google.com.pk/" />
+    <test url="http://adwords.google.com.cn/" />
+    <test url="http://adwords.google.com.ru/" />
+    <test url="http://adwords.google.com.ph/" />
+    <test url="http://adwords.google.com.sg/" />
+    <test url="http://adwords.google.com.vn/" />
+    <test url="http://adwords.google.com.hk/" />
+
+		<test url="http://groups.google.ca/" />
+		<test url="http://groups.google.hk/" />
+		<test url="http://groups.google.cc/" />
+		<test url="http://groups.google.pk/" />
+		<test url="http://groups.google.ru/" />
+		<test url="http://groups.google.gp/" />
+		<test url="http://groups.google.gl/" />
+		<test url="http://groups.google.ag/" />
+		<test url="http://groups.google.dj/" />
+		<test url="http://groups.google.ec/" />
+
+		<test url="http://groups.google.com/" />
+		<test url="http://groups.google.com.au/" />
+		<test url="http://groups.google.com.hk/" />
+		<test url="http://groups.google.com.pk/" />
+		<test url="http://groups.google.com.ru/" />
+		<test url="http://groups.google.com.af/" />
+		<test url="http://groups.google.com.ai/" />
+		<test url="http://groups.google.com.ag/" />
+		<test url="http://groups.google.com.do/" />
+
+		<test url="http://images.google.ca/" />
+		<test url="http://images.google.hk/" />
+		<test url="http://images.google.cn/" />
+		<test url="http://images.google.cz/" />
+		<test url="http://images.google.pk/" />
+		<test url="http://images.google.af/" />
+		<test url="http://images.google.dj/" />
+		<test url="http://images.google.ec/" />
+		<test url="http://images.google.ru/" />
+		<test url="http://images.google.ag/" />
+
+		<test url="http://images.google.com/" />
+		<test url="http://images.google.com.au/" />
+		<test url="http://images.google.com.hk/" />
+		<test url="http://images.google.com.cn/" />
+		<test url="http://images.google.com.ai/" />
+		<test url="http://images.google.com.ge/" />
+		<test url="http://images.google.com.ec/" />
+		<test url="http://images.google.com.ag/" />
+		<test url="http://images.google.com.sg/" />
+
+		<test url="http://m.google.ca/" />
+		<test url="http://m.google.cn/" />
+		<test url="http://m.google.ru/" />
+		<test url="http://m.google.hk/" />
+		<test url="http://m.google.cf/" />
+		<test url="http://m.google.td/" />
+		<test url="http://m.google.cc/" />
+		<test url="http://m.google.gp/" />
+		<test url="http://m.google.iq/" />
+		<test url="http://m.google.lv/" />
+
+		<test url="http://m.google.com/" />
+		<test url="http://m.google.com.au/" />
+		<test url="http://m.google.com.cn/" />
+		<test url="http://m.google.com.ru/" />
+		<test url="http://m.google.com.hk/" />
+		<test url="http://m.google.com.iq/" />
+		<test url="http://m.google.com.lb/" />
+		<test url="http://m.google.com.mt/" />
+		<test url="http://m.google.com.om/" />
+		<test url="http://m.google.com.gr/" />
+
+		<test url="http://maps.google.ca/" />
+    <test url="http://maps.google.fr/" />
+    <test url="http://maps.google.iq/" />
+    <test url="http://maps.google.lv/" />
+    <test url="http://maps.google.ru/" />
+    <test url="http://maps.google.gr/" />
+    <test url="http://maps.google.td/" />
+    <test url="http://maps.google.ge/" />
+    <test url="http://maps.google.de/" />
+
+		<test url="http://maps.google.com/" />
+		<test url="http://maps.google.com.au/" />
+		<test url="http://maps.google.com.br/" />
+		<test url="http://maps.google.com.hk/" />
+		<test url="http://maps.google.com.cu/" />
+		<test url="http://maps.google.com.fj/" />
+		<test url="http://maps.google.com.gt/" />
+
+		<test url="http://news.google.ca/" />
+		<test url="http://news.google.cn/" />
+		<test url="http://news.google.fr/" />
+		<test url="http://news.google.de/" />
+		<test url="http://news.google.hk/" />
+		<test url="http://news.google.cc/" />
+		<test url="http://news.google.ru/" />
+		<test url="http://news.google.gg/" />
+		<test url="http://news.google.lv/" />
+		<test url="http://news.google.is/" />
+
+		<test url="http://news.google.com/" />
+		<test url="http://news.google.com.au/" />
+		<test url="http://news.google.com.cn/" />
+		<test url="http://news.google.com.ru/" />
+		<test url="http://news.google.com.iq/" />
+		<test url="http://news.google.com.na/" />
+		<test url="http://news.google.com.nr/" />
+		<test url="http://news.google.com.pk/" />
+		<test url="http://news.google.ca/archivesearch" />
+		<test url="http://news.google.com/archivesearch" />
+		<test url="http://news.google.com.au/archivesearch" />
+
+		<test url="http://translate.google.com.kh/" />
+		<test url="http://translate.google.com.ru/" />
+		<test url="http://translate.google.com.sg/" />
+		<test url="http://translate.google.com.cn/" />
+		<test url="http://translate.google.com.hk/" />
+		<test url="http://translate.google.com.mx/" />
+		<test url="http://translate.google.com.iq/" />
+		<test url="http://translate.google.com.ge/" />
+		<test url="http://translate.google.com.mt/" />
+
+		<!-- This exclusion is for the Google-hosted LIFE photo archive, which can be
+		found at http://images.google.com/hosted/life (no trailing slash)
+		and which does not support HTTPS as of September 2017. -->
+		<exclusion pattern="^http://images\.google\.com/hosted/" />
+			<test url="http://images.google.com/hosted/life/67933df915a33f1f.html" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Google.xml b/src/chrome/content/rules/Google.xml
new file mode 100644
index 000000000000..23821ce17d29
--- /dev/null
+++ b/src/chrome/content/rules/Google.xml
@@ -0,0 +1,107 @@
+<!--
+	This ruleset only covers (www.)?google.tld
+	For other Google coverage, see GoogleServices.xml
+
+-->
+
+<ruleset name="Google">
+	<target host="google.com.*" />
+	<target host="www.google.com.*" />
+	<target host="google.co.*" />
+	<target host="www.google.co.*" />
+	<target host="google.*" />
+	<target host="www.google.*" />
+
+
+	<test url="http://google.co.il/" />
+	<test url="http://www.google.co.il/" />
+	<test url="http://google.co.in/" />
+	<test url="http://www.google.co.in/" />
+	<test url="http://google.co.jp/" />
+	<test url="http://www.google.co.jp/" />
+	<test url="http://google.co.kr/" />
+	<test url="http://www.google.co.kr/" />
+	<test url="http://google.co.ma/" />
+	<test url="http://www.google.co.ma/" />
+	<test url="http://google.co.nz/" />
+	<test url="http://www.google.co.nz/" />
+	<test url="http://google.co.th/" />
+	<test url="http://www.google.co.th/" />
+	<test url="http://google.co.ug/" />
+	<test url="http://www.google.co.ug/" />
+	<test url="http://google.co.uk/" />
+	<test url="http://www.google.co.uk/" />
+	<test url="http://google.co.za/" />
+	<test url="http://www.google.co.za/" />
+
+	<test url="http://google.cn/" />
+	<test url="http://www.google.cn/" />
+	<test url="http://google.co/" />
+	<test url="http://www.google.co/" />
+	<test url="http://google.fr/" />
+	<test url="http://www.google.fr/" />
+	<test url="http://google.de/" />
+	<test url="http://www.google.de/" />
+	<test url="http://google.lk/" />
+	<test url="http://www.google.lk/" />
+	<test url="http://google.in/" />
+	<test url="http://www.google.in/" />
+	<test url="http://google.kr/" />
+	<test url="http://www.google.kr/" />
+	<test url="http://google.nl/" />
+	<test url="http://www.google.nl/" />
+	<test url="http://google.ru/" />
+	<test url="http://www.google.ru/" />
+	<test url="http://google.sk/" />
+	<test url="http://www.google.sk/" />
+	<test url="http://google.ua/" />
+	<test url="http://www.google.ua/" />
+
+	<test url="http://google.com.au/" />
+	<test url="http://www.google.com.au/" />
+	<test url="http://google.com.bo/" />
+	<test url="http://www.google.com.bo/" />
+	<test url="http://google.com.co/" />
+	<test url="http://www.google.com.co/" />
+	<test url="http://google.com.ec/" />
+	<test url="http://www.google.com.ec/" />
+	<test url="http://google.com.hk/" />
+	<test url="http://www.google.com.hk/" />
+	<test url="http://google.com.kz/" />
+	<test url="http://www.google.com.kz/" />
+	<test url="http://google.com.mx/" />
+	<test url="http://www.google.com.mx/" />
+	<test url="http://google.com.ru/" />
+	<test url="http://www.google.com.ru/" />
+	<test url="http://google.com.sg/" />
+	<test url="http://www.google.com.sg/" />
+	<test url="http://google.com.sl/" />
+	<test url="http://www.google.com.sl/" />
+	<test url="http://google.com.vn/" />
+	<test url="http://www.google.com.vn/" />
+
+	<test url="http://www.google.ca/about" />
+	<test url="http://www.google.com/about" />
+	<test url="http://www.google.com.au/about" />
+	<test url="http://www.google.ca/accounts" />
+	<test url="http://www.google.com/accounts" />
+	<test url="http://www.google.com.au/accounts" />
+	<test url="http://www.google.ca/admob" />
+	<test url="http://www.google.com/admob" />
+	<test url="http://www.google.ca/adplanner" />
+	<test url="http://www.google.com/adplanner" />
+	<test url="http://www.google.com.au/adplanner" />
+	<test url="http://www.google.ca/ads" />
+	<test url="http://www.google.com/ads" />
+	<test url="http://www.google.com.au/ads" />
+
+	<test url="http://google.com/search?q=test&amp;tbm=isch" />
+	<test url="http://www.google.com/search?q=test&amp;tbm=isch" />
+	<test url="http://www.google.com/search?q=foobar&amp;tbm=isch" />
+	<test url="http://www.google.com/search?q=foobar&amp;tbm=isch&amp;something=baz" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GoogleAPIs.xml b/src/chrome/content/rules/GoogleAPIs.xml
index 9ca2ac9dbfe0..3993d9d3ddfe 100644
--- a/src/chrome/content/rules/GoogleAPIs.xml
+++ b/src/chrome/content/rules/GoogleAPIs.xml
@@ -1,5 +1,5 @@
 <!--
-	For other Google coverage, see GoogleServices.xml.
+	For other Google coverage, see GoogleServices.xml
 
 
 	Nonfunctional domains:
@@ -16,7 +16,10 @@
 		- gmodules.com			(503, CN: www.google.com)
 		- www.gmodules.com		(503, CN: *.googleusercontent.com)
 		- gstatic.com			(404, valid cert)
-		- api.recaptcha.net		(works; mismatched, CN: google.com)
+		These two changed URL formats as well as domains, need to find an example
+		of the old format in the wild:
+		- api.recaptcha.net	(→ www.google.com)
+		- api-secure.recaptcha.net
 
 
 	Partially covered domains:
@@ -34,15 +37,13 @@
 
 			- linkhelp
 
-		- ssl.google-analytics.com
-		- www.google-analytics.com
-
 		- googleapis.com subdomains:
 
 			- ajax
 			- chart
 			- *.commondatastorage
 			- fonts
+			- storage
 			- *.storage
 			- www
 
@@ -51,64 +52,83 @@
 			- (www.)	(^ → www)
 			- csi
 			- encrypted-tbn\d
+			- fonts
 			- g0
 			- *.metric
 			- ssl
 			- t\d
 
-		- api.recaptcha.net	(→ www.google.com)
-		- gdata.youtube.com
-
-
-	ssl.google-analytics.com/ga.js sets __utm\w wildcard
-	cookies on whichever domain it is loaded from.
 
 -->
 <ruleset name="Google APIs">
-
 	<target host="gmodules.com" />
 	<target host="www.gmodules.com" />
-	<target host="google.com" />
-	<target host="apis.google.com" />
-	<target host="*.apis.google.com" />
-	<target host="*.clients.google.com" />
-	<target host="www.google.com" />
-	<target host="*.google-analytics.com" />
-	<target host="*.googleapis.com" />
+		<!-- need this exclusion otherwise the test checker will use the hosts as test urls -->
+		<exclusion pattern="^http://(www\.)?gmodules\.com/$" />
+
+	<target host="ajax.googleapis.com" />
+		<!-- The implicit test URL at the root of this domain generates a 404.
+				 Add an exclusion so the fetcher is happy. -->
+		<exclusion pattern="^http://ajax\.googleapis\.com/$" />
+	<target host="chart.googleapis.com" />
+		<!-- The implicit test URL at the root of this domain generates a 404.
+				 Add an exclusion so the fetcher is happy. -->
+		<exclusion pattern="^http://chart\.googleapis\.com/$" />
+	<target host="ct.googleapis.com" />
+	<target host="fonts.googleapis.com" />
+	<target host="imasdk.googleapis.com" />
+	<target host="maps.googleapis.com" />
+	<target host="www.googleapis.com" />
+	<target host="commondatastorage.googleapis.com" />
+	<target host="*.commondatastorage.googleapis.com" />
+	<target host="*.storage.googleapis.com" />
+	<target host="storage.googleapis.com" />
+
 	<target host="gstatic.com" />
 	<target host="*.gstatic.com" />
-	<target host="api.recaptcha.net" />
-	<target host="gdata.youtube.com" />
-		<exclusion pattern="^http://gdata\.youtube\.com/crossdomain\.xml" />
-
-
-	<securecookie host="^ssl\.google-analytics\.com$" name=".+" />
 
+	<securecookie host="^maps\.gstatic\.com$" name=".+" />
+
+	<!--	Captive portal detection redirects to this URL, and many captive
+		portals break TLS, so exempt this redirect URL.
+		See GitHub bug #368
+			-->
+	<exclusion pattern="^http://www\.gstatic\.com/generate_204" />
+		<test url="http://www.gstatic.com/generate_204" />
+
+	<!--	Breaks digitalattackmap.com, cf.
+		https://trac.torproject.org/projects/tor/ticket/15154
+			-->
+	<exclusion pattern="^http://www\.gstatic\.com/ddos-viz/attacks\.json" />
+		<test url="http://www.gstatic.com/ddos-viz/attacks.json" />
+	<!--	Causes CORS issues on http://www.codeskulptor.org/ (try saving
+		current file). See https://github.com/EFForg/https-everywhere/issues/1828
+			-->
+	<exclusion pattern="^http://codeskulptor-user\d+\.commondatastorage\.googleapis\.com/" />
+		<test url="http://codeskulptor-user44.commondatastorage.googleapis.com/user44_0LxgCGWCjo_0.py" />
+		<test url="http://codeskulptor-user301.commondatastorage.googleapis.com/user301_nVlSk7alrk_0.py" />
 
 	<rule from="^http://(?:www\.)?gmodules\.com/ig/images/"
 		to="https://www.google.com/ig/images/" />
+		<test url="http://gmodules.com/ig/images/" />
+		<test url="http://www.gmodules.com/ig/images/" />
 
-	<!--	jsapi was causing problems on some sites that embed google maps:
-		https://trac.torproject.org/projects/tor/ticket/2335
-		Apparently now fixed; thanks, Google!
-							-->
-	<rule from="^http://(?:www\.)?google\.com/(afsonline/|chart|jsapi|recaptcha/|uds)"
-		to="https://www.google.com/$1" />
-
-	<rule from="^http://(api|[\w-]+\.client)s\.google\.com/"
-		to="https://$1s.google.com/" />
-
-	<rule from="^http://chart\.apis\.google\.com/chart"
-		to="https://chart.googleapis.com/chart" />
-
-	<rule from="^http://(ssl|www)\.google-analytics\.com/"
-		to="https://$1.google-analytics.com/" />
-
-	<rule from="^http://(ajax|chart|fonts|www)\.googleapis\.com/"
+	<rule from="^http://(ajax|chart|ct|fonts|imasdk|maps|www)\.googleapis\.com/"
 		to="https://$1.googleapis.com/" />
+		<test url="http://ajax.googleapis.com/ajax/libs/angular_material/0.8.2/angular-material.min.js" />
+		<test url="http://ct.googleapis.com/aviator/ct/v1/get-entries?start=0&amp;end=1" />
+		<test url="http://chart.googleapis.com/chart?cht=p3&amp;chs=250x100&amp;chd=t:60,40&amp;chl=Hello|World" />
+		<test url="http://fonts.googleapis.com/css?family=Tangerine" />
+		<test url="http://maps.googleapis.com/maps/ms?hl=da&amp;ie=UTF8&amp;msa=0&amp;msid=213981917930555964408.00044f8886ceeef1c1b88&amp;source=embed&amp;ll=55.432276,9.439402&amp;spn=0.017045,0.043774&amp;z=14" />
 
-	<rule from="^http://([^@:\./]+\.)?(commondata)?storage\.googleapis\.com/"
+	<rule from="^http://([\w-]+\.)?(commondata)?storage\.googleapis\.com/"
 		to="https://$1$2storage.googleapis.com/" />
+		<test url="http://chromedriver.storage.googleapis.com/" />
+		<test url="http://fiber.storage.googleapis.com/channels/guide/kansascity.pdf" />
+		<test url="http://patentimages.storage.googleapis.com/" />
+		<test url="http://bookmarc-binders.commondatastorage.googleapis.com/allegion/Allegion%202014%20Residential%20Product%20Catalogue%20Regent%20Series%20Knobs%20Levers_0114.pdf" />
+		<test url="http://bookmarc-binders.commondatastorage.googleapis.com/danpalon/Danpalon%20Architectural%20Catalogue.pdf" />
+		<test url="http://ckannet-storage.commondatastorage.googleapis.com/2014-07-06T23:24:20.852Z/vol-1-no-2-paper-2-owusu-dankwa-prosper.pdf" />
 
 	<!--	There is an interesting question about whether we should
 		append &strip=1 to all cache URLs.  This causes them to load
@@ -119,16 +139,25 @@
 			With &strip=1, the cached page will be text-only and
 		will come exclusively from Google's HTTPS server.
 									-->
-	<rule from="^http://(?:www\.)?gstatic\.com/"
+	<rule from="^http://(www\.)?gstatic\.com/"
 		to="https://www.gstatic.com/" />
+		<test url="http://www.gstatic.com/" />
 
-	<rule from="^http://(csi|encrypted-tbn\d|g0|[\w-]+\.metric|ssl|t\d)\.gstatic\.com/"
+	<rule from="^http://(csi|encrypted-tbn\d|fonts|g0|maps|[\w-]+\.metric|ssl|t\d)\.gstatic\.com/"
 		to="https://$1.gstatic.com/" />
-
-	<rule from="^http://api\.recaptcha\.net/"
-		to="https://www.google.com/recaptcha/api/" />
-
-	<rule from="^http://gdata\.youtube\.com/"
-		to="https://gdata.youtube.com/" />
+		<test url="http://csi.gstatic.com/" />
+		<test url="http://encrypted-tbn1.gstatic.com/" />
+		<test url="http://encrypted-tbn2.gstatic.com/" />
+		<test url="http://encrypted-tbn3.gstatic.com/" />
+		<test url="http://fonts.gstatic.com/" />
+		<test url="http://g0.gstatic.com/" />
+		<test url="http://maps.gstatic.com/" />
+		<test url="http://test1-ds.metric.gstatic.com/" />
+		<test url="http://test2-ds.metric.gstatic.com/" />
+		<test url="http://test3-ds.metric.gstatic.com/" />
+		<test url="http://ssl.gstatic.com/" />
+		<test url="http://t1.gstatic.com/" />
+		<test url="http://t2.gstatic.com/" />
+		<test url="http://t3.gstatic.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/GoogleArtProject.com.xml b/src/chrome/content/rules/GoogleArtProject.com.xml
new file mode 100644
index 000000000000..5a14dd9e070c
--- /dev/null
+++ b/src/chrome/content/rules/GoogleArtProject.com.xml
@@ -0,0 +1,12 @@
+<!--
+	For other Google rulesets, see GoogleServices.xml
+
+-->
+<ruleset name="Google Art Project">
+
+	<target host="googleartproject.com" />
+	<target host="www.googleartproject.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GoogleCanada.xml b/src/chrome/content/rules/GoogleCanada.xml
deleted file mode 100644
index d5eefe816210..000000000000
--- a/src/chrome/content/rules/GoogleCanada.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="GoogleCanada">
-	<target host="google.ca" />
-	<target host="*.google.ca" />
-	<rule from="^http://([^/:@\.]+)\.google\.ca/finance" to="https://$1.google.ca/finance"/>
-</ruleset>
-
diff --git a/src/chrome/content/rules/GoogleImages.xml b/src/chrome/content/rules/GoogleImages.xml
deleted file mode 100644
index 928458352a65..000000000000
--- a/src/chrome/content/rules/GoogleImages.xml
+++ /dev/null
@@ -1,65 +0,0 @@
-<!--
-	For other Google coverage, see GoogleServices.xml.
-
-
-	Problematic domains:
-
-		- www.google.bo *
-		- www.google.co *
-		- www.google.ec *
-		- www.google.in *
-		- www.google.kr *
-		- www.google.com.kz **
-		- www.google.com.lk *
-		- www.google.mx **
-		- www.google.sg *
-		- www.google.sl *
-		- www.google.ug *
-		- www.google.vn *
-
-	* 404; mismatched, CN: google.com
-	** Works; mismatched, CN: google.com
-
--->
-<ruleset name="Google Images">
-
-	<target host="google.*" />
-	<target host="www.google.*" />
-	<target host="google.co.*" />
-	<target host="www.google.co.*" />
-	<target host="google.com" />
-	<target host="images.google.com" />
-	<target host="google.com.*" />
-	<target host="www.google.com.*" />
-		<!--
-			Only handle image-related paths in this ruleset:
-										-->
-		<exclusion pattern="^http://(?:www\.)?google(?:\.com?)?\.\w{2,3}/(?!(?:advanced_image_search|imghp|.*tb(?:m=isch|s=sbi)))" />
-
-
-	<rule from="^http://(?:www\.)?google\.com/"
-		to="https://www.google.com/" />
-
-	<rule from="^http://images\.google\.com/"
-		to="https://images.google.com/" />
-
-	<!--	First handle problematic domains:
-							-->
-	<rule from="^http://(?:www\.)?google\.co/"
-		to="https://www.google.com/" />
-
-	<rule from="^http://(?:www\.)?google\.(?:co\.)?(in|kr|ug)/"
-		to="https://www.google.$1/" />
-
-	<rule from="^http://(?:www\.)?google\.(?:com\.)?(kz|lk)/"
-		to="https://www.google.$1/" />
-
-	<rule from="^http://(?:www\.)?google\.(?:com\.)?(bo|ec|mx|sg|sl|vn)/"
-		to="https://www.google.com.$1/" />
-
-	<!--	And then the rest:
-					-->
-	<rule from="^http://(?:www\.)?google\.(com?\.)?(ae|ar|at|au|bg|bh|br|ca|ch|cl|co|cr|cu|de|eg|es|fi|fr|gh|gt|hr|id|ie|il|it|jo|jp|jm|ke|kw|lb|ly|my|na|ng|nl|no|nz|om|pa|pe|pk|pl|pt|py|qa|ro|ru|rw|sa|se|sv|th|tr|uk|uy|ve|za|zw)/"
-		to="https://www.google.$1$2/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/GoogleMainSearch.xml b/src/chrome/content/rules/GoogleMainSearch.xml
deleted file mode 100644
index 6b2fefbf7396..000000000000
--- a/src/chrome/content/rules/GoogleMainSearch.xml
+++ /dev/null
@@ -1,82 +0,0 @@
-<ruleset name="Search www.google.com" default_off="https://eff.org/https-everywhere/faq#google">
-
-<!-- 
-Enabling this ruleset should cause searches to go to
-https://www.google.com rather than https://encrypted.google.com.  Note that
-the filename is important; it must be before GoogleSearch.xml in a bash
-expansion of src/chrome/content/rules/*.xml in order to take precedence. 
--->
-
-  <target host="*.google.com" />
-  <target host="google.com" />
-  <target host="www.google.com.*" />
-  <target host="google.com.*" />
-  <target host="www.google.co.*" />
-  <target host="google.co.*" />
-  <target host="www.google.*" />
-  <target host="google.*" />
-  <!-- beyond clients1 these do not currently exist in the ccTLDs,
-       but just in case... -->
-  <target host="clients1.google.com.*" />
-  <target host="clients2.google.com.*" />
-  <target host="clients3.google.com.*" />
-  <target host="clients4.google.com.*" />
-  <target host="clients5.google.com.*" />
-  <target host="clients6.google.com.*" />
-  <target host="clients1.google.co.*" />
-  <target host="clients2.google.co.*" />
-  <target host="clients3.google.co.*" />
-  <target host="clients4.google.co.*" />
-  <target host="clients5.google.co.*" />
-  <target host="clients6.google.co.*" />
-  <target host="clients1.google.*" />
-  <target host="clients2.google.*" />
-  <target host="clients3.google.*" />
-  <target host="clients4.google.*" />
-  <target host="clients5.google.*" />
-  <target host="clients6.google.*" />
-
-  <rule from="^http://www\.google\.com/$"
-          to="https://www.google.com/"/>
-
-  <!-- The most basic case. -->
-
-  <rule from="^http://(?:www\.)?google\.com/search"
-          to="https://www.google.com/search"/>
-
-  <!-- this is a bit aggressive / risky -->
-  <rule from="^https?://encrypted\.google\.com/"
-          to="https://www.google.com/" />
-
-  <!-- A very annoying exception that we seem to need for the basic case -->
-
-  <exclusion pattern="^http://(?:www\.)?google\.com/search.*tbs=shop" />
-  <exclusion pattern="^http://clients[0-9]\.google\.com/.*client=products.*" />
-  <exclusion pattern="^http://suggestqueries\.google\.com/.*client=.*" />
-
-  <!-- https://trac.torproject.org/projects/tor/ticket/9713 -->
-
-  <exclusion pattern="^http://clients[0-9]\.google\.com/ocsp" />
-
-  <!-- This is necessary for image results links from web search results -->
-
-  <exclusion pattern="^http://(?:www\.)?google\.com/search.*tbm=isch.*" />
-
-  <rule from="^http://(?:www\.)?google\.com/webhp"
-          to="https://www.google.com/webhp"/>
-
-  <rule from="^http://(?:www\.)?google\.com/#"
-          to="https://www.google.com/#"/>
-
-  <rule from="^http://(?:www\.)?google\.com/$"
-          to="https://www.google.com/"/>
-
-   <!-- Completion urls look like this:
-
-http://clients2.google.co.jp/complete/search?hl=ja&client=hp&expIds=17259,24660,24729,24745&q=m&cp=1 HTTP/1.1\r\n
-
-   -->
-  <rule from="^http://clients[0-9]\.google\.com/complete/search"
-          to="https://clients1.google.com/complete/search"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/GoogleMaps.xml b/src/chrome/content/rules/GoogleMaps.xml
deleted file mode 100644
index 0f82c52673d5..000000000000
--- a/src/chrome/content/rules/GoogleMaps.xml
+++ /dev/null
@@ -1,67 +0,0 @@
-<!--
-	Problematic domains:
-
-		- khms *
-		- khms[0-3] *
-
-	* $ 404s
-
-
-	Fully covered domains:
-
-		- google.com subdomains:
-
-			- khms
-			- khms[0-3]
-
--->
-<ruleset name="Google Maps">
-
-	<target host="maps.google.*" />
-		<!--
-			https://trac.torproject.org/projects/tor/ticket/8627
-										-->
-		<exclusion pattern="^http://maps\.google\.com/local_url" />
-		<exclusion pattern="^http://maps\.google\.gr/transitathens" />
-	<target host="maps.google.co.*" />
-	<target host="khms.google.com" />
-	<target host="khms0.google.com" />
-	<target host="khms1.google.com" />
-	<target host="khms2.google.com" />
-	<target host="khms3.google.com" />
-	<target host="maps-api-ssl.google.com" />
-	<target host="mw2.google.com" />
-	<target host="maps.google.com.*" />
-	<target host="maps.googleapis.com" />
-		<!--
-			https://mail1.eff.org/pipermail/https-everywhere-rules/2012-September/001317.html
-														-->
-		<!--exclusion pattern="^http://maps\.googleapis\.com/map(files/lib/map_1_20\.swf|sapi/publicapi\?file=flashapi)" /-->
-		<exclusion pattern="^http://maps\.googleapis\.com/map(?:files/lib/map_\d+_\d+\.swf|sapi/publicapi\?file=flashapi)" />
-	<target host="maps.gstatic.com" />
-
-
-	<!--securecookie host="^maps\.google\.(com?\.)?(au|ca|gh|ie|in|jm|ke|lk|my|n[agz]|pk|rw|sl|sg|ug|uk|za|zw)$" name=".+" /-->
-	<securecookie host="^maps\.google\.[\w.]{2,6}$" name=".+" />
-	<securecookie host="^maps\.g(?:oogle|oogleapis|static)\.com$" name=".+" />
-	<securecookie host="^maps-api-ssl\.google\.com$" name=".+" />
-
-
-	<rule from="^http://maps\.google\.([^/]+)/"
-		to="https://maps.google.$1/" />
-
-	<!--	http://khms.../$ 404s:
-					-->
-	<rule from="^http://khms\d?\.google\.com/+\??$"
-		to="https://www.google.com/" />
-
-	<rule from="^http://(khms\d?|maps-api-ssl|mw2)\.google\.com/"
-		to="https://$1.google.com/" />
-
-	<rule from="^http://maps\.g(oogleapis|static)\.com/"
-		to="https://maps.g$1.com/" />
-
-	<rule from="^https://maps\.googleapis\.com/map(?=files/lib/map_\d+_\d+\.swf|sapi/publicapi\?file=flashapi)"
-		to="http://maps.googleapis.com/map" downgrade="1" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/GoogleMelange.com.xml b/src/chrome/content/rules/GoogleMelange.com.xml
new file mode 100644
index 000000000000..9f4871de6f56
--- /dev/null
+++ b/src/chrome/content/rules/GoogleMelange.com.xml
@@ -0,0 +1,12 @@
+<!--
+	For other Google coverage, see GoogleServices.xml.
+
+-->
+<ruleset name="GoogleMelange" default_off="cert-chain">
+
+	<target host="google-melange.com" />
+	<target host="www.google-melange.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GoogleMelange.xml b/src/chrome/content/rules/GoogleMelange.xml
deleted file mode 100644
index ec23cd45fe77..000000000000
--- a/src/chrome/content/rules/GoogleMelange.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="GoogleMelange">
-  <target host="www.google-melange.com" />
-  <target host="google-melange.com" />
-
-  <rule from="^http://(www\.)?google-melange\.com/" to="https://www.google-melange.com/" />
-</ruleset>
diff --git a/src/chrome/content/rules/GoogleSearch.xml b/src/chrome/content/rules/GoogleSearch.xml
deleted file mode 100644
index 54762b261e55..000000000000
--- a/src/chrome/content/rules/GoogleSearch.xml
+++ /dev/null
@@ -1,131 +0,0 @@
-<ruleset name="Google Search">
-
-	<target host="google.com" />
-	<target host="*.google.com" />
-	<target host="google.com.*" />
-	<target host="www.google.com.*" />
-	<target host="google.co.*" />
-	<target host="www.google.co.*" />
-	<target host="google.*" />
-	<target host="www.google.*" />
-	<!--
-		Beyond clients1 these do not currently
-		exist in the ccTLDs, but just in case...
-							-->
-	<target host="clients1.google.com.*" />
-	<target host="clients2.google.com.*" />
-	<target host="clients3.google.com.*" />
-	<target host="clients4.google.com.*" />
-	<target host="clients5.google.com.*" />
-	<target host="clients6.google.com.*" />
-	<target host="clients1.google.co.*" />
-	<target host="clients2.google.co.*" />
-	<target host="clients3.google.co.*" />
-	<target host="clients4.google.co.*" />
-	<target host="clients5.google.co.*" />
-	<target host="clients6.google.co.*" />
-	<target host="clients1.google.*" />
-	<target host="clients2.google.*" />
-	<target host="clients3.google.*" />
-	<target host="clients4.google.*" />
-	<target host="clients5.google.*" />
-	<target host="clients6.google.*" />
-
-
-	<!--	Some Google pages can generate naive links back to the
-		unencrypted version of encrypted.google.com, which is
-		a 301 but theoretically vulnerable to SSL stripping.
-									-->
-	<rule from="^http://encrypted\.google\.com/"
-		to="https://encrypted.google.com/" />
-
-	<!--	The most basic case.
-					-->
-	<rule from="^http://(?:www\.)?google\.com/search"
-		to="https://encrypted.google.com/search" />
-
-	<!--	A very annoying exception that we
-		seem to need for the basic case
-						-->
-	<exclusion pattern="^http://(?:www\.)?google\.com/search.*tbs=shop" />
-	<exclusion pattern="^http://clients\d\.google\.com/.*client=products.*" />
-	<exclusion pattern="^http://suggestqueries\.google\.com/.*client=.*" />
-
-  <!-- https://trac.torproject.org/projects/tor/ticket/9713 
-         -->
-
-  <exclusion pattern="^http://clients[0-9]\.google\.com/ocsp" />
-
-
-	<!--	This is necessary for image results
-		links from web search results
-						-->
-	<exclusion pattern="^http://(?:www\.)?google\.com/search.*tbm=isch.*" />
-
-	<rule from="^http://(?:www\.)?google\.com/about"
-		to="https://www.google.com/about" />
-
-	<!--	There are two distinct cases for these firefox searches	-->
-
-	<rule from="^http://(?:www\.)?google(?:\.com?)?\.[a-z]{2}/firefox/?$"
-		to="https://encrypted.google.com/" />
-
-	<rule from="^http://(?:www\.)?google(?:\.com?)?\.[a-z]{2}/firefox"
-		to="https://encrypted.google.com/webhp" />
-
-	<rule from="^http://(?:www\.)?google\.com/webhp"
-		to="https://encrypted.google.com/webhp" />
-
-	<rule from="^http://codesearch\.google\.com/"
-		to="https://codesearch.google.com/" />
-
-	<rule from="^http://(?:www\.)?google\.com/codesearch"
-		to="https://www.google.com/codesearch" />
-
-	<rule from="^http://(?:www\.)?google\.com/#"
-		to="https://encrypted.google.com/#" />
-
-	<rule from="^http://(?:www\.)?google\.com/$"
-		to="https://encrypted.google.com/" />
-
-	<!--	Google supports IPv6 search, including
-		HTTPS with a valid certificate!	-->
-	<rule from="^http://ipv6\.google\.com/"
-		to="https://ipv6.google.com/" />
-
-	<!--	most google international sites look like
-		"google.fr", some look like "google.co.jp",
-		and some crazy ones like "google.com.au"	-->
-
-	<rule from="^http://(www\.)?google(\.com?)?\.([a-z]{2})/(search\?|#)"
-		to="https://$1google$2.$3/$4" />
-
-	<!--	Language preference setting	-->
-	<rule from="^http://(www\.)?google(\.com?)?\.([a-z]{2})/setprefs"
-	to="https://$1google$2.$3/setprefs" />
-
-	<!--	Completion urls look like this:
-
-http://clients2.google.co.jp/complete/search?hl=ja&client=hp&expIds=17259,24660,24729,24745&q=m&cp=1 HTTP/1.1\r\n
-
-		-->
-	<rule from="^http://clients\d\.google\.com/complete/search"
-		to="https://clients1.google.com/complete/search" />
-
-	<rule from="^http://clients\d\.google(\.com?\.[a-z]{2})/complete/search"
-		to="https://clients1.google.$1/complete/search" />
-
-	<rule from="^http://clients\d\.google\.([a-z]{2})/complete/search"
-		to="https://clients1.google.$1/complete/search" />
-
-	<rule from="^http://suggestqueries\.google\.com/complete/search"
-		to="https://clients1.google.com/complete/search" />
-
-	<rule from="^http://(www\.)?google\.(com?\.)?([a-z]{2})/(?:webhp)?$"
-		to="https://$1google.$2$3/" />
-
-	<!--	If there are URL parameters, keep them.	-->
-	<rule from="^http://(www\.)?google\.(com?\.)?([a-z]{2})/(?:webhp)?\?"
-		to="https://$1google.$2$3/webhp?" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/GoogleServices.xml b/src/chrome/content/rules/GoogleServices.xml
index 1def4bb9f1c6..c432eddbbf21 100644
--- a/src/chrome/content/rules/GoogleServices.xml
+++ b/src/chrome/content/rules/GoogleServices.xml
@@ -1,336 +1,55 @@
 <!--
 	Other Google rulesets:
-
 		- 2mdn.net.xml
 		- Admeld.xml
-		- ChannelIntelligence.com.xml
+		- Android.xml
+		- Apture.com.xml
+		- Blogspot.com_blogs.xml
+		- Certificate-transparency.org.xml
+		- ChromeStatus.com.xml
+		- Chromium.org.xml
+		- DartSearch.net.xml
 		- Doubleclick.net.xml
 		- FeedBurner.xml
+		- GetOutline.org.xml
+		- Google.com_Subdomains.xml
+		- Google.com_Subdomains_Complex.html
 		- Google.org.xml
+		- Google.tld_Subdomains.xml
 		- GoogleAPIs.xml
+		- Google-Analytics.com.xml
 		- Google_App_Engine.xml
-		- GoogleImages.xml
-		- GoogleShopping.xml
+		- GoogleArtProject.com.xml
+		- GoogleMelange.com.xml
+		- GoogleServices_Complex.xml (Simple rules that normally would reside here are in this ruleset)
+		- googletagmanager.com.xml
+		- googletagservices.com.xml
 		- Ingress.xml
+		- Made_with_Code.com.xml
 		- Meebo.xml
 		- Orkut.xml
-		- Postini.xml
-
-
-	Nonfunctional domains:
-
-		- feedproxy.google.com			(404, valid cert)
-		- partnerpage.google.com *
-		- safebrowsing.clients.google.com	(404, mismatched)
-		- (www.)googlesyndicatedsearch.com	(404; mismatched, CN: google.com)
-		- buttons.googlesyndication.com *
-
-	* 404, valid cert
-
-
-	Nonfunctional google.com paths:
-
-		- analytics	(redirects to http)
-		- imgres
-		- gadgets *
-		- hangouts	(404)
-		- u/		(404)
-
-	* Redirects to http
-
-
-	Problematic domains:
-
-		- www.goo.gl		(404; mismatched, CN: *.google.com)
-
-		- google.com subdomains:
-
-			- books		(googlebooks/, images/, & intl/ 404, but works when rewritten to www)
-			- cbks0 ****
-			- gg		($ 404s)
-			- knoll *
-			- scholar **
-			- trends *
-
-		- news.google.cctld **
-		- scholar.google.cctld **
-		- *-opensocial.googleusercontent.com ***
-
-	**** $ 404s
-	* 404, valid cert
-	** Redirects to http, valid cert
-	*** Breaks followers widget - https://trac.torproject.org/projects/tor/ticket/7294
-
-
-	Partially covered domains:
-
-		- google.cctld subdomains:
-
-			- scholar	(→ www)
-
-		- google.com subdomains:
-
-			- (www.)
-			- cbks0		($ 404s)
-			- gg		($ 404s)
-			- news		(→ www)
-			- scholar	(→ www)
-
-		- *.googleusercontent.com	(*-opensocial excluded)
-
-
-	Fully covered domains:
-
-		- lh[3-6].ggpht.com
-		- (www.)goo.gl		(www → ^)
-
-		- google.com subdomains:
-
-			- accounts
-			- adwords
-			- apis
-			- appengine
-			- books		(→ encrypted)
-			- calendar
-			- checkout
-			- chrome
-			- clients[12]
-			- code
-			- *.corp
-			- developers
-			- dl
-			- docs
-			- docs\d
-			- drive
-			- encrypted
-			- encrypted-tbn[123]
-			- feedburner
-			- fiber
-			- finance
-			- glass
-			- groups
-			- health
-			- helpouts
-			- history
-			- hostedtalkgadget
-			- id
-			- investor
-			- knol
-			- knoll		(→ knol)
-			- lh\d
-			- mail
-			- chatenabled.mail
-			- pack
-			- picasaweb
-			- pki
-			- play
-			- plus
-			- plusone
-			- productforums
-			- profiles
-			- safebrowsing-cache
-			- cert-test.sandbox
-			- plus.sandbox
-			- sb-ssl
-			- script
-			- security
-			- servicessites
-			- sites
-			- spreadsheets
-			- spreadsheets\d
-			- support
-			- talk
-			- talkgadget
-			- tbn2			(→ encrypted-tbn2)
-			- tools
-			- translate
-			- trends		(→ www)
-
-		- partner.googleadservices.com
-		- (www.)googlecode.com
-		- *.googlecode.com	(per-project subdomains)
-		- googlesource.com
-		- *.googlesource.com
-		- pagead2.googlesyndication.com
-		- tpc.googlesyndication.com
-		- mail-attachment.googleusercontent.com
-		- webcache.googleusercontent.com
-
-
-	XXX: Needs more testing
-
+		- pki.goog.xml
+		- Polymer-Project.org.xml
+		- Waze.com.xml
+		- WebM_Project.org.xml
+		- With_Google.com.xml
 -->
-<ruleset name="Google Services">
+<ruleset name="Google Services Simple">
+
+	<target host="pagead2.googlesyndication.com" />
+	<target host="tpc.googlesyndication.com" />
 
-	<target host="*.ggpht.com" />
+	<!-- Gmail -->
 	<target host="gmail.com" />
-	<target host="www.gmail.com" />
-	<target host="goo.gl" />
-	<target host="www.goo.gl" />
-	<target host="google.*" />
-	<target host="accounts.google.*" />
-	<target host="adwords.google.*" />
-	<target host="finance.google.*" />
-	<target host="groups.google.*" />
-	<target host="it.google.*" />
-	<target host="news.google.*" />
-		<exclusion pattern="^http://(?:news\.)?google\.com/(?:archivesearch|newspapers)" />
-	<target host="picasaweb.google.*" />
-	<target host="scholar.google.*" />
-	<target host="translate.google.*" />
-	<target host="www.google.*" />
-	<target host="*.google.ca" />
-	<target host="google.co.*" />
-	<target host="accounts.google.co.*" />
-	<target host="adwords.google.co.*" />
-	<target host="finance.google.co.*" />
-	<target host="groups.google.co.*" />
-	<target host="id.google.co.*" />
-	<target host="news.google.co.*" />
-	<target host="picasaweb.google.co.*" />
-	<target host="scholar.google.co.*" />
-	<target host="translate.google.co.*" />
-	<target host="www.google.co.*" />
-	<target host="google.com" />
-	<target host="*.google.com" />
-		<exclusion pattern="^http://(?:www\.)?google\.com/analytics/*(?:/[^/]+)?(?:\?.*)?$" />
-		<!--exclusion pattern="^http://books\.google\.com/(?!books/(\w+\.js|css/|javascript/)|favicon\.ico|googlebooks/|images/|intl/)" /-->
-		<exclusion pattern="^http://cbks0\.google\.com/(?:$|\?)" />
-		<exclusion pattern="^http://gg\.google\.com/(?!csi(?:$|\?))" />
-	<target host="google.com.*" />
-	<target host="accounts.google.com.*" />
-	<target host="adwords.google.com.*" />
-	<target host="groups.google.com.*" />
-	<target host="id.google.com.*" />
-	<target host="news.google.com.*" />
-	<target host="picasaweb.google.com.*" />
-	<target host="scholar.google.com.*" />
-	<target host="translate.google.com.*" />
-	<target host="www.google.com.*" />
-	<target host="partner.googleadservices.com" />
-	<target host="googlecode.com" />
-	<target host="*.googlecode.com" />
+		<target host="www.gmail.com" />
 	<target host="googlemail.com" />
-	<target host="www.googlemail.com" />
-	<target host="googlesource.com" />
-	<target host="*.googlesource.com" />
-	<target host="*.googlesyndication.com" />
-	<target host="www.googletagservices.com" />
-	<target host="googleusercontent.com" />
-	<target host="*.googleusercontent.com" />
-		<!--
-			Necessary for the Followers widget:
-
-				 https://trac.torproject.org/projects/tor/ticket/7294
-											-->
-		<exclusion pattern="http://[^@:\./]+-opensocial\.googleusercontent\.com" />
-
-
-	<!--	Can we secure any of these wildcard cookies safely?
-									-->
-	<!--securecookie host="^\.google\.com$" name="^(hl|I4SUserLocale|NID|PREF|S)$" /-->
-	<!--securecookie host="^\.google\.[\w.]{2,6}$" name="^(hl|I4SUserLocale|NID|PREF|S|S_awfe)$" /-->
-	<securecookie host="^(?:accounts|adwords|\.code|login\.corp|developers|docs|\d\.docs|fiber|mail|picasaweb|plus|\.?productforums|support)\.google\.[\w.]{2,6}$" name=".+" />
-	<securecookie host="^www\.google\.com$" name="^GoogleAccountsLocale_session$" />
-	<securecookie host="^mail-attachment\.googleusercontent\.com$" name=".+" />
+		<target host="www.googlemail.com" />
 	<securecookie host="^gmail\.com$" name=".+" />
 	<securecookie host="^www\.gmail\.com$" name=".+" />
 	<securecookie host="^googlemail\.com$" name=".+" />
 	<securecookie host="^www\.googlemail\.com$" name=".+" />
 
 
-	<!--    - lh 3-6 exist
-		- All appear identical
-		- Identical to lh\d.googleusercontent.com
-					-->
-	<rule from="^http://lh(\d)\.ggpht\.com/"
-		to="https://lh$1.ggpht.com/" />
-
-	<rule from="^http://lh(\d)\.google\.ca/"
-		to="https://lh$1.google.ca/" />
-
-
-	<rule from="^http://(www\.)?g(oogle)?mail\.com/"
-		to="https://$1g$2mail.com/" />
-
-	<rule from="^http://(?:www\.)?goo\.gl/"
-		to="https://goo.gl/" />
-
-
-	<!--	Redirects to http when rewritten to www:
-							-->
-	<rule from="^http://books\.google\.com/"
-		to="https://encrypted.google.com/" />
-
-	<!--	Paths that work on all in google.*
-							-->
-	<rule from="^http://(?:www\.)?google\.((?:com?\.)?\w{2,3})/(accounts|adplanner|ads|adsense|adwords|analytics|bookmarks|chrome|contacts|coop|cse|css|culturalinstitute|doodles|favicon\.ico|finance|goodtoknow|googleblogs|hostednews|images|intl|js|landing|logos|mapmaker|newproducts|news|nexus|patents|policies|prdhp|profiles|products|reader|s2|settings|shopping|support|tools|transparencyreport|trends|urchin|webmasters)(?=$|[?/])"
-		 to="https://www.google.$1/$2" />
-
-	<!--	Paths that 404 on .ccltd, but work on .com:
-								-->
-	<rule from="^http://(?:www\.)?google\.(?:com?\.)?\w{2,3}/(calendar|dictionary|doubleclick|help|ideas|postini|url)"
-		 to="https://www.google.com/$1" />
-
-	<rule from="^http://(?:www\.)?google\.(?:com?\.)?\w{2,3}/custom"
-		 to="https://www.google.com/cse" />
-
-	<!--	Paths that only exist/work on .com
-							-->
-	<rule from="^http://(?:www\.)?google\.com/(\+|appsstatus|books|buzz|extern_js|glass|googlebooks|ig|insights|moderator|phone|safebrowsing|videotargetting|webfonts)($|[?/])"
-		to="https://www.google.com/$1$2" />
-
-	<!--	Subdomains that work on all in google.*
-							-->
-	<rule from="^http://(accounts|adwords|finance|groups|id|picasaweb|translate)\.google\.((?:com?\.)?\w{2,3})/"
-		to="https://$1.google.$2/" />
-
-	<!--	Subdomains that only exist/work on .com
-							-->
-	<rule from="^http://(apis|appengine|books|calendar|cbks0|chat|checkout|chrome|clients[12]|code|[\w-]+\.corp|developers|dl|docs\d?|drive|encrypted|encrypted-tbn[123]|feedburner|fiber|fonts|gg|glass||health|helpouts|history|(?:hosted)?talkgadget|investor|lh\d|(?:chatenabled\.)?mail|pack|pki|play|plus(?:\.sandbox)?|plusone|productforums|profiles|safebrowsing-cache|cert-test\.sandbox|sb-ssl|script|security|servicessites|sites|spreadsheets\d?|support|talk|tools)\.google\.com/"
-		to="https://$1.google.com/" />
-
-	<exclusion pattern="^http://clients[0-9]\.google\.com/ocsp"/>
-
-	<rule from="^http://scholar\.google\.((?:com?\.)?\w{2,3})/intl/"
-		to="https://www.google.$1/intl/" />
-
-	<rule from="^http://(?:encrypted-)?tbn2\.google\.com/"
-		to="https://encrypted-tbn2.google.com/" />
-
-
-	<rule from="^http://knoll?\.google\.com/"
-		to="https://knol.google.com/" />
-
-
-	<rule from="^http://news\.google\.(?:com?\.)?\w{2,3}/(?:$|news|newshp)"
-		to="https://www.google.com/news" />
-
-	<rule from="^http://trends\.google\.com/"
-		 to="https://www.google.com/trends" />
-
-
-	<rule from="^http://([^/:@]+\.)?googlecode\.com/"
-		 to="https://$1googlecode.com/" />
-
-	<rule from="^http://([^\./]\.)?googlesource\.com/"
-		to="https://$1googlesource.com/" />
-
-
-	<rule from="^http://partner\.googleadservices\.com/"
-		 to="https://partner.googleadservices.com/" />
-
-	<rule from="^http://(pagead2|tpc)\.googlesyndication\.com/"
-		 to="https://$1.googlesyndication.com/" />
-
-	<!--	!www doesn't exist.
-					-->
-	<rule from="^http://www\.googletagservices\.com/tag/js/"
-		to="https://www.googletagservices.com/tag/js/" />
-
-
-	<rule from="^http://([^@:\./]+)\.googleusercontent\.com/"
-		to="https://$1.googleusercontent.com/" />
-	
-
+	<rule from="^http:"
+			to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/GoogleServices_Complex.xml b/src/chrome/content/rules/GoogleServices_Complex.xml
new file mode 100644
index 000000000000..3b26a5e83b39
--- /dev/null
+++ b/src/chrome/content/rules/GoogleServices_Complex.xml
@@ -0,0 +1,51 @@
+<!--
+	For other Google coverage, see GoogleServices.xml
+
+	Problematic domains:
+
+		- *-opensocial.googleusercontent.com ***
+
+	*** Breaks followers widget - https://trac.torproject.org/projects/tor/ticket/7294
+-->
+<ruleset name="Google Services">
+	<target host="*.ggpht.com" />
+	<target host="googlecode.com" />
+	<target host="*.googlecode.com" />
+	<target host="*.googleusercontent.com" />
+		<!--
+			Necessary for the Followers widget:
+
+				 https://trac.torproject.org/projects/tor/ticket/7294
+											-->
+		<exclusion pattern="^http://[\w-]+-opensocial\.googleusercontent\.com" />
+			<test url="http://code-opensocial.googleusercontent.com" />
+			<test url="http://8r8k4nsuv0p2aq5kcgq8de6noledo628-a-sites-opensocial.googleusercontent.com/gadgets/ifr?url=http://www.labpixies.com/campaigns/countdown/countdown.xml&amp;container=enterprise&amp;view=default&amp;lang=en&amp;country=ALL&amp;sanitize=0&amp;v=137237db1856077c&amp;libs=core:dynamic-height:setprefs:views&amp;mid=31&amp;parent=https://sites.google.com/site/roblessteph/" />
+			<test url="http://qa599q7p16rn40sms779eg17hpfu7oee-a-sites-opensocial.googleusercontent.com/gadgets/ifr?url=http://mit.edu/manus/www/gg/alicebot.xml&amp;container=enterprise&amp;view=default&amp;lang=en&amp;country=ALL&amp;sanitize=0&amp;v=5a00324a46fff2ec&amp;libs=core&amp;mid=3&amp;parent=http://www.eczm.com/" />
+
+	<securecookie host="^mail-attachment\.googleusercontent\.com$" name=".+" />
+
+	<!--    - lh 3-6 exist
+		- All appear identical
+		- Identical to lh\d.googleusercontent.com
+					-->
+	<rule from="^http://lh(\d)\.ggpht\.com/"
+		to="https://lh$1.ggpht.com/" />
+		<test url="http://lh3.ggpht.com/" />
+		<test url="http://lh4.ggpht.com/" />
+		<test url="http://lh5.ggpht.com/" />
+		<test url="http://lh6.ggpht.com/" />
+
+	<!-- wildcards -->
+
+	<rule from="^http://([\w-]+)\.googleusercontent\.com/"
+		to="https://$1.googleusercontent.com/" />
+		<test url="http://webcache.googleusercontent.com/" />
+		<test url="http://foo.googleusercontent.com/" />
+		<test url="http://bar.googleusercontent.com/" />
+
+	<rule from="^http://([\w-]+\.)?googlecode\.com/"
+		 to="https://$1googlecode.com/" />
+		<test url="http://foo.googlecode.com/" />
+		<test url="http://bar.googlecode.com/" />
+		<test url="http://www.googlecode.com/" />
+</ruleset>
diff --git a/src/chrome/content/rules/GoogleShopping.xml b/src/chrome/content/rules/GoogleShopping.xml
deleted file mode 100644
index 6ba69a91d400..000000000000
--- a/src/chrome/content/rules/GoogleShopping.xml
+++ /dev/null
@@ -1,28 +0,0 @@
-<!--
-	For other Google coverage, see GoogleServices.xml.
-
--->
-<ruleset name="Google Shopping">
-
-	<target host="google.*" />
-	<target host="www.google.*" />
-	<target host="google.co.*" />
-	<target host="www.google.co.*" />
-	<target host="*.google.com" />
-	<target host="google.com.*" />
-	<target host="www.google.com.*" />
-
-
-	<rule from="^http://encrypted\.google\.com/(prdhp|shopping)" 
-		to="https://www.google.com/$1" />
-
-	<rule from="^http://shopping\.google\.com/"
-		to="https://shopping.google.com/" />
-
-	<rule from="^http://(?:encrypted|www)\.google\.com/(.*tbm=shop)"
-		to="https://www.google.com/$1" />
-
-	<rule from="^http://(?:www\.)?google\.((?:com?\.)?(?:ae|ar|at|au|bg|bh|bo|br|ca|ch|cl|cr|co|cu|de|ec|eg|es|fi|fr|gh|gt|hr|id|ie|il|in|it|jm|jo|jp|ke|kr|kw|kz|lb|lk|ly|mx|my|na|ng|nl|no|nz|om|pa|pe|pk|pl|pt|py|qa|ro|ru|rw|sa|sg|sl|se|sv|th|tr|ug|uk|uy|ve|vn|za|zw))/(?=prdhp|shopping)"
-		to="https://www.google.com/$1" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/GoogleSorry.xml b/src/chrome/content/rules/GoogleSorry.xml
deleted file mode 100644
index 72a19210d807..000000000000
--- a/src/chrome/content/rules/GoogleSorry.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="GoogleSorry">
-  <target host="sorry.google.com" />
-  <target host="www.google.com" />
-  <target host="google.com" />
-
-  <rule from="^http://((sorry|www)\.)?google\.com/sorry/" to="https://sorry.google.com/sorry/" />
-</ruleset>
diff --git a/src/chrome/content/rules/GoogleTranslate.xml b/src/chrome/content/rules/GoogleTranslate.xml
deleted file mode 100644
index 5e0c71d581f0..000000000000
--- a/src/chrome/content/rules/GoogleTranslate.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="Google Translate" platform="firefox">
-  <target host="translate.googleapis.com" />
-  <target host="translate.google.com" />
-
-  <rule from="^http://translate\.googleapis\.com/" to="https://translate.googleapis.com/"/>
-  <rule from="^http://translate\.google\.com/translate_a/element\.js" to="https://translate.google.com/translate_a/element.js"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/GoogleVideos.xml b/src/chrome/content/rules/GoogleVideos.xml
deleted file mode 100644
index a5e88fcf0a42..000000000000
--- a/src/chrome/content/rules/GoogleVideos.xml
+++ /dev/null
@@ -1,83 +0,0 @@
-<ruleset name="Google Videos">
-  <target host="*.google.com" />
-  <target host="google.com" />
-  <target host="www.google.com.*" />
-  <target host="google.com.*" />
-  <target host="www.google.co.*" />
-  <target host="google.co.*" />
-  <target host="www.google.*" />
-  <target host="google.*" />
-
-  <rule from="^http://encrypted\.google\.com/videohp" 
-          to="https://encrypted.google.com/videohp" />
-
-  <!-- https://videos.google.com is currently broken; work around that... -->
-  <rule from="^https?://videos?\.google\.com/$"
-          to="https://encrypted.google.com/videohp" />
-  <rule from="^http://(?:www\.)?google\.com/videohp"
-	  to="https://encrypted.google.com/videohp" />
-  <rule from="^http://(?:images|www|encrypted)\.google\.com/(.*tbm=isch)"
-          to="https://encrypted.google.com/$1" />
-
-  <rule
-   from="^http://(?:www\.)?google\.(?:com?\.)?(?:au|ca|gh|ie|in|jm|ke|lk|my|na|ng|nz|pk|rw|sl|sg|ug|uk|za|zw)/videohp"
-     to="https://encrypted.google.com/videohp" />
-  <rule
-   from="^http://(?:www\.)?google\.(?:com?\.)?(?:ar|bo|cl|co|cu|cr|ec|es|gt|mx|pa|pe|py|sv|uy|ve)/videohp$"
-    to="https://encrypted.google.com/videohp?hl=es" />
-  <rule
-   from="^http://(?:www\.)?google\.(?:com\.)?(?:ae|bh|eg|jo|kw|lb|ly|om|qa|sa)/videohp$"
-     to="https://encrypted.google.com/videohp?hl=ar" />
-  <rule from="^http://(?:www\.)?google\.(?:at|ch|de)/videohp$"
-          to="https://encrypted.google.com/videohp?hl=de" />
-  <rule from="^http://(?:www\.)?google\.(fr|nl|it|pl|ru|bg|pt|ro|hr|fi|no)/videohp$"
-          to="https://encrypted.google.com/videohp?hl=$1" />
-  <rule from="^http://(?:www\.)?google\.com?\.(id|th|tr)/videohp$"
-          to="https://encrypted.google.com/videohp?hl=$1" />
-  <rule from="^http://(?:www\.)?google\.com\.il/videohp$"
-          to="https://encrypted.google.com/videohp?hl=he" />
-  <rule from="^http://(?:www\.)?google\.com\.kr/videohp$"
-          to="https://encrypted.google.com/videohp?hl=ko" />
-  <rule from="^http://(?:www\.)?google\.com\.kz/videohp$"
-          to="https://encrypted.google.com/videohp?hl=kk" />
-  <rule from="^http://(?:www\.)?google\.com\.jp/videohp$"
-          to="https://encrypted.google.com/videohp?hl=ja" />
-  <rule from="^http://(?:www\.)?google\.com\.vn/videohp$"
-          to="https://encrypted.google.com/videohp?hl=vi" />
-  <rule from="^http://(?:www\.)?google\.com\.br/videohp$"
-          to="https://encrypted.google.com/videohp?hl=pt-BR" />
-  <rule from="^http://(?:www\.)?google\.se/videohp$"
-          to="https://encrypted.google.com/videohp?hl=sv" />
-
-<!-- If there are URL parameters, keep them. -->
-  <rule
-   from="^http://(?:www\.)?google\.(?:com?\.)?(?:ar|bo|cl|co|cu|cr|ec|es|gt|mx|pa|pe|py|sv|uy|ve)/videohp\?"
-    to="https://encrypted.google.com/videohp?hl=es&#38;" />
-  <rule
-   from="^http://(?:www\.)?google\.(?:com\.)?(?:ae|bh|eg|jo|kw|lb|ly|om|qa|sa)/videohp\?"
-     to="https://encrypted.google.com/videohp?hl=ar&#38;" />
-  <rule from="^http://(?:www\.)?google\.(?:at|ch|de)/videohp\?"
-          to="https://encrypted.google.com/videohp?hl=de&#38;" />
-  <rule from="^http://(?:www\.)?google\.(fr|nl|it|pl|ru|bg|pt|ro|hr|fi|no)/videohp\?"
-          to="https://encrypted.google.com/videohp?hl=$1&#38;" />
-  <rule from="^http://(?:www\.)?google\.com?\.(id|th|tr)/videohp\?"
-          to="https://encrypted.google.com/videohp?hl=$1&#38;" />
-  <rule from="^http://(?:www\.)?google\.com\.il/videohp\?"
-          to="https://encrypted.google.com/videohp?hl=he&#38;" />
-  <rule from="^http://(?:www\.)?google\.com\.kr/videohp\?"
-          to="https://encrypted.google.com/videohp?hl=ko&#38;" />
-  <rule from="^http://(?:www\.)?google\.com\.kz/videohp\?"
-          to="https://encrypted.google.com/videohp?hl=kk&#38;" />
-  <rule from="^http://(?:www\.)?google\.com\.jp/videohp\?"
-          to="https://encrypted.google.com/videohp?hl=ja&#38;" />
-  <rule from="^http://(?:www\.)?google\.com\.vn/videohp\?"
-          to="https://encrypted.google.com/videohp?hl=vi&#38;" />
-  <rule from="^http://(?:www\.)?google\.com\.br/videohp\?"
-          to="https://encrypted.google.com/videohp?hl=pt-BR&#38;" />
-  <rule from="^http://(?:www\.)?google\.se/videohp\?"
-          to="https://encrypted.google.com/videohp?hl=sv&#38;" />
-
-	<rule from="^http://video\.google\.com/ThumbnailServer2"
-		to="https://video.google.com/ThumbnailServer2" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/GoogleWatchBlog.xml b/src/chrome/content/rules/GoogleWatchBlog.xml
index afec70c97bca..fba407b60134 100644
--- a/src/chrome/content/rules/GoogleWatchBlog.xml
+++ b/src/chrome/content/rules/GoogleWatchBlog.xml
@@ -2,16 +2,19 @@
 	gwbhrd.appspot.com
 
 -->
-<ruleset name="GoogleWatchBlog">
+<ruleset name="GoogleWatchBlog.de">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="googlewatchblog.de" />
-	<target host="*.googlewatchblog.de" />
+	<target host="static.googlewatchblog.de" />
+	<target host="www.googlewatchblog.de" />
 
 
 	<securecookie host="^(?:www)?\.googlewatchblog\.de$" name=".+" />
 
 
-	<rule from="^http://(static\.|www\.)?googlewatchblog\.de/"
-		to="https://$1googlewatchblog.de/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Google_App_Engine.xml b/src/chrome/content/rules/Google_App_Engine.xml
index 851e051d153c..c639af8699c7 100644
--- a/src/chrome/content/rules/Google_App_Engine.xml
+++ b/src/chrome/content/rules/Google_App_Engine.xml
@@ -1,21 +1,41 @@
 <!--
 	For other Google coverage, see GoogleServices.xml.
 
+	https://appspot.com/ returns 404
 -->
 <ruleset name="Google App Engine">
 
-	<target host="appspot.com" />
 	<target host="*.appspot.com" />
 		<!--
-			Redirects to http for some reason.
+			Redirect to http for some reason.
 								-->
 		<exclusion pattern="^http://photomunchers\.appspot\.com/" />
+		<test url="http://photomunchers.appspot.com/" />
+		<!--
+			Starbucks captive portals use this name internally,
+			but don't have a local key / cert for it (which is a
+			good thing). If we rewrite to HTTPS, we break access
+			to the captive portal, making it impossible to get
+			access to the Internet.
+			https://github.com/EFForg/https-everywhere/issues/1958#issuecomment-113695158
+		-->
+		<exclusion pattern="^http://sbux-portal\.appspot\.com/" />
+		<test url="http://sbux-portal.appspot.com/" />
+		<exclusion pattern="^http://www\.appspot\.com/" />
+		<test url="http://www.appspot.com/" />
+
+		<exclusion pattern="http://.+\..+\.appspot\.com/" />
+		<test url="http://www.evolutionofweb.appspot.com/" />
+		<test url="http://test.evolutionofweb.appspot.com/" />
+		<test url="http://thehumaneleague.yamm-track.appspot.com/" />
+
+	<test url="http://hstspreload.appspot.com/" />
 
 
-	<securecookie host="^.+\.appspot\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://([^@:\./]+\.)?appspot\.com/"
-		 to="https://$1appspot.com/" />
+	<rule from="^http:"
+		 to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Google_ad_services.com.xml b/src/chrome/content/rules/Google_ad_services.com.xml
new file mode 100644
index 000000000000..e10f11a2c33e
--- /dev/null
+++ b/src/chrome/content/rules/Google_ad_services.com.xml
@@ -0,0 +1,14 @@
+<!--
+	For other Google coverage, see GoogleServices.xml.
+
+-->
+<ruleset name="Google ad services.com">
+
+	<target host="googleadservices.com" />
+	<target host="www.googleadservices.com" />
+	<target host="partner.googleadservices.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Googleplex.com.xml b/src/chrome/content/rules/Googleplex.com.xml
deleted file mode 100644
index 7ddbb5ba989e..000000000000
--- a/src/chrome/content/rules/Googleplex.com.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!-- This rule was automatically generated based on an HSTS
-     preload rule in the Chromium browser.  See 
-     https://src.chromium.org/viewvc/chrome/trunk/src/net/base/transport_security_state.cc
-     for the list of preloads.  Sites are added to the Chromium HSTS
-     preload list on request from their administrators, so HTTPS should
-     work properly everywhere on this site.
- 
-     Because Chromium and derived browsers automatically force HTTPS for
-     every access to this site, this rule applies only to Firefox. -->
-<ruleset name="Googleplex.com (default off)" platform="firefox" default_off="Certificate error">
-  <target host="googleplex.com" />
-
-  <securecookie host="^googleplex\.com$" name=".+" />
-
-  <rule from="^http://googleplex\.com/" to="https://googleplex.com/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Gopro.com.xml b/src/chrome/content/rules/Gopro.com.xml
new file mode 100644
index 000000000000..130343cd1605
--- /dev/null
+++ b/src/chrome/content/rules/Gopro.com.xml
@@ -0,0 +1,60 @@
+<!--
+	Nonfunctional hosts in *.gopro.com:
+		- cbcdn1.gopro.com (m)
+		- cbcdn2.gopro.com (m)
+		- cineform.gopro.com (t)
+		- help.quik.gopro.com (m)
+		- staging.gopro.com (401)
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Gopro.com">
+	<target host="gopro.com" />
+	<target host="www.gopro.com" />
+	<target host="assets-aem.gopro.com" />
+		<test url="http://assets-aem.gopro.com/robots.txt" />
+	<target host="assets.gopro.com" />
+	<target host="community.gopro.com" />
+	<target host="de.gopro.com" />
+	<target host="developer.gopro.com" />
+	<target host="es.gopro.com" />
+	<target host="fr.gopro.com" />
+	<target host="g.gopro.com" />
+	<target host="investor.gopro.com" />
+	<target host="it.gopro.com" />
+	<target host="jp.gopro.com" />
+	<target host="ko.gopro.com" />
+	<target host="licensing.gopro.com" />
+	<target host="pt.gopro.com" />
+	<target host="quik.gopro.com" />
+	<target host="shop.gopro.com" />
+		<target host="de.shop.gopro.com" />
+		<target host="es.shop.gopro.com" />
+		<target host="fr.shop.gopro.com" />
+		<target host="it.shop.gopro.com" />
+		<target host="jp.shop.gopro.com" />
+		<target host="ko.shop.gopro.com" />
+		<target host="pt.shop.gopro.com" />
+		<target host="zh.shop.gopro.com" />
+	<target host="splice.gopro.com" />
+	<target host="workswith.gopro.com" />
+	<target host="zh.gopro.com" />
+
+	<target host="assets.gp-static.com" />
+	<target host="cbcdn1.gp-static.com" />
+	<target host="cbcdn2.gp-static.com" />
+	<target host="cbcdn3.gp-static.com" />
+	<target host="cbcdn4.gp-static.com" />
+	<target host="thumbnails.gp-static.com" />
+		<test url="http://cbcdn1.gp-static.com/robots.txt" />
+		<test url="http://cbcdn2.gp-static.com/robots.txt" />
+		<test url="http://cbcdn3.gp-static.com/robots.txt" />
+		<test url="http://cbcdn4.gp-static.com/robots.txt" />
+		<test url="http://thumbnails.gp-static.com/copyright-policy" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Gorod.dp.ua.xml b/src/chrome/content/rules/Gorod.dp.ua.xml
new file mode 100644
index 000000000000..7e905604073d
--- /dev/null
+++ b/src/chrome/content/rules/Gorod.dp.ua.xml
@@ -0,0 +1,15 @@
+<!--
+	Mixed content:
+		forum.gorod.dp.ua
+-->
+<ruleset name="Gorod.dp.ua">
+	<target host="gorod.dp.ua"/>
+	<target host="www.gorod.dp.ua"/>
+	<target host="a.gorod.dp.ua"/>
+	<target host="job.gorod.dp.ua"/>
+	<target host="m.gorod.dp.ua"/>
+	<target host="mobile.gorod.dp.ua"/>
+	<target host="web.gorod.dp.ua"/>
+
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/Gosuslugi.ru.xml b/src/chrome/content/rules/Gosuslugi.ru.xml
index 611d30525a21..c9192c9e3dfe 100644
--- a/src/chrome/content/rules/Gosuslugi.ru.xml
+++ b/src/chrome/content/rules/Gosuslugi.ru.xml
@@ -18,14 +18,18 @@
 -->
 <ruleset name="Gosuslugi.ru">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="gosuslugi.ru" />
-	<target host="*.gosuslugi.ru" />
+	<target host="esia.gosuslugi.ru" />
+	<target host="static.gosuslugi.ru" />
+	<target host="www.gosuslugi.ru" />
 
 
 	<securecookie host="^(?:esia|static|www)?\.gosuslugi\.ru$" name=".+" />
 
 
-	<rule from="^http://((?:esia|static|www)\.)?gosuslugi\.ru/"
-		to="https://$1gosuslugi.ru/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/GotFuturama.xml b/src/chrome/content/rules/GotFuturama.xml
index eec8c762558d..fb78a98b6a54 100644
--- a/src/chrome/content/rules/GotFuturama.xml
+++ b/src/chrome/content/rules/GotFuturama.xml
@@ -1,12 +1,11 @@
-<ruleset name="GotFuturama" default_off="self-signed">
+<ruleset name="GotFuturama.com" default_off="self-signed">
 
 	<!--	Cert: webserver.ispgateway.de	-->
 	<target host="gotfuturama.com" />
 	<target host="www.gotfuturama.com" />
 
 
-	<!--	!www redirects to www.	-->
-	<rule from="^http://(?:www\.)?gotfuturama\.com/"
-		to="https://www.gotfuturama.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/GotSkinsWholesales.com.xml b/src/chrome/content/rules/GotSkinsWholesales.com.xml
deleted file mode 100644
index c1ea86b89dfe..000000000000
--- a/src/chrome/content/rules/GotSkinsWholesales.com.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="GotSkinsWholesales.com">
-
-	<target host="gotskinswholesales.com" />
-	<target host="*.gotskinswholesales.com" />
-
-
-	<securecookie host="^(?:w*\.)?gotskinswholesales\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?gotskinswholesales\.com/"
-		to="https://$1gotskinswholesales.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Got_Vape.net.xml b/src/chrome/content/rules/Got_Vape.net.xml
new file mode 100644
index 000000000000..3733f57eb2f5
--- /dev/null
+++ b/src/chrome/content/rules/Got_Vape.net.xml
@@ -0,0 +1,40 @@
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://gotvape.com/ => https://gotvape.com/: (51, "SSL: no alternative certificate subject name matches target host name 'gotvape.com'")
+	Problematic domains:
+
+		- m.gotvape.com		(expired 2013-11-05)
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- m from images.gotvape.com *
+			- www from $self *
+			- www from images *
+
+	* Secured by us
+
+-->
+<ruleset name="Got Vape.net">
+
+	<target host="gotvape.com" />
+	<target host="m.gotvape.com" />
+	<target host="images.gotvape.com" />
+	<target host="www.gotvape.com" />
+	<target host="gotvape.net" />
+	<target host="m.gotvape.net" />
+	<target host="images.gotvape.net" />
+	<target host="www.gotvape.net" />
+
+
+	<securecookie host="^\.(?:m|www)\.gotvape\.net$" name=".+" />
+
+
+	<rule from="^http://m\.gotvape\.(?:com|net)/"
+		to="https://m.gotvape.net/" />
+
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Gotland_Ring.com.xml b/src/chrome/content/rules/Gotland_Ring.com.xml
new file mode 100644
index 000000000000..8d8f22e4724a
--- /dev/null
+++ b/src/chrome/content/rules/Gotland_Ring.com.xml
@@ -0,0 +1,20 @@
+<ruleset name="Gotland Ring.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="gotlandring.com" />
+	<target host="www.gotlandring.com" />
+
+
+	<!--	Server secures some, but not all, of:
+							-->
+	<securecookie host="^\.gotlandring\.com$" name=".+" />
+
+
+	<rule from="^http://www\.gotlandring\.com/"
+		to="https://gotlandring.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Gotmerchant.com.xml b/src/chrome/content/rules/Gotmerchant.com.xml
index f1838cd99c5e..7a0766d313c1 100644
--- a/src/chrome/content/rules/Gotmerchant.com.xml
+++ b/src/chrome/content/rules/Gotmerchant.com.xml
@@ -13,4 +13,4 @@
 	<rule from="^http://(?:www\.)?gotmerchant\.com/apply($|[?/])"
 		to="https://www.gotmerchant.com/apply$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Gotraffic.net.xml b/src/chrome/content/rules/Gotraffic.net.xml
new file mode 100644
index 000000000000..4667076f6f4c
--- /dev/null
+++ b/src/chrome/content/rules/Gotraffic.net.xml
@@ -0,0 +1,29 @@
+<!--
+	For other Bloomberg coverage, see Bloomberg.xml.
+
+
+	CDN buckets:
+
+		- cdn.gotraffic.net.edgesuite.net
+
+
+	(www.) doesn't exist.
+
+-->
+<ruleset name="gotraffic.net (partial)">
+
+	<target host="cdn.gotraffic.net" />
+		<!--
+			504:
+				-->
+		<!--exclusion pattern="http://cdn\.gotraffic\.net/assets/" /-->
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="http://cdn\.gotraffic\.net/(?!v/\d+_\d+/images/)" /-->
+
+
+	<rule from="^http://cdn\.gotraffic\.net/(?=v/\d+_\d+/images/)"
+		to="https://cdn.gotraffic.net/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Gottman.com.xml b/src/chrome/content/rules/Gottman.com.xml
new file mode 100644
index 000000000000..3a4ec6eb9c27
--- /dev/null
+++ b/src/chrome/content/rules/Gottman.com.xml
@@ -0,0 +1,29 @@
+<!--
+	Note: server is configured for RC4 only.
+
+
+	Insecure cookies are set for these hosts:
+
+		- gottman.com
+		- www.gottman.com
+
+-->
+<ruleset name="Gottman.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="gottman.com" />
+	<target host="www.gottman.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?gottman\.com$" name="^(?:PHPSESSID|wp-shopp_[\da-f]{32})$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Goud.ma.xml b/src/chrome/content/rules/Goud.ma.xml
new file mode 100644
index 000000000000..92ca1b9985ca
--- /dev/null
+++ b/src/chrome/content/rules/Goud.ma.xml
@@ -0,0 +1,11 @@
+<ruleset name="Goud.ma" >
+	<target host="goud.ma" />
+	<target host="www.goud.ma" />
+	<target host="m.goud.ma" />
+	<target host="sf.goud.ma" />
+		<test url="http://sf.goud.ma/wp-content/uploads/2017/07/%D9%88%D8%AB%D9%8A%D9%82%D8%A9-1.pdf" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/GourmetGiftBaskets.com.xml b/src/chrome/content/rules/GourmetGiftBaskets.com.xml
index 48b9670a56e6..a93d4b1e7baf 100644
--- a/src/chrome/content/rules/GourmetGiftBaskets.com.xml
+++ b/src/chrome/content/rules/GourmetGiftBaskets.com.xml
@@ -11,13 +11,14 @@
 <ruleset name="GourmetGiftBaskets.com (partial)">
 
 	<target host="gourmetgiftbaskets.com" />
-	<target host="*.gourmetgiftbaskets.com" />
+	<target host="www.gourmetgiftbaskets.com" />
+	<target host="search.gourmetgiftbaskets.com" />
 
 
-	<rule from="^https?://(?:www\.)?gourmetgiftbaskets\.com/(App_Themes/|images/|login\.aspx|scripts/)"
+	<rule from="^http://(?:www\.)?gourmetgiftbaskets\.com/(App_Themes/|images/|login\.aspx|scripts/)"
 		to="https://www.gourmetgiftbaskets.com/$1" />
 
-	<rule from="^https?://search\.gourmetgiftbaskets\.com/"
+	<rule from="^http://search\.gourmetgiftbaskets\.com/"
 		to="https://gourmetgiftbaskets.resultspage.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Gov.Wales.xml b/src/chrome/content/rules/Gov.Wales.xml
new file mode 100644
index 000000000000..003317247d3d
--- /dev/null
+++ b/src/chrome/content/rules/Gov.Wales.xml
@@ -0,0 +1,96 @@
+<!--
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *gov.wales:
+
+		- apw ᵃ
+		- law ᵃ
+		- prp ʰ
+		- rpt ᵃ
+
+	ᵃ Shows another domain
+	ʰ Redirects to http
+
+
+	Problematic hosts in *gov.wales:
+
+		- enterprisezones ᵐ
+		- www ᵐ
+
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- cssiw.gov.wales
+
+-->
+<ruleset name="Gov.Wales (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="gov.wales" />
+	<target host="businesswales.gov.wales" />
+	<target host="cssiw.gov.wales" />
+	<target host="learning.gov.wales" />
+	<target host="organdonation.gov.wales" />
+
+	<!--	Complications:
+				-->
+	<target host="enterprisezones.gov.wales" />
+	<target host="www.gov.wales" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://gov\.wales/(?:$|\d+/thumbnail/|images/|consultation/images/|homepage/(?:footerblock|homeslider)/|splash\?)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://(?:learning\.|www\.)?gov\.wales/+(?!\d+/(?:images|site_furniture)/|cbin/|homepage/megamenufmas/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://gov.wales/40346/thumbnail/splash/splash_bg1.jpg" />
+			<test url="http://gov.wales/consultation/images/ursay.jpg" />
+			<test url="http://gov.wales/homepage/footerblock/cabinetfooterfma.jpg" />
+			<test url="http://gov.wales/homepage/homeslider/currentfmas/beginslider.jpg" />
+			<test url="http://gov.wales/press/fourth/healthsocialcare/2016/160108alcohol/thumb.jpg" />
+			<test url="http://gov.wales/splash?orig=/" />
+			<test url="http://learning.gov.wales/career/professional-learning-model-en.jpg" />
+			<test url="http://learning.gov.wales/images/lnf-fma.jpg" />
+			<test url="http://learning.gov.wales/splash?orig=/" />
+			<test url="http://www.gov.wales/splash?orig=/" />
+
+			<!--	-ve:
+					-->
+			<test url="http://gov.wales/40346/images/logos/wag_logo_cy.gif" />
+			<test url="http://gov.wales/40346/site_furniture/splash_logo.gif" />
+			<test url="http://gov.wales/cbin/71012/66999/redesign/reset.css" />
+			<test url="http://gov.wales/homepage/megamenufmas/fundingsectionhighlight.jpg" />
+			<test url="http://learning.gov.wales/cbin/css/print.css" />
+			<test url="http://www.gov.wales/cbin/71012/66999/redesign/reset.css" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^cssiw\.gov\.wales$" name="^JSESSIONID$" /-->
+
+	<securecookie host="^cssiw\.gov\.wales$" name=".+" />
+
+
+	<!--	Redirect keeps path and args,
+		but not forward slash:
+						-->
+	<rule from="^http://enterprisezones\.gov\.wales/+"
+		to="https://businesswales.gov.wales/enterprisezones/" />
+
+		<test url="http://enterprisezones.gov.wales/default.aspx" />
+
+	<rule from="^http://www\.gov\.wales/"
+		to="https://gov.wales/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Gov1.info.xml b/src/chrome/content/rules/Gov1.info.xml
new file mode 100644
index 000000000000..7adc0a92502e
--- /dev/null
+++ b/src/chrome/content/rules/Gov1.info.xml
@@ -0,0 +1,32 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .gov1.info
+
+
+	Mixed content:
+
+		- Bug from c.statcounter.com *
+
+	* Secured by us
+
+-->
+<ruleset name="gov1.info">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="gov1.info" />
+	<target host="www.gov1.info" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.gov1\.info$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.gov1\.info$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GovDelivery-mismatches.xml b/src/chrome/content/rules/GovDelivery-mismatches.xml
index d10e68ba438e..48c2d53606da 100644
--- a/src/chrome/content/rules/GovDelivery-mismatches.xml
+++ b/src/chrome/content/rules/GovDelivery-mismatches.xml
@@ -1,4 +1,4 @@
-<ruleset name="GovDelivery (mismatches)" default_off="mismatch">
+<ruleset name="GovDelivery.com (mismatches)" default_off="mismatched">
 
 	<!--	secure.eloqua.com	-->
 	<target host="direct.govdelivery.com"/>
@@ -6,7 +6,7 @@
 	<target host="content-public-dc2.govdelivery.com"/>
 	<target host="media.govdelivery.com"/>
 
-	<rule from="^http://(content-public-dc2|direct|media)\.govdelivery\.com/"
-		to="https://$1.govdelivery.com/"/>
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/GovDelivery.xml b/src/chrome/content/rules/GovDelivery.xml
index 11d5b9636e1b..586a07798d1a 100644
--- a/src/chrome/content/rules/GovDelivery.xml
+++ b/src/chrome/content/rules/GovDelivery.xml
@@ -1,17 +1,67 @@
 <!--	Problematic subdomains:
 	links	(unable to connect)
 
+	For rules causing false/broken MCB, see govdelivery.com-falsemixed.xml.
+
 	See also GovDelivery-mismatches.xml
+
+
+	Problematic hosts in *govdelivery.com:
+
+		- usodep.blogs ˣ
+		- usodep.stage-blogs ᵉ
+
+	ᵉ Expired
+	ˣ Mixed css
+
+
+	These altnames do not exist:
+
+		- test.govdelivery.com
+
+
+	Mixed content:
+
+		- css, on:
+
+			- usodep.blogs from d140q24ubocq3n.cloudfront.net ˢ
+			- usodep.blogs, dev, www from fonts.googleapis.com ˢ
+
+		- Images, on:
+
+			- usodep.blogs from d140q24ubocq3n.cloudfront.net ˢ
+			- usodep.blogs from usodep.stage-blogs.govdelivery.com ᵉ
+
+		- Bug on usodep.blogs from c.statcounter.com ˢ
+
+	ᵉ Not secured by us <= expired
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
 -->
-<ruleset name="GovDelivery (partial)">
+<ruleset name="GovDelivery.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="govdelivery.com"/>
+	<target host="admin.govdelivery.com"/>
+	<!--target host="usodep.blogs.govdelivery.com"/-->
+	<target host="content.govdelivery.com"/>
+	<target host="demos.govdelivery.com"/>
+	<target host="dev.govdelivery.com"/>
+	<target host="public.govdelivery.com"/>
+	<target host="public-dc2.govdelivery.com"/>
+	<target host="service.govdelivery.com"/>
+	<target host="subscriberhelp.govdelivery.com" />
+	<target host="www.govdelivery.com"/>
 
-	<target host="*.govdelivery.com"/>
 		<!--	exclude subdomains handled in mismatches	-->
-		<exclusion pattern="^http://(content-public-dc2|direct|media)\."/>
+		<!--exclusion pattern="^http://(?:content-public-dc2|direct|media)\."/-->
+
+
+	<securecookie host=".+" name=".+" />
 
-	<securecookie host="(.*\.)?govdelivery\.com$" name=".*"/>
 
-	<rule from="^http://(public(-dc2)?|service|www)\.govdelivery\.com/"
-		to="https://$1.govdelivery.com/"/>
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/GovDex.xml b/src/chrome/content/rules/GovDex.xml
new file mode 100644
index 000000000000..6f3fe6da9faf
--- /dev/null
+++ b/src/chrome/content/rules/GovDex.xml
@@ -0,0 +1,6 @@
+<ruleset name="GovDex.gov.au">
+	<target host="govdex.gov.au" />
+	<target host="www.govdex.gov.au" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/GovHK.xml b/src/chrome/content/rules/GovHK.xml
new file mode 100644
index 000000000000..5b8d4c29c328
--- /dev/null
+++ b/src/chrome/content/rules/GovHK.xml
@@ -0,0 +1,52 @@
+<!--
+	Other HK government rulesets:
+		- 1823.gov.hk.xml
+		- brandhk.gov.hk.xml
+		- data.gov.hk.xml
+		- familycouncil.gov.hk.xml
+		- hee.gov.hk.xml
+		- heritage.gov.hk.xml
+		- hiking.gov.hk.xml
+		- hko.gov.hk.xml
+		- HKGov-AFCD.xml
+		- HKGov-ArchSD.xml
+		- HKGov-DEVB.xml
+		- HKGov-HKMA.xml
+		- HKGov-HousingAuth.xml
+		- HKGov-HYD.xml
+		- HKGov-ITF.xml
+		- HKGov-LAD.xml
+		- HKGov-LCSD.xml
+		- HKGov-NEWS.xml
+		- HKGov-TID.xml
+		- coronavirus.gov.hk.xml
+		- hkpl.gov.hk.xml
+		- hkqf.gov.hk.xml
+		- hongkongpost.gov.hk.xml
+		- hydro.gov.hk.xml
+		- info.gov.hk.xml
+		- jobs.gov.hk.xml
+		- ogcio.gov.hk.xml
+		- police.gov.hk.xml
+		- rocars.gov.hk.xml
+		- thechinfamily.hk.xml
+		- voterinfo.gov.hk.xml
+		- wastereduction.gov.hk.xml
+		- wetlandpark.gov.hk.xml
+		- wi-fi.hk.xml
+
+	Nonfunctional hosts in *.gov.hk:
+		- theme.gov.hk (m)
+		- search.gov.hk (m)
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="GovHK">
+	<target host="www.gov.hk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/GovHack.org.xml b/src/chrome/content/rules/GovHack.org.xml
new file mode 100644
index 000000000000..5161bef96037
--- /dev/null
+++ b/src/chrome/content/rules/GovHack.org.xml
@@ -0,0 +1,47 @@
+<!--
+	Problematic hosts in *govhack.org:
+
+		- ^ *
+		- dev.www *
+
+	* Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.govhack.org
+
+
+	Mixed content:
+
+		- Image from ^govhack.org *
+
+	* Secured by us
+
+-->
+<ruleset name="GovHack.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.govhack.org" />
+
+	<!--	Complications:
+				-->
+	<target host="govhack.org" />
+	<target host="dev.www.govhack.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.govhack\.org$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://(?:dev\.www\.)?govhack\.org/"
+		to="https://www.govhack.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GovMetric.com.xml b/src/chrome/content/rules/GovMetric.com.xml
new file mode 100644
index 000000000000..5f11bb3d7171
--- /dev/null
+++ b/src/chrome/content/rules/GovMetric.com.xml
@@ -0,0 +1,46 @@
+<!--
+	CDN buckets:
+
+		- websurveys.s3-eu-west-1.amazonaws.com
+
+
+	These altnames don't exist:
+
+		- govmetric.com
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- hitcounter.govmetric.com
+		- socitm.govmetric.com
+		- socitmreporting.govmetric.com
+		- websurveys.govmetric.com
+		- wsstatic.govmetric.com
+		- www.govmetric.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="GovMetric.com">
+
+	<target host="hitcounter.govmetric.com" />
+	<target host="my.govmetric.com" />
+	<target host="socitm.govmetric.com" />
+	<target host="socitmreporting.govmetric.com" />
+	<target host="wsstatic.govmetric.com" />
+	<target host="websurveys.govmetric.com" />
+	<target host="www.govmetric.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:hitcounter|websurveys|wsstatic|www)\.govmetric\.com$" name="^AWSELB$" /-->
+	<!--securecookie host="^socitm(?:reporting)?\.govmetric\.com$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GovSpace.xml b/src/chrome/content/rules/GovSpace.xml
new file mode 100644
index 000000000000..93ebc5ef8d6b
--- /dev/null
+++ b/src/chrome/content/rules/GovSpace.xml
@@ -0,0 +1,70 @@
+<!--
+	Other AU government rulesets:
+
+		- Product_Safety.gov.au.xml
+
+
+	Functional:
+		- agedcarecomplaints
+		- asada
+		- ausaid
+		- dosomethingreal
+		- homelessnessclearinghouse
+		- innovation
+		- mtpc
+		- ndoch
+		- resilientcommunities
+		- ruralchampions
+		- skillselect
+
+
+	Fully covered hosts in *govspace.gov.au:
+
+		- (www.)?	(^ → www)
+		- agedcarecomplaints
+		- asada
+		- ausaid
+		- dosomethingreal
+		- homelessnessclearinghouse
+		- innovation
+		- mtpc
+		- ndoch
+		- resilientcommunities
+		- ruralchampions
+		- skillselect
+
+
+	Mixed Content:
+		- aifs
+		- nccgr
+-->
+
+<ruleset name="Govspace.gov.au">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="agedcarecomplaints.govspace.gov.au" />
+	<target host="asada.govspace.gov.au" />
+	<target host="ausaid.govspace.gov.au" />
+	<target host="dosomethingreal.govspace.gov.au" />
+	<target host="homelessnessclearinghouse.govspace.gov.au" />
+	<target host="innovation.govspace.gov.au" />
+	<target host="mtpc.govspace.gov.au" />
+	<target host="ndoch.govspace.gov.au" />
+	<target host="resilientcommunities.govspace.gov.au" />
+	<target host="ruralchampions.govspace.gov.au" />
+	<target host="skillselect.govspace.gov.au" />
+	<target host="www.govspace.gov.au" />
+
+	<!--	Complications:
+				-->
+	<target host="govspace.gov.au" />
+
+
+	<rule from="^http://govspace\.gov\.au/"
+		to="https://www.govspace.gov.au/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GovTrack.us.xml b/src/chrome/content/rules/GovTrack.us.xml
new file mode 100644
index 000000000000..715341d27cf3
--- /dev/null
+++ b/src/chrome/content/rules/GovTrack.us.xml
@@ -0,0 +1,12 @@
+<ruleset name="GovTrack.us">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="govtrack.us" />
+	<target host="www.govtrack.us" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Gov_Waste.co.uk.xml b/src/chrome/content/rules/Gov_Waste.co.uk.xml
new file mode 100644
index 000000000000..45325b2f3c91
--- /dev/null
+++ b/src/chrome/content/rules/Gov_Waste.co.uk.xml
@@ -0,0 +1,30 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://govwaste.co.uk/ => https://govwaste.co.uk/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.govwaste.co.uk/ => https://www.govwaste.co.uk/: (7, 'Failed to connect to www.govwaste.co.uk port 443: Connection refused')
+
+	Insecure cookies are set for these domains:
+
+		- .govwaste.co.uk
+
+-->
+<ruleset name="Gov Waste.co.uk" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="govwaste.co.uk" />
+	<target host="www.govwaste.co.uk" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.govwaste\.co\.uk$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.govwaste\.co\.uk$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Government-Attic.xml b/src/chrome/content/rules/Government-Attic.xml
new file mode 100644
index 000000000000..209d732295c1
--- /dev/null
+++ b/src/chrome/content/rules/Government-Attic.xml
@@ -0,0 +1,16 @@
+<ruleset name="Government Attic">
+	<!-- governmentattic.com -->
+	<target host="governmentattic.com" />
+	<target host="mail.governmentattic.com" />
+	<target host="www.governmentattic.com" />
+
+	<!-- governmentattic.org -->
+	<target host="governmentattic.org" />
+	<target host="cpanel.governmentattic.org" />
+	<target host="mail.governmentattic.org" />
+	<target host="webdisk.governmentattic.org" />
+	<target host="webmail.governmentattic.org" />
+	<target host="www.governmentattic.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Government-Security-News.xml b/src/chrome/content/rules/Government-Security-News.xml
index 8fe4fb779b75..649d45011e54 100644
--- a/src/chrome/content/rules/Government-Security-News.xml
+++ b/src/chrome/content/rules/Government-Security-News.xml
@@ -1,11 +1,20 @@
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://gsnmagazine.com/ => https://gsnmagazine.com/: Cycle detected - URL already encountered: https://www.gsnmagazine.com/
+Fetch error: http://www.gsnmagazine.com/ => https://www.gsnmagazine.com/: Cycle detected - URL already encountered: https://www.gsnmagazine.com/
+
+	Government Security News
+
+
 	Nonfunctional domains
 
 		- (www.)gsn-buyersguide.com	(cert: www.gsnmagazine.com; shows that domain)
 
 -->
-<ruleset name="Government Security News (partial)">
+<ruleset name="GSN Magazine.com (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="gsnmagazine.com" />
 	<target host="www.gsnmagazine.com" />
 		<!--
@@ -14,7 +23,7 @@
 		<exclusion pattern="^http://www\.gsnmagazine\.com/user/register(?:$|\?)" />
 
 
-	<rule from="^http://(www\.)?gsnmagazine\.com/"
-		to="https://$1gsnmagazine.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Government.se.xml b/src/chrome/content/rules/Government.se.xml
new file mode 100644
index 000000000000..9dbcb2f14f0d
--- /dev/null
+++ b/src/chrome/content/rules/Government.se.xml
@@ -0,0 +1,8 @@
+<ruleset name="Government.se">
+	<target host="government.se" />
+	<target host="www.government.se" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Government_Communications_Headquarters.xml b/src/chrome/content/rules/Government_Communications_Headquarters.xml
index b0e440335ea9..6c8a5f214bde 100644
--- a/src/chrome/content/rules/Government_Communications_Headquarters.xml
+++ b/src/chrome/content/rules/Government_Communications_Headquarters.xml
@@ -1,13 +1,21 @@
 <!--
-     For other UK Government coverage, see GOV.UK.xml.
+	Government Communications Headquarters
+
+	For other UK Government coverage, see GOV.UK.xml.
+
+
+	These altnames do not exist:
+
+		- gchq.gov.uk
+		- beta.gchq.gov.uk
+
 -->
+<ruleset name="GCHQ.gov.uk">
+
+	<target host="www.gchq.gov.uk" />
+
 
-<ruleset name="Government Communications Headquarters (GCHQ)" default_off="broken">
-    <target host="gchq.gov.uk" />
-    <target host="www.gchq.gov.uk" />
+	<rule from="^http:"
+		to="https:" />
 
-    <rule from="^https?://gchq\.gov\.uk/"
-        to="https://www.gchq.gov.uk/" />
-    <rule from="^http://([^/:@]+)?\.gchq\.gov\.uk/"
-        to="https://$1.gchq.gov.uk/" />
 </ruleset>
diff --git a/src/chrome/content/rules/Governmentattic.org.xml b/src/chrome/content/rules/Governmentattic.org.xml
deleted file mode 100644
index 854bd962be59..000000000000
--- a/src/chrome/content/rules/Governmentattic.org.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="Governmentattic.org" default_off="mismatch">
-
-	<target host="governmentattic.org" />
-	<target host="www.governmentattic.org" />
-
-
-	<rule from="^https?://(?:www\.)?governmentattic\.org/"
-		to="https://governmentattic.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/GovernoPortugues-mismatches.xml b/src/chrome/content/rules/GovernoPortugues-mismatches.xml
index a4c135832f73..c6a278816dc8 100644
--- a/src/chrome/content/rules/GovernoPortugues-mismatches.xml
+++ b/src/chrome/content/rules/GovernoPortugues-mismatches.xml
@@ -1,16 +1,20 @@
-<ruleset name="Governo Português (broken)" default_off="akamai">
-  <target host="www.portugal.gov.pt" />
-  <target host="portugal.gov.pt" />
-  <target host="portaldocidadao.pt" />
+<!--
+	For other Governo Português coverage, see Portugal.gov.pt.xml.
+
+-->
+<ruleset name="Governo Português" default_off="mismatched">
+
+	<!--
+		Direct rewrites:
+				-->
   <target host="www.portaldocidadao.pt" />
-  <target host="portaldaempresa.pt" />
   <target host="www.portaldaempresa.pt" />
 
-  <exclusion pattern="^http://www\.portugal\.gov\.pt/PortalMovel/" />
-  <rule from="^http://portaldocidadao\.pt/" to="https://www.portaldocidadao.pt/"/>
-  <rule from="^http://www\.portaldocidadao\.pt/" to="https://www.portaldocidadao.pt/"/>
+	<!--	Complications:
+				-->
+  <target host="portaldaempresa.pt" />
+
   <rule from="^http://portaldaempresa\.pt/" to="https://www.portaldaempresa.pt/"/>
-  <rule from="^http://www\.portaldaempresa\.pt/" to="https://www.portaldaempresa.pt/"/>
-  <rule from="^http://portugal\.gov\.pt/" to="https://www.portugal.gov.pt/"/>
-  <rule from="^http://www\.portugal\.gov\.pt/" to="https://www.portugal.gov.pt/"/>
+
+  <rule from="^http:" to="https:"/>
  </ruleset>
diff --git a/src/chrome/content/rules/Governor-GeneraloftheCommonwealthofAustralia.xml b/src/chrome/content/rules/Governor-GeneraloftheCommonwealthofAustralia.xml
new file mode 100644
index 000000000000..701bcb915edb
--- /dev/null
+++ b/src/chrome/content/rules/Governor-GeneraloftheCommonwealthofAustralia.xml
@@ -0,0 +1,10 @@
+<!--
+	Governor-General of the Commonwealth of Australia
+
+-->
+<ruleset name="GG.gov.au">
+	<target host="gg.gov.au" />
+	<target host="www.gg.gov.au" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Gowalla.xml b/src/chrome/content/rules/Gowalla.xml
deleted file mode 100644
index c972e37af18b..000000000000
--- a/src/chrome/content/rules/Gowalla.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="Gowalla">
-  <target host="gowalla.com" />
-  <target host="www.gowalla.com" />
-  <target host="static.gowalla.com" />
-
-  <rule from="^http://(?:www\.)?gowalla\.com/"
-	  to="https://gowalla.com/"/>
-  <rule from="^http://static\.gowalla\.com/"
-	  to="https://s3.amazonaws.com/static.gowalla.com/" />
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Gpg4win.de.xml b/src/chrome/content/rules/Gpg4win.de.xml
new file mode 100644
index 000000000000..f81e9a41f160
--- /dev/null
+++ b/src/chrome/content/rules/Gpg4win.de.xml
@@ -0,0 +1,17 @@
+<!--
+	See also Gpg4win.org.xml
+	
+	Invalid certificate:
+		- ftp.gpg4win.de
+-->
+<ruleset name="Gpg4win.de">
+
+	<target host="gpg4win.de" />
+	<target host="www.gpg4win.de" />
+	<target host="files.gpg4win.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+	
+</ruleset>
diff --git a/src/chrome/content/rules/Gpg4win.org.xml b/src/chrome/content/rules/Gpg4win.org.xml
new file mode 100644
index 000000000000..8314a307cc9b
--- /dev/null
+++ b/src/chrome/content/rules/Gpg4win.org.xml
@@ -0,0 +1,17 @@
+<!--
+	See also Gpg4win.de.xml
+	
+	Invalid certificate:
+		- ftp.gpg4win.org
+-->
+<ruleset name="Gpg4win.org">
+
+	<target host="gpg4win.org" />
+	<target host="www.gpg4win.org" />
+	<target host="files.gpg4win.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"	to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GpgAuth.org.xml b/src/chrome/content/rules/GpgAuth.org.xml
new file mode 100644
index 000000000000..314abe94001d
--- /dev/null
+++ b/src/chrome/content/rules/GpgAuth.org.xml
@@ -0,0 +1,40 @@
+<!--
+	Server sends no certificate chain *
+
+	* See https://whatsmychaincert.com
+
+
+	www.gpgauth.org: Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- forums.gpgauth.org
+
+-->
+<ruleset name="gpgAuth.org" default_off="expired, missing certificate chain">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="gpgauth.org" />
+	<target host="forums.gpgauth.org" />
+
+	<!--	Complications:
+				-->
+	<target host="www.gpgauth.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^forums\.gpgauth\.org$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^forums\.gpgauth\.org$" name=".+" />
+
+
+	<rule from="^http://www\.gpgauth\.org/"
+		to="https://gpgauth.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Gr-assets.com.xml b/src/chrome/content/rules/Gr-assets.com.xml
new file mode 100644
index 000000000000..c5bab54eab4f
--- /dev/null
+++ b/src/chrome/content/rules/Gr-assets.com.xml
@@ -0,0 +1,21 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://p.gr-assets.com/ => https://p.gr-assets.com/: (6, 'Could not resolve host: p.gr-assets.com')
+
+	For other Goodreads coverage, see Goodreads.xml.
+
+-->
+<ruleset name="Gr-assets.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="d.gr-assets.com" />
+	<target host="p.gr-assets.com" />
+	<target host="s.gr-assets.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Graasmilk.net.xml b/src/chrome/content/rules/Graasmilk.net.xml
index 14e44c007c3f..fff5e1e72da7 100644
--- a/src/chrome/content/rules/Graasmilk.net.xml
+++ b/src/chrome/content/rules/Graasmilk.net.xml
@@ -1,4 +1,14 @@
-<ruleset name="graasmilk.net">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://graasmilk.net/ => https://graasmilk.net/: (60, 'SSL certificate problem: self signed certificate')
+Fetch error: http://www.graasmilk.net/ => https://graasmilk.net/: (60, 'SSL certificate problem: self signed certificate')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://graasmilk.net/ => https://graasmilk.net/: (60, 'SSL certificate problem: self signed certificate')
+Fetch error: http://www.graasmilk.net/ => https://graasmilk.net/: (60, 'SSL certificate problem: self signed certificate')
+-->
+<ruleset name="graasmilk.net" default_off="failed ruleset test">
 
 	<target host="graasmilk.net" />
 	<target host="webmail.graasmilk.net" />
diff --git a/src/chrome/content/rules/GrabCAD.xml b/src/chrome/content/rules/GrabCAD.xml
index 9d869fadcdbb..559f5561fa5a 100644
--- a/src/chrome/content/rules/GrabCAD.xml
+++ b/src/chrome/content/rules/GrabCAD.xml
@@ -16,7 +16,6 @@
 	<target host="www.grabcad.com" />
 
 
-	<rule from="^http://(www\.)?grabcad\.com/"
-		to="https://$1grabcad.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Grab_Media.xml b/src/chrome/content/rules/Grab_Media.xml
deleted file mode 100644
index 05b3171a4781..000000000000
--- a/src/chrome/content/rules/Grab_Media.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	CDN buckets:
-
-		- dg8ui1w5a5byc.cloudfront.net
-
-			- images.grab-media.com
-
-
-	Nonfunctional subdomains:
-
-		- (www.)	(times out)
-
--->
-<ruleset name="Grab Media (partial)">
-
-	<target host="images.grab-media.com" />
-
-
-	<rule from="^http://images\.grab-media\.com/"
-		to="https://dg8ui1w5a5byc.cloudfront.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/GradImages.xml b/src/chrome/content/rules/GradImages.xml
index e72d252e9626..1fd138e9cb14 100644
--- a/src/chrome/content/rules/GradImages.xml
+++ b/src/chrome/content/rules/GradImages.xml
@@ -7,7 +7,6 @@
 	<securecookie host="^(?:www\.)?gradimages\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?gradimages\.com/"
-		to="https://$1gradimages.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Gradescope.com.xml b/src/chrome/content/rules/Gradescope.com.xml
new file mode 100644
index 000000000000..6142a1afa74b
--- /dev/null
+++ b/src/chrome/content/rules/Gradescope.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="Gradescope.com">
+	<target host="gradescope.com" />
+	<target host="www.gradescope.com" />
+	<target host="blog.gradescope.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Gradwell.com.xml b/src/chrome/content/rules/Gradwell.com.xml
new file mode 100644
index 000000000000..c3ef447864f1
--- /dev/null
+++ b/src/chrome/content/rules/Gradwell.com.xml
@@ -0,0 +1,59 @@
+
+<!--
+The following targets have been disabled at 2020-04-17 18:38:06:
+
+Fetch error: http://webmail.gradwell.com/ => https://webmail.gradwell.com/: (6, 'Could not resolve host: webmail.gradwell.com')
+
+	Other Gradwell rulesets:
+
+
+
+	Problematic hosts in *gradwell.com:
+
+		- cdn *
+
+	* Cloudfront
+
+
+	Insecure cookies are set for these hosts:
+
+		- login.gradwell.com
+		- Aportal.gradwell.com
+		- www.gradwell.com
+
+-->
+<ruleset name="Gradwell.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="gradwell.com" />
+	<target host="login.gradwell.com" />
+	<target host="portal.gradwell.com" />
+	<target host="support.gradwell.com" />
+	<!-- target host="webmail.gradwell.com" /-->
+	<target host="www.gradwell.com" />
+
+	<!--	Complications:
+				-->
+	<!--target host="cdn.gradwell.com" /-->
+
+		<!--	Mixed images:
+					-->
+		<test url="http://www.gradwell.com/gradwellcloud/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:login|www)\.gradwell\.com$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^portal\.gradwell\.com$" name="^symfony$" /-->
+
+	<securecookie host=".+\.gradwell\.com$" name=".+" />
+
+
+	<!--rule from="^http://cdn\.gradwell\.com/"
+		to="https://???.cloudfront.net/" /-->
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Graham_Cluley.com.xml b/src/chrome/content/rules/Graham_Cluley.com.xml
deleted file mode 100644
index 0e785606fad3..000000000000
--- a/src/chrome/content/rules/Graham_Cluley.com.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	Some pages redirect to http.
-
--->
-<ruleset name="Graham Cluley.com (partial)">
-
-	<target host="grahamcluley.com" />
-	<target host="www.grahamcluley.com" />
-
-
-	<rule from="^http://(www\.)?grahamcluley\.com/wp-(admin(?:$|[?/])|content/|includes/|login\.php)"
-		to="https://$1grahamcluley.com/wp-$2" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/GrainsResearchandDevelopmentCorporation.xml b/src/chrome/content/rules/GrainsResearchandDevelopmentCorporation.xml
new file mode 100644
index 000000000000..d5e54ac2ca37
--- /dev/null
+++ b/src/chrome/content/rules/GrainsResearchandDevelopmentCorporation.xml
@@ -0,0 +1,7 @@
+<ruleset name="Grains Research and Development Corporation">
+	<target host="grdc.com.au" />
+	<target host="www.grdc.com.au" />
+
+	<rule from="^http://(?:www\.)?grdc\.com\.au/"
+		to="https://www.grdc.com.au/" />
+</ruleset>
diff --git a/src/chrome/content/rules/Gramps-project.org.xml b/src/chrome/content/rules/Gramps-project.org.xml
new file mode 100644
index 000000000000..02d7fcca324d
--- /dev/null
+++ b/src/chrome/content/rules/Gramps-project.org.xml
@@ -0,0 +1,13 @@
+<!--
+	Nonfunctional hosts in *.gramps-project.org:
+
+	self-signed certificate:
+		- bugs.gramps-project.org
+-->
+
+<ruleset name="Gramps-project.org">
+	<target host="gramps-project.org" />
+	<target host="www.gramps-project.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Grand-Rapids-Community-Media-Center.xml b/src/chrome/content/rules/Grand-Rapids-Community-Media-Center.xml
index 9acfcf5bf38e..5944dbd32c92 100644
--- a/src/chrome/content/rules/Grand-Rapids-Community-Media-Center.xml
+++ b/src/chrome/content/rules/Grand-Rapids-Community-Media-Center.xml
@@ -1,19 +1,25 @@
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://grcmc.org/ => https://grcmc.org/: Redirect for 'https://www.grcmc.org/' missing Location
+Fetch error: http://wealthytheatre.org/ => https://www.grcmc.org/theatre/: Redirect for 'https://www.grcmc.org/theatre/' missing Location
+Fetch error: http://www.wealthytheatre.org/ => https://www.grcmc.org/theatre/: Redirect for 'https://www.grcmc.org/theatre/' missing Location
+-->
 <ruleset name="Grand Rapids Community Media Center" platform="mixedcontent">
 
 	<target host="grcmc.org" />
-	<target host="*.grcmc.org" />
+	<target host="client.grcmc.org" />
+	<target host="www.grcmc.org" />
 	<target host="wealthytheatre.org" />
 	<target host="www.wealthytheatre.org" />
 
 
-	<securecookie host="^.*\.grcmc\.org$" name=".*" />
+	<securecookie host="^.*\.grcmc\.org$" name=".+" />
 
 
-	<rule from="^http://(client\.|www\.)?grcmc\.org/"
-		to="https://$1grcmc.org/" />
 
 	<!--	Cert only matches grcmc.org, redirects as so.	-->
-	<rule from="^https?://(?:www\.)?wealthytheatre\.org/"
+	<rule from="^http://(?:www\.)?wealthytheatre\.org/"
 		to="https://www.grcmc.org/theatre/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/GrandMargherita.com.xml b/src/chrome/content/rules/GrandMargherita.com.xml
new file mode 100644
index 000000000000..4cd4abe73e8c
--- /dev/null
+++ b/src/chrome/content/rules/GrandMargherita.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="Grand Margherita Hotel">
+	<target host=    "grandmargherita.com" />
+	<target host="www.grandmargherita.com" />
+
+  	<securecookie host="^(www\.)?grandmargherita\.com$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/GrandViewOutdoors.com.xml b/src/chrome/content/rules/GrandViewOutdoors.com.xml
new file mode 100644
index 000000000000..2693d61c1ddb
--- /dev/null
+++ b/src/chrome/content/rules/GrandViewOutdoors.com.xml
@@ -0,0 +1,17 @@
+<!--
+	Invalid certificate:
+		info.grandviewoutdoors.com
+		oascentral.grandviewoutdoors.com
+
+-->
+<ruleset name="GrandViewOutdoors.com">
+
+	<target host="grandviewoutdoors.com" />
+	<target host="www.grandviewoutdoors.com" />
+	<target host="business.customers.grandviewoutdoors.com" />
+	<target host="consumer.customers.grandviewoutdoors.com" />
+	<target host="sales.grandviewoutdoors.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Grand_Haven_Tribune.xml b/src/chrome/content/rules/Grand_Haven_Tribune.xml
index 480c97e0140d..d4dc812c27d3 100644
--- a/src/chrome/content/rules/Grand_Haven_Tribune.xml
+++ b/src/chrome/content/rules/Grand_Haven_Tribune.xml
@@ -17,4 +17,4 @@
 	<rule from="^http://(?:www\.)?grandhaventribune\.com/(misc/|sites/|user(?:$|\?|/))"
 		to="https://www.grandhaventribune.com/$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Grand_Lodge_of_British_Columbia.xml b/src/chrome/content/rules/Grand_Lodge_of_British_Columbia.xml
index dd151f83410d..c8c4db536c70 100644
--- a/src/chrome/content/rules/Grand_Lodge_of_British_Columbia.xml
+++ b/src/chrome/content/rules/Grand_Lodge_of_British_Columbia.xml
@@ -1,17 +1,23 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://bcy.ca/ => https://www.freemasonry.bcy.ca/: (51, "SSL: no alternative certificate subject name matches target host name 'www.freemasonry.bcy.ca'")
+
 	Problematic subdomains:
 
 		-(www.)		(no https)
 		- freemasonry	(cert only matches www.freemasonry)
 
 -->
-<ruleset name="Grand Lodge of British Columbia">
+<ruleset name="Grand Lodge of British Columbia" default_off="failed ruleset test">
 
 	<target host="bcy.ca" />
-	<target host="*.bcy.ca" />
+	<target host="freemasonry.bcy.ca" />
+	<target host="www.bcy.ca" />
+	<target host="www.freemasonry.bcy.ca" />
 
 
 	<rule from="^http://(?:www\.)?(?:freemasonry\.)?bcy\.ca/"
 		to="https://www.freemasonry.bcy.ca/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/GraphQL.org.xml b/src/chrome/content/rules/GraphQL.org.xml
new file mode 100644
index 000000000000..26fc6eb14d96
--- /dev/null
+++ b/src/chrome/content/rules/GraphQL.org.xml
@@ -0,0 +1,31 @@
+<ruleset name="GraphQL.org">
+	<target host="graphql.org" />
+	<target host="www.graphql.org" />
+	<target host="autojoin.graphql.org" />
+	<target host="calendar.graphql.org" />
+	<target host="code-of-conduct.graphql.org" />
+	<target host="corporate-spec-membership.graphql.org" />
+	<target host="devstats.graphql.org" />
+	<target host="expressgraphql.devstats.graphql.org" />
+	<target host="graphiql.devstats.graphql.org" />
+	<target host="graphql.devstats.graphql.org" />
+	<target host="graphqljs.devstats.graphql.org" />
+	<target host="graphqlspec.devstats.graphql.org" />
+	<target host="edx.graphql.org" />
+	<target host="foundation.graphql.org" />
+	<target host="lists.foundation.graphql.org" />
+	<target host="individual-spec-membership.graphql.org" />
+	<target host="insights.graphql.org" />
+	<target host="join.graphql.org" />
+	<target host="l.graphql.org" />
+	<target host="landscape.graphql.org" />
+	<target host="slack.graphql.org" />
+	<target host="slack-invite.graphql.org" />
+	<target host="spec.graphql.org" />
+	<target host="store.graphql.org" />
+	<target host="youtube.graphql.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Graphene-lda.com.xml b/src/chrome/content/rules/Graphene-lda.com.xml
new file mode 100644
index 000000000000..50f3ba9d5eb6
--- /dev/null
+++ b/src/chrome/content/rules/Graphene-lda.com.xml
@@ -0,0 +1,19 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://graphene-lda.com/ => https://graphene-lda.com/: (6, 'Could not resolve host: graphene-lda.com')
+Fetch error: http://www.graphene-lda.com/ => https://www.graphene-lda.com/: (6, 'Could not resolve host: www.graphene-lda.com')
+
+-->
+<ruleset name="Graphene-lda.com" default_off="failed ruleset test">
+
+	<target host="graphene-lda.com" />
+	<target host="www.graphene-lda.com" />
+
+
+	<securecookie host="^\.graphene-lda\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Graphviz.org.xml b/src/chrome/content/rules/Graphviz.org.xml
new file mode 100644
index 000000000000..86394124dd9f
--- /dev/null
+++ b/src/chrome/content/rules/Graphviz.org.xml
@@ -0,0 +1,16 @@
+<!--
+	Nonfunctional hosts in *.graphviz.org:
+		- ftp.graphviz.org (m)
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Graphviz.org">
+	<target host="graphviz.org" />
+	<target host="www.graphviz.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Grassroots.org-mismatches.xml b/src/chrome/content/rules/Grassroots.org-mismatches.xml
index 1a7785eef3e2..d99f77ddaa82 100644
--- a/src/chrome/content/rules/Grassroots.org-mismatches.xml
+++ b/src/chrome/content/rules/Grassroots.org-mismatches.xml
@@ -2,16 +2,15 @@
 	For rules that are on by default, see Grassroots.org.xml.
 
 -->
-<ruleset name="Grassroots.org (mismatches)" default_off="mismatch">
+<ruleset name="Grassroots.org (mismatches)" default_off="mismatched">
 
 	<!--	Cert: www.control.tierra.net	-->
 	<target host="tools.grassroots.org" />
 
 
-	<securecookie host="^tools\.grassroots\.org$" name=".*" />
+	<securecookie host="^tools\.grassroots\.org$" name=".+" />
 
 
-	<rule from="^http://tools\.grassroots\.org/"
-		to="https://tools.grassroots.org/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Grassroots.org.xml b/src/chrome/content/rules/Grassroots.org.xml
index 676b392af51d..1e1a7ae85c84 100644
--- a/src/chrome/content/rules/Grassroots.org.xml
+++ b/src/chrome/content/rules/Grassroots.org.xml
@@ -1,19 +1,25 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://grassroots.org/ => https://grassroots.org/: (51, "SSL: no alternative certificate subject name matches target host name 'grassroots.org'")
+Fetch error: http://www.grassroots.org/ => https://www.grassroots.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.grassroots.org'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://grassroots.org/ => https://grassroots.org/: (28, 'Operation timed out after 15001 milliseconds with 0 bytes received')
 	For problematic rules, see Grassroots.org-mismatches.xml.
 
 -->
-<ruleset name="Grassroots.org (partial)">
+<ruleset name="Grassroots.org (partial)" default_off="failed ruleset test">
 
 	<target host="grassroots.org" />
+	<target host="www.grassroots.org" />
 	<!--	*s for cross-domain cookies.	-->
-	<target host="*.grassroots.org" />
-	<target host="*.www.grassroots.org" />
 
 
-	<securecookie host="^.*\.grassroots\.org$" name=".*" />
+
+	<securecookie host="^.*\.grassroots\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?grassroots\.org/"
-		to="https://$1grassroots.org/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Grasswire.com.xml b/src/chrome/content/rules/Grasswire.com.xml
new file mode 100644
index 000000000000..7aec391474ac
--- /dev/null
+++ b/src/chrome/content/rules/Grasswire.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="Grasswire.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="grasswire.com" />
+	<target host="www.grasswire.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GratiSoft.us.xml b/src/chrome/content/rules/GratiSoft.us.xml
index 37637e096c31..7ca539b9916a 100644
--- a/src/chrome/content/rules/GratiSoft.us.xml
+++ b/src/chrome/content/rules/GratiSoft.us.xml
@@ -1,31 +1,14 @@
-<ruleset name="GratiSoft.us" default_off="mismatch, self-signed">
+<ruleset name="GratiSoft.us">
 
+	<!--
+		All targets redirect to https://www.sudo.ws/
+	-->
 	<target host="courtesan.com" />
 	<target host="www.courtesan.com" />
 	<target host="gratisoft.us" />
 	<target host="www.gratisoft.us" />
-	<target host="mktemp.org" />
-	<target host="www.mktemp.org" />
-	<target host="newsyslog.org" />
-	<target host="www.newsyslog.org" />
-	<target host="sudo.ws" />
-	<target host="www.sudo.ws" />
 
-
-	<rule from="^https?://(?:www\.)?courtesan\.com/"
-		to="https://www.courtesan.com/" />
-
-	<rule from="^https?://(?:www\.)?gratisoft\.us/"
-		to="https://www.gratisoft.us/" />
-
-	<rule from="^https?://(?:www\.)?(mktemp|newsyslog)\.org/"
-		to="https://www.gratisoft.us/$1/" />
-
-	<!--	Doesn't live in .us/sudo/	-->
-	<rule from="^https?://(?:www\.)?sudo\.ws/pipermail/"
-		to="https://www.gratisoft.us/pipermail/" />
-
-	<rule from="^https?://(?:www\.)?sudo\.ws/"
-		to="https://www.gratisoft.us/sudo/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Gratipay.com.xml b/src/chrome/content/rules/Gratipay.com.xml
new file mode 100644
index 000000000000..7b7430b977f7
--- /dev/null
+++ b/src/chrome/content/rules/Gratipay.com.xml
@@ -0,0 +1,26 @@
+<!--
+	For other Gittip coverage, see Gittip.com.xml.
+
+
+	Nonfunctional subdomains:
+
+		- inside *
+
+	* Redirects to http
+
+-->
+<ruleset name="Gratipay.com (partial)">
+
+	<target host="gratipay.com" />
+	<target host="assets.gratipay.com" />
+	<target host="downloads.gratipay.com" />
+	<target host="www.gratipay.com" />
+
+
+	<!--rule from="^http://inside\.gratipay\.com/"
+		to="https://inside-gratipay-com.herokuapp.com/" /-->
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Graubuendner_Kantonalbank.xml b/src/chrome/content/rules/Graubuendner_Kantonalbank.xml
deleted file mode 100644
index 6cb344767af3..000000000000
--- a/src/chrome/content/rules/Graubuendner_Kantonalbank.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<ruleset name="Graubündner Kantonalbank">
-    <target host="gkb.ch" />
-    <target host="*.gkb.ch" />
-
-    <securecookie host="^(.*\.)?gkb\.ch$" name=".+" />
-
-    <rule from="^https?://gkb\.ch/"
-        to="https://www.gkb.ch/"/>
-    <rule from="^http://([^/:@]+)?\.gkb\.ch/"
-        to="https://$1.gkb.ch/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Gravatar.xml b/src/chrome/content/rules/Gravatar.xml
index b8f9c15222d9..5add00052389 100644
--- a/src/chrome/content/rules/Gravatar.xml
+++ b/src/chrome/content/rules/Gravatar.xml
@@ -1,10 +1,15 @@
 <ruleset name="Gravatar">
 
 	<target host="gravatar.com" />
-	<target host="*.gravatar.com" />
+	<target host="0.gravatar.com" />
+	<target host="1.gravatar.com" />
+	<target host="2.gravatar.com" />
+	<target host="s.gravatar.com" />
+	<target host="en.gravatar.com" />
+	<target host="secure.gravatar.com" />
+	<target host="www.gravatar.com" />
 
 
-	<rule from="^http://((?:[012s]|en|secure|www)\.)?gravatar\.com/"
-		to="https://$1gravatar.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Gravity-mismatches.xml b/src/chrome/content/rules/Gravity-mismatches.xml
deleted file mode 100644
index bcd3fe466368..000000000000
--- a/src/chrome/content/rules/Gravity-mismatches.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<!--
-	For rules that are on by default, see Gravity.xml.
-
--->
-<ruleset name="Gravity (mismatches)" default_off="expired, mismatched">
-
-	<target host="gravity.com" />
-	<target host="www.gravity.com" />
-	<target host="cdn.insights.gravity.com" />
-	<target host="i.grvcdn.com" />
-
-
-	<rule from="^http://(?:www\.)?gravity\.com/"
-		to="https://www.gravity.com/" />
-
-	<!--	Doesn't map directly to //insights:
-							-->
-	<rule from="^http://cdn\.insights\.gravity\.com/"
-		to="https://cdn.insights.gravity.com/" />
-
-	<rule from="^http://i\.grvcdn\.com/gravity\.com/"
-		to="https://www.gravity.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Gravity.xml b/src/chrome/content/rules/Gravity.xml
deleted file mode 100644
index 89b9f16a3780..000000000000
--- a/src/chrome/content/rules/Gravity.xml
+++ /dev/null
@@ -1,75 +0,0 @@
-<!--
-	For problematic rules, see Gravity-mismatches.xml.
-
-
-	blog.gravity.com is handled in WordPress-blogs.xml.
-
-
-	CDN buckets:
-
-		- cdn.insights.gravity.com.edgesuite.net
-		- rma-api.gravity.com.edgesuite.net
-		- i.api.grvcdn.com.edgesuite.net
-		- b.grvcdn.com.edgesuite.net
-		- i.grvcdn.com.edgesuite.net
-
-
-	Nonfunctional domains:
-
-		- graph.gravity.com	(refused)
-
-
-	Problematic domains:
-
-		- gravity.com subdomains:
-
-			- ^		(cert only matches www)
-			- blog		(wordpress)
-			- insights	(mismatched, CN: analytics.gravity.com)
-			- cdn.insights *
-			- rma-api *
-			- www		(expired 2013-02-02)
-
-		- grvcdn.com subdomains:
-
-			- i.api *
-			- b *
-			- i *
-
-	* Akamai
-
-
-	Fully covered domains:
-
-		- gravity.com subdomains:
-
-			- rma-api	(→ akamai)
-
-		- grvcdn.com subdomains:
-
-			- b	(→ b-ssl)
-			- b-ssl
-
--->
-<ruleset name="Gravity (partial)">
-
-	<target host="*.gravity.com" />
-	<target host="*.grvcdn.com" />
-
-
-	<securecookie host="^(?:analytics)?\.gravity\.com$" name=".+" />
-
-
-	<rule from="^http://(?:api\.gravity|i\.api\.grvcdn)\.com/"
-		to="https://api.gravity.com/" />
-
-	<rule from="^http://rma-api\.gravity\.com/"
-		to="https://a248.e.akamai.net/f/1015/4323/4m/rma-api.gravity.com/" />
-
-	<rule from="^http://(?:analytic|insight)s\.gravity\.com/"
-		to="https://analytics.gravity.com/" />
-
-	<rule from="^http://b(?:-ssl)?\.grvcdn\.com/"
-		to="https://b-ssl.grvcdn.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Grays-of-Westminster.xml b/src/chrome/content/rules/Grays-of-Westminster.xml
index 8bba17c4e69d..8deaa11d15bc 100644
--- a/src/chrome/content/rules/Grays-of-Westminster.xml
+++ b/src/chrome/content/rules/Grays-of-Westminster.xml
@@ -11,7 +11,7 @@
 	<!--	- Cert only matches www
 		- At least some pages redirect to http
 						-->
-	<rule from="^https?://(?:www\.)?graysofwestminster\.co\.uk/(images/|pdf/|\w+\.css$)"
+	<rule from="^http://(?:www\.)?graysofwestminster\.co\.uk/(images/|pdf/|\w+\.css$)"
 		to="https://www.graysofwestminster.co.uk/$1" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/GreaseSpot.net.xml b/src/chrome/content/rules/GreaseSpot.net.xml
index faaf2c51c264..5236a2c69315 100644
--- a/src/chrome/content/rules/GreaseSpot.net.xml
+++ b/src/chrome/content/rules/GreaseSpot.net.xml
@@ -17,7 +17,7 @@
 	<securecookie host="^wiki\.greasespot\.net$" name=".+" />
 
 
-	<rule from="^http://wiki\.greasespot\.net/"
-		to="https://wiki.greasespot.net/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Greasy_Fork.org.xml b/src/chrome/content/rules/Greasy_Fork.org.xml
new file mode 100644
index 000000000000..a88c9a12aede
--- /dev/null
+++ b/src/chrome/content/rules/Greasy_Fork.org.xml
@@ -0,0 +1,21 @@
+<!--
+	www: cert only matches ^greasyfork.org
+
+-->
+<ruleset name="Greasy Fork.org">
+
+	<target host="greasyfork.org" />
+	<target host="www.greasyfork.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^greasyfork\.org$" name="^_greasyfork_session$" /-->
+
+	<securecookie host="^greasyfork\.org$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?greasyfork\.org/"
+		to="https://greasyfork.org/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GreatFire.org.xml b/src/chrome/content/rules/GreatFire.org.xml
deleted file mode 100644
index 43b3afb7b09a..000000000000
--- a/src/chrome/content/rules/GreatFire.org.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="GreatFire.org">
-   <target host="greatfire.org"/>
-   <target host="www.greatfire.org"/>
-   <target host="en.greatfire.org"/>
-   <target host="www.en.greatfire.org"/>
-   <target host="zh.greatfire.org"/>
-   <target host="www.zh.greatfire.org"/>
-
-  <securecookie host="^(?:www\.)?(?:(?:zh|en)\.)?greatfire\.org$" name=".*"/>
-
-  <rule from="^https?://((?:www\.)?(?:(?:zh|en)\.)?)greatfire\.org/" to="https://$1greatfire.org/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/GreatGetTogether.org.xml b/src/chrome/content/rules/GreatGetTogether.org.xml
new file mode 100644
index 000000000000..825b31173545
--- /dev/null
+++ b/src/chrome/content/rules/GreatGetTogether.org.xml
@@ -0,0 +1,12 @@
+<!--
+	Invalid Certificate:
+		the.greatgettogether.org
+-->
+<ruleset name="GreatGetTogether.org">
+	<target host="greatgettogether.org" />
+	<target host="www.greatgettogether.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Great_American_Office.xml b/src/chrome/content/rules/Great_American_Office.xml
index 952e9e8abd75..832adbf22867 100644
--- a/src/chrome/content/rules/Great_American_Office.xml
+++ b/src/chrome/content/rules/Great_American_Office.xml
@@ -7,7 +7,6 @@
 	<securecookie host="^(?:www\.)?gaos\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?gaos\.com/"
-		to="https://$1gaos.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Greatis.net.xml b/src/chrome/content/rules/Greatis.net.xml
new file mode 100644
index 000000000000..4f9177d9c496
--- /dev/null
+++ b/src/chrome/content/rules/Greatis.net.xml
@@ -0,0 +1,19 @@
+<!--
+	Mismatched:
+		- autoconfig
+		- autodiscover
+		- ftp
+		- whm
+-->
+<ruleset name="Greatis.net">
+	<target host="greatis.net" />
+	<target host="www.greatis.net" />
+	<target host="cpanel.greatis.net" />
+	<target host="mail.greatis.net" />
+	<target host="malwarefixit.greatis.net" />
+	<target host="www.malwarefixit.greatis.net" />
+	<target host="webdisk.greatis.net" />
+	<target host="webmail.greatis.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Greatnet.de.xml b/src/chrome/content/rules/Greatnet.de.xml
index 5d5f503eb974..a1b587b1312c 100644
--- a/src/chrome/content/rules/Greatnet.de.xml
+++ b/src/chrome/content/rules/Greatnet.de.xml
@@ -20,7 +20,6 @@
 	<securecookie host="^www\.greatnet\.de$" name=".+" />
 
 
-	<rule from="^http://(www\.)?greatnet\.de/"
-		to="https://$1greatnet.de/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Greatnonprofits.org.xml b/src/chrome/content/rules/Greatnonprofits.org.xml
new file mode 100644
index 000000000000..81be086c2f40
--- /dev/null
+++ b/src/chrome/content/rules/Greatnonprofits.org.xml
@@ -0,0 +1,31 @@
+<!--
+	Time out:
+		about.greatnonprofits.org
+		toprated.greatnonprofits.org
+
+	Redirect to http:
+		www.about.greatnonprofits.org
+		www.toprated.greatnonprofits.org
+
+	Broken certificate chain:
+		blog.greatnonprofits.org
+
+-->
+<ruleset name="Greatnonprofits.org">
+
+	<target host="greatnonprofits.org" />
+	<target host="www.greatnonprofits.org" />
+	<target host="api.greatnonprofits.org" />
+	<target host="cdn.greatnonprofits.org" />
+		<test url="http://cdn.greatnonprofits.org/img/gnp-facebook-share-lg.png" />
+	<target host="stage.greatnonprofits.org" />
+	<target host="stagecdn.greatnonprofits.org" />
+	<target host="static.greatnonprofits.org" />
+		<test url="http://static.greatnonprofits.org/favicon.ico" />
+
+	<securecookie host="^greatnonprofits\.org$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Greek-banks.xml b/src/chrome/content/rules/Greek-banks.xml
index 9ec37e196fbb..3831c2030758 100644
--- a/src/chrome/content/rules/Greek-banks.xml
+++ b/src/chrome/content/rules/Greek-banks.xml
@@ -1,19 +1,25 @@
-<!-- This ruleset is experimental. If you experience problems please
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.probank.gr/ => https://www.probank.gr/: (35, 'Unknown SSL protocol error in connection to www.probank.gr:443 ')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.probank.gr/ => https://www.probank.gr/: (28, 'Resolving timed out after 10520 milliseconds') This ruleset is experimental. If you experience problems please
 	 open an issue at https://github.com/kargig/https-everywhere-greek-rules -->
 
-<ruleset name="Greek-banks">
+<ruleset name="Greek-banks" default_off="failed ruleset test">
   <target host="www.nbg.gr" />
   <target host="www.alpha.gr" />
   <target host="www.alphabankcards.gr" />
   <target host="www.probank.gr" />
 
-	<securecookie host="^www\.nbg\.gr$" name=".*"/>
-	<securecookie host="^www\.alpha\.gr$" name=".*"/>
-	<securecookie host="^www\.alphabankcards\.gr$" name=".*"/>
-	<securecookie host="^www\.probank\.gr$" name=".*"/>
+	<securecookie host="^www\.nbg\.gr$" name=".+" />
+	<securecookie host="^www\.alpha\.gr$" name=".+" />
+	<securecookie host="^www\.alphabankcards\.gr$" name=".+" />
+	<securecookie host="^www\.probank\.gr$" name=".+" />
 
   <rule from="^http://www\.nbg\.gr/" to="https://www.nbg.gr/"/>
-  <rule from="^http://(www\.)?alpha\.gr/" to="https://www.alpha.gr/"/>
+  <rule from="^http://(?:www\.)?alpha\.gr/" to="https://www.alpha.gr/"/>
   <rule from="^http://www\.alphabankcards\.gr/" to="https://www.alphabankcards.gr/"/>
-  <rule from="^http://(www\.)?probank\.gr/" to="https://www.probank.gr/"/>
+  <rule from="^http://(?:www\.)?probank\.gr/" to="https://www.probank.gr/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/Greek-gov.xml b/src/chrome/content/rules/Greek-gov.xml
index d0d7ca8e02e7..5e74176b00d1 100644
--- a/src/chrome/content/rules/Greek-gov.xml
+++ b/src/chrome/content/rules/Greek-gov.xml
@@ -2,20 +2,16 @@
 	 open an issue at https://github.com/kargig/https-everywhere-greek-rules -->
 
 <ruleset name="Greek-gov">
-  <target host="noc.grnet.gr" />
-  <target host="*.noc.grnet.gr" />
-  <target host="*.gsis.gr" />
-  <target host="service.eudoxus.gr" />
   <target host="lists.grnet.gr" />
   <target host="lists.noc.grnet.gr" />
+  <target host="www.noc.grnet.gr" />
+  <target host="www1.gsis.gr" />
+  <target host="login.gsis.gr" />
+  <target host="service.eudoxus.gr" />
 
-	<securecookie host="^(.*\.)?noc\.grnet\.gr$" name=".*"/>
-	<securecookie host="^(.*\.)?gsis\.gr$" name=".*"/>
-	<securecookie host="^service\.eudoxus\.gr$" name=".*"/>
-	<securecookie host="^lists\.grnet\.gr$" name=".*"/>
+	<securecookie host="^(?:lists|noc|.*\.noc)\.grnet\.gr$" name=".+" />
+	<securecookie host="^(?:.*\.)?gsis\.gr$" name=".+" />
+	<securecookie host="^service\.eudoxus\.gr$" name=".+" />
 
-  <rule from="^http://(www\.|lists\.)?noc\.grnet\.gr/" to="https://$1noc.grnet.gr/"/>
-  <rule from="^http://(www1|login\.)gsis\.gr/" to="https://$1gsis.gr/"/>
-  <rule from="^http://service\.eudoxus\.gr/" to="https://service.eudoxus.gr/"/>
-  <rule from="^http://lists\.grnet\.gr/" to="https://lists.grnet.gr/"/>
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Greek-media.xml b/src/chrome/content/rules/Greek-media.xml
index 4ee42062147f..bcea15139d5a 100644
--- a/src/chrome/content/rules/Greek-media.xml
+++ b/src/chrome/content/rules/Greek-media.xml
@@ -1,11 +1,18 @@
-<!-- This ruleset is experimental. If you experience problems please
-	 open an issue at https://github.com/kargig/https-everywhere-greek-rules -->
+<!--
+This ruleset is experimental. If you experience problems please
+open an issue at https://github.com/kargig/https-everywhere-greek-rules
 
-<ruleset name="Greek-media">
-  <target host="antenna.gr" />
-  <target host="*.antenna.gr" />
+	Mismatch:
+		- (www.)antenna.gr
+		- webtv.ant1.gr
+		- (www.)ant1.gr
+		- (www.)antennaeurope.gr
+		- (www.)antennapacific.gr
+		- (www.)antennasatellite.gr
+ -->
+<ruleset name="Greek-media (partial)">
+	<target host="static.ant1.gr" />
 
-	<securecookie host="^(.*\.)?antenna\.gr$" name=".*"/>
-
-  <rule from="^http://(\w+\.)?antenna\.gr/" to="https://$1antenna.gr/"/>
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Greek-services.xml b/src/chrome/content/rules/Greek-services.xml
deleted file mode 100644
index 919c51511da6..000000000000
--- a/src/chrome/content/rules/Greek-services.xml
+++ /dev/null
@@ -1,41 +0,0 @@
-<!-- This ruleset is experimental. If you experience problems please
-	 open an issue at https://github.com/kargig/https-everywhere-greek-rules -->
-
-<ruleset name="Greek-services">
-  <target host="skroutz.gr" />
-  <target host="*.skroutz.gr" />
-  <target host="*.skroutzstore.gr" />
-  <target host="e-shop.gr" />
-  <target host="*.e-shop.gr" />
-  <target host="linkwise.gr" />
-  <target host="*.linkwise.gr" />
-  <target host="groupon.gr" />
-  <target host="*.groupon.gr" />
-  <target host="*.kariera.gr" />
-  <target host="www.e-food.gr" />
-  <target host="clickdelivery.gr" />
-  <target host="*.clickdelivery.gr" />
-  <target host="cheapis.gr" />
-  <target host="*.cheapis.gr" />
-
-	<securecookie host="^(.*\.)?skroutz\.gr$" name=".*"/>
-	<securecookie host="^(.*\.)?skroutzstore\.gr$" name=".*"/>
-	<securecookie host="^(.*\.)?e-shop\.gr$" name=".*"/>
-	<securecookie host="^(.*\.)?linkwise\.gr$" name=".*"/>
-	<securecookie host="^(.*\.)?groupon\.gr$" name=".*"/>
-	<securecookie host="^(.*\.)?kariera\.gr$" name=".*"/>
-	<securecookie host="^www\.e-food\.gr$" name=".*"/>
-	<securecookie host="^(www\.)?clickdelivery\.gr$" name=".*"/>
-	<securecookie host="^(www\.)?cheapis\.gr$" name=".*"/>
-
-  <exclusion pattern="^http://team\.skroutz\.gr/"/>
-  <rule from="^http://(\w+\.)?skroutz\.gr/" to="https://$1skroutz.gr/"/>
-  <rule from="^http://(\w+\.)?skroutzstore\.gr/" to="https://$1skroutzstore.gr/"/>
-  <rule from="^http://(www\.)?e-shop\.gr/" to="https://$1e-shop.gr/"/>
-  <rule from="^http://(www\.)?linkwise\.gr/" to="https://$1linkwise.gr/"/>
-  <rule from="^http://(\w+\.)?groupon\.gr/" to="https://$1groupon.gr/"/>
-  <rule from="^http://(\w+\.)?kariera\.gr/" to="https://$1kariera.gr/"/>
-  <rule from="^http://www\.e-food\.gr/" to="https://www.e-food.gr/"/>
-  <rule from="^http://(www\.)?clickdelivery\.gr/" to="https://$1clickdelivery.gr/"/>
-  <rule from="^http://(www\.)?cheapis\.gr/" to="https://$1cheapis.gr/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/Greek-telecom.xml b/src/chrome/content/rules/Greek-telecom.xml
deleted file mode 100644
index 45e09b343b0e..000000000000
--- a/src/chrome/content/rules/Greek-telecom.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!-- This ruleset is experimental. If you experience problems please
-	 open an issue at https://github.com/kargig/https-everywhere-greek-rules -->
-
-<ruleset name="Greek-telecom">
-  <target host="webmail.forthnet.gr" />
-  <target host="*.otenet.gr" />
-  <target host="www.cosmote.gr" />
-  <target host="www.wind.com.gr" />
-  <target host="11888.ote.gr" />
-
-	<securecookie host="^webmail.forthnet\.gr$" name=".*"/>
-	<securecookie host="^www\.cosmote\.gr$" name=".*"/>
-	<securecookie host="^www\.wind\.com\.gr$" name=".*"/>
-	<securecookie host="^11888\.ote\.gr$" name=".*"/>
-
-  <rule from="^http://webmail\.forthnet\.gr/" to="https://webmail.forthnet.gr/"/>
-  <rule from="^http://((ps|domainmanager)\.)?otenet\.gr/" to="https://$1otenet.gr/"/>
-  <rule from="^http://www\.cosmote\.gr/" to="https://www.cosmote.gr/"/>
-  <rule from="^http://www\.wind\.com\.gr/" to="https://www.wind.com.gr/"/>
-  <rule from="^http://11888(\.ote)?\.gr/" to="https://11888.ote.gr/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/Greek-travel.xml b/src/chrome/content/rules/Greek-travel.xml
index 76468c2057da..7e70d5ba94ff 100644
--- a/src/chrome/content/rules/Greek-travel.xml
+++ b/src/chrome/content/rules/Greek-travel.xml
@@ -1,10 +1,88 @@
-<!-- This ruleset is experimental. If you experience problems please
-	 open an issue at https://github.com/kargig/https-everywhere-greek-rules -->
+<!--
+
+	Problematic subdomains
+
+		- aegeanair.com and www.aegeanair.com redirect to non-existent en.aegeanair.com
+
+hotel. mismatch
+flights. expired
+eastpak. mismatch
+revegionstonaera. mismatch
+schedulechange. mismatch
+-->
 
 <ruleset name="Greek-travel">
-  <target host="*.aegeanair.com" />
+	<target host="el.aegeanair.com" />
+	<target host="de.aegeanair.com" />
+	<target host="it.aegeanair.com" />
+	<target host="fr.aegeanair.com" />
+	<target host="es.aegeanair.com" />
+	<target host="ru.aegeanair.com" />
+	<target host="rentacar.aegeanair.com" />
+	<target host="el.about.aegeanair.com" />
+	<target host="it.about.aegeanair.com" />
+	<target host="de.about.aegeanair.com" />
+	<target host="fr.about.aegeanair.com" />
+
+	<!-- Fix #3073 and #3392 -->
+
+	<!--<exclusion pattern="^http://(?:en|el|de|it|fr|es|ru)\.aegeanair\.com/(?:sys/flights/|Css/fonts/|$|\?)" />-->
+	<!--<exclusion pattern="^http://(?:en|el|de|it|fr)\.about\.aegeanair\.com/(?:Css/fonts/|$|\?)" />-->
+
+	<exclusion pattern="^http://el\.aegeanair\.com/sys/flights/" />
+	<exclusion pattern="^http://de\.aegeanair\.com/sys/flights/" />
+	<exclusion pattern="^http://it\.aegeanair\.com/sys/flights/" />
+	<exclusion pattern="^http://fr\.aegeanair\.com/sys/flights/" />
+	<exclusion pattern="^http://es\.aegeanair\.com/sys/flights/" />
+	<exclusion pattern="^http://ru\.aegeanair\.com/sys/flights/" />
+
+	<exclusion pattern="^http://el\.aegeanair\.com/Css/fonts/" />
+	<exclusion pattern="^http://de\.aegeanair\.com/Css/fonts/" />
+	<exclusion pattern="^http://it\.aegeanair\.com/Css/fonts/" />
+	<exclusion pattern="^http://fr\.aegeanair\.com/Css/fonts/" />
+	<exclusion pattern="^http://es\.aegeanair\.com/Css/fonts/" />
+	<exclusion pattern="^http://ru\.aegeanair\.com/Css/fonts/" />
+
+	<exclusion pattern="^http://el\.about\.aegeanair\.com/Css/fonts/" />
+	<exclusion pattern="^http://de\.about\.aegeanair\.com/Css/fonts/" />
+	<exclusion pattern="^http://it\.about\.aegeanair\.com/Css/fonts/" />
+	<exclusion pattern="^http://fr\.about\.aegeanair\.com/Css/fonts/" />
+
+	<test url="http://el.aegeanair.com/Css/fonts/Roboto-Bold/Roboto-Bold.ttf" />
+	<test url="http://de.aegeanair.com/Css/fonts/Roboto-Bold/Roboto-Bold.ttf" />
+	<test url="http://it.aegeanair.com/Css/fonts/Roboto-Bold/Roboto-Bold.ttf" />
+	<test url="http://fr.aegeanair.com/Css/fonts/Roboto-Bold/Roboto-Bold.ttf" />
+	<test url="http://es.aegeanair.com/Css/fonts/Roboto-Bold/Roboto-Bold.ttf" />
+	<test url="http://ru.aegeanair.com/Css/fonts/Roboto-Bold/Roboto-Bold.ttf" />
+
+	<test url="http://el.about.aegeanair.com/Css/fonts/Roboto-Bold/Roboto-Bold.ttf" />
+	<test url="http://de.about.aegeanair.com/Css/fonts/Roboto-Bold/Roboto-Bold.ttf" />
+	<test url="http://it.about.aegeanair.com/Css/fonts/Roboto-Bold/Roboto-Bold.ttf" />
+	<test url="http://fr.about.aegeanair.com/Css/fonts/Roboto-Bold/Roboto-Bold.ttf" />
+	<!--test url="http://es.about.aegeanair.com/Css/fonts/Roboto-Bold/Roboto-Bold.ttf" /-->
+	<!--test url="http://ru.about.aegeanair.com/Css/fonts/Roboto-Bold/Roboto-Bold.ttf" /-->
+
+	<test url="http://el.aegeanair.com/sys/flights/airports" />
+	<test url="http://de.aegeanair.com/sys/flights/airports" />
+	<test url="http://it.aegeanair.com/sys/flights/airports" />
+	<test url="http://fr.aegeanair.com/sys/flights/airports" />
+	<test url="http://es.aegeanair.com/sys/flights/airports" />
+	<test url="http://ru.aegeanair.com/sys/flights/airports" />
+
+	<test url="http://el.aegeanair.com/?q" />
+	<test url="http://de.aegeanair.com/?q" />
+	<test url="http://it.aegeanair.com/?q" />
+	<test url="http://fr.aegeanair.com/?q" />
+	<test url="http://es.aegeanair.com/?q" />
+	<test url="http://ru.aegeanair.com/?q" />
+
+	<test url="http://el.about.aegeanair.com/?q" />
+	<test url="http://de.about.aegeanair.com/?q" />
+	<test url="http://it.about.aegeanair.com/?q" />
+	<test url="http://fr.about.aegeanair.com/?q" />
 
-	<securecookie host="^(.*\.)?aegeanair\.com$" name=".*"/>
+	<securecookie host=".+" name=".+" />
 
-  <rule from="^http://(\w+\.)?aegeanair\.com/" to="https://$1aegeanair.com/"/>
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Greek-various.xml b/src/chrome/content/rules/Greek-various.xml
deleted file mode 100644
index 1a22c2892f2d..000000000000
--- a/src/chrome/content/rules/Greek-various.xml
+++ /dev/null
@@ -1,46 +0,0 @@
-<!-- This ruleset is experimental. If you experience problems please
-	 open an issue at https://github.com/kargig/https-everywhere-greek-rules -->
-
-<ruleset name="Greek-various">
-  <target host="void.gr" />
-  <target host="*.void.gr" />
-  <target host="hackerspace.gr" />
-  <target host="*.hackerspace.gr" />
-  <target host="pirateparty.gr" />
-  <target host="*.pirateparty.gr" />
-  <target host="ellak.gr" />
-  <target host="www.ellak.gr" />
-  <target host="www.dei.gr" />
-  <target host="www.dei.com.gr" />
-  <target host="www.eydap.gr" />
-  <target host="*.eduroam.gr" />
-  <target host="skytal.es" />
-  <target host="www.skytal.es" />
-  <target host="barikat.gr" />
-  <target host="www.barikat.gr" />
-  <target host="dionyziz.com" />
-  <target host="www.dionyziz.com" />
-
-	<securecookie host="^(.*\.)?void\.gr$" name=".*"/>
-	<securecookie host="^(www\.)?hackerspace\.gr$" name=".*"/>
-	<securecookie host="^(www\.)?pirateparty\.gr$" name=".*"/>
-	<securecookie host="^(www\.)?ellak\.gr$" name=".*"/>
-	<securecookie host="^www\.dei\.com\.gr$" name=".*"/>
-	<securecookie host="^www\.eydap\.gr$" name=".*"/>
-	<securecookie host="^(www\.)?eduroam\.gr$" name=".*"/>
-	<securecookie host="^(www\.)?skytal\.es$" name=".*"/>
-	<securecookie host="^(www\.)?barikat\.gr$" name=".*"/>
-	<securecookie host="^(www\.)?dionyziz\.com$" name=".*"/>
-
-  <rule from="^http://((www|webmail)\.)?void\.gr/" to="https://$1void.gr/"/>
-  <rule from="^http://pad\.void\.gr/" to="https://pad.void.gr/"/>
-  <rule from="^http://(www\.)?hackerspace\.gr/" to="https://$1hackerspace.gr/"/>
-  <rule from="^http://(www\.)?pirateparty\.gr/" to="https://$1pirateparty.gr/"/>
-  <rule from="^http://(www\.)?ellak\.gr/" to="https://www.ellak.gr/"/>
-  <rule from="^http://www\.dei(?:\.com)?\.gr/" to="https://www.dei.com.gr/"/>
-  <rule from="^http://www\.eydap\.gr/" to="https://www.eydap.gr/"/>
-  <rule from="^http://(www\.)?eduroam\.gr/" to="https://$1eduroam.gr/"/>
-  <rule from="^http://(www\.)?skytal\.es/" to="https://$1skytal.es/"/>
-  <rule from="^http://(www\.)?barikat\.gr/" to="https://$1barikat.gr/"/>
-  <rule from="^http://(www\.)?dionyziz\.com/" to="https://$1dionyziz.com/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/Green-Wood.com.xml b/src/chrome/content/rules/Green-Wood.com.xml
new file mode 100644
index 000000000000..dbaab344ad2f
--- /dev/null
+++ b/src/chrome/content/rules/Green-Wood.com.xml
@@ -0,0 +1,31 @@
+<!--
+	Green-Wood Historic Fund
+
+
+	Nonfunctional subdomains:
+
+		- store *
+
+	* Shopify
+
+
+	Mixed content:
+
+		- Images on www from $self *
+		- favicon on www from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Green-Wood.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="green-wood.com" />
+	<target host="www.green-wood.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GreenChef.com.xml b/src/chrome/content/rules/GreenChef.com.xml
new file mode 100644
index 000000000000..5fe817c08b53
--- /dev/null
+++ b/src/chrome/content/rules/GreenChef.com.xml
@@ -0,0 +1,20 @@
+<!--
+	Invalid certificate:
+		links.greenchef.com
+
+-->
+<ruleset name="Green Chef">
+
+	<target host="greenchef.com" />
+	<target host="www.greenchef.com" />
+	<target host="blog.greenchef.com" />
+	<target host="cdn.greenchef.com" />
+		<test url="http://cdn.greenchef.com/assets/Icons/faviconV3.png" />
+	<target host="cdn2.greenchef.com" />
+		<test url="http://cdn2.greenchef.com/uploaded/58d14b989af9dadb776672d3.pdf" />
+	<target host="console.greenchef.com" />
+	<target host="help.greenchef.com" />
+
+	<rule from="^http:"	to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GreenIT-BB-mismatches.xml b/src/chrome/content/rules/GreenIT-BB-mismatches.xml
index 443b4888c9b6..3e5392561e67 100644
--- a/src/chrome/content/rules/GreenIT-BB-mismatches.xml
+++ b/src/chrome/content/rules/GreenIT-BB-mismatches.xml
@@ -1,9 +1,9 @@
-<ruleset name="GreenIT-BB (mismatches)" default_off="mismatch">
+<ruleset name="GreenIT-BB (mismatches)" default_off="mismatched">
 
 	<target host="greenit-bb.de"/>
 	<target host="www.greenit-bb.de"/>
 
-	<securecookie host="^(.*\.)?greenit-bb\.de$" name=".*"/>
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http://(?:www\.)?greenit-bb\.de/"
 		to="https://www.greenit-bb.de/"/>
diff --git a/src/chrome/content/rules/GreenIT-BB.xml b/src/chrome/content/rules/GreenIT-BB.xml
index 76d2d83a2f02..8e4402121778 100644
--- a/src/chrome/content/rules/GreenIT-BB.xml
+++ b/src/chrome/content/rules/GreenIT-BB.xml
@@ -1,10 +1,21 @@
-<ruleset name="GreenIT-BB (partial)">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://benchmarking.greenit-bb.de/ => https://benchmarking.greenit-bb.de/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+-->
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://benchmarking.greenit-bb.de/ => https://benchmarking.greenit-bb.de/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="GreenIT-BB (partial)" default_off="failed ruleset test">
 
 	<target host="benchmarking.greenit-bb.de"/>
 
-	<securecookie host="^benchmarking\.greenit-bb\.de$" name=".*"/>
+	<securecookie host="^benchmarking\.greenit-bb\.de$" name=".+" />
 
-	<rule from="^http://benchmarking\.greenit-bb\.de/"
-		to="https://benchmarking.greenit-bb.de/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/GreenQloud.com.xml b/src/chrome/content/rules/GreenQloud.com.xml
new file mode 100644
index 000000000000..fd31ea8998b4
--- /dev/null
+++ b/src/chrome/content/rules/GreenQloud.com.xml
@@ -0,0 +1,55 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://auth.greenqloud.com/ => https://auth.greenqloud.com/: (6, 'Could not resolve host: auth.greenqloud.com')
+Fetch error: http://my.greenqloud.com/ => https://my.greenqloud.com/: (6, 'Could not resolve host: my.greenqloud.com')
+
+	Other GreenQloud rulesets:
+
+
+
+	Problematic hosts in *greenqloud.com:
+
+		- status *
+		- support *
+
+	Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- auth.greenqloud.com
+
+-->
+<ruleset name="GreenQloud.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="greenqloud.com" />
+	<target host="auth.greenqloud.com" />
+	<target host="my.greenqloud.com" />
+	<target host="www.greenqloud.com" />
+
+	<!--	Complications:
+				-->
+	<target host="status.greenqloud.com" />
+	<target host="support.greenqloud.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^auth\.greenqloud\.com$" name="^(?:PHPSESSID|sessionid)$" /-->
+
+	<securecookie host="^auth\.greenqloud\.com$" name=".+" />
+
+
+	<rule from="^http://status\.greenqloud\.com/"
+		to="https://greenqloud.statuspage.io/" />
+
+	<rule from="^http://support\.greenqloud\.com/"
+		to="https://greenqloud.zendesk.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GreenSky_Credit.com.xml b/src/chrome/content/rules/GreenSky_Credit.com.xml
index 0c088222e950..608d32a8317e 100644
--- a/src/chrome/content/rules/GreenSky_Credit.com.xml
+++ b/src/chrome/content/rules/GreenSky_Credit.com.xml
@@ -1,11 +1,13 @@
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://greensky.com/ => http://greensky.com/: Cycle detected - URL already encountered: http://greensky.com/
 	Some paths redirect to http.
 
 -->
 <ruleset name="GreenSky Credit.com (partial)">
 
 	<target host="greensky.com" />
-	<target host="*.greensky.com" />
+	<target host="www.greensky.com" />
 
 
 	<rule from="^http://(www\.)?greensky\.com/(images/|payment(?:$|\?|/)|secure/)"
@@ -14,4 +16,4 @@
 	<rule from="^http://(www\.)?greensky\.com/(favicon\.ico|_media/|_ui/)"
 		to="https://$1greensky.com/secure/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/GreenVehicleGuide.xml b/src/chrome/content/rules/GreenVehicleGuide.xml
new file mode 100644
index 000000000000..e592ef27c11c
--- /dev/null
+++ b/src/chrome/content/rules/GreenVehicleGuide.xml
@@ -0,0 +1,7 @@
+<ruleset name="Green Vehicle Guide">
+	<target host="greenvehicleguide.gov.au" />
+	<target host="www.greenvehicleguide.gov.au" />
+
+	<rule from="^http://(?:www\.)?greenvehicleguide\.gov\.au/"
+		to="https://www.greenvehicleguide.gov.au/" />
+</ruleset>
diff --git a/src/chrome/content/rules/Green_Billion.org.xml b/src/chrome/content/rules/Green_Billion.org.xml
new file mode 100644
index 000000000000..1a80a372c7f9
--- /dev/null
+++ b/src/chrome/content/rules/Green_Billion.org.xml
@@ -0,0 +1,21 @@
+<!--
+	CN: Parallels Panel
+	Expired 2013
+
+-->
+<ruleset name="Green Billion.org" default_off="expired, self-signed">
+
+	<target host="greenbillion.org" />
+	<target host="www.greenbillion.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?greenbillion\.org$" name="^kpg_stop_spammers_time$" /-->
+
+	<securecookie host="^(?:www\.)?greenbillion\.org$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Green_Coffee_Bean_Extract.xml b/src/chrome/content/rules/Green_Coffee_Bean_Extract.xml
deleted file mode 100644
index b0435ff01c80..000000000000
--- a/src/chrome/content/rules/Green_Coffee_Bean_Extract.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Green Coffee Bean Extract">
-
-	<target host="mygreenbeanextract.com" />
-	<target host="*.mygreenbeanextract.com" />
-
-
-	<securecookie host="^(?:w*\.)?mygreenbeanextract\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?mygreenbeanextract\.com/"
-		to="https://$1mygreenbeanextract.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Green_Left.org.au.xml b/src/chrome/content/rules/Green_Left.org.au.xml
new file mode 100644
index 000000000000..583f2976bf1c
--- /dev/null
+++ b/src/chrome/content/rules/Green_Left.org.au.xml
@@ -0,0 +1,25 @@
+<!--
+	^greenleft.org.au: 404
+
+-->
+<ruleset name="Green Left.org.au">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.greenleft.org.au" />
+
+	<!--	Complications:
+				-->
+	<target host="greenleft.org.au" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://greenleft\.org\.au/"
+		to="https://www.greenleft.org.au/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Green_Party.org.uk.xml b/src/chrome/content/rules/Green_Party.org.uk.xml
new file mode 100644
index 000000000000..e848bc75b1ed
--- /dev/null
+++ b/src/chrome/content/rules/Green_Party.org.uk.xml
@@ -0,0 +1,232 @@
+<!--
+	Nonfunctional hosts in *greenparty.org.uk:
+
+		- broxtowe ¹
+		- hammersmithandfulham ¹
+		- join ¹
+		- waveney ²
+		- westminster ¹
+
+	¹ Shows ^greenparty.org.uk
+	² "Site Not Found"
+
+
+	Problematic hosts in *greenparty.org.uk:
+
+		- www.doncaster ¹
+		- www.hereford ¹ ² ³
+		- www.kingston ¹
+		- newforest ¹ ²
+		- www.newforest ¹ ² ⁴
+		- www.northwest ¹
+		- stalbans ² ³ ⁵
+		- www.stalbans ¹ ² ³ ⁵
+		- www.stroud ¹
+		- www.wyreforest ¹
+
+	¹ Mismatched
+	² Expired
+	³ Server sends no certificate chain, see https://whatsmychaincert.com
+	⁴ Self-signed
+	⁵ Mixed css
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- cardiff.greenparty.org.uk
+		- donate.greenparty.org.uk
+		- policy.greenparty.org.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- iframe on brent, bromley, hounslow, malvernhills, northsomerset, scarborough, southcambs, watford, welwynhatfield, from www.youtube.com ¹
+		- css on stalbans from $self ²
+		- Audio on southsomerset from www.radioninesprings.co.uk ³
+
+		- Images, on:
+
+			- babergh, blackpoolfylde, cambridge, cardiff, kingston, merton, midsuffolk, mid-suffolk, northdorset from greenparty.org.uk ¹
+			- brent, bromley, ealing, hounslow, richmond, richmondandtwickenham, wandsworth from london.greenparty.org.uk ¹
+			- cambridge from $self ¹
+			- greenwich from $self ¹
+			- leamington from westmidlands.greenparty.org.uk ¹
+			- mid-suffolk, midsuffolk from www.etsb.qc.ca ⁴
+			- northdorset from southwest.greenparty.org.uk ¹
+			- northherts from $self ¹
+			- northyorks from $self ¹
+			- southwark from $self ¹
+			- stalbans from $self ²
+			- torridge from $self ¹
+			- wiganandleigh from \d.bp.blogspot.com ¹
+
+		- Bugs, on:
+
+			- gwent from www.overmonnow.com ³
+			- northdorset from in.getclicky.com ¹
+			- northyorks from c.statcounter.com ¹
+			- plymouth from feeds.feedburner.com ¹
+
+	¹ Secured by us
+	² Not secured by us <= invalid cert
+	³ Unsecurable <= refused
+	⁴ Unsecurable <= dropped
+
+-->
+<ruleset name="Green Party.org.uk (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="greenparty.org.uk" />
+	<target host="agc.greenparty.org.uk" />
+	<target host="allerdalecopeland.greenparty.org.uk" />
+	<target host="babergh.greenparty.org.uk" />
+	<target host="bath.greenparty.org.uk" />
+	<target host="bexley.greenparty.org.uk" />
+	<target host="birmingham.greenparty.org.uk" />
+	<target host="blackpoolfylde.greenparty.org.uk" />
+	<target host="bolton.greenparty.org.uk" />
+	<target host="brent.greenparty.org.uk" />
+	<target host="bromley.greenparty.org.uk" />
+	<target host="bury.greenparty.org.uk" />
+	<target host="calderdale.greenparty.org.uk" />
+	<target host="cambridge.greenparty.org.uk" />
+	<target host="camden.greenparty.org.uk" />
+	<target host="cardiff.greenparty.org.uk" />
+	<target host="carlisleeden.greenparty.org.uk" />
+	<target host="centrallancs.greenparty.org.uk" />
+	<target host="chelmsford.greenparty.org.uk" />
+	<target host="cheltenham.greenparty.org.uk" />
+	<target host="coventry.greenparty.org.uk" />
+	<target host="croydon.greenparty.org.uk" />
+	<target host="dacorum.greenparty.org.uk" />
+	<target host="donate.greenparty.org.uk" />
+	<target host="doncaster.greenparty.org.uk" />
+	<target host="dudley.greenparty.org.uk" />
+	<target host="ealing.greenparty.org.uk" />
+	<target host="eastdevon.greenparty.org.uk" />
+	<target host="eastern.greenparty.org.uk" />
+	<target host="eastlancs.greenparty.org.uk" />
+	<target host="eastmidlands.greenparty.org.uk" />
+	<target host="greenwich.greenparty.org.uk" />
+	<target host="gwent.greenparty.org.uk" />
+	<target host="hackney.greenparty.org.uk" />
+	<target host="haringey.greenparty.org.uk" />
+	<target host="harrogate.greenparty.org.uk" />
+	<target host="harrow.greenparty.org.uk" />
+	<target host="headingley.greenparty.org.uk" />
+	<target host="hereford.greenparty.org.uk" />
+	<target host="herefordshire.greenparty.org.uk" />
+	<target host="hillingdon.greenparty.org.uk" />
+	<target host="hounslow.greenparty.org.uk" />
+	<target host="islington.greenparty.org.uk" />
+	<target host="kennetnorthwilts.greenparty.org.uk" />
+	<target host="kingston.greenparty.org.uk" />
+	<target host="kirklees.greenparty.org.uk" />
+	<target host="lambeth.greenparty.org.uk" />
+	<target host="leamington.greenparty.org.uk" />
+	<target host="leeds.greenparty.org.uk" />
+	<target host="lewisham.greenparty.org.uk" />
+	<target host="lgbtiq-greens.greenparty.org.uk" />
+	<target host="london.greenparty.org.uk" />
+	<target host="loughborough.greenparty.org.uk" />
+	<target host="malvernhills.greenparty.org.uk" />
+	<target host="merton.greenparty.org.uk" />
+	<target host="mid-suffolk.greenparty.org.uk" />
+	<target host="midandeastcornwall.greenparty.org.uk" />
+	<target host="my.greenparty.org.uk" />
+	<target host="nataliebennett.greenparty.org.uk" />
+	<target host="neengland.greenparty.org.uk" />
+	<target host="northants.greenparty.org.uk" />
+	<target host="northdevon.greenparty.org.uk" />
+	<target host="northdorset.greenparty.org.uk" />
+	<target host="northherts.greenparty.org.uk" />
+	<target host="northlancs.greenparty.org.uk" />
+	<target host="northlincs.greenparty.org.uk" />
+	<target host="northnorfolk.greenparty.org.uk" />
+	<target host="northsomerset.greenparty.org.uk" />
+	<target host="northstaffs.greenparty.org.uk" />
+	<target host="northwest.greenparty.org.uk" />
+	<target host="northyorks.greenparty.org.uk" />
+	<target host="nottingham.greenparty.org.uk" />
+	<target host="oldham.greenparty.org.uk" />
+	<target host="otley.greenparty.org.uk" />
+	<target host="peterborough.greenparty.org.uk" />
+	<target host="plymouth.greenparty.org.uk" />
+	<target host="policy.greenparty.org.uk" />
+	<target host="richmond.greenparty.org.uk" />
+	<target host="richmondandtwickenham.greenparty.org.uk" />
+	<target host="rochdale.greenparty.org.uk" />
+	<target host="salford.greenparty.org.uk" />
+	<target host="sandwell.greenparty.org.uk" />
+	<target host="scarborough.greenparty.org.uk" />
+	<target host="sedorset.greenparty.org.uk" />
+	<target host="sefton.greenparty.org.uk" />
+	<target host="selby.greenparty.org.uk" />
+	<target host="shrewsburynorthshropshire.greenparty.org.uk" />
+	<target host="solihull.greenparty.org.uk" />
+	<target host="southcambs.greenparty.org.uk" />
+	<target host="southdevon.greenparty.org.uk" />
+	<target host="southeast.greenparty.org.uk" />
+	<target host="southeastdorset.greenparty.org.uk" />
+	<target host="southsomerset.greenparty.org.uk" />
+	<target host="southtyneside.greenparty.org.uk" />
+	<target host="southwark.greenparty.org.uk" />
+	<target host="southwest.greenparty.org.uk" />
+	<target host="staffsmoorlands.greenparty.org.uk" />
+	<!--target host="stalbans.greenparty.org.uk" /-->
+	<target host="sthelens.greenparty.org.uk" />
+	<target host="stockport.greenparty.org.uk" />
+	<target host="stroud.greenparty.org.uk" />
+	<target host="suffolkcoastal.greenparty.org.uk" />
+	<target host="sutton.greenparty.org.uk" />
+	<target host="telfordandwrekin.greenparty.org.uk" />
+	<target host="torridge.greenparty.org.uk" />
+	<target host="towerhamlets.greenparty.org.uk" />
+	<target host="wales.greenparty.org.uk" />
+	<target host="walsall.greenparty.org.uk" />
+	<target host="wandsworth.greenparty.org.uk" />
+	<target host="warrington.greenparty.org.uk" />
+	<target host="watford.greenparty.org.uk" />
+	<target host="wcl.greenparty.org.uk" />
+	<target host="welwynhatfield.greenparty.org.uk" />
+	<target host="westandsouthdorset.greenparty.org.uk" />
+	<target host="westcornwall.greenparty.org.uk" />
+	<target host="westmidlands.greenparty.org.uk" />
+	<target host="westmorland.greenparty.org.uk" />
+	<target host="westwilts.greenparty.org.uk" />
+	<target host="wiganandleigh.greenparty.org.uk" />
+	<target host="witham-braintree.greenparty.org.uk" />
+	<target host="www.greenparty.org.uk" />
+	<target host="wyreforest.greenparty.org.uk" />
+	<target host="york.greenparty.org.uk" />
+	<target host="yorkshireandhumber.greenparty.org.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="www.doncaster.greenparty.org.uk" />
+	<target host="www.hereford.greenparty.org.uk" />
+	<target host="www.kingston.greenparty.org.uk" />
+	<target host="www.northwest.greenparty.org.uk" />
+	<target host="www.salisbury.greenparty.org.uk" />
+	<!--target host="www.stalbans.greenparty.org.uk" /-->
+	<target host="www.stroud.greenparty.org.uk" />
+	<target host="www.wyreforest.greenparty.org.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:cardiff|donate|policy)\.greenparty\.org\.uk$" name="^cookieList\[cl_check\]$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://www\.(doncaster|hereford|kingston|northwest|salisbury|stroud|wyreforest)\.greenparty\.org\.uk/"
+		to="https://$1.greenparty.org.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Green_PolkaDot_Box.xml b/src/chrome/content/rules/Green_PolkaDot_Box.xml
index 23a8057c9ca1..90f10512a333 100644
--- a/src/chrome/content/rules/Green_PolkaDot_Box.xml
+++ b/src/chrome/content/rules/Green_PolkaDot_Box.xml
@@ -1,14 +1,12 @@
 <ruleset name="Green PolkaDot Box">
 
 	<target host="greenpolkadotbox.com" />
-	<target host="*.greenpolkadotbox.com" />
-	<target host="*.www.greenpolkadotbox.com" />
+	<target host="www.greenpolkadotbox.com" />
 
 
 	<securecookie host="^\.(?:www\.)?greenpolkadotbox\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?greenpolkadotbox\.com/"
-		to="https://$1greenpolkadotbox.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Green_Smoke.xml b/src/chrome/content/rules/Green_Smoke.xml
index 2e2c3f79d0ac..40b78e1c4b9d 100644
--- a/src/chrome/content/rules/Green_Smoke.xml
+++ b/src/chrome/content/rules/Green_Smoke.xml
@@ -1,22 +1,52 @@
 <!--
-	Partially covered domains:
+	Nonfunctional hosts:
 
-		- (www.)greensmoke.co.uk	(some pages redirect to http)
+		- blog.greensmoke.co.uk *
+
+	* Shows another domain
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- greensmoke.co.uk
+		- .greensmoke.co.uk
+		- www.greensmoke.co.uk
+		- .www.greensmoke.co.uk
+
+		- greensmoke.com
+		- .greensmoke.com
+		- .greensmoke.com
+		- www.greensmoke.com
 
 -->
 <ruleset name="Green Smoke (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="greensmoke.co.uk" />
 	<target host="www.greensmoke.co.uk" />
-		<exclusion pattern="^http://(?:www\.)?greensmoke\.co\.uk/(?!catalog/(?:(?:affinfo|affinfoFooter|affPhoneHeader|sessionTopLogin)\.php|images/|js/|modules/|skins/))" />
 	<target host="greensmoke.com" />
-	<target host="*.greensmoke.com" />
+	<target host="earn.greensmoke.com" />
+	<target host="wholesale.greensmoke.com" />
+	<target host="www.greensmoke.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^greensmoke\.co\.uk$" name="^___utm\w+$" /-->
+	<!--securecookie host="^\.greensmoke\.co\.uk$" name="^(?:incap_ses_\d+|visid_incap)_\d+$" /-->
+	<!--securecookie host="^www\.greensmoke\.co\.uk$" name="^(?:___utm\w+|CACHED_FRONT_FORM_KEY)$" /-->
+	<!--securecookie host="^\.www\.greensmoke\.co\.uk$" name="^(?:CUSTOMER|CUSTOMER_(?:AUTH|INFO|RATES|SEGMENT_IDS)|frontend|frontend_cid)$" /-->
 
+	<!--securecookie host="^(?:wholesale\.)?greensmoke\.com$" name="^___utm\w+$" /-->
+	<!--securecookie host="^\.greensmoke\.com$" name="^(?:ccUser|incap_ses_\d+_\d+|nlbi_\d+|visid_incap_\d+)$" /-->
+	<!--securecookie host="^earn\.greensmoke\.com$" name="^(?:___utm\w+|PHPSESSID|display_language)$" /-->
+	<!--securecookie host="^www\.greensmoke\.com$" name="^(?:___utm\w+|PHPSESSID|country_code|not_redir|not_shipped|not_shipped_cause|placed_orders|region|region_params)$" /-->
 
-	<securecookie host="^(?:earn|www)\.greensmoke\.com$" name=".+" />
+	<securecookie host="(?:^|\.)greensmoke\.co(?:\.uk|m)$" name=".+" />
 
 
-	<rule from="^http://(earn\.|www\.)?greensmoke\.co(\.uk|m)/"
-		to="https://$1greensmoke.co$2/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Greenbone.xml b/src/chrome/content/rules/Greenbone.xml
index 6094a9478b49..201778643d2b 100644
--- a/src/chrome/content/rules/Greenbone.xml
+++ b/src/chrome/content/rules/Greenbone.xml
@@ -18,7 +18,6 @@
 	<target host="support.greenbone.net" />
 
 
-	<rule from="^http://support\.greenbone\.net/"
-		to="https://support.greenbone.net/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Greenhost.xml b/src/chrome/content/rules/Greenhost.xml
index 2277371c65bb..2e59f5dcf350 100644
--- a/src/chrome/content/rules/Greenhost.xml
+++ b/src/chrome/content/rules/Greenhost.xml
@@ -1,13 +1,24 @@
-<ruleset name="Greenhost">
+<!--
+	Insecure cookies are set for these hosts:
+
+		- greenhost.nl
+		- www.greenhost.nl
+
+-->
+<ruleset name="Greenhost.nl">
 
 	<target host="greenhost.nl" />
 	<target host="www.greenhost.nl" />
 
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?greenhost\.nl$" name="^(?:PHPSESSID|showpromo)$" /-->
+
 	<securecookie host="^(?:www\.)?greenhost\.nl$" name=".+" />
 
 
-	<rule from="^http://(www\.)?greenhost\.nl/"
-		to="https://$1greenhost.nl/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Greenhouse.io.xml b/src/chrome/content/rules/Greenhouse.io.xml
index c4e9bf988202..90ca2cf7abdd 100644
--- a/src/chrome/content/rules/Greenhouse.io.xml
+++ b/src/chrome/content/rules/Greenhouse.io.xml
@@ -1,38 +1,35 @@
 <!--
-	CDN buckets:
+	Other Greenhouse rulesets:
 
-		- prod-greenhouse.herokuapp.com
+		- Grnh.se.xml
 
-			- boards.greenhouse.io
-			- www.grnh.se
 
+	CDN buckets:
 
-	Nonfunctional subdomains:
+		- prod-greenhouse.herokuapp.com
 
-		- (www.)	(dropped)
+			- boards.greenhouse.io
 
 
 	Problematic domains:
 
-		- boards.greenhouse.io
-		- www.grnh.se *
+		- greenhouse.io ¹
 
-	* Works; mismatched, CN: *.herokuapp.com
+	¹ Dropped
 
 -->
-<ruleset name="Greenhouse.io (partial)" default_off="mismatched">
+<ruleset name="Greenhouse.io">
 
+	<target host="greenhouse.io" />
+	<target host="www.greenhouse.io" />
+	<target host="blog.greenhouse.io" />
 	<target host="boards.greenhouse.io" />
-	<target host="www.grnh.se" />
-
-
-	<securecookie host="^www\.grnh\.se$" name=".+" />
+	<target host="info.greenhouse.io" />
 
 
-	<rule from="^http://boards\.greenhouse\.io/"
-		to="https://boards.greenhouse.io/" />
+	<rule from="^http://(?:www\.)?greenhouse\.io/"
+		to="https://www.greenhouse.io/" />
 
-	<rule from="^http://www\.grnh\.se/"
-		to="https://www.grnh.se/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Greenmangaming.com.xml b/src/chrome/content/rules/Greenmangaming.com.xml
new file mode 100644
index 000000000000..7655fb2da298
--- /dev/null
+++ b/src/chrome/content/rules/Greenmangaming.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="greenman gaming (partial)">
+  <target host="greenmangaming.com" />
+  <target host="www.greenmangaming.com" />
+
+  <rule from="^http://(?:www\.)?greenmangaming\.com/user/login" to="https://www.greenmangaming.com/user/login" />
+  <rule from="^http://(?:www\.)?greenmangaming\.com/user/account" to="https://www.greenmangaming.com/user/account" />
+</ruleset>
diff --git a/src/chrome/content/rules/Greenpeace-Energy.de.xml b/src/chrome/content/rules/Greenpeace-Energy.de.xml
new file mode 100644
index 000000000000..6a32b7971725
--- /dev/null
+++ b/src/chrome/content/rules/Greenpeace-Energy.de.xml
@@ -0,0 +1,19 @@
+<!--
+	For other Greenpeace coverage, see Greenpeace.org.xml.
+
+-->
+<ruleset name="Greenpeace-Energy.de">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="greenpeace-energy.de" />
+	<target host="www.greenpeace-energy.de" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Greenpeace-Jugend.de.xml b/src/chrome/content/rules/Greenpeace-Jugend.de.xml
new file mode 100644
index 000000000000..8a4a40a310f5
--- /dev/null
+++ b/src/chrome/content/rules/Greenpeace-Jugend.de.xml
@@ -0,0 +1,20 @@
+<!--
+	For other Greenpeace coverage, see Greenpeace.org.xml.
+
+-->
+<ruleset name="Greenpeace-Jugend.de">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="greenpeace-jugend.de" />
+	<target host="www.greenpeace-jugend.de" />
+
+
+	<!--	Not secured by server:   -->
+	<securecookie host="^(www\.)?greenpeace-jugend\.de$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Greenpeace-Magazin.de.xml b/src/chrome/content/rules/Greenpeace-Magazin.de.xml
new file mode 100644
index 000000000000..9175facef4ca
--- /dev/null
+++ b/src/chrome/content/rules/Greenpeace-Magazin.de.xml
@@ -0,0 +1,19 @@
+<!--
+	For other Greenpeace coverage, see Greenpeace.org.xml.
+
+-->
+<ruleset name="Greenpeace-Magazin.de">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="greenpeace-magazin.de" />
+	<target host="www.greenpeace-magazin.de" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Greenpeace.de.xml b/src/chrome/content/rules/Greenpeace.de.xml
new file mode 100644
index 000000000000..289b3c9a8643
--- /dev/null
+++ b/src/chrome/content/rules/Greenpeace.de.xml
@@ -0,0 +1,67 @@
+<!--
+	For other Greenpeace coverage, see Greenpeace.org.xml.
+
+
+	Problematic hosts in *greenpeace.de:
+
+		- ^ ¹
+		- www.kids ¹
+		- gruppen ² ³
+
+	¹ Mismatched
+	² Expired
+	³ Untrusted root
+
+
+	Mixed content:
+
+		- Bug on www from greenpeace01.webtrekk.net *
+
+	* Secured by us
+
+-->
+<ruleset name="Greenpeace.de (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.greenpeace.de" />
+	<target host="kids.greenpeace.de" />
+
+	<!--	Complications:
+				-->
+	<target host="greenpeace.de" />
+	<target host="gruppen.greenpeace.de" />
+	<target host="www.kids.greenpeace.de" />
+
+		<!--	/*(?!$|\?) 404s:
+					-->
+		<exclusion pattern="^http://gruppen\.greenpeace\.de/+(?!$|\?)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://gruppen.greenpeace.de/bochum/" />
+			<test url="http://gruppen.greenpeace.de/buende/58.html" />
+			<test url="http://gruppen.greenpeace.de/saar/" />
+			<test url="http://gruppen.greenpeace.de/wuppertal/" />
+
+			<!--	-ve:
+					-->
+			<test url="http://gruppen.greenpeace.de//" />
+			<test url="http://gruppen.greenpeace.de//?foo" />
+			<test url="http://gruppen.greenpeace.de/?foo" />
+
+
+	<rule from="^http://greenpeace\.de/"
+		to="https://www.greenpeace.de/" />
+
+	<!--	Redirect keeps args but not forward slash:
+							-->
+	<rule from="^http://gruppen\.greenpeace\.de/+"
+		to="https://www.greenpeace.de/gruppen/uebersicht" />
+
+	<rule from="^http://www\.kids\.greenpeace\.de/"
+		to="https://kids.greenpeace.de/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Greenpeace.org.xml b/src/chrome/content/rules/Greenpeace.org.xml
index 77657a80a54e..00b93d7bd481 100644
--- a/src/chrome/content/rules/Greenpeace.org.xml
+++ b/src/chrome/content/rules/Greenpeace.org.xml
@@ -1,9 +1,45 @@
-<ruleset name="greenpeace.org (very partial)">
-  <target host="moon.greenpeace.org"/>
-  <target host="www.moon.greenpeace.org"/>
-  <target host="secured.greenpeace.org"/>
-  <target host="secureusa.greenpeace.org"/>
-  <target host="donate.greenpeace.org"/>
-  <rule from="^http://(www\.)?moon\.greenpeace\.org/" to="https://moon.greenpeace.org/"/>
-  <rule from="^http://(secured|secureusa|donate)\.greenpeace\.org/" to="https://$1.greenpeace.org/"/>
-</ruleset>
\ No newline at end of file
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://moon.greenpeace.org/ => https://moon.greenpeace.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.moon.greenpeace.org/ => https://www.moon.greenpeace.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	Other Greanpeace rulesets:
+
+		- Greenpeace.de.xml
+		- Greenpeace-Energy.de.xml
+		- Greenpeace-Jugend.de.xml
+		- Greenpeace-Magazin.de.xml
+		- Planet-energy.de.xml
+
+
+	Nonfunctional hosts in *greenpeace.org:
+
+		- ^ ¹
+		- m ²
+		- www ²
+
+	¹ Dropped
+	² 503
+
+-->
+<ruleset name="greenpeace.org (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="act.greenpeace.org"/>
+	<target host="donate.greenpeace.org"/>
+	<target host="energydesk.greenpeace.org"/>
+	<target host="greenwire.greenpeace.org"/>
+	<target host="static.greenwire.greenpeace.org"/>
+	<target host="moon.greenpeace.org"/>
+	<target host="www.moon.greenpeace.org"/>
+	<target host="secured.greenpeace.org"/>
+	<target host="secureusa.greenpeace.org"/>
+	<target host="workfor.greenpeace.org"/>
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Greentech-Media.xml b/src/chrome/content/rules/Greentech-Media.xml
index 0fac1407f756..9e3b9df6e687 100644
--- a/src/chrome/content/rules/Greentech-Media.xml
+++ b/src/chrome/content/rules/Greentech-Media.xml
@@ -1,13 +1,27 @@
+<!--
+	CDN buckets:
+
+		- dqbasmyouzti2.cloudfront.net
+
+
+	Mixed content:
+
+		- favicon from $self *
+
+		- Web bug from $self *
+
+	* Secured by us
+
+-->
 <ruleset name="Greentech Media">
 
 	<target host="greentechmedia.com" />
 	<target host="www.greentechmedia.com" />
 
 
-	<securecookie host="^www\.greentechmedia\.com$" name=".*" />
+	<securecookie host="^www\.greentechmedia\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?greentechmedia\.com/"
-		to="https://$1greentechmedia.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/GreenvilleOnline.com.xml b/src/chrome/content/rules/GreenvilleOnline.com.xml
index 17b76ddfd94c..8b4970c477d6 100644
--- a/src/chrome/content/rules/GreenvilleOnline.com.xml
+++ b/src/chrome/content/rules/GreenvilleOnline.com.xml
@@ -37,10 +37,11 @@
 <ruleset name="GreenvilleOnline.com">
 
 	<target host="greenvilleonline.com" />
-	<target host="*.greenvilleonline.com" />
+	<target host="cmsimg.greenvilleonline.com" />
+	<target host="www.greenvilleonline.com" />
 
 
 	<rule from="^http://(?:cmsimg\.|www\.)?greenvilleonline\.com/"
 		to="https://www.greenvilleonline.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Greenwood.org.xml b/src/chrome/content/rules/Greenwood.org.xml
new file mode 100644
index 000000000000..842e266421ef
--- /dev/null
+++ b/src/chrome/content/rules/Greenwood.org.xml
@@ -0,0 +1,33 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- greenwood.org
+		- www.greenwood.org
+
+
+	Mixed content:
+
+		- Images on www from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Greenwood.org" default_off="expired">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="greenwood.org" />
+	<target host="www.greenwood.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?greenwood\.org$$" name="^bb2_screener$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Grenet.fr.xml b/src/chrome/content/rules/Grenet.fr.xml
new file mode 100644
index 000000000000..2d97a90c5dc3
--- /dev/null
+++ b/src/chrome/content/rules/Grenet.fr.xml
@@ -0,0 +1,50 @@
+<!--
+	Nonfunctional subdomains:
+
+		- annuaire ¹
+		- caris ²
+		- nomadisme ¹
+		- simsu ¹
+
+	¹ Dropped
+	² Refused
+
+
+	Partially covered subdomains:
+
+		- cicg *
+		- www *
+
+	* Avoiding broken MCB
+
+
+	Fully covered subdomains:
+
+		- cas-inp
+		- cas-uds
+		- proxagalan
+		- vpn
+		- vpn\d
+
+
+	^grenet.fr doesn't exist.
+
+
+	Mixed content:
+
+		- iframes on cicg, www from cicg
+
+-->
+<ruleset name="Grenet.fr (partial)">
+
+	<target host="*.grenet.fr" />
+		<!--
+			Avoid broken MCB:
+						-->
+		<exclusion pattern="^http://(?:cicg|www)\.grenet\.fr/+(?!charte/|favicon\.ico)" />
+
+
+	<rule from="^http://(cas-(?:inp|uds)|cicg|proxagalan|vpn\d?|www)\.grenet\.fr/"
+		to="https://$1.grenet.fr/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Grenoble-INP.fr.xml b/src/chrome/content/rules/Grenoble-INP.fr.xml
new file mode 100644
index 000000000000..f08d2604d0d7
--- /dev/null
+++ b/src/chrome/content/rules/Grenoble-INP.fr.xml
@@ -0,0 +1,28 @@
+<!--
+	Nonfunctional subdomains:
+
+		- (www.)? *
+		- ensimag *
+		- intranet *
+		- presse *
+
+	* Refused
+
+
+	Fully covered subdomains:
+
+		- applicationform
+		- edt
+		- emploi-du-temps
+
+-->
+<ruleset name="Grenoble-INP.fr (partial)">
+
+	<target host="applicationform.grenoble-inp.fr" />
+	<target host="edt.grenoble-inp.fr" />
+	<target host="emploi-du-temps.grenoble-inp.fr" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GrepBugs.com.xml b/src/chrome/content/rules/GrepBugs.com.xml
new file mode 100644
index 000000000000..fb81ed8aa272
--- /dev/null
+++ b/src/chrome/content/rules/GrepBugs.com.xml
@@ -0,0 +1,28 @@
+<!--
+	Insecure cookies are set for these domains and hosts:
+
+		- truefactor.io
+		- .truefactor.io
+		- www.truefactor.io
+
+-->
+<ruleset name="GrepBugs.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="grepbugs.com" />
+	<target host="www.grepbugs.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?grepbugs\.com$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^\.grepbugs\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Greplin.com.xml b/src/chrome/content/rules/Greplin.com.xml
deleted file mode 100644
index d938078b8c70..000000000000
--- a/src/chrome/content/rules/Greplin.com.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!-- This rule was automatically generated based on an HSTS
-     preload rule in the Chromium browser.  See 
-     https://src.chromium.org/viewvc/chrome/trunk/src/net/base/transport_security_state.cc
-     for the list of preloads.  Sites are added to the Chromium HSTS
-     preload list on request from their administrators, so HTTPS should
-     work properly everywhere on this site.
- 
-     Because Chromium and derived browsers automatically force HTTPS for
-     every access to this site, this rule applies only to Firefox. -->
-<ruleset name="Greplin.com" platform="firefox">
-  <target host="greplin.com" />
-  <target host="www.greplin.com" />
-  
-  <securecookie host="^greplin\.com$" name=".+" />
-  <securecookie host="^www\.greplin\.com$" name=".+" />
-
-  <rule from="^http://(www\.)?greplin\.com/" to="https://www.greplin.com/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Grepular.xml b/src/chrome/content/rules/Grepular.xml
deleted file mode 100644
index 46ceb1050f47..000000000000
--- a/src/chrome/content/rules/Grepular.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="Grepular">
-  <target host="www.grepular.com" />
-  <target host="secure.grepular.com" />
-  <target host="grepular.com" />
-
-  <rule from="^http://(?:www\.|secure\.)?grepular\.com/" to="https://grepular.com/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/Gresille.org.xml b/src/chrome/content/rules/Gresille.org.xml
new file mode 100644
index 000000000000..8c7783666a28
--- /dev/null
+++ b/src/chrome/content/rules/Gresille.org.xml
@@ -0,0 +1,19 @@
+<ruleset name="Gresille.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="gresille.org" />
+	<target host="listes.gresille.org" />
+	<target host="webmail.gresille.org" />
+	<target host="compte.gresille.org" />
+	<target host="atelier.gresille.org" />
+	<target host="www.gresille.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Greyhole.net.xml b/src/chrome/content/rules/Greyhole.net.xml
new file mode 100644
index 000000000000..98720a15b71c
--- /dev/null
+++ b/src/chrome/content/rules/Greyhole.net.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .greyhole.net
+
+-->
+<ruleset name="Greyhole.net">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="greyhole.net" />
+	<target host="www.greyhole.net" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.whitehathouston\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.whitehathouston\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Greyhound.com.xml b/src/chrome/content/rules/Greyhound.com.xml
new file mode 100644
index 000000000000..5eeb53075cb1
--- /dev/null
+++ b/src/chrome/content/rules/Greyhound.com.xml
@@ -0,0 +1,14 @@
+<ruleset name="Greyhound">
+        <target host="greyhound.com" />
+        <target host="www.greyhound.com" />
+        <target host="greyhound.ca" />
+        <target host="www.greyhound.ca" />
+        <target host="greyhound.com.mx" />
+        <target host="www.greyhound.com.mx" />
+        <target host="mobile.greyhound.com" />
+
+        <rule from="^http://greyhound\.com\.mx/"
+                to="https://www.greyhound.com.mx/" />
+        <rule from="^http:"
+                to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Greystripe.com.xml b/src/chrome/content/rules/Greystripe.com.xml
index c3f8b3738e26..41a6d7fff52a 100644
--- a/src/chrome/content/rules/Greystripe.com.xml
+++ b/src/chrome/content/rules/Greystripe.com.xml
@@ -1,13 +1,13 @@
 <ruleset name="Greystripe.com" default_off="akamai cert">
 
 	<target host="greystripe.com" />
-	<target host="*.greystripe.com" />
+	<target host="www.greystripe.com" />
+	<target host="c.greystripe.com" />
 
 
 	<rule from="^http://(?:www\.)?greystripe\.com/"
 		to="https://www.greystripe.com/" />
 
-	<rule from="^http://c\.greystripe\.com/"
-		to="https://c.greystripe.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Grid5000.fr.xml b/src/chrome/content/rules/Grid5000.fr.xml
new file mode 100644
index 000000000000..198da95ad71d
--- /dev/null
+++ b/src/chrome/content/rules/Grid5000.fr.xml
@@ -0,0 +1,13 @@
+<!--
+	^grid5000.fr doesn't exist.
+
+-->
+<ruleset name="Grid5000.fr">
+
+	<target host="api.grid5000.fr" />
+	<target host="www.grid5000.fr" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Gridcoin.us.xml b/src/chrome/content/rules/Gridcoin.us.xml
new file mode 100644
index 000000000000..22540efa21bd
--- /dev/null
+++ b/src/chrome/content/rules/Gridcoin.us.xml
@@ -0,0 +1,39 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://pool.gridcoin.us/ => https://pool.gridcoin.us/: (28, 'Connection timed out after 20001 milliseconds')
+
+	Nonfunctional subdomains:
+
+		- download ¹
+		- wiki ²
+
+	¹ Handshake fails
+	² Shows default page
+
+
+	Fully covered subdomains:
+
+		- (www.)?
+		- pool
+
+		-
+	Mixed content:
+
+		- css on (www.)? from fonts.googleapis.com *
+		- Flash on (www.)? from f.vimeocdn.com ²
+		- Image on pool from www *
+
+	² Rule disabled by default
+
+-->
+<ruleset name="Gridcoin.us (partial)" default_off="failed ruleset test">
+
+	<target host="gridcoin.us" />
+	<target host="pool.gridcoin.us" />
+	<target host="www.gridcoin.us" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Gridserver.com.xml b/src/chrome/content/rules/Gridserver.com.xml
new file mode 100644
index 000000000000..57818ab04a0a
--- /dev/null
+++ b/src/chrome/content/rules/Gridserver.com.xml
@@ -0,0 +1,20 @@
+<!--
+	For other MediaTemple coverage, see MediaTemple.xml.
+
+-->
+<ruleset name="Gridserver.com" default_off="Needs ruleset tests">
+
+	<target host="gridserver.com" />
+	<target host="*.gridserver.com" />
+
+
+	<!--	e.g.
+		s69107.gridserver.com/wp-content/themes/pixel/img/interface/88x31.png
+					-->
+	<rule from="^http://(s\d+\.)?gridserver\.com/"
+		to="https://$1gridserver.com/" />
+
+		<test url="http://s97095.gridserver.com/us/am_days.jpg" />
+		<test url="http://s97095.gridserver.com/us/am_days_az.jpg" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Gridz_Direct.com-falsemixed.xml b/src/chrome/content/rules/Gridz_Direct.com-falsemixed.xml
new file mode 100644
index 000000000000..17fc0265bc0b
--- /dev/null
+++ b/src/chrome/content/rules/Gridz_Direct.com-falsemixed.xml
@@ -0,0 +1,15 @@
+<!--
+	For rules not causing false/broken MCB, see Gridz_Direct.com.xml.
+
+-->
+<ruleset name="Gridz Direct.com (false MCB)" default_off="handshake failure" platform="mixedcontent">
+
+	<target host="www.gridzdirect.com" />
+
+
+	<securecookie host="^\.(?:www\.)?gridzdirect\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Griffith-University.xml b/src/chrome/content/rules/Griffith-University.xml
index af166795b0d1..d62c1962c788 100644
--- a/src/chrome/content/rules/Griffith-University.xml
+++ b/src/chrome/content/rules/Griffith-University.xml
@@ -1,15 +1,22 @@
 <ruleset name="Griffith University">
 
 	<target host="griffith.edu.au" />
-	<target host="*.griffith.edu.au" />
-	<target host="*.secure.griffith.edu.au" />
+	<target host="www.griffith.edu.au" />
+	<target host="ias.griffith.edu.au" />
+	<target host="learning.griffith.edu.au" />
+	<target host="intranet.secure.griffith.edu.au" />
+	<target host="learning.secure.griffith.edu.au" />
+	<target host="portal.secure.griffith.edu.au" />
+	<target host="www3.secure.griffith.edu.au" />
+	<target host="intranet.griffith.edu.au" />
+	<target host="www3.griffith.edu.au" />
 
 
-	<securecookie host="^www3\.secure\.griffith\.edu\.au$" name=".*" />
+	<securecookie host="^www3\.secure\.griffith\.edu\.au$" name=".+" />
 
 
 	<!--	Cert only matches www.	-->
-	<rule from="^https?://griffith\.edu\.au/"
+	<rule from="^http://griffith\.edu\.au/"
 		to="https://www.griffith.edu.au/" />
 
 	<!--
@@ -36,12 +43,12 @@
 		to="https://$1.griffith.edu.au/" />
 
 	<!--	Cert only matches intranet.secure	-->
-	<rule from="^https?://intranet\.griffith\.edu\.au/"
+	<rule from="^http://intranet\.griffith\.edu\.au/"
 		to="https://intranet.secure.griffith.edu.au/" />
 
 	<!--	At least /$ throws 500.
 					-->
-	<rule from="^https?://www3\.griffith\.edu\.au/(03/ertiki|schema)/"
+	<rule from="^http://www3\.griffith\.edu\.au/(03/ertiki|schema)/"
 		to="https://www3.secure.griffith.edu.au/$1/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Grinnell_College.xml b/src/chrome/content/rules/Grinnell_College.xml
index e105eee189ee..b0a3c891cb86 100644
--- a/src/chrome/content/rules/Grinnell_College.xml
+++ b/src/chrome/content/rules/Grinnell_College.xml
@@ -2,10 +2,7 @@
 	Nonfunctional subdomains:
 
 		- athdb			(replies with http)
-		- catalog		(shows www.acalogadmin.com; mismatched, CN: *.acalogadmin.com)
-		- perecruiting.cs
 		- pdid			(times out)
-		- pioneers
 		- schedule25wb		(times out)
 		- (www.)web
 		- wm
@@ -15,9 +12,12 @@
 	Problematic subdomains:
 
 		- ^		(times out)
-		- www.cs	(works; expired 2010-08-17, self-signed)
 		- drupal	(works, mismatched, CN: www.cs.grinnell.edu)
 		- www.cat.lib	(cert only matches ^cat.lib)
+		- db		(cert only matches ^itwebapps)
+		- www.math	(cert only matches ^www.cs)
+		- magazine	(bad cert domain)
+		- *.grin.edu	(bad cert domain)
 
 
 	Partially covered subdomains:
@@ -27,37 +27,53 @@
 
 	Fully covered subdomains:
 
-		- autodiscover
 		- bookstore
-		- db
 		- digital
 		- help
 		- imap
 		- itwebapps
 		- (www.)cat.lib		(www → ^)
 		- libweb
-		- loggia
 		- mail
 		- webmail
+		- www.cs
 
 -->
 <ruleset name="Grinnell College (partial)">
 
 	<target host="grinnell.edu" />
-	<target host="*.grinnell.edu" />
-
+	<target host="www.grinnell.edu" />
+	<target host="admission.grinnell.edu" />
+	<target host="alumni.grinnell.edu" />
+	<target host="appdev.grinnell.edu" />
+	<target host="bookstore.grinnell.edu" />
+	<target host="catalog.grinnell.edu" />
+	<target host="cat.lib.grinnell.edu" />
+	<target host="www.cs.grinnell.edu" />
+	<target host="digital.grinnell.edu" />
+	<target host="ebill.grinnell.edu" />
+	<target host="help.grinnell.edu" />
+	<target host="imap.grinnell.edu" />
+	<target host="itwebapps.grinnell.edu" />
+	<target host="libweb.grinnell.edu" />
+	<target host="mail.grinnell.edu" />
+	<target host="m.catalog.grinnell.edu" />
+	<target host="pioneers.grinnell.edu" />
+	<target host="selfservice.grinnell.edu" />
+	<target host="sga.grinnell.edu" />
+	<target host="sites.grinnell.edu" />
+	<target host="*.sites.grinnell.edu" />
+		<test url="http://gciel.sites.grinnell.edu/" />
+		<test url="http://dasil.sites.grinnell.edu/" />
+		<test url="http://wilsonspark.sites.grinnell.edu/" />
+		<test url="http://comm.sites.grinnell.edu/" />
+		<test url="http://makerlab.sites.grinnell.edu/" />
+	<target host="wa3.grinnell.edu" />
 
 	<!--securecookie host="^\.grinnell\.edu$" name="^SESS\w{32}$" /-->
-	<securecookie host="^(?:\.?bookstore|db|\.?digital|help|cat\.lib|mail)\.grinnell\.edu$" name=".+" />
-
-
-	<rule from="^https?://(?:www\.)?grinnell\.edu/(files/|includes/|misc/|sites/)"
-		to="https://www.grinnell.edu/$1" />
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(autodiscover|db|digital|help|imap|itwebapps|libweb|loggia|mail)\.grinnell\.edu/"
-		to="https://$1.grinnell.edu/" />
 
-	<rule from="^https?://(?:www\.)?cat\.lib\.grinnell\.edu/"
-		to="https://cat.lib.grinnell.edu/" />
+        <rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Gris.ca.xml b/src/chrome/content/rules/Gris.ca.xml
new file mode 100644
index 000000000000..4540ead2085c
--- /dev/null
+++ b/src/chrome/content/rules/Gris.ca.xml
@@ -0,0 +1,7 @@
+<ruleset name="Gris.ca" platform="mixedcontent">
+	<target host="gris.ca" />
+	<target host="www.gris.ca" />
+	<target host="membres.gris.ca" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Grit_Digital.co.uk.xml b/src/chrome/content/rules/Grit_Digital.co.uk.xml
new file mode 100644
index 000000000000..db06e9e740a0
--- /dev/null
+++ b/src/chrome/content/rules/Grit_Digital.co.uk.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- gritdigital.co.uk
+		- www.gritdigital.co.uk
+
+-->
+<ruleset name="Grit Digital.co.uk">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="gritdigital.co.uk" />
+	<target host="www.gritdigital.co.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?gritdigital\.co\.uk$" name="^wfvt_\d+$" /-->
+
+	<securecookie host="^(?:www\.)?gritdigital\.co\.uk$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Grnh.se.xml b/src/chrome/content/rules/Grnh.se.xml
new file mode 100644
index 000000000000..8ade73ab5f3d
--- /dev/null
+++ b/src/chrome/content/rules/Grnh.se.xml
@@ -0,0 +1,29 @@
+<!--
+	For other Greenhouse coverage, see Greenhouse.io.xml.
+
+
+	CDN buckets:
+
+		- prod-greenhouse.herokuapp.com
+
+			- www.grnh.se
+
+
+	Problematic domains:
+
+		- www.grnh.se *
+
+	* Works; mismatched, CN: *.herokuapp.com
+
+-->
+<ruleset name="Grnh.se" default_off="mismatched">
+
+	<target host="www.grnh.se" />
+
+
+	<securecookie host="^www\.grnh\.se$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Grocery_Server.com.xml b/src/chrome/content/rules/Grocery_Server.com.xml
new file mode 100644
index 000000000000..7e59593d955d
--- /dev/null
+++ b/src/chrome/content/rules/Grocery_Server.com.xml
@@ -0,0 +1,31 @@
+<!--
+	Nonfunctional subdomains:
+
+		- corp		(404; mismatched, CN: www.graphicurrystore.com)
+
+
+	Problematic subdomains:
+
+		- wanderful	(works; mismatched, CN: www.groceryserver.com)
+
+
+	Fully covered subdomains:
+
+		- (www.)
+		- wanderful	(→ ^)
+
+-->
+<ruleset name="Grocery Server.com (partial)">
+
+	<target host="groceryserver.com" />
+	<target host="wanderful.groceryserver.com" />
+	<target host="www.groceryserver.com" />
+
+
+	<securecookie host="^(?:www\.)?groceryserver\.com$" name=".+" />
+
+
+	<rule from="^http://(?:wanderful\.|(www\.))?groceryserver\.com/"
+		to="https://$1groceryserver.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GroenLinks.nl.xml b/src/chrome/content/rules/GroenLinks.nl.xml
new file mode 100644
index 000000000000..a29f2b329dea
--- /dev/null
+++ b/src/chrome/content/rules/GroenLinks.nl.xml
@@ -0,0 +1,38 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- groenlinks.nl
+		- klimaat.groenlinks.nl
+		- mijn.groenlinks.nl
+
+
+	Mixed content:
+
+		- Bug on mijn from statistieken.groenlinks.nl *
+
+	* Secured by us
+
+-->
+<ruleset name="GroenLinks.nl">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="groenlinks.nl" />
+	<target host="klimaat.groenlinks.nl" />
+	<target host="mijn.groenlinks.nl" />
+	<target host="statistieken.groenlinks.nl" />
+	<target host="www.groenlinks.nl" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:klimaat\.)?groenlinks\.nl$" name="^SimpleSAMLSessionID$" /-->
+	<!--securecookie host="^mijn\.groenlinks\.nl$" name="^PHPSESSID$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Grok.org.uk.xml b/src/chrome/content/rules/Grok.org.uk.xml
index 73a6597dad72..1695a993abd9 100644
--- a/src/chrome/content/rules/Grok.org.uk.xml
+++ b/src/chrome/content/rules/Grok.org.uk.xml
@@ -5,7 +5,6 @@
 
 	<target host="lists.grok.org.uk"/>
 
-	<rule from="^http://lists\.grok\.org\.uk/"
-		to="https://lists.grok.org.uk/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Grok_Learning.com.xml b/src/chrome/content/rules/Grok_Learning.com.xml
new file mode 100644
index 000000000000..a15239e5d6f0
--- /dev/null
+++ b/src/chrome/content/rules/Grok_Learning.com.xml
@@ -0,0 +1,12 @@
+<!--
+	www.groklearning-cdn.com doesn't exist.
+
+-->
+<ruleset name="Grok Learning.com">
+
+	<target host="groklearning-cdn.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Grooveshark.xml b/src/chrome/content/rules/Grooveshark.xml
deleted file mode 100644
index 69243f707561..000000000000
--- a/src/chrome/content/rules/Grooveshark.xml
+++ /dev/null
@@ -1,33 +0,0 @@
-<!--
-	Nonfunctional:
-
-		- blog.grooveshark.com		(hosted on Tumblr)
-		- developer.grooveshark.com	(cert valid; shows Apache test page)
-		- statichelp.grooveshark.com	(ditto)
-
-
-	Some of help.grooveshark.com is handled in Salesforce.com-clients.xml.
-
--->
-<ruleset name="Grooveshark (broken)" default_off="broken">
-
-	<target host="grooveshark.com" />
-	<target host="*.grooveshark.com" />
-	<target host="static.a.gs-cdn.net" />
-
-
-	<!--	Note: Data differs between !www & www.	-->
-	<rule from="^http://(www\.)?grooveshark\.com/(about$|artists$|careers$|causes$|favicon\.ico|help$|JSQueue\.swf|legal$|press$|webincludes/)"
-		to="https://$1grooveshark.com/$2" />
-
-	<rule from="^https?://help\.grooveshark\.com/favicon\.(ico|png)"
-		to="https://deskcontent.s3.amazonaws.com/favicon.$1" />
-
-	<rule from="^http://(listen|staticweb)\.grooveshark\.com/"
-		to="https://$1.grooveshark.com/" />
-
-	<!--	Doesn't work over https.	-->
-	<rule from="^https?://static\.a\.gs-cdn\.net/"
-		to="https://grooveshark.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Groton.org.xml b/src/chrome/content/rules/Groton.org.xml
index dbb593f7483a..8da03ff83f66 100644
--- a/src/chrome/content/rules/Groton.org.xml
+++ b/src/chrome/content/rules/Groton.org.xml
@@ -1,7 +1,27 @@
+<!--
+	Refused:
+		groton.org
+
+	Invalid certificate:
+		blogs.groton.org
+		faculty.groton.org
+
+	Login required:
+		helpdesk.groton.org
+
+	Time out:
+		library.groton.org
+
+-->
 <ruleset name="Groton.org">
-  <target host="www.groton.org" />
-  <target host="groton.org" />
-  <rule from="^http://www\.groton\.org/" to="https://www.groton.org/"/>
-  <rule from="^http://groton\.org/" to="https://www.groton.org/"/>
+
+	<target host="groton.org" />
+	<target host="www.groton.org" />
+
+	<rule from="^http://groton\.org/"
+		to="https://www.groton.org/" />
+
+	<rule from="^http:" to="https:" />
+
 </ruleset>
 
diff --git a/src/chrome/content/rules/Groundspeak.com.xml b/src/chrome/content/rules/Groundspeak.com.xml
new file mode 100644
index 000000000000..e3ef5e627a45
--- /dev/null
+++ b/src/chrome/content/rules/Groundspeak.com.xml
@@ -0,0 +1,48 @@
+<!--
+	Other Groundspeak rulesets:
+
+		- Geocaching.com.xml
+
+
+	(www.)?groundspeak.com: Shows another domain
+
+
+	Fully covered hosts in *groundspeak.com:
+
+		- forums
+		- support
+
+
+	Insecure cookies are set for these hosts:
+
+		- forums.groundspeak.com
+		- support.groundspeak.com
+
+
+	Mixed content:
+
+		- Images on forums from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Groundspeak.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="forums.groundspeak.com" />
+	<target host="support.groundspeak.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^forums\.groundspeak\.com$" name="^session_id$" /-->
+	<!--securecookie host="^support\.groundspeak\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^(?:forums|support)\.groundspeak\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Group-Commerce.xml b/src/chrome/content/rules/Group-Commerce.xml
index 8b32784c2d93..06c18c0d77a9 100644
--- a/src/chrome/content/rules/Group-Commerce.xml
+++ b/src/chrome/content/rules/Group-Commerce.xml
@@ -1,14 +1,19 @@
-<!--	s3.amazonaws.com/gcs-assets/
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://admin.groupcommerce.com/ => https://admin.groupcommerce.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://admin.groupcommerce.com/ => https://admin.groupcommerce.com/: (28, 'Connection timed out after 10001 milliseconds')	s3.amazonaws.com/gcs-assets/
 
 	!functional:
 		- (www.)groupcommerce.com
 
 -->
-<ruleset name="Group Commerce (partial)">
+<ruleset name="Group Commerce (partial)" default_off="failed ruleset test">
 
 	<target host="admin.groupcommerce.com"/>
 
-	<rule from="^http://admin\.groupcommerce\.com/"
-		to="https://admin.groupcommerce.com/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/GroupLogic.xml b/src/chrome/content/rules/GroupLogic.xml
index 89bbc7d19d0c..0cbf9466fcce 100644
--- a/src/chrome/content/rules/GroupLogic.xml
+++ b/src/chrome/content/rules/GroupLogic.xml
@@ -1,4 +1,4 @@
-<!--	!functional subdomains:
+<!--
 		- blog		(cert: plesk; shows dotster.com default page)
 		- support
 -->
@@ -7,10 +7,9 @@
 	<target host="grouplogic.com"/>
 	<target host="www.grouplogic.com"/>
 
-	<securecookie host="^www\.grouplogic\.com$" name=".*"/>
+	<securecookie host="^www\.grouplogic\.com$" name=".+" />
 
 	<!--	cert !valid for !www	-->
-	<rule from="^http://(?:www\.)?grouplogic\.com/"
-		to="https://www.grouplogic.com/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Groupees.com.xml b/src/chrome/content/rules/Groupees.com.xml
new file mode 100644
index 000000000000..ed4bb475f6c5
--- /dev/null
+++ b/src/chrome/content/rules/Groupees.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="Groupees.com">
+	<target host="groupees.com" />
+	<target host="www.groupees.com" />
+	<target host="blog.groupees.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Grouper_Social_Club.com.xml b/src/chrome/content/rules/Grouper_Social_Club.com.xml
index 112590b66308..40f550369b18 100644
--- a/src/chrome/content/rules/Grouper_Social_Club.com.xml
+++ b/src/chrome/content/rules/Grouper_Social_Club.com.xml
@@ -1,21 +1,24 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://groupersocialclub.com.au/ => https://groupersocialclub.com.au/: (6, 'Could not resolve host: groupersocialclub.com.au')
+
 	CDN buckets:
 
 		- groupergram-photos.s3.amazonaws.com
 
 -->
-<ruleset name="Grouper Social Club.com">
+<ruleset name="Grouper Social Club.com" default_off="failed ruleset test">
 
 	<target host="groupersocialclub.com" />
-	<target host="*.groupersocialclub.com" />
 	<target host="groupersocialclub.com.au" />
-	<target host="*.groupersocialclub.com.au" />
+	<target host="www.groupersocialclub.com" />
+	<target host="www.groupersocialclub.com.au" />
 
 
 	<securecookie host="^(?:www)?\.groupersocialclub\.com(?:\.au)?$" name=".+" />
 
 
-	<rule from="^http://(www\.)?groupersocialclub\.com(\.au)?/"
-		to="https://$1groupersocialclub.com$2/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Groupon.com.br.xml b/src/chrome/content/rules/Groupon.com.br.xml
new file mode 100644
index 000000000000..a4d0b5948727
--- /dev/null
+++ b/src/chrome/content/rules/Groupon.com.br.xml
@@ -0,0 +1,42 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://groupon.com.br/ (200) => https://groupon.com.br/ (403)
+Non-2xx HTTP code: http://www.groupon.com.br/ (200) => https://www.groupon.com.br/ (403)
+
+	For other Groupon coverage, see Groupon.com.xml.
+
+
+	Fully covered hosts in *groupon.com.br:
+
+		- (www.)?
+		- uat
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .groupon.com.br
+		- www.groupon.com.br
+
+-->
+<ruleset name="Groupon.com.br" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="groupon.com.br" />
+	<target host="uat.groupon.com.br" />
+	<target host="www.groupon.com.br" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.groupon\.com\.br$" name="^(CID|b|division|p0|s)" /-->
+	<!--securecookie host="^www\.groupon\.com\.br$" name="^(homepage\.sid|pageId|user_sessions\.sid)$" /-->
+
+	<securecookie host="^(?:www)?\.groupon\.com\.br$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Groupon.com.xml b/src/chrome/content/rules/Groupon.com.xml
new file mode 100644
index 000000000000..e4cff7f980f6
--- /dev/null
+++ b/src/chrome/content/rules/Groupon.com.xml
@@ -0,0 +1,32 @@
+<!--
+	Other Groupon rulesets:
+		- Groupon.xml
+		- Groupon.com.br.xml
+		- Groupon.gr.xml
+		- Groupon_CDN.com.xml
+		- Groupon_Works.com.xml
+
+	Dropped:
+		- investor
+		- m
+-->
+
+<ruleset name="Groupon.com (partial)">
+	<target host="groupon.com" />
+	<target host="www.groupon.com" />
+	<target host="api.groupon.com" />
+	<target host="api-latam.groupon.com" />
+	<target host="engineering.groupon.com" />
+	<target host="grassroots.groupon.com" />
+	<target host="jobs.groupon.com" />
+	<target host="merchants.groupon.com" />
+	<target host="status.groupon.com" />
+	<target host="touch.groupon.com" />
+	<target host="test.uat.groupon.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+	<test url="http://merchants.groupon.com/assets/main_app/background.png" />
+</ruleset>
diff --git a/src/chrome/content/rules/Groupon.gr.xml b/src/chrome/content/rules/Groupon.gr.xml
new file mode 100644
index 000000000000..a32c5c6517fb
--- /dev/null
+++ b/src/chrome/content/rules/Groupon.gr.xml
@@ -0,0 +1,15 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://groupon.gr/ => https://groupon.gr/: (51, "SSL: no alternative certificate subject name matches target host name 'groupon.gr'")
+ This ruleset is experimental. If you experience problems please
+	 open an issue at https://github.com/kargig/https-everywhere -->
+
+<ruleset name="Groupon.gr" default_off="failed ruleset test">
+  <target host="groupon.gr" />
+  <target host="*.groupon.gr" />
+
+	<securecookie host=".+" name=".+" />
+
+  <rule from="^http://(\w+\.)?groupon\.gr/" to="https://$1groupon.gr/"/>
+</ruleset>
diff --git a/src/chrome/content/rules/Groupon.se.xml b/src/chrome/content/rules/Groupon.se.xml
index 3ad527c93a37..661e90483ff4 100644
--- a/src/chrome/content/rules/Groupon.se.xml
+++ b/src/chrome/content/rules/Groupon.se.xml
@@ -1,4 +1,10 @@
-<ruleset name="Groupon.se">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://groupon.se/ => https://www.groupon.se/: (51, "SSL: no alternative certificate subject name matches target host name 'www.groupon.se'")
+
+-->
+<ruleset name="Groupon.se" default_off="failed ruleset test">
   <target host="groupon.se" />
   <rule from="^http://groupon\.se/" to="https://www.groupon.se/"/>
   <rule from="^http://www\.groupon\.se/" to="https://www.groupon.se/"/>
diff --git a/src/chrome/content/rules/Groupon.xml b/src/chrome/content/rules/Groupon.xml
index f24946604910..79936e5aad18 100644
--- a/src/chrome/content/rules/Groupon.xml
+++ b/src/chrome/content/rules/Groupon.xml
@@ -1,10 +1,19 @@
-<ruleset name="Groupon DE/UK">
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://groupon.de/ (200) => https://www.groupon.de/ (403)
+Non-2xx HTTP code: http://groupon.co.uk/ (200) => https://www.groupon.co.uk/ (403)
+
+	For other Groupon coverage, see Groupon.com.xml.
+
+-->
+<ruleset name="Groupon DE/UK" default_off="failed ruleset test">
   <target host="groupon.de" />
   <target host="*.groupon.de" />
   <target host="groupon.co.uk" />
   <target host="*.groupon.co.uk" />
 
-  <exclusion pattern="^http://(news|jobs|blog)\.groupon\.co\.uk/"/>
+  <exclusion pattern="^http://(?:news|jobs|blog)\.groupon\.co\.uk/"/>
   <exclusion pattern="^http://action\.groupon\.de/"/>
   <rule from="^http://groupon\.(de|co\.uk)/" to="https://www.groupon.$1/"/>
   <rule from="^http://([^/:@\.]+)\.groupon\.(de|co\.uk)/" to="https://$1.groupon.$2/"/>
diff --git a/src/chrome/content/rules/Groupon_CDN.com.xml b/src/chrome/content/rules/Groupon_CDN.com.xml
new file mode 100644
index 000000000000..feeea6e14ea6
--- /dev/null
+++ b/src/chrome/content/rules/Groupon_CDN.com.xml
@@ -0,0 +1,20 @@
+<!--
+	For other Groupon coverage, see Groupon.com.xml.
+
+
+	Fully covered hosts in *grouponcdn.com:
+
+		- img
+
+-->
+<ruleset name="Groupon CDN.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="img.grouponcdn.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Groupon_Works.com.xml b/src/chrome/content/rules/Groupon_Works.com.xml
new file mode 100644
index 000000000000..6a10543678ef
--- /dev/null
+++ b/src/chrome/content/rules/Groupon_Works.com.xml
@@ -0,0 +1,21 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://grouponworks.com/ (200) => https://grouponworks.com/ (403)
+Non-2xx HTTP code: http://www.grouponworks.com/ (200) => https://www.grouponworks.com/ (403)
+
+	For other Groupon coverage, see Groupon.com.xml.
+
+-->
+<ruleset name="Groupon Works.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="grouponworks.com" />
+	<target host="www.grouponworks.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Groups.io.xml b/src/chrome/content/rules/Groups.io.xml
new file mode 100644
index 000000000000..3c1c59b6d23e
--- /dev/null
+++ b/src/chrome/content/rules/Groups.io.xml
@@ -0,0 +1,12 @@
+<ruleset name="Groups.io">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="groups.io" />
+	<target host="www.groups.io" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Grove.io.xml b/src/chrome/content/rules/Grove.io.xml
new file mode 100644
index 000000000000..b25f875277bd
--- /dev/null
+++ b/src/chrome/content/rules/Grove.io.xml
@@ -0,0 +1,16 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.grove.io/ => https://www.grove.io/: (60, 'SSL certificate problem: self signed certificate')
+
+-->
+<ruleset name="Grove.io" default_off="failed ruleset test">
+
+	<target host="grove.io" />
+	<target host="www.grove.io" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Grow_HQ.com.xml b/src/chrome/content/rules/Grow_HQ.com.xml
index fffc1e9d2442..e2a2ee1835b3 100644
--- a/src/chrome/content/rules/Grow_HQ.com.xml
+++ b/src/chrome/content/rules/Grow_HQ.com.xml
@@ -1,13 +1,20 @@
-<ruleset name="Grow HQ.com">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://growhq.com/ => https://growhq.com/: (35, 'Unknown SSL protocol error in connection to growhq.com:443 ')
+
+-->
+<ruleset name="Grow HQ.com" default_off="failed ruleset test">
 
 	<target host="growhq.com" />
-	<target host="*.growhq.com" />
+	<target host="app.growhq.com" />
+	<target host="s3.growhq.com" />
+	<target host="www.growhq.com" />
 
 
 	<securecookie host="^\.growhq\.com$" name=".+" />
 
 
-	<rule from="^http://((?:app|s3|www)\.)?growhq\.com/"
-		to="https://$1growhq.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Growery.xml b/src/chrome/content/rules/Growery.xml
index 05e9f81fcfde..4a4ca25a1b54 100644
--- a/src/chrome/content/rules/Growery.xml
+++ b/src/chrome/content/rules/Growery.xml
@@ -7,4 +7,4 @@
 	<rule from="^http://(www\.)?growery\.org/(bnr/|favicon\.www\.growery\.org\.ico|forum/(?:avatar|image|stylesheet)s/|images/|smarty/)"
 		to="https://$1growery.org/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/GrowthHackers.com.xml b/src/chrome/content/rules/GrowthHackers.com.xml
new file mode 100644
index 000000000000..f10800b2f079
--- /dev/null
+++ b/src/chrome/content/rules/GrowthHackers.com.xml
@@ -0,0 +1,37 @@
+<!--
+	Problematic hosts in *growthhackers.com:
+
+		- blog *
+
+	* Mismatched
+
+
+	These altnames don't exist:
+
+		- app.growthhackers.com
+
+
+	Insecure cookies are set for these hosts:
+
+		- growthhackers.com
+
+-->
+<ruleset name="GrowthHackers.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="growthhackers.com" />
+	<target host="www.growthhackers.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^growthhackers\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^growthhackers\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Grsm.io.xml b/src/chrome/content/rules/Grsm.io.xml
new file mode 100644
index 000000000000..7845f55cbbc3
--- /dev/null
+++ b/src/chrome/content/rules/Grsm.io.xml
@@ -0,0 +1,17 @@
+<!--
+	Wildcard certificate and DNS records:
+		- grsm.io
+-->
+
+<ruleset name="Grsm.io">
+	<target host="grsm.io" />
+	<target host="*.grsm.io" />
+		<test url="http://www.grsm.io/" />
+		<test url="http://a.grsm.io/" />
+		<test url="http://b.grsm.io/" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://([\w-]+\.)?grsm\.io/"
+		to="https://$1grsm.io/" />
+</ruleset>
diff --git a/src/chrome/content/rules/Grubstreet.com.xml b/src/chrome/content/rules/Grubstreet.com.xml
new file mode 100644
index 000000000000..edb1c0e03dc1
--- /dev/null
+++ b/src/chrome/content/rules/Grubstreet.com.xml
@@ -0,0 +1,47 @@
+<!--
+	Invalid:
+		e.grubstreet.com
+		stats.grubstreet.com
+		horizon.grubstreet.com		
+
+	Redirected:
+		client.grubstreet.com
+		chicago.grubstreet.com
+		losangeles.grubstreet.com
+		newyork.grubstreet.com
+		philadelphia.grubstreet.com
+		sanfrancisco.grubstreet.com
+
+	Refused:
+		grubstreet.com (non-www)
+		boston.grubstreet.com
+		chicago.grubstreet.com
+		losangeles.grubstreet.com
+		newyork.grubstreet.com
+		philadelphia.grubstreet.com
+		sanfrancisco.grubstreet.com
+-->
+<ruleset name="grubstreet.com">
+	<target host="grubstreet.com" />
+	<target host="www.grubstreet.com" />
+	<target host="boston.grubstreet.com" />
+	<target host="chicago.grubstreet.com" />
+	<target host="losangeles.grubstreet.com" />
+	<target host="newyork.grubstreet.com" />
+	<target host="philadelphia.grubstreet.com" />
+	<target host="sanfrancisco.grubstreet.com" />
+
+	<rule from="^http://boston\.grubstreet\.com/" to="https://www.grubstreet.com/" />
+	<rule from="^http://chicago\.grubstreet\.com/" to="https://www.grubstreet.com/" />
+	<rule from="^http://losangeles\.grubstreet\.com/" to="https://www.grubstreet.com/" />
+	<rule from="^http://newyork\.grubstreet\.com/" to="https://www.grubstreet.com/" />
+	<rule from="^http://philadelphia\.grubstreet\.com/" to="https://www.grubstreet.com/" />
+	<rule from="^http://sanfrancisco\.grubstreet\.com/" to="https://www.grubstreet.com/" />
+
+	<rule from="^http://grubstreet\.com/" to="https://www.grubstreet.com/" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
+
diff --git a/src/chrome/content/rules/GrunDigital.xml b/src/chrome/content/rules/GrunDigital.xml
index a03923253c48..7e9ecd2f2f17 100644
--- a/src/chrome/content/rules/GrunDigital.xml
+++ b/src/chrome/content/rules/GrunDigital.xml
@@ -1,11 +1,23 @@
-<ruleset name="GrünDigital" default_off="mismatch, self-signed">
+<!--
+	GrünDigital
+
+
+	Mixed content:
+
+		- Images from wiki.vorratsdatenspeicherung.de ¹
+		- Bug from i.creativecommons.org ²
+
+	¹ Rule disabled by default <= CAcert
+	² Secured by us
+
+-->
+<ruleset name="Gruen-Digital.de">
 
-	<!--	Cert: webserver.ispgateway.de	-->
 	<target host="gruen-digital.de" />
 	<target host="www.gruen-digital.de" />
 
 
-	<rule from="^https?://(?:www\.)?gruen-digital.de/"
-		to="https://gruen-digital.de/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Grupfoni.xml b/src/chrome/content/rules/Grupfoni.xml
index abc4542a09a1..241da0146c21 100644
--- a/src/chrome/content/rules/Grupfoni.xml
+++ b/src/chrome/content/rules/Grupfoni.xml
@@ -1,10 +1,8 @@
-<ruleset name="Grupfoni">
-  <target host="www.grupfoni.com" />
-  <target host="grupfoni.com" />
-  <target host="images.grupfoni.com" />
-
-  <securecookie host="^(.*\.)?grupfoni\.com$" name=".*" />
-
-  <rule from="^http://images\.grupfoni\.com/" to="https://images.grupfoni.com/" />
-  <rule from="^http://(www\.)?grupfoni\.com/" to="https://www.grupfoni.com/" />
-</ruleset>
\ No newline at end of file
+<ruleset name="Grupfoni">
+  <target host="www.grupfoni.com" />
+  <target host="grupfoni.com" />
+
+  <securecookie host=".+" name=".+" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Grupo-Triton.xml b/src/chrome/content/rules/Grupo-Triton.xml
index b32698328216..36be07f55925 100644
--- a/src/chrome/content/rules/Grupo-Triton.xml
+++ b/src/chrome/content/rules/Grupo-Triton.xml
@@ -1,15 +1,15 @@
-<ruleset name="Grupo Tritón" default_off="mismatch">
+<ruleset name="Grupo Tritón" default_off="mismatched">
 
 	<!--	Cert: *.gridserver.com		-->
 	<target host="grupotriton.com" />
 	<!--	* for cross-domain cookie.	-->
-	<target host="*.grupotriton.com" />
+	<target host="www.grupotriton.com" />
 
 
-	<securecookie host="^grupotriton\.com$" name=".*" />
+	<securecookie host="^grupotriton\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?grupotriton\.com/"
+	<rule from="^http://(?:www\.)?grupotriton\.com/"
 		to="https://grupotriton.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Grupo_Avante.org.xml b/src/chrome/content/rules/Grupo_Avante.org.xml
index e660e9160dd6..28f59eee303f 100644
--- a/src/chrome/content/rules/Grupo_Avante.org.xml
+++ b/src/chrome/content/rules/Grupo_Avante.org.xml
@@ -1,13 +1,4 @@
-<!--
-	Problematic subdomains:
-
-		- ^	(cert only matches www)
-
-
-	Expired 2013-09-27
-
--->
-<ruleset name="Grupo Avante.org" default_off="expired">
+<ruleset name="Grupo Avante.org">
 
 	<target host="grupoavante.org" />
 	<target host="www.grupoavante.org" />
@@ -16,7 +7,7 @@
 	<securecookie host="^www\.grupoavante\.org$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?grupoavante\.org/"
-		to="https://www.grupoavante.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Gs1ca.org.xml b/src/chrome/content/rules/Gs1ca.org.xml
new file mode 100644
index 000000000000..ed2fb233dce3
--- /dev/null
+++ b/src/chrome/content/rules/Gs1ca.org.xml
@@ -0,0 +1,20 @@
+<!--
+	Chain issue, missing intermediate:
+		- gemini.gs1ca.org
+
+	Timed out:
+		- lms.gs1ca.org
+-->
+
+<ruleset name="Gs1ca.org">
+	<target host="gs1ca.org" />
+	<target host="www.gs1ca.org" />
+	<target host="gs1dashboard.gs1ca.org" />
+	<target host="itemcentre.gs1ca.org" />
+	<target host="itemcertification.gs1ca.org" />
+	<target host="mygs1.gs1ca.org" />
+	<target host="services.gs1ca.org" />
+	<target host="thevault.gs1ca.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Gsfacket.se.xml b/src/chrome/content/rules/Gsfacket.se.xml
index f4e28f2128ff..91c9911f5ead 100644
--- a/src/chrome/content/rules/Gsfacket.se.xml
+++ b/src/chrome/content/rules/Gsfacket.se.xml
@@ -1,8 +1,29 @@
-<!-- gsfacket is a swedish labour union -->
+<!-- gsfacket is a swedish labour union
+
+	Problematic subdomains: 
+	
+		- Incomplete certificate chain:
+		
+			- bladet.gsfacket.se
+			- gsbox.gsfacket.se
+			- mail.gsfacket.se
+			- webmail.gsfacket.se
+
+		- Timout:
+		
+			- kaggen.gsfacket.se
+			- smtp.gsfacket.se
+
+		- http and https not returning same content:
+		
+			- beta.gsfacket.se
+			- office.gsfacket.se
+-->
 <ruleset name="Gsfacket.se">
 	<target host="gsfacket.se" />
 	<target host="www.gsfacket.se" />
-	<rule from="^http://gsfacket\.se/" to="https://www.gsfacket.se/"/>
-	<rule from="^http://www\.gsfacket\.se/" to="https://www.gsfacket.se/"/>
-</ruleset>
+	<target host="besok.gsfacket.se" />
+	<target host="enkat.gsfacket.se" />
 
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/Gsfn.us.xml b/src/chrome/content/rules/Gsfn.us.xml
index a2028e87f53d..c9a30f8f27b3 100644
--- a/src/chrome/content/rules/Gsfn.us.xml
+++ b/src/chrome/content/rules/Gsfn.us.xml
@@ -22,4 +22,4 @@
 	<rule from="^http://loader\.engage\.gsfn\.us/"
 		to="https://loader.engage.gsfn.us/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Gslug.org.xml b/src/chrome/content/rules/Gslug.org.xml
new file mode 100644
index 000000000000..b79be4d09d75
--- /dev/null
+++ b/src/chrome/content/rules/Gslug.org.xml
@@ -0,0 +1,15 @@
+<!--
+	Problematic domains:
+
+		- www ¹
+		- wiki ¹
+
+	¹: Mismatch
+-->
+<ruleset name="Gslug.org">
+	<target host="gslug.org" />
+	<target host="www.gslug.org" />
+
+	<rule from="^http://(www\.)?gslug\.org/"
+		to="https://gslug.org/" />
+</ruleset>
diff --git a/src/chrome/content/rules/Gsspcln.jp.xml b/src/chrome/content/rules/Gsspcln.jp.xml
new file mode 100644
index 000000000000..06f36799c6fe
--- /dev/null
+++ b/src/chrome/content/rules/Gsspcln.jp.xml
@@ -0,0 +1,16 @@
+<!--
+	Remark:
+	 - *.gsspcln.jp have a wildcard DNS and a wildcard certificate
+-->
+<ruleset name="Gsspcln.jp">
+	<target host="gsspcln.jp" />
+	<target host="*.gsspcln.jp" />
+
+		<test url="http://102355.gsspcln.jp/t/007/864/a1007864.js" />
+		<test url="http://1540.gsspcln.jp/sdk/t/1219.js" />
+		<test url="http://js.gsspcln.jp/l/jssdk_debug.js" />
+		<test url="http://js.gsspcln.jp/t/047/267/a1047267.js" />
+		<test url="http://js.gsspcln.jp/t/061/753/a1061753.js" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Gtimg.cn.xml b/src/chrome/content/rules/Gtimg.cn.xml
new file mode 100644
index 000000000000..c8d5a61155f6
--- /dev/null
+++ b/src/chrome/content/rules/Gtimg.cn.xml
@@ -0,0 +1,111 @@
+<!--
+	Timeout
+		- appqt.gtimg.cn
+		- bj.chaogu.gtimg.cn
+		- data.gtimg.cn
+		- comdata.finance.gtimg.cn
+		- hb.gtimg.cn
+		- img.gtimg.cn
+		- push(\d).gtimg.cn
+		- qt.gtimg.cn
+		- soso(\d).gtimg.cn
+		- smartbox.gtimg.cn
+		- sqt.gtimg.cn
+		- stock.gtimg.cn
+
+	Mismatch
+		- dp.gtimg.cn
+		- ifzq.gtimg.cn
+		- news(2)?.gtimg.cn
+		- os.qzonestyle.gtimg.cn
+		- vac.gtimg.cn
+		- vacpub.gtimg.cn
+-->
+
+<ruleset name="gtimg.cn (partial)">
+	<!--	MCB at some page. e.g:	https://imgcache.gtimg.cn/channel/-->
+	<target host="i.gtimg.cn" />
+		<exclusion pattern="^http://i\.gtimg\.cn/$" />
+	<target host="imgcache.gtimg.cn" />
+		<exclusion pattern="^http://imgcache\.gtimg\.cn/$" />
+	<target host="cm.imgcache.gtimg.cn" />
+		<exclusion pattern="^http://cm\.imgcache\.gtimg\.cn/$" />
+	<target host="cn.imgcache.gtimg.cn" />
+		<exclusion pattern="^http://cn\.imgcache\.gtimg\.cn/$" />
+	<target host="cnc.qzonestyle.gtimg.cn" />
+		<exclusion pattern="^http://cnc\.qzonestyle\.gtimg\.cn/$" />
+	<target host="ctc.qzonestyle.gtimg.cn" />
+		<exclusion pattern="^http://ctc\.qzonestyle\.gtimg\.cn/$" />
+	<target host="vm.gtimg.cn" />
+		<exclusion pattern="^http://vm\.gtimg\.cn/$" />
+	<target host="y.gtimg.cn" />
+		<exclusion pattern="^http://y\.gtimg\.cn/$" />
+	<rule from="^http://(i|imgcache|cm\.imgcache|cn\.imgcache|cnc\.qzonestyle|ctc\.qzonestyle|vm|y)\.gtimg\.cn/(.+)\.(css|html|jpg|pdf|png|swf)"
+		to="https://$1.gtimg.cn/$2.$3" />
+		<test url="http://i.gtimg.cn/tencentvideo_v1/vstyle/web/v3/style/base.css" />
+		<test url="http://i.gtimg.cn/bossweb/jifen/mobile/activity/20160224hhw.html" />
+		<test url="http://i.gtimg.cn/qqlive/images/usercenter/zhuijuzhongxin.jpg" />
+		<test url="http://i.gtimg.cn/club/themes/mobile/bq/2015/design_guide_2015.pdf" />
+		<test url="http://i.gtimg.cn/tencentvideo_v1/vstyle/web/v3/style/images/default_avatar.png" />
+		<test url="http://i.gtimg.cn/vipstyle/act/vip_130709_jsq/img/video.swf" />
+		<test url="http://imgcache.gtimg.cn/bossweb/jifen/mobile/activity/20160224hhw.html" />
+		<test url="http://imgcache.gtimg.cn/tencentvideo_v1/vstyle/web/v3/style/base.css?v=20160805" />
+		<test url="http://imgcache.gtimg.cn/qqlive/images/usercenter/zhuijuzhongxin.jpg" />
+		<test url="http://imgcache.gtimg.cn/club/themes/mobile/bq/2015/design_guide_2015.pdf" />
+		<test url="http://imgcache.gtimg.cn/tencentvideo_v1/vstyle/web/v3/style/images/default_avatar.png" />
+		<test url="http://imgcache.gtimg.cn/mediastyle/event/20131118_wechat/img/open_vip.swf" />
+		<test url="http://cm.imgcache.gtimg.cn/tencentvideo_v1/vstyle/web/v3/style/images/default_avatar.png" />
+		<test url="http://cn.imgcache.gtimg.cn/tencentvideo_v1/vstyle/web/v3/style/images/default_avatar.png" />
+		<test url="http://cnc.qzonestyle.gtimg.cn/tencentvideo_v1/vstyle/web/v3/style/base.css" />
+		<test url="http://ctc.qzonestyle.gtimg.cn/tencentvideo_v1/vstyle/web/v3/style/base.css" />
+		<test url="http://vm.gtimg.cn/tencentvideo_v1/vstyle/web/v3/style/base.css" />
+		<test url="http://y.gtimg.cn/tencentvideo_v1/vstyle/web/v3/style/base.css" />
+
+	<target host="ctc.i.gtimg.cn" />
+		<exclusion pattern="^http://ctc\.i\.gtimg\.cn/$" />
+	<rule from="^http://ctc\.i\.gtimg\.cn/(.+)\.swf"
+		to="https://ctc.i.gtimg.cn/$1.swf" />
+			<test url="http://ctc.i.gtimg.cn/qzone/space_item/orig/7/57639.swf" />
+			<test url="http://ctc.i.gtimg.cn/qzone/space_item/orig/11/57643.swf?id=www.qqjia.com&amp;type=.swf" />
+
+	<target host="discuz.gtimg.cn" />
+		<test url="http://discuz.gtimg.cn/cloud/scripts/discuz_tips.js" />
+	<target host="dzqun.gtimg.cn" />
+		<test url="http://dzqun.gtimg.cn/quan/scripts/widgets/follow.js" />
+	<target host="game.gtimg.cn" />
+	<target host="midas.gtimg.cn" />
+		<test url="http://midas.gtimg.cn/jifen_activity/105.html" />
+	<target host="mqq-imgcache.gtimg.cn" />
+		<test url="http://mqq-imgcache.gtimg.cn/res/mqq/hongbao/img/message_logo_100.png" />
+	<target host="pgdt.gtimg.cn" />
+	<rule from="^http://(discuz|dzqun|game|midas|mqq-imgcache|pgdt)\.gtimg\.cn/"
+		to="https://$1.gtimg.cn/" />
+
+	<target host="pwg.gtimg.cn" />
+	<target host="pwg0.gtimg.cn" />
+	<target host="pwg1.gtimg.cn" />
+	<target host="pwg2.gtimg.cn" />
+	<target host="pwg3.gtimg.cn" />
+	<rule from="^http://pwg(\d)?\.gtimg\.cn/"
+			to="https://pwg$1.gtimg.cn/" />
+
+	<!--	MCB : https://github.com/EFForg/https-everywhere/pull/4591	-->
+	<target host="qzonestyle.gtimg.cn" />
+		<exclusion pattern="^http://qzonestyle\.gtimg\.cn/$" />
+	<rule from="^http://qzonestyle\.gtimg\.cn/(.+)\.(css|jpg|js|ico|png|pdf|(doc|ppt|xls)x?|swf)"
+		to="https://qzonestyle.gtimg.cn/$1.$2" />
+		<test url="http://qzonestyle.gtimg.cn/qzone_v6/proj_qzonelogin/qzonelogin.css" />
+		<test url="http://qzonestyle.gtimg.cn/aoi/img/logo/favicon.ico" />
+		<test url="http://qzonestyle.gtimg.cn/open_proj/proj-hardware/img/index-new/video.jpg" />
+		<test url="http://qzonestyle.gtimg.cn/touch_proj/proj-pad-report/js/tcisd.js" />
+		<test url="http://qzonestyle.gtimg.cn/ac/qzfl/stat.js" />
+		<test url="http://qzonestyle.gtimg.cn/qzone_v6/proj_qzonelogin/sprite/qzonelogin-jan160520135013.png" />
+		<test url="http://qzonestyle.gtimg.cn/open_proj/gdt_gw/wiki/files/GDTadards.pdf" />
+		<test url="http://qzonestyle.gtimg.cn/open/zc/files/application_form.doc" />
+		<test url="http://qzonestyle.gtimg.cn/qzone/vas/opensns/res/doc/ylzzjs.ppt" />
+		<test url="http://qzonestyle.gtimg.cn/qzone/vas/opensns/res/doc/cdb_user_modify_var.xls" />
+		<test url="http://qzonestyle.gtimg.cn/open_proj/gdt_gw/cms/uploads/TXSJGGFWS20160307.docx" />
+		<test url="http://qzonestyle.gtimg.cn/open_proj/gdt_gw/wiki/files/aderszizhi.xlsx" />
+		<test url="http://qzonestyle.gtimg.cn/open_proj/gdt_gw/cms/uploads/zhanghuccrm2016.06.01.pptx" />
+		<test url="http://qzonestyle.gtimg.cn/qzone/space_item/boss_pic/2501_2017_3/1489738079535_62387.swf" />
+</ruleset>
diff --git a/src/chrome/content/rules/Gtimg.com.xml b/src/chrome/content/rules/Gtimg.com.xml
new file mode 100644
index 000000000000..f59ce3c62d21
--- /dev/null
+++ b/src/chrome/content/rules/Gtimg.com.xml
@@ -0,0 +1,103 @@
+<!--
+	MCB:
+		3366.gtimg.com
+
+	Mismatch:
+		a.map.gtimg.com
+-->
+
+<ruleset name="Gtimg.com">
+	<target host="3glogo.gtimg.com" />
+		<test url="http://3glogo.gtimg.com/wap30/info/info/img/space.png" />
+
+	<target host="888.gtimg.com" />
+		<!-- Find the test url in : https://888.qq.com/ -->
+		<test url="http://888.gtimg.com/new_js/info/marketing/statistics_fuc.js" />
+
+	<target host="ac.gtimg.com" />
+		<test url="http://ac.gtimg.com/media/images/pixel.gif" />
+		<test url="http://ac.gtimg.com/media/template/comic_copyright.doc" />
+
+	<target host="bqq.gtimg.com" />
+		<!-- Find the test url in : http://www.geetest.com/ -->
+		<test url="http://bqq.gtimg.com/da/i.js" />
+
+	<target host="cdnjs.gtimg.com" />
+		<test url="http://cdnjs.gtimg.com/cdnjs/libs/wxmoment/0.0.2/wxmoment.min.js" />
+
+	<target host="img1.gtimg.com" />
+		<test url="http://img1.gtimg.com/fashion/pics/hv1/112/200/1860/120997612.jpg" />
+		<test url="http://img1.gtimg.com/v_zy/pics/hv1/213/241/2116/137654568.jpg" />
+
+	<target host="img2.gtimg.com" />
+		<test url="http://img2.gtimg.com/change3/m4.swf" />
+
+	<target host="inews.gtimg.com" />
+		<test url="http://inews.gtimg.com/newsapp_ls/0/904011198_450330/0" />
+
+	<target host="pc1.gtimg.com" />
+		<test url="http://pc1.gtimg.com/js/jquery-1.4.4.min.js" />
+	<target host="pc2.gtimg.com" />
+	<target host="pc3.gtimg.com" />
+	<target host="pc4.gtimg.com" />
+	<target host="pc5.gtimg.com" />
+	<target host="pc6.gtimg.com" />
+
+	<target host="qgcdn0.gtimg.com" />
+	<target host="qgcdn1.gtimg.com" />
+		<test url="http://qgcdn1.gtimg.com/js2.0/qqconnect/gamevip_config.js" />
+	<target host="qgcdn2.gtimg.com" />
+	<target host="qgcdn3.gtimg.com" />
+
+	<target host="rt0.map.gtimg.com" />
+	<target host="rt1.map.gtimg.com" />
+	<target host="rt2.map.gtimg.com" />
+	<target host="rt3.map.gtimg.com" />
+
+	<target host="mat1.gtimg.com" />
+		<test url="http://mat1.gtimg.com/ent/qqent/xsdzd/xml/img.xml" />
+		<test url="http://mat1.gtimg.com/news/2012/zt/shenjiu/3d/index001.swf" />
+
+	<target host="qidian.gtimg.com" />
+
+	<target host="ra.gtimg.com" />
+		<test url="http://ra.gtimg.com/sc/vqq/crystal-min.js" />
+		<test url="http://ra.gtimg.com/web/default_fodders/qqliveweb/300x250_1.swf" />
+	<!--	MCB, detail: https://github.com/EFForg/https-everywhere/pull/4592	-->
+	<exclusion pattern="^http://ra\.gtimg\.com/\w+/\d+/\d+\.html?" />
+		<test url="http://ra.gtimg.com/adsame/1529616/1529616.html" />
+		<test url="http://ra.gtimg.com/icast/1452425/1452425.htm" />
+		<test url="http://ra.gtimg.com/uv/1664664/1664664.html" />
+		<test url="http://ra.gtimg.com/uv/1653884/1653884.html" />
+		<test url="http://ra.gtimg.com/smartcreative/1450634/1450634.htm" />
+
+	<target host="sta.gtimg.com" />
+		<test url="http://sta.gtimg.com/c/=/qd/css/cssreset.css" />
+
+	<target host="static.gtimg.com" />
+		<test url="http://static.gtimg.com/vd/act/2015/m_150527_jobs/tc_idc/music/laugh.aac" />
+		<test url="http://static.gtimg.com/vd/act/2015/m_150527_jobs/tc_idc/css/index.css" />
+		<test url="http://static.gtimg.com/vd/act/141226_inventory/css/style.css" />
+		<test url="http://static.gtimg.com/wechat/act/201433nvshengjie/img/img_2.jpg" />
+		<test url="http://static.gtimg.com/vd/act/2015/m_150527_jobs/tc_idc/js/all.js" />
+		<test url="http://static.gtimg.com/vd/act/141226_inventory/img/scrub.png" />
+		<test url="http://static.gtimg.com/vd/act/2015/m_150527_jobs/tc_idc/img/spt_tools.png" />
+	<!--	MCB:	-->
+	<exclusion pattern="^http://static\.gtimg\.com/.+\.html" />
+		<test url="http://static.gtimg.com/vd/act/141226_inventory/index.html" />
+		<test url="http://static.gtimg.com/vd/act/2015/m_0804_run/index.html" />
+		<test url="http://static.gtimg.com/icson/html/wx/mall/like.html" />
+		<test url="http://static.gtimg.com/vd/act/2015/m_150527_jobs/tc_idc/index.html" />
+
+	<target host="tr1.gtimg.com" />
+	<target host="tr2.gtimg.com" />
+	<target host="tr3.gtimg.com" />
+
+	<!-- Find the test url in : https://v.qq.com/ -->
+	<target host="ugcdl.video.gtimg.com" />
+
+	<target host="wximg.gtimg.com" />
+		<test url="http://wximg.gtimg.com/tmt/_events/promo/EyxiHkkq/html/index.html" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Gtk.org.xml b/src/chrome/content/rules/Gtk.org.xml
new file mode 100644
index 000000000000..218032edd166
--- /dev/null
+++ b/src/chrome/content/rules/Gtk.org.xml
@@ -0,0 +1,20 @@
+<!--
+	Nonfunctional hosts in *.gtk.org:
+		- beast.gtk.org (m)
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Gtk.org">
+	<target host="gtk.org" />
+	<target host="www.gtk.org" />
+	<target host="blog.gtk.org" />
+	<target host="ftp.gtk.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Gu.com.xml b/src/chrome/content/rules/Gu.com.xml
new file mode 100644
index 000000000000..9a069e909b2d
--- /dev/null
+++ b/src/chrome/content/rules/Gu.com.xml
@@ -0,0 +1,21 @@
+<!--
+	For other Guardian rulesets, see Guardian.xml.
+
+	Cert mismatch:
+		- api
+		- d
+
+	TimeOut:
+		- t
+-->
+<ruleset name="Gu.com">
+
+	<!--	Complications:
+				-->
+	<target host="gu.com" />
+	<target host="www.gu.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GuJ.de.xml b/src/chrome/content/rules/GuJ.de.xml
new file mode 100644
index 000000000000..a8e953e6dd1e
--- /dev/null
+++ b/src/chrome/content/rules/GuJ.de.xml
@@ -0,0 +1,8 @@
+<ruleset name="Gruner+ Jahr AG + Co KG" >
+	<!-- www redirects to plain-->
+	<target host="weblications.guj.de" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Guag.es.xml b/src/chrome/content/rules/Guag.es.xml
index b4829380b676..7c5faf6f7846 100644
--- a/src/chrome/content/rules/Guag.es.xml
+++ b/src/chrome/content/rules/Guag.es.xml
@@ -1,16 +1,44 @@
 <!--
 	For other GitHub coverage, see Github.xml.
 
+
+	get: Mismatched
+
+
+	Mixed content:
+
+		- css on get from fonts.googleapis.com *
+
+	* Secured by us
+
+
+	Insecure cookies are set for these hosts:
+
+		- gaug.es
+		- www.gaug.es
+
 -->
 <ruleset name="Guag.es (partial)">
 
-	<target host="*.gaug.es" />
+	<target host="gaug.es" />
+	<!--target host="get.gaug.es" /-->
+	<target host="secure.gaug.es" />
+	<target host="www.gaug.es" />
+
+		<!--exclusion pattern="^http://get\.gaug\.es/(?!theme/.*/stylesheets/images/favicon\.png$)" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?gaug\.es$" name="^eb_tracking_id$" /-->
+
+	<securecookie host="^(?:www\.)?gaug\.es$" name=".+" />
 
 
-	<rule from="^http://get\.gaug\.es/theme/.*/stylesheets/images/favicon\.png$"
-		to="https://secure.guag.es/favicon.png" />
+	<!--rule from="^http://get\.gaug\.es/theme/.*/stylesheets/images/favicon\.png$"
+		to="https://secure.guag.es/favicon.png" /-->
 
-	<rule from="^http://secure\.gaug\.es/"
-		to="https://secure.gaug.es/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Guaranibitcoin.com.xml b/src/chrome/content/rules/Guaranibitcoin.com.xml
new file mode 100644
index 000000000000..b02b8607bdb7
--- /dev/null
+++ b/src/chrome/content/rules/Guaranibitcoin.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="Guaranibitcoin.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="guaranibitcoin.com" />
+	<target host="www.guaranibitcoin.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Guarantorus_Loans.co.uk.xml b/src/chrome/content/rules/Guarantorus_Loans.co.uk.xml
new file mode 100644
index 000000000000..e985a4f8b810
--- /dev/null
+++ b/src/chrome/content/rules/Guarantorus_Loans.co.uk.xml
@@ -0,0 +1,13 @@
+<!--
+	NB: Server sends no certificate chain, see https://whatsmychaincert.com
+
+-->
+<ruleset name="Guarantorus Loans.co.uk" default_off="cert-chain">
+
+	<target host="guarantorusloans.co.uk" />
+	<target host="www.guarantorusloans.co.uk" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Guardian.co.tt.xml b/src/chrome/content/rules/Guardian.co.tt.xml
deleted file mode 100644
index 239dad513ddd..000000000000
--- a/src/chrome/content/rules/Guardian.co.tt.xml
+++ /dev/null
@@ -1,60 +0,0 @@
-<!--
-	Trinidad Guardian
-
-
-	Nonfunctional subdomains:
-
-		- adserver *
-		- subscriptions *
-
-	* Refused
-
-
-	Fully covered subdomains:
-
-		- (www.)
-
-
-	Mixed content:
-
-		- Script on www from www *
-		- Images on www from www *
-
-		- css, on www from:
-
-			- www *
-			- fonts.googleapis.com *
-
-		- Ads/web bugs, on www from:
-
-			- adserver **
-			- wibiya-june-new-log.conduit-data.com *
-			- pagead2.googlesyndication.com *
-			- www.linkedin.com *
-			- api.pinterest.com *
-			- platform.twitter.com *
-			- appcdn.wibiya.com **
-			- cdn.wibiya.com **
-
-	* Secured by us
-	** Unsecurable, but who cares
-
-
-	NB: We secure all resources apart from ads, and
-	thus platform should be removed with Ffx 24.
-
--->
-<ruleset name="Guardian.co.tt (false MCB)" platform="mixedcontent">
-
-	<target host="guardian.co.tt" />
-	<target host="*.guardian.co.tt" />
-
-
-	<!--securecookie host="^\.guardian\.co\.tt$" name="^(__cfduid|__utm\w)$" /-->
-	<securecookie host="^(?:www)?\.guardian\.co\.tt$" name=".+" />
-
-
-	<rule from="^http://(www\.)?guardian\.co\.tt/"
-		to="https://$1guardian.co.tt/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Guardian.xml b/src/chrome/content/rules/Guardian.xml
index af3fb71ac0ad..2de1b6265cc2 100644
--- a/src/chrome/content/rules/Guardian.xml
+++ b/src/chrome/content/rules/Guardian.xml
@@ -1,219 +1,97 @@
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://id.guardian.co.uk/ => https://id.guardian.co.uk/: (6, 'Could not resolve host: id.guardian.co.uk')
+Fetch error: http://witness.guardian.co.uk/ => https://witness.guardian.co.uk/: (6, 'Could not resolve host: witness.guardian.co.uk')
+
+	For other Guardian rulesets, see The_Guardian.com.xml.
+
+
 	CDN buckets:
 
+		- oase00824.247realmedia.com	← oas
 		- guardian.co.uk.112.2o7.net
-		- soulmates-614848966.eu-west-1.elb.amazonaws.com
-		- guardian-registration.s3.amazonaws.com
-		- n0tice-static.s3.amazonaws.com
-		- s3.amazonaws.com/soulmates/
-		- witness-static.s3.amazonaws.com
-		- combo.guim.co.uk.edgesuite.net
-		- resource.guim.co.uk.edgesuite.net
-		- static.guim.co.uk.edgesuite.net
 		- m.guardian.co.uk.global.prod.fastly.net
 		- syndication.guardian.co.uk.global.prod.fastly.net
 		- syndweb.guardian.co.uk.global.prod.fastly.net
 		- www.guardian.co.uk.global.prod.fastly.net
+		- ghs.googlehosted.com	← discussion.guardian.co.uk
+		- guardian.co.uk.d1.sc.omtrdc.net	← hits.guardian.co.uk
 
-		- discussion.guardianapis.com.c.footprint.net
-
-			- flxcon.guim.co.uk
-
-		- ssl-pasteup.guim.co.uk.c.footprint.net
-		- ssl-soulmates.guim.co.uk.c.footprint.net
-
-		- static-l3.guim.co.uk.c.footprint.net
-
-			- combo.guim.co.uk
-			- i.guim.co.uk
-			- id.guim.co.uk
-			- resource.guim.co.uk
-			- static.guim.co.uk
-
-		- cdn.theguardian.com.c.footprint.net
-
-			- cdn.theguardian.tv
-
-		- audio.theguardian.tv.c.footprint.net
-
-		- ghs.googlehosted.com
-
-			- discussion.guardian.co.uk
-
-		- guardian.co.uk.d1.sc.omtrdc.net
-
-			- hits.guardian.co.uk
-
-		- theguardian.com.d1.sc.omtrdc.net
-
-			- hits.theguardian.com
-
-		- partners.simplifydigital.co.uk
-
-			- www.guardiandigitalcomparison.co.uk
-
-
-	Nonfunctional domains:
-
-		- guardian.co.uk subdomains:
 
-			- ^ ¹
-			- discussion ²
-			- m ³
-			- syndication ³
-			- syndweb ³
-			- www ³
+	Nonfunctional hosts in *guardian.co.uk:
 
-		- discussion.guardianapis.com ¹
-		- www.guardiandigitalcomparison.co.uk ¹
+		- discussion *
 
-		- guim.co.uk subdomains:
+	* Handshake fails
 
-			- combo ¹
-			- flxcon ¹
-			- resource ¹
 
-		- theguardian.com subdomains:
+	Problematic hosts in *guardian.co.uk:
 
-			- ^ ¹
-			- discussion ²
-			- feeds		(refused)
-			- syndication ¹
-			- syndweb	(duplicate serial)
-			- www		(404; mismatched, CN: *.a.ssl.fastly.net)
-
-		- audio.theguardian.tv ¹
-		- cdn.theguardian.tv ¹
+		- ^ ¹
+		- download ²
+		- hits ²
+		- image ²
+		- m ²
+		- oas ²
+		- register ²
+		- soulmates ²
+		- syndication ³
+		- www ²
 
+	² Mismatched
 	¹ Dropped
-	² Interrupted
-	³ 404; mismatched, CN: *.a.ssl.fastly.net
-
-
-	Problematic domains:
-
-		- guardian.co.uk subdomains:
-
-			- download *
-			- hits			(mismatched, CN: *.d1.sc.omtrdc.net)
-			- image *
+	³ Refused
 
-		- guim.co.uk subdomains:
 
-			- i **
-			- id **
-			- static **
+	These altnames don't exist:
 
-		- hits.theguardian.com ***
+		- www.id.guardian.co.uk
+		- www.witness.guardian.co.uk
 
-	* Cert only matches (www.)image.guim.co.uk
-	** Dropped
-	*** Mismatched, CN: *.d1.sc.omtrdc.net
 
+	Insecure cookies are set for these domains:
 
-	Partially covered domains:
+		- .guardian.co.uk
 
-		- (www.)guardianbookshop.co.uk *
-		- \w+.guardianoffers.co.uk *		
-		- i.guim.co.uk			(→ image.guim.co.uk)
-
-	* Some [most?] pages redirect to http
-
-
-	Fully covered domains:
-
-		- guardian.co.uk subdomains:
+-->
+<ruleset name="Guardian.co.uk (partial)" default_off="failed ruleset test">
 
-			- download	(→ image.guim.co.uk)
-			- id
-			- image		(→ image.guim.co.uk)
-			- oas
-			- register
-			- soulmates
+	<!--	Direct rewrites:
+				-->
+	<target host="id.guardian.co.uk" />
+	<target host="witness.guardian.co.uk" />
 
-		- (www.)guardianeatright.co.uk
+	<!--	Complications:
+				-->
+	<target host="download.guardian.co.uk" />
+	<target host="hits.guardian.co.uk" />
+	<target host="image.guardian.co.uk" />
+	<target host="oas.guardian.co.uk" />
+	<target host="register.guardian.co.uk" />
+	<target host="soulmates.guardian.co.uk" />
 
-		- guim.co.uk subdomains:
 
-			- id		(→ id.guardian.co.uk)
-			- (www.)image
-			- pasteup
-			- soulmates
-			- (www.)static	(→ image)
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.guardian\.co\.uk$" name="^OAX$" /-->
 
-		- theguardian.com subdomains:
+	<securecookie host="^\." name="^(?:NXCLICK2|OAX|s_.+s)$" />
+	<securecookie host="^(?:\w|\.witness\.)" name=".+" />
 
-			- hits		(→ theguardian-com.d1.sc.omtrdc.net)
-			- id
-			- oas
-			- register
-			- soulmates
-			- witness
 
--->
-<ruleset name="The Guardian (partial)">
-
-	<target host="*.guardian.co.uk" />
-	<target host="guardianbookshop.co.uk" />
-	<target host="www.guardianbookshop.co.uk" />
-		<!--
-			At least these pages still don't redirect to http (yet):
-
-				- checkout.do
-				- register.do
-							-->
-		<!--exclusion pattern="^http://(www\.)?guardianbookshop\.co\.uk/BerteShopWeb/(addToBasket|advancedSearch|customPage|home|showSubCategories|updateBasket|viewCategory|viewProduct)\.do" /-->
-	<target host="guardianeatright.co.uk" />
-	<target host="www.guardianeatright.co.uk" />
-	<target host="*.guardianoffers.co.uk" />
-	<target host="*.guim.co.uk" />
-	<target host="*.theguardian.com" />
-
-
-	<securecookie host="^\.guardian\.co\.uk$" name="^(?:NXCLICK2|OAX|s_.+s)$" />
-	<securecookie host="^(?:oas|soulmates|\.witness)\.guardian\.co\.uk$" name=".+" />
-	<securecookie host="^(?:.*\.)?guardianeatright\.co\.uk$" name=".+" />
-	<!--
-		Tracking cookies set by oas.theguardian.com:
-								-->
-	<securecookie host="^\.theguardian\.com$" name="^(?:OAX|RMF[DH])$" />
-	<securecookie host="^(?:\.?id|oas|\.?soulmates|\.witness)\.theguardian\.com$" name=".+" />
-
-
-	<rule from="^http://www\.guardian\.co\.uk/favicon\.ico"
-		to="https://image.guim.co.uk/favicon.ico" />
-
-	<rule from="^http://(?:download|image|static)\.gu(?:ardian|im)\.co\.uk/"
+	<rule from="^http://(?:download|image)\.guardian\.co\.uk/"
 		to="https://image.guim.co.uk/" />
 
 	<rule from="^http://hits\.guardian\.co\.uk/"
-		to="https://guardian-co-uk.d1.sc.omtrdc.net/" />
-
-	<rule from="^http://(id|oas|register|soulmates|witness)\.guardian\.co\.uk/"
-		to="https://$1.guardian.co.uk/" />
-
-	<rule from="^http://(www\.)?guardianbookshop\.co\.uk/(?=BerteShopWeb/(?!(?:addToBasket|advancedSearch|customPage|home|showSubCategories|updateBasket|viewCategory|viewProduct)\.do)|images/)"
-		to="https://$1guardianbookshop.co.uk/" />
-
-	<rule from="^http://(www\.)?guardianeatright\.co\.uk/"
-		to="https://$1guardianeatright.co.uk/" />
-
-	<rule from="^http://(\w+)\.guardianoffers\.co\.uk/(?=AddtoBasket\.asp|checkout\.asp|(?:BrandImages|images|lib|ProductImages|scripts|SKUImages|styles)/)"
-		to="https://$1.guardianoffers.co.uk/" />
+		to="https://guardian.d1.sc.omtrdc.net/" />
 
-	<rule from="^http://i\.guim\.co\.uk/n/"
-		to="https://image.guim.co.uk/" />
-
-	<rule from="^http://id\.guim\.co\.uk/"
-		to="https://id.guardian.co.uk/" />
-
-	<rule from="^http://(pasteup|soulmates)\.guim\.co\.uk/"
-		to="https://$1.guim.co.uk/" />
+	<rule from="^http://oas\.guardian\.co\.uk/"
+		to="https://oase00824.247realmedia.com/" />
 
-	<rule from="^http://hits\.theguardian\.com/"
-		to="https://theguardian-com.d1.sc.omtrdc.net/" />
-
-	<rule from="^http://(id|oas|register|soulmates|witness)\.theguardian\.com/"
+	<rule from="^http://(register|soulmates)\.guardian\.co\.uk/"
 		to="https://$1.theguardian.com/" />
 
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/GuardianFX.com.xml b/src/chrome/content/rules/GuardianFX.com.xml
new file mode 100644
index 000000000000..822194270d89
--- /dev/null
+++ b/src/chrome/content/rules/GuardianFX.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="GuardianFX.com">
+	<target host="guardianfx.com" />
+	<target host="www.guardianfx.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/GuardianProject.xml b/src/chrome/content/rules/GuardianProject.xml
deleted file mode 100644
index e605247fb688..000000000000
--- a/src/chrome/content/rules/GuardianProject.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="Guardian Project">
-  <target host="guardianproject.info" />
-  <target host="www.guardianproject.info" />
-
-  <rule from="^http://(?:www\.)?guardianproject\.info/" to="https://guardianproject.info/"/>
-</ruleset>
-
diff --git a/src/chrome/content/rules/Guardian_Escapes.com.xml b/src/chrome/content/rules/Guardian_Escapes.com.xml
new file mode 100644
index 000000000000..bb7ee5ba6bb2
--- /dev/null
+++ b/src/chrome/content/rules/Guardian_Escapes.com.xml
@@ -0,0 +1,30 @@
+<!--
+	For other Guardian rulesets, see Guardian.xml.
+
+
+	^guardianescapes.com doesn't exist.
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.guardianescapes.com
+
+-->
+<ruleset name="Guardian Escapes.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.guardianescapes.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.guardianescapes\.com$" name="^JSESSIONID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Guardian_Offers.co.uk.xml b/src/chrome/content/rules/Guardian_Offers.co.uk.xml
new file mode 100644
index 000000000000..24b079211671
--- /dev/null
+++ b/src/chrome/content/rules/Guardian_Offers.co.uk.xml
@@ -0,0 +1,45 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://entertainment.guardianoffers.co.uk/ => https://entertainment.guardianoffers.co.uk/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://essentials.guardianoffers.co.uk/ => https://essentials.guardianoffers.co.uk/: (60, 'SSL certificate problem: certificate has expired')
+
+	For other Guardian rulesets, see Guardian.xml.
+
+
+	(www.)?guardianoffers.co.uk: Dropped
+
+
+	These altnames don't exist:
+
+		- www.entertainment.guardianoffers.co.uk
+		- www.essentials.guardianoffers.co.uk
+
+
+	Mixed content:
+
+		- Bugs on entertainment, essentials, from guardian.d1.sc.omtrdc.net *
+
+	* Secured by us
+
+-->
+<ruleset name="Guardian Offers.co.uk (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="entertainment.guardianoffers.co.uk" />
+	<target host="essentials.guardianoffers.co.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^entertainment\.guardianoffers\.co\.uk$" name="^CSPWSERVERID$" /-->
+	<!--securecookie host="^essentials\.guardianoffers\.co\.uk$" name="^(?:EMAILSIGNUP|JSESSIONID|ServerID)$" /-->
+
+	<securecookie host="^e(?:ntertainment|ssentials)\.guardianoffers\.co\.uk$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GuerrillaMail.com.xml b/src/chrome/content/rules/GuerrillaMail.com.xml
new file mode 100644
index 000000000000..b8c39f6d00f2
--- /dev/null
+++ b/src/chrome/content/rules/GuerrillaMail.com.xml
@@ -0,0 +1,15 @@
+<ruleset name="GuerrillaMail.com">
+
+	<target host=    "guerrillamail.com" />
+	<target host="www.guerrillamail.com" />
+	<target host="img.guerrillamail.com" />
+	<target host=    "grr.la" />
+	<target host="www.grr.la" />
+
+  	<securecookie host="^www\.guerrillamail\.com$" name=".+" />
+  	<securecookie host="^grr\.la$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Guidance-Software.xml b/src/chrome/content/rules/Guidance-Software.xml
new file mode 100644
index 000000000000..276deaa7a1f5
--- /dev/null
+++ b/src/chrome/content/rules/Guidance-Software.xml
@@ -0,0 +1,25 @@
+<ruleset name="Guidance Software">
+	<target host="guidancesoftware.com" />
+	<target host="www.guidancesoftware.com" />
+	<target host="www1.guidancesoftware.com" />
+	<target host="resellers.guidancesoftware.com" />
+	<target host="store.guidancesoftware.com" />
+	<target host="safesetup.guidancesoftware.com" />
+	<target host="careers.guidancesoftware.com" />
+	<target host="encase.com" />
+	<target host="www.encase.com" />
+	<target host="store.encase.com" />
+	<target host="home.guidancesoftware.com" />
+	<target host="www.enfuseconference.com" />
+	<target host="enfuseconference.com" />
+	<target host="enfuseconf.com" />
+	<target host="www.enfuseconf.com" />
+	<target host="enfuse.co" />
+	<target host="www.enfuse.co" />
+
+	<!-- all domain redirects to www.guidancesoftware.com -->
+  	<securecookie host="^www\.guidancesoftware\.com$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/GuideStar.xml b/src/chrome/content/rules/GuideStar.xml
index 007b27d6579b..4e67184c3981 100644
--- a/src/chrome/content/rules/GuideStar.xml
+++ b/src/chrome/content/rules/GuideStar.xml
@@ -1,22 +1,39 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://commerce.guidestar.org/ => https://commerce.guidestar.org/: (6, 'Could not resolve host: commerce.guidestar.org')
+Fetch error: http://www2.guidestar.org/ => https://www2.guidestar.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
 	Other GuideStar rulesets:
 
 		- Philanthropedia.xml
 
+
+	Mixed content:
+
+		- Image on www from $self *
+
+	* Secured by us
+
 -->
-<ruleset name="GuideStar (partial)">
+<ruleset name="GuideStar.org (partial)" default_off="failed ruleset test">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="guidestar.org" />
-	<target host="*.guidestar.org" />
+	<target host="commerce.guidestar.org" />
+	<target host="partners.guidestar.org" />
+	<target host="widgets.guidestar.org" />
+	<target host="www.guidestar.org" />
+	<target host="www2.guidestar.org" />
 
+		<test url="http://widgets.guidestar.org/gximage2?o=&amp;l=v4" />
 
-	<securecookie host="^www\.guidestar\.org$" name=".+" />
 
+	<securecookie host="^(?:www)?\.guidestar\.org$" name=".+" />
 
-	<rule from="^http://(?:www2?\.)?guidestar\.org/"
-		to="https://www.guidestar.org/" />
 
-	<rule from="^http://(commerce|partners)\.guidestar\.org/"
-		to="https://$1.guidestar.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Guide_FAQ.com.xml b/src/chrome/content/rules/Guide_FAQ.com.xml
new file mode 100644
index 000000000000..c4d6eefe039f
--- /dev/null
+++ b/src/chrome/content/rules/Guide_FAQ.com.xml
@@ -0,0 +1,25 @@
+<!--
+	For other Springshare coverage, see Springshare.xml.
+
+
+	Mixed content:
+
+		- Images, from:
+
+			- twitter-badges.s3.amazonaws.com
+			- lgimages.s3.amazonaws.com
+
+-->
+<ruleset name="Guide FAQ.com" default_off="mismatched">
+
+	<target host="guidefaq.com" />
+	<target host="www.guidefaq.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Guidebook.com.xml b/src/chrome/content/rules/Guidebook.com.xml
new file mode 100644
index 000000000000..487f8b588fb8
--- /dev/null
+++ b/src/chrome/content/rules/Guidebook.com.xml
@@ -0,0 +1,16 @@
+<ruleset name="Guidebook.com">
+
+	<target host="guidebook.com" />
+	<target host="www.guidebook.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.guidebook\.com$" name="^sessionid$" /-->
+
+	<securecookie host="^\.guidebook\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Guifi.xml b/src/chrome/content/rules/Guifi.xml
index 29bc87b46bca..336a6d05e8f8 100644
--- a/src/chrome/content/rules/Guifi.xml
+++ b/src/chrome/content/rules/Guifi.xml
@@ -2,11 +2,22 @@
 	Nonfunctional subdomains:
 
 		- fundacio	(http reply)
+		- social ²
+
+	² Refused
 
 -->
-<ruleset name="Guifi.net">
+<ruleset name="Guifi.net (partial)">
   <target host="guifi.net" />
-  <target host="www.guifi.net" />
+	<target host="www.guifi.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="\.guifi\.net$" name="^SESS[0-9a-f]{32}$" /-->
+
+	<securecookie host="\.guifi\.net$" name=".+" />
+
 
-  <rule from="^http://(?:www\.)?guifi\.net/" to="https://guifi.net/"/>
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Guild-Wars-2.xml b/src/chrome/content/rules/Guild-Wars-2.xml
index 4f76e0517f3c..be4f99905024 100644
--- a/src/chrome/content/rules/Guild-Wars-2.xml
+++ b/src/chrome/content/rules/Guild-Wars-2.xml
@@ -1,4 +1,6 @@
 <!--
+	For other NCsoft coverage, see NCsoft.com.xml.
+
 	en.support.guildwars2.com is handled in RightNow-clients.xml.
 
 
@@ -30,13 +32,21 @@
 <ruleset name="Guild Wars 2 (partial)">
 
 	<target host="guildwars2.com" />
-	<target host="*.guildwars2.com" />
+	<target host="account.guildwars2.com" />
+	<target host="buy.guildwars2.com" />
+	<target host="forum.guildwars2.com" />
+	<target host="forum-de.guildwars2.com" />
+	<target host="forum-en.guildwars2.com" />
+	<target host="forum-es.guildwars2.com" />
+	<target host="forum-fr.guildwars2.com" />
+	<target host="register.guildwars2.com" />
+	<target host="support.guildwars2.com" />
+	<target host="www.guildwars2.com" />
 
 
-	<securecookie host="^.+\.guildwars\.com$" name=".+" />
+	<securecookie host="^.+\.guildwars2\.com$" name=".+" />
 
 
-	<rule from="^http://((?:account|buy|forum(?:-de|-e[ns]|-fr)?|register|support|www)\.)?guildwars2\.com/"
-		to="https://$1guildwars2.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/GuildEducation.com.xml b/src/chrome/content/rules/GuildEducation.com.xml
new file mode 100644
index 000000000000..d7254da195d2
--- /dev/null
+++ b/src/chrome/content/rules/GuildEducation.com.xml
@@ -0,0 +1,14 @@
+<!--
+	Mismatched:
+		- pages (CN=*.marketo.com)
+-->
+<ruleset name="GuildEducation.com">
+	<target host="guildeducation.com" />
+	<target host="www.guildeducation.com" />
+	<target host="catalog.guildeducation.com" />
+	<target host="documents.guildeducation.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Guild_of_Master_Craftsmen.xml b/src/chrome/content/rules/Guild_of_Master_Craftsmen.xml
index f25ca440d8d5..a72c6d3aed62 100644
--- a/src/chrome/content/rules/Guild_of_Master_Craftsmen.xml
+++ b/src/chrome/content/rules/Guild_of_Master_Craftsmen.xml
@@ -1,19 +1,13 @@
-<!--
-	Problematic subdomains:
-
-		- ^	(cert only matches www)
-
--->
 <ruleset name="The Guild of Master Craftsmen">
 
 	<target host="guildmc.com" />
 	<target host="www.guildmc.com" />
 
 
-	<securecookie host="^www\.guildmc\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?guildmc\.com/"
-		to="https://www.guildmc.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Guillaume-Dargaud.xml b/src/chrome/content/rules/Guillaume-Dargaud.xml
new file mode 100644
index 000000000000..3e10daa24dc0
--- /dev/null
+++ b/src/chrome/content/rules/Guillaume-Dargaud.xml
@@ -0,0 +1,9 @@
+<ruleset name="Guillaume Dargaud">
+
+	<target host="gdargaud.net" />
+	<target host="www.gdargaud.net" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Guillaume_Dargauds_website.xml b/src/chrome/content/rules/Guillaume_Dargauds_website.xml
deleted file mode 100644
index c80268f4365d..000000000000
--- a/src/chrome/content/rules/Guillaume_Dargauds_website.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	Expired 2011-09-30
-
--->
-<ruleset name="Guillaume Dargaud's website" default_off="expired">
-
-	<target host="gdargaud.net" />
-	<target host="www.gdargaud.net" />
-
-
-	<rule from="^https?://(?:www\.)?gdargaud\.net/"
-		to="https://gdargaud.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Guitar_Center.com.xml b/src/chrome/content/rules/Guitar_Center.com.xml
new file mode 100644
index 000000000000..7aba59ce4121
--- /dev/null
+++ b/src/chrome/content/rules/Guitar_Center.com.xml
@@ -0,0 +1,105 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://guitarcenter.com/ (200) => http://guitarcenter.com/ (403)
+
+	CDN buckets:
+
+		- s3.amazonaws.com/stores4stores-gc-images-admin-dev/
+
+
+	Nonfunctional subdomains:
+
+		- platinum ¹
+		- used ²
+
+	¹ Dropped
+	² Refused
+
+
+	Problematic subdomains:
+
+		- ^ ¹
+		- sessions ²
+
+	¹ Mismatched, CN: *.music123.com
+	² Works; self-signed, CN: Parallels Panel
+
+
+	Partially covered subdomains:
+
+		- (www.) *	(^ → www)
+
+	* Some pages redirect to http
+
+
+	Fully covered subdomains:
+
+		- clearance
+		- gc
+		- images
+		- m
+		- stores
+
+
+	These altnames don't exist:
+
+		- www.clearance.guitarcenter.com
+		- www.gc.guitarcenter.com
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- m from images.miretail.com ¹
+			- sessions from i\d.ytimg.com ¹
+
+			- stores, from:
+
+				- images ¹
+				- s3.amazonaws.com ¹
+				- www.gcpro.com ²
+
+			- www from images ¹
+
+		- Web bugs, on:
+
+			- clearance from www ¹
+			- stores from medals.bizrate.com ¹
+
+	¹ Secured by us
+	² Unsecurable <= interrupted
+
+-->
+<ruleset name="Guitar Center.com (partial)" default_off="failed ruleset test">
+
+	<target host="guitarcenter.com" />
+	<target host="www.guitarcenter.com" />
+	<target host="clearance.guitarcenter.com" />
+	<target host="gc.guitarcenter.com" />
+	<target host="images.guitarcenter.com" />
+	<target host="m.guitarcenter.com" />
+	<target host="stores.guitarcenter.com" />
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="^http://(www\.)?guitarcenter\.com/+($|\?|MyAccount/Cart\.aspx)" /-->
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="^http://(www\.)?guitarcenter\.com/+(?!Ajax/|favicon\.ico|[iI]ncludes/)" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<securecookie host="^(?:clearance|gc)\.guitarcenter\.com$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?guitarcenter\.com/(?=Ajax/|favicon\.ico|[iI]ncludes/)"
+		to="https://www.guitarcenter.com/" />
+
+	<rule from="^http://(clearance|gc|images|m|stores)\.guitarcenter\.com/"
+		to="https://$1.guitarcenter.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Guldencoin.com.xml b/src/chrome/content/rules/Guldencoin.com.xml
new file mode 100644
index 000000000000..de5bd366b781
--- /dev/null
+++ b/src/chrome/content/rules/Guldencoin.com.xml
@@ -0,0 +1,23 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://guldencoin.com/ => https://guldencoin.com/: (35, 'error:14077458:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 unrecognized name')
+Fetch error: http://www.guldencoin.com/ => https://www.guldencoin.com/: (35, 'error:14077458:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 unrecognized name')
+
+	CDN buckets:
+
+		- s3-eu-west-1.amazonaws.com/guldencoin.com/
+
+-->
+<ruleset name="Guldencoin.com" default_off="failed ruleset test">
+
+	<target host="guldencoin.com" />
+	<target host="www.guldencoin.com" />
+
+
+	<securecookie host="^\.guldencoin\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Gulesider.xml b/src/chrome/content/rules/Gulesider.xml
index f49ff194484f..b8736aa6c571 100644
--- a/src/chrome/content/rules/Gulesider.xml
+++ b/src/chrome/content/rules/Gulesider.xml
@@ -1,3 +1,8 @@
+<!--
+Automatically by https-everywhere-checker because:
+Fetch error: http://gulesider.no/ => https://www.gulesider.no/: Cycle detected - URL already encountered: https://www.gulesider.no/
+Fetch error: http://www.gulesider.no/ => https://www.gulesider.no/: Cycle detected - URL already encountered: https://www.gulesider.no/
+-->
 <ruleset name="Gulesider" platform="mixedcontent">
   <target host="gulesider.no" />
   <target host="www.gulesider.no" />
diff --git a/src/chrome/content/rules/Gum.co.xml b/src/chrome/content/rules/Gum.co.xml
new file mode 100644
index 000000000000..7c00017c281a
--- /dev/null
+++ b/src/chrome/content/rules/Gum.co.xml
@@ -0,0 +1,17 @@
+<!--
+	For other Gumro coverage, see Gumroad.com.xml.
+
+-->
+<ruleset name="Gum.co">
+
+	<target host="gum.co" />
+	<target host="www.gum.co" />
+
+
+	<securecookie host="^(?:\.|www\.)?gum\.co$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GumGum.xml b/src/chrome/content/rules/GumGum.xml
index 9b2f6e91848c..1e91aa2b596d 100644
--- a/src/chrome/content/rules/GumGum.xml
+++ b/src/chrome/content/rules/GumGum.xml
@@ -21,7 +21,10 @@
 <ruleset name="GumGum (partial)">
 
 	<target host="gumgum.com" />
-	<target host="*.gumgum.com" />
+	<target host="www.gumgum.com" />
+	<target host="ads.gumgum.com" />
+	<target host="g2.gumgum.com" />
+	<target host="c.gumgum.com" />
 
 
 	<rule from="^http://(www\.)?gumgum\.com/(?=images/|(?:login|terms-of-service)(?:/?$|\?))"
@@ -31,6 +34,6 @@
 		to="https://$1.gumgum.com/" />
 
 	<rule from="^http://c\.gumgum\.com/"
-		to="https://d1u2cbczpt82kt.cloudfront.net/" />
+		to="https://c.gumgum.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Gumroad.com.xml b/src/chrome/content/rules/Gumroad.com.xml
index d965c8edad12..fe61202db9d9 100644
--- a/src/chrome/content/rules/Gumroad.com.xml
+++ b/src/chrome/content/rules/Gumroad.com.xml
@@ -1,19 +1,48 @@
 <!--
+	Other Gumroad rulesets:
+
+		- Gum.co.xml
+
+
 	CDN buckets:
 
 		- s3.amazonaws.com/gumroad/ | d1wzu4qct23er4.cloudfront.net
 
+
+	Fully covered hosts:
+
+		- (www.)?
+		- api
+		- help
+		- static-[12]
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- gumroad.com
+		- .gumroad.com
+		- api.gumroad.com
+
 -->
 <ruleset name="Gumroad.com">
 
 	<target host="gumroad.com" />
+	<target host="api.gumroad.com" />
+	<target host="help.gumroad.com" />
+	<target host="static-1.gumroad.com" />
+	<target host="static-2.gumroad.com" />
 	<target host="www.gumroad.com" />
 
 
-	<securecookie host="^gumroad\.com$" name=".+" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.gumroad\.com$" name="^(__cfduid|cf_clearance)$" /-->
+	<!--securecookie host="^(api\.)?gumroad\.com$" name="^ie_warning$" /-->
+
+	<securecookie host="^(?:\.|api\.|www\.)?gumroad\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?gumroad\.com/"
-		to="https://$1gumroad.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Gumstix.xml b/src/chrome/content/rules/Gumstix.xml
index ea50af7f32ef..7883f273cfff 100644
--- a/src/chrome/content/rules/Gumstix.xml
+++ b/src/chrome/content/rules/Gumstix.xml
@@ -7,13 +7,12 @@
 <ruleset name="Gumstix">
 
 	<target host="gumstix.com" />
-	<target host="*.gumstix.com" />
+	<target host="www.gumstix.com" />
 
 
 	<securecookie host="^\.gumstix\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?gumstix\.com/"
-		to="https://$1gumstix.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Gumtree.co.za.xml b/src/chrome/content/rules/Gumtree.co.za.xml
new file mode 100644
index 000000000000..10c592873e06
--- /dev/null
+++ b/src/chrome/content/rules/Gumtree.co.za.xml
@@ -0,0 +1,49 @@
+<!--
+	For other Gumtree coverage, see Gumtree.com.xml
+
+
+	Non-functional subdomains:
+		- api		(t)
+		- www.blog	(m)
+		- cache		(m)
+		- capetown	(t)
+		- dr-protocol	(t)
+		- (www.)durban		(t)
+		- info		(t)
+		- johannesburg		(t)
+		- origin-cache	(r)
+		- tm	(t)
+
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Gumtree.co.za">
+
+	<target host="gumtree.co.za" />
+	<target host="www.gumtree.co.za" />
+	<target host="blog.gumtree.co.za" />
+	<target host="ecg-api.gumtree.co.za" />
+	<target host="www.ecg-api.gumtree.co.za" />
+	<target host="ecg-api-partners.gumtree.co.za" />
+	<target host="ecg-apis.gumtree.co.za" />
+	<target host="ecg-apis-partners.gumtree.co.za" />
+	<target host="gait.gumtree.co.za" />
+	<target host="help.gumtree.co.za" />
+	<target host="m.gumtree.co.za" />
+	<target host="mktg.m.gumtree.co.za" />
+	<target host="origin-ecg-api.gumtree.co.za" />
+	<target host="ecg-api.partners.gumtree.co.za" />
+	<target host="ecg-apis.partners.gumtree.co.za" />
+	<target host="protool.gumtree.co.za" />
+	<target host="rui.gumtree.co.za" />
+	<target host="voting.gumtree.co.za" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Gumtree.com.au.xml b/src/chrome/content/rules/Gumtree.com.au.xml
new file mode 100644
index 000000000000..67330da029e6
--- /dev/null
+++ b/src/chrome/content/rules/Gumtree.com.au.xml
@@ -0,0 +1,374 @@
+<!--
+	For other Gumtree coverage, see Gumtree.com.xml
+
+
+	Non-functional subdomains:
+		- $self		(i)
+		- www.redbooks.com.auwww.carsales.com.auwww	(r)
+		- www.charliezcarz	(r)
+		- www.80bola.com	(r)
+		- l.mail	(m)
+		- www.paramount-motors	(r)
+		- sfapi.cloud.qa1	(t)
+		- static2	(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Gumtree.com.au">
+
+	<target host="gumtree.com.au" />
+	<target host="www.gumtree.com.au" />
+	<target host="1300blcars.gumtree.com.au" />
+	<target host="1st-car-wa-albanyhighway.gumtree.com.au" />
+	<target host="23rdwww.gumtree.com.au" />
+	<target host="4b4-warehouse.gumtree.com.au" />
+	<target host="5starcars.gumtree.com.au" />
+	<target host="a1-car-sales.gumtree.com.au" />
+	<target host="aberdeen-auto-auctions.gumtree.com.au" />
+	<target host="action-motors.gumtree.com.au" />
+	<target host="adamsmotorgroup.gumtree.com.au" />
+	<target host="adelaide.gumtree.com.au" />
+	<target host="adelaide-auto-sales-australia.gumtree.com.au" />
+	<target host="adelaide-consignment-centre.gumtree.com.au" />
+	<target host="adelaide-drive.gumtree.com.au" />
+	<target host="adelaide-quality-trucks.gumtree.com.au" />
+	<target host="adelaide-rv-centre.gumtree.com.au" />
+	<target host="advance-autos.gumtree.com.au" />
+	<target host="ak-cars.gumtree.com.au" />
+	<target host="albert-autodirect.gumtree.com.au" />
+	<target host="albury-wodonga-rv-world-wodonga.gumtree.com.au" />
+	<target host="allcar-wholesale.gumtree.com.au" />
+	<target host="allcars-solution.gumtree.com.au" />
+	<target host="ap-motors.gumtree.com.au" />
+	<target host="api.gumtree.com.au" />
+	<target host="aria-motors.gumtree.com.au" />
+	<target host="arrow-car-sales-mt-barker.gumtree.com.au" />
+	<target host="assured-cars.gumtree.com.au" />
+	<target host="asv-euro-asia.gumtree.com.au" />
+	<target host="auctions-balcatta.gumtree.com.au" />
+	<target host="auctions-belmore.gumtree.com.au" />
+	<target host="auctions-canberra.gumtree.com.au" />
+	<target host="auctions-dubbo.gumtree.com.au" />
+	<target host="auctions-newcastle.gumtree.com.au" />
+	<target host="auctions-salisburyplain.gumtree.com.au" />
+	<target host="auctions-sunshine.gumtree.com.au" />
+	<target host="auctions-townsville.gumtree.com.au" />
+	<target host="auctions-virginia.gumtree.com.au" />
+	<target host="auswide-motors.gumtree.com.au" />
+	<target host="auto-auctions-old-guildford.gumtree.com.au" />
+	<target host="auto-outlet-centre.gumtree.com.au" />
+	<target host="auto-sellers.gumtree.com.au" />
+	<target host="autocity.gumtree.com.au" />
+	<target host="automarket-wa.gumtree.com.au" />
+	<target host="automobiles-qld.gumtree.com.au" />
+	<target host="automobilesdandenong.gumtree.com.au" />
+	<target host="autopoint-car-sales.gumtree.com.au" />
+	<target host="autorent-hobart.gumtree.com.au" />
+	<target host="b-d-car-gallery.gumtree.com.au" />
+	<target host="beach-motors.gumtree.com.au" />
+	<target host="beautcars.gumtree.com.au" />
+	<target host="bergmans-auto-group.gumtree.com.au" />
+	<target host="berwick-nissan.gumtree.com.au" />
+	<target host="best-buy-autos-cabramatta.gumtree.com.au" />
+	<target host="betta-cars.gumtree.com.au" />
+	<target host="betta-wholesale.gumtree.com.au" />
+	<target host="bettercarcompany-nsw.gumtree.com.au" />
+	<target host="big-rock-toyota.gumtree.com.au" />
+	<target host="blog.gumtree.com.au" />
+	<target host="bm-prestige-automotive.gumtree.com.au" />
+	<target host="bowery-lane.gumtree.com.au" />
+	<target host="bramleys.gumtree.com.au" />
+	<target host="bridge-toyota-darwin-used.gumtree.com.au" />
+	<target host="brisbanecaryard.gumtree.com.au" />
+	<target host="bunbury-kia.gumtree.com.au" />
+	<target host="bunbury-toyota-australia.gumtree.com.au" />
+	<target host="bunbury-wholesale.gumtree.com.au" />
+	<target host="bundaberg-motors.gumtree.com.au" />
+	<target host="burdekin-motors.gumtree.com.au" />
+	<target host="busselton-hyundai.gumtree.com.au" />
+	<target host="butler-vehicles.gumtree.com.au" />
+	<target host="byrners-suzuki.gumtree.com.au" />
+	<target host="caboolturecityautos.gumtree.com.au" />
+	<target host="cairnscar4wdcentre.gumtree.com.au" />
+	<target host="cairnscheapestcars.gumtree.com.au" />
+	<target host="canberra.gumtree.com.au" />
+	<target host="canterbury-commercial.gumtree.com.au" />
+	<target host="car-auctions-pacific.gumtree.com.au" />
+	<target host="car-commercial-wholesale.gumtree.com.au" />
+	<target host="car-giant-wa.gumtree.com.au" />
+	<target host="car-sales-illawarra.gumtree.com.au" />
+	<target host="caravan-superstore-rvs.gumtree.com.au" />
+	<target host="carbox.gumtree.com.au" />
+	<target host="carbox-rockingham.gumtree.com.au" />
+	<target host="carcycle-cars-bikes.gumtree.com.au" />
+	<target host="cargiantwa-morley.gumtree.com.au" />
+	<target host="cargiantwa-rockingham.gumtree.com.au" />
+	<target host="carlins-automotive-auctioneers.gumtree.com.au" />
+	<target host="carlisle-auto-centre.gumtree.com.au" />
+	<target host="carmart-direct.gumtree.com.au" />
+	<target host="carnet-auctions-adelaide.gumtree.com.au" />
+	<target host="carnet-auctions-chullora.gumtree.com.au" />
+	<target host="carnet-auctions-smithfield.gumtree.com.au" />
+	<target host="carraracarmart.gumtree.com.au" />
+	<target host="carrs-cars.gumtree.com.au" />
+	<target host="cars-connect.gumtree.com.au" />
+	<target host="carsell.gumtree.com.au" />
+	<target host="cbd-cars.gumtree.com.au" />
+	<target host="central-west-motors.gumtree.com.au" />
+	<target host="certified-autos.gumtree.com.au" />
+	<target host="charlies-argyle-street-autos.gumtree.com.au" />
+	<target host="charliezcarz.gumtree.com.au" />
+	<target host="cheap-motors.gumtree.com.au" />
+	<target host="city-subaru.gumtree.com.au" />
+	<target host="city2surfcarsales.gumtree.com.au" />
+	<target host="classic-cars.gumtree.com.au" />
+	<target host="classifiedswww.gumtree.com.au" />
+	<target host="coastal-used-cars.gumtree.com.au" />
+	<target host="country-autos-tamworth.gumtree.com.au" />
+	<target host="crownmotors.gumtree.com.au" />
+	<target host="crystal-car-care-sales.gumtree.com.au" />
+	<target host="custom-coaster-conversions.gumtree.com.au" />
+	<target host="daley-motors-wa.gumtree.com.au" />
+	<target host="dave-powells-ssangyong.gumtree.com.au" />
+	<target host="david-grant-car-sales.gumtree.com.au" />
+	<target host="dealers.gumtree.com.au" />
+	<target host="dealmakers.gumtree.com.au" />
+	<target host="devonport-cars.gumtree.com.au" />
+	<target host="dollar-wholesale.gumtree.com.au" />
+	<target host="drives-aus.gumtree.com.au" />
+	<target host="dvg-melville.gumtree.com.au" />
+	<target host="eagle-camper-trailers.gumtree.com.au" />
+	<target host="eagle-city-motors.gumtree.com.au" />
+	<target host="eagle-trailers-campers-wa.gumtree.com.au" />
+	<target host="east-coast-truck-bus-sales.gumtree.com.au" />
+	<target host="eastside-commercials.gumtree.com.au" />
+	<target host="easyauto123-joondalup.gumtree.com.au" />
+	<target host="ebaywww.gumtree.com.au" />
+	<target host="ecg-api.gumtree.com.au" />
+	<target host="ecg-apis.gumtree.com.au" />
+	<target host="economy-cars.gumtree.com.au" />
+	<target host="emotor-group.gumtree.com.au" />
+	<target host="enfield-car-commercial.gumtree.com.au" />
+	<target host="eo-motors.gumtree.com.au" />
+	<target host="everlast-autos.gumtree.com.au" />
+	<target host="extapi.gumtree.com.au" />
+	<target host="f3-motor-auctions.gumtree.com.au" />
+	<target host="fabcar.gumtree.com.au" />
+	<target host="first-stop-motors.gumtree.com.au" />
+	<target host="fischer-motors.gumtree.com.au" />
+	<target host="footscray-central-motors.gumtree.com.au" />
+	<target host="fordhold-wreckers.gumtree.com.au" />
+	<target host="forum.gumtree.com.au" />
+	<target host="franks-wholesale-vehicles.gumtree.com.au" />
+	<target host="frankston-4by4-light-commercial.gumtree.com.au" />
+	<target host="g-b-quality-cars.gumtree.com.au" />
+	<target host="galaxy-autos.gumtree.com.au" />
+	<target host="gardnercars.gumtree.com.au" />
+	<target host="geissler-motors.gumtree.com.au" />
+	<target host="george-day-caravans.gumtree.com.au" />
+	<target host="gerhards-quality-cars.gumtree.com.au" />
+	<target host="germanautocentre.gumtree.com.au" />
+	<target host="gibbons-holden-gosnells.gumtree.com.au" />
+	<target host="gold-coast-cars-cheap.gumtree.com.au" />
+	<target host="gowans.gumtree.com.au" />
+	<target host="grand-auto-wa-maddington.gumtree.com.au" />
+	<target host="grand-motor-group.gumtree.com.au" />
+	<target host="green-rv.gumtree.com.au" />
+	<target host="green-rv-gympie.gumtree.com.au" />
+	<target host="grieve-parade-motors.gumtree.com.au" />
+	<target host="gympieroadwholesalecars.gumtree.com.au" />
+	<target host="harrys-wholesale-cars.gumtree.com.au" />
+	<target host="hays-office-support.gumtree.com.au" />
+	<target host="hellocars.gumtree.com.au" />
+	<target host="help.gumtree.com.au" />
+	<target host="hervey-bay-caravans.gumtree.com.au" />
+	<target host="hiwa-auto-sales.gumtree.com.au" />
+	<target host="horsewww.gumtree.com.au" />
+	<target host="hot-spot-autos.gumtree.com.au" />
+	<target host="house-of-cars.gumtree.com.au" />
+	<target host="ht-auto-wholesalers.gumtree.com.au" />
+	<target host="imex-motors.gumtree.com.au" />
+	<target host="incwww.gumtree.com.au" />
+	<target host="jackson-motor-company-derwent-park.gumtree.com.au" />
+	<target host="jackson-motor-company-hobart-city.gumtree.com.au" />
+	<target host="james-hiscock-wholesale.gumtree.com.au" />
+	<target host="japanese-trucks-australia.gumtree.com.au" />
+	<target host="jarrads-autos-woodbine.gumtree.com.au" />
+	<target host="jarrett-mazda-nissan.gumtree.com.au" />
+	<target host="jax-wholesale-cars.gumtree.com.au" />
+	<target host="jayco-canberra.gumtree.com.au" />
+	<target host="jce-car-sales.gumtree.com.au" />
+	<target host="jdm-cars.gumtree.com.au" />
+	<target host="jdms.gumtree.com.au" />
+	<target host="jeff-bell-and-co.gumtree.com.au" />
+	<target host="jetis.gumtree.com.au" />
+	<target host="jobs.gumtree.com.au" />
+	<target host="jobs-api.gumtree.com.au" />
+	<target host="joe-newman-motors.gumtree.com.au" />
+	<target host="john-hughes-group2.gumtree.com.au" />
+	<target host="kamikazee-disposals.gumtree.com.au" />
+	<target host="kenwick-vehicle-wholesalers.gumtree.com.au" />
+	<target host="kingmaster-auto.gumtree.com.au" />
+	<target host="kingz-motors.gumtree.com.au" />
+	<target host="koala-cars.gumtree.com.au" />
+	<target host="kqautos.gumtree.com.au" />
+	<target host="lake-macquarie-wholesale-cars.gumtree.com.au" />
+	<target host="lopez-motors.gumtree.com.au" />
+	<target host="lucky-cars.gumtree.com.au" />
+	<target host="lynford.gumtree.com.au" />
+	<target host="m.gumtree.com.au" />
+	<target host="machinery-direct.gumtree.com.au" />
+	<target host="mandurah-holden.gumtree.com.au" />
+	<target host="mandurah-motors-auctions.gumtree.com.au" />
+	<target host="manheim-brisbane.gumtree.com.au" />
+	<target host="manheim-melbourne.gumtree.com.au" />
+	<target host="manheim-perth.gumtree.com.au" />
+	<target host="marion-road-used-cars.gumtree.com.au" />
+	<target host="matchacar-brisbane.gumtree.com.au" />
+	<target host="matchacar-melbourne.gumtree.com.au" />
+	<target host="matchacar-perth.gumtree.com.au" />
+	<target host="melbourne.gumtree.com.au" />
+	<target host="melbournecheapest-cars.gumtree.com.au" />
+	<target host="melville-holden.gumtree.com.au" />
+	<target host="melville-subaru.gumtree.com.au" />
+	<target host="merrylands-autos.gumtree.com.au" />
+	<target host="metro-holden-thebarton.gumtree.com.au" />
+	<target host="metro-motors.gumtree.com.au" />
+	<target host="metronissanusedcars.gumtree.com.au" />
+	<target host="mike-brennan-as-is-cheapies.gumtree.com.au" />
+	<target host="mikehuntswholesalecars.gumtree.com.au" />
+	<target host="mktg.gumtree.com.au" />
+	<target host="mm-motors.gumtree.com.au" />
+	<target host="morwell-city-motors.gumtree.com.au" />
+	<target host="motoink.gumtree.com.au" />
+	<target host="motorama-clearance-used-cars.gumtree.com.au" />
+	<target host="motorcorp.gumtree.com.au" />
+	<target host="motorline-wa.gumtree.com.au" />
+	<target host="motorman-imports.gumtree.com.au" />
+	<target host="motorpoint-sydney.gumtree.com.au" />
+	<target host="motorworld.gumtree.com.au" />
+	<target host="mr-car.gumtree.com.au" />
+	<target host="mv-wholesale.gumtree.com.au" />
+	<target host="mwcars.gumtree.com.au" />
+	<target host="my-carsales.gumtree.com.au" />
+	<target host="nagra-autos-minchinbury.gumtree.com.au" />
+	<target host="new-port-auto-wholesale.gumtree.com.au" />
+	<target host="newcastle-country-autos.gumtree.com.au" />
+	<target host="newperth.gumtree.com.au" />
+	<target host="noosa-motors.gumtree.com.au" />
+	<target host="northern-car-centre.gumtree.com.au" />
+	<target host="northside-auto-group.gumtree.com.au" />
+	<target host="northwest-carsales.gumtree.com.au" />
+	<target host="nowra-toyota.gumtree.com.au" />
+	<target host="nuford.gumtree.com.au" />
+	<target host="orange-autos.gumtree.com.au" />
+	<target host="orders.gumtree.com.au" />
+	<target host="ozzy-car-sales.gumtree.com.au" />
+	<target host="ozzy-car-sales-minto.gumtree.com.au" />
+	<target host="pakenham-toyota.gumtree.com.au" />
+	<target host="paramount-motors.gumtree.com.au" />
+	<target host="parkview-autos.gumtree.com.au" />
+	<target host="partington-4wd-wreckers.gumtree.com.au" />
+	<target host="paul-paul.gumtree.com.au" />
+	<target host="pc-cars.gumtree.com.au" />
+	<target host="peel-hondasubaru.gumtree.com.au" />
+	<target host="perth.gumtree.com.au" />
+	<target host="perth-motorsport.gumtree.com.au" />
+	<target host="peter-page-holden-used.gumtree.com.au" />
+	<target host="phoenixholden.gumtree.com.au" />
+	<target host="picklesauctions-hobart.gumtree.com.au" />
+	<target host="picklesauctions-salisburyplain.gumtree.com.au" />
+	<target host="picklesauctions-sunshine.gumtree.com.au" />
+	<target host="picklesauctions-townsville.gumtree.com.au" />
+	<target host="picklesauctions-virginia.gumtree.com.au" />
+	<target host="pittsymotors.gumtree.com.au" />
+	<target host="preferredautos.gumtree.com.au" />
+	<target host="premier-auto-sales-mitchell.gumtree.com.au" />
+	<target host="premier-avan.gumtree.com.au" />
+	<target host="premier-cars.gumtree.com.au" />
+	<target host="prestige-auto-traders.gumtree.com.au" />
+	<target host="prestige-warehouseolm.gumtree.com.au" />
+	<target host="prwautos.gumtree.com.au" />
+	<target host="quality-used.gumtree.com.au" />
+	<target host="qwww.gumtree.com.au" />
+	<target host="regent-motors.gumtree.com.au" />
+	<target host="remy-carcompany.gumtree.com.au" />
+	<target host="revolution-cars-perth-dianella.gumtree.com.au" />
+	<target host="right-price-motors.gumtree.com.au" />
+	<target host="rio-motors.gumtree.com.au" />
+	<target host="road-runner-autos.gumtree.com.au" />
+	<target host="rockingham-mazda.gumtree.com.au" />
+	<target host="rockingham-nissan.gumtree.com.au" />
+	<target host="rodlowecarco.gumtree.com.au" />
+	<target host="ross-brennan-motors.gumtree.com.au" />
+	<target host="rural-scene.gumtree.com.au" />
+	<target host="rv-connection.gumtree.com.au" />
+	<target host="sakura-motors.gumtree.com.au" />
+	<target host="sandbox.gumtree.com.au" />
+	<target host="sandgate-autos.gumtree.com.au" />
+	<target host="scott-devlin-cars.gumtree.com.au" />
+	<target host="scs-imports-used-cars.gumtree.com.au" />
+	<target host="seaview-ford.gumtree.com.au" />
+	<target host="secure.gumtree.com.au" />
+	<target host="seymours-on-tudor.gumtree.com.au" />
+	<target host="sfapi.gumtree.com.au" />
+	<target host="sidney.gumtree.com.au" />
+	<target host="southeast-auto-sales.gumtree.com.au" />
+	<target host="southside-auto-auctions.gumtree.com.au" />
+	<target host="southside-volkswagen.gumtree.com.au" />
+	<target host="spectrum-car-sales-sa.gumtree.com.au" />
+	<target host="starline-autos.gumtree.com.au" />
+	<target host="start-employment.gumtree.com.au" />
+	<target host="start-up-cars.gumtree.com.au" />
+	<target host="steve-jackson-motors.gumtree.com.au" />
+	<target host="stubbs-street-auto-brokers-pl.gumtree.com.au" />
+	<target host="super-nova-motors.gumtree.com.au" />
+	<target host="sydney-auto-market.gumtree.com.au" />
+	<target host="sydney-city-toyota.gumtree.com.au" />
+	<target host="sydney-rv-group.gumtree.com.au" />
+	<target host="tassie-cars-commercials-hobart.gumtree.com.au" />
+	<target host="telford-car-shoppe.gumtree.com.au" />
+	<target host="the-japanese-car-centre.gumtree.com.au" />
+	<target host="tighe-auto.gumtree.com.au" />
+	<target host="tm.gumtree.com.au" />
+	<target host="tony-lahood-motors.gumtree.com.au" />
+	<target host="tonyirelandtownsville.gumtree.com.au" />
+	<target host="tonys-car-sales-maidstone.gumtree.com.au" />
+	<target host="toowoombaholden.gumtree.com.au" />
+	<target host="toyotaways.gumtree.com.au" />
+	<target host="trade-inn-motors.gumtree.com.au" />
+	<target host="ts201510.gumtree.com.au" />
+	<target host="uaansw-motor-auctions-warabrook.gumtree.com.au" />
+	<target host="uppillcars.gumtree.com.au" />
+	<target host="uwin-wholesale-cars.gumtree.com.au" />
+	<target host="value-wholesale.gumtree.com.au" />
+	<target host="vehicle-masters.gumtree.com.au" />
+	<target host="walk-in-drive-out-car-sales.gumtree.com.au" />
+	<target host="wangara-motors.gumtree.com.au" />
+	<target host="wasv.gumtree.com.au" />
+	<target host="weneedanannycomau.gumtree.com.au" />
+	<target host="westco-motors.gumtree.com.au" />
+	<target host="western-wholesale-commercials.gumtree.com.au" />
+	<target host="westocast-bmw.gumtree.com.au" />
+	<target host="westside-auto-wholesale.gumtree.com.au" />
+	<target host="wheelzandwheelz.gumtree.com.au" />
+	<target host="wholesale-house.gumtree.com.au" />
+	<target host="wholesale-traders-newcastle-georgetown.gumtree.com.au" />
+	<target host="why-walk-used-cars.gumtree.com.au" />
+	<target host="youngs-holden.gumtree.com.au" />
+	<target host="zai-motors.gumtree.com.au" />
+	<target host="zhan-wholesale.gumtree.com.au" />
+
+	<!-- invalid certificate chain -->
+	<rule from="^http://gumtree\.com\.au/"
+		to="https://www.gumtree.com.au/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Gumtree.com.xml b/src/chrome/content/rules/Gumtree.com.xml
new file mode 100644
index 000000000000..f8bd44a53769
--- /dev/null
+++ b/src/chrome/content/rules/Gumtree.com.xml
@@ -0,0 +1,56 @@
+<!--
+	Other related rulesets:
+		- Gumtree.co.za.xml
+		- Gumtree.com.au.xml
+		- Gumtree.ie.xml
+		- Gumtree.pl.xml
+		- Gumtree.sg.xml
+
+
+	Non-functional subdomains:
+		- 178.38.116profile	(certificate mismatch including subdomains, has wildcard DNS)
+		- autodiscover	(r)
+		- boston	(t)
+		- gumshield	(t)
+		- guvnor	(t)
+		- help	(i)
+		- ibfsui	(t)
+		- mdns	(t)
+		- mx102	(r)
+		- newyork	(t)
+		- integration.sf	(r)
+		- sfgw.sf	(r)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Gumtree.com">
+
+	<target host="gumtree.com" />
+	<target host="www.gumtree.com" />
+	<target host="android-api.gumtree.com" />
+	<target host="android-api-de.gumtree.com" />
+	<target host="api2.gumtree.com" />
+	<target host="blog.gumtree.com" />
+	<target host="business.gumtree.com" />
+	<target host="criteo-api.gumtree.com" />
+	<target host="cstm.gumtree.com" />
+	<target host="feed-api.gumtree.com" />
+	<target host="gateway.gumtree.com" />
+	<target host="iphone-api.gumtree.com" />
+	<target host="jobsadmin.gumtree.com" />
+	<target host="mobile-api.gumtree.com" />
+	<target host="my.gumtree.com" />
+	<target host="partnerships.gumtree.com" />
+	<target host="recruiters.gumtree.com" />
+	<target host="redirect.gumtree.com" />
+	<target host="sa.gumtree.com" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Gumtree.ie.xml b/src/chrome/content/rules/Gumtree.ie.xml
new file mode 100644
index 000000000000..4b38742dfba1
--- /dev/null
+++ b/src/chrome/content/rules/Gumtree.ie.xml
@@ -0,0 +1,30 @@
+<!--
+	For other Gumtree coverage, see Gumtree.com.xml
+
+
+	Non-functional subdomains:
+		- cork		(t)
+		- dublin	(t)
+		- mktg		(t)
+		- secure	(t)
+		- wwww		(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Gumtree.ie">
+
+	<target host="gumtree.ie" />
+	<target host="www.gumtree.ie" />
+	<target host="ecg-api.gumtree.ie" />
+	<target host="ecg-apis.gumtree.ie" />
+	<target host="help.gumtree.ie" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Gumtree.pl.xml b/src/chrome/content/rules/Gumtree.pl.xml
new file mode 100644
index 000000000000..ab2b791fb2e8
--- /dev/null
+++ b/src/chrome/content/rules/Gumtree.pl.xml
@@ -0,0 +1,50 @@
+<!--
+	For other Gumtree coverage, see Gumtree.com.xml
+
+
+	Non-functional subdomains:
+		- autodiscover	(t)
+		- gdansk	(t)
+		- info	(t)
+		- katowice	(t)
+		- krakow	(t)
+		- lodz	(t)
+		- lubelskie	(t)
+		- lubuskie	(t)
+		- mktg	(m)
+		- opolskie	(t)
+		- ecg-api.partners	(m)
+		- ecg-apis.partners	(m)
+		- gumtree.pl	(t)
+		- www	(t)
+		- podkarpackie	(t)
+		- polska	(t)
+		- poznan	(t)
+		- www.poznan	(t)
+		- secure	(t)
+		- trojmiasto	(t)
+		- warszawa	(t)
+		- www.warszawa	(t)
+		- wroclaw	(t)
+		- zachodniopomorskie	(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Gumtree.pl">
+
+	<target host="gumtree.pl" />
+	<target host="www.gumtree.pl" />
+	<target host="blog.gumtree.pl" />
+	<target host="ecg-api.gumtree.pl" />
+	<target host="ecg-apis.gumtree.pl" />
+	<target host="pomoc.gumtree.pl" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Gumtree.sg.xml b/src/chrome/content/rules/Gumtree.sg.xml
new file mode 100644
index 000000000000..43ac3fbba92d
--- /dev/null
+++ b/src/chrome/content/rules/Gumtree.sg.xml
@@ -0,0 +1,40 @@
+<!--
+	For other Gumtree coverage, see Gumtree.com.xml
+
+
+	Non-functional subdomains:
+		- jobs	(t)
+		- m	(t)
+		- mktg	(t)
+		- page	(r)
+		- ecg-api.partners	(m)
+		- ecg-apis.partners	(m)
+		- protool	(t)
+		- singapore	(t)
+		- singapore4	(t)
+		- singfapore	(t)
+		- sngapore	(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Gumtree.sg">
+
+	<target host="gumtree.sg" />
+	<target host="www.gumtree.sg" />
+	<target host="app.gumtree.sg" />
+	<target host="collections.gumtree.sg" />
+	<target host="ecg-api.gumtree.sg" />
+	<target host="ecg-apis.gumtree.sg" />
+	<target host="help.gumtree.sg" />
+	<target host="info.gumtree.sg" />
+	<target host="profile.gumtree.sg" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/GunFacts.info.xml b/src/chrome/content/rules/GunFacts.info.xml
new file mode 100644
index 000000000000..10a06c820974
--- /dev/null
+++ b/src/chrome/content/rules/GunFacts.info.xml
@@ -0,0 +1,14 @@
+<!--
+	Secure connection failed:
+
+	- community
+	- wp
+-->
+
+<ruleset name="GunFacts.info">
+	<target host="gunfacts.info" />
+	<target host="www.gunfacts.info" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/GunIO.xml b/src/chrome/content/rules/GunIO.xml
index b5a1bb1f4146..444fa1326fa9 100644
--- a/src/chrome/content/rules/GunIO.xml
+++ b/src/chrome/content/rules/GunIO.xml
@@ -1,8 +1,33 @@
-<ruleset name="GunIO" platform="mixedcontent">
-  <target host="gun.io" />
-  <target host="www.gun.io" />
+<!--
+	Nonfunctional hosts in *gun.io:
 
-  <securecookie host="^(.+\.)?gun\.io$" name=".*"/>
+		- gamma *
+
+	* 404
+
+
+	Insecure cookies are set for these hosts:
+
+		- gun.io
+		- www.gun.io
+
+-->
+<ruleset name="Gun.io (partial)">
+
+	<!--	Direct Rewrites:
+				-->
+	<target host="gun.io" />
+	<target host="www.gun.io" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?gun\.io$" name="^sessionid$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
-  <rule from="^http://(www\.)?gun\.io/" to="https://$1gun.io/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/Gunosy.com.xml b/src/chrome/content/rules/Gunosy.com.xml
new file mode 100644
index 000000000000..d97a0049b9bc
--- /dev/null
+++ b/src/chrome/content/rules/Gunosy.com.xml
@@ -0,0 +1,45 @@
+<!--
+
+	Nonfunctional subdomains:
+
+		- career	(times out)
+
+	Problematic subdomains:
+
+		- moneyscoop	(invalid cert)
+		- news	(invalid cert)
+
+	Mixedcontent:
+
+		- sports
+
+-->
+<ruleset name="Gunosy.com">
+
+	<target host="adntokyo.gunosy.com" />
+	<target host="ads.gunosy.com" />
+	<target host="api.gunosy.com" />
+	<target host="assets.gunosy.com" />
+	<target host="content-baseball.gunosy.com" />
+	<target host="contents.gunosy.com" />
+	<target host="creatives.gunosy.com" />
+	<target host="gunosy.com" />
+	<target host="images.gunosy.com" />
+	<target host="insight.gunosy.com" />
+	<target host="thumbnail.gunosy.com" />
+	<target host="webassets.gunosy.com" />
+	<target host="www.gunosy.com" />
+
+	<test url="http://adntokyo.gunosy.com/adn/web/jsonp/1.2/multi_show" />
+	<test url="http://api.gunosy.com/news/redirect" />
+	<test url="http://assets.gunosy.com/adnet/gunosy_ads.min.js" />
+	<test url="http://contents.gunosy.com/2/23/329d351898f4791573e4f4c10b2817ce_content.jpg" />
+	<test url="http://creatives.gunosy.com/images/VPmY9IeGr6qMc4nNFKAf-iSpH8wGEf4COeW9shjRt.png" />
+	<test url="http://images.gunosy.com/8/28/fc597aa36e8a669bf1ed41cdfdf43dfe_large.jpg" />
+	<test url="http://thumbnail.gunosy.com/5/14/9cd713f0f6b1af6c21ed10f541eb5806_large.jpg" />
+	<test url="http://webassets.gunosy.com/assets/gunosy-share-6d1fba532c850b102ea9752f952ba7ada435c53f760d421f0309db17f4f4a96d.png" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Guru3d.com.xml b/src/chrome/content/rules/Guru3d.com.xml
new file mode 100644
index 000000000000..fdea2a54784d
--- /dev/null
+++ b/src/chrome/content/rules/Guru3d.com.xml
@@ -0,0 +1,17 @@
+<!--
+	Refused:
+		^
+		capone
+		downloads
+		forums
+-->
+
+<ruleset name="Guru3d.com">
+	<target host="guru3d.com" />
+	<target host="www.guru3d.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://guru3d\.com/" to="https://www.guru3d.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Guru_Labs.com.xml b/src/chrome/content/rules/Guru_Labs.com.xml
new file mode 100644
index 000000000000..f1a4a735d82f
--- /dev/null
+++ b/src/chrome/content/rules/Guru_Labs.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="Guru Labs.com">
+
+	<target host="gurulabs.com" />
+	<target host="www.gurulabs.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Gust.xml b/src/chrome/content/rules/Gust.xml
index 5e93c90c3cc7..c853a3280479 100644
--- a/src/chrome/content/rules/Gust.xml
+++ b/src/chrome/content/rules/Gust.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(www\.)?gust\.com/(?!$)"
 		to="https://$1gust.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Gustavus.edu.xml b/src/chrome/content/rules/Gustavus.edu.xml
new file mode 100644
index 000000000000..d47a87d26073
--- /dev/null
+++ b/src/chrome/content/rules/Gustavus.edu.xml
@@ -0,0 +1,48 @@
+<!--
+	Other Gustavus Adolphus College rulesets:
+
+		- GAC.edu.xml
+
+
+	Nonfunctional subdomains:
+
+		- org *
+
+	* Shows test page
+
+
+	Problematic subdomains:
+
+		- (www.)?bookmark *
+
+	* Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- gustavus.edu
+
+-->
+<ruleset name="Gustavus.edu (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="gustavus.edu" />
+	<target host="blog.gustavus.edu" />
+	<target host="*.blog.gustavus.edu" />
+	<target host="www.gustavus.edu" />
+
+		<test url="http://webservices.blog.gustavus.edu/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^gustavus\.edu$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^gustavus\.edu$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Gusto.com.xml b/src/chrome/content/rules/Gusto.com.xml
new file mode 100644
index 000000000000..0008ef1440c3
--- /dev/null
+++ b/src/chrome/content/rules/Gusto.com.xml
@@ -0,0 +1,17 @@
+<ruleset name="Gusto.com">
+
+	<target host="gusto.com" />
+	<target host="app.gusto.com" />
+	<target host="assets.gusto.com" />
+	<target host="cdn.gusto.com" />
+	<target host="www.gusto.com" />
+
+
+	<securecookie host="^\." name="^_gat?$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Gutefrage.net.xml b/src/chrome/content/rules/Gutefrage.net.xml
new file mode 100644
index 000000000000..645afe537f5a
--- /dev/null
+++ b/src/chrome/content/rules/Gutefrage.net.xml
@@ -0,0 +1,34 @@
+<!--
+	HTTP redirect:
+		- www.gutefrage.net (most pages)
+
+	obsolete host:
+		- erika23.gutefrage.net
+-->
+<ruleset name="Gutefrage.net (partial)">
+	<target host="gutefrage.net" />
+	<target host="www.gutefrage.net" />
+	<target host="beacon.gutefrage.net" />
+	<target host="business.gutefrage.net" />
+	<target host="images.gutefrage.net" />
+
+	<exclusion pattern="^http://www\.gutefrage\.net/(?!favicon\.(ico|png)|images/|js/|login|nutzer_hinzufuegen)" />
+	<test url="http://www.gutefrage.net/agb" />
+	<test url="http://www.gutefrage.net/disclaimer" />
+	<test url="http://www.gutefrage.net/faq" />
+	<test url="http://www.gutefrage.net/favicon.ico" />
+	<test url="http://www.gutefrage.net/favicon.png" />
+	<test url="http://www.gutefrage.net/images/gf-responsive/teasers/schnell-kostenlos.png" />
+	<test url="http://www.gutefrage.net/js/generated/main.additional-min.js" />
+	<test url="http://www.gutefrage.net/js/generated/main.default-min.js" />
+	<test url="http://www.gutefrage.net/kontakt" />
+	<test url="http://www.gutefrage.net/login" />
+	<test url="http://www.gutefrage.net/neu" />
+	<test url="http://www.gutefrage.net/nutzer_hinzufuegen" />
+	<test url="http://www.gutefrage.net/policy" />
+	<test url="http://www.gutefrage.net/suche" />
+	<test url="http://www.gutefrage.net/ueber_uns" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Gutenberg.org.xml b/src/chrome/content/rules/Gutenberg.org.xml
new file mode 100644
index 000000000000..964951225726
--- /dev/null
+++ b/src/chrome/content/rules/Gutenberg.org.xml
@@ -0,0 +1,28 @@
+<!--
+	^: cert only matches *.gutenberg.org
+
+
+	Mixed content:
+
+		- Images from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Gutenberg.org">
+
+	<target host="gutenberg.org" />
+	<target host="www.gutenberg.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.gutenberg\.org$" name="^session_id$" /-->
+
+	<securecookie host="^\.gutenberg\.org$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?gutenberg\.org/"
+		to="https://www.gutenberg.org/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Guttmacher_Institute.xml b/src/chrome/content/rules/Guttmacher_Institute.xml
index 83dec9e3d967..df3bcec1b688 100644
--- a/src/chrome/content/rules/Guttmacher_Institute.xml
+++ b/src/chrome/content/rules/Guttmacher_Institute.xml
@@ -6,18 +6,24 @@
 -->
 <ruleset name="Guttmacher Institute">
 
-	<target host="gu.tt" />
+	<!--target host="gu.tt" /-->
+	<target host="www.guttmacher.org" />
+
+	<!--	Complications:
+				-->
 	<target host="guttmacher.org" />
-	<target host="*.guttmacher.org" />
 
 
-	<securecookie host="^(?:w*\.)?guttmacher\.org$" name=".+" />
+	<securecookie host=".+" name=".+" />
+
 
+	<!--rule from="^http://gu\.tt/"
+		to="https://bit.ly/" /-->
 
-	<rule from="^http://gu\.tt/"
-		to="https://bit.ly/" />
+	<rule from="^http://guttmacher\.org/"
+		to="https://www.guttmacher.org/" />
 
-	<rule from="^http://(www\.)?guttmacher\.org/"
-		to="https://$1guttmacher.org/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/GwDg.de.xml b/src/chrome/content/rules/GwDg.de.xml
new file mode 100644
index 000000000000..620505e0e66b
--- /dev/null
+++ b/src/chrome/content/rules/GwDg.de.xml
@@ -0,0 +1,25 @@
+<!--
+	Gesellschaft fuer wissenschaftliche Datenverarbeitung
+
+	Unable to get local issuer certificate:
+		status.gwdg.de
+-->
+<ruleset name="GwDg.de (partial)">
+
+	<target host="gwdg.de" />
+	<target host="www.gwdg.de" />
+	<target host="cryptpad.gwdg.de" />
+	<target host="ethercalc.gwdg.de" />
+	<target host="etherpad.gwdg.de" />
+	<target host="faq.gwdg.de" />
+	<target host="ftp.gwdg.de" />
+	<target host="info.gwdg.de" />
+	<target host="paste.gwdg.de" />
+	<target host="piwik.gwdg.de" />
+		<test url="http://piwik.gwdg.de/piwik.php?idsite=" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GwR_YMCA.org.xml b/src/chrome/content/rules/GwR_YMCA.org.xml
new file mode 100644
index 000000000000..1e0dcd7a8fc1
--- /dev/null
+++ b/src/chrome/content/rules/GwR_YMCA.org.xml
@@ -0,0 +1,13 @@
+<ruleset name="GwR YMCA.org">
+
+	<target host="gwrymca.org" />
+	<target host="www.gwrymca.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Gwent.police.uk.xml b/src/chrome/content/rules/Gwent.police.uk.xml
new file mode 100644
index 000000000000..a11f81d4a2a5
--- /dev/null
+++ b/src/chrome/content/rules/Gwent.police.uk.xml
@@ -0,0 +1,6 @@
+<ruleset name="Gwent.police.uk">
+  <target host="gwent.police.uk" />
+  <target host="www.gwent.police.uk" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Gwern.net.xml b/src/chrome/content/rules/Gwern.net.xml
new file mode 100644
index 000000000000..7ec584f13642
--- /dev/null
+++ b/src/chrome/content/rules/Gwern.net.xml
@@ -0,0 +1,7 @@
+<ruleset name="Gwern.net">
+	<target host="gwern.net" />
+	<target host="www.gwern.net" />
+	<target host="direct.gwern.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Gwinnett_County.com.xml b/src/chrome/content/rules/Gwinnett_County.com.xml
new file mode 100644
index 000000000000..6c2d12ee1606
--- /dev/null
+++ b/src/chrome/content/rules/Gwinnett_County.com.xml
@@ -0,0 +1,36 @@
+<!--
+
+
+	^gwinnettcounty.com: Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.gwinnettcounty.com
+
+-->
+<ruleset name="Gwinnett County.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.gwinnettcounty.com" />
+
+	<!--	Complications:
+				-->
+	<target host="gwinnettcounty.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.gwinnettcounty\.com$" name="^GC-GOV$" /-->
+
+	<securecookie host="^www\.gwinnettcounty\.com$" name=".+" />
+
+
+	<rule from="^http://gwinnettcounty\.com/"
+		to="https://www.gwinnettcounty.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Gyazo.com.xml b/src/chrome/content/rules/Gyazo.com.xml
new file mode 100644
index 000000000000..8f7ee7e07d66
--- /dev/null
+++ b/src/chrome/content/rules/Gyazo.com.xml
@@ -0,0 +1,31 @@
+<!--
+	Invalid certificate:
+		blog.gyazo.com
+
+	No working URL known:
+		gif.gyazo.com
+
+-->
+<ruleset name="Gyazo.com">
+
+	<target host="gyazo.com" />
+	<target host="www.gyazo.com" />
+	<target host="api.gyazo.com" />
+	<target host="assets.gyazo.com" />
+		<test url="http://assets.gyazo.com/favicon.ico" />
+	<target host="embed.gyazo.com" />
+		<test url="http://embed.gyazo.com/c954c7e1444a58bb64203dad41a04b93.png" />
+	<target host="files.gyazo.com" />
+	<target host="geo.gyazo.com" />
+		<test url="http://geo.gyazo.com/api/geo" />
+	<target host="i.gyazo.com" />
+		<test url="http://i.gyazo.com/f7797983677b219acec33da73d64f115.png" />
+	<target host="support.gyazo.com" />
+	<target host="upload.gyazo.com" />
+
+	<securecookie host=".+" name="^(__cfduid|cf_clearance)$" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Gyft.com.xml b/src/chrome/content/rules/Gyft.com.xml
new file mode 100644
index 000000000000..dbb197be3030
--- /dev/null
+++ b/src/chrome/content/rules/Gyft.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="Gyft.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="gyft.com" />
+	<target host="app.gyft.com" />
+	<target host="www.gyft.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GymGlish-problematic.xml b/src/chrome/content/rules/GymGlish-problematic.xml
deleted file mode 100644
index f8116ee6d1bc..000000000000
--- a/src/chrome/content/rules/GymGlish-problematic.xml
+++ /dev/null
@@ -1,29 +0,0 @@
-<!--
-	For rules that are on by default, see GymGlish.xml.
-
-
-	faq cookies are handled there.
-
--->
-<ruleset name="GymGlish (problematic)" default_off="mismatched">
-
-	<target host="gymglish.*" />
-	<target host="www.gymglish.*" />
-		<exclusion pattern="^https?://(?:www\.)?gymglish\.vn/" />
-	<target host="faq.gymglish.com" />
-	<target host="gymglish.com.br" />
-	<target host="*.gymglish.com.br" />
-	<target host="gymglish.co.uk" />
-	<target host="*.gymglish.co.uk" />
-
-
-	<securecookie host="^www\.gymglish\.(?:\w\w|com\.br|co\.uk)$" name=".+" />
-
-
-	<rule from="^http://faq\.gymglish\.com/"
-		to="https://faq.gymglish.com/" />
-
-	<rule from="^https?://(?:www\.)?gymglish\.(\w\w|com\.br|co\.uk)/"
-		to="https://www.gymglish.$1/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/GymGlish.xml b/src/chrome/content/rules/GymGlish.xml
deleted file mode 100644
index 8c7fd3aadae5..000000000000
--- a/src/chrome/content/rules/GymGlish.xml
+++ /dev/null
@@ -1,49 +0,0 @@
-<!--
-	For problematic rules, see GymGlish-problematic.xml.
-
-
-	Nonfunctional domains:
-
-		- (www.)gymglish.vn	(expired, mismatched, CN: *.lxlabs.com)
-
-
-	Problematic domains:
-
-		- gymglish.com *
-		- faq.gymglish.com *
-		- webservers.gymglish.com *
-		- webservers6.gymglish.com *
-		- (www.)gymglish.com.br *
-		- (www.)gymglish.co.uk *
-		- (www.)gymglish.de *
-		- (www.)gymglish.es *
-		- (www.)gymglish.fr *
-		- (www.)gymglish.in *
-		- (www.)gymglish.kr *
-		- (www.)gymglish.nl *
-		- (www.)gymglish.se *
-
-	Cert only matches www.gymglish.com
-
--->
-<ruleset name="GymGlish (partial)">
-
-	<target host="gymglish.*" />
-	<target host="www.gymglish.*" />
-		<exclusion pattern="^https?://(?:www\.)?gymglish\.(?:\w\w|com\.br|co\.uk)/(?!images/)" />
-		<exclusion pattern="^https?://(?:www\.)?gymglish\.vn/" />
-	<target host="*.gymglish.com" />
-		<exclusion pattern="^https?://webservers6?\.gymglish\.com/(?!images/)" />
-	<target host="gymglish.com.br" />
-	<target host="www.gymglish.com.br" />
-	<target host="gymglish.co.uk" />
-	<target host="www.gymglish.co.uk" />
-
-
-	<securecookie host="^.+\.gymglish\.com$" name=".+" />
-
-
-	<rule from="^https?://(?:webservers6?\.|www\.)?gymglish\.(?:\w\w|com|com\.br|co\.uk)/"
-		to="https://www.gymglish.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Gymglish.com.xml b/src/chrome/content/rules/Gymglish.com.xml
new file mode 100644
index 000000000000..ffd9fcced917
--- /dev/null
+++ b/src/chrome/content/rules/Gymglish.com.xml
@@ -0,0 +1,60 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+		- db5.gymglish.com
+		- db6.gymglish.com
+		- free3.gymglish.com
+		- openvpnviprackspaceel6.gymglish.com
+		- us.gymglish.com
+
+		Timeout was reached:
+		- fiber4.gymglish.com
+		- free5.gymglish.com
+		- free6.gymglish.com
+		- freelance.gymglish.com
+		- openvpnvipfreevitry.gymglish.com
+
+		SSL connect error:
+		- blog.gymglish.com
+
+		SSL peer certificate was not OK:
+		- notretemps.com.gymglish.com
+		- nouvelobs.com.gymglish.com
+		- faq.gymglish.com
+		- forum.gymglish.com
+		- larousse.fr.gymglish.com
+		- cours-francais.larousse.fr.gymglish.com
+		- apprendre-francais.lemonde.fr.gymglish.com
+		- learn-french.lemonde.fr.gymglish.com
+		- leparisien.fr.gymglish.com
+		- free7.gymglish.com
+		- free8.gymglish.com
+		- free9.gymglish.com
+		- help.gymglish.com
+		- lemonde.gymglish.com
+		- 405855-web1.rack8.gymglish.com
+		- rue89.gymglish.com
+		- static.gymglish.com
+		- stories.gymglish.com
+		- sueddeutsche.gymglish.com
+		- web1.gymglish.com
+		- web2.gymglish.com
+		- web3.gymglish.com
+		- webservers.gymglish.com
+		- webservers-ftq-ssl.gymglish.com
+		- webservers6.gymglish.com
+
+		Incomplete certificate chain error:
+		- nzz.ch.gymglish.com
+		- free4.gymglish.com
+		- online1.gymglish.com
+		- sentry.gymglish.com
+-->
+<ruleset name="Gymglish.com">
+	<target host="gymglish.com" />
+	<target host="www.gymglish.com" />
+	<target host="studio.gymglish.com" />
+	<target host="teachers.gymglish.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Gynecomastia.org.xml b/src/chrome/content/rules/Gynecomastia.org.xml
index b0902bde30ce..c73bcb6b0904 100644
--- a/src/chrome/content/rules/Gynecomastia.org.xml
+++ b/src/chrome/content/rules/Gynecomastia.org.xml
@@ -2,7 +2,7 @@
 	<target host="gynecomastia.org" />
 	<target host="www.gynecomastia.org" />
 
-	<securecookie host="^((www)?\.)?gynecomastia\.org$" name=".+" />
+	<securecookie host="^(?:(?:www)?\.)?gynecomastia\.org$" name=".+" />
 
-	<rule from="^http://(www\.)?gynecomastia\.org/" to="https://www.gynecomastia.org/" />
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Gyroscope.com.xml b/src/chrome/content/rules/Gyroscope.com.xml
new file mode 100644
index 000000000000..d7b326be278e
--- /dev/null
+++ b/src/chrome/content/rules/Gyroscope.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="Gyroscope.com">
+	<target host="gyroscope.com" />
+	<target host="www.gyroscope.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/H-CDN.co.xml b/src/chrome/content/rules/H-CDN.co.xml
new file mode 100644
index 000000000000..21d8deea1252
--- /dev/null
+++ b/src/chrome/content/rules/H-CDN.co.xml
@@ -0,0 +1,22 @@
+<!--
+	For other Hearst coverage, see Hearst-Corporation.xml.
+
+
+	Problematic hosts in *h-cdn.co:
+
+		- cos *
+
+	* Mismatched
+
+-->
+<ruleset name="H-CDN.co" default_off="mismatched">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="cos.h-cdn.co" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/H-T.co.xml b/src/chrome/content/rules/H-T.co.xml
new file mode 100644
index 000000000000..255bb5f219d0
--- /dev/null
+++ b/src/chrome/content/rules/H-T.co.xml
@@ -0,0 +1,35 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://h-t.co/ => https://h-t.co/: (51, "SSL: no alternative certificate subject name matches target host name 'h-t.co'")
+
+	For other Host-Tracker coverage, see Host-tracker.com.xml.
+
+
+	Insecure cookies are set for these hosts:
+
+		- h-t.co
+		- i.h-t.co
+
+-->
+<ruleset name="H-T.co" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="h-t.co" />
+	<target host="i.h-t.co" />
+
+		<test url="http://i.h-t.co/website%20monitor.png?id=" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:i\.)?h-t\.co$" name="^\.ASPXA(?:NONYMOUS|UTH)$" /-->
+
+	<securecookie host="^(?:i\.)?h-t\.co$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/H-node.org.xml b/src/chrome/content/rules/H-node.org.xml
new file mode 100644
index 000000000000..8070093df49d
--- /dev/null
+++ b/src/chrome/content/rules/H-node.org.xml
@@ -0,0 +1,16 @@
+<ruleset name="h-node.org">
+
+	<target host="h-node.org" />
+	<target host="www.h-node.org" />
+
+
+	<!-- Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?h-node\.org$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^(?:www\.)?h-node\.org$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/H2HC.com.br.xml b/src/chrome/content/rules/H2HC.com.br.xml
new file mode 100644
index 000000000000..c73e523b215f
--- /dev/null
+++ b/src/chrome/content/rules/H2HC.com.br.xml
@@ -0,0 +1,17 @@
+<!--
+	Mixed content:
+
+		- css from fonts.googleapis.com *
+
+	 * Secured by us
+
+-->
+<ruleset name="H2HC.com.br">
+
+	<target host="h2hc.com.br" />
+	<target host="www.h2hc.com.br" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/H5n.us.xml b/src/chrome/content/rules/H5n.us.xml
index 60247ccfc183..2d361cb4c4b9 100644
--- a/src/chrome/content/rules/H5n.us.xml
+++ b/src/chrome/content/rules/H5n.us.xml
@@ -1,12 +1,19 @@
-<ruleset name="h5n.us">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://h5n.us/ => https://h5n.us/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="h5n.us" default_off="failed ruleset test">
 
 	<target host="h5n.us" />
-	<target host="*.h5n.us" />
+	<target host="virtual.h5n.us" />
+	<target host="www.h5n.us" />
 
 
 	<!--	www cert: self-signed
 						-->
-	<rule from="^https?://(?:(virtual\.)|www\.)?h5n\.us/"
+	<rule from="^http://(?:(virtual\.)|www\.)?h5n\.us/"
 		to="https://$1h5n.us/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/H5py.org.xml b/src/chrome/content/rules/H5py.org.xml
new file mode 100644
index 000000000000..25d16a797b74
--- /dev/null
+++ b/src/chrome/content/rules/H5py.org.xml
@@ -0,0 +1,26 @@
+<!--
+	Refused:
+		- ^
+
+	Mismatch:
+		- docs
+
+	Time out:
+		- api
+-->
+<ruleset name="H5py.org">
+
+	<target host="h5py.org" />
+	<target host="www.h5py.org" />
+	<target host="docs.h5py.org" />
+
+	<rule from="^http://docs\.h5py\.org/"
+		to="https://h5py.readthedocs.io/" />
+
+	<rule from="^http://h5py\.org/"
+		to="https://www.h5py.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/HAProxy.com.xml b/src/chrome/content/rules/HAProxy.com.xml
new file mode 100644
index 000000000000..91fb5c890452
--- /dev/null
+++ b/src/chrome/content/rules/HAProxy.com.xml
@@ -0,0 +1,47 @@
+<!--
+	Problematic subdomains:
+
+		- blog *
+
+	* WordPress
+
+
+	Insecure cookies are set for these hosts:
+
+		- haproxy.com
+		- www.haproxy.com
+
+-->
+<ruleset name="HAProxy.com (partial)">
+
+	<target host="haproxy.com" />
+	<target host="blog.haproxy.com" />
+	<target host="www.haproxy.com" />
+
+		<exclusion pattern="^http://blog\.haproxy\.com/+(?!i/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://blog.haproxy.com/about/" />
+			<test url="http://blog.haproxy.com/haproxy/" />
+
+			<!--	-ve:
+					-->
+			<test url="http://blog.haproxy.com/i/favicon.ico" />
+			<test url="http://blog.haproxy.com/i/rss/blue-small.png" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?haproxy\.com$" name="^(HALBID|csrftoken|sessionid)" /-->
+
+	<securecookie host="^(?:www\.)?haproxy\.com$" name=".+" />
+
+
+	<rule from="^http://blog\.haproxy\.com/"
+		to="https://alohalb.wordpress.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/HBAnet.org.xml b/src/chrome/content/rules/HBAnet.org.xml
index f480c956d906..ec60bb86cf41 100644
--- a/src/chrome/content/rules/HBAnet.org.xml
+++ b/src/chrome/content/rules/HBAnet.org.xml
@@ -7,7 +7,7 @@
 <ruleset name="HBAnet.org">
 
 	<target host="hbanet.org" />
-	<target host="*.hbanet.org" />
+	<target host="www.hbanet.org" />
 
 
 	<securecookie host="^\.hbanet\.org$" name=".+" />
diff --git a/src/chrome/content/rules/HBO.xml b/src/chrome/content/rules/HBO.xml
index 6bf165801c68..6f7f3a31b915 100644
--- a/src/chrome/content/rules/HBO.xml
+++ b/src/chrome/content/rules/HBO.xml
@@ -1,27 +1,93 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://talk.hbo.com/ => https://talk.hbo.com/: (7, 'Failed to connect to talk.hbo.com port 443: Connection timed out')
+
+	Split per https://github.com/EFForg/https-everywhere/issues/1393
+
+	For rules causing false/broken MCB, see hbo.com-falsemixed.xml.
+
+	Other Home Box Office rulesets:
+
+		- hbokids.com.xml
+		- hbonow.com.xml
+		- hboshopeu.com.xml
+		- itsh.bo (via Bitly_branded_short_domains.xml)
+
+
 	CDN buckets:
 
-		- i.lv3.hbo.com.c.footprint.net	
+		- d2fb3habz60ldm.cloudfront.net
+		- i.lv3.hbo.com.c.footprint.net
+		- hbob2b.vo.llnwd.net	(400 over https)
+
+
+	Problematic hosts in *hbo.com:
+
+		- i.lv3 *
+		- render.lv3 *
+		- cdn.www ᵐ
+
+	* Dropped, data are also on www.hbo.com
+	ᵐ Cloudfront / mismatched
+
 
+	Insecure cookies are set for these hosts:
 
-	Nonfunctional subdomains:
+		- talk.hbo.com
 
-		- i.lv3		(times out; data are also on www)
+
+	Mixed content:
+
+		- css on www from cdn.www.hbo.com ˢ
+
+		- Images, on:
+
+			- www from i.lv3.hbo.com ˢ
+			- www from render.lv3.hbo.com ˢ
+			- www from cdn.www.hbo.com ˢ
+
+	ˢ Secured by us
 
 -->
-<ruleset name="HBO">
+<ruleset name="HBO.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<!--target host="hbo.com" /-->
+	<target host="connect.hbo.com" />
+	<target host="secure.hbo.com" />
+	<target host="shop.hbo.com" />
+	<target host="talk.hbo.com" />
+	<!--target host="watch.hbo.com" />	needs testing from U.S. -->
+	<!--target host="www.hbo.com" /-->
 
-	<target host="hbo.com" />
-	<target host="*.hbo.com" />
-	<target host="i.lv3.hbo.com" />
+	<!--	Complications:
+				-->
+	<!--target host="i.lv3.hbo.com" /-->
+	<!--target host="render.lv3.hbo.com" /-->
+	<!--target host="cdn.www.hbo.com" /-->
 
+		<!--test url="http://www.hbo.com/game-of-thrones" /-->
 
-	<!--	!www: cert only matches www.
+
+	<!--	Not secured by server:
 					-->
-	<rule from="^https?://(?:i\.lv3\.|www\.)?hbo\.com/"
-		to="https://www.hbo.com/" />
+	<!--securecookie host="^talk\.hbo\.com$" name="^Lithium(?:UserInfo|UserSecure|Visitor)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<!--rule from="^http://(?:i|render)\.lv3\.hbo\.com/"
+		to="https://www.hbo.com/" /-->
+
+	<!--rule from="^http://cdn\.www\.hbo\.com/"
+		to="https://???.cloudfront.net/" /-->
+
+	<!--rule from="^http://cdn\.www\.hbo\.com/"
+		to="https://www.hbo.com/" /-->
 
-	<rule from="^http://secure\.hbo\.com/"
-		to="https://secure.hbo.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/HBR.org.xml b/src/chrome/content/rules/HBR.org.xml
new file mode 100644
index 000000000000..cb44ada35027
--- /dev/null
+++ b/src/chrome/content/rules/HBR.org.xml
@@ -0,0 +1,63 @@
+<!--
+	Harvard Business Review
+
+	For other Harvard University coverage, see Harvard-University.xml.
+
+
+	CDN buckets:
+
+		- harvardbp.vo.llnwd.net
+
+			- .hs. doesn't exist
+			- static
+
+
+	Problematic subdomains:
+
+		- static	(400; mismatched, CN: *.llnwd.net)
+		- web ²
+
+	² Refused
+
+
+	Fully covered subdomains:
+
+		- (www.)
+		- blogs
+		- ox-d
+		- static	(→ ^)
+		- web		(→ hbdm.hbsp.harvard.edu)
+
+
+	Insecure cookies are set for these domains:
+
+		- hbr.org
+		- blogs.hbr.org
+		- www.hbr.org
+
+-->
+<ruleset name="HBR.org">
+
+	<target host="hbr.org" />
+	<target host="static.hbr.org" />
+	<target host="blogs.hbr.org" />
+	<target host="ox-d.hbr.org" />
+	<target host="www.hbr.org" />
+	<target host="web.hbr.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^hbr\.org$" name="^(AWSELB|JSESSIONID)$" /-->
+	<!--securecookie host="^(blogs|www).hbr\.org$" name="^HBRGSTICKY$" /-->
+
+	<securecookie host="^(?:\.|ox-d\.|www\.)?hbr\.org$" name=".+" />
+
+
+	<rule from="^http://(?:static\.|((?:blogs|ox-d|www)\.))?hbr\.org/"
+		to="https://$1hbr.org/" />
+
+	<rule from="^http://web\.hbr\.org/"
+		to="https://hbdm.hbsp.harvard.edu/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/HBW.com.xml b/src/chrome/content/rules/HBW.com.xml
new file mode 100644
index 000000000000..199ac647770b
--- /dev/null
+++ b/src/chrome/content/rules/HBW.com.xml
@@ -0,0 +1,14 @@
+<!--
+	Invalid certificate:
+		ibc.hbw.com
+
+-->
+<ruleset name="HBW alive">
+
+	<target host="hbw.com" />
+	<target host="www.hbw.com" />
+	<target host="secure.hbw.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/HBoeck.xml b/src/chrome/content/rules/HBoeck.xml
deleted file mode 100644
index 25a6b018ba2f..000000000000
--- a/src/chrome/content/rules/HBoeck.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<ruleset name="HBoeck (CAcert)" platform="cacert mixedcontent">
-
-	<target host="hboeck.de"/>
-	<target host="www.hboeck.de"/>
-
-	<securecookie host="^hboeck\.de$" name=".*"/>
-
-	<rule from="^http://(www\.)?hboeck\.de/"
-		to="https://$1hboeck.de/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/HCL_Technologies.xml b/src/chrome/content/rules/HCL_Technologies.xml
index 83aa6f922f29..a8d50cf7a56b 100644
--- a/src/chrome/content/rules/HCL_Technologies.xml
+++ b/src/chrome/content/rules/HCL_Technologies.xml
@@ -1,4 +1,10 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://webmail.hcltech.com/ => https://webmail.hcltech.com/: (7, 'Failed to connect to webmail.hcltech.com port 443: Connection refused')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://autodiscover.hcl-axon.com/ => https://autodiscover.hcl-axon.com/: (7, 'Failed to connect to autodiscover.hcl-axon.com port 80: Connection refused')
 	Nonfunctional domains:
 
 		- (www.)hcl.com		(times out)
@@ -38,10 +44,23 @@
 		- webmail.hcltech.com
 
 -->
-<ruleset name="HCL Technologies (partial)">
-
-	<target host="*.hcl.com" />
-	<target host="*.hcl.in" />
+<ruleset name="HCL Technologies (partial)" default_off="failed ruleset test">
+
+	<target host="autodiscover.hcl.com" />
+	<target host="mail.hcl.com" />
+	<target host="chnmail.hcl.com" />
+	<target host="comnetwebmail.hcl.com" />
+	<target host="isdmail.hcl.com" />
+	<target host="meme.hcl.com" />
+	<target host="mpindia.hcl.com" />
+	<target host="mycampus.hcl.com" />
+	<target host="ocsweb.hcl.com" />
+	<target host="as.ocsweb.hcl.com" />
+	<target host="download.ocsweb.hcl.com" />
+	<target host="remedy.hcl.com" />
+	<target host="autodiscover.hcl.in" />
+	<target host="hcltmail.hcl.in" />
+	<target host="hcltmail-chn.hcl.in" />
 	<target host="autodiscover.hcl-axon.com" />
 	<target host="webmail.hcltech.com" />
 
@@ -51,16 +70,6 @@
 	<securecookie host="^webmail\.hcltech\.com$" name=".+" />
 
 
-	<rule from="^http://(autodiscover|(?:chn|comnetweb|isd)?mail|meme|mpindia|mycampus|(?:as\.|download\.)?ocsweb|remedy)\.hcl\.com/"
-		to="https://$1.hcl.com/" />
-
-	<rule from="^http://(autodiscover|hcltmail(?:-chn)?)\.hcl\.in/"
-		to="https://$1.hcl.in/" />
-
-	<rule from="^http://autodiscover\.hcl-axon\.com/"
-		to="https://autodiscover.hcl-axon.com/" />
-
-	<rule from="^http://webmail\.hcltech\.com/"
-		to="https://webmail.hcltech.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/HClippr.com.xml b/src/chrome/content/rules/HClippr.com.xml
new file mode 100644
index 000000000000..b786890a72b1
--- /dev/null
+++ b/src/chrome/content/rules/HClippr.com.xml
@@ -0,0 +1,34 @@
+<!--
+	Nonfunctional hosts in *hClipper.com:
+
+		- (www.)? ᴰ
+		- hns ⁱ
+
+	ᴰ DreamHost/200 "site not found"
+	ⁱ Internal error
+
+
+	Mixed content:
+
+		- Images on ja.hideki from $self ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="hClippr.com (partial)">
+
+	<target host="hideki.hclippr.com" />
+	<target host="www.hideki.hclippr.com" />
+	<target host="ja.hideki.hclippr.com" />
+	<target host="www.ja.hideki.hclippr.com" />
+	<target host="songlist.hclippr.com" />
+	<target host="www.songlist.hclippr.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/HD.se.xml b/src/chrome/content/rules/HD.se.xml
index 911d73b5606a..25b7f48c0956 100644
--- a/src/chrome/content/rules/HD.se.xml
+++ b/src/chrome/content/rules/HD.se.xml
@@ -1,7 +1,11 @@
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://hd.se/ => https://hd.se/: Cycle detected - URL already encountered: https://hd.se/
+-->
 <ruleset name="HD.se">
   <target host="hd.se" />
-  <target host="*.hd.se" />
-  <rule from="^http://hd\.se/" to="https://hd.se/"/>
+  <target host="www.hd.se" />
   <rule from="^http://www\.hd\.se/" to="https://hd.se/"/>
+  <rule from="^http:" to="https:" />
 </ruleset>
 
diff --git a/src/chrome/content/rules/HDFury.com.xml b/src/chrome/content/rules/HDFury.com.xml
new file mode 100644
index 000000000000..a93a1df17d14
--- /dev/null
+++ b/src/chrome/content/rules/HDFury.com.xml
@@ -0,0 +1,43 @@
+<!--
+	NB: Tor users cannot view* this website due to CloudFlare settings.
+
+	See:
+
+		- https://blog.torproject.org/blog/call-arms-helping-internet-services-accept-anonymous-users
+		- https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block-Tor-
+		- https://support.cloudflare.com/hc/en-us/articles/200170206-How-do-I-turn-I-m-Under-Attack-mode-on-
+
+	* without enabling javascript, for security and privacy implications see e.g.:
+
+		- https://www.mozilla.org/security/known-vulnerabilities/firefox.html
+		- https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-fingerprinting
+		- https://panopticlick.eff.org
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- hdfury.com
+		- .hdfury.com
+		- www.hdfury.com
+
+-->
+<ruleset name="HDFury.com">
+
+	<target host="hdfury.com" />
+	<target host="www.hdfury.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?hdfury\.com$" name="^wfvt_\d+$" /-->
+	<!--securecookie host="^\.hdfury\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+	<!--securecookie host="^www\.hdfury\.com$" name="^woocommerce_recently_viewed$" /-->
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/HDM-Stuttgart.de.xml b/src/chrome/content/rules/HDM-Stuttgart.de.xml
new file mode 100644
index 000000000000..3b328b9daa23
--- /dev/null
+++ b/src/chrome/content/rules/HDM-Stuttgart.de.xml
@@ -0,0 +1,226 @@
+<!--
+	Cert expired:
+		- asta.hdm-stuttgart.de
+		- klaus.hdm-stuttgart.de
+		- klaus.mi.hdm-stuttgart.de
+		- krake.mi.hdm-stuttgart.de
+		- phabricator.mi.hdm-stuttgart.de
+		- vs.mi.hdm-stuttgart.de
+		- self.remex.hdm-stuttgart.de
+		- remex.hdm-stuttgart.de
+		- amms.remex.hdm-stuttgart.de
+		- cloud4all.remex.hdm-stuttgart.de
+		- prosperity.remex.hdm-stuttgart.de
+
+	Self-signed cert:
+		- gaia.iuk.hdm-stuttgart.de
+		- spib.iuk.hdm-stuttgart.de
+		- zeus.iuk.hdm-stuttgart.de
+		- scheible.hdm-stuttgart.de
+
+	Chain issues:
+		- ca-confluence.hdm-stuttgart.de
+		- hdr-2014.hdm-stuttgart.de
+		- iz-vpn-3.hdm-stuttgart.de
+		- apollo.iuk.hdm-stuttgart.de
+		- forschungsmethoden.iuk.hdm-stuttgart.de
+		- hera.iuk.hdm-stuttgart.de
+		- mandy.iuk.hdm-stuttgart.de
+		- modulwahl.iuk.hdm-stuttgart.de
+		- lemon.hdm-stuttgart.de
+		- media.hdm-stuttgart.de
+		- devices.mi.hdm-stuttgart.de
+		- learnmap.mi.hdm-stuttgart.de
+		- vpn-int.hdm-stuttgart.de
+		- wl-vpn-int.hdm-stuttgart.de
+
+	Connection refused:
+		- acqwiki.iuk.hdm-stuttgart.de
+		- analytics-stud.iuk.hdm-stuttgart.de
+		- analytics.iuk.hdm-stuttgart.de
+		- chronos.iuk.hdm-stuttgart.de
+		- cms02.iuk.hdm-stuttgart.de
+		- diana.iuk.hdm-stuttgart.de
+		- miner.iuk.hdm-stuttgart.de
+		- moodle-test.iuk.hdm-stuttgart.de
+		- omm-for-kids.iuk.hdm-stuttgart.de
+		- ommstage1.iuk.hdm-stuttgart.de
+		- ommwebprod.iuk.hdm-stuttgart.de
+		- storytellingmem.iuk.hdm-stuttgart.de
+		- wiki.iuk.hdm-stuttgart.de
+		- wiss.iuk.hdm-stuttgart.de
+		- iuk-wi-www-1.hdm-stuttgart.de
+		- ldap.hdm-stuttgart.de
+		- ldap1.hdm-stuttgart.de
+		- ldap2.hdm-stuttgart.de
+		- ldap3.hdm-stuttgart.de
+		- ldap4.hdm-stuttgart.de
+		- ldap5.hdm-stuttgart.de
+		- mba.hdm-stuttgart.de
+		- www.mba.hdm-stuttgart.de
+		- ewa.mi.hdm-stuttgart.de
+		- gamedesign.mi.hdm-stuttgart.de
+		- gerlicher.mi.hdm-stuttgart.de
+		- hdmapp.mi.hdm-stuttgart.de
+		- jd.mi.hdm-stuttgart.de
+		- maucher.pages.mi.hdm-stuttgart.de
+		- mc01.mi.hdm-stuttgart.de
+		- mc02.mi.hdm-stuttgart.de
+		- mc10.mi.hdm-stuttgart.de
+		- mc11.mi.hdm-stuttgart.de
+		- mobilecontent.mi.hdm-stuttgart.de
+		- pages.mi.hdm-stuttgart.de
+		- qraffiti.mi.hdm-stuttgart.de
+		- schacht.mi.hdm-stuttgart.de
+		- sq.mi.hdm-stuttgart.de
+		- mj.hdm-stuttgart.de
+		- mx1.hdm-stuttgart.de
+		- mx2.hdm-stuttgart.de
+		- mx3.hdm-stuttgart.de
+		- mx4.hdm-stuttgart.de
+		- mx5.hdm-stuttgart.de
+		- mx6.hdm-stuttgart.de
+		- www.omm.hdm-stuttgart.de
+		- schaugg.hdm-stuttgart.de
+		- schauggstream.hdm-stuttgart.de
+		- smtp.hdm-stuttgart.de
+		- wim.hdm-stuttgart.de
+		- www.wi.hdm-stuttgart.de
+		- www.wim.hdm-stuttgart.de
+		- xwing.hdm-stuttgart.de
+
+
+	TLS errors:
+		- bastet2.iuk.hdm-stuttgart.de
+		- ids.iuk.hdm-stuttgart.de
+		- ids2.iuk.hdm-stuttgart.de
+		- wiest.hdm-stuttgart.de
+		- mars.iuk.hdm-stuttgart.de
+
+	Timeout:
+		- hadoop.iuk.hdm-stuttgart.de
+		- iz-mail-1.hdm-stuttgart.de
+		- term.mi.hdm-stuttgart.de
+		- term.hdm-stuttgart.de
+		- www.mi.hdm-stuttgart.de
+
+	Cert mismatch:
+		- acts.hdm-stuttgart.de
+		- www.acts.hdm-stuttgart.de
+		- alumni.hdm-stuttgart.de
+		- gaming.hdm-stuttgart.de
+		- horads.hdm-stuttgart.de
+		- www.iaf.hdm-stuttgart.de
+		- id.hdm-stuttgart.de
+		- idb.hdm-stuttgart.de
+		- bastet.iuk.hdm-stuttgart.de
+		- download.iuk.hdm-stuttgart.de
+		- pdf.iuk.hdm-stuttgart.de
+		- usability.iuk.hdm-stuttgart.de
+		- www.iuk.hdm-stuttgart.de
+		- iz-homesrv-1.hdm-stuttgart.de
+		- iz-starplan-test.hdm-stuttgart.de
+		- iz-status-01.hdm-stuttgart.de
+		- iz-tt-1.hdm-stuttgart.de
+		- iz-www-2.hdm-stuttgart.de
+		- iz-www-1.hdm-stuttgart.de
+		- medieninformatik.hdm-stuttgart.de
+		- www.medieninformatik.hdm-stuttgart.de
+		- mi.hdm-stuttgart.de
+		- doc.mi.hdm-stuttgart.de
+		- fb1.mi.hdm-stuttgart.de
+		- mattermost.mi.hdm-stuttgart.de
+		- sol.mi.hdm-stuttgart.de
+		- streaming.mi.hdm-stuttgart.de
+		- webdav.mi.hdm-stuttgart.de
+		- webday.mi.hdm-stuttgart.de
+		- webmail.mi.hdm-stuttgart.de
+		- moodletest.hdm-stuttgart.de
+		- packagingdesign.hdm-stuttgart.de
+		- pdm.hdm-stuttgart.de
+		- realserver3.hdm-stuttgart.de
+		- www.remex.hdm-stuttgart.de
+		- science.hdm-stuttgart.de
+		- stufe.hdm-stuttgart.de
+		- v.hdm-stuttgart.de
+		- www-test.hdm-stuttgart.de
+
+-->
+<ruleset name="Hochschule der Medien Stuttgart" >
+
+	<target host="www.hdm-stuttgart.de" />
+
+	<target host="ca.hdm-stuttgart.de" />
+	<target host="bewerbung.hdm-stuttgart.de" />
+	<target host="em-web.am.hdm-stuttgart.de" />
+	<target host="crm.hdm-stuttgart.de" />
+	<target host="crpr.hdm-stuttgart.de" />
+	<target host="finanzbericht.hdm-stuttgart.de" />
+	<target host="home.hdm-stuttgart.de" />
+	<target host="curdt.home.hdm-stuttgart.de" />
+	<target host="hoermann.home.hdm-stuttgart.de" />
+	<target host="kisling.home.hdm-stuttgart.de" />
+	<target host="mk285.home.hdm-stuttgart.de" />
+	<target host="rathke.home.hdm-stuttgart.de" />
+	<target host="nicolin.home.hdm-stuttgart.de" />
+
+	<target host="idblog.hdm-stuttgart.de" />
+	<target host="idp.hdm-stuttgart.de" />
+	<target host="idp2.hdm-stuttgart.de" />
+	<target host="ifg.hdm-stuttgart.de" />
+	<target host="im-prod.hdm-stuttgart.de" />
+	<target host="imo.hdm-stuttgart.de" />
+	<target host="informationsdesign.hdm-stuttgart.de" />
+
+	<target host="bbb.iuk.hdm-stuttgart.de" />
+	<target host="cms01.iuk.hdm-stuttgart.de" />
+	<target host="id-textlabor.iuk.hdm-stuttgart.de" />
+	<target host="idb.iuk.hdm-stuttgart.de" />
+	<target host="idcloud.iuk.hdm-stuttgart.de" />
+	<target host="lists.iuk.hdm-stuttgart.de" />
+	<target host="monitor.iuk.hdm-stuttgart.de" />
+	<target host="omm-survey.iuk.hdm-stuttgart.de" />
+	<target host="portfolio.iuk.hdm-stuttgart.de" />
+
+	<target host="iz-intern.hdm-stuttgart.de" />
+	<target host="www.lnd.hdm-stuttgart.de" />
+
+	<target host="cub3d.mi.hdm-stuttgart.de" />
+	<target host="events.mi.hdm-stuttgart.de" />
+	<target host="freedocs.mi.hdm-stuttgart.de" />
+	<target host="gitlab.mi.hdm-stuttgart.de" />
+	<target host="laps.mi.hdm-stuttgart.de" />
+	<target host="learn.mi.hdm-stuttgart.de" />
+	<target host="learn2.mi.hdm-stuttgart.de" />
+	<target host="mail.mi.hdm-stuttgart.de" />
+	<target host="mailrepl.mi.hdm-stuttgart.de" />
+	<target host="mailsrv.mi.hdm-stuttgart.de" />
+	<target host="maven.mi.hdm-stuttgart.de" />
+	<target host="mirror.mi.hdm-stuttgart.de" />
+	<target host="misvn.mi.hdm-stuttgart.de" />
+	<target host="newscorpus.mi.hdm-stuttgart.de" />
+	<target host="sbeat.mi.hdm-stuttgart.de" />
+	<target host="ubs.mi.hdm-stuttgart.de" />
+	<target host="wiki.mi.hdm-stuttgart.de" />
+
+	<target host="mw.hdm-stuttgart.de" />
+	<target host="otrs.hdm-stuttgart.de" />
+	<target host="oxdav.hdm-stuttgart.de" />
+	<target host="ox.hdm-stuttgart.de" />
+
+	<target host="smarthouse.remex.hdm-stuttgart.de" />
+	<target host="smarthouse-dev.remex.hdm-stuttgart.de" />
+	<target host="urclab.remex.hdm-stuttgart.de" />
+
+	<target host="splan.hdm-stuttgart.de" />
+	<target host="status.hdm-stuttgart.de" />
+	<target host="vfx-web.hdm-stuttgart.de" />
+	<target host="vs.hdm-stuttgart.de" />
+	<target host="vw-online.hdm-stuttgart.de" />
+
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/HDME.eu.xml b/src/chrome/content/rules/HDME.eu.xml
new file mode 100644
index 000000000000..c3b76ae356b5
--- /dev/null
+++ b/src/chrome/content/rules/HDME.eu.xml
@@ -0,0 +1,6 @@
+<ruleset name="HDME.eu">
+	<target host="hdme.eu" />
+	<target host="www.hdme.eu" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/HDSA.xml b/src/chrome/content/rules/HDSA.xml
index e5db938fe46f..3e15918293a2 100644
--- a/src/chrome/content/rules/HDSA.xml
+++ b/src/chrome/content/rules/HDSA.xml
@@ -1,9 +1,16 @@
-<ruleset name="Huntington's Disease Society of America" platform="mixedcontent">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://hdsa.org/ => https://www.hdsa.org/: Too many redirects while fetching 'https://www.hdsa.org/'
+Fetch error: http://www.hdsa.org/ => https://www.hdsa.org/: Too many redirects while fetching 'https://www.hdsa.org/'
+
+-->
+<ruleset name="Huntington's Disease Society of America" platform="mixedcontent" default_off="failed ruleset test">
 	<target host="hdsa.org" />
 	<target host="www.hdsa.org" />
 
 	<!-- Invoking https://hdsa.org/ produces a certificate error,
 	so redirect https://hdsa.org/ to https://www.hdsa.org/ -->
-	<rule from="^https?://hdsa\.org/" to="https://www.hdsa.org/" />
+	<rule from="^http://hdsa\.org/" to="https://www.hdsa.org/" />
 	<rule from="^http://www\.hdsa\.org/" to="https://www.hdsa.org/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/HDserviceproviders.com.xml b/src/chrome/content/rules/HDserviceproviders.com.xml
index 7fe2badb678f..f286c534635c 100644
--- a/src/chrome/content/rules/HDserviceproviders.com.xml
+++ b/src/chrome/content/rules/HDserviceproviders.com.xml
@@ -13,7 +13,6 @@
 	<securecookie host="^www\.hdserviceproviders\.com$" name=".+" />
 
 
-	<rule from="^http://www\.hdserviceproviders\.com/"
-		to="https://www.hdserviceproviders.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/HDtracks.com.xml b/src/chrome/content/rules/HDtracks.com.xml
index a47d81ab47a6..ea197f199c2a 100644
--- a/src/chrome/content/rules/HDtracks.com.xml
+++ b/src/chrome/content/rules/HDtracks.com.xml
@@ -18,7 +18,6 @@
 	<securecookie host="^www\.hdtracks\.com$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?hdtracks\.com/"
-		to="https://www.hdtracks.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/HEA.net.xml b/src/chrome/content/rules/HEA.net.xml
new file mode 100644
index 000000000000..81c66d894a9d
--- /dev/null
+++ b/src/chrome/content/rules/HEA.net.xml
@@ -0,0 +1,16 @@
+<!--
+	^hea.net doesn't exist.
+
+-->
+<ruleset name="HEA.net">
+
+	<target host="www.hea.net" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/HFO-Telecom.xml b/src/chrome/content/rules/HFO-Telecom.xml
new file mode 100644
index 000000000000..712b0c2f831e
--- /dev/null
+++ b/src/chrome/content/rules/HFO-Telecom.xml
@@ -0,0 +1,33 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cdn.hfo-telecom.de/ => https://cdn.hfo-telecom.de/: (60, 'SSL certificate problem: self signed certificate')
+Fetch error: http://chat.hfo-telecom.de/ => https://chat.hfo-telecom.de/: (60, 'SSL certificate problem: self signed certificate')
+Fetch error: http://flatkomfort.telefonanschluss.de/ => https://flatkomfort.telefonanschluss.de/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://hfo-telecom.de/ => https://hfo-telecom.de/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://phpmyadmin.ds3.hfonetz.de/ => https://phpmyadmin.ds3.hfonetz.de/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://portal.hfo-telecom.de/ => https://portal.hfo-telecom.de/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://rechnung.hfo-telecom.de/ => https://rechnung.hfo-telecom.de/: (28, 'Connection timed out after 20002 milliseconds')
+Fetch error: http://telefonanschluss.de/ => https://telefonanschluss.de/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://wiki.hfo-telecom.de/ => https://wiki.hfo-telecom.de/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.hfo-telecom.de/ => https://www.hfo-telecom.de/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.telefonanschluss.de/ => https://www.telefonanschluss.de/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+-->
+<ruleset name="HFO Telecom AG" default_off="failed ruleset test">
+
+	<target host="cdn.hfo-telecom.de"/>
+	<target host="chat.hfo-telecom.de"/>
+	<target host="flatkomfort.telefonanschluss.de"/>
+	<target host="hfo-telecom.de"/>
+	<target host="phpmyadmin.ds3.hfonetz.de"/>
+	<target host="portal.hfo-telecom.de"/>
+	<target host="rechnung.hfo-telecom.de"/>
+	<target host="telefonanschluss.de"/>
+	<target host="wiki.hfo-telecom.de"/>
+	<target host="www.hfo-telecom.de"/>
+	<target host="www.telefonanschluss.de"/>
+
+	<rule from="^http:" to="https:"/>
+
+</ruleset>
diff --git a/src/chrome/content/rules/HGO.se.xml b/src/chrome/content/rules/HGO.se.xml
index dc13a1b5b3dd..fe43000ee6a7 100644
--- a/src/chrome/content/rules/HGO.se.xml
+++ b/src/chrome/content/rules/HGO.se.xml
@@ -1,4 +1,15 @@
-<ruleset name="HGO.se">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.hgo.se/ => https://www.hgo.se/: (51, "SSL: no alternative certificate subject name matches target host name 'campusgotland.uu.se'")
+Fetch error: http://hgo.se/ => https://www.hgo.se/: (51, "SSL: no alternative certificate subject name matches target host name 'campusgotland.uu.se'")
+Fetch error: http://space.hgo.se/ => https://space.hgo.se/: (60, 'SSL certificate problem: certificate has expired')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.hgo.se/ => https://www.hgo.se/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://hgo.se/ => https://www.hgo.se/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+-->
+<ruleset name="HGO.se" default_off="failed ruleset test">
 	<target host="www.hgo.se" />
 	<target host="hgo.se" />
 	<target host="space.hgo.se" />
diff --git a/src/chrome/content/rules/HGST.com.xml b/src/chrome/content/rules/HGST.com.xml
index cc9aa9e2f88e..8d6740a1a106 100644
--- a/src/chrome/content/rules/HGST.com.xml
+++ b/src/chrome/content/rules/HGST.com.xml
@@ -1,18 +1,23 @@
 <!--
-	Nonfunctional subdomains:
+	Nonfunctional hosts in *hgst.com:
 
-		- (www.)	(redirects to http)
+		- blog ʳ
+
+	ʳ Refused
 
 -->
 <ruleset name="HGST.com (partial)">
 
+	<target host="hgst.com" />
+	<target host="www.hgst.com" />
+	<target host="www1.hgst.com" />
 	<target host="www2.hgst.com" />
 
 
-	<securecookie host="^www2\.hgst\.com$" name=".+" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^http://www2\.hgst\.com/"
-		to="https://www2.hgst.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/HH.ru.xml b/src/chrome/content/rules/HH.ru.xml
new file mode 100644
index 000000000000..d947cffb1b52
--- /dev/null
+++ b/src/chrome/content/rules/HH.ru.xml
@@ -0,0 +1,240 @@
+<!--
+	Other HeadHunter rulesets:
+
+		- Career.ru.xml
+		- HH_CDN.ru.xml
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- hh.ru
+		- .hh.ru
+		- domodedovo.hh.ru
+		- elektrougli.hh.ru
+		- khimki.hh.ru
+		- lobnya.hh.ru
+		- mytischi.hh.ru
+		- podolsk.hh.ru
+		- www.hh.ru
+		- . . .
+
+-->
+<ruleset name="HH.ru">
+
+	<target host="hh.ru" />
+	<target host="*.hh.ru" />
+
+		<exclusion pattern="^http://(?:[^./]+\.){2}hh\.ru/" />
+
+			<!--	+ve:
+					-->
+			<test url="http://this.host.hh.ru/" />
+			<test url="http://exists.not.hh.ru/" />
+
+		<test url="http://abinsk.hh.ru/" />
+		<test url="http://adler.hh.ru/" />
+		<test url="http://afghanistan.hh.ru/" />
+		<test url="http://aginskoye.hh.ru/" />
+		<test url="http://agryz.hh.ru/" />
+		<test url="http://alagir.hh.ru/" />
+		<test url="http://angarsk.hh.ru/" />
+		<test url="http://arkadak.hh.ru/" />
+		<test url="http://armavir.hh.ru/" />
+		<test url="http://babaevo.hh.ru/" />
+		<test url="http://bagrationovsk.hh.ru/" />
+		<test url="http://baksan.hh.ru/" />
+		<test url="http://balashikha.hh.ru/" />
+		<test url="http://bavly.hh.ru/" />
+		<test url="http://beliy.hh.ru/" />
+		<test url="http://belomorsk.hh.ru/" />
+		<test url="http://belousovo.hh.ru/" />
+		<test url="http://beslan.hh.ru/" />
+		<test url="http://bezhetsk.hh.ru/" />
+		<test url="http://bikin.hh.ru/" />
+		<test url="http://boguchar.hh.ru/" />
+		<test url="http://boksitogorsk.hh.ru/" />
+		<test url="http://bologoe.hh.ru/" />
+		<test url="http://borovichi.hh.ru/" />
+		<test url="http://bryansk.hh.ru/" />
+		<test url="http://buj.hh.ru/" />
+		<test url="http://cambodia.hh.ru/" />
+		<test url="http://chaplygin.hh.ru/" />
+		<test url="http://chusovoi.hh.ru/" />
+		<test url="http://croatia.hh.ru/" />
+		<test url="http://demidov.hh.ru/" />
+		<test url="http://desnogorsk.hh.ru/" />
+		<test url="http://dev.hh.ru/" />
+		<test url="http://dmitriev-lgovskiy.hh.ru/" />
+		<test url="http://dno.hh.ru/" />
+		<test url="http://domodedovo.hh.ru/" />
+		<test url="http://dorogobuzh.hh.ru/" />
+		<test url="http://dukhovschina.hh.ru/" />
+		<test url="http://dyatkovo.hh.ru/" />
+		<test url="http://dzerzhinsk.hh.ru/" />
+		<test url="http://dzerzhinskij.hh.ru/" />
+		<test url="http://elektrougli.hh.ru/" />
+		<test url="http://gagarin.hh.ru/" />
+		<test url="http://galich.hh.ru/" />
+		<test url="http://gatchina.hh.ru/" />
+		<test url="http://gdov.hh.ru/" />
+		<test url="http://georgia.hh.ru/" />
+		<test url="http://golitsino.hh.ru/" />
+		<test url="http://gurievsk-kaliningrad.hh.ru/" />
+		<test url="http://gusinoozyorsk.hh.ru/" />
+		<test url="http://gvardeysk.hh.ru/" />
+		<test url="http://hotkovo.hh.ru/" />
+		<test url="http://i-dev.hh.ru/" />
+		<test url="http://i.hh.ru/" />
+		<test url="http://ishim.hh.ru/" />
+		<test url="http://ivangorod.hh.ru/" />
+		<test url="http://ivanteevka.hh.ru/" />
+		<test url="http://kaliningrad.hh.ru/" />
+		<test url="http://kaluga.hh.ru/" />
+		<test url="http://kamchatka.hh.ru/" />
+		<test url="http://kamennogorsk.hh.ru/" />
+		<test url="http://karachev.hh.ru/" />
+		<test url="http://kareliya.hh.ru/" />
+		<test url="http://kashin.hh.ru/" />
+		<test url="http://kearse.hh.ru/" />
+		<test url="http://khabarovsk.hh.ru/" />
+		<test url="http://khimki.hh.ru/" />
+		<test url="http://kholmsk.hh.ru/" />
+		<test url="http://kingisepp.hh.ru/" />
+		<test url="http://kirishi.hh.ru/" />
+		<test url="http://kirovsk-leningrad.hh.ru/" />
+		<test url="http://kizlyar.hh.ru/" />
+		<test url="http://kologriv.hh.ru/" />
+		<test url="http://kommunar.hh.ru/" />
+		<test url="http://komsomolsk-na-amure.hh.ru/" />
+		<test url="http://kondopoga.hh.ru/" />
+		<test url="http://kostroma.hh.ru/" />
+		<test url="http://kovrov.hh.ru/" />
+		<test url="http://krasnoarmejsk.hh.ru/" />
+		<test url="http://krasnogorsk.hh.ru/" />
+		<test url="http://krasnoznamensk.hh.ru/" />
+		<test url="http://krymsk.hh.ru/" />
+		<test url="http://kubinka.hh.ru/" />
+		<test url="http://kurchatov.hh.ru/" />
+		<test url="http://kurovskoye.hh.ru/" />
+		<test url="http://kursk.hh.ru/" />
+		<test url="http://lakinsk.hh.ru/" />
+		<test url="http://likino-dulyovo.hh.ru/" />
+		<test url="http://lipetsk.hh.ru/" />
+		<test url="http://lobnya.hh.ru/" />
+		<test url="http://lomonosov.hh.ru/" />
+		<test url="http://lyubertsy.hh.ru/" />
+		<test url="http://makariev.hh.ru/" />
+		<test url="http://malaya-vishera.hh.ru/" />
+		<test url="http://manturovo.hh.ru/" />
+		<test url="http://mariinsk.hh.ru/" />
+		<test url="http://monchegorsk.hh.ru/" />
+		<test url="http://mytischi.hh.ru/" />
+		<test url="http://nadym.hh.ru/" />
+		<test url="http://naryan-mar.hh.ru/" />
+		<test url="http://navoloki.hh.ru/" />
+		<test url="http://nazran.hh.ru/" />
+		<test url="http://nenets.hh.ru/" />
+		<test url="http://nerekhta.hh.ru/" />
+		<test url="http://netherlands.hh.ru/" />
+		<test url="http://nevel.hh.ru/" />
+		<test url="http://neya.hh.ru/" />
+		<test url="http://nikolaevsk-na-amure.hh.ru/" />
+		<test url="http://novgorod.hh.ru/" />
+		<test url="http://novomichurinsk.hh.ru/" />
+		<test url="http://novorzhev.hh.ru/" />
+		<test url="http://novosibirsk.hh.ru/" />
+		<test url="http://novotroick.hh.ru/" />
+		<test url="http://nyagan.hh.ru/" />
+		<test url="http://ob.hh.ru/" />
+		<test url="http://obninsk.hh.ru/" />
+		<test url="http://ocher.hh.ru/" />
+		<test url="http://odintsovo.hh.ru/" />
+		<test url="http://okha.hh.ru/" />
+		<test url="http://okulovka.hh.ru/" />
+		<test url="http://orel.hh.ru/" />
+		<test url="http://otradnyj.hh.ru/" />
+		<test url="http://ozery.hh.ru/" />
+		<test url="http://perevoz.hh.ru/" />
+		<test url="http://pestovo.hh.ru/" />
+		<test url="http://petrozavodsk.hh.ru/" />
+		<test url="http://pevek.hh.ru/" />
+		<test url="http://pochep.hh.ru/" />
+		<test url="http://pochinok.hh.ru/" />
+		<test url="http://podolsk.hh.ru/" />
+		<test url="http://pokhvistnevo.hh.ru/" />
+		<test url="http://polarnyj.hh.ru/" />
+		<test url="http://pskov.hh.ru/" />
+		<test url="http://pugachev.hh.ru/" />
+		<test url="http://qatar.hh.ru/" />
+		<test url="http://rameshki.hh.ru/" />
+		<test url="http://ruza.hh.ru/" />
+		<test url="http://sakha.hh.ru/" />
+		<test url="http://saratov.hh.ru/" />
+		<test url="http://sergievposad.hh.ru/" />
+		<test url="http://shakhty.hh.ru/" />
+		<test url="http://slavgorod.hh.ru/" />
+		<test url="http://smolensk.hh.ru/" />
+		<test url="http://soltsy.hh.ru/" />
+		<test url="http://sorochinsk.hh.ru/" />
+		<test url="http://sortavala.hh.ru/" />
+		<test url="http://sovetskij.hh.ru/" />
+		<test url="http://spb.hh.ru/" />
+		<test url="http://staritsa.hh.ru/" />
+		<test url="http://sudogda.hh.ru/" />
+		<test url="http://sudzha.hh.ru/" />
+		<test url="http://suojarvi.hh.ru/" />
+		<test url="http://suzdal.hh.ru/" />
+		<test url="http://svirsk.hh.ru/" />
+		<test url="http://trubchevsk.hh.ru/" />
+		<test url="http://tula.hh.ru/" />
+		<test url="http://tuymazy.hh.ru/" />
+		<test url="http://tver.hh.ru/" />
+		<test url="http://tverskayaoblast.hh.ru/" />
+		<test url="http://velikie-luki.hh.ru/" />
+		<test url="http://velizh.hh.ru/" />
+		<test url="http://venev.hh.ru/" />
+		<test url="http://verkhoyansk.hh.ru/" />
+		<test url="http://vesyegonsk.hh.ru/" />
+		<test url="http://vietnam.hh.ru/" />
+		<test url="http://volga.hh.ru/" />
+		<test url="http://volgograd.hh.ru/" />
+		<test url="http://volgorechensk.hh.ru/" />
+		<test url="http://volkhov.hh.ru/" />
+		<test url="http://vologda.hh.ru/" />
+		<test url="http://volosovo.hh.ru/" />
+		<test url="http://voronezh.hh.ru/" />
+		<test url="http://vsevolozhsk.hh.ru/" />
+		<test url="http://vyazemsky.hh.ru/" />
+		<test url="http://vyazma.hh.ru/" />
+		<test url="http://vyborg.hh.ru/" />
+		<test url="http://vyshny-volochok.hh.ru/" />
+		<test url="http://vysotsk.hh.ru/" />
+		<test url="http://www.hh.ru/" />
+		<test url="http://yadrin.hh.ru/" />
+		<test url="http://yaroslavl.hh.ru/" />
+		<test url="http://zapadnaya-dvina.hh.ru/" />
+		<test url="http://zelenodolsk.hh.ru/" />
+		<test url="http://zelenograd.hh.ru/" />
+		<test url="http://zhukov.hh.ru/" />
+		<test url="http://zhukovka.hh.ru/" />
+		<test url="http://zhukovsky.hh.ru/" />
+		<test url="http://zlynka.hh.ru/" />
+		<test url="http://zubtsov.hh.ru/" />
+		<test url="http://zvenigorod.hh.ru/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^hh\.ru$" name="^(?:_xsrf|crypted_id|hhtoken|hhuid)$" /-->
+	<!--securecookie host="^\.hh\.ru$" name="^(?:_xsrf|crypted_id|hhtoken|hhuid)$" /-->
+	<!--securecookie host="^(?:domodedovo|elektrougli|lobnya|mytischi|podolsk|zelenograd)\.hh\.ru$" name="^(?:_xsrf|crypted_id|hhrole|hhtoken|regions|unique_banner_user)$" /-->
+	<!--securecookie host="^khimki\.hh\.ru$" name="^(?:_xsrf|hhrole|regions|unique_banner_user)$" /-->
+	<!--securecookie host="^www\.hh\.ru$" name="^(?:_xsrf|hhtoken|hhuid)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/HHVM.com.xml b/src/chrome/content/rules/HHVM.com.xml
new file mode 100644
index 000000000000..cac0f52e4236
--- /dev/null
+++ b/src/chrome/content/rules/HHVM.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="HHVM.com">
+	<target host="hhvm.com" />
+	<target host="www.hhvm.com" />
+	<target host="dl.hhvm.com" />
+	<target host="dl2.hhvm.com" />
+	<target host="docs.hhvm.com" />
+	<target host="staging.docs.hhvm.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/HH_CDN.ru.xml b/src/chrome/content/rules/HH_CDN.ru.xml
new file mode 100644
index 000000000000..b8c904a0183a
--- /dev/null
+++ b/src/chrome/content/rules/HH_CDN.ru.xml
@@ -0,0 +1,25 @@
+<!--
+	For other HeadHunter coverage, see HH.ru.xml.
+
+
+	www.hhcdn.ru: Mismatched
+
+-->
+<ruleset name="HH CDN.ru">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="hhcdn.ru" />
+
+	<!--	Complications:
+				-->
+	<target host="www.hhcdn.ru" />
+
+
+	<rule from="^http://www\.hhcdn\.ru/"
+		to="https://hhcdn.ru/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/HI.is-falsemixed.xml b/src/chrome/content/rules/HI.is-falsemixed.xml
new file mode 100644
index 000000000000..ec1d17d51f85
--- /dev/null
+++ b/src/chrome/content/rules/HI.is-falsemixed.xml
@@ -0,0 +1,18 @@
+<!--
+	For other University of Iceland coverage, see HI.is.xml.
+
+-->
+<ruleset name="HI.is (false MCB)" platform="mixedcontent">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="vefir.hi.is" />
+
+
+	<securecookie host="^vefir\.hi\.is$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/HI.is.xml b/src/chrome/content/rules/HI.is.xml
new file mode 100644
index 000000000000..5de027180db5
--- /dev/null
+++ b/src/chrome/content/rules/HI.is.xml
@@ -0,0 +1,96 @@
+<!--
+	University of Iceland
+
+	For rules causing false/broken MCB, see HI.is-falsemixed.xml.
+
+
+	Nonfunctional hosts in *hi.is:
+
+		- (www.)? ¹
+		- english ¹
+		- (www.)?ged ²
+		- hpc ³
+		- midstodframhaldsnams ²
+		- (www.)?nshi ²
+
+		- (www.)?rhi ²
+		- icinga.rhi ²
+		- munin.rhi ⁴
+
+		- (www.)?sjodir ²
+		- starfsfolk ¹
+		- dev9.stofnanir ⁵
+		- vefsetur ¹
+
+	¹ Redirects to http
+	² Refused
+	³ Shows default page
+	⁴ Dropped
+	⁵ Shows trabant.rhi.hi.is
+
+
+	Problematic hosts in *hi.is:
+
+		- ask ¹ ² ³
+		- trabant.rhi ¹ ⁴
+		- vefir ³
+
+	¹ Expired
+	² Mismatched
+	³ Mixed css
+	⁴ Self-signed
+
+
+	Insecure cookies are set for these hosts:
+
+		- kennslumidstod.hi.is
+		- nemendafelog.hi.is
+		- ugla.hi.is
+		- uni.hi.is
+		- vefir.hi.is
+		- webmail.hi.is
+
+
+	Mixed content:
+
+		- css on vefir from $self
+		- Images on vefir from $self
+
+-->
+<ruleset name="HI.is (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="kennslumidstod.hi.is" />
+	<target host="nemendafelog.hi.is" />
+	<target host="notendur.hi.is" />
+	<target host="ugla.hi.is" />
+	<target host="uni.hi.is" />
+	<!--target host="vefir.hi.is" /-->
+	<target host="visindavefur.hi.is" />
+	<target host="webmail.hi.is" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://(?:www\.)?hi\.is/(?:$|site/)" /-->
+		<!--exclusion pattern="^http://english\.hi\.is/(?:$|sites/)" /-->
+		<!--exclusion pattern="^http://starfsfolk\.hi.is/(?:$|faculty$|sites/)" /-->
+		<!--exclusion pattern="^http://vefsetur\.hi.is/(?:$|ritver/tenglar|sites/)" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^kennslumidstod\.hi\.is$" name="^(?:[\da-f]{32}|ja_university_tpl)$" /-->
+	<!--securecookie host="^nemendafelog\.hi\.is$" name="^bb2_screener$" /-->
+	<!--securecookie host="^ugla\.hi\.is$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^uni\.hi\.is$" name="^(?:bb2_screener|slimstat_tracking_code)$" /-->
+	<!--securecookie host="^vefir\.hi\.is$" name="^bb2_screener$" /-->
+	<!--securecookie host="^webmail\.hi\.is$" name="^SQMSESSID$" /-->
+
+	<securecookie host="^(?:kennslumidstod|nemendafelog|ugla|uni|webmail)\.hi\.is$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/HIBAPRESS.com.xml b/src/chrome/content/rules/HIBAPRESS.com.xml
new file mode 100644
index 000000000000..d3fbe347a1b5
--- /dev/null
+++ b/src/chrome/content/rules/HIBAPRESS.com.xml
@@ -0,0 +1,15 @@
+<ruleset name="HIBAPRESS.com">
+	<target host="hibapress.com" />
+	<target host="www.hibapress.com" />
+	<target host="www.guercif.hibapress.com" />
+	<target host="ar.hibapress.com" />
+	<target host="en.hibapress.com" />
+	<target host="fr.hibapress.com" />
+	<target host="hanya.hibapress.com" />
+	<target host="islam.hibapress.com" />
+	<target host="static.hibapress.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/HIG.se.xml b/src/chrome/content/rules/HIG.se.xml
index 4dd8f34c0ddd..30a4b86311c3 100644
--- a/src/chrome/content/rules/HIG.se.xml
+++ b/src/chrome/content/rules/HIG.se.xml
@@ -1,4 +1,14 @@
-<ruleset name="HIG.se">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.hig.se/ => https://www.hig.se/: Too many redirects while fetching 'https://www.hig.se/'
+Fetch error: http://hig.se/ => https://www.hig.se/: Too many redirects while fetching 'https://www.hig.se/'
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.hig.se/ => https://www.hig.se/: Cycle detected - URL already encountered: https://www.hig.se/
+Fetch error: http://hig.se/ => https://www.hig.se/: Cycle detected - URL already encountered: https://www.hig.se/
+-->
+<ruleset name="HIG.se" default_off="failed ruleset test">
 	<target host="www.hig.se" />
 	<target host="hig.se" />
 	<rule from="^http://hig\.se/" to="https://www.hig.se/"/>
diff --git a/src/chrome/content/rules/HIIG.de.xml b/src/chrome/content/rules/HIIG.de.xml
new file mode 100644
index 000000000000..13e52e66f516
--- /dev/null
+++ b/src/chrome/content/rules/HIIG.de.xml
@@ -0,0 +1,39 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- hiig.de
+		- www.hiig.de
+
+
+	Mixed content:
+
+		- css on www from fonts.googleapis.com *
+
+		- Images, on:
+
+			- os from www.openingscience.org
+			- os, www from $self
+
+	* Secured by us
+
+-->
+<ruleset name="HIIG.de" default_off="mismatched, self-signed">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="hiig.de" />
+	<target host="os.hiig.de" />
+	<target host="www.hiig.de" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?hiig\.de$" name="^_icl_current_language$" /-->
+
+	<securecookie host="^(?:www\.)?hiig\.de$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/HITBSecConf.xml b/src/chrome/content/rules/HITBSecConf.xml
index 615c88ca70a9..0553f0ac444f 100644
--- a/src/chrome/content/rules/HITBSecConf.xml
+++ b/src/chrome/content/rules/HITBSecConf.xml
@@ -3,16 +3,23 @@
 
 		- (www.)	(works; mismatched, CN: news.hitb.org)
 
+
+	Mixed content:
+
+		- css on conference from fonts.googleapis.com *
+
+	* Secured by us
+
 -->
 <ruleset name="HITBSecConf">
 
-	<target host="*.hitb.org" />
+	<target host="conference.hitb.org" />
+	<target host="news.hitb.org" />
 
 
 	<securecookie host="^(?:conference|news)\.hitb\.org$" name=".+" />
 
 
-	<rule from="^http://(conference|news)\.hitb\.org/"
-		to="https://$1.hitb.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/HJCMS.de.xml b/src/chrome/content/rules/HJCMS.de.xml
new file mode 100644
index 000000000000..67d0b7c71da5
--- /dev/null
+++ b/src/chrome/content/rules/HJCMS.de.xml
@@ -0,0 +1,20 @@
+<!--
+	Non-functional hosts
+		SSL connect error:
+		- hjcms.de
+		- www.hjcms.de
+		- ark.hjcms.de
+		- downloads.hjcms.de
+		- qx11grab.hjcms.de
+		- xhtmldbg.hjcms.de
+-->
+<ruleset name="HJCMS.de" default_off="ssl-error">
+	<target host="hjcms.de" />
+	<target host="www.hjcms.de" />
+	<target host="ark.hjcms.de" />
+	<target host="downloads.hjcms.de" />
+	<target host="qx11grab.hjcms.de" />
+	<target host="xhtmldbg.hjcms.de" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/HJCMS.xml b/src/chrome/content/rules/HJCMS.xml
deleted file mode 100644
index 8c510e3a815b..000000000000
--- a/src/chrome/content/rules/HJCMS.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="HJCMS (CAcert)" platform="cacert">
-
-	<target host="hjcms.de"/>
-	<target host="*.hjcms.de"/>
-	<!--	* for cross-domain cookie	-->
-	<target host="*.qx11grab.hjcms.de"/>
-
-	<securecookie host="^(.*\.)?hjcms\.de$" name=".*"/>
-
-	<rule from="^http://(\w+\.)?hjcms\.de/"
-		to="https://$1hjcms.de/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/HJR-Verlag.de.xml b/src/chrome/content/rules/HJR-Verlag.de.xml
new file mode 100644
index 000000000000..aa286feb3291
--- /dev/null
+++ b/src/chrome/content/rules/HJR-Verlag.de.xml
@@ -0,0 +1,25 @@
+<!--
+	^: cert only matches *.hjr-verlag.de
+
+-->
+<ruleset name="HJR-Verlag.de">
+
+	<target host="hjr-verlag.de" />
+	<target host="www.hjr-verlag.de" />
+	<target host="mediendb.hjr-verlag.de" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^mediendb\.hjr-verlag\.de$" name="^(BIGipServerlb-hjr-kv_http|JSESSIONID)$" /-->
+	<!--securecookie host="^www\.hjr-verlag\.de$" name="^language$" /-->
+
+	<securecookie host="^(?:mediendb|www)\.hjr-verlag\.de$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?hjr-verlag\.de/"
+		to="https://www.hjr-verlag.de/" />
+
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/HK01.com.xml b/src/chrome/content/rules/HK01.com.xml
new file mode 100644
index 000000000000..3644075e640e
--- /dev/null
+++ b/src/chrome/content/rules/HK01.com.xml
@@ -0,0 +1,33 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate or SSH remote key was not OK:
+			 - 2016legcoelection.hk01.com
+			 - campaign.hk01.com
+			 - legcogame.hk01.com
+			 - philosophy.hk01.com
+
+		4xx client error:
+			 - commentbox.hk01.com
+
+		Mixed content blocking (MCB) tiggered:
+			 - 2016uselection.hk01.com
+			 - 2017hkceelection.hk01.com
+			 - biography.hk01.com
+-->
+<ruleset name="HK01.com">
+	<target host="hk01.com" />
+	<target host="www.hk01.com" />
+	<target host="2017hkmarathon.hk01.com" />
+	<target host="cdn.hk01.com" />
+	<target host="hkbudget2017.hk01.com" />
+	<target host="martialab.hk01.com" />
+	<target host="objecta.hk01.com" />
+	<target host="rpayment.hk01.com" />
+	<target host="space.hk01.com" />
+	<target host="subscribe.hk01.com" />
+	<target host="tech.hk01.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/HKET.com.xml b/src/chrome/content/rules/HKET.com.xml
new file mode 100644
index 000000000000..fe0ae7c094fd
--- /dev/null
+++ b/src/chrome/content/rules/HKET.com.xml
@@ -0,0 +1,40 @@
+<!--
+	Non-functional hosts
+		Timeout was reached:
+		- ls.hket.com
+
+		Mixed content blocking (MCB) triggered:
+		- invest1.hket.com
+		- www1.hket.com
+-->
+<ruleset name="HKET.com">
+	<target host="hket.com" />
+	<target host="www.hket.com" />
+	<target host="china.hket.com" />
+	<target host="event.hket.com" />
+	<target host="epay.hket.com" />
+		<test url="http://epay.hket.com/cir/pay?name=IM20190507" />
+	<target host="eti.hket.com" />
+		<test url="http://eti.hket.com/pc/theme/OUHK30/?mtc=80008" />
+	<target host="imoney.hket.com" />
+	<target host="inews.hket.com" />
+	<target host="invest.hket.com" />
+	<target host="m.hket.com" />
+	<target host="marketing.hket.com" />
+	<target host="mkt1.hket.com" />
+		<test url="http://mkt1.hket.com/mtwealthmgt/spreadsheet/interest.xls" />
+	<target host="mkt2.hket.com" />
+		<test url="http://mkt2.hket.com/mtwealthmgt/spreadsheet/interest.xls" />
+	<target host="paper.hket.com" />
+	<target host="plus.hket.com" />
+	<target host="ps.hket.com" />
+	<target host="service.hket.com" />
+	<target host="sme.hket.com" />
+	<target host="topick.hket.com" />
+	<target host="topick2.hket.com" />
+	<target host="video.hket.com" />
+	<target host="wealth.hket.com" />
+	<target host="webmail.hket.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/HKEdCity.xml b/src/chrome/content/rules/HKEdCity.xml
new file mode 100644
index 000000000000..9d6a079fbe47
--- /dev/null
+++ b/src/chrome/content/rules/HKEdCity.xml
@@ -0,0 +1,12 @@
+<ruleset name="HKEdCity (partial)">
+
+	<target host="www.hkedcity.net" />
+	<target host="hkedcity.net" />
+
+	<!-- Following severs doesnt redirect user to HTTPS version automaticaly if you have never visited the HTTPS version -->
+	<target host="334.edb.hkedcity.net" />
+	<target host="edb.hkedcity.net" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/HKGOLDEN.com.xml b/src/chrome/content/rules/HKGOLDEN.com.xml
new file mode 100644
index 000000000000..04b71130ee73
--- /dev/null
+++ b/src/chrome/content/rules/HKGOLDEN.com.xml
@@ -0,0 +1,48 @@
+<!--
+	Non-functional hosts
+		Timeout was reached:
+		- awards.hkgolden.com
+		- mail.hkgolden.com
+		- mail3.hkgolden.com
+		- mail4.hkgolden.com
+
+		SSL peer certificate or SSH remote key was not OK:
+		- forum111.hkgolden.com
+-->
+<ruleset name="HKGOLDEN.com">
+	<target host="hkgolden.com" />
+	<target host="www.hkgolden.com" />
+	<target host="api.hkgolden.com" />
+	<target host="article.hkgolden.com" />
+	<target host="classbm.hkgolden.com" />
+	<target host="forum.hkgolden.com" />
+	<target host="forumd.hkgolden.com" />
+	<target host="forum1.hkgolden.com" />
+	<target host="forum10.hkgolden.com" />
+	<target host="forum11.hkgolden.com" />
+	<target host="forum12.hkgolden.com" />
+	<target host="forum13.hkgolden.com" />
+	<target host="forum14.hkgolden.com" />
+	<target host="forum15.hkgolden.com" />
+	<target host="forum2.hkgolden.com" />
+	<target host="forum3.hkgolden.com" />
+	<target host="forum4.hkgolden.com" />
+	<target host="forum5.hkgolden.com" />
+	<target host="forum6.hkgolden.com" />
+	<target host="forum7.hkgolden.com" />
+	<target host="forum8.hkgolden.com" />
+	<target host="forum9.hkgolden.com" />
+	<target host="m.hkgolden.com" />
+	<target host="m1.hkgolden.com" />
+	<target host="m2.hkgolden.com" />
+	<target host="m3.hkgolden.com" />
+	<target host="m4.hkgolden.com" />
+	<target host="m5.hkgolden.com" />
+	<target host="md.hkgolden.com" />
+	<target host="mdd.hkgolden.com" />
+	<target host="news.hkgolden.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/HKGov-AFCD.xml b/src/chrome/content/rules/HKGov-AFCD.xml
new file mode 100644
index 000000000000..47ea49d28116
--- /dev/null
+++ b/src/chrome/content/rules/HKGov-AFCD.xml
@@ -0,0 +1,15 @@
+<!--
+	For other HK government coverage, see GovHK.xml.
+-->
+<ruleset name="Agriculture, Fisheries and Conservation Department">
+
+	<target host="www.afcd.gov.hk" />
+	<target host="afcd.gov.hk" />
+
+	<rule from="^http://afcd\.gov\.hk/"
+		to="https://www.afcd.gov.hk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/HKGov-ArchSD.xml b/src/chrome/content/rules/HKGov-ArchSD.xml
new file mode 100644
index 000000000000..ec80db9dfeb2
--- /dev/null
+++ b/src/chrome/content/rules/HKGov-ArchSD.xml
@@ -0,0 +1,11 @@
+<!--
+	For other HK government coverage, see GovHK.xml.
+-->
+<ruleset name="Architectural Services Department" default_off="cert-chain">
+
+	<target host="www.archsd.gov.hk" />
+
+	<rule from="^http:"
+	to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/HKGov-DEVB.xml b/src/chrome/content/rules/HKGov-DEVB.xml
new file mode 100644
index 000000000000..e5782ff07347
--- /dev/null
+++ b/src/chrome/content/rules/HKGov-DEVB.xml
@@ -0,0 +1,21 @@
+<!--
+	For other HK government coverage, see GovHK.xml.
+
+	Nonfunctional hosts in *.devb.gov.hk:
+		- devb.gov.hk (m)
+		- sc.devb.gov.hk (c)
+		- sc1.devb.gov.hk (t)
+		- sc2.devb.gov.hk (t)
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+	c: content at http
+-->
+<ruleset name="Development Bureau (HKSARG)">
+	<target host="www.devb.gov.hk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/HKGov-HKMA.xml b/src/chrome/content/rules/HKGov-HKMA.xml
new file mode 100644
index 000000000000..f1b784630f08
--- /dev/null
+++ b/src/chrome/content/rules/HKGov-HKMA.xml
@@ -0,0 +1,16 @@
+<!--
+	For other HK government coverage, see GovHK.xml.
+
+	Non-functional hosts
+		Peer certificate cannot be authenticated with given CA certificates:
+		- coincollection.hkma.gov.hk
+-->
+<ruleset name="Hong Kong Monetary Authority (partial)">
+	<target host="apps.hkma.gov.hk" />
+	<target host="hktr.hkma.gov.hk" />
+	<target host="secure.hkma.gov.hk" />
+	<target host="vpr.hkma.gov.hk" />
+	<target host="www.hkma.gov.hk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/HKGov-HYD.xml b/src/chrome/content/rules/HKGov-HYD.xml
new file mode 100644
index 000000000000..a71a84b66def
--- /dev/null
+++ b/src/chrome/content/rules/HKGov-HYD.xml
@@ -0,0 +1,16 @@
+<!--
+	For other HK government coverage, see GovHK.xml.
+-->
+<ruleset name="Hyd.gov.hk">
+
+	<target host="www.hyd.gov.hk" />
+	<target host="gb.hyd.gov.hk" />
+	<target host="inspection.hyd.gov.hk" />
+	<target host="xpms.hyd.gov.hk" />
+	<target host="webmail2.hyd.gov.hk"/>
+	<target host="webmail5.hyd.gov.hk"/>
+	<target host="webmail6.hyd.gov.hk"/>
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/HKGov-HousingAuth.xml b/src/chrome/content/rules/HKGov-HousingAuth.xml
new file mode 100644
index 000000000000..43b4935f80fc
--- /dev/null
+++ b/src/chrome/content/rules/HKGov-HousingAuth.xml
@@ -0,0 +1,11 @@
+<!--
+	For other HK government coverage, see GovHK.xml.
+-->
+<ruleset name="Hong Kong Housing Authority">
+
+	<target host="www.housingauthority.gov.hk" />
+
+	<rule from="^http:"
+	to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/HKGov-ITF.xml b/src/chrome/content/rules/HKGov-ITF.xml
new file mode 100644
index 000000000000..9ed2c238e424
--- /dev/null
+++ b/src/chrome/content/rules/HKGov-ITF.xml
@@ -0,0 +1,15 @@
+<!--
+	For other HK government coverage, see GovHK.xml.
+
+	not working:
+		- itf.gov.hk
+
+-->
+<ruleset name="Innovation and Technology Fund">
+
+	<target host="www.itf.gov.hk" />
+	<target host="www3.itf.gov.hk" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/HKGov-LAD.xml b/src/chrome/content/rules/HKGov-LAD.xml
new file mode 100644
index 000000000000..57601abd3f19
--- /dev/null
+++ b/src/chrome/content/rules/HKGov-LAD.xml
@@ -0,0 +1,15 @@
+<!--
+	For other HK government coverage, see GovHK.xml.
+
+	non-working subdomains
+		- www.lad.gov.hk
+		- laesp.lad.gov.hk
+-->
+<ruleset name="Legal Aid Department (partial)">
+
+	<target host="laesp1.lad.gov.hk" />
+	<target host="laesp2.lad.gov.hk" />
+
+    <rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/HKGov-LCSD.xml b/src/chrome/content/rules/HKGov-LCSD.xml
new file mode 100644
index 000000000000..0efc925b74a8
--- /dev/null
+++ b/src/chrome/content/rules/HKGov-LCSD.xml
@@ -0,0 +1,39 @@
+<!--
+	For other HK government coverage, see GovHK.xml.
+
+	Invalid certificate:
+		- oic.lcsd.gov.hk
+-->
+<ruleset name="Leisure and Cultural Services Department">
+
+	<target host="lcsd.gov.hk" />
+	<target host="www.lcsd.gov.hk" />
+	<target host="www2.lcsd.gov.hk" />
+	<target host="www3.lcsd.gov.hk" />
+
+	<target host="corporategames.lcsd.gov.hk" />
+	<target host="eaps.lcsd.gov.hk" />
+	<target host="hongkonggames.lcsd.gov.hk" />
+	<target host="sc.lcsd.gov.hk" />
+
+<!-- exceptions to prevent redirect loops -->
+	<exclusion pattern="^http://www\.lcsd\.gov\.hk/(en|tc|sc)/news\.php" />
+	<exclusion pattern="^http://www\.lcsd\.gov\.hk/(en|tc|sc)/contactus/(access|email)\.php" />
+	<exclusion pattern="^http://www\.lcsd\.gov\.hk/(en|tc|sc)/aboutlcsd/jobs\.php" />
+
+	<test url="http://www.lcsd.gov.hk/en/news.php" />
+	<test url="http://www.lcsd.gov.hk/sc/news.php" />
+	<test url="http://www.lcsd.gov.hk/tc/news.php" />
+	<test url="http://www.lcsd.gov.hk/en/contactus/access.php" />
+	<test url="http://www.lcsd.gov.hk/en/contactus/email.php" />
+	<test url="http://www.lcsd.gov.hk/sc/contactus/email.php" />
+	<test url="http://www.lcsd.gov.hk/tc/contactus/email.php" />
+	<test url="http://www.lcsd.gov.hk/en/aboutlcsd/jobs.php" />
+	<test url="http://www.lcsd.gov.hk/sc/aboutlcsd/jobs.php" />
+	<test url="http://www.lcsd.gov.hk/tc/aboutlcsd/jobs.php" />
+
+<!-- rules -->
+	<rule from="^http://(www\.)?lcsd\.gov\.hk/" to="https://www.lcsd.gov.hk/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/HKGov-NEWS.xml b/src/chrome/content/rules/HKGov-NEWS.xml
new file mode 100644
index 000000000000..018af3d7be00
--- /dev/null
+++ b/src/chrome/content/rules/HKGov-NEWS.xml
@@ -0,0 +1,20 @@
+<!--
+	For other HK government coverage, see GovHK.xml.
+
+	Nonfunctional hosts in *.news.gov.hk:
+		- news.gov.hk (m)
+		- archive.news.gov.hk (m)
+		- ktdc.news.gov.hk (m)
+		- sc.news.gov.hk (m)
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="news.gov.hk">
+	<target host="www.news.gov.hk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/HKGov-TID.xml b/src/chrome/content/rules/HKGov-TID.xml
new file mode 100644
index 000000000000..355865fb7bfd
--- /dev/null
+++ b/src/chrome/content/rules/HKGov-TID.xml
@@ -0,0 +1,19 @@
+<!--
+	For other HK government coverage, see GovHK.xml.
+
+	Invalid certificate:
+		- tid.gov.hk
+-->
+<ruleset name="Trade and Industry Department">
+
+	<target host="www.tid.gov.hk" />
+	<target host="www.bud.tid.gov.hk" />
+	<target host="www.cwc.tid.gov.hk" />
+	<target host="www.smefund.tid.gov.hk" />
+	<target host="www.stc.tid.gov.hk" />
+	<target host="www.success.tid.gov.hk" />
+
+	<rule from="^http:"
+	to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/HKN.xml b/src/chrome/content/rules/HKN.xml
index 40d9574989b9..82ce24b69165 100644
--- a/src/chrome/content/rules/HKN.xml
+++ b/src/chrome/content/rules/HKN.xml
@@ -14,7 +14,6 @@
 	<securecookie host="^(?:www\.)?hkn\.de$" name=".+" />
 
 
-	<rule from="^http://(www\.)?hkn\.de/"
-		to="https://$1hkn.de/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/HKUST-GZ.edu.cn.xml b/src/chrome/content/rules/HKUST-GZ.edu.cn.xml
new file mode 100644
index 000000000000..7ded22e4a465
--- /dev/null
+++ b/src/chrome/content/rules/HKUST-GZ.edu.cn.xml
@@ -0,0 +1,11 @@
+<!--
+	For other UST.hk related rulesets, see UST.hk.xml
+-->
+<ruleset name="HKUST-GZ.edu.cn (partial)">
+	<target host="hkust-gz.edu.cn" />
+	<target host="www.hkust-gz.edu.cn" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/HKUST.edu.cn.xml b/src/chrome/content/rules/HKUST.edu.cn.xml
new file mode 100644
index 000000000000..6b034aff4a00
--- /dev/null
+++ b/src/chrome/content/rules/HKUST.edu.cn.xml
@@ -0,0 +1,18 @@
+<!--
+	For other UST.hk related rulesets, see UST.hk.xml
+
+	Non-functional hosts:
+		Certificate mismatched:
+		- www.hkust.edu.cn
+-->
+<ruleset name="HKUST.edu.cn (partial)">
+	<target host="hkust.edu.cn" />
+	<target host="www.hkust.edu.cn" />
+
+	<securecookie host=".+" name=".+" />
+	
+	<rule from="^http://www\.hkust\.edu\.cn/"
+		  	to="https://hkust.edu.cn/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/HKUST.edu.hk.xml b/src/chrome/content/rules/HKUST.edu.hk.xml
new file mode 100644
index 000000000000..c827fd94bfad
--- /dev/null
+++ b/src/chrome/content/rules/HKUST.edu.hk.xml
@@ -0,0 +1,11 @@
+<!--
+	For other UST.hk related rulesets, see UST.hk.xml
+-->
+<ruleset name="HKUST.edu.hk (partial)">
+	<target host="hkust.edu.hk" />
+	<target host="www.hkust.edu.hk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/HKW.de.xml b/src/chrome/content/rules/HKW.de.xml
new file mode 100644
index 000000000000..2ab376a4bbd1
--- /dev/null
+++ b/src/chrome/content/rules/HKW.de.xml
@@ -0,0 +1,13 @@
+<ruleset name="HKW.de">
+
+	<target host="hkw.de" />
+	<target host="www.hkw.de" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/HK_Yanto_Yan.com-falsemixed.xml b/src/chrome/content/rules/HK_Yanto_Yan.com-falsemixed.xml
new file mode 100644
index 000000000000..87e1f99f4066
--- /dev/null
+++ b/src/chrome/content/rules/HK_Yanto_Yan.com-falsemixed.xml
@@ -0,0 +1,15 @@
+<!--
+	For rules not causing false/broken MCB, see HK_Yanto_Yan.com.xml.
+
+-->
+<ruleset name="HK Yanto Yan.com (false MCB)" platform="mixedcontent">
+
+	<target host="www.hkyantoyan.com" />
+
+
+	<securecookie host="^(?:\.|www\.)?hkyantoyan\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/HK_Yanto_Yan.com.xml b/src/chrome/content/rules/HK_Yanto_Yan.com.xml
new file mode 100644
index 000000000000..4565a2972283
--- /dev/null
+++ b/src/chrome/content/rules/HK_Yanto_Yan.com.xml
@@ -0,0 +1,31 @@
+<!--
+	For rules causing false/broken MCB, see HK_Yanto_Yan.com-falsemixed.xml.
+
+
+	Mixed content:
+
+		- css from $self *
+
+		- Images from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="HK Yanto Yan.com (partial)">
+
+	<target host="hkyantoyan.com" />
+	<target host="www.hkyantoyan.com" />
+		<!--
+			Avoid broken MCB:
+						-->
+		<exclusion pattern="http://www\.hkyantoyan\.com/+(?!favicon\.ico|wp-content/|wp-includes/)" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?hkyantoyan\.com$" name="^PHPSESSID$" /-->
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/HM.com.xml b/src/chrome/content/rules/HM.com.xml
index c3ed874d0c93..882ded3baa72 100644
--- a/src/chrome/content/rules/HM.com.xml
+++ b/src/chrome/content/rules/HM.com.xml
@@ -1,7 +1,12 @@
-<ruleset name="Hm.com">
-  <target host="www.hm.com" />
-  <target host="hm.com" />
-  <rule from="^http://www\.hm\.com/" to="https://www.hm.com/"/>
-  <rule from="^http://hm\.com/" to="https://www.hm.com/"/>
-</ruleset>
+<!--
+	Mismatched:
+		- ^
+-->
+
+<ruleset name="HM.com (partial)">
+	<target host="hm.com" />
+	<target host="www.hm.com" />
 
+	<rule from="^http://hm\.com/" to="https://www.hm.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/HMRC.gov.uk.xml b/src/chrome/content/rules/HMRC.gov.uk.xml
new file mode 100644
index 000000000000..cba964f4d1e5
--- /dev/null
+++ b/src/chrome/content/rules/HMRC.gov.uk.xml
@@ -0,0 +1,111 @@
+<!--
+	HM Revenue & Customs
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *hmrc.gov.uk:
+
+		- (www.)? ʰ
+ 		- customs ʰ
+		- tools ³
+
+	³ 403
+	ʰ Redirects to http
+
+
+	Problematic hosts in *hmrc.gov.uk:
+
+		- aka ᵐ
+		- aka-customs ᵐ
+
+	ᵐ Mismatched
+
+
+	These altnames don't exist:
+
+		- billpay.hmrc.gov.uk
+		- digital.ws.hmrc.gov.uk
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .hmrc.gov.uk
+		- customs.hmrc.gov.uk
+
+
+	Mixed content:
+
+		- Bug on customs from statse.webtrendslive.com ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="HMRC.gov.uk (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="companieshouse-online.hmrc.gov.uk" />
+	<target host="ecw.hmrc.gov.uk" />
+	<target host="esi2calculator.hmrc.gov.uk" />
+	<target host="online.hmrc.gov.uk" />
+	<target host="www.online.hmrc.gov.uk" />
+	<target host="pensionschemes.hmrc.gov.uk" />
+	<target host="public-online.hmrc.gov.uk" />
+	<target host="api.service.hmrc.gov.uk" />
+	<target host="developer.service.hmrc.gov.uk" />
+	<target host="www.tpvs.hmrc.gov.uk" />
+	<target host="tpvs2.hmrc.gov.uk" />
+	<target host="webservices.hmrc.gov.uk" />
+
+	<target host="dps.ws.hmrc.gov.uk" />
+	<target host="emcs.ws.hmrc.gov.uk" />
+	<target host="ics.ws.hmrc.gov.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="hmrc.gov.uk" />
+	<target host="aka.hmrc.gov.uk" />
+	<target host="www.hmrc.gov.uk" />
+
+		<!--	Not all paths redirect to www.gov.uk
+								-->
+		<exclusion pattern="^http://(?:aka\.|www\.)?hmrc\.gov\.uk/+(?!$|\?|index\.htm)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://aka.hmrc.gov.uk/Default.aspx" />
+			<test url="http://hmrc.gov.uk/Default.aspx" />
+			<test url="http://www.hmrc.gov.uk/Default.aspx" />
+			<test url="http://www.hmrc.gov.uk/adjustednetincome/" />
+			<test url="http://www.hmrc.gov.uk/charitiesonline" />
+			<test url="http://www.hmrc.gov.uk/complaint" />
+			<test url="http://www.hmrc.gov.uk/sa103s" />
+			<test url="http://www.hmrc.gov.uk/vat/" />
+
+			<!--	-ve:
+					-->
+			<test url="http://hmrc.gov.uk/index.htm" />
+			<test url="http://aka.hmrc.gov.uk/index.htm" />
+			<test url="http://www.hmrc.gov.uk/index.htm" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.hmrc\.gov\.uk$" name="^X_DEVICE_ID$" /-->
+	<!--securecookie host="^customs\.hmrc\.gov\.uk$" name="^TS[\da-f]+$" /-->
+
+	<securecookie host="^\." name="^X_DEVICE_ID$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<!--	Redirect drops forward slash,
+		path (index.htm), and args:
+						-->
+	<rule from="^http://(?:aka\.|www\.)?hmrc\.gov\.uk/.*"
+		to="https://www.gov.uk/government/organisations/hm-revenue-customs" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/HMV.xml b/src/chrome/content/rules/HMV.xml
index 934c070d7269..e0d91a3c77bf 100644
--- a/src/chrome/content/rules/HMV.xml
+++ b/src/chrome/content/rules/HMV.xml
@@ -3,19 +3,38 @@
 
 		- HMV_Japan.xml
 
+
+	Nonfunctional domains:
+
+		- hmv.co.uk ¹
+		- www.hmv.co.uk ²
+
+		- hmv.com ¹
+		- www.hmv.com ¹
+
+	¹ Handshake fails
+	² Dropped
+
+
+	Problematic domains:
+
+		- www3.hmv.co.uk *
+
+	* Expired 2013
+
 -->
-<ruleset name="HMV">
-  <target host="www.hmv.com" />
-  <target host="hmv.com" />
-  <target host="hmv.co.uk" />
-  <target host="www.hmv.co.uk" />
+<ruleset name="HMV (partial)" default_off="expired">
+  <!--target host="www.hmv.com" /-->
+  <!--target host="hmv.com" /-->
+  <!--target host="hmv.co.uk" /-->
+  <!--target host="www.hmv.co.uk" /-->
   <target host="www3.hmv.co.uk" />
 
-  <rule from="^http://hmv\.com/" to="https://hmv.com/"/>
-  <rule from="^http://www\.hmv\.com/" to="https://hmv.com/"/>
-  <rule from="^http://hmv\.co\.uk/" to="https://hmv.com/"/>
-  <rule from="^http://www\.hmv\.co\.uk/" to="https://hmv.com/"/>
-  <rule from="^http://www3\.hmv\.co\.uk/" to="https://www3.hmv.co.uk/"/>
+  <!--rule from="^http://hmv\.com/" to="https://hmv.com/"/-->
+  <!--rule from="^http://www\.hmv\.com/" to="https://hmv.com/"/-->
+  <!--rule from="^http://hmv\.co\.uk/" to="https://hmv.com/"/-->
+  <!--rule from="^http://www\.hmv\.co\.uk/" to="https://hmv.com/"/-->
+  <rule from="^http:" to="https:" />
 
-  <securecookie host="^hmv\.com$" name=".*"/>
+  <securecookie host="^hmv\.com$" name=".+" />
 </ruleset>
diff --git a/src/chrome/content/rules/HMV_Japan.xml b/src/chrome/content/rules/HMV_Japan.xml
index 3d7932429efe..3e2a3ae7dcb8 100644
--- a/src/chrome/content/rules/HMV_Japan.xml
+++ b/src/chrome/content/rules/HMV_Japan.xml
@@ -21,7 +21,9 @@
 <ruleset name="HMV Japan (partial)">
 
 	<target host="hmv.co.jp" />
-	<target host="*.hmv.co.jp" />
+	<target host="www.hmv.co.jp" />
+	<target host="img.hmv.co.jp" />
+	<target host="img-org.hmv.co.jp" />
 
 
 	<!--	Tracking cookies:
@@ -29,10 +31,10 @@
 	<securecookie host="^\.hmv\.co\.jp$" name="(?:s_\w+|__utm)\w$" />
 
 
-	<rule from="^http://(www\.)?hmv\.co\.jp/(?=async/|favicon\.ico|login/)"
+	<rule from="^http://(?:www\.)?hmv\.co\.jp/(?=async/|favicon\.ico|login/)"
 		to="https://www.hmv.co.jp/" />
 
 	<rule from="^http://img(-org)?\.hmv\.co\.jp/"
 		to="https://img$1.hmv.co.jp/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/HMailServer.com.xml b/src/chrome/content/rules/HMailServer.com.xml
new file mode 100644
index 000000000000..c89af8051b3c
--- /dev/null
+++ b/src/chrome/content/rules/HMailServer.com.xml
@@ -0,0 +1,41 @@
+<!--
+	Nonfunctional hosts in *hmailserver.com:
+
+		- mail *
+
+	* Shows www
+
+
+	Fully covered hosts in *hmailserver.com:
+
+		- (www.)?
+		- build
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .hmailserver.com
+		- build.hmailserver.com
+
+-->
+<ruleset name="hMailServer.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="hmailserver.com" />
+	<target host="build.hmailserver.com" />
+	<target host="www.hmailserver.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.hmailserver\.com$" name="^(ct_checkjs|phpbb_hms2_k|phpbb_hms2_sid|phpbb_hms2_u)$" /-->
+	<!--securecookie host="^build\.hmailserver\.com$" name="^(__test|TCSESSIONID)$" /-->
+
+	<securecookie host="^(?:build)?\.hmailserver\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/HNA.de.xml b/src/chrome/content/rules/HNA.de.xml
new file mode 100644
index 000000000000..c835b96e9a92
--- /dev/null
+++ b/src/chrome/content/rules/HNA.de.xml
@@ -0,0 +1,79 @@
+<!--
+	Connection closed:
+		immo
+		www.immo
+		story
+
+	Invalid certificate:
+		blog
+		dev-doc
+		horoskop
+		kassellexikon
+		m
+		www.markt
+		lt.portal
+		quiz
+		secretescapes
+		www.secretescapes
+		tippspiel
+		uelzen
+		veranstaltungen
+
+	Mixed content:
+		regiowiki
+
+	Refused:
+		kb
+		luedenscheid
+
+	Timeout:
+		mattermost-staging.hna.de
+		service-archiv
+		smtp
+		transfer
+-->
+<ruleset name="HNA.de">
+
+	<target host="hna.de" />
+	<target host="www.hna.de" />
+	<target host="abos.hna.de" />
+	<target host="auto.hna.de" />
+	<target host="banner.hna.de" />
+	<target host="blogs.hna.de" />
+	<target host="doc.hna.de" />
+	<target host="epaper.hna.de" />
+	<target host="flirt.hna.de" />
+	<target host="forum.hna.de" />
+	<target host="het164.hna.de" />
+	<target host="het199.hna.de" />
+	<target host="het35.hna.de" />
+	<target host="het71.hna.de" />
+	<target host="jobs.hna.de" />
+	<target host="selbsteingabe.jobs.hna.de" />
+	<target host="kreiszeitung.hna.de" />
+	<target host="leserreisen.hna.de" />
+	<target host="markt.hna.de" />
+	<target host="medienvorschau.hna.de" />
+	<target host="mms.hna.de" />
+	<target host="nx02.hna.de" />
+	<target host="partner.hna.de" />
+	<target host="www.partner.hna.de" />
+	<target host="praemienshop.hna.de" />
+	<target host="redaktion.hna.de" />
+	<target host="tabellen.hna.de" />
+	<target host="tickets.hna.de" />
+	<target host="trauer.hna.de" />
+	<target host="www.trauer.hna.de" />
+	<target host="vorlage1.hna.de" />
+	<target host="vorlage2.hna.de" />
+	<target host="vorlage3.hna.de" />
+	<target host="vwdweb2.hna.de" />
+	<target host="wahlomat.hna.de" />
+	<target host="www2.hna.de" />
+	<target host="www3.hna.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/HON.ch.xml b/src/chrome/content/rules/HON.ch.xml
index ae477a286c9c..5ba9c36493d1 100644
--- a/src/chrome/content/rules/HON.ch.xml
+++ b/src/chrome/content/rules/HON.ch.xml
@@ -1,17 +1,33 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://team.hon.ch/ => https://team.hon.ch/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
 	Other Health on the Net rulesets:
 
 		- HONcode.xml
+		- Health_On_Net.org.xml
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- (www.)? from www.hon.ch
+			- (www.)? from www.provisu.ch
 
 -->
-<ruleset name="HON.ch (Health On the Net)" default_off="Some images broken">
+<ruleset name="HON.ch (Health On the Net)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
 	<target host="hon.ch" />
-	<target host="www.hon.ch" />
+	<target host="honuser.hon.ch" />
 	<target host="services.hon.ch" />
-	<target host="healthonnet.org" />
-	<target host="www.healthonnet.org" />
+	<target host="team.hon.ch" />
+	<target host="www.hon.ch" />
+
 
-	<rule from="^http://(?:www\.)?hon\.ch/" to="https://www.hon.ch/" />
-	<rule from="^http://services\.hon\.ch/" to="https://services.hon.ch/" />
-	<rule from="^http://(?:www\.)?healthonnet\.org/" to="https://www.healthonnet.org/" />
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/HONcode.xml b/src/chrome/content/rules/HONcode.xml
index c98b6312a274..7b3efcb31e6f 100644
--- a/src/chrome/content/rules/HONcode.xml
+++ b/src/chrome/content/rules/HONcode.xml
@@ -7,17 +7,13 @@
 		- ^	(times out)
 
 -->
-<ruleset name="HONcode">
+<ruleset name="HONcode.ch">
 
 	<target host="honcode.ch" />
-		<!--
-			Not identical to www:
-						-->
-		<exclusion pattern="^http://honcode\.ch/(?!$|\?)" />
 	<target host="www.honcode.ch" />
 
-
-	<rule from="^http://(?:www\.)?honcode\.ch/"
+	<rule from="^http://honcode\.ch/"
 		to="https://www.honcode.ch/" />
-
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/HPI.de.xml b/src/chrome/content/rules/HPI.de.xml
new file mode 100644
index 000000000000..0b8202058cec
--- /dev/null
+++ b/src/chrome/content/rules/HPI.de.xml
@@ -0,0 +1,42 @@
+<!--
+	Hasso Plattner Institute
+
+	Other Hasso Plattner Institute rulesets:
+
+		- OpenHPI.xml
+
+
+	Fully covered hosts in *hpi.de:
+
+		- (www.)?
+		- open
+
+
+	Insecure cookies are set for these hosts:
+
+		- open.hpi.de
+		- www.open.hpi.de
+
+-->
+<ruleset name="HPI.de">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="hpi.de" />
+	<target host="open.hpi.de" />
+	<target host="www.open.hpi.de" />
+	<target host="www.hpi.de" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^open\.hpi\.de$" name="^_openhpi_session$" /-->
+	<!--securecookie host="^www\.open\.hpi\.de$" name="\w+$" /-->
+
+	<securecookie host="^(?:www\.)?open\.hpi\.de$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/HP_Cloud.com.xml b/src/chrome/content/rules/HP_Cloud.com.xml
new file mode 100644
index 000000000000..b7ae9acbf43f
--- /dev/null
+++ b/src/chrome/content/rules/HP_Cloud.com.xml
@@ -0,0 +1,27 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://hpcloud.com/ => https://hpcloud.com/: (28, 'Connection timed out after 20000 milliseconds')
+
+	For other HP coverage, see Hewlett-Packard.xml.
+
+-->
+<ruleset name="HP Cloud.com (partial)" default_off="failed ruleset test">
+
+	<target host="hpcloud.com" />
+	<target host="blog.hpcloud.com" />
+	<target host="marketplace.hpcloud.com" />
+	<target host="www.hpcloud.com" />
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="http://www\.hpcloud\.com/($|\?)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="http://www\.hpcloud\.com/(?!sites/)" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/HPlus_the_Digital_Series.xml b/src/chrome/content/rules/HPlus_the_Digital_Series.xml
index c8656f4f8305..4bbaae48e9b8 100644
--- a/src/chrome/content/rules/HPlus_the_Digital_Series.xml
+++ b/src/chrome/content/rules/HPlus_the_Digital_Series.xml
@@ -1,10 +1,15 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://hplusdigitalseries.com/ => https://www.hplusdigitalseries.com/: (7, 'Failed to connect to www.hplusdigitalseries.com port 443: Connection timed out')
+Fetch error: http://www.hplusdigitalseries.com/ => https://www.hplusdigitalseries.com/: (7, 'Failed to connect to www.hplusdigitalseries.com port 443: Connection timed out')
+
 	Problematic subdomains:
 
 		- ^	(mismatched, CN: wbpinewmedia.warnerbros.com)
 
 -->
-<ruleset name="H+: the Digital Series">
+<ruleset name="H+: the Digital Series" default_off="failed ruleset test">
 
 	<target host="hplusdigitalseries.com" />
 	<target host="www.hplusdigitalseries.com" />
@@ -13,4 +18,4 @@
 	<rule from="^http://(?:www\.)?hplusdigitalseries\.com/"
 		to="https://www.hplusdigitalseries.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/HR-Skyen.dk.xml b/src/chrome/content/rules/HR-Skyen.dk.xml
new file mode 100644
index 000000000000..4363695d8fda
--- /dev/null
+++ b/src/chrome/content/rules/HR-Skyen.dk.xml
@@ -0,0 +1,21 @@
+<!--
+
+	Domains not covered:
+
+		- demo ¹
+		- servertest ¹
+
+	¹: Requires authentification
+
+-->
+<ruleset name="HR-Skyen.dk">
+
+	<target host="hr-skyen.dk" />
+	<target host="www.hr-skyen.dk" />
+
+	<securecookie host="(www\.)?hr-skyen\.dk" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/HRA-News.org.xml b/src/chrome/content/rules/HRA-News.org.xml
new file mode 100644
index 000000000000..eac329e59476
--- /dev/null
+++ b/src/chrome/content/rules/HRA-News.org.xml
@@ -0,0 +1,9 @@
+<ruleset name="HRA-News.org">
+
+	<target host="hra-news.org" />
+	<target host="www.hra-news.org" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/HR_Solutions.xml b/src/chrome/content/rules/HR_Solutions.xml
index 3debb07a2169..1144988c3353 100644
--- a/src/chrome/content/rules/HR_Solutions.xml
+++ b/src/chrome/content/rules/HR_Solutions.xml
@@ -1,10 +1,15 @@
-<ruleset name="HR Solutions">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://hr-s.co.jp/ => https://hr-s.co.jp/: (51, "SSL: no alternative certificate subject name matches target host name 'hr-s.co.jp'")
+
+-->
+<ruleset name="HR Solutions" default_off="failed ruleset test">
 
 	<target host="hr-s.co.jp" />
 	<target host="www.hr-s.co.jp" />
 
 
-	<rule from="^http://(www\.)?hr-s\.co\.jp/"
-		to="https://$1hr-s.co.jp/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/HRsmart.xml b/src/chrome/content/rules/HRsmart.xml
deleted file mode 100644
index f1ba8de8a300..000000000000
--- a/src/chrome/content/rules/HRsmart.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<ruleset name="HRsmart" platform="mixedcontent">
-
-	<target host="*.mua.hrdepartment.com" />
-	<target host="*.tms.hrdepartment.com" />
-	<target host="hrsmart.com" />
-	<target host="www.hrsmart.com" />
-
-
-	<securecookie host="^.*\.hrdepartment\.com$" name=".*" />
-	<securecookie host="^www\.hrsmart\.com$" name=".*" />
-
-
-	<!--	Clients have unique subdomains.	-->
-	<rule from="^http://(\w+)\.(mua|tms)\.hrdepartment\.com/"
-		to="https://$1.$2.hrdepartment.com/" />
-
-	<rule from="^http://(www\.)?hrsmart\.com/"
-		to="https://$1hrsmart.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/HS-analytics.net.xml b/src/chrome/content/rules/HS-analytics.net.xml
index 089925a58460..960669610c0e 100644
--- a/src/chrome/content/rules/HS-analytics.net.xml
+++ b/src/chrome/content/rules/HS-analytics.net.xml
@@ -7,7 +7,7 @@
 	<target host="js.hs-analytics.net" />
 
 
-	<rule from="^http://js\.hs-analytics\.net/"
-		to="https://js.hs-analytics.net/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/HSBC.xml b/src/chrome/content/rules/HSBC.xml
index b7ea16d87a00..fbc3018dc084 100644
--- a/src/chrome/content/rules/HSBC.xml
+++ b/src/chrome/content/rules/HSBC.xml
@@ -1,58 +1,274 @@
-<ruleset name="HSBC">
-  <!-- The list of country sites comes from https://www.hsbc.com/1/2 -->
-
-  <target host="hsbc.*" />
-  <target host="www.hsbc.*" />
-  <target host="hsbc.co.*" />
-  <target host="*.hsbc.co.uk" />
-  <target host="www.hsbc.co.*" />
-  <target host="hsbc.com.*" />
-  <target host="www.hsbc.com.*" />
-  <target host="*.hsbctrinkaus.de" />
-  <target host="hsbctrinkaus.de" />
-  <target host="*.sabb.com" />
-  <target host="sabb.com" />
-  <target host="firstdirect.com" />
-  <target host="*.firstdirect.com" />
-  <target host="*.us.hsbc.com" />
-  <target host="us.hsbc.com" />
-  <target host="www.business.hsbc.co.uk" />
-
-  <securecookie host="^(.*\.)?hsbc\.(.*)$" name=".+" />
-  <securecookie host="^(.*\.)?firstdirect\.com$" name=".+" />
-
-  <!-- These sites do not work (no HTTPS service operational). -->
-  <exclusion pattern="^http://www\.hangseng\.com/" />
-  <exclusion pattern="^http://www\.hfcbank\.co\.uk/" />
-  <exclusion pattern="^http://www\.hsbc\.cz/" />
-  <exclusion pattern="^http://www\.hsbc\.ge/" />
-  <exclusion pattern="^http://www\.hsbc\.ie/" />
-  <exclusion pattern="^http://www\.hsbc\.co\.id/" />
-  <exclusion pattern="^http://www\.hsbc\.co\.pa/" />
-  <exclusion pattern="^http://www\.hsbc\.co\.za/" />
-  <exclusion pattern="^http://www\.kuwait\.hsbc\.com/" />
+<!--
+	For rules covering resources which do not secure
+	mixed content, see hsbc.com-resources.xml.
+
+	Other HSBC Holdings rulesets:
+
+		- firstdirect.com.xml
+		- hsbc.co.in.xml
+		- hsbc.co.jp.xml
+		- hsbc.co.kr.xml
+		- hsbc.co.uk.xml
+		- hsbc.com.bd.xml
+		- hsbc.com.bh.xml
+		- hsbc.com.eg.xml
+		- hsbc.com.hk.xml
+		- hsbc.com.lb.xml
+		- hsbc.com.mu.xml
+		- hsbc.com.om.xml
+		- hsbc.com.qa.xml
+		- hsbc.com.vn.xml
+		- hsbcnet.com.xml
+		- hsbctrinkaus.de.xml
+		- member-hsbc-group.com.xml
+		- sabb.com.xml
+
+
+	Nonfuntional hosts in *hsbc.com:
+
+		- www.about.algeria *
+		- www.business.algeria *
+		- tko.apps.asiapacific ²
+		- www.global.assetmanagement *
+		- www.crs *
+		- www.gbm *
+		- www.globalliquidity *
+		- www.about.maldives *
+		- www.business.maldives *
+		- www.rmb *
+		- www.about.us *
+		- www *
+
+	² 200 "Page not found"
+	* Unrecognized name
+
+
+	Problematic hosts in *hsbc.com:
+
+		- www.algeria ᵐ
+		- assetmanagement ᵐ
+		- www.bd *
+		- cmbinsight ᵐ
+		- images.cmbinsight ᵐ
+		- www.corporate ᵐ
+		- www.etf ᵐ
+		- expat ᵐ
+		- facta ᵉ ᵐ
+		- www.facta *
+		- theopen.golf ᵉ ᵐ
+		- www.institutional ᵐ
+		- (www.)?kr ᵐ
+		- ebanking.kr ᵐ
+		- ytchanneladmin.media ᵉ
+		- www.mefco ᵐ
+		- www.careers.middleeast ᵐ
+		- ukbusiness ᵐ
+		- banking.us ᵐ
+		- (www.)?vn ᵐ
+
+	* Unrecognized name, equivalent to another domain
+	ᵉ Expired
+	ᵐ Mismatched
+
+
+	These altnames do not exist:
+
+		- bahrain.hsbc.com
+		- lebanon.hsbc.com
+		- oman.hsbc.com
+		- qatar.hsbc.com
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.apps.asiapacific.hsbc.com
+		- www.insurance.asiapacific.hsbc.com
+		- www.assetmanagement.hsbc.com
+		- www.bahrain.hsbc.com
+		- .cmbinsight.hsbc.com
+		- www.ebank.egypt.hsbc.com
+		- www.egypt.hsbc.com
+		- www.expat.hsbc.com
+		- www.homeandaway.hsbc.com
+		- www.ebanking.kr.hsbc.com
+		- www.lebanon.hsbc.com
+		- www.maldives.hsbc.com
+		- ytchanneladmin.media.hsbc.com
+		- www.offshore.hsbc.com
+		- www.oman.hsbc.com
+		- www.qatar.hsbc.com
+		- www.research.hsbc.com
+		- www.ukbusiness.hsbc.com
+		- us.hsbc.com
+		- www.us.hsbc.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Images, on;
+
+			- cmbinsight from images.cmbinsight.hsbc.com
+
+		- Bugs, on:
+
+			- www.algeria, www.apps.asiapacific, www.assetmanagement, www.etf, www.expat, (www.)?expatexplorer, facta, www.homeandaway, www.ebanking.kr, www.careers.middleeast, services.mobile, banking.us from www1.member-hsbc-group.com ˢ
+			- www.assetmanagement from bs.serving-sys.com ˢ
+			- www.etf from \d+.fls.doubleclick.net
+			- globalconnections from fls.doubleclick.net
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="HSBC.com (partial)" default_off="testing">
+
+<!-- The list of country sites comes from https://www.hsbc.com/1/2 -->
+<!--
+	<target host="hsbc.*" />
+	<target host="www.hsbc.*" />
+	<target host="hsbc.co.*" />
+	<target host="www.hsbc.co.*" />
+	<target host="hsbc.com.*" />
+	<target host="www.hsbc.com.*" />
+	<target host="*.hsbctrinkaus.de" />
+	<target host="hsbctrinkaus.de" />
+-->
+
+	<!--	Direct rewrites:
+				-->
+	<!--target host="hsbc.com" /-->
+	<target host="www.apps.asiapacific.hsbc.com" />
+	<target host="www.insurance.asiapacific.hsbc.com" />
+	<target host="www.assetmanagement.hsbc.com" />
+	<target host="www.bahrain.hsbc.com" />
+	<target host="www.egypt.hsbc.com" />
+	<target host="www.expat.hsbc.com" />
+	<target host="expatexplorer.hsbc.com" />
+	<target host="www.expatexplorer.hsbc.com" />
+	<target host="globalconnections.hsbc.com" />
+	<target host="www.globalconnections.hsbc.com" />
+	<target host="www.homeandaway.hsbc.com" />
+	<target host="www.lebanon.hsbc.com" />
+	<target host="www.maldives.hsbc.com" />
+	<target host="trading.markets.hsbc.com" />
+	<target host="www.memberservices.hsbc.com" />
+	<target host="services.mobile.hsbc.com" />
+	<target host="mytennisambition.hsbc.com" />
+	<target host="www.offshore.hsbc.com" />
+	<target host="www.oman.hsbc.com" />
+	<target host="www.qatar.hsbc.com" />
+	<target host="www.research.hsbc.com" />
+	<target host="www.ukbusiness.hsbc.com" />
+	<target host="us.hsbc.com" />
+
+	<target host="www.banking.us.hsbc.com" />
+	<target host="investorfunds.us.hsbc.com" />
+	<target host="www.investorfunds.us.hsbc.com" />
+	<target host="www.us.hsbc.com" />
+
+		<!--	$: 200 "page not found", so:
+							-->
+		<test url="http://www.apps.asiapacific.hsbc.com/1/2/imo2" />
+
+		<!--	Mixed bugs:
+					-->
+		<!--test url="http://www.assetmanagement.hsbc.com/us" /-->
+
+	<!--	Complications:
+				-->
+	<target host="assetmanagement.hsbc.com" />
+	<target host="www.bd.hsbc.com" />
+	<!--target host="images.cmbinsight.hsbc.com" /-->
+	<target host="www.corporate.hsbc.com" />
+	<target host="expat.hsbc.com" />
+	<target host="theopen.golf.hsbc.com" />
+	<target host="www.institutional.hsbc.com" />
+	<target host="kr.hsbc.com" />
+	<target host="ebanking.kr.hsbc.com" />
+	<target host="www.kr.hsbc.com" />
+	<target host="www.mefco.hsbc.com" />
+	<target host="ukbusiness.hsbc.com" />
+	<target host="banking.us.hsbc.com" />
+	<target host="vn.hsbc.com" />
+	<target host="www.vn.hsbc.com" />
+
+	<!-- These sites do not work (no HTTPS service operational). -->
+	<!--
+	<exclusion pattern="^http://www\.hangseng\.com/" />
+	<exclusion pattern="^http://www\.hfcbank\.co\.uk/" />
+	<exclusion pattern="^http://www\.hsbc\.cz/" />
+	<exclusion pattern="^http://www\.hsbc\.ge/" />
+	<exclusion pattern="^http://www\.hsbc\.ie/" />
+	<exclusion pattern="^http://www\.hsbc\.co\.id/" />
+	<exclusion pattern="^http://www\.hsbc\.co\.pa/" />
+	<exclusion pattern="^http://www\.hsbc\.co\.za/" />
+	-->
 
   <!-- These do not work (invalid SSL certificate). -->
-  <exclusion pattern="^http://www\.hsbc\.co\.nz/" />
-  <exclusion pattern="^http://www\.hsbc\.com\.tr/" />
-  <exclusion pattern="^http://www\.hsbc\.com\.uy/" />
+	<!--
+	<exclusion pattern="^http://www\.hsbc\.co\.nz/" />
+	<exclusion pattern="^http://www\.hsbc\.com\.tr/" />
+	<exclusion pattern="^http://www\.hsbc\.com\.uy/" />
+	-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.insurance\.asiapacific\.hsbc\.com$" name="^HKWGTK$" /-->
+	<!--securecookie host="^www\.assetmanagement\.hsbc\.com$" name="^(?:[\dA-Z]_ID|www\.assetmanagement\.hsbc\.com)$" /-->
+	<!--securecookie host="^www\.(?:bahrain|egypt|ebanking\.kr|lebanon|oman|qatar)\.hsbc\.com$" name="^[A-Z]+-IB-DIGITAL_WDC$" /-->
+	<!--securecookie host="^\.cmbinsight\.hsbc\.com$" name="^ELOQUA$" /-->
+	<!--securecookie host="^www\.(?:apps\.asiapacific|expat|homeandaway|maldives)\.hsbc\.com$" name="^(?:JSESSIONID|[A-Z]+TK)$" /-->
+	<!--securecookie host="^ytchanneladmin\.media\.hsbc\.com$" name="^BIGipServer" /-->
+	<!--securecookie host="^www\.offshore\.hsbc\.com$" name="^JSP2TK$" /-->
+	<!--securecookie host="^www\.research\.hsbc\.com$" name="^JSESSIONID$" /-->
+	<!--securecookie host="^www\.ukbusiness\.hsbc\.com$" name="^UKBIB-EVRGRN-WDC$" /-->
+	<!--securecookie host="^us\.hsbc\.com$" name="^www\.us\.hsbc\.com-VH$" /-->
+	<!--securecookie host="^www\.us\.hsbc\.com$" name="^(?:USIB2G|www\.us\.hsbc\.com-VH)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<!--rule from="^http://(?:www\.)?hsbc\.([^/:@]+)/"
+		to="https://www.hsbc.$1/" /-->
+
+	<rule from="^http://(assetmanagement|expat|ukbusiness|banking\.us)\.hsbc\.com/"
+		to="https://www.$1.hsbc.com/" />
+
+	<rule from="^http://www\.bd\.hsbc\.com/"
+		to="https://www.hsbc.com.bd/" />
+
+	<!--rule from="^http://images\.cmbinsight\.hsbc\.com/"
+		to="https://secure.p03.eloqua.com/" /-->
+
+		<!--
+		<test url="http://images.cmbinsight.hsbc.com/EloquaImages/clients/HsbcUsaInc/%7B396d6b45-02fc-481e-ac76-f6a81bf8503b%7D_EventLandingPage_pagebackground.gif" />
+		-->
+
+	<rule from="^http://www\.(?:corporate|institutional)\.hsbc\.com/"
+		to="https://www.hsbcnet.com/" />
+
+	<rule from="^http://(?:www\.ebanking\.|www\.)?kr\.hsbc\.com/"
+		to="https://www.hsbc.co.kr/" />
+
+	<!--	Redirect drops path and forward
+		slash, but not args:
+					-->
+	<rule from="^http://theopen\.golf\.hsbc\.com/[^?]*"
+		to="https://financialplanning.hsbc.com.uk/" />
 
-  <rule from="^http://(?:www\.)?hsbc\.([^/:@]+)/"
-        to="https://www.hsbc.$1/" />
-  <rule from="^https?://([^/:@]+)?\.hsbc\.co\.uk/"
-      to="https://$1.hsbc.co.uk/" />
+		<test url="http://theopen.golf.hsbc.com/index.htm" />
 
-  <rule from="^https?://firstdirect\.com/"
-      to="https://www.firstdirect.com/" />
-  <rule from="^https?://([^/:@]+)?\.firstdirect\.com/"
-      to="https://$1.firstdirect.com/" />
+	<!--	Redirect drops path and forward
+		slash, but not args:
+					-->
+	<rule from="^http://www\.mefco\.hsbc\.com/[^?]*"
+		to="https://www.hsbc.ae/mefco" />
 
-  <!-- some odd regional sites not using hsbc.tld names -->
-  <rule from="^http://(?:www\.)?hsbctrinkaus\.de/" to="https://www.hsbctrinkaus.de/" />
-  <rule from="^http://(?:www\.)?sabb\.com/" to="https://www.sabb.com/" />
-  <rule from="^http://(?:www\.)?firstdirect\.com/" to="https://www.firstdirect.com/" />
-  <rule from="^http://www\.business\.hsbc\.co\.uk/" to="https://www.business.hsbc.co.uk/" />
+		<test url="http://www.mefco.hsbc.com/index.htm" />
 
+	<rule from="^http://(?:www\.)?vn\.hsbc\.com/"
+		to="https://www.hsbc.com.vn/" />
 
-  <rule from="^http://(?:www\.)?us\.hsbc\.com/" to="https://www.us.hsbc.com/" />
 </ruleset>
diff --git a/src/chrome/content/rules/HSI.com.hk.xml b/src/chrome/content/rules/HSI.com.hk.xml
new file mode 100644
index 000000000000..02b13c44743f
--- /dev/null
+++ b/src/chrome/content/rules/HSI.com.hk.xml
@@ -0,0 +1,18 @@
+<!--
+	For other Hang Seng Bank related rulesets, see HangSengBank.xml
+
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- hsi.com.hk
+-->
+<ruleset name="HSI.com.hk">
+	<target host="hsi.com.hk" />
+	<target host="www.hsi.com.hk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://hsi\.com\.hk/"
+			to="https://www.hsi.com.hk/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/HSLDA.xml b/src/chrome/content/rules/HSLDA.xml
index 21469ee81f03..2dcebfb7fe97 100644
--- a/src/chrome/content/rules/HSLDA.xml
+++ b/src/chrome/content/rules/HSLDA.xml
@@ -5,4 +5,4 @@
 
 	<rule from="^http://(?:www\.)?hslda\.org/" to="https://www.hslda.org/" />
 	<rule from="^http://secure\.hslda\.org/" to="https://secure.hslda.org/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/HSV.se.xml b/src/chrome/content/rules/HSV.se.xml
index 50d10be17ab8..dc039622f1fa 100644
--- a/src/chrome/content/rules/HSV.se.xml
+++ b/src/chrome/content/rules/HSV.se.xml
@@ -1,5 +1,17 @@
-<!-- hogskoleverket -->
-<ruleset name="HSV.se" platform="mixedcontent">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.hsv.se/ => https://www.hsv.se/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://hsv.se/ => https://www.hsv.se/: (28, 'Connection timed out after 20000 milliseconds')
+
+-->
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.hsv.se/ => https://www.hsv.se/: (51, "SSL: no alternative certificate subject name matches target host name 'www.hsv.se'")
+Fetch error: http://hsv.se/ => https://www.hsv.se/: (51, "SSL: no alternative certificate subject name matches target host name 'www.hsv.se'")
+ hogskoleverket -->
+<ruleset name="HSV.se" platform="mixedcontent" default_off="failed ruleset test">
 	<target host="www.hsv.se" />
 	<target host="hsv.se" />
 	<rule from="^http://hsv\.se/" to="https://www.hsv.se/"/>
diff --git a/src/chrome/content/rules/HSstatic.net.xml b/src/chrome/content/rules/HSstatic.net.xml
new file mode 100644
index 000000000000..a88339d7ddb8
--- /dev/null
+++ b/src/chrome/content/rules/HSstatic.net.xml
@@ -0,0 +1,12 @@
+<!--
+	For other HubSpot coverage, see HubSpot.xml.
+
+-->
+<ruleset name="HSstatic.net">
+
+	<target host="static.hsstatic.net" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/HTC.com.xml b/src/chrome/content/rules/HTC.com.xml
new file mode 100644
index 000000000000..87ea3a848ab5
--- /dev/null
+++ b/src/chrome/content/rules/HTC.com.xml
@@ -0,0 +1,14 @@
+<!--
+	Invalid certificate:
+		 - htc.com
+-->
+<ruleset name="HTC.com (partial)">
+	<target host="htc.com" />
+	<target host="www.htc.com" />
+
+	<rule from="^http://htc\.com/"
+			to="https://www.htc.com/" />
+
+	<rule from="^http:"
+		  	to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/HTC.xml b/src/chrome/content/rules/HTC.xml
deleted file mode 100644
index 7fd0454f8eeb..000000000000
--- a/src/chrome/content/rules/HTC.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="HTC" default_off="displays error message">
-  <target host="www.htc.com" />
-  <target host="htc.com" />
-
-  <rule from="^http://(?:www\.)?htc\.com/" to="https://www.htc.com/"/>
-</ruleset>
-
diff --git a/src/chrome/content/rules/HTML5-Rocks.xml b/src/chrome/content/rules/HTML5-Rocks.xml
deleted file mode 100644
index f178ee272445..000000000000
--- a/src/chrome/content/rules/HTML5-Rocks.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="HTML5 Rocks" default_off="mismatch">
-
-	<!--	Cert: ghs-ssl.googlehosted.com	-->
-	<target host="html5rocks.com" />
-	<target host="www.html5rocks.com" />
-
-
-	<!--	!www shows Google 404 page.
-						-->
-	<rule from="^https?://(?:www\.)?html5rocks\.com/"
-		to="https://www.html5rocks.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/HTML5Sec.org.xml b/src/chrome/content/rules/HTML5Sec.org.xml
new file mode 100644
index 000000000000..e443a5ad5266
--- /dev/null
+++ b/src/chrome/content/rules/HTML5Sec.org.xml
@@ -0,0 +1,29 @@
+<!--
+	Nonfunctional hosts in *html5sec.org:
+
+		- ssl *
+
+	* Shows cure53.de
+
+
+	www.html5sec.org: Mismatched
+
+-->
+<ruleset name="HTML5Sec.org (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="html5sec.org" />
+
+	<!--	Complications:
+				-->
+	<target host="www.html5sec.org" />
+
+
+	<rule from="^http://www\.html5sec\.org/"
+		to="https://html5sec.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/HTML5rocks.com.xml b/src/chrome/content/rules/HTML5rocks.com.xml
new file mode 100644
index 000000000000..a852b44fa91f
--- /dev/null
+++ b/src/chrome/content/rules/HTML5rocks.com.xml
@@ -0,0 +1,31 @@
+<!--
+	Mismatched:
+		html5rocks.com
+
+	Secure connection failed:
+		tutorials.html5rocks.com
+		updates.html5rocks.com
+
+	Non-functional:
+		playbook.html5rocks.com
+		playground.html5rocks.com
+		slides.html5rocks.com
+		studio.html5rocks.com
+
+-->
+<ruleset name="HTML5 Rocks">
+
+	<!--	Cert: ghs-ssl.googlehosted.com	-->
+	<target host="html5rocks.com" />
+	<target host="www.html5rocks.com" />
+	<target host="updates.html5rocks.com" />
+
+	<!--	!www shows Google 404 page.
+						-->
+	<rule from="^http://(www\.)?html5rocks\.com/"
+		to="https://www.html5rocks.com/" />
+
+	<rule from="^http://updates\.html5rocks\.com/"
+		to="https://developers.google.com/web/updates/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/HTML5test.com.xml b/src/chrome/content/rules/HTML5test.com.xml
new file mode 100644
index 000000000000..81d67385d568
--- /dev/null
+++ b/src/chrome/content/rules/HTML5test.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="HTML5test.com">
+
+	<target host="html5test.com" />
+	<target host="www.html5test.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/HTTP.cat.xml b/src/chrome/content/rules/HTTP.cat.xml
new file mode 100644
index 000000000000..83802f240c41
--- /dev/null
+++ b/src/chrome/content/rules/HTTP.cat.xml
@@ -0,0 +1,14 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+			 - www.http.cat
+-->
+<ruleset name="HTTP Status Cats">
+	<target host="http.cat" />
+	<target host="www.http.cat" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://(www\.)?http\.cat/"
+			to="https://http.cat/" />
+</ruleset>
diff --git a/src/chrome/content/rules/HTTPSWatch.nz.xml b/src/chrome/content/rules/HTTPSWatch.nz.xml
new file mode 100644
index 000000000000..1cc2e18bfcae
--- /dev/null
+++ b/src/chrome/content/rules/HTTPSWatch.nz.xml
@@ -0,0 +1,9 @@
+<ruleset name="HTTPSWatch.nz">
+
+	<target host="httpswatch.nz" />
+	<target host="www.httpswatch.nz" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/HTTPwatch.com.xml b/src/chrome/content/rules/HTTPwatch.com.xml
index 8f4d4a917f52..8a2c4622ba85 100644
--- a/src/chrome/content/rules/HTTPwatch.com.xml
+++ b/src/chrome/content/rules/HTTPwatch.com.xml
@@ -1,13 +1,15 @@
 <ruleset name="HTTPwatch.com">
 
-	<target host="httpwatch.com"/>
-	<target host="*.httpwatch.com"/>
-
-	<rule from="^http://httpwatch\.com/"
-		to="https://www.httpwatch.com/"/>
-
-	<rule from="^http://(blog|www)\.httpwatch\.com/"
-		to="https://$1.httpwatch.com/"/>
+	<target host="httpwatch.com" />
+	<target host="www.httpwatch.com" />
+	<target host="apihelp.httpwatch.com" />
+	<target host="blog.httpwatch.com" />
+	<target host="download.httpwatch.com" />
+	<target host="help.httpwatch.com" />
+	<target host="store.httpwatch.com" />
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
 
diff --git a/src/chrome/content/rules/HTTrack.com.xml b/src/chrome/content/rules/HTTrack.com.xml
new file mode 100644
index 000000000000..57a30a12910f
--- /dev/null
+++ b/src/chrome/content/rules/HTTrack.com.xml
@@ -0,0 +1,18 @@
+<ruleset name="HTTrack.com">
+	<target host="httrack.com" />
+	<target host="www.httrack.com" />
+	<target host="android.httrack.com" />
+	<target host="blog.httrack.com" />
+	<target host="bnf.httrack.com" />
+	<target host="contrib.httrack.com" />
+	<target host="debian.httrack.com" />
+	<target host="download.httrack.com" />
+	<target host="forum.httrack.com" />
+	<target host="minitel.httrack.com" />
+	<target host="mirror.httrack.com" />
+	<target host="pgp.httrack.com" />
+	<target host="private.httrack.com" />
+	<target host="ut.httrack.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/HTW-Berlin.de.xml b/src/chrome/content/rules/HTW-Berlin.de.xml
new file mode 100644
index 000000000000..3be54235e288
--- /dev/null
+++ b/src/chrome/content/rules/HTW-Berlin.de.xml
@@ -0,0 +1,142 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://bewerben.htw-berlin.de/ => https://bewerben.htw-berlin.de/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://cms.htw-berlin.de/ => https://cms.htw-berlin.de/: (7, 'Failed to connect to cms.htw-berlin.de port 443: Connection refused')
+Fetch error: http://dev-web.inka.f4.htw-berlin.de/ => https://dev-web.inka.f4.htw-berlin.de/: (7, 'Failed to connect to dev-web.inka.f4.htw-berlin.de port 443: No route to host')
+Fetch error: http://secure.htw-berlin.de/ => https://secure.htw-berlin.de/: (7, 'Failed to connect to secure.htw-berlin.de port 443: Connection refused')
+Fetch error: http://wiki.inka.f4.htw-berlin.de/ => https://wiki.inka.f4.htw-berlin.de/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www-en.htw-berlin.de/ => https://www-en.htw-berlin.de/: (6, 'Could not resolve host: www-en.htw-berlin.de')
+Fetch error: http://www.f4.htw-berlin.de/ => https://www.f4.htw-berlin.de/: Too many redirects while fetching 'https://www.f4.htw-berlin.de/'
+
+	Problematic subdomains (mismatch):
+		- ai-bachelor.htw-berlin.de
+		- ai-master.htw-berlin.de
+		- bau-bachelor.htw-berlin.de
+		- bau-master.htw-berlin.de
+		- berndcms.htw-berlin.de
+		- bib.htw-berlin.de
+		- bibliothek.htw-berlin.de
+		- btk-bachelor.htw-berlin.de
+		- btk-master.htw-berlin.de
+		- bui.htw-berlin.de
+		- bwl.htw-berlin.de
+		- bwl-fernstudium.htw-berlin.de
+		- bwp.htw-berlin.de
+		- ce.htw-berlin.de
+		- conrem.htw-berlin.de
+		- esim.htw-berlin.de
+		- et-bachelor.htw-berlin.de
+		- et-master.htw-berlin.de
+		- fact.htw-berlin.de
+		- finrisk.htw-berlin.de
+		- fiw.htw-berlin.de
+		- fm-bachelor.htw-berlin.de
+		- fm-master.htw-berlin.de
+		- fzt-bachelor.htw-berlin.de
+		- fzt-master.htw-berlin.de
+		- gd-bachelor.htw-berlin.de
+		- geit-bachelor.htw-berlin.de
+		- geit-master.htw-berlin.de
+		- general-management.htw-berlin.de
+		- hochschulsport.htw-berlin.de
+		- id.htw-berlin.de
+		- ii.htw-berlin.de
+		- ikt-bachelor.htw-berlin.de
+		- ikt-master.htw-berlin.de
+		- imi-bachelor.htw-berlin.de
+		- imi-master.htw-berlin.de
+		- itvs.htw-berlin.de
+		- iw.htw-berlin.de
+		- kr.htw-berlin.de
+		- krg.htw-berlin.de
+		- la.htw-berlin.de
+		- lse-bachelor.htw-berlin.de
+		- lse-master.htw-berlin.de
+		- mango.htw-berlin.de
+		- map.htw-berlin.de
+		- mb-bachelor.htw-berlin.de
+		- mb-fernstudium.htw-berlin.de
+		- mb-master.htw-berlin.de
+		- mbae.htw-berlin.de
+		- md-bachelor.htw-berlin.de
+		- md-master.htw-berlin.de
+		- mib.htw-berlin.de
+		- mide.htw-berlin.de
+		- misim.htw-berlin.de
+		- mk.htw-berlin.de
+		- mmk.htw-berlin.de
+		- mst-bachelor.htw-berlin.de
+		- mst-master.htw-berlin.de
+		- nt.htw-berlin.de
+		- puma.htw-berlin.de
+		- re-bachelor.htw-berlin.de
+		- re-master.htw-berlin.de
+		- rem.htw-berlin.de
+		- se.htw-berlin.de
+		- ui.htw-berlin.de
+		- wi-bachelor.htw-berlin.de
+		- wi-master.htw-berlin.de
+		- wiko-bachelor.htw-berlin.de
+		- wiko-master.htw-berlin.de
+		- wiw-bachelor.htw-berlin.de
+		- wiw-fernstudium.htw-berlin.de
+		- wiw-master.htw-berlin.de
+		- wm.htw-berlin.de
+		- wr-bachelor.htw-berlin.de
+		- wr-master.htw-berlin.de
+
+	Problematic subdomains (not working):
+		- bewitec.inka.f4.htw-berlin.de
+		- code.repo.inka.f4.htw-berlin.de
+		- elearning-material.htw-berlin.de
+		- iwgr.htw-berlin.de
+		- medienfassade.inka.f4.htw-berlin.de
+		- plagiat.htw-berlin.de
+		- repo.inka.f4.htw-berlin.de
+		- veranstaltungsservice.htw-berlin.de
+
+	Problematic subdomains (mixed content):
+		- sport.htw-berlin.de
+
+	Problematic subdomains (redirect to different page):
+		- signal.htw-berlin.de
+-->
+
+<ruleset name="HTW-Berlin.de (partial)" default_off="failed ruleset test">
+	<target host="bewerben.htw-berlin.de" />
+	<target host="bewerbung.htw-berlin.de" />
+	<target host="bewerbungsstatus.htw-berlin.de" />
+	<target host="cm.htw-berlin.de" />
+	<target host="cms.htw-berlin.de" />
+	<target host="demo.inka.f4.htw-berlin.de" />
+	<target host="dev-web.inka.f4.htw-berlin.de" />
+	<target host="drops.htw-berlin.de" />
+	<target host="etherpad.inka.f4.htw-berlin.de" />
+	<target host="inka.htw-berlin.de" />
+	<target host="inka.f4.htw-berlin.de" />
+	<target host="kd.htw-berlin.de" />
+	<target host="lsf.htw-berlin.de" />
+	<target host="moodle.htw-berlin.de" />
+	<target host="my.htw-berlin.de" />
+	<target host="oce-docworks.rz.htw-berlin.de" />
+	<target host="ox.htw-berlin.de" />
+	<target host="portal.rz.htw-berlin.de" />
+	<target host="secure.htw-berlin.de" />
+	<target host="studi.f4.htw-berlin.de" />
+	<target host="webdrive.htw-berlin.de" />
+	<target host="webmail.htw-berlin.de" />
+	<target host="wiki.rz.htw-berlin.de" />
+	<target host="wiki.inka.f4.htw-berlin.de" />
+	<target host="wikimedia.f4.htw-berlin.de" />
+	<target host="www.htw-berlin.de" />
+	<target host="www-en.htw-berlin.de" />
+	<target host="www.f1.htw-berlin.de" />
+	<target host="www.f2.htw-berlin.de" />
+	<target host="www.f3.htw-berlin.de" />
+	<target host="www.f4.htw-berlin.de" />
+	<target host="www.f5.htw-berlin.de" />
+	<target host="www.rz.htw-berlin.de" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/HTWG-Konstanz.xml b/src/chrome/content/rules/HTWG-Konstanz.xml
new file mode 100644
index 000000000000..06741b0d4d0b
--- /dev/null
+++ b/src/chrome/content/rules/HTWG-Konstanz.xml
@@ -0,0 +1,8 @@
+<ruleset name="HTWG Konstanz">
+    <target host="qisserver.htwg-konstanz.de" />
+    <target host="lsf.htwg-konstanz.de" />
+    <target host="login.rz.htwg-konstanz.de" />
+    <target host="webmail.htwg-konstanz.de" />
+
+    <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/HT_Bridge.com.xml b/src/chrome/content/rules/HT_Bridge.com.xml
new file mode 100644
index 000000000000..f415ec72f06b
--- /dev/null
+++ b/src/chrome/content/rules/HT_Bridge.com.xml
@@ -0,0 +1,26 @@
+<!--
+	^: cert only matches www
+
+-->
+<ruleset name="HT Bridge.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="portal.htbridge.com" />
+	<target host="www.htbridge.com" />
+
+	<!--	Complications:
+				-->
+	<target host="htbridge.com" />
+
+
+	<securecookie host="^\.htbridge\.com$" name=".+" />
+
+
+	<rule from="^http://htbridge\.com/"
+		to="https://www.htbridge.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/HUBzero.xml b/src/chrome/content/rules/HUBzero.xml
index 4fbd8687a489..114f13f8391a 100644
--- a/src/chrome/content/rules/HUBzero.xml
+++ b/src/chrome/content/rules/HUBzero.xml
@@ -2,7 +2,7 @@
 	For other Purdue University coverage, see Purdue_University.xml.
 
 -->
-<ruleset name="HUBzero">
+<ruleset name="HUBzero.org">
 
 	<target host="hubzero.org" />
 	<target host="www.hubzero.org" />
@@ -11,7 +11,7 @@
 	<securecookie host="^hubzero\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?hubzero\.org/"
-		to="https://$1hubzero.org/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/HVGKonyvek.xml b/src/chrome/content/rules/HVGKonyvek.xml
new file mode 100644
index 000000000000..16d28dff1533
--- /dev/null
+++ b/src/chrome/content/rules/HVGKonyvek.xml
@@ -0,0 +1,6 @@
+<ruleset name="HVG Kiad&#243; Zrt.">
+	<target host="www.hvgkonyvek.hu" />
+
+	<securecookie host="^www\.hvgkonyvek\.hu$" name=".+" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git "a/src/chrome/content/rules/HVGK\303\266nyvek.xml" "b/src/chrome/content/rules/HVGK\303\266nyvek.xml"
deleted file mode 100644
index b956df8fe4f3..000000000000
--- "a/src/chrome/content/rules/HVGK\303\266nyvek.xml"
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="HVG Kiad&#243; Zrt.">
-	<target host="www.hvgkonyvek.hu" />
-
-	<securecookie host="^www\.hvgkonyvek\.hu$" name=".*" />
-	<rule from="^http://www\.hvgkonyvek\.hu/" to="https://www.hvgkonyvek.hu/" />
-</ruleset>
diff --git a/src/chrome/content/rules/HWSW.hu.xml b/src/chrome/content/rules/HWSW.hu.xml
index 04542f6cde20..9e0bec85bdd7 100644
--- a/src/chrome/content/rules/HWSW.hu.xml
+++ b/src/chrome/content/rules/HWSW.hu.xml
@@ -1,13 +1,22 @@
-<ruleset name="HWSW.hu">
+<!--
+	Mixed content:
+
+		- css from $self
+		- Images from $self
+		- favicon from $self
+		- Bug from audit.median.hu
+
+-->
+<ruleset name="HWSW.hu" default_off="expired">
 
 	<target host="hwsw.hu" />
-	<target host="*.hwsw.hu" />
+	<target host="www.hwsw.hu" />
 
 
 	<securecookie host="^\.hwsw\.hu$" name=".+" />
 
 
-	<rule from="^http://(www\.)?hwsw\.hu/"
-		to="https://$1hwsw.hu/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/HaCoder.com.xml b/src/chrome/content/rules/HaCoder.com.xml
new file mode 100644
index 000000000000..c691cd77c63f
--- /dev/null
+++ b/src/chrome/content/rules/HaCoder.com.xml
@@ -0,0 +1,42 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://hacoder.com/ (200) => https://hacoder.com/ (401)
+Non-2xx HTTP code: http://www.hacoder.com/ (200) => https://www.hacoder.com/ (401)
+
+	Insecure cookies are set for these domains:
+
+		- .hacoder.com
+
+
+	Mixed content:
+
+		- css, from:
+
+			- fonts.googleapis.com *
+			- $self *
+
+		- Images from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="HaCoder.com (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="hacoder.com" />
+	<target host="www.hacoder.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.hacoder\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.hacoder\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Habbo.fi.xml b/src/chrome/content/rules/Habbo.fi.xml
index 2119cb89f0d2..9028d5079b4a 100644
--- a/src/chrome/content/rules/Habbo.fi.xml
+++ b/src/chrome/content/rules/Habbo.fi.xml
@@ -2,7 +2,7 @@
   <target host="www.habbo.fi"/>
   <target host="habbo.fi"/>
   <target host="help.habbo.fi"/>
-  <rule from="^http://(www\.)?habbo\.fi/" to="https://www.habbo.fi/"/>
+  <rule from="^http://(?:www\.)?habbo\.fi/" to="https://www.habbo.fi/"/>
   <rule from="^http://help\.habbo\.fi/" to="https://help.habbo.fi/"/>
 </ruleset>
-<!-- Rule generated by HTTPS Finder 0.85 -->
\ No newline at end of file
+<!-- Rule generated by HTTPS Finder 0.85 -->
diff --git a/src/chrome/content/rules/HabboLatino.xml b/src/chrome/content/rules/HabboLatino.xml
index c36fcf657a21..46609a1eb737 100644
--- a/src/chrome/content/rules/HabboLatino.xml
+++ b/src/chrome/content/rules/HabboLatino.xml
@@ -1,19 +1,25 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://hlat.us/ => https://hlat.us/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.hlat.us/ => https://www.hlat.us/: (60, 'SSL certificate problem: certificate has expired')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://hlat.us/ => https://hlat.us/: Cycle detected - URL already encountered: http://hlat.us/
 	Nonfunctional domains:
 
-		- (www.)hlat.me	
+		- (www.)hlat.me
 
 -->
-<ruleset name="HabboLatino">
+<ruleset name="HabboLatino" default_off="failed ruleset test">
 
 	<target host="hlat.us" />
-	<target host="*.hlat.us" />
+	<target host="www.hlat.us" />
 
 
 	<securecookie host="^(?:w*\.)?hlat\.us$" name=".+" />
 
 
-	<rule from="^http://(www\.)?hlat\.us/"
-		to="https://$1hlat.us/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Haber-Vision.xml b/src/chrome/content/rules/Haber-Vision.xml
index 08e149c34d3f..9b1ebbc33bd5 100644
--- a/src/chrome/content/rules/Haber-Vision.xml
+++ b/src/chrome/content/rules/Haber-Vision.xml
@@ -3,9 +3,8 @@
 	<target host="habervision.com"/>
 	<target host="www.habervision.com"/>
 
-	<securecookie host="^(.*\.)?habervision\.com$" name=".*"/>
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(?:www\.)?habervision\.com/(css/|images/|mainstreet/)"
-		to="https://www.habervision.com/$1"/>
+	<rule from="^http:" to="https:"/>
 
 </ruleset>
diff --git a/src/chrome/content/rules/Habets.pp.se.xml b/src/chrome/content/rules/Habets.pp.se.xml
new file mode 100644
index 000000000000..bc402ee438d4
--- /dev/null
+++ b/src/chrome/content/rules/Habets.pp.se.xml
@@ -0,0 +1,15 @@
+<!--
+	Non-functional hosts
+		Timeout was reached:
+			 - reptilian.habets.pp.se
+
+		Incomplete certificate chain error:
+			 - habets.pp.se
+			 - www.habets.pp.se
+-->
+<ruleset name="Habets.pp.se">
+	<target host="blog.habets.pp.se" />
+	<target host="cdn.habets.pp.se" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Habets.se-mismatches.xml b/src/chrome/content/rules/Habets.se-mismatches.xml
deleted file mode 100644
index ad8f8c553431..000000000000
--- a/src/chrome/content/rules/Habets.se-mismatches.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	For rules that are on by default, see Habets.se.xml.
-
--->
-<ruleset name="habets.se (mismatches)" default_off="mismatch" platform="cacert">
-
-	<!--	Cert *.trn.se
-				-->
-	<target host="habets.se" />
-	<target host="www.habets.se" />
-	<target host="habets.pp.se" />
-	<target host="www.habets.pp.se" />
-
-
-	<rule from="^https?://(?:www\.)?habets(\.pp)?\.se/"
-		to="https://habets$1.se/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Habets.se.xml b/src/chrome/content/rules/Habets.se.xml
index aa8a04e921ec..b052041383f3 100644
--- a/src/chrome/content/rules/Habets.se.xml
+++ b/src/chrome/content/rules/Habets.se.xml
@@ -1,17 +1,27 @@
 <!--
-	For problematic rules, see Habets.se-mismatches.xml.
+	Non-functional hosts
+		Couldn't connect to server:
+			 - lmqpov.habets.se
 
--->
-<ruleset name="habets.se (partial)" platform="cacert">
-
-	<target host="*.habets.se" />
-	<target host="*.habets.pp.se" />
+		Peer certificate cannot be authenticated with given CA certificates:
+			 - www.habets.se
+			 - proxy-us.habets.se
 
+		4xx client error:
+			 - cw.habets.se (require authentication)
+-->
+<ruleset name="Habets.se">
+	<target host="habets.se" />
+	<target host="www.habets.se" />
+	<target host="blog.habets.se" />
+	<target host="blog-dev.habets.se" />
+	<target host="cdn.habets.se" />
 
-	<securecookie host="^blog\.habets(?:\.pp)?\.se$" name=".*" />
-
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(blog|cdn)\.habets(\.pp)?\.se/"
-		to="https://$1.habets$2.se/" />
+	<rule from="^http://www\.habets\.se/"
+			to="https://habets.se/" />
 
+	<rule from="^http:"
+			to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Habpl.us.xml b/src/chrome/content/rules/Habpl.us.xml
index 80a9bb4417a5..78ccb8851abc 100644
--- a/src/chrome/content/rules/Habpl.us.xml
+++ b/src/chrome/content/rules/Habpl.us.xml
@@ -1,4 +1,11 @@
-<ruleset name="habpl.us">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://habpl.us/ => https://habpl.us/: Too many redirects while fetching 'https://habpl.us/'
+Fetch error: http://www.habpl.us/ => https://www.habpl.us/: Too many redirects while fetching 'https://www.habpl.us/'
+
+-->
+<ruleset name="habpl.us" default_off="failed ruleset test">
 
 	<target host="habpl.us" />
 	<target host="www.habpl.us" />
@@ -7,7 +14,6 @@
 	<securecookie host="^\.?habpl\.us$" name=".+" />
 
 
-	<rule from="^http://(www\.)?habpl\.us/"
-		to="https://$1habpl.us/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/HabraCDN.net.xml b/src/chrome/content/rules/HabraCDN.net.xml
new file mode 100644
index 000000000000..b45456b24a1c
--- /dev/null
+++ b/src/chrome/content/rules/HabraCDN.net.xml
@@ -0,0 +1,28 @@
+<!--
+	For other TM coverage, see TMtm.ru.xml.
+
+
+	www.habracdn.net doesn't exist.
+
+
+	Insecure cookies are set for these domains:
+
+		- .habracdn.net
+
+-->
+<ruleset name="HabraCDN.net">
+
+	<target host="habracdn.net" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.habracdn\.net$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Habrahabr.ru.xml b/src/chrome/content/rules/Habrahabr.ru.xml
new file mode 100644
index 000000000000..5b508cd0e52e
--- /dev/null
+++ b/src/chrome/content/rules/Habrahabr.ru.xml
@@ -0,0 +1,46 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://auth.habrahabr.ru/ => https://auth.habrahabr.ru/: (51, "SSL: no alternative certificate subject name matches target host name 'auth.habrahabr.ru'")
+
+	For other TM coverage, see TMtm.ru.xml.
+
+
+	Nonfunctional hosts in *habrahabr.ru:
+
+		- api ¹
+
+	¹ 503, valid cert
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- ^ from www.viva64.com ʳ
+			- special from habrastorage.org *
+
+	* Secured by us
+	ʳ Unsecurable <= refused
+
+-->
+<ruleset name="Habrahabr.ru (partial)" default_off="failed ruleset test">
+
+	<target host="habrahabr.ru" />
+	<target host="auth.habrahabr.ru" />
+	<target host="m.habrahabr.ru" />
+	<target host="special.habrahabr.ru" />
+	<target host="www.habrahabr.ru" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^special\.habrahabr\.ru$" name="^captcha$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/HacDC.org.xml b/src/chrome/content/rules/HacDC.org.xml
new file mode 100644
index 000000000000..cae08ac7b218
--- /dev/null
+++ b/src/chrome/content/rules/HacDC.org.xml
@@ -0,0 +1,51 @@
+<!--
+	Problematic hosts in *hacdc.org:
+
+		- api ¹
+		- wiki ²
+
+	¹ Self-signed
+	² Mixed iframe
+
+
+	Insecure cookies are set for these hosts:
+
+		- wiki.hacdc.org
+
+
+	Mixed content:
+
+		- iframe on wiki from www.google.com ¹
+		- css on www from cdnjs.cloudflare.com ¹
+
+		- Images, on:
+
+			- www from i.creativecommons.org ¹
+			- www from api.hacdc.org ²
+			- www from www.hacdc.org ¹
+
+	¹ Secured by us
+	² Not secured by us <= self-signed
+
+-->
+<ruleset name="HacDC.org (partial)" platform="mixedcontent">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="hacdc.org" />
+	<!--target host="api.hacdc.org" /-->
+	<target host="wiki.hacdc.org" />
+	<target host="www.hacdc.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^wiki\.hacdc\.org$" name="^hacdc_wiki_session$" /-->
+
+	<securecookie host="^wiki\.hacdc\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Hack.chat.xml b/src/chrome/content/rules/Hack.chat.xml
new file mode 100644
index 000000000000..7cc4f1992ac5
--- /dev/null
+++ b/src/chrome/content/rules/Hack.chat.xml
@@ -0,0 +1,13 @@
+<!--
+	Invalid Certificate:
+		captcha.hack.chat
+		wss.hack.chat
+-->
+<ruleset name="Hack.chat">
+	<target host="hack.chat" />
+	<target host="www.hack.chat" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/HackHands.com.xml b/src/chrome/content/rules/HackHands.com.xml
new file mode 100644
index 000000000000..a3ef2d42a425
--- /dev/null
+++ b/src/chrome/content/rules/HackHands.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="HackHands.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="hackhands.com" />
+	<target host="www.hackhands.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/HackLab.to.xml b/src/chrome/content/rules/HackLab.to.xml
index dfdd5e832346..4405859448a6 100644
--- a/src/chrome/content/rules/HackLab.to.xml
+++ b/src/chrome/content/rules/HackLab.to.xml
@@ -1,10 +1,18 @@
-<ruleset name="HackLab.to" default_off="self-signed">
+<!--
+	No working URL known:
+		wiki.hacklab.to
+
+-->
+<ruleset name="HackLab.to">
 
 	<target host="hacklab.to" />
 	<target host="www.hacklab.to" />
+	<target host="apply.hacklab.to" />
+	<target host="dinesafe.hacklab.to" />
+	<target host="knowledge.hacklab.to" />
+	<target host="lists.hacklab.to" />
 
-
-	<rule from="^https?://(?:www\.)?hacklab\.to/"
-		to="https://hacklab.to/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/HackLang.org.xml b/src/chrome/content/rules/HackLang.org.xml
new file mode 100644
index 000000000000..a996e88e3c33
--- /dev/null
+++ b/src/chrome/content/rules/HackLang.org.xml
@@ -0,0 +1,14 @@
+<!--
+	Mismatched:
+		- www
+		- docs
+-->
+<ruleset name="HackLang.org">
+	<target host="hacklang.org" />
+	<target host="www.hacklang.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://www\.hacklang\.org/" to="https://hacklang.org/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/HackRead.com.xml b/src/chrome/content/rules/HackRead.com.xml
new file mode 100644
index 000000000000..c0cb2b7d0003
--- /dev/null
+++ b/src/chrome/content/rules/HackRead.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .hackread.com
+
+-->
+<ruleset name="HackRead.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="hackread.com" />
+	<target host="www.hackread.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.hackread\.com$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Hack_In_Paris.com.xml b/src/chrome/content/rules/Hack_In_Paris.com.xml
new file mode 100644
index 000000000000..00925fafb9c5
--- /dev/null
+++ b/src/chrome/content/rules/Hack_In_Paris.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .hackinparis.com
+
+-->
+<ruleset name="Hack In Paris.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="hackinparis.com" />
+	<target host="www.hackinparis.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.hackinparis\.com$" name="^SESS[\da-f]{32}$" /-->
+
+	<securecookie host="^\.hackinparis\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Hackaday.io.xml b/src/chrome/content/rules/Hackaday.io.xml
new file mode 100644
index 000000000000..0476e3974910
--- /dev/null
+++ b/src/chrome/content/rules/Hackaday.io.xml
@@ -0,0 +1,47 @@
+<!--
+	Nonfunctional hosts in *hackday.io:
+
+		- analytics *
+
+	* Differs from http
+
+
+	www.hackaday.io: Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- hackaday.io
+		- dev.hackaday.io
+
+-->
+<ruleset name="Hackaday.io (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="hackaday.io" />
+	<target host="auth.hackaday.io" />
+	<target host="cdn.hackaday.io" />
+	<target host="dev.hackaday.io" />
+	<target host="static.hackaday.io" />
+
+	<!--	Complications:
+				-->
+	<target host="www.hackaday.io" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^hackaday\.io$" name="^(?:_csrf|hackaday\.io\.sid)$" /-->
+	<!--securecookie host="^dev\.hackaday\.io$" name="^_csrf$" /-->
+
+	<securecookie host="^(?:dev\.)?hackaday\.io$" name=".+" />
+
+
+	<rule from="^http://www\.hackaday\.io/"
+		to="https://hackaday.io/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Hacker-Factor.xml b/src/chrome/content/rules/Hacker-Factor.xml
deleted file mode 100644
index 5c79c62fa753..000000000000
--- a/src/chrome/content/rules/Hacker-Factor.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="Hacker Factor (partial)" default_off="self-signed">
-
-	<target host="fotoforensics.com"/>
-	<target host="www.fotoforensics.com"/>
-
-	<rule from="^http://(?:www\.)?fotoforensics\.com/"
-		to="https://fotoforensics.com/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/HackerFactor.com.xml b/src/chrome/content/rules/HackerFactor.com.xml
new file mode 100644
index 000000000000..efe57c7dbea7
--- /dev/null
+++ b/src/chrome/content/rules/HackerFactor.com.xml
@@ -0,0 +1,12 @@
+<!--
+	Invalid Security Certificate:
+		audio.hackerfactor.com
+-->
+<ruleset name="HackerFactor.com">
+	<target host="hackerfactor.com" />
+	<target host="www.hackerfactor.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/HackerNews.xml b/src/chrome/content/rules/HackerNews.xml
index c24a1ec1fce9..203a010b6330 100644
--- a/src/chrome/content/rules/HackerNews.xml
+++ b/src/chrome/content/rules/HackerNews.xml
@@ -1,8 +1,28 @@
-<ruleset name="HackerNews">
-  <target host="news.ycombinator.com" />
-  <target host="www.news.ycombinator.com" />
+<!--
+	Insecure cookies are set for these domains and hosts:
 
-  <securecookie host="^(.+\.)?ycombinator\.com$" name=".*"/>
+		- .ycombinator.com
+		- news.ycombinator.com
+
+-->
+<ruleset name="Y Combinator.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ycombinator.com" />
+	<target host="cdn.ycombinator.com" />
+	<target host="news.ycombinator.com" />
+	<target host="www.ycombinator.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.ycombinator\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
-  <rule from="^http://(?:www\.)?news\.ycombinator\.com/" to="https://news.ycombinator.com/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/HackerOne.com.xml b/src/chrome/content/rules/HackerOne.com.xml
deleted file mode 100644
index db088b8de612..000000000000
--- a/src/chrome/content/rules/HackerOne.com.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="HackerOne.com">
-
-	<target host="hackerone.com" />
-	<target host="*.hackerone.com" />
-
-
-	<securecookie host="^\.hackerone\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?hackerone\.com/"
-		to="https://$1hackerone.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/HackerRank.com.xml b/src/chrome/content/rules/HackerRank.com.xml
new file mode 100644
index 000000000000..ca9b182c8828
--- /dev/null
+++ b/src/chrome/content/rules/HackerRank.com.xml
@@ -0,0 +1,18 @@
+<ruleset name="HackerRank.com">
+
+	<target host="hackerrank.com" />
+	<target host="www.hackerrank.com" />
+	<target host="hrcdn.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.hackerrank\.com$" name="^(_hackerrank_session|hackerrank_mixpanel_token)$" /-->
+
+	<securecookie host="^www\.hackerrank\.com$" name=".+" />
+	<securecookie host="^\.hrcdn\.net$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Hacker_Experience.com.xml b/src/chrome/content/rules/Hacker_Experience.com.xml
new file mode 100644
index 000000000000..ccd4166f9293
--- /dev/null
+++ b/src/chrome/content/rules/Hacker_Experience.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="Hacker Experience.com">
+
+	<target host="hackerexperience.com" />
+	<target host="www.hackerexperience.com" />
+
+
+	<securecookie host="^\.hackerexperience\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Hacker_Target.com.xml b/src/chrome/content/rules/Hacker_Target.com.xml
new file mode 100644
index 000000000000..228267203ce1
--- /dev/null
+++ b/src/chrome/content/rules/Hacker_Target.com.xml
@@ -0,0 +1,22 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.hackertarget.com/ => https://www.hackertarget.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+-->
+<ruleset name="Hacker Target.com" default_off="failed ruleset test">
+
+	<target host="hackertarget.com" />
+	<target host="www.hackertarget.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?hackertarget\.com$" name="^wordpress_test_cookie$" /-->
+
+	<securecookie host="^(?:www\.)?hackertarget\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Hackerboard.de.xml b/src/chrome/content/rules/Hackerboard.de.xml
new file mode 100644
index 000000000000..ab6e6aa1d92a
--- /dev/null
+++ b/src/chrome/content/rules/Hackerboard.de.xml
@@ -0,0 +1,41 @@
+<!--
+	Problematic hosts in *hackerboard.de:
+
+		- blog *
+		- wiki *
+
+	* Mismatched
+
+
+	Insecure cookies are set for these domains:
+
+		- .hackerboard.de
+
+
+	Mixed content:
+
+		- Image from $self *
+		- Bug from nht-2.extreme-dm.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Hackerboard.de (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="hackerboard.de" />
+	<target host="www.hackerboard.de" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.hackerboard\.de$" name="^bbsessionhash$" /-->
+
+	<securecookie host="^\.hackerboard\.de$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Hackerfunk.ch.xml b/src/chrome/content/rules/Hackerfunk.ch.xml
new file mode 100644
index 000000000000..696c531d5c15
--- /dev/null
+++ b/src/chrome/content/rules/Hackerfunk.ch.xml
@@ -0,0 +1,6 @@
+<ruleset name="Hackerfunk.ch">
+	<target host="hackerfunk.ch" />
+	<target host="www.hackerfunk.ch" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Hackers.fi.xml b/src/chrome/content/rules/Hackers.fi.xml
index f5a5b72b9faa..13586929fe78 100644
--- a/src/chrome/content/rules/Hackers.fi.xml
+++ b/src/chrome/content/rules/Hackers.fi.xml
@@ -1,19 +1,23 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://hackers.fi/ => https://hackers.fi/: (60, 'SSL certificate problem: certificate has expired')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://hackers.fi/ => https://hackers.fi/: (60, 'SSL certificate problem: certificate has expired')
 	Problematic subdomains:
 
 		- www	(mismatched, CN: www.noelia.fi)
 
 -->
-<ruleset name="hackers.fi">
+<ruleset name="hackers.fi" default_off="failed ruleset test">
 
 	<target host="hackers.fi" />
-	<target host="*.hackers.fi" />
-
+	<target host="root.hackers.fi" />
+	<target host="www.hackers.fi" />
 
-	<rule from="^https?://(?:www\.)?hackers\.fi/"
-		to="https://www.hackers.fi/" />
 
-	<rule from="^http://root\.hackers\.fi/"
-		to="https://root.hackers.fi/" />
+	<rule from="^http://(?:(root\.)|www\.)?hackers\.fi/"
+		to="https://$1hackers.fi/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Hackerschool.xml b/src/chrome/content/rules/Hackerschool.xml
index fb08508e5526..8aa8bb1cd49d 100644
--- a/src/chrome/content/rules/Hackerschool.xml
+++ b/src/chrome/content/rules/Hackerschool.xml
@@ -3,7 +3,7 @@
 	<target host="hackerschool.com"/>
 	<target host="*.hackerschool.com"/>
 
-	<securecookie host="^(.*\.)?hackerschool\.com$" name=".*"/>
+	<securecookie host=".+" name=".+"/>
 
 	<!--	cert from redirector.zerigo.net	-->
 	<rule from="^http://hackerschool\.com/"
diff --git a/src/chrome/content/rules/Hackerspace.pl.xml b/src/chrome/content/rules/Hackerspace.pl.xml
new file mode 100644
index 000000000000..a1cf8c0d2c63
--- /dev/null
+++ b/src/chrome/content/rules/Hackerspace.pl.xml
@@ -0,0 +1,52 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://git.hackerspace.pl/ => https://git.hackerspace.pl/: (6, 'Could not resolve host: git.hackerspace.pl')
+Fetch error: http://redmine.hackerspace.pl/ => https://redmine.hackerspace.pl/: (6, 'Could not resolve host: redmine.hackerspace.pl')
+
+	Insecure cookies are set for these hosts:
+
+		- hackerspace.pl
+		- ldap.hackerspace.pl
+		- owncloud.hackerspace.pl
+		- redmine.hackerspace.pl
+		- www.hackerspace.pl
+
+
+	Mixed content:
+
+		- Images on blog from $self *
+		- Bug on ldap from i.creativecommons.org *
+
+	* Secured by us
+
+-->
+<ruleset name="Hackerspace.pl" default_off="failed ruleset test">
+
+	<target host="hackerspace.pl" />
+	<target host="blog.hackerspace.pl" />
+	<target host="code.hackerspace.pl" />
+	<target host="gallery.hackerspace.pl" />
+	<target host="git.hackerspace.pl" />
+	<target host="ldap.hackerspace.pl" />
+	<target host="owncloud.hackerspace.pl" />
+	<target host="redmine.hackerspace.pl" />
+	<target host="static.hackerspace.pl" />
+	<target host="webchat.hackerspace.pl" />
+	<target host="wiki.hackerspace.pl" />
+	<target host="www.hackerspace.pl" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(ldap\.|www\.)?hackerspace\.pl$" name="^session$" /-->
+	<!--securecookie host="^owncloud\.hackerspace\.pl$" name="^[\da-f]+$" /-->
+	<!--securecookie host="^redmine\.hackerspace\.pl$" name="^_redmine_session$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Hackerspaces.nl.xml b/src/chrome/content/rules/Hackerspaces.nl.xml
new file mode 100644
index 000000000000..412174b5a020
--- /dev/null
+++ b/src/chrome/content/rules/Hackerspaces.nl.xml
@@ -0,0 +1,14 @@
+<!--
+	send HSTS header including all subdomains, but not preloaded
+-->
+<ruleset name="hackerspaces.nl">
+
+	<target host="hackerspaces.nl" />
+	<target host="www.hackerspaces.nl" />
+	<target host="amsterdam.hackerspaces.nl" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Hackerspaces.org.xml b/src/chrome/content/rules/Hackerspaces.org.xml
new file mode 100644
index 000000000000..62af5e5f9817
--- /dev/null
+++ b/src/chrome/content/rules/Hackerspaces.org.xml
@@ -0,0 +1,82 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+			 - nike.hackerspaces.org
+
+		Incomplete certificate chain error:
+			 - soup.hackerspaces.org
+
+		Different content:
+			 - hackerspaces.org
+			 - www.hackerspaces.org
+			 - across.hackerspaces.org
+			 - api.hackerspaces.org
+			 - base.hackerspaces.org
+			 - between.hackerspaces.org
+			 - beyond.hackerspaces.org
+			 - bio.hackerspaces.org
+			 - call-in.hackerspaces.org
+			 - challenge.hackerspaces.org
+			 - cheatsheet.hackerspaces.org
+			 - commons.hackerspaces.org
+			 - coop.hackerspaces.org
+			 - diy.hackerspaces.org
+			 - done.hackerspaces.org
+			 - dtl.hackerspaces.org
+			 - events.hackerspaces.org
+			 - ftw.hackerspaces.org
+			 - grants.hackerspaces.org
+			 - hardware.hackerspaces.org
+			 - hw.hackerspaces.org
+			 - jabber.hackerspaces.org
+			 - conference.jabber.hackerspaces.org
+			 - jobs.hackerspaces.org
+			 - leaks.hackerspaces.org
+			 - lib.hackerspaces.org
+			 - library.hackerspaces.org
+			 - listen.hackerspaces.org
+			 - logos.hackerspaces.org
+			 - media.hackerspaces.org
+			 - ocean.hackerspaces.org
+			 - onion.hackerspaces.org
+			 - orbital.hackerspaces.org
+			 - patterns.hackerspaces.org
+			 - people.hackerspaces.org
+			 - picks.hackerspaces.org
+			 - poetry.hackerspaces.org
+			 - praxis.hackerspaces.org
+			 - radio.hackerspaces.org
+			 - software.hackerspaces.org
+			 - space-api.hackerspaces.org
+			 - status.hackerspaces.org
+			 - stfu.hackerspaces.org
+			 - sw.hackerspaces.org
+			 - sync.hackerspaces.org
+			 - theory.hackerspaces.org
+			 - things.hackerspaces.org
+			 - todo.hackerspaces.org
+			 - toolbox.hackerspaces.org
+			 - tools.hackerspaces.org
+			 - tor.hackerspaces.org
+			 - wanted.hackerspaces.org
+			 - watch.hackerspaces.org
+			 - wetware.hackerspaces.org
+			 - wip.hackerspaces.org
+			 - wtf.hackerspaces.org
+			 - ww.hackerspaces.org
+			 - xmpp.hackerspaces.org
+
+		Mixed content blocking (MCB) tiggered:
+			 - blog.hackerspaces.org
+			 - flux.hackerspaces.org
+-->
+<ruleset name="Hackerspaces.org">
+	<target host="earth.hackerspaces.org" />
+	<target host="lists.hackerspaces.org" />
+	<target host="planet.hackerspaces.org" />
+	<target host="radar.hackerspaces.org" />
+	<target host="signal.hackerspaces.org" />
+	<target host="wiki.hackerspaces.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Hackerspaces.xml b/src/chrome/content/rules/Hackerspaces.xml
deleted file mode 100644
index 8a0de438f48c..000000000000
--- a/src/chrome/content/rules/Hackerspaces.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- blog	(cert: hackerspaces.org; 301s there)
-		- earth	(ditto)
-
--->
-<ruleset name="Hackerspaces" default_off="self-signed">
-
-	<target host="hackerspaces.org" />
-	<target host="www.hackerspaces.org" />
-
-
-	<securecookie host="^hackerspaces\.org$" name=".*" />
-
-
-	<!--	Cert only matches ^hackerspaces.org.
-							-->
-	<rule from="^https?://(?:www\.)?hackerspaces\.org/"
-		to="https://hackerspaces.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Hackforums.net.xml b/src/chrome/content/rules/Hackforums.net.xml
index ed1e2871b5e2..d0ed06b310cc 100644
--- a/src/chrome/content/rules/Hackforums.net.xml
+++ b/src/chrome/content/rules/Hackforums.net.xml
@@ -1,7 +1,12 @@
-<ruleset name="Hackforums.net (mixed content)" default_off="mixed content">
-<target host="www.hackforums.net"/>
-<target host="hackforums.net"/>
+<!--
+	Mismatch:
+		- tracking.hackforums.net
+-->
+<ruleset name="Hackforums.net">
+	<target host="hackforums.net"/>
+	<target host="www.hackforums.net"/>
 
-<rule from="^http://(www\.)?hackforums\.net/" to="https://www.hackforums.net/"/>
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:"/>
 </ruleset>
- 
diff --git a/src/chrome/content/rules/Hacking.Ventures.xml b/src/chrome/content/rules/Hacking.Ventures.xml
new file mode 100644
index 000000000000..c5df530f26d2
--- /dev/null
+++ b/src/chrome/content/rules/Hacking.Ventures.xml
@@ -0,0 +1,21 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://hacking.ventures/ => https://hacking.ventures/: (51, "SSL: no alternative certificate subject name matches target host name 'hacking.ventures'")
+Fetch error: http://www.hacking.ventures/ => https://hacking.ventures/: (51, "SSL: no alternative certificate subject name matches target host name 'hacking.ventures'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.hacking.ventures/ => https://hacking.ventures/: (51, "SSL: no alternative certificate subject name matches target host name 'www.hacking.ventures'")
+	www: Mismatched
+
+-->
+<ruleset name="Hacking.Ventures" default_off="failed ruleset test">
+
+	<target host="hacking.ventures" />
+	<target host="www.hacking.ventures" />
+
+
+	<rule from="^http://(?:www\.)?hacking\.ventures/"
+		to="https://hacking.ventures/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Hackinthebox.org.xml b/src/chrome/content/rules/Hackinthebox.org.xml
index fd1c52bf232f..7a3df93a4a77 100644
--- a/src/chrome/content/rules/Hackinthebox.org.xml
+++ b/src/chrome/content/rules/Hackinthebox.org.xml
@@ -1,4 +1,16 @@
-<ruleset name="Hackinthebox.org">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://hackinthebox.org/ => https://www.hackinthebox.org/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.hackinthebox.org/ => https://www.hackinthebox.org/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://forum.hackinthebox.org/ => https://forum.hackinthebox.org/: (60, 'SSL certificate problem: self signed certificate')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://hackinthebox.org/ => https://www.hackinthebox.org/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.hackinthebox.org/ => https://www.hackinthebox.org/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://forum.hackinthebox.org/ => https://forum.hackinthebox.org/: (60, 'SSL certificate problem: self signed certificate')
+-->
+<ruleset name="Hackinthebox.org" default_off="failed ruleset test">
   <target host="hackinthebox.org" />
   <target host="www.hackinthebox.org" />
   <target host="forum.hackinthebox.org" />
diff --git a/src/chrome/content/rules/Hackney.gov.uk-mixedcontent.xml b/src/chrome/content/rules/Hackney.gov.uk-mixedcontent.xml
new file mode 100644
index 000000000000..e9b7766b82ad
--- /dev/null
+++ b/src/chrome/content/rules/Hackney.gov.uk-mixedcontent.xml
@@ -0,0 +1,16 @@
+<!--
+	For rules not causing MCB, see Hackney.gov.uk.xml.
+
+-->
+<ruleset name="Hackney.gov.uk (MCB)" platform="mixedcontent">
+
+	<target host="apps.hackney.gov.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Hackney.gov.uk.xml b/src/chrome/content/rules/Hackney.gov.uk.xml
new file mode 100644
index 000000000000..62243d2447dd
--- /dev/null
+++ b/src/chrome/content/rules/Hackney.gov.uk.xml
@@ -0,0 +1,65 @@
+<!--
+	For rules causing MCB, see Hackney.gov.uk-mixedcontent.xml.
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *hackney.gov.uk:
+
+		- (www.)? ⁵
+		- idox ᵈ
+		- lovecleanhackney ᶠ
+		- www.map ᵈ
+		- museum ᵈ
+		- myhackney ᵈ
+		- pcbooking ᵈ
+		- planning ᵈ
+
+	⁵ 500
+	ᵈ Dropped
+	ᶠ Handshake fails
+
+
+	Problematic hosts in *hackney.gov.uk:
+
+		- news ᵐ
+
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- apps.hackney.gov.uk
+		- myaccount.hackney.gov.uk
+
+
+	Mixed content:
+
+		- css on apps from $self ˢ
+		- Images on apps from www.hackney.gov.uk ⁵
+
+	⁵ Unsecurable <= 500
+	ˢ Secured by us
+
+-->
+<ruleset name="Hackney.gov.uk (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<!--target host="apps.hackney.gov.uk" /-->
+	<target host="consultation.hackney.gov.uk" />
+	<target host="myaccount.hackney.gov.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^apps\.hackney\.gov\.uk$" name="^ASPSESSIONID[A-Z]{8}$" /-->
+	<!--securecookie host="^myaccount\.hackney\.gov\.uk$" name="^JSESSIONID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Hackover.de.xml b/src/chrome/content/rules/Hackover.de.xml
new file mode 100644
index 000000000000..18961112af64
--- /dev/null
+++ b/src/chrome/content/rules/Hackover.de.xml
@@ -0,0 +1,17 @@
+<!--
+	Non-functional hosts
+		Timeout was reached:
+			 - ctf.hackover.de
+			 - 2016.ctf.hackover.de
+
+		Incomplete certificate chain error:
+			 - testing.hackover.de
+-->
+<ruleset name="Hackover.de">
+	<target host="hackover.de" />
+	<target host="www.hackover.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Hackpad.xml b/src/chrome/content/rules/Hackpad.xml
index 282f47036b20..47ddafbdccfe 100644
--- a/src/chrome/content/rules/Hackpad.xml
+++ b/src/chrome/content/rules/Hackpad.xml
@@ -4,10 +4,14 @@
 	<target host="*.hackpad.com" />
 
 
+	<!--	Secured by server:
+					-->
+	<!--securecookie host="^\.hackpad\.com$" name="^(ES2|ET)$" /-->
+
 	<securecookie host=".*\.hackpad\.com$" name=".+" />
 
 
 	<rule from="^http://([\w-]+\.)?hackpad\.com/"
 		to="https://$1hackpad.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Hackthe.computer.xml b/src/chrome/content/rules/Hackthe.computer.xml
new file mode 100644
index 000000000000..21c662391446
--- /dev/null
+++ b/src/chrome/content/rules/Hackthe.computer.xml
@@ -0,0 +1,27 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://hackthe.computer/ => https://hackthe.computer/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.hackthe.computer/ => https://hackthe.computer/: (60, 'SSL certificate problem: certificate has expired')
+
+	www.hackthe.computer: Refused
+
+-->
+<ruleset name="hackthe.computer" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="hackthe.computer" />
+
+	<!--	Complications:
+				-->
+	<target host="www.hackthe.computer" />
+
+
+	<rule from="^http://www\.hackthe\.computer/"
+		to="https://hackthe.computer/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/HacktionLab.org.xml b/src/chrome/content/rules/HacktionLab.org.xml
new file mode 100644
index 000000000000..f14faca58011
--- /dev/null
+++ b/src/chrome/content/rules/HacktionLab.org.xml
@@ -0,0 +1,13 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.hacktionlab.org/ => https://www.hacktionlab.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.hacktionlab.org'")
+
+-->
+<ruleset name="HacktionLab.org" default_off="failed ruleset test">
+	<target host="hacktionlab.org" />
+	<target host="www.hacktionlab.org" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/HadithAnswers.com.xml b/src/chrome/content/rules/HadithAnswers.com.xml
new file mode 100644
index 000000000000..b52b4d378d84
--- /dev/null
+++ b/src/chrome/content/rules/HadithAnswers.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="HadithAnswers.com">
+	<target host="hadithanswers.com" />
+	<target host="www.hadithanswers.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/HadithBD.com.xml b/src/chrome/content/rules/HadithBD.com.xml
new file mode 100644
index 000000000000..3a3e0baddcd8
--- /dev/null
+++ b/src/chrome/content/rules/HadithBD.com.xml
@@ -0,0 +1,11 @@
+<ruleset name="HadithBD.com">
+	<target host="hadithbd.com" />
+	<target host="www.hadithbd.com" />
+	<target host="domain.hadithbd.com" />
+	<target host="www.domain.hadithbd.com" />
+	<target host="mail.hadithbd.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Hafner-ips.com.xml b/src/chrome/content/rules/Hafner-ips.com.xml
new file mode 100644
index 000000000000..fb89a218e853
--- /dev/null
+++ b/src/chrome/content/rules/Hafner-ips.com.xml
@@ -0,0 +1,5 @@
+<ruleset name="Hafner-ips.com">
+	<target host="hafner-ips.com" />
+	<target host="*.hafner-ips.com" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Haiku_Project.xml b/src/chrome/content/rules/Haiku_Project.xml
index 2806c71adf4d..955646fa2b06 100644
--- a/src/chrome/content/rules/Haiku_Project.xml
+++ b/src/chrome/content/rules/Haiku_Project.xml
@@ -1,13 +1,12 @@
 <ruleset name="Haiku Project">
 
 	<target host="haiku-os.org" />
-	<target host="*.haiku-os.org" />
+	<target host="www.haiku-os.org" />
 
 
 	<securecookie host="^\.haiku-os\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?haiku-os\.org/"
-		to="https://$1haiku-os.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Hail_Protector.xml b/src/chrome/content/rules/Hail_Protector.xml
deleted file mode 100644
index 48bd59014f19..000000000000
--- a/src/chrome/content/rules/Hail_Protector.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	For other Hail Storm Products coverage, see Hail_Storm_Products.xml.
-
-
-	^ CN: *.bluehost.com
-
--->
-<ruleset name="Hail Protector">
-
-	<target host="myhailprotector.com" />
-	<target host="*.myhailprotector.com" />
-
-
-	<securecookie host="^\.myhailprotector\.com$" name=".+" />
-
-
-	<rule from="^https?://(?:www\.)?myhailprotector\.com/"
-		to="https://www.myhailprotector.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Hail_Storm_Products.xml b/src/chrome/content/rules/Hail_Storm_Products.xml
deleted file mode 100644
index c8fe8ed2a501..000000000000
--- a/src/chrome/content/rules/Hail_Storm_Products.xml
+++ /dev/null
@@ -1,41 +0,0 @@
-<!--
-	Other Hail Storm Products rulesets:
-
-		- Hail_Protector.xml
-
-
-	Problematic domains:
-
-		- hailavenger.com *
-		- www.hailavenger.com
-		- hailguardian.com *
-		- hailavenger.hailguardian.com *
-		- www.hailguardian.com
-		- hailstormproducts.com *
-
-	* Mismatched, CN: *.bluehost.com
-
--->
-<ruleset name="Hail Storm Products">
-
-	<target host="hailavenger.com" />
-	<target host="www.hailavenger.com" />
-	<target host="hailguardian.com" />
-	<target host="*.hailguardian.com" />
-	<target host="hailstormproducts.com" />
-	<target host="*.hailstormproducts.com" />
-
-
-	<securecookie host="^\.hailstormproducts\.com$" name=".+" />
-
-
-	<rule from="^https?://(?:www\.)hailavenger(?:\.hailguardian)\.com/"
-		to="https://secure.bluehost.com/~hailguar/hailavenger/" />
-
-	<rule from="^https?://(?:www\.)?hailguardian\.com/"
-		to="https://secure.bluehost.com/~hailguar/" />
-
-	<rule from="^https?://(?:www\.)?hailstormproducts\.com/"
-		to="https://www.hailstormproducts.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Hakin9.org.xml b/src/chrome/content/rules/Hakin9.org.xml
new file mode 100644
index 000000000000..dfeabe007da3
--- /dev/null
+++ b/src/chrome/content/rules/Hakin9.org.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .hakin9.org
+
+-->
+<ruleset name="hakin9.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="hakin9.org" />
+	<target host="www.hakin9.org" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.hakin9\.org$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.hakin9\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Hakka_Labs.co.xml b/src/chrome/content/rules/Hakka_Labs.co.xml
new file mode 100644
index 000000000000..63a6c4818829
--- /dev/null
+++ b/src/chrome/content/rules/Hakka_Labs.co.xml
@@ -0,0 +1,32 @@
+<!--
+	Fully covered hosts in *hakkalabs.co:
+
+		- (www.)?
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .hakkalabs.co
+		- www.hakkalabs.co
+
+-->
+<ruleset name="Hakka Labs.co">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="hakkalabs.co" />
+	<target host="www.hakkalabs.co" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.hakkalabs\.co$" name="(__cfduid|cf_clearance)$" /-->
+	<!--securecookie host="^www\.hakkalabs\.co$" name="^(_hakka-publisher_session|XSRF-TOKEN)$" /-->
+
+	<securecookie host="^(?:www)?\.hakkalabs\.co$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Hakko.com.xml b/src/chrome/content/rules/Hakko.com.xml
deleted file mode 100644
index 4a853c5dc64f..000000000000
--- a/src/chrome/content/rules/Hakko.com.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="Hakko.com" platform="mixedcontent">
-  <target host="www.hakko.com" />
-  <target host="hakko.com" />
-
-  <rule from="^http://(?:www\.)?hakko\.com/" to="https://www.hakko.com/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/HalalTube.com.xml b/src/chrome/content/rules/HalalTube.com.xml
new file mode 100644
index 000000000000..99c284bc0c55
--- /dev/null
+++ b/src/chrome/content/rules/HalalTube.com.xml
@@ -0,0 +1,12 @@
+<!--
+	Invalid Certificate:
+		respect.halaltube.com
+-->
+<ruleset name="HalalTube.com">
+	<target host="halaltube.com" />
+	<target host="www.halaltube.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Halcyon.sh.xml b/src/chrome/content/rules/Halcyon.sh.xml
new file mode 100644
index 000000000000..50bd3fbf1a7c
--- /dev/null
+++ b/src/chrome/content/rules/Halcyon.sh.xml
@@ -0,0 +1,21 @@
+<!--
+	Time out:
+		www.halcyon.sh
+
+	Refused:
+		callback.halcyon.sh
+
+-->
+<ruleset name="Halcyon.sh">
+
+	<target host="halcyon.sh" />
+	<target host="www.halcyon.sh" />
+	<target host="s3.halcyon.sh" />
+
+	<rule from="^http://www\.halcyon\.sh/"
+		to="https://halcyon.sh/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Halebop.se.xml b/src/chrome/content/rules/Halebop.se.xml
index fa88c5efbfe8..7d51271c9d76 100644
--- a/src/chrome/content/rules/Halebop.se.xml
+++ b/src/chrome/content/rules/Halebop.se.xml
@@ -1,8 +1,12 @@
-<!-- already enforces https. adding to prevent sslstrips on port 80 -->
-<ruleset name="Halebop.se" platform="mixedcontent">
+<ruleset name="Halebop.se">
 	<target host="halebop.se" />
 	<target host="www.halebop.se" />
-	<rule from="^http://halebop\.se/" to="https://www.halebop.se/"/>
-	<rule from="^http://www\.halebop\.se/" to="https://www.halebop.se/"/>
-</ruleset>
+	<target host="ibank.halebop.se" />
+	<target host="kundservice.halebop.se" />
+	<target host="kundservice-chat.halebop.se" />
+	<target host="shop.halebop.se" />
+	<target host="support.halebop.se" />
+	<target host="support-test.halebop.se" />
 
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Halifax-Online.co.uk.xml b/src/chrome/content/rules/Halifax-Online.co.uk.xml
new file mode 100644
index 000000000000..91f3f6671e5c
--- /dev/null
+++ b/src/chrome/content/rules/Halifax-Online.co.uk.xml
@@ -0,0 +1,12 @@
+<ruleset name="Halifax-Online.co.uk (partial)">
+	<target host="halifax-online.co.uk" />
+	<target host="www.halifax-online.co.uk" />
+	<target host="cem.halifax-online.co.uk" />
+		<test url="http://cem.halifax-online.co.uk/eumcollector/beacons" />
+	<target host="help.halifax-online.co.uk" />
+	<target host="marketing.halifax-online.co.uk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Halifax.co.uk.xml b/src/chrome/content/rules/Halifax.co.uk.xml
new file mode 100644
index 000000000000..8d668c3c2d45
--- /dev/null
+++ b/src/chrome/content/rules/Halifax.co.uk.xml
@@ -0,0 +1,14 @@
+<ruleset name="Halifax.co.uk">
+	<target host="halifax.co.uk" />
+	<target host="www.halifax.co.uk" />
+	<target host="cem.halifax.co.uk" />
+		<test url="http://cem.halifax.co.uk/eumcollector/beacons/browser/v1/EU-AAB-HCH-DMP/adrum" />
+	<target host="images.halifax.co.uk" />
+		<test url="http://images.halifax.co.uk/assets/img/logo-print.png" />
+	<target host="static.halifax.co.uk" />
+		<test url="http://static.halifax.co.uk/assets/js/libs/jquery-ui.min.js" />
+	
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Halifax.xml b/src/chrome/content/rules/Halifax.xml
deleted file mode 100644
index 3188790d6c46..000000000000
--- a/src/chrome/content/rules/Halifax.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	Problematic domains:
-
-		- halifax.co.uk		(cert only matches www)
-
-
-	^halifax-online.co.uk doesn't exist
-
--->
-<ruleset name="Halifax">
-
-	<target host="halifax.co.uk" />
-	<target host="*.halifax.co.uk" />
-	<target host="*.halifax-online.co.uk" />
-
-
-	<securecookie host="^\.halifax(?:-online)?\.co\.uk$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?halifax(-online)?\.co\.uk/"
-		to="https://www.halifax$1.co.uk/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Hall_Data.com.xml b/src/chrome/content/rules/Hall_Data.com.xml
new file mode 100644
index 000000000000..52f8df68e9b3
--- /dev/null
+++ b/src/chrome/content/rules/Hall_Data.com.xml
@@ -0,0 +1,31 @@
+<!--
+	Fully covered hosts in *halldata.com:
+
+		- 1105-sub
+		- edge
+
+
+	Insecure cookies are set for these hosts:
+
+		- 1105-sub.halldata.com
+
+-->
+<ruleset name="Hall Data.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="1105-sub.halldata.com" />
+	<target host="edge.halldata.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^1105-sub\.halldata\.com$" name="^BIGipServer[\w.]+$" /-->
+
+	<securecookie host="^1105-sub\.halldata\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Halo-oglasi.xml b/src/chrome/content/rules/Halo-oglasi.xml
new file mode 100644
index 000000000000..95340e9940bd
--- /dev/null
+++ b/src/chrome/content/rules/Halo-oglasi.xml
@@ -0,0 +1,19 @@
+<!--
+	Invalid certificate:
+		web2sms.halooglasi.com
+
+	Unable to connect to server:
+		webtest.halooglasi.com
+-->
+<ruleset name="Halo oglasi">
+
+	<target host="halooglasi.com" />
+	<target host="www.halooglasi.com" />
+	<target host="img.halooglasi.com" />
+	<target host="promo.halooglasi.com" />
+	<target host="static.halooglasi.com" />
+	<target host="widget.halooglasi.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Halo.xml b/src/chrome/content/rules/Halo.xml
index 1484e91e2355..31efac7d6540 100644
--- a/src/chrome/content/rules/Halo.xml
+++ b/src/chrome/content/rules/Halo.xml
@@ -7,28 +7,42 @@
 		- waypointprod.blob.core.windows.net
 
 
-	Problematic subdomains:
+	Problematic hosts in *haolwaypoint.com:
 
-		- ^		(times out)
-		- download	(akamai)
+		- ^ ¹
+		- download ²
+
+	¹ Dropped
+	² Akamai
 
 -->
 <ruleset name="Halo">
 
+	<!--	Direct rewrites:
+				-->
+	<target host="app.halowaypoint.com" />
+	<target host="assets.halowaypoint.com" />
+	<target host="blogs.halowaypoint.com" />
+	<target host="forums.halowaypoint.com" />
+	<target host="download-ssl.halowaypoint.com" />
+	<target host="www.halowaypoint.com" />
+
+	<!--	Special cases:
+				-->
 	<target host="halowaypoint.com" />
-	<target host="*.halowaypoint.com" />
+	<target host="download.halowaypoint.com" />
 
 
-	<securecookie host="^(?:app|forums)?\.halowaypoint\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?halowaypoint\.com/"
+	<rule from="^http://halowaypoint\.com/"
 		to="https://www.halowaypoint.com/" />
 
-	<rule from="^http://(app|assets|blogs|forums)\.halowaypoint\.com/"
-		to="https://$1.halowaypoint.com/" />
-
-	<rule from="^https?://download(?:-ssl)?\.halowaypoint\.com/"
+	<rule from="^http://download\.halowaypoint\.com/"
 		to="https://download-ssl.halowaypoint.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Halo123.xml b/src/chrome/content/rules/Halo123.xml
deleted file mode 100644
index e28d19230506..000000000000
--- a/src/chrome/content/rules/Halo123.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	Nonfunctional domains:
-
-		- feedback.hao123.com	(times out)
-		- s0.hao123img.com	(ditto)
-
--->
-<ruleset name="halo123 (partial)">
-
-	<target host="user.hao123.com" />
-
-
-	<rule from="^http://user\.hao123\.com/"
-		to="https://user.hao123.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Halsnaes.dk.xml b/src/chrome/content/rules/Halsnaes.dk.xml
new file mode 100644
index 000000000000..c3bb04508d41
--- /dev/null
+++ b/src/chrome/content/rules/Halsnaes.dk.xml
@@ -0,0 +1,11 @@
+<ruleset name="Halsnaes.dk">
+
+	<target host="halsnaes.dk" />
+	<target host="www.halsnaes.dk" />
+
+	<securecookie host="^\.?(www\.)?halsnaes\.dk" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/HamRadioScience.com.xml b/src/chrome/content/rules/HamRadioScience.com.xml
new file mode 100644
index 000000000000..2aa352d06bf9
--- /dev/null
+++ b/src/chrome/content/rules/HamRadioScience.com.xml
@@ -0,0 +1,11 @@
+<ruleset name="HamRadioScience.com">
+
+	<target host="hamradioscience.com" />
+	<target host="www.hamradioscience.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/HamStudy.org.xml b/src/chrome/content/rules/HamStudy.org.xml
new file mode 100644
index 000000000000..52ce650b943e
--- /dev/null
+++ b/src/chrome/content/rules/HamStudy.org.xml
@@ -0,0 +1,35 @@
+<!--
+	Nonfunctional hosts in *hamstudy.org:
+
+		- blog *
+
+	* Shows another domain
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- hamstudy.org
+		- .hamstudy.org
+		- www.hamstudy.org
+
+-->
+<ruleset name="HamStudy.org (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="hamstudy.org" />
+	<target host="www.hamstudy.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?hamstudy\.org$" name="^connect\.sid$" /-->
+	<!--securecookie host="^\.hamstudy\.org$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^(?:\.|www\.)?hamstudy\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Hamburg.de.xml b/src/chrome/content/rules/Hamburg.de.xml
index 1013744d4118..c034530d23b4 100644
--- a/src/chrome/content/rules/Hamburg.de.xml
+++ b/src/chrome/content/rules/Hamburg.de.xml
@@ -1,5 +1,5 @@
 <ruleset name="Hamburg">
   <target host="www.hamburg.de"/>
   <target host="hamburg.de"/>
-  <rule from="^http://(?:www\.)?hamburg\.de/" to="https://www.hamburg.de/"/>
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Hammacher-Schlemmer.xml b/src/chrome/content/rules/Hammacher-Schlemmer.xml
index c1968fed3f9e..356933e24b32 100644
--- a/src/chrome/content/rules/Hammacher-Schlemmer.xml
+++ b/src/chrome/content/rules/Hammacher-Schlemmer.xml
@@ -1,12 +1,14 @@
 <ruleset name="Hammacher Schlemmer (partial)" platform="mixedcontent">
 
 	<target host="hammacher.com" />
-	<target host="*.hammacher.com" />
+	<target host="images.hammacher.com" />
+	<target host="www.hammacher.com" />
+	<target host="digital.hammacher.com" />
 
 
 	<!--	Akamai
 		Cert only matches www.	-->
-	<rule from="^https?://(images\.)?hammacher\.com/"
+	<rule from="^http://(?:images\.)?hammacher\.com/"
 		to="https://www.hammacher.com/" />
 
 	<rule from="^http://www\.hammacher\.com/((?:(?:cs|[iI]mage)s30)/|favicon\.ico)"
diff --git a/src/chrome/content/rules/Hamppu.net.xml b/src/chrome/content/rules/Hamppu.net.xml
index 598631a113d5..d2eac885b48a 100644
--- a/src/chrome/content/rules/Hamppu.net.xml
+++ b/src/chrome/content/rules/Hamppu.net.xml
@@ -1,5 +1,5 @@
 <!-- Cert mismatch: *.jenthosting.com -->
-<ruleset name="Hamppu.net (mismatches)" default_off="mismatch">
+<ruleset name="Hamppu.net (mismatches)" default_off="mismatched">
   <target host="hamppu.net" />
   <target host="www.hamppu.net" />
 
diff --git a/src/chrome/content/rules/Hamradio.com.xml b/src/chrome/content/rules/Hamradio.com.xml
new file mode 100644
index 000000000000..8ff318024cc4
--- /dev/null
+++ b/src/chrome/content/rules/Hamradio.com.xml
@@ -0,0 +1,13 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://hamradio.com/ => https://www.hamradio.com/: Too many redirects while fetching 'https://www.hamradio.com/'
+Fetch error: http://www.hamradio.com/ => https://www.hamradio.com/: Too many redirects while fetching 'https://www.hamradio.com/'
+
+-->
+<ruleset name="Hamradio.com" default_off="failed ruleset test">
+  <target host="hamradio.com" />
+  <target host="www.hamradio.com" />
+
+  <rule from="^http://(?:www\.)?hamradio\.com/" to="https://www.hamradio.com/" />
+</ruleset>
diff --git a/src/chrome/content/rules/Handbrake.fr.xml b/src/chrome/content/rules/Handbrake.fr.xml
deleted file mode 100644
index 1b58c38e2398..000000000000
--- a/src/chrome/content/rules/Handbrake.fr.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="Handbrake.fr">
-  <target host="handbrake.fr" />
-  <target host="www.handbrake.fr" />
-
-  <rule from="^http://(?:www\.)?handbrake\.fr/" to="https://handbrake.fr/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Handelsbanken.fi.xml b/src/chrome/content/rules/Handelsbanken.fi.xml
index 2da327b1ea80..ab62d990cac0 100644
--- a/src/chrome/content/rules/Handelsbanken.fi.xml
+++ b/src/chrome/content/rules/Handelsbanken.fi.xml
@@ -1,4 +1,13 @@
-<ruleset name="handelsbanken.fi (partial)">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www9.handelsbanken.fi/ => https://www9.handelsbanken.fi/: (60, 'SSL certificate problem: certificate has expired')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://www2.handelsbanken.fi/ => https://www2.handelsbanken.fi/: (7, 'Failed to connect to www2.handelsbanken.fi port 80: Connection refused')
+Fetch error: http://www9.handelsbanken.fi/ => https://www9.handelsbanken.fi/: 'NoneType' object has no attribute 'xpath'
+-->
+<ruleset name="handelsbanken.fi (partial)" default_off="failed ruleset test">
   <target host="handelsbanken.fi"/>
   <target host="www.handelsbanken.fi"/>
   <target host="www1.handelsbanken.fi"/>
@@ -7,11 +16,9 @@
   <target host="netsale.aktiiviraha.fi"/>
   <target host="www.aktiiviraha.fi"/>
   <target host="aktiiviraha.fi"/>
-  
-  <rule from="^http://(www\.)?handelsbanken\.fi/" to="https://www.handelsbanken.fi/"/>
+
+  <rule from="^http://(?:www\.)?handelsbanken\.fi/" to="https://www.handelsbanken.fi/"/>
   <rule from="^http://(www1|www2|www9)\.handelsbanken\.fi/" to="https://$1.handelsbanken.fi/"/>
-  <rule from="^http://(www\.)?aktiiviraha\.fi/" to="https://www.aktiiviraha.fi/"/>
+  <rule from="^http://(?:www\.)?aktiiviraha\.fi/" to="https://www.aktiiviraha.fi/"/>
   <rule from="^http://netsale\.aktiiviraha\.fi/" to="https://netsale.aktiiviraha.fi/"/>
-  <rule from="^https://aktiiviraha\.fi/" to="https://www.aktiiviraha.fi/"/>
-  <rule from="^https://handelsbanken\.fi/" to="https://www.handelsbanken.fi/"/>
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Handelsblatt.xml b/src/chrome/content/rules/Handelsblatt.xml
index 5d9849780d16..a864f54477d2 100644
--- a/src/chrome/content/rules/Handelsblatt.xml
+++ b/src/chrome/content/rules/Handelsblatt.xml
@@ -1,44 +1,65 @@
 <!--
-	CDN buckets:
-
-		- euroforumlb1-1093815010.eu-west-1.elb.amazonaws.com
-
-			- veranstaltungen
-
-		- d21rxpf5vn0rru.cloudfront.net
-
-			- staticef[12].handelsblatt.com
-
-
-	Problematic subdomains:
-
-		- ^	(refused)
-
-
-	Problematic subdomains:
-
-		- veranstaltungen	(works; mismatched, CN: *.euroforum.com)
-
-
-	Some pages redirect to http
-
+	Chain issue, missing intermediate:
+		- veranstaltungen.handelsblatt.com
+
+	Invalid certificate:
+		- financetoday.handelsblatt.com
+		- ircenter.handelsblatt.com
+		- mailservice.handelsblatt.com
+		- orangenews.handelsblatt.com
+		- staticef1.handelsblatt.com, equivalent to d30no8cbyph8wj.cloudfront.net
+		- staticef2.handelsblatt.com, equivalent to d30no8cbyph8wj.cloudfront.net
+
+	Redirects to HTTP:
+		- club.handelsblatt.com
+
+	Wrong redirect:
+		- 360grad.handelsblatt.com
+		- energyawards.handelsblatt.com
 -->
-<ruleset name="Handelsblatt (partial)">
 
+<ruleset name="Handelsblatt">
 	<target host="handelsblatt.com" />
-	<target host="*.handelsblatt.com" />
+	<target host="www.handelsblatt.com" />
+	<target host="abo.handelsblatt.com" />
+	<target host="amp.handelsblatt.com" />
+	<target host="angebot.handelsblatt.com" />
+	<target host="app.handelsblatt.com" />
+	<target host="apps.handelsblatt.com" />
+	<target host="archiv.handelsblatt.com" />
+	<target host="award.handelsblatt.com" />
+	<target host="chinacircle.handelsblatt.com" />
+	<target host="edison.handelsblatt.com" />
+	<target host="epaper.handelsblatt.com" />
+	<target host="finanzen.handelsblatt.com" />
+	<target host="global.handelsblatt.com" />
+	<target host="global-auth.handelsblatt.com" />
+	<target host="global-static.handelsblatt.com" />
+		<test url="http://global-static.handelsblatt.com/handelsblatt-global-edition-issue-542_2016-10-24.pdf" />
+	<target host="kaufhaus.handelsblatt.com" />
+	<target host="magazin.handelsblatt.com" />
+	<target host="morningbriefing.handelsblatt.com" />
+	<target host="morningbriefingmail.handelsblatt.com" />
+	<target host="orange.handelsblatt.com" />
+	<target host="quiz.handelsblatt.com" />
+	<target host="reiseauktion.handelsblatt.com" />
+	<target host="research.handelsblatt.com" />
+	<target host="signup.handelsblatt.com" />
+	<target host="staticef1.handelsblatt.com" />
+	<target host="staticef2.handelsblatt.com" />
+	<target host="themenplanung.handelsblatt.com" />
+	<target host="tool.handelsblatt.com" />
+	<target host="us-wahl.handelsblatt.com" />
 
 
 	<securecookie host="^abo\.handelsblatt\.com$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?handelsblatt\.com/images/"
-		to="https://www.handelsblatt.com/images/" />
-
-	<rule from="^http://abo\.handelsblatt\.com/"
-		to="https://abo.handelsblatt.com/" />
-
 	<rule from="^http://staticef[12]\.handelsblatt\.com/"
-		to="https://d21rxpf5vn0rru.cloudfront.net/" />
+		to="https://d30no8cbyph8wj.cloudfront.net/" />
+		<test url="http://staticef1.handelsblatt.com/source/css/ie.css" />
+		<test url="http://staticef2.handelsblatt.com/source/img/1.jpg" />
+
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Handelsregister.de.xml b/src/chrome/content/rules/Handelsregister.de.xml
new file mode 100644
index 000000000000..fa079446bb6a
--- /dev/null
+++ b/src/chrome/content/rules/Handelsregister.de.xml
@@ -0,0 +1,15 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://handelsregister.de/ => https://handelsregister.de/: (51, "SSL: no alternative certificate subject name matches target host name 'handelsregister.de'")
+
+-->
+<ruleset name="Handelsregister.de" default_off="failed ruleset test">
+  <target host=    "handelsregister.de"/>
+  <target host="www.handelsregister.de"/>
+
+  <securecookie host="^(www\.)?handelsregister\.de$" name=".+" />
+
+  <rule from="^http:"
+          to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/Handle.Net-Registry.xml b/src/chrome/content/rules/Handle.Net-Registry.xml
new file mode 100644
index 000000000000..a7cdf567906f
--- /dev/null
+++ b/src/chrome/content/rules/Handle.Net-Registry.xml
@@ -0,0 +1,18 @@
+<!--
+
+	Problematic domains:
+	- proxy.handle.net	(cert mismatch)
+	- purl.handle.net	(cert mismatch)
+
+-->
+<ruleset name="Handle.Net Registry">
+
+	<target host="handle.net" />
+	<target host="www.handle.net" />
+	<target host="hdl.handle.net" />
+
+	<securecookie host="^(hdl|www)\.handle\.net$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Handmade_Kultur.de.xml b/src/chrome/content/rules/Handmade_Kultur.de.xml
new file mode 100644
index 000000000000..d1ee644d8645
--- /dev/null
+++ b/src/chrome/content/rules/Handmade_Kultur.de.xml
@@ -0,0 +1,14 @@
+<ruleset name="Handmade Kultur.de (partial)">
+
+	<target host="handmadekultur.de" />
+	<target host="www.handmadekultur.de" />
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="http://(www\.)?handmadekultur\.de/+($|\?)" /-->
+
+
+	<rule from="^http://(www\.)?handmadekultur\.de/(?!/*(?:$|\?))"
+		to="https://$1handmadekultur.de/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Hands.com.xml b/src/chrome/content/rules/Hands.com.xml
index 0f210c095ceb..fa883957a6e9 100644
--- a/src/chrome/content/rules/Hands.com.xml
+++ b/src/chrome/content/rules/Hands.com.xml
@@ -1,10 +1,47 @@
-<ruleset name="hands.com" platform="cacert">
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+			 - bridge.hands.com
+			 - qins.hands.com
+			 - sheikh.hands.com
+			 - shogun.hands.com
 
-	<target host="hands.com" />
-	<target host="*.hands.com" />
+		Timeout was reached:
+			 - dc14switch.hands.com
+			 - sanjiro.hands.com
+
+		SSL peer certificate was not OK:
+			 - blog.hands.com
+			 - debian.hands.com
+			 - free.hands.com
+			 - ftp.hands.com
+			 - gallery.hands.com
+			 - git.hands.com
+			 - mail.hands.com
+			 - ns1.hands.com
+			 - ns3.hands.com
+			 - rhombus.hands.com
+			 - smtp.hands.com
+			 - smtp2.hands.com
+			 - things.hands.com
+			 - wiki.hands.com
 
+		Incomplete certificate chain error:
+			 - blue.hands.com
+			 - erp.hands.com
+			 - ns2.hands.com
+			 - switch.hands.com
+			 - tor-exit-readme.hands.com
+
+		Mixed Content Blocking (MCB) tiggered:
+			- hands.com
+			- www.hands.com
+-->
+<ruleset name="Hands.com (partial)" platform="mixedcontent">
+	<target host="hands.com" />
+	<target host="www.hands.com" />
 
-	<rule from="^http://(free\.|www\.)?hands\.com/"
-		to="https://$1hands.com/" />
+	<securecookie host="^(www\.)?hands\.com$" name=".+" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Handsome_Code.com.xml b/src/chrome/content/rules/Handsome_Code.com.xml
new file mode 100644
index 000000000000..451e77b7693c
--- /dev/null
+++ b/src/chrome/content/rules/Handsome_Code.com.xml
@@ -0,0 +1,14 @@
+<!--
+	^: dropped
+
+-->
+<ruleset name="Handsome Code.com" default_off="mismatched">
+
+	<target host="handsomecode.com" />
+	<target host="www.handsomecode.com" />
+
+
+	<rule from="^http://(?:www\.)?handsomecode\.com/"
+		to="https://www.handsomecode.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Handtekening.nl.xml b/src/chrome/content/rules/Handtekening.nl.xml
new file mode 100644
index 000000000000..ac24da003c25
--- /dev/null
+++ b/src/chrome/content/rules/Handtekening.nl.xml
@@ -0,0 +1,9 @@
+<ruleset name="Handtekening.nl">
+
+	<target host="handtekening.nl" />
+	<target host="www.handtekening.nl" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Handy.de.xml b/src/chrome/content/rules/Handy.de.xml
deleted file mode 100644
index d0467dde722b..000000000000
--- a/src/chrome/content/rules/Handy.de.xml
+++ /dev/null
@@ -1,34 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- dynimages	(refused)
-
-
-	Problematic subdomains:
-
-		- (www.)	(refused)
-		- img		(mismatched, CN: i.arvm.de)
-
-
-	Fully covered subdomains:
-
-		- (www.)	(→ www.etracker.de)
-		- img		(→ i.arvm.de)
-
--->
-<ruleset name="handy.de">
-
-	<target host="handy.de" />
-	<target host="*.handy.de" />
-
-
-	<rule from="^http://(?:www\.)?handy\.de/+[^?]*\?(.*)"
-		to="https://www.etracker.de/lnkcnt.php?et=kbglnx&amp;url=http://www.mondiamedia.com%3FL%3D0%26redirect_from%3Dhandy.de&amp;lnkname=handy&amp;$1" />
-
-	<rule from="^http://(?:www\.)?handy\.de/.*"
-		to="https://www.etracker.de/lnkcnt.php?et=kbglnx&amp;url=http://www.mondiamedia.com%3FL%3D0%26redirect_from%3Dhandy.de&amp;lnkname=handy" />
-
-	<rule from="^http://img\.handy\.de/"
-		to="https://i.arvm.de/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Hanfling.de.xml b/src/chrome/content/rules/Hanfling.de.xml
new file mode 100644
index 000000000000..8960d4d1edb0
--- /dev/null
+++ b/src/chrome/content/rules/Hanfling.de.xml
@@ -0,0 +1,16 @@
+<!--
+	Mismatched (CN: *.kasserver.com):
+		- botanik
+		- mail
+-->
+
+<ruleset name="Hanfling.de">
+	<target host="hanfling.de" />
+	<target host="www.hanfling.de" />
+	<target host="coding.hanfling.de" />
+	<target host="www.coding.hanfling.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Hanford_Site.xml b/src/chrome/content/rules/Hanford_Site.xml
index b4be1c317027..6c7a321adce5 100644
--- a/src/chrome/content/rules/Hanford_Site.xml
+++ b/src/chrome/content/rules/Hanford_Site.xml
@@ -1,8 +1,9 @@
 <!--
-	For other U.S. government coverage, see US-government.xml.
+	Hanford Site
+
 
 -->
-<ruleset name="Hanford Site">
+<ruleset name="Hanford.gov" default_off="refused">
 
 	<target host="hanford.gov" />
 	<target host="www.hanford.gov" />
@@ -11,7 +12,7 @@
 	<securecookie host="^(?:www\.)?hanford\.gov$" name=".+" />
 
 
-	<rule from="^http://(www\.)?hanford\.gov/"
-		to="https://$1hanford.gov/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/HangSeng.com.cn.xml b/src/chrome/content/rules/HangSeng.com.cn.xml
new file mode 100644
index 000000000000..86b956e8298d
--- /dev/null
+++ b/src/chrome/content/rules/HangSeng.com.cn.xml
@@ -0,0 +1,20 @@
+<!--
+	For other Hang Seng Bank related rulesets, see HangSengBank.xml
+
+	Non-functional hosts
+		Couldn't connect to server:
+		- funds.hangseng.com.cn
+
+		SSL peer certificate was not OK:
+		- hangseng.com.cn
+		- www.ecds.hangseng.com.cn
+-->
+<ruleset name="HangSeng.com.cn">
+	<target host="hangseng.com.cn" />
+	<target host="www.hangseng.com.cn" />
+
+	<rule from="^http://hangseng\.com\.cn/"
+		to="https://www.hangseng.com.cn/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/HangSengBank.xml b/src/chrome/content/rules/HangSengBank.xml
new file mode 100644
index 000000000000..6169f5ca5f51
--- /dev/null
+++ b/src/chrome/content/rules/HangSengBank.xml
@@ -0,0 +1,46 @@
+<!--
+	Other Hang Seng Bank related rulesets:
+		+ HSI.com.hk.xml
+		+ HangSeng.com.cn.xml
+
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- hsp2gp1.hangseng.com
+		- hsp2gp2.hangseng.com
+-->
+<ruleset name="Hang Seng Bank">
+	<target host="hangseng.com" />
+	<target host="www.hangseng.com" />
+
+	<target host="bank.hangseng.com" />
+	<target host="biz-ebanking.hangseng.com" />
+	<target host="www.biz-ebanking.hangseng.com" />
+	<target host="www1.biz-ebanking.hangseng.com" />
+	<target host="www2.biz-ebanking.hangseng.com" />
+	<target host="e-banking.blp.hangseng.com" />
+
+	<target host="chatbot.hangseng.com" />
+	<target host="cms.hangseng.com" />
+
+	<target host="developer.hangseng.com" />
+
+	<target host="e-banking.hangseng.com" />
+	<target host="e-banking1.hangseng.com" />
+	<target host="e-banking2.hangseng.com" />
+	<target host="eba.hangseng.com" />
+	<target host="ebusiness.hangseng.com" />
+	<target host="evalue.hangseng.com" />
+
+	<target host="inv.hangseng.com" />
+	<target host="www.ipoonline.hangseng.com" />
+
+	<target host="fileupload.hangseng.com" />
+	<target host="fileupload1.hangseng.com" />
+	<target host="fileupload2.hangseng.com" />
+
+	<target host="realestate.hangseng.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Hannover_Messe.de.xml b/src/chrome/content/rules/Hannover_Messe.de.xml
new file mode 100644
index 000000000000..d564d7db5767
--- /dev/null
+++ b/src/chrome/content/rules/Hannover_Messe.de.xml
@@ -0,0 +1,52 @@
+<!--
+	For other Deutsche Messe coverage, see Deutsche_Messe.xml.
+
+
+	^hannovermesse.de: Dropped
+
+-->
+<ruleset name="Hannover Messe.de (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.hannovermesse.de" />
+
+	<!--	Complications:
+				-->
+	<target host="hannovermesse.de" />
+
+		<!--	Redirects to http:
+					-->
+		<!--exclusion pattern="^http://www\.hannovermesse\.de/(home$|favicon\.ico)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.hannovermesse\.de/(?!en/applikation/secure/|meinemesse/login|myfair-root/login)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.hannovermesse.de/en/applikation/forms/general-contact-form/" />
+			<test url="http://www.hannovermesse.de/en/get-tickets/" />
+			<test url="http://www.hannovermesse.de/en/info/for-exhibitors/become-an-exhibitor/benefits/" />
+			<test url="http://www.hannovermesse.de/en/info/for-journalists/" />
+			<test url="http://www.hannovermesse.de/en/info/for-visitors/on-site-services/hm-app.xhtml" />
+			<test url="http://www.hannovermesse.de/en/news/after-show-report/" />
+			<test url="http://www.hannovermesse.de/en/news/news/newsletter-service/index-2.xhtml" />
+			<test url="http://www.hannovermesse.de/en/program/partner-country/" />
+			<test url="http://www.hannovermesse.de/home" />
+			<test url="http://www.hannovermesse.de/favicon.ico" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.hannovermesse.de/meinemesse/login" />
+			<test url="http://www.hannovermesse.de/en/applikation/secure/myhannover-messe/login-page.xhtml" />
+			<test url="http://www.hannovermesse.de/myfair-root/login" />
+
+
+	<rule from="^http://hannovermesse\.de/"
+		to="https://www.hannovermesse.de/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Hants.gov.uk.xml b/src/chrome/content/rules/Hants.gov.uk.xml
new file mode 100644
index 000000000000..47a87dd2533c
--- /dev/null
+++ b/src/chrome/content/rules/Hants.gov.uk.xml
@@ -0,0 +1,114 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://tribal.hants.gov.uk/ (200) => https://tribal.hants.gov.uk/ (404)
+
+	Hampshire County Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *hants.gov.uk:
+
+		- blogs ᵇ
+		- www.bramdean ᵃ
+		- www.coldencommon ᵈ
+		- communities ʳ
+		- consultations ⁴
+		- documents ᵈ
+		- election ⁴
+		- (www.)?fid ⁴
+		- www.hantsfish ʳ
+		- hias ᵃ
+
+		- bal.hias ᵃ
+		- emtas.hias ᵃ
+		- english.hias ᵃ
+		- ict.hias ᵃ
+		- re.hias ᵃ
+		- science.hias ᵃ
+
+		- historicenvironment ᵃ
+		- linkeddata ʳ
+		- localviewmaps ᵖ
+
+		- www.bartonstacey.parish ᵃ
+		- compton.parish ᵇ
+		- www.wickham.parish ᵇ
+		- wonston.parish ᵇ
+
+		- peo ᶠ
+		- spgs.school ᵇ
+		- services ᵈ
+		- www.sfycblog ᵇ
+		- www.twyfordpc ᵃ
+
+	⁴ 404
+	ᵃ Shows another domain
+	ᵇ Shows default page
+	ᵈ Dropped
+	ᶠ Handshake fails
+	ᵖ Plaintext reply
+	ʳ Refused
+
+
+	Problematic hosts in *hants.gov.uk:
+
+		- bookings ᵐ
+		- leadership.hias ᵐ
+
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .hants.gov.uk
+		- accounts.hants.gov.uk
+		- countysuppliesonline.hants.gov.uk
+		- einvoicepayments.hants.gov.uk
+		- gmclerkstlgaccess.hants.gov.uk
+		- learningzone.hants.gov.uk
+		- row.hants.gov.uk
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- (www.)?, www3 from www.hants.gov.uk ˢ
+			- (www.)?, gmclerkstlgaccess, www3 from www3.hants.gov.uk ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="Hants.gov.uk (partial)" default_off="failed ruleset test">
+
+	<target host="hants.gov.uk" />
+	<target host="accounts.hants.gov.uk" />
+	<target host="countysuppliesonline.hants.gov.uk" />
+	<target host="einvoicepayments.hants.gov.uk" />
+	<target host="gmclerkstlgaccess.hants.gov.uk" />
+	<target host="learningzone.hants.gov.uk" />
+	<target host="maps.hants.gov.uk" />
+	<target host="row.hants.gov.uk" />
+	<target host="selfserve.hants.gov.uk" />
+	<target host="tribal.hants.gov.uk" />
+	<target host="upmlive.hants.gov.uk" />
+	<target host="www.hants.gov.uk" />
+	<target host="www3.hants.gov.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.hants\.gov\.uk$" name="^citrix_ns_id" /-->
+	<!--securecookie host="^(?:accounts|einvoicepayments|gmclerkstlgaccess|learningzone)\.hants\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^countysuppliesonline\.hants\.gov\.uk$" name="^CactuShop6$" /-->
+	<!--securecookie host="^row\.hants\.gov\.uk$" name="^(?:ASP\.NET_SessionId|UILanguage)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Hao123.com.xml b/src/chrome/content/rules/Hao123.com.xml
new file mode 100644
index 000000000000..d2594db8dc7c
--- /dev/null
+++ b/src/chrome/content/rules/Hao123.com.xml
@@ -0,0 +1,49 @@
+<!--
+	For other Baidu coverage, see Baidu.xml.
+
+	Dropped:
+		- en
+		- tuan
+		- tw
+
+	Mismatched:
+		- ^
+		- ae
+		- img[0-6]?
+		- music
+		- static.book
+
+	Redirect to HTTP:
+		- live
+		- tejia
+		- topic
+
+	Mixed content:
+		- djyx
+		- lady
+		- pic
+		- soft
+		- tianqi
+		- vip
+		- xyx
+-->
+<ruleset name="Hao123.com (partial)">
+	<target host="hao123.com" />
+	<target host="www.hao123.com" />
+	<target host="book.hao123.com" />
+	<target host="common.hao123.com" />
+	<target host="dl.hao123.com" />
+	<target host="feedback.hao123.com" />
+	<target host="game.hao123.com" />
+	<target host="life.hao123.com" />
+	<target host="m.hao123.com" />
+	<target host="moe.hao123.com" />
+	<target host="qipai.hao123.com" />
+	<target host="user.hao123.com" />
+	<target host="wyyx.hao123.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://hao123\.com/" to="https://www.hao123.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/HappyHardcore.com.xml b/src/chrome/content/rules/HappyHardcore.com.xml
new file mode 100644
index 000000000000..cdf029b745aa
--- /dev/null
+++ b/src/chrome/content/rules/HappyHardcore.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="HappyHardcore.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="happyhardcore.com" />
+	<target host="www.happyhardcore.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/HappyKnowledge.com.xml b/src/chrome/content/rules/HappyKnowledge.com.xml
index e0b443cbb66a..57a21f653acf 100644
--- a/src/chrome/content/rules/HappyKnowledge.com.xml
+++ b/src/chrome/content/rules/HappyKnowledge.com.xml
@@ -5,7 +5,7 @@
 <ruleset name="HappyKnowledge.com">
 
 	<target host="happyknowledge.com" />
-	<target host="*.happyknowledge.com" />
+	<target host="www.happyknowledge.com" />
 
 
 	<securecookie host="^(?:www)\.happyknowledge\.com$" name=".+" />
diff --git a/src/chrome/content/rules/HappyPlanetIndex.org.xml b/src/chrome/content/rules/HappyPlanetIndex.org.xml
new file mode 100644
index 000000000000..3e24a2247e9c
--- /dev/null
+++ b/src/chrome/content/rules/HappyPlanetIndex.org.xml
@@ -0,0 +1,11 @@
+<ruleset name="Happy Planet Index.org">
+
+	<target host="happyplanetindex.org" />
+	<target host="www.happyplanetindex.org" />
+	<target host="beta.happyplanetindex.org" />
+	<target host="www.beta.happyplanetindex.org" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Happy_Herbivore.xml b/src/chrome/content/rules/Happy_Herbivore.xml
deleted file mode 100644
index d2a20b474b7d..000000000000
--- a/src/chrome/content/rules/Happy_Herbivore.xml
+++ /dev/null
@@ -1,40 +0,0 @@
-<!--
-	CDN buckets:
-
-		- d1go12qtky6pt0.cloudfront.net | s3.amazonaws.com/happyherb-media/
-
-			- media.happyherbivore.com
-
-		- d2vtfeon2ovn8e.cloudfront.net | s3.amazonaws.com/happyherb-css/
-
-			- css.happyherbivore.com
-
-		- dmi4pvc5gbhhd.cloudfront.net | s3.amazonaws.com/happyherb-photos/
-
-			- photos.happyherbivore.com
-
-
-	Nonfunctional subdomains:
-
-		- (www.)	(redirects to http, valid cert)
-		- store		(pages redirect to http; mismatched, CN: *.storenvy.com)
-
--->
-<ruleset name="Happy Herbivore (partial)">
-
-	<target host="*.happyherbivore.com" />
-
-
-	<rule from="^http://css\.happyherbivore\.com/"
-		to="https://d2vtfeon2ovn8e.cloudfront.net/" />
-
-	<rule from="^http://media\.happyherbivore\.com/"
-		to="https://d1go12qtky6pt0.cloudfront.net/" />
-
-	<rule from="^http://photos\.happyherbivore\.com/"
-		to="https://dmi4pvc5gbhhd.cloudfront.net/" />
-
-	<rule from="^http://store\.happyherbivore\.com/themes/"
-		to="https://www.storenvy.com/themes/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Happyassassin.net.xml b/src/chrome/content/rules/Happyassassin.net.xml
new file mode 100644
index 000000000000..af4be16b898f
--- /dev/null
+++ b/src/chrome/content/rules/Happyassassin.net.xml
@@ -0,0 +1,27 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://happyassassin.net/ => https://happyassassin.net/: (51, "SSL: no alternative certificate subject name matches target host name 'happyassassin.net'")
+Fetch error: http://mail.happyassassin.net/ => https://mail.happyassassin.net/: (51, "SSL: no alternative certificate subject name matches target host name 'mail.happyassassin.net'")
+
+-->
+<ruleset name="happyassassin.net" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="happyassassin.net" />
+	<target host="mail.happyassassin.net" />
+	<target host="www.happyassassin.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(mail\.|www\.)?happyassassin\.net$" name="^bb2_screener$" /-->
+
+	<securecookie host="^(?:mail\.|www\.)?happyassassin\.net$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Happyfoto.xml b/src/chrome/content/rules/Happyfoto.xml
new file mode 100644
index 000000000000..a3935663b7b3
--- /dev/null
+++ b/src/chrome/content/rules/Happyfoto.xml
@@ -0,0 +1,32 @@
+<!--
+    Photo printing service Happyfoto
+
+	http redirect:
+		- onlinedesigner.happyfoto.de
+		- onlinedesigner.happyfoto.sk
+		- onlinedesigner.happyfoto.at
+		- onlinedesigner.happyfoto.cz
+	certificate mismatch:
+		- usmev.happyfoto.cz
+		- usmev.happyfoto.sk
+		- newsletter.happyfoto.de
+		- newsletter.happyfoto.at
+	timeout on https:
+		- blog.happyfoto.at
+-->
+<ruleset name="Happyfoto">
+	<target host="happyfoto.de" />
+	<target host="www.happyfoto.de" />
+	<target host="happyfoto.at" />
+	<target host="www.happyfoto.at" />
+	<target host="happyfoto.sk" />
+	<target host="www.happyfoto.sk" />
+	<target host="happyfoto.cz" />
+	<target host="www.happyfoto.cz" />
+	<target host="foto.happyfoto.at" />
+	<target host="foto.happyfoto.cz" />
+	<target host="foto.happyfoto.de" />
+	<target host="foto.happyfoto.sk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Haproxy.org.xml b/src/chrome/content/rules/Haproxy.org.xml
new file mode 100644
index 000000000000..bab249320888
--- /dev/null
+++ b/src/chrome/content/rules/Haproxy.org.xml
@@ -0,0 +1,18 @@
+<!--
+	No working url known:
+		- stats.haproxy.org
+		- master.haproxy.org
+		- ipv4.haproxy.org
+-->
+<ruleset name="Haproxy.org">
+	<target host="haproxy.org" />
+	<target host="www.haproxy.org" />
+	<target host="demo.haproxy.org" />
+	<target host="dev.haproxy.org" />
+	<target host="discourse.haproxy.org" />
+	<target host="git.haproxy.org" />
+	<target host="ipv6.haproxy.org" />
+	<target host="slack.haproxy.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Harakahdaily.xml b/src/chrome/content/rules/Harakahdaily.xml
index 27cb9b34c194..59bc24549ccb 100644
--- a/src/chrome/content/rules/Harakahdaily.xml
+++ b/src/chrome/content/rules/Harakahdaily.xml
@@ -1,4 +1,7 @@
 <!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://harakahdaily.net/ (200) => https://harakahdaily.net/ (521)
+Non-2xx HTTP code: http://harakah.net.my/ (200) => https://harakah.net.my/ (521)
 	Nonfunctional domains:
 
 		- epaper.harakah.net.my		(401)
@@ -11,21 +14,13 @@
 -->
 <ruleset name="Harakahdaily (partial)">
 
-	<target host="harakahdaily.net" />
-	<target host="*.harakahdaily.net" />
-		<exclusion pattern="^http://arkib\.harakahdaily\.net/(?!resource/)" />
 	<target host="harakah.net.my" />
-	<target host="*.harakah.net.my" />
-
+	<target host="cdn.harakah.net.my" />
+	<target host="www.harakah.net.my" />
 
 	<securecookie host="^(?:en|m)\.harakahdaily\.net$" name=".+" />
 	<securecookie host="^\.harakah\.net\.my$" name=".+" />
 
+	<rule from="^http:" to="https:" />
 
-	<rule from="^http://((?:arkib|bm|cdn-ads|en|m|www)\.)?harakahdaily\.net/"
-		to="https://$1harakahdaily.net/" />
-
-	<rule from="^http://(cdn\.|www\.)?harakah\.net\.my/"
-		to="https://$1harakah.net.my/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/HardDrop.com.xml b/src/chrome/content/rules/HardDrop.com.xml
new file mode 100644
index 000000000000..82e71173e765
--- /dev/null
+++ b/src/chrome/content/rules/HardDrop.com.xml
@@ -0,0 +1,13 @@
+<!--
+	Mismatched:
+		- blog (*.tumblr.com)
+-->
+
+<ruleset name="HardDrop.com" platform="mixedcontent">
+	<target host="harddrop.com" />
+	<target host="www.harddrop.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Hardcore_Teen_Girls.xml b/src/chrome/content/rules/Hardcore_Teen_Girls.xml
index 1d104d361de8..c17a9688026d 100644
--- a/src/chrome/content/rules/Hardcore_Teen_Girls.xml
+++ b/src/chrome/content/rules/Hardcore_Teen_Girls.xml
@@ -9,7 +9,7 @@
 
 	<!--	CN: Parallels Panel
 					-->
-	<rule from="^https?://(?:www\.)?hardcoreteengirls\.com/"
+	<rule from="^http://(?:www\.)?hardcoreteengirls\.com/"
 		to="https://hardcoreteengirls.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/HardenedBSD.org.xml b/src/chrome/content/rules/HardenedBSD.org.xml
new file mode 100644
index 000000000000..805ccf40efaa
--- /dev/null
+++ b/src/chrome/content/rules/HardenedBSD.org.xml
@@ -0,0 +1,41 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://pkg.hardenedbsd.org/ => https://pkg.hardenedbsd.org/: (60, 'SSL certificate problem: certificate has expired')
+
+	Nonfunctional hosts in *hardenedbsd.org:
+
+		- nyi-01.build ¹
+		- ftp ²
+		- jenkins ³
+
+	¹ Dropped
+	² Shows another domain
+	³ Refused
+
+
+	Insecure cookies are set for these domains:
+
+		- .hardenedbsd.org
+
+-->
+<ruleset name="HardenedBSD.org (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="hardenedbsd.org" />
+	<target host="pkg.hardenedbsd.org" />
+	<target host="www.hardenedbsd.org" />
+
+
+	<!--	Direct rewrites:
+				-->
+	<!--securecookie host="^\.hardenedbsd\.org$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.hardenedbsd\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Hardwarebug.xml b/src/chrome/content/rules/Hardwarebug.xml
index b129cd747afe..ea09815a0505 100644
--- a/src/chrome/content/rules/Hardwarebug.xml
+++ b/src/chrome/content/rules/Hardwarebug.xml
@@ -4,7 +4,7 @@
 	<target host="www.hardwarebug.org" />
 
 
-	<rule from="^https?://(?:www\.)?hardwarebug\.org/"
+	<rule from="^http://(?:www\.)?hardwarebug\.org/"
 		to="https://hardwarebug.org/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Hark.xml b/src/chrome/content/rules/Hark.xml
index d9ff2c303eda..2c233d4c8dde 100644
--- a/src/chrome/content/rules/Hark.xml
+++ b/src/chrome/content/rules/Hark.xml
@@ -1,4 +1,12 @@
-<ruleset name="Hark">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://hark.com/ => https://hark.com/: (7, 'Failed to connect to hark.com port 443: Connection refused')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://hark.com/ => https://hark.com/: (7, 'Failed to connect to hark.com port 443: Connection refused')
+-->
+<ruleset name="Hark" default_off="failed ruleset test">
 
 	<target host="hark.com" />
 	<target host="*.hark.com" />
@@ -10,7 +18,7 @@
 	<rule from="^http://(www\.)?hark\.com/"
 		to="https://$1hark.com/" />
 
-	<rule from="^https?://cdn\d?\.hark\.com/"
+	<rule from="^http://cdn\d?\.hark\.com/"
 		to="https://d1qq3790ig6355.cloudfront.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Harland-Clarke.xml b/src/chrome/content/rules/Harland-Clarke.xml
index e364b9ca3435..7c4eb8ad0bd8 100644
--- a/src/chrome/content/rules/Harland-Clarke.xml
+++ b/src/chrome/content/rules/Harland-Clarke.xml
@@ -1,5 +1,26 @@
-<ruleset name="Harland Clarke" platform="mixedcontent">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://harlandclarkewebsmart.com/ => https://www.harlandclarkewebsmart.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.harlandclarkewebsmart.com/ => https://www.harlandclarkewebsmart.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://checksconnect.com/ => https://www.checksconnect.com/: (51, "SSL: no alternative certificate subject name matches target host name 'checksconnect.com'")
+Fetch error: http://app3.checksconnect.com/ => https://app3.checksconnect.com/: (7, 'Failed to connect to app3.checksconnect.com port 80: Connection refused')
+Fetch error: http://harland.com/ => https://www.ordermychecks.com/: (28, 'Connection timed out after 10000 milliseconds')
+Fetch error: http://www.harland.com/ => https://www.ordermychecks.com/: (28, 'Connection timed out after 10000 milliseconds')
+Fetch error: http://harland.net/ => https://www.ordermychecks.com/: (28, 'Connection timed out after 10000 milliseconds')
+Fetch error: http://branchprod.harland.net/ => https://branchprod.harland.net/: (7, 'Failed to connect to branchprod.harland.net port 80: Connection refused')
+Fetch error: http://www.harland.net/ => https://www.ordermychecks.com/: (28, 'Connection timed out after 10000 milliseconds')
+Fetch error: http://harlandforms.com/ => https://www.harlandforms.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.harlandforms.com/ => https://www.harlandforms.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://harlandclarkegiftcard.com/ => https://www.harlandclarkegiftcard.com/: (51, "SSL: no alternative certificate subject name matches target host name 'harlandclarkegiftcard.com'")
+Fetch error: http://harlandclarkewebsmart.com/ => https://www.harlandclarkewebsmart.com/: (28, 'Connection timed out after 10000 milliseconds')
+Fetch error: http://www.harlandclarkewebsmart.com/ => https://www.harlandclarkewebsmart.com/: (28, 'Connection timed out after 10000 milliseconds')
+-->
+<ruleset name="Harland Clarke" platform="mixedcontent" default_off="failed ruleset test">
 	<target host="checksconnect.com" />
+	<target host="app3.checksconnect.com" />
 	<target host="www.checksconnect.com" />
 	<target host="harland.com" />
 	<target host="member.harland.com" />
@@ -19,17 +40,24 @@
 	<target host="ordermychecks.com" />
 	<target host="www.ordermychecks.com" />
 
-	<exclusion pattern="^http://(www\.)?harlandclarke\.com/businessshop($|/)" />
-	<exclusion pattern="^http://(www\.)?harlandclarke\.com/bdocs2($|/)" />
+	<exclusion pattern="^http://(?:www\.)?harlandclarke\.com/businessshop(?:$|/)" />
+	<exclusion pattern="^http://(?:www\.)?harlandclarke\.com/bdocs2(?:$|/)" />
 
-	<securecookie host="(^|\.)checksconnect\.com$" name=".+" />
+	<securecookie host="(?:^|\.)checksconnect\.com$" name=".+" />
 	<securecookie host="^member\.harland\.com$" name=".+" />
-	<securecookie host="^(branchprod|vansso)\.harland\.net$" name=".+" />
-	<securecookie host="(^|\.)(harlandclarke(giftcard|websmart)|harlandforms|ordermychecks)\.com$" name=".+" />
+	<securecookie host="^(?:branchprod|vansso)\.harland\.net$" name=".+" />
+	<securecookie host="(?:^|\.)(?:harlandclarke(?:giftcard|websmart)|harlandforms|ordermychecks)\.com$" name=".+" />
 
-	<rule from="^(http://(www\.)?|(https://))checksconnect\.com/" to="https://www.checksconnect.com/" />
-	<rule from="^http://member\.harland\.com/" to="https://member.harland.com/" />
-	<rule from="^https?://(www\.)?harland\.(com|net)/?$" to="https://www.ordermychecks.com/" />
-	<rule from="^http://(branchprod|vansso)\.harland\.net/" to="https://$1.harland.net/" />
-	<rule from="^(http://(www\.)?|(https://))(harlandclarke(giftcard|websmart)?|harlandforms|ordermychecks)\.com/" to="https://www.$4.com/" />
+	<rule from="^http://(?:www\.)?checksconnect\.com/"
+			to="https://www.checksconnect.com/" />
+	<rule from="^http://app3\.checksconnect\.com/"
+			to="https://app3.checksconnect.com/" />
+	<rule from="^http://member\.harland\.com/"
+			to="https://member.harland.com/" />
+	<rule from="^http://(?:www\.)?harland\.(?:com|net)/?$"
+			to="https://www.ordermychecks.com/" />
+	<rule from="^http://(branchprod|vansso)\.harland\.net/"
+			to="https://$1.harland.net/" />
+	<rule from="^http://(www\.)?(harlandclarke(giftcard|websmart)?|harlandforms|ordermychecks)\.com/"
+			to="https://www.$2.com/" />
 </ruleset>
diff --git a/src/chrome/content/rules/Harman-International-Industries.xml b/src/chrome/content/rules/Harman-International-Industries.xml
deleted file mode 100644
index c0409b385129..000000000000
--- a/src/chrome/content/rules/Harman-International-Industries.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<ruleset name="Harman International Industries (partial)">
-
-	<!--	cert: shop.harman.com	-->
-	<target host="*.akg.com"/>
-		<!--	"professional" section hosted elsewhere	-->
-		<exclusion pattern="http://www\.akg\."/>
-	<target host="shop.harman.com"/>
-	<target host="www.shop.harman.com"/>
-	<target host="karmankardon.nl"/>
-	<target host="www.karmankardon.nl"/>
-	<target host="*.infinitysystems.com"/>
-
-	<!--	Files are the same	-->
-	<rule from="^http://(?:\w+\.(?:akg|infinitysystems)\.com|(?:www\.)?shop\.harman\.com|(?:www\.)?harmankardon\.nl)/(plugins|system|tl_files)/"
-		to="https://shop.harman.com/$1/"/>
-
-</ruleset>
-
diff --git a/src/chrome/content/rules/Harper_Reed.com.xml b/src/chrome/content/rules/Harper_Reed.com.xml
new file mode 100644
index 000000000000..ad139ac4adf7
--- /dev/null
+++ b/src/chrome/content/rules/Harper_Reed.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .harperreed.com
+
+-->
+<ruleset name="Harper Reed.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="harperreed.com" />
+	<target host="www.harperreed.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.harperreed\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Harrenmedianetwork.com.xml b/src/chrome/content/rules/Harrenmedianetwork.com.xml
deleted file mode 100644
index 7c30e3a0cbc2..000000000000
--- a/src/chrome/content/rules/Harrenmedianetwork.com.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	Problematic subdomains:
-
-		- ad	(mismatched, CN: ad.yieldmanager.com
-
--->
-<ruleset name="harrenmedianetwork.com">
-
-	<target host="ad.harrenmedianetwork.com" />
-
-
-	<rule from="^http://ad\.harrenmedianetwork\.com/"
-		to="https://ad.yieldmanager.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Harris-Interactive.xml b/src/chrome/content/rules/Harris-Interactive.xml
deleted file mode 100644
index e8a2509a7b6a..000000000000
--- a/src/chrome/content/rules/Harris-Interactive.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="Harris Interactive (partial)">
-
-	<target host="www1.pollg.com"/>
-
-	<rule from="^http://www1\.pollg\.com/"
-		to="https://www1.pollg.com/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Harris_Computer.com.xml b/src/chrome/content/rules/Harris_Computer.com.xml
deleted file mode 100644
index 6e996719251e..000000000000
--- a/src/chrome/content/rules/Harris_Computer.com.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<!--
-	Other Harris Compter rulesets:
-
-		- Copernic.com.xml
-
-
-	Nonfunctional subdomains:
-
-		- (www.)	(reset)
-		- www1		(dropped)
-
--->
-<ruleset name="Harris Computer.com (partial)">
-
-	<target host="*.harriscomputer.com" />
-
-
-	<securecookie host="^webmail\.harriscomputer\.com$" name=".+" />
-
-
-	<rule from="^http://(bonaventure|mail|webmail)\.harriscomputer\.com/"
-		to="https://$1.harriscomputer.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/HarryPotter.com.ua.xml b/src/chrome/content/rules/HarryPotter.com.ua.xml
new file mode 100644
index 000000000000..5658441e0aa2
--- /dev/null
+++ b/src/chrome/content/rules/HarryPotter.com.ua.xml
@@ -0,0 +1,8 @@
+<ruleset name="HarryPotter.com.ua">
+	<target host="harrypotter.com.ua" />
+	<target host="www.harrypotter.com.ua" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/HarryPotterFanFiction.com.xml b/src/chrome/content/rules/HarryPotterFanFiction.com.xml
new file mode 100644
index 000000000000..f8ee39a52878
--- /dev/null
+++ b/src/chrome/content/rules/HarryPotterFanFiction.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="HarryPotterFanFiction.com">
+	<target host="harrypotterfanfiction.com" />
+	<target host="www.harrypotterfanfiction.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/HarryPotterPlatform934.com.xml b/src/chrome/content/rules/HarryPotterPlatform934.com.xml
new file mode 100644
index 000000000000..f867d0e933c2
--- /dev/null
+++ b/src/chrome/content/rules/HarryPotterPlatform934.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="HarryPotterPlatform934.com">
+	<target host="harrypotterplatform934.com" />
+	<target host="www.harrypotterplatform934.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/HarryPotterSacredText.com.xml b/src/chrome/content/rules/HarryPotterSacredText.com.xml
new file mode 100644
index 000000000000..89bbab93c8cf
--- /dev/null
+++ b/src/chrome/content/rules/HarryPotterSacredText.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="HarryPotterSacredText.com">
+	<target host="harrypottersacredtext.com" />
+	<target host="www.harrypottersacredtext.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/HarryPotterThePlay.com.xml b/src/chrome/content/rules/HarryPotterThePlay.com.xml
new file mode 100644
index 000000000000..94fb1ccc18b8
--- /dev/null
+++ b/src/chrome/content/rules/HarryPotterThePlay.com.xml
@@ -0,0 +1,23 @@
+<!--
+	SSL protocol error:
+		- srvr
+
+	HTTP 404:
+		- us-srvr
+-->
+
+<ruleset name="HarryPotterThePlay.com">
+	<target host="harrypottertheplay.com" />
+	<target host="www.harrypottertheplay.com" />
+	<target host="global-srvr.harrypottertheplay.com" />
+	<target host="test.harrypottertheplay.com" />
+	<target host="uk-adminsrvr.harrypottertheplay.com" />
+	<target host="uk-countdown.harrypottertheplay.com" />
+	<target host="uk-srvr.harrypottertheplay.com" />
+	<target host="us-adminsrvr.harrypottertheplay.com" />
+	<target host="us-countdown.harrypottertheplay.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Harry_S_Truman_Library_and_Museum.xml b/src/chrome/content/rules/Harry_S_Truman_Library_and_Museum.xml
deleted file mode 100644
index 7bb708e7abf3..000000000000
--- a/src/chrome/content/rules/Harry_S_Truman_Library_and_Museum.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	For other U.S. government coverage, see US-government.xml.
-
--->
-<ruleset name="Harry S Truman Library and Museum">
-
-	<target host="trumanlibrary.org" />
-	<target host="www.trumanlibrary.org" />
-
-
-	<rule from="^https?://(?:www\.)?trumanlibrary\.org/"
-		to="https://www.trumanlibrary.org/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Hart_voor_Internetvrijheid.nl.xml b/src/chrome/content/rules/Hart_voor_Internetvrijheid.nl.xml
new file mode 100644
index 000000000000..e625eda2aa52
--- /dev/null
+++ b/src/chrome/content/rules/Hart_voor_Internetvrijheid.nl.xml
@@ -0,0 +1,14 @@
+<!--
+Automatically by https-everywhere-checker because:
+Fetch error: http://hartvoorinternetvrijheid.nl/ => https://hartvoorinternetvrijheid.nl/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.hartvoorinternetvrijheid.nl/ => https://www.hartvoorinternetvrijheid.nl/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+-->
+<ruleset name="Hart voor Internetvrijheid.nl">
+
+	<target host="hartvoorinternetvrijheid.nl" />
+	<target host="www.hartvoorinternetvrijheid.nl" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Hartware.de.xml b/src/chrome/content/rules/Hartware.de.xml
new file mode 100644
index 000000000000..7d737c21b631
--- /dev/null
+++ b/src/chrome/content/rules/Hartware.de.xml
@@ -0,0 +1,4 @@
+<ruleset name="Hartware.de">
+<target host="www.hartware.de" />
+<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Hartwork-Project-mismatches.xml b/src/chrome/content/rules/Hartwork-Project-mismatches.xml
deleted file mode 100644
index ad131718e4f9..000000000000
--- a/src/chrome/content/rules/Hartwork-Project-mismatches.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	For rules that are on by default, see Hartwork-Project.xml.
-
--->
-<ruleset name="Hartwork Project (mismatches)" default_off="mismatch, self-signed" platform="cacert">
-
-	<target host="binera.de" />
-	<target host="www.binera.de" />
-	<target host="hartwork.de" />
-	<target host="www.hartwork.de" />
-
-
-	<securecookie host="^hartwork\.de$" name=".*" />
-
-	<!--
-		- binera.de cert: webserver.ispgateway.de
-		- hartwork.de cert: goodpoint.de
-		- binera redirects to hartwork
-			-->
-	<rule from="^https?://(?:www\.)?(?:binera|hartwork)\.de/"
-		to="https://hartwork.de/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Hartwork-Project.xml b/src/chrome/content/rules/Hartwork-Project.xml
index fed2c2b7a862..cacdd496ec9f 100644
--- a/src/chrome/content/rules/Hartwork-Project.xml
+++ b/src/chrome/content/rules/Hartwork-Project.xml
@@ -1,16 +1,14 @@
-<!--
-	For problematic rules, see Hartwork-Project-mismatches.xml.
-
--->
-<ruleset name="Hartwork Project (partial)">
+<ruleset name="Hartwork.org">
 
+	<target host=     "hartwork.org" />
+	<target host= "www.hartwork.org" />
 	<target host="blog.hartwork.org" />
+	<target host=    "binera.de" />
+	<target host="www.binera.de" />
 
+	<securecookie host="^blog\.hartwork\.org$" name=".+" />
 
-	<securecookie host="^blog\.hartwork\.org$" name=".*" />
-
-
-	<rule from="^http://blog\.hartwork\.org/"
-		to="https://blog.hartwork.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Harvard-University-expired.xml b/src/chrome/content/rules/Harvard-University-expired.xml
index 14739b34c674..c5391baec20c 100644
--- a/src/chrome/content/rules/Harvard-University-expired.xml
+++ b/src/chrome/content/rules/Harvard-University-expired.xml
@@ -2,13 +2,18 @@
 	For rules that are on by default, see Harvard-University.xml.
 
 -->
-<ruleset name="Harvard University (expired)" default_off="expired, self-signed">
+<ruleset name="Harvard.edu (problematic)" default_off="mismatched, cert-chain">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="pngu.mgh.harvard.edu" />
-	<target host="yuba.harvard.edu" />
+	<target host="read.seas.harvard.edu" />
 
 
-	<rule from="^http://(pngu\.mgh|yuba)\.harvard\.edu/"
-		to="https://$1.harvard.edu/" />
+	<securecookie host=".+" name=".+" />
 
-</ruleset>
\ No newline at end of file
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Harvard-University.xml b/src/chrome/content/rules/Harvard-University.xml
index 6a56bcbb16e6..42afab5d4171 100644
--- a/src/chrome/content/rules/Harvard-University.xml
+++ b/src/chrome/content/rules/Harvard-University.xml
@@ -1,98 +1,296 @@
 <!--
-	For problematic rules, see Harvard-University-expired.xml.
+	Harvard University
 
+	For problematic rules, see Harvard-University-expired.xml.
 
-	Nonfunctional subdomains:
+	Nonfunctional hosts in *harvard.edu:
 
-		- (www.) *
-		- absabs
-		- astroart.cfa *
-		- chandra *
+		- absabs ᵈ
+		- ads ᵈ
+		- cda ᵈ
+		- astroart.cfa ᵈ
+		- cxc.cfa ᵇ
+		- chandra ᵈ
 		- cleanslate		(redirects to cleanslate-stanford-edu.360designstudio.net; mismatched, CN: *.bluehost.com)
-		- news *
+		- cxc ᵇ
+		- dash ᵈ
+		- statuspage.rc.fas ⁴
+		- (www.)?hks ⁴
+		- icxc ᵇ
+		- hbdm.hbsp ᵈ
+		- belfercenter.ksg ⁴
+		- myads ᵈ
+		- news ᵈ
+		- secure.post ᵈ
 		- reference.pin		(reused_issuer_and_serial)
-		- people.seas *
-		- worldmap *
+		- post ᵈ
+		- mirrors.seas ⁴
+		- people.seas ᵈ
+		- thestorymap ⁴
+		- worldmap ᵈ
+		- www.wjh ⁴
 
-	* Times out
+	ᵇ Shows default page
+	ᵈ Times out
+	⁴ Refused
 
 
-	Problematic subdomains:
+	Problematic hosts in *harvard.edu:
 
+		- alumni *	(Expired)
 		- berkman *
+		- campaign	(Cloudfront)
+		- cbmi.catalyst	(Mixed css)
+		- downloads		(Missing certificate chain)
+		- employment		(Shows static.fas)
+		- www.rc.fas *
 		- hsph
+		- services.huit		(Mismatched, CN: *.devcloud.acquia-sites.com)
+		- ksgexecprogram	(Refused)
 		- www.cyber.law *
 		- eon.law	(shows adam.law, mismatched, CN: adam.law.harvard.edu)
 		- pin *
 		- www.pin	($ redirects to http)
+		- www.pin1	($ redirects www.pin)
 		- pngu.mgh	(expired)
 		- saas **
+		- read.seas	(Self-signed)
+		- trademark		(Mismatched, CN: hwp.harvard.edu)
 		- yuba			(works; expired 2008-04-16, CN: localhost.localdomain)
+		- www		cloudfront
+		- media.www	*
+		- wyss ᶜ
 
+	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
 	* Mismatched
 	** Cert only matches www.saas
 
 
-	Partially covered subdomains:
+	Partially covered hosts in *harvard.edu:
 
+		- accessibility *
+		- cbmi.catalyst	(Avoiding broken MCB)
 		- www.cfa *	(image_archive/ 404s)
+		- cqh *
+		- economics *
+		- pearson.eps *
+		- astronomy.fas *
+		- hr *
+		- huit *
+		- static.hwpi *
+		- static.projects.iq *
+		- psr.iq *
 		- isites *
 
-	* At least some pages redirect to http
-
-
-	Fully covered subdomains:
+		- computefest.seas *
+		- iacs.seas *
+		- robobees.seas *
 
-		- (www.)berkman
-		- (www.)hsph		(^ → www)
-		- login.icommons
+		- shanghaicenter *
+		- (www.)?trademark *	(www → ^)
+		- (www.)wcfia *
+		- programs.wcfia *
 
-		- law subdomains:
-
-			- adam *
-			- blogs *
-			- (www.)cyber
-			- eon *		(→ cyber.law.harvard.edu)
-
-		- www.pin1
-		- (www.)saas		(^ → www)
+	* At least some pages redirect to http
 
-	* www.foo doesn't exist
 
+	Insecure cookies are set for these domains and hosts: ᶜ
 
-	Targets solely for wildcard cookies:
+		- community.alumni.harvard.edu
+		- connects.catalyst.harvard.edu
+		- rc.fas.harvard.edu
+		- account.rc.fas.harvard.edu
+		- downloads.rc.fas.harvard.edu
+		- odybot.rc.fas.harvard.edu
+		- .hul.harvard.edu
+		- orgs.law.harvard.edu
+		- secure.post.harvard.edu
 
-		- *.cyber.law.harvard.edu
+	ᶜ See https://owasp.org/index.php/SecureFlag
 
 
 	Mixed content:
 
+		- css on cbmi.catalyst from catalyst ¹
+		- Images on osc.hul from $self ¹
 		- Image on www.saas from seasdev.prod.acquia-sites.com *
 
+	¹ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 	* Doesn't trip MCB
 
 -->
-<ruleset name="Harvard University (partial)">
+<ruleset name="Harvard.edu (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="accessibility.harvard.edu" />
+	<target host="ui.adsabs.harvard.edu" />
+	<target host="community.alumni.harvard.edu" />
+	<target host="blogs.harvard.edu" />
+	<target host="www.berkman.harvard.edu" />
+
+	<target host="catalyst.harvard.edu" />
+	<target host="cbmi.catalyst.harvard.edu" />
+	<target host="connects.catalyst.harvard.edu" />
+
+	<target host="www.cfa.harvard.edu" />
+	<target host="cqh.harvard.edu" />
+	<target host="economics.harvard.edu" />
+	<target host="pearson.eps.harvard.edu" />
+
+	<target host="astronomy.fas.harvard.edu" />
+	<target host="downloads.fas.harvard.edu" />
+	<target host="rc.fas.harvard.edu" />
+	<target host="downloads.rc.fas.harvard.edu" />
+	<target host="static.fas.harvard.edu" />
+
+	<target host="exed.hks.harvard.edu" />
+	<target host="knet.hks.harvard.edu" />
+	<target host="research.hks.harvard.edu" />
+
+	<target host="hr.harvard.edu" />
+	<target host="www.hsph.harvard.edu" />
+	<target host="huevents.harvard.edu" />
+	<target host="huit.harvard.edu" />
+	<target host="intranet.huit.harvard.edu" />
+	<target host="osc.hul.harvard.edu" />
+	<target host="static.hwpi.harvard.edu" />
+	<target host="login.icommons.harvard.edu" />
+
+	<target host="projects.iq.harvard.edu" />
+	<target host="static.projects.iq.harvard.edu" />
+	<target host="psr.iq.harvard.edu" />
+
+	<target host="isites.harvard.edu" />
+
+	<target host="adam.law.harvard.edu" />
+	<target host="blogs.law.harvard.edu" />
+	<target host="cyber.law.harvard.edu" />
+
+	<target host="computefest.seas.harvard.edu" />
+	<target host="iacs.seas.harvard.edu" />
+	<target host="micro.seas.harvard.edu" />
+	<target host="robobees.seas.harvard.edu" />
+
+	<target host="shanghaicenter.harvard.edu" />
+	<target host="trademark.harvard.edu" />
+	<target host="wcfia.harvard.edu" />
+	<target host="programs.wcfia.harvard.edu" />
+	<target host="www.wcfia.harvard.edu" />
+	<target host="wyss.harvard.edu" />
+
+	<!--	Complications:
+				-->
+	<target host="berkman.harvard.edu" />
+	<target host="employment.harvard.edu" />
+	<target host="www.rc.fas.harvard.edu" />
+	<target host="hsph.harvard.edu" />
+	<target host="www.fas.harvard.edu" />
+	<target host="ksgexecprogram.harvard.edu" />
+
+	<target host="www.cyber.law.harvard.edu" />
+	<target host="eon.law.harvard.edu" />
+	<target host="orgs.law.harvard.edu" />
+
+	<target host="www.trademark.harvard.edu" />
+
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://(?:accessibility|cqh|economics|astronomy\.fas|hr|huit|static\.hwpi|(?:projects|static\.projects|psr)\.iq|onecampus|(?:computefest|iacs|robobees)\.seas|shanghaicenter|trademark|(?:(?:programs|www)\.)?wcfia)\.harvard\.edu/+(?!favicon\.ico|files/|modules/|profiles/|sites/|user(?:$|\?))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://accessibility.harvard.edu/user/password" />
+			<test url="http://cqh.harvard.edu/user/password" />
+			<test url="http://economics.harvard.edu/user/password" />
+			<test url="http://astronomy.fas.harvard.edu/user/password" />
+			<test url="http://hr.harvard.edu/jobs" />
+			<test url="http://huit.harvard.edu/user/password" />
+			<test url="http://static.hwpi.harvard.edu/user/password" />
+			<test url="http://projects.iq.harvard.edu/user/password" />
+			<test url="http://static.projects.iq.harvard.edu/user/password" />
+			<test url="http://psr.iq.harvard.edu/user/password" />
+			<test url="http://shanghaicenter.harvard.edu/user/password" />
+
+			<!--	-ve:
+					-->
+			<test url="http://astronomy.fas.harvard.edu/favicon.ico" />
+			<test url="http://astronomy.fas.harvard.edu/profiles/openscholar/themes/hwpi_basetheme/images/hwpi_basesprite.png" />
+			<test url="http://astronomy.fas.harvard.edu/sites/projects.iq.harvard.edu/files/subtheme/github.com/ebiewener/Astronomy/css/astronomy.css" />
+			<test url="http://shanghaicenter.harvard.edu/favicon.ico" />
+			<test url="http://shanghaicenter.harvard.edu/profiles/openscholar/themes/hwpi_modern/images/footer-top-gradient.png" />
+
+		<!--	Avoid broken MCB:
+						-->
+		<exclusion pattern="^http://cbmi\.catalyst\.harvard\.edu/(?!formsJsf/javax\.faces\.resource/|formsJsf/resources/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://cbmi.catalyst.harvard.edu/cores/" />
+			<test url="http://cbmi.catalyst.harvard.edu/cores/cat/core.html?core_id=&amp;uri_id=&amp;category_id=&amp;navMode=cat" />
 
-	<target host="*.harvard.edu" />
-		<!--exclusion pattern="^http://www\.cfa\.harvard\.edu/(?!common/)" /-->
 		<exclusion pattern="^http://www\.cfa\.harvard\.edu/image_archive/" />
-		<exclusion pattern="^http://isites\.harvard\.edu/(?!favicon\.ico|[fj]s/|icb/calendar/themes/|icb/[\w-]\.css)" />
 
+			<!--	+ve:
+					-->
+			<test url="http://www.cfa.harvard.edu/image_archive/" />
+
+		<!--	Redirects to http:
+						-->
+		<exclusion pattern="^http://pearson\.eps\.harvard\.edu/+(?!favicon\.ico|misc/)" />
 
-	<securecookie host="^(?:login\.icommons|.*\.law|www\.pin1|www\.seas)\.harvard\.edu$" name=".+" />
+			<!--	+ve:
+					-->
+			<test url="http://pearson.eps.harvard.edu/pages/graduate-students" />
+			<test url="http://pearson.eps.harvard.edu/people" />
+			<test url="http://pearson.eps.harvard.edu/people/stephanie-kusch" />
 
+			<!--	-ve:
+					-->
+			<test url="http://pearson.eps.harvard.edu/favicon.ico" />
 
-	<rule from="^http://www\.pin\.harvard\.edu/(?:$|\?.*)"
-		to="https://www.pin.harvard.edu/home.shtml" />
+		<exclusion pattern="^http://isites\.harvard\.edu/+(?!favicon\.ico|[fj]s/|icb/calendar/themes/|icb/[\w-]\.css)" />
 
-	<rule from="^http://(?:www\.)?(berkman|hsph|pin|saas)\.harvard\.edu/"
+			<!--	+ve:
+					-->
+			<test url="http://isites.harvard.edu/course/colgsas-5243" />
+			<test url="http://isites.harvard.edu/hgse_pngt" />
+			<test url="http://isites.harvard.edu/icb/icb.do?keyword=" />
+			<test url="http://isites.harvard.edu/policypath" />
+			<test url="http://isites.harvard.edu/understandings_of_consequence" />
+
+			<!--	+ve:
+					-->
+			<test url="http://isites.harvard.edu/favicon.ico" />
+
+	<securecookie host="^(?:community\.alumni|connects\.catalyst|rc\.fas|\w.*\.rc\.fas|login\.icommons|.*\.law|www\|secure\.post|www\.seas)\.harvard\.edu$" name=".+" />
+
+
+	<rule from="^http://(berkman|hsph)\.harvard\.edu/"
 		to="https://www.$1.harvard.edu/" />
 
-	<rule from="^http://(www\.cfa|login\.icommons|isites|adam\.law|blogs\.law|www\.pin1)\.harvard\.edu/"
+	<!--	Redirect drops path but not args:
+							-->
+	<rule from="^http://employment\.harvard\.edu/[^?]*"
+		to="https://hr.harvard.edu/jobs/" />
+
+		<test url="http://employment.harvard.edu/home" />
+
+	<rule from="^http://www\.(rc\.fas|trademark)\.harvard\.edu/"
 		to="https://$1.harvard.edu/" />
 
-	<rule from="^http://(?:www\.)?(?:cyber|eon)\.law\.harvard\.edu/"
+	<!--	Redirect keeps path and args:
+						-->
+	<rule from="^http://ksgexecprogram\.harvard\.edu/+"
+		to="https://exed.hks.harvard.edu/" />
+
+		<test url="http://ksgexecprogram.harvard.edu//" />
+
+	<rule from="^http://(?:www\.cyber|eon)\.law\.harvard\.edu/"
 		to="https://cyber.law.harvard.edu/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Harvard_Pilgrim.org.xml b/src/chrome/content/rules/Harvard_Pilgrim.org.xml
new file mode 100644
index 000000000000..cd4fb9a20760
--- /dev/null
+++ b/src/chrome/content/rules/Harvard_Pilgrim.org.xml
@@ -0,0 +1,13 @@
+<!--
+	^: cert only matches www
+
+-->
+<ruleset name="Harvard Pilgrim.org (partial)">
+
+	<target host="harvardpilgrim.org" />
+	<target host="www.harvardpilgrim.org" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/HasOffers.xml b/src/chrome/content/rules/HasOffers.xml
index 4c49f34af7a0..845847ff4a6b 100644
--- a/src/chrome/content/rules/HasOffers.xml
+++ b/src/chrome/content/rules/HasOffers.xml
@@ -1,23 +1,77 @@
 <!--
-	Problematic domains:
+	For other Tune coverage, see tune.com.xml.
 
-		- media.hasoffers.com	(404; mismatched, CN: gp1.wac.edgecastcdn.net)
 
+	CDN buckets:
+
+		- ho-websites.s3.amazonaws.com
+
+
+	Nonfunctional hosts in *hasoffers.com:
+
+		- developers ᵈ
+		- media ⁴
+		- status ᵈ
+		- www ʰ
+
+	⁴ 404; mismatched, CN: gp1.wac.edgecastcdn.net
+	ᵈ Dropped
+	ʰ Redirects to http
+
+
+	Problematic hosts in *hasoffers.com:
+
+		- support ᵐ
+
+	ᵐ Mismatched
+
+
+	These altnames do not exist:
+
+		- www.media.go2app.org
+
+
+	Insecure cookies are set for these domains: ᶜ
+
+		- .signup.hasoffers.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
 <ruleset name="HasOffers (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="media.go2app.org" />
+
+	<!--target host="hasoffers.com" /-->
 	<target host="signup.hasoffers.com" />
 
+		<test url="http://media.go2app.org/assets/images/search-icon.png" />
+
+	<!--	Complications:
+				-->
+	<target host="support.hasoffers.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.signup\.hasoffers\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\.signup\." name=".+" />
+	<securecookie host="^\w" name=".+" />
 
-	<securecookie host="^signup\.hasoffers\.com$" name=".+" />
 
+	<!--	Redirect keeps path and args,
+		but not forward slash:
+					-->
+	<rule from="^http://support\.hasoffers\.com/+"
+		to="https://help.tune.com/" />
 
-	<rule from="^http://media\.go2app\.org/"
-		to="https://media.go2app.org/" />
+		<test url="http://support.hasoffers.com/index.htm" />
 
-	<rule from="^http://signup\.hasoffers\.com/"
-		to="https://signup.hasoffers.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Haschek.at.xml b/src/chrome/content/rules/Haschek.at.xml
new file mode 100644
index 000000000000..bcf32b21d92e
--- /dev/null
+++ b/src/chrome/content/rules/Haschek.at.xml
@@ -0,0 +1,18 @@
+<!--
+	Nonfunctional subdomains:
+
+		- (www.)? ¹
+		- christian ²
+
+	¹ Dropped
+	² Shows lite.socialcube.net
+
+-->
+<ruleset name="Haschek.at (partial)">
+
+	<target host="blog.haschek.at" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/HashTalk.org.xml b/src/chrome/content/rules/HashTalk.org.xml
new file mode 100644
index 000000000000..9304079ec2ff
--- /dev/null
+++ b/src/chrome/content/rules/HashTalk.org.xml
@@ -0,0 +1,10 @@
+<ruleset name="HashTalk.org">
+
+	<target host="hashtalk.org" />
+	<target host="www.hashtalk.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Hashbang.ca.xml b/src/chrome/content/rules/Hashbang.ca.xml
new file mode 100644
index 000000000000..816a85d4835f
--- /dev/null
+++ b/src/chrome/content/rules/Hashbang.ca.xml
@@ -0,0 +1,15 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.hashbang.ca/ => https://www.hashbang.ca/: (51, "SSL: no alternative certificate subject name matches target host name 'www.hashbang.ca'")
+
+-->
+<ruleset name="Hashbang.ca" default_off="failed ruleset test">
+
+	<target host="hashbang.ca" />
+	<target host="www.hashbang.ca" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Hashcat.xml b/src/chrome/content/rules/Hashcat.xml
deleted file mode 100644
index d8638e45769c..000000000000
--- a/src/chrome/content/rules/Hashcat.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<ruleset name="Hashcat">
-
-	<target host="hashcat.net" />
-	<target host="www.hashcat.net" />
-
-
-	<securecookie host="^hashcat\.net$" name=".*" />
-
-
-	<!--	Cert only matches ^hashcat.net.
-						-->
-	<rule from="^https?://(?:www\.)?hashcat\.net/"
-		to="https://hashcat.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Hashnest.com.xml b/src/chrome/content/rules/Hashnest.com.xml
new file mode 100644
index 000000000000..b064474ff3c7
--- /dev/null
+++ b/src/chrome/content/rules/Hashnest.com.xml
@@ -0,0 +1,19 @@
+<!--
+	For other Bitmain Tech coverage, see Bitmain_Tech.com.xml.
+
+-->
+<ruleset name="Hashnest.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="hashnest.com" />
+	<target host="www.hashnest.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Haskell.org.xml b/src/chrome/content/rules/Haskell.org.xml
index 628f30742299..c2f028a3a6af 100644
--- a/src/chrome/content/rules/Haskell.org.xml
+++ b/src/chrome/content/rules/Haskell.org.xml
@@ -1,21 +1,66 @@
 <!--
+	Nonfunctional hosts in *haskell.org:
+
+		- code *
+		- community *
+		- industry *
+		- projects *
+
+	* Refused
+
+
+	Problematic hosts in *haskell.org:
+
+		- darcs ¹
+
+	¹ Expired 2014-10-15
+
+
 	Mixed content:
 
-		- Images, on www:
+		- Images, on:
 
-			- from (www.) *
-			- i.imgur.com *
+			- wiki from ^haskell.org *
+			- wiki from i.imgur.com *
 
 	* Secured by us
 
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .haskell.org
+		- www.haskell.org
+
 -->
 <ruleset name="Haskell.org (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="haskell.org" />
-	<target host="*.haskell.org" />
+	<target host="blog.haskell.org" />
+	<target host="downloads.haskell.org" />
+	<target host="ghc.haskell.org" />
+	<target host="git.haskell.org" />
+	<target host="hackage.haskell.org" />
+	<target host="mail.haskell.org" />
+	<target host="monitor.haskell.org" />
+	<target host="phabricator.haskell.org" />
+	<target host="planet.haskell.org" />
+	<target host="status.haskell.org" />
+	<target host="wiki.haskell.org" />
+	<target host="www.haskell.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.haskell\.org$" name="^(__cfduid|cf_clearance)$" /-->
+	<!--securecookie host="^www\.haskell\.org$" name="^_SESSION$" /-->
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^http://(hackage\.|www\.)?haskell\.org/"
-		to="https://$1haskell.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Haskoin.com.xml b/src/chrome/content/rules/Haskoin.com.xml
new file mode 100644
index 000000000000..3351c2bb4ade
--- /dev/null
+++ b/src/chrome/content/rules/Haskoin.com.xml
@@ -0,0 +1,27 @@
+<!--
+	(www.)?haskoin.com: Refused
+
+-->
+<ruleset name="Haskoin.com">
+
+	<!--	Complications:
+				-->
+	<target host="haskoin.com" />
+	<target host="www.haskoin.com" />
+
+
+	<!--	Redirect prepends path:
+					-->
+	<rule from="^http://(?:www\.)?haskoin\.com/+([^?]+)"
+		to="https://github.com/$1/haskoin" />
+
+		<test url="http://www.haskoin.com/index.html" />
+
+	<!--	Redirect keeps args but not forward slash:
+							-->
+	<rule from="^http://(?:www\.)?haskoin\.com/+"
+		to="https://github.com/haskoin" />
+
+		<test url="http://www.haskoin.com//?foo" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Hass.de.xml b/src/chrome/content/rules/Hass.de.xml
new file mode 100644
index 000000000000..500da2f9cb98
--- /dev/null
+++ b/src/chrome/content/rules/Hass.de.xml
@@ -0,0 +1,12 @@
+<ruleset name="Hass.de">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="hass.de" />
+	<target host="www.hass.de" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Haste.ch.xml b/src/chrome/content/rules/Haste.ch.xml
deleted file mode 100644
index 719c3ea9b1e5..000000000000
--- a/src/chrome/content/rules/Haste.ch.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!-- This rule was automatically generated based on an HSTS
-     preload rule in the Chromium browser.  See
-     https://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.h
-     for the list of preloads.  Sites are added to the Chromium HSTS
-     preload list on request from their administrators, so HTTPS should
-     work properly everywhere on this site.
-
-     Because Chromium and derived browsers automatically force HTTPS for
-     every access to this site, this rule applies only to Firefox. -->
-<ruleset name="Haste.ch" platform="firefox">
-<target host="haste.ch" />
-
-<securecookie host="^haste\.ch$" name=".+" />
-
-<rule from="^http://haste\.ch/" to="https://haste.ch/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Hastexo.com.xml b/src/chrome/content/rules/Hastexo.com.xml
index f1866bba8bc0..21a78e1e22fe 100644
--- a/src/chrome/content/rules/Hastexo.com.xml
+++ b/src/chrome/content/rules/Hastexo.com.xml
@@ -1,13 +1,12 @@
 <ruleset name="hastexo.com">
 
 	<target host="hastexo.com" />
-	<target host="*.hastexo.com" />
+	<target host="www.hastexo.com" />
 
 
 	<securecookie host="^(?:www)?\.hastexo\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?hastexo\.com/"
-		to="https://$1hastexo.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Hastings.gov.uk.xml b/src/chrome/content/rules/Hastings.gov.uk.xml
new file mode 100644
index 000000000000..2ccb477b9c79
--- /dev/null
+++ b/src/chrome/content/rules/Hastings.gov.uk.xml
@@ -0,0 +1,40 @@
+<!--
+	Hastings Borough Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *hastings.gov.uk:
+
+		- publicaccess ᵈ
+		- webforms ⁴
+
+	⁴ 404
+	ᵈ Dropped
+
+
+	Insecure cookies are set for these hosts:
+
+		- hastings.gov.uk
+		- www.hastings.gov.uk
+
+-->
+<ruleset name="Hastings.gov.uk (partial)">
+
+	<target host="hastings.gov.uk" />
+	<target host="my.hastings.gov.uk" />
+	<target host="parking.hastings.gov.uk" />
+	<target host="www.hastings.gov.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?hastings\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Hastrk1.com.xml b/src/chrome/content/rules/Hastrk1.com.xml
new file mode 100644
index 000000000000..5c05c6fc203b
--- /dev/null
+++ b/src/chrome/content/rules/Hastrk1.com.xml
@@ -0,0 +1,16 @@
+<ruleset name="hastrk1.com">
+
+	<target host="hastrk1.com" />
+	<target host="www.hastrk1.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="hastrk1\.com" name="^\d+_\d+_[0-9a-f]{32}$" /-->
+
+	<securecookie host="hastrk1\.com" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Hastrk3.com.xml b/src/chrome/content/rules/Hastrk3.com.xml
new file mode 100644
index 000000000000..2ad8cdcb8aae
--- /dev/null
+++ b/src/chrome/content/rules/Hastrk3.com.xml
@@ -0,0 +1,24 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- hastrk3.com
+
+-->
+<ruleset name="hastrk3.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="hastrk3.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^hastrk3\.com$" name="^(?:\d_){2}_[\da-f]{32}$" /-->
+
+	<securecookie host="^hastrk3\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Hatatorium.xml b/src/chrome/content/rules/Hatatorium.xml
index 2d78ec4be190..e8ef3d4f5270 100644
--- a/src/chrome/content/rules/Hatatorium.xml
+++ b/src/chrome/content/rules/Hatatorium.xml
@@ -1,10 +1,19 @@
-<ruleset name="Hatatorium">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://hatatorium.com/ => https://hatatorium.com/: (51, "SSL: no alternative certificate subject name matches target host name 'hatatorium.com'")
+Fetch error: http://www.hatatorium.com/ => https://www.hatatorium.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.hatatorium.com'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://hatatorium.com/ => https://hatatorium.com/: (35, 'error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol')
+Fetch error: http://www.hatatorium.com/ => https://www.hatatorium.com/: (35, 'error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol')
+-->
+<ruleset name="Hatatorium" default_off="failed ruleset test">
 
 	<target host="hatatorium.com" />
 	<target host="www.hatatorium.com" />
 
 
-	<rule from="^http://(www\.)?hatatorium\.com/"
-		to="https://$1hatatorium.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Hatena.xml b/src/chrome/content/rules/Hatena.xml
index 5291baacfb9a..51f6696cc7c3 100644
--- a/src/chrome/content/rules/Hatena.xml
+++ b/src/chrome/content/rules/Hatena.xml
@@ -15,10 +15,13 @@
 
 	Nonfunctional domains:
 
+		- counter.hatena.ne.jp ¹
+		- r.hatena.ne.jp ¹
 		- cdn.b.st-hatena.com *
 		- cdn-ak.b.st-hatena.com *
 		- cdn-ak.favicon.st-hatena.com	(works, akamai)
 
+	¹ Refused
 	* 503, akamai
 
 
@@ -50,24 +53,39 @@
 -->
 <ruleset name="Hatena (partial)">
 
-	<target host="hatena.ne.jp" />
-	<target host="*.hatena.ne.jp" />
-	<target host="*.st-hatena.com" />
+	<target host="www.hatena.ne.jp" />
+	<target host="cdn.api.b.hatena.ne.jp" />
+	<target host="b.st-hatena.com" />
+	<target host="d.st-hatena.com" />
+	<target host="www.st-hatena.com" />
+	<target host="cdn.www.st-hatena.com" />
 
+	<!--	Not secured by server:			-->
+	<!--securecookie host="^\.hatena\.ne\.jp$" name="^b$" /-->
+	<!--securecookie host="^\.hatena\.ne\.jp$" name=".+" /-->
 
-	<rule from="^http://(?:www\.)?hatena\.ne\.jp/(css/|images/|login(?:$|\?|/)|statics/)"
+
+	<rule from="^http://www\.hatena\.ne\.jp/(css/|images/|login($|\?|/)|statics/)"
 		to="https://www.hatena.ne.jp/$1" />
 
-	<rule from="^http://(b|d)\.(?:hatena\.ne\.jp|st-hatena\.com)/images/"
+		<test url="http://www.hatena.ne.jp/css/" />
+		<test url="http://www.hatena.ne.jp/images/" />
+		<test url="http://www.hatena.ne.jp/login/" />
+		<test url="http://www.hatena.ne.jp/login?" />
+		<test url="http://www.hatena.ne.jp/login" />
+		<test url="http://www.hatena.ne.jp/statics/" />
+
+	<rule from="^http://(b|d)\.st-hatena\.com/images/"
 		to="https://$1.hatena.ne.jp/images/" />
 
-	<rule from="^http://cdn-ak\.favicon\.st-hetena\.com/"
-		to="https://a248.e.akamai.net/m/336/3102/4/cdn-ak.favicon.st-hatena.com/" />
+		<test url="http://b.st-hatena.com/images/" />
+		<test url="http://d.st-hatena.com/images/" />
 
-	<rule from="^http://(?:cdn\.)?www\.st-hatena\.com/"
+	<rule from="^http://(cdn\.)?www\.st-hatena\.com/"
 		to="https://www.hatena.ne.jp/" />
 
-	<rule from="^http://cdn1\.www\.st-hatena\.com/"
-		to="https://a248.e.akamai.net/f/1075/6343/5/cdn1.www.st-hatena.com/" />
+	<rule from="^http://cdn\.api\.b\.hatena\.ne\.jp/"
+		to="https://cdn.api.b.hatena.ne.jp/" />
+
 
 </ruleset>
diff --git a/src/chrome/content/rules/HathiTrust-Digital-Library.xml b/src/chrome/content/rules/HathiTrust-Digital-Library.xml
new file mode 100644
index 000000000000..580ce3b15e17
--- /dev/null
+++ b/src/chrome/content/rules/HathiTrust-Digital-Library.xml
@@ -0,0 +1,25 @@
+<!--
+
+	Unsupported domains:
+
+	- ^hathitrust.org	(cert name mismatch)
+
+-->
+<ruleset name="HathiTrust Digital Library">
+
+	<target host="hathitrust.org" />
+	<target host="analytics.hathitrust.org" />
+	<target host="babel.hathitrust.org" />
+	<target host="catalog.hathitrust.org" />
+	<target host="m.hathitrust.org" />
+	<target host="www.hathitrust.org" />
+
+	<securecookie host="^(analytics|babel|catalog|www)\.hathitrust\.org$" name=".+" />
+	<securecookie host="^(\.)?m\.hathitrust\.org$" name=".+" />
+
+	<rule from="^http://hathitrust\.org/"
+		to="https://www.hathitrust.org/" />
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Hauke-m.de.xml b/src/chrome/content/rules/Hauke-m.de.xml
new file mode 100644
index 000000000000..c40efd58b8c7
--- /dev/null
+++ b/src/chrome/content/rules/Hauke-m.de.xml
@@ -0,0 +1,9 @@
+<ruleset name="Hauke-m.de">
+
+	<target host="hauke-m.de" />
+        <target host="www.hauke-m.de" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Hauke.xml b/src/chrome/content/rules/Hauke.xml
deleted file mode 100644
index 713e0a8c4664..000000000000
--- a/src/chrome/content/rules/Hauke.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	*.hauke-m.de , trakehner-nord-west.de , *.trakehner-nord-west.de , reethus-adeline.de , *.reethus-adeline.de , fewo-mehrtens.de , *.fewo-mehrtens.de  
-
-
-	Nonfunctional subdomains:
-
-		- $	(cert: *.hauke-m.de; redirects to horde)
-		- ww	(redirects to horde)
-		- www	(ditto)
-
--->
-<ruleset name="Hauke" platform="cacert mixedcontent">
-
-	<target host="horde.hauke-m.de" />
-	<!--	* for cross-domain cookies.	-->
-	<target host="*.horde.hauke-m.de" />
-
-
-	<securecookie host="^\.horde\.hauke-m\.de$" name=".*" />
-
-
-	<rule from="^http://horde\.hauke-m\.de/"
-		to="https://horde.hauke-m.de/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/HauteLook.com.xml b/src/chrome/content/rules/HauteLook.com.xml
new file mode 100644
index 000000000000..fa8df15de885
--- /dev/null
+++ b/src/chrome/content/rules/HauteLook.com.xml
@@ -0,0 +1,28 @@
+<!--
+	For other Nordstrom Rack coverage, see Nordstrom_Rack.com.xml.
+
+
+	Insecure cookies are set for these domains:
+
+		- .hautelook.com
+
+-->
+<ruleset name="HauteLook.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="hautelook.com" />
+	<target host="www.hautelook.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.hautelook\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\.hautelook\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/HauteLook_CDN.com.xml b/src/chrome/content/rules/HauteLook_CDN.com.xml
new file mode 100644
index 000000000000..6e7ebefeb674
--- /dev/null
+++ b/src/chrome/content/rules/HauteLook_CDN.com.xml
@@ -0,0 +1,18 @@
+<!--
+	For other Nordstrom Rack coverage, see Nordstrom_Rack.com.xml.
+
+
+	^hautelookcdn.com doesn't exist.
+
+-->
+<ruleset name="HauteLook CDN.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.hautelookcdn.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/HaveProof.com.xml b/src/chrome/content/rules/HaveProof.com.xml
new file mode 100644
index 000000000000..7c6315599648
--- /dev/null
+++ b/src/chrome/content/rules/HaveProof.com.xml
@@ -0,0 +1,19 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://haveproof.com/ => https://haveproof.com/: (51, "SSL: no alternative certificate subject name matches target host name 'haveproof.com'")
+Fetch error: http://www.haveproof.com/ => https://haveproof.com/: (51, "SSL: no alternative certificate subject name matches target host name 'haveproof.com'")
+
+	www: cert only maches ^haveproof.com
+
+-->
+<ruleset name="HaveProof.com" default_off="failed ruleset test">
+
+	<target host="haveproof.com" />
+	<target host="www.haveproof.com" />
+
+
+	<rule from="^http://(?:www\.)?haveproof\.com/"
+		to="https://haveproof.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Havering.gov.uk.xml b/src/chrome/content/rules/Havering.gov.uk.xml
new file mode 100644
index 000000000000..db03e4c7198a
--- /dev/null
+++ b/src/chrome/content/rules/Havering.gov.uk.xml
@@ -0,0 +1,24 @@
+<!--
+	For other UK government coverage, see GOV.UK.xml.
+
+	Non-functional hosts
+		Timeout was reached:
+		- ld.havering.gov.uk
+		- maps.havering.gov.uk
+		- planning.havering.gov.uk
+-->
+<ruleset name="Havering.gov.uk (partial)">
+	<target host="havering.gov.uk" />
+	<target host="bse.havering.gov.uk" />
+	<target host="intranet.havering.gov.uk" />
+	<target host="democracy.havering.gov.uk" />
+	<target host="myplace.havering.gov.uk" />
+	<target host="nl.havering.gov.uk" />
+	<target host="online.havering.gov.uk" />
+	<target host="provider.havering.gov.uk" />
+	<target host="www.havering.gov.uk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Hawaii.gov.xml b/src/chrome/content/rules/Hawaii.gov.xml
index 67911be97c77..fa4b1e71dea1 100644
--- a/src/chrome/content/rules/Hawaii.gov.xml
+++ b/src/chrome/content/rules/Hawaii.gov.xml
@@ -1,4 +1,6 @@
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ehawaii.gov/ => https://ehawaii.gov/: (6, 'Could not resolve host: ehawaii.gov')
 	Nonfunctional hawaii.gov subdomains:
 
 		- (www.) *
@@ -15,20 +17,20 @@
 -->
 <ruleset name="Hawaii.gov (partial)">
 
+	<target host="dlnr.hawaii.gov" />
+	<target host="hidot.hawaii.gov" />
+	<target host="stayconnected.hawaii.gov" />
 	<target host="ehawaii.gov" />
-	<target host="*.ehawaii.gov" />
+	<target host="portal.ehawaii.gov" />
+	<target host="www.ehawaii.gov" />
 		<exclusion pattern="^http://portal\.ehawaii\.gov/landing/(?:\?.*)?$" />
-	<target host="*.hawaii.gov" />
+
 
 
 	<securecookie host="^www\.ehawaii\.gov$" name=".+" />
 	<securecookie host="^stayconnected\.hawaii\.gov$" name=".+" />
 
 
-	<rule from="^http://(dlnr|hic|hidot|stayconnected)\.hawaii\.gov/"
-		to="https://$1.hawaii.gov/" />
-
-	<rule from="^http://(portal\.|www\.)?ehawaii\.gov/"
-		to="https://$1ehawaii.gov/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/HawaiianAirlines.xml b/src/chrome/content/rules/HawaiianAirlines.xml
index 77078bf4e23c..60004ff503ae 100644
--- a/src/chrome/content/rules/HawaiianAirlines.xml
+++ b/src/chrome/content/rules/HawaiianAirlines.xml
@@ -1,9 +1,10 @@
 <ruleset name="Hawaiian Airlines" platform="mixedcontent">
   <target host="hawaiianair.com" />
-  <target host="*.hawaiianair.com" />
+  <target host="emarket.hawaiianair.com" />
+  <target host="ifs.hawaiianair.com" />
+  <target host="www.hawaiianair.com" />
 
   <rule from="^http://hawaiianair\.com/"
           to="https://www.hawaiianair.com/" />
-  <rule from="^http://(emarket|ifs|www)\.hawaiianair\.com/"
-          to="https://$1.hawaiianair.com/" />
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Hawk_Host.com.xml b/src/chrome/content/rules/Hawk_Host.com.xml
new file mode 100644
index 000000000000..42124dae781f
--- /dev/null
+++ b/src/chrome/content/rules/Hawk_Host.com.xml
@@ -0,0 +1,44 @@
+<!--
+	Nonfunctional subdomains:
+
+		- blog *
+		- forums *
+
+	* 503
+
+
+	Fully covered subdomains:
+
+		- (www.)
+		- my
+		- support
+		- vps
+
+
+	These altnames don't exist:
+
+		- internal.hawkhost.com
+
+-->
+<ruleset name="Hawk Host.com (partial)">
+
+	<target host="hawkhost.com" />
+	<target host="my.hawkhost.com" />
+	<target host="support.hawkhost.com" />
+	<target host="vps.hawkhost.com" />
+	<target host="www.hawkhost.com" />
+		<!--exclusion pattern="^http://(blog|forums)\.hawkhost\.com/" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^my\.hawkhost\.com$" name="^WHMCS\w{12}$" /-->
+	<!--securecookie host="^support\.hawkhost\.com$" name="^(SWIFT_client|SWIFT_sessionid\d+)$" /-->
+	<!--securecookie host="^vps\.hawkhost\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^(?:my|support|vps)?\.hawkhost\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Haymarket-problematic.xml b/src/chrome/content/rules/Haymarket-problematic.xml
index c744e64687f2..89578ad4040a 100644
--- a/src/chrome/content/rules/Haymarket-problematic.xml
+++ b/src/chrome/content/rules/Haymarket-problematic.xml
@@ -4,13 +4,12 @@
 -->
 <ruleset name="Haymarket (problematic)" default_off="mismatched">
 
-	<target host="*.haymarket.com" />
+	<target host="careers.haymarket.com" />
 
 
 	<securecookie host="^\.careers\.haymarket\.com$" name=".+" />
 
 
-	<rule from="^http://careers\.haymarket\.com/"
-		to="https://careers.haymarket.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Haymarket.xml b/src/chrome/content/rules/Haymarket.xml
index 3eb97dc910b1..3bb7b3b98c88 100644
--- a/src/chrome/content/rules/Haymarket.xml
+++ b/src/chrome/content/rules/Haymarket.xml
@@ -48,21 +48,14 @@
 
 	<target host="apac.haymarket.com" />
 	<target host="shop.haymarket.com" />
-	<target host="*.shop.haymarket.com" />
-	<target host="*.haymarketmedia.com" />
+	<target host="subscribe.haymarketmedia.com" />
 
 
 	<!--	Tracking cookie:
-					-->
-	<securecookie host="^\.haymarket\.com$" name="^utag_main$" />
-	<securecookie host="^(?:apac|\.?shop)\.haymarket\.com$" name=".*" />
+					-->	<securecookie host="^(?:apac|\.?shop)\.haymarket\.com$" name=".+" />
 	<securecookie host="^\.?subscribe\.haymarketmedia\.com$" name=".+" />
 
 
-	<rule from="^http://(apac|shop)\.haymarket\.com/"
-		to="https://$1.haymarket.com/" />
-
-	<rule from="^http://subscribe\.haymarketmedia\.com/"
-		to="https://subscribe.haymarketmedia.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/HaystackSoftware.xml b/src/chrome/content/rules/HaystackSoftware.xml
new file mode 100644
index 000000000000..97e31c2e633c
--- /dev/null
+++ b/src/chrome/content/rules/HaystackSoftware.xml
@@ -0,0 +1,7 @@
+<ruleset name="Haystack Software">
+	<target host="haystacksoftware.com" />
+	<target host="www.haystacksoftware.com" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Hayward-Pool.com.xml b/src/chrome/content/rules/Hayward-Pool.com.xml
new file mode 100644
index 000000000000..425b869b247c
--- /dev/null
+++ b/src/chrome/content/rules/Hayward-Pool.com.xml
@@ -0,0 +1,13 @@
+<!--
+	^: cert only matches www
+
+-->
+<ruleset name="Hayward-Pool.com">
+
+	<target host="hayward-pool.com" />
+	<target host="www.hayward-pool.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/HbbTV.xml b/src/chrome/content/rules/HbbTV.xml
index 1211c1df4253..3e1651db0df7 100644
--- a/src/chrome/content/rules/HbbTV.xml
+++ b/src/chrome/content/rules/HbbTV.xml
@@ -7,7 +7,6 @@
 	<securecookie host="^(?:www\.)?hbbtv\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?hbbtv\.org/"
-		to="https://$1hbbtv.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Hbrowse.com.xml b/src/chrome/content/rules/Hbrowse.com.xml
new file mode 100644
index 000000000000..d4a57da02990
--- /dev/null
+++ b/src/chrome/content/rules/Hbrowse.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Hbrowse.com">
+	<target host="hbrowse.com" />
+	<target host="www.hbrowse.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Hbz.xml b/src/chrome/content/rules/Hbz.xml
index 0b7c40ab1359..e6cee0929cd3 100644
--- a/src/chrome/content/rules/Hbz.xml
+++ b/src/chrome/content/rules/Hbz.xml
@@ -1,11 +1,23 @@
-<ruleset name="hbz (partial)">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://dbspixel.hbz-nrw.de/count?id=&page=1 => https://dbspixel.hbz-nrw.de/count?id=&page=1: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://dbspixel.hbz-nrw.de/ => https://dbspixel.hbz-nrw.de/: (28, 'Connection timed out after 20000 milliseconds')
+
+	Hochschulbibliothekszentrum NRW
+
+
+	dbspixel: Tracking
+
+-->
+<ruleset name="hbz-nrw.de (partial)" default_off="failed ruleset test">
 
 	<target host="dbspixel.hbz-nrw.de" />
 
+		<test url="http://dbspixel.hbz-nrw.de/count?id=&amp;page=1" />
+
 
-	<!--	Tracking.
-				-->
-	<rule from="^http://dbspixel\.hbz-nrw\.de/"
-		to="https://dbspixel.hbz-nrw.de/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Hckrnews.com.xml b/src/chrome/content/rules/Hckrnews.com.xml
new file mode 100644
index 000000000000..30a72c0d75ba
--- /dev/null
+++ b/src/chrome/content/rules/Hckrnews.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="Hckrnews.com">
+<!--
+	Invalid certificate:
+		dev.hckrnews.com
+-->
+	<target host="hckrnews.com" />
+	<target host="www.hckrnews.com" />
+
+	<test url="http://hckrnews.com/about.html" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Hd-bits.com.xml b/src/chrome/content/rules/Hd-bits.com.xml
new file mode 100644
index 000000000000..4aaf13d1203e
--- /dev/null
+++ b/src/chrome/content/rules/Hd-bits.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Hd-bits.com">
+	<target host="hd-bits.com" />
+	<target host="www.hd-bits.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Hdfcbank.com.xml b/src/chrome/content/rules/Hdfcbank.com.xml
new file mode 100644
index 000000000000..181e6fdbc15d
--- /dev/null
+++ b/src/chrome/content/rules/Hdfcbank.com.xml
@@ -0,0 +1,82 @@
+<!--
+	Problematic subdomains:
+
+		- ideabank.hdfcbank.com (No valid https page)
+		- imaging.hdfcbank.com (Incomplete certificate chain)
+		- mailer.hdfcbank.com (https version redirects to http://www.hdfcbank.com. Not adding rule as it would render this subdomain unuseable)
+		- punjabadds.hdfcbank.com (Incomplete certificate chain)
+		- testmailer.hdfcbank.com (https version redirects to http://www.hdfcbank.com)
+
+	HTTPS Only domains:
+		- https://getprepaidcard.hdfcbank.com/
+		- https://netsafe.hdfcbank.com/
+		- https://nriapply.hdfcbank.com/
+		- https://netbanking.hdfcbank.com/
+		- https://ifms.hdfcbank.com/
+		- https://corporate.hdfcbank.com/
+		- https://cms.hdfcbank.com/
+		- https://leads.hdfcbank.com/
+		- https://apply.hdfcbank.com/
+		- https://enetbanking.hdfcbank.com/
+		- https://punjabadds.hdfcbank.com/
+		- https://mofpi.hdfcbank.com/
+		- https://los.hdfcbank.com/
+		- https://dncdedupe.hdfcbank.com/
+		- https://onlineccredemption.hdfcbank.com/
+		- https://corpssl.hdfcbank.com/
+		- https://aps.hdfcbank.com/
+		- https://divpro.hdfcbank.com/
+		- https://sme.hdfcbank.com/
+		- https://usedcar.hdfcbank.com/
+		- http://payzapp.biz.hdfcbank.com/ (Redirects to https version)
+-->
+<ruleset name="Hdfcbank.com">
+	<target host="hdfcbank.com" />
+	<target host="www.hdfcbank.com" />
+	<target host="*.smartbuy.hdfcbank.com" />
+	<target host="getprepaidcard.hdfcbank.com" />
+	<target host="netsafe.hdfcbank.com" />
+	<target host="nriapply.hdfcbank.com" />
+	<target host="netbanking.hdfcbank.com" />
+	<target host="m.netbanking.hdfcbank.com" />
+	<target host="ifms.hdfcbank.com" />
+	<target host="corporate.hdfcbank.com" />
+	<target host="cms.hdfcbank.com" />
+	<target host="leads.hdfcbank.com" />
+	<target host="apply.hdfcbank.com" />
+	<target host="enetbanking.hdfcbank.com" />
+	<target host="mobilityrpmcc.hdfcbank.com" />
+	<target host="mofpi.hdfcbank.com" />
+	<target host="los.hdfcbank.com" />
+	<target host="dncdedupe.hdfcbank.com" />
+	<target host="m.hdfcbank.com" />
+	<target host="onlineccredemption.hdfcbank.com" />
+	<target host="corpssl.hdfcbank.com" />
+	<target host="aps.hdfcbank.com" />
+	<target host="divpro.hdfcbank.com" />
+	<target host="remit.hdfcbank.com" />
+	<target host="sme.hdfcbank.com" />
+	<target host="usedcar.hdfcbank.com" />
+	<target host="payzapp.biz.hdfcbank.com" />
+
+	<test url="http://offers.smartbuy.hdfcbank.com/" />
+	<test url="http://mobileoffers.smartbuy.hdfcbank.com/" />
+	<test url="http://mobileoffers.smartbuy.hdfcbank.com/recharge" />
+	<test url="http://www.hdfcbank.com/smartemi" />
+	<test url="http://ifms.hdfcbank.com/delfin" />
+	<test url="http://apply.hdfcbank.com/BranchAuto/NewToBank" />
+	<test url="http://enetbanking.hdfcbank.com/corporate/CorporateLogin.html" />
+	<test url="http://mofpi.hdfcbank.com/EnetMVC/" />
+	<test url="http://los.hdfcbank.com/LOSHDFC/CheckLogin.los" />
+	<test url="http://dncdedupe.hdfcbank.com/dnc/login.htm" />
+	<test url="http://m.hdfcbank.com/download/android_app.htm" />
+	<test url="http://onlineccredemption.hdfcbank.com/Prima_CustomerPortal/frmCustomerInfo.aspx" />
+	<test url="http://corpssl.hdfcbank.com/EnetSSL/core.login.autopwdldngpag.do" />
+	<test url="http://aps.hdfcbank.com/EntlWeb/IbsJsps/ibhome.jsp?Source=NewLogin" />
+	<test url="http://divpro.hdfcbank.com/corporateWeb/jsp/Login.jsp" />
+	<test url="http://remit.hdfcbank.com/htdocs/common/pdf/ECSS_ApplicationForm.pdf" />
+	<test url="http://sme.hdfcbank.com/LoanFloWeb/Index.jsp" />
+	<test url="http://usedcar.hdfcbank.com/htdocs/aboutus/awards/bt_awards.htm" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Hdp.org.tr.xml b/src/chrome/content/rules/Hdp.org.tr.xml
new file mode 100644
index 000000000000..db2bfc98bb03
--- /dev/null
+++ b/src/chrome/content/rules/Hdp.org.tr.xml
@@ -0,0 +1,9 @@
+<!--
+	Mixed content from YouTube (secured by us)
+-->
+<ruleset name="Hdp.org.tr" platform="mixedcontent">
+	<target host="hdp.org.tr" />
+	<target host="www.hdp.org.tr" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/HeaDuck.com.xml b/src/chrome/content/rules/HeaDuck.com.xml
new file mode 100644
index 000000000000..60721353b7a4
--- /dev/null
+++ b/src/chrome/content/rules/HeaDuck.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="HeaDuck.com">
+	<target host="blog.headuck.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Head-Fi.org.xml b/src/chrome/content/rules/Head-Fi.org.xml
new file mode 100644
index 000000000000..a23616980642
--- /dev/null
+++ b/src/chrome/content/rules/Head-Fi.org.xml
@@ -0,0 +1,15 @@
+<!--
+	No working URL known:
+		dev.head-fi.org
+
+-->
+<ruleset name="Head-Fi.org">
+
+	<target host="head-fi.org" />
+	<target host="www.head-fi.org" />
+	<target host="cdn.head-fi.org" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Headphone.com.xml b/src/chrome/content/rules/Headphone.com.xml
new file mode 100644
index 000000000000..56b7e2080b2c
--- /dev/null
+++ b/src/chrome/content/rules/Headphone.com.xml
@@ -0,0 +1,42 @@
+<!--
+	HeadRoom
+
+
+	CDN buckets:
+
+		 - wpc.3C5C.edgecastcdn.net/??3C5C/
+
+			- media
+
+
+	Problematic subdomains:
+
+		- ^ ¹
+		- media *
+
+	¹ Mismatched
+	*  404; mismatched, CN: edgecastcdn.net
+
+-->
+<ruleset name="Headphone.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.headphone.com" />
+
+	<!--	Complications:
+				-->
+	<target host="headphone.com" />
+	<target host="media.headphone.com" />
+
+
+	<securecookie host="^www\.headphone\.com$" name=".+" />
+
+
+	<rule from="^http://(?:media\.)?headphone\.com/"
+		to="https://www.headphone.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Headstrong.de.xml b/src/chrome/content/rules/Headstrong.de.xml
new file mode 100644
index 000000000000..456568f396b9
--- /dev/null
+++ b/src/chrome/content/rules/Headstrong.de.xml
@@ -0,0 +1,20 @@
+<!--
+	^: mismatched, CN: www.zwiebelfreunde.de
+
+-->
+<ruleset name="headstrong.de">
+
+	<target host="headstrong.de" />
+	<target host="www.headstrong.de" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.headstrong\.de$" name="^DokuWiki$" /-->
+
+	<securecookie host="^www\.headstrong\.de$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/HealthCare.gov.xml b/src/chrome/content/rules/HealthCare.gov.xml
new file mode 100644
index 000000000000..11f55597dbfe
--- /dev/null
+++ b/src/chrome/content/rules/HealthCare.gov.xml
@@ -0,0 +1,20 @@
+<!--
+	Non-functional hosts
+		HSTS preloaded:
+		- healthcare.gov
+		- www.healthcare.gov
+-->
+<ruleset name="HealthCare.gov">
+	<target host="assets.healthcare.gov" />
+	<target host="companyprofiles.healthcare.gov" />
+	<target host="data.healthcare.gov" />
+	<target host="finder.healthcare.gov" />
+	<target host="localhelp.healthcare.gov" />
+	<target host="ratereview.healthcare.gov" />
+	<target host="styleguide.healthcare.gov" />
+	<target host="data.test.healthcare.gov" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/HealthCheckUSA.com.xml b/src/chrome/content/rules/HealthCheckUSA.com.xml
new file mode 100644
index 000000000000..03075b03c223
--- /dev/null
+++ b/src/chrome/content/rules/HealthCheckUSA.com.xml
@@ -0,0 +1,15 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+		- healthcheckusa.com
+		- www.healthcheckusa.com
+
+		Timeout was reached:
+		- mail.healthcheckusa.com
+-->
+<ruleset name="Health Check USA.com">
+	<target host="blog.healthcheckusa.com" />
+	<target host="secure.healthcheckusa.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/HealthCheckUSA.xml b/src/chrome/content/rules/HealthCheckUSA.xml
deleted file mode 100644
index 7c101d92b50b..000000000000
--- a/src/chrome/content/rules/HealthCheckUSA.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="HealthCheckUSA">
-	<target host="healthcheckusa.com" />
-	<target host="secure.healthcheckusa.com" />
-	<target host="www.healthcheckusa.com" />
-
-	<securecookie host="^((secure|www)?\.)?healthcheckusa\.com$" name=".+" />
-
-	<rule from="^(http://(www\.)?|https://)healthcheckusa\.com/" to="https://www.healthcheckusa.com/" />
-	<rule from="^http://secure\.healthcheckusa\.com/" to="https://secure.healthcheckusa.com/" />
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/HealthDesigns.xml b/src/chrome/content/rules/HealthDesigns.xml
new file mode 100644
index 000000000000..ce9e1efe3c24
--- /dev/null
+++ b/src/chrome/content/rules/HealthDesigns.xml
@@ -0,0 +1,22 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://healthdesigns.com/ => https://healthdesigns.com/: (7, 'Failed to connect to healthdesigns.com port 443: No route to host')
+Fetch error: http://www.healthdesigns.com/ => https://www.healthdesigns.com/: (7, 'Failed to connect to www.healthdesigns.com port 443: No route to host')
+
+
+		Refused:
+		- rewards.
+
+		Expired:
+		- br.
+
+-->
+
+<ruleset name="HealthDesigns" default_off="failed ruleset test">
+        <target host="healthdesigns.com" />
+        <target host="www.healthdesigns.com" />
+
+        <rule from="^http:"
+                to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/HealthTap.xml b/src/chrome/content/rules/HealthTap.xml
new file mode 100644
index 000000000000..003e0b6aee51
--- /dev/null
+++ b/src/chrome/content/rules/HealthTap.xml
@@ -0,0 +1,15 @@
+<!--
+	Problematic subdomain:
+		- blog		(mixed content)
+-->
+<ruleset name="HealthTap (partial)">
+	<target host=     "healthtap.com" />
+	<target host="edc1.healthtap.com" />
+	<target host="edc2.healthtap.com" />
+	<target host= "www.healthtap.com" />
+
+  	<securecookie host="^www\.healthtap\.com$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/HealthUnlocked.com.xml b/src/chrome/content/rules/HealthUnlocked.com.xml
new file mode 100644
index 000000000000..fbef720e91e7
--- /dev/null
+++ b/src/chrome/content/rules/HealthUnlocked.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- healthunlocked.com
+
+-->
+<ruleset name="HealthUnlocked.com">
+
+	<target host="healthunlocked.com" />
+	<target host="www.healthunlocked.com" />
+	<target host="www2.healthunlocked.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^healthunlocked\.com$" name="^(?:huBv|huSessID)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+	<securecookie host="^\." name="^_(?:_utm|gat?$)" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Health_On_Net.org.xml b/src/chrome/content/rules/Health_On_Net.org.xml
new file mode 100644
index 000000000000..4792fe6480ba
--- /dev/null
+++ b/src/chrome/content/rules/Health_On_Net.org.xml
@@ -0,0 +1,24 @@
+<!--
+	For other Health on the Net coverage, see HON.ch.xml.
+
+
+	^healthonnet.org: Mismatched
+
+-->
+<ruleset name="Health On Net.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.healthonnet.org" />
+
+	<!--	Complications:
+				-->
+	<target host="healthonnet.org" />
+
+
+	<rule from="^http://healthonnet\.org/"
+		to="https://www.healthonnet.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Healthcare.gov.xml b/src/chrome/content/rules/Healthcare.gov.xml
deleted file mode 100644
index 64f4f9c110c0..000000000000
--- a/src/chrome/content/rules/Healthcare.gov.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<ruleset name="Healthcare.gov">
-    <target host="healthcare.gov" />
-    <target host="*.healthcare.gov" />
-
-    <securecookie host="^(.*\.)?healthcare\.gov$" name=".+" />
-
-    <rule from="^https?://healthcare\.gov/"
-        to="https://www.healthcare.gov/" />
-    <rule from="^http://([^/:@]+)?\.healthcare\.gov/"
-        to="https://$1.healthcare.gov/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Healthcare_Staff_Benefits.xml b/src/chrome/content/rules/Healthcare_Staff_Benefits.xml
index 2ad4cd4d050e..3e58dd8fcc0a 100644
--- a/src/chrome/content/rules/Healthcare_Staff_Benefits.xml
+++ b/src/chrome/content/rules/Healthcare_Staff_Benefits.xml
@@ -1,13 +1,12 @@
 <ruleset name="Healthcare Staff Benefits">
 
 	<target host="healthcarestaffbenefits.org" />
-	<target host="*.healthcarestaffbenefits.org" />
+	<target host="www.healthcarestaffbenefits.org" />
 
 
 	<securecookie host="^(?:w*\.)?healthcarestaffbenefits\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?healthcarestaffbenefits\.org/"
-		to="https://$1healthcarestaffbenefits.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/HealthdirectAustralia.xml b/src/chrome/content/rules/HealthdirectAustralia.xml
new file mode 100644
index 000000000000..c2a1f8681fb0
--- /dev/null
+++ b/src/chrome/content/rules/HealthdirectAustralia.xml
@@ -0,0 +1,7 @@
+<ruleset name="Healthdirect Australia">
+	<target host="healthdirect.gov.au" />
+	<target host="www.healthdirect.gov.au" />
+
+	<rule from="^http://(?:www\.)?healthdirect\.gov\.au/"
+		to="https://www.healthdirect.gov.au/" />
+</ruleset>
diff --git a/src/chrome/content/rules/Healthfuze.com.xml b/src/chrome/content/rules/Healthfuze.com.xml
index ff0d28c0a274..19c21532b358 100644
--- a/src/chrome/content/rules/Healthfuze.com.xml
+++ b/src/chrome/content/rules/Healthfuze.com.xml
@@ -1,13 +1,13 @@
 <ruleset name="Healthfuze.com">
 
 	<target host="healthfuze.com" />
-	<target host="*.healthfuze.com" />
+	<target host="www.healthfuze.com" />
 
 
-	<securecookie host="^(?:.*\.)?healthfuze\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(www\.)?healthfuze\.com/"
-		to="https://$1healthfuze.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/HealthyGeorge.com.xml b/src/chrome/content/rules/HealthyGeorge.com.xml
new file mode 100644
index 000000000000..917736f27865
--- /dev/null
+++ b/src/chrome/content/rules/HealthyGeorge.com.xml
@@ -0,0 +1,12 @@
+<!--
+	Active mixed content:
+		- healthygeorge.com
+		- www.healthygeorge.com
+-->
+
+<ruleset name="HealthyGeorge.com" platform="mixedcontent">
+	<target host="healthygeorge.com" />
+	<target host="www.healthygeorge.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Healthy_Eater.com.xml b/src/chrome/content/rules/Healthy_Eater.com.xml
new file mode 100644
index 000000000000..94db83c063cd
--- /dev/null
+++ b/src/chrome/content/rules/Healthy_Eater.com.xml
@@ -0,0 +1,34 @@
+<!--
+	www.healthyeater.com: Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- healthyeater.com
+
+-->
+<ruleset name="Healthy Eater.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="healthyeater.com" />
+
+	<!--	Complications:
+				-->
+	<target host="www.healthyeater.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^healthyeater\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://www\.healthyeater\.com/"
+		to="https://healthyeater.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Healthy_for_Kids.xml b/src/chrome/content/rules/Healthy_for_Kids.xml
index 34805a758486..96367b4ca711 100644
--- a/src/chrome/content/rules/Healthy_for_Kids.xml
+++ b/src/chrome/content/rules/Healthy_for_Kids.xml
@@ -12,4 +12,4 @@
 	<rule from="^http://healthyforkids\.wpengine\.netdna-cdn\.com/"
 		to="https://healthyforkids.wpengine.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Heanet.ie-falsemixed.xml b/src/chrome/content/rules/Heanet.ie-falsemixed.xml
new file mode 100644
index 000000000000..4e59a9c07c17
--- /dev/null
+++ b/src/chrome/content/rules/Heanet.ie-falsemixed.xml
@@ -0,0 +1,25 @@
+<!--
+	For rules not causing false/broken MCB, see Heanet.ie.xml.
+
+-->
+<ruleset name="Heanet.ie (false MCB)" platform="mixedcontent">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.heanet.ie" />
+
+	<!--	Complications:
+				-->
+	<target host="heanet.ie" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://heanet\.ie/"
+		to="https://www.heanet.ie/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Heanet.ie.xml b/src/chrome/content/rules/Heanet.ie.xml
new file mode 100644
index 000000000000..750497a49cd2
--- /dev/null
+++ b/src/chrome/content/rules/Heanet.ie.xml
@@ -0,0 +1,67 @@
+<!--
+	For rules causing false/broken MCB, see Heanet.ie-falsemixed.xml.
+
+
+	Nonfunctional hosts in *heanet.ie:
+
+		- gomez ᵃ
+		- kokapetl ᵃ
+		- lg ³
+		- mendoza ᵃ
+		- piwik
+		- tao ᵃ
+
+	³ 403
+	ᵃ Shows another domain
+
+
+	^heanet.de: Mismatched
+
+
+	Mixed content:
+
+		- css on www from ajax.googleapis.com ˢ
+
+		- Images, on:
+
+			- ticketing from www.heanet.ie ˢ
+			- www from heanet.ie ˢ
+			- www from $self ˢ
+
+		- Bug on www from piwik.heanet.ie ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="Heanet.ie (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="clientportal.heanet.ie" />
+	<target host="ds.heanet.ie" />
+	<target host="ftp.heanet.ie" />
+	<target host="listserv.heanet.ie" />
+	<target host="piwik.heanet.ie" />
+	<target host="ticketing.heanet.ie" />
+	<!--target host="www.heanet.ie" /-->
+
+	<!--	Complications:
+				-->
+	<!--target host="heanet.ie" /-->
+
+		<!--	200 default page over http, 403 over
+			https => would fail fetch test
+							-->
+		<exclusion pattern="^http://ds\.heanet\.ie/$" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<!--rule from="^http://heanet\.ie/"
+		to="https://www.heanet.ie/" /-->
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Heap_Analytics.com.xml b/src/chrome/content/rules/Heap_Analytics.com.xml
new file mode 100644
index 000000000000..885ab090ff72
--- /dev/null
+++ b/src/chrome/content/rules/Heap_Analytics.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- heapanalytics.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Heap Analytics.com">
+
+	<target host="heapanalytics.com" />
+	<target host="cdn.heapanalytics.com" />
+	<target host="www.heapanalytics.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^heapanalytics\.com$" name="^AWSELB$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Hearst-Corporation-self-signed.xml b/src/chrome/content/rules/Hearst-Corporation-self-signed.xml
index 220198a9def0..06a6df31e571 100644
--- a/src/chrome/content/rules/Hearst-Corporation-self-signed.xml
+++ b/src/chrome/content/rules/Hearst-Corporation-self-signed.xml
@@ -12,20 +12,20 @@
 	<target host="www.thedailygreen.com" />
 
 
-	<securecookie host="^docuwiki\.hearstdigitalnews\.com$" name=".*"/>
+	<securecookie host="^docuwiki\.hearstdigitalnews\.com$" name=".+" />
 
 
 	<rule from="^http://docuwiki\.hearstdigitalnews\.com/"
 		to="https://docuwiki.hearstdigitalnews.com/"/>
 
-	<rule from="^https?://(?:www\.)?hdnux\.com/"
+	<rule from="^http://(?:www\.)?hdnux\.com/"
 		to="https://hdnux.com/" />
 
 	<!--	- !www cert: subscribe.hearstmags.com
 		- !www 301s to www
 		- www: Akamai
 					-->
-	<rule from="^https?://(?:www\.)?thedailygreen\.com/"
+	<rule from="^http://(?:www\.)?thedailygreen\.com/"
 		to="https://www.thedailygreen.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Hearst-Corporation.xml b/src/chrome/content/rules/Hearst-Corporation.xml
deleted file mode 100644
index b25431393b6b..000000000000
--- a/src/chrome/content/rules/Hearst-Corporation.xml
+++ /dev/null
@@ -1,56 +0,0 @@
-<!--
-	Other Hearst Corporation rulesets:
-
-		- Delish.xml
-		- Elle.com.xml
-		- Hearst-Corporation-self-signed.xml
-		- Hearst_Magazines.xml
-		- Houston_Chronicle.xml
-		- LocalEdge.xml
-		- Popular-Mechanics.xml
-
-
-	Nonfunctional domains:
-
-		- chron.com				(cert: 236134-pweb1.hearst.com, expired, self-signed;
-							shows RHEL Apache test page, redirects to www over http)
-		- apps.chron.com
-		- extras.chron.com			(reset)
-		- images.chron.com			(reset)
-		- www.chron.com				(reset)
-		- ctpost.com				(cert: 236135-pweb2.hearstnp.com, expired, self-signed;
-							shows RHEL Apache test page, redirects to www over http)
-		- contribute.ctpost.com
-		- www.ctpost.com			(reset)
-		- ww[1-4].hdnux.com			(shows RHEL test page, akamai)
-		- ctextras.hearstdigitalnews.com	(cert: docuwiki.heartdigitalnews.com; shows that domain's data)
-		- ux.hearstdigitalnews.com		(cert: 273251-sdev1.hearstnp.com, expired,
-							self-signed; shows RHEL Apache test page)
-		- chron.ux.hearstdigitalnews.com	(ditto)
-		- ctpost.ux.hearstdigitalnews.com	(ditto)
-		- newstimes.ux.hearstdigitalnews.com	(ditto)
-		- newstimes.com				(cert: 236135-pweb2.hearstnp.com, expired,
-							self-signed; shows RHEL Apache test page)
-		- www.newstimes.com			(reset)
-		- sfgate.com				(cert: 236135-pweb2.hearstnp.com, expired,
-							self-signed; shows RHEL test page)
-		- extras.sfgate.com			(shows docuwiki, akamai)
-		- www.sfgate.com			(ditto)
-		- web.timesunion.com			(504, akamai)
-		- wcvb.com				(times out)d
-		- www.wcvb.com				(akamai, 503)
-
--->
-<ruleset name="Hearst Corporation (partial)" platform="mixedcontent">
-
-	<target host="myhearstnewspaper.com"/>
-	<target host="www.myhearstnewspaper.com"/>
-
-
-	<securecookie host="^(.*\.)?myhearstnewspaper\.com$" name=".*"/>
-
-
-	<rule from="^http://(www\.)?myhearstnewspaper\.com/"
-		to="https://$1myhearstnewspaper.com/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Hearst_Magazines.xml b/src/chrome/content/rules/Hearst_Magazines.xml
index 760831f1b9e8..fdc28079de5c 100644
--- a/src/chrome/content/rules/Hearst_Magazines.xml
+++ b/src/chrome/content/rules/Hearst_Magazines.xml
@@ -14,18 +14,18 @@
 -->
 <ruleset name="Hearst Magazines">
 
-	<target host="*.circules.com" />
-	<target host="*.hearstmags.com" />
+	<target host="www.circules.com" />
+
+	<target host="preferences.hearstmags.com" />
+	<target host="services.hearstmags.com" />
+	<target host="subscribe.hearstmags.com" />
 
 
 	<securecookie host="^\.circules\.com$" name=".+" />
 	<securecookie host="^(?:\.subscribe)?\.hearstmags\.com$" name=".+" />
 
 
-	<rule from="^http://www\.circules\.com/"
-		to="https://www.circules.com/" />
-
-	<rule from="^http://s(ervices|ubscribe)\.hearstmags\.com/"
-		to="https://s$1.hearstmags.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Heart-2-Heart.xml b/src/chrome/content/rules/Heart-2-Heart.xml
deleted file mode 100644
index 0a092ed29b79..000000000000
--- a/src/chrome/content/rules/Heart-2-Heart.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="Heart 2 Heart" default_off="expired, mismatch, self-signed">
-
-	<!--	cert:	*.baremetal.com		-->
-	<target host="heart-2-heart.ca"/>
-
-	<rule from="^http://(?:www\.)?heart-2-heart\.ca/"
-		to="https://heart-2-heart.ca/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Heart.org.xml b/src/chrome/content/rules/Heart.org.xml
new file mode 100644
index 000000000000..355380510e2d
--- /dev/null
+++ b/src/chrome/content/rules/Heart.org.xml
@@ -0,0 +1,75 @@
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://heart.org/ => https://www.heart.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+	For other American Heart Foundation coverage, see American_Heart.org.xml.
+
+
+	Nonfunctional subdomains:
+
+		- mylifecheck ¹
+		- mlnetwork ²
+
+	¹ Interrupted
+	² Refused
+
+
+	Problematic subdomains:
+
+		- ^ ¹
+		- my ²
+		- newsroom ³
+
+	¹ Cert only matches www
+	² Mismatched, CN:
+	³ Works; mismatched, CN: cms.iprsoftware.com
+
+
+	Fully covered subdomains:
+
+		- (www.)	(^ → www)
+		- donate
+		- extranet
+		- my		(-> my.americanheart.org)
+		- static
+		- volunteer
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- newsroom from static *
+			- newsroom from cms.ipressroom.com.s3.amazonaws.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Heart.org (partial)">
+
+	<target host="heart.org" />
+	<target host="www.heart.org" />
+	<target host="extranet.heart.org" />
+	<target host="donate.heart.org" />
+	<target host="static.heart.org" />
+	<target host="volunteer.heart.org" />
+	<target host="my.heart.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.heart\.org$" name="^KNTASESSION$" /-->
+	<!--securecookie host="^donate\.heart\.org$" name="^([0-9A-F]{32}|ASP\.NET_SessionId)$" /-->
+	<!--securecookie host="^newsroom\.heart\.org$" name="^ipr_i$" /-->
+
+	<securecookie host="^donate\.heart\.org$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?heart\.org/"
+		to="https://www.heart.org/" />
+
+
+	<rule from="^http://my\.heart\.org/"
+		to="https://my.americanheart.org/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Heartbleed.com.xml b/src/chrome/content/rules/Heartbleed.com.xml
new file mode 100644
index 000000000000..29b08f0a5eab
--- /dev/null
+++ b/src/chrome/content/rules/Heartbleed.com.xml
@@ -0,0 +1,17 @@
+<!--
+	www: refused
+
+
+	CN: *.cloudfront.net
+
+-->
+<ruleset name="Heartbleed.com" default_off="mismatched">
+
+	<target host="heartbleed.com" />
+	<target host="www.heartbleed.com" />
+
+
+	<rule from="^http://(?:www\.)?heartbleed\.com/"
+		to="https://heartbleed.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/HeatWare.com.xml b/src/chrome/content/rules/HeatWare.com.xml
new file mode 100644
index 000000000000..d5de4606427b
--- /dev/null
+++ b/src/chrome/content/rules/HeatWare.com.xml
@@ -0,0 +1,12 @@
+<!--
+	Active mixed content:
+		- forum.heatware.com
+		- www.forum.heatware.com
+-->
+
+<ruleset name="HeatWare.com">
+	<target host="heatware.com" />
+	<target host="www.heatware.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Heat_Street.xml b/src/chrome/content/rules/Heat_Street.xml
new file mode 100644
index 000000000000..a7916bb5a504
--- /dev/null
+++ b/src/chrome/content/rules/Heat_Street.xml
@@ -0,0 +1,7 @@
+<ruleset name="Heat Street">
+        <target host="heatst.com" />
+        <target host="www.heatst.com" />
+
+        <rule from="^http:"
+                to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Heatball.de.xml b/src/chrome/content/rules/Heatball.de.xml
index a4aaf468cd0a..1acbf6179551 100644
--- a/src/chrome/content/rules/Heatball.de.xml
+++ b/src/chrome/content/rules/Heatball.de.xml
@@ -1,10 +1,14 @@
-<ruleset name="Heatball.de">
+<!--
+	(www.)?heatball.de: Shows kronix.xeneris.net
+
+-->
+<ruleset name="Heatball.de" default_off="shows another domain">
 
 	<target host="heatball.de" />
 	<target host="www.heatball.de" />
 
 
-	<rule from="^http://(www\.)?heatball\.de/"
-		to="https://$1heatball.de/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Heathkit.com.xml b/src/chrome/content/rules/Heathkit.com.xml
index a0d33c7eb43a..839f15b2c666 100644
--- a/src/chrome/content/rules/Heathkit.com.xml
+++ b/src/chrome/content/rules/Heathkit.com.xml
@@ -1,5 +1,5 @@
 <ruleset name="Heathkit">
   <target host="www.heathkit.com"/>
   <target host="heathkit.com"/>
-  <rule from="^http://(www\.)?heathkit\.com/" to="https://www.heathkit.com/"/>
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Heatmap.xml b/src/chrome/content/rules/Heatmap.xml
new file mode 100644
index 000000000000..4b91f46b2dff
--- /dev/null
+++ b/src/chrome/content/rules/Heatmap.xml
@@ -0,0 +1,29 @@
+<!--
+	Invalid certificate:
+		mailer.heatmap.me
+		shopify-app.heatmap.it
+
+	Refused:
+		eu7.heatmap.it
+-->
+<ruleset name="Heatmap">
+
+	<target host="heatmap.me" />
+	<target host="www.heatmap.me" />
+
+	<target host="heatmap.it" />
+	<target host="www.heatmap.it" />
+	<target host="eu1.heatmap.it" />
+	<target host="eu4.heatmap.it" />
+	<target host="eu5.heatmap.it" />
+	<target host="eu6.heatmap.it" />
+	<target host="eu8.heatmap.it" />
+	<target host="eu9.heatmap.it" />
+	<target host="us2.heatmap.it" />
+	<target host="us4.heatmap.it" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"	to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Heavy.com.xml b/src/chrome/content/rules/Heavy.com.xml
index 6f5ccc356556..0f2bd38df346 100644
--- a/src/chrome/content/rules/Heavy.com.xml
+++ b/src/chrome/content/rules/Heavy.com.xml
@@ -1,27 +1,13 @@
 <!--
-	CDN buckets:
-
-		- media.heavy.com.edgesuite.net
-
-			- a1834.g.akamai.net
-
-		- www-new.heavy.com.edgesuite.net
-
-			- www
-
-
-	Nonfunctional subdomains:
-
-		- ^	(dropped)
-		- www	(504, akamai)
+	Wildcard DNS and certificate.
 
 -->
-<ruleset name="Heavy.com (partial)">
-
-	<target host="media.heavy.com" />
+<ruleset name="Heavy.com">
 
+	<target host="heavy.com" />
+	<target host="www.heavy.com" />
 
-	<rule from="^http://media\.heavy\.com/"
-		to="https://a248.e.akamai.net/m/1834/8050/9/media.heavy.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Heckrath.net.xml b/src/chrome/content/rules/Heckrath.net.xml
deleted file mode 100644
index a4a70d455e62..000000000000
--- a/src/chrome/content/rules/Heckrath.net.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="heckrath.net">
-  <target host="heckrath.net" />
-  <target host="*.heckrath.net" />
-
-  <securecookie host="^www\.heckrath\.net$" name=".+" />
-
-  <rule from="^http://(?:www\.)?heckrath\.net/" to="https://www.heckrath.net/" />
-  <rule from="^https?://login\.heckrath\.net/" to="https://www.heckrath.net/login/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Heide-Park.xml b/src/chrome/content/rules/Heide-Park.xml
new file mode 100644
index 000000000000..1c6405eaa87f
--- /dev/null
+++ b/src/chrome/content/rules/Heide-Park.xml
@@ -0,0 +1,17 @@
+<!--
+	For other Merlin Entertainments coverage, see Merlin-Entertainments.xml.
+-->
+<ruleset name="Heide Park Resort">
+	<target host="heide-park.de" />
+	<target host="secure.heide-park.de" />
+	<target host="www.heide-park.de" />
+
+	<securecookie host=".*\.heide-park\.de$" name=".+" />
+
+	<!-- Timeout: -->
+	<rule from="^http://heide-park\.de/"
+		to="https://www.heide-park.de/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Heidelberg.de.xml b/src/chrome/content/rules/Heidelberg.de.xml
new file mode 100644
index 000000000000..f2f4f8370e86
--- /dev/null
+++ b/src/chrome/content/rules/Heidelberg.de.xml
@@ -0,0 +1,16 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://heidelberg.de/ => https://www.heidelberg.de/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.heidelberg.de/ => https://www.heidelberg.de/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+-->
+<ruleset name="Heidelberg.de" default_off="failed ruleset test">
+  <target host=    "heidelberg.de"/>
+  <target host="www.heidelberg.de"/>
+
+  <rule from="^http://heidelberg\.de/"
+          to="https://www.heidelberg.de/"/>
+  <rule from="^http:"
+	  to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/Heifer.org.xml b/src/chrome/content/rules/Heifer.org.xml
new file mode 100644
index 000000000000..eb3cac880eb4
--- /dev/null
+++ b/src/chrome/content/rules/Heifer.org.xml
@@ -0,0 +1,57 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://honorcards.heifer.org/ => https://honorcards.heifer.org/: (7, 'Failed to connect to honorcards.heifer.org port 443: Connection refused')
+Fetch error: http://pbridge.heifer.org/ => https://pbridge.heifer.org/: (7, 'Failed to connect to pbridge.heifer.org port 443: Connection refused')
+Fetch error: http://secure1.heifer.org/ => https://secure1.heifer.org/: (7, 'Failed to connect to secure1.heifer.org port 443: Connection refused')
+
+	CDN buckets:
+
+		- 9dc3f407a257cfd3f7ea-d14ef12e680aa00597bdffb57368cf92.r6.cf2.rackcdn.com
+
+-->
+<ruleset name="Heifer.org" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="heifer.org" />
+	<target host="honorcards.heifer.org" />
+	<target host="payments.heifer.org" />
+	<target host="pbridge.heifer.org" />
+	<target host="secure1.heifer.org" />
+	<target host="shop.heifer.org" />
+	<target host="www.heifer.org" />
+
+		<!--	Redirect to http:
+						-->
+		<!--exclusion pattern="^http://(www\.)?heifer\.org/+($|\?|beyond-hunger/index\.html)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://(?:www\.)?heifer\.org/+(?!favicon\.ico|gift-catalog/donor-info\.html|resources/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.heifer.org/beyond-hunger/index.html" />
+			<test url="http://www.heifer.org/index" />
+			<test url="http://www.heifer.org/index.asp" />
+			<test url="http://www.heifer.org/index.aspx" />
+			<test url="http://www.heifer.org/index.html" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.heifer.org/favicon.ico" />
+			<test url="http://www.heifer.org/gift-catalog/donor-info.html" />
+			<test url="http://www.heifer.org/resources/images/logo.png" />
+
+
+	<!--	Tracking cookies:
+					-->
+	<securecookie host="^\.heifer\.org$" name="^__(?:qca|utm\w+)$" />
+	<securecookie host="^(?:honorcards|shop)\.heifer\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/HeimatshopBayern.xml b/src/chrome/content/rules/HeimatshopBayern.xml
new file mode 100644
index 000000000000..be1335e68449
--- /dev/null
+++ b/src/chrome/content/rules/HeimatshopBayern.xml
@@ -0,0 +1,7 @@
+<ruleset name="Heimatshop Bayern">
+
+	<target host="heimatshop-bayern.de" />
+	<target host="www.heimatshop-bayern.de"/>
+
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/Heimdal_Security.com.xml b/src/chrome/content/rules/Heimdal_Security.com.xml
new file mode 100644
index 000000000000..30a9699c02dc
--- /dev/null
+++ b/src/chrome/content/rules/Heimdal_Security.com.xml
@@ -0,0 +1,24 @@
+<!--
+	Fully covered subdomains:
+
+		- (www.)
+		- goz
+		- support
+
+-->
+<ruleset name="Heimdal Security.com">
+
+	<target host="heimdalsecurity.com" />
+	<target host="goz.heimdalsecurity.com" />
+	<target host="support.heimdalsecurity.com" />
+	<target host="www.heimdalsecurity.com" />
+
+
+	<!--	Secured by server:
+					-->
+	<!--securecookie host="^heimdalsecurity\.com$" name="^session$" /-->
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Heinlein-Support.de.xml b/src/chrome/content/rules/Heinlein-Support.de.xml
new file mode 100644
index 000000000000..7be3ce3c4243
--- /dev/null
+++ b/src/chrome/content/rules/Heinlein-Support.de.xml
@@ -0,0 +1,17 @@
+<ruleset name="Heinlein-Support.de">
+
+	<target host="heinlein-support.de" />
+	<target host="www.heinlein-support.de" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.heinlein-support\.de$" name="^SESS[0-9a-f]{32}$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Heino-cykler.dk.xml b/src/chrome/content/rules/Heino-cykler.dk.xml
new file mode 100644
index 000000000000..df2aa16f44e1
--- /dev/null
+++ b/src/chrome/content/rules/Heino-cykler.dk.xml
@@ -0,0 +1,8 @@
+<ruleset name="Heino-cykler">
+
+	<target host="heino-cykler.dk" />
+	<target host="www.heino-cykler.dk" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Heise.de.xml b/src/chrome/content/rules/Heise.de.xml
index 6133b008f509..b0a4bfaf90b9 100644
--- a/src/chrome/content/rules/Heise.de.xml
+++ b/src/chrome/content/rules/Heise.de.xml
@@ -1,13 +1,87 @@
-<!--	!functional:
-		- rl.heise.de		(timeout)
-		- (www.)heise-medien.de
+<!--
+	Other Heise rulesets:
+		- Ix.de.xml
+
+	No valid cert:
+
+		- developerworld
+		- infoservice
+		- jobs
+		- rl
+		- (www.)heiseshop.de
+		- ctnotwin15.ct.de
+		- (www.)radio.ct.de" />
+
+	Incomplete chain:
+		- tarifrechner
 -->
-<ruleset name="Heise.de (partial)">
+<ruleset name="Heise.de">
+
+	<!--	Direct rewrites:
+				-->
+
+	<target host="ct.de" />
+	<target host="blog.ct.de" />
+	<target host="www.ct.de" />
+
+	<target host="heise-gruppe.de" />
+	<target host="www.heise-gruppe.de" />
+	<target host="heise-medien.de" />
+	<target host="www.heise-medien.de" />
+
+	<target host="heiseshop.de" />
+	<target host="stat.heiseshop.de" />
+	<target host="www.heiseshop.de" />
+
+	<target host="abo.heise.de" />
+	<target host="gutscheine.heise.de" />
+	<target host="m.heise.de" />
+	<target host="prophet.heise.de" />
+	<target host="shop.heise.de" />
+	<target host="piwik.shop.heise.de" />
+	<target host="www.shop.heise.de" />
+	<target host="www.heise.de" />
+
+
+			<test url="http://m.heise.de/avw-bin/ivw/CP/export-api/" />
+			<test url="http://m.heise.de/fonts/open-sans/OpenSans-CondBold-webfont.woff" />
+			<test url="http://m.heise.de/icons/mobi/favicon.ico" />
+			<test url="http://m.heise.de/icons/mobi/menu_button.png" />
+			<test url="http://m.heise.de/ivw-bin/ivw/CP/" />
+			<test url="http://m.heise.de/js/mobi/mobi.min.js" />
+			<test url="http://m.heise.de/security/icons/security_logo_smartphone_hdpi_color.png" />
+			<test url="http://m.heise.de/stil/mobi/mobi2013.css" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.heise.de/js/foto/galerie/angularjs/partials/ngDialog.inc"/>
+			<test url="http://www.heise.de/js/foto/galerie/angularjs/partials/photo/diashow.html"/>
+			<test url="http://www.heise.de/js/ho/jwplayer-6.10/skin/bekle.xml" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.heise.de/avw-bin/ivw/CP/barfoo/ho/2793053/0.gif" />
+			<test url="http://www.heise.de/ivw-bin/ivw/CP/download" />
+			<test url="http://www.heise.de/favicon.ico" />
+			<test url="http://www.heise.de/foto/icons/galerie/avatar_48.png" />
+			<test url="http://www.heise.de/icons/ho/heise_online_logo_top.gif" />
+			<test url="http://www.heise.de/imgs/02/1/2/5/5/4/2/0/newsletter_briefumschlag_ho_klein2-4b495d4dbd4ddf57.png" />
+			<test url="http://www.heise.de/ix/images/navigation_arrow.png" />
+			<test url="http://www.heise.de/scale/geometry/250/q50/imgs/18/1/7/6/3/3/3/9/heise-tls-0d8d7711ff4ce298.png" />
+			<test url="http://www.heise.de/js/heise.min.js" />
+			<test url="http://www.heise.de/js/ho/login.min.js" />
+			<test url="http://www.heise.de/security" />
+			<test url="http://www.heise.de/security/" />
+			<test url="http://www.heise.de/stil/heise-ui.css" />
+			<test url="http://www.heise.de/support/lib/teaser_linking.js" />
+			<test url="http://www.heise.de/software/screenshots/" />
+			<test url="http://www.heise.de/video/imgs/78/1/8/6/1/0/2/8/dtek50-484c0a9567afe57b.jpeg" />
+			<test url="http://www.heise.de/video/latest_vids.xml" />
 
-	<target host="heise.de"/>
-	<target host="www.heise.de"/>
+	<rule from="^http://(www\.)?heiseshop\.de/"
+		to="https://shop.heise.de/" />
 
-	<rule from="^http://(?:www\.)?heise\.de/([ai]vw-bin/|favicon\.ico|icons/|ix/images/|software/screenshots/|stil/)"
-		to="https://www.heise.de/$1"/>
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Hekko.pl.xml b/src/chrome/content/rules/Hekko.pl.xml
new file mode 100644
index 000000000000..986648374dc4
--- /dev/null
+++ b/src/chrome/content/rules/Hekko.pl.xml
@@ -0,0 +1,38 @@
+<!--
+	Nonfunctional hosts in *hekko.pl:
+
+		- blog ¹
+		- piwik ¹
+		- (www.)?pomoc ²
+
+	¹ Shows default page
+	² 404
+
+
+	Fully covered hosts in *hekko.pl:
+
+		- (www.)?
+		- poczta
+
+
+	Mixed content:
+
+		- Bugs, on:
+
+			- www from piwik.hekko.pl
+			- www from ipv6-test.com
+
+-->
+<ruleset name="hekko.pl (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="hekko.pl" />
+	<target host="poczta.hekko.pl" />
+	<target host="www.hekko.pl" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/HeliNY.com.xml b/src/chrome/content/rules/HeliNY.com.xml
new file mode 100644
index 000000000000..cfd7e06adb0e
--- /dev/null
+++ b/src/chrome/content/rules/HeliNY.com.xml
@@ -0,0 +1,17 @@
+<!--
+	Mixed content:
+
+		- Ad from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="HeliNY.com">
+
+	<target host="heliny.com" />
+	<target host="www.heliny.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Hell_Hole_Cheese_Factory.org.xml b/src/chrome/content/rules/Hell_Hole_Cheese_Factory.org.xml
new file mode 100644
index 000000000000..c035e52c748b
--- /dev/null
+++ b/src/chrome/content/rules/Hell_Hole_Cheese_Factory.org.xml
@@ -0,0 +1,19 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://hellholecheesefactory.org/ => https://hellholecheesefactory.org/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.hellholecheesefactory.org/ => https://www.hellholecheesefactory.org/: (60, 'SSL certificate problem: certificate has expired')
+
+Automatically by https-everywhere-checker because:
+Fetch error: http://hellholecheesefactory.org/ => https://hellholecheesefactory.org/: (51, "SSL: no alternative certificate subject name matches target host name 'hellholecheesefactory.org'")
+Fetch error: http://www.hellholecheesefactory.org/ => https://www.hellholecheesefactory.org/: (51, "SSL: no alternative certificate subject name matches target host name 'hellholecheesefactory.org'")
+-->
+<ruleset name="Hell Hole Cheese Factory.org" default_off="failed ruleset test">
+
+	<target host="hellholecheesefactory.org" />
+	<target host="www.hellholecheesefactory.org" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Heller-Information-Services.xml b/src/chrome/content/rules/Heller-Information-Services.xml
index 761007815f78..3ddb4ee55731 100644
--- a/src/chrome/content/rules/Heller-Information-Services.xml
+++ b/src/chrome/content/rules/Heller-Information-Services.xml
@@ -1,5 +1,5 @@
 <!--
-	Nonfunctiona subdomains:
+	Nonfunctional subdomains:
 
 		- info
 		- www	(cert: mail.his.com, expired)
@@ -8,15 +8,15 @@
 <ruleset name="Heller Information Services (partial)">
 
 	<target host="his.com" />
-	<target host="*.his.com" />
+	<target host="mail.his.com" />
+	<target host="webmail.his.com" />
 
 
-	<securecookie host="^(.*\.)?his\.com$" name=".*" />
+	<securecookie host=".+" name=".+" />
 
 
 	<!--	Over http, www redirects to info,
 		while !www redirects to zimbra/.	-->
-	<rule from="^http://(mail\.|webmail\.)?his\.com/"
-		to="https://$1his.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Hello-Bar.xml b/src/chrome/content/rules/Hello-Bar.xml
index 8ebda7f8a087..c300eebb971b 100644
--- a/src/chrome/content/rules/Hello-Bar.xml
+++ b/src/chrome/content/rules/Hello-Bar.xml
@@ -1,41 +1,47 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://hellobar.com/ => https://hellobar.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
 	CDN buckets:
 
 		- hb-assets.s3.amazonaws.com
 
+
+	Nonfunctional hosts in *hellobar.com:
+
+		- support *
+
+	* WP Engine
+
+
+	Problematic hosts in *hellobar.com:
+
+		- ping *
+
+	* Expired
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.hellobar.com
+
 -->
-<ruleset name="Hello Bar (partial)">
+<ruleset name="Hello Bar.com (partial)" default_off="failed ruleset test">
 
 	<target host="hellobar.com" />
-	<target host="*.hellobar.com" />
-		<!--
-			These paths 302 to http:
-
-				- $
-				- blogs$
-				- demo$
-
-		<exclusion pattern="^http://(www\.)?hellobar\.com/(blogs|demo)?$" /-->
-
-
-	<!--	These paths work:
-
-			- assets/
-			- files/
-			- [^/]+.js$
-			- solo$
-			- solo/$
-			- solo/[^/]+$
-			- solo/images/
-			- solo/javascripts/
-			- solo/styles/
-			- system/
-			- wp-includes/
+	<!--target host="ping.hellobar.com" /-->
+	<target host="www.hellobar.com" />
+
+
+	<!--	Not secured by server:
 					-->
-	<rule from="^http://(www\.)?hellobar\.com/([^/]+\.js(?:$|\?)|(?:assets|files|solo|system|wp-includes)/)"
-		to="https://$1hellobar.com/$2" />
+	<!--securecookie host="^www\.hellobar\.com$" name="^(?:_hellobar_session|adxs|vid)$" /-->
+
+	<securecookie host="^www\.hellobar\.com$" name=".+" />
+
 
-	<rule from="^http://ping\.hellobar\.com/"
-		to="https://ping.hellobar.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Hello-Neighbour.xml b/src/chrome/content/rules/Hello-Neighbour.xml
index dd7af153ca01..88d9780b467e 100644
--- a/src/chrome/content/rules/Hello-Neighbour.xml
+++ b/src/chrome/content/rules/Hello-Neighbour.xml
@@ -1,20 +1,28 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://helloneighbour.com/ => https://www.helloneighbour.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.helloneighbour.com'")
+Fetch error: http://www.helloneighbour.com/ => https://www.helloneighbour.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.helloneighbour.com'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://helloneighbour.com/ => https://www.helloneighbour.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.helloneighbour.com'")
+Fetch error: http://www.helloneighbour.com/ => https://www.helloneighbour.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.helloneighbour.com'")
 	Nonfunctional domains:
 
 		- (www.)askyourneighbour.ca	(ssl_error_rx_record_too_long)
 
 -->
-<ruleset name="Hello Neighbour">
+<ruleset name="Hello Neighbour" default_off="failed ruleset test">
 
 	<target host="helloneighbour.com" />
 	<target host="www.helloneighbour.com" />
 
 
-	<securecookie host="^www\.helloneighbour\.com$" name=".*" />
+	<securecookie host="^www\.helloneighbour\.com$" name=".+" />
 
 
 	<!--	Cert only matches www.	-->
-	<rule from="^https?://(?:www\.)?helloneighbour\.com/"
+	<rule from="^http://(?:www\.)?helloneighbour\.com/"
 		to="https://www.helloneighbour.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Hello.tokyo.xml b/src/chrome/content/rules/Hello.tokyo.xml
new file mode 100644
index 000000000000..7d11e2a39e9f
--- /dev/null
+++ b/src/chrome/content/rules/Hello.tokyo.xml
@@ -0,0 +1,18 @@
+<!--
+	(www.)?: Plaintext reply
+
+	For other GMO coverage, see GMO_Internet.xml.
+
+-->
+<ruleset name="hello.tokyo" default_off="plaintext reply">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="hello.tokyo" />
+	<target host="www.hello.tokyo" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/HelloLife.net.xml b/src/chrome/content/rules/HelloLife.net.xml
new file mode 100644
index 000000000000..cd3166b71290
--- /dev/null
+++ b/src/chrome/content/rules/HelloLife.net.xml
@@ -0,0 +1,28 @@
+<!--
+	For other Smart Living Network coverage, see Smart_Living_Network.com.xml.
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.hellolife.net
+
+-->
+<ruleset name="HelloLife.net">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="hellolife.net" />
+	<target host="www.hellolife.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.hellolife\.net$" name="^(HLID|HLSTAT|PHPSESSID)$" /-->
+
+	<securecookie host="^www\.hellolife\.net$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/HelloSign.com.xml b/src/chrome/content/rules/HelloSign.com.xml
new file mode 100644
index 000000000000..101711c80dbe
--- /dev/null
+++ b/src/chrome/content/rules/HelloSign.com.xml
@@ -0,0 +1,29 @@
+<!--
+	Nonfunctional subdomains:
+
+		- blog *
+
+	* Refused
+
+
+	Problematic subdomains:
+
+		- faq *
+
+	* Uservoice
+
+-->
+<ruleset name="HelloSign.com (partial)">
+
+	<target host="hellosign.com" />
+	<target host="www.hellosign.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<securecookie host="^\.www\.hellosign\.com$" name="^hf_ref$" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Hello_Bond.com.xml b/src/chrome/content/rules/Hello_Bond.com.xml
new file mode 100644
index 000000000000..d974bddf17dd
--- /dev/null
+++ b/src/chrome/content/rules/Hello_Bond.com.xml
@@ -0,0 +1,41 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://hellobond.com/ => https://hellobond.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://dev.hellobond.com/ => https://dev.hellobond.com/: (6, 'Could not resolve host: dev.hellobond.com')
+Fetch error: http://staging.hellobond.com/ => https://staging.hellobond.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.hellobond.com/ => https://www.hellobond.com/: (60, 'SSL certificate problem: certificate has expired')
+
+	Fully covered subdomains:
+
+		- (www.)?
+		- dev
+		- staging
+
+
+	Insecure cookies are set for these hosts:
+
+		- hellobond.com
+		- dev.hellobond.com
+		- staging.hellobond.com
+
+-->
+<ruleset name="Hello Bond.com" default_off="failed ruleset test">
+
+	<target host="hellobond.com" />
+	<target host="dev.hellobond.com" />
+	<target host="staging.hellobond.com" />
+	<target host="www.hellobond.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(dev\.|staging\.)?hellobond\.com$" name="^laravel_session$" /-->
+
+	<securecookie host="^(?:dev\.|staging\.)?hellobond\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Hello_Web_App.com.xml b/src/chrome/content/rules/Hello_Web_App.com.xml
new file mode 100644
index 000000000000..472e753b27c3
--- /dev/null
+++ b/src/chrome/content/rules/Hello_Web_App.com.xml
@@ -0,0 +1,41 @@
+<!--
+	Nonfunctional hosts in *hellowebapp.com:
+
+		- discuss *
+
+	* Refused
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- hellowebapp.com
+		- .hellowebapp.com
+
+
+	Mixed content:
+
+		- Images from static1.squarespace.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Hello Web App.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="hellowebapp.com" />
+	<target host="www.hellowebapp.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^hellowebapp\.com$" name="^(?:JSESSIONID|crumb)$" /-->
+	<!--securecookie host="^\.hellowebapp\.com$" name="^(?:__cfduid|SS_MID|cf_clearance)$" /-->
+
+	<securecookie host="^\.?hellowebapp\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Helmet.fi.xml b/src/chrome/content/rules/Helmet.fi.xml
new file mode 100644
index 000000000000..d014ac863cbc
--- /dev/null
+++ b/src/chrome/content/rules/Helmet.fi.xml
@@ -0,0 +1,18 @@
+<ruleset name="Helmet.fi">
+  <target host="haku.helmet.fi" />
+	<target host="luettelo.helmet.fi" />
+	<target host="www.helmet.fi" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.helmet\.fi$" name="^(III_ENCORE_PATRON|III_EXPT_FILE|III_SESSION_ID|SESSION_LANGUAGE)$" /-->
+	<!--securecookie host="^haku\.helmet\.fi$" name="^(ENCORE_INITIAL_PROTOCOL|jcontainerId)$" /-->
+	<!--securecookie host="^luettelo\.helmet\.fi$" name="^SESSION_SCOPE$" /-->
+	<!--securecookie host="^www\.helmet\.fi$" name="^(ASP\.NET_SessionId|HelmetLanguage)$" /-->
+
+	<securecookie host="^(?:haku|luettelo|www)?\.helmet\.fi$" name=".+" />
+
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Helmholtz-Zentrum-Berlin-for-Materials-and-Energy.xml b/src/chrome/content/rules/Helmholtz-Zentrum-Berlin-for-Materials-and-Energy.xml
index 5846276356f0..575b5629c7b3 100644
--- a/src/chrome/content/rules/Helmholtz-Zentrum-Berlin-for-Materials-and-Energy.xml
+++ b/src/chrome/content/rules/Helmholtz-Zentrum-Berlin-for-Materials-and-Energy.xml
@@ -1,12 +1,16 @@
-<ruleset name="Helmholtz-Zentrum Berlin for Materials and Energy">
+<!--
+	Helmholtz-Zentrum Berlin for Materials and Energy
+
+
+	^helmholtz-berlin.de doesn't exist.
+
+-->
+<ruleset name="Helmholtz-Berlin.de">
 
-	<target host="helmholtz-berlin.de" />
 	<target host="www.helmholtz-berlin.de" />
 
 
-	<!--	!www doesn't work over https,
-		redirects to www over http.	-->
-	<rule from="^https?://(?:www\.)?helmholtz-berlin\.de/"
-		to="https://www.helmholtz-berlin.de/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Helmich_IT-Security.xml b/src/chrome/content/rules/Helmich_IT-Security.xml
index 769d1e83ad5b..136853927587 100644
--- a/src/chrome/content/rules/Helmich_IT-Security.xml
+++ b/src/chrome/content/rules/Helmich_IT-Security.xml
@@ -7,7 +7,6 @@
 	<securecookie host="^www\.helmich\.de$" name=".+" />
 
 
-	<rule from="^http://(www\.)?helmich\.de/"
-		to="https://$1helmich.de/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/HelpOcean.xml b/src/chrome/content/rules/HelpOcean.xml
index 636d26da57fc..2ae53ed3a547 100644
--- a/src/chrome/content/rules/HelpOcean.xml
+++ b/src/chrome/content/rules/HelpOcean.xml
@@ -1,8 +1,14 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://helpocean.com/ => https://helpocean.com/: (51, "SSL: no alternative certificate subject name matches target host name 'helpocean.com'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://helpocean.com/ => https://helpocean.com/: (51, "SSL: no alternative certificate subject name matches target host name 'helpocean.com'")
 	Many in *.helpocean.com: clients
 
 -->
-<ruleset name="helpOcean">
+<ruleset name="helpOcean" default_off="failed ruleset test">
 
 	<target host="helpocean.com" />
 	<target host="*.helpocean.com" />
@@ -14,4 +20,4 @@
 	<rule from="^http://([\w\-]+\.)?helpocean\.com/"
 		to="https://$1helpocean.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/HelpOnClick.xml b/src/chrome/content/rules/HelpOnClick.xml
index fe82f62be62a..ecf90da4da2f 100644
--- a/src/chrome/content/rules/HelpOnClick.xml
+++ b/src/chrome/content/rules/HelpOnClick.xml
@@ -1,13 +1,12 @@
 <ruleset name="HelpOnClick">
 
 	<target host="helponclick.com" />
-	<target host="*.helponclick.com" />
+	<target host="www.helponclick.com" />
 
 
-	<securecookie host="^(?:.*\.)?helponclick\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(www\.)?helponclick\.com/"
-		to="https://$1helponclick.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/HelpSpot.xml b/src/chrome/content/rules/HelpSpot.xml
index 750b808a9c15..7f66292e0f39 100644
--- a/src/chrome/content/rules/HelpSpot.xml
+++ b/src/chrome/content/rules/HelpSpot.xml
@@ -1,13 +1,12 @@
 <ruleset name="HelpSpot">
 
 	<target host="helpspot.com" />
-	<target host="*.helpspot.com" />
+	<target host="www.helpspot.com" />
 
 
 	<securecookie host="^(?:www)?\.helpspot\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?helpspot\.com/"
-		to="https://$1helpspot.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Help_Scout.net.xml b/src/chrome/content/rules/Help_Scout.net.xml
new file mode 100644
index 000000000000..94c1d92f1ec5
--- /dev/null
+++ b/src/chrome/content/rules/Help_Scout.net.xml
@@ -0,0 +1,29 @@
+<!--
+	docs: works; mismatched, CN: *.helpscoutdocs.com
+
+
+	Mixed content:
+
+		- css on docs from d2x2losda9vsjs.cloudfront.net *
+
+	* Secured by us
+
+-->
+<ruleset name="Help Scout.net (partial)">
+
+	<target host="helpscout.net" />
+	<target host="secure.helpscout.net" />
+	<target host="www.helpscout.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^docs\.helpscout\.com$" name="^PLAY_SESSION$" /-->
+
+
+	<rule from="^http:" to="https:" />
+
+	<!--rule from="^http://docs\.helpscout\.net/"
+		to="https://helpscout.helpscoutdocs.com/" /-->
+
+</ruleset>
diff --git a/src/chrome/content/rules/Helpdocsonline.com.xml b/src/chrome/content/rules/Helpdocsonline.com.xml
new file mode 100644
index 000000000000..5aaffb348a9e
--- /dev/null
+++ b/src/chrome/content/rules/Helpdocsonline.com.xml
@@ -0,0 +1,36 @@
+<!--
+	Fully covered hosts:
+
+		- helpdocsonline.com
+		- *.helpdocsonline.com *
+
+	* Per-account hosts
+
+
+	Insecure cookies are set for these domains:
+
+		- .helpdocsonline.com
+
+-->
+<ruleset name="helpdocsonline.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="helpdocsonline.com" />
+	<target host="*.helpdocsonline.com" />
+
+		<test url="http://crossref.helpdocsonline.com/" />
+		<test url="http://mynexia.helpdocsonline.com/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.helpdocsonline\.com$" name="^helpiq_session$" /-->
+
+	<securecookie host="^\.helpdocsonline\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Helpjuice.xml b/src/chrome/content/rules/Helpjuice.xml
index fc74764e12c6..1c06985d2347 100644
--- a/src/chrome/content/rules/Helpjuice.xml
+++ b/src/chrome/content/rules/Helpjuice.xml
@@ -1,21 +1,36 @@
 <!--
-	Problematic subdomains:
+	Problematic hosts:
 
-		- (www.)	(redirects to http, mismatched)
+		- www.billing *
+
+	* Mismatched
+
+
+	Fully covered hosts:
+
+		- (www.)
+		- blog
+		- (www.)?billing	(www → ^)
 
 -->
-<ruleset name="Helpjuice (partial)">
+<ruleset name="Helpjuice.com">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="helpjuice.com" />
-	<target host="*.helpjuice.com" />
-	<target host="www.billing.helpjuice.com" />
+	<target host="blog.helpjuice.com" />
+	<target host="billing.helpjuice.com" />
+	<target host="www.helpjuice.com" />
 
+	<!--	Complications:
+				-->
+	<target host="www.billing.helpjuice.com" />
 
-	<rule from="^https?://(?:www\.)?helpjuice\.com/(image|stylesheet)s/"
-		to="https://billing.helpjuice.com/$1s/" />
 
+	<rule from="^http://www\.billing\.helpjuice\.com/"
+		to="https://billing.helpjuice.com/" />
 
-	<rule from="^http://(www\.)?billing\.helpjuice\.com/"
-		to="https://$1billing.helpjuice.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Helpshift.com.xml b/src/chrome/content/rules/Helpshift.com.xml
new file mode 100644
index 000000000000..28069a80da9f
--- /dev/null
+++ b/src/chrome/content/rules/Helpshift.com.xml
@@ -0,0 +1,48 @@
+<!--
+	Fully covered domains:
+
+		- helpshift.com
+
+		- [\w-]+.helpshift.com:
+
+			- developers
+			- gerrit
+			- s
+			- support
+			- www
+			- [\w-]+ *
+
+	* Per-account domains
+
+
+	Mixed content:
+
+		- Images on www from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Helpshift.com">
+
+	<target host="helpshift.com" />
+	<target host="*.helpshift.com" />
+
+		<test url="http://circa.helpshift.com/" />
+		<test url="http://developers.helpshift.com/" />
+		<test url="http://gerrit.helpshift.com/" />
+		<test url="http://s.helpshift.com/static/images/logos/powered-by-helpshift.png" />
+		<test url="http://support.helpshift.com/" />
+		<test url="http://www.helpshift.com/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:circa|support|www)\.helpshift\.com" name="^_csrf_token$" /-->
+
+	<securecookie host=".+\.helpshift\.com" name=".+" />
+
+
+	<rule from="^http://([\w-]+\.)?helpshift\.com/"
+		to="https://$1helpshift.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Helsingebilpleje.dk.xml b/src/chrome/content/rules/Helsingebilpleje.dk.xml
new file mode 100644
index 000000000000..9364058d5158
--- /dev/null
+++ b/src/chrome/content/rules/Helsingebilpleje.dk.xml
@@ -0,0 +1,11 @@
+<!--
+	Problematic domains:
+		- post ¹
+	¹: Mismatch
+-->
+<ruleset name="Helsingebilpleje.dk">
+	<target host="helsingebilpleje.dk" />
+	<target host="www.helsingebilpleje.dk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Helsingor.dk.xml b/src/chrome/content/rules/Helsingor.dk.xml
new file mode 100644
index 000000000000..2d1a2cd7640e
--- /dev/null
+++ b/src/chrome/content/rules/Helsingor.dk.xml
@@ -0,0 +1,16 @@
+<!--
+	Subdomains not covered:
+		- rotteanmeldelse¹
+		- webgis¹
+
+	¹: Refused
+-->
+<ruleset name="Helsingor.dk">
+	<target host="helsingor.dk" />
+	<target host="www.helsingor.dk" />
+
+	<securecookie host="\.?(www)?\.helsingor\.dk" name=".+" />
+
+	<rule from="^http://(www\.)?helsingor\.dk/"
+		to="https://www.helsingor.dk/" />
+</ruleset>
diff --git a/src/chrome/content/rules/Helsinki.xml b/src/chrome/content/rules/Helsinki.xml
index 372166b54cd5..6fc0f808190d 100644
--- a/src/chrome/content/rules/Helsinki.xml
+++ b/src/chrome/content/rules/Helsinki.xml
@@ -10,7 +10,6 @@
 	<target host="asiointi.hel.fi" />
 
 
-	<rule from="^http://asiointi\.hel\.fi/"
-		to="https://asiointi.hel.fi/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Hemk.es.xml b/src/chrome/content/rules/Hemk.es.xml
new file mode 100644
index 000000000000..d6bd978aa49d
--- /dev/null
+++ b/src/chrome/content/rules/Hemk.es.xml
@@ -0,0 +1,17 @@
+<!--
+
+	Problematic hosts in *hemk.es:
+
+		- andre (mismatched)
+
+-->
+<ruleset name="Hemk.es">
+
+	<target host="hemk.es" />
+	<target host="www.hemk.es" />
+	<target host="panel.hemk.es" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Heml.is.xml b/src/chrome/content/rules/Heml.is.xml
deleted file mode 100644
index 381abe0ace4e..000000000000
--- a/src/chrome/content/rules/Heml.is.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	Problematic subdomains:
-
-		- www	(cert only matches ^heml.is)
-
--->
-<ruleset name="Heml.is">
-
-	<target host="heml.is" />
-	<target host="www.heml.is" />
-
-
-	<securecookie host="^heml\.is$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?heml\.is/"
-		to="https://heml.is/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/HenchHerbivore.com.xml b/src/chrome/content/rules/HenchHerbivore.com.xml
new file mode 100644
index 000000000000..9bcecfe05e27
--- /dev/null
+++ b/src/chrome/content/rules/HenchHerbivore.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="HenchHerbivore.com">
+
+	<target host="henchherbivore.com" />
+	<target host="www.henchherbivore.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Hentai-Foundry.com.xml b/src/chrome/content/rules/Hentai-Foundry.com.xml
new file mode 100644
index 000000000000..8e8a40f896ed
--- /dev/null
+++ b/src/chrome/content/rules/Hentai-Foundry.com.xml
@@ -0,0 +1,33 @@
+<!--
+	Different HTTP/HTTPS content:
+		hentai-foundry.com
+
+	Invalid certificate:
+		pictures1.hentai-foundry.com
+		pictures10.hentai-foundry.com
+		rc.hentai-foundry.com
+		thumbs1.hentai-foundry.com
+		thumbs10.hentai-foundry.com
+
+-->
+<ruleset name="Hentai-Foundry.com">
+	<target host="hentai-foundry.com"/>
+	<target host="www.hentai-foundry.com"/>
+	<!-- Test URLs for avatars.hentai-foundry.com can be found at
+		https://www.hentai-foundry.com -->
+	<target host="avatars.hentai-foundry.com"/>
+	<target host="forums.hentai-foundry.com"/>
+	<target host="img.hentai-foundry.com"/>
+		<test url="http://img.hentai-foundry.com/themes/default/js/ads.js"/>
+	<!-- Test URLs for pictures.hentai-foundry.com can be found at
+		https://www.hentai-foundry.com > "Browse Submissions" -->
+	<target host="pictures.hentai-foundry.com"/>
+	<!-- Test URLs for profiles.hentai-foundry.com can be found in individual user pages at
+		https://www.hentai-foundry.com > "Browse Users" -->
+	<target host="profiles.hentai-foundry.com"/>
+	<target host="thumbs.hentai-foundry.com"/>
+		<test url="http://thumbs.hentai-foundry.com/robots.txt"/>
+
+	<rule from="^http://hentai-foundry\.com/" to="https://www.hentai-foundry.com/"/>
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/HentaiVerse.org.xml b/src/chrome/content/rules/HentaiVerse.org.xml
new file mode 100644
index 000000000000..daf693be6663
--- /dev/null
+++ b/src/chrome/content/rules/HentaiVerse.org.xml
@@ -0,0 +1,16 @@
+<!--
+	For other E-Hentai.org coverage see E-Hentai.org.xml
+
+	Mismatched:
+		- alt
+-->
+<ruleset name="HentaiVerse.org">
+	<target host="hentaiverse.org" />
+	<target host="www.hentaiverse.org" />
+	<target host="alt.hentaiverse.org" />
+
+	<rule from="^http://alt\.hentaiverse\.org/"
+		to="https://hentaiverse.org/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Hepe.com.xml b/src/chrome/content/rules/Hepe.com.xml
new file mode 100644
index 000000000000..b5f2eb9dcd38
--- /dev/null
+++ b/src/chrome/content/rules/Hepe.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="Hepe.com">
+
+	<target host="hepe.com" />
+	<target host="www.hepe.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Hepo.fi.xml b/src/chrome/content/rules/Hepo.fi.xml
new file mode 100644
index 000000000000..1ac4f50124ce
--- /dev/null
+++ b/src/chrome/content/rules/Hepo.fi.xml
@@ -0,0 +1,6 @@
+<ruleset name="Hepo.fi">
+  <target host="hepo.fi" />
+  <target host="www.hepo.fi" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Herald_Media.xml b/src/chrome/content/rules/Herald_Media.xml
index 6dcacefac361..c341a85354b1 100644
--- a/src/chrome/content/rules/Herald_Media.xml
+++ b/src/chrome/content/rules/Herald_Media.xml
@@ -22,10 +22,7 @@
 	<target host="res.heraldm.com" />
 
 
-	<rule from="^http://emember\.heraldcorp\.com/"
-		to="https://emember.heraldcorp.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-	<rule from="^http://res\.heraldm\.com/"
-		to="https://res.heraldm.com/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Herald_Times_Reporter.xml b/src/chrome/content/rules/Herald_Times_Reporter.xml
index 014887695375..a04ad2581452 100644
--- a/src/chrome/content/rules/Herald_Times_Reporter.xml
+++ b/src/chrome/content/rules/Herald_Times_Reporter.xml
@@ -1,4 +1,10 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://htrnews.com/ => https://www.htrnews.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.htrnews.com'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://htrnews.com/ => https://www.htrnews.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.htrnews.com'")
 	For other Gannett Company coverage, see Gannett-Company.xml.
 
 
@@ -9,19 +15,19 @@
 		- deals		(mismatched, CN: *.planetdiscover.com)
 
 -->
-<ruleset name="Herald Times Reporter">
+<ruleset name="Herald Times Reporter" default_off="failed ruleset test">
 
 	<target host="htrnews.com" />
 	<target host="*.htrnews.com" />
 
 
-	<rule from="^https?://(?:cmsimg\.|www\.)?htrnews\.com/"
+	<rule from="^http://(?:cmsimg\.|www\.)?htrnews\.com/"
 		to="https://www.htrnews.com/" />
 
-	<rule from="^https?://deals\.htrnews\.com/(?:$|\?.*)"
+	<rule from="^http://deals\.htrnews\.com/(?:$|\?.*)"
 		to="https://manitow.planetdiscover.com/sp?aff=1180" />
 
-	<rule from="^https?://deals\.htrnews\.com/"
+	<rule from="^http://deals\.htrnews\.com/"
 		to="https://manitow.planetdiscover.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Herbal-nutrition2.net.xml b/src/chrome/content/rules/Herbal-nutrition2.net.xml
index 4602deb3b82a..dc4952464f09 100644
--- a/src/chrome/content/rules/Herbal-nutrition2.net.xml
+++ b/src/chrome/content/rules/Herbal-nutrition2.net.xml
@@ -1,13 +1,19 @@
-<ruleset name="herbal-nutrition2.net">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://herbal-nutrition2.net/ => https://herbal-nutrition2.net/: Too many redirects while fetching 'https://herbal-nutrition2.net/'
+Fetch error: http://www.herbal-nutrition2.net/ => https://www.herbal-nutrition2.net/: Too many redirects while fetching 'https://www.herbal-nutrition2.net/'
+
+-->
+<ruleset name="herbal-nutrition2.net" default_off="failed ruleset test">
 
 	<target host="herbal-nutrition2.net" />
-	<target host="*.herbal-nutrition2.net" />
+	<target host="www.herbal-nutrition2.net" />
 
 
 	<securecookie host="^\.herbal-nutrition2\.net$" name=".+" />
 
 
-	<rule from="^http://(www\.)?herbal-nutrition2\.net/"
-		to="https://$1herbal-nutrition2.net/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Hercrentals.com.xml b/src/chrome/content/rules/Hercrentals.com.xml
new file mode 100644
index 000000000000..0af8f078c98e
--- /dev/null
+++ b/src/chrome/content/rules/Hercrentals.com.xml
@@ -0,0 +1,48 @@
+<!--
+	Non-functional subdomains:
+		- airwatch	(expired cert)
+		- autodiscover	(connection refused)
+		- css		(SSL handshake failed)
+		- g		(redirects to invalid www.g)
+		- ir		(SSL handshake failed)
+		- mft		(timeout)
+		- prdaemweb	(redirects to invalid www.prdaemweb)
+		- qaaem		(redirects to invalid www.qaaem)
+		- qaaemweb	(redirects to invalid www.qaaemweb)
+		- qasolr	(timeout)
+		- ra		(invalid certificate chain)
+		- rac		(invalid certificate chain)
+		- rad		(invalid certificate chain)
+		- sip		(mismatch hostname, CN: sipfed.online.lync.com)
+		- used		(mismatch hostname, CN: *.rousesales.com)
+		- vpn		(expired cert)
+		- vpnadmin	(timeout)
+
+-->
+<ruleset name="Herc Rentals">
+	<target host="hercrentals.com" />
+	<target host="www.hercrentals.com" />
+	<target host="sts.ad.hercrentals.com" />
+	<target host="aemweb.hercrentals.com" />
+	<target host="benefitsplus.hercrentals.com" />
+	<target host="careers.hercrentals.com" />
+	<target host="etrieve.hercrentals.com" />
+	<target host="etrievedev.hercrentals.com" />
+	<target host="etrieveqa.hercrentals.com" />
+	<target host="etrievestg.hercrentals.com" />
+	<target host="fleetweb.hercrentals.com" />
+	<target host="jenkins.hercrentals.com" />
+	<target host="procontrol.hercrentals.com" />
+	<target host="procontrolqa.hercrentals.com" />
+	<target host="procontrolstg.hercrentals.com" />
+	<target host="stgaemweb.hercrentals.com" />
+	<target host="stgintranet.hercrentals.com" />
+	<target host="stgwebsvc.hercrentals.com" />
+	<target host="webapp.hercrentals.com" />
+	<target host="websvc.hercrentals.com" />
+
+  	<securecookie host="^www\.hercrentals\.com$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/HerdProtect.com.xml b/src/chrome/content/rules/HerdProtect.com.xml
new file mode 100644
index 000000000000..c88bf8f99d54
--- /dev/null
+++ b/src/chrome/content/rules/HerdProtect.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .herdprotect.com
+
+-->
+<ruleset name="herdProtect.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="herdprotect.com" />
+	<target host="www.herdprotect.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.herdprotect\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Here.com.xml b/src/chrome/content/rules/Here.com.xml
index ab5185a0e369..fa2cb6b9900d 100644
--- a/src/chrome/content/rules/Here.com.xml
+++ b/src/chrome/content/rules/Here.com.xml
@@ -1,75 +1,60 @@
 <!--
-	For other Nokia coverage, see Nokia.xml.
+	For Nokia related rulesets, see
+		+ Nokia.xml
 
+	Non-functional hosts
+		Couldn't connect to server:
+		- dt.developer.here.com
+		- dv.developer.here.com
+		- st.developer.here.com
+		- static.here.com
 
-	CDN buckets:
-
-		- static.here.sc.edgesuite.net
-
-
-	Nonfunctional domains:
-
-		- here.com subdomains:
-
-			- ^ *
-			- static **
-			- stg.static **
-			- stg *
-
-		- static.here.sc *
-
-	* Redirects to http
-	** Redirects to here.com
-
-
-	Fully covered domains:
-
-		- here.com subdomains:
-
-			- developer
-			- qa.developer
-			- m
-			- stg.m
-
-		- developer.here.net
-
-
-	Observed cookie domains:
-
-		- here.com subdomains:
-
-			- ^
-			- developer
-			- m
-			- stg.m
-			- static
-			- stg.static
-			- stg
-
-		- developer.here.net
-
-
-	Mixed content:
-
-		- Images on m from [234].maps.nlp.nokia.com *
-
-	* Doesn't trip MCB
+		4xx client error:
+		- st.backstage.here.com
 
+		5xx server error:
+		- backstage.here.com
 -->
 <ruleset name="Here.com (partial)">
-
-	<target host="*.here.com" />
-	<target host="developer.here.net" />
-
-
-	<securecookie host="^(?:developer|m|stg\.m)\.here\.com$" name=".+" />
-	<securecookie host="^developer\.here\.net$" name=".+" />
-
-
-	<rule from="^http://((?:qa\.)?developer|m|stg\.m)\.here\.com/"
-		to="https://$1.here.com/" />
-
-	<rule from="^http://developer\.here\.net/"
-		to="https://developer.here.net/" />
-
+	<target host="here.com" />
+	<target host="www.here.com" />
+	<target host="access.here.com" />
+	<target host="account.here.com" />
+	<target host="share.cc.here.com" />
+	<target host="cms.here.com" />
+	<target host="lts.cms.here.com" />
+	<target host="companion.here.com" />
+	<target host="company.here.com" />
+	<target host="customlocation.here.com" />
+	<target host="datalens.here.com" />
+	<target host="nokia.datalens.here.com" />
+	<target host="developer.here.com" />
+	<target host="www.developer.here.com" />
+	<target host="dialin.here.com" />
+	<target host="e.here.com" />
+	<target host="enterprise.here.com" />
+	<target host="help.here.com" />
+	<target host="tnm.ext.here.com" />
+	<target host="jaguar.here.com" />
+	<target host="landrover.here.com" />
+	<target host="legal.here.com" />
+	<target host="lyncdiscover.here.com" />
+	<target host="m.here.com" />
+	<target host="stg.m.here.com" />
+	<target host="mapcreator.here.com" />
+	<target host="mapfeedback.here.com" />
+	<target host="maps.here.com" />
+	<target host="meet.here.com" />
+	<target host="mobile.here.com" />
+	<target host="pages.here.com" />
+	<target host="reporting.here.com" />
+	<target host="scheduler.here.com" />
+	<target host="share.here.com" />
+	<target host="trafficanalytics.here.com" />
+	<target host="authproxy.trafficanalytics.here.com" />
+	<target host="wego.here.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Herefordshire.gov.uk.xml b/src/chrome/content/rules/Herefordshire.gov.uk.xml
new file mode 100644
index 000000000000..38e5f78e54db
--- /dev/null
+++ b/src/chrome/content/rules/Herefordshire.gov.uk.xml
@@ -0,0 +1,71 @@
+<!--
+	Herefordshire Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *herefordshire.gov.uk:
+
+		- brianhatton ⁴
+		- hscb ⁴
+		- htt ⁴
+		- (www.)?surveys ⁴
+
+	404
+
+
+	Problematic hosts in *herefordshire.gov.uk:
+
+		- ^ ᵐ
+		- communities ᵉ
+		- consult ᵉ
+		- (www.)?newsroom ᵐ
+		- ptconsult ᵉ
+
+	ᵉ Expired
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- beta.herefordshire.gov.uk
+		- communities.herefordshire.gov.uk
+		- councillors.herefordshire.gov.uk
+		- .newsroom.herefordshire.gov.uk
+		- www.herefordshire.gov.uk
+
+
+	Mixed content:
+
+		- Bug on councillors from go.m-gov.eu ⁴
+
+	⁴ Unsecurable <= 404
+
+-->
+<ruleset name="Herefordshire.gov.uk (partial)">
+
+	<target host="herefordshire.gov.uk" />
+	<target host="councillors.herefordshire.gov.uk" />
+	<target host="factsandfigures.herefordshire.gov.uk" />
+	<target host="news.herefordshire.gov.uk" />
+	<target host="number4.herefordshire.gov.uk" />
+	<target host="www.herefordshire.gov.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:beta|councillors|www)\.herefordshire\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^communities\.herefordshire\.gov\.uk$" name="^(?:CFID|CFTOKEN|SPIDERLOGON)$" /-->
+	<!--securecookie host="^(?:pt)?consult\.herefordshire\.gov\.uk$" name="^(?:CFID|CFTOKEN)$" /-->
+	<!--securecookie host="^\.newsroom\.herefordshire\.gov\.uk$" name="^ARRAffinity$" /-->
+
+	<securecookie host="^\." name="^_gat?$" />
+	<securecookie host="^\w" name=".+" />
+
+	<rule from="^http://herefordshire\.gov\.uk/"
+			to="https://www.herefordshire.gov.uk/" />
+
+	<rule from="^http:"
+			to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Hereplus.me.xml b/src/chrome/content/rules/Hereplus.me.xml
new file mode 100644
index 000000000000..17d0c50cec36
--- /dev/null
+++ b/src/chrome/content/rules/Hereplus.me.xml
@@ -0,0 +1,25 @@
+<!--
+	^hereplus.me: Mismatched
+
+-->
+<ruleset name="Hereplus.me">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.hereplus.me" />
+
+	<!--	Complications:
+				-->
+	<target host="hereplus.me" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://hereplus\.me/"
+		to="https://www.hereplus.me/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Heritage.org.xml b/src/chrome/content/rules/Heritage.org.xml
new file mode 100644
index 000000000000..b0d387e05d19
--- /dev/null
+++ b/src/chrome/content/rules/Heritage.org.xml
@@ -0,0 +1,26 @@
+<!--
+	CDN buckets:
+
+		- wpc.2367.edgecastcdn.net/??2367/
+
+			- (www.)?
+
+
+	(www.)?: 404
+
+
+	Fully covered subdomains:
+
+		- secure
+		- shop
+
+-->
+<ruleset name="Heritage.org (partial)">
+
+	<target host="secure.heritage.org" />
+	<target host="shop.heritage.org" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/HeroX.com.xml b/src/chrome/content/rules/HeroX.com.xml
new file mode 100644
index 000000000000..9ef9da2e51fd
--- /dev/null
+++ b/src/chrome/content/rules/HeroX.com.xml
@@ -0,0 +1,18 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.herox.com/ => https://www.herox.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.herox.com'")
+
+-->
+<ruleset name="HeroX.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="herox.com" />
+	<target host="www.herox.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Heroku.xml b/src/chrome/content/rules/Heroku.xml
index 72818f3ed1f5..edfde582bac3 100644
--- a/src/chrome/content/rules/Heroku.xml
+++ b/src/chrome/content/rules/Heroku.xml
@@ -3,20 +3,21 @@
 
 		- prod-heroku.s3.amazonaws.com
 
+	www.*.herokuapp.com have a valid DNS record but host no content.
+
 -->
 <ruleset name="Heroku">
 
-	<target host="heroku.com" />
-	<target host="*.heroku.com" />
+	<target host="herokuapp.com" />
 	<target host="*.herokuapp.com" />
+		<test url="http://blog.herokuapp.com/" />
+		<test url="http://chempro101.herokuapp.com/" />
+		<test url="http://cosio.herokuapp.com/" />
+		<test url="http://voices.herokuapp.com/" />
 
+	<securecookie host="^[\w\-]+\.herokuapp\.com$" name=".+" />
 
-	<!--	Avoiding cross-domain cookies.
-						-->
-	<securecookie host="^[\w\-]+\.herokuapp\.com$" name=".*" />
-
-
-	<rule from="^http://([^/:@\.]+\.)?heroku(app)?\.com/"
-		to="https://$1heroku$2.com/" />
+	<rule from="^http://([\w-]+\.)?herokuapp\.com/"
+		to="https://$1herokuapp.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/HertfordshireConstabulary.xml b/src/chrome/content/rules/HertfordshireConstabulary.xml
new file mode 100644
index 000000000000..604a53bbaa63
--- /dev/null
+++ b/src/chrome/content/rules/HertfordshireConstabulary.xml
@@ -0,0 +1,19 @@
+<!--
+  For Hertfordshire Constabulary
+
+    Works:
+
+      - $
+      - www
+
+    Mismatch:
+
+      - snt.herts.police.uk
+
+-->
+<ruleset name="Hertfordshire Constabulary">
+  <target host="herts.police.uk" />
+  <target host="www.herts.police.uk" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Hertsdirect.org-falsemixed.xml b/src/chrome/content/rules/Hertsdirect.org-falsemixed.xml
new file mode 100644
index 000000000000..acaa244dbd91
--- /dev/null
+++ b/src/chrome/content/rules/Hertsdirect.org-falsemixed.xml
@@ -0,0 +1,20 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://drivertraining.hertsdirect.org/ => https://drivertraining.hertsdirect.org/: (51, "SSL: no alternative certificate subject name matches target host name 'drivertraining.hertsdirect.org'")
+
+	For rules not causing false/broken MCB, see Hertsdirect.org.xml.
+
+-->
+<ruleset name="hertsdirect.org (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
+
+	<target host="drivertraining.hertsdirect.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Hertsdirect.org.xml b/src/chrome/content/rules/Hertsdirect.org.xml
new file mode 100644
index 000000000000..cf0815a7fe1f
--- /dev/null
+++ b/src/chrome/content/rules/Hertsdirect.org.xml
@@ -0,0 +1,176 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://m.hertsdirect.org/css/responsiveslides_carousel.css => https://m.hertsdirect.org/css/responsiveslides_carousel.css: (28, 'Operation timed out after 30000 milliseconds with 0 bytes received')
+Fetch error: http://m.hertsdirect.org/images/interface/govmetric_orangeface28x28.gif => https://m.hertsdirect.org/images/interface/govmetric_orangeface28x28.gif: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+
+	Hertfordshire County Council
+
+	For rules causing false/broken MCB, see Hertsdirect.org-falsemixed.xml.
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *hertsdirect.org:
+
+		- calm ᵈ
+		- childhoodnews ᵈ
+		- directory ᵃ
+		- gisinfo ᵈ
+		- parentingcourses ᵃ
+		- webmaps ᵈ
+
+	ᵃ Shows another domain
+	ᵈ Dropped
+
+
+	Problematic hosts in *hertsdirect.org:
+
+		- ^ ᵐ
+		- cmis *
+		- drivertraining ˣ
+
+	* Redirect loop for /$
+	ᵐ Mismatched
+	ˣ Mixed css
+
+
+	Partially covered hosts in *hertsdirect.org:
+
+		- (www.)? ʰ
+		- childcarejobs ʰ
+		- m ʰ
+
+	ʰ Some pages redirect to http
+
+
+	Insecure cookies are set for these hosts:
+
+		- childcarejobs.hertsdirect.org
+		- drivertraining.hertsdirect.org
+		- savercards.hertsdirect.org
+
+
+	Mixed content:
+
+		- css on drivertraining from www.hertsdirect.org ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="hertsdirect.org (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="childcarejobs.hertsdirect.org" />
+	<target host="cmis.hertsdirect.org" />
+	<!--target host="drivertraining.hertsdirect.org" /-->
+	<target host="m.hertsdirect.org" />
+	<target host="savercards.hertsdirect.org" />
+	<target host="www.hertsdirect.org" />
+
+	<!--	Complications:
+				-->
+	<target host="hertsdirect.org" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://childcarejobs\.hertsdirect\.org/(?:default|helpdesk/default|younginherts/recruitment/vacancy/vacancySearch)\.aspx" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://childcarejobs\.hertsdirect\.org/+(?!(?:[Ll]ogin|Resources)\.aspx|css/|images/|younginherts/registration(?:$|[?/]))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://childcarejobs.hertsdirect.org/default.aspx" />
+			<test url="http://childcarejobs.hertsdirect.org/helpdesk/default.aspx" />
+			<test url="http://childcarejobs.hertsdirect.org/recruitment/vacancy/vacancyDetails.aspx?vacancyID=53332" />
+			<test url="http://childcarejobs.hertsdirect.org/recruitment/vacancy/vacancyDetails.aspx?vacancyID=53364" />
+			<test url="http://childcarejobs.hertsdirect.org/younginherts/recruitment/vacancy/vacancySearch.aspx" />
+			<test url="http://childcarejobs.hertsdirect.org/younginherts/recruitment/vacancy/vacancySearch.aspx?VacancyType=childcare" />
+			<test url="http://childcarejobs.hertsdirect.org/younginherts/recruitment/vacancy/vacancySearch.aspx?VacancyType=support" />
+
+			<!--	-ve:
+					-->
+			<test url="http://childcarejobs.hertsdirect.org/Contacts.aspx" />
+			<test url="http://childcarejobs.hertsdirect.org/Login.aspx" />
+			<test url="http://childcarejobs.hertsdirect.org/younginherts/registration/NoEmailAddress.aspx" />
+			<test url="http://childcarejobs.hertsdirect.org/younginherts/registration/termsandconditions.aspx" />
+			<test url="http://childcarejobs.hertsdirect.org/Resources.aspx" />
+
+		<!--	Redirect loop:
+						-->
+		<exclusion pattern="^http://cmis\.hertsdirect\.org/$" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://m\.hertsdirect\.org/(?:$|dist/|docs/pdf/)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://m\.hertsdirect\.org/+(?!css/|images/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://m.hertsdirect.org/dist/css/bootstrap_branch.css" />
+			<test url="http://m.hertsdirect.org/libraryeventtickets" />
+
+			<!--	-ve:
+					-->
+			<test url="http://m.hertsdirect.org/css/responsiveslides_carousel.css" />
+			<test url="http://m.hertsdirect.org/favicon.ico" />
+			<test url="http://m.hertsdirect.org/images/interface/govmetric_orangeface28x28.gif" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.hertsdirect\.org/(?:$|drivertraining/html/|services/$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://(?:www\.)?hertsdirect\.org/+(?!css/|droppedkerbs(?:$|[?/])|eservices/(?:analytics/|images/|scripts/.+\.css|styles/)|favicon\.ico|images/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.hertsdirect.org/accessibility/bslvideos/" />
+			<test url="http://www.hertsdirect.org/atozofservices/" />
+			<test url="http://www.hertsdirect.org/business/" />
+			<test url="http://www.hertsdirect.org/contact/" />
+			<test url="http://www.hertsdirect.org/drivertraining/html/styles/main.css" />
+			<test url="http://www.hertsdirect.org/help/" />
+			<test url="http://www.hertsdirect.org/importantnews/" />
+			<test url="http://www.hertsdirect.org/services/" />
+			<test url="http://www.hertsdirect.org/services/libraries/online/libapp/" />
+			<test url="http://www.hertsdirect.org/translations/" />
+			<test url="http://www.hertsdirect.org/your-community/" />
+			<test url="http://www.hertsdirect.org/your-council/" />
+
+			<!--	-ve:
+					-->
+			<test url="http://hertsdirect.org/css/events_calendar_style.css" />
+			<test url="http://www.hertsdirect.org/droppedkerbs" />
+			<test url="http://www.hertsdirect.org/eservices/analytics/piwik.php?idsite=1" />
+			<test url="http://www.hertsdirect.org/eservices/images/bg_nav.gif" />
+			<test url="http://www.hertsdirect.org/eservices/scripts/colorbox/example1/colorbox.css" />
+			<test url="http://www.hertsdirect.org/eservices/styles/jpecrga-default.css" />
+			<test url="http://www.hertsdirect.org/favicon.ico" />
+			<test url="http://www.hertsdirect.org/images/interface/bg_nearest_search_button.gif" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^childcarejobs\.hertsdirect\.org$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^drivertraining\.hertsdirect\.org$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^savercards\.hertsdirect\.org$" name="^BIGipServer" /-->
+
+	<securecookie host="^\." name="^_gat?$" />
+	<securecookie host="^(?!(?:childcarejobs|m|www)\.)\w" name=".+" />
+
+
+	<rule from="^http://hertsdirect\.org/"
+		to="https://www.hertsdirect.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Hertz-Australia.xml b/src/chrome/content/rules/Hertz-Australia.xml
new file mode 100644
index 000000000000..957fc544a63d
--- /dev/null
+++ b/src/chrome/content/rules/Hertz-Australia.xml
@@ -0,0 +1,59 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://www.hertz.com.au/ (200) => https://www.hertz.com.au/ (403)
+
+	Other Hertz rulesets:
+		- Hertz-Austria.xml
+		- Hertz-Bahrain.xml
+		- Hertz-Belgium.xml
+		- Hertz-Brazil.xml
+		- Hertz-Canada.xml
+		- Hertz-China.xml
+		- Hertz-Croatia.xml
+		- Hertz-Finland.xml
+		- Hertz-France.xml
+		- Hertz-Germany.xml
+		- Hertz-Hong-Kong.xml
+		- Hertz-Hungary.xml
+		- Hertz-Iceland.xml
+		- Hertz-Indonesia.xml
+		- Hertz-Ireland.xml
+		- Hertz-Italy.xml
+		- Hertz-Jordan.xml
+		- Hertz-Kuwait.xml
+		- Hertz-Netherlands.xml
+		- Hertz-New-Zealand.xml
+		- Hertz-Norway.xml
+		- Hertz-Poland.xml
+		- Hertz-Portugal.xml
+		- Hertz-Qatar.xml
+		- Hertz-Saudi-Arabia.xml
+		- Hertz-Slovenia.xml
+		- Hertz-South-Africa.xml
+		- Hertz-South-Korea.xml
+		- Hertz-Spain.xml
+		- Hertz-Sweden.xml
+		- Hertz-Switzerland.xml
+		- Hertz-Taiwan.xml
+		- Hertz-Thailand.xml
+		- Hertz-UAE.xml
+		- Hertz-UK.xml
+		- Hertz-US.xml
+
+	Non-functional domains:
+		- (www.)hertzrent2buy.com.au	(¹, CN: secure.cdsonline.com.au)
+		- (www.)hertzcarsales.com.au	(¹, CN: secure.cdsonline.com.au)
+		- (www.)hertzondemand.com.au	(¹, CN: *.gridserver.com, gridserver.com)
+		- (www.)flexicar.com.au		(available for certain pages only)
+
+	¹ hostname mismatch
+-->
+<ruleset name="Hertz Australia" default_off="failed ruleset test">
+	<target host="www.hertz.com.au" />
+	<target host=    "hertztrucks.com.au" />
+	<target host="www.hertztrucks.com.au" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Hertz-Austria.xml b/src/chrome/content/rules/Hertz-Austria.xml
new file mode 100644
index 000000000000..b3d5b253bdfb
--- /dev/null
+++ b/src/chrome/content/rules/Hertz-Austria.xml
@@ -0,0 +1,49 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://www.hertz.at/ (200) => https://www.hertz.at/ (403)
+
+	Other Hertz rulesets:
+		- Hertz-Australia.xml
+		- Hertz-Bahrain.xml
+		- Hertz-Belgium.xml
+		- Hertz-Brazil.xml
+		- Hertz-Canada.xml
+		- Hertz-China.xml
+		- Hertz-Croatia.xml
+		- Hertz-Finland.xml
+		- Hertz-France.xml
+		- Hertz-Germany.xml
+		- Hertz-Hong-Kong.xml
+		- Hertz-Hungary.xml
+		- Hertz-Iceland.xml
+		- Hertz-Indonesia.xml
+		- Hertz-Ireland.xml
+		- Hertz-Italy.xml
+		- Hertz-Jordan.xml
+		- Hertz-Kuwait.xml
+		- Hertz-Netherlands.xml
+		- Hertz-New-Zealand.xml
+		- Hertz-Norway.xml
+		- Hertz-Poland.xml
+		- Hertz-Portugal.xml
+		- Hertz-Qatar.xml
+		- Hertz-Saudi-Arabia.xml
+		- Hertz-Slovenia.xml
+		- Hertz-South-Africa.xml
+		- Hertz-South-Korea.xml
+		- Hertz-Spain.xml
+		- Hertz-Sweden.xml
+		- Hertz-Switzerland.xml
+		- Hertz-Taiwan.xml
+		- Hertz-Thailand.xml
+		- Hertz-UAE.xml
+		- Hertz-UK.xml
+		- Hertz-US.xml
+-->
+<ruleset name="Hertz Austria" default_off="failed ruleset test">
+	<target host="www.hertz.at" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Hertz-Bahrain.xml b/src/chrome/content/rules/Hertz-Bahrain.xml
new file mode 100644
index 000000000000..b80e68298b94
--- /dev/null
+++ b/src/chrome/content/rules/Hertz-Bahrain.xml
@@ -0,0 +1,45 @@
+<!--
+	Other Hertz rulesets:
+		- Hertz-Australia.xml
+		- Hertz-Austria.xml
+		- Hertz-Belgium.xml
+		- Hertz-Brazil.xml
+		- Hertz-Canada.xml
+		- Hertz-China.xml
+		- Hertz-Croatia.xml
+		- Hertz-Finland.xml
+		- Hertz-France.xml
+		- Hertz-Germany.xml
+		- Hertz-Hong-Kong.xml
+		- Hertz-Hungary.xml
+		- Hertz-Iceland.xml
+		- Hertz-Indonesia.xml
+		- Hertz-Ireland.xml
+		- Hertz-Italy.xml
+		- Hertz-Jordan.xml
+		- Hertz-Kuwait.xml
+		- Hertz-Netherlands.xml
+		- Hertz-New-Zealand.xml
+		- Hertz-Norway.xml
+		- Hertz-Poland.xml
+		- Hertz-Portugal.xml
+		- Hertz-Qatar.xml
+		- Hertz-Saudi-Arabia.xml
+		- Hertz-Slovenia.xml
+		- Hertz-South-Africa.xml
+		- Hertz-South-Korea.xml
+		- Hertz-Spain.xml
+		- Hertz-Sweden.xml
+		- Hertz-Switzerland.xml
+		- Hertz-Taiwan.xml
+		- Hertz-Thailand.xml
+		- Hertz-UAE.xml
+		- Hertz-UK.xml
+		- Hertz-US.xml
+-->
+<ruleset name="Hertz Bahrain">
+	<target host="www.hertz.bh" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Hertz-Belgium.xml b/src/chrome/content/rules/Hertz-Belgium.xml
new file mode 100644
index 000000000000..ab53b340545b
--- /dev/null
+++ b/src/chrome/content/rules/Hertz-Belgium.xml
@@ -0,0 +1,54 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://fr.hertz.be/ (200) => https://fr.hertz.be/ (403)
+Non-2xx HTTP code: http://nl.hertz.be/ (200) => https://nl.hertz.be/ (403)
+
+	Other Hertz rulesets:
+		- Hertz-Australia.xml
+		- Hertz-Austria.xml
+		- Hertz-Bahrain.xml
+		- Hertz-Brazil.xml
+		- Hertz-Canada.xml
+		- Hertz-China.xml
+		- Hertz-Croatia.xml
+		- Hertz-Finland.xml
+		- Hertz-France.xml
+		- Hertz-Germany.xml
+		- Hertz-Hong-Kong.xml
+		- Hertz-Hungary.xml
+		- Hertz-Iceland.xml
+		- Hertz-Indonesia.xml
+		- Hertz-Ireland.xml
+		- Hertz-Italy.xml
+		- Hertz-Jordan.xml
+		- Hertz-Kuwait.xml
+		- Hertz-Netherlands.xml
+		- Hertz-New-Zealand.xml
+		- Hertz-Norway.xml
+		- Hertz-Poland.xml
+		- Hertz-Portugal.xml
+		- Hertz-Qatar.xml
+		- Hertz-Saudi-Arabia.xml
+		- Hertz-Slovenia.xml
+		- Hertz-South-Africa.xml
+		- Hertz-South-Korea.xml
+		- Hertz-Spain.xml
+		- Hertz-Sweden.xml
+		- Hertz-Switzerland.xml
+		- Hertz-Taiwan.xml
+		- Hertz-Thailand.xml
+		- Hertz-UAE.xml
+		- Hertz-UK.xml
+		- Hertz-US.xml
+-->
+<ruleset name="Hertz Belgium" default_off="failed ruleset test">
+	<target host="fr.hertz.be" />
+	<target host="hertz247.be" />
+	<target host="nl.hertz.be" />
+	<target host="www.hertz247.be" />
+	<target host="www.hertz.be" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Hertz-Brazil.xml b/src/chrome/content/rules/Hertz-Brazil.xml
new file mode 100644
index 000000000000..8dff04058e01
--- /dev/null
+++ b/src/chrome/content/rules/Hertz-Brazil.xml
@@ -0,0 +1,48 @@
+<!--
+	Other Hertz rulesets:
+		- Hertz-Australia.xml
+		- Hertz-Austria.xml
+		- Hertz-Bahrain.xml
+		- Hertz-Belgium.xml
+		- Hertz-Canada.xml
+		- Hertz-China.xml
+		- Hertz-Croatia.xml
+		- Hertz-Finland.xml
+		- Hertz-France.xml
+		- Hertz-Germany.xml
+		- Hertz-Hong-Kong.xml
+		- Hertz-Hungary.xml
+		- Hertz-Iceland.xml
+		- Hertz-Indonesia.xml
+		- Hertz-Ireland.xml
+		- Hertz-Italy.xml
+		- Hertz-Jordan.xml
+		- Hertz-Kuwait.xml
+		- Hertz-Netherlands.xml
+		- Hertz-New-Zealand.xml
+		- Hertz-Norway.xml
+		- Hertz-Poland.xml
+		- Hertz-Portugal.xml
+		- Hertz-Qatar.xml
+		- Hertz-Saudi-Arabia.xml
+		- Hertz-Slovenia.xml
+		- Hertz-South-Africa.xml
+		- Hertz-South-Korea.xml
+		- Hertz-Spain.xml
+		- Hertz-Sweden.xml
+		- Hertz-Switzerland.xml
+		- Hertz-Taiwan.xml
+		- Hertz-Thailand.xml
+		- Hertz-UAE.xml
+		- Hertz-UK.xml
+		- Hertz-US.xml
+-->
+<ruleset name="Hertz Brazil" default_off="redirects to http">
+	<target host="www.hertzrent2buy.com.br" />
+	<target host="a1.hertzrent2buy.com.br" />
+	<target host="a2.hertzrent2buy.com.br" />
+	<target host="www.rent2buy.com.br" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Hertz-Canada.xml b/src/chrome/content/rules/Hertz-Canada.xml
new file mode 100644
index 000000000000..e783886901d5
--- /dev/null
+++ b/src/chrome/content/rules/Hertz-Canada.xml
@@ -0,0 +1,50 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://fr.hertz.ca/ (200) => https://fr.hertz.ca/ (403)
+
+	Other Hertz rulesets:
+		- Hertz-Australia.xml
+		- Hertz-Austria.xml
+		- Hertz-Bahrain.xml
+		- Hertz-Belgium.xml
+		- Hertz-Brazil.xml
+		- Hertz-China.xml
+		- Hertz-Croatia.xml
+		- Hertz-Finland.xml
+		- Hertz-France.xml
+		- Hertz-Germany.xml
+		- Hertz-Hong-Kong.xml
+		- Hertz-Hungary.xml
+		- Hertz-Iceland.xml
+		- Hertz-Indonesia.xml
+		- Hertz-Ireland.xml
+		- Hertz-Italy.xml
+		- Hertz-Jordan.xml
+		- Hertz-Kuwait.xml
+		- Hertz-Netherlands.xml
+		- Hertz-New-Zealand.xml
+		- Hertz-Norway.xml
+		- Hertz-Poland.xml
+		- Hertz-Portugal.xml
+		- Hertz-Qatar.xml
+		- Hertz-Saudi-Arabia.xml
+		- Hertz-Slovenia.xml
+		- Hertz-South-Africa.xml
+		- Hertz-South-Korea.xml
+		- Hertz-Spain.xml
+		- Hertz-Sweden.xml
+		- Hertz-Switzerland.xml
+		- Hertz-Taiwan.xml
+		- Hertz-Thailand.xml
+		- Hertz-UAE.xml
+		- Hertz-UK.xml
+		- Hertz-US.xml
+-->
+<ruleset name="Hertz Canda" default_off="failed ruleset test">
+	<target host="fr.hertz.ca" />
+	<target host="www.hertz.ca" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Hertz-China.xml b/src/chrome/content/rules/Hertz-China.xml
new file mode 100644
index 000000000000..062c8de46a78
--- /dev/null
+++ b/src/chrome/content/rules/Hertz-China.xml
@@ -0,0 +1,44 @@
+<!--
+	Other Hertz rulesets:
+		- Hertz-Australia.xml
+		- Hertz-Austria.xml
+		- Hertz-Bahrain.xml
+		- Hertz-Belgium.xml
+		- Hertz-Brazil.xml
+		- Hertz-Canada.xml
+		- Hertz-Croatia.xml
+		- Hertz-Finland.xml
+		- Hertz-France.xml
+		- Hertz-Germany.xml
+		- Hertz-Hong-Kong.xml
+		- Hertz-Hungary.xml
+		- Hertz-Iceland.xml
+		- Hertz-Indonesia.xml
+		- Hertz-Ireland.xml
+		- Hertz-Italy.xml
+		- Hertz-Jordan.xml
+		- Hertz-Kuwait.xml
+		- Hertz-Netherlands.xml
+		- Hertz-New-Zealand.xml
+		- Hertz-Norway.xml
+		- Hertz-Poland.xml
+		- Hertz-Portugal.xml
+		- Hertz-Qatar.xml
+		- Hertz-Saudi-Arabia.xml
+		- Hertz-Slovenia.xml
+		- Hertz-South-Africa.xml
+		- Hertz-South-Korea.xml
+		- Hertz-Spain.xml
+		- Hertz-Sweden.xml
+		- Hertz-Switzerland.xml
+		- Hertz-Taiwan.xml
+		- Hertz-Thailand.xml
+		- Hertz-UAE.xml
+		- Hertz-UK.xml
+		- Hertz-US.xml
+-->
+<ruleset name="Hertz China">
+	<target host="www.hertz.cn" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Hertz-Croatia.xml b/src/chrome/content/rules/Hertz-Croatia.xml
new file mode 100644
index 000000000000..06bcabaafdee
--- /dev/null
+++ b/src/chrome/content/rules/Hertz-Croatia.xml
@@ -0,0 +1,49 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.hertz.hr/ => https://www.hertz.hr/: (35, 'Unknown SSL protocol error in connection to www.hertz.hr:443 ')
+
+	Other Hertz rulesets:
+		- Hertz-Australia.xml
+		- Hertz-Austria.xml
+		- Hertz-Bahrain.xml
+		- Hertz-Belgium.xml
+		- Hertz-Brazil.xml
+		- Hertz-Canada.xml
+		- Hertz-China.xml
+		- Hertz-Finland.xml
+		- Hertz-France.xml
+		- Hertz-Germany.xml
+		- Hertz-Hong-Kong.xml
+		- Hertz-Hungary.xml
+		- Hertz-Iceland.xml
+		- Hertz-Indonesia.xml
+		- Hertz-Ireland.xml
+		- Hertz-Italy.xml
+		- Hertz-Jordan.xml
+		- Hertz-Kuwait.xml
+		- Hertz-Netherlands.xml
+		- Hertz-New-Zealand.xml
+		- Hertz-Norway.xml
+		- Hertz-Poland.xml
+		- Hertz-Portugal.xml
+		- Hertz-Qatar.xml
+		- Hertz-Saudi-Arabia.xml
+		- Hertz-Slovenia.xml
+		- Hertz-South-Africa.xml
+		- Hertz-South-Korea.xml
+		- Hertz-Spain.xml
+		- Hertz-Sweden.xml
+		- Hertz-Switzerland.xml
+		- Hertz-Taiwan.xml
+		- Hertz-Thailand.xml
+		- Hertz-UAE.xml
+		- Hertz-UK.xml
+		- Hertz-US.xml
+-->
+<ruleset name="Hertz Croatia" default_off="failed ruleset test">
+	<target host="www.hertz.hr" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Hertz-Finland.xml b/src/chrome/content/rules/Hertz-Finland.xml
new file mode 100644
index 000000000000..e3e4cefd30ac
--- /dev/null
+++ b/src/chrome/content/rules/Hertz-Finland.xml
@@ -0,0 +1,49 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://www.hertz.fi/ (200) => https://www.hertz.fi/ (403)
+
+	Other Hertz rulesets:
+		- Hertz-Australia.xml
+		- Hertz-Austria.xml
+		- Hertz-Bahrain.xml
+		- Hertz-Belgium.xml
+		- Hertz-Brazil.xml
+		- Hertz-Canada.xml
+		- Hertz-China.xml
+		- Hertz-Croatia.xml
+		- Hertz-France.xml
+		- Hertz-Germany.xml
+		- Hertz-Hong-Kong.xml
+		- Hertz-Hungary.xml
+		- Hertz-Iceland.xml
+		- Hertz-Indonesia.xml
+		- Hertz-Ireland.xml
+		- Hertz-Italy.xml
+		- Hertz-Jordan.xml
+		- Hertz-Kuwait.xml
+		- Hertz-Netherlands.xml
+		- Hertz-New-Zealand.xml
+		- Hertz-Norway.xml
+		- Hertz-Poland.xml
+		- Hertz-Portugal.xml
+		- Hertz-Qatar.xml
+		- Hertz-Saudi-Arabia.xml
+		- Hertz-Slovenia.xml
+		- Hertz-South-Africa.xml
+		- Hertz-South-Korea.xml
+		- Hertz-Spain.xml
+		- Hertz-Sweden.xml
+		- Hertz-Switzerland.xml
+		- Hertz-Taiwan.xml
+		- Hertz-Thailand.xml
+		- Hertz-UAE.xml
+		- Hertz-UK.xml
+		- Hertz-US.xml
+-->
+<ruleset name="Hertz Finland" default_off="failed ruleset test">
+	<target host="www.hertz.fi" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Hertz-France.xml b/src/chrome/content/rules/Hertz-France.xml
new file mode 100644
index 000000000000..3bc152a27ca8
--- /dev/null
+++ b/src/chrome/content/rules/Hertz-France.xml
@@ -0,0 +1,57 @@
+<!--
+	Other Hertz rulesets:
+		- Hertz-Australia.xml
+		- Hertz-Austria.xml
+		- Hertz-Bahrain.xml
+		- Hertz-Belgium.xml
+		- Hertz-Brazil.xml
+		- Hertz-Canada.xml
+		- Hertz-China.xml
+		- Hertz-Croatia.xml
+		- Hertz-Finland.xml
+		- Hertz-Germany.xml
+		- Hertz-Hong-Kong.xml
+		- Hertz-Hungary.xml
+		- Hertz-Iceland.xml
+		- Hertz-Indonesia.xml
+		- Hertz-Ireland.xml
+		- Hertz-Italy.xml
+		- Hertz-Jordan.xml
+		- Hertz-Kuwait.xml
+		- Hertz-Netherlands.xml
+		- Hertz-New-Zealand.xml
+		- Hertz-Norway.xml
+		- Hertz-Poland.xml
+		- Hertz-Portugal.xml
+		- Hertz-Qatar.xml
+		- Hertz-Saudi-Arabia.xml
+		- Hertz-Slovenia.xml
+		- Hertz-South-Africa.xml
+		- Hertz-South-Korea.xml
+		- Hertz-Spain.xml
+		- Hertz-Sweden.xml
+		- Hertz-Switzerland.xml
+		- Hertz-Taiwan.xml
+		- Hertz-Thailand.xml
+		- Hertz-UAE.xml
+		- Hertz-UK.xml
+		- Hertz-US.xml
+
+	Non-functional domains:
+		- (www.)hertzsupercars.fr		(self-signed)
+		- (www.)hertzequip.fr			(self-signed)
+		- (www.)hertzoccasions.fr		(redirect to http)
+		- (www.)trois-soleils.com		(timeout)
+		- a1.hertzoccasions.fr			(could not resolve host)
+		- a2.hertzoccasions.fr			(could not resolve host)
+		- (www.)hertzcamions.fr			(hostname mismatch)
+-->
+<ruleset name="Hertz France">
+	<target host="hertz247.fr" />
+	<target host="www.hertz247.fr" />
+	<target host="www.hertz.fr" />
+	<target host="www.hertzrent2buy.fr" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Hertz-Germany.xml b/src/chrome/content/rules/Hertz-Germany.xml
new file mode 100644
index 000000000000..c8444c86107d
--- /dev/null
+++ b/src/chrome/content/rules/Hertz-Germany.xml
@@ -0,0 +1,64 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://www.hertztrucks.de/ (200) => https://www.hertztrucks.de/ (403)
+
+	Other Hertz rulesets:
+		- Hertz-Australia.xml
+		- Hertz-Austria.xml
+		- Hertz-Bahrain.xml
+		- Hertz-Belgium.xml
+		- Hertz-Brazil.xml
+		- Hertz-Canada.xml
+		- Hertz-China.xml
+		- Hertz-Croatia.xml
+		- Hertz-Finland.xml
+		- Hertz-France.xml
+		- Hertz-Hong-Kong.xml
+		- Hertz-Hungary.xml
+		- Hertz-Iceland.xml
+		- Hertz-Indonesia.xml
+		- Hertz-Ireland.xml
+		- Hertz-Italy.xml
+		- Hertz-Jordan.xml
+		- Hertz-Kuwait.xml
+		- Hertz-Netherlands.xml
+		- Hertz-New-Zealand.xml
+		- Hertz-Norway.xml
+		- Hertz-Poland.xml
+		- Hertz-Portugal.xml
+		- Hertz-Qatar.xml
+		- Hertz-Saudi-Arabia.xml
+		- Hertz-Slovenia.xml
+		- Hertz-South-Africa.xml
+		- Hertz-South-Korea.xml
+		- Hertz-Spain.xml
+		- Hertz-Sweden.xml
+		- Hertz-Switzerland.xml
+		- Hertz-Taiwan.xml
+		- Hertz-Thailand.xml
+		- Hertz-UAE.xml
+		- Hertz-UK.xml
+		- Hertz-US.xml
+
+	Non-functional domains:
+		- de.hertzsupercars.com			(invalid hostname, CN: zestwaa9.miniserver.com)
+		- (www.)hertzgebrauchtwagen.de 	        (redirect to http)
+		- (www.)hertz-presse.de			(unknown protocol)
+		- a1.hertzgebrauchtwagen.de		(could not resolve host)
+		- a2.hertzgebrauchtwagen.de		(could not resolve host)
+		- wwwdeva.hertz.de			(could not resolve host)
+		- wwwpreproda.hertz.de			(could not resolve host)
+		- wwwquala.hertz.de			(could not resolve host)
+		- hertzondemand.de			(timeout)
+
+-->
+
+<ruleset name="Hertz Germany" default_off="failed ruleset test">
+	<target host="hertz247.de" />
+	<target host="www.hertz247.de" />
+	<target host="www.hertztrucks.de" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Hertz-Hong-Kong.xml b/src/chrome/content/rules/Hertz-Hong-Kong.xml
new file mode 100644
index 000000000000..40d46e74e190
--- /dev/null
+++ b/src/chrome/content/rules/Hertz-Hong-Kong.xml
@@ -0,0 +1,49 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://www.hertz.com.hk/ (200) => https://www.hertz.com.hk/ (403)
+
+	Other Hertz rulesets:
+		- Hertz-Australia.xml
+		- Hertz-Austria.xml
+		- Hertz-Bahrain.xml
+		- Hertz-Belgium.xml
+		- Hertz-Brazil.xml
+		- Hertz-Canada.xml
+		- Hertz-China.xml
+		- Hertz-Croatia.xml
+		- Hertz-Finland.xml
+		- Hertz-France.xml
+		- Hertz-Germany.xml
+		- Hertz-Hungary.xml
+		- Hertz-Iceland.xml
+		- Hertz-Indonesia.xml
+		- Hertz-Ireland.xml
+		- Hertz-Italy.xml
+		- Hertz-Jordan.xml
+		- Hertz-Kuwait.xml
+		- Hertz-Netherlands.xml
+		- Hertz-New-Zealand.xml
+		- Hertz-Norway.xml
+		- Hertz-Poland.xml
+		- Hertz-Portugal.xml
+		- Hertz-Qatar.xml
+		- Hertz-Saudi-Arabia.xml
+		- Hertz-Slovenia.xml
+		- Hertz-South-Africa.xml
+		- Hertz-South-Korea.xml
+		- Hertz-Spain.xml
+		- Hertz-Sweden.xml
+		- Hertz-Switzerland.xml
+		- Hertz-Taiwan.xml
+		- Hertz-Thailand.xml
+		- Hertz-UAE.xml
+		- Hertz-UK.xml
+		- Hertz-US.xml
+-->
+<ruleset name="Hertz Hong Kong" default_off="failed ruleset test">
+	<target host="www.hertz.com.hk" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Hertz-Hungary.xml b/src/chrome/content/rules/Hertz-Hungary.xml
new file mode 100644
index 000000000000..9b17aa3ed028
--- /dev/null
+++ b/src/chrome/content/rules/Hertz-Hungary.xml
@@ -0,0 +1,45 @@
+<!--
+	Other Hertz rulesets:
+		- Hertz-Australia.xml
+		- Hertz-Austria.xml
+		- Hertz-Bahrain.xml
+		- Hertz-Belgium.xml
+		- Hertz-Brazil.xml
+		- Hertz-Canada.xml
+		- Hertz-China.xml
+		- Hertz-Croatia.xml
+		- Hertz-Finland.xml
+		- Hertz-France.xml
+		- Hertz-Germany.xml
+		- Hertz-Hong-Kong.xml
+		- Hertz-Iceland.xml
+		- Hertz-Indonesia.xml
+		- Hertz-Ireland.xml
+		- Hertz-Italy.xml
+		- Hertz-Jordan.xml
+		- Hertz-Kuwait.xml
+		- Hertz-Netherlands.xml
+		- Hertz-New-Zealand.xml
+		- Hertz-Norway.xml
+		- Hertz-Poland.xml
+		- Hertz-Portugal.xml
+		- Hertz-Qatar.xml
+		- Hertz-Saudi-Arabia.xml
+		- Hertz-Slovenia.xml
+		- Hertz-South-Africa.xml
+		- Hertz-South-Korea.xml
+		- Hertz-Spain.xml
+		- Hertz-Sweden.xml
+		- Hertz-Switzerland.xml
+		- Hertz-Taiwan.xml
+		- Hertz-Thailand.xml
+		- Hertz-UAE.xml
+		- Hertz-UK.xml
+		- Hertz-US.xml
+-->
+<ruleset name="Hertz Hungary">
+	<target host="www.hertz.hu" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Hertz-Iceland.xml b/src/chrome/content/rules/Hertz-Iceland.xml
new file mode 100644
index 000000000000..632d70bee32f
--- /dev/null
+++ b/src/chrome/content/rules/Hertz-Iceland.xml
@@ -0,0 +1,46 @@
+<!--
+	Other Hertz rulesets:
+		- Hertz-Australia.xml
+		- Hertz-Austria.xml
+		- Hertz-Bahrain.xml
+		- Hertz-Belgium.xml
+		- Hertz-Brazil.xml
+		- Hertz-Canada.xml
+		- Hertz-China.xml
+		- Hertz-Croatia.xml
+		- Hertz-Finland.xml
+		- Hertz-France.xml
+		- Hertz-Germany.xml
+		- Hertz-Hong-Kong.xml
+		- Hertz-Hungary.xml
+		- Hertz-Indonesia.xml
+		- Hertz-Ireland.xml
+		- Hertz-Italy.xml
+		- Hertz-Jordan.xml
+		- Hertz-Kuwait.xml
+		- Hertz-Netherlands.xml
+		- Hertz-New-Zealand.xml
+		- Hertz-Norway.xml
+		- Hertz-Poland.xml
+		- Hertz-Portugal.xml
+		- Hertz-Qatar.xml
+		- Hertz-Saudi-Arabia.xml
+		- Hertz-Slovenia.xml
+		- Hertz-South-Africa.xml
+		- Hertz-South-Korea.xml
+		- Hertz-Spain.xml
+		- Hertz-Sweden.xml
+		- Hertz-Switzerland.xml
+		- Hertz-Taiwan.xml
+		- Hertz-Thailand.xml
+		- Hertz-UAE.xml
+		- Hertz-UK.xml
+		- Hertz-US.xml
+-->
+<ruleset name="Hertz Iceland">
+	<target host="hertz247.is" />
+	<target host="www.hertz247.is" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Hertz-Indonesia.xml b/src/chrome/content/rules/Hertz-Indonesia.xml
new file mode 100644
index 000000000000..10848766ad62
--- /dev/null
+++ b/src/chrome/content/rules/Hertz-Indonesia.xml
@@ -0,0 +1,49 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://www.hertz.co.id/ (200) => https://www.hertz.co.id/ (403)
+
+	Other Hertz rulesets:
+		- Hertz-Australia.xml
+		- Hertz-Austria.xml
+		- Hertz-Bahrain.xml
+		- Hertz-Belgium.xml
+		- Hertz-Brazil.xml
+		- Hertz-Canada.xml
+		- Hertz-China.xml
+		- Hertz-Croatia.xml
+		- Hertz-Finland.xml
+		- Hertz-France.xml
+		- Hertz-Germany.xml
+		- Hertz-Hong-Kong.xml
+		- Hertz-Hungary.xml
+		- Hertz-Iceland.xml
+		- Hertz-Ireland.xml
+		- Hertz-Italy.xml
+		- Hertz-Jordan.xml
+		- Hertz-Kuwait.xml
+		- Hertz-Netherlands.xml
+		- Hertz-New-Zealand.xml
+		- Hertz-Norway.xml
+		- Hertz-Poland.xml
+		- Hertz-Portugal.xml
+		- Hertz-Qatar.xml
+		- Hertz-Saudi-Arabia.xml
+		- Hertz-Slovenia.xml
+		- Hertz-South-Africa.xml
+		- Hertz-South-Korea.xml
+		- Hertz-Spain.xml
+		- Hertz-Sweden.xml
+		- Hertz-Switzerland.xml
+		- Hertz-Taiwan.xml
+		- Hertz-Thailand.xml
+		- Hertz-UAE.xml
+		- Hertz-UK.xml
+		- Hertz-US.xml
+-->
+<ruleset name="Hertz Indonesia" default_off="failed ruleset test">
+	<target host="www.hertz.co.id" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Hertz-Ireland.xml b/src/chrome/content/rules/Hertz-Ireland.xml
new file mode 100644
index 000000000000..392e09f476d8
--- /dev/null
+++ b/src/chrome/content/rules/Hertz-Ireland.xml
@@ -0,0 +1,51 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://www.hertz.ie/ (200) => https://www.hertz.ie/ (403)
+
+	Other Hertz rulesets:
+		- Hertz-Australia.xml
+		- Hertz-Austria.xml
+		- Hertz-Bahrain.xml
+		- Hertz-Belgium.xml
+		- Hertz-Brazil.xml
+		- Hertz-Canada.xml
+		- Hertz-China.xml
+		- Hertz-Croatia.xml
+		- Hertz-Finland.xml
+		- Hertz-France.xml
+		- Hertz-Germany.xml
+		- Hertz-Hong-Kong.xml
+		- Hertz-Hungary.xml
+		- Hertz-Iceland.xml
+		- Hertz-Indonesia.xml
+		- Hertz-Italy.xml
+		- Hertz-Jordan.xml
+		- Hertz-Kuwait.xml
+		- Hertz-Netherlands.xml
+		- Hertz-New-Zealand.xml
+		- Hertz-Norway.xml
+		- Hertz-Poland.xml
+		- Hertz-Portugal.xml
+		- Hertz-Qatar.xml
+		- Hertz-Saudi-Arabia.xml
+		- Hertz-Slovenia.xml
+		- Hertz-South-Africa.xml
+		- Hertz-South-Korea.xml
+		- Hertz-Spain.xml
+		- Hertz-Sweden.xml
+		- Hertz-Switzerland.xml
+		- Hertz-Taiwan.xml
+		- Hertz-Thailand.xml
+		- Hertz-UAE.xml
+		- Hertz-UK.xml
+		- Hertz-US.xml
+-->
+<ruleset name="Hertz Ireland" default_off="failed ruleset test">
+	<target host="hertz247.ie" />
+	<target host="www.hertz247.ie" />
+	<target host="www.hertz.ie" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Hertz-Italy.xml b/src/chrome/content/rules/Hertz-Italy.xml
new file mode 100644
index 000000000000..28f512f91e4f
--- /dev/null
+++ b/src/chrome/content/rules/Hertz-Italy.xml
@@ -0,0 +1,60 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://www.hertz.it/ (200) => https://www.hertz.it/ (403)
+
+	Other Hertz rulesets:
+		- Hertz-Australia.xml
+		- Hertz-Austria.xml
+		- Hertz-Bahrain.xml
+		- Hertz-Belgium.xml
+		- Hertz-Brazil.xml
+		- Hertz-Canada.xml
+		- Hertz-China.xml
+		- Hertz-Croatia.xml
+		- Hertz-Finland.xml
+		- Hertz-France.xml
+		- Hertz-Germany.xml
+		- Hertz-Hong-Kong.xml
+		- Hertz-Hungary.xml
+		- Hertz-Iceland.xml
+		- Hertz-Indonesia.xml
+		- Hertz-Ireland.xml
+		- Hertz-Jordan.xml
+		- Hertz-Kuwait.xml
+		- Hertz-Netherlands.xml
+		- Hertz-New-Zealand.xml
+		- Hertz-Norway.xml
+		- Hertz-Poland.xml
+		- Hertz-Portugal.xml
+		- Hertz-Qatar.xml
+		- Hertz-Saudi-Arabia.xml
+		- Hertz-Slovenia.xml
+		- Hertz-South-Africa.xml
+		- Hertz-South-Korea.xml
+		- Hertz-Spain.xml
+		- Hertz-Sweden.xml
+		- Hertz-Switzerland.xml
+		- Hertz-Taiwan.xml
+		- Hertz-Thailand.xml
+		- Hertz-UAE.xml
+		- Hertz-UK.xml
+		- Hertz-US.xml
+
+	Non-functional domains:
+		- it.hertzsupercars.com		(invalid hostname, CN: zestwaa9.miniserver.com)
+		- (www.)hertzrent2buy.it	(redirect to http)
+		- (www.)hertz30.it			(connection refused)
+		- a1.hertzrent2buy.it		(could not resolve host)
+		- a2.hertzrent2buy.it		(could not resolve host)
+		- (www.)hertzusato.it		(self-signed)
+-->
+
+<ruleset name="Hertz Italy" default_off="failed ruleset test">
+	<target host="hertz247.it" />
+	<target host="www.hertz247.it" />
+	<target host="www.hertz.it" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Hertz-Jordan.xml b/src/chrome/content/rules/Hertz-Jordan.xml
new file mode 100644
index 000000000000..0efae91678b2
--- /dev/null
+++ b/src/chrome/content/rules/Hertz-Jordan.xml
@@ -0,0 +1,46 @@
+<!--
+	Other Hertz rulesets:
+		- Hertz-Australia.xml
+		- Hertz-Austria.xml
+		- Hertz-Bahrain.xml
+		- Hertz-Belgium.xml
+		- Hertz-Brazil.xml
+		- Hertz-Canada.xml
+		- Hertz-China.xml
+		- Hertz-Croatia.xml
+		- Hertz-Finland.xml
+		- Hertz-France.xml
+		- Hertz-Germany.xml
+		- Hertz-Hong-Kong.xml
+		- Hertz-Hungary.xml
+		- Hertz-Iceland.xml
+		- Hertz-Indonesia.xml
+		- Hertz-Ireland.xml
+		- Hertz-Italy.xml
+		- Hertz-Kuwait.xml
+		- Hertz-Netherlands.xml
+		- Hertz-New-Zealand.xml
+		- Hertz-Norway.xml
+		- Hertz-Poland.xml
+		- Hertz-Portugal.xml
+		- Hertz-Qatar.xml
+		- Hertz-Saudi-Arabia.xml
+		- Hertz-Slovenia.xml
+		- Hertz-South-Africa.xml
+		- Hertz-South-Korea.xml
+		- Hertz-Spain.xml
+		- Hertz-Sweden.xml
+		- Hertz-Switzerland.xml
+		- Hertz-Taiwan.xml
+		- Hertz-Thailand.xml
+		- Hertz-UAE.xml
+		- Hertz-UK.xml
+		- Hertz-US.xml
+-->
+<ruleset name="Hertz Jordan">
+	<target host="www.hertz.com.jo" />
+	<target host="www.hertz.jo" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Hertz-Kuwait.xml b/src/chrome/content/rules/Hertz-Kuwait.xml
new file mode 100644
index 000000000000..ebda6abc1205
--- /dev/null
+++ b/src/chrome/content/rules/Hertz-Kuwait.xml
@@ -0,0 +1,49 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://www.hertz.com.kw/ (200) => https://www.hertz.com.kw/ (403)
+
+	Other Hertz rulesets:
+		- Hertz-Australia.xml
+		- Hertz-Austria.xml
+		- Hertz-Bahrain.xml
+		- Hertz-Belgium.xml
+		- Hertz-Brazil.xml
+		- Hertz-Canada.xml
+		- Hertz-China.xml
+		- Hertz-Croatia.xml
+		- Hertz-Finland.xml
+		- Hertz-France.xml
+		- Hertz-Germany.xml
+		- Hertz-Hong-Kong.xml
+		- Hertz-Hungary.xml
+		- Hertz-Iceland.xml
+		- Hertz-Indonesia.xml
+		- Hertz-Ireland.xml
+		- Hertz-Italy.xml
+		- Hertz-Jordan.xml
+		- Hertz-Netherlands.xml
+		- Hertz-New-Zealand.xml
+		- Hertz-Norway.xml
+		- Hertz-Poland.xml
+		- Hertz-Portugal.xml
+		- Hertz-Qatar.xml
+		- Hertz-Saudi-Arabia.xml
+		- Hertz-Slovenia.xml
+		- Hertz-South-Africa.xml
+		- Hertz-South-Korea.xml
+		- Hertz-Spain.xml
+		- Hertz-Sweden.xml
+		- Hertz-Switzerland.xml
+		- Hertz-Taiwan.xml
+		- Hertz-Thailand.xml
+		- Hertz-UAE.xml
+		- Hertz-UK.xml
+		- Hertz-US.xml
+-->
+<ruleset name="Hertz Kuwait" default_off="failed ruleset test">
+	<target host="www.hertz.com.kw" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Hertz-Netherlands.xml b/src/chrome/content/rules/Hertz-Netherlands.xml
new file mode 100644
index 000000000000..ea82e3857559
--- /dev/null
+++ b/src/chrome/content/rules/Hertz-Netherlands.xml
@@ -0,0 +1,54 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://www.hertz.nl/ (200) => https://www.hertz.nl/ (403)
+
+	Other Hertz rulesets:
+		- Hertz-Australia.xml
+		- Hertz-Austria.xml
+		- Hertz-Bahrain.xml
+		- Hertz-Belgium.xml
+		- Hertz-Brazil.xml
+		- Hertz-Canada.xml
+		- Hertz-China.xml
+		- Hertz-Croatia.xml
+		- Hertz-Finland.xml
+		- Hertz-France.xml
+		- Hertz-Germany.xml
+		- Hertz-Hong-Kong.xml
+		- Hertz-Hungary.xml
+		- Hertz-Iceland.xml
+		- Hertz-Indonesia.xml
+		- Hertz-Ireland.xml
+		- Hertz-Italy.xml
+		- Hertz-Jordan.xml
+		- Hertz-Kuwait.xml
+		- Hertz-New-Zealand.xml
+		- Hertz-Norway.xml
+		- Hertz-Poland.xml
+		- Hertz-Portugal.xml
+		- Hertz-Qatar.xml
+		- Hertz-Saudi-Arabia.xml
+		- Hertz-Slovenia.xml
+		- Hertz-South-Africa.xml
+		- Hertz-South-Korea.xml
+		- Hertz-Spain.xml
+		- Hertz-Sweden.xml
+		- Hertz-Switzerland.xml
+		- Hertz-Taiwan.xml
+		- Hertz-Thailand.xml
+		- Hertz-UAE.xml
+		- Hertz-UK.xml
+		- Hertz-US.xml
+
+	Non-functional domains:
+		- (www.)minilease.nl	(connection refused)
+-->
+<ruleset name="Hertz Netherlands" default_off="failed ruleset test">
+	<target host="hertz247.nl" />
+	<target host="www.hertz247.nl" />
+	<target host="www.hertz.nl" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Hertz-New-Zealand.xml b/src/chrome/content/rules/Hertz-New-Zealand.xml
new file mode 100644
index 000000000000..5c06a382e22b
--- /dev/null
+++ b/src/chrome/content/rules/Hertz-New-Zealand.xml
@@ -0,0 +1,49 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://www.hertz.co.nz/ (200) => https://www.hertz.co.nz/ (403)
+
+	Other Hertz rulesets:
+		- Hertz-Australia.xml
+		- Hertz-Austria.xml
+		- Hertz-Bahrain.xml
+		- Hertz-Belgium.xml
+		- Hertz-Brazil.xml
+		- Hertz-Canada.xml
+		- Hertz-China.xml
+		- Hertz-Croatia.xml
+		- Hertz-Finland.xml
+		- Hertz-France.xml
+		- Hertz-Germany.xml
+		- Hertz-Hong-Kong.xml
+		- Hertz-Hungary.xml
+		- Hertz-Iceland.xml
+		- Hertz-Indonesia.xml
+		- Hertz-Ireland.xml
+		- Hertz-Italy.xml
+		- Hertz-Jordan.xml
+		- Hertz-Kuwait.xml
+		- Hertz-Netherlands.xml
+		- Hertz-Norway.xml
+		- Hertz-Poland.xml
+		- Hertz-Portugal.xml
+		- Hertz-Qatar.xml
+		- Hertz-Saudi-Arabia.xml
+		- Hertz-Slovenia.xml
+		- Hertz-South-Africa.xml
+		- Hertz-South-Korea.xml
+		- Hertz-Spain.xml
+		- Hertz-Sweden.xml
+		- Hertz-Switzerland.xml
+		- Hertz-Taiwan.xml
+		- Hertz-Thailand.xml
+		- Hertz-UAE.xml
+		- Hertz-UK.xml
+		- Hertz-US.xml
+-->
+<ruleset name="Hertz New Zealand" default_off="failed ruleset test">
+	<target host="www.hertz.co.nz" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Hertz-Norway.xml b/src/chrome/content/rules/Hertz-Norway.xml
new file mode 100644
index 000000000000..8e8d0b80c68c
--- /dev/null
+++ b/src/chrome/content/rules/Hertz-Norway.xml
@@ -0,0 +1,49 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://www.hertz.no/ (200) => https://www.hertz.no/ (403)
+
+	Other Hertz rulesets:
+		- Hertz-Australia.xml
+		- Hertz-Austria.xml
+		- Hertz-Bahrain.xml
+		- Hertz-Belgium.xml
+		- Hertz-Brazil.xml
+		- Hertz-Canada.xml
+		- Hertz-China.xml
+		- Hertz-Croatia.xml
+		- Hertz-Finland.xml
+		- Hertz-France.xml
+		- Hertz-Germany.xml
+		- Hertz-Hong-Kong.xml
+		- Hertz-Hungary.xml
+		- Hertz-Iceland.xml
+		- Hertz-Indonesia.xml
+		- Hertz-Ireland.xml
+		- Hertz-Italy.xml
+		- Hertz-Jordan.xml
+		- Hertz-Kuwait.xml
+		- Hertz-Netherlands.xml
+		- Hertz-New-Zealand.xml
+		- Hertz-Poland.xml
+		- Hertz-Portugal.xml
+		- Hertz-Qatar.xml
+		- Hertz-Saudi-Arabia.xml
+		- Hertz-Slovenia.xml
+		- Hertz-South-Africa.xml
+		- Hertz-South-Korea.xml
+		- Hertz-Spain.xml
+		- Hertz-Sweden.xml
+		- Hertz-Switzerland.xml
+		- Hertz-Taiwan.xml
+		- Hertz-Thailand.xml
+		- Hertz-UAE.xml
+		- Hertz-UK.xml
+		- Hertz-US.xml
+-->
+<ruleset name="Hertz Norway" default_off="failed ruleset test">
+	<target host="www.hertz.no" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Hertz-Poland.xml b/src/chrome/content/rules/Hertz-Poland.xml
new file mode 100644
index 000000000000..a07478bf4c03
--- /dev/null
+++ b/src/chrome/content/rules/Hertz-Poland.xml
@@ -0,0 +1,50 @@
+<!--
+	Other Hertz rulesets:
+		- Hertz-Australia.xml
+		- Hertz-Austria.xml
+		- Hertz-Bahrain.xml
+		- Hertz-Belgium.xml
+		- Hertz-Brazil.xml
+		- Hertz-Canada.xml
+		- Hertz-China.xml
+		- Hertz-Croatia.xml
+		- Hertz-Finland.xml
+		- Hertz-France.xml
+		- Hertz-Germany.xml
+		- Hertz-Hong-Kong.xml
+		- Hertz-Hungary.xml
+		- Hertz-Iceland.xml
+		- Hertz-Indonesia.xml
+		- Hertz-Ireland.xml
+		- Hertz-Italy.xml
+		- Hertz-Jordan.xml
+		- Hertz-Kuwait.xml
+		- Hertz-Netherlands.xml
+		- Hertz-New-Zealand.xml
+		- Hertz-Norway.xml
+		- Hertz-Portugal.xml
+		- Hertz-Qatar.xml
+		- Hertz-Saudi-Arabia.xml
+		- Hertz-Slovenia.xml
+		- Hertz-South-Africa.xml
+		- Hertz-South-Korea.xml
+		- Hertz-Spain.xml
+		- Hertz-Sweden.xml
+		- Hertz-Switzerland.xml
+		- Hertz-Taiwan.xml
+		- Hertz-Thailand.xml
+		- Hertz-UAE.xml
+		- Hertz-UK.xml
+		- Hertz-US.xml
+-->
+<ruleset name="Hertz Poland">
+	<target host="www.hertz-autovermietung.com.pl" />
+	<target host="www.hertzautovermietung.com.pl" />
+	<target host="www.hertz-autovermietung.pl" />
+	<target host="www.hertzautovermietung.pl" />
+	<target host="www.hertz.com.pl" />
+	<target host="www.hertz.pl" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Hertz-Portugal.xml b/src/chrome/content/rules/Hertz-Portugal.xml
new file mode 100644
index 000000000000..e64df3609e0c
--- /dev/null
+++ b/src/chrome/content/rules/Hertz-Portugal.xml
@@ -0,0 +1,52 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://www.hertz.pt/ (200) => https://www.hertz.pt/ (403)
+
+	Other Hertz rulesets:
+		- Hertz-Australia.xml
+		- Hertz-Austria.xml
+		- Hertz-Bahrain.xml
+		- Hertz-Belgium.xml
+		- Hertz-Brazil.xml
+		- Hertz-Canada.xml
+		- Hertz-China.xml
+		- Hertz-Croatia.xml
+		- Hertz-Finland.xml
+		- Hertz-France.xml
+		- Hertz-Germany.xml
+		- Hertz-Hong-Kong.xml
+		- Hertz-Hungary.xml
+		- Hertz-Iceland.xml
+		- Hertz-Indonesia.xml
+		- Hertz-Ireland.xml
+		- Hertz-Italy.xml
+		- Hertz-Jordan.xml
+		- Hertz-Kuwait.xml
+		- Hertz-Netherlands.xml
+		- Hertz-New-Zealand.xml
+		- Hertz-Norway.xml
+		- Hertz-Poland.xml
+		- Hertz-Qatar.xml
+		- Hertz-Saudi-Arabia.xml
+		- Hertz-Slovenia.xml
+		- Hertz-South-Africa.xml
+		- Hertz-South-Korea.xml
+		- Hertz-Spain.xml
+		- Hertz-Sweden.xml
+		- Hertz-Switzerland.xml
+		- Hertz-Taiwan.xml
+		- Hertz-Thailand.xml
+		- Hertz-UAE.xml
+		- Hertz-UK.xml
+		- Hertz-US.xml
+-->
+<ruleset name="Hertz Portugal" default_off="failed ruleset test">
+	<target host="hertz247.pt" />
+	<target host="www.hertz247.pt" />
+	<target host="www.hertz.com.pt" />
+	<target host="www.hertz.pt" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Hertz-Qatar.xml b/src/chrome/content/rules/Hertz-Qatar.xml
new file mode 100644
index 000000000000..1c88d541600e
--- /dev/null
+++ b/src/chrome/content/rules/Hertz-Qatar.xml
@@ -0,0 +1,49 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://www.hertz.qa/ (200) => https://www.hertz.qa/ (403)
+
+	Other Hertz rulesets:
+		- Hertz-Australia.xml
+		- Hertz-Austria.xml
+		- Hertz-Bahrain.xml
+		- Hertz-Belgium.xml
+		- Hertz-Brazil.xml
+		- Hertz-Canada.xml
+		- Hertz-China.xml
+		- Hertz-Croatia.xml
+		- Hertz-Finland.xml
+		- Hertz-France.xml
+		- Hertz-Germany.xml
+		- Hertz-Hong-Kong.xml
+		- Hertz-Hungary.xml
+		- Hertz-Iceland.xml
+		- Hertz-Indonesia.xml
+		- Hertz-Ireland.xml
+		- Hertz-Italy.xml
+		- Hertz-Jordan.xml
+		- Hertz-Kuwait.xml
+		- Hertz-Netherlands.xml
+		- Hertz-New-Zealand.xml
+		- Hertz-Norway.xml
+		- Hertz-Poland.xml
+		- Hertz-Portugal.xml
+		- Hertz-Saudi-Arabia.xml
+		- Hertz-Slovenia.xml
+		- Hertz-South-Africa.xml
+		- Hertz-South-Korea.xml
+		- Hertz-Spain.xml
+		- Hertz-Sweden.xml
+		- Hertz-Switzerland.xml
+		- Hertz-Taiwan.xml
+		- Hertz-Thailand.xml
+		- Hertz-UAE.xml
+		- Hertz-UK.xml
+		- Hertz-US.xml
+-->
+<ruleset name="Hertz Qatar" default_off="failed ruleset test">
+	<target host="www.hertz.qa" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Hertz-Saudi-Arabia.xml b/src/chrome/content/rules/Hertz-Saudi-Arabia.xml
new file mode 100644
index 000000000000..d5ee4fc098bc
--- /dev/null
+++ b/src/chrome/content/rules/Hertz-Saudi-Arabia.xml
@@ -0,0 +1,50 @@
+<!--
+	Other Hertz rulesets:
+		- Hertz-Australia.xml
+		- Hertz-Austria.xml
+		- Hertz-Bahrain.xml
+		- Hertz-Belgium.xml
+		- Hertz-Brazil.xml
+		- Hertz-Canada.xml
+		- Hertz-China.xml
+		- Hertz-Croatia.xml
+		- Hertz-Finland.xml
+		- Hertz-France.xml
+		- Hertz-Germany.xml
+		- Hertz-Hong-Kong.xml
+		- Hertz-Hungary.xml
+		- Hertz-Iceland.xml
+		- Hertz-Indonesia.xml
+		- Hertz-Ireland.xml
+		- Hertz-Italy.xml
+		- Hertz-Jordan.xml
+		- Hertz-Kuwait.xml
+		- Hertz-Netherlands.xml
+		- Hertz-New-Zealand.xml
+		- Hertz-Norway.xml
+		- Hertz-Poland.xml
+		- Hertz-Portugal.xml
+		- Hertz-Qatar.xml
+		- Hertz-Slovenia.xml
+		- Hertz-South-Africa.xml
+		- Hertz-South-Korea.xml
+		- Hertz-Spain.xml
+		- Hertz-Sweden.xml
+		- Hertz-Switzerland.xml
+		- Hertz-Taiwan.xml
+		- Hertz-Thailand.xml
+		- Hertz-UAE.xml
+		- Hertz-UK.xml
+		- Hertz-US.xml
+
+	Non-functional domain:
+		- (www.)hertz.com.sa	(hostname mismatch, CN: *.securesites.net, securesites.net )
+-->
+
+<ruleset name="Hertz Saudi Arabia">
+	<target host="hertzarabic.com" />
+	<target host="www.hertzarabic.com" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Hertz-Slovenia.xml b/src/chrome/content/rules/Hertz-Slovenia.xml
new file mode 100644
index 000000000000..1d12a3e8cd00
--- /dev/null
+++ b/src/chrome/content/rules/Hertz-Slovenia.xml
@@ -0,0 +1,45 @@
+<!--
+	Other Hertz rulesets:
+		- Hertz-Australia.xml
+		- Hertz-Austria.xml
+		- Hertz-Bahrain.xml
+		- Hertz-Belgium.xml
+		- Hertz-Brazil.xml
+		- Hertz-Canada.xml
+		- Hertz-China.xml
+		- Hertz-Croatia.xml
+		- Hertz-Finland.xml
+		- Hertz-France.xml
+		- Hertz-Germany.xml
+		- Hertz-Hong-Kong.xml
+		- Hertz-Hungary.xml
+		- Hertz-Iceland.xml
+		- Hertz-Indonesia.xml
+		- Hertz-Ireland.xml
+		- Hertz-Italy.xml
+		- Hertz-Jordan.xml
+		- Hertz-Kuwait.xml
+		- Hertz-Netherlands.xml
+		- Hertz-New-Zealand.xml
+		- Hertz-Norway.xml
+		- Hertz-Poland.xml
+		- Hertz-Portugal.xml
+		- Hertz-Qatar.xml
+		- Hertz-Saudi-Arabia.xml
+		- Hertz-South-Africa.xml
+		- Hertz-South-Korea.xml
+		- Hertz-Spain.xml
+		- Hertz-Sweden.xml
+		- Hertz-Switzerland.xml
+		- Hertz-Taiwan.xml
+		- Hertz-Thailand.xml
+		- Hertz-UAE.xml
+		- Hertz-UK.xml
+		- Hertz-US.xml
+-->
+<ruleset name="Hertz Slovenia">
+	<target host="www.hertz.si" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Hertz-South-Africa.xml b/src/chrome/content/rules/Hertz-South-Africa.xml
new file mode 100644
index 000000000000..b37b49374bd5
--- /dev/null
+++ b/src/chrome/content/rules/Hertz-South-Africa.xml
@@ -0,0 +1,45 @@
+<!--
+	Other Hertz rulesets:
+		- Hertz-Australia.xml
+		- Hertz-Austria.xml
+		- Hertz-Bahrain.xml
+		- Hertz-Belgium.xml
+		- Hertz-Brazil.xml
+		- Hertz-Canada.xml
+		- Hertz-China.xml
+		- Hertz-Croatia.xml
+		- Hertz-Finland.xml
+		- Hertz-France.xml
+		- Hertz-Germany.xml
+		- Hertz-Hong-Kong.xml
+		- Hertz-Hungary.xml
+		- Hertz-Iceland.xml
+		- Hertz-Indonesia.xml
+		- Hertz-Ireland.xml
+		- Hertz-Italy.xml
+		- Hertz-Jordan.xml
+		- Hertz-Kuwait.xml
+		- Hertz-Netherlands.xml
+		- Hertz-New-Zealand.xml
+		- Hertz-Norway.xml
+		- Hertz-Poland.xml
+		- Hertz-Portugal.xml
+		- Hertz-Qatar.xml
+		- Hertz-Saudi-Arabia.xml
+		- Hertz-Slovenia.xml
+		- Hertz-South-Korea.xml
+		- Hertz-Spain.xml
+		- Hertz-Sweden.xml
+		- Hertz-Switzerland.xml
+		- Hertz-Taiwan.xml
+		- Hertz-Thailand.xml
+		- Hertz-UAE.xml
+		- Hertz-UK.xml
+		- Hertz-US.xml
+-->
+<ruleset name="Hertz South Africa">
+	<target host="www.hertz.co.za" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Hertz-South-Korea.xml b/src/chrome/content/rules/Hertz-South-Korea.xml
new file mode 100644
index 000000000000..e1dcd23640bc
--- /dev/null
+++ b/src/chrome/content/rules/Hertz-South-Korea.xml
@@ -0,0 +1,49 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://www.hertz.co.kr/ (200) => https://www.hertz.co.kr/ (403)
+
+	Other Hertz rulesets:
+		- Hertz-Australia.xml
+		- Hertz-Austria.xml
+		- Hertz-Bahrain.xml
+		- Hertz-Belgium.xml
+		- Hertz-Brazil.xml
+		- Hertz-Canada.xml
+		- Hertz-China.xml
+		- Hertz-Croatia.xml
+		- Hertz-Finland.xml
+		- Hertz-France.xml
+		- Hertz-Germany.xml
+		- Hertz-Hong-Kong.xml
+		- Hertz-Hungary.xml
+		- Hertz-Iceland.xml
+		- Hertz-Indonesia.xml
+		- Hertz-Ireland.xml
+		- Hertz-Italy.xml
+		- Hertz-Jordan.xml
+		- Hertz-Kuwait.xml
+		- Hertz-Netherlands.xml
+		- Hertz-New-Zealand.xml
+		- Hertz-Norway.xml
+		- Hertz-Poland.xml
+		- Hertz-Portugal.xml
+		- Hertz-Qatar.xml
+		- Hertz-Saudi-Arabia.xml
+		- Hertz-Slovenia.xml
+		- Hertz-South-Africa.xml
+		- Hertz-Spain.xml
+		- Hertz-Sweden.xml
+		- Hertz-Switzerland.xml
+		- Hertz-Taiwan.xml
+		- Hertz-Thailand.xml
+		- Hertz-UAE.xml
+		- Hertz-UK.xml
+		- Hertz-US.xml
+-->
+<ruleset name="Hertz South Korea" default_off="failed ruleset test">
+	<target host="www.hertz.co.kr" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Hertz-Spain.xml b/src/chrome/content/rules/Hertz-Spain.xml
new file mode 100644
index 000000000000..38c59b519a5f
--- /dev/null
+++ b/src/chrome/content/rules/Hertz-Spain.xml
@@ -0,0 +1,61 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://www.hertz.es/ (200) => https://www.hertz.es/ (403)
+
+	Other Hertz rulesets:
+		- Hertz-Australia.xml
+		- Hertz-Austria.xml
+		- Hertz-Bahrain.xml
+		- Hertz-Belgium.xml
+		- Hertz-Brazil.xml
+		- Hertz-Canada.xml
+		- Hertz-China.xml
+		- Hertz-Croatia.xml
+		- Hertz-Finland.xml
+		- Hertz-France.xml
+		- Hertz-Germany.xml
+		- Hertz-Hong-Kong.xml
+		- Hertz-Hungary.xml
+		- Hertz-Iceland.xml
+		- Hertz-Indonesia.xml
+		- Hertz-Ireland.xml
+		- Hertz-Italy.xml
+		- Hertz-Jordan.xml
+		- Hertz-Kuwait.xml
+		- Hertz-Netherlands.xml
+		- Hertz-New-Zealand.xml
+		- Hertz-Norway.xml
+		- Hertz-Poland.xml
+		- Hertz-Portugal.xml
+		- Hertz-Qatar.xml
+		- Hertz-Saudi-Arabia.xml
+		- Hertz-Slovenia.xml
+		- Hertz-South-Africa.xml
+		- Hertz-South-Korea.xml
+		- Hertz-Sweden.xml
+		- Hertz-Switzerland.xml
+		- Hertz-Taiwan.xml
+		- Hertz-Thailand.xml
+		- Hertz-UAE.xml
+		- Hertz-UK.xml
+		- Hertz-US.xml
+
+	Non-functional domains:
+		- es.rentbull.es			(¹, CN:  *.websitewelcome.com, websitewelcome.com)
+		- (www.reservashertz.es			(¹, CN: *.atrapalo.com)
+		- (www.)hertzocasion.es			(redirect to http)
+		- a1.hertzocasion.es			(could not resolve host)
+		- a2.hertzocasion.es			(could not resolve host)
+
+	¹ hostname mismatch
+-->
+
+<ruleset name="Hertz Spain" default_off="failed ruleset test">
+	<target host="hertz247.es" />
+	<target host="www.hertz247.es" />
+	<target host="www.hertz.es" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Hertz-Sweden.xml b/src/chrome/content/rules/Hertz-Sweden.xml
new file mode 100644
index 000000000000..ef430eb1d4a4
--- /dev/null
+++ b/src/chrome/content/rules/Hertz-Sweden.xml
@@ -0,0 +1,49 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://www.hertz.se/ (200) => https://www.hertz.se/ (403)
+
+	Other Hertz rulesets:
+		- Hertz-Australia.xml
+		- Hertz-Austria.xml
+		- Hertz-Bahrain.xml
+		- Hertz-Belgium.xml
+		- Hertz-Brazil.xml
+		- Hertz-Canada.xml
+		- Hertz-China.xml
+		- Hertz-Croatia.xml
+		- Hertz-Finland.xml
+		- Hertz-France.xml
+		- Hertz-Germany.xml
+		- Hertz-Hong-Kong.xml
+		- Hertz-Hungary.xml
+		- Hertz-Iceland.xml
+		- Hertz-Indonesia.xml
+		- Hertz-Ireland.xml
+		- Hertz-Italy.xml
+		- Hertz-Jordan.xml
+		- Hertz-Kuwait.xml
+		- Hertz-Netherlands.xml
+		- Hertz-New-Zealand.xml
+		- Hertz-Norway.xml
+		- Hertz-Poland.xml
+		- Hertz-Portugal.xml
+		- Hertz-Qatar.xml
+		- Hertz-Saudi-Arabia.xml
+		- Hertz-Slovenia.xml
+		- Hertz-South-Africa.xml
+		- Hertz-South-Korea.xml
+		- Hertz-Spain.xml
+		- Hertz-Switzerland.xml
+		- Hertz-Taiwan.xml
+		- Hertz-Thailand.xml
+		- Hertz-UAE.xml
+		- Hertz-UK.xml
+		- Hertz-US.xml
+-->
+<ruleset name="Hertz Sweden" default_off="failed ruleset test">
+	<target host="www.hertz.se" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Hertz-Switzerland.xml b/src/chrome/content/rules/Hertz-Switzerland.xml
new file mode 100644
index 000000000000..14b8a5b23c16
--- /dev/null
+++ b/src/chrome/content/rules/Hertz-Switzerland.xml
@@ -0,0 +1,50 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://fr.hertz.ch/ (200) => https://fr.hertz.ch/ (403)
+
+	Other Hertz rulesets:
+		- Hertz-Australia.xml
+		- Hertz-Austria.xml
+		- Hertz-Bahrain.xml
+		- Hertz-Belgium.xml
+		- Hertz-Brazil.xml
+		- Hertz-Canada.xml
+		- Hertz-China.xml
+		- Hertz-Croatia.xml
+		- Hertz-Finland.xml
+		- Hertz-France.xml
+		- Hertz-Germany.xml
+		- Hertz-Hong-Kong.xml
+		- Hertz-Hungary.xml
+		- Hertz-Iceland.xml
+		- Hertz-Indonesia.xml
+		- Hertz-Ireland.xml
+		- Hertz-Italy.xml
+		- Hertz-Jordan.xml
+		- Hertz-Kuwait.xml
+		- Hertz-Netherlands.xml
+		- Hertz-New-Zealand.xml
+		- Hertz-Norway.xml
+		- Hertz-Poland.xml
+		- Hertz-Portugal.xml
+		- Hertz-Qatar.xml
+		- Hertz-Saudi-Arabia.xml
+		- Hertz-Slovenia.xml
+		- Hertz-South-Africa.xml
+		- Hertz-South-Korea.xml
+		- Hertz-Spain.xml
+		- Hertz-Sweden.xml
+		- Hertz-Taiwan.xml
+		- Hertz-Thailand.xml
+		- Hertz-UAE.xml
+		- Hertz-UK.xml
+		- Hertz-US.xml
+-->
+<ruleset name="Hertz Switzerland" default_off="failed ruleset test">
+	<target host="fr.hertz.ch" />
+	<target host="www.hertz.ch" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Hertz-Taiwan.xml b/src/chrome/content/rules/Hertz-Taiwan.xml
new file mode 100644
index 000000000000..67cb2bb897ce
--- /dev/null
+++ b/src/chrome/content/rules/Hertz-Taiwan.xml
@@ -0,0 +1,49 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://www.hertz.com.tw/ (200) => https://www.hertz.com.tw/ (403)
+
+	Other Hertz rulesets:
+		- Hertz-Australia.xml
+		- Hertz-Austria.xml
+		- Hertz-Bahrain.xml
+		- Hertz-Belgium.xml
+		- Hertz-Brazil.xml
+		- Hertz-Canada.xml
+		- Hertz-China.xml
+		- Hertz-Croatia.xml
+		- Hertz-Finland.xml
+		- Hertz-France.xml
+		- Hertz-Germany.xml
+		- Hertz-Hong-Kong.xml
+		- Hertz-Hungary.xml
+		- Hertz-Iceland.xml
+		- Hertz-Indonesia.xml
+		- Hertz-Ireland.xml
+		- Hertz-Italy.xml
+		- Hertz-Jordan.xml
+		- Hertz-Kuwait.xml
+		- Hertz-Netherlands.xml
+		- Hertz-New-Zealand.xml
+		- Hertz-Norway.xml
+		- Hertz-Poland.xml
+		- Hertz-Portugal.xml
+		- Hertz-Qatar.xml
+		- Hertz-Saudi-Arabia.xml
+		- Hertz-Slovenia.xml
+		- Hertz-South-Africa.xml
+		- Hertz-South-Korea.xml
+		- Hertz-Spain.xml
+		- Hertz-Sweden.xml
+		- Hertz-Switzerland.xml
+		- Hertz-Thailand.xml
+		- Hertz-UAE.xml
+		- Hertz-UK.xml
+		- Hertz-US.xml
+-->
+<ruleset name="Hertz Taiwan" default_off="failed ruleset test">
+	<target host="www.hertz.com.tw" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Hertz-Thailand.xml b/src/chrome/content/rules/Hertz-Thailand.xml
new file mode 100644
index 000000000000..db40f462e241
--- /dev/null
+++ b/src/chrome/content/rules/Hertz-Thailand.xml
@@ -0,0 +1,45 @@
+<!--
+	Other Hertz rulesets:
+		- Hertz-Australia.xml
+		- Hertz-Austria.xml
+		- Hertz-Bahrain.xml
+		- Hertz-Belgium.xml
+		- Hertz-Brazil.xml
+		- Hertz-Canada.xml
+		- Hertz-China.xml
+		- Hertz-Croatia.xml
+		- Hertz-Finland.xml
+		- Hertz-France.xml
+		- Hertz-Germany.xml
+		- Hertz-Hong-Kong.xml
+		- Hertz-Hungary.xml
+		- Hertz-Iceland.xml
+		- Hertz-Indonesia.xml
+		- Hertz-Ireland.xml
+		- Hertz-Italy.xml
+		- Hertz-Jordan.xml
+		- Hertz-Kuwait.xml
+		- Hertz-Netherlands.xml
+		- Hertz-New-Zealand.xml
+		- Hertz-Norway.xml
+		- Hertz-Poland.xml
+		- Hertz-Portugal.xml
+		- Hertz-Qatar.xml
+		- Hertz-Saudi-Arabia.xml
+		- Hertz-Slovenia.xml
+		- Hertz-South-Africa.xml
+		- Hertz-South-Korea.xml
+		- Hertz-Spain.xml
+		- Hertz-Sweden.xml
+		- Hertz-Switzerland.xml
+		- Hertz-Taiwan.xml
+		- Hertz-UAE.xml
+		- Hertz-UK.xml
+		- Hertz-US.xml
+-->
+<ruleset name="Hertz Thailand">
+	<target host="www.hertz.co.th" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Hertz-UAE.xml b/src/chrome/content/rules/Hertz-UAE.xml
new file mode 100644
index 000000000000..466675a3ecdf
--- /dev/null
+++ b/src/chrome/content/rules/Hertz-UAE.xml
@@ -0,0 +1,49 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://www.hertz.ae/ (200) => https://www.hertz.ae/ (403)
+
+	Other Hertz rulesets:
+		- Hertz-Australia.xml
+		- Hertz-Austria.xml
+		- Hertz-Bahrain.xml
+		- Hertz-Belgium.xml
+		- Hertz-Brazil.xml
+		- Hertz-Canada.xml
+		- Hertz-China.xml
+		- Hertz-Croatia.xml
+		- Hertz-Finland.xml
+		- Hertz-France.xml
+		- Hertz-Germany.xml
+		- Hertz-Hong-Kong.xml
+		- Hertz-Hungary.xml
+		- Hertz-Iceland.xml
+		- Hertz-Indonesia.xml
+		- Hertz-Ireland.xml
+		- Hertz-Italy.xml
+		- Hertz-Jordan.xml
+		- Hertz-Kuwait.xml
+		- Hertz-Netherlands.xml
+		- Hertz-New-Zealand.xml
+		- Hertz-Norway.xml
+		- Hertz-Poland.xml
+		- Hertz-Portugal.xml
+		- Hertz-Qatar.xml
+		- Hertz-Saudi-Arabia.xml
+		- Hertz-Slovenia.xml
+		- Hertz-South-Africa.xml
+		- Hertz-South-Korea.xml
+		- Hertz-Spain.xml
+		- Hertz-Sweden.xml
+		- Hertz-Switzerland.xml
+		- Hertz-Taiwan.xml
+		- Hertz-Thailand.xml
+		- Hertz-UK.xml
+		- Hertz-US.xml
+-->
+<ruleset name="Hertz UAE" default_off="failed ruleset test">
+	<target host="www.hertz.ae" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Hertz-UK.xml b/src/chrome/content/rules/Hertz-UK.xml
new file mode 100644
index 000000000000..80527aa93c9d
--- /dev/null
+++ b/src/chrome/content/rules/Hertz-UK.xml
@@ -0,0 +1,65 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://hertz.co.uk/ (200) => https://hertz.co.uk/ (403)
+Non-2xx HTTP code: http://www.hertzvans.co.uk/ (200) => https://www.hertzvans.co.uk/ (403)
+
+	Other Hertz rulesets:
+		- Hertz-Australia.xml
+		- Hertz-Austria.xml
+		- Hertz-Bahrain.xml
+		- Hertz-Belgium.xml
+		- Hertz-Brazil.xml
+		- Hertz-Canada.xml
+		- Hertz-China.xml
+		- Hertz-Croatia.xml
+		- Hertz-Finland.xml
+		- Hertz-France.xml
+		- Hertz-Germany.xml
+		- Hertz-Hong-Kong.xml
+		- Hertz-Hungary.xml
+		- Hertz-Iceland.xml
+		- Hertz-Indonesia.xml
+		- Hertz-Ireland.xml
+		- Hertz-Italy.xml
+		- Hertz-Jordan.xml
+		- Hertz-Kuwait.xml
+		- Hertz-Netherlands.xml
+		- Hertz-New-Zealand.xml
+		- Hertz-Norway.xml
+		- Hertz-Poland.xml
+		- Hertz-Portugal.xml
+		- Hertz-Qatar.xml
+		- Hertz-Saudi-Arabia.xml
+		- Hertz-Slovenia.xml
+		- Hertz-South-Africa.xml
+		- Hertz-South-Korea.xml
+		- Hertz-Spain.xml
+		- Hertz-Sweden.xml
+		- Hertz-Switzerland.xml
+		- Hertz-Taiwan.xml
+		- Hertz-Thailand.xml
+		- Hertz-UAE.xml
+		- Hertz-US.xml
+
+	Non-functional domains:
+		- uk.hertzsupercars.com					(¹, CN: zestwaa9.miniserver.com)
+		- (www.)hertzdreamcollection.co.uk		(¹, CN: zestwaa9.miniserver.com)
+		- a1.hertzcarsales.co.uk				(¹, CN: reseau.itg.fr, www.reseau.itg.fr )
+		- a2.hertzcarsales.co.uk				(¹, CN: reseau.itg.fr, www.reseau.itg.fr )
+		- (www.)hertzcarsales.co.uk				(redirect to http)
+		- (www.)hertz28.co.uk					(connection refused)
+
+	¹ hostname mismatch
+-->
+
+<ruleset name="Hertz UK" default_off="failed ruleset test">
+	<target host="hertz247.co.uk" />
+	<target host="hertz.co.uk" />
+	<target host="www.hertz.co.uk" />
+	<target host="www.hertz247.co.uk" />
+	<target host="www.hertzvans.co.uk" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Hertz-US.xml b/src/chrome/content/rules/Hertz-US.xml
new file mode 100644
index 000000000000..0a7451ffffce
--- /dev/null
+++ b/src/chrome/content/rules/Hertz-US.xml
@@ -0,0 +1,135 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://apideva.hertz.com/ => https://apideva.hertz.com/: (6, 'Could not resolve host: apideva.hertz.com')
+Non-2xx HTTP code: http://express.hertz.com/ (200) => https://express.hertz.com/ (403)
+Fetch error: http://hertzequipmentsales.com/ => https://hertzequipmentsales.com/: (6, 'Could not resolve host: https')
+Fetch error: http://hertzequipsales.com/ => https://hertzequipsales.com/: (6, 'Could not resolve host: https')
+Non-2xx HTTP code: http://japan.hertz.com/ (200) => https://japan.hertz.com/ (403)
+Fetch error: http://lasvegas.hertzequip.com/ => https://lasvegas.hertzequip.com/: (6, 'Could not resolve host: http')
+Fetch error: http://locdeva.hertz.com/ => https://locdeva.hertz.com/: (6, 'Could not resolve host: locdeva.hertz.com')
+Fetch error: http://lv.hertzequip.com/ => https://lv.hertzequip.com/: (6, 'Could not resolve host: http')
+Non-2xx HTTP code: http://mobile.hertz.com/ (200) => https://mobile.hertz.com/ (403)
+Non-2xx HTTP code: http://www5.hertz.com/ (200) => https://www5.hertz.com/ (403)
+Non-2xx HTTP code: http://www.hertz.com/ (200) => https://www.hertz.com/ (403)
+Fetch error: http://www.hertzequipmentsales.com/ => https://www.hertzequipmentsales.com/: (6, 'Could not resolve host: https')
+Fetch error: http://www.hertzequipsales.com/ => https://www.hertzequipsales.com/: (6, 'Could not resolve host: https')
+
+	Other Hertz rulesets:
+		- Hertz-Australia.xml
+		- Hertz-Austria.xml
+		- Hertz-Bahrain.xml
+		- Hertz-Belgium.xml
+		- Hertz-Brazil.xml
+		- Hertz-Canada.xml
+		- Hertz-China.xml
+		- Hertz-Croatia.xml
+		- Hertz-Finland.xml
+		- Hertz-France.xml
+		- Hertz-Germany.xml
+		- Hertz-Hong-Kong.xml
+		- Hertz-Hungary.xml
+		- Hertz-Iceland.xml
+		- Hertz-Indonesia.xml
+		- Hertz-Ireland.xml
+		- Hertz-Italy.xml
+		- Hertz-Jordan.xml
+		- Hertz-Kuwait.xml
+		- Hertz-Netherlands.xml
+		- Hertz-New-Zealand.xml
+		- Hertz-Norway.xml
+		- Hertz-Poland.xml
+		- Hertz-Portugal.xml
+		- Hertz-Qatar.xml
+		- Hertz-Saudi-Arabia.xml
+		- Hertz-Slovenia.xml
+		- Hertz-South-Africa.xml
+		- Hertz-South-Korea.xml
+		- Hertz-Spain.xml
+		- Hertz-Sweden.xml
+		- Hertz-Switzerland.xml
+		- Hertz-Taiwan.xml
+		- Hertz-Thailand.xml
+		- Hertz-UAE.xml
+		- Hertz-UK.xml
+
+	Non-functional domains:
+		- (www.)hertzsupercars.com			(¹, CN: zestwaa9.miniserver.com)
+		- (www.)hertzdreamcars.com			(¹, CN: zestwaa9.miniserver.com)
+		- (www.)hertzfranchiseopportunities.com		(¹, CN: *.prod.phx3.secureserver.net, prod.phx3.secureserver.net)
+		- (www.)hertzagentgold.com			(¹, CN: *.hertz.com, hertz.com)
+		- (www.)hertzenergyservices.com			(¹, CN: *.mail.espacioseguro.com)
+		- newsroom.hertz.com				²
+		- ir.hertz.com					²
+		- control.hertz247.com				²
+		- (www.)hertzcarsales.com			(available for certain pages only)
+		- (www.)hertzequip.com				(mixed content)
+		- hertz-carsales.com				(only valid for subdomains)
+		- a1.hertzcarsales.com				(could not resolve host)
+		- a2.hertzcarsales.com				(could not resolve host)
+		- (www.)hertzcarsales.com			(redirect to http)
+		- (www.)hertzrent2buy.com			(redirect to http)
+
+	¹ invalid hostname
+	² timeout
+-->
+<ruleset name="Hertz US" default_off="failed ruleset test">
+
+	<!-- only country-specific subdomains are valid, despite matching SSL cert
+	<target host="hertz-carsales.com" />-->
+	<target host="*.hertz-carsales.com" />
+	<target host="apideva.hertz.com" />
+	<target host="api.hertz.com" />
+	<target host="bespoke.hertz.com" />
+	<target host="cinelease.com" />
+	<target host="connectbyhertz.com" />
+	<target host="etrieveca.htzpartners.com" />
+	<target host="etrieve.htzpartners.com" />
+	<target host="express.hertz.com" />
+	<target host="hertz247.com"  />
+	<target host="hertz.com" />
+	<target host="hertzentertainment.com" />
+	<target host="hertzequip.com" />
+	<target host="hertzequipmentrentals.com" />
+	<target host="hertzequipmentsales.com" />
+	<target host="hertzequipsales.com" />
+	<target host="hertzondemand.com" />
+	<target host="images2.hertz247.com" />
+	<target host="images2.hertz.com" />
+	<target host="images.hertz247.com" />
+	<target host="images.hertz.com" />
+	<target host="imagesrel.hertz.com" />
+	<target host="japan.hertz.com" />
+	<target host="lasvegas.hertzequip.com" />
+	<target host="locdeva.hertz.com" />
+	<target host="loc.hertz.com" />
+	<target host="lv.hertzequip.com" />
+	<target host="m.hertzequip.com" />
+	<target host="mobile.hertz247.com" />
+	<target host="mobile.hertz.com" />
+	<target host="offer.hertz.com" />
+	<target host="origin-www.hertz247.com" />
+	<target host="test.hertzequip.com" />
+	<target host="www5.hertz.com" />
+	<target host="wwwdc2.cinelease.com" />
+	<target host="wwwdc2.hertzentertainment.com" />
+	<target host="wwwdc.cinelease.com" />
+	<target host="wwwdc.hertzentertainment.com" />
+	<target host="www.fireflycarrental.com" />
+	<target host="www.hertz.com" />
+	<target host="www.hertzequipmentrentals.com" />
+	<target host="www.hertzequipmentsales.com" />
+	<target host="www.hertzequipsales.com" />
+	<target host="wwwrc.cinelease.com" />
+	<target host="wwwrc.hertzentertainment.com" />
+	<target host="www.spump.com" />
+	<target host="www.zcarc.com" />
+	<target host="zcarc.com" />
+
+	<!-- rule test error even though server redirects just fine
+	<target host=  "hertz247.com" />
+	<target host=  "hertzondemand.com" /-->
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Hesapla_Bakalim.com.xml b/src/chrome/content/rules/Hesapla_Bakalim.com.xml
new file mode 100644
index 000000000000..9b7e094e2593
--- /dev/null
+++ b/src/chrome/content/rules/Hesapla_Bakalim.com.xml
@@ -0,0 +1,37 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://hesaplabakalim.com/ => https://hesaplabakalim.com/: (7, 'Failed to connect to hesaplabakalim.com port 443: Connection refused')
+Fetch error: http://www.hesaplabakalim.com/ => https://www.hesaplabakalim.com/: (7, 'Failed to connect to www.hesaplabakalim.com port 443: Connection refused')
+
+	CDN buckets:
+
+		- hesaplabakalim-production.s3.amazonaws.com
+
+
+	Mixed content:
+
+		- Images, from:
+
+			- s3.amazonaws.com *
+			- hesaplabakalim-production.s3.amazonaws.com *
+
+		- Web bugs from platform.twitter.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Hesapla Bakalim.com" default_off="failed ruleset test">
+
+	<target host="hesaplabakalim.com" />
+	<target host="www.hesaplabakalim.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<securecookie host="^\.?hesaplabakalim\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Hesecure.com.xml b/src/chrome/content/rules/Hesecure.com.xml
index 6630a6ed352a..55b2dcf9f0ee 100644
--- a/src/chrome/content/rules/Hesecure.com.xml
+++ b/src/chrome/content/rules/Hesecure.com.xml
@@ -7,10 +7,10 @@
 	<target host="*.c13.hesecure.com" />
 
 
-	<securecookie host=".+\.c13\.hesecure\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http://([\w-]+)\.c13\.hesecure\.com/"
 		to="https://$1.c13.hesecure.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Hesport.com.xml b/src/chrome/content/rules/Hesport.com.xml
new file mode 100644
index 000000000000..03548336be6d
--- /dev/null
+++ b/src/chrome/content/rules/Hesport.com.xml
@@ -0,0 +1,15 @@
+<!--
+	Related ruleset:
+		Hespress.com.xml
+-->
+<ruleset name="Hesport.com">
+	<target host="hesport.com" />
+	<target host="www.hesport.com" />
+	<target host="m.hesport.com" />
+	<target host="s1.hesport.com" />
+	<target host="t1.hesport.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Hespress.com.xml b/src/chrome/content/rules/Hespress.com.xml
new file mode 100644
index 000000000000..81e06552fc50
--- /dev/null
+++ b/src/chrome/content/rules/Hespress.com.xml
@@ -0,0 +1,17 @@
+<!--
+	Related ruleset:
+		Hesport.com.xml
+-->
+<ruleset name="Hespress.com">
+	<target host="hespress.com" />
+	<target host="www.hespress.com" />
+	<target host="dabanit.hespress.com" />
+	<target host="loc.hespress.com" />
+	<target host="m.hespress.com" />
+	<target host="s1.hespress.com" />
+	<target host="t1.hespress.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Hestore.hu.xml b/src/chrome/content/rules/Hestore.hu.xml
new file mode 100644
index 000000000000..9f7a9476dac7
--- /dev/null
+++ b/src/chrome/content/rules/Hestore.hu.xml
@@ -0,0 +1,8 @@
+<ruleset name="Hestore.hu">
+	<target host="hestore.hu" />
+	<target host="www.hestore.hu" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Heteml.jp.xml b/src/chrome/content/rules/Heteml.jp.xml
index 0c092e02848e..f4fbb752450b 100644
--- a/src/chrome/content/rules/Heteml.jp.xml
+++ b/src/chrome/content/rules/Heteml.jp.xml
@@ -1,4 +1,7 @@
 <!--
+	For other GMO coverage, see GMO_Internet.xml.
+
+
 	Cert only matches secure.
 
 
@@ -27,7 +30,7 @@
 	<!--	www drops path when redirecting
 		to ^, so copy that behavior:
 						-->
-	<rule from="^http://www\.heteml\.jp/[^?]*(?=\?)?"
+	<rule from="^http://www\.heteml\.jp/[^?]*"
 		to="https://secure.heteml.jp/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Hetzner-Online.xml b/src/chrome/content/rules/Hetzner-Online.xml
index 421b3a91aa51..eb57d9c59513 100644
--- a/src/chrome/content/rules/Hetzner-Online.xml
+++ b/src/chrome/content/rules/Hetzner-Online.xml
@@ -3,17 +3,24 @@
 	<target host="hetzner.de"/>
 	<target host="*.hetzner.de"/>
 	<target host="*.your-server.de"/>
-	<target host="*.webmail.your-server.de"/>
 
-        <exclusion pattern="^http://wiki\.hetzner\.de"/>
+		<exclusion pattern="^http://wiki\.hetzner\.de"/>
 
-	<securecookie host="^(.*\.)?hetzner\.de$" name=".*"/>
-	<securecookie host="^.*\.your-server\.de$" name=".*"/>
+			<test url="http://wiki.hetzner.de/" />
 
-	<rule from="^http://hetzner\.de/"
-		to="https://www.hetzner.de/"/>
+		<test url="http://jobs.hetzner.de/" />
+		<test url="http://www.hetzner.de/" />
 
-	<rule from="^http://(\w+)\.(hetzner|your-server)\.de/"
-		to="https://$1.$2.de/"/>
+		<test url="http://dedi3494.your-server.de/" />
+		<test url="http://konsoleh.your-server.de/" />
+		<test url="http://robot.your-server.de/" />
+		<test url="http://webmail.your-server.de/imp/" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://(\w+\.)?(hetzner|your-server)\.de/"
+		to="https://$1$2.de/"/>
 
 </ruleset>
diff --git a/src/chrome/content/rules/Heureka.sk_cz.xml b/src/chrome/content/rules/Heureka.sk_cz.xml
new file mode 100644
index 000000000000..da137be8062d
--- /dev/null
+++ b/src/chrome/content/rules/Heureka.sk_cz.xml
@@ -0,0 +1,24 @@
+<!--
+	Shooping sites heureka.sk, heureka.cz
+-->
+<ruleset name="Heureka.sk_cz">
+	<target host="*.heureka.sk" />
+	<target host="heureka.sk" />
+	<target host="heurekashopping.sk" />
+	<target host="www.heurekashopping.sk" />
+
+	<target host="*.heureka.cz" />
+	<target host="heureka.cz" />
+	<target host="heurekashopping.cz" />
+	<target host="www.heurekashopping.cz" />
+
+	<test url="http://www.heureka.sk/" />
+	<test url="http://m.heureka.sk/" />
+	<test url="http://foto.heureka.sk/" />
+
+	<test url="http://www.heureka.cz/" />
+	<test url="http://m.heureka.cz/" />
+	<test url="http://foto.heureka.cz/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Hewlett-Packard-mismatches.xml b/src/chrome/content/rules/Hewlett-Packard-mismatches.xml
index 2c524b54de74..bd8da45dd066 100644
--- a/src/chrome/content/rules/Hewlett-Packard-mismatches.xml
+++ b/src/chrome/content/rules/Hewlett-Packard-mismatches.xml
@@ -1,10 +1,9 @@
-<ruleset name="Hewlett-Packard Company (mismatches)" default_off="mismatch">
+<ruleset name="Hewlett-Packard Company (mismatches)" default_off="mismatched">
 
 	<!--	2o7.net	-->
 	<target host="met1.hp.com"/>
 
-	<rule from="^http://met1\.hp\.com/"
-		to="https://met1.hp.com/"/>
+	<rule from="^http:" to="https:" />
 
 
 </ruleset>
diff --git a/src/chrome/content/rules/Hewlett-Packard.xml b/src/chrome/content/rules/Hewlett-Packard.xml
index 9822b4584415..1b1558bcc8ba 100644
--- a/src/chrome/content/rules/Hewlett-Packard.xml
+++ b/src/chrome/content/rules/Hewlett-Packard.xml
@@ -1,98 +1,211 @@
 <!--
 	Other Hewlett Packard rulesets:
 
+		- HP_Cloud.com.xml
 		- Optimost.xml
+		- Palm.com.xml
 
 
 	Nonfunctional domains:
 
-		- (www.)arcsight.com	(record_too_long)
+		- (www.)arcsight.com
 
 		- hp.com subdomains:
 
-			- h10060.www1	(404, mismatched)
-			- h17007.www1	(handshake failure)
-			- h18004.www1	(shows h18000.www1, mismatched)
-			- h30565.www3
-
-		- hpwebos.com		(CN: palm.com)
-		- www.hpwebos.com	(redirects to http, Akamai)
+			- h22166.austin *
+			- h22207.austin *
+			- h30499.austin *
+			- h30507.austin *
+			- h50146.austin *
+			- h71000.austin *
+			- (www.)hpl ¹
+			- h10060.www1 ²
+			- h17007.www1 ³
+			- h18004.www1 ⁴
+
+		- hpwebos.com ⁵
+		- www.hpwebos.com ⁶
+		- welcome.hp-ww.com ⁷
+
+	* Refused
+	¹ Plaintext reply
+	² 404, mismatched
+	³ Reset
+	⁴ Shows h18000.www1, mismatched
+	⁵ Mismatched, CN: palm.com
+	⁶ Redirects to http, Akamai
+	⁷ Dropped
 
 
 	Problematic domains:
 
-		- welcome.hp-ww.com	(times out)
+		- reimagine.hp.com ¹
+		- h30261.www3.hp.com ²
+
+	¹ Mismatched, CN: z2z-hpcom-static-prd-30.external.hp.com
+	² corporate-ir.net
+
+
+	Partially covered domains:
+
+		- store.hp.com *
+
+	* Some pages redirect to http
+
+
+	Fully covered domains:
+
+		- protect724.arcsight.com
+
+		- (www.)?eds.com
+		- www-mo.eds.com
+
+		- [^.]*.hp.com:
+
+			- protect724
+			- register
+			- shopping1
+			- sprout
+			- www8		(→ ssl.www8)
+
+		- community.dev.hp.com
+		- v4nzproa.houston.hp.com
+		- apps.protect724.hp.com
+		- uat.protect724.hp.com
+		- apps.uat.protect724.hp.com
+
+		- *.www1.hp.com:
+
+			- h10120
+
+		- *.www2.hp.com:
+
+			- h20435
+			- h20497
+			- h22166
+
+		- *.www3.hp.com:
+
+			- h30434
+			- h30499
+			- h30507
+
+		- *.www4.hp.com:
+
+			- h41183
+
+		- ssl.www8.hp.com
+
+		- ssl-product-images.www8-hp.com
+
+
+	Insecure cookies are set for these domains:
+
+		- protect724.arcsight.com
+
+		- .hp.com
+		- community.dev.hp.com
+
+		- protect724.hp.com
+		- apps.protect724.hp.com
+		- uat.protect724.hp.com
+		- apps.uat.protect724.hp.com
+
+		- .www2.hp.com
+		- h20435.www2.hp.com
+		- h20497.www2.hp.com
+		- h22166.www2.hp.com
+		- .www3.hp.com
+		- h30499.www3.hp.com
+		- h30507.www3.hp.com
+		- h71016.www7.hp.com
+		- ssl.www8.hp.com
+
+
+	Mixed content:
+
+		- css, on:
+
+			- shopping1.hp.com from welcome.hp-ww.com
+			- h30261.www3.hp.com from phx.corporate-ir.net *
+			- h71016.www7.hp.com from $self *
+
+		- Image on h30499.www3.hp.com from $self *
+
+		- favicon on shopping1.hp.com and h30499.www3.hp.com from welcome.hp-ww.com *
+
+	* Secured by us
+
 
 -->
-<ruleset name="Hewlett-Packard Company (buggy)" default_off="https://eff.org/r.4ap5">
+<ruleset name="HP (buggy?)" default_off="testing">
 
-	<target host="compaq.com" />
-	<target host="www.compaq.com" />
+	<target host="protect724.arcsight.com" />
 	<target host="eds.com" />
 	<target host="*.eds.com" />
 	<target host="hp.com" />
 	<target host="*.hp.com" />
-		<exclusion pattern="^http://www\.hp\.com/(?!img/)" />
+		<exclusion pattern="^http://(?:h(?:22166|22207|30499|30507|50146|71000)\.austin|(?:www\.)?hpl|m|reimagine|welcome|h1(?:0060|7007|8004)\.www1|h30(?:261|434)\.www3)\.hp\.com" />
+		<!--
+			At least some redirects 404:
+							-->
+		<exclusion pattern="^http://shopping1\.hp\.com/(?!is-bin/)" />
+		<exclusion pattern="^http://store\.hp\.com/webapp/wcs/stores/servlet(?:$|[?/])" />
 		<!--
-			404s over https
+			404 over https:
 					-->
+		<!--exclusion pattern="^http://www\.hp\.com/hpinfo/images/" /-->
+		<exclusion pattern="^http://www\.hp\.com/(?!img/)" />
 		<exclusion pattern="^http://h18000\.www1\.hp\.com/products/servers/linux/documentation\.html" />
 	<target host="*.hp-ww.com" />
-	<target host="developer.palm.com" />
-	<target host="threatlinq.tippingpoint.com" />
-	<target host="www.threatlinq.tippingpoint.com" />
+		<exclusion pattern="^http://welcome\.hp-ww\.com/+(?!(?:img/+)?favicon\.ico)" />
+	<target host="ssl-product-images.www8-hp.com" />
 
 
-	<securecookie host="^esca(?:2\.americas|5\.asiapac|3\.europe)\.hp\.com$" name=".+" />
-	<securecookie host="^(?:(?:www\.)?register|shopping)\.hp\.com$" name=".+" />
-	<securecookie host="^h(?:20141\.www2|41183\.www4)\.hp\.com$" name=".+" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^protect724\.arcsight\.com$" name="^BIGipServerpool_arcsightprotect724-v7\.hosted\.jivesoftware\.com$" /-->
+	<!--securecookie host="^\.hp\.com$" name="^(cc|lang)$" /-->
+	<!--securecookie host="^community\.dev\.hp\.com$" name="^LithiumVisitor$" /-->
+	<!--securecookie host="^(apps\.)?protect724\.hp\.com$" name="^BIGipServerpool_arcsightprotect724-v7\.hosted\.jivesoftware\.com$" /-->
+	<!--securecookie host="^(uat\.)?protect724\.hp\.com$" name="^(jive\.login\.ts|jive\.security\.context)$" /-->
+	<!--securecookie host="^shopping1\.hp\.com$" name="^(pgid|sid)$" /-->
+	<!--securecookie host="^(apps\.)?uat\.protect724\.hp\.com$" name="^BIGipServerm\w+-\d+-pool$" /-->
+	<!--securecookie host="^\.www[23]\.hp\.com$" name="^VISITORID$" /-->
+	<!--securecookie host="^(h20435\.www2|h30(434|499|507)\.www3)\.hp\.com$" name="^(LiSESSIONID|LithiumVisitor)$" /-->
+	<!--securecookie host="^h20497\.www2\.hp\.com$" name="^session$" /-->
+	<!--securecookie host="^h22166\.www2\.hp\.com$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^h30507\.www3\.hp\.com$" name="^lia\.anon\.profile\.language$" /-->
+	<!--securecookie host="^h71016\.www7\.hp.com$" name="^(ASPSESSIONID[A-Z]{8}|DCCPRO%5FDPLUS%5F[\w%]+)$" /-->
+	<!--securecookie host="^ssl\.www8\.hp\.com$" name="^JSESSIONID$" /-->
+
+	<securecookie host="^protect724\.arcsight\.com$" name=".+" />
 	<!--
 		Stats cookie set by met1.hp.com
 						-->
 	<securecookie host="^\.hp\.com$" name="^s_vi$" />
-	<securecookie host="^developer\.palm\.com$" name=".+" />
-
+	<securecookie host="^(?:esca(?:2\.americas|5\.asiapac|3\.europe)|community\.dev|(?:uat\.)?protect724|(?:www\.)?register|shopping|h2(?:0141|2166)\.www2|h30(?:434|499|507)\.www3|h41183\.www4|h71016\.www7|ssl\.www8)\.hp\.com$" name=".+" />
 
-	<rule from="^https?://3com\.com/"
-		to="https://www.3com.com/" />
 
-	<rule from="^http://(b2bgw|login|www)\.3com\.com/"
-		to="https://$1.3com.com/" />
-
-	<rule from="^https?://(?:www\.)?compaq\.com/"
-		to="https://www.compaq.com/" />
+	<rule from="^http://protect724\.arcsight\.com/"
+		to="https://protect724.arcsight.com/" />
 
 	<rule from="^http://(www(?:-mo)?\.)?eds\.com/"
 		to="https://$1eds.com/" />
 
-	<rule from="^http://(?:www\.)?hp\.com/"
-		to="https://www.hp.com/" />
+	<rule from="^http://([^/:@]+)\.(americas|asiapac|austin|europe|www[1-7])\.hp\.com/"
+		to="https://$1.austin.hp.com/" />
 
-	<rule from="^http://(esca2\.americas|esca5\.asiapac|esam2?\.austin|esca3\.europe|ftp|(?:www\.)?register|www|h(?:1000[34]|10018|10032|10048|10057|1008[456]|10148|10151|10176|1700[3-689]|17010|18000)\.www1|h20141\.www2|h41183\.www4)\.hp\.com/"
-		to="https://$1.hp.com/" />
-
-	<rule from="^http://(?:www\.)?shopping\.hp\.com/"
-		to="https://shopping.hp.com/" />
-
-	<rule from="^https?://welcome\.hp\.com/"
-		to="https://secure.hp-ww.com/" />
-
-	<rule from="^https?://(?:vausnzpro2\.austin|20465\.www2)\.hp\.com/"
-		to="https://vausnzpro2.austin.hp.com/" />
-
-	<rule from="^https?://(?:www\.)?esca\.hp\.com/"
-		to="https://esca2.americas.hp.com/" />
-
-	<rule from="^https?://(?:ssl\.|www\.)?www8\.hp\.com/"
+	<rule from="^http://(?:ssl\.)?www8\.hp\.com/"
 		to="https://ssl.www8.hp.com/" />
 
-	<rule from="^https?://(?:secure|welcome)\.hp-ww\.com/"
-		to="https://secure.hp-ww.com/" />
+	<rule from="^http://([^/:@.]+|community\.dev|v4nzproa\.houston|(?:apps|uat|apps\.uat)\.protect724)\.hp\.com/"
+		to="https://$1.hp.com/" />
 
-	<rule from="^http://developer\.palm\.com/"
-		to="https://developer.palm.com/" />
+	<rule from="^http://(?:secur|welcom)e\.hp-ww\.com/"
+		to="https://secure.hp-ww.com/" />
 
-	<rule from="^http://(www\.)?threatlinq\.tippingpoint\.com/"
-		to="https://$1threatlinq.tippingpoint.com/" />
+	<rule from="^http://ssl-product-images\.www8-hp\.com/"
+		to="https://ssl-product-images.www8-hp.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Hex-Rays.com.xml b/src/chrome/content/rules/Hex-Rays.com.xml
new file mode 100644
index 000000000000..57734252843e
--- /dev/null
+++ b/src/chrome/content/rules/Hex-Rays.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="Hex-Rays.com">
+
+	<target host="hex-rays.com" />
+	<target host="www.hex-rays.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Hexagon.xml b/src/chrome/content/rules/Hexagon.xml
deleted file mode 100644
index 5b528a1385d7..000000000000
--- a/src/chrome/content/rules/Hexagon.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="Hexagon">
-  <target host="hexagon.cc" />
-  <target host="www.hexagon.cc" />
-
-  <rule from="^http://(?:www\.)?hexagon\.cc/" to="https://hexagon.cc/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/Hexonet.xml b/src/chrome/content/rules/Hexonet.xml
index ff23b4958470..3d577baa8fa5 100644
--- a/src/chrome/content/rules/Hexonet.xml
+++ b/src/chrome/content/rules/Hexonet.xml
@@ -23,4 +23,4 @@
 	<rule from="^http://demo\.hexonet\.net/(?:\?.*)?$"
 		to="https://cp-ote.hexonet.net/cp2/index.php/domain/listing/?LOGIN_USER=test.user&amp;LOGIN_PASSWORD=test.passw0rd" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Hexplo.it.xml b/src/chrome/content/rules/Hexplo.it.xml
new file mode 100644
index 000000000000..18fccb67ebfa
--- /dev/null
+++ b/src/chrome/content/rules/Hexplo.it.xml
@@ -0,0 +1,18 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.hexplo.it/ => https://www.hexplo.it/: (51, "SSL: no alternative certificate subject name matches target host name 'www.hexplo.it'")
+
+-->
+<ruleset name="Hexplo.it" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="hexplo.it" />
+	<target host="www.hexplo.it" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Hexspoor_WMS.nl.xml b/src/chrome/content/rules/Hexspoor_WMS.nl.xml
new file mode 100644
index 000000000000..721c9479ce8c
--- /dev/null
+++ b/src/chrome/content/rules/Hexspoor_WMS.nl.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .hexspoorwms.nl
+
+-->
+<ruleset name="Hexspoor WMS.nl">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="hexspoorwms.nl" />
+	<target host="www.hexspoorwms.nl" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.hexspoorwms\.nl$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\.hexspoorwms\.nl$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Hft-leipzig.de.xml b/src/chrome/content/rules/Hft-leipzig.de.xml
new file mode 100644
index 000000000000..816b06f88541
--- /dev/null
+++ b/src/chrome/content/rules/Hft-leipzig.de.xml
@@ -0,0 +1,31 @@
+<!--
+	Nonfunctional subdomain:
+		- $         -> domain mismatch
+		- moodle    -> mixed content (secured by us)
+		- stura     -> times out
+		- kapri     -> wrong domain
+		- praktomat -> no connection
+		- venus     -> no connection
+		- www.vba   -> wrong domain
+		- qis       -> no connection
+		- www.bpmn  -> wrong domain
+		- bibo      -> no connection
+		- www1      -> different site
+
+	Notes:
+		- www1   -> different sites, but also HTTP version is useless for visitor, real sites like https://www1.hft-leipzig.de/bpmn/ e.g. works.
+-->
+<ruleset name="Hft-leipzig.de">
+	<target host="hft-leipzig.de" />
+	<target host="www.hft-leipzig.de" />
+	<!-- <target host="www1.hft-leipzig.de" /> -->
+	<target host="ilias.hft-leipzig.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://hft-leipzig\.de/"
+		to="https://www.hft-leipzig.de/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Hi-eg.xml b/src/chrome/content/rules/Hi-eg.xml
index 9cbca786d4c4..a523c0274bdd 100644
--- a/src/chrome/content/rules/Hi-eg.xml
+++ b/src/chrome/content/rules/Hi-eg.xml
@@ -18,7 +18,7 @@
 	<securecookie host="^hi-eg\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?hi-eg\.com/"
+	<rule from="^http://(?:www\.)?hi-eg\.com/"
 		to="https://hi-eg.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Hi.nl.xml b/src/chrome/content/rules/Hi.nl.xml
index 4abe453f4c2e..da7efadbb73d 100644
--- a/src/chrome/content/rules/Hi.nl.xml
+++ b/src/chrome/content/rules/Hi.nl.xml
@@ -1,6 +1,6 @@
 <ruleset name="Hi">
   <target host="*.hi.nl" />
-  
+
   <rule from="^http://(?:www\.)?hi\.nl/" to="https://www.hi.nl/"/>
   <rule from="^http://shop\.(?:www\.)?hi\.nl/" to="https://shop.www.hi.nl/"/>
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/HiConversion.com.xml b/src/chrome/content/rules/HiConversion.com.xml
index ade35d9cb798..d0abb96419d2 100644
--- a/src/chrome/content/rules/HiConversion.com.xml
+++ b/src/chrome/content/rules/HiConversion.com.xml
@@ -39,19 +39,18 @@
 <ruleset name="HiConversion.com (partial)">
 
 	<target host="hiconversion.com" />
-	<target host="*.hiconversion.com" />
+	<target host="www.hiconversion.com" />
+	<target host="console.hiconversion.com" />
+	<target host="ssl.hiconversion.com" />
 
 
 	<securecookie host="^console\.hiconversion\.com$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?hiconversion\.com/"
+	<rule from="^http://hiconversion\.com/"
 		to="https://www.hiconversion.com/" />
 
-	<rule from="^http://(console|ssl)\.hiconversion\.com/"
-		to="https://$1.hiconversion.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-	<rule from="^http://update\.hiconversion\.com/"
-		to="https://a248.e.akamai.net/f/1015/3091/3/update.hiconversion.com/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/HiFX.xml b/src/chrome/content/rules/HiFX.xml
index d2c314cd57bc..27a7286e1f60 100644
--- a/src/chrome/content/rules/HiFX.xml
+++ b/src/chrome/content/rules/HiFX.xml
@@ -7,16 +7,16 @@
 	<target host="hifx.co.uk" />
 	<target host="www.hifx.co.uk" />
 	<target host="hifxonline.co.uk" />
-	<target host="*.hifxonline.co.uk" />
+	<target host="www.hifxonline.co.uk" />
+	<target host="postoffice.hifxonline.co.uk" />
 
 
 	<securecookie host="^(?:postoffice|www)\.hifx(?:online)?\.co\.uk$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?hifx(online)?\.co\.uk/"
+	<rule from="^http://(?:www\.)?hifx(online)?\.co\.uk/"
 		to="https://www.hifx$1.co.uk/" />
 
-	<rule from="^http://postoffice\.hifxonline\.co\.uk/"
-		to="https://postoffice.hifxonline.co.uk/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/HiPEAC.net.xml b/src/chrome/content/rules/HiPEAC.net.xml
new file mode 100644
index 000000000000..c26ae6c82aae
--- /dev/null
+++ b/src/chrome/content/rules/HiPEAC.net.xml
@@ -0,0 +1,27 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://hipeac.org/ => https://hipeac.org/: (7, 'Failed to connect to hipeac.org port 443: No route to host')
+Fetch error: http://www.hipeac.org/ => https://www.hipeac.org/: (28, 'Connection timed out after 20000 milliseconds')
+
+	Nonfunctional hosts in *hipeac.net:
+
+		- lists ¹
+		- old ²
+
+	¹ Redirects to http
+	² Shows www.hipeac.org
+
+-->
+<ruleset name="HiPEAC.net (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="hipeac.org" />
+	<target host="www.hipeac.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/HiPoint_Inc.com.xml b/src/chrome/content/rules/HiPoint_Inc.com.xml
new file mode 100644
index 000000000000..2728e6211132
--- /dev/null
+++ b/src/chrome/content/rules/HiPoint_Inc.com.xml
@@ -0,0 +1,18 @@
+<!--
+	Fully covered hosts:
+
+		- (www.)?
+
+-->
+<ruleset name="HiPoint Inc.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="hipointinc.com" />
+	<target host="www.hipointinc.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Hiawatha-webserver.org.xml b/src/chrome/content/rules/Hiawatha-webserver.org.xml
new file mode 100644
index 000000000000..ca0b80d0afe0
--- /dev/null
+++ b/src/chrome/content/rules/Hiawatha-webserver.org.xml
@@ -0,0 +1,19 @@
+<!--
+	Invalid certificate:
+		banshee.hiawatha-webserver.org
+		wiki.hiawatha-webserver.org
+
+	Login required:
+		monitor.hiawatha-webserver.org
+		sqli.hiawatha-webserver.org
+
+-->
+<ruleset name="Hiawatha-webserver.org">
+
+	<target host="hiawatha-webserver.org" />
+	<target host="www.hiawatha-webserver.org" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Hide.me.xml b/src/chrome/content/rules/Hide.me.xml
new file mode 100644
index 000000000000..36681d544c02
--- /dev/null
+++ b/src/chrome/content/rules/Hide.me.xml
@@ -0,0 +1,12 @@
+<!--
+	Timeout:
+		nl.hideproxy.me
+-->
+<ruleset name="Hide.me">
+
+	<target host="de.hideproxy.me" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/HideMe.ru.xml b/src/chrome/content/rules/HideMe.ru.xml
index 86dbe6d1d098..24dfcafb2ee5 100644
--- a/src/chrome/content/rules/HideMe.ru.xml
+++ b/src/chrome/content/rules/HideMe.ru.xml
@@ -8,10 +8,12 @@
 	<target host="www.hideme.ru" />
 
 
+	<!--	Not secured by server:
+					-->
 	<securecookie host="^hidemu\.ru$" name=".+" />
 
 
 	<rule from="^http://(?:www\.)?hideme\.ru/"
 		to="https://hideme.ru/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Hideki_Saito.com.xml b/src/chrome/content/rules/Hideki_Saito.com.xml
new file mode 100644
index 000000000000..af9fe037136a
--- /dev/null
+++ b/src/chrome/content/rules/Hideki_Saito.com.xml
@@ -0,0 +1,29 @@
+<!--
+	Nonfunctional hosts in *hidekisaito.com:
+
+		- labs ᴰ
+
+	ᴰ DreamHost/200 "site not found"
+
+-->
+<ruleset name="Hideki Saito.com (partial)">
+
+	<target host="hidekisaito.com" />
+	<target host="hidekibin.hidekisaito.com" />
+	<target host="www.hidekibin.hidekisaito.com" />
+	<target host="wiki.hidekisaito.com" />
+	<target host="www.wiki.hidekisaito.com" />
+	<target host="en.wiki.hidekisaito.com" />
+	<target host="www.en.wiki.hidekisaito.com" />
+	<target host="ja.wiki.hidekisaito.com" />
+	<target host="www.ja.wiki.hidekisaito.com" />
+	<target host="www.hidekisaito.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Hideman.net.xml b/src/chrome/content/rules/Hideman.net.xml
new file mode 100644
index 000000000000..9a617062f1c2
--- /dev/null
+++ b/src/chrome/content/rules/Hideman.net.xml
@@ -0,0 +1,27 @@
+<!--
+	Other Hideman rulesets:
+
+		- Hidepay.net.xml
+
+
+	Fully covered subdomains:
+
+		- (www.)
+		- cdn
+		- static
+
+-->
+<ruleset name="Hideman.net">
+
+	<target host="hideman.net" />
+	<!--target host="cdn.hideman.net" /-->
+	<target host="static.hideman.net" />
+	<target host="www.hideman.net" />
+
+
+	<securecookie host="^\.hideman\.net$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Hidemyass.xml b/src/chrome/content/rules/Hidemyass.xml
index bcc95e1014e8..bd53204fd164 100644
--- a/src/chrome/content/rules/Hidemyass.xml
+++ b/src/chrome/content/rules/Hidemyass.xml
@@ -10,13 +10,13 @@
 	<target host="hidemyass.com"/>
 	<target host="*.hidemyass.com"/>
 
-	
+
 	<!--	Observed cookie domains:
 
 			- ^.
 			- ^affiliate
 					-->
-	<securecookie host="^(.*\.)?hidemyass\.com$" name=".*"/>
+	<securecookie host=".+" name=".+"/>
 
 
 	<!--	cert !valid for !www	-->
diff --git a/src/chrome/content/rules/Hidepay.net.xml b/src/chrome/content/rules/Hidepay.net.xml
new file mode 100644
index 000000000000..f9a468728b92
--- /dev/null
+++ b/src/chrome/content/rules/Hidepay.net.xml
@@ -0,0 +1,20 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.hidepay.net/ => https://www.hidepay.net/: (6, 'Could not resolve host: www.hidepay.net')
+
+	For other Hideman coverage, see Hideman.net.xml.
+
+-->
+<ruleset name="Hidepay.net" default_off="failed ruleset test">
+
+	<target host="hidepay.net" />
+	<target host="www.hidepay.net" />
+
+
+	<securecookie host="^\.hidepay\.net$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Hidester.com.xml b/src/chrome/content/rules/Hidester.com.xml
new file mode 100644
index 000000000000..28a01920bc5a
--- /dev/null
+++ b/src/chrome/content/rules/Hidester.com.xml
@@ -0,0 +1,18 @@
+<!--
+	Invalid certificate:
+		piwik.hidester.com (incomplete certificate chain)
+
+-->
+<ruleset name="Hidester.com">
+  	<target host="hidester.com" />
+  	<target host="www.hidester.com" />
+  	<target host="account.hidester.com" />
+  	<target host="dev.hidester.com" />
+  	<target host="devwp.hidester.com" />
+  	<target host="eu.hidester.com" />
+  	<target host="us.hidester.com" />
+
+	<securecookie host=".+" name=".+" />
+
+  	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/High-Gear-Media.xml b/src/chrome/content/rules/High-Gear-Media.xml
index 5e625af95e1f..46a1bc1aec55 100644
--- a/src/chrome/content/rules/High-Gear-Media.xml
+++ b/src/chrome/content/rules/High-Gear-Media.xml
@@ -7,7 +7,7 @@
 	<target host="static.hgmsites.net"/>
 	<target host="images.thecarconnection.com"/>
 
-	<rule from="^http://(static\.hgmsites\.net|images\.thecarconnection\.com)/"
-		to="https://s3.amazonaws.com/$1/"/>
+	<rule from="^http:"
+		to="https:"/>
 
 </ruleset>
diff --git a/src/chrome/content/rules/High.fi.xml b/src/chrome/content/rules/High.fi.xml
new file mode 100644
index 000000000000..3f00269d9868
--- /dev/null
+++ b/src/chrome/content/rules/High.fi.xml
@@ -0,0 +1,13 @@
+<ruleset name="High.fi">
+	<target host="high.fi" />
+	<target host="www.high.fi" />
+	<target host="ee.high.fi" />
+	<target host="en.high.fi" />
+	<target host="fi.high.fi" />
+	<target host="it.high.fi" />
+	<target host="no.high.fi" />
+	<target host="sv.high.fi" />
+	<target host="widget.high.fi" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/HighOn.Coffee.xml b/src/chrome/content/rules/HighOn.Coffee.xml
new file mode 100644
index 000000000000..e2cd96bc05ac
--- /dev/null
+++ b/src/chrome/content/rules/HighOn.Coffee.xml
@@ -0,0 +1,34 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .highon.coffee
+
+
+	Mixed content:
+
+		- Images from i.imgur.com *
+
+	* Secured by us
+
+-->
+<ruleset name="HighOn.Coffee">
+
+	<target host="highon.coffee" />
+	<target host="www.highon.coffee" />
+
+		<!--	Mixed images:
+					-->
+		<!--test url="http://highon.coffee/blog/" /-->
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.highon\.coffee$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/HighQ_Solutions.xml b/src/chrome/content/rules/HighQ_Solutions.xml
index fa59fc53f26f..68b27a04b397 100644
--- a/src/chrome/content/rules/HighQ_Solutions.xml
+++ b/src/chrome/content/rules/HighQ_Solutions.xml
@@ -17,7 +17,8 @@
 <ruleset name="HighQ Solutions" default_off="self-signed">
 
 	<target host="highqsolutions.com" />
-	<target host="*.highqsolutions.com" />
+	<target host="www.highqsolutions.com" />
+	<target host="support.highqsolutions.com" />
 
 
 	<rule from="^http://(?:www\.)?highqsolutions\.com/"
@@ -26,4 +27,4 @@
 	<rule from="^http://support\.highqsolutions\.com/(generated|system)/"
 		to="https://assets.zendesk.com/$1/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/HighWire.xml b/src/chrome/content/rules/HighWire.xml
deleted file mode 100644
index d9c3d1a51839..000000000000
--- a/src/chrome/content/rules/HighWire.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)
-
--->
-<ruleset name="HighWire (partial)">
-
-	<target host="shibboleth.highwire.org" />
-
-
-	<securecookie host="^shibboleth\.highwire\.org$" name=".+" />
-
-
-	<rule from="^http://shibboleth\.highwire\.org/"
-		to="https://shibboleth.highwire.org/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/High_Fidelity.io.xml b/src/chrome/content/rules/High_Fidelity.io.xml
new file mode 100644
index 000000000000..2c6d80895cf0
--- /dev/null
+++ b/src/chrome/content/rules/High_Fidelity.io.xml
@@ -0,0 +1,9 @@
+<ruleset name="High Fidelity.io">
+
+	<target host="highfidelity.io" />
+	<target host="www.highfidelity.io" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/High_Seer.com.xml b/src/chrome/content/rules/High_Seer.com.xml
new file mode 100644
index 000000000000..10f8fd185314
--- /dev/null
+++ b/src/chrome/content/rules/High_Seer.com.xml
@@ -0,0 +1,24 @@
+<!--
+	Mixed content:
+
+		- Image from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="High Seer.com">
+
+	<target host="highseer.com" />
+	<target host="www.highseer.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.www\.highseer\.com$" name="^frontend$" /-->
+
+	<securecookie host="^\.www\.highseer\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Highcharts.com.xml b/src/chrome/content/rules/Highcharts.com.xml
new file mode 100644
index 000000000000..a125ea758e9b
--- /dev/null
+++ b/src/chrome/content/rules/Highcharts.com.xml
@@ -0,0 +1,21 @@
+<!--
+	Other Highcharts.com related rulesets:
+		+ Highsoft.com.xml
+
+	Non-functional hosts
+		Redirect to HTTP:
+		- highcharts.com
+-->
+<ruleset name="Highcharts.com (partial)">
+	<target host="highcharts.com" />
+	<target host="www.highcharts.com" />
+	<target host="api.highcharts.com" />
+	<target host="code.highcharts.com" />
+	<target host="cloud.highcharts.com" />
+	<target host="forum.highcharts.com" />
+
+	<rule from="^http://highcharts\.com/"
+		to="https://www.highcharts.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Higher_Education_Academy.xml b/src/chrome/content/rules/Higher_Education_Academy.xml
index 26df474afff9..41ef7300e74d 100644
--- a/src/chrome/content/rules/Higher_Education_Academy.xml
+++ b/src/chrome/content/rules/Higher_Education_Academy.xml
@@ -1,35 +1,27 @@
 <!--
 	Nonfunctional subdomains:
 
-		- (www.)	(replies with http)
-
-
-	Fully covered subdomains:
-
-		- anywhere
-		- autodiscover
-		- groupspace
-		- heagateway
-		- heamysites
-		- integra
-		- my
-		- oma
-		- owa
-		- portaltest
-		- servicedesk
-		- vpn
-		- webmail
+	Connection refused:
+		- autodiscover.heacademy.ac.uk
 
 -->
 <ruleset name="Higher Education Academy (partial)">
 
-	<target host="*.heacademy.ac.uk" />
+	<target host="heacademy.ac.uk" />
+	<target host="www.heacademy.ac.uk" />
+	<target host="anywhere.heacademy.ac.uk" />
+	<target host="groupspace.heacademy.ac.uk" />
+	<target host="heagateway.heacademy.ac.uk" />
+	<target host="heamysites.heacademy.ac.uk" />
+	<target host="my.heacademy.ac.uk" />
+	<target host="oma.heacademy.ac.uk" />
+	<target host="owa.heacademy.ac.uk" />
+	<target host="webmail.heacademy.ac.uk" />
 
 
-	<securecookie host="^.+\.heacademy\.ac\.uk$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(anywhere|autodiscover|groupspace|heagateway|heamysites|integra|my|o[mw]a|portaltest|servicedesk|vpn|webmail)\.heacademy\.ac\.uk/"
-		to="https://$1.heacademy.ac.uk/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Highlands.edu.xml b/src/chrome/content/rules/Highlands.edu.xml
new file mode 100644
index 000000000000..74bac2f0348c
--- /dev/null
+++ b/src/chrome/content/rules/Highlands.edu.xml
@@ -0,0 +1,46 @@
+<!--
+	Expired:
+		- elearning (01/19/2016)
+		- highlander (01/19/2016)
+		- hypnotoad (01/19/2016)
+		- m (01/19/2016)
+		- orientation (01/19/2016)
+
+	Mismatched:
+		- ask (cc.sedoparking.com)
+		- getlibraryhelp (*.libguides.com)
+		- libcal (*.libcal.com)
+		- webmail (graph.windows.net)
+
+	Self-signed:
+		- advising
+		- bba
+		- inauguration
+		- leela
+		- preview
+		- writers
+-->
+
+<ruleset name="Highlands.edu">
+	<target host="highlands.edu" />
+	<target host="www.highlands.edu" />
+	<target host="access.highlands.edu" />
+	<target host="aceweb.highlands.edu" />
+	<target host="adfs-floyd.highlands.edu" />
+	<target host="adfs-student.highlands.edu" />
+	<target host="forms.highlands.edu" />
+	<target host="ghcinform.highlands.edu" />
+	<target host="mypassword.highlands.edu" />
+	<target host="sacscoc.highlands.edu" />
+	<target host="sauron.highlands.edu" />
+	<target host="sites.highlands.edu" />
+	<target host="sso.highlands.edu" />
+	<target host="tron.highlands.edu" />
+	<target host="tutortrac.highlands.edu" />
+	<target host="wass.highlands.edu" />
+	<target host="www2.highlands.edu" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Highsoft.com.xml b/src/chrome/content/rules/Highsoft.com.xml
new file mode 100644
index 000000000000..8b70d9368587
--- /dev/null
+++ b/src/chrome/content/rules/Highsoft.com.xml
@@ -0,0 +1,10 @@
+<!--
+	For other Highcharts.com related rulesets, see Highcharts.com.xml
+-->
+<ruleset name="Highsoft.com (partial)">
+	<target host="highsoft.com" />
+	<target host="www.highsoft.com" />
+	<target host="shop.highsoft.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Hightail.com.xml b/src/chrome/content/rules/Hightail.com.xml
new file mode 100644
index 000000000000..34b02f761485
--- /dev/null
+++ b/src/chrome/content/rules/Hightail.com.xml
@@ -0,0 +1,41 @@
+<!--
+	Nonfunctional hosts in *hightail.com:
+
+		- blog *
+
+	* WP Engine
+
+
+	^hightail.com: Redirects to http
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.hightail.com
+
+-->
+<ruleset name="Hightail.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.hightail.com" />
+
+	<!--	Complications:
+				-->
+	<target host="hightail.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.hightail\.com$" name="^symfony$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://hightail\.com/"
+		to="https://www.hightail.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Highwebmedia.com.xml b/src/chrome/content/rules/Highwebmedia.com.xml
new file mode 100644
index 000000000000..b138217d527c
--- /dev/null
+++ b/src/chrome/content/rules/Highwebmedia.com.xml
@@ -0,0 +1,35 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ssl-cdn.highwebmedia.com/ => https://ssl-cdn.highwebmedia.com/: (51, "SSL: no alternative certificate subject name matches target host name 'ssl-cdn.highwebmedia.com'")
+
+	Insecure cookies are set for these domains:
+
+		- .highwebmedia.com
+
+-->
+<ruleset name="highwebmedia.com" default_off="failed ruleset test">
+
+	<target host="ssl-ccstatic.highwebmedia.com" />
+	<target host="ssl-cdn.highwebmedia.com" />
+
+		<!--	404:
+				-->
+		<exclusion pattern="^http://ssl-ccstatic\.highwebmedia\.com/$" />
+
+			<!--	-ve:
+					-->
+			<test url="http://ssl-ccstatic.highwebmedia.com/images/loading.png" />
+
+
+	<!--	CloudFlae cookies:
+					-->
+	<!--securecookie host="^\.highwebmedia\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Hillary_Clinton.com.xml b/src/chrome/content/rules/Hillary_Clinton.com.xml
new file mode 100644
index 000000000000..883b4ba4e825
--- /dev/null
+++ b/src/chrome/content/rules/Hillary_Clinton.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="Hillary Clinton.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="hillaryclinton.com" />
+	<target host="www.hillaryclinton.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Hillingdon.gov.uk.xml b/src/chrome/content/rules/Hillingdon.gov.uk.xml
new file mode 100644
index 000000000000..766c1a86bd9f
--- /dev/null
+++ b/src/chrome/content/rules/Hillingdon.gov.uk.xml
@@ -0,0 +1,73 @@
+<!--
+	London Borough of Hillingdon
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *hillingdon.gov.uk:
+
+		- directory ᵃ
+		- moderngov ³
+
+	³ 403
+	ᵃ Shows another domain
+
+
+	Problematic hosts in *hillingdon.gov.uk:
+
+		- www.young ᵐ
+
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- booking.hillingdon.gov.uk
+
+
+	Mixed content:
+
+		- Images on www from www-apps ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="Hillingdon.gov.uk (partial)">
+
+	<target host="hillingdon.gov.uk" />
+	<target host="booking.hillingdon.gov.uk" />
+	<target host="mobile.hillingdon.gov.uk" />
+	<target host="planning.hillingdon.gov.uk" />
+	<target host="w03.hillingdon.gov.uk" />
+	<target host="w10.hillingdon.gov.uk" />
+	<target host="www.hillingdon.gov.uk" />
+	<target host="www-apps.hillingdon.gov.uk" />
+	<target host="young.hillingdon.gov.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="www.young.hillingdon.gov.uk" />
+
+		<!--	Sets cookie without Secure:
+							-->
+		<!--test url="http://booking.hillingdon.gov.uk/events.live/standardbookingprocess" /-->
+
+		<!--	Mixed images:
+					-->
+		<!--test url="http://www.hillingdon.gov.uk/service" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^booking\.hillingdon\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://www\.young\.hillingdon\.gov\.uk/"
+		to="https://young.hillingdon.gov.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Himediadx.com.xml b/src/chrome/content/rules/Himediadx.com.xml
index f308abe5b7dc..207b37c4719c 100644
--- a/src/chrome/content/rules/Himediadx.com.xml
+++ b/src/chrome/content/rules/Himediadx.com.xml
@@ -10,4 +10,4 @@
 	<rule from="^http://ad\.himediadx\.com/"
 		to="https://ib.adnxs.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Hinckley-Bosworth.gov.uk.xml b/src/chrome/content/rules/Hinckley-Bosworth.gov.uk.xml
new file mode 100644
index 000000000000..528721f31379
--- /dev/null
+++ b/src/chrome/content/rules/Hinckley-Bosworth.gov.uk.xml
@@ -0,0 +1,55 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://access.hinckley-bosworth.gov.uk/ => https://access.hinckley-bosworth.gov.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'access.hinckley-bosworth.gov.uk'")
+Fetch error: http://services.hinckley-bosworth.gov.uk/ => https://services.hinckley-bosworth.gov.uk/: (6, 'Could not resolve host: services.hinckley-bosworth.gov.uk')
+
+	Hinckley & Bosworth Borough Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *hinckley-bosworth.gov.uk:
+
+		- moderngov ⁴
+		- publicdocuments ᵃ
+
+	⁴ 404
+	ᵃ Shows another domain
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- hinckley-bosworth.gov.uk
+		- services.hinckley-bosworth.gov.uk
+		- www.hinckley-bosworth.gov.uk
+		- .www.hinckley-bosworth.gov.uk
+
+-->
+<ruleset name="Hinckley-Bosworth.gov.uk (partial)" default_off="failed ruleset test">
+
+	<target host="hinckley-bosworth.gov.uk" />
+	<target host="access.hinckley-bosworth.gov.uk" />
+	<target host="cx.hinckley-bosworth.gov.uk" />
+	<target host="pa.hinckley-bosworth.gov.uk" />
+	<target host="services.hinckley-bosworth.gov.uk" />
+	<target host="www.hinckley-bosworth.gov.uk" />
+
+		<!--	Sets cookie without Secure:
+							-->
+		<!--test url="http://eservices.hinckley-bosworth.gov.uk/publicaccesslive/selfservice/citizenportal/login.htm;jsessionid=" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?hinckley-bosworth\.gov\.uk$" name="^\w{16}$" /-->
+	<!--securecookie host="^services\.hinckley-bosworth\.gov\.uk$" name="^JSESSIONID$" /-->
+	<!--securecookie host="^\.www\.hinckley-bosworth\.gov\.uk$" name="^TestCookie$" /-->
+
+	<securecookie host="^(?!\.hinckley-bosworth\.gov\.uk$)." name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Hinckley_and_Bosworth_online.org.uk.xml b/src/chrome/content/rules/Hinckley_and_Bosworth_online.org.uk.xml
new file mode 100644
index 000000000000..6d4dbd7bfa21
--- /dev/null
+++ b/src/chrome/content/rules/Hinckley_and_Bosworth_online.org.uk.xml
@@ -0,0 +1,27 @@
+<!--
+	Hinckley & Bosworth Borough Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	(www.)?hinckleyandbosworthonline.org.uk: Dropped
+
+-->
+<ruleset name="Hinckley and Bosworth online.org.uk">
+
+	<!--	Complications:
+				-->
+	<target host="hinckleyandbosworthonline.org.uk" />
+	<target host="www.hinckleyandbosworthonline.org.uk" />
+
+
+	<!--	Redirect keeps path and args, but not forward slash:
+									-->
+	<rule from="^http://(?:www\.)?hinckleyandbosworthonline\.org\.uk/+"
+		to="https://www.hinckley-bosworth.gov.uk/" />
+
+		<test url="http://www.hinckleyandbosworthonline.org.uk/myarea" />
+		<test url="http://www.hinckleyandbosworthonline.org.uk/contact" />
+		<test url="http://www.hinckleyandbosworthonline.org.uk/atoz" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/HindustanTimes.com.xml b/src/chrome/content/rules/HindustanTimes.com.xml
new file mode 100644
index 000000000000..a66afb7a68d0
--- /dev/null
+++ b/src/chrome/content/rules/HindustanTimes.com.xml
@@ -0,0 +1,40 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+		- staging-htgifa.hindustantimes.com
+
+		SSL peer certificate was not OK:
+		- www.paathshala.hindustantimes.com
+
+		Incomplete certificate chain error:
+		- sis.hindustantimes.com
+-->
+<ruleset name="HindustanTimes.com">
+	<target host="hindustantimes.com" />
+	<target host="www.hindustantimes.com" />
+	<target host="accounts.hindustantimes.com" />
+	<target host="analytics.hindustantimes.com" />
+	<target host="auto.hindustantimes.com" />
+	<target host="bangla.hindustantimes.com" />
+	<target host="brandleadership.hindustantimes.com" />
+	<target host="epaper.hindustantimes.com" />
+	<target host="epst.hindustantimes.com" />
+	<target host="healthshots.hindustantimes.com" />
+	<target host="herowecare.hindustantimes.com" />
+	<target host="www.htgifa.hindustantimes.com" />
+	<target host="indiashopps.hindustantimes.com" />
+	<target host="kalaghoda.hindustantimes.com" />
+	<target host="liveupdates.hindustantimes.com" />
+	<target host="m.hindustantimes.com" />
+	<target host="marathi.hindustantimes.com" />
+	<target host="mmarathi.hindustantimes.com" />
+	<target host="mpunjabi.hindustantimes.com" />
+	<target host="notify.hindustantimes.com" />
+	<target host="punjabi.hindustantimes.com" />
+	<target host="reducetheuse.hindustantimes.com" />
+	<target host="unclogmumbai.hindustantimes.com" />
+
+	<securecookie host=".+" name=".+" />
+	
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Hip-Hop.ru.xml b/src/chrome/content/rules/Hip-Hop.ru.xml
new file mode 100644
index 000000000000..521e516784ac
--- /dev/null
+++ b/src/chrome/content/rules/Hip-Hop.ru.xml
@@ -0,0 +1,26 @@
+<!--
+	Mismatched (console.re):
+		- battle
+		- battle5
+		- battle6
+		- battle7
+		- battle8
+		- battle9
+		- files
+		- grundig
+		- ib15
+		- isquad
+		- kb8
+		- molodoy
+		- mral
+-->
+
+<ruleset name="Hip-Hop.ru">
+	<target host="hip-hop.ru" />
+	<target host="www.hip-hop.ru" />
+	<target host="ib16.hip-hop.ru" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/HipChat.com.xml b/src/chrome/content/rules/HipChat.com.xml
new file mode 100644
index 000000000000..7c126ac8a084
--- /dev/null
+++ b/src/chrome/content/rules/HipChat.com.xml
@@ -0,0 +1,33 @@
+<!--
+	For other Atlassian coverage, see Atlassian.xml.
+
+
+	Insecure cookies are set for these hosts:
+
+		- hipchat.com
+		- help.hipchat.com
+		- www.hipchat.com
+
+-->
+<ruleset name="HipChat.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="hipchat.com" />
+	<target host="help.hipchat.com" />
+	<target host="status.hipchat.com" />
+	<target host="www.hipchat.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?hipchat\.com$" name="^AWSELB$" /-->
+	<!--securecookie host="^help\.hipchat\.com$" name="^(?:_rf|_session_id)$" /-->
+
+	<securecookie host="^(?:help\.|www\.)?hipchat\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Hipercor.es.xml b/src/chrome/content/rules/Hipercor.es.xml
new file mode 100644
index 000000000000..602f1583e391
--- /dev/null
+++ b/src/chrome/content/rules/Hipercor.es.xml
@@ -0,0 +1,23 @@
+<!--
+	Ruleset for hipercor.es.
+	See <https://en.wikipedia.org/wiki/Hipercor>.
+
+	Not supporting HTTPS or using an invalid certificate:
+
+		* hipercor.es
+
+		* c.hipercor.es
+		* juguetes.hipercor.es
+		* www.familiasnumerosas.hipercor.es
+-->
+<ruleset name="hipercor.es">
+
+	<target host="cms.hipercor.es" />
+	<target host="cmsdescubre.hipercor.es" />
+	<target host="m.hipercor.es" />
+	<target host="www.hipercor.es" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Hipmunk.com-falsemixed.xml b/src/chrome/content/rules/Hipmunk.com-falsemixed.xml
deleted file mode 100644
index 8864737f10be..000000000000
--- a/src/chrome/content/rules/Hipmunk.com-falsemixed.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	For rules not causing false MCB, see Hipmunk.com.xml.
-
--->
-<ruleset name="Hipmunk.com (false MCB)" platform="mixedcontent">
-
-	<target host="blog.hipmunk.com" />
-	<target host="*.blog.hipmunk.com" />
-
-
-	<securecookie host="^\.blog\.hipmunk\.com$" name=".+" />
-
-
-	<rule from="^http://blog\.hipmunk\.com/"
-		to="https://blog.hipmunk.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Hipmunk.com.xml b/src/chrome/content/rules/Hipmunk.com.xml
deleted file mode 100644
index 2f1ca3a1368a..000000000000
--- a/src/chrome/content/rules/Hipmunk.com.xml
+++ /dev/null
@@ -1,40 +0,0 @@
-<!--
-	For rules causing false MCB, see Hipmunk.com-falsemixed.xml.
-
-
-	Mixed content:
-
-		- Scripts:
-
-			- on blog from blog *
-			- on blog from apis.google.com **
-			- on blog from assets.pinterest.com **
-
-		- css:
-
-			- on blog from blog *
-			- on blog from fonts.googleapis.com **
-
-		- Images:
-
-			- on blog from blog *
-			- on blog from static.dezeen.com **
-
-	* Secured by us, handled in -falsemixed.xml
-	** Secured by us
-
-
-	NB: We secure all resources, and thus
-	-falsemixed should merged with Ffx 24.
-
--->
-<ruleset name="Hipmunk.com">
-  <target host="hipmunk.com" />
-  <target host="*.hipmunk.com" />
-
-
-	<securecookie host="^(?:www)?\.hipmunk\.com$" name=".+" />
-
-
-  <rule from="^http://(www\.)?hipmunk\.com/" to="https://$1hipmunk.com/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Historical-look.org.xml b/src/chrome/content/rules/Historical-look.org.xml
new file mode 100644
index 000000000000..0c3514e408cf
--- /dev/null
+++ b/src/chrome/content/rules/Historical-look.org.xml
@@ -0,0 +1,12 @@
+<!--
+	For other openDesktop rules, see openDesktop.org.xml
+
+-->
+<ruleset name="Historical-look.org">
+
+	<target host="historical-look.org" />
+	<target host="www.historical-look.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/History.com-mismatches.xml b/src/chrome/content/rules/History.com-mismatches.xml
deleted file mode 100644
index 51485097d6e0..000000000000
--- a/src/chrome/content/rules/History.com-mismatches.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	For rules that are on by default, see History.com.xml
-
--->
-<ruleset name="History.com (mismatches)" default_off="mismatch">
-
-	<!--	Akamai	-->
-	<target host="history.com" />
-	<target host="www.history.com" />
-
-
-	<!--	Cookies are handled in History.com.xml.
-
-
-		- !www doesn't work over https
-		- !www redirects to www over http
-					-->
-	<rule from="^https?://(?:www\.)?history\.com/"
-		to="https://www.history.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/History.com.xml b/src/chrome/content/rules/History.com.xml
index bccfcc9c6a9c..76ec077f2bed 100644
--- a/src/chrome/content/rules/History.com.xml
+++ b/src/chrome/content/rules/History.com.xml
@@ -1,17 +1,50 @@
 <!--
-	For problematic rules, see History.com-mismatches.xml.
+	Time out:
+		history.com
+		auth.history.com
+		military.history.com
 
--->
-<ruleset name="History.com (partial)">
+	Invalid certificate:
+		amp.history.com
+		cp82591.history.com
+		custom.history.com
+		emails.history.com
+		l.emails.history.com
+
+	Mixed content:
+		css.history.com
+		dev-css.history.com
+		dev-js.history.com
+		js.history.com
 
-	<target host="*.history.com" />
+	No working URL known:
+		cwcassl.history.com
+		facts.history.com
+		oakislanddig.history.com
+		openid.history.com
+		player.history.com
+		ssl.history.com
 
+	Refused:
+		quiz.history.com
+
+-->
+<ruleset name="History.com">
 
-	<securecookie host="^.*\.history\.com$" name=".*" />
+	<target host="history.com" />
+	<target host="www.history.com" />
+	<target host="cdn.history.com" />
+		<test url="http://cdn.history.com/sites/2/2014/01/mlk-1965-selma-montgomery-march-P.jpeg" />
+	<target host="dev.history.com" />
+	<target host="forgedgame.history.com" />
+	<target host="preview.history.com" />
+	<target host="roots.history.com" />
+	<target host="watch.history.com" />
 
+	<rule from="^http://history\.com/"
+		to="https://www.history.com/" />
 
-	<!--	shop: Akamai			-->
-	<rule from="^https?://s(?:ecure|shop)\.history\.com/"
-		to="https://secure.history.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/History_Today.xml b/src/chrome/content/rules/History_Today.xml
index 73e1a60d3732..1e1db2289900 100644
--- a/src/chrome/content/rules/History_Today.xml
+++ b/src/chrome/content/rules/History_Today.xml
@@ -1,15 +1,36 @@
 <!--
 	- !www: mismatched, CN: acquia-sites.com
-	- Some pages redirect to http, including login and registration
+
+
+	Mixed content:
+
+		- css on www from fonts.googleapis.com *
+
+		- Images, on:
+
+			- www from m.
+			- www from $self *
+
+		- Bug on www from cdn-images.mailchimp.com *
+
+	* Secured by us
 
 -->
-<ruleset name="History Today (partial)">
+<ruleset name="History Today.com (partial)">
 
-	<target host="historytoday.com" />
+	<!--	Direct rewrites:
+				-->
 	<target host="www.historytoday.com" />
 
+	<!--	Complications:
+				-->
+	<target host="historytoday.com" />
+
+
+	<rule from="^http://historytoday\.com/"
+		to="https://www.historytoday.com/" />
 
-	<rule from="^http://(?:www\.)?historytoday\.com/(misc|sites)/"
-		to="https://www.historytoday.com/$2/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/HitBTC.com.xml b/src/chrome/content/rules/HitBTC.com.xml
new file mode 100644
index 000000000000..5ff463e3d345
--- /dev/null
+++ b/src/chrome/content/rules/HitBTC.com.xml
@@ -0,0 +1,39 @@
+<!--
+	Fully covered subdomains:
+
+		- (www.)?
+		- affiliate
+		- auth
+		- blog
+		- demo
+		- forum
+
+
+	Insecure cookies are set for these domains:
+
+		- hitbtc.com
+		- forum.hitbtc.com
+
+-->
+<ruleset name="HitBTC.com">
+
+	<target host="hitbtc.com" />
+	<target host="affiliate.hitbtc.com" />
+	<target host="auth.hitbtc.com" />
+	<target host="blog.hitbtc.com" />
+	<target host="demo.hitbtc.com" />
+	<target host="forum.hitbtc.com" />
+	<target host="www.hitbtc.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^hitbtc\.com$" name="^ref_id$" /-->
+	<!--securecookie host="^forum\.hitbtc\.com$" name="^Vanilla" /-->
+
+	<securecookie host="^(?:\.|forum\.)?hitbtc\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/HitLeap.com.xml b/src/chrome/content/rules/HitLeap.com.xml
deleted file mode 100644
index dffdde1ea68c..000000000000
--- a/src/chrome/content/rules/HitLeap.com.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="HitLeap.com">
-
-	<target host="hitleap.com" />
-	<target host="*.hitleap.com" />
-
-
-	<securecookie host="^\.hitleap\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?hitleap\.com/"
-		to="https://$1hitleap.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Hitachi_Data_Systems.xml b/src/chrome/content/rules/Hitachi_Data_Systems.xml
index a6abe4e73679..1bad50cb91cb 100644
--- a/src/chrome/content/rules/Hitachi_Data_Systems.xml
+++ b/src/chrome/content/rules/Hitachi_Data_Systems.xml
@@ -1,20 +1,38 @@
 <!--
-	Nonfunctional subdomains:
+	Non-functional hosts
+		Couldn't connect to server:
+		- qr.hds.com
 
-		- (www.)	(times out)
-		- channelone	(reset, expired 2013-02-08)
+		Timeout was reached:
+		- channelone.hds.com
 
+		Expired certificates:
+		- blogs.hds.com
+
+		Incomplete certificate chain error:
+		- apps.hds.com
+		- changepoint.hds.com
+		- edemo.hds.com
 -->
 <ruleset name="Hitachi Data Systems (partial)">
-
-	<target host="*.hds.com" />
-
-
-	<!--securecookie host="^\.hds\.com$" name="^W(?:T_FPC|WW_HDS_PROD)$" /-->
-	<securecookie host="^(?:blogs|portal|sdc)\.hds\.com$" name=".+" />
-
-
-	<rule from="^http://(blogs|portal|sdc)\.hds\.com/"
-		to="https://$1.hds.com/" />
-
-</ruleset>
\ No newline at end of file
+	<target host="hds.com" />
+	<target host="www.hds.com" />
+	<target host="benefits.hds.com" />
+	<target host="www.benefits.hds.com" />
+	<target host="community.hds.com" />
+	<target host="download.hds.com" />
+	<target host="hcpanywhere.hds.com" />
+	<target host="knowledge.hds.com" />
+	<target host="newshub.hds.com" />
+	<target host="pages.hds.com" />
+	<target host="partner.hds.com" />
+	<target host="phonefactor.hds.com" />
+	<target host="portal.hds.com" />
+	<target host="sdc.hds.com" />
+	<target host="selfserve.hds.com" />
+	<target host="sso.hds.com" />
+	<target host="support.hds.com" />
+	<target host="tuf.hds.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Hitbox.com.xml b/src/chrome/content/rules/Hitbox.com.xml
deleted file mode 100644
index 225d847065a7..000000000000
--- a/src/chrome/content/rules/Hitbox.com.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	For other Adobe coverage, see Adobe.xml.
-
-
-	Fully covered subdomains:
-
-		- ai
-		- ehg
-		- login
-		- \w+		(per-client subdomains)
-
--->
-<ruleset name="Hitbox.com">
-
-	<target host="hitbox.com" />
-	<target host="*.hitbox.com" />
-
-
-	<rule from="^https?://(?:www\.)?hitbox\.com/(?:.*)"
-		to="https://www.omniture.com/" />
-
-	<rule from="^http://([\w-])\.hitbox\.com/"
-		to="https://$1.hitbox.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Hitbox.tv.xml b/src/chrome/content/rules/Hitbox.tv.xml
new file mode 100644
index 000000000000..f63679b8143c
--- /dev/null
+++ b/src/chrome/content/rules/Hitbox.tv.xml
@@ -0,0 +1,10 @@
+<!--
+Disabled per https://github.com/EFForg/https-everywhere/issues/1616
+Site doesn't load properly, just keeps reloading/redirecting
+-->
+<ruleset name="hitbox.tv" default_off="broken">
+	<target host="www.hitbox.tv" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Hitfarm.xml b/src/chrome/content/rules/Hitfarm.xml
index 60103588c3e4..50099f2cf991 100644
--- a/src/chrome/content/rules/Hitfarm.xml
+++ b/src/chrome/content/rules/Hitfarm.xml
@@ -4,12 +4,12 @@
 	<target host="www.hitfarm.com" />
 
 
-	<securecookie host="^www\.hitfarm.com$" name=".*" />
+	<securecookie host="^www\.hitfarm.com$" name=".+" />
 
 
 	<!--	Cert only matches *.hitfarm.com
 						-->
-	<rule from="^https?://(?:www\.)?hitfarm\.com/"
+	<rule from="^http://(?:www\.)?hitfarm\.com/"
 		to="https://www.hitfarm.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/HitsLink.xml b/src/chrome/content/rules/HitsLink.xml
index fef93a88ec9a..a58c2b0c57c1 100644
--- a/src/chrome/content/rules/HitsLink.xml
+++ b/src/chrome/content/rules/HitsLink.xml
@@ -2,28 +2,17 @@
 	For other Net Applications coverage, see Net-Applications.xml.
 
 -->
-<ruleset name="HitsLink">
+<ruleset name="HitsLink.com">
 
 	<target host="hitslink.com" />
-	<target host="*.hitslink.com" />
-	<target host="loc1.hitsprocessor.com" />
-	<target host="realtimestats.com" />
-	<target host="www.realtimestats.com" />
+	<target host="counter.hitslink.com" />
+	<target host="www.hitslink.com" />
 
 
-	<securecookie host="^(.*\.)?hitslink\.com$" name=".*" />
-	<securecookie host="^loc1\.hitsprocessor\.com$" name=".*" />
-	<securecookie host="^realtimestats\.com$" name=".*" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(counter\.|www\.)?hitslink\.com/"
-		to="https://$1hitslink.com/" />
-
-	<rule from="^http://loc1\.hitsprocessor\.com/"
-		to="https://loc1.hitsprocessor.com/" />
-
-	<!--	Cert only matches !www.	-->
-	<rule from="^https?://(?:www\.)?realtimestats\.com/"
-		to="https://realtimestats.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Hits_processor.com.xml b/src/chrome/content/rules/Hits_processor.com.xml
new file mode 100644
index 000000000000..2ca3f33c8dff
--- /dev/null
+++ b/src/chrome/content/rules/Hits_processor.com.xml
@@ -0,0 +1,23 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://loc1.hitsprocessor.com/ => https://loc1.hitsprocessor.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	For other Net Applications coverage, see Net-Applications.xml.
+
+
+	(www.)?hitsprocessor.com doesn't exist.
+
+-->
+<ruleset name="Hits processor.com" default_off="failed ruleset test">
+
+	<target host="loc1.hitsprocessor.com" />
+
+
+	<securecookie host="^loc1\.hitsprocessor\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Hive.co.uk.xml b/src/chrome/content/rules/Hive.co.uk.xml
new file mode 100644
index 000000000000..88d8c2dea398
--- /dev/null
+++ b/src/chrome/content/rules/Hive.co.uk.xml
@@ -0,0 +1,7 @@
+<ruleset name="Hive.co.uk">
+	<target host="hive.co.uk" />
+	<target host="www.hive.co.uk" />
+	<target host="blog.hive.co.uk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Hiveage.com.xml b/src/chrome/content/rules/Hiveage.com.xml
new file mode 100644
index 000000000000..c7c3e4c2114b
--- /dev/null
+++ b/src/chrome/content/rules/Hiveage.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Other Vesess rulesets:
+
+		- Vesess.xml
+
+
+	Nonfunctional hosts in *hiveage.com:
+
+		- support *
+
+	* Plaintext reply
+
+-->
+<ruleset name="Hiveage.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="hiveage.com" />
+	<target host="www.hiveage.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Hivelocity-Hosting.xml b/src/chrome/content/rules/Hivelocity-Hosting.xml
index ed9d3bd19cbc..5bdb672e3b4f 100644
--- a/src/chrome/content/rules/Hivelocity-Hosting.xml
+++ b/src/chrome/content/rules/Hivelocity-Hosting.xml
@@ -1,13 +1,13 @@
 <ruleset name="Hivelocity Hosting">
 
 	<target host="hivelocity.net" />
-	<target host="*.hivelocity.net" />
+	<target host="my.hivelocity.net" />
+	<target host="www.hivelocity.net" />
 
 
 	<securecookie host="^.*\.hivelocity\.net$" name=".+" />
 
 
-	<rule from="^http://(my\.|www\.)?hivelocity\.net/"
-		to="https://$1hivelocity.net/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Hivos.nl.xml b/src/chrome/content/rules/Hivos.nl.xml
new file mode 100644
index 000000000000..e59570e1c48e
--- /dev/null
+++ b/src/chrome/content/rules/Hivos.nl.xml
@@ -0,0 +1,23 @@
+<!--
+	Other Hivos rulesets:
+
+		- Hivos.org.xml
+
+-->
+<ruleset name="Hivos.nl">
+
+	<target host="hivos.nl" />
+	<target host="www.hivos.nl" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?hivos.nl$" name="^eZSESSID$" /-->
+
+	<securecookie host="^(?:www\.)?hivos.nl$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Hivos.org.xml b/src/chrome/content/rules/Hivos.org.xml
new file mode 100644
index 000000000000..18d5816d62ff
--- /dev/null
+++ b/src/chrome/content/rules/Hivos.org.xml
@@ -0,0 +1,49 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://hivoice-ct.hivos.org/ => https://hivoice-ct.hivos.org/: (51, "SSL: no alternative certificate subject name matches target host name 'hivoice-ct.hivos.org'")
+Fetch error: http://hivoice-ot.hivos.org/ => https://hivoice-ot.hivos.org/: (51, "SSL: no alternative certificate subject name matches target host name 'hivoice-ot.hivos.org'")
+Fetch error: http://india.hivos.org/ => https://india.hivos.org/: (52, 'Empty reply from server')
+
+	For other Hivos coverage, see Hivos.nl.xml.
+
+
+	Problematic hosts in *hivos.org:
+
+		- m ¹
+		- (www.)openforchange ²
+
+	¹ 404
+	² different content; mismatched, CN: digitaldefenders.org
+
+-->
+<ruleset name="Hivos.org" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+					-->
+	<target host="hivos.org" />
+	<target host="central-america.hivos.org" />
+	<target host="east-africa.hivos.org" />
+	<target host="hivoice.hivos.org" />
+	<target host="hivoice-ct.hivos.org" />
+	<target host="hivoice-ot.hivos.org" />
+	<target host="india.hivos.org" />
+	<target host="mail.hivos.org" />
+	<target host="sea.hivos.org" />
+	<target host="south-america.hivos.org" />
+	<target host="southern-africa.hivos.org" />
+	<target host="westasia.hivos.org" />
+	<target host="www.hivos.org" />
+
+	<!--	Complications:
+				-->
+	<target host="m.hivos.org" />
+
+
+	<rule from="^http://m\.hivos\.org/"
+		to="https://hivos.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Hizli_Saat.xml b/src/chrome/content/rules/Hizli_Saat.xml
index 1c1e13cf23d4..50a5e82ced30 100644
--- a/src/chrome/content/rules/Hizli_Saat.xml
+++ b/src/chrome/content/rules/Hizli_Saat.xml
@@ -1,13 +1,23 @@
-<ruleset name="Hızlı Saat">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://hizlisaat.com/ => https://hizlisaat.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://gozluk.hizlisaat.com/ => https://gozluk.hizlisaat.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://taki.hizlisaat.com/ => https://taki.hizlisaat.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.hizlisaat.com/ => https://www.hizlisaat.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+-->
+<ruleset name="Hızlı Saat" default_off="failed ruleset test">
 
 	<target host="hizlisaat.com" />
-	<target host="*.hizlisaat.com" />
+	<target host="gozluk.hizlisaat.com" />
+	<target host="taki.hizlisaat.com" />
+	<target host="www.hizlisaat.com" />
 
 
-	<securecookie host="^(?:.*\.)?hizlisaat\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(gozluk\.|taki\.|www\.)?hizlisaat\.com/"
-		to="https://$1hizlisaat.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Hizliresim.com.xml b/src/chrome/content/rules/Hizliresim.com.xml
new file mode 100644
index 000000000000..e43249376452
--- /dev/null
+++ b/src/chrome/content/rules/Hizliresim.com.xml
@@ -0,0 +1,15 @@
+<!--
+Invalid certificate:
+	gallery.hizliresim.com
+-->
+<ruleset name="Hizliresim.com">
+	<target host="hizliresim.com"/>
+	<target host="www.hizliresim.com"/>
+	<target host="beta.hizliresim.com"/>
+	<target host="gallery.hizliresim.com"/>
+	<target host="i.hizliresim.com"/>
+	<target host="t.hizliresim.com"/>
+
+	<rule from="^http://gallery\.hizliresim\.com/" to="https://hizliresim.com/"/>
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/Hizook.xml b/src/chrome/content/rules/Hizook.xml
index 7671e7d7ea10..e1ac26e15009 100644
--- a/src/chrome/content/rules/Hizook.xml
+++ b/src/chrome/content/rules/Hizook.xml
@@ -1,9 +1,9 @@
-<ruleset name="hizook.com" default_off="mismatch">
+<ruleset name="hizook.com" default_off="mismatched">
 
 	<target host="hizook.com"/>
 	<target host="www.hizook.com"/>
 
-	<securecookie host="^(.*\.)?hizook\.com$" name=".*"/>
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http://(?:www\.)?hizook\.com/"
 		to="https://www.hizook.com/"/>
diff --git a/src/chrome/content/rules/Hjv.dk.xml b/src/chrome/content/rules/Hjv.dk.xml
index 23fb637e0597..c960c1575fe1 100644
--- a/src/chrome/content/rules/Hjv.dk.xml
+++ b/src/chrome/content/rules/Hjv.dk.xml
@@ -1,8 +1,14 @@
-<ruleset name="Hjv.dk" platform="mixedcontent">
-  <target host="hjv.dk" />
-  <target host="www.hjv.dk" />
-  <target host="specmod.hjv.dk" />
+<!--
+	(www.)?hjv.dk: Redirects to logon
 
-  <rule from="^http://(www\.)?hjv\.dk/" to="https://www.hjv.dk/" />
-  <rule from="^http://specmod\.hjv\.dk/" to="https://specmod.hjv.dk/" />
+-->
+<ruleset name="Hjv.dk (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="logon.hjv.dk" />
+
+
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Hjv.kursuslogin.dk.xml b/src/chrome/content/rules/Hjv.kursuslogin.dk.xml
index fa78dafd29fd..d04bc5e3f5d4 100644
--- a/src/chrome/content/rules/Hjv.kursuslogin.dk.xml
+++ b/src/chrome/content/rules/Hjv.kursuslogin.dk.xml
@@ -1,5 +1,5 @@
 <ruleset name="Hjv.kursuslogin.dk">
   <target host="hjv.kursuslogin.dk" />
 
-  <rule from="^http://hjv\.kursuslogin\.dk/" to="https://hjv.kursuslogin.dk/" />
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Hlmod.ru.xml b/src/chrome/content/rules/Hlmod.ru.xml
new file mode 100644
index 000000000000..6a7de7efb5b5
--- /dev/null
+++ b/src/chrome/content/rules/Hlmod.ru.xml
@@ -0,0 +1,6 @@
+<ruleset name="Hlmod.ru" platform="mixedcontent">
+	<target host="hlmod.ru" />
+	<target host="www.hlmod.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Hmapps.net.xml b/src/chrome/content/rules/Hmapps.net.xml
index 15316b23025a..232db1e1c7e6 100644
--- a/src/chrome/content/rules/Hmapps.net.xml
+++ b/src/chrome/content/rules/Hmapps.net.xml
@@ -1,4 +1,11 @@
-<ruleset name="hmapps.net">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://hmapps.net/ => https://hmapps.net/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.hmapps.net/ => https://www.hmapps.net/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+-->
+<ruleset name="hmapps.net" default_off="failed ruleset test">
 
 	<target host="hmapps.net" />
 	<target host="www.hmapps.net" />
@@ -7,7 +14,6 @@
 	<securecookie host="^(?:www\.)?hmapps\.net$" name=".+" />
 
 
-	<rule from="^http://(www\.)?hmapps\.net/"
-		to="https://$1hmapps.net/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Hn.premii.com.xml b/src/chrome/content/rules/Hn.premii.com.xml
new file mode 100644
index 000000000000..bbdf0762897d
--- /dev/null
+++ b/src/chrome/content/rules/Hn.premii.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="Hn.premii.com">
+	<target host="premii.com" />
+	<target host="hn.premii.com" />
+	<target host="reddit.premii.com" />
+	<target host="www.premii.com" />
+
+
+	<rule from="^http://www\.premii\.com/"
+		to="https://premii.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/HobbyKing.xml b/src/chrome/content/rules/HobbyKing.xml
index 692d33bd1ead..41c4db5efaf6 100644
--- a/src/chrome/content/rules/HobbyKing.xml
+++ b/src/chrome/content/rules/HobbyKing.xml
@@ -3,5 +3,4 @@
   <target host="www.hobbyking.com"/>
   <rule from="^http://www\.hobbyking\.com/" to="https://www.hobbyking.com/"/>
   <rule from="^http://hobbyking\.com/" to="https://www.hobbyking.com/"/>
-  <rule from="^https://hobbyking\.com/" to="https://www.hobbyking.com/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/Hobocomp.com.xml b/src/chrome/content/rules/Hobocomp.com.xml
deleted file mode 100644
index 2ab08232869c..000000000000
--- a/src/chrome/content/rules/Hobocomp.com.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="Hobocomp.com">
-
-	<target host="hobocomp.com" />
-	<target host="www.hobocomp.com" />
-
-
-	<rule from="^http://(www\.)?hobocomp\.com/"
-		to="https://$1hobocomp.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Hobsons-EMT.xml b/src/chrome/content/rules/Hobsons-EMT.xml
index 1385a14f0ace..02e1f126a293 100644
--- a/src/chrome/content/rules/Hobsons-EMT.xml
+++ b/src/chrome/content/rules/Hobsons-EMT.xml
@@ -5,7 +5,14 @@
 	<target host="*.askadmissions.net" />
 
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^sdsugrad\.askadmissions\.net$" name="^BIGipServer~Connect~con_vip_pool_SJC$" /-->
+
+	<securecookie host="^\w.*\.askadmissions\.net$" name=".+" />
+
+
 	<rule from="^http://([\w-]+)\.askadmissions\.net/"
 		to="https://$1.askadmissions.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Hochschule-Esslingen.xml b/src/chrome/content/rules/Hochschule-Esslingen.xml
index f2002262e904..8b8e396ec565 100644
--- a/src/chrome/content/rules/Hochschule-Esslingen.xml
+++ b/src/chrome/content/rules/Hochschule-Esslingen.xml
@@ -1,18 +1,26 @@
-<ruleset name="Hochschule Esslingen (partial)" default_off="self-signed">
+<ruleset name="Hochschule Esslingen (partial)">
 
 	<target host="hs-esslingen.de"/>
 	<target host="ftp-stud.hs-esslingen.de"/>
 	<target host="idp.hs-esslingen.de"/>
+	<target host="mirror1.hs-esslingen.de"/>
 	<target host="webmail.hs-esslingen.de"/>
 	<target host="www.hs-esslingen.de"/>
 	<target host="www2.hs-esslingen.de"/>
 
-	<rule from="^http://(ftp-stud|idp|webmail|www2)\.hs-esslingen\.de/"
+	<test url="http://www.hs-esslingen.de/de/studieninteressierte.html" />
+	<test url="http://www.hs-esslingen.de/de/aktuelles.html" />
+	<test url="http://www.hs-esslingen.de/de/aktuelles/he-stellenangebote.html" />
+	<test url="http://www.hs-esslingen.de/en/prospective-students.html" />
+	<test url="http://hs-esslingen.de/en/international.html" />
+
+	<rule from="^http://(ftp-stud|idp|mirror1|webmail|www2)\.hs-esslingen\.de/"
 		to="https://$1.hs-esslingen.de/"/>
 
-	<rule from="^http://(www\.)?hs-esslingen\.de/(fileadmin/|typo3(conf|temp)/|de/nc/(aktuelles/hochschulkalender\.html|he-portal/)|index\.php\?id=(\d+no_cache=1|88114))"
+	<rule from="^http://(www\.)?hs-esslingen\.de/((de|en)/.+)"
 		to="https://www.hs-esslingen.de/$2"/>
 
-</ruleset>
+	<exclusion pattern="^http://hs-esslingen.de/$" />
+	<exclusion pattern="^http://www.hs-esslingen.de/$" />
 
-	
+</ruleset>
diff --git a/src/chrome/content/rules/Hochschule-Trier.de.xml b/src/chrome/content/rules/Hochschule-Trier.de.xml
new file mode 100644
index 000000000000..7ac1d66f11d6
--- /dev/null
+++ b/src/chrome/content/rules/Hochschule-Trier.de.xml
@@ -0,0 +1,52 @@
+<!--
+	Trier University of Applied Sciences
+
+
+	Nonfunctional subdomains:
+
+		- blog ¹
+		- firmenkontaktmesse ²
+
+	¹ Shows webserver-3.umwelt-campus.de
+	² Shows king.fh-trier.de
+
+
+	Fully covered subdomains:
+
+		- (www.)?
+		- autodiscover		(→ autodiscover.fh-trier.de)
+		- (www.)?asta
+		- fht
+		- fsi
+		- lists
+		- (www.)?protron
+		- rft
+		- rz
+		- rzshop
+
+-->
+<ruleset name="Hochschule-Trier.de (partial)">
+
+	<target host="hochschule-trier.de" />
+	<target host="autodiscover.hochschule-trier.de" />
+	<target host="asta.hochschule-trier.de" />
+	<target host="www.asta.hochschule-trier.de" />
+	<target host="fht.hochschule-trier.de" />
+	<target host="fsi.hochschule-trier.de" />
+	<target host="lists.hochschule-trier.de" />
+	<target host="protron.hochschule-trier.de" />
+	<target host="www.protron.hochschule-trier.de" />
+	<target host="rft.hochschule-trier.de" />
+	<target host="rz.hochschule-trier.de" />
+	<target host="rzshop.hochschule-trier.de" />
+	<target host="www.hochschule-trier.de" />
+
+
+	<!--	Redirect preserves path and args:
+							-->
+	<rule from="^http://autodiscover\.hochschule-trier\.de/"
+		to="https://autodiscover.fh-trier.de/" />
+
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Hochwasser-RLP.de.xml b/src/chrome/content/rules/Hochwasser-RLP.de.xml
new file mode 100644
index 000000000000..363598822cfe
--- /dev/null
+++ b/src/chrome/content/rules/Hochwasser-RLP.de.xml
@@ -0,0 +1,22 @@
+<!--
+	Timeout:
+		masffmh.hochwasser-rlp.de
+		materialien.hochwasser-rlp.de
+-->
+<ruleset name="Hochwasser-RLP.de">
+
+	<target host="hochwasser-rlp.de" />
+	<target host="www.hochwasser-rlp.de" />
+	<target host="cdn.hochwasser-rlp.de" />
+	<target host="fruehwarnung.hochwasser-rlp.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<!-- Timeout on https://hochwasser-rlp.de/,
+		http://hochwasser-rlp.de/ redirects to http://www.hochwasser-rlp.de/. -->
+	<rule from="^http://hochwasser-rlp\.de/"
+			to="https://www.hochwasser-rlp.de/" />
+
+	<rule from="^http:" to="https:" />
+	
+</ruleset>
diff --git a/src/chrome/content/rules/Hochwasserzentralen.de.xml b/src/chrome/content/rules/Hochwasserzentralen.de.xml
new file mode 100644
index 000000000000..03d3eac3c1be
--- /dev/null
+++ b/src/chrome/content/rules/Hochwasserzentralen.de.xml
@@ -0,0 +1,19 @@
+<!--
+	See also:
+		- Hochwasserzentralen.info.xml
+		- mhwz.de.xml
+
+	Invalid certificate:
+		- m.hochwasserzentralen.de
+-->
+<ruleset name="Hochwasserzentralen.de">
+
+	<target host="hochwasserzentralen.de" />
+	<target host="www.hochwasserzentralen.de" />
+	<target host="media.hochwasserzentralen.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Hochwasserzentralen.info.xml b/src/chrome/content/rules/Hochwasserzentralen.info.xml
new file mode 100644
index 000000000000..36d7d14619ae
--- /dev/null
+++ b/src/chrome/content/rules/Hochwasserzentralen.info.xml
@@ -0,0 +1,17 @@
+<!--
+	See also:
+		- Hochwasserzentralen.info.xml
+		- mhwz.de.xml
+
+	This domain contains a wildcard DNS record.
+-->
+<ruleset name="Hochwasserzentralen.info">
+
+	<target host="hochwasserzentralen.info" />
+	<target host="www.hochwasserzentralen.info" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Hoefler-and-Frere-Jones.xml b/src/chrome/content/rules/Hoefler-and-Frere-Jones.xml
deleted file mode 100644
index c524bf07c690..000000000000
--- a/src/chrome/content/rules/Hoefler-and-Frere-Jones.xml
+++ /dev/null
@@ -1,28 +0,0 @@
-<!--
-	CDN buckets:
-
-		- fnts.s3.amazonaws.com
-
-
-	Problematic subdomains:
-
-		- (www.)	(mismatched, CN: secure.typography.com)
-		- cloud		(mismatched, CN: ssl.typography.com)
-
--->
-<ruleset name="Hoefler &amp; Frere-Jones (partial)">
-
-	<target host="typography.com" />
-	<target host="*.typography.com" />
-
-
-	<rule from="^https?://(?:www\.)?typography\.com/(cart|images|include)/"
-		to="https://secure.typography.com/$1/" />
-
-	<rule from="^https?://(?:cloud|ssl)\.typography\.com/"
-		to="https://ssl.typography.com/" />
-
-	<rule from="^http://secure\.typography\.com/"
-		to="https://secure.typography.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Hoeringsportalen.dk.xml b/src/chrome/content/rules/Hoeringsportalen.dk.xml
new file mode 100644
index 000000000000..2e2fc589325c
--- /dev/null
+++ b/src/chrome/content/rules/Hoeringsportalen.dk.xml
@@ -0,0 +1,10 @@
+<!--
+	Note: www. not currently covered in cert.
+-->
+<ruleset name="Hoeringsportalen.dk">
+  <target host="hoeringsportalen.dk" />
+  <target host="www.hoeringsportalen.dk" />
+
+  <rule from="^http://(www\.)?hoeringsportalen\.dk/"
+	to="https://hoeringsportalen.dk/" />
+</ruleset>
diff --git a/src/chrome/content/rules/Hofstra-University.xml b/src/chrome/content/rules/Hofstra-University.xml
index 6ecee39d3d2c..14c999a7b67b 100644
--- a/src/chrome/content/rules/Hofstra-University.xml
+++ b/src/chrome/content/rules/Hofstra-University.xml
@@ -6,7 +6,6 @@
 
 	<!--	Cert only matches *.hofstra.edu.
 						-->
-	<rule from="^http://(?:www\.)?hofstra\.edu/"
-		to="https://www.hofstra.edu/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Hola.xml b/src/chrome/content/rules/Hola.xml
index 7fee7d1b4648..05ea693ce14e 100644
--- a/src/chrome/content/rules/Hola.xml
+++ b/src/chrome/content/rules/Hola.xml
@@ -1,10 +1,21 @@
+<!--
+	These altnames don't exist:
+
+		- www.cdn4.hola.org
+
+-->
 <ruleset name="Hola">
 
 	<target host="hola.org" />
+	<target host="cdn4.hola.org" />
 	<target host="www.hola.org" />
 
 
-	<rule from="^http://(www\.)?hola\.org/"
-		to="https://$1hola.org/" />
+	<!--	Not secured by server:
+					-->
+	<securecookie host="^(?:www\.)?hola\.org$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Holarse-LinuxGaming.de.xml b/src/chrome/content/rules/Holarse-LinuxGaming.de.xml
new file mode 100644
index 000000000000..d66c121a7989
--- /dev/null
+++ b/src/chrome/content/rules/Holarse-LinuxGaming.de.xml
@@ -0,0 +1,9 @@
+<ruleset name="Holarse-Linuxgaming.de">
+
+	<target host="holarse-linuxgaming.de" />
+	<target host="www.holarse-linuxgaming.de" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Holba.ch.xml b/src/chrome/content/rules/Holba.ch.xml
new file mode 100644
index 000000000000..367b5f946282
--- /dev/null
+++ b/src/chrome/content/rules/Holba.ch.xml
@@ -0,0 +1,9 @@
+<ruleset name="Holba.ch">
+
+	<target host="daniel.holba.ch" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Holder.com.ua.xml b/src/chrome/content/rules/Holder.com.ua.xml
new file mode 100644
index 000000000000..f4c56e255b8f
--- /dev/null
+++ b/src/chrome/content/rules/Holder.com.ua.xml
@@ -0,0 +1,24 @@
+<!--
+	(www.)?: Refused
+
+
+	Insecure cookies are set for these domains:
+
+		- .holder.com.ua
+
+-->
+<ruleset name="Holder.com.ua (partial)">
+
+	<target host="h.holder.com.ua" />
+	<target host="i.holder.com.ua" />
+
+
+	<!--	Not secured by server:
+					-->
+	<securecookie host="^\.holder\.com\.ua$" name="^U$" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Holder_de_ord.no.xml b/src/chrome/content/rules/Holder_de_ord.no.xml
new file mode 100644
index 000000000000..cadff72cd713
--- /dev/null
+++ b/src/chrome/content/rules/Holder_de_ord.no.xml
@@ -0,0 +1,20 @@
+<!--
+	^: refused
+
+
+	Mixed content:
+
+		- Web bugs from tns.tns-cs.net *
+
+	* Unsecurable <= refused
+
+-->
+<ruleset name="Holder de ord.no">
+
+	<target host="holderdeord.no" />
+	<target host="www.holderdeord.no" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/HolidayBullshit.com.xml b/src/chrome/content/rules/HolidayBullshit.com.xml
new file mode 100644
index 000000000000..5672b0ad801c
--- /dev/null
+++ b/src/chrome/content/rules/HolidayBullshit.com.xml
@@ -0,0 +1,22 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://holidaybullshit.com/ => https://www.holidaybullshit.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.holidaybullshit.com/ => https://www.holidaybullshit.com/: (60, 'SSL certificate problem: certificate has expired')
+
+	For other Cards Against Humanity coverage, see Cards_Against_Humanity.com.xml.
+
+
+	^: refused
+
+-->
+<ruleset name="HolidayBullshit.com" default_off="failed ruleset test">
+
+	<target host="holidaybullshit.com" />
+	<target host="www.holidaybullshit.com" />
+
+
+	<rule from="^http://(?:www\.)?holidaybullshit\.com/"
+		to="https://www.holidaybullshit.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/HolidayExtras.com.xml b/src/chrome/content/rules/HolidayExtras.com.xml
new file mode 100644
index 000000000000..722d144a63e0
--- /dev/null
+++ b/src/chrome/content/rules/HolidayExtras.com.xml
@@ -0,0 +1,43 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://holidayextras.co.uk/ => https://holidayextras.co.uk/: Too many redirects while fetching 'https://holidayextras.co.uk/'
+Fetch error: http://secure.holidayextras.co.uk/ => https://secure.holidayextras.co.uk/: Too many redirects while fetching 'https://secure.holidayextras.co.uk/'
+Fetch error: http://www.holidayextras.co.uk/ => https://www.holidayextras.co.uk/: Too many redirects while fetching 'https://www.holidayextras.co.uk/'
+Fetch error: http://holidayextras.com/ => https://www.holidayextras.com/: Too many redirects while fetching 'https://www.holidayextras.com/'
+Fetch error: http://www.holidayextras.com/ => https://www.holidayextras.com/: Too many redirects while fetching 'https://www.holidayextras.com/'
+
+	Problematic subdomain:
+		- holidayextras.com		(¹, CN: www.hxtrack.com)
+			- brand			(timeout)
+
+		- holidayextras.co.uk
+			- docs			(¹, CN: *.pagely.com, pagely.com)
+			- join			(¹, CN: *.pagely.com, pagely.com)
+			- mobile		(¹, CN: *.herokuapp.com)
+			- press-office		(¹, CN: *.pagely.com, pagely.com)
+
+		¹ hostname mismatch
+-->
+<ruleset name="HolidayExtras.com" default_off="failed ruleset test">
+	<target host="holidayextras.co.uk" />
+	<target host="app.holidayextras.co.uk" />
+	<target host="hungrygeek.holidayextras.co.uk" />
+	<target host="hxtrack.holidayextras.co.uk" />
+	<target host="secure.holidayextras.co.uk" />
+	<target host="v2.holidayextras.co.uk" />
+	<target host="www.holidayextras.co.uk" />
+	<target host="holidayextras.com" />
+	<target host="www.holidayextras.com" />
+	<target host="static1.holidayextras.com" />
+	<target host="static2.holidayextras.com" />
+	<target host="static4.holidayextras.com" />
+	<target host="open-source.holidayextras.com" />
+
+	<!-- Cert mismatch: -->
+	<rule from="^http://holidayextras\.com/"
+		to="https://www.holidayextras.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Holidaybreak-mismatches.xml b/src/chrome/content/rules/Holidaybreak-mismatches.xml
index 7a6dd8f1e7f8..9de17cd63597 100644
--- a/src/chrome/content/rules/Holidaybreak-mismatches.xml
+++ b/src/chrome/content/rules/Holidaybreak-mismatches.xml
@@ -1,11 +1,11 @@
-<ruleset name="Holiday Break (mismathes)" default_off="mismatch">
+<ruleset name="Holiday Break (mismathes)" default_off="mismatched">
 
 	<target host="nachtjeweg.nl"/>
 	<target host="www.nachtjeweg.nl"/>
 		<!--	homepage redirects to http	-->
-		<exclusion pattern="^http://(www\.)?nachtjeweg\.nl/$"/>
+		<exclusion pattern="^http://(?:www\.)?nachtjeweg\.nl/$"/>
 
-	<securecookie host="^(.*\.)?nachtjeweg\.nl$" name=".*"/>
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http://(?:www\.)?nachtjeweg\.nl/"
 		to="https://www.nachtjeweg.nl/"/>
diff --git a/src/chrome/content/rules/Holidaybreak.xml b/src/chrome/content/rules/Holidaybreak.xml
index 8bf6e87f1c7a..b197e6b63261 100644
--- a/src/chrome/content/rules/Holidaybreak.xml
+++ b/src/chrome/content/rules/Holidaybreak.xml
@@ -1,6 +1,18 @@
-<!--	!functional:
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://holidaybreak.co.uk/ => https://ww7.investorrelations.co.uk/holidaybreak/: (7, 'Failed to connect to ww7.investorrelations.co.uk port 443: Connection timed out')
+Fetch error: http://www.holidaybreak.co.uk/ => https://ww7.investorrelations.co.uk/holidaybreak/: (7, 'Failed to connect to ww7.investorrelations.co.uk port 443: Connection timed out')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://holidaybreak.co.uk/ => https://ww7.investorrelations.co.uk/holidaybreak/: (6, 'Could not resolve host: holidaybreak.co.uk')
+Fetch error: http://www.holidaybreak.co.uk/ => https://ww7.investorrelations.co.uk/holidaybreak/: (7, 'Failed to connect to ww7.investorrelations.co.uk port 443: Connection timed out')
+
+	For other Bookit coverage, see bookit.nl.xml.
+
+
+	!functional:
 		- www.nstgroup.co.uk	(cert: *.secure-secure.co.uk; 404)
-		- affiliates.superbreak.com
 
 	See Holidaybreak-mismatches.xml for problematic rules.
 
@@ -13,54 +25,20 @@
 	* Reset
 
 -->
-<ruleset name="Holidaybreak (partial)" platform="mixedcontent">
+<ruleset name="Holidaybreak (partial)" platform="mixedcontent" default_off="failed ruleset test">
 
-	<target host="bookit.nl"/>
-	<target host="www.bookit.nl"/>
-	<target host="djoser.nl"/>
-	<target host="*.djoser.nl"/>
 	<target host="djoserjunior.nl"/>
 	<target host="www.djoserjunior.nl"/>
 	<target host="djoserwandelenfiets.nl"/>
 	<target host="www.djoserwandelenfiets.nl"/>
-	<target host="explore.co.uk"/>
-	<target host="www.explore.co.uk"/>
 	<target host="holidaybreak.co.uk"/>
 	<target host="www.holidaybreak.co.uk"/>
-	<target host="pgl.co.uk"/>
-	<target host="www.pgl.co.uk"/>
-	<target host="superbreak.com"/>
-	<!--	* for cross-domain cookie	-->
-	<target host="*.superbreak.com"/>
 	<target host="*.superbreak.net" />
-	<target host="weekendjeweg.nl"/>
-	<target host="www.weekendjeweg.nl"/>
-		<!--	homepage redirects to http	-->
-		<exclusion pattern="^http://www\.weekendjeweg\.nl/$"/>
-
-
-	<securecookie host="^(.*\.)(bookit|weekendjeweg)\.nl$" name=".*"/>
-	<securecookie host="^(.*\.)pgl\.co\.uk$" name=".*"/>
-	<securecookie host="^(.*\.)superbreak\.com$" name=".*"/>
 
 
-	<!--	cert !valid for !www	-->
-	<rule from="^http://(?:www\.)?bookit\.nl/"
-		to="https://www.bookit.nl/"/>
-
-	<!--	!www !work		-->
-	<rule from="^http://(?:www\.)?djoser\.nl/assets/"
-		to="https://djoser.nl/assets/"/>
-
-	<rule from="^http://cache[12]\.djoser\.nl/assets/djoser_2012-1\.0\.56/"
-		to="https://djoser.nl/assets/djoser_2012/"/>
-
 	<rule from="^http://(?:www\.)?djoser(?:junior|wandelenfiets)\.nl/(asset|cs|image)s/"
 		to="https://djoser.nl/assets/$1s/"/>
 
-	<rule from="^http://(www\.)?explore\.co\.uk/(images/|media/|templates/)"
-		to="https://$1explore.co.uk/$2"/>
-
 	<!--	cert !valid for holidaybreak.co.uk	-->
 	<rule from="^http://(?:www\.)?holidaybreak\.co\.uk/(?:holidaybreak/)?"
 		to="https://ww7.investorrelations.co.uk/holidaybreak/"/>
@@ -69,13 +47,7 @@
 	<rule from="^http://(?:www\.)?pgl\.co\.uk/"
 		to="https://www.pgl.co.uk/"/>
 
-	<rule from="^http://(www\.)?superbreak\.com/"
-		to="https://$1superbreak.com/"/>
-
-	<rule from="^http://(img1|static)\.superbreak\.(?:com|net)/"
+	<rule from="^http://(?:img1|static)\.superbreak\.net/"
 		to="https://www.superbreak.com/"/>
 
-	<!--	cert !valid for !www	-->
-	<rule from="^http://(?:www\.)?weekendjeweg\.nl/(favicon\.ico|resources/)"
-		to="https://www.weekendjeweg.nl/$1"/>
 </ruleset>
diff --git a/src/chrome/content/rules/Holland.pk.xml b/src/chrome/content/rules/Holland.pk.xml
new file mode 100644
index 000000000000..2f9dcd102742
--- /dev/null
+++ b/src/chrome/content/rules/Holland.pk.xml
@@ -0,0 +1,14 @@
+<!--
+	Non-functional hosts
+		Couldn't resolve host name:
+			 - upload.holland.pk
+
+-->
+<ruleset name="Holland.pk">
+	<target host="holland.pk" />
+	<target host="www.holland.pk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Hollywood-Reporter-mismatches.xml b/src/chrome/content/rules/Hollywood-Reporter-mismatches.xml
deleted file mode 100644
index ddcb286306d0..000000000000
--- a/src/chrome/content/rules/Hollywood-Reporter-mismatches.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	For rules that are on by default, see Hollywood-Reporter.xml.
-
--->
-<ruleset name="Hollywood Reporter (mismatches)" default_off="mismatch">
-
-	<target host="hollywoodreporter.com" />
-	<target host="www.hollywoodreporter.com" />
-		<!--
-			Handled in Hollywood-Reporter.xml:
-								-->
-		<exclusion pattern="^http://(?:www\.)?hollywoodreporter\.com/(?:favicon\.ico|sites/(?!default/files/css/(?!css_02b3ba95a2adca47bf1e40d170fcaa56\.css)))" />
-	<target host="*.pgmcdn.net" />
-
-
-	<rule from="^http://(?:(?:www\.)?hollywoodreporter\.com|thr\d\.pgmcdn\.net)/"
-		to="https://www.hollywoodreporter.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Hollywood-Reporter.xml b/src/chrome/content/rules/Hollywood-Reporter.xml
index 6d30a89fe94b..0318fd7fb0e3 100644
--- a/src/chrome/content/rules/Hollywood-Reporter.xml
+++ b/src/chrome/content/rules/Hollywood-Reporter.xml
@@ -1,62 +1,41 @@
 <!--
-	For problematic rules, see Hollywood-Reporter-mismatches.xml.
 
-
-	CDN buckets:
-
-		- www.hollywoodreporter.com.edgesuite.net
-
-			- a1682.g.akamai.net
-			- thr[1-4].pgmcdn.net
-
-		- hollywoodreporter.mobify.com
-
-			- m
-
-
-	Nonfunctional subdomains:
-
-		- origin-www	(404, self-signed)
-
-
-	Problematic domains:
-
-		- hollywoodreporter.com subdomains:
-
-			- ^		(redirects to www, mismatched, CN: *.hollywoodreporter.com)
-			- edit		(works, expired 2013-06-20)
-			- m		(shows mobify.com; mismatched, CN: *.mobify.com)
-			- www *
-
-		- thr[1-4].pgmcdn.net *
-
-	*  Wworks, akamai
+	Problematic hosts in *hollywoodreporter.com:
+
+		- awards ᵐ
+		- edit (redirects to http)
+		- features ᵐ
+		- feed (faulty https server)
+		- game (redirects to http)
+		- horizon ᵐ
+		- interstellar ᵐ
+		- link ᵐ
+		- live ᵐ
+		- m (https timeout)
+		- mobile (redirects to http)
+		- origin1-www (redirects to  http)
+		- qa (redirects to http)
+		- rewired (redirects to  http)
+		- riskybusiness (redirects to  http)
+		- secure (redirects to http)
+		- ssl-www (redirects to http)
+		- thresq (redirects to  http)
+		- video (timeout)
+		- videos ᵐ
+		- www1 (no https)
+
+	ᵐ Mismatched
 
 -->
 <ruleset name="Hollywood Reporter (partial)">
 
 	<target host="hollywoodreporter.com" />
-	<target host="*.hollywoodreporter.com" />
-		<!--
-			Avoid user-visible paths:
-							-->
-		<exclusion pattern="^http://(?:www\.)?hollywoodreporter\.com/(?!favicon\.ico|sites/)" />
-		<!--
-			css_c602cf5d0b126628beb7012985fd4591 links to images relative /
-											-->
-		<exclusion pattern="^http://(?:www\.)?hollywoodreporter\.com/sites/default/files/css/(?!css_02b3ba95a2adca47bf1e40d170fcaa56\.css)" />
-
-
-	<securecookie host=".+\.hollywoodreporter\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?hollywoodreporter\.com/"
-		to="https://a248.e.akamai.net/f/1682/7219/8m/www.hollywoodreporter.com/" />
-
-	<rule from="^http://m\.hollywoodreporter\.com/mobify/"
-		to="https://hollywoodreporter.mobify.com/mobify/" />
+	<target host="www.hollywoodreporter.com" />
 
-	<rule from="^http://s(ecure|ubscribe)\.hollywoodreporter\.com/"
-		to="https://s$1.hollywoodreporter.com/" />
+	<target host="amp.hollywoodreporter.com" />
+	<target host="shop.hollywoodreporter.com" />
+	<target host="subscribe.hollywoodreporter.com" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Hollywood_Life.com.xml b/src/chrome/content/rules/Hollywood_Life.com.xml
new file mode 100644
index 000000000000..a01d37be09ac
--- /dev/null
+++ b/src/chrome/content/rules/Hollywood_Life.com.xml
@@ -0,0 +1,36 @@
+<!--
+	www.hollywoodlife.com: Mismatched
+
+
+	Mixed content:
+
+		- css from fonts.googleapis.com *
+
+		- Images, from:
+
+			- www-hollywoodlife-com.vimg.net *
+			- pmchollywoodlife.files.wordpress.com *
+			- i\d.wp.com *
+
+		- Bug from b.scorecardresearch.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Hollywood Life.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="hollywoodlife.com" />
+
+	<!--	Complications:
+				-->
+	<target host="www.hollywoodlife.com" />
+
+	<rule from="^http://www\.hollywoodlife\.com/"
+		to="https://hollywoodlife.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Hololive.tv.xml b/src/chrome/content/rules/Hololive.tv.xml
new file mode 100644
index 000000000000..a4ae113c15dd
--- /dev/null
+++ b/src/chrome/content/rules/Hololive.tv.xml
@@ -0,0 +1,15 @@
+<ruleset name="Hololive.tv">
+	<target host="hololive.tv" />
+	<target host="www.hololive.tv" />
+	<target host="alt.hololive.tv" />
+	<target host="beyondthestage.hololive.tv" />
+	<target host="bloom.hololive.tv" />
+	<target host="en.hololive.tv" />
+	<target host="from1st.hololive.tv" />
+	<target host="www.nonstop.hololive.tv" />
+	<target host="schedule.hololive.tv" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Holoscripter.org.xml b/src/chrome/content/rules/Holoscripter.org.xml
deleted file mode 100644
index 62dcdcb1ecee..000000000000
--- a/src/chrome/content/rules/Holoscripter.org.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Holoscripter.org">
-
-	<target host="holoscripter.org" />
-	<target host="*.holoscripter.org" />
-
-
-	<securecookie host="^(?:w*\.)?holoscripter\.org$" name=".+" />
-
-
-	<rule from="^http://(www\.)?holoscripter\.org/"
-		to="https://$1holoscripter.org/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Holtstrom.com.xml b/src/chrome/content/rules/Holtstrom.com.xml
new file mode 100644
index 000000000000..ecbb5f2bbbd5
--- /dev/null
+++ b/src/chrome/content/rules/Holtstrom.com.xml
@@ -0,0 +1,19 @@
+<!--
+	Mixed content:
+
+		- css from $self *
+		- Image from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Holtstrom.com (false MCB)" platform="mixedcontent">
+
+	<target host="holtstrom.com" />
+	<target host="www.holtstrom.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Holtwick-IT-mismatches.xml b/src/chrome/content/rules/Holtwick-IT-mismatches.xml
deleted file mode 100644
index 8982be74edd1..000000000000
--- a/src/chrome/content/rules/Holtwick-IT-mismatches.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="Holtwick IT (mismatches)" default_off="self-signed">
-
-	<target host="holtwick.it"/>
-	<target host="www.holtwick.it"/>
-
-	<rule from="^http://(?:www\.)?holtwick\.it/"
-		to="https://www.holtwick.it/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Holtwick-IT.xml b/src/chrome/content/rules/Holtwick-IT.xml
index 83f3722c8599..a34acb46bf71 100644
--- a/src/chrome/content/rules/Holtwick-IT.xml
+++ b/src/chrome/content/rules/Holtwick-IT.xml
@@ -1,9 +1,10 @@
 <ruleset name="Holtwick IT (partial)">
 
-	<target host="apperdeck.com"/>
-	<target host="www.apperdeck.com"/>
+	<target host="apperdeck.com" />
+	<target host="www.apperdeck.com" />
+	<target host="holtwick.it" />
+	<target host="www.holtwick.it" />
 
-	<rule from="^http://(www\.)?apperdeck\.com/"
-		to="https://$1apperdeck.com/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/HolyQuran.net.xml b/src/chrome/content/rules/HolyQuran.net.xml
new file mode 100644
index 000000000000..d318bc23b9dc
--- /dev/null
+++ b/src/chrome/content/rules/HolyQuran.net.xml
@@ -0,0 +1,8 @@
+<ruleset name="HolyQuran.net">
+	<target host="holyquran.net" />
+	<target host="www.holyquran.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Home-Assistant.io.xml b/src/chrome/content/rules/Home-Assistant.io.xml
new file mode 100644
index 000000000000..6f608aa598fc
--- /dev/null
+++ b/src/chrome/content/rules/Home-Assistant.io.xml
@@ -0,0 +1,22 @@
+<ruleset name="Home-Assistant.io">
+	<target host="home-assistant.io" />
+	<target host="www.home-assistant.io" />
+	<target host="alerts.home-assistant.io" />
+	<target host="cast.home-assistant.io" />
+	<target host="cla.home-assistant.io" />
+	<target host="community.home-assistant.io" />
+	<target host="companion.home-assistant.io" />
+	<target host="data.home-assistant.io" />
+	<target host="demo.home-assistant.io" />
+	<target host="dev-docs.home-assistant.io" />
+	<target host="developers.home-assistant.io" />
+	<target host="ios-push.home-assistant.io" />
+	<target host="mobile-apps.home-assistant.io" />
+	<target host="next.home-assistant.io" />
+	<target host="rc.home-assistant.io" />
+	<target host="status.home-assistant.io" />
+	<target host="updater.home-assistant.io" />
+	<target host="version.home-assistant.io" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Home-of-the-Sebijk.com.xml b/src/chrome/content/rules/Home-of-the-Sebijk.com.xml
index 302c427c6f90..6c5df51a1a8a 100644
--- a/src/chrome/content/rules/Home-of-the-Sebijk.com.xml
+++ b/src/chrome/content/rules/Home-of-the-Sebijk.com.xml
@@ -1,6 +1,14 @@
-<ruleset name="Home of the Sebijk.com">
-  <target host="www.sebijk.com"/>
-  <target host="freemail.sebijk.com"/>
-  <rule from="^http://(www\.)?sebijk\.com/" to="https://www.sebijk.com/"/>
-  <rule from="^http://(www\.)?freemail\.sebijk\.com/" to="https://freemail.sebijk.com/"/>
-</ruleset>
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.sebijk.com/ => https://www.sebijk.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://freemail.sebijk.com/ => https://freemail.sebijk.com/: Redirect for 'http://freemail.sebijk.com/' missing Location
+-->
+<ruleset name="Home of the Sebijk.com" default_off="failed ruleset test">
+  <target host="www.sebijk.com"/>
+  <target host="freemail.sebijk.com"/>
+  <rule from="^http://(?:www\.)?sebijk\.com/" to="https://www.sebijk.com/"/>
+  <rule from="^http://(?:www\.)?freemail\.sebijk\.com/" to="https://freemail.sebijk.com/"/>
+</ruleset>
diff --git a/src/chrome/content/rules/Home.ch.xml b/src/chrome/content/rules/Home.ch.xml
index 95078ce754d6..282f063ba037 100644
--- a/src/chrome/content/rules/Home.ch.xml
+++ b/src/chrome/content/rules/Home.ch.xml
@@ -14,7 +14,6 @@
 	<securecookie host="^www\.home\.ch$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?home\.ch/"
-		to="https://www.home.ch/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Home.pl.xml b/src/chrome/content/rules/Home.pl.xml
index bbc9b8db52d1..2c46b335d179 100644
--- a/src/chrome/content/rules/Home.pl.xml
+++ b/src/chrome/content/rules/Home.pl.xml
@@ -9,17 +9,20 @@
 <ruleset name="home.pl">
 
 	<target host="home.pl" />
-	<target host="*.home.pl" />
-	<target host="*.akcje.home.pl" />
-	<target host="*.panel.home.pl" />
-	<target host="*.poczta.home.pl" />
-	<target host="*.m.poczta.home.pl" />
+	<target host="akcje.home.pl" />
+	<target host="hq.home.pl" />
+	<target host="m.home.pl" />
+	<target host="panel.home.pl" />
+	<target host="poczta.home.pl" />
+	<target host="m.poczta.home.pl" />
+	<target host="pomoc.home.pl" />
+	<target host="rozwijaj.home.pl" />
+	<target host="www.home.pl" />
 
 
-	<securecookie host="^(?:.+\.)?home\.pl$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://((?:akcje|hq|m|panel|(?:m\.)?poczta|pomoc|rozwijaj|www)\.)?home\.pl/"
-		to="https://$1home.pl/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/HomeBello.xml b/src/chrome/content/rules/HomeBello.xml
index 187848e72ad8..af0143db8ac8 100644
--- a/src/chrome/content/rules/HomeBello.xml
+++ b/src/chrome/content/rules/HomeBello.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(www\.)?homebello\.com/((?:checkout|contact|order-status)(?:$|\?)|content/|css/|images/|photos/|Public/|store_image/|Styles/)"
 		to="https://$1homebello.com/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/HomeFinder.com.xml b/src/chrome/content/rules/HomeFinder.com.xml
index 2a5f3b5db03c..43970d6e439c 100644
--- a/src/chrome/content/rules/HomeFinder.com.xml
+++ b/src/chrome/content/rules/HomeFinder.com.xml
@@ -1,12 +1,21 @@
 <!--
-	Problematic subdomains:
+	Nonfunctional hosts in *homefinder.com:
 
-		- ^	(works, cert only matches www)
+		- aboutus *
+
+	* WP Engine
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- homefinder.com
+		- .homefinder.com
+		- www.homefinder.com
 
 
 	Mixed content:
 
-		- Web bug on www from ips-invite.iperceptions.com *
+		- favicon from $self *
 
 	* Secured by us
 
@@ -15,21 +24,18 @@
 
 	<target host="homefinder.com" />
 	<target host="www.homefinder.com" />
-		<!--
-			404:
-				-->
-		<exclusion pattern="^http://(?:www\.)?homefinder\.com/widgets/" />
 
 
-	<!--securecookie host="^\.homefinder\.com$" name="^PHPSESSID$" /-->
-	<!--
-		Tracking cookies:
+	<!--	Not secured by server:
 					-->
-	<securecookie host="^\.homefinder\.com$" name="^__utm\w$" />
-	<securecookie host="^www\.homefinder\.com$" name="^(?:hf_adv|ki_[tu])$" />
+	<!--securecookie host="^homefinder\.com$" name="^con$" /-->
+	<!--securecookie host="^\.homefinder\.com$" name="^(?:__utm\w|PHPSESSID)$" /-->
+	<!--securecookie host="^www\.homefinder\.com$" name="^(?:con|hf_adv|ki_[tu])$" /-->
+
+	<securecookie host="^(?:\.|www\.)?homefinder\.com$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?homefinder\.com/"
-		to="https://www.homefinder.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/HomeInsurance.com.xml b/src/chrome/content/rules/HomeInsurance.com.xml
index 529689fe173e..4f602bdd034e 100644
--- a/src/chrome/content/rules/HomeInsurance.com.xml
+++ b/src/chrome/content/rules/HomeInsurance.com.xml
@@ -1,13 +1,12 @@
 <ruleset name="HomeInsurance.com">
 
 	<target host="homeinsurance.com" />
-	<target host="*.homeinsurance.com" />
+	<target host="www.homeinsurance.com" />
 
 
 	<securecookie host="^\.homeinsurance\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?homeinsurance\.com/"
-		to="https://$1homeinsurance.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/HomeTheaterReview.com.xml b/src/chrome/content/rules/HomeTheaterReview.com.xml
new file mode 100644
index 000000000000..ebb01fa9efa2
--- /dev/null
+++ b/src/chrome/content/rules/HomeTheaterReview.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="HomeTheaterReview.com">
+
+	<target host="hometheaterreview.com" />
+	<target host="www.hometheaterreview.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Home_Depot.com-problematic.xml b/src/chrome/content/rules/Home_Depot.com-problematic.xml
index 4d440cb509d1..c9a84df028a8 100644
--- a/src/chrome/content/rules/Home_Depot.com-problematic.xml
+++ b/src/chrome/content/rules/Home_Depot.com-problematic.xml
@@ -18,4 +18,4 @@
 	<rule from="^http://(ir|www)\.homedepot\.com/"
 		to="https://$1.homedepot.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Home_Depot.com.xml b/src/chrome/content/rules/Home_Depot.com.xml
index 38af395bed28..c9216155db7b 100644
--- a/src/chrome/content/rules/Home_Depot.com.xml
+++ b/src/chrome/content/rules/Home_Depot.com.xml
@@ -105,8 +105,10 @@
 
 	<securecookie host="^(?:hdapps|hdconnect|homedepotlink|thdfed)?\.homedepot\.com$" name=".+" />
 
+	<!-- www removed from this rule because of server-side breakage:
+	https://github.com/EFForg/https-everywhere/issues/409 -->
 
-	<rule from="^http://(?:secure2\.|www\.)?homedepot\.com/"
+	<rule from="^http://secure2\.homedepot\.com/"
 		to="https://secure2.homedepot.com/" />
 
 	<rule from="^http://(?:www\.)?community\.homedepot\.com/"
@@ -121,4 +123,4 @@
 	<rule from="^http://ir\.homedepot\.com/(client|WebSideStory)/"
 		to="https://origin-phoenix.corporate-ir.net/$1/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Home_Depot_Foundation.org.xml b/src/chrome/content/rules/Home_Depot_Foundation.org.xml
index d29ba3e0774e..44486148dd58 100644
--- a/src/chrome/content/rules/Home_Depot_Foundation.org.xml
+++ b/src/chrome/content/rules/Home_Depot_Foundation.org.xml
@@ -14,4 +14,4 @@
 	<rule from="^http://(?:www\.)?homedepotfoundation\.org/"
 		to="https://homedepotfoundation.org/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Home_Mentors.com.xml b/src/chrome/content/rules/Home_Mentors.com.xml
new file mode 100644
index 000000000000..2f14bc3cda11
--- /dev/null
+++ b/src/chrome/content/rules/Home_Mentors.com.xml
@@ -0,0 +1,16 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://homementors.com/ => https://homementors.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.homementors.com/ => https://www.homementors.com/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="Home Mentors.com" default_off="failed ruleset test">
+
+	<target host="homementors.com" />
+	<target host="www.homementors.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Home_buzz.co.uk.xml b/src/chrome/content/rules/Home_buzz.co.uk.xml
index c73cc56dfad5..f0d5d5f52b3c 100644
--- a/src/chrome/content/rules/Home_buzz.co.uk.xml
+++ b/src/chrome/content/rules/Home_buzz.co.uk.xml
@@ -1,13 +1,13 @@
-<ruleset name="home buzz.co.uk">
+<ruleset name="home buzz.co.uk" default_off="503">
 
 	<target host="homebuzz.co.uk" />
-	<target host="*.homebuzz.co.uk" />
+	<target host="www.homebuzz.co.uk" />
 
 
 	<securecookie host="^(?:www)?\.homebuzz\.co\.uk$" name=".+" />
 
 
-	<rule from="^http://(www\.)?homebuzz\.co\.uk/"
-		to="https://$1homebuzz.co.uk/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Homecomputing.fr.xml b/src/chrome/content/rules/Homecomputing.fr.xml
index ee657d8e50b6..eb42223a1d61 100644
--- a/src/chrome/content/rules/Homecomputing.fr.xml
+++ b/src/chrome/content/rules/Homecomputing.fr.xml
@@ -1,7 +1,63 @@
-<ruleset name="Homecomputing.fr" default_off="self-signed">
-  <target host="homecomputing.fr" />
-  <target host="*.homecomputing.fr" />
+<!--
+	No working URL known:
+		3d.homecomputing.fr (401)
+		homecomputing.fr (404)
+		autoconfig.homecomputing.fr (403)
+		automation.homecomputing.fr (401)
+		books.homecomputing.fr (401)
+		bugs.homecomputing.fr (404)
+		calendar.homecomputing.fr (404)
+		cam1.homecomputing.fr (404)
+		ci.homecomputing.fr (404)
+		cups.homecomputing.fr (401)
+		dashboard.homecomputing.fr (404)
+		dav.homecomputing.fr (404)
+		davical.homecomputing.fr (404)
+		edf.homecomputing.fr (404)
+		ezine.homecomputing.fr (404)
+		files.homecomputing.fr (404)
+		freebox.homecomputing.fr (404)
+		gege2061.homecomputing.fr (404)
+		git.homecomputing.fr (404)
+		id.homecomputing.fr
+		pastebin.homecomputing.fr (404)
+		pg.homecomputing.fr (404)
+		photo.homecomputing.fr (404)
+		rspamd.homecomputing.fr (401)
+		rss.homecomputing.fr (401)
+		s.homecomputing.fr (404)
+		sav.homecomputing.fr (401)
+		seeks.homecomputing.fr (404)
+		static.homecomputing.fr (403)
+		stats.homecomputing.fr (404)
+		sync.homecomputing.fr (404)
+		system.homecomputing.fr (401)
+		telecomix.homecomputing.fr (404)
+		torrent.homecomputing.fr (401)
+		todo.homecomputing.fr (404)
+		wiki.homecomputing.fr (401)
+
+	Private subdomain:
+		cloud.homecomputing.fr
+		courses.homecomputing.fr
+		graph.homecomputing.fr
+		livre.homecomputing.fr
+		poche.homecomputing.fr
+
+-->
+
+<ruleset name="Homecomputing.fr">
+
+	<target host="code.homecomputing.fr" />
+	<target host="ezines.homecomputing.fr" />
+	<target host="horaires.homecomputing.fr" />
+	<target host="osm.homecomputing.fr" />
+	<target host="porn.homecomputing.fr" />
+	<target host="paste.homecomputing.fr" />
+	<target host="sanpi.homecomputing.fr" />
+	<target host="search.homecomputing.fr" />
+	<target host="status.homecomputing.fr" />
+
+	<rule from="^http:" to="https:" />
 
-  <rule from="^http://homecomputing\.fr/" to="https://www.homecomputing.fr/"/>
-  <rule from="^http://([^@/:]*)\.homecomputing\.fr/" to="https://$1.homecomputing.fr/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/Homeless_Veterans.co.uk.xml b/src/chrome/content/rules/Homeless_Veterans.co.uk.xml
new file mode 100644
index 000000000000..4aa6e98f8132
--- /dev/null
+++ b/src/chrome/content/rules/Homeless_Veterans.co.uk.xml
@@ -0,0 +1,63 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://homelessveterans.co.uk/ => https://homelessveterans.co.uk/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://donate.homelessveterans.co.uk/ => https://donate.homelessveterans.co.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'donate.homelessveterans.co.uk'")
+
+	For rules causing false/broken MCB, see Homeless_Veterans.co.uk-falsemixed.xml.
+
+
+	NB: Tor users cannot view* this website due to CloudFlare settings.
+
+	See:
+
+		- https://blog.torproject.org/blog/call-arms-helping-internet-services-accept-anonymous-users
+		- https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block-Tor-
+		- https://support.cloudflare.com/hc/en-us/articles/200170206-How-do-I-turn-I-m-Under-Attack-mode-on-
+
+	* without enabling javascript, for security and privacy implications see e.g.:
+
+		- https://www.mozilla.org/security/known-vulnerabilities/firefox.html
+		- https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-fingerprinting
+		- https://panopticlick.eff.org
+
+
+	Mixed content:
+
+		- css from $self ¹
+
+		- Images, on www from:
+
+			- $self ¹
+			- www.independent.co.uk ²
+
+	¹ Secured by us
+	² Unsecurable <= 504
+
+
+	Insecure cookies are set for these domains:
+
+		- donate
+
+-->
+<ruleset name="Homeless Veterans.co.uk (partial)" default_off="failed ruleset test">
+
+	<target host="homelessveterans.co.uk" />
+	<target host="donate.homelessveterans.co.uk" />
+	<target host="www.homelessveterans.co.uk" />
+		<!--
+			Avoid broken MCB:
+						-->
+		<exclusion pattern="^http://www\.homelessveterans\.co\.uk/+(?!favicon\.ico|wp-content/|wp-includes/)" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^donate\.homelessveterans\.co\.uk$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^donate\.homelessveterans\.co\.uk$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Homeless_World_Cup.xml b/src/chrome/content/rules/Homeless_World_Cup.xml
index 51960b7fa765..9af98cf8001a 100644
--- a/src/chrome/content/rules/Homeless_World_Cup.xml
+++ b/src/chrome/content/rules/Homeless_World_Cup.xml
@@ -1,13 +1,12 @@
 <ruleset name="Homeless World Cup">
 
 	<target host="homelessworldcup.org" />
-	<target host="*.homelessworldcup.org" />
+	<target host="www.homelessworldcup.org" />
 
 
 	<securecookie host="^(?:www)?\.homelessworldcup\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?homelessworldcup\.org/"
-		to="https://$1homelessworldcup.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Homosexuelle-Arbeitsgruppen-Bern.xml b/src/chrome/content/rules/Homosexuelle-Arbeitsgruppen-Bern.xml
new file mode 100644
index 000000000000..83d8e7e86e81
--- /dev/null
+++ b/src/chrome/content/rules/Homosexuelle-Arbeitsgruppen-Bern.xml
@@ -0,0 +1,39 @@
+<ruleset name="Homosexuelle Arbeitsgruppen Bern">
+	<target host="hab.lgbt" />
+	<target host="www.hab.lgbt" />
+	<target host="3ganganmeldung.hab.lgbt" />
+	<target host="www.3ganganmeldung.hab.lgbt" />
+	<target host="girls.hab.lgbt" />
+	<target host="www.girls.hab.lgbt" />
+	<target host="intern.hab.lgbt" />
+	<target host="www.intern.hab.lgbt" />
+	<target host="msd.hab.lgbt" />
+	<target host="www.msd.hab.lgbt" />
+	<target host="onlinekatalog.hab.lgbt" />
+	<target host="www.onlinekatalog.hab.lgbt" />
+	<target host="umfragen.hab.lgbt" />
+	<target host="www.umfragen.hab.lgbt" />
+	<target host="vorstandadmin.hab.lgbt" />
+	<target host="www.vorstandadmin.hab.lgbt" />
+	<target host="wp01.hab.lgbt" />
+	<target host="www.wp01.hab.lgbt" />
+
+	<target host="gayagenda.lgbt" />
+	<target host="www.gayagenda.lgbt" />
+
+	<target host="3gang.ch" />
+	<target host="www.3gang.ch" />
+
+	<target host="cominginn.ch" />
+	<target host="www.cominginn.ch" />
+
+	<target host="gaybern.ch" />
+	<target host="www.gaybern.ch" />
+
+	<target host="ha-bern.ch" />
+	<target host="www.ha-bern.ch" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/HomotopyTypeTheory.org.xml b/src/chrome/content/rules/HomotopyTypeTheory.org.xml
new file mode 100644
index 000000000000..f9a319df4ea9
--- /dev/null
+++ b/src/chrome/content/rules/HomotopyTypeTheory.org.xml
@@ -0,0 +1,11 @@
+<!--
+    Homotopy type theory
+-->
+<ruleset name="HomotopyTypeTheory.org">
+	<target host="homotopytypetheory.org" />
+	<target host="www.homotopytypetheory.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Honest.com.xml b/src/chrome/content/rules/Honest.com.xml
new file mode 100644
index 000000000000..eda934f15b1a
--- /dev/null
+++ b/src/chrome/content/rules/Honest.com.xml
@@ -0,0 +1,41 @@
+<!--
+	Fully covered subdomains:
+
+		- (www.)?
+		- blog
+		- img
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .honest.com
+		- www.honest.com
+
+
+	Mixed content:
+
+		- css on blog from fonts.googleapis.com *
+		- Images on blog from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Honest.com">
+
+	<target host="honest.com" />
+	<target host="blog.honest.com" />
+	<target host="img.honest.com" />
+	<target host="www.honest.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.honest\.com$" name="^_session_id$" /-->
+	<!--securecookie host="^www\.honest\.com$" name="^(clientSideTokenize|multi)$" /-->
+
+	<securecookie host="^(?:www)?\.honest\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Honest_Policy.xml b/src/chrome/content/rules/Honest_Policy.xml
index 8d47de4bce48..2bc485282df6 100644
--- a/src/chrome/content/rules/Honest_Policy.xml
+++ b/src/chrome/content/rules/Honest_Policy.xml
@@ -1,13 +1,12 @@
 <ruleset name="Honest Policy">
 
 	<target host="honestpolicy.com" />
-	<target host="*.honestpolicy.com" />
+	<target host="www.honestpolicy.com" />
 
 
 	<securecookie host="^\.honestpolicy\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?honestpolicy\.com/"
-		to="https://$1honestpolicy.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/HoneyBeeLoans.com.xml b/src/chrome/content/rules/HoneyBeeLoans.com.xml
index a4be18ad08ab..e4f73fa16f04 100644
--- a/src/chrome/content/rules/HoneyBeeLoans.com.xml
+++ b/src/chrome/content/rules/HoneyBeeLoans.com.xml
@@ -1,13 +1,19 @@
-<ruleset name="HoneyBeeLoans.com">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://honeybeeloans.com/ => https://honeybeeloans.com/: (6, 'Could not resolve host: honeybeeloans.com')
+Fetch error: http://www.honeybeeloans.com/ => https://www.honeybeeloans.com/: (6, 'Could not resolve host: www.honeybeeloans.com')
+
+-->
+<ruleset name="HoneyBeeLoans.com" default_off="failed ruleset test">
 
 	<target host="honeybeeloans.com" />
-	<target host="*.honeybeeloans.com" />
+	<target host="www.honeybeeloans.com" />
 
 
 	<securecookie host="^(?:w*\.)?honeybeeloans\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?honeybeeloans\.com/"
-		to="https://$1honeybeeloans.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Hong_Kong_Stock_Exchange.xml b/src/chrome/content/rules/Hong_Kong_Stock_Exchange.xml
deleted file mode 100644
index 04042ccb54b2..000000000000
--- a/src/chrome/content/rules/Hong_Kong_Stock_Exchange.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- m	(times out)
-
-
-	Problematic subdomains:
-
-		- ^	(times out)
-
--->
-<ruleset name="Hong Kong Stock Exchange (partial)">
-
-	<target host="hkex.com.hk" />
-	<target host="www.hkex.com.hk" />
-
-
-	<securecookie host="^www\.hkex\.com\.hk$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?hkex\.com\.hk/"
-		to="https://www.hkex.com.hk/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Honolulu_Star_Advertiser.xml b/src/chrome/content/rules/Honolulu_Star_Advertiser.xml
index d583f16967cd..06d294a4ffb3 100644
--- a/src/chrome/content/rules/Honolulu_Star_Advertiser.xml
+++ b/src/chrome/content/rules/Honolulu_Star_Advertiser.xml
@@ -1,4 +1,10 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://staradvertiser.com/ => https://www.staradvertiser.com/: Too many redirects while fetching 'https://www.staradvertiser.com/'
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://staradvertiser.com/ => https://www.staradvertiser.com/: Cycle detected - URL already encountered: https://www.staradvertiser.com/
 	CDN buckets:
 
 		- sa-media.s3-website-us-east-1.amazonaws.com
@@ -13,19 +19,20 @@
 		- ^
 
 -->
-<ruleset name="Honolulu Star Advertiser">
+<ruleset name="Honolulu Star Advertiser" default_off="failed ruleset test">
 
 	<target host="staradvertiser.com" />
-	<target host="*.staradvertiser.com" />
+	<target host="www.staradvertiser.com" />
+	<target host="media.staradvertiser.com" />
+	<target host="sa-cmedia01.staradvertiser.com" />
 
 
-	<rule from="^https?://(?:www\.)?staradvertiser\.com/"
+	<rule from="^http://(?:www\.)?staradvertiser\.com/"
 		to="https://www.staradvertiser.com/" />
 
-	<rule from="^http://media\.staradvertiser\.com/"
-		to="https://media.staradvertiser.com/" />
 
-	<rule from="^https?://sa-cmedia01\.staradvertiser\.com/"
+	<rule from="^http://sa-cmedia01\.staradvertiser\.com/"
 		to="https://d392249hhaazk5.cloudfront.net/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Hooch.net.xml b/src/chrome/content/rules/Hooch.net.xml
new file mode 100644
index 000000000000..71c8b66b21c7
--- /dev/null
+++ b/src/chrome/content/rules/Hooch.net.xml
@@ -0,0 +1,15 @@
+<!--
+	Timed out:
+		- hooch.net, equivalent to www.hooch.net
+-->
+
+<ruleset name="Hooch.net">
+	<target host="hooch.net" />
+	<target host="www.hooch.net" />
+	<target host="images.hooch.net" />
+
+	<rule from="^http://hooch\.net/"
+		to="https://www.hooch.net/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Hoodline.com.xml b/src/chrome/content/rules/Hoodline.com.xml
new file mode 100644
index 000000000000..3e028f51f989
--- /dev/null
+++ b/src/chrome/content/rules/Hoodline.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Hoodline.com">
+  <target host="hoodline.com" />
+  <target host="www.hoodline.com" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/HookTube.com.xml b/src/chrome/content/rules/HookTube.com.xml
new file mode 100644
index 000000000000..c54bc4d4fbfd
--- /dev/null
+++ b/src/chrome/content/rules/HookTube.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="HookTube.com">
+	<target host="hooktube.com" />
+	<target host="www.hooktube.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/HootSuite-mismatches.xml b/src/chrome/content/rules/HootSuite-mismatches.xml
index 1987af4def8b..e6bcfdcbb0c4 100644
--- a/src/chrome/content/rules/HootSuite-mismatches.xml
+++ b/src/chrome/content/rules/HootSuite-mismatches.xml
@@ -2,21 +2,14 @@
 	For rules that are on by default, see HootSuite.xml.
 
 -->
-<ruleset name="HootSuite (mismatches)" default_off="mismatches">
+<ruleset name="HootSuite (mismatched)" default_off="mismatched">
 
-	<target host="feedback.hootsuite.com" />
-	<!-- 
-		Handled in HootSuite.xml.
-					-->
-		<exclusion pattern="^http://feedback.hootsuite\.com/(css/|images/|packages/|track\.gif)" />
-	<!--	Cert: *.unbounce.com	-->
+	<!--	Direct rewrites:
+				-->
 	<target host="signup.hootsuite.com" />
 
 
-	<!--	Cookies are handled in HootSuite.xml.	-->
-
-
-	<rule from="^http://(feedback|signup)\.hootsuite\.com/"
-		to="https://$1.hootsuite.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/HootSuite.xml b/src/chrome/content/rules/HootSuite.xml
index 6b90a6e36eb4..203614e3d240 100644
--- a/src/chrome/content/rules/HootSuite.xml
+++ b/src/chrome/content/rules/HootSuite.xml
@@ -2,39 +2,95 @@
 	For problematic rules, see HootSuite-mismatches.xml.
 
 
-	unbouncepages-com.s3.amazonaws.com/signup.hootsuite.com/
+	Other HootSuite rulesets:
+
+		- Ow.ly.xml
+
+
+	CDN buckets:
+
+		- unbouncepages-com.s3.amazonaws.com/signup.hootsuite.com/
+		- d1ue63gpusfv5w.cloudfront.net
+		- d2l6uygi1pgnys.cloudfront.net
+		- dpjw5kqcbwqqv.cloudfront.net
 
 
 	Nonfunctional subdomains:
 
-		- blog		(valid cert; 404)
-		- media		(valid cert; 404)
-		- translate	(valid cert; shows www's data)
+		- appdirectory *
+		- blog *
+		- media *
+
+	* Refused
+
+
+	Problematic subdomains:
+
+		- signup *
+
+	* Mismatched, CN: *.unbounce.com
+
+
+	Fully covered hosts in *hootsuite.com:
+
+		- (www.)?
+		- feedback
+		- help
+
+		- static	(→ d1ue63gpusfv5w.cloudfront.net)
+		- s0.static	(→ d2l6uygi1pgnys.cloudfront.net)
+		- s7.static	(→ d1ue63gpusfv5w.cloudfront.net)
+
+		- translate
+
+
+	These altnames don't exist:
+
+		- www.feedback.hootsuite.com
+
+
+	Insecure cookies are set for these hosts:
+
+		- feedback.hootsuite.com
+
+
+	Mixed content:
+
+		- css on feedback from fonts.googleapis.com
 
 -->
 <ruleset name="HootSuite">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="hootsuite.com" />
-	<target host="*.hootsuite.com" />
-	<target host="*.static.hootsuite.com" />
+	<target host="feedback.hootsuite.com" />
+	<target host="help.hootsuite.com" />
+	<target host="translate.hootsuite.com" />
+	<target host="www.hootsuite.com" />
 
+	<!--	Complications:
+				-->
+	<target host="static.hootsuite.com" />
+	<target host="s0.static.hootsuite.com" />
+	<target host="s7.static.hootsuite.com" />
 
-	<securecookie host="^(.*\.)?hootsuite\.com$" name=".*" />
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^hootsuite\.com$" name="^eZSESSID$" /-->
+	<!--securecookie host="^feedback\.hootsuite\.com$" name="^(_rf|_session_id)$" /-->
 
-	<rule from="^http://(www\.)?hootsuite\.com/"
-		to="https://$1hootsuite.com/" />
+	<securecookie host=".+" name=".+"/>
 
-	<rule from="^https?://feedback\.hootsuite\.com/(css/|images/|packages/|track\.gif)"
-		to="https://hootsuite.uservoice.com/$1" />
 
-	<rule from="^https?://help\.hootsuite\.com/(assets|external|generated|images|registration|system)/"
-		to="https://hootsuite.zendesk.com/$1/" />
+	<rule from="^http://(?:s7\.)?static\.hootsuite\.com/"
+		to="https://d1ue63gpusfv5w.cloudfront.net/" />
 
-	<rule from="^https?://s0\.static\.hootsuite\.com/"
+	<rule from="^http://s0\.static\.hootsuite\.com/"
 		to="https://d2l6uygi1pgnys.cloudfront.net/" />
 
-	<rule from="^https?://(?:s7\.)?static\.hootsuite\.com/"
-		to="https://d1ue63gpusfv5w.cloudfront.net/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Hoover_Institution.xml b/src/chrome/content/rules/Hoover_Institution.xml
index d5647a27fefc..f4dd22caaa44 100644
--- a/src/chrome/content/rules/Hoover_Institution.xml
+++ b/src/chrome/content/rules/Hoover_Institution.xml
@@ -8,13 +8,13 @@
 <ruleset name="Hoover Institution" default_off="mismatched">
 
 	<target host="hoover.org" />
-	<target host="*.hoover.org" />
+	<target host="www.hoover.org" />
+	<target host="media.hoover.org" />
 
 
 	<rule from="^http://(?:www\.)?hoover\.org/"
 		to="https://www.hoover.org/" />
 
-	<rule from="^http://media\.hoover\.org/"
-		to="https://media.hoover.org/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Hoovers.xml b/src/chrome/content/rules/Hoovers.xml
index 4e01d70f127f..acdc6d672c79 100644
--- a/src/chrome/content/rules/Hoovers.xml
+++ b/src/chrome/content/rules/Hoovers.xml
@@ -7,13 +7,13 @@
 -->
 <ruleset name="Hoover's (partial)" default_off="webmaster request">
 
-	<target host="*.hoovers.com" />
+	<target host="secure.hoovers.com" />
+	<target host="subscriber.hoovers.com" />
 
 
 	<securecookie host="^subscriber\.hoovers\.com$" name=".+" />
 
 
-	<rule from="^http://s(ecure|ubscriber)\.hoovers\.com/"
-		to="https://s$1.hoovers.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Hop-Studios.xml b/src/chrome/content/rules/Hop-Studios.xml
index 8d80b88bc97b..532208985102 100644
--- a/src/chrome/content/rules/Hop-Studios.xml
+++ b/src/chrome/content/rules/Hop-Studios.xml
@@ -4,9 +4,8 @@
 	<!--	* for cross-domain cookie	-->
 	<target host="www.hopstudios.com"/>
 
-	<securecookie host="^(.*\.)?hopstudios\.com$" name=".*"/>
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(www\.)?hopstudios\.com/"
-		to="https://$1hopstudios.com/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Hope.net.xml b/src/chrome/content/rules/Hope.net.xml
new file mode 100644
index 000000000000..09652f3464c1
--- /dev/null
+++ b/src/chrome/content/rules/Hope.net.xml
@@ -0,0 +1,35 @@
+<!--
+	Nonfunctional hosts in *hope.net:
+
+		- i ᵃ
+		- ii ᵃ
+		- iii ᵃ
+		- iv ᵃ
+		- ix ᵃ
+		- v ᵃ
+		- vi ᵃ
+		- vii ᵃ
+		- viii ᵃ
+		- radio *
+		- wiki **
+		- x ᵃ
+
+	ᵃ Shows another domain
+	* Shows test page
+	** "SSL Not Enabled"
+
+-->
+<ruleset name="hope.net (partial)">
+
+	<target host="hope.net" />
+	<target host="www.hope.net" />
+	<target host="xi.hope.net" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/HopeNotHate.org.uk.xml b/src/chrome/content/rules/HopeNotHate.org.uk.xml
new file mode 100644
index 000000000000..d26c29ce0f0f
--- /dev/null
+++ b/src/chrome/content/rules/HopeNotHate.org.uk.xml
@@ -0,0 +1,16 @@
+<!--
+	Invalid Certificate:
+		action.hopenothate.org.uk
+-->
+<ruleset name="HopeNotHate.org.uk">
+	<target host="hopenothate.org.uk" />
+	<target host="www.hopenothate.org.uk" />
+	<target host="charity.hopenothate.org.uk" />
+	<target host="donate.hopenothate.org.uk" />
+	<target host="mic.hopenothate.org.uk" />
+	<target host="shop.hopenothate.org.uk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Hopkins-Interactive.com.xml b/src/chrome/content/rules/Hopkins-Interactive.com.xml
new file mode 100644
index 000000000000..564b12ef4d64
--- /dev/null
+++ b/src/chrome/content/rules/Hopkins-Interactive.com.xml
@@ -0,0 +1,29 @@
+<!--
+	For other Johns Hopkins University coverage, see The_Johns_Hopkins_University.xml.
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- blog from hopkins-interactive.com ˢ
+			- blog from blogs.hopkins-interactive.com ˢ
+			- blog from www.hopkins-interactive.com ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="Hopkins-Interactive.com">
+
+	<target host="hopkins-interactive.com" />
+	<target host="blogs.hopkins-interactive.com" />
+	<target host="www.hopkins-interactive.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Horde.xml b/src/chrome/content/rules/Horde.xml
index 76127bd71520..d80cba3c4750 100644
--- a/src/chrome/content/rules/Horde.xml
+++ b/src/chrome/content/rules/Horde.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://horde-llc.com/ => https://horde-llc.com/: (51, "SSL: no alternative certificate subject name matches target host name 'horde-llc.com'")
+
 	Nonfunctional horde.org subdomains:
 
 		- (www.)	(cert: www.horde-llc.com; redirects to http://www)
@@ -9,17 +13,13 @@
 		- wiki		(cert: dev.horde.org; shows dev's data)
 
 -->
-<ruleset name="Horde (partial)">
+<ruleset name="Horde (partial)" default_off="failed ruleset test">
 
 	<target host="dev.horde.org" />
 	<target host="horde-llc.com" />
 	<target host="www.horde-llc.com" />
 
 
-	<rule from="^http://dev\.horde\.org/"
-		to="https://dev.horde.org/" />
-
-	<rule from="^http://(www\.)?horde-llc\.com/"
-		to="https://$1horde-llc.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Horizon.TV.xml b/src/chrome/content/rules/Horizon.TV.xml
deleted file mode 100644
index 88c6dbb8d34a..000000000000
--- a/src/chrome/content/rules/Horizon.TV.xml
+++ /dev/null
@@ -1,38 +0,0 @@
-<!--
-	CDN buckets: 
-
-		- www.orion.lgi.com.c.footprint.net
-
-			- static.horizon.tv
-
-		- upc.d2.sc.omtrdc.net
-
-
-	Problematic subdomains:
-
-		- ^	(mismatched, CN: www.chello.com)
-
-
-	Fully covered subdomains:
-
-		- (www.)	(^ → www)
-		- oesp
-		- static
-
--->
-<ruleset name="Horizon.TV">
-
-	<target host="horizon.tv" />
-	<target host="*.horizon.tv" />
-
-
-	<securecookie host="^\.horizon\.tv$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?horizon\.tv/"
-		to="https://www.horizon.tv/" />
-
-	<rule from="^http://(oesp|static)\.horizon\.tv/"
-		to="https://$1.horizon.tv/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Hornbach.xml b/src/chrome/content/rules/Hornbach.xml
new file mode 100644
index 000000000000..dff34999fa3d
--- /dev/null
+++ b/src/chrome/content/rules/Hornbach.xml
@@ -0,0 +1,35 @@
+<!--
+	Refused:
+		- (www.)hornbach.com
+		- (www.)hornbach.cz
+		- sortiment.hornbach.cz
+		- (www.)hornbach.lu
+		- (www.)hornbach.ro
+		- (www.)hornbach.se
+		- (www.)hornbach.sk
+		- sortiment.hornbach.sk
+
+	Mismatch:
+		- games.hornbach.com
+		- forum.hornbach.se
+		- www.intern.hornbach.de
+		- forum.hornbach.nl
+
+	Self-signed:
+		- pers.hornbach.nl
+-->
+<ruleset name="Hornbach">
+	<target host="hornbach.at"/>
+	<target host="www.hornbach.at"/>
+	<target host="forum.hornbach.at"/>
+	<target host="hornbach.ch"/>
+	<target host="www.hornbach.ch"/>
+	<target host="hornbach.de"/>
+	<target host="www.hornbach.de"/>
+	<target host="forum.hornbach.de"/>
+	<target host="hornbach.nl"/>
+	<target host="www.hornbach.nl"/>
+
+	<rule from="^http:"
+		to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/Hornstra_Farms.com.xml b/src/chrome/content/rules/Hornstra_Farms.com.xml
new file mode 100644
index 000000000000..8d4402772f94
--- /dev/null
+++ b/src/chrome/content/rules/Hornstra_Farms.com.xml
@@ -0,0 +1,43 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://hornstrafarms.com/ => https://hornstrafarms.com/: (51, "SSL: no alternative certificate subject name matches target host name 'hornstrafarms.com'")
+Fetch error: http://www.hornstrafarms.com/ => https://hornstrafarms.com/: (51, "SSL: no alternative certificate subject name matches target host name 'hornstrafarms.com'")
+
+-->
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://hornstrafarms.com/ => https://hornstrafarms.com/: (51, "SSL: no alternative certificate subject name matches target host name 'hornstrafarms.com'")
+Fetch error: http://www.hornstrafarms.com/ => https://hornstrafarms.com/: (51, "SSL: no alternative certificate subject name matches target host name 'hornstrafarms.com'")
+
+	Problematic hosts in *hornstrafarms.com:
+
+		- www *
+
+	* Mismatched
+
+
+	Fully covered hosts in *hornstrafarms.com:
+
+		- (www.)?	(www → ^)
+
+-->
+<ruleset name="Hornstra Farms.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="hornstrafarms.com" />
+
+	<!--	Complications:
+				-->
+	<target host="www.hornstrafarms.com" />
+
+
+	<rule from="^http://www\.hornstrafarms\.com/"
+		to="https://hornstrafarms.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Horyzon_Media.xml b/src/chrome/content/rules/Horyzon_Media.xml
index 5db3d72b500c..8b60dcdf09a8 100644
--- a/src/chrome/content/rules/Horyzon_Media.xml
+++ b/src/chrome/content/rules/Horyzon_Media.xml
@@ -3,16 +3,29 @@
 
 		- (www.)	(shows default plesk page; expired 2012-03-01, CN: plesk)
 
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .horyzon-media.com
+		- ads.horyzon-media.com
+
 -->
-<ruleset name="Horyzon Media (partial)">
+<ruleset name="Horyzon Media.com (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="ads.horyzon-media.com" />
 
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.horyzon-media\.com$" name="^(TestIfCookie|TestIfCookieP|pbw|pdomid|sasd|sasd2|vs)$" /-->
+	<!--securecookie host="^ads\.horyzon-media\.com$" name="^x-smrt-d$" /-->
+
 	<securecookie host="^ads\.horyzon-media\.com$" name=".+" />
 
 
-	<rule from="^http://ads\.horyzon-media\.com/"
-		to="https://ads.horyzon-media.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Hoseasons.co.uk.xml b/src/chrome/content/rules/Hoseasons.co.uk.xml
new file mode 100644
index 000000000000..e332d7cb57a0
--- /dev/null
+++ b/src/chrome/content/rules/Hoseasons.co.uk.xml
@@ -0,0 +1,58 @@
+<!--
+	For other Wyndham related rulesets, see WyndhamHotels.com.xml
+
+	Note: api.hoseasons.co.uk and productfeed.hoseasons.co.uk are misconfiged
+		to serve both valid and expired certificates, this resulted in
+		inconsistent Travis test output.
+
+	Non-functional hosts
+		Couldn't connect to server:
+		- mta1.mail.hoseasons.co.uk
+
+		Timeout was reached:
+		- hoseasons.co.uk
+		- barrheadtravel.hoseasons.co.uk
+		- lastminute.hoseasons.co.uk
+		- m.hoseasons.co.uk
+		- opodo.hoseasons.co.uk
+		- publications.hoseasons.co.uk
+		- www2.hoseasons.co.uk
+
+		SSL peer certificate was not OK:
+		- api.hoseasons.co.uk
+		- help.hoseasons.co.uk
+		- mail.hoseasons.co.uk
+		- productfeed.hoseasons.co.uk
+
+		Peer certificate cannot be authenticated with given CA certificates:
+		- email.hoseasons.co.uk
+		- local.hoseasons.co.uk
+		- owners.hoseasons.co.uk
+
+		5xx server error:
+		- ww2.hoseasons.co.uk
+
+		Mixed content blocking (MCB) triggered:
+		- ww3.hoseasons.co.uk
+-->
+<ruleset name="Hoseasons.co.uk">
+	<target host="hoseasons.co.uk" />
+	<target host="www.hoseasons.co.uk" />
+	<target host="autodiscover.hoseasons.co.uk" />
+	<target host="booking.hoseasons.co.uk" />
+	<target host="goschedulev2.hoseasons.co.uk" />
+	<target host="images.hoseasons.co.uk" />
+	<target host="partners.hoseasons.co.uk" />
+	<target host="procurement.hoseasons.co.uk" />
+	<target host="www.procurement.hoseasons.co.uk" />
+	<target host="purchasing.hoseasons.co.uk" />
+	<target host="www.purchasing.hoseasons.co.uk" />
+	<target host="secureowners.hoseasons.co.uk" />
+	<target host="travelagents.hoseasons.co.uk" />
+
+	<rule from="^http://hoseasons\.co\.uk/"
+		  	to="https://www.hoseasons.co.uk/" />
+
+	<rule from="^http:"
+		  	to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Hosokawa-Alpine.com.xml b/src/chrome/content/rules/Hosokawa-Alpine.com.xml
new file mode 100644
index 000000000000..a0dc06701a61
--- /dev/null
+++ b/src/chrome/content/rules/Hosokawa-Alpine.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- hosokawa-alpine.com
+		- www.hosokawa-alpine.com
+
+-->
+<ruleset name="Hosokawa-Alpine.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="hosokawa-alpine.com" />
+	<target host="www.hosokawa-alpine.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?hosokawa-alpine\.com$" name="^fe_typo_user$" /-->
+
+	<securecookie host="^(?:www\.)?hosokawa-alpine\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Hospitality_Leaders.xml b/src/chrome/content/rules/Hospitality_Leaders.xml
index 864afe11e0c5..f10821eeab64 100644
--- a/src/chrome/content/rules/Hospitality_Leaders.xml
+++ b/src/chrome/content/rules/Hospitality_Leaders.xml
@@ -1,13 +1,19 @@
-<ruleset name="Hospitality Leaders ">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ads.hospitalityleaders.com/ => https://ads.hospitalityleaders.com/: (6, 'Could not resolve host: ads.hospitalityleaders.com')
+
+-->
+<ruleset name="Hospitality Leaders " default_off="failed ruleset test">
 
 	<target host="hospitalityleaders.com" />
-	<target host="*.hospitalityleaders.com" />
+	<target host="ads.hospitalityleaders.com" />
+	<target host="www.hospitalityleaders.com" />
 
 
 	<securecookie host="^\.?hospitalityleaders\.com$" name=".+" />
 
 
-	<rule from="^http://(ads\.|www\.)?hospitalityleaders\.com/"
-		to="https://$1hospitalityleaders.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Host-Creo.xml b/src/chrome/content/rules/Host-Creo.xml
index 4807de7f4e6e..9b8b53d2efdc 100644
--- a/src/chrome/content/rules/Host-Creo.xml
+++ b/src/chrome/content/rules/Host-Creo.xml
@@ -1,4 +1,18 @@
-<ruleset name="Host Creo" platform="mixedcontent">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://hostcreo.com/ => https://creocommunico.com/: (51, "SSL: no alternative certificate subject name matches target host name 'creocommunico.com'")
+Fetch error: http://www.hostcreo.com/ => https://www.creocommunico.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.creocommunico.com'")
+Fetch error: http://creocommunico.com/ => https://creocommunico.com/: (51, "SSL: no alternative certificate subject name matches target host name 'creocommunico.com'")
+Fetch error: http://secure.creocommunico.com/ => https://secure.creocommunico.com/: (51, "SSL: no alternative certificate subject name matches target host name 'secure.creocommunico.com'")
+Fetch error: http://www.creocommunico.com/ => https://www.creocommunico.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.creocommunico.com'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.hostcreo.com/ => https://www.creocommunico.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.creocommunico.com'")
+Fetch error: http://secure.creocommunico.com/ => https://secure.creocommunico.com/: (35, 'error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol')
+Fetch error: http://www.creocommunico.com/ => https://www.creocommunico.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.creocommunico.com'")
+-->
+<ruleset name="Host Creo" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="hostcreo.com"/>
 	<target host="www.hostcreo.com"/>
@@ -6,7 +20,7 @@
 	<target host="secure.creocommunico.com"/>
 	<target host="www.creocommunico.com"/>
 
-	<rule from="^http://(hostcreo|creocommunico)\.com/"
+	<rule from="^http://(?:hostcreo|creocommunico)\.com/"
 		to="https://creocommunico.com/"/>
 
 	<rule from="^http://(secure|www)\.(hostcreo|creocommunico)\.com/"
diff --git a/src/chrome/content/rules/Host-Europe-Group.xml b/src/chrome/content/rules/Host-Europe-Group.xml
index d52649eb320f..a392785e3d61 100644
--- a/src/chrome/content/rules/Host-Europe-Group.xml
+++ b/src/chrome/content/rules/Host-Europe-Group.xml
@@ -1,10 +1,43 @@
-<ruleset name="Host Europe Group">
 
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://hosteuropegroup.com/ => https://hosteuropegroup.com/: (7, 'Failed to connect to hosteuropegroup.com port 443: Connection refused')
+Fetch error: http://www.hosteuropegroup.com/ => https://www.hosteuropegroup.com/: (7, 'Failed to connect to www.hosteuropegroup.com port 443: Connection refused')
+
+	Problematic hosts in *heg.com:
+
+		- dev *
+
+	* Mismatched
+	Mixed content:
+
+		- css from $self *
+
+		- Images, from:
+
+			- designova.net ²
+			- dev.heg.com *
+			- www.heg.com *
+
+	* Secured by us
+	² Not secured by us <= expired
+
+-->
+
+<ruleset name="Host Europe Group" platform="mixedcontent" default_off="failed ruleset test">
+	<target host="heg.org" />
+	<target host="www.heg.org" />
+	<target host="heg.com" />
+	<target host="dev.heg.com" />
+	<target host="www.heg.com" />
+	<target host="heg.co.uk" />
+	<target host="www.heg.co.uk" />
 	<target host="hosteuropegroup.com" />
 	<target host="www.hosteuropegroup.com" />
 
+	<rule from="^http://dev\.heg\.com/"
+		to="https://www.heg.com/" />
 
-	<rule from="^http://(www\.)?hosteuropegroup\.com/"
-		to="https://$1hosteuropegroup.com/" />
-
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Host-tracker.com.xml b/src/chrome/content/rules/Host-tracker.com.xml
index e62480509f61..702ea69f41a0 100644
--- a/src/chrome/content/rules/Host-tracker.com.xml
+++ b/src/chrome/content/rules/Host-tracker.com.xml
@@ -1,27 +1,38 @@
 <!--
-	Problematic subdomains:
+	Other Host-Tracker rulesets:
 
-		- ^	(works; expired 2013-06-26, self-signed, CN: ann.host-tracker.net)
+		- H-T.co.xml
 
 
-	Fully covered subdomains:
+	^host-tracker.com: Refused
 
-		- ext
-		- www
 
+	Insecure cookies are set for these hosts:
 
-	^ differs from www
+		- www.host-tracker.com
 
 -->
-<ruleset name="Host-Tracker.com (partial)">
+<ruleset name="Host-Tracker.com">
 
-	<target host="*.host-tracker.com" />
+	<!--	Direct rewrites:
+				-->
+	<target host="ext.host-tracker.com" />
+	<target host="www.host-tracker.com" />
 
+	<!--	Complications:
+				-->
+	<target host="host-tracker.com" />
+
+
+	<!--securecookie host="^www\.host-tracker\.com$" name="^\.ASPXA(?:NONYMOUS|UTH)$" /-->
 
 	<securecookie host="^www\.host-tracker\.com$" name=".+" />
 
 
-	<rule from="^http://(ext|www)\.host-tracker\.com/"
-		to="https://$1.host-tracker.com/" />
+	<rule from="^http://host-tracker\.com/"
+		to="https://www.host-tracker.com/" />
+
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Host.co.id.xml b/src/chrome/content/rules/Host.co.id.xml
index b56dee072133..751fabb958d3 100644
--- a/src/chrome/content/rules/Host.co.id.xml
+++ b/src/chrome/content/rules/Host.co.id.xml
@@ -1,15 +1,22 @@
-<ruleset name="Host.co.id">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://site.biz.id/ => https://site.biz.id/: (6, 'Could not resolve host: site.biz.id')
+Fetch error: http://www.site.biz.id/ => https://www.site.biz.id/: (6, 'Could not resolve host: www.site.biz.id')
+
+-->
+<ruleset name="Host.co.id" default_off="failed ruleset test">
 
 	<target host="host.co.id" />
-	<target host="*.host.co.id" />
+	<target host="www.host.co.id" />
 	<target host="site.biz.id" />
-	<target host="*.site.biz.id" />
+	<target host="www.site.biz.id" />
 
 
-	<securecookie host="^w*\.(?:site\.biz|host\.co)\.id$" name=".+" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^http://(www\.)?(site\.biz|host\.co)\.id/"
-		to="https://$1$2.id/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Host1Plus.xml b/src/chrome/content/rules/Host1Plus.xml
deleted file mode 100644
index 05176fbd8961..000000000000
--- a/src/chrome/content/rules/Host1Plus.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<ruleset name="Host1Plus" platform="mixedcontent">
-
-	<target host="host1plus.com"/>
-	<target host="*.host1plus.com"/>
-
-	<securecookie host="^(.*\.)?host1plus\.com$" name=".*"/>
-
-	<rule from="^http://(\w+\.)?host1plus\.com/"
-		to="https://$1host1plus.com/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Host2.bg.xml b/src/chrome/content/rules/Host2.bg.xml
new file mode 100644
index 000000000000..ed7b5c36bb98
--- /dev/null
+++ b/src/chrome/content/rules/Host2.bg.xml
@@ -0,0 +1,24 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://host2.bg/ => https://host2.bg/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.host2.bg/ => https://www.host2.bg/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="host2.bg" default_off="failed ruleset test">
+
+	<target host="host2.bg" />
+	<target host="www.host2.bg" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?host2\.bg$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/HostBaby.xml b/src/chrome/content/rules/HostBaby.xml
index 2d7972b5ddee..e397b23f5332 100644
--- a/src/chrome/content/rules/HostBaby.xml
+++ b/src/chrome/content/rules/HostBaby.xml
@@ -4,16 +4,16 @@
 		- blog		(prints "It works!", valid cert)
 
 -->
-<ruleset name="HostBaby (partial)">
+<ruleset name="HostBaby.com (partial)">
 
 	<target host="hostbaby.com" />
 	<target host="www.hostbaby.com" />
 
 
-	<securecookie host="^www\.hostbaby\.com$" name=".+" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^http://(www\.)?hostbaby\.com/"
-		to="https://$1hostbaby.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/HostBill.xml b/src/chrome/content/rules/HostBill.xml
index f596afcc2610..a9d0ecb4c872 100644
--- a/src/chrome/content/rules/HostBill.xml
+++ b/src/chrome/content/rules/HostBill.xml
@@ -1,5 +1,22 @@
+<!--
+	www.hostbillapp.com: Mismatched
+
+-->
 <ruleset name="HostBill (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="hostbillapp.com" />
-	<rule from="^http://hostbillapp\.com/" to="https://hostbillapp.com/" />
+
+	<!--	Complications:
+				-->
+	<target host="www.hostbillapp.com" />
+
+
+	<rule from="^http://www\.hostbillapp\.com/"
+		to="https://hostbillapp.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/HostCentric.xml b/src/chrome/content/rules/HostCentric.xml
index ac0261d34cbe..a6b6f44059c2 100644
--- a/src/chrome/content/rules/HostCentric.xml
+++ b/src/chrome/content/rules/HostCentric.xml
@@ -1,14 +1,23 @@
-<ruleset name="HostCentric" platform="mixedcontent">
+<ruleset name="HostCentric.com">
 
-	<target host="hostcentric.com"/>
-	<target host="*.hostcentric.com"/>
+	<!--	Direct rewrites:
+				-->
+	<target host="hostcentric.com" />
+	<target host="secure.hostcentric.com" />
+	<target host="www.hostcentric.com" />
 
-	<securecookie host="^(.*\.)hostcentric\.com$" name=".*"/>
+	<!--	Complications:
+				-->
+	<target host="images.hostcentric.com" />
+
+
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(secure\.|www\.)?hostcentric\.com/"
-		to="https://$1hostcentric.com/"/>
 
 	<rule from="^http://images\.hostcentric\.com/"
-		to="https://secure.hostcentric.com/images/"/>
+		to="https://secure.hostcentric.com/images/" />
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/HostDime.xml b/src/chrome/content/rules/HostDime.xml
index 50899aed9f05..9a5531bb3446 100644
--- a/src/chrome/content/rules/HostDime.xml
+++ b/src/chrome/content/rules/HostDime.xml
@@ -1,21 +1,85 @@
-<!--	!functional:
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://forum.hostdime.com/ => https://forum.hostdime.com/: (6, 'Could not resolve host: forum.hostdime.com')
+
 		- (www.)dizinc.com	(ssl_error_rx_record_too_long)
-		- status.hostdime.com	(ssl_error_rx_record_too_long)
+
+
+	Nonfunctional hosts in *hostdime.com:
+
+		- dns *
+
+	* Plaintext reply
+
+
+	Problematic hosts in *hostdime.com:
+
+		- jobs *
+		- status *
+
+	* Shows www.hostdime.com
+
+
+	These altnames don't exist:
+
+		- www.core.hostdime.com
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.hostdime.com
+
+
+	Mixed content:
+
+		- iframe on www from $self ¹ ²
+
+	¹ Secured by us
+	² 404 page only
+
 -->
-<ruleset name="HostDime (partial)">
+<ruleset name="HostDime.com (partial)" default_off="failed ruleset test">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="hostdime.com"/>
-	<target host="*.hostdime.com"/>
-	<target host="hostdimedomains.com"/>
-	<target host="www.hostdimedomains.com"/>
+	<target host="core.hostdime.com" />
+	<target host="forum.hostdime.com" />
+	<target host="www.hostdime.com" />
+
+	<!--	Complications:
+				-->
+	<target host="jobs.hostdime.com"/>
+	<target host="status.hostdime.com"/>
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.hostdime\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host=".+" name=".+"/>
+
+
+	<!--	Redirect drops path and forward
+		slash, but not args:
+					-->
+	<rule from="^http://jobs\.hostdime\.com/[^?]*"
+		to="https://www.hostdime.com/jobs/" />
+
+		<test url="http://jobs.hostdime.com//" />
+		<test url="http://jobs.hostdime.com/?foo" />
 
-	<securecookie host="^(.*\.)?hostdime\.com$" name=".*"/>
+	<!--	Redirect drops path and forward
+		slash, but not args:
+					-->
+	<rule from="^http://status\.hostdime\.com/[^?]*"
+		to="https://www.hostdime.com/facilities/server-status/" />
 
-	<rule from="^http://(core\.|forum\.|www\.)?hostdime\.com/"
-		to="https://$1hostdime.com/"/>
+		<test url="http://status.hostdime.com//" />
+		<test url="http://status.hostdime.com/?foo" />
 
-	<!--	cert !match !www	-->
-	<rule from="^http://(?:www\.)?hostdimedomains\.com/"
-		to="https://www.hostdimedomains.com/"/>
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/HostGator.com-falsemixed.xml b/src/chrome/content/rules/HostGator.com-falsemixed.xml
new file mode 100644
index 000000000000..0c4b599ff27d
--- /dev/null
+++ b/src/chrome/content/rules/HostGator.com-falsemixed.xml
@@ -0,0 +1,17 @@
+<!--
+	For rules not causing broken MCB, see HostGator.xml.
+
+-->
+<ruleset name="HostGator.com (false MCB)" platform="mixedcontent">
+
+	<target host="templates.hostgator.com" />
+	<target host="www.hostgator.com" />
+
+
+	<securecookie host="www\.hostgator\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/HostGator.xml b/src/chrome/content/rules/HostGator.xml
index 8daaa628efc0..15b9e5bd4901 100644
--- a/src/chrome/content/rules/HostGator.xml
+++ b/src/chrome/content/rules/HostGator.xml
@@ -1,37 +1,157 @@
 <!--
-	Nonfunctional subdomains:
+	For rules causing broken MCB, see HostGator.com-falsemixed.xml.
+
+
+	Nonfunctional hosts in *hostgator.com:
+
+		- forums ¹
+		- suspended ²
+
+	¹ Shows blog
+	² Refused
+
+
+	Problematic hosts in *hostgator.com:
+
+		- demo ¹
+		- templates ²
+		- webmail ¹ ³
+		- www ²
+
+	¹ Self-signed
+	² Mixed css
+	³ Mismatched
+
+
+	Partially covered hosts in *hostgator.com:
 
-		- blog *
-		- forums *
 		- templates *
-		- webmail *
+		- www *
 
-	* rx_record_too_long)
+	* Avoiding broken MCB
 
 
-	Fully covered subdomains:
+	Fully covered hosts in *hostgator.com:
 
-		- (www.)
+		- ^
+		- blog
 		- chat
+		- chat1
 		- gbclient
+		- ga
 		- mail...(:8443)?
+		- portal
 		- secure
 		- support
 		- tickets
 		- tracking
+		- www1
+
+
+	Insecure cookies are set for these hosts:
+
+		- chat1.hostgator.com
+		- ga.hostgator.com
+		- portal.hostgator.com
+		- tickets.hostgator.com
+		- www.hostgator.com
+
+
+	Mixed content:
+
+		- iframe on www from www.youtube.com *
+
+		- css, on:
+
+			- templates from $self *
+			- www from $self *
+
+		- Images, on:
+
+			- templates from $self *
+			- www from $self *
+			- www from blog.hostgator.com *
+
+		- favicon on templates, www from www.hostgator.com *
+
+		- Ads/bugs, on:
+
+			- support from www.googleadservices.com *
+			- templates from media.fastclick.net *
+			- www from www.facebook.com *
+
+	* Secured by us
 
 -->
-<ruleset name="HostGator (partial)">
+<ruleset name="HostGator.com (partial)">
 
 	<target host="hostgator.com" />
 	<target host="*.hostgator.com" />
-		<exclusion pattern="^http://(?:blog|forums|templates)\." />
 
+		<exclusion pattern="^http://(?:demo|forums|suspended)\.hostgator\.com/" />
+
+			<!--	+ve:
+					-->
+			<test url="http://demo.hostgator.com/" />
+			<test url="http://forums.hostgator.com/" />
+			<test url="http://suspended.hostgator.com/" />
+
+		<!--	Avoid broken MCB:
+					-->
+		<exclusion pattern="^http://templates\.hostgator\.com/+(?!favicon\.ico|images/|thumbnails/|style\.css|styles-gator\.css)" />
+		<exclusion pattern="^http://www\.hostgator\.com/+blog(?!/~/tmp/|/wp-content/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://templates.hostgator.com/Cell_Phone_Equipment/" />
+			<test url="http://templates.hostgator.com/Communication_Technologies/" />
+			<test url="http://templates.hostgator.com/Hosting" />
+			<test url="http://templates.hostgator.com/Insurance_Brokers/" />
+			<test url="http://templates.hostgator.com/Printers/" />
+			<test url="http://templates.hostgator.com/Promotional_Products/" />
+			<test url="http://www.hostgator.com/blog" />
+			<test url="http://www.hostgator.com/blog/" />
+			<test url="http://www.hostgator.com//blog" />
+			<test url="http://www.hostgator.com//blog/" />
+
+			<!--	-ve:
+					-->
+			<test url="http://templates.hostgator.com/" />
+			<test url="http://templates.hostgator.com/favicon.ico" />
+			<test url="http://templates.hostgator.com/images/pimp.jpg" />
+			<test url="http://templates.hostgator.com/style.css" />
+			<test url="http://templates.hostgator.com/styles-gator.css" />
+			<test url="http://templates.hostgator.com/thumbnails/pr_131.jpg" />
+			<test url="http://www.hostgator.com/blog/~/tmp/wp-uploads/2015/02/button.png" />
+			<test url="http://www.hostgator.com/blog/wp-content/themes/hgblog/images/dragonfly.png" />
+
+		<test url="http://blog.hostgator.com/" />
+		<test url="http://chat.hostgator.com/" />
+		<test url="http://chat1.hostgator.com/" />
+		<test url="http://ga.hostgator.com/" />
+		<test url="http://gbclient.hostgator.com/" />
+		<test url="http://portal.hostgator.com/" />
+		<test url="http://register.hostgator.com/" />
+		<test url="http://secure.hostgator.com/" />
+		<test url="http://support.hostgator.com/" />
+		<test url="http://tickets.hostgator.com/" />
+		<test url="http://tracking.hostgator.com/" />
+		<test url="http://www.hostgator.com/" />
+		<test url="http://www1.hostgator.com/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="chat1\.hostgator\.com$" name="^PHPSESSID$" /-->
+	<!--securecookie host="ga\.hostgator\.com$" name="^dancer\.session$" /-->
+	<!--securecookie host="portal\.hostgator\.com$" name="^gbclient_session$" /-->
+	<!--securecookie host="tickets\.hostgator\.com$" name="^tik_login$" /-->
+	<!--securecookie host="www\.hostgator\.com$" name="^SESSION_ID$" /-->
 
-	<securecookie host="^.+\.hostgator\.com$" name=".+" />
+	<securecookie host=".+\.hostgator\.com$" name=".+" />
 
 
 	<rule from="^http://(\w+\.)?hostgator\.com(:8443)?/"
 		to="https://$1hostgator.com$2/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/HostHorde.com.xml b/src/chrome/content/rules/HostHorde.com.xml
new file mode 100644
index 000000000000..8864d5725399
--- /dev/null
+++ b/src/chrome/content/rules/HostHorde.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="HostHorde.com">
+
+	<target host="hosthorde.com" />
+	<target host="www.hosthorde.com" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/HostSearch.xml b/src/chrome/content/rules/HostSearch.xml
index 3518f6ce98b0..3b6f7cb9623e 100644
--- a/src/chrome/content/rules/HostSearch.xml
+++ b/src/chrome/content/rules/HostSearch.xml
@@ -1,9 +1,14 @@
-<ruleset name="HostSearch (partial)">
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://secure.hostsearch.com/ (200) => https://secure.hostsearch.com/ (403)
+
+-->
+<ruleset name="HostSearch (partial)" default_off="failed ruleset test">
 
 	<target host="secure.hostsearch.com" />
 
 
-	<rule from="^http://secure\.hostsearch\.com/"
-		to="https://secure.hostsearch.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Host_Analytics.xml b/src/chrome/content/rules/Host_Analytics.xml
index 5e0e8ddabe2a..fecb80eb6427 100644
--- a/src/chrome/content/rules/Host_Analytics.xml
+++ b/src/chrome/content/rules/Host_Analytics.xml
@@ -1,20 +1,30 @@
+
 <!--
-	Partially covered subdomains:
+Disabled by https-everywhere-checker because:
+Fetch error: http://cpm.hostanalytics.com/ => https://cpm.hostanalytics.com/: (6, 'Could not resolve host: cpm.hostanalytics.com')
+Fetch error: http://hive.hostanalytics.com/ => https://hive.hostanalytics.com/: (51, "SSL: no alternative certificate subject name matches target host name 'hive.hostanalytics.com'")
+
+	Problematic hosts in *hostanalytics.com:
+
+		- (www.)? ᵉ
+		- blog ᴬ
 
-		- (www.)	(some pages redirect to http)
+	ᴬ Akamai/mismatched
+	ᵉ Expired
 
 -->
-<ruleset name="Host Analytics (partial)">
+<ruleset name="Host Analytics.com (partial)" default_off="failed ruleset test">
 
-	<target host="hostanalytics.com" />
-	<target host="*.hostanalytics.com" />
-		<exclusion pattern="^http://(?:www\.)?hostanalytics\.com/(?!modules/|sites/)" />
+	<!--target host="hostanalytics.com" /-->
+	<target host="cpm.hostanalytics.com" />
+	<target host="hive.hostanalytics.com" />
+	<!--target host="www.hostanalytics.com" /-->
 
 
-	<securecookie host="^(?:cpm|hive)\.hostanalytics\.com$" name=".+" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^http://(cpm\.|hive\.|www\.)?hostanalytics\.com/"
-		to="https://$1hostanalytics.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Host_Europe.de.xml b/src/chrome/content/rules/Host_Europe.de.xml
new file mode 100644
index 000000000000..f92bb3693801
--- /dev/null
+++ b/src/chrome/content/rules/Host_Europe.de.xml
@@ -0,0 +1,32 @@
+<!--
+	These altnames don't exist:
+
+		- www.webmail.hosteurope.de
+
+-->
+<ruleset name="Host Europe.de">
+
+	<target host="hosteurope.de" />
+	<target host="faq.hosteurope.de" />
+	<target host="kis.hosteurope.de" />
+	<target host="www.kis.hosteurope.de" />
+	<target host="static.hosteurope.de" />
+	<target host="webmail.hosteurope.de" />
+	<target host="webmailer.hosteurope.de" />
+	<target host="www.webmailer.hosteurope.de" />
+	<target host="www.hosteurope.de" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.hosteurope\.de$" name="^(cookies_allowed|lang)$" /-->
+	<!--securecookie host="^(www\.)?webmailer\.hosteurope\.de$" name="^cookietest$" /-->
+
+	<securecookie host="^\." name="^_gat?$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Host_One.xml b/src/chrome/content/rules/Host_One.xml
index 6b1909ee5953..64003893be84 100644
--- a/src/chrome/content/rules/Host_One.xml
+++ b/src/chrome/content/rules/Host_One.xml
@@ -1,10 +1,16 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://sugarcrm.hostone.com.au/ => https://sugarcrm.hostone.com.au/: (6, 'Could not resolve host: sugarcrm.hostone.com.au')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://sugarcrm.hostone.com.au/ => https://sugarcrm.hostone.com.au/: (51, "SSL: no alternative certificate subject name matches target host name 'sugarcrm.hostone.com.au'")
 	Nonfunctional subdomains:
 
 		- (www.)	(shows sugarcrm; mismatched, CN: sugarcrm.hostone.com.au)
 
 -->
-<ruleset name="Host One (partial)">
+<ruleset name="Host One (partial)" default_off="failed ruleset test">
 
 	<target host="sugarcrm.hostone.com.au" />
 
@@ -12,7 +18,6 @@
 	<securecookie host="^sugarcrm\.hostone\.com\.au$" name=".+" />
 
 
-	<rule from="^http://sugarcrm\.hostone\.com\.au/"
-		to="https://sugarcrm.hostone.com.au/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Host_Virtual.com.xml b/src/chrome/content/rules/Host_Virtual.com.xml
new file mode 100644
index 000000000000..16b9f6cb1b64
--- /dev/null
+++ b/src/chrome/content/rules/Host_Virtual.com.xml
@@ -0,0 +1,23 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- www.hostvirtual.com
+
+-->
+<ruleset name="Host Virtual.com">
+
+	<target host="hostvirtual.com" />
+	<target host="www.hostvirtual.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.hostvirtual\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Host_Voice.com.xml b/src/chrome/content/rules/Host_Voice.com.xml
new file mode 100644
index 000000000000..8da512988284
--- /dev/null
+++ b/src/chrome/content/rules/Host_Voice.com.xml
@@ -0,0 +1,19 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://hostvoice.com/ => https://hostvoice.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.hostvoice.com/ => https://www.hostvoice.com/: (60, 'SSL certificate problem: certificate has expired')
+
+	For other iNET Interactive coverage, see INet-Interactive.xml.
+
+-->
+<ruleset name="Host Voice.com" default_off="failed ruleset test">
+
+	<target host="hostvoice.com" />
+	<target host="www.hostvoice.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Hostasaurus.xml b/src/chrome/content/rules/Hostasaurus.xml
index dbe918ab894e..9eb675949b01 100644
--- a/src/chrome/content/rules/Hostasaurus.xml
+++ b/src/chrome/content/rules/Hostasaurus.xml
@@ -1,10 +1,11 @@
-<ruleset name="Hostasaurus">
+<ruleset name="Hostasaurus.com">
 
 	<target host="hostasaurus.com" />
-	<target host="*.hostasaurus.com" />
+	<target host="secure.hostasaurus.com" />
+	<target host="www.hostasaurus.com" />
 
 
-	<rule from="^http://(secure\.|www\.)?hostasaurus\.com/"
-		to="https://$1hostasaurus.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Hosterbox.com.xml b/src/chrome/content/rules/Hosterbox.com.xml
new file mode 100644
index 000000000000..dd23f95fc41d
--- /dev/null
+++ b/src/chrome/content/rules/Hosterbox.com.xml
@@ -0,0 +1,17 @@
+<ruleset name="Hosterbox.com">
+
+	<target host="hosterbox.com" />
+	<target host="www.hosterbox.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?hosterbox\.com$" name="^(PHPSESSID|livezilla)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Hostica.xml b/src/chrome/content/rules/Hostica.xml
index 3828398dd8c2..0969df8bfb73 100644
--- a/src/chrome/content/rules/Hostica.xml
+++ b/src/chrome/content/rules/Hostica.xml
@@ -1,9 +1,23 @@
-<ruleset name="Hostica.com" platform="mixedcontent">
+<!--
+	Insecure cookies are set for these hosts:
+
+		- www.hostica.com
+
+-->
+<ruleset name="Hostica.com">
 
 	<target host="hostica.com" />
 	<target host="www.hostica.com" />
 
-	<rule from="^http://(www\.)?hostica\.com/"
-		to="https://www.hostica.com/" />
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.hostica\.com$" name="^([\da-f]{32}|AWSELB)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Hostican.xml b/src/chrome/content/rules/Hostican.xml
index 3d4bc3a938fe..172b3c3c38ff 100644
--- a/src/chrome/content/rules/Hostican.xml
+++ b/src/chrome/content/rules/Hostican.xml
@@ -1,8 +1,9 @@
-<ruleset name="Hostican Web Hosting">
+<ruleset name="Hostican Web Hosting" default_off="refused">
   <target host="www.hostican.com" />
   <target host="chat.hostican.com" />
   <target host="forum.hostican.com" />
 
-  <rule from="^http://(www|chat|forum)\.hostican\.com/" to="https://$1.hostican.com/"/>
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
 
diff --git a/src/chrome/content/rules/Hosting-Reviews.xml b/src/chrome/content/rules/Hosting-Reviews.xml
index d3dc1cf6d643..60e7ff292edb 100644
--- a/src/chrome/content/rules/Hosting-Reviews.xml
+++ b/src/chrome/content/rules/Hosting-Reviews.xml
@@ -1,4 +1,4 @@
-<ruleset name="Hosting Reviews (partial)" default_off="mismatch">
+<ruleset name="Hosting Reviews (partial)" default_off="mismatched">
 
 	<!--	Cert: *.gridserver.com	-->
 	<target host="hostingreviews.com" />
@@ -7,7 +7,7 @@
 
 	<!--	At least some pages redirect recursively.
 								-->
-	<rule from="^https?://(?:www\.)?hostingreviews\.com/wp-content/"
+	<rule from="^http://(?:www\.)?hostingreviews\.com/wp-content/"
 		to="https://hostingreviews.com/wp-content/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Hosting2GO.nl.xml b/src/chrome/content/rules/Hosting2GO.nl.xml
new file mode 100644
index 000000000000..8d72b1fb1d47
--- /dev/null
+++ b/src/chrome/content/rules/Hosting2GO.nl.xml
@@ -0,0 +1,20 @@
+<!--
+	STS header includes includeSubdomains
+
+-->
+<ruleset name="Hosting2GO.nl">
+
+	<target host="hosting2go.nl" />
+	<target host="*.hosting2go.nl" />
+
+		<test url="http://klant.hosting2go.nl/" />
+		<test url="http://www.hosting2go.nl/" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Hosting90.cz.xml b/src/chrome/content/rules/Hosting90.cz.xml
index a843bfb6e530..8cd838766565 100644
--- a/src/chrome/content/rules/Hosting90.cz.xml
+++ b/src/chrome/content/rules/Hosting90.cz.xml
@@ -1,20 +1,14 @@
-<!--
-	Fully covered subdomains:
-
-		- (www.)
-		- administrace	(web bugs)
-
--->
 <ruleset name="Hosting90.cz">
 
 	<target host="hosting90.cz" />
-	<target host="*.hosting90.cz" />
+	<target host="administrace.hosting90.cz" />
+	<target host="www.hosting90.cz" />
 
 
-	<securecookie host="^w*\.hosting90\.cz$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(administrace\.|www\.)?hosting90\.cz/"
-		to="https://$1hosting90.cz/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Hosting9000.com.xml b/src/chrome/content/rules/Hosting9000.com.xml
new file mode 100644
index 000000000000..8d89135c1d84
--- /dev/null
+++ b/src/chrome/content/rules/Hosting9000.com.xml
@@ -0,0 +1,16 @@
+<ruleset name="Hosting9000.com">
+
+	<target host="hosting9000.com" />
+	<target host="www.hosting9000.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?hosting9000\.com$" name="^WHMCS\w+$" /-->
+
+	<securecookie host="^(?:www\.)?hosting9000\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/HostingCon.xml b/src/chrome/content/rules/HostingCon.xml
index 070da072073f..767aea22823d 100644
--- a/src/chrome/content/rules/HostingCon.xml
+++ b/src/chrome/content/rules/HostingCon.xml
@@ -1,13 +1,29 @@
-<ruleset name="HostingCon">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://europe.hostingcon.com/ => https://europe.hostingcon.com/: (51, "SSL: no alternative certificate subject name matches target host name 'europe.hostingcon.com'")
+
+	For other iNET Interactive coverage, see INet-Interactive.xml.
+
+
+	Mixed content:
+
+		- css on europe and www from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="HostingCon.com" default_off="failed ruleset test">
 
 	<target host="hostingcon.com" />
-	<target host="*.hostingcon.com" />
+	<target host="europe.hostingcon.com" />
+	<target host="www.hostingcon.com" />
 
 
-	<securecookie host="^(?:.*\.)?hostingcon\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(www\.)?hostingcon\.com/"
-		to="https://$1hostingcon.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/HostingLabs.pe.xml b/src/chrome/content/rules/HostingLabs.pe.xml
new file mode 100644
index 000000000000..702dea5eee86
--- /dev/null
+++ b/src/chrome/content/rules/HostingLabs.pe.xml
@@ -0,0 +1,21 @@
+<!--
+	Nonfunctional hosts in *hostinglabs.pe:
+
+		- blog ᵀ
+
+	ᵀ Tumblr/refused
+
+-->
+<ruleset name="HostingLabs.pe (partial)">
+
+	<target host="hostinglabs.pe" />
+	<target host="www.hostinglabs.pe" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/HostingXtreme.com.xml b/src/chrome/content/rules/HostingXtreme.com.xml
index 5064fe4986d8..e1af919f1a5d 100644
--- a/src/chrome/content/rules/HostingXtreme.com.xml
+++ b/src/chrome/content/rules/HostingXtreme.com.xml
@@ -1,19 +1,24 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://hostingxtreme.com/ => https://hostingxtreme.com/: (28, 'Operation timed out after 30002 milliseconds with 0 bytes received')
+Fetch error: http://www.hostingxtreme.com/ => https://www.hostingxtreme.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+
 	Nonfunctional subdomains:
 
 		- news	(http reply)
 
 -->
-<ruleset name="HostingXtreme.com (partial)">
+<ruleset name="HostingXtreme.com (partial)" default_off="failed ruleset test">
 
 	<target host="hostingxtreme.com" />
 	<target host="www.hostingxtreme.com" />
 
 
-	<securecookie host="^hostingxtreme\.com$" name=".+" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^http://(www\.)?hostingxtreme\.com/"
-		to="https://$1hostingxtreme.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Hostingas.lt.xml b/src/chrome/content/rules/Hostingas.lt.xml
index 3398afca8bea..7e9752ce0f98 100644
--- a/src/chrome/content/rules/Hostingas.lt.xml
+++ b/src/chrome/content/rules/Hostingas.lt.xml
@@ -4,7 +4,7 @@
 	<target host="www.hostingas.lt" />
 
 
-	<rule from="^http://(www\.)?hostingas\.lt/"
-		to="https://$1hostingas.lt/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Hostit.xml b/src/chrome/content/rules/Hostit.xml
index f9e6fbffac2f..dacc8495231c 100644
--- a/src/chrome/content/rules/Hostit.xml
+++ b/src/chrome/content/rules/Hostit.xml
@@ -1,5 +1,34 @@
+<!--
+	www.hostit.hu: Mismatched
+
+
+	Insecure cookies are set for these domains:
+
+		- .hostit.hu
+
+-->
 <ruleset name="23Vnet">
+
+	<!--	Direct rewrites:
+				-->
 	<target host="hostit.hu" />
 
-	<rule from="^http://hostit\.hu/" to="https://hostit.hu/" />
+	<!--	Complications:
+				-->
+	<target host="www.hostit.hu" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.hostit\.hu$" name="^(?:PHPSESSID|uip)$" /-->
+
+	<securecookie host="^\.hostit\.hu$" name=".+" />
+
+
+	<rule from="^http://www\.hostit\.hu/"
+		to="https://hostit.hu/" />
+
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/Hostmonster.xml b/src/chrome/content/rules/Hostmonster.xml
index 52d0739c6788..3454294e3627 100644
--- a/src/chrome/content/rules/Hostmonster.xml
+++ b/src/chrome/content/rules/Hostmonster.xml
@@ -1,4 +1,6 @@
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://hostmonster.com/ => https://hostmonster.com/: Cycle detected - URL already encountered: http://hostmonster.com/
 	Fully covered domains:
 
 	- cf.hostmonster-cdn.com
diff --git a/src/chrome/content/rules/Hostname.sk.xml b/src/chrome/content/rules/Hostname.sk.xml
index 802f8e9de808..0de242207915 100644
--- a/src/chrome/content/rules/Hostname.sk.xml
+++ b/src/chrome/content/rules/Hostname.sk.xml
@@ -23,14 +23,15 @@
 -->
 <ruleset name="hostname.sk (partial)">
 
-	<target host="*.hostname.sk" />
+	<target host="blog.hostname.sk" />
+	<target host="sendxmpp.hostname.sk" />
+	<target host="whatsmyip.hostname.sk" />
 		<!--exclusion pattern="^http://www\." /-->
 
 
 	<securecookie host="^blog\.hostname\.sk$" name=".+" />
 
 
-	<rule from="^http://(blog|sendxmpp|whatsmyip)\.hostname\.sk/"
-		to="https://$1.hostname.sk/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Hostoople.com-falsemixed.xml b/src/chrome/content/rules/Hostoople.com-falsemixed.xml
new file mode 100644
index 000000000000..f52777387983
--- /dev/null
+++ b/src/chrome/content/rules/Hostoople.com-falsemixed.xml
@@ -0,0 +1,15 @@
+<!--
+	For rules not causing false/broken MCB, see Hostoople.com.xml.
+
+-->
+<ruleset name="Hostoople.com (false MCB)" platform="mixedcontent">
+
+	<target host="hostoople.com" />
+	<target host="www.hostoople.com" />
+	<target host="hostooplecms.hostooplecom.netdna-cdn.com" />
+
+
+	<rule from="^http://(?:(?:www\.)?hostoople|hostooplecms\.hostooplecom\.netdna-cdn)\.com/"
+		to="https://www.hostoople.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Hostoople.com.xml b/src/chrome/content/rules/Hostoople.com.xml
new file mode 100644
index 000000000000..03ece6451c9d
--- /dev/null
+++ b/src/chrome/content/rules/Hostoople.com.xml
@@ -0,0 +1,55 @@
+<!--
+	For rules causing false/broken MCB, see Hostoople.com-falsemixed.xml.
+
+
+	CDN buckets:
+
+		- hostooplecms.hostooplecom.netdna-cdn.com
+
+			- -ssl doesn't exist
+
+
+	Problematic subdomains:
+
+		- ^ ¹
+		- www ²
+
+	¹ Shows affiliate
+	² Mixed css
+
+
+	Fully covered subdomains:
+
+		- affiliate
+		- customer
+
+
+	Mixed content:
+
+		- css, on:
+
+			- www from fonts.googleapis.com *
+			- www from hostooplecms.hostooplecom.netdna-cdn.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Hostoople.com (partial)">
+
+	<target host="hostoople.com" />
+	<target host="www.hostoople.com" />
+	<target host="affiliate.hostoople.com" />
+	<target host="customer.hostoople.com" />
+		<!--
+			Avoid broken MCB:
+						-->
+		<exclusion pattern="^http://(?:(?:www\.)?hostoople|hostooplecms\.hostooplecom\.netdna-cdn)\.com/+(?!favicon\.ico|images/|wp-content/|wp-includes/)" />
+	<target host="hostooplecms.hostooplecom.netdna-cdn.com" />
+
+
+	<rule from="^http://(?:(?:www\.)?hostoople|hostooplecms\.hostooplecom\.netdna-cdn)\.com/"
+		to="https://www.hostoople.com/" />
+
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Hostpoint.xml b/src/chrome/content/rules/Hostpoint.xml
deleted file mode 100644
index 820100c1e94a..000000000000
--- a/src/chrome/content/rules/Hostpoint.xml
+++ /dev/null
@@ -1,57 +0,0 @@
-<!--
-	Other Hostpoint rulesets:
-
-		- Hostpointpartner.ch.xml
-
-
-	Problematic subdomains:
-
-		- ^ *
-		- (www.)14daytrial *
-		- www.admin ²
-		- www.blog		(cert only matches ^blog)
-		- www.support		(cert only matches *.hostpoint.ch)
-
-	* Cert only matches www
-	² Cert only matches ^foo
-
-
-	Fully covered subdomains:
-
-		- (www.)		(^ → www)
-		- (www.)14daytrial	(→ www)
-		- (www.)admin		(www → ^)
-		- (www.)blog		(www → ^)
-		- (www.)support		(www → ^)
-
--->
-<ruleset name="Hostpoint">
-
-	<target host="hostpoint.ch" />
-	<target host="*.hostpoint.ch" />
-
-
-	<securecookie host="^(?:admin|support|www)\.hostpoint\.ch$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?hostpoint\.ch/"
-		to="https://www.hostpoint.ch/" />
-
-	<rule from="^http://(?:www\.)?14daytrial\.hostpoint\.ch/[^\?]*(\?.*)?"
-		to="https://www.hostpoint.ch/ms/promo/hostingtrial/index.php$1" />
-
-	<!--	Server drops path:
-					-->
-	<rule from="^http://(?:www\.)?admin\.hostpoint\.ch/"
-		to="https://admin.hostpoint.ch/" />
-
-	<rule from="^http://(?:www\.)?blog\.hostpoint\.ch/"
-		to="https://blog.hostpoint.ch/" />
-
-	<rule from="^http://support\.hostpoint\.ch/"
-		to="https://support.hostpoint.ch/" />
-
-	<rule from="^http://www\.support\.hostpoint\.ch/[^\?]*(\?.*)?"
-		to="https://support.hostpoint.ch/$1" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Hostpointpartner.ch.xml b/src/chrome/content/rules/Hostpointpartner.ch.xml
index ec18d9f58808..1e50233a810b 100644
--- a/src/chrome/content/rules/Hostpointpartner.ch.xml
+++ b/src/chrome/content/rules/Hostpointpartner.ch.xml
@@ -8,7 +8,6 @@
 	<target host="www.hostpointpartner.ch" />
 
 
-	<rule from="^http://(www\.)?hostpointpartner\.ch/"
-		to="https://$1hostpointpartner.ch/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Hostr.co.xml b/src/chrome/content/rules/Hostr.co.xml
new file mode 100644
index 000000000000..5e926f43d011
--- /dev/null
+++ b/src/chrome/content/rules/Hostr.co.xml
@@ -0,0 +1,15 @@
+<!--
+	CDN buckets:
+
+		- d35krt3l1iypeo.cloudfront.net
+
+-->
+<ruleset name="Hostr.co">
+
+	<target host="hostr.co" />
+	<target host="www.hostr.co" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Hosts.co.uk-problematic.xml b/src/chrome/content/rules/Hosts.co.uk-problematic.xml
new file mode 100644
index 000000000000..27812ab014ef
--- /dev/null
+++ b/src/chrome/content/rules/Hosts.co.uk-problematic.xml
@@ -0,0 +1,14 @@
+<!--
+	For rules that are on by default, see Hosts.xml.
+
+-->
+<ruleset name="Hosts.co.uk (mismatched)" default_off="mismatched">
+
+	<target host="hosts.co.uk" />
+	<target host="www.hosts.co.uk" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Hosts.xml b/src/chrome/content/rules/Hosts.xml
index d7a1f0ac2dd7..56dd4cea8989 100644
--- a/src/chrome/content/rules/Hosts.xml
+++ b/src/chrome/content/rules/Hosts.xml
@@ -1,9 +1,56 @@
-<ruleset name="Hosts">
-  <target host="www.hosts.co.uk" />
-  <target host="admin.hosts.co.uk" />
-  <target host="webmail.hosts.co.uk" />
-  <target host="hosts.co.uk" />
-
-  <rule from="^http://(?:www\.)?hosts\.co\.uk/" to="https://www.hosts.co.uk/"/>
-  <rule from="^http://(admin|webmail)\.hosts\.co\.uk/" to="https://$1.hosts.co.uk/"/>
+<!--
+	For problematic rules, see Hosts.co.uk-problematic.xml.
+
+	For other Namesco coverage, see Names.xml.
+
+
+	Problematic hosts in *hosts.co.uk:
+
+		- (www.)? *
+		- webmail4 *
+
+	* Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- admin.hosts.co.uk
+		- webmail.hosts.co.uk
+
+
+	Mixed content:
+
+		- css on www from $self *
+		- Images on www from $self *
+
+	* Rule disabled by default <= mismatched
+
+-->
+<ruleset name="Hosts.co.uk (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<!--target host="hosts.co.uk" /-->
+	<target host="admin.hosts.co.uk" />
+	<target host="webmail.hosts.co.uk" />
+	<!--target host="www.hosts.co.uk" /-->
+
+	<!--	Complications:
+				-->
+	<target host="webmail4.hosts.co.uk" />
+
+
+	<!--	Not securedby server:
+					-->
+	<!--securecookie host="^(?:admin|webmail)\.hosts\.co\.uk$" name="^X-Mapping-\w+$" /-->
+
+	<securecookie host="^(?:admin|webmail)\.hosts\.co\.uk$" name=".+" />
+
+
+	<rule from="^http://webmail4\.hosts\.co\.uk/"
+		to="https://webmail4.names.co.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/Hot-Chilli.net.xml b/src/chrome/content/rules/Hot-Chilli.net.xml
new file mode 100644
index 000000000000..6831db2288c1
--- /dev/null
+++ b/src/chrome/content/rules/Hot-Chilli.net.xml
@@ -0,0 +1,40 @@
+<!--
+	Nonfunctional hosts:
+
+		- wiki ¹
+		- www ²
+
+	¹ Redirects to www
+	² Some paths redirect to http, others 404
+
+
+	Fully covered hosts:
+
+		- ^
+		- jabber
+
+
+	Insecure cookies are set for these hosts:
+
+		- jabber.hot-chilli.net
+
+-->
+<ruleset name="Hot-Chilli.net (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="hot-chilli.net" />
+	<target host="jabber.hot-chilli.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^jabber\.hot-chilli\.net$" name="^(_icl_current_language|wfvt_\d+)$" /-->
+
+	<securecookie host="^jabber\.hot-chilli\.net$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/HotHardware.com.xml b/src/chrome/content/rules/HotHardware.com.xml
new file mode 100644
index 000000000000..5464ae02c1c8
--- /dev/null
+++ b/src/chrome/content/rules/HotHardware.com.xml
@@ -0,0 +1,15 @@
+<!--
+	Mismatched:
+		admin.hothardware.com
+		beta.hothardware.com
+-->
+<ruleset name="HotHardware.com">
+	<target host="hothardware.com" />
+	<target host="www.hothardware.com" />
+	<target host="amp.hothardware.com" />
+	<target host="shop.hothardware.com" />
+
+	<securecookie host="^(www|amp|shop)\.hothardware\.com$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/HotLog.ru.xml b/src/chrome/content/rules/HotLog.ru.xml
new file mode 100644
index 000000000000..ddc9e5cc1932
--- /dev/null
+++ b/src/chrome/content/rules/HotLog.ru.xml
@@ -0,0 +1,37 @@
+<!--
+	NB: Server sends no certificate chain, see https://whatsmychaincert.com
+
+
+	Nonfunctional hosts in *hotlog.ru:
+
+		- (www.)? *
+		- click *
+		- top1000-ru *
+
+	* Refused
+
+
+	Insecure cookies are set for these domains:
+
+		- .hotlog.ru
+
+-->
+<ruleset name="HotLog.ru (partial)" default_off="cert-chain">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="hit4.hotlog.ru" />
+	<target host="hit32.hotlog.ru" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.hotlog\.ru$" name="^hotcli$" /-->
+
+	<securecookie host="^\.hotlog\.ru$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/HotUKDeals-mismatches.xml b/src/chrome/content/rules/HotUKDeals-mismatches.xml
index fc167b5750ac..8e8b00aef318 100644
--- a/src/chrome/content/rules/HotUKDeals-mismatches.xml
+++ b/src/chrome/content/rules/HotUKDeals-mismatches.xml
@@ -1,9 +1,26 @@
-<ruleset name="HotUKDeals (mismatches)" default_off="mismatch">
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.bitterwallet.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Bitterwallet.com">
 
 	<target host="bitterwallet.com"/>
 	<target host="www.bitterwallet.com"/>
 
-	<rule from="^http://(www\.)?bitterwallet\.com/"
-		to="https://www.bitterwallet.com/"/>
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.bitterwallet\.com$" name="^(?:bitterwallet|has_viewed_notice)$" /-->
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/HotUKDeals.xml b/src/chrome/content/rules/HotUKDeals.xml
index ee1d20a959a8..297a5d62a0ab 100644
--- a/src/chrome/content/rules/HotUKDeals.xml
+++ b/src/chrome/content/rules/HotUKDeals.xml
@@ -1,4 +1,17 @@
-<ruleset name="HotUKDeals (partial)">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://mobot.net/ => https://www.mobot.net/: Too many redirects while fetching 'https://www.mobot.net/'
+Fetch error: http://www.mobot.net/ => https://www.mobot.net/: Too many redirects while fetching 'https://www.mobot.net/'
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://hotukdeals.com/ => http://hotukdeals.com/: Cycle detected - URL already encountered: http://hotukdeals.com/
+Fetch error: http://m.hotukdeals.com/ => http://m.hotukdeals.com/: Cycle detected - URL already encountered: http://m.hotukdeals.com/
+Fetch error: http://www.hotukdeals.com/ => http://www.hotukdeals.com/: Cycle detected - URL already encountered: http://www.hotukdeals.com/
+Fetch error: http://statichukd.com/ => https://www.hotukdeals.com/: Pycurl fetch failed for 'http://statichukd.com/'
+Fetch error: http://www.statichukd.com/ => https://www.hotukdeals.com/: Cycle detected - URL already encountered: http://www.hotukdeals.com/
+-->
+<ruleset name="HotUKDeals (partial)" default_off="failed ruleset test">
 
 	<target host="dealspwn.com"/>
 	<target host="gamebase.dealspwn.com"/>
@@ -15,7 +28,7 @@
 	<rule from="^http://(www\.)?dealspwn\.com/(clientscript/|css/|images/|login$|writer)"
 		to="https://www.dealspwn.com/$2"/>
 
-	<rule from="^https://gamebase\.dealspwn\.com/((base|style_UK)\.css$|images/)"
+	<rule from="^http://gamebase\.dealspwn\.com/((base|style_UK)\.css$|images/)"
 		to="https://gamebase.dealspwn.com/$1"/>
 
 	<rule from="^http://(www\.)?hotukdeals\.com/(about$|clientscript/|contact|custom-settings|favicon\.ico$|help|hukd-badges|images/|login|newsletter|profile/|rest-api|stylesheets/|submit|top)"
@@ -24,15 +37,15 @@
 	<rule from="^http://m\.hotukdeals\.com/(favicon\.ico$|images/|login/|newsletter|stylesheets/)"
 		to="https://m.hotukdeals.com/$2"/>
 
-	<rule from="^http://(www\.)?mobot\.net/"
+	<rule from="^http://(?:www\.)?mobot\.net/"
 		to="https://www.mobot.net/"/>
 
 	<rule from="^http://m\.mobot\.net/(css/|images/|login$)"
 		to="https://m.mobot.net/$1"/>
 
-	<rule from="^http://(www\.)?statichukd\.com/"
+	<rule from="^http://(?:www\.)?statichukd\.com/"
 		to="https://www.hotukdeals.com/"/>
 
-	<securecookie host="^\.mobot\.net$" name=".*"/>
+	<securecookie host="^\.mobot\.net$" name=".+" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Hot_Pics_Amateur.xml b/src/chrome/content/rules/Hot_Pics_Amateur.xml
index 62863a8e1222..69420b1f4fe8 100644
--- a/src/chrome/content/rules/Hot_Pics_Amateur.xml
+++ b/src/chrome/content/rules/Hot_Pics_Amateur.xml
@@ -5,14 +5,15 @@
 <ruleset name="Hot Pics Amateur" default_off="mismatched" platform="mixedcontent">
 
 	<target host="hotpics-amateur.com" />
-	<target host="*.hotpics-amateur.com" />
+	<target host="collection.hotpics-amateur.com" />
+	<target host="www.hotpics-amateur.com" />
 	<target host="www.collection.hotpics-amateur.com" />
 
 
 	<securecookie host="^(?:www\.)?hotpics-amateur\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?(collection\.)?hotpics-amateur\.com/"
+	<rule from="^http://(?:www\.)?(collection\.)?hotpics-amateur\.com/"
 		to="https://$1hotpics-amateur.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Hot_Scripts.com.xml b/src/chrome/content/rules/Hot_Scripts.com.xml
new file mode 100644
index 000000000000..18903457b66f
--- /dev/null
+++ b/src/chrome/content/rules/Hot_Scripts.com.xml
@@ -0,0 +1,22 @@
+<!--
+	For other iNET Interactive coverage, see INet-Interactive.xml.
+
+
+	Mixed content:
+
+		- Images from $self *
+
+		- favicon from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Hot Scripts.com">
+
+	<target host="hotscripts.com" />
+	<target host="www.hotscripts.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Hotel_Managaby.xml b/src/chrome/content/rules/Hotel_Managaby.xml
index dfb6fe10f5ed..9cfe54a99900 100644
--- a/src/chrome/content/rules/Hotel_Managaby.xml
+++ b/src/chrome/content/rules/Hotel_Managaby.xml
@@ -1,10 +1,10 @@
-<ruleset name="Hotel Mangaby">
+<ruleset name="Hotel Mangaby.com">
 
 	<target host="hotelmangaby.com" />
 	<target host="www.hotelmangaby.com" />
 
 
-	<rule from="^http://(www\.)?hotelmangaby\.com/"
-		to="https://$1hotelmangaby.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Hotel_Wifi.com.xml b/src/chrome/content/rules/Hotel_Wifi.com.xml
new file mode 100644
index 000000000000..313486d389a8
--- /dev/null
+++ b/src/chrome/content/rules/Hotel_Wifi.com.xml
@@ -0,0 +1,37 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://hotelwifi.com/ => https://hotelwifi.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.hotelwifi.com/ => https://www.hotelwifi.com/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://hotelwifi.com/ => https://hotelwifi.com/: (60, 'SSL certificate problem: certificate has expired')
+
+	Nonfunctional subdomains:
+
+		- kb *
+		- store *
+
+	* Plaintext reply
+
+-->
+<ruleset name="Hotel Wifi.com (partial)" default_off="failed ruleset test">
+
+	<target host="hotelwifi.com" />
+	<target host="hiesorrentovalley.hotelwifi.com" />
+	<target host="www.hotelwifi.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^hiesorrentovalley\.hotelwifi\.com$" name="^_rxg_console_session$" /-->
+
+	<securecookie host="^hiesorrentovalley\.hotelwifi\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Hotelplan.ch.xml b/src/chrome/content/rules/Hotelplan.ch.xml
new file mode 100644
index 000000000000..f4b188fbc814
--- /dev/null
+++ b/src/chrome/content/rules/Hotelplan.ch.xml
@@ -0,0 +1,18 @@
+<!--
+	For other Migros coverage, see Migros.xml.
+-->
+<ruleset name="Hotelplan.ch" default_off="redirects to http">
+	<target host="hotelplan.ch"/>
+	<target host="www.hotelplan.ch"/>
+	<target host="travelhouse.ch"/>
+	<target host="www.travelhouse.ch"/>
+	<target host="globusreisen.ch"/>
+	<target host="www.globusreisen.ch"/>
+	<target host="globusvoyages.ch"/>
+	<target host="www.globusvoyages.ch"/>
+
+	<rule from="^http://(?:www\.)?hotelplan\.ch/"
+		to="https://www.hotelplan.ch/"/>
+	<rule from="^http://(?:www\.)?travelhouse\.ch/"
+		to="https://www.travelhouse.ch/"/>
+</ruleset>
diff --git a/src/chrome/content/rules/Hotels.com.xml b/src/chrome/content/rules/Hotels.com.xml
deleted file mode 100644
index 002957cc2954..000000000000
--- a/src/chrome/content/rules/Hotels.com.xml
+++ /dev/null
@@ -1,96 +0,0 @@
-<!--
-	Nonfunctional domains:
-
-		- jobs.hotels.com	(times out)
-
-
-	Problematic subdomains:
-
-		- ^		(cert only matches *.hotels.com)
-		- el *
-		- es		(mismatched, CN: *.test.edgekey.net)
-		- www *
-
-	* Akamai
-
-
-	Partially covered subdomains:
-
-		- (www.)
-
-
-	Fully covered domains:
-
-		- a[12].cdn-hotels.com
-		- exp.cdn-hotels.com
-
-		- hotel.com subdomains:
-
-			- customercare
-			- delivery
-
-			- service subdomains:
-
-				- ^
-				- be
-				- cn
-				- da
-				- de
-				- es
-				- fi
-				- fr
-				- id
-				- it
-				- jp
-				- kr
-				- ms
-				- no
-				- ru
-				- sv
-				- zh
-
-			- ssl
-
--->
-<ruleset name="Hotels.com (partial)">
-
-	<target host="*.cdn-hotels.com" />
-	<target host="hotels.com" />
-	<target host="*.hotels.com" />
-
-
-	<securecookie host="^\.cdn-hotels\.com$" name=".+" />
-	<!--
-		Omniture tracking cookies:
-							-->
-	<securecookie host="^\.hotels\.com$" name="^s_\w+$" />
-	<!--
-		Careful: we're putting some www and \w\w pages in the ssl(-\w\w)? namespace,
-		so securing ssl or ssl-\w\w cookies could be problematic.
-										-->
-	<securecookie host="^(?:customercare|(?:\w\w\.)?service)\.hotels\.com$" name=".+" />
-
-
-	<rule from="^http://(\w+)\.cdn-hotels\.com/"
-		to="https://$1.cdn-hotels.com/" />
-
-	<!--	Also on ssl, but presumably pointing
-		to CDN would be preferred:
-							-->
-	<rule from="^https?://(?:\w\w\.|www\.)?hotels\.com/(external/|html/blank\.html|static/)"
-		to="https://a1.cdn-hotels.com/$1" />
-
-	<!--	CDN redirects to ssl, so preempt it:
-							-->
-	<rule from="^https?://(?:www\.)?hotels\.com/((?:c[no]\d+|customer_care|de\d+|deals|ImageDisplay|site-index)(?:$|\?|/)|selectors/|__ssobj/)"
-		to="https://ssl.hotels.com/$1" />
-
-	<!--	Same for different locales:
-						-->
-	<rule from="^https?://(\w\w)\.hotels\.com/((?:c[no]\d+|customer_care|de\d+|deals|ImageDisplay|site-index)(?:$|\?|/)|selectors/|__ssobj/)"
-		to="https://ssl-$1.hotels.com/$2" />
-
-	<rule from="^http://(customercare|delivery|(?:\w\w\.)?service|ssl(?:-\w\w)?)\.hotels\.com/"
-		to="https://$1.hotels.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Hoteltotravel.xml b/src/chrome/content/rules/Hoteltotravel.xml
deleted file mode 100644
index 5e5bf1355399..000000000000
--- a/src/chrome/content/rules/Hoteltotravel.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<ruleset name="Hoteltotravel (partial)">
-
-	<target host="hoteltotravel.com" />
-	<target host="www.hoteltotravel.com" />
-
-
-	<!--	Cert doesn't match www.	-->
-	<rule from="^https?://www\.hoteltotravel\.com/"
-		to="https://hoteltotravel.com/" />
-
-	<!--	Some pages redirect to http.	-->
-	<rule from="^http://hoteltotravel\.com/(contact|faq|hotel-search/roombook|modules/|security_policy|terms|themes/|users?/)"
-		to="https://hoteltotravel.com/$1" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Hotfile.xml b/src/chrome/content/rules/Hotfile.xml
deleted file mode 100644
index 52a7ac0bc71c..000000000000
--- a/src/chrome/content/rules/Hotfile.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="Hotfile">
-  <target host="www.hotfile.com" />
-  <target host="hotfile.com" />
-
-  <rule from="^http://(?:www\.)?hotfile\.com/" to="https://hotfile.com/"/>
-</ruleset>
-
diff --git a/src/chrome/content/rules/Hotmail.co.jp.xml b/src/chrome/content/rules/Hotmail.co.jp.xml
new file mode 100644
index 000000000000..4ffbf003f48b
--- /dev/null
+++ b/src/chrome/content/rules/Hotmail.co.jp.xml
@@ -0,0 +1,25 @@
+<!--
+	For other Microsoft coverage, see Microsoft.xml.
+
+
+	www.hotmail.co.jp: Mismatched
+
+-->
+<ruleset name="Hotmail.co.jp">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="hotmail.co.jp" />
+
+	<!--	Complications:
+				-->
+	<target host="www.hotmail.co.jp" />
+
+
+	<rule from="^http://www\.hotmail\.co\.jp/"
+		to="https://hotmail.co.jp/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Hotmail.co.uk.xml b/src/chrome/content/rules/Hotmail.co.uk.xml
new file mode 100644
index 000000000000..222777087074
--- /dev/null
+++ b/src/chrome/content/rules/Hotmail.co.uk.xml
@@ -0,0 +1,25 @@
+<!--
+	For other Microsoft coverage, see Microsoft.xml.
+
+
+	www.hotmail.co.uk: Mismatched
+
+-->
+<ruleset name="Hotmail.co.uk">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="hotmail.co.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="www.hotmail.co.uk" />
+
+
+	<rule from="^http://www\.hotmail\.co\.uk/"
+		to="https://hotmail.co.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Hotmail.com.xml b/src/chrome/content/rules/Hotmail.com.xml
new file mode 100644
index 000000000000..9396811f5425
--- /dev/null
+++ b/src/chrome/content/rules/Hotmail.com.xml
@@ -0,0 +1,26 @@
+<!--
+	For other Microsoft coverage, see Microsoft.xml.
+
+-->
+<ruleset name="Hotmail.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="hotmail.com" />
+	<target host="gfx5.hotmail.com" />
+	<target host="gfx6.hotmail.com" />
+	<target host="gfx7.hotmail.com" />
+	<target host="gfx8.hotmail.com" />
+	<target host="postmaster.hotmail.com" />
+	<target host="www.hotmail.com" />
+
+
+	<!--	This appears to trigger two good things: (1) the user is
+		prompted to make HTTPS the default; (2) even if the user decides
+		not to, the remainder of that mail-reading session is automatically
+		HTTPS-only.
+					-->
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Hotspot_Shield.xml b/src/chrome/content/rules/Hotspot_Shield.xml
index 0d7a7eab0905..877a2e0dc5a3 100644
--- a/src/chrome/content/rules/Hotspot_Shield.xml
+++ b/src/chrome/content/rules/Hotspot_Shield.xml
@@ -1,4 +1,6 @@
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://hotspotshield.com/ => https://hotspotshield.com/: (7, 'Failed to connect to hotspotshield.com port 443: Connection refused')
 	For other AncorFree coverage, see AnchorFree.xml.
 
 
@@ -21,7 +23,8 @@
 
 	<target host="hotspotshield.com" />
 	<target host="hsselite.com" />
-	<target host="*.hsselite.com" />
+	<target host="cdn.hsselite.com" />
+	<target host="www.hsselite.com" />
 		<!--
 			Redirects to http:
 						-->
@@ -31,10 +34,6 @@
 	<!--securecookie host="^\.hsselite\.com$" name="^PHPSESSID$" /-->
 
 
-	<rule from="^http://hotspotshield\.com/"
-		to="https://hotspotshield.com/" />
+	<rule from="^http:" to="https:" />
 
-	<rule from="^http://(cdn\.|www\.)?hsselite\.com/"
-		to="https://$1hsselite.com/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Hotwire.xml b/src/chrome/content/rules/Hotwire.xml
index e4f8d934aac3..b7e5cb4e8c1f 100644
--- a/src/chrome/content/rules/Hotwire.xml
+++ b/src/chrome/content/rules/Hotwire.xml
@@ -1,9 +1,10 @@
 <ruleset name="Hotwire">
   <target host="hotwire.com" />
-  <target host="*.hotwire.com" />
+  <target host="cruise.hotwire.com" />
+  <target host="extranet.hotwire.com" />
+  <target host="www.hotwire.com" />
 
   <rule from="^http://hotwire\.com/"
           to="https://www.hotwire.com/" />
-  <rule from="^http://(cruise|extranet|www)\.hotwire\.com/"
-          to="https://$1.hotwire.com/" />
-</ruleset>
\ No newline at end of file
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Hound_CI.com.xml b/src/chrome/content/rules/Hound_CI.com.xml
new file mode 100644
index 000000000000..b6b3dda90b26
--- /dev/null
+++ b/src/chrome/content/rules/Hound_CI.com.xml
@@ -0,0 +1,21 @@
+<!--
+	For other thoughtbot coverage, see Thoughtbot.com.xml.
+
+-->
+<ruleset name="Hound CI.com">
+
+	<target host="houndci.com" />
+	<target host="www.houndci.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?houndci\.com$" name="^(XSRF-TOKEN|_houndapp_session)$" /-->
+
+	<securecookie host="^(?:www\.)?houndci\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Hounddog_Central.xml b/src/chrome/content/rules/Hounddog_Central.xml
index ce8c02166b7b..5a75e716356b 100644
--- a/src/chrome/content/rules/Hounddog_Central.xml
+++ b/src/chrome/content/rules/Hounddog_Central.xml
@@ -1,13 +1,12 @@
 <ruleset name="Hounddog Central">
 
 	<target host="hounddogcentral.com" />
-	<target host="*.hounddogcentral.com" />
+	<target host="www.hounddogcentral.com" />
 
 
 	<securecookie host="^(?:w*\.)?hounddogcentral\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?hounddogcentral\.com/"
-		to="https://$1hounddogcentral.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/House.gov.xml b/src/chrome/content/rules/House.gov.xml
new file mode 100644
index 000000000000..43c07fb2e556
--- /dev/null
+++ b/src/chrome/content/rules/House.gov.xml
@@ -0,0 +1,15 @@
+<ruleset name="House.gov">
+
+	<target host="democrats-intelligence.house.gov" />
+	<target host="intelligence.house.gov" />
+	<target host="democrats.intelligence.house.gov" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://democrats\.intelligence\.house\.gov/"
+		to="https://democrats-intelligence.house.gov/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/HousingWire.com.xml b/src/chrome/content/rules/HousingWire.com.xml
index ea4642594512..db469617c10d 100644
--- a/src/chrome/content/rules/HousingWire.com.xml
+++ b/src/chrome/content/rules/HousingWire.com.xml
@@ -1,4 +1,6 @@
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://housingwire.com/ => https://www.housingwire.com/: Cycle detected - URL already encountered: https://www.housingwire.com/
 	Problematic subdomains:
 
 		- ^	(mismatched, CN: acquia-sites.com)
@@ -17,4 +19,4 @@
 	<rule from="^http://store\.housingwire\.com/[^\?]*(\?.*)?"
 		to="https://checkout.subscriptiongenius.com/housingwire.com/$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Houston_Chronicle.xml b/src/chrome/content/rules/Houston_Chronicle.xml
index 405cc5319ac0..96bdcc67bf0b 100644
--- a/src/chrome/content/rules/Houston_Chronicle.xml
+++ b/src/chrome/content/rules/Houston_Chronicle.xml
@@ -56,14 +56,17 @@
 	**** Times out
 
 
-	Partially covered chrom.com subdomains:
+	Partially covered chron.com subdomains:
 
 		- fangear	(at least $ redirects to http)
 
 -->
 <ruleset name="Houston Chronicle (partial)">
 
-	<target host="*.chron.com" />
+	<target host="dailydeal.chron.com" />
+	<target host="fangear.chron.com" />
+	<target host="file.chron.com" />
+	<target host="local.chron.com" />
 		<exclusion pattern="^http://fangear\.chron\.com/(?!App_Themes|images)/" />
 	<target host="myaccount.houstonchronicle.com" />
 
@@ -75,10 +78,10 @@
 	<rule from="^http://(dailydeal|fangear|file)\.chron\.com/"
 		to="https://$1.chron.com/" />
 
-	<rule from="^https?://local\.chron\.com/static/"
+	<rule from="^http://local\.chron\.com/static/"
 		to="https://www.localedge.com/static/" />
 
 	<rule from="^http://myaccount\.houstonchronicle\.com/"
 		to="https://myaccount.houstonchronicle.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Hover.com.xml b/src/chrome/content/rules/Hover.com.xml
index a20b6ae7b494..d183fec34a1c 100644
--- a/src/chrome/content/rules/Hover.com.xml
+++ b/src/chrome/content/rules/Hover.com.xml
@@ -2,47 +2,51 @@
 	For other Tucows coverage, see Tucows.xml.
 
 
-	CDN buckets:
+	Nonfunctional hosts in *hover.com:
 
-		- hover.zendesk.com
+		- about *
 
-			- help.hover.com
+	* Dropped
 
 
-	Fully covered subdomains:
+	Insecure cookies are set for these hosts:
 
-		- ask
-		- help
-		- mail
-
-
-	Partially covered subdomains:
-
-		- (www.)	(blog and blog resources redirect to http)
-
-
-	Observed cookie domains:
-
-		- .
-		- help
-		- mail
-		- www
+		- mail.hover.com
+		- www.hover.com
 
 -->
 <ruleset name="Hover.com (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="hover.com" />
-	<target host="*.hover.com" />
-		<!--
-			Redirect to http :(
+	<target host="ask.hover.com" />
+	<target host="help.hover.com" />
+	<target host="mail.hover.com" />
+	<target host="www.hover.com" />
+
+		<!--	Redirect to http :(
 						-->
-		<exclusion pattern="^http://(?:www\.)?hover\.com/(?:blog|wp-content|wp-includes)(?:$|[?/])" />
+		<exclusion pattern="^http://www\.hover\.com/(?:blog|wp-content|wp-includes)(?:$|[?/])" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.hover.com/blog" />
+			<test url="http://www.hover.com/blog/page/2/" />
+			<test url="http://www.hover.com/blog/page/5/" />
+			<test url="http://www.hover.com/blog/top-15-blogging-platforms-for-2015/" />
+			<test url="http://www.hover.com/wp-content/uploads/2015/10/infographic-header.png" />
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^mail\.hover\.com$" name="(?:bi_wm_p|roundcube_sessid)$" /-->
+	<!--securecookie host="^www\.hover\.com$" name="^hover_session$" /-->
 
-	<securecookie host="^(?:.*\.)?hover\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://((?:ask|help|mail|www)\.)?hover\.com/"
-		to="https://$1hover.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/How-Old.net.xml b/src/chrome/content/rules/How-Old.net.xml
new file mode 100644
index 000000000000..bffd35ed2b06
--- /dev/null
+++ b/src/chrome/content/rules/How-Old.net.xml
@@ -0,0 +1,13 @@
+<!--
+	For other Microsoft coverage, see Microsoft.xml.
+-->
+
+<ruleset name="How-Old.Net">
+	<target host=    "how-old.net" />
+	<target host="www.how-old.net" />
+
+  	<securecookie host="^.*\.how-old\.net$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/HowManyDaysTill.com.xml b/src/chrome/content/rules/HowManyDaysTill.com.xml
new file mode 100644
index 000000000000..0473d224f80b
--- /dev/null
+++ b/src/chrome/content/rules/HowManyDaysTill.com.xml
@@ -0,0 +1,13 @@
+<!--
+	Invalid Certificate:
+		www.howmanydaystill.com
+-->
+<ruleset name="HowManyDaysTill.com">
+	<target host="howmanydaystill.com" />
+	<target host="www.howmanydaystill.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://www\.howmanydaystill\.com/" to="https://howmanydaystill.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/HowManyPeopleAreInSpaceRightNow.com.xml b/src/chrome/content/rules/HowManyPeopleAreInSpaceRightNow.com.xml
new file mode 100644
index 000000000000..c60917bd9a12
--- /dev/null
+++ b/src/chrome/content/rules/HowManyPeopleAreInSpaceRightNow.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="HowManyPeopleAreInSpaceRightNow.com">
+	<target host="howmanypeopleareinspacerightnow.com" />
+	<target host="www.howmanypeopleareinspacerightnow.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://howmanypeopleareinspacerightnow\.com/" to="https://www.howmanypeopleareinspacerightnow.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/HowTo.gov.xml b/src/chrome/content/rules/HowTo.gov.xml
deleted file mode 100644
index df8f6605d90a..000000000000
--- a/src/chrome/content/rules/HowTo.gov.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	For other U.S. government coverage, see US-government.xml.
-
-
-	Nonfunctional subdomains:
-
-		- blog		(redirects to http)
-
--->
-<ruleset name="HowTo.gov">
-
-	<target host="howto.gov" />
-	<target host="www.howto.gov" />
-
-
-	<rule from="^http://(www\.)?howto\.gov/"
-		to="https://$1howto.gov/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/How_to_Box.xml b/src/chrome/content/rules/How_to_Box.xml
deleted file mode 100644
index c47283b7a3ec..000000000000
--- a/src/chrome/content/rules/How_to_Box.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="How to Box">
-
-	<target host="how-to-box.com" />
-	<target host="*.how-to-box.com" />
-
-
-	<securecookie host="^\.how-to-box\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?how-to-box\.com/"
-		to="https://$1how-to-box.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Howard-Hughes-Medical-Institute.xml b/src/chrome/content/rules/Howard-Hughes-Medical-Institute.xml
index 688f05477f12..7ca0dede5290 100644
--- a/src/chrome/content/rules/Howard-Hughes-Medical-Institute.xml
+++ b/src/chrome/content/rules/Howard-Hughes-Medical-Institute.xml
@@ -4,11 +4,11 @@
 	<target host="*.hhmi.org" />
 
 
-	<securecookie host="^.*\.hhmi\.org$" name=".*" />
+	<securecookie host="^.*\.hhmi\.org$" name=".+" />
 
 
 	<!--	Cert only matches *.hhmi.org.	-->
-	<rule from="^https?://hhmi\.org/"
+	<rule from="^http://hhmi\.org/"
 		to="https://www.hhmi.org/" />
 
 	<!--	Observed subdomains:
diff --git a/src/chrome/content/rules/HowiyaPress.com.xml b/src/chrome/content/rules/HowiyaPress.com.xml
new file mode 100644
index 000000000000..8dee595df542
--- /dev/null
+++ b/src/chrome/content/rules/HowiyaPress.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="HowiyaPress.com" platform="mixedcontent">
+	<target host="howiyapress.com" />
+	<target host="www.howiyapress.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Howrandom.org.xml b/src/chrome/content/rules/Howrandom.org.xml
deleted file mode 100644
index 491f3addee6c..000000000000
--- a/src/chrome/content/rules/Howrandom.org.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!-- This rule was automatically generated based on an HSTS
-     preload rule in the Chromium browser.  See
-     https://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.h
-     for the list of preloads.  Sites are added to the Chromium HSTS
-     preload list on request from their administrators, so HTTPS should
-     work properly everywhere on this site.
-
-     Because Chromium and derived browsers automatically force HTTPS for
-     every access to this site, this rule applies only to Firefox. -->
-<ruleset name="Howrandom.org" platform="firefox">
-<target host="howrandom.org" />
-
-<securecookie host="^howrandom\.org$" name=".+" />
-
-<rule from="^http://howrandom\.org/" to="https://howrandom.org/" />
-</ruleset>
diff --git a/src/chrome/content/rules/HowtoForge.com.xml b/src/chrome/content/rules/HowtoForge.com.xml
new file mode 100644
index 000000000000..84dc33d8b526
--- /dev/null
+++ b/src/chrome/content/rules/HowtoForge.com.xml
@@ -0,0 +1,15 @@
+<!--
+	Other HowtoForge rulesets:
+
+		- HowtoForge.de.xml
+
+-->
+<ruleset name="HowtoForge.com">
+
+	<target host="howtoforge.com" />
+	<target host="www.howtoforge.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/HowtoForge.de.xml b/src/chrome/content/rules/HowtoForge.de.xml
new file mode 100644
index 000000000000..9d25503e97b8
--- /dev/null
+++ b/src/chrome/content/rules/HowtoForge.de.xml
@@ -0,0 +1,16 @@
+<!--
+	For other HowtoForge coverage, see HowtoForge.com.xml
+
+-->
+<ruleset name="HowtoForge.de">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="howtoforge.de" />
+	<target host="www.howtoforge.de" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Hqcodeshop.fi.xml b/src/chrome/content/rules/Hqcodeshop.fi.xml
new file mode 100644
index 000000000000..da4005d6d4e8
--- /dev/null
+++ b/src/chrome/content/rules/Hqcodeshop.fi.xml
@@ -0,0 +1,15 @@
+<!--
+	(www.)?hqcodeshop.fi: Mismatched
+
+-->
+<ruleset name="hqcodeshop.fi (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="blog.hqcodeshop.fi" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Href.li.xml b/src/chrome/content/rules/Href.li.xml
new file mode 100644
index 000000000000..1ba7a9931f5f
--- /dev/null
+++ b/src/chrome/content/rules/Href.li.xml
@@ -0,0 +1,22 @@
+<!--
+	www.href.li: Mismatched
+
+-->
+<ruleset name="href.li">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="href.li" />
+
+	<!--	Complications:
+				-->
+	<target host="www.href.li" />
+
+
+	<rule from="^http://www\.href\.li/"
+		to="https://href.li/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Hrkgame.com.xml b/src/chrome/content/rules/Hrkgame.com.xml
new file mode 100644
index 000000000000..18886a92a744
--- /dev/null
+++ b/src/chrome/content/rules/Hrkgame.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Hrkgame.com">
+	<target host="hrkgame.com" />
+	<target host="www.hrkgame.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Hs-rm.de.xml b/src/chrome/content/rules/Hs-rm.de.xml
new file mode 100644
index 000000000000..b05e735b6398
--- /dev/null
+++ b/src/chrome/content/rules/Hs-rm.de.xml
@@ -0,0 +1,5 @@
+<ruleset name="Hs-rm.de">
+  <target host="www.hs-rm.de" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/HsI_cloud.com.xml b/src/chrome/content/rules/HsI_cloud.com.xml
new file mode 100644
index 000000000000..8a1a28e7b913
--- /dev/null
+++ b/src/chrome/content/rules/HsI_cloud.com.xml
@@ -0,0 +1,23 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://fb.hsicloud.com/ => https://fb.hsicloud.com/: (60, 'SSL certificate problem: certificate has expired')
+
+	Hotspot Interactive
+
+
+	Nonfunctional subdomains:
+
+		- (www.) *
+
+	* http reply
+
+-->
+<ruleset name="HsI cloud.com (partial)" default_off="failed ruleset test">
+
+	<target host="fb.hsicloud.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/HsKA.xml b/src/chrome/content/rules/HsKA.xml
new file mode 100644
index 000000000000..71fe0fcf353d
--- /dev/null
+++ b/src/chrome/content/rules/HsKA.xml
@@ -0,0 +1,42 @@
+<!--
+	Invalid certificate:
+		www.g.hs-karlsruhe.de
+		iz-scgu48.hs-karlsruhe.de
+		wpad.hs-karlsruhe.de
+
+	Refused:
+		www.ab.hs-karlsruhe.de
+		www.hit.hs-karlsruhe.de
+		www.iaf.hs-karlsruhe.de
+		www.imp.hs-karlsruhe.de
+		www.mmt.hs-karlsruhe.de
+
+-->
+<ruleset name="HsKA">
+
+	<target host="hs-karlsruhe.de" />
+	<target host="www.hs-karlsruhe.de" />
+	<target host="www.eit.hs-karlsruhe.de" />
+	<target host="www.home.hs-karlsruhe.de" />
+	<target host="idp-pilot.hs-karlsruhe.de" />
+	<target host="ilias.hs-karlsruhe.de" />
+	<target host="ilias2.hs-karlsruhe.de" />
+	<target host="www.imm.hs-karlsruhe.de" />
+	<target host="www.iwi.hs-karlsruhe.de" />
+	<target host="www.iz.hs-karlsruhe.de" />
+	<target host="iz-apple.hs-karlsruhe.de" />
+	<target host="lsf.hs-karlsruhe.de" />
+	<target host="ole.hs-karlsruhe.de" />
+	<target host="qis.hs-karlsruhe.de" />
+	<target host="qis2.hs-karlsruhe.de" />
+	<target host="qis3.hs-karlsruhe.de" />
+	<target host="www.w.hs-karlsruhe.de" />
+
+	<!-- Rejected on https://hs-karlsruhe.de/,
+	http://hs-karlsruhe.de/ redirects to http://www.hs-karlsruhe.de/ -->
+	<rule from="^http://hs-karlsruhe\.de/"
+		to="https://www.hs-karlsruhe.de/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/HsKAmpus.xml b/src/chrome/content/rules/HsKAmpus.xml
new file mode 100644
index 000000000000..3b606a1cdbdc
--- /dev/null
+++ b/src/chrome/content/rules/HsKAmpus.xml
@@ -0,0 +1,15 @@
+<ruleset name="HsKAmpus">
+
+	<target host="hskampus.de" />
+	<target host="www.hskampus.de" />
+	<target host="app.hskampus.de" />
+	<target host="app-d.hskampus.de" />
+
+	<!-- HTTPS rejected on https://app.hskampus.de/
+		 http://app.hskampus.de/ redirects to http://www.iwi.hs-karlsruhe.de/hskampus-web/app/ -->
+	<rule from="^http://app\.hskampus\.de/" to="https://www.iwi.hs-karlsruhe.de/hskampus-web/app/" />
+	<!-- HTTPS rejected on https://app-d.hskampus.de/
+ 		 http://app-d.hskampus.de/ redirects to http://www.iwi.hs-karlsruhe.de/hskampus-web-d/app/ -->
+	<rule from="^http://app-d\.hskampus\.de/" to="https://www.iwi.hs-karlsruhe.de/hskampus-web-d/app/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Hslu.ch.xml b/src/chrome/content/rules/Hslu.ch.xml
new file mode 100644
index 000000000000..10f424b27615
--- /dev/null
+++ b/src/chrome/content/rules/Hslu.ch.xml
@@ -0,0 +1,21 @@
+<ruleset name="Hslu">
+	<target host="hslu.ch" />
+	<target host="ausleihe.hslu.ch" />
+	<target host="blog.hslu.ch" />
+	<target host="edusoft.hslu.ch" />
+	<target host="elearning.hslu.ch" />
+	<target host="intranet.hslu.ch" />
+	<target host="mycampus.hslu.ch" />
+	<target host="passwortwechsel.hslu.ch" />
+	<target host="ppdb.hslu.ch" />
+	<target host="remote.hslu.ch" />
+	<target host="sap.hslu.ch" />
+	<target host="survey.hslu.ch" />
+	<target host="webanmeldung.hslu.ch" />
+	<target host="webmail.hslu.ch" />
+	<target host="wiki.hslu.ch" />
+	<target host="www.hslu.ch" />
+
+        <rule from="^http:"
+                to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Hsto.org.xml b/src/chrome/content/rules/Hsto.org.xml
new file mode 100644
index 000000000000..9dd2d379c1de
--- /dev/null
+++ b/src/chrome/content/rules/Hsto.org.xml
@@ -0,0 +1,30 @@
+<!--
+	For other TM coverage, see TMtm.ru.xml.
+
+
+	www.hsto.org doesn't exist.
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- hsto.org
+		- .hsto.org
+
+-->
+<ruleset name="Hsto.org">
+
+	<target host="hsto.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^hsto\.org$" name="^habrastorage_sid$" /-->
+	<!--securecookie host="^\.hsto\.org$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Hstor.org.xml b/src/chrome/content/rules/Hstor.org.xml
new file mode 100644
index 000000000000..4d71a945c6d4
--- /dev/null
+++ b/src/chrome/content/rules/Hstor.org.xml
@@ -0,0 +1,33 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://hstor.org/ => https://hstor.org/: (51, "SSL: no alternative certificate subject name matches target host name 'hstor.org'")
+Fetch error: http://beta.hstor.org/ => https://beta.hstor.org/: (60, 'SSL certificate problem: certificate has expired')
+
+	For other TM coverage, see TMtm.ru.xml.
+
+
+	alpha.hstor.org: Dropped over http
+
+
+	www.hstor.org doesn't exist.
+
+-->
+<ruleset name="hstor.org" default_off="failed ruleset test">
+
+	<target host="hstor.org" />
+	<!--target host="alpha.hstor.org" /-->
+	<target host="beta.hstor.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^hstore\.org$" name="^habrastorage_sid$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ht.vc.xml b/src/chrome/content/rules/Ht.vc.xml
new file mode 100644
index 000000000000..44b3c0558e63
--- /dev/null
+++ b/src/chrome/content/rules/Ht.vc.xml
@@ -0,0 +1,19 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ht.vc/ => https://ht.vc/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://bh.ht.vc/ => https://bh.ht.vc/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.ht.vc/ => https://www.ht.vc/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="ht.vc" default_off="failed ruleset test">
+
+	<target host="ht.vc" />
+	<target host="bh.ht.vc" />
+	<target host="www.ht.vc" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/HttpLab.it.xml b/src/chrome/content/rules/HttpLab.it.xml
new file mode 100644
index 000000000000..661216f78e89
--- /dev/null
+++ b/src/chrome/content/rules/HttpLab.it.xml
@@ -0,0 +1,24 @@
+<!--
+	Mixed content:
+
+		- css from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="httpLab.it">
+
+	<target host="httplab.it" />
+	<target host="www.httplab.it" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?httplab\.it$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^(?:www\.)?httplab\.it$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Httpbin.org.xml b/src/chrome/content/rules/Httpbin.org.xml
new file mode 100644
index 000000000000..b3c8992338ef
--- /dev/null
+++ b/src/chrome/content/rules/Httpbin.org.xml
@@ -0,0 +1,11 @@
+<ruleset name="httpbin">
+
+	<target host="httpbin.org" />
+	<target host="www.httpbin.org" />
+	<target host="eu.httpbin.org" />
+	<target host="now.httpbin.org" />
+	<target host="staging.httpbin.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Htwk-leipzig-owndomains.xml b/src/chrome/content/rules/Htwk-leipzig-owndomains.xml
new file mode 100644
index 000000000000..6b6418f4328e
--- /dev/null
+++ b/src/chrome/content/rules/Htwk-leipzig-owndomains.xml
@@ -0,0 +1,34 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cmw-leipzig.de/ => https://cmw-leipzig.de/: (51, "SSL: no alternative certificate subject name matches target host name 'cmw-leipzig.de'")
+Fetch error: http://www.cmw-leipzig.de/ => https://www.cmw-leipzig.de/: (51, "SSL: no alternative certificate subject name matches target host name 'www.cmw-leipzig.de'")
+
+	Nonfunctional subdomains:
+		- streifband.de
+			- www	-> wrong cert
+
+	Other HTWK Leipzig rulesets:
+		- Htwk-leipzig.de.xml
+-->
+<ruleset name="HTWK Leipzig (own domains)" default_off="failed ruleset test">
+	<target host="cmw-leipzig.de" />
+	<target host="www.cmw-leipzig.de" />
+	<target host="structuralengineering.de" />
+	<target host="www.structuralengineering.de" />
+	<target host="www.htwk-alumni.de" />
+	<target host="htwk-alumni.de" />
+	<target host="www.verlagsherstellung.de" />
+	<target host="verlagsherstellung.de" />
+	<target host="www.publishing-technology.de" />
+	<target host="publishing-technology.de" />
+	<target host="streifband.de" />
+	<target host="www.validlab.de" />
+	<target host="validlab.de" />
+
+	<!-- https://regex101.com/r/nN1gN4/1 -->
+	<securecookie host="^(cmw-leipzig\.de|www\.cmw-leipzig\.de|structuralengineering\.de|www\.structuralengineering\.de|www\.htwk-alumni\.de|htwk-alumni\.de|www\.verlagsherstellung\.de|verlagsherstellung\.de|www\.publishing-technology\.de|publishing-technology\.de|streifband\.de|www\.validlab\.de|validlab\.de)" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Htwk-leipzig.de.xml b/src/chrome/content/rules/Htwk-leipzig.de.xml
new file mode 100644
index 000000000000..c440392e59e1
--- /dev/null
+++ b/src/chrome/content/rules/Htwk-leipzig.de.xml
@@ -0,0 +1,113 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cmw.htwk-leipzig.de/ => https://cmw.htwk-leipzig.de/: (51, "SSL: no alternative certificate subject name matches target host name 'www.cmw-leipzig.de'")
+
+	Nonfunctional subdomains:
+		- rz				    -> DNS error
+		- cms3.rz			    -> redirection error
+		- im				    -> DNS error
+		- fgdb2010.imn	    	-> different site
+		- forschung.imn		    -> DNS error
+		- humfrage.imn		    -> different site
+		- informatik.imn	    -> DNS error
+		- koralle.imn		    -> DNS error
+		- led				    -> different site
+		- medieninformatik.imn  -> times out
+		- naoteam.imn	        -> different site
+		- www.fitl		        -> times out
+		- katalog.bib	        -> DNS error
+
+	Other HTWK Leipzig rulesets:
+		- Htwk-leipzig-owndomains.xml
+-->
+<ruleset name="HTWK-Leipzig.de" default_off="failed ruleset test">
+	<target host="antonius.imn.htwk-leipzig.de" />
+	<target host="webmail.htwk-leipzig.de" />
+	<target host="www.imn.htwk-leipzig.de" />
+	<target host="portal.imn.htwk-leipzig.de" />
+	<target host="www.htwk-leipzig.de" />
+	<target host="htwk-leipzig.de" />
+	<target host="bauwesen.htwk-leipzig.de" />
+	<target host="www.bauwesen.htwk-leipzig.de" />
+	<target host="www.fbm.htwk-leipzig.de" />
+	<target host="fbme.htwk-leipzig.de" />
+	<target host="www.fbme.htwk-leipzig.de" />
+	<target host="www.sozwes.htwk-leipzig.de" />
+	<target host="wiwi.htwk-leipzig.de" />
+	<target host="www.wiwi.htwk-leipzig.de" />
+	<target host="wi.htwk-leipzig.de" />
+	<target host="www.wi.htwk-leipzig.de" />
+	<target host="fsrwiwi.htwk-leipzig.de" />
+	<target host="www.fsrwiwi.htwk-leipzig.de" />
+	<target host="bmb.htwk-leipzig.de" />
+	<target host="stura.htwk-leipzig.de" />
+	<target host="www.stura.htwk-leipzig.de" />
+	<target host="cmw.htwk-leipzig.de" />
+	<target host="fsrmedien.htwk-leipzig.de" />
+	<target host="www.architekturinstitut.htwk-leipzig.de" />
+	<target host="www.bauart.htwk-leipzig.de" />
+	<target host="www.energiedesign.htwk-leipzig.de" />
+	<target host="studclient.htwk-leipzig.de" />
+	<target host="www.veredelungslexikon.htwk-leipzig.de" />
+	<target host="veredelungslexikon.htwk-leipzig.de" />
+	<target host="www.velex.htwk-leipzig.de" />
+	<target host="velex.htwk-leipzig.de" />
+	<target host="fsras.htwk-leipzig.de" />
+	<target host="www.fsras.htwk-leipzig.de" />
+	<target host="kybernetes.htwk-leipzig.de" />
+	<target host="www.kybernetes.htwk-leipzig.de" />
+	<target host="frauen.htwk-leipzig.de" />
+	<target host="www.frauen.htwk-leipzig.de" />
+	<target host="studifit.htwk-leipzig.de" />
+	<target host="www.studifit.htwk-leipzig.de" />
+	<target host="ip3.htwk-leipzig.de" />
+	<target host="www.ip3.htwk-leipzig.de" />
+	<target host="sug.htwk-leipzig.de" />
+	<target host="www.sug.htwk-leipzig.de" />
+	<target host="www.fz.htwk-leipzig.de" />
+	<target host="fz.htwk-leipzig.de" />
+	<target host="www.ifb.htwk-leipzig.de" />
+	<target host="ifb.htwk-leipzig.de" />
+	<target host="www.ail.htwk-leipzig.de" />
+	<target host="ail.htwk-leipzig.de" />
+	<target host="www.stiftung.htwk-leipzig.de" />
+	<target host="stiftung.htwk-leipzig.de" />
+	<target host="lean-hochschulgruppe.htwk-leipzig.de" />
+	<target host="www.lean-hochschulgruppe.htwk-leipzig.de" />
+	<target host="lizard-cloud.htwk-leipzig.de" />
+	<target host="www.lizard-cloud.htwk-leipzig.de" />
+	<target host="genumedia.htwk-leipzig.de" />
+	<target host="www.genumedia.htwk-leipzig.de" />
+	<target host="www.iws.htwk-leipzig.de" />
+	<target host="iws.htwk-leipzig.de" />
+	<target host="www.fas.htwk-leipzig.de" />
+	<target host="turbo.htwk-leipzig.de" />
+	<target host="www.turbo.htwk-leipzig.de" />
+	<target host="pdwl.htwk-leipzig.de" />
+	<target host="msturm.htwk-leipzig.de" />
+	<target host="bsturm.htwk-leipzig.de" />
+	<target host="www.museumsarbeit.htwk-leipzig.de" />
+	<target host="www.labp.htwk-leipzig.de" />
+	<target host="labp.htwk-leipzig.de" />
+	<target host="architektur.htwk-leipzig.de" />
+	<target host="www.sozialwissenschaften.htwk-leipzig.de" />
+	<target host="bauwerksinformation.htwk-leipzig.de" />
+	<target host="sozialwissenschaften.htwk-leipzig.de" />
+	<target host="ihbb.htwk-leipzig.de" />
+	<target host="www.nachhaltigesbauen.htwk-leipzig.de" />
+	<target host="nachhaltigesbauen.htwk-leipzig.de" />
+	<target host="flex.htwk-leipzig.de" />
+	<target host="campusspiele.htwk-leipzig.de" />
+	<target host="studienwuerdig.htwk-leipzig.de" />
+	<target host="hr-innovation.htwk-leipzig.de" />
+	<target host="marketing.htwk-leipzig.de" />
+	<target host="www.marketing.htwk-leipzig.de" />
+	<target host="kongress-soziale-arbeit.htwk-leipzig.de" />
+
+	<!-- https://regex101.com/r/vA8yY5/2 -->
+	<securecookie host="^(antonius\.imn\.|webmail\.|www\.imn\.|portal\.imn\.|www\.|htwk-leipzig\.de|bauwesen\.|www\.bauwesen\.|www\.fbm\.|fbme\.|www\.fbme\.|www\.sozwes\.|wiwi\.|www\.wiwi\.|wi\.|www\.wi\.|fsrwiwi\.|www\.fsrwiwi\.|bmb\.|www\.bmb\.|stura\.|www\.stura\.|cmw\.|fsrmedien\.|www\.architekturinstitut\.|www\.bauart\.|www\.energiedesign\.|studclient\.|www\.veredelungslexikon\.|veredelungslexikon\.|www\.velex\.|velex\.|fsras\.|www\.fsras\.|kybernetes\.|www\.kybernetes\.|frauen\.|www\.frauen\.|studifit\.|www\.studifit\.|ip3\.|www\.ip3\.|sug\.|www\.sug\.|www\.fz\.|fz\.|www\.ifb\.|ifb\.|www\.ail\.|ail\.|www\.stiftung\.|stiftung\.|lean-hochschulgruppe\.|www\.lean-hochschulgruppe\.|lizard-cloud\.|www\.lizard-cloud\.|genumedia\.|www\.genumedia\.|www\.iws\.|iws\.|www\.fas\.|turbo\.|www\.turbo\.|pdwl\.|msturm\.|bsturm\.|www\.museumsarbeit\.|www\.labp\.|labp\.|architektur\.|www\.sozialwissenschaften\.|bauwerksinformation\.|sozialwissenschaften\.|ihbb\.|www\.nachhaltigesbauen\.|nachhaltigesbauen\.|flex\.|campusspiele\.|studienwuerdig\.|hr-innovation\.|marketing\.|www\.marketing\.|kongress-soziale-arbeit\.)?htwk-leipzig\.de" name=".+" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Huawei.com.xml b/src/chrome/content/rules/Huawei.com.xml
index d611cdebf029..2cb87e8a6c93 100644
--- a/src/chrome/content/rules/Huawei.com.xml
+++ b/src/chrome/content/rules/Huawei.com.xml
@@ -1,4 +1,9 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://edoc-hk.huawei.com/ => https://edoc-hk.huawei.com/: (51, "SSL: no alternative certificate subject name matches target host name 'edoc-hk.huawei.com'")
+Fetch error: http://imailpk.huawei.com/ => https://imailpk.huawei.com/OWA: (60, 'SSL certificate problem: certificate has expired')
+
 	CDN buckets:
 
 		- dspages.huawei.com.edgesuite.net
@@ -15,12 +20,12 @@
 		- ^ *
 		- consumer *
 		- e-learning	(shows edoc-hk; mismatched, CN: edoc-hk.huawei.com)
-		- enterprise	(refused)
+		- enterprise	(503, Akamai)
 		- learning *
 		- support **
 		- www **
 
-	* http reply
+	* Refused
 	** 504, akamai
 
 
@@ -45,11 +50,42 @@
 		- imailind
 		- uniportal
 
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .huawei.com
+		- uniportal.huawei.com
+
 -->
-<ruleset name="Huawei.com (partial)">
+<ruleset name="Huawei.com (partial)" default_off="failed ruleset test">
 
 	<target host="*.huawei.com" />
 
+		<test url="http://autodiscover.huawei.com/" />
+		<test url="http://edoc.huawei.com/" />
+		<test url="http://edoc-hk.huawei.com/" />
+		<test url="http://imailcn.huawei.com/" />
+		<test url="http://imailcn.huawei.com/OWA" />
+		<test url="http://imailid.huawei.com/" />
+		<test url="http://imailid.huawei.com/OWA" />
+		<test url="http://imailuk.huawei.com/" />
+		<test url="http://imailuk.huawei.com/OWA" />
+		<test url="http://imailpk.huawei.com/" />
+		<test url="http://imailbh.huawei.com/" />
+		<test url="http://imailng.huawei.com/" />
+		<test url="http://imailbr.huawei.com/" />
+		<test url="http://imailru.huawei.com/" />
+		<test url="http://imailsa.huawei.com/" />
+		<test url="http://imailus.huawei.com/" />
+		<test url="http://imailza.huawei.com/" />
+		<test url="http://imailind.huawei.com/" />
+		<test url="http://uniportal.huawei.com/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.huawei\.com$" name="^lang$" /-->
+	<!--securecookie host="^uniportal\.huawei\.com$" name="^(ssouniportalSID|testcookie)$" /-->
 
 	<securecookie host="^(?:edoc|imail\w\w|imailind|uniportal)\.huawei\.com$" name=".+" />
 
@@ -62,4 +98,4 @@
 	<rule from="^http://(autodiscover|edoc|edoc-hk|imail\w\w|imailind|uniportal)\.huawei\.com/"
 		to="https://$1.huawei.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/HubSpot.net.xml b/src/chrome/content/rules/HubSpot.net.xml
new file mode 100644
index 000000000000..8d8bd7087c51
--- /dev/null
+++ b/src/chrome/content/rules/HubSpot.net.xml
@@ -0,0 +1,15 @@
+<!--
+	Fully covered hosts:
+
+		- cdn2
+
+-->
+<ruleset name="HubSpot.net">
+
+	<target host="cdn2.hubspot.net" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/HubSpot.xml b/src/chrome/content/rules/HubSpot.xml
deleted file mode 100644
index ed24bd3a1163..000000000000
--- a/src/chrome/content/rules/HubSpot.xml
+++ /dev/null
@@ -1,120 +0,0 @@
-<!--
-	Other HubSpot rulesets:
-
-		- HS-analytics.net.xml
-
-
-	s3.amazonaws.com/css.blog.hubspot.com/
-		- s3.amazonaws.com/cdn1.hubspot.com/
-	hubspot-marketplace.s3.amazonaws.com
-
-		- hubspot.force.com
-
-			- help.hubspot.com
-
-		- a.performable.com
-
-			- go.hubspot.com
-
-
-	ideas.hubspot.com is handled in Uservoice-clients.xml.
-
-
-	Nonfunctional domains:
-
-		- hubspot.com subdomains:
-
-			- academy		(504, akamai)
-			- go *
-			- help			(cert: slotmatching8.salesforce.com; redirects to http)
-			- hugs			(504, akamai; redirects to www.inboundconference.com over http)
-			- learning *
-			- university.web11	(times out)
-
-		- cdn1.hubspotqa.com *
-
-		- (www.)inboundconference.com	(times out)
-
-	* 503, akamai
-
-
-	Problematic domains:
-
-		- hubspot.com subdomains:
-
-			- cdn1			(akamai 503, valid cert)
-			- dev			(works, akamai)
-
-		- www.inbound.com	(works, akamai)
-
-
-	Fully covered domains:
-
-		- hubspot.com subdomains:
-
-			- cdn1		(→ s3.amazonaws.com)
-			- forms
-			- info
-			- no-cache
-			- sites-auth
-			- static2cdn
-
-		- cdn2.hubspot.net
-
-		- hubspotqa.com subdomains:
-
-			- js
-			- no-cache
-			- static
-
-	track sets "hsfirstvisit" and "hubspotutk" wildcard
-	cookies on domains from which it is loaded.
-
-
-	js.hubspot.com sets the following wildcard cookies
-	on whichever domains it is loaded from:
-
-		- hsfirstvisit
-		- __hssc
-		- __hssrc
-		- __hstc
-		- hubspotutk
-
--->
-<ruleset name="HubSpot">
-
-	<target host="hubspot.com" />
-	<target host="*.hubspot.com" />
-	<target host="cdn.blog.hubspot.com" />
-	<target host="*.hubspot.net" />
-	<target host="*.hubspotqa.com" />
-
-
-	<securecookie host="^(.*\.)?hubspot\.com$" name=".*" />
-
-
-	<rule from="^http://((?:app|blog|developers|forms|info|js|login|marketplace|no-cache|sites-auth|static|static2cdn|track|tracking|www)\.)?hubspot\.com/"
-		to="https://$1hubspot.com/" />
-
-	<rule from="^https?://cdn\.blog\.hubspot\.com/"
-		to="https://s3.amazonaws.com/cdn.hubspot.com/" />
-
-	<rule from="^http://cdn1\.hubspot\.com/"
-		to="https://s3.amazonaws.com/cdn1.hubspot.com/" />
-
-	<rule from="^https?://forums\.hubspot\.com/"
-		to="https://hubspot3.vanillaforums.com/" />
-
-	<!--	- Doesn't work over https
-		- Redirects like so over http
-					-->
-	<rule from="^https?://jobs\.hubspot\.com/"
-		to="https://www.hubspot.com/jobs/" />
-
-	<rule from="^http://cdn2\.hubspot\.net/"
-		to="https://cdn2.hubspot.net/" />
-
-	<rule from="^http://(js|no-cache|static)\.hubspotqa\.com/"
-		to="https://$1.hubspotqa.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/HubSpot_QA.com.xml b/src/chrome/content/rules/HubSpot_QA.com.xml
new file mode 100644
index 000000000000..bc943e29ff91
--- /dev/null
+++ b/src/chrome/content/rules/HubSpot_QA.com.xml
@@ -0,0 +1,29 @@
+<!--
+	For other HubSpot coverage, see HubSpot.xml.
+
+
+	Nonfunctional hosts:
+
+		- cdn1 *
+
+	* 503, akamai
+
+
+	Fully covered hosts:
+
+		- js
+		- no-cache
+		- static
+
+-->
+<ruleset name="HubSpot QA.com (partial)">
+
+	<target host="js.hubspotqa.com" />
+	<target host="no-cache.hubspotqa.com" />
+	<target host="static.hubspotqa.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Hubble.xml b/src/chrome/content/rules/Hubble.xml
deleted file mode 100644
index 8ed6a066f19e..000000000000
--- a/src/chrome/content/rules/Hubble.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<ruleset name="Hubble (partial)">
-
-	<target host="spacetelescope.org" />
-	<target host="www.spacetelescope.org" />
-		<!--
-			301s to http.
-					-->
-		<exclusion pattern="^http://www\.spacetelescope\.org/(?:kidsandteachers/(?:drawings|education)|press/kits)/" />
-
-
-	<!--	- Cert only matches www
-		- Some pages 301 to http
-						-->
-	<rule from="^https?://(?:www\.)?spacetelescope\.org/(about|contact|kidsandteachers|press|projects|science|static|subscribe)/"
-		to="https://www.spacetelescope.org/$1/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Hubic.com.xml b/src/chrome/content/rules/Hubic.com.xml
new file mode 100644
index 000000000000..e9aab83892ea
--- /dev/null
+++ b/src/chrome/content/rules/Hubic.com.xml
@@ -0,0 +1,37 @@
+<!--
+	For other OVH Group coverage, see Ovh.xml.
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- hubic.com
+		- .hubic.com
+		- forums.hubic.com
+		- www.hubic.com
+
+-->
+<ruleset name="Hubic.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="hubic.com" />
+	<target host="forums.hubic.com" />
+	<target host="www.hubic.com" />
+
+		<test url="http://hubic.com/home/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^hubic\.com$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^(?:www\.)?hubic\.com$" name="^hubic\.com$" /-->
+	<!--securecookie host="^\.hubic\.com$" name="^bb_sessionhash$" /-->
+	<!--securecookie host="^forums\.hubic\.com$" name="^forums\.hubic\.com$" /-->
+
+	<securecookie host="(?:^|\.)hubic\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Hudson_Valley_Host.xml b/src/chrome/content/rules/Hudson_Valley_Host.xml
index 213b89e7f08a..89b862e26763 100644
--- a/src/chrome/content/rules/Hudson_Valley_Host.xml
+++ b/src/chrome/content/rules/Hudson_Valley_Host.xml
@@ -15,4 +15,4 @@
 	<rule from="^http://billing\.hudsonvalleyhost\.com/((?:cart|clientarea|submitticket)\.php|favicon\.ico|images/|includes/|modules/|templates/)"
 		to="https://billing.hudsonvalleyhost.com/$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Huffington-Post-mismatches.xml b/src/chrome/content/rules/Huffington-Post-mismatches.xml
index 7d49ba1998ee..0748ae95b4fa 100644
--- a/src/chrome/content/rules/Huffington-Post-mismatches.xml
+++ b/src/chrome/content/rules/Huffington-Post-mismatches.xml
@@ -2,7 +2,7 @@
 	For rules that are on by default, see Huffington-Post.xml.
 
 -->
-<ruleset name="Huffington Post (mismatches)" default_off="mismatch">
+<ruleset name="Huffington Post (mismatches)" default_off="mismatched">
 
 	<target host="huffingtonpost.ca" />
 	<target host="www.huffingtonpost.ca" />
@@ -11,7 +11,7 @@
 
 	<!--	Akamai.
 					-->
-	<rule from="^https?://(?:www\.)?huffingtonpost\.ca/"
+	<rule from="^http://(?:www\.)?huffingtonpost\.ca/"
 		to="https://www.huffingtonpost.ca/" />
 
 	<!--	- Akamai
diff --git a/src/chrome/content/rules/Huffington-Post.xml b/src/chrome/content/rules/Huffington-Post.xml
index 92e1e5493833..ecf70c5c78e4 100644
--- a/src/chrome/content/rules/Huffington-Post.xml
+++ b/src/chrome/content/rules/Huffington-Post.xml
@@ -1,4 +1,5 @@
 <!--
+	Disabled per https://github.com/EFForg/https-everywhere/issues/1387
 	For problematic rules, see Huffington-Post-mismatches.xml.
 
 	For other AOL coverage, see AOL.xml.
@@ -15,27 +16,44 @@
 		- images.huffingtonpost.com.edgesuite.net
 		- e.huffpost.com.edgesuite.net
 		- i.huffpost.com.edgesuite.net
+
 		- s.huffpost.com.edgesuite.net
 
+			- a1428.g.akamai.net
+			- s[01].huffpost.com
+
 
 	Nonfunctional domains:
 
+		- elections.huffingtonpost.com ¹
 		- entry-stats.huffpost.com	(refused)
 
+	¹ 503, Akamai
+
 
 	Problematic domains:
 
 		- (www.)huffingtonpost.com
 		- bug.assets.huffingtonpost.com
-		- i.huffpost.com
+		- i.huffpost.com	(503, Akamai)
 		- s.huffpost.com	(redirects to i, prints Amazon Web Services "Access Denied")
+		- s[12].huffpost.com ²
+
+	² Works, akamai
+
+
+	Partially covered domains:
+
+		- (www.)huffingtonpost.com *	(→ a248.e.akamai.net)
+		- e.huffpost.com		(→ a248.e.akamai.net)
+
+	* Some pages redirect back
 
 
 	Fully covered domains:
 
 		- huffingtonpost.com subdomains:
 
-			- (www.)	(→ secure)
 			- big.assets	(→ s3.amazonaws.com/big.assets.huffingtonpost.com/)
 			- images	(→ s-i.huffpost.com)
 			- secure
@@ -44,6 +62,11 @@
 
 			- i	(→ s-i)
 			- s	(→ s-s)
+
+			- s\d:	(→ akamai)
+
+				- [0-3]
+
 			- s-i
 			- s-s
 
@@ -52,6 +75,8 @@
 
 		- css, on secure.huffingtonpost.com from s.huffpost.com *
 
+		- css on secure.huffingtonpost.com from  s[01].huffpost.com *
+
 		- Images, on secure.huffingtonpost.com from:
 
 			- cdn.crowdignite.com **
@@ -60,6 +85,7 @@
 			- i.huffpost.com *
 			- s.huffpost.com *
 			- s.huffpost.com via s-s.huffpost.com *
+			- s[01].huffpost.com *
 
 		- Web bug, on secure.huffingtonpost.com from:
 
@@ -73,22 +99,35 @@
 	** Unsecurable
 
 -->
-<ruleset name="Huffington Post">
+<ruleset name="Huffington Post (partial)" default_off="Breaks some images">
 
 	<target host="huffingtonpost.com" />
 	<target host="*.huffingtonpost.com" />
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://(?:www\.)?huffingtonpost\.com/+(?!favicon\.ico|images/)" />
 	<target host="*.huffpost.com" />
+		<exclusion pattern="^http://e\.huffpost\.com/+(?!\w+/images/)" />
+		<!--
+			css embeds resources relative to root => rewriting to akamai breaks:
+												-->
+		<!--exclusion pattern="^http://s[01]\.huffpost\.com/+assets/css\.php\?f=liveblog\.css" /-->
+		<!--
+			css embeds resources absolutely => rewriting to akamai works:
+											-->
+		<!--exclusion pattern="^http://s[01]\.huffpost\.com/+assets/css\.php\?f=(?!phoenix\.css)" /-->
 
 
-	<rule from="^http://(?:secure\.|www\.)?huffingtonpost\.com/"
-		to="https://secure.huffingtonpost.com/" />
-
 	<rule from="^http://big\.assets\.huffingtonpost\.com/"
-		to="https://s3.amazonaws.com/big.assets.huffingtonpost.com/" />
+		to="https://big.assets.huffingtonpost.com/" />
 
 	<rule from="^http://images\.huffingtonpost\.com/"
 		to="https://s-i.huffpost.com/" />
 
+	<rule from="^http://secure\.huffingtonpost\.com/"
+		to="https://secure.huffingtonpost.com/" />
+
 	<!--	404s on s-s.huffpost.com.
 						-->
 	<rule from="^http://s\.huffpost\.com/contributors/"
@@ -99,4 +138,7 @@
 	<rule from="^http://(?:s-)?([is])\.huffpost\.com/"
 		to="https://s-$1.huffpost.com/" />
 
+	<rule from="^http://s\d\.huffpost\.com/"
+		to="https://s-s.huffpost.com/" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/HugeDomains.com.xml b/src/chrome/content/rules/HugeDomains.com.xml
index fb9ba1fac83e..4c775f31e260 100644
--- a/src/chrome/content/rules/HugeDomains.com.xml
+++ b/src/chrome/content/rules/HugeDomains.com.xml
@@ -1,15 +1,39 @@
 <!--
 	Some pages redirect to http.
 
+
+	Insecure cookies are set for these domains and hosts:
+
+		- hugedomains.com
+		- .hugedomains.com
+		- www.hugedomains.com
+
 -->
 <ruleset name="HugeDomains.com (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="hugedomains.com" />
-	<target host="*.hugedomains.com" />
-		<exclusion pattern="^http://(?:www\.)?hugedomains\.com/domain_profile\.cfm" />
+	<target host="static.hugedomains.com" />
+	<target host="www.hugedomains.com" />
+
+		<!--	Redirects to http:
+						-->
+		<exclusion pattern="^http://www\.hugedomains\.com/domain_profile\.cfm" />
+
+			<test url="http://www.hugedomains.com/domain_profile.cfm?d=" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^hugedomains\.com$" name="^(?:CFID|CFTOKEN|FWO|HD|PV|SHOPPINGCART)$" /-->
+	<!--securecookie host="^\.hugedomains\.com$" name="^BTP$" /-->
+	<!--securecookie host="^hugedomains\.com$" name="^(?:FWO|PV|REFLOC|SHOPPINGCART)$" /-->
+
+	<securecookie host="^hugedomains\.com$" name=".+" />
 
 
-	<rule from="^http://(static\.|www\.)?hugedomains\.com/"
-		to="https://$1hugedomains.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Huggies_Australia.xml b/src/chrome/content/rules/Huggies_Australia.xml
index f99ee2daf10c..7bbc40f12b23 100644
--- a/src/chrome/content/rules/Huggies_Australia.xml
+++ b/src/chrome/content/rules/Huggies_Australia.xml
@@ -1,26 +1,13 @@
-<!--
-	For other Kimberly-Clark coverage, see Kimberly-Clark.xml.
-
-
-	Nonfunctional subdomains:
-
-		- m	(redirects to http)
-
--->
 <ruleset name="Huggies Australia (partial)">
-
+	<!-- *huggies.com.au -->
 	<target host="huggies.com.au" />
-	<target host="*.huggies.com.au" />
-	<target host="assets.huggies-cdn.net" />
-
-
-	<securecookie host="^\.huggies\.com\.au$" name=".+" />
+	<target host="www.huggies.com.au" />
+	<target host="m.huggies.com.au" />
 
+	<!-- *huggies-cdn.net -->
+	<target host="assets.huggies-cdn.net" />
 
-	<rule from="^http://(www\.)?huggies\.com\.au/"
-		to="https://$1huggies.com.au/" />
-
-	<rule from="^http://assets\.huggies-cdn\.net/"
-		to="https://assets.huggies-cdn.net/" />
+	<securecookie host=".+" name=".+" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/HughesNet.xml b/src/chrome/content/rules/HughesNet.xml
index c6a3c104bf8f..b07c1dcec9d7 100644
--- a/src/chrome/content/rules/HughesNet.xml
+++ b/src/chrome/content/rules/HughesNet.xml
@@ -1,16 +1,19 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://s1.hughesnet.com/ => https://s1.hughesnet.com/: (51, "SSL: no alternative certificate subject name matches target host name 's1.hughesnet.com'")
+
 	Nonfunctional subdomains:
 
 		- legal
 		- (www.)	(shows s1, CN: s1.hughesnet.com)
 
 -->
-<ruleset name="HughesNet (partial)">
+<ruleset name="HughesNet (partial)" default_off="failed ruleset test">
 
 	<target host="s1.hughesnet.com" />
 
 
-	<rule from="^http://s1\.hughesnet\.com/"
-		to="https://s1.hughesnet.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/HugoBoss.xml b/src/chrome/content/rules/HugoBoss.xml
new file mode 100644
index 000000000000..86bad8ee9c88
--- /dev/null
+++ b/src/chrome/content/rules/HugoBoss.xml
@@ -0,0 +1,30 @@
+<!--
+	Invalid certificate:
+		annualreport-201\d.hugoboss.com
+		downloads.hugoboss.com
+		geschaeftsbericht-201\d.hugoboss.com
+		group-staging.hugoboss.com
+		mobile.hugoboss.com
+		rmm.hugoboss.com
+		university.hugoboss.com
+
+-->
+<ruleset name="Hugo Boss">
+
+	<target host="hugoboss.com" />
+	<target host="www.hugoboss.com" />
+	<target host="careers.hugoboss.com" />
+	<target host="federation.hugoboss.com" />
+	<target host="fragrances.hugoboss.com" />
+	<target host="group.hugoboss.com" />
+	<target host="images.hugoboss.com" />
+	<target host="mail.hugoboss.com" />
+	<target host="portal.hugoboss.com" />
+
+	<!-- Invalid certificate on https://hugoboss.com/
+		 http://hugoboss.com/ redirects to http://www.hugoboss.com/ -->
+	<rule from="^http://hugoboss\.com/" to="https://www.hugoboss.com/" />
+	<rule from="^http:" to="https:" />
+
+	<test url="http://images.hugoboss.com/is/image/boss/Sale_Phase_03_Mobile_Still" />
+</ruleset>
diff --git a/src/chrome/content/rules/Hulu.xml b/src/chrome/content/rules/Hulu.xml
deleted file mode 100644
index 21693ec097ae..000000000000
--- a/src/chrome/content/rules/Hulu.xml
+++ /dev/null
@@ -1,47 +0,0 @@
-<!--
-	CDN buckets:
-
-		- t2.hulu.com.edgesuite.net
-
-			- a268.b.akamai.net
-
-		- www.hulu.com.edgesuite.net
-
-		- ib.huluim.com.edgesuite.net
-
-			- a1697.b.akamai.net
-			- ib2.huluim.com
-
-		- static.huluim.com.edgesuite.net
-
-			- a1495.b.akamai.net
-
--->
-<ruleset name="Hulu (partial)" default_off="mismatch">
-
-	<!--	Akamai	-->
-	<target host="hulu.com" />
-	<target host="*.hulu.com" />
-		<exclusion pattern="^http://(?:www\.)?hulu\.com/(?!images/)" />
-	<target host="*.huluim.com" />
-
-
-	<rule from="^http://(?:(?:www\.)?hulu|static\.huluim)\.com/"
-		to="https://a248.e.akamai.net/f/1810/2198/8m/static.huluim.com/" />
-
-	<rule from="^http://t2\.hulu\.com/"
-		to="https://a248.e.akamai.net/f/268/3148/3d/t2.hulu.com/" />
-
-	<rule from="^http://ib(2)?\.huluim\.com/"
-		to="https://a248.e.akamai.net/f/1697/9057/2h/ib$1.huluim.com/" />
-
-	<!--	Observed subdomains:
-
-			- ib
-			- static
-			- thumbnails
-					-->
-	<!--rule from="^http://(\w+)\.huluim\.com/"
-		to="https://$1.huluim.com/" /-->
-
-</ruleset>
diff --git a/src/chrome/content/rules/Human-Rights-Campaign.xml b/src/chrome/content/rules/Human-Rights-Campaign.xml
index bbdbb7028f02..0532ba99403b 100644
--- a/src/chrome/content/rules/Human-Rights-Campaign.xml
+++ b/src/chrome/content/rules/Human-Rights-Campaign.xml
@@ -1,14 +1,35 @@
-<ruleset name="Human Rights Campaign (partial)" platform="mixedcontent">
-	<target host="hrc.org" />
-	<target host="www.hrc.org" />
+<!--
+	Invalid certificate:
+	- asp.hrc.org (incomplete certificate chain)
+	- mi.hrc.org
+	- research.hrc.org
+
+	Refused:
+	- strive.hrc.org
 
+	Timeout:
+	- acaf.hrc.org
+	- cei.hrc.org
+	- hei.hrc.org
+	- maintenance.hrc.org
 
-	<securecookie host="^www\.hrc\.org$" name=".+" />
+	Too much mixed content blocking:
+	- facebook.hrc.org
 
+-->
+<ruleset name="Human Rights Campaign">
+	<target host="hrc.org" />
+	<target host="www.hrc.org" />
+	<target host="act.hrc.org" />
+		<test url="http://act.hrc.org/page/3521/event/1" />
+	<target host="give.hrc.org" />
+		<test url="http://give.hrc.org/ea-campaign/action.retrievestaticpage.do?ea_static_page_id=5487" />
+	<target host="join.hrc.org" />
+		<test url="http://join.hrc.org/nohateinmystate/" />
+	<target host="shop.hrc.org" />
+	<target host="stopthehate.hrc.org" />
 
-	<rule from="^http://(?:www\.)?hrc\.org/" to="https://www.hrc.org/" />
+	<securecookie host="^(www|act|give|join|shop|stopthehate)\.hrc\.org$" name=".+" />
 
-	<!-- Invoking https://hrc.org/ produces a certificate error, so
-	redirect https://hrc.org/ to https://www.hrc.org/ -->
-	<rule from="^https://hrc\.org/" to="https://www.hrc.org/" />
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/HumanDesign.fi.xml b/src/chrome/content/rules/HumanDesign.fi.xml
new file mode 100644
index 000000000000..f7b0ad4272a8
--- /dev/null
+++ b/src/chrome/content/rules/HumanDesign.fi.xml
@@ -0,0 +1,13 @@
+<!--
+		Nonfunctional hosts in *.humandesign.fi:
+			- autodiscover (m)
+			- ftp (m)
+		m: certificate mismatch
+-->
+<ruleset name="HumanDesign.fi">
+	<target host="humandesign.fi" />
+	<target host="www.humandesign.fi" />
+	<target host="mail.humandesign.fi" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/HumanResearchEthicsPortal.xml b/src/chrome/content/rules/HumanResearchEthicsPortal.xml
new file mode 100644
index 000000000000..06aab896a788
--- /dev/null
+++ b/src/chrome/content/rules/HumanResearchEthicsPortal.xml
@@ -0,0 +1,13 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://hrep.nhmrc.gov.au/ => https://hrep.nhmrc.gov.au/: (6, 'Could not resolve host: hrep.nhmrc.gov.au')
+
+-->
+<ruleset name="Human Research Ethics Portal" default_off="failed ruleset test">
+	<target host="hrep.nhmrc.gov.au" />
+	<target host="www.hrep.nhmrc.gov.au" />
+
+	<rule from="^http://(?:www\.)?hrep\.nhmrc\.gov\.au/"
+		to="https://hrep.nhmrc.gov.au/" />
+</ruleset>
diff --git a/src/chrome/content/rules/Human_Action.xml b/src/chrome/content/rules/Human_Action.xml
index 7c70923cf10f..e855cc0afa54 100644
--- a/src/chrome/content/rules/Human_Action.xml
+++ b/src/chrome/content/rules/Human_Action.xml
@@ -1,13 +1,12 @@
 <ruleset name="Human Action">
 
 	<target host="humanaction.com" />
-	<target host="*.humanaction.com" />
+	<target host="www.humanaction.com" />
 
 
 	<securecookie host="^\.humanaction\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?humanaction\.com/"
-		to="https://$1humanaction.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Human_Brain_Project.eu.xml b/src/chrome/content/rules/Human_Brain_Project.eu.xml
new file mode 100644
index 000000000000..438e871c1673
--- /dev/null
+++ b/src/chrome/content/rules/Human_Brain_Project.eu.xml
@@ -0,0 +1,18 @@
+<ruleset name="Human Brain Project.eu">
+
+	<target host="humanbrainproject.eu" />
+	<target host="collaboration.humanbrainproject.eu" />
+	<target host="education.humanbrainproject.eu" />
+	<target host="www.humanbrainproject.eu" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(collaboration|education|www)\.humanbrainproject\.eu$" name="^JSESSIONID$" /-->
+
+	<securecookie host="^(?:collaboration|education|www)\.humanbrainproject\.eu$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Human_Events.xml b/src/chrome/content/rules/Human_Events.xml
index 9a3eff250847..a89c352c21c9 100644
--- a/src/chrome/content/rules/Human_Events.xml
+++ b/src/chrome/content/rules/Human_Events.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://order.humanevents.com/ => https://order.humanevents.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
 	Nonfunctional subdomains:
 
 		- info
@@ -9,17 +13,17 @@
 		- (www.)	(at least some pages redirect to http)
 
 -->
-<ruleset name="Human Events (partial)">
+<ruleset name="Human Events (partial)" default_off="failed ruleset test">
 
 	<target host="humanevents.com" />
-	<target host="*.humanevents.com" />
+	<target host="order.humanevents.com" />
+	<target host="www.humanevents.com" />
 		<exclusion pattern="^http://(?:www\.)?humanevents\.com/(?!t/)" />
 
 
 	<securecookie host="^order\.humanevents\.com$" name=".+" />
 
 
-	<rule from="^http://(order\.|www\.)?humanevents\.com/"
-		to="https://$1humanevents.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Human_Rights_Defense_Center.org.xml b/src/chrome/content/rules/Human_Rights_Defense_Center.org.xml
new file mode 100644
index 000000000000..a19d7ff143b3
--- /dev/null
+++ b/src/chrome/content/rules/Human_Rights_Defense_Center.org.xml
@@ -0,0 +1,23 @@
+<!--
+	Other Human Rights Defense Center rulesets:
+
+		- Prison_Legal_News.org.xml
+		- Prison_Phone_Justice.org.xml
+
+-->
+<ruleset name="Human Rights Defense Center.org">
+
+	<target host="humanrightsdefensecenter.org" />
+	<target host="www.humanrightsdefensecenter.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.humanrightsdefensecenter\.org$" name="^csrftoken$" /-->
+
+	<securecookie host="^www\.humanrightsdefensecenter\.org$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Human_Rights_First.org.xml b/src/chrome/content/rules/Human_Rights_First.org.xml
new file mode 100644
index 000000000000..020580894963
--- /dev/null
+++ b/src/chrome/content/rules/Human_Rights_First.org.xml
@@ -0,0 +1,18 @@
+<ruleset name="Human Rights First.org (partial)">
+
+	<target host="humanrightsfirst.org" />
+	<target host="www.humanrightsfirst.org" />
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="^http://www\.humanrightsfirst\.org/($|blog|campaigns/[\w-]+$|sign-up$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="^http://www\.humanrightsfirst\.org/(?!favicon\.ico|sites/|uploads/|wp-content/|wp-includes/)" /-->
+
+
+	<rule from="^http://(www\.)?humanrightsfirst\.org/(?=favicon\.ico|sites/|uploads/|wp-content/|wp-includes/)"
+		to="https://$1humanrightsfirst.org/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Human_Rights_Watch.xml b/src/chrome/content/rules/Human_Rights_Watch.xml
index 97d3c2690eaa..c8bf440819a0 100644
--- a/src/chrome/content/rules/Human_Rights_Watch.xml
+++ b/src/chrome/content/rules/Human_Rights_Watch.xml
@@ -1,20 +1,29 @@
 <!--
-	!www: expired 2009-10-26, self-signed, CN: plesk
 
--->
-<ruleset name="Human Rights Watch">
-
-	<target host="hrw.org" />
-	<target host="*.hrw.org" />
+	Invalid certificate:
+		china.hrw.org
+		human.hrw.org
+		docs.hrw.org
+		*.nyc.hrw.org
+		votescount.hrw.org
 
+	Time out:
+		media.hrw.org
 
-	<securecookie host="^.*\.hrw\.org$" name=".+" />
+-->
+<ruleset name="HRW.org">
 
+	<target host="hrw.org" />
+	<target host="www.hrw.org" />
+	<target host="action.hrw.org" />
+	<target host="careers.hrw.org" />
+	<target host="donate.hrw.org" />
+	<target host="features.hrw.org" />
+	<target host="ff.hrw.org" />
 
-	<rule from="^https?://hrw\.org/"
-		to="https://www.hrw.org/" />
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(secure|www)\.hrw\.org/"
-		to="https://$1.hrw.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Humanism.org.uk.xml b/src/chrome/content/rules/Humanism.org.uk.xml
new file mode 100644
index 000000000000..275093c89ea4
--- /dev/null
+++ b/src/chrome/content/rules/Humanism.org.uk.xml
@@ -0,0 +1,9 @@
+<ruleset name="Humanism.org.uk">
+
+	<target host="humanism.org.uk" />
+	<target host="www.humanism.org.uk" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/HumanityPlus.xml b/src/chrome/content/rules/HumanityPlus.xml
index 37c994ed8474..f097c07c5e23 100644
--- a/src/chrome/content/rules/HumanityPlus.xml
+++ b/src/chrome/content/rules/HumanityPlus.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(?:www\.)?humanityplus\.org/"
 		to="https://humanityplus.org/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/HumbleBundle.xml b/src/chrome/content/rules/HumbleBundle.xml
index 28c5c4a137c8..0cb609b068eb 100644
--- a/src/chrome/content/rules/HumbleBundle.xml
+++ b/src/chrome/content/rules/HumbleBundle.xml
@@ -6,19 +6,25 @@
 
 	Nonfunctional subdomains:
 
-		- support	(redirects to http, desk.com)
+		- blog *
+
+	* Tumblr
 
 -->
 <ruleset name="Humble Bundle (partial)">
 
 	<target host="humblebundle.com" />
+	<target host="support.humblebundle.com" />
 	<target host="www.humblebundle.com" />
 
 
-	<securecookie host="^www\.humblebundle\.com$" name=".*" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.humblebundle\.com$" name="^ssid$" /-->
+
+	<securecookie host="^www\.humblebundle\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?humblebundle\.com/"
-		to="https://$1humblebundle.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Hunch.xml b/src/chrome/content/rules/Hunch.xml
index c662e7194b25..f1fc3e830678 100644
--- a/src/chrome/content/rules/Hunch.xml
+++ b/src/chrome/content/rules/Hunch.xml
@@ -1,4 +1,12 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://aka-img-1.h-img.com/ => https://hunch.com/: (51, "SSL: no alternative certificate subject name matches target host name 'hunch.com'")
+Fetch error: http://hunch.com/ => https://hunch.com/: (51, "SSL: no alternative certificate subject name matches target host name 'hunch.com'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://aka-img-1.h-img.com/ => https://hunch.com/: (28, 'Resolving timed out after 10520 milliseconds')
+Fetch error: http://hunch.com/ => https://hunch.com/: (60, 'SSL certificate problem: certificate has expired')
 	CDN buckets:
 
 		- aka-img-1.h-img.com.edgesuite.net
@@ -16,7 +24,7 @@
 		- img-1.hunch.com		(mismatched, CN: HUNCH.COM)
 
 -->
-<ruleset name="Hunch (partial)">
+<ruleset name="Hunch (partial)" default_off="failed ruleset test">
 
 	<target host="aka-img-1.h-img.com" />
 	<target host="hunch.com" />
@@ -26,7 +34,7 @@
 	<rule from="^http://(admin\.|api\.|www\.)?hunch\.com/"
 		to="https://$1hunch.com/" />
 
-	<rule from="^https?://(?:aka-img-\d\.h-img|img-1\.hunch)\.com/"
+	<rule from="^http://(?:aka-img-\d\.h-img|img-1\.hunch)\.com/"
 		to="https://hunch.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/HunchLab.com.xml b/src/chrome/content/rules/HunchLab.com.xml
new file mode 100644
index 000000000000..da3677b93b19
--- /dev/null
+++ b/src/chrome/content/rules/HunchLab.com.xml
@@ -0,0 +1,14 @@
+<ruleset name="HunchLab.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="hunchlab.com" />
+	<target host="eu.hunchlab.com" />
+	<target host="us.hunchlab.com" />
+	<target host="www.hunchlab.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Hungerhost.xml b/src/chrome/content/rules/Hungerhost.xml
index 9062dfc45d97..5b8f332c24af 100644
--- a/src/chrome/content/rules/Hungerhost.xml
+++ b/src/chrome/content/rules/Hungerhost.xml
@@ -2,5 +2,5 @@
   <target host="www.hungerhost.com" />
   <target host="hungerhost.com" />
 
-  <rule from="^http://(?:www\.)?hungerhost\.com/" to="https://hungerhost.com/"/>
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Hungry-for-Change.xml b/src/chrome/content/rules/Hungry-for-Change.xml
index 2df6a826bdaa..d11e0f767e00 100644
--- a/src/chrome/content/rules/Hungry-for-Change.xml
+++ b/src/chrome/content/rules/Hungry-for-Change.xml
@@ -1,12 +1,12 @@
-<ruleset name="Hungry for Change" default_off="mismatch">
+<ruleset name="Hungry for Change" default_off="mismatched">
 
 	<!--	Cert: *.worldsecuresystems.tv	-->
 	<target host="hungryforchange.tv" />
 	<!--	* for cross-domain cookies.	-->
-	<target host="*.hungryforchange.tv" />
+	<target host="www.hungryforchange.tv" />
 
 
-	<securecookie host="^(.*\.)?hungryforchange\.tv$" name=".*" />
+	<securecookie host=".+" name=".+" />
 
 
 	<!--	!www redirects to www.	-->
diff --git a/src/chrome/content/rules/Hungryhouse.co.uk.xml b/src/chrome/content/rules/Hungryhouse.co.uk.xml
new file mode 100644
index 000000000000..13b2550ef83b
--- /dev/null
+++ b/src/chrome/content/rules/Hungryhouse.co.uk.xml
@@ -0,0 +1,24 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .hungryhouse.co.uk
+
+-->
+<ruleset name="hungryhouse.co.uk">
+
+	<target host="hungryhouse.co.uk" />
+	<target host="static.hungryhouse.co.uk" />
+	<target host="www.hungryhouse.co.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.hungryhouse\.co\.uk$" name="^(?:_gat?|PHPSESSID|dh_analytics_uuid|hh_os|w)$" /-->
+
+	<securecookie host="^\." name="^(?:_gat?$|dh_analytics_)" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Hunt-Calendars.xml b/src/chrome/content/rules/Hunt-Calendars.xml
index 8c7a45c3f337..1bbf6527e045 100644
--- a/src/chrome/content/rules/Hunt-Calendars.xml
+++ b/src/chrome/content/rules/Hunt-Calendars.xml
@@ -4,5 +4,5 @@
 
 	<securecookie host="^www\.huntcal\.com$" name=".+" />
 
-	<rule from="^(http://(www\.)?|https://)huntcal\.com/" to="https://www.huntcal.com/" />
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Hunting_Bears.nl.xml b/src/chrome/content/rules/Hunting_Bears.nl.xml
new file mode 100644
index 000000000000..ba4d205c085d
--- /dev/null
+++ b/src/chrome/content/rules/Hunting_Bears.nl.xml
@@ -0,0 +1,15 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.huntingbears.nl/ => https://www.huntingbears.nl/: (51, "SSL: no alternative certificate subject name matches target host name 'www.huntingbears.nl'")
+
+-->
+<ruleset name="Hunting Bears.nl" default_off="failed ruleset test">
+
+	<target host="huntingbears.nl" />
+	<target host="www.huntingbears.nl" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Huobi.com.xml b/src/chrome/content/rules/Huobi.com.xml
new file mode 100644
index 000000000000..00d5ae8b8402
--- /dev/null
+++ b/src/chrome/content/rules/Huobi.com.xml
@@ -0,0 +1,69 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ltc.huobi.com/ => https://ltc.huobi.com/: (7, 'Failed to connect to ltc.huobi.com port 443: Connection timed out')
+Fetch error: http://market.huobi.com/ => https://market.huobi.com/: (6, 'Could not resolve host: market.huobi.com')
+Fetch error: http://me.huobi.com/ => https://me.huobi.com/: (6, 'Could not resolve host: me.huobi.com')
+Fetch error: http://s.huobi.com/ => https://s.huobi.com/: (7, 'Failed to connect to s.huobi.com port 443: Connection timed out')
+
+	^huobi.com: Refused
+
+
+	These altnames don't exist:
+
+		- mgt.huobi.com
+		- mobile.huobi.com
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .huobi.com
+		- me.huobi.com
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- ltc, www from www.adobe.com *
+			- ltc from wwwimages.adobe.com *
+
+	* Secured by us
+
+-->
+<ruleset name="huobi.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="api.huobi.com" />
+	<target host="detail.huobi.com" />
+	<target host="hq.huobi.com" />
+	<target host="ltc.huobi.com" />
+	<target host="m.huobi.com" />
+	<target host="market.huobi.com" />
+	<target host="me.huobi.com" />
+	<target host="news.huobi.com" />
+	<target host="s.huobi.com" />
+	<target host="static.huobi.com" />
+	<target host="www.huobi.com" />
+
+	<!--	Complications:
+				-->
+	<target host="huobi.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.huobi\.com$" name="^(__cfduid|HUOBIMEIBISESSID|cf_clearance|csrf_cookie_huobi_name|jumpurl|lang|news_session)$" /-->
+	<!--securecookie host="^me\.huobi\.com$" name="^__jsluid$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://huobi\.com/"
+		to="https://www.huobi.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Hupso.com.xml b/src/chrome/content/rules/Hupso.com.xml
new file mode 100644
index 000000000000..f7f0496468e3
--- /dev/null
+++ b/src/chrome/content/rules/Hupso.com.xml
@@ -0,0 +1,20 @@
+<!--
+	(www.)?hupso.com: Plaintext reply
+
+
+	These altnames don't exist:
+
+		- www.static.hupso.com
+
+-->
+<ruleset name="Hupso.com (partial)">
+
+	<!--target host="hupso.com" /-->
+	<target host="static.hupso.com" />
+	<!--target host="www.hupso.com" /-->
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Hupstream.com.xml b/src/chrome/content/rules/Hupstream.com.xml
new file mode 100644
index 000000000000..bbb73cfbac08
--- /dev/null
+++ b/src/chrome/content/rules/Hupstream.com.xml
@@ -0,0 +1,24 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- hupstream.com
+		- www.hupstream.com
+
+-->
+<ruleset name="hupstream.com">
+
+	<target host="hupstream.com" />
+	<target host="www.hupstream.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?hupstream\.com$" name="^_redmine_default$" /-->
+
+	<securecookie host="^(?:www\.)?hupstream\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Hupu.xml b/src/chrome/content/rules/Hupu.xml
new file mode 100644
index 000000000000..5c4f7550b151
--- /dev/null
+++ b/src/chrome/content/rules/Hupu.xml
@@ -0,0 +1,65 @@
+<!--
+    Timeout:
+        - hupu.com
+
+    Active mixed content:
+        - 2on2.hupu.com
+        - bbs.hupu.com
+        - outdoor.hupu.com
+        - racing.hupu.com
+        - voice.hupu.com
+        - www.hupu.com
+        - xgame.hupu.com
+        - ymq.hupu.com
+        - zb.hupu.com
+
+    Refused:
+        - afp.hupu.com
+        - dongguan.hupu.com
+        - golf.hupu.com
+-->
+<ruleset name="Hupu (partial)">
+    <!-- Hupu.com -->
+    <target host="hupu.com" />
+    <target host="www.hupu.com" />
+    <target host="cba.hupu.com" />
+    <target host="ccdace.hupu.com" />
+    <target host="goto.hupu.com" />
+    <target host="m.hupu.com" />
+    <target host="my.hupu.com" />
+    <target host="nba.hupu.com" />
+    <target host="orz.hupu.com" />
+    <target host="photo.hupu.com" />
+    <target host="remind.hupu.com" />
+    <target host="run.hupu.com" />
+    <target host="soccer.hupu.com" />
+    <target host="tennis.hupu.com" />
+    <target host="www-backend.hupu.com" />
+
+    <!-- Hupucdn.com -->
+    <target host="hupu-game.hupucdn.com" />
+    <target host="img1.hupucdn.com" />
+    <target host="img2.hupucdn.com" />
+    <target host="touch.hupucdn.com" />
+    <target host="shihuo.hupucdn.com" />
+    <target host="www.hupucdn.com" />
+
+    <!-- Hupuchina.com -->
+    <target host="b1.hoopchina.com.cn" />
+    <target host="b2.hoopchina.com.cn" />
+    <target host="b3.hoopchina.com.cn" />
+    <target host="bbsstaticoss.hoopchina.com.cn" />
+    <target host="c1.hoopchina.com.cn" />
+    <target host="c2.hoopchina.com.cn" />
+    <target host="i1.hoopchina.com.cn" />
+    <target host="i2.hoopchina.com.cn" />
+    <target host="i3.hoopchina.com.cn" />
+    <target host="w1.hoopchina.com.cn" />
+    <target host="w2.hoopchina.com.cn" />
+    <target host="w3.hoopchina.com.cn" />
+    <target host="w4.hoopchina.com.cn" />
+
+    <rule from="^http://hupu\.com/"
+        to="https://www.hupu.com/" />
+    <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Huque.com.xml b/src/chrome/content/rules/Huque.com.xml
new file mode 100644
index 000000000000..ebbc62aab44e
--- /dev/null
+++ b/src/chrome/content/rules/Huque.com.xml
@@ -0,0 +1,10 @@
+<!--
+	Secure connection failed:
+		blog.huque.com
+
+-->
+<ruleset name="Huque.com" >
+	<target host="www.huque.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Hurley_Medical_Center.xml b/src/chrome/content/rules/Hurley_Medical_Center.xml
index 9178953db976..097df5f3fa98 100644
--- a/src/chrome/content/rules/Hurley_Medical_Center.xml
+++ b/src/chrome/content/rules/Hurley_Medical_Center.xml
@@ -1,10 +1,19 @@
-<ruleset name="Hurley Medical Center">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://hurleymc.com/ => https://hurleymc.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.hurleymc.com/ => https://www.hurleymc.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.hurleymc.com'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://hurleymc.com/ => https://hurleymc.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.hurleymc.com'")
+Fetch error: http://www.hurleymc.com/ => https://www.hurleymc.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.hurleymc.com'")
+-->
+<ruleset name="Hurley Medical Center" default_off="failed ruleset test">
 
 	<target host="hurleymc.com" />
 	<target host="www.hurleymc.com" />
 
 
-	<rule from="^http://(www\.)?hurleymc\.com/"
-		to="https://$1hurleymc.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/HurricaneElectric.xml b/src/chrome/content/rules/HurricaneElectric.xml
index fdf946061e83..8039843d7420 100644
--- a/src/chrome/content/rules/HurricaneElectric.xml
+++ b/src/chrome/content/rules/HurricaneElectric.xml
@@ -3,41 +3,40 @@
 
 		- TunnelBroker.xml
 
-
-
-	Nonfunctional subdomains:
-
-		- bgp.he.net	(refused)
-		- man.he.net	(redirects to www.he.net, valid cert)
-
-
-	bgp.he.net and faq.he.net don't support SSL at the moment
-
-
-	Problematic domains:
-
-		- (www.)hu.com *
-		- hurricaneelectric.com *
-
-	* Alternative domains, same content, using he.net certificate
-
+	Non-functional hosts
+		SSL connect error:
+		- man.he.net
+
+		SSL peer certificate was not OK:
+		- he.com
+		- www.he.com
+		- hurricaneelectric.net
 -->
-<ruleset name="Hurricane Electric">
-
+<ruleset name="Hurricane Electric (partial)">
 	<target host="he.com" />
 	<target host="www.he.com" />
+	
 	<target host="he.net" />
-	<target host="*.he.net" />
+	<target host="www.he.net" />
+	<target host="admin.he.net" />
+	<target host="bgp.he.net" />
+		<test url="http://bgp.he.net/AS39056" />
+	<target host="code.he.net" />
+	<target host="cust.he.net" />
+	<target host="dns.he.net" />
+	<target host="faq.he.net" />
+	<target host="ipv6.he.net" />
+	
 	<target host="hurricaneelectric.net" />
+		<test url="http://hurricaneelectric.net/tour/" />
 
+	<securecookie host=".+" name=".+" />
+	
+	<rule from="^http://(www\.)?he\.com/"
+		  to="https://www.he.net/" />
+	
+	<rule from="^http://hurricaneelectric\.net/"
+		  to="https://www.he.net/" />
 
-	<securecookie host="^(?:.*\.)?he\.net$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?h(?:e\.com|urricaneelectric\.net)/"
-		to="https://www.he.net/" />
-
-	<rule from="^http://((?:admin|code|cust|dns|ipv6|www)\.)?he\.net/"
-		to="https://$1he.net/" />
-
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Hush-Hush.xml b/src/chrome/content/rules/Hush-Hush.xml
index ca795c441c5b..337a20000660 100644
--- a/src/chrome/content/rules/Hush-Hush.xml
+++ b/src/chrome/content/rules/Hush-Hush.xml
@@ -1,9 +1,10 @@
 <ruleset name="Hush-Hush (partial)">
 
 	<target host="hush-hush.com"/>
-	<target host="*.hush-hush.com"/>
+	<target host="www.hush-hush.com" />
+	<target host="secure.hush-hush.com" />
 
-	<securecookie host="^secure\.hush-hush\.com$" name=".*"/>
+	<securecookie host="^secure\.hush-hush\.com$" name=".+" />
 
 	<rule from="^http://(?:www\.)?hush-hush\.com/(cs|image)s/"
 		to="https://secure.hush-hush.com/$1s/"/>
diff --git a/src/chrome/content/rules/Hushmail.xml b/src/chrome/content/rules/Hushmail.xml
index ee802aeed9bc..e0cb73d0ad89 100644
--- a/src/chrome/content/rules/Hushmail.xml
+++ b/src/chrome/content/rules/Hushmail.xml
@@ -1,23 +1,50 @@
 <!--
 	Problematic domains:
 
-		- hush.com *
-		- hushmail.com *
+		- (www.)?hush.com *
 
-	* Cert only matches www
+	* Redirect differs
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- .hushmail.com
+		- m.hushmail.com
+		- www.hushmail.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
 <ruleset name="Hushmail">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="hushmail.com" />
+	<target host="help.hushmail.com" />
+	<target host="m.hushmail.com" />
+	<target host="www.hushmail.com" />
+
+	<!--	Complications:
+				-->
 	<target host="hush.com" />
 	<target host="www.hush.com" />
-	<target host="www.hushmail.com" />
-	<target host="hushmail.com" />
 
 
-	<securecookie host="^www\.hushmail\.com$" name=".+" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.hushmail\.com$" name="^(?:incap_ses_\d+|visid_incap)_\d+$" /-->
+	<!--securecookie host="^(?:m|www)\.hushmail\.com$" name="^(?:___utm[abm]\w+|PHPSESSID2)$" /-->
+
+	<securecookie host="^\." name="^(?:incap_ses|visid_incap)_" />
+	<securecookie host="^\w" name=".+" />
+
 
+	<!--	Redirect keeps all:
+					-->
+	<rule from="^http://(?:www\.)?hush\.com/"
+		to="https://www.hushmail.com/" />
 
-	<rule from="^http://(?:www\.)?hush(mail)?\.com/"
-		to="https://www.hush$1.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Hustler.xml b/src/chrome/content/rules/Hustler.xml
index 618760bde651..24cdf4d601b4 100644
--- a/src/chrome/content/rules/Hustler.xml
+++ b/src/chrome/content/rules/Hustler.xml
@@ -1,9 +1,22 @@
-<ruleset name="Hustler" platform="mixedcontent">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.hustlermagazine.com/ => https://www.hustlermagazine.com/: (7, 'Failed to connect to www.hustlermagazine.com port 443: Connection refused')
+Fetch error: http://hustlermagazine.com/ => https://www.hustlermagazine.com/: (7, 'Failed to connect to www.hustlermagazine.com port 443: Connection refused')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.hustlermagazine.com/ => https://www.hustlermagazine.com/: (7, 'Failed to connect to www.hustlermagazine.com port 443: Connection refused')
+Fetch error: http://hustlermagazine.com/ => https://www.hustlermagazine.com/: (7, 'Failed to connect to www.hustlermagazine.com port 443: Connection refused')
+	Nonfunctional domains:
+
+		- (www.)?hustlercanada.com *
+
+	* Handshake fails
+
+-->
+<ruleset name="Hustler" platform="mixedcontent" default_off="failed ruleset test">
   <target host="www.hustlermagazine.com" />
   <target host="hustlermagazine.com" />
-  <target host="www.hustlercanada.com" />
-  <target host="hustlercanada.com" />
 
   <rule from="^http://(?:www\.)?hustlermagazine\.com/" to="https://www.hustlermagazine.com/"/>
-  <rule from="^http://(?:www\.)?hustlercanada\.com/" to="https://www.hustlercanada.com/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/Huxiu.com.xml b/src/chrome/content/rules/Huxiu.com.xml
new file mode 100644
index 000000000000..dd185e346941
--- /dev/null
+++ b/src/chrome/content/rules/Huxiu.com.xml
@@ -0,0 +1,23 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://huxiu.com/ => https://huxiu.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	- Mismatch on:
+		m.chuanyan.huxiu.com
+
+	- Refused on:
+		duwu.huxiu.com
+-->
+<ruleset name="Huxiu" default_off="failed ruleset test">
+	<target host="analyzer.huxiu.com" />
+	<target host="chuanyan.huxiu.com" />
+	<target host="en.huxiu.com" />
+	<target host="huxiu.com" />
+	<target host="m.huxiu.com" />
+	<target host="sdata.huxiu.com" />
+	<target host="statics.huxiu.com" />
+	<target host="www.huxiu.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Huxo.co.uk.xml b/src/chrome/content/rules/Huxo.co.uk.xml
new file mode 100644
index 000000000000..d45a926c3792
--- /dev/null
+++ b/src/chrome/content/rules/Huxo.co.uk.xml
@@ -0,0 +1,10 @@
+<ruleset name="Huxo.co.uk">
+
+	<target host="huxo.co.uk" />
+	<target host="www.huxo.co.uk" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Huzs.net.xml b/src/chrome/content/rules/Huzs.net.xml
new file mode 100644
index 000000000000..7c45f002fff9
--- /dev/null
+++ b/src/chrome/content/rules/Huzs.net.xml
@@ -0,0 +1,25 @@
+<!--
+	Mixed content:
+
+		- Images, from:
+
+			- common.cnblogs.com ¹
+			- images.cnitblog.com ¹
+			- yun.topthink.com ²
+
+	¹ Unsecurable <= dropped
+	² Unsecurable <= reset
+
+-->
+<ruleset name="huzs.net">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="huzs.net" />
+	<target host="www.huzs.net" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Hvidovrekajakklub.dk.xml b/src/chrome/content/rules/Hvidovrekajakklub.dk.xml
new file mode 100644
index 000000000000..f2a1694268d8
--- /dev/null
+++ b/src/chrome/content/rules/Hvidovrekajakklub.dk.xml
@@ -0,0 +1,11 @@
+<ruleset name="Hvidovre Kajakklub">
+
+    <target host="hvidovrekajakklub.dk" />
+    <target host="www.hvidovrekajakklub.dk" />
+    <target host="kalveboderne-rundt.hvidovrekajakklub.dk" />
+    <target host="www.kalveboderne-rundt.hvidovrekajakklub.dk" />
+
+    <rule from="^http:"
+            to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Hvosting.ua.xml b/src/chrome/content/rules/Hvosting.ua.xml
index ece5946f07f2..0a0ae5aeb095 100644
--- a/src/chrome/content/rules/Hvosting.ua.xml
+++ b/src/chrome/content/rules/Hvosting.ua.xml
@@ -10,13 +10,12 @@
 <ruleset name="hvosting.ua">
 
 	<target host="hvosting.ua" />
-	<target host="*.hvosting.ua" />
+	<target host="www.hvosting.ua" />
 
 
-	<securecookie host="^(?:.*\.)?hvosting\.ua$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(www\.)?hvosting\.ua/"
-		to="https://$1hvosting.ua/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Hwbot.org.xml b/src/chrome/content/rules/Hwbot.org.xml
new file mode 100644
index 000000000000..08e3731b05c3
--- /dev/null
+++ b/src/chrome/content/rules/Hwbot.org.xml
@@ -0,0 +1,28 @@
+<!--
+	CDN buckets:
+
+		- d1ebmxcfh8bf9c.cloudfront.net
+
+			- img
+
+		- d3vp4utu9lbqmm.cloudfront.net
+
+			- static
+
+
+	(www.): dropped
+
+-->
+<ruleset name="Hwbot.org (partial)">
+
+	<target host="img.hwbot.org" />
+	<target host="static.hwbot.org" />
+
+
+	<rule from="^http://img\.hwbot\.org/"
+		to="https://d1ebmxcfh8bf9c.cloudfront.net/" />
+
+	<rule from="^http://static\.hwbot\.org/"
+		to="https://d3vp4utu9lbqmm.cloudfront.net/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Hwcdn.net.xml b/src/chrome/content/rules/Hwcdn.net.xml
new file mode 100644
index 000000000000..588f329a0af6
--- /dev/null
+++ b/src/chrome/content/rules/Hwcdn.net.xml
@@ -0,0 +1,12 @@
+<ruleset name="hwcdn.net (partial)">
+
+	<target host="*.ssl.hwcdn.net" />
+
+		<test url="http://n8k6e2y6.ssl.hwcdn.net/sites/all/themes/warframeWhiteReskin/logo.png" />
+		<test url="http://w6j4x7m9.ssl.hwcdn.net/MJ435/12-20-2014/Style.css" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Hybrid-Analysis.com.xml b/src/chrome/content/rules/Hybrid-Analysis.com.xml
new file mode 100644
index 000000000000..6cc616bf4b03
--- /dev/null
+++ b/src/chrome/content/rules/Hybrid-Analysis.com.xml
@@ -0,0 +1,28 @@
+<!--
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- .hybrid-analysis.com
+		- www.hybrid-analysis.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Hybrid-Analysis.com">
+
+	<target host="hybrid-analysis.com" />
+	<target host="www.hybrid-analysis.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.hybrid-analysis\.com$" name="^dtCookie$" /-->
+	<!--securecookie host="^www\.hybrid-analysis\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\." name="^(?:_gat?$|_gat_|dtCookie$)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Hynek.me.xml b/src/chrome/content/rules/Hynek.me.xml
new file mode 100644
index 000000000000..884644696e5d
--- /dev/null
+++ b/src/chrome/content/rules/Hynek.me.xml
@@ -0,0 +1,23 @@
+<!--
+	^ox.cx: Dropped
+
+-->
+<ruleset name="Hynek.me">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="stats.ox.cx" />
+	<target host="www.ox.cx" />
+
+	<!--	Complications:
+				-->
+	<target host="ox.cx" />
+
+
+	<rule from="^http://ox\.cx/"
+		to="https://www.ox.cx/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Hypanova.com.xml b/src/chrome/content/rules/Hypanova.com.xml
index ffcca845db3b..81389926a47a 100644
--- a/src/chrome/content/rules/Hypanova.com.xml
+++ b/src/chrome/content/rules/Hypanova.com.xml
@@ -1,13 +1,21 @@
-<ruleset name="Hypanova.com">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://hypanova.com/ => https://hypanova.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.hypanova.com/ => https://www.hypanova.com/: (60, 'SSL certificate problem: certificate has expired')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://hypanova.com/ => https://hypanova.com/: (51, "SSL: no alternative certificate subject name matches target host name 'hypanova.com'")
+-->
+<ruleset name="Hypanova.com" default_off="failed ruleset test">
 
 	<target host="hypanova.com" />
-	<target host="*.hypanova.com" />
+	<target host="www.hypanova.com" />
 
 
 	<securecookie host="^\.hypanova\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?hypanova\.com/"
-		to="https://$1hypanova.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/HypeMachine.xml b/src/chrome/content/rules/HypeMachine.xml
index 4517a0b5ccae..773a08946225 100644
--- a/src/chrome/content/rules/HypeMachine.xml
+++ b/src/chrome/content/rules/HypeMachine.xml
@@ -1,44 +1,17 @@
 <!--
-	CDN buckets:
-
-		- s3.amazonaws.com/faces-s3.hypem.com/
-
-		- hypem-static.edgesuite.net
-
-			- static-ak.hypem.net
-
-
-	Problematic domains:
-
-		- static-ak.hypem.net	(works, akamai)
-
-
-	Fully covered domains:
-
-		- static.hypem.com
-		- static-ak.hypem.net	(→ static.hypem.net)
-
+	Non-functional hosts:
+		Certificate mismatched:
+		- www.hypem.com
 -->
-<ruleset name="HypeMachine (partial)">
-
+<ruleset name="Hype Machine">
 	<target host="hypem.com" />
-	<target host="*.hypem.com" />
-		<!--
-			Pages 501:
-
-				https://trac.torproject.org/projects/tor/ticket/9153
-											-->
-		<exclusion pattern="^http://(?:www\.)?hypem\.com/(?!favicon\.ico|images/|inc/|js/)" />
-	<target host="static-ak.hypem.net" />
-
-
-	<!--securecookie host="^([^/:@]+\.)?hypem\.com$" name=".+" /-->
-
-
-	<rule from="^http://([^/:@]+\.)?hypem\.com/"
-		to="https://$1hypem.com/" />
+	<target host="www.hypem.com" />
+	<target host="blog.hypem.com" />
+	<target host="merch.hypem.com" />
+	<target host="static.hypem.com" />
 
-	<rule from="^http://static-ak\.hypem\.net/"
-		to="https://static.hypem.com/" />
+	<rule from="^http://www\.hypem\.com/"
+		  	to="https://hypem.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Hyper_Elliptic.org.xml b/src/chrome/content/rules/Hyper_Elliptic.org.xml
new file mode 100644
index 000000000000..4ddde2dee5c0
--- /dev/null
+++ b/src/chrome/content/rules/Hyper_Elliptic.org.xml
@@ -0,0 +1,10 @@
+<ruleset name="Hyper Elliptic.org">
+
+	<target host="hyperelliptic.org" />
+	<target host="www.hyperelliptic.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Hyperboria.net.xml b/src/chrome/content/rules/Hyperboria.net.xml
new file mode 100644
index 000000000000..ce9f9e97f61f
--- /dev/null
+++ b/src/chrome/content/rules/Hyperboria.net.xml
@@ -0,0 +1,30 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .hyperboria.net
+
+
+	Mixed content:
+
+		- css from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Hyperboria.net">
+
+	<target host="hyperboria.net" />
+	<target host="www.hyperboria.net" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.hyperboria\.net$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.hyperboria\.net$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Hyperoptic.com.xml b/src/chrome/content/rules/Hyperoptic.com.xml
index 77917a6edbe8..597513202a83 100644
--- a/src/chrome/content/rules/Hyperoptic.com.xml
+++ b/src/chrome/content/rules/Hyperoptic.com.xml
@@ -7,7 +7,6 @@
 	<securecookie host="^(?:www\.)?hyperoptic\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?hyperoptic\.com/"
-		to="https://$1hyperoptic.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Hyperspin.xml b/src/chrome/content/rules/Hyperspin.xml
index f907fb9d8ffb..d2128cbe5247 100644
--- a/src/chrome/content/rules/Hyperspin.xml
+++ b/src/chrome/content/rules/Hyperspin.xml
@@ -7,7 +7,7 @@
 	<!--	- Cert only matches www
 		- Some (most?) pages 302 to http
 							-->
-	<rule from="^https?://(?:www\.)?hyperspin\.com/(en/(?:captcha|controlpanel|uncacheable\.gif)\.php(?:$|\?)|forum(?:$|[\?/])|images/|themes/)"
+	<rule from="^http://(?:www\.)?hyperspin\.com/(en/(?:captcha|controlpanel|uncacheable\.gif)\.php(?:$|\?)|forum(?:$|[\?/])|images/|themes/)"
 		to="https://www.hyperspin.com/$1" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Hypovereinsbank.de.xml b/src/chrome/content/rules/Hypovereinsbank.de.xml
index 3eab68c1ba04..4254e36b4caf 100644
--- a/src/chrome/content/rules/Hypovereinsbank.de.xml
+++ b/src/chrome/content/rules/Hypovereinsbank.de.xml
@@ -3,9 +3,7 @@
   <target host="www.hvb.de"/>
   <target host="hypovereinsbank.de"/>
   <target host="www.hypovereinsbank.de"/>
-
-  <securecookie host="^(.*\.)?hvb\.de$" name=".*" />
-  <securecookie host="^(.*\.)?hypovereinsbank\.de$" name=".*" />
+  <securecookie host=".+" name=".+"/>
 
   <rule from="^http://(?:www\.)?hypovereinsbank\.de/" to="https://www.hypovereinsbank.de/"/>
   <rule from="^http://(?:www\.)?hvb\.de/" to="https://www.hypovereinsbank.de/"/>
diff --git a/src/chrome/content/rules/I-Do-Foundation.xml b/src/chrome/content/rules/I-Do-Foundation.xml
deleted file mode 100644
index 7843e7958b4b..000000000000
--- a/src/chrome/content/rules/I-Do-Foundation.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="I Do Foundation" platform="mixedcontent">
-	<target host="idofoundation.org" />
-	<target host="www.idofoundation.org" />
-
-	<rule from="^http://(?:www\.)?idofoundation\.org/" to="https://www.idofoundation.org/" />
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/I-kiz.de.xml b/src/chrome/content/rules/I-kiz.de.xml
new file mode 100644
index 000000000000..ddf699fbe3c6
--- /dev/null
+++ b/src/chrome/content/rules/I-kiz.de.xml
@@ -0,0 +1,4 @@
+<ruleset name="I-kiz.de">
+<target host="www.i-kiz.de" />
+<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/I.CX.xml b/src/chrome/content/rules/I.CX.xml
new file mode 100644
index 000000000000..f5ef485833fa
--- /dev/null
+++ b/src/chrome/content/rules/I.CX.xml
@@ -0,0 +1,8 @@
+<ruleset name="I.CX">
+	<target host="i.cx" />
+	<target host="www.i.cx" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"	to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/I.materialise.xml b/src/chrome/content/rules/I.materialise.xml
index 0d9820730738..3ac987676818 100644
--- a/src/chrome/content/rules/I.materialise.xml
+++ b/src/chrome/content/rules/I.materialise.xml
@@ -1,27 +1,29 @@
-<ruleset name="i.materialise (partial)">
+<!--
+	CDN buckets:
+
+		- materialiseimatproduction.s3.amazonaws.com
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- i.materialise.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="i.materialise.com">
 
 	<target host="i.materialise.com" />
-		<!--
-			These paths 302 to http:
 
-				- $
-				- 3dprintlab$
-				- 3dprintlab/instance/
-				- creationcorner$
-				- creationcorner/tinkercad$
 
-		<exclusion pattern="^http://i\.materialise\.com/($|(3dprintlab|creationcorner)($|[\?/))" /-->
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^i\.materialise\.com$" name="^(?:ASP\.NET_SessionId|RSiteID|3dpartycheck|cartid|rv)$" /-->
 
+	<securecookie host="^\w" name=".+" />
 
-	<!--	These paths work:
 
-			- blog$
-			- blog/
-			- img/
-			- Storage/
-			- Styles/
-				-->
-	<rule from="^http://i\.materialise\.com/(blog(?:$|[\?/])|img/|Storage/|Styles/)"
-		to="https://i.materialise.com/$1" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/I.ua.xml b/src/chrome/content/rules/I.ua.xml
new file mode 100644
index 000000000000..5d3f6a561602
--- /dev/null
+++ b/src/chrome/content/rules/I.ua.xml
@@ -0,0 +1,71 @@
+<!--
+	Nonfunctional subdomains:
+
+		- (www.)? ¹
+		- apps ¹
+		- blog ¹
+		- board ¹
+		- cards ¹
+		- catalog ¹
+		- cook ¹
+		- files ¹
+		- finance ¹
+		- games ¹
+		- goroskop ¹
+		- group ¹
+		- help ¹
+		- job ¹
+		- kino ¹
+		- links ¹
+		- love ¹
+		- mail ¹
+		- map ¹
+		- music ¹
+		- narod ¹
+		- news ¹
+		- oboi ¹
+		- org ¹
+		- otvet ¹
+		- pda ¹
+		- perevod ¹
+		- photo ¹
+		- prikol ¹
+		- radio ¹
+		- rss ¹
+		- shop ¹
+		- talk ²
+		- tv ¹
+		- video ¹
+		- weather ¹
+
+	¹ Reset
+	² Refused
+
+
+	Problematic subdomains:
+
+		- i3 *
+
+	* Mismatched, CN: *.holder.com.ua
+
+
+	These altnames don't exist:
+
+		- www.i.i.ua
+		- www.passport.i.ua
+		- www.r.i.ua
+
+-->
+<ruleset name="I.ua (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="i.i.ua" />
+	<target host="passport.i.ua" />
+	<target host="r.i.ua" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/I0.cz.xml b/src/chrome/content/rules/I0.cz.xml
new file mode 100644
index 000000000000..e15358087491
--- /dev/null
+++ b/src/chrome/content/rules/I0.cz.xml
@@ -0,0 +1,13 @@
+<!--
+	www: cert only matches ^i0.cz
+
+-->
+<ruleset name="i0.cz">
+
+	<target host="i0.cz" />
+	<target host="www.i0.cz" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/I12.de.xml b/src/chrome/content/rules/I12.de.xml
new file mode 100644
index 000000000000..f31fbe636b99
--- /dev/null
+++ b/src/chrome/content/rules/I12.de.xml
@@ -0,0 +1,10 @@
+<ruleset name="I12 GmbH">
+
+	<target host="common.i12.de" />
+<!-- cert not valid for the www-subdomain -->
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/I2Coalition.com.xml b/src/chrome/content/rules/I2Coalition.com.xml
new file mode 100644
index 000000000000..72f88cf8f3a7
--- /dev/null
+++ b/src/chrome/content/rules/I2Coalition.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="i2Coalition.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="i2coalition.com" />
+	<target host="www.i2coalition.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/I2P.io.xml b/src/chrome/content/rules/I2P.io.xml
new file mode 100644
index 000000000000..39ea7e905f6c
--- /dev/null
+++ b/src/chrome/content/rules/I2P.io.xml
@@ -0,0 +1,20 @@
+<!--
+	Invalid certificate:
+		i2p.io
+		mail.i2p.io
+
+	Not found:
+		download.i2p.io
+		download-no01.i2p.io
+		no01-mirror.i2p.io
+		use01-mirror.i2p.io
+-->
+<ruleset name="I2P.io">
+
+	<target host="f-droid.i2p.io" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/I2P.xml b/src/chrome/content/rules/I2P.xml
deleted file mode 100644
index c740e1f161a4..000000000000
--- a/src/chrome/content/rules/I2P.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<ruleset name="I2P" default_off="expired, CAcert, self-signed">
-  <target host="i2p2.de" />
-  <target host="docs.i2p2.de" />
-  <target host="forum.i2p2.de" />
-  <target host="trac.i2p2.de" />
-  <target host="syndie.i2p2.de" />
-  <target host="www.i2p2.de" />
-
-  <rule from="^http://(?:www\.)?i2p2\.de/" to="https://www.i2p2.de/"/>
-  <rule from="^http://([d-t.+])\.i2p2\.de/" to="https://$1.i2p2.de/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/I2P2.de.xml b/src/chrome/content/rules/I2P2.de.xml
new file mode 100644
index 000000000000..e72affd8fee5
--- /dev/null
+++ b/src/chrome/content/rules/I2P2.de.xml
@@ -0,0 +1,51 @@
+
+<!--
+	Nonfunctional hosts in *i2p2.de:
+
+		- docs ¹
+		- forum ³
+		- mirror ¹
+		- netdb ¹
+		- syndie ²
+
+	¹ Invalid certificate
+	² Shows ^i2p2.de
+	³ Not found
+
+
+	forum.i2p2.de: Dropped over http & https
+
+-->
+<ruleset name="I2P2.de (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="deb.i2p2.de" />
+	<target host="download.i2p2.de" />
+	<target host="trac.i2p2.de" />
+
+	<!--	Complications:
+				-->
+	<target host="i2p2.de" />
+	<target host="www.i2p2.de" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^trac\.i2p2\.de$" name="^(trac_form_token|trac_session)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<!--	Redirect keeps path and args,
+		but not forward slash:
+					-->
+	<rule from="^http://(?:www\.)?i2p2\.de/+"
+		to="https://geti2p.net/" />
+
+		<test url="http://i2p2.de//" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/I2PD.website.xml b/src/chrome/content/rules/I2PD.website.xml
new file mode 100644
index 000000000000..c7fd3127ab1c
--- /dev/null
+++ b/src/chrome/content/rules/I2PD.website.xml
@@ -0,0 +1,14 @@
+<!--
+	Mismatch:
+		www.i2pd.website
+-->
+<ruleset name="I2PD.website">
+	<target host="i2pd.website" />
+	<target host="www.i2pd.website" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://www\.i2pd\.website/" to="https://i2pd.website/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/I3D.net.xml b/src/chrome/content/rules/I3D.net.xml
new file mode 100644
index 000000000000..64233ef8cfa4
--- /dev/null
+++ b/src/chrome/content/rules/I3D.net.xml
@@ -0,0 +1,22 @@
+<!--
+	(www.)?: mismatched, CN: customer.i3d.net
+
+
+	These altnames don't exist:
+
+		- www.customer.i3d.net
+
+-->
+<ruleset name="i3D.net">
+
+	<target host="i3d.net" />
+	<target host="customer.i3d.net" />
+	<target host="www.i3d.net" />
+
+
+	<!--	(www.)? and customer appear identical:
+							-->
+	<rule from="^http://(?:customer\.|www\.)?i3d\.net/"
+		to="https://customer.i3d.net/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/I3wm.org.xml b/src/chrome/content/rules/I3wm.org.xml
index 584f337a067d..af8273e48f7b 100644
--- a/src/chrome/content/rules/I3wm.org.xml
+++ b/src/chrome/content/rules/I3wm.org.xml
@@ -1,26 +1,25 @@
 <!--
-	Nonfunctionally subdomains:
+	Nonfunctional subdomains:
 
-		- (www.) *
-		- bugs *
+		- build *
+		- code ª
+		- cr °
 
+	ª mismatch
 	* Refused
-
-
-	Fully covered subdomains:
-
-		- faq
-
+	° mixed content
 -->
-<ruleset name="i3wm.org (partial)">
-
+<ruleset name="i3wm.org">
+	<target host="i3wm.org" />
+	<target host="www.i3wm.org" />
+	<target host="bugs.i3wm.org" />
 	<target host="faq.i3wm.org" />
 
 
 	<securecookie host="^faq\.i3wm\.org$" name=".+" />
 
 
-	<rule from="^http://faq\.i3wm\.org/"
-		to="https://faq.i3wm.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/IAAPA.xml b/src/chrome/content/rules/IAAPA.xml
index 45baf02c93ab..33970f547478 100644
--- a/src/chrome/content/rules/IAAPA.xml
+++ b/src/chrome/content/rules/IAAPA.xml
@@ -1,9 +1,17 @@
-<ruleset name="International Association of Amusement Parks and Attractions">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://iaapa.org/ => https://www.iaapa.org/: (28, 'Connection timed out after 20000 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://iaapa.org/ => https://www.iaapa.org/: (60, 'SSL certificate problem: certificate has expired')
+-->
+<ruleset name="International Association of Amusement Parks and Attractions" default_off="failed ruleset test">
 
 	<target host="iaapa.org"/>
-	<target host="*.iaapa.org"/>
+	<target host="www.iaapa.org" />
 
-	<securecookie host="^(.*\.)?iaapa\.org$" name=".*"/>
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http://(?:www\.)?iaapa\.org/"
 		to="https://www.iaapa.org/"/>
diff --git a/src/chrome/content/rules/IAATA.info.xml b/src/chrome/content/rules/IAATA.info.xml
new file mode 100644
index 000000000000..a42c68a34261
--- /dev/null
+++ b/src/chrome/content/rules/IAATA.info.xml
@@ -0,0 +1,15 @@
+<ruleset name="IAATA.info">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="iaata.info" />
+	<target host="www.iaata.info" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/IABM.xml b/src/chrome/content/rules/IABM.xml
index 8c8ea766d2f6..b7eb59def324 100644
--- a/src/chrome/content/rules/IABM.xml
+++ b/src/chrome/content/rules/IABM.xml
@@ -1,14 +1,39 @@
-<ruleset name="IABM">
+<!--
+	Insecure cookies are set for these domains and hosts: ᶜ
 
-	<target host="theiabm.org"/>
-	<target host="www.theiabm.org"/>
+		- www.theiabm.org
+		- .www.theiabm.org
 
+	ᶜ See https://owasp.org/index.php/SecureFlag
 
-	<securecookie host="^www\.theiabm\.org$" name=".*"/>
 
+	Mixed content:
 
-	<!--	Cert doesn't match !www.	-->
-	<rule from="^http://(?:www\.)?theiabm\.org/"
-		to="https://www.theiabm.org/"/>
+		- iframe on www from players.brightcove.net
+
+		- Images, on:
+
+			- www from theiabm.innuodesign.co.uk
+			- www from $self ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="The IABM.org">
+
+	<target host="theiabm.org" />
+	<target host="www.theiabm.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.theiabm\.org$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^\.www\.theiabm\.org$" name="^(?:currency|language)$" /-->
+
+	<securecookie host=".\.theiabm\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/IAEA.org.xml b/src/chrome/content/rules/IAEA.org.xml
new file mode 100644
index 000000000000..329b7e3552fe
--- /dev/null
+++ b/src/chrome/content/rules/IAEA.org.xml
@@ -0,0 +1,39 @@
+<!--
+	International Atomic Energy Agency
+
+
+	Nonfunctional hosts in *iaea.org:
+
+		- cra *
+		- www-naweb *
+		- www-ns *
+		- www-pub *
+
+	* Refused
+
+
+	Insecure cookies are set for these domains:
+
+		- .iaea.org
+
+-->
+<ruleset name="IAEA.org (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="iaea.org" />
+	<target host="www.iaea.org" />
+	<target host="www-nds.iaea.org" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.iaea\.org$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.iaea\.org$" name="^(?:__cfduid|cf_clearance)$" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/IANA.xml b/src/chrome/content/rules/IANA.xml
index f47da0374748..8cff45ab68e3 100644
--- a/src/chrome/content/rules/IANA.xml
+++ b/src/chrome/content/rules/IANA.xml
@@ -1,9 +1,12 @@
-<ruleset name="IANA">
-  <target host="iana.org" />
-  <target host="*.iana.org" />
-
-  <rule from="^http://iana\.org/"
-          to="https://www.iana.org/" />
-  <rule from="^http://(data|itar|www)\.iana\.org/"
-          to="https://$1.iana.org/" />
-</ruleset>
\ No newline at end of file
+<ruleset name="IANA.org">
+
+	<target host="iana.org" />
+	<target host="data.iana.org" />
+	<target host="itar.iana.org" />
+	<target host="www.iana.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/IAR.com.xml b/src/chrome/content/rules/IAR.com.xml
index 407c4f402add..f59c0559509d 100644
--- a/src/chrome/content/rules/IAR.com.xml
+++ b/src/chrome/content/rules/IAR.com.xml
@@ -1,19 +1,38 @@
 <!--
-	Problematic subdomains:
+	^iar.com: refused
 
-		- ^	(refused)
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- www.iar.com
+		- .www.iar.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
 <ruleset name="IAR.com">
 
-	<target host="iar.com" />
+	<!--	Direct rewrites:
+				-->
 	<target host="www.iar.com" />
 
+	<!--	Complications:
+				-->
+	<target host="iar.com" />
 
-	<securecookie host="^www\.iar\.com$" name=".+" />
 
+	<!--securecookie host="^www\.iar\.com$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^\.www\.iar\.com$" name="^PreferredLanguage$" /-->
 
-	<rule from="^http://(?:www\.)?iar\.com/"
+	<securecookie host="^\w" name=".+" />
+	<securecookie host="^\.www\." name=".+" />
+
+
+
+	<rule from="^http://iar\.com/"
 		to="https://www.iar.com/" />
 
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/IARU-R1.org.xml b/src/chrome/content/rules/IARU-R1.org.xml
new file mode 100644
index 000000000000..513a50610ee7
--- /dev/null
+++ b/src/chrome/content/rules/IARU-R1.org.xml
@@ -0,0 +1,26 @@
+<ruleset name="IARU-R1.org">
+	<!-- International Amateur Radio Union - Region 1 -->
+
+	<target host="iaru-r1.org" />
+	<target host="www.iaru-r1.org" />
+	<target host="autodiscover.iaru-r1.org" />
+	<target host="codeofconduct.iaru-r1.org" />
+	<target host="www.codeofconduct.iaru-r1.org" />
+	<target host="cpanel.iaru-r1.org" />
+	<target host="hamradio-operating-ethics.iaru-r1.org" />
+	<target host="www.hamradio-operating-ethics.iaru-r1.org" />
+	<target host="iarums.iaru-r1.org" />
+	<target host="www.iarums.iaru-r1.org" />
+	<target host="mail.iaru-r1.org" />
+	<target host="vienna.iaru-r1.org" />
+	<target host="www.vienna.iaru-r1.org" />
+	<target host="webdisk.iaru-r1.org" />
+	<target host="webmail.iaru-r1.org" />
+	<target host="youth.iaru-r1.org" />
+	<target host="www.youth.iaru-r1.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/IAS.edu.xml b/src/chrome/content/rules/IAS.edu.xml
index e427b3672677..fd98b957bd01 100644
--- a/src/chrome/content/rules/IAS.edu.xml
+++ b/src/chrome/content/rules/IAS.edu.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://springdale.math.ias.edu/ => https://springdale.math.ias.edu/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
 	Institute for Advanced Study
 
 
@@ -21,41 +25,54 @@
 	* Works, cert only matches www.foo
 
 
-	Partially covered subdomains:
-
-		- (www.)hs *	(^ → www)
-		- morals *
-		- (www.)sss *	(^ → www)
-
-	* $ redirects to http
-
-
 	Fully covered subdomains:
 
 		- (www.)
 		- (www.)admin	(^ → www)
 		- crossroads
+		- (www.)hs	(^ → www)
 		- (www.)math	(^ → www)
 		- mail.math
+		- morals
 		- pcmi
+		- security
 		- sig
 		- (www.)sns	(^ → www)
+		- (www.)sss	(^ → www)
 
 -->
-<ruleset name="IAS.edu (partial)">
+<ruleset name="IAS.edu (partial)" default_off="failed ruleset test">
+
+	<target host="admin.ias.edu" />
+	<target host="www.admin.ias.edu" />
+	<target host="hs.ias.edu" />
+	<target host="www.hs.ias.edu" />
+	<target host="math.ias.edu" />
+	<target host="www.math.ias.edu" />
+	<target host="sns.ias.edu" />
+	<target host="www.sns.ias.edu" />
+	<target host="sss.ias.edu" />
+	<target host="www.sss.ias.edu" />
+
+	<target host="springdale.math.ias.edu" />
 
 	<target host="ias.edu" />
-	<target host="*.ias.edu" />
-		<exclusion pattern="^http://(?:(?:www\.)?(?:h|ss)|moral)s\.ias\.edu/(?!files/|sites/)" />
+	<target host="crossroads.ias.edu" />
+	<target host="mail.math.ias.edu" />
+	<target host="morals.ias.edu" />
+	<target host="pcmi.ias.edu" />
+	<target host="security.ias.edu" />
+	<target host="sig.ias.edu" />
+	<target host="www.ias.edu" />
 
 
 	<securecookie host="^(?:\.math|\.mail\.math|\.pcmi|sig|\.sns|www)\.ias\.edu$" name=".+" />
 
 
-	<rule from="^http://((?:crossroads|mail\.math|morals|pcmi|sig|www)\.)?ias\.edu/"
-		to="https://$1ias.edu/" />
-
-	<rule from="^http://(?:www\.)?(admin|hs|math|s[ns]s)\.ias\.edu/"
+	<rule from="^http://(admin|hs|math|s[ns]s)\.ias\.edu/"
 		to="https://www.$1.ias.edu/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/IATS_Payments.com.xml b/src/chrome/content/rules/IATS_Payments.com.xml
index 743a43254dd2..049c731b8fe3 100644
--- a/src/chrome/content/rules/IATS_Payments.com.xml
+++ b/src/chrome/content/rules/IATS_Payments.com.xml
@@ -15,7 +15,6 @@
 	<target host="www.iatspayments.com" />
 
 
-	<rule from="^http://(?:www\.)?iatspayments\.com/"
-		to="https://www.iatspayments.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/IA_Japan.org.xml b/src/chrome/content/rules/IA_Japan.org.xml
new file mode 100644
index 000000000000..d080e5ff1654
--- /dev/null
+++ b/src/chrome/content/rules/IA_Japan.org.xml
@@ -0,0 +1,30 @@
+<!--
+	Nonfunctional subdomains:
+
+		- rm *
+
+	* Shows CentOS test page
+
+
+	^iajapan.org doesn't exist.
+
+
+	Mixed content:
+
+		- Ads/bugs from:
+
+			- thinkquest.jp
+			- www.w3.org *
+
+	* Unsecurable
+
+-->
+<ruleset name="IA Japan.org (partial)">
+
+	<target host="www.iajapan.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/IAmplify.xml b/src/chrome/content/rules/IAmplify.xml
index 87cccf672817..8594297f36f8 100644
--- a/src/chrome/content/rules/IAmplify.xml
+++ b/src/chrome/content/rules/IAmplify.xml
@@ -3,7 +3,7 @@
 	<target host="iamplify.com"/>
 	<target host="*.iamplify.com"/>
 
-	<securecookie host="^affiliates?\.iamplify\.com$" name=".*"/>
+	<securecookie host="^affiliates?\.iamplify\.com$" name=".+" />
 
 	<rule from="^http://affiliate(s)?\.iamplify\.com/"
 		to="https://affiliate$1.iamplify.com/"/>
diff --git a/src/chrome/content/rules/IB-IBI.com.xml b/src/chrome/content/rules/IB-IBI.com.xml
new file mode 100644
index 000000000000..2190f2e47f6f
--- /dev/null
+++ b/src/chrome/content/rules/IB-IBI.com.xml
@@ -0,0 +1,36 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://global.ib-ibi.com/ => https://global.ib-ibi.com/: (56, 'SSL read: error:00000000:lib(0):func(0):reason(0), errno 104')
+
+	www.ib-ibi.com: Refused
+
+
+	^ib-ibi.com doesn't exist.
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- global.ib-ibi.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="IB-IBI.com (partial)" default_off="failed ruleset test">
+
+	<target host="global.ib-ibi.com" />
+
+		<test url="http://global.ib-ibi.com/image.sbxx?go=" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^global\.ib-ibi\.com$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/IBM.xml b/src/chrome/content/rules/IBM.xml
index 58feb3873544..7bf2450865b7 100644
--- a/src/chrome/content/rules/IBM.xml
+++ b/src/chrome/content/rules/IBM.xml
@@ -1,92 +1,173 @@
+
 <!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Fetch error: http://www-950.ibm.com/ => https://www-950.ibm.com/: (28, 'Connection timed out after 20001 milliseconds')
+
 	IBM has lots of resources, besides software,
 	also developerworks and redbooks.
 
 
 	Other IBM rulesets:
 
+		- brassring.com.xml
 		- CoreMetrics.xml
-		- Lotus.xml
+		- ibm.biz.xml
+		- Kenexa.xml
+		- Trusteer.com.xml
 
 
 	Nonfunctional domains:
 
-		- sysrun.haifa.il.ibm.com	(refused)
-		- researcher.ibm.com *
+		- in *ibm.com:
+
+			- alme1.almaden	ʳ
+			- www.almaden ʳ
+			- icml2010.haifa.il *
+			- sysrun.haifa.il ʳ
+			- researcher *
+			- researcher.watson *
+			- www.watson *
+
 		- research.ihost.com *
 		- (www.)smartercommerceblog.com		(http reply)
 
 	* Times out
+	ʳ Refused
 
 
-	Problematic domains:
 
-		- stats.www.ibm.com *
-		- www-1.ibm.com *
-		- www-306.ibm.com *
+	Problematic hosts in *ibm.com:
 
-	* Mismatched; CN: redirect.www.ibm.com
+		- www.elink.ibmlink *
+		- research ᵐ
+		- domino.research ᶜ
+		- ftp.software *
+		- domino.watson ᵐ ᶜ
+		- redirect.www ᵐ
+		- researchweb.watson ᵐ
+		- stats.www *
+		- www-05 ᶜ
+		- www-1 *
+		- www-306 *
+		- www-6 *
+		- www-958 *
+		- www.zurich **
 
+	* Mismatched; CN: redirect.www.ibm.com
+	** Some paths differ from http
+	ᵐ Mismatched
+	ᶜ Incomplete certificate chain
 
-	Partially covered doains:
 
-		- www-958.ibm.com	(some paths redirect to http)
+	Insecure cookies are set for these domains and hosts:
 
+		- .ibm.com
+		- developer.ibm.com
+		- idaas.iam.ibm.com
+		- media.ibm.com
+		- portal.sec.ibm.com
+		- www.ibm.com
+		- www-01.ibm.com
+		- www-304.ibm.com
+		- www-947.ibm.com
 
-	Fully covered domains:
 
-		- ibm.com subdomains:
+	Mixed content:
 
-			- www14.software
+		- Images on m, www-01 from www.ibm.com
+		- favicon on www-01 from www.ibm.com
 
 -->
-<ruleset name="IBM" default_off="Support section redirect loops">
+<ruleset name="IBM.com (partial)">
 
-	<target host="dw1.s81c.com" />
-	<target host="1.www.s81c.com" />
-	<target host="ibm.com" />
-	<target host="*.ibm.com" />
-		<exclusion pattern="^http://www-958\.ibm\.com/(?!software/data/cognos/manyeyes/(?:image|stylesheet)s/)" />
-		<exclusion pattern="^http://www\.research\.ibm\.com/(?!$|\?|irl(?:$|\?|/))" />
+	<!--	Direct rewrites:
+				-->
 	<target host="publib.boulder.ibm.com" />
+	<target host="developer.ibm.com" />
+
+	<target host="delivery04.dhe.ibm.com" />
 	<target host="pic.dhe.ibm.com" />
-	<target host="www.redbooks.ibm.com" />
-	<target host="redirect.www.ibm.com" />
+	<target host="public.dhe.ibm.com" />
 
+	<target host="idaas.iam.ibm.com" />
+	<target host="m.ibm.com" />
+	<target host="www.redbooks.ibm.com" />
+	<target host="www.research.ibm.com" />
+	<target host="portal.sec.ibm.com" />
+	<target host="www14.software.ibm.com" />
+	<target host="www3.software.ibm.com" />
+	<target host="www.ibm.com" />
+	<target host="www-01.ibm.com" />
+	<target host="www-03.ibm.com" />
+	<target host="www-304.ibm.com" />
+	<!-- target host="www-950.ibm.com" /-->
+	<target host="www-935.ibm.com" />
+	<target host="www-947.ibm.com" />
+
+	<!--	Complications:
+				-->
+	<target host="ibm.com" />
+	<target host="research.ibm.com" />
+	<target host="researchweb.watson.ibm.com" />
 
-	<securecookie host="^(.*\.)?ibm\.com$" name=".*" />
+		<!--exclusion pattern="^http://www-958\.ibm\.com/(?!software/data/cognos/manyeyes/(?:image|stylesheet)s/)" /-->
 
+		<!--	Differs:
+				-->
+		<!--test url="http://www.zurich.ibm.com/service/commercial_contact.html" /-->
 
-	<rule from="^http://(dw1|1\.www)\.s81c\.com/"
-		to="https://$1.s81c.com/" />
+		<!--	Formerly redirected to http:
+							-->
+		<test url="http://www-947.ibm.com/support/entry/portal/support" />
 
-	<!--	- Redirects to http before en/us/
-		- https://trac.torproject.org/projects/tor/ticket/5686
+		<!--	Mixed image:
 					-->
-	<rule from="^https?://(?:www\.)?ibm.com/($|\?)"
-		to="https://www.ibm.com/us/en/$1" />
+		<!--test url="http://www-01.ibm.com/software/security/trusteer/" /-->
+
+		<!--	Set cookies without Secure:
+							-->
+		<!--test url="http://developer.ibm.com/open/" /-->
+		<!--test url="http://www.ibm.com/account/profile/us?page=reghelpdesk" /-->
+		<!--test url="http://www-01.ibm.com/marketing/iwm/tnd/home.jsp" /-->
+		<!--test url="http://www-947.ibm.com/support/entry/portal/us/en/overview" /-->
+		<!--test url="http://www-947.ibm.com/systems/support/myview/subscription/css.wss/folders?methodName=listMyFolders" /-->
 
-	<!--	!www:
-			- cert: redirect.www.ibm.com
-			- Redirects to www
+
+	<!--	Not secured by server:
 					-->
-	<rule from="^https?://(?:www\.)?ibm\.com/"
-		to="https://www.ibm.com/" />
+	<!--securecookie host="^\.ibm\.com$" name="^(?:IBMIS[PS]|PD-SGNPAGE|PrefID|rlang)$" /-->
+	<!--securecookie host="^developer\.ibm\.com$" name="^wordpress(?:_logged_in|_sec)?[\da-f]{32}$" /-->
+	<!--securecookie host="^idaas\.iam\.ibm\.com$" name="^(?:JSESSIONID$|PD_STATEFUL)" /-->
+	<!--securecookie host="^portal\.sec\.ibm\.com$" name="^JPOOLERD$" /-->
+	<!--securecookie host="^www\.ibm\.com$" name="^(?:IBMID|IBMSessionHandle_\w+|SESSION_\w+_\w+)$" /-->
+	<!--securecookie host="^www-01\.ibm\.com$" name="-SESSIONID$" /-->
+	<!--securecookie host="^www-304\.ibm\.com$" name="^JSESSIONID$" /-->
+	<!--securecookie host="^www-947\.ibm\.com$" name="(?:^IBMID|^IBMSessionHandle_\w+|^PD-H-SESSION-ID|^PD_STATEFUL_[\da-f-]+|JSESSIONID|^SESSION_\w+_\w+)$" /-->
+
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(publib\.boulder|pic\.dhe|www\.re(?:dbooks|search)|www14\.software|redirect\.www|www-(?:0[136]|304|947|95[08]))\.ibm\.com/"
-		to="https://$1.ibm.com/" />
 
-	<rule from="^https?://stats\.www\.ibm\.com/rc/images/uc\.GIF"
-		to="https://www.ibm.com/i/c.gif" />
+	<rule from="^http://(research\.)?ibm\.com/"
+		to="https://www.$1ibm.com/" />
 
-	<rule from="^https?://www-1\.ibm\.com/support/search\.wss"
-		to="https://www.ibm.com/support/search.wss" />
+	<rule from="^http://researchweb\.watson\.ibm\.com/"
+		to="https://www.research.ibm.com/" />
+
+	<!--rule from="^http://stats\.www\.ibm\.com/rc/images/uc\.GIF"
+		to="https://www.ibm.com/i/c.gif" /-->
+
+	<!--rule from="^http://www-1\.ibm\.com/support/search\.wss"
+		to="https://www.ibm.com/support/search.wss" /-->
 
 	<!--	- Redirects as so, sans-https.
 		- Link found at https://buysub.com/
 					-->
-	<rule from="^https?://www-306\.ibm.com/software/webservers/httpservers/support/"
-		to="https://www-947.ibm.com/support/entry/portal/Overview/Software/WebSphere/IBM_HTTP_Server" />
+	<!--rule from="^http://www-306\.ibm\.com/software/webservers/httpservers/support/"
+		to="https://www-947.ibm.com/support/entry/portal/Overview/Software/WebSphere/IBM_HTTP_Server" /-->
 
-</ruleset>
+	<rule from="^http:"
+		to="https:" />
 
+
+</ruleset>
diff --git a/src/chrome/content/rules/IBPhoenix.com.xml b/src/chrome/content/rules/IBPhoenix.com.xml
new file mode 100644
index 000000000000..226088e9b000
--- /dev/null
+++ b/src/chrome/content/rules/IBPhoenix.com.xml
@@ -0,0 +1,26 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ibphoenix.com/ => https://www.ibphoenix.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.ibphoenix.com/ => https://www.ibphoenix.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	^: 503
+
+-->
+<ruleset name="IBPhoenix.com" default_off="failed ruleset test">
+
+	<target host="ibphoenix.com" />
+	<target host="www.ibphoenix.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.ibphoenix\.com$" name="^ibpweb2$" /-->
+
+	<securecookie host="^www\.ibphoenix\.com$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?ibphoenix\.com/"
+		to="https://www.ibphoenix.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/IBTimes.co.uk.xml b/src/chrome/content/rules/IBTimes.co.uk.xml
new file mode 100644
index 000000000000..af9d9905faaa
--- /dev/null
+++ b/src/chrome/content/rules/IBTimes.co.uk.xml
@@ -0,0 +1,21 @@
+<!--
+	For other IBTimes coverage, see International-Business-Times.xml.
+
+	Redirect to http:
+		^(www.)?
+
+	CORS:
+		video.ibtimes.co.uk	( Test on http://www.ibtimes.co.uk/lord-heseltine-theresa-may-may-wrong-brexit-diminishes-uk-world-stage-1614438 )
+-->
+<ruleset name="IBTimes.co.uk">
+	<target host="d.ibtimes.co.uk" />
+	<target host="gc.ibtimes.co.uk" />
+	<target host="g.ibtimes.co.uk" />
+	<target host="sns.ibtimes.co.uk" />
+		<test url="http://d.ibtimes.co.uk/en/full/1379401/baby-orangutans.jpg" />
+		<test url="http://g.ibtimes.co.uk/www/img/home/ibtimes-logo-scroll.png" />
+		<test url="http://gc.ibtimes.co.uk/www/js/jan2016/counter.js" />
+		<test url="http://sns.ibtimes.co.uk/counter/new-event" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/IBario.com.xml b/src/chrome/content/rules/IBario.com.xml
new file mode 100644
index 000000000000..9d7d5444960e
--- /dev/null
+++ b/src/chrome/content/rules/IBario.com.xml
@@ -0,0 +1,22 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ibario.com/ => https://www.ibario.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.ibario.com/ => https://www.ibario.com/: (60, 'SSL certificate problem: certificate has expired')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://ibario.com/ => https://www.ibario.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.ibario.com/ => https://www.ibario.com/: (60, 'SSL certificate problem: certificate has expired')
+	^: refused
+
+-->
+<ruleset name="iBario.com" default_off="failed ruleset test">
+
+	<target host="ibario.com" />
+	<target host="www.ibario.com" />
+
+
+	<rule from="^http://(?:www\.)?ibario\.com/"
+		to="https://www.ibario.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/IBillBoard.com.xml b/src/chrome/content/rules/IBillBoard.com.xml
index cbc1a4a143c6..df1db5acfb23 100644
--- a/src/chrome/content/rules/IBillBoard.com.xml
+++ b/src/chrome/content/rules/IBillBoard.com.xml
@@ -2,23 +2,16 @@
 	Internet BillBoard
 
 
-	Nonfunctional subdomains:
-
-		- (www.)	(dropped)
-
-
-	Fully covered subdomains;
-
-		- bbcdn-bbnaut
-		- bbnaut
+	(www.)?ibillboard.com: Dropped
 
 -->
 <ruleset name="IBillBoard.com (partial)">
 
-	<target host="*.ibillboard.com" />
+	<target host="bbcdn-bbnaut.ibillboard.com" />
+	<target host="bbnaut.ibillboard.com" />
 
 
-	<rule from="^http://(bbcdn-)?bbnaut\.ibillboard\.com/"
-		to="https://$1bbnaut.ibillboard.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/IBsrv.net.xml b/src/chrome/content/rules/IBsrv.net.xml
new file mode 100644
index 000000000000..6d1467cda200
--- /dev/null
+++ b/src/chrome/content/rules/IBsrv.net.xml
@@ -0,0 +1,26 @@
+<!--
+	For other Internet Brands rules, see Internet_Brands.xml
+
+	Invalid certificate:
+		cdc.ibsrv.net
+		mms.ibsrv.net
+
+-->
+<ruleset name="IBsrv.net (partial)">
+
+	<target host="cdc.ibsrv.net" />
+		<test url="http://cdc.ibsrv.net/cdcx/images/tile1.jpg" />
+	<target host="cdcssl.ibsrv.net" />
+		<test url="http://cdcssl.ibsrv.net/cdcx/images/tile1.jpg" />
+	<target host="static.ibsrv.net" />
+		<test url="http://static.ibsrv.net/FordTrucks/PigtailIdentificationKit_1.pdf" />
+	<target host="staticssl.ibsrv.net" />
+		<test url="http://staticssl.ibsrv.net/FordTrucks/PigtailIdentificationKit_1.pdf" />
+
+	<rule from="^http://cdc\.ibsrv\.net/"
+		to="https://cdcssl.ibsrv.net/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ICA.se.xml b/src/chrome/content/rules/ICA.se.xml
index c4f5484da0e3..2e609ec99818 100644
--- a/src/chrome/content/rules/ICA.se.xml
+++ b/src/chrome/content/rules/ICA.se.xml
@@ -1,7 +1,10 @@
 <ruleset name="ICA.se">
-	<target host="www.ica.se" />
 	<target host="ica.se" />
-	<rule from="^http://ica\.se/" to="https://www.ica.se/"/>
-	<rule from="^http://www\.ica\.se/" to="https://www.ica.se/"/>
-</ruleset>
+	<target host="www.ica.se" />
+	<target host="handla.ica.se" />
+	<target host="foto.ica.se" />
 
+	<target host="assets.icanet.se" />
+
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/ICANN-mismatches.xml b/src/chrome/content/rules/ICANN-mismatches.xml
deleted file mode 100644
index 05883cd5dd21..000000000000
--- a/src/chrome/content/rules/ICANN-mismatches.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	For rules that are on by default, see ICANN.xml.
-
--->
-<ruleset name="ICANN (mismatches)" default_off="mismatch">
-
-	<!--	- Cert: *.icann.org
-		- //atlarge. doesn't work
-				-->
-	<target host="www.atlarge.icann.org" />
-
-
-	<securecookie host="^www\.atlarge\.icann\.org$" name=".*" />
-
-
-	<rule from="^http://www\.atlarge\.icann\.org/"
-		to="https://www.atlarge.icann.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/ICANN.org-falsemixed.xml b/src/chrome/content/rules/ICANN.org-falsemixed.xml
new file mode 100644
index 000000000000..37c0a3c71488
--- /dev/null
+++ b/src/chrome/content/rules/ICANN.org-falsemixed.xml
@@ -0,0 +1,13 @@
+<!--
+	For rules not causing false/broken MCB, see ICANN.xml.
+
+-->
+<ruleset name="ICANN.org (false MCB)" platform="mixedcontent">
+
+	<target host="newgtlds.icann.org" />
+	<target host="whois.icann.org" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ICANN.xml b/src/chrome/content/rules/ICANN.xml
index 04637c1e4ab8..19698f5a7da1 100644
--- a/src/chrome/content/rules/ICANN.xml
+++ b/src/chrome/content/rules/ICANN.xml
@@ -1,22 +1,114 @@
 <!--
-	For problematic rules, see ICANN-mismatches.xml.
+	For rules causing false/broken MCB, see ICANN.org-falsemixed.xml.
+
+
+	Problematic subdomains:
+
+		- www.atlarge ¹
+		- nomcom ²
+
+	¹ Cert only matches *.icann.org
+	² Refused
+
+
+	Partially covered subdomains:
+
+		- newgtlds ¹
+		- nomcom ²
+		- whois ¹
+
+	¹ Avoiding broken MCB
+	² \w.* doesn't redirect
+
+
+	Fully covered subdomains:
+
+		- (www.)?
+		- archive
+		- (www.)?aso
+		- (www.)?atlarge	(www → ^)
+		- atlarge-lists
+		- atlas
+		- blog
+		- ccnso
+		- gnso
+		- charts
+		- community
+		- forms
+		- forum
+		- gac
+		- mm.gac
+		- gacweb
+		- gnso
+		- gtldresult
+		- me
+		- meetings
+		- mm
+		- new
+		- prague44
+		- public
+
+
+	These altnames don't exist:
+
+		- lists.aso.icann.org
+
+
+	Mixed content:
+
+		- iframes, on:
+
+			- atlarge from www.google.com *
+			- newgtlds from www.youtube.com *
+
+		- css, on:
+
+			- newgtlds from $self *
+			- whois from $self *
+
+		- Images, on:
+
+			- archive from $self *
+			- atlarge, forum, meetings from www *
+			- ccnso, gnso, meetings, prague44 from $location\d+
+			- meetings from $self *
+			- newgtlds from $self *
+			- whois from $self *
+
+		- favicons, on:
+
+			- gtldresult from www *
+			- newgtlds from $self *
+			- whois from $self *
+
+		- Bug on atlarge from badge.facebook.com *
+
+	* Secured by us
 
 -->
-<ruleset name="ICANN (partial)" platform="mixedcontent">
+<ruleset name="ICANN.org (partial)">
 
 	<target host="icann.org" />
 	<target host="*.icann.org" />
-		<exclusion pattern="^http://(aso|www\.atlarge|nomcom)\." />
+		<exclusion pattern="^http://nomcom\.icann\.org/+(?!$|\?)" />
+		<!--
+			Avoid broken MCB:
+						-->
+		<exclusion pattern="^http://(?:newgtlds|whois)\.icann\.org/+(?!sites/)" />
 
 
-	<securecookie host="(.*\.)?icann\.org$" name=".*" />
+	<securecookie host=".+" name=".+"/>
 
 
-	<rule from="^http://((?:archive|ccnso|charts|community|forum|gacweb|gnso|gtldresult|meetings|mm|newgtlds|prague44|www)\.)?icann\.org/"
-		to="https://$1icann.org/" />
+	<rule from="^http://(?:www\.)?atlarge\.icann\.org/"
+		to="https://atlarge.icann.org/" />
+
+	<!--	Redirect keeps args:
+					-->
+	<rule from="^http://nomcom\.icann\.org/+(?=$|\?)"
+		to="https://www.icann.org/en/groups/nomcom" />
 
-	<!-- home redirects to http	-->
-	<rule from="^http://aso\.icann\.org/wp-content/"
-		to="https://aso.icann.org/wp-content/" />
+	<rule from="^http://((?:archive|(?:www\.)?aso|atlarge-lists|atlas|blog|ccnso|charts|community|forms|forum|gac|mm\.gac|gacweb|gnso|gtldresult|me|meetings|mm|new|newgtlds|prague44|public|whois|www)\.)?icann\.org/"
+		to="https://$1icann.org/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/ICBIT.xml b/src/chrome/content/rules/ICBIT.xml
deleted file mode 100644
index 0bdc6a36a81e..000000000000
--- a/src/chrome/content/rules/ICBIT.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="ICBIT">
-
-	<target host="icbit.se" />
-	<target host="*.icbit.se" />
-
-
-	<securecookie host="^\.icbit\.se$" name=".+" />
-
-
-	<rule from="^http://(www\.)?icbit\.se/"
-		to="https://$1icbit.se/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/ICC-CPI.int.xml b/src/chrome/content/rules/ICC-CPI.int.xml
new file mode 100644
index 000000000000..2fbd2b9cf8f2
--- /dev/null
+++ b/src/chrome/content/rules/ICC-CPI.int.xml
@@ -0,0 +1,22 @@
+<!--
+	^icc-cpi.int: Mismatched
+
+-->
+<ruleset name="ICC-CPI.int">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.icc-cpi.int" />
+
+	<!--	Complications:
+				-->
+	<target host="icc-cpi.int" />
+
+
+	<rule from="^http://icc-cpi\.int/"
+		to="https://www.icc-cpi.int/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ICIJ.xml b/src/chrome/content/rules/ICIJ.xml
new file mode 100644
index 000000000000..dadc96bc998f
--- /dev/null
+++ b/src/chrome/content/rules/ICIJ.xml
@@ -0,0 +1,20 @@
+<ruleset name="ICIJ">
+	<target host="icij.org" />
+	<target host="www.icij.org" />
+	<target host="donate.icij.org" />
+	<target host="linkurious.icij.org" />
+	<target host="offshoreleaks.icij.org" />
+	<target host="panamapapers.icij.org" />
+	<target host="projects.cloud.icij.org" />
+	<target host="projects.icij.org" />
+	<target host="signup.icij.org" />
+	<target host="static-00-www.icij.org" />
+	<target host="static-01-www.icij.org" />
+	<target host="static-02-www.icij.org" />
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ICIMS.com.xml b/src/chrome/content/rules/ICIMS.com.xml
new file mode 100644
index 000000000000..56a198c8fbe4
--- /dev/null
+++ b/src/chrome/content/rules/ICIMS.com.xml
@@ -0,0 +1,57 @@
+<!--
+	Fully covered subdomains:
+
+		- icims.com
+
+		- [\w.-]+.icims.com:
+
+			- (www.)
+			- care
+			- careers
+			- cdn[19]
+			- cdn0[1379]
+			- help
+			- *.i ¹
+			- images
+			- www2	(→ ^ & go.pardot.com)
+			- * ¹
+
+	¹ Per-client domains
+
+
+	Insecure cookies are set for these domains:
+
+		- cdn0[139].icims.com
+		- images.icims.com
+
+
+	Mixed content:
+
+		- css on www from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="ICIMS.com">
+
+	<target host="icims.com" />
+	<target host="*.icims.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(cdn0[139]|images)\.icims\.com$" name="^ASPSESSIONID[A-Z]{8}$" /-->
+
+	<securecookie host="^(?:cdn0\d|images)?\.icims\.com$" name=".+" />
+
+
+	<rule from="^http://www2\.icims\.com/+(?:$|\?.*)"
+		to="https://www.icims.com/" />
+
+	<rule from="^http://www2\.icims\.com/"
+		to="https://go.pardot.com/" />
+
+	<rule from="^http://([\w.-]+\.)?icims\.com/"
+		to="https://$1icims.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ICLN.org.xml b/src/chrome/content/rules/ICLN.org.xml
index 803135f1eb26..57775d13b7e0 100644
--- a/src/chrome/content/rules/ICLN.org.xml
+++ b/src/chrome/content/rules/ICLN.org.xml
@@ -1,13 +1,12 @@
 <ruleset name="ICLN.org">
 
 	<target host="icln.org" />
-	<target host="*.icln.org" />
+	<target host="www.icln.org" />
 
 
 	<securecookie host="^(?:www)?\.icln\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?icln\.org/"
-		to="https://$1icln.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ICMail.xml b/src/chrome/content/rules/ICMail.xml
deleted file mode 100644
index f1aecaf640bc..000000000000
--- a/src/chrome/content/rules/ICMail.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="ICMail">
-  <target host="icmail.com" />
-  <target host="www.icmail.com" />
-
-  <rule from="^http://(?:www\.)?icmail\.net/" to="https://icmail.net/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/ICO.org.uk.xml b/src/chrome/content/rules/ICO.org.uk.xml
new file mode 100644
index 000000000000..d28b86eca2a2
--- /dev/null
+++ b/src/chrome/content/rules/ICO.org.uk.xml
@@ -0,0 +1,17 @@
+<!--
+	Information Commissioners Office
+
+	For other UK government coverage, see GOV.UK.xml.
+
+-->
+<ruleset name="ICO.org.uk">
+
+	<target host="ico.org.uk" />
+	<target host="search.ico.org.uk" />
+	<target host="www.ico.org.uk" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ICPDR.org.xml b/src/chrome/content/rules/ICPDR.org.xml
new file mode 100644
index 000000000000..53a35ada0826
--- /dev/null
+++ b/src/chrome/content/rules/ICPDR.org.xml
@@ -0,0 +1,15 @@
+<!--
+	Invalid certificate:
+		- icpdr.org, equivalent to www.icpdr.org
+-->
+
+<ruleset name="ICPDR.org">
+	<target host="icpdr.org" />
+	<target host="www.icpdr.org" />
+	<target host="danubis.icpdr.org" />
+
+	<rule from="^http://icpdr\.org/"
+		to="https://www.icpdr.org/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ICPEN.xml b/src/chrome/content/rules/ICPEN.xml
index b5ac01af48c0..34364549441f 100644
--- a/src/chrome/content/rules/ICPEN.xml
+++ b/src/chrome/content/rules/ICPEN.xml
@@ -1,8 +1,13 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://icpen.org/ => https://icpen.org/: Too many redirects while fetching 'https://icpen.org/'
+Fetch error: http://www.icpen.org/ => https://icpen.org/: Too many redirects while fetching 'https://icpen.org/'
+
 	Cert only matches ^icpen.org
 
 -->
-<ruleset name="ICPEN">
+<ruleset name="ICPEN" default_off="failed ruleset test">
 
 	<target host="icpen.org" />
 	<target host="www.icpen.org" />
@@ -11,7 +16,7 @@
 	<securecookie host="^icpen\.org$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?icpen\.org/"
+	<rule from="^http://(?:www\.)?icpen\.org/"
 		to="https://icpen.org/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ICQ.com.xml b/src/chrome/content/rules/ICQ.com.xml
index f3e14c9ab456..4f4830e6dcaa 100644
--- a/src/chrome/content/rules/ICQ.com.xml
+++ b/src/chrome/content/rules/ICQ.com.xml
@@ -1,63 +1,53 @@
 <!--
-	Problematic subdomains:
+	For other Mail.ru coverage, see Mail.ru.xml.
 
-		- chat *
-		- company *
-		- downloads *
-		- games *
-		- greetings *
-		- people *
 
-	* (mismached, CN: WWW.ICQ.COM)
+	Insecure cookies are set for these domains and hosts:
 
+		- .icq.com
+		- chat.icq.com
 
-	Partially covered subdomains:
 
-		- chat *
-		- company *
-		- downloads *
-		- games *
-		- greetings *
-		- people *
+	Mixed content:
 
-	* → www
+		- css on download from fonts.googleapis.com *
 
+		- Images, on:
 
-	Fully covered subdomains:
+			- c, chat, download from c.icq.com *
+			- people from $self *
+
+	* Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
-		- (www.)
-		- c
-		- wlogin
-		- xtraz
 -->
 <ruleset name="ICQ.com">
 
 	<target host="icq.com" />
-	<target host="*.icq.com" />
-		<exclusion pattern="^http://chat\.icq\.com/(?!$|\?|icqchat(?:$|\?|/)|img/|js/)" />
-		<exclusion pattern="^http://company\.icq\.com/(?!$|\?|info(?:$|\?|/))" />
-		<exclusion pattern="^http://downloads\.icq\.com/(?!$|\?|assets/|cached/|downloads(?:$|\?|/))" />
-		<exclusion pattern="^http://games\.icq\.com/(?!$|\?|games(?:$|\?|/))" />
-		<exclusion pattern="^http://greetings\.icq\.com/(?!$|\?|greetings(?:$\?|/))" />
-		<exclusion pattern="^http://people\.icq\.com/(?!$|\?|people(?:$|\?|/))" />
-
-
-	<securecookie host="^(?:www)?\.icq\.com$" name=".+" />
-
-
-	<rule from="^http://chat\.icq\.com/(\?.*)?$"
-		to="https://www.icq.com/icqchat/$1" />
-
-	<rule from="^http://company\.icq\.com/(\?.*)?$"
-		to="https://www.icq.com/info/$1" />
-
-	<rule from="^http://download\.icq\.com/(\?.*)?$"
-		to="https://www.icq.com/download/icq/$1" />
-
-	<rule from="^http://(games|greetings|people)\.icq\.com/(\?.*)$"
-		to="https://www.icq.com/$1/$2" />
-
-	<rule from="^http://((?:c|chat|greetings|people|wlogin|www|xtraz)\.)?icq\.com/"
-		to="https://$1icq.com/" />
-
-</ruleset>
\ No newline at end of file
+	<target host="c.icq.com" />
+	<target host="chat.icq.com" />
+	<target host="company.icq.com" />
+	<target host="download.icq.com" />
+	<target host="exe.icq.com" />
+	<target host="games.icq.com" />
+	<target host="greetings.icq.com" />
+	<target host="people.icq.com" />
+	<target host="status.icq.com" />
+	<target host="web.icq.com" />
+	<target host="wlogin.icq.com" />
+	<target host="wwp.icq.com" />
+	<target host="www.icq.com" />
+	<target host="xtraz.icq.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.icq\.com$" name="^(geo|icq_lang|icq_ln_personal|icq_tracking)$" /-->
+	<!--securecookie host="^chat\.icq\.com$" name="^icq_lang$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ICRAA.org.xml b/src/chrome/content/rules/ICRAA.org.xml
new file mode 100644
index 000000000000..a4f6f12ef0ec
--- /dev/null
+++ b/src/chrome/content/rules/ICRAA.org.xml
@@ -0,0 +1,14 @@
+<!--
+	Secure Connection Failed:
+		fr.icraa.org
+		tr.icraa.org
+		ur.icraa.org
+-->
+<ruleset name="ICRAA.org">
+	<target host="icraa.org" />
+	<target host="www.icraa.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ICTRecht.xml b/src/chrome/content/rules/ICTRecht.xml
index 960dabeaadf9..412f10a4a6c7 100644
--- a/src/chrome/content/rules/ICTRecht.xml
+++ b/src/chrome/content/rules/ICTRecht.xml
@@ -4,7 +4,6 @@
 	<target host="www.ictrecht.nl" />
 
 
-	<rule from="^http://(www\.)?ictrecht\.nl/"
-		to="https://$1ictrecht.nl/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ICTU.nl.xml b/src/chrome/content/rules/ICTU.nl.xml
new file mode 100644
index 000000000000..ad0da56cae3e
--- /dev/null
+++ b/src/chrome/content/rules/ICTU.nl.xml
@@ -0,0 +1,37 @@
+<!--
+	Problematic hosts in *ictu.nl:
+
+		- ^ *
+		- pulse *
+
+	* Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- pulse.ictu.nl
+
+-->
+<ruleset name="ICTU.nl (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.ictu.nl" />
+
+	<!--	Complications:
+				-->
+	<target host="ictu.nl" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^pulse\.ictu.nl$" name="^PHPSESSID$" /-->
+
+
+	<rule from="^http://ictu\.nl/"
+		to="https://www.ictu.nl/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ICUK.xml b/src/chrome/content/rules/ICUK.xml
index ac918e24f46f..b293725b1dd4 100644
--- a/src/chrome/content/rules/ICUK.xml
+++ b/src/chrome/content/rules/ICUK.xml
@@ -3,7 +3,6 @@
   <target host="icukhosting.co.uk" />
   <target host="www.icukhosting.co.uk" />
 
-  <rule from="^http://(www\.)?icukhosting\.co\.uk/"
-          to="https://www.icukhosting.co.uk/" />
+  <rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/ICanLocalize.com.xml b/src/chrome/content/rules/ICanLocalize.com.xml
new file mode 100644
index 000000000000..cd0e92dfafb9
--- /dev/null
+++ b/src/chrome/content/rules/ICanLocalize.com.xml
@@ -0,0 +1,34 @@
+<!--
+	^icanlocalize.com: Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.icanlocalize.com
+
+-->
+<ruleset name="ICanLocalize.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.icanlocalize.com" />
+
+	<!--	Complications:
+				-->
+	<target host="icanlocalize.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.icanlocalize\.com$" name="^_icl_current_language$" /-->
+
+	<securecookie host="^www\.icanlocalize\.com$" name=".+" />
+
+
+	<rule from="^http://icanlocalize\.com/"
+		to="https://www.icanlocalize.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ICharts.xml b/src/chrome/content/rules/ICharts.xml
deleted file mode 100644
index 95c482a5e91b..000000000000
--- a/src/chrome/content/rules/ICharts.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="iCharts (partial)">
-
-	<target host="accounts.icharts.net" />
-
-
-	<rule from="^http://accounts\.icharts\.net/"
-		to="https://accounts.icharts.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/IClick_Interactive.xml b/src/chrome/content/rules/IClick_Interactive.xml
index 1c9366641765..1c9abd78381a 100644
--- a/src/chrome/content/rules/IClick_Interactive.xml
+++ b/src/chrome/content/rules/IClick_Interactive.xml
@@ -6,14 +6,11 @@
 -->
 <ruleset name="iClick Interactive (partial)">
 
-	<target host="*.optimix.asia" />
+	<target host="e02.optimix.asia" />
 
-
-	<securecookie host="^\.optimix\.asia$" name="^opxPID$" />
 	<securecookie host="^e02\.optimix\.asia$" name=".+" />
 
 
-	<rule from="^http://e02\.optimix\.asia/"
-		to="https://e02.optimix.asia/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ICommons-mismatches.xml b/src/chrome/content/rules/ICommons-mismatches.xml
index b7be10c9d35e..5cffafc411c1 100644
--- a/src/chrome/content/rules/ICommons-mismatches.xml
+++ b/src/chrome/content/rules/ICommons-mismatches.xml
@@ -2,17 +2,17 @@
 	For rules that are on by default, see iCommons-mismatches.xml.
 
 -->
-<ruleset name="iCommons (mismatches)" default_off="mismatch">
+<ruleset name="iCommons (mismatches)" default_off="mismatched">
 
 	<!--	Cert: *.gridserver.com	-->
 	<target host="archive.icommons.org" />
 	<target host="www.archive.icommons.org" />
 
 
-	<securecookie host="^archive\.icommons\.org$" name=".*" />
+	<securecookie host="^archive\.icommons\.org$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?archive\.icommons\.org/"
+	<rule from="^http://(?:www\.)?archive\.icommons\.org/"
 		to="https://archive.icommons.org/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/ICommons.xml b/src/chrome/content/rules/ICommons.xml
index 005f17c66d08..b815dabc4e9b 100644
--- a/src/chrome/content/rules/ICommons.xml
+++ b/src/chrome/content/rules/ICommons.xml
@@ -10,7 +10,7 @@
 
 
 	<!--	At least some pages redirect improperly.	-->
-	<rule from="^https?://(?:www\.)?icommons\.org/wp-content/"
+	<rule from="^http://(?:www\.)?icommons\.org/wp-content/"
 		to="https://s69107.gridserver.com/wp-content/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/ICommunity.fr.xml b/src/chrome/content/rules/ICommunity.fr.xml
index 97f0adedaa1a..f7ab5a3763e6 100644
--- a/src/chrome/content/rules/ICommunity.fr.xml
+++ b/src/chrome/content/rules/ICommunity.fr.xml
@@ -1,13 +1,20 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.icommunity.fr/ => https://www.icommunity.fr/: (7, 'Failed to connect to www.icommunity.fr port 443: Connection refused')
+
+	For other Inria coverage, see Inria.fr.xml.
+
+
 	^icommunity.fr doesn't exist.
 
 -->
-<ruleset name="iCommunity.fr">
+<ruleset name="iCommunity.fr" default_off="failed ruleset test">
 
 	<target host="www.icommunity.fr" />
 
 
-	<rule from="^http://www\.icommunity\.fr/"
-		to="https://www.icommunity.fr/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/ICracked.com.xml b/src/chrome/content/rules/ICracked.com.xml
new file mode 100644
index 000000000000..3b1fb574b4a3
--- /dev/null
+++ b/src/chrome/content/rules/ICracked.com.xml
@@ -0,0 +1,44 @@
+<!--
+	Nonfunctional subdomains:
+
+		- blog ¹
+		- support ²
+
+	¹ "521"
+	² Zendesk
+
+
+	Problematic subdomains:
+
+		- info *
+
+	* HubSpot
+
+
+	Fully covered subdomains:
+
+		- (www.)?
+		- shop
+
+
+	Mixed content:
+
+		- Font on info from cdn2.hubspot.net *
+		- Images on info from cdn2.hubspot.net *
+
+	* Secured by us
+
+-->
+<ruleset name="iCracked.com (partial)">
+
+	<target host="icracked.com" />
+	<target host="shop.icracked.com" />
+	<target host="www.icracked.com" />
+
+
+	<securecookie host="^\.icracked\.com$" name="^__cfduid$" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/IDC.xml b/src/chrome/content/rules/IDC.xml
index a440f8c85110..ca16b290f5fc 100644
--- a/src/chrome/content/rules/IDC.xml
+++ b/src/chrome/content/rules/IDC.xml
@@ -4,20 +4,30 @@
 		- ^	(cert only matches www)
 		- cdn	(works, akamai)
 
+
+	Mixed content:
+
+		- Images on www from cdn *
+
+		- Bugs on www from accounts.icharts.net *
+
+	* Secured by us
+
 -->
 <ruleset name="IDC">
 
 	<target host="idc.com" />
-	<target host="*.idc.com" />
+	<target host="cdn.idc.com" />
+	<target host="www.idc.com" />
+	<target host="cas.idc.com" />
 
 
 	<securecookie host="^.+\.idc\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:cdn\.|www\.)?idc\.com/"
+	<rule from="^http://(?:cdn\.|www\.)?idc\.com/"
 		to="https://www.idc.com/" />
 
-	<rule from="^http://cas\.idc\.com/"
-		to="https://cas.idc.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/IDG.com.au.xml b/src/chrome/content/rules/IDG.com.au.xml
index 16b81f0eeaa0..a3004019f697 100644
--- a/src/chrome/content/rules/IDG.com.au.xml
+++ b/src/chrome/content/rules/IDG.com.au.xml
@@ -1,4 +1,6 @@
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://computerworld.com.au/ => https://computerworld.com.au/: (51, "SSL: no alternative certificate subject name matches target host name 'computerworld.com.au'")
 	For other IDG coverage, see IDG.se.xml.
 
 
@@ -21,23 +23,21 @@
 <ruleset name="IDG.com.au" platform="mixedcontent">
 
 	<target host="computerworld.com.au" />
-	<target host="*.computerworld.com.au" />
-	<target host="*.idg.com.au" />
+	<target host="www.computerworld.com.au" />
+	<target host="demo.idg.com.au" />
+	<target host="cdn.idg.com.au" />
 
 
-	<securecookie host="^(www)?\.computerworld\.com\.au$" name=".*" />
+	<securecookie host="^(?:www)?\.computerworld\.com\.au$" name=".+" />
 
 
-	<rule from="^http://(www\.)?computerworld\.com\.au/"
-		to="https://$1computerworld.com.au/" />
 
 	<!--	Protocol-relative link from www.computerworld.com.au:
 							-->
-	<rule from="^https?://demo\.idg\.com\.au/"
-		to="https://d1i47h7pyjy1h0.cloudfront.net/" />
 
 	<rule from="^http://cdn\.idg\.com\.au/"
 		to="https://dfwp37e65law8.cloudfront.net/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
 
diff --git a/src/chrome/content/rules/IDG.se.xml b/src/chrome/content/rules/IDG.se.xml
index 56d48b7740e0..b7a1a75c931d 100644
--- a/src/chrome/content/rules/IDG.se.xml
+++ b/src/chrome/content/rules/IDG.se.xml
@@ -1,6 +1,30 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://capdesign.idg.se/ => https://capdesign.idg.se/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://idgkonto.idg.se/ => https://idgkonto.idg.se/: (6, 'Could not resolve host: idgkonto.idg.se')
+Fetch error: http://it24tjanster.idg.se/ => https://it24tjanster.idg.se/: (6, 'Could not resolve host: it24tjanster.idg.se')
+Fetch error: http://mittidg.idg.se/ => https://mittidg.idg.se/: (6, 'Could not resolve host: mittidg.idg.se')
+Fetch error: http://prenumeration.idg.se/ => https://prenumeration.idg.se/: (28, 'Connection timed out after 20010 milliseconds')
+Fetch error: http://shop.idg.se/ => https://shop.idg.se/: (6, 'Could not resolve host: shop.idg.se')
+Fetch error: http://tjanster.idg.se/ => https://tjanster.idg.se/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://upphandling24.idg.se/ => https://upphandling24.idg.se/: (28, 'Connection timed out after 20001 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://cs.idg.se/ (200) => https://cs.idg.se/ (404)
+Fetch error: http://csjobb.idg.se/ => https://csjobb.idg.se/: (51, "SSL: no alternative certificate subject name matches target host name 'csjobb.idg.se'")
+Fetch error: http://idgkonto.idg.se/ => https://idgkonto.idg.se/: (7, 'Failed to connect to idgkonto.idg.se port 443: No route to host')
+Non-2xx HTTP code: http://idgmedia.idg.se/ (200) => https://idgmedia.idg.se/ (404)
+Fetch error: http://it24tjanster.idg.se/ => https://it24tjanster.idg.se/: (7, 'Failed to connect to it24tjanster.idg.se port 443: No route to host')
+Fetch error: http://mittidg.idg.se/ => https://mittidg.idg.se/: (6, 'Could not resolve host: mittidg.idg.se')
+Fetch error: http://prenumeration.idg.se/ => https://prenumeration.idg.se/: (7, 'Failed to connect to prenumeration.idg.se port 443: No route to host')
+Non-2xx HTTP code: http://sakerhet.idg.se/ (200) => https://sakerhet.idg.se/ (404)
+Fetch error: http://shop.idg.se/ => https://shop.idg.se/: (7, 'Failed to connect to shop.idg.se port 443: No route to host')
+Fetch error: http://tjanster.idg.se/ => https://tjanster.idg.se/: (7, 'Failed to connect to tjanster.idg.se port 443: No route to host')
+Non-2xx HTTP code: http://upphandling24.idg.se/ (200) => https://upphandling24.idg.se/ (404)
 	Other IDG rulesets:
 
+		- CIO.com.xml
 		- CIO.com.au.xml
 		- ComputerWorld.xml
 		- DEMO.xml
@@ -39,7 +63,7 @@
 	* Times out
 
 -->
-<ruleset name="IDG.se (partial)" platform="mixedcontent">
+<ruleset name="IDG.se (partial)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="idg.se" />
 	<target host="androidguiden.idg.se" />
@@ -50,7 +74,7 @@
 	<target host="cs.idg.se" />
 	<target host="csjobb.idg.se" />
 	<target host="extreme.idg.se" />
-		<exclusion pattern="^http://(www\.)?extreme\.idg\.se/$" />
+		<exclusion pattern="^http://(?:www\.)?extreme\.idg\.se/$" />
 	<target host="idgkonto.idg.se" />
 	<target host="idgmedia.idg.se" />
 	<target host="it24.idg.se" />
@@ -67,7 +91,7 @@
 	<target host="smartaremobil.idg.se" />
 	<target host="techworld.idg.se" />
 	<target host="tjanster.idg.se" />
-		<exclusion pattern="^http://(www\.)?tjanster\.idg\.se/(dilbertimage|j|whitepaper)s/" />
+		<exclusion pattern="^http://(?:www\.)?tjanster\.idg\.se/(?:dilbertimage|j|whitepaper)s/" />
 	<target host="upphandling24.idg.se" />
 	<target host="vendorsvoice.idg.se" />
 	<target host="www.idg.se" />
diff --git a/src/chrome/content/rules/IDNet.xml b/src/chrome/content/rules/IDNet.xml
index c8fa29b6094c..3dd758b45478 100644
--- a/src/chrome/content/rules/IDNet.xml
+++ b/src/chrome/content/rules/IDNet.xml
@@ -3,7 +3,6 @@
   <target host="idnet.net" />
   <target host="www.idnet.net" />
 
-  <rule from="^http://(www\.)?idnet\.net/"
-          to="https://www.idnet.net/" />
+  <rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/IDRIX.fr-problematic.xml b/src/chrome/content/rules/IDRIX.fr-problematic.xml
deleted file mode 100644
index 0ae6a6ab12d2..000000000000
--- a/src/chrome/content/rules/IDRIX.fr-problematic.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	For rules that are on by default, see IDRIX.fr.xml.
-
--->
-<ruleset name="IDRIX.fr (false MCB, mismatched)" default_off="mismatched" platform="mixedcontent">
-
-	<target host="idrix.fr" />
-	<target host="www.idrix.fr" />
-
-
-	<securecookie host="^idrix\.fr$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?idrix\.fr/"
-		to="https://idrix.fr/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/IDRIX.fr.xml b/src/chrome/content/rules/IDRIX.fr.xml
index 6adad402b032..d7d324fceeba 100644
--- a/src/chrome/content/rules/IDRIX.fr.xml
+++ b/src/chrome/content/rules/IDRIX.fr.xml
@@ -1,37 +1,30 @@
 <!--
-	For problematic rules, see IDRIX.fr-problematic.xml.
-
-
-	Problematic subdomains:
-
-		- (www.)	(works; mismatched, CN: ssl3.ovh.net)
-
-
-	Observed cookie domains:
-
-		- ^
-		- prod
-		- www
+	2017/06/11: STS includeSubDomains header.
 
+	No working url known:
+		cloud.idrix.fr
+		amcrypto.org.idrix.fr
+		www.amcrypto.org.idrix.fr
 
 	Mixed content:
+		idrassi.idrix.fr
+		www.idrassi.idrix.fr
 
-		- css on ^ from www *
-
-		- Images on ^ from www *
-
-	* Secured by us
+	Invalid certificate:
+		prod.idrix.fr
 
 -->
-<ruleset name="IDRIX.fr (partial)">
-
-	<target host="prod.idrix.fr" />
-
+<ruleset name="IDRIX.fr">
 
-	<securecookie host="^prod\.idrix\.fr$" name=".+" />
+	<target host="idrix.fr" />
+	<target host="www.idrix.fr" />
+	<target host="ext.idrix.fr" />
+	<target host="idrix.info.idrix.fr" />
+	<target host="www.idrix.info.idrix.fr" />
+	<target host="office.idrix.fr" />
 
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://prod\.idrix\.fr(:8443)?/"
-		to="https://prod.idrix.fr$1/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/IDR_Solutions.com.xml b/src/chrome/content/rules/IDR_Solutions.com.xml
new file mode 100644
index 000000000000..957f6f17822a
--- /dev/null
+++ b/src/chrome/content/rules/IDR_Solutions.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="IDR Solutions.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="idrsolutions.com" />
+	<target host="www.idrsolutions.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/IDStronghold.com.xml b/src/chrome/content/rules/IDStronghold.com.xml
new file mode 100644
index 000000000000..e17a04fd5137
--- /dev/null
+++ b/src/chrome/content/rules/IDStronghold.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="Identity Stronghold">
+
+	<target host="idstronghold.com" />
+	<target host="www.idstronghold.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/IDownloadBlog.xml b/src/chrome/content/rules/IDownloadBlog.xml
index f6b26fd964f9..15cd46c1c5e3 100644
--- a/src/chrome/content/rules/IDownloadBlog.xml
+++ b/src/chrome/content/rules/IDownloadBlog.xml
@@ -1,18 +1,8 @@
-<!--
-	CDN buckets:
-
-		- idownloadblog.plssl.com
-
--->
 <ruleset name="iDownloadBlog (partial)">
 
 	<target host="media.idownloadblog.com" />
 
+	<rule from="^http:"
+		to="https:" />
 
-	<!--	- Pages 404 as-is
-		- Pages 302 back from plssl
-						-->
-	<rule from="^https?://media\.idownloadblog\.com/"
-		to="https://idownloadblog.plssl.com/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/IED-Industrieanlagen-und-Engineering.xml b/src/chrome/content/rules/IED-Industrieanlagen-und-Engineering.xml
index e31b41b1aa6c..7fa5e04391f5 100644
--- a/src/chrome/content/rules/IED-Industrieanlagen-und-Engineering.xml
+++ b/src/chrome/content/rules/IED-Industrieanlagen-und-Engineering.xml
@@ -1,11 +1,11 @@
-<ruleset name="IED Industrieanlagen und Engineering" default_off="self-signed">
+<ruleset name="IED Industrieanlagen und Engineering">
 
-	<target host="iedgmbh.de"/>
-	<target host="www.iedgmbh.de"/>
+	<target host="iedgmbh.de" />
+	<target host="www.iedgmbh.de" />
 
-	<securecookie host="^iedgmbh\.de$" name=".*"/>
+	<securecookie host="^iedgmbh\.de$" name=".+" />
 
-	<rule from="^http://(?:www\.)?iedgmbh\.de/"
-		to="https://iedgmbh.de/"/>
+	<rule from="^http:"
+		to="https:"/>
 
 </ruleset>
diff --git a/src/chrome/content/rules/IEEE-Security.org.xml b/src/chrome/content/rules/IEEE-Security.org.xml
new file mode 100644
index 000000000000..39ac21b06ec8
--- /dev/null
+++ b/src/chrome/content/rules/IEEE-Security.org.xml
@@ -0,0 +1,11 @@
+<!--
+	For other IEEE coverage, see IEEE.xml
+-->
+<ruleset name="IEEE-Security.org">
+	<target host="ieee-security.org" />
+	<target host="www.ieee-security.org" />
+	<target host="secdev.ieee-security.org" />
+	<target host="wiki.ieee-security.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/IEEE-mismatches.xml b/src/chrome/content/rules/IEEE-mismatches.xml
index b4ffa97307db..1605801f0e48 100644
--- a/src/chrome/content/rules/IEEE-mismatches.xml
+++ b/src/chrome/content/rules/IEEE-mismatches.xml
@@ -1,14 +1,11 @@
 <!--
 	For rules that are on by default, see IEEE.xml.
-
 -->
-<ruleset name="IEEE (mismatches)" default_off="mismatch, self-signed" platform="mixedcontent">
+<ruleset name="IEEE.org (problematic)" default_off="mismatched" platform="mixedcontent">
 
-	<target host="grouper.ieee.org" />
 	<target host="jobs.ieee.org" />
 
+	<rule from="^http:"
+		to="https:" />
 
-	<rule from="^http://(grouper|jobs)\.ieee\.org/"
-		to="https://$1.ieee.org/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/IEEE.org-falsemixed.xml b/src/chrome/content/rules/IEEE.org-falsemixed.xml
new file mode 100644
index 000000000000..5fb1d3c2a968
--- /dev/null
+++ b/src/chrome/content/rules/IEEE.org-falsemixed.xml
@@ -0,0 +1,20 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ieeexplore.ieee.org/ => https://ieeexplore.ieee.org/: Too many redirects while fetching 'https://ieeexplore.ieee.org/'
+
+	For rules not causing false/broken MCB, see IEEE.xml.
+
+-->
+<ruleset name="IEEE.org (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
+
+	<target host="ieeexplore.ieee.org" />
+
+
+	<securecookie host="^ieeexplore\.ieee\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/IEEE.xml b/src/chrome/content/rules/IEEE.xml
index 3013bd3d2d95..5bd1a9811708 100644
--- a/src/chrome/content/rules/IEEE.xml
+++ b/src/chrome/content/rules/IEEE.xml
@@ -1,64 +1,97 @@
 <!--
-	For problematic rules, see IEEE-mismatches.xml.
+	Disabled per https://trac.torproject.org/projects/tor/ticket/15653
+	For rules causing false/broken MCB, see IEEE.org-falsemixed.xml.
 
+	For problematic rules, see IEEE-mismatches.xml.
+	For ieee-security.org rules see IEEE-Security.org.xml
 
 	Other IEEE rulesets:
 
 		- IEEE_eLearning_Library.xml
 
 
-	Nonfunctional subdomains:
+	CDN buckets:
 
-		- spectrum	(Akamai; 503)
+		- www.spectrum.ieee.org.edgesuite.net
+		- staticieeexplore.ieee.org.edgesuite.net
 
 
-	Problematic subdomains:
+	Nonfunctional subdomains:
 
-		- www.ewh	(cert only matches ^ewh)
-		- grouper	(self-signed)
-		- jobs		(mismatched, CN: sitemanager2.adico.com)
+		- careers ¹
+		- grouper ¹
+		- lifesciences	Shows ewh.ieee.org
+		- oc ²
+		- sites ²
+		- smartgrid ¹
+		- spectrum ³
+		- theinstitute ⁴
+		- uce ²
 
+	¹ Refused
+	² Dropped
+	³ 503, akamai
 
-	Partially covered subdomains:
 
-		- eleccomm	(homepage 403s)
+	Problematic subdomains:
 
--->
-<ruleset name="IEEE (partial)">
+		- innovate ³
+		- jobs		(mismatched, CN: sitemanager2.adico.com)
+		- listserv *
+		- www.spectrum ⁴
+		- staticieeexplore ⁴
 
-	<target host="ieee.org" />
-	<target host="*.ieee.org" />
-		<exclusion pattern="^http://eleccomm\.ieee\.org/(?:aliase|cs|image)s/" />
+	¹ Configured for rc4 only
+	² Timeout
+	³ Mixed css
+	* Server sends no certificate chain, see https://whatsmychaincert.com
+	⁴ Works, akamai
 
+	Mixed content:
 
-	<!--	Observed cookie subdomains:
+		- css, on:
 
-			- ^.
-			- ^origin.www
-			- ^www
-				-->
-	<securecookie host="^.*\.ieee\.org$" name=".+" />
+			- innovate from $self
+			- ieeexplore from staticieeexplore *
 
+		- Images, on:
 
-	<!--	404s over https, redirects like so over http.
+			- ieeexplore from staticieeexplore *
+			- innovate from $self
+			- standards from $self *
 
-		https://trac.torproject.org/projects/tor/ticket/6893
-									-->
-	<rule from="^https?://(?:www\.)?ieee\.org/go/renew/?$"
-		to="https://www.ieee.org/membership-application/public/renew.html" />
+	* Secured by us
 
-	<rule from="^https?://(?:www\.)?ieee\.org/go/shop/?$"
-		to="https://www.ieee.org/membership-catalog/index.html" />
+-->
+<ruleset name="IEEE.org (needs testing)" default_off="needs testing">
+
+	<target host="ieee.org" />
+	<target host="www.ieee.org" />
+	<target host="ewh.ieee.org" />
+	<target host="www.ewh.ieee.org" />
+	<!--target host="listserv.ieee.org" /-->
+	<target host="mentor.ieee.org" />
+	<target host="securesso.ieee.org" />
+	<target host="services28.ieee.org" />
+	<target host="standards.ieee.org" />
+	<target host="development.standards.ieee.org" />
+	<target host="origin.www.ieee.org" />
+
+	<!--	Complications:
+				-->
+	<target host="ieeexplore.ieee.org" />
 
-	<!--	!www presents cert for origin.www.
-							-->
-	<rule from="^http://(?:www\.)?ieee\.org/"
-		to="https://www.ieee.org/" />
+		<!--	Avoid broken MCB:
+						-->
+		<exclusion pattern="^http://ieeexplore\.ieee\.org/+(?!assets/|favicon\.ico|xpl/statse\.webtrendslive\.com/)" />
 
-	<rule from="^http://(eleccomm|ieeexplore|mentor|securesso|standards|uce|origin\.www)\.ieee\.org/"
-		to="https://$1.ieee.org/" />
+			<test url="http://ieeexplore.ieee.org/Xplore/accessinfo.jsp" />
+			<test url="http://ieeexplore.ieee.org/xpl/login.jsp" />
+			<test url="http://ieeexplore.ieee.org/xpl/mwInstForgotUserNamePassword.jsp" />
+			<test url="http://ieeexplore.ieee.org/xpl/mwInstSignIn.jsp" />
 
-	<rule from="^http://(?:www\.)?ewh\.ieee\.org/"
-		to="https://ewh.ieee.org/" />
+	<securecookie host=".+" name=".+" />
 
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/IEEE_USA.org-falsemixed.xml b/src/chrome/content/rules/IEEE_USA.org-falsemixed.xml
new file mode 100644
index 000000000000..dfae2b05935a
--- /dev/null
+++ b/src/chrome/content/rules/IEEE_USA.org-falsemixed.xml
@@ -0,0 +1,24 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://entportal.aws.ieeeusa.org/ => https://entportal.aws.ieeeusa.org/: (6, 'Could not resolve host: entportal.aws.ieeeusa.org')
+Fetch error: http://entportal.ieeeusa.org/ => https://entportal.ieeeusa.org/: (6, 'Could not resolve host: entportal.ieeeusa.org')
+
+	For rules not causing false/broken MCB, see IEEE_USA.org.xml.
+
+-->
+<ruleset name="IEEE USA.org (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="entportal.aws.ieeeusa.org" />
+	<target host="entportal.ieeeusa.org" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/IEEE_USA.org.xml b/src/chrome/content/rules/IEEE_USA.org.xml
new file mode 100644
index 000000000000..922808fdf250
--- /dev/null
+++ b/src/chrome/content/rules/IEEE_USA.org.xml
@@ -0,0 +1,62 @@
+<!--
+	For rules causing false/broken MCB, see IEEE_USA.org-falsemixed.xml.
+
+
+	Problematic hosts in *ieeeusa.org:
+
+		- ^ ¹
+		- entportal.aws ²
+		- entportal ²
+		- insight ¹ ²
+		- shop ¹ ²
+		- www ³
+
+	¹ Mismatched
+	² Mixed css
+	³ Server sends no certificate chain, see https://whatsmychaincert.com
+
+
+	Insecure cookies are set for these hosts:
+
+		- entportal.aws.ieeeusa.org
+		- entportal.ieeeusa.org
+		- insight.ieeeusa.org
+		- shop.ieeeusa.org
+		- www.ieeeusa.org
+
+
+	Mixed content:
+
+		- css on shop from $self
+		- Images on shop from $self
+
+-->
+<ruleset name="IEEE USA.org (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<!--target host="entportal.aws.ieeeusa.org" /-->
+	<!--target host="entportal.ieeeusa.org" /-->
+	<target host="salaryservice.ieeeusa.org" />
+	<!--target host="www.ieeeusa.org" /-->
+
+	<!--	Complications:
+				-->
+	<!--target host="ieeeusa.org" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:entportal\.aws|entportal|insight|shop)\.ieeeusa\.org$" name="^(?:COOKIE_SUPPORT|GUEST_LANGUAGE_ID|JSESSIONID)$" /-->
+	<!--securecookie host="^www\.ieeeusa\.org$" name="^ASPSESSIONID[A-Z]{8}$" /-->
+
+	<!--securecookie host="." name="." /-->
+
+
+	<!--rule from="^http://ieeeusa\.org/"
+		to="https://www.ieeeusa.org/" /-->
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/IEEE_eLearning_Library.xml b/src/chrome/content/rules/IEEE_eLearning_Library.xml
index e27d38d79a0c..f814531e1b79 100644
--- a/src/chrome/content/rules/IEEE_eLearning_Library.xml
+++ b/src/chrome/content/rules/IEEE_eLearning_Library.xml
@@ -1,20 +1,30 @@
 <!--
+	IEEE eLearning Library
+
 	For other IEEE coverage, see IEEE.xml.
 
 
 	Cert only matches ^ieee-elearning.org
 
 -->
-<ruleset name="IEEE eLearning Library">
+<ruleset name="IEEE-eLearning.org">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="ieee-elearning.org" />
+
+	<!--	Complications:
+				-->
 	<target host="www.ieee-elearning.org" />
 
 
 	<securecookie host="^ieee-elearning\.org$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?ieee-elearning\.org/"
+	<rule from="^http://www\.ieee-elearning\.org/"
 		to="https://ieee-elearning.org/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/IELTS.org.xml b/src/chrome/content/rules/IELTS.org.xml
new file mode 100644
index 000000000000..dfac9c5c40ae
--- /dev/null
+++ b/src/chrome/content/rules/IELTS.org.xml
@@ -0,0 +1,13 @@
+<!--
+	Mismatch:
+		bandscore.ielts.org
+-->
+<ruleset name="IELTS.org" >
+	<target host="ielts.org" />
+	<target host="www.ielts.org" />
+	<target host="results.ielts.org" />
+
+	<securecookie host="^(www|results)\.ielts\.org$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/IELTS.xml b/src/chrome/content/rules/IELTS.xml
deleted file mode 100644
index d1633b785a8e..000000000000
--- a/src/chrome/content/rules/IELTS.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="IELTS" platform="mixedcontent">
-  <target host="ielts.org" />
-  <target host="*.ielts.org" />
-
-  <rule from="^http://(www\.|results\.)?ielts\.org/" to="https://$1ielts.org/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/IEQuran.com.xml b/src/chrome/content/rules/IEQuran.com.xml
new file mode 100644
index 000000000000..0dd0d6100d02
--- /dev/null
+++ b/src/chrome/content/rules/IEQuran.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="IEQuran.com">
+	<target host="iequran.com" />
+	<target host="www.iequran.com" />
+	<target host="mail.iequran.com" />
+	<target host="online.iequran.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/IET.xml b/src/chrome/content/rules/IET.xml
index e00206fe6da2..038c3c686539 100644
--- a/src/chrome/content/rules/IET.xml
+++ b/src/chrome/content/rules/IET.xml
@@ -1,13 +1,30 @@
 <!--
+	^: cert only matches www
+
+
 	Some pages redirect to http.
 
 -->
 <ruleset name="IET (partial)">
 
+	<target host="theiet.org" />
+	<target host="www.theiet.org" />
 	<target host="digital-library.theiet.org" />
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="^http://digital-library\.theiet\.org/(content/journals/el|content/subscriptions;jsessionid=|docserver/fulltext/\w+\.jpg)" /-->
+		<!--exclusion pattern="^http://www\.theiet\.org/($|help/index\.cfm|index\.cfm)" /-->
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="^http://www\.theiet\.org/(?!help/passwordResetRequest\.cfm|meganav/|my($|[?/])|staticfiles/)" /-->
+
 
+	<rule from="^http://(?:www\.)?theiet\.org/(?=help/passwordResetRequest\.cfm|meganav/|my(?:$|[?/])|staticfiles/)"
+		to="https://www.theiet.org/" />
 
-	<rule from="^http://digital-library\.theiet\.org/(cart|css/|images/)"
+	<rule from="^http://digital-library\.theiet\.org/(cart|css/|favicon\.ico|files/|images/)"
 		to="https://digital-library.theiet.org/$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/IETF.org.xml b/src/chrome/content/rules/IETF.org.xml
new file mode 100644
index 000000000000..e66cc347f325
--- /dev/null
+++ b/src/chrome/content/rules/IETF.org.xml
@@ -0,0 +1,121 @@
+<!--
+	Bad certificate:
+		www.apps.ietf.org
+		mail.apps.ietf.org
+		edu.ietf.org
+		vmhost-*-ipmi.meeting.ietf.org
+		noc.ietf.org (broken chain)
+		ns0.ietf.org
+
+	No known URL working:
+		codematch.ietf.org
+		ietf-mx.ietf.org
+		ietf-ops.ietf.org
+		meeting.ietf.org
+		gnt-1.meeting.ietf.org
+		hackathon.meeting.ietf.org
+		intermapper.meeting.ietf.org
+		noc.meeting.ietf.org
+		portal.meeting.ietf.org
+		rp-00*.meeting.ietf.org
+		sw-core*.meeting.ietf.org
+		sw-rack-oob.meeting.ietf.org
+		vmhost-*.meeting.ietf.org
+		wlc-24only-mgmt.meeting.ietf.org
+		wlc-eduroam-mgmt.meeting.ietf.org
+		wlc-expansion-mgmt.meeting.ietf.org
+		wlc-legacy-mgmt.meeting.ietf.org
+		wlc-ietf-mgmt.meeting.ietf.org
+		wlc*.meeting.ietf.org
+		ge-0-1-0.rtr-a.ietf85.meetings.ietf.org
+		megatron.ietf.org
+		onsite.ietf.org
+		optimus.ietf.org
+		rtg.ietf.org
+		www.rtg.ietf.org
+		ipmi.vm*.sql1.ietf.org
+		grenache.tools.ietf.org
+		www.trainmat.ietf.org
+		www*.ietf.org
+
+	Timeout:
+		ap*.meeting.ietf.org
+		con.meeting.ietf.org
+		deadperson.meeting.ietf.org
+		dhcp-*.meeting.ietf.org
+		dnssyn-*.meeting.ietf.org
+		meetecho-*.meeting.ietf.org
+		reg-printer.meeting.ietf.org
+		rtra.meeting.ietf.org
+		rtrb.meeting.ietf.org
+		rtrscouta.meeting.ietf.org
+		rtrscoutb.meeting.ietf.org
+		services-1.meeting.ietf.org
+		services-2.meeting.ietf.org
+		sponge.meeting.ietf.org
+		sw-*.meeting.ietf.org
+		sw-core.meeting.ietf.org
+		term-printer.meeting.ietf.org
+		termserv-1.meeting.ietf.org
+		trac.meeting.ietf.org
+		services-*.vlan*.meeting.ietf.org
+		wire-sniff.meeting.ietf.org
+
+-->
+<ruleset name="IETF.org">
+
+	<target host="ietf.org" />
+	<target host="www.ietf.org" />
+	<target host="codestand.ietf.org" />
+	<target host="datatracker.ietf.org" />
+	<target host="dnssec.ietf.org" />
+	<target host="dt.ietf.org" />
+	<target host="edu.ietf.org" />
+	<target host="ftp.ietf.org" />
+	<target host="ia1.ietf.org" />
+	<target host="iaoc.ietf.org" />
+	<target host="jabber.ietf.org" />
+	<target host="lists.ietf.org" />
+	<target host="mailarchive.ietf.org" />
+	<target host="tickets.meeting.ietf.org" />
+	<target host="ops.ietf.org" />
+	<target host="www.ops.ietf.org" />
+	<target host="pub.ietf.org" />
+	<target host="rt.ietf.org" />
+	<target host="sandbox.ietf.org" />
+	<target host="search.ietf.org" />
+	<target host="sec.ietf.org" />
+	<target host="tools.ietf.org" />
+	<target host="www.tools.ietf.org" />
+	<target host="art.tools.ietf.org" />
+	<target host="buildbot.tools.ietf.org" />
+	<target host="durif.tools.ietf.org" />
+	<target host="etherpad.tools.ietf.org" />
+	<target host="gamay.tools.ietf.org" />
+	<target host="jitsi.tools.ietf.org" />
+	<target host="mail.tools.ietf.org" />
+	<target host="merlot.tools.ietf.org" />
+	<target host="pad.tools.ietf.org" />
+	<target host="svn.tools.ietf.org" />
+	<target host="trac.tools.ietf.org" />
+	<target host="wiki.tools.ietf.org" />
+	<target host="www3.tools.ietf.org" />
+	<target host="xml2rfc.tools.ietf.org" />
+	<target host="zin.tools.ietf.org" />
+	<target host="zinfandel.tools.ietf.org" />
+	<target host="trac.ietf.org" />
+	<target host="trustee.ietf.org" />
+	<target host="xml2rfc.ietf.org" />
+
+	<securecookie host="^\.ietf\.org$" name="^(?:__cfduid|cf_clearance)$" />
+
+	<rule from="^http://www\.ops\.ietf\.org/"
+		  	to="https://trac.ietf.org/trac/ops/wiki/" />
+
+	<rule from="^http://edu\.ietf\.org/"
+			to="https://trac.ietf.org/trac/edu/" />
+
+	<rule from="^http:"
+			to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/IETF.xml b/src/chrome/content/rules/IETF.xml
deleted file mode 100644
index 4a394b87da6b..000000000000
--- a/src/chrome/content/rules/IETF.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- iaoc *
-		- trustee *
-
-	* Shows www, valid cert
-
--->
-<ruleset name="IETF" platform="mixedcontent">
-  <target host="ietf.org" />
-  <target host="www.ietf.org" />
-  <target host="tools.ietf.org" />
-  <target host="datatracker.ietf.org" />
-
-  <rule from="^http://(?:www\.)?ietf\.org/" to="https://www.ietf.org/"/>
-  <rule from="^http://(tools|datatracker)\.ietf\.org/" to="https://$1.ietf.org/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/IFA.ch.xml b/src/chrome/content/rules/IFA.ch.xml
index 6be5b3120869..7203fc1e4bc0 100644
--- a/src/chrome/content/rules/IFA.ch.xml
+++ b/src/chrome/content/rules/IFA.ch.xml
@@ -1,7 +1,7 @@
-<ruleset name="IFA.ch" platform="mixedcontent">
-  <target host="ifa.ch"/>
-  <target host="www.ifa.ch"/>
-  <securecookie host="^(.*\.)?ifa\.ch$" name=".*" />
+<ruleset name="IFA.ch">
+	<target host="www.ifa.ch"/>
+	<securecookie host=".+" name=".+" />
 
-  <rule from="^http://(?:www\.)?ifa\.ch/" to="https://www.ifa.ch/"/>
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/IFEX.org.xml b/src/chrome/content/rules/IFEX.org.xml
index 28fb369863eb..e94c6eb40103 100644
--- a/src/chrome/content/rules/IFEX.org.xml
+++ b/src/chrome/content/rules/IFEX.org.xml
@@ -4,7 +4,6 @@
 	<target host="www.ifex.org" />
 
 
-	<rule from="^http://(www\.)?ifex\.org/"
-		to="https://$1ifex.org/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/IFPA.ie.xml b/src/chrome/content/rules/IFPA.ie.xml
new file mode 100644
index 000000000000..67855105455a
--- /dev/null
+++ b/src/chrome/content/rules/IFPA.ie.xml
@@ -0,0 +1,15 @@
+<ruleset name="IFPA.ie">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ifpa.ie" />
+	<target host="www.ifpa.ie" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/IFTTT.com.xml b/src/chrome/content/rules/IFTTT.com.xml
index 7ebf2a2da4a0..8d9adf642346 100644
--- a/src/chrome/content/rules/IFTTT.com.xml
+++ b/src/chrome/content/rules/IFTTT.com.xml
@@ -13,7 +13,6 @@
 	<securecookie host="^ifttt\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?ifttt\.com/"
-		to="https://$1ifttt.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/IFightSurveillance.org.xml b/src/chrome/content/rules/IFightSurveillance.org.xml
new file mode 100644
index 000000000000..7a72ed2a3d48
--- /dev/null
+++ b/src/chrome/content/rules/IFightSurveillance.org.xml
@@ -0,0 +1,16 @@
+<!--
+	For other EFF coverage, see EFF.xml.
+-->
+
+<ruleset name="IFightSurveillance.org">
+	<target host="ifightsurveillance.com" />
+	<target host="www.ifightsurveillance.com" />
+	<target host="ifightsurveillance.net" />
+	<target host="www.ifightsurveillance.net" />
+	<target host="ifightsurveillance.org" />
+	<target host="www.ifightsurveillance.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/IFixit.net.xml b/src/chrome/content/rules/IFixit.net.xml
new file mode 100644
index 000000000000..cfb4d187cffb
--- /dev/null
+++ b/src/chrome/content/rules/IFixit.net.xml
@@ -0,0 +1,35 @@
+<!--
+	For other iFixit coverage, see IFixit.xml.
+
+
+	CDN buckets:
+
+		- d225i93lhigkl1.cloudfront.net
+			- ifixit-meta.dozuki.net
+
+		- da2lh5cs8ikqj.cloudfront.net
+			- cart-products.ifixit.net
+
+		- d3nevzfk7ii3be.cloudfront.net
+			- guide-images.ifixit.net
+
+-->
+<ruleset name="iFixit.net (partial)">
+
+	<!--	Special cases:
+				-->
+	<target host="ifixit-meta.dozuki.net" />
+	<target host="cart-products.ifixit.net" />
+	<target host="guide-images.ifixit.net" />
+
+
+	<rule from="^http://ifixit-meta\.dozuki\.net/"
+		to="https://d225i93lhigkl1.cloudfront.net/" />
+
+	<rule from="^http://cart-products\.ifixit\.net/"
+		to="https://da2lh5cs8ikqj.cloudfront.net/" />
+
+	<rule from="^http://guide-images\.ifixit\.net/"
+		to="https://d3nevzfk7ii3be.cloudfront.net/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/IFixit.xml b/src/chrome/content/rules/IFixit.xml
index 92288f3b19b2..40b6e68f5db0 100644
--- a/src/chrome/content/rules/IFixit.xml
+++ b/src/chrome/content/rules/IFixit.xml
@@ -1,48 +1,38 @@
 <!--
-	CDN buckets:
+	Other iFixit rulesets:
+		- IFixit.net.xml
 
-		- d225i93lhigkl1.cloudfront.net
-			- ifixit-meta.dozuki.net
 
-		- da2lh5cs8ikqj.cloudfront.net
-			- cart-products.ifixit.net
+	Nonfunctional hosts in *ifixit.com:
 
-		- d3nevzfk7ii3be.cloudfront.net
-			- guide-images.ifixit.net
+		- edu *
 
--->
-<ruleset name="iFixit (partial)">
+	* Redirects to http
 
-	<target host="ifixit-meta.dozuki.net" />
-	<target host="ifixit.com" />
-	<target host="*.ifixit.com" />
-	<target host="*.edu.ifixit.com" />
-	<target host="*.ifixit.net" />
 
+	Fully covered hosts in *ifixit.com:
 
-	<securecookie host="^\.edu\.ifixit\.com$" name=".+" />
+		- (www.)?
+		- meta
 
+-->
+<ruleset name="iFixit.com (partial)">
 
-	<rule from="^https?://ifixit-meta\.dozuki\.net/"
-		to="https://d225i93lhigkl1.cloudfront.net/" />
+	<!--	Direct rewrites:
+				-->
+	<target host="ifixit.com" />
+	<!--target host="edu.ifixit.com" /-->
+	<target host="meta.ifixit.com" />
+	<target host="www.ifixit.com" />
 
-	<!--	Some (most?) pages 302 to http.
+		<!--	Redirects to http:
 						-->
-	<rule from="^http://(www\.)?ifixit\.com/(cart|Guide)/login(/register)?($|\?)"
-		to="https://$1ifixit.com/$2/login$3$4" />
-
-	<rule from="^http://edu\.ifixit\.com/"
-		to="https://edu.ifixit.com/" />
+		<!--exclusion pattern="^http://edu\.ifixit\.com/$" /-->
 
-	<!--	Some (most?) pages 302 to http.
-						-->
-	<rule from="^http://meta\.ifixit\.com/login(/register)?($|\?)"
-		to="https://meta.ifixit.com/login$1$2" />
 
-	<rule from="^https?://cart-products\.ifixit\.net/"
-		to="https://da2lh5cs8ikqj.cloudfront.net/" />
+	<!--securecookie host="^\.edu\.ifixit\.com$" name=".+" /-->
 
-	<rule from="^https?://guide-images\.ifixit\.net/"
-		to="https://d3nevzfk7ii3be.cloudfront.net/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/IFriends.xml b/src/chrome/content/rules/IFriends.xml
deleted file mode 100644
index deaff955ae41..000000000000
--- a/src/chrome/content/rules/IFriends.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="iFriends (partial)">
-
-	<!--	* for cross-domain cookie.	-->
-	<target host="*.ifriends.net" />
-
-
-	<securecookie host="^\.ifriends\.net$" name=".*" />
-
-
-	<rule from="^http://images\.ifriends\.net/"
-		to="https://images.ifriends.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/IGCD.net.xml b/src/chrome/content/rules/IGCD.net.xml
new file mode 100644
index 000000000000..a720beb8e3cd
--- /dev/null
+++ b/src/chrome/content/rules/IGCD.net.xml
@@ -0,0 +1,8 @@
+<ruleset name="IGCD.net">
+	<target host="igcd.net" />
+	<target host="www.igcd.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/IGN-problematic.xml b/src/chrome/content/rules/IGN-problematic.xml
deleted file mode 100644
index da289ce07a8e..000000000000
--- a/src/chrome/content/rules/IGN-problematic.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	For rules that are on by default, see IGN.xml.
-
--->
-<ruleset name="IGN (problematic)" default_off="akamai certificate">
-
-	<target host="ign.com" />
-	<target host="*.ign.com" />
-
-
-	<securecookie host="^.*\.ign\.com$" name=".+" />
-
-
-	<rule from="^https?://(?:www\.)?ign\.com/"
-		to="https://www.ign.com/" />
-
-	<rule from="^http://(au|ca|de|ie|maint|dia|redirect|uk|widgets)\.ign\.com/"
-		to="https://$1.ign.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/IGN.xml b/src/chrome/content/rules/IGN.xml
index 1bfdb276ccb5..1e231ada7fd5 100644
--- a/src/chrome/content/rules/IGN.xml
+++ b/src/chrome/content/rules/IGN.xml
@@ -1,124 +1,69 @@
 <!--
-	For problematic rules, see IGN-problematic.xml.
-
-
-	For other News Corporation coversage, see News-Corporation.xml.
-
+	For other News Corporation coverage, see News-Corporation.xml.
 
 	CDN buckets:
-
 		- maint.ign.com.edgesuite.net
+		- www.ign.com.edgesuite.net/…
 
-		- www.ign.com.edgesuite.net/...
-
-			- ign.com subdomains:
-				- au
-				- ca
-				- ie
-				- dsmedia
-				- media
-				- pcmedia
-				- ps3media
-				- pspmedia
-				- uk
-				- xbox360media
-				- widgets
-				- www
-
-			- assets[12].ignimgs.com
-			- fonts.ignimgs.com
-			- media.ignimgs.com
-			- oyster.ignimgs.com
-			- oystatic.ignimgs.com
-
-
-	Nonfunctional domains:
-
-		- corp.ign.com
-
-
-	Problematic domains:
-
-		ign.com subdomains:
-
-			- ^		(cert only matches redirect.ign.com)
-			- ap
-			- au *
-			- ca *
-			- de **
-			- ds *
-			- maint *
-			- pcmedia *
-			- ps3media *
-			- pspmedia *
-			- redirect **
-			- uk *
-			- widgets *
-			- www *
-			- xbox360media *
-
-		- assets[12].ignimgs.com
+	Invalid certificate:
 		- fonts.ignimgs.com
-		- media.ignimgs.com *
-		- oystatic.ignimgs.com *
-
-	* Akamai, works
-	* Self-signed
-
-
-	Fully covered domains:
-
-		- ign.com subdomains:
 
-			- ads *
-			- assets *
-			- dsmedia *
-			- pcmedia *
-			- ps3media *
-			- pspmedia *
-			- wirelessmedia *
-			- xbox360media *
-
-		- ignimgs.com subdomains:
-
-			- assets[12] *
-			- fonts *
-			- media *
-			- oyster *
-
-	* → akamai
+	Server error:
+		- docs.widgets.ign.com
 
+	Timed out:
+		- ign.com, equivalent to www.ign.com
+		- ds.ign.com, equivalent to www.ign.com/ds if no path, else www.ign.com
 -->
-<ruleset name="IGN (partial)">
 
+<ruleset name="IGN (partial)">
+	<!-- ign.com -->
+	<target host="ign.com" />
+	<target host="www.ign.com" />
 	<target host="ads.ign.com" />
-	<target host="mail.ign.com" />
+	<target host="ap.ign.com" />
+	<target host="au.ign.com" />
+	<target host="assets.ign.com" />
+	<target host="ca.ign.com" />
+	<target host="corp.ign.com" />
+	<target host="de.ign.com" />
+	<target host="ds.ign.com" />
+		<test url="http://ds.ign.com/a" />
+	<target host="dsmedia.ign.com" />
+	<target host="ie.ign.com" />
 	<target host="media.ign.com" />
+	<target host="nwvault.ign.com" />
 	<target host="pcmedia.ign.com" />
 	<target host="ps3media.ign.com" />
 	<target host="pspmedia.ign.com" />
+	<target host="redirect.ign.com" />
 	<target host="s.ign.com" />
+	<target host="sea.ign.com" />
+	<target host="uk.ign.com" />
+	<target host="widgets.ign.com" />
 	<target host="wirelessmedia.ign.com" />
-	<target host="*.ignimgs.com" />
-		<!--
-			Points some resource links to akamai.net/$
-									-->
-		<exclusion pattern="^http://oystatic\.ignimgs\.com/cache/css/(?!35/70/3570337b77bc103506ad234873b09d3f\.css)" />
+	<target host="xbox360media.ign.com" />
 
+	<!-- ignimgs.com -->
+	<target host="assets1.ignimgs.com" />
+	<target host="assets2.ignimgs.com" />
+	<target host="kraken.ignimgs.com" />
+	<target host="media.ignimgs.com" />
+	<target host="oystatic.ignimgs.com" />
+	<target host="oyster.ignimgs.com" />
 
-	<securecookie host="^s\.ign\.com$" name=".+" />
 
+	<securecookie host="^.+\.ign\.com$" name=".+" />
 
-	<rule from="^http://((?:ads|(?:ds|pc|ps[3p]|wireless|xbox360)media)\.ign|(?:fonts|oyster)\.ignimgs)\.com/"
-		to="https://a248.e.akamai.net/f/1005/1/g/$1.com/" />
 
-	<rule from="^http://(assets|media)\.ign\.com/"
-		to="https://a248.e.akamai.net/$1.ign.com/" />
+	<rule from="^http://ign\.com/"
+		to="https://www.ign.com/" />
 
-	<rule from="^http://(mail|s)\.ign\.com/"
-		to="https://$1.ign.com/" />
+	<rule from="^http://ds\.ign\.com/$"
+		to="https://www.ign.com/ds" />
 
-	<rule from="^http://(assets\d|media|oystatic)\.ignimgs\.com/"
-		to="https://a248.e.akamai.net/$1.ignimgs.com/" />
+	<rule from="^http://ds\.ign\.com/"
+		to="https://www.ign.com/ds/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/IGNUM.xml b/src/chrome/content/rules/IGNUM.xml
index 2a24aeb169da..139cdccdf288 100644
--- a/src/chrome/content/rules/IGNUM.xml
+++ b/src/chrome/content/rules/IGNUM.xml
@@ -1,24 +1,24 @@
 <!--
+	Other IGNUM rulesets:
+
+		- Domena.cz.xml
+
+
 	Self-signed domains:
 
 		- peklo.core.ignum.cz	(presented by client sites, 403)
 
 -->
-<ruleset name="IGNUM (partial)" platform="mixedcontent">
+<ruleset name="IGNUM.cz (partial)">
 
-	<target host="domena.cz" />
-	<target host="www.domena.cz" />
 	<target host="ignum.cz" />
 	<target host="www.ignum.cz" />
 
 
-	<securecookie host="^(www\.)?(domena|ignum)\.cz$" name=".*" />
-
+	<securecookie host="^(?:www\.)?ignum\.cz$" name=".+" />
 
-	<rule from="^http://(www\.)?domena\.cz/"
-		to="https://$1domena.cz/" />
 
-	<rule from="^http://(www\.)?ignum\.cz/"
-		to="https://$1ignum.cz/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/IGaming-mismatches.xml b/src/chrome/content/rules/IGaming-mismatches.xml
index bc1eceb6ef28..8819d0d05492 100644
--- a/src/chrome/content/rules/IGaming-mismatches.xml
+++ b/src/chrome/content/rules/IGaming-mismatches.xml
@@ -15,12 +15,12 @@
 	<target host="soccerpunt.com"/>
 	<target host="www.soccerpunt.com"/>
 	<target host="tipseri.net"/>
-	<target host="*.tipseri.net"/>
+	<target host="www.tipseri.net" />
 
-	<securecookie host="^(best-pariuri-online|betclair|soccerpunt)\.com$" name=".*"/>
-	<securecookie host="^igaming\.biz$" name=".*"/>
-	<securecookie host="^pariuri\.pariloto\.net$" name=".*"/>
-	<securecookie host="^tipseri\.net$" name=".*"/>
+	<securecookie host="^(?:best-pariuri-online|betclair|soccerpunt)\.com$" name=".+" />
+	<securecookie host="^igaming\.biz$" name=".+" />
+	<securecookie host="^pariuri\.pariloto\.net$" name=".+" />
+	<securecookie host="^tipseri\.net$" name=".+" />
 
 	<rule from="^http://(?:www\.)?igaming\.biz/"
 		to="https://igaming.biz/"/>
diff --git a/src/chrome/content/rules/IGaming.xml b/src/chrome/content/rules/IGaming.xml
index 844152ecfa8a..d404408ba8dd 100644
--- a/src/chrome/content/rules/IGaming.xml
+++ b/src/chrome/content/rules/IGaming.xml
@@ -1,21 +1,20 @@
 <ruleset name="iGaming (partial)" platform="mixedcontent">
 
 	<target host="bwin.com"/>
-	<target host="*.bwin.com"/>
+	<target host="www.bwin.com" />
+	<target host="casino.bwin.com" />
 	<target host="gambling-affiliation.com"/>
 	<!--	for cross-domain cookie	-->
-	<target host="*.gambling-affiliation.com"/>
-	<target host="*.itsfogo.com"/>
+	<target host="www.gambling-affiliation.com" />
+	<target host="adserver.itsfogo.com" />
+	<target host="mcf.itsfogo.com" />
 
-	<securecookie host="^(.*\.)?(bwin|gambling-affiliation|itsfogo)\.com$" name=".*"/>
+	<securecookie host=".+" name=".+"/>
 
 	<rule from="^http://(?:www\.)?(bwin|gambling-affiliation)\.com/"
 		to="https://www.$1.com/"/>
 
-	<rule from="^http://casino\.bwin\.com/"
-		to="https://casino.bwin.com/"/>
 
-	<rule from="^http://(adserver|mcf)\.itsfogo\.com/"
-		to="https://$1.itsfogo.com/"/>
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/IGrasp.xml b/src/chrome/content/rules/IGrasp.xml
index 255bfbd0b01a..31e04ccfe453 100644
--- a/src/chrome/content/rules/IGrasp.xml
+++ b/src/chrome/content/rules/IGrasp.xml
@@ -3,10 +3,10 @@
 	<target host="*.i-grasp.com" />
 
 
-	<securecookie host="^.+\.i-grasp\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http://([\w-]+)\.i-grasp\.com/"
 		to="https://$1.i-grasp.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/IHC.ru.xml b/src/chrome/content/rules/IHC.ru.xml
new file mode 100644
index 000000000000..e65263897a2b
--- /dev/null
+++ b/src/chrome/content/rules/IHC.ru.xml
@@ -0,0 +1,29 @@
+<!--
+	Insecure cookies are set for these domains and hosts:
+
+		- .ihc.ru
+		- support.ihc.ru
+
+-->
+<ruleset name="IHC.ru">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ihc.ru" />
+	<target host="my.ihc.ru" />
+	<target host="support.ihc.ru" />
+	<target host="www.ihc.ru" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.ihc\.ru$" name="^uid$" /-->
+	<!--securecookie host="^support\.ihc\.ru$" name="^SWIFT_sessionid40$" /-->
+
+	<securecookie host="^(?:support)?\.ihc\.ru$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/IHG_Merlin.com.xml b/src/chrome/content/rules/IHG_Merlin.com.xml
new file mode 100644
index 000000000000..957377b3566d
--- /dev/null
+++ b/src/chrome/content/rules/IHG_Merlin.com.xml
@@ -0,0 +1,51 @@
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ihgmerlin.com/ => https://ihgmerlin.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+	For other InterContinental Hotels Group PLC coverage, see IHG_PLC.com.xml.
+
+
+	CDN buckets:
+
+		- videos.ihgmerlin.com.edgesuite.net
+
+
+	Problematic subdomains:
+
+		- videos *
+
+	* Works, akamai
+
+
+	Fully covered subdomains:
+
+		- (www.)
+		- images
+		- imagesqa
+		- me2
+		- me2qa
+		- qa
+
+-->
+<ruleset name="IHG Merlin.com (partial)">
+
+	<target host="ihgmerlin.com" />
+	<target host="images.ihgmerlin.com" />
+	<target host="imagesqa.ihgmerlin.com" />
+	<target host="me2.ihgmerlin.com" />
+	<target host="me2qa.ihgmerlin.com" />
+	<target host="qa.ihgmerlin.com" />
+	<target host="www.ihgmerlin.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?ihgmerlin\.com$" name="^BIGipServermerlin_Web_\d+-\$+" /-->
+	<!--securecookie host="^qa\.ihgmerlin\.com$" name="^BIGipServerPortal$" /-->
+	<!--securecookie host="^www\.ihgmerlin\.com$" name="^(BIGipServermerlin_Weblogic|JSESSIONID|X-Japan-IP|plloginoccured)$" /-->
+
+	<securecookie host="^(?:qa\.|www\.)?ihgmerlin\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/IHG_PLC.com.xml b/src/chrome/content/rules/IHG_PLC.com.xml
new file mode 100644
index 000000000000..85a5afab8f15
--- /dev/null
+++ b/src/chrome/content/rules/IHG_PLC.com.xml
@@ -0,0 +1,27 @@
+<!--
+	Other InterContinental Hotels Group PLC rulesets:
+
+		- Globaloneteam.com.xml
+		- InterContinental_Hotels_Group.xml
+
+
+	At least some pages redirect to http.
+
+-->
+<ruleset name="IHG PLC.com (partial)">
+
+	<target host="ihgplc.com" />
+	<target host="www.ihgplc.com" />
+		<!--
+			Redirect to http:
+						-->
+		<exclusion pattern="^http://www\.ihgplc\.com/+index\.asp" />
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="^http://www\.ihgplc\.com/+(?!$|\?|favicon\.ico|images/|style/)" /-->
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/IHeart.com.xml b/src/chrome/content/rules/IHeart.com.xml
new file mode 100644
index 000000000000..5f92fd0fdeea
--- /dev/null
+++ b/src/chrome/content/rules/IHeart.com.xml
@@ -0,0 +1,74 @@
+<!--
+	CDN buckets:
+
+		- general-support.iheartradio.desk.com
+
+			- help
+
+		- news.iheart.com.edgesuite.net
+
+		- static.iheart.com.edgesuite.net
+
+
+	Nonfunctional subdomains:
+
+		- developer ¹
+		- help ²
+		- jobs ³
+		- news ⁴
+
+	¹ Refused
+	² Desk.com
+	³ Github
+	⁴ 503, akamai
+
+
+	Problematic subdomains:
+
+		- static *
+
+	* Works, akamai
+
+
+	Fully covered subdomains:
+
+		- (www.)
+		- iscale
+		- pylon
+		- securestatic
+		- static	(→ securestatic)
+
+
+	Mixed content:
+
+		- Images on www from iscale *
+
+	* Secured by us
+
+-->
+<ruleset name="iHeart.com (partial)">
+
+	<target host="iheart.com" />
+	<target host="iscale.iheart.com" />
+	<target host="pylon.iheart.com" />
+	<target host="www.iheart.com" />
+	<target host="static.iheart.com" />
+	<target host="securestatic.iheart.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.iheart\.com$" name="^s_cc$" /-->
+
+	<securecookie host="^\.iheart\.com$" name=".+" />
+
+
+
+	<!--rule from="^http://help\.iheart\.com/"
+		to="https://iheartradio.desk.com/" /-->
+
+	<rule from="^http://(?:secure)?static\.iheart\.com/"
+		to="https://securestatic.iheart.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/IIPVV.nl.xml b/src/chrome/content/rules/IIPVV.nl.xml
new file mode 100644
index 000000000000..88b203e0eb40
--- /dev/null
+++ b/src/chrome/content/rules/IIPVV.nl.xml
@@ -0,0 +1,19 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://iipvv.nl/ => https://iipvv.nl/: (51, "SSL: no alternative certificate subject name matches target host name 'iipvv.nl'")
+Fetch error: http://www.iipvv.nl/ => https://www.iipvv.nl/: (51, "SSL: no alternative certificate subject name matches target host name 'www.iipvv.nl'")
+
+-->
+<ruleset name="IIPVV.nl" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="iipvv.nl" />
+	<target host="www.iipvv.nl" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/IIS.net.xml b/src/chrome/content/rules/IIS.net.xml
deleted file mode 100644
index c2448fb121f3..000000000000
--- a/src/chrome/content/rules/IIS.net.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="IIS.net">
-	<target host="iis.net" />
-	<target host="www.iis.net" />
-	<target host="learn.iis.net" />
-	<rule from="^http://www\.iis\.net/" to="https://www.iis.net/"/>
-	<rule from="^http://learn\.iis\.net/" to="https://learn.iis.net/"/>
-	<rule from="^http://iis\.net/" to="https://www.iis.net/"/>
-</ruleset>
-
diff --git a/src/chrome/content/rules/IIS.se.xml b/src/chrome/content/rules/IIS.se.xml
index 2985c3a6179c..f2a0eae1f616 100644
--- a/src/chrome/content/rules/IIS.se.xml
+++ b/src/chrome/content/rules/IIS.se.xml
@@ -1,17 +1,34 @@
 <!--
 	IIS handles the swedish TLD, .se.
 
+
+	Problematic hosts in *iis.se:
+
+		- domainmanager *
+
+	* Server sends no certificate chain, see https://whatsmychaincert.com
+
+
+	Fully covered hosts in *iis.se:
+
+		- (www.)?
+		- domanhanteraren
+
 -->
-<ruleset name="IIS.se">
+<ruleset name="IIS.se (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="iis.se" />
-	<target host="*.iis.se" />
+	<!--target host="domainmanager.iis.se" /-->
+	<target host="domanhanteraren.iis.se" />
+	<target host="www.iis.se" />
 
 
 	<securecookie host="^(?:domainmanager|domanhanteraren)\.iis\.se$" name=".+" />
 
 
-	<rule from="^http://((?:domainmanager|domanhanteraren|www)\.)?iis\.se/"
-		to="https://$1iis.se/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/IISP.org.xml b/src/chrome/content/rules/IISP.org.xml
new file mode 100644
index 000000000000..b7bcf6666baa
--- /dev/null
+++ b/src/chrome/content/rules/IISP.org.xml
@@ -0,0 +1,23 @@
+<!--
+	^: 404
+
+
+	Fully covered subdomains:
+
+		- (www.)?	(^ → www)
+		- apply
+
+-->
+<ruleset name="IISP.org">
+
+	<target host="iisp.org" />
+	<target host="www.iisp.org" />
+	<target host="apply.iisp.org" />
+
+
+	<rule from="^http://(?:www\.)?iisp\.org/"
+		to="https://www.iisp.org/" />
+
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/IITB.ac.in.xml b/src/chrome/content/rules/IITB.ac.in.xml
index 5b6a56734991..5fc7eb566fdb 100644
--- a/src/chrome/content/rules/IITB.ac.in.xml
+++ b/src/chrome/content/rules/IITB.ac.in.xml
@@ -1,16 +1,50 @@
 <!--
-	CN: System Admin
+	Nonfunctional hosts in *iitb.ac.in:
+
+		- (www.)? ¹
+		- camp ²
+		- www.cc ¹
+		- docs ¹
+		- chisti.ee ²
+		- gymkhana ¹
+		- imp ¹
+		- iloha ¹
+		- www.ircc ¹
+		- www.library ¹
+
+	¹ Dropped
+	² Refused
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.cse.iitb.ac.in
+		- gpo.iitb.ac.in
+		- portal.iitb.ac.in
 
 -->
-<ruleset name="IITB.ac.in (partial)" default_off="self-signed">
+<ruleset name="IITB.ac.in (partial)">
 
+	<!--	Direct rewrites:
+				-->
+	<target host="bugs.cse.iitb.ac.in" />
+	<target host="systems.cse.iitb.ac.in" />
 	<target host="www.cse.iitb.ac.in" />
+	<target host="gpo.iitb.ac.in" />
+	<target host="portal.iitb.ac.in" />
+	<target host="www1.iitb.ac.in" />
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.cse\.iitb\.ac\.in$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^gpo\.iitb\.ac\.in$" name="^SQMSESSID$" /-->
+	<!--securecookie host="^portal\.iitb\.ac\.in$" name="^JSESSIONID$" /-->
 
-	<securecookie host="^www\.cse\.iitb\.ac\.in$" name=".+" />
+	<securecookie host="^(?:www\.cse|gpo|portal)\.iitb\.ac\.in$" name=".+" />
 
 
-	<rule from="^http://www\.cse\.iitb\.ac\.in/"
-		to="https://www.cse.iitb.ac.in/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/IITBooks.co.in.xml b/src/chrome/content/rules/IITBooks.co.in.xml
new file mode 100644
index 000000000000..e197d058d18c
--- /dev/null
+++ b/src/chrome/content/rules/IITBooks.co.in.xml
@@ -0,0 +1,6 @@
+<ruleset name="IITBooks.co.in">
+	<target host="iitbooks.co.in" />
+	<target host="www.iitbooks.co.in" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/IJM_Freedom_Maker.xml b/src/chrome/content/rules/IJM_Freedom_Maker.xml
deleted file mode 100644
index 770c68cd4dbd..000000000000
--- a/src/chrome/content/rules/IJM_Freedom_Maker.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	At least some pages redirect to http.
-
--->
-<ruleset name="IJM Freedom Maker (partial)">
-
-	<target host="ijmfreedommaker.org" />
-	<target host="www.ijmfreedommaker.org" />
-
-
-	<rule from="^http://(www\.)?ijmfreedommaker\.org/(apps|boost)/"
-		to="https://$1ijmfreedommaker.org/$2/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/IJReview.com.xml b/src/chrome/content/rules/IJReview.com.xml
new file mode 100644
index 000000000000..891fc928765c
--- /dev/null
+++ b/src/chrome/content/rules/IJReview.com.xml
@@ -0,0 +1,35 @@
+<!--
+	For rules causing false/broken MCB, see IJReview.com-falsemixed.xml.
+
+
+	Mixed content:
+
+		- css from $self ¹
+
+		- Images from static ¹
+
+		- Ads/bugs, from:
+
+			- js.bigfineds.com
+			- \d+.fls.doubleclick.net ²
+			- www.facebook.com ¹
+			- b.scorecardresearch.com ¹
+
+	¹ Secured by us
+	² Rule disabled by default
+
+-->
+<ruleset name="IJReview.com (partial)">
+
+	<target host="ijreview.com" />
+	<target host="static.ijreview.com" />
+	<target host="www.ijreview.com" />
+		<!--
+			Avoid false/broken MCB:
+						-->
+		<exclusion pattern="^http://www\.ijreview\.com/+(?!favicon\.ico|wp-content/|wp-includes/)" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/IKK-Gesundplus.xml b/src/chrome/content/rules/IKK-Gesundplus.xml
index 52c0f6ee146c..4a768fdc714b 100644
--- a/src/chrome/content/rules/IKK-Gesundplus.xml
+++ b/src/chrome/content/rules/IKK-Gesundplus.xml
@@ -1,5 +1,5 @@
 <ruleset name="IKK-Gesundplus">
 <target host="www.ikk-gesundplus.de" />
 <target host="ikk-gesundplus.de" />
-<rule from="^http://(?:www\.)?ikk-gesundplus\.de/" to="https://www.ikk-gesundplus.de/"/>
+<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/IKSR.org.xml b/src/chrome/content/rules/IKSR.org.xml
new file mode 100644
index 000000000000..8a8075221f5d
--- /dev/null
+++ b/src/chrome/content/rules/IKSR.org.xml
@@ -0,0 +1,16 @@
+<!--
+	Timeout:
+		- workplace.iksr.org
+-->
+<ruleset name="IKSR.org">
+
+	<target host="iksr.org" />
+	<target host="www.iksr.org" />
+	<target host="kids.iksr.org" />
+	<target host="piwik.iksr.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/IKoruna.xml b/src/chrome/content/rules/IKoruna.xml
index 06a922485ffd..c4acffdd4f8b 100644
--- a/src/chrome/content/rules/IKoruna.xml
+++ b/src/chrome/content/rules/IKoruna.xml
@@ -1,4 +1,14 @@
-<ruleset name="iKoruna">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://i-koruna.com/ => https://i-koruna.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.i-koruna.com/ => https://www.i-koruna.com/: (28, 'Connection timed out after 20000 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://i-koruna.com/ => https://i-koruna.com/: (35, 'error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol')
+Fetch error: http://www.i-koruna.com/ => https://www.i-koruna.com/: (6, 'Could not resolve host: www.i-koruna.com')
+-->
+<ruleset name="iKoruna" default_off="failed ruleset test">
 
 	<target host="i-koruna.com" />
 	<target host="www.i-koruna.com" />
@@ -7,7 +17,6 @@
 	<securecookie host="^www\.i-koruna\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?i-koruna\.com/"
-		to="https://$1i-koruna.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ILO.org.xml b/src/chrome/content/rules/ILO.org.xml
index eff986e3e3f4..c058b669fb30 100644
--- a/src/chrome/content/rules/ILO.org.xml
+++ b/src/chrome/content/rules/ILO.org.xml
@@ -1,4 +1,14 @@
-<ruleset name="ILO.org" platform="mixedcontent">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.ilo.org/ => https://www.ilo.org/: Too many redirects while fetching 'https://www.ilo.org/'
+Fetch error: http://ilo.org/ => https://www.ilo.org/: Too many redirects while fetching 'https://www.ilo.org/'
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.ilo.org/ => https://www.ilo.org/: Cycle detected - URL already encountered: https://www.ilo.org/global/lang- -en/index.htm
+Fetch error: http://ilo.org/ => https://www.ilo.org/: Cycle detected - URL already encountered: https://www.ilo.org/global/lang- -en/index.htm
+-->
+<ruleset name="ILO.org" platform="mixedcontent" default_off="failed ruleset test">
 	<target host="www.ilo.org" />
 	<target host="ilo.org" />
 	<rule from="^http://ilo\.org/" to="https://www.ilo.org/"/>
diff --git a/src/chrome/content/rules/ILX_Group.com.xml b/src/chrome/content/rules/ILX_Group.com.xml
new file mode 100644
index 000000000000..54b9c8c6d15c
--- /dev/null
+++ b/src/chrome/content/rules/ILX_Group.com.xml
@@ -0,0 +1,71 @@
+<!--
+	Nonfunctional hosts in *ilxgroup.com:
+
+		- shop ⁴
+		- support ᵃ
+
+	⁴ 404
+	ᵃ Shows shop.ilxgroup.com
+
+
+	Problematic hosts in *ilxgroup.com:
+
+		- www2 ᵐ
+
+	ᵐ Pardot / mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.ilxgroup.com
+
+-->
+<ruleset name="ILG Group.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ilxgroup.com" />
+	<target host="www.ilxgroup.com" />
+
+	<!--	Complications:
+				-->
+	<target host="www2.ilxgroup.com" />
+
+		<exclusion pattern="^http://www2\.ilxgroup\.com/(?!/*(?:e/|$|\?))" />
+
+			<!--	See below respective rules for negative cases.
+
+				+ve:
+					-->
+			<test url="http://www2.ilxgroup.com/default.aspx" />
+			<test url="http://www2.ilxgroup.com/favicon.ico" />
+			<test url="http://www2.ilxgroup.com/index.htm" />
+			<test url="http://www2.ilxgroup.com/index.html" />
+			<test url="http://www2.ilxgroup.com/index.jsp" />
+			<test url="http://www2.ilxgroup.com/index.php" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.ilxgroup\.com$" name="^laravel_session$" /-->
+
+	<securecookie host="^(?!www2\.)\w" name=".+" />
+
+
+	<rule from="^http://www2\.ilxgroup\.com/(?=/*e/)"
+		to="https://go.pardot.com/" />
+
+		<test url="http://www2.ilxgroup.com/e/52142/112791343529511718875-posts/4j5zhj/152467769" />
+		<test url="http://www2.ilxgroup.com/e/52142/wiki-Windows-1-0/4yqg9x/172139929" />
+
+	<!--	Redirect drops forward slash and args:
+							-->
+	<rule from="^http://www2\.ilxgroup\.com/.*"
+		to="https://www.ilxgroup.com/" />
+
+		<test url="http://www2.ilxgroup.com/?" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ILikeBigBits.com.xml b/src/chrome/content/rules/ILikeBigBits.com.xml
new file mode 100644
index 000000000000..9f3f7d71feaa
--- /dev/null
+++ b/src/chrome/content/rules/ILikeBigBits.com.xml
@@ -0,0 +1,13 @@
+<!--
+	Mismatched:
+		- ilikebigbits.com
+-->
+<ruleset name="ILikeBigBits.com">
+	<target host="ilikebigbits.com" />
+	<target host="www.ilikebigbits.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://ilikebigbits\.com/" to="https://www.ilikebigbits.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ILivid.xml b/src/chrome/content/rules/ILivid.xml
deleted file mode 100644
index d06e8e81bf6d..000000000000
--- a/src/chrome/content/rules/ILivid.xml
+++ /dev/null
@@ -1,26 +0,0 @@
-<!--
-	CDN buckets:
-
-		- download.cdn.ilivid.com.edgesuite.net
-
-
-	Nonfunctional subdomains:
-
-		- download.cdn	(503, akamai)
-		- download	(refused)
-		- lp		(shows www; mismatched, CN: www.ilivid.com)
-
--->
-<ruleset name="iLivid (partial)">
-
-	<target host="ilivid.com" />
-	<target host="*.ilivid.com" />
-
-
-	<!--securecookie host="^\.ilivid\.com$" name="^(?:appid_dl|ln)$" /-->
-
-
-	<rule from="^http://(www\.)?ilivid\.com/"
-		to="https://$1ilivid.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/ILogo.xml b/src/chrome/content/rules/ILogo.xml
index 8343ec344b6e..85e356aabbf6 100644
--- a/src/chrome/content/rules/ILogo.xml
+++ b/src/chrome/content/rules/ILogo.xml
@@ -1,13 +1,12 @@
 <ruleset name="iLogo">
 
 	<target host="ilogo.in" />
-	<target host="*.ilogo.in" />
+	<target host="www.ilogo.in" />
 
 
-	<securecookie host="^(?:.*\.)?ilogo\.in$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(www\.)?ilogo\.in/"
-		to="https://$1ilogo.in/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/IMANCentral.org.xml b/src/chrome/content/rules/IMANCentral.org.xml
new file mode 100644
index 000000000000..f055af3dd9d7
--- /dev/null
+++ b/src/chrome/content/rules/IMANCentral.org.xml
@@ -0,0 +1,13 @@
+<!--
+	Invalid certificate:
+	- action.imancentral.org
+
+-->
+<ruleset name="IMANCentral.org" >
+	<target host="imancentral.org" />
+	<target host="www.imancentral.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/IMDB.xml b/src/chrome/content/rules/IMDB.xml
index 0b1d1cca28b4..4678becbba54 100644
--- a/src/chrome/content/rules/IMDB.xml
+++ b/src/chrome/content/rules/IMDB.xml
@@ -1,40 +1,35 @@
 <!--
-	CDN buckets:
+	Refused:
+		finnish.imdb.com
+
+	Invalid certificate:
+		akas.imdb.com
+		brazilian.imdb.com
+		former.imdb.com
+		graph.imdb.com
+		i.imdb.com
+		italian.imdb.com
+		italy.imdb.com
+		portuguese.imdb.com
+		posters.imdb.com
+		random.imdb.com
+		romanian.imdb.com
+		rss.imdb.com
+		showtime.imdb.com
+		swedish.imdb.com
+		vacobranding.imdb.com
+		widgets.imdb.com
+
+		www.media-imdb.com
 
-		- ia.imdb.com.edgesuite.net
-
-
-	!functional:
-		(www.)imdb.com
-		- s.media-imdb.com	(refused)
-
-	Problematic domains:
-
-		- ia.media-imdb.com	(Akamai, "Service Unavailable", !at www nor origin-ia nor secure.imdb.com)
-
-
-	Fully covered domains:
-
-		- ia.media-imdb.com	(→ images-na.ssl-images-amazon.com)
-
-
-	Rewriting www.imdb.com/(name|title)/ pages to secure redirects to pro.imdb.com.
 -->
-<ruleset name="IMDB (partial)">
-
-	<target host="imdb.com"/>
-	<target host="*.imdb.com"/>
-	<!--	i: Akamai	-->
-	<target host="*.media-imdb.com"/>
-	<exclusion pattern="^http://([^/:@]+\.)?imdb\.com/images/a/ifb/doubleclick/expand\.html" />
-
-	<rule from="^http://(?:www\.)?imdb\.com/(images|rg)/"
-		to="https://secure.imdb.com/$1/"/>
-
-	<rule from="^http://(?:secure\.|(?:i|www)\.media-)imdb\.com/"
-		to="https://secure.imdb.com/"/>
-
-	<rule from="^http://ia\.media-imdb\.com/"
-		to="https://images-na.ssl-images-amazon.com/" />
+<ruleset name="IMDb">
+	<target host="ia.media-imdb.com" />
+		<test url="http://ia.media-imdb.com/images/G/01/imdb/images/navbar/imdbpro_logo_nb-3000473826._CB530713470_.png" />
+	<target host="i.media-imdb.com" />
+	<target host="s.media-imdb.com" />
+	<target host="video-http.media-imdb.com" />
+
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/IMF.org.xml b/src/chrome/content/rules/IMF.org.xml
index 25d1c32bbefd..d4330a6f5219 100644
--- a/src/chrome/content/rules/IMF.org.xml
+++ b/src/chrome/content/rules/IMF.org.xml
@@ -1,7 +1,20 @@
+<!--
+	Mixed content:
+
+		- favicon from $self ˢ
+
+	ˢ Secured by us
+
+-->
 <ruleset name="IMF.org">
-  <target host="www.imf.org" />
-  <target host="imf.org" />
-  <rule from="^http://www\.imf\.org/" to="https://www.imf.org/"/>
-  <rule from="^http://imf\.org/" to="https://www.imf.org/"/>
+
+	<target host="imf.org" />
+	<target host="www.imf.org" />
+	<target host="www-amsweb-ext.imf.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
 
diff --git a/src/chrome/content/rules/IMGrind.com.xml b/src/chrome/content/rules/IMGrind.com.xml
new file mode 100644
index 000000000000..823f2e7fbd8c
--- /dev/null
+++ b/src/chrome/content/rules/IMGrind.com.xml
@@ -0,0 +1,29 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://imgrind.com/ => https://imgrind.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.imgrind.com/ => https://www.imgrind.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+	Mixed content:
+
+		- css from fonts.googleapis.com *
+
+		- Images from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="IMGrind.com" default_off="failed ruleset test">
+
+	<target host="imgrind.com" />
+	<target host="www.imgrind.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<securecookie host="^(?:www)?\.imgrind\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/IMMI.is.xml b/src/chrome/content/rules/IMMI.is.xml
index a09155205881..e932336be722 100644
--- a/src/chrome/content/rules/IMMI.is.xml
+++ b/src/chrome/content/rules/IMMI.is.xml
@@ -1,6 +1,22 @@
-<ruleset name="IMMI.is" platform="mixedcontent">
+<!--
+	Insecure cookies are set for these hosts:
+
+		- immi.is
+		- www.immi.is
+
+-->
+<ruleset name="IMMI.is">
      <target host="immi.is" />
      <target host="www.immi.is" />
 
-     <rule from="^http://(?:www\.)?immi\.is/" to="https://immi.is/"/>
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?immi\.is$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^(?:www\.)?immi\.is$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/IMSLP.xml b/src/chrome/content/rules/IMSLP.xml
new file mode 100644
index 000000000000..79826f74d7ff
--- /dev/null
+++ b/src/chrome/content/rules/IMSLP.xml
@@ -0,0 +1,35 @@
+<!--
+	Chain issue, missing intermediate:
+		- cn.imslp.org
+
+	Connection refused:
+		- s6.imslp.org
+
+	Invalid certificate:
+		- cnks.imslp.org
+		- ftp.imslp.org, equivalent to imslp.org
+		- mail.imslp.org, equivalent to imslp.org
+		- s3.imslp.org, equivalent to imslp.org
+		- s5.imslp.org, equivalent to cdn.imslp.org
+-->
+
+<ruleset name="IMSLP">
+	<target host="imslp.org" />
+	<target host="www.imslp.org" />
+	<target host="app-sandbox.imslp.org" />
+	<target host="cdn.imslp.org" />
+	<target host="ftp.imslp.org" />
+	<target host="ks2.imslp.org" />
+	<target host="mail.imslp.org" />
+	<target host="s3.imslp.org" />
+	<target host="s5.imslp.org" />
+
+	<rule from="^http://(ftp|mail|s3)\.imslp\.org/"
+		to="https://imslp.org/" />
+
+	<rule from="^http://s5\.imslp\.org/"
+		to="https://cdn.imslp.org/" />
+		<test url="http://s5.imslp.org/images/thumb/pdfs/2a/b6f395c4a4090b106c63bab5dd42a55dbe59e1b2.png" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/IMSSR.com.xml b/src/chrome/content/rules/IMSSR.com.xml
new file mode 100644
index 000000000000..c993f4b1f341
--- /dev/null
+++ b/src/chrome/content/rules/IMSSR.com.xml
@@ -0,0 +1,16 @@
+<ruleset name="IMSSR.com">
+
+	<target host="imssr.com" />
+	<target host="www.imssr.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?imssr\.com$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^(?:www\.)?imssr\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/IMedia-Communications.xml b/src/chrome/content/rules/IMedia-Communications.xml
index 7487e32c74ac..c2398fbebc00 100644
--- a/src/chrome/content/rules/IMedia-Communications.xml
+++ b/src/chrome/content/rules/IMedia-Communications.xml
@@ -1,4 +1,4 @@
-<!--	!functional:
+<!--
 		- assets.imediaconnections.com		(cert: www.imediacommunication.com; 404, !on www, !at www..../assets/)
 -->
 <ruleset name="iMedia Communications">
@@ -6,7 +6,7 @@
 	<target host="imediaconnection.com"/>
 	<target host="www.imediaconnection.com"/>
 
-	<securecookie host="^www\.imediaconnection\.com$" name=".*"/>
+	<securecookie host="^www\.imediaconnection\.com$" name=".+" />
 
 	<!--	cert !valid for !www	-->
 	<rule from="^http://(?:www\.)?imediaconnection\.com/"
diff --git a/src/chrome/content/rules/IModules.xml b/src/chrome/content/rules/IModules.xml
index c951d162c0c0..ae5118a8c535 100644
--- a/src/chrome/content/rules/IModules.xml
+++ b/src/chrome/content/rules/IModules.xml
@@ -3,17 +3,93 @@
 
 		- Alumniconnections.com.xml
 
+
+	Problematic hosts in *imodules.com:
+
+		- ^ ᵈ
+		- go ᵐ
+
+	ᵈ Dropped, preemptable redirect
+	ᵐ Pardot / mismatched
+
+
+	Mixed content:
+
+		- iframe on www from player.vimeo.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
 -->
-<ruleset name="iModules">
+<ruleset name="iModules.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="admin.imodules.com" />
+	<target host="adminlb.imodules.com" />
+	<target host="clients.imodules.com" />
+	<target host="securelb.imodules.com" />
+	<target host="support.imodules.com" />
+	<target host="www.imodules.com" />
+
+	<!--	(accounts:)	-->
+	<target host="culinary.imodules.com" />
+	<target host="iuaa.imodules.com" />
+	<target host="niu.imodules.com" />
+	<target host="northernillinois.imodules.com" />
+	<target host="ucsb.imodules.com" />
 
+		<!--	Sets cookies without Secure:
+							-->
+		<!--test url="http://securelb.imodules.com/s/1686/alumni/giving.aspx?sid=1686&amp;gid=4&amp;pgid=476" /-->
+
+	<!--	Complications:
+				-->
 	<target host="imodules.com" />
-	<target host="*.imodules.com" />
+	<target host="go.imodules.com" />
+
+		<exclusion pattern="^http://go\.imodules\.com/(?!/*(?:$|\?|[els]/|emailPreference/|unsubscribe/|webmail/))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://go.imodules.com/default.asp" />
+			<test url="http://go.imodules.com/default.aspx" />
+			<test url="http://go.imodules.com/favicon.ico" />
+			<test url="http://go.imodules.com/home.htm" />
+			<test url="http://go.imodules.com/home.html" />
+			<test url="http://go.imodules.com/index.htm" />
+			<test url="http://go.imodules.com/index.html" />
+			<test url="http://go.imodules.com/index.jsp" />
+			<test url="http://go.imodules.com/index.php" />
+
+			<!--	-ve:
+					-->
+			<test url="http://go.imodules.com/l/92862/2016-05-18/2n6bmk" />
+			<test url="http://go.imodules.com/l/92862/2016-06-30/2ykfx1" />
+			<test url="http://go.imodules.com/s/92862/wfQHnqYui9sEd7sNVrWZ0EZca05tCvlR?q=training" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^securelb\.imodules\.com$" name="^(CCS|DBMS_RETURNURL_\d+|ENCOMPASSSESSIONID_\d+|EncompassAuth)$" /-->
+	<!--securecookie host="^(?:clients|www|(account_vhost))\.imodules\.com$" name="^CCS$" /-->
+
+	<securecookie host="^(?!go\.)\w" name=".+" />
+
+
+	<rule from="^http://imodules\.com/"
+		to="https://www.imodules.com/" />
 
+	<!--	Redirect drops args and forward slash and args:
+								-->
+	<rule from="^http://go\.imodules\.com/+(?:\?.*)?$"
+		to="https://www.imodules.com/" />
 
-	<securecookie host="^(?:iuaa|securelb)\.imodules\.com$" name=".+" />
+		<test url="http://go.imodules.com/?" />
 
+	<rule from="^http://go\.imodules\.com/"
+		to="https://go.pardot.com/" />
 
-	<rule from="^http://((?:admin(?:lb)?|clients|culinary|iuaa|niu|securelb|ucsb|www)\.)?imodules\.com/"
-		to="https://$1imodules.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/IMshopping.com.xml b/src/chrome/content/rules/IMshopping.com.xml
new file mode 100644
index 000000000000..2c972b297cc9
--- /dev/null
+++ b/src/chrome/content/rules/IMshopping.com.xml
@@ -0,0 +1,10 @@
+<!--
+	Timeout:
+		- imshopping.com
+		- www.imshopping.com
+-->
+<ruleset name="IMshopping.com (partial)">
+	<target host="euwidget.imshopping.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/IN.com.xml b/src/chrome/content/rules/IN.com.xml
index e57db71b6cff..acb4f5673e6b 100644
--- a/src/chrome/content/rules/IN.com.xml
+++ b/src/chrome/content/rules/IN.com.xml
@@ -9,12 +9,12 @@
 		- www			(Akamai; "Service Unavailable")
 
 -->
-<ruleset name="IN.com (partial)" default_off="mismatch">
+<ruleset name="IN.com (partial)" default_off="mismatched">
 
 	<!--	Akamai	-->
 	<target host="ns.ibnlive.in.com" />
 
-	<rule from="^http://ns\.ibnlive\.in\.com/"
-		to="https://ns.ibnlive.in.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/INA.fr.xml b/src/chrome/content/rules/INA.fr.xml
new file mode 100644
index 000000000000..d52cd8211abd
--- /dev/null
+++ b/src/chrome/content/rules/INA.fr.xml
@@ -0,0 +1,80 @@
+<!--
+	Time out:
+		atlantis.ina.fr
+		bobino.ina.fr
+		diginpix.ina.fr
+		imagina.ina.fr
+		media.ina.fr
+		photo.ina.fr
+		prestowspace.ina.fr
+		recherche.ina.fr
+		research.ina.fr
+		speechtrax.ina.fr
+		syncnotes.ina.fr
+
+	Different content http/https:
+		bouquetmultimedia.ina.fr
+		grands-entretiens.ina.fr
+
+	Invalid certificate:
+		www.boutique.ina.fr
+		catalogue-productions.ina.fr
+		ditesle.ina.fr
+		edith-piaf.ina.fr
+		www.jeu-concours.gagnants.ina.fr
+		tops.ina.fr
+
+	Secure connection failed:
+		brava.ina.fr
+		prestoprimews.ina.fr
+		opales.ina.fr
+		portail.ina.fr
+		portail-si.ina.fr
+		quaerowspace.ina.fr
+		rp-extp.ina.fr
+
+	Broken chain:
+		dataset.ina.fr
+
+	Private subdomain:
+		inca.ina.fr
+
+	Refused:
+		inatheque.ina.fr
+
+	No working URL known:
+		marina-public.ina.fr
+		mp4.ina.fr
+		mp4-fvod.ina.fr
+		mp4studio.ina.fr
+		mp4studiostream.ina.fr
+		player.ina.fr
+		sites.ina.fr
+		stream.ina.fr
+
+	Mixed content:
+		quiz.ina.fr
+
+-->
+<ruleset name="INA.fr">
+
+	<target host="ina.fr" />
+	<target host="www.ina.fr" />
+	<target host="boutique.ina.fr" />
+	<target host="www.boutique.ina.fr" />
+	<target host="edith-piaf.ina.fr" />
+	<target host="entretiens.ina.fr" />
+	<target host="fresques.ina.fr" />
+	<target host="jeux.ina.fr" />
+	<target host="m.ina.fr" />
+	<target host="presse.ina.fr" />
+
+	<rule from="^http://www\.boutique\.ina\.fr/"
+		to="https://boutique.ina.fr/" />
+
+	<rule from="^http://edith-piaf\.ina\.fr/"
+		to="https://www.ina.fr/personnalites/edith-piaf/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/INDURE.xml b/src/chrome/content/rules/INDURE.xml
index 74f314c1ae82..2ff45a4439ab 100644
--- a/src/chrome/content/rules/INDURE.xml
+++ b/src/chrome/content/rules/INDURE.xml
@@ -1,11 +1,15 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.indure.org/ => https://www.indure.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.indure.org'")
+
 	For other Purdue University coverage, see Purdue_University.xml.
 
 
 	!www doesn't exist.
 
 -->
-<ruleset name="INDURE">
+<ruleset name="INDURE" default_off="failed ruleset test">
 
 	<target host="www.indure.org" />
 
@@ -13,7 +17,6 @@
 	<securecookie host="^www\.indure\.org$" name=".+" />
 
 
-	<rule from="^http://www\.indure\.org/"
-		to="https://www.indure.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/INFN.it.xml b/src/chrome/content/rules/INFN.it.xml
new file mode 100644
index 000000000000..289ce7c3d930
--- /dev/null
+++ b/src/chrome/content/rules/INFN.it.xml
@@ -0,0 +1,135 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://lnyx.cnaf.infn.it/ => https://lnyx.cnaf.infn.it/: (6, 'Could not resolve host: lnyx.cnaf.infn.it')
+Fetch error: http://agenda.ct.infn.it/ => https://agenda.ct.infn.it/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://imapfis.ct.infn.it/ => https://imapfis.ct.infn.it/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.lnf.infn.it/ => https://www.lnf.infn.it/: Too many redirects while fetching 'https://www.lnf.infn.it/'
+
+	Nonfunctional subdomains:
+
+		- www-ceb.bo ¹
+		- www-th.bo ²
+
+		- cms.ct ³
+		- documents.ct ¹
+		- www.ct ¹
+
+		- www.gssi ³
+		- lhcitalia ¹
+
+		- edu.lnf ¹
+		- scienzapertutti.lnf ¹
+		- w3.lnf ¹
+
+		- sperimentando.lnl ³
+		- trasparenza ⁴
+		- www ⁵
+
+	¹ Dropped
+	² Shows www.bo
+	³ Refused
+	⁴ Shows www
+	⁵ 404
+
+
+	Problematic subdomains:
+
+		- fribs.lns ¹
+		- mrbs.lns ²
+		- popimap.lns ²
+		- www.lns ²
+
+		- mnemosine.pd ²
+		- sirad.pd ³
+		- www.pg ²
+		- www.presid ⁴
+		- web ²
+		- web2 ²
+
+	¹ Shows www.lns
+	² Self-signed
+	³ Shows mnemosine.pd
+	⁴ Mismatched
+
+
+	Fully covered subdomains:
+
+		- www.ac
+		- agenda
+
+		- boposta.bo
+		- webmail.bo
+		- www.bo
+		- wwwsrv.bo
+
+		- lnyx.cnaf
+		- sysinfo-15.cnaf
+		- www.cnaf
+
+		- agenda.ct
+		- imap.ct
+		- imap-0[12].ct
+		- imapfis.ct
+
+		- idp
+		- www.lnf
+		- www.lngs
+		- portale-sisinfo
+		- portale-utente
+		- www.tifpa
+
+	^infn.it doesn't exist.
+
+
+	Mixed content:
+
+		- Images on www.cnaf from $self *
+
+		- Bug on idp from www.lnf *
+
+	* Secured by us
+
+-->
+<ruleset name="INFN.it (partial)" default_off="failed ruleset test">
+
+	<target host="www.ac.infn.it" />
+	<target host="agenda.infn.it" />
+
+	<target host="boposta.bo.infn.it" />
+	<target host="webmail.bo.infn.it" />
+	<target host="www.bo.infn.it" />
+	<target host="wwwsrv.bo.infn.it" />
+
+	<target host="lnyx.cnaf.infn.it" />
+	<target host="sysinfo-15.cnaf.infn.it" />
+	<target host="www.cnaf.infn.it" />
+
+	<target host="agenda.ct.infn.it" />
+	<target host="imap.ct.infn.it" />
+	<target host="imap-01.ct.infn.it" />
+	<target host="imap-02.ct.infn.it" />
+	<target host="imapfis.ct.infn.it" />
+
+	<target host="idp.infn.it" />
+	<target host="www.lnf.infn.it" />
+	<target host="www.lngs.infn.it" />
+	<target host="portale-sisinfo.infn.it" />
+	<target host="portale-utente.infn.it" />
+	<target host="www.presid.infn.it" />
+	<target host="www.tifpa.infn.it" />
+
+
+	<!-- 404 on https -->
+	<exclusion pattern="^http://www\.lnf\.infn\.it/~\w+" />
+	<test url="http://www.lnf.infn.it/~angius/" />
+	<test url="http://www.lnf.infn.it/~chiadron/" />
+
+
+	<rule from="^http://www\.presid\.infn\.it/"
+		to="https://web2.infn.it/presidenza/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/INFOnline.xml b/src/chrome/content/rules/INFOnline.xml
index 7ac5ced605ef..a163270a2bc2 100644
--- a/src/chrome/content/rules/INFOnline.xml
+++ b/src/chrome/content/rules/INFOnline.xml
@@ -1,6 +1,7 @@
 <!--
 	Other INFOnline rulesets:
 
+		- IOam.de.xml
 		- Ivwbox.de.xml
 
 -->
@@ -12,7 +13,6 @@
 
 	<!--	Cert only matches *.infonline.de.
 							-->
-	<rule from="^https?://(?:www\.)?infonline\.de/"
-		to="https://www.infonline.de/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/ING-Direct.xml b/src/chrome/content/rules/ING-Direct.xml
index fdfda385462c..7e1f0faf0156 100644
--- a/src/chrome/content/rules/ING-Direct.xml
+++ b/src/chrome/content/rules/ING-Direct.xml
@@ -1,31 +1,40 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ingdirect.com/ => https://www.ingdirect.com/: (6, 'Could not resolve host: www.ingdirect.com')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://ingdirect.com/ => https://www.ingdirect.com/: (60, 'SSL certificate problem: certificate has expired')
 	Nonfunctional subdomains:
 
 		- cafes.ingdirect.com	(cert: 217569-2.217569-2.com, self-signed; shows RHEL Apache test page)
 
 -->
-<ruleset name="ING Direct">
+<ruleset name="ING Direct" default_off="failed ruleset test">
 
 	<target host="ingdirect.com" />
-	<target host="*.ingdirect.com" />
+	<target host="www.ingdirect.com" />
+	<target host="helpcenter.ingdirect.com" />
+	<target host="home.ingdirect.com" />
+	<target host="secure.ingdirect.com" />
+	<target host="shop.ingdirect.com" />
 	<target host="ingdirect.com.au" />
 	<target host="www.ingdirect.com.au" />
 
 
-	<securecookie host="^.*\.ingdirect\.com$" name=".*" />
-	<securecookie host="^www\.ingdirect\.com\.au$" name=".*" />
+	<securecookie host="^.*\.ingdirect\.com$" name=".+" />
+	<securecookie host="^www\.ingdirect\.com\.au$" name=".+" />
 
 
 	<!--	Cert only matches www.
 					-->
-	<rule from="^https?://(?:www\.)?ingdirect\.com/"
+	<rule from="^http://(?:www\.)?ingdirect\.com/"
 		to="https://www.ingdirect.com/" />
 
-	<rule from="^http://(helpcenter|home|secure|shop)\.ingdirect\.com/"
-		to="https://$1.ingdirect.com/" />
 
 	<!--	Cert only matches www.	-->
-	<rule from="^https?://(?:www\.)?ingdirect\.com\.au/"
+	<rule from="^http://(?:www\.)?ingdirect\.com\.au/"
 		to="https://www.ingdirect.com.au/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/ING.org.xml b/src/chrome/content/rules/ING.org.xml
new file mode 100644
index 000000000000..0781cdeefc93
--- /dev/null
+++ b/src/chrome/content/rules/ING.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="ING.org">
+	<target host="ing.org" />
+	<target host="www.ing.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ING.xml b/src/chrome/content/rules/ING.xml
new file mode 100644
index 000000000000..2560b7cb930c
--- /dev/null
+++ b/src/chrome/content/rules/ING.xml
@@ -0,0 +1,17 @@
+<ruleset name="ING">
+    <target host="ing.com" />
+    <target host="www.ing.com" />
+    <target host="ing.nl" />
+    <target host="mijn.ing.nl" />
+    <target host="mijnzakelijk.ing.nl" />
+    <target host="www.ing.nl" />
+
+    <rule from="^http://ing\.com/"
+        to="https://www.ing.com/" />
+    <rule from="^http://ing\.nl/"
+        to="https://www.ing.nl/" />
+    <rule from="^http://([^/:@]+)\.ing\.com/"
+        to="https://$1.ing.com/" />
+    <rule from="^http://([^/:@]+)\.ing\.nl/"
+        to="https://$1.ing.nl/" />
+</ruleset>
diff --git a/src/chrome/content/rules/INPS.it.xml b/src/chrome/content/rules/INPS.it.xml
new file mode 100644
index 000000000000..944dae76a34d
--- /dev/null
+++ b/src/chrome/content/rules/INPS.it.xml
@@ -0,0 +1,18 @@
+<!--
+	^inps.it doesn't exist.
+
+-->
+<ruleset name="INPS.it">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.inps.it" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/INQA.de.xml b/src/chrome/content/rules/INQA.de.xml
new file mode 100644
index 000000000000..3776759e9758
--- /dev/null
+++ b/src/chrome/content/rules/INQA.de.xml
@@ -0,0 +1,15 @@
+<!--
+	Invalid certificate:
+		www.gutepraxis.inqa.de
+		www.inarbeit.inqa.de
+-->
+<ruleset name="INQA.de">
+
+	<target host="inqa.de" />
+	<target host="www.inqa.de" />
+	<target host="inarbeit.inqa.de" />
+	<target host="shop.inqa.de" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/INSA-Lyon.fr.xml b/src/chrome/content/rules/INSA-Lyon.fr.xml
new file mode 100644
index 000000000000..11e6097b8f03
--- /dev/null
+++ b/src/chrome/content/rules/INSA-Lyon.fr.xml
@@ -0,0 +1,69 @@
+<!--
+	Nonfunctional hosts in *insa-lyon.fr:
+
+		- cethil ¹
+		- chaires ²
+
+		- m.docinsa ³
+		- piwik.docinsa ³
+		- scd.docinsa
+
+		- flora ³
+		- lamcos ⁴
+		- mateis ²
+		- ori-oai-search ³
+		- polycop ³
+		- referencesbibliographiques ³
+		- sapristi-docinsa ³
+		- theses ³
+
+	¹ Plaintext reply
+	² Shows another domain
+	³ Refused
+	⁴ 403
+
+
+	Problematic hosts in *insa-lyon.fr:
+
+		- ^ ¹
+		- eai ¹ ²
+		- fondation ²
+		- intranet ¹
+
+	¹ Mismatched
+	² Missing cert chain
+
+
+	Mixed content:
+
+		- css on fondation from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="INSA-Lyon.fr (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="intranet.creatis.insa-lyon.fr" />
+	<target host="www.creatis.insa-lyon.fr" />
+	<!--target host="fondation.insa-lyon.fr" /-->
+	<target host="login.insa-lyon.fr" />
+	<target host="planete.insa-lyon.fr" />
+	<target host="www.insa-lyon.fr" />
+
+	<!--	Complications:
+				-->
+	<target host="insa-lyon.fr" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://insa-lyon\.fr/"
+		to="https://www.insa-lyon.fr/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/INaturalist.org.xml b/src/chrome/content/rules/INaturalist.org.xml
index 9c01834ac996..76792e1c0b07 100644
--- a/src/chrome/content/rules/INaturalist.org.xml
+++ b/src/chrome/content/rules/INaturalist.org.xml
@@ -1,32 +1,30 @@
 <!--
-	CDN buckets:
+	Invalid certificate:
+		inaturalist.org
+		sticta.inaturalist.org
 
-		- s3.amazonaws.com/static.inaturalist.org/
-
-
-	Mixed content:
-
-		- Images, on www from:
-
-			- static *
-			- www *
-
-	* Secured by us, doesn't trip MCB
+	Refused:
+		colombia.inaturalist.org
+		canada.inaturalist.org
+		conabio.inaturalist.org
+		naturewatch.inaturalist.org
 
 -->
 <ruleset name="iNaturalist.org">
 
 	<target host="inaturalist.org" />
-	<target host="*.inaturalist.org" />
-
+	<target host="www.inaturalist.org" />
+	<target host="api.inaturalist.org" />
+	<target host="static.inaturalist.org" />
+		<test url="http://static.inaturalist.org/wiki_page_attachments/364-original.pdf" />
+	<target host="tiles.inaturalist.org" />
 
 	<securecookie host="^www\.inaturalist\.org$" name=".+" />
 
+	<rule from="^http://inaturalist\.org/"
+		to="https://www.inaturalist.org/" />
 
-	<rule from="^http://(www\.)?inaturalist\.org/"
-		to="https://$1inaturalist.org/" />
-
-	<rule from="^http://static\.inaturalist\.org/"
-		to="https://s3.amazonaws.com/static.inaturalist.org/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/INet-Interactive.xml b/src/chrome/content/rules/INet-Interactive.xml
index e9542021169d..a4a7b4d2fc0b 100644
--- a/src/chrome/content/rules/INet-Interactive.xml
+++ b/src/chrome/content/rules/INet-Interactive.xml
@@ -1,15 +1,42 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://inetinteractive.com/ => https://inetinteractive.com/: (51, "SSL: no alternative certificate subject name matches target host name 'inetinteractive.com'")
+
 	Other iNet Interactive rulesets:
 
-		- Overclockers.xml
+		- AFCOM.com.xml
+		- DataCenterKnowledge.com.xml
+		- Data_Center_World.com.xml
+		- DBforums.xml
+		- HostingCon.xml
+		- Host_Voice.com.xml
+		- Hot_Scripts.com.xml
+		- Web-Hosting-Talk.xml
+		- Windows_Secrets.com.xml
+
+
+	Nonfunctional subdomains:
+
+		- mediakit *
+
+	* Redirects to www
+
+
+	Mixed content:
+
+		- Images from $self *
+
+	* Secured by us
 
 -->
-<ruleset name="iNet Interactive">
+<ruleset name="iNet Interactive (partial)" default_off="failed ruleset test">
 
 	<target host="inetinteractive.com"/>
 	<target host="www.inetinteractive.com"/>
+		<!--exclusion pattern="http://mediakit\.inetinteractive\.com/" /-->
+
 
-	<rule from="^http://(www\.)?inetinteractive\.com/"
-		to="https://$1inetinteractive.com/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/IOCCC.org.xml b/src/chrome/content/rules/IOCCC.org.xml
index 98dd76739f3e..c5236f061fd3 100644
--- a/src/chrome/content/rules/IOCCC.org.xml
+++ b/src/chrome/content/rules/IOCCC.org.xml
@@ -1,18 +1,9 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)	(shows submit)
-
-
-	Expired 2012-11-30
-
--->
-<ruleset name="IOCCC.org (partial)" default_off="expired">
+<ruleset name="IOCCC.org (partial)">
 
+	<target host="ioccc.org" />
+	<target host="www.ioccc.org" />
 	<target host="submit.ioccc.org" />
 
+	<rule from="^http:" to="https:" />
 
-	<rule from="^http://submit\.ioccc\.org/"
-		to="https://submit.ioccc.org/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/IOLProperty.co.za.xml b/src/chrome/content/rules/IOLProperty.co.za.xml
index c6339a5ea931..f61222248f6d 100644
--- a/src/chrome/content/rules/IOLProperty.co.za.xml
+++ b/src/chrome/content/rules/IOLProperty.co.za.xml
@@ -21,7 +21,6 @@
 	<securecookie host="^www\.iolproperty\.co\.za$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?iolproperty\.co\.za/"
-		to="https://www.iolproperty.co.za/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ION-Audio.xml b/src/chrome/content/rules/ION-Audio.xml
deleted file mode 100644
index d3f3278f0e53..000000000000
--- a/src/chrome/content/rules/ION-Audio.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<ruleset name="ION Audio">
-
-	<target host="ionaudio.com" />
-	<target host="www.ionaudio.com" />
-	<target host="*.www.ionaudio.com" />
-
-
-	<securecookie host="^\.?www\.ionaudio\.com$" name=".+" />
-
-
-	<!--	Cert only matches www.
-					-->
-	<rule from="^https?://(?:www\.)?ionaudio\.com/"
-		to="https://www.ionaudio.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/IONAudio.com.xml b/src/chrome/content/rules/IONAudio.com.xml
new file mode 100644
index 000000000000..a439e9d65052
--- /dev/null
+++ b/src/chrome/content/rules/IONAudio.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="IONAudio.com">
+
+	<target host="ionaudio.com" />
+	<target host="www.ionaudio.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/IOPLEX_Software.xml b/src/chrome/content/rules/IOPLEX_Software.xml
index fd7fabae965b..322860064544 100644
--- a/src/chrome/content/rules/IOPLEX_Software.xml
+++ b/src/chrome/content/rules/IOPLEX_Software.xml
@@ -7,7 +7,6 @@
 	<securecookie host="^(?:www\.)?ioplex\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?ioplex\.com/"
-		to="https://$1ioplex.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/IOSCO.org.xml b/src/chrome/content/rules/IOSCO.org.xml
new file mode 100644
index 000000000000..2a6c3069417e
--- /dev/null
+++ b/src/chrome/content/rules/IOSCO.org.xml
@@ -0,0 +1,31 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .iosco.org
+		- www.iosco.org
+
+-->
+<ruleset name="IOSCO.org">
+
+	<target host="iosco.org" />
+	<target host="www.iosco.org" />
+
+		<!--	Set cookies without Secure:
+							-->
+		<!--test url="http://www.iosco.org/forums/" /-->
+		<!--test url="http://www.iosco.org/members_area/" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www)?\.iosco\.org$" name="^CF(?:ID|TOKEN)$" /-->
+	<!--securecookie host="^www\.iosco\.org$" name="^MEMBERSAREAAUTH$" /-->
+
+	<securecookie host="^\." name="^CF(?:ID|TOKEN)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/IOSPP.xml b/src/chrome/content/rules/IOSPP.xml
deleted file mode 100644
index 98335da617ae..000000000000
--- a/src/chrome/content/rules/IOSPP.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="IOSPP">
-
-	<target host="iospp.org" />
-	<target host="*.iospp.org" />
-
-
-	<securecookie host="^(?:www)?\.iospp\.org$" name=".+" />
-
-
-	<rule from="^http://(www\.)?iospp\.org/"
-		to="https://$1iospp.org/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/IOS_Dev_Weekly.com.xml b/src/chrome/content/rules/IOS_Dev_Weekly.com.xml
new file mode 100644
index 000000000000..bfe2a18c069c
--- /dev/null
+++ b/src/chrome/content/rules/IOS_Dev_Weekly.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- iosdevweekly.com
+
+-->
+<ruleset name="iOS Dev Weekly.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="iosdevweekly.com" />
+	<target host="www.iosdevweekly.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^iosdevweekly\.com$" name="^(?:_herald_session|pid)$" /-->
+
+	<securecookie host="^iosdevweekly\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/IOam.de.xml b/src/chrome/content/rules/IOam.de.xml
new file mode 100644
index 000000000000..6ab82d33edf0
--- /dev/null
+++ b/src/chrome/content/rules/IOam.de.xml
@@ -0,0 +1,96 @@
+<!--
+	Web bugs.
+
+	For other INFOnline coverage, see INFOnline.xml.
+
+
+	^ioam.de doesn't exist.
+
+	5xx:
+		- panel.ioam.de
+
+	Timeout:
+		- cubec001.ioam.de
+		- cubec002.ioam.de
+		- cubec003.ioam.de
+		- cubec004.ioam.de
+		- cubec005.ioam.de
+		- cubec006.ioam.de
+		- cubec007.ioam.de
+		- cubec008.ioam.de
+		- cubec009.ioam.de
+		- cubec010.ioam.de
+		- pool1.ioam.de
+		- pool2.ioam.de
+		- pool3.ioam.de
+		- pool4.ioam.de
+		- pool5.ioam.de
+
+-->
+<ruleset name="IOam.de">
+
+	<target host="www.ioam.de" />
+	<target host="ads.ioam.de" />
+	<target host="ads3.ioam.de" />
+	<target host="ads4.ioam.de" />
+	<target host="apptest.ioam.de" />
+	<target host="audit.ioam.de" />
+	<target host="cd.ioam.de" />
+	<target host="config.ioam.de" />
+	<target host="config3.ioam.de" />
+	<target host="cubec020.ioam.de" />
+	<target host="cubec021.ioam.de" />
+	<target host="cubec022.ioam.de" />
+	<target host="cubec023.ioam.de" />
+	<target host="cuber030.ioam.de" />
+	<target host="cuber031.ioam.de" />
+	<target host="cuber032.ioam.de" />
+	<target host="cuber033.ioam.de" />
+	<target host="cuber034.ioam.de" />
+	<target host="cuber035.ioam.de" />
+	<target host="cuber036.ioam.de" />
+	<target host="cuber037.ioam.de" />
+	<target host="cuber038.ioam.de" />
+	<target host="cuber039.ioam.de" />
+	<target host="cuber040.ioam.de" />
+	<target host="cuber041.ioam.de" />
+	<target host="cuber042.ioam.de" />
+	<target host="cuber043.ioam.de" />
+	<target host="cuber044.ioam.de" />
+	<target host="cuber045.ioam.de" />
+	<target host="cuber046.ioam.de" />
+	<target host="cuber047.ioam.de" />
+	<target host="cuber048.ioam.de" />
+	<target host="cuber049.ioam.de" />
+	<target host="cubes009.ioam.de" />
+	<target host="cubes010.ioam.de" />
+	<target host="cubes011.ioam.de" />
+	<target host="cubes012.ioam.de" />
+	<target host="cubes013.ioam.de" />
+	<target host="cubes014.ioam.de" />
+	<target host="cubes015.ioam.de" />
+	<target host="cubes016.ioam.de" />
+	<target host="cubes017.ioam.de" />
+	<target host="cubes018.ioam.de" />
+	<target host="de.ioam.de" />
+	<target host="de3.ioam.de" />
+	<target host="de4.ioam.de" />
+	<target host="irqs.ioam.de" />
+	<target host="log.ioam.de" />
+	<target host="me.ioam.de" />
+	<target host="mqs.ioam.de" />
+	<target host="optout.ioam.de" />
+	<target host="qs.ioam.de" />
+	<target host="qs2.ioam.de" />
+	<target host="script.ioam.de" />
+	<target host="script-dev.ioam.de" />
+	<target host="script3.ioam.de" />
+	<target host="script4.ioam.de" />
+	<target host="szm-checker.ioam.de" />
+	<target host="szmchecker.ioam.de" />
+	<target host="xml.ioam.de" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/IOpus.com.xml b/src/chrome/content/rules/IOpus.com.xml
deleted file mode 100644
index e2b680b24cb1..000000000000
--- a/src/chrome/content/rules/IOpus.com.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="iOpus.com (partial)">
-
-	<target host="support.iopus.com" />
-
-
-	<securecookie host="^support\.iopus\.com$" name=".+" />
-
-
-	<rule from="^http://support\.iopus\.com/"
-		to="https://support.iopus.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/IP-Projects.de.xml b/src/chrome/content/rules/IP-Projects.de.xml
index 4daf67030553..90463a603ea0 100644
--- a/src/chrome/content/rules/IP-Projects.de.xml
+++ b/src/chrome/content/rules/IP-Projects.de.xml
@@ -1,13 +1,13 @@
 <ruleset name="IP-Projects.de">
 
 	<target host="ip-projects.de" />
-	<target host="*.ip-projects.de" />
+	<target host="piwik.ip-projects.de" />
+	<target host="www.ip-projects.de" />
 
 
 	<securecookie host="^www\.ip-projects\.de$" name=".+" />
 
 
-	<rule from="^http://(piwik\.|www\.)?ip-projects\.de/"
-		to="https://$1ip-projects.de/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/IP2Location.com.xml b/src/chrome/content/rules/IP2Location.com.xml
index c20140224bbc..6b47cfcf5053 100644
--- a/src/chrome/content/rules/IP2Location.com.xml
+++ b/src/chrome/content/rules/IP2Location.com.xml
@@ -7,7 +7,6 @@
 	<securecookie host="^(?:www\.)?ip2location\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?ip2location\.com/"
-		to="https://$1ip2location.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/IPA.go.jp.xml b/src/chrome/content/rules/IPA.go.jp.xml
index d651389fb829..42de73fe7766 100644
--- a/src/chrome/content/rules/IPA.go.jp.xml
+++ b/src/chrome/content/rules/IPA.go.jp.xml
@@ -1,13 +1,10 @@
-<ruleset name="Japan Information Technology Promotion Agency">
+<!--
+	Japan Information Technology Promotion Agency
+
+-->
+<ruleset name="IPA.go.jp">
   <target host="www.ipa.go.jp" />
-  <target host="www.ipa.jp" />
-  <target host="ipa.jp" />
   <target host="www.jitec.ipa.go.jp" />
-  <target host="www.jitec.jp" />
-  <target host="jitec.jp" />
 
-  <rule from="^http://www\.ipa\.go\.jp/" to="https://www.ipa.go.jp/" />
-  <rule from="^http://(www\.)?ipa\.jp/" to="https://www.ipa.go.jp/" />
-  <rule from="^http://www\.jitec\.ipa\.go\.jp/" to="https://www.jitec.ipa.go.jp/" />
-  <rule from="^http://(www\.)?jitec\.jp/" to="https://www.jitec.ipa.go.jp/" />
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/IPAC.global.xml b/src/chrome/content/rules/IPAC.global.xml
new file mode 100644
index 000000000000..9a9ea03ba9fa
--- /dev/null
+++ b/src/chrome/content/rules/IPAC.global.xml
@@ -0,0 +1,15 @@
+<!--
+	Inter-Parliamentary Alliance on China
+
+	Mismatched:
+		- link.ipac.global
+-->
+<ruleset name="IPAC.global">
+	<target host="ipac.global" />
+	<target host="www.ipac.global" />
+	<target host="stg.ipac.global" />
+  
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/IPAddressLabs.com.xml b/src/chrome/content/rules/IPAddressLabs.com.xml
index 1f36f88ffd52..1cc11854a21e 100644
--- a/src/chrome/content/rules/IPAddressLabs.com.xml
+++ b/src/chrome/content/rules/IPAddressLabs.com.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ipaddresslabs.com/ => http://ipaddresslabs.com/: (6, 'Could not resolve host: ipaddresslabs.com')
+
 	Problematic subdomains:
 
 		- services	("INVALID_URL_SUBDOMAIN", valid cert)
@@ -7,16 +11,18 @@
 	Some pages redirect to http.
 
 -->
-<ruleset name="IPAddressLabs.com (partial)">
+<ruleset name="IPAddressLabs.com (partial)" default_off="failed ruleset test">
 
 	<target host="ipaddresslabs.com" />
-	<target host="*.ipaddresslabs.com" />
+	<target host="www.ipaddresslabs.com" />
+	<target host="services.ipaddresslabs.com" />
+	<target host="https-services.ipaddresslabs.com" />
 
 
 	<rule from="^http://(www\.)?ipaddresslabs\.com/(cs|image)s/"
 		to="https://$1ipaddresslabs.com/$2s/" />
 
-	<rule from="^https?://(?:https-)?services\.ipaddresslabs\.com/"
+	<rule from="^http://(?:https-)?services\.ipaddresslabs\.com/"
 		to="https://https-services.ipaddresslabs.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/IPCC.ch.xml b/src/chrome/content/rules/IPCC.ch.xml
index 84cf81215e8b..c98ab53d83c1 100644
--- a/src/chrome/content/rules/IPCC.ch.xml
+++ b/src/chrome/content/rules/IPCC.ch.xml
@@ -1,7 +1,10 @@
-<ruleset name="IPCC.ch" platform="mixedcontent">
-	<target host="www.ipcc.ch" />
+<ruleset name="IPCC.ch">
+
 	<target host="ipcc.ch" />
-	<rule from="^http://ipcc\.ch/" to="https://ipcc.ch/"/>
-	<rule from="^http://www\.ipcc\.ch/" to="https://www.ipcc.ch/"/>
-</ruleset>
+	<target host="www.ipcc.ch" />
+	<target host="ar5-syr.ipcc.ch" />
+	<target host="wg1.ipcc.ch" />
+
+	<rule from="^http:" to="https:" />
 
+</ruleset>
diff --git a/src/chrome/content/rules/IPCdigital.co.uk.xml b/src/chrome/content/rules/IPCdigital.co.uk.xml
index d9594a37a03d..72d070849710 100644
--- a/src/chrome/content/rules/IPCdigital.co.uk.xml
+++ b/src/chrome/content/rules/IPCdigital.co.uk.xml
@@ -15,7 +15,7 @@
 		- zardoz.ipcdigital.co.uk.edgesuite.net
 
 
-	FUlly covered subdomains:
+	Fully covered subdomains:
 
 		- *.media:
 
@@ -44,4 +44,4 @@
 	<rule from="^http://([\w-]+)(?:\.secure)?\.media\.ipcdigital\.co\.uk/"
 		to="https://$1.secure.media.ipcdigital.co.uk/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/IPFS.com.xml b/src/chrome/content/rules/IPFS.com.xml
new file mode 100644
index 000000000000..6cd4c62f9d40
--- /dev/null
+++ b/src/chrome/content/rules/IPFS.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- ipfs.com
+		- www.ipfs.com
+
+-->
+<ruleset name="IPFS.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ipfs.com" />
+	<target host="www.ipfs.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?ipfs\.com$" name="^(ASP\.NET_SessionId|BIGipServer\w+)$" /-->
+
+	<securecookie host="^(?:www\.)?ipfs\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/IPFire.org-falsemixed.xml b/src/chrome/content/rules/IPFire.org-falsemixed.xml
deleted file mode 100644
index d6186e8e3692..000000000000
--- a/src/chrome/content/rules/IPFire.org-falsemixed.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	For rules that are on by default, see IPFire.org.xml.
-
--->
-<ruleset name="IPFire.org (false MCB)" platform="cacert mixedcontent">
-
-	<target host="ipfire.org" />
-	<target host="*.ipfire.org" />
-
-
-	<securecookie host="^fireinfo\.ipfire\.org$" name=".+" />
-
-
-	<!--	Server drops path:
-					-->
-	<rule from="^http://ipfire\.org/.*"
-		to="https://www.ipfire.org/" />
-
-	<rule from="^http://(fireinfo|planet|static|wishlist|www)\.ipfire\.org/"
-		to="https://$1.ipfire.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/IPFire.org.xml b/src/chrome/content/rules/IPFire.org.xml
deleted file mode 100644
index 41abdcb776d4..000000000000
--- a/src/chrome/content/rules/IPFire.org.xml
+++ /dev/null
@@ -1,41 +0,0 @@
-<!--
-	For rules causing false/broken MCB, see IPFire.org-falsemixed.xml.
-
-
-	Nonfunctional subdomains:
-
-		- forum *
-		- lists *
-		- wiki *
-
-	* Shows ^ipfire.org
-
-
-	Mixed content:
-
-		- css, on fireinfo, mirror, planet, tracker, wishlist, and www from:
-
-			- static *
-			- fonts.googleapis.com *
-
-		- Images, on:
-
-			- fireinfo, mirror, planet, tracker, wishlist, and www from static *
-			- planet from www.gravitar.com *
-
-	* Secured by us
-
--->
-<ruleset name="IPFire.org (partial)">
-
-	<target host="bugzilla.ipfire.org" />
-	<target host="pakfire.ipfire.org" />
-
-
-	<securecookie host="^(?:bugzilla|pakfire)\.ipfire\.org$" name=".+" />
-
-
-	<rule from="^http://(bugzilla|pakfire)\.ipfire\.org/"
-		to="https://$1.ipfire.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/IPGMail.com.xml b/src/chrome/content/rules/IPGMail.com.xml
new file mode 100644
index 000000000000..44fb8c9d344d
--- /dev/null
+++ b/src/chrome/content/rules/IPGMail.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="iPGMail.com">
+
+	<target host="ipgmail.com" />
+	<target host="www.ipgmail.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/IPONWEB.xml b/src/chrome/content/rules/IPONWEB.xml
index 913e90cc908a..b3c280322cc6 100644
--- a/src/chrome/content/rules/IPONWEB.xml
+++ b/src/chrome/content/rules/IPONWEB.xml
@@ -5,14 +5,31 @@
 		- iponweb.net
 		- www.iponweb.net	(401)
 
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- d.liadm.com
+		- .d.liadm.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
 -->
 <ruleset name="IPONWEB (partial)">
 
+	<!--	Tracking beacons	-->
+	<target host="d.liadm.com" />
 	<target host="p.liadm.com" />
 
+		<test url="http://d.liadm.com/segment?s=&amp;gtmcb=" />
 
-	<!--	Tracking beacons	-->
-	<rule from="^http://p\.liadm\.com/"
-		to="https://p.liadm.com/" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.?d\.liadm\.com$" name="^tuuid$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/IPOWER.com.xml b/src/chrome/content/rules/IPOWER.com.xml
new file mode 100644
index 000000000000..2681dbf9e303
--- /dev/null
+++ b/src/chrome/content/rules/IPOWER.com.xml
@@ -0,0 +1,16 @@
+<ruleset name="IPOWER">
+
+	<target host="ipower.com" />
+	<target host="*.ipower.com" />
+
+		<test url="http://ilovegardens.ipower.com/" />
+		<test url="http://littlejackbabystore.ipower.com/" />
+		<test url="http://rhythmoftheearth.ipower.com/" />
+		<test url="http://sterlinghi.ipower.com/index.html" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/IPOWER.xml b/src/chrome/content/rules/IPOWER.xml
deleted file mode 100644
index 65f17813b039..000000000000
--- a/src/chrome/content/rules/IPOWER.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<ruleset name="IPOWER">
-
-	<target host="ipower.com" />
-	<target host="*.ipower.com" />
-
-
-	<securecookie host="^.*\.ipower\.com$" name=".*" />
-
-
-	<!--	images' cert is valid, but 404s.
-							-->
-	<rule from="^http://images\.ipower\.com/"
-		to="https://secure.ipower.com/images/" />
-
-	<rule from="^http://([\w\-]+\.)?ipower\.com/"
-		to="https://$1ipower.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/IPQualityScore.com.xml b/src/chrome/content/rules/IPQualityScore.com.xml
index 2ebe6faa671b..636ebf60594d 100644
--- a/src/chrome/content/rules/IPQualityScore.com.xml
+++ b/src/chrome/content/rules/IPQualityScore.com.xml
@@ -7,7 +7,6 @@
 	<securecookie host="^(?:www\.)?ipqualityscore\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?ipqualityscore\.com/"
-		to="https://$1ipqualityscore.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/IPR_Software.com.xml b/src/chrome/content/rules/IPR_Software.com.xml
new file mode 100644
index 000000000000..03d3c822f38d
--- /dev/null
+++ b/src/chrome/content/rules/IPR_Software.com.xml
@@ -0,0 +1,16 @@
+<!--
+	Non-functional hosts
+		SSL connect error:
+		- www.cms.iprsoftware.com
+
+		SSL peer certificate was not OK:
+		- iprsoftware.com
+-->
+<ruleset name="iPR Software.com (partial)">
+	<target host="cms.iprsoftware.com" />
+	<target host="www.iprsoftware.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/IPSE.co.uk.xml b/src/chrome/content/rules/IPSE.co.uk.xml
new file mode 100644
index 000000000000..c62a4f8cc319
--- /dev/null
+++ b/src/chrome/content/rules/IPSE.co.uk.xml
@@ -0,0 +1,12 @@
+<ruleset name="IPSE.co.uk">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ipse.co.uk" />
+	<target host="www.ipse.co.uk" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/IPTorrents.com.xml b/src/chrome/content/rules/IPTorrents.com.xml
index 6004a71f19f8..1437174f783f 100644
--- a/src/chrome/content/rules/IPTorrents.com.xml
+++ b/src/chrome/content/rules/IPTorrents.com.xml
@@ -1,13 +1,19 @@
-<ruleset name="IPTorrents.com">
+<ruleset name="IPTorrents">
 
 	<target host="iptorrents.com" />
-	<target host="*.iptorrents.com" />
+	<target host="www.iptorrents.com" />
+	<target host="chat.iptorrents.com" />
+	<target host="pic.iptorrents.com" />
+	<target host="static.iptorrents.com" />
+	<target host="s.iptorrents.com" />
+	<target host="on.iptorrents.com" />
 
+	<target host="iptorrents.us" />
+	<target host="www.iptorrents.us" />
 
-	<securecookie host="^(?:w*\.)?iptorrents\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(static\.|www\.)?iptorrents\.com/"
-		to="https://$1iptorrents.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/IPVanish.com.xml b/src/chrome/content/rules/IPVanish.com.xml
new file mode 100644
index 000000000000..f831a61fd28b
--- /dev/null
+++ b/src/chrome/content/rules/IPVanish.com.xml
@@ -0,0 +1,20 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://forum.ipvanish.com/ => https://forum.ipvanish.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+-->
+<ruleset name="IPVanish.com" default_off="failed ruleset test">
+	<target host=        "ipvanish.com" />
+	<target host=    "www.ipvanish.com" />
+	<target host="account.ipvanish.com" />
+	<target host=   "blog.ipvanish.com" />
+	<target host=  "forum.ipvanish.com" />
+	<target host= "signup.ipvanish.com" />
+	<target host="support.ipvanish.com" />
+
+  	<securecookie host="^.*\.ipvanish\.com$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/IPXE.org.xml b/src/chrome/content/rules/IPXE.org.xml
index 76fef138b5bc..3df97daaf0d0 100644
--- a/src/chrome/content/rules/IPXE.org.xml
+++ b/src/chrome/content/rules/IPXE.org.xml
@@ -24,14 +24,15 @@
 <ruleset name="iPXE.org (partial)">
 
 	<target host="ipxe.org" />
-	<target host="*.ipxe.org" />
+	<target host="boot.ipxe.org" />
+	<target host="git.ipxe.org" />
+	<target host="www.ipxe.org" />
 		<!--
 			Most paths redirect to http:
 							-->
 		<exclusion pattern="^http://(?:www\.)?ipxe\.org/(?!.*\?do=(?:login|resendpwd|register))" />
 
 
-	<rule from="^http://((?:boot|git|www)\.)?ipxe\.org/"
-		to="https://$1ipxe.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/IP_check.xml b/src/chrome/content/rules/IP_check.xml
index 4233dbca9558..48328c54bd7b 100644
--- a/src/chrome/content/rules/IP_check.xml
+++ b/src/chrome/content/rules/IP_check.xml
@@ -14,4 +14,4 @@
 	<rule from="^http://(?:www\.)?ip-check\.info/(all\.css|authAttack\.php|(?:auth|cache)\.css\.php|images/|ip-check\.png)"
 		to="https://ip-check.info/$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/IPinYou.com.xml b/src/chrome/content/rules/IPinYou.com.xml
new file mode 100644
index 000000000000..842b97816015
--- /dev/null
+++ b/src/chrome/content/rules/IPinYou.com.xml
@@ -0,0 +1,32 @@
+<!--
+	Nonfunctional hosts:
+
+		- (www.)? *
+		- contest
+		- zjs *
+
+	* Shows default page
+
+
+	Insecure cookies are set for these host:
+
+		- console.ipinyou.com
+		- stats.ipinyou.com
+
+-->
+<ruleset name="iPinYou.com (partial)">
+
+	<target host="cm.ipinyou.com" />
+	<target host="console.ipinyou.com" />
+	<target host="dataservice.ipinyou.com" />
+	<target host="fm.ipinyou.com" />
+	<target host="sdsp.ipinyou.com" />
+	<target host="stats.ipinyou.com" />
+
+
+	<securecookie host="^(?:console|stats)\.ipinyou\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/IPredator.xml b/src/chrome/content/rules/IPredator.xml
index 97cfa3fc6c36..20d6c3371be7 100644
--- a/src/chrome/content/rules/IPredator.xml
+++ b/src/chrome/content/rules/IPredator.xml
@@ -1,13 +1,29 @@
-<ruleset name="IPredator">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://beta.ipredator.se/ => https://beta.ipredator.se/: (7, 'Failed to connect to beta.ipredator.se port 443: Connection timed out')
+
+	Problematic hosts in *ipredator.se:
+
+		- ownme ¹ ² ³
+
+	¹ Expired
+	² Server sends no certificate chain, see https://whatsmychaincert.com
+	³ Untrusted root
+
+-->
+<ruleset name="IPredator.se (partial)" default_off="failed ruleset test">
 
 	<target host="ipredator.se" />
-	<target host="*.ipredator.se" />
+	<target host="beta.ipredator.se" />
+	<target host="blog.ipredator.se" />
+	<target host="www.ipredator.se" />
 
 
-	<securecookie host="^(?:.*\.)?ipredator\.se$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://((?:beta|blog|www)\.)?ipredator\.se/"
-		to="https://$1ipredator.se/"/>
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/IProduction.xml b/src/chrome/content/rules/IProduction.xml
index 1aaa094faafc..c1ec2644e666 100644
--- a/src/chrome/content/rules/IProduction.xml
+++ b/src/chrome/content/rules/IProduction.xml
@@ -1,14 +1,19 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://iproduction.com/ => https://www.iproduction.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
 	Problematic subdomains:
 
 		- ^ 	(cert only matches *.iproduction.com)
 		- cdn	(403; mismatched, CN: *.pantherssl.com)
 
 -->
-<ruleset name="IProduction">
+<ruleset name="IProduction" default_off="failed ruleset test">
 
 	<target host="iproduction.com" />
-	<target host="*.iproduction.com" />
+	<target host="cdn.iproduction.com" />
+	<target host="www.iproduction.com" />
 
 
 	<securecookie host="^(?:www)?\.iproduction\.com$" name=".+" />
@@ -17,4 +22,4 @@
 	<rule from="^http://(?:cdn\.|www\.)?iproduction\.com/"
 		to="https://www.iproduction.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/IPv6Forum.com.xml b/src/chrome/content/rules/IPv6Forum.com.xml
new file mode 100644
index 000000000000..535ffd6179e7
--- /dev/null
+++ b/src/chrome/content/rules/IPv6Forum.com.xml
@@ -0,0 +1,13 @@
+<!--
+	Refused:
+		- www.jp
+-->
+<ruleset name="IPv6Forum.com">
+	<target host="ipv6forum.com" />
+	<target host="www.ipv6forum.com" />
+	<target host="education.ipv6forum.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/IPwnAge.com.xml b/src/chrome/content/rules/IPwnAge.com.xml
index b10651e5a8a7..5b59f638eaee 100644
--- a/src/chrome/content/rules/IPwnAge.com.xml
+++ b/src/chrome/content/rules/IPwnAge.com.xml
@@ -7,7 +7,6 @@
 	<securecookie host="^(?:www\.)?ipwnage\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?ipwnage\.com/"
-		to="https://$1ipwnage.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/IPython.org.xml b/src/chrome/content/rules/IPython.org.xml
new file mode 100644
index 000000000000..53e9c33ff6a2
--- /dev/null
+++ b/src/chrome/content/rules/IPython.org.xml
@@ -0,0 +1,30 @@
+<!--
+	Problematic domains:
+
+		- www ¹
+		- archive ³
+		- nbviewer ²
+
+	¹: Timeout
+	²: HTTP redirects but HTTPS does not
+	³: Invalid certificate
+
+	See also Jupyter.org.xml
+-->
+<ruleset name="IPython.org">
+
+	<target host="ipython.org" />
+	<target host="www.ipython.org" />
+
+	<target host="nbviewer.ipython.org" />
+
+	<!-- At the time of writing of this ruleset,
+	     https://nbviewer.ipython.org also works, but
+             we keep a redirect here in case that changes. -->
+	<rule from="^http://nbviewer\.ipython\.org/"
+		to="https://nbviewer.jupyter.org/" />
+
+	<rule from="^http://(?:www\.)?ipython\.org/"
+		to="https://ipython.org/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/IRAAA.org.xml b/src/chrome/content/rules/IRAAA.org.xml
new file mode 100644
index 000000000000..009f006f33c9
--- /dev/null
+++ b/src/chrome/content/rules/IRAAA.org.xml
@@ -0,0 +1,6 @@
+<ruleset name="IRAAA.org">
+	<target host="iraaa.org" />
+	<target host="www.iraaa.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/IRCTC.co.in.xml b/src/chrome/content/rules/IRCTC.co.in.xml
new file mode 100644
index 000000000000..953d944ddf46
--- /dev/null
+++ b/src/chrome/content/rules/IRCTC.co.in.xml
@@ -0,0 +1,22 @@
+<ruleset name="IRCTC.co.in">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="irctc.co.in" />
+	<target host="www.ecatering.irctc.co.in" />
+	<target host="www.irctc.co.in" />
+	<target host="www.services.irctc.co.in" />
+
+	<!--	Complications:
+				-->
+	<target host="ecatering.irctc.co.in" />
+	<target host="services.irctc.co.in" />
+
+
+	<rule from="^http://(ecatering|services)\.irctc\.co\.in/"
+		to="https://www.$1.irctc.co.in/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/IRC_Reviews.xml b/src/chrome/content/rules/IRC_Reviews.xml
deleted file mode 100644
index c29170d9d720..000000000000
--- a/src/chrome/content/rules/IRC_Reviews.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	- Expired 2012-10-24
-	- CN: cl-t167-490cl.privatedns.com
-
--->
-<ruleset name="IRC Reviews" default_off="expired, mismatched, self-signed">
-
-	<target host="ircreviews.org" />
-	<target host="www.ircreviews.org" />
-
-
-	<rule from="^http://(?:www\.)?ircreviews\.org/"
-		to="https://ircreviews.org/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/IRILL.org.xml b/src/chrome/content/rules/IRILL.org.xml
index 8a07854b3c01..5a8140449323 100644
--- a/src/chrome/content/rules/IRILL.org.xml
+++ b/src/chrome/content/rules/IRILL.org.xml
@@ -1,13 +1,13 @@
 <!--
-	^irill.org doesn't exist.
+	Time out:
+		coinst.irill.org
 
 -->
-<ruleset name="IRILL.org">
+<ruleset name="IRILL.org" default_off="cert-chain">
 
 	<target host="www.irill.org" />
 
-
-	<rule from="^http://www\.irill\.org/"
-		to="https://www.irill.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/IRIS.edu.xml b/src/chrome/content/rules/IRIS.edu.xml
new file mode 100644
index 000000000000..d0e782addef0
--- /dev/null
+++ b/src/chrome/content/rules/IRIS.edu.xml
@@ -0,0 +1,44 @@
+<!--
+	Refused:
+		www.adc1.iris.edu
+		service.adc1.iris.edu
+
+	Time out:
+		iris.edu
+		dev.iris.edu
+		geows.ds.iris.edu
+		iris.iris.edu
+		lasso.iris.edu
+
+	Invalid certificate:
+		www.ds.iris.edu
+		geoserver.iris.edu
+
+	Different content http/https:
+		obsip.iris.edu
+		wiki.iris.edu
+
+-->
+<ruleset name="IRIS.edu">
+
+	<target host="iris.edu" />
+	<target host="www.iris.edu" />
+	<target host="clean.iris.edu" />
+
+<!--	Chain issue
+	<target host="ds.iris.edu" />
+	<target host="www.ds.iris.edu" />
+	<target host="service.iris.edu" />
+	<target host="services.iris.edu" />
+
+	<rule from="^http://www\.ds\.iris\.edu/"
+		to="https://ds.iris.edu/" />
+-->
+
+	<rule from="^http://iris\.edu/"
+		to="https://www.iris.edu/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/IRISA.net.xml b/src/chrome/content/rules/IRISA.net.xml
index 7a79b1b60cdc..58bc3ce17c09 100644
--- a/src/chrome/content/rules/IRISA.net.xml
+++ b/src/chrome/content/rules/IRISA.net.xml
@@ -2,24 +2,26 @@
 	Institut de recherche en informatique et systèmes aléatoires
 
 
-	Fully covered subdomains:
+	Nonfunctional hosts in *irisa.fr:
 
-		- intranet
-		- www
+		- ardyt *
+
+	* Redirects to http
 
 
 	^irisa.fr doesn't exist.
 
 -->
-<ruleset name="IRISA.net">
+<ruleset name="IRISA.fr (partial)">
 
-	<target host="*.irisa.fr" />
+	<target host="intranet.irisa.fr" />
+	<target host="www.irisa.fr" />
 
 
-	<securecookie host="^intranet\.irisa\.fr$" name=".+" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^http://(intranet|www)\.irisa\.fr/"
-		to="https://$1.irisa.fr/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/IRON_Search.xml b/src/chrome/content/rules/IRON_Search.xml
index 82618fcf48a5..716ea4f5b316 100644
--- a/src/chrome/content/rules/IRON_Search.xml
+++ b/src/chrome/content/rules/IRON_Search.xml
@@ -1,4 +1,10 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://ironsearch.com/ (200) => https://www.ironsearch.com/ (403)
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://ironsearch.com/ => https://www.ironsearch.com/: Cycle detected - URL already encountered: https://www.ironsearch.com/
 	For other IRON Solutions coverage, see IRON_Solutions.xml.
 
 
@@ -7,16 +13,16 @@
 		- ^	(mismatched, CN: secure.ironsearch.com)
 
 -->
-<ruleset name="IRON Search">
+<ruleset name="IRON Search" default_off="failed ruleset test">
 
 	<target host="ironsearch.com" />
-	<target host="*.ironsearch.com" />
+	<target host="secure.ironsearch.com" />
+	<target host="www.ironsearch.com" />
 
 
-	<rule from="^https?://ironsearch\.com/"
+	<rule from="^http://ironsearch\.com/"
 		to="https://www.ironsearch.com/" />
 
-	<rule from="^http://(secure|www)\.ironsearch\.com/"
-		to="https://$1.ironsearch.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/IRON_Solutions.xml b/src/chrome/content/rules/IRON_Solutions.xml
index e6ba2def2ee0..3d53bb015a11 100644
--- a/src/chrome/content/rules/IRON_Solutions.xml
+++ b/src/chrome/content/rules/IRON_Solutions.xml
@@ -14,7 +14,6 @@
 	<target host="images.ironsolutions.com" />
 
 
-	<rule from="^http://images\.ironsolutions\.com/"
-		to="https://images.ironsolutions.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/IRS.gov.xml b/src/chrome/content/rules/IRS.gov.xml
new file mode 100644
index 000000000000..ff2f043d808c
--- /dev/null
+++ b/src/chrome/content/rules/IRS.gov.xml
@@ -0,0 +1,34 @@
+<!--
+	US Internal Revenue Service
+
+
+-->
+<ruleset name="IRS.gov">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="apps.irs.gov" />
+	<target host="jobs.irs.gov" />
+	<target host="www.irs.gov" />
+	<target host="sa.www4.irs.gov" />
+	<target host="sa1.www4.irs.gov" />
+
+	<!--	Complications:
+				-->
+	<target host="irs.gov" />
+
+		<test url="http://sa.www4.irs.gov/irfof-efp/start.do" />
+		<test url="http://sa.www4.irs.gov/irfof/lang/en/irfofgetstatus.jsp" />
+		<test url="http://sa1.www4.irs.gov/irfof/lang/sp/irfofgetstatus.jsp" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://irs\.gov/"
+		to="https://www.irs.gov/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/IRTF.org.xml b/src/chrome/content/rules/IRTF.org.xml
deleted file mode 100644
index 8a5ddb039947..000000000000
--- a/src/chrome/content/rules/IRTF.org.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	Internet Research Task Force
-
--->
-<ruleset name="IRTF.org">
-
-	<target host="irtf.org" />
-	<target host="www.irtf.org" />
-
-
-	<!--	www redirects to ^ over http,
-		so copy that behavior:
-					-->
-	<rule from="^http://(?:www\.)?irtf\.org/"
-		to="https://irtf.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/ISC.xml b/src/chrome/content/rules/ISC.xml
index 403a6ae56fb8..e1bc1bfd30a9 100644
--- a/src/chrome/content/rules/ISC.xml
+++ b/src/chrome/content/rules/ISC.xml
@@ -1,32 +1,14 @@
-<!--
-	Problematic domains:
-
-		- sie	(shows security)
-
-
-	Fully covered subdomains:
-
-		- (www.)
-		- bind10
-		- confluence
-		- kb
-		- store
 
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://bindforum.isc.org/ => https://bindforum.isc.org/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://confluence.isc.org/ => https://confluence.isc.org/: (6, 'Could not resolve host: confluence.isc.org')
+Fetch error: http://dhcpforum.isc.org/ => https://dhcpforum.isc.org/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://store.isc.org/ => https://store.isc.org/: (6, 'Could not resolve host: store.isc.org')
 
-	Observed cookie domains:
+	Insecure cookies are set for these domains:
 
-		- bind10
-		- bindforum
-		- confluence
-		- dhcpforum
-		- dlv
 		- kb
-		- lists
-		- security
-		- sie	(→ security)
-		- sns
-		- store
-		- support
 
 
 	Mixed content:
@@ -36,19 +18,32 @@
 	* Secured by us
 
 -->
-<ruleset name="ISC">
+<ruleset name="ISC.org" default_off="failed ruleset test">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="isc.org" />
-	<target host="*.isc.org" />
+	<target host="bind10.isc.org" />
+	<target host="bindforum.isc.org" />
+	<target host="confluence.isc.org" />
+	<target host="dhcpforum.isc.org" />
+	<target host="dlv.isc.org" />
+	<target host="kb.isc.org" />
+	<target host="lists.isc.org" />
+	<target host="sns.isc.org" />
+	<target host="store.isc.org" />
+	<target host="support.isc.org" />
+	<target host="www.isc.org" />
 
 
-	<securecookie host=".+\.isc\.org$" name=".+" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^kb\.isc\.org$" name="^KMPSESS$" /-->
 
+	<securecookie host=".\.isc\.org$" name=".+" />
 
-	<rule from="^http://((?:bind10|bindforum|confluence|dhcpforum|dlv|kb|lists|security|sns|store|support|www)\.)?isc\.org/"
-		to="https://$1isc.org/" />
 
-	<rule from="^http://sie\.isc\.org/"
-		to="https://security.isc.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/ISC2.org.xml b/src/chrome/content/rules/ISC2.org.xml
new file mode 100644
index 000000000000..c3b47cb6d992
--- /dev/null
+++ b/src/chrome/content/rules/ISC2.org.xml
@@ -0,0 +1,20 @@
+<!--
+	Mismatch:
+		- blog
+
+	Redirect:
+		- congress
+		- cybersecuregov
+		- emeacongress
+-->
+<ruleset name="ISC2.org (partial)">
+	<target host="isc2.org" />
+	<target host="www.isc2.org" />
+	<target host="education.isc2.org" />
+	<target host="learning.isc2.org" />
+
+	<securecookie host="^\.isc2\.org$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ISC2_cares.org.xml b/src/chrome/content/rules/ISC2_cares.org.xml
new file mode 100644
index 000000000000..e5ee64f93415
--- /dev/null
+++ b/src/chrome/content/rules/ISC2_cares.org.xml
@@ -0,0 +1,20 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://isc2cares.org/ => https://www.isc2cares.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.isc2cares.org/ => https://www.isc2cares.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	^: cert only matches www
+
+-->
+<ruleset name="ISC2 Cares.org" default_off="failed ruleset test">
+
+	<target host="isc2cares.org" />
+	<target host="www.isc2cares.org" />
+
+
+
+	<rule from="^http://(?:www\.)?isc2cares\.org/"
+		to="https://www.isc2cares.org/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ISEAS.edu.sg.xml b/src/chrome/content/rules/ISEAS.edu.sg.xml
new file mode 100644
index 000000000000..f8e6d0d147e3
--- /dev/null
+++ b/src/chrome/content/rules/ISEAS.edu.sg.xml
@@ -0,0 +1,24 @@
+<!--
+	Nonfunctional hosts in *iseas.edu.sg:
+
+		- sealion ¹
+		- www ²
+
+	¹ Refused
+	² Shows another domain
+
+
+	^iseas.edu.sg doesn't exist.
+
+-->
+<ruleset name="ISEAS.edu.sg (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="bookshop.iseas.edu.sg" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ISEC-Partners.xml b/src/chrome/content/rules/ISEC-Partners.xml
index 4dde94ba7d3d..85858bc2070c 100644
--- a/src/chrome/content/rules/ISEC-Partners.xml
+++ b/src/chrome/content/rules/ISEC-Partners.xml
@@ -1,13 +1,19 @@
-<ruleset name="iSEC Partners">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://labs.isecpartners.com/ => https://labs.isecpartners.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+-->
+<ruleset name="iSEC Partners" default_off="failed ruleset test">
 
 	<target host="isecpartners.com" />
-	<target host="*.isecpartners.com" />
+	<target host="labs.isecpartners.com" />
+	<target host="www.isecpartners.com" />
 
 
-	<securecookie host="^(.*\.)?isecpartners\.com$" name=".*" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(labs\.|www\.)?isecpartners\.com/"
-		to="https://$1isecpartners.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/ISIS.xml b/src/chrome/content/rules/ISIS.xml
deleted file mode 100644
index b4955181fd35..000000000000
--- a/src/chrome/content/rules/ISIS.xml
+++ /dev/null
@@ -1,5 +0,0 @@
-<ruleset name="ISIS">
-  <target host="isis.poly.edu" />
-
-  <rule from="^http://isis\.poly\.edu/" to="https://isis.poly.edu/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/ISLAMODECO.fr.xml b/src/chrome/content/rules/ISLAMODECO.fr.xml
new file mode 100644
index 000000000000..7328225efd33
--- /dev/null
+++ b/src/chrome/content/rules/ISLAMODECO.fr.xml
@@ -0,0 +1,8 @@
+<ruleset name="ISLAMODECO.fr">
+	<target host="islamodeco.fr" />
+	<target host="www.islamodeco.fr" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ISNIC.is.xml b/src/chrome/content/rules/ISNIC.is.xml
new file mode 100644
index 000000000000..7ccfc5b8437f
--- /dev/null
+++ b/src/chrome/content/rules/ISNIC.is.xml
@@ -0,0 +1,9 @@
+<ruleset name="ISNIC.is">
+
+	<target host="isnic.is" />
+	<target host="www.isnic.is" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ISO.org.xml b/src/chrome/content/rules/ISO.org.xml
index cf4bfd384c1f..99eeca78098c 100644
--- a/src/chrome/content/rules/ISO.org.xml
+++ b/src/chrome/content/rules/ISO.org.xml
@@ -12,7 +12,6 @@
 	<securecookie host="^connect\.iso\.org$" name=".+" />
 
 
-	<rule from="^http://connect\.iso\.org/"
-		to="https://connect.iso.org/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/ISOC.org.br.xml b/src/chrome/content/rules/ISOC.org.br.xml
new file mode 100644
index 000000000000..1d2028467139
--- /dev/null
+++ b/src/chrome/content/rules/ISOC.org.br.xml
@@ -0,0 +1,19 @@
+<ruleset name="ISOC.org.br" default_off="plaintext reply">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="isoc.org.br" />
+	<target host="www.isoc.org.br" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?isoc\.org\.br$" name="^CAKEPHP$" /-->
+
+	<securecookie host="^(?:www\.)?isoc\.org\.br$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ISOC.org.xml b/src/chrome/content/rules/ISOC.org.xml
new file mode 100644
index 000000000000..c65625c9e4f1
--- /dev/null
+++ b/src/chrome/content/rules/ISOC.org.xml
@@ -0,0 +1,43 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ws.edu.isoc.org/ => https://ws.edu.isoc.org/: (60, 'SSL certificate problem: certificate has expired')
+
+	For other Internet Society overage, see InternetSociety.org.xml.
+
+
+	Insecure cookies are set for these hosts:
+
+		- ws.edu.isoc.org
+		- portal.isoc.org
+
+
+	Mixed content:
+
+		- Bug on ws.edu from www.google.com *
+
+	* Secure by us
+
+-->
+<ruleset name="ISOC.org" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="isoc.org" />
+	<target host="ws.edu.isoc.org" />
+	<target host="portal.isoc.org" />
+	<target host="www.isoc.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^ws\.edu\.isoc\.org$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^portal\.isoc\.org$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:"/>
+
+</ruleset>
diff --git a/src/chrome/content/rules/ISOC24.com.xml b/src/chrome/content/rules/ISOC24.com.xml
new file mode 100644
index 000000000000..27080aa7c885
--- /dev/null
+++ b/src/chrome/content/rules/ISOC24.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="iSOC24.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="isoc24.com" />
+	<target host="www.isoc24.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ISO_Cpp.org.xml b/src/chrome/content/rules/ISO_Cpp.org.xml
new file mode 100644
index 000000000000..1e178626a33e
--- /dev/null
+++ b/src/chrome/content/rules/ISO_Cpp.org.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- isocpp.org
+		- www.isocpp.org
+
+-->
+<ruleset name="ISO Cpp.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="isocpp.org" />
+	<target host="www.isocpp.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?isocpp\.org$" name="^(PHPSESSID|exp_last_activity|exp_last_visit|exp_tracker)$" /-->
+
+	<securecookie host="^(?:www\.)?isocpp\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ISPGids.com.xml b/src/chrome/content/rules/ISPGids.com.xml
new file mode 100644
index 000000000000..c4ca0f1e295e
--- /dev/null
+++ b/src/chrome/content/rules/ISPGids.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="ISPGids.com">
+
+	<target host="ispgids.com" />
+	<target host="www.ispgids.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ISPID.nl.xml b/src/chrome/content/rules/ISPID.nl.xml
new file mode 100644
index 000000000000..c924b11bc58b
--- /dev/null
+++ b/src/chrome/content/rules/ISPID.nl.xml
@@ -0,0 +1,14 @@
+<!--
+	For other xCAT coverage, XCAT.nl.xml.
+
+-->
+<ruleset name="ISPID.nl" default_off="expired">
+
+	<target host="ispid.nl" />
+	<target host="www.ispid.nl" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ISPam.nl.xml b/src/chrome/content/rules/ISPam.nl.xml
new file mode 100644
index 000000000000..c71b2624e1ee
--- /dev/null
+++ b/src/chrome/content/rules/ISPam.nl.xml
@@ -0,0 +1,14 @@
+<!--
+	For other xCAT coverage, XCAT.nl.xml.
+
+-->
+<ruleset name="ISPam.nl">
+
+	<target host="ispam.nl" />
+	<target host="www.ispam.nl" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ISPsystem.xml b/src/chrome/content/rules/ISPsystem.xml
index 55722476c5fe..3543e5f8e60d 100644
--- a/src/chrome/content/rules/ISPsystem.xml
+++ b/src/chrome/content/rules/ISPsystem.xml
@@ -2,16 +2,17 @@
 	Nonfunctional subdomains:
 
 		- ^		(times out)
-		- download
+		- download ²
 		- forum		(shows login)
 
+	² Refused
+
 -->
 <ruleset name="ISPsystem (partial)">
 
 	<target host="my.ispsystem.com" />
 
 
-	<rule from="^http://my\.ispsystem\.com/"
-		to="https://my.ispsystem.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ISS-World.xml b/src/chrome/content/rules/ISS-World.xml
index 287bf2f65b36..dc8e2715e5c5 100644
--- a/src/chrome/content/rules/ISS-World.xml
+++ b/src/chrome/content/rules/ISS-World.xml
@@ -11,7 +11,6 @@
 	<target host="portal.issworld.com" />
 
 
-	<rule from="^http://portal\.issworld\.com/"
-		to="https://portal.issworld.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/ISS_Africa.org.xml b/src/chrome/content/rules/ISS_Africa.org.xml
new file mode 100644
index 000000000000..636ae0970f07
--- /dev/null
+++ b/src/chrome/content/rules/ISS_Africa.org.xml
@@ -0,0 +1,13 @@
+<ruleset name="ISS Africa.org">
+
+	<target host="issafrica.org" />
+	<target host="www.issafrica.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/IT-Agenten.xml b/src/chrome/content/rules/IT-Agenten.xml
new file mode 100644
index 000000000000..490d28d0abaf
--- /dev/null
+++ b/src/chrome/content/rules/IT-Agenten.xml
@@ -0,0 +1,25 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://crm.it-agenten.com/ => https://crm.it-agenten.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.it-agenten.com/ => https://www.it-agenten.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.it-agenten.com'")
+
+-->
+<ruleset name="IT:Agenten" default_off="failed ruleset test">
+
+	<target host="it-agenten.com"/>
+	<target host="crm.it-agenten.com"/>
+	<target host="www.it-agenten.com"/>
+
+	<!-- not working:
+			fw.it-agenten.com (refused)
+			stage.it-agenten.com (mismatch)
+			css.stage.it-agenten.com (mismatch)
+			tcw.staging.it-agenten.com (mismatch)
+			blog.it-agenten.com (mixed content)
+	-->
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/IT-Cube_Systems.xml b/src/chrome/content/rules/IT-Cube_Systems.xml
index 31e252a793de..14450b1a28ef 100644
--- a/src/chrome/content/rules/IT-Cube_Systems.xml
+++ b/src/chrome/content/rules/IT-Cube_Systems.xml
@@ -15,4 +15,4 @@
 	<rule from="^http://(?:www\.)?it-cube\.net/"
 		to="https://www.it-cube.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/IT-Offshore.co.uk.xml b/src/chrome/content/rules/IT-Offshore.co.uk.xml
new file mode 100644
index 000000000000..42f8d29cfb16
--- /dev/null
+++ b/src/chrome/content/rules/IT-Offshore.co.uk.xml
@@ -0,0 +1,15 @@
+<ruleset name="IT-Offshore.co.uk">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="it-offshore.co.uk" />
+	<target host="www.it-offshore.co.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/IT-University-of-Copenhagen.xml b/src/chrome/content/rules/IT-University-of-Copenhagen.xml
index 7f21970bc83b..65dc1881cff1 100644
--- a/src/chrome/content/rules/IT-University-of-Copenhagen.xml
+++ b/src/chrome/content/rules/IT-University-of-Copenhagen.xml
@@ -1,13 +1,10 @@
-<ruleset name="IT University of Copenhagen" platform="mixedcontent">
-
+<ruleset name="IT University of Copenhagen (partial)">
 	<target host="itu.dk" />
-	<target host="*.itu.dk" />
-
-
-	<securecookie host="^.*\.itu\.dk$" name=".*" />
-
-
-	<rule from="^http://((?:intranet|mit|wayf|www1?)\.)?itu\.dk/"
-		to="https://$1itu.dk/" />
+	<target host="www.itu.dk" />
+	<target host="intranet.itu.dk" />
+	<target host="mit.itu.dk" />
+	<target host="wayf.itu.dk" />
+	<target host="www1.itu.dk" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/IT2.nl.xml b/src/chrome/content/rules/IT2.nl.xml
new file mode 100644
index 000000000000..f4ab5989fbe9
--- /dev/null
+++ b/src/chrome/content/rules/IT2.nl.xml
@@ -0,0 +1,12 @@
+<ruleset name="IT2.nl">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="it2.nl" />
+	<target host="www.it2.nl" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ITAlliance.com.xml b/src/chrome/content/rules/ITAlliance.com.xml
index cc8747bb669f..76b69501ed4a 100644
--- a/src/chrome/content/rules/ITAlliance.com.xml
+++ b/src/chrome/content/rules/ITAlliance.com.xml
@@ -7,7 +7,6 @@
 	<securecookie host="^(?:www\.)?italliance\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?italliance\.com/"
-		to="https://$1italliance.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/ITC.mx.xml b/src/chrome/content/rules/ITC.mx.xml
new file mode 100644
index 000000000000..56b3a68a25ad
--- /dev/null
+++ b/src/chrome/content/rules/ITC.mx.xml
@@ -0,0 +1,24 @@
+<!--
+	Nonfunctional hosts in *itc.mx:
+
+		- (www.)? ¹
+		- leopard ²
+		- radio ¹
+		- sii ²
+		- tigger ¹
+
+	¹ Plaintext reply
+	² Dropped
+
+-->
+<ruleset name="ITC.mx (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="gacela.itc.mx" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ITCelaya.edu.mx.xml b/src/chrome/content/rules/ITCelaya.edu.mx.xml
new file mode 100644
index 000000000000..45fef75854ae
--- /dev/null
+++ b/src/chrome/content/rules/ITCelaya.edu.mx.xml
@@ -0,0 +1,27 @@
+<!--
+	(www.)?itcelaya.edu.mx: Plaintext reply
+
+
+	Insecure cookies are set for these hosts:
+
+		- sii.itcelaya.edu.mx
+
+-->
+<ruleset name="ITCelaya.edu.mx (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="sii.itcelaya.edu.mx" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^sii\.itcelaya\.edu\.mx$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^sii\.itcelaya\.edu\.mx$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ITEA_3.org.xml b/src/chrome/content/rules/ITEA_3.org.xml
new file mode 100644
index 000000000000..dc59f9798dba
--- /dev/null
+++ b/src/chrome/content/rules/ITEA_3.org.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- itea3.org
+
+-->
+<ruleset name="ITEA 3.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="itea3.org" />
+	<target host="www.itea3.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^itea3\.org$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^itea3\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ITER.org.xml b/src/chrome/content/rules/ITER.org.xml
new file mode 100644
index 000000000000..bb1842db7162
--- /dev/null
+++ b/src/chrome/content/rules/ITER.org.xml
@@ -0,0 +1,25 @@
+<!--
+	Mixed content:
+
+		- favicon on portal from www *
+
+	* Secured by us
+
+-->
+<ruleset name="ITER.org">
+
+	<target host="iter.org" />
+	<target host="portal.iter.org" />
+	<target host="www.iter.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^portal\.iter\.org$" name="^BIGipServerTMG-FBA$" /-->
+
+	<securecookie host="^portal\.iter\.org$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ITMB.nl.xml b/src/chrome/content/rules/ITMB.nl.xml
new file mode 100644
index 000000000000..6f3b53ce1fc4
--- /dev/null
+++ b/src/chrome/content/rules/ITMB.nl.xml
@@ -0,0 +1,13 @@
+<ruleset name="ITMB.nl">
+
+	<target host="itmb.nl" />
+	<target host="www.itmb.nl" />
+
+
+	<securecookie host="^\.itmb\.nl$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ITNOG.it.xml b/src/chrome/content/rules/ITNOG.it.xml
new file mode 100644
index 000000000000..3051dae82c55
--- /dev/null
+++ b/src/chrome/content/rules/ITNOG.it.xml
@@ -0,0 +1,10 @@
+<!--
+	Non-functional hosts
+		SSL connect error:
+			 - www.itnog.it
+-->
+<ruleset name="ITNOG.it">
+	<target host="lists.itnog.it" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ITPC.xml b/src/chrome/content/rules/ITPC.xml
index 28d134849727..e1aec87dd272 100644
--- a/src/chrome/content/rules/ITPC.xml
+++ b/src/chrome/content/rules/ITPC.xml
@@ -1,9 +1,28 @@
-<ruleset name="ITPC" platform="mixedcontent">
+<!--
+	^: cert only matches www
+
+
+	Mixed content:
+
+		- Image from $self *
+
+	* Unsecurable <= 404
+
+-->
+<ruleset name="ITPC (partial)">
 
 	<target host="iptc.org"/>
 	<target host="www.iptc.org"/>
+		<!--
+			404:
+				-->
+		<exclusion pattern="^http://www\.iptc\.org/gfxgen(?:$|\?)" />
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.iptc\.org$" name="^JSESSIONID$" /-->
 
-	<securecookie host="^(.*\.)?iptc\.org$" name=".*"/>
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http://(?:www\.)?iptc\.org/"
 		to="https://www.iptc.org/"/>
diff --git a/src/chrome/content/rules/ITSPA.org.uk.xml b/src/chrome/content/rules/ITSPA.org.uk.xml
new file mode 100644
index 000000000000..5b9861453b4d
--- /dev/null
+++ b/src/chrome/content/rules/ITSPA.org.uk.xml
@@ -0,0 +1,40 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://itspa.org.uk/ => https://itspa.org.uk/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.itspa.org.uk/ => https://www.itspa.org.uk/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	Insecure cookies are set for these hosts:
+
+		- itspa.org.uk
+		- www.itspa.org.uk
+
+
+	Mixed content:
+
+		- css from fonts.googleapis.com *
+		- Images from www.itspa.org.uk *
+		- Ad from www.epixmedia.co.uk *
+
+	* Secured by us
+
+-->
+<ruleset name="ITSPA.org.uk" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="itspa.org.uk" />
+	<target host="www.itspa.org.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?itspa\.org\.uk$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^(?:www\.)?itspa\.org\.uk$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ITU.xml b/src/chrome/content/rules/ITU.xml
index 4c9f1c4692ad..b9088656915a 100644
--- a/src/chrome/content/rules/ITU.xml
+++ b/src/chrome/content/rules/ITU.xml
@@ -13,7 +13,9 @@
 <ruleset name="ITU (partial)">
 
 	<target host="itu.int" />
-	<target host="*.itu.int" />
+	<target host="www.itu.int" />
+	<target host="erecruit.itu.int" />
+	<target host="itunews.itu.int" />
 
 
 	<securecookie host="^(?:erecruit|itunews)\.itu\.int$" name=".+" />
@@ -25,4 +27,4 @@
 	<rule from="^http://(erecruit|itunews)\.itu\.int/"
 		to="https://$1.itu.int/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ITV.com.xml b/src/chrome/content/rules/ITV.com.xml
new file mode 100644
index 000000000000..34acd8577dd8
--- /dev/null
+++ b/src/chrome/content/rules/ITV.com.xml
@@ -0,0 +1,60 @@
+<!--
+	CDN buckets:
+
+		- news.images.itv.com.edgesuite.net
+
+
+	Nonfunctional subdomains:
+
+		- dev-www ¹
+		- stage-www ²
+		- test-www ¹
+
+	¹ Redirects to http, self-signed
+	² Redirects to http, valid cert
+
+
+	^itv.com: cert only matches www
+
+
+	^www.itvstatic.com doesn't exist.
+
+-->
+<ruleset name="ITV.com (partial)">
+
+	<target host="itv.com" />
+	<target host="*.itv.com" />
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="^http://www\.itv\.com/($|\?)" /-->
+		<!--
+			404:
+				-->
+		<!--exclusion pattern="^http://www\.itv\.com/(dotcomassets/|favicon\.ico|games/|news/assets/)" /-->
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="^http://www\.itv\.com/(?!assets/|itvplayer($|[?/])|mediaplayer/)" /-->
+		<!--
+			Handled specially:
+						-->
+		<!--exclusion pattern="^http://www\.itv\.com/(?!thestore($|[?/]))" /-->
+	<target host="www.itvstatic.com" />
+
+
+	<!--	Redirect drops path and args:
+						-->
+	<rule from="^http://(?:www\.)?itv\.com/thestore(?:$|[?/].*)"
+		to="https://www.jmldirect.com/" />
+
+	<rule from="^http://(?:www\.)?itv\.com/(?=assets/|itvplayer(?:$|[?/])|mediaplayer/)"
+		to="https://www.itv.com/" />
+
+	<rule from="^http://(beta|i01-www)\.itv\.com/"
+		to="https://$1.itv.com/" />
+
+	<rule from="^http://www\.itvstatic\.com/"
+		to="https://www.itvstatic.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ITWeb.co.za.xml b/src/chrome/content/rules/ITWeb.co.za.xml
deleted file mode 100644
index c77645f31092..000000000000
--- a/src/chrome/content/rules/ITWeb.co.za.xml
+++ /dev/null
@@ -1,26 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.) *
-		- ad *
-		- adsrv *
-		- alpha *
-		- banners *
-		- ciozone *
-		- stats		(shows secure; mismatched, CN: secure.itweb.co.za)
-
-	* Dropped
-
--->
-<ruleset name="ITWeb.co.za (partial)">
-
-	<target host="secure.itweb.co.za" />
-
-
-	<securecookie host="^secure\.itweb\.co\.za$" name=".+" />
-
-
-	<rule from="^http://secure\.itweb\.co\.za/"
-		to="https://secure.itweb.co.za/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/ITX.com.xml b/src/chrome/content/rules/ITX.com.xml
new file mode 100644
index 000000000000..078e6f781393
--- /dev/null
+++ b/src/chrome/content/rules/ITX.com.xml
@@ -0,0 +1,28 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- itx.com
+		- www.itx.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="ITX.com">
+
+	<target host="itx.com" />
+	<target host="www.itx.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^itx\.com$" name="^dnn_IsMobile$" /-->
+	<!--securecookie host="^www\.itx\.com$" name="^(?:\.ASPXANONYMOUS|dnn_IsMobile|language)$" /-->
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/IT_Dashboard.gov.xml b/src/chrome/content/rules/IT_Dashboard.gov.xml
deleted file mode 100644
index 1b8079158345..000000000000
--- a/src/chrome/content/rules/IT_Dashboard.gov.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	Federal IT Dashboard
-
-	For other US government coverage, see US-government.xml.
-
-
-	Fully covered subdomains:
-
-		- (www.)
-		- my
-
--->
-<ruleset name="IT Dashboard.gov">
-
-	<target host="itdashboard.gov" />
-	<target host="*.itdashboard.gov" />
-
-
-	<securecookie host="^\.my.itdashboard\.gov$" name=".+" />
-
-
-	<rule from="^http://(my\.|www\.)?itdashboard\.gov/"
-		to="https://$1itdashboard.gov/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/IT_Toolbox.com.xml b/src/chrome/content/rules/IT_Toolbox.com.xml
new file mode 100644
index 000000000000..4ef9f442ccfc
--- /dev/null
+++ b/src/chrome/content/rules/IT_Toolbox.com.xml
@@ -0,0 +1,35 @@
+<!--
+	For other Ziff Davis coverage, see Ziff-Davis.xml.
+
+
+	CDN buckets:
+
+		- deh50at6yod5w.cloudfront.net
+
+			- userimages
+
+
+	Nonfunctional subdomains:
+
+		- database ¹
+		- linux ²
+		- unix ¹
+
+	¹ Refused
+	² 404; mismatched, CN: it.toolbox.com
+
+-->
+<ruleset name="IT Toolbox.com (partial)">
+
+	<target host="images.ittoolbox.com" />
+	<target host="userimages.ittoolbox.com" />
+
+
+	<!--	Could we secure this safely?
+						-->
+	<!--securecookie host="^\.ittoolbox\.com$" name="^iNa$" /-->
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/IT_Works.xml b/src/chrome/content/rules/IT_Works.xml
index d283a5576835..1760827df7c8 100644
--- a/src/chrome/content/rules/IT_Works.xml
+++ b/src/chrome/content/rules/IT_Works.xml
@@ -1,18 +1,31 @@
-<ruleset name="IT Works!">
+<!--
+	Other IT Works rulesets:
 
+		- My_IT_Works_Events.com.xml
+
+
+	Insecure cookies are set for these domains:
+
+		- .myitworks.com
+
+-->
+<ruleset name="my IT Works.com">
+
+	<!--	Direct rewrites:
+				-->
 	<target host="myitworks.com" />
-	<target host="*.myitworks.com" />
-	<target host="myitworksevents.com" />
-	<target host="*.myitworksevents.com" />
+	<target host="static.myitworks.com" />
+	<target host="www.myitworks.com" />
 
 
-	<securecookie host="^(?:w*\.)?myitworks(?:events)?\.com$" name=".+" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.myitworks\.com$" name="^(?:__cfduid|SessionGuid|cf_clearance)$" /-->
 
+	<securecookie host="^(?:w*\.)?myitworks\.com$" name=".+" />
 
-	<rule from="^http://(static\.|www\.)?myitworks\.com/"
-		to="https://$1myitworks.com/" />
 
-	<rule from="^http://(www\.)?myitworksevents\.com/"
-		to="https://$1myitworksevents.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/IT_bookshelf.com.xml b/src/chrome/content/rules/IT_bookshelf.com.xml
new file mode 100644
index 000000000000..09f59d4eec6e
--- /dev/null
+++ b/src/chrome/content/rules/IT_bookshelf.com.xml
@@ -0,0 +1,34 @@
+<!--
+	www.itbookshelf.com: Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- itbookshelf.com
+
+-->
+<ruleset name="IT bookshelf.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="itbookshelf.com" />
+
+	<!--	Complications:
+				-->
+	<target host="www.itbookshelf.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^itbookshelf\.com$" name="^(?:_itbookshelf_session|guest_token|request_method)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://www\.itbookshelf\.com/"
+		to="https://itbookshelf.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/IT_matrix.eu.xml b/src/chrome/content/rules/IT_matrix.eu.xml
new file mode 100644
index 000000000000..1a2a48a7d15a
--- /dev/null
+++ b/src/chrome/content/rules/IT_matrix.eu.xml
@@ -0,0 +1,13 @@
+<ruleset name="IT matrix.eu">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="itmatrix.eu" />
+	<target host="tipstricks.itmatrix.eu" />
+	<target host="www.itmatrix.eu" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ITactic.com.xml b/src/chrome/content/rules/ITactic.com.xml
index bc629037b152..55fc4cc4ccf9 100644
--- a/src/chrome/content/rules/ITactic.com.xml
+++ b/src/chrome/content/rules/ITactic.com.xml
@@ -1,29 +1,25 @@
 <!--
-	Problematic subdomains:
-
-		- ^	(prints "currently down for maintenance"; mismatched, CN: cryptonetwork.com)
-
-
-	Mixed content:
-
-		- css on www from www *
-		- Images on www from www **
-		- Web bugs on www from google-analytics.com *
-
-	* Secured by us, absence has little effect
-	** Secured by us, doesn't trip MCB
+	^itactic.com: Prints "currently down for maintenance"
 
 -->
-<ruleset name="iTactic.com">
+<ruleset name="iTactic.com" default_off="mismatched">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.itactic.com" />
 
+	<!--	Complications:
+				-->
 	<target host="itactic.com" />
-	<target host="*.itactic.com" />
 
 
-	<securecookie host="^\.itactic\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?itactic\.com/"
+	<rule from="^http://itactic\.com/"
 		to="https://www.itactic.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ITalian_Network_Operators_Group.xml b/src/chrome/content/rules/ITalian_Network_Operators_Group.xml
deleted file mode 100644
index 9c047bbcd989..000000000000
--- a/src/chrome/content/rules/ITalian_Network_Operators_Group.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- www	(replies with http)
-
-
-	^itnog.it doesn't exist.
-
--->
-<ruleset name="ITalian Network Operators Group (partial)" platform="cacert">
-
-	<target host="lists.itnog.it" />
-
-
-	<rule from="^http://lists\.itnog\.it/"
-		to="https://lists.itnog.it/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/ITcafe.hu.xml b/src/chrome/content/rules/ITcafe.hu.xml
new file mode 100644
index 000000000000..8a446f8b81c3
--- /dev/null
+++ b/src/chrome/content/rules/ITcafe.hu.xml
@@ -0,0 +1,14 @@
+<!--
+	Invalid certificate:
+		www.itcafe.hu
+
+-->
+<ruleset name="ITcafe.hu">
+	<target host="itcafe.hu" />
+	<target host="www.itcafe.hu" />
+	<target host="m.itcafe.hu" />
+
+	<rule from="^http://www\.itcafe\.hu/"
+		to="https://itcafe.hu/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ITechnician.co.uk.xml b/src/chrome/content/rules/ITechnician.co.uk.xml
index 8041c1f3672d..d0f782dad716 100644
--- a/src/chrome/content/rules/ITechnician.co.uk.xml
+++ b/src/chrome/content/rules/ITechnician.co.uk.xml
@@ -1,13 +1,12 @@
 <ruleset name="iTechnician.co.uk">
 
 	<target host="itechnician.co.uk" />
-	<target host="*.itechnician.co.uk" />
+	<target host="www.itechnician.co.uk" />
 
 
 	<securecookie host="^\.itechnician\.co\.uk$" name=".+" />
 
 
-	<rule from="^http://(www\.)?itechnician\.co\.uk/"
-		to="https://$1itechnician.co.uk/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/IUCNredlist.org.xml b/src/chrome/content/rules/IUCNredlist.org.xml
deleted file mode 100644
index 8074c7d4e8aa..000000000000
--- a/src/chrome/content/rules/IUCNredlist.org.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	International Union for Conservation of Nature and Natural Resources
-
-
-	CDN buckets:
-
-		- d17e9fs5g1pnhb.cloudfront.net
-
-			- i.iucnredlist.org
-
-
-	Nonfunctional subdomains:
-
-		- (www.)	(refused)
-
--->
-<ruleset name="IUCNredlist.org (partial)">
-
-	<target host="i.iucnredlist.org" />
-
-
-	<rule from="^http://i\.iucnredlist\.org/"
-		to="https://d17e9fs5g1pnhb.cloudfront.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/IUHealth.org.xml b/src/chrome/content/rules/IUHealth.org.xml
new file mode 100644
index 000000000000..8e2bceb32d91
--- /dev/null
+++ b/src/chrome/content/rules/IUHealth.org.xml
@@ -0,0 +1,14 @@
+<!--
+	https://iuhealth.org/ and
+	https://www.iuhealth.org/
+	redirect to http://
+-->
+<ruleset name="Indiana University Health (partial)">
+	<target host=    "myiuhealth.org" />
+	<target host="www.myiuhealth.org" />
+	<securecookie host="^myiuhealth\.org$" name=".+" />
+	<rule from="^http://www\.myiuhealth\.org/"
+		to="https://myiuhealth.org/"/>
+	<rule from="^http:"
+	        to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/IUPUI.edu.xml b/src/chrome/content/rules/IUPUI.edu.xml
new file mode 100644
index 000000000000..a6463df42b2e
--- /dev/null
+++ b/src/chrome/content/rules/IUPUI.edu.xml
@@ -0,0 +1,30 @@
+<!--
+	Nonfunctional subdomains:
+
+		- (www.) *
+		- registrar *
+
+	* 403/404, valid cert
+
+-->
+<ruleset name="IUPUI.edu (partial)">
+
+	<target host="cs.iupui.edu" />
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="http://cs\.iupui\.edu/" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="http://cs\.iupui\.edu/(?!~)" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.cs\.iupui\.edu$" name="^SESS[0-9a-f]{32}$" /-->
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/IVPN.net.xml b/src/chrome/content/rules/IVPN.net.xml
new file mode 100644
index 000000000000..f83e5e356fd9
--- /dev/null
+++ b/src/chrome/content/rules/IVPN.net.xml
@@ -0,0 +1,22 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://static.ivpn.net/ => https://static.ivpn.net/: (6, 'Could not resolve host: static.ivpn.net')
+
+-->
+<ruleset name="IVPN.net" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ivpn.net" />
+	<target host="static.ivpn.net" />
+	<target host="www.ivpn.net" />
+
+
+	<securecookie host="^www\.ivpn\.net$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/IVW.xml b/src/chrome/content/rules/IVW.xml
index 191b9f923030..c0959988202e 100644
--- a/src/chrome/content/rules/IVW.xml
+++ b/src/chrome/content/rules/IVW.xml
@@ -6,7 +6,7 @@
 		- www		(shows heft)
 
 	* Mismatched, CN: heft.ivw.eu
-	
+
 
 
 -->
@@ -18,7 +18,6 @@
 	<securecookie host="^heft\.ivw\.eu$" name=".+" />
 
 
-	<rule from="^http://heft\.ivw\.eu/"
-		to="https://heft.ivw.eu/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/IVoox.com.xml b/src/chrome/content/rules/IVoox.com.xml
new file mode 100644
index 000000000000..77f20002275d
--- /dev/null
+++ b/src/chrome/content/rules/IVoox.com.xml
@@ -0,0 +1,43 @@
+<!--
+	CDN buckets:
+
+		- d24j0spkseaxmc.cloudfront.net
+
+			- images1
+
+
+	Mixed content:
+
+		- Images from static-1.ivoox.com *
+		- Bugs from b.scorecardresearch.com *
+
+	* Secured by us
+
+-->
+<ruleset name="iVoox.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ivoox.com" />
+	<target host="static-1.ivoox.com" />
+	<target host="www.ivoox.com" />
+
+	<!--	Complications:
+				-->
+	<target host="images1.ivoox.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.ivoox\.com$" name="^(anonymous_pageviews|applanding|politica_cookies)" /-->
+
+	<securecookie host="^www\.ivoox\.com$" name=".+" />
+
+
+	<rule from="^http://images1\.ivoox\.com/"
+		to="https://d24j0spkseaxmc.cloudfront.net/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/IWM_Network.com.xml b/src/chrome/content/rules/IWM_Network.com.xml
index a9bd23e4a6e0..48e51a3872db 100644
--- a/src/chrome/content/rules/IWM_Network.com.xml
+++ b/src/chrome/content/rules/IWM_Network.com.xml
@@ -1,10 +1,10 @@
-<ruleset name="IWM Network.com" default_off="self-signed">
+<ruleset name="IWM Network.com">
 
 	<target host="iwmnetwork.com" />
 	<target host="www.iwmnetwork.com" />
 
 
-	<rule from="^http://(?:www\.)?iwmnetwork\.com/"
-		to="https://iwmnetwork.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/IWOWCase.xml b/src/chrome/content/rules/IWOWCase.xml
deleted file mode 100644
index a5148e9c30c9..000000000000
--- a/src/chrome/content/rules/IWOWCase.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="iWOWCase">
-
-	<target host="iwowcase.com" />
-	<target host="*.iwowcase.com" />
-
-
-	<securecookie host="^\.iwowcase\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?iwowcase\.com/"
-		to="https://$1iwowcase.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/IWPR.net.xml b/src/chrome/content/rules/IWPR.net.xml
new file mode 100644
index 000000000000..8907d3e7169a
--- /dev/null
+++ b/src/chrome/content/rules/IWPR.net.xml
@@ -0,0 +1,8 @@
+<ruleset name="IWPR.net">
+	<target host="iwpr.net" />
+	<target host="www.iwpr.net" />
+
+	<rule from="^http://www\.iwpr\.net/" to="https://iwpr.net/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/IWantClips.com.xml b/src/chrome/content/rules/IWantClips.com.xml
new file mode 100644
index 000000000000..ce038c715fab
--- /dev/null
+++ b/src/chrome/content/rules/IWantClips.com.xml
@@ -0,0 +1,16 @@
+<ruleset name="iWantClips.com">
+
+	<target host="iwantclips.com" />
+	<target host="www.iwantclips.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^iwantclips\.com$" name="^ci_session$" /-->
+
+	<securecookie host="^iwantclips\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/IWeb.com.xml b/src/chrome/content/rules/IWeb.com.xml
new file mode 100644
index 000000000000..5b5b021bbecf
--- /dev/null
+++ b/src/chrome/content/rules/IWeb.com.xml
@@ -0,0 +1,48 @@
+<!--
+	For other Internap coverage, see Internap.xml.
+
+
+	Nonfunctional hosts in *iweb.com:
+
+		- blog
+		- carrieres ²
+
+	¹ Redirects to http
+	² Refused
+
+
+	Fully covered hosts in *iweb.com:
+
+		- (www.)?
+		- account
+		- jslib
+		- kb
+
+
+	Insecure cookies are set for these domains:
+
+		- .iweb.com
+
+-->
+<ruleset name="iWeb.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="iweb.com" />
+	<target host="account.iweb.com" />
+	<target host="jslib.iweb.com" />
+	<target host="kb.iweb.com" />
+	<target host="www.iweb.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.iweb\.com$" name="^(PHPSESSID|iwebherb)$" /-->
+
+	<securecookie host="^\.iweb\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/IWebReader.xml b/src/chrome/content/rules/IWebReader.xml
index ea9e1b111590..0ababfc262d6 100644
--- a/src/chrome/content/rules/IWebReader.xml
+++ b/src/chrome/content/rules/IWebReader.xml
@@ -13,13 +13,13 @@
 -->
 <ruleset name="iWebReader (partial)">
 
-	<target host="*.iwebreader.com" />
+	<target host="secure.iwebreader.com" />
+	<target host="static.iwebreader.com" />
 
 
-	<rule from="^http://secure\.iwebreader\.com/"
-		to="https://secure.iwebreader.com/" />
 
 	<rule from="^http://static\.iwebreader\.com/"
 		to="https://du4ozcxd5zwr5.cloudfront.net/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/IWight.com.xml b/src/chrome/content/rules/IWight.com.xml
new file mode 100644
index 000000000000..063806ad6718
--- /dev/null
+++ b/src/chrome/content/rules/IWight.com.xml
@@ -0,0 +1,19 @@
+<!--
+	Isle of Wight Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+-->
+<ruleset name="IWight.com">
+
+	<target host="iwight.com" />
+	<target host="www.iwight.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/IWouldDo.It.xml b/src/chrome/content/rules/IWouldDo.It.xml
new file mode 100644
index 000000000000..c7cbd3b5e151
--- /dev/null
+++ b/src/chrome/content/rules/IWouldDo.It.xml
@@ -0,0 +1,32 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.iwoulddo.it/ => https://www.iwoulddo.it/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://iwoulddo.it/ => https://www.iwoulddo.it/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	Problematic hosts in *iwoulddo.it:
+
+		- ^ *
+		- stats *
+
+	* Mismatched
+
+-->
+<ruleset name="IWouldDo.It (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.iwoulddo.it" />
+
+	<!--	Complications:
+				-->
+	<target host="iwoulddo.it" />
+
+
+	<rule from="^http://iwoulddo\.it/"
+		to="https://www.iwoulddo.it/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/IXI-mismatches.xml b/src/chrome/content/rules/IXI-mismatches.xml
index 2f90c0db50d2..c117f22e42ed 100644
--- a/src/chrome/content/rules/IXI-mismatches.xml
+++ b/src/chrome/content/rules/IXI-mismatches.xml
@@ -2,7 +2,7 @@
 	For rules that are on by default, see IXI.xml.
 
 -->
-<ruleset name="IXI (mismatches)" default_off="mismatch">
+<ruleset name="IXI (mismatches)" default_off="mismatched">
 
 	<!--	Cert: *.gridserver.com	-->
 	<target host="ixicorp.com" />
@@ -10,7 +10,7 @@
 
 
 	<!--	Homepage redirects infinitely.	-->
-	<rule from="^https?://(?:www\.)?ixicorp\.com/wp-content/"
+	<rule from="^http://(?:www\.)?ixicorp\.com/wp-content/"
 		to="https://www.ixicorp.com/wp-content/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/IXI.xml b/src/chrome/content/rules/IXI.xml
index 7fe45f003556..c222abd4e932 100644
--- a/src/chrome/content/rules/IXI.xml
+++ b/src/chrome/content/rules/IXI.xml
@@ -1,13 +1,17 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://s.ixiaa.com/ => https://s.ixiaa.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
 	For problematic rules, see IXI-mismatches.xml.
 
 -->
-<ruleset name="IXI (partial)">
+<ruleset name="IXI (partial)" default_off="failed ruleset test">
 
 	<target host="s.ixiaa.com" />
 
 
-	<rule from="^http://s\.ixiaa\.com/"
-		to="https://s.ixiaa.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/IX_Web_Hosting.com.xml b/src/chrome/content/rules/IX_Web_Hosting.com.xml
new file mode 100644
index 000000000000..74d1660a7ef7
--- /dev/null
+++ b/src/chrome/content/rules/IX_Web_Hosting.com.xml
@@ -0,0 +1,113 @@
+<!--
+	For other Ecommerce coverage, see Ecommerce.xml.
+
+
+	Nonfunctional hosts in *ixwebhosting.com:
+
+		- status *
+
+	* Redirects to http
+
+
+	Problematic hosts in *ixwebhosting.com:
+
+		- email *
+
+	* Mismatched
+
+
+	Fully covered hosts in *ixwebhosting.com:
+
+		- ^
+		- assets
+		- blog		(→ ww.ixwebhosting.com)
+		- email		(→ webmail.opentransfer.com)
+		- manage
+		- my
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .ixwebhosting.com
+		- manage.ixwebhosting.com
+		- my.ixwebhosting.com
+
+
+	Mixed content:
+
+		- css, on:
+
+			- www from fonts.googleapis.com ¹
+			- www from assets.ixwebhosting.com ¹
+			- www from $self ¹
+
+		- Images, on:
+
+			- www from assets.ixwebhosting.com ¹
+			- www from $self ¹
+			- www from farm2.staticflickr.com ¹
+
+		- favicon www from $self ²
+
+	¹ Secured by us
+	² Unsecurable <= redirects to http
+
+-->
+<ruleset name="IX Web Hosting.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ixwebhosting.com" />
+	<target host="assets.ixwebhosting.com" />
+	<target host="blog.ixwebhosting.com" />
+	<target host="manage.ixwebhosting.com" />
+	<target host="my.ixwebhosting.com" />
+	<target host="www.ixwebhosting.com" />
+
+	<!--	Complications:
+				-->
+	<target host="email.ixwebhosting.com" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://status.ixwebhosting.com/$" /-->
+		<!--exclusion pattern="^http://www\.ixwebhosting\.com/($|favicon\.ico|index($|\?))" /-->
+
+		<!--	Mixed css:
+					-->
+		<!--exclusion pattern="^http://www\.ixwebhosting\.com/(blog|support)/$" /-->
+
+		<!--	Exceptions:
+					-->
+		<exclusion pattern="^http://www\.ixwebhosting\.com/(?!(?:blog|support)/wp-content/|templates/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.ixwebhosting.com/blog/" />
+			<test url="http://www.ixwebhosting.com/hosting-plans" />
+			<test url="http://www.ixwebhosting.com/support/" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.ixwebhosting.com/blog/wp-content/themes/newixblog/style.css" />
+			<test url="http://www.ixwebhosting.com/support/wp-content/themes/ix-support-center-dev02/style.css" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.ixwebhosting\.com$" name="^uainfo$" /-->
+	<!--securecookie host="^manage\.ixwebhosting\.com$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^my\.ixwebhosting\.com$" name="^_session_id$" /-->
+
+	<!--securecookie host="^(?:.*\.)?ixwebhosting\.com$" name=".*" /-->
+	<securecookie host="^\.ixwebhosting\.com$" name="^uainfo$" />
+	<securecookie host="^m(?:anage|y)\.ixwebhosting\.com$" name=".+" />
+
+
+	<rule from="^http://email\.ixwebhosting\.com/"
+		to="https://webmail.opentransfer.com/horde/imp/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/IXsystems.xml b/src/chrome/content/rules/IXsystems.xml
index c6c912ef19b0..254df918eea2 100644
--- a/src/chrome/content/rules/IXsystems.xml
+++ b/src/chrome/content/rules/IXsystems.xml
@@ -1,19 +1,30 @@
-<ruleset name="iXsystems">
+<!--
+	Mixed content:
+
+		- css on support from fonts.googleapis.com *
+		- Image on support from www *
+		- favicon on support from www *
+		- Ad on (www.) and support from www.customerlobby.com *
+
+	* Secured by us
+
+-->
+<ruleset name="iXsystems.com">
 
 	<target host="ixsystems.com" />
-	<target host="*.ixsystems.com" />
+	<target host="mail.ixsystems.com" />
+	<target host="support.ixsystems.com" />
+	<target host="www.ixsystems.com" />
 
 
-	<securecookie host="^mail\.ixsystems\.com$" name=".+" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^support\.ixsystems\.com$" name="^(SWIFT_client|SWIFT_sessionid40)$" /-->
 
+	<securecookie host="^\w" name=".+" />
 
-	<!--	^ works, but redirects to www over
-		http => clone that behavior:
-						-->
-	<rule from="^http://(?:www\.)?ixsystems\.com/"
-		to="https://www.ixsystems.com/" />
 
-	<rule from="^http://mail\.ixsystems\.com/"
-		to="https://mail.ixsystems.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/IYouPort.com.xml b/src/chrome/content/rules/IYouPort.com.xml
new file mode 100644
index 000000000000..061be9291471
--- /dev/null
+++ b/src/chrome/content/rules/IYouPort.com.xml
@@ -0,0 +1,19 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://iyouport.com/ => https://iyouport.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.iyouport.com/ => https://www.iyouport.com/: (28, 'Connection timed out after 20000 milliseconds')
+
+-->
+<ruleset name="iYouPort.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="iyouport.com" />
+	<target host="www.iyouport.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/IZEA.com.xml b/src/chrome/content/rules/IZEA.com.xml
new file mode 100644
index 000000000000..10f6eb2a4195
--- /dev/null
+++ b/src/chrome/content/rules/IZEA.com.xml
@@ -0,0 +1,18 @@
+<!--
+	Other IZEA rulesets:
+
+		- PayPerPost.com.xml
+
+-->
+<ruleset name="IZEA.com">
+
+	<target host="izea.com" />
+	<target host="www.izea.com" />
+
+
+	<securecookie host="^izea\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/I_Am_The_Cavalry.org.xml b/src/chrome/content/rules/I_Am_The_Cavalry.org.xml
new file mode 100644
index 000000000000..3c4d2b4e73c1
--- /dev/null
+++ b/src/chrome/content/rules/I_Am_The_Cavalry.org.xml
@@ -0,0 +1,13 @@
+<ruleset name="I Am The Cavalry.org">
+
+	<target host="iamthecavalry.org" />
+	<target host="www.iamthecavalry.org" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/I_Give_Online.com.xml b/src/chrome/content/rules/I_Give_Online.com.xml
new file mode 100644
index 000000000000..a218ecde61b0
--- /dev/null
+++ b/src/chrome/content/rules/I_Give_Online.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="I Give Online.com">
+
+	<target host="igiveonline.com" />
+	<target host="www.igiveonline.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/I_Make_Things_Work.xml b/src/chrome/content/rules/I_Make_Things_Work.xml
index 1e2ab8b4d7f7..b3bfe3a7d594 100644
--- a/src/chrome/content/rules/I_Make_Things_Work.xml
+++ b/src/chrome/content/rules/I_Make_Things_Work.xml
@@ -1,13 +1,12 @@
 <ruleset name="I Make Things Work">
 
 	<target host="imakethingswork.com" />
-	<target host="*.imakethingswork.com" />
+	<target host="www.imakethingswork.com" />
 
 
 	<securecookie host="^(?:www)?\.imakethingswork\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?imakethingswork\.com/"
-		to="https://$1imakethingswork.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/I_Want_U.xml b/src/chrome/content/rules/I_Want_U.xml
deleted file mode 100644
index 3f381e081139..000000000000
--- a/src/chrome/content/rules/I_Want_U.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="I Want U (partial)">
-
-	<target host="cdn.keepstat.com" />
-
-
-	<rule from="^http://cdn\.keepstat\.com/(?!(?:\?.*)?$)"
-		to="https://cdn.keepstat.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/I_love_Freegle.org.xml b/src/chrome/content/rules/I_love_Freegle.org.xml
new file mode 100644
index 000000000000..26595543fd66
--- /dev/null
+++ b/src/chrome/content/rules/I_love_Freegle.org.xml
@@ -0,0 +1,51 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://maps.ilovefreegle.org/ => https://maps.ilovefreegle.org/: (51, "SSL: no alternative certificate subject name matches target host name 'maps.ilovefreegle.org'")
+Fetch error: http://shared.ilovefreegle.org/ => https://shared.ilovefreegle.org/: (51, "SSL: no alternative certificate subject name matches target host name 'shared.ilovefreegle.org'")
+
+	Problematic hosts in *ilovefreegle.org:
+
+		- mm *
+
+	* Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- directv2.ilovefreegle.org
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- mm from frgl.it
+			- mm from jigsaw.w3.org
+			- mm from www.w3.org
+
+-->
+<ruleset name="I love Freegle.org (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ilovefreegle.org" />
+	<target host="direct.ilovefreegle.org" />
+	<target host="directv2.ilovefreegle.org" />
+	<target host="maps.ilovefreegle.org" />
+	<!--target host="mm.ilovefreegle.org" /-->
+	<target host="shared.ilovefreegle.org" />
+	<target host="www.ilovefreegle.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^directv2\.ilovefreegle\.org$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^directv2.ilovefreegle.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/I_love_blue_sea.com.xml b/src/chrome/content/rules/I_love_blue_sea.com.xml
new file mode 100644
index 000000000000..6f74c3b321b0
--- /dev/null
+++ b/src/chrome/content/rules/I_love_blue_sea.com.xml
@@ -0,0 +1,27 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ilovebluesea.com/ => https://ilovebluesea.com/: (51, "SSL: no alternative certificate subject name matches target host name 'ilovebluesea.com'")
+Fetch error: http://www.ilovebluesea.com/ => https://www.ilovebluesea.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.ilovebluesea.com'")
+
+Automatically by https-everywhere-checker because:
+Fetch error: http://ilovebluesea.com/ => https://ilovebluesea.com/: (35, 'Unknown SSL protocol error in connection to ilovebluesea.com:443 ')
+	Mixed content:
+
+		- Images from www *
+
+	* Secured by us
+
+-->
+<ruleset name="i love blue sea.com" default_off="failed ruleset test">
+
+	<target host="ilovebluesea.com" />
+	<target host="www.ilovebluesea.com" />
+
+
+	<securecookie host="^\.(?:www\.)?ilovebluesea\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Iamnoone-solutions.net.xml b/src/chrome/content/rules/Iamnoone-solutions.net.xml
deleted file mode 100644
index e9b5b14e238e..000000000000
--- a/src/chrome/content/rules/Iamnoone-solutions.net.xml
+++ /dev/null
@@ -1,28 +0,0 @@
-<!--
-	CDN buckets:
-
-
-		- 3192.iamnoonesolution.netdna-cdn.com
-
-			- -ssl does not exist
-			- cdn.iamnoone-solutions.com
-
-
-		- 4014.iamnoonesolution.netdna-cdn.com
-
-			- -ssl exists
-			- cdn.analytics.iamnoone-solutions.net
-
--->
-<ruleset name="iamnoone-solutions.net (partial)">
-
-	<target host="*.iamnoone-solutions.net" />
-
-
-	<rule from="^http://analytics\.iamnoone-solutions\.net/"
-		to="https://analytics.iamnoone-solutions.net/" />
-
-	<rule from="^http://cdn\.analytics\.iamnoone-solutions\.net/"
-		to="https://4014-iamnoonesolution.netdna-ssl.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Ian.com.xml b/src/chrome/content/rules/Ian.com.xml
deleted file mode 100644
index 9155fc413540..000000000000
--- a/src/chrome/content/rules/Ian.com.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	Cert only matches www.
-
--->
-<ruleset name="ian.com">
-
-	<target host="ian.com" />
-	<target host="*.ian.com" />
-
-
-	<securecookie host="^\.ian\.com$" name=".+" />
-
-
-	<rule from="^https?://(?:www\.)?ian\.com/"
-		to="https://www.ian.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/IantheHenry.com.xml b/src/chrome/content/rules/IantheHenry.com.xml
new file mode 100644
index 000000000000..21292bd4c669
--- /dev/null
+++ b/src/chrome/content/rules/IantheHenry.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="IantheHenry.com">
+
+	<target host="ianthehenry.com" />
+	<target host="www.ianthehenry.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Iberdrola.xml b/src/chrome/content/rules/Iberdrola.xml
index 90dbac591f8b..bcb94b97fd6a 100644
--- a/src/chrome/content/rules/Iberdrola.xml
+++ b/src/chrome/content/rules/Iberdrola.xml
@@ -12,7 +12,7 @@
 <ruleset name="Iberdrola (partial)">
 
 	<target host="iberdrola.es" />
-	<target host="*.iberdrola.es" />
+	<target host="www.iberdrola.es" />
 
 
 	<securecookie host="^(?:www)?\.iberdrola\.es$" name=".+" />
diff --git a/src/chrome/content/rules/Iberia.xml b/src/chrome/content/rules/Iberia.xml
index 0642b63ac23b..2fb302ee83b8 100644
--- a/src/chrome/content/rules/Iberia.xml
+++ b/src/chrome/content/rules/Iberia.xml
@@ -1,7 +1,15 @@
-<ruleset name="Iberia">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://iberia.com/ => https://iberia.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://iberia.com/ => https://iberia.com/: (28, 'Operation timed out after 0 milliseconds with 0 out of 0 bytes received')
+-->
+<ruleset name="Iberia" default_off="failed ruleset test">
   <target host="iberia.com" />
   <target host="*.iberia.com" />
-  
+
   <rule from="^http://iberia\.com/" to="https://iberia.com/"/>
   <rule from="^http://([^/:@\.]+)\.iberia\.com/" to="https://$1.iberia.com/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/Iberiabank.xml b/src/chrome/content/rules/Iberiabank.xml
index bc4e3383413e..80f5ff9f42bd 100644
--- a/src/chrome/content/rules/Iberiabank.xml
+++ b/src/chrome/content/rules/Iberiabank.xml
@@ -1,13 +1,12 @@
 <ruleset name="Iberiabank">
 
 	<target host="iberiabank.com" />
-	<target host="*.iberiabank.com" />
+	<target host="www.iberiabank.com" />
 
 
 	<securecookie host="^(?:w*\.)?iberiabank\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?iberiabank\.com/"
-		to="https://$1iberiabank.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Ibibo.com.xml b/src/chrome/content/rules/Ibibo.com.xml
new file mode 100644
index 000000000000..1ad8813ac98f
--- /dev/null
+++ b/src/chrome/content/rules/Ibibo.com.xml
@@ -0,0 +1,21 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ads.ibibo.com/ => https://ads.ibibo.com/: (6, 'Could not resolve host: ads.ibibo.com')
+
+	Nonfunctional subdomains:
+
+		- (www.) *
+		- games *
+
+	* Refused
+
+-->
+<ruleset name="ibibo.com (partial)" default_off="failed ruleset test">
+
+	<target host="ads.ibibo.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ibiza-Rocks.xml b/src/chrome/content/rules/Ibiza-Rocks.xml
index d63347381969..2a89657faeac 100644
--- a/src/chrome/content/rules/Ibiza-Rocks.xml
+++ b/src/chrome/content/rules/Ibiza-Rocks.xml
@@ -1,13 +1,19 @@
-<ruleset name="Ibiza Rocks (partial)">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://bookings.ibizarocks.com/ => https://bookings.ibizarocks.com/: (60, 'SSL certificate problem: self signed certificate')
+Fetch error: http://mrh.ibizarocks.com/ => https://mrh.ibizarocks.com/: (6, 'Could not resolve host: mrh.ibizarocks.com')
+
+-->
+<ruleset name="Ibiza Rocks (partial)" default_off="failed ruleset test">
 
 	<target host="bookings.ibizarocks.com" />
 	<target host="mrh.ibizarocks.com" />
 
 
-	<securecookie host="^.*\.ibizarocks\.com$" name=".*" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(bookings|mrh)\.ibizarocks\.com/"
-		to="https://$1.ibizarocks.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Iblocklist.com.xml b/src/chrome/content/rules/Iblocklist.com.xml
new file mode 100644
index 000000000000..98c4b1d1076a
--- /dev/null
+++ b/src/chrome/content/rules/Iblocklist.com.xml
@@ -0,0 +1,32 @@
+<!--
+	Nonfunctional hosts in *iblocklist.com:
+
+		- lists *
+
+	* Shows ^iblocklist.com
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.iblocklist.com
+
+-->
+<ruleset name="IBlocklist.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="iblocklist.com" />
+	<target host="www.iblocklist.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.iblocklist\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^www\.iblocklist\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/IbnouTaymiyya.com.xml b/src/chrome/content/rules/IbnouTaymiyya.com.xml
new file mode 100644
index 000000000000..81c58f5d33a5
--- /dev/null
+++ b/src/chrome/content/rules/IbnouTaymiyya.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="IbnouTaymiyya.com">
+	<target host="ibnoutaymiyya.com" />
+	<target host="www.ibnoutaymiyya.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ibood.com.xml b/src/chrome/content/rules/Ibood.com.xml
new file mode 100644
index 000000000000..fdeb64081e1e
--- /dev/null
+++ b/src/chrome/content/rules/Ibood.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="Ibood.com">
+  <target host="www.ibood.com" />
+
+  <test url="http://www.ibood.com/nl/nl/" />
+  <test url="http://www.ibood.com/uk/en/" />
+  <test url="http://www.ibood.com/be/nl/" />
+  <test url="http://www.ibood.com/pl/pl/" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ibqonline.com.xml b/src/chrome/content/rules/Ibqonline.com.xml
deleted file mode 100644
index 3803aee65615..000000000000
--- a/src/chrome/content/rules/Ibqonline.com.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	Nonfunctional domains:
-
-		- (www.)ibq.com.qa	(503)
-
-
-	Cert only matches www.
-
--->
-<ruleset name="ibqonline.com">
-
-	<target host="ibqonline.com" />
-	<target host="www.ibqonline.com" />
-
-
-	<securecookie host="^www\.ibqonline\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?ibqonline\.com/"
-		to="https://www.ibqonline.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Ibtracking.com.xml b/src/chrome/content/rules/Ibtracking.com.xml
new file mode 100644
index 000000000000..b8dc2139d3cc
--- /dev/null
+++ b/src/chrome/content/rules/Ibtracking.com.xml
@@ -0,0 +1,24 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- ads.ibtracking.com
+
+-->
+<ruleset name="ibtracking.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ads.ibtracking.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^ads\.ibtracking\.com$" name="^(?:AVPUID|JSESSIONID)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ic-live.com.xml b/src/chrome/content/rules/Ic-live.com.xml
deleted file mode 100644
index 4ab3343cb2c4..000000000000
--- a/src/chrome/content/rules/Ic-live.com.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	Web bugs.
-
-
-	c\d+ sets icxid wildcard cookie on whichever domain it is loaded from.
-
--->
-<ruleset name="ic-live.com">
-
-	<target host="ic-live.com" />
-	<target host="*.ic-live.com" />
-
-
-	<securecookie host="^\.ic-live\.com$" name=".+" />
-
-
-	<rule from="^http://(c\d+\.|www\.)?ic-live\.com/"
-		to="https://$1ic-live.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Icanhazip.com.xml b/src/chrome/content/rules/Icanhazip.com.xml
new file mode 100644
index 000000000000..59003b76487d
--- /dev/null
+++ b/src/chrome/content/rules/Icanhazip.com.xml
@@ -0,0 +1,15 @@
+<!--
+
+	Problematic domains:
+
+		- www serves an invalid certificate
+
+-->
+<ruleset name="icanhazip.com">
+
+	<target host="icanhazip.com" />
+	<target host="www.icanhazip.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Icculus.org.xml b/src/chrome/content/rules/Icculus.org.xml
new file mode 100644
index 000000000000..988d3653fe1e
--- /dev/null
+++ b/src/chrome/content/rules/Icculus.org.xml
@@ -0,0 +1,54 @@
+<!--
+	Non-functional hosts
+		Timeout was reached:
+		- bugzilla-attachments.icculus.org
+
+		SSL peer certificate was not OK:
+		- www.0day.icculus.org
+		- airstrike.icculus.org
+		- www.bugzilla.icculus.org
+		- chef.icculus.org
+		- cvs.icculus.org
+		- mirror1.icculus.org
+		- a.mx.icculus.org
+		- nola-intel.icculus.org
+		- a.ns.icculus.org
+		- ns1.icculus.org
+		- ns2.icculus.org
+		- offload1.icculus.org
+		- offload2.icculus.org
+		- offload3.icculus.org
+		- openbox.icculus.org
+		- physfs.icculus.org
+		- www.pyddr.icculus.org
+		- ravage.icculus.org
+		- www.treefort.icculus.org
+		- viewvc.icculus.org
+		- vpn.icculus.org
+
+		4xx client error:
+		- openid.icculus.org
+
+		5xx server error:
+		- etherpad.icculus.org
+-->
+<ruleset name="Icculus.org">
+	<target host="icculus.org" />
+	<target host="www.icculus.org" />
+	<target host="0day.icculus.org" />
+	<target host="bugs.icculus.org" />
+	<target host="bugzilla.icculus.org" />
+	<target host="calendar.icculus.org" />
+	<target host="fossil.icculus.org" />
+	<target host="git.icculus.org" />
+	<target host="hg.icculus.org" />
+	<target host="kristin.icculus.org" />
+	<target host="mail.icculus.org" />
+	<target host="physfs-buildbot.icculus.org" />
+	<target host="steamtags.icculus.org" />
+	<target host="svn.icculus.org" />
+	<target host="treefort.icculus.org" />
+	<target host="twitter.icculus.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Icculus.xml b/src/chrome/content/rules/Icculus.xml
deleted file mode 100644
index 615566e12f90..000000000000
--- a/src/chrome/content/rules/Icculus.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="Icculus.org">
-  <target host="icculus.org" />
-  <target host="*.icculus.org" />
-
-  <rule from="^http://(([a-zA-Z0-9-]+\.)?icculus\.org)/" to="https://$1/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/Ice-WM.org.xml b/src/chrome/content/rules/Ice-WM.org.xml
new file mode 100644
index 000000000000..c13ef2439a9b
--- /dev/null
+++ b/src/chrome/content/rules/Ice-WM.org.xml
@@ -0,0 +1,16 @@
+<ruleset name="Ice-WM.org">
+
+	<target host="ice-wm.org" />
+	<target host="www.ice-wm.org" />
+	<target host="themes.ice-wm.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<!-- Invalid certificate on https://www.ice-wm.org/,
+	http://www.ice-wm.org/ redirects to https://ice-wm.org/.-->
+	<rule from="^http://www\.ice-wm\.org/"
+			to="https://ice-wm.org/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/IceHerberg.xml b/src/chrome/content/rules/IceHerberg.xml
index 1ca1088f517a..0190bd71ecea 100644
--- a/src/chrome/content/rules/IceHerberg.xml
+++ b/src/chrome/content/rules/IceHerberg.xml
@@ -1,6 +1,21 @@
-<ruleset name="IceHeberg">
+<!--
+	Insecure cookies are set for these hosts:
+
+		- iceheberg.fr
+		- www.iceheberg.fr
+
+-->
+<ruleset name="Ice Heberg.fr" default_off="mismatched">
   <target host="iceheberg.fr" />
   <target host="www.iceheberg.fr" />
 
-  <rule from="^http://(?:www\.)?iceheberg\.fr/" to="https://www.iceheberg.fr/"/>
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)iceheberg\.fr$" name="^(mailplan|mailplanBAK)$" /-->
+
+	<securecookie host="^(?:www\.)?iceheberg\.fr$" name=".+" />
+
+
+  <rule from="^http:" to="https:"/>
 </ruleset>
diff --git a/src/chrome/content/rules/IceWarp.com.xml b/src/chrome/content/rules/IceWarp.com.xml
new file mode 100644
index 000000000000..923a36552644
--- /dev/null
+++ b/src/chrome/content/rules/IceWarp.com.xml
@@ -0,0 +1,73 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://icewarp.com/ => https://icewarp.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.icewarp.com/ => https://www.icewarp.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	Nonfunctional subdomains:
+
+		- esupport *
+
+	* Refused
+
+
+	Problematic subdomains:
+
+		- 247 ¹
+		- forum ²
+		- www-media ³
+
+	¹ Expired, self-signed
+	² Mismatched
+	³ Sends no cert chain
+
+
+	Fully covered subdomains:
+
+		- (www.)?
+		- server
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .icewarp.com
+		- 247.icewarp.com
+		- server.icewarp.com
+		- www.icewarp.com
+
+
+	Mixed content:
+
+		- css on 247 from $self ¹
+
+		- Images, on:
+
+			- 247 from $self ¹
+			- forum from $self ¹
+			- www from esupport ²
+
+	¹ Not secured by us <= mismatched
+	² Unsecurable <= refused
+
+-->
+<ruleset name="IceWarp.com (partial)" default_off="failed ruleset test">
+
+	<target host="icewarp.com" />
+	<target host="server.icewarp.com" />
+	<target host="www.icewarp.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.icewarp\.com$" name="^bb_sessionhash$" /-->
+	<!--securecookie host="^247\.icewarp\.com$" name="^SWIFT_sessionid40$" /-->
+	<!--securecookie host="^server\.icewarp\.com$" name="^PHPSESSID_BASIC$" /-->
+	<!--securecookie host="^www\.icewarp\.com$" name="^(PHPSESSID|nette-browser)$" /-->
+
+	<securecookie host="^(?:server|www)\.icewarp\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Icecast.org.xml b/src/chrome/content/rules/Icecast.org.xml
new file mode 100644
index 000000000000..b1337b88b089
--- /dev/null
+++ b/src/chrome/content/rules/Icecast.org.xml
@@ -0,0 +1,28 @@
+<!--
+	Invalid certificate:
+		- www.icecast.org, equivalent to icecast.org
+		- au.icecast.org, equivalent to xiph.org
+		- www.au.icecast.org, equivalent to xiph.org
+		- docs.icecast.org
+		- www.eu.icecast.org, equivalent to xiph.org
+		- us.icecast.org, equivalent to icecast.org
+		- www.us.icecast.org, equivalent to icecast.org
+-->
+
+<ruleset name="Icecast.org">
+	<target host="icecast.org" />
+	<target host="www.icecast.org" />
+	<target host="au.icecast.org" />
+	<target host="www.au.icecast.org" />
+	<target host="www.eu.icecast.org" />
+	<target host="us.icecast.org" />
+	<target host="www.us.icecast.org" />
+
+	<rule from="^http://(www|(www\.)?us)\.icecast\.org/"
+		to="https://icecast.org/" />
+
+	<rule from="^http://(au|www\.(au|eu))\.icecast\.org/"
+		to="https://xiph.org/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Icecat.xml b/src/chrome/content/rules/Icecat.xml
index a08c639e63c0..30b69a6ae35e 100644
--- a/src/chrome/content/rules/Icecat.xml
+++ b/src/chrome/content/rules/Icecat.xml
@@ -1,15 +1,92 @@
 <!--
-	Some (most?) pages redirect to http
+	.../forum.cgi redirects to http.
 
+
+	Insecure cookies are set for these domains and hosts:
+
+		- icecat.biz
+		- .icecat.biz
+		- at.icecat.biz
+		- .at.icecat.biz
+		- be.icecat.biz
+		- .be.icecat.biz
+		- ch.icecat.biz
+		- .ch.icecat.biz
+		- cz.icecat.biz
+		- .cz.icecat.biz
+		- es.icecat.biz
+		- .es.icecat.biz
+		- fr.icecat.biz
+		- .fr.icecat.biz
+		- it.icecat.biz
+		- .it.icecat.biz
+		- nl.icecat.biz
+		- .nl.icecat.biz
+		- se.icecat.biz
+		- .se.icecat.biz
+		- ua.icecat.biz
+		- .ua.icecat.biz
+		- uk.icecat.biz
+		- .uk.icecat.biz
+		- us.icecat.biz
+		- .us.icecat.biz
+		- www.icecat.biz
+		- .www.icecat.biz
+
+		Off due to continuous reloading as reported in
+		https://github.com/EFForg/https-everywhere/issues/1711
 -->
-<ruleset name="Icecat (partial)">
+<ruleset name="Icecat.biz (partial)" default_off="broken">
 
 	<target host="icecat.biz" />
-	<target host="*.icecat.biz" />
-		<exclusion pattern="^http://(?:www\.)?icecat\.biz/(?!css/|en/menu/(?:forgot|openicecat|register)/|imgs/)" />
+	<target host="at.icecat.biz" />
+	<target host="be.icecat.biz" />
+	<target host="ch.icecat.biz" />
+	<target host="cz.icecat.biz" />
+	<target host="es.icecat.biz" />
+	<target host="images.icecat.biz" />
+	<target host="fr.icecat.biz" />
+	<target host="it.icecat.biz" />
+	<target host="nl.icecat.biz" />
+	<target host="se.icecat.biz" />
+	<target host="ua.icecat.biz" />
+	<target host="uk.icecat.biz" />
+	<target host="us.icecat.biz" />
+	<target host="www.icecat.biz" />
+
+		<!--	Redirects to http:
+						-->
+		<exclusion pattern="^http://(?:(?:at|be|ch|cz|es|fr|it|nl|se|ua|uk|us|www)\.)?icecat\.biz/forum\.cgi" />
+
+			<test url="http://icecat.biz/forum.cgi" />
+			<test url="http://at.icecat.biz/forum.cgi" />
+			<test url="http://be.icecat.biz/forum.cgi" />
+			<test url="http://ch.icecat.biz/forum.cgi" />
+			<test url="http://cz.icecat.biz/forum.cgi" />
+			<test url="http://es.icecat.biz/forum.cgi" />
+			<test url="http://fr.icecat.biz/forum.cgi" />
+			<test url="http://it.icecat.biz/forum.cgi" />
+			<test url="http://nl.icecat.biz/forum.cgi" />
+			<test url="http://se.icecat.biz/forum.cgi" />
+			<test url="http://ua.icecat.biz/forum.cgi" />
+			<test url="http://uk.icecat.biz/forum.cgi" />
+			<test url="http://us.icecat.biz/forum.cgi" />
+			<test url="http://www.icecat.biz/forum.cgi" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^((at|be|ch|cz|es|fr|it|nl|se|ua|uk|us|www)\.)?icecat\.biz$" name="^(PHPSESSID|isMobile|showMobile)$" /-->
+	<!--securecookie host="^\.icecat\.biz$" name="^icecat_bizULocation$" /-->
+	<!--securecookie host="^\.((at|be|ch|cz|es|fr|it|nl|se|ua|uk|us|www)\.)?icecat\.biz$" name="^icecat_bizlimit$" /-->
 
+	<!--	Avoiding PHPSESSID in case it's used for the forum.
+									-->
+	<securecookie host="^((?:at|be|ch|cz|es|fr|it|nl|se|ua|uk|us|www)\.)?icecat\.biz$" name="^(?:isMobile|showMobile)$" />
+	<securecookie host="^\.icecat\.biz$" name="^icecat_bizULocation$" />
+	<securecookie host="^\.(?:(?:at|be|ch|cz|es|fr|it|nl|se|ua|uk|us|www)\.)?icecat\.biz$" name=".+" />
 
-	<rule from="^http://(images\.|www\.)?icecat\.biz/"
-		to="https://$1icecat.biz/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Icehost.is.xml b/src/chrome/content/rules/Icehost.is.xml
new file mode 100644
index 000000000000..f2a9c51b9599
--- /dev/null
+++ b/src/chrome/content/rules/Icehost.is.xml
@@ -0,0 +1,13 @@
+<!--
+	Invalid Certificate:
+		www.icehost.is
+		account.icehost.is
+-->
+<ruleset name="Icehost.is (partial)" >
+	<target host="icehost.is" />
+	<target host="www.icehost.is" />
+
+	<rule from="^http://www\.icehost\.is/" to="https://icehost.is/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Iceleads.com.xml b/src/chrome/content/rules/Iceleads.com.xml
new file mode 100644
index 000000000000..2c2d21b97f83
--- /dev/null
+++ b/src/chrome/content/rules/Iceleads.com.xml
@@ -0,0 +1,15 @@
+<ruleset name="Iceleads.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="iceleads.com" />
+	<target host="www.iceleads.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Icez.net.xml b/src/chrome/content/rules/Icez.net.xml
new file mode 100644
index 000000000000..5a7e9d114a91
--- /dev/null
+++ b/src/chrome/content/rules/Icez.net.xml
@@ -0,0 +1,24 @@
+<!--
+	Server sends no certificate chain *
+
+	* See https://whatsmychaincert.com
+
+
+	Mixed content:
+
+		- Bug from i.creativecommons.org *
+		- Bug from upic.me *
+
+	* Secured by us
+
+-->
+<ruleset name="icez.net" default_off="expired, missing certificate chain">
+
+	<target host="icez.net" />
+	<target host="www.icez.net" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/IchKoche.at.xml b/src/chrome/content/rules/IchKoche.at.xml
new file mode 100644
index 000000000000..1fa5987fc763
--- /dev/null
+++ b/src/chrome/content/rules/IchKoche.at.xml
@@ -0,0 +1,16 @@
+<ruleset name="ichkoche.at">
+
+	<target host="ichkoche.at"/>
+	<target host="www.ichkoche.at"/>
+	<target host="images.ichkoche.at"/>
+	<target host="kochkurse.ichkoche.at"/>
+	<target host="rezeptwettbewerb.ichkoche.at"/>
+	<target host="shop.ichkoche.at"/>
+	<target host="static.ichkoche.at"/>
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ichijinsha.co.jp.xml b/src/chrome/content/rules/Ichijinsha.co.jp.xml
new file mode 100644
index 000000000000..994da8c61d82
--- /dev/null
+++ b/src/chrome/content/rules/Ichijinsha.co.jp.xml
@@ -0,0 +1,18 @@
+<!--
+	Mismatched:
+		- www.shop
+	Authentication required:
+		- next
+-->
+<ruleset name="Ichijinsha">
+	<target host="ichijinsha.co.jp" />
+	<target host="www.ichijinsha.co.jp" />
+	<target host="ad.ichijinsha.co.jp" />
+	<target host="data.ichijinsha.co.jp" />
+	<target host="online.ichijinsha.co.jp" />
+	<target host="shop.ichijinsha.co.jp" />
+	<target host="static.ichijinsha.co.jp" />
+	<target host="www2.ichijinsha.co.jp" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Iciciprulife.com.xml b/src/chrome/content/rules/Iciciprulife.com.xml
new file mode 100644
index 000000000000..cacbd1a3ee91
--- /dev/null
+++ b/src/chrome/content/rules/Iciciprulife.com.xml
@@ -0,0 +1,55 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://documents.iciciprulife.com/ => https://documents.iciciprulife.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	Invalid certificate:
+		iciciprulife.com
+		blog.iciciprulife.com (incomplete certificate chain)
+		www.careers.iciciprulife.com
+		qliksense.iciciprulife.com
+		uat-aem.iciciprulife.com
+
+	No working URL known (see https://github.com/EFForg/https-everywhere/pull/7268#issuecomment-267633534 ):
+		atlas.iciciprulife.com
+		clickpss.iciciprulife.com
+-->
+
+<ruleset name="Iciciprulife.com" default_off="failed ruleset test">
+	<target host="www.iciciprulife.com" />
+	<target host="buy.iciciprulife.com" />
+	<target host="campaign.iciciprulife.com" />
+	<target host="careers.iciciprulife.com" />
+	<target host="customer.iciciprulife.com" />
+	<target host="documents.iciciprulife.com" />
+	<target host="epu.iciciprulife.com" />
+	<target host="group.iciciprulife.com" />
+	<target host="healthclaims.iciciprulife.com" />
+		<test url="http://healthclaims.iciciprulife.com/BCSUIEARPHASE2/js/functions.js" />
+		<exclusion pattern="http://healthclaims\.iciciprulife\.com/$" />
+	<target host="hrapps.iciciprulife.com" />
+		<test url="http://hrapps.iciciprulife.com/CareerPortal/home.aspx" />
+	<target host="ineo.iciciprulife.com" />
+	<target host="ipruapps.iciciprulife.com" />
+	<target host="irm.iciciprulife.com" />
+	<target host="lms.iciciprulife.com" />
+	<target host="mynavigator.iciciprulife.com" />
+	<target host="ocrm.iciciprulife.com" />
+	<target host="onlinelifeinsurance.iciciprulife.com" />
+	<target host="onlinelifeinsurance1.iciciprulife.com" />
+	<target host="pgi.iciciprulife.com" />
+	<target host="pgibeta.iciciprulife.com" />
+	<target host="pulse.iciciprulife.com" />
+	<target host="qlikview.iciciprulife.com" />
+		<test url="http://qlikview.iciciprulife.com/qlikview/global.css" />
+		<exclusion pattern="http://qlikview\.iciciprulife\.com/$" />
+	<target host="retailer.iciciprulife.com" />
+		<test url="http://retailer.iciciprulife.com/ATLAS/jsp/common/login/login.jsp" />
+	<target host="telesales.iciciprulife.com" />
+	<target host="uniserve.iciciprulife.com" />
+	<target host="wap.iciciprulife.com" />
+	<target host="webservices.iciciprulife.com" />
+		<test url="http://webservices.iciciprulife.com/webservices/ServiceManager?operation.view=dataProcessor" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Icinga.xml b/src/chrome/content/rules/Icinga.xml
index 38416469620d..674017e0af23 100644
--- a/src/chrome/content/rules/Icinga.xml
+++ b/src/chrome/content/rules/Icinga.xml
@@ -1,20 +1,41 @@
 <!--
-	Nonfunctional subdomains:
-
-		- classic.demo
-		- web.demo
-
+	Nonfunctional hosts in *.icinga.org:
+		- packages.icinga.org
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
 -->
 <ruleset name="Icinga">
 
 	<target host="icinga.org" />
-	<target host="*.icinga.org" />
-
-
-	<securecookie host="^(.*\.)?icinga\.org$" name=".*" />
-
-
-	<rule from="^http://((?:dev|translate|wiki|www)\.)?icinga\.org/"
-		to="https://$1icinga.org/" />
+	<target host="www.icinga.org" />
+	<target host="boxes.icinga.org" />
+	<target host="dev.icinga.org" />
+	<target host="docs.icinga.org" />
+	<target host="git.icinga.org" />
+	<target host="lists.icinga.org" />
+	<target host="packages.icinga.org" />
+	<target host="support.icinga.org" />
+	<target host="wiki.icinga.org" />
+
+	<target host="icinga.com" />
+	<target host="www.icinga.com" />
+	<target host="boxes.icinga.com" />
+	<target host="dev.icinga.com" />
+	<target host="docs.icinga.com" />
+	<target host="git.icinga.com" />
+	<target host="packages.icinga.com" />
+	<target host="support.icinga.com" />
+	<target host="wiki.icinga.com" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://packages\.icinga\.org/" to="https://packages.icinga.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Icio.us.xml b/src/chrome/content/rules/Icio.us.xml
new file mode 100644
index 000000000000..964596f40968
--- /dev/null
+++ b/src/chrome/content/rules/Icio.us.xml
@@ -0,0 +1,70 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://api.del.icio.us/ => https://api.del.icio.us/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://images.del.icio.us/ => https://api.del.icio.us/: (60, 'SSL certificate problem: certificate has expired')
+
+	For other Delicious coverage, see Delicious.xml.
+
+
+	CDN buckets:
+
+		- api-688261400.us-west-1.elb.amazonaws.com
+
+			- images.del.icio.us
+
+		- delicious.imgix.net
+
+
+	Problematic hosts in *icio.us:
+
+		- images.del *
+
+	* Mismatched, CN: api.del.icio.us
+
+
+	Insecure cookies are set for these domains: ᶜ
+
+		- .api.del.icio.us
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Bug on api.del from api.mixbit.com *
+
+	* See https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="icio.us" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="api.del.icio.us" />
+
+	<!--	Complications:
+				-->
+	<target host="icio.us" />
+	<target host="del.icio.us" />
+	<target host="images.del.icio.us" />
+	<target host="www.icio.us" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.api\.del\.icio\.us$" name="^delvisitor$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://(www\.)?icio\.us/"
+		to="https://del.icio.us/" />
+
+	<rule from="^http://images\.del\.icio\.us/"
+		to="https://api.del.icio.us/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Iconfinder.xml b/src/chrome/content/rules/Iconfinder.xml
index 6193a00741ae..e95d33812140 100644
--- a/src/chrome/content/rules/Iconfinder.xml
+++ b/src/chrome/content/rules/Iconfinder.xml
@@ -1,44 +1,49 @@
 <!--
 	CDN buckets:
 
-		- iconfinder.cachefly.net
+		- iconfinder.cachefly.net	← cdn[0-6]
+		- iconfinder.desk.com	← support
+		- wac.3a7b.edgecastcdn.net/??3A7B/
+		- icons3.iconfinder.netdna-cdn.com	← cdn
 
-			- cdn[0-6]
 
-		- iconfinder.desk.com
+	Nonfunctional hosts in *iconfinder.com:
 
-			- support
+		- blog ¹
+		- shop ²
+		- support ³
 
-		- wac.3a7b.edgecastcdn.net/...
-
-		- icons3.iconfinder.netdna-cdn.com
-
-			- cdn
-
-
-	Nonfunctional subdomains:
-
-		- ^		(refused)
-		- support	(desk.com)
-		- www		(redirects to http, valid cert)
-
-
-	Fully covered subdomains:
-
-		- cdn\d
-		- cdn1[0-2]
-		- track
+	¹ Shows default MediaTemple page
+	² Shopify
+	³ Desk.com/redirects to http
 
 -->
-<ruleset name="Iconfinder (partial) ">
-
-	<target host="*.iconfinder.com" />
-
-
-	<rule from="^http://(cdn\d+|track)\.iconfinder\.com/"
-		to="https://$1.iconfinder.com/" />
-
-	<rule from="^http://support\.iconfinder\.com/favicon\.ico"
-		to="https://d3jyn100am7dxp.cloudfront.net/favicon.ico" />
-
-</ruleset>
\ No newline at end of file
+<ruleset name="Iconfinder.com (partial)">
+
+	<target host="iconfinder.com" />
+	<target host="cdn0.iconfinder.com" />
+	<target host="cdn1.iconfinder.com" />
+	<target host="cdn2.iconfinder.com" />
+	<target host="cdn3.iconfinder.com" />
+	<target host="cdn4.iconfinder.com" />
+	<target host="cdn5.iconfinder.com" />
+	<target host="cdn6.iconfinder.com" />
+	<target host="cdn7.iconfinder.com" />
+	<target host="cdn8.iconfinder.com" />
+	<target host="cdn9.iconfinder.com" />
+	<target host="cdn10.iconfinder.com" />
+	<target host="cdn11.iconfinder.com" />
+	<target host="cdn12.iconfinder.com" />
+	<target host="developer.iconfinder.com" />
+	<target host="track.iconfinder.com" />
+	<target host="www.iconfinder.com" />
+
+		<test url="http://cdn3.iconfinder.com/data/icons/iconic-1/32/fullscreen-20.png" />
+		<test url="http://cdn4.iconfinder.com/data/icons/Sizicons/16x16/question_blue.png" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+
+</ruleset>
diff --git a/src/chrome/content/rules/Iconical.com.xml b/src/chrome/content/rules/Iconical.com.xml
new file mode 100644
index 000000000000..94ae9773e1c8
--- /dev/null
+++ b/src/chrome/content/rules/Iconical.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Iconical.com">
+	<target host="iconical.com" />
+	<target host="www.iconical.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Icontem.com.xml b/src/chrome/content/rules/Icontem.com.xml
new file mode 100644
index 000000000000..d93475f910f9
--- /dev/null
+++ b/src/chrome/content/rules/Icontem.com.xml
@@ -0,0 +1,6 @@
+<!--(www.)? mismatch-->
+<ruleset name="Icontem.com (partial)">
+	<target host="accounts.icontem.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Icony.xml b/src/chrome/content/rules/Icony.xml
new file mode 100644
index 000000000000..4be72bdf7a2e
--- /dev/null
+++ b/src/chrome/content/rules/Icony.xml
@@ -0,0 +1,19 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://flirt.icony.com/ => https://flirt.icony.com/: (6, 'Could not resolve host: flirt.icony.com')
+Fetch error: http://jira.icony.com/ => https://jira.icony.com/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="ICONY" default_off="failed ruleset test">
+
+	<target host="icony.com" />	<!-- cert only valid for www -->
+	<target host="flirt.icony.com" />
+	<target host="jira.icony.com" />
+	<target host="js.icony.com" />
+	<target host="www.icony.com" />
+
+	<rule from="^http://icony\.com/" to="https://www.icony.com/" />
+	<rule from="^http:" to="https:"/>
+
+</ruleset>
diff --git a/src/chrome/content/rules/Icsdelivery.com.xml b/src/chrome/content/rules/Icsdelivery.com.xml
index 0b6a139b4282..ab6562f09ecb 100644
--- a/src/chrome/content/rules/Icsdelivery.com.xml
+++ b/src/chrome/content/rules/Icsdelivery.com.xml
@@ -13,7 +13,8 @@
 <ruleset name="icsdelivery.com">
 
 	<target host="icsdelivery.com" />
-	<target host="*.icsdelivery.com" />
+	<target host="www.icsdelivery.com" />
+	<target host="enroll.icsdelivery.com" />
 
 
 	<securecookie host="^(?:enroll|www)\.icsdelivery\.com$" name=".+" />
@@ -22,7 +23,6 @@
 	<rule from="^http://(?:www\.)?icsdelivery\.com/"
 		to="https://www.icsdelivery.com/" />
 
-	<rule from="^http://enroll\.icsdelivery\.com/"
-		to="https://enroll.icsdelivery.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Icstars.com.xml b/src/chrome/content/rules/Icstars.com.xml
new file mode 100644
index 000000000000..0efbce8420af
--- /dev/null
+++ b/src/chrome/content/rules/Icstars.com.xml
@@ -0,0 +1,21 @@
+<!--
+	Mixed content:
+
+		- Images from www.moonglow.net *
+		- Images from www.moonglowtech.com *
+
+	* Not secured by us <= mismatched
+
+-->
+<ruleset name="icstars.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="icstars.com" />
+	<target host="www.icstars.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Id-Software.xml b/src/chrome/content/rules/Id-Software.xml
deleted file mode 100644
index d6d274ac551d..000000000000
--- a/src/chrome/content/rules/Id-Software.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	For other ZeniMax Media coverage, see ZeniMax-Media.xml.
-
--->
-<ruleset name="id Software" default_off="mismatch">
-
-	<!--	Cert: *.bethsoft.com	-->
-	<target host="idsoftware.com" />
-	<target host="www.idsoftware.com" />
-
-
-	<rule from="^https?://(?:www\.)?idsoftware\.com/"
-		to="https://www.idsoftware.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/IdQQimg.com.xml b/src/chrome/content/rules/IdQQimg.com.xml
new file mode 100644
index 000000000000..941e80e69d0d
--- /dev/null
+++ b/src/chrome/content/rules/IdQQimg.com.xml
@@ -0,0 +1,20 @@
+<!--
+	Doesn't exist:
+		- ^
+		- www.
+-->
+
+<ruleset name="IdQQimg.com">
+
+	<target host="id1.idqqimg.com" />
+	<target host="id2.idqqimg.com" />
+	<target host="id3.idqqimg.com" />
+	<target host="id4.idqqimg.com" />
+	<target host="id5.idqqimg.com" />
+	<target host="pub.idqqimg.com" />
+
+	<securecookie host="^\w" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/IdSoftware.com.xml b/src/chrome/content/rules/IdSoftware.com.xml
new file mode 100644
index 000000000000..2497d3f1981a
--- /dev/null
+++ b/src/chrome/content/rules/IdSoftware.com.xml
@@ -0,0 +1,15 @@
+<!--
+	For other ZeniMax Media coverage, see ZeniMax.com.xml.
+
+	Time out:
+		zerowing.idsoftware.com
+
+-->
+<ruleset name="id Software">
+
+	<target host="idsoftware.com" />
+	<target host="www.idsoftware.com" />
+
+	<rule from="^http:"	to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ida2at.com.xml b/src/chrome/content/rules/Ida2at.com.xml
new file mode 100644
index 000000000000..bfe9f1e4dd94
--- /dev/null
+++ b/src/chrome/content/rules/Ida2at.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="Ida2at.com">
+	<target host="ida2at.com" />
+	<target host="www.ida2at.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/IdeaFit.com.xml b/src/chrome/content/rules/IdeaFit.com.xml
new file mode 100644
index 000000000000..3cee8789d130
--- /dev/null
+++ b/src/chrome/content/rules/IdeaFit.com.xml
@@ -0,0 +1,21 @@
+<!--
+	Wildcard DNS
+
+-->
+<ruleset name="Idea Fit.com (partial)">
+
+	<target host="ideafit.com" />
+	<target host="www.ideafit.com" />
+	<target host="api.ideafit.com" />
+	<target host="cdn.ideafit.com" />
+	<target host="cdn1.ideafit.com" />
+	<target host="cdn2.ideafit.com" />
+	<target host="cdn3.ideafit.com" />
+	<target host="cdn4.ideafit.com" />
+	<target host="cdn5.ideafit.com" />
+	<target host="cdn6.ideafit.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Idea_Stations.org.xml b/src/chrome/content/rules/Idea_Stations.org.xml
new file mode 100644
index 000000000000..460e7b6c05cb
--- /dev/null
+++ b/src/chrome/content/rules/Idea_Stations.org.xml
@@ -0,0 +1,6 @@
+<ruleset name="Idea Stations.org (partial)">
+	<target host="ideastations.org" />
+	<target host="www.ideastations.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Idealo.com.xml b/src/chrome/content/rules/Idealo.com.xml
new file mode 100644
index 000000000000..1b7c1839427a
--- /dev/null
+++ b/src/chrome/content/rules/Idealo.com.xml
@@ -0,0 +1,45 @@
+<!--
+	Nonfunctional hosts in *idealo.com:
+
+		- ^ ¹
+		- travel ²
+		- www ³
+
+	¹ Refused
+	² 403
+	³ Plaintext reply
+
+
+	Insecure cookies are set for these hosts:
+
+		- business.idealo.com
+
+
+	Mixed content:
+
+		- Bugs on business from q3.webtrekk.net *
+
+	* Secured by us
+
+-->
+<ruleset name="Idealo.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="business.idealo.com" />
+	<!-- breaks images on due to  idealo.de - Same Origin Policy -->
+	<!-- <target host="cdn.idealo.com" /> -->
+	<target host="img.idealo.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^business\.idealo\.com$" name="^(?:YII_CSRF_TOKEN|business_lang)$" /-->
+
+	<securecookie host="^business\.idealo\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ideel.com.xml b/src/chrome/content/rules/Ideel.com.xml
new file mode 100644
index 000000000000..2aafa3623d26
--- /dev/null
+++ b/src/chrome/content/rules/Ideel.com.xml
@@ -0,0 +1,70 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.ideel.com/favicon.ico => https://www.ideel.com/favicon.ico: (7, 'Failed to connect to www.ideel.com port 443: Connection timed out')
+Fetch error: http://www.ideel.com/login => https://www.ideel.com/login: (7, 'Failed to connect to www.ideel.com port 443: Connection timed out')
+Fetch error: http://ideel.com/ => https://ideel.com/: (7, 'Failed to connect to ideel.com port 443: Connection timed out')
+Fetch error: http://0-static.ideel.com/ => https://0-static.ideel.com/: (7, 'Failed to connect to 0-static.ideel.com port 443: Connection timed out')
+Fetch error: http://0images-production.ideeli.com/ => https://0images-production.ideeli.com/: (7, 'Failed to connect to 0images-production.ideeli.com port 443: Connection timed out')
+Fetch error: http://support.ideel.com/ => https://support.ideel.com/: (7, 'Failed to connect to support.ideel.com port 443: Connection timed out')
+
+	Problematic hosts in *ideel.com:
+
+		- blog *
+
+	* Mismatched
+
+
+	Fully covered hosts in *ideel.com:
+
+		- 0-static
+		- 0images-production
+		- support
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.ideel.com
+
+-->
+<ruleset name="Ideel.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ideel.com" />
+	<target host="0-static.ideel.com" />
+	<target host="0images-production.ideeli.com" />
+	<target host="support.ideel.com" />
+	<target host="www.ideel.com" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.ideel\.com/($|register/lostpassword$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.ideel\.com/+(?!favicon\.ico|login(?:$|\?))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.ideel.com/active_rbac/tellafriend" />
+			<test url="http://www.ideel.com/events/latest/all" />
+			<test url="http://www.ideel.com/mobile" />
+			<test url="http://www.ideel.com/pages/international" />
+			<test url="http://www.ideel.com/register/lostpassword" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.ideel.com/favicon.ico" />
+			<test url="http://www.ideel.com/login" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.ideel\.com$" name="^(live_session_id|now)$" /-->
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ideenw3rk.de.xml b/src/chrome/content/rules/Ideenw3rk.de.xml
new file mode 100644
index 000000000000..4aa1ff515d50
--- /dev/null
+++ b/src/chrome/content/rules/Ideenw3rk.de.xml
@@ -0,0 +1,10 @@
+<ruleset name="Ideenw3rk.de">
+
+	<target host="ideenw3rk.de" />
+	<target host="www.ideenw3rk.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Idefi.xml b/src/chrome/content/rules/Idefi.xml
index d9fe630c6284..fdea14b3eeee 100644
--- a/src/chrome/content/rules/Idefi.xml
+++ b/src/chrome/content/rules/Idefi.xml
@@ -1,19 +1,25 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://idefimusic.com/ => https://idefimusic.com/: (7, 'Failed to connect to idefimusic.com port 443: Connection refused')
+Fetch error: http://www.idefimusic.com/ => https://www.idefimusic.com/: (7, 'Failed to connect to www.idefimusic.com port 443: Connection refused')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://idefimusic.com/ => https://idefimusic.com/: (28, 'Connection timed out after 10000 milliseconds')
 	CDN buckets:
 
 		- production-idefi.s3.amazonaws.com
 
 -->
-<ruleset name="idefi">
+<ruleset name="idefi" default_off="failed ruleset test">
 
 	<target host="idefimusic.com" />
-	<target host="*.idefimusic.com" />
+	<target host="www.idefimusic.com" />
 
 
 	<securecookie host="^(?:www)?\.idefimusic.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?idefimusic\.com/"
-		to="https://$1idefimusic.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Idefix.xml b/src/chrome/content/rules/Idefix.xml
index 63c344902cf2..aacb4b4245b1 100644
--- a/src/chrome/content/rules/Idefix.xml
+++ b/src/chrome/content/rules/Idefix.xml
@@ -1,8 +1,15 @@
-<ruleset name="Idefix" platform="mixedcontent">
-  <target host="www.idefix.com" />
-  <target host="idefix.com" />
-
-  <securecookie host="^www\.idefix\.com$" name=".*" />
-
-  <rule from="^http://(www\.)?idefix\.com/" to="https://www.idefix.com/" />
-</ruleset>
\ No newline at end of file
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.idefix.com/ => https://www.idefix.com/: Too many redirects while fetching 'https://www.idefix.com/'
+Fetch error: http://idefix.com/ => https://www.idefix.com/: Too many redirects while fetching 'https://www.idefix.com/'
+
+-->
+<ruleset name="Idefix" platform="mixedcontent" default_off="failed ruleset test">
+  <target host="www.idefix.com" />
+  <target host="idefix.com" />
+
+  <securecookie host="^www\.idefix\.com$" name=".+" />
+
+  <rule from="^http://(?:www\.)?idefix\.com/" to="https://www.idefix.com/" />
+</ruleset>
diff --git a/src/chrome/content/rules/IdenTrust.com.xml b/src/chrome/content/rules/IdenTrust.com.xml
new file mode 100644
index 000000000000..efd6c7056080
--- /dev/null
+++ b/src/chrome/content/rules/IdenTrust.com.xml
@@ -0,0 +1,29 @@
+<!--
+	Other IdenTrust rulesets:
+
+		- IdenTrustSSL.com.xml
+
+
+	^: mismatched
+
+-->
+<ruleset name="IdenTrust.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="participant.identrust.com" />
+	<target host="secure.identrust.com" />
+	<target host="www.identrust.com" />
+
+	<!--	Complications:
+				-->
+	<target host="identrust.com" />
+
+
+	<rule from="^http://identrust\.com/"
+		to="https://www.identrust.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/IdenTrustSSL.com.xml b/src/chrome/content/rules/IdenTrustSSL.com.xml
new file mode 100644
index 000000000000..14cef867a782
--- /dev/null
+++ b/src/chrome/content/rules/IdenTrustSSL.com.xml
@@ -0,0 +1,16 @@
+<!--
+	For other IdenTrust coverage, see IdenTrust.com.xml.
+
+-->
+<ruleset name="IdenTrustSSL.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="identrustssl.com" />
+	<target host="www.identrustssl.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Identica.xml b/src/chrome/content/rules/Identica.xml
index 095a9160a272..1077fe83914e 100644
--- a/src/chrome/content/rules/Identica.xml
+++ b/src/chrome/content/rules/Identica.xml
@@ -1,4 +1,13 @@
-<ruleset name="Identica">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://identi.ca/ => https://identi.ca/: (7, 'Failed to connect to identi.ca port 443: Connection refused')
+Fetch error: http://files.status.net/ => https://files.status.net/: (6, 'Could not resolve host: files.status.net')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://files.status.net/ => https://files.status.net/: (28, 'Connection timed out after 10001 milliseconds')
+-->
+<ruleset name="Identica" default_off="failed ruleset test">
   <target host="*.identi.ca" />
   <target host="identi.ca" />
   <target host="files.status.net" />
@@ -10,11 +19,11 @@
 	        to="https://identi.ca/"/>
   <rule from="^http://files\.status\.net/"
 	        to="https://files.status.net/"/>
-  <rule from="^http://(meteor\d+\.identi\.ca)/" 
+  <rule from="^http://(meteor\d+\.identi\.ca)/"
           to="https://$1/" />
   <rule from="^http://avatar\.identi\.ca/"
 	        to="https://avatar3.status.net/i/identica/"/>
 
-  <securecookie host="^identi\.ca$" name=".*"/>
+  <securecookie host="^identi\.ca$" name=".+" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Identity-Stronghold.xml b/src/chrome/content/rules/Identity-Stronghold.xml
deleted file mode 100644
index 6b2a7ee3fdfe..000000000000
--- a/src/chrome/content/rules/Identity-Stronghold.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="Identity Stronghold" platform="mixedcontent">
-
-	<target host="idstronghold.com" />
-	<target host="www.idstronghold.com" />
-
-	<rule from="^http://(www\.)?idstronghold\.com/"
-		to="https://$1idstronghold.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/IdentityTheft.xml b/src/chrome/content/rules/IdentityTheft.xml
index e4261e9e06e7..ee783898faef 100644
--- a/src/chrome/content/rules/IdentityTheft.xml
+++ b/src/chrome/content/rules/IdentityTheft.xml
@@ -1,4 +1,14 @@
-<ruleset name="IdentityTheft">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://identitytheft.org.uk/ => https://www.identitytheft.org.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'www.identitytheft.org.uk'")
+Fetch error: http://www.identitytheft.org.uk/ => https://www.identitytheft.org.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'www.identitytheft.org.uk'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://identitytheft.org.uk/ => https://www.identitytheft.org.uk/: (7, 'Failed to connect to www.identitytheft.org.uk port 443: Connection refused')
+Fetch error: http://www.identitytheft.org.uk/ => https://www.identitytheft.org.uk/: (7, 'Failed to connect to www.identitytheft.org.uk port 443: Connection refused')
+-->
+<ruleset name="IdentityTheft" default_off="failed ruleset test">
   <target host="identitytheft.org.uk"/>
   <target host="www.identitytheft.org.uk"/>
 
diff --git a/src/chrome/content/rules/Identity_Workshop.eu.xml b/src/chrome/content/rules/Identity_Workshop.eu.xml
new file mode 100644
index 000000000000..65e48132ef74
--- /dev/null
+++ b/src/chrome/content/rules/Identity_Workshop.eu.xml
@@ -0,0 +1,31 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://identityworkshop.eu/ => https://identityworkshop.eu/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.identityworkshop.eu/ => https://www.identityworkshop.eu/: (60, 'SSL certificate problem: certificate has expired')
+
+	Insecure cookies are set for these hosts:
+
+		- identityworkshop.eu
+		- www.identityworkshop.eu
+
+-->
+<ruleset name="Identity Workshop.eu" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="identityworkshop.eu" />
+	<target host="www.identityworkshop.eu" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?identityworkshop\.eu$" name="^[\da-f]{32}$" /-->
+
+	<securecookie host="^(?:www\.)?identityworkshop\.eu$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Idenyt.dk.xml b/src/chrome/content/rules/Idenyt.dk.xml
new file mode 100644
index 000000000000..c69ba3c80adf
--- /dev/null
+++ b/src/chrome/content/rules/Idenyt.dk.xml
@@ -0,0 +1,26 @@
+<!--
+
+	Problematic hosts in *idenyt.dk:
+
+		- foto ¹
+		- jul2k8 ¹
+		- tv ¹
+		- www.tv ¹
+
+	¹ Timeout
+
+-->
+<ruleset name="Idenyt.dk">
+
+	<target host="idenyt.dk" />
+	<target host="www.idenyt.dk" />
+	<target host="forum.idenyt.dk" />
+	<target host="login.idenyt.dk" />
+	<target host="louises-tips.idenyt.dk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/IdeoClick.com.xml b/src/chrome/content/rules/IdeoClick.com.xml
new file mode 100644
index 000000000000..442302be1ff1
--- /dev/null
+++ b/src/chrome/content/rules/IdeoClick.com.xml
@@ -0,0 +1,42 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ideoclick.com/ => https://ideoclick.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.ideoclick.com/ => https://www.ideoclick.com/: (60, 'SSL certificate problem: certificate has expired')
+
+	Other IdeoClick rulesets:
+
+
+
+	Insecure cookies are set for these hosts:
+
+		- ideoclick.com
+		- www.ideoclick.com
+
+
+	Mixed content:
+
+		- css from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="IdeoClick.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ideoclick.com" />
+	<target host="www.ideoclick.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?ideoclick\.com$" name="^(ASP\.NET_SessionId|UserSession\.CurrentCart_\d+|UserSession\.PageViewID_\d+|UserSession\.SessionID_\d+|UserSession\.StoreID_\d+)$" /-->
+
+	<securecookie host="^(?:www\.)?ideoclick\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ideone.com.xml b/src/chrome/content/rules/Ideone.com.xml
new file mode 100644
index 000000000000..90bb40035208
--- /dev/null
+++ b/src/chrome/content/rules/Ideone.com.xml
@@ -0,0 +1,37 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://okta6.ideone.com/ => https://okta6.ideone.com/: (28, 'Connection timed out after 20000 milliseconds')
+
+	Fully covered hosts in *ideone.com:
+
+		- (www.)?
+		- okta6
+
+
+	Insecure cookies are set for these hosts:
+
+		- ideone.com
+		- www.ideone.com
+
+-->
+<ruleset name="Ideone.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ideone.com" />
+	<target host="okta6.ideone.com" />
+	<target host="www.ideone.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?ideone\.com$" name="^(JIDEONE|PHPSESSID)$" /-->
+
+	<securecookie host="^(?:www\.)?ideone\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Idevelop.ro.xml b/src/chrome/content/rules/Idevelop.ro.xml
new file mode 100644
index 000000000000..081fceeacfe3
--- /dev/null
+++ b/src/chrome/content/rules/Idevelop.ro.xml
@@ -0,0 +1,10 @@
+<!--
+Cloudflare SSL
+-->
+<ruleset name="Idevelop.ro">
+    <target host="idevelop.ro" />
+    <target host="www.idevelop.ro" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Idg.de.xml b/src/chrome/content/rules/Idg.de.xml
new file mode 100644
index 000000000000..eb6f143f8ccf
--- /dev/null
+++ b/src/chrome/content/rules/Idg.de.xml
@@ -0,0 +1,69 @@
+<!--
+	Cert expired:
+		- idg.de
+		- ba.idg.de
+		- epost.idg.de
+		- exchange01.idg.de
+		- kka.idg.de
+		- mail1.idg.de
+		- notes-intranet.idg.de
+		- syndication.idg.de
+
+	Cert mismatch:
+		- apps.idg.de
+		- images.idg.de
+		- infomail.idg.de
+		- l.idg.de
+		- lyncdiscover.idg.de
+		- mtp.idg.de
+		- sip.idg.de
+		- w3.idg.de
+		- www.beta.idg.de
+
+	Chain issues:
+		- access.idg.de
+		- relevants.idg.de
+
+	Connection refused:
+		- autodiscover.fb.idg.de
+		- download.idg.de
+		- fax.idg.de
+		- files-gs.idg.de
+		- files-pcw.idg.de
+		- git.idg.de
+		- sms.idg.de
+		- status.idg.de
+		- upload.idg.de
+
+	TLS error:
+		- ldaps.idg.de
+-->
+<ruleset name="Idg.de">
+
+	<target host="www.idg.de" />
+
+	<target host="adserver.idg.de" />
+	<target host="beta.idg.de" />
+	<target host="beyond.idg.de" />
+	<target host="citrix.idg.de" />
+	<target host="cloud.idg.de" />
+	<target host="computerworld.idg.de" />
+	<target host="docs.idg.de" />
+	<target host="flow.idg.de" />
+	<target host="ftp.idg.de" />
+	<target host="icinga.idg.de" />
+	<target host="meet-the-press.idg.de" />
+	<target host="monitor.idg.de" />
+	<target host="partner.idg.de" />
+	<target host="staticvideos.idg.de" />
+	<target host="tap.idg.de" />
+	<target host="telefon.idg.de" />
+	<target host="videos-mwo.idg.de" />
+	<target host="videos-pcw.idg.de" />
+	<target host="videos.idg.de" />
+	<target host="webcast.idg.de" />
+	<target host="www.beyond.idg.de" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Idris-lang.org.xml b/src/chrome/content/rules/Idris-lang.org.xml
new file mode 100644
index 000000000000..7daef3aa2f50
--- /dev/null
+++ b/src/chrome/content/rules/Idris-lang.org.xml
@@ -0,0 +1,10 @@
+<!--
+	Nonfunctional hosts in *.idris-lang.org:
+-->
+<ruleset name="Idris-lang.org">
+	<target host="idris-lang.org" />
+	<target host="www.idris-lang.org" />
+	<target host="docs.idris-lang.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Iemoji.com.xml b/src/chrome/content/rules/Iemoji.com.xml
new file mode 100644
index 000000000000..e0b7cf816a54
--- /dev/null
+++ b/src/chrome/content/rules/Iemoji.com.xml
@@ -0,0 +1,16 @@
+<!--
+	Nonfunctional hosts in *.iemoji.com:
+		- pix.iemoji.com (m)
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Iemoji.com">
+	<target host="iemoji.com" />
+	<target host="www.iemoji.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Iesnare.com.xml b/src/chrome/content/rules/Iesnare.com.xml
index 96f5d81543bc..e37330dacfcb 100644
--- a/src/chrome/content/rules/Iesnare.com.xml
+++ b/src/chrome/content/rules/Iesnare.com.xml
@@ -4,13 +4,13 @@
 -->
 <ruleset name="iesnare.com">
 
-	<target host="*.iesnare.com" />
+	<target host="mpsnare.iesnare.com" />
 
 
-	<securecookie host="^\.iesnare\.com$" name="^token$" />
+	<securecookie host="^\." name="^token$" />
 
 
-	<rule from="^http://mpsnare\.iesnare\.com/"
-		to="https://mpsnare.iesnare.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Ifortuna.sk.xml b/src/chrome/content/rules/Ifortuna.sk.xml
new file mode 100644
index 000000000000..1c8c3734ab0d
--- /dev/null
+++ b/src/chrome/content/rules/Ifortuna.sk.xml
@@ -0,0 +1,6 @@
+<ruleset name="Ifortuna.sk">
+  <target host="ifortuna.sk" />
+  <target host="www.ifortuna.sk" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/IgHome.com.xml b/src/chrome/content/rules/IgHome.com.xml
index 7a4d2cc116ea..e813864e0d4f 100644
--- a/src/chrome/content/rules/IgHome.com.xml
+++ b/src/chrome/content/rules/IgHome.com.xml
@@ -16,7 +16,8 @@
 <ruleset name="igHome.com">
 
 	<target host="ighome.com" />
-	<target host="*.ighome.com" />
+	<target host="www.ighome.com" />
+	<target host="rss.ighome.com" />
 
 
 	<securecookie host="^(?:rss|www)\.ighome\.com$" name=".+" />
@@ -25,7 +26,6 @@
 	<rule from="^http://(?:www\.)?ighome\.com/"
 		to="https://www.ighome.com/" />
 
-	<rule from="^http://rss\.ighome\.com/"
-		to="https://rss.ighome.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Igalia-self-signed.xml b/src/chrome/content/rules/Igalia-self-signed.xml
index 6a3f32b688d2..46028669a441 100644
--- a/src/chrome/content/rules/Igalia-self-signed.xml
+++ b/src/chrome/content/rules/Igalia-self-signed.xml
@@ -1,12 +1,12 @@
 <ruleset name="igalia.com (self-signed)" default_off="expired, self-signed">
 
-	<target host="*.igalia.com"/>
+	<target host="blogs.igalia.com" />
+	<target host="www.igalia.com" />
 		<!--exclusion pattern="^http://www\.igalia\.com/($|\?|fileadmin/)" /-->
 		<exclusion pattern="^http://www\.igalia\.com/(?!typo3(?:conf|temp)/)" />
 
-	<securecookie host="^blogs\.igalia\.com$" name=".*"/>
+	<securecookie host="^blogs\.igalia\.com$" name=".+" />
 
-	<rule from="^http://(blogs|www)\.igalia\.com/"
-		to="https://$1.igalia.com/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Igalia.xml b/src/chrome/content/rules/Igalia.xml
index 34f908c41f2b..726d9e2c8bb3 100644
--- a/src/chrome/content/rules/Igalia.xml
+++ b/src/chrome/content/rules/Igalia.xml
@@ -1,20 +1,34 @@
-<!--	!functional:
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://labs.igalia.com/ => https://labs.igalia.com/: (6, 'Could not resolve host: labs.igalia.com')
+	!functional:
 		- planet.igalia.com	(401; expired 2011-08-25, self-signed)
 
-	Seee Igalia-self-signed.xml for problematic rules.
+	See Igalia-self-signed.xml for problematic rules.
 
 
 	Problematic subdomains:
 
+		- blogs ¹
+		- jabalix ²
 		- www	(some pages redirect to http; expired 2011-08-25, self-signed)
 
+	¹ Works; expired 2011-08-25, self-signed
+	² Works, self-signed
+
 -->
-<ruleset name="Igalia (partial)">
+<ruleset name="Igalia (partial)" default_off="failed ruleset test">
 
 	<target host="igalia.com" />
 	<target host="labs.igalia.com"/>
 
-	<rule from="^http://(labs\.)?igalia\.com/"
-		to="https://$1igalia.com/"/>
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^blogs\.igalia\.com$" name="^bb2_screener_$" /-->
+
+
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Ignite_Realtime.org.xml b/src/chrome/content/rules/Ignite_Realtime.org.xml
new file mode 100644
index 000000000000..77202009a989
--- /dev/null
+++ b/src/chrome/content/rules/Ignite_Realtime.org.xml
@@ -0,0 +1,42 @@
+<!--
+	Problematic subdomains:
+
+		- issues *
+
+	* Mismatched, CN: igniterealtime.org
+
+
+	Mixed content:
+
+		- Images on (www.) from community *
+
+	* Secured by us
+
+-->
+<ruleset name="Ignite Realtime.org">
+
+	<target host="igniterealtime.org" />
+	<target host="*.igniterealtime.org" />
+
+
+	<!--	Secured by server:
+					-->
+	<!--securecookie host="^(www\.)?igniterealtime\.org$" name="^atlassian\.xsrf\.token$" /-->
+	<!--
+		Not secured by server:
+					-->
+	<!--securecookie host="^(community\.|www\.)?igniterealtime\.org$" name="^JSESSIONID$" /-->
+	<!--securecookie host="^community\.igniterealtime\.org$" name="^jive\.server\.info$" /-->
+
+	<securecookie host="^(?:community\.|www\.)?igniterealtime\.org$" name=".+" />
+
+
+	<rule from="^http://(community\.|www\.)?igniterealtime\.org/"
+		to="https://$1igniterealtime.org/" />
+
+	<!--	Redirect preserves path and args:
+							-->
+	<rule from="^http://issues\.igniterealtime\.org/+"
+		to="https://igniterealtime.org/issues/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/IgnitionDeck.xml b/src/chrome/content/rules/IgnitionDeck.xml
new file mode 100644
index 000000000000..bc5b6f56f336
--- /dev/null
+++ b/src/chrome/content/rules/IgnitionDeck.xml
@@ -0,0 +1,14 @@
+<!--
+	self-signed, mismatch, expired:
+		- demo
+		- secret
+
+	error:
+		- www
+-->
+<ruleset name="IgnitionDeck">
+	<target host="ignitiondeck.com"/>
+
+	<rule from="^http:"
+		to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/Ignou.ac.in.xml b/src/chrome/content/rules/Ignou.ac.in.xml
new file mode 100644
index 000000000000..f06b73efbc63
--- /dev/null
+++ b/src/chrome/content/rules/Ignou.ac.in.xml
@@ -0,0 +1,39 @@
+<!--
+	Ruleset for ignou.ac.in, the Indira Gandhi National Open University, the largest university in the world.
+	See <https://en.wikipedia.org/wiki/Indira_Gandhi_National_Open_University>.
+
+	Not supporting HTTPS or using an invalid certificate:
+
+		* ignou.ac.in
+
+		* hindi.ignou.ac.in
+		* rcahmedabad.ignou.ac.in
+		* rcbhubaneshwar.ignou.ac.in
+		* rcchennai.ignou.ac.in
+		* rccochin.ignou.ac.in
+		* rcdelhi3.ignou.ac.in
+		* rcjaipur.ignou.ac.in
+		* rcjammu.ignou.ac.in
+		* rclucknow.ignou.ac.in
+		* rcmadurai.ignou.ac.in
+		* rcpatna.ignou.ac.in
+		* rcportblair.ignou.ac.in
+		* rcsrinagar.ignou.ac.in
+		* rcvatakara.ignou.ac.in
+		* www.ignou.ac.in
+-->
+<ruleset name="IGNOU.ac.in">
+
+	<target host="admission.ignou.ac.in" />
+	<target host="assignment.ignou.ac.in" />
+	<target host="avserver.ignou.ac.in" />
+	<target host="exam.ignou.ac.in" />
+	<target host="isms.ignou.ac.in" />
+	<target host="onlineadmission.ignou.ac.in" />
+	<target host="studentservices.ignou.ac.in" />
+	<target host="webservices.ignou.ac.in" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Igolder.com.xml b/src/chrome/content/rules/Igolder.com.xml
index 45d486f779e8..55799144a883 100644
--- a/src/chrome/content/rules/Igolder.com.xml
+++ b/src/chrome/content/rules/Igolder.com.xml
@@ -2,5 +2,5 @@
   <target host="igolder.com" />
   <target host="www.igolder.com" />
 
-  <rule from="^http://(www\.)?igolder\.com/" to="https://www.igolder.com/" />
+  <rule from="^http://(?:www\.)?igolder\.com/" to="https://www.igolder.com/" />
 </ruleset>
diff --git a/src/chrome/content/rules/Ihug.xml b/src/chrome/content/rules/Ihug.xml
index 66964a94d1fd..5821cd8f9d94 100644
--- a/src/chrome/content/rules/Ihug.xml
+++ b/src/chrome/content/rules/Ihug.xml
@@ -3,7 +3,6 @@
 	<target host="homepages.ihug.co.nz" />
 
 
-	<rule from="^http://homepages\.ihug\.co\.nz/"
-		to="https://homepages.ihug.co.nz/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/IiBuy.com.au.xml b/src/chrome/content/rules/IiBuy.com.au.xml
index 4c094d51ee12..1f0a78e661a7 100644
--- a/src/chrome/content/rules/IiBuy.com.au.xml
+++ b/src/chrome/content/rules/IiBuy.com.au.xml
@@ -1,13 +1,12 @@
 <ruleset name="iiBuy.com.au">
 
 	<target host="iibuy.com.au" />
-	<target host="*.iibuy.com.au" />
+	<target host="www.iibuy.com.au" />
 
 
 	<securecookie host="^\.?www\.iibuy\.com\.au$" name=".+" />
 
 
-	<rule from="^http://(www\.)?iibuy\.com\.au/"
-		to="https://$1iibuy.com.au/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/IiNet.net.au.xml b/src/chrome/content/rules/IiNet.net.au.xml
new file mode 100644
index 000000000000..363360b5b11b
--- /dev/null
+++ b/src/chrome/content/rules/IiNet.net.au.xml
@@ -0,0 +1,62 @@
+<!--
+	Problematic subdomains:
+
+		- webmail *
+
+	* Works; mismatched, CN: *.westnet.com.au
+
+
+	Partially covered subdomains:
+
+		- hostedwebmail *
+
+	* (?!$) doesn't redirect
+
+
+	Fully covered subdomains:
+
+		- (www.)
+		- hostedmail
+		- iihelp
+		- mail
+		- toolbox
+		- toolbox3
+
+
+	Mixed content:
+
+		- Images on www from $self *
+
+		- favicon on www from $self *
+
+		- Bug on www from www.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="iiNet.net.au (partial)">
+
+	<target host="iinet.net.au" />
+	<target host="hostedmail.iinet.net.au" />
+	<target host="iihelp.iinet.net.au" />
+	<target host="mail.iinet.net.au" />
+	<target host="toolbox.iinet.net.au" />
+	<target host="toolbox3.iinet.net.au" />
+	<target host="www.iinet.net.au" />
+	<target host="hostedwebmail.iinet.net.au" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^hostedmail\.iinet\.net\.au$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^mail\.iinet\.net\.au$" name="^atmail6$" />
+
+
+	<rule from="^http://((?:hostedmail|iihelp|mail|toolbox3?|www)\.)?iinet\.net\.au/"
+		to="https://$1iinet.net.au/" />
+
+	<rule from="^http://hostedwebmail\.iinet\.net\.au/$"
+		to="https://hostedmail.iinet.net.au/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Iichan.hk.xml b/src/chrome/content/rules/Iichan.hk.xml
new file mode 100644
index 000000000000..37fff9870cb8
--- /dev/null
+++ b/src/chrome/content/rules/Iichan.hk.xml
@@ -0,0 +1,8 @@
+<!--
+	Wildcard DNS.
+-->
+<ruleset name="Iichan.hk">
+	<target host="iichan.hk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ikea.com.xml b/src/chrome/content/rules/Ikea.com.xml
index 09d369f4f618..c764fff814af 100644
--- a/src/chrome/content/rules/Ikea.com.xml
+++ b/src/chrome/content/rules/Ikea.com.xml
@@ -3,6 +3,34 @@
 
 		- metrics
 
+	Nonfunctional hosts in *ikea.com:
+
+		- ^ ¹
+		- ar ²
+		- m.ar ²
+		- ca ²
+		- ca-m ²
+		- eu ²
+		- eu-m ²
+		- itseelm-ax0033 ³
+		- m ²
+		- www ²
+
+	¹ Dropped
+	² Redirects to http
+	³ Refused
+
+
+	Problematic hosts in *ikea.com:
+
+		- franchisor ¹
+		- metrics ¹
+		- securema ¹
+		- supplierportal ²
+
+	¹ Mismatched
+	² Self-signed
+
 
 	Partially covered subdomains:
 
@@ -11,31 +39,89 @@
 
 	Fully covered subdomains:
 
+		- secure.ar
+		- securem.ar
+		- secure.ca
+		- ca-securem
+		- www.cip
+		- www.des
+		- secure.eu
+		- eu-securem
+		- secure.iows
+		- manhattan
 		- metrics	(→ ikea-com.122.2o7.net)
+		- psathome
 		- secure
+		- securem
 		- smetrics
 
+
+	Insecure cookies are set for these domains:
+
+		- .ikea.com
+		- .franchisor.ikea.com
+
 -->
 <ruleset name="Ikea.com (partial)">
 
+	<!--	Direct rewrites:
+				-->
+	<target host="secure.ar.ikea.com" />
+	<target host="securem.ar.ikea.com" />
+	<target host="secure.ca.ikea.com" />
+	<target host="ca-securem.ikea.com" />
+	<target host="www.cip.ikea.com" />
+	<target host="www.des.ikea.com" />
+	<target host="secure.eu.ikea.com" />
+	<target host="eu-securem.ikea.com" />
+	<target host="secure.iows.ikea.com" />
+	<target host="manhattan.ikea.com" />
+	<target host="onlinecatalogue.ikea.com" />
+		<test url="http://onlinecatalogue.ikea.com/IE/en/IKEA_Catalogue/?index" />
+	<target host="psathome.ikea.com" />
+	<target host="secure.ikea.com" />
+	<target host="securem.ikea.com" />
+	<target host="smetrics.ikea.com" />
+
+	<!--	Complications:
+				-->
 	<target host="ikea.com" />
-	<target host="*.ikea.com" />
-		<!--
-			Pages redirect back:
-						-->
-		<exclusion pattern="^http://(?:www\.)?ikea\.com/+(?!favicon\.ico|img_dot_com/|ms/(?:css|img|js)/|webapp/)" />
+	<target host="metrics.ikea.com" />
+	<target host="www.ikea.com" />
+
+		<exclusion pattern="^http://(?:www\.)?ikea\.com/(?!favicon\.ico|img_dot_com/|ms/(?:css|img|js)/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.ikea.com/cn/" />
+			<test url="http://www.ikea.com/de/de/" />
+			<test url="http://www.ikea.com/fi/fi/" />
+			<test url="http://www.ikea.com/ru/ru" />
+			<test url="http://www.ikea.com/us/en/" />
+
+			<!--	-ve:
+					-->
+			<test url="http://ikea.com/favicon.ico" />
+			<test url="http://www.ikea.com/favicon.ico" />
+			<test url="http://www.ikea.com/img_dot_com/arrows/red_arrow_7x7.gif" />
+			<test url="http://www.ikea.com/ms/img/misc/s1x1.gif" />
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.ikea\.com$" name="^(preferedui|s_vi)$" /-->
+	<!--securecookie host="^\.franchisor\.ikea\.com$" name="^ARRAffinity$" /-->
 
-	<securecookie host="^\.ikea\.com$" name="^s_\w+$" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(?:secure\.|www\.)?ikea\.com/"
+	<rule from="^http://(?:www\.)?ikea\.com/"
 		to="https://secure.ikea.com/" />
 
 	<rule from="^http://metrics\.ikea\.com/"
 		to="https://ikea-com.122.2o7.net/" />
 
-	<rule from="^http://smetrics\.ikea\.com/"
-		to="https://smetrics.ikea.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Ikgalekkerslapen.nl.xml b/src/chrome/content/rules/Ikgalekkerslapen.nl.xml
index eda3bc434891..37797af1fa5c 100644
--- a/src/chrome/content/rules/Ikgalekkerslapen.nl.xml
+++ b/src/chrome/content/rules/Ikgalekkerslapen.nl.xml
@@ -10,7 +10,6 @@
 	<securecookie host="^www\.ikgalekkerslapen\.nl$" name=".+" />
 
 
-	<rule from="^http://www\.ikgalekkerslapen\.nl/"
-		to="https://www.ikgalekkerslapen.nl/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/IkhwanWiki.com.xml b/src/chrome/content/rules/IkhwanWiki.com.xml
new file mode 100644
index 000000000000..fbbfeb7d7365
--- /dev/null
+++ b/src/chrome/content/rules/IkhwanWiki.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="IkhwanWiki.com">
+	<target host="ikhwanwiki.com" />
+	<target host="www.ikhwanwiki.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Iki.fi.xml b/src/chrome/content/rules/Iki.fi.xml
new file mode 100644
index 000000000000..02d75315f08f
--- /dev/null
+++ b/src/chrome/content/rules/Iki.fi.xml
@@ -0,0 +1,7 @@
+<ruleset name="Iki.fi (partial)">
+	<target host="iki.fi" />
+	<target host="www.iki.fi" />
+	<target host="ikiwiki.iki.fi" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ikiwiki.info.xml b/src/chrome/content/rules/Ikiwiki.info.xml
index 529a841d8f0d..5c5899e0c88d 100644
--- a/src/chrome/content/rules/Ikiwiki.info.xml
+++ b/src/chrome/content/rules/Ikiwiki.info.xml
@@ -1,10 +1,10 @@
+<!--
+	Mismatch:
+		- l10n
+-->
 <ruleset name="ikiwiki.info">
-
 	<target host="ikiwiki.info" />
-	<target host="www.ikiwiki.info" />
-
-
-	<rule from="^http://(www\.)?ikiwiki\.info/"
-		to="https://$1ikiwiki.info/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ikoula.com.xml b/src/chrome/content/rules/Ikoula.com.xml
new file mode 100644
index 000000000000..e06f48bb3258
--- /dev/null
+++ b/src/chrome/content/rules/Ikoula.com.xml
@@ -0,0 +1,42 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://livehelpvm01.ikoula.com/ => https://livehelpvm01.ikoula.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	Other Ikoula rulesets:
+
+
+
+	Insecure cookies are set for these domains:
+
+		- .ikoula.com
+
+-->
+<ruleset name="Ikoula.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ikoula.com" />
+	<target host="blog.ikoula.com" />
+	<target host="bosso.ikoula.com" />
+	<target host="express.ikoula.com" />
+	<target host="extranet.ikoula.com" />
+	<target host="ies.ikoula.com" />
+	<target host="livehelpvm01.ikoula.com" />
+	<target host="order.ikoula.com" />
+	<target host="orderng02.ikoula.com" />
+	<target host="support.ikoula.com" />
+	<target host="www.ikoula.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.ikoula\.com$" name="^SESS[\da-f]{32}$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Iljmp.com.xml b/src/chrome/content/rules/Iljmp.com.xml
index c0e6e0be2482..06fe9c8030bc 100644
--- a/src/chrome/content/rules/Iljmp.com.xml
+++ b/src/chrome/content/rules/Iljmp.com.xml
@@ -1,20 +1,24 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://iljmp.com/ => https://iljmp.com/: (51, "SSL: no alternative certificate subject name matches target host name 'iljmp.com'")
+
 	For other Awio Web Services coverage, see Awio-Web-Services.
 
 
 	Web bugs.
 
 -->
-<ruleset name="Iljmp.com">
+<ruleset name="Iljmp.com" default_off="failed ruleset test">
 
 	<target host="iljmp.com" />
 	<target host="*.iljmp.com" />
 
 
-	<securecookie host="(?:.*\.)?iljmp\.com$" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
 
 	<rule from="^http://([\w-]+\.)?iljmp\.com/"
 		to="https://$1iljmp.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Illinois_Department_of_Financial_and_Professional_Regulation.xml b/src/chrome/content/rules/Illinois_Department_of_Financial_and_Professional_Regulation.xml
index e4d61711c792..f1196e489b7a 100644
--- a/src/chrome/content/rules/Illinois_Department_of_Financial_and_Professional_Regulation.xml
+++ b/src/chrome/content/rules/Illinois_Department_of_Financial_and_Professional_Regulation.xml
@@ -1,5 +1,4 @@
 <!--
-	For other U.S. government coverage, see US-government.xml.
 
 
 	Cert only matches www
@@ -17,4 +16,4 @@
 	<rule from="^http://(?:www\.)?idfpr\.com/"
 		to="https://www.idfpr.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Illinois_Law_Review.org.xml b/src/chrome/content/rules/Illinois_Law_Review.org.xml
new file mode 100644
index 000000000000..1a78567fb703
--- /dev/null
+++ b/src/chrome/content/rules/Illinois_Law_Review.org.xml
@@ -0,0 +1,27 @@
+<!--
+	For other University of Illinois at Urban-Champaign coverage, see University-of-Illinois-at-Urbana-Champaign.xml.
+
+
+	Mixed content:
+
+		- css from www.illinoislawreview.org *
+		- Images from illinoislawreview.org *
+
+	* Secured by us
+
+-->
+<ruleset name="Illinois Law Review.org (false MCB)" platform="mixedcontent">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="illinoislawreview.org" />
+	<target host="www.illinoislawreview.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Illinois_Tech.org.xml b/src/chrome/content/rules/Illinois_Tech.org.xml
new file mode 100644
index 000000000000..a5b139cf361c
--- /dev/null
+++ b/src/chrome/content/rules/Illinois_Tech.org.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- www.illinoistech.org
+
+-->
+<ruleset name="Illinois Tech.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="illinoistech.org" />
+	<target host="www.illinoistech.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.illinoistech\.org$" name="^(exp_last_activity|exp_last_visit|exp_tracker)$" /-->
+
+	<securecookie host="^www\.illinoistech\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Illumina.com.xml b/src/chrome/content/rules/Illumina.com.xml
new file mode 100644
index 000000000000..38f0d42d8957
--- /dev/null
+++ b/src/chrome/content/rules/Illumina.com.xml
@@ -0,0 +1,59 @@
+<!--
+	Nonfunctional subdomains:
+
+		- (www.)? *
+		- designstudio *
+		- support *
+
+	* Refused
+
+
+	Problematic subdomains:
+
+		- assets ¹
+		- blog.basespace ²
+		- res ²
+
+	¹ Cloudfront
+	² Mismatched
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .basespace.illumina.com
+		- my.illumina.com
+
+-->
+<ruleset name="Illumina.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="accounts.illumina.com" />
+	<target host="basespace.illumina.com" />
+
+	<target host="api.basespace.illumina.com" />
+	<target host="developer.basespace.illumina.com" />
+	<target host="help.basespace.illumina.com" />
+
+	<target host="my.illumina.com" />
+
+	<!--	Complications:
+				-->
+	<!--target host="assets.illumina.com" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.basespace\.illumina\.com$" name="^BasespaceLogin$" /-->
+	<!--securecookie host="^my\.illumina\.com$" name="^BIGipServer[\w.~]+$" /-->
+
+	<securecookie host="^my\.illumina\.com$" name=".+" />
+
+
+	<!--rule from="^http://assets\.illumina\.com/"
+		to="https://???.cloudfront.net/" /-->
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Illuminated_Pots.xml b/src/chrome/content/rules/Illuminated_Pots.xml
deleted file mode 100644
index df80fadd84ac..000000000000
--- a/src/chrome/content/rules/Illuminated_Pots.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	!www loops over http
-
--->
-<ruleset name="Illuminated Pots">
-
-	<target host="*.illuminated-pots.com" />
-
-
-	<securecookie host="^(?:\.?www)?\.illuminated-pots\.com$" name=".+" />
-
-
-	<rule from="^http://www\.illuminated-pots\.com/"
-		to="https://www.illuminated-pots.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Illumos.org.xml b/src/chrome/content/rules/Illumos.org.xml
new file mode 100644
index 000000000000..70d6824faa7a
--- /dev/null
+++ b/src/chrome/content/rules/Illumos.org.xml
@@ -0,0 +1,43 @@
+<!--
+	Nonfunctional hosts in *illumos.org:
+
+		- cr *
+
+	* Refused
+
+
+	Problematic hosts in *illumos.org:
+
+		- lists *
+		- src *
+
+	* Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- illumos.org
+		- www.illumos.org
+		- wiki.illumos.org
+
+-->
+<ruleset name="illumos.org (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="illumos.org" />
+	<target host="www.illumos.org" />
+	<target host="wiki.illumos.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?illumos\.org$" name="^_redmine_session$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ilmasto-opas.xml b/src/chrome/content/rules/Ilmasto-opas.xml
index 8b5a1d068bdb..7b9539748755 100644
--- a/src/chrome/content/rules/Ilmasto-opas.xml
+++ b/src/chrome/content/rules/Ilmasto-opas.xml
@@ -4,6 +4,5 @@
 
 	<securecookie host="^ilmasto-opas\.fi$" name=".+" />
 
-	<rule from="^http://(www\.)?ilmasto-opas\.fi/"
-		to="https://$1ilmasto-opas.fi/"/>
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Ilya_Grigorik.xml b/src/chrome/content/rules/Ilya_Grigorik.xml
index 765e18efa92e..d79d79de137d 100644
--- a/src/chrome/content/rules/Ilya_Grigorik.xml
+++ b/src/chrome/content/rules/Ilya_Grigorik.xml
@@ -1,10 +1,21 @@
-<ruleset name="Ilya Grigorik">
+<!--
+	Ilya Grigorik
+
+
+	Nonfunctional subdomains:
+
+		- feeds *
+
+	* feedburner
+
+-->
+<ruleset name="igvita.com (partial)">
 
 	<target host="igvita.com" />
 	<target host="www.igvita.com" />
 
 
-	<rule from="^http://(www\.)?igvita\.com/"
-		to="https://$1igvita.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Im-a-Bad-Idea.xml b/src/chrome/content/rules/Im-a-Bad-Idea.xml
index 92679ca9ae0d..a604f35e037a 100644
--- a/src/chrome/content/rules/Im-a-Bad-Idea.xml
+++ b/src/chrome/content/rules/Im-a-Bad-Idea.xml
@@ -4,14 +4,14 @@
 		- (www.)imabadidea.com	(ssl_error_rx_record_too_long)
 
 -->
-<ruleset name="I'm a Bad Idea (partial)" default_off="mismatch">
+<ruleset name="I'm a Bad Idea (partial)" default_off="mismatched">
 
 	<!--	Cert: *.squarespace.com	-->
 	<target host="vanessatorrivilla.com" />
 	<target host="www.vanessatorrivilla.com" />
 
 	<!--	!www redirects to www.	-->
-	<rule from="^https?://vanessatorrivilla\.com/"
+	<rule from="^http://vanessatorrivilla\.com/"
 		to="https://www.vanessatorrivilla.com/" />
 
 	<!--	Pages redirect to https.	-->
diff --git a/src/chrome/content/rules/Imag.fr.xml b/src/chrome/content/rules/Imag.fr.xml
new file mode 100644
index 000000000000..b6220509cb84
--- /dev/null
+++ b/src/chrome/content/rules/Imag.fr.xml
@@ -0,0 +1,86 @@
+<!--
+	Nonfunctional subdomains:
+
+		- acroe ¹
+		- membres-timc ²
+		- mosig ³
+		- operette ⁴
+		- scci ⁴
+		- tima ⁵
+		- ufrima ¹
+		- www ¹
+
+	¹ Refused
+	² Shows trombi-timc
+	³ Shows brouet
+	⁴ Differs from http
+	⁵ Redirects to http
+
+
+	Problematic subdomains:
+
+		- brouet ¹
+		- docforge ¹
+		- intranet-ljk ¹
+		- ljk ¹
+		- msiam ²
+		- www-ljk ¹
+		- www-lmc ²
+
+	¹ Self-signed
+	² Mismatched
+
+
+	Partially covered subdomains:
+
+		- cmp *
+
+	* Avoiding broken MCB
+
+
+	Fully covered subdomains:
+
+		- c-vpn-pub
+		- forge
+		- iam
+		- mi2s
+		- msiam		(→ iam)
+		- trombi-timc
+
+
+	Mixed content:
+
+		- css on cmp from $self ¹
+
+		- Images, on:
+
+			- cmp from $self ¹
+			- ljk, www-ljk from www-ljk
+
+		- favicon on cmp from $self ¹
+
+	¹ Secured by us
+	² Not secured by us <= mismatched
+
+-->
+<ruleset name="Imag.fr (partial)">
+
+	<target host="msiam.imag.fr" />
+	<target host="c-vpn-pub.imag.fr" />
+	<target host="cmp.imag.fr" />
+	<target host="forge.imag.fr" />
+	<target host="iam.imag.fr" />
+	<target host="mi2s.imag.fr" />
+	<target host="trombi-timc.imag.fr" />
+		<!--
+			Avoid broken MCB:
+						-->
+		<exclusion pattern="^http://cmp\.imag\.fr/+(?!_img/|\w+\.jpg|favicon\.ico|style\.css)" />
+
+
+	<rule from="^http://msiam\.imag\.fr/"
+		to="https://iam.imag.fr/" />
+
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Image-Line.com.xml b/src/chrome/content/rules/Image-Line.com.xml
new file mode 100644
index 000000000000..b8616bde5b22
--- /dev/null
+++ b/src/chrome/content/rules/Image-Line.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Connection refused:
+		demodownload.image-line.com
+
+	Different HTTP/HTTPS content:
+		boxregistration.image-line.com
+		nikolay.image-line.com
+
+	Invalid certificate:
+		maillink.image-line.com
+
+	Mixed content:
+		miro.image-line.com
+
+	Redirect from HTTPS to HTTP:
+		forum.image-line.com
+
+-->
+<ruleset name="Image-Line.com">
+	<target host="image-line.com" />
+	<target host="www.image-line.com" />
+	<target host="support.image-line.com" />
+	<target host="videotutorials.image-line.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Image-Maps.com.xml b/src/chrome/content/rules/Image-Maps.com.xml
new file mode 100644
index 000000000000..cb2c0795e991
--- /dev/null
+++ b/src/chrome/content/rules/Image-Maps.com.xml
@@ -0,0 +1,23 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .image-maps.com
+
+-->
+<ruleset name="Image-Maps.com">
+
+	<target host="image-maps.com" />
+	<target host="www.image-maps.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.image-maps\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ImageComics.com.xml b/src/chrome/content/rules/ImageComics.com.xml
index 6ba35d57d5ec..e5983c03d6ca 100644
--- a/src/chrome/content/rules/ImageComics.com.xml
+++ b/src/chrome/content/rules/ImageComics.com.xml
@@ -7,7 +7,7 @@
 	<securecookie host="^(?:www\.)?imagecomics\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?imagecomics\.com/"
-		to="https://$1imagecomics.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ImageMagick.xml b/src/chrome/content/rules/ImageMagick.xml
index 84b181f45cf8..e88bac6ca4b7 100644
--- a/src/chrome/content/rules/ImageMagick.xml
+++ b/src/chrome/content/rules/ImageMagick.xml
@@ -1,11 +1,27 @@
-<ruleset name="ImageMagick" default_off="self-signed">
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- archive.imagemagick.org
+		- ftp.imagemagick.org
+		- git.imagemagick.org
+		- mirror.imagemagick.org
+		- nextgen.imagemagick.org
+		- studio.imagemagick.org
+		- trac.imagemagick.org
+		- transloadit.imagemagick.org
+		- warrior.imagemagick.org
 
-	<target host="imagemagick.org"/>
-	<target host="www.imagemagick.org"/>
+		Mixed content blocking (MCB) triggered:
+		- jqmagick.imagemagick.org
+-->
+<ruleset name="ImageMagick.org">
+	<target host="imagemagick.org" />
+	<target host="www.imagemagick.org" />
+	<target host="legacy.imagemagick.org" />
+	<target host="magick.imagemagick.org" />
+	<target host="magickstudio.imagemagick.org" />
 
-	<securecookie host="^(www)?\.imagemagick\.org$" name=".*"/>
-
-	<rule from="^http://(?:www\.)?imagemagick\.org/"
-		to="https://www.imagemagick.org/"/>
+	<securecookie host=".+" name=".+" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/ImageOptim.com.xml b/src/chrome/content/rules/ImageOptim.com.xml
new file mode 100644
index 000000000000..a97d0825c012
--- /dev/null
+++ b/src/chrome/content/rules/ImageOptim.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="ImageOptim.com">
+
+	<target host="imageoptim.com" />
+	<target host="www.imageoptim.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ImageRights.com.xml b/src/chrome/content/rules/ImageRights.com.xml
new file mode 100644
index 000000000000..35ce4631c357
--- /dev/null
+++ b/src/chrome/content/rules/ImageRights.com.xml
@@ -0,0 +1,27 @@
+<!--
+	Insecure cookies are set for these domains and hosts:
+
+		- .imagerights.com
+		- www.imagerights.com
+
+-->
+<ruleset name="ImageRights.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="imagerights.com" />
+	<target host="www.imagerights.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?imagerights\.com$" name="^(_imagerights_session|XSRF-TOKEN)$" /-->
+	<!--securecookie host="^\.imagerights\.com$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^(?:www\.)?imagerights\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ImageShack.us.xml b/src/chrome/content/rules/ImageShack.us.xml
deleted file mode 100644
index 57875f17e747..000000000000
--- a/src/chrome/content/rules/ImageShack.us.xml
+++ /dev/null
@@ -1,69 +0,0 @@
-<!--
-	Nonfunctional domains:
-
-		- blog.imageshack.com	(refused)
-		- kb.imageshack.us
-
-
-	Fully covered domains:
-
-
-		- (www.)imageshack.com
-
-		- imageshack.us subdomains:
-
-			- api
-			- imagizer
-			- post
-			- register
-
-
-	Mixed content:
-
-		- Images on imageshack.us from imageshack.us *
-
-		- Web bugs, on imageshack.us from:
-
-			- s3.buysellads.com *
-			- partner.googleadservices.com *
-			- s2.gumgum.com *
-			- pixel.quantserve.com *
-
-	* Secured by us
-
--->
-<ruleset name="ImageShack (partial)">
-
-	<target host="imageshack.*" />
-	<target host="www.imageshack.com" />
-	<target host="*.imageshack.us" />
-		<exclusion pattern="^http://imageshack\.us/f/.*" />
-		<exclusion pattern="^http://iload\d\.imageshack\.us/$" />
-		<exclusion pattern="^http://img\d{1,3}\.imageshack\.us/(?!img\d{1,3}/\d+/\w+\.)" />
-		<exclusion pattern="^http://kb\.imageshack\.us/(?!img/favicon\.ico$)" />
-
-
-	<securecookie host="^(?:.*\.)?imageshack\.us$" name=".+" />
-
-
-	<rule from="^http://(www\.)?imageshack\.com/"
-		to="https://$1imageshack.com/" />
-
-	<rule from="^http://kb\.imageshack\.us/img/favicon\.ico$"
-		to="https://imageshack.us/favicon.ico" />
-
-	<rule from="^http://stream\.imageshack\.us/favicon\.ico$"
-		to="https://imageshack.us/favicon.ico" />
-
-	<rule from="^http://img\d{1,3}\.imageshack\.us/(img\d{1,3}/\d+/\w+)\.(th\.)?(bmp|gif|jpe?g|png|tiff?)(\?|$)"
-		to="https://imageshack.us/a/$1.$2$3$4" />
-
-	<rule from="^http://(?:www\.)?([ac-r]\w+\.)?imageshack\.us/"
-		to="https://$1imageshack.us/" />
-
-	<!--	https://trac.torproject.org/projects/tor/ticket/5727
-									-->
-	<rule from="^https://iload(\d)\.imageshack\.us/"
-		to="http://iload$1.imageshack.us/" downgrade="1" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/ImageShack.xml b/src/chrome/content/rules/ImageShack.xml
new file mode 100644
index 000000000000..be664b5d78a0
--- /dev/null
+++ b/src/chrome/content/rules/ImageShack.xml
@@ -0,0 +1,36 @@
+<!--
+	Note:
+		ImageShack Changed policy, stopped image sharing service.
+		So, a.imageshack.us and img\d+.imageshack.us are 404 now, nomatter http or https.
+
+	Mismatch:
+		my.imageshack.us
+		profile.imageshack.us
+		reg.imageshack.us
+-->
+<ruleset name="ImageShack">
+	<target host="imageshack.com" />
+	<target host="www.imageshack.com" />
+	<target host="api.imageshack.com" />
+	<target host="blog.imageshack.com" />
+	<target host="imagizer.imageshack.com" />
+
+	<target host="imageshack.us" />
+	<target host="*.imageshack.us" />
+		<test url="http://www.imageshack.us/" />
+		<!-- Show 404 page: -->
+		<test url="http://a.imageshack.us/img254/8219/40789751.png" />
+		<test url="http://imagizer.imageshack.us/" />
+		<test url="http://post.imageshack.us/" />
+		<test url="http://img5.imageshack.us/img5/133/homeworld.jpg" />
+		<test url="http://img46.imageshack.us/img46/4804/intel1jk8.gif" />
+		<test url="http://img530.imageshack.us/img530/133/homeworld.jpg" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://(www\.|api\.|blog\.|imagizer\.)?imageshack\.com/" to="https://$1imageshack.com/" />
+
+	<rule from="^http://(www\.|a\.|imagizer\.|post\.)?imageshack\.us/" to="https://$1imageshack.us/" />
+
+	<rule from="^http://img(\d+)\.imageshack\.us/" to="https://img$1.imageshack.us/" />
+</ruleset>
diff --git a/src/chrome/content/rules/ImageTwist.com.xml b/src/chrome/content/rules/ImageTwist.com.xml
new file mode 100644
index 000000000000..30df5cce63e5
--- /dev/null
+++ b/src/chrome/content/rules/ImageTwist.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="ImageTwist.com">
+	<target host="imagetwist.com" />
+	<target host="*.imagetwist.com" />
+
+		<test url="http://www.imagetwist.com/" />
+		<test url="http://img114.imagetwist.com/" />
+		<test url="http://img115.imagetwist.com/" />
+		<test url="http://img116.imagetwist.com/" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Imageforensic.org.xml b/src/chrome/content/rules/Imageforensic.org.xml
new file mode 100644
index 000000000000..7eb8caa163f1
--- /dev/null
+++ b/src/chrome/content/rules/Imageforensic.org.xml
@@ -0,0 +1,12 @@
+<!--
+Cloudflare SSL
+-->
+<ruleset name="Imageforensic.org">
+	<target host="imageforensic.org" />
+	<target host="www.imageforensic.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Images-Amazon.com.xml b/src/chrome/content/rules/Images-Amazon.com.xml
new file mode 100644
index 000000000000..06dc0696199b
--- /dev/null
+++ b/src/chrome/content/rules/Images-Amazon.com.xml
@@ -0,0 +1,41 @@
+<!--
+	Invalid certificate:
+		ec2.images-amazon.com
+		ec4.images-amazon.com
+		ec5.images-amazon.com
+		ec6.images-amazon.com
+		ec8.images-amazon.com
+		ecx.images-amazon.com
+		g-ecx.images-amazon.com
+
+	Time out:
+		ec1.images-amazon.com
+		ec3.images-amazon.com
+
+	https://trac.torproject.org/projects/tor/ticket/7539:
+		ecx.images-amazon.com
+
+-->
+<ruleset name="Amazon-Images.com">
+
+	<target host="ec1.images-amazon.com" />
+	<target host="ec2.images-amazon.com" />
+	<target host="ec3.images-amazon.com" />
+	<target host="ec4.images-amazon.com" />
+	<target host="ec5.images-amazon.com" />
+	<target host="ec6.images-amazon.com" />
+	<target host="ec8.images-amazon.com" />
+	<target host="g-ecx.images-amazon.com" />
+	<target host="z-ak.images-amazon.com" />
+
+	<rule from="^http://g-ecx\.images-amazon\.com/"
+		to="https://d1ge0kk1l5kms0.cloudfront.net/" />
+
+		<test url="http://g-ecx.images-amazon.com/images/G/01/x-site/icons/no-img-sm._V192198896_.gif" />
+
+	<rule from="^http://(ec[1-8]|z-ak)\.images-amazon\.com/"
+		to="https://images-na.ssl-images-amazon.com/" />
+
+		<test url="http://ec1.images-amazon.com/images/G/02/00/00/00/30/70/82/30708202.xls" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ImagesBN.com.xml b/src/chrome/content/rules/ImagesBN.com.xml
new file mode 100644
index 000000000000..05df96d4389e
--- /dev/null
+++ b/src/chrome/content/rules/ImagesBN.com.xml
@@ -0,0 +1,34 @@
+<!--
+	For other Barnes and Noble coverage, see BarnesandNoble.xml.
+
+
+	Fully covered domains:
+
+		- imagesbn.com subdomains:
+
+			- img[12]	(→ simg[12])
+			- img3
+			- simg[12]
+
+-->
+<ruleset name="imagesBN.com">
+
+	<target host="img1.imagesbn.com" />
+	<target host="img2.imagesbn.com" />
+	<target host="simg1.imagesbn.com" />
+	<target host="simg2.imagesbn.com" />
+	<target host="img3.imagesbn.com" />
+
+
+	<!--	s?img[12] appear identical, but copy what
+		the server does as closely as is feasible:
+							-->
+	<rule from="^http://s?img([12])\.imagesbn\.com/"
+		to="https://simg$1.imagesbn.com/" />
+
+	<!--	simg3 doesn't exist, and unlike
+		1 & 2, the cert matches img3:
+						-->
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Imagestash.xml b/src/chrome/content/rules/Imagestash.xml
index da80186c6a46..5ae18b293175 100644
--- a/src/chrome/content/rules/Imagestash.xml
+++ b/src/chrome/content/rules/Imagestash.xml
@@ -1,4 +1,11 @@
-<ruleset name="Imagestash">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://imagestash.org/ => https://imagestash.org/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.imagestash.org/ => https://www.imagestash.org/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="Imagestash" default_off="failed ruleset test">
 
 	<target host="imagestash.org" />
 	<target host="www.imagestash.org" />
@@ -7,7 +14,6 @@
 	<securecookie host="^(?:www\.)?imagestash\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?imagestash\.org/"
-		to="https://$1imagestash.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Imaging-resource.com.xml b/src/chrome/content/rules/Imaging-resource.com.xml
new file mode 100644
index 000000000000..02a24e10ba55
--- /dev/null
+++ b/src/chrome/content/rules/Imaging-resource.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="Imaging-resource.com">
+	<target host="imaging-resource.com" />
+	<target host="www.imaging-resource.com" />
+	<target host="api.imaging-resource.com" />
+	<target host="ir.imaging-resource.com" />
+	<target host="server.imaging-resource.com" />
+	<target host="server1.imaging-resource.com" />
+	<target host="server7.imaging-resource.com" />
+	<target host="similarity.imaging-resource.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ImamReza.net.xml b/src/chrome/content/rules/ImamReza.net.xml
new file mode 100644
index 000000000000..9a4d656392e5
--- /dev/null
+++ b/src/chrome/content/rules/ImamReza.net.xml
@@ -0,0 +1,6 @@
+<ruleset name="ImamReza.net">
+	<target host="imamreza.net" />
+	<target host="www.imamreza.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Imation.com.xml b/src/chrome/content/rules/Imation.com.xml
index 5d95fb2dd487..248b394e1fe3 100644
--- a/src/chrome/content/rules/Imation.com.xml
+++ b/src/chrome/content/rules/Imation.com.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://support.imation.com/ => https://support.imation.com/: (60, 'SSL certificate problem: certificate has expired')
+
 	Problematic subdomains:
 
 		- ir	(works, akamai)
@@ -10,16 +14,16 @@
 		- support
 
 -->
-<ruleset name="Imation.com (partial)">
+<ruleset name="Imation.com (partial)" default_off="failed ruleset test">
 
 	<target host="imation.com" />
-	<target host="*.imation.com" />
+	<target host="support.imation.com" />
+	<target host="www.imation.com" />
 
 
 	<securecookie host="^(?:support\.|www\.)?imation\.com$" name=".+" />
 
 
-	<rule from="^http://(support\.|www\.)?imation\.com/"
-		to="https://$1imation.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Imeem.com.xml b/src/chrome/content/rules/Imeem.com.xml
new file mode 100644
index 000000000000..7e011d1e929c
--- /dev/null
+++ b/src/chrome/content/rules/Imeem.com.xml
@@ -0,0 +1,18 @@
+<!--
+	For other Myspace coverage, see Myspace.xml.
+
+-->
+<ruleset name="imeem.com">
+
+	<!--	Complications:
+				-->
+	<target host="imeem.com" />
+	<target host="www.imeem.com" />
+
+
+	<!--	Redirects like so.
+					-->
+	<rule from="^http://(?:www\.)?imeem\.com/"
+		to="https://www.myspace.com/music/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Imensa.de.xml b/src/chrome/content/rules/Imensa.de.xml
new file mode 100644
index 000000000000..b0eb3686a2fa
--- /dev/null
+++ b/src/chrome/content/rules/Imensa.de.xml
@@ -0,0 +1,8 @@
+<ruleset name="Imensa.de">
+  <target host="imensa.de" />
+  <target host="www.imensa.de" />
+  <target host="ics.imensa.de" />
+  <target host="rss.imensa.de" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Imerys.com.xml b/src/chrome/content/rules/Imerys.com.xml
new file mode 100644
index 000000000000..49f1293299f9
--- /dev/null
+++ b/src/chrome/content/rules/Imerys.com.xml
@@ -0,0 +1,27 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://imerys.com/ => https://imerys.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.imerys.com/ => https://www.imerys.com/: (60, 'SSL certificate problem: certificate has expired')
+
+	Mixed content:
+
+		- Images from $self ¹
+		- Ads from ir1.euroinvestor.com ²
+
+	¹ Secured by us
+	² Not secured by us <= mismatched
+
+-->
+<ruleset name="Imerys.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="imerys.com" />
+	<target host="www.imerys.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Imfimg.com.xml b/src/chrome/content/rules/Imfimg.com.xml
deleted file mode 100644
index 69a1e1b169fc..000000000000
--- a/src/chrome/content/rules/Imfimg.com.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="imfimg.com">
-
-	<target host="imfimg.com" />
-	<target host="*.imfimg.com" />
-
-
-	<securecookie host="^(?:w*\.)?imfimg\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?imfimg\.com/"
-		to="https://$1imfimg.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Img.com.ua.xml b/src/chrome/content/rules/Img.com.ua.xml
new file mode 100644
index 000000000000..5afbc7c0c55a
--- /dev/null
+++ b/src/chrome/content/rules/Img.com.ua.xml
@@ -0,0 +1,26 @@
+<!--
+	Nonfunctional subdomains:
+
+		- os1 *
+		- sport *
+		- v *
+
+	* Dropped
+
+
+	Problematic subdomains:
+
+		- bm *
+
+	* Mismatched
+
+-->
+<ruleset name="img.com.au (partial)">
+
+	<target host="bm.img.com.ua" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ImgDino.xml b/src/chrome/content/rules/ImgDino.xml
index 9d7f76a2cbd8..1ac62c8872dc 100644
--- a/src/chrome/content/rules/ImgDino.xml
+++ b/src/chrome/content/rules/ImgDino.xml
@@ -8,7 +8,7 @@
 	<target host="www.imgdino.com" />
 
 
-	<rule from="^https?://(?:www\.)?imgdino\.com/"
+	<rule from="^http://(?:www\.)?imgdino\.com/"
 		to="https://imgdino.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ImgJam.com.xml b/src/chrome/content/rules/ImgJam.com.xml
new file mode 100644
index 000000000000..7a927dce36b1
--- /dev/null
+++ b/src/chrome/content/rules/ImgJam.com.xml
@@ -0,0 +1,28 @@
+<!--
+	Problematic hosts in *imgjam.com:
+
+		- cdn ¹
+		- www ²
+
+	¹ AmazonAWS
+	² Mismatched
+
+-->
+<ruleset name="imgJam.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="imgjam.com" />
+
+	<!--	Complications:
+				-->
+	<target host="www.imgjam.com" />
+
+
+	<rule from="^http://www\.imgjam\.com/"
+		to="https://imgjam.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ImgUOL.com.xml b/src/chrome/content/rules/ImgUOL.com.xml
new file mode 100644
index 000000000000..7b7933f299f6
--- /dev/null
+++ b/src/chrome/content/rules/ImgUOL.com.xml
@@ -0,0 +1,38 @@
+<!--
+	For other UOL coverage, see UOL.xml.
+
+
+	Nonfunctional subdomains:
+
+		- forum *
+		- mais *
+		- todaoferta *
+
+	* Refused
+
+-->
+<ruleset name="imgUOL.com (partial)" default_off="404">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="imguol.com" />
+
+		<!--	https://github.com/EFForg/https-everywhere/issues/1596
+
+			404 => breaks image gallery:
+							-->
+		<exclusion pattern="^http://imguol\.com/(?:\d{4}/\d\d/\d\d/|blogs/|c/|cursos-online/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://imguol.com/2013/01/06/19dez2012---a-delegada-flavia-faccini-que-trabalha-em-uma-delegacia-de-porto-alegre-pratica-exercicios-a-partir-do-ingresso-em-2010-de-66-delegadas-na-policia-civil-do-rio-grande-do-sul-o-numero-de-1357491147815_956x500.jpg" />
+			<test url="http://imguol.com/c/_layout/v1/_geral/icones/icone_casa_barraUOL.png" />
+			<test url="http://imguol.com/c/_layout/v1/_geral/sprites/estacao/noticias/noticias.png" />
+			<test url="http://imguol.com/c/noticias/2015/04/26/26abr2015---nepales-ferido-no-forte-terremoto-que-atingiu-o-pais-brinca-com-sua-filha-em-hospital-de-katmandu-cerca-de-35-replicas-foram-sentidas-na-capital-entre-o-sabado-e-este-domingo-26-incluindo-1430039942796_142x100.jpg" />
+			<test url="http://imguol.com/cursos-online/2014/10/20/198x213-inglesnegocio-1413827153935_198x213.jpg" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Imgbox.xml b/src/chrome/content/rules/Imgbox.xml
index 53b18257cf2b..ce62535de1ad 100644
--- a/src/chrome/content/rules/Imgbox.xml
+++ b/src/chrome/content/rules/Imgbox.xml
@@ -1,11 +1,61 @@
-<ruleset name="imgbox (partial)">
+<!--
+Invalid certificate:
+	0.s.imgbox.com
+	1.s.imgbox.com
+	2.s.imgbox.com
+	3.s.imgbox.com
+	4.s.imgbox.com
+	5.s.imgbox.com
+	6.s.imgbox.com
+	7.s.imgbox.com
+	8.s.imgbox.com
+	9.s.imgbox.com
+	0.t.imgbox.com
+	1.t.imgbox.com
+	2.t.imgbox.com
+	3.t.imgbox.com
+	4.t.imgbox.com
+	5.t.imgbox.com
+	6.t.imgbox.com
+	7.t.imgbox.com
+	8.t.imgbox.com
+	9.t.imgbox.com
+	1.ws.imgbox.com
+	2.ws.imgbox.com
 
+Refused connection:
+	hcd-1.imgbox.com
+-->
+<ruleset name="imgbox.com">
 	<target host="imgbox.com" />
 	<target host="www.imgbox.com" />
+	<target host="b.imgbox.com" />
+	<target host="0-s.imgbox.com" />
+	<target host="0-t.imgbox.com" />
+	<target host="1-s.imgbox.com" />
+	<target host="1-t.imgbox.com" />
+	<target host="2-s.imgbox.com" />
+	<target host="2-t.imgbox.com" />
+	<target host="3-s.imgbox.com" />
+	<target host="3-t.imgbox.com" />
+	<target host="4-s.imgbox.com" />
+	<target host="4-t.imgbox.com" />
+	<target host="5-s.imgbox.com" />
+	<target host="5-t.imgbox.com" />
+	<target host="6-s.imgbox.com" />
+	<target host="6-t.imgbox.com" />
+	<target host="7-s.imgbox.com" />
+	<target host="7-t.imgbox.com" />
+	<target host="8-s.imgbox.com" />
+	<target host="8-t.imgbox.com" />
+	<target host="9-s.imgbox.com" />
+	<target host="9-t.imgbox.com" />
+	<target host="dl.imgbox.com" />
+	<target host="i.imgbox.com" />
+	<target host="mail.imgbox.com" />
+	<target host="o.imgbox.com" />
+	<target host="s.imgbox.com" />
+	<target host="t.imgbox.com" />
 
-
-	<!--	Some pages redirect to http.	-->
-	<rule from="^http://(www\.)?imgbox\.com/(assets/|(?:dmca|help|login|register|tos)(?:$|\?))"
-		to="https://$1imgbox.com/$2" />
-
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Imgfav.xml b/src/chrome/content/rules/Imgfav.xml
deleted file mode 100644
index 03e689229b4f..000000000000
--- a/src/chrome/content/rules/Imgfav.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	CDN buckets:
-
-		- d2tq98mqfjyz2l.cloudfront.net
-		- dbx86ig1iq724.cloudfront.net
-		- pull.imgfave.netdna-cdn.com
-			- -ssl. doesn't exist
-
--->
-<ruleset name="imgfav (partial)">
-
-	<target host="pull.imgfave.netdna-cdn.com" />
-
-
-	<rule from="^https?://pull\.imgfave\.netdna-cdn\.com/"
-		to="https://d2tq98mqfjyz2l.cloudfront.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Imgflip.com.xml b/src/chrome/content/rules/Imgflip.com.xml
new file mode 100644
index 000000000000..eac3861b52e2
--- /dev/null
+++ b/src/chrome/content/rules/Imgflip.com.xml
@@ -0,0 +1,18 @@
+<ruleset name="Imgflip.com">
+
+	<target host="imgflip.com" />
+	<target host="i.imgflip.com" />
+	<target host="s.imgflip.com" />
+	<target host="www.imgflip.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?imgflip\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^(?:\.|www\.)?imgflip\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Imgix.net.xml b/src/chrome/content/rules/Imgix.net.xml
new file mode 100644
index 000000000000..436e0d8da04b
--- /dev/null
+++ b/src/chrome/content/rules/Imgix.net.xml
@@ -0,0 +1,17 @@
+<!--
+	For other imgix coverage, see imgix.com.xml.
+
+-->
+<ruleset name="imgix.net">
+
+	<target host="*.imgix.net" />
+
+		<test url="http://4real-uploads-jellolabs-com.imgix.net/----web-refer-a-friend/20160901_Refer_Friend_Fall.jpg?auto=compress&amp;fit=crop&amp;w=1240&amp;h=560&amp;crop=edges" />
+		<test url="http://assets.imgix.net/presskit/imgix-presskit.pdf?dpr=2&amp;cs=srgb&amp;fit=clamp&amp;h=128&amp;w=256&amp;fm=png&amp;page=4&amp;colorquant=34" />
+		<test url="http://placeholdit.imgix.net/~text" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Imgrap.com.xml b/src/chrome/content/rules/Imgrap.com.xml
new file mode 100644
index 000000000000..70b457c9b7c4
--- /dev/null
+++ b/src/chrome/content/rules/Imgrap.com.xml
@@ -0,0 +1,16 @@
+<!--
+	^: Dropped over http & https
+	www: Plaintext reply
+
+-->
+<ruleset name="imgrap.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="s.imgrap.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Imgrush.com.xml b/src/chrome/content/rules/Imgrush.com.xml
new file mode 100644
index 000000000000..3eb50024ef06
--- /dev/null
+++ b/src/chrome/content/rules/Imgrush.com.xml
@@ -0,0 +1,30 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://imgrush.com/ => https://imgrush.com/: (7, 'Failed to connect to imgrush.com port 443: Connection refused')
+Fetch error: http://www.imgrush.com/ => https://www.imgrush.com/: (7, 'Failed to connect to www.imgrush.com port 443: Connection refused')
+
+	Insecure cookies are set for these domains:
+
+		- .imgrush.com
+
+-->
+<ruleset name="Imgrush.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="imgrush.com" />
+	<target host="www.imgrush.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.imgrush\.com$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.imgrush\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Imgs_Mail.ru.xml b/src/chrome/content/rules/Imgs_Mail.ru.xml
new file mode 100644
index 000000000000..db130d5d4426
--- /dev/null
+++ b/src/chrome/content/rules/Imgs_Mail.ru.xml
@@ -0,0 +1,76 @@
+<!--
+	For other Mail.ru coverage, see Mail.ru.xml.
+
+
+	Nonfunctional subdomains:
+
+		- st.m.torg ¹
+		- st.torg ¹
+		- torg10 ²
+
+	¹ Redirects to http
+	² 403
+
+
+	Fully covered subdomains:
+
+		- auto
+		- cars
+		- filapp1
+		- go\d*
+		- hi-tech
+		- img
+
+		- img\d+:
+
+			- [1-358]
+
+		- limg
+		- minigames
+
+		- my\d+:
+
+			- [1-35689]
+			- 10
+
+		- proxy
+
+		- \w+.radar:
+
+			- cloud
+			- mail
+
+
+
+	(www.) doesn't exist.
+
+
+	Data on l?img also exist on img.mail.ru.
+
+-->
+<ruleset name="imgs Mail.ru (partial)">
+
+	<target host="*.imgsmail.ru" />
+
+		<test url="http://auto.imgsmail.ru/" />
+		<test url="http://cars.imgsmail.ru/" />
+		<test url="http://filapp1.imgsmail.ru/" />
+		<test url="http://go.imgsmail.ru/" />
+		<test url="http://go.imgsmail.ru/0c.gif?megarandom=&amp;h=" />
+		<test url="http://go.imgsmail.ru/wallpapers/171115.jpg" />
+		<test url="http://go1.imgsmail.ru/" />
+		<test url="http://go1.imgsmail.ru/static/web/img/go-form__submit-btn.png" />
+		<test url="http://go1.imgsmail.ru/static/web/img/main_sprite.png" />
+		<test url="http://go1.imgsmail.ru/static/web/img/sprites/main/communities.png" />
+		<test url="http://hi-tech.imgsmail.ru/" />
+		<test url="http://img.imgsmail.ru/r/new_share_buttons_sprite.gif" />
+		<test url="http://img1.imgsmail.ru/r/new_share_buttons_sprite.gif" />
+		<test url="http://limg.imgsmail.ru/" />
+		<test url="http://minigames.imgsmail.ru/" />
+		<test url="http://proxy.imgsmail.ru/" />
+
+
+	<rule from="^http://(auto|cars|filapp1|go\d*|hi-tech|img\d*|limg|minigames|my\d+|proxy|\w+\.radar)\.imgsmail\.ru/"
+		to="https://$1.imgsmail.ru/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Imgur.com.xml b/src/chrome/content/rules/Imgur.com.xml
new file mode 100644
index 000000000000..8deee9ccfd5c
--- /dev/null
+++ b/src/chrome/content/rules/Imgur.com.xml
@@ -0,0 +1,43 @@
+<!--
+	Self-signed:
+		- browserevents
+
+	Timeout:
+		- go
+		- stack
+
+	Expired:
+		- nexus
+
+	Mismatched:
+		- www.press
+		- r.imgur
+-->
+<ruleset name="Imgur.com">
+	<target host="imgur.com" />
+	<target host="www.imgur.com" />
+	<target host="8ybhy85kld9zp9xf84x6.imgur.com" />
+	<target host="api.imgur.com" />
+	<target host="apidocs.imgur.com" />
+	<target host="backup.imgur.com" />
+	<target host="blog.imgur.com" />
+	<target host="community.imgur.com" />
+	<target host="help.imgur.com" />
+	<target host="i.imgur.com" />
+	<target host="iob.imgur.com" />
+	<target host="m.imgur.com" />
+	<target host="links.msg.imgur.com" />
+	<target host="pb.imgur.com" />
+	<target host="press.imgur.com" />
+	<target host="rt.imgur.com" />
+	<target host="s.imgur.com" />
+	<target host="sen.imgur.com" />
+	<target host="sentry.imgur.com" />
+	<target host="i.stack.imgur.com" />
+	<target host="status.imgur.com" />
+	<target host="store.imgur.com" />
+	<target host="zip.imgur.com" />
+	<target host="zrk.imgur.com" />
+
+	<rule from="^http:"	to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Imgur.xml b/src/chrome/content/rules/Imgur.xml
deleted file mode 100644
index 39e9101e31aa..000000000000
--- a/src/chrome/content/rules/Imgur.xml
+++ /dev/null
@@ -1,72 +0,0 @@
-<!--
-	CDN buckets:
-
-		- wac.4220.edgecastcdn.net/??4220/
-
-			- s
-			- i.stack
-
-		- imgur-store.myshopify.com
-
-			- store
-
-
-	Nonfunctional subdomains:
-
-		- stack		(refused)
-
-
-	Problematic subdomains:
-
-		- img	(refused)
-
-
-	Partially covered subdomains:
-
-		- (www.)
-
-
-	Fully covered subdomains:
-
-		- (www.)
-		- i
-		- img		(→ i)
-		- origin
-		- s
-		- i.stack
-		- store		(→ imgur-store.myshopify.com)
-
--->
-<ruleset name="Imgur">
-
-	<target host="imgur.com" />
-	<target host="*.imgur.com" />
-		<!--
-			https://mail1.eff.org/pipermail/https-everywhere-rules/2013-July/001645.html
-
-			https://bugzilla.mozilla.org/show_bug.cgi?id=866986#c7
-										-->
-		<!--exclusion pattern="^http://(?:www\.)?imgur\.com/(?!(?:images|include|min|register|signin)(?:/|\?|$))" /-->
-
-
-	<securecookie host="^\.?imgur\.com" name=".+" />
-
-
-	<rule from="^http://(s\.)?imgur\.com/"
-		to="https://$1imgur.com/"/>
-
-	<!--	This rule breaks the Imgur Uploader Firefox extension:
-
-	<rule from="^http://api\.imgur\.com/"
-		to="https://api.imgur.com/" /-->
-
-	<rule from="^http://(i|origin|i\.stack|www)\.imgur\.com/"
-		to="https://$1.imgur.com/" />
-
-	<rule from="^http://img\.imgur\.com/"
-		to="https://i.imgur.com/" />
-
-	<rule from="^http://store\.imgur\.com/"
-		to="https://imgur-store.myshopify.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Imgurp.com.xml b/src/chrome/content/rules/Imgurp.com.xml
new file mode 100644
index 000000000000..68d3aeb756d5
--- /dev/null
+++ b/src/chrome/content/rules/Imgurp.com.xml
@@ -0,0 +1,15 @@
+<ruleset name="Imgurp.com">
+	<target host="imgurp.com" />
+	<target host="www.imgurp.com" />
+	<target host="i.imgurp.com" />
+	<target host="m.imgurp.com" />
+
+	<test url="http://imgurp.com/UPcvbM1" />
+	<test url="http://www.imgurp.com/UPcvbM1" />
+	<test url="http://i.imgurp.com/UPcvbM1" />
+	<test url="http://m.imgurp.com/UPcvbM1" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Imhd.sk.xml b/src/chrome/content/rules/Imhd.sk.xml
new file mode 100644
index 000000000000..f9fc81b3f10a
--- /dev/null
+++ b/src/chrome/content/rules/Imhd.sk.xml
@@ -0,0 +1,55 @@
+<!--
+	imhd.sk public transport
+-->
+<ruleset name="Imhd.sk">
+	<target host="imhd.sk" />
+
+	<target host="www.imhd.sk" />
+	<target host="ba.imhd.sk" />
+	<target host="bb.imhd.sk" />
+	<target host="hc.imhd.sk" />
+	<target host="ke.imhd.sk" />
+	<target host="lm.imhd.sk" />
+	<target host="m.imhd.sk" />
+	<target host="nr.imhd.sk" />
+	<target host="nz.imhd.sk" />
+	<target host="pb.imhd.sk" />
+	<target host="pd.imhd.sk" />
+	<target host="po.imhd.sk" />
+	<target host="rk.imhd.sk" />
+	<target host="se.imhd.sk" />
+	<target host="si.imhd.sk" />
+	<target host="sn.imhd.sk" />
+	<target host="tatry.imhd.sk" />
+	<target host="tn.imhd.sk" />
+	<target host="transport.imhd.sk" />
+	<target host="tt.imhd.sk" />
+	<target host="za.imhd.sk" />
+	<target host="zv.imhd.sk" />
+
+	<target host="m.ba.imhd.sk" />
+	<target host="m.bb.imhd.sk" />
+	<target host="m.hc.imhd.sk" />
+	<target host="m.ke.imhd.sk" />
+	<target host="m.lm.imhd.sk" />
+	<target host="m.nr.imhd.sk" />
+	<target host="m.nz.imhd.sk" />
+	<target host="m.pb.imhd.sk" />
+	<target host="m.pd.imhd.sk" />
+	<target host="m.po.imhd.sk" />
+	<target host="m.rk.imhd.sk" />
+	<target host="m.se.imhd.sk" />
+	<target host="m.si.imhd.sk" />
+	<target host="m.sn.imhd.sk" />
+	<target host="m.tatry.imhd.sk" />
+	<target host="m.tn.imhd.sk" />
+	<target host="m.transport.imhd.sk" />
+	<target host="m.tt.imhd.sk" />
+	<target host="m.za.imhd.sk" />
+	<target host="m.zv.imhd.sk" />
+
+	<rule from="^http://m\.(ba|bb|hc|ke|lm|nr|nz|pb|pd|po|rk|se|si|sn|tatry|tn|transport|tt|za|zv)\.imhd\.sk/"
+		to="https://m.imhd.sk/$1/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Imiclk.com.xml b/src/chrome/content/rules/Imiclk.com.xml
index f62f1cae3616..5980c00ab176 100644
--- a/src/chrome/content/rules/Imiclk.com.xml
+++ b/src/chrome/content/rules/Imiclk.com.xml
@@ -1,4 +1,7 @@
 <!--
+	For other MediaMath coverage, see MediaMath.xml.
+
+
 	Web bugs.
 
 
@@ -9,18 +12,27 @@
 
 	^ times out over http and https.
 
+
+	Insecure cookies are set for these domains:
+
+		- .imiclk.com
+
 -->
 <ruleset name="imiclk.com">
 
-	<target host="*.imiclk.com" />
+	<target host="www.imiclk.com" />
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.imiclk\.com$" name="^(?:OL8U|uuid)$" /-->
 
-	<!--	name="^(CH|OL8U)$"
+	<!--	name="^CH$"
 					-->
 	<securecookie host="^\.imiclk\.com$" name=".+" />
 
 
-	<rule from="^http://www\.imiclk\.com/"
-		to="https://www.imiclk.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Imine.co.xml b/src/chrome/content/rules/Imine.co.xml
deleted file mode 100644
index 2d2979f6908c..000000000000
--- a/src/chrome/content/rules/Imine.co.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="imine.co">
-
-	<target host="imine.co" />
-	<target host="*.imine.co" />
-
-
-	<securecookie host="^\.?imine\.co$" name=".+" />
-
-
-	<rule from="^http://(www\.)?imine\.co/"
-		to="https://$1imine.co/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Iminent.com.xml b/src/chrome/content/rules/Iminent.com.xml
index 0b71e7c15e7b..38ee3b66a5a8 100644
--- a/src/chrome/content/rules/Iminent.com.xml
+++ b/src/chrome/content/rules/Iminent.com.xml
@@ -25,7 +25,6 @@
 	<target host="adserver.iminent.com" />
 
 
-	<rule from="^http://adserver\.iminent\.com/"
-		to="https://adserver.iminent.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ImmobilienScout24.xml b/src/chrome/content/rules/ImmobilienScout24.xml
new file mode 100644
index 000000000000..b5ade85ab59e
--- /dev/null
+++ b/src/chrome/content/rules/ImmobilienScout24.xml
@@ -0,0 +1,50 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://service.immobilienscout24.de/ => https://service.immobilienscout24.de/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+
+		^ does not exist:
+		- www.static-immobilienscout24.de
+
+		Mismatch:
+		- immobilienscout24.de
+		- blog.immobilienscout24.de
+		- developer.immobilienscout24.de
+		- www.focus.immobilienscout24.de
+		- wwworig.static-immobilienscout24.de
+
+		Refused:
+		- forum.immobilienscout24.de
+
+-->
+
+<ruleset name="ImmobilienScout24" default_off="failed ruleset test">
+
+	<target host="immobilienscout24.de" />
+	<target host="www.immobilienscout24.de" />
+	<target host="api.immobilienscout24.de" />
+	<target host="bonitaetscheck.immobilienscout24.de" />
+	<target host="ferien.immobilienscout24.de" />
+	<target host="floorplan.immobilienscout24.de" />
+	<target host="forward.immobilienscout24.de" />
+	<target host="home.immobilienscout24.de" />
+	<target host="kontakt.immobilienscout24.de" />
+	<target host="mietzahlungscheck.immobilienscout24.de" />
+	<target host="mobil.immobilienscout24.de" />
+	<target host="nachbarschaft.immobilienscout24.de" />
+	<target host="news.immobilienscout24.de" />
+	<target host="picture.immobilienscout24.de" />
+	<target host="regioad.immobilienscout24.de" />
+	<target host="service.immobilienscout24.de" />
+	<target host="sicherheit.immobilienscout24.de" />
+	<target host="tracking.immobilienscout24.de" />
+	<target host="www.static-immobilienscout24.de" />
+
+	<rule from="^http://(www\.)?immobilienscout24\.de/"
+		to="https://www.immobilienscout24.de/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Immoscout24.ch.xml b/src/chrome/content/rules/Immoscout24.ch.xml
new file mode 100644
index 000000000000..ce0fcadc595e
--- /dev/null
+++ b/src/chrome/content/rules/Immoscout24.ch.xml
@@ -0,0 +1,17 @@
+<!--
+	HTTP redirect:
+		- (www.)immoscout24.ch
+
+	Mismatch:
+		- maps.immoscout24.ch
+
+	Refused:
+		- cms.immoscout24.ch
+-->
+<ruleset name="immoscout24.ch (partial)">
+	<target host="cis01.immoscout24.ch" />
+	<target host="stats.immoscout24.ch" />
+	<target host="stats2.immoscout24.ch" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Immunicity.org.xml b/src/chrome/content/rules/Immunicity.org.xml
deleted file mode 100644
index 8c89979732da..000000000000
--- a/src/chrome/content/rules/Immunicity.org.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- check *
-		- clientconfig *
-
-	* Dropped
-
--->
-<ruleset name="Immunicity.org">
-
-	<target host="immunicity.org" />
-	<target host="www.immunicity.org" />
-
-
-	<!--	www redirects to ^ over http,
-		so copy that behavior:
-					-->
-	<rule from="^http://(?:www\.)?immunicity\.org/"
-		to="https://immunicity.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Immunityinc.com.xml b/src/chrome/content/rules/Immunityinc.com.xml
index b5705588da40..5583710c961a 100644
--- a/src/chrome/content/rules/Immunityinc.com.xml
+++ b/src/chrome/content/rules/Immunityinc.com.xml
@@ -1,12 +1,25 @@
+<!--
+
+	Mixed content:
+
+		- css on (www.) from fonts.googleapis.com ¹
+		- Images on (www.)immunityinc.com from www.mideastyouth.com ²
+
+	¹ Secured by us
+	² Unsecurable <= 404
+
+-->
 <ruleset name="Immunityinc.com">
 
 	<target host="immunityinc.com" />
+	<target host="lists.immunityinc.com" />
+	<target host="opencfp.immunityinc.com" />
 	<target host="www.immunityinc.com" />
 	<target host="immunitysec.com" />
 	<target host="www.immunitysec.com" />
 
 
-	<rule from="^http://(www\.)?immunity(in|se)c?\.com/"
-		to="https://$1immunity$2c.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Imo.im.xml b/src/chrome/content/rules/Imo.im.xml
new file mode 100644
index 000000000000..49054d960e6d
--- /dev/null
+++ b/src/chrome/content/rules/Imo.im.xml
@@ -0,0 +1,17 @@
+<ruleset name="imo.im">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="imo.im" />
+	<target host="www.imo.im" />
+
+
+	<!--	Not secured by server:
+					-->
+	<securecookie host="^(?:www\.)?imo\.im$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ImpAct.xml b/src/chrome/content/rules/ImpAct.xml
index 2989cefa98e0..8caf36d2c703 100644
--- a/src/chrome/content/rules/ImpAct.xml
+++ b/src/chrome/content/rules/ImpAct.xml
@@ -32,7 +32,12 @@
 -->
 <ruleset name="impAct (partial)">
 
-	<target host="*.impact-ad.jp" />
+	<target host="as.dc.impact-ad.jp" />
+	<target host="as.ief.impact-ad.jp" />
+	<target host="as.iy.impact-ad.jp" />
+	<target host="img.ak.impact-ad.jp" />
+	<target host="m.one.impact-ad.jp" />
+	<target host="y.one.impact-ad.jp" />
 
 
 	<securecookie host="^(?:\.dc|\.?[my]\.one)?\.impact-ad\.jp$" name=".+" />
@@ -40,10 +45,6 @@
 
 	<!--	as.dc 302s to a248.e.akamai.net/f/248/45380/60m/dac1.download.akamai.com/
 							-->
-	<rule from="^http://as\.(dc|ief|iy)\.impact-ad\.jp/"
-		to="https://as.$1.impact-ad.jp/" />
+	<rule from="^http:" to="https:" />
 
-	<rule from="^http://(img\.ak|[my]\.one)\.impact-ad\.jp/"
-		to="https://$1.impact-ad.jp/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ImpSec.org.xml b/src/chrome/content/rules/ImpSec.org.xml
new file mode 100644
index 000000000000..8e44e5f301ac
--- /dev/null
+++ b/src/chrome/content/rules/ImpSec.org.xml
@@ -0,0 +1,10 @@
+<ruleset name="ImpSec.org" default_off="expired">
+
+	<target host="impsec.org" />
+	<target host="www.impsec.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Impact-Radius.xml b/src/chrome/content/rules/Impact-Radius.xml
index a7d7b6907cf3..7b505aba223c 100644
--- a/src/chrome/content/rules/Impact-Radius.xml
+++ b/src/chrome/content/rules/Impact-Radius.xml
@@ -1,40 +1,53 @@
 <!--
+	Other Impact Radius rulesets:
+
+		- 7eer.net.xml
+		- Ojrq.net.xml
+		- R7ls.net.xml
+
+
 	CDN buckets:
 
 		- d295io677a53ae.cloudfront.net
 		- d3vxp0cnzdtyjm.cloudfront.net
 		- dtszyw8w5r8hd.cloudfront.net
+		- dyfw24whmn0ln.cloudfront.net	← adn.impactradius.com
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- .impactradius.com
+		- member.impactradius.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="Impact Radius">
+<ruleset name="Impact Radius.com">
 
-	<target host="*.r7ls.net" />
-	<target host="7eer.net" />
-	<target host="*.7eer.net" />
+	<!--	Direct rewrites:
+				-->
 	<target host="impactradius.com" />
-	<target host="*.impactradius.com" />
-	<target host="ojrq.net" />
-	<target host="*.ojrq.net" />
+	<target host="filter.impactradius.com" />
+	<target host="member.impactradius.com" />
+	<target host="www.impactradius.com" />
 
+	<!--	Complications:
+				-->
+	<target host="adn.impactradius.com" />
 
-	<securecookie host="^\.r7ls\.net$" name=".*" />
-	<securecookie host="^.*\.7eer\.net$" name=".*" />
-	<securecookie host="^(.*\.)?impactradius\.com$" name=".*" />
-	<securecookie host="^(.*\.)?ojrq\.net$" name=".*" />
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.impactradius\.com$" name="^ESTN$" /-->
+	<!--securecookie host="^member\.impactradius\.com$" name="^(JSESSIONID|epersist)$" /-->
 
-	<rule from="^http://tl\.r7ls\.net/"
-		to="https://tl.r7ls.net/" />
+	<securecookie host=".+" name=".+" />
 
-	<!--	Included on 3rd-party websites.
-						-->
-	<rule from="^http://(manilla\.|www\.)?7eer\.net/"
-		to="https://$17eer.net/" />
 
-	<rule from="^http://(filter\.|member\.|www\.)?impactradius\.com/"
-		to="https://$1impactradius.com/" />
+	<rule from="^http://adn\.impactradius\.com/"
+		to="https://dyfw24whmn0ln.cloudfront.net/" />
 
-	<rule from="^http://(www\.)?ojrq\.net/"
-		to="https://$1ojrq.net/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Impact_Software_Company.com.xml b/src/chrome/content/rules/Impact_Software_Company.com.xml
index 985b87a7cdea..e23219bf646e 100644
--- a/src/chrome/content/rules/Impact_Software_Company.com.xml
+++ b/src/chrome/content/rules/Impact_Software_Company.com.xml
@@ -10,7 +10,6 @@
 	<target host="www.impactsoftcompany.com" />
 
 
-	<rule from="^http://(www\.)?impactsoftcompany\.com/"
-		to="https://$1impactsoftcompany.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Impactstory.org.xml b/src/chrome/content/rules/Impactstory.org.xml
new file mode 100644
index 000000000000..9e88bdfe3d16
--- /dev/null
+++ b/src/chrome/content/rules/Impactstory.org.xml
@@ -0,0 +1,15 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.impactstory.org/ => https://www.impactstory.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.impactstory.org'")
+
+-->
+<ruleset name="Impactstory.org" default_off="failed ruleset test">
+	<target host=    "impactstory.org" />
+	<target host="www.impactstory.org" />
+
+  	<securecookie host="^.*\.impactstory\.org$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Imperative_Ideas.com.xml b/src/chrome/content/rules/Imperative_Ideas.com.xml
deleted file mode 100644
index dca9fb1f4636..000000000000
--- a/src/chrome/content/rules/Imperative_Ideas.com.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	Some pages redirect to http.
-
--->
-<ruleset name="Imperative Ideas.com (partial)">
-
-	<target host="imperativeideas.com" />
-	<target host="www.imperativeideas.com" />
-
-
-	<rule from="^http://(www\.)?imperativeideas\.com/(?=favicon\.ico|wp-content/|wp-includes/)"
-		to="https://$1imperativeideas.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Imperial-College-London-Union.xml b/src/chrome/content/rules/Imperial-College-London-Union.xml
index 7135fc9b846f..46d2b578c14a 100644
--- a/src/chrome/content/rules/Imperial-College-London-Union.xml
+++ b/src/chrome/content/rules/Imperial-College-London-Union.xml
@@ -1,22 +1,12 @@
 <!--
-	For other Imperial College London coverage, see Imperial-College-London.xml.
-
-
-	This rule is separate solely due to the cert being self-signed.
-
+	For other Imperial College London coverage, see
+		Imperial-College-London.xml
 -->
-<ruleset name="Imperial College London Union" default_off="self-signed">
-
+<ruleset name="Imperial College London Union">
 	<target host="imperialcollegeunion.org" />
 	<target host="www.imperialcollegeunion.org" />
 
+	<securecookie host=".+" name=".+" />
 
-	<securecookie host="^www\.imperialcollegeunion\.org$" name=".*" />
-
-
-	<!--	Cert only matches www.
-					-->
-	<rule from="^https?://(?:www\.)?imperialcollegeunion\.org/"
-		to="https://www.imperialcollegeunion.org/" />
-
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Imperial-College-London.xml b/src/chrome/content/rules/Imperial-College-London.xml
index 772e849994fc..8614debf62a9 100644
--- a/src/chrome/content/rules/Imperial-College-London.xml
+++ b/src/chrome/content/rules/Imperial-College-London.xml
@@ -1,22 +1,48 @@
 <!--
 	Other Imperial College London rulesets:
+		+ Imperial-College-London-Union.xml
 
-		- Imperial-College-London-Union.xml
+	Non-functional hosts
+		Couldn't connect to server:
+		- www.sbg.bio.imperial.ac.uk
+		- www.bioinformatics.imperial.ac.uk
 
+		Timeout was reached:
+		- www9.imperial.ac.uk
+
+		SSL peer certificate was not OK:
+		- www.ee.imperial.ac.uk
+		- eprints.imperial.ac.uk
+		- www.ma.imperial.ac.uk
+		- www.femto.ph.imperial.ac.uk
+		- www.union.imperial.ac.uk
+		- spectradspace.lib.imperial.ac.uk
+
+		Redirects to HTTP:
+		- www3.imperial.ac.uk
+		- www.ch.imperial.ac.uk
 -->
 <ruleset name="Imperial College London (partial)">
-
-	<target host="www.doc.ic.ac.uk" />
 	<target host="imperial.ac.uk" />
-	<target host="*.imperial.ac.uk" />
-
-
-	<rule from="^http://www\.doc\.ic\.ac\.uk/"
-		to="https://www.doc.ic.ac.uk/" />
+	<target host="www.imperial.ac.uk" />
+	<target host="apply.imperial.ac.uk" />
+	<target host="www.doc.ic.ac.uk" />
+	<target host="fileexchange.imperial.ac.uk" />
+	<target host="hallsf.imperial.ac.uk" />
+	<target host="data.hpc.imperial.ac.uk" />
+	<target host="cran.ma.imperial.ac.uk" />
+	<target host="www.hep.ph.imperial.ac.uk" />
+	<target host="secureaccess.imperial.ac.uk" />
+	<target host="spiral.imperial.ac.uk" />
+	<target host="www1.imperial.ac.uk" />
+	<target host="www2.imperial.ac.uk" />
+	<target host="www3.imperial.ac.uk" />
+	<target host="www4.imperial.ac.uk" />
+	<target host="www5.imperial.ac.uk" />
+	<target host="wwwf.imperial.ac.uk" />
 
-	<!--	!www: cert only matches www.
-						-->
-	<rule from="^https?://(?:www(3)?\.)?imperial\.ac\.uk/"
-		to="https://www$1.imperial.ac.uk/" />
+	<rule from="^http://www3\.imperial\.ac\.uk/"
+		  	to="https://www.imperial.ac.uk/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Imperial-Library.info.xml b/src/chrome/content/rules/Imperial-Library.info.xml
new file mode 100644
index 000000000000..c3589130392c
--- /dev/null
+++ b/src/chrome/content/rules/Imperial-Library.info.xml
@@ -0,0 +1,10 @@
+<ruleset name="Imperial-Library.info">
+	<target host="imperial-library.info" />
+	<target host="www.imperial-library.info" />
+	<target host="summoning.imperial-library.info" />
+	<target host="www.summoning.imperial-library.info" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ImperialViolet.org.xml b/src/chrome/content/rules/ImperialViolet.org.xml
index 89b8dcfedb23..3355065957fe 100644
--- a/src/chrome/content/rules/ImperialViolet.org.xml
+++ b/src/chrome/content/rules/ImperialViolet.org.xml
@@ -1,10 +1,17 @@
-<ruleset name="ImperialViolet.org">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://pond.imperialviolet.org/ => https://pond.imperialviolet.org/: (6, 'Could not resolve host: pond.imperialviolet.org')
+
+-->
+<ruleset name="ImperialViolet.org" default_off="failed ruleset test">
 
 	<target host="imperialviolet.org" />
-	<target host="*.imperialviolet.org" />
+	<target host="pond.imperialviolet.org" />
+	<target host="www.imperialviolet.org" />
 
 
-	<rule from="^http://(pond\.|www\.)?imperialviolet\.org/"
-		to="https://$1imperialviolet.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Impfen-info.de.xml b/src/chrome/content/rules/Impfen-info.de.xml
new file mode 100644
index 000000000000..959a29500fda
--- /dev/null
+++ b/src/chrome/content/rules/Impfen-info.de.xml
@@ -0,0 +1,5 @@
+<ruleset name="Impfen-info.de">
+  <target host="www.impfen-info.de" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ImprintMusic.ca.xml b/src/chrome/content/rules/ImprintMusic.ca.xml
new file mode 100644
index 000000000000..a584e7cc102a
--- /dev/null
+++ b/src/chrome/content/rules/ImprintMusic.ca.xml
@@ -0,0 +1,11 @@
+<!--
+	Invalid certificate:
+		- clients.imprintmusic.ca
+-->
+
+<ruleset name="ImprintMusic.ca">
+	<target host="imprintmusic.ca" />
+	<target host="www.imprintmusic.ca" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Improper-Bostonian.xml b/src/chrome/content/rules/Improper-Bostonian.xml
index 15c1076b47ba..a6888b32d41d 100644
--- a/src/chrome/content/rules/Improper-Bostonian.xml
+++ b/src/chrome/content/rules/Improper-Bostonian.xml
@@ -4,7 +4,7 @@
 	<target host="improper.com"/>
 	<target host="www.improper.com"/>
 
-	<securecookie host="^www\.improper\.com$" name=".*"/>
+	<securecookie host="^www\.improper\.com$" name=".+" />
 
 	<!--	!www redirects to www	-->
 	<rule from="^http://(?:www\.)?improper\.com/"
diff --git a/src/chrome/content/rules/ImprovedTube.com.xml b/src/chrome/content/rules/ImprovedTube.com.xml
new file mode 100644
index 000000000000..4855322fb6e9
--- /dev/null
+++ b/src/chrome/content/rules/ImprovedTube.com.xml
@@ -0,0 +1,11 @@
+<!--
+	Mismatched:
+		- www
+-->
+<ruleset name="ImprovedTube.com">
+	<target host="improvedtube.com" />
+	<target host="www.improvedtube.com" />
+
+	<rule from="^http://www\.improvedtube\.com/" to="https://improvedtube.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Improvely.com.xml b/src/chrome/content/rules/Improvely.com.xml
index 7b8201457540..0b6ed259e090 100644
--- a/src/chrome/content/rules/Improvely.com.xml
+++ b/src/chrome/content/rules/Improvely.com.xml
@@ -11,7 +11,6 @@
 	<securecookie host="^www\.improvely\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?improvely\.com/"
-		to="https://$1improvely.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Impulse.net.xml b/src/chrome/content/rules/Impulse.net.xml
index aa1bb88eca0e..286b5b545f2b 100644
--- a/src/chrome/content/rules/Impulse.net.xml
+++ b/src/chrome/content/rules/Impulse.net.xml
@@ -1,4 +1,11 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://impulse.net/ => https://impulse.net/: (35, 'error:14077458:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 unrecognized name')
+Fetch error: http://www.impulse.net/ => https://www.impulse.net/: (35, 'error:14077458:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 unrecognized name')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://impulse.net/ => https://impulse.net/: (51, "SSL: no alternative certificate subject name matches target host name 'impulse.net'")
 	Fully covered subdomains:
 
 		- (www.)
@@ -22,16 +29,16 @@
 	platform should be removed with Ffx 24.
 
 -->
-<ruleset name="Impulse.net" platform="mixedcontent">
+<ruleset name="Impulse.net" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="impulse.net" />
-	<target host="*.impulse.net" />
+	<target host="webmail.impulse.net" />
+	<target host="www.impulse.net" />
 
 
 	<securecookie host="^(?:webmail|www)?\.impulse\.net$" name=".+" />
 
 
-	<rule from="^http://(webmail\.|www\.)?impulse\.net/"
-		to="https://$1impulse.net/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ImrWorldwide.com.xml b/src/chrome/content/rules/ImrWorldwide.com.xml
index 44a5028abd7b..358c6e78c26d 100644
--- a/src/chrome/content/rules/ImrWorldwide.com.xml
+++ b/src/chrome/content/rules/ImrWorldwide.com.xml
@@ -1,16 +1,41 @@
-<ruleset name="Imrworldwide.com">
+<!--
+	(www.)?imrworldwide.com does not exist.
+
+
+	Insecure cookies are set for these domains: ᶜ
+
+		- .imrworldwide.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="IMR Worldwide.com">
 
 	<target host="*.imrworldwide.com" />
 
 
+		<exclusion pattern="^http://(?!secure-\w+\.imrworldwide\.com/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://this.host.imrworldwide.com/" />
+			<test url="http://exists.not.imrworldwide.com/" />
+			<test url="http://www.imrworldwide.com/" />
+
+		<test url="http://secure-au.imrworldwide.com/cgi-bin/m" />
+		<test url="http://secure-dcr.imrworldwide.com/cgi-bin/m" />
+		<test url="http://secure-us.imrworldwide.com/cgi-bin/m" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.imrworldwide\.com$" name="^IMRID$" /-->
+
 	<!--	name="^(IMRID|V5)$"	-->
-	<securecookie host="^\.imrworldwide\.com$" name=".*" />
+	<securecookie host="^\.imrworldwide\.com$" name=".+" />
 
 
-	<!--	\w\w in secure-(\w\w) is a
-		country code, e.g. secure-us.
-						-->
-	<rule from="^http://secure-(\w\w)\.imrworldwide\.com/"
-		to="https://secure-$1.imrworldwide.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/In-Disguise.com.xml b/src/chrome/content/rules/In-Disguise.com.xml
new file mode 100644
index 000000000000..2af263e4ae57
--- /dev/null
+++ b/src/chrome/content/rules/In-Disguise.com.xml
@@ -0,0 +1,34 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://vpnincome.com/ => https://vpnincome.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.vpnincome.com/ => https://www.vpnincome.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+	Fully covered domains:
+
+		- (www.)in-disguise.com
+		- my.in-disguise.com
+		- (www.)wpnincome.com
+
+-->
+<ruleset name="in-Disguise.com" default_off="failed ruleset test">
+
+	<target host="in-disguise.com" />
+	<target host="my.in-disguise.com" />
+	<target host="www.in-disguise.com" />
+	<target host="vpnincome.com" />
+	<target host="www.vpnincome.com" />
+
+
+	<!--securecookie host="^(my)?\.in-disguise\.com$" name=".+" /-->
+	<!--securecookie host="^\.vpnincome\.com$" name=".+" /-->
+	<securecookie host="^(?:my)?\.(?:in-disguise|vpn-income)\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+	<!--	Simply redirects to in-disguise.com:
+							-->
+
+
+</ruleset>
diff --git a/src/chrome/content/rules/In-Q-Tel.xml b/src/chrome/content/rules/In-Q-Tel.xml
index bd95e8931121..bc58b49bdf26 100644
--- a/src/chrome/content/rules/In-Q-Tel.xml
+++ b/src/chrome/content/rules/In-Q-Tel.xml
@@ -1,10 +1,15 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://iqt.org/ => https://www.iqt.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.iqt.org/ => https://www.iqt.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
 	Problematic subdomains:
 
 		- ^	(cert only matches www)
 
 -->
-<ruleset name="In-Q-Tel">
+<ruleset name="In-Q-Tel" default_off="failed ruleset test">
 
 	<target host="iqt.org" />
 	<target host="www.iqt.org" />
@@ -13,4 +18,4 @@
 	<rule from="^http://(?:www\.)?iqt\.org/"
 		to="https://www.iqt.org/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/In-Stat.xml b/src/chrome/content/rules/In-Stat.xml
index 3df8cc41ff09..328a36003b9a 100644
--- a/src/chrome/content/rules/In-Stat.xml
+++ b/src/chrome/content/rules/In-Stat.xml
@@ -1,15 +1,15 @@
-<ruleset name="In-Stat" default_off="expired">
+<ruleset name="In Stat.com" default_off="refused">
 
 	<target host="instat.com" />
 	<target host="www.instat.com" />
 
 
-	<securecookie host="^www\.instat\.com$" name=".*" />
+	<securecookie host="^www\.instat\.com$" name=".+" />
 
 
 	<!--	Cert only matches www.
 					-->
-	<rule from="^https?://(?:www\.)?instat\.com/"
+	<rule from="^http://(?:www\.)?instat\.com/"
 		to="https://www.instat.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/In-The-Sky.org.xml b/src/chrome/content/rules/In-The-Sky.org.xml
new file mode 100644
index 000000000000..5933bf9d9e84
--- /dev/null
+++ b/src/chrome/content/rules/In-The-Sky.org.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- in-the-sky.org
+
+-->
+<ruleset name="In-The-Sky.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="in-the-sky.org" />
+	<target host="www.in-the-sky.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^in-the-sky\.org$" name="^(?:backpage|backtags|location|pl_\w+)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/In2code.de.xml b/src/chrome/content/rules/In2code.de.xml
new file mode 100644
index 000000000000..c86c314cad80
--- /dev/null
+++ b/src/chrome/content/rules/In2code.de.xml
@@ -0,0 +1,12 @@
+<ruleset name="in2code.de">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="in2code.de" />
+	<target host="www.in2code.de" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/InCloak.com.xml b/src/chrome/content/rules/InCloak.com.xml
index ce4263a1bcef..3d253c51f5c3 100644
--- a/src/chrome/content/rules/InCloak.com.xml
+++ b/src/chrome/content/rules/InCloak.com.xml
@@ -11,7 +11,6 @@
 	<securecookie host="^incloak\.com$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?incloak\.com/"
-		to="https://incloak.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/InCloak.es.xml b/src/chrome/content/rules/InCloak.es.xml
index f8833d88e907..8c17e116cc8f 100644
--- a/src/chrome/content/rules/InCloak.es.xml
+++ b/src/chrome/content/rules/InCloak.es.xml
@@ -1,8 +1,8 @@
 <!--
-	CN: *
+	For other inCloak coverage, see InCloak.com.xml.
 
 -->
-<ruleset name="inCloak.es" default_off="self-signed">
+<ruleset name="inCloak.es" default_off="mismatched">
 
 	<target host="incloak.es" />
 	<target host="www.incloak.es" />
@@ -11,4 +11,4 @@
 	<rule from="^http://(?:www\.)?incloak\.es/"
 		to="https://incloak.es/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/InCommon.xml b/src/chrome/content/rules/InCommon.xml
index f10bf35e145c..77db79176606 100644
--- a/src/chrome/content/rules/InCommon.xml
+++ b/src/chrome/content/rules/InCommon.xml
@@ -1,28 +1,33 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://incommonfederation.org/ => https://incommonfederation.org/: (51, "SSL: no alternative certificate subject name matches target host name 'incommonfederation.org'")
+
 	Problematic domains:
 
 		- www.incommonfederation.org	(mismatched, CN: www.internet2.edu)
 		- wayf2.incommonfederation.org	(mismatched, CN: wayf.incommonfederation.org)
 
 -->
-<ruleset name="InCommon">
+<ruleset name="InCommon" default_off="failed ruleset test">
 
 	<target host="incommon.org" />
 	<target host="www.incommon.org" />
 	<target host="incommonfederation.org" />
-	<target host="*.incommonfederation.org" />
+	<target host="www.incommonfederation.org" />
+	<target host="wayf.incommonfederation.org" />
+	<target host="wayf2.incommonfederation.org" />
 
 
 	<securecookie host="^\.incommonfederation\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?incommon\.org/"
-		to="https://$1incommon.org/" />
 
 	<rule from="^http://(?:www\.)?incommonfederation\.org/"
 		to="https://incommonfederation.org/" />
 
-	<rule from="^https?://wayf2?\.incommonfederation\.org/"
+	<rule from="^http://wayf2?\.incommonfederation\.org/"
 		to="https://wayf.incommonfederation.org/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/InLinkz.com.xml b/src/chrome/content/rules/InLinkz.com.xml
index b00f7a5357ff..8f04a71dddc0 100644
--- a/src/chrome/content/rules/InLinkz.com.xml
+++ b/src/chrome/content/rules/InLinkz.com.xml
@@ -1,19 +1,29 @@
 <!--
-	Nonfunctional subdomains:
+	Nonfunctional hosts in *inlinkz.com:
 
-		- cdn2	(http reply)
+		- blog ʳ
+		- cdn2 ᵖ
+		- new ⁴
+
+	⁴ 404
+	ᵖ Plaintext reply
+	ʳ Refused
 
 -->
 <ruleset name="InLinkz.com (partial)">
 
 	<target host="inlinkz.com" />
-	<target host="*.inlinkz.com" />
+	<target host="www.inlinkz.com" />
+
+		<!--	404:
+				-->
+		<!--test url="http://new.inlinkz.com/featuresLU.php" /-->
 
 
-	<securecookie host="^\.inlinkz\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(www\.)?inlinkz\.com/"
-		to="https://$1inlinkz.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/InMotion-Hosting.xml b/src/chrome/content/rules/InMotion-Hosting.xml
index 915cb5d539c6..4a5bfd67163d 100644
--- a/src/chrome/content/rules/InMotion-Hosting.xml
+++ b/src/chrome/content/rules/InMotion-Hosting.xml
@@ -1,30 +1,48 @@
 <!--
-	Nonfunctional domains:
+	CDN buckets:
+
+		- imh01-inmotionhosting1.netdna-ssl.com
+
+
+	Nonfunctional hosts in *inmotionhosting.com:
 
 		- inc02	(404 when rewritten to secure1 or www)
 
+
+	Problematic hosts in *inmotionhosting.com:
+
+		- secure2102 ᵐ
+
+	ᵐ Mismatched
+
+
+	Mixed content:
+
+		- Ads on (www.)?secure from ad-srv1.inmotionhosting.com ˢ
+
+	ˢ Secured by us
+
 -->
-<ruleset name="InMotion Hosting">
+<ruleset name="InMotion Hosting.com">
 
-	<target host="chatwithourteam.com" />
-	<target host="www.chatwithourteam.com" />
-	<!--	* for cross-domain cookie	-->
-	<target host="*.www.chatwithourteam.com" />
 	<target host="inmotionhosting.com" />
 	<target host="*.inmotionhosting.com" />
-	<target host="www.*.inmotionhosting.com" />
-
 
-	<securecookie host="^(.*\.)?(chatwithourteam|inmotionhosting)\.com$" name=".*" />
+		<test url="http://ad-srv1.inmotionhosting.com/www/delivery/avw.php?zoneid=1&amp;cb=&amp;n=" />
+		<test url="http://secure1.inmotionhosting.com/" />
+		<test url="http://www.secure1.inmotionhosting.com/" />
+		<test url="http://www.inmotionhosting.com/" />
 
 
-	<rule from="^http://(www\.)?chatwithourteam\.com/"
-		to="https://$1chatwithourteam.com/" />
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://((?:www\.)?secure\d{1,3}\.|www\.)?inmotionhosting\.com/"
-		to="https://$1inmotionhosting.com/" />
 
 	<rule from="^http://img0\d\.inmotionhosting\.com/"
 		to="https://secure1.inmotionhosting.com/" />
 
+		<test url="http://img01.inmotionhosting.com/_img/head_logo.gif" />
+
+	<rule from="^http://((?:ad-srv1|(?:www\.)?secure\d{1,3}|www)\.)?inmotionhosting\.com/"
+		to="https://$1inmotionhosting.com/" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/InSided.xml b/src/chrome/content/rules/InSided.xml
index 6cc84146dc8c..f77d68da15c7 100644
--- a/src/chrome/content/rules/InSided.xml
+++ b/src/chrome/content/rules/InSided.xml
@@ -1,16 +1,19 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://static.insided.nl/ => https://static.insided.nl/: (28, 'Connection timed out after 20001 milliseconds')
+
 	Nonfunctional subdomains:
 
 		- $	(times out)
 		- www
 
 -->
-<ruleset name="inSided (partial)">
+<ruleset name="inSided (partial)" default_off="failed ruleset test">
 
 	<target host="static.insided.nl" />
 
 
-	<rule from="^http://static\.insided\.nl/"
-		to="https://static.insided.nl/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/InTechnology.co.uk.xml b/src/chrome/content/rules/InTechnology.co.uk.xml
index c2328d5098de..34e0e5637d10 100644
--- a/src/chrome/content/rules/InTechnology.co.uk.xml
+++ b/src/chrome/content/rules/InTechnology.co.uk.xml
@@ -1,4 +1,8 @@
-<ruleset name="InTechnology.co.uk">
+<!--
+	(www.)?: Handshake fails
+
+-->
+<ruleset name="InTechnology.co.uk" default_off="handshake failure">
 
 	<target host="intechnology.co.uk" />
 	<target host="www.intechnology.co.uk" />
@@ -7,7 +11,6 @@
 	<securecookie host="^(?:www\.)?intechnology\.co\.uk$" name=".+" />
 
 
-	<rule from="^http://(www\.)?intechnology\.co\.uk/"
-		to="https://$1intechnology.co.uk/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Inapub.co.uk.xml b/src/chrome/content/rules/Inapub.co.uk.xml
index 9f3a9eb508cf..2b2ee0b05f88 100644
--- a/src/chrome/content/rules/Inapub.co.uk.xml
+++ b/src/chrome/content/rules/Inapub.co.uk.xml
@@ -7,13 +7,12 @@
 <ruleset name="Inapub.co.uk">
 
 	<target host="inapub.co.uk" />
-	<target host="*.inapub.co.uk" />
+	<target host="www.inapub.co.uk" />
 
 
 	<securecookie host="^(?:w*\.)?inapub\.co\.uk$" name=".+" />
 
 
-	<rule from="^http://(www\.)?inapub\.co\.uk/"
-		to="https://$1inapub.co.uk/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Inbenta.com.xml b/src/chrome/content/rules/Inbenta.com.xml
new file mode 100644
index 000000000000..40655eaac8c0
--- /dev/null
+++ b/src/chrome/content/rules/Inbenta.com.xml
@@ -0,0 +1,17 @@
+<!--
+	Fully covered subdomains:
+
+		- (www.)?
+		- resources
+
+-->
+<ruleset name="Inbenta.com">
+
+	<target host="inbenta.com" />
+	<target host="resources.inbenta.com" />
+	<target host="www.inbenta.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Inbox.com.xml b/src/chrome/content/rules/Inbox.com.xml
new file mode 100644
index 000000000000..065bc3cbcf8c
--- /dev/null
+++ b/src/chrome/content/rules/Inbox.com.xml
@@ -0,0 +1,24 @@
+<!--
+	Nonfunctional hosts in *.inbox.com:
+		- as.inbox.com (m)
+		- search2.inbox.com (different content)
+		- toolbar.inbox.com (different content)
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+
+	Wildcard DNS record.
+
+-->
+<ruleset name="Inbox.com">
+	<target host="inbox.com" />
+	<target host="www.inbox.com" />
+	<target host="email.inbox.com" />
+	<target host="mobile.inbox.com" />
+	<target host="storage.inbox.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Inbox.lv.xml b/src/chrome/content/rules/Inbox.lv.xml
new file mode 100644
index 000000000000..e0d4ee696bae
--- /dev/null
+++ b/src/chrome/content/rules/Inbox.lv.xml
@@ -0,0 +1,30 @@
+<ruleset name="Inbox.lv (partial)">
+	<target host="inbox.lv" />
+	<target host="www.inbox.lv" />
+	<target host="ads.inbox.lv" />
+	<target host="b.inbox.lv" />
+	<target host="dating.inbox.lv" />
+	<target host="fun.inbox.lv" />
+	<target host="games.inbox.lv" />
+	<target host="help.inbox.lv" />
+	<target host="labiedarbi.inbox.lv" />
+	<target host="login.inbox.lv" />
+	<target host="mail.inbox.lv" />
+	<target host="meteo.inbox.lv" />
+	<target host="money.inbox.lv" />
+	<target host="polls.inbox.lv" />
+	<target host="polls-framed.inbox.lv" />
+	<target host="pricelist.inbox.lv" />
+	<target host="purchase.inbox.lv" />
+	<target host="search.inbox.lv" />
+	<target host="search-framed.inbox.lv" />
+	<target host="shop.inbox.lv" />
+	<target host="smart.inbox.lv" />
+	<target host="travel.inbox.lv" />
+
+	<securecookie host="^polls-framed\.inbox\.lv$" name=".+" />
+	<securecookie host="^shop\.inbox\.lv$" name=".+" />
+	<securecookie host="^travel\.inbox\.lv$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/InboxApp.com.xml b/src/chrome/content/rules/InboxApp.com.xml
new file mode 100644
index 000000000000..cab4f070d386
--- /dev/null
+++ b/src/chrome/content/rules/InboxApp.com.xml
@@ -0,0 +1,16 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://inboxapp.com/ => https://inboxapp.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.inboxapp.com/ => https://www.inboxapp.com/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="InboxApp.com" default_off="failed ruleset test">
+
+	<target host="inboxapp.com" />
+	<target host="www.inboxapp.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Inburke.com.xml b/src/chrome/content/rules/Inburke.com.xml
new file mode 100644
index 000000000000..782d18dc15c0
--- /dev/null
+++ b/src/chrome/content/rules/Inburke.com.xml
@@ -0,0 +1,21 @@
+<!--
+	Problematic subdomains:
+
+		- (www.)? *
+		- www.kev *
+
+	* Mismatched, CN: *.webfaction.com
+
+-->
+<ruleset name="inburke.com">
+
+	<target host="inburke.com" />
+	<target host="kev.inburke.com" />
+	<target host="www.inburke.com" />
+	<target host="www.kev.inburke.com" />
+
+
+	<rule from="^http://(?:www\.)?(?:kev\.)?inburke\.com/"
+		to="https://kev.inburke.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Inc.com.xml b/src/chrome/content/rules/Inc.com.xml
new file mode 100644
index 000000000000..c21d59217628
--- /dev/null
+++ b/src/chrome/content/rules/Inc.com.xml
@@ -0,0 +1,19 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- subscriptions.inc.com
+
+		Mixed content blocking (MCB) triggered:
+		- mediakit.inc.com
+-->
+<ruleset name="Inc.com">
+	<target host="inc.com" />
+	<target host="www.inc.com" />
+	<target host="conference.inc.com" /><!-- Note: MCB issues but server redirect to https -->
+	<target host="magazine.inc.com" />
+	<target host="store.inc.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Incapsula.xml b/src/chrome/content/rules/Incapsula.xml
index ec488ccfc994..5a0908626d9d 100644
--- a/src/chrome/content/rules/Incapsula.xml
+++ b/src/chrome/content/rules/Incapsula.xml
@@ -1,27 +1,28 @@
 <!--
-	Nonfunctional subdomains:
-
-		- support	(zendesk)
-
-
 	Fully covered subdomains:
 
+		- (www.)?
+		- content
 		- my
+		- support	(-> incapsula.zendesk.com)
 
 -->
-<ruleset name="Incapsula">
+<ruleset name="Incapsula.com">
 
 	<target host="incapsula.com" />
-	<target host="*.incapsula.com" />
+	<target host="content.incapsula.com" />
+	<target host="my.incapsula.com" />
+	<target host="support.incapsula.com" />
+	<target host="www.incapsula.com" />
 
 
-	<securecookie host="^(?:my|www)?\.incapsula\.com$" name=".+" />
+	<securecookie host="^(?:content|my|www)?\.incapsula\.com$" name=".+" />
 
 
-	<rule from="^http://(my\.|www\.)?incapsula\.com/"
-		to="https://$1incapsula.com/" />
+	<rule from="^http://support\.incapsula\.com/"
+		to="https://incapsula.zendesk.com/" />
 
-	<rule from="^https?://support\.incapsula\.com/(generated|system)/"
-		to="https://assets.zendesk.com/$1/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Inch-ci.org.xml b/src/chrome/content/rules/Inch-ci.org.xml
new file mode 100644
index 000000000000..501d4c5d84c1
--- /dev/null
+++ b/src/chrome/content/rules/Inch-ci.org.xml
@@ -0,0 +1,12 @@
+<!--
+    Nonfunctional:
+	    - www    -> wrong domain
+-->
+<ruleset name="Inch-ci.org">
+    <target host="inch-ci.org" />
+
+    <securecookie host="^inch-ci\.org" name=".+" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Incisive_Media.xml b/src/chrome/content/rules/Incisive_Media.xml
index 86b748b203d4..4f99c66782b2 100644
--- a/src/chrome/content/rules/Incisive_Media.xml
+++ b/src/chrome/content/rules/Incisive_Media.xml
@@ -1,4 +1,10 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://incisivemedia.com/ => https://secure.incisivemedia.com/: (60, 'SSL certificate problem: certificate has expired')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://incisivemedia.com/ => https://secure.incisivemedia.com/: (60, 'SSL certificate problem: certificate has expired')
 	Other Incisive Media rulesets:
 
 		- V3.co.uk.xml
@@ -12,23 +18,25 @@
 	* Mismatched, CN: secure.incisivemedia.com
 
 -->
-<ruleset name="Incisive Media">
+<ruleset name="Incisive Media" default_off="failed ruleset test">
 
 	<target host="incisivemedia.com" />
-	<target host="*.incisivemedia.com" />
+	<target host="secure.incisivemedia.com" />
+	<target host="www.incisivemedia.com" />
+	<target host="incmai.incisivemedia.com" />
 	<target host="db.riskwaters.com" />
 
 
 	<securecookie host="^incmai\.incisivemedia\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:secure\.|www\.)?incisivemedia\.com/"
+	<rule from="^http://(?:secure\.|www\.)?incisivemedia\.com/"
 		to="https://secure.incisivemedia.com/" />
 
 	<rule from="^http://incmai\.incisivemedia\.com/"
 		to="https://incmai.incisivemedia.com/" />
 
-	<rule from="^https?://db\.riskwaters\.com/global/"
+	<rule from="^http://db\.riskwaters\.com/global/"
 		to="https://secure.incisivemedia.com/global/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/IncludeOS.org.xml b/src/chrome/content/rules/IncludeOS.org.xml
new file mode 100644
index 000000000000..9e3e9ada2912
--- /dev/null
+++ b/src/chrome/content/rules/IncludeOS.org.xml
@@ -0,0 +1,15 @@
+<!--
+	Redirects:
+		includeos.org
+	Cannot connect:
+		jenkins.includeos.org
+-->
+<ruleset name="IncludeOS.org">
+	<target host="includeos.org" />
+	<target host="jenkins.includeos.org" />
+	<target host="www.includeos.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Incoin.io.xml b/src/chrome/content/rules/Incoin.io.xml
new file mode 100644
index 000000000000..148a21f4b7eb
--- /dev/null
+++ b/src/chrome/content/rules/Incoin.io.xml
@@ -0,0 +1,29 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://incoin.io/ => https://incoin.io/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://beta.incoin.io/ => https://beta.incoin.io/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.incoin.io/ => https://www.incoin.io/: (28, 'Connection timed out after 20000 milliseconds')
+
+	Nonfunctional subdomains:
+
+		- blog *
+
+	* Redirects to www
+
+
+	These altnames don't exist:
+
+		- www.beta.incoin.io
+
+-->
+<ruleset name="incoin.io (partial)" default_off="failed ruleset test">
+
+	<target host="incoin.io" />
+	<target host="beta.incoin.io" />
+	<target host="www.incoin.io" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Incometaxindiaefiling.gov.in.xml b/src/chrome/content/rules/Incometaxindiaefiling.gov.in.xml
new file mode 100644
index 000000000000..d91b9a0846d4
--- /dev/null
+++ b/src/chrome/content/rules/Incometaxindiaefiling.gov.in.xml
@@ -0,0 +1,6 @@
+<ruleset name="Incometaxindiaefiling.gov.in">
+	<target host="incometaxindiaefiling.gov.in" />
+	<target host="www.incometaxindiaefiling.gov.in" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Inconshreveable.com.xml b/src/chrome/content/rules/Inconshreveable.com.xml
new file mode 100644
index 000000000000..ab42991fe668
--- /dev/null
+++ b/src/chrome/content/rules/Inconshreveable.com.xml
@@ -0,0 +1,15 @@
+<!--
+	www.inconshreveable.com: Mismatched
+
+-->
+<ruleset name="inconshreveable.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="inconshreveable.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Indaba_Music.com.xml b/src/chrome/content/rules/Indaba_Music.com.xml
index abf3cfeea7e1..7e07495f9459 100644
--- a/src/chrome/content/rules/Indaba_Music.com.xml
+++ b/src/chrome/content/rules/Indaba_Music.com.xml
@@ -21,13 +21,13 @@
 <ruleset name="Indaba Music.com (false MCB)" platform="mixedcontent">
 
 	<target host="indabamusic.com" />
-	<target host="*.indabamusic.com" />
+	<target host="beta.indabamusic.com" />
+	<target host="www.indabamusic.com" />
 
 
 	<securecookie host="^\.indabamusic\.com$" name=".+" />
 
 
-	<rule from="^http://((?:beta|notifications|www)\.)?indabamusic\.com/"
-		to="https://$1indabamusic.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Indacoin.com.xml b/src/chrome/content/rules/Indacoin.com.xml
new file mode 100644
index 000000000000..a21e817c8054
--- /dev/null
+++ b/src/chrome/content/rules/Indacoin.com.xml
@@ -0,0 +1,15 @@
+<!--
+mail.indacoin.com ¹
+
+
+¹ mismatch
+-->
+<ruleset name="indacoin.com">
+	<target host="indacoin.com" />
+	<target host="www.indacoin.com" />
+	<target host="cdn.indacoin.com" />
+	<target host="es.indacoin.com" />
+	<target host="ru.indacoin.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Indapass.hu.xml b/src/chrome/content/rules/Indapass.hu.xml
new file mode 100644
index 000000000000..ea239dc32b45
--- /dev/null
+++ b/src/chrome/content/rules/Indapass.hu.xml
@@ -0,0 +1,20 @@
+<!--
+	Nonfunctional hosts in *.indapass.hu:
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="indapass.hu">
+	<target host="indapass.hu" />
+	<target host="www.indapass.hu" />
+	<target host="avatar.indapass.hu" />
+	<target host="daemon.indapass.hu" />
+	<target host="ident.indapass.hu" />
+	<target host="management.ident.indapass.hu" />
+	<target host="management.indapass.hu" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Indeed.co.uk.xml b/src/chrome/content/rules/Indeed.co.uk.xml
new file mode 100644
index 000000000000..af357a2d71d1
--- /dev/null
+++ b/src/chrome/content/rules/Indeed.co.uk.xml
@@ -0,0 +1,12 @@
+<!--
+	Redirect to HTTP:
+		- blog.indeed.co.uk
+-->
+<ruleset name="indeed.co.uk">
+	<target host="indeed.co.uk" />
+	<target host="www.indeed.co.uk" />
+	<target host="events.indeed.co.uk" />
+	<target host="hire.indeed.co.uk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Indeed.xml b/src/chrome/content/rules/Indeed.xml
index ee6f61a9ed3b..80a54b37af95 100644
--- a/src/chrome/content/rules/Indeed.xml
+++ b/src/chrome/content/rules/Indeed.xml
@@ -1,18 +1,48 @@
 <!--
-	Nonfunctional subdomains:
+	^indeed.com: Refused
+	www.indeed.com: Redirects to http
 
-		- (www.)	(redirects to http)
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- .indeed.com
+		- ads.indeed.com
+		- conv.indeed.com
+		- employers.indeed.com
+		- gdc.indeed.com
+		- secure.indeed.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="Indeed (partial)">
+<ruleset name="Indeed.com (partial)">
 
+	<target host="ads.indeed.com" />
+	<target host="conv.indeed.com" />
+	<target host="employers.indeed.com" />
+	<target host="gdc.indeed.com" />
 	<target host="secure.indeed.com" />
 
+		<!--	Set cookies without Secure:
+							-->
+		<!--test url="http://conv.indeed.com/pagead/conv/1/?script=" /-->
+		<!--test url="http://gdc.indeed.com/ads/apiresults.js" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.indeed\.com$" name="^(?:CSRF|CTK|TS[\da-f]{8})$" /-->
+	<!--securecookie host="^conv\.indeed\.com$" name="^(?:BIGipServer|INDEED_CSRF_TOKEN$|JSESSION$|ctokgen$)" /-->
+	<!--securecookie host="^gdc\.indeed\.com$" name="^(?:BIGipServer|JSESSION$|ctkgen$)" /-->
+	<!--securecookie host="^employers\.indeed\.com$" name="^(?:BIGipServer\w+|CO|LOCALE)$" /-->
+	<!--securecookie host="^ads\.indeed\.com$" name="^INDEED(?:_CSRF_TOKEN|ADS_CC|ADS_LANG)$" /-->
+	<!--securecookie host="^secure\.indeed\.com$" name="^TS[\da-f]{8}$" /-->
 
-	<securecookie host="^secure\.indeed\.com$" name=".+" />
+	<securecookie host="^\." name="^CTK$" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^http://secure\.indeed\.com/"
-		to="https://secure.indeed.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Independent-Centre-for-Privacy-Protection-Schleswig-Holstein.xml b/src/chrome/content/rules/Independent-Centre-for-Privacy-Protection-Schleswig-Holstein.xml
deleted file mode 100644
index 24d8b3dc20eb..000000000000
--- a/src/chrome/content/rules/Independent-Centre-for-Privacy-Protection-Schleswig-Holstein.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="Independent Centre for Privacy Protection Schleswig-Holstein">
-
-	<target host="datenschutzzentrum.de"/>
-	<target host="www.datenschutzzentrum.de"/>
-
-	<!--	!www: !found	-->
-	<rule from="^http://(?:www\.)?datenschutzzentrum\.de/"
-		to="https://www.datenschutzzentrum.de/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Independent.co.uk.xml b/src/chrome/content/rules/Independent.co.uk.xml
new file mode 100644
index 000000000000..06eff94f4118
--- /dev/null
+++ b/src/chrome/content/rules/Independent.co.uk.xml
@@ -0,0 +1,48 @@
+<!--
+Invalid certificate:
+	courses.independent.co.uk
+	www.courses.independent.co.uk
+	dating.independent.co.uk
+	dev.independent.co.uk
+	dev2.independent.co.uk
+	ijobs.independent.co.uk
+	independentjobs.independent.co.uk
+	live.independent.co.uk
+	mature.independent.co.uk
+	mba.independent.co.uk
+	mortgage-advisor.independent.co.uk
+	syndication.independent.co.uk
+	tickets.independent.co.uk
+
+Refused connection:
+	broadband.independent.co.uk
+	cms.independent.co.uk
+	coach.independent.co.uk
+	date.independent.co.uk
+	fip.independent.co.uk
+	maturedating.independent.co.uk
+	newsletter.independent.co.uk
+
+Timeout:
+	blogs.independent.co.uk
+	directory.independent.co.uk
+	www.directory.independent.co.uk
+	enjoyment.independent.co.uk
+	feeds.independent.co.uk
+	hacksawridge.independent.co.uk
+	logger.independent.co.uk
+	puzzles.independent.co.uk
+-->
+<ruleset name="Independent.co.uk">
+	<target host="independent.co.uk" />
+	<target host="www.independent.co.uk" />
+	<target host="assets.independent.co.uk" />
+	<target host="edition.independent.co.uk" />
+	<target host="evaneos.independent.co.uk" />
+	<target host="financial-advisor.independent.co.uk" />
+	<target host="static.independent.co.uk" />
+	<target host="subscriptions.independent.co.uk" />
+	<target host="traveloffers.independent.co.uk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Independent.gov.uk.xml b/src/chrome/content/rules/Independent.gov.uk.xml
new file mode 100644
index 000000000000..b210ca1894d5
--- /dev/null
+++ b/src/chrome/content/rules/Independent.gov.uk.xml
@@ -0,0 +1,13 @@
+<!--
+	For other UK government coverage, see GOV.UK.xml.
+
+-->
+<ruleset name="Independent.gov.uk (partial)">
+
+	<target host="terrorismlegislationreviewer.independent.gov.uk" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Independent_Mail.com.xml b/src/chrome/content/rules/Independent_Mail.com.xml
index 4adfbd1c7163..aab38af94e24 100644
--- a/src/chrome/content/rules/Independent_Mail.com.xml
+++ b/src/chrome/content/rules/Independent_Mail.com.xml
@@ -42,22 +42,16 @@
 <ruleset name="Independent Mail.com (partial)">
 
 	<target host="independentmail.com" />
-	<target host="*.independentmail.com" />
+	<target host="www.independentmail.com" />
+	<target host="login.independentmail.com" />
 
 
 	<securecookie host="^(?:login)?\.independentmail\.com$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?independentmail\.com/"
+	<rule from="^http://independentmail\.com/"
 		to="https://www.independentmail.com/" />
 
-	<rule from="^http://login\.independentmail\.com/"
-		to="https://login.independentmail.com/" />
-
-	<rule from="^http://media\.independentmail\.com/"
-		to="https://a248.e.akamai.net/f/1575/9717/6m/media.independentmail.com/" />
-
-	<rule from="^http://web\.independentmail\.com/"
-		to="https://a248.e.akamai.net/f/1670/5173/6m/web.independentmail.com/" />
-
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Independent_News.xml b/src/chrome/content/rules/Independent_News.xml
index 380425de2cfc..f5fd5d03f822 100644
--- a/src/chrome/content/rules/Independent_News.xml
+++ b/src/chrome/content/rules/Independent_News.xml
@@ -15,4 +15,4 @@
 	<rule from="^http://(?:www\.)?the-independent-news\.com/(misc/|sites/|user(?:$|\?|/))"
 		to="https://www.the-independent-news.com/$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Independent_Voter_Network.xml b/src/chrome/content/rules/Independent_Voter_Network.xml
index dcf5261525a4..0f088c8e9bef 100644
--- a/src/chrome/content/rules/Independent_Voter_Network.xml
+++ b/src/chrome/content/rules/Independent_Voter_Network.xml
@@ -37,10 +37,10 @@
 		<exclusion pattern="^http://(?:www\.)?ivn\.us/(?:ca-election-center/wp-(?:content/plugins/(?:buddypress/bp-core/css|jquery-colorbox/themes)|includes/css)|wp-content/themes/ivn)/" />
 
 
-	<rule from="^https?://(?:www\.)?ivn\.us/([\w\-]+/)?(files|wp-content|wp-includes)/"
+	<rule from="^http://(?:www\.)?ivn\.us/([\w\-]+/)?(files|wp-content|wp-includes)/"
 		to="https://i0.wp.com/ivn.us/$1$2/" />
 
-	<rule from="^https?://cdn\.ivn\.us/"
+	<rule from="^http://cdn\.ivn\.us/"
 		to="https://d1tu8ib6d01hwk.cloudfront.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Indepnet.net.xml b/src/chrome/content/rules/Indepnet.net.xml
new file mode 100644
index 000000000000..7d979f44f147
--- /dev/null
+++ b/src/chrome/content/rules/Indepnet.net.xml
@@ -0,0 +1,56 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://forge.indepnet.net/ => https://forge.indepnet.net/: (28, 'Connection timed out after 20000 milliseconds')
+
+-->
+
+<!--
+	Nonfunctional subdomains:
+
+		- (www.) *
+
+	* Shows deidre; mismatched, CN: deidre.indepnet.net
+
+
+	Problematic subdomains:
+
+		- deidre *
+
+	* Expired, self-signed
+
+
+	These altnames don't exist:
+
+		- www.forge.indepnet.net
+
+
+	Insecure cookies are set for these domains:
+
+		- deidre.indepnet.net
+		- forge.indepnet.net
+
+
+	Mixed content:
+
+		- Image on forge from sourceforge.net *
+
+	* Secured by us
+
+-->
+<ruleset name="Indepnet.net (partial)" default_off="failed ruleset test">
+
+	<target host="forge.indepnet.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^deidre\.indepnet\.net$" name="^session$" /-->
+	<!--securecookie host="^forge\.indepnet\.net$" name="^_redmine_session$" /-->
+
+	<securecookie host="^forge\.indepnet\.net$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Index_on_Censorship.org.xml b/src/chrome/content/rules/Index_on_Censorship.org.xml
new file mode 100644
index 000000000000..863db4b497d0
--- /dev/null
+++ b/src/chrome/content/rules/Index_on_Censorship.org.xml
@@ -0,0 +1,35 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://awards.indexoncensorship.org/ => https://awards.indexoncensorship.org/: (6, 'Could not resolve host: awards.indexoncensorship.org')
+
+	Insecure cookies are set for these hosts:
+
+		- awards.indexoncensorship.org
+
+
+	Mixed content:
+
+		- css on awards from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Index on Censorship.org" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="indexoncensorship.org" />
+	<target host="awards.indexoncensorship.org" />
+	<target host="www.indexoncensorship.org" />
+
+
+	<!--securecookie host="^awards\.indexoncensorship\.org$" name="^PHPSESSID$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/India.com.xml b/src/chrome/content/rules/India.com.xml
new file mode 100644
index 000000000000..37ebd31d9842
--- /dev/null
+++ b/src/chrome/content/rules/India.com.xml
@@ -0,0 +1,36 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+		- india.com
+
+		SSL connect error:
+		- arijitsinghshow.india.com
+
+		SSL peer certificate was not OK:
+		- www.zeenews.india.com
+
+		Status code mismatch:
+		- s3.travel.india.com
+-->
+<ruleset name="India.com">
+	<target host="india.com" />
+	<target host="www.india.com" />
+	<target host="americas.india.com" />
+	<target host="playandwingame.india.com" />
+	<target host="ribbon.india.com" />
+	<target host="s3.india.com" />
+	<target host="st1.india.com" />
+	<target host="stb.india.com" />
+	<target host="ste.india.com" />
+	<target host="sth.india.com" />
+	<target host="stm.india.com" />
+	<target host="znb.india.com" />
+	<target host="znm.india.com" />
+	<target host="znn.india.com" />
+	<target host="zeenews.india.com" />
+
+	<rule from="^http://india\.com/"
+		to="https://www.india.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/India.gov.in.xml b/src/chrome/content/rules/India.gov.in.xml
new file mode 100644
index 000000000000..a1b34410923f
--- /dev/null
+++ b/src/chrome/content/rules/India.gov.in.xml
@@ -0,0 +1,5 @@
+<ruleset name="India.gov.in">
+	<target host="india.gov.in" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/IndiaMART.xml b/src/chrome/content/rules/IndiaMART.xml
index e7e4f56faba9..e9327d48def0 100644
--- a/src/chrome/content/rules/IndiaMART.xml
+++ b/src/chrome/content/rules/IndiaMART.xml
@@ -33,23 +33,13 @@
 -->
 <ruleset name="IndiaMART (partial)">
 
-	<target host="*.imimg.com" />
+	<target host="1.imimg.com" />
+	<target host="2.imimg.com" />
+	<target host="3.imimg.com" />
+	<target host="4.imimg.com" />
 	<target host="im.gifbt.com" />
 
 
-	<rule from="^http://1\.imgimg\.com/"
-		to="https://d2y6cbvg1xh035.cloudfront.net/" />
+	<rule from="^http:" to="https:" />
 
-	<rule from="^http://2\.imimg\.com/"
-		to="https://d1raip7zazff6e.cloudfront.net/" />
-
-	<rule from="^http://3\.imimg\.com/"
-		to="https://dypmusfs8hvdw.cloudfront.net/" />
-
-	<rule from="^http://4\.imimg\.com/"
-		to="https://d3p8pcjf51nlqw.cloudfront.net/" />
-
-	<rule from="^http://im\.gifbt\.com/"
-		to="https://d1wd2icune084.cloudfront.net/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Indian_Express.com.xml b/src/chrome/content/rules/Indian_Express.com.xml
new file mode 100644
index 000000000000..e5739b6977ad
--- /dev/null
+++ b/src/chrome/content/rules/Indian_Express.com.xml
@@ -0,0 +1,53 @@
+<!--
+	CDN buckets:
+
+		- indianexpr.vo.llnwd.net
+
+			- .hs. doesn't exist
+			- archive
+			- static
+
+		- indianexpressonline.files.wordpress.com
+
+			- images
+
+
+	Nonfunctional subdomains:
+
+		- archive *
+		- static *
+
+	* 400; mismatched, CN: *.hs.llnwd.net
+
+
+	Problematic subdomains:
+
+		- (www.) ¹
+		- images ²
+
+	¹ Works; mismatched, CN: *.wordpress.com
+	² Redirects to ^; mismatched, CN: *.files.wordpress.com
+
+
+	Mixed content:
+
+		- css on ^ from fonts.googleapis.com ¹
+
+		- Images, on ^ from:
+
+			- images ¹
+			- static ²
+
+	¹ Secured by us
+	² Unsecurable
+
+-->
+<ruleset name="Indian Express.com (partial)">
+
+	<target host="images.indianexpress.com" />
+
+
+	<rule from="^http://images\.indianexpress\.com/"
+		to="https://indianexpressonline.files.wordpress.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Indiana-University-self-signed.xml b/src/chrome/content/rules/Indiana-University-self-signed.xml
deleted file mode 100644
index 07960ccbe656..000000000000
--- a/src/chrome/content/rules/Indiana-University-self-signed.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<!--
-	For rules that are on by default, see Indiana-University.xml.
-
--->
-<ruleset name="Indiana University (self-signed)" default_off="expired, self-signed">
-
-	<target host="gentoo.ussg.indiana.edu" />
-
-
-	<rule from="^http://gentoo\.ussg\.indiana\.edu/"
-		to="https://gentoo.ussg.indiana.edu/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Indiana-University.xml b/src/chrome/content/rules/Indiana-University.xml
index aeaf470e5f2e..bf6aba3e2d6b 100644
--- a/src/chrome/content/rules/Indiana-University.xml
+++ b/src/chrome/content/rules/Indiana-University.xml
@@ -1,64 +1,221 @@
-<!--
-	For problematic rules, see Indiana-University-self-signed.xml.
-
-
-	Nonfunctional domains:
-
-		- lkml.indiana.edu *
 
-		- iu.edu subdomains:
-
-			- cacr *
-			- info		(shows PHP installation info, valid cert)
-			- newsinfo	(shows info; mismatched, CN: info.iu.edu)
-			- (www.)uwsg *
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://globalnews.iu.edu/ => https://globalnews.iu.edu/: (6, 'Could not resolve host: globalnews.iu.edu')
+Fetch error: http://idp.iu.edu/ => https://idp.iu.edu/: (52, 'Empty reply from server')
+Fetch error: http://media.kb.iu.edu/ => https://media.kb.iu.edu/: (6, 'Could not resolve host: media.kb.iu.edu')
+Non-2xx HTTP code: http://resources.oncourse.iu.edu/ (200) => https://resources.oncourse.iu.edu/ (404)
+Fetch error: http://www.osl.iu.edu/ => https://www.osl.iu.edu/: (51, "SSL: no alternative certificate subject name matches target host name 'www.osl.iu.edu'")
+Fetch error: http://internal.pti.iu.edu/ => https://internal.pti.iu.edu/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://webmail.iu.edu/ => https://webmail.iu.edu/: (6, 'Could not resolve host: webmail.iu.edu')
+Fetch error: http://osl.iu.edu/ => https://www.osl.iu.edu/: (51, "SSL: no alternative certificate subject name matches target host name 'www.osl.iu.edu'")
+
+	Other Indiana University rulesets:
+
+		- Indiana.edu.xml
+
+
+	Nonfunctional hosts in *iu.edu:
+
+		- cacr *
+		- ep ⁴
+		- firstlady ³
+		- global ⁴
+		- info		(shows PHP installation info, valid cert)
+		- incntre ⁴
+		- inside ⁴
+		- internationalnetworking ⁴
+		- ithelplive *
+		- itnews ⁴
+		- ittrainingtips ⁴
+		- classic.iucat ⁴
+		- www.iucat ⁴
+		- news ⁴
+		- newsinfo	(shows info; mismatched, CN: info.iu.edu)
+		- ovpit ⁴
+		- president ³
+		- stopsexualviolence ³
+		- rt.uits *
+		- (www.)uwsg *
+		- webmaster	403
 
 	* http reply
+	⁴ Refused
+	³ "Service Not Found"
 
 
-	Partially covered domains:
 
-		- (www.)iu.edu		(some pages redirect to http, some paths 404)
+	Problematic hosts in *iu.edu:
 
+		- cacr *
+		- osl *
+		- www.pti *
 
-	Problematic domains:
+	* Mismatched
 
-		- soic.indiana.edu *
-		- osl.iu.edu *
-		- www.pti.iu.edu	(cert only matches ^pti)
 
-	* Cert only matches www.foo
+	Insecure cookies are set for these domains and hosts:
 
--->
-<ruleset name="Indianna University (partial)">
+		- iu.edu
+		- .cloudtools.access.iu.edu
+		- .cacr.iu.edu
+		- cas.iu.edu
+		- globalnoc.iu.edu
+		- idp.iu.edu
+		- it.iu.edu
+		- itnotices.iu.edu
+		- mail.iu.edu
+		- oncourse.iu.edu
+		- resources.oncourse.iu.edu
+		- one.iu.edu
+		- .internal.pti.iu.edu
+		- strategicplan.iu.edu
+		- uits.iu.edu
+		- umail.iu.edu
+		- viewpoints.iu.edu
+		- www.iu.edu
 
-	<target host="*.indiana.edu" />
-	<target host="iu.edu" />
-	<target host="*.iu.edu" />
-		<!--
-			At least some pages redirect to http.
 
-			These paths 404:
+	Mixed content:
 
-				- _slideshows/img/.+
-				- WRAP_SDDU/BL-PROV-COMM/IUBGATE/hotspots/_images/
-											-->
-		<exclusion pattern="^http://(?:www\.)?iu\.edu/(?!css|img|~\w+|[\w/-]+/_image)/" />
+		- Images, on:
 
+			- pti.iu.edu from $self *
+			- pti.iu.edu from internal.pti *
 
-	<securecookie host="^cas\.iu\.edu$" name=".+" />
+		- favicons, on:
 
+			- ams.iu.edu from itnews ²
+			- stcweb.stc from $self  *
 
-	<rule from="^https?://(?:www\.)?soic\.indiana\.edu/"
-		to="https://www.soic.indiana.edu/" />
+	* Secured by us
+	² Unsecurable <= refused
 
-	<rule from="^http://(cas\.|www\.)?iu\.edu/"
-		to="https://$1iu.edu/" />
+-->
+<ruleset name="IU.edu (partial)" default_off="failed ruleset test">
 
-	<rule from="^https?://(?:www\.)?osl\.iu\.edu/"
+	<!--	Direct rewrites:
+				-->
+	<target host="iu.edu" />
+	<target host="cloudtools.access.iu.edu" />
+	<target host="ams.iu.edu" />
+	<target host="assets.iu.edu" />
+	<target host="caits.iu.edu" />
+	<target host="canvas.iu.edu" />
+	<target host="cas.iu.edu" />
+	<target host="cloudstorage.iu.edu" />
+	<target host="www.exchange.iu.edu" />
+	<target host="fonts.iu.edu" />
+	<target host="globalnews.iu.edu" />
+	<target host="idp.iu.edu" />
+	<target host="imail.iu.edu" />
+	<target host="it.iu.edu" />
+	<target host="itaccounts.iu.edu" />
+	<target host="itnews.iu.edu" />
+	<target host="itnotices.iu.edu" />
+	<target host="ittraining.iu.edu" />
+	<target host="iuanyware.iu.edu" />
+	<target host="iufoundation.iu.edu" />
+	<target host="iuware.iu.edu" />
+	<target host="kb.iu.edu" />
+	<target host="media.kb.iu.edu" />
+	<target host="mail.iu.edu" />
+	<target host="oncourse.iu.edu" />
+	<target host="resources.oncourse.iu.edu" />
+	<target host="one.iu.edu" />
+	<target host="onestart.iu.edu" />
+	<target host="www.osl.iu.edu" />
+	<target host="protect.iu.edu" />
+	<target host="pti.iu.edu" />
+	<target host="internal.pti.iu.edu" />
+	<target host="strategicplan.iu.edu" />
+	<target host="uits.iu.edu" />
+	<target host="assets.uits.iu.edu" />
+	<target host="slfed.uits.iu.edu" />
+	<target host="umail.iu.edu" />
+	<target host="viewpoints.iu.edu" />
+	<target host="webmail.iu.edu" />
+	<target host="www.iu.edu" />
+
+		<test url="http://assets.uits.iu.edu/css/iu-brand.css" />
+
+	<!--	Complications:
+				-->
+	<target host="osl.iu.edu" />
+	<target host="www.pti.iu.edu" />
+
+		<!--	Redirect to http:
+						-->
+		<!--exclusion pattern="^http://www\.iu\.edu/$" /-->
+		<!--
+			404:
+				-->
+		<!--exclusion pattern="^http://(?:www\.)?iu\.edu/(?:_slideshows/img/.+|WRAP_SDDU/BL-PROV-COMM/IUBGATE/hotspots/_images/)" /-->
+		<!--
+			401:
+				-->
+		<!--exclusion pattern="^http://(?:www\.)?iu\.edu/~iunews/img/piurek-ryan\.jpg" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://(?:www\.)?iu\.edu/(?!css/|img/|[\w/-]+/_image/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://iu.edu/_slideshows/img/2015%20photos/103015TwylaTharp.jpg" />
+			<test url="http://www.iu.edu/~iunews/img/piurek-ryan.jpg" />
+			<test url="http://www.iu.edu/about/" />
+			<test url="http://www.iu.edu/extraordinary/" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.iu.edu/css/print.css" />
+			<test url="http://www.iu.edu/img/css/home-news-title.gif" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://viewpoints\.iu\.edu/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://viewpoints\.iu\.edu/+(?!wp-content/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://viewpoints.iu.edu/about" />
+			<test url="http://viewpoints.iu.edu/science-at-work/" />
+
+			<!--	-ve:
+					-->
+			<test url="http://viewpoints.iu.edu/wp-content/themes/iu-news-theme/img/main/featured-blogs/protect-iu.png" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^((ams|assets|canvas|cas|fonts|it|kb|oncourse|resources\.oncourse|one|protect|strategicplan|uits|umail|viewpoints|www)\.)?iu\.edu$" name="^X-Mapping-\w+$" /-->
+	<!--securecookie host="^\.cloudtools\.access\.iu\.edu$" name="^ARRAffinity$" /-->
+	<!--securecookie host="^(ams|itnotices|ittraining|iuware)\.iu\.edu$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^(webmail|www)\.cs\.iu\.edu$" name="^bla$" /-->
+	<!--securecookie host="^globalnoc\.iu\.edu$" name="^wgSession$" /-->
+	<!--securecookie host="^idp\.iu\.edu$" name="^OPEID$" /-->
+	<!--securecookie host="^ittraining\.iu\.edu$" name="^ITTE_CartID$" /-->
+	<!--securecookie host="^mail\.iu\.edu$" name="^ClientId$" /-->
+	<!--securecookie host="^one\.iu\.edu$" name="^(VisitorGuid|XSRF-TOKEN)$" /-->
+	<!--securecookie host="^people\.iu\.edu$" name="^sid$" /-->
+	<!--securecookie host="^\.(?:cacr|internal\.pti)\.iu\.edu$" name="^SESS[0-9a-f]{32}$" /-->
+	<!--securecookie host="^uits\.iu\.edu$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\w.*\.iu\.edu$" name=".+" />
+	<securecookie host="^\.(?:cloudtools\.access|internal\.pti)\.iu\.edu$" name=".+" />
+
+
+	<rule from="^http://osl\.iu\.edu/"
 		to="https://www.osl.iu.edu/" />
 
-	<rule from="^https?://(?:www\.)?pti\.iu\.edu/"
+	<rule from="^http://www\.pti\.iu\.edu/"
 		to="https://pti.iu.edu/" />
 
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/Indiana.edu.xml b/src/chrome/content/rules/Indiana.edu.xml
new file mode 100644
index 000000000000..e4b779daa85e
--- /dev/null
+++ b/src/chrome/content/rules/Indiana.edu.xml
@@ -0,0 +1,37 @@
+<!--
+	For other Indiana University coverage, see Indiana-University.xml.
+
+	Non-functional hosts
+		Couldn't connect to server:
+			 - iubio.bio.indiana.edu
+			 - gisday.indiana.edu
+			 - lkml.indiana.edu
+
+		SSL peer certificate was not OK:
+			 - stcweb.stc.indiana.edu
+
+		Secure connection redirects to plaintext:
+			 - news.indiana.edu
+-->
+<ruleset name="Indiana.edu (partial)">
+	<target host="indiana.edu" />
+	<target host="www.indiana.edu" />
+		<!-- Different content HTTP/HTTPS -->
+		<exclusion pattern="^http://(www\.)?indiana\.edu/~\w+/" />
+			<test url="http://www.indiana.edu/~oah/" />
+			<test url="http://indiana.edu/~sphs/home/" />
+			<test url="http://www.indiana.edu/~sphs/home/" />
+	<target host="alumni.indiana.edu" />
+	<target host="bursar.indiana.edu" />
+	<target host="d2i.indiana.edu" />
+	<target host="www.informatics.indiana.edu" />
+	<target host="soic.indiana.edu" />
+	<target host="www.dsc.soic.indiana.edu" />
+	<target host="wphomes.soic.indiana.edu" />
+	<target host="www.soic.indiana.edu" />
+	<target host="studentcentral.indiana.edu" />
+	<target host="gentoo.ussg.indiana.edu" />
+	<target host="spout.ussg.indiana.edu" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/IndianaCourts.us.xml b/src/chrome/content/rules/IndianaCourts.us.xml
new file mode 100644
index 000000000000..06dda1e529d4
--- /dev/null
+++ b/src/chrome/content/rules/IndianaCourts.us.xml
@@ -0,0 +1,6 @@
+<ruleset name="IndianaCourts.us">
+	<target host="indianacourts.us" />
+	<target host="www.indianacourts.us" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Indiana_State_University.xml b/src/chrome/content/rules/Indiana_State_University.xml
index 75b8700279bd..ce41a5dc5d37 100644
--- a/src/chrome/content/rules/Indiana_State_University.xml
+++ b/src/chrome/content/rules/Indiana_State_University.xml
@@ -1,30 +1,16 @@
 <!--
-	Nonfunctional subdomains:
-
-		- library	(revoked)
-
-
-	Partially covered subdomains:
-
-		- (www.)	(some pages redirect to http)
-
-
-	Fully covered subdomains:
-
-		- isuportal
-		- www1
+	Non-functional hosts
+		Timeout was reached:
+		- www1.indstate.edu
 
+		Mixed content blocking (MCB) triggered:
+		- library.indstate.edu
 -->
 <ruleset name="Indiana State University (partial)">
+	<target host="indstate.edu" />
+	<target host="www.indstate.edu" />
+	<target host="blackboard.indstate.edu" />
+	<target host="isuportal.indstate.edu" />
 
-	<target host="*.indstate.edu" />
-		<exclusion pattern="^http://(?:www\.)?indstate\.edu/(?!css/|favicon\.ico|images/|js/)" />
-
-
-	<securecookie host="^isuportal\.indstate\.edu$" name=".+" />
-
-
-	<rule from="^http://((?:isuportal|www1?)\.)?indstate\.edu/"
-		to="https://$1indstate.edu/" />
-
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Indianapolis_Star.xml b/src/chrome/content/rules/Indianapolis_Star.xml
index ab488781c4a9..bc0b08588957 100644
--- a/src/chrome/content/rules/Indianapolis_Star.xml
+++ b/src/chrome/content/rules/Indianapolis_Star.xml
@@ -6,11 +6,15 @@
 
 		- ^		(times out)
 		- cmsimg	(akamai)
+		- www ²
+
+	² Akamai
 
 -->
-<ruleset name="Indianapolis Star">
+<ruleset name="Indianapolis Star" default_off="mismatched">
 
 	<target host="indystar.com" />
+	<target host="cmsing.indystar.com" />
 	<target host="www.indystar.com" />
 
 
@@ -20,4 +24,4 @@
 	<rule from="^http://(?:cmsing\.|www\.)?indystar\.com/"
 		to="https://www.indystar.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/IndieHackers.com.xml b/src/chrome/content/rules/IndieHackers.com.xml
new file mode 100644
index 000000000000..45b0d92872dd
--- /dev/null
+++ b/src/chrome/content/rules/IndieHackers.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="IndieHackers.com">
+	<target host="indiehackers.com" />
+	<target host="www.indiehackers.com" />
+	<target host="shop.indiehackers.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/IndieMerch.xml b/src/chrome/content/rules/IndieMerch.xml
index c128a9bd9e61..324bb08c7cdb 100644
--- a/src/chrome/content/rules/IndieMerch.xml
+++ b/src/chrome/content/rules/IndieMerch.xml
@@ -13,16 +13,17 @@
 <ruleset name="IndieMerch (partial)">
 
 	<target host="indiemerch.com" />
-	<target host="*.indiemerch.com" />
+	<target host="cdn.indiemerch.com" />
+	<target host="pad.indiemerch.com" />
+	<target host="www.indiemerch.com" />
 
 
 	<securecookie host="^.+\.indiemerch\.com$" name=".+" />
 
 
-	<rule from="^https?://indiemerch\.com/"
+	<rule from="^http://indiemerch\.com/"
 		to="https://www.indiemerch.com/" />
 
-	<rule from="^http://(cdn|pad|www)\.indiemerch\.com/"
-		to="https://$1.indiemerch.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/IndieMerchandising.xml b/src/chrome/content/rules/IndieMerchandising.xml
index b2820db64162..26fb9dabaa48 100644
--- a/src/chrome/content/rules/IndieMerchandising.xml
+++ b/src/chrome/content/rules/IndieMerchandising.xml
@@ -7,7 +7,6 @@
 	<securecookie host="^(?:www\.)?indiemerchandising\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?indiemerchandising\.com/"
-		to="https://$1indiemerchandising.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/IndieMerchstore.xml b/src/chrome/content/rules/IndieMerchstore.xml
index 6e0e68703717..eb51b80214eb 100644
--- a/src/chrome/content/rules/IndieMerchstore.xml
+++ b/src/chrome/content/rules/IndieMerchstore.xml
@@ -14,7 +14,6 @@
 	<securecookie host="^www\.indiemerchstore\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?indiemerchstore\.com/"
-		to="https://www.indiemerchstore.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/IndieWeb.xml b/src/chrome/content/rules/IndieWeb.xml
new file mode 100644
index 000000000000..343ea72c13a9
--- /dev/null
+++ b/src/chrome/content/rules/IndieWeb.xml
@@ -0,0 +1,24 @@
+<!--
+	Different HTTP/HTTPS response:
+		2016.indieweb.org
+
+	Invalid certificate:
+		www.indiewebcamp.com
+		news.indiewebcamp.com
+		nicknames.indiewebcamp.com
+		slack.indiewebcamp.com
+
+-->
+<ruleset name="IndieWeb">
+	<target host="indiewebcamp.com" />
+	<target host="socialwg.indiewebcamp.com" />
+
+	<target host="indieweb.org" />
+	<target host="www.indieweb.org" />
+	<target host="chat.indieweb.org" />
+	<target host="etherpad.indieweb.org" />
+	<target host="news.indieweb.org" />
+	<target host="ssl.indieweb.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Indiegala.com.xml b/src/chrome/content/rules/Indiegala.com.xml
new file mode 100644
index 000000000000..efffde1ccd80
--- /dev/null
+++ b/src/chrome/content/rules/Indiegala.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="Indiegala">
+	<target host="indiegala.com" />
+	<target host="www.indiegala.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Indiegogo.xml b/src/chrome/content/rules/Indiegogo.xml
index 299124ecba46..9f834d5737bb 100644
--- a/src/chrome/content/rules/Indiegogo.xml
+++ b/src/chrome/content/rules/Indiegogo.xml
@@ -5,6 +5,9 @@
 		- d2oadd98wnjs7n.cloudfront.net
 
 
+	igg.me: refused
+
+
 	Fully covered subdomains:
 
 		- images
@@ -12,9 +15,10 @@
 -->
 <ruleset name="Indiegogo (partial)">
 
+	<target host="igg.me" />
+	<target host="*.iggcdn.com" />
 	<target host="indiegogo.com" />
 	<target host="*.indiegogo.com" />
-		<exclusion pattern="^http://(?:www\.)?indiegogo\.com/(?!account/|assets/|blog/|favicon\.(?:ico|png)|images/|project/\d+/widget/|styles/)" />
 
 
 	<!--	Tracking cookies:
@@ -22,6 +26,12 @@
 	<securecookie host="^\.indiegogo\.com$" name="^(?:optimizely\w+|__utm\w)$" />
 
 
+	<rule from="^http://igg\.me/"
+		to="https://www.indiegogo.com/" />
+
+	<rule from="^http://g(\d)\.iggcdn\.com/"
+		to="https://g$1.iggcdn.com/" />
+
 	<rule from="^http://((?:images|web\d|www)\.)?indiegogo\.com/"
 		to="https://$1indiegogo.com/" />
 
diff --git a/src/chrome/content/rules/IndovinaBank.xml b/src/chrome/content/rules/IndovinaBank.xml
deleted file mode 100644
index 7a7dac91708b..000000000000
--- a/src/chrome/content/rules/IndovinaBank.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!-- This rule was automatically generated based on an HSTS
-     preload rule in the Chromium browser.  See 
-     https://src.chromium.org/viewvc/chrome/trunk/src/net/base/transport_security_state.cc
-     for the list of preloads.  Sites are added to the Chromium HSTS
-     preload list on request from their administrators, so HTTPS should
-     work properly everywhere on this site.
- 
-     Because Chromium and derived browsers automatically force HTTPS for
-     every access to this site, this rule applies only to Firefox. -->
-<ruleset name="Indovina Bank" platform="firefox">
-  <target host="ebanking.indovinabank.com.vn" />
-
-  <securecookie host="^ebanking\.indovinabank\.com\.vn$" name=".+" />
-
-  <rule from="^http://ebanking\.indovinabank\.com\.vn/" to="https://ebanking.indovinabank.com.vn/" />
-</ruleset>
diff --git a/src/chrome/content/rules/IndusGuard.xml b/src/chrome/content/rules/IndusGuard.xml
deleted file mode 100644
index 73504e0ee03e..000000000000
--- a/src/chrome/content/rules/IndusGuard.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- ^	(record_too_long)
-		- www	(times out)
-
--->
-<ruleset name="IndusGuard (partial)">
-
-	<target host="soc.indusguard.com" />
-
-
-	<securecookie host="^soc\.indusguard\.com$" name=".+" />
-
-
-	<rule from="^http://soc\.indusguard\.com/"
-		to="https://soc.indusguard.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Industry-Botnet-Group.xml b/src/chrome/content/rules/Industry-Botnet-Group.xml
index 6485877b7279..7a0487a00712 100644
--- a/src/chrome/content/rules/Industry-Botnet-Group.xml
+++ b/src/chrome/content/rules/Industry-Botnet-Group.xml
@@ -1,13 +1,13 @@
-<ruleset name="Industry Botnet Group">
+<ruleset name="Industry Botnet Group.org" default_off="refused">
 
 	<target host="industrybotnetgroup.org" />
 	<target host="www.industrybotnetgroup.org" />
 
 
-	<securecookie host="^(www\.)?industrybotnetgroup\.org$" name=".*" />
+	<securecookie host="^(?:www\.)?industrybotnetgroup\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?industrybotnetgroup\.org/"
-		to="https://$1industrybotnetgroup.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Industry_Mailout.com.xml b/src/chrome/content/rules/Industry_Mailout.com.xml
deleted file mode 100644
index 1c4c7a54f7fc..000000000000
--- a/src/chrome/content/rules/Industry_Mailout.com.xml
+++ /dev/null
@@ -1,32 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- support	(desk.com)
-
-
-	CN: www.mailoutinteractive.com
-
-
-	Mixed content:
-
-		- Images on (www.), from:
-
-			- www.advisormailout.com
-			- images.scanalert.com *
-
-	* Secured by us
-
--->
-<ruleset name="Industry Mailout.com (partial)" default_off="mismatched">
-
-	<target host="industrymailout.com" />
-	<target host="www.industrymailout.com" />
-
-
-	<securecookie host="^industrymailout\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?industrymailout\.com/"
-		to="https://industrymailout.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Industrybrains.com.xml b/src/chrome/content/rules/Industrybrains.com.xml
new file mode 100644
index 000000000000..65469410da76
--- /dev/null
+++ b/src/chrome/content/rules/Industrybrains.com.xml
@@ -0,0 +1,34 @@
+<!--
+	For other Marchex coverage, see Marchex.xml.
+
+
+	Fully covered hosts in *industrybrains.com:
+
+		- pixel
+
+
+	Insecure cookies are set for these domains:
+
+		- .industrybrains.com
+
+-->
+<ruleset name="industrybrains.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="pixel.industrybrains.com" />
+
+		<test url="http://pixel.industrybrains.com/imps.php?sgms=" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.industrybrains\.com$" name="^__sgs$" /-->
+
+	<securecookie host="^\.industrybrains\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Indy.im.xml b/src/chrome/content/rules/Indy.im.xml
new file mode 100644
index 000000000000..638a6c8a83c3
--- /dev/null
+++ b/src/chrome/content/rules/Indy.im.xml
@@ -0,0 +1,29 @@
+<!--
+	These altnames don't exist:
+
+		- www.indy.im
+
+
+	Insecure cookies are set for these hosts:
+
+		- indy.im
+
+-->
+<ruleset name="Indy.im">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="indy.im" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^indy\.im$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^indy\.im$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/IndyReader.org.xml b/src/chrome/content/rules/IndyReader.org.xml
new file mode 100644
index 000000000000..1ddf02f7f163
--- /dev/null
+++ b/src/chrome/content/rules/IndyReader.org.xml
@@ -0,0 +1,9 @@
+<ruleset name="IndyReader.org">
+
+	<target host="indyreader.org" />
+	<target host="www.indyreader.org" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Indybay.xml b/src/chrome/content/rules/Indybay.xml
deleted file mode 100644
index 357ce1ef5991..000000000000
--- a/src/chrome/content/rules/Indybay.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="Indybay">
-  <target host="www.indybay.org"/>
-  <target host="indybay.org"/>
-
-  <rule from="^http://(www\.)?indybay\.org/" to="https://www.indybay.org/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/Indymedia.nl.xml b/src/chrome/content/rules/Indymedia.nl.xml
new file mode 100644
index 000000000000..93747a5b3506
--- /dev/null
+++ b/src/chrome/content/rules/Indymedia.nl.xml
@@ -0,0 +1,17 @@
+<!--
+	For other Indymedia coverage, see Indymedia.xml.
+
+-->
+<ruleset name="Indymedia.nl">
+
+	<target host="indymedia.nl" />
+	<target host="www.indymedia.nl" />
+	<target host="irc.indymedia.nl" />
+	<target host="lists.indymedia.nl" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Indymedia.org.uk.xml b/src/chrome/content/rules/Indymedia.org.uk.xml
new file mode 100644
index 000000000000..6db131784159
--- /dev/null
+++ b/src/chrome/content/rules/Indymedia.org.uk.xml
@@ -0,0 +1,30 @@
+<!--
+	For other Indymedia coverage, see Indymedia.xml.
+
+
+	Problematic hosts in *indymedia.org.uk:
+
+		- notts ¹ ²
+		- nottingham ¹ ²
+
+	¹ CAcert
+	² Expired
+
+-->
+<ruleset name="Indymedia.org.uk (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="indymedia.org.uk" />
+	<target host="sheffield.indymedia.org.uk" />
+	<target host="www.sheffield.indymedia.org.uk" />
+	<target host="www.indymedia.org.uk" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Indymedia.xml b/src/chrome/content/rules/Indymedia.xml
index bc61fdec3d4c..009c13416504 100644
--- a/src/chrome/content/rules/Indymedia.xml
+++ b/src/chrome/content/rules/Indymedia.xml
@@ -1,92 +1,101 @@
 <!--
-	Problematic subdomains:
-
-		- ^	(cert only matches www)
-
--->
-<ruleset name="Indymedia.org" platform="cacert">
-  <target host="indymedia.org" />
-  <target host="*.indymedia.org" />
-  <target host="indymedia.org.uk" />
-  <target host="*.indymedia.org.uk" />
-  <target host="northern-indymedia.org" />
-  <target host="*.northern-indymedia.org" />
-
-<!--
- This is a ruleset for the https-everywhere extension for firefox.
- for more info see https://www.eff.org/https-everywhere
-
- to install install the extension put this file in
-  ~/.mozilla/your.profile/HTTPSEverywhereUserRules
--->
-<!-- 2010/07/14 Version 0.1 chekov(at-sign)riseup.net -->
-<!--
- scope of this document:
-  indymedia.org based imcs and infrastrucure
-  it also includes the indymedia.org.uk and the northern-indymedia.org ans northernindymedia.org domains
-  discuss this document at the im-tech list from lists.indymedia.org
-  not including indymedia.us, indymedia.org.il and the like
-
- 2010-06-23 report on tested sites:
- == working ==
- "global"
- volunteer, irc, chat, lists
- radio, docs, mir
- biotech, video, keys
-
- linksunten
-
- == failed ==
- ambazonia|austin|beirut|bergstedt|blackcat|bulgaria|canarias|chiapas|
- colorado|dc|dl1\.video|hm|hudsonmohawk|jakarta|korea|laplana|lille1|mail\.se
- |minneapolis|mke|nettlau|newsreal|nycap|old\.estrecho|ottawa|perth|pl|
- rochester|romania|rous|russia|shiva|sweden|twincities|victoria|wmass|worcester|www1\.mexico|mexico|www3\.ch
-
- print, satellite, translations
- india, italia
+	Other Indymedia rulesets:
+		+ Indymedia.nl.xml
+		+ Indymedia.org.uk.xml
+
+	Non-functional hosts
+		Couldn't connect to server:
+		- barcelona.indymedia.org
+		- bcn.indymedia.org
+		- boston.indymedia.org
+		- che.indymedia.org
+		- cyprus.indymedia.org
+		- docs.indymedia.org
+		- newsreal.indymedia.org
+		- satellite.indymedia.org
+
+		Timeout was reached:
+		- grenoble.indymedia.org
+		- manila.indymedia.org
+		- www.sweden.indymedia.org
+
+		SSL connect error:
+		- media.de.indymedia.org
+		- japan.indymedia.org
+		- nyc.indymedia.org
+
+		SSL peer certificate was not OK:
+		- www.adelaide.indymedia.org
+		- bagimsiz-istanbul.indymedia.org
+		- brasil.indymedia.org
+		- ch.indymedia.org
+		- chicago.indymedia.org
+		- www.chicago.indymedia.org
+		- cleveland.indymedia.org
+		- www.cleveland.indymedia.org
+		- ecuador.indymedia.org
+		- irc.indymedia.org
+		- www.mexico.indymedia.org
+		- newmexico.indymedia.org
+		- www.newmexico.indymedia.org
+		- neworleans.indymedia.org
+		- nm.indymedia.org
+		- nola.indymedia.org
+		- pittsburgh.indymedia.org
+		- portland.indymedia.org
+		- www.portland.indymedia.org
+		- media.portland.indymedia.org
+		- publish.portland.indymedia.org
+		- pr.indymedia.org
+		- www.pr.indymedia.org
+		- print.indymedia.org
+		- www.print.indymedia.org
+		- puertorico.indymedia.org
+		- www.puertorico.indymedia.org
+		- quebec.indymedia.org
+		- richmond.indymedia.org
+		- www.richmond.indymedia.org
+		- rochester.indymedia.org
+		- www.rochester.indymedia.org
+		- santacruz.indymedia.org
+		- www.santacruz.indymedia.org
+		- sonora.indymedia.org
+		- www.stlouis.indymedia.org
+		- switzerland.indymedia.org
+		- valparaiso.indymedia.org
+		- www.valparaiso.indymedia.org
+
+		Incomplete certificate chain error:
+		- austin.indymedia.org
+		- ie.indymedia.org
+		- www.ie.indymedia.org
+		- ireland.indymedia.org
+		- www.ireland.indymedia.org
+
+		5xx server error:
+		- de.indymedia.org
 -->
-
-  <!-- global -->
-  <rule from="^http://(?:www\.)?indymedia\.org/" to="https://www.indymedia.org/"/>
-
-  <!-- exclusion for infrastructure -->
-  <exclusion pattern="^http://(?:www\.)?(?:print|translations|satellite)\.indymedia\.org/"/>
-
-  <!-- exclusion for imcs -->
-
-  <exclusion pattern="^http://(?:www\.)?(?:de|pr|india|italia|beirut)\.indymedia\.org/"/>
-
-  <exclusion pattern="^http://(?:ambazonia|atlanta|austin|beirut|bergstedt|blackcat|bulgaria|canarias|chiapas|colorado|dc|dl1\.video|hm|hudsonmohawk|jakarta|korea|laplana|lille1|mail\.se|minneapolis|mke|nettlau|newsreal|nycap|old\.estrecho|ottawa|perth|pl|rochester|romania|rous|russia|shiva|sweden|twincities|victoria|wmass|worcester|(?:www(1)?\.)?mexico|www3\.ch)\.indymedia\.org/"/>
-  <exclusion pattern="^http://(?:media[12]?\.argentina|buscador\.argentina)\.indymedia\.org/"/>
-  <exclusion pattern="^http://(?:(?:dev\.)?boston)\.indymedia\.org/"/>
-  <exclusion pattern="^http://(?:(?:www2?\.)?brasil|brazil)\.indymedia\.org/"/>
-  <exclusion pattern="^http://(?:chicago|chicago2|www0\.chicago|dev\.chicago)\.indymedia\.org/"/>
-  <exclusion pattern="^http://(?:de|media[12]?\.de|www[23]\.de|www[23]\.germany)\.indymedia\.org/"/>
-  <exclusion pattern="^http://(?:(?:www[12]\.)?istanbul|media2?\.istanbul|bagimsiz-istanbul|istanbul\.bbm)\.indymedia\.org/"/>
-  <exclusion pattern="^http://(?:(?:publish\.)?sandiego)\.indymedia\.org/"/>
-
-  <!-- domains with www prefix -->
-  <rule from="^http://www\.([^/:@\.]+)\.indymedia\.org/" to="https://www.$1.indymedia.org/"/>
-
-  <!-- doamins without www as prefix -->
-  <rule from="^http://([^/:@\.]+)\.indymedia\.org/" to="https://$1.indymedia.org/"/>
-
-  <!-- indymedia.org.uk -->
-  <rule from="^http://indymedia\.org\.uk/" to="https://indymedia.org.uk/"/>
-  <rule from="^http://(london|notts|sheffield)\.indymedia\.org\.uk/" to="https://$1.indymedia.org.uk/"/>
-  <rule from="^http://www\.(london|notts|sheffield)\.indymedia\.org\.uk/" to="https://www.$1.indymedia.org.uk/"/>
-
-  <!-- northern-indymedia.org -->
-<!--
-https same as http: www.northern-indymedia.org, www.northern-indymedia.org , northern-indymedia.org, m.northern-indymedia.org
-					mobi.northern-indymedia.org, mobile.northern-indymedia.org, wap.northern-indymedia.org
-https differs http: mob.northern-indymedia.org, joinin.northern-indymedia.org, radio.northern-indymedia.org
-					indyzines.northern-indymedia.org, sol.northern-indymedia.org, list.northern-indymedia.org
-					lists.northern-indymedia.org, mailinglist.northern-indymedia.org
--->
-  <rule from="^http://northern-indymedia\.org/" to="https://northern-indymedia.org/"/>
-  <rule from="^http://(www|m|mobi|mobile|wap)\.northern-indymedia\.org/" to="https://$1.northern-indymedia.org/"/>
-  <!-- northernindymedia.org -->
-  <rule from="^http://(www\.)?northernindymedia\.org/" to="https://$1northern-indymedia.org/"/>
-
+<ruleset name="Indymedia.org">
+	<target host="indymedia.org" />
+	<target host="www.indymedia.org" />
+	<target host="linksunten.archive.indymedia.org" />
+	<target host="argentina.indymedia.org" />
+	<target host="archivo.argentina.indymedia.org" />
+	<target host="athens.indymedia.org" />
+	<target host="bristol.indymedia.org" />
+	<target host="brussel.indymedia.org" />
+	<target host="brussels.indymedia.org" />
+	<target host="bxl.indymedia.org" />
+	<target host="chat.indymedia.org" />
+	<target host="la.indymedia.org" />
+	<target host="lille.indymedia.org" />
+	<target host="linksunten.indymedia.org" />
+	<target host="mexico.indymedia.org" />
+	<target host="nantes.indymedia.org" />
+	<target host="radio.indymedia.org" />
+	<target host="www.radio.indymedia.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Inertianetworks.com.xml b/src/chrome/content/rules/Inertianetworks.com.xml
deleted file mode 100644
index 7734bdd08392..000000000000
--- a/src/chrome/content/rules/Inertianetworks.com.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!-- This rule was automatically generated based on an HSTS
-     preload rule in the Chromium browser.  See
-     https://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.h
-     for the list of preloads.  Sites are added to the Chromium HSTS
-     preload list on request from their administrators, so HTTPS should
-     work properly everywhere on this site.
-
-     Because Chromium and derived browsers automatically force HTTPS for
-     every access to this site, this rule applies only to Firefox. -->
-<ruleset name="Inertianetworks.com" platform="firefox">
-<target host="inertianetworks.com" />
-
-<securecookie host="^inertianetworks\.com$" name=".+" />
-
-<rule from="^http://inertianetworks\.com/" to="https://inertianetworks.com/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Inet.se.xml b/src/chrome/content/rules/Inet.se.xml
deleted file mode 100644
index 2be70c8eca47..000000000000
--- a/src/chrome/content/rules/Inet.se.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="Inet.se">
-  <target host="inet.se" />
-  <target host="www.inet.se" />
-
-  <rule from="^http://(?:www\.)?inet\.se/" to="https://www.inet.se/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/InfNX.xml b/src/chrome/content/rules/InfNX.xml
deleted file mode 100644
index 25abec3b2fb1..000000000000
--- a/src/chrome/content/rules/InfNX.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	Other InfNX rulesets:
-
-		- FixUnix.xml
-
-
-	In buckets somewhere:
-		- [ci].dbaspot.com
-		- c.objectmix.com
--->
-<ruleset name="InfNX">
-
-	<!--	infnx.com/web-portfolio	-->
-	<target host="*.infnx.com"/>
-
-	<rule from="^http://(idn|static)\.infnx\.com/"
-		to="https://s3.amazonaws.com/$1.infnx.com/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Infamous.xml b/src/chrome/content/rules/Infamous.xml
deleted file mode 100644
index b4cce9fa5c10..000000000000
--- a/src/chrome/content/rules/Infamous.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Infamous">
-
-	<target host="foreverinfamous.com" />
-	<target host="*.foreverinfamous.com" />
-
-
-	<securecookie host="^(?:w*\.)?foreverinfamous\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?foreverinfamous\.com/"
-		to="https://$1foreverinfamous.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Infektionsschutz.de.xml b/src/chrome/content/rules/Infektionsschutz.de.xml
new file mode 100644
index 000000000000..84ba5aa97ce9
--- /dev/null
+++ b/src/chrome/content/rules/Infektionsschutz.de.xml
@@ -0,0 +1,8 @@
+<ruleset name="Infektionsschutz.de">
+	<target host="infektionsschutz.de" />
+	<target host="www.infektionsschutz.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Infile.xml b/src/chrome/content/rules/Infile.xml
index 64183b92ab50..5b30944db7d2 100644
--- a/src/chrome/content/rules/Infile.xml
+++ b/src/chrome/content/rules/Infile.xml
@@ -1,17 +1,13 @@
-<!--
-	CN: Parallels Panel
-
--->
-<ruleset name="Infile" default_off="self-signed">
+<ruleset name="Infile">
 
 	<target host="infile.com" />
-	<target host="*.infile.com" />
+	<target host="www.infile.com" />
 
 
-	<securecookie host="^\.infile\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?infile\.com/"
-		to="https://infile.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Infinet.com.au-falsemixed.xml b/src/chrome/content/rules/Infinet.com.au-falsemixed.xml
new file mode 100644
index 000000000000..db780b0ef89f
--- /dev/null
+++ b/src/chrome/content/rules/Infinet.com.au-falsemixed.xml
@@ -0,0 +1,21 @@
+<!--
+	For rules not causing false/broken MCB, see Infinet.com.au.xml.
+
+-->
+<ruleset name="Infinet.com.au (false MCB)" platform="mixedcontent">
+
+	<target host="infinet.com.au" />
+	<target host="*.infinet.com.au" />
+		<!--
+			Handled in Infinet.com.au.xml:
+							-->
+		<!--exclusion pattern="^http://(www\.)?infinet.com.au/(favicon\.ico|wp-content/|wp-includes/)" /-->
+
+
+	<securecookie host="^(?:w*\.)?infinet\.com\.au$" name=".+" />
+
+
+	<rule from="^http://(www\.)?infinet\.com\.au/(?!favicon\.ico|wp-content/|wp-includes/)"
+		to="https://$1infinet.com.au/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Infinet.com.au.xml b/src/chrome/content/rules/Infinet.com.au.xml
new file mode 100644
index 000000000000..a2036db63d7e
--- /dev/null
+++ b/src/chrome/content/rules/Infinet.com.au.xml
@@ -0,0 +1,47 @@
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://support.infinet.com.au/ => https://support.infinet.com.au/: (28, 'Connection timed out after 10001 milliseconds')
+	For rules causing false/broken MCB, see Infinet.com.au-falsemixed.xml.
+
+
+	Other Infinet rulesets:
+
+		- VARCentral.com.au.xml
+
+
+	Mixed content:
+
+		- css on ^ from $self *
+
+		- Images on ^ from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Infinet.com.au (partial)">
+
+	<target host="infinet.com.au" />
+	<target host="support.infinet.com.au" />
+	<target host="www.infinet.com.au" />
+	<target host="www.shop.infinet.com.au" />
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="^http://(www\.)?shop\.infinet\.com\.au/+($|\?|epages/shop\.sf/en_AU/\?ObjectPath=/Shops/infinet/Categories)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://(?:www\.)?shop\.infinet\.com\.au/+(?!epages/shop\.sf/en_AU/\?ObjectPath=/Shops/infinet&amp;ViewAction=ViewRegistration|WebRoot/)" />
+
+		<!--
+			Avoid false/broken MCB:
+						-->
+		<exclusion pattern="^http://(?:www\.)?infinet.com.au/(?!favicon\.ico|wp-content/|wp-includes/)" />
+
+
+	<securecookie host="^support\.infinet\.com\.au$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/InfiniteDescent.xyz.xml b/src/chrome/content/rules/InfiniteDescent.xyz.xml
new file mode 100644
index 000000000000..ec0afe016575
--- /dev/null
+++ b/src/chrome/content/rules/InfiniteDescent.xyz.xml
@@ -0,0 +1,8 @@
+<ruleset name="InfiniteDescent.xyz">
+	<target host="infinitedescent.xyz" />
+	<target host="www.infinitedescent.xyz" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Infinity_Tracking.xml b/src/chrome/content/rules/Infinity_Tracking.xml
index b50c64e31bbf..51750f86877a 100644
--- a/src/chrome/content/rules/Infinity_Tracking.xml
+++ b/src/chrome/content/rules/Infinity_Tracking.xml
@@ -15,16 +15,13 @@
 <ruleset name="Infinity Tracking (partial)">
 
 	<target host="portal.infinity-tracking.com" />
-	<target host="*.infinity-tracking.net" />
+	<target host="api.infinity-tracking.net" />
+	<target host="assets.infinity-tracking.net" />
 
 
 	<!--securecookie host="^\.infinity-tracking\.com$" name="^ict-portal-session$" /-->
 
 
-	<rule from="^http://portal\.infinity-tracking\.com/"
-		to="https://portal.infinity-tracking.com/" />
+	<rule from="^http:" to="https:" />
 
-	<rule from="^http://a(pi|ssets)\.infinity-tracking\.net/"
-		to="https://a$1.infinity-tracking.net/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/InfluAds.xml b/src/chrome/content/rules/InfluAds.xml
deleted file mode 100644
index b620099697dc..000000000000
--- a/src/chrome/content/rules/InfluAds.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)	(shows dashboard; mismatched, CN: dashboard.influads.com)
-
-
-	Problematic subdomains:
-
-		- papi		(works; mismatched, CN: engine.influads.com)
-
--->
-<ruleset name="InfluAds (partial)">
-
-	<target host="*.influads.com" />
-
-
-	<securecookie host="^dashboard\.influads\.com$" name=".+" />
-
-
-	<rule from="^http://(dashboard|engine)\.influads\.com/"
-		to="https://$1.influads.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Influencers_Conference.xml b/src/chrome/content/rules/Influencers_Conference.xml
deleted file mode 100644
index 68bd2205fb71..000000000000
--- a/src/chrome/content/rules/Influencers_Conference.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Influencers Conference">
-
-	<target host="influencersconference.com" />
-	<target host="*.influencersconference.com" />
-
-
-	<securecookie host="^\.influencersconference\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?influencersconference\.com/"
-		to="https://$1influencersconference.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Info.iet.unipi.it.xml b/src/chrome/content/rules/Info.iet.unipi.it.xml
deleted file mode 100644
index f2c516f54901..000000000000
--- a/src/chrome/content/rules/Info.iet.unipi.it.xml
+++ /dev/null
@@ -1,5 +0,0 @@
-<ruleset name="Info.iet.unipi.it" default_off="HTTPS and HTTP content differ">
-  <target host="info.iet.unipi.it" />
-
-  <rule from="^http://info\.iet\.unipi\.it/" to="https://info.iet.unipi.it/" />
-</ruleset>
diff --git a/src/chrome/content/rules/InfoJobs.net.xml b/src/chrome/content/rules/InfoJobs.net.xml
new file mode 100644
index 000000000000..f8b9377ab774
--- /dev/null
+++ b/src/chrome/content/rules/InfoJobs.net.xml
@@ -0,0 +1,65 @@
+<!--
+	Nonfunctional subdomains:
+
+		- plandecarrera *
+
+	* Refused
+
+
+	Problematic subdomains:
+
+		- static1 *
+
+	* Mismatched, CN: www.infojobs.net
+
+
+	Fully covered subdomains:
+
+		- (www.)?
+		- citrix
+		- formacion
+		- m
+		- media
+		- nosotros
+		- static1	(→ es-static0.infojobs.com)
+
+
+	Insecure cookies are set for these domains:
+
+		- .infojobs.net
+		- citrix.infojobs.net
+
+
+	Mixed content:
+
+		- Images on media from media *
+
+	* Secured by us
+
+-->
+<ruleset name="InfoJobs.net (partial)">
+
+	<target host="infojobs.net" />
+	<target host="citrix.infojobs.net" />
+	<target host="formacion.infojobs.net" />
+	<target host="m.infojobs.net" />
+	<target host="media.infojobs.net" />
+	<target host="nosotros.infojobs.net" />
+	<target host="www.infojobs.net" />
+	<target host="static1.infojobs.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.infojobs\.net$" name="^(IJCKIPLCY|IJTESTUID|IJUSERUID)$" /-->
+	<!--securecookie host="^citrix\.infojobs\.net$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^citrix\.infojobs\.net$" name=".+" />
+
+
+
+	<rule from="^http://static1\.infojobs\.net/"
+		to="https://es-static0.infojobs.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/InfoSec_Industry.com.xml b/src/chrome/content/rules/InfoSec_Industry.com.xml
new file mode 100644
index 000000000000..e57cd2bb9667
--- /dev/null
+++ b/src/chrome/content/rules/InfoSec_Industry.com.xml
@@ -0,0 +1,14 @@
+<ruleset name="InfoSec Industry.com">
+
+	<target host="infosecindustry.com" />
+	<target host="www.infosecindustry.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+	<securecookie host="^\." name="^(?:__cfduid|__qca|cf_clearance)$" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/InfoToday.com.xml b/src/chrome/content/rules/InfoToday.com.xml
new file mode 100644
index 000000000000..586bf62977e4
--- /dev/null
+++ b/src/chrome/content/rules/InfoToday.com.xml
@@ -0,0 +1,23 @@
+<!--
+	Nonfunctional hosts in *infotoday.com:
+
+		- (www.)? ᵈ
+		- books ᵈ
+		- newbreaks ᵃ
+
+	ᵃ Shows another domain
+	ᵈ Dropped
+
+-->
+<ruleset name="InfoToday.com (partial)">
+
+	<target host="secure.infotoday.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/InfoTomb.com.xml b/src/chrome/content/rules/InfoTomb.com.xml
new file mode 100644
index 000000000000..4559a784f743
--- /dev/null
+++ b/src/chrome/content/rules/InfoTomb.com.xml
@@ -0,0 +1,17 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://infotomb.com/ => https://infotomb.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.infotomb.com/ => https://www.infotomb.com/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="InfoTomb.com" default_off="failed ruleset test">
+
+	<target host="infotomb.com" />
+	<target host="www.infotomb.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/InfoWar.com.xml b/src/chrome/content/rules/InfoWar.com.xml
index f9d5c8c65f92..d51d61b57c1e 100644
--- a/src/chrome/content/rules/InfoWar.com.xml
+++ b/src/chrome/content/rules/InfoWar.com.xml
@@ -1,34 +1,45 @@
 <!--
 	Problematic subdomains:
 
-		- ^	(prints "currently down for maintenance", valid cert)
+	^infowar.com: Mismatched
+	www.infowar.com: Server sends no certificate chain, see https://whatsmychaincert.com
 
 
-	Mixed content:
+	Insecure cookies are set for these hosts:
 
-		- Images on www from www *
+		- www.infowar.com
 
-		- Ads/web bugs, on www from:
 
-			- d.adsbyisocket.com *
-			- ws.amazon.com *
-			- www.facebook.com *
-			- pagead2.googlesyndication.com *
-			- infowar.jobamatic.com *
+	Mixed content:
+
+		- css on www from fonts.googleapis.com *
+		- Images on www from www *
 
 	* Secured by us
 
 -->
-<ruleset name="InfoWar.com">
+<ruleset name="InfoWar.com" default_off="cert-chain">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.infowar.com" />
 
+	<!--	Complications:
+				-->
 	<target host="infowar.com" />
-	<target host="*.infowar.com" />
 
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.infowar\.com$" name="^tlf_1$" /-->
+
 	<securecookie host="^(?:www)?\.infowar\.com$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?infowar\.com/"
+	<rule from="^http://infowar\.com/"
 		to="https://www.infowar.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Infoblox.com.xml b/src/chrome/content/rules/Infoblox.com.xml
new file mode 100644
index 000000000000..07811e57aae8
--- /dev/null
+++ b/src/chrome/content/rules/Infoblox.com.xml
@@ -0,0 +1,16 @@
+<ruleset name="Infoblox.com">
+
+	<target host="infoblox.com" />
+	<target host="community.infoblox.com" />
+	<target host="support.infoblox.com" />
+	<target host="www.infoblox.com" />
+
+
+	<securecookie host="^\." name="^_ga" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Infobox.ru.xml b/src/chrome/content/rules/Infobox.ru.xml
new file mode 100644
index 000000000000..5f6c49dfed8f
--- /dev/null
+++ b/src/chrome/content/rules/Infobox.ru.xml
@@ -0,0 +1,35 @@
+<!--
+	Insecure cookies are set for these domains and hosts:
+
+		- .infobox.ru
+		- helpdesk.infobox.ru
+
+
+	Mixed content:
+
+		- css on ^ from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Infobox.ru">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="infobox.ru" />
+	<target host="helpdesk.infobox.ru" />
+	<target host="www.infobox.ru" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.infobox\.ru$" name="^(?:INFOBOX_V2_\w+|PHPSESSID)$" /-->
+	<!--securecookie host="^helpdesk\.infobox\.ru$" name="^SWIFT_(?:client|sessionid40)$" /-->
+
+	<securecookie host="^(?:helpdesk)?\.infobox\.ru$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Infocube.xml b/src/chrome/content/rules/Infocube.xml
index 745eeead7e2d..d8ed849d4497 100644
--- a/src/chrome/content/rules/Infocube.xml
+++ b/src/chrome/content/rules/Infocube.xml
@@ -1,9 +1,18 @@
-<ruleset name="Infocube (partial)">
 
-	<target host="ogt.jp"/>
-	<target host="*.ogt.jp"/>
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ogt.jp/ => https://ogt.jp/: (7, 'Failed to connect to ogt.jp port 443: Connection refused')
 
-	<rule from="^http://(a[35]\.|www\.)?ogt\.jp/"
-		to="https://$1ogt.jp/"/>
+Automatically by https-everywhere-checker because:
+Fetch error: http://ogt.jp/ => https://ogt.jp/: (28, 'Connection timed out after 10000 milliseconds')
+-->
+<ruleset name="Infocube (partial)" default_off="failed ruleset test">
+
+	<target host="ogt.jp" />
+	<target host="a3.ogt.jp" />
+	<target host="a5.ogt.jp" />
+	<target host="www.ogt.jp" />
+
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Infogr.am.xml b/src/chrome/content/rules/Infogr.am.xml
new file mode 100644
index 000000000000..b0c8dcd4f746
--- /dev/null
+++ b/src/chrome/content/rules/Infogr.am.xml
@@ -0,0 +1,32 @@
+<!--
+	Other Infogr.am rulesets:
+
+		- Jifo.co.xml
+
+
+	Insecure cookies are set for these domains: ᶜ
+
+		- .infogr.am
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Problematic domains:
+
+		- e.infogr.am causes breakage on numerous pages, cf. GH #4182, #4502, #6791, and #6864
+
+-->
+<ruleset name="Infogr.am (partial)">
+
+	<target host="infogr.am" />
+	<target host="blog.infogr.am" />
+	<target host="www.infogr.am" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Infogroup.xml b/src/chrome/content/rules/Infogroup.xml
index 5049510c08b5..8ab1931c8d72 100644
--- a/src/chrome/content/rules/Infogroup.xml
+++ b/src/chrome/content/rules/Infogroup.xml
@@ -1,27 +1,74 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://shared.sub.infousa.com/ => https://shared.sub.infousa.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
 	Nonfunctional domains:
 
 		- (www.)infogroup.com
-		- list.infousa.com	(cert: secured.infousa.com; shows that domain)
+		- list.infousa.com *
+		- secured.infousa.com *
+
+	* Connection reset by peer
+
+	Problematic hosts:
+
+		- link.p0.com *
+
+	* Protocol-relative redirect
+
+
+	Fully covered hosts in *infousa.com:
+
+		- (www.)?
+		- account
+		- ca
+		- leads
+		- publicfiling
+		- secured
+		- shared.sub
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- link.p0.com
+		- .link.p0.com
 
 -->
-<ruleset name="Infogroup (partial)">
+<ruleset name="Infogroup (partial)" default_off="failed ruleset test">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="infousa.com" />
-	<target host="*.infousa.com" />
+	<target host="account.infousa.com" />
+	<target host="ca.infousa.com" />
+	<target host="leads.infousa.com" />
+	<target host="publicfiling.infousa.com" />
 	<target host="shared.sub.infousa.com" />
+	<target host="www.infousa.com" />
+
 	<target host="link.p0.com" />
 
+		<!--	https://github.com/EFForg/https-everywhere/issues/1606
+
+			Protocol-relative redirect:
+							-->
+		<exclusion pattern="^http://link\.p0\.com/u\.d\?" />
+
+			<test url="http://link.p0.com/u.d?UYGrM1Gw9CS2jP8VxJ5zva=95471" />
+			<test url="http://link.p0.com/u.d?UYGrM1Gw9CS2jP8VxJ5zva=95471&amp;" />
+
 
-	<securecookie host="^(.*\.)?infousa\.com$" name=".*" />
-	<securecookie host="^link\.p0\.com$" name=".*" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^link\.p0\.com$" name="^YMRC_\d+$" /-->
+	<!--securecookie host="^\.link\.p0\.com$" name="^(BIGipServerlink\.p0\.com|avr(_\d+)+)$" /-->
 
+	<securecookie host="^(?:.*\.)?infousa\.com$" name=".+" />
+	<securecookie host="^link\.p0\.com$" name=".+" />
 
-	<rule from="^http://((?:account|ca|leads|publicfiling|secured|shared\.sub|www)\.)?infousa\.com/"
-		to="https://$1infousa.com/" />
 
-	<!--	Tracking beacon.	-->
-	<rule from="^http://link\.p0\.com/"
-		to="https://link.p0.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Infolinks.xml b/src/chrome/content/rules/Infolinks.xml
index 89c02f524109..eba64aeb8c93 100644
--- a/src/chrome/content/rules/Infolinks.xml
+++ b/src/chrome/content/rules/Infolinks.xml
@@ -8,27 +8,63 @@
 
 	Nonfunctional subdomains:
 
-		- blog
-		- metrics
-		- resources	(404, mismatched, CN: gp1.wac.edgecastcdn.net)
 		- router	(times out)
 
 	Partially covered subdomains:
 
 		- ls		(at least some pages & LookSmart_files/ 404)
 
+
+	Fully covered subdomains:
+
+		- (www.)
+		- advertisers
+		- blog
+		- c1
+		- indnf
+		- internalindn
+		- metrics
+		- p1105
+		- publishers
+		- resources
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- blog and metrics from blog *
+			- metrics from metrics *
+
+		- Web bugs, on:
+
+			- blog from blog *
+			- blog and metrics from www.facebook.com *
+			- metrics from metrics *
+
+	* Secured by us
+
 -->
 <ruleset name="Infolinks (partial)">
 
 	<target host="infolinks.com" />
-	<target host="*.infolinks.com" />
+	<target host="advertisers.infolinks.com" />
+	<target host="blog.infolinks.com" />
+	<target host="c1.infolinks.com" />
+	<target host="indnf.infolinks.com" />
+	<target host="internalindn.infolinks.com" />
+	<target host="ls.infolinks.com" />
+	<target host="metrics.infolinks.com" />
+	<target host="p1105.infolinks.com" />
+	<target host="publishers.infolinks.com" />
+	<target host="resources.infolinks.com" />
+	<target host="www.infolinks.com" />
 		<exclusion pattern="^http://ls\.infolinks\.com/(?!images/)" />
 
 
 	<securecookie host="^advertisers\.infolinks\.com$" name=".+" />
 
 
-	<rule from="^http://((?:advertisers|c1|indnf|internalindn|ls|p1105|publishers|www)\.)?infolinks\.com/"
-		to="https://$1infolinks.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Infomaniak-Network.xml b/src/chrome/content/rules/Infomaniak-Network.xml
index 347d9ee7b737..3d27c59ec89d 100644
--- a/src/chrome/content/rules/Infomaniak-Network.xml
+++ b/src/chrome/content/rules/Infomaniak-Network.xml
@@ -7,10 +7,10 @@
 
 
 	<securecookie host="^\.infomaniak\.ch$" name=".+" />
-	<securecookie host="^(.*\.)?infomaniak\.com$" name=".*" />
+	<securecookie host="^(?:.*\.)?infomaniak\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?infomaniak\.ch/"
+	<rule from="^http://(str05\.|www\.)?infomaniak\.ch/"
 		to="https://$1infomaniak.ch/" />
 
 	<!--	Observed domains:
@@ -19,6 +19,7 @@
 			- ecology
 			- hosting
 			- infrastructure
+			- news
 			- partners
 			- streaming
 			- support
diff --git a/src/chrome/content/rules/Infopackets.xml b/src/chrome/content/rules/Infopackets.xml
index 2ca5135a2a9d..99cff7454be0 100644
--- a/src/chrome/content/rules/Infopackets.xml
+++ b/src/chrome/content/rules/Infopackets.xml
@@ -1,13 +1,18 @@
-<ruleset name="Infopackets (partial)" default_off="Certificate mismatch">
+<!--
 
-	<!-- /go. doesn't work -->
+	Mismatched hosts in *infopackets.com:
+
+		- go
+		- mail
+		- track
+
+-->
+<ruleset name="Infopackets">
 
 	<target host="infopackets.com" />
 	<target host="www.infopackets.com" />
 
-	<rule from="^http://(www\.)?infopackets\.com/"
-		to="https://infopackets.com/" />
-
-	<exclusion pattern="^http://(www\.)?infopackets\.com.*(/|\.htm)$" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Infopaginas.xml b/src/chrome/content/rules/Infopaginas.xml
index a6ace957367a..d043308d606b 100644
--- a/src/chrome/content/rules/Infopaginas.xml
+++ b/src/chrome/content/rules/Infopaginas.xml
@@ -5,7 +5,7 @@
 <ruleset name="Infopáginas">
 
 	<target host="infopaginas.com" />
-	<target host="*.infopaginas.com" />
+	<target host="www.infopaginas.com" />
 
 
 	<securecookie host="^w*\.infopaginas\.com$" name=".+" />
@@ -14,4 +14,4 @@
 	<rule from="^http://(?:www\.)?infopaginas\.com/"
 		to="https://www.infopaginas.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Infopankki.xml b/src/chrome/content/rules/Infopankki.xml
index 22b385d69a9c..5406908e3cfc 100644
--- a/src/chrome/content/rules/Infopankki.xml
+++ b/src/chrome/content/rules/Infopankki.xml
@@ -1,10 +1,9 @@
-<ruleset name="Infopankki">
+<ruleset name="Infopankki.fi" default_off="404">
 	<target host="infopankki.fi"/>
 	<target host="www.infopankki.fi"/>
 
 	<securecookie host="^www\.infopankki\.fi$" name=".+" />
 
-	<!-- Cert matches www -->
-	<rule from="^http://(?:www\.)?infopankki\.fi/"
-		to="https://www.infopankki.fi/"/>
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/InforME.org.xml b/src/chrome/content/rules/InforME.org.xml
new file mode 100644
index 000000000000..67dfa206cb44
--- /dev/null
+++ b/src/chrome/content/rules/InforME.org.xml
@@ -0,0 +1,18 @@
+<!--
+
+-->
+<ruleset name="InforME.org">
+
+	<target host="informe.org" />
+	<target host="www.informe.org" />
+	<target host="www5.informe.org" />
+	<target host="www10.informe.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/InformIT.com.xml b/src/chrome/content/rules/InformIT.com.xml
new file mode 100644
index 000000000000..4fde352b4160
--- /dev/null
+++ b/src/chrome/content/rules/InformIT.com.xml
@@ -0,0 +1,38 @@
+<!--
+	Invalid certificate:
+		- ^ (fixed by this ruleset)
+		- aw
+		- cs
+		- e
+		- it
+		- safari
+		- sams
+		- security
+
+	Time out:
+		- admin
+		- beta
+		- cert
+		- citrix
+		- cmp
+		- exchange
+		- www.extranet
+		- infobase
+		- lists
+		- net
+		- office
+		- openmarket
+		- safariexamples
+		- secure
+		- software
+		- windows
+-->
+<ruleset name="InformIT.com">
+	<target host="informit.com" />
+	<target host="www.informit.com" />
+	<target host="corpservices.informit.com" />
+	<target host="memberservices.informit.com" />
+
+	<rule from="^http://informit\.com/" to="https://www.informit.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/InformIT.xml b/src/chrome/content/rules/InformIT.xml
deleted file mode 100644
index e7c92f44ab6a..000000000000
--- a/src/chrome/content/rules/InformIT.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	For other Pearson coverage, see Pearson.xml.
-
-
-	Nonfunctional subdomains:
-
-		- widget
-
--->
-<ruleset name="InformIT (partial)" platform="mixedcontent">
-
-	<target host="informit.com" />
-	<target host="*.informit.com" />
-
-
-	<rule from="^http://informit\.com/"
-		to="https://www.informit.com/" />
-
-	<rule from="^http://(memberservices|www)\.informit\.com/"
-		to="https://$1.informit.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Informa.xml b/src/chrome/content/rules/Informa.xml
index 5033b546408b..ddc7aad4ef79 100644
--- a/src/chrome/content/rules/Informa.xml
+++ b/src/chrome/content/rules/Informa.xml
@@ -1,10 +1,21 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://garlandscience.com/ => https://www.garlandscience.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://taylorandfrancis.com/ => https://www.taylorandfrancis.com/: (7, 'Failed to connect to www.taylorandfrancis.com port 443: Connection refused')
+Fetch error: http://www.taylorandfrancis.com/ => http://www.taylorandfrancis.com/: (7, 'Failed to connect to www.taylorandfrancis.com port 443: Connection refused')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://crcpress.com/ => https://www.crcpress.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://garlandscience.com/ => https://www.garlandscience.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 	Other Informa rulesets:
 
+		- Agra-net.com.xml
+		- Agra-net.net.xml
 		- Informa_Healthcare.xml
 
 -->
-<ruleset name="Informa (partial)">
+<ruleset name="Informa (partial)" default_off="failed ruleset test">
 
 	<target host="crcpress.com"/>
 	<target host="www.crcpress.com"/>
diff --git a/src/chrome/content/rules/Informa_Healthcare-problematic.xml b/src/chrome/content/rules/Informa_Healthcare-problematic.xml
index b499ff258dbd..05046046a519 100644
--- a/src/chrome/content/rules/Informa_Healthcare-problematic.xml
+++ b/src/chrome/content/rules/Informa_Healthcare-problematic.xml
@@ -11,7 +11,6 @@
 	<securecookie host="^comms\.informahealthcare\.com$" name=".+" />
 
 
-	<rule from="^http://co(mms|ntact)\.informahealthcare\.com/"
-		to="https://co$1.informahealthcare.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Informa_Healthcare.xml b/src/chrome/content/rules/Informa_Healthcare.xml
index e39887fe8944..990f49a6a004 100644
--- a/src/chrome/content/rules/Informa_Healthcare.xml
+++ b/src/chrome/content/rules/Informa_Healthcare.xml
@@ -1,4 +1,15 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://informahealthcare.com/action/registration => https://informahealthcare.com/action/registration: (51, "SSL: no alternative certificate subject name matches target host name 'informahealthcare.com'")
+Fetch error: http://informahealthcare.com/favicon.ico => https://informahealthcare.com/favicon.ico: (51, "SSL: no alternative certificate subject name matches target host name 'informahealthcare.com'")
+Fetch error: http://informahealthcare.com/sda/1801/informa-logo.png => https://informahealthcare.com/sda/1801/informa-logo.png: (51, "SSL: no alternative certificate subject name matches target host name 'informahealthcare.com'")
+Fetch error: http://informahealthcare.com/templates/jsp/style.css => https://informahealthcare.com/templates/jsp/style.css: (51, "SSL: no alternative certificate subject name matches target host name 'informahealthcare.com'")
+Fetch error: http://www.informahealthcare.com/action/registration => https://informahealthcare.com/action/registration: (51, "SSL: no alternative certificate subject name matches target host name 'informahealthcare.com'")
+Fetch error: http://www.informahealthcare.com/favicon.ico => https://informahealthcare.com/favicon.ico: (51, "SSL: no alternative certificate subject name matches target host name 'informahealthcare.com'")
+Fetch error: http://www.informahealthcare.com/sda/1801/informa-logo.png => https://informahealthcare.com/sda/1801/informa-logo.png: (51, "SSL: no alternative certificate subject name matches target host name 'informahealthcare.com'")
+Fetch error: http://www.informahealthcare.com/templates/jsp/style.css => https://informahealthcare.com/templates/jsp/style.css: (51, "SSL: no alternative certificate subject name matches target host name 'informahealthcare.com'")
+
 	For problematic rules, see Informa_Healthcare-problematic.xml.
 
 
@@ -12,11 +23,16 @@
 
 		- informahealthcare.com subdomains:
 
-			- comms *
-			- contact *
+			- comms ¹
+			- contact ¹
 			- www		(cert only matches ^informahealthcare.com)
 
-	* Works, mismatched, CN: *.gridserver.com
+		- informahealthcarestore.com subdomains:
+
+			- ^ ²
+
+	¹ Works, mismatched, CN: *.gridserver.com
+	² Works, mismatched, CN: ssl2528.cloudflare.com
 
 
 	Partially covered domains:
@@ -24,21 +40,37 @@
 		- (www.)informahealthcare.com		(most pages redirect to http)
 
 -->
-<ruleset name="Informa Healthcare (partial)">
+<ruleset name="Informa Healthcare (partial)" default_off="failed ruleset test">
 
 	<target host="informahealthcare.com" />
 	<target host="www.informahealthcare.com" />
 	<target host="informahealthcarestore.com" />
-	<target host="*.informahealthcarestore.com" />
+	<target host="www.informahealthcarestore.com" />
+
+
+	<!-- Coverage hack -->
+	<exclusion pattern="^http://(?:www\.)?informahealthcare\.com/$" />
+
+
+	<test url="http://informahealthcare.com/" />
+	<test url="http://informahealthcare.com/action/registration" />
+	<test url="http://informahealthcare.com/favicon.ico" />
+	<test url="http://informahealthcare.com/sda/1801/informa-logo.png" />
+	<test url="http://informahealthcare.com/templates/jsp/style.css" />
+	<test url="http://www.informahealthcare.com/" />
+	<test url="http://www.informahealthcare.com/action/registration" />
+	<test url="http://www.informahealthcare.com/favicon.ico" />
+	<test url="http://www.informahealthcare.com/sda/1801/informa-logo.png" />
+	<test url="http://www.informahealthcare.com/templates/jsp/style.css" />
 
 
 	<securecookie host="^\.(?:www\.)?informahealthcarestore\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?informahealthcare\.com/(action/(?:clickThrough|doLogin|registration)|cssJawr/|favicon\.ico|na101/|sda/|templates/|userimages/)"
+	<rule from="^http://(?:www\.)?informahealthcare\.com/(action/(?:clickThrough|doLogin|registration)|cssJawr/|favicon\.ico|na101/|sda/|templates/|userimages/)"
 		to="https://informahealthcare.com/$1" />
 
 	<rule from="^http://(www\.)?informahealthcarestore\.com/"
-		to="https://$1informahealthcarestore.com/" />
+		to="https://www.informahealthcarestore.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Informaction.com.xml b/src/chrome/content/rules/Informaction.com.xml
new file mode 100644
index 000000000000..e46c0802da0d
--- /dev/null
+++ b/src/chrome/content/rules/Informaction.com.xml
@@ -0,0 +1,49 @@
+<!--
+	Nonfunctional subdomains:
+
+		- ^ ¹
+		- www ²
+
+	¹ Prints "Sciò"; expired 2013-04-07, mismatched, self-signed
+	² Shows forums; mismatched, CN: forums.informaction.com
+
+
+	These altnames don't exist:
+
+		- www.secure.informaction.com
+
+
+	Insecure cookies are set for these domains:
+
+		- .forums.informaction.com
+
+
+	Mixed content:
+
+		- Images, on forums from:
+
+			- www *
+			- flashgot.net ²
+			- hackademix.net *
+
+	* Unsecurable
+	² Secured by us
+
+-->
+<ruleset name="Informaction.com (partial)">
+
+	<target host="forums.informaction.com" />
+	<target host="secure.informaction.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.forums\.informaction\.com$" name="^ia_forum_\w+_(k|sid|u)$" /-->
+
+	<securecookie host="^\.forums\.informaction\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Informatick.net.xml b/src/chrome/content/rules/Informatick.net.xml
new file mode 100644
index 000000000000..e030065da7a1
--- /dev/null
+++ b/src/chrome/content/rules/Informatick.net.xml
@@ -0,0 +1,39 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://informatick.com/ => https://informatick.com/: (51, "SSL: no alternative certificate subject name matches target host name 'informatick.com'")
+Fetch error: http://www.informatick.com/ => https://www.informatick.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.informatick.com'")
+Fetch error: http://paste.informatick.net/ => https://paste.informatick.net/: (51, "SSL: no alternative certificate subject name matches target host name 'paste.informatick.net'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://informatick.com/ => https://informatick.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.informatick.com/ => https://www.informatick.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://informatick.net/ => https://informatick.net/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+-->
+<ruleset name="informatick.net (partial)" default_off="failed ruleset test">
+
+	<target host="informatick.com" />
+	<target host="www.informatick.com" />
+	<target host="informatick.net" />
+	<target host="paste.informatick.net" />
+	<target host="www.informatick.net" />
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="^http://www\.informatick\.net/+($|\?)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.informatick\.net/+(?!images/|lib/)" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^paste\.informatick\.net$" name="^ci_session$" /-->
+
+	<securecookie host="^paste\.informatick\.net$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Information.dk.xml b/src/chrome/content/rules/Information.dk.xml
new file mode 100644
index 000000000000..f52b96e3647c
--- /dev/null
+++ b/src/chrome/content/rules/Information.dk.xml
@@ -0,0 +1,15 @@
+<ruleset name="Information.dk">
+
+	<target host="information.dk" />
+	<target host="www.information.dk" />
+
+	<target host="butik.information.dk" />
+	<target host="data.information.dk" />
+	<target host="mit.information.dk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/InformationWeek.xml b/src/chrome/content/rules/InformationWeek.xml
index 7b9f53b68190..3cf088f12b8b 100644
--- a/src/chrome/content/rules/InformationWeek.xml
+++ b/src/chrome/content/rules/InformationWeek.xml
@@ -1,27 +1,81 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://webinar.informationweek.com/ (200) => https://webinar.informationweek.com/ (404)
+
 	For other UBM coverage, see UBM-mismatches.xml.
 
 
-	Mixed images from brightcove.vo.llnwd.net
+	Insecure cookies are set for these hosts: ᶜ
+
+		- webinar.informationweek.com
+		- www.informationweek.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	(www.)?byte.com: mismatched
+	^informationweek.com: mismatched
+
+
+	Mixed content:
+
+		- css, on:
+
+			- www from img.deusm.com ᵐ
+			- www from fonts.googleapis.com ˢ
+			- www from $self ˢ
+			- www from i.ubm-us.net ˢ
+
+		- Images, on:
+
+			- www from img.deusm.com ᵐ
+			- www from img.lightreading.com
+			- www from brightcove.vo.llnwd.net
+			- www from thewallstreetwiki.com
+
+		- Ads / bugs, on:
+
+			- www from b.scorecardresearch.com ˢ
+			- www from img.deusm.com ᵐ
+			- www from cmp.112.2o7.net ˢ
+			- www from static.adsnative.com
+			- www from content.dl-rms.com ˢ
+
+	ᵐ Not secured by us <= mismatched
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="InformationWeek">
+<ruleset name="InformationWeek" platform="mixedcontent" default_off="failed ruleset test">
 
+	<!--	Direct rewrites:
+				-->
+	<target host="webinar.informationweek.com"/>
+	<target host="www.informationweek.com"/>
+
+	<!--	Complications:
+				-->
 	<target host="byte.com"/>
 	<target host="www.byte.com"/>
 	<target host="informationweek.com"/>
-	<target host="www.informationweek.com"/>
 
 
-	<securecookie host="^www\.informationweek\.com$" name=".*"/>
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^webinar\.informationweek\.com$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^www\.informationweek\.com$" name="^(?:cplChannelTagID|informationweek_lastvisit|informationweek_visits)$" /-->
+
+	<securecookie host="^\." name="^(?:_ga|s_v)" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<!--	Cert: i.cmpnet.com.
-		Redirects as so, apart from https.	-->
 	<rule from="^http://(?:www\.)?byte\.com/"
-		to="https://www.informationweek.com/byte/"/>
+		to="https://www.informationweek.com/" />
+
+	<rule from="^http://informationweek\.com/"
+		to="https://www.informationweek.com/" />
 
-	<rule from="^http://(www\.)?informationweek\.com/"
-		to="https://$1informationweek.com/"/>
+	<rule from="^http:"
+		to="https:"/>
 
 </ruleset>
diff --git a/src/chrome/content/rules/Informationactivism.org.xml b/src/chrome/content/rules/Informationactivism.org.xml
index 8fa8fd908bb3..47b487731f53 100644
--- a/src/chrome/content/rules/Informationactivism.org.xml
+++ b/src/chrome/content/rules/Informationactivism.org.xml
@@ -4,14 +4,17 @@
 -->
 <ruleset name="informationactivism.org">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="informationactivism.org" />
-	<target host="*.informationactivism.org" />
+	<target host="archive.informationactivism.org" />
+	<target host="www.informationactivism.org" />
 
 
 	<securecookie host="^\.archive\.informationactivism\.org$" name=".+" />
 
 
-	<rule from="^http://(archive\.|www\.)?informationactivism\.org/"
-		to="https://$1informationactivism.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Informer.com.xml b/src/chrome/content/rules/Informer.com.xml
new file mode 100644
index 000000000000..fbbe92c15cdf
--- /dev/null
+++ b/src/chrome/content/rules/Informer.com.xml
@@ -0,0 +1,20 @@
+<!--
+	Nonfunctional subdomains:
+
+		- img ¹
+		- software ²
+
+	¹ Refused
+	² Redirects to http
+
+-->
+<ruleset name="Informer.com (partial)">
+
+	<target host="informer.com" />
+	<target host="www.informer.com" />
+		<!--exclusion pattern="^http://(img|software)\.informer\.com/" /-->
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Infoseek.co.jp.xml b/src/chrome/content/rules/Infoseek.co.jp.xml
new file mode 100644
index 000000000000..1acbb547c21a
--- /dev/null
+++ b/src/chrome/content/rules/Infoseek.co.jp.xml
@@ -0,0 +1,40 @@
+<!--
+
+	For more Rakuten coverage, see Rakuten.co.jp.xml
+
+	Nonfunctional domains:
+
+		- infoseek.co.jp subdomains:
+
+			- transfer *
+			- translation *
+			- point ²
+			- area **
+			- schedule **
+			- special **
+
+	* Times out
+	² Redirects to http
+	** Refused
+
+	Problematic subdomains:
+
+		- flash.api.earthquake	(invalid cert)
+		- mero	(invalid cert)
+
+-->
+<ruleset name="Infoseek" platform="mixedcontent">
+
+	<target host="infoseek.co.jp" />
+	<target host="media.image.infoseek.co.jp" />
+	<target host="news.infoseek.co.jp" />
+	<target host="quiz.infoseek.co.jp" />
+	<target host="woman.infoseek.co.jp" />
+	<target host="www.infoseek.co.jp" />
+
+	<test url="http://media.image.infoseek.co.jp/isnews/photos/postseven/postseven_431883_0.jpg" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Infospyware.com.xml b/src/chrome/content/rules/Infospyware.com.xml
index cb33c7beb7f0..04fcdc8e20c9 100644
--- a/src/chrome/content/rules/Infospyware.com.xml
+++ b/src/chrome/content/rules/Infospyware.com.xml
@@ -1,6 +1,6 @@
 <ruleset name="Infospyware.com (partial)">
   <target host="www.infospyware.com"/>
   <target host="infospyware.com"/>
-  <rule from="^http://(www\.)?infospyware\.com/" to="https://www.infospyware.com/"/>
+  <rule from="^http:" to="https:" />
 </ruleset>
-<!-- Rule generated by HTTPS Finder 0.85 -->
\ No newline at end of file
+<!-- Rule generated by HTTPS Finder 0.85 -->
diff --git a/src/chrome/content/rules/Infowars.com.xml b/src/chrome/content/rules/Infowars.com.xml
new file mode 100644
index 000000000000..28881811e474
--- /dev/null
+++ b/src/chrome/content/rules/Infowars.com.xml
@@ -0,0 +1,37 @@
+<!--
+	(www.)?: Refused
+
+-->
+<ruleset name="Infowars.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="hw.infowars.com" />
+	<target host="static.infowars.com" />
+	<target host="tv.infowars.com" />
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="^http://tv\.infowars\.com/($|css/site\.css|favicon\.ico|fonts/|index)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://tv\.infowars\.com/+(?!amember(?:$|[?/]))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://tv.infowars.com/css/site.css" />
+			<test url="http://tv.infowars.com/favicon.ico" />
+			<test url="http://tv.infowars.com/index" />
+			<test url="http://tv.infowars.com/index/live" />
+
+			<!--	-ve:
+					-->
+			<test url="http://tv.infowars.com/amember/login.php" />
+			<test url="http://tv.infowars.com/amember/signup" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Infoworld.com.xml b/src/chrome/content/rules/Infoworld.com.xml
index b438e7ea51b2..8f517dda25e2 100644
--- a/src/chrome/content/rules/Infoworld.com.xml
+++ b/src/chrome/content/rules/Infoworld.com.xml
@@ -1,4 +1,10 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://infoworld.com/ => https://www.infoworld.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.infoworld.com'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://infoworld.com/ => https://www.infoworld.com/: (28, 'Connection timed out after 10000 milliseconds')
 	For other IDG coverage, see IDG.se.xml.
 
 
@@ -14,10 +20,11 @@
 		- m	(mismatched, CN: *.mobify.com)
 
 -->
-<ruleset name="InfoWorld.com" platform="mixedcontent">
+<ruleset name="InfoWorld.com" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="infoworld.com" />
-	<target host="*.infoworld.com" />
+	<target host="www.infoworld.com" />
+	<target host="m.infoworld.com" />
 
 
 	<securecookie host="^\.infoworld\.com$" name="^(?:s_\w+|__utm)\w$" />
diff --git a/src/chrome/content/rules/Infra-Furth.xml b/src/chrome/content/rules/Infra-Furth.xml
new file mode 100644
index 000000000000..7388fdf01a5c
--- /dev/null
+++ b/src/chrome/content/rules/Infra-Furth.xml
@@ -0,0 +1,11 @@
+<ruleset name="Infra Fürth">
+<target host="www.infra-fuerth.de" />
+<!--target host="*.stadtverkehr-fuerth.de"/> -->
+<!-- timeout on stadtverkehr-fuerth.de -->
+
+<rule from="^http:" to="https:" />
+<!-- <rule from="^http://www\.stadtverkehr-fuerth\.de/" to="https://www.stadtverkehr-fuerth.de/"/> -->
+
+<!-- <test url="http://www.stadtverkehr-fuerth.de/" /> -->
+
+</ruleset>
diff --git a/src/chrome/content/rules/Infradead.org.xml b/src/chrome/content/rules/Infradead.org.xml
new file mode 100644
index 000000000000..1d44a93ad6c6
--- /dev/null
+++ b/src/chrome/content/rules/Infradead.org.xml
@@ -0,0 +1,69 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+			 - adsl-1.infradead.org
+			 - bimini.infradead.org
+			 - c543dn.infradead.org
+			 - canuck.infradead.org
+			 - dialup.infradead.org
+			 - dwmw2-3g.infradead.org
+			 - efika.infradead.org
+			 - electra.infradead.org
+			 - fonera.infradead.org
+			 - geos.infradead.org
+			 - i7.infradead.org
+			 - isdn-backup.infradead.org
+			 - kvm.infradead.org
+			 - libertas1.infradead.org
+			 - merlin.infradead.org
+			 - myth.infradead.org
+			 - n300.infradead.org
+			 - ns2.infradead.org
+			 - ns3.infradead.org
+			 - onkyo.infradead.org
+			 - peach.infradead.org
+			 - pegasos.infradead.org
+			 - pmac.infradead.org
+			 - ps3.infradead.org
+			 - sky.infradead.org
+			 - solos.infradead.org
+			 - tylersburg.infradead.org
+			 - wap54g.infradead.org
+			 - westmere.infradead.org
+			 - wii.infradead.org
+
+		Timeout was reached:
+			 - baythorne.infradead.org
+			 - n770.infradead.org
+			 - n800.infradead.org
+			 - obelisk.infradead.org
+			 - olpc1.infradead.org
+			 - shinybook.infradead.org
+
+		SSL peer certificate was not OK:
+			 - adsl-2.infradead.org
+			 - gallery.infradead.org
+			 - linux-mtd.infradead.org
+			 - www.linux-mtd.infradead.org
+			 - ns1.infradead.org
+
+		4xx client error:
+			 - twosheds.infradead.org
+
+		Different content:
+			 - ftp.infradead.org
+-->
+<ruleset name="Infradead.org (partial)">
+	<target host="www.infradead.org" />
+	<target host="casper.infradead.org" />
+	<target host="domoticz.infradead.org" />
+	<target host="lists.infradead.org" />
+	<target host="smtpauth.infradead.org" />
+	<target host="wndr3800.infradead.org" />
+	<target host="git.infradead.org" />
+
+	<securecookie host="^www\.infradead\.org$" name=".+" />
+	<securecookie host="^lists\.infradead\.org$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Infradead.xml b/src/chrome/content/rules/Infradead.xml
deleted file mode 100644
index 3e8aa0802cdd..000000000000
--- a/src/chrome/content/rules/Infradead.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- ftp			(cert valid; shows www's data)
-		- (www.)linux-mtd	(cert: www.infradead.org; shows that domain's data)
-
--->
-<ruleset name="infradead.org (partial)" default_off="expired" platform="cacert">
-
-	<target host="infradead.org"/>
-	<target host="www.infradead.org"/>
-
-
-	<!--	!www doesn't work	-->
-	<rule from="^https?://(?:www\.)?infradead\.org/"
-		to="https://www.infradead.org/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Infrequently.org.xml b/src/chrome/content/rules/Infrequently.org.xml
new file mode 100644
index 000000000000..15651590a548
--- /dev/null
+++ b/src/chrome/content/rules/Infrequently.org.xml
@@ -0,0 +1,12 @@
+<ruleset name="Infrequently.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="infrequently.org" />
+	<target host="www.infrequently.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Infused-Systems.xml b/src/chrome/content/rules/Infused-Systems.xml
index e7f16df33ba9..a40689e8c070 100644
--- a/src/chrome/content/rules/Infused-Systems.xml
+++ b/src/chrome/content/rules/Infused-Systems.xml
@@ -9,20 +9,18 @@
 		- 2012.infusioncon.com
 		- help(center).infusionsoft.com
 		- marketplace.infusionsoft.com
--->	
+-->
 <ruleset name="Infusionsoft (partial)" platform="mixedcontent">
 
 	<target host="customerhub.net"/>
 	<target host="*.customerhub.net"/>
 		<!--	www cert: infusedsystems.com, expired, shows infused... website	-->
-		<exclusion pattern="^http://(help|kb|www)\.customerhub\."/>
+		<exclusion pattern="^http://(?:help|kb|www)\.customerhub\."/>
 	<target host="infusionsoft.com"/>
 	<target host="www.infusionsoft.com"/>
-		<exclusion pattern="^http://(help(center)?|marketplace)\.infusionsoft\."/>
+		<exclusion pattern="^http://(?:help(?:center)?|marketplace)\.infusionsoft\."/>
 
-
-	<securecookie host="^(.*\.)?customerhub\.net$" name=".*"/>
-	<securecookie host="^(.*\.)?infusionsoft\.com$" name=".*"/>
+	<securecookie host=".+" name=".+"/>
 
 
 	<rule from="^http://customerhub\.net/$"
diff --git a/src/chrome/content/rules/Ingdirect.es.xml b/src/chrome/content/rules/Ingdirect.es.xml
index e6e9417875bc..4e9f36e82d5e 100644
--- a/src/chrome/content/rules/Ingdirect.es.xml
+++ b/src/chrome/content/rules/Ingdirect.es.xml
@@ -2,5 +2,5 @@
   <target host="ingdirect.es" />
   <target host="www.ingdirect.es" />
 
-  <rule from="^http://(?:www\.)?ingdirect\.es/" to="https://www.ingdirect.es/" />
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Ingenico_Group.xml b/src/chrome/content/rules/Ingenico_Group.xml
index 49d15b69c3f0..1527e205e146 100644
--- a/src/chrome/content/rules/Ingenico_Group.xml
+++ b/src/chrome/content/rules/Ingenico_Group.xml
@@ -1,22 +1,54 @@
 <!--
+	Ingenico Group
+
+
 	CDN buckets:
 
 		- dnweschm4a37.cloudfront.net
 
-			- cloudfront.ingenico.com
-
 
 	Nonfunctional subdomains:
 
-		- (www.)	(no https)
+		- (www.)? ¹
+		- isctouch ²
+		- iself-service ²
+
+	¹ Dropped
+	² Redirects to www.zeeagency.com
+
+
+	Problematic hosts in *ingenico.com:
+
+		- cloudfront
+
+
+	Insecure cookies are set for these hosts:
+
+		- library.ingenico.com
 
 -->
-<ruleset name="Ingenico Group (partial)">
+<ruleset name="Ingenico.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="library.ingenico.com" />
+
+	<!--	Complications:
+				-->
+	<!--target host="cloudfront.ingenico.com" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^library\.ingenico\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^library\.ingenico\.com$" name=".+" />
 
-	<target host="cloudfront.ingenico.com" />
 
+	<!--rule from="^http://cloudfront\.ingenico\.com/"
+		to="https://???.cloudfront.net/" /-->
 
-	<rule from="^http://cloudfront\.ingenico\.com/"
-		to="https://dnweschm4a37.cloudfront.net/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Ingenuity_Hosting.xml b/src/chrome/content/rules/Ingenuity_Hosting.xml
deleted file mode 100644
index c8bc77ab9a10..000000000000
--- a/src/chrome/content/rules/Ingenuity_Hosting.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	Problematic subdomains:
-
-		- (www.)	(mismatched, CN: secure1.ingenuity.net.au)
-
--->
-<ruleset name="Ingenuity Hosting">
-
-	<target host="ingenuity.net.au" />
-	<target host="*.ingenuity.net.au" />
-
-
-	<rule from="^http://(?:secure1\.|www\.)?ingenuity\.net\.au/"
-		to="https://secure1.ingenuity.net.au/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Ingress.xml b/src/chrome/content/rules/Ingress.xml
index 39263f14a5f8..de566426be52 100644
--- a/src/chrome/content/rules/Ingress.xml
+++ b/src/chrome/content/rules/Ingress.xml
@@ -8,7 +8,6 @@
 	<target host="www.ingress.com" />
 
 
-	<rule from="^http://(www\.)?ingress\.com/"
-		to="https://$1ingress.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Inhabitat.com.xml b/src/chrome/content/rules/Inhabitat.com.xml
new file mode 100644
index 000000000000..af0638b75109
--- /dev/null
+++ b/src/chrome/content/rules/Inhabitat.com.xml
@@ -0,0 +1,21 @@
+<!--
+	Non-functional subdomains:
+		- assets	(m)
+		- m	(r)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Inhabitat.com">
+
+	<target host="inhabitat.com" />
+	<target host="www.inhabitat.com" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Inhumanity.com.xml b/src/chrome/content/rules/Inhumanity.com.xml
new file mode 100644
index 000000000000..2724cf67d9ea
--- /dev/null
+++ b/src/chrome/content/rules/Inhumanity.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .inhumanity.com
+
+
+	Mixed content:
+
+		- Ad/bug from www.niytrusmedia.com
+
+-->
+<ruleset name="inhumanity.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="inhumanity.com" />
+	<target host="www.inhumanity.com" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Init7-expired.xml b/src/chrome/content/rules/Init7-expired.xml
deleted file mode 100644
index 5b1640ab22f1..000000000000
--- a/src/chrome/content/rules/Init7-expired.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	For rules that are on by default, see Init7.xml.
-
--->
-<ruleset name="Init7 (expired)" default_off="expired" platform="cacert">
-
-	<target host="init7.net" />
-	<target host="www.init7.net" />
-
-
-	<!--	Cert only matches *.init7.net	-->
-	<rule from="^https?://(?:www\.)?init7\.net/"
-		to="https://www.init7.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Init7.xml b/src/chrome/content/rules/Init7.xml
index a9f5e676bf05..2b5e35a2c3b5 100644
--- a/src/chrome/content/rules/Init7.xml
+++ b/src/chrome/content/rules/Init7.xml
@@ -1,19 +1,70 @@
 <!--
-	For problematic rules, see Init7-expired.xml.
+	Mismatch:
+		- init7.ch
+		- www.init7.ch
 
+		- camelus.init7.net
+		- ipv6.init7.net
+		- vombatus.init7.net
 
-	Nonfunctional domains:
+	Refused:
+		- lists.init7.ch
 
-		- as13030.net
-		- www.as13030.net
+		- colo.init7.net
+		- customerlists.init7.net
+		- lists.init7.net
+		- notomys.init7.net
+
+	Incomplete cert chain:
+		- rt.init7.net
+		- wc.init7.net
+		- webmail.init7.net
+
+	No 2xx response:
+		- kanban.init7.net
+
+	User-controlled subdomains (*.fiber7.init7.net) not covered here.
 
 -->
-<ruleset name="Init7 (partial)" platform="cacert">
+<ruleset name="Init7">
+
+	<target host="fiber7.ch" />
+	<target host="www.fiber7.ch" />
+
+	<target host="fiber7.tv" />
+	<target host="www.fiber7.tv" />
+
+	<target host="init7.ch" />
+	<target host="www.init7.ch" />
+
+	<target host="init7.net" />
+	<target host="www.init7.net" />
+	<target host="biber.init7.net" />
+	<target host="ci.init7.net" />
+	<target host="enoc.init7.net" />
+	<target host="fibre.init7.net" />
+	<target host="formicidae.init7.net" />
+	<target host="herald.init7.net" />
+	<target host="lynx.init7.net" />
+	<target host="matomo.init7.net" />
+	<target host="mattermost.init7.net" />
+	<target host="megas.init7.net" />
+	<target host="mirror.init7.net" />
+	<target host="noctools.init7.net" />
+	<target host="nuttalli.init7.net" />
+	<target host="salt.init7.net" />
+	<target host="troglodytes.init7.net" />
+
+	<target host="as13030.net"/>
+	<target host="www.as13030.net"/>
 
-	<target host="mail.init7.net" />
+	<rule from="^http://init7\.ch/"
+		to="https://init7.net/" />
 
+	<rule from="^http://www\.init7\.ch/"
+		to="https://www.init7.net/" />
 
-	<rule from="^http://mail\.init7\.net/"
-		to="https://mail.init7.net/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Init_Lab.org.xml b/src/chrome/content/rules/Init_Lab.org.xml
new file mode 100644
index 000000000000..d9f0064f1c33
--- /dev/null
+++ b/src/chrome/content/rules/Init_Lab.org.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- initlab.org
+		- www.initlab.org
+
+-->
+<ruleset name="init Lab.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="initlab.org" />
+	<target host="www.initlab.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?initlab\.org$" name="^nf_wp_session$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Initex.com.xml b/src/chrome/content/rules/Initex.com.xml
new file mode 100644
index 000000000000..419f2ccd7bb2
--- /dev/null
+++ b/src/chrome/content/rules/Initex.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="Initex.com">
+
+	<target host="initex.com" />
+	<target host="www.initex.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/InkFrog.com-problematic.xml b/src/chrome/content/rules/InkFrog.com-problematic.xml
index 0bccca7493eb..5c5771b058bc 100644
--- a/src/chrome/content/rules/InkFrog.com-problematic.xml
+++ b/src/chrome/content/rules/InkFrog.com-problematic.xml
@@ -8,7 +8,6 @@
 	<target host="thmb.inkfrog.com" />
 
 
-	<rule from="^http://(img|thb)\.inkfrog\.com/"
-		to="https://$1.inkfrog.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/InkFrog.com.xml b/src/chrome/content/rules/InkFrog.com.xml
index c5742889e479..4e02f7aadc80 100644
--- a/src/chrome/content/rules/InkFrog.com.xml
+++ b/src/chrome/content/rules/InkFrog.com.xml
@@ -6,14 +6,20 @@
 
 		- s3-us-west-2.amazonaws.com/thumbnails.inkfrog.com/ | d33oiwhbojapjx.cloudfront.net
 
+		- d29h7ql7qnxkqx.cloudfront.net
+
+			- imgs
+
 
 	Problematic subdomains:
 
-		- img *
-		- thmb *
-		- thumbnails (cloudfront)
+		- img ¹
+		- imgs ²
+		- thmb ¹
+		- thumbnails (expired)
 
-	* Works, expired 2013-04-24
+	¹ Works, expired 2013-04-24
+	² Cloudfront
 
 
 	Mixed content:
@@ -30,19 +36,14 @@
 -->
 <ruleset name="inkFrog.com (partial)">
 
+	<target host="imgs.inkfrog.com" />
 	<target host="inkfrog.com" />
-	<target host="*.inkfrog.com" />
+	<target host="www.inkfrog.com" />
 
 
 	<securecookie host="^(?:www\.)?inkfrog\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?inkfrog\.com/"
-		to="https://$1inkfrog.com/" />
-
-	<!--	Protocol relative links exist on img:
-							-->
-	<rule from="^https?://thumbnails\.inkfrog\.com/"
-		to="https://d33oiwhbojapjx.cloudfront.net/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Inkbunny.xml b/src/chrome/content/rules/Inkbunny.xml
deleted file mode 100644
index a1fe75508c61..000000000000
--- a/src/chrome/content/rules/Inkbunny.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="Inkbunny">
-  <target host="inkbunny.net" />
-  <target host="www.inkbunny.net" />
-
-  <securecookie host="^inkbunny\.net$" name=".+" />
-
-  <rule from="^http://(www\.)?inkbunny\.net/" to="https://inkbunny.net/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Inkscape.org.xml b/src/chrome/content/rules/Inkscape.org.xml
new file mode 100644
index 000000000000..79eb92b0e32a
--- /dev/null
+++ b/src/chrome/content/rules/Inkscape.org.xml
@@ -0,0 +1,19 @@
+<!--
+	Nonfunctional hosts in *inkscape.org:
+
+		- planet *
+		- wiki *
+
+	* Refused
+
+-->
+<ruleset name="Inkscape.org (partial)">
+
+	<target host="inkscape.org" />
+	<target host="www.inkscape.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Inmoment.com.xml b/src/chrome/content/rules/Inmoment.com.xml
new file mode 100644
index 000000000000..fd3c1f52f759
--- /dev/null
+++ b/src/chrome/content/rules/Inmoment.com.xml
@@ -0,0 +1,23 @@
+<!--
+	Invalid certificate:
+		- choose.inmoment.com
+		- info.inmoment.com
+-->
+
+<ruleset name="Inmoment.com">
+	<target host="inmoment.com" />
+	<target host="www.inmoment.com" />
+	<target host="arbys.inmoment.com" />
+	<target host="buffalowildwings.inmoment.com" />
+	<target host="community.inmoment.com" />
+	<target host="freemancustomerviewpoint.inmoment.com" />
+	<target host="get.inmoment.com" />
+	<target host="intercept.inmoment.com" />
+	<target host="mandb.inmoment.com" />
+	<target host="nbty.inmoment.com" />
+	<target host="pizzahut.inmoment.com" />
+	<target host="starbucks.inmoment.com" />
+	<target host="zaxbys.inmoment.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Innocence_Project.xml b/src/chrome/content/rules/Innocence_Project.xml
index bb3362351dbb..3b67bcacbd0d 100644
--- a/src/chrome/content/rules/Innocence_Project.xml
+++ b/src/chrome/content/rules/Innocence_Project.xml
@@ -12,7 +12,6 @@
 	<securecookie host="^secure\.innocenceproject\.org$" name=".+" />
 
 
-	<rule from="^http://secure\.innocenceproject\.org/"
-		to="https://secure.innocenceproject.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Innometrics.com.xml b/src/chrome/content/rules/Innometrics.com.xml
index 7023d14e29cb..4e6127b843c4 100644
--- a/src/chrome/content/rules/Innometrics.com.xml
+++ b/src/chrome/content/rules/Innometrics.com.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://customer.innometrics.com/ => https://customer.innometrics.com/: (51, "SSL: no alternative certificate subject name matches target host name 'customer.innometrics.com'")
+
 	Other Innometrics rulesets:
 
 		- Swordfishdc.com.xml
@@ -9,7 +13,7 @@
 		- (www.)	(refused)
 
 -->
-<ruleset name="Innometrics.com (partial)">
+<ruleset name="Innometrics.com (partial)" default_off="failed ruleset test">
 
 	<target host="customer.innometrics.com" />
 
@@ -17,7 +21,6 @@
 	<securecookie host="^customer\.innometrics\.com$" name=".+" />
 
 
-	<rule from="^http://customer\.innometrics\.com/"
-		to="https://customer.innometrics.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Innovate_UK.org.xml b/src/chrome/content/rules/Innovate_UK.org.xml
new file mode 100644
index 000000000000..f5d9ebca822c
--- /dev/null
+++ b/src/chrome/content/rules/Innovate_UK.org.xml
@@ -0,0 +1,38 @@
+<!--
+	Problematic subdomains:
+
+		- ^ ¹
+		- engage ²
+		- www ³
+
+	¹ Shows another domain
+	² Works; mismatched, CN: *.communigator.co.uk
+	³ Mismatched, CN: www.gov.uk
+
+
+	Fully covered subdomains:
+
+		- (www.)	(^ → www.gov.uk)
+		- connect
+		- interact
+		- login
+		- projects
+		- reports
+		- vouchers
+
+-->
+<ruleset name="Innovate UK.org (partial)">
+
+	<target host="innovateuk.org" />
+	<target host="*.innovateuk.org" />
+
+
+	<!--	Redirect drops args:
+					-->
+	<rule from="^http://(?:www\.)?innovateuk\.org/+([^?]*)(?:\?.*)?"
+		to="https://www.gov.uk/government/organisations/innovate-uk$1" />
+
+	<rule from="^http://(connect|interact|login|projects|reports|vouchers)\.innovateuk\.org/"
+		to="https://$1.innovateuk.org/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Innovative_Food_Concepts.xml b/src/chrome/content/rules/Innovative_Food_Concepts.xml
index 8d9796d9db28..a61ce8cf4792 100644
--- a/src/chrome/content/rules/Innovative_Food_Concepts.xml
+++ b/src/chrome/content/rules/Innovative_Food_Concepts.xml
@@ -21,7 +21,7 @@
 	<target host="common.restaurantfurnitureresource.com" />
 
 
-	<rule from="^https?://common\.restaurantfurnitureresource\.com/"
+	<rule from="^http://common\.restaurantfurnitureresource\.com/"
 		to="https://d19a6ww13xgzf3.cloudfront.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Innovative_Interfaces.xml b/src/chrome/content/rules/Innovative_Interfaces.xml
deleted file mode 100644
index 35b0bde30a00..000000000000
--- a/src/chrome/content/rules/Innovative_Interfaces.xml
+++ /dev/null
@@ -1,28 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.) *
-		- linkplusaccess *
-		- sierra		(shows default Plesk page)
-
-	* Times out
-
-
-	Fully covered subdomains:
-
-		- \w+		(unique subdomains for each client)
-
--->
-<ruleset name="Innovative Interfaces (partial)">
-
-	<target host="*.iii.com" />
-		<exclusion pattern="^http://(?:linkplusaccess|sierra|www)\." />
-
-
-	<securecookie host="^.+\.iii\.com$" name=".+" />
-
-
-	<rule from="^http://(\w+)\.iii\.com/"
-		to="https://$1.iii.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/InoReader.xml b/src/chrome/content/rules/InoReader.xml
deleted file mode 100644
index b939b4f7de63..000000000000
--- a/src/chrome/content/rules/InoReader.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="InoReader">
-    <target host="www.inoreader.com"/>
-    <target host="inoreader.com"/>
-
-    <securecookie host="^inoreader\.com$" name=".+"/>
-
-    <rule from="^http://(www\.)?inoreader\.com/"
-        to="https://inoreader.com/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/Inphi.xml b/src/chrome/content/rules/Inphi.xml
deleted file mode 100644
index 84581e44741b..000000000000
--- a/src/chrome/content/rules/Inphi.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<ruleset name="Inphi" default_off="expired, mismatch, self-signed">
-
-	<target host="inphi.com" />
-	<target host="www.inphi.com" />
-
-
-	<securecookie host="^www\.inphi\.com$" name=".*" />
-
-
-	<!--	- Cert only matches //inphi.com
-		- At least some pages redirect from !www to www
-					-->
-	<rule from="^https?://(?:www\.)?inphi\.com/"
-		to="https://www.inphi.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Inpros.net.xml b/src/chrome/content/rules/Inpros.net.xml
new file mode 100644
index 000000000000..815d0132ffee
--- /dev/null
+++ b/src/chrome/content/rules/Inpros.net.xml
@@ -0,0 +1,29 @@
+<!--
+	- CN: localhost.localdomain
+	- Expired 2012-02-13
+
+
+	Mixed content:
+
+		- Web bugs, from:
+
+			- $self ¹
+			- user1.colossal.jp ²
+
+	¹ Secured by us
+	² Unsecurable
+
+-->
+<ruleset name="inpros.net" default_off="self-signed">
+
+	<target host="inpros.net" />
+	<target host="www.inpros.net" />
+
+
+	<securecookie host="^\.?inpros\.net$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?inpros\.net/"
+		to="https://inpros.net/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Inria.fr.xml b/src/chrome/content/rules/Inria.fr.xml
index 8853eac1e5ce..c9df6520952b 100644
--- a/src/chrome/content/rules/Inria.fr.xml
+++ b/src/chrome/content/rules/Inria.fr.xml
@@ -1,50 +1,59 @@
 <!--
-	Nonfunctional subdomains:
 
+	Other Inria rulesets:
+
+		- Interstices.info.xml
+
+
+	Nonfunctional hosts in *inria.fr:
+
+		- prosecco.gforge *
 		- siteadmin.gforge
+		- voda.gforge *
 		- hal	(http reply)
 		- phototheque *
+		- prosecco ³
+		- sas2015	(Redirects to http)
 		- videotheque *
 
 	* Dropped
+	³ Redirects to www
 
 
-	Problematic subdomains:
+	Problematic hosts in *inria.fr:
 
-		- en	(mismatched, CN: admin-www)
+		- admin-www ¹
+		- planete ²
 
+	¹ Expired
+	² Mismatched
 
-	Fully covered subdomains:
 
-		- admin-www
-		- annuaire
-		- cas
-		- gforge
-		- lists.gforge
-		- gforge-qualif
-		- lists.gforge-qualif
-		- intranet
-		- planete
-		- raweb
-		- site
-		- sympa
-		- utop
-		- www
+	gforge-qualif, lists.gforge-qualif: Dropped over http & https
 
 -->
-<ruleset name="Inria.fr (partial)">
-
-	<target host="*.inria.fr" />
-	<target host="lists.*.inria.fr" />
+<ruleset name="Inria.fr (partial)" >
 
+	<!--	Direct rewrites:
+				-->
+	<!--target host="admin-www.inria.fr" /-->
+	<target host="annuaire.inria.fr" />
+	<target host="cas.inria.fr" />
+	<target host="gforge.inria.fr" />
+	<target host="lists.gforge.inria.fr" />
+	<target host="intranet.inria.fr" />
+	<!--target host="planete.inria.fr" /-->
+	<target host="raweb.inria.fr" />
+	<target host="sympa.inria.fr" />
+	<target host="utop.inria.fr" />
+	<target host="www.inria.fr" />
+	<target host="www-sop.inria.fr" />
 
-	<securecookie host="^.+\.inria\.fr$" name=".+" />
 
+	<securecookie host="^(?!\.inria\.fr$)." name=".+" />
 
-	<rule from="^http://(admin-www|annuaire|cas|(?:lists\.)?gforge(?:-qualif)?|planete|raweb|site|sympa|utop|www)\.inria\.fr/"
-		to="https://$1.inria.fr/" />
 
-	<rule from="^https?://en\.inria\.fr/"
-		to="https://www.inria.fr/en/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Inrialpes.fr.xml b/src/chrome/content/rules/Inrialpes.fr.xml
new file mode 100644
index 000000000000..e9efed22e961
--- /dev/null
+++ b/src/chrome/content/rules/Inrialpes.fr.xml
@@ -0,0 +1,8 @@
+<ruleset name="Inrialpes.fr (partial)">
+
+	<target host="planete.inrialpes.fr" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Inschrijven.xml b/src/chrome/content/rules/Inschrijven.xml
index 913e35f3752c..0cf3085ce290 100644
--- a/src/chrome/content/rules/Inschrijven.xml
+++ b/src/chrome/content/rules/Inschrijven.xml
@@ -2,5 +2,5 @@
   <target host="www.inschrijven.nl" />
   <target host="inschrijven.nl" />
 
-  <rule from="^http://(?:www\.)?inschrijven\.nl/" to="https://www.inschrijven.nl/"/>
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Insecure.ws.xml b/src/chrome/content/rules/Insecure.ws.xml
index b351315491a1..6eb676575719 100644
--- a/src/chrome/content/rules/Insecure.ws.xml
+++ b/src/chrome/content/rules/Insecure.ws.xml
@@ -7,7 +7,6 @@
 	<securecookie host="^www\.insecure\.ws$" name=".+" />
 
 
-	<rule from="^http://(www\.)?insecure\.ws/"
-		to="https://$1insecure.ws/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Inside-Higher-Ed.xml b/src/chrome/content/rules/Inside-Higher-Ed.xml
index b419256e0d80..d07c36bd1a72 100644
--- a/src/chrome/content/rules/Inside-Higher-Ed.xml
+++ b/src/chrome/content/rules/Inside-Higher-Ed.xml
@@ -1,16 +1,10 @@
-<ruleset name="Inside Higher Ed (partial)">
+<ruleset name="Inside Higher Ed.com">
 
 	<target host="insidehighered.com" />
-	<target host="*.insidehighered.com" />
+	<target host="careers.insidehighered.com" />
+	<target host="www.insidehighered.com" />
 
 
-	<!--	Pages redirect to http, so opportunistically
-		grab any uncovered, securable paths.	-->
-	<rule from="^http://insidehighered\.com/"
-		to="https://insidehighered.com/" />
-
-	<!--	At least some pages redirect to http.	-->
-	<rule from="^http://(careers|www)\.insidehighered\.com/(fil|sit)es/"
-		to="https://$1.insidehighered.com/$2es/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Inside.com.xml b/src/chrome/content/rules/Inside.com.xml
new file mode 100644
index 000000000000..e298177253b2
--- /dev/null
+++ b/src/chrome/content/rules/Inside.com.xml
@@ -0,0 +1,33 @@
+<!--
+	Fully covered hosts in *inside.com:
+
+		- (www.)?
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- inside.com
+		- .inside.com
+		- www.inside.com
+
+-->
+<ruleset name="Inside.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="inside.com" />
+	<target host="www.inside.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?inside\.com$" name="^XSRF-TOKEN" /-->
+	<!--securecookie host="^\.inside\.com$" name="^_inside_session$" /-->
+
+	<securecookie host="^(?:\.|www\.)?inside\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/InsideHW.com.xml b/src/chrome/content/rules/InsideHW.com.xml
deleted file mode 100644
index c90f55deeed0..000000000000
--- a/src/chrome/content/rules/InsideHW.com.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="InsideHW.com" default_off="self-signed">
-
-	<target host="insidehw.com"/>
-	<target host="www.insidehw.com"/>
-
-	<rule from="^http://(www\.)?insidehw\.com/" to="https://www.insidehw.com/"/>
-
-	<securecookie host="^www\.insidehw\.com$" name=".*"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/InsideScience.org.xml b/src/chrome/content/rules/InsideScience.org.xml
new file mode 100644
index 000000000000..9612ed808024
--- /dev/null
+++ b/src/chrome/content/rules/InsideScience.org.xml
@@ -0,0 +1,9 @@
+<ruleset name="Inside Science.org">
+
+	<target host="insidescience.org" />
+	<target host="www.insidescience.org" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/InsideUniversal.xml b/src/chrome/content/rules/InsideUniversal.xml
new file mode 100644
index 000000000000..4af74f25dfb9
--- /dev/null
+++ b/src/chrome/content/rules/InsideUniversal.xml
@@ -0,0 +1,9 @@
+<ruleset name="InsideUniversal">
+	<target host="insideuniversal.net" />
+	<target host="www.insideuniversal.net" />
+	<target host="forums.insideuniversal.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Inside_Illinois.info.xml b/src/chrome/content/rules/Inside_Illinois.info.xml
new file mode 100644
index 000000000000..c10ed979f62d
--- /dev/null
+++ b/src/chrome/content/rules/Inside_Illinois.info.xml
@@ -0,0 +1,19 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://insideillinois.info/ => https://insideillinois.info/: (28, 'Connection timed out after 20001 milliseconds')
+
+	www.insideillinois.info doesn't exist.
+
+-->
+<ruleset name="Inside Illinois.info" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="insideillinois.info" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Inside_Science.xml b/src/chrome/content/rules/Inside_Science.xml
deleted file mode 100644
index 815b489b0a03..000000000000
--- a/src/chrome/content/rules/Inside_Science.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	- !www redirects to www
-	- CN: *.acquia-sites.com
-	- Expired 2010-09-02
-
--->
-<ruleset name="Inside Science" default_off="expired, mismatched, self-signed">
-
-	<target host="insidescience.org" />
-	<target host="www.insidescience.org" />
-
-
-	<rule from="^http://(?:www\.)?insidescience\.org/"
-		to="https://www.insidescience.org/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Insideygs.com.xml b/src/chrome/content/rules/Insideygs.com.xml
index 4775c0cb3441..03ac0b3ab0ac 100644
--- a/src/chrome/content/rules/Insideygs.com.xml
+++ b/src/chrome/content/rules/Insideygs.com.xml
@@ -1,13 +1,31 @@
-<ruleset name="insideygs.com">
 
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://insideygs.com/ => https://insideygs.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.insideygs.com/ => https://www.insideygs.com/: (28, 'Connection timed out after 20000 milliseconds')
+
+	Insecure cookies are set for these hosts:
+
+		- adintegration.insideygs.com
+
+-->
+<ruleset name="insideygs.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
 	<target host="insideygs.com" />
-	<target host="*.insideygs.com" />
+	<target host="adintegration.insideygs.com" />
+	<target host="www.insideygs.com" />
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^adintegration\.insideygs\.com$" name="^(?:OAGEO|sessionID)$" /-->
 
 	<securecookie host="^adintegration\.insideygs\.com$" name=".+" />
 
 
-	<rule from="^http://(adintegration\.|www\.)?insideygs\.com/"
-		to="https://$1.insideygs.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Insight.xml b/src/chrome/content/rules/Insight.xml
index 85a89761deb4..6cffe2c3d60f 100644
--- a/src/chrome/content/rules/Insight.xml
+++ b/src/chrome/content/rules/Insight.xml
@@ -2,7 +2,7 @@
   <target host="insight.com" />
   <target host="*.insight.com" />
 
-  <securecookie host="^(.+\.)?insight\.com$" name=".*"/>
+  <securecookie host="^(?:.+\.)?insight\.com$" name=".+" />
 
   <rule from="^http://insight\.com/" to="https://www.insight.com/"/>
   <rule from="^http://(www|uk)\.insight\.com/" to="https://$1.insight.com/"/>
diff --git a/src/chrome/content/rules/InsightExpress.com.xml b/src/chrome/content/rules/InsightExpress.com.xml
index a31b7d9391a4..1c97e39bcdbb 100644
--- a/src/chrome/content/rules/InsightExpress.com.xml
+++ b/src/chrome/content/rules/InsightExpress.com.xml
@@ -13,7 +13,6 @@
 	<securecookie host="^(?:www\.)?insightexpress\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?insightexpress\.com/"
-		to="https://$1insightexpress.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/InsightExpressai.com.xml b/src/chrome/content/rules/InsightExpressai.com.xml
index e16a73a4de21..d6f131c3aa98 100644
--- a/src/chrome/content/rules/InsightExpressai.com.xml
+++ b/src/chrome/content/rules/InsightExpressai.com.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://icompass.insightexpressai.com/ => https://icompass.insightexpressai.com/: (51, "SSL: no alternative certificate subject name matches target host name 'icompass.insightexpressai.com'")
+
 	For other InsightExpress coverage, see InsightExpress.com.xml.
 
 
@@ -12,25 +16,31 @@
 		- icompass	(works, akamai)
 
 
-	Fully covered subdomains:
+	Insecure cookies are set for these domains:
 
-		- (www.)
-		- icompass	(→ akamai)
+		- .insightexpressai.com
 
 -->
-<ruleset name="InsightExpressai.com">
+<ruleset name="InsightExpressai.com" default_off="failed ruleset test">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="insightexpressai.com" />
-	<target host="*.insightexpressai.com" />
+	<target host="secure.insightexpressai.com" />
+	<target host="www.insightexpressai.com" />
 
+	<!--	Complications:
+				-->
+	<target host="icompass.insightexpressai.com" />
 
-	<securecookie host="^\.insightexpressai\.com$" name=".+" />
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.insightexpressai\.com$" name="^(?:DW|DW_Time|IXAI\w+|Ping4|TID)$" /-->
 
-	<rule from="^http://(www\.)?insightexpressai\.com/"
-		to="https://$1insightexpressai.com/" />
+	<securecookie host="^\.insightexpressai\.com$" name=".+" />
 
-	<rule from="^http://icompass\.insightexpressai\.com/"
-		to="https://a248.e.akamai.net/f/84/2864/10m/icompass.insightexpressai.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Insnw.net.xml b/src/chrome/content/rules/Insnw.net.xml
index e2ca4bb3f68c..3b6e2e7d9b5f 100644
--- a/src/chrome/content/rules/Insnw.net.xml
+++ b/src/chrome/content/rules/Insnw.net.xml
@@ -1,13 +1,18 @@
 <!--
-	For other Instart Logic coverage, see Instart_Logic.com.xml.
+	For other Instart Logic coverage, see Instart_Logic.com.xml & Volantix.com.xml
 
 -->
 <ruleset name="Insnw.net">
 
 	<target host="assets.insnw.net" />
+	<target host="okl-scene7.insnw.net" />
+	<target host="okl1-scene7.insnw.net" />
 
+		<test url="http://okl-scene7.insnw.net/is/image/OKL/Product_SFM25061_Image_1?wid=60&amp;hei=41" />
+		<test url="http://okl1-scene7.insnw.net/is/image/OKL/SalesEvent_68132_Lifestyle_1?$nav_editorial_item$" />
 
-	<rule from="^http://assets\.insnw\.net/"
-		to="https://assets.insnw.net/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Inspectlet.com.xml b/src/chrome/content/rules/Inspectlet.com.xml
index 107d1bb71e33..24e9d82e3e22 100644
--- a/src/chrome/content/rules/Inspectlet.com.xml
+++ b/src/chrome/content/rules/Inspectlet.com.xml
@@ -1,32 +1,27 @@
 <!--
-	CDN buckets:
+	Too many redirects:
+		cdn.inspectlet.com/$
 
+	CDN buckets:
 		- d2ues8mtn1tc1i.cloudfront.net
-
-
-	Problematic subdomains:
-
-		- ^	(works; mismatched, CN: *.heroku.com)
-
-
 	inspectlet.js sets the following wildcard cookies
 	on whichever domain it is loaded from:
-
 		- __insp_nv
 		- __insp_pad
 		- __insp_ref
-
 -->
 <ruleset name="Inspectlet.com">
-
 	<target host="inspectlet.com" />
-	<target host="*.inspectlet.com" />
-
-
-	<securecookie host="^(?:.*\.)?inspectlet\.com$" name=".+" />
+	<target host="www.inspectlet.com" />
+	<target host="apidocs.inspectlet.com" />
+	<target host="blog.inspectlet.com" />
+	<target host="docs.inspectlet.com" />
 
+	<target host="cdn.inspectlet.com" />
+		<exclusion pattern="^http://cdn\.inspectlet\.com/$" />
+		<test url="http://cdn.inspectlet.com/inspectlet.js" />
 
-	<rule from="^http://(?:www\.)?inspectlet\.com/"
-		to="https://www.inspectlet.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+	<securecookie host=".+" name=".+" />
+</ruleset>
diff --git a/src/chrome/content/rules/Inspiration_Green.xml b/src/chrome/content/rules/Inspiration_Green.xml
deleted file mode 100644
index 960eece7bd72..000000000000
--- a/src/chrome/content/rules/Inspiration_Green.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Inspiration Green">
-
-	<target host="inspirationgreen.com" />
-	<target host="www.inspirationgreen.com" />
-
-
-	<securecookie host="^(?:www\.)?inspirationgreen\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?inspirationgreen\.com/"
-		to="https://$1inspirationgreen.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Inspire_HEP.net.xml b/src/chrome/content/rules/Inspire_HEP.net.xml
new file mode 100644
index 000000000000..348bd6ca4eeb
--- /dev/null
+++ b/src/chrome/content/rules/Inspire_HEP.net.xml
@@ -0,0 +1,15 @@
+<ruleset name="Inspire HEP.net">
+
+	<target host="inspirehep.net" />
+	<target host="labs.inspirehep.net" />
+	<target host="piwik.inspirehep.net" />
+	<target host="www.inspirehep.net" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Instacom_Inc.com.xml b/src/chrome/content/rules/Instacom_Inc.com.xml
new file mode 100644
index 000000000000..d59c97c0163e
--- /dev/null
+++ b/src/chrome/content/rules/Instacom_Inc.com.xml
@@ -0,0 +1,16 @@
+<ruleset name="Instacom Inc.com">
+
+	<target host="instacominc.com" />
+	<target host="www.instacominc.com" />
+
+
+	<securecookie host="^\.instacominc\.com$" name=".+" />
+	<!--
+		Secured by server:
+					-->
+	<!--securecookie host="^www\.instacominc\.com$" name="^session_id_egrams$" /-->
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Instaemail.net.xml b/src/chrome/content/rules/Instaemail.net.xml
deleted file mode 100644
index 74cab9ff7a36..000000000000
--- a/src/chrome/content/rules/Instaemail.net.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	CDN buckets:
-
-		- cdn.instaemail.net.s3.amazonaws.com
-
-			- cdn.instaemail.net
-
-
-	Nonfunctional domains:
-
-		- instaemail.com	(dropped)
-		- www.instaemail.com	(refused)
-
--->
-<ruleset name="Instaemail.net">
-
-	<target host="cdn.instaemail.net" />
-
-
-	<rule from="^http://cdn\.instaemail\.net/"
-		to="https://s3.amazonaws.com/cdn.instaemail.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Instagr.am.xml b/src/chrome/content/rules/Instagr.am.xml
new file mode 100644
index 000000000000..aa6b1d2e5c72
--- /dev/null
+++ b/src/chrome/content/rules/Instagr.am.xml
@@ -0,0 +1,13 @@
+<!--
+	Other Instragram rulesets:
+		- CDN_Instagram.com.xml
+		- Instagrampartners.com.xml
+-->
+<ruleset name="Instagr.am (partial)">
+
+	<target host="instagr.am" />
+	<target host="www.instagr.am" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Instagram.xml b/src/chrome/content/rules/Instagram.xml
deleted file mode 100644
index 548d799eff3d..000000000000
--- a/src/chrome/content/rules/Instagram.xml
+++ /dev/null
@@ -1,157 +0,0 @@
-<!--
-	CDN buckets:
-
-		- distillery.s3.amazonaws.com | d18txuuu339yuz.cloudfront.net
-
-			- images.instagram.com
-
-		- d17c70w5wkxq2m.cloudfront.net
-			- distilleryimage7.instagram.com
-
-		- distilleryimage1.s3.amazonaws.com | d1ae3bdqlkjebx.cloudfront.net
-			- distilleryimage1.instagram.com
-
-		- d1uysd8m4iv3h8.cloudfront.net
-			- distilleryimage5.instagram.com
-
-		- d1z5wd2gcq19yd.cloudfront.net
-			- distilleryimage11.instagram.com
-
-		- d24elmu442q75h.cloudfront.net
-			- distilleryimage4.instagram.com
-
-		- d2aqnk7wh4vqhb.cloudfront.net
-			- distilleryimage0.instagram.com
-
-		- d2nms3640z5x8l.cloudfront.net
-			- distilleryimage8.instagram.com
-
-		- distilleryimage1.s3.amazonaws.com | d2vdurooumowqn.cloudfront.net
-			- distilleryimage2.instagram.com
-
-		- d2x3khweh61zds.cloudfront.net
-			- distilleryimage9.instagram.com
-
-		- d34sa3fuqtuf2w.cloudfront.net
-			- distilleryimage10.instagram.com
-
-		- d36xtkk24g8jdx.cloudfront.net
-
-		- d3v3n0f5b1i27d.cloudfront.net
-			- distilleryimage6.instagram.com
-
-		- doa9ijhk46qwf.cloudfront.net
-			- distilleryimage3.instagram.com
-
-		- instagram-static.s3.amazonaws.com
-
-		- distilleryimage1.ak.instagram.com.edgesuite.net
-
-			- a1402.dspw40.akamai.net
-
-		- images.ak.instagram.com.edgesuite.net
-
-			- a1404.dspw42.akamai.net
-
-
-	Nonfunctional domains:
-
-		- blog.instagram.com	(tumblr)
-
-
-	Problematic domains:
-
-		- instagram.com subdomains:
-
-			- images1.ak	(works, akamai)
-			- help		(works; mismatched, CN: instagram.com)
-			- www		(works, cert only matches ^instagram.com)
-
-
-	Partially covered domains:
-
-		- instagr.am
-
-
-	Fully covered instagram.com subdomains:
-
-		- images.ak *
-		- images1.ak *
-		- api
-		- badges
-		- distilleryimage[1-9] **
-		- distilleryimage1[12] **
-		- images *
-
-	* → akamai
-	** → cloudfront
-
--->
-<ruleset name="Instagram (partial)">
-
-	<target host="instagr.am" />
-	<target host="instagram.com" />
-	<target host="*.instagram.com" />
-
-
-	<securecookie host="^badges\.instagram\.com$" name=".+" />
-
-
-	<rule from="^http://instagr\.am/static/images/"
-		to="https://s3.amazonaws.com/instagram-static/images/" />
-
-	<!--	Note that this next rule does not currently work for /static/images
-		but that case is handled by the previous rule.
-								-->
-	<rule from="^http://instagr\.am/(p|static)/"
-		to="https://instagr.am/$1/" />
-
-	<rule from="^http://(?:www\.)?instagram\.com/favicon\.ico"
-		to="https://instagram.com/favicon.ico" />
-
-	<rule from="^http://images\.ak\.instagram\.com/"
-		to="https://a248.e.akamai.net/f/1404/2456/3m/images.ak.instagram.com/" />
-
-	<rule from="^http://images1\.ak\.instagram\.com/"
-		to="https://a248.e.akamai.net/f/1402/3840/4m/images1.ak.instagram.com/" />
-
-	<rule from="^http://(api|badges)\.instagram\.com/"
-		to="https://$1.instagram.com/" />
-
-	<rule from="^http://distilleryimage1\.instagram\.com/"
-		to="https://d1ae3bdqlkjebx.cloudfront.net/" />
-
-	<rule from="^http://distilleryimage2\.instagram\.com/"
-		to="https://d2vdurooumowqn.cloudfront.net/" />
-
-	<rule from="^http://distilleryimage3\.instagram\.com/"
-		to="https://doa9ijhk46qwf.cloudfront.net/" />
-
-	<rule from="^http://distilleryimage4\.instagram\.com/"
-		to="https://d24elmu442q75h.cloudfront.net/" />
-
-	<rule from="^http://distilleryimage5\.instagram\.com/"
-		to="https://d1uysd8m4iv3h8.cloudfront.net/" />
-
-	<rule from="^http://distilleryimage6\.instagram\.com/"
-		to="https://d2aqnk7wh4vqhb.cloudfront.net/" />
-
-	<rule from="^http://distilleryimage7\.instagram\.com/"
-		to="https://d17c70w5wkxq2m.cloudfront.net/" />
-
-	<rule from="^http://distilleryimage8\.instagram\.com/"
-		to="https://d2nms3640z5x8l.cloudfront.net/" />
-
-	<rule from="^http://distilleryimage9\.instagram\.com/"
-		to="https://d2x3khweh61zds.cloudfront.net/" />
-
-	<rule from="^http://distilleryimage10\.instagram\.com/"
-		to="https://d34sa3fuqtuf2w.cloudfront.net/" />
-
-	<rule from="^http://distilleryimage11\.instagram\.com/"
-		to="https://d1z5wd2gcq19yd.cloudfront.net/" />
-
-	<rule from="^http://images\.instagram\.com/"
-		to="https://d18txuuu339yuz.cloudfront.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Instagrampartners.com.xml b/src/chrome/content/rules/Instagrampartners.com.xml
new file mode 100644
index 000000000000..3960ba09479b
--- /dev/null
+++ b/src/chrome/content/rules/Instagrampartners.com.xml
@@ -0,0 +1,9 @@
+<!--
+	For other Instagram coverage, see Instagr.am.xml.
+-->
+<ruleset name="Instagrampartners.com">
+	<target host="instagrampartners.com" />
+	<target host="www.instagrampartners.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Instant-Messaging-Freedom.xml b/src/chrome/content/rules/Instant-Messaging-Freedom.xml
index d95b86c20fa2..8b07914027a0 100644
--- a/src/chrome/content/rules/Instant-Messaging-Freedom.xml
+++ b/src/chrome/content/rules/Instant-Messaging-Freedom.xml
@@ -1,4 +1,8 @@
-<ruleset name="Instant Messaging Freedom">
+<!--
+	Instant Messaging Freedom
+
+-->
+<ruleset name="IM Freedom.org">
 
 	<target host="imfreedom.org" />
 	<target host="www.imfreedom.org" />
@@ -7,7 +11,7 @@
 	<securecookie host="^(?:www\.)?imfreedom\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?imfreedom\.org/"
-		to="https://$1imfreedom.org/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/InstantChat.io.xml b/src/chrome/content/rules/InstantChat.io.xml
new file mode 100644
index 000000000000..d9df49280298
--- /dev/null
+++ b/src/chrome/content/rules/InstantChat.io.xml
@@ -0,0 +1,14 @@
+<ruleset name="InstantChat.io">
+
+	<target host="instantchat.io" />
+	<target host="www.instantchat.io" />
+
+
+	<securecookie host="^\w" name=".+" />
+	<securecookie host="^\." name="^__utm" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/InstantSSL.xml b/src/chrome/content/rules/InstantSSL.xml
index 4b9e6a72b10b..115e1d89459a 100644
--- a/src/chrome/content/rules/InstantSSL.xml
+++ b/src/chrome/content/rules/InstantSSL.xml
@@ -1,10 +1,10 @@
 <ruleset name="InstantSSL">
 
 	<target host="instantssl.com" />
-	<target host="*.instantssl.com" />
+	<target host="secure.instantssl.com" />
+	<target host="www.instantssl.com" />
 
 
-	<rule from="^http://(secure\.|www\.)?instantssl\.com/"
-		to="https://$1instantssl.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Instantbird.org.xml b/src/chrome/content/rules/Instantbird.org.xml
new file mode 100644
index 000000000000..f5f828d65d2e
--- /dev/null
+++ b/src/chrome/content/rules/Instantbird.org.xml
@@ -0,0 +1,53 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://addons.instantbird.org/ => https://addons.instantbird.org/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://bugzilla.instantbird.org/ => https://bugzilla.instantbird.org/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://hg.instantbird.org/ => https://hg.instantbird.org/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://wiki.instantbird.org/ => https://wiki.instantbird.org/: (60, 'SSL certificate problem: certificate has expired')
+
+	Nonfunctional subdomains:
+
+		- (www.) *
+		- blog *
+		- lxr *
+
+	* "Over capacity"
+
+
+	Fully covered hosts in *instantbird.org:
+
+		- addons
+		- bugzilla
+		- hg
+		- wiki
+
+
+	Insecure cookies are set for these hosts:
+
+		- bugzilla.instantbird.org
+
+-->
+<ruleset name="Instantbird.org (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="addons.instantbird.org" />
+	<target host="bugzilla.instantbird.org" />
+	<target host="hg.instantbird.org" />
+	<target host="wiki.instantbird.org" />
+
+		<!--exclusion pattern="^http://(blog|lxr|www)\.instantbird\.org/" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^bugzilla\.instantbird\.org$" name="^DEFAULTFORMAT$" /-->
+
+	<securecookie host="^bugzilla\.instantbird\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Instantpage.me.xml b/src/chrome/content/rules/Instantpage.me.xml
new file mode 100644
index 000000000000..e1cd98c80b91
--- /dev/null
+++ b/src/chrome/content/rules/Instantpage.me.xml
@@ -0,0 +1,41 @@
+<!--
+	For other GoDaddy coverage, see GoDaddy.xml.
+
+
+	Problematic hosts in *instantpage.me:
+
+		- ^ ¹
+		- www ²
+
+	¹ Refused
+	² Dropped
+
+
+	Fully covered hosts in *instantpage.me:
+
+		- ^	(→ www.godaddy.com)
+		- admin
+		- www	(→ admin)
+
+-->
+<ruleset name="Instantpage.me">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="admin.instantpage.me" />
+
+	<!--	Complications:
+				-->
+	<target host="instantpage.me" />
+	<target host="www.instantpage.me" />
+
+
+	<rule from="^http://instantpage\.me/"
+		to="https://www.godaddy.com/default.aspx" />
+
+	<rule from="^http://www\.instantpage\.me/"
+		to="https://admin.instantpage.me/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Instapanel.com.xml b/src/chrome/content/rules/Instapanel.com.xml
new file mode 100644
index 000000000000..92ba6b9c8797
--- /dev/null
+++ b/src/chrome/content/rules/Instapanel.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="Instapanel.com">
+
+	<target host="instapanel.com" />
+	<target host="www.instapanel.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Instapaper.com.xml b/src/chrome/content/rules/Instapaper.com.xml
index de818386ffc5..17a102b4ae28 100644
--- a/src/chrome/content/rules/Instapaper.com.xml
+++ b/src/chrome/content/rules/Instapaper.com.xml
@@ -1,6 +1,10 @@
-<ruleset name="Instapaper">
+<ruleset name="Instapaper.com">
+
+	<!--	Direct rewrites:
+				-->
   <target host="www.instapaper.com"/>
   <target host="instapaper.com"/>
 
-  <rule from="^http://(?:www\.)?instapaper\.com/" to="https://www.instapaper.com/"/>
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Instart_Logic.com.xml b/src/chrome/content/rules/Instart_Logic.com.xml
deleted file mode 100644
index 3499497b499d..000000000000
--- a/src/chrome/content/rules/Instart_Logic.com.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	Other Instart Logic rulesets:
-
-		- Insnw.net.xml
-
-
-	Nonfunctional subdomains:
-
-		- (www.)	(502, valid cert)
-
--->
-<ruleset name="Instart Logic.com (partial)">
-
-	<target host="*.instartlogic.com" />
-
-
-	<securecookie host="^\.customer\.instartlogic\.com$" name=".+" />
-
-
-	<rule from="^http://customer\.instartlogic\.com/"
-		to="https://customer.instartlogic.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Instella_Platform.xml b/src/chrome/content/rules/Instella_Platform.xml
deleted file mode 100644
index 36704a639335..000000000000
--- a/src/chrome/content/rules/Instella_Platform.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)	(times out)
-
--->
-<ruleset name="Instella Platform (partial)">
-
-	<target host="*.instellaplatform.com" />
-
-
-	<securecookie host="^.+\.instellaplatform\.com$" name=".+" />
-
-
-	<!--	Unique subdomains for each client.
-							-->
-	<rule from="^http://(?!www)\.instellaplatform\.com/"
-		to="https://$1.instellaplatform.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Institut-National-des-Sciences-Appliquees.xml b/src/chrome/content/rules/Institut-National-des-Sciences-Appliquees.xml
index 1347546ad5cb..cefd66687e76 100644
--- a/src/chrome/content/rules/Institut-National-des-Sciences-Appliquees.xml
+++ b/src/chrome/content/rules/Institut-National-des-Sciences-Appliquees.xml
@@ -4,7 +4,7 @@
 	<target host="www.insa-strasbourg.fr" />
 
 
-	<securecookie host="^www\.insa-strasbourg\.fr$" name=".*" />
+	<securecookie host="^www\.insa-strasbourg\.fr$" name=".+" />
 
 
 	<!--	!www doesn't work over https.
diff --git a/src/chrome/content/rules/Institut_fur_Internet-Sicherheit.xml b/src/chrome/content/rules/Institut_fur_Internet-Sicherheit.xml
index b2e5fc16d297..0f8def95aa8b 100644
--- a/src/chrome/content/rules/Institut_fur_Internet-Sicherheit.xml
+++ b/src/chrome/content/rules/Institut_fur_Internet-Sicherheit.xml
@@ -14,4 +14,4 @@
 	<rule from="^http://(?:www\.)?it-sicherheit\.de/"
 		to="https://www.it-sicherheit.de/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Institute-of-Physics-mismatches.xml b/src/chrome/content/rules/Institute-of-Physics-mismatches.xml
index af792808ea7d..380292104420 100644
--- a/src/chrome/content/rules/Institute-of-Physics-mismatches.xml
+++ b/src/chrome/content/rules/Institute-of-Physics-mismatches.xml
@@ -2,17 +2,16 @@
 	For rules that are on by default, see Institute-of-Physics.xml.
 
 -->
-<ruleset name="Institute of Physics (mismatches)" default_off="mismatch">
+<ruleset name="IoP.org (mismatched)" default_off="mismatched">
 
-	<!--	Cert: *.iop.org	-->
 	<target host="content.cws.iop.org" />
 	<target host="cms.iopscience.iop.org" />
 
 
-	<securecookie host="^cms\.iopscience\.iop\.org$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://c(ontent\.cws|ms\.iopscience)\.iop\.org/"
-		to="https://c$1.iop.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Institute-of-Physics.xml b/src/chrome/content/rules/Institute-of-Physics.xml
index e005b9b9ffbb..63a371de1a9b 100644
--- a/src/chrome/content/rules/Institute-of-Physics.xml
+++ b/src/chrome/content/rules/Institute-of-Physics.xml
@@ -1,36 +1,78 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://iopscience.iop.org/ => https://iopscience.iop.org/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+
+	Institute of Physics
+
 	For problematic rules, see Institute-of-Physics-mismatches.xml.
 
 
-	Nonfunctional subdomains:
+	Nonfunctional hosts in *iop.org:
+
+		- ej ʳ
+		- journals ʳ
+		- stacks ʳ
+
+	ʳ Refused
+
+
+	Problematic hosts in *iop.org:
 
-		- ej
-		- stacks	(no https)
+		- ^ ᵐ
+		- content.cws ᵐ
+		- cms.iopscience ᵐ
 
+	ᵐ Mismatched
 
-	Problematic subdomains:
 
-		- content.cws *
-		- cms.iopscience *
+	Insecure cookies are set for these domains and hosts:
 
-	* Works, mismatched, CN: *.iop.org
+		- .iop.org
+		- iopscience.iop.org
+		- .iopscience.iop.org
+		- ticket.iop.org
+
+
+	Mixed content:
+
+		- Images on iopscience from ej.iop.org ʳ
+		- Images on iopscience from cms.iopscience.iop.org ᵐ
+
+	ʳ Unsecurable <= refused
+	ᵐ Rule disabled by default <= mismatched
 
 -->
-<ruleset name="Institute of Physics (partial)">
+<ruleset name="IoP.org (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="atom.iop.org" />
+	<target host="authors.iop.org" />
+	<target host="images.iop.org" />
+	<target host="iopscience.iop.org" />
+	<target host="ticket.iop.org" />
+	<target host="www.iop.org" />
 
+	<!--	Complications:
+				-->
 	<target host="iop.org" />
-	<target host="*.iop.org" />
-	<target host="*.iopscience.iop.org" />
 
 
-	<securecookie host="^\.?iopscience\.iop\.org$" name=".+" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.iop\.org$" name="^IOP_session_live$" /-->
+	<!--securecookie host="^iopscience\.iop\.org$" name="^JSESSIONID$" /-->
+	<!--securecookie host="^\.iopscience\.iop\.org$" name="^ssi_checked$" /-->
+
+	<securecookie host="^\w" name=".+" />
+	<securecookie host="^\.iopscience\." name=".+" />
 
 
-	<!--	Cert only matches *.iop.org	-->
-	<rule from="^https?://(?:www\.)?iop\.org/"
+	<rule from="^http://iop\.org/"
 		to="https://www.iop.org/" />
 
-	<rule from="^http://i(mages|opscience)\.iop\.org/"
-		to="https://i$1.iop.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Instogram.pro.xml b/src/chrome/content/rules/Instogram.pro.xml
new file mode 100644
index 000000000000..1201f79c2dea
--- /dev/null
+++ b/src/chrome/content/rules/Instogram.pro.xml
@@ -0,0 +1,8 @@
+<ruleset name="Instogram.pro">
+	<target host="instogram.pro" />
+	<target host="www.instogram.pro" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Instra.xml b/src/chrome/content/rules/Instra.xml
index 6fb46a37171e..72715f9597f3 100644
--- a/src/chrome/content/rules/Instra.xml
+++ b/src/chrome/content/rules/Instra.xml
@@ -7,7 +7,6 @@
 	<securecookie host="^(?:www\.)?instra\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?instra\.com/"
-		to="https://$1instra.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Instraffic.com.xml b/src/chrome/content/rules/Instraffic.com.xml
new file mode 100644
index 000000000000..cd6b572070b7
--- /dev/null
+++ b/src/chrome/content/rules/Instraffic.com.xml
@@ -0,0 +1,24 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- instraffic.com
+		- www.instraffic.com
+
+-->
+<ruleset name="instraffic.com">
+
+	<target host="instraffic.com" />
+	<target host="www.instraffic.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?instraffic\.com$" name="^RNLBSERVERID$" /-->
+
+	<securecookie host="^(?:www\.)?instraffic\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Instructables.com.xml b/src/chrome/content/rules/Instructables.com.xml
new file mode 100644
index 000000000000..1b71e04499b8
--- /dev/null
+++ b/src/chrome/content/rules/Instructables.com.xml
@@ -0,0 +1,42 @@
+<!--
+	Wildcard DNS
+
+	Refused:
+		instructables.com
+
+	Bad certificate:
+		download.instructables.com
+
+-->
+<ruleset name="Instructables">
+
+	<target host="instructables.com" />
+	<target host="www.instructables.com" />
+	<target host="cdn.instructables.com" />
+	<target host="ssl.instructables.com" />
+
+	<!-- Redirect to HTTP -->
+	<exclusion pattern="^http://((ssl|www)\.)?instructables\.com/(contest|id)/" />
+
+		<test url="http://instructables.com/contest/paper2018/" />
+		<test url="http://ssl.instructables.com/id/8-Transistor-Stereo-Amplifier/" />
+		<test url="http://www.instructables.com/contest/" />
+		<test url="http://www.instructables.com/id/8-Transistor-Stereo-Amplifier/" />
+
+	<!-- CORS issue. Visit http://www.instructables.com/id/8-Transistor-Stereo-Amplifier -->
+	<exclusion pattern="^http://((ssl|www)\.)?instructables\.com/(intl_static|json-api)/" />
+
+		<test url="http://instructables.com/json-api/getIbleStats?id=E2XYK3LJC6K541G" />
+		<test url="http://www.instructables.com/intl_static/fonts/icomoon.woff" />
+		<test url="http://www.instructables.com/json-api/getIbleStats?id=E2XYK3LJC6K541G" />
+		<test url="http://ssl.instructables.com/json-api/getFiles?instructableId=E2XYK3LJC6K541G" />
+
+	<securecookie host="^\.instructables\.com$" name=".+" />
+
+	<rule from="^http://instructables\.com/"
+		to="https://www.instructables.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Instructables.xml b/src/chrome/content/rules/Instructables.xml
deleted file mode 100644
index 16dcb85276b7..000000000000
--- a/src/chrome/content/rules/Instructables.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<ruleset name="Instructables" default_off="mismatch">
-
-	<target host="instructables.com"/>
-	<target host="*.instructables.com"/>
-
-	<rule from="^http://instructables\.com/"
-		to="https://www.instructables.com/"/>
-
-	<rule from="^http://cdn\.instructables\.com/"
-		to="https://s3.amazonaws.com/instruct-deriv/"/>
-
-	<rule from="^http://(img|www)\.instructables\.com/"
-		to="https://$1.instructables.com/"/>
-
-	<securecookie host="^\.instructables\.com$" name=".*"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Int_Gov_Forum.org.xml b/src/chrome/content/rules/Int_Gov_Forum.org.xml
new file mode 100644
index 000000000000..a5f8390c151c
--- /dev/null
+++ b/src/chrome/content/rules/Int_Gov_Forum.org.xml
@@ -0,0 +1,14 @@
+<!--
+	Some pages redirect to http.
+
+-->
+<ruleset name="Int Gov Forum.org (partial)">
+
+	<target host="intgovforum.org" />
+	<target host="www.intgovforum.org" />
+
+
+	<rule from="^http://(www\.)?intgovforum\.org/(?=cms/(?:components|images|media|modules|templates)/)"
+		to="https://$1intgovforum.org/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Intego.xml b/src/chrome/content/rules/Intego.xml
index 3d5ffc9f758f..64181804a427 100644
--- a/src/chrome/content/rules/Intego.xml
+++ b/src/chrome/content/rules/Intego.xml
@@ -1,27 +1,54 @@
 <!--
 	CDN buckets:
 
-		- d2peew1v0y8u0k.cloudfront.net
-			- assets.intego.com
+		- d2peew1v0y8u0k.cloudfront.net	← assets.intego.com
 
 
-	Nonfunctional subdomains:
+	Problematic hosts in *intego.com:
 
-		- (www.)
+		- assets ᵐ
+
+	ᵐ Cloudfront/mismatched
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .fp.intego.com
+		- www.intego.com
 
 -->
-<ruleset name="Intego (partial)">
+<ruleset name="Intego.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="intego.com" />
+	<target host="fp.intego.com" />
+	<target host="support.intego.com" />
+	<target host="www.intego.com" />
+
+	<!--	Complications:
+				-->
+	<target host="assets.intego.com" />
+
+		<!--	Sets cookie without secure:
+							-->
+		<!--test url="http://www.intego.com/intego-free-trial" /-->
 
-	<target host="*.intego.com" />
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.fp\.intego\.com$" name="^ARRAffinity$" /-->
+	<!--securecookie host="^www\.intego\.com$" name="^fastsprint_user_country2$" /-->
 
-	<securecookie host="^support\.intego\.com$" name=".+" />
+	<securecookie host="^\." name="^_gat?$" />
+	<securecookie host="^\.fp\." name=".+" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^https?://assets\.intego\.com/"
+	<rule from="^http://assets\.intego\.com/"
 		to="https://d2peew1v0y8u0k.cloudfront.net/" />
 
-	<rule from="^http://support\.intego\.com/"
-		to="https://support.intego.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Integris-Credit-Union.xml b/src/chrome/content/rules/Integris-Credit-Union.xml
new file mode 100644
index 000000000000..16ed81b59658
--- /dev/null
+++ b/src/chrome/content/rules/Integris-Credit-Union.xml
@@ -0,0 +1,13 @@
+<ruleset name="Integris Credit Union">
+	<target host="integriscu.ca" />
+	<target host="www.integriscu.ca" />
+	<target host="mdws.integriscu.ca" />
+	<target host="my.integriscu.ca" />
+	<target host="cache1.integriscu.ca" />
+	<target host="cache2.integriscu.ca" />
+	<target host="cache3.integriscu.ca" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Integrity.pt.xml b/src/chrome/content/rules/Integrity.pt.xml
new file mode 100644
index 000000000000..230b72d331ff
--- /dev/null
+++ b/src/chrome/content/rules/Integrity.pt.xml
@@ -0,0 +1,47 @@
+<!--
+	NB: Tor users cannot view* this website due to CloudFlare settings.
+
+	See:
+
+		- https://blog.torproject.org/blog/call-arms-helping-internet-services-accept-anonymous-users
+		- https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block-Tor-
+		- https://support.cloudflare.com/hc/en-us/articles/200170206-How-do-I-turn-I-m-Under-Attack-mode-on-
+
+	* without enabling javascript, for security and privacy implications see e.g.:
+
+		- https://www.mozilla.org/security/known-vulnerabilities/firefox.html
+		- https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-fingerprinting
+		- https://panopticlick.eff.org
+
+
+	Fully covered hosts in *integrity.pt:
+
+		- (www.)?
+		- labs
+
+
+	Insecure cookies are set for these domains:
+
+		- .integrity.pt
+
+-->
+<ruleset name="Integrity.pt">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="integrity.pt" />
+	<target host="labs.integrity.pt" />
+	<target host="www.integrity.pt" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.integrity\.pt$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.integrity\.pt$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Integrity.st.xml b/src/chrome/content/rules/Integrity.st.xml
new file mode 100644
index 000000000000..861a8c942c65
--- /dev/null
+++ b/src/chrome/content/rules/Integrity.st.xml
@@ -0,0 +1,9 @@
+<ruleset name="Integrity.st">
+
+	<target host="integrity.st" />
+	<target host="www.integrity.st" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Intel-mismatches.xml b/src/chrome/content/rules/Intel-mismatches.xml
deleted file mode 100644
index c12b27b0a1ff..000000000000
--- a/src/chrome/content/rules/Intel-mismatches.xml
+++ /dev/null
@@ -1,28 +0,0 @@
-<!--
-	For rules that are on by default, see Intel.xml.
-
--->
-<ruleset name="Intel (mismatches)" default_off="mismatch">
-
-	<target host="failover.intel.com" />
-	<target host="intel.co.uk" />
-	<target host="*.intel.co.uk" />
-
-
-	<!--	Akamai	-->
-	<rule from="^http://failover\.intel\.com/"
-		to="https://failover.intel.com/" />
-
-	<!--	- !www times out over https
-		- !www redirects to www over http
-					-->
-	<rule from="^https?://(?:www\.)?intel\.co\.uk/"
-		to="https://www.intel.co.uk/" />
-
-	<!--	- Times out
-		- 301s like so over http
-					-->
-	<rule from="^https?://itcommunity\.intel\.co\.uk/"
-		to="https://www.intel.co.uk/content/www/uk/en/it-management/intel-it/it-managers.html" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Intel.co.jp.xml b/src/chrome/content/rules/Intel.co.jp.xml
new file mode 100644
index 000000000000..b7ce53f4ba1c
--- /dev/null
+++ b/src/chrome/content/rules/Intel.co.jp.xml
@@ -0,0 +1,20 @@
+<!--
+	For other Intel coverage, see Intel.xml
+
+	Non-functional hosts
+		Couldn't connect to server:
+			 - intel.co.jp
+			 - download.intel.co.jp
+
+		SSL peer certificate was not OK:
+			 - support.intel.co.jp
+-->
+<ruleset name="Intel.co.jp">
+	<target host="www.intel.co.jp" />
+	<target host="iq.intel.co.jp" />
+	<target host="newsroom.intel.co.jp" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Intel.co.uk.xml b/src/chrome/content/rules/Intel.co.uk.xml
new file mode 100644
index 000000000000..403545b018ba
--- /dev/null
+++ b/src/chrome/content/rules/Intel.co.uk.xml
@@ -0,0 +1,13 @@
+<!--
+	For other Intel coverage, see Intel.xml.
+
+	Non-functional hosts
+		Couldn't connect to server:
+		- intel.co.uk
+-->
+<ruleset name="Intel.co.uk (partial)">
+	<target host="iq.intel.co.uk" />
+	<target host="www.intel.co.uk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Intel.xml b/src/chrome/content/rules/Intel.xml
index 1a7aebe6502b..472b81cc59e5 100644
--- a/src/chrome/content/rules/Intel.xml
+++ b/src/chrome/content/rules/Intel.xml
@@ -1,114 +1,70 @@
 <!--
-	For problematic rules, see Intel-mismatches.xml.
-
-
-	CDN buckets:
-
-		- software-downloads.intel.com.edgesuite.net
-
-			- a978.b.akamai.net
-			- downloads-software.intel.com
-
-		- software.intel.com.edgesuite.net
-
-			- a163.b.akamai.net
-
-
 	Other Intel rulesets:
- 
-		- ACPICA.org.xml
-		- Cilk_Plus.org.xml
-		- McAfee.xml
-		- McAfee_Mobile_Security.xml
-		- McAfee_SECURE.xml
-		- ScanAlert.xml
-		- SiteAdvisor.com.xml
-		- Threading-Building-Blocks.xml
-
-
-	Nonfunctional domains:
-
-
-		- intel.com subdomains:
-
-			- ark			(redirects to http, akamai)
-			- cache-www		(Akamai; 503)
-			- corpredirect		(Akamai; 503)
-			- downloadcenter
-			- www			(Akamai; "Page Unavailable")
-
-		- itcommunity.intel.co.uk	(times out)
-
-		intellinuxgraphics.org
-
-
-	Problematic domains:
-
-		- download-software.intel.com *
-		- software.intel.com	(works, akamai)
-
-	* Works, akamai
-
-
-	Partially covered subdomains:
-
-		- software	(→ akamai, avoiding user-visible paths)
-
-
-	Fully covered subdomains:
-
-		- downloads-software	(→ akamai)
-		- secure-software
-
+		+ Cilk_Plus.org.xml
+		+ Intel.co.jp.xml
+		+ Intel.co.uk.xml
+		+ Intel_Free_Press.com.xml
+		+ McAfee.xml
+		+ McAfee-Mobile-Security.xml
+		+ McAfee-MX-Logic.xml
+		+ McAfee-SECURE.xml
+		+ ScanAlert.xml
+		+ SiteAdvisor.com.xml
+		+ Threading-Building-Blocks.xml
+		+ Ywxi.net.xml
+
+	Non-functional hosts
+		Couldn't connect to server:
+		- prd1idz.cps.intel.com
+		- mysearch.intel.com
+		- scoop.intel.com
+		- search.intel.com
+		- ssl.intel.com
+		- xdk.intel.com
+
+		Timeout was reached:
+		- staging-our.intel.com
+		- staging-scoop.intel.com
+
+		SSL connect error:
+		- chi1.intel.com
+
+		4xx client error:
+		- corpredirect.intel.com
+
+		Different content:
+		- click.intel.com
 -->
-<ruleset name="Intel (partial)">
-
-	<target host="*.intel.co.jp" />
+<ruleset name="Intel.com (partial)">
 	<target host="intel.com" />
-	<target host="*.intel.com" />
-		<!--
-			Avoid user-visible paths:
-							-->
-		<exclusion pattern="^http://software\.intel\.com/(?!favicon\.ico|misc/|sites/)" />
-		<!--
-			Many stylesheets link images relative to /
-								-->
-		<exclusion pattern="^http://software\.intel\.com/(?:sites/\w+/)?sites/default/files/css/(?!css_Lk0i1Rq49zhZknClrYE-0k13DwR38sFSx-F2mXUQfI4\.css)" />
-	<target host="intelfreepress.com" />
-	<target host="www.intelfreepress.com" />
-
-
-	<securecookie host="^newsroom\.intel\.co\.jp$" name=".+" />
-	<securecookie host="^.+\.intel\.com$" name=".+" />
-
-	<exclusion pattern="^http://www\.intel\.com/newsroom/assets/bio/" />
-
-	<!--	blogs.intel.com cert matches, but .co.jp
-		presents a different cert.
- 						-->
-	<rule from="^https?://blogs.intel.co.jp/"
-		to="https://blogs.intel.com/japan/" />
-
-	<rule from="^http://newsroom\.intel\.co\.jp/"
-		to="https://newsroom.intel.co.jp/" />
-
-	<!--	Without this, there would be mixed content on newsroom:
-									-->
-	<rule from="^https?://(?:www\.)?intel\.com/(etc|newsroom/assets|sites)/"
-		to="https://www-ssl.intel.com/$1/" />
-
-	<rule from="^http://(blogs|educate|engage|freepress|our|scoop|secure-software|sfederation|ssl|staging-(?:blogs|our|scoop)|www-ssl)\.intel\.com/"
-		to="https://$1.intel.com/" />
-
-	<!--	Protocol-relative redirects from akamai.net/.../software.:
-									-->
-	<rule from="^https?://download-software\.intel\.com/"
-		to="https://a248.e.akamai.net/f/978/142/6m/download-software.intel.com/" />
-
-	<rule from="^http://software\.intel\.com/"
-		to="https://a248.e.akamai.net/f/163/177/2m/software.intel.com/" />
-
-	<rule from="^http://(www\.)?intelfreepress\.com/"
-		to="https://$1intelfreepress.com/" />
-
+	<target host="www.intel.com" />
+	<target host="ark.intel.com" />
+	<target host="blogs.intel.com" />
+	<target host="communities.intel.com" />
+	<target host="embedded.communities.intel.com" />
+	<target host="download-software.intel.com" />
+	<target host="downloadcenter.intel.com" />
+	<target host="downloadmirror.intel.com" />
+		<test url="http://downloadmirror.intel.com/28992/eng/Release_Note_16_8_3_1003.pdf" />
+	<target host="edc.intel.com" />
+	<target host="educate.intel.com" />
+	<target host="engage.intel.com" />
+	<target host="failover.intel.com" />
+		<test url="http://failover.intel.com/failover/www.intel.com/Assets/contact-numbers.pdf" />
+	<target host="firmware.intel.com" />
+	<target host="newsroom.intel.com" />
+	<target host="origin-software.intel.com" />
+	<target host="processormatch.intel.com" />
+		<test url="http://processormatch.intel.com/Resources/Program%20for%20CEC%20Friendly%20MB%20Guidelines%20June%202018%20Public.pdf" />
+	<target host="registrationcenter.intel.com" />
+	<target host="sfederation.intel.com" />
+	<target host="signin.intel.com" />
+	<target host="software.intel.com" />
+	<target host="staging-blogs.intel.com" />
+	<target host="tuningplan.intel.com" />
+	<target host="www-ssl.intel.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Intel_Free_Press.com.xml b/src/chrome/content/rules/Intel_Free_Press.com.xml
new file mode 100644
index 000000000000..c3f3f082cd4b
--- /dev/null
+++ b/src/chrome/content/rules/Intel_Free_Press.com.xml
@@ -0,0 +1,16 @@
+<!--
+	For other Intel coverage, see Intel.xml.
+
+
+	CN: blogs.intel.com
+
+-->
+<ruleset name="Intel Free Press.com" default_off="mismatched">
+
+	<target host="intelfreepress.com" />
+	<target host="www.intelfreepress.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Inteligo.pl.xml b/src/chrome/content/rules/Inteligo.pl.xml
new file mode 100644
index 000000000000..2ad3cc8dfd53
--- /dev/null
+++ b/src/chrome/content/rules/Inteligo.pl.xml
@@ -0,0 +1,35 @@
+<!--
+	SSL handshake error:
+		- beta
+
+	Mismatched:
+		- pko
+		- studio
+		- wap
+
+	Timeout:
+		- www.developers
+		- igolokata
+		- www.igolokata
+		- www.junior
+-->
+<ruleset name="Inteligo.pl">
+	<target host="inteligo.pl" />
+	<target host="www.inteligo.pl" />
+	<target host="ui.sandbox.api.inteligo.pl" />
+	<target host="auth.inteligo.pl" />
+	<target host="developers.inteligo.pl" />
+	<target host="www.developers.inteligo.pl" />
+	<target host="igolokata.inteligo.pl" />
+	<target host="www.igolokata.inteligo.pl" />
+	<target host="junior.inteligo.pl" />
+	<target host="www.junior.inteligo.pl" />
+	<target host="kontakt.inteligo.pl" />
+	<target host="m.inteligo.pl" />
+	<target host="token.inteligo.pl" />
+
+	<rule from="^http://www\.developers\.inteligo\.pl/" to="https://developers.inteligo.pl/" />
+	<rule from="^http://(www\.)?igolokata\.inteligo\.pl/" to="https://inteligo.pl/" />
+	<rule from="^http://www\.junior\.inteligo\.pl/" to="https://junior.inteligo.pl/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Intelish.com.xml b/src/chrome/content/rules/Intelish.com.xml
new file mode 100644
index 000000000000..bf155f7ec167
--- /dev/null
+++ b/src/chrome/content/rules/Intelish.com.xml
@@ -0,0 +1,16 @@
+<!--
+	www.intelish.com doesn't exist.
+
+-->
+<ruleset name="Intelish.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="intelish.com" />
+	<target host="contact.intelish.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Intelli-direct.com.xml b/src/chrome/content/rules/Intelli-direct.com.xml
index 5cc667642c2f..f9b50200d82b 100644
--- a/src/chrome/content/rules/Intelli-direct.com.xml
+++ b/src/chrome/content/rules/Intelli-direct.com.xml
@@ -16,4 +16,4 @@
 	<rule from="^http://([\w-]+\.)?intelli-direct\.com/"
 		to="https://$1intelli-direct.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/IntelliResponse.com.xml b/src/chrome/content/rules/IntelliResponse.com.xml
new file mode 100644
index 000000000000..df319d0abb96
--- /dev/null
+++ b/src/chrome/content/rules/IntelliResponse.com.xml
@@ -0,0 +1,108 @@
+<!--
+	Chain issue, missing intermediate:
+		- ualberta.intelliresponse.com
+
+	Invalid certificate:
+		- intelliresponse.com, equivalent to www.247.ai
+		- www.intelliresponse.com, equivalent to www.247.ai
+-->
+
+<ruleset name="IntelliResponse.com">
+	<target host="intelliresponse.com" />
+	<target host="www.intelliresponse.com" />
+	<target host="aacargo.intelliresponse.com" />
+	<target host="advia.intelliresponse.com" />
+	<target host="ahc.intelliresponse.com" />
+	<target host="algonquin.intelliresponse.com" />
+	<target host="analytics1.intelliresponse.com" />
+	<target host="arc.intelliresponse.com" />
+	<target host="askiris.intelliresponse.com" />
+	<target host="bankatunion.intelliresponse.com" />
+	<target host="bcbsks.intelliresponse.com" />
+	<target host="bmo.intelliresponse.com" />
+	<target host="bmocm.intelliresponse.com" />
+	<target host="bnsask.intelliresponse.com" />
+	<target host="bofifederalbank.intelliresponse.com" />
+	<target host="broward.intelliresponse.com" />
+	<target host="cabrillo.intelliresponse.com" />
+	<target host="canyons.intelliresponse.com" />
+	<target host="cfcc.intelliresponse.com" />
+	<target host="choicehotels.intelliresponse.com" />
+	<target host="cibc.intelliresponse.com" />
+	<target host="cibcbrokerage.intelliresponse.com" />
+	<target host="cod.intelliresponse.com" />
+	<target host="compton.intelliresponse.com" />
+	<target host="conestogac.intelliresponse.com" />
+	<target host="cos.intelliresponse.com" />
+	<target host="csupomona.intelliresponse.com" />
+	<target host="deakin.intelliresponse.com" />
+	<target host="delmar.intelliresponse.com" />
+	<target host="deltacollege.intelliresponse.com" />
+	<target host="dollarbank.intelliresponse.com" />
+	<target host="elcamino.intelliresponse.com" />
+	<target host="epcor.intelliresponse.com" />
+	<target host="eversource.intelliresponse.com" />
+	<target host="experian.intelliresponse.com" />
+	<target host="fanshawec.intelliresponse.com" />
+	<target host="foothill.intelliresponse.com" />
+	<target host="frontrange.intelliresponse.com" />
+	<target host="fult.intelliresponse.com" />
+	<target host="gaston.intelliresponse.com" />
+	<target host="gatech.intelliresponse.com" />
+	<target host="genisyscu.intelliresponse.com" />
+	<target host="gwc.intelliresponse.com" />
+	<target host="harpercollege.intelliresponse.com" />
+	<target host="hcc.intelliresponse.com" />
+	<target host="hnb.intelliresponse.com" />
+	<target host="ipfw.intelliresponse.com" />
+	<target host="iu.intelliresponse.com" />
+	<target host="laguardia.intelliresponse.com" />
+	<target host="mccd.intelliresponse.com" />
+	<target host="mcmasteru.intelliresponse.com" />
+	<target host="mcneiluk.intelliresponse.com" />
+	<target host="missioncollege.intelliresponse.com" />
+	<target host="msu.intelliresponse.com" />
+	<target host="npc.intelliresponse.com" />
+	<target host="oakton.intelliresponse.com" />
+	<target host="optus.intelliresponse.com" />
+	<target host="optusadmin.intelliresponse.com" />
+	<target host="pcfinancial.intelliresponse.com" />
+	<target host="pgn.intelliresponse.com" />
+	<target host="rbc.intelliresponse.com" />
+	<target host="ryerson.intelliresponse.com" />
+	<target host="salesdemo.intelliresponse.com" />
+	<target host="sbcc.intelliresponse.com" />
+	<target host="sccnc.intelliresponse.com" />
+	<target host="sdmesa.intelliresponse.com" />
+	<target host="sears.intelliresponse.com" />
+	<target host="sheridaninstitute.intelliresponse.com" />
+	<target host="simplii.intelliresponse.com" />
+	<target host="smc.intelliresponse.com" />
+	<target host="stericycle.intelliresponse.com" />
+	<target host="tarion.intelliresponse.com" />
+	<target host="td.intelliresponse.com" />
+	<target host="tdbank.intelliresponse.com" />
+	<target host="tdinsurance.intelliresponse.com" />
+	<target host="tri-c.intelliresponse.com" />
+	<target host="tric.intelliresponse.com" />
+	<target host="triton.intelliresponse.com" />
+	<target host="ucsb.intelliresponse.com" />
+	<target host="umanitoba.intelliresponse.com" />
+	<target host="uoguelph.intelliresponse.com" />
+	<target host="usecu.intelliresponse.com" />
+	<target host="uvic.intelliresponse.com" />
+	<target host="uwm.intelliresponse.com" />
+	<target host="uwo.intelliresponse.com" />
+	<target host="vaillantgroup.intelliresponse.com" />
+	<target host="vodafoneqa.intelliresponse.com" />
+	<target host="voices1.intelliresponse.com" />
+	<target host="volaris.intelliresponse.com" />
+	<target host="wallacestate.intelliresponse.com" />
+	<target host="wvu.intelliresponse.com" />
+	<target host="yale.intelliresponse.com" />
+
+	<rule from="^http://(www\.)?intelliresponse\.com/"
+		to="https://www.247.ai/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Intelligence.org.xml b/src/chrome/content/rules/Intelligence.org.xml
new file mode 100644
index 000000000000..6beccb71620e
--- /dev/null
+++ b/src/chrome/content/rules/Intelligence.org.xml
@@ -0,0 +1,14 @@
+<!--
+	www: Cert only matches ^intelligence.org
+
+-->
+<ruleset name="Intelligence.org">
+
+	<target host="intelligence.org" />
+	<target host="www.intelligence.org" />
+
+
+	<rule from="^http://(?:www\.)?intelligence\.org/"
+		to="https://intelligence.org/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Intelliot.com.xml b/src/chrome/content/rules/Intelliot.com.xml
new file mode 100644
index 000000000000..67e87361b074
--- /dev/null
+++ b/src/chrome/content/rules/Intelliot.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="intelliot.com">
+
+	<target host="intelliot.com" />
+	<target host="www.intelliot.com" />
+
+
+	<securecookie host="^\.intelliot\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Intelliserver.net.xml b/src/chrome/content/rules/Intelliserver.net.xml
new file mode 100644
index 000000000000..80bafe09ad0c
--- /dev/null
+++ b/src/chrome/content/rules/Intelliserver.net.xml
@@ -0,0 +1,22 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://intelliserver.net/ => https://www.intelliserver.net/: (51, "SSL: no alternative certificate subject name matches target host name 'www.intelliserver.net'")
+Fetch error: http://www.intelliserver.net/ => https://www.intelliserver.net/: (51, "SSL: no alternative certificate subject name matches target host name 'www.intelliserver.net'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://intelliserver.net/ => https://www.intelliserver.net/: (51, "SSL: no alternative certificate subject name matches target host name 'www.intelliserver.net'")
+Fetch error: http://www.intelliserver.net/ => https://www.intelliserver.net/: (51, "SSL: no alternative certificate subject name matches target host name 'www.intelliserver.net'")
+	^: mismatched
+
+-->
+<ruleset name="intelliserver.net" default_off="failed ruleset test">
+
+	<target host="intelliserver.net" />
+	<target host="www.intelliserver.net" />
+
+
+	<rule from="^http://(?:www\.)?intelliserver\.net/"
+		to="https://www.intelliserver.net/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Intelliwebservices.com.xml b/src/chrome/content/rules/Intelliwebservices.com.xml
new file mode 100644
index 000000000000..e0b1c0fd6b20
--- /dev/null
+++ b/src/chrome/content/rules/Intelliwebservices.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="intelliwebservices.com">
+	<target host="merpic.intelliwebservices.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Intelliworks_Chat.com.xml b/src/chrome/content/rules/Intelliworks_Chat.com.xml
new file mode 100644
index 000000000000..8d379e3b6107
--- /dev/null
+++ b/src/chrome/content/rules/Intelliworks_Chat.com.xml
@@ -0,0 +1,20 @@
+<!--
+	Domains expired
+
+	Problematic subdomains:
+
+		- ^ ¹
+		- www.poll ²
+
+	¹ Mismatched, CN: *.askadmissions.net
+	² Mismatched, CN: liveleader.com
+
+-->
+<ruleset name="Intelliworks Chat.com" default_off="expired">
+
+	<target host="intelliworkschat.com" />
+	<target host="poll.intelliworkschat.com" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Intelrad.com.xml b/src/chrome/content/rules/Intelrad.com.xml
index 4c29c231818e..da69fe4ec099 100644
--- a/src/chrome/content/rules/Intelrad.com.xml
+++ b/src/chrome/content/rules/Intelrad.com.xml
@@ -1,13 +1,21 @@
-<ruleset name="Intelrad.com">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://intelrad.com/ => https://intelrad.com/: (7, 'Failed to connect to intelrad.com port 443: Connection refused')
+Fetch error: http://www.intelrad.com/ => https://www.intelrad.com/: (7, 'Failed to connect to www.intelrad.com port 443: Connection refused')
+
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://intelrad.com/ (200) => https://intelrad.com/ (400)
+-->
+<ruleset name="Intelrad.com" default_off="failed ruleset test">
 
 	<target host="intelrad.com" />
-	<target host="*.intelrad.com" />
+	<target host="www.intelrad.com" />
 
 
 	<securecookie host="^\.intelrad\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?intelrad\.com/"
-		to="https://$1intelrad.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Intense_School.xml b/src/chrome/content/rules/Intense_School.xml
index 450c0466ef1b..e8257fd9b43d 100644
--- a/src/chrome/content/rules/Intense_School.xml
+++ b/src/chrome/content/rules/Intense_School.xml
@@ -1,5 +1,17 @@
 <!--
-	Expired 26/02/13
+	Expired 2013-02-26
+
+
+	Mixed content:
+
+		- css, from:
+
+			- $self *
+			- fonts.googleapis.com *
+
+		- Images from $self *
+
+	* Secured by us
 
 -->
 <ruleset name="Intense School" default_off="expired">
@@ -8,7 +20,7 @@
 	<target host="www.intenseschool.com" />
 
 
-	<rule from="^https?://(?:www\.)?intenseschool\.com/"
+	<rule from="^http://(?:www\.)?intenseschool\.com/"
 		to="https://www.intenseschool.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/IntensityLab.com.xml b/src/chrome/content/rules/IntensityLab.com.xml
new file mode 100644
index 000000000000..458dc286c106
--- /dev/null
+++ b/src/chrome/content/rules/IntensityLab.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="IntensityLab.com">
+
+	<target host="intensitylab.com" />
+	<target host="www.intensitylab.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Intent-Media-mismatches.xml b/src/chrome/content/rules/Intent-Media-mismatches.xml
index 06698645cd84..064e28f9394b 100644
--- a/src/chrome/content/rules/Intent-Media-mismatches.xml
+++ b/src/chrome/content/rules/Intent-Media-mismatches.xml
@@ -1,21 +1,22 @@
 <!--	See Intent-Media.xml also
 -->
-<ruleset name="Intent Media (mismatches)" default_off="Certificate mismatch">
+<ruleset name="Intent Media (problematic)" default_off="expired, mismatched, self-signed">
 
 	<target host="audioprointernational.com" />
 	<target host="www.audioprointernational.com" />
-	<target host="develop100.com" />
-	<target host="www.develop100.com" />
 	<target host="licensing.biz" />
 	<target host="www.licensing.biz" />
+	<target host="mobile-ent.biz" />
+	<target host="www.mobile-ent.biz" />
 	<target host="mcvpacific.com" />
 	<target host="www.mcvpacific.com" />
 	<target host="mi-pro.co.uk" />
 	<target host="www.mi-pro.co.uk" />
-	<target host="toynews-online.biz" />
-	<target host="www.toynews-online.biz" />
 
-	<rule from="^http://(www\.)?(audioprointernational|develop100|licensing|mcvpacific|mi-pro|toynews-online)\.(biz|com|co\.uk)/"
-		to="https://www.$2.$3/" />
+	<rule from="^http://(audioprointernational|licensing|mcvpacific)\.(biz|com|co\.uk)/"
+		to="https://www.$1.$2/" />
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Intent-Media.xml b/src/chrome/content/rules/Intent-Media.xml
deleted file mode 100644
index d26971597bee..000000000000
--- a/src/chrome/content/rules/Intent-Media.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--	See Intent-Media-mismatches.xml also
--->
-<ruleset name="Intent Media (partial)" platform="mixedcontent">
-
-	<target host="bikebiz.com" />
-	<target host="www.bikebiz.com" />
-	<target host="develop-online.net" />
-	<target host="www.develop-online.net" />
-	<target host="intentmedia.co.uk" />
-	<target host="www.intentmedia.co.uk" />
-	<target host="mcvuk.com" />
-	<target host="www.mcvuk.com" />
-	<target host="mobile-ent.biz" />
-	<target host="www.mobile-ent.biz" />
-	<target host="pcr-online.biz" />
-	<target host="www.pcr-online.biz" />
-
-	<rule from="^http://(www\.)?(bikebiz|develop-online|intentmedia|mcvuk|mobile-ent|pcr-online)\.(biz|com|co\.uk|net)/"
-		to="https://www.$2.$3/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Intentmedia.xml b/src/chrome/content/rules/Intentmedia.xml
index bbdcf079f483..bc255a9b6ef7 100644
--- a/src/chrome/content/rules/Intentmedia.xml
+++ b/src/chrome/content/rules/Intentmedia.xml
@@ -2,7 +2,6 @@
 
 	<target host="a.intentmedia.net"/>
 
-	<rule from="^http://a\.intentmedia\.net/"
-		to="https://a.intentmedia.net/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Inter.net.xml b/src/chrome/content/rules/Inter.net.xml
index 76de74508861..b2e9431364a7 100644
--- a/src/chrome/content/rules/Inter.net.xml
+++ b/src/chrome/content/rules/Inter.net.xml
@@ -1,5 +1,9 @@
+
 <!--
-	www.br.inter.net , owa.br.inter.net , mail.br.inter.net , autodiscover.br.inter.net , br.inter.net 
+Disabled by https-everywhere-checker because:
+Fetch error: http://br.inter.net/ => https://br.inter.net/: (60, 'SSL certificate problem: certificate has expired')
+
+	www.br.inter.net , owa.br.inter.net , mail.br.inter.net , autodiscover.br.inter.net , br.inter.net
 
 
 	Nonfunctional domains:
@@ -17,23 +21,23 @@
 		- www.intersite.mobi		(cert: www.br.inter.net; redirects to www.br.inter.net/inicio)
 
 -->
-<ruleset name="Inter.net (partial)" platform="mixedcontent">
+<ruleset name="Inter.net (partial)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="br.inter.net" />
-	<target host="*.br.inter.net" />
+	<target host="www.br.inter.net" />
+	<target host="central.br.inter.net" />
 	<target host="hosting.de.inter.net" />
 
 
-	<securecookie host="^www\.br\.inter\.net$" name=".*" />
+	<securecookie host="^www\.br\.inter\.net$" name=".+" />
 
 
-	<rule from="^http://((?:www\.)?br|hosting\.de)\.inter\.net/"
-		to="https://$1.inter.net/" />
 
 	<!--	- Cert: www.br.inter.net
 		- Shows www.br's data over https
 		- Redirects like so over http
 				-->
-	<rule from="^https?://central\.br\.inter\.net/"
+	<rule from="^http://central\.br\.inter\.net/"
 		to="https://www.br.inter.net/central-assinante" />
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/InterContinental_Hotels_Group.xml b/src/chrome/content/rules/InterContinental_Hotels_Group.xml
index 3ebc7e3b3256..73d5afde2ebf 100644
--- a/src/chrome/content/rules/InterContinental_Hotels_Group.xml
+++ b/src/chrome/content/rules/InterContinental_Hotels_Group.xml
@@ -1,18 +1,90 @@
-<ruleset name="InterContinental Hotels Group">
-    <target host="ihg.com" />
-    <target host="www.ihg.com" />
-    <target host="ihgagent.com" />
-    <target host="www.ihgagent.com" />
-
-    <securecookie host="^(.*\.)?ihg\.com$" name=".+" />
-
-    <rule from="^https?://ihg\.com/"
-        to="https://www.ihg.com/" />
-    <rule from="^http://([^/:@]+)?\.ihg\.com/"
-        to="https://$1.ihg.com/" />
-
-    <rule from="^https?://ihgagent\.com/"
-        to="https://www.ihgagent.com/" />
-    <rule from="^http://([^/:@]+)?\.ihgagent\.com/"
-        to="https://$1.ihgagent.com/" />
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://ihg.com/ (200) => https://www.ihg.com/ (403)
+
+	For other InterContinental Hotels Group PLC coverage, see IHG_PLC.com.xml.
+
+
+	CDN buckets:
+
+		- development.ihg.com.edgesuite.net.globalredir.akadns.net
+		- contact.ihg.com.edgesuite.net
+		- qa.contact.ihg.com.edgesuite.net
+
+
+	Nonfunctional domains:
+
+		- development.ihg.com *
+
+	* 503, akamai
+
+
+	Problematic domains:
+
+		- contact.ihg.com *
+		- qa.contact.ihg.com *
+
+	* Works, akamai
+
+
+	Fully covered domains:
+
+		- ihg.com		(^ → www)
+
+		- (?!contact.|qa.contact.|development.).+.ihg.com:
+
+			- qap.secure.contact
+			- guestapi
+			- beta.guestapi
+			- prodcache.internal
+			- servicecenter.loyalty
+			- servicecenter-int.loyalty
+			- servicecenter-proj.loyalty
+			- servicecenter-qa.loyalty
+			- m
+			- beta.m
+			- m.secure
+			- beta.m.secure
+
+
+	These altnames don't exist:
+
+		- aci-qap.secure.contact.ihg.com
+
+-->
+<ruleset name="InterContinental Hotels Group" default_off="failed ruleset test">
+
+	<target host="ihg.com" />
+	<target host="*.ihg.com" />
+		<exclusion pattern="^http://(?:contact|qa\.contact|development)\.ihg\.com/" />
+	<target host="ihgagent.com" />
+	<target host="www.ihgagent.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.ihg\.com$" name="^(TLTSID|TLTUID|X-IHG-LOC|X-IHG-SRV|X-IHG-TrueClient_IP|searchRequest)" /-->
+	<!--securecookie host="^(contact|qa\.contact|qap\.secure\.contact|servicecenter-qa\.loyalty|m|beta\.m)\.ihg\.com$" name="^BlueStripe\.PVN$" /-->
+	<!--securecookie host="^\.contact\.ihg\.com$" name="^(ISESSIONID|datacenternode|servernode)$" /-->
+	<!--securecookie host="^qa\.contact\.ihg\.com$" name="^ADRUM_BT$" /-->
+	<!--securecookie host="^servicecenter-qa\.loyalty\.ihg\.com$" name="^BIGipServerservicecenter-qa-pool$" /-->
+	<!--securecookie host="^www\.ihg\.com$" name="^(ADRUM_BT|JSESSIONID|country_language|dp|hotelicopterCookie|ibean" /-->
+	<!--securecookie host="^\.www\.ihg\.com$" name="^(BlueStripe\.PVN|X-IHG-SRV|datacenternode|recentlyViewed)$" /-->
+
+	<securecookie host="^(?:.*\.)?ihg\.com$" name=".+" />
+
+
+	<rule from="^http://ihg\.com/"
+		to="https://www.ihg.com/" />
+
+	<rule from="^http://([^/:@]+)?\.ihg\.com/"
+		to="https://$1.ihg.com/" />
+
+	<rule from="^http://ihgagent\.com/"
+		to="https://www.ihgagent.com/" />
+
+	<rule from="^http://([^/:@]+)?\.ihgagent\.com/"
+		to="https://$1.ihgagent.com/" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/InterNetworX.xml b/src/chrome/content/rules/InterNetworX.xml
index 82631ad6ef7e..7b8032544df5 100644
--- a/src/chrome/content/rules/InterNetworX.xml
+++ b/src/chrome/content/rules/InterNetworX.xml
@@ -1,18 +1,18 @@
 <ruleset name="InterNetworX">
-  <target host="*.inwx.at" />
+  <target host="www.inwx.at" />
   <target host="inwx.at" />
-  <target host="*.inwx.ch" />
+  <target host="www.inwx.ch" />
   <target host="inwx.ch" />
-  <target host="*.inwx.com" />
+  <target host="www.inwx.com" />
   <target host="inwx.com" />
-  <target host="*.inwx.de" />
+  <target host="www.inwx.de" />
   <target host="inwx.de" />
-  <target host="*.inwx.es" />
+  <target host="www.inwx.es" />
   <target host="inwx.es" />
-  <target host="*.inwx.net" />
+  <target host="www.inwx.net" />
   <target host="inwx.net" />
 
-  <securecookie host="^(.*\.)?inwx\.(?:at|ch|com|de|es|net)$" name=".*" />
+  <securecookie host=".+" name=".+"/>
 
   <rule from="^http://(?:www\.)?inwx\.(at|ch|de|es)/" to="https://www.inwx.$1/" />
   <rule from="^http://(?:www\.)?inwx\.(?:com|net)/" to="https://www.inwx.com/" />
diff --git a/src/chrome/content/rules/InterQ.or.jp.xml b/src/chrome/content/rules/InterQ.or.jp.xml
new file mode 100644
index 000000000000..b6f9840a12f8
--- /dev/null
+++ b/src/chrome/content/rules/InterQ.or.jp.xml
@@ -0,0 +1,28 @@
+<!--
+	For other GMO coverage, see GMO_Internet.xml.
+
+
+	^interq.or.jp doesn't exist:
+
+
+	Nonfunctional subdomains:
+
+		- members *
+		- www *
+
+	* Refused
+
+-->
+<ruleset name="InterQ.or.jp (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="secure.interq.or.jp" />
+
+		<!--exclusion pattern="http://(members|www)\.interq\.or\.jp/" /-->
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/InterWorx.xml b/src/chrome/content/rules/InterWorx.xml
index 6137d57c8a25..efa33fbf0a4f 100644
--- a/src/chrome/content/rules/InterWorx.xml
+++ b/src/chrome/content/rules/InterWorx.xml
@@ -1,15 +1,24 @@
-<ruleset name="InterWorx (partial)">
 
-	<target host="interworx.com"/>
-	<target host="*.interworx.com"/>
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://interworx.com/ => https://interworx.com/: Too many redirects while fetching 'https://interworx.com/'
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://interworx.com/ => https://interworx.com/: Cycle detected - URL already encountered: https://www.interworx.com/
+-->
+<ruleset name="InterWorx (partial)" default_off="failed ruleset test">
+
+	<target host="interworx.com" />
+	<target host="my.interworx.com" />
+	<target host="support.interworx.com" />
+	<target host="www.interworx.com" />
 
 	<!--	encountered cookies:
 			- ^\.
 			- ^my
 			- ^support	-->
-	<securecookie host="^(my|support)?\.interworx\.com$" name=".*"/>
+	<securecookie host="^(?:my|support)?\.interworx\.com$" name=".+" />
 
-	<rule from="^http://((my|support|www)\.)?interworx\.com/"
-		to="https://$1interworx.com/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Interac.ca.xml b/src/chrome/content/rules/Interac.ca.xml
new file mode 100644
index 000000000000..6f8d69a750e7
--- /dev/null
+++ b/src/chrome/content/rules/Interac.ca.xml
@@ -0,0 +1,19 @@
+<!--
+	Mixed content:
+
+		- iframe from www.youtube.com *
+
+		- Images from www.google.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Interac.ca">
+
+	<target host="interac.ca" />
+	<target host="www.interac.ca" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Interac_PoS_Centre.ca.xml b/src/chrome/content/rules/Interac_PoS_Centre.ca.xml
new file mode 100644
index 000000000000..c01f8d41448a
--- /dev/null
+++ b/src/chrome/content/rules/Interac_PoS_Centre.ca.xml
@@ -0,0 +1,12 @@
+<!--
+	www doesn't exist
+
+-->
+<ruleset name="Interac PoS Centre.ca">
+
+	<target host="interacposcentre.ca" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Interactive-Advertising-Bureau.xml b/src/chrome/content/rules/Interactive-Advertising-Bureau.xml
index 3001aff3828d..3fa9e2b66320 100644
--- a/src/chrome/content/rules/Interactive-Advertising-Bureau.xml
+++ b/src/chrome/content/rules/Interactive-Advertising-Bureau.xml
@@ -1,13 +1,28 @@
-<ruleset name="Interactive Advertising Bureau" platform="mixedcontent">
+<!--
+	Interactive Advertising Bureau
 
+
+	Insecure cookies are set for these domains:
+
+		- .iab.net
+
+-->
+<ruleset name="IAB.net" platform="mixedcontent">
+
+	<!--	Direct rewrites:
+				-->
 	<target host="iab.net" />
-	<target host="*.iab.net" />
+	<target host="www.iab.net" />
+
 
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.iab\.net$" name="^(__cfduid|cf_clearance)$" /-->
 
-	<securecookie host="^(?:www)?\.iab\.net$" name=".*" />
+	<securecookie host="^(?:www)?\.iab\.net$" name=".+" />
 
 
-	<rule from="^http://(www\.)?iab\.net/"
-		to="https://$1iab.net/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Interactive-Marketing-Solutions.xml b/src/chrome/content/rules/Interactive-Marketing-Solutions.xml
index e272024ed188..450a5b1ad227 100644
--- a/src/chrome/content/rules/Interactive-Marketing-Solutions.xml
+++ b/src/chrome/content/rules/Interactive-Marketing-Solutions.xml
@@ -2,5 +2,5 @@
 	<target host="ims-dm.com" />
 	<target host="www.ims-dm.com" />
 
-	<rule from="^(http://(www\.)?|https://)ims-dm\.com/" to="https://www.ims-dm.com/" />
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Interactive-Media-Awards.xml b/src/chrome/content/rules/Interactive-Media-Awards.xml
index 787757c6b176..3c2906001bbd 100644
--- a/src/chrome/content/rules/Interactive-Media-Awards.xml
+++ b/src/chrome/content/rules/Interactive-Media-Awards.xml
@@ -3,9 +3,8 @@
 	<target host="interactivemediaawards.com"/>
 	<target host="www.interactivemediaawards.com"/>
 
-	<rule from="^http://(www\.)?interactivemediaawards\.com/"
-		to="https://www.interactivemediaawards.com/"/>
+	<rule from="^http:" to="https:" />
 
-	<securecookie host="^www\.interactivemediaawards\.com$" name=".*"/>
+	<securecookie host="^www\.interactivemediaawards\.com$" name=".+" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Interactive-Media-in-Retail-Group.xml b/src/chrome/content/rules/Interactive-Media-in-Retail-Group.xml
index 8f54c2334910..7722115ab415 100644
--- a/src/chrome/content/rules/Interactive-Media-in-Retail-Group.xml
+++ b/src/chrome/content/rules/Interactive-Media-in-Retail-Group.xml
@@ -2,17 +2,19 @@
 	Nonfunctional subdomains:
 
 		- (www.)	(cert: isisaccreditation.imrg.org; shows that domain's data)
+		- isisaccreditation ²
+
+	² Handshake fails
 
 -->
-<ruleset name="Interactive Media in Retail Group (partial)">
+<ruleset name="Interactive Media in Retail Group (partial)" default_off="handshake failure">
 
 	<target host="isisaccreditation.imrg.org" />
 
 
-	<securecookie host="^isisaccreditation\.imrg\.org$" name=".*" />
+	<securecookie host="^isisaccreditation\.imrg\.org$" name=".+" />
 
 
-	<rule from="^http://isisaccreditation\.imrg\.org/"
-		to="https://isisaccreditation.imrg.org/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Interactive_Data_Corporation.xml b/src/chrome/content/rules/Interactive_Data_Corporation.xml
index 10fd5509dc2f..f9c162a4c2f5 100644
--- a/src/chrome/content/rules/Interactive_Data_Corporation.xml
+++ b/src/chrome/content/rules/Interactive_Data_Corporation.xml
@@ -8,7 +8,11 @@
 <ruleset name="Interactive Data Corporation (partial)">
 
 	<target host="chartbigchart.gtm.idmanagedsolutions.com" />
-	<target host="*.interactivedata.com" />
+	<target host="fundrun.interactivedata.com" />
+	<target host="pool.interactivedata.com" />
+	<target host="services.interactivedata.com" />
+	<target host="vantage.interactivedata.com" />
+	<target host="go.interactivedata.com" />
 
 
 	<securecookie host="^(?:services|vantage)\.interactivedata\.com$" name=".+" />
@@ -20,7 +24,7 @@
 	<rule from="^http://(fundrun|pool|services|vantage)\.interactivedata\.com/"
 		to="https://$1.interactivedata.com/" />
 
-	<rule from="^https?://go\.interactivedata\.com/(cs|image|r)s/"
+	<rule from="^http://go\.interactivedata\.com/(cs|image|r)s/"
 		to="https://na-o.marketo.com/$1s/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Interactive_Online.xml b/src/chrome/content/rules/Interactive_Online.xml
index e1cd2edf20bf..4f2053d7964f 100644
--- a/src/chrome/content/rules/Interactive_Online.xml
+++ b/src/chrome/content/rules/Interactive_Online.xml
@@ -1,4 +1,7 @@
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://interactiveonline.com/ => https://interactiveonline.com/: Cycle detected - URL already encountered: https://interactiveonline.com/
+Fetch error: http://www.interactiveonline.com/ => https://interactiveonline.com/: Cycle detected - URL already encountered: https://interactiveonline.com/
 	Problematic domains:
 
 		- www.interactiveonline.com	(cert only matches ^)
@@ -8,7 +11,11 @@
 
 	<target host="interactiveonline.com" />
 	<target host="www.interactiveonline.com" />
-	<target host="*.primary001.net" />
+	<target host="cpanel8.primary001.net" />
+	<target host="cpanel9.primary001.net" />
+	<target host="cpanel10.primary001.net" />
+	<target host="cpanel11.primary001.net" />
+	<target host="cpanel12.primary001.net" />
 
 
 	<securecookie host="^interactiveonline\.com$" name=".+" />
@@ -17,7 +24,6 @@
 	<rule from="^http://(?:www\.)?interactiveonline\.com/"
 		to="https://interactiveonline.com/" />
 
-	<rule from="^http://cpanel(8|9|1[012])\.primary001\.net/"
-		to="https://cpanel$1.primary001.net/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Interbix.net.xml b/src/chrome/content/rules/Interbix.net.xml
new file mode 100644
index 000000000000..08975b16fa3f
--- /dev/null
+++ b/src/chrome/content/rules/Interbix.net.xml
@@ -0,0 +1,23 @@
+<!--
+	Connection closed:
+		- board
+		- calendar
+		- mail
+-->
+<ruleset name="Interbix.net">
+	<target host="interbix.net" />
+	<target host="www.interbix.net" />
+	<target host="archive.interbix.net" />
+	<target host="cloud.interbix.net" />
+	<target host="doclib.interbix.net" />
+	<target host="download.interbix.net" />
+	<target host="file.interbix.net" />
+	<target host="investor.interbix.net" />
+	<target host="mlogin.interbix.net" />
+	<target host="press.interbix.net" />
+	<target host="secure.interbix.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Interclick.xml b/src/chrome/content/rules/Interclick.xml
deleted file mode 100644
index d8c8790c93e7..000000000000
--- a/src/chrome/content/rules/Interclick.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	Fully covered subdomains:
-
-		- idcs
-
--->
-<ruleset name="Interclick">
-
-	<target host="*.interclick.com"/>
-		<exclusion pattern="^http://(blog|ir|www)\."/>
-		<exclusion pattern="^http://portal.interclick.com/$"/>
-
-	<securecookie host="^.*\.interclick\.com$" name=".*"/>
-
-	<rule from="^http://(\w+)\.interclick\.com/"
-		to="https://$1.interclick.com/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Intercom.io.xml b/src/chrome/content/rules/Intercom.io.xml
deleted file mode 100644
index f7c6de86fdb1..000000000000
--- a/src/chrome/content/rules/Intercom.io.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!-- This rule was automatically generated based on an HSTS
-     preload rule in the Chromium browser.  See
-     https://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.h
-     for the list of preloads.  Sites are added to the Chromium HSTS
-     preload list on request from their administrators, so HTTPS should
-     work properly everywhere on this site.
-
-     Because Chromium and derived browsers automatically force HTTPS for
-     every access to this site, this rule applies only to Firefox. -->
-<ruleset name="Intercom.io" platform="firefox">
-<target host="intercom.io" />
-<target host="api.intercom.io" />
-<target host="www.intercom.io" />
-
-<securecookie host="^intercom\.io$" name=".+" />
-<securecookie host="^api\.intercom\.io$" name=".+" />
-<securecookie host="^www\.intercom\.io$" name=".+" />
-
-<rule from="^http://intercom\.io/" to="https://intercom.io/" />
-<rule from="^http://api\.intercom\.io/" to="https://api.intercom.io/" />
-<rule from="^http://www\.intercom\.io/" to="https://www.intercom.io/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Intercom_CDN.com.xml b/src/chrome/content/rules/Intercom_CDN.com.xml
new file mode 100644
index 000000000000..7bc7d8a276b8
--- /dev/null
+++ b/src/chrome/content/rules/Intercom_CDN.com.xml
@@ -0,0 +1,23 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .intercomcdn.com
+
+-->
+<ruleset name="Intercom CDN.com">
+
+	<target host="js.intercomcdn.com" />
+	<target host="static.intercomcdn.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.intercomcdn\.com$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.intercomcdn\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Interface-Ecology-Lab.xml b/src/chrome/content/rules/Interface-Ecology-Lab.xml
deleted file mode 100644
index 88e7ec415689..000000000000
--- a/src/chrome/content/rules/Interface-Ecology-Lab.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	Part of Texas A&M University, which doesn't have a ruleset.
-
--->
-<ruleset name="Interface Ecology Lab" default_off="mismatch">
-
-	<!--	Cert: *.cse.tamu.edu	-->
-	<target host="ecologylab.net" />
-	<target host="www.ecologylab.net" />
-
-
-	<rule from="^https?://(?:www\.)?ecologylab\.net/"
-		to="https://ecologylab.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Interference.cc.xml b/src/chrome/content/rules/Interference.cc.xml
new file mode 100644
index 000000000000..05c24da7a998
--- /dev/null
+++ b/src/chrome/content/rules/Interference.cc.xml
@@ -0,0 +1,13 @@
+<!--
+	NB: politically sensitive => backport?
+
+-->
+<ruleset name="Interference.cc">
+
+	<target host="interference.cc" />
+	<target host="www.interference.cc" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Intergi.xml b/src/chrome/content/rules/Intergi.xml
index d05534e47a9f..614b585fa5e0 100644
--- a/src/chrome/content/rules/Intergi.xml
+++ b/src/chrome/content/rules/Intergi.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://app.intergi.com/ => https://app.intergi.com/: (28, 'Connection timed out after 20001 milliseconds')
+
 	Other Intergi rulesets:
 
 		- Playwire.xml
@@ -16,6 +20,7 @@
 
 		- (www.)gamezone.com *
 		- next.gamezone.com
+		- www.ads.intergi.com	(Shows  www.intergi.com)
 		- (www.)intergi.com	(redirects to http, mismatched, CN: app.intergi.com)
 
 	* Handshake fails
@@ -24,23 +29,36 @@
 	Problematic domains:
 
 		- download.gamezone.com *
-		- cdn.intergi.com *
+		- cdn.intergi.com ²
 
 	* Mismatched, CN: edgecastcdn.net
+	² Dropped
+
+
+	Insecure cookies are set for these domains:
+
+		- .intergi.com
 
 -->
-<ruleset name="Intergi (partial)">
+<ruleset name="Intergi.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ads.intergi.com" />
+	<target host="app.intergi.com" />
 
-	<target host="*.intergi.com" />
 
+	<!--	Not secured by server:
 
-	<!--	Set by ads:
+		(CfP: Set by ads)
 				-->
+	<!--securecookie host="^\.intergi\.com$" name="^CfP$" /-->
+
 	<securecookie host="^\.intergi\.com$" name="^CfP$" />
 	<securecookie host="^app\.intergi\.com$" name=".+" />
 
 
-	<rule from="^http://a(ds|pp)\.intergi\.com/"
-		to="https://a$1.intergi.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Interhome.ch.xml b/src/chrome/content/rules/Interhome.ch.xml
new file mode 100644
index 000000000000..c204b1b3a95c
--- /dev/null
+++ b/src/chrome/content/rules/Interhome.ch.xml
@@ -0,0 +1,18 @@
+<!--
+	For other Migros coverage, see Migros.xml.
+
+	Mismatch:
+		- ^interhome.ch
+
+	Refused:
+		- blog.interhome.ch
+-->
+<ruleset name="Interhome.ch">
+	<target host="interhome.ch" />
+	<target host="www.interhome.ch" />
+
+
+	<rule from="^http://interhome\.ch/"
+		to="https://www.interhome.ch/"/>
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Interhyp.de.xml b/src/chrome/content/rules/Interhyp.de.xml
new file mode 100644
index 000000000000..00bda86e172a
--- /dev/null
+++ b/src/chrome/content/rules/Interhyp.de.xml
@@ -0,0 +1,13 @@
+<!--
+	^: cert only matches www
+
+-->
+<ruleset name="Interhyp.de">
+
+	<target host="interhyp.de" />
+	<target host="www.interhyp.de" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Interia.pl.xml b/src/chrome/content/rules/Interia.pl.xml
new file mode 100644
index 000000000000..9931d2994204
--- /dev/null
+++ b/src/chrome/content/rules/Interia.pl.xml
@@ -0,0 +1,43 @@
+<!--
+	*.interia.pl domains redirect to plain and/or have chain issues
+-->
+<ruleset name="Grupa Interia.pl (partial)" >
+
+	<target host="d.iplsc.com" />
+	<target host="i.iplsc.com" />
+	<target host="iwa.iplsc.com" />
+	<target host="js.iplsc.com" />
+	<target host="p.iplsc.com" />
+	<target host="player.iplsc.com" />
+	<target host="s.iplsc.com" />
+	<target host="sgi.iplsc.com" />
+	<target host="sgi1.iplsc.com" />
+	<target host="sgi2.iplsc.com" />
+	<target host="sgi3.iplsc.com" />
+	<target host="sgi4.iplsc.com" />
+	<target host="sgs.iplsc.com" />
+	<target host="staticbryk.iplsc.com" />
+	<target host="staticshoperia.iplsc.com" />
+	<target host="statictipy.iplsc.com" />
+	<target host="stipy.iplsc.com" />
+	<target host="t.iplsc.com" />
+	<target host="v-nocdn.iplsc.com" />
+	<target host="v.iplsc.com" />
+	<target host="w.iplsc.com" />
+
+	<rule from="^http:"	to="https:" />
+
+	<test url="http://d.iplsc.com/ebi/11/13/108389/Skonsolidowany-Raport-BG_IIIQ2017.pdf" />
+	<test url="http://d.iplsc.com/ebi/39362/Raport_3Q2012_Median_Polska_SA.pdf" />
+
+	<test url="http://p.iplsc.com/-/0003PMUNLIRELTEG.pdf" />
+	<test url="http://p.iplsc.com/-/0004667W27TKE809.pdf" />
+	<test url="http://p.iplsc.com/-/0005VZ13KY5TP26R.pdf" />
+
+	<test url="http://player.iplsc.com/embedPlayer.swf" />
+	<test url="http://player.iplsc.com/embedvideoplayer.swf" />
+
+	<test url="http://staticbryk.iplsc.com/bryk_prod_sitemap/sitemap3.xml" />
+	<test url="http://staticbryk.iplsc.com/bryk_prod_sitemap/sitemap4.xml" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Interior-Savings-Credit-Union.xml b/src/chrome/content/rules/Interior-Savings-Credit-Union.xml
new file mode 100644
index 000000000000..63fd0605d7dc
--- /dev/null
+++ b/src/chrome/content/rules/Interior-Savings-Credit-Union.xml
@@ -0,0 +1,28 @@
+<!--
+	Invalid certificates:
+		- beremarkable.interiorsavings.com
+		- dev.myinteriorsavings.com
+		- insurance.myinteriorsavings.com
+		- beremarkable.myinteriorsavings.com
+		- www.beremarkable.myinteriorsavings.com
+		- myinteriorsavings.com
+		- www.myinteriorsavings.com
+-->
+<ruleset name="Interior Savings Credit Union">
+	<target host="interiorsavings.com" />
+	<target host="www.interiorsavings.com" />
+
+	<target host="community.myinteriorsavings.com" />
+		<test url="http://community.myinteriorsavings.com/community/" />
+	<target host="feedback.myinteriorsavings.com" />
+	<target host="forms.myinteriorsavings.com" />
+		<test url="http://forms.myinteriorsavings.com/community/application-selector" />
+	<target host="mdws.interiorsavings.com" />
+	<target host="mailer.myinteriorsavings.com" />
+	<target host="promotion.myinteriorsavings.com" />
+
+	<securecookie host="^(www\.)?interiorsavings\.com$" name=".+" />
+	<securecookie host="^(community\.|feedback\.|forms\.|mdws\.|mailer\.|promotion\.)?myinteriorsavings\.com$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Interkassa.xml b/src/chrome/content/rules/Interkassa.xml
index 1f324d38d9c0..ec90485c906b 100644
--- a/src/chrome/content/rules/Interkassa.xml
+++ b/src/chrome/content/rules/Interkassa.xml
@@ -1,13 +1,17 @@
-<ruleset name="Interkassa">
+<ruleset name="Interkassa.com">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="interkassa.com" />
-	<target host="*.interkassa.com" />
+	<target host="new.interkassa.com" />
+	<target host="shop.interkassa.com" />
+	<target host="www.interkassa.com" />
 
 
-	<securecookie host="^(?:.+\.)?interkassa\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(shop\.|www\.)?interkassa\.com/"
-		to="https://$1interkassa.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Interlan.se.xml b/src/chrome/content/rules/Interlan.se.xml
new file mode 100644
index 000000000000..b87d0d20b7d8
--- /dev/null
+++ b/src/chrome/content/rules/Interlan.se.xml
@@ -0,0 +1,18 @@
+<!--
+	Mixed content:
+
+		- Images on www from www2 *
+
+	* Secured by us
+
+-->
+<ruleset name="Interlan.se">
+
+	<target host="interlan.se" />
+	<target host="www.interlan.se" />
+	<target host="www2.interlan.se" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Intermundo_Media.com.xml b/src/chrome/content/rules/Intermundo_Media.com.xml
index 57d3b5547de4..948378bd0314 100644
--- a/src/chrome/content/rules/Intermundo_Media.com.xml
+++ b/src/chrome/content/rules/Intermundo_Media.com.xml
@@ -1,17 +1,29 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://intermundomedia.com/ => https://intermundomedia.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://media.intermundomedia.com/ => https://media.intermundomedia.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.intermundomedia.com/ => https://www.intermundomedia.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+-->
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://intermundomedia.com/ => https://intermundomedia.com/: (51, "SSL: no alternative certificate subject name matches target host name 'intermundomedia.com'")
+
 	Fully covered subdomains:
 
 		- (www.)
 		- media
 
 -->
-<ruleset name="Intermundo Media.com">
+<ruleset name="Intermundo Media.com" default_off="failed ruleset test">
 
 	<target host="intermundomedia.com" />
-	<target host="*.intermundomedia.com" />
+	<target host="media.intermundomedia.com" />
+	<target host="www.intermundomedia.com" />
 
 
-	<rule from="^http://(media\.|www\.)?intermundomedia\.com/"
-		to="https://$1intermundomedia.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Internap.xml b/src/chrome/content/rules/Internap.xml
index 89c7193806a2..b7519db156c3 100644
--- a/src/chrome/content/rules/Internap.xml
+++ b/src/chrome/content/rules/Internap.xml
@@ -1,15 +1,30 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://sslcdce.internapcdn.net/ (200) => https://sslcdce.internapcdn.net/ (404)
+
+Automatically by https-everywhere-checker because:
+Non-2xx HTTP code: http://sslcdce.internapcdn.net/ (200) => https://sslcdce.internapcdn.net/ (403)
+
+
+	Other Internap rulesets:
+
+		- IWeb.com.xml
+
+
 	Fully covered domains:
 
 		- (www.)internap.com
 
 -->
-<ruleset name="Internap Network Services (partial)">
+<ruleset name="Internap Network Services (partial)" default_off="failed ruleset test">
 
 	<target host="http.cdnlayer.com" />
 	<target host="www.internap.co.jp" />
 	<target host="internap.com" />
-	<target host="*.internap.com" />
+	<target host="customers.internap.com" />
+	<target host="www.internap.com" />
+	<target host="promo.internap.com" />
 	<target host="sslcdce.internapcdn.net"/>
 
 
diff --git a/src/chrome/content/rules/International-Association-for-Cryptologic-Research.xml b/src/chrome/content/rules/International-Association-for-Cryptologic-Research.xml
index f7280e008021..271e16b6be39 100644
--- a/src/chrome/content/rules/International-Association-for-Cryptologic-Research.xml
+++ b/src/chrome/content/rules/International-Association-for-Cryptologic-Research.xml
@@ -1,18 +1,27 @@
-<ruleset name="International Association for Cryptologic Research">
+<!--
+	International Association for Cryptologic Research
+
+
+	^iacr.org: 404, valid cert
+
+-->
+<ruleset name="IACR.org">
 
 	<target host="iacr.org" />
 	<target host="*.iacr.org" />
 
+		<test url="http://eprint.iacr.org/" />
+		<test url="http://secure.iacr.org/" />
+		<test url="http://www.iacr.org/" />
+
 
-	<securecookie host="^eprint\.iacr\.org$" name=".+" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<!--	Cert only matches www.
-					-->
-	<rule from="^https?://(?:www\.)?iacr\.org/"
+	<rule from="^http://iacr\.org/"
 		to="https://www.iacr.org/" />
 
-	<rule from="^http://eprint\.iacr\.org/"
-		to="https://eprint.iacr.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/International-Business-Times.xml b/src/chrome/content/rules/International-Business-Times.xml
index 7a921530a529..41f60bb507d3 100644
--- a/src/chrome/content/rules/International-Business-Times.xml
+++ b/src/chrome/content/rules/International-Business-Times.xml
@@ -1,4 +1,9 @@
 <!--
+	Other IBTimes rulesets:
+
+		- IBTimes.co.uk.xml
+
+
 	CDN buckets:
 
 		- wac.7AA0.edgecastcdn.net/...
@@ -20,13 +25,14 @@
 -->
 <ruleset name="International Business Times (partial)">
 
-	<target host="*.ibtimes.com" />
+	<target host="markets.ibtimes.com" />
+	<target host="ssl.ibtimes.com" />
 
 
-	<rule from="^https?://markets\.ibtimes\.com/$"
+	<rule from="^http://markets\.ibtimes\.com/$"
 		to="https://studio-5.financialcontent.com/ibtimes" />
 
-	<rule from="^https?://markets\.ibtimes\.com/"
+	<rule from="^http://markets\.ibtimes\.com/"
 		to="https://studio-5.financialcontent.com/" />
 
 	<rule from="^http://ssl\.ibtimes\.com/"
diff --git a/src/chrome/content/rules/International-Components-for-Unicode.xml b/src/chrome/content/rules/International-Components-for-Unicode.xml
deleted file mode 100644
index cd83c624a3af..000000000000
--- a/src/chrome/content/rules/International-Components-for-Unicode.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- site		(times out)
-		- userguide	(ditto)
-
--->
-<ruleset name="International Components for Unicode (partial)">
-
-	<target host="icu-project.org" />
-	<target host="*.icu-project.org" />
-		<!--	Redirect to //site.	-->
-		<exclusion pattern="^http://((apps|bugs|demo|source|www)\.)?icu-project\.org/$" />
-
-
-	<securecookie host="^ssl\.icu-project\.org$" name=".*" />
-
-
-	<rule from="^https?://(?:(?:apps|bugs|demo|source|ssl|www)\.)?icu-project\.org/"
-		to="https://ssl.icu-project.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/International-Finance-Corporation-mismatches.xml b/src/chrome/content/rules/International-Finance-Corporation-mismatches.xml
index 29bcffde3089..f50d7534e3b2 100644
--- a/src/chrome/content/rules/International-Finance-Corporation-mismatches.xml
+++ b/src/chrome/content/rules/International-Finance-Corporation-mismatches.xml
@@ -6,7 +6,7 @@
 	<target host="www.ifc.org"/>
 	<target host="www1.ifc.org"/>
 
-	<securecookie host="^(ifcext|www1)\.ifc\.org$" name=".*"/>
+	<securecookie host="^(?:ifcext|www1)\.ifc\.org$" name=".+" />
 
 	<rule from="^http://ifcext\.ifc\.org/"
 		to="https://ifcext.ifc.org/"/>
diff --git a/src/chrome/content/rules/International-Finance-Corporation.xml b/src/chrome/content/rules/International-Finance-Corporation.xml
index bd153bf7d66c..9ab7ef6afee3 100644
--- a/src/chrome/content/rules/International-Finance-Corporation.xml
+++ b/src/chrome/content/rules/International-Finance-Corporation.xml
@@ -1,4 +1,17 @@
-<!--	!functional:
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://gefpmis.org/ => https://gefpmis.org/: (56, 'SSL read: error:00000000:lib(0):func(0):reason(0), errno 104')
+Fetch error: http://smartlessons.ifc.org/ => https://smartlessons.ifc.org/: (51, "SSL: no alternative certificate subject name matches target host name 'smartlessons.ifc.org'")
+Fetch error: http://miga.org/ => https://www.miga.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.miga.org/ => https://www.miga.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://thegef.org/ => https://thegef.org/: (51, "SSL: no alternative certificate subject name matches target host name 'thegef.org'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://gefpmis.org/ => https://gefpmis.org/: (56, 'Recv failure: Connection reset by peer')
+Fetch error: http://smartlessons.ifc.org/ => https://smartlessons.ifc.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://wbginvestmentclimate.org/ => https://www.wbginvestmentclimate.org/: (6, 'Could not resolve host: wbginvestmentclimate.org')
+Fetch error: http://www.wbginvestmentclimate.org/ => https://www.wbginvestmentclimate.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')	!functional:
 		- (www.)cao-ombudsman.org	(www presents cert: gefpmis.org)
 		- (www.)climate-eval.org	(timeout)
 		- (www.)gefonline.org		(interrupted)
@@ -15,7 +28,7 @@
 
 	See International-Finance-Corporation-mismatches.xml for problematic rules
 -->
-<ruleset name="International Finance Corporation (partial)" platform="mixedcontent">
+<ruleset name="International Finance Corporation (partial)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="gefpmis.org"/>
 	<target host="www.gefpmis.org"/>
@@ -29,10 +42,10 @@
 	<target host="openknowledge.worldbank.org"/>
 
 
-	<securecookie host="^www\.(gefpmis|miga|wbginvestmentclimate)\.org$" name=".*"/>
+	<securecookie host="^www\.(?:gefpmis|miga|wbginvestmentclimate)\.org$" name=".+" />
 	<!--	is smartlessons cross-domain cookie used anywhere unsecured?	-->
-	<securecookie host="^smartlessons\.ifc\.org$" name=".*"/>
-	<securecookie host="^openknowledge\.worldbank\.org$" name=".*"/>
+	<securecookie host="^smartlessons\.ifc\.org$" name=".+" />
+	<securecookie host="^openknowledge\.worldbank\.org$" name=".+" />
 
 
 	<rule from="^http://(www\.)?gefpmis\.org/"
diff --git a/src/chrome/content/rules/International-Free-and-Open-Source-Software-Law-Review.xml b/src/chrome/content/rules/International-Free-and-Open-Source-Software-Law-Review.xml
index 8bab81b9af32..0747f19816e6 100644
--- a/src/chrome/content/rules/International-Free-and-Open-Source-Software-Law-Review.xml
+++ b/src/chrome/content/rules/International-Free-and-Open-Source-Software-Law-Review.xml
@@ -4,10 +4,10 @@
 	<target host="www.ifosslr.org" />
 
 
-	<securecookie host="^www\.ifosslr\.org$" name=".*" />
+	<securecookie host="^www\.ifosslr\.org$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?ifosslr\.org/"
+	<rule from="^http://(?:www\.)?ifosslr\.org/"
 		to="https://www.ifosslr.org/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/International-Supercomputing-Conference.xml b/src/chrome/content/rules/International-Supercomputing-Conference.xml
index 8aab56e5c7d6..c615f2577a91 100644
--- a/src/chrome/content/rules/International-Supercomputing-Conference.xml
+++ b/src/chrome/content/rules/International-Supercomputing-Conference.xml
@@ -1,13 +1,18 @@
-<ruleset name="International Supercomputing Conference">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://isc-events.com/ => https://isc-events.com/: (60, 'SSL certificate problem: self signed certificate')
+
+-->
+<ruleset name="International Supercomputing Conference" default_off="failed ruleset test">
 
 	<target host="isc-events.com" />
 	<target host="www.isc-events.com" />
 
 
-	<securecookie host="^(www\.)?isc-events\.com$" name=".*" />
+	<securecookie host="^(?:www\.)?isc-events\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?isc-events\.com/"
-		to="https://$1isc-events.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/InternationalMan.xml b/src/chrome/content/rules/InternationalMan.xml
index b74c7fb57abd..f21924112f3d 100644
--- a/src/chrome/content/rules/InternationalMan.xml
+++ b/src/chrome/content/rules/InternationalMan.xml
@@ -1,13 +1,21 @@
-<ruleset name="InternationalMan">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://internationalman.com/ => https://internationalman.com/: Too many redirects while fetching 'https://internationalman.com/'
+Fetch error: http://www.internationalman.com/ => https://www.internationalman.com/: Too many redirects while fetching 'https://www.internationalman.com/'
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://internationalman.com/ => https://internationalman.com/: Cycle detected - URL already encountered: https://www.internationalman.com/
+-->
+<ruleset name="InternationalMan" default_off="failed ruleset test">
 
 	<target host="internationalman.com" />
-	<target host="*.internationalman.com" />
+	<target host="www.internationalman.com" />
 
 
 	<securecookie host="^\.www\.internationalman\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?internationalman\.com/"
-		to="https://$1internationalman.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/International_Association_of_Privacy_Professionals.xml b/src/chrome/content/rules/International_Association_of_Privacy_Professionals.xml
index 6106eede134f..0fa7f2994bb3 100644
--- a/src/chrome/content/rules/International_Association_of_Privacy_Professionals.xml
+++ b/src/chrome/content/rules/International_Association_of_Privacy_Professionals.xml
@@ -1,5 +1,15 @@
-<ruleset name="International Association of Privacy Professionals">
 
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.privacyassociation.org/ => https://www.privacyassociation.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	International Association of Privacy Professionals
+
+-->
+<ruleset name="Privacy Association.org" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
 	<target host="privacyassociation.org" />
 	<target host="www.privacyassociation.org" />
 
@@ -7,7 +17,7 @@
 	<securecookie host="^(?:www\.)?privacyassociation\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?privacyassociation\.org/"
-		to="https://$1privacyassociation.org/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/International_Consortium_of_Investigative_Journalists.xml b/src/chrome/content/rules/International_Consortium_of_Investigative_Journalists.xml
deleted file mode 100644
index 5968dcebdd42..000000000000
--- a/src/chrome/content/rules/International_Consortium_of_Investigative_Journalists.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<!--
-	CDN buckets:
-
-		- d2i83gre49b1s9.cloudfront.net
-
-			- cloudfront-[1-5].icij.org
-
--->
-<ruleset name="International Consortium of Investigative Journalists">
-
-	<target host="icij.org" />
-	<target host="*.icij.org" />
-
-
-	<securecookie host="^\.icij\.org$" name=".+" />
-
-
-	<rule from="^http://(www\.)?icij\.org/"
-		to="https://$1icij.org/" />
-
-	<rule from="^http://cloudfront-\d\.icij\.org/"
-		to="https://d2i83gre49b1s9.cloudfront.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/International_Energy_Agency.xml b/src/chrome/content/rules/International_Energy_Agency.xml
index ac2026af752e..f21ec93a3e1b 100644
--- a/src/chrome/content/rules/International_Energy_Agency.xml
+++ b/src/chrome/content/rules/International_Energy_Agency.xml
@@ -8,7 +8,6 @@
 	<target host="www.iea.org" />
 
 
-	<rule from="^http://(?:www\.)?iea\.org/"
-		to="https://www.iea.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/International_Financial_Cryptography_Association.xml b/src/chrome/content/rules/International_Financial_Cryptography_Association.xml
index 34bafd139873..7349f80f6cda 100644
--- a/src/chrome/content/rules/International_Financial_Cryptography_Association.xml
+++ b/src/chrome/content/rules/International_Financial_Cryptography_Association.xml
@@ -1,16 +1,23 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ifca.ai/ => https://ifca.ai/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.ifca.ai/ => https://www.ifca.ai/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://ifca.ai/ => https://ifca.ai/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.ifca.ai/ => https://www.ifca.ai/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 	Problematic subdomains:
 
 		- fc13	(works; mismatched, CN: www.ifca.ai)
 
 -->
-<ruleset name="International Financial Cryptography Association (partial)">
+<ruleset name="International Financial Cryptography Association (partial)" default_off="failed ruleset test">
 
 	<target host="ifca.ai" />
 	<target host="www.ifca.ai" />
 
 
-	<rule from="^http://(www\.)?ifca\.ai/"
-		to="https://$1ifca.ai/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/International_Payments.co.uk.xml b/src/chrome/content/rules/International_Payments.co.uk.xml
new file mode 100644
index 000000000000..9e94ba5178f1
--- /dev/null
+++ b/src/chrome/content/rules/International_Payments.co.uk.xml
@@ -0,0 +1,20 @@
+<!--
+	For other Santander coverage, see Santander.co.uk.xml.
+
+
+	^: cert only matches www
+
+-->
+<ruleset name="International Payments.co.uk">
+
+	<target host="internationalpayments.co.uk" />
+	<target host="www.internationalpayments.co.uk" />
+
+
+	<securecookie host="^www\.internationalpayments\.co\.uk$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?internationalpayments\.co\.uk/"
+		to="https://www.internationalpayments.co.uk/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/International_SOS.xml b/src/chrome/content/rules/International_SOS.xml
index f0f5351412c5..b6f134eb62d1 100644
--- a/src/chrome/content/rules/International_SOS.xml
+++ b/src/chrome/content/rules/International_SOS.xml
@@ -1,11 +1,25 @@
-<ruleset name="International SOS">
-    <target host="internationalsos.com" />
-    <target host="*.internationalsos.com" />
+<!--
+	Insecure cookies are set for these hosts:
 
-    <securecookie host="^(.*\.)?internationalsos\.com$" name=".+" />
+		- www.internationalsos.com
+
+-->
+<ruleset name="International SOS.org">
+
+	<target host="internationalsos.com" />
+	<target host="*.internationalsos.com" />
+
+		<test url="http://www.internationalsos.com/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.internationalsos\.com$" name="^(?:BigCORP|BigECMS|ECMS_SessionId|SC_ANALYTICS_(?:GLOBAL|SESSION)_COOKIE)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
-    <rule from="^https?://internationalsos\.com/"
-        to="https://www.internationalsos.com/"/>
-    <rule from="^http://([^/:@]+)?\.internationalsos\.com/"
-        to="https://$1.internationalsos.com/" />
 </ruleset>
diff --git a/src/chrome/content/rules/International_Scene_Organization.xml b/src/chrome/content/rules/International_Scene_Organization.xml
index 1e3f4cdf2efb..b462ecec52d7 100644
--- a/src/chrome/content/rules/International_Scene_Organization.xml
+++ b/src/chrome/content/rules/International_Scene_Organization.xml
@@ -1,22 +1,39 @@
 <!--
+	International Scene Organization
+
+
 	Nonfunctional subdomains:
 
-		- awards	(shows www)
+		- awards *
+		- curio *
+		- wanted *
+
+	* Plaintext reply
 
 
-	Cert only matches www.
+	Insecure cookies are set for these hosts:
+
+		- id.scene.org
 
 -->
-<ruleset name="International Scene Organization" default_off="expired">
+<ruleset name="Scene.org (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="scene.org" />
+	<target host="files.scene.org" />
+	<target host="id.scene.org" />
 	<target host="www.scene.org" />
 
 
-	<securecookie host="^www\.scene\.org$" name=".+" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^id\.scene\.org$" name="^SCENEIDSESS$" /-->
+
+	<securecookie host="^(?:id\.|www\.)?scene\.org$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?scene\.org/"
-		to="https://www.scene.org/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/International_School_of_the_Sacred_Heart.xml b/src/chrome/content/rules/International_School_of_the_Sacred_Heart.xml
index c818fb552686..6471fcd7f082 100644
--- a/src/chrome/content/rules/International_School_of_the_Sacred_Heart.xml
+++ b/src/chrome/content/rules/International_School_of_the_Sacred_Heart.xml
@@ -1,13 +1,18 @@
-<ruleset name="International School of the Sacred Heart">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://issh.ac.jp/ => https://issh.ac.jp/: (28, 'Connection timed out after 20000 milliseconds')
+
+-->
+<ruleset name="International School of the Sacred Heart" default_off="failed ruleset test">
 
 	<target host="issh.ac.jp" />
-	<target host="*.issh.ac.jp" />
+	<target host="www.issh.ac.jp" />
 
 
 	<securecookie host="^(?:www)?\.issh.ac.jp$" name=".+" />
 
 
-	<rule from="^http://(www\.)?issh\.ac\.jp/"
-		to="https://$1issh.ac.jp/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Internet-Archive.xml b/src/chrome/content/rules/Internet-Archive.xml
index 43933b3a6f95..6bd14dac7303 100644
--- a/src/chrome/content/rules/Internet-Archive.xml
+++ b/src/chrome/content/rules/Internet-Archive.xml
@@ -1,29 +1,71 @@
 <!--
+	Internet Archive
+
 	Other Internet Archive rulesets:
 
 		- Archive.org_Way_Back_Machine.xml
+		- Archive-It.org.xml
+		- Open_Library.org.xml
+		- Political-TV-Ad-Archive.xml
+
+
+	Problematic domains:
+
+		- ait.blog.archive.org		(cert mismatch)
+		- crawler.archive.org		(refused)
+		- gmeta[0-7].us.archive.org	(refused)
+		- graphite.us.archive.org	(refused)
+		- lending.us.archive.org	(time out)
+		- *.s3dns.us.archive.org	(cert mismatch)
+		- www\d\d.us.archive.org	(cert mismatch)
 
 
-	Nonfunctional subdomains:
+	Fully covered hosts in *archive.org:
 
-		- blog	(refused)
+		- (www.)?
+		- analytics
+		- blog
+		- bt1
+		- bt2
+		- builds
+		- developers
+		- store
+		- *.us
 
 -->
-<ruleset name="Internet Archive">
+<ruleset name="Archive.org">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="archive.org" />
-	<target host="*.archive.org" />
-		<exclusion pattern="^http://(?:graphite|s3)\.us\.archive\.org/" />
-		<!--
-			The rule does not handle web anyway:
+	<target host="www.archive.org" />
+	<target host="analytics.archive.org" />
+	<target host="blog.archive.org" />
+	<target host="bt1.archive.org" />
+	<target host="bt2.archive.org" />
+	<target host="builds.archive.org" />
+	<target host="developers.archive.org" />
+	<target host="store.archive.org" />
+	<target host="*.us.archive.org" />
 
-		<exclusion pattern="^http://web\.archive\.org/" /-->
 
+	<securecookie host="^(www|analytics|bt[12]|builds|developers|store)\.archive\.org$" name=".+" />
 
-	<securecookie host="^\.archive\.org$" name=".+" />
 
+	<test url="http://ia301543.us.archive.org/" />
+	<exclusion pattern="^http://gmeta[0-7]\.us\.archive\.org/" />
+		<test url="http://gmeta4.us.archive.org/" />
+	<exclusion pattern="^http://(graphite|lending)\.us\.archive\.org/" />
+		<test url="http://graphite.us.archive.org/" />
+		<test url="http://lending.us.archive.org/" />
+	<exclusion pattern="^http://([\w-]+\.)+s3dns\.us\.archive\.org/" />
+		<test url="http://stats.ia902706.s3dns.us.archive.org/" />
+		<test url="http://hom.3d.ia802600.s3dns.us.archive.org/" />
+		<test url="http://djaj-zine.ia601509.s3dns.us.archive.org/" />
+	<exclusion pattern="^http://www\d\d\.us\.archive\.org/" />
+		<test url="http://www17.us.archive.org/" />
 
-	<rule from="^http://(\w+\.us\.|www\.)?archive\.org/"
-		to="https://$1archive.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Internet-Governance-Project.xml b/src/chrome/content/rules/Internet-Governance-Project.xml
index a2d4d4835411..a137db23d5dd 100644
--- a/src/chrome/content/rules/Internet-Governance-Project.xml
+++ b/src/chrome/content/rules/Internet-Governance-Project.xml
@@ -8,7 +8,7 @@
 
 	<!--	!www 301s to www.
 						-->
-	<rule from="^https?://(?:www\.)?internetgovernance\.org/"
+	<rule from="^http://(?:www\.)?internetgovernance\.org/"
 		to="https://www.internetgovernance.org/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Internet-Radio.com.xml b/src/chrome/content/rules/Internet-Radio.com.xml
new file mode 100644
index 000000000000..da0f047c40c0
--- /dev/null
+++ b/src/chrome/content/rules/Internet-Radio.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="Internet-Radio.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="internet-radio.com" />
+	<target host="www.internet-radio.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Internet-Safety-Project.xml b/src/chrome/content/rules/Internet-Safety-Project.xml
new file mode 100644
index 000000000000..c4fcbcd207ba
--- /dev/null
+++ b/src/chrome/content/rules/Internet-Safety-Project.xml
@@ -0,0 +1,13 @@
+<ruleset name="Internet Safety Project">
+	<target host=    "internetsafetyproject.org" />
+	<target host="www.internetsafetyproject.org" />
+
+  	<securecookie host="^www\.internetsafetyproject\.org$" name=".+" />
+
+	<!-- CloudFlare connection time out -->
+	<rule from="^http://internetsafetyproject\.org/"
+		to="https://www.internetsafetyproject.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Internet-Society.xml b/src/chrome/content/rules/Internet-Society.xml
deleted file mode 100644
index bc006d65aa3c..000000000000
--- a/src/chrome/content/rules/Internet-Society.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	Some pages redirect to http.
-
--->
-<ruleset name="Internet Society (partial)" platform="mixedcontent">
-
-	<target host="internetsociety.org"/>
-	<target host="www.internetsociety.org"/>
-	<target host="portal.isoc.org"/>
-
-	<rule from="^http://(www\.)?internetsociety\.org/($|\?|favicon\.ico|form/donation(?:$|\?|/)|misc/|modules/|sites/)"
-		to="https://$1internetsociety.org/$2"/>
-
-	<rule from="^http://portal\.isoc\.org/"
-		to="https://portal.isoc.org/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Internet.bs.xml b/src/chrome/content/rules/Internet.bs.xml
index ff025629cb9f..8692010fc91a 100644
--- a/src/chrome/content/rules/Internet.bs.xml
+++ b/src/chrome/content/rules/Internet.bs.xml
@@ -8,9 +8,10 @@
 <ruleset name="Internet.bs">
 
 	<target host="internet.bs" />
-	<target host="*.internet.bs" />
+	<target host="chat.internet.bs" />
+	<target host="www.internet.bs" />
 	<target host="internetbs.net" />
-	<target host="*.internetbs.net" />
+	<target host="www.internetbs.net" />
 
 
 	<securecookie host="^\.internetbs\.net$" name=".+" />
@@ -22,4 +23,4 @@
 	<rule from="^http://(?:www\.)?internetbs\.net/"
 		to="https://internetbs.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Internet.org.nz.xml b/src/chrome/content/rules/Internet.org.nz.xml
new file mode 100644
index 000000000000..93cd50059b80
--- /dev/null
+++ b/src/chrome/content/rules/Internet.org.nz.xml
@@ -0,0 +1,21 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://static.internet.org.nz/ (200) => https://static.internet.org.nz/ (403)
+
+	Internet Party
+
+-->
+<ruleset name="Internet.org.nz" default_off="failed ruleset test">
+
+	<target host="internet.org.nz" />
+	<target host="static.internet.org.nz" />
+	<target host="www.internet.org.nz" />
+
+
+	<securecookie host="^\.internet\.org\.nz$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Internet2.xml b/src/chrome/content/rules/Internet2.xml
index 1001f34930c2..0a2cab4be6bb 100644
--- a/src/chrome/content/rules/Internet2.xml
+++ b/src/chrome/content/rules/Internet2.xml
@@ -1,34 +1,97 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://mail.internet2.edu/ => https://mail.internet2.edu/: (60, 'SSL certificate problem: certificate has expired')
+
+	Nonfunctional subdomains:
+
+		- events *
+
+	* Shows www
+
+
 	Problematic subdomains:
 
+		- ^ ¹
 		- middleware	(shows www; mismatched, CN: www.internet2.edu)
 
+	¹ Mismatched
+
 
 	Partially covered subdomains:
 
 		- middleware	(→ www)
-		- (www.)	(some pages redirect to http; contentslider-1k.css, images/, index.cfm, & pubs/ 404)
+
+
+	Fully covered subdomains:
+
+		- (www.)	(^ → www)
+		- lists
+		- mail
+		- meetings
+		- service1
+		- spaces
+		- wiki
+
+
+	Insecure cookies are set for these domains:
+
+		- meetings
+		- saltweb
+		- www
+
+
+	Mixed content:
+
+		- css on meetings and www from fast.fonts.com *
+
+	* Secured by us
 
 -->
-<ruleset name="Internet2 (partial)">
+<ruleset name="Internet2.edu (partial)" default_off="failed ruleset test">
 
+	<!--	Direct rewrites:
+				-->
+	<target host="lists.internet2.edu" />
+	<target host="mail.internet2.edu" />
+	<target host="meetings.internet2.edu" />
+	<target host="service1.internet2.edu" />
+	<target host="spaces.internet2.edu" />
+	<target host="www.internet2.edu" />
+
+	<!--	Complications:
+				-->
 	<target host="internet2.edu" />
-	<target host="*.internet2.edu" />
-		<exclusion pattern="^http://(?:www\.)?internet2\.edu/(?!includes/|middleware(?:$|\?|/))" />
+	<target host="middleware.internet2.edu" />
 
+		<exclusion pattern="^http://middleware\.internet2\.edu/(?!$|\?)" />
 
-	<securecookie host="^(?:\.lists|service1|spaces|wiki)\.internet2\.edu$" name=".+" />
+			<!--	+ve:
+					-->
+			<test url="http://middleware.internet2.edu/dir/schema/" />
+			<test url="http://middleware.internet2.edu/eduperson/docs/internet2-mace-dir-eduperson-201203.html" />
+			<test url="http://middleware.internet2.edu/hepki-tag/pki-lite/pki-lite-policy-practices.htm" />
+			<test url="http://middleware.internet2.edu/urn-mace/urn-mace.html" />
 
 
-	<!--	$ & /$ 404:
-				-->
-	<rule from="^http://(?:www\.)?internet2\.edu/middleware/?(?:\?.*)?$"
-		to="https://www.internet2.edu/middleware/index.cfm" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(meetings|saltweb|www)\.internet2\.edu$" name="^django_language$" /-->
+
+	<securecookie host="^(?:\.lists|service1|spaces|wiki|www)\.internet2\.edu$" name=".+" />
 
-	<rule from="^http://((?:lists|mail|service1|spaces|wiki|www)\.)?internet2\.edu/"
-		to="https://$1internet2.edu/" />
+
+	<rule from="^http://internet2\.edu/"
+		to="https://www.internet2.edu/" />
 
 	<rule from="^http://middleware\.internet2\.edu/(?:\?.*)?$"
 		to="https://www.internet2.edu/middleware/index.cfm" />
 
-</ruleset>
\ No newline at end of file
+		<test url="http://middleware.internet2.edu/" />
+		<test url="http://middleware.internet2.edu/?" />
+		<test url="http://middleware.internet2.edu/?f" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/InternetSociety.org.xml b/src/chrome/content/rules/InternetSociety.org.xml
new file mode 100644
index 000000000000..76760cf00c16
--- /dev/null
+++ b/src/chrome/content/rules/InternetSociety.org.xml
@@ -0,0 +1,36 @@
+<!--
+	Other Internet Society rulesets:
+
+		- ISOC.org.xml
+
+	Invalid certificate:
+		beta.internetsociety.org
+		gir2017.internetsociety.org
+		icomm16.internetsociety.org
+		messaging.internetsociety.org
+
+	Mixed content:
+		wp.internetsociety.org
+
+-->
+<ruleset name="Internet Society.org">
+
+	<target host="internetsociety.org" />
+	<target host="www.internetsociety.org" />
+	<target host="apps.internetsociety.org" />
+	<target host="assets.internetsociety.org" />
+	<target host="connect.internetsociety.org" />
+	<target host="dev.internetsociety.org" />
+	<target host="future.internetsociety.org" />
+	<target host="inforum.internetsociety.org" />
+	<target host="intersect.internetsociety.org" />
+	<target host="cdn.prod.internetsociety.org" />
+	<target host="staging.internetsociety.org" />
+	<target host="cdn.staging.internetsociety.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:"/>
+
+</ruleset>
diff --git a/src/chrome/content/rules/InternetX.com.xml b/src/chrome/content/rules/InternetX.com.xml
new file mode 100644
index 000000000000..ddff5eb32c41
--- /dev/null
+++ b/src/chrome/content/rules/InternetX.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="InternetX.com (partial)">
+	<target host="internetx.com" />
+	<target host="www.internetx.com" />
+	<target host="cdn.internetx.com" />
+	<target host="help.internetx.com" />
+	<target host="ox.internetx.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Internet_Brands.xml b/src/chrome/content/rules/Internet_Brands.xml
index 5cd7ab5d2a90..b9d1475c4487 100644
--- a/src/chrome/content/rules/Internet_Brands.xml
+++ b/src/chrome/content/rules/Internet_Brands.xml
@@ -2,65 +2,16 @@
 	Other Internet Brands rulesets:
 
 		- Model_Mayhem.xml
-
-
-	CDN buckets:
-
-		- wac.2632.edgecastcdn.net
-
-			- cdc.ibsrv.net
-			- mms.ibsrv.net
-			- static.ibsrv.net
-			- www.internetbrands.com
-
-
-	Problematic domains:
-
-		- cdc.ibsrv.net			(works, mismatched, CN: gp1.wac.edgecastcdn.net)
-		- mms.ibsrv.net *
-		- static.ibsrv.net *
-		- internetbrands.com		(expired, mismatched, CN: www.internetbrands.com)
-		- www.internetbrands.com *
-
-	* 404, mismatched, CN: gp1.wac.edgecastcdn.net
-
-
-	Partially covered domains:
-
-		- (www.)internetbrands.com	(→ cdcssl.ibsrv.net)
-
-
-	Fully covered domains:
-
-		- pxlssl.ibpxl.com
-
-		- ibsrv.net subdomains:
-
-			- cdc		(→ cdcssl)
-			- cdcssl
-			- mms		(→ cdcssl)
-			- static	(→ staticssl)
-			- staticssl
+		- IBsrv.net.xml
 
 -->
 <ruleset name="Internet Brands">
 
 	<target host="pxlssl.ibpxl.com" />
-	<target host="*.ibsrv.net" />
 	<target host="internetbrands.com" />
 	<target host="www.internetbrands.com" />
 
+	<rule from="^http:"
+		to="https:" />
 
-	<rule from="^http://pxlssl\.ibpxl\.com/"
-		to="https://pxlssl.ibpxl.com/" />
-
-	<rule from="^https?://(?:cdc|cdcssl|mms).ibsrv.net/"
-		to="https://cdcssl.ibsrv.net/modelmayhem/" />
-
-	<rule from="^http://static(?:ssl)?\.ibsrv\.net/"
-		to="https://staticssl.ibsrv.net/" />
-
-	<rule from="^https?://(?:www\.)?internetbrands\.com/mt-static/"
-		to="https://cdcssl.ibsrv.net/ibcom/mt-static/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Internet_Coup.org.xml b/src/chrome/content/rules/Internet_Coup.org.xml
new file mode 100644
index 000000000000..426d352fcc29
--- /dev/null
+++ b/src/chrome/content/rules/Internet_Coup.org.xml
@@ -0,0 +1,25 @@
+<!--
+	For other Center for Rights coverage, see The_Center_for_Rights.org.xml.
+
+
+	^: dropped
+	www: Herokuapp
+
+-->
+<ruleset name="Internet Coup.org" default_off="mismatched">
+
+	<target host="internetcoup.org" />
+	<target host="www.internetcoup.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.internetcoup\.org$" name="^(csrftoken|sessionid)$" /-->
+
+	<securecookie host="^www\.internetcoup\.org$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?internetcoup\.org/"
+		to="https://www.internetcoup.org/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Internet_Defense_League.xml b/src/chrome/content/rules/Internet_Defense_League.xml
index 0acea3e4da46..270ffc6a0eab 100644
--- a/src/chrome/content/rules/Internet_Defense_League.xml
+++ b/src/chrome/content/rules/Internet_Defense_League.xml
@@ -1,21 +1,16 @@
 <!--
 	For other Fight for the Future coverage, see Fight-for-the-Future.xml.
 
-
-	CDN buckets:
-
-		- internetdefenseleague.s3.amazonaws.com
-
 -->
-<ruleset name="Internet Defense League">
+<ruleset name="Internet Defense League.org">
 
+	<target host="internetdefenseleague.org" />
+	<target host="www.internetdefenseleague.org" />
 	<target host="members.internetdefenseleague.org" />
 
+	<securecookie host=".+" name=".+" />
 
-	<securecookie host="^members\.internetdefenseleague\.org$" name=".+" />
-
-
-	<rule from="^http://members\.internetdefenseleague\.org/"
-		to="https://members.internetdefenseleague.org/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Internet_Live_Stats.com.xml b/src/chrome/content/rules/Internet_Live_Stats.com.xml
new file mode 100644
index 000000000000..adb44c9cd299
--- /dev/null
+++ b/src/chrome/content/rules/Internet_Live_Stats.com.xml
@@ -0,0 +1,45 @@
+<!--
+	Insecure cookies are set for these domains and hosts:
+
+		- internetlivestats.com
+		- .internetlivestats.com
+
+
+	Mixed content:
+
+		- iframe from $self *
+
+		- css, from:
+
+			- fonts.googleapis.com *
+			- $self *
+
+		- favicon from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Internet Live Stats.com" platform="mixedcontent">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="internetlivestats.com" />
+	<target host="www.internetlivestats.com" />
+
+		<!--	Sets cookie without Secure:
+							-->
+		<test url="http://www.internetlivestats.com/lists/?p=subscribe" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.internetlivestats\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+	<!--securecookie host="^www\.internetlivestats\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Internet_Protection_Lab.net.xml b/src/chrome/content/rules/Internet_Protection_Lab.net.xml
new file mode 100644
index 000000000000..2c953fb230ce
--- /dev/null
+++ b/src/chrome/content/rules/Internet_Protection_Lab.net.xml
@@ -0,0 +1,32 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .internetprotectionlab.net
+
+
+	Mixed content:
+
+		- css from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Internet Protection Lab.net">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="internetprotectionlab.net" />
+	<target host="www.internetprotectionlab.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.internetprotectionlab\.net$" name="^pll_language$" /-->
+
+	<securecookie host="^\.internetprotectionlab\.net$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Internet_Video_Archive.com.xml b/src/chrome/content/rules/Internet_Video_Archive.com.xml
new file mode 100644
index 000000000000..16e46bd06bb5
--- /dev/null
+++ b/src/chrome/content/rules/Internet_Video_Archive.com.xml
@@ -0,0 +1,14 @@
+<!--
+	CDN buckets:
+
+		- d2nebe8lbbiml.cloudfront.net
+
+-->
+<ruleset name="Internet Video Archive.com (partial)">
+
+	<target host="content.internetvideoarchive.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Internet_Week.jp.xml b/src/chrome/content/rules/Internet_Week.jp.xml
new file mode 100644
index 000000000000..34c7a0443371
--- /dev/null
+++ b/src/chrome/content/rules/Internet_Week.jp.xml
@@ -0,0 +1,14 @@
+<!--
+	www: cert only matches ^internetweek.jp
+
+-->
+<ruleset name="Internet Week.jp">
+
+	<target host="internetweek.jp" />
+	<target host="www.internetweek.jp" />
+
+
+	<rule from="^http://(?:www\.)?internetweek\.jp/"
+		to="https://internetweek.jp/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Internetsuccess.at.xml b/src/chrome/content/rules/Internetsuccess.at.xml
new file mode 100644
index 000000000000..d9b09f7ef9a2
--- /dev/null
+++ b/src/chrome/content/rules/Internetsuccess.at.xml
@@ -0,0 +1,20 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://internetsuccess.at/ => https://internetsuccess.at/: (51, "SSL: no alternative certificate subject name matches target host name 'internetsuccess.at'")
+
+	www: mismatched
+
+-->
+<ruleset name="internetsuccess.at" default_off="failed ruleset test">
+
+	<target host="internetsuccess.at" />
+	<target host="p42.internetsuccess.at" />
+	<target host="second.internetsuccess.at" />
+	<target host="www.internetsuccess.at" />
+
+
+	<rule from="^http://(?:(p42\.|second\.)|www\.)?internetsuccess\.at/"
+		to="https://$1internetsuccess.at/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Internews.org.xml b/src/chrome/content/rules/Internews.org.xml
index 149d120f3a67..e093aa311d7c 100644
--- a/src/chrome/content/rules/Internews.org.xml
+++ b/src/chrome/content/rules/Internews.org.xml
@@ -2,5 +2,5 @@
   <target host="www.internews.org"/>
   <target host="internews.org"/>
 
-  <rule from="^http://(www\.)?internews\.org/" to="https://www.internews.org/"/>
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Interns.org.xml b/src/chrome/content/rules/Interns.org.xml
deleted file mode 100644
index bada1c5766dd..000000000000
--- a/src/chrome/content/rules/Interns.org.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="Interns.org" default_off="self-signed">
-
-	<target host="interns.org" />
-	<target host="www.interns.org" />
-
-	<!--	!www redirects to www.	-->
-	<rule from="^http://(?:www\.)?interns\.org/"
-		to="https://www.interns.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Interpol.int.xml b/src/chrome/content/rules/Interpol.int.xml
new file mode 100644
index 000000000000..bd3b2feddbc9
--- /dev/null
+++ b/src/chrome/content/rules/Interpol.int.xml
@@ -0,0 +1,39 @@
+<!--
+	Bad certficate:
+		autodiscover.interpol.int
+		c11.interpol.int
+		cas.interpol.int
+		cas11.interpol.int
+		csvdiig11.interpol.int
+		edison.interpol.int
+		ems2.ems.interpol.int
+		mail.interpol.int
+		mail11.interpol.int
+		massmailing.interpol.int
+		md.interpol.int
+		share1.interpol.int
+
+	Non-functional:
+		aw.interpol.int (403)
+		ems1.ems.interpol.int (404)
+		i247.interpol.int
+		m.interpol.int
+		ns0.interpol.int
+		pearls.interpol.int
+
+	Internal:
+		s.interpol.int
+		cyber.interpol.int
+
+	Secure connection failed:
+		ifrt.interpol.int
+		secure.interpol.int
+
+-->
+<ruleset name="Interpol">
+	<target host="interpol.int" />
+	<target host="www.interpol.int" />
+	<target host="e.interpol.int" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Interpol.xml b/src/chrome/content/rules/Interpol.xml
deleted file mode 100644
index a5ad9e720fd3..000000000000
--- a/src/chrome/content/rules/Interpol.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="Interpol" default_off="No longer supports HTTPS">
-  <target host="interpol.int"/>
-  <target host="www.interpol.int"/>
-
-  <rule from="^http://(?:www\.)?interpol\.int/" to="https://www.interpol.int/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/Intersect_Alliance.com.xml b/src/chrome/content/rules/Intersect_Alliance.com.xml
new file mode 100644
index 000000000000..3cac631c156c
--- /dev/null
+++ b/src/chrome/content/rules/Intersect_Alliance.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="Intersect Alliance.com">
+
+	<target host="intersectalliance.com" />
+	<target host="www.intersectalliance.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Interstices.info.xml b/src/chrome/content/rules/Interstices.info.xml
new file mode 100644
index 000000000000..7429bb64212f
--- /dev/null
+++ b/src/chrome/content/rules/Interstices.info.xml
@@ -0,0 +1,17 @@
+<!--
+	For other Inria coverage, see Inria.fr.xml.
+
+
+	www: Cert only matches ^interstices.info
+
+-->
+<ruleset name="Interstices.info">
+
+	<target host="interstices.info" />
+	<target host="www.interstices.info" />
+
+
+	<rule from="^http://(?:www\.)?interstices\.info/"
+		to="https://interstices.info/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Intertwingly.net.xml b/src/chrome/content/rules/Intertwingly.net.xml
new file mode 100644
index 000000000000..81fa4b39f3a4
--- /dev/null
+++ b/src/chrome/content/rules/Intertwingly.net.xml
@@ -0,0 +1,6 @@
+<ruleset name="Intertwingly.net">
+  <target host="intertwingly.net" />
+  <target host="www.intertwingly.net" />
+  <target host="rubix.intertwingly.net" />
+<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Intevation-GmbH.xml b/src/chrome/content/rules/Intevation-GmbH.xml
index 97b03ad332a1..51fa6c0f87e5 100644
--- a/src/chrome/content/rules/Intevation-GmbH.xml
+++ b/src/chrome/content/rules/Intevation-GmbH.xml
@@ -1,20 +1,118 @@
-<ruleset name="Intevation GmbH (partial)">
+<!--
+Other Intevation rulesets:
+	+ Greenbone.xml
+	+ Wald.Intevation.org.xml
+
+Invalid certificate:
+	detnet2.intevation.de
+	edbsilon.intevation.de
+	frida.intevation.de
+	gpg4win-files.intevation.de
+	gpg4win-piwik.intevation.de
+	great-er.intevation.de
+	kolab-files.intevation.de
+	kolab-issues.intevation.de
+	openslides-cloud.intevation.de
+	www.openslides-cloud.intevation.de
+	thuban.intevation.de
+	wald.intevation.de
+	www.wald.intevation.de
+	inteproxy.wald.intevation.de
+
+	intevation.net
+	www.intevation.net
+	www.frida.intevation.net
+	ftp.intevation.net
+	ssl.intevation.net
+
+	intevation.org
+	www.intevation.org
+	apt.intevation.org
+	edbsilon.intevation.org
+	frida.intevation.org
+	ftp.intevation.org
+	great-er.intevation.org
+	greater.intevation.org
+	greater-web.intevation.net
+	hg.intevation.org
+	hoko.intevation.org
+	pumpbridge.intevation.org
+	ssl.intevation.org
+	taran.intevation.org
+	thuban.intevation.org
+	wald.intevation.org
+	www.wald.intevation.org
+	adminton.wald.intevation.org
+	arcmap2sld.wald.intevation.org
+	auik.wald.intevation.org
+	deegree.wald.intevation.org
+	formed.wald.intevation.org
+	freezvaut.wald.intevation.org
+	frida.wald.intevation.org
+	gispatcher.wald.intevation.org
+	gpa.wald.intevation.org
+	gpg4win.wald.intevation.org
+	gpgoe.wald.intevation.org
+	greater.wald.intevation.org
+	inteproxy.wald.intevation.org
+	intests.wald.intevation.org
+	lists.wald.intevation.org
+	lohnrechner.wald.intevation.org
+	mapwoc.wald.intevation.org
+	mpuls.wald.intevation.org
+	mxd2map.wald.intevation.org
+	openpgpmdrv.wald.intevation.org
+	openvas.wald.intevation.org
+	osaas.wald.intevation.org
+	pyshapelib.wald.intevation.org
+ 	pywms.wald.intevation.org
+	schmitzm.wald.intevation.org
+	scm.wald.intevation.org
+	skencil.wald.intevation.org
+	snap2dto3d.wald.intevation.org
+	statist.wald.intevation.org
+	svn.wald.intevation.org
+	swm.wald.intevation.org
+	treepkg.wald.intevation.org
+	webflysuesk.wald.intevation.org
+	winpt.wald.intevation.org
+
+Refused connection:
+	agora.intevation.de
+	agora-nossl.intevation.de
+	bfb-demo.intevation.de
+	efa-preview.intevation.de
+	jmd-demo.intevation.de
+	jmd-preview.intevation.de
+	mpuls-preview.intevation.de
+	waskiq-demo.intevation.de
+	waskiq-training.intevation.de
+
+	saegewerk.wald.intevation.org
+-->
+<ruleset name="Intevation GmbH">
 	<target host="intevation.de" />
+	<target host="www.intevation.de" />
+	<target host="apt.intevation.de" />
+	<target host="blogs.intevation.de" />
+	<target host="detnet2-staging.intevation.de" />
+	<target host="doto.intevation.de" />
+	<target host="eupompe.intevation.de" />
+	<target host="fex.intevation.de" />
+	<target host="files.intevation.de" />
 	<target host="ftp.intevation.de" />
+	<target host="hg.intevation.de" />
+	<target host="kolab.intevation.de" />
+	<target host="mpuls-demo.intevation.de" />
+	<target host="mpuls-s-bewerbung-demo.intevation.de" />
+	<target host="mpuls-s-demo.intevation.de" />
+	<target host="mpuls-schulung.intevation.de" />
+	<target host="osm.intevation.de" />
+	<target host="osnabrueck.intevation.de" />
 	<target host="ssl.intevation.de" />
-	<target host="www.intevation.de" />
-	<target host="intevation.net" />
-	<target host="ftp.intevation.net" />
-	<target host="ssl.intevation.net" />
-	<target host="www.intevation.net" />
-	<target host="intevation.org" />
-	<target host="ftp.intevation.org" />
-	<target host="ssl.intevation.org" />
-	<target host="www.intevation.org" />
-
-	<securecookie host="^(ssl|www)\.intevation\.de$"
-			name=".+" />
+	<target host="testkolab.intevation.de" />
+	<target host="waska-anwender.intevation.de" />
+	<target host="wasko-schulverweigerung.intevation.de" />
 
-	<rule from="^http://((ftp|ssl|www)\.)?intevation\.(de|net|org)/"
-		to="https://$1intevation.de/" />
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Intevation-problematic.xml b/src/chrome/content/rules/Intevation-problematic.xml
deleted file mode 100644
index 95555e15343a..000000000000
--- a/src/chrome/content/rules/Intevation-problematic.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	For rules that are on by default, see Intevation.xml.
-
--->
-<ruleset name="Intevation.org (problematic)" default_off="self-signed">
-
-	<target host="wald.intevation.org" />
-
-
-	<securecookie host="^wald\.intevation\.org$" name=".+" />
-
-
-	<rule from="^http://wald\.intevation\.org/"
-		to="https://wald.intevation.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Intevation.xml b/src/chrome/content/rules/Intevation.xml
deleted file mode 100644
index 03606be3444d..000000000000
--- a/src/chrome/content/rules/Intevation.xml
+++ /dev/null
@@ -1,29 +0,0 @@
-<!--
-	For problematic rules, see Intevation-problematic.xml.
-
-
-	Other Intevation rulesets:
-
-		- Greenbone.xml
-
-
-	Problematic domains:
-
-		- wald.intevation.de	(mismatched, CN: wald.intevation.org)
-		- (www.)intevation.org	(works; mismatched, CN: *.intevation.de)
-		- wald.intevation.org	(works, self-signed)
-
--->
-<ruleset name="Intevation (partial)">
-
-	<target host="intevation.*" />
-	<target host="www.intevation.*" />
-
-
-	<rule from="^http://(www\.)?intevation\.org/(\?.*)?$"
-		to="https://$1intevation.de/index.en.html$2" />
-
-	<rule from="^http://(www\.)?intevation\.(?:de|org)/"
-		to="https://$1intevation.de/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Into_Higher.com.xml b/src/chrome/content/rules/Into_Higher.com.xml
new file mode 100644
index 000000000000..55517fc576fe
--- /dev/null
+++ b/src/chrome/content/rules/Into_Higher.com.xml
@@ -0,0 +1,32 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://intohigher.com/ => https://intohigher.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.intohigher.com/ => https://www.intohigher.com/: (60, 'SSL certificate problem: certificate has expired')
+
+	Insecure cookies are set for these domains:
+
+		- .intohigher.com
+
+
+	Mixed content:
+
+		- css from fast.fonts.net *
+
+	* Secured by us
+
+-->
+<ruleset name="Into Higher.com" default_off="failed ruleset test">
+
+	<target host="intohigher.com" />
+	<target host="www.intohigher.com" />
+
+
+	<securecookie host="^\." name="^__utm" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Intrepid_Museum.xml b/src/chrome/content/rules/Intrepid_Museum.xml
index cfd9c7f9e920..4c3c83dcfc5d 100644
--- a/src/chrome/content/rules/Intrepid_Museum.xml
+++ b/src/chrome/content/rules/Intrepid_Museum.xml
@@ -4,7 +4,6 @@
 	<target host="www.intrepidmuseum.org" />
 
 
-	<rule from="^http://(www\.)?intrepidmuseum\.org/"
-		to="https://$1intrepidmuseum.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Intrepidus_Group.com.xml b/src/chrome/content/rules/Intrepidus_Group.com.xml
new file mode 100644
index 000000000000..dce9d8d5013e
--- /dev/null
+++ b/src/chrome/content/rules/Intrepidus_Group.com.xml
@@ -0,0 +1,18 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://intrepidusgroup.com/ => https://intrepidusgroup.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.intrepidusgroup.com/ => https://www.intrepidusgroup.com/: (28, 'Connection timed out after 20000 milliseconds')
+
+	Server is configured for rc4 only.
+
+-->
+<ruleset name="Intrepidus Group.com" default_off="failed ruleset test">
+
+	<target host="intrepidusgroup.com" />
+	<target host="www.intrepidusgroup.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Intuit-problematic.xml b/src/chrome/content/rules/Intuit-problematic.xml
deleted file mode 100644
index 053314e74a6c..000000000000
--- a/src/chrome/content/rules/Intuit-problematic.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	For rules that are on by default, see Intuit.xml.
-
--->
-<ruleset name="Intuit (problematic)" default_off="mismatched">
-
-	<target host="intuitpayments.com" />
-	<target host="www.intuitpayments.com" />
-
-
-	<rule from="^https?://(?:www\.)?/intuitpayments\.com/(favicon\.ico|Global/|KeyGrip\.ashx|Templates/)"
-		to="https://intuitpayments.com/$1" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Intuit.com.xml b/src/chrome/content/rules/Intuit.com.xml
new file mode 100644
index 000000000000..f7e0c020177b
--- /dev/null
+++ b/src/chrome/content/rules/Intuit.com.xml
@@ -0,0 +1,59 @@
+<!--
+
+	Non-functional hosts
+		Timeout was reached:
+		- business.intuit.com
+		- healthcard.intuit.com
+		- healthcards.intuit.com
+		- quickbase-community-e2e.intuit.com
+		- websites.intuit.com
+
+		SSL connect error:
+		- ifs.intuit.com
+
+		SSL peer certificate was not OK:
+		- academy.intuit.com
+		- paytrust.intuit.com
+
+		4xx client error:
+		- http-download.intuit.com
+		- support.quickbooks.intuit.com
+		- images.turbotax.intuit.com
+-->
+<ruleset name="Intuit.com">
+	<target host="intuit.com" />
+	<target host="www.intuit.com" />
+	<target host="about.intuit.com" />
+	<target host="accountants.intuit.com" />
+	<target host="accounts.intuit.com" />
+	<target host="appcenter.intuit.com" />
+	<target host="css.appcenter.intuit.com" />
+	<target host="images.appcenter.intuit.com" />
+	<target host="blog.intuit.com" />
+	<target host="careers.intuit.com" />
+	<target host="community.intuit.com" />
+	<target host="developer.intuit.com" />
+	<target host="enterprisesuite.intuit.com" />
+	<target host="fi.intuit.com" />
+	<target host="www.fi.intuit.com" />
+	<target host="healthcare.intuit.com" />
+	<target host="index.intuit.com" />
+	<target host="intuitmarket.intuit.com" />
+	<target host="quickbooks.lc.intuit.com" />
+	<target host="payments.intuit.com" />
+	<target host="payroll.intuit.com" />
+	<target host="pointofsale.intuit.com" />
+	<target host="privacy.intuit.com" />
+	<target host="proadvisor.intuit.com" />
+	<target host="quickbooks.intuit.com" />
+	<target host="quickbooksonline.intuit.com" />
+	<target host="sci.intuit.com" />
+	<target host="security.intuit.com" />
+	<target host="smallbusiness.intuit.com" />
+	<target host="ttlc.intuit.com" />
+	<target host="turbotax.intuit.com" />
+	<target host="blog.turbotax.intuit.com" />
+	<target host="support.turbotax.intuit.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Intuit.xml b/src/chrome/content/rules/Intuit.xml
deleted file mode 100644
index 4dc79fa63781..000000000000
--- a/src/chrome/content/rules/Intuit.xml
+++ /dev/null
@@ -1,190 +0,0 @@
-<!--
-	For problematic rules, see Intuit-problematic.xml
-
-
-	Other Intuit rulesets:
-
-		- Love_Our_Local_Business.xml
-
-
-	CDN buckets:
-
-		- s3.amazonaws.com/media.turbotaxcpaselect.intuit.com/
-		- d13yycbcrizy5m.cloudfront.net
-		- d2l1w43gzkifhk.cloudfront.net
-		- d2t6vx8xuyfwjt.cloudfront.net
-		- e61667af7f740600c4e8-0971b8480fe84ded6a5e322d96450080.r36.cf1.rackcdn.com
-
-
-	Nonfunctional domains:
-
-		- gopayment.com
-		- www.gopayment.com *
-
-		- intuit.com subdomains:
-
-			- blog			(reset, expired)
-			- careers		(shows default MediaTemple page, self-signed)
-			- ippblog		(times out)
-			- m
-			- reviews.turbotax ***
-			- socialreviews.turbotax ***
-			- support.turbotax *
-
-		- intuitreseller.com		(times out)
-		- www.intuitreseller.com	(shows meeting-reg.com, CN: meeting-reg.com)
-		- (www.)intuitsolutionproviders.com	(shows meeting-reg.com, CN: meeting-reg.com)
-		- blog-s1.intuitstatic.com	(500)
-		- m-s1.intuitstatic.com		(500)
-
-	* Redirects to www.intuit.com, expired
-	*** 503, akamai
-
-
-	Problematic domains:
-
-		- intuit.com subdomains:
-
-			- index			(pages work but images don't, mismatched, CN: online.payroll.intuit.com)
-			- a\d+.quickbase	(mismatched, CN: quickbase.intuit.com)
-			- blog.turbotax		(mismatched, CN: *.wordpress.com)
-
-		- intuitpayments.com		(mismatched, CN: *.postclickmarketing.com)
-		- quickbase.com			(cert only matches *.quickbase.com)
-
-
-	Fully covered domains:
-
-		- intuit.com subdomains:
-
-			- (www.)
-			- about
-			- academy
-			- accountants
-			- blog.accountants
-			- accounts
-
-			- appcenter subdomains:
-
-				- ^
-				- css
-				- images
-
-			- business
-			- community
-			- developer
-			- enterprisesuite
-			- (www.)fi
-			- healthcard
-			- healthcards
-			- healthcare
-			- http-download
-			- ifs
-			- insurance
-			- intuitmarket
-			- ipn
-			- quickbooks.lc
-			- qbosg.lcp
-			- learn
-			- marketplace
-			- paymentnetwork
-			- payments
-			- payroll
-			- paytrust
-			- pointofsale
-			- privacy
-			- proadvisor
-			- psswprod3lb
-			- support.quickbooks.qdc
-			- quickbase
-			- a\d*.quickbase		(→ quickbase)
-			- quickbase-community-e2e
-
-			- quickbooks subdomains:
-
-				- ^
-				- support
-
-			- quickbooksonline
-			- quicken
-			- sci
-			- security
-			- smallbusiness
-			- ttlc
-			- ttlcprd
-			- turbotax
-			- images.turbotax
-			- turbotaxcpaselect
-			- media.turbotaxcpaselect	(→ s3.amazonaws.com)
-			- websites
-
-		- *.intuitcdn.net:
-
-			- intuitmarket
-			- quickbase
-
-		- intuitstatic.com subdomains:
-
-			- s[123]
-			- payments-s3
-
-		- billscenter.paytrust.com
-
-		- quickbase.com subdomains:
-
-			- (www.)	(^ → www)
-			- intuitcorp
-
-		- (www.)turbotax.com
-
--->
-<ruleset name="Intuit (partial)">
-
-	<target host="*.intuit.com" />
-	<target host="*.intuitcdn.net" />
-	<target host="*.intuitstatic.com" />
-	<target host="billscenter.paytrust.com" />
-	<target host="quickbase.com" />
-	<target host="*.quickbase.com" />
-	<target host="turbotax.com" />
-	<target host="*.turbotax.com" />
-
-
-	<!--securecookie host="^\.intuit\.com$" name=".+" /-->
-	<securecookie host="^.+\.intuit\.com$" name=".+" />
-	<securecookie host="^billscenter\.paytrust\.com$" name=".+" />
-
-
-	<!--	$ redirects to http.
-					-->
-	<rule from="^http://quicken\.intuit\.com/(\?.*)?$"
-		to="https://quicken.intuit.com/index.jsp$1" />
-
-	<rule from="^http://((?:about|academy|(?:blog\.)?accountants|accounts|(?:css\.|images\.)?appcenter|business|community|developer|enterprisesuite|(?:www\.)?fi|healthcards?|healthcare|http-download|ifs|insurance|intuitmarket|ipn|quickbooks\.lc|qbosg\.lcp|learn|marketplace|paymentnetwork|payments|payroll|paytrust|pointofsale|privacy|proadvisor|psswprod3lb|support\.quickbooks\.qdc|quickbase|quickbase-community-e2e|(?:support\.)?quickbooks|quickbooksonline|quicken|sci|security|smallbusiness|ttlc|ttlcprd|(?:images\.)?turbotax|turbotaxcpaselect|websites|www)\.)?intuit\.com/"
-		to="https://$1intuit.com/" />
-
-	<rule from="^https?://a\d*\.quickbase\.intuit\.com/"
-		to="https://quickbase.intuit.com/" />
-
-	<rule from="^https?://media\.turbotaxcpaselect\.intuit\.com/"
-		to="https://s3.amazonaws.com/media.turbotaxcpaselect.intuit.com/" />
-
-	<rule from="^http://(\w+)\.intuitcdn\.net/"
-		to="https://$1.intuitcdn.net/" />
-
-	<rule from="^http://(payments-s3|s[123])\.intuitstatic\.com/"
-		to="https://$1.intuitstatic.com/" />
-
-	<rule from="^http://billscenter\.paytrust\.com/"
-		to="https://billscenter.paytrust.com/" />
-
-	<rule from="^https?://(?:www\.)?quickbase\.com/"
-		to="https://www.quickbase.com/" />
-
-	<rule from="^http://intuitcorp\.quickbase\.com/"
-		to="https://intuitcorp.quickbase.com/" />
-
-	<rule from="^http://(www\.)?turbotax\.com/"
-		to="https://$1turbotax.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/IntuitPayments.com.xml b/src/chrome/content/rules/IntuitPayments.com.xml
new file mode 100644
index 000000000000..ac5036e67a8a
--- /dev/null
+++ b/src/chrome/content/rules/IntuitPayments.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="IntuitPayments.com">
+	<target host="intuitpayments.com" />
+	<target host="www.intuitpayments.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/IntuitStatic.com.xml b/src/chrome/content/rules/IntuitStatic.com.xml
new file mode 100644
index 000000000000..d84b960c86f3
--- /dev/null
+++ b/src/chrome/content/rules/IntuitStatic.com.xml
@@ -0,0 +1,19 @@
+<!--
+	Non-functional hosts
+		Timeout was reached:
+		- payments-s3.intuitstatic.com
+		- s3.intuitstatic.com
+
+		4xx client error:
+		- intuitstatic.com
+
+		5xx server error:
+		- m-s1.intuitstatic.com
+-->
+<ruleset name="IntuitStatic.com">
+	<target host="blog-s1.intuitstatic.com" />
+	<target host="s1.intuitstatic.com" />
+	<target host="s2.intuitstatic.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Intuitive_Password.com.xml b/src/chrome/content/rules/Intuitive_Password.com.xml
new file mode 100644
index 000000000000..56855c44cd09
--- /dev/null
+++ b/src/chrome/content/rules/Intuitive_Password.com.xml
@@ -0,0 +1,24 @@
+<!--
+	Nonfunctional subdomains:
+
+		- blog *
+
+	* Reset
+
+
+	^: 503
+
+-->
+<ruleset name="Intuitive Password.com (partial)">
+
+	<target host="intuitivepassword.com" />
+	<target host="www.intuitivepassword.com" />
+
+
+	<securecookie host="^(?:www)?\.intuitivepassword\.com$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?intuitivepassword\.com/"
+		to="https://www.intuitivepassword.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Intux.de.xml b/src/chrome/content/rules/Intux.de.xml
new file mode 100644
index 000000000000..8ea516ed56ce
--- /dev/null
+++ b/src/chrome/content/rules/Intux.de.xml
@@ -0,0 +1,15 @@
+<ruleset name="intux.de">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="intux.de" />
+	<target host="www.intux.de" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Inuits.eu.xml b/src/chrome/content/rules/Inuits.eu.xml
new file mode 100644
index 000000000000..e4ddb8c776b3
--- /dev/null
+++ b/src/chrome/content/rules/Inuits.eu.xml
@@ -0,0 +1,9 @@
+<ruleset name="Inuits.eu">
+
+	<target host="inuits.eu" />
+	<target host="www.inuits.eu" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Invaluable.com.xml b/src/chrome/content/rules/Invaluable.com.xml
new file mode 100644
index 000000000000..0f9a75cd60c4
--- /dev/null
+++ b/src/chrome/content/rules/Invaluable.com.xml
@@ -0,0 +1,35 @@
+<!--
+	Non-functional subdomains:
+		- live	(s)
+		- sothebys.live		(s)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+
+	Host has wildcard cert and dns.
+-->
+<ruleset name="Invaluable.com">
+
+	<target host="invaluable.com" />
+	<target host="www.invaluable.com" />
+	<target host="2018.invaluable.com" />
+	<target host="api.invaluable.com" />
+	<target host="asiaweek.invaluable.com" />
+	<target host="blog.invaluable.com" />
+	<target host="connect.invaluable.com" />
+	<target host="gdpr.invaluable.com" />
+	<target host="news.invaluable.com" />
+	<target host="oldmasters.invaluable.com" />
+	<target host="secure.invaluable.com" />
+	<target host="site.invaluable.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Invenio-software.org.xml b/src/chrome/content/rules/Invenio-software.org.xml
new file mode 100644
index 000000000000..5140d659e37d
--- /dev/null
+++ b/src/chrome/content/rules/Invenio-software.org.xml
@@ -0,0 +1,32 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://invenio-software.org/ => https://invenio-software.org/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.invenio-software.org/ => https://www.invenio-software.org/: (28, 'Connection timed out after 20001 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://invenio-software.org/ => https://invenio-software.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.invenio-software.org/ => https://www.invenio-software.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+	Mixed content:
+
+		- Image from inveniobuilder.cern.ch *
+
+	* Unsecurable <= dropped
+
+-->
+<ruleset name="Invenio-software.org" default_off="failed ruleset test">
+
+	<target host="invenio-software.org" />
+	<target host="www.invenio-software.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^invenio-software\.org$" name="^(trac_form_token|trac_session)$" /-->
+
+	<securecookie host="^invenio-software\.org$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/InventHelp.xml b/src/chrome/content/rules/InventHelp.xml
index 5e07001203e1..1bcee2a431f6 100644
--- a/src/chrome/content/rules/InventHelp.xml
+++ b/src/chrome/content/rules/InventHelp.xml
@@ -4,7 +4,6 @@
 	<target host="www.inventhelp.com" />
 
 
-	<rule from="^http://(www\.)?inventhelp\.com/"
-		to="https://$1inventhelp.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Inventive_Designers.com.xml b/src/chrome/content/rules/Inventive_Designers.com.xml
new file mode 100644
index 000000000000..914efbf0decf
--- /dev/null
+++ b/src/chrome/content/rules/Inventive_Designers.com.xml
@@ -0,0 +1,42 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://support.inventivedesigners.com/ => https://support.inventivedesigners.com/: Too many redirects while fetching 'https://support.inventivedesigners.com/'
+
+	Other Inventive Designers rulesets:
+
+		- Scriptura_Engage.com.xml
+
+
+	Fully covered hosts in *inventivedesigners.com:
+
+		- (www.)?
+		- support
+
+
+	Insecure cookies are set for these hosts:
+
+		- inventivedesigners.com
+		- www.inventivedesigners.com
+
+-->
+<ruleset name="Inventive Designers.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="inventivedesigners.com" />
+	<target host="support.inventivedesigners.com" />
+	<target host="www.inventivedesigners.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?inventivedesigners.com$" name="^AWSELB$" /-->
+
+	<securecookie host="^(?:www\.)?inventivedesigners.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Inverse.xml b/src/chrome/content/rules/Inverse.xml
index b1eaedbcbf7d..34acc18c3d68 100644
--- a/src/chrome/content/rules/Inverse.xml
+++ b/src/chrome/content/rules/Inverse.xml
@@ -4,11 +4,10 @@
 	<target host="www.inverse.ca" />
 
 
-	<securecookie host="^inverse\.ca$" name=".*" />
+	<securecookie host="^inverse\.ca$" name=".+" />
 
 
 	<!--	Cert only matches //inverse.ca.	-->
-	<rule from="^https?://(?:www\.)?inverse\.ca/"
-		to="https://inverse.ca/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/InvestSMART.xml b/src/chrome/content/rules/InvestSMART.xml
index a4c3b9d58300..c503725d04f4 100644
--- a/src/chrome/content/rules/InvestSMART.xml
+++ b/src/chrome/content/rules/InvestSMART.xml
@@ -13,7 +13,7 @@
 
 
 	<!--	Cert doesn't match !www.	-->
-	<rule from="^https?://investsmart\.com\.au/"
+	<rule from="^http://investsmart\.com\.au/"
 		to="https://www.investsmart.com.au/"/>
 
 	<rule from="^http://www\.investsmart\.com\.au/(banner_ads|images|membership|share_trading|style)/"
diff --git a/src/chrome/content/rules/Investigative-News-Network.xml b/src/chrome/content/rules/Investigative-News-Network.xml
deleted file mode 100644
index ce020642720f..000000000000
--- a/src/chrome/content/rules/Investigative-News-Network.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--	hosted on bluehost, pages redirect recursively
--->
-<ruleset name="Investigative News Network (partial)" default_off="mismatch">
-
-	<target host="npjhub.org"/>
-	<target host="www.npjhub.org"/>
-
-	<rule from="^http://(?:www\.)?npjhub\.org/favicon\.ico"
-		to="https://www.npjhub.org/favicon.ico"/>
-
-	<rule from="^http://(?:www\.)?npjhub\.org/wp-(admin/|content/|login\.php)"
-		to="https://www.npjhub.org/~npjhubor/wp-$1"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Investigative_Dashboard.org.xml b/src/chrome/content/rules/Investigative_Dashboard.org.xml
new file mode 100644
index 000000000000..f49f16cf5f86
--- /dev/null
+++ b/src/chrome/content/rules/Investigative_Dashboard.org.xml
@@ -0,0 +1,9 @@
+<ruleset name="Investigative Dashboard.org">
+
+	<target host="investigativedashboard.org" />
+	<target host="www.investigativedashboard.org" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Investing-Channel.xml b/src/chrome/content/rules/Investing-Channel.xml
deleted file mode 100644
index 3d51ba14419c..000000000000
--- a/src/chrome/content/rules/Investing-Channel.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	CDN buckets:
-
-		- s3.amazonaws.com/cdn.investingchannel.com | dggaenaawxe8z.cloudfront.net
-
-	Nonfunctional domains:
-
-		- (www.)investingchannel.com	(times out)
-
--->
-<ruleset name="Investing Channel (partial)">
-
-	<target host="*.investingchannel.com" />
-
-
-	<rule from="^http://ads\.investingchannel\.com/"
-		to="https://ads.investingchannel.com/" />
-
-	<rule from="^https?://cdn\.investingchannel\.com/"
-		to="https://s3.amazonaws.com/cdn.investingchannel.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Investing.com.xml b/src/chrome/content/rules/Investing.com.xml
new file mode 100644
index 000000000000..b829dc50b820
--- /dev/null
+++ b/src/chrome/content/rules/Investing.com.xml
@@ -0,0 +1,75 @@
+<!--
+	Non-functional hosts
+		Mixed content blocking (MCB) triggered:
+		- ru.investing.com
+-->
+<ruleset name="Investing.com">
+	<target host="investing.com" />
+	<target host="www.investing.com" />
+	<target host="au.investing.com" />
+	<target host="binfinity.investing.com" />
+	<target host="br.investing.com" />
+	<target host="ca.investing.com" />
+	<target host="m.ca.investing.com" />
+	<target host="cn.investing.com" />
+	<target host="de.investing.com" />
+	<target host="news.education.investing.com" />
+	<target host="es.investing.com" />
+	<target host="fi.investing.com" />
+	<target host="fr.investing.com" />
+	<target host="gr.investing.com" />
+	<target host="hi.investing.com" />
+	<target host="hk.investing.com" />
+	<target host="id.investing.com" />
+	<target host="il.investing.com" />
+	<target host="in.investing.com" />
+	<target host="it.investing.com" />
+	<target host="jp.investing.com" />
+	<target host="kr.investing.com" />
+	<target host="m.kr.investing.com" />
+	<target host="m.investing.com" />
+	<target host="ms.investing.com" />
+	<target host="mx.investing.com" />
+	<target host="ng.investing.com" />
+	<target host="nl.investing.com" />
+	<target host="ph.investing.com" />
+	<target host="pl.investing.com" />
+	<target host="pt.investing.com" />
+	<target host="sa.investing.com" />
+	<target host="se.investing.com" />
+	<target host="th.investing.com" />
+	<target host="tr.investing.com" />
+	<target host="tvcharts.investing.com" />
+	<target host="uk.investing.com" />
+	<target host="vn.investing.com" />
+	<target host="www.widgets.investing.com" />
+	<target host="br.widgets.investing.com" />
+	<target host="cn.widgets.investing.com" />
+	<target host="de.widgets.investing.com" />
+	<target host="es.widgets.investing.com" />
+	<target host="fi.widgets.investing.com" />
+	<target host="fr.widgets.investing.com" />
+	<target host="gr.widgets.investing.com" />
+	<target host="hk.widgets.investing.com" />
+	<target host="id.widgets.investing.com" />
+	<target host="il.widgets.investing.com" />
+	<target host="in.widgets.investing.com" />
+	<target host="it.widgets.investing.com" />
+	<target host="jp.widgets.investing.com" />
+	<target host="kr.widgets.investing.com" />
+	<target host="mx.widgets.investing.com" />
+	<target host="nl.widgets.investing.com" />
+	<target host="pl.widgets.investing.com" />
+	<target host="pt.widgets.investing.com" />
+	<target host="ru.widgets.investing.com" />
+	<target host="sa.widgets.investing.com" />
+	<target host="th.widgets.investing.com" />
+	<target host="tr.widgets.investing.com" />
+	<target host="uk.widgets.investing.com" />
+	<target host="vn.widgets.investing.com" />
+	<target host="za.investing.com" />
+	
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/InvestingChannel.com.xml b/src/chrome/content/rules/InvestingChannel.com.xml
new file mode 100644
index 000000000000..3abcbec13180
--- /dev/null
+++ b/src/chrome/content/rules/InvestingChannel.com.xml
@@ -0,0 +1,12 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- cdn.investingchannel.com
+-->
+<ruleset name="InvestingChannel.com">
+	<target host="investingchannel.com" />
+	<target host="ads.investingchannel.com" />
+	<target host="www.investingchannel.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Investors-in-People.xml b/src/chrome/content/rules/Investors-in-People.xml
index 9d4a7a74c625..760dc6a96fe5 100644
--- a/src/chrome/content/rules/Investors-in-People.xml
+++ b/src/chrome/content/rules/Investors-in-People.xml
@@ -1,12 +1,12 @@
-<ruleset name="Investors in People">
+<ruleset name="Investors in People.co.uk">
 
 	<target host="www.investorsinpeople.co.uk"/>
 
 
-	<securecookie host="^www\.investorsinpeople\.co\.uk$" name=".+" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^http://www\.investorsinpeople\.co\.uk/"
-		to="https://www.investorsinpeople.co.uk/"/>
+	<rule from="^http:"
+		to="https:"/>
 
 </ruleset>
diff --git a/src/chrome/content/rules/Investors.com.xml b/src/chrome/content/rules/Investors.com.xml
index a7cf4fd7f174..7c5e4bd37021 100644
--- a/src/chrome/content/rules/Investors.com.xml
+++ b/src/chrome/content/rules/Investors.com.xml
@@ -1,4 +1,5 @@
 <!--
+	Disabled per https://github.com/EFForg/https-everywhere/issues/1634
 	Nonfunctional domains:
 
 		- streamer.ibdcd.com	(times out)
@@ -13,7 +14,7 @@
 	Mixed images from www1.ibdcd.com
 
 -->
-<ruleset name="Investors.com (partial)">
+<ruleset name="Investors.com (partial)" default_off="Breaks site">
 
 	<target host="www1.ibdcd.com" />
 	<target host="investors.com" />
@@ -31,4 +32,4 @@
 	<rule from="^http://(www\.)?investors\.com/"
 		to="https://$1investors.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Invidious.site.xml b/src/chrome/content/rules/Invidious.site.xml
new file mode 100644
index 000000000000..63605f5492e5
--- /dev/null
+++ b/src/chrome/content/rules/Invidious.site.xml
@@ -0,0 +1,7 @@
+<ruleset name="Invidious.site">
+	<target host="invidious.site" />
+	<target host="www.invidious.site" />
+	<target host="status.invidious.site" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Invidious.tube.xml b/src/chrome/content/rules/Invidious.tube.xml
new file mode 100644
index 000000000000..1022b1ed76a7
--- /dev/null
+++ b/src/chrome/content/rules/Invidious.tube.xml
@@ -0,0 +1,8 @@
+<ruleset name="Invidious.tube">
+	<target host="invidious.tube" />
+	<target host="www.invidious.tube" />
+	<target host="status.invidious.tube" />
+	<target host="vps.invidious.tube" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Invidious.xyz.xml b/src/chrome/content/rules/Invidious.xyz.xml
new file mode 100644
index 000000000000..89dc00d89715
--- /dev/null
+++ b/src/chrome/content/rules/Invidious.xyz.xml
@@ -0,0 +1,6 @@
+<ruleset name="Invidious.xyz">
+	<target host="invidious.xyz" />
+	<target host="status.invidious.xyz" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Invincea.com.xml b/src/chrome/content/rules/Invincea.com.xml
new file mode 100644
index 000000000000..0c6460060269
--- /dev/null
+++ b/src/chrome/content/rules/Invincea.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Some pages redirect to http.
+
+-->
+<ruleset name="Invincea.com (partial)">
+
+	<target host="invincea.com" />
+	<target host="www.invincea.com" />
+	<target host="info.invincea.com" />
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="^http://(www\.)?invincea\.com/+(contact-invincea/$|favicon\.ico|knowledge-center/|\d\d/\d\d/[\w-]+/$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="^http://(www\.)?invincea\.com/+(?!support($|[?/])|wp-content/|wp-includes/)" /-->
+
+
+	<rule from="^http://(www\.)?invincea\.com/(?=support(?:$|[?/])|wp-content/|wp-includes/)"
+		to="https://$1invincea.com/" />
+
+	<rule from="^http://info\.invincea\.com/(?=css/|images/|js/|rs/)"
+		to="https://na-sjn.marketo.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Invisible.institute.xml b/src/chrome/content/rules/Invisible.institute.xml
new file mode 100644
index 000000000000..d3ea20ac3cb9
--- /dev/null
+++ b/src/chrome/content/rules/Invisible.institute.xml
@@ -0,0 +1,8 @@
+<ruleset name="Invisible.institute">
+	<target host="invisible.institute" />
+	<target host="www.invisible.institute" />
+	<target host="securedrop.invisible.institute" />
+	<target host="the.invisible.institute" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Invision-Power-Services.xml b/src/chrome/content/rules/Invision-Power-Services.xml
index bfae7ff9aa6b..94a178933452 100644
--- a/src/chrome/content/rules/Invision-Power-Services.xml
+++ b/src/chrome/content/rules/Invision-Power-Services.xml
@@ -1,17 +1,37 @@
 <!--
-	Nonfunctional domains:
+	Invision Power Services
 
-		- community.invisionpower.com	(rx_record_too_long)
+
+	CDN buckets:
+
+		- ipscommunity-invisionpowerser1.netdna-ssl.com
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .invisionpower.com
+		- community.invisionpower.com
+		- www.invisionpower.com
 
 -->
-<ruleset name="Invision Power Services (partial)">
+<ruleset name="Invision Power.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="invisionpower.com" />
+	<target host="community.invisionpower.com" />
+	<target host="www.invisionpower.com" />
+
+
+	<!--	Incapsula cookies:
+					-->
+	<!--securecookie host="^\.invisionpower\.com$" name="^(?:incap_ses_\d+|nlbi|visid_incap)_\d+$" /-->
+	<!--securecookie host="^(?:community|www)\.invisionpower\.com$" name="^___utm[abm]\w+$" /-->
 
-	<target host="invisionpower.com"/>
-	<target host="*.invisionpower.com"/>
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(?:www\.)?invisionpower\.com/"
-		to="https://www.invisionpower.com/"/>
 
-	<securecookie host="^\.invisionpower\.com$" name=".*"/>
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/InviteMedia.com.xml b/src/chrome/content/rules/InviteMedia.com.xml
new file mode 100644
index 000000000000..651fb9e17c15
--- /dev/null
+++ b/src/chrome/content/rules/InviteMedia.com.xml
@@ -0,0 +1,27 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- invitemedia.com
+		- www.invitemedia.com
+		- assets.invitemedia.com
+		- dashboard.invitemedia.com
+		- adaptv.pixel.invitemedia.com
+		- adscale.pixel.invitemedia.com
+		- contextweb.pixel.invitemedia.com
+		- hulu.pixel.invitemedia.com
+		- lijit.pixel.invitemedia.com
+		- ca.lijit.pixel.invitemedia.com
+		- pixel.prod2.invitemedia.com
+-->
+<ruleset name="InviteMedia.com">
+	<target host="akamai.invitemedia.com" />
+	<target host="conversion-pixel.invitemedia.com" />
+	<target host="g-pixel.invitemedia.com" />
+	<target host="pixel.invitemedia.com" />
+	<target host="segment-pixel.invitemedia.com" />
+	<target host="t.invitemedia.com" />
+	<target host="tracker.invitemedia.com" />
+	<target host="vmm-pixel.invitemedia.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Invite_Media.xml b/src/chrome/content/rules/Invite_Media.xml
deleted file mode 100644
index e575551c5ec2..000000000000
--- a/src/chrome/content/rules/Invite_Media.xml
+++ /dev/null
@@ -1,42 +0,0 @@
-<!--
-	CDN buckets:
-
-		- dakeffzy54mxb.cloudfront.net
-
-			- www.invitemedia.com
-
-		- akamai.invitemedia.com.edgesuite.net
-
-
-	Problematic subdomains:
-
-		- ^
-		- www		(cloudfront)
-		- akamai	(works, akamai)
-		- bub.px	(depth mismatched)
-
-
-	bub.px, g-pixel, pixel, & segment-pixel serve web bugs.
-
--->
-<ruleset name="Invite Media (partial)">
-
-	<target host="invitemedia.com" />
-	<target host="*.invitemedia.com" />
-
-
-	<securecookie host="^\.invitemedia\.com$" name="^(?:segments_p1|uid)$" />
-
-
-	<rule from="^http://(?:www\.)?invitemedia\.com/([\w-]+\.(?:css|png))"
-		to="https://www.invitemedia.com/$1" />
-
-	<!--	Seems to work (and who cares if it doesn't):
-								-->
-	<rule from="^http://bub\.px\.invitemedia\.com/"
-		to="https://pixel.invitemedia.com/" />
-
-	<rule from="^http://(?:dashboard(?:-cdn)?|g-pixel|pixel|segment-pixel)\.invitemedia\.com/"
-		to="https://$1.invitemedia.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Invitel.xml b/src/chrome/content/rules/Invitel.xml
deleted file mode 100644
index 9138935c7c9e..000000000000
--- a/src/chrome/content/rules/Invitel.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<!-- Nonfunctional subdomains:
-	 - www.invitel.hu (broken links)
--->
-<ruleset name="Invitel (partial)">
-	<target host="mail.invitel.hu" />
-	<target host="webmail.eol.hu" />
-
-	<securecookie host="^(mail\.invitel|webmail\.eol)\.hu$" name=".+" />
-	<rule from="^http://mail\.invitel\.hu/" to="https://mail.invitel.hu/" />
-</ruleset>
diff --git a/src/chrome/content/rules/InvizBox.io.xml b/src/chrome/content/rules/InvizBox.io.xml
new file mode 100644
index 000000000000..82b9cef4e0f7
--- /dev/null
+++ b/src/chrome/content/rules/InvizBox.io.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		-invizbox.io
+		-www.invizbox.io
+
+-->
+<ruleset name="InvizBox.io">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="invizbox.io" />
+	<target host="www.invizbox.io" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?invizbox\.io$" name="^(PHPSESSID|wfvt_\d+)$" /-->
+
+	<securecookie host="^(?:www\.)?invizbox\.io$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Invoca.com.xml b/src/chrome/content/rules/Invoca.com.xml
new file mode 100644
index 000000000000..8732261d320d
--- /dev/null
+++ b/src/chrome/content/rules/Invoca.com.xml
@@ -0,0 +1,28 @@
+<!--
+	Other Invoca rulesets:
+
+		- Invoca.net.xml
+		- RingRevenue.com.xml
+
+
+	At least some pages redirect to http.
+
+-->
+<ruleset name="Invoca.com (partial)">
+
+	<target host="invoca.com" />
+	<target host="www.invoca.com" />
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="^http://(www\.)?invoca\.com/+solutions/($|\?)" /-->
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="^http://(www\.)?invoca\.com/+(?!favicon\.ico|wp-content/|wp-includes/)" /-->
+
+
+	<rule from="^http://(www\.)?invoca\.com/(?=favicon\.ico|wp-content/|wp-includes/)"
+		to="https://$1invoca.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Invoca.net.xml b/src/chrome/content/rules/Invoca.net.xml
new file mode 100644
index 000000000000..e32f56842d23
--- /dev/null
+++ b/src/chrome/content/rules/Invoca.net.xml
@@ -0,0 +1,19 @@
+<!--
+	For other Invoca coverage, see Invoca.com.xml.
+
+-->
+<ruleset name="Invoca.net">
+
+	<target host="invoca.net" />
+	<target host="www.invoca.net" />
+	<target host="www2.invoca.net" />
+
+
+	<!--	Some, but not all, secured by server:
+							-->
+	<securecookie host="^\.invoca\.net$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Invodo.xml b/src/chrome/content/rules/Invodo.xml
index 2698035116a9..3e06e6feca22 100644
--- a/src/chrome/content/rules/Invodo.xml
+++ b/src/chrome/content/rules/Invodo.xml
@@ -13,7 +13,9 @@
 <ruleset name="Invodo (partial)">
 
 	<target host="invodo.com" />
-	<target host="*.invodo.com" />
+	<target host="www.invodo.com" />
+	<target host="e.invodo.com" />
+	<target host="www2.invodo.com" />
 
 
 	<rule from="^http://(www\.)?invodo\.com/register/"
@@ -25,4 +27,4 @@
 	<rule from="^http://www2\.invodo\.com/l/"
 		to="https://go.pardot.com/l/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Invoice_Ocean.xml b/src/chrome/content/rules/Invoice_Ocean.xml
index 7276b03d5933..df62548c879c 100644
--- a/src/chrome/content/rules/Invoice_Ocean.xml
+++ b/src/chrome/content/rules/Invoice_Ocean.xml
@@ -5,13 +5,12 @@
 <ruleset name="Invoice Ocean">
 
 	<target host="invoiceocean.com" />
-	<target host="*.invoiceocean.com" />
+	<target host="www.invoiceocean.com" />
 
 
 	<securecookie host="^\.invoiceocean\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?invoiceocean\.com/"
-		to="https://$1invoiceocean.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Involver.xml b/src/chrome/content/rules/Involver.xml
index 51b326c7980e..9b31c27e4ec6 100644
--- a/src/chrome/content/rules/Involver.xml
+++ b/src/chrome/content/rules/Involver.xml
@@ -1,16 +1,28 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://involver.com/ => https://involver.com/: (51, "SSL: no alternative certificate subject name matches target host name 'involver.com'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://involver.com/ => https://involver.com/: (51, "SSL: no alternative certificate subject name matches target host name 'involver.com'")
 	Nonfunctional subdomains:
 
 		- blog
 
 -->
-<ruleset name="Involver">
+<ruleset name="Involver" default_off="failed ruleset test">
 
 	<target host="involver.com" />
-	<target host="*.involver.com" />
+	<target host="amp.involver.com" />
+	<target host="docs.involver.com" />
+	<target host="embednr.involver.com" />
+	<target host="facebook.involver.com" />
+	<target host="status.involver.com" />
+	<target host="www.involver.com" />
+	<target host="support.involver.com" />
 
 
-	<securecookie host="^.*\.involver\.com$" name=".*" />
+	<securecookie host="^.*\.involver\.com$" name=".+" />
 
 
 	<!--	embednr & facebook appear identical.	-->
diff --git a/src/chrome/content/rules/Inxpo.com.xml b/src/chrome/content/rules/Inxpo.com.xml
new file mode 100644
index 000000000000..f6139fe013f5
--- /dev/null
+++ b/src/chrome/content/rules/Inxpo.com.xml
@@ -0,0 +1,48 @@
+<!--
+	Nonfunctional hosts in *.inxpo.com:
+
+		- reach *
+
+	* Marketo
+
+
+	^inxpo.com: Mismatched
+
+
+	Fully covered hosts in *.inxpo.com:
+
+		- (www.)?	(^ → www)
+		- vts
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.inxpo.com
+
+-->
+<ruleset name="Inxpo.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="vts.inxpo.com" />
+	<target host="www.inxpo.com" />
+
+	<!--	Complications:
+				-->
+	<target host="inxpo.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.inxpo\.com$" name="^ASPSESSIONID[A-Z]{8}$" /-->
+
+	<securecookie host="^www\.inxpo\.com$" name=".+" />
+
+
+	<rule from="^http://inxpo\.com/"
+		to="https://www.inxpo.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Io9.com.xml b/src/chrome/content/rules/Io9.com.xml
deleted file mode 100644
index f32912f8f148..000000000000
--- a/src/chrome/content/rules/Io9.com.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	For other Gawker coverage, see Gawker.xml.
-
-
-	CN: *.a.ssl.fastly.net
-
--->
-<ruleset name="io9.com" default_off="mismatched">
-
-	<target host="io9.com" />
-	<target host="*.io9.com" />
-
-
-	<securecookie host="^\.?io9\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?io9\.com/"
-		to="https://io9.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/IoMTT.com.xml b/src/chrome/content/rules/IoMTT.com.xml
index 89c63914932c..729f5199f4f1 100644
--- a/src/chrome/content/rules/IoMTT.com.xml
+++ b/src/chrome/content/rules/IoMTT.com.xml
@@ -23,14 +23,14 @@
 <ruleset name="IoMTT.com (partial)">
 
 	<target host="iomtt.com" />
-	<target host="*.iomtt.com" />
+	<target host="www.iomtt.com" />
+	<target host="shop.iomtt.com" />
 		<exclusion pattern="^http://(?:shop\.|www\.)?iomtt\.com/(?!~/|(?:Basket|My-Account)(?:$|[?/])|css/|favicon\.ico|images/|js/)" />
 
 
 	<rule from="^http://(?:www\.)?iomtt\.com/"
 		to="https://www.iomtt.com/" />
 
-	<rule from="^http://shop\.iomtt\.com/"
-		to="https://shop.iomtt.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/IoSafe.com.xml b/src/chrome/content/rules/IoSafe.com.xml
new file mode 100644
index 000000000000..973740fbb8ae
--- /dev/null
+++ b/src/chrome/content/rules/IoSafe.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- iosafe.com
+		- www.iosafe.com
+
+-->
+<ruleset name="ioSafe.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="iosafe.com" />
+	<target host="www.iosafe.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?iosafe\.com$" name="^iosafe_customer$" /-->
+
+	<securecookie host="^(?:www\.)?iosafe\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Iojs.org.xml b/src/chrome/content/rules/Iojs.org.xml
new file mode 100644
index 000000000000..512b02a55225
--- /dev/null
+++ b/src/chrome/content/rules/Iojs.org.xml
@@ -0,0 +1,9 @@
+<ruleset name="iojs.org">
+
+	<target host="iojs.org" />
+	<target host="www.iojs.org" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/IonicFramework.com.xml b/src/chrome/content/rules/IonicFramework.com.xml
new file mode 100644
index 000000000000..1820d3db25d6
--- /dev/null
+++ b/src/chrome/content/rules/IonicFramework.com.xml
@@ -0,0 +1,22 @@
+<!--
+	Non-functional hosts
+		Timeout was reached:
+		- apps.ionicframework.com
+
+		SSL peer certificate was not OK:
+		- demo.ionicframework.com
+		- learn.ionicframework.com
+		- present.ionicframework.com
+		- status.ionicframework.com
+
+		Mixed content blocking (MCB) triggered:
+		- showcase.ionicframework.com
+-->
+<ruleset name="IonicFramework.com">
+	<target host="ionicframework.com" />
+	<target host="www.ionicframework.com" />
+	<target host="code.ionicframework.com" />
+	<target host="forum.ionicframework.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Iono.fm.xml b/src/chrome/content/rules/Iono.fm.xml
new file mode 100644
index 000000000000..a3df11cb2914
--- /dev/null
+++ b/src/chrome/content/rules/Iono.fm.xml
@@ -0,0 +1,47 @@
+<!--
+	CDN buckets:
+
+		- d1pbkbr0pcz1zy.cloudfront.net	← static
+
+
+	Problematic hosts in *iono.fm:
+
+		- static ᵐ
+
+	ᵐ Mismatched/cloudfront
+
+
+	Insecure cookies are set for these domains:
+
+		- .iono.fm
+
+
+	Mixed content:
+
+		- Images from static.iono.fm *
+
+	* Secured by us
+
+-->
+<ruleset name="Iono.fm">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="iono.fm" />
+	<target host="www.iono.fm" />
+
+	<!--	Complications:
+				-->
+	<target host="static.iono.fm" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.iono\.fm$" name="^iono_fm$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Iovation.xml b/src/chrome/content/rules/Iovation.xml
index b780a7b4c42d..8842117e740c 100644
--- a/src/chrome/content/rules/Iovation.xml
+++ b/src/chrome/content/rules/Iovation.xml
@@ -10,13 +10,13 @@
 <ruleset name="iovation">
 
 	<target host="iovation.com" />
-	<target host="*.iovation.com" />
+	<target host="admin.iovation.com" />
+	<target host="www.iovation.com" />
 
 
-	<securecookie host="^(?:.+\.)?iovation\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(admin\.|www\.)?iovation\.com/"
-		to="https://$1iovation.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Iphoneblog.de.xml b/src/chrome/content/rules/Iphoneblog.de.xml
new file mode 100644
index 000000000000..6dd11888f866
--- /dev/null
+++ b/src/chrome/content/rules/Iphoneblog.de.xml
@@ -0,0 +1,15 @@
+<!--
+	Nonfunctional hosts in *.iphoneblog.de:
+
+	Server not found:
+	    beta.iphoneblog.de
+	    dav.iphoneblog.de
+-->
+<ruleset name="Iphoneblog">
+
+	<target host="iphoneblog.de" />
+	<target host="www.iphoneblog.de" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Iphoneincanada.ca.xml b/src/chrome/content/rules/Iphoneincanada.ca.xml
new file mode 100644
index 000000000000..9f5129eb8d4e
--- /dev/null
+++ b/src/chrome/content/rules/Iphoneincanada.ca.xml
@@ -0,0 +1,24 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://iphoneincanada.ca/ => https://iphoneincanada.ca/: Too many redirects while fetching 'https://iphoneincanada.ca/'
+Fetch error: http://www.iphoneincanada.ca/ => https://www.iphoneincanada.ca/: Too many redirects while fetching 'https://www.iphoneincanada.ca/'
+Fetch error: http://cdn.iphoneincanada.ca/ => https://cdn.iphoneincanada.ca/: Too many redirects while fetching 'https://cdn.iphoneincanada.ca/'
+
+	Nonfunctional hosts in *.iphoneincanada.ca:
+	    forums.iphoneincanada.ca (Not found)
+	    push.iphoneincanada.ca (Error 404 - Not found)
+	    www.push.iphoneincanada.ca (Server not found)
+-->
+<ruleset name="Iphoneincanada" default_off="failed ruleset test">
+
+	<target host="iphoneincanada.ca" />
+	<target host="www.iphoneincanada.ca" />
+	<target host="cdn.iphoneincanada.ca" />
+	<target host="deals.iphoneincanada.ca" />
+	<target host="dev.iphoneincanada.ca" />
+	<target host="cdn.dev.iphoneincanada.ca" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Iphonelife.com.xml b/src/chrome/content/rules/Iphonelife.com.xml
new file mode 100644
index 000000000000..aed79ec23bcd
--- /dev/null
+++ b/src/chrome/content/rules/Iphonelife.com.xml
@@ -0,0 +1,22 @@
+<!--
+	Nonfunctional hosts in *.iphonelife.com:
+	    www.cdn.iphonelife.com (Server not found)
+	    dev.iphonelife.com (Redirect to "androidlife.com")
+	    digital.iphonelife.com (HTTPS connection refused)
+	    www.insider.iphonelife.com (Server not found)
+	    local.iphonelife.com (Server not found)
+	    www.mailer.iphonelife.com (Server not found)
+	    static.iphonelife.com (HTTPS connection refused)
+-->
+<ruleset name="Iphonelife">
+
+	<target host="iphonelife.com" />
+	<target host="www.iphonelife.com" />
+	<target host="cdn.iphonelife.com" />
+	<target host="deals.iphonelife.com" />
+	<target host="insider.iphonelife.com" />
+	<target host="mailer.iphonelife.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Iplay.com.xml b/src/chrome/content/rules/Iplay.com.xml
new file mode 100644
index 000000000000..37218ff13f82
--- /dev/null
+++ b/src/chrome/content/rules/Iplay.com.xml
@@ -0,0 +1,37 @@
+<!--
+	Nonfunctional subdomains:
+
+		- company *
+
+	* Refused
+
+
+	^: works; mismatched, CN: www.casualgames.com
+
+-->
+<ruleset name="Iplay.com (partial)">
+
+	<target host="iplay.com" />
+	<target host="www.iplay.com" />
+	<target host="client.iplay.com" />
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="^http://(www\.)?iplay\.com/+($|\?)" /-->
+		<!--
+			Recursive redirect:
+						-->
+		<!--exclusion pattern="^http://(www\.)?iplay\.com/+(download-game|error/cookies_disable\.jsp)($|\?)" /-->
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="^http://(www\.)?iplay\.com/+(?!favicon\.ico|page/secure/)" /-->
+
+
+	<rule from="^http://(?:www\.)?iplay\.com/(?=favicon\.ico|page/secure/)"
+		to="https://www.iplay.com/" />
+
+	<rule from="^http://client\.iplay\.com/"
+		to="https://client.iplay.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/IppenDigital.xml b/src/chrome/content/rules/IppenDigital.xml
new file mode 100644
index 000000000000..5acd5214a014
--- /dev/null
+++ b/src/chrome/content/rules/IppenDigital.xml
@@ -0,0 +1,8 @@
+<ruleset name="Ippen-Digital">
+
+	<target host="idcdn.de" />
+	<!-- cert mismatch for (www.\)ippen-digital.de -->
+
+	<rule from="^http:" to="https:"/>
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ipredictive.com.xml b/src/chrome/content/rules/Ipredictive.com.xml
new file mode 100644
index 000000000000..6c690d2d6288
--- /dev/null
+++ b/src/chrome/content/rules/Ipredictive.com.xml
@@ -0,0 +1,15 @@
+<!--
+	www: Expired
+
+
+	^ doesn't exist.
+
+-->
+<ruleset name="ipredictive.com (partial)">
+
+	<target host="ad.ipredictive.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ipsidixit.net.xml b/src/chrome/content/rules/Ipsidixit.net.xml
new file mode 100644
index 000000000000..67de74f343bc
--- /dev/null
+++ b/src/chrome/content/rules/Ipsidixit.net.xml
@@ -0,0 +1,19 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ipsidixit.net/ => https://ipsidixit.net/: (51, "SSL: no alternative certificate subject name matches target host name 'ipsidixit.net'")
+
+-->
+<ruleset name="ipsidixit.net" default_off="failed ruleset test">
+
+	<target host="ipsidixit.net" />
+	<target host="www.ipsidixit.net" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ipsos-MORI.com.xml b/src/chrome/content/rules/Ipsos-MORI.com.xml
new file mode 100644
index 000000000000..787580cbdb36
--- /dev/null
+++ b/src/chrome/content/rules/Ipsos-MORI.com.xml
@@ -0,0 +1,29 @@
+<!--
+	For other Ipsos coverage, see Ipsos.xml.
+
+
+	Insecure cookies are set for these hosts:
+
+		- ipsos-mori.com
+		- www.ipsos-mori.com
+
+-->
+<ruleset name="Ipsos-MORI.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ipsos-mori.com" />
+	<target host="www.ipsos-mori.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?ipsos-mori\.com$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^(?:www\.)?ipsos-mori\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ipsos.xml b/src/chrome/content/rules/Ipsos.xml
index 9322c44318ac..34a4c0d25250 100644
--- a/src/chrome/content/rules/Ipsos.xml
+++ b/src/chrome/content/rules/Ipsos.xml
@@ -1,23 +1,31 @@
 <!--
+	Other Ipsos rulesets:
+
+		- Ipsos-MORI.com.xml
+
+
 	Nonfunctional domains:
 
 		- (www.)ipsos.se	(times out)
 
--->
-<ruleset name="Ipsos (partial)">
 
-	<target host="ipsos-na.com" />
-	<target host="www.ipsos-na.com" />
-	<target host="provsmakning.synovate.se" />
+	Mixed content:
+
+		- css from fonts.googleapis.com *
+		- Image from ipsos-na.com *
 
+	* Secured by us
 
-	<securecookie host="^provsmakning\.synovate\.se$" name=".+" />
+-->
+<ruleset name="Ipsos-NA.com">
 
+	<!--	Direct rewrites:
+				-->
+	<target host="ipsos-na.com" />
+	<target host="www.ipsos-na.com" />
 
-	<rule from="^http://(www\.)?ipsos-na\.com/"
-		to="https://$1ipsos-na.com/" />
 
-	<rule from="^http://provsmakning\.synovate\.se/"
-		to="https://provsmakning.synovate.se/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Ipswich.gov.uk.xml b/src/chrome/content/rules/Ipswich.gov.uk.xml
new file mode 100644
index 000000000000..0fc16d8cfa84
--- /dev/null
+++ b/src/chrome/content/rules/Ipswich.gov.uk.xml
@@ -0,0 +1,53 @@
+<!--
+	Ipswich Borough Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in ipswich.gov.uk:
+
+		- maps ⁵
+	⁵ 500
+
+
+	Insecure cookies are set for these hosts:
+
+		- apps.ipswich.gov.uk
+		- democracy.ipswich.gov.uk
+		- email.ipswich.gov.uk
+		- epayments.ipswich.gov.uk
+		- sportbookings.ipswich.gov.uk
+
+-->
+<ruleset name="Ipswich.gov.uk (partial)">
+
+	<target host="ipswich.gov.uk" />
+	<target host="app.ipswich.gov.uk" />
+	<target host="apps.ipswich.gov.uk" />
+	<target host="democracy.ipswich.gov.uk" />
+	<target host="email.ipswich.gov.uk" />
+	<target host="epayments.ipswich.gov.uk" />
+	<target host="my.ipswich.gov.uk" />
+	<target host="ppc.ipswich.gov.uk" />
+	<target host="sportbookings.ipswich.gov.uk" />
+	<target host="www.ipswich.gov.uk" />
+
+		<!--	Sets cookies without Secure:
+							-->
+		<!--test url="http://apps.ipswich.gov.uk/PEO/" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^apps\.ipswich\.gov\.uk$" name="^(?:ASPSESSIONID[A-Z]{8}|SalePoint|eSRO_UID)$" /-->
+	<!--securecookie host="^(?:democracy|sportbookings)\.ipswich\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^email\.ipswich\.gov\.uk$" name="^JSESSIONID$" /-->
+	<!--securecookie host="^epayments\.ipswich\.gov\.uk$" name="^EForm_(?:LIMIT_TEST|Options)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Iqualita.link.xml b/src/chrome/content/rules/Iqualita.link.xml
new file mode 100644
index 000000000000..c90d08f43e70
--- /dev/null
+++ b/src/chrome/content/rules/Iqualita.link.xml
@@ -0,0 +1,25 @@
+<!--
+	www.iqualita.link: Mismatched
+
+-->
+<ruleset name="iqualita.link">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="iqualita.link" />
+
+	<!--	Complications:
+				-->
+	<target host="www.iqualita.link" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://www\.iqualita\.link/"
+		to="https://iqualita.link/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Iraiser.eu.xml b/src/chrome/content/rules/Iraiser.eu.xml
new file mode 100644
index 000000000000..ffc56b4ecdb5
--- /dev/null
+++ b/src/chrome/content/rules/Iraiser.eu.xml
@@ -0,0 +1,31 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- support.iraiser.eu
+		- www.iraiser.eu
+
+-->
+<ruleset name="iRaiser.eu">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="iraiser.eu" />
+	<target host="libs.iraiser.eu" />
+	<target host="support.iraiser.eu" />
+	<target host="www.iraiser.eu" />
+
+		<test url="http://libs.iraiser.eu/libs/intl-tel-input/css/intlTelInput.css" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^support\.iraiser\.eu$" name="^_redmine_session$" /-->
+	<!--securecookie host="^www\.iraiser\.eu$" name="^(?:_icl_current_language|PHPSESSID|nf_wp_session)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/IraqBodyCount.org.xml b/src/chrome/content/rules/IraqBodyCount.org.xml
new file mode 100644
index 000000000000..a6c4385e5c37
--- /dev/null
+++ b/src/chrome/content/rules/IraqBodyCount.org.xml
@@ -0,0 +1,9 @@
+<ruleset name="IraqBodyCount.org">
+	<target host="iraqbodycount.org" />
+	<target host="www.iraqbodycount.org" />
+	<target host="reports.iraqbodycount.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Iraqueer.org.xml b/src/chrome/content/rules/Iraqueer.org.xml
new file mode 100644
index 000000000000..7bdf51859152
--- /dev/null
+++ b/src/chrome/content/rules/Iraqueer.org.xml
@@ -0,0 +1,20 @@
+<!--
+	Time out:
+		mail.iraqueer.org
+		mail.ar-iraqueer.org
+
+-->
+<ruleset name="Iraqueer.org">
+
+	<target host="iraqueer.org" />
+	<target host="www.iraqueer.org" />
+
+	<target host="ar-iraqueer.org" />
+	<target host="www.ar-iraqueer.org" />
+
+	<target host="ku-iraqueer.org" />
+	<target host="www.ku-iraqueer.org" />	
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Irccloud.com.xml b/src/chrome/content/rules/Irccloud.com.xml
index b08c6300a988..bd73bdfed919 100644
--- a/src/chrome/content/rules/Irccloud.com.xml
+++ b/src/chrome/content/rules/Irccloud.com.xml
@@ -1,22 +1,11 @@
-<!-- This rule was automatically generated based on an HSTS
-     preload rule in the Chromium browser.  See
-     https://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.h
-     for the list of preloads.  Sites are added to the Chromium HSTS
-     preload list on request from their administrators, so HTTPS should
-     work properly everywhere on this site.
+<ruleset name="IRCCloud">
+	<target host="irccloud.com" />
+	<target host="www.irccloud.com" />
+	<target host="api.irccloud.com" />
+	<target host="blog.irccloud.com" />
 
-     Because Chromium and derived browsers automatically force HTTPS for
-     every access to this site, this rule applies only to Firefox. -->
-<ruleset name="Irccloud.com" platform="firefox">
-<target host="irccloud.com" />
-<target host="www.irccloud.com" />
-<target host="alpha.irccloud.com" />
+	<securecookie host=".+" name=".+" />
 
-<securecookie host="^irccloud\.com$" name=".+" />
-<securecookie host="^www\.irccloud\.com$" name=".+" />
-<securecookie host="^alpha\.irccloud\.com$" name=".+" />
-
-<rule from="^http://irccloud\.com/" to="https://irccloud.com/" />
-<rule from="^http://www\.irccloud\.com/" to="https://www.irccloud.com/" />
-<rule from="^http://alpha\.irccloud\.com/" to="https://alpha.irccloud.com/" />
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Ireeco.com.xml b/src/chrome/content/rules/Ireeco.com.xml
index 4e554d0e730f..8e7222d0e353 100644
--- a/src/chrome/content/rules/Ireeco.com.xml
+++ b/src/chrome/content/rules/Ireeco.com.xml
@@ -1,13 +1,13 @@
-<ruleset name="Ireeco.com">
+<ruleset name="Ireeco.com" default_off="plaintext reply">
 
 	<target host="ireeco.com" />
-	<target host="*.ireeco.com" />
+	<target host="www.ireeco.com" />
 
 
 	<securecookie host="^\.ireeco\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?ireeco\.com/"
-		to="https://$1ireeco.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Irish-Country-Cottages.co.uk.xml b/src/chrome/content/rules/Irish-Country-Cottages.co.uk.xml
new file mode 100644
index 000000000000..6aa15d4b9599
--- /dev/null
+++ b/src/chrome/content/rules/Irish-Country-Cottages.co.uk.xml
@@ -0,0 +1,20 @@
+<!--
+	For other Wyndham related rulesets, see WyndhamHotels.com.xml
+
+	Non-functional hosts
+		Timeout was reached:
+		- irish-country-cottages.co.uk
+
+		Mixed content blocking (MCB) triggered:
+		- www.irish-country-cottages.co.uk
+-->
+<ruleset name="Irish-Country-Cottages.co.uk" platform="mixedcontent">
+	<target host="irish-country-cottages.co.uk" />
+	<target host="www.irish-country-cottages.co.uk" />
+
+	<rule from="^http://irish-country-cottages\.co\.uk/"
+		  	to="https://www.irish-country-cottages.co.uk/" />
+
+	<rule from="^http:"
+		  	to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/IrishBroadband.xml b/src/chrome/content/rules/IrishBroadband.xml
index 8360df58e931..1aae84e7fac3 100644
--- a/src/chrome/content/rules/IrishBroadband.xml
+++ b/src/chrome/content/rules/IrishBroadband.xml
@@ -1,4 +1,12 @@
-<ruleset name="Irish Broadband" platform="mixedcontent">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://irishbroadband.ie/ => https://www.irishbroadband.ie/: (60, 'SSL certificate problem: certificate has expired')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://irishbroadband.ie/ => https://www.irishbroadband.ie/: (51, "SSL: no alternative certificate subject name matches target host name 'www.irishbroadband.ie'")
+-->
+<ruleset name="Irish Broadband" platform="mixedcontent" default_off="failed ruleset test">
   <target host="irishbroadband.ie" />
   <target host="*.irishbroadband.ie" />
 
diff --git a/src/chrome/content/rules/Ironwhale.com.xml b/src/chrome/content/rules/Ironwhale.com.xml
index a7f979d7a9b9..42f3e18e801e 100644
--- a/src/chrome/content/rules/Ironwhale.com.xml
+++ b/src/chrome/content/rules/Ironwhale.com.xml
@@ -4,13 +4,13 @@
 -->
 <ruleset name="Ironwhale.com">
 
-	<target host="*.ironwhale.com" />
+	<target host="mail.ironwhale.com" />
+	<target host="www.ironwhale.com" />
 
 
 	<securecookie host="^www\.ironwhale\.com$" name=".+" />
 
 
-	<rule from="^http://(mail|www)\.ironwhale\.com/"
-		to="https://$1.ironwhale.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Irssi.xml b/src/chrome/content/rules/Irssi.xml
new file mode 100644
index 000000000000..4adc5af7883b
--- /dev/null
+++ b/src/chrome/content/rules/Irssi.xml
@@ -0,0 +1,10 @@
+<ruleset name="Irssi (partial)">
+
+	<target host="irssi.org" />
+	<target host="www.irssi.org" />
+	<target host="scripts.irssi.org" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Irwin-Law.xml b/src/chrome/content/rules/Irwin-Law.xml
index 751c9b37b309..ad43d3564d41 100644
--- a/src/chrome/content/rules/Irwin-Law.xml
+++ b/src/chrome/content/rules/Irwin-Law.xml
@@ -4,10 +4,9 @@
 	<target host="www.irwinlaw.com" />
 
 
-	<securecookie host="^www\.irwinlaw\.com$" name=".*" />
+	<securecookie host="^www\.irwinlaw\.com$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?irwinlaw\.com/"
-		to="https://www.irwinlaw.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Is-its.org.xml b/src/chrome/content/rules/Is-its.org.xml
new file mode 100644
index 000000000000..3fb930d04240
--- /dev/null
+++ b/src/chrome/content/rules/Is-its.org.xml
@@ -0,0 +1,5 @@
+<ruleset name="Is-its.org">
+  <target host="www.is-its.org" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Is_Leaked.com.xml b/src/chrome/content/rules/Is_Leaked.com.xml
new file mode 100644
index 000000000000..48ce4809024f
--- /dev/null
+++ b/src/chrome/content/rules/Is_Leaked.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="Is Leaked.com">
+
+	<target host="isleaked.com" />
+	<target host="www.isleaked.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Is_TLS_Fast_Yet.com.xml b/src/chrome/content/rules/Is_TLS_Fast_Yet.com.xml
new file mode 100644
index 000000000000..284b2a6e5831
--- /dev/null
+++ b/src/chrome/content/rules/Is_TLS_Fast_Yet.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="Is TLS Fast Yet.com">
+
+	<target host="istlsfastyet.com" />
+	<target host="www.istlsfastyet.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Isalo.org.xml b/src/chrome/content/rules/Isalo.org.xml
new file mode 100644
index 000000000000..5c4ddc42f2ae
--- /dev/null
+++ b/src/chrome/content/rules/Isalo.org.xml
@@ -0,0 +1,44 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://isalo.org/ => https://isalo.org/: (51, "SSL: no alternative certificate subject name matches target host name 'isalo.org'")
+Fetch error: http://pix.isalo.org/ => https://pix.isalo.org/: (51, "SSL: no alternative certificate subject name matches target host name 'pix.isalo.org'")
+
+	Problematic hosts in *isalo.org:
+
+		- paste ˢ ˣ
+
+	ˢ Self-signed
+	ˣ Mixed css
+
+
+	Mixed content:
+
+		- css on paste from www.karma.mg ˢ
+
+		- Images, on:
+
+			- paste from www.karma.mg ˢ
+			- www from $self ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="Isalo.org (partial)" default_off="failed ruleset test">
+
+	<target host="isalo.org" />
+	<target host="pix.isalo.org" />
+	<target host="www.isalo.org" />
+
+		<!--	Mixed images:
+					-->
+		<!--test url="http://www.isalo.org/wiki.debian-fr/Accueil" /-->
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Iscturkey.org.xml b/src/chrome/content/rules/Iscturkey.org.xml
new file mode 100644
index 000000000000..cde499685f68
--- /dev/null
+++ b/src/chrome/content/rules/Iscturkey.org.xml
@@ -0,0 +1,6 @@
+<ruleset name="ISCTurkey.org">
+	<target host="iscturkey.org" />
+	<target host="www.iscturkey.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Iseclab.org.xml b/src/chrome/content/rules/Iseclab.org.xml
index 12719becc974..e40e77a970f2 100644
--- a/src/chrome/content/rules/Iseclab.org.xml
+++ b/src/chrome/content/rules/Iseclab.org.xml
@@ -1,9 +1,20 @@
+<!--
+	Invalid certificate:
+		anubis.iseclab.org
+		blog.iseclab.org
+		mail.iseclab.org
+		secenv.iseclab.org
+		secprog.iseclab.org
+		wepawet.iseclab.org
+
+-->
 <ruleset name="Iseclab.org">
-  <target host="www.iseclab.org"/>
-  <target host="iseclab.org"/>
-  <target host="anubis.iseclab.org"/>
-  <target host="inetsec.iseclab.org"/>
-  <rule from="^http://(www\.)?iseclab\.org/" to="https://www.iseclab.org/"/>
-  <rule from="^http://(anubis|inetsec)\.iseclab\.org/" to="https://$1.iseclab.org/"/>
+
+	<target host="iseclab.org"/>
+	<target host="www.iseclab.org"/>
+	<target host="course.iseclab.org" />
+
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
-<!-- Rule generated by HTTPS Finder 0.85 and manually edited -->
\ No newline at end of file
diff --git a/src/chrome/content/rules/Isen.com.xml b/src/chrome/content/rules/Isen.com.xml
index 9dc242a74e2f..c3d9fb06f872 100644
--- a/src/chrome/content/rules/Isen.com.xml
+++ b/src/chrome/content/rules/Isen.com.xml
@@ -1,11 +1,11 @@
-<ruleset name="isen.com" default_off="mismatch">
+<ruleset name="isen.com" default_off="mismatched">
 
 	<!--	Cert: Parallels Panel	-->
 	<target host="isen.com" />
 	<target host="www.isen.com" />
 
 
-	<rule from="^https?://(?:www\.)?isen\.com/"
+	<rule from="^http://(?:www\.)?isen\.com/"
 		to="https://isen.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Ishares.com.xml b/src/chrome/content/rules/Ishares.com.xml
new file mode 100644
index 000000000000..77698b3cc878
--- /dev/null
+++ b/src/chrome/content/rules/Ishares.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="Ishares.com">
+	<target host="ishares.com" />
+	<target host="www.ishares.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Islam-Guide.com.xml b/src/chrome/content/rules/Islam-Guide.com.xml
new file mode 100644
index 000000000000..cfa9d82a047b
--- /dev/null
+++ b/src/chrome/content/rules/Islam-Guide.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="Islam-Guide.com">
+	<target host="islam-guide.com" />
+	<target host="www.islam-guide.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Islam21c.com.xml b/src/chrome/content/rules/Islam21c.com.xml
new file mode 100644
index 000000000000..136e2c8c2cfd
--- /dev/null
+++ b/src/chrome/content/rules/Islam21c.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="Islam21c.com">
+	<target host="islam21c.com" />
+	<target host="www.islam21c.com" />
+	<target host="ecourses.islam21c.com" />
+	<target host="emag.islam21c.com" />
+
+	<securecookie host="^(www|ecourses|emag)\.islam21c\.com$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Islam4u.com.xml b/src/chrome/content/rules/Islam4u.com.xml
new file mode 100644
index 000000000000..d4cb7aab2d1f
--- /dev/null
+++ b/src/chrome/content/rules/Islam4u.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="Islam4u.com">
+	<target host="islam4u.com" />
+	<target host="www.islam4u.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/IslamAcademy.net.xml b/src/chrome/content/rules/IslamAcademy.net.xml
new file mode 100644
index 000000000000..312d45f1a454
--- /dev/null
+++ b/src/chrome/content/rules/IslamAcademy.net.xml
@@ -0,0 +1,32 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://forum.islamacademy.net/ => https://forum.islamacademy.net/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.forum.islamacademy.net/ => https://forum.islamacademy.net/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://intesab.islamacademy.net/ => https://intesab.islamacademy.net/: (51, "SSL: no alternative certificate subject name matches target host name 'intesab.islamacademy.net'")
+
+	Invalid certificate:
+	- www.benaa.islamacademy.net
+	- www.forum.islamacademy.net
+
+-->
+<ruleset name="IslamAcademy.net" default_off="failed ruleset test">
+	<target host="islamacademy.net" />
+	<target host="www.islamacademy.net" />
+	<target host="almajd.islamacademy.net" />
+	<target host="benaa.islamacademy.net" />
+	<target host="www.benaa.islamacademy.net" />
+	<target host="courses.islamacademy.net" />
+	<target host="forum.islamacademy.net" />
+	<target host="www.forum.islamacademy.net" />
+	<target host="intesab.islamacademy.net" />
+	<target host="ls.islamacademy.net" />
+	<target host="maqraa.islamacademy.net" />
+	<target host="maqraa-en.islamacademy.net" />
+	<target host="media.islamacademy.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://www\.(benaa|forum)\.islamacademy\.net/" to="https://$1.islamacademy.net/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/IslamDownload.net.xml b/src/chrome/content/rules/IslamDownload.net.xml
new file mode 100644
index 000000000000..33601725b254
--- /dev/null
+++ b/src/chrome/content/rules/IslamDownload.net.xml
@@ -0,0 +1,12 @@
+<!--
+	Refused:
+	- files.islamdownload.net
+
+-->
+<ruleset name="IslamDownload.net (partial)">
+	<target host="islamdownload.net" />
+	<target host="www.islamdownload.net" />
+	<target host="mail.islamdownload.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/IslamHouse.com.xml b/src/chrome/content/rules/IslamHouse.com.xml
new file mode 100644
index 000000000000..e3b1a5a6158b
--- /dev/null
+++ b/src/chrome/content/rules/IslamHouse.com.xml
@@ -0,0 +1,26 @@
+<!--
+	No working URL known:
+		social.islamhouse.com
+	Too much mixed content blocking:
+		old.islamhouse.com
+		s1.islamhouse.com
+	Different HTTP/HTTPS content:
+		d2.islamhouse.com
+		d3.islamhouse.com
+		down1.islamhouse.com
+-->
+<ruleset name="IslamHouse.com" >
+	<target host="islamhouse.com" />
+	<target host="www.islamhouse.com" />
+	<target host="api.islamhouse.com" />
+	<target host="balagh.islamhouse.com" />
+	<target host="d1.islamhouse.com" />
+	<target host="quran.islamhouse.com" />
+	<target host="radio.islamhouse.com" />
+	<target host="ramadan.islamhouse.com" />
+	<target host="torrent.islamhouse.com" />
+
+	<securecookie host="^(www|api|balagh|d1|quran|radio|ramadan|torrent)\.islamhouse\.com$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/IslamInSpanish.org.xml b/src/chrome/content/rules/IslamInSpanish.org.xml
new file mode 100644
index 000000000000..9cf001ca210d
--- /dev/null
+++ b/src/chrome/content/rules/IslamInSpanish.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="IslamInSpanish.org">
+	<target host="islaminspanish.org" />
+	<target host="www.islaminspanish.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/IslamNews.ru.xml b/src/chrome/content/rules/IslamNews.ru.xml
new file mode 100644
index 000000000000..384ec8e26daf
--- /dev/null
+++ b/src/chrome/content/rules/IslamNews.ru.xml
@@ -0,0 +1,16 @@
+<!--
+	Invalid Security Certificate:
+		hadith.islamnews.ru
+		koran.islamnews.ru
+		en.islamnews.ru
+	Unable to Connect:
+		ar.islamnews.ru
+-->
+<ruleset name="IslamNews.ru">
+	<target host="islamnews.ru" />
+	<target host="www.islamnews.ru" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/IslamReligion.com.xml b/src/chrome/content/rules/IslamReligion.com.xml
new file mode 100644
index 000000000000..fe5bf4c990c2
--- /dev/null
+++ b/src/chrome/content/rules/IslamReligion.com.xml
@@ -0,0 +1,17 @@
+<!--
+	Invalid certificate:
+	- stream.islamreligion.com
+
+	No working URL known:
+	- support.islamreligion.com
+
+-->
+<ruleset name="IslamReligion.com">
+	<target host="islamreligion.com" />
+	<target host="www.islamreligion.com" />
+	<target host="api.islamreligion.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/IslamSpirit.com.xml b/src/chrome/content/rules/IslamSpirit.com.xml
new file mode 100644
index 000000000000..9245b1c2e236
--- /dev/null
+++ b/src/chrome/content/rules/IslamSpirit.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="IslamSpirit.com">
+	<target host="islamspirit.com" />
+	<target host="www.islamspirit.com" />
+	<target host="mail.islamspirit.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/IslamStory.com.xml b/src/chrome/content/rules/IslamStory.com.xml
new file mode 100644
index 000000000000..64f13369002e
--- /dev/null
+++ b/src/chrome/content/rules/IslamStory.com.xml
@@ -0,0 +1,14 @@
+<ruleset name="IslamStory.com">
+	<target host="islamstory.com" />
+	<target host="www.islamstory.com" />
+	<target host="books.islamstory.com" />
+	<target host="demo.islamstory.com" />
+	<target host="en.islamstory.com" />
+	<target host="forum.islamstory.com" />
+	<target host="lite.islamstory.com" />
+	<target host="newsite.islamstory.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/IslamSyria.com.xml b/src/chrome/content/rules/IslamSyria.com.xml
new file mode 100644
index 000000000000..cc328a230ee7
--- /dev/null
+++ b/src/chrome/content/rules/IslamSyria.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="IslamSyria.com">
+	<target host="islamsyria.com" />
+	<target host="www.islamsyria.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/IslamToday.net.xml b/src/chrome/content/rules/IslamToday.net.xml
new file mode 100644
index 000000000000..ff9ada647894
--- /dev/null
+++ b/src/chrome/content/rules/IslamToday.net.xml
@@ -0,0 +1,33 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://islamtoday.net/ => https://islamtoday.net/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://dev.islamtoday.net/ => https://dev.islamtoday.net/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+
+	Invalid certificate:
+	- az.islamtoday.net
+
+	Time out:
+	- media.islamtoday.net
+
+	Too much mixed content blocking:
+	- muntada.islamtoday.net
+
+-->
+<ruleset name="IslamToday.net" default_off="failed ruleset test">
+	<target host="islamtoday.net" />
+	<target host="www.islamtoday.net" />
+	<target host="azzawiah.islamtoday.net" />
+	<target host="ch.islamtoday.net" />
+	<target host="dev.islamtoday.net" />
+	<target host="download.islamtoday.net" />
+	<target host="en.islamtoday.net" />
+	<target host="fr.islamtoday.net" />
+	<target host="hklive.islamtoday.net" />
+	<target host="jawal.islamtoday.net" />
+	<target host="magazine.islamtoday.net" />
+
+	<securecookie host="^(www|azzawiah|ch|dev|download|en|fr|hklive|jawal|magazine)\.islamtoday\.net$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/IslamWay.net.xml b/src/chrome/content/rules/IslamWay.net.xml
new file mode 100644
index 000000000000..9b26c47122af
--- /dev/null
+++ b/src/chrome/content/rules/IslamWay.net.xml
@@ -0,0 +1,35 @@
+<!--
+	Invalid Certificate:
+		islamway.net
+		www.islamway.net
+		de.islamway.net
+		discover.islamway.net
+		en.islamway.net
+		es.islamway.net
+		fa.islamway.net
+		fr.islamway.net
+		id.islamway.net
+		it.islamway.net
+		mohammed.islamway.net
+		ar.old.islamway.net
+		pt.islamway.net
+		sisters.islamway.net
+		tr.islamway.net
+		zh.islamway.net
+	No working URL known:
+		books.islamway.net
+		media.islamway.net
+		download.media.islamway.net
+		quran.islamway.net
+-->
+<ruleset name="IslamWay.net">
+	<target host="akhawat.islamway.net" />
+	<target host="ar.islamway.net" />
+	<target host="ar.beta.islamway.net" />
+	<target host="static.islamway.net" />
+		<test url="http://static.islamway.net/bundles/islamway/images/vid-play.png/" />
+
+	<securecookie host="^(akhawat|ar|static)\.islamway\.net$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/IslamWeb.net.xml b/src/chrome/content/rules/IslamWeb.net.xml
new file mode 100644
index 000000000000..2df26e93bc02
--- /dev/null
+++ b/src/chrome/content/rules/IslamWeb.net.xml
@@ -0,0 +1,33 @@
+<!--
+	Refused:
+	- audio2.islamweb.net
+	- bwb.islamweb.net
+	- gk.islamweb.net (serves traffic from port 8080)
+	- kids.islamweb.net
+	- kidsen.islamweb.net
+	- quran.islamweb.net
+	- tube.islamweb.net
+
+-->
+<ruleset name="IslamWeb.net">
+	<target host="islamweb.net" />
+	<target host="www.islamweb.net" />
+	<target host="articles.islamweb.net" />
+	<target host="audio.islamweb.net" />
+	<target host="audio3.islamweb.net" />
+	<target host="consult.islamweb.net" />
+	<target host="deaf.islamweb.net" />
+	<target host="fatwa.islamweb.net" />
+	<target host="global.islamweb.net" />
+	<target host="library.islamweb.net" />
+	<target host="live.islamweb.net" />
+	<target host="live1.islamweb.net" />
+	<target host="m.islamweb.net" />
+	<target host="main.islamweb.net" />
+	<target host="mobile.islamweb.net" />
+	<target host="sms.islamweb.net" />
+
+	<securecookie host="^(www|articles|audio|audio3|consult|deaf|fatwa|global|library|live|live1|m|main|mobile|sms)\.islamweb\.net$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Islambook.com.xml b/src/chrome/content/rules/Islambook.com.xml
new file mode 100644
index 000000000000..305595ff445f
--- /dev/null
+++ b/src/chrome/content/rules/Islambook.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="Islambook.com">
+	<target host="islambook.com" />
+	<target host="www.islambook.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Islamedia.id.xml b/src/chrome/content/rules/Islamedia.id.xml
new file mode 100644
index 000000000000..30f9008ed7dc
--- /dev/null
+++ b/src/chrome/content/rules/Islamedia.id.xml
@@ -0,0 +1,15 @@
+<!--
+	Secure connection failed:
+	- berita.islamedia.id
+	- info.islamedia.id
+
+	Too much mixed content blocking:
+	- mail.islamedia.id
+
+-->
+<ruleset name="Islamedia.id">
+	<target host="islamedia.id" />
+	<!-- www.islamedia.id is not in public DNS ("Server not found") -->
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Islamibankbd.com.xml b/src/chrome/content/rules/Islamibankbd.com.xml
new file mode 100644
index 000000000000..dde166b38ea5
--- /dev/null
+++ b/src/chrome/content/rules/Islamibankbd.com.xml
@@ -0,0 +1,18 @@
+<!--
+	Unable to connect:
+		career.islamibankbd.com
+		remit.islamibankbd.com
+-->
+<ruleset name="Islamibankbd.com" platform="mixedcontent">
+	<target host="islamibankbd.com" />
+	<target host="www.islamibankbd.com" />
+	<target host="ibblportal.islamibankbd.com" />
+	<target host="ipaysafe.islamibankbd.com" />
+	<target host="mail.islamibankbd.com" />
+	<target host="mcash.islamibankbd.com" />
+	<target host="spotcash.islamibankbd.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Islamic-Awareness.org.xml b/src/chrome/content/rules/Islamic-Awareness.org.xml
new file mode 100644
index 000000000000..fcf85121fda1
--- /dev/null
+++ b/src/chrome/content/rules/Islamic-Awareness.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="Islamic-Awareness.org">
+	<target host="islamic-awareness.org" />
+	<target host="www.islamic-awareness.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Islamic-Center-of-Pittsburgh.xml b/src/chrome/content/rules/Islamic-Center-of-Pittsburgh.xml
new file mode 100644
index 000000000000..9c32557192eb
--- /dev/null
+++ b/src/chrome/content/rules/Islamic-Center-of-Pittsburgh.xml
@@ -0,0 +1,8 @@
+<ruleset name="Islamic Center of Pittsburgh">
+	<target host="icp-pgh.org" />
+	<target host="www.icp-pgh.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Islamic-Relief.xml b/src/chrome/content/rules/Islamic-Relief.xml
new file mode 100644
index 000000000000..bf5dd854ce8f
--- /dev/null
+++ b/src/chrome/content/rules/Islamic-Relief.xml
@@ -0,0 +1,22 @@
+<!--
+	Invalid certificate:
+	- islamic-relief.com
+	- www.islamic-relief.com
+
+	Refused:
+	- irworldwide.org
+	- www.irworldwide.org
+
+-->
+<ruleset name="Islamic Relief (partial)" platform="mixedcontent">
+	<target host="donations.islamic-relief.com" />
+	<target host="policy.islamic-relief.com" />
+
+	<target host="islamic-relief.me" />
+	<target host="www.islamic-relief.me" />
+
+	<target host="islamic-relief.org" />
+	<target host="www.islamic-relief.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/IslamicBoard.com.xml b/src/chrome/content/rules/IslamicBoard.com.xml
new file mode 100644
index 000000000000..2730ac56679a
--- /dev/null
+++ b/src/chrome/content/rules/IslamicBoard.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="IslamicBoard.com">
+	<target host="islamicboard.com" />
+	<target host="www.islamicboard.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/IslamicBulletin.org.xml b/src/chrome/content/rules/IslamicBulletin.org.xml
new file mode 100644
index 000000000000..9b9965d299cf
--- /dev/null
+++ b/src/chrome/content/rules/IslamicBulletin.org.xml
@@ -0,0 +1,14 @@
+<!--
+	Mismatch:
+		m.islamicbulletin.org
+	SSL error:
+		www.mobile.islamicbulletin.org
+-->
+<ruleset name="IslamicBulletin.org">
+	<target host="islamicbulletin.org" />
+	<target host="www.islamicbulletin.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/IslamicFiles.net.xml b/src/chrome/content/rules/IslamicFiles.net.xml
new file mode 100644
index 000000000000..c2f11474202e
--- /dev/null
+++ b/src/chrome/content/rules/IslamicFiles.net.xml
@@ -0,0 +1,8 @@
+<ruleset name="IslamicFiles.net">
+	<target host="islamicfiles.net" />
+	<target host="www.islamicfiles.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/IslamicFinder.org.xml b/src/chrome/content/rules/IslamicFinder.org.xml
new file mode 100644
index 000000000000..e4ad161f31ce
--- /dev/null
+++ b/src/chrome/content/rules/IslamicFinder.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="IslamicFinder.org">
+	<target host="islamicfinder.org" />
+	<target host="www.islamicfinder.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/IslamicPortal.co.uk.xml b/src/chrome/content/rules/IslamicPortal.co.uk.xml
new file mode 100644
index 000000000000..a4ceb6de6363
--- /dev/null
+++ b/src/chrome/content/rules/IslamicPortal.co.uk.xml
@@ -0,0 +1,8 @@
+<ruleset name="IslamicPortal.co.uk">
+	<target host="islamicportal.co.uk" />
+	<target host="www.islamicportal.co.uk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/IslamicTech.com.xml b/src/chrome/content/rules/IslamicTech.com.xml
new file mode 100644
index 000000000000..7659cd8919e6
--- /dev/null
+++ b/src/chrome/content/rules/IslamicTech.com.xml
@@ -0,0 +1,24 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://bramj.islamictech.com/ => https://bramj.islamictech.com/: label empty or too long
+Fetch error: http://soft.islamictech.com/ => https://soft.islamictech.com/: label empty or too long
+
+-->
+<ruleset name="IslamicTech.com" default_off="failed ruleset test">
+	<target host="islamictech.com" />
+	<target host="www.islamictech.com" />
+	<target host="ar.islamictech.com" />
+	<target host="bramj.islamictech.com" />
+	<target host="cdn.islamictech.com" />
+	<target host="js.islamictech.com" />
+		<test url="http://js.islamictech.com/bramj.js" />
+	<target host="jscdn.islamictech.com" />
+	<target host="menhag.islamictech.com" />
+	<target host="mobiles.islamictech.com" />
+	<target host="soft.islamictech.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/IslamicTextInstitute.co.za.xml b/src/chrome/content/rules/IslamicTextInstitute.co.za.xml
new file mode 100644
index 000000000000..caa889e7c0bf
--- /dev/null
+++ b/src/chrome/content/rules/IslamicTextInstitute.co.za.xml
@@ -0,0 +1,8 @@
+<ruleset name="IslamicTextInstitute.co.za">
+	<target host="islamictextinstitute.co.za" />
+	<target host="www.islamictextinstitute.co.za" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/IslamophobiaNetwork.com.xml b/src/chrome/content/rules/IslamophobiaNetwork.com.xml
new file mode 100644
index 000000000000..0b171779ce4c
--- /dev/null
+++ b/src/chrome/content/rules/IslamophobiaNetwork.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="IslamophobiaNetwork.com">
+	<target host="islamophobianetwork.com" />
+	<target host="www.islamophobianetwork.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Islamophobie.net.xml b/src/chrome/content/rules/Islamophobie.net.xml
new file mode 100644
index 000000000000..130115026e76
--- /dev/null
+++ b/src/chrome/content/rules/Islamophobie.net.xml
@@ -0,0 +1,12 @@
+<ruleset name="Islamophobie.net">
+	<target host="islamophobie.net" />
+	<target host="www.islamophobie.net" />
+	<target host="appli.islamophobie.net" />
+	<target host="diner.islamophobie.net" />
+	<target host="donner.islamophobie.net" />
+	<target host="politiques.islamophobie.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Islamosaic.com.xml b/src/chrome/content/rules/Islamosaic.com.xml
new file mode 100644
index 000000000000..c606dece083e
--- /dev/null
+++ b/src/chrome/content/rules/Islamosaic.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="Islamosaic.com">
+	<target host="islamosaic.com" />
+	<target host="www.islamosaic.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Island-Savings.xml b/src/chrome/content/rules/Island-Savings.xml
new file mode 100644
index 000000000000..14e547af427b
--- /dev/null
+++ b/src/chrome/content/rules/Island-Savings.xml
@@ -0,0 +1,22 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://dashband.islandsavings.ca/ => https://dashband.islandsavings.ca/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	Incomplete certificate chain:
+		- partners.islandsavings.ca
+-->
+
+<ruleset name="Island Savings" default_off="failed ruleset test">
+	<target host="islandsavings.ca" />
+	<target host="www.islandsavings.ca" />
+	<target host="dashband.islandsavings.ca" />
+	<target host="keepingitsimple.islandsavings.ca" />
+	<target host="mail.islandsavings.ca" />
+	<target host="mdws.islandsavings.ca" />
+	<target host="refer.islandsavings.ca" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Isle.jp.xml b/src/chrome/content/rules/Isle.jp.xml
new file mode 100644
index 000000000000..69e9b30f7258
--- /dev/null
+++ b/src/chrome/content/rules/Isle.jp.xml
@@ -0,0 +1,29 @@
+<!--
+	For other GMO coverage, see GMO_Internet.xml.
+
+
+	(www.): refused
+
+
+	Fully covered subdomains:
+
+		- (www.)	(-> shared.gmocloud.com)
+		- help
+		- set
+
+-->
+<ruleset name="Isle.jp">
+
+	<target host="isle.jp" />
+	<target host="*.isle.jp" />
+
+
+	<!--	Redirects as so:
+				-->
+	<rule from="^http://(?:www\.)?isle\.jp/+"
+		to="https://shared.gmocloud.com/" />
+
+	<rule from="^http://(home|set)\.isle\.jp/"
+		to="https://$1.isle.jp/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Islenzka.net.xml b/src/chrome/content/rules/Islenzka.net.xml
new file mode 100644
index 000000000000..3adc7b482a6f
--- /dev/null
+++ b/src/chrome/content/rules/Islenzka.net.xml
@@ -0,0 +1,10 @@
+<ruleset name="Islenzka.net">
+
+	<target host="islenzka.net" />
+	<target host="www.islenzka.net" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Islington.gov.uk.xml b/src/chrome/content/rules/Islington.gov.uk.xml
new file mode 100644
index 000000000000..a53e2460a6dd
--- /dev/null
+++ b/src/chrome/content/rules/Islington.gov.uk.xml
@@ -0,0 +1,86 @@
+<!--
+	London Borough of Islington Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *islington.gov.uk:
+
+		- bookofremembrance ᵈ
+		- directory ᵃ
+		- events ᶠ
+		- jobs ᵃ
+		- linksforliving ᵃ
+		- planning ᵈ
+
+	ᵃ Shows another domain
+	ᵈ Dropped
+	ᶠ Handshake fails
+
+
+	Problematic hosts in *islington.gov.uk:
+
+		- ^ ᵐ
+		- www.energyadvice ᵐ
+		- evidencehub ᵐ
+		- toughchoices ᵐ ˣ
+
+	ᵐ Mismatched
+	ˣ Server sends no certificate chain, see https://whatsmychaincert.com
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.energyadvice.islington.gov.uk
+		- myeaccount.islington.gov.uk
+		- secure.islington.gov.uk
+		- toughchoices.islington.gov.uk
+
+
+	Mixed content:
+
+		- css on touchchoices from $self ᵐ
+
+		- Images, on:
+
+			- democracy from $self ˢ
+			- www.energyadvice, touchchoices from $self ᵐ
+
+	ᵐ Not secured by us <= mismatched
+	ˢ Secured by us
+
+-->
+<ruleset name="Islington.gov.uk">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="democracy.islington.gov.uk" />
+	<target host="myeaccount.islington.gov.uk" />
+	<target host="secure.islington.gov.uk" />
+	<target host="www.islington.gov.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="islington.gov.uk" />
+
+		<!--	Sets cookie without Secure:
+							-->
+		<!--test url="http://secure.islington.gov.uk/payments/sales/launchinternet.aspx?payableonly=true" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^myeaccount\.islington\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^secure\.islington\.gov\.uk$" name="^EForm\ (?:LIMIT\ TEST|Options)$" /-->
+	<!--securecookie host="^(?:www\.energyadvice|toughchoices)\.islington\.gov\.uk$" name="^DYNSRV$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://islington\.gov\.uk/"
+		to="https://www.islington.gov.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/IsoHunt.to.xml b/src/chrome/content/rules/IsoHunt.to.xml
new file mode 100644
index 000000000000..9c6d87e31b80
--- /dev/null
+++ b/src/chrome/content/rules/IsoHunt.to.xml
@@ -0,0 +1,66 @@
+<!--
+	NB: Tor users cannot view* this website due to CloudFlare settings.
+
+	See:
+
+		- https://blog.torproject.org/blog/call-arms-helping-internet-services-accept-anonymous-users
+		- https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block-Tor-
+		- https://support.cloudflare.com/hc/en-us/articles/200170206-How-do-I-turn-I-m-Under-Attack-mode-on-
+
+	* without enabling javascript, for security and privacy implications see e.g.:
+
+		- https://www.mozilla.org/security/known-vulnerabilities/firefox.html
+		- https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-fingerprinting
+		- https://panopticlick.eff.org
+
+
+	Nonfunctional subdomains:
+
+		- forum *
+		- i *
+		- openbay
+
+	* 404; mismatched, CN: isohunt.to
+
+
+	www: cert only matches ^isohunt.to.
+
+
+	Insecure cookies are set for these domains:
+
+		- .isohunt.to
+
+
+	Mixed content:
+
+		- Web bug from i *
+
+	* Unsecurable
+
+-->
+<ruleset name="isoHunt.to (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="isohunt.to" />
+
+	<!--	Complications:
+				-->
+	<target host="www.isohunt.to" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.isohunt\.to$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^isohunt\.to$" name=".+" />
+	<securecookie host="^\.isohunt\.to$" name="^__cfduid$" />
+
+
+	<rule from="^http://www\.isohunt\.to/"
+		to="https://isohunt.to/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/IsoHunt.xml b/src/chrome/content/rules/IsoHunt.xml
index da0cf6297179..738a7899c9c7 100644
--- a/src/chrome/content/rules/IsoHunt.xml
+++ b/src/chrome/content/rules/IsoHunt.xml
@@ -1,4 +1,12 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://isohunt.com/ => https://isohunt.com/: (7, 'Failed to connect to isohunt.com port 443: Connection reset by peer')
+Fetch error: http://ca.isohunt.com/ => https://ca.isohunt.com/: (6, 'Could not resolve host: ca.isohunt.com')
+Fetch error: http://www.isohunt.com/ => https://www.isohunt.com/: (35, 'Unknown SSL protocol error in connection to www.isohunt.com:443 ')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://isohunt.com/ => https://isohunt.com/: (7, 'Failed to connect to isohunt.com port 443: Connection refused')
 	s3.amazonaws.com/TN-SITES/2695/
 
 
@@ -7,16 +15,16 @@
 		- tickets
 
 -->
-<ruleset name="IsoHunt" platform="mixedcontent">
+<ruleset name="IsoHunt" platform="mixedcontent" default_off="failed ruleset test">
 
 	  <target host="isohunt.com" />
-	  <target host="*.isohunt.com" />
+	<target host="ca.isohunt.com" />
+	<target host="www.isohunt.com" />
 
 
-	<securecookie host="^(.*\.)?isohunt\.com$" name=".*" />
+	<securecookie host=".+" name=".+" />
 
 
-	  <rule from="^http://(ca\.|www\.)?isohunt\.com/"
-		to="https://$1isohunt.com/" />
+	  <rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Isocket.xml b/src/chrome/content/rules/Isocket.xml
deleted file mode 100644
index 5cb4063bcd9d..000000000000
--- a/src/chrome/content/rules/Isocket.xml
+++ /dev/null
@@ -1,26 +0,0 @@
-<!--
-	Nonfunctional domains:
-
-		- blog.isocket.com	(cert: *.wpengine.com; 403)
-
--->
-<ruleset name="isocket (partial)">
-
-	<!--	* for cross-domain cookie.	-->
-	<target host="*.adsbyisocket.com" />
-	<target host="isocket.com" />
-	<target host="www.isocket.com" />
-	<!--	* for cross-domain cookie.	-->
-	<target host="*.www.isocket.com" />
-
-
-	<securecookie host="^.*\.(adsby)?isocket\.com$" name=".*" />
-
-
-	<rule from="^http://d\.adsbyisocket\.com/"
-		to="https://d.adsbyisocket.com/" />
-
-	<rule from="^http://(www\.)?isocket\.com/"
-		to="https://$1isocket.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Isomorphic_Software.xml b/src/chrome/content/rules/Isomorphic_Software.xml
index 7b930b16f487..e639134521d7 100644
--- a/src/chrome/content/rules/Isomorphic_Software.xml
+++ b/src/chrome/content/rules/Isomorphic_Software.xml
@@ -1,4 +1,12 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://isomorphic.com/ => https://www.isomorphic.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.isomorphic.com'")
+Fetch error: http://www.isomorphic.com/ => https://www.isomorphic.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.isomorphic.com'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://isomorphic.com/ => https://www.isomorphic.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.isomorphic.com'")
+Fetch error: http://www.isomorphic.com/ => https://www.isomorphic.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.isomorphic.com'")
 	Nonfunctional subdomains:
 
 		- blog		(times out)
@@ -7,7 +15,7 @@
 	Cert only matches www.
 
 -->
-<ruleset name="Isomorphic Software (partial)">
+<ruleset name="Isomorphic Software (partial)" default_off="failed ruleset test">
 
 	<target host="isomorphic.com" />
 	<target host="www.isomorphic.com" />
@@ -16,7 +24,7 @@
 	<securecookie host="^www\.isomorphic\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?isomorphic\.com/"
+	<rule from="^http://(?:www\.)?isomorphic\.com/"
 		to="https://www.isomorphic.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Isorno.com.xml b/src/chrome/content/rules/Isorno.com.xml
index 2c50ea8be685..ffe317b28f81 100644
--- a/src/chrome/content/rules/Isorno.com.xml
+++ b/src/chrome/content/rules/Isorno.com.xml
@@ -5,13 +5,13 @@
 <ruleset name="Isorno.com" default_off="self-signed">
 
 	<target host="isorno.com" />
-	<target host="*.isorno.com" />
+	<target host="www.isorno.com" />
 
 
 	<securecookie host="^\.isorno\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?isorno\.com/"
+	<rule from="^http://(?:www\.)?isorno\.com/"
 		to="https://www.isorno.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/IssHub.io.xml b/src/chrome/content/rules/IssHub.io.xml
new file mode 100644
index 000000000000..31f8beccd4d3
--- /dev/null
+++ b/src/chrome/content/rules/IssHub.io.xml
@@ -0,0 +1,12 @@
+<ruleset name="IssHub.com">
+
+	<target host="isshub.io" />
+	<target host="www.isshub.io" />
+
+
+	<securecookie host="^\.isshub\.io$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Issuu_Aps.xml b/src/chrome/content/rules/Issuu_Aps.xml
index c26482195144..463a0103b391 100644
--- a/src/chrome/content/rules/Issuu_Aps.xml
+++ b/src/chrome/content/rules/Issuu_Aps.xml
@@ -1,28 +1,66 @@
 <!--
-	CDN buckets:
+	Issuu Aps
 
-		- s3.amazonaws.com/feed.issuu.com/
-		- s3.amazonaws.com/sidebar.issuu.com/
+	Other Issuu Aps rulesets:
 
+		- Isu.pub.xml
 
-	Nonfunctional subdomains:
+	Nonfunctional hosts in *issuu.com:
+
+		- help *
+    - feed *
+    - sidebar *
+
+	* Zendesk / redirects to http
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- issuu.com
+		- .issuu.com
 
-		- (www.)	(200 "PAGE NOT FOUND", valid cert)
-		- help		(zendesk)
- 
 -->
-<ruleset name="Issuu Aps (partial)">
+<ruleset name="Issuu.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="issuu.com" />
+	<target host="e.issuu.com" />
+	<target host="image.issuu.com" />
+	<target host="photo.issuu.com" />
+	<target host="skin.issuu.com" />
+	<target host="static.issuu.com" />
+	<target host="www.issuu.com" />
+
+	<!--	Complications:
+				-->
+	<target host="help.issuu.com" />
+
+		<exclusion pattern="^http://help\.issuu\.com/(?!/*(?:favicon\.ico|images/|system/))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://help.issuu.com/hc" />
+			<test url="http://help.issuu.com/hc/communities/public/topics" />
+			<test url="http://help.issuu.com/hc/en-us" />
+			<test url="http://help.issuu.com/hc/en-us/signin" />
+
+			<!--	-ve:
+					-->
+			<test url="http://help.issuu.com/favicon.ico" />
 
-	<target host="*.issuu.com" />
+		<test url="http://issuu.com/cornellfieldcrops" />
 
 
-	<rule from="^http://(feed|sidebar)\.issuu\.com/"
-		to="https://s3.amazonaws.com/$1.issuu.com/" />
+	<!--	not secured by server:
+					-->
+	<!--securecookie host="^issuu\.com$" name="^experiment$" /-->
+	<!--securecookie host="^\.issuu\.com$" name="^(?:i18next|iutk)$" /-->
 
-	<rule from="^http://help\.issuu\.com/(generated|system)/"
-		to="https://assets.zendesk.com/$1/" />
+	<rule from="^http://help\.issuu\.com/"
+		to="https://issuu.zendesk.com/" />
 
-	<rule from="^http://(image|skin|static)\.issuu\.com/"
-		to="https://$1.issuu.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Ist-track.com.xml b/src/chrome/content/rules/Ist-track.com.xml
new file mode 100644
index 000000000000..ecacf9702b02
--- /dev/null
+++ b/src/chrome/content/rules/Ist-track.com.xml
@@ -0,0 +1,14 @@
+<ruleset name="ist-track.com">
+
+	<target host="www.ist-track.com" />
+
+		<test url="http://www.ist-track.com/ProcessClickImage.ashx?timeStamp=:::" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Istanbul_hs.org.xml b/src/chrome/content/rules/Istanbul_hs.org.xml
new file mode 100644
index 000000000000..356585496cb2
--- /dev/null
+++ b/src/chrome/content/rules/Istanbul_hs.org.xml
@@ -0,0 +1,16 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://istanbulhs.org/ => https://istanbulhs.org/: (52, 'Empty reply from server')
+Fetch error: http://www.istanbulhs.org/ => https://www.istanbulhs.org/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="istanbul hs.org" default_off="failed ruleset test">
+
+	<target host="istanbulhs.org" />
+	<target host="www.istanbulhs.org" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Istella.it.xml b/src/chrome/content/rules/Istella.it.xml
new file mode 100644
index 000000000000..8829f65f5fe1
--- /dev/null
+++ b/src/chrome/content/rules/Istella.it.xml
@@ -0,0 +1,69 @@
+<!--
+	Nonfunctional hosts in *istella.it:
+
+		- blog ᵈ
+		- images.library ᵈ
+		- m ⁴
+
+	⁴ 404
+	ᵈ Dropped
+
+
+	Problematic hosts in *istella.it:
+
+		- ^ ⁴
+		- video ᵉ ᵐ
+
+	⁴ 404
+	ᵉ Expired
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these domains:
+
+		- .istella.it
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- news from images.library.istella.it
+			- shopping from i\d+.twenga.com *
+
+		- Bugs, on:
+
+			- image, mappe, news, shopping, video, www from tiscaliadv01.webtrekk.net *
+			- image, video, www from \d+.fls.doubleclick.net
+			- shopping from s0.c4tw.net *
+
+	* Secured by us
+
+-->
+<ruleset name="istella.it (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="image.istella.it" />
+	<target host="mappe.istella.it" />
+	<target host="news.istella.it" />
+	<target host="shopping.istella.it" />
+	<target host="www.istella.it" />
+
+	<!--	Complications:
+				-->
+	<target host="istella.it" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.istella\.it$" name="^prod_session$" /-->
+
+
+	<rule from="^http://istella\.it/"
+		to="https://www.istella.it/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Istio.io.xml b/src/chrome/content/rules/Istio.io.xml
new file mode 100644
index 000000000000..8c78698a10fa
--- /dev/null
+++ b/src/chrome/content/rules/Istio.io.xml
@@ -0,0 +1,27 @@
+<!--
+	Refused:
+		fortio-daily
+		fortio-stage
+-->
+<ruleset name="Istio.io">
+
+	<target host="istio.io" />
+	<target host="www.istio.io" />
+	<target host="archive.istio.io" />
+	<target host="discuss.istio.io" />
+	<target host="eng.istio.io" />
+	<target host="fortio.istio.io" />
+	<target host="gcsweb.istio.io" />
+		<test url="http://gcsweb.istio.io/gcs/istio-prerelease/daily-build" />
+	<target host="ibmcloud-perf.istio.io" />
+	<target host="ibmcloud-perf-grafana.istio.io" />
+	<target host="preliminary.istio.io" />
+	<target host="prow.istio.io" />
+	<target host="prow-private.istio.io" />
+	<target host="velodrome.istio.io" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Isu.pub.xml b/src/chrome/content/rules/Isu.pub.xml
new file mode 100644
index 000000000000..ebb900915810
--- /dev/null
+++ b/src/chrome/content/rules/Isu.pub.xml
@@ -0,0 +1,20 @@
+<!--
+	For other Issuu Aps coverage, see Issuu_Aps.xml.
+
+-->
+<ruleset name="Isu.pub">
+
+	<target host="photo.isu.pub" />
+	<target host="static.isu.pub" />
+
+		<test url="http://photo.isu.pub/m_magazine/photo_large.jpg" />
+		<test url="http://static.isu.pub/fe/issuu-landing-page/s3/7/pages/explore/index.css" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/IsyVmon.xml b/src/chrome/content/rules/IsyVmon.xml
index aabcfdee434e..ad5f526ddf83 100644
--- a/src/chrome/content/rules/IsyVmon.xml
+++ b/src/chrome/content/rules/IsyVmon.xml
@@ -1,4 +1,7 @@
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://isyvmon.com/ => http://isyvmon.com/: (28, 'Connection timed out after 10000 milliseconds')
+Fetch error: http://www.isyvmon.com/ => http://www.isyvmon.com/: (28, 'Connection timed out after 10000 milliseconds')
 	Problematic subdomains:
 
 		- ^	(cert only matches www)
@@ -16,4 +19,4 @@
 	<rule from="^http://(?:www\.)?isyvmon\.com/(fileadmin/|index\.php\?eID=sr_freecap_captcha|(?:de/)?login\.html|typo3(?:conf|temp)?/)"
 		to="https://www.isyvmon.com/$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ItBit.com.xml b/src/chrome/content/rules/ItBit.com.xml
new file mode 100644
index 000000000000..a957af0c73bb
--- /dev/null
+++ b/src/chrome/content/rules/ItBit.com.xml
@@ -0,0 +1,41 @@
+<!--
+	^: Mismatched
+
+
+	Fully covered subdomains:
+
+		- (www.)?	(^ → www)
+		- support
+
+
+	Insecure cookies are set for these domains:
+
+		- www.itbit.com
+
+
+	These altnames don't exist:
+
+		- www.support.itbit.com
+
+-->
+<ruleset name="itBit.com">
+
+	<target host="itbit.com" />
+	<target host="support.itbit.com" />
+	<target host="www.itbit.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.itbit\.com$" name="^hsPagesViewedThisSession$" /-->
+
+	<securecookie host="^www\.itbit\.com$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?itbit\.com/"
+		to="https://www.itbit.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ItHappens.me.xml b/src/chrome/content/rules/ItHappens.me.xml
new file mode 100644
index 000000000000..b32e3be4789e
--- /dev/null
+++ b/src/chrome/content/rules/ItHappens.me.xml
@@ -0,0 +1,11 @@
+<!--
+	See also ItHappens.ru.xml
+-->
+<ruleset name="ItHappens.me">
+	<target host="ithappens.me" />
+	<target host="www.ithappens.me" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ItHappens.ru.xml b/src/chrome/content/rules/ItHappens.ru.xml
new file mode 100644
index 000000000000..1c07ea3a1943
--- /dev/null
+++ b/src/chrome/content/rules/ItHappens.ru.xml
@@ -0,0 +1,11 @@
+<!--
+	See also ItHappens.me.xml
+-->
+<ruleset name="ItHappens.ru">
+	<target host="ithappens.ru" />
+	<target host="www.ithappens.ru" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Italian-Country-Cottages.co.uk.xml b/src/chrome/content/rules/Italian-Country-Cottages.co.uk.xml
new file mode 100644
index 000000000000..97e716ac0d67
--- /dev/null
+++ b/src/chrome/content/rules/Italian-Country-Cottages.co.uk.xml
@@ -0,0 +1,20 @@
+<!--
+	For other Wyndham related rulesets, see WyndhamHotels.com.xml
+
+	Non-functional hosts
+		Timeout was reached:
+		- italian-country-cottages.co.uk
+
+		Mixed content blocking (MCB) triggered:
+		- www.italian-country-cottages.co.uk
+-->
+<ruleset name="Italian-Country-Cottages.co.uk" platform="mixedcontent">
+	<target host="italian-country-cottages.co.uk" />
+	<target host="www.italian-country-cottages.co.uk" />
+
+	<rule from="^http://italian-country-cottages\.co\.uk/"
+		to="https://www.italian-country-cottages.co.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Italian-Linux-Society.xml b/src/chrome/content/rules/Italian-Linux-Society.xml
deleted file mode 100644
index 44ae7ca9ff52..000000000000
--- a/src/chrome/content/rules/Italian-Linux-Society.xml
+++ /dev/null
@@ -1,30 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- ftp		(no https)
-		- cslug		(shows default WebFaction page; mismatched, CN: *.webfaction.com)
-		- lug *
-		- pavia *
-		- planet *
-		- siracusa *
-
-	* Shows www
-
--->
-<ruleset name="Italian Linux Society" default_off="mismatch" platform="cacert">
-
-	<target host="linux.it" />
-	<target host="*.linux.it" />
-		<exclusion pattern="^http://(?:cslug|erlug|ftp|pavia|planet|siracusa)\." />
-
-
-	<!--	Observed domains:
-
-			- lists
-			- picard	(which cert matches)
-			- www
-				-->
-	<rule from="^http://(\w+\.)?linux\.it/"
-		to="https://$1linux.it/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Italien-Facile.com.xml b/src/chrome/content/rules/Italien-Facile.com.xml
new file mode 100644
index 000000000000..0ad437dae1c5
--- /dev/null
+++ b/src/chrome/content/rules/Italien-Facile.com.xml
@@ -0,0 +1,11 @@
+<!--
+	See for related rulesets: FrancaisFacile.com.xml
+-->
+<ruleset name="Italien-Facile.com">
+	<target host="italien-facile.com" />
+	<target host="www.italien-facile.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Itau.com.br.xml b/src/chrome/content/rules/Itau.com.br.xml
new file mode 100644
index 000000000000..afa7f939bf2a
--- /dev/null
+++ b/src/chrome/content/rules/Itau.com.br.xml
@@ -0,0 +1,12 @@
+<ruleset name="Itau.com.br">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="itau.com.br" />
+	<target host="www.itau.com.br" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Itbiz.cz.xml b/src/chrome/content/rules/Itbiz.cz.xml
index 442a96f77103..fba34df0eff5 100644
--- a/src/chrome/content/rules/Itbiz.cz.xml
+++ b/src/chrome/content/rules/Itbiz.cz.xml
@@ -1,19 +1,47 @@
 <!--
-	Problematic subdomains:
+	^itbiz.cz: 404
 
-		- ^	(404, valid cert)
+
+	Insecure cookies are set for these hosts:
+
+		- www.itbiz.cz
+
+
+	Mixed content;
+
+		- Images, from:
+
+			- linkbox.argonit.cz ¹
+			- go.cz.bbelements.com ²
+
+		- Ads from $self
+
+	¹ Ruleset disabled by default <= mismatched
+	² Secured by us
 
 -->
-<ruleset name="itbiz.cz">
+<ruleset name="itbiz.cz" default_off="expired">
 
-	<target host="itbiz.cz" />
+	<!--	Direct rewrites:
+				-->
 	<target host="www.itbiz.cz" />
 
+	<!--	Complications:
+				-->
+	<target host="itbiz.cz" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.itbiz\.cz$" name="^JSESSIONID$" /-->
 
-	<securecookie host="^www\.itbiz\.cz$" name=".+" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?itbiz\.cz/"
+	<rule from="^http://itbiz\.cz/"
 		to="https://www.itbiz.cz/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Itc.cn.xml b/src/chrome/content/rules/Itc.cn.xml
new file mode 100644
index 000000000000..67c8469c4911
--- /dev/null
+++ b/src/chrome/content/rules/Itc.cn.xml
@@ -0,0 +1,85 @@
+
+<!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Fetch error: http://001.img.qf.56.itc.cn/ => https://001.img.qf.56.itc.cn/: (6, 'Could not resolve host: 001.img.qf.56.itc.cn')
+Fetch error: http://002.img.qf.56.itc.cn/ => https://002.img.qf.56.itc.cn/: (6, 'Could not resolve host: 002.img.qf.56.itc.cn')
+Fetch error: http://003.img.qf.56.itc.cn/ => https://003.img.qf.56.itc.cn/: (6, 'Could not resolve host: 003.img.qf.56.itc.cn')
+Fetch error: http://004.img.qf.56.itc.cn/ => https://004.img.qf.56.itc.cn/: (6, 'Could not resolve host: 004.img.qf.56.itc.cn')
+Fetch error: http://005.img.qf.56.itc.cn/ => https://005.img.qf.56.itc.cn/: (6, 'Could not resolve host: 005.img.qf.56.itc.cn')
+Fetch error: http://s0.life.itc.cn/ => https://s0.life.itc.cn/: (51, "SSL: no alternative certificate subject name matches target host name 's0.life.itc.cn'")
+
+	Mismatched:
+		i7.17173.itc.cn	http://i7.17173.itc.cn/2010/dnf/2010/11/11/jiangsu001.jpg
+		i8.17173.itc.cn	http://i8.17173.itc.cn/2010/dnf/2010/11/11/jiangsu002.jpg
+
+	Server error:
+		i7.itc.cn
+		All images on i7.itc.cn get error: The requested URL '*' was not found on this server.
+		We can get some evidence from http://tl.cibmall.net/information_weapon_shengqi_1f.html :
+		<td align="center" bgcolor="#FFFFFF"><img width="510" height="350" src="images/weapon/information_weapon_shengqi_1f_clip_image001.jpg" alt="http://i7.itc.cn/20080722/688_b196b007_b0e1_4a9f_aa02_43b211cecf96_1.jpg" /></td>
+		http://tl.cibmall.net/images/weapon/information_weapon_shengqi_1f_clip_image001.jpg should be equal to http://i7.itc.cn/20080722/688_b196b007_b0e1_4a9f_aa02_43b211cecf96_1.jpg
+		We cannot get i7.itc.cn, however, https://i0.itc.cn/20080722/688_b196b007_b0e1_4a9f_aa02_43b211cecf96_1.jpg is equal to http://tl.cibmall.net/images/weapon/information_weapon_shengqi_1f_clip_image001.jpg.
+  Nonfunctional:
+    changyan.itc.cn
+-->
+<ruleset name="Itc.cn">
+	<!-- target host="001.img.qf.56.itc.cn" /-->
+	<!-- target host="002.img.qf.56.itc.cn" /-->
+	<!-- target host="003.img.qf.56.itc.cn" /-->
+	<!-- target host="004.img.qf.56.itc.cn" /-->
+	<!-- target host="005.img.qf.56.itc.cn" /-->
+	<target host="a1.itc.cn" />
+	<target host="a2.itc.cn" />
+	<target host="a3.itc.cn" />
+	<target host="a4.itc.cn" />
+	<target host="d1.biz.itc.cn" />
+		<test url="http://d1.biz.itc.cn/q/cn/831/600831/tline2.png" />
+	<target host="d2.biz.itc.cn" />
+	<target host="d3.biz.itc.cn" />
+	<target host="d4.biz.itc.cn" />
+	<target host="s1.biz.itc.cn" />
+		<test url="http://s1.biz.itc.cn/cn/pic/sprite01.gif" />
+	<target host="s2.biz.itc.cn" />
+	<target host="s3.biz.itc.cn" />
+	<target host="s4.biz.itc.cn" />
+	<target host="i0.itc.cn" />
+	<target host="i1.itc.cn" />
+	<target host="i2.itc.cn" />
+	<target host="i3.itc.cn" />
+	<target host="i4.itc.cn" />
+	<target host="i5.itc.cn" />
+	<target host="i6.itc.cn" />
+	<target host="i7.itc.cn" /><!-- Mismatched: -->
+		<test url="http://i7.itc.cn/20150722/333f_5f592d6d_bf6f_a4eb_5604_58592af67c98_1.jpg" />
+	<target host="i8.itc.cn" />
+	<target host="i9.itc.cn" />
+	<target host="kzcdn.itc.cn" />
+		<test url="http://kzcdn.itc.cn/res/skin/js/uaredirect.js" />
+	<!-- target host="s0.life.itc.cn" /-->
+	<target host="img.mp.itc.cn" />
+		<test url="http://img.mp.itc.cn/upload/20170712/6e1a8d46bf5041c8a5f6fd3edb079f49_th.jpg" />
+	<target host="n1.itc.cn" />
+		<test url="http://n1.itc.cn/img8/wb/recom/2016/12/10/148130195469287749.JPEG" />
+	<target host="s1.rr.itc.cn" />
+		<test url="http://s1.rr.itc.cn/qrcode/m/n/405819783.png" />
+	<target host="s2.rr.itc.cn" />
+	<target host="s3.rr.itc.cn" />
+		<test url="http://s3.rr.itc.cn/w/u/0/image_viewer.html" />
+	<target host="s4.rr.itc.cn" />
+	<target host="s5.rr.itc.cn" />
+	<target host="s6.rr.itc.cn" />
+	<target host="s7.rr.itc.cn" />
+	<target host="s8.rr.itc.cn" />
+	<target host="s9.rr.itc.cn" />
+	<target host="sucimg.itc.cn" />
+		<test url="http://sucimg.itc.cn/avatarimg/43f409052abb4842baed2c649d1b4737_1416293271456_c175" />
+	<target host="css.tv.itc.cn" />
+	<target host="js.tv.itc.cn" />
+
+	<securecookie host="^\w" name=".+" />
+
+	<rule from="^http://i7\.itc\.cn/" to="https://i0.itc.cn/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Itch.io.xml b/src/chrome/content/rules/Itch.io.xml
new file mode 100644
index 000000000000..d13fff8741db
--- /dev/null
+++ b/src/chrome/content/rules/Itch.io.xml
@@ -0,0 +1,34 @@
+<!--
+	Nonfunctional hosts in *itch.io:
+
+		- blog ᵀ
+
+	ᵀ Tumblr / redirects to http
+
+
+	Insecure cookies are set for these domains:
+
+		- .itch.io
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Itch.io (partial)">
+
+	<target host="itch.io" />
+	<target host="img.itch.io" />
+	<target host="static.itch.io" />
+	<target host="www.itch.io" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.itch\.io$" name="^itchio_(?:id|token)$" /-->
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Itex.xml b/src/chrome/content/rules/Itex.xml
index 37e770571d4b..648997d6d1f9 100644
--- a/src/chrome/content/rules/Itex.xml
+++ b/src/chrome/content/rules/Itex.xml
@@ -1,9 +1,9 @@
 <ruleset name="Itex" platform="mixedcontent">
 
 	<target host="itex.com"/>
-	<target host="*.itex.com"/>
+	<target host="www.itex.com" />
 
-	<securecookie host="^(.*\.)?itex\.com$" name=".*"/>
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http://(?:www\.)?itex\.com/"
 		to="https://www.itex.com/"/>
diff --git a/src/chrome/content/rules/Ithenticate.com.xml b/src/chrome/content/rules/Ithenticate.com.xml
new file mode 100644
index 000000000000..ead29016ee8c
--- /dev/null
+++ b/src/chrome/content/rules/Ithenticate.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Refused:
+		blog.ithenticate.com
+		research.ithenticate.com
+
+	No working URL known:
+		sprint.ithenticate.com
+
+-->
+<ruleset name="Ithenticate.com">
+
+	<target host="ithenticate.com" />
+	<target host="www.ithenticate.com" />
+	<target host="api.ithenticate.com" />
+	<target host="app.ithenticate.com" />
+	<target host="crosscheck.ithenticate.com" />
+	<target host="crossref.ithenticate.com" />
+	<target host="internal.ithenticate.com" />
+	<target host="plps.ithenticate.com" />
+	<target host="sac2-app.ithenticate.com" />
+	<target host="scl-api.ithenticate.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/IthicaCollege.xml b/src/chrome/content/rules/IthicaCollege.xml
index 743aa309b90e..54c4dcd28e2f 100644
--- a/src/chrome/content/rules/IthicaCollege.xml
+++ b/src/chrome/content/rules/IthicaCollege.xml
@@ -2,5 +2,5 @@
   <target host="www.ithaca.edu" />
   <target host="ithaca.edu" />
 
-  <rule from="^http://(www\.)?ithaca\.edu/" to="https://ithaca.edu/"/>
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Itpol.dk.xml b/src/chrome/content/rules/Itpol.dk.xml
index 01122eca96f4..024430afa61c 100644
--- a/src/chrome/content/rules/Itpol.dk.xml
+++ b/src/chrome/content/rules/Itpol.dk.xml
@@ -1,6 +1,20 @@
-<ruleset name="Itpol.dk (default off)" default_off="expired certificate" platform="cacert">
-  <target host="itpol.dk" />
-  <target host="www.itpol.dk" />
+<!--
+	Problematic domains
+
+		- admin ¹²
+		- pad ¹³
+		- wiki ¹³
+
+	¹: Redirects to ^, yet HSTS includeSubDomains is specified for itpol.dk.
+	²: 'Unknown protocol' on HELLO
+	³: Bad CN in cert.
+-->
+<ruleset name="Itpol.dk">
+
+	<target host="it-pol.dk" />
+	<target host="www.it-pol.dk" />
+
+	<rule from="^http://(www\.)?it-?pol\.dk/"
+		to="https://$1itpol.dk/" />
 
-  <rule from="^http://(www\.)?itpol\.dk/" to="https://www.itpol.dk/" />
 </ruleset>
diff --git a/src/chrome/content/rules/Itriskltd.com.xml b/src/chrome/content/rules/Itriskltd.com.xml
deleted file mode 100644
index 273cf95aca29..000000000000
--- a/src/chrome/content/rules/Itriskltd.com.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!-- This rule was automatically generated based on an HSTS
-     preload rule in the Chromium browser.  See
-     https://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.h
-     for the list of preloads.  Sites are added to the Chromium HSTS
-     preload list on request from their administrators, so HTTPS should
-     work properly everywhere on this site.
-
-     Because Chromium and derived browsers automatically force HTTPS for
-     every access to this site, this rule applies only to Firefox. -->
-<ruleset name="Itriskltd.com" platform="firefox">
-<target host="itriskltd.com" />
-
-<securecookie host="^itriskltd\.com$" name=".+" />
-
-<rule from="^http://itriskltd\.com/" to="https://itriskltd.com/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Itrust.org.cn.xml b/src/chrome/content/rules/Itrust.org.cn.xml
index 1da0bb58ed43..f1c75b9ad58b 100644
--- a/src/chrome/content/rules/Itrust.org.cn.xml
+++ b/src/chrome/content/rules/Itrust.org.cn.xml
@@ -1,4 +1,4 @@
-<ruleset name="itrust.org.cn">
+<ruleset name="itrust.org.cn" default_off="expired">
 
 	<target host="itrust.org.cn" />
 	<target host="www.itrust.org.cn" />
@@ -7,7 +7,7 @@
 	<securecookie host="^(?:www\.)?itrust\.org\.cn$" name=".+" />
 
 
-	<rule from="^http://(www\.)?itrust\.org\.cn/"
-		to="https://$1itrust.org.cn/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ItsLearning.com.xml b/src/chrome/content/rules/ItsLearning.com.xml
index 8e9a29dacbed..5f572e0ae7c3 100644
--- a/src/chrome/content/rules/ItsLearning.com.xml
+++ b/src/chrome/content/rules/ItsLearning.com.xml
@@ -2,6 +2,5 @@
   <target host="www.itslearning.com" />
   <target host="itslearning.com" />
 
-  <rule from="^http://(?:www\.)?itslearning\.com/"
-          to="https://www.itslearning.com/"/>
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Ittisaq.com.xml b/src/chrome/content/rules/Ittisaq.com.xml
new file mode 100644
index 000000000000..680e454b3440
--- /dev/null
+++ b/src/chrome/content/rules/Ittisaq.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="Ittisaq.com">
+	<target host="ittisaq.com" />
+	<target host="www.ittisaq.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Iubenda.com.xml b/src/chrome/content/rules/Iubenda.com.xml
new file mode 100644
index 000000000000..08b5690288af
--- /dev/null
+++ b/src/chrome/content/rules/Iubenda.com.xml
@@ -0,0 +1,30 @@
+<!--
+	Fully covered subdomains:
+
+		- (www.)?
+		- athena
+
+
+	Insecure cookies are set for these domains:
+
+		- .iubenda.com
+
+-->
+<ruleset name="iubenda.com">
+
+	<target host="iubenda.com" />
+	<target host="athena.iubenda.com" />
+	<target host="www.iubenda.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.iubenda\.com$" name="^(__cfduid|_mater_session|cf_clearance)$" /-->
+
+	<securecookie host="^\.iubenda\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Iv.lt.xml b/src/chrome/content/rules/Iv.lt.xml
index 1d6b7ac21792..218dd973f12b 100644
--- a/src/chrome/content/rules/Iv.lt.xml
+++ b/src/chrome/content/rules/Iv.lt.xml
@@ -16,14 +16,18 @@
 <ruleset name="Iv.lt (partial)">
 
 	<target host="iv.lt" />
-	<target host="*.iv.lt" />
+	<target host="gedimai.iv.lt" />
+	<target host="grafika.iv.lt" />
+	<target host="klientams.iv.lt" />
+	<target host="pagalba.iv.lt" />
+	<target host="sutartys.iv.lt" />
+	<target host="www.iv.lt" />
 		<exclusion pattern="^http://pagalba\.iv\.lt/(?!images/)" />
 
 
 	<securecookie host="^klientams\.iv\.lt$" name=".+" />
 
 
-	<rule from="^http://((?:gedimai|grafika|klientams|pagalba|sutartys|www)\.)?iv\.lt/"
-		to="https://$1iv.lt/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Ivacy.xml b/src/chrome/content/rules/Ivacy.xml
index 257a776873d5..1237a5470bf2 100644
--- a/src/chrome/content/rules/Ivacy.xml
+++ b/src/chrome/content/rules/Ivacy.xml
@@ -1,19 +1,43 @@
 <!--
-	Nonfunctional subdomains:
+	Nonfunctional hosts in *ivacy.com:
 
-		- blog		(shows www)
+		- blog *
+
+	* Shows www.ivacy.com
 
 -->
-<ruleset name="Ivacy (partial)">
+<ruleset name="Ivacy.com (partial)">
 
 	<target host="ivacy.com" />
-	<target host="*.ivacy.com" />
+	<target host="billing.ivacy.com" />
+	<target host="www.ivacy.com" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://(?:www\.)?ivacy\.com/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://(?:www\.)?ivacy\.com/+(?!wp-content/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.ivacy.com/blog/" />
+			<test url="http://www.ivacy.com/contact-us/" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.ivacy.com/wp-content/themes/ivacy_bootstrap/template/images/ivacy-logo-new.png" />
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^billing\.ivacy\.com$" name="^WHMCS\w+$" /-->
 
-	<securecookie host="^\.ivacy\.com$" name=".+" />
+	<securecookie host="^billing\.ivacy\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?ivacy\.com/"
-		to="https://$1ivacy.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Ivarch.com.xml b/src/chrome/content/rules/Ivarch.com.xml
deleted file mode 100644
index 024debe29851..000000000000
--- a/src/chrome/content/rules/Ivarch.com.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="ivarch.com">
-
-	<target host="ivarch.com" />
-	<target host="www.ivarch.com" />
-
-
-	<rule from="^http://(www\.)?ivarch\.com/"
-		to="https://$1ivarch.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Ive_Got_Kids.com-falsemixed.xml b/src/chrome/content/rules/Ive_Got_Kids.com-falsemixed.xml
new file mode 100644
index 000000000000..f69f0db5b94b
--- /dev/null
+++ b/src/chrome/content/rules/Ive_Got_Kids.com-falsemixed.xml
@@ -0,0 +1,23 @@
+<!--
+	For rules not causing false/broken MCB, see Ive_Got_Kids.com.xml.
+
+-->
+<ruleset name="Ive Got Kids.com (false MCB)" platform="mixedcontent">
+
+	<target host="ivegotkids.com" />
+	<target host="*.ivegotkids.com" />
+	<target host="togevi.com" />
+	<target host="*.togevi.com" />
+		<!--
+			Handled in Ive_Got_Kids.com.xml:
+							-->
+		<!--exclusion pattern="^http://(www\.)?(ivegotkids|togevi)\.com/+(cdn-cgi/|community/forum/session\.php|community/user/(media|modules|plugins|templates)/|favicon\.ico|script/|wp-content/|wp-includes/)" /-->
+
+
+	<securecookie host="^\.?(?:ivegotkids|togevi)\.com$" name=".+" />
+
+
+	<rule from="^http://(www\.)?(ivegotkids|togevi)\.com/(?!cdn-cgi/|community/(?:forum/session\.php|user/(?:media|modules|plugins|templates)/)|favicon\.ico|script/|wp-content/|wp-includes/)"
+		to="https://$1$2.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ive_Got_Kids.com.xml b/src/chrome/content/rules/Ive_Got_Kids.com.xml
new file mode 100644
index 000000000000..fab73d54da5d
--- /dev/null
+++ b/src/chrome/content/rules/Ive_Got_Kids.com.xml
@@ -0,0 +1,41 @@
+<!--
+	For rules causing false/broken MCB, see Ive_Got_Kids.com-falsemixed.xml.
+
+
+	Mixed content:
+
+		- Scripts, from:
+
+			- ^ ¹
+			- ajax.cloudflare.com ¹
+
+		- css from ^ ¹
+
+		- Images ^ ¹
+
+		- Web bugs, from:
+
+			- x.chatwbc.com ²
+			- s.gravatar.com ¹
+			- stats.wordpress.com ¹
+
+	¹ Secured by us
+	² Unsecurable
+
+-->
+<ruleset name="Ive Got Kids.com (partial)">
+
+	<target host="ivegotkids.com" />
+	<target host="www.ivegotkids.com" />
+	<target host="togevi.com" />
+	<target host="www.togevi.com" />
+		<!--
+			Avoid false/broken MCB:
+						-->
+		<!--exclusion pattern="^http://(www\.)?(ivegotkids|togevi)\.com/+(?!cdn-cgi/|community/forum/session\.php|community/user/(media|modules|plugins|templates)/|favicon\.ico|script/|wp-content/|wp-includes/)" /-->
+
+
+	<rule from="^http://(www\.)?(ivegotkids|togevi)\.com/(?!cdn-cgi/|community/(?:forum/session\.php|user/(?:media|modules|plugins|templates)/)|favicon\.ico|script/|wp-content/|wp-includes/)"
+		to="https://$1$2.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ivwbox.de.xml b/src/chrome/content/rules/Ivwbox.de.xml
index 65723a6c9889..60500fd5ae88 100644
--- a/src/chrome/content/rules/Ivwbox.de.xml
+++ b/src/chrome/content/rules/Ivwbox.de.xml
@@ -26,4 +26,4 @@
 	<rule from="^http://([\w-]+)\.ivwbox\.de/"
 		to="https://$1.ivwbox.de/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Iweps.be.xml b/src/chrome/content/rules/Iweps.be.xml
new file mode 100644
index 000000000000..6a1f98ca3daa
--- /dev/null
+++ b/src/chrome/content/rules/Iweps.be.xml
@@ -0,0 +1,16 @@
+<!--
+	Invalid certificate:
+		iweps.be
+		opendata.iweps.be
+
+-->
+<ruleset name="Iweps.be">
+	<target host="www.iweps.be" />
+	<target host="cirrus.iweps.be" />
+	<target host="cloud.iweps.be" />
+	<target host="icpib.iweps.be" />
+	<target host="sipole.iweps.be" />
+	<target host="walstat.iweps.be" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ix.de.xml b/src/chrome/content/rules/Ix.de.xml
new file mode 100644
index 000000000000..52c28ac9fb11
--- /dev/null
+++ b/src/chrome/content/rules/Ix.de.xml
@@ -0,0 +1,23 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://2.f.ix.de/ => https://2.f.ix.de/: (6, 'Could not resolve host: 2.f.ix.de')
+Fetch error: http://3.f.ix.de/ => https://3.f.ix.de/: (6, 'Could not resolve host: 3.f.ix.de')
+
+	For other Heise coverage, see Heise.de.xml.
+
+-->
+<ruleset name="ix.de" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="1.f.ix.de" />
+	<target host="2.f.ix.de" />
+	<target host="3.f.ix.de" />
+	<target host="m.f.ix.de" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ixbt.com.xml b/src/chrome/content/rules/Ixbt.com.xml
new file mode 100644
index 000000000000..4b0a779bbb5b
--- /dev/null
+++ b/src/chrome/content/rules/Ixbt.com.xml
@@ -0,0 +1,43 @@
+<!--
+	Invalid certificate:
+		asus-rog-2015.ixbt.com
+		blogs.ixbt.com
+		foto.ixbt.com
+		komok3.ixbt.com
+		live.ixbt.com
+		m.ixbt.com
+		market.ixbt.com
+		mobile.ixbt.com
+		order.ixbt.com
+		prosound.ixbt.com
+		rating.ixbt.com
+		riva.ixbt.com
+		smb.ixbt.com
+
+	Time out:
+		chips.ixbt.com
+		confignt.ixbt.com
+		contest.ixbt.com
+		faq.ixbt.com
+		hpmsa2000.ixbt.com
+		it-girls2013.ixbt.com
+		it-guru.ixbt.com
+		maemo.ixbt.com
+		mag.ixbt.com
+		rwpbb.ixbt.com
+		sendy.ixbt.com
+		shop.ixbt.com
+-->
+<ruleset name="iXBT.com">
+	<target host="ixbt.com"/>
+	<target host="www.ixbt.com"/>
+	<target host="cmt.ixbt.com"/>
+		<test url="http://cmt.ixbt.com/robots.txt"/>
+	<target host="forum.ixbt.com"/>
+	<target host="rose.ixbt.com"/>
+	<target host="spot.ixbt.com"/>
+		<test url="http://spot.ixbt.com/js/ajax.js"/>
+	<target host="spot-rc.ixbt.com"/>
+
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/Ixquick.xml b/src/chrome/content/rules/Ixquick.xml
deleted file mode 100644
index a42127f2bd24..000000000000
--- a/src/chrome/content/rules/Ixquick.xml
+++ /dev/null
@@ -1,26 +0,0 @@
-<ruleset name="Ixquick">
-  <target host="ixquick.com" />
-  <target host="*.ixquick.com" />
-  <target host="startpage.com" />
-  <target host="*.startpage.com" />
-  <target host="startingpage.com" />
-  <target host="*.startingpage.com" />
-  <target host="*.ixquick-proxy.com" />
-
-  <rule from="^http://ixquick\.com/" to="https://ixquick.com/"/>
-  <rule from="^http://([^@/:]*)\.ixquick\.com/" to="https://$1.ixquick.com/"/>
-  <rule from="^http://([^@/:]*)\.ixquick-proxy\.com/" to="https://$1.ixquick-proxy.com/" />
-
-  <!-- Ixquick and Startpage appear to be basically the same -->
-
-  <rule from="^http://startpage\.com/" to="https://startpage.com/"/>
-  <rule from="^http://([^@/:]*)\.startpage\.com/" to="https://$1.startpage.com/"/>
-
-  <!-- Startingpage is basically a Google-only version of Startpage -->
-
-  <rule from="^http://startingpage\.com/" to="https://startingpage.com/"/>
-  <rule from="^http://([^@/:]*)\.startingpage\.com/" to="https://$1.startingpage.com/"/>
-
-  <securecookie host="^\.ixquick\.com$" name=".*"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Izvestia.ru.xml b/src/chrome/content/rules/Izvestia.ru.xml
index e48ff804cfae..4718b82292a9 100644
--- a/src/chrome/content/rules/Izvestia.ru.xml
+++ b/src/chrome/content/rules/Izvestia.ru.xml
@@ -1,19 +1,27 @@
-<!--
-	Nonfunctional subdomains:
 
-		- (www.) *
-		- bcontent *
-		- content *
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://izvestia.ru/ => https://izvestia.ru/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.izvestia.ru/ => https://www.izvestia.ru/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://100.izvestia.ru/ => https://100.izvestia.ru/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://content.izvestia.ru/ => https://content.izvestia.ru/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 
-	* Dropped
+Invalid certificate:
+	c.izvestia.ru
+	cosmos.izvestia.ru
+	images.izvestia.ru
+	subscribe.izvestia.ru
+	week.izvestia.ru
 
+Timeout:
+	admin.izvestia.ru
+	oauth-admin.izvestia.ru
 -->
-<ruleset name="Izvestia.ru (partial)">
-
-	<target host="fb.izvestia.ru" />
-
-
-	<rule from="^http://fb\.izvestia\.ru/"
-		to="https://fb.izvestia.ru/" />
+<ruleset name="izvestia.ru" default_off="failed ruleset test">
+	<target host="izvestia.ru"/>
+	<target host="www.izvestia.ru"/>
+	<target host="100.izvestia.ru"/>
+	<target host="content.izvestia.ru"/>
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/J-schmitz.net.xml b/src/chrome/content/rules/J-schmitz.net.xml
new file mode 100644
index 000000000000..b441a1a92cd6
--- /dev/null
+++ b/src/chrome/content/rules/J-schmitz.net.xml
@@ -0,0 +1,20 @@
+<!--
+	Fully covered hosts in *j-schmitz.net:
+
+		- (www.)?
+		- t
+
+-->
+<ruleset name="j-schmitz.net">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="j-schmitz.net" />
+	<target host="t.j-schmitz.net" />
+	<target host="www.j-schmitz.net" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/J.mp.xml b/src/chrome/content/rules/J.mp.xml
new file mode 100644
index 000000000000..13a3ab4aba02
--- /dev/null
+++ b/src/chrome/content/rules/J.mp.xml
@@ -0,0 +1,27 @@
+<!--
+	For other Bitly coverage, see Bitly.xml.
+
+
+	Insecure cookies are set for these domains:
+
+		- .j.mp
+
+-->
+<ruleset name="j.mp (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="j.mp" />
+	<target host="www.j.mp" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.j\.mp$" name="^_bit$" /-->
+
+	<securecookie host="^\.j\.mp$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/J2global.com.xml b/src/chrome/content/rules/J2global.com.xml
index f96a8b32016c..c0582aa4dbb0 100644
--- a/src/chrome/content/rules/J2global.com.xml
+++ b/src/chrome/content/rules/J2global.com.xml
@@ -13,7 +13,6 @@
 	<target host="sassets.j2global.com" />
 
 
-	<rule from="^http://sassets\.j2global\.com/"
-		to="https://sassets.j2global.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/JAMA-Network-problematic.xml b/src/chrome/content/rules/JAMA-Network-problematic.xml
deleted file mode 100644
index f23d3105d21a..000000000000
--- a/src/chrome/content/rules/JAMA-Network-problematic.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	For rules that are on by default, see JAMA-Network.xml.
-
--->
-<ruleset name="JAMA Network" default_off="mismatch">
-
-	<target host="archinte.jamanetwork.com" />
-	<target host="jama.jamanetwork.com" />
-
-
-	<!--	Cookies are handled in JAMA-Network.xml.	-->
-
-
-	<!--	Cert: www.jamanetwork.com
-						-->
-	<rule from="^http://(archinte|jama)\.jamanetwork\.com/"
-		to="https://$1.jamanetwork.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/JAMA-Network.xml b/src/chrome/content/rules/JAMA-Network.xml
index 11e5a7ef3672..cb2665632534 100644
--- a/src/chrome/content/rules/JAMA-Network.xml
+++ b/src/chrome/content/rules/JAMA-Network.xml
@@ -1,17 +1,82 @@
 <!--
-	For problematic rules, see JAMA-Network-problematic.xml.
+	Nonfunctional subdomains:
+
+		- mobile *
+
+	* Shows secure55; mismatched, CN: secure55.inmotionhosting.com
+
+
+	Fully covered subdomains:
+
+		- (www.)
+		- archderm
+		- archfaci
+		- archinte
+		- archneur
+		- archneurpsyc
+		- archopht
+		- archotol
+		- archpedi
+		- archsurg
+		- jama
+		- store
+
+
+	Observed cookie domains:
+
+		- . ¹
+		- archderm ²
+		- archfaci ²
+		- archinte ²
+		- archneur ²
+		- archneurpsyc ²
+		- archopht ²
+		- archotol ²
+		- archpedi ²
+		- archsurg ²
+		- jama ²
+
+	¹ Secured by us, when set by covered domains <= not secured by server
+	² Secured by server
+
+
+	Mixed content:
+
+		- css on archderm archfaci archinte archotol from jamabeta.com ¹
+
+		- Images, on:
+
+			- archderm, archfaci, archinte, archneur, archopht, archotol, and archsurg from jama ²
+			- archderm, archfaci, archinte, archneur, archopht, and archsurg from assets.libsyn.com ²
+
+	¹ Unsecurable, effect appears minor
+	² Secured by us
 
 -->
 <ruleset name="JAMA Network (partial)">
 
 	<target host="jamanetwork.com" />
-	<target host="*.jamanetwork.com" />
+	<target host="archderm.jamanetwork.com" />
+	<target host="archfaci.jamanetwork.com" />
+	<target host="archinte.jamanetwork.com" />
+	<target host="archneur.jamanetwork.com" />
+	<target host="archneurpsyc.jamanetwork.com" />
+	<target host="archopht.jamanetwork.com" />
+	<target host="archotol.jamanetwork.com" />
+	<target host="archpedi.jamanetwork.com" />
+	<target host="archsurg.jamanetwork.com" />
+	<target host="jama.jamanetwork.com" />
+	<target host="store.jamanetwork.com" />
+	<target host="www.jamanetwork.com" />
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.jamanetwork\.com$" name="^(AMA Publishing GroupMachineID|AMA_SessionId|IsMobile)$" /-->
 
-	<securecookie host="^(?:.*\.)?jamanetwork\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(store\.|www\.)?jamanetwork\.com/"
-		to="https://$1jamanetwork.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/JAMF_Software.com.xml b/src/chrome/content/rules/JAMF_Software.com.xml
new file mode 100644
index 000000000000..e37ad99af510
--- /dev/null
+++ b/src/chrome/content/rules/JAMF_Software.com.xml
@@ -0,0 +1,17 @@
+<ruleset name="JAMF_Software.com (partial)">
+	<target host="jamfnation.jamfsoftware.com" />
+	<target host="my.jamfsoftware.com" />
+	<target host="store.jamfsoftware.com" />
+	<target host="support.jamfsoftware.com" />
+
+	<target host="*.jamfcloud.com" />
+		<test url="http://signup.jamfcloud.com/" />
+		<test url="http://jamf.jamfcloud.com/" />
+		<test url="http://hosted.jamfcloud.com/" />
+
+	<!--	Mismatched:	-->
+	<exclusion pattern="^http://content\.jamfcloud\.com/" />
+		<test url="http://content.jamfcloud.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/JAMSTEC.go.jp.xml b/src/chrome/content/rules/JAMSTEC.go.jp.xml
index f9d33bf3d744..c94b99a572ea 100644
--- a/src/chrome/content/rules/JAMSTEC.go.jp.xml
+++ b/src/chrome/content/rules/JAMSTEC.go.jp.xml
@@ -13,7 +13,6 @@
 	<securecookie host="^www\.jamstec\.go\.jp$" name=".+" />
 
 
-	<rule from="^http://www\.jamstec\.go\.jp/"
-		to="https://www.jamstec.go.jp/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/JANET.xml b/src/chrome/content/rules/JANET.xml
index 859c50b31935..8d65a55c2afc 100644
--- a/src/chrome/content/rules/JANET.xml
+++ b/src/chrome/content/rules/JANET.xml
@@ -1,6 +1,27 @@
-<ruleset name="JANET">
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ja.net/ => https://www.ja.net/: (6, 'Could not resolve host: ja.net')
+	Nonfunctional subdomains:
+
+		- webmedia.company *
+
+	* Refused
+
+
+	Fully covered subdomains:
+
+		- (www.)?	(^ → www)
+		- community
+		- networkshop
+
+-->
+<ruleset name="JA.NET (partial)">
   <target host="ja.net" />
   <target host="www.ja.net" />
+  <target host="community.ja.net" />
+  <target host="networkshop.ja.net" />
 
   <rule from="^http://(?:www\.)?ja\.net/" to="https://www.ja.net/"/>
+
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/JBeekman.nl.xml b/src/chrome/content/rules/JBeekman.nl.xml
new file mode 100644
index 000000000000..1d51e40839fd
--- /dev/null
+++ b/src/chrome/content/rules/JBeekman.nl.xml
@@ -0,0 +1,26 @@
+<!--
+	www.jbeekman.nl: Mismatched
+
+-->
+<ruleset name="JBeekman.nl">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="jbeekman.nl" />
+	<target host="secure.jbeekman.nl" />
+
+	<!--	Complications:
+				-->
+	<target host="www.jbeekman.nl" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://www\.jbeekman\.nl/"
+		to="https://jbeekman.nl/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/JBoss.xml b/src/chrome/content/rules/JBoss.xml
index 70fc93b0be55..9853165be553 100644
--- a/src/chrome/content/rules/JBoss.xml
+++ b/src/chrome/content/rules/JBoss.xml
@@ -1,41 +1,49 @@
+
 <!--
-	For other Red Hat coverage, see RedHat.xml.
+Disabled by https-everywhere-checker because:
+Fetch error: http://design.jboss.org/ => https://design.jboss.org/: Too many redirects while fetching 'https://design.jboss.org/'
+Fetch error: http://jboss.jboss.org/ => https://jboss.jboss.org/: (6, 'Could not resolve host: jboss.jboss.org')
 
+	For other Red Hat coverage, see RedHat.xml.
 
-	Fully covered domains:
 
-		- *.jboss.org:
+	Insecure cookies are set for these domains:
 
-			- (www.)
-			- community
-			- design
-			- docs
-			- hudson
-			- issues
-			- jboss
-			- jira
-			- lists
-			- sso
-			- static
-			- wiki
+		- developer.jboss.org
+		- issues.jboss.org
 
 -->
-<ruleset name="JBoss">
+<ruleset name="JBoss.org" default_off="failed ruleset test">
 
-	<target host="jboss.com" />
-	<target host="*.jboss.com" />
-		<!--
-			downloads 404s.
-					-->
-		<exclusion pattern="^http://downloads?\.jboss\.(com|org)/" />
 	<target host="jboss.org" />
 	<target host="*.jboss.org" />
 
+		<test url="http://community.jboss.org/" />
+		<test url="http://design.jboss.org/" />
+		<test url="http://developer.jboss.org/" />
+		<test url="http://download.jboss.org/" />
+		<test url="http://downloads.jboss.org/" />
+		<test url="http://docs.jboss.org/" />
+		<test url="http://hudson.jboss.org/" />
+		<test url="http://issues.jboss.org/" />
+		<test url="http://jboss.jboss.org/" />
+		<test url="http://jira.jboss.org/" />
+		<test url="http://lists.jboss.org/" />
+		<test url="http://sso.jboss.org/" />
+		<test url="http://static.jboss.org/" />
+		<test url="http://wiki.jboss.org/" />
+		<test url="http://www.jboss.org/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^issues\.jboss\.org$" name="^(JSESSIONID|atlassian\.xsrf\.token)$" /-->
+	<!--securecookie host="^developer\.jboss\.org$" name="(JSESSIONID|jive\.security\.context)$" /-->
 
-	<securecookie host="^(.*\.)?jboss\.(com|org)$" name=".*" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://([^/@:]+\.)?jboss\.(com|org)/"
-		to="https://$1jboss.$2/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/JCB.co.jp.xml b/src/chrome/content/rules/JCB.co.jp.xml
new file mode 100644
index 000000000000..84f9556a8e5d
--- /dev/null
+++ b/src/chrome/content/rules/JCB.co.jp.xml
@@ -0,0 +1,23 @@
+<!--
+	Nonfunctional hosts in *.jcb.co.jp:
+
+		- renewal (m)
+		- www.saiyo (t)
+		- yutai (r)
+		- yutai-p (r)
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="JCB.co.jp">
+	<target host="www.jcb.co.jp" />
+	<target host="faq.jcb.co.jp" />
+	<target host="faq-acq.jcb.co.jp" />
+	<target host="edm.mail.jcb.co.jp" />
+	<target host="original.jcb.co.jp" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/JCB_USA.com.xml b/src/chrome/content/rules/JCB_USA.com.xml
new file mode 100644
index 000000000000..45edf5c5f4d3
--- /dev/null
+++ b/src/chrome/content/rules/JCB_USA.com.xml
@@ -0,0 +1,15 @@
+<!--
+	^jcbusa.com: Dropped over http & https
+
+-->
+<ruleset name="JCB USA.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.jcbusa.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/JCP.org.xml b/src/chrome/content/rules/JCP.org.xml
new file mode 100644
index 000000000000..20977ff4b20b
--- /dev/null
+++ b/src/chrome/content/rules/JCP.org.xml
@@ -0,0 +1,22 @@
+<!--
+	For other Oracle coverage, see Oracle.xml.
+
+-->
+<ruleset name="JCP.org">
+
+	<target host="jcp.org" />
+	<target host="www.jcp.org" />
+	<target host="www2.jcp.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?jcp\.org$" name="JSESSIONID" /-->
+
+	<securecookie host="^(?:www\.)?jcp\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/JCore.fr.xml b/src/chrome/content/rules/JCore.fr.xml
index 3d104edfb659..af9fe7a8b60a 100644
--- a/src/chrome/content/rules/JCore.fr.xml
+++ b/src/chrome/content/rules/JCore.fr.xml
@@ -1,16 +1,6 @@
 <!--
 	CN: ssl6.ovh.net
 
-
-	Mixed content:
-
-		- css on www from www ¹
-
-		- Images on www from www ²
-
-	¹ Secured by us, seems to have little effect
-	² Secured by us
-
 -->
 <ruleset name="jCore.fr" default_off="mismatched">
 
@@ -21,7 +11,7 @@
 	<securecookie host="^www\.jcore\.fr$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?jcore\.fr/"
-		to="https://www.jcore.fr/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/JCrosoft.com.xml b/src/chrome/content/rules/JCrosoft.com.xml
index ea2efd8119ab..0979e62007f9 100644
--- a/src/chrome/content/rules/JCrosoft.com.xml
+++ b/src/chrome/content/rules/JCrosoft.com.xml
@@ -1,20 +1,38 @@
 <!--
-	Problematic subdomains:
+	Problematic hosts in *jcrosoft.com:
 
-		- (www.)	(mismatched, CN: ssl2.ovh.net)
-		- git		(self-signed, CN: Jean-Christophe PLAGNIOL-VILLARD)
+		- ^ ¹ ²
+		- git ¹ ²
+		- www ¹
+
+	¹ Expired
+	² Mismatched, CN: ssl2.ovh.net
 
 -->
-<ruleset name="JCrosoft.com" default_off="mismatched, self-signed">
+<ruleset name="JCrosoft.com" default_off="expired, mismatched">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="git.jcrosoft.com" />
+	<target host="www.jcrosoft.com" />
 
+	<!--	Complications:
+				-->
 	<target host="jcrosoft.com" />
-	<target host="*.jcrosoft.com" />
 
 
-	<securecookie host="^jcrosoft\.com$" name=".+" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^jcrosoft\.com$" name="^90plan$" /-->
+	<!--securecookie host="^www\.jcrosoft\.com$" name="^[\da-f]{32}$" /-->
+
+	<securecookie host="^(?:www\.)?jcrosoft\.com$" name=".+" />
+
 
+	<rule from="^http://jcrosoft\.com/"
+		to="https://www.jcrosoft.com/" />
 
-	<rule from="^http://(?:(git\.)|www\.)?jcrosoft\.com/"
-		to="https://$1jcrosoft.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/JD.com-Cities.xml b/src/chrome/content/rules/JD.com-Cities.xml
new file mode 100644
index 000000000000..4b06ae80a25e
--- /dev/null
+++ b/src/chrome/content/rules/JD.com-Cities.xml
@@ -0,0 +1,296 @@
+<!--
+	Related:
+		JD.com.xml
+-->
+<ruleset name="JD.com-Cities">
+	<!--	https://china.jd.com/	-->
+	<target host="abaguan.jd.com" />
+	<target host="akesu.jd.com" />
+	<target host="anhui.jd.com" />
+	<target host="ankang.jd.com" />
+	<target host="anshun.jd.com" />
+	<target host="anxiguan.jd.com" />
+	<target host="anxitea.jd.com" />
+	<target host="anyang.jd.com" />
+	<target host="baise.jd.com" />
+	<target host="banan.jd.com" />
+	<target host="baoding.jd.com" />
+	<target host="bayannaoer.jd.com" />
+	<target host="beijing.jd.com" />
+	<target host="beijingguan.jd.com" />
+	<target host="bengbu.jd.com" />
+	<target host="binzhou.jd.com" />
+	<target host="boaiguan.jd.com" />
+	<target host="cangzhou.jd.com" />
+	<target host="changbaishan.jd.com" />
+	<target host="changde.jd.com" />
+	<target host="changping.jd.com" />
+	<target host="changwu.jd.com" />
+	<target host="changxing.jd.com" />
+	<target host="changzhi.jd.com" />
+	<target host="changzhou.jd.com" />
+	<target host="chaozhou.jd.com" />
+	<target host="chengde.jd.com" />
+	<target host="chengdu.jd.com" />
+	<target host="chenpi.jd.com" />
+	<target host="chifeng.jd.com" />
+	<target host="china-henan.jd.com" />
+	<target host="chongzuoguan.jd.com" />
+	<target host="chuxiangyuan.jd.com" />
+	<target host="conghua.jd.com" />
+	<target host="dalian.jd.com" />
+	<target host="daliguan.jd.com" />
+	<target host="dameiqh.jd.com" />
+	<target host="dangshan.jd.com" />
+	<target host="danjiangkou.jd.com" />
+	<target host="daqing.jd.com" />
+	<target host="daxinganling.jd.com" />
+	<target host="deyang.jd.com" />
+	<target host="dezhou.jd.com" />
+	<target host="dltcg.jd.com" />
+	<target host="dongguan.jd.com" />
+	<target host="dongwuzhumuqin.jd.com" />
+	<target host="enshi.jd.com" />
+	<target host="enshinong.jd.com" />
+	<target host="flygoo.jd.com" />
+	<target host="fruit.jd.com" />
+	<target host="fuding.jd.com" />
+	<target host="fudingguan.jd.com" />
+	<target host="fujian.jd.com" />
+	<target host="fujianguan.jd.com" />
+	<target host="fuping.jd.com" />
+	<target host="fuyang.jd.com" />
+	<target host="fuzhou.jd.com" />
+	<target host="gannan.jd.com" />
+	<target host="ganzhou.jd.com" />
+	<target host="gaochun.jd.com" />
+	<target host="gaoyou.jd.com" />
+	<target host="gaoyouguan.jd.com" />
+	<target host="guandongge.jd.com" />
+	<target host="guangxi.jd.com" />
+	<target host="guangyuan.jd.com" />
+	<target host="guigang.jd.com" />
+	<target host="guilin.jd.com" />
+	<target host="guilinguan.jd.com" />
+	<target host="guizhou.jd.com" />
+	<target host="guizhoufp.jd.com" />
+	<target host="gzguan.jd.com" />
+	<target host="haerbin.jd.com" />
+	<target host="hainan.jd.com" />
+	<target host="haixian.jd.com" />
+	<target host="hanyuanguan.jd.com" />
+	<target host="hebei.jd.com" />
+	<target host="hebeiguan.jd.com" />
+	<target host="hebiguan.jd.com" />
+	<target host="heihe.jd.com" />
+	<target host="helan.jd.com" />
+	<target host="henan.jd.com" />
+	<target host="henanguan.jd.com" />
+	<target host="hezenong.jd.com" />
+	<target host="hlbeg.jd.com" />
+	<target host="hongan.jd.com" />
+	<target host="hongyushipin.jd.com" />
+	<target host="hongze.jd.com" />
+	<target host="hongzenong.jd.com" />
+	<target host="hsdzsw.jd.com" />
+	<target host="huaibei.jd.com" />
+	<target host="huainingguan.jd.com" />
+	<target host="huaiyuan.jd.com" />
+	<target host="huanggang.jd.com" />
+	<target host="huanghekou.jd.com" />
+	<target host="huangshan.jd.com" />
+	<target host="huanxian.jd.com" />
+	<target host="huinan.jd.com" />
+	<target host="hulunbeier.jd.com" />
+	<target host="hulunbeierguan.jd.com" />
+	<target host="hunanguan.jd.com" />
+	<target host="huxian.jd.com" />
+	<target host="ishanghai.jd.com" />
+	<target host="ixian.jd.com" />
+	<target host="jdxinyi.jd.com" />
+	<target host="jiangsuguan.jd.com" />
+	<target host="jiangsunong.jd.com" />
+	<target host="jiangxi.jd.com" />
+	<target host="jiaohe.jd.com" />
+	<target host="jiaoling.jd.com" />
+	<target host="jieyang.jd.com" />
+	<target host="jilin.jd.com" />
+	<target host="jining.jd.com" />
+	<target host="jinjiang.jd.com" />
+	<target host="jintangguan.jd.com" />
+	<target host="js-sc.jd.com" />
+	<target host="jstcg.jd.com" />
+	<target host="kaifengguan.jd.com" />
+	<target host="kejia.jd.com" />
+	<target host="keshan.jd.com" />
+	<target host="kfguan.jd.com" />
+	<target host="kuitun.jd.com" />
+	<target host="kunming.jd.com" />
+	<target host="kunshan.jd.com" />
+	<target host="laifeng.jd.com" />
+	<target host="laishui.jd.com" />
+	<target host="laiwu.jd.com" />
+	<target host="laiyang.jd.com" />
+	<target host="langaoguan.jd.com" />
+	<target host="lankao.jd.com" />
+	<target host="lankaonong.jd.com" />
+	<target host="lanxiguan.jd.com" />
+	<target host="lasaguan.jd.com" />
+	<target host="leshanguan.jd.com" />
+	<target host="lianjiang.jd.com" />
+	<target host="liaoning.jd.com" />
+	<target host="lijiang.jd.com" />
+	<target host="linshu.jd.com" />
+	<target host="linshuguan.jd.com" />
+	<target host="lipuguan.jd.com" />
+	<target host="liyang.jd.com" />
+	<target host="longchuan.jd.com" />
+	<target host="ls-guan.jd.com" />
+	<target host="luobei.jd.com" />
+	<target host="luzhou.jd.com" />
+	<target host="luzhounong.jd.com" />
+	<target host="lvanlife.jd.com" />
+	<target host="lvjfarm.jd.com" />
+	<target host="lvshun.jd.com" />
+	<target host="lz0772.jd.com" />
+	<target host="maoming.jd.com" />
+	<target host="meizhou.jd.com" />
+	<target host="mianyang.jd.com" />
+	<target host="miyun.jd.com" />
+	<target host="mming.jd.com" />
+	<target host="nanning.jd.com" />
+	<target host="nantong.jd.com" />
+	<target host="neimenggu.jd.com" />
+	<target host="ningbo.jd.com" />
+	<target host="ningde.jd.com" />
+	<target host="ningshan.jd.com" />
+	<target host="ningxia.jd.com" />
+	<target host="nytsg.jd.com" />
+	<target host="ordos.jd.com" />
+	<target host="panjin.jd.com" />
+	<target host="panzhou.jd.com" />
+	<target host="penglai.jd.com" />
+	<target host="pengyang.jd.com" />
+	<target host="pengyangguan.jd.com" />
+	<target host="pingba.jd.com" />
+	<target host="pinggu.jd.com" />
+	<target host="pingxiang.jd.com" />
+	<target host="pingyao.jd.com" />
+	<target host="pingyin.jd.com" />
+	<target host="ptntc.jd.com" />
+	<target host="pubei.jd.com" />
+	<target host="puerguan.jd.com" />
+	<target host="putianguan.jd.com" />
+	<target host="puyang.jd.com" />
+	<target host="qianjiang.jd.com" />
+	<target host="qianxi.jd.com" />
+	<target host="qianxiguan.jd.com" />
+	<target host="qianyang.jd.com" />
+	<target host="qingchengguan.jd.com" />
+	<target host="qinghaiguan.jd.com" />
+	<target host="qingyangguan.jd.com" />
+	<target host="qingyuan.jd.com" />
+	<target host="qinhuangdao.jd.com" />
+	<target host="qixian.jd.com" />
+	<target host="qybuye.jd.com" />
+	<target host="renshou.jd.com" />
+	<target host="renshouguan.jd.com" />
+	<target host="ruzhou.jd.com" />
+	<target host="sc-mall.jd.com" />
+	<target host="sdcoop.jd.com" />
+	<target host="shaanxi.jd.com" />
+	<target host="shandong.jd.com" />
+	<target host="shandonggx.jd.com" />
+	<target host="shangheguan.jd.com" />
+	<target host="shangxiguan.jd.com" />
+	<target host="shangzhiguan.jd.com" />
+	<target host="shantou.jd.com" />
+	<target host="shantounong.jd.com" />
+	<target host="shanweiguan.jd.com" />
+	<target host="shanxi.jd.com" />
+	<target host="shanxiguan.jd.com" />
+	<target host="shanxinong.jd.com" />
+	<target host="shanzhou.jd.com" />
+	<target host="shaoshan.jd.com" />
+	<target host="shaoyang.jd.com" />
+	<target host="shayang.jd.com" />
+	<target host="shexian.jd.com" />
+	<target host="shouguang.jd.com" />
+	<target host="shucheng.jd.com" />
+	<target host="sichuanguan.jd.com" />
+	<target host="sihongguan.jd.com" />
+	<target host="stntc.jd.com" />
+	<target host="sunite.jd.com" />
+	<target host="suqian.jd.com" />
+	<target host="suqianguan.jd.com" />
+	<target host="tacheng.jd.com" />
+	<target host="taian.jd.com" />
+	<target host="taihang.jd.com" />
+	<target host="tangshan.jd.com" />
+	<target host="tangxian.jd.com" />
+	<target host="tcbrand.jd.com" />
+	<target host="tianyang.jd.com" />
+	<target host="tongcheng.jd.com" />
+	<target host="tongchengguan.jd.com" />
+	<target host="tongshan.jd.com" />
+	<target host="tosine.jd.com" />
+	<target host="twfood.jd.com" />
+	<target host="wanzai.jd.com" />
+	<target host="weifang.jd.com" />
+	<target host="wuchuan.jd.com" />
+	<target host="wulong.jd.com" />
+	<target host="wuping.jd.com" />
+	<target host="wuwei.jd.com" />
+	<target host="wuxiguan.jd.com" />
+	<target host="xiajinguan.jd.com" />
+	<target host="xianguan.jd.com" />
+	<target host="xiangxiguan.jd.com" />
+	<target host="xianning.jd.com" />
+	<target host="xiantao.jd.com" />
+	<target host="xiaogan.jd.com" />
+	<target host="xilinguole.jd.com" />
+	<target host="xinghe.jd.com" />
+	<target host="xingren.jd.com" />
+	<target host="xinhui.jd.com" />
+	<target host="xiuyan.jd.com" />
+	<target host="xizang.jd.com" />
+	<target host="xjtacheng.jd.com" />
+	<target host="xjx2g.jd.com" />
+	<target host="xmnxg.jd.com" />
+	<target host="xuzhou.jd.com" />
+	<target host="yancheng.jd.com" />
+	<target host="yangjiang.jd.com" />
+	<target host="yangquan.jd.com" />
+	<target host="yangzhou.jd.com" />
+	<target host="yanhu.jd.com" />
+	<target host="yantaiguan.jd.com" />
+	<target host="yichangguan.jd.com" />
+	<target host="yichun.jd.com" />
+	<target host="yiduguan.jd.com" />
+	<target host="yinchuan.jd.com" />
+	<target host="yixianguan.jd.com" />
+	<target host="yixingguan.jd.com" />
+	<target host="yongchun.jd.com" />
+	<target host="yongzhou.jd.com" />
+	<target host="yuanan.jd.com" />
+	<target host="yuexiguan.jd.com" />
+	<target host="yulinguan.jd.com" />
+	<target host="yuncheng.jd.com" />
+	<target host="yunnan.jd.com" />
+	<target host="yunyang.jd.com" />
+	<target host="zgtcbag.jd.com" />
+	<target host="zhalantun.jd.com" />
+	<target host="zhangzhouguan.jd.com" />
+	<target host="zhaoqing.jd.com" />
+	<target host="zhenan.jd.com" />
+	<target host="zhouzhi.jd.com" />
+	<target host="zhucunren.jd.com" />
+	<target host="zhuhai.jd.com" />
+	<target host="zhumadian.jd.com" />
+	<target host="zhuxi.jd.com" />
+	<target host="zhuxig.jd.com" />
+	<target host="zixing.jd.com" />
+	<target host="zunyi.jd.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/JD.com.xml b/src/chrome/content/rules/JD.com.xml
new file mode 100644
index 000000000000..5ca6945603e0
--- /dev/null
+++ b/src/chrome/content/rules/JD.com.xml
@@ -0,0 +1,272 @@
+<!--
+	Other Jingdong Mall rulesets:
+		- 3.cn.xml
+		- 360buy.com.xml
+		- 360buyimg.com.xml
+		- Jcloud.com.xml
+		- JD.hk.xml
+
+	Nonfunctional hosts in *jd.com:
+		- apismart ²
+		- appengine ⁴
+		- bbs ¹
+		- boss ³
+		- car ¹
+		- code ³
+		- comix ¹
+		- cps ⁴
+		- cups ¹
+		- order.en ¹
+		- passport.en ¹
+		- st.en ²
+		- c.fa ¹
+		- fashion ¹
+		- giftcard ⁴
+		- jae ³
+		- maengine ³
+		- tesedao ¹
+		- wei ⁵
+		- ximiyundong ¹
+		- zone ³
+		- bbs.zone ³
+		- learn.zone ³
+		- zuche *
+
+	¹ Refused
+	² 404
+	³ Redirects to www.jcloud.com
+	⁴ Dropped
+	⁵ Reset
+	* Timeout
+
+	Mismatched:
+		- licai.bx
+		- cread.e
+		- fashion
+		- ir
+		- misc.jzt
+		- nj
+		- click.union
+		- ccc.x
+
+	Insecure cookies are set for these domains and hosts:
+		- .jd.com
+		- auction.jd.com
+		- fw.jd.com
+		- jzt.jd.com
+		- mall.jd.com
+		- media.jd.com
+		- .movie.jd.com
+		- passport.jd.com
+		- reg.jd.com
+		- .search.jd.com
+		- xjzt.jd.com
+		- zhaopin.jd.com
+
+	Redirect to www.jd.com :
+		- item.jd.com/$
+
+	Too many redirects:
+		- group
+		- huishou
+		- market
+		- mine
+		- sq
+		- storage
+-->
+<ruleset name="JD.com">
+	<!--	Directly	-->
+	<target host="jd.com" />
+	<target host="www.jd.com" />
+	<target host="7gege.jd.com" />
+	<target host="8.jd.com" />
+	<target host="acen.jd.com" />
+	<target host="acsten.jd.com" />
+		<test url="http://acsten.jd.com/static/brands/puppyoo/en/bg_521_01.jpg" />
+	<target host="act-jshop.jd.com" />
+	<target host="api-gemini.jd.com" />
+	<target host="app.jd.com" />
+	<target host="asus.jd.com" />
+	<target host="auction.jd.com" />
+	<target host="authcode.jd.com" />
+		<test url="http://authcode.jd.com/verify/image?a=1&amp;acid=46e37f33-c280-410f-822e-3295caae06fd&amp;uid=46e37f33-c280-410f-822e-3295caae06fd&amp;yys=1425883312677" />
+	<target host="autorank.jd.com" />
+	<target host="b.jd.com" />
+	<target host="baby.jd.com" />
+	<target host="baitiao.jd.com" />
+	<target host="bangong.jd.com" />
+	<target host="bao.jd.com" />
+	<target host="bk.jd.com" />
+	<target host="book.jd.com" />
+	<target host="c-nfa.jd.com" />
+	<target host="caimi.jd.com" />
+	<target host="caipiao.jd.com" />
+	<target host="card.jd.com" />
+	<target host="cart.jd.com" />
+	<target host="ccc.jd.com" />
+	<target host="cfx.jd.com" />
+	<target host="channel.jd.com" />
+		<test url="http://channel.jd.com/fashion.html" />
+		<test url="http://channel.jd.com/electronic.htmlv" />
+	<target host="chat.jd.com" />
+	<target host="china.jd.com" />
+	<target host="chongzhi.jd.com" />
+	<target host="club.jd.com" />
+	<target host="comix.jd.com" />
+	<target host="csc.jd.com" />
+	<target host="cscssl.jd.com" />
+	<target host="ct.jd.com" />
+	<target host="cun.jd.com" />
+	<target host="d.jd.com" />
+	<target host="data.jd.com" />
+	<target host="dapeigou.jd.com" />
+	<target host="dcrz.jd.com" />
+	<target host="details.jd.com" />
+	<target host="devsmart.jd.com" />
+	<target host="diannao.jd.com" />
+	<target host="diy.jd.com" />
+	<target host="dj.jd.com" />
+	<target host="dl-jzt.jd.com" />
+	<target host="dongdong.jd.com" />
+	<target host="dujia.jd.com" />
+	<target host="e.jd.com" />
+	<target host="en.jd.com" />
+	<target host="epson.jd.com" />
+	<target host="fuwu.jd.com" />
+	<target host="fw.jd.com" />
+	<target host="fws.jd.com" />
+	<target host="game.jd.com" />
+	<target host="gb.jd.com" />
+	<target host="gift.jd.com" />
+	<target host="gongyi.jd.com" />
+	<target host="gupiao.jd.com" />
+	<target host="help.jd.com" />
+	<target host="home.jd.com" />
+	<target host="hotel.jd.com" />
+	<target host="huan.jd.com" />
+	<target host="huilang.jd.com" />
+	<target host="i.jd.com" />
+	<target host="im.jd.com" />
+	<target host="isale.jd.com" />
+	<target host="item.jd.com" />
+		<test url="http://item.jd.com/1856588.html" />
+	<target host="itzl.jd.com" />
+	<target host="jcm.jd.com" />
+	<target host="jd2008.jd.com" />
+	<target host="jdc.jd.com" />
+	<target host="jdj.jd.com" />
+	<target host="jiaofei.jd.com" />
+	<target host="jingzhi.jd.com" />
+	<target host="jipiao.jd.com" />
+	<target host="jmgo.jd.com" />
+	<target host="jockey.jd.com" />
+	<target host="jos.jd.com" />
+	<target host="jr.jd.com" />
+	<target host="trade.jr.jd.com" />
+	<target host="vip.jr.jd.com" />
+	<target host="jrb2b.jd.com" />
+	<target host="jrclick.jd.com" />
+	<target host="jzt.jd.com" />
+	<target host="licai.jd.com" />
+	<target host="list.jd.com" />
+		<test url="http://list.jd.com/652-654-831.html" />
+		<test url="http://list.jd.com/list.html?cat=670,671,672" />
+	<target host="list-china.jd.com" />
+	<target host="liuliang.jd.com" />
+	<target host="loan.jd.com" />
+	<target host="h5.m.jd.com" />
+	<target host="portal.m.jd.com" />
+	<target host="mall.jd.com" />
+	<target host="me.jd.com" />
+	<target host="media.jd.com" />
+	<target host="meeting.jd.com" />
+	<target host="menpiao.jd.com" />
+	<target host="mercury.jd.com" />
+	<target host="miaosha.jd.com" />
+	<target host="mice.jd.com" />
+	<target host="mobile.jd.com" />
+	<target host="movie.jd.com" />
+	<target host="music.jd.com" />
+	<target host="mvd.jd.com" />
+	<target host="myjd.jd.com" />
+	<target host="myjd-crm.jd.com" />
+	<target host="mymoney.jd.com" />
+	<target host="nfa.jd.com" />
+	<target host="new.jd.com" />
+	<target host="o.jd.com" />
+	<target host="oauth.jd.com" />
+	<target host="order.jd.com" />
+	<target host="paimai.jd.com" />
+	<target host="parker.jd.com" />
+	<target host="passport.jd.com" />
+		<test url="http://passport.jd.com/relay/loginRelay.htm" />
+		<test url="http://passport.jd.com/new/login.aspx" />
+		<test url="http://passport.jd.com/paipai/login" />
+		<test url="http://passport.jd.com/uc/login" />
+	<target host="payrisk.jd.com" />
+	<target host="piao.jd.com" />
+	<target host="peijian.jd.com" />
+	<target host="psfw.jd.com" />
+	<target host="quant.jd.com" />
+	<target host="re.jd.com" />
+	<target host="read.jd.com" />
+	<target host="red.jd.com" />
+	<target host="reg-en.jd.com" />
+	<target host="s.jd.com" />
+	<target host="sale.jd.com" />
+		<test url="http://sale.jd.com/act/2jXYua5KQMmci.html" />
+		<test url="http://sale.jd.com/app/act/4KgIHXnAepzE5.html" />
+		<test url="http://sale.jd.com/m/act/L1Y2V6ERZePab4.html" />
+		<test url="http://sale.jd.com/wq/act/AoasEIgDXM.html" />
+		<test url="http://sale.jd.com/mall/2Gl1cBViAsHo.html" />
+	<target host="search.jd.com" />
+	<target host="selected.jd.com" />
+	<target host="shuma.jd.com" />
+	<target host="shouji.jd.com" />
+	<target host="sjtb-tuan.jd.com" />
+	<target host="smart.jd.com" />
+	<target host="smarthome.jd.com" />
+	<target host="sp.jd.com" />
+	<target host="sso.jd.com" />
+	<target host="st-en.jd.com" />
+	<target host="sunwood.jd.com" />
+	<target host="t.jd.com" />
+	<target host="tangzhuang.jd.com" />
+	<target host="train.jd.com" />
+	<target host="trip.jd.com" />
+	<target host="try.jd.com" />
+	<target host="try-smart.jd.com" />
+	<target host="tuan.jd.com" />
+	<target host="vc.jd.com" />
+	<target host="vcp.jd.com" />
+	<target host="vip.jd.com" />
+	<target host="visa.jd.com" />
+	<target host="wan.jd.com" />
+	<target host="weike.jd.com" />
+	<target host="what.jd.com" />
+	<target host="wl.jd.com" />
+	<target host="wqs.jd.com" />
+	<target host="xiongdi.jd.com" />
+	<target host="xjzt.jd.com" />
+	<target host="xuan.jd.com" />
+	<target host="y.jd.com" />
+	<target host="youlun.jd.com" />
+	<target host="yushou.jd.com" />
+	<target host="z.jd.com" />
+	<target host="zan.jd.com" />
+	<target host="zbird.jd.com" />
+	<target host="zhaopin.jd.com" />
+	<target host="zmeit.jd.com" />
+	<target host="zx.jd.com" />
+
+	<!-- Brand-exclusive stores (https://www.jd.com/brand.aspx) -->
+	<target host="cxmst.jd.com" />
+	<target host="d-link.jd.com" />
+	<target host="deli.jd.com" />
+	<target host="qhtfpc.jd.com" />
+	<target host="seagate.jd.com" />
+	<target host="thinkpad.jd.com" />
+	<target host="yongri.jd.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/JD.hk.xml b/src/chrome/content/rules/JD.hk.xml
new file mode 100644
index 000000000000..32f593def98e
--- /dev/null
+++ b/src/chrome/content/rules/JD.hk.xml
@@ -0,0 +1,32 @@
+<!--
+	For other Jingdong Mall coverage, see JD.com.xml.
+
+
+	Nonfunctional hosts in *jd.hk:
+
+		- ebay *
+		- item *
+		- list *
+		- lotte *
+		- mall *
+		- rakuten *
+		- specials *
+
+	* Refused
+
+-->
+<ruleset name="JD.hk (partial)">
+
+	<target host="jd.hk" />
+	<target host="sale.jd.hk" />
+	<target host="search.jd.hk" />
+	<target host="www.jd.hk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/JDI-Dating-mismatches.xml b/src/chrome/content/rules/JDI-Dating-mismatches.xml
deleted file mode 100644
index cd5574a84121..000000000000
--- a/src/chrome/content/rules/JDI-Dating-mismatches.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="JDI Dating (mismatches)" default_off="mismatch">
-
-	<target host="static.justhookup.com"/>
-	<target host="static.justromeo.com"/>
-	<target host="static.rudefinder.com"/>
-
-	<rule from="^http://static\.(?:just(?:hookup|romeo)|rudefinder)\.com/"
-		to="https://static.justhookup.com/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/JDI-Dating.xml b/src/chrome/content/rules/JDI-Dating.xml
index 25b308c2dcbe..7dab9ea2e950 100644
--- a/src/chrome/content/rules/JDI-Dating.xml
+++ b/src/chrome/content/rules/JDI-Dating.xml
@@ -1,20 +1,30 @@
 <!--
 	Nonfunctional domains:
 
-		- (www.)justhookup.com	(refused)
+		- (www.)?cupidswand.com ʳ
 
+		- date-connected.com ʳ
+		- central.date-connected.com ᵖ
+		- www.date-connected.com ᵖ
 
-	Problematic domains:
+		- (www.)?date-support.com ʳ
+		- (www.)?findmelove.com ʳ
+		- (www.)?justhookup.com ʳ
+		- static.justhookup.com ʳ
+		- (www.)?justromeo.com ʳ
+		- static.justromeo.com ʳ
 
-		- static.justhookup.com		(works; self-signed, CN: 184.154.76.5)
+	ᵖ Plaintext reply
+	ʳ Refused
 
 -->
-<ruleset name="JDI Dating (partial)">
+<ruleset name="JDI Dating (partial)" default_off="refused">
 
-	<target host="fbdatesecure.com"/>
-	<target host="www.fbdatesecure.com"/>
+	<target host="static.justhookup.com" />
+	<target host="static.justromeo.com" />
 
-	<rule from="^http://(www\.)?fbdatesecure\.com/"
-		to="https://$1fbdatesecure.com/"/>
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/JD_Kasten.com.xml b/src/chrome/content/rules/JD_Kasten.com.xml
new file mode 100644
index 000000000000..304b4190f2fe
--- /dev/null
+++ b/src/chrome/content/rules/JD_Kasten.com.xml
@@ -0,0 +1,16 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.jdkasten.com/ => https://www.jdkasten.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.jdkasten.com'")
+
+-->
+<ruleset name="JD Kasten.com" default_off="failed ruleset test">
+
+	<target host="jdkasten.com" />
+	<target host="www.jdkasten.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/JD_Supra.xml b/src/chrome/content/rules/JD_Supra.xml
index 6854316e4fea..1c30f98ae257 100644
--- a/src/chrome/content/rules/JD_Supra.xml
+++ b/src/chrome/content/rules/JD_Supra.xml
@@ -13,7 +13,6 @@
 	<securecookie host="^www\.jdsupra\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?jdsupra\.com/"
-		to="https://www.jdsupra.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/JDpay.com.xml b/src/chrome/content/rules/JDpay.com.xml
new file mode 100644
index 000000000000..66b955194c7f
--- /dev/null
+++ b/src/chrome/content/rules/JDpay.com.xml
@@ -0,0 +1,37 @@
+<!--
+	For other Jingdong Mall coverage, see JD.com.xml.
+
+
+	Nonfunctional hosts in *jdpay.com:
+
+		- help *
+		- job *
+
+	* Dropped
+
+
+	Insecure cookies are set for these hosts:
+
+		- appeal.jdpay.com
+
+-->
+<ruleset name="JDpay.com (partial)">
+
+	<target host="jdpay.com" />
+	<target host="appeal.jdpay.com" />
+	<target host="biz.jdpay.com" />
+	<target host="static.jdpay.com" />
+	<target host="www.jdpay.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^appeal\.jdpay\.com$" name="^JSESSIONID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/JEDEC.com.xml b/src/chrome/content/rules/JEDEC.com.xml
new file mode 100644
index 000000000000..1d7ef15dfe77
--- /dev/null
+++ b/src/chrome/content/rules/JEDEC.com.xml
@@ -0,0 +1,26 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://jedec.com/ => https://jedec.com/: (51, "SSL: no alternative certificate subject name matches target host name 'jedec.com'")
+Fetch error: http://www.jedec.com/ => https://www.jedec.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.jedec.com'")
+
+	Insecure cookies are set for these domains:
+
+		- .jedec.com
+
+-->
+<ruleset name="JEDEC.com" default_off="failed ruleset test">
+
+	<target host="jedec.com" />
+	<target host="www.jedec.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.jedec\.com$" name="^SESS[\da-f]{32}$" /-->
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/JF-Shea-Co.xml b/src/chrome/content/rules/JF-Shea-Co.xml
index fefcc99de8ee..23c94d01eba9 100644
--- a/src/chrome/content/rules/JF-Shea-Co.xml
+++ b/src/chrome/content/rules/JF-Shea-Co.xml
@@ -20,9 +20,9 @@
 	<target host="www.trilogygolfclub.com"/>
 
 
-	<securecookie host="^www\.bluestargolf\.com$" name=".*"/>
-	<securecookie host="^www\.sheamortgage\.com$" name=".*"/>
-	<securecookie host="^www\.trilogygolfclub\.com$" name=".*"/>
+	<securecookie host="^www\.bluestargolf\.com$" name=".+" />
+	<securecookie host="^www\.sheamortgage\.com$" name=".+" />
+	<securecookie host="^www\.trilogygolfclub\.com$" name=".+" />
 
 
 	<rule from="^http://(?:www\.)?bluestargolf\.com/"
diff --git a/src/chrome/content/rules/JFK_Library.org.xml b/src/chrome/content/rules/JFK_Library.org.xml
index 9ddcbb406e03..61f008fac1e8 100644
--- a/src/chrome/content/rules/JFK_Library.org.xml
+++ b/src/chrome/content/rules/JFK_Library.org.xml
@@ -12,7 +12,6 @@
 	<securecookie host="^store\.jfklibrary\.org$" name=".+" />
 
 
-	<rule from="^http://store\.jfklibrary\.org/"
-		to="https://store.jfklibrary.org/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/JFrog.com.xml b/src/chrome/content/rules/JFrog.com.xml
new file mode 100644
index 000000000000..c2c552b8640a
--- /dev/null
+++ b/src/chrome/content/rules/JFrog.com.xml
@@ -0,0 +1,43 @@
+<!--
+	Other JFrog rulesets:
+
+		- Bintray.com.xml
+
+
+	Insecure cookies are set for these hosts:
+
+		- bintraywidget.jfrog.com
+		- www.jfrog.com
+
+-->
+<ruleset name="JFrog.com">
+
+	<target host="jfrog.com" />
+	<target host="bintraywidget.jfrog.com" />
+	<target host="www.jfrog.com" />
+
+		<test url="http://www.jfrog.com/article/devops/" />
+		<test url="http://www.jfrog.com/articles/" />
+		<test url="http://www.jfrog.com/artifactory/free-trial/" />
+		<test url="http://www.jfrog.com/artifactory/versions/" />
+		<test url="http://www.jfrog.com/bintray/" />
+		<test url="http://www.jfrog.com/blog/" />
+		<test url="http://www.jfrog.com/confluence/login.action?os_destination=" />
+		<test url="http://www.jfrog.com/confluence/pages/viewpage.action?pageId=" />
+		<test url="http://www.jfrog.com/contact-us/" />
+		<test url="http://www.jfrog.com/pricing/" />
+		<test url="http://www.jfrog.com/wp-content/themes/roots-mipo/assets/img/ajax-loader.gif" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^bintraywidget\.jfrog\.com$" name="^_helpkit_session$" /-->
+	<!--securecookie host="^www\.jfrog\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/JGuitar.com.xml b/src/chrome/content/rules/JGuitar.com.xml
new file mode 100644
index 000000000000..699bb00d2615
--- /dev/null
+++ b/src/chrome/content/rules/JGuitar.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="JGuitar.com">
+
+	<target host="jguitar.com" />
+	<target host="www.jguitar.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/JH.edu.xml b/src/chrome/content/rules/JH.edu.xml
new file mode 100644
index 000000000000..ef238dee902c
--- /dev/null
+++ b/src/chrome/content/rules/JH.edu.xml
@@ -0,0 +1,34 @@
+<!--
+	For other Johns Hopkins University coverage, see The_Johns_Hopkins_University.xml.
+
+
+	Nonfunctional hosts in *jh.edu:
+
+		- pages ᵃ
+
+	ᵃ Shows activtracker.johnshopkins.edu
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- m.jh.edu
+
+-->
+<ruleset name="JH.edu (partial)">
+
+	<target host="m.jh.edu" />
+	<target host="my.jh.edu" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^m\.jh\.edu$" name="^(Johns-Hopkins|deviceClassification)$" /-->
+
+	<securecookie host="^\." name="^_gat?$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/JHMI.edu.xml b/src/chrome/content/rules/JHMI.edu.xml
new file mode 100644
index 000000000000..57173ead76f5
--- /dev/null
+++ b/src/chrome/content/rules/JHMI.edu.xml
@@ -0,0 +1,27 @@
+<!--
+	For other Johns Hopkins University coverage, see The_Johns_Hopkins_University.xml.
+
+
+	Nonfunctional hosts in *jhmi.edu:
+
+		- biophysics.med ʳ
+		- www.son ᵃ
+		- ssc ᵃ
+
+	ᵃ 200 "not configured"
+	ʳ Refused
+
+-->
+<ruleset name="JHMI.edu (partial)">
+
+	<target host="orchid.hosts.jhmi.edu" />
+
+
+	<securecookie host="^\." name="^_gat?$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/JHU.edu-falsemixed.xml b/src/chrome/content/rules/JHU.edu-falsemixed.xml
new file mode 100644
index 000000000000..3c7378c48a58
--- /dev/null
+++ b/src/chrome/content/rules/JHU.edu-falsemixed.xml
@@ -0,0 +1,16 @@
+<!--
+	For rules not causing false/broken MCB, see The_Johns_Hopkins_University.xml.
+
+-->
+<ruleset name="JHU.edu (false MCB)" platform="mixedcontent">
+
+	<target host="labsafety.jhu.edu" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/JIDE.com.xml b/src/chrome/content/rules/JIDE.com.xml
new file mode 100644
index 000000000000..a7c2d7abe276
--- /dev/null
+++ b/src/chrome/content/rules/JIDE.com.xml
@@ -0,0 +1,17 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://jide.com/ => https://jide.com/: (7, 'Failed to connect to jide.com port 443: Connection refused')
+Fetch error: http://forum.jide.com/ => https://forum.jide.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+	Non-functional subdomain:
+		- www	        (404 not found)
+-->
+<ruleset name="JIDE.com" default_off="failed ruleset test">
+	<target host=      "jide.com" />
+	<target host="forum.jide.com" />
+	<target host=  "bbs.jide.com" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/JISCMail.xml b/src/chrome/content/rules/JISCMail.xml
index 77996ca231a5..c1c151a651c5 100644
--- a/src/chrome/content/rules/JISCMail.xml
+++ b/src/chrome/content/rules/JISCMail.xml
@@ -1,15 +1,19 @@
-<ruleset name="JISCMail">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://jiscmail.ac.uk/ => https://jiscmail.ac.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'jiscmail.ac.uk'")
+
+-->
+<ruleset name="JISCMail.ac.uk" default_off="failed ruleset test">
 
 	<target host="jiscmail.ac.uk" />
 	<target host="www.jiscmail.ac.uk" />
 
 
-	<securecookie host="^www\.jiscmail\.ac\.uk$" name=".+" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<!--	Cert only matches www.
-					-->
-	<rule from="^https?://(?:www\.)?jiscmail\.ac\.uk/"
-		to="https://www.jiscmail.ac.uk/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/JJC.edu.xml b/src/chrome/content/rules/JJC.edu.xml
new file mode 100644
index 000000000000..087af2fb62f6
--- /dev/null
+++ b/src/chrome/content/rules/JJC.edu.xml
@@ -0,0 +1,83 @@
+<!--
+	Joliet Junior College
+
+
+	Problematic hosts:
+
+		- jjc.edu *
+
+	* Mismatched
+
+
+	www: Some pages redirect to http
+
+
+	Fully covered hosts:
+
+		- employment
+		- eresources
+
+
+	Insecure cookies are set for these
+
+		- employment.jjc.edu
+		- eresources.jjc.edu
+
+-->
+<ruleset name="JJC.edu (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="employment.jjc.edu" />
+	<target host="eresources.jjc.edu" />
+	<target host="www.jjc.edu" />
+
+	<!--	Complications:
+				-->
+	<target host="jjc.edu" />
+		<!--
+			Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.jjc\.edu/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.jjc\.edu/(?!_catalogs/|_layouts/|[\w-]+/PublishingImages/|[Pp]ublishing[Ii]mages/|about/|admissions/pages/apply-now\.aspx|Style%20Library/|publishingimages/)" />
+
+			<test url="http://www.jjc.edu/academic-calendar/" />
+			<test url="http://www.jjc.edu/accounts-payments/Pages/payment-methods.aspx" />
+			<test url="http://www.jjc.edu/bookstore/" />
+			<test url="http://www.jjc.edu/campuses/" />
+			<test url="http://www.jjc.edu/getting-started/Pages/current-students.aspx" />
+			<test url="http://www.jjc.edu/graduation/" />
+			<test url="http://www.jjc.edu/registration/Pages/register-summer.aspx" />
+			<test url="http://www.jjc.edu/site-info/pages/contact.aspx" />
+			<test url="http://www.jjc.edu/technology-support/Pages/email.aspx" />
+			<test url="http://www.jjc.edu/technology-support/Pages/password-help.aspx" />
+
+			<test url="http://www.jjc.edu/_catalogs/masterpage/JJC/Images/jjc-shield-footer-background.jpg" />
+			<test url="http://www.jjc.edu/_layouts/15/images/spcommon.png" />
+			<test url="http://www.jjc.edu/Style%20Library/en-US/Core%20Styles/page-layouts-21.css" />
+			<test url="http://www.jjc.edu/about/PublishingImages/about.jpg" />
+			<test url="http://www.jjc.edu/admissions/pages/apply-now.aspx" />
+			<test url="http://www.jjc.edu/publishingimages/favicon.ico" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^employment\.jjc\.edu$" name="^_applicant_portal_session_1$" /-->
+	<!--securecookie host="^eresources\.jjc\.edu$" name="^BIGipServer[\w.]+$" /-->
+
+	<securecookie host="^(?:employment|eresources)\.jjc\.edu$" name=".+" />
+
+
+	<!--	Redirect keeps path, but
+		not path nor args:
+				-->
+	<rule from="^http://jjc\.edu/"
+		to="https://www.jjc.edu/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/JK_ry.org.xml b/src/chrome/content/rules/JK_ry.org.xml
new file mode 100644
index 000000000000..d7ba0bdde7ad
--- /dev/null
+++ b/src/chrome/content/rules/JK_ry.org.xml
@@ -0,0 +1,12 @@
+<ruleset name="JK ry.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="jkry.org" />
+	<target host="www.jkry.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/JList.com.xml b/src/chrome/content/rules/JList.com.xml
index e5ca7a1224c6..e033fda96739 100644
--- a/src/chrome/content/rules/JList.com.xml
+++ b/src/chrome/content/rules/JList.com.xml
@@ -1,48 +1,27 @@
 <!--
-	CDN buckets:
+	Other J-List related rulesets:
+		- jbox.com.xml
 
-		- s3.amazonaws.com/images3.jlist.com/
-
-
-	Nonfunctional domains:
-
-		- feeds.jlist.com	(shows www; mismatched, CN: www.jlist.com)
-
-
-	Partially covered domains:
-
-		- (www.)jbox.com *
-		- (www.)jlist.com *
-
-	* Some pages redirect to http
-
-
-	Fully covered domains:
-
-		- images3.jlist.com	(→ s3.amazonaws.com)
-		- support.jlist.com
-
-
-	Mixed content:
-
-		- Images on support.jlist.com from images3.jlist.com.s3.amazonaws.com *
-
-	* Secured by us
+	Non-functional hosts
+		Peer certificate cannot be authenticated with given CA certificates:
+		- devo.jlist.com
 
+		Incomplete certificate chain error:
+		- devo2.jlist.com
 -->
-<ruleset name="JList.com (partial)">
-
-	<target host="jbox.com" />
-	<target host="www.jbox.com" />
+<ruleset name="JList.com">
 	<target host="jlist.com" />
-	<target host="*.jlist.com" />
-		<exclusion pattern="^http://(?:www\.)?j(?:box|list)\.com/(?!account(?:$|[?/])|css/|favicon\.ico|img/|jlist\.ico|js/)" />
-
-
-	<rule from="^http://(support\.|www\.)?j(box|list)\.com/"
-		to="https://$1j$2.com/" />
-
-	<rule from="^http://images3\.jlist\.com/"
-		to="https://s3.amazonaws.com/images3.jlist.com/" />
-
+	<target host="www.jlist.com" />
+	<target host="blog.jlist.com" />
+	<target host="company.jlist.com" />
+	<target host="help.jlist.com" />
+	<target host="mail.jlist.com" />
+	<target host="sendy.jlist.com" />
+	<target host="senpai.jlist.com" />
+	<target host="status.jlist.com" />
+	<target host="support.jlist.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/JML_Direct.com.xml b/src/chrome/content/rules/JML_Direct.com.xml
new file mode 100644
index 000000000000..f39a3cad01f2
--- /dev/null
+++ b/src/chrome/content/rules/JML_Direct.com.xml
@@ -0,0 +1,46 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://jmldirect.uat.venda.com/ => http://jmldirect.uat.venda.com/: (6, 'Could not resolve host: jmldirect.uat.venda.com')
+
+	CDN buckets:
+
+		- jmldirect.uat.venda.com
+
+
+	jmldirect.uat.venda.com: self-signed
+
+
+	Mixed content:
+
+		- Images, from:
+
+			- $self *
+			- jmldirect.uat.venda.com *
+
+	* Secured by us
+
+-->
+<ruleset name="JML Direct.com" default_off="failed ruleset test">
+
+	<target host="jmldirect.com" />
+	<target host="www.jmldirect.com" />
+	<target host="jmldirect.uat.venda.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.jmldirect\.com$" name="^device$" /-->
+	<!--securecookie host="^www\.jmldirect\.com$" name="^quench$" /-->
+	<!--securecookie host="^\.www\.jmldirect\.com$" name="^SID$" /-->
+
+	<securecookie host="^(?:\.?www)?\.jmldirect\.com$" name=".+" />
+
+
+	<rule from="^http://(www\.)?jmldirect\.com/"
+		to="https://$1jmldirect.com/" />
+
+	<rule from="^http://jmldirect\.uat\.venda\.com/content/"
+		to="https://www.jmldirect.com/content/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/JMod.xml b/src/chrome/content/rules/JMod.xml
deleted file mode 100644
index 1d58cc652910..000000000000
--- a/src/chrome/content/rules/JMod.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<!--
-	thisismedium.com shows a Democrat campaign page when fetched via https.
-
--->
-<ruleset name="jMod" default_off="expired">
-
-	<target host="js.thisismedium.com"/>
-
-	<rule from="^http://js\.thisismedium\.com/"
-		to="https://js.thisismedium.com/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/JP-Politikens_Hus.xml b/src/chrome/content/rules/JP-Politikens_Hus.xml
index 233a738d7170..e17798d7d41c 100644
--- a/src/chrome/content/rules/JP-Politikens_Hus.xml
+++ b/src/chrome/content/rules/JP-Politikens_Hus.xml
@@ -1,18 +1,30 @@
 <!--
+	JP/Politikens Hus
+
+
 	Nonfunctional subdomains:
 
 		- (www.)	(times out)
 
+
+	Insecure cookies are set for these hosts:
+
+		- polid.jppol.dk
+
 -->
-<ruleset name="JP/Politikens Hus (partial)">
+<ruleset name="JP Pol.dk (partial)">
 
 	<target host="polid.jppol.dk" />
 
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^polid\.jppol\.dk$" name="^(app|branding)$" /-->
+
 	<securecookie host="^polid\.jppol\.dk$" name=".+" />
 
 
-	<rule from="^http://polid\.jppol\.dk/"
-		to="https://polid.jppol.dk/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/JPBerlin.de.xml b/src/chrome/content/rules/JPBerlin.de.xml
new file mode 100644
index 000000000000..8e4a0e35b4e8
--- /dev/null
+++ b/src/chrome/content/rules/JPBerlin.de.xml
@@ -0,0 +1,13 @@
+<!--
+	^: cert only matches www
+
+-->
+<ruleset name="JPBerlin.de">
+
+	<target host="jpberlin.de" />
+	<target host="www.jpberlin.de" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/JPCERT.xml b/src/chrome/content/rules/JPCERT.xml
index 2ee79793fa57..b1804fc69b19 100644
--- a/src/chrome/content/rules/JPCERT.xml
+++ b/src/chrome/content/rules/JPCERT.xml
@@ -1,5 +1,17 @@
+<!--
+	Unable to connect:
+		blog.jpcert.or.jp
+	Invalid Certificate:
+		jvn.jpcert.or.jp
+	Timeout:
+		apcert.jpcert.or.jp
+		vrda.jpcert.or.jp
+-->
 <ruleset name="JP-CERT">
-  <target host="www.jpcert.or.jp" />
+	<target host="www.jpcert.or.jp" />
+	<target host="form.jpcert.or.jp" />
 
-  <rule from="^http://www\.jpcert\.or\.jp/" to="https://www.jpcert.or.jp/"/>
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/JPCSP.org.xml b/src/chrome/content/rules/JPCSP.org.xml
new file mode 100644
index 000000000000..03b917bf66b8
--- /dev/null
+++ b/src/chrome/content/rules/JPCSP.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="JPCSP.org">
+	<target host="jpcsp.org" />
+	<target host="www.jpcsp.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/JPGmag.xml b/src/chrome/content/rules/JPGmag.xml
index afe2ebf81114..15e86a62ea01 100644
--- a/src/chrome/content/rules/JPGmag.xml
+++ b/src/chrome/content/rules/JPGmag.xml
@@ -1,4 +1,17 @@
-<ruleset name="JPG Magazine (self-signed)" default_off="self-signed">
-  <target host="jpgmag.com" />
-  <rule from="^http://(?:www\.)?jpgmag\.com/" to="https://jpgmag.com/"/>
+<!--
+	Invalid certificate:
+		box.jpgmag.com
+		li.jpgmag.com
+		photos.jpgmag.com
+		8020.photos.jpgmag.com
+
+-->
+<ruleset name="JPGmag.com">
+
+	<target host="jpgmag.com" />
+	<target host="www.jpgmag.com" />
+	<target host="shop.jpgmag.com" />
+
+	<rule from="^http:" to="https:"/>
+
 </ruleset>
diff --git a/src/chrome/content/rules/JPackage.org.xml b/src/chrome/content/rules/JPackage.org.xml
index a03671baa485..a3b30e951e28 100644
--- a/src/chrome/content/rules/JPackage.org.xml
+++ b/src/chrome/content/rules/JPackage.org.xml
@@ -1,7 +1,14 @@
 <!--
+	For other zarb coverage, see Zarb.org.xml.
+
+
 	Problematic subdomains:
 
-		- ^	(cert only matches www)
+		- ^ ¹
+		- www ²
+
+	¹ Mismatched
+	² Self-signed
 
 -->
 <ruleset name="JPackage.org" default_off="self-signed">
diff --git a/src/chrome/content/rules/JQuery-mismatches.xml b/src/chrome/content/rules/JQuery-mismatches.xml
deleted file mode 100644
index 0a582bce5b4b..000000000000
--- a/src/chrome/content/rules/JQuery-mismatches.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	For rules that are on by default, see JQuery.xml.
-
--->
-<ruleset name="jQuery (mismatches)" default_off="expired, mismatched, self-signed">
-
-	<target host="jquery.com" />
-	<target host="meetups.jquery.com" />
-	<target host="www.jquery.com" />
-	<target host="wiki.jqueryui.com" />
-
-
-	<securecookie host="^meetups\.jquery\.com$" name=".+" />
-
-
-	<rule from="^http://(?:(meetups\.)|www\.)?jquery\.com/"
-		to="https://$1jquery.com/" />
-
-	<rule from="^http://wiki\.jqueryui\.com/"
-		to="https://wiki.jqueryui.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/JQuery.org.xml b/src/chrome/content/rules/JQuery.org.xml
new file mode 100644
index 000000000000..9b9b9ed88eb6
--- /dev/null
+++ b/src/chrome/content/rules/JQuery.org.xml
@@ -0,0 +1,37 @@
+<!--
+	Other jQuery Foundation rulesets:
+
+		- JQuery_Mobile.com.xml
+		- JQuery_UI.com.xml
+		- QUnit_JS.com.xml
+		- SizzleJS.com.xml
+
+
+	Insecure cookies are set for these domains:
+
+		- .jquery.org
+
+-->
+<ruleset name="jQuery.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="jquery.org" />
+	<target host="brand.jquery.org" />
+	<target host="contribute.jquery.org" />
+	<target host="events.jquery.org" />
+	<target host="irc.jquery.org" />
+	<target host="www.jquery.org" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.jquery\.org$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/JQuery.xml b/src/chrome/content/rules/JQuery.xml
index 6f3ff0234d59..7e200dacbd3f 100644
--- a/src/chrome/content/rules/JQuery.xml
+++ b/src/chrome/content/rules/JQuery.xml
@@ -1,7 +1,4 @@
 <!--
-	For problematic rules, see JQuery-mismatches.xml.
-
-
 	CDN buckets:
 
 		- wac.1257.edgecastcdn.net/??1257/
@@ -14,72 +11,46 @@
 
 		- jquery-groups.ning.com
 
-			- meetups.jquery.com
-
-		- jqueryui.pbwiki.com
-
-			- wiki.jqueryui.com
-
 
-	Nonfunctional domains:
+	Nonfunctional hosts in *jquery.com:
 
-		- jquery.com subdomains:
-
-			- blog *
-			- bugs *
-			- archive.plugins *
-			- static	(504, CN: gp1.wac.edgecastcdn.net)
-			- try		(unrecognized name)
-
-		- jquerymobile.com *
-		- www.jquerymobile.com	(dropped)
-
-		- jqueryui.com subdomains:
-
-			- blog *
-			- bugs *
+		- try *
 
 	* Refused
 
 
-	Problematic domains:
-
-		- jquery.com subdomains:
+	Insecure cookies are set for these domains and hosts:
 
-			- (www.) *
-			- api *
-			- learn *
-			- meetups	(works, CN: *.ning.com)
-			- plugins *
-
-		- jqueryui.com subdomains:
-
-			- ^ *
-			- api *
-			- wiki		(mismatched, CN: *.pbwiki.com)
-			- www		(refused)
-
-	* Works; mismatched, CN: jquery.org
-
-
-	Fully covered domains:
-
-		- code.jquery.com
+		- .jquery.com
 		- forum.jquery.com
 
--->
-<ruleset name="jQuery (partial)">
-
-	<target host="*.jquery.com" />
 
+	Mixed content:
 
-	<securecookie host="^forum\.jquery\.com$" name=".+" />
+		- Images, on:
 
+			- forum from static.jquery.com
+			- forum from www.zoho.com
 
-	<rule from="^http://(code|forum)\.jquery\.com/"
-		to="https://$1.jquery.com/" />
-
-	<rule from="^https?://meetups\.jquery\.com/xn_resources/"
-		to="https://jquery-groups.ning.com/xn_resources/" />
+-->
+<ruleset name="jQuery.com (partial)">
+
+	<target host="jquery.com" />
+	<target host="www.jquery.com" />
+	<target host="api.jquery.com" />
+	<target host="blog.jquery.com" />
+	<target host="bugs.jquery.com" />
+	<target host="code.jquery.com" />
+	<target host="forum.jquery.com" />
+	<target host="learn.jquery.com" />
+	<target host="meetups.jquery.com" />
+	<target host="plugins.jquery.com" />
+	<target host="static.jquery.com" />
+		<test url="http://static.jquery.com/files/rocker/css/screen.css" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/JQuery_Foundation.xml b/src/chrome/content/rules/JQuery_Foundation.xml
deleted file mode 100644
index fd32e646aebe..000000000000
--- a/src/chrome/content/rules/JQuery_Foundation.xml
+++ /dev/null
@@ -1,26 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- events	(refused)
-
-
-	Problematic subdomains:
-
-		- brand *
-		- contribute *
-		- irc *
-		- www	(refused)
-
-	* Works; mismatched, CN: jquery.org
-
--->
-<ruleset name="jQuery Foundation">
-
-	<target host="jquery.org" />
-	<target host="www.jquery.org" />
-
-
-	<rule from="^http://(?:www\.)?jquery\.org/"
-		to="https://jquery.org/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/JQuery_Mobile.com.xml b/src/chrome/content/rules/JQuery_Mobile.com.xml
new file mode 100644
index 000000000000..35c1d6682a96
--- /dev/null
+++ b/src/chrome/content/rules/JQuery_Mobile.com.xml
@@ -0,0 +1,34 @@
+<!--
+	For other jQuery Foundation coverage, see JQuery.org.xml.
+
+
+	Nonfunctional hosts in *jquerymobile.com:
+
+		- blog *
+
+	* Refused
+
+
+	www.jquerymobile.com: refused
+
+-->
+<ruleset name="jQuery Mobile.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="jquerymobile.com" />
+	<target host="api.jquerymobile.com" />
+	<target host="themeroller.jquerymobile.com" />
+
+	<!--	Complications:
+				-->
+	<target host="www.jquerymobile.com" />
+
+
+	<rule from="^http://www\.jquerymobile\.com/"
+		to="https://jquerymobile.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/JQuery_UI.com-problematic.xml b/src/chrome/content/rules/JQuery_UI.com-problematic.xml
new file mode 100644
index 000000000000..b85c470c728b
--- /dev/null
+++ b/src/chrome/content/rules/JQuery_UI.com-problematic.xml
@@ -0,0 +1,13 @@
+<!--
+	For rules that are on by default, see JQuery_UI.com.xml.
+
+-->
+<ruleset name="jQuery UI.com (mismatches)" default_off="expired, mismatched, self-signed">
+
+	<target host="wiki.jqueryui.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/JQuery_UI.com.xml b/src/chrome/content/rules/JQuery_UI.com.xml
new file mode 100644
index 000000000000..126ad831809e
--- /dev/null
+++ b/src/chrome/content/rules/JQuery_UI.com.xml
@@ -0,0 +1,41 @@
+<!--
+	For problematic rules, see JQuery_UI.com-problematic.xml.
+
+	For other jQuery Foundation coverage, see jQuery.org.xml.
+
+
+	CDN buckets:
+
+		- jqueryui.pbwiki.com
+
+			- wiki
+
+
+	Nonfunctional hosts in *jqueryui.com:
+
+		- blog *
+		- bugs *
+
+	* Refused
+
+
+	Problematic hosts in *jqueryui.com:
+
+		- wiki *
+
+	* Mismatched, CN: *.pbwiki.com
+
+-->
+<ruleset name="jQuery UI.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="jqueryui.com" />
+	<target host="api.jqueryui.com" />
+	<target host="www.jqueryui.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/JRES.org.xml b/src/chrome/content/rules/JRES.org.xml
new file mode 100644
index 000000000000..9eb5dc50f40b
--- /dev/null
+++ b/src/chrome/content/rules/JRES.org.xml
@@ -0,0 +1,24 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://archives.jres.org/ => https://archives.jres.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	^jres.org doesn't exist.
+
+
+	Fully covered subdomains:
+
+		- archives
+		- www
+
+-->
+<ruleset name="JRES.org" default_off="failed ruleset test">
+
+	<target host="archives.jres.org" />
+	<target host="www.jres.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/JREast.co.jp.xml b/src/chrome/content/rules/JREast.co.jp.xml
new file mode 100644
index 000000000000..db98bb31108a
--- /dev/null
+++ b/src/chrome/content/rules/JREast.co.jp.xml
@@ -0,0 +1,20 @@
+<!--
+	Non-functional hosts
+		Site uses weak encryption:
+		- jbfile.jreast.co.jp
+		- shukkou-kinmu.jreast.co.jp
+-->
+<ruleset name="JREast.co.jp">
+	<target host="www.jreast.co.jp" />
+	<target host="www.lings.jreast.co.jp" />
+	<target host="mainteweb.jreast.co.jp" />
+	<target host="origin2-www.jreast.co.jp" />
+	<target host="traininfo.jreast.co.jp" />
+	<test url="http://traininfo.jreast.co.jp/train_info/e/kanto.aspx" />
+	<target host="www.remsext.jreast.co.jp" />
+	<target host="voice2.jreast.co.jp" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/JS.org.xml b/src/chrome/content/rules/JS.org.xml
new file mode 100644
index 000000000000..1bd6855c4d7b
--- /dev/null
+++ b/src/chrome/content/rules/JS.org.xml
@@ -0,0 +1,1800 @@
+<!--
+	See https://github.com/js-org/dns.js.org/blob/master/cnames_active.js for JS.org subdomain list.
+
+	Mismatched hosts in js.org*:
+
+		- 101
+		- 7anshuai
+		- 8art
+		- akase
+		- akashacms
+		- alasql
+		- algebra
+		- aligos
+		- all
+		- alt
+		- anenth
+		- anggao
+		- angular-jsf
+		- angularstompdk
+		- annotate
+		- annoyingmouse
+		- api-spec
+		- apicluster
+		- aping
+		- apod
+		- argo
+		- arime
+		- artery
+		- astral
+		- astrobench
+		- autodocs
+		- avi
+		- avner
+		- awal
+		- awk
+		- backlog
+		- badger
+		- badrudeen
+		- barcelona
+		- bash
+		- basicgame
+		- begin
+		- bildepunkt
+		- bind-action-dispatchers
+		- biu
+		- blogpage
+		- bodybuilder
+		- bootstrap-confirmation
+		- bornaeon
+		- box
+		- bplayer
+		- brandonmerritt
+		- brexit-regrets
+		- bricklayer
+		- brum
+		- bunyan-fork
+		- bunyan-pmx
+		- bunyan-serializer
+		- burst
+		- bustime
+		- cable
+		- calcy
+		- calendarios
+		- cans
+		- cartodb-demo
+		- central-node
+		- chimon2000
+		- chrislaughlin
+		- chrismendis
+		- christo
+		- chronos
+		- clockwork
+		- cn.mobx
+		- cn.redux
+		- cn.rx
+		- codemade
+		- collegequest
+		- comixngn
+		- commandfox
+		- concursos
+		- construyendotrabajo
+		- contextify
+		- cordova-multiplatform-template
+		- cote
+		- country
+		- cqrs
+		- crunch
+		- cucumber-mink
+		- cyclow
+		- danmol
+		- date
+		- daysfromnow
+		- dbo
+		- delegacias-fortaleza
+		- denisvieira
+		- deputy
+		- detect-resize
+		- dgelong
+		- diffract
+		- dinesh
+		- distillery
+		- documentation
+		- donavon
+		- dope
+		- dplayer
+		- draft
+		- drag
+		- dragon
+		- du
+		- duffn
+		- dutchakdev
+		- elf
+		- elliot
+		- ember-cli-page-object
+		- emeraldcraftmc
+		- emulisp
+		- enclave
+		- eray
+		- erik
+		- es.redux
+		- es2015-node
+		- escape
+		- euclid
+		- eval
+		- eventstore
+		- exbars
+		- extraction
+		- farfetchd
+		- fcbosque
+		- fela
+		- festercluck
+		- finder
+		- fire-hydrant
+		- firenze
+		- fis
+		- flexmasonry
+		- flowchart
+		- fluxoff
+		- fortune
+		- freemarker
+		- gal
+		- gamedevcontestal
+		- geekr
+		- genpasswd
+		- getlink
+		- ghsamm
+		- giant-piano
+		- goodseller
+		- graphics2d
+		- grapnel
+		- greg
+		- grep
+		- gridsplit
+		- gruft
+		- guillotine
+		- guiseek
+		- gully
+		- gun
+		- guuibayer
+		- gyre
+		- h
+		- halil
+		- haloapi
+		- happy
+		- hask
+		- heartseekers
+		- hello
+		- hilo
+		- hk
+		- hooloo
+		- humanreadable
+		- hyde
+		- igorsantana
+		- iio
+		- immense
+		- immybox
+		- ip-address
+		- is
+		- ishan
+		- italia
+		- itsashis4u
+		- ivml
+		- j2p
+		- jacques
+		- jakarta
+		- jakejarrett
+		- jalbertbowden
+		- james
+		- jargon
+		- jbone
+		- jjlc
+		- jogja
+		- josuedanielbust
+		- jsnippet
+		- json-schema-faker
+		- juancarlosqr
+		- julien
+		- juno-106
+		- jus
+		- jwt-autorefresh
+		- kalm
+		- karl
+		- kelvinho
+		- konsumer
+		- labelauty
+		- lambda
+		- laubstein
+		- lean-stack
+		- leandro
+		- learnGitBranching
+		- leipzig
+		- leoj
+		- leste
+		- liguori
+		- localsync
+		- magnet
+		- martin
+		- martingollogly
+		- marxist
+		- matthias-schuetz
+		- maxnachlinger
+		- maxtracking
+		- mc
+		- medan
+		- medium-header
+		- meiosis
+		- mesh
+		- mf
+		- miguelsr
+		- mingyi
+		- minigrid
+		- mis101bird
+		- mithril-ja
+		- mmcq
+		- mockjs-lite
+		- modalizer
+		- mol
+		- momentum
+		- motapc
+		- mpe
+		- mrn
+		- murder
+		- mvc
+		- mvidalgarcia
+		- n
+		- n-j-m
+		- nanimation
+		- ncms
+		- ncub8
+		- nemo
+		- nflow
+		- ng-wig
+		- ngirc
+		- ngn
+		- nick
+		- nktx
+		- node-browser_process
+		- noted
+		- noteit
+		- nsp
+		- nsptiles
+		- nvanthao
+		- objectmodel
+		- omega
+		- omer
+		- onedesert
+		- pad
+		- pagination
+		- pamatcher
+		- panza
+		- paperclip
+		- paraiba
+		- parametric-svg
+		- pastebin-alert
+		- pathtrace
+		- paul
+		- pdfutils
+		- pdp-elements
+		- penn-sdk
+		- pentris
+		- pharaoh
+		- photo-sphere-viewer
+		- pinf
+		- pipes
+		- pitermarx
+		- pixelart
+		- planisphere
+		- pliers
+		- poegems
+		- polythene
+		- porter
+		- qs
+		- querybuilder
+		- quiz-app
+		- quiz-revamped
+		- rad
+		- radial
+		- rafaelmangolin
+		- rag
+		- rahul
+		- rangeslider
+		- rdf
+		- react-autosuggest
+		- react-autowhatever
+		- react-day-picker
+		- react-easy-swipe
+		- react-responsive-carousel
+		- react-shared
+		- reactdesktop
+		- reader
+		- realtime
+		- rebem
+		- redis
+		- reduce
+		- redux
+		- redux-undo
+		- redux-webpack-boilerplate
+		- reduxible
+		- refraction
+		- refujs
+		- rekit
+		- relate
+		- remark
+		- rene
+		- repackage
+		- restjs
+		- rmodal
+		- rp
+		- ruhuman
+		- saadmir
+		- sagui
+		- sam
+		- sass
+		- saulosantiago
+		- savingthrow
+		- schisma
+		- scrolledin
+		- sdk-design
+		- sean
+		- sed
+		- seesaw
+		- segoe-mdl2-css
+		- select_io
+		- selectric
+		- serender
+		- serginator
+		- serializer
+		- shedali
+		- silky
+		- siluna
+		- sirkit
+		- sizle
+		- skate
+		- skx
+		- slang
+		- sn0w
+		- social-likes
+		- social-likes-next
+		- sonny
+		- sox
+		- spectragram
+		- spicdev
+		- spin
+		- spirare
+		- spiritual
+		- spritesheet
+		- spritewerk
+		- starratio
+		- staticinstance
+		- status.diamond
+		- stego
+		- stepan
+		- stephenmccall
+		- style
+		- styletron
+		- sulky
+		- supernova
+		- tagster
+		- talker
+		- tap-flux
+		- tart
+		- techfest
+		- telaviv
+		- telegraf
+		- temple
+		- terminal
+		- textillate
+		- themoviedb
+		- thundercats
+		- timerizer
+		- tint
+		- tinylinux
+		- torino
+		- treviso
+		- trevorgk
+		- ts2jsdoc
+		- tsfp
+		- tydel
+		- u
+		- ukazap
+		- unexpected
+		- uni
+		- upresent
+		- uvcharts
+		- vaguilar
+		- valentin
+		- validator
+		- vico
+		- vinimdocarmo
+		- visualnovel
+		- voloshins
+		- vorpal
+		- vuongdothanhhuy
+		- watch
+		- wayou
+		- weaver
+		- within
+		- wwb
+		- wyfe
+		- xprmntl
+		- xto6
+		- xtype
+		- y86
+		- yah
+		- yargs
+		- youtim
+		- youtube-box
+		- zanyuyu
+		- zazu
+		- zodiac
+		- zombie
+
+	Refused hosts in *js.org:
+
+		- community.os
+
+-->
+<ruleset name="JS.org">
+	<target host="js.org" />
+	<target host="*.js.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+	<exclusion pattern="^http://101\.js\.org/" />
+	<exclusion pattern="^http://7anshuai\.js\.org/" />
+	<exclusion pattern="^http://8art\.js\.org/" />
+	<exclusion pattern="^http://akase\.js\.org/" />
+	<exclusion pattern="^http://akashacms\.js\.org/" />
+	<exclusion pattern="^http://alasql\.js\.org/" />
+	<exclusion pattern="^http://algebra\.js\.org/" />
+	<exclusion pattern="^http://aligos\.js\.org/" />
+	<exclusion pattern="^http://all\.js\.org/" />
+	<exclusion pattern="^http://alt\.js\.org/" />
+	<exclusion pattern="^http://anenth\.js\.org/" />
+	<exclusion pattern="^http://anggao\.js\.org/" />
+	<exclusion pattern="^http://angular-jsf\.js\.org/" />
+	<exclusion pattern="^http://angularstompdk\.js\.org/" />
+	<exclusion pattern="^http://annotate\.js\.org/" />
+	<exclusion pattern="^http://annoyingmouse\.js\.org/" />
+	<exclusion pattern="^http://api-spec\.js\.org/" />
+	<exclusion pattern="^http://apicluster\.js\.org/" />
+	<exclusion pattern="^http://aping\.js\.org/" />
+	<exclusion pattern="^http://apod\.js\.org/" />
+	<exclusion pattern="^http://argo\.js\.org/" />
+	<exclusion pattern="^http://arime\.js\.org/" />
+	<exclusion pattern="^http://artery\.js\.org/" />
+	<exclusion pattern="^http://astral\.js\.org/" />
+	<exclusion pattern="^http://astrobench\.js\.org/" />
+	<exclusion pattern="^http://autodocs\.js\.org/" />
+	<exclusion pattern="^http://avi\.js\.org/" />
+	<exclusion pattern="^http://avner\.js\.org/" />
+	<exclusion pattern="^http://awal\.js\.org/" />
+	<exclusion pattern="^http://awk\.js\.org/" />
+	<exclusion pattern="^http://backlog\.js\.org/" />
+	<exclusion pattern="^http://badger\.js\.org/" />
+	<exclusion pattern="^http://badrudeen\.js\.org/" />
+	<exclusion pattern="^http://barcelona\.js\.org/" />
+	<exclusion pattern="^http://bash\.js\.org/" />
+	<exclusion pattern="^http://basicgame\.js\.org/" />
+	<exclusion pattern="^http://begin\.js\.org/" />
+	<exclusion pattern="^http://bildepunkt\.js\.org/" />
+	<exclusion pattern="^http://bind-action-dispatchers\.js\.org/" />
+	<exclusion pattern="^http://biu\.js\.org/" />
+	<exclusion pattern="^http://blogpage\.js\.org/" />
+	<exclusion pattern="^http://bodybuilder\.js\.org/" />
+	<exclusion pattern="^http://bootstrap-confirmation\.js\.org/" />
+	<exclusion pattern="^http://bornaeon\.js\.org/" />
+	<exclusion pattern="^http://box\.js\.org/" />
+	<exclusion pattern="^http://bplayer\.js\.org/" />
+	<exclusion pattern="^http://brandonmerritt\.js\.org/" />
+	<exclusion pattern="^http://brexit-regrets\.js\.org/" />
+	<exclusion pattern="^http://bricklayer\.js\.org/" />
+	<exclusion pattern="^http://brum\.js\.org/" />
+	<exclusion pattern="^http://bunyan-fork\.js\.org/" />
+	<exclusion pattern="^http://bunyan-pmx\.js\.org/" />
+	<exclusion pattern="^http://bunyan-serializer\.js\.org/" />
+	<exclusion pattern="^http://burst\.js\.org/" />
+	<exclusion pattern="^http://bustime\.js\.org/" />
+	<exclusion pattern="^http://cable\.js\.org/" />
+	<exclusion pattern="^http://calcy\.js\.org/" />
+	<exclusion pattern="^http://calendarios\.js\.org/" />
+	<exclusion pattern="^http://cans\.js\.org/" />
+	<exclusion pattern="^http://cartodb-demo\.js\.org/" />
+	<exclusion pattern="^http://central-node\.js\.org/" />
+	<exclusion pattern="^http://chimon2000\.js\.org/" />
+	<exclusion pattern="^http://chrislaughlin\.js\.org/" />
+	<exclusion pattern="^http://chrismendis\.js\.org/" />
+	<exclusion pattern="^http://christo\.js\.org/" />
+	<exclusion pattern="^http://chronos\.js\.org/" />
+	<exclusion pattern="^http://clockwork\.js\.org/" />
+	<exclusion pattern="^http://cn\.mobx\.js\.org/" />
+	<exclusion pattern="^http://cn\.redux\.js\.org/" />
+	<exclusion pattern="^http://cn\.rx\.js\.org/" />
+	<exclusion pattern="^http://codemade\.js\.org/" />
+	<exclusion pattern="^http://collegequest\.js\.org/" />
+	<exclusion pattern="^http://comixngn\.js\.org/" />
+	<exclusion pattern="^http://commandfox\.js\.org/" />
+	<exclusion pattern="^http://community\.os\.js\.org/" />
+	<exclusion pattern="^http://concursos\.js\.org/" />
+	<exclusion pattern="^http://construyendotrabajo\.js\.org/" />
+	<exclusion pattern="^http://contextify\.js\.org/" />
+	<exclusion pattern="^http://cordova-multiplatform-template\.js\.org/" />
+	<exclusion pattern="^http://cote\.js\.org/" />
+	<exclusion pattern="^http://country\.js\.org/" />
+	<exclusion pattern="^http://cqrs\.js\.org/" />
+	<exclusion pattern="^http://crunch\.js\.org/" />
+	<exclusion pattern="^http://cucumber-mink\.js\.org/" />
+	<exclusion pattern="^http://cyclow\.js\.org/" />
+	<exclusion pattern="^http://danmol\.js\.org/" />
+	<exclusion pattern="^http://date\.js\.org/" />
+	<exclusion pattern="^http://daysfromnow\.js\.org/" />
+	<exclusion pattern="^http://dbo\.js\.org/" />
+	<exclusion pattern="^http://delegacias-fortaleza\.js\.org/" />
+	<exclusion pattern="^http://denisvieira\.js\.org/" />
+	<exclusion pattern="^http://deputy\.js\.org/" />
+	<exclusion pattern="^http://detect-resize\.js\.org/" />
+	<exclusion pattern="^http://dgelong\.js\.org/" />
+	<exclusion pattern="^http://diffract\.js\.org/" />
+	<exclusion pattern="^http://dinesh\.js\.org/" />
+	<exclusion pattern="^http://distillery\.js\.org/" />
+	<exclusion pattern="^http://documentation\.js\.org/" />
+	<exclusion pattern="^http://donavon\.js\.org/" />
+	<exclusion pattern="^http://dope\.js\.org/" />
+	<exclusion pattern="^http://dplayer\.js\.org/" />
+	<exclusion pattern="^http://draft\.js\.org/" />
+	<exclusion pattern="^http://drag\.js\.org/" />
+	<exclusion pattern="^http://dragon\.js\.org/" />
+	<exclusion pattern="^http://du\.js\.org/" />
+	<exclusion pattern="^http://duffn\.js\.org/" />
+	<exclusion pattern="^http://dutchakdev\.js\.org/" />
+	<exclusion pattern="^http://elf\.js\.org/" />
+	<exclusion pattern="^http://elliot\.js\.org/" />
+	<exclusion pattern="^http://ember-cli-page-object\.js\.org/" />
+	<exclusion pattern="^http://emeraldcraftmc\.js\.org/" />
+	<exclusion pattern="^http://emulisp\.js\.org/" />
+	<exclusion pattern="^http://enclave\.js\.org/" />
+	<exclusion pattern="^http://eray\.js\.org/" />
+	<exclusion pattern="^http://erik\.js\.org/" />
+	<exclusion pattern="^http://es\.redux\.js\.org/" />
+	<exclusion pattern="^http://es2015-node\.js\.org/" />
+	<exclusion pattern="^http://escape\.js\.org/" />
+	<exclusion pattern="^http://euclid\.js\.org/" />
+	<exclusion pattern="^http://eval\.js\.org/" />
+	<exclusion pattern="^http://eventstore\.js\.org/" />
+	<exclusion pattern="^http://exbars\.js\.org/" />
+	<exclusion pattern="^http://extraction\.js\.org/" />
+	<exclusion pattern="^http://farfetchd\.js\.org/" />
+	<exclusion pattern="^http://fcbosque\.js\.org/" />
+	<exclusion pattern="^http://fela\.js\.org/" />
+	<exclusion pattern="^http://festercluck\.js\.org/" />
+	<exclusion pattern="^http://finder\.js\.org/" />
+	<exclusion pattern="^http://fire-hydrant\.js\.org/" />
+	<exclusion pattern="^http://firenze\.js\.org/" />
+	<exclusion pattern="^http://fis\.js\.org/" />
+	<exclusion pattern="^http://flexmasonry\.js\.org/" />
+	<exclusion pattern="^http://flowchart\.js\.org/" />
+	<exclusion pattern="^http://fluxoff\.js\.org/" />
+	<exclusion pattern="^http://fortune\.js\.org/" />
+	<exclusion pattern="^http://freemarker\.js\.org/" />
+	<exclusion pattern="^http://gal\.js\.org/" />
+	<exclusion pattern="^http://gamedevcontestal\.js\.org/" />
+	<exclusion pattern="^http://geekr\.js\.org/" />
+	<exclusion pattern="^http://genpasswd\.js\.org/" />
+	<exclusion pattern="^http://getlink\.js\.org/" />
+	<exclusion pattern="^http://ghsamm\.js\.org/" />
+	<exclusion pattern="^http://giant-piano\.js\.org/" />
+	<exclusion pattern="^http://goodseller\.js\.org/" />
+	<exclusion pattern="^http://graphics2d\.js\.org/" />
+	<exclusion pattern="^http://grapnel\.js\.org/" />
+	<exclusion pattern="^http://greg\.js\.org/" />
+	<exclusion pattern="^http://grep\.js\.org/" />
+	<exclusion pattern="^http://gridsplit\.js\.org/" />
+	<exclusion pattern="^http://gruft\.js\.org/" />
+	<exclusion pattern="^http://guillotine\.js\.org/" />
+	<exclusion pattern="^http://guiseek\.js\.org/" />
+	<exclusion pattern="^http://gully\.js\.org/" />
+	<exclusion pattern="^http://gun\.js\.org/" />
+	<exclusion pattern="^http://guuibayer\.js\.org/" />
+	<exclusion pattern="^http://gyre\.js\.org/" />
+	<exclusion pattern="^http://h\.js\.org/" />
+	<exclusion pattern="^http://halil\.js\.org/" />
+	<exclusion pattern="^http://haloapi\.js\.org/" />
+	<exclusion pattern="^http://happy\.js\.org/" />
+	<exclusion pattern="^http://hask\.js\.org/" />
+	<exclusion pattern="^http://heartseekers\.js\.org/" />
+	<exclusion pattern="^http://hello\.js\.org/" />
+	<exclusion pattern="^http://hilo\.js\.org/" />
+	<exclusion pattern="^http://hk\.js\.org/" />
+	<exclusion pattern="^http://hooloo\.js\.org/" />
+	<exclusion pattern="^http://humanreadable\.js\.org/" />
+	<exclusion pattern="^http://hyde\.js\.org/" />
+	<exclusion pattern="^http://igorsantana\.js\.org/" />
+	<exclusion pattern="^http://iio\.js\.org/" />
+	<exclusion pattern="^http://immense\.js\.org/" />
+	<exclusion pattern="^http://immybox\.js\.org/" />
+	<exclusion pattern="^http://ip-address\.js\.org/" />
+	<exclusion pattern="^http://is\.js\.org/" />
+	<exclusion pattern="^http://ishan\.js\.org/" />
+	<exclusion pattern="^http://italia\.js\.org/" />
+	<exclusion pattern="^http://itsashis4u\.js\.org/" />
+	<exclusion pattern="^http://ivml\.js\.org/" />
+	<exclusion pattern="^http://j2p\.js\.org/" />
+	<exclusion pattern="^http://jacques\.js\.org/" />
+	<exclusion pattern="^http://jakarta\.js\.org/" />
+	<exclusion pattern="^http://jakejarrett\.js\.org/" />
+	<exclusion pattern="^http://jalbertbowden\.js\.org/" />
+	<exclusion pattern="^http://james\.js\.org/" />
+	<exclusion pattern="^http://jargon\.js\.org/" />
+	<exclusion pattern="^http://jbone\.js\.org/" />
+	<exclusion pattern="^http://jjlc\.js\.org/" />
+	<exclusion pattern="^http://jogja\.js\.org/" />
+	<exclusion pattern="^http://josuedanielbust\.js\.org/" />
+	<exclusion pattern="^http://jsnippet\.js\.org/" />
+	<exclusion pattern="^http://json-schema-faker\.js\.org/" />
+	<exclusion pattern="^http://juancarlosqr\.js\.org/" />
+	<exclusion pattern="^http://julien\.js\.org/" />
+	<exclusion pattern="^http://juno-106\.js\.org/" />
+	<exclusion pattern="^http://jus\.js\.org/" />
+	<exclusion pattern="^http://jwt-autorefresh\.js\.org/" />
+	<exclusion pattern="^http://kalm\.js\.org/" />
+	<exclusion pattern="^http://karl\.js\.org/" />
+	<exclusion pattern="^http://kelvinho\.js\.org/" />
+	<exclusion pattern="^http://konsumer\.js\.org/" />
+	<exclusion pattern="^http://labelauty\.js\.org/" />
+	<exclusion pattern="^http://lambda\.js\.org/" />
+	<exclusion pattern="^http://laubstein\.js\.org/" />
+	<exclusion pattern="^http://lean-stack\.js\.org/" />
+	<exclusion pattern="^http://leandro\.js\.org/" />
+	<exclusion pattern="^http://learnGitBranching\.js\.org/" />
+	<exclusion pattern="^http://leipzig\.js\.org/" />
+	<exclusion pattern="^http://leoj\.js\.org/" />
+	<exclusion pattern="^http://leste\.js\.org/" />
+	<exclusion pattern="^http://liguori\.js\.org/" />
+	<exclusion pattern="^http://localsync\.js\.org/" />
+	<exclusion pattern="^http://magnet\.js\.org/" />
+	<exclusion pattern="^http://martin\.js\.org/" />
+	<exclusion pattern="^http://martingollogly\.js\.org/" />
+	<exclusion pattern="^http://marxist\.js\.org/" />
+	<exclusion pattern="^http://matthias-schuetz\.js\.org/" />
+	<exclusion pattern="^http://maxnachlinger\.js\.org/" />
+	<exclusion pattern="^http://maxtracking\.js\.org/" />
+	<exclusion pattern="^http://mc\.js\.org/" />
+	<exclusion pattern="^http://medan\.js\.org/" />
+	<exclusion pattern="^http://medium-header\.js\.org/" />
+	<exclusion pattern="^http://meiosis\.js\.org/" />
+	<exclusion pattern="^http://mesh\.js\.org/" />
+	<exclusion pattern="^http://mf\.js\.org/" />
+	<exclusion pattern="^http://miguelsr\.js\.org/" />
+	<exclusion pattern="^http://mingyi\.js\.org/" />
+	<exclusion pattern="^http://minigrid\.js\.org/" />
+	<exclusion pattern="^http://mis101bird\.js\.org/" />
+	<exclusion pattern="^http://mithril-ja\.js\.org/" />
+	<exclusion pattern="^http://mmcq\.js\.org/" />
+	<exclusion pattern="^http://mockjs-lite\.js\.org/" />
+	<exclusion pattern="^http://modalizer\.js\.org/" />
+	<exclusion pattern="^http://mol\.js\.org/" />
+	<exclusion pattern="^http://momentum\.js\.org/" />
+	<exclusion pattern="^http://motapc\.js\.org/" />
+	<exclusion pattern="^http://mpe\.js\.org/" />
+	<exclusion pattern="^http://mrn\.js\.org/" />
+	<exclusion pattern="^http://murder\.js\.org/" />
+	<exclusion pattern="^http://mvc\.js\.org/" />
+	<exclusion pattern="^http://mvidalgarcia\.js\.org/" />
+	<exclusion pattern="^http://n\.js\.org/" />
+	<exclusion pattern="^http://n-j-m\.js\.org/" />
+	<exclusion pattern="^http://nanimation\.js\.org/" />
+	<exclusion pattern="^http://ncms\.js\.org/" />
+	<exclusion pattern="^http://ncub8\.js\.org/" />
+	<exclusion pattern="^http://nemo\.js\.org/" />
+	<exclusion pattern="^http://nflow\.js\.org/" />
+	<exclusion pattern="^http://ng-wig\.js\.org/" />
+	<exclusion pattern="^http://ngirc\.js\.org/" />
+	<exclusion pattern="^http://ngn\.js\.org/" />
+	<exclusion pattern="^http://nick\.js\.org/" />
+	<exclusion pattern="^http://nktx\.js\.org/" />
+	<exclusion pattern="^http://node-browser_process\.js\.org/" />
+	<exclusion pattern="^http://noted\.js\.org/" />
+	<exclusion pattern="^http://noteit\.js\.org/" />
+	<exclusion pattern="^http://nsp\.js\.org/" />
+	<exclusion pattern="^http://nsptiles\.js\.org/" />
+	<exclusion pattern="^http://nvanthao\.js\.org/" />
+	<exclusion pattern="^http://objectmodel\.js\.org/" />
+	<exclusion pattern="^http://omega\.js\.org/" />
+	<exclusion pattern="^http://omer\.js\.org/" />
+	<exclusion pattern="^http://onedesert\.js\.org/" />
+	<exclusion pattern="^http://pad\.js\.org/" />
+	<exclusion pattern="^http://pagination\.js\.org/" />
+	<exclusion pattern="^http://pamatcher\.js\.org/" />
+	<exclusion pattern="^http://panza\.js\.org/" />
+	<exclusion pattern="^http://paperclip\.js\.org/" />
+	<exclusion pattern="^http://paraiba\.js\.org/" />
+	<exclusion pattern="^http://parametric-svg\.js\.org/" />
+	<exclusion pattern="^http://pastebin-alert\.js\.org/" />
+	<exclusion pattern="^http://pathtrace\.js\.org/" />
+	<exclusion pattern="^http://paul\.js\.org/" />
+	<exclusion pattern="^http://pdfutils\.js\.org/" />
+	<exclusion pattern="^http://pdp-elements\.js\.org/" />
+	<exclusion pattern="^http://penn-sdk\.js\.org/" />
+	<exclusion pattern="^http://pentris\.js\.org/" />
+	<exclusion pattern="^http://pharaoh\.js\.org/" />
+	<exclusion pattern="^http://photo-sphere-viewer\.js\.org/" />
+	<exclusion pattern="^http://pinf\.js\.org/" />
+	<exclusion pattern="^http://pipes\.js\.org/" />
+	<exclusion pattern="^http://pitermarx\.js\.org/" />
+	<exclusion pattern="^http://pixelart\.js\.org/" />
+	<exclusion pattern="^http://planisphere\.js\.org/" />
+	<exclusion pattern="^http://pliers\.js\.org/" />
+	<exclusion pattern="^http://poegems\.js\.org/" />
+	<exclusion pattern="^http://polythene\.js\.org/" />
+	<exclusion pattern="^http://porter\.js\.org/" />
+	<exclusion pattern="^http://qs\.js\.org/" />
+	<exclusion pattern="^http://querybuilder\.js\.org/" />
+	<exclusion pattern="^http://quiz-app\.js\.org/" />
+	<exclusion pattern="^http://quiz-revamped\.js\.org/" />
+	<exclusion pattern="^http://rad\.js\.org/" />
+	<exclusion pattern="^http://radial\.js\.org/" />
+	<exclusion pattern="^http://rafaelmangolin\.js\.org/" />
+	<exclusion pattern="^http://rag\.js\.org/" />
+	<exclusion pattern="^http://rahul\.js\.org/" />
+	<exclusion pattern="^http://rangeslider\.js\.org/" />
+	<exclusion pattern="^http://rdf\.js\.org/" />
+	<exclusion pattern="^http://react-autosuggest\.js\.org/" />
+	<exclusion pattern="^http://react-autowhatever\.js\.org/" />
+	<exclusion pattern="^http://react-day-picker\.js\.org/" />
+	<exclusion pattern="^http://react-easy-swipe\.js\.org/" />
+	<exclusion pattern="^http://react-responsive-carousel\.js\.org/" />
+	<exclusion pattern="^http://react-shared\.js\.org/" />
+	<exclusion pattern="^http://reactdesktop\.js\.org/" />
+	<exclusion pattern="^http://reader\.js\.org/" />
+	<exclusion pattern="^http://realtime\.js\.org/" />
+	<exclusion pattern="^http://rebem\.js\.org/" />
+	<exclusion pattern="^http://redis\.js\.org/" />
+	<exclusion pattern="^http://reduce\.js\.org/" />
+	<exclusion pattern="^http://redux-undo\.js\.org/" />
+	<exclusion pattern="^http://redux-webpack-boilerplate\.js\.org/" />
+	<exclusion pattern="^http://redux\.js\.org/" />
+	<exclusion pattern="^http://reduxible\.js\.org/" />
+	<exclusion pattern="^http://refraction\.js\.org/" />
+	<exclusion pattern="^http://refujs\.js\.org/" />
+	<exclusion pattern="^http://rekit\.js\.org/" />
+	<exclusion pattern="^http://relate\.js\.org/" />
+	<exclusion pattern="^http://remark\.js\.org/" />
+	<exclusion pattern="^http://rene\.js\.org/" />
+	<exclusion pattern="^http://repackage\.js\.org/" />
+	<exclusion pattern="^http://request\.js\.org/" />
+	<exclusion pattern="^http://restjs\.js\.org/" />
+	<exclusion pattern="^http://rmodal\.js\.org/" />
+	<exclusion pattern="^http://rp\.js\.org/" />
+	<exclusion pattern="^http://ruhuman\.js\.org/" />
+	<exclusion pattern="^http://saadmir\.js\.org/" />
+	<exclusion pattern="^http://sagui\.js\.org/" />
+	<exclusion pattern="^http://sam\.js\.org/" />
+	<exclusion pattern="^http://sass\.js\.org/" />
+	<exclusion pattern="^http://saulosantiago\.js\.org/" />
+	<exclusion pattern="^http://savingthrow\.js\.org/" />
+	<exclusion pattern="^http://schisma\.js\.org/" />
+	<exclusion pattern="^http://scrolledin\.js\.org/" />
+	<exclusion pattern="^http://sdk-design\.js\.org/" />
+	<exclusion pattern="^http://sean\.js\.org/" />
+	<exclusion pattern="^http://sed\.js\.org/" />
+	<exclusion pattern="^http://seesaw\.js\.org/" />
+	<exclusion pattern="^http://segoe-mdl2-css\.js\.org/" />
+	<exclusion pattern="^http://select_io\.js\.org/" />
+	<exclusion pattern="^http://selectric\.js\.org/" />
+	<exclusion pattern="^http://serender\.js\.org/" />
+	<exclusion pattern="^http://serginator\.js\.org/" />
+	<exclusion pattern="^http://serializer\.js\.org/" />
+	<exclusion pattern="^http://shedali\.js\.org/" />
+	<exclusion pattern="^http://silky\.js\.org/" />
+	<exclusion pattern="^http://siluna\.js\.org/" />
+	<exclusion pattern="^http://sirkit\.js\.org/" />
+	<exclusion pattern="^http://sizle\.js\.org/" />
+	<exclusion pattern="^http://skate\.js\.org/" />
+	<exclusion pattern="^http://skx\.js\.org/" />
+	<exclusion pattern="^http://slang\.js\.org/" />
+	<exclusion pattern="^http://sn0w\.js\.org/" />
+	<exclusion pattern="^http://social-likes-next\.js\.org/" />
+	<exclusion pattern="^http://social-likes\.js\.org/" />
+	<exclusion pattern="^http://sonny\.js\.org/" />
+	<exclusion pattern="^http://sox\.js\.org/" />
+	<exclusion pattern="^http://spectragram\.js\.org/" />
+	<exclusion pattern="^http://spicdev\.js\.org/" />
+	<exclusion pattern="^http://spin\.js\.org/" />
+	<exclusion pattern="^http://spirare\.js\.org/" />
+	<exclusion pattern="^http://spiritual\.js\.org/" />
+	<exclusion pattern="^http://spritesheet\.js\.org/" />
+	<exclusion pattern="^http://spritewerk\.js\.org/" />
+	<exclusion pattern="^http://starratio\.js\.org/" />
+	<exclusion pattern="^http://staticinstance\.js\.org/" />
+	<exclusion pattern="^http://status\.diamond\.js\.org/" />
+	<exclusion pattern="^http://stego\.js\.org/" />
+	<exclusion pattern="^http://stepan\.js\.org/" />
+	<exclusion pattern="^http://stephenmccall\.js\.org/" />
+	<exclusion pattern="^http://style\.js\.org/" />
+	<exclusion pattern="^http://styletron\.js\.org/" />
+	<exclusion pattern="^http://sulky\.js\.org/" />
+	<exclusion pattern="^http://supernova\.js\.org/" />
+	<exclusion pattern="^http://tagster\.js\.org/" />
+	<exclusion pattern="^http://talker\.js\.org/" />
+	<exclusion pattern="^http://tap-flux\.js\.org/" />
+	<exclusion pattern="^http://tart\.js\.org/" />
+	<exclusion pattern="^http://techfest\.js\.org/" />
+	<exclusion pattern="^http://telaviv\.js\.org/" />
+	<exclusion pattern="^http://telegraf\.js\.org/" />
+	<exclusion pattern="^http://temple\.js\.org/" />
+	<exclusion pattern="^http://terminal\.js\.org/" />
+	<exclusion pattern="^http://textillate\.js\.org/" />
+	<exclusion pattern="^http://themoviedb\.js\.org/" />
+	<exclusion pattern="^http://thundercats\.js\.org/" />
+	<exclusion pattern="^http://timerizer\.js\.org/" />
+	<exclusion pattern="^http://tint\.js\.org/" />
+	<exclusion pattern="^http://tinylinux\.js\.org/" />
+	<exclusion pattern="^http://torino\.js\.org/" />
+	<exclusion pattern="^http://treviso\.js\.org/" />
+	<exclusion pattern="^http://trevorgk\.js\.org/" />
+	<exclusion pattern="^http://ts2jsdoc\.js\.org/" />
+	<exclusion pattern="^http://tsfp\.js\.org/" />
+	<exclusion pattern="^http://tydel\.js\.org/" />
+	<exclusion pattern="^http://u\.js\.org/" />
+	<exclusion pattern="^http://ukazap\.js\.org/" />
+	<exclusion pattern="^http://unexpected\.js\.org/" />
+	<exclusion pattern="^http://uni\.js\.org/" />
+	<exclusion pattern="^http://upresent\.js\.org/" />
+	<exclusion pattern="^http://uvcharts\.js\.org/" />
+	<exclusion pattern="^http://vaguilar\.js\.org/" />
+	<exclusion pattern="^http://valentin\.js\.org/" />
+	<exclusion pattern="^http://validator\.js\.org/" />
+	<exclusion pattern="^http://vico\.js\.org/" />
+	<exclusion pattern="^http://vinimdocarmo\.js\.org/" />
+	<exclusion pattern="^http://visualnovel\.js\.org/" />
+	<exclusion pattern="^http://voloshins\.js\.org/" />
+	<exclusion pattern="^http://vorpal\.js\.org/" />
+	<exclusion pattern="^http://vuongdothanhhuy\.js\.org/" />
+	<exclusion pattern="^http://watch\.js\.org/" />
+	<exclusion pattern="^http://wayou\.js\.org/" />
+	<exclusion pattern="^http://weaver\.js\.org/" />
+	<exclusion pattern="^http://within\.js\.org/" />
+	<exclusion pattern="^http://wwb\.js\.org/" />
+	<exclusion pattern="^http://wyfe\.js\.org/" />
+	<exclusion pattern="^http://xprmntl\.js\.org/" />
+	<exclusion pattern="^http://xto6\.js\.org/" />
+	<exclusion pattern="^http://xtype\.js\.org/" />
+	<exclusion pattern="^http://y86\.js\.org/" />
+	<exclusion pattern="^http://yah\.js\.org/" />
+	<exclusion pattern="^http://yargs\.js\.org/" />
+	<exclusion pattern="^http://youtim\.js\.org/" />
+	<exclusion pattern="^http://youtube-box\.js\.org/" />
+	<exclusion pattern="^http://zanyuyu\.js\.org/" />
+	<exclusion pattern="^http://zazu\.js\.org/" />
+	<exclusion pattern="^http://zodiac\.js\.org/" />
+	<exclusion pattern="^http://zombie\.js\.org/" />
+
+	<test url="http://www.js.org/" />
+	<test url="http://100dayz.js.org/" />
+	<test url="http://101.js.org/" />
+	<test url="http://7anshuai.js.org/" />
+	<test url="http://8art.js.org/" />
+	<test url="http://abhishek.js.org/" />
+	<test url="http://abialbon.js.org/" />
+	<test url="http://action-u.js.org/" />
+	<test url="http://adon988.js.org/" />
+	<test url="http://aghasemi.js.org/" />
+	<test url="http://agrawalnaman.js.org/" />
+	<test url="http://ajaxable.js.org/" />
+	<test url="http://akase.js.org/" />
+	<test url="http://akashacms.js.org/" />
+	<test url="http://alasql.js.org/" />
+	<test url="http://alek.js.org/" />
+	<test url="http://algebra.js.org/" />
+	<test url="http://alien.js.org/" />
+	<test url="http://aligos.js.org/" />
+	<test url="http://all.js.org/" />
+	<test url="http://almin.js.org/" />
+	<test url="http://alt.js.org/" />
+	<test url="http://alveron.js.org/" />
+	<test url="http://anenth.js.org/" />
+	<test url="http://anggao.js.org/" />
+	<test url="http://angular-jsf.js.org/" />
+	<test url="http://angularstompdk.js.org/" />
+	<test url="http://animo.js.org/" />
+	<test url="http://animorph.js.org/" />
+	<test url="http://ankithjoseph.js.org/" />
+	<test url="http://annotate.js.org/" />
+	<test url="http://annoyingmouse.js.org/" />
+	<test url="http://antwar.js.org/" />
+	<test url="http://anukul.js.org/" />
+	<test url="http://api-spec.js.org/" />
+	<test url="http://apicluster.js.org/" />
+	<test url="http://aping.js.org/" />
+	<test url="http://aplayer.js.org/" />
+	<test url="http://apod.js.org/" />
+	<test url="http://applied.js.org/" />
+	<test url="http://apr.js.org/" />
+	<test url="http://arc.js.org/" />
+	<test url="http://argo.js.org/" />
+	<test url="http://arime.js.org/" />
+	<test url="http://artery.js.org/" />
+	<test url="http://ass.js.org/" />
+	<test url="http://astral.js.org/" />
+	<test url="http://astrobench.js.org/" />
+	<test url="http://astx-redux-util.js.org/" />
+	<test url="http://atavic.js.org/" />
+	<test url="http://atombundles.js.org/" />
+	<test url="http://audio-cat.js.org/" />
+	<test url="http://autodocs.js.org/" />
+	<test url="http://avi.js.org/" />
+	<test url="http://avner.js.org/" />
+	<test url="http://awal.js.org/" />
+	<test url="http://awesomehub.js.org/" />
+	<test url="http://awk.js.org/" />
+	<test url="http://azdanov.js.org/" />
+	<test url="http://backlog.js.org/" />
+	<test url="http://badger.js.org/" />
+	<test url="http://badrudeen.js.org/" />
+	<test url="http://bali.js.org/" />
+	<test url="http://bandung.js.org/" />
+	<test url="http://barbagrigia.js.org/" />
+	<test url="http://barcelona.js.org/" />
+	<test url="http://bash.js.org/" />
+	<test url="http://basicgame.js.org/" />
+	<test url="http://bastion.js.org/" />
+	<test url="http://bc.js.org/" />
+	<test url="http://be.js.org/" />
+	<test url="http://begin.js.org/" />
+	<test url="http://bestof.js.org/" />
+	<test url="http://bildepunkt.js.org/" />
+	<test url="http://bind-action-dispatchers.js.org/" />
+	<test url="http://biu.js.org/" />
+	<test url="http://blogpage.js.org/" />
+	<test url="http://bloomer.js.org/" />
+	<test url="http://bodybuilder.js.org/" />
+	<test url="http://bombsweeper.js.org/" />
+	<test url="http://bonzibuddy.js.org/" />
+	<test url="http://bool.js.org/" />
+	<test url="http://bootstrap-confirmation.js.org/" />
+	<test url="http://bootstrap-validate.js.org/" />
+	<test url="http://bootstrap-vue.js.org/" />
+	<test url="http://bornaeon.js.org/" />
+	<test url="http://botgram.js.org/" />
+	<test url="http://boundless.js.org/" />
+	<test url="http://box.js.org/" />
+	<test url="http://bplayer.js.org/" />
+	<test url="http://brain.js.org/" />
+	<test url="http://brandifyjs.js.org/" />
+	<test url="http://brandonmerritt.js.org/" />
+	<test url="http://brexit.js.org/" />
+	<test url="http://brexit-regrets.js.org/" />
+	<test url="http://bricklayer.js.org/" />
+	<test url="http://bris.js.org/" />
+	<test url="http://brum.js.org/" />
+	<test url="http://bunyan-fork.js.org/" />
+	<test url="http://bunyan-pmx.js.org/" />
+	<test url="http://bunyan-serializer.js.org/" />
+	<test url="http://burst.js.org/" />
+	<test url="http://bustime.js.org/" />
+	<test url="http://c-3po.js.org/" />
+	<test url="http://cable.js.org/" />
+	<test url="http://caffeine.js.org/" />
+	<test url="http://cagatay.js.org/" />
+	<test url="http://calcy.js.org/" />
+	<test url="http://calendarios.js.org/" />
+	<test url="http://candyland.js.org/" />
+	<test url="http://cans.js.org/" />
+	<test url="http://canvas.js.org/" />
+	<test url="http://capital.js.org/" />
+	<test url="http://cardtabs.js.org/" />
+	<test url="http://capsid.js.org/" />
+	<test url="http://capsule.js.org/" />
+	<test url="http://cartodb-demo.js.org/" />
+	<test url="http://cassie.js.org/" />
+	<test url="http://central-node.js.org/" />
+	<test url="http://chain-able.js.org/" />
+	<test url="http://chatexchange.js.org/" />
+	<test url="http://checklist.js.org/" />
+	<test url="http://cheerio.js.org/" />
+	<test url="http://chernivtsi.js.org/" />
+	<test url="http://chimon2000.js.org/" />
+	<test url="http://chirashi.js.org/" />
+	<test url="http://chrislaughlin.js.org/" />
+	<test url="http://chrismendis.js.org/" />
+	<test url="http://christo.js.org/" />
+	<test url="http://chronos.js.org/" />
+	<test url="http://cineasta.js.org/" />
+	<test url="http://citation.js.org/" />
+	<test url="http://city.js.org/" />
+	<test url="http://ck.js.org/" />
+	<test url="http://clause.js.org/" />
+	<test url="http://clevercord.js.org/" />
+	<test url="http://clockwork.js.org/" />
+	<test url="http://clusterize.js.org/" />
+	<test url="http://cmbhackjs2013.js.org/" />
+	<test url="http://cn.mobx.js.org/" />
+	<test url="http://cn.redux.js.org/" />
+	<test url="http://cn.rx.js.org/" />
+	<test url="http://cnc.js.org/" />
+	<test url="http://codemade.js.org/" />
+	<test url="http://codepan.js.org/" />
+	<test url="http://codux.js.org/" />
+	<test url="http://coffea.js.org/" />
+	<test url="http://collegequest.js.org/" />
+	<test url="http://colombo.js.org/" />
+	<test url="http://comixngn.js.org/" />
+	<test url="http://commandfox.js.org/" />
+	<test url="http://community.os.js.org/" />
+	<test url="http://concursos.js.org/" />
+	<test url="http://construyendotrabajo.js.org/" />
+	<test url="http://consultant.js.org/" />
+	<test url="http://contextify.js.org/" />
+	<test url="http://cordova-multiplatform-template.js.org/" />
+	<test url="http://cork.js.org/" />
+	<test url="http://cote.js.org/" />
+	<test url="http://country.js.org/" />
+	<test url="http://cplayer.js.org/" />
+	<test url="http://cqrs.js.org/" />
+	<test url="http://cracked.js.org/" />
+	<test url="http://createrest.js.org/" />
+	<test url="http://crunch.js.org/" />
+	<test url="http://cryptokey.js.org/" />
+	<test url="http://cucumber-mink.js.org/" />
+	<test url="http://curi.js.org/" />
+	<test url="http://cybernaut.js.org/" />
+	<test url="http://cycle.js.org/" />
+	<test url="http://cyclow.js.org/" />
+	<test url="http://d4.js.org/" />
+	<test url="http://danmaku.js.org/" />
+	<test url="http://damo.js.org/" />
+	<test url="http://danmol.js.org/" />
+	<test url="http://datastructures.js.org/" />
+	<test url="http://date.js.org/" />
+	<test url="http://davidtaylorjr.js.org/" />
+	<test url="http://daysfromnow.js.org/" />
+	<test url="http://dbo.js.org/" />
+	<test url="http://deck-of-cards.js.org/" />
+	<test url="http://deepu.js.org/" />
+	<test url="http://delegacias-fortaleza.js.org/" />
+	<test url="http://denisvieira.js.org/" />
+	<test url="http://deputy.js.org/" />
+	<test url="http://detect-resize.js.org/" />
+	<test url="http://deterministic.js.org/" />
+	<test url="http://dgelong.js.org/" />
+	<test url="http://diamond.js.org/" />
+	<test url="http://diffract.js.org/" />
+	<test url="http://dinesh.js.org/" />
+	<test url="http://dio.js.org/" />
+	<test url="http://discord.js.org/" />
+	<test url="http://display.js.org/" />
+	<test url="http://distillery.js.org/" />
+	<test url="http://distri.js.org/" />
+	<test url="http://distribution.js.org/" />
+	<test url="http://djzhao.js.org/" />
+	<test url="http://dmitry.js.org/" />
+	<test url="http://dns.js.org/" />
+	<test url="http://docsify.js.org/" />
+	<test url="http://documentation.js.org/" />
+	<test url="http://docute.js.org/" />
+	<test url="http://dodec-design.js.org/" />
+	<test url="http://dogstack.js.org/" />
+	<test url="http://dolphin.js.org/" />
+	<test url="http://domtastic.js.org/" />
+	<test url="http://donavon.js.org/" />
+	<test url="http://dope.js.org/" />
+	<test url="http://dplayer.js.org/" />
+	<test url="http://dprof.js.org/" />
+	<test url="http://draft.js.org/" />
+	<test url="http://drag.js.org/" />
+	<test url="http://dragon.js.org/" />
+	<test url="http://draw.js.org/" />
+	<test url="http://du.js.org/" />
+	<test url="http://duffn.js.org/" />
+	<test url="http://dunedin.js.org/" />
+	<test url="http://dutchakdev.js.org/" />
+	<test url="http://dynamicsnode.js.org/" />
+	<test url="http://eahmed234.js.org/" />
+	<test url="http://ed2k.js.org/" />
+	<test url="http://ef.js.org/" />
+	<test url="http://effectful.js.org/" />
+	<test url="http://elastic-builder.js.org/" />
+	<test url="http://elf.js.org/" />
+	<test url="http://elliot.js.org/" />
+	<test url="http://elmo.js.org/" />
+	<test url="http://embedlam.js.org/" />
+	<test url="http://ember-cli-page-object.js.org/" />
+	<test url="http://ember-electron.js.org/" />
+	<test url="http://emeraldcraftmc.js.org/" />
+	<test url="http://emoji.js.org/" />
+	<test url="http://emojipanel.js.org/" />
+	<test url="http://emulisp.js.org/" />
+	<test url="http://enclave.js.org/" />
+	<test url="http://engui.js.org/" />
+	<test url="http://eq8.js.org/" />
+	<test url="http://eray.js.org/" />
+	<test url="http://eric.js.org/" />
+	<test url="http://erik.js.org/" />
+	<test url="http://es.redux.js.org/" />
+	<test url="http://es2015-node.js.org/" />
+	<test url="http://escape.js.org/" />
+	<test url="http://esper.js.org/" />
+	<test url="http://euc.js.org/" />
+	<test url="http://euclid.js.org/" />
+	<test url="http://eval.js.org/" />
+	<test url="http://event-storage.js.org/" />
+	<test url="http://eventstore.js.org/" />
+	<test url="http://exbars.js.org/" />
+	<test url="http://express-saml2.js.org/" />
+	<test url="http://extenso.js.org/" />
+	<test url="http://extraction.js.org/" />
+	<test url="http://facepalm.js.org/" />
+	<test url="http://farfetchd.js.org/" />
+	<test url="http://fariz.js.org/" />
+	<test url="http://faux.js.org/" />
+	<test url="http://fcbosque.js.org/" />
+	<test url="http://feeble.js.org/" />
+	<test url="http://fela.js.org/" />
+	<test url="http://festercluck.js.org/" />
+	<test url="http://filer.js.org/" />
+	<test url="http://filter.js.org/" />
+	<test url="http://finder.js.org/" />
+	<test url="http://fire-hydrant.js.org/" />
+	<test url="http://firenze.js.org/" />
+	<test url="http://fis.js.org/" />
+	<test url="http://five.js.org/" />
+	<test url="http://fld-grd.js.org/" />
+	<test url="http://flexmasonry.js.org/" />
+	<test url="http://flowchart.js.org/" />
+	<test url="http://fluxoff.js.org/" />
+	<test url="http://flybook.js.org/" />
+	<test url="http://fnx.js.org/" />
+	<test url="http://form.js.org/" />
+	<test url="http://formred.js.org/" />
+	<test url="http://fortune.js.org/" />
+	<test url="http://foxman.js.org/" />
+	<test url="http://freemarker.js.org/" />
+	<test url="http://freezer.js.org/" />
+	<test url="http://frint.js.org/" />
+	<test url="http://fritzbox.js.org/" />
+	<test url="http://frzr.js.org/" />
+	<test url="http://fs-nextra.js.org/" />
+	<test url="http://funbook.js.org/" />
+	<test url="http://fyi.js.org/" />
+	<test url="http://g.js.org/" />
+	<test url="http://gal.js.org/" />
+	<test url="http://gamedevcontestal.js.org/" />
+	<test url="http://gcse.js.org/" />
+	<test url="http://geekr.js.org/" />
+	<test url="http://genpasswd.js.org/" />
+	<test url="http://getlink.js.org/" />
+	<test url="http://getpinkr.js.org/" />
+	<test url="http://ghastly.js.org/" />
+	<test url="http://ghsamm.js.org/" />
+	<test url="http://giant-piano.js.org/" />
+	<test url="http://girls.js.org/" />
+	<test url="http://gka.js.org/" />
+	<test url="http://gol.js.org/" />
+	<test url="http://goodseller.js.org/" />
+	<test url="http://gotanda.js.org/" />
+	<test url="http://graphics2d.js.org/" />
+	<test url="http://grapnel.js.org/" />
+	<test url="http://greg.js.org/" />
+	<test url="http://grep.js.org/" />
+	<test url="http://gridiron.js.org/" />
+	<test url="http://gridsplit.js.org/" />
+	<test url="http://gruft.js.org/" />
+	<test url="http://guillotine.js.org/" />
+	<test url="http://guiseek.js.org/" />
+	<test url="http://gully.js.org/" />
+	<test url="http://gulpkit.js.org/" />
+	<test url="http://gun.js.org/" />
+	<test url="http://guuibayer.js.org/" />
+	<test url="http://gyps.js.org/" />
+	<test url="http://gyre.js.org/" />
+	<test url="http://h.js.org/" />
+	<test url="http://hack.js.org/" />
+	<test url="http://halil.js.org/" />
+	<test url="http://haloapi.js.org/" />
+	<test url="http://happy.js.org/" />
+	<test url="http://hask.js.org/" />
+	<test url="http://hay.js.org/" />
+	<test url="http://heartseekers.js.org/" />
+	<test url="http://hello.js.org/" />
+	<test url="http://hhao99.js.org/" />
+	<test url="http://hibiki.js.org/" />
+	<test url="http://hilo.js.org/" />
+	<test url="http://hk.js.org/" />
+	<test url="http://hoa.js.org/" />
+	<test url="http://hooloo.js.org/" />
+	<test url="http://human.js.org/" />
+	<test url="http://humanreadable.js.org/" />
+	<test url="http://hxxbit.js.org/" />
+	<test url="http://hyde.js.org/" />
+	<test url="http://hyf.js.org/" />
+	<test url="http://hyperapp.js.org/" />
+	<test url="http://hyperform.js.org/" />
+	<test url="http://i18n4v.js.org/" />
+	<test url="http://icecast.js.org/" />
+	<test url="http://ienumerable.js.org/" />
+	<test url="http://iffe.js.org/" />
+	<test url="http://igorsantana.js.org/" />
+	<test url="http://iio.js.org/" />
+	<test url="http://imagecapture.js.org/" />
+	<test url="http://immense.js.org/" />
+	<test url="http://immybox.js.org/" />
+	<test url="http://infinite-tree.js.org/" />
+	<test url="http://initial-wu.js.org/" />
+	<test url="http://inline-style-prefixer.js.org/" />
+	<test url="http://inscriptum.js.org/" />
+	<test url="http://instabousing.js.org/" />
+	<test url="http://invoicing.js.org/" />
+	<test url="http://ip-address.js.org/" />
+	<test url="http://is.js.org/" />
+	<test url="http://ishan.js.org/" />
+	<test url="http://isic.js.org/" />
+	<test url="http://islisp.js.org/" />
+	<test url="http://istanbul.js.org/" />
+	<test url="http://italia.js.org/" />
+	<test url="http://itsashis4u.js.org/" />
+	<test url="http://ivml.js.org/" />
+	<test url="http://j2p.js.org/" />
+	<test url="http://jacques.js.org/" />
+	<test url="http://jaibascript.js.org/" />
+	<test url="http://jakarta.js.org/" />
+	<test url="http://jakejarrett.js.org/" />
+	<test url="http://jalbertbowden.js.org/" />
+	<test url="http://james.js.org/" />
+	<test url="http://jargon.js.org/" />
+	<test url="http://javascript-kitchen.js.org/" />
+	<test url="http://jbone.js.org/" />
+	<test url="http://jets.js.org/" />
+	<test url="http://jet.js.org/" />
+	<test url="http://jinya.js.org/" />
+	<test url="http://jjlc.js.org/" />
+	<test url="http://jogja.js.org/" />
+	<test url="http://josep.js.org/" />
+	<test url="http://josuedanielbust.js.org/" />
+	<test url="http://jparticles.js.org/" />
+	<test url="http://jsessentials.js.org/" />
+	<test url="http://jsnippet.js.org/" />
+	<test url="http://json-schema-faker.js.org/" />
+	<test url="http://juancarlosqr.js.org/" />
+	<test url="http://julien.js.org/" />
+	<test url="http://jumpsuit.js.org/" />
+	<test url="http://junctions.js.org/" />
+	<test url="http://juno-106.js.org/" />
+	<test url="http://jus.js.org/" />
+	<test url="http://jwt-autorefresh.js.org/" />
+	<test url="http://kainy.js.org/" />
+	<test url="http://kalm.js.org/" />
+	<test url="http://karl.js.org/" />
+	<test url="http://karlbateman.js.org/" />
+	<test url="http://kcak11.js.org/" />
+	<test url="http://kdiacodes.js.org/" />
+	<test url="http://kea.js.org/" />
+	<test url="http://kelvinho.js.org/" />
+	<test url="http://kewitz.js.org/" />
+	<test url="http://keypress.js.org/" />
+	<test url="http://kilvin.js.org/" />
+	<test url="http://kite.js.org/" />
+	<test url="http://klasa.js.org/" />
+	<test url="http://knowyourbundle.js.org/" />
+	<test url="http://komada.js.org/" />
+	<test url="http://konstructor.js.org/" />
+	<test url="http://konsumer.js.org/" />
+	<test url="http://kyoto.js.org/" />
+	<test url="http://labelauty.js.org/" />
+	<test url="http://lambda.js.org/" />
+	<test url="http://languages.js.org/" />
+	<test url="http://lass.js.org/" />
+	<test url="http://latte.js.org/" />
+	<test url="http://laubstein.js.org/" />
+	<test url="http://leafless.js.org/" />
+	<test url="http://lean-stack.js.org/" />
+	<test url="http://leandro.js.org/" />
+	<test url="http://learnGitBranching.js.org/" />
+	<test url="http://leipzig.js.org/" />
+	<test url="http://leoj.js.org/" />
+	<test url="http://lessmd.js.org/" />
+	<test url="http://leste.js.org/" />
+	<test url="http://lifx.js.org/" />
+	<test url="http://liguori.js.org/" />
+	<test url="http://linghucong.js.org/" />
+	<test url="http://liveflow.js.org/" />
+	<test url="http://localsync.js.org/" />
+	<test url="http://logo.js.org/" />
+	<test url="http://loki.js.org/" />
+	<test url="http://loog.js.org/" />
+	<test url="http://lostyle.js.org/" />
+	<test url="http://lribeiro.js.org/" />
+	<test url="http://ls.js.org/" />
+	<test url="http://lychee.js.org/" />
+	<test url="http://m8bot.js.org/" />
+	<test url="http://madankumar.js.org/" />
+	<test url="http://magnet.js.org/" />
+	<test url="http://majestic.js.org/" />
+	<test url="http://maki.js.org/" />
+	<test url="http://marble.js.org/" />
+	<test url="http://marcosflorencio.js.org/" />
+	<test url="http://mark.js.org/" />
+	<test url="http://markdownify.js.org/" />
+	<test url="http://markmsmith.js.org/" />
+	<test url="http://markvis.js.org/" />
+	<test url="http://markvis-editor.js.org/" />
+	<test url="http://martin.js.org/" />
+	<test url="http://martingollogly.js.org/" />
+	<test url="http://marxist.js.org/" />
+	<test url="http://masha.js.org/" />
+	<test url="http://matthias-schuetz.js.org/" />
+	<test url="http://maxnachlinger.js.org/" />
+	<test url="http://maxtracking.js.org/" />
+	<test url="http://mc.js.org/" />
+	<test url="http://mde.js.org/" />
+	<test url="http://mechan.js.org/" />
+	<test url="http://medan.js.org/" />
+	<test url="http://mediainfo.js.org/" />
+	<test url="http://medit.js.org/" />
+	<test url="http://medium-header.js.org/" />
+	<test url="http://meethere.js.org/" />
+	<test url="http://meiosis.js.org/" />
+	<test url="http://melies-hugo.js.org/" />
+	<test url="http://melody.js.org/" />
+	<test url="http://mern.js.org/" />
+	<test url="http://mesh.js.org/" />
+	<test url="http://metadata.js.org/" />
+	<test url="http://metagon.js.org/" />
+	<test url="http://mf.js.org/" />
+	<test url="http://mics.js.org/" />
+	<test url="http://miguelsr.js.org/" />
+	<test url="http://milesgitgud.js.org/" />
+	<test url="http://mimic.js.org/" />
+	<test url="http://mina.js.org/" />
+	<test url="http://minesweeper.js.org/" />
+	<test url="http://mingjie.js.org/" />
+	<test url="http://mingyi.js.org/" />
+	<test url="http://minigrid.js.org/" />
+	<test url="http://mis101bird.js.org/" />
+	<test url="http://mithril-ja.js.org/" />
+	<test url="http://mithril.js.org/" />
+	<test url="http://mmcq.js.org/" />
+	<test url="http://mobx.js.org/" />
+	<test url="http://mockjs-lite.js.org/" />
+	<test url="http://modalizer.js.org/" />
+	<test url="http://modbot.js.org/" />
+	<test url="http://mog-script.js.org/" />
+	<test url="http://mohit.js.org/" />
+	<test url="http://mol.js.org/" />
+	<test url="http://molti.js.org/" />
+	<test url="http://mom.js.org/" />
+	<test url="http://momentum.js.org/" />
+	<test url="http://monkberry.js.org/" />
+	<test url="http://moose.js.org/" />
+	<test url="http://moro.js.org/" />
+	<test url="http://morocco.js.org/" />
+	<test url="http://motapc.js.org/" />
+	<test url="http://mpe.js.org/" />
+	<test url="http://mrn.js.org/" />
+	<test url="http://mrpluto.js.org/" />
+	<test url="http://mscgen.js.org/" />
+	<test url="http://msp430.js.org/" />
+	<test url="http://multiple.js.org/" />
+	<test url="http://murder.js.org/" />
+	<test url="http://muto.js.org/" />
+	<test url="http://mvc.js.org/" />
+	<test url="http://mvidalgarcia.js.org/" />
+	<test url="http://mw.js.org/" />
+	<test url="http://mythbusters.js.org/" />
+	<test url="http://n.js.org/" />
+	<test url="http://n-j-m.js.org/" />
+	<test url="http://nanimation.js.org/" />
+	<test url="http://naughtychecker.js.org/" />
+	<test url="http://nautilus.js.org/" />
+	<test url="http://ncms.js.org/" />
+	<test url="http://ncub8.js.org/" />
+	<test url="http://nearley.js.org/" />
+	<test url="http://nemaniarjun.js.org/" />
+	<test url="http://nemo.js.org/" />
+	<test url="http://neo4.js.org/" />
+	<test url="http://neutrino.js.org/" />
+	<test url="http://nflow.js.org/" />
+	<test url="http://ng-wig.js.org/" />
+	<test url="http://ngirc.js.org/" />
+	<test url="http://ngn.js.org/" />
+	<test url="http://ngspice.js.org/" />
+	<test url="http://nic.js.org/" />
+	<test url="http://nick.js.org/" />
+	<test url="http://nite.js.org/" />
+	<test url="http://nktx.js.org/" />
+	<test url="http://nod.js.org/" />
+	<test url="http://node-atlas.js.org/" />
+	<test url="http://node-browser_process.js.org/" />
+	<test url="http://nodegarden.js.org/" />
+	<test url="http://noflux.js.org/" />
+	<test url="http://noobscroll.js.org/" />
+	<test url="http://noted.js.org/" />
+	<test url="http://noteit.js.org/" />
+	<test url="http://notepad.js.org/" />
+	<test url="http://notibar.js.org/" />
+	<test url="http://novus.js.org/" />
+	<test url="http://npmer.js.org/" />
+	<test url="http://nsp.js.org/" />
+	<test url="http://nsptiles.js.org/" />
+	<test url="http://nvanthao.js.org/" />
+	<test url="http://nxse.js.org/" />
+	<test url="http://nyc.js.org/" />
+	<test url="http://objectmodel.js.org/" />
+	<test url="http://oec.js.org/" />
+	<test url="http://oib.js.org/" />
+	<test url="http://okan.js.org/" />
+	<test url="http://olivia.js.org/" />
+	<test url="http://omaha.js.org/" />
+	<test url="http://omega.js.org/" />
+	<test url="http://omer.js.org/" />
+	<test url="http://onebang.js.org/" />
+	<test url="http://onedesert.js.org/" />
+	<test url="http://ongaku.js.org/" />
+	<test url="http://onlineth.js.org/" />
+	<test url="http://opentype.js.org/" />
+	<test url="http://os.js.org/" />
+	<test url="http://osom.js.org/" />
+	<test url="http://pad.js.org/" />
+	<test url="http://pagination.js.org/" />
+	<test url="http://palette.js.org/" />
+	<test url="http://pamatcher.js.org/" />
+	<test url="http://pantarei.js.org/" />
+	<test url="http://panza.js.org/" />
+	<test url="http://paperclip.js.org/" />
+	<test url="http://paraiba.js.org/" />
+	<test url="http://parallel.js.org/" />
+	<test url="http://parametric-svg.js.org/" />
+	<test url="http://pas-ce-soir.js.org/" />
+	<test url="http://pastebin-alert.js.org/" />
+	<test url="http://pathtrace.js.org/" />
+	<test url="http://patternbase.js.org/" />
+	<test url="http://paul.js.org/" />
+	<test url="http://pdf.js.org/" />
+	<test url="http://pdfutils.js.org/" />
+	<test url="http://pdp-elements.js.org/" />
+	<test url="http://peekaboo.js.org/" />
+	<test url="http://pegboard.js.org/" />
+	<test url="http://pekanbaru.js.org/" />
+	<test url="http://penguin.js.org/" />
+	<test url="http://penn-sdk.js.org/" />
+	<test url="http://pentris.js.org/" />
+	<test url="http://perspective.js.org/" />
+	<test url="http://pguth.js.org/" />
+	<test url="http://pharaoh.js.org/" />
+	<test url="http://phobos.js.org/" />
+	<test url="http://photo-sphere-viewer.js.org/" />
+	<test url="http://picodom.js.org/" />
+	<test url="http://picsim.js.org/" />
+	<test url="http://piii.js.org/" />
+	<test url="http://pinf.js.org/" />
+	<test url="http://pipes.js.org/" />
+	<test url="http://pitermarx.js.org/" />
+	<test url="http://pivot.js.org/" />
+	<test url="http://pivottable.js.org/" />
+	<test url="http://pixelart.js.org/" />
+	<test url="http://plait.js.org/" />
+	<test url="http://plan.js.org/" />
+	<test url="http://planetx.js.org/" />
+	<test url="http://planisphere.js.org/" />
+	<test url="http://pliers.js.org/" />
+	<test url="http://pnpm.js.org/" />
+	<test url="http://pocketessential.js.org/" />
+	<test url="http://poegems.js.org/" />
+	<test url="http://pogo.js.org/" />
+	<test url="http://poi.js.org/" />
+	<test url="http://poke.js.org/" />
+	<test url="http://polished.js.org/" />
+	<test url="http://polythene.js.org/" />
+	<test url="http://popper.js.org/" />
+	<test url="http://porter.js.org/" />
+	<test url="http://positivebot.js.org/" />
+	<test url="http://post-type-discovery.js.org/" />
+	<test url="http://prettylog.js.org/" />
+	<test url="http://profanity-finder.js.org/" />
+	<test url="http://proteic.js.org/" />
+	<test url="http://pure.js.org/" />
+	<test url="http://qs.js.org/" />
+	<test url="http://querybuilder.js.org/" />
+	<test url="http://question.js.org/" />
+	<test url="http://quiz-app.js.org/" />
+	<test url="http://quiz-revamped.js.org/" />
+	<test url="http://ractive.js.org/" />
+	<test url="http://rad.js.org/" />
+	<test url="http://radial.js.org/" />
+	<test url="http://rafaelmangolin.js.org/" />
+	<test url="http://rag.js.org/" />
+	<test url="http://rahul.js.org/" />
+	<test url="http://rangeslider.js.org/" />
+	<test url="http://rate-limiter-api.js.org/" />
+	<test url="http://rdf.js.org/" />
+	<test url="http://react-atomic-ui.js.org/" />
+	<test url="http://react-autosuggest.js.org/" />
+	<test url="http://react-autowhatever.js.org/" />
+	<test url="http://react-chart.js.org/" />
+	<test url="http://react-charts.js.org/" />
+	<test url="http://react-controlled-form.js.org/" />
+	<test url="http://react-coroutine.js.org/" />
+	<test url="http://react-day-picker.js.org/" />
+	<test url="http://react-dropzone.js.org/" />
+	<test url="http://react-easy-swipe.js.org/" />
+	<test url="http://react-entanglement.js.org/" />
+	<test url="http://react-form.js.org/" />
+	<test url="http://react-hint.js.org/" />
+	<test url="http://react-move.js.org/" />
+	<test url="http://react-native-floating-labels.js.org/" />
+	<test url="http://react-pivottable.js.org/" />
+	<test url="http://react-responsive-carousel.js.org/" />
+	<test url="http://react-shared.js.org/" />
+	<test url="http://react-state.js.org/" />
+	<test url="http://react-story.js.org/" />
+	<test url="http://react-styleguidist.js.org/" />
+	<test url="http://react-table.js.org/" />
+	<test url="http://react-toulouse.js.org/" />
+	<test url="http://reactabular.js.org/" />
+	<test url="http://reactdesktop.js.org/" />
+	<test url="http://reactql.js.org/" />
+	<test url="http://reader.js.org/" />
+	<test url="http://realt.js.org/" />
+	<test url="http://realtime.js.org/" />
+	<test url="http://ream.js.org/" />
+	<test url="http://reassign.js.org/" />
+	<test url="http://rebatov.js.org/" />
+	<test url="http://rebem.js.org/" />
+	<test url="http://recycle.js.org/" />
+	<test url="http://redis.js.org/" />
+	<test url="http://redom.js.org/" />
+	<test url="http://reduce.js.org/" />
+	<test url="http://redux-actions.js.org/" />
+	<test url="http://redux-data-structures.js.org/" />
+	<test url="http://redux-minimal.js.org/" />
+	<test url="http://redux-observable.js.org/" />
+	<test url="http://redux-observable-cn.js.org/" />
+	<test url="http://redux-saga.js.org/" />
+	<test url="http://redux-tiles.js.org/" />
+	<test url="http://redux-undo.js.org/" />
+	<test url="http://redux-webpack-boilerplate.js.org/" />
+	<test url="http://redux.js.org/" />
+	<test url="http://reduxible.js.org/" />
+	<test url="http://refraction.js.org/" />
+	<test url="http://refujs.js.org/" />
+	<test url="http://rekit.js.org/" />
+	<test url="http://relate.js.org/" />
+	<test url="http://remark.js.org/" />
+	<test url="http://rene.js.org/" />
+	<test url="http://repackage.js.org/" />
+	<test url="http://request.js.org/" />
+	<test url="http://reshift.js.org/" />
+	<test url="http://restjs.js.org/" />
+	<test url="http://revaluate.js.org/" />
+	<test url="http://riklewis.js.org/" />
+	<test url="http://riotgear.js.org/" />
+	<test url="http://rishav.js.org/" />
+	<test url="http://risingstars2016.js.org/" />
+	<test url="http://rivki.js.org/" />
+	<test url="http://rmodal.js.org/" />
+	<test url="http://rock.js.org/" />
+	<test url="http://rocket.js.org/" />
+	<test url="http://rockjins.js.org/" />
+	<test url="http://roger.js.org/" />
+	<test url="http://rosmaro.js.org/" />
+	<test url="http://router-advanced.js.org/" />
+	<test url="http://rp.js.org/" />
+	<test url="http://ruhuman.js.org/" />
+	<test url="http://ruwan.js.org/" />
+	<test url="http://s3swa.js.org/" />
+	<test url="http://saadmir.js.org/" />
+	<test url="http://sagui.js.org/" />
+	<test url="http://saigon.js.org/" />
+	<test url="http://sam.js.org/" />
+	<test url="http://samlify.js.org/" />
+	<test url="http://samplyr.js.org/" />
+	<test url="http://sanctuary.js.org/" />
+	<test url="http://sandeepkhandewale.js.org/" />
+	<test url="http://sao.js.org/" />
+	<test url="http://sass.js.org/" />
+	<test url="http://saulosantiago.js.org/" />
+	<test url="http://savingthrow.js.org/" />
+	<test url="http://schisma.js.org/" />
+	<test url="http://scratch.js.org/" />
+	<test url="http://scrolledin.js.org/" />
+	<test url="http://sdk-design.js.org/" />
+	<test url="http://sean.js.org/" />
+	<test url="http://seatbelt.js.org/" />
+	<test url="http://sed.js.org/" />
+	<test url="http://seesaw.js.org/" />
+	<test url="http://segoe-mdl2-css.js.org/" />
+	<test url="http://select_io.js.org/" />
+	<test url="http://selectors.js.org/" />
+	<test url="http://selectric.js.org/" />
+	<test url="http://sendilkumarn.js.org/" />
+	<test url="http://seoul.js.org/" />
+	<test url="http://sequential.js.org/" />
+	<test url="http://serender.js.org/" />
+	<test url="http://serginator.js.org/" />
+	<test url="http://serializer.js.org/" />
+	<test url="http://service-mocker.js.org/" />
+	<test url="http://shaily.js.org/" />
+	<test url="http://shedali.js.org/" />
+	<test url="http://shortquery.js.org/" />
+	<test url="http://silfr.js.org/" />
+	<test url="http://silky.js.org/" />
+	<test url="http://siluna.js.org/" />
+	<test url="http://simulacra.js.org/" />
+	<test url="http://sirkit.js.org/" />
+	<test url="http://sizle.js.org/" />
+	<test url="http://skate.js.org/" />
+	<test url="http://skeptical-coder.js.org/" />
+	<test url="http://skx.js.org/" />
+	<test url="http://slang.js.org/" />
+	<test url="http://slideout.js.org/" />
+	<test url="http://slides.js.org/" />
+	<test url="http://slidey.js.org/" />
+	<test url="http://slim.js.org/" />
+	<test url="http://smoove.js.org/" />
+	<test url="http://sn0w.js.org/" />
+	<test url="http://social-likes-next.js.org/" />
+	<test url="http://social-likes.js.org/" />
+	<test url="http://solome.js.org/" />
+	<test url="http://sonny.js.org/" />
+	<test url="http://sox.js.org/" />
+	<test url="http://spaas.js.org/" />
+	<test url="http://spectragram.js.org/" />
+	<test url="http://spicdev.js.org/" />
+	<test url="http://spin.js.org/" />
+	<test url="http://spirare.js.org/" />
+	<test url="http://spiritual.js.org/" />
+	<test url="http://spreadsheet.js.org/" />
+	<test url="http://spritesheet.js.org/" />
+	<test url="http://spritewerk.js.org/" />
+	<test url="http://squeak.js.org/" />
+	<test url="http://sri.js.org/" />
+	<test url="http://stabs.js.org/" />
+	<test url="http://stack.js.org/" />
+	<test url="http://starratio.js.org/" />
+	<test url="http://staticinstance.js.org/" />
+	<test url="http://stats.js.org/" />
+	<test url="http://status.diamond.js.org/" />
+	<test url="http://stego.js.org/" />
+	<test url="http://stepan.js.org/" />
+	<test url="http://stephenmccall.js.org/" />
+	<test url="http://steven.js.org/" />
+	<test url="http://stockings.js.org/" />
+	<test url="http://storage.js.org/" />
+	<test url="http://storybook.js.org/" />
+	<test url="http://storybooks.js.org/" />
+	<test url="http://stress.js.org/" />
+	<test url="http://structure.js.org/" />
+	<test url="http://stuck.js.org/" />
+	<test url="http://style.js.org/" />
+	<test url="http://styled-css-grid.js.org/" />
+	<test url="http://styletron.js.org/" />
+	<test url="http://stylis.js.org/" />
+	<test url="http://sudarshan.js.org/" />
+	<test url="http://sub.js.org/" />
+	<test url="http://sudoku.js.org/" />
+	<test url="http://sulky.js.org/" />
+	<test url="http://sunsistemo.js.org/" />
+	<test url="http://super-trim.js.org/" />
+	<test url="http://supernova.js.org/" />
+	<test url="http://svelteui.js.org/" />
+	<test url="http://sweetalert.js.org/" />
+	<test url="http://switchit.js.org/" />
+	<test url="http://synth.js.org/" />
+	<test url="http://shd.js.org/" />
+	<test url="http://tagster.js.org/" />
+	<test url="http://talker.js.org/" />
+	<test url="http://tap-flux.js.org/" />
+	<test url="http://tapestry-wp.js.org/" />
+	<test url="http://tara.js.org/" />
+	<test url="http://tart.js.org/" />
+	<test url="http://taskata.js.org/" />
+	<test url="http://techfest.js.org/" />
+	<test url="http://telaviv.js.org/" />
+	<test url="http://telegraf.js.org/" />
+	<test url="http://temple.js.org/" />
+	<test url="http://tequila.js.org/" />
+	<test url="http://terminal.js.org/" />
+	<test url="http://textillate.js.org/" />
+	<test url="http://texy.js.org/" />
+	<test url="http://thea.js.org/" />
+	<test url="http://thegrid.js.org/" />
+	<test url="http://themoviedb.js.org/" />
+	<test url="http://thundercats.js.org/" />
+	<test url="http://timeout.js.org/" />
+	<test url="http://timerizer.js.org/" />
+	<test url="http://tint.js.org/" />
+	<test url="http://tinylinux.js.org/" />
+	<test url="http://toad.js.org/" />
+	<test url="http://tokyo.js.org/" />
+	<test url="http://tori.js.org/" />
+	<test url="http://torino.js.org/" />
+	<test url="http://torlondev.js.org/" />
+	<test url="http://tp.js.org/" />
+	<test url="http://trace.js.org/" />
+	<test url="http://transposer.js.org/" />
+	<test url="http://treviso.js.org/" />
+	<test url="http://trevorgk.js.org/" />
+	<test url="http://trilogy.js.org/" />
+	<test url="http://troxel.js.org/" />
+	<test url="http://try-catch-finally.js.org/" />
+	<test url="http://ts-react-boilerplate.js.org/" />
+	<test url="http://ts2jsdoc.js.org/" />
+	<test url="http://tsfp.js.org/" />
+	<test url="http://tux.js.org/" />
+	<test url="http://tweed.js.org/" />
+	<test url="http://tweetnacl.js.org/" />
+	<test url="http://two.js.org/" />
+	<test url="http://tydel.js.org/" />
+	<test url="http://typeahead.js.org/" />
+	<test url="http://u.js.org/" />
+	<test url="http://uav.js.org/" />
+	<test url="http://udnisap.js.org/" />
+	<test url="http://ukazap.js.org/" />
+	<test url="http://ulog.js.org/" />
+	<test url="http://ultcombo.js.org/" />
+	<test url="http://uneditable.js.org/" />
+	<test url="http://unexpected.js.org/" />
+	<test url="http://uni.js.org/" />
+	<test url="http://upresent.js.org/" />
+	<test url="http://utscrooms.js.org/" />
+	<test url="http://uuid.js.org/" />
+	<test url="http://uvcharts.js.org/" />
+	<test url="http://vaguilar.js.org/" />
+	<test url="http://valentin.js.org/" />
+	<test url="http://validator.js.org/" />
+	<test url="http://valine.js.org/" />
+	<test url="http://vanessa.js.org/" />
+	<test url="http://vanilla.js.org/" />
+	<test url="http://vbuild.js.org/" />
+	<test url="http://verifyr.js.org/" />
+	<test url="http://vico.js.org/" />
+	<test url="http://video-react.js.org/" />
+	<test url="http://vinimdocarmo.js.org/" />
+	<test url="http://viperhtml.js.org/" />
+	<test url="http://visualnovel.js.org/" />
+	<test url="http://vk-x.js.org/" />
+	<test url="http://vncz.js.org/" />
+	<test url="http://voloshins.js.org/" />
+	<test url="http://vorpal.js.org/" />
+	<test url="http://voxelcss.js.org/" />
+	<test url="http://vscode-apielements.js.org/" />
+	<test url="http://vue-land.js.org/" />
+	<test url="http://vue-mdc.js.org/" />
+	<test url="http://vue-roast.js.org/" />
+	<test url="http://vuelog.js.org/" />
+	<test url="http://vuikit.js.org/" />
+	<test url="http://vuongdothanhhuy.js.org/" />
+	<test url="http://wanna.js.org/" />
+	<test url="http://wargamer.js.org/" />
+	<test url="http://warnbot.js.org/" />
+	<test url="http://warrior.js.org/" />
+	<test url="http://watch.js.org/" />
+	<test url="http://wayou.js.org/" />
+	<test url="http://weaver.js.org/" />
+	<test url="http://webpack.js.org/" />
+	<test url="http://weekly.js.org/" />
+	<test url="http://wiki.js.org/" />
+	<test url="http://within.js.org/" />
+	<test url="http://wooyun.js.org/" />
+	<test url="http://wordywordy.js.org/" />
+	<test url="http://wwb.js.org/" />
+	<test url="http://wyfe.js.org/" />
+	<test url="http://xn--z7h.js.org/" />
+	<test url="http://xprmntl.js.org/" />
+	<test url="http://xto6.js.org/" />
+	<test url="http://xtype.js.org/" />
+	<test url="http://y86.js.org/" />
+	<test url="http://yagolopez.js.org/" />
+	<test url="http://yah.js.org/" />
+	<test url="http://yamdbf.js.org/" />
+	<test url="http://yargs.js.org/" />
+	<test url="http://youtim.js.org/" />
+	<test url="http://youtube-box.js.org/" />
+	<test url="http://zanyuyu.js.org/" />
+	<test url="http://zazu.js.org/" />
+	<test url="http://zeit.js.org/" />
+	<test url="http://zodiac.js.org/" />
+	<test url="http://zombie.js.org/" />
+</ruleset>
diff --git a/src/chrome/content/rules/JSBi.org.xml b/src/chrome/content/rules/JSBi.org.xml
new file mode 100644
index 000000000000..54f8de8e7547
--- /dev/null
+++ b/src/chrome/content/rules/JSBi.org.xml
@@ -0,0 +1,17 @@
+<!--
+	NB: Server sends no certificate chain, see https://whatsmychaincert.com
+
+-->
+<ruleset name="JSBi.org" default_off="cert-chain">
+
+	<target host="jsbi.org" />
+	<target host="www.jsbi.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/JSC-VTB-Bank.xml b/src/chrome/content/rules/JSC-VTB-Bank.xml
index 14eb464449c4..780ad1bd5bd4 100644
--- a/src/chrome/content/rules/JSC-VTB-Bank.xml
+++ b/src/chrome/content/rules/JSC-VTB-Bank.xml
@@ -1,22 +1,50 @@
-<ruleset name="JSC VTB Bank (partial)" default_off="expired, mismatch">
+<!--
+	Other VTB Group rulesets:
 
+		- VTB.com.xml
+		- VTB_Russia.ru.xml
+
+
+	Problematic hosts in *vtb.ru:
+
+		- m *
+
+	* Mismatched
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- m.vtb.ru
+		- .m.vtb.ru
+
+
+	Mixed content:
+
+		- Bugs on m, www from ([\da-f]{2}\.){4}top.mail.ru *
+
+	* Secured by us
+
+-->
+<ruleset name="VTB.ru (partial)">
+
+	<!--	Direct rewrites:
+				-->
 	<target host="vtb.ru"/>
-	<!--	* for cross-domain cookie	-->
-	<target host="*.vtb.ru"/>
-	<!--	cert: www.vtb.ru	-->
-	<target host="vtbrussia.ru"/>
-	<!--	* for cross-domain cookie	-->
-	<target host="*.vtbrussia.ru"/>
-
-	<securecookie host="^\.vtb(russia)?\.ru$" name=".*"/>
-
-	<!--	cert doesn't match .com
-		pages are different from .ru	-->
-	<rule from="^http://www\.vtb\.com/(bitrix/(components|images|js|templates)|upload)/"
-		to="https://www.vtb.ru/$1/"/>
-
-	<!--	cert doesn't match !www		-->
-	<rule from="^http://(?:www\.)?vtb\.ru/"
-		to="https://www.vtb.ru/"/>
+	<!--target host="m.vtb.ru"/-->
+	<target host="www.vtb.ru"/>
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.vtb\.ru$" name="^(?:_LAT|_LNG|CITY_IP|GLOBAL_CITY_NAME|PHPSESSID)$"/-->
+	<!--securecookie host="^m\.vtb\.ru$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^\.m\.vtb\.ru$" name="^CITY_IP$" /-->
+	<!--securecookie host="^www\.vtb\.ru$" name="^PHPSESSID$" /-->
+
+	<securecookie host=".*\.vtb\.ru$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/JSEcoin.com.xml b/src/chrome/content/rules/JSEcoin.com.xml
new file mode 100644
index 000000000000..573236bdc924
--- /dev/null
+++ b/src/chrome/content/rules/JSEcoin.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="JSEcoin.com">
+	<target host="jsecoin.com" />
+	<target host="www.jsecoin.com" />
+	<target host="api.jsecoin.com" />
+	<target host="load.jsecoin.com" />
+	<target host="platform.jsecoin.com" />
+	<target host="server.jsecoin.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/JSON-Schema.org.xml b/src/chrome/content/rules/JSON-Schema.org.xml
new file mode 100644
index 000000000000..43f54afecee8
--- /dev/null
+++ b/src/chrome/content/rules/JSON-Schema.org.xml
@@ -0,0 +1,13 @@
+<!--
+	Mismatch:
+		www.json-schema.org
+-->
+<ruleset name="JSON-Schema.org">
+	<target host="json-schema.org" />
+	<target host="www.json-schema.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://www\.json-schema\.org/" to="https://json-schema.org/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/JSON_Resume.org.xml b/src/chrome/content/rules/JSON_Resume.org.xml
new file mode 100644
index 000000000000..dddfad8a193c
--- /dev/null
+++ b/src/chrome/content/rules/JSON_Resume.org.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .jsonresume.org
+
+-->
+<ruleset name="JSON Resume.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="jsonresume.org" />
+	<target host="www.jsonresume.org" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.jsonresume\.org$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.jsonresume\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/JSTOR.org.xml b/src/chrome/content/rules/JSTOR.org.xml
new file mode 100644
index 000000000000..7a1a7b3264be
--- /dev/null
+++ b/src/chrome/content/rules/JSTOR.org.xml
@@ -0,0 +1,75 @@
+<!--
+	Redirect to http:
+		about.jstor.org
+		books.jstor.org
+		disciplines.jstor.org
+		jatest.jstor.org
+		stats.jstor.org
+		teach.jstor.org
+
+	Bad certificate:
+		de.about.jstor.org
+		es.about.jstor.org
+		guides.jstor.org
+		gear.jstor.org
+		www.plants.jstor.org
+
+	No working URL known:
+		auctioncatalogs.jstor.org
+		beetle.jstor.org
+		cdn.jstor.org
+		beacon.cdn.jstor.org
+		cicada.jstor.org
+		purchase.cicada.jstor.org
+		cip-stable.jstor.org
+		cricket.jstor.org
+		www.cspbugtracker.jstor.org
+		www.daily.jstor.org
+		www.jira.jstor.org
+		measure.jstor.org
+		mobile.jstor.org (400)
+		omega.jstor.org
+		owa.jstor.org
+		phoenix.jstor.org
+		psimg.jstor.org
+		pubexchange.jstor.org
+		sandbox.jstor.org
+		secure.jstor.org
+		vendors.jstor.org
+
+	Refused:
+		purchase.bookworm.jstor.org
+		click.jstor.org
+		dbrowser.jstor.org
+		dfr.jstor.org
+		jpass.jstor.org
+		lists.jstor.org
+		widgets.jstor.org
+
+	Broken certificate chain:
+		jira.jstor.org
+
+	Secure connection failed:
+		purchase.jstor.org
+
+-->
+<ruleset name="JSTOR (partial)">
+
+	<target host="jstor.org" />
+	<target host="www.jstor.org" />
+	<target host="ja.jstor.org" />
+	<target host="support.jstor.org" />
+	<target host="botany101.jstor.org" />
+	<target host="cspbugtracker.jstor.org" />
+	<target host="daily.jstor.org" />
+	<target host="docs.jstor.org" />
+	<target host="firefly.jstor.org" />
+	<target host="labs.jstor.org" />
+	<target host="links.jstor.org" />
+	<target host="logon.jstor.org" />
+	<target host="plants.jstor.org" />
+	<target host="researchbasics.jstor.org" />
+
+	<rule from="^http:"	to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/JSTOR.xml b/src/chrome/content/rules/JSTOR.xml
deleted file mode 100644
index ecb69c761c59..000000000000
--- a/src/chrome/content/rules/JSTOR.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<ruleset name="JSTOR (partial)">
-
-	<target host="jstor.org" />
-	<target host="*.jstor.org" />
-
-
-	<!--	Cert only matches www.
-					-->
-	<rule from="^http://(?:www\.)?jstor\.org/((?:abs|betasearch/static|jawr|jawrcss|literatum|sda|stable|templates|userimages)/|action/(?:myJstorSettings|registration|show(?:Login|RegistrationUpdate))|rx(?:$|\?))"
-		to="https://www.jstor.org/$1" />
-
-	<rule from="^http://about\.jstor\.org/(modul|sit)es/"
-		to="https://about.jstor.org/$1es/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/JSXC.org.xml b/src/chrome/content/rules/JSXC.org.xml
new file mode 100644
index 000000000000..c7f4aa4457d5
--- /dev/null
+++ b/src/chrome/content/rules/JSXC.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="JSXC.org">
+	<target host="jsxc.org" />
+	<target host="www.jsxc.org" />
+	<target host="dl.jsxc.org" />
+	<target host="xmpp.jsxc.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/JSaO.io.xml b/src/chrome/content/rules/JSaO.io.xml
new file mode 100644
index 000000000000..dae786029cac
--- /dev/null
+++ b/src/chrome/content/rules/JSaO.io.xml
@@ -0,0 +1,12 @@
+<ruleset name="JSaO.io">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="jsao.io" />
+	<target host="www.jsao.io" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/JUA.com.xml b/src/chrome/content/rules/JUA.com.xml
new file mode 100644
index 000000000000..c1819c7b80dc
--- /dev/null
+++ b/src/chrome/content/rules/JUA.com.xml
@@ -0,0 +1,39 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.jua.com/ => https://www.jua.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.jua.com'")
+Fetch error: http://jua.com/ => https://www.jua.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.jua.com'")
+
+	^: Dropped
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.jua.com
+
+-->
+<ruleset name="JUA.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.jua.com" />
+
+	<!--	Complications:
+				-->
+	<target host="jua.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.jua\.com$" name="^__jsluid$" /-->
+
+	<securecookie host="^www\.jua\.com$" name=".+" />
+
+
+	<rule from="^http://jua\.com/"
+		to="https://www.jua.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/JUCY-New-Zealand.xml b/src/chrome/content/rules/JUCY-New-Zealand.xml
new file mode 100644
index 000000000000..4d439edf0085
--- /dev/null
+++ b/src/chrome/content/rules/JUCY-New-Zealand.xml
@@ -0,0 +1,28 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://jucy.co.nz/ => https://jucy.co.nz/: (51, "SSL: no alternative certificate subject name matches target host name 'jucy.co.nz'")
+
+	Non-functional domains:
+		- jucy.co.nz
+			- blog		(¹, CN: zoe.hosts.net.nz, www.zoe.hosts.net.nz)
+			- news		(¹, CN: zoe.hosts.net.nz, www.zoe.hosts.net.nz)
+			- deals		(timeout)
+
+		- (www.)jucytrade.com		(¹, CN: *.websitewelcome.com, websitewelcome.com)
+		- (www.)jucysnooze.co.nz	(connection refused)
+
+	¹ Hostname mismatch
+-->
+<ruleset name="JUCY New Zealand" default_off="failed ruleset test">
+	<target host=         "jucy.co.nz" />
+	<target host=     "www.jucy.co.nz" />
+	<target host="bookings.jucy.co.nz" />
+	<target host=    "jucycruize.co.nz" />
+	<target host="www.jucycruize.co.nz" />
+
+  	<securecookie host="^.*\.jucy(cruize)?\.co\.nz$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/JUKI.xml b/src/chrome/content/rules/JUKI.xml
index 7f90d2a30546..5b58ab1e9c89 100644
--- a/src/chrome/content/rules/JUKI.xml
+++ b/src/chrome/content/rules/JUKI.xml
@@ -7,7 +7,6 @@
 	<target host="www.juki.co.jp" />
 
 
-	<rule from="^http://www\.juki\.co\.jp/"
-		to="https://www.juki.co.jp/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/JULAC.org.xml b/src/chrome/content/rules/JULAC.org.xml
new file mode 100644
index 000000000000..7fc41f4f3bbc
--- /dev/null
+++ b/src/chrome/content/rules/JULAC.org.xml
@@ -0,0 +1,11 @@
+<!--
+	The Joint University Librarians Advisory Committee (JULAC)
+-->
+<ruleset name="JULAC.org">
+	<target host="julac.org" />
+	<target host="www.julac.org" />
+	<target host="hkall.julac.org" />
+	<target host="hkcan.julac.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/JVN.jp.xml b/src/chrome/content/rules/JVN.jp.xml
index cd75a8e82a6c..475de83b20fd 100644
--- a/src/chrome/content/rules/JVN.jp.xml
+++ b/src/chrome/content/rules/JVN.jp.xml
@@ -1,5 +1,5 @@
 <ruleset name="JVN.jp">
   <target host="jvn.jp"/>
 
-  <rule from="^http://jvn\.jp/" to="https://jvn.jp/"/>
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/JWChat.org.xml b/src/chrome/content/rules/JWChat.org.xml
new file mode 100644
index 000000000000..c397259d44c8
--- /dev/null
+++ b/src/chrome/content/rules/JWChat.org.xml
@@ -0,0 +1,18 @@
+<!--
+	Server sends no certificate chain *
+
+	* See https://whatsmychaincert.com
+
+-->
+<ruleset name="JWChat.org" default_off="cert-chain">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="jwchat.org" />
+	<target host="www.jwchat.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/JW_Platform.com.xml b/src/chrome/content/rules/JW_Platform.com.xml
new file mode 100644
index 000000000000..28abd809a2c4
--- /dev/null
+++ b/src/chrome/content/rules/JW_Platform.com.xml
@@ -0,0 +1,22 @@
+<!--
+	For other LongTail coverage, see LongTail.xml.
+
+-->
+<ruleset name="JW Platform.com (partial)">
+	<target host="jwplatform.com"/>
+	<target host="www.jwplatform.com"/>
+	<target host="api.jwplatform.com"/>
+	<target host="content.jwplatform.com"/>
+	<!--CORS issues, see:
+	https://github.com/EFForg/https-everywhere/issues/4531
+	https://github.com/EFForg/https-everywhere/issues/14464	-->
+	<exclusion pattern="^http://content\.jwplatform\.com/jw6/[\w-]+\.xml"/>
+		<test url="http://content.jwplatform.com/jw6/IMHaCkVN.xml"/>
+		<test url="http://content.jwplatform.com/jw6/g4dnDa9E.xml"/>
+	<exclusion pattern="^http://content\.jwplatform\.com/manifests/"/>
+		<test url="http://content.jwplatform.com/manifests/yDPBPpwH.m3u8"/>
+	<exclusion pattern="^http://content\.jwplatform\.com/feeds/"/>
+		<test url="http://content.jwplatform.com/feeds/HMWyETmK.json"/>
+
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/JXT.net.au.xml b/src/chrome/content/rules/JXT.net.au.xml
index 304c7fd859e9..f3159600c79f 100644
--- a/src/chrome/content/rules/JXT.net.au.xml
+++ b/src/chrome/content/rules/JXT.net.au.xml
@@ -1,9 +1,12 @@
+<!--
+Automatically by https-everywhere-checker because:
+Fetch error: http://images.jxt.net.au/ => https://images.jxt.net.au/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+-->
 <ruleset name="JXT.net.au (partial)">
 
 	<target host="images.jxt.net.au" />
 
 
-	<rule from="^http://images\.jxt\.net\.au/"
-		to="https://images.jxt.net.au/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/J_Deslippe.com.xml b/src/chrome/content/rules/J_Deslippe.com.xml
index 96a65bd276c1..a499d9be57ed 100644
--- a/src/chrome/content/rules/J_Deslippe.com.xml
+++ b/src/chrome/content/rules/J_Deslippe.com.xml
@@ -1,8 +1,16 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://jdeslippe.com/ => https://www.jdeslippe.com/: (35, 'Unknown SSL protocol error in connection to www.jdeslippe.com:443 ')
+Fetch error: http://www.jdeslippe.com/ => https://www.jdeslippe.com/: (35, 'Unknown SSL protocol error in connection to www.jdeslippe.com:443 ')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://jdeslippe.com/ => https://www.jdeslippe.com/: (35, 'Unknown SSL protocol error in connection to www.jdeslippe.com:443 ')
+Fetch error: http://www.jdeslippe.com/ => https://www.jdeslippe.com/: (35, 'Unknown SSL protocol error in connection to www.jdeslippe.com:443 ')
 	^: mismatched, CN: jdeslip.com
 
 -->
-<ruleset name="J Deslippe.com">
+<ruleset name="J Deslippe.com" default_off="failed ruleset test">
 
 	<target host="jdeslippe.com" />
 	<target host="www.jdeslippe.com" />
diff --git a/src/chrome/content/rules/J_Halderm.com.xml b/src/chrome/content/rules/J_Halderm.com.xml
deleted file mode 100644
index a1a7ea4db7ee..000000000000
--- a/src/chrome/content/rules/J_Halderm.com.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="J Halderm.com">
-
-	<target host="jhalderm.com" />
-	<target host="*.jhalderm.com" />
-
-
-	<rule from="^http://(pad\.|www\.)?jhalderm\.com/"
-		to="https://$1jhalderm.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/JabRef.org.xml b/src/chrome/content/rules/JabRef.org.xml
new file mode 100644
index 000000000000..7e3329847725
--- /dev/null
+++ b/src/chrome/content/rules/JabRef.org.xml
@@ -0,0 +1,29 @@
+<!--
+	Connection refused:
+		- imap
+		- ipv6
+		- mysql
+		- pop
+		- smtp
+-->
+<ruleset name="JabRef.org">
+	<target host="jabref.org" />
+	<target host="www.jabref.org" />
+	<target host="abbrv.jabref.org" />
+	<target host="blog.jabref.org" />
+	<target host="builds.jabref.org" />
+	<target host="code.jabref.org" />
+	<target host="contribute.jabref.org" />
+	<target host="discourse.jabref.org" />
+	<target host="donations.jabref.org" />
+	<target host="downloads.jabref.org" />
+	<target host="files.jabref.org" />
+	<target host="help.jabref.org" />
+	<target host="jabcon.jabref.org" />
+	<target host="jstyles.jabref.org" />
+	<target host="layouts.jabref.org" />
+	<target host="manuals.jabref.org" />
+	<target host="translate.jabref.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/JabbR.net.xml b/src/chrome/content/rules/JabbR.net.xml
new file mode 100644
index 000000000000..8899cb01c721
--- /dev/null
+++ b/src/chrome/content/rules/JabbR.net.xml
@@ -0,0 +1,24 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://jabbr.net/ => https://jabbr.net/: (51, "SSL: no alternative certificate subject name matches target host name 'jabbr.net'")
+
+	www doesn't exist.
+
+-->
+<ruleset name="JabbR.net" default_off="failed ruleset test">
+
+	<target host="jabbr.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^jabbr\.net$" name="^NCSRF$" /-->
+	<!--securecookie host="^\.jabbr\.net$" name="^ARRAffinity$" /-->
+
+	<securecookie host="^\.?jabbr\.net$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Jabber.at.xml b/src/chrome/content/rules/Jabber.at.xml
deleted file mode 100644
index 6838e788e40d..000000000000
--- a/src/chrome/content/rules/Jabber.at.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="Jabber.at">
-  <target host="jabber.at" />
-  <target host="www.jabber.at" />
-
-  <rule from="^http://(www\.)?jabber\.at/" to="https://jabber.at/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Jabber.dk.xml b/src/chrome/content/rules/Jabber.dk.xml
new file mode 100644
index 000000000000..ebf2d9ce92a0
--- /dev/null
+++ b/src/chrome/content/rules/Jabber.dk.xml
@@ -0,0 +1,7 @@
+<ruleset name="Jabber.dk">
+	<target host="jabber.dk" />
+	<target host="www.jabber.dk" />
+
+	<rule from="^http:"
+		to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/Jabber.no.xml b/src/chrome/content/rules/Jabber.no.xml
new file mode 100644
index 000000000000..a4318181b3ce
--- /dev/null
+++ b/src/chrome/content/rules/Jabber.no.xml
@@ -0,0 +1,9 @@
+<ruleset name="Jabber.no">
+
+	<target host="jabber.no" />
+	<target host="www.jabber.no" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Jabber.org.uk.xml b/src/chrome/content/rules/Jabber.org.uk.xml
new file mode 100644
index 000000000000..24f1fc232dd0
--- /dev/null
+++ b/src/chrome/content/rules/Jabber.org.uk.xml
@@ -0,0 +1,18 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://jabber.org.uk/ => https://jabber.org.uk/: (7, 'Failed to connect to jabber.org.uk port 443: Connection refused')
+
+-->
+<ruleset name="jabber.org.uk" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="jabber.org.uk" />
+	<target host="www.jabber.org.uk" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Jabber.org.xml b/src/chrome/content/rules/Jabber.org.xml
new file mode 100644
index 000000000000..5aa4718036ef
--- /dev/null
+++ b/src/chrome/content/rules/Jabber.org.xml
@@ -0,0 +1,25 @@
+<!--
+	Nonfunctional hosts in *.jabber.org:
+
+	certificate mismatch:
+	    - archive.jabber.org
+	    - etherx.jabber.org
+	    - status.jabber.org
+	connection refused:
+	    - ns3.jabber.org
+	timeout on https:
+	    - logs.jabber.org
+-->
+<ruleset name="Jabber.org">
+	<target host="jabber.org" />
+	<target host="www.jabber.org" />
+	<target host="atlas.jabber.org" />
+	<target host="conference.jabber.org" />
+	<target host="mail.jabber.org" />
+	<target host="mailman.jabber.org" />
+	<target host="planet.jabber.org" />
+	<target host="register.jabber.org" />
+	<target host="static.jabber.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Jabber.ru.xml b/src/chrome/content/rules/Jabber.ru.xml
index 98ce854cc1ba..3268fccdfa96 100644
--- a/src/chrome/content/rules/Jabber.ru.xml
+++ b/src/chrome/content/rules/Jabber.ru.xml
@@ -2,35 +2,39 @@
 	Nonfunctional subdomains:
 
 		- chatlogs	(times out)
+		- jc ²
 		- js
+		- lists *
 		- stats		(times out)
+		- yo ³
 
--->
-<ruleset name="Jabber.ru (partial)">
+	* Prints tree
+	² Refused
+	³ Prints "It works!"; mismatched, CN: www.jabber.ru
+
+
+	www.jabber.ru: 	Expired
 
-	<target host="jabber.ru" />
-	<target host="*.jabber.ru" />
 
+	Mixed content:
 
-	<!--	Cookie set by reg page and
-		not what is normally on www.	-->
-	<securecookie host="^www\.jabber\.ru$" name="^PHPSESSID$" />
+		- css on www from fonts.googleapis.com *
 
+	* Secured by us
+
+-->
+<ruleset name="Jabber.ru (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="jabber.ru" />
+	<!--target host="www.jabber.ru" /-->
 
-	<!--	!www times out.	-->
-	<rule from="^https?://jabber\.ru/"
-		to="https://www.jabber.ru/" />
 
-	<rule from="^http://www\.jabber\.ru/(favicon\.ico|misc|modules|themes)/"
-		to="https://www.jabber.ru/$1/" />
+	<!--securecookie host="^www\.jabber\.ru$" name="^PHPSESSID$" /-->
 
-	<!--	Cert doesn't match reg,
-		most data appear to be on www.	-->
-	<rule from="^http://reg\.jabber\.ru/"
-		to="https://reg.jabber.ru/" />
 
-	<!--	Not on www.	-->
-	<rule from="^https://www\.jabber\.ru/xreg/captcha/"
-		to="http://reg.jabber.ru/xreg/captcha/" downgrade="1" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/JabberES.org.xml b/src/chrome/content/rules/JabberES.org.xml
new file mode 100644
index 000000000000..72193e5266f9
--- /dev/null
+++ b/src/chrome/content/rules/JabberES.org.xml
@@ -0,0 +1,34 @@
+<!--
+	^jabberes.org: Plaintext reply
+
+
+	Insecure cookies are set for these domains:
+
+		- .jabberes.org
+
+
+	Mixed content:
+
+		- Bug from creativecommons.org *
+
+	* Secured by us
+
+-->
+<ruleset name="JabberES.org (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.jabberes.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.jabberes\.org$" name="^SESS[\da-f]{32}$" /-->
+
+	<securecookie host="^\.jabberes\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Jabbi.pl.xml b/src/chrome/content/rules/Jabbi.pl.xml
new file mode 100644
index 000000000000..5dcef098c5f6
--- /dev/null
+++ b/src/chrome/content/rules/Jabbi.pl.xml
@@ -0,0 +1,46 @@
+<!--
+	Problematic hosts:
+
+		- (www.)? *
+		- client ²
+
+	¹ Server sends no certificate chain, see https://whatsmychaincert.com
+	² Expired
+
+
+	Fully covered hosts:
+
+		- (www.)?
+		- client
+		- host1
+
+
+	Insecure cookies are set for these hosts:
+
+		- jabbi.pl
+		- client.jabbi.pl
+		- www.jabbi.pl
+
+-->
+<ruleset name="Jabbi.pl" default_off="expired, missing certificate chain">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="jabbi.pl" />
+	<target host="client.jabbi.pl" />
+	<target host="host1.jabbi.pl" />
+	<target host="www.jabbi.pl" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--ssecurecookie host="^(www\.)?jabbi\.pl$" name="^_icl_current_language$" /-->
+	<!--ssecurecookie host="^client\.jabbi\.pl$" name="^jappix_mode$" /-->
+
+	<securecookie host="^(?:client\.|www\.)?jabbi\.pl$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Jack-and-Jill-Childrens-Foundation.xml b/src/chrome/content/rules/Jack-and-Jill-Childrens-Foundation.xml
index f1773f48f469..b55fd797bceb 100644
--- a/src/chrome/content/rules/Jack-and-Jill-Childrens-Foundation.xml
+++ b/src/chrome/content/rules/Jack-and-Jill-Childrens-Foundation.xml
@@ -6,7 +6,7 @@
 	<target host="jackandjillraffle.org" />
 	<target host="www.jackandjillraffle.org" />
 
-	<rule from="^http://(www\.)?jackandjill\.ie/" to="https://www.jackandjill.ie/" />
-	<rule from="^http://(www\.)?jackandjillraffle\.org/" to="https://www.jackandjillraffle.org/" />
-	<rule from="^https?://(www\.)?jackandjillraffle\.com/" to="https://www.jackandjillraffle.org/" />
-</ruleset>
\ No newline at end of file
+	<rule from="^http://(?:www\.)?jackandjill\.ie/" to="https://www.jackandjill.ie/" />
+	<rule from="^http://(?:www\.)?jackandjillraffle\.org/" to="https://www.jackandjillraffle.org/" />
+	<rule from="^http://(?:www\.)?jackandjillraffle\.com/" to="https://www.jackandjillraffle.org/" />
+</ruleset>
diff --git a/src/chrome/content/rules/Jack_Imaging.com.xml b/src/chrome/content/rules/Jack_Imaging.com.xml
new file mode 100644
index 000000000000..2bdf03dc6057
--- /dev/null
+++ b/src/chrome/content/rules/Jack_Imaging.com.xml
@@ -0,0 +1,26 @@
+<!--
+	CDN buckets:
+
+		- d2si6vzga8sezn.cloudfront.net
+
+			- cdn
+
+
+	(www.): refused
+
+-->
+<ruleset name="Jack Imaging.com">
+
+	<target host="jackimaging.com" />
+	<target host="beta.jackimaging.com" />
+	<target host="www.jackimaging.com" />
+	<target host="cdn.jackimaging.com" />
+
+
+	<rule from="^http://(?:beta\.|www\.)?jackimaging\.com/"
+		to="https://beta.jackimaging.com/" />
+
+	<rule from="^http://cdn\.jackimaging\.com/"
+		to="https://d2si6vzga8sezn.cloudfront.net/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Jackpot_Millions.com.xml b/src/chrome/content/rules/Jackpot_Millions.com.xml
new file mode 100644
index 000000000000..0b92a364c3b2
--- /dev/null
+++ b/src/chrome/content/rules/Jackpot_Millions.com.xml
@@ -0,0 +1,36 @@
+<!--
+	^jackpotmillions.com: Mismatched
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- www.jackpotmillions.com
+		- .www.jackpotmillions.com
+
+-->
+<ruleset name="Jackpot Millions.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.jackpotmillions.com" />
+
+	<!--	Complications:
+				-->
+	<target host="jackpotmillions.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.jackpotmillions\.com$" name="^(?:BIGipServer|JSESSIONID)$" /-->
+	<!--securecookie host="^\.www\.jackpotmillions\.com$" name="^tsession3$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://jackpotmillions\.com/"
+		to="https://www.jackpotmillions.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Jacks_Fetish_Tube.xml b/src/chrome/content/rules/Jacks_Fetish_Tube.xml
index 9f53e797deb1..6596e59392b8 100644
--- a/src/chrome/content/rules/Jacks_Fetish_Tube.xml
+++ b/src/chrome/content/rules/Jacks_Fetish_Tube.xml
@@ -1,13 +1,12 @@
 <ruleset name="Jacks Fetish Tube">
 
 	<target host="jacksfetishtube.com" />
-	<target host="*.jacksfetishtube.com" />
+	<target host="www.jacksfetishtube.com" />
 
 
 	<securecookie host="^\.?jacksfetishtube\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?jacksfetishtube\.com/"
-		to="https://$1jacksfetishtube.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Jackson-IT.de.xml b/src/chrome/content/rules/Jackson-IT.de.xml
new file mode 100644
index 000000000000..1f7bc4ce791c
--- /dev/null
+++ b/src/chrome/content/rules/Jackson-IT.de.xml
@@ -0,0 +1,16 @@
+<ruleset name="Jackson-IT.de">
+
+	<target host="jackson-it.de" />
+	<target host="www.jackson-it.de" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^jackson-it\.de$" name="^(PHPSESSID|wfvt_-\+)$" /-->
+
+	<securecookie host="^jackson-it\.de$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Jackson_Sun.xml b/src/chrome/content/rules/Jackson_Sun.xml
index ce6ad4b5343c..a6cf964afb5e 100644
--- a/src/chrome/content/rules/Jackson_Sun.xml
+++ b/src/chrome/content/rules/Jackson_Sun.xml
@@ -11,10 +11,11 @@
 <ruleset name="The Jackson Sun (partial)">
 
 	<target host="jacksonsun.com" />
-	<target host="*.jacksonsun.com" />
+	<target host="cmsimg.jacksonsun.com" />
+	<target host="www.jacksonsun.com" />
 
 
-	<rule from="^https?://(?:cmsimg\.|www\.)?jacksonsun\.com/"
+	<rule from="^http://(?:cmsimg\.|www\.)?jacksonsun\.com/"
 		to="https://www.jacksonsun.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Jacksonville.com.xml b/src/chrome/content/rules/Jacksonville.com.xml
deleted file mode 100644
index e85334d46fb2..000000000000
--- a/src/chrome/content/rules/Jacksonville.com.xml
+++ /dev/null
@@ -1,64 +0,0 @@
-<!--
-	CDN buckets:
-
-		- img1.lamp3.groupz.net
-
-			- static.jacksonville.com
-
-		- rptvirt.morris.com
-
-			- rpt2.homes.jacksonville.com
-
-		- photos.mycapture.com/JAXF/
-
-
-	Nonfunctional domains:
-
-		- (www.)firstcoastphotos.com *
-
-		- jacksonville.com subdomains:
-
-			- (www.) *
-			- autos *
-			- class *
-			- homes *
-			- rpt2.homes **
-			- jobs *
-			- members *
-			- news *
-			- photos *
-			- static **
-
-		- jax-cdn.com *
-
-	* Refused
-	** Dropped
-
-
-	Problematic subdomains:
-
-		- dailydeals	(works; mismatched, CN: *.upickem.net)
-
-
-	Fully covered subdomains:
-
-		- sec
-
-
-	Mixed image on sec from wikijax.com
-
--->
-<ruleset name="Jacksonville.com (partial)">
-
-	<target host="*.jacksonville.com" />
-
-
-	<!--	Tracking cookies;
-					-->
-	<securecookie host="^\.jacksonville\.com$" name="(?:_chartbeat2|cX_\w|ppRef|ppThirdPartyCookieFound|s_\w+|utag_main)" />
-
-
-	<rule from="^http://sec\.jacksonville\.com/"
-		to="https://sec.jacksonville.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Jacob_Langvad_Nilsson.xml b/src/chrome/content/rules/Jacob_Langvad_Nilsson.xml
deleted file mode 100644
index fd54810e7f02..000000000000
--- a/src/chrome/content/rules/Jacob_Langvad_Nilsson.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Jacob Langvad Nilsson">
-
-	<target host="jacoblangvad.com" />
-	<target host="*.jacoblangvad.com" />
-
-
-	<securecookie host="^\.jacoblangvad\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?jacoblangvad\.com/"
-		to="https://$1jacoblangvad.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Jacobin_Mag.com.xml b/src/chrome/content/rules/Jacobin_Mag.com.xml
new file mode 100644
index 000000000000..4c2ebbf2bc04
--- /dev/null
+++ b/src/chrome/content/rules/Jacobin_Mag.com.xml
@@ -0,0 +1,28 @@
+<!--
+	Problematic subdomains:
+
+		- store *
+
+	* 404
+
+
+	These altnames don't exist:
+
+		- www.auth.jacobinmag.com
+
+-->
+<ruleset name="Jacobin Mag.com">
+
+	<target host="jacobinmag.com" />
+	<target host="*.jacobinmag.com" />
+
+
+	<rule from="^http://(auth\.|www\.)?jacobinmag\.com/"
+		to="https://$1jacobinmag.com/" />
+
+	<!--	Redirect drops path but not args:
+							-->
+	<rule from="^http://store\.jacobinmag\.com/[^?]*"
+		to="https://jacobinmag.com/subscribe/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Jacqueline_Gold.xml b/src/chrome/content/rules/Jacqueline_Gold.xml
index b7668212ad09..0c74652a471c 100644
--- a/src/chrome/content/rules/Jacqueline_Gold.xml
+++ b/src/chrome/content/rules/Jacqueline_Gold.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(?:www\.)?jacquelinegold\.com/"
 		to="https://www.jacquelinegold.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Jadi.net.xml b/src/chrome/content/rules/Jadi.net.xml
new file mode 100644
index 000000000000..1ab4e0a3c85d
--- /dev/null
+++ b/src/chrome/content/rules/Jadi.net.xml
@@ -0,0 +1,6 @@
+<ruleset name="Jadi.net">
+  <target host="jadi.net" />
+  <target host="www.jadi.net" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Jadu.net.xml b/src/chrome/content/rules/Jadu.net.xml
new file mode 100644
index 000000000000..fc587a373eb5
--- /dev/null
+++ b/src/chrome/content/rules/Jadu.net.xml
@@ -0,0 +1,44 @@
+<!--
+	Insecure cookies are set for these domains and hosts:
+
+		- jadu.net
+		- .jadu.net
+		- www.jadu.net
+
+
+	Mixed content:
+
+		- css on (www.)? from fonts.googleapis.com ˢ
+		- Images on (www.)? from www.jadu.net ˢ
+		- favicon on (www.)? from www.jadu.net ˢ
+		- Bugs on (www.)? from www.facebook.com ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="Jadu.net">
+
+	<target host="jadu.net" />
+	<target host="cdn.jadu.net" />
+	<target host="www.jadu.net" />
+
+		<test url="http://cdn.jadu.net/images/widgets/middleAdvertCarouselv2/control_pause.png" />
+
+		<!--	Mixed content:
+					-->
+		<!--test url="http://jadu.net/blog/TheJaduBlog" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?jadu\.net$" name="^\w{16}$" /-->
+	<!--securecookie host="^\.jadu\.net$" name="^TestCookie" /-->
+
+	<securecookie host="^\w" name=".+" />
+	<securecookie host="^\." name="^(?:_gat?|TestCookie)$" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Jailbreaking_Is_Not_a_Crime.org.xml b/src/chrome/content/rules/Jailbreaking_Is_Not_a_Crime.org.xml
deleted file mode 100644
index 5169056dc169..000000000000
--- a/src/chrome/content/rules/Jailbreaking_Is_Not_a_Crime.org.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	For other EFF coverage, see EFF.xml.
-
--->
-<ruleset name="Jailbreaking Is Not a Crime.org">
-
-	<target host="jailbreakingisnotacrime.org" />
-	<target host="www.jailbreakingisnotacrime.org" />
-
-
-	<rule from="^http://(www\.)?jailbreakingisnotacrime\.org/"
-		to="https://$1jailbreakingisnotacrime.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Jaim.at.xml b/src/chrome/content/rules/Jaim.at.xml
new file mode 100644
index 000000000000..d424283622d5
--- /dev/null
+++ b/src/chrome/content/rules/Jaim.at.xml
@@ -0,0 +1,15 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://jaim.at/ => https://jaim.at/: (28, 'Connection timed out after 20001 milliseconds')
+
+-->
+<ruleset name="Jaim.at" default_off="failed ruleset test">
+
+	<target host="jaim.at" />
+	<target host="www.jaim.at" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/JakeArchibald.com.xml b/src/chrome/content/rules/JakeArchibald.com.xml
new file mode 100644
index 000000000000..4d9285148d11
--- /dev/null
+++ b/src/chrome/content/rules/JakeArchibald.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .jakearchibald.com
+
+-->
+<ruleset name="JakeArchibald.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="jakearchibald.com" />
+	<target host="www.jakearchibald.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.jakearchibald\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.jakearchibald\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Jako-O.xml b/src/chrome/content/rules/Jako-O.xml
index f92ea5afd2f5..3226a03185d3 100644
--- a/src/chrome/content/rules/Jako-O.xml
+++ b/src/chrome/content/rules/Jako-O.xml
@@ -1,15 +1,25 @@
-<ruleset name="JAKO-O">
-  <target host="jako-o.*" />
-  <target host="www.jako-o.de" />
-  <target host="www.jako-o.at" />
-  <target host="www.jako-o.lu" />
-  <target host="www.jako-o.eu" />
-  <target host="www.jako-o.com" />
-
-  <!--
-  <securecookie host="^http://(www\.)?jako-o\.de$" name="bbuserid" />
-  <securecookie host="^http://(www\.)?jako-o\.de$" name="bbpassword" />
-  -->
-
-  <rule from="^http://(?:www\.)?jako-o\.(at|com|de|eu|lu)/" to="https://www.jako-o.$1/"/>
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+			 - jako-o.lu
+			 - www.jako-o.lu
+
+		Peer certificate cannot be authenticated with given CA certificates:
+			 - jako-o.eu
+			 - www.jako-o.eu
+-->
+<ruleset name="JAKO-O (partial)">
+	<!-- jako-o.at -->
+	<target host="jako-o.at" />
+	<target host="www.jako-o.at" />
+
+	<!-- jako-o.com -->
+	<target host="jako-o.com" />
+	<target host="www.jako-o.com" />
+
+	<!-- jako-o.de -->
+	<target host="jako-o.de" />
+	<target host="www.jako-o.de" />
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Jakpost.net.xml b/src/chrome/content/rules/Jakpost.net.xml
new file mode 100644
index 000000000000..877559a4a29b
--- /dev/null
+++ b/src/chrome/content/rules/Jakpost.net.xml
@@ -0,0 +1,12 @@
+<!--
+	For other Jakarta Post coverage, see Thejakartapost.com.xml.
+-->
+<ruleset name="Jakpost.net">
+	<target host="jakpost.net" />
+	<target host="www.jakpost.net" />
+	<target host="img.jakpost.net" />
+
+	<test url="http://img.jakpost.net/c/2017/10/20/2017_10_20_34386_1508471627.jpg" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Jalopnik.com.xml b/src/chrome/content/rules/Jalopnik.com.xml
deleted file mode 100644
index 758d873a7ed4..000000000000
--- a/src/chrome/content/rules/Jalopnik.com.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	For other Gawker coverage, see Gawker.xml.
-
-
-	CN: *.a.ssl.fastly.net
-
--->
-<ruleset name="Jalopnik.com" default_off="mismatched">
-
-	<target host="jalopnik.com" />
-	<target host="*.jalopnik.com" />
-
-
-	<securecookie host="^\.?jalopnik\.com$" name=".+" />
-
-
-	<rule from="^http://(?:(cache\.)|www\.)?jalopnik\.com/"
-		to="https://$1jalopnik.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/JamPlay.xml b/src/chrome/content/rules/JamPlay.xml
new file mode 100644
index 000000000000..27b0e0021a8b
--- /dev/null
+++ b/src/chrome/content/rules/JamPlay.xml
@@ -0,0 +1,5 @@
+<ruleset name="JamPlay">
+    <target host="account.jamplay.com" />
+
+    <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/JamTrackCentral.com.xml b/src/chrome/content/rules/JamTrackCentral.com.xml
new file mode 100644
index 000000000000..e1a4274d29e1
--- /dev/null
+++ b/src/chrome/content/rules/JamTrackCentral.com.xml
@@ -0,0 +1,24 @@
+<!--
+	Login required:
+		adm.jamtrackcentral.com
+		adm.beta.jamtrackcentral.com
+		cloud.jamtrackcentral.com
+		be.test.jamtrackcentral.com
+
+	No working URL known:
+		phpmyadmin.jamtrackcentral.com
+		test.jamtrackcentral.com
+
+	Invalid certificate:
+		web1.jamtrackcentral.com
+
+-->
+<ruleset name="Jamtrackcentral">
+
+	<target host="jamtrackcentral.com" />
+	<target host="www.jamtrackcentral.com" />
+	<target host="beta.jamtrackcentral.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Jamalon.com.xml b/src/chrome/content/rules/Jamalon.com.xml
new file mode 100644
index 000000000000..0bf24125dbc1
--- /dev/null
+++ b/src/chrome/content/rules/Jamalon.com.xml
@@ -0,0 +1,11 @@
+<ruleset name="Jamalon.com">
+	<target host="jamalon.com" />
+	<target host="www.jamalon.com" />
+	<target host="cdn.jamalon.com" />
+	<target host="express.jamalon.com" />
+	<target host="performance.jamalon.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Jambit.xml b/src/chrome/content/rules/Jambit.xml
index 7e319f556ecd..5c6e38ea8556 100644
--- a/src/chrome/content/rules/Jambit.xml
+++ b/src/chrome/content/rules/Jambit.xml
@@ -3,9 +3,8 @@
 	<target host="jambit.com"/>
 	<target host="www.jambit.com"/>
 
-	<securecookie host="^(www\.)?jambit\.com$" name=".*"/>
+	<securecookie host="^(?:www\.)?jambit\.com$" name=".+" />
 
-	<rule from="^http://(www\.)?jambit\.com/"
-		to="https://$1jambit.com/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Jameco.xml b/src/chrome/content/rules/Jameco.xml
index bacbb277044f..8f701528efce 100644
--- a/src/chrome/content/rules/Jameco.xml
+++ b/src/chrome/content/rules/Jameco.xml
@@ -11,7 +11,6 @@
 	<securecookie host="^www\.jameco\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?jameco\.com/"
-		to="https://www.jameco.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Jamendo.com.xml b/src/chrome/content/rules/Jamendo.com.xml
new file mode 100644
index 000000000000..e3ee07f562a5
--- /dev/null
+++ b/src/chrome/content/rules/Jamendo.com.xml
@@ -0,0 +1,23 @@
+<!--
+	Non-functional hosts
+		Different content:
+		- blog.jamendo.com
+-->
+<ruleset name="Jamendo.com (partial)">
+	<target host="jamendo.com" />
+	<target host="artists.jamendo.com" />
+	<target host="artistscorner.jamendo.com" />
+	<target host="developer.jamendo.com" />
+	<target host="devportal.jamendo.com" />
+	<target host="forum.jamendo.com" />
+	<target host="imgjam1.jamendo.com" />
+	<target host="imgjam2.jamendo.com" />
+	<target host="licensing.jamendo.com" />
+	<target host="pro.jamendo.com" />
+	<target host="widgets.jamendo.com" />
+	<target host="www.jamendo.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Jamendo.xml b/src/chrome/content/rules/Jamendo.xml
deleted file mode 100644
index 7989f37045d7..000000000000
--- a/src/chrome/content/rules/Jamendo.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="Jamendo (partial)">
-
-	<target host="cdn.imgjam.com" />
-
-	<rule from="^http://cdn\.imgjam\.com/"
-		to="https://s3.amazonaws.com/imgcdn.jamendo.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/JamesVillas.co.uk.xml b/src/chrome/content/rules/JamesVillas.co.uk.xml
new file mode 100644
index 000000000000..96de1e0f29a3
--- /dev/null
+++ b/src/chrome/content/rules/JamesVillas.co.uk.xml
@@ -0,0 +1,33 @@
+<!--
+	For other Wyndham related rulesets, see WyndhamHotels.com.xml
+
+	Non-functional hosts
+		Couldn't connect to server:
+		- email.jamesvillas.co.uk
+		- mta1.email.jamesvillas.co.uk
+
+		Timeout was reached:
+		- mail.jamesvillas.co.uk
+		- web1.jamesvillas.co.uk
+		- web3.jamesvillas.co.uk
+
+		SSL peer certificate was not OK:
+		- blog.jamesvillas.co.uk
+		- news.jamesvillas.co.uk
+		- secure.jamesvillas.co.uk
+		- wwww.jamesvillas.co.uk
+
+		Incomplete certificate chain error:
+		- vpn.jamesvillas.co.uk
+-->
+<ruleset name="James Villas.co.uk">
+	<target host="www.jamesvillas.co.uk" />
+	<target host="autodiscover.jamesvillas.co.uk" />
+	<target host="i.jamesvillas.co.uk" />
+	<target host="liveblog.jamesvillas.co.uk" />
+	<target host="rescentral.jamesvillas.co.uk" />
+	<target host="stageblog.jamesvillas.co.uk" />
+	<target host="test1.jamesvillas.co.uk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Jamesthebard.net.xml b/src/chrome/content/rules/Jamesthebard.net.xml
new file mode 100644
index 000000000000..688893a86685
--- /dev/null
+++ b/src/chrome/content/rules/Jamesthebard.net.xml
@@ -0,0 +1,40 @@
+<!--
+	NB: Tor users cannot view* this website due to CloudFlare settings.
+
+	See:
+
+		- https://blog.torproject.org/blog/call-arms-helping-internet-services-accept-anonymous-users
+		- https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block-Tor-
+		- https://support.cloudflare.com/hc/en-us/articles/200170206-How-do-I-turn-I-m-Under-Attack-mode-on-
+
+	* without enabling javascript, for security and privacy implications see e.g.:
+
+		- https://www.mozilla.org/security/known-vulnerabilities/firefox.html
+		- https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-fingerprinting
+		- https://panopticlick.eff.org
+
+
+	Insecure cookies are set for these hosts and domains:
+
+		- jamesthebard.net
+		- .jamesthebard.net
+
+-->
+<ruleset name="jamesthebard.net">
+
+	<target host="jamesthebard.net" />
+	<target host="www.jamesthebard.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^jamesthebard\.net$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^\.jamesthebard\.net$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Jamie-Oliver.xml b/src/chrome/content/rules/Jamie-Oliver.xml
index 03d0620cc032..cd26e8672b57 100644
--- a/src/chrome/content/rules/Jamie-Oliver.xml
+++ b/src/chrome/content/rules/Jamie-Oliver.xml
@@ -1,19 +1,31 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://jamieoliver.com/ => https://www.jamieoliver.com/: Too many redirects while fetching 'https://www.jamieoliver.com/'
+Fetch error: http://www.jamieoliver.com/ => https://www.jamieoliver.com/: Too many redirects while fetching 'https://www.jamieoliver.com/'
+
+-->
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://jamieoliver.com/ => https://www.jamieoliver.com/: Too many redirects while fetching 'https://www.jamieoliver.com/'
+Fetch error: http://www.jamieoliver.com/ => https://www.jamieoliver.com/: Too many redirects while fetching 'https://www.jamieoliver.com/'
+
 	c466531.r31.cf0.rackcdn.com
 	c466531.ssl.cf0.rackcdn.com
 
 -->
-<ruleset name="Jamie Oliver" platform="mixedcontent">
+<ruleset name="Jamie Oliver" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="jamieoliver.com" />
 	<target host="www.jamieoliver.com" />
 
 
-	<securecookie host="^www\.jamieoliver\.com$" name=".*" />
+	<securecookie host="^www\.jamieoliver\.com$" name=".+" />
 
 
 	<!--	Cert only matches www.	-->
-	<rule from="^https?://(?:www\.)?jamieoliver\.com/"
+	<rule from="^http://(?:www\.)?jamieoliver\.com/"
 		to="https://www.jamieoliver.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Jammerbugt.dk.xml b/src/chrome/content/rules/Jammerbugt.dk.xml
new file mode 100644
index 000000000000..3e2d75a916e3
--- /dev/null
+++ b/src/chrome/content/rules/Jammerbugt.dk.xml
@@ -0,0 +1,17 @@
+<!--
+	Problematic subdomains:
+		. helhedsplan17 ¹
+
+	¹: Handshake failed
+-->
+<ruleset name="Jammerbugt.dk">
+	<target host="jammerbugt.dk" />
+	<target host="www.jammerbugt.dk" />
+	<target host="jobcenter.jammerbugt.dk" />
+	<target host="kort.jammerbugt.dk" />
+	<target host="sommerkunstskolen.jammerbugt.dk" />
+	<target host="tryk.jammerbugt.dk" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/JanDan.net.xml b/src/chrome/content/rules/JanDan.net.xml
new file mode 100644
index 000000000000..2edef7e5caf7
--- /dev/null
+++ b/src/chrome/content/rules/JanDan.net.xml
@@ -0,0 +1,30 @@
+<!--
+
+	Problematic domains in *jandan.net:
+
+		- www (expects client certificate)
+		- s (redirects to http)
+		- wan (TLS error)
+		- feed (no https)
+
+-->
+<ruleset name="JanDan.net" default_off="cert-chain">
+
+	<target host="jandan.net" />
+	<target host="www.jandan.net" />
+		<test url="http://www.jandan.net/ofk.gif" />
+	<target host="api.jandan.net" />
+	<target host="cdn.jandan.net" />
+	<target host="g.jandan.net" />
+	<target host="i.jandan.net" />
+	<target host="mail.jandan.net" />
+	<target host="sslcdn.jandan.net" />
+	<target host="x.jandan.net" />
+
+	<rule from="^http://www\.jandan\.net/"
+		to="https://jandan.net/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/JanRain.xml b/src/chrome/content/rules/JanRain.xml
index bdad74a18dc4..fd6847c03c94 100644
--- a/src/chrome/content/rules/JanRain.xml
+++ b/src/chrome/content/rules/JanRain.xml
@@ -1,67 +1,25 @@
-<!--	Buckets at:
-
-		- s3.amazonaws.com/capture-cdn/
-			- Equivalent to d7v0k4dt27zlp.cloudfront.net
-		- s3.amazonaws.com/janrain.quilt/
-			- Equivalent to d3hmp0045zy3cs.cloudfront.net
-		- s3.amazonaws.com/janrain.ui/
-		- s3.amazonaws.com/static.rpxnow.com/
-			- Equivalent to docj27ko03fnu.cloudfront.net
-
-		- d29usylhdk1xyu.cloudfront.net
-
-			- widget-cdn.rpxnow.com
-
-
-	Nonfunctional:
-
-		- janrain.andculture.cc		(over https shows Hatchbck Web "Launching soon" page)
-		- developers.janrain.com	(times out)
-		- (www.)janrain.com		(ditto)
-
+<!--
+	Other JanRain rulesets:
+		+ JanRainCapture.com.xml
+		+ RPXNow.com.xml
+
+	Non-functional hosts om *.janrain.com
+		Couldn't connect to server:
+		- janrain.com
+
+		SSL peer certificate was not OK:
+		- developers.janrain.com
+		- cdn.quilt.janrain.com
 -->
-<ruleset name="JanRain (partial)">
-
-	<target host="*.janrain.com"/>
-	<target host="cdn.quilt.janrain.com" />
-	<target host="janraincapture.com"/>
-	<target host="*.janraincapture.com"/>
-	<target host="*.myopenid.com"/>
-	<target host="rpxnow.com"/>
-	<target host="*.rpxnow.com" />
-
-
-	<securecookie host="^(community|support)\.janrain\.com$" name=".*" />
-	<securecookie host="^dashboard-login\.janraincapture\.com$" name=".*"/>
-	<securecookie host="^(.*\.)?rpxnow\.com$" name=".*" />
-
-
-	<!--	support is equivalent to janrain.zendesk.com, but cert is valid.	-->
-	<rule from="^http://(community|(dashboard-)?login|support)\.janrain\.com/"
-		to="https://$1.janrain.com/"/>
-
-	<rule from="^http://(dashboard-login\.|www\.)?janraincapture\.com/"
-		to="https://$1janraincapture.com/"/>
-
-	<!--	Cert is for (*.)actonsoftware.com
-		Example: info.janrain.com/acton/attachment/1205/f-0005/0/-/-/-/-/file.pdf	-->
-	<rule from="^http://info\.janrain\.com/"
-		to="https://actonsoftware.com/" />
-
-	<rule from="^http://cdn\.quilt\.janrain\.com/"
-		to="https://s3.amazonaws.com/janrain.quilt/" />
-
-	<rule from="^http://(\d+)\.myopenid\.com/"
-		to="https://$1.myopenid.com/"/>
-
-	<rule from="^http://(?:cdn|static)\.rpxnow\.com/"
-		to="https://s3.amazonaws.com/static.rpxnow.com/" />
-
-	<rule from="^https?://widget-cdn\.rpxnow\.com/"
-		to="https://d29usylhdk1xyu.cloudfront.net/" />
+<ruleset name="JanRain.com">
+	<target host="community.janrain.com" />
+	<target host="dashboard.janrain.com" />
+	<target host="info.janrain.com" />
+	<target host="login.janrain.com" />
+	<target host="support.janrain.com" />
+	<target host="www.janrain.com" />
 
-	<!--	Clients have unique subdomains	-->
-	<rule from="^http://(\w+\.)?rpxnow\.com/"
-		to="https://$1rpxnow.com/"/>
+	<securecookie host=".+" name=".+" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/JanRainCapture.com.xml b/src/chrome/content/rules/JanRainCapture.com.xml
new file mode 100644
index 000000000000..e8205f1f0213
--- /dev/null
+++ b/src/chrome/content/rules/JanRainCapture.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="JanRainCapture.com">
+	<target host="janraincapture.com" />
+	<target host="www.janraincapture.com" />
+	<target host="dashboard-login.janraincapture.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Jan_Hendrik_Peters.de.xml b/src/chrome/content/rules/Jan_Hendrik_Peters.de.xml
new file mode 100644
index 000000000000..e032381f99c6
--- /dev/null
+++ b/src/chrome/content/rules/Jan_Hendrik_Peters.de.xml
@@ -0,0 +1,34 @@
+<!--
+	^janhendrikpeters.de: Refused
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.janhendrikpeters.de
+
+-->
+<ruleset name="Jan Hendrik Peters.de">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.janhendrikpeters.de" />
+
+	<!--	Complications:
+				-->
+	<target host="janhendrikpeters.de" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.janhendrikpeters\.de$" name="^s9y_[\da-f]{32}$" /-->
+
+	<securecookie host="^www\.janhendrikpeters\.de$" name=".+" />
+
+
+	<rule from="^http://janhendrikpeters\.de/"
+		to="https://www.janhendrikpeters.de/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Janalta.com.xml b/src/chrome/content/rules/Janalta.com.xml
index 829f2842cd55..ea06b97df612 100644
--- a/src/chrome/content/rules/Janalta.com.xml
+++ b/src/chrome/content/rules/Janalta.com.xml
@@ -8,7 +8,6 @@
 
 	Fully covered subdomains:
 
-		- ftp.amazonweb1
 		- cdn		(→ d2hcl8anv7xxg0.cloudfront.net)
 		- www
 
@@ -26,17 +25,10 @@
 
 -->
 <ruleset name="Janalta.com">
+	<target host="www.janalta.com" />
+	<target host="cdn2.janalta.com" />
 
-	<target host="*.janalta.com" />
-
-
-	<securecookie host="^(?:ftp\.amazonweb1|www)\.janalta\.com$" name=".+" />
-
-
-	<rule from="^http://(ftp\.amazonweb1|www)\.janalta\.com/"
-		to="https://$1.janalta.com/" />
-
-	<rule from="^http://cdn2\.janalta\.com/"
-		to="https://d2hcl8anv7xxg0.cloudfront.net/" />
+	<securecookie host=".+" name=".+" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Jane_Street.com-problematic.xml b/src/chrome/content/rules/Jane_Street.com-problematic.xml
deleted file mode 100644
index 631247261736..000000000000
--- a/src/chrome/content/rules/Jane_Street.com-problematic.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	For rules that are on by default, see Jane_Street.com.xml.
-
--->
-<ruleset name="Jane Street.com (problematic)" default_off="expired, self-signed">
-
-	<target host="janestreet.com" />
-	<target host="www.janestreet.com" />
-
-
-	<rule from="^http://(?:www\.)?janestreet\.com/"
-		to="https://janestreet.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Jane_Street.com.xml b/src/chrome/content/rules/Jane_Street.com.xml
index 51f1d4f5e766..abf152959cab 100644
--- a/src/chrome/content/rules/Jane_Street.com.xml
+++ b/src/chrome/content/rules/Jane_Street.com.xml
@@ -1,21 +1,31 @@
 <!--
-	For problematic rules, see Jane_Street.com-problematic.xml.
-
-
 	Problematic subdomains:
 
-		- (www.)	(works; expired 2013-04-12, self-signed, CN: Parallels Panel)
+		- ^ *
+
+	* Mismatched
 
 -->
-<ruleset name="Jane Street.com (partial)">
+<ruleset name="Jane Street.com">
 
-	<target host="*.janestreet.com" />
+	<target host="janestreet.com" />
+	<target host="blogs.janestreet.com" />
+	<target host="ocaml.janestreet.com" />
+	<target host="www.janestreet.com" />
 
 
 	<securecookie host="^\.ocaml\.janestreet\.com$" name=".+" />
 
 
-	<rule from="^http://ocaml\.janestreet\.com/"
-		to="https://ocaml.janestreet.com/" />
+	<!--	Redirect keeps path, args,
+		but not forward slash:
+					-->
+	<rule from="^http://janestreet\.com/+"
+		to="https://www.janestreet.com/" />
+
+		<test url="http://janestreet.com//join-jane-street/apply/" />
+
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Jann_Horn.xml b/src/chrome/content/rules/Jann_Horn.xml
index 567eb39c5623..f5f3f2b0d2d5 100644
--- a/src/chrome/content/rules/Jann_Horn.xml
+++ b/src/chrome/content/rules/Jann_Horn.xml
@@ -1,10 +1,19 @@
-<ruleset name="Jann Horn" platform="cacert">
+<!--
+	Jann Horn
 
+
+	www.thejh.net doesn't exist.
+
+-->
+<ruleset name="TheJH.net">
+
+	<!--	Direct rewrites:
+				-->
 	<target host="thejh.net" />
-	<target host="www.thejh.net" />
+	<target host="var.thejh.net" />
 
 
-	<rule from="^http://(www\.)?thejh\.net/"
-		to="https://$1thejh.net/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/JapanAirlines.xml b/src/chrome/content/rules/JapanAirlines.xml
deleted file mode 100644
index bbfe8e09c338..000000000000
--- a/src/chrome/content/rules/JapanAirlines.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="Japan Airlines">
-  <target host="jal.co.jp" />
-  <target host="www.jal.co.jp" />
-
-  <rule from="^http://(?:www\.)?jal\.co\.jp/"
-          to="https://www.jal.co.jp/" />
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/JapanTimes.co.jp.xml b/src/chrome/content/rules/JapanTimes.co.jp.xml
new file mode 100644
index 000000000000..2f872f9083ee
--- /dev/null
+++ b/src/chrome/content/rules/JapanTimes.co.jp.xml
@@ -0,0 +1,67 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://japantimes.co.jp/ => https://japantimes.co.jp/: (28, 'Connection timed out after 20004 milliseconds')
+Fetch error: http://awsadmin.japantimes.co.jp/ => https://awsadmin.japantimes.co.jp/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://search.japantimes.co.jp/ => https://search.japantimes.co.jp/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://weekly.japantimes.co.jp/ => https://weekly.japantimes.co.jp/: (28, 'Connection timed out after 20000 milliseconds')
+
+	Non-functional hosts
+		Couldn't resolve host name:
+			 - asahi-ftp.japantimes.co.jp
+
+		Couldn't connect to server:
+			 - helpdesk.japantimes.co.jp
+			 - mw1.japantimes.co.jp
+			 - mw2.japantimes.co.jp
+			 - redmine.japantimes.co.jp
+			 - rt.japantimes.co.jp
+			 - svn.japantimes.co.jp
+
+		Timeout was reached:
+			 - blog.japantimes.co.jp
+			 - bugs.japantimes.co.jp
+			 - cms.japantimes.co.jp
+			 - features.japantimes.co.jp
+			 - ipm-archives.japantimes.co.jp
+			 - showcase.japantimes.co.jp
+			 - aomori.showcase.japantimes.co.jp
+			 - great-tamba.showcase.japantimes.co.jp
+			 - women.japantimes.co.jp
+
+		SSL peer certificate was not OK:
+			 - www.japantimes.co.jp
+			 - realestate.japantimes.co.jp
+			 - support.japantimes.co.jp
+
+		Incomplete certificate chain and redirect to HTTP:
+			 - bookclub.japantimes.co.jp
+			 - genki.japantimes.co.jp
+			 - ij.japantimes.co.jp
+
+		Self-signed:
+			 - st-m.japantimes.co.jp
+
+		Status code mismatch:
+			 - academy.japantimes.co.jp
+			 - info.japantimes.co.jp
+			 - ipm.japantimes.co.jp
+			 - st.japantimes.co.jp
+
+		Mixed content blocking (MCB) tiggered:
+			 - club.japantimes.co.jp
+			 - spelling-bee.japantimes.co.jp
+-->
+<ruleset name="The Japan Times (partial)" default_off="failed ruleset test">
+	<target host="japantimes.co.jp" />
+	<target host="awsadmin.japantimes.co.jp" />
+	<target host="form.japantimes.co.jp" />
+	<test url="http://form.japantimes.co.jp/tsuhon2017/" />
+
+	<target host="m.japantimes.co.jp" />
+	<target host="members.japantimes.co.jp" />
+	<target host="search.japantimes.co.jp" />
+	<target host="weekly.japantimes.co.jp" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Japanese-Communist-Party.xml b/src/chrome/content/rules/Japanese-Communist-Party.xml
new file mode 100644
index 000000000000..a753fac26f2e
--- /dev/null
+++ b/src/chrome/content/rules/Japanese-Communist-Party.xml
@@ -0,0 +1,14 @@
+<!--
+	Mismatched:
+		- hd
+		- mail
+		- ptv
+		- www.ptv
+-->
+<ruleset name="Japanese Communist Party">
+	<target host="jcp.or.jp" />
+	<target host="www.jcp.or.jp" />
+
+	<rule from="^http://jcp\.or\.jp/" to="https://www.jcp.or.jp/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Japanese-government.xml b/src/chrome/content/rules/Japanese-government.xml
deleted file mode 100644
index 83ef67da8034..000000000000
--- a/src/chrome/content/rules/Japanese-government.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	Nonfunctional domains:
-
-		- naiic.go.jp	(cert: bta1257.secure.jp; "Forbidden")
-
--->
-<ruleset name="Japanese government (partial)">
-
-	<target host="challenge25.go.jp"/>
-	<target host="www.challenge25.go.jp"/>
-
-	<rule from="^http://(?:www\.)?challenge25\.go\.jp/"
-		to="https://www.challenge25.go.jp/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Japhub.com.xml b/src/chrome/content/rules/Japhub.com.xml
new file mode 100644
index 000000000000..ea404095fee4
--- /dev/null
+++ b/src/chrome/content/rules/Japhub.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="Japhub.com">
+	<target host="japhub.com" />
+	<target host="www.japhub.com" />
+	<target host="img.japhub.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Jappix.xml b/src/chrome/content/rules/Jappix.xml
index fe847c934cc3..a66e3ff96fdc 100644
--- a/src/chrome/content/rules/Jappix.xml
+++ b/src/chrome/content/rules/Jappix.xml
@@ -1,16 +1,36 @@
+
 <!--
-	Nonfunctional subdomains:
+Disabled by https-everywhere-checker because:
+Fetch error: http://jappix.com/ => https://jappix.com/: (51, "SSL: no alternative certificate subject name matches target host name 'jappix.com'")
+
+	Observed subdomains:
 
+		- anonymous
+		- bind
 		- download
+		- hooks
+		- legal
+		- me
+		- mini
+		- muc
+		- projects
+		- proxy
+		- pubsub
+		- static
+		- stats
+		- stun
+		- uploads
+		- vjud
+		- websocket
 
 -->
-<ruleset name="Jappix (partial)">
+<ruleset name="Jappix (partial)" default_off="failed ruleset test">
 
 	<target host="jappix.com" />
 	<target host="*.jappix.com" />
 
 
-	<rule from="^http://(project\.|www\.)?jappix\.com/"
+	<rule from="^http://(\w+\.)?jappix\.com/"
 		to="https://$1jappix.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Jaqpot.net.xml b/src/chrome/content/rules/Jaqpot.net.xml
new file mode 100644
index 000000000000..a91bad6e1ee8
--- /dev/null
+++ b/src/chrome/content/rules/Jaqpot.net.xml
@@ -0,0 +1,24 @@
+<!--
+	^jaqpot.net doesn't exist.
+
+
+	Mixed content:
+
+		- Images from $self *
+
+		- Ads from pagead2.googlesyndication.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Jaqpot.net" default_off="self-signed">
+
+	<target host="www.jaqpot.net" />
+
+
+	<securecookie host="^www\.jaqpot\.net$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Jarian_Gibson.com-falsemixed.xml b/src/chrome/content/rules/Jarian_Gibson.com-falsemixed.xml
new file mode 100644
index 000000000000..c2f0b2906684
--- /dev/null
+++ b/src/chrome/content/rules/Jarian_Gibson.com-falsemixed.xml
@@ -0,0 +1,20 @@
+<!--
+	For rules not causing false/broken MCB, see Jarian_Gibson.com.xml.
+
+-->
+<ruleset name="Jarian Gibson.com (false MCB)" platform="mixedcontent">
+
+	<target host="*.jariangibson.com" />
+		<!--
+			Handled in Jarian_Gibson.com.xml:
+							-->
+		<!--exclusion pattern="http://www\.jariangibson\.com/(\?custom-css=1|favicon\.ico)" /-->
+
+
+	<securecookie host="^\.jariangibson.com$" name=".+" />
+
+
+	<rule from="^http://www\.jariangibson\.com/(?!\?custom-css=1|favicon\.ico)"
+		to="https://www.jariangibson.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Jarian_Gibson.com.xml b/src/chrome/content/rules/Jarian_Gibson.com.xml
new file mode 100644
index 000000000000..4fe702d5def5
--- /dev/null
+++ b/src/chrome/content/rules/Jarian_Gibson.com.xml
@@ -0,0 +1,42 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://jariangibson.com/ => https://jariangibson.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://cdn.jariangibson.com/ => https://cdn.jariangibson.com/: (51, "SSL: no alternative certificate subject name matches target host name 'cdn.jariangibson.com'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://jariangibson.com/ => https://jariangibson.com/: (28, 'Connection timed out after 10001 milliseconds')
+Fetch error: http://cdn.jariangibson.com/ => https://cdn.jariangibson.com/: (51, "SSL: no alternative certificate subject name matches target host name 'cdn.jariangibson.com'")
+	For rules causing false/broken MCB, see Jarian_Gibson.com-falsemixed.xml.
+
+
+	Mixed content:
+
+		- css, from:
+
+			- $self *
+			- fonts.googleapis.com *
+
+		- Images from cdn *
+
+	* Secured by us
+
+-->
+<ruleset name="Jarian Gibson.com (partial)" default_off="failed ruleset test">
+
+	<target host="jariangibson.com" />
+	<target host="cdn.jariangibson.com" />
+	<target host="www.jariangibson.com" />
+		<!--
+			As https://j... redirects to http://www...,
+			we can avoid a duplicate target warning by
+			blanket-rewriting !www in this ruleset.
+
+			Avoid false/broken MCB:
+						-->
+		<exclusion pattern="http://www\.jariangibson\.com/(?!\?custom-css=1|favicon\.ico)" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Jarir.com.xml b/src/chrome/content/rules/Jarir.com.xml
new file mode 100644
index 000000000000..5bab5d251599
--- /dev/null
+++ b/src/chrome/content/rules/Jarir.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="Jarir.com">
+	<target host="jarir.com" />
+	<target host="www.jarir.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Jasig.org.xml b/src/chrome/content/rules/Jasig.org.xml
index 21f0a3f7687b..1944e027831d 100644
--- a/src/chrome/content/rules/Jasig.org.xml
+++ b/src/chrome/content/rules/Jasig.org.xml
@@ -1,49 +1,53 @@
 <!--
 	Problematic domains:
 
-		- ja-sig.org *
-		- (www.)ja-sig.org	(cert only matches *.jasig.org)
+		- (www.)?ja-sig.org *
+		- (www.)?jasig.org *
 
-		- jasig.org subdomains:
-
-			- ^ *
-			. www.issues **
-			- www.wiki **
-
-	* \w+ redirects to www.../$"
-	** \w+ redirects to www.../$",	cert only matches *.jasig.org
+	* Mismatched
 
 
 	Fully covered domains:
 
-		- (www.)ja-sig.org	(→ www.ja-sig.org)
+		- (www.)?ja-sig.org	(→ www.apereo.org)
 
-		- jasig.org subdomains:
+		- in *jasig.org:
 
-			- (www.)	(^ → www)
+			- (www.)?	(^ → www.apereo.org)
 			- issues
-			- www.issues	(^ → www.jasig)
 			- wiki
-			- www.wiki	(^ → www.jasig)
 
 -->
 <ruleset name="Jasig.org">
 
+	<!--	Direct rewrites:
+				-->
+	<target host="issues.jasig.org" />
+	<target host="wiki.jasig.org" />
+
+	<!--	Complications:
+				-->
 	<target host="ja-sig.org" />
 	<target host="www.ja-sig.org" />
+
 	<target host="jasig.org" />
-	<target host="*.jasig.org" />
+	<target host="www.jasig.org" />
+
+
 
+	<securecookie host="^(?:issues|wiki)?\.jasig\.org$" name=".+" />
 
-	<securecookie host="^(?:issues|wiki|www)?\.jasig\.org$" name=".+" />
 
+	<!--	Redirect drops path and forward
+		slash, but not args:
+					-->
+	<rule from="^http://(?:www\.)?ja-?sig\.org/[^?]*"
+		to="https://www.apereo.org/" />
 
-	<!--	www.issues & www.wiki show www over http.
-							-->
-	<rule from="^http://(?:www(?:\.issues|\.wiki)?\.)?ja-?sig\.org/"
-		to="https://www.jasig.org/" />
+		<test url="http://www.jasig.org//" />
+		<test url="http://www.ja-sig.org//" />
 
-	<rule from="^http://(issues|wiki)\.jasig\.org/"
-		to="https://$1.jasig.org/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Jason_Davies.com.xml b/src/chrome/content/rules/Jason_Davies.com.xml
new file mode 100644
index 000000000000..09bb12846718
--- /dev/null
+++ b/src/chrome/content/rules/Jason_Davies.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="Jason Davies.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="jasondavies.com" />
+	<target host="www.jasondavies.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Jaspan.com.xml b/src/chrome/content/rules/Jaspan.com.xml
index ed2cbdb8f18b..f69656cba904 100644
--- a/src/chrome/content/rules/Jaspan.com.xml
+++ b/src/chrome/content/rules/Jaspan.com.xml
@@ -1,9 +1,46 @@
-<ruleset name="jaspan.com">
 
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://jaspan.com/sites/all/modules/codefilter/codefilter.css => https://jaspan.com/sites/all/modules/codefilter/codefilter.css: (7, 'Failed to connect to jaspan.com port 443: Connection refused')
+Fetch error: http://www.jaspan.com/themes/acquia/acquia_marina/images/close-quote.gif => https://jaspan.com/themes/acquia/acquia_marina/images/close-quote.gif: (7, 'Failed to connect to jaspan.com port 443: Connection refused')
+
+	www.jaspan.com: Mismatched
+
+-->
+<ruleset name="Jaspan.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
 	<target host="jaspan.com" />
 
+	<!--	Complications:
+				-->
+	<target host="www.jaspan.com" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://jaspan\.com/(?:$|contact$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://(?:www\.)?jaspan\.com/+(?!sites/|themes/)" />
 
-	<rule from="^http://jaspan\.com/"
+			<!--	+ve:
+					-->
+			<test url="http://jaspan.com/about" />
+			<test url="http://jaspan.com/contact" />
+			<test url="http://jaspan.com/topic/clients" />
+
+			<!--	-ve:
+					-->
+			<test url="http://jaspan.com/sites/all/modules/codefilter/codefilter.css" />
+			<test url="http://www.jaspan.com/themes/acquia/acquia_marina/images/close-quote.gif" />
+
+
+	<rule from="^http://www\.jaspan\.com/"
 		to="https://jaspan.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Java.net.xml b/src/chrome/content/rules/Java.net.xml
index 31ea1bcbbe01..1cd0e38dcfd6 100644
--- a/src/chrome/content/rules/Java.net.xml
+++ b/src/chrome/content/rules/Java.net.xml
@@ -1,16 +1,33 @@
 <!--
-	For other Oracle coverage, see Oracle.xml.
+	For other Oracle coverage, see Oracle.xml
 
+	Non-functional hosts
+		5xx server error:
+		- asset-0.java.net
+		- asset-1.java.net
+		- asset-2.java.net
+		- asset-3.java.net
+		- home.java.net
 -->
 <ruleset name="Java.net (partial)">
-
+	<target host="java.net" />
+	<target host="www.java.net" />
+	<target host="download.java.net" />
+	<target host="glassfish.java.net" />
+	<target host="jax-rs-spec.java.net" />
+	<target host="jdk.java.net" />
+	<target host="jersey.java.net" />
+	<target host="jsr311.java.net" />
+	<target host="openjdk.java.net" />
+	<target host="bugs.openjdk.java.net" />
+	<target host="cr.openjdk.java.net" />
+	<target host="db.openjdk.java.net" />
+	<target host="hg.openjdk.java.net" />
+	<target host="mail.openjdk.java.net" />
 	<target host="wiki.openjdk.java.net" />
+	<target host="tyrus.java.net" />
 
+	<securecookie host=".+" name=".+" />
 
-	<securecookie host="^wiki\.openjdk\.java\.net$" name=".+" />
-
-
-	<rule from="^http://wiki\.openjdk\.java\.net/"
-		to="https://wiki.openjdk.java.net/" />
-
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Java.xml b/src/chrome/content/rules/Java.xml
index 338ba7223ca4..65389a8458cc 100644
--- a/src/chrome/content/rules/Java.xml
+++ b/src/chrome/content/rules/Java.xml
@@ -1,8 +1,14 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+			 - bugreport.java.com
+-->
 <ruleset name="Java">
-  <target host="java.com" />
-  <target host="www.java.com" />
+	<target host="java.com" />
+	<target host="www.java.com" />
+	<target host="go.java.com" />
 
-	<securecookie host="^www\.java\.com$" name=".*"/>
+	<securecookie host="^(www\.)?java\.com$" name=".+" />
 
-  <rule from="^https?://(?:www\.)?java\.com(?::80)?/" to="https://www.java.com/"/>
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/JavaLand.eu.xml b/src/chrome/content/rules/JavaLand.eu.xml
new file mode 100644
index 000000000000..7be607acc6ad
--- /dev/null
+++ b/src/chrome/content/rules/JavaLand.eu.xml
@@ -0,0 +1,17 @@
+<!--
+	Connection closed:
+ 		javaland.eu
+-->
+<ruleset name="JavaLand.eu">
+
+	<target host="javaland.eu" />
+	<target host="www.javaland.eu" />
+	<target host="programm.javaland.eu" />
+
+	<rule from="^http://javaland\.eu/"
+		to="https://www.javaland.eu/" />
+    <test url="http://javaland.eu/de/rueckabwicklung/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/JavaScriptIsSexy.com.xml b/src/chrome/content/rules/JavaScriptIsSexy.com.xml
new file mode 100644
index 000000000000..d4810d732d5f
--- /dev/null
+++ b/src/chrome/content/rules/JavaScriptIsSexy.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="JavaScriptIsSexy.com">
+	<target host="javascriptissexy.com" />
+	<target host="www.javascriptissexy.com" />
+	<target host="cpanel.javascriptissexy.com" />
+	<target host="mail.javascriptissexy.com" />
+	<target host="webdisk.javascriptissexy.com" />
+	<target host="webmail.javascriptissexy.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/JavaScriptKicks.com.xml b/src/chrome/content/rules/JavaScriptKicks.com.xml
new file mode 100644
index 000000000000..5f793ad003a0
--- /dev/null
+++ b/src/chrome/content/rules/JavaScriptKicks.com.xml
@@ -0,0 +1,20 @@
+<!--
+	www: Mismatched
+
+
+	Mixed content:
+
+		- Images from media.kickscdn.com *
+
+	* Unsecurable <= redirects to http
+
+-->
+<ruleset name="JavaScriptKicks.com">
+
+	<target host="javascriptkicks.com" />
+	<target host="www.javascriptkicks.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/JavaScriptMVC.xml b/src/chrome/content/rules/JavaScriptMVC.xml
index 3eafabf91102..a75051dec30a 100644
--- a/src/chrome/content/rules/JavaScriptMVC.xml
+++ b/src/chrome/content/rules/JavaScriptMVC.xml
@@ -1,4 +1,6 @@
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://javascriptmvc.com/ => http://javascriptmvc.com/: Cycle detected - URL already encountered: http://javascriptmvc.com/
 	CDN buckets:
 
 		- d3tkw0zqe07qze.cloudfront.net
@@ -8,23 +10,24 @@
 
 	Problematic subdomains:
 
-		- ^	(works; mismatched, CN: *.heroku.com)
+		- ^	(Refused)
 		- www	(works, cloudfront)
 
 -->
 <ruleset name="JavaScriptMVC (partial)">
 
 	<target host="javascriptmvc.com" />
-	<target host="*.javascriptmvc.com" />
+	<target host="www.javascriptmvc.com" />
+	<target host="forum.javascriptmvc.com" />
 
 
 	<securecookie host="^forum\.javascriptmvc\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?javascriptmvc\.com/(documentjs|imvc)/"
+	<rule from="^http://(?:www\.)?javascriptmvc\.com/(documentjs|imvc)/"
 		to="https://d3tkw0zqe07qze.cloudfront.net/$1/" />
 
 	<rule from="^http://forum\.javascriptmvc\.com/"
 		to="https://forum.javascriptmvc.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Javacoolsoftware.com.xml b/src/chrome/content/rules/Javacoolsoftware.com.xml
index a28b4d9799ad..625a27e76ed5 100644
--- a/src/chrome/content/rules/Javacoolsoftware.com.xml
+++ b/src/chrome/content/rules/Javacoolsoftware.com.xml
@@ -1,8 +1,18 @@
-<ruleset name="Javacoolsoftware.com">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.javacoolsoftware.com/ => https://www.javacoolsoftware.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://javacoolsoftware.com/ => https://www.javacoolsoftware.com/: (60, 'SSL certificate problem: certificate has expired')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.javacoolsoftware.com/ => https://www.javacoolsoftware.com/: (28, 'Connection timed out after 10001 milliseconds')
+Fetch error: http://javacoolsoftware.com/ => https://www.javacoolsoftware.com/: (28, 'Connection timed out after 10000 milliseconds')
+-->
+<ruleset name="Javacoolsoftware.com" default_off="failed ruleset test">
   <target host="www.javacoolsoftware.com"/>
   <target host="javacoolsoftware.com"/>
   <target host="licenses.javacoolsoftware.com"/>
-  <rule from="^http://(www\.)?javacoolsoftware\.com/" to="https://www.javacoolsoftware.com/"/>
+  <rule from="^http://(?:www\.)?javacoolsoftware\.com/" to="https://www.javacoolsoftware.com/"/>
   <rule from="^http://licenses\.javacoolsoftware\.com/" to="https://licenses.javacoolsoftware.com/"/>
 </ruleset>
-<!-- Rule generated by HTTPS Finder 0.85 -->
\ No newline at end of file
+<!-- Rule generated by HTTPS Finder 0.85 -->
diff --git a/src/chrome/content/rules/Javadoc.io.xml b/src/chrome/content/rules/Javadoc.io.xml
new file mode 100644
index 000000000000..7e6d1f8cfcb5
--- /dev/null
+++ b/src/chrome/content/rules/Javadoc.io.xml
@@ -0,0 +1,7 @@
+<ruleset name="Javadoc.io">
+  <target host="javadoc.io" />
+  <target host="static.javadoc.io" />
+  <target host="www.javadoc.io" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Javelin_Strategy.com.xml b/src/chrome/content/rules/Javelin_Strategy.com.xml
new file mode 100644
index 000000000000..94b92850bd78
--- /dev/null
+++ b/src/chrome/content/rules/Javelin_Strategy.com.xml
@@ -0,0 +1,31 @@
+<!--
+	^: cert only matches www
+
+
+	Insecure cookies are set for these domains:
+
+		- store
+		- www
+
+-->
+<ruleset name="Javelin Strategy.com">
+
+	<target host="javelinstrategy.com" />
+	<target host="www.javelinstrategy.com" />
+	<target host="store.javelinstrategy.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^store\.javelinstrategy\.com$" name="^fcsid$" /-->
+	<!--securecookie host="^www\.javelinstrategy\.com$" name="^CMSSESSID\d{8}" /-->
+
+	<securecookie host="^(?:store|www)\.javelinstrategy\.com$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?javelinstrategy\.com/"
+		to="https://www.javelinstrategy.com/" />
+
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Javvin.com.xml b/src/chrome/content/rules/Javvin.com.xml
index 414cb80c34d0..0f6c7814d298 100644
--- a/src/chrome/content/rules/Javvin.com.xml
+++ b/src/chrome/content/rules/Javvin.com.xml
@@ -1,8 +1,16 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://javvin.com/ => http://javvin.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.javvin.com/ => http://www.javvin.com/: (28, 'Connection timed out after 20000 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://javvin.com/ => http://javvin.com/: (28, 'Connection timed out after 10000 milliseconds')
+Fetch error: http://www.javvin.com/ => http://www.javvin.com/: (28, 'Connection timed out after 10000 milliseconds')
 	Some pages redirect to http.
 
 -->
-<ruleset name="Javvin.com (partial)">
+<ruleset name="Javvin.com (partial)" default_off="failed ruleset test">
 
 	<target host="javvin.com" />
 	<target host="www.javvin.com" />
diff --git a/src/chrome/content/rules/Jawbone.com.xml b/src/chrome/content/rules/Jawbone.com.xml
index b46be5103ec4..3ffaf3eed701 100644
--- a/src/chrome/content/rules/Jawbone.com.xml
+++ b/src/chrome/content/rules/Jawbone.com.xml
@@ -9,6 +9,10 @@
 
 			- forums
 
+	Non-functional hosts:
+		Timeout:
+		- jawbone.com
+
 
 	Partially covered subdomains:
 
@@ -47,18 +51,21 @@
 -->
 <ruleset name="Jawbone.com (partial)">
 
-	<target host="jawbone.com" />
-	<target host="*.jawbone.com" />
+	<target host="eu.jawbone.com" />
+	<target host="forums.jawbone.com" />
+	<target host="mytalk.jawbone.com" />
+	<target host="store.jawbone.com" />
+	<target host="thoughts.jawbone.com" />
+	<target host="up.jawbone.com" />
+	<target host="www.jawbone.com" />
+	<target host="content.jawbone.com" />
 		<exclusion pattern="^http://store\.jawbone\.com/(?!Admin/|DRHM/)" />
 
 
 	<securecookie host="^(?!store\.).*\.jawbone\.com$" name=".+" />
 
 
-	<rule from="^http://((?:eu|forums|mytalk|store|thoughts|up|www)\.)?jawbone\.com/"
-		to="https://$1jawbone.com/" />
 
-	<rule from="^http://content\.jawbone\.com/"
-		to="https://d3osil7svxrrgt.cloudfront.net/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/JayIsGames.com.xml b/src/chrome/content/rules/JayIsGames.com.xml
new file mode 100644
index 000000000000..22f73312a559
--- /dev/null
+++ b/src/chrome/content/rules/JayIsGames.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="Jay Is Games.com">
+
+	<target host="jayisgames.com" />
+	<target host="www.jayisgames.com" />
+	<target host="ftp.jayisgames.com" />
+	<target host="games.jayisgames.com" />
+	<target host="images.jayisgames.com" />
+		<test url="http://images.jayisgames.com/weekday_escape_banner.png" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Jaymart.co.th.xml b/src/chrome/content/rules/Jaymart.co.th.xml
index 5bea35118fb6..acfff4153cc2 100644
--- a/src/chrome/content/rules/Jaymart.co.th.xml
+++ b/src/chrome/content/rules/Jaymart.co.th.xml
@@ -2,5 +2,5 @@
   <target host="jaymart.co.th" />
   <target host="www.jaymart.co.th" />
 
-  <rule from="^http://(www\.)?jaymart\.co\.th/" to="https://www.jaymart.co.th/" />
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Jazz.co.xml b/src/chrome/content/rules/Jazz.co.xml
new file mode 100644
index 000000000000..a912af19105a
--- /dev/null
+++ b/src/chrome/content/rules/Jazz.co.xml
@@ -0,0 +1,68 @@
+<!--
+	Problematic hosts in *jazz.co:
+
+		- success *
+
+	* Server sends no certificate chain, see https://whatsmychaincert.com
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- jazz.co
+		- .jazz.co
+
+
+	These altnames don't exist:
+
+		- www.success.jazz.co
+
+
+	Mixed content:
+
+		- Image on ^ from static1.squarespace.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Jazz.co (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="jazz.co" />
+	<target host="careers.jazz.co" />
+	<!--target host="success.jazz.co" /-->
+	<target host="www.jazz.co" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://careers\.jazz\.co/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://careers\.jazz\.co/+(?!css/)" />
+
+			<!-- +ve:
+					-->
+
+			<test url="http://careers.jazz.co/apply/lDD1Ph/Director-Customer-Success" />
+			<test url="http://careers.jazz.co/apply/QSc08Z/Account-Executive" />
+
+			<!--	-ve:
+					-->
+
+			<test url="http://careers.jazz.co/css/v2/css/apply.css" />
+			<test url="http://careers.jazz.co/img/v1.1/logos/jazz-logo.png" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^jazz\.co$" name="^(?:JSESSIONID|crumb)$" /-->
+	<!--securecookie host="^\.jazz\.co$" name="SS_MID$" /-->
+
+	<securecookie host="^\.?jazz\.co$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Jba.io.xml b/src/chrome/content/rules/Jba.io.xml
new file mode 100644
index 000000000000..02872d89da47
--- /dev/null
+++ b/src/chrome/content/rules/Jba.io.xml
@@ -0,0 +1,14 @@
+<!--
+	www: mismatched
+
+-->
+<ruleset name="jba.io">
+
+	<target host="jba.io" />
+	<target host="www.jba.io" />
+
+
+	<rule from="^http://(?:www\.)?jba\.io/"
+		to="https://jba.io/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Jbfavre.org.xml b/src/chrome/content/rules/Jbfavre.org.xml
new file mode 100644
index 000000000000..505a29f99002
--- /dev/null
+++ b/src/chrome/content/rules/Jbfavre.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="Jbfavre.org">
+	<target host="jbfavre.org" />
+	<target host="www.jbfavre.org" />
+	<target host="blog.jbfavre.org" />
+	<target host="medias.jbfavre.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Jbp.io.xml b/src/chrome/content/rules/Jbp.io.xml
new file mode 100644
index 000000000000..ed8edc12cee9
--- /dev/null
+++ b/src/chrome/content/rules/Jbp.io.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .jbp.io
+
+-->
+<ruleset name="jbp.io">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="jbp.io" />
+	<target host="www.jbp.io" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.jbp\.io$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.jbp\.io$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Jcea.es.xml b/src/chrome/content/rules/Jcea.es.xml
new file mode 100644
index 000000000000..be0e6a842f65
--- /dev/null
+++ b/src/chrome/content/rules/Jcea.es.xml
@@ -0,0 +1,40 @@
+<!--
+	Nonfunctional hosts in *jcea.es:
+
+		- podcast *
+
+	* Redirects to www.jcea.es
+
+
+	Fully covered hosts in *jcea.es:
+
+		- (www.)?
+		- blog
+		- mailman
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- www from img.geocaching.com *
+			- www from internetdefenseleague.org *
+			- www from www.python.org *
+
+	* Secured by us
+
+-->
+<ruleset name="jcea.es (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="jcea.es" />
+	<target host="blog.jcea.es" />
+	<target host="mailman.jcea.es" />
+	<target host="www.jcea.es" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Jcloud.com.xml b/src/chrome/content/rules/Jcloud.com.xml
new file mode 100644
index 000000000000..24064a8259ca
--- /dev/null
+++ b/src/chrome/content/rules/Jcloud.com.xml
@@ -0,0 +1,17 @@
+<!--
+	For other Jingdong Mall coverage, see JD.com.xml.
+-->
+<ruleset name="Jcloud.com">
+	<target host="jcloud.com" />
+	<target host="www.jcloud.com" />
+	<target host="dataplus.jcloud.com" />
+	<target host="hosting.jcloud.com" />
+	<target host="jbox.jcloud.com" />
+		<test url="http://jbox.jcloud.com/assets/css/v2/i/default_head_img.jpg" />
+	<target host="market.jcloud.com" />
+	<target host="uc.jcloud.com" />
+
+	<securecookie host="^\w" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Jdeslip.com.xml b/src/chrome/content/rules/Jdeslip.com.xml
deleted file mode 100644
index 8dcf484de30c..000000000000
--- a/src/chrome/content/rules/Jdeslip.com.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="jdeslip.com">
-
-	<target host="jdeslip.com" />
-	<target host="www.jdeslip.com" />
-
-
-	<rule from="^http://(www\.)?jdeslip\.com/"
-		to="https://$1jdeslip.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/JeKKT.com.xml b/src/chrome/content/rules/JeKKT.com.xml
new file mode 100644
index 000000000000..bcc76bbc9f1e
--- /dev/null
+++ b/src/chrome/content/rules/JeKKT.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- jekkt.com
+		- www.jekkt.com
+
+-->
+<ruleset name="JeKKT.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="jekkt.com" />
+	<target host="www.jekkt.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?jekkt\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^(?:www\.)?jekkt\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Jean.lgbt.xml b/src/chrome/content/rules/Jean.lgbt.xml
new file mode 100644
index 000000000000..746a3cc5d822
--- /dev/null
+++ b/src/chrome/content/rules/Jean.lgbt.xml
@@ -0,0 +1,8 @@
+<ruleset name="Jean.lgbt">
+	<target host="jean.lgbt" />
+	<target host="www.jean.lgbt" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Jeena.net.xml b/src/chrome/content/rules/Jeena.net.xml
new file mode 100644
index 000000000000..b5522b3d0ae3
--- /dev/null
+++ b/src/chrome/content/rules/Jeena.net.xml
@@ -0,0 +1,14 @@
+<ruleset name="jeena.net">
+
+	<target host="jeena.net" />
+	<target host="m.jeena.net" />
+	<target host="www.jeena.net" />
+
+
+	<securecookie host="^jeena\.net$" name=".+" />
+
+
+	<rule from="^http://(?:(m\.)|www\.)?jeena\.net/"
+		to="https://$1jeena.net/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Jeep_Tops_Direct.com.xml b/src/chrome/content/rules/Jeep_Tops_Direct.com.xml
index 98638cb1981f..ee7b675f3ba9 100644
--- a/src/chrome/content/rules/Jeep_Tops_Direct.com.xml
+++ b/src/chrome/content/rules/Jeep_Tops_Direct.com.xml
@@ -1,13 +1,12 @@
 <ruleset name="Jeep Tops Direct.com">
 
 	<target host="jeeptopsdirect.com" />
-	<target host="*.jeeptopsdirect.com" />
+	<target host="www.jeeptopsdirect.com" />
 
 
 	<securecookie host="^\.(?:www\.)?jeeptopsdirect\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?jeeptopsdirect\.com/"
-		to="https://$1jeeptopsdirect.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Jeff_Mitchell.me.xml b/src/chrome/content/rules/Jeff_Mitchell.me.xml
new file mode 100644
index 000000000000..bafc60678e8f
--- /dev/null
+++ b/src/chrome/content/rules/Jeff_Mitchell.me.xml
@@ -0,0 +1,25 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://blog.jeffmitchell.me/ => https://blog.jeffmitchell.me/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.jeffmitchell.me/ => https://www.jeffmitchell.me/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://jeffmitchell.me/ => https://jeffmitchell.me/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	STS header includes includeSubdomains
+
+-->
+<ruleset name="Jeff Mitchell.me" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="jeffmitchell.me" />
+	<target host="*.jeffmitchell.me" />
+
+		<test url="http://blog.jeffmitchell.me/" />
+		<test url="http://www.jeffmitchell.me/" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Jeff_Nabers.com-falsemixed.xml b/src/chrome/content/rules/Jeff_Nabers.com-falsemixed.xml
new file mode 100644
index 000000000000..20189d2a9e92
--- /dev/null
+++ b/src/chrome/content/rules/Jeff_Nabers.com-falsemixed.xml
@@ -0,0 +1,13 @@
+<!--
+	For rules not causing false/broken MCB, see Jeff_Nabers.com.xml.
+
+-->
+<ruleset name="Jeff Nabers.com (false MCB)" platform="mixedcontent">
+
+	<target host="www.jeffnabers.com" />
+
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Jeff_Nabers.com.xml b/src/chrome/content/rules/Jeff_Nabers.com.xml
new file mode 100644
index 000000000000..0945f9b78b26
--- /dev/null
+++ b/src/chrome/content/rules/Jeff_Nabers.com.xml
@@ -0,0 +1,17 @@
+<!--
+	For rules causing false/broken MCB, see Jeff_Nabers.com-falsemixed.xml.
+
+-->
+<ruleset name="Jeff Nabers.com (partial)">
+
+	<!--	https://j... redirects to http://w..., so we can avoid a
+		duplicate target warning by blanket rewriting !www.
+	-->
+	<target host="jeffnabers.com" />
+	<target host="www.jeffnabers.com" />
+		<exclusion pattern="^http://www\.jeffnabers\.com/+(?!favicon\.ico|wp-content/|wp-includes/)" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Jeff_Reifman.com.xml b/src/chrome/content/rules/Jeff_Reifman.com.xml
index 022ffe3f37f0..6610ab62d83b 100644
--- a/src/chrome/content/rules/Jeff_Reifman.com.xml
+++ b/src/chrome/content/rules/Jeff_Reifman.com.xml
@@ -1,25 +1,16 @@
 <!--
-	CDN buckets:
-
-		- d34gmh9gge3473.cloudfront.net
-
-			- cloud
-
-
-	Nonfunctional subdomains:
-
-		- (www.) *
-		- resume *
-
-	* Dropped
+	Invalid certificate:
+		jeffreifman.com
+		www.jeffreifman.com
+		cloud.jeffreifman.com
+		misc.jeffreifman.com
+		twitter.jeffreifman.com
 
 -->
 <ruleset name="Jeff Reifman.com (partial)">
 
-	<target host="cloud.jeffreifman.com" />
-
+	<target host="resume.jeffreifman.com" />
 
-	<rule from="^http://cloud\.jeffreifman\.com/"
-		to="https://d34gmh9gge3473.cloudfront.net/" />
+	<rule from="^http:"	to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Jeja.pl.xml b/src/chrome/content/rules/Jeja.pl.xml
index dc65e3c07652..23d300db50f5 100644
--- a/src/chrome/content/rules/Jeja.pl.xml
+++ b/src/chrome/content/rules/Jeja.pl.xml
@@ -1,20 +1,13 @@
-<!--
-	Problematic subdomains:
-
-		- (www.)	(self-signed, CN: localhost)
-		- pobierak	(self-signed, CN: PL)
-
--->
-<ruleset name="Jeja.pl " default_off="self-signed">
+<ruleset name="Jeja.pl">
 
 	<target host="jeja.pl" />
-	<target host="*.jeja.pl" />
+	<target host="www.jeja.pl" />
+	<target host="pobierak.jeja.pl" />
 
 
 	<securecookie host="^\.jeja\.pl$" name=".+" />
 
 
-	<rule from="^http://(pobierak\.|www\.)?jeja\.pl/"
-		to="https://$1jeja.pl/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Jellynote.com.xml b/src/chrome/content/rules/Jellynote.com.xml
new file mode 100644
index 000000000000..cf3883bf181e
--- /dev/null
+++ b/src/chrome/content/rules/Jellynote.com.xml
@@ -0,0 +1,28 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.jellynote.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Jellynote.com">
+
+	<target host="jellynote.com" />
+	<target host="www.jellynote.com" />
+
+		<!--	Sets cookies without Secure:
+							-->
+		<!--test url="http://www.jellynote.com/en/premium/presentation" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.jellynote\.com$" name="^(csrftoken|mms|pgroup|token)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Jenkins-CI.org.xml b/src/chrome/content/rules/Jenkins-CI.org.xml
index 9c4ce8469ae6..4cc3c296fb4a 100644
--- a/src/chrome/content/rules/Jenkins-CI.org.xml
+++ b/src/chrome/content/rules/Jenkins-CI.org.xml
@@ -1,25 +1,36 @@
-<!---
-	Fully covered subdomains:
-
-		- (www.)
-		- ci
-		- issues
-		- svn
-		- updates
-		- usage
-		- wiki
-
+<!--
+	Invalid certificate:
+		- ci.jenkins-ci.org
+		- demo.jenkins-ci.org
+		- lists.jenkins-ci.org
+		- meetings.jenkins-ci.org
+		- mirrors.jenkins-ci.org
+		- pkg.jenkins-ci.org
+		- puppet.jenkins-ci.org
+
+	Refused:
+		- archives.jenkins-ci.org
+		- ns3.jenkins-ci.org
+
+	Timeout:
+		- stacktrace.jenkins-ci.org
+		- svn.jenkins-ci.org
 -->
 <ruleset name="Jenkins-CI.org">
 
 	<target host="jenkins-ci.org" />
-	<target host="*.jenkins-ci.org" />
-
-
-	<securecookie host="^(?:ci|issues|svn|update|usage|wiki)?\.jenkins-ci\.org$" name=".+" />
-
-
-	<rule from="^http://((?:ci|issues|svn|updates|usage|wiki|www)\.)?jenkins-ci\.org/"
-		to="https://$1jenkins-ci.org/" />
+	<target host="www.jenkins-ci.org" />
+	<target host="accounts.jenkins-ci.org" />
+	<target host="issues.jenkins-ci.org" />
+	<target host="javadoc.jenkins-ci.org" />
+	<target host="repo.jenkins-ci.org" />
+	<target host="stats.jenkins-ci.org" />
+	<target host="updates.jenkins-ci.org" />
+	<target host="usage.jenkins-ci.org" />
+	<target host="wiki.jenkins-ci.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Jenkins-X.io.xml b/src/chrome/content/rules/Jenkins-X.io.xml
new file mode 100644
index 000000000000..6ece69aa6c6f
--- /dev/null
+++ b/src/chrome/content/rules/Jenkins-X.io.xml
@@ -0,0 +1,13 @@
+<!--
+	cd.jenkins-x.io contains a wildcard DNS record.
+-->
+<ruleset name="Jenkins-X.io">
+
+	<target host="jenkins-x.io" />
+	<target host="chartmuseum.build.cd.jenkins-x.io" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Jenner.ac.uk.xml b/src/chrome/content/rules/Jenner.ac.uk.xml
new file mode 100644
index 000000000000..4a161280dee0
--- /dev/null
+++ b/src/chrome/content/rules/Jenner.ac.uk.xml
@@ -0,0 +1,23 @@
+<!--
+	For other University of Oxford coverage, see University-of-Oxford.xml.
+
+
+	^jenner.ac.uk doesn't exist.
+
+
+	Mixed content:
+
+		- css from fonts.googleapis.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Jenner.ac.uk">
+
+	<target host="www.jenner.ac.uk" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Jennyvixenryan.com.xml b/src/chrome/content/rules/Jennyvixenryan.com.xml
new file mode 100644
index 000000000000..14ccec806734
--- /dev/null
+++ b/src/chrome/content/rules/Jennyvixenryan.com.xml
@@ -0,0 +1,5 @@
+<ruleset name="jennyvixenryan.com">
+	<target host="jennyvixenryan.com" />
+	<target host="www.jennyvixenryan.com" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Jensge.org.xml b/src/chrome/content/rules/Jensge.org.xml
index 97f58d71cf01..2a18dbaa3574 100644
--- a/src/chrome/content/rules/Jensge.org.xml
+++ b/src/chrome/content/rules/Jensge.org.xml
@@ -1,16 +1,29 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://jensge.org/ => https://jensge.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.jensge.org/ => https://jensge.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
 	Problematic subdomains:
 
 		- www	(mismatched, CN: www.webstreams.de)
 
 -->
-<ruleset name="jensge.org" platform="cacert">
+<ruleset name="jensge.org" default_off="failed ruleset test">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="jensge.org" />
+
+	<!--	Complications:
+				-->
 	<target host="www.jensge.org" />
 
 
-	<rule from="^http://(?:www\.)?jensge\.org/"
+	<rule from="^http://www\.jensge\.org/"
 		to="https://jensge.org/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Jepso.com.xml b/src/chrome/content/rules/Jepso.com.xml
new file mode 100644
index 000000000000..6458a66cdbeb
--- /dev/null
+++ b/src/chrome/content/rules/Jepso.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .jepso.com
+
+-->
+<ruleset name="Jepso.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="jepso.com" />
+	<target host="www.jepso.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.jepso\.com$" name="^(__cfduid|__utm\w+|cf_clearance)$" /-->
+
+	<securecookie host="^\.jepso\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/JessFindlay.com.xml b/src/chrome/content/rules/JessFindlay.com.xml
new file mode 100644
index 000000000000..ab9df4a49a41
--- /dev/null
+++ b/src/chrome/content/rules/JessFindlay.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="Jess Findlay Photography">
+
+	<target host="jessfindlay.com" />
+	<target host="www.jessfindlay.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/JessFraz.com.xml b/src/chrome/content/rules/JessFraz.com.xml
new file mode 100644
index 000000000000..7ad14c33de77
--- /dev/null
+++ b/src/chrome/content/rules/JessFraz.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .jessfraz.com
+
+-->
+<ruleset name="JessFraz.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="jessfraz.com" />
+	<target host="blog.jessfraz.com" />
+	<target host="www.jessfraz.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.jessfraz\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Jet2.com.xml b/src/chrome/content/rules/Jet2.com.xml
index 545b4fb30e0f..8f6834210d60 100644
--- a/src/chrome/content/rules/Jet2.com.xml
+++ b/src/chrome/content/rules/Jet2.com.xml
@@ -1,9 +1,16 @@
-<ruleset name="Jet2.com" platform="mixedcontent">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://jet2.com/ => https://www.jet2.com/: Too many redirects while fetching 'https://www.jet2.com/'
+
+-->
+<ruleset name="Jet2.com" platform="mixedcontent" default_off="failed ruleset test">
   <target host="jet2.com" />
-  <target host="*.jet2.com" />
+  <target host="intranet.jet2.com" />
+  <target host="reservations.jet2.com" />
+  <target host="www.jet2.com" />
 
   <rule from="^http://jet2\.com/"
           to="https://www.jet2.com/" />
-  <rule from="^http://(intranet|reservations|www)\.jet2\.com/"
-          to="https://$1.jet2.com/" />
-</ruleset>
\ No newline at end of file
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/JetBrains.com.xml b/src/chrome/content/rules/JetBrains.com.xml
new file mode 100644
index 000000000000..4ab1561f441d
--- /dev/null
+++ b/src/chrome/content/rules/JetBrains.com.xml
@@ -0,0 +1,54 @@
+<!--
+	Non-functional hosts
+		SSL connect error:
+		- blogs.jetbrains.com
+		- www.onboard.jetbrains.com
+
+		SSL peer certificate was not OK:
+		- download-ln.jetbrains.com
+		- slack-mps.jetbrains.com
+
+		4xx client error:
+		- data.services.jetbrains.com
+-->
+<ruleset name="JetBrains.com">
+	<target host="jetbrains.com" />
+	<target host="www.jetbrains.com" />
+	<target host="account.jetbrains.com" />
+	<target host="blog.jetbrains.com" />
+	<target host="code2art.jetbrains.com" />
+	<target host="confluence.jetbrains.com" />
+	<target host="dotnettools-support.jetbrains.com" />
+	<target host="download.jetbrains.com" />
+	<test url="http://download.jetbrains.com/idea/ideaIU-2018.3.4.tar.gz" />
+	<target host="ea.jetbrains.com" />
+	<target host="go.jetbrains.com" />
+	<target host="hub.jetbrains.com" />
+	<target host="hub-support.jetbrains.com" />
+	<target host="info.jetbrains.com" />
+	<target host="intellij-support.jetbrains.com" />
+	<target host="internship.jetbrains.com" />
+	<target host="mps-support.jetbrains.com" />
+	<target host="plugins.jetbrains.com" />
+	<target host="repository.jetbrains.com" />
+	<target host="resharper-platform.jetbrains.com" />
+	<target host="resharper-support.jetbrains.com" />
+	<target host="resources.jetbrains.com" />
+	<test url="http://resources.jetbrains.com/storage/products/clion/docs/Comparisons_CLion.pdf" />
+	<target host="rider-support.jetbrains.com" />
+	<target host="sales.jetbrains.com" />
+	<target host="uploads.services.jetbrains.com" />
+	<target host="space-support.jetbrains.com" />
+	<target host="status.jetbrains.com" />
+	<target host="teamcity.jetbrains.com" />
+	<test url="http://teamcity.jetbrains.com/login.html" />
+	<target host="teamcity-support.jetbrains.com" />
+	<target host="toolbox-support.jetbrains.com" />
+	<target host="upsource.jetbrains.com" />
+	<target host="upsource-support.jetbrains.com" />
+	<target host="youtrack.jetbrains.com" />
+	<target host="youtrack-support.jetbrains.com" />
+	<target host="youtrack-workflow-converter.jetbrains.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/JetBrains.xml b/src/chrome/content/rules/JetBrains.xml
deleted file mode 100644
index fc46d42b2bba..000000000000
--- a/src/chrome/content/rules/JetBrains.xml
+++ /dev/null
@@ -1,96 +0,0 @@
-<!--
-	CDN buckets:
-
-		- up-20131014-174310-staticss3bucket-11pv7uv2jov7b.s3-eu-west-1.amazonaws.com
-
-		- jetbrains.vo.llnwd.net
-
-			- .hs. doesn't exist
-			- download-ln
-
-		- dotnettools.zendesk.com
-
-			- dotnettools-support
-
-		- resharper.zendesk.com
-
-			- reshaper-support
-
-
-	Nonfunctional subdomains:
-
-		- blogs ¹
-		- confluence ¹
-		- devnet ²
-		- download ¹
-		- download-ln	(400, CN: *.hs.llnwd.net)
-		- forum ¹
-		- kotlin-demo ¹
-		- plugins ¹
-		- teamcity ²
-
-	¹ Refused
-	² Dropped
-
-
-	Problematic subdomains:
-
-		- ^		(cert only matches www)
-		- jetpeople *
-		- youtrack *
-
-	* Works, self-signed
-
-
-	Partially covered subdomains:
-
-		- dotnettools-support	(→ dotnettools.zendesk.com)
-		- info			(→ na-lon02.marketo.com)
-		- reshaper-support	(→ reshaper.zendesk.com)
-
-
-	Fully covered subdomains:
-
-		- (www.)	(^ → www)
-		- account
-		- intellij-support
-		- sso
-
-
-	Observed cookie domains:
-
-		- account
-		- intellij-support
-		- sso
-		- www
-
-
-	Mixed content:
-
-		- Ads on www from www.googleadservices.com *
-
-	* Secured by us
-
--->
-<ruleset name="JetBrains (partial)">
-
-	<target host="jetbrains.com" />
-	<target host="*.jetbrains.com" />
-
-
-	<securecookie host="^(?:account|intellij-support|sso|www)\.jetbrains\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?jetbrains\.com/"
-		to="https://www.jetbrains.com/" />
-
-	<rule from="^http://(account|intellij-support|sso)\.jetbrains\.com/"
-		to="https://$1.jetbrains.com/" />
-
-	<rule from="^http://(dotnettools|reshaper)-support\.jetbrains\.com/(?=favicon\.ico|generated/|images/|system/)"
-		to="https://$1.zendeskcom/" />
-
-	<rule from="^http://info\.jetbrains\.com/(?=css/|images/|js/|rs/)"
-		to="https://na-lon02.marketo.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/JetPhotos.com.xml b/src/chrome/content/rules/JetPhotos.com.xml
new file mode 100644
index 000000000000..8ce8a92a7775
--- /dev/null
+++ b/src/chrome/content/rules/JetPhotos.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="JetPhotos.com">
+
+	<target host="jetphotos.com" />
+	<target host="www.jetphotos.com" />
+	<target host="cdn.jetphotos.com" />
+	<target host="forums.jetphotos.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Jethro_Carr.com.xml b/src/chrome/content/rules/Jethro_Carr.com.xml
new file mode 100644
index 000000000000..fd32a21b18d5
--- /dev/null
+++ b/src/chrome/content/rules/Jethro_Carr.com.xml
@@ -0,0 +1,17 @@
+<!--
+	Mixed content:
+
+		- Images from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Jethro Carr.com">
+
+	<target host="jethrocarr.com" />
+	<target host="www.jethrocarr.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Jetico.com.xml b/src/chrome/content/rules/Jetico.com.xml
new file mode 100644
index 000000000000..2b13eb4d2b22
--- /dev/null
+++ b/src/chrome/content/rules/Jetico.com.xml
@@ -0,0 +1,32 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://jetico.com/ => https://jetico.com/: Too many redirects while fetching 'https://jetico.com/'
+Fetch error: http://www.jetico.com/ => https://www.jetico.com/: Too many redirects while fetching 'https://www.jetico.com/'
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://jetico.com/ => https://jetico.com/: (51, "SSL: no alternative certificate subject name matches target host name 'jetico.com'")
+	Mixed content:
+
+		- css from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Jetico.com" default_off="failed ruleset test">
+
+	<target host="jetico.com" />
+	<target host="www.jetico.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.jetico\.com$" name="^[0-9a-f]{32}$" /-->
+	<!--securecookie host="^\.www\.jetico\.com$" name="^jetico_ncs$" /-->
+
+	<securecookie host="^\.?www\.jetico\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Jewel_Osco.com.xml b/src/chrome/content/rules/Jewel_Osco.com.xml
new file mode 100644
index 000000000000..15c764b0f7c5
--- /dev/null
+++ b/src/chrome/content/rules/Jewel_Osco.com.xml
@@ -0,0 +1,32 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://jewelosco.com/ => https://jewelosco.com/: (51, "SSL: no alternative certificate subject name matches target host name 'jewelosco.com'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://jewelosco.com/ => https://jewelosco.com/: (51, "SSL: no alternative certificate subject name matches target host name 'jewelosco.com'")
+	^: cert only matches www
+
+
+	Mixed content:
+
+		- css on www from fonts.googleapis.com ¹
+
+		- Images, on www from:
+
+			- $self ¹
+			- rev.mywebgrocer.com ²
+
+	¹ Secured by us
+	² Unsecurable <= refused
+
+-->
+<ruleset name="Jewel Osco.com" default_off="failed ruleset test">
+
+	<target host="jewelosco.com" />
+	<target host="www.jewelosco.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/JewishPress.com.xml b/src/chrome/content/rules/JewishPress.com.xml
index 96ca413edc86..0913904a1a84 100644
--- a/src/chrome/content/rules/JewishPress.com.xml
+++ b/src/chrome/content/rules/JewishPress.com.xml
@@ -1,16 +1,23 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://jewishpress.com/ => https://jewishpress.com/: (28, 'Connection timed out after 20005 milliseconds')
+Fetch error: http://www.jewishpress.com/ => https://www.jewishpress.com/: (28, 'Connection timed out after 20000 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://jewishpress.com/ => https://jewishpress.com/: (7, 'Failed to connect to jewishpress.com port 443: Connection refused')
+Fetch error: http://www.jewishpress.com/ => https://www.jewishpress.com/: (7, 'Failed to connect to www.jewishpress.com port 443: Connection refused')
 	CDN buckets:
 
 		- i[012].wp.com/www.jewishpress.com/
 
 -->
-<ruleset name="JewishPress.com">
+<ruleset name="JewishPress.com" default_off="failed ruleset test">
 
 	<target host="jewishpress.com" />
 	<target host="www.jewishpress.com" />
 
 
-	<rule from="^http://(www\.)?jewishpress\.com/"
-		to="https://$1jewishpress.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Jezebel.com.xml b/src/chrome/content/rules/Jezebel.com.xml
deleted file mode 100644
index eca6cc431426..000000000000
--- a/src/chrome/content/rules/Jezebel.com.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	For other Gawker coverage, see Gawker.xml.
-
-
-	CN: *.a.ssl.fastly.net
-
--->
-<ruleset name="Jezebel.com" default_off="mismatched">
-
-	<target host="jezebel.com" />
-	<target host="*.jezebel.com" />
-
-
-	<securecookie host="^\.?jezebel\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?jezebel\.com/"
-		to="https://jezebel.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/JiWire.xml b/src/chrome/content/rules/JiWire.xml
index b7091c98b8bf..b9781d9766cf 100644
--- a/src/chrome/content/rules/JiWire.xml
+++ b/src/chrome/content/rules/JiWire.xml
@@ -1,4 +1,10 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://jiwire.com/ => https://www.jiwire.com/: (60, 'SSL certificate problem: self signed certificate')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://jiwire.com/ => https://www.jiwire.com/: (60, 'SSL certificate problem: self signed certificate')
 	Nonfunctional subdomains:
 
 		- blog *
@@ -27,10 +33,16 @@
 		- v4
 
 -->
-<ruleset name="JiWire (partial)">
+<ruleset name="JiWire (partial)" default_off="failed ruleset test">
 
 	<target host="jiwire.com" />
-	<target host="*.jiwire.com" />
+	<target host="cms.jiwire.com" />
+	<target host="www.jiwire.com" />
+	<target host="ads.jiwire.com" />
+	<target host="api.jiwire.com" />
+	<target host="tags.jiwire.com" />
+	<target host="v4.jiwire.com" />
+	<target host="wi-fi.jiwire.com" />
 
 
 	<securecookie host="^v4\.jiwire\.com$" name=".+" />
@@ -39,7 +51,6 @@
 	<rule from="^http://(?:cms\.|www\.)?jiwire\.com/"
 		to="https://www.jiwire.com/" />
 
-	<rule from="^http://(ads|api|tags|v4|wi-fi)\.jiwire\.com/"
-		to="https://$1.jiwire.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/JianGuoYun.xml b/src/chrome/content/rules/JianGuoYun.xml
new file mode 100644
index 000000000000..98eb6f6206cb
--- /dev/null
+++ b/src/chrome/content/rules/JianGuoYun.xml
@@ -0,0 +1,21 @@
+<!--
+	Failed:
+		blog.
+		help.
+-->
+
+<ruleset name="JianGuoYun (partial)">
+	<target host="jianguoyun.com" />
+	<target host="www.jianguoyun.com" />
+	<target host="bbs.jianguoyun.com" />
+	<target host="dav.jianguoyun.com" />
+	<target host="shbelle.jianguoyun.com" />
+	<target host="w.jianguoyun.com" />
+
+	  <!--  MCB:  -->
+		<exclusion pattern="^http://bbs\.jianguoyun\.com/(?!my-templates/)" />
+		<test url="http://bbs.jianguoyun.com/forum.php?id=1" />
+		<test url="http://bbs.jianguoyun.com/my-templates/nutstore/style.css" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Jiasule.com.xml b/src/chrome/content/rules/Jiasule.com.xml
new file mode 100644
index 000000000000..06bbdaf857c7
--- /dev/null
+++ b/src/chrome/content/rules/Jiasule.com.xml
@@ -0,0 +1,27 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- static.jiasule.com
+		- www.jiasule.com
+
+-->
+<ruleset name="jiasule.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="jiasule.com" />
+	<target host="static.jiasule.com" />
+	<target host="www.jiasule.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:static|www)\.jiasule\.com$" name="^__jsluid$" /-->
+
+	<securecookie host="^(?:static|www)\.jiasule\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Jiffy_Free_Score.com.xml b/src/chrome/content/rules/Jiffy_Free_Score.com.xml
index d4409a93db57..14cd2fa69d80 100644
--- a/src/chrome/content/rules/Jiffy_Free_Score.com.xml
+++ b/src/chrome/content/rules/Jiffy_Free_Score.com.xml
@@ -1,13 +1,12 @@
 <ruleset name="Jiffy Free Score.com">
 
 	<target host="jiffyfreescore.com" />
-	<target host="*.jiffyfreescore.com" />
+	<target host="www.jiffyfreescore.com" />
 
 
 	<securecookie host="^(?:[w.]*\.)?jiffyfreescore\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?jiffyfreescore\.com/"
-		to="https://$1jiffyfreescore.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Jifo.co.xml b/src/chrome/content/rules/Jifo.co.xml
new file mode 100644
index 000000000000..5299aaeefbc9
--- /dev/null
+++ b/src/chrome/content/rules/Jifo.co.xml
@@ -0,0 +1,25 @@
+<!--
+	For other Infogr.am coverage, see Infogr.am.xml.
+
+
+	Insecure cookies are set for these domains:
+
+		- .jifo.co
+
+-->
+<ruleset name="jifo.co">
+
+	<target host="jifo.co" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.jifo\.co$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Jigsaw.xml b/src/chrome/content/rules/Jigsaw.xml
deleted file mode 100644
index 9943696cc5d2..000000000000
--- a/src/chrome/content/rules/Jigsaw.xml
+++ /dev/null
@@ -1,31 +0,0 @@
-<!--
-	- jigsaw.i.lithium.com
-	- jigsaw.mashery.com
-
-
-	Nonfunctional subdomains:
-
-		- developer	(redirects to http; mismatched, CN: *.mashery.com)
-
-
-	Problematic subdomains:
-
-		- community
-
--->
-<ruleset name="Jigsaw (partial)">
-
-	<target host="jigsaw.com" />
-	<target host="*.jigsaw.com" />
-
-
-	<securecookie host="^(?:www)?\.jigsaw\.com$" name=".+" />
-
-
-	<rule from="^http://((?:about|email|enterprise|static|www)\.)?jigsaw\.com/"
-		to="https://$1jigsaw.com/" />
-
-	<rule from="^https?://community\.jigsaw\.com/"
-		to="https://jigsaw.i.lithium.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Jimcdn.com.xml b/src/chrome/content/rules/Jimcdn.com.xml
new file mode 100644
index 000000000000..8dd6d53269d8
--- /dev/null
+++ b/src/chrome/content/rules/Jimcdn.com.xml
@@ -0,0 +1,19 @@
+
+<!--
+	Other Jimdo rulesets:
+		-Jimdo.xml
+-->
+<ruleset name="Jimcdn.com">
+
+	<target host="image.jimcdn.com" />
+	<target host="screenshot-service.jimcdn.com" />
+	<target host="u.jimcdn.com" />
+
+	<test url="http://image.jimcdn.com/app/cms/image/transf/none/path/sa6549607c78f5c11/image/i9d6e7fb91ac77594/version/1490381820/best-landscapes-in-europe-godafoss-waterfall-at-sunset-iceland-europe-copyright-ronnybas.jpg/" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Jimdo-Server.com.xml b/src/chrome/content/rules/Jimdo-Server.com.xml
new file mode 100644
index 000000000000..498d64a08156
--- /dev/null
+++ b/src/chrome/content/rules/Jimdo-Server.com.xml
@@ -0,0 +1,23 @@
+
+<!--
+	Other Jimdo rulesets:
+		- Jimdo.xml
+
+	Invalid certificate:
+		jimdo-server.com
+-->
+<ruleset name="Jimdo-Server.com (partial)">
+
+	<target host="api.dmp.jimdo-server.com" />
+	<target host="devkit.dmp.jimdo-server.com" />
+	<target host="screenshots.dmp.jimdo-server.com" />
+	<target host="mgmt.jimdo-server.com" />
+
+	<test url="http://api.dmp.jimdo-server.com/designs/316/versions/2.0.28/preview/" />
+	<test url="http://screenshots.dmp.jimdo-server.com/?ressource=https://api.dmp.jimdo-server.com/designs/316/versions/2.0.28/&amp;format=medium/" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Jimdo.design.xml b/src/chrome/content/rules/Jimdo.design.xml
new file mode 100644
index 000000000000..89aa5ed44484
--- /dev/null
+++ b/src/chrome/content/rules/Jimdo.design.xml
@@ -0,0 +1,15 @@
+
+<!--
+	Other Jimdo rulesets:
+		-Jimdo.xml
+-->
+<ruleset name="Jimdo.design">
+
+	<target host="jimdo.design" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Jimdo.xml b/src/chrome/content/rules/Jimdo.xml
index 0c532dcb5b69..13c95c3b0a2b 100644
--- a/src/chrome/content/rules/Jimdo.xml
+++ b/src/chrome/content/rules/Jimdo.xml
@@ -1,7 +1,25 @@
-<ruleset name="Jimdo">
-  <target host="webmail.jimdo.com" />
 
-  <securecookie host="^webmail\.jimdo\.com$" name=".+" />
+<!--
+	Other Jimdo rulesets:
+		-Jimdo-Server.com.xml
+		-Jimcdn.com.xml
+		-Jimstatic.com.xml
+		-Jimdo.design.xml
+
+	Jimdo is a web hosting provider. All client pages have a subdomain with the Jimdo certificate.
+-->
+<ruleset name="Jimdo.com">
+
+	<target host="jimdo.com" />
+	<target host="*.jimdo.com" />
+			<test url="http://de.jimdo.com/" />
+			<test url="http://es.jimdo.com/" />
+			<test url="http://help.jimdo.com/" />
+			<test url="http://webmail.jimdo.com/" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
 
-  <rule from="^http://webmail\.jimdo\.com/" to="https://webmail.jimdo.com/" />
 </ruleset>
diff --git a/src/chrome/content/rules/Jimg.dk.xml b/src/chrome/content/rules/Jimg.dk.xml
new file mode 100644
index 000000000000..302cd2ef30bd
--- /dev/null
+++ b/src/chrome/content/rules/Jimg.dk.xml
@@ -0,0 +1,28 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://jimg.dk/ => https://jimg.dk/: (51, "SSL: no alternative certificate subject name matches target host name 'jimg.dk'")
+
+	For other Jubii coverage, see Jibii.dk.xml.
+
+
+	Fully covered subdomains:
+
+		- (www.)
+		- i[123]
+		- z
+
+-->
+<ruleset name="Jimg.dk" default_off="failed ruleset test">
+
+	<target host="jimg.dk" />
+	<target host="i1.jimg.dk" />
+	<target host="i2.jimg.dk" />
+	<target host="i3.jimg.dk" />
+	<target host="www.jimg.dk" />
+	<target host="z.jimg.dk" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Jimstatic.com.xml b/src/chrome/content/rules/Jimstatic.com.xml
new file mode 100644
index 000000000000..595cf2b3a951
--- /dev/null
+++ b/src/chrome/content/rules/Jimstatic.com.xml
@@ -0,0 +1,21 @@
+
+<!--
+	Other Jimdo rulesets:
+		-Jimdo.xml
+-->
+<ruleset name="Jimstatic.com">
+
+	<target host="account-assets.jimstatic.com" />
+	<target host="assets.jimstatic.com" />
+	<target host="assets1.jimstatic.com" />
+	<target host="assets2.jimstatic.com" />
+	<target host="growth.jimstatic.com" />
+	<target host="signup.jimstatic.com" />
+	<target host="webteam.jimstatic.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Jingwei.com.xml b/src/chrome/content/rules/Jingwei.com.xml
new file mode 100644
index 000000000000..814409c3698c
--- /dev/null
+++ b/src/chrome/content/rules/Jingwei.com.xml
@@ -0,0 +1,22 @@
+<!--
+	^jingwei.com: 404
+	www.jingwei.com: 502
+
+
+	Mixed content:
+
+		- Image on mobile from $self
+
+-->
+<ruleset name="Jingwei.com (partial)" default_off="expired">
+
+	<target host="mobile.jingwei.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Jino.ru.xml b/src/chrome/content/rules/Jino.ru.xml
new file mode 100644
index 000000000000..3298a2163ca2
--- /dev/null
+++ b/src/chrome/content/rules/Jino.ru.xml
@@ -0,0 +1,29 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .jino.ru
+
+-->
+<ruleset name="Jino.ru">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="jino.ru" />
+	<target host="auth.jino.ru" />
+	<target host="domains.jino.ru" />
+	<target host="hosting.jino.ru" />
+	<target host="spectrum.jino.ru" />
+	<target host="www.jino.ru" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.jino\.ru$" name="^(?:csrftoken|sid)$" /-->
+
+	<securecookie host="^\.jino\.ru$" name="^(?:csrftoken|sid)$" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Jisc.ac.uk.xml b/src/chrome/content/rules/Jisc.ac.uk.xml
new file mode 100644
index 000000000000..378255361c3d
--- /dev/null
+++ b/src/chrome/content/rules/Jisc.ac.uk.xml
@@ -0,0 +1,20 @@
+<!--
+	Mixed content:
+
+		- Image on repository from www.jisc.ac.uk *
+		- favicon on repository from www.jisc.ac.uk *
+
+	* Secured by us
+
+-->
+<ruleset name="Jisc.ac.uk">
+
+	<target host="jisc.ac.uk" />
+	<target host="repository.jisc.ac.uk" />
+	<target host="www.jisc.ac.uk" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Jisho.org.xml b/src/chrome/content/rules/Jisho.org.xml
new file mode 100644
index 000000000000..2c00cf4cb1e2
--- /dev/null
+++ b/src/chrome/content/rules/Jisho.org.xml
@@ -0,0 +1,22 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+		- beta.jisho.org
+		- classic.jisho.org
+		- forum.jisho.org
+		- iphone.jisho.org
+		- k.jisho.org
+		- m.jisho.org
+
+		Timeout was reached:
+		- blog.jisho.org
+-->
+<ruleset name="Jisho.org (partial)">
+	<target host="jisho.org" />
+	<target host="www.jisho.org" />
+	<target host="assets.jisho.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Jit.su.xml b/src/chrome/content/rules/Jit.su.xml
new file mode 100644
index 000000000000..d471423ff066
--- /dev/null
+++ b/src/chrome/content/rules/Jit.su.xml
@@ -0,0 +1,21 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://jit.su/ => https://jit.su/: (7, 'Failed to connect to jit.su port 443: Connection timed out')
+Fetch error: http://www.jit.su/ => https://www.jit.su/: (7, 'Failed to connect to www.jit.su port 443: No route to host')
+Fetch error: http://xmpp-ftw.jit.su/ => https://xmpp-ftw.jit.su/: (7, 'Failed to connect to xmpp-ftw.jit.su port 443: Connection timed out')
+
+	For other GoDaddy coverage, see GoDaddy.xml.
+
+-->
+<ruleset name="jit.su" default_off="failed ruleset test">
+
+	<target host="jit.su" />
+	<target host="www.jit.su" />
+	<target host="xmpp-ftw.jit.su" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Jitbit.com.xml b/src/chrome/content/rules/Jitbit.com.xml
new file mode 100644
index 000000000000..4ad816794924
--- /dev/null
+++ b/src/chrome/content/rules/Jitbit.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="Jitbit.com">
+
+	<target host="jitbit.com" />
+	<target host="www.jitbit.com" />
+
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Jitscale.com-falsemixed.xml b/src/chrome/content/rules/Jitscale.com-falsemixed.xml
index e38f47c3ad38..1f5776fa030d 100644
--- a/src/chrome/content/rules/Jitscale.com-falsemixed.xml
+++ b/src/chrome/content/rules/Jitscale.com-falsemixed.xml
@@ -5,13 +5,12 @@
 <ruleset name="Jitscale.com (false MCB)" platform="mixedcontent">
 
 	<target host="jitscale.com" />
-	<target host="*.jitscale.com" />
+	<target host="www.jitscale.com" />
 
 
 	<securecookie host=".*\.jitscale\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?jitscale\.com/"
-		to="https://$1jitscale.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Jitscale.com.xml b/src/chrome/content/rules/Jitscale.com.xml
index 80a638e4ba69..455e762aecf9 100644
--- a/src/chrome/content/rules/Jitscale.com.xml
+++ b/src/chrome/content/rules/Jitscale.com.xml
@@ -51,4 +51,4 @@
 	<rule from="^http://cdn3\.jitscale\.com/"
 		to="https://d2ve2fyg0zf8xm.cloudfront.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Jitsi.org.xml b/src/chrome/content/rules/Jitsi.org.xml
index 6496dffe637d..8a14824510b0 100644
--- a/src/chrome/content/rules/Jitsi.org.xml
+++ b/src/chrome/content/rules/Jitsi.org.xml
@@ -1,16 +1,36 @@
-<!-- This rule was automatically generated based on an HSTS
-     preload rule in the Chromium browser.  See
-     https://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.h
-     for the list of preloads.  Sites are added to the Chromium HSTS
-     preload list on request from their administrators, so HTTPS should
-     work properly everywhere on this site.
 
-     Because Chromium and derived browsers automatically force HTTPS for
-     every access to this site, this rule applies only to Firefox. -->
-<ruleset name="Jitsi.org" platform="firefox">
-<target host="download.jitsi.org" />
+<!--
+	Invalid certificate:
+		dictionaries.jitsi.org
+		trac.jitsi.org
+		www.jit.si
+		xmpp.jit.si
 
-<securecookie host="^download\.jitsi\.org$" name=".+" />
+	Time out:
+		apidocs.jitsi.org
+		gsoc.jitsi.org
+		translate.jitsi.org
+
+	Refused:
+		lists.jitsi.org
+		meet.jitsi.org
+
+-->
+<ruleset name="Jitsi.org">
+
+	<target host="jitsi.org" />
+	<target host="www.jitsi.org" />
+	<target host="desktop.jitsi.org" />
+	<target host="discourse.jitsi.org" />
+	<target host="download.jitsi.org" />
+
+	<target host="jit.si" />
+	<target host="meet.jit.si" />
+
+	<securecookie host="^(?:download\.)?jitsi\.org$" name=".+" />
+	<securecookie host="^(?:meet)?(?:\.)?jit\.si$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
 
-<rule from="^http://download\.jitsi\.org/" to="https://download.jitsi.org/" />
 </ruleset>
diff --git a/src/chrome/content/rules/Jitsi.xml b/src/chrome/content/rules/Jitsi.xml
deleted file mode 100644
index ddc8bd1db3b5..000000000000
--- a/src/chrome/content/rules/Jitsi.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<ruleset name="Jitsi">
-
-	<target host="jit.si" />
-	<target host="www.jit.si" />
-	<target host="jitsi.org" />
-	<target host="www.jitsi.org" />
-
-
-	<securecookie host="^jitsi\.org$" name=".*" />
-
-
-	<rule from="^http://(www\.)?jit\.si/"
-		to="https://$1jit.si/" />
-
-	<rule from="^http://(www\.)?jitsi\.org/"
-		to="https://$1jitsi.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Jive.com.xml b/src/chrome/content/rules/Jive.com.xml
index 4781582b7d8b..2220ce69eaf8 100644
--- a/src/chrome/content/rules/Jive.com.xml
+++ b/src/chrome/content/rules/Jive.com.xml
@@ -12,12 +12,14 @@
 	Problematic domains:
 
 		- (www.)getjive.com *
-		- jive.com *
+		- jive.com ²
+		- www.jive.com *
 
 	* Dropped
+	² Server sends no certificate chain
 
 -->
-<ruleset name="Jive.com">
+<ruleset name="Jive.com" default_off="missing certificate chain">
 
 	<target host="getjive.com" />
 	<target host="www.getjive.com" />
diff --git a/src/chrome/content/rules/Jive_Software.com.xml b/src/chrome/content/rules/Jive_Software.com.xml
index 5b4293ff7463..dd56c26bc631 100644
--- a/src/chrome/content/rules/Jive_Software.com.xml
+++ b/src/chrome/content/rules/Jive_Software.com.xml
@@ -1,12 +1,69 @@
-<ruleset name="Jive Software.com (partial)">
+<!--
+	Other Jive Software rulesets:
 
+		- Jiveon.com.xml
+
+
+	Problematic hosts in *jivesoftware.com:
+
+		- feeds ¹
+		- trust ²
+
+	¹ FeedBurner
+	² 401
+
+
+	Insecure cookies are set for these hosts:
+
+		- community.jivesoftware.com
+		- docs.jivesoftware.com
+
+-->
+<ruleset name="Jive Software.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="jivesoftware.com" />
 	<target host="cloud.jivesoftware.com" />
+	<target host="community.jivesoftware.com" />
+	<target host="developer.jivesoftware.com" />
+	<target host="docs.jivesoftware.com" />
+	<target host="jiveworld.jivesoftware.com" />
+	<target host="www.jivesoftware.com" />
+
+	<!--	Complications:
+				-->
+	<target host="feeds.jivesoftware.com" />
+	<target host="trust.jivesoftware.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^community\.jivesoftware\.com$" name="^(BIGipServer[\w.-]+|jive\.login\.ts|jive\.security\.context)$" /-->
+	<!--securecookie host="^docs\.jivesoftware\.com$" name="^(JSESSIONID|cookiesEnabled)$" /-->
+
+	<securecookie host="^\." name="^_gat?$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://feeds\.jivesoftware\.com/$"
+		to="https://feedburner.google.com/fb/a/home" />
+
+	<rule from="^http://feeds\.jivesoftware\.com/"
+		to="https://feeds.feedburner.com/" />
 
+		<test url="http://feeds.jivesoftware.com/~r/JiveWorld/~3/8X--XII9XW8/engaging-the-organization-adoption-strategies-tips" />
 
-	<securecookie host="^cloud\.jivesoftware\.com$" name=".+" />
+	<!--	Redirect drops path and forward
+		slash, but not args:
+					-->
+	<rule from="^http://trust\.jivesoftware\.com/[^?]*"
+		to="https://www.jivesoftware.com/trust-security/" />
 
+		<test url="http://trust.jivesoftware.com/Default.aspx" />
+		<test url="http://trust.jivesoftware.com/index.php" />
 
-	<rule from="^http://cloud\.jivesoftware\.com/"
-		to="https://cloud.jivesoftware.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Jiveon.com.xml b/src/chrome/content/rules/Jiveon.com.xml
new file mode 100644
index 000000000000..a790a5cde20d
--- /dev/null
+++ b/src/chrome/content/rules/Jiveon.com.xml
@@ -0,0 +1,45 @@
+<!--
+	For other Jive Software coverage, see Jive_Software.com.xml.
+
+
+	^jiveon.com: Refused
+
+
+	Insecure cookies are set for these hosts:
+
+		- status.jievon.com
+
+-->
+<ruleset name="Jiveon.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="login.jiveon.com" />
+	<target host="signup.jiveon.com" />
+	<target host="status.jiveon.com" />
+	<target host="www.jiveon.com" />
+
+	<!--	Complications:
+				-->
+	<target host="jiveon.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^status\.jiveon\.com$" name="^(?:BIGipServer|JSESSIONID$)" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<!--	Redirect keeps path and args,
+		but not forward slash:
+					-->
+	<rule from="^http://jiveon\.com/+"
+		to="https://login.jiveon.com/" />
+
+		<test url="http://jiveon.com//home.php" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Jjslinterrors.com.xml b/src/chrome/content/rules/Jjslinterrors.com.xml
new file mode 100644
index 000000000000..60abd79ce6a9
--- /dev/null
+++ b/src/chrome/content/rules/Jjslinterrors.com.xml
@@ -0,0 +1,18 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://jslinterrors.com/ => https://jslinterrors.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.jslinterrors.com/ => https://www.jslinterrors.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+  Notes:
+  - Cloudflare SSL
+-->
+<ruleset name="jslinterrors.com" default_off="failed ruleset test">
+    <target host="jslinterrors.com" />
+    <target host="www.jslinterrors.com" />
+
+    <securecookie host="^(www\.)?jslinterrors\.com" name=".+" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Jku.at.xml b/src/chrome/content/rules/Jku.at.xml
new file mode 100644
index 000000000000..0d90eef00c33
--- /dev/null
+++ b/src/chrome/content/rules/Jku.at.xml
@@ -0,0 +1,31 @@
+<ruleset name="Jku.at (partial)">
+	<target host="jku.at" />
+	<target host="www.jku.at" />
+
+	<!-- student services -->
+	<target host="kusss.jku.at" />
+	<target host="www.kusss.jku.at" />
+	<target host="lisss.jku.at" />
+	<target host="moodle.jku.at" />
+	<target host="musss.jku.at" />
+
+	<!-- employee services -->
+	<target host="access.jku.at" />
+	<target host="drive.jku.at" />
+	<target host="ess.jku.at" />
+	<target host="ework.jku.at" />
+	<target host="forms.jku.at" />
+	<target host="groupwise.jku.at" />
+	<target host="intranet.jku.at" />
+	<target host="password.jku.at" />
+
+	<!-- research institutes -->
+	<target host="ins.jku.at" />
+	<target host="www.ins.jku.at" />
+	<target host="mail.ins.jku.at" />
+
+	<!-- misc -->
+	<target host="usi.jku.at" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Jms1.net.xml b/src/chrome/content/rules/Jms1.net.xml
new file mode 100644
index 000000000000..9ddb04aa4d03
--- /dev/null
+++ b/src/chrome/content/rules/Jms1.net.xml
@@ -0,0 +1,10 @@
+<ruleset name="jms1.net">
+
+	<target host="jms1.net" />
+	<target host="qmail.jms1.net" />
+	<target host="www.jms1.net" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/JoCo_Cruise.com.xml b/src/chrome/content/rules/JoCo_Cruise.com.xml
new file mode 100644
index 000000000000..30abbdf5ff68
--- /dev/null
+++ b/src/chrome/content/rules/JoCo_Cruise.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- jococruise.com
+		- www.jococruise.com
+
+-->
+<ruleset name="JoCo Cruise.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="jococruise.com" />
+	<target host="www.jococruise.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?jococruise\.com$" name="^CC_SESSION$" /-->
+
+	<securecookie host="^(?:www\.)?jococruise\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/JobCloud.ch.xml b/src/chrome/content/rules/JobCloud.ch.xml
new file mode 100644
index 000000000000..0174bab69b06
--- /dev/null
+++ b/src/chrome/content/rules/JobCloud.ch.xml
@@ -0,0 +1,17 @@
+<!--
+	Non-functional hosts:
+		Different content:
+		- cdn.jobcloud.ch
+-->
+<ruleset name="JobCloud.ch">
+	<target host="jobcloud.ch" />
+	<target host="www.jobcloud.ch" />
+	<target host="confluence.jobcloud.ch" />
+	<target host="test.confluence.jobcloud.ch" />
+	<target host="img.jobcloud.ch" />
+	<target host="jira.jobcloud.ch" />
+	<target host="test.jira.jobcloud.ch" />
+	<target host="timetracker.jobcloud.ch" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/JobScore.xml b/src/chrome/content/rules/JobScore.xml
index b8697565b636..e823c1966cc7 100644
--- a/src/chrome/content/rules/JobScore.xml
+++ b/src/chrome/content/rules/JobScore.xml
@@ -1,19 +1,40 @@
 <!--	Bucket at d1wh43egtz3cgo.cloudfront.net
+
+
+	Nonfunctional subdomains:
+
+		- blog ¹
+		- status ²
+
+	¹ Tumblr
+	² Pingdom
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .jobscore.com
+.		- www.jobscore.com
+
 -->
-<ruleset name="jobScore (partial)">
+<ruleset name="jobScore.com (partial)">
 
 	<target host="jobscore.com"/>
-	<target host="*.jobscore.com"/>
+	<target host="support.jobscore.com"/>
+	<target host="www.jobscore.com"/>
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.jobscore\.com$" name="^(__cfduid|cf_clearance)$" /-->
+	<!--securecookie host="^www\.jobscore\.com$" name="_jobscore$" /-->
 
-	<securecookie host="^(www\.)?jobscore\.com$" name=".*"/>
+	<securecookie host="^(?:www\.)?jobscore\.com$" name=".+" />
 
-	<rule from="^http://(blog\.|www\.)?jobscore\.com/"
-		to="https://$1jobscore.com/"/>
 
-	<rule from="^http://support\.jobscore\.com/(generated|images|system)/"
-		to="https://support.jobscore.com/$1/"/>
+	<rule from="^http:"
+		to="https:" />
 
-	<rule from="^http://(\w+)\.jobscore\.com/((account_)?stylesheets/|favicon\.ico$|images/)"
-		to="https://$1.jobscore.com/$2"/>
+	<!--rule from="^http://(\w+)\.jobscore\.com/((account_)?stylesheets/|favicon\.ico$|images/)"
+		to="https://$1.jobscore.com/$2"/-->
 
 </ruleset>
diff --git a/src/chrome/content/rules/JobScout24.xml b/src/chrome/content/rules/JobScout24.xml
index 8845ae359281..2813f325ee3a 100644
--- a/src/chrome/content/rules/JobScout24.xml
+++ b/src/chrome/content/rules/JobScout24.xml
@@ -2,5 +2,5 @@
   <target host="jobscout24.de" />
   <target host="www.jobscout24.de" />
 
-  <rule from="^http://(?:www\.)?jobscout24\.de/" to="https://www.jobscout24.de/"/>
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/JobThread-clients.xml b/src/chrome/content/rules/JobThread-clients.xml
deleted file mode 100644
index a8d5f52f48b2..000000000000
--- a/src/chrome/content/rules/JobThread-clients.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	For JobThread proper, see JobThread.xml.
-
--->
-<ruleset name="JobThread clients" default_off="mismatch">
-
-	<!--	Cert: *.jobamatic.com
-					-->
-	<target host="jobs.linux.com" />
-		<!--
-			Handled in Linux.com.xml.
-							-->
-		<exclusion pattern="^http://jobs\.linux\.com/(image|file|partner)s/" />
-
-
-	<rule from="^http://jobs\.linux\.com/"
-		to="https://jobs.linux.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/JobThread.com.xml b/src/chrome/content/rules/JobThread.com.xml
new file mode 100644
index 000000000000..a60985272f91
--- /dev/null
+++ b/src/chrome/content/rules/JobThread.com.xml
@@ -0,0 +1,14 @@
+<!--
+	Non-functional hosts
+		Timeout was reached:
+		- blog.jobthread.com
+
+		4xx client error:
+		- static.jobthread.com
+-->
+<ruleset name="JobThread.com (partial)">
+	<target host="jobthread.com" />
+	<target host="www.jobthread.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/JobThread.xml b/src/chrome/content/rules/JobThread.xml
deleted file mode 100644
index 2c89a410df7d..000000000000
--- a/src/chrome/content/rules/JobThread.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	For clients, see JobThread-clients.xml.
-
-
-	Nonfunctional subdomains:
-
-		- blog	(times out)
-		- static	(refused)
-
--->
-<ruleset name="JobThread">
-
-	<target host="jobthread.com" />
-	<target host="*.jobthread.com" />
-		<exclusion pattern="^http://static\.jobthread\.com/(?!partners/jobthread/images/)" />
-
-
-	<rule from="^http://(?:static\.|(www\.))?jobthread\.com/"
-		to="https://$1jobthread.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Job_a_matic.com.xml b/src/chrome/content/rules/Job_a_matic.com.xml
new file mode 100644
index 000000000000..083a6f006412
--- /dev/null
+++ b/src/chrome/content/rules/Job_a_matic.com.xml
@@ -0,0 +1,51 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.jobamatic.com/ => https://www.jobamatic.com/: (7, 'Failed to connect to www.jobamatic.com port 443: Connection refused')
+Fetch error: http://computerworld.jobamatic.com/ => https://computerworld.jobamatic.com/: (7, 'Failed to connect to computerworld.jobamatic.com port 443: Connection refused')
+Fetch error: http://jobamatic.com/ => https://jobamatic.com/: (7, 'Failed to connect to jobamatic.com port 443: Connection refused')
+
+	For other Simply Hired coverage, see Simply-Hired.xml.
+
+
+	Insecure cookies are set for these domains:
+
+		- .jobamatic.com
+
+
+	Mixed content:
+
+		- Bugs, on:
+
+			- www from pixel.quantserve.com *
+			- www from b.scorecardresearch.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Job a matic.com" default_off="failed ruleset test">
+
+	<target host="jobamatic.com"/>
+	<target host="*.jobamatic.com"/>
+
+		<test url="http://www.jobamatic.com/" />
+
+		<!--	Users:
+				-->
+		<test url="http://computerworld.jobamatic.com/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.jobamatic\.com$" name="^__qca$" /-->
+
+	<securecookie host="^\.jobamatic\.com$" name="^__qca$" />
+	<securecookie host="^www\.jobamatic\.com$" name=".+" />
+
+
+	<!--	clients have unique subdomains
+						-->
+	<rule from="^http://([\w-]+\.)?jobamatic\.com/"
+		to="https://$1jobamatic.com/"/>
+
+</ruleset>
diff --git a/src/chrome/content/rules/Jobat.be.xml b/src/chrome/content/rules/Jobat.be.xml
new file mode 100644
index 000000000000..1e4daaa420a7
--- /dev/null
+++ b/src/chrome/content/rules/Jobat.be.xml
@@ -0,0 +1,15 @@
+<!--
+        Certificate mismatch
+                interactief.jobat.be
+-->
+<ruleset name="Jobat.be">
+        <target host="jobat.be" />
+        <target host="www.jobat.be" />
+        <target host="content.jobat.be" />
+        <target host="job.jobat.be" />
+        <target host="mnt.jobat.be" />
+        <target host="static.jobat.be" />
+        <target host="tools.jobat.be" />
+
+        <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Jobfinder.dk.xml b/src/chrome/content/rules/Jobfinder.dk.xml
new file mode 100644
index 000000000000..653e7cca7cd6
--- /dev/null
+++ b/src/chrome/content/rules/Jobfinder.dk.xml
@@ -0,0 +1,26 @@
+<!--
+	Problematic subdomains:
+
+		- ^ ¹
+		- int ¹
+		- karriere ²
+		- studie ¹
+
+	¹: Not in cert
+	²: Refused
+-->
+<ruleset name="Jobfinder.dk">
+
+	<target host="jobfinder.dk" />
+	<target host="www.jobfinder.dk" />
+
+	<target host="admin.jobfinder.dk" />
+	<target host="recruiter.jobfinder.dk" />
+
+	<rule from="^http://(www\.)?jobfinder\.dk/"
+		to="https://www.jobfinder.dk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Jobindex.dk.xml b/src/chrome/content/rules/Jobindex.dk.xml
deleted file mode 100644
index da64ab081778..000000000000
--- a/src/chrome/content/rules/Jobindex.dk.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="Jobindex.dk (buggy)" default_off="Certificate for tv.jobindex.dk is only valid for *.23video.com (ssl_error_bad_cert_domain)">
-  <target host="jobindex.dk" />
-  <target host="www.jobindex.dk" />
-  <target host="tv.jobindex.dk" />
-  <target host="it.jobindex.dk" />
-
-  <rule from="^http://(www\.)?jobindex\.dk/" to="https://www.jobindex.dk/" />
-  <rule from="^http://tv\.jobindex\.dk/" to="https://tv.jobindex.dk/" />
-  <rule from="^http://it\.jobindex\.dk/" to="https://it.jobindex.dk/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Jobs2Web.xml b/src/chrome/content/rules/Jobs2Web.xml
index 16d56743e60a..dbbf9f1a29c5 100644
--- a/src/chrome/content/rules/Jobs2Web.xml
+++ b/src/chrome/content/rules/Jobs2Web.xml
@@ -1,4 +1,10 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://jobs2web.com/ => https://jobs2web.com/: (51, "SSL: no alternative certificate subject name matches target host name 'jobs2web.com'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://jobs2web.com/ => https://jobs2web.com/: (51, "SSL: no alternative certificate subject name matches target host name 'jobs2web.com'")
 	Fully covered domains:
 
 		- *.jobs2web.com:
@@ -8,13 +14,13 @@
 			- \w+		(per-client subdomains)
 
 -->
-<ruleset name="Jobs2Web">
+<ruleset name="Jobs2Web" default_off="failed ruleset test">
 
 	<target host="jobs2web.com" />
 	<target host="*.jobs2web.com" />
 
 
-	<securecookie host="^(?:.*\.)?jobs2web\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http://([\w-]+\.)?jobs2web\.com/"
diff --git a/src/chrome/content/rules/JobsDB.com.xml b/src/chrome/content/rules/JobsDB.com.xml
new file mode 100644
index 000000000000..613ab7f7242b
--- /dev/null
+++ b/src/chrome/content/rules/JobsDB.com.xml
@@ -0,0 +1,15 @@
+<ruleset name="JobsDB.com">
+	<target host="jobsdb.com" />
+	<target host="www.jobsdb.com" />
+	<target host="employer-sg.jobsdb.com" />
+	<target host="hk.jobsdb.com" />
+	<target host="id.jobsdb.com" />
+	<target host="m.jobsdb.com" />
+	<target host="rms.jobsdb.com" />
+	<target host="sg.jobsdb.com" />
+	<target host="th.jobsdb.com" />
+	
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Jobs_at_OSU.com.xml b/src/chrome/content/rules/Jobs_at_OSU.com.xml
new file mode 100644
index 000000000000..96f5b10e459f
--- /dev/null
+++ b/src/chrome/content/rules/Jobs_at_OSU.com.xml
@@ -0,0 +1,28 @@
+<!--
+	For other Ohio State University coverage, see Ohio-State-University.xml.
+
+
+	^jobsatosu.com: Refused
+
+-->
+<ruleset name="Jobs at OSU.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.jobsatosu.com" />
+
+	<!--	Complications:
+				-->
+	<target host="jobsatosu.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://jobsatosu\.com/"
+		to="https://www.jobsatosu.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Jobsgopublic.com.xml b/src/chrome/content/rules/Jobsgopublic.com.xml
index 9dc71c6a4781..becaf5d906e6 100644
--- a/src/chrome/content/rules/Jobsgopublic.com.xml
+++ b/src/chrome/content/rules/Jobsgopublic.com.xml
@@ -18,10 +18,11 @@
 <ruleset name="jobsgopublic.com (partial)">
 
 	<target host="jobsgopublic.com" />
-	<target host="*.jobsgopublic.com" />
+	<target host="poweredby.jobsgopublic.com" />
+	<target host="www.jobsgopublic.com" />
 
 
 	<rule from="^http://(poweredby\.|www\.)?jobsgopublic\.com/(account(?:$|\?|/)|assets/|icons/|javascripts/|sites/)"
 		to="https://$1jobsgopublic.com/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Jobsite.com.xml b/src/chrome/content/rules/Jobsite.com.xml
index e5c08f81a91c..6ba2be5ba66f 100644
--- a/src/chrome/content/rules/Jobsite.com.xml
+++ b/src/chrome/content/rules/Jobsite.com.xml
@@ -1,10 +1,16 @@
-<ruleset name="Jobsite.com">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://jobsite.com/ => https://jobsite.com/: (51, "SSL: no alternative certificate subject name matches target host name 'jobsite.com'")
+Fetch error: http://www.jobsite.com/ => https://www.jobsite.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.jobsite.com'")
+
+-->
+<ruleset name="Jobsite.com" default_off="failed ruleset test">
 
 	<target host="jobsite.com" />
 	<target host="www.jobsite.com" />
 
 
-	<rule from="^http://(www\.)?jobsite\.com/"
-		to="https://$1jobsite.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Jobvite.xml b/src/chrome/content/rules/Jobvite.xml
index bfd11e87bd9b..85dea3f4d7b0 100644
--- a/src/chrome/content/rules/Jobvite.xml
+++ b/src/chrome/content/rules/Jobvite.xml
@@ -1,33 +1,87 @@
+
 <!--
+
 	Nonfunctional subdomains:
 
-		- autodiscover *
-		- blog
-		- owa *
-		- recruiting
-		- web		(redirects to app-a.marketo.com; mismatched, CN: *.marketo.com)
+		- blog *
+		- web ³
+
+	³ Certificate for Marketo, 403 errors
+	* Certificate expired
+
+	Insecure cookies are set for these domains:
+
+		- jobvite.com
+		- app.jobvite.com
+		- hire-stg.jobvite.com
+		- recruiting.jobvite.com
+		- source-stg.jobvite.com
+		- www.jobvite.com
+		- www-stg.jobvite.com
+
 
-	* Data differ between http & https
+	Mixed content:
+
+		- css on www from 1u7p3g2igrbh4643ym2ty7va-wpengine.netdna-ssl.com * ˢ
+
+		- Images, on:
+
+			- www from 1u7p3g2igrbh4643ym2ty7va-wpengine.netdna-ssl.com ˢ
+			- www from adamhyderdev.wpengine.com
+
+	* Only fonts
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
 <ruleset name="Jobvite (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="jobvite.com" />
-	<target host="*.jobvite.com" />
+	<target host="app.jobvite.com" />
+	<target host="app-stg.jobvite.com" />
+	<target host="careers.jobvite.com" />
+	<target host="hire.jobvite.com" />
+	<target host="hire-stg.jobvite.com" />
+	<target host="jobs.jobvite.com" />
+	<target host="jobs-stg.jobvite.com" />
+	<target host="recruiting.jobvite.com" />
+	<target host="search.jobvite.com" />
+	<target host="source.jobvite.com" />
+	<target host="source-stg.jobvite.com" />
+	<target host="www.jobvite.com" />
+	<target host="www-stg.jobvite.com" />
+
+		<!--	Redirect to http:
+						-->
+		<exclusion pattern="^http://app\.jobvite\.com/CompanyJobs/Careers\.aspx" />
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="^http://app\.jobvite\.com/(?!TalentNetwork/action/campaign/w/|admin/info/timeout\.html|login/jvlogin\.aspx)" /-->
 
+			<!--	+ve:
+					-->
+			<test url="http://app.jobvite.com/CompanyJobs/Careers.aspx" />
 
-	<securecookie host="^(?!hire(?:-stg)?\.)(?:.+\.)?jobvite\.com$" name=".*" />
+			<!--	-ve:
+					-->
+			<test url="http://app.jobvite.com/login/jvlogin.aspx" />
+			<test url="http://app.jobvite.com/admin/info/timeout.html" />
+			<test url="http://app.jobvite.com/TalentNetwork/action/campaign/w/MjUzODA" />
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:app\.)?jobvite\.com$" name="(?:^ADRUM_BT[a1]|AWSELB|ASP\.NET_SessionId)$" /-->
+	<!--securecookie host="^(?:app|www)-stg\.jobvite\.com$" name="(?:AWSELB|ASP\.NET_SessionId)$" /-->
+	<!--securecookie host="^(?:source|hire)-stg\.jobvite\.com$" name="^AWSELB$" /-->
+	<!--securecookie host="^(?:recruiting|www)\.jobvite\.com$" name="^X-Mapping" /-->
 
-	<rule from="^http://((?:careers|demo|search|source|source-stg|www|www-stg)\.)?jobvite\.com/"
-		to="https://$1jobvite.com/" />
+	<securecookie host="^\." name="^(?:_ga|optimizely)" />
+	<securecookie host="^(?!web\.)\w" name=".+" />
 
-	<!--	Some pages 302 to http.
-							-->
-	<rule from="^http://hire(-stg)?\.jobvite\.com/([\w/]+\.css$|CompanyJobs/Careers\.aspx|favicon\.ico|images2/|Login/|logo/)"
-		to="https://hire$1.jobvite.com/$2" />
 
-	<rule from="^https?://web\.jobvite\.com/(cs|image|rs)s/"
-		to="https://na-a.marketo.com/$1s/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Jobware.de.xml b/src/chrome/content/rules/Jobware.de.xml
new file mode 100644
index 000000000000..02278fd51f10
--- /dev/null
+++ b/src/chrome/content/rules/Jobware.de.xml
@@ -0,0 +1,4 @@
+<ruleset name="Jobware.de">
+<target host="www.jobware.de" />
+<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Jobzonen.xml b/src/chrome/content/rules/Jobzonen.xml
new file mode 100644
index 000000000000..60faf01c6df8
--- /dev/null
+++ b/src/chrome/content/rules/Jobzonen.xml
@@ -0,0 +1,29 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://jobzonen.dk/ => https://www.jobzonen.dk/: (6, 'Could not resolve host: www.jobzonen.dk')
+Fetch error: http://www.jobzonen.dk/ => https://www.jobzonen.dk/: (6, 'Could not resolve host: www.jobzonen.dk')
+Fetch error: http://arbejdsgiver.jobzonen.dk/ => https://arbejdsgiver.jobzonen.dk/: (6, 'Could not resolve host: arbejdsgiver.jobzonen.dk')
+
+	Note: https://jobzonen.dk (without the www) redirects to its http counterpart.
+
+	Not included:
+		kursuszonen.dk (cert expired)
+		analytics.clickdimensions.com/ (used for newsletter)¹
+		business.jobzonen.dk (bad cert)
+
+	¹: This can be salvaged by creating a rule for this domain but still
+           fails as mixed content. Interestingly, the same problem does not
+	   occur on arbejdsgiver.jobzonen.dk.
+-->
+<ruleset name="Jobzonen (partial)" platform="mixedcontent" default_off="failed ruleset test">
+	<target host="jobzonen.dk" />
+	<target host="www.jobzonen.dk" />
+	<target host="arbejdsgiver.jobzonen.dk" />
+
+	<rule from="^http://(www\.)?jobzonen\.dk/"
+		to="https://www.jobzonen.dk/"/>
+
+	<rule from="^http://arbejdsgiver\.jobzonen\.dk/"
+		to="https://arbejdsgiver.jobzonen.dk/"/>
+</ruleset>
diff --git a/src/chrome/content/rules/Jochen-Hoenicke.de.xml b/src/chrome/content/rules/Jochen-Hoenicke.de.xml
new file mode 100644
index 000000000000..6dcab503e60c
--- /dev/null
+++ b/src/chrome/content/rules/Jochen-Hoenicke.de.xml
@@ -0,0 +1,13 @@
+<ruleset name="Jochen-Hoenicke.de">
+
+	<target host="jochen-hoenicke.de" />
+	<target host="www.jochen-hoenicke.de" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Jodel-app.com.xml b/src/chrome/content/rules/Jodel-app.com.xml
new file mode 100644
index 000000000000..1d8af93f336a
--- /dev/null
+++ b/src/chrome/content/rules/Jodel-app.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Jodel-app.com">
+	<target host="jodel-app.com" />
+	<target host="www.jodel-app.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/JodoHost.xml b/src/chrome/content/rules/JodoHost.xml
index cf4f2cbd815f..70b490782779 100644
--- a/src/chrome/content/rules/JodoHost.xml
+++ b/src/chrome/content/rules/JodoHost.xml
@@ -7,7 +7,8 @@
 <ruleset name="JodoHost (partial)">
 
 	<target host="cp.gohsphere.com" />
-	<target host="*.jodohost.com" />
+	<target host="support.jodohost.com" />
+	<target host="www.support.jodohost.com" />
 	<target host="lcsrv1.myhsphere.biz" />
 
 
@@ -15,13 +16,6 @@
 	<securecookie host="^lcsrv1\.myhsphere\.biz$" name=".+" />
 
 
-	<rule from="^http://cp\.gohsphere\.com/"
-		to="https://cp.gohsphere.com/" />
+	<rule from="^http:" to="https:" />
 
-	<rule from="^http://(www\.)?support\.jodohost\.com/"
-		to="https://$1support.jodohost.com/" />
-
-	<rule from="^http://lcsrv1\.myhsphere\.biz/"
-		to="https://lcsrv1.myhsphere.biz/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/JoeBradford.net.xml b/src/chrome/content/rules/JoeBradford.net.xml
new file mode 100644
index 000000000000..2068405d9b70
--- /dev/null
+++ b/src/chrome/content/rules/JoeBradford.net.xml
@@ -0,0 +1,8 @@
+<ruleset name="JoeBradford.net">
+	<target host="joebradford.net" />
+	<target host="www.joebradford.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/JoeRockHeads.com.xml b/src/chrome/content/rules/JoeRockHeads.com.xml
new file mode 100644
index 000000000000..d24941e26861
--- /dev/null
+++ b/src/chrome/content/rules/JoeRockHeads.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="JoeRockHeads.com">
+	<target host="joerockheads.com" />
+	<target host="www.joerockheads.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/JoeyH.name.xml b/src/chrome/content/rules/JoeyH.name.xml
index 7d7fdddaf774..7809cc304e6a 100644
--- a/src/chrome/content/rules/JoeyH.name.xml
+++ b/src/chrome/content/rules/JoeyH.name.xml
@@ -10,7 +10,6 @@
 	<securecookie host="^joeyh\.name$" name=".+" />
 
 
-	<rule from="^http://joeyh\.name/"
-		to="https://joeyh.name/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Jogorama.com.br.xml b/src/chrome/content/rules/Jogorama.com.br.xml
new file mode 100644
index 000000000000..f5c7154bbfc2
--- /dev/null
+++ b/src/chrome/content/rules/Jogorama.com.br.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- jogorama.com.br
+
+-->
+<ruleset name="Jogorama.com.br">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="jogorama.com.br" />
+	<target host="www.jogorama.com.br" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^jogorama\.com\.br$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^jogorama\.com\.br$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/JohnRennie.net.xml b/src/chrome/content/rules/JohnRennie.net.xml
new file mode 100644
index 000000000000..f39d8adb2c8e
--- /dev/null
+++ b/src/chrome/content/rules/JohnRennie.net.xml
@@ -0,0 +1,9 @@
+<ruleset name="John Rennie.net">
+
+	<target host="johnrennie.net" />
+	<target host="www.johnrennie.net" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Johnlewis.ie.xml b/src/chrome/content/rules/Johnlewis.ie.xml
new file mode 100644
index 000000000000..b176c3eb2905
--- /dev/null
+++ b/src/chrome/content/rules/Johnlewis.ie.xml
@@ -0,0 +1,12 @@
+<ruleset name="johnlewis.ie">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="johnlewis.ie" />
+	<target host="www.johnlewis.ie" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Johns_Hopkins.edu.xml b/src/chrome/content/rules/Johns_Hopkins.edu.xml
new file mode 100644
index 000000000000..fb67ccae0a1e
--- /dev/null
+++ b/src/chrome/content/rules/Johns_Hopkins.edu.xml
@@ -0,0 +1,80 @@
+<!--
+	For other Johns Hopkins University coverage, see The_Johns_Hopkins_University.xml.
+
+
+	Nonfunctional hosts in *johnshopkins.edu:
+
+		- esgwebproxy ᵃ
+
+	ᵃ 200 "not configured"
+
+
+	Problematic hosts in *johnshopkins.edu:
+
+		- www.it ᵐ
+		- www ᵈ
+
+	ᵈ Dropped
+	ᵐ Mismatched
+
+
+	^johnshopkins.edu doesn't exist.
+
+
+	Insecure cookies are set for these hosts:
+
+		- login.johnshopkins.edu
+		- portalcontent.johnshopkins.edu
+
+
+	Mixed content:
+
+		- Images on it.johnshopkins.edu from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Johns Hopkins.edu (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="activtracker.johnshopkins.edu" />
+	<target host="e210.johnshopkins.edu" />
+	<target host="ess.erp.johnshopkins.edu" />
+	<target host="it.johnshopkins.edu" />
+	<target host="login.johnshopkins.edu" />
+	<target host="my.johnshopkins.edu" />
+	<target host="portal.johnshopkins.edu" />
+	<target host="portalcontent.johnshopkins.edu" />
+	<target host="web1.johnshopkins.edu" />
+
+	<!--	Complications:
+				-->
+	<target host="www.it.johnshopkins.edu" />
+	<target host="www.johnshopkins.edu" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^login\.johnshopkins\.edu$" name="SMMobileCookieTest" /-->
+	<!--securecookie host="^portalcontent\.johnshopkins\.edu$" name="^(CFID|CFTOKEN)$" /-->
+
+	<securecookie host="^\." name="^_gat?$" />
+	<securecookie host="^(?!\.johnshopkins\.edu$)." name=".+" />
+
+
+	<rule from="^http://www\.it\.johnshopkins\.edu/"
+		to="https://it.johnshopkins.edu/" />
+
+	<!--	Redirect drops forward
+		slash path, and args:
+					-->
+	<rule from="^http://www\.johnshopkins\.edu/.*"
+		to="https://www.jhu.edu/" />
+
+		<test url="http://www.johnshopkins.edu/admissions/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Johnson-King.xml b/src/chrome/content/rules/Johnson-King.xml
index 93635c50914a..4aa99a68638d 100644
--- a/src/chrome/content/rules/Johnson-King.xml
+++ b/src/chrome/content/rules/Johnson-King.xml
@@ -1,10 +1,10 @@
-<ruleset name="Johnson King" default_off="mismatch">
+<ruleset name="Johnson King" default_off="mismatched">
 
 	<!--	hostcentric.com	-->
 	<target host="johnsonking.com"/>
-	<target host="*.johnsonking.com"/>
+	<target host="www.johnsonking.com" />
 
-	<securecookie host="^(.*\.)?johnsonking\.com$" name=".*"/>
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http://(?:www\.)?johnsonking\.com/"
 		to="https://www.johnsonking.com/"/>
diff --git a/src/chrome/content/rules/Johnson_Press.xml b/src/chrome/content/rules/Johnson_Press.xml
index ac3bc7e44f11..8eb6fcfd3193 100644
--- a/src/chrome/content/rules/Johnson_Press.xml
+++ b/src/chrome/content/rules/Johnson_Press.xml
@@ -1,11 +1,18 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://remote.jpress.co.uk/ => https://remote.jpress.co.uk/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://secure.johnstonpress.co.uk/ => https://secure.johnstonpress.co.uk/: (28, 'Operation timed out after 0 milliseconds with 0 out of 0 bytes received')
+Fetch error: http://remote.jpress.co.uk/ => https://remote.jpress.co.uk/: (28, 'Operation timed out after 0 milliseconds with 0 out of 0 bytes received')
 	Nonfunctional domains:
 
 		- johnstonpress.co.uk		(mismatched, CN: mobilecontrol.jpress.co.uk)
 		- www.johnstonpress.co.uk	(refused)
 
 -->
-<ruleset name="Johnson Press (partial)">
+<ruleset name="Johnson Press (partial)" default_off="failed ruleset test">
 
 	<target host="secure.johnstonpress.co.uk" />
 	<target host="remote.jpress.co.uk" />
@@ -14,10 +21,6 @@
 	<securecookie host="^mobilecontrol\.jpress\.co\.uk$" name=".+" />
 
 
-	<rule from="^http://secure\.johnstonpress\.co\.uk/"
-		to="https://secure.johnstonpress.co.uk/" />
-
-	<rule from="^http://remote\.jpress\.co\.uk/"
-		to="https://remote.jpress.co.uk/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Johoobuy.com.xml b/src/chrome/content/rules/Johoobuy.com.xml
new file mode 100644
index 000000000000..a807d7fc0859
--- /dev/null
+++ b/src/chrome/content/rules/Johoobuy.com.xml
@@ -0,0 +1,26 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://johoobuy.com/ => https://www.johoobuy.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.johoobuy.com/ => https://www.johoobuy.com/: (28, 'Connection timed out after 20000 milliseconds')
+
+	^: dropped
+
+-->
+<ruleset name="Johoobuy.com" default_off="failed ruleset test">
+
+	<target host="johoobuy.com" />
+	<target host="www.johoobuy.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.johoobuy\.com$" name="^edm_show$" /-->
+
+	<securecookie host="^www\.johoobuy\.com$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?johoobuy\.com/"
+		to="https://www.johoobuy.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Joico.com.xml b/src/chrome/content/rules/Joico.com.xml
new file mode 100644
index 000000000000..f361ddfd4745
--- /dev/null
+++ b/src/chrome/content/rules/Joico.com.xml
@@ -0,0 +1,17 @@
+<!--
+	Invalid certificate:
+		- m.joico.com
+		- moblie.joico.com
+-->
+
+<ruleset name="Joico.com">
+	<target host="joico.com" />
+	<target host="www.joico.com" />
+	<target host="healthyhair.joico.com" />
+	<target host="hub.joico.com" />
+	<target host="imagequest.joico.com" />
+	<target host="mail.joico.com" />
+	<target host="rewards.joico.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Join.TV.xml b/src/chrome/content/rules/Join.TV.xml
index 2829cf43c15a..7980daaef8b1 100644
--- a/src/chrome/content/rules/Join.TV.xml
+++ b/src/chrome/content/rules/Join.TV.xml
@@ -1,13 +1,12 @@
 <ruleset name="Join.TV">
 
 	<target host="join.tv" />
-	<target host="*.join.tv" />
+	<target host="www.join.tv" />
 
 
 	<securecookie host="^(?:www)?\.join\.tv$" name=".+" />
 
 
-	<rule from="^http://(www\.)?join\.tv/"
-		to="https://$1join.tv/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Join.me.xml b/src/chrome/content/rules/Join.me.xml
new file mode 100644
index 000000000000..27d0d2797f61
--- /dev/null
+++ b/src/chrome/content/rules/Join.me.xml
@@ -0,0 +1,50 @@
+<!--
+	For problematic rules, see LogMeIn-mismatches.xml.
+
+	For other LogMeIn coverage, see LogMeIn_Inc.com.xml.
+
+
+	Problematic hosts in *join.me:
+
+		- blog *
+
+	* Mismatched
+
+
+	Fully covered hosts in *join.me:
+
+		- (www.)?
+		- secure
+
+
+	These altnames don't exist:
+
+		- cms.join.me
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- join.me
+		- .join.me
+		- secure.join.me
+
+-->
+<ruleset name="join.me (partial)">
+
+	<target host="join.me" />
+	<target host="secure.join.me" />
+	<target host="www.join.me" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(secure\.)?join\.me$" name="^trackingV2$" /-->
+	<!--securecookie host="^\.join\.me$" name="^(LMIorigin|lang)$" /-->
+
+	<securecookie host="^(?:secure\.)?join\.me$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/JoinMastodon.org.xml b/src/chrome/content/rules/JoinMastodon.org.xml
new file mode 100644
index 000000000000..bd405f3c8cb8
--- /dev/null
+++ b/src/chrome/content/rules/JoinMastodon.org.xml
@@ -0,0 +1,11 @@
+<ruleset name="JoinMastodon.org">
+	<target host="joinmastodon.org" />
+	<target host="www.joinmastodon.org" />
+	<target host="blog.joinmastodon.org" />
+	<target host="bridge.joinmastodon.org" />
+	<target host="discourse.joinmastodon.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/JoinUs.Today.xml b/src/chrome/content/rules/JoinUs.Today.xml
new file mode 100644
index 000000000000..ecab144ff789
--- /dev/null
+++ b/src/chrome/content/rules/JoinUs.Today.xml
@@ -0,0 +1,18 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://joinus.today/ => https://joinus.today/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.joinus.today/ => https://www.joinus.today/: (60, 'SSL certificate problem: certificate has expired')
+
+	For other TransIP coverage, see TransIP.nl.xml.
+
+-->
+<ruleset name="JoinUs.Today" default_off="failed ruleset test">
+
+	<target host="joinus.today" />
+	<target host="www.joinus.today" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Joinos.com.xml b/src/chrome/content/rules/Joinos.com.xml
new file mode 100644
index 000000000000..19c425800053
--- /dev/null
+++ b/src/chrome/content/rules/Joinos.com.xml
@@ -0,0 +1,36 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://joinos.com/ => https://joinos.com/: (60, 'SSL certificate problem: self signed certificate')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://joinos.com/ => https://joinos.com/: (7, 'Failed to connect to joinos.com port 443: No route to host')
+	These altnames don't exist:
+
+		- autodiscover.joinos.com
+		- mail.joinos.com
+		- owa.joinos.com
+		- pay.joinos.com
+
+-->
+<ruleset name="Joinos.com" default_off="failed ruleset test">
+
+	<target host="joinos.com" />
+	<target host="my.joinos.com" />
+	<target host="www.joinos.com" />
+
+
+	<!--	Secured by server:
+					-->
+	<!--securecookie host="^my\.joinos\.com$" name="^sessionid$" /-->
+	<!--
+		Not secured by server:
+					-->
+	<!--securecookie host="^my\.joinos\.com$" name="^csrftoken$" /-->
+
+	<securecookie host="^my\.joinos\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Joker.com.xml b/src/chrome/content/rules/Joker.com.xml
new file mode 100644
index 000000000000..bacbaa692280
--- /dev/null
+++ b/src/chrome/content/rules/Joker.com.xml
@@ -0,0 +1,30 @@
+<!--
+	Invalid certificate:
+		whois.ote.joker.com
+		rpanel.joker.com
+		ote.rpanel-next.joker.com
+		service.joker.com
+
+	Time out:
+		parkingpage.joker.com
+		tel.joker.com
+
+	No working URL known:
+		tracking.joker.com
+
+-->
+<ruleset name="Joker.com">
+
+	<target host="joker.com" />
+	<target host="www.joker.com" />
+	<target host="api.joker.com" />
+	<target host="blog.joker.com" />
+	<target host="dmapi.joker.com" />
+	<target host="www.ote.joker.com" />
+	<target host="dmapi.ote.joker.com" />
+	<target host="rcp.joker.com" />
+	<target host="svc.joker.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Joker.xml b/src/chrome/content/rules/Joker.xml
deleted file mode 100644
index c7e7ef76383d..000000000000
--- a/src/chrome/content/rules/Joker.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="Joker">
-  <target host="*.joker.com" />
-  <target host="joker.com" />
-
-  <rule from="^http://([^/:@]*\.)?joker\.com/" to="https://$1joker.com/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/Jolexa.net.xml b/src/chrome/content/rules/Jolexa.net.xml
index f0feec5ebfb8..2dec7998678b 100644
--- a/src/chrome/content/rules/Jolexa.net.xml
+++ b/src/chrome/content/rules/Jolexa.net.xml
@@ -1,11 +1,21 @@
-<ruleset name="jolexa.net (partial)" default_off="mismatch" platform="cacert">
+<!--
+	Secure connection failed:
+		www.blog.jolexa.net
+		libertas.jolexa.net
 
-	<target host="jolexa.net"/>
-	<target host="*.jolexa.net"/>
+	Invalid certificate:
+		luna.jolexa.net
 
-	<securecookie host="^(.*\.)?jolexa\.net$" name=".*"/>
+-->
+<ruleset name="jolexa.net">
 
-	<rule from="^http://(\w+\.)?jolexa\.net/"
-		to="https://$1jolexa.net/"/>
+	<target host="jolexa.net" />
+	<target host="www.jolexa.net" />
+	<target host="blog.jolexa.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Jolla.com.xml b/src/chrome/content/rules/Jolla.com.xml
index 3866f0439a8d..871021402439 100644
--- a/src/chrome/content/rules/Jolla.com.xml
+++ b/src/chrome/content/rules/Jolla.com.xml
@@ -1,21 +1,26 @@
-<!--
-	Fully covered subdomains:
-
-		- (www.)
-		- account
-		- join
-
--->
 <ruleset name="Jolla.com">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="jolla.com" />
-	<target host="*.jolla.com" />
+	<target host="account.jolla.com" />
+	<target host="blog.jolla.com" />
+	<target host="cdn.jolla.com" />
+	<target host="harbour.jolla.com" />
+	<target host="join.jolla.com" />
+	<target host="shop.jolla.com" />
+	<target host="together.jolla.com" />
+	<target host="www.jolla.com" />
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^harbour\.jolla\.com$" name="^(AWSELB|connect\.sid)$" /-->
 
-	<securecookie host="^(?:.*\.)?jolla\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://((?:account|join|www)\.)?jolla\.com/"
-		to="https://$1jolla.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/JonDos.xml b/src/chrome/content/rules/JonDos.xml
index 2253c2a4f7a7..01d6d2894af8 100644
--- a/src/chrome/content/rules/JonDos.xml
+++ b/src/chrome/content/rules/JonDos.xml
@@ -1,10 +1,18 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://jondos.org/ => https://jondos.org/: (7, 'Failed to connect to jondos.org port 443: Connection refused')
+Fetch error: http://www.jondos.org/ => https://www.jondos.org/: (7, 'Failed to connect to www.jondos.org port 443: Connection refused')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://jondos.org/ => https://jondos.org/: (7, 'Failed to connect to jondos.org port 80: Connection refused')
+Fetch error: http://www.jondos.org/ => https://www.jondos.org/: (7, 'Failed to connect to www.jondos.org port 80: Connection refused')
 	Other JonDos rulesets:
 
 		- IP_check.xml
 
 -->
-<ruleset name="JonDos">
+<ruleset name="JonDos" default_off="failed ruleset test">
 
 	<target host="anonymous-proxy-servers.net"/>
 	<target host="*.anonymous-proxy-servers.net"/>
@@ -13,7 +21,7 @@
 	<target host="jondos.org"/>
 	<target host="www.jondos.org"/>
 
-	<securecookie host="^(.*\.)?anonym(ous-proxy-servers\.net|-surfen\.de)$" name=".*"/>
+	<securecookie host="^(?:.*\.)?anonym(?:ous-proxy-servers\.net|-surfen\.de)$" name=".+" />
 
 	<!--	alias for anonymous-proxy-servers.net, but !shop & !storage/	-->
 	<rule from="^http://(www\.)?anonym-surfen\.de/"
diff --git a/src/chrome/content/rules/Jonathan_Mayer.org.xml b/src/chrome/content/rules/Jonathan_Mayer.org.xml
new file mode 100644
index 000000000000..6ee73cd1e149
--- /dev/null
+++ b/src/chrome/content/rules/Jonathan_Mayer.org.xml
@@ -0,0 +1,9 @@
+<ruleset name="Jonathan Mayer.org">
+
+	<target host="jonathanmayer.org" />
+	<target host="www.jonathanmayer.org" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Joomag.com.xml b/src/chrome/content/rules/Joomag.com.xml
new file mode 100644
index 000000000000..7906ae8c1d19
--- /dev/null
+++ b/src/chrome/content/rules/Joomag.com.xml
@@ -0,0 +1,38 @@
+<!--
+	CDN buckets:
+
+		- d25ow0ysq5ykrj.cloudfront.net
+
+			- static
+
+
+	Nonfunctional subdomains:
+
+		- blog ¹
+		- support ²
+
+	¹ Default page
+	² Blank page
+
+-->
+<ruleset name="Joomag.com (partial)">
+
+	<target host="joomag.com" />
+	<target host="s1.joomag.com" />
+	<target host="www.joomag.com" />
+	<target host="static.joomag.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.joomag\.com$" name="^PHP_JOOMAG_SESSION$" /-->
+
+	<securecookie host="^\.joomag\.com$" name=".+" />
+
+
+
+	<rule from="^http://static\.joomag\.com/"
+		to="https://d25ow0ysq5ykrj.cloudfront.net/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/JoomlArt.com.xml b/src/chrome/content/rules/JoomlArt.com.xml
index d820638b25e2..0cfc9664ec1d 100644
--- a/src/chrome/content/rules/JoomlArt.com.xml
+++ b/src/chrome/content/rules/JoomlArt.com.xml
@@ -15,11 +15,12 @@
 <ruleset name="JoomlArt.com (partial)">
 
 	<target host="joomlart.com" />
-	<target host="*.joomlart.com" />
+	<target host="asset.joomlart.com" />
+	<target host="www.joomlart.com" />
 		<exclusion pattern="^http://(?:www\.)?joomlart\.com/(?!favicon\.ico|images/|media/|member(?:$|[?/])|modules/|plugins/|t3-assets/|templates/)" />
 
 
 	<rule from="^http://(?:asset\.|(www\.))?joomlart\.com/"
 		to="https://$1joomlart.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Joomla.xml b/src/chrome/content/rules/Joomla.xml
index 2265d366f483..7eecaed710b0 100644
--- a/src/chrome/content/rules/Joomla.xml
+++ b/src/chrome/content/rules/Joomla.xml
@@ -9,50 +9,158 @@
 
 	Nonfunctional subdomains:
 
-		- (www.) *
-		- api *
-		- cdn		(404, CN edgecastcdn.net)
-		- community *
-		- docs *
-		- demo **
-		- developer **
-		- events *
+		- code ²
+		- developer ³
+		- forum ²
+		- framework ³
+		- ideas ⁴
+		- issues ³
+		- people ⁵
+
+	¹ 404, NetDNA
+	² Dropped
+	³ Shows default page
+	⁴ Uservoice
+	⁵ Refused
+
+
+	Problematic subdomains:
+
 		- forum *
-		- magazine *
-		- people	(refused)
-		- resources *
-		- shop *
-		- ux *
 
-	* Dropped
-	** http reply
+	* Tor users blocked by CloudFlare settings; mismatched, CN: ssl2000.cloudflare.com
 
 
 	Partially covered subdomains:
 
-		- extensions	(some pages redirect to http)
+		- extensions *
 
+	* Some pages redirect to http
 
-	joomla.uservoice.com redirects back to ideas.joomla.org
 
--->
-<ruleset name="Joomla (partial)">
+	Fully covered subdomains:
+
+		- (www.)?
+		- api
+		- cdn
+		- community
+		- conference
+		- demo
+		- docs
+		- events
+		- magazine
+		- resources
+		- shop
+		- ux
+		- vel
+
+
+	These altnames don't exist:
+
+		- www.cdn.joomla.org
+
+
+	Insecure cookies are set for these domains:
+
+		- .joomla.org
+		- community.joomla.org
+		- .demo.joomla.org
+		- events.joomla.org
+		- magazine.joomla.org
+		- resources.joomla.org
+		- shop.joomla.org
+		- vel.joomla.org
+		- www.joomla.org
+
+
+	Mixed content:
+
+		- css, on:
 
-	<target host="*.joomla.org" />
+			- magazine, resources, shop, vel from fonts.googleaps.com ¹
+			- vel from $self ¹
+
+		- Fonts on resources, vel from fonts.gstatic.com
+
+		- Images, on:
+
+			- community from $self ¹
+			- community, magazine, www from cdn ¹
+			- community from vel ¹
+
+		- Ads/bugs, on:
+
+			- www from www.arvixe.com ¹
+			- www from assets.pinterest.com ¹
+
+	¹ Secured by us
+
+-->
+<ruleset name="Joomla.org (partial)">
+
+	<target host="joomla.org" />
+	<target host="api.joomla.org" />
+	<target host="cdn.joomla.org" />
+	<target host="community.joomla.org" />
+	<target host="conference.joomla.org" />
+	<target host="demo.joomla.org" />
+	<target host="docs.joomla.org" />
+	<target host="events.joomla.org" />
+	<target host="extensions.joomla.org" />
+	<target host="ideas.joomla.org" />
+	<target host="magazine.joomla.org" />
+	<target host="resources.joomla.org" />
+	<target host="shop.joomla.org" />
+	<target host="ux.joomla.org" />
+	<target host="vel.joomla.org" />
+	<target host="www.joomla.org" />
 		<!--
-			Started redirecting to http:
+			extensions.joomla.org itself is a redirect loop
 							-->
-		<!--exclusion pattern="^http://extensions\.joomla\.org/+($|\?|(component|extensions)($|[?/]))" /-->
-		<!--exclusion pattern="^http://extensions\.joomla\.org/+(?!components/|favicon\.ico|images/|modules/|templates/)" /-->
+		<!--exclusion pattern="^http://extensions\.joomla\.org/+(?:$|\?|(?:component|extensions)(?:$|[?/]))" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://extensions\.joomla\.org/+(?!components/|favicon\.ico|images/|modules/|templates/)" />
+
+			<test url="http://extensions.joomla.org/blog" />
+			<test url="http://extensions.joomla.org/extension" />
+			<test url="http://extensions.joomla.org/extension/jfusion" />
+			<test url="http://extensions.joomla.org/extension/slider" />
+			<test url="http://extensions.joomla.org/extensions/extension" />
+			<test url="http://extensions.joomla.org/tags/polls" />
+			<test url="http://extensions.joomla.org/tags/time" />
+
+			<!--	-ve:
+					-->
+			<test url="http://extensions.joomla.org/favicon.ico" />
+
+		<exclusion pattern="^http://ideas\.joomla\.org/(?!track\.gif)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://ideas.joomla.org/forums" />
+			<test url="http://ideas.joomla.org/signin" />
+
+			<!--	-ve:
+					-->
+			<test url="http://ideas.joomla.org/track.gif" />
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.joomla\.org$" name="^__cfduid$" /-->
+	<!--securecookie host="(community|events|magazine|resources|shop|vel|www)\.joomla\.org$" name="^[\da-f]{32}$" /-->
+	<!--securecookie host="\.demo\.joomla\.org$" name="^PHPSESSID$" /-->
 
 	<!--securecookie host=".*\.joomla\.org$" name=".+" /-->
+	<securecookie host="(?:community|events|magazine|resources|shop|vel|www)\.joomla\.org$" name=".+" />
 
 
-	<rule from="^http://extensions\.joomla\.org/(?!$|\?|(?:component|extensions)(?:$|[?/]))"
-		to="https://extensions.joomla.org/" />
+	<rule from="^http://ideas\.joomla\.org/"
+		to="https://joomla.uservoice.com/" />
 
-	<rule from="^http://ideas\.joomla\.org/track\.gif"
-		to="https://joomla.uservoice.com/track.gif" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/JoomlaCode.org.xml b/src/chrome/content/rules/JoomlaCode.org.xml
index 9e7b1133a332..6828e8486f88 100644
--- a/src/chrome/content/rules/JoomlaCode.org.xml
+++ b/src/chrome/content/rules/JoomlaCode.org.xml
@@ -18,4 +18,4 @@
 	<rule from="^http://(?:www\.)?joomlacode\.org/"
 		to="https://joomlacode.org/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Joomlancers.com.xml b/src/chrome/content/rules/Joomlancers.com.xml
index d819b250d474..eb7a00479f7a 100644
--- a/src/chrome/content/rules/Joomlancers.com.xml
+++ b/src/chrome/content/rules/Joomlancers.com.xml
@@ -1,18 +1,11 @@
 <!--
-	- Expired 2011-02-23
-	- CN: localhost.localdomain
-
+	Time out:
+		dev.joomlancers.com
 -->
-<ruleset name="Joomlancers.com" default_off="expired, self-signed">
-
+<ruleset name="joomlancers.com">
 	<target host="joomlancers.com" />
 	<target host="www.joomlancers.com" />
+	<target host="blog.joomlancers.com" />
 
-
-	<securecookie host="^www\.joomlancers\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?joomlancers\.com/"
-		to="https://www.joomlancers.com/" />
-
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Joppix.com.xml b/src/chrome/content/rules/Joppix.com.xml
deleted file mode 100644
index a24653286a1a..000000000000
--- a/src/chrome/content/rules/Joppix.com.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="joppix.com">
-
-	<target host="joppix.com" />
-	<target host="www.joppix.com" />
-
-
-	<securecookie host="^(?:www\.)?joppix\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?joppix\.com/"
-		to="https://$1joppix.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Josefsson.org.xml b/src/chrome/content/rules/Josefsson.org.xml
new file mode 100644
index 000000000000..38a8ee8db1b2
--- /dev/null
+++ b/src/chrome/content/rules/Josefsson.org.xml
@@ -0,0 +1,15 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+			 - chat.josefsson.org
+			 - hamster.josefsson.org
+			 - kniv.josefsson.org
+-->
+<ruleset name="Josefsson.org">
+	<target host="josefsson.org" />
+	<target host="www.josefsson.org" />
+	<target host="blog.josefsson.org" />
+	<target host="xn--rksmrgs-5wao1o.josefsson.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Joseph-Rowntree-Reform-Trust-mismatches.xml b/src/chrome/content/rules/Joseph-Rowntree-Reform-Trust-mismatches.xml
index 424263c8f173..9b79fcd70d02 100644
--- a/src/chrome/content/rules/Joseph-Rowntree-Reform-Trust-mismatches.xml
+++ b/src/chrome/content/rules/Joseph-Rowntree-Reform-Trust-mismatches.xml
@@ -2,24 +2,24 @@
 	For rules that are on by default, see Joseph-Rowntree-Reform-Trust.xml.
 
 -->
-<ruleset name="Joseph Rowntree Reform Trust (mismatches)" default_off="mismatch">
+<ruleset name="Joseph Rowntree Reform Trust (mismatches)" default_off="mismatched">
 
 	<!--	Cert: www.bigchangeuk.co.uk	-->
 	<target host="jrrt.org.uk" />
 	<!--
 		* for secure cookie and also to avoid duplicate host warning.
 						-->
-	<target host="*.jrrt.org.uk" />
+	<target host="www.jrrt.org.uk" />
 		<!--
 			Handled in Joseph-Rowntree-Reform-Trust.xml.
 					-->
-		<exclusion pattern="^https?://(www\.)?jrrt\.org\.uk/sites/" />
+		<exclusion pattern="^http://(?:www\.)?jrrt\.org\.uk/sites/" />
 
 
-	<securecookie host="^\.jrrt\.org\.uk$" name=".*" />
+	<securecookie host="^\.jrrt\.org\.uk$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?jrrt\.org\.uk/"
+	<rule from="^http://(?:www\.)?jrrt\.org\.uk/"
 		to="https://jrrt.org.uk/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Joseph-Rowntree-Reform-Trust.xml b/src/chrome/content/rules/Joseph-Rowntree-Reform-Trust.xml
index 75e301f9469d..56d0bdbf192b 100644
--- a/src/chrome/content/rules/Joseph-Rowntree-Reform-Trust.xml
+++ b/src/chrome/content/rules/Joseph-Rowntree-Reform-Trust.xml
@@ -9,7 +9,7 @@
 	<target host="www.jrrt.org.uk" />
 
 
-	<rule from="^https?://(?:www\.)?jrrt\.org\.uk/sites/"
+	<rule from="^http://(?:www\.)?jrrt\.org\.uk/sites/"
 		to="https://bigchangeuk.co.uk/sites/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Josh_Begley.com.xml b/src/chrome/content/rules/Josh_Begley.com.xml
new file mode 100644
index 000000000000..a32b9c3ba94b
--- /dev/null
+++ b/src/chrome/content/rules/Josh_Begley.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="Josh Begley.com">
+
+	<target host="joshbegley.com" />
+	<target host="www.joshbegley.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Josh_Triplett.org.xml b/src/chrome/content/rules/Josh_Triplett.org.xml
deleted file mode 100644
index aa860d7a8b23..000000000000
--- a/src/chrome/content/rules/Josh_Triplett.org.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Josh Triplett.org">
-
-	<target host="joshtriplett.org" />
-	<target host="www.joshtriplett.org" />
-
-
-	<!--	www redirects to ^ over http,
-		so copy that behavior:
-					-->
-	<rule from="^http://(?:www\.)?joshtriplett\.org/"
-		to="https://joshtriplett.org/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Joslin-Diabetes-Center.xml b/src/chrome/content/rules/Joslin-Diabetes-Center.xml
index b9c207e765b7..0eda2257c07b 100644
--- a/src/chrome/content/rules/Joslin-Diabetes-Center.xml
+++ b/src/chrome/content/rules/Joslin-Diabetes-Center.xml
@@ -2,9 +2,6 @@
 	<target host="joslin.org" />
 	<target host="www.joslin.org" />
 
-	<rule from="^http://(?:www\.)?joslin\.org/" to="https://www.joslin.org/" />
+	<rule from="^http:" to="https:" />
 
-	<!-- Invoking https://joslin.org/ produces a certificate error, so
-	redirect https://joslin.org/ to https://www.joslin.org/ -->
-	<rule from="^https://joslin\.org/" to="https://www.joslin.org/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/JotForm.xml b/src/chrome/content/rules/JotForm.xml
index 01c25d6a04c5..4894bbc21c5f 100644
--- a/src/chrome/content/rules/JotForm.xml
+++ b/src/chrome/content/rules/JotForm.xml
@@ -11,14 +11,20 @@
 
 		- max.jotfor.ms		(works; mismatched, CN: *.netdna-ssl.com)
 
+
+	These altnames don't exist:
+
+		- www.secure.jotformpro.com
+
 -->
 <ruleset name="JotForm">
 
 	<target host="max.jotfor.ms" />
 	<target host="jotform.com" />
-	<target host="*.jotform.com" />
+	<target host="www.jotform.com" />
 	<target host="jotformpro.com" />
-	<target host="*.jotformpro.com" />
+	<target host="secure.jotformpro.com" />
+	<target host="www.jotformpro.com" />
 
 
 	<securecookie host="^(?:w*\.)?jotform\.com$" name=".+" />
@@ -33,7 +39,6 @@
 	<rule from="^http://(?:www\.)?jotform\.com/"
 		to="https://www.jotform.com/" />
 
-	<rule from="^http://(secure\.|www\.)?jotformpro\.com/"
-		to="https://$1jotformpro.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Jotform.us.xml b/src/chrome/content/rules/Jotform.us.xml
new file mode 100644
index 000000000000..9cd1f6ee87ae
--- /dev/null
+++ b/src/chrome/content/rules/Jotform.us.xml
@@ -0,0 +1,7 @@
+<ruleset name="Jotform.us">
+	<target host="secure.jotform.us" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Jottit.xml b/src/chrome/content/rules/Jottit.xml
deleted file mode 100644
index cb37cb25a121..000000000000
--- a/src/chrome/content/rules/Jottit.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="Jottit">
-  <target host="jottit.com" />
-  <target host="*.jottit.com" />
-
-  <rule from="^http://(www\.)?jottit\.com/" to="https://www.jottit.com/"/>
-  <rule from="^http://([^/:@\.]+)\.jottit\.com/" to="https://$1.jottit.com/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/Journal-News.net-problematic.xml b/src/chrome/content/rules/Journal-News.net-problematic.xml
index e905b84e6517..b98c63abf68b 100644
--- a/src/chrome/content/rules/Journal-News.net-problematic.xml
+++ b/src/chrome/content/rules/Journal-News.net-problematic.xml
@@ -4,13 +4,13 @@
 -->
 <ruleset name="Journal-News.net (mismatched)" default_off="mismatched">
 
-	<target host="*.journal-news.net" />
+	<target host="cu.journal-news.net" />
+	<target host="mobile.journal-news.net" />
 
 
 	<securecookie host="^mobile\.journal-news\.net$" name=".+" />
 
 
-	<rule from="^http://(cu|mobile)\.journal-news\.net/"
-		to="https://$1.journal-news.net/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Journal-Officiel.gouv.fr.xml b/src/chrome/content/rules/Journal-Officiel.gouv.fr.xml
new file mode 100644
index 000000000000..41311ab6d325
--- /dev/null
+++ b/src/chrome/content/rules/Journal-Officiel.gouv.fr.xml
@@ -0,0 +1,31 @@
+<!--
+	Invalid certificate:
+		journal-officiel.gouv.fr
+		boamp.journal-officiel.gouv.fr
+		data.journal-officiel.gouv.fr
+		rip.journal-officiel.gouv.fr
+
+	Login required:
+		qualif.associations-depot-comptes.journal-officiel.gouv.fr
+
+	Time out:
+		comptes-syndicats.journal-officiel.gouv.fr
+		declar-successions.journal-officiel.gouv.fr
+		infoservices-concentrateurs.journal-officiel.gouv.fr
+		infoservices-licences.journal-officiel.gouv.fr
+
+	Mixed content from ad servers on www.journal-officiel.gouv.fr
+
+-->
+<ruleset name="Journal-Officiel.gouv.fr">
+
+	<target host="journal-officiel.gouv.fr" />
+	<target host="www.journal-officiel.gouv.fr" />
+
+	<rule from="^http://journal-officiel\.gouv\.fr/"
+		to="https://www.journal-officiel.gouv.fr/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Journal-of-Bodywork-and-Movement-Therapies.xml b/src/chrome/content/rules/Journal-of-Bodywork-and-Movement-Therapies.xml
index 99bc325f3035..69f69e4138a8 100644
--- a/src/chrome/content/rules/Journal-of-Bodywork-and-Movement-Therapies.xml
+++ b/src/chrome/content/rules/Journal-of-Bodywork-and-Movement-Therapies.xml
@@ -2,18 +2,18 @@
 	For other Elsevier coverage, see Elsevier.xml.
 
 -->
-<ruleset name="Journal of Bodywork and Movement Therapies" default_off="mismatch">
+<ruleset name="Journal of Bodywork and Movement Therapies" default_off="mismatched">
 
 	<!--	Cert: secure.elsivierhealth.com	-->
 	<target host="bodyworkmovementtherapies.com" />
 	<!--	* for cross-domain cookies.	-->
-	<target host="*.bodyworkmovementtherapies.com" />
+	<target host="www.bodyworkmovementtherapies.com" />
 
 
-	<securecookie host="\.bodyworkmovementtherapies\.com$" name=".*" />
+	<securecookie host="\.bodyworkmovementtherapies\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?bodyworkmovementtherapies\.com/"
+	<rule from="^http://(?:www\.)?bodyworkmovementtherapies\.com/"
 		to="https://bodyworkmovementtherapies.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Journal-of-Neurosurgery.xml b/src/chrome/content/rules/Journal-of-Neurosurgery.xml
index 7f60baf3e9e5..02f6684cb5fb 100644
--- a/src/chrome/content/rules/Journal-of-Neurosurgery.xml
+++ b/src/chrome/content/rules/Journal-of-Neurosurgery.xml
@@ -5,7 +5,7 @@
 
 
 	<!--	Cert only matches //thejns.org	-->
-	<rule from="^https?://(?:www\.)?thejns\.org/(action/(?:clickThrough|registration)|templates/|userimages/)"
+	<rule from="^http://(?:www\.)?thejns\.org/(action/(?:clickThrough|registration)|templates/|userimages/)"
 		to="https://thejns.org/$1" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/JournalXtra.com.xml b/src/chrome/content/rules/JournalXtra.com.xml
new file mode 100644
index 000000000000..d2a3fda35cfb
--- /dev/null
+++ b/src/chrome/content/rules/JournalXtra.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="JournalXtra.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="journalxtra.com" />
+	<target host="www.journalxtra.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Journal_of_Affective_Disorders.xml b/src/chrome/content/rules/Journal_of_Affective_Disorders.xml
index 1d812b8396aa..589d22f0425d 100644
--- a/src/chrome/content/rules/Journal_of_Affective_Disorders.xml
+++ b/src/chrome/content/rules/Journal_of_Affective_Disorders.xml
@@ -7,13 +7,13 @@
 <ruleset name="Journal of Affective Disorders" default_off="mismatched">
 
 	<target host="jad-journal.com" />
-	<target host="*.jad-journal.com" />
+	<target host="www.jad-journal.com" />
 
 
 	<securecookie host="^\.jad-journal\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?jad-journal\.com/"
+	<rule from="^http://(?:www\.)?jad-journal\.com/"
 		to="https://jad-journal.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Journal_of_Clinical_Investigation.xml b/src/chrome/content/rules/Journal_of_Clinical_Investigation.xml
index 03c8af15f5e9..8d6a27e5f3ee 100644
--- a/src/chrome/content/rules/Journal_of_Clinical_Investigation.xml
+++ b/src/chrome/content/rules/Journal_of_Clinical_Investigation.xml
@@ -10,13 +10,12 @@
 <ruleset name="Journal of Clinical Investigation (partial)">
 
 	<target host="jci.org" />
-	<target host="*.jci.org" />
+	<target host="www.jci.org" />
 
 
 	<securecookie host="^\.jci\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?jci\.org/"
-		to="https://$1jci.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Journalism.co.uk.xml b/src/chrome/content/rules/Journalism.co.uk.xml
new file mode 100644
index 000000000000..693b435763d5
--- /dev/null
+++ b/src/chrome/content/rules/Journalism.co.uk.xml
@@ -0,0 +1,10 @@
+<ruleset name="journalism.co.uk">
+
+	<target host="journalism.co.uk" />
+	<target host="www.journalism.co.uk" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Journalistforbundet.dk.xml b/src/chrome/content/rules/Journalistforbundet.dk.xml
new file mode 100644
index 000000000000..6a292638af8f
--- /dev/null
+++ b/src/chrome/content/rules/Journalistforbundet.dk.xml
@@ -0,0 +1,10 @@
+<ruleset name="Journalistforbundet.dk">
+
+	<target host="journalistforbundet.dk" />
+	<target host="www.journalistforbundet.dk" />
+
+	<securecookie host="\.?journalistforbundet\.dk" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Journeyed.com.xml b/src/chrome/content/rules/Journeyed.com.xml
index 633229b51006..353c3f723689 100644
--- a/src/chrome/content/rules/Journeyed.com.xml
+++ b/src/chrome/content/rules/Journeyed.com.xml
@@ -1,7 +1,22 @@
-<ruleset name="Journeyed">
-  <target host="www.journeyed.com"/>
-  <target host="journeyed.com"/>
+<!--
+	Invalid certificate:
+		journey.journeyed.com
+		marketing.journeyed.com
+		pixar.journeyed.com
+
+-->
+<ruleset name="Journeyed.com">
+
+	<target host="journeyed.com" />
+	<target host="www.journeyed.com" />
+	<target host="efollett.journeyed.com" />
+	<target host="fairfax.journeyed.com" />
+	<target host="headphones.journeyed.com" />
+	<target host="k12.journeyed.com" />
+	<target host="schools.journeyed.com" />
+	<target host="static.journeyed.com" />
+	<target host="usaf.journeyed.com" />
+
+	<rule from="^http:" to="https:" />
 
-  <rule from="^http://(www\.)?journeyed\.com/" to="https://www.journeyed.com/"/>
 </ruleset>
-<!-- Rule generated by HTTPS Finder 0.77 -->
diff --git a/src/chrome/content/rules/Joyclub.de.xml b/src/chrome/content/rules/Joyclub.de.xml
index 3d8dc806b71e..0c8df7951464 100644
--- a/src/chrome/content/rules/Joyclub.de.xml
+++ b/src/chrome/content/rules/Joyclub.de.xml
@@ -2,5 +2,5 @@
   <target host="joyclub.de" />
   <target host="www.joyclub.de" />
 
-  <rule from="^http://(www\.)?joyclub\.de/" to="https://www.joyclub.de/" />
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Joyent.xml b/src/chrome/content/rules/Joyent.xml
index 4bc0c4106e88..c078ca29288a 100644
--- a/src/chrome/content/rules/Joyent.xml
+++ b/src/chrome/content/rules/Joyent.xml
@@ -1,43 +1,69 @@
 <!--
 	Other Joyent rulesets:
 
+		- Joyent_Cloud.com.xml
+		- Nodejs.org.xml
+		- Npm.im.xml
+		- Npm_js.com.xml
 		- Npm_js.org.xml
+		- SmartOS.org.xml
 
 
-	Problematic domains:
+	Nonfunctional hosts in *joyent.com:
 
-		- jobs.nodejs.org	(works; mismatched, CN: *.jobamatic.com)
+		- lpage *
 
+	* Marketo
 
-	Nonfunctional domains:
 
-		- (www.)nodejs.org *
-		- blog.nodejs.org *
-		- build.nodejs.org *
+	Insecure cookies are set for these hosts:
 
-	* Refused
+		- my.joyent.com
+		- sso.joyent.com
+		- wiki.joyent.com
+		- www.joyent.com
 
 -->
-<ruleset name="Joyent (partial)">
+<ruleset name="Joyent.com (partial)">
 
 	<target host="joyent.com"/>
 	<target host="*.joyent.com"/>
-	<target host="*.joyentcloud.com"/>
-	<target host="no.de"/>
-	<target host="www.no.de"/>
 
-	<securecookie host="^(.*\.)?(joyent\.com|no\.de)$" name=".*"/>
+		<!--exclusion pattern="^http://lpage\.joyent\.com/(?!css/|images/|rs/)" /-->
 
-	<rule from="^http://joyent\.com/"
-		to="https://www.joyent.com/"/>
+			<!--	-ve:
+					-->
+			<!--test url="http://lpage.joyent.com/TheDeck.html" /-->
 
-	<rule from="^http://(\w+)\.joyent\.com/"
-		to="https://$1.joyent.com/"/>
+		<exclusion pattern="^http://lpage\.joyent\.com/" />
 
-	<rule from="^http://([\w\-]*api|my)\.joyentcloud\.com/"
-		to="https://$1.joyentcloud.com/"/>
+			<test url="http://lpage.joyent.com/" />
 
-	<rule from="^http://(?:www\.)?no\.de/"
-		to="https://no.de/"/>
+		<test url="http://apidocs.joyent.com/" />
+		<test url="http://docs.joyent.com/" />
+		<test url="http://help.joyent.com/" />
+		<test url="http://my.joyent.com/" />
+		<test url="http://pkgsrc.joyent.com/" />
+		<test url="http://sso.joyent.com/login" />
+		<test url="http://www.joyent.com/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^my\.joyent\.com$" name="^(X-Mapping-\w+|connect\.sid)$" /-->
+	<!--securecookie host="^sso\.joyent\.com$" name="^connect\.sess$" /-->
+	<!--securecookie host="^wiki\.joyent\.com$" name="^JSESSIONID$" /-->
+	<!--securecookie host="^www\.joyent\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<!--	This needs tests.
+				-->
+	<!--rule from="^http://lpage\.joyent\.com/"
+		to="https://na-sjf.marketo.com/" /-->
+
+	<rule from="^http://([\w-]+\.)?joyent\.com/"
+		to="https://$1joyent.com/"/>
 
 </ruleset>
diff --git a/src/chrome/content/rules/Joyent_Cloud.com.xml b/src/chrome/content/rules/Joyent_Cloud.com.xml
new file mode 100644
index 000000000000..82a0c5671e01
--- /dev/null
+++ b/src/chrome/content/rules/Joyent_Cloud.com.xml
@@ -0,0 +1,49 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://api.joyentcloud.com/ => https://api.joyentcloud.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://api.joyentcloud.com// => https://api.joyentcloud.com//: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://my.joyentcloud.com/ => https://my.joyentcloud.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	For other Joyent coverage, see Joyent.xml.
+
+
+	Nonfunctional hosts in *joyentcloud.com:
+
+		- ^ ¹
+		- staging ²
+
+	¹ Refused
+	² Plaintext reply
+
+
+	Problematic hosts in *joyentcloud.com:
+
+		- wiki *
+
+	* Mismatched
+
+-->
+<ruleset name="Joyent Cloud.com (partial)" default_off="failed ruleset test">
+
+	<target host="*.joyentcloud.com"/>
+
+		<test url="http://api.joyentcloud.com/" />
+		<test url="http://api.joyentcloud.com//" />
+		<test url="http://us-west-1.api.joyentcloud.com/" />
+		<test url="http://my.joyentcloud.com/" />
+		<test url="http://www.joyentcloud.com/" />
+
+
+	<!--	Redirect keeps path and args,
+		but not forward slash:
+					-->
+	<rule from="^http://www\.joyentcloud\.com/+"
+		to="https://www.joyent.com/" />
+
+		<test url="http://www.joyentcloud.com/?" />
+
+	<rule from="^http://((?:[\w-]+\.)?api|my)\.joyentcloud\.com/"
+		to="https://$1.joyentcloud.com/"/>
+
+</ruleset>
diff --git a/src/chrome/content/rules/Joystiq.com.xml b/src/chrome/content/rules/Joystiq.com.xml
deleted file mode 100644
index 4db7c4a7891e..000000000000
--- a/src/chrome/content/rules/Joystiq.com.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	For other AOL coverage, see AOL.xml.
-
-
-	CDN buckets:
-
-		- www.blogsmithmedia.com/www.joystiq.com/
-
-
-	Nonfunctional subdomains:
-
-		- (www.)	(refused)
-
--->
-<ruleset name="Joystiq.com (partial)">
-
-	<target host="profiles.joystiq.com" />
-
-
-	<rule from="^http://profiles\.joystiq\.com/"
-		to="https://profiles.joystiq.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Jpfox.fr.xml b/src/chrome/content/rules/Jpfox.fr.xml
new file mode 100644
index 000000000000..e26fb416f6c7
--- /dev/null
+++ b/src/chrome/content/rules/Jpfox.fr.xml
@@ -0,0 +1,20 @@
+<!--
+	Problematic hosts in *jpfox.fr:
+
+		- share *
+
+	* Self-signed
+
+-->
+<ruleset name="jpfox.fr (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="jpfox.fr" />
+	<target host="www.jpfox.fr" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Jpopsuki.eu.xml b/src/chrome/content/rules/Jpopsuki.eu.xml
new file mode 100644
index 000000000000..31d34936f001
--- /dev/null
+++ b/src/chrome/content/rules/Jpopsuki.eu.xml
@@ -0,0 +1,5 @@
+<ruleset name="Jpopsuki.eu">
+	<target host="jpopsuki.eu" />
+	<rule from="^http:" to="https:" />
+	<securecookie host="^\.?jpopsuki\.eu$" name=".+" />
+</ruleset>
diff --git a/src/chrome/content/rules/Jpost.com.xml b/src/chrome/content/rules/Jpost.com.xml
new file mode 100644
index 000000000000..5248ad612c6c
--- /dev/null
+++ b/src/chrome/content/rules/Jpost.com.xml
@@ -0,0 +1,35 @@
+<!--
+	^jpost.com: Dropped
+	www.jpost.com: 504
+
+
+	Insecure cookies are set for these hosts:
+
+		- members.jpost.com
+
+
+	Mixed content:
+
+		- Bug on members from pubads.g.doubleclick.net
+
+-->
+<ruleset name="Jpost.com (partial)">
+
+	<target host="members.jpost.com" />
+
+		<!--	Mixed bug:
+					-->
+		<test url="http://members.jpost.com/UlpanOnline/UlpanOnlineHome.aspx" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^members\.jpost\.com$" name="^(?:ASP\.NET_SessionId|TS[\da-f]{8})$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/JsDelivr.net.xml b/src/chrome/content/rules/JsDelivr.net.xml
new file mode 100644
index 000000000000..31e677857503
--- /dev/null
+++ b/src/chrome/content/rules/JsDelivr.net.xml
@@ -0,0 +1,5 @@
+<ruleset name="jsDelivr.net">
+	<target host="cdn.jsdelivr.net" />
+	<securecookie host=".+" name=".+" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/JsPerf.com.xml b/src/chrome/content/rules/JsPerf.com.xml
new file mode 100644
index 000000000000..bbc692ed2043
--- /dev/null
+++ b/src/chrome/content/rules/JsPerf.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these domains and hosts:
+
+		- jsperf.com
+		- .jsperf.com
+
+-->
+<ruleset name="jsPerf.com">
+
+	<target host="jsperf.com" />
+	<target host="www.jsperf.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^jsperf\.com$" name="^jsPerf$" /-->
+	<!--securecookie host="^\.jsperf\.com$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.?jsperf\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/JsUOL.com.br.xml b/src/chrome/content/rules/JsUOL.com.br.xml
new file mode 100644
index 000000000000..98899bbe7aec
--- /dev/null
+++ b/src/chrome/content/rules/JsUOL.com.br.xml
@@ -0,0 +1,13 @@
+<!--
+	For other UOL coverage, see UOL.xml.
+
+-->
+<ruleset name="jsUOL.com.br">
+
+	<target host="jsuol.com.br" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Jsclasses.org.xml b/src/chrome/content/rules/Jsclasses.org.xml
new file mode 100644
index 000000000000..eb0c58c6ddbb
--- /dev/null
+++ b/src/chrome/content/rules/Jsclasses.org.xml
@@ -0,0 +1,15 @@
+<!--files. refused
+(www.)?jsclasses.net mismatch
+safe.jsclasses.org mismatch
+safe.jsclasses.net mismatch-->
+<ruleset name="Jsclasses.org" platform="mixedcontent">
+	<target host="jsclasses.org" />
+	<target host="www.jsclasses.org" />
+	<target host="jsclasses.net" />
+	<target host="www.jsclasses.net" />
+
+	<rule from="^http://(www\.)?jsclasses\.net/"
+		to="https://$1jsclasses.org/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Jubii.dk-problematic.xml b/src/chrome/content/rules/Jubii.dk-problematic.xml
new file mode 100644
index 000000000000..2e60e7e8bd54
--- /dev/null
+++ b/src/chrome/content/rules/Jubii.dk-problematic.xml
@@ -0,0 +1,17 @@
+<!--
+	For rules that are on by default, see Jubii.dk.xml.
+
+-->
+<ruleset name="Jubii.dk (problematic)" default_off="mismatched">
+
+	<target host="jubii.dk" />
+	<target host="www.jubii.dk" />
+
+
+	<securecookie host="^www\.jubii\.dk$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?jubii\.dk/"
+		to="https://www.jubii.dk/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Jubii.dk.xml b/src/chrome/content/rules/Jubii.dk.xml
new file mode 100644
index 000000000000..a64b79f7316c
--- /dev/null
+++ b/src/chrome/content/rules/Jubii.dk.xml
@@ -0,0 +1,59 @@
+<!--
+	For problematic rules, see Jubii.dk-problematic.xml.
+
+
+	Other Jubii rulesets:
+
+		- Jimg.dk.xml
+		- News.dk.xml
+
+
+	Nonfunctional subdomains:
+
+		- spillehal	(shows spilnu.dk; mismatched, CN: www.spilnu.dk)
+
+
+	Problematic subdomains:
+
+		- (www.) *
+		- bolig *
+		- chat *
+		- go *
+		- linkguider *
+		- mail *
+
+	* Works; mismatched, CN: *.jimg.dk
+
+
+	Mixed content:
+
+		- css, on:
+
+			- linkguider from j.jimg.dk ¹
+			- www from fonts.googleapis.com ¹
+
+		- Images on www from i[123].jimg.dk ¹
+
+		- Ads, on www from:
+
+			- spillehal ²
+			- dagensbedste.dk via 9117ee781da79566d306-014d506c88e36dca0e4a5df132ce4c10.r40.cf2.rackcdn.com
+			- 9117ee781da79566d306-014d506c88e36dca0e4a5df132ce4c10.r40.cf2.rackcdn.com ¹
+
+	¹ Secured by us
+	² Unsecurable
+
+-->
+<ruleset name="Jubii.dk (partial)">
+
+	<target host="konto.jubii.dk" />
+	<target host="support.jubii.dk" />
+
+
+	<rule from="^http://konto\.jubii\.dk/"
+		to="https://konto.jubii.dk/" />
+
+	<rule from="^http://support\.jubii\.dk/(?=favicon\.ico|generated/|images/|system/)"
+		to="https://jubii.zendesk.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Judge.me.xml b/src/chrome/content/rules/Judge.me.xml
index a0686f378746..48a7a6c2935b 100644
--- a/src/chrome/content/rules/Judge.me.xml
+++ b/src/chrome/content/rules/Judge.me.xml
@@ -1,15 +1,15 @@
-<ruleset name="Judge.me" default_off="mismatch">
+<ruleset name="Judge.me" default_off="mismatched">
 
 	<!--	Cert: *.heroku.com	-->
 	<target host="judge.me" />
 	<target host="www.judge.me" />
 
 
-	<securecookie host="^www\.judge\.me$" name=".*" />
+	<securecookie host="^www\.judge\.me$" name=".+" />
 
 
 	<!--	!www redirects to www.	-->
-	<rule from="^https?://(?:www\.)?judge\.me/"
+	<rule from="^http://(?:www\.)?judge\.me/"
 		to="https://www.judge.me/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Judici.xml b/src/chrome/content/rules/Judici.xml
index 81c4cd66a730..cd168a41ac93 100644
--- a/src/chrome/content/rules/Judici.xml
+++ b/src/chrome/content/rules/Judici.xml
@@ -7,7 +7,6 @@
 	<securecookie host="^(?:www\.)?judici\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?judici\.com/"
-		to="https://$1judici.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Judicial_Watch.xml b/src/chrome/content/rules/Judicial_Watch.xml
index 8a876fea6dc3..fff0bb6eb5f0 100644
--- a/src/chrome/content/rules/Judicial_Watch.xml
+++ b/src/chrome/content/rules/Judicial_Watch.xml
@@ -1,13 +1,19 @@
-<ruleset name="Judicial Watch">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://judicialwatch.org/ => https://judicialwatch.org/: Too many redirects while fetching 'https://judicialwatch.org/'
+Fetch error: http://www.judicialwatch.org/ => https://www.judicialwatch.org/: Too many redirects while fetching 'https://www.judicialwatch.org/'
+
+-->
+<ruleset name="Judicial Watch" default_off="failed ruleset test">
 
 	<target host="judicialwatch.org" />
-	<target host="*.judicialwatch.org" />
+	<target host="www.judicialwatch.org" />
 
 
 	<securecookie host="^\.judicialwatch\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?judicialwatch\.org/"
-		to="https://$1judicialwatch.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Judiciary_of_England_and_Wales.xml b/src/chrome/content/rules/Judiciary_of_England_and_Wales.xml
index b1d5c4accc7f..5b1db85f292f 100644
--- a/src/chrome/content/rules/Judiciary_of_England_and_Wales.xml
+++ b/src/chrome/content/rules/Judiciary_of_England_and_Wales.xml
@@ -1,38 +1,34 @@
 <!--
 	For other UK government coverage, see GOV.UK.xml.
 
-
-	Nonfunctional subdomains:
-
-		- sentencingcouncil	(times out)
-
-
-	Problematic subdomains:
-
-		- jac *
-		- judicialcomplaints *
-
-	* Works; mismatched, CN: www.justice.gov.uk
-
-
-	Fully covered subdomains:
-
-		- ojc
-		- www
-
-
-	!www does not exist
-
+	Non-functional hosts
+		Couldn't connect to server:
+		- www.residential-property.judiciary.gov.uk
+
+		Timeout was reached:
+		- civiljusticecouncil.judiciary.gov.uk
+		- ed.judiciary.gov.uk
+		- jars.jac.judiciary.gov.uk
+		- judicialcomplaints.judiciary.gov.uk
+		- ojc.judiciary.gov.uk
+		- www.residentialproperty.judiciary.gov.uk
+		- sec.judiciary.gov.uk
+		- www.sec.judiciary.gov.uk
+		- smtp.judiciary.gov.uk
+
+		SSL peer certificate was not OK:
+		- webapps.judiciary.gov.uk
 -->
-<ruleset name="Judiciary of England and Wales (partial)">
-
-	<target host="*.judiciary.gov.uk" />
-
-
-	<securecookie host="^www\.judiciary\.gov\.uk$" name=".+" />
-
-
-	<rule from="^http://(ojc|www)\.judiciary\.gov\.uk/"
-		to="https://$1.judiciary.gov.uk/" />
-
-</ruleset>
\ No newline at end of file
+<ruleset name="Judiciary of England and Wales">
+	<target host="judiciary.gov.uk" />
+	<target host="www.judiciary.gov.uk" />
+	<target host="intranet.judiciary.gov.uk" />
+	<target host="jac.judiciary.gov.uk" />
+	<target host="judicialcollege.judiciary.gov.uk" />
+	<target host="judicialconduct.judiciary.gov.uk" />
+	<target host="www.judicialconduct.judiciary.gov.uk" />
+	<target host="jwss.judiciary.gov.uk" />
+	<target host="sentencingcouncil.judiciary.gov.uk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Jugendaemter.com.xml b/src/chrome/content/rules/Jugendaemter.com.xml
new file mode 100644
index 000000000000..5844a7afafb5
--- /dev/null
+++ b/src/chrome/content/rules/Jugendaemter.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="Jugendaemter.com">
+
+	<target host="jugendaemter.com" />
+	<target host="www.jugendaemter.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Jugendschutzprogramm.de.xml b/src/chrome/content/rules/Jugendschutzprogramm.de.xml
new file mode 100644
index 000000000000..08a8e4e40f12
--- /dev/null
+++ b/src/chrome/content/rules/Jugendschutzprogramm.de.xml
@@ -0,0 +1,5 @@
+<ruleset name="Jugendschutzprogramm.de">
+<target host="www.jugendschutzprogramm.de" />
+
+<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Jugger.ru.xml b/src/chrome/content/rules/Jugger.ru.xml
new file mode 100644
index 000000000000..25461aa9ec05
--- /dev/null
+++ b/src/chrome/content/rules/Jugger.ru.xml
@@ -0,0 +1,40 @@
+<!--
+	Fully covered subdomains:
+
+		- (www.)?
+		- s1
+		- s2
+
+
+	Insecure cookies are set for these domains:
+
+		- jugger.ru
+		- www.jugger.ru
+
+
+	Mixed content:
+
+		- Images on s1, s2 from s1 *
+
+	* Secured by us
+
+-->
+<ruleset name="Jugger.ru">
+
+	<target host="jugger.ru" />
+	<target host="s1.jugger.ru" />
+	<target host="s2.jugger.ru" />
+	<target host="www.jugger.ru" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?jugger\.ru$" name="^server_id$" /-->
+
+	<securecookie host="^(?:www\.)?jugger\.ru$" name=".+" />
+
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Juicer.io.xml b/src/chrome/content/rules/Juicer.io.xml
new file mode 100644
index 000000000000..15e1dbe13e80
--- /dev/null
+++ b/src/chrome/content/rules/Juicer.io.xml
@@ -0,0 +1,39 @@
+<!--
+	NB: Tor users cannot view* this website due to CloudFlare settings.
+
+	See:
+
+		- https://blog.torproject.org/blog/call-arms-helping-internet-services-accept-anonymous-users
+		- https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block-Tor-
+		- https://support.cloudflare.com/hc/en-us/articles/200170206-How-do-I-turn-I-m-Under-Attack-mode-on-
+
+	* without enabling javascript, for security and privacy implications see e.g.:
+
+		- https://www.mozilla.org/security/known-vulnerabilities/firefox.html
+		- https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-fingerprinting
+		- https://panopticlick.eff.org
+
+
+	Insecure cookies are set for these domains:
+
+		- .juicer.io
+
+-->
+<ruleset name="Juicer.io (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<!--target host="juicer.io" />	Needs clearnet testing	-->
+	<target host="assets.juicer.io" />
+	<!--target host="www.juicer.io" /-->
+
+		<test url="http://assets.juicer.io/embed.css?ver=4.0" />
+
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/JuicyAds.com.xml b/src/chrome/content/rules/JuicyAds.com.xml
new file mode 100644
index 000000000000..10e44adb053a
--- /dev/null
+++ b/src/chrome/content/rules/JuicyAds.com.xml
@@ -0,0 +1,45 @@
+<!--
+	Nonfunctional hosts in *juicyads.com:
+
+		- support ²
+		- www ¹
+
+	¹ 503
+	² 403
+
+	Problematic hosts in *juicyads.com:
+
+		- ^ ¹
+		- ads-a *
+
+	¹ tls unsupported at redirect destination
+	* Server sometimes sends no certificate chain, see https://whatsmychaincert.com
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .juicyads.com
+		- adserver.juicyads.com
+
+-->
+<ruleset name="JuicyAds.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<!--target host="ads-a.juicyads.com" /-->
+	<target host="adserver.juicyads.com" />
+	<target host="ck.juicyads.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.juicyads\.com$" name="^(incap_ses_\d+_\d+|imps\d+|juicy_data|juicy_data_1|nlbi_\d+|visid_incap_\d+)$" /-->
+	<!--securecookie host="^adserver\.juicyads\.com$" name="^__utmv\w+$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/JuicyCanvas.xml b/src/chrome/content/rules/JuicyCanvas.xml
index fafccc365364..d6129f6ccd85 100644
--- a/src/chrome/content/rules/JuicyCanvas.xml
+++ b/src/chrome/content/rules/JuicyCanvas.xml
@@ -1,13 +1,19 @@
-<ruleset name="JuicyCanvas">
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://www.juicycanvas.com/ (200) => https://www.juicycanvas.com/ (526)
+
+-->
+<ruleset name="JuicyCanvas.com" default_off="failed ruleset test">
 
 	<target host="juicycanvas.com" />
-	<target host="*.juicycanvas.com" />
+	<target host="www.juicycanvas.com" />
 
 
-	<securecookie host="^\.juicycanvas\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(www\.)?juicycanvas\.com/"
-		to="https://$1juicycanvas.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Juju_charms.com.xml b/src/chrome/content/rules/Juju_charms.com.xml
new file mode 100644
index 000000000000..19cef4f2cc5b
--- /dev/null
+++ b/src/chrome/content/rules/Juju_charms.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="Juju charms.com">
+
+	<target host="jujucharms.com" />
+	<target host="www.jujucharms.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Julia_Reda.eu.xml b/src/chrome/content/rules/Julia_Reda.eu.xml
new file mode 100644
index 000000000000..2fa9c0c81f50
--- /dev/null
+++ b/src/chrome/content/rules/Julia_Reda.eu.xml
@@ -0,0 +1,27 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- juliareda.eu
+
+-->
+<ruleset name="Julia Reda.eu">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="juliareda.eu" />
+	<target host="pod.juliareda.eu" />
+	<target host="stats.juliareda.eu" />
+	<target host="www.juliareda.eu" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^juliareda\.eu$" name="^pll_language$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Juliar.xml b/src/chrome/content/rules/Juliar.xml
new file mode 100644
index 000000000000..6a9311a72c6d
--- /dev/null
+++ b/src/chrome/content/rules/Juliar.xml
@@ -0,0 +1,8 @@
+<ruleset name="juliar">
+	<target host="juliar.org" />
+	<target host="ai.juliar.org" />
+	<target host="sec.juliar.org" />
+
+	<rule from="^http:" to="https:"/>
+	<securecookie host="^juliar\.org$" name=".+" />
+ </ruleset>
diff --git a/src/chrome/content/rules/Julieannenoying.com.xml b/src/chrome/content/rules/Julieannenoying.com.xml
new file mode 100644
index 000000000000..5f889193bc8c
--- /dev/null
+++ b/src/chrome/content/rules/Julieannenoying.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="Julieannenoying">
+
+	<target host="julieannenoying.com" />
+	<target host="www.julieannenoying.com" />
+
+	<rule from="^http:" to="https:"/>
+
+</ruleset>
diff --git a/src/chrome/content/rules/Jumio.xml b/src/chrome/content/rules/Jumio.xml
index 3f10b58f4bfa..1392cd3a49f9 100644
--- a/src/chrome/content/rules/Jumio.xml
+++ b/src/chrome/content/rules/Jumio.xml
@@ -1,4 +1,12 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://jumio.com/ => https://netswipe.com/: (6, 'Could not resolve host: netswipe.com')
+Fetch error: http://netswipe.com/ => https://netswipe.com/: (6, 'Could not resolve host: netswipe.com')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://jumio.com/ => https://netswipe.com/: Cycle detected - URL already encountered: https://netswipe.com/
+Fetch error: http://netswipe.com/ => https://netswipe.com/: Cycle detected - URL already encountered: https://netswipe.com/
 	Other Jumio rulesets:
 
 		- Netverify.xml
@@ -9,21 +17,24 @@
 		- (www.)jumio.com
 
 -->
-<ruleset name="Jumio">
+<ruleset name="Jumio" default_off="failed ruleset test">
 
 	<target host="jumio.com" />
-	<target host="*.jumio.com" />
+	<target host="www.jumio.com" />
+	<target host="pay.jumio.com" />
+	<target host="static.jumio.com" />
 	<target host="netswipe.com" />
-	<target host="*.netswipe.com" />
+	<target host="www.netswipe.com" />
+	<target host="pay.netswipe.com" />
+	<target host="static.netswipe.com" />
 
 
 	<securecookie host="^(?:.+\.)?(?:jumio|netswipe)\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?(?:jumio|netswipe)\.com/"
+	<rule from="^http://(?:www\.)?(?:jumio|netswipe)\.com/"
 		to="https://netswipe.com/" />
 
-	<rule from="^http://(pay|static)\.(jumio|netswipe)\.com/"
-		to="https://$1.$2.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/JumpTime.com.xml b/src/chrome/content/rules/JumpTime.com.xml
index 78dd7348195e..d1d21702b629 100644
--- a/src/chrome/content/rules/JumpTime.com.xml
+++ b/src/chrome/content/rules/JumpTime.com.xml
@@ -32,14 +32,12 @@
 -->
 <ruleset name="JumpTime.com (partial)">
 
-	<target host="jumptime.com" />
-	<target host="*.jumptime.com" />
+	<!--	Complications:
+				-->
+	<target host="beacon.jumptime.com" />
 
 
 	<rule from="^http://beacon\.jumptime\.com/"
 		to="https://d70783jehyk3d.cloudfront.net/" />
 
-	<rule from="^http://edit-www\.jumptime\.com/"
-		to="https://a248.e.akamai.net/f/1051/2618/4m/www.jumptime.com/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Jumpeye_Components.com.xml b/src/chrome/content/rules/Jumpeye_Components.com.xml
new file mode 100644
index 000000000000..f9459e1562d3
--- /dev/null
+++ b/src/chrome/content/rules/Jumpeye_Components.com.xml
@@ -0,0 +1,41 @@
+<!--
+	Nonfunctional hosts:
+
+		- blog *
+
+	* 404
+
+
+	www: Some pages redirect to http.
+
+-->
+<ruleset name="Jumpeye Components.com (partial)">
+
+	<target host="jumpeyecomponents.com" />
+	<target host="www.jumpeyecomponents.com" />
+		<!--
+			Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.jumpeyecomponents\.com/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.jumpeyecomponents\.com/+(?!css/|favicon\.ico|images/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.jumpeyecomponents.com/Flash-Components/" />
+			<test url="http://www.jumpeyecomponents.com/JavaScript-Components/VariousJS/Jumpeye-framework-506/" />
+			<test url="http://www.jumpeyecomponents.com/cart.list.htm" />
+			<test url="http://www.jumpeyecomponents.com/knowledgebase/" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.jumpeyecomponents.com/favicon.ico" />
+			<test url="http://www.jumpeyecomponents.com/images/jc_main_logo.png" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/JumpingJack.xml b/src/chrome/content/rules/JumpingJack.xml
index d8f36d51d5d4..e9c34f5b5269 100644
--- a/src/chrome/content/rules/JumpingJack.xml
+++ b/src/chrome/content/rules/JumpingJack.xml
@@ -1,17 +1,22 @@
-<ruleset name="JumpingJack">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://images.jitsmart.com/ => https://images.jitsmart.com/: (6, 'Could not resolve host: images.jitsmart.com')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://images.jitsmart.com/ => https://images.jitsmart.com/: (28, 'Connection timed out after 10000 milliseconds')
+-->
+<ruleset name="JumpingJack" default_off="failed ruleset test">
 
 	<target host="images.jitsmart.com" />
 	<target host="jumpingjack.com" />
-	<target host="*.jumpingjack.com" />
+	<target host="media.jumpingjack.com" />
+	<target host="www.jumpingjack.com" />
 
 
 	<securecookie host="^jumpingjack\.com$" name=".+" />
 
 
-	<rule from="^http://images\.jitsmart\.com/"
-		to="https://images.jitsmart.com/" />
-
-	<rule from="^http://(media\.|www\.)?jumpingjack\.com/"
-		to="https://$1jumpingjack.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Jumpline.com.xml b/src/chrome/content/rules/Jumpline.com.xml
new file mode 100644
index 000000000000..569cba12c344
--- /dev/null
+++ b/src/chrome/content/rules/Jumpline.com.xml
@@ -0,0 +1,21 @@
+<!--
+	Nonfunctional hosts in *jumpline.com:
+
+		- (www.)? *
+		- support *
+
+	* Dropped
+
+-->
+<ruleset name="Jumpline.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="my.jumpline.com" />
+	<target host="ssl.jumpline.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Jumptap.xml b/src/chrome/content/rules/Jumptap.xml
index b6532a78887f..69f03e9a8fa9 100644
--- a/src/chrome/content/rules/Jumptap.xml
+++ b/src/chrome/content/rules/Jumptap.xml
@@ -6,6 +6,6 @@
 <ruleset name="Jumptap">
 	<target host="*.jumptap.com" />
 
-	<exclusion pattern="^http://(db02|dine|reporting).jumptap.com" />
+	<exclusion pattern="^http://(?:db02|dine|reporting).jumptap.com" />
 	<rule from="^http://([^@:/]*)\.jumptap\.com/" to="https://$1.jumptap.com/" />
 </ruleset>
diff --git a/src/chrome/content/rules/June_oven.com.xml b/src/chrome/content/rules/June_oven.com.xml
new file mode 100644
index 000000000000..770989da4f79
--- /dev/null
+++ b/src/chrome/content/rules/June_oven.com.xml
@@ -0,0 +1,25 @@
+<!--
+	CDN buckets:
+
+		- juneweb.s3.amazonaws.com
+
+
+	Nonfunctional hosts in *juneoven.com:
+
+		- support *
+
+	* Refused
+
+-->
+<ruleset name="June oven.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="juneoven.com" />
+	<target host="www.juneoven.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Junge-Piraten.de.xml b/src/chrome/content/rules/Junge-Piraten.de.xml
new file mode 100644
index 000000000000..9f44d9f1bdd0
--- /dev/null
+++ b/src/chrome/content/rules/Junge-Piraten.de.xml
@@ -0,0 +1,30 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://junge-piraten.de/ => https://junge-piraten.de/: (51, "SSL: no alternative certificate subject name matches target host name 'junge-piraten.de'")
+Fetch error: http://forum.junge-piraten.de/ => https://forum.junge-piraten.de/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://stats.junge-piraten.de/ => https://stats.junge-piraten.de/: (6, 'Could not resolve host: stats.junge-piraten.de')
+Fetch error: http://www.junge-piraten.de/ => https://www.junge-piraten.de/: (51, "SSL: no alternative certificate subject name matches target host name 'www.junge-piraten.de'")
+
+	For other Pirate Party coverage, see PirateParty.xml.
+
+-->
+<ruleset name="Junge-Piraten.de" default_off="failed ruleset test">
+
+	<target host="junge-piraten.de" />
+	<target host="forum.junge-piraten.de" />
+	<target host="lists.junge-piraten.de" />
+	<target host="multiweb.junge-piraten.de" />
+	<target host="static.junge-piraten.de" />
+	<target host="stats.junge-piraten.de" />
+	<target host="wiki.junge-piraten.de" />
+	<target host="www.junge-piraten.de" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Juniper-Research.xml b/src/chrome/content/rules/Juniper-Research.xml
index e33c8be02466..8b73c78ffca4 100644
--- a/src/chrome/content/rules/Juniper-Research.xml
+++ b/src/chrome/content/rules/Juniper-Research.xml
@@ -1,10 +1,20 @@
-<ruleset name="Juniper Research">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://juniperresearch.com/ => https://junipersearch.com/: (51, "SSL: no alternative certificate subject name matches target host name 'junipersearch.com'")
+Fetch error: http://www.juniperresearch.com/ => https://www.junipersearch.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.junipersearch.com'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://juniperresearch.com/ => https://junipersearch.com/: (28, 'Connection timed out after 10001 milliseconds')
+Fetch error: http://www.juniperresearch.com/ => https://www.junipersearch.com/: (28, 'Connection timed out after 10000 milliseconds')
+-->
+<ruleset name="Juniper Research" default_off="failed ruleset test">
 
 	<target host="juniperresearch.com" />
 	<target host="www.juniperresearch.com" />
 
 
-	<securecookie host="^(www\.)?juniperresearch\.com$" name=".*" />
+	<securecookie host="^(?:www\.)?juniperresearch\.com$" name=".+" />
 
 
 	<rule from="^http://(www\.)?juniperresearch\.com/"
diff --git a/src/chrome/content/rules/JuniperNetworks.xml b/src/chrome/content/rules/JuniperNetworks.xml
index 03a88fe9a33e..5f376dc8ada7 100644
--- a/src/chrome/content/rules/JuniperNetworks.xml
+++ b/src/chrome/content/rules/JuniperNetworks.xml
@@ -1,6 +1,82 @@
-<ruleset name="Juniper Networks" platform="mixedcontent">
-  <target host="www.juniper.net" />
-  <target host="juniper.net" />
+<!--
+	Juniper Networks
+
+
+	Nonfunctional hosts in *juniper.net:
+
+		- newsroom ¹
+		- rss ²
+
+	¹ 500
+	² Reset
+
+
+	Problematic hosts in *juniper.net:
+
+		- ^ ¹
+		- advisory ²
+
+	¹ Dropped
+	² Mismatched
+
+
+	These altnames don't exist:
+
+		- www.kb.juniper.net
+		- www.prsearch.juniper.net
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .juniper.net
+		- kb.juniper.net
+		- forums.juniper.net
+		- www.juniper.net
+
+
+	Mixed content:
+
+		- Images on forums, kb from www.juniper.net *
+		- Bug on kb, www from statse.webtrendslive.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Juniper.net (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="forums.juniper.net" />
+	<target host="kb.juniper.net" />
+	<target host="prsearch.juniper.net" />
+	<target host="www.juniper.net" />
+
+	<!--	Complications:
+				-->
+	<target host="juniper.net" />
+	<target host="advisory.juniper.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.juniper\.net$" name="^(?:JNPRCUST|ObSSOCookie)$" /-->
+	<!--securecookie host="^forums\.juniper\.net$" name="^Lithium(?:UserInfo|UserSecure|Visitor)$" /-->
+	<!--securecookie host="^(?:kb|www)\.juniper\.net$" name="^JSESSIONID$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://juniper\.net/"
+		to="https://www.juniper.net/" />
+
+	<!--	Redirect drops forward slash, path, and args:
+								-->
+	<rule from="^http://advisory\.juniper\.net/.*"
+		to="https://kb.juniper.net/InfoCenter/index?page=content&amp;channel=SECURITY_ADVISORIES" />
+
+		<test url="http://advisory.juniper.net/index.htm" />
+
+	<rule from="^http:"
+		to="https:" />
 
-  <rule from="^http://(?:www\.)?juniper\.net/" to="https://www.juniper.net/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/Junkudo.xml b/src/chrome/content/rules/Junkudo.xml
new file mode 100644
index 000000000000..8d5b90771d37
--- /dev/null
+++ b/src/chrome/content/rules/Junkudo.xml
@@ -0,0 +1,6 @@
+<ruleset name="JUNKUDO">
+    <target host="junkudo.co.jp" />
+    <target host="www.junkudo.co.jp" />
+
+    <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Juno.com.xml b/src/chrome/content/rules/Juno.com.xml
new file mode 100644
index 000000000000..fec1ddd1801a
--- /dev/null
+++ b/src/chrome/content/rules/Juno.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Certificate mismatch:
+		juno.com
+		startjuno.com
+		www.startjuno.com
+		webmaila.juno.com
+		webmailb.juno.com
+
+	Refused:
+		mail.juno.com
+		register.juno.com
+		thirdpartyoffers.juno.com
+-->
+<ruleset name="Juno.com">
+	<target host="www.juno.com" />
+	<target host="account.juno.com" />
+	<target host="games.juno.com" />
+	<target host="help.juno.com" />
+	<target host="my.juno.com" />
+	<target host="store.juno.com" />
+	<target host="track.juno.com" />
+	<target host="webmail.juno.com" />
+	<target host="www.webmail.juno.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/JunoDownload.xml b/src/chrome/content/rules/JunoDownload.xml
deleted file mode 100644
index 49d6eef401b1..000000000000
--- a/src/chrome/content/rules/JunoDownload.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<ruleset name="JunoDownload">
-  <target host="junodownload.com" />
-  <target host="www.junodownload.com" />
-  <target host="secure.junodownload.com" />
-
-  <rule from="^http://(secure\.|www\.)?junodownload\.com/" to="https://secure.junodownload.com/" />
-  <!-- Juno Player -->
-  <exclusion pattern="^http://www\.junodownload\.com/crossdomain\.xml$" />
-  <exclusion pattern="^http://www\.junodownload\.com/api/.+/track/dostream" />
-  <!-- Juno Plus -->
-  <exclusion pattern="^http://(www\.)?junodownload\.com/plus/" />
-  <!-- Juno searches -->
-  <exclusion pattern="^http://(www\.)?junodownload\.com/search/" />
-</ruleset>
diff --git a/src/chrome/content/rules/JunoRecords.xml b/src/chrome/content/rules/JunoRecords.xml
deleted file mode 100644
index 62c92ef396a7..000000000000
--- a/src/chrome/content/rules/JunoRecords.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<ruleset name="JunoRecords">
-  <target host="juno.co.uk" />
-  <target host="www.juno.co.uk" />
-  <target host="secure.juno.co.uk" />
-  <target host="junostatic.com" />
-  <target host="www.junostatic.com" />
-  <target host="cms.junostatic.com" />
-  <target host="images.junostatic.com" />
-
-  <rule from="^http://(www\.|secure\.)?juno\.co\.uk/" to="https://secure.juno.co.uk/" />
-  <rule from="^http://(www\.)?junostatic\.com/" to="https://static.juno.co.uk/" />
-  <rule from="^http://(images|cms)\.junostatic\.com/" to="https://images.juno.co.uk/" />
-
-  <!-- Juno Player -->
-  <exclusion pattern="^http://www\.juno\.co\.uk/crossdomain\.xml$" />
-</ruleset>
diff --git a/src/chrome/content/rules/Jupiter_Artland.org.xml b/src/chrome/content/rules/Jupiter_Artland.org.xml
new file mode 100644
index 000000000000..01e428651611
--- /dev/null
+++ b/src/chrome/content/rules/Jupiter_Artland.org.xml
@@ -0,0 +1,15 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://jupiterartland.org/ (200) => https://jupiterartland.org/ (404)
+
+-->
+<ruleset name="Jupiter Artland.org" default_off="failed ruleset test">
+
+	<target host="jupiterartland.org" />
+	<target host="www.jupiterartland.org" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Jupyter.org.xml b/src/chrome/content/rules/Jupyter.org.xml
new file mode 100644
index 000000000000..db589cb69244
--- /dev/null
+++ b/src/chrome/content/rules/Jupyter.org.xml
@@ -0,0 +1,13 @@
+<ruleset name="Jupyter.org">
+
+	<target host="jupyter.org" />
+	<target host="www.jupyter.org" />
+	<target host="blog.jupyter.org" />
+	<target host="colaboratory.jupyter.org" />
+	<target host="nbviewer.jupyter.org" />
+	<target host="try.jupyter.org" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Jussieu.fr-problematic.xml b/src/chrome/content/rules/Jussieu.fr-problematic.xml
new file mode 100644
index 000000000000..e1bff16c9e40
--- /dev/null
+++ b/src/chrome/content/rules/Jussieu.fr-problematic.xml
@@ -0,0 +1,12 @@
+<!--
+	For rules that are on by default, see Jussieu.fr.xml.
+
+-->
+<ruleset name="Jussieu.fr (self-signed)" default_off="self-signed">
+
+	<target host="distrib-coffee.ipsl.jussieu.fr" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Jussieu.fr.xml b/src/chrome/content/rules/Jussieu.fr.xml
new file mode 100644
index 000000000000..bf617f9e9ab5
--- /dev/null
+++ b/src/chrome/content/rules/Jussieu.fr.xml
@@ -0,0 +1,40 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://forge.ipsl.jussieu.fr/ => https://forge.ipsl.jussieu.fr/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://forge.ipsl.jussieu.fr/ => https://forge.ipsl.jussieu.fr/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+	For problematic rules, see Jussieu.fr-problematic.xml.
+
+
+	Problematic subdomains:
+
+		- distrib-coffee.ipsl *
+
+	* Self-signed
+
+
+	Fully covered subdomains:
+
+		- forge.ipsl
+
+
+	(www.)? doesn't exist.
+
+
+	Mixed content:
+
+		- Image on distrib-coffee.ipsl from maps.fallingrain.com *
+
+	* Unsecurable <= refused
+
+-->
+<ruleset name="Jussieu.fr (partial)" default_off="failed ruleset test">
+
+	<target host="forge.ipsl.jussieu.fr" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Just-Develop-It.xml b/src/chrome/content/rules/Just-Develop-It.xml
index 9b890e526676..3c6dda5d0596 100644
--- a/src/chrome/content/rules/Just-Develop-It.xml
+++ b/src/chrome/content/rules/Just-Develop-It.xml
@@ -1,9 +1,25 @@
-<ruleset name="Just Develop It (partial)">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://intellichat.com/ => https://intellchat.com/: (6, 'Could not resolve host: intellchat.com')
+Fetch error: http://mymerchantguard.com/ => https://mymerchantguard.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://mychatagent.com/ => https://mychatagent.com/: (7, 'Failed to connect to mychatagent.com port 443: Connection refused')
+Fetch error: http://www.mychatagent.com/ => https://www.mychatagent.com/: (7, 'Failed to connect to www.mychatagent.com port 443: Connection refused')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://intellichat.com/ => https://intellchat.com/: (7, 'Failed to connect to intellchat.com port 443: No route to host')
+Fetch error: http://mymerchantguard.com/ => https://mymerchantguard.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://zipcloud.com/ => https://zipcloud.com/: Redirect for 'http://zipcloud.com/' missing Location
+
+	Other Just Develop It rulesets:
+
+		- justcloud.com.xml
+
+-->
+<ruleset name="Just Develop It (partial)" default_off="failed ruleset test">
 
 	<target host="intellichat.com"/>
 	<target host="*.intellichat.com"/>
-	<target host="justcloud.com"/>
-	<target host="*.justcloud.com"/>
 	<target host="justhost.com"/>
 	<target host="*.justhost.com"/>
 		<exclusion pattern="^http://reviews\.justhost\."/>
@@ -15,16 +31,16 @@
 	<target host="zipcloud.com"/>
 	<target host="*.zipcloud.com"/>
 
-	<securecookie host="^(.*\.)?intellichat\.com$" name=".*"/>
-	<securecookie host="^(.*\.)?justhost\.com$" name=".*"/>
-	<securecookie host="^(.*\.)?my(chatagent|pcbackup)\.com$" name=".*"/>
-	<securecookie host="^(.*\.)?(just|zip)cloud\.com$" name=".*"/>
+	<securecookie host="^(?:.*\.)?intellichat\.com$" name=".+" />
+	<securecookie host="^(?:.*\.)?justhost\.com$" name=".+" />
+	<securecookie host="^(?:.*\.)?my(?:chatagent|pcbackup)\.com$" name=".+" />
+	<securecookie host="^(?:.*\.)?zipcloud\.com$" name=".+" />
 
 	<rule from="^http://(\w+\.)?intellichat\.com/"
 		to="https://$1intellchat.com/"/>
 
-	<rule from="^http://(\w+\.)?(just|zip)cloud\.com/"
-		to="https://$1$2cloud.com/"/>
+	<rule from="^http://(\w+\.)?zipcloud\.com/"
+		to="https://$1zipcloud.com/"/>
 
 	<rule from="^http://(\w+\.)?justhost\.com/"
 		to="https://$1justhost.com/"/>
diff --git a/src/chrome/content/rules/Just-Extend.com.xml b/src/chrome/content/rules/Just-Extend.com.xml
new file mode 100644
index 000000000000..0b79552d9bab
--- /dev/null
+++ b/src/chrome/content/rules/Just-Extend.com.xml
@@ -0,0 +1,11 @@
+<ruleset name="Just-Extend.com">
+	<target host="just-extend.com" />
+	<target host="www.just-extend.com" />
+	<target host="autodiscover.just-extend.com" />
+	<target host="cpanel.just-extend.com" />
+	<target host="mail.just-extend.com" />
+	<target host="webdisk.just-extend.com" />
+	<target host="webmail.just-extend.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/JustGive.org.xml b/src/chrome/content/rules/JustGive.org.xml
new file mode 100644
index 000000000000..9251956231a1
--- /dev/null
+++ b/src/chrome/content/rules/JustGive.org.xml
@@ -0,0 +1,35 @@
+<!--
+	Refused:
+		ido-www.justgive.org
+
+	Invalid certificate:
+		marriott.justgive.org
+
+-->
+<ruleset name="JustGive">
+
+	<target host="justgive.org" />
+	<target host="www.justgive.org" />
+	<target host="amex.justgive.org" />
+	<target host="amex-qa.justgive.org" />
+	<target host="blog.justgive.org" />
+	<target host="cisco.justgive.org" />
+	<target host="dalio.justgive.org" />
+	<target host="discover.justgive.org" />
+	<target host="fcgives.justgive.org" />
+	<target host="greatnonprofits.justgive.org" />
+	<target host="hallmark.justgive.org" />
+	<target host="hollywoodfund.justgive.org" />
+	<target host="ido.justgive.org" />
+	<target host="ido-stage.justgive.org" />
+	<target host="moe.justgive.org" />
+	<target host="neb.justgive.org" />
+	<target host="npo.justgive.org" />
+	<target host="theknot.justgive.org" />
+
+	<securecookie host="^amex\.justgive\.org$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/JustGive.xml b/src/chrome/content/rules/JustGive.xml
deleted file mode 100644
index e3cffaaca2f5..000000000000
--- a/src/chrome/content/rules/JustGive.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<ruleset name="JustGive">
-
-	<target host="justgive.org" />
-	<target host="*.justgive.org" />
-
-
-	<securecookie host="^amex\.justgive\.org$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?justgive\.org/"
-		to="https://www.justgive.org/" />
-
-	<rule from="^http://(amex|ido)\.justgive\.org/"
-		to="https://$1.justgive.org/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/JustGiving.xml b/src/chrome/content/rules/JustGiving.xml
index ea9f030c64b2..0d4279e82ac0 100644
--- a/src/chrome/content/rules/JustGiving.xml
+++ b/src/chrome/content/rules/JustGiving.xml
@@ -1,16 +1,131 @@
-<ruleset name="JustGiving">
 
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://pages.justgiving.com/css/mktLPSupport.css (200) => https://na-lon02.marketo.com/css/mktLPSupport.css (403)
+
+	For rules causing false/broken MCB, see justgiving.com-falsemixed.xml.
+
+
+	CDN buckets:
+
+		- marketo.justgiving.com.s3-external-3.amazonaws.com
+		- jg-cdn-com.s3-website-eu-west-1.amazonaws.com
+
+
+	Nonfunctional subdomains:
+
+		- pages ²
+
+	² Marketo, redirects to app-lon02
+
+
+	Problematic subdomains:
+
+		- apimanagement ᵐ
+		- blog ˣ
+		- marketo *
+		- tech ˣ
+
+	* AmazonAWS / mismatched
+	ᵐ Mismatched
+	ˣ Mixed css, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+
+	Mixed content:
+
+		- css, on:
+
+			- blog from fonts.googleapis.com ˢ
+			- blog, tech from $self ˢ
+
+		- Images, on:
+
+			- about, www from jg-cdn-com.s3-website-eu-west-1.amazonaws.com
+			- blog, tech from $self ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="JustGiving.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
 	<target host="justgiving.com" />
-	<target host="*.justgiving.com" />
+	<target host="about.justgiving.com" />
+	<target host="api.justgiving.com" />
+	<!--target host="blog.justgiving.com" /-->
+	<target host="chrome.justgiving.com" />
+	<target host="crowdfunding.justgiving.com" />
+	<target host="developer.justgiving.com" />
+	<target host="images.justgiving.com" />
+	<!--target host="tech.justgiving.com" /-->
+	<target host="www.justgiving.com" />
+
+	<!--	Complications:
+				-->
+	<target host="marketo.justgiving.com" />
+	<target host="pages.justgiving.com" />
+
+		<!--	References resources relative to root:
+								-->
+		<exclusion pattern="^http://marketo\.justgiving\.com/css/marketo-2\.css" />
+
+			<!--	+ve:
+					-->
+			<test url="http://marketo.justgiving.com/css/marketo-2.css" />
+
+		<exclusion pattern="^http://pages\.justgiving\.com/(?!/*(?:$|\?|css/|images/|rs/))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://pages.justgiving.com/Christmas2015.html" />
+			<test url="http://pages.justgiving.com/causes-ie.html" />
+			<test url="http://pages.justgiving.com/company-signup" />
+			<test url="http://pages.justgiving.com/developer" />
+			<test url="http://pages.justgiving.com/developer-apps.html" />
+			<test url="http://pages.justgiving.com/favicon.ico" />
+			<test url="http://pages.justgiving.com/index.html" />
+			<test url="http://pages.justgiving.com/login_request.html" />
+
+		<!--	Sets cookie without Secure:
+							-->
+		<!--test url="http://chrome.justgiving.com/jstest/false" /-->
+
+		<test url="http://images.justgiving.com/image/8a05a0d6-9815-40a0-97fe-f8e938332dd5.jpg?template=homepagecard&amp;imagetype=frpphoto&amp;trymigrate=true&amp;sourcepath=112013" />
+
+		<!--	Mixed images:
+					-->
+		<!--test url="http://www.justgiving.com/corporate-fundraising" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.justgiving\.com$" name="^(ASP\.NET_SessionId|DiagnosticsId|JGAnalytics|JGABID|logged_in_guid)$" /-->
+	<!--securecookie host="^apimanagement\.justgiving\.com$" name="^_system_session$" /-->
+	<!--securecookie host="^chrome\.justgiving\.com$" name="^jstest$" /-->
+	<!--securecookie host="^www\.justgiving\.com$" name="^COOKIE_PREFERENCES$" /-->
+
+	<securecookie host="^(?!pages\.)." name=".+" />
+
+
+	<rule from="^http://marketo\.justgiving\.com/"
+		to="https://s3-eu-west-1.amazonaws.com/marketo.justgiving.com/" />
+
+		<test url="http://marketo.justgiving.com/images/ReasonsFB.jpg" />
 
+	<!--	Redirect drops args and forward slash:
+							-->
+	<rule from="^http://pages\.justgiving\.com/+(?:\?.*)?$"
+		to="https://justgiving.com/" />
 
-	<securecookie host="^(?:apimanagement|www)?\.justgiving\.com$" name=".+" />
+		<test url="http://pages.justgiving.com/?" />
 
+	<rule from="^http://pages\.justgiving\.com/"
+		to="https://na-lon02.marketo.com/" />
 
-	<rule from="^https?://justgiving\.com/"
-		to="https://www.justgiving.com/" />
+		<test url="http://pages.justgiving.com/css/mktLPSupport.css" />
 
-	<rule from="^http://(apimanagement|secure|www)\.justgiving\.com/"
-		to="https://$1.justgiving.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/JustTomatoes.com.xml b/src/chrome/content/rules/JustTomatoes.com.xml
index adb74bd7bc49..db84b6303515 100644
--- a/src/chrome/content/rules/JustTomatoes.com.xml
+++ b/src/chrome/content/rules/JustTomatoes.com.xml
@@ -1,4 +1,11 @@
-<ruleset name="JustTomatoes.com" platform="mixedcontent">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://justtomatoes.com/ => https://www.justtomatoes.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.justtomatoes.com/ => https://www.justtomatoes.com/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="JustTomatoes.com" platform="mixedcontent" default_off="failed ruleset test">
   <target host="justtomatoes.com" />
   <target host="www.justtomatoes.com" />
 
diff --git a/src/chrome/content/rules/Just_Apple.com.xml b/src/chrome/content/rules/Just_Apple.com.xml
deleted file mode 100644
index de331f59188f..000000000000
--- a/src/chrome/content/rules/Just_Apple.com.xml
+++ /dev/null
@@ -1,31 +0,0 @@
-<!--
-	Problematic subdomains:
-
-		- ^	(refused)
-
-
-	Mixed content:
-
-		- css, on www from:
-
-			- www *
-			- fonts.googleapis.com *
-
-		- Images on www from www *
-
-	* Secured by us
-
--->
-<ruleset name="Just Apple.com (false MCB)" platform="mixedcontent">
-
-	<target host="justapple.com" />
-	<target host="*.justapple.com" />
-
-
-	<securecookie host="^\.justapple\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?justapple\.com/"
-		to="https://www.justapple.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Just_Security.org.xml b/src/chrome/content/rules/Just_Security.org.xml
new file mode 100644
index 000000000000..c13347d0b598
--- /dev/null
+++ b/src/chrome/content/rules/Just_Security.org.xml
@@ -0,0 +1,22 @@
+<!--
+	^justsecurity.org: Refused
+
+-->
+<ruleset name="Just Security.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.justsecurity.org" />
+
+	<!--	Complications:
+				-->
+	<target host="justsecurity.org" />
+
+
+	<rule from="^http://justsecurity\.org/"
+		to="https://www.justsecurity.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Justaguy.pw.xml b/src/chrome/content/rules/Justaguy.pw.xml
new file mode 100644
index 000000000000..b4fef9bbfaea
--- /dev/null
+++ b/src/chrome/content/rules/Justaguy.pw.xml
@@ -0,0 +1,19 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://justaguy.pw/ => https://justaguy.pw/: (28, 'Connection timed out after 20015 milliseconds')
+Fetch error: http://services.justaguy.pw/ => https://services.justaguy.pw/: (28, 'Connection timed out after 20009 milliseconds')
+Fetch error: http://www.justaguy.pw/ => https://www.justaguy.pw/: (6, 'Could not resolve host: www.justaguy.pw')
+
+-->
+<ruleset name="Justaguy.pw" default_off="failed ruleset test">
+
+	<target host="justaguy.pw" />
+	<target host="services.justaguy.pw" />
+	<target host="www.justaguy.pw" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Justia.com.xml b/src/chrome/content/rules/Justia.com.xml
new file mode 100644
index 000000000000..e2a3241431f6
--- /dev/null
+++ b/src/chrome/content/rules/Justia.com.xml
@@ -0,0 +1,161 @@
+<!--
+	This website has both a wildcard DNS record and a wildcard certificate, thus enumerating all valid subdomains is impossible.
+-->
+<ruleset name="Justia.com (partial)">
+	<target host="justia.com" />
+	<target host="www.justia.com" />
+	<target host="0.justia.com" />
+	<target host="abablawgsearch.justia.com" />
+	<target host="accounts.justia.com" />
+	<target host="answers.justia.com" />
+	<target host="ar.justia.com" />
+	<target host="argentina.justia.com" />
+	<target host="docs.argentina.justia.com" />
+	<target host="www.docs.argentina.justia.com" />
+	<target host="auto.justia.com" />
+	<target host="auto-recalls.justia.com" />
+	<target host="autos.justia.com" />
+	<target host="bankruptcy.justia.com" />
+	<target host="belize.justia.com" />
+	<target host="blawgsearch.justia.com" />
+	<target host="blawgsfm.justia.com" />
+	<target host="blog.justia.com" />
+	<target host="blogs4.justia.com" />
+	<target host="blogsearch.justia.com" />
+	<target host="bo.justia.com" />
+	<target host="bol.justia.com" />
+	<target host="bolivia.justia.com" />
+	<target host="docs.bolivia.justia.com" />
+	<target host="www.docs.bolivia.justia.com" />
+	<target host="br.justia.com" />
+	<target host="bra.justia.com" />
+	<target host="brand.justia.com" />
+	<target host="brasil.justia.com" />
+	<target host="brazil.justia.com" />
+	<target host="bz.justia.com" />
+	<target host="cases.justia.com" />
+	<target host="chile.justia.com" />
+	<target host="cl.justia.com" />
+	<target host="clientvideos.justia.com" />
+	<target host="co.justia.com" />
+	<target host="col.justia.com" />
+	<target host="colombia.justia.com" />
+	<target host="company.justia.com" />
+	<target host="companyprofile.justia.com" />
+	<target host="companyprofiles.justia.com" />
+	<target host="contracts.justia.com" />
+	<target host="costa-rica.justia.com" />
+	<target host="costarica.justia.com" />
+	<target host="cr.justia.com" />
+	<target host="cri.justia.com" />
+	<target host="cu.justia.com" />
+	<target host="cub.justia.com" />
+	<target host="cuba.justia.com" />
+	<target host="d.justia.com" />
+	<target host="daily.justia.com" />
+	<target host="design.justia.com" />
+	<target host="dir.justia.com" />
+	<target host="directory.justia.com" />
+	<target host="do.justia.com" />
+	<target host="docfiles.justia.com" />
+	<target host="docket.justia.com" />
+	<target host="dockets.justia.com" />
+	<target host="docketsupport.justia.com" />
+	<target host="docs.justia.com" />
+	<target host="dom.justia.com" />
+	<target host="dominican-republic.justia.com" />
+	<target host="ec.justia.com" />
+	<target host="ecu.justia.com" />
+	<target host="ecuador.justia.com" />
+	<target host="docs.ecuador.justia.com" />
+	<target host="www.docs.ecuador.justia.com" />
+	<target host="editing.justia.com" />
+	<target host="el-salvador.justia.com" />
+	<target host="elsalvador.justia.com" />
+	<target host="fairuse.justia.com" />
+	<target host="fairusealpha.justia.com" />
+	<target host="formfiles.justia.com" />
+	<target host="forms.justia.com" />
+	<target host="free-jweb.justia.com" />
+	<target host="gao.justia.com" />
+	<target host="gt.justia.com" />
+	<target host="gtm.justia.com" />
+	<target host="guatemala.justia.com" />
+	<target host="helpdesk.justia.com" />
+	<target host="hn.justia.com" />
+	<target host="hnd.justia.com" />
+	<target host="honduras.justia.com" />
+	<target host="jobs.justia.com" />
+	<target host="jweb.justia.com" />
+	<target host="jweb-cms.justia.com" />
+	<target host="jwfeeds.justia.com" />
+	<target host="www.jwfeeds.justia.com" />
+	<target host="law.justia.com" />
+	<target host="lawblog.justia.com" />
+	<target host="lawblogsearch.justia.com" />
+	<target host="laws.justia.com" />
+	<target host="lawschools.justia.com" />
+	<target host="lawyers.justia.com" />
+	<target host="legalbirds.justia.com" />
+	<target host="lists.justia.com" />
+	<target host="marketing.justia.com" />
+	<target host="mexico.justia.com" />
+	<target host="docs.mexico.justia.com" />
+	<target host="www.docs.mexico.justia.com" />
+	<target host="mx.justia.com" />
+	<target host="news.justia.com" />
+	<target host="ni.justia.com" />
+	<target host="nic.justia.com" />
+	<target host="nicaragua.justia.com" />
+	<target host="onward.justia.com" />
+	<target host="pa.justia.com" />
+	<target host="pan.justia.com" />
+	<target host="panama.justia.com" />
+	<target host="docs.panama.justia.com" />
+	<target host="www.docs.panama.justia.com" />
+	<target host="paraguay.justia.com" />
+	<target host="docs.paraguay.justia.com" />
+	<target host="www.docs.paraguay.justia.com" />
+	<target host="patents.justia.com" />
+	<target host="pe.justia.com" />
+	<target host="per.justia.com" />
+	<target host="peru.justia.com" />
+	<target host="portfolio.justia.com" />
+	<target host="professionals.justia.com" />
+	<target host="profile-images.justia.com" />
+	<target host="py.justia.com" />
+	<target host="qa.justia.com" />
+	<target host="recall-warnings.justia.com" />
+	<target host="recalls.justia.com" />
+	<target host="regulations.justia.com" />
+	<target host="docs.regulations.justia.com" />
+	<target host="www.docs.regulations.justia.com" />
+	<target host="republica-dominicana.justia.com" />
+	<target host="docs.republica-dominicana.justia.com" />
+	<target host="www.docs.republica-dominicana.justia.com" />
+	<target host="rss-auto-recalls.justia.com" />
+	<target host="seo.justia.com" />
+	<target host="statecasefiles.justia.com" />
+	<target host="statecases.justia.com" />
+	<target host="statecodesfiles.justia.com" />
+	<target host="static.justia.com" />
+	<target host="stats.justia.com" />
+	<target host="support.justia.com" />
+	<target host="supreme.justia.com" />
+	<target host="sv.justia.com" />
+	<target host="techlaw.justia.com" />
+	<target host="test2.justia.com" />
+	<target host="tools.justia.com" />
+	<target host="trademarks.justia.com" />
+	<target host="uruguay.justia.com" />
+	<target host="docs.uruguay.justia.com" />
+	<target host="www.docs.uruguay.justia.com" />
+	<target host="uy.justia.com" />
+	<target host="ve.justia.com" />
+	<target host="ven.justia.com" />
+	<target host="venezuela.justia.com" />
+	<target host="verdict.justia.com" />
+	<target host="virtualchase.justia.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Justia.xml b/src/chrome/content/rules/Justia.xml
deleted file mode 100644
index dc5793fd1fbc..000000000000
--- a/src/chrome/content/rules/Justia.xml
+++ /dev/null
@@ -1,33 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- company	(redirects to www)
-		- docketsupport	(ditto)
-		- forms
-		- verdict
-
-
-	Problematic subdomains:
-
-		- (www.)blogs	(times out)
-
--->
-<ruleset name="Justia (partial)" platform="mixedcontent">
-
-	<target host="justia.com" />
-	<target host="*.justia.com" />
-
-
-	<securecookie host="^.*\.justia\.com$" name=".*" />
-
-
-	<rule from="^http://((?:accounts|answers|blawgsearch|blawgsfm|daily|dockets|docs|law|lawyers|marketing|supreme|www)\.)?justia\.com/"
-		to="https://$1justia.com/" />
-
-	<rule from="^http://(?:www\.)?blogs\.justia\.com/"
-		to="https://marketing.justia.com/content-lawyer-blogs.html" />
-
-	<rule from="^https?://(clientvideos|profile-images|statecasefiles|static)\.justia\.com/"
-		to="https://s3.amazonaws.com/$1.justia.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/JusticeForStrumia.org.xml b/src/chrome/content/rules/JusticeForStrumia.org.xml
new file mode 100644
index 000000000000..e1033b864d64
--- /dev/null
+++ b/src/chrome/content/rules/JusticeForStrumia.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="JusticeForStrumia.org">
+	<target host="justiceforstrumia.org" />
+	<target host="www.justiceforstrumia.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/JusticeMail.xml b/src/chrome/content/rules/JusticeMail.xml
index cdae3ef8cf62..84f126fc9581 100644
--- a/src/chrome/content/rules/JusticeMail.xml
+++ b/src/chrome/content/rules/JusticeMail.xml
@@ -1,5 +1,13 @@
-<ruleset name="mail.justice.com">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://mail.justice.com/ => https://mail.justice.com/: (51, "SSL: no alternative certificate subject name matches target host name 'mail.justice.com'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://mail.justice.com/ => https://mail.justice.com/: (51, "SSL: no alternative certificate subject name matches target host name 'mail.justice.com'")
+-->
+<ruleset name="mail.justice.com" default_off="failed ruleset test">
   <target host="mail.justice.com" />
-  <securecookie host="^(.+\.)?justice\.com$" name=".*"/>
-  <rule from="^http://mail\.justice\.com/" to="https://mail.justice.com/"/>
+  <securecookie host=".+" name=".+" />
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Justin.tv.xml b/src/chrome/content/rules/Justin.tv.xml
deleted file mode 100644
index 64adc63cb050..000000000000
--- a/src/chrome/content/rules/Justin.tv.xml
+++ /dev/null
@@ -1,55 +0,0 @@
-<!--
-	CDN buckets:
-
-		- ttv-backgroundart.s3.amazonaws.com
-
-
-	Nonfunctional domains:
-
-		- www.justin.tv *
-		- www.twitch.tv *
-
-	* Times out
-
-
-	Problematic jtvnw.net subdomains:
-
-		- s *
-		- static	(mismatched, CN: *.justin.tv)
-		- www-cdn *
-		- blog.justin.tv	(wordpress)
-
-	* Times out
-
-
-	Fully covered domains:
-
-		- jtvnw.net subdomains:
-
-			- s		(→ static.justin.tv)
-			- static	(→ static.justin.tv)
-			- static-cdn	(→ static.justin.tv)
-
-		- justin.tv
-		- static.justin.tv
-		- (www.)twitch.tv
-
--->
-<ruleset name="Justin.tv (partial)">
-
-	<target host="*.jtvnw.net" />
-	<target host="justin.tv" />
-	<target host="static.justin.tv" />
-	<target host="twitch.tv" />
-
-
-	<rule from="^https?://s(?:tatic(?:-cdn)?)?\.jtvnw\.net/"
-		to="https://static.justin.tv/" />
-
-	<rule from="^https?://www-cdn\.jtvnw\.net/"
-		to="https://justin.tv/" />
-
-	<rule from="^http://(static\.)?(justin|twitch)\.tv/"
-		to="https://$1$2.tv/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Justmoon.net.xml b/src/chrome/content/rules/Justmoon.net.xml
index 19515feb7c2b..f61b6e560c4d 100644
--- a/src/chrome/content/rules/Justmoon.net.xml
+++ b/src/chrome/content/rules/Justmoon.net.xml
@@ -8,7 +8,6 @@
 	<target host="www.justmoon.net" />
 
 
-	<rule from="^http://(?:www\.)?justmoon\.net/"
-		to="https://justmoon.net/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Jwpsrv.com.xml b/src/chrome/content/rules/Jwpsrv.com.xml
new file mode 100644
index 000000000000..52c964d8fbb8
--- /dev/null
+++ b/src/chrome/content/rules/Jwpsrv.com.xml
@@ -0,0 +1,18 @@
+<!--
+	For other LongTail coverage, see LongTail.xml.
+
+-->
+<ruleset name="JWPsrv.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="jwpsrv.com" />
+	<target host="assets-jpcust.jwpsrv.com" />
+
+		<test url="http://assets-jpcust.jwpsrv.com/thumbs/Ca2Dzmmo-720.jpg" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Jxself.org.xml b/src/chrome/content/rules/Jxself.org.xml
new file mode 100644
index 000000000000..b03aface8af7
--- /dev/null
+++ b/src/chrome/content/rules/Jxself.org.xml
@@ -0,0 +1,12 @@
+<ruleset name="jxself.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="jxself.org" />
+	<target host="www.jxself.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Jyllands-Posten.dk.xml b/src/chrome/content/rules/Jyllands-Posten.dk.xml
new file mode 100644
index 000000000000..6f3f74888c04
--- /dev/null
+++ b/src/chrome/content/rules/Jyllands-Posten.dk.xml
@@ -0,0 +1,38 @@
+<!--
+	Mixed content:
+
+		- Images from (www.) ¹
+
+		- Ads/bugs, from:
+
+			- s7.addthis.com ¹
+			- adserver.adtech.de ¹
+			- code2.adtlgc.com ²
+			- b.scorecardresearch.com ¹
+			- kt.tns-gallup.dk ³
+			- cdn.videoplaza.tv ⁴
+
+	¹ Secured by us
+	² Unsecurable <= interrupted
+	³ Unsecurable <= refused
+	⁴ Unsecurable <= 504, akamai
+
+-->
+<ruleset name="Jyllands-Posten.dk">
+
+	<target host="jyllands-posten.dk" />
+	<target host="www.jyllands-posten.dk" />
+
+		<!--	Breaks third party content (see GH #1809)
+								-->
+		<exclusion pattern="^http://jyllands-posten\.dk/proxy/cdb/" />
+
+			<!--	+ve:
+					-->
+			<test url="http://jyllands-posten.dk/proxy/cdb/" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/K2s.cc.xml b/src/chrome/content/rules/K2s.cc.xml
new file mode 100644
index 000000000000..57f06d5253c7
--- /dev/null
+++ b/src/chrome/content/rules/K2s.cc.xml
@@ -0,0 +1,9 @@
+<ruleset name="K2s.cc">
+  <target host="k2s.cc" />
+  <target host="www.k2s.cc" />
+  <target host="keep2share.cc" />
+  <target host="www.keep2share.cc" />
+
+  <rule from="^http://(?:www\.)?k2s\.cc/" to="https://k2s.cc/" />
+  <rule from="^http://(?:www\.)?keep2share\.cc/" to="https://k2s.cc/" />
+</ruleset>
diff --git a/src/chrome/content/rules/KAKAO.com.xml b/src/chrome/content/rules/KAKAO.com.xml
new file mode 100644
index 000000000000..ff212dd24b21
--- /dev/null
+++ b/src/chrome/content/rules/KAKAO.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="KAKAO.com (partial)">
+	<target host="kakao.com" />
+	<target host="www.kakao.com" />
+	<target host="map.kakao.com" />
+	<target host="page.kakao.com" />
+	<target host="story.kakao.com" />
+	<target host="translate.kakao.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/KAKAO.xml b/src/chrome/content/rules/KAKAO.xml
deleted file mode 100644
index e9646d51b310..000000000000
--- a/src/chrome/content/rules/KAKAO.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	Cert only matches *.kakao.com
-
--->
-<ruleset name="KAKAO">
-
-	<target host="kakao.com" />
-	<target host="www.kakao.com" />
-
-
-	<rule from="^https?://(?:www\.)?kakao\.com/"
-		to="https://www.kakao.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/KASserver.com.xml b/src/chrome/content/rules/KASserver.com.xml
index fedfa0816432..da4e59a3681a 100644
--- a/src/chrome/content/rules/KASserver.com.xml
+++ b/src/chrome/content/rules/KASserver.com.xml
@@ -3,7 +3,6 @@
 	<target host="kasserver.com" />
 	<target host="www.kasserver.com" />
 
-	<rule from="^http://(www\.)?kasserver\.com/"
-		to="https://$1kasserver.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/KAU.se-problematic.xml b/src/chrome/content/rules/KAU.se-problematic.xml
index 28dde6a21851..89f5dbb47269 100644
--- a/src/chrome/content/rules/KAU.se-problematic.xml
+++ b/src/chrome/content/rules/KAU.se-problematic.xml
@@ -5,13 +5,12 @@
 <ruleset name="KAU.se (problematic)" default_off="mismatched, self-signed" platform="mixedcontent">
 
 	<target host="itsakhandbok.irt.kau.se" />
-	<target host="*.sae.kau.se" />
+	<target host="narvi.sae.kau.se" />
 
 
 	<securecookie host="^\.narvi\.sae\.kau\.se$" name=".+" />
 
 
-	<rule from="^http://(itsakhandbok\.irt|narvi\.sae)\.kau\.se/"
-		to="https://$1.kau.se/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/KBC.com.xml b/src/chrome/content/rules/KBC.com.xml
new file mode 100644
index 000000000000..364b6a3b9ff3
--- /dev/null
+++ b/src/chrome/content/rules/KBC.com.xml
@@ -0,0 +1,13 @@
+<!--
+	^: Cert only matches www
+
+-->
+<ruleset name="KBC.com">
+
+	<target host="kbc.com" />
+	<target host="www.kbc.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/KBPublisher.com.xml b/src/chrome/content/rules/KBPublisher.com.xml
new file mode 100644
index 000000000000..913951ac7903
--- /dev/null
+++ b/src/chrome/content/rules/KBPublisher.com.xml
@@ -0,0 +1,27 @@
+<!--
+	No working URL known:
+		ashubin.kbpublisher.com
+		panychek.kbpublisher.com
+		www.panychek.kbpublisher.com
+
+	Invalid certificate:
+		demo.kbpublisher.com
+		www.demo.kbpublisher.com
+		eleontev.kbpublisher.com
+		www.eleontev.kbpublisher.com
+		public.kbpublisher.com
+		www.public.kbpublisher.com
+		secure.kbpublisher.com
+
+-->
+<ruleset name="KBPublisher.com (partial)">
+
+	<target host="kbpublisher.com" />
+	<target host="www.kbpublisher.com" />
+	<target host="host.kbpublisher.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/KCC.digital.xml b/src/chrome/content/rules/KCC.digital.xml
new file mode 100644
index 000000000000..c8e5299b302d
--- /dev/null
+++ b/src/chrome/content/rules/KCC.digital.xml
@@ -0,0 +1,28 @@
+<!--
+	Kent City Council CDN
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Insecure cookies are set for these domains:
+
+		- .kcc.digital
+
+-->
+<ruleset name="KCC.digital">
+
+	<target host="assets.kcc.digital" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.kcc\.digital$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/KCC_Media_Hub.net.xml b/src/chrome/content/rules/KCC_Media_Hub.net.xml
new file mode 100644
index 000000000000..7b8508cd7163
--- /dev/null
+++ b/src/chrome/content/rules/KCC_Media_Hub.net.xml
@@ -0,0 +1,20 @@
+<!--
+	Kent City Council Media Hub
+
+	For other UK government coverage, see GOV.UK.xml.
+
+-->
+<ruleset name="KCC Media Hub.net">
+
+	<target host="kccmediahub.net" />
+	<target host="beta.kccmediahub.net" />
+	<target host="www.kccmediahub.net" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/KCVids.xml b/src/chrome/content/rules/KCVids.xml
deleted file mode 100644
index 360b0048b5ff..000000000000
--- a/src/chrome/content/rules/KCVids.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="KCVids">
-
-	<target host="kcvids.com" />
-	<target host="*.kcvids.com" />
-
-
-	<securecookie host="^\.?kcvids\.com$" name=".+" />
-
-
-	<rule from="^http://(join\.|www\.)?kcvids\.com/"
-		to="https://$1kcvids.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/KD2.us.xml b/src/chrome/content/rules/KD2.us.xml
new file mode 100644
index 000000000000..0aadd2fe1bcd
--- /dev/null
+++ b/src/chrome/content/rules/KD2.us.xml
@@ -0,0 +1,23 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://kd2.us/ => https://kd2.us/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.kd2.us/ => https://www.kd2.us/: (51, "SSL: no alternative certificate subject name matches target host name 'www.kd2.us'")
+
+	Fully covered hosts:
+
+		- (www.)?
+
+-->
+<ruleset name="KD2.us" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="kd2.us" />
+	<target host="www.kd2.us" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/KDAB.xml b/src/chrome/content/rules/KDAB.xml
index 4a4cef5ed2f0..721cc2d4b92e 100644
--- a/src/chrome/content/rules/KDAB.xml
+++ b/src/chrome/content/rules/KDAB.xml
@@ -4,7 +4,7 @@
 	<target host="www.kdab.com" />
 
 
-	<rule from="^http://(www\.)?kdab\.com/"
-		to="https://$1kdab.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/KDE-Look.org.xml b/src/chrome/content/rules/KDE-Look.org.xml
new file mode 100644
index 000000000000..a218a401374f
--- /dev/null
+++ b/src/chrome/content/rules/KDE-Look.org.xml
@@ -0,0 +1,12 @@
+<!--
+	For other openDesktop rules, see openDesktop.org.xml
+
+-->
+<ruleset name="KDE-Look.org">
+
+	<target host="kde-look.org" />
+	<target host="www.kde-look.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/KDE-apps.org.xml b/src/chrome/content/rules/KDE-apps.org.xml
new file mode 100644
index 000000000000..8360ad46fdf5
--- /dev/null
+++ b/src/chrome/content/rules/KDE-apps.org.xml
@@ -0,0 +1,12 @@
+<!--
+	For other openDesktop rules, see openDesktop.org.xml
+
+-->
+<ruleset name="KDE-apps.org">
+
+	<target host="kde-apps.org" />
+	<target host="www.kde-apps.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/KDE.xml b/src/chrome/content/rules/KDE.xml
index 39f323c647ea..6e5f87f2fc5c 100644
--- a/src/chrome/content/rules/KDE.xml
+++ b/src/chrome/content/rules/KDE.xml
@@ -1,93 +1,116 @@
+
 <!--
-	Nonfunctional subdomains:
-
-		- (www.) *
-		- akademy200[6-9] *
-		- api		(revoked)
-		- developer **
-		- docs *
-		- dolphin *
-		- downloads	(shows https://files, valid cert)
-		- edu *
-		- ev *
-		- events *
-		- jointhegame *
-		- l10n **
-		- manifesto *
-		- planet *
-		- rekonq *
-		- utils *
-		- websvn *
-		- wiki *
-
-	* Dropped
-	** Refused
-
-
-	Problematic subdomains:
-
-		- files		(some data differ)
-		- lists		(works, CN: localhost)
-		- reviewboard	(shows git.reviewboard; mismatched, CN: git.reviewboard.kde.org)
-
-
-	Partially covered subdomains:
-
-		- files
-		- userbase	(some pages redirect to http)
-
-
-	Fully covered subdomains:
-
-		- akademy201[023]
-		- amarok
-		- blogs
-
-		- bugs subdomains:
-
-			- ^
-			- admin
-			- sandbox
-
-		- cdn
-		- community
-		- conf
-		- dot
-		- forum
-		- identity
-		- mail
-		- nepomuk
-		- news
-		- projects
-		- reviewboard		(→ git.reviewboard)
-		- git.reviewboard
-		- season
-		- sprints
-		- sysadmin
-		- techbase
+	Other KDE rulesets:
 
--->
-<ruleset name="KDE (partial)">
+		- Calligra.org.xml
+		- DigiKam.org.xml
+		- KMyMoney.org.xml
+		- Krita.org.xml
+		- Planet_KDE.org.xml
+
+
+	Nonfunctional hosts in *kde.org:
+
+
+	Problematic hosts in *kde.org:
 
-	<target host="*.kde.org" />
-		<!--exclusion pattern="^http://(akademy200\d|api|developer|docs|dolphin|downloads|edu|ev|events|jointhegame|l10n|lists|manifesto|planet|rekonq|utils|websvn|wiki|www)\." /-->
-		<!--
-			Pages differ, various files 404:
-									-->
-		<!--exclusion pattern="^http://files\.kde\.org/+.+\.(btih|magnet|meta4|metalist|sha1|sha256|torrent)$" /-->
-		<exclusion pattern="^http://files\.kde\.org/+(?!.+\.(?:7z|bz2|de?b|diff|exe|dgml|dmg|dsc|gz|install|jpg|kml|meta|mp4|msc|odp|ogg|opml|otp|pdf|pl|png|sbm|scenario|sla|svg|tar|tif|tmp|txt|webm|xcf|xml|zip)|PKGBUILD)$" />
-		<exclusion pattern="^http://userbase\.kde\.org/(?!extensions/|favicon\.ico|images\.userbase/|index\.php\?title=Special:(?:Captcha/help|OpenIDLogin|UserLogin)|load\.php|skins/)" />
+		- developer ¹
 
+	¹ retired subdomain, only retained for legacy compatibility. see https://lists.eff.org/pipermail/https-everywhere/2016-January/002647.html
 
-	<!--securecookie host="^\.kde\.org$" name="^(incap_ses_\d+|visid_incap)_\d+$" /-->
-	<securecookie host="^(?!userbase\.).+\.kde\.org$" name=".+" />
-	<securecookie host="^userbase\.kde\.org$" name="^__utm\w+$" />
 
+	Insecure cookies are set for these domains and hosts:
 
-	<rule from="^http://(akademy201[023]|amarok|blogs|bugs|(?:admin|sandbox)\.bugs|cdn|community|conf|dot|forum|identity|mail|nepomuk|news|projects|season|sprints|sysadmin|techbase|userbase)\.kde\.org/"
-		to="https://$1.kde.org/" />
+		- .kde.org
+		- .akademy2010.kde.org
+		- jointhegame.kde.org
+		- quickgit.kde.org
+		- sysadmin.kde.org
 
-	<rule from="^http://(?:git\.)?reviewboard\.kde\.org/"
-		to="https://git.reviewboard.kde.org/" />
+
+	Mixed content:
+
+		- css on phonon from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="KDE.org (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="kde.org" />
+	<target host="accessibility.kde.org" />
+	<target host="akademy.kde.org" />
+	<target host="akademy2006.kde.org" />
+	<target host="akademy2007.kde.org" />
+	<target host="akademy2008.kde.org" />
+	<target host="akademy2009.kde.org" />
+	<target host="akademy2010.kde.org" />
+	<target host="akademy2012.kde.org" />
+	<target host="akademy2013.kde.org" />
+	<target host="amarok.kde.org" />
+	<target host="api.kde.org" />
+	<target host="blogs.kde.org" />
+	<target host="bugs.kde.org" />
+	<target host="build.kde.org" />
+	<target host="cdn.kde.org" />
+	<target host="cgit.kde.org" />
+	<target host="commits.kde.org" />
+	<target host="community.kde.org" />
+	<target host="conf.kde.org" />
+	<target host="conference2004.kde.org" />
+	<target host="conference2005.kde.org" />
+	<target host="conference2006.kde.org" />
+	<target host="conference2007.kde.org" />
+	<target host="conference2008.kde.org" />
+	<target host="conference2009.kde.org" />
+	<target host="devel-home.kde.org" />
+	<target host="docs.kde.org" />
+	<target host="dolphin.kde.org" />
+	<target host="dot.kde.org" />
+	<target host="edu.kde.org" />
+	<target host="ev.kde.org" />
+	<target host="events.kde.org" />
+	<target host="files.kde.org" />
+	<target host="forum.kde.org" />
+	<target host="freebsd.kde.org" />
+	<target host="identity.kde.org" />
+	<target host="jointhegame.kde.org" />
+	<target host="kopete.kde.org" />
+	<target host="lists.kde.org" />
+	<target host="mail.kde.org" />
+	<target host="manifesto.kde.org" />
+	<target host="neon.kde.org" />
+	<target host="nepomuk.kde.org" />
+	<target host="news.kde.org" />
+	<target host="phonon.kde.org" />
+	<target host="pim.kde.org" />
+	<target host="planet.kde.org" />
+	<target host="projects.kde.org" />
+	<target host="quickgit.kde.org" />
+	<target host="rekonq.kde.org" />
+	<target host="relate.kde.org" />
+	<target host="reviewboard.kde.org" />
+	<target host="git.reviewboard.kde.org" />
+	<target host="season.kde.org" />
+	<target host="solid.kde.org" />
+	<target host="sysadmin.kde.org" />
+	<target host="techbase.kde.org" />
+	<target host="userbase.kde.org" />
+	<target host="utils.kde.org" />
+	<target host="websvn.kde.org" />
+	<target host="wiki.kde.org" />
+	<target host="www.kde.org" />
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.kde\.org" name="^(?:incap_ses_\d+|visid_incap)_\d+$" /-->
+	<!--securecookie host="^jointhegame\.kde\.org$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^quickgit\.kde\.org" name="^GitPHPLocale$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/KEMI.se.xml b/src/chrome/content/rules/KEMI.se.xml
index 4ca5b8080a2b..1eb8cd759859 100644
--- a/src/chrome/content/rules/KEMI.se.xml
+++ b/src/chrome/content/rules/KEMI.se.xml
@@ -1,7 +1,13 @@
-<ruleset name="KEMI.se" platform="mixedcontent">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://kemi.se/ => https://kemi.se/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.kemi.se/ => https://www.kemi.se/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+-->
+<ruleset name="KEMI.se" platform="mixedcontent" default_off="failed ruleset test">
 	<target host="kemi.se" />
 	<target host="www.kemi.se" />
-	<rule from="^http://www\.kemi\.se/" to="https://www.kemi.se/"/>
-	<rule from="^http://kemi\.se/" to="https://kemi.se/"/>
+	<rule from="^http:" to="https:" />
 </ruleset>
 
diff --git a/src/chrome/content/rules/KETrade.com.sg.xml b/src/chrome/content/rules/KETrade.com.sg.xml
new file mode 100644
index 000000000000..3f5bb21857a7
--- /dev/null
+++ b/src/chrome/content/rules/KETrade.com.sg.xml
@@ -0,0 +1,30 @@
+<!--
+	For other Maybank coverage, see Maybank.com.xml
+
+
+	Non-functional subdomains:
+
+		- g02	(r)
+		- g03	(t)
+		- m	(m)
+		- www.mke	(r)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="KETrade.com.sg">
+
+	<target host="www.ketrade.com.sg" />
+	<target host="mobile.ketrade.com.sg" />
+	<target host="mobileapp.ketrade.com.sg" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/KFWebs.net.xml b/src/chrome/content/rules/KFWebs.net.xml
new file mode 100644
index 000000000000..854e95b3eda5
--- /dev/null
+++ b/src/chrome/content/rules/KFWebs.net.xml
@@ -0,0 +1,13 @@
+<!--
+	Self-signed:
+		- keys2
+-->
+
+<ruleset name="KFWebs.net">
+	<target host="kfwebs.net" />
+	<target host="www.kfwebs.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/KGNB.am.xml b/src/chrome/content/rules/KGNB.am.xml
index 96274dc27e24..bd7319683788 100644
--- a/src/chrome/content/rules/KGNB.am.xml
+++ b/src/chrome/content/rules/KGNB.am.xml
@@ -9,13 +9,12 @@
 <ruleset name="KGNB.am">
 
 	<target host="kgnb.am" />
-	<target host="*.kgnb.am" />
+	<target host="www.kgnb.am" />
 
 
 	<securecookie host="^\.kgnb\.am$" name=".+" />
 
 
-	<rule from="^http://(www\.)?kgnb\.am/"
-		to="https://$1kgnb.am/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/KH.hu.xml b/src/chrome/content/rules/KH.hu.xml
new file mode 100644
index 000000000000..22428eda35f0
--- /dev/null
+++ b/src/chrome/content/rules/KH.hu.xml
@@ -0,0 +1,79 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://mi-vsp2.kh.hu/ => https://mi-vsp2.kh.hu/: (35, 'Unknown SSL protocol error in connection to mi-vsp2.kh.hu:443 ')
+
+
+	Valid site, broken https:
+
+		Timeout:
+			- aliases.kh.hu
+			- khb.hu (redirects www.khb.hu)
+			- enkartya.khb.hu
+			- www.enkartya.khb.hu
+			- www.szepkartya.kh.hu (redirects szepkartya.kh.hu)
+			- alapok.khb.hu
+			- job.khb.hu
+
+	No content, broken https:
+
+		Timeout:
+			- rtitest.kh.hu
+			- biztosnetwsact.kh.hu
+
+		Invalid certificate:
+			- mi-sentry-test.kh.hu (http redirects to https)
+			- edma.khb.hu (http timeout)
+
+		Broken https (reset):
+			- im.kh.hu (http empty)
+
+-->
+<ruleset name="K&amp;H Bank (HU)" default_off="failed ruleset test">
+	<!-- Online banking and administration -->
+	<target host="ebank.kh.hu" />
+	<target host="faktor.kh.hu" />
+	<target host="jeti.kh.hu" />
+	<target host="kbcrtu.kh.hu" />
+	<target host="ugyfelportal.kh.hu" />
+	<target host="partner.kh.hu" />
+	<target host="portal.kh.hu" />
+	<target host="webelectra.kh.hu" />
+	<target host="www.beszerzes.khb.hu" />
+	<target host="ebank.khb.hu" />
+	<target host="www.ebank.khb.hu" />
+	<!-- Webpage and infosites -->
+	<target host="kh.hu" />
+	<target host="www.kh.hu" />
+	<target host="karrier.kh.hu" />
+	<target host="szepkartya.kh.hu" />
+	<target host="www.szepkartya.kh.hu" /> <!-- http redirect -->
+	<target host="www.enkartya.tervezes.kh.hu" />
+	<target host="khb.hu" /> <!-- http redirect-->
+	<target host="www.khb.hu" />
+	<!-- No content -->
+	<target host="biztosnetws.kh.hu" />
+	<target host="biztosnetwsact.kh.hu" /> <!-- http timeout -->
+	<target host="cawo.kh.hu" />
+	<target host="cawo-uat.kh.hu" /> <!-- http timeout -->
+	<target host="engedmenyes.kh.hu" />
+	<target host="www.flexims.kh.hu" />
+	<target host="kbcrtulra.kh.hu" />
+	<target host="lyncdiscover.kh.hu" /> <!-- http timeout -->
+	<target host="mi-vsp.kh.hu" /> <!-- http timeout -->
+	<target host="mi-vsp2.kh.hu" /> <!-- http timeout -->
+	<target host="mobilebank.kh.hu" />
+	<target host="partnerws.kh.hu" /> <!-- http reset -->
+	<target host="partnerwsact.kh.hu" /> <!-- http timeout -->
+
+
+
+	<!-- http redirects -->
+	<rule from="^http://www\.szepkartya\.kh\.hu/"
+			to="https://szepkartya.kh.hu/" />
+	<rule from="^http://khb\.hu/"
+			to="https://www.khb.hu/" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/KHN.nl.xml b/src/chrome/content/rules/KHN.nl.xml
deleted file mode 100644
index 73bfb1cb64cd..000000000000
--- a/src/chrome/content/rules/KHN.nl.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	Koninklijke Horeca Nederland
-
--->
-<ruleset name="KHN.nl">
-
-	<target host="khn.nl" />
-	<target host="*.khn.nl" />
-
-
-	<securecookie host="^(?:ox|www)\.khn\.nl$" name=".+" />
-
-
-	<!--	^ redirects to www over http,
-		so copy that behavior:
-					-->
-	<rule from="^http://(?:www\.)?khn\.nl/"
-		to="https://www.khn.nl/" />
-
-	<rule from="^http://ox\.khn\.nl/"
-		to="https://ox.khn.nl/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/KHOC.co.xml b/src/chrome/content/rules/KHOC.co.xml
index 6116f24b0c89..620d14af115f 100644
--- a/src/chrome/content/rules/KHOC.co.xml
+++ b/src/chrome/content/rules/KHOC.co.xml
@@ -1,4 +1,10 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://khoc.co/ => https://www.khoc.co/: (7, 'Failed to connect to www.khoc.co port 443: Connection refused')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://khoc.co/ => https://www.khoc.co/: (7, 'Failed to connect to www.khoc.co port 443: Connection refused')
 	Problematic subdomains:
 
 		- ^	(interrupted)
@@ -17,10 +23,10 @@
 	* Secured by us
 
 -->
-<ruleset name="KHOC.co">
+<ruleset name="KHOC.co" default_off="failed ruleset test">
 
 	<target host="khoc.co" />
-	<target host="*.khoc.co" />
+	<target host="www.khoc.co" />
 
 
 	<securecookie host="^\.khoc\.co$" name=".+" />
diff --git a/src/chrome/content/rules/KHub.net.xml b/src/chrome/content/rules/KHub.net.xml
new file mode 100644
index 000000000000..2686d81b0651
--- /dev/null
+++ b/src/chrome/content/rules/KHub.net.xml
@@ -0,0 +1,24 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- khub.net
+		- www.khub.net
+
+-->
+<ruleset name="KHub.net">
+
+	<target host="khub.net" />
+	<target host="www.khub.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?khub\.net$" name="^(?:COOKIE_SUPPORT|GUEST_LANGUAGE_ID|JSESSIONID)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/KI.se.xml b/src/chrome/content/rules/KI.se.xml
index 3302fe0704a6..26fc8742ccb7 100644
--- a/src/chrome/content/rules/KI.se.xml
+++ b/src/chrome/content/rules/KI.se.xml
@@ -1,4 +1,20 @@
-<ruleset name="KI.se" platform="mixedcontent">
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://bibliometrics.ki.se/ (200) => https://bibliometrics.ki.se/ (404)
+Fetch error: http://cwaa.ki.se/ => https://cwaa.ki.se/: (7, 'Failed to connect to cwaa.ki.se port 443: Connection refused')
+Fetch error: http://exjobb.meb.ki.se/ => https://exjobb.meb.ki.se/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://metasearch.kib.ki.se/ => https://metasearch.kib.ki.se/: (6, 'Could not resolve host: metasearch.kib.ki.se')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://bibliometrics.ki.se/ => https://bibliometrics.ki.se/: (28, 'Connection timed out after 10000 milliseconds')
+Fetch error: http://cwaa.ki.se/ => https://cwaa.ki.se/: (7, 'Failed to connect to cwaa.ki.se port 80: Connection refused')
+Fetch error: http://exjobb.meb.ki.se/ => https://exjobb.meb.ki.se/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://fonder.ki.se/ => https://fonder.ki.se/: (28, 'Operation timed out after 15001 milliseconds with 0 bytes received')
+Fetch error: http://kib.ki.se/ => https://kib.ki.se/: (28, 'Connection timed out after 10000 milliseconds')
+Fetch error: http://metasearch.kib.ki.se/ => https://metasearch.kib.ki.se/: (6, 'Could not resolve host: metasearch.kib.ki.se')
+-->
+<ruleset name="KI.se" platform="mixedcontent" default_off="failed ruleset test">
   <target host="bibliometrics.ki.se" />
   <target host="cas.ki.se" />
   <target host="cwaa.ki.se" />
@@ -7,13 +23,6 @@
   <target host="fonder.ki.se" />
   <target host="kib.ki.se" />
   <target host="metasearch.kib.ki.se" />
-  <rule from="^http://bibliometrics\.ki\.se/" to="https://bibliometrics.ki.se/"/>
-  <rule from="^http://cas\.ki\.se/" to="https://cas.ki.se/"/>
-  <rule from="^http://cwaa\.ki\.se/" to="https://cwaa.ki.se/"/>
-  <rule from="^http://child3\.ki\.se/" to="https://child3.ki.se/"/>
-  <rule from="^http://exjobb\.meb\.ki\.se/" to="https://exjobb.meb.ki.se/"/>
-  <rule from="^http://fonder\.ki\.se/" to="https://fonder.ki.se/"/>
-  <rule from="^http://kib\.ki\.se/" to="https://kib.ki.se/"/>
-  <rule from="^http://metasearch\.kib\.ki\.se/" to="https://metasearch.kib.ki.se/"/>
+  <rule from="^http:" to="https:" />
 </ruleset>
 
diff --git a/src/chrome/content/rules/KISSinsights.xml b/src/chrome/content/rules/KISSinsights.xml
deleted file mode 100644
index 147a3e1a08e0..000000000000
--- a/src/chrome/content/rules/KISSinsights.xml
+++ /dev/null
@@ -1,29 +0,0 @@
-<!--
-	CDN buckets:
-
-		- s3.amazonaws.com/ki.js/
-		- s3.amazonaws.com/j.kissinsights.com/
-		- s3.amazonaws.com/prophet.r.kissinsights.com/
-		- s3.amazonaws.com/r.kissinsights.com/
-
-
-	ki.js sets ki_t and ki_u cookies on
-	whichever domain it is loaded from.
-
--->
-<ruleset name="KISSinsights">
-
-	<target host="kissinsights.com" />
-	<target host="*.kissinsights.com" />
-
-
-	<securecookie host="^(.*\.)?kissinsights\.com$" name=".*" />
-
-
-	<rule from="^http://(www\.)?kissinsights\.com/"
-		to="https://$1kissinsights.com/" />
-
-	<rule from="^http://([jr])\.kissinsights\.com/"
-		to="https://s3.amazonaws.com/$1.kissinsights.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/KISSmetrics.xml b/src/chrome/content/rules/KISSmetrics.xml
index fd235db3263f..4eb887bc2c3a 100644
--- a/src/chrome/content/rules/KISSmetrics.xml
+++ b/src/chrome/content/rules/KISSmetrics.xml
@@ -1,33 +1,22 @@
 <!--
-	CDN buckets:
-
-		- doug1izaerwt3.cloudfront.net
-		- s3.amazonaws.com/kmbenchmark/
-		- s3.amazonaws.com/scripts.kissmetrics.com/
-
-
-	The following wildcard cookies are set on whichever
-	domain doug1izaerwt3 is loaded from:
-
-		- km_ai
-		- km_lv
-		- km_uq
-		- kvcd
+	Invalid certificate:
+		status.kissmetrics.com
+		support.kissmetrics.com
 
 -->
-<ruleset name="KISSmetrics">
+<ruleset name="KISSmetrics.com (partial)">
 
 	<target host="kissmetrics.com" />
-	<target host="*.kissmetrics.com" />
-
-
-	<securecookie host="^.*\.kissmetrics\.com$" name=".*" />
-
+	<target host="www.kissmetrics.com" />
+	<target host="blog.kissmetrics.com" />
+	<target host="developers.kissmetrics.com" />
+	<target host="i.kissmetrics.com" />
+	<target host="scripts.kissmetrics.com" />
+	<target host="trk.kissmetrics.com" />
 
-	<rule from="^http://((?:blog|i|support|trk|www)\.)?kissmetrics\.com/"
-		to="https://$1kissmetrics.com/" />
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://scripts\.kissmetrics\.com/"
-		to="https://s3.amazonaws.com/scripts.kissmetrics.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/KIT_digital.xml b/src/chrome/content/rules/KIT_digital.xml
index 6d201a1c96f9..08e7d0c0c2ee 100644
--- a/src/chrome/content/rules/KIT_digital.xml
+++ b/src/chrome/content/rules/KIT_digital.xml
@@ -1,4 +1,11 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://kitd.com/ => https://kitd.com/: (51, "SSL: no alternative certificate subject name matches target host name 'kitd.com'")
+Fetch error: http://www.kitd.com/ => https://www.kitd.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.kitd.com'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://kitd.com/ => https://kitd.com/: (51, "SSL: no alternative certificate subject name matches target host name 'kitd.com'")
 	Nonfunctional subdomains:
 
 		- developers	(no https)
@@ -9,16 +16,15 @@
 		- ir	(works, akamai)
 
 -->
-<ruleset name="KIT digital">
+<ruleset name="KIT digital" default_off="failed ruleset test">
 
 	<target host="kitd.com" />
-	<target host="*.kitd.com" />
+	<target host="www.kitd.com" />
 
 
 	<securecookie host="^(?:www\.)?kitd\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?kitd\.com/"
-		to="https://$1kitd.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/KIXEYE.com.xml b/src/chrome/content/rules/KIXEYE.com.xml
new file mode 100644
index 000000000000..f8b496c2b5bc
--- /dev/null
+++ b/src/chrome/content/rules/KIXEYE.com.xml
@@ -0,0 +1,134 @@
+<ruleset name="KIXEYE.com (partial)">
+	<target host="kixeye.com" />
+	<target host="www.kixeye.com" />
+	<target host="looker.prod.ae.kixeye.com" />
+	<target host="webhooks.prod.analytics.aws.kixeye.com" />
+	<target host="webhooks.stage.analytics.aws.kixeye.com" />
+	<target host="vc-news-feed.prod.kxl.aws.kixeye.com" />
+	<target host="vc-news-feed-wordpress.prod.kxl.aws.kixeye.com" />
+	<target host="vc-news-feed-wordpress.stage.kxl.aws.kixeye.com" />
+	<target host="blog.kixeye.com" />
+	<target host="bp.kixeye.com" />
+	<target host="dev-mfb-vip1.bp.kixeye.com" />
+	<target host="dev-mfb-vip10.bp.kixeye.com" />
+	<target host="dev-mfb-vip11.bp.kixeye.com" />
+	<target host="dev-mfb-vip12.bp.kixeye.com" />
+	<target host="dev-mfb-vip13.bp.kixeye.com" />
+	<target host="dev-mfb-vip14.bp.kixeye.com" />
+	<target host="dev-mfb-vip15.bp.kixeye.com" />
+	<target host="dev-mfb-vip16.bp.kixeye.com" />
+	<target host="dev-mfb-vip2.bp.kixeye.com" />
+	<target host="dev-mfb-vip3.bp.kixeye.com" />
+	<target host="dev-mfb-vip4.bp.kixeye.com" />
+	<target host="dev-mfb-vip5.bp.kixeye.com" />
+	<target host="dev-mfb-vip6.bp.kixeye.com" />
+	<target host="dev-mfb-vip7.bp.kixeye.com" />
+	<target host="dev-mfb-vip8.bp.kixeye.com" />
+	<target host="dev-mfb-vip9.bp.kixeye.com" />
+	<target host="dev-sbx1.bp.kixeye.com" />
+	<target host="dev-sbx10.bp.kixeye.com" />
+	<target host="dev-sbx11.bp.kixeye.com" />
+	<target host="dev-sbx12.bp.kixeye.com" />
+	<target host="dev-sbx13.bp.kixeye.com" />
+	<target host="dev-sbx14.bp.kixeye.com" />
+	<target host="dev-sbx15.bp.kixeye.com" />
+	<target host="dev-sbx16.bp.kixeye.com" />
+	<target host="dev-sbx2.bp.kixeye.com" />
+	<target host="dev-sbx3.bp.kixeye.com" />
+	<target host="dev-sbx4.bp.kixeye.com" />
+	<target host="dev-sbx5.bp.kixeye.com" />
+	<target host="dev-sbx6.bp.kixeye.com" />
+	<target host="dev-sbx7.bp.kixeye.com" />
+	<target host="dev-sbx8.bp.kixeye.com" />
+	<target host="dev-sbx9.bp.kixeye.com" />
+	<target host="community.kixeye.com" />
+	<target host="community-dev.kixeye.com" />
+	<target host="community-stage.kixeye.com" />
+	<target host="entitlements.core.kixeye.com" />
+	<target host="game-configurations.core.kixeye.com" />
+	<target host="identity.core.kixeye.com" />
+	<target host="corp.kixeye.com" />
+	<target host="privacy.corp.kixeye.com" />
+	<target host="privacy-dev.corp.kixeye.com" />
+	<target host="bp-ar-vip.dc.kixeye.com" />
+	<target host="bp-fb-vip.dc.kixeye.com" />
+	<target host="bp-fb-wm00.dc.kixeye.com" />
+	<target host="bp-fb-wm01.dc.kixeye.com" />
+	<target host="bp-fb-wm02.dc.kixeye.com" />
+	<target host="bp-fb-wm03.dc.kixeye.com" />
+	<target host="bp-fb-wm04.dc.kixeye.com" />
+	<target host="bp-fb-wmvip0.dc.kixeye.com" />
+	<target host="bp-fb-wmvip1.dc.kixeye.com" />
+	<target host="bp-kg-vip.dc.kixeye.com" />
+	<target host="bp-kx-vip.dc.kixeye.com" />
+	<target host="bp-log-vip.dc.kixeye.com" />
+	<target host="bp-prod-admin.dc.kixeye.com" />
+	<target host="bp-prod-battle-vip.dc.kixeye.com" />
+	<target host="bp-prod-framework-vip.dc.kixeye.com" />
+	<target host="bp-prod-worldmap-vip.dc.kixeye.com" />
+	<target host="dd-lb1.kixeye.com" />
+	<target host="developers.kixeye.com" />
+	<target host="forums.kixeye.com" />
+	<target host="wcra-newsfeed.get.kixeye.com" />
+	<target host="wcra-newsfeed-stage.get.kixeye.com" />
+	<target host="helpcenter.kixeye.com" />
+	<target host="admin.dev.kxl.kixeye.com" />
+	<target host="web.dev.kxl.kixeye.com" />
+	<target host="kxl-admin.kixeye.com" />
+	<target host="kxl-avatars-cdn.kixeye.com" />
+	<target host="looker.kixeye.com" />
+	<target host="m.kixeye.com" />
+	<target host="mobile.kixeye.com" />
+	<target host="moderators.kixeye.com" />
+	<target host="monocle.kixeye.com" />
+	<target host="play.kixeye.com" />
+	<target host="wc-fb-vip.sjc.kixeye.com" />
+	<target host="wc-fb-vip-alt.sjc.kixeye.com" />
+	<target host="wc-kx-vip.sjc.kixeye.com" />
+	<target host="forums.stage.kixeye.com" />
+	<target host="play.stage.kixeye.com" />
+	<target host="support.kixeye.com" />
+	<target host="support.tools.kixeye.com" />
+	<target host="unsub.kixeye.com" />
+	<target host="vapi.kixeye.com" />
+	<target host="cherry-auw2-admin.vc.kixeye.com" />
+	<target host="cherry-auw2-api.vc.kixeye.com" />
+	<target host="cherry-auw2-kxl.vc.kixeye.com" />
+	<target host="prod-aue1-admin.vc.kixeye.com" />
+	<target host="prod-aue1-api.vc.kixeye.com" />
+	<target host="prod-aue1-fb.vc.kixeye.com" />
+	<target host="prod-aue1-kxl.vc.kixeye.com" />
+	<target host="stage-auw2-admin.vc.kixeye.com" />
+	<target host="stage-auw2-api.vc.kixeye.com" />
+	<target host="stage-auw2-kxl.vc.kixeye.com" />
+	<target host="test-auw2-admin.vc.kixeye.com" />
+	<target host="test-auw2-api.vc.kixeye.com" />
+	<target host="test-auw2-kxl.vc.kixeye.com" />
+	<target host="alliances-production.wcra.kixeye.com" />
+	<target host="alliances-stage1.wcra.kixeye.com" />
+	<target host="alliances-stage2.wcra.kixeye.com" />
+	<target host="chat-production.wcra.kixeye.com" />
+	<target host="chat-stage1.wcra.kixeye.com" />
+	<target host="chat-stage2.wcra.kixeye.com" />
+	<target host="directory-productiontools.wcra.kixeye.com" />
+	<target host="gameplay-production.wcra.kixeye.com" />
+	<target host="gameplay-stage1.wcra.kixeye.com" />
+	<target host="gameplay-stage2.wcra.kixeye.com" />
+	<target host="logconsumer-production.wcra.kixeye.com" />
+	<target host="logconsumer-stage1.wcra.kixeye.com" />
+	<target host="logconsumer-stage2.wcra.kixeye.com" />
+	<target host="messagechannels-production.wcra.kixeye.com" />
+	<target host="messagechannels-stage1.wcra.kixeye.com" />
+	<target host="messagechannels-stage2.wcra.kixeye.com" />
+	<target host="notifications-production.wcra.kixeye.com" />
+	<target host="notifications-stage1.wcra.kixeye.com" />
+	<target host="notifications-stage2.wcra.kixeye.com" />
+	<target host="worldmap-production.wcra.kixeye.com" />
+	<target host="worldmap-stage1.wcra.kixeye.com" />
+	<target host="worldmap-stage2.wcra.kixeye.com" />
+	<target host="worldmapzones-production.wcra.kixeye.com" />
+	<target host="worldmapzones-stage1.wcra.kixeye.com" />
+	<target host="worldmapzones-stage2.wcra.kixeye.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/KIXEYE.xml b/src/chrome/content/rules/KIXEYE.xml
deleted file mode 100644
index ca036e420cbe..000000000000
--- a/src/chrome/content/rules/KIXEYE.xml
+++ /dev/null
@@ -1,42 +0,0 @@
-<!--
-	bym-netdna.s3.amazonaws.com
-
-		- Equivalent to bym-fb4-s.cdn.kixeye.com
-
-	dd-fb-cdn.s3.amazonaws.com
-
-		- Equivalent to dd-fb-cdn4.kixeye.com
-
-
-	Nonfunctional domains:
-
-		- (www.)casualcollective.com
-		- old.casualcollective.com
-		- (www.)kixeye.com
-		- forums.kixeye.com	(ssl_error_rx_record_too_long)
-
--->
-<ruleset name="KIXEYE (partial)">
-
-	<target host="cdn.casualcollective.com" />
-	<target host="*.kixeye.com" />
-	<target host="*.cdn.kixeye.com" />
-
-
-	<rule from="^https?://cdn\.casualcollective\.com/"
-		to="https://s3.amazonaws.com/cdn.casualcollective.com/" />
-
-		<!--
-				- bym-vx4-s
-				- dd-fb-cdn4
-				- di-fb-cdn4
-				- gp-fb-cdn4-s
-				- wc-fb4-s
-				- bp-fb4-s.cdn
-				- bym-fb4-s.cdn
-				- wc-fb4-s.cdn
-						-->
-	<rule from="^http://(bym-vx4-s|b(?:p|ym)-fb4-s\.cdn|d[di]-fb-cdn4|gp-fb-cdn4-s|wc-fb4-s(?:\.cdn)?)\.kixeye\.com/"
-		to="https://$1.kixeye.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/KK.dk.xml b/src/chrome/content/rules/KK.dk.xml
new file mode 100644
index 000000000000..67e0f03dcb10
--- /dev/null
+++ b/src/chrome/content/rules/KK.dk.xml
@@ -0,0 +1,77 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://medarbejdere.kk.dk/ => https://medarbejdere.kk.dk/: (6, 'Could not resolve host: medarbejdere.kk.dk')
+
+	Problematic subdomains:
+		- www.blivhoert ⁴
+		- data ¹
+		- givetpraj ⁴
+		- international ²
+		- kbhkort ²
+		- www.video ³
+
+	¹: Timed out
+	²: Mixed content
+	³: Mismatched
+	⁴: Refused
+
+	Note:
+	Several subdomains under testkkms.kk.dk exist; as
+	these appear to be used only for testing, they are
+	not covered here.
+
+-->
+
+<ruleset name="KK.dk (partial)" default_off="failed ruleset test">
+
+	<target host="kk.dk" />
+	<target host="www.kk.dk" />
+
+	<target host="0kbhkort.kk.dk" />
+	<target host="1kbhkort.kk.dk" />
+	<target host="2kbhkort.kk.dk" />
+	<target host="3kbhkort.kk.dk" />
+	<target host="4kbhkort.kk.dk" />
+	<target host="5kbhkort.kk.dk" />
+	<target host="6kbhkort.kk.dk" />
+	<target host="7kbhkort.kk.dk" />
+	<target host="8kbhkort.kk.dk" />
+	<target host="9kbhkort.kk.dk" />
+
+	<target host="0gwc-kbhkort.kk.dk" />
+	<target host="1gwc-kbhkort.kk.dk" />
+	<target host="2gwc-kbhkort.kk.dk" />
+	<target host="3gwc-kbhkort.kk.dk" />
+	<target host="4gwc-kbhkort.kk.dk" />
+	<target host="5gwc-kbhkort.kk.dk" />
+	<target host="6gwc-kbhkort.kk.dk" />
+	<target host="7gwc-kbhkort.kk.dk" />
+	<target host="8gwc-kbhkort.kk.dk" />
+	<target host="9gwc-kbhkort.kk.dk" />
+
+	<target host="2200kultur.kk.dk" />
+	<target host="bibliotek.kk.dk" />
+	<target host="blaagaarden.kk.dk" />
+	<target host="borgerservice.kk.dk" />
+	<target host="dansekapellet.kk.dk" />
+	<target host="feriecamp.kk.dk" />
+	<target host="grondalmulticenter.kk.dk" />
+	<target host="halc.kk.dk" />
+	<target host="karensmindekulturhus.kk.dk" />
+	<target host="kvarterhuset.kk.dk" />
+	<target host="kulturhusetislandsbrygge.kk.dk" />
+	<target host="kulturstationen.kk.dk" />
+	<target host="medarbejdere.kk.dk" />
+	<target host="pilegaarden.kk.dk" />
+	<target host="vkc.kk.dk" />
+
+	<securecookie host="(\.|2200kultur|bibliotek|blaagaarden|borgerservice|dansekapellet|feriecamp|grondalmulticenter|halc|international|karensmindekulturhus|kvarterhuset|kulturhusetislandsbrygge|kulturstationen|medarbejder|pilegaarden|vkc|www)?\.?kk\.dk" name=".+" />
+
+	<rule from="^http://(borgerservice\.|www\.)?kk\.dk/"
+		to="https://www.kk.dk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/KKBOX.com.xml b/src/chrome/content/rules/KKBOX.com.xml
new file mode 100644
index 000000000000..2b082025128f
--- /dev/null
+++ b/src/chrome/content/rules/KKBOX.com.xml
@@ -0,0 +1,33 @@
+<!--
+	Other KKBOX rulesets:
+
+		- Eimg.com.tw.xml
+		- Kfs.io.xml
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- www from i.kfs.io *
+			- www from s.eimg.com.tw *
+
+	* Secured by us
+
+-->
+<ruleset name="KKBOX.com">
+
+	<target host="kkbox.com" />
+	<target host="www.kkbox.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.kkbox\.com$" name="^(BIGipServerPool_web-shared|laravel_session)$" /-->
+
+	<securecookie host="^www\.kkbox\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/KKH-Allianz.xml b/src/chrome/content/rules/KKH-Allianz.xml
deleted file mode 100644
index 5511f306b975..000000000000
--- a/src/chrome/content/rules/KKH-Allianz.xml
+++ /dev/null
@@ -1,5 +0,0 @@
-<ruleset name="KKH-Allianz" platform="mixedcontent">
-<target host="www.kkh-allianz.de" />
-<target host="kkh-allianz.de" />
-<rule from="^http://(?:www\.)?kkh-allianz\.de/" to="https://www.kkh-allianz.de/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/KKH.de.xml b/src/chrome/content/rules/KKH.de.xml
new file mode 100644
index 000000000000..9ff5dca2d823
--- /dev/null
+++ b/src/chrome/content/rules/KKH.de.xml
@@ -0,0 +1,18 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://stats.kkh-allianz.de/ => https://stats.kkh-allianz.de/: (60, 'SSL certificate problem: certificate has expired')
+
+        kkh-allianz.de and www.kkh-allianz.de redirect to www.kkh.de.
+
+	https://kkh-allianz.de/ and https://www.kkh-allianz.de/
+        have a wrong certificate (*.kkh.de, kkh.de),
+        so we need to handle the https redirect.
+-->
+<ruleset name="KKH.de" default_off="failed ruleset test">
+<target host="www.kkh.de" />
+<target host="kkh.de" />
+
+<rule from="^http://kkh\.de/" to="https://www.kkh.de/" />
+<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/KKH.se.xml b/src/chrome/content/rules/KKH.se.xml
index 0f040e70c358..55d7463b867d 100644
--- a/src/chrome/content/rules/KKH.se.xml
+++ b/src/chrome/content/rules/KKH.se.xml
@@ -1,7 +1,6 @@
 <ruleset name="KKH.se" platform="mixedcontent">
 	<target host="www.kkh.se" />
 	<target host="kkh.se" />
-	<rule from="^http://kkh\.se/" to="https://kkh.se/"/>
-	<rule from="^http://www\.kkh\.se/" to="https://www.kkh.se/"/>
+	<rule from="^http:" to="https:" />
 </ruleset>
 
diff --git a/src/chrome/content/rules/KKR.bund.de.xml b/src/chrome/content/rules/KKR.bund.de.xml
new file mode 100644
index 000000000000..43570e3dfde4
--- /dev/null
+++ b/src/chrome/content/rules/KKR.bund.de.xml
@@ -0,0 +1,18 @@
+<!--
+	For other bund.de coverages, see Verwaltung_Online.xml.
+-->
+<ruleset name="KKR.bund.de">
+
+	<target host="kkr.bund.de" />
+	<target host="www.kkr.bund.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<!--Invalid certificate on https://kkr.bund.de/,
+	http://kkr.bund.de/ redirects to https://www.kkr.bund.de/ -->
+	<rule from="^http://kkr\.bund\.de/"
+		to="https://www.kkr.bund.de/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/KLDP.net.xml b/src/chrome/content/rules/KLDP.net.xml
new file mode 100644
index 000000000000..d7afa39a71f9
--- /dev/null
+++ b/src/chrome/content/rules/KLDP.net.xml
@@ -0,0 +1,57 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://drupal.kldp.net/ => https://drupal.kldp.net/: (51, "SSL: no alternative certificate subject name matches target host name 'drupal.kldp.net'")
+Fetch error: http://mutt.kldp.net/ => https://mutt.kldp.net/: (51, "SSL: no alternative certificate subject name matches target host name 'mutt.kldp.net'")
+Fetch error: http://qmail.kldp.net/ => https://qmail.kldp.net/: (7, 'Failed to connect to qmail.kldp.net port 443: Connection refused')
+
+	For other KLDP coverage, see KLDP.org.xml.
+
+
+	Fully covered domains:
+
+		- kldp.net
+
+		- [\w-]+.kldp.net:
+
+			- drupal
+			- emacs
+			- gurugio
+			- ktug
+			- lisp
+			- man
+			- mutt
+			- qmail
+			- vi
+			- www
+
+
+	Mixed content:
+
+		- Image on qmail from $self *
+
+	* Secured by us
+
+
+-->
+<ruleset name="KLDP.net" default_off="failed ruleset test">
+
+	<target host="kldp.net" />
+	<target host="*.kldp.net" />
+
+		<test url="http://drupal.kldp.net/" />
+		<test url="http://emacs.kldp.net/" />
+		<test url="http://gurugio.kldp.net/" />
+		<test url="http://ktug.kldp.net/" />
+		<test url="http://lisp.kldp.net/" />
+		<test url="http://man.kldp.net/" />
+		<test url="http://mutt.kldp.net/" />
+		<test url="http://qmail.kldp.net/" />
+		<test url="http://vi.kldp.net/" />
+		<test url="http://www.kldp.net/" />
+
+
+	<rule from="^http://([\w-]+\.)?kldp\.net/"
+		to="https://$1kldp.net/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/KLDP.org.xml b/src/chrome/content/rules/KLDP.org.xml
new file mode 100644
index 000000000000..98ab5673a449
--- /dev/null
+++ b/src/chrome/content/rules/KLDP.org.xml
@@ -0,0 +1,69 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://blog.kldp.org/ => https://blog.kldp.org/: (51, "SSL: no alternative certificate subject name matches target host name 'blog.kldp.org'")
+Fetch error: http://cert.kldp.org/ => https://cert.kldp.org/: (51, "SSL: no alternative certificate subject name matches target host name 'cert.kldp.org'")
+Fetch error: http://weblog.kldp.org/ => https://weblog.kldp.org/: (51, "SSL: no alternative certificate subject name matches target host name 'weblog.kldp.org'")
+
+	Other KLDP rulesets:
+
+		- KLDP.net.xml
+
+
+	Fully covered domains:
+
+		- kldp.org
+
+		- [\w-]+.kldp.org:
+
+			- bbs
+			- blog
+			- cert
+			- css-validator
+			- feedvalidator
+			- gallery
+			- geekforum
+			- img
+			- open
+			- people
+			- weblog
+			- wiki
+			- www
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- css-validator from www.w3.org ²
+			- validator from $self ¹
+			- validator from validator.w3.org ²
+
+	¹ Secured by us
+	² Unsecurable			-
+
+-->
+<ruleset name="KLDP.org" default_off="failed ruleset test">
+
+	<target host="kldp.org" />
+	<target host="*.kldp.org" />
+
+		<test url="http://bbs.kldp.org/" />
+		<test url="http://blog.kldp.org/" />
+		<test url="http://cert.kldp.org/" />
+		<test url="http://css-validator.kldp.org/" />
+		<test url="http://feedvalidator.kldp.org/" />
+		<test url="http://gallery.kldp.org/" />
+		<test url="http://geekforum.kldp.org/" />
+		<test url="http://img.kldp.org/" />
+		<test url="http://open.kldp.org/" />
+		<test url="http://people.kldp.org/" />
+		<test url="http://weblog.kldp.org/" />
+		<test url="http://wiki.kldp.org/" />
+		<test url="http://www.kldp.org/" />
+
+
+	<rule from="^http://([\w-]+\.)?kldp\.org/"
+		to="https://$1kldp.org/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/KLM.xml b/src/chrome/content/rules/KLM.xml
index 01de916c4fe0..797f3ac2f1dc 100644
--- a/src/chrome/content/rules/KLM.xml
+++ b/src/chrome/content/rules/KLM.xml
@@ -1,9 +1,15 @@
-<ruleset name="KLM" platform="mixedcontent">
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://klm.com/ (200) => https://www.klm.com/ (403)
+
+-->
+<ruleset name="KLM" platform="mixedcontent" default_off="failed ruleset test">
   <target host="klm.com" />
-  <target host="*.klm.com" />
+  <target host="mobile.klm.com" />
+  <target host="www.klm.com" />
 
   <rule from="^http://klm\.com/"
           to="https://www.klm.com/" />
-  <rule from="^http://(mobile|www)\.klm\.com/"
-          to="https://$1.klm.com/" />
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/KMyMoney.org.xml b/src/chrome/content/rules/KMyMoney.org.xml
new file mode 100644
index 000000000000..6b68d68fdcf1
--- /dev/null
+++ b/src/chrome/content/rules/KMyMoney.org.xml
@@ -0,0 +1,16 @@
+<!--
+	For other KDE coverage, see KDE.xml.
+
+-->
+<ruleset name="KMyMoney.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="kmymoney.org" />
+	<target host="www.kmymoney.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/KNET.cn.xml b/src/chrome/content/rules/KNET.cn.xml
new file mode 100644
index 000000000000..e252031d294f
--- /dev/null
+++ b/src/chrome/content/rules/KNET.cn.xml
@@ -0,0 +1,57 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://sso.knet.cn/ => https://sso.knet.cn/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://ts.knet.cn/ => https://ts.knet.cn/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://vip.knet.cn/ => https://vip.knet.cn/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://yida.knet.cn/ => https://yida.knet.cn/: (60, 'SSL certificate problem: certificate has expired')
+
+	Dropped:
+		- jubao *
+		- t *
+
+	Mismatch:
+		- (www.)?
+		- rr
+		- ts
+		- yida
+		- zt *
+
+	Redirect to http:
+		- dmp
+		- domain
+		- ecert
+		- kexin
+		- kx
+		- name
+		- api.q
+		- \d+.waw.q
+		- seal
+		- shenqing
+		- wz
+		- xiaodong
+		- zhangshang
+
+	Insecure cookies are set for these domains:
+
+		- ss.knet.cn
+
+-->
+<ruleset name="KNET.cn (partial)" default_off="failed ruleset test">
+
+	<target host="gtld.knet.cn" />
+	<target host="kxlogo.knet.cn" />
+	<target host="ss.knet.cn" />
+	<target host="sso.knet.cn" />
+		<test url="http://sso.knet.cn/jcaptcha.do" />
+	<target host="ts.knet.cn" />
+	<target host="vip.knet.cn" />
+	<target host="yida.knet.cn" />
+	<target host="zdns.knet.cn" />
+		<test url="http://zdns.knet.cn/user/Login!loginInput.shtml" />
+
+	<securecookie host="^ss\.knet\.cn$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/KOLRanking.com.xml b/src/chrome/content/rules/KOLRanking.com.xml
new file mode 100644
index 000000000000..f7c2b29632cb
--- /dev/null
+++ b/src/chrome/content/rules/KOLRanking.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="KOLRanking.com">
+	<target host="kolranking.com" />
+	<target host="www.kolranking.com" />
+	<target host="dl.kolranking.com" />
+	<target host="images.kolranking.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/KOMO_News.xml b/src/chrome/content/rules/KOMO_News.xml
deleted file mode 100644
index bd25d1268329..000000000000
--- a/src/chrome/content/rules/KOMO_News.xml
+++ /dev/null
@@ -1,39 +0,0 @@
-<!--
-	CDN buckets:
-
-		- komobim.s3.amazonaws.com
-		- komonews.s3.amazonaws.com
-
-		- d27odwwbded9xq.cloudfront.net
-
-			- cf.komo.com
-
-		- bim.vo.llnwd.net *
-
-			- media.komonews.com
-
-		- bim-3.vo.llnwd.net *
-
-			- www.komonews.com
-
-	* .hs. doesn't exist
-
-
-	Nonfunctional subdomains:
-
-		- ^
-		- media *
-		- www *
-
-	* 400, CN: *.hs.llnwd.net
-
--->
-<ruleset name="KOMO News (partial)">
-
-	<target host="cf.komo.com" />
-
-
-	<rule from="^https?://cf\.komo\.com/"
-		to="https://d27odwwbded9xq.cloudfront.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/KOOORA.com.xml b/src/chrome/content/rules/KOOORA.com.xml
new file mode 100644
index 000000000000..fde14ab1853e
--- /dev/null
+++ b/src/chrome/content/rules/KOOORA.com.xml
@@ -0,0 +1,19 @@
+<!--
+	HTTP != HTTPS:
+		- forum.kooora.com
+-->
+<ruleset name="KOOORA.com">
+	<target host="kooora.com" />
+	<target host="www.kooora.com" />
+	<target host="img.kooora.com" />
+	<target host="m.kooora.com" />
+	<target host="o.kooora.com" />
+
+	<target host="kooora.ws" />
+	<target host="www.kooora.ws" />
+	<target host="ktv.kooora.ws" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/KOP11.com.xml b/src/chrome/content/rules/KOP11.com.xml
new file mode 100644
index 000000000000..d2c4fcf87df7
--- /dev/null
+++ b/src/chrome/content/rules/KOP11.com.xml
@@ -0,0 +1,14 @@
+<!--
+	CN: webserver.ispgateway.de
+
+-->
+<ruleset name="KOP11.com" default_off="self-signed">
+
+	<target host="kop11.com" />
+	<target host="www.kop11.com" />
+
+
+	<rule from="^http://(?:www\.)?kop11\.com/"
+		to="https://kop11.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/KOSMAS.cz.xml b/src/chrome/content/rules/KOSMAS.cz.xml
new file mode 100644
index 000000000000..8160bbe20216
--- /dev/null
+++ b/src/chrome/content/rules/KOSMAS.cz.xml
@@ -0,0 +1,8 @@
+<ruleset name="KOSMAS.cz">
+    <target host="kosmas.cz" />
+    <target host="m.kosmas.cz" />
+    <target host="www.kosmas.cz" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/KPN-expired.xml b/src/chrome/content/rules/KPN-expired.xml
index 4849ca4c94a9..aa9d91fa1655 100644
--- a/src/chrome/content/rules/KPN-expired.xml
+++ b/src/chrome/content/rules/KPN-expired.xml
@@ -10,7 +10,6 @@
 	<!--	Cookies are handled in KPN.com.xml.	-->
 
 
-	<rule from="^http://csc\.hetnet\.nl/"
-		to="https://csc.hetnet.nl/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/KPN.com.xml b/src/chrome/content/rules/KPN.com.xml
index 70a32377be6c..067a5e2d7f03 100644
--- a/src/chrome/content/rules/KPN.com.xml
+++ b/src/chrome/content/rules/KPN.com.xml
@@ -11,38 +11,35 @@
 -->
 <ruleset name="KPN">
 
-	<target host="*.hetnet.nl" />
+	<target host="netmail.hetnet.nl" />
 	<target host="kpn.com" />
-	<target host="*.kpn.com" />
+	<target host="www.kpn.com" />
 	<target host="kpn.nl" />
-	<target host="*.kpn.nl" />
-	<target host="*.kpnmail.nl" />
+	<target host="www.kpn.nl" />
+	<target host="home.kpn.nl" />
+	<target host="www.kpnmail.nl" />
+	<target host="webmail.kpnmail.nl" />
 
 
-	<securecookie host="^.*\.hetnet\.nl$" name=".*" />
-	<securecookie host="^webmail\.kpnmail\.nl$" name=".*" />
+	<securecookie host="^.*\.hetnet\.nl$" name=".+" />
+	<securecookie host="^webmail\.kpnmail\.nl$" name=".+" />
 
 
-	<rule from="^http://netmail\.hetnet\.nl/"
-		to="https://netmail.hetnet.nl/" />
 
 	<!--	- !www prints "The request did not specify a valid virtual host" over https
 		- !www redirects to www over http
 					-->
-	<rule from="^https?://(?:www\.)?kpn\.(?:com|nl)/"
+	<rule from="^http://(?:www\.)?kpn\.(?:com|nl)/"
 		to="https://www.kpn.com/" />
 
-	<rule from="^http://home\.kpn\.nl/"
-		to="https://home.kpn.nl/" />
 
 	<!--	- !www doesn't exist
 		- Cert only matches (www.)kpn
 		- Redirects like so
 				-->
-	<rule from="^https?://www\.kpnmail\.nl/"
+	<rule from="^http://www\.kpnmail\.nl/"
 		to="https://www.kpn.nl/" />
 
-	<rule from="^http://webmail\.kpnmail\.nl/"
-		to="https://webmail.kpnmail.nl/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/KPT.ch.xml b/src/chrome/content/rules/KPT.ch.xml
index 2e9c83a386c9..5cbb4068545e 100644
--- a/src/chrome/content/rules/KPT.ch.xml
+++ b/src/chrome/content/rules/KPT.ch.xml
@@ -1,7 +1,7 @@
 <ruleset name="KPT.ch">
         <target host="kpt.ch" />
         <target host="www.kpt.ch" />
-        <securecookie host="^(.*\.)?kpt\.ch$" name=".*" />
+        <securecookie host=".+" name=".+" />
 
         <rule from="^http://(?:www\.)?kpt\.ch/" to="https://www.kpt.ch/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/KProxy.xml b/src/chrome/content/rules/KProxy.xml
index 5e044436dc77..87634de6ddd1 100644
--- a/src/chrome/content/rules/KProxy.xml
+++ b/src/chrome/content/rules/KProxy.xml
@@ -1,8 +1,20 @@
 <ruleset name="KProxy.com">
 
 	<target host="kproxy.com" />
-	<!--	* for cross-domain cookie.	-->
 	<target host="*.kproxy.com" />
+	<!--	* for cross-domain cookie.	-->
+
+
+	<test url="http://server1.kproxy.com/" />
+	<test url="http://server2.kproxy.com/" />
+	<test url="http://server3.kproxy.com/" />
+	<test url="http://server4.kproxy.com/" />
+	<test url="http://server5.kproxy.com/" />
+	<test url="http://server6.kproxy.com/" />
+	<test url="http://server7.kproxy.com/" />
+	<test url="http://server8.kproxy.com/" />
+	<test url="http://server9.kproxy.com/" />
+
 
 
 	<!--	Observed cookie domains:
@@ -11,10 +23,9 @@
 			- ^.
 			- www
 				-->
-	<securecookie host="^(.*\.)?kproxy\.com$" name=".*" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(www\.)?kproxy\.com/"
-		to="https://$1kproxy.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/KQED.org.xml b/src/chrome/content/rules/KQED.org.xml
index 5ef8d65cd8a3..11b16b9c4d09 100644
--- a/src/chrome/content/rules/KQED.org.xml
+++ b/src/chrome/content/rules/KQED.org.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://u.s.kqed.org/ (200) => https://u.s.kqed.net/ (403)
+
 	Nonfunctional domains:
 
 		- blogs.kqed.org	(403/404, valid cert)
@@ -7,37 +11,37 @@
 	Problematic domains:
 
 		- u.s.kqed.org		(shows www.kqed.org; mismatched, CN: *.kqed.org)
+		- www.kqed.org ²
 
-
-	Partially covered domains:
-
-		- (www.)kqed.org	(some pages redirect to http)
-
-
-	Fully covered domains:
-
-		- a.s.kqed.net
-		- u.s.kqed.net
-		- u.s.kqed.org	(→ u.s.kqed.net)
+	² Redirects to http
 
 -->
-<ruleset name="KQED.org (partial)">
+<ruleset name="KQED.org (partial)" default_off="failed ruleset test">
 
-	<target host="*.s.kqed.net" />
+	<!--	Direct rewrites:
+				-->
+	<target host="a.s.kqed.net" />
+	<target host="u.s.kqed.net" />
 	<target host="kqed.org" />
-	<target host="*.kqed.org" />
+
+	<!--	Complications:
+				-->
+	<target host="u.s.kqed.org" />
+	<target host="www.kqed.org" />
+
+		<test url="http://www.kqed.org/assets/flash/kqedplayer.swf" />
 
 
 	<securecookie host="^\.kqed\.org$" name="^_(?:chartbeat2|_qca|_utm\w)$" />
 
 
-	<rule from="^http://(a|u)\.s\.kqed\.(?:net|org)/"
-		to="https://$1.s.kqed.net/" />
+	<rule from="^http://u\.s\.kqed\.org/"
+		to="https://u.s.kqed.net/" />
+
+	<rule from="^http://www\.kqed\.org/"
+		to="https://kqed.org/" />
 
-	<!--	^ redirects to www over http,
-		so copy that behavior:
-					-->
-	<rule from="^http://(?:www\.)?kqed\.org/(assets/|(?:controller|donate)(?:$|[?/])|favicon\.ico|lib/)"
-		to="https://www.kqed.org/$1" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/KRL_Media.nl.xml b/src/chrome/content/rules/KRL_Media.nl.xml
new file mode 100644
index 000000000000..cbdf2b71626e
--- /dev/null
+++ b/src/chrome/content/rules/KRL_Media.nl.xml
@@ -0,0 +1,12 @@
+<ruleset name="KRL Media.nl">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="krlmedia.nl" />
+	<target host="www.krlmedia.nl" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/KSA_Glass.xml b/src/chrome/content/rules/KSA_Glass.xml
deleted file mode 100644
index fe6e13222e0d..000000000000
--- a/src/chrome/content/rules/KSA_Glass.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="KSA Glass">
-
-	<target host="ksaglass.com" />
-	<target host="*.ksaglass.com" />
-
-
-	<securecookie host="^\.ksaglass\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?ksaglass\.com/"
-		to="https://$1ksaglass.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/KSH.xml b/src/chrome/content/rules/KSH.xml
index b9793d563e52..2e4405bea69a 100644
--- a/src/chrome/content/rules/KSH.xml
+++ b/src/chrome/content/rules/KSH.xml
@@ -6,6 +6,12 @@
 
 	<rule from="^http://(?:www\.)?ksh\.hu/"
 		to="https://www.ksh.hu/" />
+	
+	<!-- These pages return a 404 error when requested over HTTPS -->
+	<exclusion pattern="^http://statinfo\.ksh\.hu/Statinfo/" />
+		<test url="http://statinfo.ksh.hu/Statinfo/" />
+		<test url="http://statinfo.ksh.hu/Statinfo/themeSelector.jsp?lang=hu" />
+		<test url="http://statinfo.ksh.hu/Statinfo/QueryServlet?ha=TA2019_W" />
 
 	<rule from="^http://(statinfo|elektra)\.ksh\.hu/"
 		to="https://$1.ksh.hu/" />
diff --git a/src/chrome/content/rules/KSL.xml b/src/chrome/content/rules/KSL.xml
index 269f46da7d43..129ec1585892 100644
--- a/src/chrome/content/rules/KSL.xml
+++ b/src/chrome/content/rules/KSL.xml
@@ -1,13 +1,15 @@
 <ruleset name="KSL">
 
 	<target host="ksl.com" />
-	<target host="*.ksl.com" />
+	<target host="img.ksl.com" />
+	<target host="local.ksl.com" />
+	<target host="static.ksl.com" />
+	<target host="www.ksl.com" />
 
 
 	<securecookie host="^\.ksl\.com$" name=".+" />
 
 
-	<rule from="^http://((?:img|local|static|www)\.)?ksl\.com/"
-		to="https://$1ksl.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/KT.kz.xml b/src/chrome/content/rules/KT.kz.xml
new file mode 100644
index 000000000000..6d4bd5b26d46
--- /dev/null
+++ b/src/chrome/content/rules/KT.kz.xml
@@ -0,0 +1,6 @@
+<ruleset name="KT.kz">
+	<target host="kt.kz" />
+	<target host="www.kt.kz" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/KTAS.com.au.xml b/src/chrome/content/rules/KTAS.com.au.xml
new file mode 100644
index 000000000000..3b02fba8a110
--- /dev/null
+++ b/src/chrome/content/rules/KTAS.com.au.xml
@@ -0,0 +1,31 @@
+<!--
+	For other Coles coverage, see Coles.com.au.xml
+
+
+	Non-functional subdomains:
+
+		- insurance	(SSL connection error)
+		- myservice	(r)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="KTAS.com.au">
+
+	<target host="ktas.com.au" />
+	<target host="www.ktas.com.au" />
+	<target host="booking.ktas.com.au" />
+	<target host="bookingtest.ktas.com.au" />
+	<target host="click.e.ktas.com.au" />
+	<target host="pages.e.ktas.com.au" />
+	<target host="view.e.ktas.com.au" />
+	<target host="test.ktas.com.au" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/KTH.se.xml b/src/chrome/content/rules/KTH.se.xml
index 3c919094331c..49902842898d 100644
--- a/src/chrome/content/rules/KTH.se.xml
+++ b/src/chrome/content/rules/KTH.se.xml
@@ -1,9 +1,32 @@
+<!--
+	Royal Institute of Technology
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.kth.se
+
+-->
 <ruleset name="KTH.se">
+
+	<!--	Direct rewrites:
+				-->
   <target host="kth.se" />
-  <target host="www.kth.se" />
   <target host="intra.kth.se" />
-  <rule from="^http://kth\.se/" to="https://www.kth.se/"/>
-  <rule from="^http://www\.kth\.se/" to="https://www.kth.se/"/>
-  <rule from="^http://intra\.kth\.se/" to="https://intra.kth.se/"/>
+	<target host="new-webmail.kth.se" />
+	<target host="webmail.kth.se" />
+  <target host="www.kth.se" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.kth\.se$" name="^(?:csrftoken|tmpPersistentuserId)$" /-->
+
+	<securecookie host="^www\.kth\.se$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
 
diff --git a/src/chrome/content/rules/KTk.de.xml b/src/chrome/content/rules/KTk.de.xml
new file mode 100644
index 000000000000..495a2909e610
--- /dev/null
+++ b/src/chrome/content/rules/KTk.de.xml
@@ -0,0 +1,31 @@
+<!--
+	For other Kevag Telekom coverage, see Kevag-Telekom.de.xml.
+
+
+	(www.)?ktk.de: Shows default page
+
+-->
+<ruleset name="KTk.de">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="mein.ktk.de" />
+
+	<!--	Complications:
+				-->
+	<target host="ktk.de" />
+	<target host="www.ktk.de" />
+
+
+	<!--	Redirect keeps path and args,
+		but not forward slash:
+					-->
+	<rule from="^http://(?:www\.)?ktk\.de/+"
+		to="https://www.kevag-telekom.de/" />
+
+		<test url="http://www.ktk.de/mobilfunk" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/KUTV.com.xml b/src/chrome/content/rules/KUTV.com.xml
index fe20295542af..eba8ae654967 100644
--- a/src/chrome/content/rules/KUTV.com.xml
+++ b/src/chrome/content/rules/KUTV.com.xml
@@ -1,19 +1,10 @@
-<!--
-	CN: *.sbgnet.com
-
-
-	Mixed content:
-
-		- Web bug on (www.) from oascentral.datasphere.com
-
--->
-<ruleset name="KUTV.com" default_off="mismatched">
+<ruleset name="KUTV.com" default_off="redirects to http">
 
 	<target host="kutv.com" />
 	<target host="www.kutv.com" />
 
 
-	<rule from="^http://(?:www\.)?kutv\.com/"
-		to="https://kutv.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/KVM-VPS.com.xml b/src/chrome/content/rules/KVM-VPS.com.xml
new file mode 100644
index 000000000000..81baf5886ade
--- /dev/null
+++ b/src/chrome/content/rules/KVM-VPS.com.xml
@@ -0,0 +1,14 @@
+<!--
+	For other Rose Web Services coverage, see RoseHosting.com.xml.
+
+-->
+<ruleset name="KVM-VPS.com">
+
+	<target host="kvm-vps.com" />
+	<target host="www.kvm-vps.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/KYM-CDN.com.xml b/src/chrome/content/rules/KYM-CDN.com.xml
new file mode 100644
index 000000000000..397be50aab18
--- /dev/null
+++ b/src/chrome/content/rules/KYM-CDN.com.xml
@@ -0,0 +1,35 @@
+<!--
+	CN: ssl4159.cloudflare.com
+
+
+	Nonfunctional subdomains:
+
+		- a *
+
+	* 503
+
+-->
+<ruleset name="KYM-CDN.com">
+
+	<target host="i.kym-cdn.com" />
+		<test url="http://i.kym-cdn.com/entries/icons/mobile/000/006/363/pokemon-balls-pokeball-1920x1080-5166.jpg" />
+	
+	<target host="i0.kym-cdn.com" />
+		<test url="http://i0.kym-cdn.com/entries/icons/mobile/000/006/363/pokemon-balls-pokeball-1920x1080-5166.jpg" />
+	
+	<target host="i1.kym-cdn.com" />
+		<test url="http://i1.kym-cdn.com/entries/icons/mobile/000/006/363/pokemon-balls-pokeball-1920x1080-5166.jpg" />
+	
+	<target host="i2.kym-cdn.com" />
+		<test url="http://i2.kym-cdn.com/entries/icons/mobile/000/006/363/pokemon-balls-pokeball-1920x1080-5166.jpg" />
+	
+	<target host="i3.kym-cdn.com" />
+	<test url="http://i3.kym-cdn.com/entries/icons/mobile/000/006/363/pokemon-balls-pokeball-1920x1080-5166.jpg" />
+	
+	<target host="s.kym-cdn.com" />
+		<test url="http://s.kym-cdn.com/assets/kym-logo-fbdeb4f48d4b9e0d7f9675fa5e1e011a.png" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/KYPS.net.xml b/src/chrome/content/rules/KYPS.net.xml
deleted file mode 100644
index b902b7b997c9..000000000000
--- a/src/chrome/content/rules/KYPS.net.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!-- This rule was automatically generated based on an HSTS
-     preload rule in the Chromium browser.  See 
-     https://src.chromium.org/viewvc/chrome/trunk/src/net/base/transport_security_state.cc
-     for the list of preloads.  Sites are added to the Chromium HSTS
-     preload list on request from their administrators, so HTTPS should
-     work properly everywhere on this site.
- 
-     Because Chromium and derived browsers automatically force HTTPS for
-     every access to this site, this rule applies only to Firefox. -->
-<ruleset name="KYPS.net" platform="firefox">
-  <target host="kyps.net" />
-  <target host="www.kyps.net" />
-
-  <securecookie host="^kyps\.net$" name=".+" />
-  <securecookie host="^www\.kyps\.net$" name=".+" />
-
-  <rule from="^http://(www\.)?kyps\.net/" to="https://kyps.net/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Kaazing.com.xml b/src/chrome/content/rules/Kaazing.com.xml
new file mode 100644
index 000000000000..0850ae458e23
--- /dev/null
+++ b/src/chrome/content/rules/Kaazing.com.xml
@@ -0,0 +1,29 @@
+<!--
+	Login required:
+		demosentinel.kaazing.com
+		legacy-support.kaazing.com
+		sentinel.kaazing.com
+
+	Different content http/https:
+		developer.kaazing.com
+		tech.kaazing.com
+
+	Time out:
+		go.kaazing.com
+		installer.kaazing.com
+		tutorial.kaazing.com
+
+-->
+<ruleset name="Kaazing.com">
+
+	<target host="kaazing.com" />
+	<target host="www.kaazing.com" />
+	<target host="blog.kaazing.com" />
+	<target host="cdn.kaazing.com" />
+	<target host="download.kaazing.com" />
+	<target host="support.kaazing.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/KabelDeutschland.xml b/src/chrome/content/rules/KabelDeutschland.xml
index 1b7a4972875c..66ccb2fb0275 100644
--- a/src/chrome/content/rules/KabelDeutschland.xml
+++ b/src/chrome/content/rules/KabelDeutschland.xml
@@ -1,13 +1,27 @@
-<ruleset name="Kabel Deutschland">
-  <target host="kabeldeutschland.de" />
-  <target host="www.kabeldeutschland.de" />
-  <target host="kabelmail.de" />
-  <target host="*.kabelmail.de" />
-
-  <securecookie host="^(?:newsletter\.|sso\.|static\.|www\.)?kabelmail\.de$" name=".+" />
-
-  <rule from="^http://(?:www\.)?kabeldeutschland\.de/" to="https://www.kabeldeutschland.de/"/>
-  <rule from="^http://(?:www\.)?kabelmail\.de/" to="https://www.kabelmail.de/" />
-  <rule from="^https://kabelmail\.de/" to="https://www.kabelmail.de/" />
-  <rule from="^http://(newsletter|sso|static)\.kabelmail\.de/" to="https://$1.kabelmail.de/" />
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://newsletter.kabelmail.de/ => https://newsletter.kabelmail.de/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://static.kabelmail.de/ => https://static.kabelmail.de/: (28, 'Connection timed out after 20001 milliseconds')
+
+-->
+<ruleset name="Kabel Deutschland" default_off="failed ruleset test">
+    <target host="kabeldeutschland.de" />
+    <target host="www.kabeldeutschland.de" />
+    <target host="kabeldeutschland.com" />
+    <target host="www.kabeldeutschland.com" />
+    <target host="kabelmail.de" />
+    <target host="www.kabelmail.de" />
+    <target host="newsletter.kabelmail.de" />
+    <target host="sso.kabelmail.de" />
+    <target host="static.kabelmail.de" />
+
+    <securecookie host="^(newsletter\.|sso\.|static\.|www\.)?kabelmail\.de$" name=".+" />
+
+    <rule from="^http://(www\.)?kabeldeutschland\.de/" to="https://www.kabeldeutschland.de/"/>
+    <rule from="^http://(www\.)?kabeldeutschland\.com/" to="https://www.kabeldeutschland.com/"/>
+    <rule from="^http://(www\.)?kabelmail\.de/" to="https://www.kabelmail.de/" />
+
+    <rule from="^http:"
+            to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Kable_Media_Services.xml b/src/chrome/content/rules/Kable_Media_Services.xml
index d5df35bd7823..31531a87fe08 100644
--- a/src/chrome/content/rules/Kable_Media_Services.xml
+++ b/src/chrome/content/rules/Kable_Media_Services.xml
@@ -1,4 +1,14 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://secure2.insideknc.com/ => https://secure2.insideknc.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://kable.com/ => https://www.kable.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.kable.com/ => https://www.kable.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://secure2.insideknc.com/ => https://secure2.insideknc.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://kable.com/ => https://www.kable.com/: (6, 'Could not resolve host: kable.com')
+Fetch error: http://www.kable.com/ => https://www.kable.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 	Other Kable Media Services rulesets:
 
 		- Kable_Packaging_and_Fulfillment_Services.xml
@@ -9,7 +19,7 @@
 		- ^kable.com	(cert only matches www)
 
 -->
-<ruleset name="Kable Media Services (partial)">
+<ruleset name="Kable Media Services (partial)" default_off="failed ruleset test">
 
 	<target host="secure2.insideknc.com" />
 	<target host="kable.com" />
@@ -22,7 +32,7 @@
 	<rule from="^http://secure2\.insideknc\.com/"
 		to="https://secure2.insideknc.com/" />
 
-	<rule from="^https?://(?:www\.)?kable\.com/"
+	<rule from="^http://(?:www\.)?kable\.com/"
 		to="https://www.kable.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Kable_Packaging_and_Fulfillment_Services.xml b/src/chrome/content/rules/Kable_Packaging_and_Fulfillment_Services.xml
index 6d647de7ad36..d59393e5f53a 100644
--- a/src/chrome/content/rules/Kable_Packaging_and_Fulfillment_Services.xml
+++ b/src/chrome/content/rules/Kable_Packaging_and_Fulfillment_Services.xml
@@ -14,7 +14,7 @@
 	<securecookie host="^kablepackaging\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?kablepackaging.com/"
+	<rule from="^http://(?:www\.)?kablepackaging\.com/"
 		to="https://kablepackaging.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Kachingle.xml b/src/chrome/content/rules/Kachingle.xml
index 40ad052afb5f..7d998b784cf6 100644
--- a/src/chrome/content/rules/Kachingle.xml
+++ b/src/chrome/content/rules/Kachingle.xml
@@ -1,12 +1,24 @@
-<ruleset name="Kachingle" platform="mixedcontent">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://kachingle.com/ => https://kachingle.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.kachingle.com/ => https://www.kachingle.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://downloads.kachingle.com/ => https://downloads.kachingle.com/: (60, 'SSL certificate problem: self signed certificate')
+Fetch error: http://assets.kachingle.com/ => https://assets.kachingle.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://medallion.kachingle.com/ => https://medallion.kachingle.com/: (60, 'SSL certificate problem: certificate has expired')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://downloads.kachingle.com/ => https://downloads.kachingle.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://assets.kachingle.com/ => https://assets.kachingle.com/: (60, 'SSL certificate problem: certificate has expired')
+-->
+<ruleset name="Kachingle" platform="mixedcontent" default_off="failed ruleset test">
   <target host="kachingle.com" />
   <target host="www.kachingle.com" />
   <target host="downloads.kachingle.com" />
   <target host="assets.kachingle.com" />
   <target host="medallion.kachingle.com" />
 
-  <securecookie host="^(.+\.)?kachingle\.com$" name=".*"/>
+  <securecookie host=".+" name=".+" />
 
-  <rule from="^http://kachingle\.com/" to="https://kachingle.com/"/>
-  <rule from="^http://(www|downloads|assets|medallion)\.kachingle\.com/" to="https://$1.kachingle.com/"/>
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Kagi.xml b/src/chrome/content/rules/Kagi.xml
deleted file mode 100644
index 803128bc3a97..000000000000
--- a/src/chrome/content/rules/Kagi.xml
+++ /dev/null
@@ -1,26 +0,0 @@
-<ruleset name="Kagi">
-	<!--
-		Problematic subdomains:
-
-		images.kagi.com		Not all content works; https://images.kagi.com/Kagi_W9.pdf
-					gives a "404" error, for example.
-	-->
-	<target host="kagi.com" />
-	<target host="order.kagi.com" />
-	<target host="pq.kagi.com" />
-	<target host="secure.kagi.com" />
-	<target host="shop.kagi.com" />
-	<target host="shopkeeper.kagi.com" />
-	<target host="store.kagi.com" />
-	<target host="suppliersignup.kagi.com" />
-	<target host="support.kagi.com" />
-	<target host="www.kagi.com" />
-
-	<securecookie host="^(order|pq|secure|shop|shopkeeper|store|suppliersignup|support|www)\.kagi\.com$"
-			name=".+" />
-
-	<rule from="^http://kagi\.com/"
-		to="https://kagi.com/" />
-	<rule from="^http://(order|pq|secure|shop|shopkeeper|store|suppliersignup|support|www)\.kagi\.com/"
-		to="https://$1.kagi.com/" />
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/KaiRo.xml b/src/chrome/content/rules/KaiRo.xml
index a4b45a1ffa16..2dbec26d197f 100644
--- a/src/chrome/content/rules/KaiRo.xml
+++ b/src/chrome/content/rules/KaiRo.xml
@@ -1,20 +1,137 @@
+
 <!--
-	Nonfunctional subdomains:
+Disabled by https-everywhere-checker because:
+Fetch error: http://awsy.kairo.at/ => https://awsy.kairo.at/: (51, "SSL: no alternative certificate subject name matches target host name 'awsy.kairo.at'")
+Fetch error: http://mail.kairo.at/ => https://mail.kairo.at/: (28, 'Connection timed out after 20001 milliseconds')
+ CBSM is a software developed by kaiRo
 
-		- arts		(cert: owncload; shows owncloud's data)
-		- home		(ditto)
-		- science	(ditto)
-		- www		(ditto)
+	Cert mismatch:
+		- ns5.cbsm.at
+		- (www.)8b2000.kairo.at
+		- (www.)buergerkorps-steyr.kairo.at
+		- ns1.kairo.at
+		- (www.)oeaab.kairo.at
+		- old.kairo.at
+		- www.owncloud.kairo.at
+		- spoeck.kairo.at
+		- www.uze.kairo.at
 -->
-<ruleset name="KaiRo (partial)">
-
-	<target host="owncloud.kairo.at" />
+<ruleset name="KaiRo" default_off="failed ruleset test">
 
+	<target host="www.cbsm.at" />
+	<target host="14.cbsm.at" />
+	<target host="www.14.cbsm.at" />
+	<target host="15.cbsm.at" />
+	<target host="www.15.cbsm.at" />
+	<target host="2.cbsm.at" />
+	<target host="www.2.cbsm.at" />
+	<target host="21.cbsm.at" />
+	<target host="www.21.cbsm.at" />
+	<target host="24.cbsm.at" />
+	<target host="www.24.cbsm.at" />
+	<target host="25.cbsm.at" />
+	<target host="www.25.cbsm.at" />
+	<target host="29.cbsm.at" />
+	<target host="www.29.cbsm.at" />
+	<target host="32.cbsm.at" />
+	<target host="www.32.cbsm.at" />
+	<target host="33.cbsm.at" />
+	<target host="www.33.cbsm.at" />
+	<target host="4.cbsm.at" />
+	<target host="www.4.cbsm.at" />
+	<target host="5.cbsm.at" />
+	<target host="www.5.cbsm.at" />
+	<target host="6.cbsm.at" />
+	<target host="www.6.cbsm.at" />
+	<target host="8.cbsm.at" />
+	<target host="www.8.cbsm.at" />
+	<target host="matura97.cbsm.at" />
+	<target host="www.matura97.cbsm.at" />
+	<target host="rentyoursong.cbsm.at" />
+	<target host="www.rentyoursong.cbsm.at" />
+	<target host="roses.cbsm.at" />
+	<target host="www.roses.cbsm.at" />
 
-	<securecookie host="^owncloud\.kairo\.at$" name=".*" />
+	<target host="www.kairo.at" />
+	<target host="amrathea-test.kairo.at" />
+	<target host="www.amrathea-test.kairo.at" />
+	<target host="arts.kairo.at" />
+	<target host="www.arts.kairo.at" />
+	<target host="auth.kairo.at" />
+	<target host="www.auth.kairo.at" />
+	<target host="awsy.kairo.at" />
+	<target host="sisko.box.kairo.at" />
+	<target host="bugzilla.kairo.at" />
+	<target host="www.bugzilla.kairo.at" />
+	<target host="cbsm.kairo.at" />
+	<target host="www.cbsm.kairo.at" />
+	<target host="com.kairo.at" />
+	<target host="www.com.kairo.at" />
+	<target host="www.www.com.kairo.at" />
+	<target host="comtest.kairo.at" />
+	<target host="www.comtest.kairo.at" />
+	<target host="git.kairo.at" />
+	<target host="git-public.kairo.at" />
+	<target host="www.git-public.kairo.at" />
+	<target host="home.kairo.at" />
+	<target host="www.home.kairo.at" />
+	<target host="inconstruction.kairo.at" />
+	<target host="www.inconstruction.kairo.at" />
+	<target host="lantea.kairo.at" />
+	<target host="www.lantea.kairo.at" />
+	<target host="lantea-dev.kairo.at" />
+	<target host="www.lantea-dev.kairo.at" />
+	<target host="linz.kairo.at" />
+	<target host="mail.kairo.at" />
+	<target host="mandelbrot.kairo.at" />
+	<target host="www.mandelbrot.kairo.at" />
+	<target host="mandelbrot-dev.kairo.at" />
+	<target host="www.mandelbrot-dev.kairo.at" />
+	<target host="mozilla.kairo.at" />
+	<target host="www.mozilla.kairo.at" />
+	<target host="mozilla-deutsch.kairo.at" />
+	<target host="www.mozilla-deutsch.kairo.at" />
+	<target host="netkaiser.kairo.at" />
+	<target host="www.netkaiser.kairo.at" />
+	<target host="new.kairo.at" />
+	<target host="www.new.kairo.at" />
+	<target host="owncloud.kairo.at" />
+	<target host="piano.kairo.at" />
+	<target host="www.piano.kairo.at" />
+	<target host="piano-dev.kairo.at" />
+	<target host="www.piano-dev.kairo.at" />
+	<target host="piwik.kairo.at" />
+	<target host="resources.kairo.at" />
+	<target host="www.resources.kairo.at" />
+	<target host="science.kairo.at" />
+	<target host="www.science.kairo.at" />
+	<target host="singyoursong.kairo.at" />
+	<target host="www.singyoursong.kairo.at" />
+	<target host="slides.kairo.at" />
+	<target host="www.slides.kairo.at" />
+	<target host="sm-dev.kairo.at" />
+	<target host="www.sm-dev.kairo.at" />
+	<target host="test.kairo.at" />
+	<target host="www.test.kairo.at" />
+	<target host="tilecache.kairo.at" />
+	<target host="tilecache1.kairo.at" />
+	<target host="tilecache2.kairo.at" />
+	<target host="tilecache3.kairo.at" />
+	<target host="tilecache4.kairo.at" />
+	<target host="trek.kairo.at" />
+	<target host="www.trek.kairo.at" />
+	<target host="tricorder.kairo.at" />
+	<target host="www.tricorder.kairo.at" />
+	<target host="tricorder-dev.kairo.at" />
+	<target host="www.tricorder-dev.kairo.at" />
+	<target host="webmail.kairo.at" />
+	<target host="www.webmail.kairo.at" />
+	<target host="wickie.kairo.at" />
+	<target host="wiki.kairo.at" />
 
+	<securecookie host="^owncloud\.kairo\.at$" name=".+" />
 
-	<rule from="^http://owncloud\.kairo\.at/"
-		to="https://owncloud.kairo.at/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Kaimi.io.xml b/src/chrome/content/rules/Kaimi.io.xml
new file mode 100644
index 000000000000..4d32005a9254
--- /dev/null
+++ b/src/chrome/content/rules/Kaimi.io.xml
@@ -0,0 +1,15 @@
+<!--
+	HTTP 526:
+		- www.kaimi.* (fixed by this ruleset)
+		- forum.kaimi.ru
+-->
+
+<ruleset name="Kaimi.io">
+
+	<target host="kaimi.ru" />
+	<target host="www.kaimi.ru" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Kaiser_Systeme.xml b/src/chrome/content/rules/Kaiser_Systeme.xml
index bc7c9ac39cb8..c85cde2c475e 100644
--- a/src/chrome/content/rules/Kaiser_Systeme.xml
+++ b/src/chrome/content/rules/Kaiser_Systeme.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(www\.)?kaisersysteme\.com/(.+/image|.+/stylesheet)s/"
 		to="https://$1kaisersysteme.com/$2s/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Kaiserslautern.de.xml b/src/chrome/content/rules/Kaiserslautern.de.xml
index 86b0d653b10a..6e2f59216c43 100644
--- a/src/chrome/content/rules/Kaiserslautern.de.xml
+++ b/src/chrome/content/rules/Kaiserslautern.de.xml
@@ -1,32 +1,23 @@
 <!--
 	Nonfunctional subdomains:
 
-		- geoportal *
+		- www1 *
+		- www2 *
 		- www12 *
 
-	* Dropped
-
-
-	Expired 2013-03-01.
-
-
-	Mixed content:
-
-		- Web bug on (www.) from web2 *
-
-	* Secured by us
+	* Self-signed
 
 -->
-<ruleset name="Kaiserslautern.de (partial)" default_off="expired">
+<ruleset name="Kaiserslautern.de (partial)">
 
 	<target host="kaiserslautern.de" />
-	<target host="*.kaiserslautern.de" />
-
+	<target host="www.kaiserslautern.de" />
+	<target host="geoportal.kaiserslautern.de" />
 
 	<securecookie host="^kaiserslautern\.de$" name=".+" />
 
 
-	<rule from="^http://(?:(web2\.)|www\.)?kaiserslautern\.de/"
-		to="https://$1kaiserslautern.de/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Kalamullah.com.xml b/src/chrome/content/rules/Kalamullah.com.xml
new file mode 100644
index 000000000000..b5460e9479a3
--- /dev/null
+++ b/src/chrome/content/rules/Kalamullah.com.xml
@@ -0,0 +1,13 @@
+<!--
+	Too much mixed content blocking:
+	- mail.kalamullah.com
+
+-->
+<ruleset name="Kalamullah.com">
+	<target host="kalamullah.com" />
+	<target host="www.kalamullah.com" />
+
+	<securecookie host="^www\.kalamullah\.com$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Kaldi-ASR.org.xml b/src/chrome/content/rules/Kaldi-ASR.org.xml
new file mode 100644
index 000000000000..a043d3d260d4
--- /dev/null
+++ b/src/chrome/content/rules/Kaldi-ASR.org.xml
@@ -0,0 +1,6 @@
+<ruleset name="Kaldi-ASR.org">
+	<target host="kaldi-asr.org" />
+	<target host="www.kaldi-asr.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Kali.org.xml b/src/chrome/content/rules/Kali.org.xml
new file mode 100644
index 000000000000..d00d4e1ae02f
--- /dev/null
+++ b/src/chrome/content/rules/Kali.org.xml
@@ -0,0 +1,52 @@
+<!--
+	Insecure cookies are set for these domains:
+		- forums
+
+	Time out:
+		docs.kali.org
+		www.docs.kali.org
+		tools.kali.org
+
+	Invalid certificate:
+		*.docs.kali.org
+		downloads.kali.org
+		images.kali.org
+		security.kali.org
+
+	Refused:
+		git.kali.org
+		old.kali.org
+
+-->
+<ruleset name="Kali.org (partial)">
+
+	<target host="kali.org" />
+	<target host="www.kali.org" />
+	<target host="archive.kali.org" />
+	<target host="archive-2.kali.org" />
+	<target host="archive-3.kali.org" />
+	<target host="archive-4.kali.org" />
+	<target host="archive-5.kali.org" />
+	<target host="archive-6.kali.org" />
+	<target host="archive-7.kali.org" />
+	<target host="archive-8.kali.org" />
+	<target host="archive-9.kali.org" />
+	<target host="archive-10.kali.org" />
+	<target host="archive-11.kali.org" />
+	<target host="archive-12.kali.org" />
+	<target host="bugs.kali.org" />
+	<target host="cdimage.kali.org" />
+	<target host="forums.kali.org" />
+	<target host="http.kali.org" />
+	<target host="pkg.kali.org" />
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^forums\.kali\.org$" name="^bb_sessionhash$" /-->
+
+	<securecookie host="^forums\.kali\.org$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Kali_Linux.org.xml b/src/chrome/content/rules/Kali_Linux.org.xml
deleted file mode 100644
index a20c222a1791..000000000000
--- a/src/chrome/content/rules/Kali_Linux.org.xml
+++ /dev/null
@@ -1,34 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.) *
-		- docs *
-
-	* Dropped
-
-
-	Mixed content:
-
-		- Scripts on forums from forums *
-		- css on forums from forums *
-		- Images on forums from forums *
-
-	* Secured by us
-
-
-	NB: We secure all resources, and thus
-	platform should be removed with Ffx 24.
-
--->
-<ruleset name="Kali Linux.org (false MCB)" platform="mixedcontent">
-
-	<target host="forums.kali.org" />
-
-
-	<securecookie host="^forums\.kali\.org$" name=".+" />
-
-
-	<rule from="^http://forums\.kali\.org/"
-		to="https://forums.kali.org/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Kallithea-SCM.org.xml b/src/chrome/content/rules/Kallithea-SCM.org.xml
new file mode 100644
index 000000000000..da43b5972a86
--- /dev/null
+++ b/src/chrome/content/rules/Kallithea-SCM.org.xml
@@ -0,0 +1,10 @@
+<ruleset name="Kallithea-SCM.org">
+
+	<target host="kallithea-scm.org" />
+	<target host="www.kallithea-scm.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Kalooga.com.xml b/src/chrome/content/rules/Kalooga.com.xml
new file mode 100644
index 000000000000..cb4362143b30
--- /dev/null
+++ b/src/chrome/content/rules/Kalooga.com.xml
@@ -0,0 +1,65 @@
+<!--
+	cert mismatch:
+		- kalooga.com
+		- cdn.kalooga.com
+		- cdnnet.kalooga.com
+		- publishing.cdnnet.kalooga.com
+		- cdnnet0.kalooga.com
+		- cdnnet1.kalooga.com
+		- cdnnet2.kalooga.com
+		- cdnnet3.kalooga.com
+		- cloudfront.kalooga.com
+		- exceptions.kalooga.com
+
+	chain issues:
+		- company.kalooga.com
+		- demo.kalooga.com
+		- m.kalooga.com
+		- top.kalooga.com
+-->
+<ruleset name="Kalooga.com (partial)">
+
+	<target host="kalooga.com" />
+	<target host="www.kalooga.com" />
+
+	<target host="api.kalooga.com" />
+	<target host="apps.kalooga.com" />
+	<target host="assets.kalooga.com" />
+	<target host="backoffice.kalooga.com" />
+	<target host="bowser.kalooga.com" />
+	<target host="control.kalooga.com" />
+	<target host="corp.kalooga.com" />
+	<target host="dev1.kalooga.com" />
+	<target host="events.kalooga.com" />
+	<target host="geo.kalooga.com" />
+	<target host="grab.kalooga.com" />
+	<target host="img.kalooga.com" />
+	<target host="img0.kalooga.com" />
+	<target host="img1.kalooga.com" />
+	<target host="img2.kalooga.com" />
+	<target host="img3.kalooga.com" />
+	<target host="img4.kalooga.com" />
+	<target host="nagios.kalooga.com" />
+	<target host="origin.kalooga.com" />
+	<target host="placeholder.kalooga.com" />
+	<target host="publishing.kalooga.com" />
+	<target host="reporter.kalooga.com" />
+	<target host="signup.kalooga.com" />
+	<target host="static.kalooga.com" />
+
+	<target host="geo.kaloo.ga" />
+	<target host="img.kaloo.ga" />
+	<target host="publishing.kaloo.ga" />
+
+	<test url="http://publishing.kaloo.ga/wid/16513.js?loc=http%3A%2F%2Fwww.bz-berlin.de%2Fberlin%2Fber-zweite-anzeige-gegen-jochen-grossmann" />
+	<test url="http://img.kaloo.ga/thumb?url=http%3A%2F%2Fwww.shz.de%2Fimg%2Fwirtschaft%2Fcrop11177506%2F8806138589-cv16_9-h335%2Furn-newsml-dpa-com-20090101-151111-99-05409-large-4-3.jpg&amp;md5val=911f772734b61479440330f1140d13b4&amp;key=00f8a403a132c924d4f37b5df7818f1454f668f8&amp;size=192x140" />
+	<test url="http://publishing.kaloo.ga/acct/4455.js" />
+	<test url="http://geo.kaloo.ga/json/" />
+
+	<rule from="^http://kalooga\.com/"
+		to="https://www.kalooga.com/" />
+
+	<rule from="^http:" to="https:"/>
+
+</ruleset>
+
diff --git a/src/chrome/content/rules/Kaltura.com-falsemixed.xml b/src/chrome/content/rules/Kaltura.com-falsemixed.xml
new file mode 100644
index 000000000000..85bed5e42743
--- /dev/null
+++ b/src/chrome/content/rules/Kaltura.com-falsemixed.xml
@@ -0,0 +1,15 @@
+<!--
+	For rules not causing false/broken MCB, see Kaltura.xml.
+
+-->
+<ruleset name="Kaltura.com (false MCB)" platform="mixedcontent">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="connect.kaltura.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Kaltura.xml b/src/chrome/content/rules/Kaltura.xml
index e9c3dbc3cdb3..81b4d2f4474a 100644
--- a/src/chrome/content/rules/Kaltura.xml
+++ b/src/chrome/content/rules/Kaltura.xml
@@ -1,33 +1,132 @@
 <!--
+	Disabled per https://github.com/EFForg/https-everywhere/issues/1641
+
+
+	For rules causing false/broken MCB, see Kaltura.com-falsemixed.xml.
+
+
 	CDN buckets:
 
+		- kms-a.akamaihd.net
 		- akamai.kaltura.com.edgesuite.net/.../
 
-			- a1870.g.akamai.net/.../
-
 
 	Nonfunctional domains:
 
+		- exchange.kaltura.com ¹
+		- site.kaltura.com ²
+
 		- (www.)kaltura.org
 		- blog.kultura.org
 		- cdn.kultura.org	(Akamai; 503)
 
+	¹ Dropped
+	² Marketo
+
 
 	Problematic subdomains:
 
 		- cdnapi	(akamai)
+		- connect	(Mixed css)
+		- cdnknowledge ¹
+
+	¹ Akamai
+
+
+	These altnames don't exist:
+
+		- www.connect.kaltura.com
+		- www.knowledge.kaltura.com
+
+
+	Mixed content:
+
+		- iframe on connect from cdnapi.kaltura.com
+
+		- Images, on:
+
+			- connect from $self
+			- knowledge from cdnknowledge.kaltura.com
+			- knowledge from $self
 
 -->
-<ruleset name="Kaltura (partial)">
+<ruleset name="Kaltura.com (partial)" default_off="Breaks abc.go.com">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="kaltura.com" />
-	<target host="*.kaltura.com" />
+	<target host="cfvod.kaltura.com" />
+	<target host="cdnapisec.kaltura.com" />
+	<target host="cdnsecakmi.kaltura.com" />
+	<!--target host="connect.kaltura.com" /-->
+	<target host="corp.kaltura.com" />
+	<target host="knowledge.kaltura.com" />
+	<target host="www.kaltura.com" />
+	<target host="www-stats.kaltura.com" />
+
+	<!--	Complications:
+				-->
+	<target host="akamai.kaltura.com" />
+	<target host="cdn.kaltura.com" />
+	<target host="cdnakmi.kaltura.com" />
+	<target host="cdnapi.kaltura.com" />
+	<target host="cdnb.kaltura.com" />
+	<target host="cdnbakmi.kaltura.com" />
+	<!--target host="cdnknowledge.kaltura.com" /-->
+	<target host="site.kaltura.com" />
+
+		<exclusion pattern="^http://site\.kaltura\.com/+(?!$|\?|css/|images/|rs/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://site.kaltura.com/Blackboard-Video-Walk-Through.html" />
+			<test url="http://site.kaltura.com/Education_Survey.html" />
+			<test url="http://site.kaltura.com/Forrester_Wave_Report_2015.html" />
+			<test url="http://site.kaltura.com/HTML5Video.orgContactUs.html" />
+			<test url="http://site.kaltura.com/Kaltura_Application_Framework.html" />
+			<test url="http://site.kaltura.com/Kaltura_Enterprise_Survey.html" />
+			<test url="http://site.kaltura.com/Kaltura_Survey_State_of_Video_in_Education_2015.html" />
+
+			<!--	-ve:
+					-->
+			<test url="http://site.kaltura.com/css/mktLPSupport.css" />
+			<test url="http://site.kaltura.com/rs/kaltura/images/logo_0.png" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.kaltura\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
 
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
 
-	<rule from="^https?://(?:akamai|cdnapi|cdnb?|cdnb?akmi)\.kaltura\.com/"
+
+	<rule from="^http://(?:akamai|cdnb?|cdnbakmi)\.kaltura\.com/"
 		to="https://www.kaltura.com/" />
 
-	<rule from="^http://(corp\.|www\.)?kaltura\.com/"
-		to="https://$1kaltura.com/" />
+	<rule from="^http://cdnakmi\.kaltura\.com/"
+		to="https://cdnsecakmi.kaltura.com/" />
+
+	<rule from="^http://cdnapi\.kaltura\.com/"
+		to="https://cdnapisec.kaltura.com/" />
+
+	<!--rule from="^http://cdnknowledge\.kaltura\.com/"
+		to="https://knowledge.kaltura.com/" /-->
+
+	<!--	Redirect drops args and forward slash:
+							-->
+	<rule from="^http://site\.kaltura\.com/+(?:\?.*)?$"
+		to="https://corp.marketo.com/" />
+
+		<test url="http://site.kaltura.com/?" />
+		<test url="http://site.kaltura.com/?f" />
+		<test url="http://site.kaltura.com/?o" />
+		<test url="http://site.kaltura.com//?o" />
+		<test url="http://site.kaltura.com/?b" />
+
+	<rule from="^http://site\.kaltura\.com/"
+		to="https://na-sjg.marketo.com/" />
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Kameleoon.com.xml b/src/chrome/content/rules/Kameleoon.com.xml
new file mode 100644
index 000000000000..6d45e7e412ff
--- /dev/null
+++ b/src/chrome/content/rules/Kameleoon.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="Kameleoon.com">
+
+	<target host="kameleoon.com" />
+	<target host="static.kameleoon.com" />
+	<target host="www.kameleoon.com" />
+
+
+	<securecookie host="^(?:www)?\.kameleoon\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Kammeratadam.dk.xml b/src/chrome/content/rules/Kammeratadam.dk.xml
new file mode 100644
index 000000000000..611e77b3fe56
--- /dev/null
+++ b/src/chrome/content/rules/Kammeratadam.dk.xml
@@ -0,0 +1,6 @@
+<ruleset name="Kammeratadam.dk">
+	<target host="kammeratadam.dk" />
+	<target host="www.kammeratadam.dk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Kampyle.xml b/src/chrome/content/rules/Kampyle.xml
index 96586d0fe7a1..e0f9b580abcf 100644
--- a/src/chrome/content/rules/Kampyle.xml
+++ b/src/chrome/content/rules/Kampyle.xml
@@ -15,7 +15,7 @@
 
 
 	<!--	Cert doesn't match !www		-->
-	<rule from="^https?://kampyle\.com/"
+	<rule from="^http://kampyle\.com/"
 		to="https://www.kampyle.com/" />
 
 	<!--	Clients' forms go under feedback_form, e.g.:
diff --git a/src/chrome/content/rules/Kanbox.com.xml b/src/chrome/content/rules/Kanbox.com.xml
new file mode 100644
index 000000000000..5cc3f6d3e28a
--- /dev/null
+++ b/src/chrome/content/rules/Kanbox.com.xml
@@ -0,0 +1,36 @@
+<!--
+	For other Alibaba Group coverage, see Alibaba.xml.
+
+
+	Nonfunctional hosts in *kanbox.com:
+
+		- bbs *
+		- help *
+
+	* Shows www.kanbox.com
+
+
+	Insecure cookies are set for these hosts:
+
+		- kanbox.com
+
+-->
+<ruleset name="Kanbox.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="kanbox.com" />
+	<target host="www.kanbox.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^kanbox\.com$" name="^(?:_session_id|mark_request_method)$" /-->
+
+	<securecookie host="^kanbox\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Kangurum.xml b/src/chrome/content/rules/Kangurum.xml
index 45518697835e..d2661bdc5901 100644
--- a/src/chrome/content/rules/Kangurum.xml
+++ b/src/chrome/content/rules/Kangurum.xml
@@ -1,8 +1,18 @@
-<ruleset name="Kangurum">
-  <target host="www.kangurum.com.tr" />
-  <target host="kangurum.com.tr" />
-
-  <securecookie host="^www\.kangurum\.com\.tr$" name=".*" />
-
-  <rule from="^http://(www\.)?kangurum\.com\.tr/" to="https://www.kangurum.com.tr/" />
-</ruleset>
\ No newline at end of file
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.kangurum.com.tr/ => https://www.kangurum.com.tr/: (51, "SSL: no alternative certificate subject name matches target host name 'www.kangurum.com.tr'")
+Fetch error: http://kangurum.com.tr/ => https://www.kangurum.com.tr/: (51, "SSL: no alternative certificate subject name matches target host name 'www.kangurum.com.tr'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.kangurum.com.tr/ => https://www.kangurum.com.tr/: Redirect for 'http://www.kangurum.com.tr/' missing Location
+Fetch error: http://kangurum.com.tr/ => https://www.kangurum.com.tr/: Redirect for 'http://kangurum.com.tr/' missing Location
+-->
+<ruleset name="Kangurum" default_off="failed ruleset test">
+  <target host="www.kangurum.com.tr" />
+  <target host="kangurum.com.tr" />
+
+  <securecookie host="^www\.kangurum\.com\.tr$" name=".+" />
+
+  <rule from="^http://(?:www\.)?kangurum\.com\.tr/" to="https://www.kangurum.com.tr/" />
+</ruleset>
diff --git a/src/chrome/content/rules/Kanotix.xml b/src/chrome/content/rules/Kanotix.xml
index 8858a2b1c6b0..9676ba0f2cde 100644
--- a/src/chrome/content/rules/Kanotix.xml
+++ b/src/chrome/content/rules/Kanotix.xml
@@ -1,14 +1,38 @@
-<ruleset name="Kanotix" default_off="self-signed">
-  <target host="www.kanotix.com" />
-  <target host="www.kanotix.de" />
-  <target host="www.kanotix.net" />
-  <target host="www.kanotix.org" />
-  <target host="kanotix.com" />
-  <target host="kanotix.de" />
-  <target host="kanotix.net" />
-  <target host="kanotix.org" />
-
-  <securecookie host="^(.*\.)?kanotix\.(com|de|net|org)$" name=".*" />
-
-  <rule from="^http://(?:www\.)?kanotix\.(?:com|de|net|org)/" to="https://kanotix.com/"/>
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- kanotix.com
+		- www.kanotix.com
+		- kanotix.de
+		- www.kanotix.de
+		- kanotix.net
+		- www.kanotix.net
+		- kanotix.org
+		- www.kanotix.org
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Kanotix">
+
+	<target host="kanotix.com" />
+	<target host="www.kanotix.com" />
+	<target host="kanotix.de" />
+	<target host="www.kanotix.de" />
+	<target host="kanotix.net" />
+	<target host="www.kanotix.net" />
+	<target host="kanotix.org" />
+	<target host="www.kanotix.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?kanotix\.(?:com|de|net|org)$" name="^POSTNUKESID$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/Kansas.com.xml b/src/chrome/content/rules/Kansas.com.xml
index 52fbc72ca9cc..d42dacc96514 100644
--- a/src/chrome/content/rules/Kansas.com.xml
+++ b/src/chrome/content/rules/Kansas.com.xml
@@ -1,4 +1,10 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://customercare.kansas.com/ => https://customercare.kansas.com/: (35, 'Unknown SSL protocol error in connection to customercare.kansas.com:443 ')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://customercare.kansas.com/ => https://customercare.kansas.com/: (35, 'Unknown SSL protocol error in connection to customercare.kansas.com:443 ')
 	Nonfunctional subdomains:
 
 		- ^		(redirects to www; mismatched, CN: media.mcclatchyinteractive.com)
@@ -8,7 +14,7 @@
 	* 503, akamai
 
 -->
-<ruleset name="Kansas.com (partial)">
+<ruleset name="Kansas.com (partial)" default_off="failed ruleset test">
 
 	<target host="customercare.kansas.com" />
 
@@ -16,7 +22,6 @@
 	<securecookie host="^customercare\.kansas\.com$" name=".+" />
 
 
-	<rule from="^http://customercare\.kansas\.com/"
-		to="https://customercare.kansas.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Kanshoo.xml b/src/chrome/content/rules/Kanshoo.xml
index b588daafc933..e75a730143d8 100644
--- a/src/chrome/content/rules/Kanshoo.xml
+++ b/src/chrome/content/rules/Kanshoo.xml
@@ -1,14 +1,10 @@
-<!--
-	CN: Parallels Panel
-
--->
-<ruleset name="Kanshoo" default_off="self-signed">
+<ruleset name="Kanshoo">
 
 	<target host="kenshoo.com" />
 	<target host="www.kenshoo.com" />
 
 
-	<rule from="^http://(?:www\.)?kenshoo\.com/"
-		to="https://www.kenshoo.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Kantar-Latam-Portal.xml b/src/chrome/content/rules/Kantar-Latam-Portal.xml
index c2d3a94f7221..d434b9e05599 100644
--- a/src/chrome/content/rules/Kantar-Latam-Portal.xml
+++ b/src/chrome/content/rules/Kantar-Latam-Portal.xml
@@ -1,14 +1,20 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://kantarlatam.com/ => https://www.kantarlatam.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.kantarlatam.com'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://kantarlatam.com/ => https://www.kantarlatam.com/: (6, 'Could not resolve host: kantarlatam.com')
 	For other Kanvar coverage, see TNS-Global.xml.
 
 -->
-<ruleset name="Kantar Latam Portal">
+<ruleset name="Kantar Latam Portal" default_off="failed ruleset test">
 
 	<target host="kantarlatam.com" />
-	<target host="*.kantarlatam.com" />
+	<target host="www.kantarlatam.com" />
 
 
-	<securecookie host="^.*\.kantarlatam\.com$" name=".*" />
+	<securecookie host="^.*\.kantarlatam\.com$" name=".+" />
 
 
 	<!--	!www doesn't work over https,
diff --git a/src/chrome/content/rules/Kantara_Initiative.org.xml b/src/chrome/content/rules/Kantara_Initiative.org.xml
new file mode 100644
index 000000000000..09a6d8261883
--- /dev/null
+++ b/src/chrome/content/rules/Kantara_Initiative.org.xml
@@ -0,0 +1,17 @@
+<ruleset name="Kantara Initiative.org">
+
+	<target host="kantarainitiative.org" />
+	<target host="idp.kantarainitiative.org" />
+	<target host="www.kantarainitiative.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(idp\.|www\.)?kantarainitiative.org$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^(?:idp\.|www\.)?kantarainitiative.org$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Kaos.theory.xml b/src/chrome/content/rules/Kaos.theory.xml
index 185b08e41503..a6ddc456e8f8 100644
--- a/src/chrome/content/rules/Kaos.theory.xml
+++ b/src/chrome/content/rules/Kaos.theory.xml
@@ -4,7 +4,7 @@
 	<target host="www.kaos.to" />
 
 
-	<securecookie host="^kaos.to$" name=".*" />
+	<securecookie host="^kaos.to$" name=".+" />
 
 
 	<rule from="^http://(?:www\.)?kaos\.to/"
diff --git a/src/chrome/content/rules/KapWatch.com.xml b/src/chrome/content/rules/KapWatch.com.xml
new file mode 100644
index 000000000000..dc3d77882e6b
--- /dev/null
+++ b/src/chrome/content/rules/KapWatch.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="KapWatch.com">
+	<target host="kapwatch.com" />
+	<target host="www.kapwatch.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Kapital.kz.xml b/src/chrome/content/rules/Kapital.kz.xml
new file mode 100644
index 000000000000..dd0b2fa2986d
--- /dev/null
+++ b/src/chrome/content/rules/Kapital.kz.xml
@@ -0,0 +1,21 @@
+<!--
+	Mismatch:
+		www.kapital.kz
+-->
+<ruleset name="Kapital.kz" >
+	<target host="kapital.kz" />
+	<target host="www.kapital.kz" />
+	<target host="ey25.kapital.kz" />
+	<target host="i.kapital.kz" />
+		<test url="http://i.kapital.kz/c/5a8fbba50b6ec8389cfc885b714fb734/n/109/100/9/b/7/a/d/357a05925f648fd154ef368ea53.jpg" />
+	<target host="kimep.kapital.kz" />
+	<target host="m.kapital.kz" />
+	<target host="max.kapital.kz" />
+	<target host="visa.kapital.kz" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://www\.kapital\.kz/" to="https://kapital.kz/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Kapiton.se.xml b/src/chrome/content/rules/Kapiton.se.xml
index 6aff49a825f8..22646e7bdf90 100644
--- a/src/chrome/content/rules/Kapiton.se.xml
+++ b/src/chrome/content/rules/Kapiton.se.xml
@@ -1,13 +1,19 @@
-<ruleset name="Kapiton.se">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://kapiton.se/ => https://kapiton.se/: (7, 'Failed to connect to kapiton.se port 443: Connection refused')
+Fetch error: http://www.kapiton.se/ => https://www.kapiton.se/: (7, 'Failed to connect to www.kapiton.se port 443: Connection refused')
+
+-->
+<ruleset name="Kapiton.se" default_off="failed ruleset test">
 
 	<target host="kapiton.se" />
-	<target host="*.kapiton.se" />
+	<target host="www.kapiton.se" />
 
 
 	<securecookie host="^\.?kapiton\.se$" name=".+" />
 
 
-	<rule from="^http://(www\.)?kapiton\.se/"
-		to="https://$1kapiton.se/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Kaply.com.xml b/src/chrome/content/rules/Kaply.com.xml
new file mode 100644
index 000000000000..d8b8e78084d6
--- /dev/null
+++ b/src/chrome/content/rules/Kaply.com.xml
@@ -0,0 +1,20 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.mike.kaply.com/ => https://www.mike.kaply.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.mike.kaply.com'")
+
+	(www.)?kaply.com: Mismatched
+
+-->
+<ruleset name="Kaply.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="mike.kaply.com" />
+	<target host="www.mike.kaply.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Kapsi.fi.xml b/src/chrome/content/rules/Kapsi.fi.xml
index 32532d343c71..cacb45636c50 100644
--- a/src/chrome/content/rules/Kapsi.fi.xml
+++ b/src/chrome/content/rules/Kapsi.fi.xml
@@ -1,12 +1,21 @@
-<ruleset name="Kapsi.fi (very partial)">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://koti.kapsi.fi/ => https://koti.kapsi.fi/: label empty or too long
+
+-->
+<ruleset name="Kapsi.fi (very partial)" default_off="failed ruleset test">
   <target host="www.kapsi.fi"/>
   <target host="kapsi.fi"/>
   <target host="koti.kapsi.fi"/>
+	<!--
+		404:
+			-->
+	<exclusion pattern="^http://koti\.kapsi\.fi/+~" />
   <target host="tuki.kapsi.fi"/>
   <target host="blog.kapsi.fi"/>
   <target host="forum.kapsi.fi"/>
   <target host="admin.kapsi.fi"/>
-  <rule from="^http://(www\.)?kapsi\.fi/" to="https://www.kapsi.fi/"/>
-  <rule from="^https://kapsi\.fi/" to="https://www.kapsi.fi/"/>
+  <rule from="^http://(?:www\.)?kapsi\.fi/" to="https://www.kapsi.fi/"/>
   <rule from="^http://(koti|tuki|blog|forum|admin)\.kapsi\.fi/" to="https://$1.kapsi.fi/"/>
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Kapt-Cha.xml b/src/chrome/content/rules/Kapt-Cha.xml
index 95a1b491491a..506d1c344717 100644
--- a/src/chrome/content/rules/Kapt-Cha.xml
+++ b/src/chrome/content/rules/Kapt-Cha.xml
@@ -1,10 +1,8 @@
 <ruleset name="Kapt Cha">
+	<target host="ssl.kaptcha.com" />
 
-	<target host="ssl.kaptcha.com"/>
-
-	<rule from="^http://ssl\.kaptcha\.com/"
-		to="https://ssl.kaptcha.com/"/>
-
-	<securecookie host="^\.kaptcha\.com$" name=".*"/>
+	<securecookie host="^\.kaptcha\.com$" name=".+" />
 
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Karagarga.xml b/src/chrome/content/rules/Karagarga.xml
deleted file mode 100644
index c4ddb0ca0031..000000000000
--- a/src/chrome/content/rules/Karagarga.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="Karagarga">
-  <target host="karagarga.net" />
-  <target host="www.karagarga.net" />
-
-  <rule from="^http://(?:www\.)?karagarga\.net/" to="https://karagarga.net/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/Kargo.com.xml b/src/chrome/content/rules/Kargo.com.xml
new file mode 100644
index 000000000000..d964d43a251f
--- /dev/null
+++ b/src/chrome/content/rules/Kargo.com.xml
@@ -0,0 +1,42 @@
+<!--
+	CDN buckets:
+
+		- storage.cloud.kargo.com.edgesuite.net
+
+
+	Problematic hosts:
+
+		- (www.)? *
+		- storage.cloud ²
+
+	* Mismatched
+	² Akamai
+
+
+	Fully covered hosts:
+
+		- (www.)?
+		- storage.cloud
+
+
+	Mixed content:
+
+		- css on www from $self *
+		- Images on www from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Kargo.com" default_off="mismatched">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="kargo.com" />
+	<target host="storage.cloud.kargo.com" />
+	<target host="www.kargo.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Kariera.gr.xml b/src/chrome/content/rules/Kariera.gr.xml
new file mode 100644
index 000000000000..3bb918d58b45
--- /dev/null
+++ b/src/chrome/content/rules/Kariera.gr.xml
@@ -0,0 +1,10 @@
+<!-- This ruleset is experimental. If you experience problems please
+	 open an issue at https://github.com/kargig/https-everywhere -->
+
+<ruleset name="Kariera.gr">
+  <target host="*.kariera.gr" />
+
+	<securecookie host=".+" name=".+" />
+
+  <rule from="^http://(\w+\.)?kariera\.gr/" to="https://$1kariera.gr/"/>
+</ruleset>
diff --git a/src/chrome/content/rules/Karlsruhe.de.xml b/src/chrome/content/rules/Karlsruhe.de.xml
new file mode 100644
index 000000000000..b52351b9224a
--- /dev/null
+++ b/src/chrome/content/rules/Karlsruhe.de.xml
@@ -0,0 +1,142 @@
+<!--
+	Invalid certificate:
+		- www.cbs.karlsruhe.de
+		- www.vibe.ces.karlsruhe.de
+		- www.web.ces.karlsruhe.de
+		- ess.karlsruhe.de
+		- cas.ess.karlsruhe.de
+		- moodle.ess.karlsruhe.de
+		- fls.karlsruhe.de
+		- huebsch.karlsruhe.de
+		- www.huebsch.karlsruhe.de
+		- owigow.karlsruhe.de
+		- www.sicheres.karlsruhe.de
+		- staatstheater.karlsruhe.de
+		- www.staatstheater.karlsruhe.de
+		- sanierung.staatstheater.karlsruhe.de
+		- spielzeit1[2-8]-1[3-9].staatstheater.karlsruhe.de
+		- stadtlexikon.karlsruhe.de
+		- www.stoerfall.karlsruhe.de
+		- web2.karlsruhe.de
+		- akorgbw.wiki.karlsruhe.de
+
+	Non-2xx HTTP code:
+		- karl.karlsruhe.de
+
+	Refused:
+		- qualle.hhs.karlsruhe.de
+		- kontentor99.karlsruhe.de
+		- rhin2.karlsruhe.de
+
+	Timeout:
+		- afsta.karlsruhe.de
+		- avg.karlsruhe.de
+		- chs.karlsruhe.de
+		- daten.karlsruhe.de
+		- db1.karlsruhe.de
+		- dienste2.karlsruhe.de
+		- endeavour.karlsruhe.de
+		- kultur.karlsruhe.de
+		- la.karlsruhe.de
+		- mail2.karlsruhe.de
+		- mail3.karlsruhe.de
+		- matrix-mdm.karlsruhe.de
+		- cloud.mgg.karlsruhe.de
+		- mdm.mgg.karlsruhe.de
+		- ns1.karlsruhe.de
+		- oa.karlsruhe.de
+		- rhin1.karlsruhe.de
+		- sjb.karlsruhe.de
+		- as.staatstheater.karlsruhe.de
+		- cloud.staatstheater.karlsruhe.de
+		- mon.staatstheater.karlsruhe.de
+		- webmail.staatstheater.karlsruhe.de
+		- ua.karlsruhe.de
+		- wettbewerbe.karlsruhe.de
+		- zjd.karlsruhe.de
+		- zoo.karlsruhe.de
+
+	Unable to get local issuer certificate:
+		- hms.karlsruhe.de
+		- files.hms.karlsruhe.de
+		- suche.karlsruhe.de
+		- suche.karlsruhe2.de
+-->
+<ruleset name="Karlsruhe.de">
+
+	<target host="karlsruhe.de" />
+	<target host="www.karlsruhe.de" />
+	<target host="artenschutz.karlsruhe.de" />
+	<target host="autodiscover.avg.karlsruhe.de" />
+	<target host="bem.karlsruhe.de" />
+	<target host="beteiligung.karlsruhe.de" />
+	<target host="bsb.karlsruhe.de" />
+	<target host="cbs.karlsruhe.de" />
+	<target host="files.cbs.karlsruhe.de" />
+	<target host="moodle.cbs.karlsruhe.de" />
+	<target host="vibe.cbs.karlsruhe.de" />
+	<target host="ces.karlsruhe.de" />
+	<target host="www.ces.karlsruhe.de" />
+	<target host="filr.ces.karlsruhe.de" />
+	<target host="kalender.ces.karlsruhe.de" />
+	<target host="mobile.ces.karlsruhe.de" />
+	<target host="piwik.ces.karlsruhe.de" />
+	<target host="vibe.ces.karlsruhe.de" />
+	<target host="web.ces.karlsruhe.de" />
+	<target host="fw.chs.karlsruhe.de" />
+	<target host="dienste.karlsruhe.de" />
+	<target host="edit.karlsruhe.de" />
+	<target host="edit99.karlsruhe.de" />
+	<target host="faecher.karlsruhe.de" />
+	<target host="feedback.karlsruhe.de" />
+	<target host="formulare.karlsruhe.de" />
+	<target host="geodaten.karlsruhe.de" />
+	<target host="geoportal.karlsruhe.de" />
+	<target host="grabsuche.karlsruhe.de" />
+	<target host="gruenestadt.karlsruhe.de" />
+	<target host="guide.karlsruhe.de" />
+	<target host="heimstiftung.karlsruhe.de" />
+	<target host="hhs.karlsruhe.de" />
+	<target host="www.hhs.karlsruhe.de" />
+	<target host="beta.hhs.karlsruhe.de" />
+	<target host="filr.hhs.karlsruhe.de" />
+	<target host="gazoo.hhs.karlsruhe.de" />
+	<target host="groupwise.hhs.karlsruhe.de" />
+	<target host="moodle.hhs.karlsruhe.de" />
+	<target host="moodlex.hhs.karlsruhe.de" />
+	<target host="moodle.hms.karlsruhe.de" />
+	<target host="mail1.huebsch.karlsruhe.de" />
+	<target host="kalender.karlsruhe.de" />
+	<target host="kammermusikwettbewerb.karlsruhe.de" />
+	<target host="kita.karlsruhe.de" />
+	<target host="autodiscover.kvv.karlsruhe.de" />
+	<target host="lernfabrik.karlsruhe.de" />
+	<target host="www.lernfabrik.karlsruhe.de" />
+	<target host="m.karlsruhe.de" />
+	<target host="matrix-seg.karlsruhe.de" />
+	<target host="www.mgg.karlsruhe.de" />
+	<target host="owncloud.mgg.karlsruhe.de" />
+	<target host="mobil.karlsruhe.de" />
+	<target host="nubnetzwerk.karlsruhe.de" />
+	<target host="opac.karlsruhe.de" />
+	<target host="otv.karlsruhe.de" />
+	<target host="partnerschaftsboerse-eine-welt.karlsruhe.de" />
+	<target host="presse.karlsruhe.de" />
+	<target host="rhin.karlsruhe.de" />
+	<target host="staatstheatertickets.karlsruhe.de" />
+	<target host="transparenz.karlsruhe.de" />
+	<target host="autodiscover.vbk.karlsruhe.de" />
+	<target host="vmz.karlsruhe.de" />
+	<target host="vps.karlsruhe.de" />
+	<target host="web1.karlsruhe.de" />
+	<target host="web3.karlsruhe.de" />
+	<target host="wes.karlsruhe.de" />
+	<target host="wolke.karlsruhe.de" />
+	<target host="www1.karlsruhe.de" />
+	<target host="www99.karlsruhe.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Karlsruhe_Institute_of_Technology-problematic.xml b/src/chrome/content/rules/Karlsruhe_Institute_of_Technology-problematic.xml
deleted file mode 100644
index 76f8078cefa8..000000000000
--- a/src/chrome/content/rules/Karlsruhe_Institute_of_Technology-problematic.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	For rules that are on by default, see Karlsruhe_Institute_of_Technology.xml.
-
--->
-<ruleset name="Karlsruhe Institute of Technology (problematic)" default_off="self-signed">
-
-	<target host="blog.bibliothek.kit.edu" />
-	<target host="studiumundbehinderung.kit.edu" />
-	<target host="www.studiumundbehinderung.kit.edu" />
-
-
-	<!--	Cookies are handled in Karlsruhe_Institute_of_Technology.xml.	-->
-
-
-	<rule from="^http://blog\.bibliothek\.kit\.edu/"
-		to="https://blog.bibliothek.kit.edu/" />
-
-	<rule from="^https?://(?:www\.)?studiumundbehinderung\.kit\.edu/"
-		to="https://studiumundbehinderung.kit.edu/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Karlsruhe_Institute_of_Technology.xml b/src/chrome/content/rules/Karlsruhe_Institute_of_Technology.xml
index 67ba9a9fb3af..f4d1886364b5 100644
--- a/src/chrome/content/rules/Karlsruhe_Institute_of_Technology.xml
+++ b/src/chrome/content/rules/Karlsruhe_Institute_of_Technology.xml
@@ -1,53 +1,41 @@
 <!--
-	For problematic rules, see Karlsruhe_Institute_of_Technology-problematic.xml.
-
+	Non-functional hosts in *.kit.edu
+		SSL peer certificate was not OK:
+			 - lists.kit.edu
 -->
 <ruleset name="Karlsruhe Institute of Technology (partial)">
-
 	<target host="kit.edu" />
-	<target host="*.kit.edu" />
-	<target host="www.*.kit.edu" />
+	<target host="www.kit.edu" />
+	<target host="alumni.kit.edu" />
+	<target host="www.alumni.kit.edu" />
+	<target host="bibliothek.kit.edu" />
+	<target host="www.bibliothek.kit.edu" />
+	<target host="blog.bibliothek.kit.edu" />
+	<target host="campus.kit.edu" />
+	<target host="cel.kit.edu" />
+	<target host="www.cel.kit.edu" />
+	<target host="cs.kit.edu" />
+	<target host="www.cs.kit.edu" />
+	<target host="informatik.kit.edu" />
+	<target host="www.informatik.kit.edu" />
+	<target host="innovation.kit.edu" />
+	<target host="www.innovation.kit.edu" />
+	<target host="intranet.kit.edu" />
+	<target host="itiv.kit.edu" />
+	<target host="www.itiv.kit.edu" />
+	<target host="www.lists.kit.edu" />
+	<target host="owa.kit.edu" />
+	<target host="www.pst.kit.edu" />
+	<target host="ptka.kit.edu" />
+	<target host="www.ptka.kit.edu" />
+	<target host="rsm.kit.edu" />
+	<target host="www.rsm.kit.edu" />
+	<target host="scc.kit.edu" />
 	<target host="idp.scc.kit.edu" />
-	<target host="ilias.stadium.kit.edu" />
-	<target host="uni-karlsruhe.de" />
-	<target host="*.uni-karlsruhe.de" />
-	<target host="www.*.uni-karlsruhe.de" />
-	<target host="mensa.akk.uni-karlsruhe.de" />
-
-
-	<securecookie host="^.+\.kit\.edu$" name=".+" />
-
-
-	<!--	- Self-signed
-		- Redirects like so
-					-->
-	<rule from="^https?://(?:www\.)?alumni\.kit\.edu/"
-		to="https://www.rsm.kit.edu/" />
-
-	<!--	- ^kit.edu: cert only matches www
-		- ^bibliothek, ^pst, ^radio, ^rsm, & ^scc: self-signed
-					-->
-	<rule from="^https?://(?:www\.)?((?:bibliothek|pst|radio|rsm|scc)\.)?kit\.edu/"
-		to="https://www.$1kit.edu/" />
-
-	<!--	^stiftung.kit.edu doesn't exist.
-							-->
-	<rule from="^http://((?:campus|owa|idp\.scc|(?:ilias\.)?stadium|www\.stiftung)\.)?kit\.edu/"
-		to="https://$1kit.edu/" />
-
-	<!--	- CN: www.kit.edu
-		- ^zib doesn't exist
-		- Redirects like so
-					-->
-	<rule from="^https?://www\.zib\.kit\.edu/(?:.*)"
-		to="https://www.kit.edu/studieren/3052.php" />
-
-	<!--	^uni-karlsruhe, ^ubka, & zvw: self-signed.
-					-->
-	<rule from="^https?://(?:www\.)?(ubka\.|zvw\.)?uni-karlsruhe\.de/"
-		to="https://www.$1uni-karlsruhe.de/" />
-
-	<rule from="^http://mensa\.akk\.uni-karlsruhe\.de/"
-		to="https://mensa.akk.uni-karlsruhe.de/" />
+	<target host="wsm10.scc.kit.edu" />
+	<target host="www.scc.kit.edu" />
+	<target host="studiumundbehinderung.kit.edu" />
+	<target host="www.studiumundbehinderung.kit.edu" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"	to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Karma.mg.xml b/src/chrome/content/rules/Karma.mg.xml
new file mode 100644
index 000000000000..048010e7496c
--- /dev/null
+++ b/src/chrome/content/rules/Karma.mg.xml
@@ -0,0 +1,28 @@
+<!--
+	Problematic hosts in *karma.mg:
+
+		- stats ˢ
+
+	ˢ Self-signed
+
+
+	Mixed content:
+
+		- css on www from fonts.googleapis.com ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="Karma.mg (partial)">
+
+	<target host="karma.mg" />
+	<target host="www.karma.mg" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Kart_Fighter.com.xml b/src/chrome/content/rules/Kart_Fighter.com.xml
index d30c37e5e5cd..4d7c3206d980 100644
--- a/src/chrome/content/rules/Kart_Fighter.com.xml
+++ b/src/chrome/content/rules/Kart_Fighter.com.xml
@@ -1,4 +1,9 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://files.kartfighter.com/ => https://files.kartfighter.com/: (51, "SSL: no alternative certificate subject name matches target host name 'files.kartfighter.com'")
+Fetch error: http://worldtour.kartfighter.com/ => https://worldtour.kartfighter.com/: (51, "SSL: no alternative certificate subject name matches target host name 'worldtour.kartfighter.com'")
+
 	For other Red Bull coverage, see Red_Bull.xml.
 
 
@@ -9,34 +14,53 @@
 
 	Problematic subdomains:
 
-		- ^ *
-		- app *
+		- ^ ¹
+		- app ¹
+		- www ²
 
-	* Refused
+	¹ Mismatched
+	² 503
 
 
 	Fully covered subdomains:
 
-		- (www.)	(^ → www)
-		- app		(→ www)
 		- files
 		- redbullracingadmin
 		- worldtour
 
+
+	Insecure cookies are set for these hosts:
+
+		- kartfighter.com
+		- app.kartfighter.com
+
 -->
-<ruleset name="Kart Fighter.com (partial)">
+<ruleset name="Kart Fighter.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<!--target host="kartfighter.com" /-->
+	<!--target host="app.kartfighter.com" /-->
+	<target host="files.kartfighter.com" />
+	<target host="redbullracingadmin.kartfighter.com" />
+	<target host="worldtour.kartfighter.com" />
+
+	<!--	Complications:
+				-->
+	<!--target host="www.kartfighter.com" /-->
 
-	<target host="kartfighter.com" />
-	<target host="*.kartfighter.com" />
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(app\.)?kartfighter\.com$" name="^(NSC_SC-[\w-]+|PHPSESSID)$" /-->
 
-	<securecookie host="^(?:files|redbullracingadmin|worldtour|www)\.kartfighter\.com$" name=".+" />
+	<securecookie host="^(?:files|redbullracingadmin|worldtour)\.kartfighter\.com$" name=".+" />
 
 
-	<rule from="^http://(?:app\.|www\.)?kartfighter\.com/"
-		to="https://www.kartfighter.com/" />
+	<!--rule from="^http://www\.kartfighter\.com/"
+		to="https://kartfighter.com/" /-->
 
-	<rule from="^http://(files|redbullracingadmin|worldtour)\.kartfighter\.com/"
-		to="https://$1.kartfighter.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/KarwansarayPublishers.xml b/src/chrome/content/rules/KarwansarayPublishers.xml
index d39f7502353a..7229b4e67281 100644
--- a/src/chrome/content/rules/KarwansarayPublishers.xml
+++ b/src/chrome/content/rules/KarwansarayPublishers.xml
@@ -1,11 +1,25 @@
-<ruleset name="Karwansaray Publishers">
+<!--
+	Insecure cookies are set for these domains:
 
+		- .www.karwansaraypublishers.com
+
+-->
+<ruleset name="Karwansaray Publishers.com">
+
+	<!--	Direct rewrites:
+				-->
 	<target host="karwansaraypublishers.com"/>
-	<target host="*.karwansaraypublishers.com"/>
+	<target host="www.karwansaraypublishers.com"/>
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.www\.karwansaraypublishers\.com$" name="^(currency|epc-initiated|frontend)$" /-->
+
+	<securecookie host="^\.www\.karwansaraypublishers\.com$" name=".+" />
 
-	<rule from="^http://(?:www\.)?karwansaraypublishers\.com/"
-		to="https://karwansaraypublishers.com/"/>
 
-	<securecookie host="^(www)?\.karwansaraypublishers\.com$" name=".*"/>
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Kaseya.com.xml b/src/chrome/content/rules/Kaseya.com.xml
new file mode 100644
index 000000000000..a67754a7f286
--- /dev/null
+++ b/src/chrome/content/rules/Kaseya.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Other Kaseya rulesets:
+
+		- Kaseya.net.xml
+
+
+	Mixed content:
+
+		- css from fast.fonts.net *
+		- Images from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Kaseya.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="kaseya.com" />
+	<target host="www.kaseya.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Kaseya.net.xml b/src/chrome/content/rules/Kaseya.net.xml
new file mode 100644
index 000000000000..dee88bfe619e
--- /dev/null
+++ b/src/chrome/content/rules/Kaseya.net.xml
@@ -0,0 +1,23 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://provision.relay.kaseya.net/ => https://provision.relay.kaseya.net/: (28, 'Connection timed out after 20000 milliseconds')
+
+	For other Kaseya coverage, see Kaseya.com.xml.
+
+
+	www.kaseya.net: 404
+
+
+	^kaseya.net doesn't exist.
+
+-->
+<ruleset name="Kaseya.net (partial)" default_off="failed ruleset test">
+
+	<target host="provision.relay.kaseya.net" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Kasimp3.xml b/src/chrome/content/rules/Kasimp3.xml
index 88cb15c81649..aa14bb1ec29a 100644
--- a/src/chrome/content/rules/Kasimp3.xml
+++ b/src/chrome/content/rules/Kasimp3.xml
@@ -14,4 +14,4 @@
 	<rule from="^http://(?:www\.)?kasimp3\.co\.za/"
 		to="https://www.kasimp3.co.za/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Kaspersky-cyberstat.com.xml b/src/chrome/content/rules/Kaspersky-cyberstat.com.xml
new file mode 100644
index 000000000000..0b182c89b4a9
--- /dev/null
+++ b/src/chrome/content/rules/Kaspersky-cyberstat.com.xml
@@ -0,0 +1,19 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://kaspersky-cyberstat.com/ => https://kaspersky-cyberstat.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.kaspersky-cyberstat.com/ => https://www.kaspersky-cyberstat.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+	For other Kaspersky coverage, see Kaspersky.com.xml.
+
+-->
+<ruleset name="Kaspersky-cyberstat.com" default_off="failed ruleset test">
+
+	<target host="kaspersky-cyberstat.com" />
+	<target host="www.kaspersky-cyberstat.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Kaspersky.com.xml b/src/chrome/content/rules/Kaspersky.com.xml
index aad5aecb767f..b34d79e12ce7 100644
--- a/src/chrome/content/rules/Kaspersky.com.xml
+++ b/src/chrome/content/rules/Kaspersky.com.xml
@@ -1,58 +1,214 @@
 <!--
+
 	Other Kaspersky rulesets:
 
+		- Kaspersky.ru.xml
+		- Kaspersky.ua.xml
+		- Kaspersky-cyberstat.com.xml
+		- Kaspersky_Club.ru.xml
+		- Kaspersky_Partners.com.xml
+		- Kaspersky_Partners.ru.xml
 		- Kasperskycontenthub.com.xml
+		- Securelist.ru.xml
+		- Threatpost.ru.xml
 
 
 	CDN buckets:
 
 		- kaspersky.122.2o7.net
+		- a248.e.akamai.net/L/16382/90570/15h/reviews.kaspersky.com/
 
 		- 46qasb3uw5yn639ko4bz2ptr8u.wpengine.netdna-cdn.com
 
 			- blog
 
 
-	Nonfunctional subdomains:
+	Nonfunctional hosts in *kaspersky.com:
+
+		- (www.)? ¹
+		- css ²
+		- forum	³
+		- newvirus ⁴
+		- reviews *
+
+	¹ Redirects to http/410
+	² Handshake fails
+	³ Dropped
+	⁴ Shows default page
+	* 403
+
+
+	Problematic hosts in *kaspersky.com:
+
+		- www.academy ³
+		- www.blog ¹
+		- www.business ³
+		- www.eugene ¹
+		- (www.)?free ²
+		- me ²
+		- media ²
+		- www.sas ³
+		- tr1 ⁴
+		- us-business ⁵
 
-		- academy	(shows www; mismatched, CN: www.kapersky.com)
-		- blog		(403, wpengine)
-		- business	(redirects to http, wpengine)
-		- forum		(dropped)
-		- www		(401, valid cert)
+	¹ Mismatched, CN: threatpost.com
+	² Mismatched, CN: www.kaspersky.com
+	³ WP Engine
+	⁴ Mismatched, CN: *.d2.sc.omtrdc.net
+	⁵ Expired certificate
 
 
-	Fully covered subdomains:
+	These altnames don't exist:
 
-		- anti-theft
-		- companyaccount
-		- eugene
-		- manage-tablet
-		- my
-		- support
-		- trusted
-		- uis
+		- www.arabic.kaspersky.com
+		- www.cybermap.kaspersky.com
+		- www.plblog.kaspersky.com
+		- www.press.kaspersky.com
+		- www.us-business.kaspersky.com
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- .kaspersky.com
+		- academy.kaspersky.com
+		- arabic.kaspersky.com
+		- blog.kaspersky.com
+		- business.kaspersky.com
+		- center.kaspersky.com
+		- companyaccount.kaspersky.com
+		- eugene.kaspersky.com
+		- extcss.kaspersky.com
+		- plblog.kaspersky.com
+		- press.kaspersky.com
+		- sas.kaspersky.com
+		- us-business.kaspersky.com
+		- .usa.kaspersky.com
+		- usblog.kaspersky.com
+		- .virusdesk.kaspersky.com
+		- www.kaspersky.com
+		- .www.kaspersky.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
 
 
 	Mixed content:
 
-		- Images on eugene from kasperskycontenthub.com *
+		- css, on:
+
+			- cybermap, virusdesk from fonts.googleapis.com ³
+			- me from $self ¹
 
-	* Secured by us, doesn't trip MCB anyway
+		- Images, on:
+
+			- me from $self ¹
+			- usa from $self ³
+
+		- Ads/bugs, on:
+
+			- usa from tr1 ³
+			- me from googleads.g.doubleclick.net ⁴
+
+	¹ Not secured by us <= mismatched
+	² Unsecurable <= 410
+	³ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+	⁴ Rule disabled by default
 
 -->
-<ruleset name="Kaspersky.com (partial)">
+<ruleset name="Kaspersky.com (partial)" >
+
+	<!--	Direct rewrites:
+				-->
+	<target host="academy.kaspersky.com" />
+	<target host="anti-theft.kaspersky.com" />
+	<target host="arabic.kaspersky.com" />
+	<target host="blog.kaspersky.com" />
+	<target host="business.kaspersky.com" />
+	<target host="cca.kaspersky.com" />
+	<target host="center.kaspersky.com" />
+	<target host="companyaccount.kaspersky.com" />
+	<target host="cybermap.kaspersky.com" />
+	<target host="eugene.kaspersky.com" />
+	<target host="extcss.kaspersky.com" />
+	<target host="manage-tablet.kaspersky.com" />
+	<target host="my.kaspersky.com" />
+	<target host="noransom.kaspersky.com" />
+	<target host="plblog.kaspersky.com" />
+	<target host="premiumsupport.kaspersky.com" />
+	<target host="press.kaspersky.com" />
+	<target host="sas.kaspersky.com" />
+	<target host="store.kaspersky.com" />
+	<target host="support.kaspersky.com" />
+	<target host="trusted.kaspersky.com" />
+	<target host="uis.kaspersky.com" />
+	<target host="usa.kaspersky.com" />
+	<target host="usblog.kaspersky.com" />
+	<target host="virusdesk.kaspersky.com" />
+	<target host="www.kaspersky.com" />
+
+	<!--	Complications:
+				-->
+	<target host="www.academy.kaspersky.com" />
+	<target host="www.blog.kaspersky.com" />
+	<target host="www.business.kaspersky.com" />
+	<target host="www.eugene.kaspersky.com" />
+	<target host="www.sas.kaspersky.com" />
+	<target host="tr1.kaspersky.com" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.kaspersky\.com/$" /-->
+		<!--
+			410:
+				-->
+		<!--exclusion pattern="^http://www\.kaspersky\.com/(images/|other/custom-html/|resources/)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.kaspersky\.com/(?!/*(?:downloads/keys|vpnhelp(?:$|[?/])))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.kaspersky.com/about" />
+			<test url="http://www.kaspersky.com/africa/" />
+			<test url="http://www.kaspersky.com/docs" />
+			<test url="http://www.kaspersky.com/estore" />
+			<test url="http://www.kaspersky.com/tr/" />
+			<test url="http://www.kaspersky.com/ukrenew" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.kaspersky.com/downloads/keys/klvpnsetup.exe" />
+			<test url="http://www.kaspersky.com/vpnhelp" />
+			<test url="http://www.kaspersky.com/vpnhelp/other_browsers.html" />
 
-	<target host="*.kaspersky.com" />
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.kaspersky\.com$" name="^s_vi$" /-->
+	<!--securecookie host="^(academy|blog|business|eugene|plblog|press|sas|usblog)\.kaspersky\.com$" name="^X-Mapping-\w{8}$" /-->
+	<!--securecookie host="^center\.kaspersky\.com$" name="^__RequestVerificationToken$" /-->
+	<!--securecookie host="^companyaccount\.kaspersky\.com$" name="^(?:ISAWPLB\{[\dA-F]{8}(-[\dA-F]){4}\}|q)$" /-->
+	<!--securecookie host="^extcss\.kaspersky\.com$" name="^(?:ISAWPLB\{[\dA-F]{8}(-[\dA-F]){4}\}|JSESSIONID|q)$" /-->
+	<!--securecookie host="^store\.kaspersky\.com$" name="^(?:BIGipServer.*|JSESSIONID|VISITOR_ID|X-DR-(?:CURRENCY|LOCALE|SHOPPER-kasperus|THEME))$" /-->
+	<!--securecookie host="^\.usa\.kaspersky\.com$" name="^USClientRoute$" /-->
+	<!--securecookie host="^\.virusdesk\.kaspersky\.com$" name="^ClientRouteNewSupport$" /-->
+	<!--securecookie host="^www\.kaspersky\.com$" name="^uid$" /-->
+	<!--securecookie host="^\.www\.kaspersky\.com$" name="^ClientRouteOldWeb$" /-->
 
 	<!--	Tracking cookies:
 					-->
-	<securecookie host="^\.kaspersky\.com$" name="^s_\w+$" />
-	<securecookie host="^(?:\.anti-theft|\.eugene|\.?my|\.?support)\.kaspersky\.com$" name=".+" />
+	<securecookie host="^\." name="^s_\w+$" />
+	<securecookie host="^\w" name=".+" />
+	<securecookie host="^\.(?:anti-theft|eugene|my|support|usa|virusdesk)\.kaspersky\.com$" name=".+" />
 
 
-	<rule from="^http://(anti-theft|companyaccount|eugene|manage-tablet|my|support|trusted|uis)\.kaspersky\.com/"
+	<rule from="^http://www\.(academy|blog|business|eugene|sas)\.kaspersky\.com/"
 		to="https://$1.kaspersky.com/" />
 
+	<rule from="^http://tr1\.kaspersky\.com/"
+		to="https://kaspersky.d2.sc.omtrdc.net/" />
+
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/Kaspersky.ru.xml b/src/chrome/content/rules/Kaspersky.ru.xml
new file mode 100644
index 000000000000..d7492f067449
--- /dev/null
+++ b/src/chrome/content/rules/Kaspersky.ru.xml
@@ -0,0 +1,64 @@
+<!--
+	For other Kaspersky coverage, see Kaspersky.com.xml.
+
+
+	(www.)?kaspersky.ru: Redirects to kasperskypartners.ru
+
+
+	Problematic hosts in *kaspersky.ru:
+
+		- www.blog *
+
+	* Mismatched, CN: threatpost.com
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- academy.kaspersky.ru
+		- .newvirus.kaspersky.ru
+		- support.kaspersky.ru
+		- .support.kaspersky.ru
+		- .virusdesk.kaspersky.ru
+
+
+	Mixed content:
+
+		- css on newvirus, virusdesk from fonts.googleapis.com *
+		- Bug on support from kaspersky.122.2o7.net *
+
+	* Secured by us
+
+-->
+<ruleset name="Kaspersky.ru (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="academy.kaspersky.ru" />
+	<target host="blog.kaspersky.ru" />
+	<target host="business.kaspersky.ru" />
+	<target host="support.kaspersky.ru" />
+	<target host="virusdesk.kaspersky.ru" />
+
+	<!--	Complications:
+				-->
+	<target host="www.blog.kaspersky.ru" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^academy\.kaspersky\.ru$" name="^X-Mapping-fjhppofk$" /-->
+	<!--securecookie host="^support\.kaspersky\.ru$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^\.(?:newvirus|support|virusdesk)\.kaspersky\.ru$" name="^ClientRouteNewSupportRu$" /-->
+
+	<securecookie host="^\." name="^s_vi$" />
+	<securecookie host="^\w" name=".+" />
+	<securecookie host="^\.(?:newvirus|support|virusdesk)\.kaspersky\.ru$" name=".+" />
+
+
+	<rule from="^http://www\.blog\.kaspersky\.ru/"
+		to="https://blog.kaspersky.ru/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Kaspersky.ua.xml b/src/chrome/content/rules/Kaspersky.ua.xml
new file mode 100644
index 000000000000..3be0a8851e0a
--- /dev/null
+++ b/src/chrome/content/rules/Kaspersky.ua.xml
@@ -0,0 +1,48 @@
+<!--
+	For other Kaspersky coverage, see Kaspersky.com.xml.
+
+
+	(www.)?: Mismatched
+
+
+	Fully covered hosts in *kaspersky.ua:
+
+		- partners
+
+
+	Insecure cookies are set for these hosts:
+
+		- partners.kaspersky.ua
+		- www.kaspersky.ua
+
+
+	Mixed content:
+
+		- Images, on www from:
+
+			- www.kaspersky.com
+			- www.kaspersky.ru
+
+		- Bug on www from tr1.kaspersky.ru *
+
+	* Secured by us
+
+-->
+<ruleset name="Kaspersky.ua (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="partners.kaspersky.ua" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^partners\.kaspersky\.ua$" name="^uid$" /-->
+	<!--securecookie host="^www\.kaspersky\.ua$" name="^(ASP\.NET_SessionId|ClientRouteNewWebUa)$" /-->
+
+	<securecookie host="^partners\.kaspersky\.ua$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Kaspersky_Club.ru.xml b/src/chrome/content/rules/Kaspersky_Club.ru.xml
new file mode 100644
index 000000000000..4a5e4c9f1da9
--- /dev/null
+++ b/src/chrome/content/rules/Kaspersky_Club.ru.xml
@@ -0,0 +1,38 @@
+<!--
+	For other Kaspersky coverage, see Kaspersky.com.xml.
+
+
+	Fully covered hosts in *kasperskyclub.ru:
+
+		- (www.)?
+		- forum
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .kasperskyclub.ru
+		- forum.kasperskyclub.ru
+
+-->
+<ruleset name="Kaspersky Club.ru">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="kasperskyclub.ru" />
+	<target host="forum.kasperskyclub.ru" />
+	<target host="www.kasperskyclub.ru" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.kasperskyclub\.ru$" name="^(__cfduid|cf_clearance)$" /-->
+	<!--securecookie host="^forum\.kasperskyclub\.ru$" name="^session_id$" /-->
+
+	<securecookie host="^\.kasperskyclub\.ru$" name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^forum\.kasperskyclub\.ru$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Kaspersky_Partners.com.xml b/src/chrome/content/rules/Kaspersky_Partners.com.xml
new file mode 100644
index 000000000000..0e4a7b575315
--- /dev/null
+++ b/src/chrome/content/rules/Kaspersky_Partners.com.xml
@@ -0,0 +1,28 @@
+<!--
+	For other Kaspersky coverage, see Kaspersky.com.xml.
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.kasperskypartners.com
+
+-->
+<ruleset name="Kaspersky Partners.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="kasperskypartners.com" />
+	<target host="www.kasperskypartners.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.kasperskypartners\.com$" name="^(CFID|CFTOKEN|JSESSIONID|USER)$" /-->
+
+	<securecookie host="^www\.kasperskypartners\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Kaspersky_Partners.ru.xml b/src/chrome/content/rules/Kaspersky_Partners.ru.xml
new file mode 100644
index 000000000000..7c140243c266
--- /dev/null
+++ b/src/chrome/content/rules/Kaspersky_Partners.ru.xml
@@ -0,0 +1,36 @@
+<!--
+	For other Kaspersky coverage, see Kaspersky.com.xml.
+
+
+	Insecure cookies are set for these hosts:
+
+		- kasperskypartners.ru
+		- www.kasperskypartners.ru
+
+
+	Mixed content:
+
+		- Image from kaspersky.relayware.com *
+
+	* Unsecurable <= 404
+
+-->
+<ruleset name="Kaspersky Partners.ru">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="kasperskypartners.ru" />
+	<target host="www.kasperskypartners.ru" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?kasperskypartners\.ru$" name="^(?:CFID|CFTOKEN|JSESSIONID|USER)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Kasperskycontenthub.com.xml b/src/chrome/content/rules/Kasperskycontenthub.com.xml
index 14a8b5782cab..004f142d979b 100644
--- a/src/chrome/content/rules/Kasperskycontenthub.com.xml
+++ b/src/chrome/content/rules/Kasperskycontenthub.com.xml
@@ -1,7 +1,14 @@
+
 <!--
-	Problematic subdomains:
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.kasperskycontenthub.com/ => https://www.kasperskycontenthub.com/: Too many redirects while fetching 'https://www.kasperskycontenthub.com/'
+
+	For other Kaspersky coverage, see Kaspersky.com.xml.
+
+
+	Insecure cookies are set for these domains:
 
-		- www	(cert only matches ^kasperskycontenthub.com)
+		- kasperskycontenthub.com
 
 
 	Mixed content:
@@ -11,13 +18,20 @@
 	* Secured by us, doesn't trip MCB
 
 -->
-<ruleset name="kasperskycontenthub.com">
+<ruleset name="kasperskycontenthub.com" default_off="failed ruleset test">
 
 	<target host="kasperskycontenthub.com" />
 	<target host="www.kasperskycontenthub.com" />
 
 
-	<rule from="^http://(?:www\.)?kasperskycontenthub\.com/"
-		to="https://kasperskycontenthub.com/" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^kasperskycontenthub\.com$" name="^X-Mapping-\w{8}$" /-->
+
+	<securecookie host="^kasperskycontenthub\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Kat.am.xml b/src/chrome/content/rules/Kat.am.xml
new file mode 100644
index 000000000000..3d89d3a368ae
--- /dev/null
+++ b/src/chrome/content/rules/Kat.am.xml
@@ -0,0 +1,6 @@
+<ruleset name="Kat.am">
+	<target host="kat.am" />
+	<target host="www.kat.am" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Kat.how.xml b/src/chrome/content/rules/Kat.how.xml
new file mode 100644
index 000000000000..f3f8bfc0e1ab
--- /dev/null
+++ b/src/chrome/content/rules/Kat.how.xml
@@ -0,0 +1,6 @@
+<ruleset name="Kat.how">
+	<target host="kat.how" />
+	<target host="www.kat.how" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Kat_de_Paris.xml b/src/chrome/content/rules/Kat_de_Paris.xml
deleted file mode 100644
index 2f8fd0faeb73..000000000000
--- a/src/chrome/content/rules/Kat_de_Paris.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<ruleset name="Kat de Paris">
-
-	<target host="46.255.160.240" />
-	<target host="kat-de-paris.fr" />
-	<target host="*.kat-de-paris.fr" />
-
-
-	<securecookie host="^\.kat-de-paris\.fr$" name=".+" />
-
-
-	<rule from="^http://(www\.)?kat-de-paris\.fr/"
-		to="https://$1kat-de-paris.fr/" />
-
-	<!--	Protocol-relative links from kat-de-paris.fr:
-								-->
-	<rule from="^https://46\.255\.160\.240/"
-		to="https://www.kat-de-paris.fr/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Kate_Heddleston.com.xml b/src/chrome/content/rules/Kate_Heddleston.com.xml
new file mode 100644
index 000000000000..4c1b40f8d2c8
--- /dev/null
+++ b/src/chrome/content/rules/Kate_Heddleston.com.xml
@@ -0,0 +1,24 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- kateheddleston.com
+		- www.kateheddleston.com
+
+-->
+<ruleset name="Kate Heddleston.com">
+
+	<!--target host="kateheddleston.com" /-->
+	<target host="www.kateheddleston.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<securecookie host="^(?:www\.)?kateheddleston\.com$" name="^session$" />
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Kates_Comment.com.xml b/src/chrome/content/rules/Kates_Comment.com.xml
new file mode 100644
index 000000000000..307262e2bffb
--- /dev/null
+++ b/src/chrome/content/rules/Kates_Comment.com.xml
@@ -0,0 +1,33 @@
+<!--
+	For other Memset coverage, see Memset.xml.
+
+
+	Problematic hosts in *katescomment.com:
+
+		- cdn *
+
+	* Dropped
+
+-->
+<ruleset name="Kates Comment.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="katescomment.com"/>
+	<target host="www.katescomment.com" />
+
+	<!--	Complications:
+				-->
+	<target host="cdn.katescomment.com" />
+
+
+	<securecookie host=".+" name=".+"/>
+
+
+	<rule from="^http://cdn\.katescomment\.com/"
+		to="https://www.katescomment.com/"/>
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Katholieke-Universiteit-Leuven.xml b/src/chrome/content/rules/Katholieke-Universiteit-Leuven.xml
index 429ca6e0847a..9e357259fba5 100644
--- a/src/chrome/content/rules/Katholieke-Universiteit-Leuven.xml
+++ b/src/chrome/content/rules/Katholieke-Universiteit-Leuven.xml
@@ -1,32 +1,199 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://aai.kuleuven.be/ => https://aai.kuleuven.be/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://bronx.esat.kuleuven.be/ => https://bronx.esat.kuleuven.be/: (51, "SSL: no alternative certificate subject name matches target host name 'bronx.esat.kuleuven.be'")
+Fetch error: http://ludit.kuleuven.be/ => https://ludit.kuleuven.be/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://netlogin.kuleuven.be/ => https://netlogin.kuleuven.be/: (28, 'Connection timed out after 20000 milliseconds')
+
+	Katholieke Universiteit Leuven
+
+	For rules causing false/broken MCB, see Kuleuven.be-falsemixed.xml.
+
+
 	Nonfunctional subdomains:
 
-		- alumn			(presents link to kuleuven.be/kuleuven/)
 		- onderwijsaanbod
+		- zoek ²
+
+	² Refused
+
+
+	Problematic subdomains:
+
+		- alumni ¹
+		- kuleuven.ezproxy ²
+		- services.libis ⁵
+		- organigram
+
+	¹ Refused
+	² Cert only matches *.kuleuven.ezproxy
+	⁵ Mismatched
+
+
+	Partially covered subdomains:
+
+		- (www.)? ¹
+		- (www.)esat *
+
+	¹ wieiswie/ prompts for login
+	* Broken MCB triggered by /cosic
+
+
+	netlogin: Dropped over http & https
+
+
+	These altnames don't exist:
+
+		- www.agenda.kuleuven.be
+		- videolab.kuleuven.be
+
+
+	Mixed content:
+
+		- css, on:
+
+			- www.esat from $self *
+			- www.esat from stijl.kuleuven.be *
+
+		- Images, on:
+
+			- associatiem, www.esat from stijl *
+			- videolab.avnet, videolab.cc, status from piwik.cc *
+			- www.esat from www.cosic.esat.kuleuven.be *
+			- www.esat, news from www *
+
+		- Bugs on news from piwik.cc *
+
+	¹ * Secured by us
 
 -->
-<ruleset name="Katholieke Universiteit Leuven (partial)">
+<ruleset name="KU Leuven.be (partial)" default_off="failed ruleset test">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="kuleuven.be" />
-	<target host="*.kuleuven.be" />
+	<target host="aai.kuleuven.be" />
+	<target host="account.kuleuven.be" />
+	<target host="activatie.kuleuven.be" />
+	<target host="admin.kuleuven.be" />
+	<target host="agenda.kuleuven.be" />
+	<target host="alum.kuleuven.be" />
+	<target host="www.alum.kuleuven.be" />
+	<target host="webwsp.aps.kuleuven.be" />
+	<target host="associatie.kuleuven.be" />
+	<target host="wiki.associatie.kuleuven.be" />
+	<target host="www.associatie.kuleuven.be" />
+	<target host="videolab.avnet.kuleuven.be" />
+	<target host="bib.kuleuven.be" />
+	<target host="www.bib.kuleuven.be" />
+
+	<target host="cygnus.cc.kuleuven.be" />
+	<target host="m.cygnus.cc.kuleuven.be" />
+	<target host="piwik.cc.kuleuven.be" />
+	<target host="videolab.cc.kuleuven.be" />
+
+	<target host="cwisdb.kuleuven.be" />
+	<target host="dml.kuleuven.be" />
 	<target host="www.dml.kuleuven.be" />
+	<target host="doel.kuleuven.be" />
+	<target host="www.doel.kuleuven.be" />
+	<target host="esat.kuleuven.be" />
+
+	<target host="bronx.esat.kuleuven.be" />
+	<target host="www.cosic.esat.kuleuven.be" />
+	<target host="securehomes.esat.kuleuven.be" />
+	<target host="securewww.esat.kuleuven.be" />
+	<target host="www.esat.kuleuven.be" />
+
+	<target host="login.kuleuven.ezproxy.kuleuven.be" />
+	<target host="www.kuleuven.ezproxy.kuleuven.be" />
 	<target host="owa.groupware.kuleuven.be" />
+	<target host="icts.kuleuven.be" />
+	<target host="piwik.icts.kuleuven.be" />
+	<target host="www.icts.kuleuven.be" />
+	<target host="idp.kuleuven.be" />
+	<target host="lirias.kuleuven.be" />
+	<target host="ludit.kuleuven.be" />
+	<target host="netlogin.kuleuven.be" />
+	<target host="nieuws.kuleuven.be" />
+	<!--target host="organigram.kuleuven.be" /-->
+	<target host="password.kuleuven.be" />
+	<target host="status.kuleuven.be" />
+	<target host="stijl.kuleuven.be" />
+	<target host="owa.student.kuleuven.be" />
+	<target host="toledo.kuleuven.be" />
+	<target host="m.toledo.kuleuven.be" />
+	<target host="wachtwoord.kuleuven.be" />
+	<target host="webmail.kuleuven.be" />
+	<target host="wiki.kuleuven.be" />
+	<target host="www.kuleuven.be" />
+
+	<!--	Complications:
+				-->
+	<target host="alumni.kuleuven.be" />
+	<target host="kuleuven.ezproxy.kuleuven.be" />
+	<target host="services.libis.kuleuven.be" />
+
+		<!--	Avoid broken MCB:
+						-->
+		<exclusion pattern="^http://(?:www\.)?esat\.kuleuven\.be/+cosic(?!/wp-content/)(?:$|[?/])" />
+
+			<!--	+ve:
+					-->
+			<test url="http://esat.kuleuven.be/cosic" />
+			<test url="http://esat.kuleuven.be/cosic?" />
+			<test url="http://esat.kuleuven.be/cosic/" />
+			<test url="http://www.esat.kuleuven.be//cosic" />
+			<test url="http://www.esat.kuleuven.be//cosic?" />
+			<test url="http://www.esat.kuleuven.be//cosic/" />
+
+			<!--	-ve:
+					-->
+			<test url="http://esat.kuleuven.be/cosic/wp-content/themes/kuleuven/style.css" />
+			<test url="http://www.esat.kuleuven.be/cosic/wp-content/plugins/the-events-calendar/resources/tribe-events-theme-mobile.min.css" />
+
+		<!--exclusion pattern="^http://organigram\.kuleuven\.be/(?!$)" /-->
+
+			<!--test url="http://organigram.kuleuven.be/" /-->
+
+		<!--	Prompts for login:
+						-->
+		<exclusion pattern="^http://(?:www\.)?kuleuven\.be/+wieiswie(?:$|[?/])" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.kuleuven.be/wieiswie/" />
+			<test url="http://www.kuleuven.be/wieiswie/en/person" />
+			<test url="http://www.kuleuven.be/wieiswie/nl/person" />
+			<test url="http://www.kuleuven.be/wieiswie/nl/unit/50000050" />
+			<test url="http://www.kuleuven.be/wieiswie/nl/unit/councilsearch" />
+
+
+	<securecookie host=".+\.kuleuven\.be$" name=".+" />
+
 
+	<!--	Redirect drops path and forward
+		slash, but not args:
+					-->
+	<rule from="^http://alumni\.kuleuven\.be/[^?]*"
+		to="https://alum.kuleuven.be/portaal/" />
 
-	<securecookie host="^.+\.kuleuven\.be$" name=".+" />
+		<test url="http://alumni.kuleuven.be//" />
+		<test url="http://alumni.kuleuven.be/?foo" />
 
+	<rule from="^http://kuleuven\.ezproxy\.kuleuven\.be/"
+		to="https://www.kuleuven.ezproxy.kuleuven.be/" />
 
-	<!--	Cert only matches www.	-->
-	<rule from="^https?://(?:www\.)?kuleuven\.be/"
-		to="https://www.kuleuven.be/" />
+	<rule from="^http://services\.libis\.kuleuven\.be/"
+		to="https://services.libis.be/" />
 
-	<rule from="^http://(aai|activatie|admin|alumni|associatie|bib|cwisdb|(?:www\.)?dml|owa\.groupware|icts|idp|ludit|netlogin|nieuws|password|status|stijl|owa\.student|toledo|wachtwoord|webmail)\.kuleuven\.be/"
-		to="https://$1.kuleuven.be/" />
+	<!--	Redirects like so:
+					-->
+	<!--rule from="^http://organigram\.kuleuven\.be/"
+		to="https://www.kuleuven.be/wieiswie/nl/unit/50000050" /-->
 
-	<!--	- Doesn't work over https
-		- 302s like so
-			-->
-	<rule from="^https?://organigram\.kuleuven\.be/$"
-		to="https://www.kuleuven.be/wieiswie/nl/unit/50000050" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Kathrein.xml b/src/chrome/content/rules/Kathrein.xml
index f8dfadaee92e..925514aacb64 100644
--- a/src/chrome/content/rules/Kathrein.xml
+++ b/src/chrome/content/rules/Kathrein.xml
@@ -4,11 +4,11 @@
 	<target host="www.kathrein.de" />
 
 
-	<securecookie host="^www\.kathrein\.de$" name=".*" />
+	<securecookie host="^www\.kathrein\.de$" name=".+" />
 
 
 	<!--	Cert only matches www.	-->
-	<rule from="^https?://(?:www\.)?kathrein\.de/"
+	<rule from="^http://(?:www\.)?kathrein\.de/"
 		to="https://www.kathrein.de/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Kattare.com.xml b/src/chrome/content/rules/Kattare.com.xml
index 27b1ee825360..02e438bca90d 100644
--- a/src/chrome/content/rules/Kattare.com.xml
+++ b/src/chrome/content/rules/Kattare.com.xml
@@ -18,14 +18,14 @@
 <ruleset name="Kattare.com" platform="mixedcontent">
 
 	<target host="kattare.com" />
-	<target host="*.kattare.com" />
+	<target host="js.kattare.com" />
+	<target host="www.kattare.com" />
 
 
 	<securecookie host="^(?:\.?www\.)?kattare\.com$" name=".+" />
 
 
-	<rule from="^http://(js\.|www\.)?kattare\.com/"
-		to="https://$1kattare.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
 
diff --git a/src/chrome/content/rules/Katwarn.de.xml b/src/chrome/content/rules/Katwarn.de.xml
new file mode 100644
index 000000000000..f8d394542997
--- /dev/null
+++ b/src/chrome/content/rules/Katwarn.de.xml
@@ -0,0 +1,27 @@
+<!--
+	This domain contains a wildcard certificate and DNS record.
+
+	Connection refused:
+		- api.katwarn.de
+
+	Invalid certificate:
+		- profile.api.katwarn.de
+		- service.api.katwarn.de
+
+	Legacy Symantec certificate:
+		- geoserver.katwarn.de
+		- management.katwarn.de
+		- web-test.katwarn.de
+-->
+
+<ruleset name="Katwarn.de">
+	<target host="katwarn.de" />
+	<target host="www.katwarn.de" />
+	<target host="content.katwarn.de" />
+	<target host="katwarnw.katwarn.de" />
+	<target host="redsys.katwarn.de" />
+	<target host="warnungen.katwarn.de" />
+	<target host="ww.katwarn.de" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Katylee.com.xml b/src/chrome/content/rules/Katylee.com.xml
new file mode 100644
index 000000000000..8005ccd435da
--- /dev/null
+++ b/src/chrome/content/rules/Katylee.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="Katylee.com">
+
+	<target host="katylee.com" />
+	<target host="www.katylee.com" />
+
+
+	<securecookie host="^\.katylee\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/KatzPorn.xml b/src/chrome/content/rules/KatzPorn.xml
index 8c3bccc7e6b1..4a3ac74dd006 100644
--- a/src/chrome/content/rules/KatzPorn.xml
+++ b/src/chrome/content/rules/KatzPorn.xml
@@ -7,7 +7,7 @@
 	<target host="www.pro-xy.com" />
 
 
-	<securecookie host="^(katzporn\.in|pro-xy\.com)$" name=".*" />
+	<securecookie host="^(?:katzporn\.in|pro-xy\.com)$" name=".+" />
 
 
 	<!--	www redirects to !www.	-->
diff --git a/src/chrome/content/rules/Kaufdown.de.xml b/src/chrome/content/rules/Kaufdown.de.xml
new file mode 100644
index 000000000000..9b7eafc9d323
--- /dev/null
+++ b/src/chrome/content/rules/Kaufdown.de.xml
@@ -0,0 +1,8 @@
+<ruleset name="Kaufdown.de (partial)">
+
+	<target host="sueddeutsche.kaufdown.de" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Kaufland.cz.xml b/src/chrome/content/rules/Kaufland.cz.xml
new file mode 100644
index 000000000000..8c665e0eaaa7
--- /dev/null
+++ b/src/chrome/content/rules/Kaufland.cz.xml
@@ -0,0 +1,17 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www-q.kaufland.cz/ => https://www-q.kaufland.cz/: (28, 'Connection timed out after 20001 milliseconds')
+
+-->
+<ruleset name="Kaufland.cz" default_off="failed ruleset test">
+    <target host="www.kaufland.cz" />
+    <target host="www-q.kaufland.cz" />
+
+    <test url="http://kaufland.cz/" />
+
+    <rule from="^http://kaufland\.cz/"
+            to="https://www.kaufland.cz/" />
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Kayako-clients.xml b/src/chrome/content/rules/Kayako-clients.xml
index d84ed92b2423..0a61edf48425 100644
--- a/src/chrome/content/rules/Kayako-clients.xml
+++ b/src/chrome/content/rules/Kayako-clients.xml
@@ -3,13 +3,13 @@
 	otherwise have no rules off by default.
 
 -->
-<ruleset name="Kayako clients" default_off="mismatch">
+<ruleset name="Kayako clients" default_off="mismatched">
 
 	<!--	Cert: *.kayako.com	-->
 	<target host="*.helpserve.com" />
 
 
-	<securecookie host="^.*\.helpserve\.com$" name=".*" />
+	<securecookie host=".+" name=".+" />
 
 
 	<!--	Clients have unique subdomains, e.g.
diff --git a/src/chrome/content/rules/Kayako.xml b/src/chrome/content/rules/Kayako.xml
index e128cfd4b467..0977f0760f63 100644
--- a/src/chrome/content/rules/Kayako.xml
+++ b/src/chrome/content/rules/Kayako.xml
@@ -30,7 +30,7 @@
 		<exclusion pattern="^http://(?:blog|forge|forums|wiki|www)\." />
 
 
-	<securecookie host=".+\.kayako\.com$" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
 
 	<rule from="^http://media\.kayako\.com/"
@@ -39,4 +39,4 @@
 	<rule from="^http://([\w-]+)\.kayako\.com/"
 		to="https://$1.kayako.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Kaywa-problematic.xml b/src/chrome/content/rules/Kaywa-problematic.xml
deleted file mode 100644
index 1653d104920b..000000000000
--- a/src/chrome/content/rules/Kaywa-problematic.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--	!functional:
-		- (www.)kaywa.(biz|com)		(cert: *.kaywa.biz; 401)
-		- (id|qrcode).kaywa.(biz|com)	(cert: ditto; redirects to photo.kaywa.(biz|com))
-		- (mobile|tee).kaywa.com	(cert: ditto; 401)
--->
-<ruleset name="Kaywa (problematic)" default_off="self-signed">
-
-	<target host="photo.kaywa.biz"/>
-	<target host="photo.kaywa.com"/>
-
-	<!--	cert !match .com, data identical	-->
-	<rule from="^http://photo\.kaywa\.(?:biz|com)/"
-		to="https://photo.kaywa.biz/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Kaywa.xml b/src/chrome/content/rules/Kaywa.xml
index fbfbdb171789..3439531e6bdd 100644
--- a/src/chrome/content/rules/Kaywa.xml
+++ b/src/chrome/content/rules/Kaywa.xml
@@ -1,9 +1,51 @@
-<ruleset name="Kaywa (partial)">
 
+<!--
+
+	Problematic hosts in *kaywa.com:
+
+		- ^ ¹
+		- www ¹
+		- datamatrix ¹
+		- id ¹
+		- int-stats ¹
+		- qr ¹
+		- qrfree ¹
+		- reader ¹
+		- scanvenger ¹
+		- support ¹
+		- tee ¹
+
+	¹ 401 over https
+
+-->
+<ruleset name="Kaywa.com (partial)" platform="mixedcontent">
+
+	<target host="kaywa.com" />
+	<target host="www.kaywa.com" />
+	<target host="akira.kaywa.com" />
+	<target host="aquila.kaywa.com" />
+	<target host="blog.kaywa.com" />
+	<target host="contact.kaywa.com" />
+	<target host="coupon.kaywa.com" />
+	<target host="faq.kaywa.com" />
+	<target host="kawasaki.kaywa.com" />
+	<target host="mx.kaywa.com" />
+	<target host="ns1.kaywa.com" />
+	<target host="photo.kaywa.com" />
 	<target host="qrcode.kaywa.com" />
+	<target host="tee.kaywa.com" />
+	<target host="ticket.kaywa.com" />
+	<target host="toshiro.kaywa.com" />
 
+	<securecookie host="^\w" name=".+" />
 
-	<rule from="^http://qrcode\.kaywa\.com/"
+	<rule from="^http://(www\.)?kaywa\.com/"
 		to="https://qrcode.kaywa.com/" />
 
+	<rule from="^http://tee\.kaywa\.com/"
+		to="https://charen.ch/" />
+
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/Kb.se.xml b/src/chrome/content/rules/Kb.se.xml
new file mode 100644
index 000000000000..455f88d8d558
--- /dev/null
+++ b/src/chrome/content/rules/Kb.se.xml
@@ -0,0 +1,13 @@
+<!--
+ 	Nonfunctional hosts in *.kb.se:
+	    www.libris.kb.se (m)	
+            librishelp.libris.kb.se (403 Forbidden)
+            uppsok.libris.kb.se (No route to host)
+-->
+<ruleset name="Kb.se">
+	<target host="kb.se" />
+	<target host="www.kb.se" />
+	<target host="libris.kb.se" />
+	<target host="sondera.kb.se" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Kb8ojh.net.xml b/src/chrome/content/rules/Kb8ojh.net.xml
new file mode 100644
index 000000000000..fe01e3642a78
--- /dev/null
+++ b/src/chrome/content/rules/Kb8ojh.net.xml
@@ -0,0 +1,17 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.kb8ojh.net/ => https://www.kb8ojh.net/: (51, "SSL: no alternative certificate subject name matches target host name 'www.kb8ojh.net'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.kb8ojh.net/ => https://www.kb8ojh.net/: (51, "SSL: no alternative certificate subject name matches target host name 'www.kb8ojh.net'")
+-->
+<ruleset name="kb8ojh.net" default_off="failed ruleset test">
+
+	<target host="kb8ojh.net" />
+	<target host="www.kb8ojh.net" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Kbia-gmbh.de.xml b/src/chrome/content/rules/Kbia-gmbh.de.xml
new file mode 100644
index 000000000000..f19f6db6a788
--- /dev/null
+++ b/src/chrome/content/rules/Kbia-gmbh.de.xml
@@ -0,0 +1,40 @@
+<!--
+	Problematic hosts:
+
+		- (www.)? ¹
+		- cloud ²
+
+	¹ Mismatched
+	² Server sends no certificate chain, see https://whatsmychaincert.com
+
+
+	Fully covered hosts:
+
+		- cloud
+
+
+	Insecure cookies are set for these hosts:
+
+		- cloud.kbia-gmbh.de
+
+-->
+<ruleset name="kbia-gmbh.de (partial)" default_off="cert-chain">
+
+	<!--	Direct rewrites:
+				-->
+	<!--target host="kbia-gmbh.de" /-->
+	<target host="cloud.kbia-gmbh.de" />
+	<!--target host="www.kbia-gmbh.de" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^cloud\.kbia-gmbh\.de$" name="^oc[0-9a-z]+$" /-->
+
+	<securecookie host="^cloud\.kbia-gmbh\.de$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Kdelive.org.xml b/src/chrome/content/rules/Kdelive.org.xml
new file mode 100644
index 000000000000..02f63b7569a7
--- /dev/null
+++ b/src/chrome/content/rules/Kdelive.org.xml
@@ -0,0 +1,20 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://kdelive.org/ => https://kdelive.org/: (7, 'Failed to connect to kdelive.org port 443: Connection refused')
+Fetch error: http://www.kdelive.org/ => https://www.kdelive.org/: (7, 'Failed to connect to www.kdelive.org port 443: Connection refused')
+
+-->
+<ruleset name="Kdelive.org" default_off="failed ruleset test">
+
+	<target host="kdelive.org" />
+	<target host="www.kdelive.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Kdenlive.org.xml b/src/chrome/content/rules/Kdenlive.org.xml
new file mode 100644
index 000000000000..b23e4dae8453
--- /dev/null
+++ b/src/chrome/content/rules/Kdenlive.org.xml
@@ -0,0 +1,18 @@
+<!--
+	Mixed content:
+
+		- Images from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Kdenlive.org">
+
+	<target host="kdenlive.org" />
+	<target host="www.kdenlive.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/KeePass.info.xml b/src/chrome/content/rules/KeePass.info.xml
new file mode 100644
index 000000000000..83c8ed4eb94a
--- /dev/null
+++ b/src/chrome/content/rules/KeePass.info.xml
@@ -0,0 +1,6 @@
+<ruleset name="KeePass.info">
+	<target host="keepass.info" />
+	<target host="www.keepass.info" />
+
+	<rule from="^http:"	to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/KeePassX.xml b/src/chrome/content/rules/KeePassX.xml
index f2fc9cf8d5dc..49222e65de94 100644
--- a/src/chrome/content/rules/KeePassX.xml
+++ b/src/chrome/content/rules/KeePassX.xml
@@ -1,5 +1,5 @@
 <ruleset name="Keepassx">
   <target host="www.keepassx.org"/>
   <target host="keepassx.org"/>
-  <rule from="^http://(www\.)?keepassx\.org/" to="https://www.keepassx.org/"/>
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/KeePassXC.org.xml b/src/chrome/content/rules/KeePassXC.org.xml
new file mode 100644
index 000000000000..3654300f4ead
--- /dev/null
+++ b/src/chrome/content/rules/KeePassXC.org.xml
@@ -0,0 +1,16 @@
+<ruleset name="KeePassXC.org">
+
+	<target host="keepassxc.org" />
+	<target host="www.keepassxc.org" />
+	<target host="analytics.keepassxc.org" />
+	<target host="ci.keepassxc.org" />
+	<target host="docs.keepassxc.org" />
+	<target host="githook.keepassxc.org" />
+	<target host="snapshot.keepassxc.org" />
+	<target host="staging.keepassxc.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Keelog.com.xml b/src/chrome/content/rules/Keelog.com.xml
index eaaa0678e56b..8034c870a37c 100644
--- a/src/chrome/content/rules/Keelog.com.xml
+++ b/src/chrome/content/rules/Keelog.com.xml
@@ -4,7 +4,6 @@
 	<target host="www.keelog.com" />
 
 
-	<rule from="^http://(www\.)?keelog\.com/"
-		to="https://$1keelog.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Keen.IO.xml b/src/chrome/content/rules/Keen.IO.xml
new file mode 100644
index 000000000000..0ec4a5ab47cf
--- /dev/null
+++ b/src/chrome/content/rules/Keen.IO.xml
@@ -0,0 +1,28 @@
+<!--
+	Problematic hosts in *keen.io:
+
+		- status *
+
+	* StatusPage.io / mismatched
+
+-->
+<ruleset name="Keen.IO">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="keen.io" />
+	<target host="api.keen.io" />
+	<target host="www.keen.io" />
+
+	<!--	Complications:
+				-->
+	<target host="status.keen.io" />
+
+
+	<rule from="^http://status\.keen\.io/"
+		to="https://z3mvdbpvy7yh.statuspage.io/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/KeepTempo.com.xml b/src/chrome/content/rules/KeepTempo.com.xml
new file mode 100644
index 000000000000..5adcc3ec503d
--- /dev/null
+++ b/src/chrome/content/rules/KeepTempo.com.xml
@@ -0,0 +1,34 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://app.keeptempo.com/ => https://app.keeptempo.com/: (6, 'Could not resolve host: app.keeptempo.com')
+
+	For other Zetetic coverage, see Zetetic.net.xml.
+
+
+	(www.)?keeptempo.com: Redirects to http and 404s
+
+
+	Insecure cookies are set for these hosts:
+
+		- app.keeptempo.com
+
+-->
+<ruleset name="keepTempo.com (partial)" default_off="failed ruleset test">
+
+	<!--target host="keeptempo.com" /-->
+	<target host="app.keeptempo.com" />
+	<!--target host="www.keeptempo.com" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^app\.keeptempo\.com$" name="^_tempo_session_id$" /-->
+
+	<securecookie host="^app\.keeptempo\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Keep_all_the_things.com.xml b/src/chrome/content/rules/Keep_all_the_things.com.xml
new file mode 100644
index 000000000000..2a9dcea844d1
--- /dev/null
+++ b/src/chrome/content/rules/Keep_all_the_things.com.xml
@@ -0,0 +1,17 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://keepallthethings.com/ => https://keepallthethings.com/: (6, 'Could not resolve host: keepallthethings.com')
+
+-->
+<ruleset name="Keep all the things.com" default_off="failed ruleset test">
+
+	<target host="keepallthethings.com" />
+	<target host="assets.keepallthethings.com" />
+	<target host="control.keepallthethings.com" />
+	<target host="www.keepallthethings.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Kei.pl-mismatches.xml b/src/chrome/content/rules/Kei.pl-mismatches.xml
index aa8bb3eb7ea9..ec00097b72f8 100644
--- a/src/chrome/content/rules/Kei.pl-mismatches.xml
+++ b/src/chrome/content/rules/Kei.pl-mismatches.xml
@@ -5,9 +5,8 @@
 	<target host="default.kei.pl"/>
 	<target host="kreator.kei.pl"/>
 
-	<rule from="^http://(default|kreator)\.kei\.pl/"
-		to="https://$1.kei.pl/"/>
+	<rule from="^http:" to="https:" />
 
-	<securecookie host="^kreator\.kei\.pl$" name=".*"/>
+	<securecookie host="^kreator\.kei\.pl$" name=".+" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Kei.pl.xml b/src/chrome/content/rules/Kei.pl.xml
index e5e651162671..2f8aee531990 100644
--- a/src/chrome/content/rules/Kei.pl.xml
+++ b/src/chrome/content/rules/Kei.pl.xml
@@ -1,4 +1,6 @@
-<!--	See Kri.pl-mismatches.xml also
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://panel.kei.pl/ => https://panel.kei.pl/: Redirect for 'http://panel.kei.pl/' missing Location	See Kri.pl-mismatches.xml also
 -->
 <ruleset name="Kei.pl (partial)">
 
@@ -12,6 +14,6 @@
 	<rule from="^http://panel\.kei\.pl/"
 		to="https://panel.kei.pl/"/>
 
-	<securecookie host="^panel\.kei\.pl$" name=".*"/>
+	<securecookie host="^panel\.kei\.pl$" name=".+" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Keksbude.net.xml b/src/chrome/content/rules/Keksbude.net.xml
new file mode 100644
index 000000000000..4c6b98a84419
--- /dev/null
+++ b/src/chrome/content/rules/Keksbude.net.xml
@@ -0,0 +1,24 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://keksbude.net/ => https://keksbude.net/: (6, 'Could not resolve host: keksbude.net')
+Fetch error: http://svn.keksbude.net/ => https://svn.keksbude.net/: (6, 'Could not resolve host: svn.keksbude.net')
+Fetch error: http://www.keksbude.net/ => https://www.keksbude.net/: (6, 'Could not resolve host: www.keksbude.net')
+
+	Problematic subdomains:
+
+		- files *
+
+	* Mismatched
+
+-->
+<ruleset name="keksbude.net (partial)" default_off="failed ruleset test">
+
+	<target host="keksbude.net" />
+	<target host="svn.keksbude.net" />
+	<target host="www.keksbude.net" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Kelco_Maine.com.xml b/src/chrome/content/rules/Kelco_Maine.com.xml
new file mode 100644
index 000000000000..d5609655cfa0
--- /dev/null
+++ b/src/chrome/content/rules/Kelco_Maine.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- kelcomaine.com
+		- www.kelcomaine.com
+
+-->
+<ruleset name="Kelco Maine.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="kelcomaine.com" />
+	<target host="www.kelcomaine.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?kelcomaine\.com$" name="^(HTTPREFERER|INITIALIZED|REMOTEIP)$" /-->
+
+	<securecookie host="^(?:www\.)?kelcomaine\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Kelley-Blue-Book.xml b/src/chrome/content/rules/Kelley-Blue-Book.xml
index ca4ae9d05ce0..0c90b3681432 100644
--- a/src/chrome/content/rules/Kelley-Blue-Book.xml
+++ b/src/chrome/content/rules/Kelley-Blue-Book.xml
@@ -1,16 +1,25 @@
-<ruleset name="Kelley Blue Book Co." platform="mixedcontent">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://kbb.com/ => https://kbb.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://kbb.com/ => https://kbb.com/: (28, 'Connection timed out after 10000 milliseconds')
+-->
+<ruleset name="Kelley Blue Book Co." platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="kbb.com"/>
-	<target host="*.kbb.com"/>
+	<target host="s1.kbb.com" />
+	<target host="www.kbb.com" />
+	<target host="file.kbb.com" />
 	<!--	Akamai	-->
 	<target host="file.kelleybluebookimages.com"/>
 
-	<securecookie host="^(.*\.)?kbb\.com$" name=".*"/>
+	<securecookie host="^(?:.*\.)?kbb\.com$" name=".+" />
 
-	<rule from="^http://(s1\.|www\.)?kbb\.com/"
-		to="https://$1kbb.com/"/>
 
 	<rule from="^http://file\.k(?:bb|elleybluebookimages)\.com/"
 		to="https://file.kbb.com/"/>
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Kelly-Tarltons.xml b/src/chrome/content/rules/Kelly-Tarltons.xml
new file mode 100644
index 000000000000..9fd5672cfb3e
--- /dev/null
+++ b/src/chrome/content/rules/Kelly-Tarltons.xml
@@ -0,0 +1,15 @@
+<!--
+	For other Merlin Entertainments coverage, see Merlin-Entertainments.xml.
+-->
+
+<ruleset name="Kelly Tarltons">
+	<target host="kellytarltons.co.nz" />
+	<target host="m.kellytarltons.co.nz" />
+	<target host="secure.kellytarltons.co.nz" />
+	<target host="www.kellytarltons.co.nz" />
+
+	<securecookie host=".*\.kellytarltons\.co\.nz$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Kellycodetectors.com.xml b/src/chrome/content/rules/Kellycodetectors.com.xml
new file mode 100644
index 000000000000..11474d80665d
--- /dev/null
+++ b/src/chrome/content/rules/Kellycodetectors.com.xml
@@ -0,0 +1,15 @@
+<!--
+	Nonfunctional hosts in *.kellycodetectors.com:
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Kellycodetectors.com">
+	<target host="kellycodetectors.com" />
+	<target host="www.kellycodetectors.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Kenai.com.xml b/src/chrome/content/rules/Kenai.com.xml
new file mode 100644
index 000000000000..e5b9c5ec12fa
--- /dev/null
+++ b/src/chrome/content/rules/Kenai.com.xml
@@ -0,0 +1,21 @@
+<!--
+	For other Oracle coverage, see Oracle.xml.
+
+-->
+<ruleset name="Kenai.com">
+
+	<target host="kenai.com" />
+	<target host="*.kenai.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(asset-[0-3]\.)?kenai\.com$" name="^_junction2_session$" /-->
+
+	<securecookie host="^(?:asset-\d\.)?kenai\.com$" name=".+" />
+
+
+	<rule from="^http://(asset-\d\.|www\.)?kenai\.com/"
+		to="https://$1kenai.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Kenengba.com.xml b/src/chrome/content/rules/Kenengba.com.xml
new file mode 100644
index 000000000000..4eabbacd1de8
--- /dev/null
+++ b/src/chrome/content/rules/Kenengba.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Kenengba.com">
+  <target host="kenengba.com" />
+  <target host="www.kenengba.com" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Kenexa-mismatches.xml b/src/chrome/content/rules/Kenexa-mismatches.xml
index a2f5b851e6a1..fc523d830eab 100644
--- a/src/chrome/content/rules/Kenexa-mismatches.xml
+++ b/src/chrome/content/rules/Kenexa-mismatches.xml
@@ -2,7 +2,7 @@
 	For rules that are on by default, see Kenexa.xml.
 
 -->
-<ruleset name="Kenexa (mismatches)" default_off="mismatch">
+<ruleset name="Kenexa (mismatches)" default_off="mismatched">
 
 	<!--	Cert: www.kenexa.com	-->
 	<target host="kenexa.jobs" />
@@ -15,17 +15,19 @@
 	<target host="www.khpi.com" />
 
 
-	<securecookie host="^kenexa(governmentsolution|pod)s\.com$" name=".*" />
-	<securecookie host="^khpi\.com$" name=".*" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?kenexa\.jobs/"
+	<rule from="^http://www\.kenexa\.jobs/"
 		to="https://kenexa.jobs/" />
 
-	<rule from="^https?://(?:www\.)?kenexa(governmentsolution|pod)s\.com/"
+	<rule from="^http://www\.kenexa(governmentsolution|pod)s\.com/"
 		to="https://kenexa$1s.com/" />
 
-	<rule from="^https?://(?:www\.)?khpi\.com/"
+	<rule from="^http://www\.khpi\.com/"
 		to="https://khpi.com/" />
 
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/Kenexa.xml b/src/chrome/content/rules/Kenexa.xml
index 3be182800dc7..acfd2512e28a 100644
--- a/src/chrome/content/rules/Kenexa.xml
+++ b/src/chrome/content/rules/Kenexa.xml
@@ -1,37 +1,26 @@
 <!--
 	For problematic rules, see Kenexa-mismatches.xml.
 
+	For other IBM coverage, see IBM.xml.
 
-	Nonfunctional domains:
 
-		- blog.kenexa.com	(ssl_error_rx_record_too_long)
+	Nonfunctional hosts in *kenexa.com:
+
+		- blog ᵇ
+
+	ᵇ Shows default page
 
 -->
-<ruleset name="Kenexa (partial)">
+<ruleset name="Kenexa.com (partial)">
 
-	<target host="brassring.com" />
-	<target host="*.brassring.com" />
 	<target host="kenexa.com" />
 	<target host="www.kenexa.com" />
-	<target host="kenexaworldconference.com" />
-	<target host="www.kenexaworldconference.com" />
-
-
-	<securecookie host="^sjobs\.brassring\.com$" name=".*" />
-	<securecookie host="^www\.kenexa(worldconference)?\.com$" name=".*" />
 
 
-	<!--	- Times out over https
-		- Redirects like so over http
-					-->
-	<rule from="^https?://(?:www\.)?brassring\.com/"
-		to="https://www.kenexa.com/recruitment-technology/complex-global-enterprise" />
+	<securecookie host="^\w" name=".+" />
 
-	<rule from="^http://sjobs\.brassring\.com/"
-		to="https://sjobs.brassring.com/" />
 
-	<!--	Certs don't match !www.	-->
-	<rule from="^https?://(?:www\.)?kenexa(worldconference)?.com/"
-		to="https://www.kenexa$1.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Kenneth.io.xml b/src/chrome/content/rules/Kenneth.io.xml
new file mode 100644
index 000000000000..48770b26ea95
--- /dev/null
+++ b/src/chrome/content/rules/Kenneth.io.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .kenneth.io
+
+-->
+<ruleset name="Kenneth.io">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="kenneth.io" />
+	<target host="www.kenneth.io" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.kenneth\.io$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.kenneth\.io$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Kensington.xml b/src/chrome/content/rules/Kensington.xml
index e6f45be8f760..916eddad23a6 100644
--- a/src/chrome/content/rules/Kensington.xml
+++ b/src/chrome/content/rules/Kensington.xml
@@ -1,21 +1,43 @@
 <!--
+	^kensington.com: Dropped
+
+
 	CDN buckets:
 
 		- az31609.vo.msecnd.net
 		- accoblobstorageus.blob.core.windows.net/assets/images/kensingtonGlobal/
 
 -->
-<ruleset name="Kensington">
+<ruleset name="Kensington.com (partial)">
 
-	<target host="kensington.com" />
-	<target host="*.kensington.com" />
+	<!--	Direct rewrites:
+				-->
+	<target host="eshop.kensington.com" />
 	<target host="www.eshop.kensington.com" />
+	<!--target host="www.kensington.com" /-->
+
+	<target host="az31609.vo.msecnd.net" />
+
+	<!--	Complications:
+				-->
+	<!--target host="kensington.com" /-->
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.kensington\.com/en/\w\w/home$" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="(?:www\.)?eshop\.kensington\.com$" name="^(?:ASPSESSIONID[A-Z]{8}|UserGUIDShop)$" /-->
 
+	<securecookie host="(?:www\.)?eshop\.kensington\.com$" name=".+" />
 
-	<securecookie host="^.+\.kensington\.com$" name=".+" />
 
+	<!--rule from="^http://kensington\.com/"
+		to="https://www.kensington.com/" /-->
 
-	<rule from="^http://(www\.)?(eshop\.)?kensington\.com/"
-		to="https://$1$2kensington.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Kent.gov.uk.xml b/src/chrome/content/rules/Kent.gov.uk.xml
new file mode 100644
index 000000000000..0bb6c58f9173
--- /dev/null
+++ b/src/chrome/content/rules/Kent.gov.uk.xml
@@ -0,0 +1,124 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ola.kent.gov.uk/ => https://ola.kent.gov.uk/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.eis.kent.gov.uk/ => https://www.eiskent.co.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'www.eiskent.co.uk'")
+
+	Kent City Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *kent.gov.uk:
+
+		- beta ʰ
+		- local ʰ
+		- whatson ʳ
+
+	ʰ Redirects to http
+	ʳ Refused
+
+
+	Problematic hosts in *kent.gov.uk:
+
+		- consult ᵐ
+		- (www.)?consultations ᵐ ˢ
+		- digital ʳ
+		- www.eis ᵐ
+
+	ᵐ Mismatched
+	ʳ Refused, preemptable redirect
+	ˢ Self-signed
+
+
+	These altnames don't exist:
+
+		- www.ola.kent.gov.uk
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- beta.kent.gov.uk
+		- consult.kent.gov.uk
+		- democracy.kent.gov.uk
+		- www.eis.kent.gov.uk
+		- netloan.kent.gov.uk
+		- oktd.kent.gov.uk
+		- admin.oktd.kent.gov.uk
+		- open.kent.gov.uk
+		- admin.open.kent.gov.uk
+		- shareweb.kent.gov.uk
+		- webapps.kent.gov.uk
+		- www.kent.gov.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css, on:
+
+			- consultations from fonts.googleapis.com ˢ
+			- www.eis, oktd, admin.oktd, open, admin.open from www.google.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Kent.gov.uk (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="kent.gov.uk" />
+	<target host="democracy.kent.gov.uk" />
+	<target host="netloan.kent.gov.uk" />
+	<target host="oktd.kent.gov.uk" />
+	<target host="admin.oktd.kent.gov.uk" />
+	<target host="ola.kent.gov.uk" />
+	<target host="open.kent.gov.uk" />
+	<target host="admin.open.kent.gov.uk" />
+	<target host="shareweb.kent.gov.uk" />
+	<target host="webapps.kent.gov.uk" />
+	<target host="www.kent.gov.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="consult.kent.gov.uk" />
+	<target host="digital.kent.gov.uk" />
+	<target host="www.eis.kent.gov.uk" />
+
+		<!--	Formerly redirected to http:
+							-->
+		<test url="http://www.kent.gov.uk/about-the-council" />
+		<test url="http://www.kent.gov.uk/business/trading-standards/consumer-protection/consumer-alerts" />
+		<test url="http://www.kent.gov.uk/roads-and-travel" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^consult\.kent\.gov\.uk$" name="^(?:JSESSION|Server)ID$" /-->
+	<!--securecookie host="^(?:democracy|netloan)\.kent\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^(?:www\.eis|shareweb|webapps)\.kent\.gov\.uk$" name="^ISAWPLB\{[\dA-F]{8}(?:-[\da-f]{4}){3}-[\dA-F]{8}\}$" /-->
+	<!--securecookie host="^(?:oktd|admin\.oktd|open|admin\.open)\.kent\.gov\.uk$" name="^(?:CFGLOBALS|CFID|CFTOKEN|ISAWPLB\{[\dA-F]{8}(?:-[\da-f]{4}){3}-[\dA-F]{8}\})$" /-->
+	<!--securecookie host="^(?:beta|www)\.kent\.gov\.uk$" name="^SQ_SYSTEM_SESSION$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://consult\.kent\.gov\.uk/"
+		to="https://kent-consult.objective.co.uk/" />
+
+	<!--	Redirect keeps path amd args,
+		but not forward slash:
+					-->
+	<rule from="^http://digital\.kent\.gov\.uk/+"
+		to="https://www.youtube.com/KentCountyCouncil" />
+
+		<test url="http://digital.kent.gov.uk//" />
+
+	<rule from="^http://www\.eis\.kent\.gov\.uk/"
+		to="https://www.eiskent.co.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Kent_Backman.com.xml b/src/chrome/content/rules/Kent_Backman.com.xml
new file mode 100644
index 000000000000..d99319a9a301
--- /dev/null
+++ b/src/chrome/content/rules/Kent_Backman.com.xml
@@ -0,0 +1,12 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://b.kentbackman.com/ => https://b.kentbackman.com/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="Kent Backman.com (partial)" default_off="failed ruleset test">
+	<target host="b.kentbackman.com" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Kentico.xml b/src/chrome/content/rules/Kentico.xml
index e918416ed44b..6ef52053b55b 100644
--- a/src/chrome/content/rules/Kentico.xml
+++ b/src/chrome/content/rules/Kentico.xml
@@ -1,13 +1,13 @@
 <ruleset name="Kentico">
 
 	<target host="kentico.com" />
-	<target host="*.kentico.com" />
+	<target host="devnet.kentico.com" />
+	<target host="www.kentico.com" />
 
 
 	<securecookie host="^.+\.kentico\.com$" name=".+" />
 
 
-	<rule from="^http://(devnet\.|www\.)?kentico\.com/"
-		to="https://$1kentico.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/KentuckyOneHealth.org.xml b/src/chrome/content/rules/KentuckyOneHealth.org.xml
new file mode 100644
index 000000000000..0633ccf2a64c
--- /dev/null
+++ b/src/chrome/content/rules/KentuckyOneHealth.org.xml
@@ -0,0 +1,18 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.jhsmh.org/ => https://www.jhsmh.org/: (6, 'Could not resolve host: www.jhsmh.org')
+Fetch error: http://jhsmh.org/ => https://jhsmh.org/: (7, 'Failed to connect to jhsmh.org port 443: Connection timed out')
+
+-->
+<ruleset name="KentuckyOne Health" default_off="failed ruleset test">
+<target host="www.kentuckyonehealth.org"/>
+<target host=    "kentuckyonehealth.org"/>
+<!-- insidekentuckyonehealth.org without ssl -->
+<target host="www.jhsmh.org"/>
+<target host=    "jhsmh.org"/>
+<securecookie host="^((www)?\.)?kentuckyonehealth\.org$" name=".+" />
+<securecookie host="^www\.jhsmh\.org$" name=".+" />
+<rule from="^http:"
+	to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/Kerbal_Space_Program.xml b/src/chrome/content/rules/Kerbal_Space_Program.xml
new file mode 100644
index 000000000000..57f717490a7a
--- /dev/null
+++ b/src/chrome/content/rules/Kerbal_Space_Program.xml
@@ -0,0 +1,31 @@
+<!--
+	Nonfunctional hosts in *kerbalspaceprogram.com:
+
+		- forum *
+
+	* Refused
+
+
+	Insecure cookies are set for these hosts:
+
+		- kerbalspaceprogram.com
+		- www.kerbalspaceprogram.com
+
+-->
+<ruleset name="Kerbal Space Program.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+  <target host="kerbalspaceprogram.com" />
+  <target host="www.kerbalspaceprogram.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?kerbalspaceprogram\.com$" name="^(_pk_uid|PHPSESSID)$" /-->
+
+	<securecookie host="^(?:www\.)?kerbalspaceprogram\.com$" name=".+" />
+
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Kernel-Recipes.org.xml b/src/chrome/content/rules/Kernel-Recipes.org.xml
new file mode 100644
index 000000000000..e91eeafcecb8
--- /dev/null
+++ b/src/chrome/content/rules/Kernel-Recipes.org.xml
@@ -0,0 +1,22 @@
+<!--
+	www.kernel-recipes.org: Mismatched
+
+-->
+<ruleset name="Kernel-Recipes.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="kernel-recipes.org" />
+
+	<!--	Complications:
+				-->
+	<target host="www.kernel-recipes.org" />
+
+
+	<rule from="^http://www\.kernel-recipes\.org/"
+		to="https://kernel-recipes.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/KernelNewbies.org.xml b/src/chrome/content/rules/KernelNewbies.org.xml
new file mode 100644
index 000000000000..6db0f63d1a39
--- /dev/null
+++ b/src/chrome/content/rules/KernelNewbies.org.xml
@@ -0,0 +1,22 @@
+<ruleset name="Kernel Newbies.org">
+
+	<target host="kernelnewbies.org" />
+	<target host="www.kernelnewbies.org" />
+	<target host="br.kernelnewbies.org" />
+	<target host="virt.br.kernelnewbies.org" />
+	<target host="es.kernelnewbies.org" />
+	<target host="fa.kernelnewbies.org" />
+	<target host="forum.kernelnewbies.org" />
+	<target host="jp.kernelnewbies.org" />
+	<target host="lists.kernelnewbies.org" />
+	<target host="ru.kernelnewbies.org" />
+	<target host="tr.kernelnewbies.org" />
+	<target host="tw.kernelnewbies.org" />
+	<target host="virt.kernelnewbies.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/KernelOrg.xml b/src/chrome/content/rules/KernelOrg.xml
index ce2fb7dc3a30..d446005a0186 100644
--- a/src/chrome/content/rules/KernelOrg.xml
+++ b/src/chrome/content/rules/KernelOrg.xml
@@ -1,53 +1,81 @@
 <!--
-	As of 2012-05-14, known unprotected domains are:
+	Nonfunctional subdomains:
 
-		- planet *
-		- vger		(dropped)
-		- wireless	(404, CN: sipsolutions.net)
+		- planet ¹
+		- vger ²
+		- wireless ³
+		- oops ⁴
+		- ftp ⁵
 
-	* rx_record_too_long
+	¹ Plaintext reply
+	² Refused
+	³ 404, CN: sipsolutions.net
+	⁴ CN: *.rhcloud.com, too many redirects
+	⁵ Uses www.kernel.org cert
 
 
 	Problematic subdomains:
 
-		- ^		(cert only matches *.)
-
-
-	Fully covered subdomains:
-
-		- ^		(→ www)
-		- accounts
-		- all
-		- archive
-		- boot
-		- bugzilla
-		- eu
-		- ftp
-		- git
-		- [\w-]+.git
-		- mirrors
-		- patchwork
-		- pub
-		- userweb
-		- wiki
-		- [\w-]+.wiki
-		- www
+		- mirrors.us *
+
+	* Mismatched
+
+
+	Fully covered domains:
+
+		- kernel.org
+
+		- mirrors.\w\w.kernel.org:	(→ mirrors)
+
+			- us
+
+		- *.kernel.org: *
+
+			- (www.)?
+			- accounts
+			- all
+			- archive
+			- boot
+			- bugzilla
+			- eu
+			- git
+			- [\w-]+.git
+			- mirrors
+			- patchwork
+			- pub
+			- userweb
+			- wiki
+			- [\w-]+.wiki
+
+	* Except where excluded below
 
 -->
-<ruleset name="Kernel.org">
+<ruleset name="Kernel.org (partial)">
 
 	<target host="kernel.org" />
 	<target host="*.kernel.org" />
-		<exclusion pattern="^http://(?:planet|vger|wireless)\." />
+
+		<exclusion pattern="^http://(?:ftp|oops|planet|vger|wireless)\." />
+
+			<!--	+ve:
+					-->
+			<test url="http://ftp.kernel.org" />
+			<test url="http://oops.kernel.org" />
+			<test url="http://planet.kernel.org" />
+			<test url="http://vger.kernel.org" />
+			<test url="http://wireless.kernel.org" />
+
+		<test url="http://mirrors.eu.kernel.org/" />
+		<test url="http://patchwork.kernel.org/" />
 
 
-	<securecookie host="^.*\.kernel\.org$" name=".+" />
+	<securecookie host=".*\.kernel\.org$" name=".+" />
 
 
-	<rule from="^https?://kernel\.org/"
-		to="https://www.kernel.org/" />
+	<rule from="^http://mirrors\.\w\w\.kernel\.org/"
+		to="https://mirrors.kernel.org/" />
 
-	<rule from="^http://([\w\.-]+)\.kernel\.org/"
-		to="https://$1.kernel.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Kernel_concepts.xml b/src/chrome/content/rules/Kernel_concepts.xml
deleted file mode 100644
index f3b3ca99ec20..000000000000
--- a/src/chrome/content/rules/Kernel_concepts.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)
-
--->
-<ruleset name="kernel concepts (partial)" platform="cacert">
-
-	<target host="*.kernelconcepts.de" />
-
-
-	<securecookie host="^\.shop\.kernelconcepts\.de$" name=".+" />
-
-
-	<rule from="^http://shop\.kernelconcepts\.de/"
-		to="https://shop.kernelconcepts.de/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Kernl.us.xml b/src/chrome/content/rules/Kernl.us.xml
new file mode 100644
index 000000000000..dd1eb8b4f600
--- /dev/null
+++ b/src/chrome/content/rules/Kernl.us.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- kernl.us
+
+-->
+<ruleset name="Kernl.us">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="kernl.us" />
+	<target host="www.kernl.us" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^kernl\.us$" name="^connect\.sid$" /-->
+
+	<securecookie host="^kernl\.us$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ketchum.com.xml b/src/chrome/content/rules/Ketchum.com.xml
deleted file mode 100644
index 5cbb2da9ff90..000000000000
--- a/src/chrome/content/rules/Ketchum.com.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="Ketchum.com (partial)">
-
-	<target host="*.ketchum.com" />
-
-
-	<securecookie host="^\.?facebook\.ketchum\.com$" name=".+" />
-
-
-	<rule from="^http://facebook\.ketchum\.com/"
-		to="https://facebook.ketchum.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Kettering.gov.uk.xml b/src/chrome/content/rules/Kettering.gov.uk.xml
new file mode 100644
index 000000000000..c6a0e1c36090
--- /dev/null
+++ b/src/chrome/content/rules/Kettering.gov.uk.xml
@@ -0,0 +1,35 @@
+<!--
+	For other UK government coverage, see GOV.UK.xml.
+
+	Problematic hosts in *kettering.gov.uk:
+
+		- (www.)? ᵐ
+		- consult ᵐ
+
+	ᵐ Mismatched
+
+-->
+<ruleset name="Kettering.gov.uk">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="secure.kettering.gov.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="kettering.gov.uk" />
+	<target host="www.kettering.gov.uk" />
+	<target host="consult.kettering.gov.uk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://(www\.)?kettering\.gov\.uk/"
+		to="https://secure.kettering.gov.uk/" />
+
+	<rule from="^http://consult\.kettering\.gov\.uk/"
+		to="https://kettering-consult.objective.co.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/KettleBrand.com.xml b/src/chrome/content/rules/KettleBrand.com.xml
new file mode 100644
index 000000000000..baf7922fd8c7
--- /dev/null
+++ b/src/chrome/content/rules/KettleBrand.com.xml
@@ -0,0 +1,12 @@
+<!--
+	Active mixed content:
+		- kettlebrand.comm
+-->
+
+<ruleset name="KettleBrand.com" platform="mixedcontent">
+	<target host="kettlebrand.com" />
+	<target host="www.kettlebrand.com" />
+
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Kevag-Telekom.de.xml b/src/chrome/content/rules/Kevag-Telekom.de.xml
new file mode 100644
index 000000000000..de85bfb6179a
--- /dev/null
+++ b/src/chrome/content/rules/Kevag-Telekom.de.xml
@@ -0,0 +1,21 @@
+<!--
+	Other Kevag Telekom rulesets:
+
+		- KTk.de.xml
+
+-->
+<ruleset name="Kevag-Telekom.de">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="kevag-telekom.de" />
+	<target host="ftp.kevag-telekom.de" />
+	<target host="kundencenter.kevag-telekom.de" />
+	<target host="piwik.kevag-telekom.de" />
+	<target host="www.kevag-telekom.de" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/KevinAThompson.com.xml b/src/chrome/content/rules/KevinAThompson.com.xml
new file mode 100644
index 000000000000..27fbdb19687a
--- /dev/null
+++ b/src/chrome/content/rules/KevinAThompson.com.xml
@@ -0,0 +1,11 @@
+<!--
+	Active mixed content:
+		- www.kevinathompson.com
+-->
+
+<ruleset name="KevinAThompson.com" platform="mixedcontent">
+	<target host="kevinathompson.com" />
+	<target host="www.kevinathompson.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Kevinajacobs.com.xml b/src/chrome/content/rules/Kevinajacobs.com.xml
deleted file mode 100644
index 2ae9918ec506..000000000000
--- a/src/chrome/content/rules/Kevinajacobs.com.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="kevinajacobs.com" default_off="mismatch">
-
-	<target host="kevinajacobs.com"/>
-	<target host="www.kevinajacobs.com"/>
-
-	<rule from="^http://(www\.)?kevinajacobs\.com/"
-		to="https://kevinajacobs.com/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Key-server.io.xml b/src/chrome/content/rules/Key-server.io.xml
new file mode 100644
index 000000000000..b24b173348a7
--- /dev/null
+++ b/src/chrome/content/rules/Key-server.io.xml
@@ -0,0 +1,20 @@
+<!--
+	Nonfunctional hosts in *.key-server.io:
+		- www (m)
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Key-server.io">
+	<target host="key-server.io" />
+	<target host="www.key-server.io" />
+	<target host="pgp.key-server.io" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://www\.key-server\.io/" to="https://key-server.io/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/KeyDrive-mismatches.xml b/src/chrome/content/rules/KeyDrive-mismatches.xml
deleted file mode 100644
index 26ac25f5278b..000000000000
--- a/src/chrome/content/rules/KeyDrive-mismatches.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="KeyDrive (mismatches)" default_off="mismatch">
-
-	<target host="news.moniker.com"/>
-
-	<securecookie host="^news\.moniker\.com$" name=".*"/>
-
-	<rule from="^http://news\.moniker\.com/"
-		to="https://news.moniker.com/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/KeyDrive.xml b/src/chrome/content/rules/KeyDrive.xml
index cb74546f38a0..7b76fb93192d 100644
--- a/src/chrome/content/rules/KeyDrive.xml
+++ b/src/chrome/content/rules/KeyDrive.xml
@@ -1,23 +1,43 @@
+<!--
+
+	Problematic hosts:
+
+		- domainauctions.moniker.com ¹
+		- help.moniker.com ¹
+
+		- domains.snapnames.com ²
+
+	¹: Times out
+	²: Refused
+
+-->
 <ruleset name="KeyDrive (partial)">
 
-	<target host="moniker.com"/>
-	<target host="*.moniker.com"/>
-	<target host="snapnames.com"/>
-	<target host="*.snapnames.com"/>
+	<target host="moniker.com" />
+	<target host="www.moniker.com" />
+	<target host="domainauctions.moniker.com" />
+	<target host="help.moniker.com" />
+	<target host="login.moniker.com" />
+	<target host="wiki.moniker.com" />
+
+	<target host="snapnames.com" />
+	<target host="www.snapnames.com" />
+	<target host="maintenance.snapnames.com" />
+	<target host="support.snapnames.com" />
 
   <!--
   https://trac.torproject.org/projects/tor/ticket/7540
-	<securecookie host="^(.*\.)?moniker\.com$" name=".*"/>
-	<securecookie host="^(.*\.)?snapnames\.com$" name=".*"/>
+	<securecookie host="^(.*\.)?moniker\.com$" name=".+" />
+	<securecookie host="^(.*\.)?snapnames\.com$" name=".+" />
   -->
 
-	<rule from="^http://help\.moniker\.com/"
-		to="https://support.snapnames.com/"/>
+	<rule from="^http://domainauctions\.moniker\.com/"
+		to="https://www.moniker.com/moniker/customer-support" />
 
-	<rule from="^http://(domainauctions\.|www\.)?moniker\.com/"
-		to="https://$1moniker.com/"/>
+	<rule from="^http://help\.moniker\.com/"
+		to="https://wiki.moniker.com/"/>
 
-	<rule from="^http://(moniker\.|www\.)?snapnames\.com/"
-		to="https://moniker.snapnames.com/"/>
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/KeyGhost.com-problematic.xml b/src/chrome/content/rules/KeyGhost.com-problematic.xml
deleted file mode 100644
index 25916c11f6a0..000000000000
--- a/src/chrome/content/rules/KeyGhost.com-problematic.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	For rules that are on by default, see KeyGhost.com.xml.
-
--->
-<ruleset name="KeyGhost.com (expired)" default_off="expired, md5 signed">
-
-	<target host="keyghost.com" />
-	<target host="www.keyghost.com" />
-
-
-	<rule from="^http://(?:www\.)?keyghost\.com/"
-		to="https://www.keyghost.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/KeyGhost.com.xml b/src/chrome/content/rules/KeyGhost.com.xml
index 4966ca246dea..0da41d0d4cc7 100644
--- a/src/chrome/content/rules/KeyGhost.com.xml
+++ b/src/chrome/content/rules/KeyGhost.com.xml
@@ -1,7 +1,4 @@
 <!--
-	For problematic rules, see KeyGhost.com-problematic.xml.
-
-
 	Problematic subdomains:
 
 		- ^	(expired, cert only matches www)
@@ -18,7 +15,6 @@
 	<target host="secure.keyghost.com" />
 
 
-	<rule from="^http://secure\.keyghost\.com/"
-		to="https://secure.keyghost.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Keyerror.com.xml b/src/chrome/content/rules/Keyerror.com.xml
deleted file mode 100644
index baaa9ff5f8bb..000000000000
--- a/src/chrome/content/rules/Keyerror.com.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!-- This rule was automatically generated based on an HSTS
-     preload rule in the Chromium browser.  See 
-     https://src.chromium.org/viewvc/chrome/trunk/src/net/base/transport_security_state.cc
-     for the list of preloads.  Sites are added to the Chromium HSTS
-     preload list on request from their administrators, so HTTPS should
-     work properly everywhere on this site.
- 
-     Because Chromium and derived browsers automatically force HTTPS for
-     every access to this site, this rule applies only to Firefox. -->
-<ruleset name="Keyerror.com" platform="firefox">
-  <target host="keyerror.com" />
-  <target host="www.keyerror.com" />
-
-  <securecookie host="^keyerror\.com$" name=".+" />
-  <securecookie host="^www.keyerror\.com$" name=".+" />
-
-  <rule from="^http://(www\.)?keyerror\.com/" to="https://keyerror.com/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Keygens.nl.xml b/src/chrome/content/rules/Keygens.nl.xml
new file mode 100644
index 000000000000..7dbcf3e5fb8a
--- /dev/null
+++ b/src/chrome/content/rules/Keygens.nl.xml
@@ -0,0 +1,24 @@
+<!--
+	NB: Server sends no certificate chain, see https://whatsmychaincert.com
+
+	www.keygens.nl: Mismatched
+
+-->
+<ruleset name="Keygens.nl" default_off="cert-chain">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="keygens.nl" />
+
+	<!--	Complications:
+				-->
+	<target host="www.keygens.nl" />
+
+
+	<rule from="^http://www\.keygens\.nl/"
+		to="https://keygens.nl/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Keytiles.com.xml b/src/chrome/content/rules/Keytiles.com.xml
new file mode 100644
index 000000000000..b684632791e5
--- /dev/null
+++ b/src/chrome/content/rules/Keytiles.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="Keytiles.com">
+
+	<target host="keytiles.com"/>
+	<target host="www.keytiles.com"/>
+	<target host="lb.keytiles.com"/>
+	<target host="man.keytiles.com"/>
+	<target host="secure.keytiles.com"/>
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/KeywordDiscovery.com.xml b/src/chrome/content/rules/KeywordDiscovery.com.xml
new file mode 100644
index 000000000000..27000a7823b8
--- /dev/null
+++ b/src/chrome/content/rules/KeywordDiscovery.com.xml
@@ -0,0 +1,19 @@
+<!--
+	For other Trellian coverage, see Trellian.xml.
+
+	Invalid certificate:
+		counter.keyworddiscovery.com
+		nl.keyworddiscovery.com
+
+-->
+<ruleset name="KeywordDiscovery.com">
+
+	<target host="keyworddiscovery.com" />
+	<target host="www.keyworddiscovery.com" />
+	<target host="api.keyworddiscovery.com" />
+		<test url="http://api.keyworddiscovery.com/cgi-bin/addme/free.cgi" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Keyword_Discovery.xml b/src/chrome/content/rules/Keyword_Discovery.xml
deleted file mode 100644
index 8155e16d069a..000000000000
--- a/src/chrome/content/rules/Keyword_Discovery.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	For other Trellian coverage, see Trellian.xml.
-
-
-	CN: *.vendercom.com
-
--->
-<ruleset name="Keyword Discovery" default_off="mismatched">
-
-	<target host="keyworddiscovery.com" />
-	<target host="www.keyworddiscovery.com" />
-
-
-	<securecookie host="^keyworddiscovery\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?keyworddiscovery\.com/"
-		to="https://keyworddiscovery.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Kfc.ca.xml b/src/chrome/content/rules/Kfc.ca.xml
new file mode 100644
index 000000000000..74428200426c
--- /dev/null
+++ b/src/chrome/content/rules/Kfc.ca.xml
@@ -0,0 +1,14 @@
+<!--
+	Invalid certificate:
+		- careers.kfc.ca
+
+	SSL error:
+		- morefor4.kfc.ca
+-->
+
+<ruleset name="Kfc.ca">
+	<target host="kfc.ca" />
+	<target host="www.kfc.ca" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Kfs.io.xml b/src/chrome/content/rules/Kfs.io.xml
new file mode 100644
index 000000000000..caae9da264fa
--- /dev/null
+++ b/src/chrome/content/rules/Kfs.io.xml
@@ -0,0 +1,15 @@
+<!--
+	For other KKBOX coverage, see KKBOX.com.xml.
+
+
+	(www.) doesn't exist.
+
+-->
+<ruleset name="kfs.io">
+
+	<target host="i.kfs.io" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Khalsa-Credit-Union.xml b/src/chrome/content/rules/Khalsa-Credit-Union.xml
new file mode 100644
index 000000000000..df684a00b59c
--- /dev/null
+++ b/src/chrome/content/rules/Khalsa-Credit-Union.xml
@@ -0,0 +1,13 @@
+<!--
+	Server errors:
+		- khalsacreditunion.ca
+-->
+
+<ruleset name="Khalsa Credit Union">
+	<target host="khalsacreditunion.ca" />
+	<!-- <target host="www.khalsacreditunion.ca" /> -->
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Khamsat.com.xml b/src/chrome/content/rules/Khamsat.com.xml
new file mode 100644
index 000000000000..55493ca894d0
--- /dev/null
+++ b/src/chrome/content/rules/Khamsat.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="Khamsat.com">
+	<target host="khamsat.com" />
+	<target host="www.khamsat.com" />
+	<target host="blog.khamsat.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Khan-Academy.xml b/src/chrome/content/rules/Khan-Academy.xml
index 298f012f028e..3d81a4c2ce43 100644
--- a/src/chrome/content/rules/Khan-Academy.xml
+++ b/src/chrome/content/rules/Khan-Academy.xml
@@ -1,12 +1,140 @@
+<!--
+	Wildcard certificate and DNS records:
+		- kasandbox.org
+		- kastatic.org
+		- khanacademy.org
+
+
+	kasandbox.org:
+		Invalid certificate:
+			- graphie-to-png.kasandbox.org
+
+
+	khanacademy.org:
+		Connection closed:
+			- cs-blog.khanacademy.org
+			- data.khanacademy.org
+
+		Connection refused:
+			- toby.khanacademy.org
+
+		Invalid certificate:
+			- invalid cert
+			- crowdin.khanacademy.org
+			- emails.khanacademy.org
+			- internal-services-kube.khanacademy.org
+			- international.khanacademy.org
+			- life.khanacademy.org
+			- schools.khanacademy.org
+			- sendgrid.khanacademy.org
+			- sthorizon.khanacademy.org
+
+		Timed out:
+			- hackweek.khanacademy.org
+			- healthyhackathon.khanacademy.org
+-->
+
 <ruleset name="Khan Academy">
+	<!-- kasandbox.org -->
+	<target host="www.kasandbox.org" />
+
+
+	<!-- kastatic.org -->
+	<target host="www.kastatic.org" />
+	<target host="ar.kastatic.org" />
+	<target host="cdn.kastatic.org" />
+	<target host="en.kastatic.org" />
+	<target host="es.kastatic.org" />
+	<target host="fastly.kastatic.org" />
+	<target host="fr.kastatic.org" />
+	<target host="maxcdn.kastatic.org" />
+	<target host="nl.kastatic.org" />
+	<target host="no.kastatic.org" />
+	<target host="pt.kastatic.org" />
+
 
-	<target host="khamacademy.org"/>
-	<target host="www.khamacademy.org"/>
-	<target host="khan-academy.appspot.com"/>
+	<!-- khanacademy.org -->
+	<target host="khanacademy.org" />
+	<target host="www.khanacademy.org" />
+	<target host="alerta.khanacademy.org" />
+	<target host="api-explorer.khanacademy.org" />
+	<target host="ar.khanacademy.org" />
+	<target host="bg.khanacademy.org" />
+	<target host="bn.khanacademy.org" />
+	<target host="boxes.khanacademy.org" />
+	<target host="buildmaster.khanacademy.org" />
+	<target host="cmn.khanacademy.org" />
+	<target host="content.khanacademy.org" />
+	<target host="crowdin-gcs-sync.khanacademy.org" />
+	<target host="cs.khanacademy.org" />
+	<target host="da.khanacademy.org" />
+	<target host="da-dk.khanacademy.org" />
+	<target host="de.khanacademy.org" />
+	<target host="de-de.khanacademy.org" />
+	<target host="el.khanacademy.org" />
+	<target host="en.khanacademy.org" />
+	<target host="engineering.khanacademy.org" />
+	<target host="es.khanacademy.org" />
+	<target host="en-pt.khanacademy.org" />
+	<target host="error-monitor-db.khanacademy.org" />
+	<target host="es-es-boxes.khanacademy.org" />
+	<target host="fa.khanacademy.org" />
+	<target host="fa-af.khanacademy.org" />
+	<target host="fr.khanacademy.org" />
+	<target host="he.khanacademy.org" />
+	<target host="hi.khanacademy.org" />
+	<target host="hy.khanacademy.org" />
+	<target host="id.khanacademy.org" />
+	<target host="international-forum.khanacademy.org" />
+	<target host="it.khanacademy.org" />
+	<target host="ja.khanacademy.org" />
+	<target host="jenkins.khanacademy.org" />
+	<target host="ka.khanacademy.org" />
+	<target host="khanalytics.khanacademy.org" />
+	<target host="ko.khanacademy.org" />
+	<target host="learn.khanacademy.org" />
+	<target host="lol.khanacademy.org" />
+	<target host="mathfacts.khanacademy.org" />
+	<target host="mn.khanacademy.org" />
+	<target host="mobile-ci.khanacademy.org" />
+	<target host="mooc.khanacademy.org" />
+	<target host="ms.khanacademy.org" />
+	<target host="nb.khanacademy.org" />
+	<target host="nl.khanacademy.org" />
+	<target host="no.khanacademy.org" />
+	<target host="phabricator.khanacademy.org" />
+	<target host="pl.khanacademy.org" />
+	<target host="pl-pl.khanacademy.org" />
+	<target host="pt.khanacademy.org" />
+	<target host="pt-pt.khanacademy.org" />
+	<target host="ptpt.khanacademy.org" />
+	<target host="ru.khanacademy.org" />
+	<target host="shop.khanacademy.org" />
+	<target host="smarthistory.khanacademy.org" />
+	<target host="sr.khanacademy.org" />
+	<target host="status.khanacademy.org" />
+	<target host="sw.khanacademy.org" />
+	<target host="te.khanacademy.org" />
+	<target host="team.khanacademy.org" />
+	<target host="th.khanacademy.org" />
+	<target host="tr.khanacademy.org" />
+	<target host="uk.khanacademy.org" />
+	<target host="ur.khanacademy.org" />
+	<target host="us.khanacademy.org" />
+	<target host="xh.khanacademy.org" />
+	<target host="ycla.khanacademy.org" />
+	<target host="zero.khanacademy.org" />
+	<target host="www.zero.khanacademy.org" />
+	<target host="es.zero.khanacademy.org" />
+	<target host="httpswww.zero.khanacademy.org" />
+	<target host="zh.khanacademy.org" />
+	<target host="zh-hans.khanacademy.org" />
+	<target host="zu.khanacademy.org" />
 
-	<securecookie host="^khan-academy\.appspot\.com$" name=".*"/>
 
-	<rule from="^http://(?:www\.)?khanacademy\.org/"
-		to="https://khan-academy.appspot.com/"/>
+	<!-- Not secured by server -->
+	<!--securecookie host="^www\.khanacademy\.org$" name="^(KAID_PH|detectCookiesEnabled|fkey|gae_b_id|return_visits_.+)$"/-->
+	<securecookie host=".+" name=".+" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Khronos.xml b/src/chrome/content/rules/Khronos.xml
index fe99000f3564..e6c03cea6647 100644
--- a/src/chrome/content/rules/Khronos.xml
+++ b/src/chrome/content/rules/Khronos.xml
@@ -1,24 +1,18 @@
-<!--
-	Other Khronos Group rulesets:
-
-		- COLLADA.xml
-
--->
-<ruleset name="Khronos Group (partial)" platform="mixedcontent">
+<ruleset name="Khronos Group (partial)">
 
 	<target host="khronos.org" />
 	<target host="*.khronos.org" />
 
 
-	<securecookie host="^www\.khronos\.org$" name=".*" />
+	<securecookie host="^www\.khronos\.org$" name=".+" />
 
 
 	<!--	Cert only matches www.	-->
-	<rule from="^https?://(?:www\.)?khronos\.org/"
+	<rule from="^http://(?:www\.)?khronos\.org/"
 		to="https://www.khronos.org/" />
 
 	<!--	Files under assets/ appear to be identical.	-->
-	<rule from="^https?://\w\w\.khronos\.org/assets/"
+	<rule from="^http://\w\w\.khronos\.org/assets/"
 		to="https://www.khronos.org/assets/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/KiCanada.com.xml b/src/chrome/content/rules/KiCanada.com.xml
new file mode 100644
index 000000000000..e2da4375f412
--- /dev/null
+++ b/src/chrome/content/rules/KiCanada.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="KiCanada.com">
+	<target host="kicanada.com" />
+	<target host="www.kicanada.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Kick-Ass.xml b/src/chrome/content/rules/Kick-Ass.xml
index aacc09a7271c..c34f788b5887 100644
--- a/src/chrome/content/rules/Kick-Ass.xml
+++ b/src/chrome/content/rules/Kick-Ass.xml
@@ -1,13 +1,14 @@
 <ruleset name="Kick Ass">
 
 	<target host="kickassapp.com" />
-	<target host="*.kickassapp.com" />
+	<target host="hi.kickassapp.com" />
+	<target host="www.kickassapp.com" />
 
 
-	<securecookie host="^\.?kickassapp\.com$" name=".*" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(hi\.|www\.)?kickassapp\.com/"
-		to="https://$1kickassapp.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/KickApps.xml b/src/chrome/content/rules/KickApps.xml
index 6e1f5b7ade81..c3f0f40287d3 100644
--- a/src/chrome/content/rules/KickApps.xml
+++ b/src/chrome/content/rules/KickApps.xml
@@ -1,4 +1,10 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://media.kickstatic.com/ => https://media.kickstatic.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://media.kickstatic.com/ => https://media.kickstatic.com/: (6, 'Could not resolve host: media.kickstatic.com')
 	Nonfunctional subdomains:
 
 		- ^	(times out)
@@ -10,19 +16,16 @@
 		- login.cloud	(works, depth mismatched)
 
 -->
-<ruleset name="KickApps (partial)">
+<ruleset name="KickApps (partial)" default_off="failed ruleset test">
 
-	<target host="*.kickapps.com" />
+	<target host="affiliate.kickapps.com" />
+	<target host="community.kickapps.com" />
 	<target host="media.kickstatic.com" />
 
 
 	<securecookie host="^(?:affiliate|community)\.kickapps\.com$" name=".+" />
 
 
-	<rule from="^http://(affiliate|community)\.kickapps\.com/"
-		to="https://$1.kickapps.com/" />
-
-	<rule from="^http://media\.kickstatic\.com/"
-		to="https://media.kickstatic.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/KickAssVPS.com.xml b/src/chrome/content/rules/KickAssVPS.com.xml
index ad8fa6167a85..4fb8e47b4a96 100644
--- a/src/chrome/content/rules/KickAssVPS.com.xml
+++ b/src/chrome/content/rules/KickAssVPS.com.xml
@@ -1,11 +1,42 @@
-<ruleset name="KickAssVPS.com" platform="mixedcontent">
+<!--
+	Nonfunctional hosts in *kickassvps.com:
 
-	<target host="kickassvps.com" />
-	<target host="*.kickassvps.com" />
+		- manage ᵇ
+		- www ʰ
 
-	<securecookie host="^manage\.kickassvps\.com$" name=".+" />
+	ᵇ Shows default page
+	ʰ Redirects to http
 
-	<rule from="^http://(manage\.|www\.)?kickassvps\.com/"
-          to="https://$1kickassvps.com/" />
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- clients.kickassvps.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="KickAssVPS.com (partial)">
+
+	<target host="clients.kickassvps.com" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.kickassvps\.com/(?:$|assets/|favicon\.ico)" /-->
+
+			<!--	+ve:
+					-->
+			<!--test url="http://www.kickassvps.com/assets/images/buttons-bg.png" /-->
+			<!--test url="http://www.kickassvps.com/favicon.ico" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^clients\.kickassvps\.com$" name="^WHMCS\w+$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/KickNews.xml b/src/chrome/content/rules/KickNews.xml
index a36d9ec29929..e7b463163e94 100644
--- a/src/chrome/content/rules/KickNews.xml
+++ b/src/chrome/content/rules/KickNews.xml
@@ -1,38 +1,71 @@
 <!--
-	Problematic domains:
+	Non-functional hosts in *.kicknews.com
+		Timeout was reached:
+			 - s03.kicknews.com
+			 - s04.kicknews.com
 
-		- (www.)kicknews.co.uk	(blank page, valid cert)
+		SSL peer certificate was not OK:
+			 - blog.kicknews.com
 
+		Incomplete certificate chain error:
+			 - direct.kicknews.com
+			 - s01.kicknews.com
+			 - s02.kicknews.com
 
-	Fully covered domains:
+		Mixed content blocking (MCB) triggered:
+			 - m.kicknews.com
 
-		- (www.)arsenalnews.net
-		- (www.)kicknews.co.uk	(→ www.kicknews.com)
-		- (www.)kicknews.com
-		- (www.)kicknews.net
 
--->
-<ruleset name="KickNews">
+	Non-functional hosts *arsenalnews.net
+		SSL peer certificate was not OK:
+			 - www.ipv6.arsenalnews.net
 
-	<target host="arsenalnews.net" />
-	<!--
-		*s for cross-domain cookies.
-						-->
-	<target host="*.arsenalnews.net" />
-	<target host="kicknews.*" />
-	<target host="kicknews.co.uk" />
-	<target host="www.kicknews.co.uk" />
-	<target host="*.kicknews.com" />
-	<target host="*.kicknews.net" />
+		Incomplete certificate chain error:
+			 - beta.arsenalnews.net
+			 - m.beta.arsenalnews.net
+			 - direct.arsenalnews.net
+			 - s01.arsenalnews.net
+
+		Mixed content blocking (MCB) triggered:
+			 - m.arsenalnews.net
+
+
+	Non-functional hosts in *kicknews.net
+		SSL connect error:
+			 - dev.m.kicknews.net
 
+		Incomplete certificate chain error:
+			 - direct.kicknews.net
+			 - link.kicknews.net
 
-	<securecookie host="^(?:.*\.)?(?:arsenal|kick)news\.(?:com|net)$" name=".+" />
 
+	Non-functional hosts in *kicknews.co.uk
+		SSL connect error:
+			 - stats.kicknews.co.uk
 
-	<rule from="^http://(www\.)?(arsenal|kick)news\.net/"
-		to="https://$1$2news.net/" />
+-->
+<ruleset name="KickNews (partial)">
+	<!-- *kicknews.com -->
+	<target host="kicknews.com" />
+	<target host="www.kicknews.com" />
+
+	<!-- *arsenalnews.net -->
+	<target host="arsenalnews.net" />
+	<target host="www.arsenalnews.net" />
+	<target host="ipv6.arsenalnews.net" />
+
+	<!-- *kicknews.net -->
+	<target host="kicknews.net" />
+	<target host="www.kicknews.net" />
+	<target host="blog.kicknews.net" />
+	<target host="dev.kicknews.net" />
+	<target host="m.kicknews.net" />
+
+	<!-- *kicknews.co.uk -->
+	<target host="kicknews.co.uk" />
+	<target host="www.kicknews.co.uk" />
 
-	<rule from="^http://(?:www\.)?kicknews\.co(?:\.uk|com)/"
-		to="https://www.kicknews.com/" />
+	<securecookie host=".+" name=".+" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/KickassTorrents.xml b/src/chrome/content/rules/KickassTorrents.xml
index 315904ca0060..3996ff78755d 100644
--- a/src/chrome/content/rules/KickassTorrents.xml
+++ b/src/chrome/content/rules/KickassTorrents.xml
@@ -1,26 +1,37 @@
-<!--
-	Requested: https://trac.torproject.org/projects/tor/ticket/9232
+<!--kat.am: Kat.am.xml
 
--->
+(www.)?kat.ph timed out
+(www.)?kickass.to refused
+(www.)?kat.cr timed out
+(www.)?kastatic.com refused
+(www.)?kastatus.com nonexist
+(www.)?ka.tt timed out
+(www.)?kickass.la nonexist
+(www.)?kickass.mx nonexist
+(www.)?kickass.so mismatch
+(www.)?kickasstorrents.im nonexist
+(www.)?kickassto.co timed out
+(www.)?kickass.ag timed out
+(www.)?thekat.tv refused
+(www.)?kickass.ac timed out
+(www.)?katproxy.is timed out
+(www.)?kickasstorrents.website nonexist-->
 <ruleset name="KickassTorrents">
-  <target host="kat.ph" />
-  <target host="*.kat.ph" />
-	<target host="kickass.to" />
-	<target host="www.kickass.to" />
-  <target host="kickasstorrents.com" />
-  <target host="www.kickasstorrents.com" />
-  <target host="kastatic.com" />
+	<target host="kickasstorrents.to" />
+	<target host="www.kickasstorrents.to" />
+	<target host="kickass-torrents.to" />
+	<target host="www.kickass-torrents.to" />
+	<target host="kickasstorrents.eu" />
+	<target host="www.kickasstorrents.eu" />
 
-  <rule from="^http://(?:www\.)?kat\.ph/"
-	  to="https://kat.ph/" />
+	<!--kat.am forks-->
+	<target host="kickass.cd" />
+	<target host="www.kickass.cd" />
 
-	<rule from="^http://(www\.)?kickass\.to/"
-		to="https://$1kickass.to/" />
+	<target host="katcr.co" />
+	<target host="www.katcr.co" />
 
-  <rule from="^http://(?:www\.)?kickasstorrents\.com/"
-	  to="https://kickass.to/" />
-  <rule from="^http://kastatic\.com/"
-	  to="https://kastatic.com/" />
+	<securecookie host=".+" name=".+" />
 
-  <securecookie host="^\.kat\.ph$" name=".*"/>
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Kicker.de.xml b/src/chrome/content/rules/Kicker.de.xml
new file mode 100644
index 000000000000..b8db34bc46d0
--- /dev/null
+++ b/src/chrome/content/rules/Kicker.de.xml
@@ -0,0 +1,67 @@
+<!--
+	SSL: no alternative certificate subject name matches target host name:
+		- *.damoh.kicker.de
+		- spielerkabine.kicker.de
+		- ue.kicker.de
+
+	Timeout:
+		- ads.kicker.de
+		- api0.kicker.de
+		- appandroid-cdn.kicker.de
+		- cdn.kicker.de
+		- cetv.kicker.de
+		- devovsyndication.kicker.de
+		- media.kicker.de
+		- mediadb.kicker.de
+		- mediaproxy.kicker.de
+		- origin.kicker.de
+		- photodb.kicker.de
+		- podcast.kicker.de
+		- wcf.kicker.de
+-->
+<ruleset name="Kicker.de">
+
+	<target host="kicker.de" />
+	<target host="www.kicker.de" />
+	<target host="11ts-shop.kicker.de" />
+	<target host="aktion.kicker.de" />
+	<target host="api.kicker.de" />
+	<target host="appmedia.kicker.de" />
+	<target host="appmedia-cdn.kicker.de" />
+	<target host="community.kicker.de" />
+	<target host="community-stage.kicker.de" />
+	<target host="ssl.1.damoh.kicker.de" />
+	<target host="ssl.2.damoh.kicker.de" />
+	<target host="ssl.3.damoh.kicker.de" />
+	<target host="derivates.kicker.de" />
+	<target host="emagazine.kicker.de" />
+	<target host="esport.kicker.de" />
+	<target host="esportcup.kicker.de" />
+	<target host="euro.kicker.de" />
+	<target host="jdgtgb.kicker.de" />
+	<target host="leserservice.kicker.de" />
+	<target host="lesesaal.kicker.de" />
+	<target host="manager.kicker.de" />
+	<target host="olympia.kicker.de" />
+	<target host="ovsyndication.kicker.de" />
+	<target host="partnershop.kicker.de" />
+	<target host="rss.kicker.de" />
+	<target host="secure.kicker.de" />
+	<target host="secure-media.kicker.de" />
+	<target host="secure-mediadb.kicker.de" />
+	<target host="secure-mediaproxy.kicker.de" />
+	<target host="shop.kicker.de" />
+	<target host="stageapi.kicker.de" />
+	<target host="stageovsyndication.kicker.de" />
+	<target host="static.kicker.de" />
+	<target host="staticsecure.kicker.de" />
+	<target host="b0.t.kicker.de" />
+	<target host="tipp.kicker.de" />
+	<target host="ues.kicker.de" />
+	<target host="voting.kicker.de" />
+	<target host="votingrelaunch.kicker.de" />
+	<target host="wintersport.kicker.de" />
+
+	<rule from="^http:"	to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Kickflip.io.xml b/src/chrome/content/rules/Kickflip.io.xml
new file mode 100644
index 000000000000..7fc4b98119db
--- /dev/null
+++ b/src/chrome/content/rules/Kickflip.io.xml
@@ -0,0 +1,28 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- kickflip.io
+		- www.kickflip.io
+
+-->
+<ruleset name="Kickflip.io">
+
+	<target host="kickflip.io" />
+	<target host="www.kickflip.io" />
+
+		<!--	Sets cookie without Secure:
+							-->
+		<test url="http://kickflip.io/accounts/login/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?kickflip\.io$" name="^csrftoken$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Kickstarter.xml b/src/chrome/content/rules/Kickstarter.xml
index fa7d1f87a61b..bb11937d10da 100644
--- a/src/chrome/content/rules/Kickstarter.xml
+++ b/src/chrome/content/rules/Kickstarter.xml
@@ -1,21 +1,18 @@
 <!-- Bucket at s3.amazonaws.com/ksr/ | d297h9he240fqh.cloudfront.net
 -->
-<ruleset name="Kickstarter (partial)">
+<ruleset name="Kickstarter.com (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="kickstarter.com"/>
-	<target host="*.kickstarter.com"/>
+	<target host="api.kickstarter.com"/>
+	<target host="www.kickstarter.com"/>
 
 
 	<securecookie host="^api\.kickstarter\.com$" name=".+" />
 
 
-	<rule from="^http://kickstarter\.com/"
-		to="https://www.kickstarter.com/"/>
-
-	<rule from="^http://www\.kickstarter\.com/(fonts/|login|signup|projects/[\w-]+/[\w-]+/widget/)"
-		to="https://www.kickstarter.com/$1"/>
-
-	<rule from="^http://api\.kickstarter\.com/"
-		to="https://api.kickstarter.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Kicktraq.xml b/src/chrome/content/rules/Kicktraq.xml
deleted file mode 100644
index 0ff42b5b67fd..000000000000
--- a/src/chrome/content/rules/Kicktraq.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Kicktraq">
-
-	<target host="kicktraq.com" />
-	<target host="www.kicktraq.com" />
-
-
-	<securecookie host="^www\.kicktraq\.com$" name=".*" />
-
-
-	<rule from="^http://(www\.)?kicktraq\.com/"
-		to="https://$1kicktraq.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/KidsHealth.xml b/src/chrome/content/rules/KidsHealth.xml
index 5f3b9c515e35..9c56f92b54b8 100644
--- a/src/chrome/content/rules/KidsHealth.xml
+++ b/src/chrome/content/rules/KidsHealth.xml
@@ -1,4 +1,15 @@
-<ruleset name="KidsHealth/TeensHealth">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://kidshealth.org/ => https://secure02.kidshealth.org/: (6, 'Could not resolve host: secure02.kidshealth.org')
+Fetch error: http://secure02.kidshealth.org/ => https://secure02.kidshealth.org/: (6, 'Could not resolve host: secure02.kidshealth.org')
+Fetch error: http://websrv01.kidshealth.org/ => https://websrv01.kidshealth.org/: (6, 'Could not resolve host: websrv01.kidshealth.org')
+Fetch error: http://www.kidshealth.org/ => https://secure02.kidshealth.org/: (6, 'Could not resolve host: secure02.kidshealth.org')
+Fetch error: http://teenshealth.org/ => https://secure02.kidshealth.org/teen/: (6, 'Could not resolve host: secure02.kidshealth.org')
+Fetch error: http://www.teenshealth.org/ => https://secure02.kidshealth.org/teen/: (6, 'Could not resolve host: secure02.kidshealth.org')
+
+-->
+<ruleset name="KidsHealth/TeensHealth" default_off="failed ruleset test">
 	<target host="kidshealth.org" />
 	<target host="secure02.kidshealth.org" />
 	<target host="websrv01.kidshealth.org" />
@@ -6,10 +17,10 @@
 	<target host="teenshealth.org" />
 	<target host="www.teenshealth.org" />
 
-	<securecookie host="^(secure02|websrv01)\.kidshealth\.org$" name=".+" />
+	<securecookie host="^(?:secure02|websrv01)\.kidshealth\.org$" name=".+" />
 
 	<rule from="^http://(secure02|websrv01)\.kidshealth\.org/" to="https://$1.kidshealth.org/" />
-	<rule from="^http://(www\.)?kidshealth\.org/" to="https://secure02.kidshealth.org/" />
-	<rule from="^http://(www\.)?teenshealth\.org/?$" to="https://secure02.kidshealth.org/teen/" />
+	<rule from="^http://(?:www\.)?kidshealth\.org/" to="https://secure02.kidshealth.org/" />
+	<rule from="^http://(?:www\.)?teenshealth\.org/?$" to="https://secure02.kidshealth.org/teen/" />
 	<rule from="^http://(www\.)?teenshealth\.org/([^?]+)" to="https://secure02.kidshealth.org/$2" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Kids_Foot_Locker.xml b/src/chrome/content/rules/Kids_Foot_Locker.xml
index de1f30ba82ae..dbdac5ac8047 100644
--- a/src/chrome/content/rules/Kids_Foot_Locker.xml
+++ b/src/chrome/content/rules/Kids_Foot_Locker.xml
@@ -18,17 +18,16 @@
 <ruleset name="Kids Foot Locker">
 
 	<target host="kidsfootlocker.com" />
-	<target host="*.kidsfootlocker.com" />
-	<target host="*.www.kidsfootlocker.com" />
+	<target host="www.kidsfootlocker.com" />
+	<target host="m.kidsfootlocker.com" />
 
 
 	<securecookie host="^.*\.kidsfootlocker\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?kidsfootlocker\.com/"
+	<rule from="^http://(?:www\.)?kidsfootlocker\.com/"
 		to="https://www.kidsfootlocker.com/" />
 
-	<rule from="^http://m\.kidsfootlocker\.com/"
-		to="https://m.kidsfootlocker.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Kijiji.ca.xml b/src/chrome/content/rules/Kijiji.ca.xml
new file mode 100644
index 000000000000..fe97d775da57
--- /dev/null
+++ b/src/chrome/content/rules/Kijiji.ca.xml
@@ -0,0 +1,57 @@
+
+<!--
+The following targets have been disabled at 2020-04-17 18:38:06:
+
+Fetch error: http://marketing.kijiji.ca/ => https://marketing.kijiji.ca/: (60, 'SSL certificate problem: certificate has expired')
+
+	Other Kijiji rulesets:
+		- Kijiji.it.xml
+
+
+	Non-functional subdomains:
+		- autodiscover	(r)
+		- es	(t)
+		- forum	(r)
+		- ham	(t)
+		- kijijity	(s)
+		- kijinaute	(s)
+		- m	(t)
+		- manage	(t)
+		- mingleprivate	(t)
+		- mobile-api	(r)
+		- newfoundland	(t)
+		- rtsriak	(t)
+		- secondhandeconomy	(t)
+		- send-api	(t)
+		- tech		(m)
+		- tnsapi	(t)
+		- user-behaviour-service	(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Kijiji.ca">
+
+	<target host="kijiji.ca" />
+	<target host="www.kijiji.ca" />
+	<target host="admarkt.kijiji.ca" />
+	<target host="aide.kijiji.ca" />
+	<target host="cas.kijiji.ca" />
+	<target host="grid.kijiji.ca" />
+	<target host="help.kijiji.ca" />
+	<target host="info.kijiji.ca" />
+	<target host="kit.kijiji.ca" />
+	<target host="re.kit.kijiji.ca" />
+	<!-- target host="marketing.kijiji.ca" /-->
+	<target host="mingle.kijiji.ca" />
+	<target host="pint.kijiji.ca" />
+	<target host="tmx.kijiji.ca" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Kijiji.it.xml b/src/chrome/content/rules/Kijiji.it.xml
new file mode 100644
index 000000000000..513290e7c46b
--- /dev/null
+++ b/src/chrome/content/rules/Kijiji.it.xml
@@ -0,0 +1,42 @@
+<!--
+	For other Kijiji coverage, see Kijiji.ca.xml
+
+
+	Non-functional subdomains:
+		- flipper	(HTTP error 401)
+		- img		(r)
+		- incontri	(r)
+		- info		(t)
+		- preview	(t)
+		- preview.widget	(t)
+		- supporto	(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+
+	Host has wildcard DNS
+-->
+<ruleset name="Kijiji.it">
+
+	<target host="kijiji.it" />
+	<target host="www.kijiji.it" />
+	<target host="abc.kijiji.it" />
+	<target host="blog.kijiji.it" />
+	<target host="business.kijiji.it" />
+	<target host="expo2015.kijiji.it" />
+	<target host="mktg.kijiji.it" />
+	<target host="rest.motors.kijiji.it" />
+	<target host="newsletter.kijiji.it" />
+	<target host="papi.kijiji.it" />
+	<target host="rest.kijiji.it" />
+	<target host="voltron.kijiji.it" />
+	<target host="widget.kijiji.it" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Kikatek.xml b/src/chrome/content/rules/Kikatek.xml
index dda9cb423d63..396ebffdad5d 100644
--- a/src/chrome/content/rules/Kikatek.xml
+++ b/src/chrome/content/rules/Kikatek.xml
@@ -1,14 +1,25 @@
-<ruleset name="Kikatek">
+<!--
+	Insecure cookies are set for these domains:
+
+		- .kikatek.com ᶜ
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Kikatek.com">
 
 	<target host="kikatek.com" />
-	<target host="*.kikatek.com" />
+	<target host="www.kikatek.com" />
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.kikatek\.com$" name="^osCsid$" /-->
 
-	<securecookie host="^.*\.kikatek\.com$" name=".*" />
+	<securecookie host=".+" name=".+" />
 
 
-	<!--	// & www redirect to http	-->
-	<rule from="^https?://(?:(?:secure|www)\.)?kikatek\.com/"
-		to="https://secure.kikatek.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/KildareStreet.com.xml b/src/chrome/content/rules/KildareStreet.com.xml
new file mode 100644
index 000000000000..6a398b5a7e2f
--- /dev/null
+++ b/src/chrome/content/rules/KildareStreet.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="KildareStreet.com">
+
+	<target host="kildarestreet.com" />
+	<target host="www.kildarestreet.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Kill_Screen.com.xml b/src/chrome/content/rules/Kill_Screen.com.xml
new file mode 100644
index 000000000000..37038828b135
--- /dev/null
+++ b/src/chrome/content/rules/Kill_Screen.com.xml
@@ -0,0 +1,15 @@
+<ruleset name="Kill Screen.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="killscreen.com" />
+	<target host="www.killscreen.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Kilometrikisa.fi.xml b/src/chrome/content/rules/Kilometrikisa.fi.xml
new file mode 100644
index 000000000000..6aea221cd6ab
--- /dev/null
+++ b/src/chrome/content/rules/Kilometrikisa.fi.xml
@@ -0,0 +1,6 @@
+<ruleset name="Kilometrikisa.fi">
+  <target host="kilometrikisa.fi" />
+  <target host="www.kilometrikisa.fi" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Kimberly-Clark.xml b/src/chrome/content/rules/Kimberly-Clark.xml
deleted file mode 100644
index 06b1ee44c09b..000000000000
--- a/src/chrome/content/rules/Kimberly-Clark.xml
+++ /dev/null
@@ -1,36 +0,0 @@
-<!--
-	Other Kimberly-Clark rulesets:
-
-		- Huggies_Australia.xml
-
-
-	Nonfunctional domains:
-
-		- (www.)cms.kimberly-clark.com
-		- investor.kimberly-clark.com
-
-
-	Problematic domains:
-
-		- kimberly-clark.com
-		- kimberly-clark.com.au *
-		- kimberly-clark.com.cn *
-
-	* Mismatched, CN: www.kcprofessional.co.in
-
--->
-<ruleset name="Kimberly-Clark (partial)">
-
-	<target host="kimberly-clark.com" />
-	<target host="www.kimberly-clark.com" />
-	<target host="kimberly-clark.com.*" />
-	<target host="www.kimberly-clark.com.*" />
-
-
-	<securecookie host="^www\.kimberly-clark\.com(?:\.au|\.cn)?$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?kimberly-clark\.com(\.au|\.cn)?/"
-		to="https://www.kimberly-clark.com$1/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Kimono_Labs.com.xml b/src/chrome/content/rules/Kimono_Labs.com.xml
new file mode 100644
index 000000000000..b682671154c2
--- /dev/null
+++ b/src/chrome/content/rules/Kimono_Labs.com.xml
@@ -0,0 +1,35 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://kimonolabs.com/ => https://kimonolabs.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.kimonolabs.com/ => https://www.kimonolabs.com/: (60, 'SSL certificate problem: certificate has expired')
+
+	Fully covered hosts:
+
+		- (www.)?
+
+
+	Insecure cookies are set for these
+
+		- .kimonolabs.com
+
+-->
+<ruleset name="Kimono Labs.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="kimonolabs.com" />
+	<target host="www.kimonolabs.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.kimonolabs\.com$" name="^connect\.sid$" /-->
+
+	<securecookie host="^\.kimonolabs\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Kimpluscraig.com.xml b/src/chrome/content/rules/Kimpluscraig.com.xml
index 07f3bfa9f89a..c429795b8b2f 100644
--- a/src/chrome/content/rules/Kimpluscraig.com.xml
+++ b/src/chrome/content/rules/Kimpluscraig.com.xml
@@ -1,13 +1,12 @@
 <ruleset name="kimpluscraig.com">
 
 	<target host="kimpluscraig.com" />
-	<target host="*.kimpluscraig.com" />
+	<target host="www.kimpluscraig.com" />
 
 
 	<securecookie host="^\.kimpluscraig\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?kimpluscraig\.com/"
-		to="https://$1kimpluscraig.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Kimsufi.com.xml b/src/chrome/content/rules/Kimsufi.com.xml
new file mode 100644
index 000000000000..27a2d0df7177
--- /dev/null
+++ b/src/chrome/content/rules/Kimsufi.com.xml
@@ -0,0 +1,34 @@
+<!--
+	For other OVH Group coverage, see Ovh.xml.
+
+
+	Insecure cookies are set for these hosts:
+
+		- kimsufi.com
+		- forum.kimsufi.com
+		- www.kimsufi.com
+
+-->
+<ruleset name="Kimsufi.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="kimsufi.com" />
+	<target host="eu.api.kimsufi.com" />
+	<target host="forum.kimsufi.com" />
+	<target host="www.kimsufi.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?kimsufi\.com$" name="^slb$" /-->
+	<!--securecookie host="^forum\.kimsufi\.com$" name="^(?:720planBAK|720planD|ovh\w+_sessionhash)$" /-->
+	<!--securecookie host="^www\.kimsufi\.com$" name="^OVHCDN$" /-->
+
+	<securecookie host="(?:^|\.)kimsufi\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Kindful.com.xml b/src/chrome/content/rules/Kindful.com.xml
new file mode 100644
index 000000000000..b0736ba8a6a4
--- /dev/null
+++ b/src/chrome/content/rules/Kindful.com.xml
@@ -0,0 +1,21 @@
+<!--
+	Problematic hosts in *kindful.com:
+
+		- blog ᴬ
+		- info ᴬ
+
+	ᴬ Akamai/mismatched
+
+-->
+<ruleset name="Kindful.com (partial)">
+
+	<target host="cs.kindful.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Kinesis-Ergo.com.xml b/src/chrome/content/rules/Kinesis-Ergo.com.xml
new file mode 100644
index 000000000000..327879b5edc1
--- /dev/null
+++ b/src/chrome/content/rules/Kinesis-Ergo.com.xml
@@ -0,0 +1,17 @@
+<!--
+	Mixed content:
+
+		- Web bug from alaskaoregonwesternwashington.bbb.org *
+
+	* Secured by us
+
+-->
+<ruleset name="Kinesis-Ergo.com">
+
+	<target host="kinesis-ergo.com" />
+	<target host="www.kinesis-ergo.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Kinfolk.com.xml b/src/chrome/content/rules/Kinfolk.com.xml
new file mode 100644
index 000000000000..66293ae1039b
--- /dev/null
+++ b/src/chrome/content/rules/Kinfolk.com.xml
@@ -0,0 +1,11 @@
+<ruleset name="Kinfolk.com">
+
+	<target host="kinfolk.com" />
+	<target host="www.kinfolk.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/King.com.xml b/src/chrome/content/rules/King.com.xml
index 1061abe83ba3..6e0e2537c989 100644
--- a/src/chrome/content/rules/King.com.xml
+++ b/src/chrome/content/rules/King.com.xml
@@ -25,7 +25,7 @@
 	<rule from="^http://(adtrack\.|www\.)?king\.com/"
 		to="https://$1king.com/" />
 
-	<rule from="^https?://i\d\.midasplayer\.com/"
+	<rule from="^http://i\d\.midasplayer\.com/"
 		to="https://king.pantherssl.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/KingHost.xml b/src/chrome/content/rules/KingHost.xml
index bfbaf1b7b7fa..8972f5181dac 100644
--- a/src/chrome/content/rules/KingHost.xml
+++ b/src/chrome/content/rules/KingHost.xml
@@ -1,4 +1,6 @@
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://kinghost.com.br/ => https://kinghost.com.br/: Cycle detected - URL already encountered: https://www.kinghost.com.br/
 	Nonfunctional domains:
 
 		- blog.kinghost.com.br		(shows live, CN: *.kinghost.net)
@@ -37,7 +39,7 @@
 	<rule from="^http://(live|painel2?|web\d{3}|webftp|webmail)\.kinghost\.net/"
 		to="https://$1.kinghost.net/" />
 
-	<rule from="^https?://live\.kinghost\.(?:com\.br|net)/"
+	<rule from="^http://live\.kinghost\.(?:com\.br|net)/"
 		to="https://live.kinghost.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Kings-College-London.xml b/src/chrome/content/rules/Kings-College-London.xml
index 57c9c917eb8b..e7b6f592c708 100644
--- a/src/chrome/content/rules/Kings-College-London.xml
+++ b/src/chrome/content/rules/Kings-College-London.xml
@@ -1,13 +1,22 @@
-<ruleset name="King's College London (partial)">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://kcl.ac.uk/ => https://kcl.ac.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'kcl.ac.uk'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://kcl.ac.uk/ => https://kcl.ac.uk/: (28, 'Operation timed out after 0 milliseconds with 0 out of 0 bytes received')
+-->
+<ruleset name="King's College London (partial)" default_off="failed ruleset test">
 
 	<target host="kcl.ac.uk" />
-	<target host="*.kcl.ac.uk" />
+	<target host="alumni.kcl.ac.uk" />
+	<target host="onespace.kcl.ac.uk" />
+	<target host="www.kcl.ac.uk" />
 
 
-	<securecookie host="^\w.*\.kcl\.ac\.uk$" name=".*" />
+	<securecookie host="^\w.*\.kcl\.ac\.uk$" name=".+" />
 
 
-	<rule from="^http://(alumni\.|onespace\.|www\.)?kcl\.ac\.uk/"
-		to="https://$1kcl.ac.uk/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Kings_Road_Merch.xml b/src/chrome/content/rules/Kings_Road_Merch.xml
index 44b9361e8eba..1d54bcb67020 100644
--- a/src/chrome/content/rules/Kings_Road_Merch.xml
+++ b/src/chrome/content/rules/Kings_Road_Merch.xml
@@ -7,7 +7,8 @@
 <ruleset name="Kings Road Merch">
 
 	<target host="kingsroadmerch.com" />
-	<target host="*.kingsroadmerch.com" />
+	<target host="secure.kingsroadmerch.com" />
+	<target host="www.kingsroadmerch.com" />
 
 
 	<securecookie host="^(?:secure)?\.kingsroadmerch\.com$" name=".+" />
@@ -16,4 +17,4 @@
 	<rule from="^http://(?:secure\.|www\.)?kingsroadmerch\.com/"
 		to="https://secure.kingsroadmerch.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Kingston.com.xml b/src/chrome/content/rules/Kingston.com.xml
new file mode 100644
index 000000000000..40e5347282fa
--- /dev/null
+++ b/src/chrome/content/rules/Kingston.com.xml
@@ -0,0 +1,61 @@
+<!--
+	CDN buckets:
+
+		- media.kingston.com.edgesuite.net
+
+			- a1949.r.akamai.net
+
+		- www.kingston.com.edgesuite.net
+
+
+	Nonfunctional subdomains:
+
+		- ^ ¹
+		- www ²
+
+	¹ Dropped
+	² 504, akamai
+
+
+	Problematic subdomains:
+
+		- media *
+
+	* Works, akamai
+
+
+	Fully covered subdomains:
+
+		- media		(→ akamai)
+		- legacy
+		- shop
+
+
+	Observed cookie domains:
+
+		- legacy ¹
+		- shop ²
+
+	¹ Secured by us <= not secured by server
+	² Secured by server
+
+-->
+<ruleset name="Kingston.com (partial)">
+
+	<target host="legacy.kingston.com" />
+	<target host="shop.kingston.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<securecookie host="^legacy\.kingston\.com$" name=".+" />
+	<!--
+		Secured by server:
+					-->
+	<!--securecookie host="^shop\.kingston\.com$" name=".+" /-->
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Kinguin.net.xml b/src/chrome/content/rules/Kinguin.net.xml
new file mode 100644
index 000000000000..89008ec925b5
--- /dev/null
+++ b/src/chrome/content/rules/Kinguin.net.xml
@@ -0,0 +1,15 @@
+<!--
+Mismatch:
+https://ladypopular.kinguin.net/
+https://khanwars.kinguin.net/
+
+Timeout:
+https://team.kinguin.net
+-->
+
+<ruleset name="Kinguin.net">
+  <target host="kinguin.net" />
+  <target host="www.kinguin.net" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Kinja-img.com.xml b/src/chrome/content/rules/Kinja-img.com.xml
new file mode 100644
index 000000000000..f535b38f68ab
--- /dev/null
+++ b/src/chrome/content/rules/Kinja-img.com.xml
@@ -0,0 +1,15 @@
+<!--
+	For other Gawker coverage, see Gawker.xml.
+
+-->
+<ruleset name="Kinja-img.com">
+
+	<target host="i.kinja-img.com" />
+
+		<test url="http://i.kinja-img.com/gawker-media/image/upload/s--eWHXiDJ5--/c_fit,fl_progressive,h_64,q_80/19gprfzwjxj20png.png" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Kinja-problematic.xml b/src/chrome/content/rules/Kinja-problematic.xml
deleted file mode 100644
index 6b22516a7e75..000000000000
--- a/src/chrome/content/rules/Kinja-problematic.xml
+++ /dev/null
@@ -1,27 +0,0 @@
-<!--
-	For rules that are on by default, see Kinja.xml.
-
--->
-<ruleset name="Kinja (problematic)" default_off="mismatched">
-
-	<target host="kinja.com" />
-	<target host="*.kinja.com" />
-
-
-	<securecookie host="^\.?kinja\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?kinja\.com/"
-		to="https://kinja.com/" />
-
-	<!--	Redirects like so:
-					-->
-	<rule from="^http://gawker\.kinja\.com/"
-		to="https://gawker.com/" />
-
-	<!--	Per-author subdomains:
-					-->
-	<rule from="^http://([\w-]+)\.kinja\.com/"
-		to="https://$1.kinja.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Kinja-static.com.xml b/src/chrome/content/rules/Kinja-static.com.xml
new file mode 100644
index 000000000000..3424d828d7ea
--- /dev/null
+++ b/src/chrome/content/rules/Kinja-static.com.xml
@@ -0,0 +1,17 @@
+<!--
+	For other Gawker coverage, see Gawker.xml.
+
+-->
+<ruleset name="Kinja-static.com">
+
+	<target host="c.kinja-static.com" />
+	<target host="m.kinja-static.com" />
+	<target host="x.kinja-static.com" />
+
+		<test url="http://x.kinja-static.com/assets/images/commerce-pop.svg" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Kinja.xml b/src/chrome/content/rules/Kinja.xml
deleted file mode 100644
index 54813ea95f41..000000000000
--- a/src/chrome/content/rules/Kinja.xml
+++ /dev/null
@@ -1,41 +0,0 @@
-<!--
-	For problematic rules, see Kinja-problematic.xml.
-
-	For other Gawker coverage, see Gawker.xml.
-
-
-	CDN buckets:
-
-		- a.prod.fastly.net
-
-			- api
-			- front
-			- gawker
-			- legal
-			- neetzanz
-			- www
-
-
-	Problematic subdomains:
-
-		- (www.) *
-		- front *
-		- gawker *
-		- legal
-		- neetzanz *
-
-	* Works, mismatched, CN: *.a.ssl.fastly.net
-
-
-	api sets KinjaToken wildcard cookie on whichever domain it is loaded from.
-
--->
-<ruleset name="Kinja (partial)">
-
-	<target host="api.kinja.com" />
-
-
-	<rule from="^http://api\.kinja\.com/"
-		to="https://api.kinja.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/KinkLink.me.xml b/src/chrome/content/rules/KinkLink.me.xml
new file mode 100644
index 000000000000..545e2a19ce15
--- /dev/null
+++ b/src/chrome/content/rules/KinkLink.me.xml
@@ -0,0 +1,19 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://kinklink.me/ => https://kinklink.me/: (51, "SSL: no alternative certificate subject name matches target host name 'kinklink.me'")
+Fetch error: http://www.kinklink.me/ => https://www.kinklink.me/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://kinklink.me/ => https://kinklink.me/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.kinklink.me/ => https://www.kinklink.me/: (60, 'SSL certificate problem: certificate has expired')
+-->
+<ruleset name="KinkLink.me" default_off="failed ruleset test">
+
+	<target host="kinklink.me" />
+	<target host="www.kinklink.me" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Kink_On_Tap.com.xml b/src/chrome/content/rules/Kink_On_Tap.com.xml
new file mode 100644
index 000000000000..27b3c4c4eadd
--- /dev/null
+++ b/src/chrome/content/rules/Kink_On_Tap.com.xml
@@ -0,0 +1,32 @@
+<!--
+	Nonfunctional hosts in *kinkontap.com:
+
+		- live ¹
+		- wiki ²
+
+	¹ Refused
+	² "Site Not Found"
+
+
+	Insecure cookies are set for these domains:
+
+		- .kinkontap.com
+
+-->
+<ruleset name="Kink On Tap.com (partial)">
+
+	<target host="kinkontap.com" />
+	<target host="www.kinkontap.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.kinkontap\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Kinko.me.xml b/src/chrome/content/rules/Kinko.me.xml
new file mode 100644
index 000000000000..49da1a6135be
--- /dev/null
+++ b/src/chrome/content/rules/Kinko.me.xml
@@ -0,0 +1,25 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://kinko.me/ => https://kinko.me/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.kinko.me/ => https://www.kinko.me/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://kinko.me/ => https://kinko.me/: (60, 'SSL certificate problem: certificate has expired')
+-->
+<ruleset name="Kinko.me" default_off="failed ruleset test">
+
+	<target host="kinko.me" />
+	<target host="www.kinko.me" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.kinko\.me$" name="^lang$" /-->
+
+	<securecookie host="^(?:www)?\.kinko\.me$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Kinotehnik.xml b/src/chrome/content/rules/Kinotehnik.xml
index 474290d47af7..af2b904562d6 100644
--- a/src/chrome/content/rules/Kinotehnik.xml
+++ b/src/chrome/content/rules/Kinotehnik.xml
@@ -4,11 +4,10 @@
 	<target host="www.kinotehnik.com" />
 
 
-	<securecookie host="^www\.kinotehnik\.com$" name=".*" />
+	<securecookie host="^www\.kinotehnik\.com$" name=".+" />
 
 
 	<!--	Cert only matches www.	-->
-	<rule from="^https?://(?:www\.)?kinotehnik\.com/"
-		to="https://www.kinotehnik.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Kinsta.com.xml b/src/chrome/content/rules/Kinsta.com.xml
new file mode 100644
index 000000000000..6ed6f049899e
--- /dev/null
+++ b/src/chrome/content/rules/Kinsta.com.xml
@@ -0,0 +1,22 @@
+<!--
+	Nonfunctional hosts in *kinsta.com:
+
+		- status *
+
+	* Dropped
+
+-->
+<ruleset name="Kinsta.com (partial)">
+
+	<target host="kinsta.com" />
+	<target host="my.kinsta.com" />
+	<target host="www.kinsta.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Kintera-Network.xml b/src/chrome/content/rules/Kintera-Network.xml
deleted file mode 100644
index 3e50129f2917..000000000000
--- a/src/chrome/content/rules/Kintera-Network.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<ruleset name="Kintera Network">
-	<target host="kintera.org" />
-	<target host="*.kintera.org" />
-	<target host="www.*.kintera.org" />
-	<target host="kintera.com" />
-	<target host="www.kintera.com" />
-
-	<rule from="^(http://(www\.)?|https://)kintera\.org/" to="https://www.kintera.org/" />
-	<rule from="^http://([-a-zA-Z0-9_]+\.)?([-a-zA-Z0-9_]+)\.kintera\.org/([^/]+/[^/]){1}" to="https://www.kintera.org/$3" />
-	<rule from="^(http://(www\.)?|https://)kintera\.com/" to="https://www.kintera.com/" />
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Kipoint.it.xml b/src/chrome/content/rules/Kipoint.it.xml
new file mode 100644
index 000000000000..e7c63098b329
--- /dev/null
+++ b/src/chrome/content/rules/Kipoint.it.xml
@@ -0,0 +1,23 @@
+<!--
+	For other Poste Italiane coverage, see Poste.it.xml.
+
+
+	These altnames don't exist:
+
+		- kipoint.it
+
+-->
+<ruleset name="Kipoint.it">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.kipoint.it" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Kirei.se.xml b/src/chrome/content/rules/Kirei.se.xml
deleted file mode 100644
index f2177045278a..000000000000
--- a/src/chrome/content/rules/Kirei.se.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="kirei.se">
-
-	<target host="kirei.se" />
-	<target host="*.kirei.se" />
-
-
-	<securecookie host="^\.www\.kirei\.se$" name=".+" />
-
-
-	<rule from="^http://(www\.)?kirei\.se/"
-		to="https://$1kirei.se/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Kirjoitusalusta.xml b/src/chrome/content/rules/Kirjoitusalusta.xml
index 0c52083a3f15..46e981098d3f 100644
--- a/src/chrome/content/rules/Kirjoitusalusta.xml
+++ b/src/chrome/content/rules/Kirjoitusalusta.xml
@@ -4,10 +4,14 @@
 	<target host="*.kirjoitusalusta.fi" />
 
 
-	<securecookie host="^(?:.*\.)?kirjoitusalusta\.fi" name=".*" />
+	<test url="http://www.kirjoitusalusta.fi/" />
+	<test url="http://www.kirjoitusalusta.fi/static/rekisteriseloste.html" />
 
 
-	<rule from="^http://([^/:@]+\.)?kirjoitusalusta\.fi/"
-		to="https://$1kirjoitusalusta.fi/" />
+	<securecookie host=".+" name=".+"/>
+
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Kirklees.gov.uk.xml b/src/chrome/content/rules/Kirklees.gov.uk.xml
new file mode 100644
index 000000000000..872c41f1b045
--- /dev/null
+++ b/src/chrome/content/rules/Kirklees.gov.uk.xml
@@ -0,0 +1,110 @@
+<!--
+	Kirklees Metropolitan Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *kirklees.gov.uk:
+
+		- www.buildingservices ᵈ
+		- businesssolutions ᵇ
+		- ebooks ⁴
+		- map ᵈ
+		- noticeyourstreet ᵇ
+		- socialmedia ᵇ
+
+	⁴ 404
+	ᵇ Shows default page
+	ᵈ Dropped
+
+
+	Problematic hosts in *kirklees.gov.uk:
+
+		- consult ᵐ
+		- knh ᵐ ˢ
+		- observatory ᵐ
+
+	ᵐ Mismatched
+	ˢ Self-signed
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- kirklees.gov.uk
+		- communitydirectory.kirklees.gov.uk
+		- consult.kirklees.gov.uk
+		- democracy.kirklees.gov.uk
+		- earlyyears.kirklees.gov.uk
+		- jobs.kirklees.gov.uk
+		- kalbookings.kirklees.gov.uk
+		- observatory.kirklees.gov.uk
+		- parking.kirklees.gov.uk
+		- parkingpermits.kirklees.gov.uk
+		- schoolapplications.kirklees.gov.uk
+		- tickets.kirklees.gov.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- (www.)? from www.kirklees.gov.uk ˢ
+			- observatory from observatory.bradford.gov.uk ᵐ
+			- observatory from observatory.calderdale.gov.uk ᵐ
+			- observatory from $self ᵐ
+			- observatory from observatory.leeds.gov.uk ˢ
+			- observatory from observatory.wakefield.gov.uk
+
+	ᵐ Not secured by us <= mismatched
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Kirklees.gov.uk (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="kirklees.gov.uk" />
+	<target host="communitydirectory.kirklees.gov.uk" />
+	<target host="customerservice.kirklees.gov.uk" />
+	<target host="democracy.kirklees.gov.uk" />
+	<target host="earlyyears.kirklees.gov.uk" />
+	<target host="enrol.kirklees.gov.uk" />
+	<target host="jobs.kirklees.gov.uk" />
+	<target host="kalbookings.kirklees.gov.uk" />
+	<target host="licensing.kirklees.gov.uk" />
+	<target host="parking.kirklees.gov.uk" />
+	<target host="parkingpermits.kirklees.gov.uk" />
+	<target host="schoolapplications.kirklees.gov.uk" />
+	<target host="sst.kirklees.gov.uk" />
+	<target host="static.kirklees.gov.uk" />
+	<target host="tickets.kirklees.gov.uk" />
+	<target host="www.kirklees.gov.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="consult.kirklees.gov.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:(?:communitydirectory|democracy|kalbookings|schoolapplications)\.)?kirklees\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^consult\.kirklees\.gov\.uk$" name="^(?:JSESSION|Server)ID$" /-->
+	<!--securecookie host="^earlyyears\.kirklees\.gov\.uk$" name="^(?:ASP\.NET_SessionId|PE(?:Language|Test)Cookie)$" /-->
+	<!--securecookie host="^jobs\.kirklees\.gov\.uk$" name="^(?:ASP\.NET_SessionId|HighContrast)$" /-->
+	<!--securecookie host="^observatory\.kirklees\.gov\.uk$" name="^(?:ASP\.NET_SessionId|ias\.Locale|ias\.PreferredItemCount)$" /-->
+	<!--securecookie host="^parking(?:permits)?\.kirklees\.gov\.uk$" name="^ASPSESSIONID[A-Z]{8}$" /-->
+	<!--securecookie host="^tickets\.kirklees\.gov\.uk$" name="^(?:ASP\.NET_SessionId|af|gid)$" /-->
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://consult\.kirklees\.gov\.uk/"
+		to="https://kirklees-consult.objective.co.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Kirkus_Reviews.com.xml b/src/chrome/content/rules/Kirkus_Reviews.com.xml
new file mode 100644
index 000000000000..8b7647a2b9f5
--- /dev/null
+++ b/src/chrome/content/rules/Kirkus_Reviews.com.xml
@@ -0,0 +1,47 @@
+<!--
+	CDN buckets:
+
+		- s3.amazonaws.com/com.kirkusreviews.www.static/
+		- d1ldy8a769gy68.cloudfront.net
+		- d3eoifnsb8kxf0.cloudfront.net
+		- d3myrwj42s63no.cloudfront.net
+
+
+	^kirkusreviews.com: Dropped
+
+
+	STS header includes includeSubDomains
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.kirkusreviews.com
+
+-->
+<ruleset name="Kirkus Reviews.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="*.kirkusreviews.com" />
+
+	<!--	Complications:
+				-->
+	<target host="kirkusreviews.com" />
+
+		<test url="http://www.kirkusreviews.com/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.kirkusreviews\.com$" name="^csrftoken$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://kirkusreviews\.com/"
+		to="https://www.kirkusreviews.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Kirsle.net.xml b/src/chrome/content/rules/Kirsle.net.xml
new file mode 100644
index 000000000000..07cff0b8c80b
--- /dev/null
+++ b/src/chrome/content/rules/Kirsle.net.xml
@@ -0,0 +1,17 @@
+<ruleset name="Kirsle.net">
+
+	<target host="kirsle.net" />
+	<target host="www.kirsle.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?kirsle\.net$" name="^session$" /-->
+
+	<securecookie host="^(?:www\.)?kirsle\.net$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Kismetwireless.net.xml b/src/chrome/content/rules/Kismetwireless.net.xml
index d570a8c6f1ac..14b0a64475a6 100644
--- a/src/chrome/content/rules/Kismetwireless.net.xml
+++ b/src/chrome/content/rules/Kismetwireless.net.xml
@@ -1,5 +1,5 @@
 <ruleset name="Kismetwireless.net">
 	<target host="kismetwireless.net" />
 	<target host="www.kismetwireless.net" />
-	<rule from="^http://(?:www\.)?kismetwireless\.net/" to="https://kismetwireless.net/"/>
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/KissAnime.to.xml b/src/chrome/content/rules/KissAnime.to.xml
new file mode 100644
index 000000000000..ef1e6d7eedf9
--- /dev/null
+++ b/src/chrome/content/rules/KissAnime.to.xml
@@ -0,0 +1,39 @@
+<!--
+	NB: Tor users cannot view* this website due to CloudFlare settings.
+
+	See:
+
+		- https://blog.torproject.org/blog/call-arms-helping-internet-services-accept-anonymous-users
+		- https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block-Tor-
+		- https://support.cloudflare.com/hc/en-us/articles/200170206-How-do-I-turn-I-m-Under-Attack-mode-on-
+
+	* without enabling javascript, for security and privacy implications see e.g.:
+
+		- https://www.mozilla.org/security/known-vulnerabilities/firefox.html
+		- https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-fingerprinting
+		- https://panopticlick.eff.org
+
+
+	Insecure cookies are set for these domains:
+
+		- .kissanime.to
+
+-->
+<ruleset name="KissAnime.to" default_off="http redirect">
+
+	<target host="kissanime.to" />
+	<target host="www.kissanime.to" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.kissanime\.to$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/KissKissBankBank.com.xml b/src/chrome/content/rules/KissKissBankBank.com.xml
new file mode 100644
index 000000000000..344ef187671c
--- /dev/null
+++ b/src/chrome/content/rules/KissKissBankBank.com.xml
@@ -0,0 +1,20 @@
+<!--
+	Unable to Connect:
+		kisskissbankbank.com
+-->
+<ruleset name="KissKissBankBank.com">
+	<target host="kisskissbankbank.com" />
+	<target host="www.kisskissbankbank.com" />
+	<target host="blog.kisskissbankbank.com" />
+	<target host="contact.kisskissbankbank.com" />
+	<target host="crowd.kisskissbankbank.com" />
+	<target host="lafabrique.kisskissbankbank.com" />
+	<target host="styleguide.kisskissbankbank.com" />
+	<target host="welcome.kisskissbankbank.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://kisskissbankbank\.com/" to="https://www.kisskissbankbank.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Kitapyurdu.xml b/src/chrome/content/rules/Kitapyurdu.xml
index 068e483639bc..da7491cab5a9 100644
--- a/src/chrome/content/rules/Kitapyurdu.xml
+++ b/src/chrome/content/rules/Kitapyurdu.xml
@@ -1,8 +1,18 @@
-<ruleset name="Kitapyurdu" platform="mixedcontent">
-  <target host="www.kitapyurdu.com" />
-  <target host="kitapyurdu.com" />
-
-  <securecookie host="^www\.kitapyurdu\.com$" name=".*" />
-
-  <rule from="^http://(www\.)?kitapyurdu\.com/" to="https://www.kitapyurdu.com/" />
-</ruleset>
\ No newline at end of file
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.kitapyurdu.com/ => https://www.kitapyurdu.com/: Too many redirects while fetching 'https://www.kitapyurdu.com/'
+Fetch error: http://kitapyurdu.com/ => https://www.kitapyurdu.com/: Too many redirects while fetching 'https://www.kitapyurdu.com/'
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.kitapyurdu.com/ => https://www.kitapyurdu.com/: (28, 'Operation timed out after 0 milliseconds with 0 out of 0 bytes received')
+Fetch error: http://kitapyurdu.com/ => https://www.kitapyurdu.com/: (28, 'Operation timed out after 0 milliseconds with 0 out of 0 bytes received')
+-->
+<ruleset name="Kitapyurdu" platform="mixedcontent" default_off="failed ruleset test">
+  <target host="www.kitapyurdu.com" />
+  <target host="kitapyurdu.com" />
+
+  <securecookie host="^www\.kitapyurdu\.com$" name=".+" />
+
+  <rule from="^http://(?:www\.)?kitapyurdu\.com/" to="https://www.kitapyurdu.com/" />
+</ruleset>
diff --git a/src/chrome/content/rules/Kitchen_Riddles.com.xml b/src/chrome/content/rules/Kitchen_Riddles.com.xml
deleted file mode 100644
index 5d8b89f614d5..000000000000
--- a/src/chrome/content/rules/Kitchen_Riddles.com.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	Problematic subdomains:
-
-		- ^	(cert only matches ^kitchenriddles.com)
-
--->
-<ruleset name="Kitchen Riddles.com">
-
-	<target host="kitchenriddles.com" />
-	<target host="*.kitchenriddles.com" />
-
-
-	<securecookie host="^\.kitchenriddles\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?kitchenriddles\.com/"
-		to="https://kitchenriddles.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Kitematic.com.xml b/src/chrome/content/rules/Kitematic.com.xml
new file mode 100644
index 000000000000..c4dfa5555d15
--- /dev/null
+++ b/src/chrome/content/rules/Kitematic.com.xml
@@ -0,0 +1,35 @@
+<!--
+	For other Docket coverage, see Docker.com.xml.
+
+
+	Nonfunctional hosts in *kitematic.com:
+
+		- blog *
+
+	* Tumblr
+
+
+	Insecure cookies are set for these domains:
+
+		- .kitematic.com
+
+-->
+<ruleset name="Kitematic.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="kitematic.com" />
+	<target host="www.kitematic.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.kitematic\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.kitematic\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Kitenet.net.xml b/src/chrome/content/rules/Kitenet.net.xml
index b68146aa6cef..3b22cd2ced2e 100644
--- a/src/chrome/content/rules/Kitenet.net.xml
+++ b/src/chrome/content/rules/Kitenet.net.xml
@@ -14,7 +14,6 @@
 	<target host="kitenet.net" />
 
 
-	<rule from="^http://kitenet\.net/"
-		to="https://kitenet.net/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Kitsu.io.xml b/src/chrome/content/rules/Kitsu.io.xml
new file mode 100644
index 000000000000..5422b209a708
--- /dev/null
+++ b/src/chrome/content/rules/Kitsu.io.xml
@@ -0,0 +1,12 @@
+<!--
+	Not resolved:
+		- www.kitsu.io
+
+-->
+<ruleset name="Kitsu">
+	<target host="kitsu.io" />
+	<target host="media.kitsu.io" />
+	<target host="staging.kitsu.io" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Kiva.org.xml b/src/chrome/content/rules/Kiva.org.xml
index bde37f5c894f..7da642173f3c 100644
--- a/src/chrome/content/rules/Kiva.org.xml
+++ b/src/chrome/content/rules/Kiva.org.xml
@@ -1,66 +1,40 @@
 <!--
-	CDN buckets:
+	Time out:
+		l3-1.kiva.org
+		l3-2.kiva.org
+		level3cdn.kiva.org
+		media.kiva.org
+		s3.kiva.org
+			<test url="http://s3.kiva.org/snapshots/kiva_ds_json.zip" />
+		s3-1.kiva.org
+		s3-2.kiva.org
 
-		- s3.amazonaws.com/cms.kiva.org/
-		- s3.amazonaws.com/s3.kiva.org/
+	Mixed content:
+		streams.kiva.org
 
-		- level3cdn.kiva.org.c.footprint.net
-
-			- l3-[12]
-			- level3cdn
-
-		- s3.kiva.org.c.footprint.net
-
-			- s3
-			- s3-[12]
-
-
-	Problematic subdomains:
-
-		- l3-[12] *
-		- level3cdn *
-		- mail		(interrupted)
-		- s3 *
-		- s3-[12] *
-
-	* Dropped, footprint.net CDN
-
-
-	Partially covered subdomains:
-
-		- (www.)	(some pages redirect to http)
-
-
-	Fully covered subdomains:
-
-		- l3-[12]	(→ www)
-		- level3cdn	(→ www)
-		- mail		(→ mail.google.com)
-		- pages
-		- s3		(→ s3.amazonaws.com)
-		- s3-[12]	(→ s3.amazonaws.com)
+	Wildcard DNS and certificate.
 
 -->
-<ruleset name="Kiva.org (partial)">
+<ruleset name="Kiva.org">
 
 	<target host="kiva.org" />
-	<target host="*.kiva.org" />
-		<exclusion pattern="^http://(?:www\.)?kiva\.org/(?!ajax/|favicon\.ico|images/|img/|js/|js-lib/|(?:community/teams/my-teams|help/forgot-password|login|oauth/authorize|profile|register)(?:$|\?|/)|rgit\w{40}-\d/)" />
-
-
-	<securecookie host="^\.?pages\.kiva\.org$" name=".+" />
-
-
-	<rule from="^http://(pages\.)?kiva\.org/"
-		to="https://$1kiva.org/" />
-
-	<rule from="^http://(?:l3-[12]|level3cdn|www)\.kiva\.org/"
-		to="https://www.kiva.org/" />
-
-	<rule from="^http://mail\.kiva\.org/"
-		to="https://mail.google.com/a/kiva.org" />
-
-	<rule from="^http://s3(?:-[12])?\.kiva\.org/"
-		to="https://s3.amazonaws.com/s3.kiva.org/" />
-
-</ruleset>
\ No newline at end of file
+	<target host="www.kiva.org" />
+	<target host="api.kiva.org" />
+	<target host="blog.kiva.org" />
+	<target host="build.kiva.org" />
+	<target host="burrow.kiva.org" />
+	<target host="confluences.kiva.org" />
+	<target host="fellowsblog.kiva.org" />
+	<target host="go.kiva.org" />
+	<target host="pages.kiva.org" />
+		<test url="http://pages.kiva.org/misc/feed.png" />
+	<target host="store.kiva.org" />
+	<target host="us.kiva.org" />
+	<target host="zip.kiva.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Kivo.com.xml b/src/chrome/content/rules/Kivo.com.xml
new file mode 100644
index 000000000000..0f3f6f289f4c
--- /dev/null
+++ b/src/chrome/content/rules/Kivo.com.xml
@@ -0,0 +1,16 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://kivo.com/ => https://kivo.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.kivo.com/ => https://www.kivo.com/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="Kivo.com" default_off="failed ruleset test">
+
+	<target host="kivo.com" />
+	<target host="www.kivo.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Kiwi-FM.xml b/src/chrome/content/rules/Kiwi-FM.xml
index 64e0e7709754..59a353e052ce 100644
--- a/src/chrome/content/rules/Kiwi-FM.xml
+++ b/src/chrome/content/rules/Kiwi-FM.xml
@@ -1,9 +1,9 @@
-<ruleset name="Kiwi FM" default_off="mismatch">
+<ruleset name="Kiwi FM" default_off="mismatched">
 
 	<target host="wammo.co.nz"/>
 	<target host="www.wammo.co.nz"/>
 
-	<rule from="^http://(www\.)?wammo\.co\.uk/"
+	<rule from="^http://(?:www\.)?wammo\.co\.uk/"
 		to="https://www.wammo.co.uk/"/>
 
 </ruleset>
diff --git a/src/chrome/content/rules/Kiwicon.org.xml b/src/chrome/content/rules/Kiwicon.org.xml
new file mode 100644
index 000000000000..4e5f3bc1a548
--- /dev/null
+++ b/src/chrome/content/rules/Kiwicon.org.xml
@@ -0,0 +1,9 @@
+<ruleset name="Kiwicon.org">
+
+	<target host="kiwicon.org" />
+	<target host="www.kiwicon.org" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Kiwiirc.com.xml b/src/chrome/content/rules/Kiwiirc.com.xml
index f04feb1b1843..0685f098e9e1 100644
--- a/src/chrome/content/rules/Kiwiirc.com.xml
+++ b/src/chrome/content/rules/Kiwiirc.com.xml
@@ -1,16 +1,32 @@
-<!-- This rule was automatically generated based on an HSTS
-     preload rule in the Chromium browser.  See
-     https://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.h
-     for the list of preloads.  Sites are added to the Chromium HSTS
-     preload list on request from their administrators, so HTTPS should
-     work properly everywhere on this site.
 
-     Because Chromium and derived browsers automatically force HTTPS for
-     every access to this site, this rule applies only to Firefox. -->
-<ruleset name="Kiwiirc.com" platform="firefox">
-<target host="kiwiirc.com" />
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://owa.clients.kiwiirc.com/ => https://owa.clients.kiwiirc.com/: (60, 'SSL certificate problem: certificate has expired')
 
-<securecookie host="^kiwiirc\.com$" name=".+" />
+	Fully covered subdomains:
 
-<rule from="^http://kiwiirc\.com/" to="https://kiwiirc.com/" />
+		- (www.)?
+		- owa.clients
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- kiwiirc.com
+		- .kiwiirc.com
+
+-->
+<ruleset name="KiwiIRC.com" default_off="failed ruleset test">
+	<target host="kiwiirc.com" />
+	<target host="owa.clients.kiwiirc.com" />
+	<target host="www.kiwiirc.com" />
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^kiwiirc\.com$" name="^(laravel_session|session_payload)$" /-->
+	<!--securecookie host="^\.kiwiirc\.com$" name="^(__cfduid|cf_clearance|u)$" /-->
+
+	<securecookie host="^\.?kiwiirc\.com$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Kiwix.org.xml b/src/chrome/content/rules/Kiwix.org.xml
new file mode 100644
index 000000000000..903a4ee133b2
--- /dev/null
+++ b/src/chrome/content/rules/Kiwix.org.xml
@@ -0,0 +1,36 @@
+<!--
+	Connection refused:
+		kiwix.org
+		chat.kiwix.org
+		input.kiwix.org
+
+	Invalid certificate
+		mirror.download.kiwix.org
+		tmp.kiwix.org
+
+	Mixed content blocking:
+		www.kiwix.org
+
+	Time out:
+		android.kiwix.org
+		bugs.kiwix.org
+		code.kiwix.org
+		compile.kiwix.org
+		forum.kiwix.org
+		ios.kiwix.org
+		microblog.kiwix.org
+		reportabug.kiwix.org
+
+-->
+<ruleset name="Kiwix.org">
+	<target host="download.kiwix.org" />
+		<target host="mirror.download.kiwix.org" />
+	<target host="planet.kiwix.org" />
+	<target host="stats.kiwix.org" />
+	<target host="wiki.kiwix.org" />
+
+	<rule from="^http://mirror\.download\.kiwix\.org/"
+		to="https://download.kiwix.org/" />
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/KizlarSoruyor.com.xml b/src/chrome/content/rules/KizlarSoruyor.com.xml
new file mode 100644
index 000000000000..bf3213eb4b98
--- /dev/null
+++ b/src/chrome/content/rules/KizlarSoruyor.com.xml
@@ -0,0 +1,11 @@
+<ruleset name="KızlarSoruyor.com">
+	<target host="kizlarsoruyor.com" />
+	<target host="www.kizlarsoruyor.com" />
+	<target host="blog.kizlarsoruyor.com" />
+	<target host="images.kizlarsoruyor.com" />
+		<test url="http://images.kizlarsoruyor.com/content/js/home-tiles.min.js?4202" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Kizunaai.com.xml b/src/chrome/content/rules/Kizunaai.com.xml
new file mode 100644
index 000000000000..f5cc7dd610f1
--- /dev/null
+++ b/src/chrome/content/rules/Kizunaai.com.xml
@@ -0,0 +1,15 @@
+<!--
+	Non-functional hosts
+		SSL connect error:
+		- www.kizunaai.com
+-->
+<ruleset name="Kizuna AI Official Website" platform="mixedcontent">
+	<target host="kizunaai.com" />
+	<target host="www.kizunaai.com" />
+
+	<rule from="^http://www\.kizunaai\.com/"
+			to="https://kizunaai.com/" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Kkk.com.xml b/src/chrome/content/rules/Kkk.com.xml
new file mode 100644
index 000000000000..8de5ff895857
--- /dev/null
+++ b/src/chrome/content/rules/Kkk.com.xml
@@ -0,0 +1,13 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://kkk.com/ => https://kkk.com/: (28, 'Connection timed out after 20005 milliseconds')
+Fetch error: http://www.kkk.com/ => https://www.kkk.com/: (28, 'Connection timed out after 20000 milliseconds')
+
+-->
+<ruleset name="Kkk.com" default_off="failed ruleset test">
+  <target host="kkk.com" />
+  <target host="www.kkk.com" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Klibert.pl.xml b/src/chrome/content/rules/Klibert.pl.xml
new file mode 100644
index 000000000000..40e3f1d4d61b
--- /dev/null
+++ b/src/chrome/content/rules/Klibert.pl.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .klibert.pl
+
+-->
+<ruleset name="Klibert.pl">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="klibert.pl" />
+	<target host="www.klibert.pl" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.klibert\.pl$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.klibert\.pl$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/KlimaSchutzPartner-Berlin.xml b/src/chrome/content/rules/KlimaSchutzPartner-Berlin.xml
index 4b2cd8b4bd4d..642be3cd47ba 100644
--- a/src/chrome/content/rules/KlimaSchutzPartner-Berlin.xml
+++ b/src/chrome/content/rules/KlimaSchutzPartner-Berlin.xml
@@ -4,11 +4,10 @@
 	<target host="www.klimaschutzpartner-berlin.de" />
 
 
-	<securecookie host="^www\.klimaschutzpartner-berlin\.de$" name=".*" />
+	<securecookie host="^www\.klimaschutzpartner-berlin\.de$" name=".+" />
 
 
 	<!--	Cert only matches www.	-->
-	<rule from="^https?://(?:www\.)?klimaschutzpartner-berlin\.de/"
-		to="https://www.klimaschutzpartner-berlin.de/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Klinika.zdravie.sk.xml b/src/chrome/content/rules/Klinika.zdravie.sk.xml
new file mode 100644
index 000000000000..7ec2931957f2
--- /dev/null
+++ b/src/chrome/content/rules/Klinika.zdravie.sk.xml
@@ -0,0 +1,11 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://klinika.zdravie.sk/ => https://klinika.zdravie.sk/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="Klinika.zdravie.sk" default_off="failed ruleset test">
+  <target host="klinika.zdravie.sk" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Klub.com.pl.xml b/src/chrome/content/rules/Klub.com.pl.xml
deleted file mode 100644
index 86595507383b..000000000000
--- a/src/chrome/content/rules/Klub.com.pl.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	- Expired 2007-07-11
-	- Cert only matches ^klub.com.pl
-
--->
-<ruleset name="klub.com.pl" default_off="expired, self-signed">
-
-	<target host="klub.com.pl" />
-	<target host="www.klub.com.pl" />
-
-
-	<rule from="^http://(?:www\.)?klub\.com\.pl/"
-		to="https://klub.com.pl/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Klubitus.org.xml b/src/chrome/content/rules/Klubitus.org.xml
new file mode 100644
index 000000000000..acf2681363e7
--- /dev/null
+++ b/src/chrome/content/rules/Klubitus.org.xml
@@ -0,0 +1,14 @@
+<ruleset name="Klubitus.org">
+  <target host="www.klubitus.org" />
+  <target host="klubitus.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^klubitus\.org$" name="^session$" /-->
+
+	<securecookie host="^klubitus\.org$" name=".+" />
+
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Kmart.com.au.xml b/src/chrome/content/rules/Kmart.com.au.xml
new file mode 100644
index 000000000000..1b2f8f54ec13
--- /dev/null
+++ b/src/chrome/content/rules/Kmart.com.au.xml
@@ -0,0 +1,56 @@
+<!--
+	For other Coles coverage, see Coles.com.au.xml
+
+
+	Non-functional subdomains:
+
+		- careers	(m)
+		- catalogues	(m)
+		- christmas	(m)
+		- cnwebsrvr	(m)
+		- contractor	(m)
+		- f1.kmart.com.au	(e)
+		- c.f1	(m)
+		- idp	(t)
+		- images	(m)
+		- mediacentre	(m)
+		- www.mediacentre	(m)
+		- pim	(HTTP 404 error)
+		- www.quality	(m)
+		- shop	(m)
+		- www.shop	(m)
+		- web	(m)
+		- wishingtree	(m)
+		- www.wishingtree	(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Kmart Australia">
+
+	<target host="kmart.com.au" />
+	<target host="www.kmart.com.au" />
+	<target host="adfs.kmart.com.au" />
+	<target host="autodiscover.kmart.com.au" />
+	<target host="email.kmart.com.au" />
+	<target host="go.kmart.com.au" />
+	<target host="hatm.kmart.com.au" />
+	<target host="hybridexch.kmart.com.au" />
+	<target host="kdwmobile.kmart.com.au" />
+	<target host="kmartcontractor.kmart.com.au" />
+	<target host="oa.kmart.com.au" />
+	<target host="quality.kmart.com.au" />
+	<target host="rsdev.kmart.com.au" />
+	<target host="supplier.kmart.com.au" />
+	<target host="et.supplier.kmart.com.au" />
+	<target host="vendor.kmart.com.au" />
+	<target host="www2.kmart.com.au" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Kmart.com.xml b/src/chrome/content/rules/Kmart.com.xml
new file mode 100644
index 000000000000..4a86985f486f
--- /dev/null
+++ b/src/chrome/content/rules/Kmart.com.xml
@@ -0,0 +1,86 @@
+<!--
+	For other Sears Holdings coverage, see Sears.com.xml.
+
+
+		kmart.com.d1.sc.omtrdc.net
+
+			- om
+
+
+	Problematic subdomains:
+
+		- ^	(cert only matches www)
+		- om	(mismatched, CN: *.d1.sc.omtrdc.net)
+
+
+	Fully covered subdomains:
+
+		- birthdayclub
+		- c
+		- fashionclub
+		- playdateplace
+		- stylesipblog
+
+
+	Partially covered subdomains:
+
+		- (www.)	(some paths 404, others redirect to login)
+
+
+	Mixed content:
+
+		- css, on:
+
+			- birthdayclub from nc.shld.net ¹
+			- fashionblog and stylesipblog from fonts.googleapis.com ²
+
+		- Images, on:
+
+			- birthdayclub, and fashionclub, and stylesipblog from c ²
+			- birthdayclub, fashionclub, playdateplace, and stylesipblog from www ²
+
+		- Web bugs, on;
+
+			- playdateplace from:
+
+				- www.facebook.com ²
+				- static.ak.fbcdn.net ²
+				- platform.twitter.com ²
+
+			- stylesipblog from w.sharethis.com ²
+
+	¹ Secured by us, little effect
+	² Secured by us
+
+-->
+<ruleset name="Kmart.com (partial)">
+
+	<target host="kmart.com" />
+	<target host="*.kmart.com" />
+		<!--
+			404:
+				-->
+		<!--exclusion pattern="^http://(www\.)?kmart\.com/(en_us/dap/hp-exclusions\.html|etc/clientlibs/foundation/|etc/designs/)" /-->
+		<!--
+			Redirects to login:
+						-->
+		<!--exclusion pattern="^http://(www\.)?kmart\.com/shc/s/dap_" /-->
+
+
+	<!--	Tracking cookies.  Note that there
+		seem to be auth cookies in s_\w+
+						-->
+	<securecookie host="^\.kmart\.com$" name="^s_vi$" />
+	<securecookie host="^\.?(?:playdateplace|stylesipblog)\.kmart\.com$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?kmart\.com/(?=favicon\.ico|ue/|\d+/ue/)"
+		to="https://www.kmart.com/" />
+
+	<rule from="^http://(birthdayclub|c|fashionclub|playdateplace|stylesipblog)\.kmart\.com/"
+		to="https://$1.kmart.com/" />
+
+	<rule from="^http://om\.kmart\.com/"
+		to="https://kmart-com.d1.sc.omtrdc.net/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Knab.nl.xml b/src/chrome/content/rules/Knab.nl.xml
new file mode 100644
index 000000000000..8036b1a2d4ce
--- /dev/null
+++ b/src/chrome/content/rules/Knab.nl.xml
@@ -0,0 +1,16 @@
+<ruleset name="Knab.nl">
+
+	<target host="knab.nl" />
+	<target host="persoonlijk.knab.nl" />
+	<target host="www.knab.nl" />
+
+
+	<!--	Secured by server:
+					-->
+	<!--securecookie host="^persoonlijk\.knab\.nl$" name="^(__RequestVerificationToken_Lw__|__TrxRvTc|JSESSIONID|TrxStsTrack|TS[\da-z]{6})$" /-->
+	<!--securecookie host="^www\.knab\.nl$" name="^(OX_u|TS[\da-z]{6})$" /-->
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Knappschaft-Bahn-See.xml b/src/chrome/content/rules/Knappschaft-Bahn-See.xml
index a792a6d5af1b..d75e5d685f23 100644
--- a/src/chrome/content/rules/Knappschaft-Bahn-See.xml
+++ b/src/chrome/content/rules/Knappschaft-Bahn-See.xml
@@ -1,5 +1,12 @@
-<ruleset name="Knappschaft-Bahn-See" platform="mixedcontent">
-<target host="www.kbs.de" />
-<target host="kbs.de" />
-<rule from="^http://(?:www\.)?kbs\.de/" to="https://www.kbs.de/"/>
+<!--
+	Domains without SSL/TLS:
+		kbs-jobboerse.de
+		willkommen-im-job.de
+-->
+<ruleset name="Knappschaft-Bahn-See.de">
+<target host="www.knappschaft.de" />
+<target host="knappschaft.de" />
+
+<rule from="^http:"
+	to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Kneon.com-problematic.xml b/src/chrome/content/rules/Kneon.com-problematic.xml
index 90acd950e0fa..603f39dd5475 100644
--- a/src/chrome/content/rules/Kneon.com-problematic.xml
+++ b/src/chrome/content/rules/Kneon.com-problematic.xml
@@ -5,7 +5,7 @@
 <ruleset name="Kneon.com (problematic)" default_off="mismatched">
 
 	<target host="kneon.com" />
-	<target host="*.kneon.com" />
+	<target host="www.kneon.com" />
 
 
 	<securecookie host="^\.kneon\.com$" name=".+" />
@@ -14,4 +14,4 @@
 	<rule from="^http://(?:www\.)?kneon\.com/"
 		to="https://kneon.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Kneon.com.xml b/src/chrome/content/rules/Kneon.com.xml
index 26371b9f2235..c24e44816d38 100644
--- a/src/chrome/content/rules/Kneon.com.xml
+++ b/src/chrome/content/rules/Kneon.com.xml
@@ -1,18 +1,27 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://beta.kneon.com/ => https://beta.kneon.com/: (6, 'Could not resolve host: beta.kneon.com')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://beta.kneon.com/ => https://beta.kneon.com/: (6, 'Could not resolve host: beta.kneon.com')
 	For problematic rules, see Knoen.com-problematic.xml.
 
 
 	Problematic subdomains:
 
-		- (www.)	(works; expired 2012-10-08)
+		- ^ ¹
+		- www ²
+
+	¹ Refused
+	² Squarespace
 
 -->
-<ruleset name="Kneon.com (partial)">
+<ruleset name="Kneon.com (partial)" default_off="failed ruleset test">
 
 	<target host="beta.kneon.com" />
 
 
-	<rule from="^http://beta\.kneon\.com/"
-		to="https://beta.kneon.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Knexjs.org.xml b/src/chrome/content/rules/Knexjs.org.xml
new file mode 100644
index 000000000000..89de3600da74
--- /dev/null
+++ b/src/chrome/content/rules/Knexjs.org.xml
@@ -0,0 +1,14 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- www.knexjs.org
+-->
+<ruleset name="Knexjs.org">
+	<target host="knexjs.org" />
+	<target host="www.knexjs.org" />
+
+	<rule from="^http://www\.knexjs\.org/"
+			to="https://knexjs.org/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/KnightSwarm.xml b/src/chrome/content/rules/KnightSwarm.xml
index 047850c3c7d3..d3e99f5e2a8c 100644
--- a/src/chrome/content/rules/KnightSwarm.xml
+++ b/src/chrome/content/rules/KnightSwarm.xml
@@ -1,15 +1,46 @@
-<ruleset name="KnightSwarm">
 
-	<target host="knightswarm.com" />
-	<target host="*.knightswarm.com" />
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://my.knightswarm.com/ => https://my.knightswarm.com/: (6, 'Could not resolve host: my.knightswarm.com')
+
+	Problematic hosts in *knightswarm.com:
+
+		- order *
+
+	* Expired
+
+
+	These altnames don't exist:
+
+		- www.my.knightswarm.com
 
 
-	<securecookie host="^(.*\.)?knightswarm\.com$" name=".*" />
+	Insecure cookies are set for these domains and hosts:
 
+		- knightswarm.com
+		- .knightswarm.com
+		- www.knightswarm.com
 
-	<!--	!www cert is self-signed.
+-->
+<ruleset name="KnightSwarm.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="knightswarm.com" />
+	<target host="my.knightswarm.com" />
+	<!--target host="order.knightswarm.com" /-->
+	<target host="www.knightswarm.com" />
+
+
+	<!--	Not secured by server:
 					-->
-	<rule from="^https?://(?:(order\.)|www\.)?knightswarm.com/"
-		to="https://$1knightswarm.com/" />
+	<!--securecookie host="^(www\.)?knightswarm\.com$" name="^PHPSESSID[\da-f]{4}$" /-->
+	<!--securecookie host="^\.knightswarm\.com$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Knight_Lab.com.xml b/src/chrome/content/rules/Knight_Lab.com.xml
new file mode 100644
index 000000000000..96c87fd58c25
--- /dev/null
+++ b/src/chrome/content/rules/Knight_Lab.com.xml
@@ -0,0 +1,29 @@
+<!--
+	For other Northwestern University coverage, see Northwestern_University.xml.
+
+
+	Insecure cookies are set for these hosts:
+
+		- .knightlab.com
+
+-->
+<ruleset name="Knight Lab.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="knightlab.com" />
+	<target host="cdn.knightlab.com" />
+	<target host="www.knightlab.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.knightlab\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.knightlab\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Knopper.net.xml b/src/chrome/content/rules/Knopper.net.xml
index 866186f51b24..6a67f880d46b 100644
--- a/src/chrome/content/rules/Knopper.net.xml
+++ b/src/chrome/content/rules/Knopper.net.xml
@@ -1,6 +1,14 @@
-<ruleset name="Knopper.net (self-signed)" default_off="self-signed">
- <target host="www.knopper.net" /> <!-- Home of Knoppix -->
- <target host="knopper.net" />
- <rule from="^http://(www\.)?knopper\.net/" to="https://knopper.net/"/>
-<!-- cert valid for knopper.net only -->
+<!--
+	www: cert only matches ^knopper.net
+
+-->
+<ruleset name="Knopper.Net" default_off="self-signed">
+
+	<target host="knopper.net" />
+	<target host="www.knopper.net" />
+
+
+	<rule from="^http://(?:www\.)?knopper\.net/"
+		to="https://knopper.net/" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/Knot-DNS.cz.xml b/src/chrome/content/rules/Knot-DNS.cz.xml
new file mode 100644
index 000000000000..e50e9e99d231
--- /dev/null
+++ b/src/chrome/content/rules/Knot-DNS.cz.xml
@@ -0,0 +1,13 @@
+<!--
+	For other CZ.NIC coverage, see Nic.cz.xml.
+
+	Invalid cert:
+		- rpm.knot-dns.cz
+-->
+<ruleset name="Knot-DNS.cz">
+	<target host="knot-dns.cz" />
+	<target host="www.knot-dns.cz" />
+	<target host="deb.knot-dns.cz" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/KnowIslam.com.ng.xml b/src/chrome/content/rules/KnowIslam.com.ng.xml
new file mode 100644
index 000000000000..2e22a95e0ec7
--- /dev/null
+++ b/src/chrome/content/rules/KnowIslam.com.ng.xml
@@ -0,0 +1,8 @@
+<ruleset name="KnowIslam.com.ng">
+	<target host="knowislam.com.ng" />
+	<target host="www.knowislam.com.ng" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/KnowTheirName.com.xml b/src/chrome/content/rules/KnowTheirName.com.xml
new file mode 100644
index 000000000000..2b81b3161553
--- /dev/null
+++ b/src/chrome/content/rules/KnowTheirName.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="KnowTheirName.com">
+	<target host="knowtheirname.com" />
+	<target host="www.knowtheirname.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Knowledge_Blog.org.xml b/src/chrome/content/rules/Knowledge_Blog.org.xml
new file mode 100644
index 000000000000..5b18b3026535
--- /dev/null
+++ b/src/chrome/content/rules/Knowledge_Blog.org.xml
@@ -0,0 +1,29 @@
+<!--
+	NB: Server sends no certificate chain, see https://whatsmychaincert.com
+
+
+	Mixed content:
+
+		- Image on taverna from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Knowledge Blog.org" default_off="cert-chain">
+
+	<target host="knowledgeblog.org" />
+	<target host="bio-ontologies.knowledgeblog.org" />
+	<target host="bioinformatics.knowledgeblog.org" />
+	<target host="event.knowledgeblog.org" />
+	<target host="glossary.knowledgeblog.org" />
+	<target host="health.knowledgeblog.org" />
+	<target host="ontogenesis.knowledgeblog.org" />
+	<target host="process.knowledgeblog.org" />
+	<target host="taverna.knowledgeblog.org" />
+	<target host="www.knowledgeblog.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/KnownHost.com.xml b/src/chrome/content/rules/KnownHost.com.xml
new file mode 100644
index 000000000000..1abe7f428162
--- /dev/null
+++ b/src/chrome/content/rules/KnownHost.com.xml
@@ -0,0 +1,21 @@
+<!--
+	Invalid certificate:
+		careers.knownhost.com
+-->
+<ruleset name="KnownHost.com">
+
+	<target host="knownhost.com" />
+	<target host="www.knownhost.com" />
+	<target host="billing.knownhost.com" />
+	<target host="blog.knownhost.com" />
+	<target host="chat.knownhost.com" />
+	<target host="forums.knownhost.com" />
+	<target host="img.knownhost.com" />
+	<target host="list.knownhost.com" />
+	<target host="my.knownhost.com" />
+	<target host="support.knownhost.com" />
+	<target host="wiki.knownhost.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Kobo.xml b/src/chrome/content/rules/Kobo.xml
index 2338ff9ebfca..76c92f45281a 100644
--- a/src/chrome/content/rules/Kobo.xml
+++ b/src/chrome/content/rules/Kobo.xml
@@ -137,13 +137,13 @@
 	<!--
 		Tracking cookies:
 					-->
-	<securecookie host="^\.kobobooks\.com$" name="^(?:tracking|__utm\w)$" />	
+	<securecookie host="^\.kobobooks\.com$" name="^(?:tracking|__utm\w)$" />
 	<securecookie host="^(?!ptbr\.|wwwt?\.)\w+\.kobobooks\.com$" name=".+" />
 	<securecookie host="^\.kobobooks\.\w\w$" name="^tracking$" />
 	<securecookie host="^s(?:ecure(?:stage\d?|t)|tage[36]?)\.kobobooks\.\w\w$" name=".+" />
 
 
-	<rule from="^https?://kobo\.com/"
+	<rule from="^http://kobo\.com/"
 		to="https://www.kobo.com/" />
 
 	<rule from="^http://(assets|ptbr|www)\.kobo\.com/"
@@ -153,7 +153,7 @@
 	<rule from="^http://((?:akimagest?|assets|ecimagest|merch|(?:ptbr)?secure|securestage\d?|stage)\.)?kobobooks\.com/"
 		to="https://$1kobobooks.com/" />
 
-	<rule from="^https?://(?:ec)?images\.kobobooks\.com/"
+	<rule from="^http://(?:ec)?images\.kobobooks\.com/"
 		to="https://images.kobobooks.com/" />
 
 	<rule from="^http://s(ecure(?:stage[2456]?|t)?|tage[36]?)\.kobobooks\.(\w\w)/"
@@ -162,4 +162,4 @@
 	<rule from="^http://stage2\.kobobooks\.(fr|es)/(default\.aspx)?(\?.*)?$"
 		to="https://stage2.kobobooks.$1/$2$3" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Kochava.com.xml b/src/chrome/content/rules/Kochava.com.xml
new file mode 100644
index 000000000000..e4eaa4a027da
--- /dev/null
+++ b/src/chrome/content/rules/Kochava.com.xml
@@ -0,0 +1,34 @@
+<!--
+	Nonfunctional hosts in *kochava.com:
+
+		- support *
+
+	* Redirects to http
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .kochava.com
+		- www.kochava.com
+
+-->
+<ruleset name="Kochava.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="kochava.com" />
+	<target host="www.kochava.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.kochava\.com$" name="^selected_account$" /-->
+	<!--securecookie host="^www\.kochava\.com$" name="^w3tc_referrer$" /-->
+
+	<securecookie host="^(?:www)?\.kochava\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/KodeRoot.net.xml b/src/chrome/content/rules/KodeRoot.net.xml
new file mode 100644
index 000000000000..ea6560b37fc2
--- /dev/null
+++ b/src/chrome/content/rules/KodeRoot.net.xml
@@ -0,0 +1,36 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://xmpp.koderoot.net/ => https://xmpp.koderoot.net/: (6, 'Could not resolve host: xmpp.koderoot.net')
+
+	Server sends includeSubDomains in HSTS header.
+
+
+	Mixed content:
+
+		- iframe on ^ from forecast.io ¹
+		- css on ^, space from fonts.googleapis.com ¹
+		- Image on ^ from imagegen.last.fm ²
+
+	¹ Secured by us
+	² Unsecurable <= refused
+
+-->
+<ruleset name="KodeRoot.net" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="koderoot.net" />
+	<target host="*.koderoot.net" />
+
+		<test url="http://im.koderoot.net/" />
+		<test url="http://ircweb.koderoot.net/" />
+		<test url="http://space.koderoot.net/" />
+		<test url="http://stats.koderoot.net/piwik/piwik.php" />
+		<test url="http://xmpp.koderoot.net/" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Kodi.tv.xml b/src/chrome/content/rules/Kodi.tv.xml
new file mode 100644
index 000000000000..78ee935ea4c8
--- /dev/null
+++ b/src/chrome/content/rules/Kodi.tv.xml
@@ -0,0 +1,32 @@
+<!--
+	Refused:
+		chatlog.kodi.tv
+		eden.kodi.tv
+		ftp.kodi.tv
+		graphs.kodi.tv
+		mirrors.kodi.tv
+
+	No working URL known:
+		issues.kodi.tv
+		wiki.kodi.tv
+
+	Time out:
+		jenkins.kodi.tv
+
+-->
+<ruleset name="Kodi.tv (partial)">
+
+	<target host="kodi.tv" />
+	<target host="www.kodi.tv" />
+	<target host="addons.kodi.tv" />
+	<target host="forum.kodi.tv" />
+	<target host="forums.kodi.tv" />
+	<target host="trac.kodi.tv" />
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Koding.xml b/src/chrome/content/rules/Koding.xml
index fa1815444028..9c39bdeaeddf 100644
--- a/src/chrome/content/rules/Koding.xml
+++ b/src/chrome/content/rules/Koding.xml
@@ -4,10 +4,10 @@
 	<target host="*.koding.com" />
 
 
-	<securecookie host="^(?:.+\.)?koding\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http://(\w+\.)?koding\.com/"
 		to="https://$1koding.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Kogan.com.xml b/src/chrome/content/rules/Kogan.com.xml
new file mode 100644
index 000000000000..616b35ca990c
--- /dev/null
+++ b/src/chrome/content/rules/Kogan.com.xml
@@ -0,0 +1,79 @@
+<!--
+	Other Kogan rulesets:
+		- KoganInsurance.com.au.xml
+		- KoganMobile.com.au.xml
+
+
+	Non-functional subdomains:
+
+		- kogan.com
+			- c	(e)
+			- comms	(m)
+			- cruises	(m)
+			- delorian	(t)
+			- m.delorian	(t)
+			- downloads	(m)
+			- email	(m)
+			- footy	(m)
+			- help	(e)
+			- hotels	(m)
+			- media	(m)
+			- melbcup	(m)
+			- spicerack	(m)
+
+		- kogan.com.au	(e)(m)
+			- cdn	(m)
+
+		- kogancorporate.com	(r)
+
+	e: expired certificate
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+
+-->
+<ruleset name="Kogan">
+
+	<target host="kogan.com" />
+	<target host="www.kogan.com" />
+	<target host="assets.kogan.com" />
+	<target host="careers.kogan.com" />
+	<target host="commsprefs.kogan.com" />
+	<target host="comp.kogan.com" />
+	<target host="delivery.kogan.com" />
+	<target host="devblog.kogan.com" />
+	<target host="www.devblog.kogan.com" />
+	<target host="images.kogan.com" />
+	<target host="img.kogan.com" />
+	<target host="m.kogan.com" />
+	<target host="nimda.kogan.com" />
+	<target host="static.kogan.com" />
+	<target host="vip.kogan.com" />
+
+	<target host="kogan.com.au" />
+	<target host="www.kogan.com.au" />
+
+	<target host="kogancorporate.com" />
+	<target host="www.kogancorporate.com" />
+
+	<target host="koganforbusiness.com" />
+	<target host="www.koganforbusiness.com" />
+	<target host="koganforbusiness.com.au" />
+	<target host="www.koganforbusiness.com.au" />
+
+  	<securecookie host="^www\.kogan\.com$" name=".+" />
+
+	<!-- certificate mismatch -->
+	<rule from="^http://kogan\.com\.au/"
+		to="https://www.kogan.com.au/" />
+
+	<!-- connection refused -->
+	<rule from="^http://kogancorporate\.com/"
+		to="https://www.kogancorporate.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/KoganInsurance.com.au.xml b/src/chrome/content/rules/KoganInsurance.com.au.xml
new file mode 100644
index 000000000000..e2bcdffda4e0
--- /dev/null
+++ b/src/chrome/content/rules/KoganInsurance.com.au.xml
@@ -0,0 +1,28 @@
+<!--
+	For other Kogan coverage, see Kogan.com.xml
+
+
+	Non-functional subdomains:
+
+		- (www.)koganinsurance.com	(m)
+
+	e: expired certificate
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Kogan Insurance">
+
+	<target host="koganinsurance.com.au" />
+	<target host="www.koganinsurance.com.au" />
+	<target host="quote.koganinsurance.com.au" />
+	<target host="travel.koganinsurance.com.au" />
+
+  	<securecookie host="^www\.koganinsurance\.com$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/KoganMobile.com.au.xml b/src/chrome/content/rules/KoganMobile.com.au.xml
new file mode 100644
index 000000000000..d0394c645883
--- /dev/null
+++ b/src/chrome/content/rules/KoganMobile.com.au.xml
@@ -0,0 +1,31 @@
+<!--
+	For other Kogan coverage, see Kogan.com.xml
+
+
+	Non-functional subdomains:
+
+		- emlimg	(m)
+		- trusted	(t)
+
+	e: expired certificate
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Kogan Mobile">
+
+	<target host="koganmobile.com.au" />
+	<target host="www.koganmobile.com.au" />
+	<target host="accounts.koganmobile.com.au" />
+	<target host="cdn.koganmobile.com.au" />
+	<target host="help.koganmobile.com.au" />
+	<target host="home.koganmobile.com.au" />
+
+  	<securecookie host="^www\.koganmobile\.com$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Kohls.xml b/src/chrome/content/rules/Kohls.xml
deleted file mode 100644
index 0e2a086f67fb..000000000000
--- a/src/chrome/content/rules/Kohls.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="Kohls.com">
-  <target host="kohls.com"/>
-  <target host="www.kohls.com"/>
-  <rule from="^http://kohls\.com/" to="https://www.kohls.com/"/>
-  <rule from="^http://www\.kohls\.com/" to="https://www.kohls.com/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/Kohsuke.org.xml b/src/chrome/content/rules/Kohsuke.org.xml
new file mode 100644
index 000000000000..50b056ef582c
--- /dev/null
+++ b/src/chrome/content/rules/Kohsuke.org.xml
@@ -0,0 +1,36 @@
+<!--
+	Invalid certificate:
+		photo
+-->
+<ruleset name="Kohsuke.org">
+
+	<target host="kohsuke.org" />
+	<target host="www.kohsuke.org" />
+	<target host="ajaxterm4j.kohsuke.org" />
+	<target host="akuma.kohsuke.org" />
+	<target host="args4j.kohsuke.org" />
+	<target host="com4j.kohsuke.org" />
+	<target host="downgraded-dependency-maven-plugin.kohsuke.org" />
+	<target host="eiie-logger.kohsuke.org" />
+	<target host="file-leak-detector.kohsuke.org" />
+	<target host="github-api.kohsuke.org" />
+	<target host="groovy-sandbox.kohsuke.org" />
+	<target host="javadoc-capture.kohsuke.org" />
+	<target host="libpam4j.kohsuke.org" />
+	<target host="maven-jellydoc-plugin.kohsuke.org" />
+	<target host="maven-skin.kohsuke.org" />
+	<target host="metainf-services.kohsuke.org" />
+	<target host="no-more-tears.kohsuke.org" />
+	<target host="robust-http-client.kohsuke.org" />
+	<target host="stapler.kohsuke.org" />
+	<target host="stopforumspam.kohsuke.org" />
+	<target host="trilead-putty-extension.kohsuke.org" />
+	<target host="windows-package-checker.kohsuke.org" />
+	<target host="winp.kohsuke.org" />
+	<target host="youdebug.kohsuke.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Koinify.com.xml b/src/chrome/content/rules/Koinify.com.xml
new file mode 100644
index 000000000000..102ebebad2cb
--- /dev/null
+++ b/src/chrome/content/rules/Koinify.com.xml
@@ -0,0 +1,16 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://koinify.com/ => https://koinify.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.koinify.com/ => https://www.koinify.com/: (28, 'Connection timed out after 20000 milliseconds')
+
+-->
+<ruleset name="Koinify.com" default_off="failed ruleset test">
+
+	<target host="koinify.com" />
+	<target host="www.koinify.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Kokousalusta.xml b/src/chrome/content/rules/Kokousalusta.xml
deleted file mode 100644
index 8ac89e60695d..000000000000
--- a/src/chrome/content/rules/Kokousalusta.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="Kokousalusta">
-	<target host="kokousalusta.fi"/>
-	<target host="www.kokousalusta.fi"/>
-
-	<securecookie host="^(?:www\.)?kokousalusta\.fi$" name=".+" />
-
-	<rule from="^http://(www\.)?kokousalusta\.fi/"
-		to="https://$1kokousalusta.fi/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/Kolab.org.xml b/src/chrome/content/rules/Kolab.org.xml
new file mode 100644
index 000000000000..ca2d084a5186
--- /dev/null
+++ b/src/chrome/content/rules/Kolab.org.xml
@@ -0,0 +1,23 @@
+<!--
+	Nonfunctional hosts in *kolab.org:
+
+		- conference *
+
+	* Shows default page
+
+-->
+<ruleset name="Kolab.org (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="kolab.org" />
+	<target host="docs.kolab.org" />
+	<target host="issues.kolab.org" />
+	<target host="roundup.kolab.org" />
+	<target host="www.kolab.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/KolabSys.com.xml b/src/chrome/content/rules/KolabSys.com.xml
index 2ddf19f443a0..617f6b0b2ef2 100644
--- a/src/chrome/content/rules/KolabSys.com.xml
+++ b/src/chrome/content/rules/KolabSys.com.xml
@@ -1,13 +1,15 @@
 <ruleset name="KolabSys.com">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="kolabsys.com" />
-	<target host="*.kolabsys.com" />
+	<target host="www.kolabsys.com" />
 
 
 	<securecookie host="^\.kolabsys\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?kolabsys\.com/"
-		to="https://$1kolabsys.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Kolab_Now.com.xml b/src/chrome/content/rules/Kolab_Now.com.xml
new file mode 100644
index 000000000000..febfd0e09349
--- /dev/null
+++ b/src/chrome/content/rules/Kolab_Now.com.xml
@@ -0,0 +1,30 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- kolabnow.com
+
+-->
+<ruleset name="Kolab Now.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="kolabnow.com" />
+	<target host="cockpit.kolabnow.com" />
+	<target host="www.kolabnow.com" />
+
+		<!--	Sets cookie without Secure:
+							-->
+		<test url="http://kolabnow.com/cockpit/signup/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^kolabnow\.com$" name="^mykolabsessid$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Koldfront.dk.xml b/src/chrome/content/rules/Koldfront.dk.xml
new file mode 100644
index 000000000000..f23340ace19f
--- /dev/null
+++ b/src/chrome/content/rules/Koldfront.dk.xml
@@ -0,0 +1,9 @@
+<ruleset name="Koldfront.dk">
+
+    <target host="koldfront.dk" />
+    <target host="www.koldfront.dk" />
+
+    <rule from="^http:"
+            to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Kolektiva.com.xml b/src/chrome/content/rules/Kolektiva.com.xml
new file mode 100644
index 000000000000..de5419ddf809
--- /dev/null
+++ b/src/chrome/content/rules/Kolektiva.com.xml
@@ -0,0 +1,30 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://kolektiva.com/ => https://kolektiva.com/: (7, 'Failed to connect to kolektiva.com port 443: Connection refused')
+Fetch error: http://biz.kolektiva.com/ => https://biz.kolektiva.com/: (7, 'Failed to connect to biz.kolektiva.com port 443: Connection refused')
+Fetch error: http://www.kolektiva.com/ => https://www.kolektiva.com/: (7, 'Failed to connect to www.kolektiva.com port 443: Connection refused')
+
+	Fully covered subdomains:
+
+		- (www.)?
+		- biz
+
+
+	Mixed content:
+
+		- css on biz from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Kolektiva.com" default_off="failed ruleset test">
+
+	<target host="kolektiva.com" />
+	<target host="biz.kolektiva.com" />
+	<target host="www.kolektiva.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Kolibri.is.xml b/src/chrome/content/rules/Kolibri.is.xml
new file mode 100644
index 000000000000..e437d0f57011
--- /dev/null
+++ b/src/chrome/content/rules/Kolibri.is.xml
@@ -0,0 +1,18 @@
+<!--
+	SSL protocol error:
+		- nectar-ci
+
+	Kolibri.is has a wildcard DNS record.
+-->
+
+<ruleset name="Kolibri.is">
+	<target host="kolibri.is" />
+	<target host="www.kolibri.is" />
+	<target host="blog.kolibri.is" />
+	<target host="img.kolibri.is" />
+	<target host="kort.kolibri.is" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Kollegorna.se.xml b/src/chrome/content/rules/Kollegorna.se.xml
new file mode 100644
index 000000000000..db61f06b1e1b
--- /dev/null
+++ b/src/chrome/content/rules/Kollegorna.se.xml
@@ -0,0 +1,17 @@
+<!--
+	Fully covered subdomains:
+
+		- (www.)?
+		- labs
+
+-->
+<ruleset name="Kollegorna.se">
+
+	<target host="kollegorna.se" />
+	<target host="labs.kollegorna.se" />
+	<target host="www.kollegorna.se" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Kommaer.dk.xml b/src/chrome/content/rules/Kommaer.dk.xml
new file mode 100644
index 000000000000..83c0b4540eef
--- /dev/null
+++ b/src/chrome/content/rules/Kommaer.dk.xml
@@ -0,0 +1,6 @@
+<ruleset name="Kommaer.dk">
+    <target host="kommaer.dk" />
+    <target host="www.kommaer.dk" />
+
+    <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Komments.net.xml b/src/chrome/content/rules/Komments.net.xml
new file mode 100644
index 000000000000..9077e89aae04
--- /dev/null
+++ b/src/chrome/content/rules/Komments.net.xml
@@ -0,0 +1,23 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://komments.net/ => https://komments.net/: (35, 'Unknown SSL protocol error in connection to komments.net:443 ')
+Fetch error: http://www.komments.net/ => https://www.komments.net/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="Komments.net" default_off="failed ruleset test">
+
+	<target host="komments.net" />
+	<target host="www.komments.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?komments\.net$" name=".+" /-->
+
+	<securecookie host="^(?:www\.)?komments\.net$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Kompany.com.xml b/src/chrome/content/rules/Kompany.com.xml
new file mode 100644
index 000000000000..e8ec11775a04
--- /dev/null
+++ b/src/chrome/content/rules/Kompany.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- www.kompany.com
+
+-->
+<ruleset name="Kompany.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="kompany.com" />
+	<target host="aravo.kompany.com" />
+	<target host="www.kompany.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.kompany\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^www\.kompany\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Komro.net.xml b/src/chrome/content/rules/Komro.net.xml
new file mode 100644
index 000000000000..928cdce5a35b
--- /dev/null
+++ b/src/chrome/content/rules/Komro.net.xml
@@ -0,0 +1,52 @@
+<!--
+		Cert mismatch:
+			- centrex, only valid for nfon.com
+			- netgauge, only valid for ^&www
+			- speedtest, only valid for ^&www
+			- webcam, only valid for ^&www
+
+		Self-Signed:
+			- firmware
+			- office
+			- remote
+
+		Incomple chain:
+			- adminportal
+			- login
+
+		Connection refused:
+			- acs
+			- acs-test
+			- gw-cotec-komro
+			- gw-ml-komro
+			- management
+			- mobile
+			- ns1
+			- otrs
+			- redmine
+			- relay
+			- speedtest5
+
+		Cert expired:
+			- userportal
+
+		Timeout:
+			- cmns1
+			- cmns2
+			- isp-gw
+			- ns
+			- ns2
+			- probe
+			- ronet
+-->
+<ruleset name="Kabel Rosenheim">
+
+	<target host="komro.net" />
+	<target host="www.komro.net" />
+	<target host="citywlan.komro.net" />
+
+	<rule from="^http:"
+		to="https:" />
+
+
+</ruleset>
diff --git a/src/chrome/content/rules/Konachan.com.xml b/src/chrome/content/rules/Konachan.com.xml
new file mode 100644
index 000000000000..f0f0c3592e1e
--- /dev/null
+++ b/src/chrome/content/rules/Konachan.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Konachan.com">
+  <target host="konachan.com" />
+  <target host="www.konachan.com" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Konami-Korea.kr.xml b/src/chrome/content/rules/Konami-Korea.kr.xml
new file mode 100644
index 000000000000..9aa1c4d2ea62
--- /dev/null
+++ b/src/chrome/content/rules/Konami-Korea.kr.xml
@@ -0,0 +1,30 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://konami-korea.kr/ => https://www.konami-korea.kr/: (6, 'Could not resolve host: www.konami-korea.kr')
+Fetch error: http://www.konami-korea.kr/ => https://www.konami-korea.kr/: (6, 'Could not resolve host: www.konami-korea.kr')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://konami-korea.kr/ => https://www.konami-korea.kr/: (28, 'Connection timed out after 10000 milliseconds')
+Fetch error: http://www.konami-korea.kr/ => https://www.konami-korea.kr/: (28, 'Connection timed out after 10001 milliseconds')
+	For other Konami coverage, see Konami.com.xml.
+
+
+	^: cert only matches www
+
+-->
+<ruleset name="Konami-Korea.kr" default_off="failed ruleset test">
+
+	<target host="konami-korea.kr" />
+	<target host="www.konami-korea.kr" />
+
+
+	<!--	Server sets Secure for:
+					-->
+	<securecookie host="^(?:www\.)?konami-korea\.kr$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?konami-korea\.kr/"
+		to="https://www.konami-korea.kr/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Konami.com.xml b/src/chrome/content/rules/Konami.com.xml
index 8b4fa3a8481b..8d21012864da 100644
--- a/src/chrome/content/rules/Konami.com.xml
+++ b/src/chrome/content/rules/Konami.com.xml
@@ -1,3 +1,9 @@
+<!--
+	Other Konami rulesets:
+
+		- Konami-Korea.kr.xml
+
+-->
 <ruleset name="Konami.com">
 	<target host="konami.com" />
 	<target host="www.konami.com" />
diff --git a/src/chrome/content/rules/Kondor.co.uk.xml b/src/chrome/content/rules/Kondor.co.uk.xml
new file mode 100644
index 000000000000..87785e39126b
--- /dev/null
+++ b/src/chrome/content/rules/Kondor.co.uk.xml
@@ -0,0 +1,15 @@
+<!--
+	(www.)?kondor.co.uk: Shows default page
+
+-->
+<ruleset name="Kondor.co.uk (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="rmp.kondor.co.uk" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/KongCDN.com.xml b/src/chrome/content/rules/KongCDN.com.xml
new file mode 100644
index 000000000000..47629083f83e
--- /dev/null
+++ b/src/chrome/content/rules/KongCDN.com.xml
@@ -0,0 +1,18 @@
+<!--
+	For other Kongregate coverage, see Kongregate.com.xml.
+
+-->
+<ruleset name="KongCDN.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="cdn1.kongcdn.com" />
+	<target host="cdn2.kongcdn.com" />
+	<target host="cdn3.kongcdn.com" />
+	<target host="cdn4.kongcdn.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Kongregate.com.xml b/src/chrome/content/rules/Kongregate.com.xml
new file mode 100644
index 000000000000..c783bca8af17
--- /dev/null
+++ b/src/chrome/content/rules/Kongregate.com.xml
@@ -0,0 +1,66 @@
+<!--
+	Other Kongregate rulesets:
+
+		- KongCDN.com.xml
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.kongregate.com
+
+
+	Mixed content:
+
+		- Bugs from b.scorecardresearch.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Kongregate.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="kongregate.com" />
+	<target host="developers.kongregate.com" />
+	<target host="www.kongregate.com" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://developers\.kongregate.com/$" /-->
+		<!--exclusion pattern="^http://www\.kongregate.com/(?:$|forums/?$|session/new$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://developers\.kongregate.com/+(?!favicon\.ico|images/)" />
+		<exclusion pattern="^http://www\.kongregate.com/+(?!favicon\.ico|forums/\d+-[\w-]+|images/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://developers.kongregate.com/blog" />
+			<test url="http://developers.kongregate.com/docs/api-overview/intro" />
+			<test url="http://developers.kongregate.com/docs/resources/faq" />
+
+			<test url="http://www.kongregate.com/accounts/new" />
+			<test url="http://www.kongregate.com/feedbacks/new" />
+			<test url="http://www.kongregate.com/games/new" />
+			<test url="http://www.kongregate.com/session/new" />
+			<test url="http://www.kongregate.com/badge_quests/your_first" />
+
+			<!--	-ve:
+					-->
+			<test url="http://developers.kongregate.com/favicon.ico" />
+			<test url="http://developers.kongregate.com/images/docs/home-ico-adcap.png" />
+
+			<test url="http://www.kongregate.com/favicon.ico" />
+			<test url="http://www.kongregate.com/pages/100k-battle-kongroyale" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.kongregate\.com$" name="^(?:_kongregate_session|kong_svid|sourced_visit_recorded|tmp_visit_data)$" /-->
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Konstfack.se.xml b/src/chrome/content/rules/Konstfack.se.xml
index 4f46ed6a4b28..5cc5f2858248 100644
--- a/src/chrome/content/rules/Konstfack.se.xml
+++ b/src/chrome/content/rules/Konstfack.se.xml
@@ -1,3 +1,7 @@
+<!--
+	^: Handshake fails
+
+-->
 <ruleset name="Konstfack.se" platform="mixedcontent">
 	<target host="www.konstfack.se" />
 	<target host="konstfack.se" />
diff --git a/src/chrome/content/rules/Kontalk.xml b/src/chrome/content/rules/Kontalk.xml
new file mode 100644
index 000000000000..cc79415843a8
--- /dev/null
+++ b/src/chrome/content/rules/Kontalk.xml
@@ -0,0 +1,16 @@
+<!--
+    Doc:
+        - https://github.com/kontalk/website/issues/14
+-->
+<ruleset name="Kontalk">
+    <target host="kontalk.org" />
+    <target host="www.kontalk.org" />
+    <target host="translate.kontalk.org" />
+
+    <target host="kontalk.net" />
+    <target host="www.kontalk.net" />
+    <target host="beta.kontalk.net" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Kontera.xml b/src/chrome/content/rules/Kontera.xml
index 1d3fee6850af..f133c31214e4 100644
--- a/src/chrome/content/rules/Kontera.xml
+++ b/src/chrome/content/rules/Kontera.xml
@@ -1,4 +1,10 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://kona32.kontera.com/ => https://kona32.kontera.com/: (6, 'Could not resolve host: kona32.kontera.com')
+Fetch error: http://kona33.kontera.com/ => https://kona33.kontera.com/: (6, 'Could not resolve host: kona33.kontera.com')
+Fetch error: http://publishers.kontera.com/ => https://publishers.kontera.com/: (6, 'Could not resolve host: publishers.kontera.com')
+
 	Kontera Technologies, Inc
 
 
@@ -60,24 +66,17 @@
 		- publishers
 
 -->
-<ruleset name="Kontera (partial)">
+<ruleset name="Kontera (partial)" default_off="failed ruleset test">
 
-	<target host="*.kontera.com" />
+	<target host="kona32.kontera.com" />
+	<target host="kona33.kontera.com" />
+	<target host="publishers.kontera.com" />
 
 
 	<securecookie host="^(?:\.?publishers)?\.kona\.com$" name=".+" />
 
 
-	<rule from="^http://images\.kontera\.com/"
-		to="https://a248.e.akamai.net/f/489/5395/2m/images.kontera.com/" />
-
-	<rule from="^http://kona(c)?\.kontera\.com/"
-		to="https://a248.e.akamai.net/f/302/9266/9m/kona$1.kontera.com/" />
-
-	<rule from="^http://(kona3[23]|publishers)\.kontera\.com/"
-		to="https://$1.kontera.com/" />
-
-	<rule from="^http://konax\.kontera\.com/"
-		to="https://a248.e.akamai.net/f/1850/7709/10/konax.kontera.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Konto_API.xml b/src/chrome/content/rules/Konto_API.xml
index d5df732ad365..cc4273476297 100644
--- a/src/chrome/content/rules/Konto_API.xml
+++ b/src/chrome/content/rules/Konto_API.xml
@@ -1,13 +1,12 @@
 <ruleset name="Konto API">
 
 	<target host="kontoapi.de" />
-	<target host="*.kontoapi.de" />
+	<target host="www.kontoapi.de" />
 
 
 	<securecookie host="^(?:www)?\.kontoapi\.de$" name=".+" />
 
 
-	<rule from="^http://(www\.)?kontoapi\.de/"
-		to="https://$1kontoapi.de/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Koonoz.info.xml b/src/chrome/content/rules/Koonoz.info.xml
new file mode 100644
index 000000000000..5bd30f2c1683
--- /dev/null
+++ b/src/chrome/content/rules/Koonoz.info.xml
@@ -0,0 +1,8 @@
+<ruleset name="Koonoz.info">
+	<target host="koonoz.info" />
+	<target host="www.koonoz.info" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Kootenay-Savings-Credit-Union.xml b/src/chrome/content/rules/Kootenay-Savings-Credit-Union.xml
new file mode 100644
index 000000000000..b17e18c1765b
--- /dev/null
+++ b/src/chrome/content/rules/Kootenay-Savings-Credit-Union.xml
@@ -0,0 +1,16 @@
+<!--
+	Incomplete certificate chain:
+		- barracuda.kscu.com
+-->
+
+<ruleset name="Kootenay Savings Credit Union">
+	<target host="kscu.com" />
+	<target host="www.kscu.com" />
+	<target host="autodiscover.kscu.com" />
+	<target host="mdws.kscu.com" />
+	<target host="webmail.kscu.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Kopiosto.xml b/src/chrome/content/rules/Kopiosto.xml
index 8095c88086ef..249025ab7514 100644
--- a/src/chrome/content/rules/Kopiosto.xml
+++ b/src/chrome/content/rules/Kopiosto.xml
@@ -1,16 +1,18 @@
 <!--
+Automatically by https-everywhere-checker because:
+Fetch error: http://kopiosto.fi/ => https://www.kopiosto.fi/: (6, 'Could not resolve host: kopiosto.fi')
 Working subdomains:
 	- serv3.
 	- www.
 -->
 <ruleset name="Kopiosto">
 	<target host="kopiosto.fi"/>
-	<target host="*.kopiosto.fi"/>
+	<target host="www.kopiosto.fi" />
+	<target host="serv3.kopiosto.fi" />
 
 	<!-- WWW works -->
 	<rule from="^http://(?:www\.)?kopiosto\.fi/"
 		to="https://www.kopiosto.fi/"/>
 
-	<rule from="^http://serv3\.kopiosto\.fi/"
-		to="https://serv3.kopiosto.fi/"/>
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/KoranoIslamu.cz.xml b/src/chrome/content/rules/KoranoIslamu.cz.xml
new file mode 100644
index 000000000000..fa4a9406e57f
--- /dev/null
+++ b/src/chrome/content/rules/KoranoIslamu.cz.xml
@@ -0,0 +1,8 @@
+<ruleset name="KoranoIslamu.cz">
+	<target host="koranoislamu.cz" />
+	<target host="www.koranoislamu.cz" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Korbit.co.kr.xml b/src/chrome/content/rules/Korbit.co.kr.xml
new file mode 100644
index 000000000000..b4af1be35c4b
--- /dev/null
+++ b/src/chrome/content/rules/Korbit.co.kr.xml
@@ -0,0 +1,12 @@
+<ruleset name="Korbit.co.kr">
+
+	<target host="korbit.co.kr" />
+	<target host="www.korbit.co.kr" />
+
+
+	<securecookie host="^\.korbit\.co\.kr$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Kore.io.xml b/src/chrome/content/rules/Kore.io.xml
new file mode 100644
index 000000000000..5b89ac99b968
--- /dev/null
+++ b/src/chrome/content/rules/Kore.io.xml
@@ -0,0 +1,13 @@
+<!--
+	www: expired
+
+-->
+<ruleset name="Kore.io">
+
+	<target host="kore.io" />
+	<target host="www.kore.io" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/KoreLogic-Security.xml b/src/chrome/content/rules/KoreLogic-Security.xml
index d251a5c07df6..279c575af5c9 100644
--- a/src/chrome/content/rules/KoreLogic-Security.xml
+++ b/src/chrome/content/rules/KoreLogic-Security.xml
@@ -1,16 +1,32 @@
 <!--
-	Nonfunctional subdomains:
+	KoreLogic Security
 
+
+	Nonfunctional hosts in *korelogic.com:
+
+		- contest ¹
 		- contest-2011	(cert: www; shows www's data)
 
+	² Dropped
+
+
+	These altnames don't exist:
+
+		- www.blog.korelogic.com
+
 -->
-<ruleset name="KoreLogic Security">
+<ruleset name="KoreLogic.com">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="korelogic.com" />
+	<target host="blog.korelogic.com" />
+	<target host="git.korelogic.com" />
+	<target host="mastiff-online.korelogic.com" />
 	<target host="www.korelogic.com" />
 
 
-	<rule from="^http://(www\.)?korelogic\.com/"
-		to="https://$1korelogic.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Koreatimes.co.kr.xml b/src/chrome/content/rules/Koreatimes.co.kr.xml
new file mode 100644
index 000000000000..08c61f82b64e
--- /dev/null
+++ b/src/chrome/content/rules/Koreatimes.co.kr.xml
@@ -0,0 +1,6 @@
+<ruleset name="Koreatimes" default_off="Certificate expired">
+	<target host="www.koreatimes.co.kr" />
+	<!-- www2 uses an invalid cert , img can't use tls -->
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Korn-Design.xml b/src/chrome/content/rules/Korn-Design.xml
index 7fd0d52ac8f0..b8ca919150a3 100644
--- a/src/chrome/content/rules/Korn-Design.xml
+++ b/src/chrome/content/rules/Korn-Design.xml
@@ -1,4 +1,4 @@
-<ruleset name="Korn Design" default_off="mismatch">
+<ruleset name="Korn Design" default_off="mismatched">
 
 	<!--	cert: *.gridserver.com	-->
 	<target host="korndesign.com"/>
diff --git a/src/chrome/content/rules/Kornerstone_Admin.com.xml b/src/chrome/content/rules/Kornerstone_Admin.com.xml
new file mode 100644
index 000000000000..b2d8a96f0233
--- /dev/null
+++ b/src/chrome/content/rules/Kornerstone_Admin.com.xml
@@ -0,0 +1,25 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://kornerstoneadmin.com/ (200) => https://kornerstoneadmin.com/ (403)
+Non-2xx HTTP code: http://www.kornerstoneadmin.com/ (200) => https://kornerstoneadmin.com/ (403)
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://kornerstoneadmin.com/ => https://kornerstoneadmin.com/: (7, 'Failed to connect to kornerstoneadmin.com port 443: Connection refused')
+Fetch error: http://www.kornerstoneadmin.com/ => https://kornerstoneadmin.com/: (7, 'Failed to connect to kornerstoneadmin.com port 443: Connection refused')
+	www: cert only matches ^kornerstoneadmin.com
+
+-->
+<ruleset name="Kornerstone Admin.com" default_off="failed ruleset test">
+
+	<target host="kornerstoneadmin.com" />
+	<target host="www.kornerstoneadmin.com" />
+
+
+	<securecookie host="^kornerstoneadmin\.com$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?kornerstoneadmin\.com/"
+		to="https://kornerstoneadmin.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Korora_Project.org.xml b/src/chrome/content/rules/Korora_Project.org.xml
new file mode 100644
index 000000000000..07e6c9eedbe8
--- /dev/null
+++ b/src/chrome/content/rules/Korora_Project.org.xml
@@ -0,0 +1,27 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://archive.kororaproject.org/ => https://archive.kororaproject.org/: (51, "SSL: no alternative certificate subject name matches target host name 'archive.kororaproject.org'")
+
+	www.kororaproject.org: Mismatched
+
+-->
+<ruleset name="Korora Project.org" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="kororaproject.org" />
+	<target host="archive.kororaproject.org" />
+
+	<!--	Complications:
+				-->
+	<target host="www.kororaproject.org" />
+
+
+	<rule from="^http://www\.kororaproject\.org/"
+		to="https://kororaproject.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Korruption.dk.xml b/src/chrome/content/rules/Korruption.dk.xml
new file mode 100644
index 000000000000..8743d173010f
--- /dev/null
+++ b/src/chrome/content/rules/Korruption.dk.xml
@@ -0,0 +1,14 @@
+<!--
+    Problematic domains:
+        - bendt ¹
+        - benny ¹
+        - offdig ¹
+        - www ¹
+¹: Mismatch
+-->
+<ruleset name="Korruption.dk">
+	<target host="korruption.dk" />
+	<target host="www.korruption.dk" />
+
+    <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Kosimak.com.xml b/src/chrome/content/rules/Kosimak.com.xml
index 334e467c8a03..c4ff0af58665 100644
--- a/src/chrome/content/rules/Kosimak.com.xml
+++ b/src/chrome/content/rules/Kosimak.com.xml
@@ -1,18 +1,4 @@
-<!--
-	CN: Parallels Panel
-
-
-	Mixed content:
-
-		- Image on www from ^ *
-
-		- Web bug on www from img.avatraffic.com **
-
-	* Secured by us
-	** Unsecurable
-
--->
-<ruleset name="Kosimak.com" default_off="self-signed">
+<ruleset name="Kosimak.com">
 
 	<target host="kosimak.com" />
 	<target host="www.kosimak.com" />
@@ -21,7 +7,7 @@
 	<securecookie host="^www\.kosimak\.com$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?kosimak\.com/"
-		to="https://www.kosimak.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Kotaku.com.xml b/src/chrome/content/rules/Kotaku.com.xml
deleted file mode 100644
index 7f3c137b37d0..000000000000
--- a/src/chrome/content/rules/Kotaku.com.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	For other Gawker coverage, see Gawker.xml.
-
-
-	CN: *.a.ssl.fastly.net
-
--->
-<ruleset name="Kotaku.com" default_off="mismatched">
-
-	<target host="kotaku.com" />
-	<target host="*.kotaku.com" />
-
-
-	<securecookie host="^\.?kotaku\.com$" name=".+" />
-
-
-	<rule from="^http://(?:(cache\.)|www\.)?kotaku\.com/"
-		to="https://$1kotaku.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Kotex.xml b/src/chrome/content/rules/Kotex.xml
index 25da0d7eda09..9e9bbb0cd514 100644
--- a/src/chrome/content/rules/Kotex.xml
+++ b/src/chrome/content/rules/Kotex.xml
@@ -1,4 +1,14 @@
-<ruleset name="Kotex">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://dare.kotex.com/ => https://dare.kotex.com/: (51, "SSL: no alternative certificate subject name matches target host name 'dare.kotex.com'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://kotex.com/ => https://www.kotex.com/: Cycle detected - URL already encountered: https://www.kotex.com/
+Fetch error: http://www.kotex.com/ => https://www.kotex.com/: Cycle detected - URL already encountered: https://www.kotex.com/
+Fetch error: http://dare.kotex.com/ => https://dare.kotex.com/: (35, 'error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol')
+-->
+<ruleset name="Kotex" default_off="failed ruleset test">
 	<target host="kotex.com" />
 	<target host="www.kotex.com" />
 	<target host="dare.kotex.com" />
diff --git a/src/chrome/content/rules/Kotte-zeller.de.xml b/src/chrome/content/rules/Kotte-zeller.de.xml
new file mode 100644
index 000000000000..9fc3840aa267
--- /dev/null
+++ b/src/chrome/content/rules/Kotte-zeller.de.xml
@@ -0,0 +1,6 @@
+<ruleset name="Kotte-zeller.de">
+  <target host="kotte-zeller.de" />
+  <target host="www.kotte-zeller.de" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Kotulas.com.xml b/src/chrome/content/rules/Kotulas.com.xml
new file mode 100644
index 000000000000..852101be978f
--- /dev/null
+++ b/src/chrome/content/rules/Kotulas.com.xml
@@ -0,0 +1,18 @@
+<!--
+	^: cert only matches www
+
+-->
+<ruleset name="Kotulas.com">
+
+	<target host="kotulas.com" />
+	<target host="www.kotulas.com" />
+
+
+	<!--	Some of, but not all, secured by server:
+							-->
+	<securecookie host="^www\.kotulas\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Koumbit.net.xml b/src/chrome/content/rules/Koumbit.net.xml
new file mode 100644
index 000000000000..fce556ed6b1b
--- /dev/null
+++ b/src/chrome/content/rules/Koumbit.net.xml
@@ -0,0 +1,47 @@
+<!--
+	For other Koumbit coverage, see Koumbit.org.xml.
+
+
+	(www.)?koumbit.net: Redirects to bureau.koumbit.net
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- koumbit.net
+		- bureau.koumbit.net
+		- www.koumbit.net
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Koumbit.net">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="bureau.koumbit.net" />
+	<target host="chat.koumbit.net" />
+	<target host="webmail.koumbit.net" />
+
+	<!--	Complications:
+				-->
+	<target host="koumbit.net" />
+	<target host="www.koumbit.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:bureau\.|www\.)?koumbit\.net$" name="^(?:AlternC_Panel|oldid|session)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<!--	Redirect keeps path and args,
+		but not forward slash:
+					-->
+	<rule from="^http://(?:www\.)?koumbit\.net/+"
+		to="https://www.koumbit.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Koumbit.org.xml b/src/chrome/content/rules/Koumbit.org.xml
new file mode 100644
index 000000000000..41ecc8903814
--- /dev/null
+++ b/src/chrome/content/rules/Koumbit.org.xml
@@ -0,0 +1,16 @@
+<!--
+	Other Koumbit rulesets:
+
+		- Koumbit.net.xml
+
+-->
+<ruleset name="Koumbit.org">
+
+	<target host="koumbit.org" />
+	<target host="www.koumbit.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Kovidgoyal.net.xml b/src/chrome/content/rules/Kovidgoyal.net.xml
index d06250d99690..cf034c1ac9ff 100644
--- a/src/chrome/content/rules/Kovidgoyal.net.xml
+++ b/src/chrome/content/rules/Kovidgoyal.net.xml
@@ -1,10 +1,9 @@
-<ruleset name="kovidgoyal.net" default_off="self-signed">
+<ruleset name="Kovidgoyal.net">
 
-	<target host="kovidgoyal.net"/>
-	<target host="www.kovidgoyal.net"/>
+	<target host="kovidgoyal.net" />
+	<target host="www.kovidgoyal.net" />
 
-	<!--	cert !match !www	-->
-	<rule from="^http://(?:www\.)?kovidgoyal\.net/"
-		to="https://www.kovidgoyal.net/"/>
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Koz.io.xml b/src/chrome/content/rules/Koz.io.xml
new file mode 100644
index 000000000000..b88839c0821e
--- /dev/null
+++ b/src/chrome/content/rules/Koz.io.xml
@@ -0,0 +1,17 @@
+<!--
+	These altnames don't exist:
+
+		- www.koz.io
+
+-->
+<ruleset name="Koz.io">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="koz.io" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Kpopstage.co.xml b/src/chrome/content/rules/Kpopstage.co.xml
deleted file mode 100644
index a8297abd1b22..000000000000
--- a/src/chrome/content/rules/Kpopstage.co.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<!--
-	Problematic subdomains:
-
-		- ^	(503)
-
--->
-<ruleset name="kpopstage.co">
-
-	<target host="attictv.com" />
-	<target host="*.attictv.com" />
-	<target host="kpopstage.co" />
-	<target host="*.kpopstage.co" />
-
-
-	<securecookie host="^\.(?:attictv|kpopstage)\.co$" name=".+" />
-
-
-	<rule from="^http://(www\.)?attictv\.com/"
-		to="https://$1attictv.com/" />
-
-	<rule from="^http://(?:www\.)?kpopstage\.co/"
-		to="https://www.kpopstage.co/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Kr36.co.xml b/src/chrome/content/rules/Kr36.co.xml
new file mode 100644
index 000000000000..e6f98613e77f
--- /dev/null
+++ b/src/chrome/content/rules/Kr36.co.xml
@@ -0,0 +1,16 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://kr36.co/ => https://kr36.co/: (7, 'Failed to connect to kr36.co port 443: Connection refused')
+Fetch error: http://www.kr36.co/ => https://www.kr36.co/: (7, 'Failed to connect to www.kr36.co port 443: Connection refused')
+
+-->
+<ruleset name="kr36.co" default_off="failed ruleset test">
+
+	<target host="kr36.co" />
+	<target host="www.kr36.co" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Kraken.com.xml b/src/chrome/content/rules/Kraken.com.xml
new file mode 100644
index 000000000000..912badfdb59c
--- /dev/null
+++ b/src/chrome/content/rules/Kraken.com.xml
@@ -0,0 +1,15 @@
+<ruleset name="Kraken.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="kraken.com" />
+	<target host="www.kraken.com" />
+
+
+	<securecookie host="^\.kraken\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/KralenStart.nl.xml b/src/chrome/content/rules/KralenStart.nl.xml
new file mode 100644
index 000000000000..301971f696db
--- /dev/null
+++ b/src/chrome/content/rules/KralenStart.nl.xml
@@ -0,0 +1,22 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://kralenstart.nl/ => https://kralenstart.nl/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://www.kralenstart.nl/ => https://www.kralenstart.nl/: (28, 'Operation timed out after 30005 milliseconds with 0 bytes received')
+
+	For other xCAT coverage, XCAT.nl.xml.
+
+-->
+<ruleset name="KralenStart.nl" default_off="failed ruleset test">
+
+	<target host="kralenstart.nl" />
+	<target host="www.kralenstart.nl" />
+
+
+	<securecookie host="^\.kralenstart\.nl$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Krautchan.xml b/src/chrome/content/rules/Krautchan.xml
deleted file mode 100644
index 62a54877c1d7..000000000000
--- a/src/chrome/content/rules/Krautchan.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="Krautchan" default_off="self-signed">
-
-	<target host="krautchan.net"/>
-	<target host="www.krautchan.net"/>
-
-
-	<rule from="^http://(www\.)?krautchan\.net/"
-		to="https://krautchan.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Krawlly.com.xml b/src/chrome/content/rules/Krawlly.com.xml
new file mode 100644
index 000000000000..70fc564117cc
--- /dev/null
+++ b/src/chrome/content/rules/Krawlly.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="Krawlly.com">
+	<target host="krawlly.com" />
+	<target host="www.krawlly.com" />
+	<target host="rambler.krawlly.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Kraxel.org.xml b/src/chrome/content/rules/Kraxel.org.xml
new file mode 100644
index 000000000000..8afad684f283
--- /dev/null
+++ b/src/chrome/content/rules/Kraxel.org.xml
@@ -0,0 +1,14 @@
+<!--
+	^: cert only matches www
+
+-->
+<ruleset name="kraxel.org">
+
+	<target host="kraxel.org" />
+	<target host="www.kraxel.org" />
+
+
+	<rule from="^http://(?:www\.)?kraxel\.org/"
+		to="https://www.kraxel.org/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/KreativVonalak.hu.xml b/src/chrome/content/rules/KreativVonalak.hu.xml
new file mode 100644
index 000000000000..d1454ab20b89
--- /dev/null
+++ b/src/chrome/content/rules/KreativVonalak.hu.xml
@@ -0,0 +1,14 @@
+<!--
+	Invalid Certificate:
+		webmail.kreativvonalak.hu
+		webmail2.kreativvonalak.hu
+	Secure connection failed
+		dev.kreativvonalak.hu
+		kiallitas.kreativvonalak.hu
+-->
+<ruleset name="KreativVonalak.hu">
+	<target host="kreativvonalak.hu" />
+	<target host="www.kreativvonalak.hu" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Kreativ_Media.xml b/src/chrome/content/rules/Kreativ_Media.xml
index 1c23706dc5d6..b68c8bdd23be 100644
--- a/src/chrome/content/rules/Kreativ_Media.xml
+++ b/src/chrome/content/rules/Kreativ_Media.xml
@@ -13,7 +13,6 @@
 	<securecookie host="^secure\.kreativmedia\.ch$" name=".+" />
 
 
-	<rule from="^http://secure\.kreativmedia\.ch/"
-		to="https://secure.kreativmedia.ch/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Kreativvonalak.xml b/src/chrome/content/rules/Kreativvonalak.xml
deleted file mode 100644
index 112f92577345..000000000000
--- a/src/chrome/content/rules/Kreativvonalak.xml
+++ /dev/null
@@ -1,5 +0,0 @@
-<ruleset name="Kreat&#237;v Vonalak">
-	<target host="www.kreativvonalak.hu" />
-
-	<rule from="^http://www\.kreativvonalak\.hu/" to="https://www.kreativvonalak.hu/" />
-</ruleset>
diff --git a/src/chrome/content/rules/KrebsOnSecurity.com.xml b/src/chrome/content/rules/KrebsOnSecurity.com.xml
index d232df5c6567..b18da88d37a0 100644
--- a/src/chrome/content/rules/KrebsOnSecurity.com.xml
+++ b/src/chrome/content/rules/KrebsOnSecurity.com.xml
@@ -1,13 +1,19 @@
-<ruleset name="Krebs on Security" platform="mixedcontent">
+<!--
+	KrebsOnSecurity previously used s.krebsonsecurity.com for analytics,
+	but the code for that is currently commented out and the subdomain does't resolve.
+
+	When it was active, it did 404 over HTTPS.
+-->
+<ruleset name="Krebs on Security.com">
 
 	<target host="krebsonsecurity.com" />
 	<target host="www.krebsonsecurity.com" />
 
 
-	<securecookie host="^(www\.)?krebsonsecurity\.com$" name=".*" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(www\.)?krebsonsecurity\.com/"
-		to="https://$1krebsonsecurity.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Krebsdaten.de.xml b/src/chrome/content/rules/Krebsdaten.de.xml
new file mode 100644
index 000000000000..c1e170283516
--- /dev/null
+++ b/src/chrome/content/rules/Krebsdaten.de.xml
@@ -0,0 +1,14 @@
+<!--
+	Invalid Certificate:
+		krebsdaten.de
+-->
+<ruleset name="Krebsdaten.de">
+	<target host="krebsdaten.de" />
+	<target host="www.krebsdaten.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://krebsdaten\.de/" to="https://www.krebsdaten.de/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Krihelinator.xyz.xml b/src/chrome/content/rules/Krihelinator.xyz.xml
new file mode 100644
index 000000000000..7805fc226773
--- /dev/null
+++ b/src/chrome/content/rules/Krihelinator.xyz.xml
@@ -0,0 +1,8 @@
+<ruleset name="Krihelinator.xyz">
+	<target host="krihelinator.xyz" />
+	<target host="www.krihelinator.xyz" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Kriminalvarden.se.xml b/src/chrome/content/rules/Kriminalvarden.se.xml
index 109949f6a8a0..87660fe69981 100644
--- a/src/chrome/content/rules/Kriminalvarden.se.xml
+++ b/src/chrome/content/rules/Kriminalvarden.se.xml
@@ -1,7 +1,7 @@
-<ruleset name="KriminalVarden.se" platform="mixedcontent">
+<ruleset name="kriminalvarden.se">
 	<target host="kriminalvarden.se" />
 	<target host="www.kriminalvarden.se" />
-	<rule from="^http://www\.kriminalvarden\.se/" to="https://www.kriminalvarden.se/"/>
-	<rule from="^http://kriminalvarden\.se/" to="https://www.kriminalvarden.se/"/>
+  	<target host="blogg.kriminalvarden.se" />
+	
+	<rule from="^http:" to="https:" />
 </ruleset>
-
diff --git a/src/chrome/content/rules/Krisostomus.xml b/src/chrome/content/rules/Krisostomus.xml
index 544563fd06cc..6897cc572a74 100644
--- a/src/chrome/content/rules/Krisostomus.xml
+++ b/src/chrome/content/rules/Krisostomus.xml
@@ -1,30 +1,41 @@
 <!--
-	Problematic domains:
+	Breaks search by subject on www.kriso.ee
+		http://www.kriso.ee/health-personal-development-su-V-english2.html
+		http://www.kriso.ee/language-su-C-english2.html
+		http://www.kriso.ee/technology-engineering-agriculture-su-T-english2.html
 
-		- kriso.lt *
-		- kriso.lv *
+	Invalid certificate:
+		blog.kriso.ee
+		static.kriso.ee
+		tarturatsakool.kriso.ee
+		test.kriso.ee
+		winserver.kriso.ee
 
-	* Mismatched
-		
--->
-<ruleset name="Krisostomus">
+		kriso.lt
+
+		kriso.lv
 
-	<target host="kriso.*" />
-	<target host="*.kriso.ee" />
-	<target host="*.kriso.lt" />
-	<target host="*.kriso.lv" />
+-->
+<ruleset name="Krisostomus" default_off="other">
 
+	<target host="kriso.ee" />
+	<target host="www.kriso.ee" />
+	<target host="m.kriso.ee" />
 
-	<securecookie host="^m?\.kriso\.ee$" name=".+" />
+	<target host="kriso.lt" />
+	<target host="www.kriso.lt" />
+	<target host="m.kriso.lt" />
 
+	<target host="kriso.lv" />
+	<target host="www.kriso.lv" />
+	<target host="m.kriso.lv" />
 
-	<rule from="^http://(m\.|www\.)?kriso\.ee/"
-		to="https://$1kriso.ee/" />
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(?:www\.)?kriso\.lv/"
-		to="https://www.kriso.lv/" />
+	<rule from="^http://kriso\.(lt|lv)/"
+		to="https://www.kriso.$1/" />
 
-	<rule from="^http://m\.kriso\.l(t|v)/"
-		to="https://m.kriso.l$1/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Krita.org.xml b/src/chrome/content/rules/Krita.org.xml
index cca1b54fcace..2f34f8eb3f9a 100644
--- a/src/chrome/content/rules/Krita.org.xml
+++ b/src/chrome/content/rules/Krita.org.xml
@@ -1,8 +1,8 @@
 <!--
-	CN: *.kde.org
+	For other KDE coverage, see KDE.xml.
 
 -->
-<ruleset name="Krita.org" default_off="mismatched">
+<ruleset name="Krita.org">
 
 	<target host="krita.org" />
 	<target host="www.krita.org" />
@@ -11,7 +11,7 @@
 	<securecookie host="^krita\.org$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?krita\.org/"
-		to="https://krita.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Krux-Digital.xml b/src/chrome/content/rules/Krux-Digital.xml
deleted file mode 100644
index 849a596a914b..000000000000
--- a/src/chrome/content/rules/Krux-Digital.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<!--
-	krux.zendesk.com
-
--->
-<ruleset name="Krux Digital">
-
-	<target host="dataconsole.kruxdigital.com" />
-	<target host="*.krxd.net" />
-
-
-	<securecookie host="^dataconsole\.kruxdigital\.com$" name=".*" />
-	<!--
-		Tracking cookies:
-					-->
-	<securecookie host="^\.krxd\.net$" name="(?:_kuid_|ServedBy)$" />
-
-
-	<rule from="^http://dataconsole\.kruxdigital\.com/"
-		to="https://dataconsole.kruxdigital.com/" />
-
-	<rule from="^http://(beacon|cdn)\.krxd\.net/"
-		to="https://$1.krxd.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/KrxD.net.xml b/src/chrome/content/rules/KrxD.net.xml
new file mode 100644
index 000000000000..f042739e9444
--- /dev/null
+++ b/src/chrome/content/rules/KrxD.net.xml
@@ -0,0 +1,37 @@
+<!--
+	For other Krux Digital coverage, see Krux-Digital.xml.
+
+
+	Fully covered hosts:
+
+		- apiservices
+		- beacon
+		- cdn
+		- jslog
+
+
+	Insecure cookies are set for these domains:
+
+		- .krxd.net
+
+-->
+<ruleset name="KrxD.net">
+
+	<target host="apiservices.krxd.net" />
+	<target host="beacon.krxd.net" />
+	<target host="beacon-dub-nopii.krxd.net" />
+	<target host="cdn.krxd.net" />
+	<target host="jslog.krxd.net" />
+
+
+	<!--	Not secured by server (trackers):
+							-->
+	<!--securecookie host="^\.krxd\.net$" name="(_kuid_|ServedBy)$" /-->
+
+	<securecookie host="^\.krxd\.net$" name="(?:_kuid_|ServedBy)$" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Kryptnostic.com.xml b/src/chrome/content/rules/Kryptnostic.com.xml
new file mode 100644
index 000000000000..d8bc8dc40f74
--- /dev/null
+++ b/src/chrome/content/rules/Kryptnostic.com.xml
@@ -0,0 +1,54 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://kryptnostic.com/ => https://kryptnostic.com/: (60, 'SSL certificate problem: certificate has expired')
+
+	Problematic hosts in *kryptnostic.com:
+
+		- blog *
+
+	* Mismatched
+
+
+	Insecure cookies are set for these domains:
+
+		- .kryptnostic.com
+
+
+	Mixed content:
+
+		- favicons on www from blog *
+
+	* Secured by us
+
+-->
+<ruleset name="Kryptnostic.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="kryptnostic.com" />
+	<target host="www.kryptnostic.com" />
+
+	<!--	Complications:
+				-->
+	<target host="blog.kryptnostic.com" />
+
+		<!--	Mixed favicons:
+					-->
+		<test url="http://www.kryptnostic.com/blog/" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.kryptnostic\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.kryptnostic\.com$" name=".+" />
+
+
+	<rule from="^http://blog\.kryptnostic\.com/"
+		to="https://www.kryptnostic.com/blog/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Kryptos.sh.xml b/src/chrome/content/rules/Kryptos.sh.xml
new file mode 100644
index 000000000000..831441285505
--- /dev/null
+++ b/src/chrome/content/rules/Kryptos.sh.xml
@@ -0,0 +1,11 @@
+<ruleset name="Kryptos.sh">
+	<target host="kryptos.sh" />
+	<target host="www.kryptos.sh" />
+
+	<!-- Not secured by server: -->
+	<!--securecookie host="^(www\.)?kryptos\.sh$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^\.www\.kryptos\.sh$" name="^pll_language$" /-->
+	<securecookie host="^kryptos\.sh$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Kryptosfera.pl.xml b/src/chrome/content/rules/Kryptosfera.pl.xml
new file mode 100644
index 000000000000..8287213a3f0f
--- /dev/null
+++ b/src/chrome/content/rules/Kryptosfera.pl.xml
@@ -0,0 +1,12 @@
+<ruleset name="Kryptosfera.pl">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="kryptosfera.pl" />
+	<target host="www.kryptosfera.pl" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Kryptronic-mismatches.xml b/src/chrome/content/rules/Kryptronic-mismatches.xml
index 9da5800ad9db..477fb6411c08 100644
--- a/src/chrome/content/rules/Kryptronic-mismatches.xml
+++ b/src/chrome/content/rules/Kryptronic-mismatches.xml
@@ -1,10 +1,9 @@
-<ruleset name="Kryptronic (mismatches)" default_off="mismatch">
+<ruleset name="Kryptronic (mismatches)" default_off="mismatched">
 
 	<target host="forum.kryptronic.com"/>
 
-	<securecookie host="^forum\.kryptronic\.com$" name=".*"/>
+	<securecookie host="^forum\.kryptronic\.com$" name=".+" />
 
-	<rule from="^http://forum\.kryptronic\.com/"
-		to="https://forum.kryptronic.com/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Kryptronic.xml b/src/chrome/content/rules/Kryptronic.xml
index 8f097b8cffc4..cf039eda14df 100644
--- a/src/chrome/content/rules/Kryptronic.xml
+++ b/src/chrome/content/rules/Kryptronic.xml
@@ -2,9 +2,9 @@
 
 	<target host="kryptronic.com"/>
 	<target host="*.kryptronic.com"/>
-		<exclusion pattern="^http://(forum|wiki)\."/>
+		<exclusion pattern="^http://(?:forum|wiki)\."/>
 
-	<securecookie host="^(.*\.)?kryptronic\.com$" name=".*"/>
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http://(\w+\.)?kryptronic\.com/"
 		to="https://$1kryptronic.com/"/>
diff --git a/src/chrome/content/rules/KrystalStatus.co.uk.xml b/src/chrome/content/rules/KrystalStatus.co.uk.xml
new file mode 100644
index 000000000000..5d39b2f995c3
--- /dev/null
+++ b/src/chrome/content/rules/KrystalStatus.co.uk.xml
@@ -0,0 +1,16 @@
+<!--
+	Login required:
+		cpanel.krystalstatus.co.uk
+		webdisk.krystalstatus.co.uk
+		webmail.krystalstatus.co.uk
+
+-->
+<ruleset name="Krystal Status">
+
+	<target host="krystalstatus.co.uk" />
+	<target host="www.krystalstatus.co.uk" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Krystal_Hosting.xml b/src/chrome/content/rules/Krystal_Hosting.xml
index 912e72692469..09ac5dd70159 100644
--- a/src/chrome/content/rules/Krystal_Hosting.xml
+++ b/src/chrome/content/rules/Krystal_Hosting.xml
@@ -1,34 +1,46 @@
 <!--
-	krystal.zendesk.com
+	Krystal Hosting
 
+	Other Krystal Hosting rulesets:
 
-	Nonfunctional krystal.co.uk subdomains:
+		- krystal.info.xml
 
-		- speedtest	(shows gobi)
-		- uptime
+
+	Nonfunctional hosts in *krystal.co.uk:
+
+		- speedtest ᵃ
+		- uptime ᵈ
+
+	ᵃ Shows gobi.krystal.co.uk
+	ᵈ Pingdom / dropped
 
 
 	Problematic domains:
 
-		- www.krystal.co.uk		(cert only matches ^.)
 		- (www.)krystalstatus.co.uk	(mismatched, CN: *.wordpress.com; handled in WordPress-blogs.xml)
 
 -->
-<ruleset name="Krystal Hosting">
+<ruleset name="Krystal.co.uk">
 
 	<target host="krystal.co.uk" />
-	<target host="*.krystal.co.uk" />
-	<target host="krystal.info" />
-	<target host="www.krystal.info" />
+	<target host="apollo.krystal.co.uk" />
+	<target host="athena.krystal.co.uk" />
+	<target host="dionysus.krystal.co.uk" />
+	<target host="aphrodite.krystal.co.uk" />
+	<target host="gobi.krystal.co.uk" />
+	<target host="support.krystal.co.uk" />
+	<target host="www.krystal.co.uk" />
+	<target host="zeus.krystal.co.uk" />
 
+		<!--	Redirects to http:
+						-->
+		<!--test url="http://artemis.krystal.co.uk/~cathrmeu/evac/sectors/" /-->
 
-	<securecookie host="^(?:support\.|www\.)?krystal\.(?:co\.uk|info)$" name=".+" />
 
+	<securecookie host="^\w" name=".+" />
 
-	<rule from="^https?://(?:(aphrodite\.|gobi\.|support\.)|www\.)?krystal\.co\.uk/"
-		to="https://$1krystal.co.uk/" />
 
-	<rule from="^http://(www\.)?krystal\.info/"
-		to="https://$1krystal.info/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/KsiegarniaWarszawa.pl.xml b/src/chrome/content/rules/KsiegarniaWarszawa.pl.xml
new file mode 100644
index 000000000000..736a40bd9818
--- /dev/null
+++ b/src/chrome/content/rules/KsiegarniaWarszawa.pl.xml
@@ -0,0 +1,18 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ksiegarniawarszawa.pl/ => https://ksiegarniawarszawa.pl/: (51, "SSL: no alternative certificate subject name matches target host name 'ksiegarniawarszawa.pl'")
+Fetch error: http://www.ksiegarniawarszawa.pl/ => https://www.ksiegarniawarszawa.pl/: (51, "SSL: no alternative certificate subject name matches target host name 'www.ksiegarniawarszawa.pl'")
+
+-->
+<ruleset name="KsięgarniaWarszawa.pl" default_off="failed ruleset test">
+
+	<target host="ksiegarniawarszawa.pl" />
+	<target host="www.ksiegarniawarszawa.pl" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ksplice.xml b/src/chrome/content/rules/Ksplice.xml
index 74ab3f0c3e8c..63bfd9e2c91e 100644
--- a/src/chrome/content/rules/Ksplice.xml
+++ b/src/chrome/content/rules/Ksplice.xml
@@ -1,12 +1,5 @@
 <!--
-	Other Oracle rulesets:
-
-		- MySQL.xml
-		- MySQL-mismatches.xml
-		- NetBeans.zml
-		- Oracle.xml
-		- Oracle-mismatches.xml
-
+	For other Oracle coverage, see Oracle.xml.
 
 	blog.ksplice.com redirects to blogs.oracle.com in an unpredictable way.
 
@@ -14,13 +7,13 @@
 <ruleset name="Ksplice (partial)">
 
 	<target host="ksplice.com" />
-	<target host="*.ksplice.com" />
+	<target host="uptrack.ksplice.com" />
+	<target host="www.ksplice.com" />
 
 
-	<securecookie host="^.*\.ksplice\.com$" name=".*" />
+	<securecookie host="^.*\.ksplice\.com$" name=".+" />
 
 
-	<rule from="^http://(uptrack\.|www\.)?ksplice\.com/"
-		to="https://$1ksplice.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Kt-b.com.xml b/src/chrome/content/rules/Kt-b.com.xml
new file mode 100644
index 000000000000..9b925d001b59
--- /dev/null
+++ b/src/chrome/content/rules/Kt-b.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="Kt-b.com" platform="mixedcontent">
+	<target host="kt-b.com" />
+	<target host="www.kt-b.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Kuantokusta.pt.xml b/src/chrome/content/rules/Kuantokusta.pt.xml
index 01b02f1a0667..494a0b25435a 100644
--- a/src/chrome/content/rules/Kuantokusta.pt.xml
+++ b/src/chrome/content/rules/Kuantokusta.pt.xml
@@ -1,6 +1,7 @@
-<ruleset name="Kuantokusta.pt" platform="mixedcontent">
-  <target host="kuantokusta.pt" />
-  <target host="www.kuantokusta.pt" />
+<ruleset name="Kuantokusta.pt" platform="mixedcontent" default_off="mismatch">
+	<target host="kuantokusta.pt" />
+	<target host="www.kuantokusta.pt" />
 
-  <rule from="^http://(?:www\.)?kuantokusta\.pt/" to="https://www.kuantokusta.pt/" />
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Kubernetes.io.xml b/src/chrome/content/rules/Kubernetes.io.xml
new file mode 100644
index 000000000000..4e89c924787d
--- /dev/null
+++ b/src/chrome/content/rules/Kubernetes.io.xml
@@ -0,0 +1,28 @@
+<ruleset name="Kubernetes.io (partial)">
+
+	<target host="kubernetes.io" />
+	<target host="www.kubernetes.io" />
+	<target host="apt.kubernetes.io" />
+	<target host="blog.kubernetes.io" />
+	<target host="changelog.kubernetes.io" />
+	<target host="code.kubernetes.io" />
+	<target host="cs.kubernetes.io" />
+	<target host="discuss.kubernetes.io" />
+	<target host="dl.kubernetes.io" />
+	<target host="docs.kubernetes.io" />
+	<target host="examples.kubernetes.io" />
+	<target host="feature.kubernetes.io" />
+	<target host="features.kubernetes.io" />
+	<target host="get.kubernetes.io" />
+	<target host="git.kubernetes.io" />
+	<target host="go.kubernetes.io" />
+	<target host="issue.kubernetes.io" />
+	<target host="issues.kubernetes.io" />
+	<target host="releases.kubernetes.io" />
+	<target host="yum.kubernetes.io" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Kubieziel.de.xml b/src/chrome/content/rules/Kubieziel.de.xml
new file mode 100644
index 000000000000..d193746e3361
--- /dev/null
+++ b/src/chrome/content/rules/Kubieziel.de.xml
@@ -0,0 +1,12 @@
+<!--
+	Remark: This domain has a wildcard DNS record and serves a HSTS header but
+		it does not have a wildcard certificates.
+-->
+<ruleset name="Kubieziel.de">
+	<target host="kubieziel.de" />
+	<target host="www.kubieziel.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Kubuntu.org.xml b/src/chrome/content/rules/Kubuntu.org.xml
index 705e7f63dec2..f3de7d857127 100644
--- a/src/chrome/content/rules/Kubuntu.org.xml
+++ b/src/chrome/content/rules/Kubuntu.org.xml
@@ -1,18 +1,49 @@
 <!--
 	Nonfunctional subdomains:
 
-		- (www.)	(dropped)
+		- docs ²
+		- wire ¹
+
+	² Refused
+	¹ Dropped
+
+
+	bugs: Dropped
+
+
+	Mixed content:
+
+		- css on (www.)? from fonts.googleapis.com *
+
+	* Secured by us
 
 -->
 <ruleset name="Kubuntu.org (partial)">
 
+	<!--	Direct rewrites:
+				-->
+	<target host="kubuntu.org" />
 	<target host="wiki.kubuntu.org" />
+	<target host="www.kubuntu.org" />
+
+	<!--	Complications:
+				-->
+	<target host="bugs.kubuntu.org" />
+
+
+	<securecookie host="^\w" name=".+" />
 
 
-	<securecookie host="^wiki\.kubuntu\.org$" name=".+" />
+	<!--	Redirect drops forward slash
+		and path, but not args:
+					-->
+	<rule from="^http://bugs\.kubuntu\.org/[^?]*"
+		to="https://launchpad.net/distros/ubuntu/+bugs/" />
 
+		<test url="http://bugs.kubuntu.org/?" />
+		<test url="http://bugs.kubuntu.org//" />
 
-	<rule from="^http://wiki\.kubuntu\.org/"
-		to="https://wiki.kubuntu.org/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Kubuntu_Forums.net.xml b/src/chrome/content/rules/Kubuntu_Forums.net.xml
new file mode 100644
index 000000000000..d6d6042df074
--- /dev/null
+++ b/src/chrome/content/rules/Kubuntu_Forums.net.xml
@@ -0,0 +1,17 @@
+<ruleset name="Kubuntu Forums.net">
+
+	<target host="kubuntuforums.net" />
+	<target host="www.kubuntuforums.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.kubuntuforums\.net$" name="^bb_sessionhash$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Kudelski_Security.xml b/src/chrome/content/rules/Kudelski_Security.xml
index e65e52bbd9fd..8c9acfe01617 100644
--- a/src/chrome/content/rules/Kudelski_Security.xml
+++ b/src/chrome/content/rules/Kudelski_Security.xml
@@ -1,16 +1,53 @@
 <!--
+	NB: Tor users cannot view* this website due to CloudFlare settings.
+
+	See:
+
+		- https://blog.torproject.org/blog/call-arms-helping-internet-services-accept-anonymous-users
+		- https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block-Tor-
+		- https://support.cloudflare.com/hc/en-us/articles/200170206-How-do-I-turn-I-m-Under-Attack-mode-on-
+
+	* without enabling javascript, for security and privacy implications see e.g.:
+
+		- https://www.mozilla.org/security/known-vulnerabilities/firefox.html
+		- https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-fingerprinting
+		- https://panopticlick.eff.org
+
+
 	Problematic subdomains:
 
-		- ^	(times out)
+		- ^ *
+
+	* Refused
+
+
+	Insecure cookies are set for these domains:
+
+		- .kudelskisecurity.com
 
 -->
-<ruleset name="Kudelski Security">
+<ruleset name="Kudelski Security.com">
 
-	<target host="kudelskisecurity.com" />
+	<!--	Direct rewrites:
+				-->
 	<target host="www.kudelskisecurity.com" />
 
+	<!--	Complications:
+				-->
+	<target host="kudelskisecurity.com" />
+
 
-	<rule from="^https?://(?:www\.)?kudelskisecurity\.com/"
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.kudelskisecurity\.com$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.kudelskisecurity\.com$" name=".+" />
+
+
+	<rule from="^http://kudelskisecurity\.com/"
 		to="https://www.kudelskisecurity.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Kuechenstud.io.xml b/src/chrome/content/rules/Kuechenstud.io.xml
new file mode 100644
index 000000000000..727a1dc01c0d
--- /dev/null
+++ b/src/chrome/content/rules/Kuechenstud.io.xml
@@ -0,0 +1,22 @@
+<!--
+	Cert mismatch:
+		- (www.)nextcloud.kuechenstud.io
+		- (www.)plus.kuechenstud.io
+-->
+<ruleset name="Küchenstud.io">
+
+	<target host="kuechenstud.io" />
+	<target host="www.kuechenstud.io" />
+
+	<target host="cloud.kuechenstud.io" />
+	<target host="www.cloud.kuechenstud.io" />
+	<target host="lagezentrum.kuechenstud.io" />
+	<target host="slack.kuechenstud.io" />
+	<target host="tickets.kuechenstud.io" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Kuix.de.xml b/src/chrome/content/rules/Kuix.de.xml
new file mode 100644
index 000000000000..6d0b3ec50a43
--- /dev/null
+++ b/src/chrome/content/rules/Kuix.de.xml
@@ -0,0 +1,49 @@
+<!--
+	Problematic hosts in *kuix.de:
+
+		- sha2 *
+
+	* Differs from http
+
+
+	Insecure cookies are set for these hosts:
+
+		- kuix.de
+		- www.kuix.de
+
+-->
+<ruleset name="Kuix.de">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="kuix.de" />
+	<target host="www.kuix.de" />
+
+	<!--	Complications:
+				-->
+	<target host="sha2.kuix.de" />
+
+		<test url="http://kuix.de/securimage/securimage_show.php" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?kuix\.de$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^(?:www\.)?kuix\.de$" name=".+" />
+
+
+	<!--	Redirect drops args and forward slash:
+							-->
+	<rule from="^http://sha2\.kuix\.de/+(?:\?.*)?$"
+		to="https://kuix.de/abi90/" />
+
+		<test url="http://sha2.kuix.de/?f" />
+		<test url="http://sha2.kuix.de/?o" />
+		<test url="http://sha2.kuix.de/??o" />
+		<test url="http://sha2.kuix.de/?b" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Kulcs-soft.hu.xml b/src/chrome/content/rules/Kulcs-soft.hu.xml
index 300b9a1f2a7b..ff21061727f0 100644
--- a/src/chrome/content/rules/Kulcs-soft.hu.xml
+++ b/src/chrome/content/rules/Kulcs-soft.hu.xml
@@ -2,5 +2,5 @@
   <target host="kulcs-soft.hu" />
   <target host="www.kulcs-soft.hu" />
 
-  <rule from="^http://(www\.)?kulcs-soft\.hu/" to="https://www.kulcs-soft.hu/" />
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Kuleuven.be-falsemixed.xml b/src/chrome/content/rules/Kuleuven.be-falsemixed.xml
new file mode 100644
index 000000000000..743d73e1b677
--- /dev/null
+++ b/src/chrome/content/rules/Kuleuven.be-falsemixed.xml
@@ -0,0 +1,17 @@
+<!--
+	For rules not causing false/broken MCB, see Katholieke-Universiteit-Leuven.xml.
+
+-->
+<ruleset name="KU Leuven.be (false MCB)" platform="mixedcontent">
+
+	<target host="esat.kuleuven.be" />
+	<target host="www.esat.kuleuven.be" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Kum.com.xml b/src/chrome/content/rules/Kum.com.xml
new file mode 100644
index 000000000000..cac1bbeb5058
--- /dev/null
+++ b/src/chrome/content/rules/Kum.com.xml
@@ -0,0 +1,27 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- kum.com
+		- www.kum.com
+
+-->
+<ruleset name="Kum.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="kum.com" />
+	<target host="c.kum.com" />
+	<target host="www.kum.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?kum\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^(?:www\.)?kum\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Kumapon.jp.xml b/src/chrome/content/rules/Kumapon.jp.xml
new file mode 100644
index 000000000000..b63a9d56d3d4
--- /dev/null
+++ b/src/chrome/content/rules/Kumapon.jp.xml
@@ -0,0 +1,26 @@
+<!--
+
+	For other GMO coverage, see GMO_Internet.xml.
+
+-->
+<ruleset name="Kumapon.jp">
+
+	<target host="f.kumapon.jp" />
+	<target host="i.kumapon.jp" />
+	<target host="kumapon.jp" />
+	<target host="s.kumapon.jp" />
+
+	<exclusion pattern="^http://f\.kumapon\.jp/$" />
+	<exclusion pattern="^http://i\.kumapon\.jp/$" />
+	<exclusion pattern="^http://kumapon\.jp/$" />
+	<exclusion pattern="^http://s\.kumapon\.jp/$" />
+
+	<test url="http://f.kumapon.jp/widgets.js" />
+	<test url="http://i.kumapon.jp/uploads/image/362788/w300_1_top.jpg" />
+	<test url="http://kumapon.jp/favicon.ico" />
+	<test url="http://s.kumapon.jp/favicon.ico" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Kumu.io.xml b/src/chrome/content/rules/Kumu.io.xml
new file mode 100644
index 000000000000..d04e68dfd266
--- /dev/null
+++ b/src/chrome/content/rules/Kumu.io.xml
@@ -0,0 +1,39 @@
+<!--
+	CDN buckets:
+
+		- kumu.s3.amazonaws.com
+
+
+	Nonfunctional hosts in *kumu.io:
+
+		- blog ³
+		- chat ᵐ
+		- docs ᵐ
+
+	³ 403
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- kumu.io
+		- www.kumu.io
+
+-->
+<ruleset name="Kumu.io (partial)">
+
+	<target host="kumu.io" />
+	<target host="www.kumu.io" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?kumu\.io$" name="^_session_id$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Kundelik.kz.xml b/src/chrome/content/rules/Kundelik.kz.xml
new file mode 100644
index 000000000000..146c030ea0a3
--- /dev/null
+++ b/src/chrome/content/rules/Kundelik.kz.xml
@@ -0,0 +1,18 @@
+<ruleset name="Kundelik.kz">
+	<target host="kundelik.kz" />
+	<target host="*.kundelik.kz" />
+
+	<test url="http://www.kundelik.kz/" />
+	<test url="http://apps.kundelik.kz/" />
+	<test url="http://children.kundelik.kz/" />
+	<test url="http://groups.kundelik.kz/" />
+	<test url="http://help.kundelik.kz/" />
+	<test url="http://mobile.kundelik.kz/" />
+	<test url="http://networks.kundelik.kz/" />
+	<test url="http://olap.kundelik.kz/" />
+	<test url="http://schools.kundelik.kz/" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Kung-Fu-Store.xml b/src/chrome/content/rules/Kung-Fu-Store.xml
index 4a681163e710..69e03583fb97 100644
--- a/src/chrome/content/rules/Kung-Fu-Store.xml
+++ b/src/chrome/content/rules/Kung-Fu-Store.xml
@@ -1,17 +1,33 @@
 <!--
 	Bucket at s3.amazonaws.com/static.kungfustore.com/
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.kungfunation.com
+
+
+	Mixed content:
+
+		- Image from static.squarespace.com *
+
+	* Secured by us
+
 -->
-<ruleset name="Kung Fu Store (partial)">
+<ruleset name="Kung Fu Nation.com" default_off="mismatched">
 
 	<target host="kungfunation.com"/>
-	<target host="*.kungfunation.com"/>
-	<target host="kungfustore.com"/>
-	<target host="*.kungfustore.com"/>
+	<target host="www.kungfunation.com"/>
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.kungfunation\.com$" name="^JSESSIONID$" /-->
+
+	<securecookie host="^www\.kungfunation\.com$" name=".+" />
 
-	<rule from="^http://kungfu(nation|store)\.com/"
-		to="https://kungfu$1.com/"/>
 
-	<rule from="^http://(\w\W)\.kungfu(nation|store)\.com/(cart$|favicon\.ico$|login$|(image|stylesheet|theme)s/|(session|user)/\w+|store/)"
-		to="https://$1.kungfu$2.com/$3"/>
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Kununu.xml b/src/chrome/content/rules/Kununu.xml
index a1b1fe03904d..4fbce1184f67 100644
--- a/src/chrome/content/rules/Kununu.xml
+++ b/src/chrome/content/rules/Kununu.xml
@@ -10,13 +10,16 @@
 
 	Nonfunctional subdomains:
 
-		- blog	(times out)
+		- blog *
+
+	* Dropped
 
 
 	Problematic subdomains:
 
-		- ^	(cert only matches www)
-		- cf	(cloudfront)
+		- cf *
+
+	* cloudfront
 
 
 	Some pages redirect to http.
@@ -25,13 +28,22 @@
 <ruleset name="kununu (partial)">
 
 	<target host="kununu.com" />
-	<target host="*.kununu.com" />
-
-
-	<rule from="^https?://(?:www\.)?kununu\.com/(bewerten|css/|meinkununu|sc\.css|unternehmen)"
-		to="https://www.kununu.com/$1" />
-
-	<rule from="^https?://cf\.kununu\.com/"
+	<target host="www.kununu.com" />
+	<target host="cf.kununu.com" />
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="^http://www\.kununu\.com/($|\?|jobs$|jobs/de$|kununu$|sitemap$|unternehmen$|unternehmen/hilfe$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="^http://www\.kununu\.com/(?!bewerten|css/|favicon\.ico|index/captcha/|info$|info/kontakt|info/presse$|info/ueber|login\?|meinkununu$|register$|sc\.css|user/login$|user/logout$)" /-->
+
+
+	<rule from="^http://(www\.)?kununu\.com/(?=(?:bewerten|info|login|meinkununu|register|user/(?:login|logout))(?:$|[?/])|css/|favicon\.ico|index/captcha/|sc\.css)"
+		to="https://$1kununu.com/" />
+
+	<rule from="^http://cf\.kununu\.com/"
 		to="https://dt75rt3oyihg4.cloudfront.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/KuppingerCole.com.xml b/src/chrome/content/rules/KuppingerCole.com.xml
new file mode 100644
index 000000000000..dfbb2bc908a6
--- /dev/null
+++ b/src/chrome/content/rules/KuppingerCole.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="KuppingerCole.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="kuppingercole.com" />
+	<target host="www.kuppingercole.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Kura.io.xml b/src/chrome/content/rules/Kura.io.xml
new file mode 100644
index 000000000000..69c06ff3c654
--- /dev/null
+++ b/src/chrome/content/rules/Kura.io.xml
@@ -0,0 +1,12 @@
+<ruleset name="Kura.io" default_off="refused">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="kura.io" />
+	<target host="www.kura.io" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Kurier.at.xml b/src/chrome/content/rules/Kurier.at.xml
new file mode 100644
index 000000000000..b53a4c977fef
--- /dev/null
+++ b/src/chrome/content/rules/Kurier.at.xml
@@ -0,0 +1,31 @@
+<!--
+	HTTP redirect:
+		- immo.kurier.at
+
+	Mismatch:
+		- dossier.kurier.at
+		- kilocoach.kurier.at
+
+		- telekurier.at
+		- www.telekurier.at
+		- spunq.telekurier.at
+-->
+<ruleset name="Kurier.at">
+	<target host="kurier.at" />
+	<target host="www.kurier.at" />
+	<target host="admin.kurier.at" />
+	<target host="api.kurier.at" />
+	<target host="community.kurier.at" />
+	<target host="images.kurier.at" />
+	<target host="job.kurier.at" />
+	<target host="kurierclub.kurier.at" />
+	<target host="m.kurier.at" />
+	<target host="ov.kurier.at" />
+	<target host="parship.kurier.at" />
+	<target host="reise.kurier.at" />
+	<target host="secure.kurier.at" />
+	<target host="static.kurier.at" />
+	<target host="tracking.kurier.at" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Kurly.fr.xml b/src/chrome/content/rules/Kurly.fr.xml
deleted file mode 100644
index d6be146f18d1..000000000000
--- a/src/chrome/content/rules/Kurly.fr.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Kurly.fr">
-
-	<target host="kurly.fr" />
-	<target host="*.kurly.fr" />
-
-
-	<securecookie host="^(?:www)?\.kurly\.fr$" name=".+" />
-
-
-	<rule from="^http://(www\.)?kurly\.fr/"
-		to="https://$1kurly.fr/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Kuro5hin.xml b/src/chrome/content/rules/Kuro5hin.xml
index 1a492935e01d..cfb8daca56c8 100644
--- a/src/chrome/content/rules/Kuro5hin.xml
+++ b/src/chrome/content/rules/Kuro5hin.xml
@@ -1,4 +1,11 @@
-<ruleset name="kuro5hin.org">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://kuro5hin.org/ => https://www.kuro5hin.org/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.kuro5hin.org/ => https://www.kuro5hin.org/: (28, 'Connection timed out after 20000 milliseconds')
+
+-->
+<ruleset name="kuro5hin.org" default_off="failed ruleset test">
 	<target host="kuro5hin.org" />
 	<target host="www.kuro5hin.org" />
 	<rule from="^http://kuro5hin\.org/" to="https://www.kuro5hin.org/"/>
diff --git a/src/chrome/content/rules/Kuruc.info.xml b/src/chrome/content/rules/Kuruc.info.xml
index 677de411237c..66d4019aa3b0 100644
--- a/src/chrome/content/rules/Kuruc.info.xml
+++ b/src/chrome/content/rules/Kuruc.info.xml
@@ -1,7 +1,9 @@
 <ruleset name="Kuruc.info">
 	<target host="kuruc.info" />
-	<target host="m.kuruc.info" />
-	<target host="w.kuruc.org" />
+	<target host="kuruc.org" />
 
-	<rule from="^http://(m\.)?(?:kuruc\.info|w\.kuruc\.org)/" to="https://$1kuruc.info/" />
+	<rule from="^http://kuruc\.org/" to="https://kuruc.info/" />
+
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Kuther.net.xml b/src/chrome/content/rules/Kuther.net.xml
index fbf893d6f3dc..30113d05e3f7 100644
--- a/src/chrome/content/rules/Kuther.net.xml
+++ b/src/chrome/content/rules/Kuther.net.xml
@@ -3,7 +3,7 @@
 	<target host="kuther.net" />
 	<target host="www.kuther.net" />
 
-	<rule from="^http://(www\.)?kuther\.net/"
+	<rule from="^http://(?:www\.)?kuther\.net/"
 		to="https://kuther.net/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Kutub.one.xml b/src/chrome/content/rules/Kutub.one.xml
new file mode 100644
index 000000000000..5e4f21ce69cf
--- /dev/null
+++ b/src/chrome/content/rules/Kutub.one.xml
@@ -0,0 +1,8 @@
+<ruleset name="Kutub.one">
+	<target host="kutub.one" />
+	<target host="www.kutub.one" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/KutubPDFBook.com.xml b/src/chrome/content/rules/KutubPDFBook.com.xml
new file mode 100644
index 000000000000..1c4b336f3dbb
--- /dev/null
+++ b/src/chrome/content/rules/KutubPDFBook.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="KutubPDFBook.com">
+	<target host="kutubpdfbook.com" />
+	<target host="www.kutubpdfbook.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Kvack.org.xml b/src/chrome/content/rules/Kvack.org.xml
index 8ef7b7ad32bb..475896adc5ba 100644
--- a/src/chrome/content/rules/Kvack.org.xml
+++ b/src/chrome/content/rules/Kvack.org.xml
@@ -12,4 +12,4 @@
 	<rule from="^http://(?:www\.)?kvack\.org/"
 		to="https://kvack.org/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Kvasir.no.xml b/src/chrome/content/rules/Kvasir.no.xml
new file mode 100644
index 000000000000..7418f22a1a88
--- /dev/null
+++ b/src/chrome/content/rules/Kvasir.no.xml
@@ -0,0 +1,6 @@
+<ruleset name="Kvasir.no">
+	<target host="kvasir.no" />
+	<target host="www.kvasir.no" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/KwikSurveys.xml b/src/chrome/content/rules/KwikSurveys.xml
index dcdd9ab1ac35..7f94778866ad 100644
--- a/src/chrome/content/rules/KwikSurveys.xml
+++ b/src/chrome/content/rules/KwikSurveys.xml
@@ -4,5 +4,5 @@
 
 	<securecookie host="^www\.kwiksurveys\.com$" name=".+" />
 
-	<rule from="^http://(www\.)?kwiksurveys\.com/" to="https://$1kwiksurveys.com/" />
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Kyani.net.xml b/src/chrome/content/rules/Kyani.net.xml
index 0047d4de8a2c..37877426ce34 100644
--- a/src/chrome/content/rules/Kyani.net.xml
+++ b/src/chrome/content/rules/Kyani.net.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://kyani.net/ => https://eu.kyani.net/public/eu/en/main: Too many redirects while fetching 'https://eu.kyani.net/public/eu/en/main'
+
 	Problematic subdomains:
 
 		- (www.)	(redirects to http before eu)
@@ -28,4 +32,4 @@
 	<rule from="^http://eu\.kyani\.net/"
 		to="https://eu.kyani.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Kyberia.sk.xml b/src/chrome/content/rules/Kyberia.sk.xml
index e95ee99e338e..c4ac65f32e95 100644
--- a/src/chrome/content/rules/Kyberia.sk.xml
+++ b/src/chrome/content/rules/Kyberia.sk.xml
@@ -2,5 +2,5 @@
   <target host="www.kyberia.sk" />
   <target host="kyberia.sk" />
 
-<rule from="^http://(?:www\.)?kyberia\.sk/" to="https://kyberia.sk/" />
+<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Kyhwana.org.xml b/src/chrome/content/rules/Kyhwana.org.xml
new file mode 100644
index 000000000000..f2e795f37f6d
--- /dev/null
+++ b/src/chrome/content/rules/Kyhwana.org.xml
@@ -0,0 +1,13 @@
+<!--
+	www: Shows httpswatch.nz
+
+-->
+<ruleset name="Kyhwana.org">
+
+	<target host="kyhwana.org" />
+	<target host="www.kyhwana.org" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Kyiv_Post.com.xml b/src/chrome/content/rules/Kyiv_Post.com.xml
new file mode 100644
index 000000000000..54f63499bebe
--- /dev/null
+++ b/src/chrome/content/rules/Kyiv_Post.com.xml
@@ -0,0 +1,39 @@
+<!--
+	Problematic hosts in *kyivpost.com:
+
+		- promotion ᵐ
+
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.kyivpost.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css on promotion, www from fonts.googleapis.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Kyiv Post.com (partial)">
+
+	<target host="kyivpost.com" />
+	<target host="www.kyivpost.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.kyivpost\.com$" name="^(?:csrftoken|sessionid)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Kyivstar.ua.xml b/src/chrome/content/rules/Kyivstar.ua.xml
new file mode 100644
index 000000000000..f5bebac93797
--- /dev/null
+++ b/src/chrome/content/rules/Kyivstar.ua.xml
@@ -0,0 +1,160 @@
+<!--
+0.kyivstar.ua ³
+3g.kyivstar.ua ⁴
+477.kyivstar.ua ⁴
+alchemy.kyivstar.ua ⁴
+www.alchemy.kyivstar.ua ⁴
+aves.kyivstar.ua ⁷
+beelinemms.kyivstar.ua ³
+bezpeka.kyivstar.ua ¹
+bigdata.kyivstar.ua ⁶
+www.bigdata.kyivstar.ua ⁶
+products.bigdata.kyivstar.ua/: (52, 'Empty reply from server')
+business.kyivstar.ua ¹
+businesspromo.kyivstar.ua ¹
+chat.kyivstar.ua ³
+club.kyivstar.ua ³
+digest.kyivstar.ua ³
+www.digest.kyivstar.ua ³
+m.digest.kyivstar.ua ³
+football.kyivstar.ua ³
+funs.kyivstar.ua ¹
+fwcap.kyivstar.ua ³
+help.kyivstar.ua ³
+www.home.kyivstar.ua ¹
+hotels.kyivstar.ua ¹
+www.hotels.kyivstar.ua ¹
+hub.kyivstar.ua ³
+ibv.kyivstar.ua ⁷
+kasadgt.kyivstar.ua ³
+kasawhg.kyivstar.ua ³
+kobzar.kyivstar.ua ⁵
+www.kobzar.kyivstar.ua ⁵
+www.kolodruziv.kyivstar.ua ⁴
+kyivstar-app02.kyivstar.ua ³
+www.letter.kyivstar.ua ⁴
+mmsvd.kyivstar.ua ¹
+bilet.money.kyivstar.ua ⁴
+dev.money.kyivstar.ua ⁴
+mplba.kyivstar.ua ³
+mr.kyivstar.ua ¹
+www.my.kyivstar.ua ¹
+wap.my.kyivstar.ua ³
+my-chat.kyivstar.ua ³
+neo.kyivstar.ua ¹
+www.neo.kyivstar.ua ¹
+www.new.kyivstar.ua ¹
+ny.kyivstar.ua ⁵
+www.ny.kyivstar.ua ⁵
+o.kyivstar.ua ³
+online-bezpeka.kyivstar.ua ¹
+update.opt.kyivstar.ua ³
+www.race.kyivstar.ua ⁴
+radio.kyivstar.ua ¹
+retdb-comm.kyivstar.ua ³
+sfe.kyivstar.ua ⁵
+www.r1.shop.kyivstar.ua ¹
+siebelemail.kyivstar.ua ³
+simshop.kyivstar.ua ³
+sip.kyivstar.ua/: (56, 'SSL read: error:00000000:lib(0):func(0):reason(0), errno 104')
+smart.kyivstar.ua ¹
+www.smart.kyivstar.ua ¹
+m.smart.kyivstar.ua ¹
+www.m.smart.kyivstar.ua ¹
+mobile.smart.kyivstar.ua ¹
+smsgate.kyivstar.ua ²
+smsgate-01.kyivstar.ua ³
+smtprelay.kyivstar.ua ³
+smtprelay1.kyivstar.ua ³
+smtprelay2.kyivstar.ua ³
+www.speedtest.kyivstar.ua ³
+www.speedtest1.kyivstar.ua ³
+star.kyivstar.ua ⁴
+tp-vcs-e.kyivstar.ua ³
+ttwos.kyivstar.ua ³
+tube.kyivstar.ua ¹
+tv.kyivstar.ua ⁴
+www.tv.kyivstar.ua ²
+ukrainians.kyivstar.ua ⁴
+vendorsportal.kyivstar.ua ³
+vesna.kyivstar.ua ⁴
+video.kyivstar.ua ⁷
+m.video.kyivstar.ua ²
+sd.video.kyivstar.ua ³
+vr.kyivstar.ua ⁴
+www.vr.kyivstar.ua ⁴
+vyshyvanka.kyivstar.ua ⁴
+www.vyshyvanka.kyivstar.ua ⁴
+vyshyvanka-family.kyivstar.ua ⁴
+wap.kyivstar.ua ²
+wces.kyivstar.ua/: (56, 'SSL read: error:00000000:lib(0):func(0):reason(0), errno 104')
+webexmeet.kyivstar.ua ³
+www.webtutorapp2.kyivstar.ua ³
+win.kyivstar.ua ¹
+www.win.kyivstar.ua ¹
+wons.kyivstar.ua non-2xx http code
+8march.kyivstar.ua different content
+account-test.kyivstar.ua different content
+redirect.kyivstar.ua different content
+
+
+¹ mismatch
+² refused
+³ timed out
+⁴ self signed
+⁵ expired
+⁶ redirect
+⁷ protocol error
+-->
+<ruleset name="kyivstar.ua">
+	<target host="kyivstar.ua" />
+	<target host="www.kyivstar.ua" />
+	<target host="account.kyivstar.ua" />
+	<target host="adfs.kyivstar.ua" />
+	<target host="ats.kyivstar.ua" />
+	<target host="b2b.kyivstar.ua" />
+	<target host="ipline.b2b.kyivstar.ua" />
+	<target host="balancer-cloud-live-chat.kyivstar.ua" />
+	<target host="billing-live-chat.kyivstar.ua" />
+	<target host="commercial.cc.kyivstar.ua" />
+	<target host="cdn.kyivstar.ua" />
+	<target host="cpa.kyivstar.ua" />
+	<target host="cpa-api.kyivstar.ua" />
+	<target host="cpa-register.kyivstar.ua" />
+	<target host="feedback.kyivstar.ua" />
+	<target host="fmc.kyivstar.ua" />
+	<target host="ft-live-chat.kyivstar.ua" />
+	<target host="fttb.kyivstar.ua" />
+	<target host="gis.kyivstar.ua" />
+	<target host="hi.kyivstar.ua" />
+	<target host="home.kyivstar.ua" />
+	<target host="insure.kyivstar.ua" />
+	<target host="kidwatch.kyivstar.ua" />
+	<target host="login.kyivstar.ua" />
+	<target host="m2m.kyivstar.ua" />
+	<target host="mb.kyivstar.ua" />
+	<target host="www.mb.kyivstar.ua" />
+	<target host="mbezpeka.kyivstar.ua" />
+	<target host="www.mbezpeka.kyivstar.ua" />
+	<target host="merch.kyivstar.ua" />
+	<target host="money.kyivstar.ua" />
+	<target host="my.kyivstar.ua" />
+	<target host="nano.kyivstar.ua" />
+	<target host="new.kyivstar.ua" />
+	<target host="pay.kyivstar.ua" />
+	<target host="pontis-api.kyivstar.ua" />
+	<target host="sbss-api.kyivstar.ua" />
+	<target host="service-live-chat.kyivstar.ua" />
+	<target host="shop.kyivstar.ua" />
+	<target host="www.shop.kyivstar.ua" />
+	<target host="r1.shop.kyivstar.ua" />
+	<target host="www.mass.sms.kyivstar.ua" />
+	<target host="smsbulk.kyivstar.ua" />
+	<target host="ukraine25.kyivstar.ua" />
+	<target host="www.ukraine25.kyivstar.ua" />
+	<target host="viasat.kyivstar.ua" />
+	<target host="vpn.kyivstar.ua" />
+	<target host="widgets-live-chat.kyivstar.ua" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/KyleSchaeffer.com.xml b/src/chrome/content/rules/KyleSchaeffer.com.xml
new file mode 100644
index 000000000000..688618d3dbf1
--- /dev/null
+++ b/src/chrome/content/rules/KyleSchaeffer.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="KyleSchaeffer.com">
+
+	<target host="kyleschaeffer.com" />
+	<target host="www.kyleschaeffer.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Kyle_Isom.net.xml b/src/chrome/content/rules/Kyle_Isom.net.xml
new file mode 100644
index 000000000000..0258850d83fa
--- /dev/null
+++ b/src/chrome/content/rules/Kyle_Isom.net.xml
@@ -0,0 +1,23 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .kyleisom.net
+
+-->
+<ruleset name="Kyle Isom.net">
+
+	<target host="kyleisom.net" />
+	<target host="www.kyleisom.net" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.kyleisom\.net$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Kylie.com.xml b/src/chrome/content/rules/Kylie.com.xml
new file mode 100644
index 000000000000..d8824669c254
--- /dev/null
+++ b/src/chrome/content/rules/Kylie.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="Kylie.com" >
+
+	<target host="kylie.com" />
+	<target host="www.kylie.com" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/KyngChaos.com.xml b/src/chrome/content/rules/KyngChaos.com.xml
new file mode 100644
index 000000000000..2e9138ff61b1
--- /dev/null
+++ b/src/chrome/content/rules/KyngChaos.com.xml
@@ -0,0 +1,16 @@
+<!--
+	Invalid certificate:
+		experiencingbeing.kyngchaos.com
+		www.experiencingbeing.kyngchaos.com
+
+-->
+<ruleset name="KyngChaos.com">
+
+	<target host="kyngchaos.com" />
+	<target host="www.kyngchaos.com" />
+	<target host="wedding.kyngchaos.com" />
+	<target host="www.wedding.kyngchaos.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Kyoto-U.ac.jp.xml b/src/chrome/content/rules/Kyoto-U.ac.jp.xml
new file mode 100644
index 000000000000..a12ff9256a6e
--- /dev/null
+++ b/src/chrome/content/rules/Kyoto-U.ac.jp.xml
@@ -0,0 +1,28 @@
+<!--
+	Kyoto University
+
+
+	www.kyoto-u.ac.jp: Refused
+
+
+	Problematic subdomains:
+
+		- www.frontier *
+
+	* Some pages 404, CN: Parallels Panel
+
+
+	Fully covered subdomains:
+
+		- www.cira
+
+-->
+<ruleset name="Kyoto-U.ac.jp (partial)">
+
+	<target host="www.cira.kyoto-u.ac.jp" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/L-auto-entrepreneur.org.xml b/src/chrome/content/rules/L-auto-entrepreneur.org.xml
new file mode 100644
index 000000000000..a22221e33227
--- /dev/null
+++ b/src/chrome/content/rules/L-auto-entrepreneur.org.xml
@@ -0,0 +1,14 @@
+<ruleset name="L-auto-entrepreneur.org">
+
+	<target host="l-auto-entrepreneur.org" />
+	<target host="www.l-auto-entrepreneur.org" />
+
+
+	<!--	Server doesn't set Secure for:
+						-->
+	<securecookie host="^(?:w*\.)?l-auto-entrepreneur\.org$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/L-rumors.com.xml b/src/chrome/content/rules/L-rumors.com.xml
new file mode 100644
index 000000000000..e48e1512bfe3
--- /dev/null
+++ b/src/chrome/content/rules/L-rumors.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="L-rumors.com">
+	<target host="l-rumors.com" />
+	<target host="www.l-rumors.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/L.de.xml b/src/chrome/content/rules/L.de.xml
new file mode 100644
index 000000000000..f79ba90c3e40
--- /dev/null
+++ b/src/chrome/content/rules/L.de.xml
@@ -0,0 +1,10 @@
+<ruleset name="L.de">
+    <target host="l.de" />
+    <target host="www.l.de" />
+    <target host="gruensparshop.l.de" />
+
+    <securecookie host="^(www\.|gruensparshop\.)?l\.de" name=".+" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/L0cal.com.xml b/src/chrome/content/rules/L0cal.com.xml
new file mode 100644
index 000000000000..4492dbfdd228
--- /dev/null
+++ b/src/chrome/content/rules/L0cal.com.xml
@@ -0,0 +1,17 @@
+<!--
+	No working URL known:
+		ipfs.l0cal.com
+		storm.l0cal.com
+
+-->
+<ruleset name="l0cal.com">
+
+	<target host="l0cal.com" />
+	<target host="www.l0cal.com" />
+	<target host="blog.l0cal.com" />
+	<target host="iot.l0cal.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/L0g.us.xml b/src/chrome/content/rules/L0g.us.xml
new file mode 100644
index 000000000000..3e8a2867999a
--- /dev/null
+++ b/src/chrome/content/rules/L0g.us.xml
@@ -0,0 +1,19 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://l0g.us/ => https://l0g.us/: (7, 'Failed to connect to l0g.us port 443: No route to host')
+Fetch error: http://www.l0g.us/ => https://www.l0g.us/: (7, 'Failed to connect to www.l0g.us port 443: No route to host')
+
+-->
+<ruleset name="l0g.us" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="l0g.us" />
+	<target host="www.l0g.us" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/L2020.xml b/src/chrome/content/rules/L2020.xml
index c4261d40d1f0..0d05a61f7c5c 100644
--- a/src/chrome/content/rules/L2020.xml
+++ b/src/chrome/content/rules/L2020.xml
@@ -1,6 +1,16 @@
-<ruleset name="Local 20/20" platform="mixedcontent">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://l2020.org/ => https://l2020.org/: (51, "SSL: no alternative certificate subject name matches target host name 'l2020.org'")
+Fetch error: http://www.l2020.org/ => https://l2020.org/: (51, "SSL: no alternative certificate subject name matches target host name 'l2020.org'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://l2020.org/ => https://l2020.org/: (51, "SSL: no alternative certificate subject name matches target host name 'l2020.org'")
+Fetch error: http://www.l2020.org/ => https://l2020.org/: (51, "SSL: no alternative certificate subject name matches target host name 'l2020.org'")
+-->
+<ruleset name="Local 20/20" platform="mixedcontent" default_off="failed ruleset test">
   <target host="l2020.org" />
   <target host="www.l2020.org" />
 
-  <rule from="^http://(www\.)?l2020\.org/" to="https://l2020.org/"/>
+  <rule from="^http://(?:www\.)?l2020\.org/" to="https://l2020.org/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/L2C.xml b/src/chrome/content/rules/L2C.xml
index 4dbddcc8def0..e1db3fffac01 100644
--- a/src/chrome/content/rules/L2C.xml
+++ b/src/chrome/content/rules/L2C.xml
@@ -1,13 +1,22 @@
-<ruleset name="L2C">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://l2c.co.kr/ => https://l2c.co.kr/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.l2c.co.kr/ => https://www.l2c.co.kr/: (28, 'Connection timed out after 20001 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://l2c.co.kr/ => https://l2c.co.kr/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.l2c.co.kr/ => https://www.l2c.co.kr/: (60, 'SSL certificate problem: certificate has expired')
+-->
+<ruleset name="L2C" default_off="failed ruleset test">
 
 	<target host="l2c.co.kr" />
 	<target host="www.l2c.co.kr" />
 
 
-	<securecookie host="^(www\.)?l2c\.co\.kr$" name=".*" />
+	<securecookie host="^(?:www\.)?l2c\.co\.kr$" name=".+" />
 
 
-	<rule from="^http://(www\.)?l2c\.co\.kr/"
-		to="https://$1l2c.co.kr/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/LADSPA.org.xml b/src/chrome/content/rules/LADSPA.org.xml
new file mode 100644
index 000000000000..1272f81bf603
--- /dev/null
+++ b/src/chrome/content/rules/LADSPA.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="LADSPA.org">
+	<target host="ladspa.org" />
+	<target host="www.ladspa.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/LANsquared.xml b/src/chrome/content/rules/LANsquared.xml
index 7c4e26fe66f1..7c64b54269fb 100644
--- a/src/chrome/content/rules/LANsquared.xml
+++ b/src/chrome/content/rules/LANsquared.xml
@@ -1,14 +1,15 @@
 <ruleset name="LANsquared" default_off="expired, mismatch">
 
 	<target host="lansquared.com" />
-	<target host="*.lansquared.com" />
+	<target host="webmail.lansquared.com" />
+	<target host="www.lansquared.com" />
 
 
-	<securecookie host="^webmail\.lansquared\.com$" name=".*" />
+	<securecookie host="^webmail\.lansquared\.com$" name=".+" />
 
 
 	<!--	Cert doesn't match webmail.	-->
-	<rule from="^https?://(?:(webmail\.)|www\.)?lansquared\.com/"
+	<rule from="^http://(?:(webmail\.)|www\.)?lansquared\.com/"
 		to="https://$1lansquared.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/LAlsace.fr.xml b/src/chrome/content/rules/LAlsace.fr.xml
new file mode 100644
index 000000000000..6e615c5b1632
--- /dev/null
+++ b/src/chrome/content/rules/LAlsace.fr.xml
@@ -0,0 +1,27 @@
+<!--
+	Redirect to http:
+		lalsace.fr
+		www.lalsace.fr
+		c.lalsace.fr
+		waf.lalsace.fr
+		www16.lalsace.fr
+		www2.lalsace.fr
+
+	Invalid certificate:
+		em.lalsace.fr
+		enquete.lalsace.fr
+
+	No working URL known:
+		s-www.lalsace.fr
+
+-->
+<ruleset name="LAlsace.fr">
+
+	<target host="boutique.lalsace.fr" />
+	<target host="cdn-s-www.lalsace.fr" />
+		<test url="http://cdn-s-www.lalsace.fr/images/15C52EB7-6705-40AD-A4BD-435258E71D59/ALS_V0_07/un-important-bouchon-s-est-forme-dans-le-sens-nord-sud-suite-a-l-accident-photo-l-alsace-thierry-gachon-1514287536.jpg" />
+	<target host="s-boutique.lalsace.fr" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/LBHF.gov.uk.xml b/src/chrome/content/rules/LBHF.gov.uk.xml
new file mode 100644
index 000000000000..d589c072d111
--- /dev/null
+++ b/src/chrome/content/rules/LBHF.gov.uk.xml
@@ -0,0 +1,60 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://apps4.lbhf.gov.uk/ => https://apps4.lbhf.gov.uk/: (7, 'Failed to connect to apps4.lbhf.gov.uk port 443: No route to host')
+Fetch error: http://www.apps4.lbhf.gov.uk/ => https://www.apps4.lbhf.gov.uk/: (7, 'Failed to connect to www.apps4.lbhf.gov.uk port 443: No route to host')
+
+	London Borough of Hammersmith & Fulham
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *lbhf.gov.uk:
+
+		- (www.)?apps2 ³
+		- democracy ³
+
+	³ 403
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- lbhf.gov.uk
+		- apps1.lbhf.gov.uk
+		- www.apps1.lbhf.gov.uk
+		- apps4.lbhf.gov.uk
+		- www.apps4.lbhf.gov.uk
+		- www.lbhf.gov.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css on (www.)? from serverapi.arcgisonline.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="LBHF.gov.uk (partial)" default_off="failed ruleset test">
+
+	<target host="lbhf.gov.uk" />
+	<target host="apps1.lbhf.gov.uk" />
+	<target host="www.apps1.lbhf.gov.uk" />
+	<target host="apps4.lbhf.gov.uk" />
+	<target host="www.apps4.lbhf.gov.uk" />
+	<target host="www.lbhf.gov.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?lbhf\.gov\.uk$" name="^ASPSESSIONID[A-Z]{8}$" /-->
+	<!--securecookie host="^(?:www\.)?apps[14]\.lbhf\.gov\.uk$" name="^(?:\.ASPXFORMSAUTH|ASP\.NET_SessionId)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/LBL.gov.xml b/src/chrome/content/rules/LBL.gov.xml
new file mode 100644
index 000000000000..566d4ed8b84c
--- /dev/null
+++ b/src/chrome/content/rules/LBL.gov.xml
@@ -0,0 +1,81 @@
+<!--
+	Lawrence Berkeley National Laboratory
+
+
+
+	Nonfunctional hosts in *lbl.gov:
+
+		- engineering ¹
+		- go ²
+		- map ³
+		- www-afrd ¹
+		- www2 ⁴
+
+	¹ WP Engine
+	² Handshake fails
+	³ 404
+	⁴ Differs from http
+
+
+	Problematic hosts in *lbl.gov:
+
+		- photos ¹
+		- supercon ¹
+		- wwwdev ²
+
+	¹ Mismatched
+	² Self-signed
+
+
+	^lbl.gov doesn't exist.
+
+
+	Insecure cookies are set for these domains:
+
+		- photos
+
+
+	Mixed content:
+
+		- css on newscenter from fonts.googleapis.com ¹
+
+		- Images, on:
+
+			- newscenter, photos, www from www ¹
+			- photos from $self ²
+			- today from $self ¹
+
+	¹ Secured by us
+	² Not secured by us <= mismatched
+
+-->
+<ruleset name="LBL.gov (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="commons.lbl.gov" />
+	<target host="identity.lbl.gov" />
+	<target host="newscenter.lbl.gov" />
+	<target host="search.lbl.gov" />
+	<target host="today.lbl.gov" />
+	<target host="www.lbl.gov" />
+
+	<!--	Complications:
+				-->
+	<target host="wwwdev.lbl.gov" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^photos\.lbl\.gov$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\." name="^__qca$" />
+
+
+	<rule from="^http://wwwdev\.lbl\.gov/"
+		to="https://www.lbl.gov/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/LCHost.xml b/src/chrome/content/rules/LCHost.xml
index a5ba27fc8b94..1e696abeae0e 100644
--- a/src/chrome/content/rules/LCHost.xml
+++ b/src/chrome/content/rules/LCHost.xml
@@ -1,10 +1,16 @@
-<ruleset name="LCHost">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cloud0.lchost.co.uk/ => https://cloud0.lchost.co.uk/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+-->
+<ruleset name="LCHost" default_off="failed ruleset test">
 
 	<target host="lchost.co.uk" />
-	<target host="*.lchost.co.uk" />
+	<target host="cloud0.lchost.co.uk" />
+	<target host="www.lchost.co.uk" />
 
 
-	<rule from="^http://(cloud0\.|www\.)?lchost\.co\.uk/"
-		to="https://$1lchost.co.uk/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/LDS.org.xml b/src/chrome/content/rules/LDS.org.xml
new file mode 100644
index 000000000000..0216a7e59ff6
--- /dev/null
+++ b/src/chrome/content/rules/LDS.org.xml
@@ -0,0 +1,38 @@
+<!--
+	Related:
+		LDS_CDN.org.xml
+		FS_CDN.org.xml
+
+	404:
+		new.lds.org
+
+	Failed:
+		feeds.lds.org
+		music.lds.org
+		secure.lds.org
+
+	Too many redirects:
+		youth.lds.org
+
+	Invalid cert:
+		ldsces.org
+		www.ldsces.org
+-->
+<ruleset name="LDS.org">
+	<target host="lds.org"/>
+	<target host="www.lds.org"/>
+	<target host="broadcast.lds.org"/>
+	<target host="cdol.lds.org"/>
+	<target host="clerk.lds.org"/>
+	<target host="history.lds.org"/>
+	<target host="ident.lds.org"/>
+		<test url="http://ident.lds.org/sso/lds/privacy.html" />
+	<target host="institute.lds.org"/>
+	<target host="outofservice.lds.org"/>
+	<target host="scriptures.lds.org"/>
+	<target host="seminary.lds.org"/>
+	<target host="store.lds.org"/>
+	<target host="tech.lds.org"/>
+
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/LDS_CDN.org.xml b/src/chrome/content/rules/LDS_CDN.org.xml
new file mode 100644
index 000000000000..4e2de37f2c97
--- /dev/null
+++ b/src/chrome/content/rules/LDS_CDN.org.xml
@@ -0,0 +1,17 @@
+<!--
+	Related:
+		LDS.org.xml
+
+	Invalid cert:
+		media2.ldscdn.org
+-->
+<ruleset name="LDS_CDN.org">
+	<target host="ldscdn.org"/>
+	<target host="www.ldscdn.org"/>
+	<target host="edge.ldscdn.org"/>
+		<test url="http://edge.ldscdn.org/ml/ldsorg/fonts/ldsicon/ldsicon.ttf" />
+	<target host="media.ldscdn.org"/>
+		<test url="http://media.ldscdn.org/images/media-library/mormonads/family-and-family-history/mormonad-invest-time-1118192-gallery.jpg" />
+
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/LEAP.se.xml b/src/chrome/content/rules/LEAP.se.xml
index d174e95a9cb0..f8c6c683c0dc 100644
--- a/src/chrome/content/rules/LEAP.se.xml
+++ b/src/chrome/content/rules/LEAP.se.xml
@@ -8,7 +8,6 @@
 	<target host="www.leap.se" />
 
 
-	<rule from="^http://(www\.)?leap\.se/"
-		to="https://$1leap.se/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/LEGO.xml b/src/chrome/content/rules/LEGO.xml
index 37f51db761d9..86cf24dab2e3 100644
--- a/src/chrome/content/rules/LEGO.xml
+++ b/src/chrome/content/rules/LEGO.xml
@@ -1,55 +1,62 @@
 <!--
-	lego.112.2o7.net/b/ss/legoglobal/
-
-
-	Nonfunctional subdomains:
-
-		- cs *
-		- service **
-		- services **
-		- cs.us *
-		- www
-
-	* 404, mismatched
-	** At least some pages redirect to http
-
-
-	Problematic subdomains:
-
-		- (www.)
-		- en-us.kb	(mismatched, CN: *.parature.com)
-
-
-	Partially covered subdomains:
-
-		- club *
-		- education *
-		- shop *
-
-	* Some (most?) pages redirect to http
-	
-
+	Nonfunctional hosts in *.lego.com:
+		- aboutus.lego.com (m)
+		- assets.lego.com (m)
+		- cache.lego.com (m)
+		- club.lego.com (m)
+		- community.lego.com (m)
+		- factory.lego.com (m)
+		- ldd.lego.com (m)
+		- learninginstitute.lego.com (m)
+		- rebrick.lego.com (m)
+		- reviews.lego.com (m)
+		- thehobbit.lego.com (m)
+		- service.lego.com (404)
+		- ldd.us.lego.com (m)
+		- thelordoftherings.us.lego.com (m)
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+
+	legocdn.com has a wildcard DNS record.
 -->
-<ruleset name="LEGO (partial)">
+<ruleset name="LEGO.com (partial)">
 
 	<target host="lego.com" />
-	<target host="*.lego.com" />
-		<exclusion pattern="^http://club\.lego\.com/(?!en-us/join/magazinesubscription)" />
-		<exclusion pattern="^http://education\.lego\.com/(?!\w\w-\w\w/[\w-]+/|Design/|WebResource\.axd)" />
-		<exclusion pattern="^http://shop.lego.com/(?!VIP/modal/vipLearnMoreModal\.jsp)" />
-	<target host="services.*.lego.com" />
-
-
-	<securecookie host="^(?:aboutus|account2?|services\.account|assets|rebrick)\.lego\.com$" name=".+" />
-
-
-	<rule from="^https?://(?:www\.|wwwsecure\.)?lego\.com/"
-		to="https://wwwsecure.lego.com/" />
-
-	<rule from="^http://(aboutus|account2?|services\.(?:account|community)|assets|club|education|moderation|rebrick|shop)\.lego\.com/"
-		to="https://$1.lego.com/" />
-
-	<rule from="^http://cache\.lego\.com/"
-		to="https://a248.e.akamai.net/cache.lego.com/" />
+	<target host="www.lego.com" />
+	<target host="account.lego.com" />
+	<target host="services.account.lego.com" />
+	<target host="account2.lego.com" />
+	<target host="catalogs.lego.com" />
+	<target host="citystudio.lego.com" />
+	<target host="education.lego.com" />
+	<target host="shop.education.lego.com" />
+	<target host="ideas.lego.com" />
+	<target host="jobsearch.lego.com" />
+		<!-- 403 -->
+		<exclusion pattern="^http://jobsearch\.lego\.com/$" />
+		<test url="http://jobsearch.lego.com/sap/bc/webdynpro/sap/" />
+	<target host="lan.lego.com" />
+	<target host="moderation.lego.com" />
+	<target host="ninjagochallenge.lego.com" />
+	<target host="savethecity.lego.com" />
+	<target host="services.lego.com" />
+	<target host="shop.lego.com" />
+	<target host="www.us.lego.com" />
+	<target host="wwwsecure.us.lego.com" />
+	<target host="usaevents.lego.com" />
+	<target host="worldofcreativity.lego.com" />
+	<target host="wwwsecure.lego.com" />
+
+	<target host="lc-www-live-s.legocdn.com" />
+	<test url="http://lc-www-live-s.legocdn.com/r/www/r/globalnavigationservices/content/images/lego-logo-menu.svg" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/LESS.xml b/src/chrome/content/rules/LESS.xml
index a418fe19362a..8d1d11d469cb 100644
--- a/src/chrome/content/rules/LESS.xml
+++ b/src/chrome/content/rules/LESS.xml
@@ -1,11 +1,11 @@
-<ruleset name="LESS" default_off="mismatch">
+<ruleset name="LESS" default_off="mismatched">
 
 	<!--	Cert: *.heroku.com	-->
 	<target host="lesscss.org" />
 	<target host="www.lesscss.org" />
 
 
-	<rule from="^https?://(?:www\.)?lesscss\.org/"
+	<rule from="^http://(?:www\.)?lesscss\.org/"
 		to="https://lesscss.org/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/LEspace_client.fr.xml b/src/chrome/content/rules/LEspace_client.fr.xml
new file mode 100644
index 000000000000..747bd7cc1ef8
--- /dev/null
+++ b/src/chrome/content/rules/LEspace_client.fr.xml
@@ -0,0 +1,25 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://lespaceclient.fr/ => https://lespaceclient.fr/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.lespaceclient.fr/ => https://www.lespaceclient.fr/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	For other Magic Online coverage, see Magic.fr.xml.
+
+-->
+<ruleset name="LEspace client.fr" default_off="failed ruleset test">
+
+	<target host="lespaceclient.fr" />
+	<target host="www.lespaceclient.fr" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?lespaceclient\.fr$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^(?:www\.)?lespaceclient\.fr$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/LExpress.fr.xml b/src/chrome/content/rules/LExpress.fr.xml
new file mode 100644
index 000000000000..c03d4d1a9253
--- /dev/null
+++ b/src/chrome/content/rules/LExpress.fr.xml
@@ -0,0 +1,35 @@
+<!--
+	Nonfunctional subdomains:
+
+		- ^ ¹
+		- lentreprise ²
+		- lexpansion ²
+		- static ²
+		- videos ²
+		- votreargent ²
+		- www ²
+
+	¹ Dropped
+	² Redirects to http, valid cert
+
+
+	Fully covered subdomains:
+
+		- boutique
+		- media-boutique
+		- skin-boutique
+
+-->
+<ruleset name="LExpress.fr (partial)">
+
+	<target host="boutique.lexpress.fr" />
+	<target host="media-boutique.lexpress.fr" />
+	<target host="skin-boutique.lexpress.fr" />
+
+
+	<securecookie host="^\.boutique\.lexpress\.fr$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/LFAIT.com.xml b/src/chrome/content/rules/LFAIT.com.xml
index 1f43f4e6a06d..bc6413c1eef7 100644
--- a/src/chrome/content/rules/LFAIT.com.xml
+++ b/src/chrome/content/rules/LFAIT.com.xml
@@ -1,4 +1,5 @@
 <!--
+
 	Cert only matches ^lfait.com.
 
 -->
@@ -11,7 +12,6 @@
 	<securecookie host="^lfait\.com$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?lfait\.com/"
-		to="https://lfait.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/LFC-Hosting.xml b/src/chrome/content/rules/LFC-Hosting.xml
index 3faba3d2ba40..023b42244f65 100644
--- a/src/chrome/content/rules/LFC-Hosting.xml
+++ b/src/chrome/content/rules/LFC-Hosting.xml
@@ -1,22 +1,26 @@
-<ruleset name="LFC Hosting">
 
-	<target host="208.68.106.8" />
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://208.68.106.8/ => https://208.68.106.8/: (60, 'SSL certificate problem: certificate has expired')
+
+Automatically by https-everywhere-checker because:
+Fetch error: http://208.68.106.8/ => https://208.68.106.8/: (60, 'SSL certificate problem: certificate has expired')
+-->
+<ruleset name="LFC Hosting" default_off="failed ruleset test">
+
 	<target host="lfchosting.com" />
-	<target host="*.lfchosting.com" />
+	<target host="account.lfchosting.com" />
+	<target host="cp.lfchosting.com" />
+	<target host="demo.lfchosting.com" />
+	<target host="www.lfchosting.com" />
 
 
 	<securecookie host="^.+\.lfchosting\.com$" name=".+" />
 
 
-	<!--	- Cert only matches IP
-		- Redirects like so
-					-->
-	<rule from="^https?://(?:208\.68\.106\.8|webmail\.lfchosting\.com)/"
-		to="https://208.68.106.8/" />
-
 	<!--	www: cert only matches ^lfchosting.com.
 							-->
-	<rule from="^https?://(?:(cp\.|demo\.)|www\.)?lfchosting\.com/"
+	<rule from="^http://(?:((?:account|cp|demo)\.)|www\.)?lfchosting\.com/"
 		to="https://$1lfchosting.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/LFGSS.com.xml b/src/chrome/content/rules/LFGSS.com.xml
deleted file mode 100644
index 4784ad56dab9..000000000000
--- a/src/chrome/content/rules/LFGSS.com.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	London Fixed-gear and Single-speed
-
--->
-<ruleset name="LFGSS.com">
-
-	<target host="lfgss.com" />
-	<target host="www.lfgss.com" />
-
-
-	<securecookie host="^www\.lfgss\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?lfgss\.com/"
-		to="https://$1lfgss.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/LF_Hair.com.xml b/src/chrome/content/rules/LF_Hair.com.xml
new file mode 100644
index 000000000000..66d3acac327d
--- /dev/null
+++ b/src/chrome/content/rules/LF_Hair.com.xml
@@ -0,0 +1,33 @@
+<!--
+	Laissez Faire Hair
+
+
+	Some pages redirect to http.
+
+
+-->
+<ruleset name="LF Hair.com (partial)">
+
+	<target host="lfhair.com" />
+	<target host="www.lfhair.com" />
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="^http://(www\.)?lfhair\.com/+($|\?|xcart/customer/(help|home)\.php)" /-->
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="^http://(www\.)?lfhair\.com/+(?!assets/|cdn-cgi/|favicon\.ico|html/|xcart/customer/(cart|register)\.php|xcart_images/)" /-->
+
+
+	<!--	Could we secure any of these safely?
+							-->
+	<!--securecookie host="^www\.lfhair\.com$" name="^(_popup_subscribe|store_language|XCARTSESSID)$" /-->
+	<!--securecookie host="^\.www\.lfhair\.com$" name="^XCARTSESSID$" /-->
+	<securecookie host="^\.www\.lfhair\.com$" name="^RefererCookie$" />
+
+
+	<rule from="^http://(www\.)?lfhair\.com/(?=assets/|cdn-cgi/|favicon\.ico|html/|xcart/customer/(?:cart|register)\.php|xcart_images/)"
+		to="https://$1lfhair.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/LFov.net.xml b/src/chrome/content/rules/LFov.net.xml
index 79b63b2bb215..b1dc9acefadc 100644
--- a/src/chrome/content/rules/LFov.net.xml
+++ b/src/chrome/content/rules/LFov.net.xml
@@ -1,4 +1,12 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://lfov.net/ => https://lfov.net/: (7, 'Failed to connect to lfov.net port 443: Connection refused')
+Fetch error: http://www.lfov.net/ => https://www.lfov.net/: (7, 'Failed to connect to www.lfov.net port 443: Connection refused')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://lfov.net/ => https://lfov.net/: (28, 'Connection timed out after 10001 milliseconds')
+Fetch error: http://www.lfov.net/ => https://www.lfov.net/: (28, 'Connection timed out after 10001 milliseconds')
 	For other LoopFuse coverage, see LoopFuse.xml.
 
 
@@ -6,7 +14,7 @@
 	cookie on whichever domain it is loaded from.
 
 -->
-<ruleset name="LFov.net">
+<ruleset name="LFov.net" default_off="failed ruleset test">
 
 	<target host="lfov.net" />
 	<target host="www.lfov.net" />
@@ -15,7 +23,6 @@
 	<securecookie host="^(?:www\.)?lfov\.net$" name=".+" />
 
 
-	<rule from="^http://(www\.)?lfov\.net/"
-		to="https://$1lfov.net/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/LG.com.xml b/src/chrome/content/rules/LG.com.xml
index 0c8e0d04cb67..4d881cbcdc0a 100644
--- a/src/chrome/content/rules/LG.com.xml
+++ b/src/chrome/content/rules/LG.com.xml
@@ -2,15 +2,9 @@
 	LG Electronics
 
 
-	Problematic subdomains:
-
-		- www	(valid cert, redirects to wws, pages then redirect back)
-
-
 	Partially covered subdomains:
 
-		- (www.)	(→ wws, to save on excessive requests)
-		- wws
+		- www
 		- wwwstg	(pages redirect to http)
 
 
@@ -18,26 +12,44 @@
 
 		- akamaitest
 		- admin.cms
-		- wws
 
 -->
 <ruleset name="LG.com (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="lg.com" />
-	<target host="*.lg.com" />
-		<exclusion pattern="^http://(?:www(?:stg)?\.)?lg\.com/(?!\w\w/(?:css|foresee|images|js)/|favicon\.ico|lg3-common(?:-v2)?/)" />
+	<target host="akamaitest.lg.com" />
+	<target host="admin.cms.lg.com" />
+	<target host="www.lg.com" />
+	<target host="wwwstg.lg.com" />
+
+		<exclusion pattern="^http://www(?:stg)?\.lg\.com/(?!\w\w/(?:css|foresee|images|js)/|favicon\.ico|lg3-common(?:-v2)?/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.lg.com/ae" />
+			<test url="http://www.lg.com/au" />
+			<test url="http://www.lg.com/common/index.jsp" />
+			<test url="http://www.lg.com/lg3-common/images/gateway/flag/ico-north03.gif" />
+			<test url="http://www.lg.com/us/mobile" />
+			<test url="http://www.lg.com/us/support/software-manuals" />
+			<test url="http://www.lg.com/us/tv-audio-video" />
+			<test url="http://www.lg.com/us/tvs" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.lg.com/favicon.ico" />
+			<test url="http://www.lg.com/lg3-common/images/gateway/flag/ico-north03.gif" />
 
 
 	<!--	Tracking cookies:
 					-->
 	<securecookie host="^\.lg\.com$" name="^(?:s_\w+|__utm)\w$" />
-	<securecookie host="^(?:admin\.cm|ww)s\.lg\.com$" name=".+" />
-
+	<securecookie host="^admin\.cms\.lg\.com$" name=".+" />
 
-	<rule from="^http://(?:ww[sw]\.)?lg\.com/"
-		to="https://wws.lg.com/" />
 
-	<rule from="^http://(akamaitest|admin\.cms|wwwstg)\.lg\.com/"
-		to="https://$1.lg.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/LGTM.com.xml b/src/chrome/content/rules/LGTM.com.xml
new file mode 100644
index 000000000000..998b648211a3
--- /dev/null
+++ b/src/chrome/content/rules/LGTM.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="LGTM.com">
+	<target host="lgtm.com" />
+	<target host="www.lgtm.com" />
+	<target host="competitions.lgtm.com" />
+	<target host="discuss.lgtm.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/LIHKG.com.xml b/src/chrome/content/rules/LIHKG.com.xml
new file mode 100644
index 000000000000..46321ad49854
--- /dev/null
+++ b/src/chrome/content/rules/LIHKG.com.xml
@@ -0,0 +1,17 @@
+<ruleset name="LIHKG.com">
+	<target host="lihkg.com" />
+	<target host="www.lihkg.com" />
+	<target host="amp.lihkg.com" />
+	<target host="cd-socket-game.lihkg.com" />
+	<target host="cdn.lihkg.com" />
+	<target host="game.lihkg.com" />
+	<target host="pb.lihkg.com" />
+	<target host="r.lihkg.com" />
+	<target host="sendgrid.lihkg.com" />
+	<target host="wtf689.lihkg.com" />
+	<target host="x.lihkg.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/LINBIT.com.xml b/src/chrome/content/rules/LINBIT.com.xml
new file mode 100644
index 000000000000..bf4dc279a12e
--- /dev/null
+++ b/src/chrome/content/rules/LINBIT.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="LINBIT.com (partial)">
+
+	<target host="linbit.com" />
+	<target host="www.linbit.com" />
+	<target host="blogs.linbit.com" />
+	<target host="docs.linbit.com" />
+	<target host="downloads.linbit.com" />
+	<target host="my.linbit.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/LINBIT.xml b/src/chrome/content/rules/LINBIT.xml
deleted file mode 100644
index 83638979172d..000000000000
--- a/src/chrome/content/rules/LINBIT.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<ruleset name="LINBIT">
-
-	<target host="linbit.com" />
-	<!--	* for cross-domain cookie.	-->
-	<target host="*.linbit.com" />
-
-
-	<securecookie host="^(.*\.)?linbit\.com$" name=".*" />
-
-
-	<rule from="^http://(www\.)?linbit\.com/"
-		to="https://$1linbit.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/LINCS.fr.xml b/src/chrome/content/rules/LINCS.fr.xml
new file mode 100644
index 000000000000..31799902cd4b
--- /dev/null
+++ b/src/chrome/content/rules/LINCS.fr.xml
@@ -0,0 +1,19 @@
+<!--
+	Invalid certificate:
+		lincs.fr
+		lists.lincs.fr
+
+-->
+<ruleset name="LINCS.fr">
+
+	<target host="lincs.fr" />
+	<target host="www.lincs.fr" />
+	<target host="salles.lincs.fr" />
+
+	<rule from="^http://lincs\.fr/"
+		to="https://www.lincs.fr/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/LINGUIST-List.xml b/src/chrome/content/rules/LINGUIST-List.xml
index 2cb4d9d54c18..7a054400aadd 100644
--- a/src/chrome/content/rules/LINGUIST-List.xml
+++ b/src/chrome/content/rules/LINGUIST-List.xml
@@ -17,7 +17,6 @@
 
 	<!--	Cert is only valid for ^linguistlist.org.
 								-->
-	<rule from="^https?://(?:www\.)?linguistlist\.org/"
-		to="https://linguistlist.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/LIS.gov.xml b/src/chrome/content/rules/LIS.gov.xml
new file mode 100644
index 000000000000..a21b16294883
--- /dev/null
+++ b/src/chrome/content/rules/LIS.gov.xml
@@ -0,0 +1,21 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://lis.gov/ => https://lis.gov/: Too many redirects while fetching 'https://lis.gov/'
+Fetch error: http://www.lis.gov/ => https://www.lis.gov/: Too many redirects while fetching 'https://www.lis.gov/'
+
+
+-->
+<ruleset name="LIS.gov" default_off="failed ruleset test">
+
+	<target host="lis.gov" />
+	<target host="www.lis.gov" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/LIU.se-falsemixed.xml b/src/chrome/content/rules/LIU.se-falsemixed.xml
new file mode 100644
index 000000000000..d22cac3f006e
--- /dev/null
+++ b/src/chrome/content/rules/LIU.se-falsemixed.xml
@@ -0,0 +1,34 @@
+<!--
+	For rules not causing false/broken MCB, see LIU.se.xml.
+
+-->
+<ruleset name="LIU.se (false MCB)" platform="mixedcontent">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.bibl.liu.se" />
+	<target host="www2.bibl.liu.se" />
+
+	<target host="commsys.isy.liu.se" />
+	<target host="www.commsys.isy.liu.se" />
+
+	<!--	Complications:
+				-->
+	<target host="www3.bibl.liu.se" />
+
+		<!--	Mixed css:
+					-->
+		<test url="http://www2.bibl.liu.se/widget/hours/four.aspx?lang=eng" />
+
+
+	<securecookie host="^\." name="^_gat?$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://www3\.bibl\.liu\.se/"
+		to="https://www2.bibl.liu.se/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/LIU.se.xml b/src/chrome/content/rules/LIU.se.xml
index 3a53f087c43d..06c95cee19a5 100644
--- a/src/chrome/content/rules/LIU.se.xml
+++ b/src/chrome/content/rules/LIU.se.xml
@@ -1,32 +1,170 @@
 <!--
-	Linkoping university
+	Linköping university
+
+	For rules causing false/broken MCB, see LIU.se-falsemixed.xml.
 
 	Lots of subdomains lack ssl.
 
 
-	Nonfunctional subdomains:
+	Nonfunctional hosts in *liu.se:
+
+		- noplagiat.bibl ¹
+		- blog ²
+		- www.ep ³
+		- www.filfak ³
+		- fe.itn ⁴
+		- kts.itn ⁴
+		- ncva.itn ⁴
+		- staffwww.itn ⁵
+		- www.ek.isy ³
+		- m ⁴
+		- mobil ⁶
+		- moviii ³
+		- moviii.isy ³
+		- www.moviii.isy ³
+		- search ³
+		- sah ⁴
+		- e-go.student ⁷
+
+	¹ Dropped
+	² Redirects to http
+	³ Refused
+	⁴ Shows www.liu.se
+	⁵ Plaintext reply
+	⁶ Redirects to www.liu.se
+	⁷ Handshake fails
+
+
+	Problematic hosts in *liu.se:
+
+		- www.bibl ¹
+		- www1.bibl ²
+		- www3.bibl ³
+		- (www.)?commsys.isy ²
+		- www.vehicular.isy ³
+		- planet.lysator ⁴
+		- www.stars ⁵
+		- login.lisam ⁵
+
+	¹ Mixed iframe
+	² Mixed css
+	³ Mismatched
+	⁴ Shows another domain
+	⁵ Expired
+
+
+	These altnames don't exist:
+
+		- servlet.unit.liu.se
+
+
+	Mixed content:
+
+		- iframes, on:
+
+			- www.bibl from www3.bibl.liu.se *
+			- moviii from www.youtube.com *
+
+		- css, on:
 
-		- fe.itn *
-		- kts.itn *
-		- ncva.itn *
-		- www.lysator	(refused)
-		- m *
-		- mobil		(redirects to www, valid cert)
-		- sah *
+			- www2.bibl from maxcdn.bootstrapcdn.com *
+			- www2.bibl, (www.)?commsys.isy, www3.student from www.liu.se *
+			- (www.)?commsys.isy from $self *
 
-	* Shows www, valid cert
+		- Images, on:
+
+			- www.bibl, (www.)?commsys.isy from $self *
+			- www.commsys.isy from www.liu.se *
+			- www.ics.isy from www.youblisher.com
+			- moviii.isy from moviii.liu.se *
+
+		- Bug on (www.)?commsys.isy from www.googletagmanager.com *
+
+	* Secured by us
 
 -->
-<ruleset name="LIU.se">
+<ruleset name="LIU.se (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="liu.se" />
-	<target host="*.liu.se" />
+	<target host="account.liu.se" />
+	<target host="login.e.bibl.liu.se" />
+	<!--target host="www.bibl.liu.se" /-->
+	<!--target host="www2.bibl.liu.se" /-->
+	<target host="fs.liu.se" />
+	<target host="www.hu.liu.se" />
+	<target host="www.ibl.liu.se" />
+	<target host="www.ida.liu.se" />
+	<target host="www.iei.liu.se" />
+	<target host="www.imh.liu.se" />
+	<target host="www.isak.liu.se" />
+	<target host="www.isv.liu.se" />
+
+	<target host="www.bb.isy.liu.se" />
+	<!--target host="commsys.isy.liu.se" /-->
+	<!--target host="www.commsys.isy.liu.se" /-->
+	<target host="www.control.isy.liu.se" />
+	<target host="www.cvl.isy.liu.se" />
+	<target host="www.da.isy.liu.se" />
+	<target host="www.fs.isy.liu.se" />
+	<target host="www.icg.isy.liu.se" />
+	<target host="www.ics.isy.liu.se" />
+	<target host="people.isy.liu.se" />
+	<target host="www.rt.isy.liu.se" />
+	<target host="users.isy.liu.se" />
+	<target host="www.isy.liu.se" />
+
+	<target host="servlet.it.liu.se" />
+	<target host="www.it.liu.se" />
+	<target host="lisam.liu.se" />
+	<target host="lith.liu.se" />
+	<target host="www.lith.liu.se" />
+	<target host="login.liu.se" />
+
+	<target host="datorhandbok.lysator.liu.se" />
+	<target host="git.lysator.liu.se" />
+	<target host="jskom.lysator.liu.se" />
+	<target host="lists.lysator.liu.se" />
+	<target host="www.lysator.liu.se" />
+
+	<target host="student.liu.se" />
+	<target host="www.student.liu.se" />
+	<target host="www3.student.liu.se" />
+	<target host="www.tema.liu.se" />
+	<target host="www.liu.se" />
+
+	<!--	Complications:
+				-->
+	<!--target host="www3.bibl.liu.se" /-->
+	<target host="www.vehicular.isy.liu.se" />
+	<target host="planet.lysator.liu.se" />
+
+		<!--	Mixed css:
+					-->
+		<!--test url="http://www2.bibl.liu.se/widget/hours/four.aspx?lang=eng" /-->
+
+		<!--	Mixed image:
+					-->
+		<test url="http://www3.student.liu.se/portal/eng" />
+
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<!--rule from="^http://www3\.bibl\.liu\.se/"
+		to="https://www2.bibl.liu.se/" /-->
+
+	<rule from="^http://www\.vehicular\.isy\.liu\.se/"
+		to="https://www.fs.isy.liu.se/" />
 
+	<rule from="^http://planet\.lysator\.liu\.se/+"
+		to="https://www.lysator.liu.se/planet/" />
 
-	<rule from="^http://(?:www\.)?(lith\.|student\.)?liu\.se/"
-		to="https://www.$1liu.se/" />
+		<test url="http://planet.lysator.liu.se//home.php" />
 
-	<rule from="^http://www\.(hu|ibl|ida|imh|isak|isv|tema)\.liu\.se/"
-		to="https://www.$1.liu.se/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/LI_CDN.com.xml b/src/chrome/content/rules/LI_CDN.com.xml
new file mode 100644
index 000000000000..6b548ad04d1a
--- /dev/null
+++ b/src/chrome/content/rules/LI_CDN.com.xml
@@ -0,0 +1,17 @@
+<!--
+	For other LinkedIn coverage, see LinkedIn.xml.
+
+	Nonfunctional subdomains:
+		- m.c.lnkd *
+		- s.c.lnkd *
+	* 400; mismatched, CN: *.hs.llnwd.net
+-->
+<ruleset name="LI_CDN.com">
+	<target host="dlc1-s.licdn.com" />
+	<target host="dlc2-s.licdn.com" />
+	<target host="media.licdn.com" />
+	<target host="snap.licdn.com" />
+	<target host="static.licdn.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/LKD.org.tr.xml b/src/chrome/content/rules/LKD.org.tr.xml
new file mode 100644
index 000000000000..503cd5ef4d61
--- /dev/null
+++ b/src/chrome/content/rules/LKD.org.tr.xml
@@ -0,0 +1,31 @@
+<!--
+	Nonfunctional subdomains:
+
+		- gunluk *
+
+	* Shows www
+
+
+	^: cert only matches *.lkd.org.tr
+
+
+	Mixed content:
+
+		- css from $self ¹
+
+		- Image from gunluk ²
+
+	¹ Secured by us
+	² Unsecurable <= 404
+
+-->
+<ruleset name="LKD.org.tr (partial)" default_off="expired, self-signed">
+
+	<target host="lkd.org.tr" />
+	<target host="www.lkd.org.tr" />
+
+
+	<rule from="^http://(?:www\.)?lkd\.org\.tr/"
+		to="https://www.lkd.org.tr/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/LKML.xml b/src/chrome/content/rules/LKML.xml
index 58b528bd191a..2c2a0ecc2086 100644
--- a/src/chrome/content/rules/LKML.xml
+++ b/src/chrome/content/rules/LKML.xml
@@ -1,17 +1,13 @@
-<!--
-	Cert only matches ^lkml.org
-
--->
-<ruleset name="LKML">
+<ruleset name="LKML.org">
 
 	<target host="lkml.org" />
 	<target host="www.lkml.org" />
 
 
-	<securecookie host="^lkml\.org$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?lkml\.org/"
-		to="https://lkml.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/LKQD.net.xml b/src/chrome/content/rules/LKQD.net.xml
new file mode 100644
index 000000000000..a681c9752358
--- /dev/null
+++ b/src/chrome/content/rules/LKQD.net.xml
@@ -0,0 +1,30 @@
+<!--
+	Self-signed cert:
+		- lookup.lkqd.net
+		- rs-lb-a.lkqd.net
+		- rs-lb-b.lkqd.net
+
+	Timeout
+		- lkqd.net
+		- www.lkqd.net
+
+-->
+<ruleset name="LKQD.net (partial)">
+
+	<target host="ad.lkqd.net" />
+	<target host="creative.lkqd.net" />
+	<target host="cs.lkqd.net" />
+	<target host="m.lkqd.net" />
+	<target host="optout.lkqd.net" />
+	<target host="s.lkqd.net" />
+	<target host="ssp.lkqd.net" />
+	<target host="t.lkqd.net" />
+	<target host="us.lkqd.net" />
+	<target host="v.lkqd.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/LK_Mart.xml b/src/chrome/content/rules/LK_Mart.xml
deleted file mode 100644
index 4901d7374d07..000000000000
--- a/src/chrome/content/rules/LK_Mart.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	Expired 2012-05-22.
-
--->
-<ruleset name="LK Mart" default_off="expired">
-
-	<target host="lkmart.com.au" />
-	<target host="*.lkmart.com.au" />
-
-
-	<securecookie host="^\.lkmart\.com\.au$" name=".+" />
-
-
-	<rule from="^https?://(?:www\.)?lkmart\.com\.au/"
-		to="https://www.lkmart.com.au/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/LLS.org.xml b/src/chrome/content/rules/LLS.org.xml
index 2bbd28e47c34..14c43b9170aa 100644
--- a/src/chrome/content/rules/LLS.org.xml
+++ b/src/chrome/content/rules/LLS.org.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://community.lls.org/ => https://community.lls.org/: (51, "SSL: no alternative certificate subject name matches target host name 'community.lls.org'")
+
 	Leukemia & Lymphoma Society
 
 
@@ -43,18 +47,17 @@
 	* Secured by us, doesn't trip MCB anyway
 
 -->
-<ruleset name="LLS.org (partial)">
+<ruleset name="LLS.org (partial)" default_off="failed ruleset test">
 
-	<target host="*.lls.org" />
+	<target host="community.lls.org" />
+	<target host="www.lls.org" />
+	<target host="donate.lls.org" />
 
 
 	<securecookie host="^(?:community|donate|www)\.lls\.org$" name=".+" />
 
 
-	<rule from="^http://(community|donate|www)\.lls\.org/"
-		to="https://$1.lls.org/" />
-
-	<rule from="^http://image\.lls-email\.org/"
-		to="https://a248.e.akamai.net/f/1889/6910/5d/image.lls-email.org/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/LLVM.org.xml b/src/chrome/content/rules/LLVM.org.xml
new file mode 100644
index 000000000000..3a2899f23cb6
--- /dev/null
+++ b/src/chrome/content/rules/LLVM.org.xml
@@ -0,0 +1,52 @@
+<!--
+
+	Nonfunctional hosts in *llvm.org:
+
+		- blog ¹
+
+	¹ Refused
+
+	Problematic hosts in *llvm.org:
+
+		- devmtg15 ¹
+		- ftp ¹
+		- lab ¹
+		- new-clang ¹
+		- new-www ¹
+		- lnt ²
+
+	¹ Mismatched
+	² Expired
+
+-->
+<ruleset name="LLVM.org (partial)">
+
+	<target host="llvm.org" />
+	<target host="www.llvm.org" />
+	<target host="apt.llvm.org" />
+	<target host="bugs.llvm.org" />
+	<target host="clang.llvm.org" />
+	<target host="clang-analyzer.llvm.org" />
+	<target host="compiler-rt.llvm.org" />
+	<target host="dragonegg.llvm.org" />
+	<target host="git.llvm.org" />
+	<target host="klee.llvm.org" />
+	<target host="libclc.llvm.org" />
+	<target host="libcxx.llvm.org" />
+	<target host="libcxxabi.llvm.org" />
+	<target host="lists.llvm.org" />
+	<target host="lld.llvm.org" />
+	<target host="lldb.llvm.org" />
+	<target host="openmp.llvm.org" />
+	<target host="polly.llvm.org" />
+	<target host="releases.llvm.org" />
+	<target host="reviews.llvm.org" />
+	<target host="svn.llvm.org" />
+	<target host="vmkit.llvm.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/LMU-Muenchen-IFI.xml b/src/chrome/content/rules/LMU-Muenchen-IFI.xml
new file mode 100644
index 000000000000..3d8fef8a457f
--- /dev/null
+++ b/src/chrome/content/rules/LMU-Muenchen-IFI.xml
@@ -0,0 +1,48 @@
+<!--
+	Ludwig-Maximilians-Universitaet Muenchen
+	department: Institute of Informatics / Institut fuer Informatik
+
+	Ruleset for main page, see LMU-Muenchen.xml
+
+	Error:
+    - www.mobile.ifi.lmu.de
+    - www.nm.ifi.lmu.de
+    - www.pms.ifi.lmu.de
+    - www.dbs.ifi.lmu.de
+
+	Mismatch:
+    - www.uniworx.ifi.lmu.de
+    - www.uniworx.informatik.uni-muenchen.de
+    - www.tcs.informatik.uni-muenchen.de
+    - www.mmi.ifi.lmu.de
+
+	Do not exist:
+	- ifi.lmu.de
+    - informatik.uni-muenchen.de
+    - rz.ifi.lmu.de
+
+    Last test date: 07.11.2017
+-->
+
+<ruleset name="LMU Muenchen Institut fuer Informatik">
+  <!-- subdepartments mostly informative and public -->
+  <target host="www.ifi.lmu.de" />
+  <target host="www.informatik.uni-muenchen.de" /> <!-- alias -->
+  <target host="www.tcs.ifi.lmu.de" />
+  <target host="www.bio.ifi.lmu.de" />
+  <target host="www.medien.ifi.lmu.de" />
+  <target host="www.medien.informatik.uni-muenchen.de" /> <!-- alias -->
+  <!-- services and tools -->
+  <target host="conf.cip.ifi.lmu.de" />
+  <target host="conf.cip.informatik.uni-muenchen.de" /> <!-- alias -->
+  <target host="lists.ifi.lmu.de" />
+  <target host="uniworx.ifi.lmu.de" />
+  <target host="uniworx.informatik.uni-muenchen.de" /> <!-- alias -->
+  <target host="webmail.ifi.lmu.de" />
+  <target host="www.rz.ifi.lmu.de" />
+  <target host="tools.rz.ifi.lmu.de" />
+  <target host="survey.rz.ifi.lmu.de" />
+
+  <rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/LMU-Muenchen-Library.xml b/src/chrome/content/rules/LMU-Muenchen-Library.xml
new file mode 100644
index 000000000000..fc6a24e6b09b
--- /dev/null
+++ b/src/chrome/content/rules/LMU-Muenchen-Library.xml
@@ -0,0 +1,24 @@
+<!--
+	Ludwig-Maximilians-Universitaet Muenchen
+	department: Library / Bibliothek
+
+	Ruleset for main page, see LMU-Muenchen.xml
+
+	No https support:
+		- www.ub.uni-muenchen.de
+
+	Do not exist:
+		- ub.uni-muenchen.de
+		- www.opac.ub.uni-muenchen.de
+
+    Last test date: 07.11.2017
+-->
+
+<ruleset name="LMU Muenchen Bibliothek">
+	<!-- library -->
+	<target host="opac.ub.uni-muenchen.de" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
+
diff --git a/src/chrome/content/rules/LMU-Muenchen.xml b/src/chrome/content/rules/LMU-Muenchen.xml
index 26a431acd6cf..46a4f9f4701d 100644
--- a/src/chrome/content/rules/LMU-Muenchen.xml
+++ b/src/chrome/content/rules/LMU-Muenchen.xml
@@ -1,9 +1,48 @@
-<ruleset name="LM Uni Muenchen">
-  <target host="uni-muenchen.de"/>
-  <target host="*.uni-muenchen.de"/>
+<!--
+	Ludwig-Maximilians-Universitaet Muenchen
 
-  <securecookie host="^(.*\.)?uni-muenchen\.de$" name=".*" />
+	Univeristy sites are big. For better maintaining there are seperate rulesets:
+	department: Library / Bibliothek, see LMU-Muenchen-Library.xml
+	department: Institute of Informatics / Institut fuer Informatik, see LMU-Muenchen-IFI.xml
+
+	These altnames don't exist:
+
+		- uni-muenchen.de
+		- en.uni-muenchen.de
+		- portal.uni-muenchen.de
+
+	Mixed content:
+
+		- Images on www.en from www *
+		- Bug on www.en from www.google.com *
+
+	* Secured by us
+
+-->
+<ruleset name="LMU Muenchen">
+
+	<!-- public pages -->
+	<target host="www.uni-muenchen.de" />
+	<target host="cms-static.uni-muenchen.de" />
+	<target host="www.en.uni-muenchen.de" />
+
+	<!-- restricted student sites -->
+	<target host="www.portal.uni-muenchen.de" />
+	<target host="login.portal.uni-muenchen.de" />
+
+	<!--	Secured by server:
+					-->
+	<!--securecookie host="^(cms-static|www\.en|login\.portal)\.uni-muenchen\.de$" name="^JSESSIONID$" /-->
+	<!--securecookie host="^login\.portal\.uni-muenchen\.de$" name="^_idp_authn_lc_key$" /-->
+	<!--
+		Not secured by server:
+					-->
+	<!--securecookie host="^www.portal.uni-muenchen.de$" name="^_shibstate_\d{10}_\w{4}$" /-->
+	<!--securecookie host="^www\.uni-muenchen\.de$" name="^JSESSIONID$" /-->
+
+	<!-- see https://github.com/EFForg/https-everywhere/issues/10161 -->
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
 
-  <rule from="^http://(?:www\.)?uni-muenchen\.de/" to="https://www.uni-muenchen.de/"/>
-  <rule from="^http://uni-muenchen\.de/" to="https://www.uni-muenchen.de/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/LNTECC.com.xml b/src/chrome/content/rules/LNTECC.com.xml
new file mode 100644
index 000000000000..03b58d32f569
--- /dev/null
+++ b/src/chrome/content/rules/LNTECC.com.xml
@@ -0,0 +1,20 @@
+<!--
+	Mixed content:
+
+		- css from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="LNTECC.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="lntecc.com" />
+	<target host="www.lntecc.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/LONAP.xml b/src/chrome/content/rules/LONAP.xml
index 3c9738e25ed7..04b43c4a37d3 100644
--- a/src/chrome/content/rules/LONAP.xml
+++ b/src/chrome/content/rules/LONAP.xml
@@ -2,7 +2,7 @@
     <target host="lonap.net" />
     <target host="*.lonap.net" />
 
-    <rule from="^https?://lonap\.net/"
+    <rule from="^http://lonap\.net/"
         to="https://www.lonap.net/"/>
     <rule from="^http://([^/:@]+)?\.lonap\.net/"
         to="https://$1.lonap.net/" />
diff --git a/src/chrome/content/rules/LP4.io.xml b/src/chrome/content/rules/LP4.io.xml
new file mode 100644
index 000000000000..0b55d5eb355c
--- /dev/null
+++ b/src/chrome/content/rules/LP4.io.xml
@@ -0,0 +1,126 @@
+<!-- Timeout:
+		- admin.au.lp4.io
+		- b2a.lp4.io
+		- www.lp4.io
+		- db0a.lp4.io
+		- b0b.lp4.io
+		- db0c.lp4.io
+		- db10h.lp4.io
+		- db10i.lp4.io
+		- db10j.lp4.io
+		- db11f.lp4.io
+		- db11g.lp4.io
+		- db11h.lp4.io
+		- db13a.lp4.io
+		- db13b.lp4.io
+		- db13d.lp4.io
+		- db14a.lp4.io
+		- db14b.lp4.io
+		- db14c.lp4.io
+		- db15a.lp4.io
+		- db15b.lp4.io
+		- db15c.lp4.io
+		- db16a.lp4.io
+		- db16b.lp4.io
+		- db16c.lp4.io
+		- db17a.lp4.io
+		- db17b.lp4.io
+		- db17c.lp4.io
+		- db18a.lp4.io
+		- db18b.lp4.io
+		- db18c.lp4.io
+		- db19a.lp4.io
+		- db19b.lp4.io
+		- db19c.lp4.io
+		- db6g.lp4.io
+		- db6h.lp4.io
+		- db6i.lp4.io
+		- db7a.lp4.io
+		- db7b.lp4.io
+		- db7c.lp4.io
+		- db7e.lp4.io
+		- db7f.lp4.io
+		- db7g.lp4.io
+		- db8b.lp4.io
+		- db8c.lp4.io
+		- db8d.lp4.io
+		- db8e.lp4.io
+		- db8f.lp4.io
+		- db9a.lp4.io
+		- db9d.lp4.io
+		- db9e.lp4.io
+		- db9f.lp4.io
+		- dev.lp4.io
+		- ps1e.lp4.io
+		- ps1f.lp4.io
+		- z1a.lp4.io
+		- zno.lp4.io
+		- z.lp4.io
+
+	 Cert mismatch:
+		- d2f.lp4.io (linkpulse.com)
+		- db8a.lp4.io
+		- ps1c.lp4.io
+		- d2d.lp4.io
+		- d2g.lp4.io
+		- d2h.lp4.io
+		- d2i.lp4.io
+		- d2j.lp4.io
+		- admin2.lp4.io
+		- db9b.lp4.io
+
+	Connection refused:
+		- d2a.lp4.io
+		- d2b.lp4.io
+		- d2c.lp4.io
+		- d2e.lp4.io
+		- a1a.lp4.io
+		- a1b.lp4.io
+		- archive.lp4.io
+		- db7d.lp4.io
+		- db9c.lp4.io
+		- l.lp4.io
+		- lb1b.lp4.io
+		- l2a.lp4.io
+		- l2b.lp4.io
+		- l2c.lp4.io
+		- ll.lp4.io
+		- lno.lp4.io
+		- p1a.lp4.io
+		- p1b.lp4.io
+		- p1c.lp4.io
+		- p1d.lp4.io
+		- p1e.lp4.io
+		- p1f.lp4.io
+		- p1g.lp4.io
+		- p1h.lp4.io
+		- ps1b.lp4.io
+		- ps1d.lp4.io
+		- r.lp4.io
+		- rd1a.lp4.io
+
+
+	Incomplete chain:
+		- log.lp4.io
+-->
+
+<ruleset name="LP4.io">
+
+	<target host="app-eu.lp4.io"/>
+	<target host="lb1a.lp4.io"/>
+	<target host="lb1c.lp4.io"/>
+	<target host="lb1d.lp4.io"/>
+	<target host="lb1e.lp4.io"/>
+	<target host="lb1f.lp4.io"/>
+	<target host="lbapp1a.lp4.io"/>
+	<target host="lbapp1b.lp4.io"/>
+	<target host="p.lp4.io"/>
+	<target host="pde.lp4.io"/>
+	<target host="pit.lp4.io"/>
+	<target host="pno.lp4.io"/>
+	<target host="pp.lp4.io"/>
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/LPAC.co.uk.xml b/src/chrome/content/rules/LPAC.co.uk.xml
new file mode 100644
index 000000000000..9c646208a5ec
--- /dev/null
+++ b/src/chrome/content/rules/LPAC.co.uk.xml
@@ -0,0 +1,15 @@
+<ruleset name="LPAC.co.uk">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="lpac.co.uk" />
+	<target host="www.lpac.co.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/LPI.org.xml b/src/chrome/content/rules/LPI.org.xml
index ffdb0bec5dbd..9f2c9207517e 100644
--- a/src/chrome/content/rules/LPI.org.xml
+++ b/src/chrome/content/rules/LPI.org.xml
@@ -11,13 +11,13 @@
 <ruleset name="LPI.org">
 
 	<target host="lpi.org" />
-	<target host="*.lpi.org" />
+	<target host="cs.lpi.org" />
+	<target host="www.lpi.org" />
 
 
 	<securecookie host="^cs\.lpi\.org$" name=".+" />
 
 
-	<rule from="^http://(cs\.|www\.)?lpi\.org/"
-		to="https://$1lpi.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/LPICE.eu.xml b/src/chrome/content/rules/LPICE.eu.xml
index 5fe487e92560..4ef215709758 100644
--- a/src/chrome/content/rules/LPICE.eu.xml
+++ b/src/chrome/content/rules/LPICE.eu.xml
@@ -1,23 +1,27 @@
 <!--
-	Linux Professional Institute Central Europe
-
-
-	Fully covered subdomains:
-
-		- (www.)
-		- lpievent
+	Remark: *.lpice.eu has a wildcard DNS record, wildcard
+		certificate, HSTS header but lacked a proper setting
+		to be preload as of May 2017.
 
+	Non-functional hosts
+		Timeout was reached:
+			 - programm.lpice.eu
 -->
-<ruleset name="LPICE.eu" platform="cacert">
-
+<ruleset name="LPICE.eu">
 	<target host="lpice.eu" />
-	<target host="*.lpice.eu" />
-
-
-	<securecookie host="^www\.lpice\.eu$" name=".+" />
-
-
-	<rule from="^http://(lpievent\.|www\.)?lpice\.eu/"
-		to="https://$1lpice.eu/" />
-
-</ruleset>
\ No newline at end of file
+	<target host="www.lpice.eu" />
+	<target host="cebit-2010.lpice.eu" />
+	<target host="examlab.lpice.eu" />
+	<target host="foerderung.lpice.eu" />
+	<target host="forum.lpice.eu" />
+	<target host="lpievent.lpice.eu" />
+	<target host="pagenotfound.lpice.eu" />
+	<target host="partner.lpice.eu" />
+	<target host="partnertagung-2014.lpice.eu" />
+	<target host="proxy.lpice.eu" />
+	<target host="stats.lpice.eu" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/LPO.org.uk.xml b/src/chrome/content/rules/LPO.org.uk.xml
new file mode 100644
index 000000000000..173973a8fe3b
--- /dev/null
+++ b/src/chrome/content/rules/LPO.org.uk.xml
@@ -0,0 +1,22 @@
+<!--
+	Some pages redirect to http.
+
+-->
+<ruleset name="LPO.org.uk (partial)">
+
+	<target host="lpo.org.uk" />
+	<target host="www.lpo.org.uk" />
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="^http://(www\.)?lpo\.org\.uk/+($|\?|contact/contact-us\.html|register/forgotpassword\.html|support/donate-now\.html)" /-->
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="^http://(www\.)?lpo\.org\.uk/+(?!components/|images/|register/create-new-account\.html|sign-in\.html|templates/)" /-->
+
+
+	<rule from="^http://(www\.)?lpo\.org\.uk/(?=components/|images/|register/create-new-account\.html|sign-in\.html|templates/)"
+		to="https://$1lpo.org.uk/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/LSBU.ac.uk.xml b/src/chrome/content/rules/LSBU.ac.uk.xml
new file mode 100644
index 000000000000..6e0da6a159aa
--- /dev/null
+++ b/src/chrome/content/rules/LSBU.ac.uk.xml
@@ -0,0 +1,115 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://autodiscover.lsbu.ac.uk/ => https://autodiscover.lsbu.ac.uk/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://mail.lsbu.ac.uk/ => https://mail.lsbu.ac.uk/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://shibboleth2.lsbu.ac.uk/ => https://shibboleth2.lsbu.ac.uk/: (7, 'Failed to connect to shibboleth2.lsbu.ac.uk port 443: No route to host')
+Fetch error: http://vletrain.lsbu.ac.uk/ => https://vletrain.lsbu.ac.uk/: (28, 'Connection timed out after 20009 milliseconds')
+
+	Nonfunctional hosts in *lsbu.ac.uk:
+
+		- apply ¹
+		- (www.)?blc ²
+		- blog ³
+		- bus ³
+		- clearing ²
+		- ecce3 ⁴
+		- eent3 ⁴
+		- extranet ²
+		- finders ²
+		- www.library ⁵
+		- www.lisa ⁵
+		- museums ⁵
+		- myweb ³
+		- prospectus ⁴
+		- readinglists ³
+
+	¹ Shows default page
+	² Refused
+	³ 404
+	⁴ Dropped
+	⁵ Redirects to www.lsbu.ac.uk
+
+
+	Problematic hosts in *lsbu.ac.uk:
+
+		- ^ ¹
+		- blackboard ²
+		- eportfolio ²
+
+	¹ Mismatched
+	² Missing certificate chain
+
+
+	These altnames don't exist:
+
+		- eportfolioa.lsbu.ac.uk
+		- eportfoliotest.lsbu.ac.uk
+		- eptrain.lsbu.ac.uk
+		- hat.lsbu.ac.uk
+		- www.moodle.lsbu.ac.uk
+		- my1.lsbu.ac.uk
+		- phonebook1.lsbu.ac.uk
+		- prdldape.lsbu.ac.uk
+		- proteus.lsbu.ac.uk
+		- proteus1.lsbu.ac.uk
+		- proteus2.lsbu.ac.uk
+		- www.vle.lsbu.ac.uk
+		- vlea.lsbu.ac.uk
+		- vletest.lsbu.ac.uk
+		- xorn.lsbu.ac.uk
+
+
+	Insecure cookies are set for these domains:
+
+		- .lsbu.ac.uk
+
+-->
+<ruleset name="LSBU.ac.uk (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="authoring.lsbu.ac.uk" />
+	<target host="autodiscover.lsbu.ac.uk" />
+	<target host="alumni.lsbu.ac.uk" />
+	<!--target host="blackboard.lsbu.ac.uk" /-->
+	<target host="connections.lsbu.ac.uk" />
+	<!--target host="eportfolio.lsbu.ac.uk" /-->
+	<target host="hml.lsbu.ac.uk" />
+	<target host="ict-helpdesk.lsbu.ac.uk" />
+	<target host="ictserv1.lsbu.ac.uk" />
+	<target host="idp.lsbu.ac.uk" />
+	<target host="lispac.lsbu.ac.uk" />
+	<target host="m.lispac.lsbu.ac.uk" />
+	<target host="mail.lsbu.ac.uk" />
+	<target host="moodle.lsbu.ac.uk" />
+	<target host="my.lsbu.ac.uk" />
+	<target host="portal.lsbu.ac.uk" />
+	<target host="resadmin.lsbu.ac.uk" />
+	<target host="shibboleth2.lsbu.ac.uk" />
+	<target host="stproxy.lsbu.ac.uk" />
+	<target host="vle.lsbu.ac.uk" />
+	<target host="vletrain.lsbu.ac.uk" />
+	<target host="www.lsbu.ac.uk" />
+	<target host="www1.lsbu.ac.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="lsbu.ac.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.lsbu\.ac\.uk$" name="^(?:III_EXPT_FILE|III_SESSION_ID|SESSION_LANGUAGE)$" /-->
+
+	<securecookie host="^\.lsbu\.ac\.uk$" name="^(?:III_EXPT_FILE|III_SESSION_ID|SESSION_LANGUAGE)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://lsbu\.ac\.uk/"
+		to="https://www.lsbu.ac.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/LSE.ac.uk.xml b/src/chrome/content/rules/LSE.ac.uk.xml
index d358cdbc7a68..ad75f01dbfb1 100644
--- a/src/chrome/content/rules/LSE.ac.uk.xml
+++ b/src/chrome/content/rules/LSE.ac.uk.xml
@@ -2,6 +2,13 @@
 	London School of Economics
 
 
+	Nonfunctional subdomains:
+
+		- richmedia *
+
+	* Refused
+
+
 	Problematic subdomains:
 
 		- ^	(404)
diff --git a/src/chrome/content/rules/LSI.com.xml b/src/chrome/content/rules/LSI.com.xml
deleted file mode 100644
index 4abfeba75a42..000000000000
--- a/src/chrome/content/rules/LSI.com.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<!--
-	LSI Corporation
-
-
-		CDN buckets:
-
-			- investor.shareholder.com/lsi/
-
-
-	Nonfunctional subdomains:
-
-		- blog	(shows rxpharmacyusa.com; mismatched, CN: rxpharmacyusa.com)
-
--->
-<ruleset name="LSI.com (partial)">
-
-	<target host="lsi.com" />
-	<target host="www.lsi.com" />
-
-
-	<rule from="^http://(www\.)?lsi\.com/"
-		to="https://$1lsi.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/LSO.com.xml b/src/chrome/content/rules/LSO.com.xml
index 00ba1fa36f61..b348f8970794 100644
--- a/src/chrome/content/rules/LSO.com.xml
+++ b/src/chrome/content/rules/LSO.com.xml
@@ -2,5 +2,5 @@
   <target host="lso.com" />
   <target host="www.lso.com" />
 
-  <rule from="^http://(?:www\.)?lso\.com/" to="https://www.lso.com/" />
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/LS_CDN.net.xml b/src/chrome/content/rules/LS_CDN.net.xml
new file mode 100644
index 000000000000..6af19691a512
--- /dev/null
+++ b/src/chrome/content/rules/LS_CDN.net.xml
@@ -0,0 +1,50 @@
+<!--
+	For other LivingSocial coverage, see LivingSocial.xml.
+
+
+	CDN buckets:
+
+		- a248.e.akamai.net/si.lscdn.net/
+
+
+	Problematic hosts in *lscdn.net:
+
+		- a *
+
+	* Mismatched
+
+
+	Fully covered hosts in *lscdn.net:
+
+		- a		(→ a248.e.akamai.net)
+		- a[0-5]
+		- *.ak		(a\d)
+
+
+	These altnames don't exist:
+
+		- www.corporate.livingsocial.com
+
+-->
+<ruleset name="LS CDN.net">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="a0.lscdn.net" />
+	<target host="a1.lscdn.net" />
+	<target host="a2.lscdn.net" />
+	<target host="a3.lscdn.net" />
+	<target host="a4.lscdn.net" />
+	<target host="a5.lscdn.net" />
+
+	<!--	Complications:
+				-->
+	<target host="a.lscdn.net" />
+
+	<rule from="^http://a\.lscdn\.net/"
+		to="https://a0.lscdn.net/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/LTER.xml b/src/chrome/content/rules/LTER.xml
index 55e5ec99c434..42187cbfcc82 100644
--- a/src/chrome/content/rules/LTER.xml
+++ b/src/chrome/content/rules/LTER.xml
@@ -1,4 +1,6 @@
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://lternet.edu/ => https://www.lternet.edu/: (35, 'error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol')
 	Problematic subdomains:
 
 		- ^		(cert only matches *.lternet.edu)
@@ -14,7 +16,10 @@
 <ruleset name="LTER">
 
 	<target host="lternet.edu" />
-	<target host="*.lternet.edu" />
+	<target host="intranet.lternet.edu" />
+	<target host="intranet2.lternet.edu" />
+	<target host="metacat.lternet.edu" />
+	<target host="www.lternet.edu" />
 		<exclusion pattern="^http://intranet2\.lternet\.edu/(?!misc/|modules/|sites/|(?:track|us)er(?:$|\?|/))" />
 
 
@@ -28,7 +33,6 @@
 	<rule from="^http://intranet2?\.lternet\.edu/"
 		to="https://intranet2.lternet.edu/" />
 
-	<rule from="^http://(metacat|www)\.lternet\.edu/"
-		to="https://$1.lternet.edu/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/LTH.se.xml b/src/chrome/content/rules/LTH.se.xml
new file mode 100644
index 000000000000..0163f9d69449
--- /dev/null
+++ b/src/chrome/content/rules/LTH.se.xml
@@ -0,0 +1,50 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://doc.ddg.lth.se/ => https://doc.ddg.lth.se/: (60, 'SSL certificate problem: self signed certificate in certificate chain')
+
+	Lunds Tekniska Högskola
+
+
+	Nonfunctional hosts in *lth.se:
+
+		- ftp.df *
+
+	* Refused
+
+
+	Problematic hosts in *lth.se:
+
+		- ^ ¹
+		- student ²
+		-  www.student ³
+
+	¹ Cert only matches www
+	² Shows doc.ddg; mismatched
+	³ Works; mismatched, CN: www.lth.se
+
+
+	Mixed content:
+
+		- Image on www from www.lu.se
+
+-->
+<ruleset name="LTH.se (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="doc.ddg.lth.se" />
+	<target host="www.lth.se" />
+
+	<!--	Complications:
+				-->
+	<target host="lth.se" />
+
+
+	<rule from="^http://lth\.se/"
+		to="https://www.lth.se/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/LTRADIO.com.xml b/src/chrome/content/rules/LTRADIO.com.xml
index 9f1a8097a7e8..f8bb414f7752 100644
--- a/src/chrome/content/rules/LTRADIO.com.xml
+++ b/src/chrome/content/rules/LTRADIO.com.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(?:www\.)?ltradio\.com/"
 		to="https://www.ltradio.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/LTTStore.com.xml b/src/chrome/content/rules/LTTStore.com.xml
new file mode 100644
index 000000000000..e468bb5253dc
--- /dev/null
+++ b/src/chrome/content/rules/LTTStore.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="LTTStore.com">
+	<target host="lttstore.com" />
+	<target host="www.lttstore.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/LTTng_Project.xml b/src/chrome/content/rules/LTTng_Project.xml
index 2d73b9e1c62a..e6f09902f56e 100644
--- a/src/chrome/content/rules/LTTng_Project.xml
+++ b/src/chrome/content/rules/LTTng_Project.xml
@@ -1,13 +1,38 @@
-<ruleset name="LTTng Project">
+<!--
+	LTTng Project
+
+
+	Fully covered subdomains:
+
+		- (www.)
+		- ci
+		- git
+		- lists
+		- www
+
+
+	Insecure cookies are set for these domains:
+
+		- bugs.lttng.org
+
+-->
+<ruleset name="LTTng.org">
 
 	<target host="lttng.org" />
-	<target host="*.lttng.org" />
+	<target host="bugs.lttng.org" />
+	<target host="ci.lttng.org" />
+	<target host="git.lttng.org" />
+	<target host="lists.lttng.org" />
+	<target host="www.lttng.org" />
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^bugs\.lttng\.org$" name="^_redmine_default$" /-->
 
 	<securecookie host="^(?:bugs)?\.lttng\.org$" name=".+" />
 
 
-	<rule from="^http://(bugs\.|www\.)?lttng\.org/"
-		to="https://$1lttng.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/LU.se.xml b/src/chrome/content/rules/LU.se.xml
new file mode 100644
index 000000000000..6d7f43ce4e8d
--- /dev/null
+++ b/src/chrome/content/rules/LU.se.xml
@@ -0,0 +1,66 @@
+<!--
+	Lunds universitet
+
+
+	Nonfunctional subdomains:
+
+		- www.fil ¹
+		- (www.)ht ¹
+		- (www.)lub ²
+		- lovisa.lub ²
+		- (www.)lunduniversity ²
+		- www.med ²
+		- www.sol ¹
+		- www4 ¹
+		- www5 ¹
+
+	¹ Plaintext reply
+	² Refused
+
+
+	Problematic subdomains:
+
+		- lucs.ht ¹
+		- lucs ¹
+		- calendar.student ²
+		- webmail.student ²
+
+	¹ Cert only matches www.lucs
+	² Interrupted (google)
+
+
+	Fully covered subdomains:
+
+		- lucs.ht
+		- (www.)lucs		(^ -> www)
+		- calendar.student	(-> www.google.com)
+		- webmail.student	(-> mail.google.com)
+		- webmail
+
+
+	Mixed content:
+
+		- Images on www.lucs from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="LU.se (partial)">
+
+	<target host="*.lu.se" />
+		<!--exclusion pattern="^http://(www\.fil|(www\.)?ht|(www\.)?lub|lovisa\.lub|(www\.)?lunduniversity|www\.med|www\.sol|www4|www5)\.lu\.se/" /-->
+
+
+	<rule from="^http://(?:lucs\.ht|(?:www\.)?lucs)\.lu\.se/"
+		to="https://www.lucs.lu.se/" />
+
+	<rule from="^http://calendar\.student\.lu\.se/.*"
+		to="https://www.google.com/calendar/hosted/student.lu.se" />
+
+	<rule from="^http://webmail\.student\.lu\.se/.*"
+		to="https://mail.google.com/a/student.lu.se" />
+
+	<rule from="^http://webmail\.lu\.se/"
+		to="https://webmail.lu.se/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/LUGoNS.org.xml b/src/chrome/content/rules/LUGoNS.org.xml
new file mode 100644
index 000000000000..9dcf44de4bb9
--- /dev/null
+++ b/src/chrome/content/rules/LUGoNS.org.xml
@@ -0,0 +1,46 @@
+
+<!--
+	No working URL known:
+		atlantic777.lugons.org
+		bandigarf.lugons.org
+		barbossa.lugons.org
+		new.lugons.org
+		samurai.lugons.org
+		tron.lugons.org
+
+	Invalid certificate:
+		gallery.lugons.org
+		jack.lugons.org
+		jelena.lugons.org
+		lab.lugons.org
+		mumble.lugons.org
+		oootranslit.lugons.org
+		posta.lugons.org
+		planet.lugons.org
+		sparrow.lugons.org
+		wiki.lugons.org
+		zion.lugons.org
+
+	Chain issue:
+		forum.lugons.org
+		gentoo-handbook.lugons.org
+		hacker.lugons.org
+		slackbook.lugons.org
+
+-->
+<ruleset name="LUGoNS.org">
+
+	<target host="lugons.org" />
+	<target host="www.lugons.org" />
+	<target host="events.lugons.org" />
+	<target host="libre.lugons.org" />
+	<target host="milobit.lugons.org" />
+	<target host="paste.lugons.org" />
+	<target host="tor.lugons.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/LUU.org.uk.xml b/src/chrome/content/rules/LUU.org.uk.xml
new file mode 100644
index 000000000000..7d7749c2d72e
--- /dev/null
+++ b/src/chrome/content/rules/LUU.org.uk.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- www.luu.org.uk
+
+-->
+<ruleset name="LUU.org.uk">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="luu.org.uk" />
+	<target host="www.luu.org.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.luu\.org\.uk$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/LVOC.org.xml b/src/chrome/content/rules/LVOC.org.xml
new file mode 100644
index 000000000000..62eb9d393605
--- /dev/null
+++ b/src/chrome/content/rules/LVOC.org.xml
@@ -0,0 +1,28 @@
+<!--
+
+
+	NB: Server sends no certificate chain, see https://whatsmychaincert.com
+
+
+	Mixed content:
+
+		- css on ^ from fonts.googleapis.com ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="LVOC.org" default_off="cert-chain">
+
+	<target host="lvoc.org" />
+	<target host="*.lvoc.org" />
+
+		<test url="http://www.lvoc.org/" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/LWN.xml b/src/chrome/content/rules/LWN.xml
index 5f23acb8d3c0..2c612776f5e7 100644
--- a/src/chrome/content/rules/LWN.xml
+++ b/src/chrome/content/rules/LWN.xml
@@ -1,7 +1,15 @@
-<ruleset name="LWN" platform="mixedcontent">
-  <target host="lwn.net" />
-  <target host="www.lwn.net" />
+<!--
+	Certificate mismatch:
+		tex.lwn.net
+		vena.lwn.net
+-->
+<ruleset name="LWN.net">
+	<target host="lwn.net" />
+	<target host="www.lwn.net" />
+	<target host="old.lwn.net" />
+	<target host="static.lwn.net" />
 
-  <rule from="^http://(?:www\.)?lwn\.net/" to="https://lwn.net/"/>
-</ruleset>
+	<securecookie host=".+" name=".+" />
 
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/La-Quadrature-du-Net.xml b/src/chrome/content/rules/La-Quadrature-du-Net.xml
index 691b04150a6d..6b12100ee242 100644
--- a/src/chrome/content/rules/La-Quadrature-du-Net.xml
+++ b/src/chrome/content/rules/La-Quadrature-du-Net.xml
@@ -1,17 +1,41 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- piphone.lqdn.fr
+
+
+	Mixed content:
+
+		- Image on soutien from www *
+
+		- Image on piphone.lqdn.fr from www.europarl.europa.eu
+
+	* Secured by us
+
+-->
 <ruleset name="La Quadrature du Net">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="laquadrature.net" />
-	<target host="*.laquadrature.net" />
+	<target host="soutien.laquadrature.net" />
+	<target host="support.laquadrature.net" />
+	<target host="www.laquadrature.net" />
+
 	<target host="memopol.lqdn.fr" />
+	<target host="piphone.lqdn.fr" />
 
 
-	<securecookie host="^\.laquadrature\.net$" name=".*" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.laquadrature\.net$" name="^SESS[0-9a-f]{32}$" /-->
+	<!--securecookie host="^piphone\.lqdn\.fr$" name="^(?:PHPSESSID|lang)$" /-->
 
+	<securecookie host="^\.laquadrature\.net$" name=".+" />
+	<securecookie host="^piphone\.lqdn\.fr$" name=".+" />
 
-	<rule from="^http://(soutien\.|support\.|www\.)?laquadrature\.net/"
-		to="https://$1laquadrature.net/" />
 
-	<rule from="^http://memopol\.lqdn\.fr/"
-		to="https://memopol.lqdn.fr/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/La-Trouvaille.org.xml b/src/chrome/content/rules/La-Trouvaille.org.xml
new file mode 100644
index 000000000000..75f4c34157dc
--- /dev/null
+++ b/src/chrome/content/rules/La-Trouvaille.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="La-Trouvaille.org">
+
+	<target host="la-trouvaille.org" />
+	<target host="www.la-trouvaille.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/LaCaixa.xml b/src/chrome/content/rules/LaCaixa.xml
index 71822ff69b25..6d15398cc860 100644
--- a/src/chrome/content/rules/LaCaixa.xml
+++ b/src/chrome/content/rules/LaCaixa.xml
@@ -2,8 +2,8 @@
   <target host="lacaixa.es" />
   <target host="*.lacaixa.es" />
 
-  <securecookie host="^(.*\.)?lacaixa\.es$" name=".+" />
+  <securecookie host=".+" name=".+"/>
 
-  <rule from="^https?://lacaixa\.es/" to="https://www.lacaixa.es/"/>
+  <rule from="^http://lacaixa\.es/" to="https://www.lacaixa.es/"/>
   <rule from="^http://([^/:@\.]+)\.lacaixa\.es/" to="https://$1.lacaixa.es/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/LaDepeche.fr.xml b/src/chrome/content/rules/LaDepeche.fr.xml
new file mode 100644
index 000000000000..eba58dfb39cf
--- /dev/null
+++ b/src/chrome/content/rules/LaDepeche.fr.xml
@@ -0,0 +1,60 @@
+<!--
+	Private subdomain:
+		admin.ladepeche.fr
+		autodiscover.ladepeche.fr
+		correspondants.ladepeche.fr
+
+	Different content http/https:
+		annonces.ladepeche.fr
+
+	Secure connection failed:
+		av1.ladepeche.fr
+		infogroupe.ladepeche.fr
+		newsletter.ladepeche.fr
+
+	Refused:
+		blogclubabonnes.ladepeche.fr
+
+	Invalid certificate:
+		conseils.ladepeche.fr
+		ejournal.ladepeche.fr
+		groupe.ladepeche.fr
+		www.groupe.ladepeche.fr
+		www.premium.ladepeche.fr
+		rencontres.ladepeche.fr
+		tvmag.ladepeche.fr
+
+	No working URL known:
+		dmrs.ladepeche.fr
+		offre-clubabonnes.ladepeche.fr
+
+-->
+<ruleset name="LaDepeche.fr">
+
+	<target host="ladepeche.fr" />
+	<target host="www.ladepeche.fr" />
+	<target host="adpurl.ladepeche.fr" />
+	<target host="chat.ladepeche.fr" />
+	<target host="clubabonnes.ladepeche.fr" />
+	<target host="www.clubabonnes.ladepeche.fr" />
+	<target host="dm.ladepeche.fr" />
+		<test url="http://dm.ladepeche.fr/42?" />
+	<target host="dmtk.ladepeche.fr" /><!-- tracking pixel -->
+	<target host="ejournal.ladepeche.fr" />
+	<target host="immo.ladepeche.fr" />
+	<target host="m.ladepeche.fr" />
+	<target host="premium.ladepeche.fr" />
+	<target host="pro.ladepeche.fr" />
+	<target host="purl.ladepeche.fr" />
+	<target host="static.ladepeche.fr" />
+		<test url="http://static.ladepeche.fr/content/media/image/large/2017/04/16/201704161342-full.jpg" />
+	<target host="static-immo.ladepeche.fr" />
+		<test url="http://static-immo.ladepeche.fr/images/loading.gif" />
+	<target host="videos.ladepeche.fr" />
+
+	<rule from="^http://ejournal\.ladepeche\.fr/"
+		to="https://www.ladepeche.fr/a-la-une/filnews/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/LaEditorialUPR.com.xml b/src/chrome/content/rules/LaEditorialUPR.com.xml
new file mode 100644
index 000000000000..666b2a2073de
--- /dev/null
+++ b/src/chrome/content/rules/LaEditorialUPR.com.xml
@@ -0,0 +1,11 @@
+<!--
+	For more UPR.edu related rulesets, see UPR.edu.xml
+-->
+<ruleset name="La Editorial UPR.com">
+	<target host="laeditorialupr.com" />
+	<target host="www.laeditorialupr.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/LaPatilla.com.xml b/src/chrome/content/rules/LaPatilla.com.xml
index f82fb8b8f539..d5c7bdfe7727 100644
--- a/src/chrome/content/rules/LaPatilla.com.xml
+++ b/src/chrome/content/rules/LaPatilla.com.xml
@@ -1,29 +1,8 @@
-<!--
-	CDN buckets:
-
-		- watermelon.vo.llnwd.net
-			- .hs. doesn't exist
-			- cdn.lapatilla.com
-
-
-	Problematic domains:
-
-		- cdn.lapatilla.com	(400, CN: *.hs.llnwd.net)
-
--->
 <ruleset name="LaPatilla.com">
+    <target host="lapatilla.com" />
+    <target host="www.lapatilla.com" />
 
-	<target host="lapatilla.com" />
-	<target host="*.lapatilla.com" />
-
-
-	<securecookie host="^(?:www\.)?lapatilla\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?lapatilla\.com/"
-		to="https://$1lapatilla.com/" />
-
-	<rule from="^https?://cdn\.lapatilla\.com/imagenes\.lapatilla/"
-		to="https://www.lapatilla.com/" />
+    <securecookie host=".+" name=".+" />
 
-</ruleset>
\ No newline at end of file
+    <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/LaPoste.fr.xml b/src/chrome/content/rules/LaPoste.fr.xml
new file mode 100644
index 000000000000..06c49ca998d3
--- /dev/null
+++ b/src/chrome/content/rules/LaPoste.fr.xml
@@ -0,0 +1,49 @@
+<!--
+	Invalid certificate:
+		collectivites.laposte.fr
+		courrier.laposte.fr
+		impression3d.laposte.fr
+		legroupe.laposte.fr
+		pere-noel.laposte.fr
+		recyclagepapier.laposte.fr
+		voeux.laposte.fr
+
+	Refused:
+		www.csuivi.courrier.laposte.fr
+		lehub.laposte.fr
+
+	Secure connection failed:
+		exadelais.laposte.fr
+
+	Time out:
+		objectifzeroco2.laposte.fr
+
+-->
+<ruleset name="La Poste (partial)">
+
+	<target host="laposte.fr" />
+	<target host="www.laposte.fr" />
+	<target host="aide.laposte.fr" />
+	<target host="www.alliancedynamique.laposte.fr" />
+	<target host="annuaire.laposte.fr" />
+	<target host="boutique.laposte.fr" />
+	<target host="pro.boutique.laposte.fr" />
+	<target host="boxecommerce.laposte.fr" />
+	<target host="aide.boutique.laposte.fr" />
+	<target host="compte.laposte.net" />
+	<target host="cotepro.laposte.fr" />
+	<target host="datanova.laposte.fr" />
+	<target host="developer.laposte.fr" />
+	<target host="www.colissimo.entreprise.laposte.fr" />
+	<target host="www.epargnesalariale.laposte.fr" />
+	<target host="www.espacetechniqueetqualite.laposte.fr" />
+	<target host="www.idn.laposte.fr" />
+	<target host="www.lecode.laposte.fr" />
+	<target host="nomade.lyon.laposte.fr" />
+	<target host="m.laposte.fr" />
+	<target host="nomade.laposte.fr" />
+	<target host="webservice.laposte.fr" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/LaRotative.info.xml b/src/chrome/content/rules/LaRotative.info.xml
new file mode 100644
index 000000000000..808f53d2ad46
--- /dev/null
+++ b/src/chrome/content/rules/LaRotative.info.xml
@@ -0,0 +1,14 @@
+<!--
+	No working URL known:
+		ptitrouge.larotative.info
+
+-->
+<ruleset name="La Rotative.info">
+
+	<target host="larotative.info" />
+	<target host="www.larotative.info" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/LaTeX.xml b/src/chrome/content/rules/LaTeX.xml
index 0ddc1eeb4019..d776b7ef47ad 100644
--- a/src/chrome/content/rules/LaTeX.xml
+++ b/src/chrome/content/rules/LaTeX.xml
@@ -1,10 +1,11 @@
-<ruleset name="LaTeX project (partial)" default_off="Certificate mismatch">
-
+<!--
+	Mismatch:
+		- test
+-->
+<ruleset name="LaTeX project">
 	<target host="latex-project.org" />
 	<target host="www.latex-project.org" />
 
-	<rule from="^http://(www\.)?latex-project\.org/(.+\.[^h^x].+)"
-		to="https://www.latex-project.org/$2" />
-
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
-
diff --git a/src/chrome/content/rules/LaTeXTemplates.com.xml b/src/chrome/content/rules/LaTeXTemplates.com.xml
new file mode 100644
index 000000000000..7007e21218c1
--- /dev/null
+++ b/src/chrome/content/rules/LaTeXTemplates.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="LaTeX Templates.com">
+
+	<target host="latextemplates.com" />
+	<target host="www.latextemplates.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/LaTribune.fr.xml b/src/chrome/content/rules/LaTribune.fr.xml
new file mode 100644
index 000000000000..a2a3f82b26ab
--- /dev/null
+++ b/src/chrome/content/rules/LaTribune.fr.xml
@@ -0,0 +1,29 @@
+<!--
+	Refused:
+		abonnement.latribune.fr
+
+	Invalid certificate:
+		actualitededemain.latribune.fr
+		bourse.latribune.fr
+		franchise.latribune.fr
+
+-->
+<ruleset name="La Tribune (partial)">
+
+	<target host="latribune.fr" />
+	<target host="www.latribune.fr" />
+	<target host="acteursdeleconomie.latribune.fr" />
+	<target host="afrique.latribune.fr" />
+	<target host="evenement.latribune.fr" />
+	<target host="marseille.latribune.fr" />
+	<target host="objectifaquitaine.latribune.fr" />
+	<target host="objectif-languedoc-roussillon.latribune.fr" />
+	<target host="static.latribune.fr" />
+	<target host="toulouse.latribune.fr" />
+
+	<rule from="^http://latribune\.fr/"
+		to="https://www.latribune.fr/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/La_Cie.com.xml b/src/chrome/content/rules/La_Cie.com.xml
index 953fa045df7d..1dfcd4bbe5f8 100644
--- a/src/chrome/content/rules/La_Cie.com.xml
+++ b/src/chrome/content/rules/La_Cie.com.xml
@@ -1,19 +1,51 @@
+
 <!--
-	Problematic subdomains:
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.lacie.com/ => https://www.lacie.com/: Too many redirects while fetching 'https://www.lacie.com/'
+Fetch error: http://lacie.com/ => https://www.lacie.com/: Too many redirects while fetching 'https://www.lacie.com/'
+
+	For other Seagate coverage, see Seagate.com.xml.
+
+
+	^lacie.com: Mismatched
+
+
+	These altnames don't exist:
+
+		- origin-www.lacie.com
 
-		- ^	(cert only matches www)
 
+	Insecure cookies are set for these domains and hosts:
 
-	Some pages redirect to http.
+		- .lacie.com
+		- www.lacie.com
 
 -->
-<ruleset name="La Cie.com (partial)">
+<ruleset name="La Cie.com" default_off="failed ruleset test">
 
-	<target host="lacie.com" />
+	<!--	Direct rewrites:
+				-->
+	<target host="is.lacie.com" />
+	<target host="myportal.lacie.com" />
 	<target host="www.lacie.com" />
 
+	<!--	Complications:
+				-->
+	<target host="lacie.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.lacie\.com$" name="^CFTOKEN$" /-->
+	<!--securecookie host="^www\.lacie\.com$" name="^(?:CFID|CFTOKEN|ROUTEID|wwwlacie_prod)$" /-->
 
-	<rule from="^http://(?:www\.)?lacie\.com/(?=favicon\.ico|img/|imgstore/|js/|stylesheets/)"
+	<securecookie host="^(?:www)?\.lacie\.com$" name=".+" />
+
+
+	<rule from="^http://lacie\.com/"
 		to="https://www.lacie.com/" />
 
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/La_Crosse_Alerts.com.xml b/src/chrome/content/rules/La_Crosse_Alerts.com.xml
new file mode 100644
index 000000000000..0ae808b26990
--- /dev/null
+++ b/src/chrome/content/rules/La_Crosse_Alerts.com.xml
@@ -0,0 +1,29 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://lacrossealerts.com/ => https://www.lacrossealerts.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.lacrossealerts.com/ => https://www.lacrossealerts.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+	For other La Cross coverage, see La_Crosse_Technology.com.xml.
+
+
+	^: dropped
+
+-->
+<ruleset name="La Crosse Alerts.com" default_off="failed ruleset test">
+
+	<target host="lacrossealerts.com" />
+	<target host="www.lacrossealerts.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.lacrossealerts\.com$" name="^dd_sessid$" /-->
+
+	<securecookie host="^www\.lacrossealerts\.com$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?lacrossealerts\.com/"
+		to="https://www.lacrossealerts.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/La_Crosse_Technology.com.xml b/src/chrome/content/rules/La_Crosse_Technology.com.xml
new file mode 100644
index 000000000000..0fd7d63b5f3b
--- /dev/null
+++ b/src/chrome/content/rules/La_Crosse_Technology.com.xml
@@ -0,0 +1,27 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://store.lacrossetechnology.com/ => https://store.lacrossetechnology.com/: (6, 'Could not resolve host: www.store.lacrossetechnology.com')
+
+	Other La Crosse Technology rulesets:
+
+		- La_Crosse_Alerts.com.xml
+
+-->
+<ruleset name="La Crosse Technology.com" default_off="failed ruleset test">
+
+	<target host="lacrossetechnology.com" />
+	<target host="store.lacrossetechnology.com" />
+	<target host="www.lacrossetechnology.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.store\.lacrossetechnology\.com$" name="^frontend$" /-->
+
+	<securecookie host="^\.store\.lacrossetechnology\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/La_Naya_Chocolate.xml b/src/chrome/content/rules/La_Naya_Chocolate.xml
new file mode 100644
index 000000000000..c7db61ff128c
--- /dev/null
+++ b/src/chrome/content/rules/La_Naya_Chocolate.xml
@@ -0,0 +1,7 @@
+<ruleset name="La Naya Chocolate">
+	<target host="lanayachocolate.com" />
+	<target host="www.lanayachocolate.com" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Lab-Nation.com.xml b/src/chrome/content/rules/Lab-Nation.com.xml
new file mode 100644
index 000000000000..341dcfb8d4c3
--- /dev/null
+++ b/src/chrome/content/rules/Lab-Nation.com.xml
@@ -0,0 +1,21 @@
+<!--
+	Nonfunctional hosts in *lab-nation.com:
+
+		- wiki *
+
+	* Redirects to www.lab-nation.com
+
+-->
+<ruleset name="Lab-Nation.com (partial)">
+
+	<target host="lab-nation.com" />
+	<target host="www.lab-nation.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/LabCorp.xml b/src/chrome/content/rules/LabCorp.xml
index 32f00024008b..eb8220342eb3 100644
--- a/src/chrome/content/rules/LabCorp.xml
+++ b/src/chrome/content/rules/LabCorp.xml
@@ -1,19 +1,47 @@
-<ruleset name="LabCorp">
-	<target host="labcorp.com" />
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://hypersend.labcorp.com/ => https://hypersend.labcorp.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+	Other LabCorp rulesets:
+
+		- LabCorp_solutions.com.xml
+
+
+	^labcorp.com: Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.labcorp.com
+
+-->
+<ruleset name="LabCorp.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
 	<target host="datalink2.labcorp.com" />
 	<target host="hypersend.labcorp.com" />
 	<target host="www.labcorp.com" />
 	<target host="www3.labcorp.com" />
 	<target host="www4.labcorp.com" />
 
-	<target host="labcorpsolutions.com" />
-	<target host="www.labcorpsolutions.com" />
+	<!--	Complications:
+				-->
+	<target host="labcorp.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.labcorp\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^(?:datalink2|hypersend|www[3-4]?)\.labcorp\.com$" name=".+" />
+
 
-	<securecookie host="^(datalink2|hypersend|www[3-4]?)\.labcorp\.com$" name=".+" />
-	<securecookie host="^((www)?\.)?labcorpsolutions\.com$" name=".+" />
+	<rule from="^http://labcorp\.com/"
+		to="https://www.labcorp.com/" />
 
-	<rule from="^(http://(www\.)?|https://)labcorp\.com/" to="https://www.labcorp.com/" />
-	<rule from="^http://(datalink2|hypersend|www[3-4]?)\.labcorp\.com/" to="https://$1.labcorp.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-	<rule from="^(http://(www\.)?|https://)labcorpsolutions\.com/" to="https://www.labcorpsolutions.com/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/LabCorp_solutions.com.xml b/src/chrome/content/rules/LabCorp_solutions.com.xml
new file mode 100644
index 000000000000..69bd6f9ee166
--- /dev/null
+++ b/src/chrome/content/rules/LabCorp_solutions.com.xml
@@ -0,0 +1,15 @@
+<!--
+	For other LabCorp coverage, see LabCorp.xml.
+
+-->
+<ruleset name="LabCorp solutions.com">
+
+	<target host="www.labcorpsolutions.com" />
+
+
+	<securecookie host="^(?:www)?\.labcorpsolutions\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Labaia.xml b/src/chrome/content/rules/Labaia.xml
index c6800ec5a2bc..511fc1a63071 100644
--- a/src/chrome/content/rules/Labaia.xml
+++ b/src/chrome/content/rules/Labaia.xml
@@ -1,10 +1,16 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://labaia.ws/ => https://labaia.ws/: (28, 'Connection timed out after 20001 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://labaia.ws/ => https://labaia.ws/: (7, 'Failed to connect to labaia.ws port 80: Connection refused')
 	Nonfunctional subdomains:
 
 		- bayimg	(mismatch; reset)
 
 -->
-<ruleset name="labaia.ws (partial)">
+<ruleset name="labaia.ws (partial)" default_off="failed ruleset test">
 
 	<target host="labaia.ws" />
 	<target host="*.labaia.ws" />
diff --git a/src/chrome/content/rules/Labels_IG.com.xml b/src/chrome/content/rules/Labels_IG.com.xml
new file mode 100644
index 000000000000..3c359bda1201
--- /dev/null
+++ b/src/chrome/content/rules/Labels_IG.com.xml
@@ -0,0 +1,20 @@
+<!--
+	Mixed content:
+
+		- Ad from www.manta.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Labels IG.com">
+
+	<target host="labelsig.com" />
+	<target host="www.labelsig.com" />
+
+
+	<securecookie host="^\.(?:www\.)?labelsig\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Labix.org.xml b/src/chrome/content/rules/Labix.org.xml
new file mode 100644
index 000000000000..6866571d3d98
--- /dev/null
+++ b/src/chrome/content/rules/Labix.org.xml
@@ -0,0 +1,27 @@
+<!--
+	Nonfunctional hosts in *.labix.org:
+		- 5gram (m)
+		- bzr (s)
+		- godoc (s)
+		- lists (r)
+		- mail (r)
+		- tracker (s)
+		- ubuntu (m)
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Labix.org">
+	<target host="labix.org" />
+	<target host="www.labix.org" />
+	<target host="blog.labix.org" />
+	<target host="www.blog.labix.org" />
+	<target host="humbox1.labix.org" />
+	<target host="snapdocs.labix.org" />
+
+	<rule from="^http:" to="https:" />
+
+	<securecookie host=".+" name=".+" />
+</ruleset>
diff --git a/src/chrome/content/rules/Labs.Chevronwp7.com.xml b/src/chrome/content/rules/Labs.Chevronwp7.com.xml
deleted file mode 100644
index 2a711215c0b3..000000000000
--- a/src/chrome/content/rules/Labs.Chevronwp7.com.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<!-- Suggested by Christopher Liu
-     https://mail1.eff.org/pipermail/https-everywhere-rules/2012-April/001096.html
-     -->
-<ruleset name="Chevronwp7 Labs">
-    <target host="labs.chevronwp7.com" />
-
-    <rule from="^http://labs\.chevronwp7\.com/"
-        to="https://labs.chevronwp7.com/" />
-
-    <securecookie host="^labs\.chevronwp7\.com" name=".*" />
-</ruleset>
diff --git a/src/chrome/content/rules/Lady_Foot_Locker.xml b/src/chrome/content/rules/Lady_Foot_Locker.xml
index b1937cb4db2f..4a5239db17bc 100644
--- a/src/chrome/content/rules/Lady_Foot_Locker.xml
+++ b/src/chrome/content/rules/Lady_Foot_Locker.xml
@@ -18,17 +18,16 @@
 <ruleset name="Lady Foot Locker">
 
 	<target host="ladyfootlocker.com" />
-	<target host="*.ladyfootlocker.com" />
-	<target host="*.www.ladyfootlocker.com" />
+	<target host="www.ladyfootlocker.com" />
+	<target host="m.ladyfootlocker.com" />
 
 
 	<securecookie host="^.*\.ladyfootlocker\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?ladyfootlocker\.com/"
+	<rule from="^http://(?:www\.)?ladyfootlocker\.com/"
 		to="https://www.ladyfootlocker.com/" />
 
-	<rule from="^http://m\.ladyfootlocker\.com/"
-		to="https://m.ladyfootlocker.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ladysmith-District-Credit-Union.xml b/src/chrome/content/rules/Ladysmith-District-Credit-Union.xml
new file mode 100644
index 000000000000..c428c8e2fdfe
--- /dev/null
+++ b/src/chrome/content/rules/Ladysmith-District-Credit-Union.xml
@@ -0,0 +1,15 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ldcu.ca/ => https://ldcu.ca/: (56, 'SSL read: error:00000000:lib(0):func(0):reason(0), errno 104')
+
+-->
+<ruleset name="Ladysmith District Credit Union" default_off="failed ruleset test">
+	<target host="ldcu.ca" />
+	<target host="www.ldcu.ca" />
+	<target host="mdws.ldcu.ca" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Laffster.xml b/src/chrome/content/rules/Laffster.xml
deleted file mode 100644
index a26325170ac3..000000000000
--- a/src/chrome/content/rules/Laffster.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	!www: times out
-
--->
-<ruleset name="Laffster">
-
-	<target host="nextstudioapps.com" />
-	<target host="*.nextstudioapps.com" />
-
-
-	<securecookie host="^(?:www)?\.nextstudioapps\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?nextstudioapps\.com/"
-		to="https://www.nextstudioapps.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Lagardere_Publicite.xml b/src/chrome/content/rules/Lagardere_Publicite.xml
index e6d15bb920c1..828a819dfc9a 100644
--- a/src/chrome/content/rules/Lagardere_Publicite.xml
+++ b/src/chrome/content/rules/Lagardere_Publicite.xml
@@ -1,15 +1,21 @@
 <!--
-	Nonfunctional subdomains:
-
-		- (www.)	(shows fb; mismatched, CN: fb.lagardere-pub.com)
+	Invalid certificate:
+		demo.lagardere-pub.com
+		info.lagardere-pub.com
+		portailpresse.lagardere-pub.com
+		www.portailpresse.lagardere-pub.com
+		presse.lagardere-pub.com
+		specs.lagardere-pub.com
+		youme.lagardere-pub.com
 
 -->
 <ruleset name="Lagardère Publicité (partial)">
 
-	<target host="fb.lagardere-pub.com" />
+	<target host="lagardere-pub.com" />
+	<target host="www.lagardere-pub.com" />
 
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://fb\.lagardere-pub\.com/"
-		to="https://fb.lagardere-pub.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Lagen.nu.xml b/src/chrome/content/rules/Lagen.nu.xml
new file mode 100644
index 000000000000..8b539a8b540c
--- /dev/null
+++ b/src/chrome/content/rules/Lagen.nu.xml
@@ -0,0 +1,14 @@
+<!--
+	www: cert only matches ^lagen.nu
+
+-->
+<ruleset name="Lagen.nu">
+
+	<target host="lagen.nu" />
+	<target host="www.lagen.nu" />
+
+
+	<rule from="^http://(?:www\.)?lagen\.nu/"
+		to="https://lagen.nu/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/LakeBTC.com.xml b/src/chrome/content/rules/LakeBTC.com.xml
new file mode 100644
index 000000000000..9a6c2a0ea21d
--- /dev/null
+++ b/src/chrome/content/rules/LakeBTC.com.xml
@@ -0,0 +1,27 @@
+<!--
+	Insecure cookies are set for these domains and hosts:
+
+		- .lakebtc.com
+		- www.lakebtc.com
+
+-->
+<ruleset name="LakeBTC.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="lakebtc.com" />
+	<target host="www.lakebtc.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.lakebtc\.com$" name="^lbsession$" /-->
+	<!--securecookie host="^www\.lakebtc\.com$" name="^(?:_lake_session|XSRF-TOKEN|ref)$" /-->
+
+	<securecookie host="^(?:www)?\.lakebtc\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Lakome.com.xml b/src/chrome/content/rules/Lakome.com.xml
deleted file mode 100644
index 13306cd0eb2f..000000000000
--- a/src/chrome/content/rules/Lakome.com.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Lakome.com">
-
-	<target host="lakome.com" />
-	<target host="*.lakome.com" />
-
-
-	<securecookie host="^\.lakome\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?lakome\.com/"
-		to="https://$1lakome.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Lambda-Linux.io.xml b/src/chrome/content/rules/Lambda-Linux.io.xml
new file mode 100644
index 000000000000..268739fecf9d
--- /dev/null
+++ b/src/chrome/content/rules/Lambda-Linux.io.xml
@@ -0,0 +1,22 @@
+<!--
+	www.lambda-linux.io: Refused
+
+-->
+<ruleset name="Lambda-Linux.io">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="lambda-linux.io" />
+
+	<!--	Complications:
+				-->
+	<target host="www.lambda-linux.io" />
+
+
+	<rule from="^http://www\.lambda-linux\.io/"
+		to="https://lambda-linux.io/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/LambdaTek.xml b/src/chrome/content/rules/LambdaTek.xml
index 881c4f5a3d69..9d5770f0757d 100644
--- a/src/chrome/content/rules/LambdaTek.xml
+++ b/src/chrome/content/rules/LambdaTek.xml
@@ -4,10 +4,9 @@
 	<target host="www.lambda-tek.com" />
 
 
-	<securecookie host="^(www\.)?lambda-tek\.com$" name=".*" />
+	<securecookie host="^(?:www\.)?lambda-tek\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?lambda-tek\.com/"
-		to="https://$1lambda-tek.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Lambdaops.com.xml b/src/chrome/content/rules/Lambdaops.com.xml
new file mode 100644
index 000000000000..120b24c0e594
--- /dev/null
+++ b/src/chrome/content/rules/Lambdaops.com.xml
@@ -0,0 +1,23 @@
+<!--
+	Mixed content:
+
+		- css, from:
+
+			- brick.a.ssl.fastly.net *
+			- use.typekit.com *
+
+	* Secured by us
+
+-->
+<ruleset name="lambdaops.com">
+
+	<target host="lambdaops.com" />
+	<target host="www.lambdaops.com" />
+
+
+	<securecookie host="^\.lambdaops\.com$" name="^__cfduid$" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Land-der-Ideen.de.xml b/src/chrome/content/rules/Land-der-Ideen.de.xml
new file mode 100644
index 000000000000..b49a072d7e90
--- /dev/null
+++ b/src/chrome/content/rules/Land-der-Ideen.de.xml
@@ -0,0 +1,12 @@
+<ruleset name="Land-der-Ideen.de">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="land-der-ideen.de" />
+	<target host="www.land-der-ideen.de" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Landal.xml b/src/chrome/content/rules/Landal.xml
new file mode 100644
index 000000000000..76931d412240
--- /dev/null
+++ b/src/chrome/content/rules/Landal.xml
@@ -0,0 +1,81 @@
+<!--
+	For other Wyndham related rulesets, see WyndhamHotels.com.xml
+
+	Non-functional hosts
+		Timeout was reached:
+		- landal.ch
+
+		SSL peer certificate was not OK:
+		- landal.at
+		- landal.be
+		- landal.com
+		- landalgreenparks.com
+		- www.landalgreenparks.com
+		- landal.de
+		- landal.fr
+		- landal.nl
+-->
+<ruleset name="Landal (partial)">
+	<!-- landal.at -->
+	<target host="landal.at" />
+	<target host="www.landal.at" />
+
+	<!-- landal.be -->
+	<target host="landal.be" />
+	<target host="www.landal.be" />
+
+	<!-- landal.ch -->
+	<target host="landal.ch" />
+	<target host="www.landal.ch" />
+
+	<!-- landal.com -->
+	<target host="landal.com" />
+	<target host="www.landal.com" />
+	<target host="secure.landal.com" />
+
+	<target host="landalgreenparks.com" />
+	<target host="www.landalgreenparks.com" />
+
+	<!-- landal.cz -->
+	<target host="landal.cz" />
+	<target host="www.landal.cz" />
+
+	<target host="landal.de" />
+	<target host="www.landal.de" />
+
+	<!-- landal.fr -->
+	<target host="landal.fr" />
+	<target host="www.landal.fr" />
+
+	<!-- landal.nl -->
+	<target host="landal.nl" />
+	<target host="www.landal.nl" />
+
+	<rule from="^http://landal\.at/"
+		to="https://www.landal.at/" />
+
+	<rule from="^http://landal\.be/"
+		to="https://www.landal.be/" />
+
+	<rule from="^http://landal\.ch/"
+		to="https://www.landal.ch/" />
+
+	<rule from="^http://landal\.com/"
+		to="https://www.landal.com/" />
+
+	<rule from="^http://(www\.)?landalgreenparks\.com/"
+		to="https://www.landal.com/" />
+
+	<rule from="^http://landal\.de/"
+		to="https://www.landal.de/" />
+
+	<rule from="^http://landal\.fr/"
+		to="https://www.landal.fr/" />
+
+	<rule from="^http://landal\.nl/"
+		to="https://www.landal.nl/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
+
diff --git a/src/chrome/content/rules/Landfall.se.xml b/src/chrome/content/rules/Landfall.se.xml
new file mode 100644
index 000000000000..da296c5a727e
--- /dev/null
+++ b/src/chrome/content/rules/Landfall.se.xml
@@ -0,0 +1,6 @@
+<ruleset name="Landfall.se">
+	<target host="landfall.se" />
+	<target host="www.landfall.se" />
+	<target host="tabz.landfall.se" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Lands_End.com.xml b/src/chrome/content/rules/Lands_End.com.xml
new file mode 100644
index 000000000000..6eece9242f7f
--- /dev/null
+++ b/src/chrome/content/rules/Lands_End.com.xml
@@ -0,0 +1,48 @@
+<!--
+	Nonfunctional subdomains:
+
+		- blog *
+
+	* 503, valid cert
+
+
+	^: refused
+
+
+	Mixed content:
+
+		- Images on ocs from  $self *
+
+		- Web bugs, on www from:
+
+			- fls.doubleclick.net *
+			- www.imiclk.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Lands End.com">
+
+	<target host="landsend.com" />
+	<target host="www.landsend.com" />
+	<target host="business.landsend.com" />
+
+	<securecookie host="^\.landsend\.com$" name=".+" />
+	<!--
+		Server sets Secure
+					-->
+	<!--securecookie host="^ocs\.landsend\.com$" name=".+" /-->
+
+
+	<exclusion pattern="^http://www\.landsend\.com/.*/_apps/index/app/.*\.html$" />
+	<rule from="^http://(?:www\.)?landsend\.com/"
+		to="https://www.landsend.com/" />
+
+	<rule from="^http://business\.landsend\.com/"
+		to="https://business.landsend.com/" />
+
+
+	<test url="http://www.landsend.com/pps/r3f9221c/js/_apps/index/app/results/results.directive.html" />
+	<test url="http://www.landsend.com/pps/r3f9221c/js/_apps/index/app/breadcrumb/breadcrumb.directive.html" />
+	<test url="http://www.landsend.com/pps/r3f9221c/js/_apps/index/app/sidebar/sidebar.directive.html" />
+</ruleset>
diff --git a/src/chrome/content/rules/Landscape.io.xml b/src/chrome/content/rules/Landscape.io.xml
new file mode 100644
index 000000000000..4cd5cbc20020
--- /dev/null
+++ b/src/chrome/content/rules/Landscape.io.xml
@@ -0,0 +1,20 @@
+<!--
+	blog: mismatched
+
+-->
+<ruleset name="Landscape.io (partial)">
+
+	<target host="landscape.io" />
+	<target host="www.landscape.io" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^landscape\.io$" name="^(csrftoken|t)$" /-->
+
+	<securecookie host="^landscape\.io$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/LandscapePhotographyMagazine.com.xml b/src/chrome/content/rules/LandscapePhotographyMagazine.com.xml
new file mode 100644
index 000000000000..9ab7c0e184a3
--- /dev/null
+++ b/src/chrome/content/rules/LandscapePhotographyMagazine.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="Landscape Photography Magazine">
+
+	<target host="landscapephotographymagazine.com" />
+	<target host="www.landscapephotographymagazine.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Landslide.com.xml b/src/chrome/content/rules/Landslide.com.xml
index 34bf0ba50b44..13d3cb5fb69e 100644
--- a/src/chrome/content/rules/Landslide.com.xml
+++ b/src/chrome/content/rules/Landslide.com.xml
@@ -1,14 +1,21 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://landslide.com/ => https://www.campaignercrm.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://landslide.com/ => https://www.campaignercrm.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 	For other j2 Global coverage, see J2global.com.xml.
 
 
 	(www.): expired 2013-04-20
 
 -->
-<ruleset name="Landslide.com">
+<ruleset name="Landslide.com" default_off="failed ruleset test">
 
 	<target host="landslide.com" />
-	<target host="*.landslide.com" />
+	<target host="www.landslide.com" />
+	<target host="landslide.landslide.com" />
 
 
 	<securecookie host="^landslide\.landslide\.com$" name=".+" />
@@ -19,7 +26,6 @@
 	<rule from="^http://(?:www\.)?landslide\.com/"
 		to="https://www.campaignercrm.com/" />
 
-	<rule from="^http://landslide\.landslide\.com/"
-		to="https://landslide.landslide.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Landure.fr.xml b/src/chrome/content/rules/Landure.fr.xml
index 5afa1633375a..65f2cf0721df 100644
--- a/src/chrome/content/rules/Landure.fr.xml
+++ b/src/chrome/content/rules/Landure.fr.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://howto.landure.fr/ => https://howto.landure.fr/: (60, 'SSL certificate problem: certificate has expired')
+
 	Problematic subdomains:
 
 		- (www.)	(mismatched, CN: *.biapy.fr)
@@ -15,15 +19,13 @@
 	** Unsecurable
 
 -->
-<ruleset name="Landure.fr">
+<ruleset name="Landure.fr" default_off="expired">
 
 	<target host="howto.landure.fr" />
 
+	<securecookie host=".+" name=".+" />
 
-	<securecookie host="^howto\.landure\.fr$" name=".+" />
-
-
-	<rule from="^http://howto\.landure\.fr/"
-		to="https://howto.landure.fr/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Langille.org.xml b/src/chrome/content/rules/Langille.org.xml
new file mode 100644
index 000000000000..145c6dd5de0d
--- /dev/null
+++ b/src/chrome/content/rules/Langille.org.xml
@@ -0,0 +1,17 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://dan.langille.org/ => https://dan.langille.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	(www.)?langille.org: Plaintext reply
+
+-->
+<ruleset name="Langille.org (partial)" default_off="failed ruleset test">
+
+	<target host="dan.langille.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Langtons.com.au.xml b/src/chrome/content/rules/Langtons.com.au.xml
new file mode 100644
index 000000000000..796afefcf391
--- /dev/null
+++ b/src/chrome/content/rules/Langtons.com.au.xml
@@ -0,0 +1,26 @@
+<!--
+	For other Woolworths coverage, see Woolworths.com.au.xml
+
+
+	Nonfunctional subdomains:
+
+		- links.email	(mismatch hostname, CN: *.ibmmarketingcloud.com)
+		- img		(SSL handshake failed)
+		- promo		(mismatch hostname, CN: *.azurewebsites.net)
+		- staging	(expired certificate)
+		- staging2	(expired certificate)
+		- test	(mismatch hostname, CN: *.nzwinesociety.co.nz)
+		- uat	(expired certificate)
+
+-->
+<ruleset name="Langton's">
+
+	<target host="langtons.com.au" />
+	<target host="www.langtons.com.au" />
+	<target host="www2.langtons.com.au" />
+
+	<securecookie host="^www\.langtons\.com\.au$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Language_Perfect.xml b/src/chrome/content/rules/Language_Perfect.xml
index 9b52c8e1b839..0ac075226e4c 100644
--- a/src/chrome/content/rules/Language_Perfect.xml
+++ b/src/chrome/content/rules/Language_Perfect.xml
@@ -23,4 +23,4 @@
 	<rule from="^http://(?:www\.)?languageperfect\.com/(.+\.(?:jp|pn))g"
 		to="https://d177cien2ijyro.cloudfront.net/$1g" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Langui.sh.xml b/src/chrome/content/rules/Langui.sh.xml
new file mode 100644
index 000000000000..60c72d00071d
--- /dev/null
+++ b/src/chrome/content/rules/Langui.sh.xml
@@ -0,0 +1,16 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.langui.sh/ => https://www.langui.sh/: (51, "SSL: no alternative certificate subject name matches target host name 'www.langui.sh'")
+
+-->
+<ruleset name="langui.sh" default_off="failed ruleset test">
+
+	<target host="langui.sh" />
+	<target host="www.langui.sh" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Lanik.us.xml b/src/chrome/content/rules/Lanik.us.xml
new file mode 100644
index 000000000000..a685c3466b04
--- /dev/null
+++ b/src/chrome/content/rules/Lanik.us.xml
@@ -0,0 +1,23 @@
+<!--
+	For Lanik.us
+
+		Works:
+
+			- forums
+			- www
+			- $
+
+		Doesn't Work:
+		nil
+-->
+<ruleset name="Lanik.us">
+	<target host="lanik.us" />
+	<target host="www.lanik.us" />
+	<target host="forums.lanik.us" />
+
+	<rule from="^http:"
+			to="https:" />
+
+	<securecookie host="^forums\.lanik\.us$" name=".+" />
+	<securecookie host="^\.lanik\.us$" name="^__cfduid$" />
+</ruleset>
diff --git a/src/chrome/content/rules/LankyLife.xml b/src/chrome/content/rules/LankyLife.xml
deleted file mode 100644
index d05380a9249b..000000000000
--- a/src/chrome/content/rules/LankyLife.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="LankyLife">
-
-	<target host="lankylife.com" />
-	<target host="*.lankylife.com" />
-
-
-	<securecookie host="^\.lankylife\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?lankylife\.com/"
-		to="https://$1lankylife.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/LansFast.se.xml b/src/chrome/content/rules/LansFast.se.xml
new file mode 100644
index 000000000000..0728fcd751e2
--- /dev/null
+++ b/src/chrome/content/rules/LansFast.se.xml
@@ -0,0 +1,21 @@
+<!--
+	Dropped:
+		- bostad
+
+	HTTP 404:
+		- fs
+
+	SSL protocol error:
+		- www-new
+-->
+
+<ruleset name="LansFast.se">
+	<target host="lansfast.se" />
+	<target host="www.lansfast.se" />
+	<target host="fjarrskrivbord.lansfast.se" />
+	<target host="mail.lansfast.se" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Lansforsakringar.se.xml b/src/chrome/content/rules/Lansforsakringar.se.xml
index 26912c0916c9..9d23f9353c2d 100644
--- a/src/chrome/content/rules/Lansforsakringar.se.xml
+++ b/src/chrome/content/rules/Lansforsakringar.se.xml
@@ -1,5 +1,10 @@
-<!-- This is a swedish insurance company -->
-<ruleset name="Lansforsakringar.se" platform="mixedcontent">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://lansforsakringar.se/ => https://www.lansforsakringar.se/: Too many redirects while fetching 'https://www.lansforsakringar.se/'
+Fetch error: http://www.lansforsakringar.se/ => https://www.lansforsakringar.se/: Too many redirects while fetching 'https://www.lansforsakringar.se/'
+ This is a swedish insurance company -->
+<ruleset name="Lansforsakringar.se" platform="mixedcontent" default_off="failed ruleset test">
 	<target host="lansforsakringar.se" />
 	<target host="www.lansforsakringar.se" />
 	<target host="www1.lansforsakringar.se" />
diff --git a/src/chrome/content/rules/Lanyrd.xml b/src/chrome/content/rules/Lanyrd.xml
deleted file mode 100644
index f348e7babb68..000000000000
--- a/src/chrome/content/rules/Lanyrd.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	CDN buckets:
-
-		- s3.amazonaws.com/static.lanyrd.net/
-
-
-	Some pages redirect to http.
-
--->
-<ruleset name="Lanyrd">
-
-	<target host="lanyrd.com" />
-	<target host="www.lanyrd.com" />
-	<target host="static.lanyrd.net" />
-
-
-	<rule from="^http://(www\.)?lanyrd\.com/s(ignin|tatic/)"
-		to="https://$1lanyrd.com/$2" />
-
-	<rule from="^https?://static\.lanyrd\.net/"
-		to="https://s3.amazonaws.com/static.lanyrd.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Laprox_Sites.xml b/src/chrome/content/rules/Laprox_Sites.xml
deleted file mode 100644
index 80f5e6fbabdc..000000000000
--- a/src/chrome/content/rules/Laprox_Sites.xml
+++ /dev/null
@@ -1,26 +0,0 @@
-<!--
-	Problematic domains:
-
-		- (www.)laprox.com	(mismatched, CN: support.laprox.com)
-		- www.laproxsites.com	(cert only matches ^laproxsites.com)
-
--->
-<ruleset name="Laprox Sites">
-
-	<target host="laprox.com" />
-	<target host="*.laprox.com" />
-	<target host="laproxsites.com" />
-	<target host="www.laproxsites.com" />
-
-
-	<securecookie host="^support\.laprox.com$" name=".+" />
-	<securecookie host="^laproxsites\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?laprox(?:sites)?\.com/"
-		to="https://laproxsites.com/" />
-
-	<rule from="^http://support\.laprox\.com/"
-		to="https://support.laprox.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Laptop.hu.xml b/src/chrome/content/rules/Laptop.hu.xml
index 03946cff321c..6b67c316d130 100644
--- a/src/chrome/content/rules/Laptop.hu.xml
+++ b/src/chrome/content/rules/Laptop.hu.xml
@@ -1,4 +1,24 @@
-<ruleset name="Laptop.hu">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://gfxpro.hu/ => https://gfxpro.hu/: (6, 'Could not resolve host: gfxpro.hu')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://laptop.hu/ => https://laptop.hu/: (7, 'Failed to connect to laptop.hu port 443: Connection refused')
+Fetch error: http://www.laptop.hu/ => https://laptop.hu/: (7, 'Failed to connect to laptop.hu port 443: Connection refused')
+Fetch error: http://regi.laptop.hu/ => https://laptop.hu/: (7, 'Failed to connect to laptop.hu port 443: Connection refused')
+Fetch error: http://leptop.hu/ => https://laptop.hu/: (7, 'Failed to connect to laptop.hu port 443: Connection refused')
+Fetch error: http://laptoponline.hu/ => https://laptop.hu/: (7, 'Failed to connect to laptop.hu port 443: Connection refused')
+Fetch error: http://palmshop.hu/ => https://laptop.hu/: (7, 'Failed to connect to laptop.hu port 443: Connection refused')
+Fetch error: http://notebooknagyker.hu/ => https://laptop.hu/: (7, 'Failed to connect to laptop.hu port 443: Connection refused')
+Fetch error: http://notebookkisker.hu/ => https://laptop.hu/: (7, 'Failed to connect to laptop.hu port 443: Connection refused')
+Fetch error: http://notebook-kisker.hu/ => https://laptop.hu/: (7, 'Failed to connect to laptop.hu port 443: Connection refused')
+Fetch error: http://www.notebooknagyker.hu/ => https://laptop.hu/: (7, 'Failed to connect to laptop.hu port 443: Connection refused')
+Fetch error: http://www.onlinenotebook.hu/ => https://laptop.hu/: (7, 'Failed to connect to laptop.hu port 443: Connection refused')
+Fetch error: http://www.laptoplap.hu/ => https://laptop.hu/: (7, 'Failed to connect to laptop.hu port 443: Connection refused')
+Fetch error: http://gfxpro.hu/ => https://gfxpro.hu/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+-->
+<ruleset name="Laptop.hu" default_off="failed ruleset test">
 	<target host="laptop.hu" />
 	<target host="www.laptop.hu" />
 	<!-- Image hosting, same server, no HTTPS -> redirect -->
@@ -15,6 +35,6 @@
 	<target host="gfxpro.hu" />
 
 	<securecookie host="^laptop\.hu$" name=".+" />
-	<rule from="^http://(www\.|regi\.)?(l[ae]ptop(online|lap)?|notebook(nagy|\-?kis)ker|onlinenotebook|palmshop)\.hu/" to="https://laptop.hu/" />
+	<rule from="^http://(?:www\.|regi\.)?(?:l[ae]ptop(?:online|lap)?|notebook(?:nagy|\-?kis)ker|onlinenotebook|palmshop)\.hu/" to="https://laptop.hu/" />
 	<rule from="^http://gfxpro\.hu/" to="https://gfxpro.hu/" />
 </ruleset>
diff --git a/src/chrome/content/rules/Laravel-News.com.xml b/src/chrome/content/rules/Laravel-News.com.xml
new file mode 100644
index 000000000000..56db10197007
--- /dev/null
+++ b/src/chrome/content/rules/Laravel-News.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- www.laravel-news.com
+
+-->
+<ruleset name="Laravel-News.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="laravel-news.com" />
+	<target host="www.laravel-news.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.laravel-news\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^www\.laravel-news\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Laravel.com.xml b/src/chrome/content/rules/Laravel.com.xml
new file mode 100644
index 000000000000..9c5a6d68fc15
--- /dev/null
+++ b/src/chrome/content/rules/Laravel.com.xml
@@ -0,0 +1,24 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- forge.laravel.com
+
+-->
+<ruleset name="Laravel.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="forge.laravel.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^forge\.laravel\.com$" name="^(?:XSRF-TOKEN|[\da-f]{32}|laravel_session)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Larry_Salibra.com.xml b/src/chrome/content/rules/Larry_Salibra.com.xml
new file mode 100644
index 000000000000..6f10d991a577
--- /dev/null
+++ b/src/chrome/content/rules/Larry_Salibra.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .larrysalibra.com
+
+-->
+<ruleset name="Larry Salibra.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="larrysalibra.com" />
+	<target host="www.larrysalibra.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.larrysalibra\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.larrysalibra\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/LarsJung.de.xml b/src/chrome/content/rules/LarsJung.de.xml
new file mode 100644
index 000000000000..3f3c2e9d83d3
--- /dev/null
+++ b/src/chrome/content/rules/LarsJung.de.xml
@@ -0,0 +1,16 @@
+<!--
+	Mismatched:
+		- www (larsjung.de)
+-->
+
+<ruleset name="LarsJung.de">
+	<target host="larsjung.de" />
+	<target host="www.larsjung.de" />
+	<target host="m.larsjung.de" />
+	<target host="release.larsjung.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://www\.larsjung\.de/" to="https://larsjung.de/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Las-Vegas-Management.xml b/src/chrome/content/rules/Las-Vegas-Management.xml
index 5f1f5a68d4d0..a4ee8d0bf8db 100644
--- a/src/chrome/content/rules/Las-Vegas-Management.xml
+++ b/src/chrome/content/rules/Las-Vegas-Management.xml
@@ -1,12 +1,10 @@
-<ruleset name="Las Vegas Management">
+<ruleset name="Las Vegas Management" default_off="expired">
 
 	<target host="lvmanagement.com" />
 	<target host="www.lvmanagement.com" />
 
 
-	<!--	Cert doesn't match !www.
-				-->
-	<rule from="^https?://(?:www\.)?lvmanagement\.com/"
-		to="https://www.lvmanagement.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Las_Vegas_Review-Journal.xml b/src/chrome/content/rules/Las_Vegas_Review-Journal.xml
index dea0d9a959a7..c9883730c815 100644
--- a/src/chrome/content/rules/Las_Vegas_Review-Journal.xml
+++ b/src/chrome/content/rules/Las_Vegas_Review-Journal.xml
@@ -1,4 +1,10 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://oneday.lvrj.com/ => https://oneday.lvrj.com/: (28, 'Connection timed out after 20000 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://oneday.lvrj.com/ => https://oneday.lvrj.com/: Redirect for 'http://oneday.lvrj.com/' missing Location
 		- www.legacy.com/obituaries/lvrj/
 
 
@@ -17,11 +23,13 @@
 	* Works; mismatched, CN: *.reviewjournal.com
 
 -->
-<ruleset name="Las Vegas Review-Journal (partial)">
+<ruleset name="Las Vegas Review-Journal (partial)" default_off="failed ruleset test">
 
 	<target host="oneday.lvrj.com" />
 	<target host="reviewjournal.com" />
-	<target host="*.reviewjournal.com" />
+	<target host="www.reviewjournal.com" />
+	<target host="myrjnewsstand.reviewjournal.com" />
+	<target host="obits.reviewjournal.com" />
 
 
 	<!--	Tracking cookie:
@@ -42,4 +50,4 @@
 	<rule from="^http://obits\.reviewjournal\.com/(favicon\.ico|Obituaries/(?:AffiliateAdvertisement\.axd|AffiliateArtwork\.axd|_(?:cs|j)s/)|obituaries/lvrj/(?:Images/|ObitsTileCorner\.axd|scripts/)|sites/)"
 		to="https://www.legacy.com/$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Lasallehs.net.xml b/src/chrome/content/rules/Lasallehs.net.xml
new file mode 100644
index 000000000000..a6f096810fb3
--- /dev/null
+++ b/src/chrome/content/rules/Lasallehs.net.xml
@@ -0,0 +1,11 @@
+<ruleset name="lasallehs.net">
+    <target host="boxcast.lasallehs.net" />
+    <target host="help.lasallehs.net" />
+    <target host="moodle.lasallehs.net" />
+    <target host="powerschool.lasallehs.net" />
+    <target host="ps-img.lasallehs.net" />
+
+    <securecookie host=".+" name=".+"/>
+
+    <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Last.fm.xml b/src/chrome/content/rules/Last.fm.xml
index 5a803f8f63aa..9976edf64f11 100644
--- a/src/chrome/content/rules/Last.fm.xml
+++ b/src/chrome/content/rules/Last.fm.xml
@@ -1,35 +1,52 @@
 <!--
 	For other CBS coverage, see CBS.xml.
-
+	For coverage of the last.fm API, see Audioscrobbler.com.xml.
 
 	CDN buckets:
+		- lastfm-img2.akamaized.net
 
-		- static2.last.fm.edgesuite.net
-			- cdn.last.fm
-			- userserve-ak.last.fm
-			- cdn.lst.fm
-
-
-	Nonfunctional domains:
-
-		- userserve
-		- userserve-ak	(Akamai; 503)
+	Mismatch:
+		- m.cn.last.fm
+		- originals.last.fm
+		- trends.last.fm
+		- cdn.lst.fm
 
--->
-<ruleset name="Last.fm (buggy)" default_off="breaks streaming">
+	Refused:
+		- autodiscover.last.fm
+		- cdn-origin.last.fm
+		- status.last.fm
 
-	<target host="last.fm" />
-	<target host="*.last.fm" />
-	<target host="cdn.lst.fm" />
+	Timeout:
+		- blog.last.fm
 
 
-	<rule from="^https?://last\.fm/"
-		to="https://www.last.fm/" />
+	Insecure cookies are set for these hosts: ᶜ
 
-	<rule from="^http://www\.last\.fm/(join|login|settings/lost(?:password|username))"
-		to="https://www.last.fm/$1" />
+		- secure.last.fm
+		- www.last.fm
 
-	<rule from="^https?://cdn\.la?st\.fm/"
-		to="https://www.last.fm/static/" />
+	ᶜ See https://owasp.org/index.php/SecureFlag
 
+-->
+<ruleset name="Last.fm">
+	<target host="last.fm" />
+	<target host="www.last.fm" />
+	<target host="beta.last.fm" />
+	<target host="build.last.fm" />
+	<target host="cdn.last.fm" />
+	<target host="cn.last.fm" />
+	<target host="freedownloads.last.fm" />
+	<target host="m.last.fm" />
+	<target host="musicmanager.last.fm" />
+	<target host="secure.last.fm" />
+	<target host="shop.last.fm" />
+	<target host="static.last.fm" />
+	<target host="static-web.last.fm" />
+	<target host="store.last.fm" />
+
+	<!-- Not secured by server: -->
+	<!--securecookie host="^(?:secure|www)\.last\.fm$" name="^csrftoken$" /-->
+	<securecookie host="^\w" name=".+" />
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/LastPass.com.xml b/src/chrome/content/rules/LastPass.com.xml
new file mode 100644
index 000000000000..63aea7dcfac4
--- /dev/null
+++ b/src/chrome/content/rules/LastPass.com.xml
@@ -0,0 +1,41 @@
+<!--
+	Different content http/https:
+		download-do.lastpass.com
+
+	Invalid certificate:
+		contabo-1.lastpass.com
+		de.lastpass.com
+		e.lastpass.com
+		links.e.lastpass.com
+		www.localvault.lastpass.com
+		links.t.lastpass.com
+
+	No working URL known:
+		lp-cdn.lastpass.com
+		sc-cdn.lastpass.com
+
+	Secure connection failed:
+		oldblog.lastpass.com
+
+-->
+<ruleset name="LastPass.com">
+
+	<target host="lastpass.com" />
+	<target host="*.lastpass.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://lastpass\.com/"
+		to="https://lastpass.com/" />
+
+	<rule from="^http://(do|lp-push-server)-(\d+)\.lastpass\.com/"
+		to="https://$1-$2.lastpass.com/" />
+		<test url="http://do-7.lastpass.com/" />
+		<test url="http://do-13.lastpass.com/" />
+		<test url="http://lp-push-server-95.lastpass.com/" />
+		<test url="http://lp-push-server-715.lastpass.com/" />
+
+	<rule from="^http://(www|0|accounts?|blog|download|enterprise|forums|helpdesk|localvault|m|manda|pollserver|portable|rodan|service|teams|uber|vaul)\.lastpass\.com/"
+		to="https://$1.lastpass.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/LastPass.xml b/src/chrome/content/rules/LastPass.xml
deleted file mode 100644
index dbaca5a36311..000000000000
--- a/src/chrome/content/rules/LastPass.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="LastPass" default_off="Breaks addon ( https://eff.org/r.3Dq )">
-  <target host="lastpass.com" />
-  <target host="www.lastpass.com" />
-
-  <securecookie host="^(.+\.)?lastpass\.com$" name=".*"/>
-
-  <rule from="^http://(?:www\.)?lastpass\.com/" to="https://lastpass.com/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/Lastlog.de.xml b/src/chrome/content/rules/Lastlog.de.xml
new file mode 100644
index 000000000000..cfb91affdd72
--- /dev/null
+++ b/src/chrome/content/rules/Lastlog.de.xml
@@ -0,0 +1,18 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.lastlog.de/ => https://www.lastlog.de/: (51, "SSL: no alternative certificate subject name matches target host name 'www.lastlog.de'")
+
+-->
+<ruleset name="lastlog.de" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="lastlog.de" />
+	<target host="www.lastlog.de" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Lastminute.xml b/src/chrome/content/rules/Lastminute.xml
index a12fc1d8b442..0a4d47febc57 100644
--- a/src/chrome/content/rules/Lastminute.xml
+++ b/src/chrome/content/rules/Lastminute.xml
@@ -1,6 +1,114 @@
-<ruleset name="Lastminute.com">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.carhire.lastminute.com// => https://car-hire.lastminute.com/: (28, 'Connection timed out after 20005 milliseconds')
+Fetch error: http://car-hire.lastminute.com/ => https://car-hire.lastminute.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.es.lastminute.com/ => https://www.es.lastminute.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.es.lastminute.com'")
+Fetch error: http://www.fr.lastminute.com/ => https://www.fr.lastminute.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.fr.lastminute.com'")
+Fetch error: http://www.it.lastminute.com/ => https://www.it.lastminute.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.it.lastminute.com'")
+Fetch error: http://restaurants.lastminute.com/ => https://restaurants.lastminute.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.carhire.lastminute.com/ => https://car-hire.lastminute.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://es.lastminute.com/ => https://www.es.lastminute.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.es.lastminute.com'")
+Fetch error: http://fr.lastminute.com/ => https://www.fr.lastminute.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.fr.lastminute.com'")
+Fetch error: http://it.lastminute.com/ => https://www.it.lastminute.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.it.lastminute.com'")
+
+	Other Lastminute rulesets:
+
+		- LmnCDN.com.xml
+
+
+	Nonfunctional hosts in *lastminute.com:
+
+		- blog ¹
+		- experiences ²
+
+	¹ 404
+	² Redirects to http
+
+
+	Problematic hosts in *lastminute.com:
+
+		- ^ *
+		- www.carhire *
+		- es *
+		- it *
+		- m *
+
+	* Mismatched
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .lastminute.com
+		- car-hire.lastminute.com
+		- .www.es.lastminute.com
+		- .www.fr.lastminute.com
+		- holidays.lastminute.com
+		- .www.it.lastminute.com
+		- .www.lastminute.com
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- www.es, www.fr, www.it, from $self *
+			- www.es, www.fr, www.it, from www.lastminute.com *
+			- www.es, www.fr, www.it, m from s.lmncdn.com *
+			- www.fr from back-lastminute.orchestra-platform.com
+
+		- Bug on www from smdd.adviva.net
+
+	* Secured by us
+
+-->
+<ruleset name="Lastminute.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="car-hire.lastminute.com" />
+	<target host="www.es.lastminute.com" />
+	<target host="www.fr.lastminute.com" />
+	<target host="holidays.lastminute.com" />
+	<target host="www.it.lastminute.com" />
+	<target host="restaurants.lastminute.com" />
+	<target host="spa.lastminute.com" />
   <target host="www.lastminute.com" />
+	<!--	Complications:
+				-->
   <target host="lastminute.com" />
+	<target host="www.carhire.lastminute.com" />
+	<target host="es.lastminute.com" />
+	<target host="fr.lastminute.com" />
+	<target host="it.lastminute.com" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://experiences\.lastminute\.com/(?:$|search$)" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.lastminute\.com$" name="^(?:TLTSID|TLTUID|tyrg1st)$" /-->
+	<!--securecookie host="^car-hire\.lastminute\.com$" name="^PLAY_(?:ERRORS|FLASH|LANG|SESSION)$" /-->
+	<!--securecookie host="^\.www\.(?:es|fr|it)\.lastminute\.com$" name="^THROTTL3$" /-->
+	<!--securecookie host="^holidays\.lastminute\.com$" name="^(?:ASP\.NET_SessionId|b1P)$" /-->
+	<!--securecookie host="^m\.lastminute\.com$" name="^(?:SESSION_ID|configId)$" /-->
+	<!--securecookie host="^\.www\.lastminute\.com$" name="^(?:THROTTL3|partnerId)$" /-->
+
+	<securecookie host="^(?:car-hire|\.www\.(?:es|fr|it)|holidays|\.www)?\.lastminute\.com$" name=".+" />
+
+
+	<rule from="^http://(es\.|fr\.|it\.)?lastminute\.com/"
+		to="https://www.$1lastminute.com/" />
+
+	<!--	Redirect drops forward slash:
+						-->
+	<rule from="^http://www\.carhire\.lastminute\.com/+"
+		to="https://car-hire.lastminute.com/" />
+
+		<test url="http://www.carhire.lastminute.com//" />
 
-  <rule from="^http://(?:www\.)?lastminute\.com/" to="https://www.lastminute.com/"/>
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Laughing-Squid.xml b/src/chrome/content/rules/Laughing-Squid.xml
index 0297a93e745f..ffb8f1ccabaa 100644
--- a/src/chrome/content/rules/Laughing-Squid.xml
+++ b/src/chrome/content/rules/Laughing-Squid.xml
@@ -1,4 +1,7 @@
 <!--
+	For other Laughing Squid coverage, see laughingsquid.com.xml.
+
+
 	CDN buckets:
 
 		- c0500202.cdn.cloudfiles.rackspacecloud.com | c0500202.ssl.cf0.rackcdn.com
@@ -6,24 +9,30 @@
 
 	Nonfunctional domains:
 
-		- (www.)laughingsquid.com *
-		- links.laughingsquid.com
 		- (www.)squid.us
 
-	* At least some pages have started redirecting to http
-	  https://mail1.eff.org/pipermail/https-everywhere-rules/2013-January/001457.html
+
+	www.laughingsquid.us: Mismatched
 
 -->
 <ruleset name="Laughing Squid (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="laughingsquid.us" />
+
+	<!--	Complications:
+				-->
 	<target host="www.laughingsquid.us" />
 
 
-	<securecookie host="^(?:www\.)?laughingsquid\.us$" name=".+" />
+	<securecookie host="^\w" name=".+" />
+
 
+	<rule from="^http://www\.laughingsquid\.us/"
+		to="https://laughingsquid.us/" />
 
-	<rule from="^http://(www\.)?laughingsquid\.us/"
-		to="https://$1laughingsquid.us/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/LaunchGood.com.xml b/src/chrome/content/rules/LaunchGood.com.xml
new file mode 100644
index 000000000000..0785da7379fe
--- /dev/null
+++ b/src/chrome/content/rules/LaunchGood.com.xml
@@ -0,0 +1,11 @@
+<ruleset name="LaunchGood.com">
+	<target host="launchgood.com" />
+	<target host="www.launchgood.com" />
+	<target host="media.launchgood.com" />
+		<test url="http://media.launchgood.com/436a6e92ee1d526fe2568468a386d4488ae0b046/templates/project-admin/tabs/view.html/" />
+	<target host="staging.launchgood.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/LaunchKit.io.xml b/src/chrome/content/rules/LaunchKit.io.xml
new file mode 100644
index 000000000000..38774e2232d4
--- /dev/null
+++ b/src/chrome/content/rules/LaunchKit.io.xml
@@ -0,0 +1,18 @@
+<!--
+	Nonfunctional hosts in *launchkit.io:
+		- blog *
+	* Tumblr
+
+	Insecure cookies are set for these hosts:
+		- launchkit.io
+
+-->
+<ruleset name="LaunchKit.io (partial)">
+	<target host="launchkit.io" />
+	<target host="library.launchkit.io" />
+	<target host="www.launchkit.io" />
+
+	<securecookie host="^launchkit\.io$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/LaunchRock.xml b/src/chrome/content/rules/LaunchRock.xml
index 337a1fab620a..db3206543abe 100644
--- a/src/chrome/content/rules/LaunchRock.xml
+++ b/src/chrome/content/rules/LaunchRock.xml
@@ -47,10 +47,10 @@
 	<securecookie host="^app\.launchrock\.com$" name=".+" />
 
 
-	<rule from="^https?://blog\.launchrock\.com/"
+	<rule from="^http://blog\.launchrock\.com/"
 		to="https://launchrock.wpengine.com/" />
 
 	<rule from="^http://(\w+)\.launchrock\.com/"
 		to="https://$1.launchrock.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Launchclasses.com.xml b/src/chrome/content/rules/Launchclasses.com.xml
new file mode 100644
index 000000000000..b0aaa3423a9a
--- /dev/null
+++ b/src/chrome/content/rules/Launchclasses.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Launchclasses.com">
+	<target host="launchclasses.com" />
+	<target host="www.launchclasses.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Launchkey.com.xml b/src/chrome/content/rules/Launchkey.com.xml
deleted file mode 100644
index d04ab77c3477..000000000000
--- a/src/chrome/content/rules/Launchkey.com.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!-- This rule was automatically generated based on an HSTS
-     preload rule in the Chromium browser.  See
-     https://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.h
-     for the list of preloads.  Sites are added to the Chromium HSTS
-     preload list on request from their administrators, so HTTPS should
-     work properly everywhere on this site.
-
-     Because Chromium and derived browsers automatically force HTTPS for
-     every access to this site, this rule applies only to Firefox. -->
-<ruleset name="Launchkey.com" platform="firefox">
-<target host="launchkey.com" />
-
-<securecookie host="^launchkey\.com$" name=".+" />
-
-<rule from="^http://launchkey\.com/" to="https://launchkey.com/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Launchpad.xml b/src/chrome/content/rules/Launchpad.xml
index 653745368c3d..54b809012989 100644
--- a/src/chrome/content/rules/Launchpad.xml
+++ b/src/chrome/content/rules/Launchpad.xml
@@ -1,33 +1,112 @@
+<!--
+	Problematic domains:
+
+		- blog.launchpad.net *
+
+	* Self-signed
+
+
+	Partially covered subdomains:
+
+		- feeds *
+
+	* Redirects to http
+
+
+	Fully covered domains:
+
+		- launchpad.net
+
+		- [\w.-]+.launchpad.net: *
+
+			- answers
+			- bazaar
+			- blueprints
+			- code
+			- edge
+			- help
+			- login
+			- translations
+			- www
+
+	* Except where excluded below
+
+
+	These altnames don't exist:
+
+		- www.login.launchpad.net
+
+
+	Insecure cookies are set for these domains:
+
+		- blog.launchpad.net
+		- login.launchpad.net
+
+
+	Mixed content:
+
+		- Image on blog from ubuntuone.com ¹
+		- Bugs on blog, help from i.creativecommons.org ²
+
+	¹ Unsecurable <= supports <=ssl3 only
+	² Secured by us
+
+-->
 <ruleset name="Launchpad">
     <target host="launchpad.net" />
     <target host="*.launchpad.net" />
     <target host="launchpadlibrarian.net" />
     <target host="*.launchpadlibrarian.net" />
 
-    <securecookie host="^(.*\.)?launchpad\.net$" name=".+" />
-    <securecookie host="^(.*\.)?launchpadlibrarian\.net$" name=".+" />
+		<!--
+			We preempt redirect from $:
+							-->
+		<exclusion pattern="^http://feeds\.launchpad\.net/(?!$)" />
+		<exclusion pattern="^http://ppa\.launchpad\.net/"/>
+
+			<test url="http://feeds.launchpad.net/" />
+			<test url="http://feeds.launchpad.net/rohc/announcements.atom" />
+			<test url="http://ppa.launchpad.net/" />
+
+
+		<test url="http://answers.launchpad.net/" />
+		<test url="http://bazaar.launchpad.net/" />
+		<test url="http://blueprints.launchpad.net/" />
+		<test url="http://code.launchpad.net/" />
+		<test url="http://edge.launchpad.net/" />
+		<test url="http://help.launchpad.net/" />
+		<test url="http://login.launchpad.net/" />
+		<test url="http://translations.launchpad.net/" />
+		<test url="http://www.launchpad.net/" />
+
+		<test url="http://launchpadlibrarian.net/" />
+
+
+	<!--	Not secured by server:
+					-->    <securecookie host="^(?:.*\.)?launchpadlibrarian\.net$" name=".+" />
 
     <exclusion pattern="^http://blog\.launchpad\.net/" />
     <exclusion pattern="^http://news\.launchpad\.net/" />
 
-    <rule from="^https?://launchpad\.net/"
-        to="https://launchpad.net/" />
-    <rule from="^http://([^/:@]+)?\.launchpad\.net/"
-        to="https://$1.launchpad.net/" />
+		<test url="http://blog.launchpad.net/" />
+		<test url="http://news.launchpad.net/" />
 
     <!-- For the bazaar.launchpad.net domain, the URL
          http://bazaar.launchpad.net/ (where there is nothing after the final
          slash) should be directed to https://launchpad.net/ as a special case.
          URLs such as http://bazaar.launchpad.net/~example/ where content
          does come after the final slash should be handled as normal. -->
-    <rule from="^https?://bazaar\.launchpad\.net/$"
+    <rule from="^http://bazaar\.launchpad\.net/$"
         to="https://launchpad.net/" />
 
-    <rule from="^http://bazaar\.launchpad\.net/(.+)"
-        to="https://bazaar.launchpad.net/$1" />
+	<!--	Redirects as so:
+					-->
+	<rule from="^http://feeds\.launchpad\.net/$"
+		to="https://help.launchpad.net/Feeds" />
+
+		<test url="http://feeds.launchpad.net//" />
+
+    <rule from="^http:"
+        to="https:" />
 
-    <rule from="^https?://launchpadlibrarian\.net/"
-        to="https://launchpadlibrarian.net/" />
-    <rule from="^https?://([^/:@]+)?\.launchpadlibrarian\.net/"
-        to="https://$1.launchpadlibrarian.net/" />
 </ruleset>
diff --git a/src/chrome/content/rules/Laup.xml b/src/chrome/content/rules/Laup.xml
index a38d4d169e84..9334c01f7cce 100644
--- a/src/chrome/content/rules/Laup.xml
+++ b/src/chrome/content/rules/Laup.xml
@@ -1,13 +1,16 @@
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://laup.nu/ => https://laup.nu/: (35, 'error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol')
+-->
 <ruleset name="Laup">
 
 	<target host="laup.nu" />
-	<target host="*.laup.nu" />
+	<target host="www.laup.nu" />
 
 
 	<securecookie host="^\.laup\.nu$" name=".+" />
 
 
-	<rule from="^http://(www\.)?laup\.nu/"
-		to="https://$1laup.nu/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Lautre.net.xml b/src/chrome/content/rules/Lautre.net.xml
new file mode 100644
index 000000000000..db06f1d48a82
--- /dev/null
+++ b/src/chrome/content/rules/Lautre.net.xml
@@ -0,0 +1,11 @@
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://admin.lautre.net/ => http://admin.lautre.net/: Redirect for 'http://admin.lautre.net/' missing Location
+-->
+<ruleset name="Lautre.net admin and webmail area">
+
+       <target host="admin.lautre.net" />
+
+       <rule from="^http://admin\.lautre\.net/(admin|rc)/" to="https://admin.lautre.net/$1/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Lavabit.com.xml b/src/chrome/content/rules/Lavabit.com.xml
deleted file mode 100644
index a6e303f94f6a..000000000000
--- a/src/chrome/content/rules/Lavabit.com.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!-- This rule was automatically generated based on an HSTS
-     preload rule in the Chromium browser.  See
-     https://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.h
-     for the list of preloads.  Sites are added to the Chromium HSTS
-     preload list on request from their administrators, so HTTPS should
-     work properly everywhere on this site.
-
-     Because Chromium and derived browsers automatically force HTTPS for
-     every access to this site, this rule applies only to Firefox. -->
-<ruleset name="Lavabit.com" platform="firefox">
-<target host="liberty.lavabit.com" />
-
-<securecookie host="^liberty\.lavabit\.com$" name=".+" />
-
-<rule from="^http://liberty\.lavabit\.com/" to="https://liberty.lavabit.com/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Lavabit.xml b/src/chrome/content/rules/Lavabit.xml
deleted file mode 100644
index 5d472f8decd6..000000000000
--- a/src/chrome/content/rules/Lavabit.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<ruleset name="Lavabit">
-  <target host="lavabit.com" />
-  <target host="www.lavabit.com" />
-  <target host="click.lavabit.com" />
-  <target host="hosting.lavabit.com" />
-
-  <securecookie host="^(.+\.)?lavabit\.com$" name=".*"/>
-
-  <rule from="^http://(?:www\.)?lavabit\.com/" to="https://lavabit.com/"/>
-  <rule from="^http://(click|hosting)\.lavabit\.com/" to="https://$1.lavabit.com/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/Lavaboom.com.xml b/src/chrome/content/rules/Lavaboom.com.xml
new file mode 100644
index 000000000000..8dc5f2228aa3
--- /dev/null
+++ b/src/chrome/content/rules/Lavaboom.com.xml
@@ -0,0 +1,47 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://lavaboom.com/ => https://lavaboom.com/: (60, 'SSL certificate problem: self signed certificate')
+Fetch error: http://api.lavaboom.com/ => https://api.lavaboom.com/: (60, 'SSL certificate problem: self signed certificate')
+Fetch error: http://mail.lavaboom.com/ => https://mail.lavaboom.com/: (60, 'SSL certificate problem: self signed certificate')
+Fetch error: http://nerd.lavaboom.com/ => https://nerd.lavaboom.com/: (60, 'SSL certificate problem: self signed certificate')
+Fetch error: http://technical.lavaboom.com/ => https://technical.lavaboom.com/: (60, 'SSL certificate problem: self signed certificate')
+Fetch error: http://www.lavaboom.com/ => https://www.lavaboom.com/: (60, 'SSL certificate problem: self signed certificate')
+
+	Fully covered hosts in *lavaboom.com:
+
+		- (www.)?
+		- api
+		- mail
+		- nerd
+		- technical
+
+
+	Insecure cookies are set for these hosts:
+
+		- technical.lavaboom.com
+
+-->
+<ruleset name="Lavaboom.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="lavaboom.com" />
+	<target host="api.lavaboom.com" />
+	<target host="mail.lavaboom.com" />
+	<target host="nerd.lavaboom.com" />
+	<target host="technical.lavaboom.com" />
+	<target host="www.lavaboom.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^technical\.lavaboom\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^technical\.lavaboom\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Lavasoft.com.xml b/src/chrome/content/rules/Lavasoft.com.xml
deleted file mode 100644
index c9a44ea10199..000000000000
--- a/src/chrome/content/rules/Lavasoft.com.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="Lavasoft (broken)" default_off="https gone">
-	<target host="lavasoft.com" />
-	<target host="www.lavasoft.com" />
-	<rule from="^http://lavasoft\.com/" to="https://secure.lavasoft.com/"/>
-	<rule from="^http://www\.lavasoft\.com/" to="https://secure.lavasoft.com/"/>
-</ruleset>
-
diff --git a/src/chrome/content/rules/Laverna.xml b/src/chrome/content/rules/Laverna.xml
new file mode 100644
index 000000000000..9286b81d9182
--- /dev/null
+++ b/src/chrome/content/rules/Laverna.xml
@@ -0,0 +1,7 @@
+<ruleset name="Laverna">
+	<target host="laverna.cc" />
+	<target host="www.laverna.cc" />
+
+	<rule from="^http://(?:www\.)?laverna\.cc/"
+		to="https://laverna.cc/" />
+</ruleset>
diff --git a/src/chrome/content/rules/LawGeex.com.xml b/src/chrome/content/rules/LawGeex.com.xml
new file mode 100644
index 000000000000..23e7d57a4c9a
--- /dev/null
+++ b/src/chrome/content/rules/LawGeex.com.xml
@@ -0,0 +1,18 @@
+<!--
+	Nonfunctional subdomains:
+
+		- blog *
+
+	* Prompts for login
+
+-->
+<ruleset name="LawGeex.com (partial)">
+
+	<target host="lawgeex.com" />
+	<target host="www.lawgeex.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Law_Business_Research_CDN.xml b/src/chrome/content/rules/Law_Business_Research_CDN.xml
deleted file mode 100644
index 577012c2442d..000000000000
--- a/src/chrome/content/rules/Law_Business_Research_CDN.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	Nonfunctional domains:
-
-		- cdn.lbresearch.com	(times out)
-
-
-	s3-external-3.amazonaws.com/s3.lbrcdn.net/ doesn't work.
-
--->
-<ruleset name="Law Business Research CDN (partial)">
-
-	<target host="s3.lbrcdn.net" />
-	<target host="s3.lbrcdn.net.s3-external-3.amazonaws.com" />
-
-
-	<rule from="^https?://s3\.lbrcdn\.net(?:\.s3-external-3\.amazonaws\.com)?/"
-		to="https://s3-eu-west-1.amazonaws.com/s3.lbrcdn.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Law_School_Admission_Council.xml b/src/chrome/content/rules/Law_School_Admission_Council.xml
index 688ee200a65d..e0d2951d8576 100644
--- a/src/chrome/content/rules/Law_School_Admission_Council.xml
+++ b/src/chrome/content/rules/Law_School_Admission_Council.xml
@@ -13,13 +13,14 @@
 -->
 <ruleset name="Law School Admission Council (partial)">
 
-	<target host="*.lsac.org" />
+	<target host="llm.lsac.org" />
+	<target host="lsaclookup.lsac.org" />
+	<target host="os.lsac.org" />
 
 
-	<securecookie host="^.+\.lsac\.org$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(llm|lsaclookup|os)\.lsac\.org/"
-		to="https://$1.lsac.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Lawblog.de.xml b/src/chrome/content/rules/Lawblog.de.xml
index 89b8c6addf82..1f079e5a0a41 100644
--- a/src/chrome/content/rules/Lawblog.de.xml
+++ b/src/chrome/content/rules/Lawblog.de.xml
@@ -2,5 +2,5 @@
   <target host="www.lawblog.de" />
   <target host="lawblog.de" />
 
-  <rule from="^http://(?:www\.)?lawblog\.de/" to="https://www.lawblog.de/" />
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Lawn_and_Landscape.xml b/src/chrome/content/rules/Lawn_and_Landscape.xml
index 2c47c5529500..387cce871d31 100644
--- a/src/chrome/content/rules/Lawn_and_Landscape.xml
+++ b/src/chrome/content/rules/Lawn_and_Landscape.xml
@@ -11,7 +11,7 @@
 	<securecookie host="^www\.lawnandlandscape\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?lawnandlandscape\.com/"
+	<rule from="^http://(?:www\.)?lawnandlandscape\.com/"
 		to="https://www.lawnandlandscape.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Lawrence-Livermore-National-Laboratory.xml b/src/chrome/content/rules/Lawrence-Livermore-National-Laboratory.xml
index a7f5317cf3a1..c5711d7e7dbf 100644
--- a/src/chrome/content/rules/Lawrence-Livermore-National-Laboratory.xml
+++ b/src/chrome/content/rules/Lawrence-Livermore-National-Laboratory.xml
@@ -1,33 +1,102 @@
+
 <!--
-	For other US government coverage, see US-government.xml.
+Disabled by https-everywhere-checker because:
+Fetch error: http://computing-dev.llnl.gov/ => https://computing-dev.llnl.gov/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://newsline.llnl.gov/ => https://newsline.llnl.gov/: (6, 'Could not resolve host: newsline.llnl.gov')
+Fetch error: http://publicaffairs.llnl.gov/ => https://publicaffairs.llnl.gov/: (6, 'Could not resolve host: publicaffairs.llnl.gov')
+
+	Lawrence Livermore National Laboratory
+
+
+
+	Nonfunctional hosts in *llnl.gov:
+
+		- frontrange ʳ
+		- hpcinnovationcenter ʳ
+		- rzlc ᵈ
+
+	ᵈ Dropped
+	ʳ Refused
+
+
+	Problematic hosts in *llnl.gov:
+
+		- careers-ext ᵐ
+		- computation ᶜ
+		- students ᵐ
+
+	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
+	ᵐ Mismatched
+
+
+	STS header includes includeSubdomains
+
+
+	Mixed content:
+
+		- favicon on hpc from www.llnl.gov ˢ
+		- Bug on www-envirinfo from c.statcounter.com ˢ
+
+	ˢ Secured by us
 
 -->
-<ruleset name="Lawrence Livermore National Laboratory">
+<ruleset name="LLNL.gov" default_off="failed ruleset test">
 
 	<target host="llnl.gov" />
 	<target host="*.llnl.gov" />
 
+		<exclusion pattern="^http://(?:careers-ext|computation|frontrange|hpcinnovationcenter|rzlc|students)\.llnl\.gov/" />
+
+			<test url="http://careers-ext.llnl.gov/" />
+			<test url="http://computation.llnl.gov/" />
+			<test url="http://frontrange.llnl.gov/" />
+			<test url="http://hpcinnovationcenter.llnl.gov/" />
+			<test url="http://rzlc.llnl.gov/" />
+			<test url="http://students.llnl.gov/" />
+
+		<test url="http://analytics.llnl.gov/" />
+		<test url="http://asc.llnl.gov/" />
+		<test url="http://bioengineering.llnl.gov/" />
+		<test url="http://careers.llnl.gov/" />
+		<test url="http://careers-prd.llnl.gov/" />
+		<test url="http://casis.llnl.gov/" />
+		<test url="http://computational-eng.llnl.gov/" />
+		<test url="http://computing.llnl.gov/" />
+		<test url="http://computing-dev.llnl.gov/" />
+		<test url="http://data-analytics.llnl.gov/" />
+		<test url="http://e-reports-ext.llnl.gov/" />
+		<test url="http://education.llnl.gov/" />
+		<test url="http://engineering.llnl.gov/" />
+		<test url="http://fcoi.llnl.gov/" />
+		<test url="http://flowcharts.llnl.gov/" />
+		<test url="http://hpc.llnl.gov/" />
+		<test url="http://ipo.llnl.gov/" />
+		<test url="http://jobs.llnl.gov/" />
+		<test url="http://lasers.llnl.gov/" />
+		<test url="http://lc.llnl.gov/" />
+		<test url="http://manufacturing.llnl.gov/" />
+		<test url="http://missions.llnl.gov/" />
+		<test url="http://nci.llnl.gov/" />
+		<test url="http://newsline.llnl.gov/" />
+		<test url="http://pls.llnl.gov/" />
+		<test url="http://postdocs.llnl.gov/" />
+		<test url="http://protocol.llnl.gov/" />
+		<test url="http://publicaffairs.llnl.gov/" />
+		<test url="http://signal-processing.llnl.gov/" />
+		<test url="http://st.llnl.gov/" />
+		<test url="http://str.llnl.gov/" />
+		<test url="http://supplychain.llnl.gov/" />
+		<test url="http://wci.llnl.gov/" />
+		<test url="http://www.llnl.gov/" />
+		<test url="http://www-eng.llnl.gov/" />
+		<test url="http://www-envirinfo.llnl.gov/" />
+		<test url="http://www-gs.llnl.gov/" />
 
-	<securecookie host="^(?:.*\.)?llnl\.gov$" name=".+" />
 
+	<securecookie host=".+" name=".+" />
 
-	<!--	Observed subdomains:
 
-			- careers
-			- computing
-			- e-reports-ext
-			- flowcharts
-			- missions
-			- newsline
-			- postdocs
-			- protocol
-			- publicaffairs
-			- st
-			- wci
-			- www
-			- www-envirinfo
-					-->
-	<rule from="^http://([\w-]+\.)?llnl\.gov/"
-		to="https://$1llnl.gov/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Lawyermarketing.com.xml b/src/chrome/content/rules/Lawyermarketing.com.xml
new file mode 100644
index 000000000000..c599ffbdc53c
--- /dev/null
+++ b/src/chrome/content/rules/Lawyermarketing.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="FindLaw LawyerMarketing">
+    <target host="lawyermarketing.com" />
+    <target host="www.lawyermarketing.com" />
+
+    <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Layne_Publications.xml b/src/chrome/content/rules/Layne_Publications.xml
index dab4fc020650..1227c39c5201 100644
--- a/src/chrome/content/rules/Layne_Publications.xml
+++ b/src/chrome/content/rules/Layne_Publications.xml
@@ -2,13 +2,11 @@
 
 	<target host="laynepublications.com" />
 	<target host="www.laynepublications.com" />
-	<target host="*.www.laynepublications.com" />
 
 
 	<securecookie host="^\.www\.laynepublications\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?laynepublications\.com/"
-		to="https://$1laynepublications.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Lazada.com.my.xml b/src/chrome/content/rules/Lazada.com.my.xml
new file mode 100644
index 000000000000..087f1947622c
--- /dev/null
+++ b/src/chrome/content/rules/Lazada.com.my.xml
@@ -0,0 +1,52 @@
+<!--
+	Non-functional subdomains:
+
+		- content	(t)
+		- info	(m)
+		- recommender	(i)
+		- sellercenter-static	(r)
+		- srv-staging	(m)
+		- static	(m)
+		- static-origin	(m)
+		- static-staging	(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Lazada.com.my">
+
+	<target host="lazada.com.my" />
+	<target host="www.lazada.com.my" />
+	<target host="acs-m.lazada.com.my" />
+	<target host="alice-staging.lazada.com.my" />
+	<target host="bob.lazada.com.my" />
+	<target host="catalog-rendering-api.lazada.com.my" />
+	<target host="ho.lazada.com.my" />
+	<target host="layout.lazada.com.my" />
+	<target host="mobapi.lazada.com.my" />
+	<target host="oms.lazada.com.my" />
+	<target host="pages.lazada.com.my" />
+	<target host="seller-transparency-api.lazada.com.my" />
+	<target host="sellercenter.lazada.com.my" />
+	<target host="admin.sellercenter.lazada.com.my" />
+	<target host="asc.sellercenter.lazada.com.my" />
+	<target host="login.sellercenter.lazada.com.my" />
+	<target host="static-asc.sellercenter.lazada.com.my" />
+	<target host="sellercenter-staging.lazada.com.my" />
+	<target host="shop-decoration-api.lazada.com.my" />
+	<target host="srv-live.lazada.com.my" />
+	<target host="srv-live-01.lazada.com.my" />
+	<target host="srv-live-02.lazada.com.my" />
+	<target host="srv-live-03.lazada.com.my" />
+	<target host="suggest.lazada.com.my" />
+	<target host="taobao.lazada.com.my" />
+	<target host="tracker.lazada.com.my" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/LazyCoins.com.xml b/src/chrome/content/rules/LazyCoins.com.xml
new file mode 100644
index 000000000000..b12cc021f819
--- /dev/null
+++ b/src/chrome/content/rules/LazyCoins.com.xml
@@ -0,0 +1,35 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://lazycoins.com/ => https://lazycoins.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.lazycoins.com/ => https://www.lazycoins.com/: (28, 'Connection timed out after 20000 milliseconds')
+
+	Fully covered hosts in *lazycoins.com:
+
+		- (www.)?
+
+
+	Insecure cookies are set for these domains:
+
+		- .lazycoins.com
+
+-->
+<ruleset name="LazyCoins.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="lazycoins.com" />
+	<target host="www.lazycoins.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.lazycoins\.com$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.lazycoins\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Lazy_Kush.xml b/src/chrome/content/rules/Lazy_Kush.xml
index 8ec6e19d5361..98051856b2ed 100644
--- a/src/chrome/content/rules/Lazy_Kush.xml
+++ b/src/chrome/content/rules/Lazy_Kush.xml
@@ -1,13 +1,12 @@
 <ruleset name="Lazy Kush">
 
 	<target host="lazykush.com" />
-	<target host="*.lazykush.com" />
+	<target host="www.lazykush.com" />
 
 
 	<securecookie host="^(?:w*\.)?lazykush\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?lazykush\.com/"
-		to="https://$1lazykush.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Lb.ca.xml b/src/chrome/content/rules/Lb.ca.xml
new file mode 100644
index 000000000000..910a6d78703b
--- /dev/null
+++ b/src/chrome/content/rules/Lb.ca.xml
@@ -0,0 +1,31 @@
+<!--
+	Fully covered hosts:
+
+		- (www.)?
+
+
+	Insecure cookies are set for these
+
+		- lb.ca
+		- www.lb.ca
+
+-->
+<ruleset name="lb.ca">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="lb.ca" />
+	<target host="www.lb.ca" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?lb\.ca$" name="^lb_cookie$" /-->
+
+	<securecookie host="^(?:www\.)?lb\.ca$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/LboroAcUk.xml b/src/chrome/content/rules/LboroAcUk.xml
index 08b3bb5de845..5f3616109e9b 100644
--- a/src/chrome/content/rules/LboroAcUk.xml
+++ b/src/chrome/content/rules/LboroAcUk.xml
@@ -1,6 +1,104 @@
+<!--
+	Loughborough University
+
+
+	Nonfunctional subdomains:
+
+		- (www.) ¹
+		- www.arts ²
+		- jobs ³
+		- maps ⁴
+		- shortcourse ⁵
+
+	¹ Blank page
+	² Dropped
+	³ Shows castrovalva
+	⁴ Plaintext reply
+	⁵ 401
+
+
+	Problematic subdomains:
+
+		- lumen *
+
+	* Mixed css
+
+
+	Fully covered subdomains:
+
+		- alumni
+		- availability
+		- bestmaths
+		- booklab
+		- campuslife
+		- cash-plus
+		- castrovalva
+		- dspace
+		- domains
+		- easimap
+		- email
+		- emailadmin
+		- engskills
+		- epay
+		- lists
+		- lorls
+		- luis
+		- mec
+		- mondas
+		- mooc		(→ easimap)
+		- moochost	(→ easimap)
+		- oss
+		- pdwww
+		- pma
+		- prospectus
+		- rapid
+		- skaro		(→ easimap)
+		- webdiss
+		- wfa
+
+
+	Insecure cookies are set for these domains:
+
+		- alumni.lboro.ac.uk
+		- cash-plus.lboro.ac.uk
+		- epay.lboro.ac.uk
+
+
+	Mixed content:
+
+		- css on lumen from www *
+
+	* Unsecurable <= 404
+
+-->
 <ruleset name="LboroAcUk">
-  <target host="*.lboro.ac.uk"/>
 
-  <securecookie host="^(bestmaths|dspace|email(admin)?|engskills|lists|luis|lorls|oss|pdwww|wfa)\.lboro\.ac\.uk$" name=".*"/>
-  <rule  from="^http://(bestmaths|dspace|email(admin)?|engskills|lists|luis|lorls|oss|pdwww|wfa)\.lboro\.ac\.uk/" to="https://$1.lboro.ac.uk/"/>
+	<target host="*.lboro.ac.uk" />
+		<!--
+			404:
+				-->
+		<!--exclusion pattern="^http://learn\.lboro\.ac\.uk/lumenlogin/$" /-->
+		<!--
+			Avoid valid MCB:
+						-->
+		<exclusion pattern="^http://lumen\.lboro\.ac\.uk/+(?!css/|favicon\.ico|images/)" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^alumni\.lboro\.ac\.uk$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^cash-plus\.lboro\.ac\.uk$" name="^(imago|imago_csrf_cookie)$" /-->
+	<!--securecookie host="^epay\.lboro\.ac\.uk$" name="^ASPSESSION[A-Z]+$" /-->
+
+	<securecookie host="^(?:alumni|bestmaths|cash-plus|dspace|email(?:admin)?|engskills|epay|lists|luis|lorls|oss|pdwww|wfa)\.lboro\.ac\.uk$" name=".+" />
+
+
+	<rule from="^http://(alumni|availability|bestmaths|booklab|campuslife|cash-plus|castrovalva|domains|dspace|easimap|email(?:admin)?|engskills|epay|lists|luis|lorls|lumen|mec|mondas|oss|pdwww|pma|prospectus|rapid|vacancies|webdiss|wfa)\.lboro\.ac\.uk/"
+		to="https://$1.lboro.ac.uk/" />
+
+	<!--	Redirect keeps path and args:
+						-->
+	<rule from="^http://(?:mooc|moochost|skaro)\.lboro\.ac\.uk/+"
+		to="https://easimap.lboro.ac.uk/" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/Ldpreload.com.xml b/src/chrome/content/rules/Ldpreload.com.xml
new file mode 100644
index 000000000000..71099bff5fea
--- /dev/null
+++ b/src/chrome/content/rules/Ldpreload.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="ldpreload.com">
+
+	<target host="ldpreload.com" />
+	<target host="www.ldpreload.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Le-Monde-diplomatique.de.xml b/src/chrome/content/rules/Le-Monde-diplomatique.de.xml
new file mode 100644
index 000000000000..5ca073691ca3
--- /dev/null
+++ b/src/chrome/content/rules/Le-Monde-diplomatique.de.xml
@@ -0,0 +1,13 @@
+<!--
+	For other rules related to the Monde Diplomatique, see MondeDiplo.com.xml
+
+-->
+<ruleset name="Le Monde diplomatique (deutsch)">
+	<target host="monde-diplomatique.de" />
+	<target host="www.monde-diplomatique.de" />
+
+	<securecookie host="^\.monde-diplomatique\.de$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Le-VPN.com.xml b/src/chrome/content/rules/Le-VPN.com.xml
index d4de3e72c88a..5ffef720890b 100644
--- a/src/chrome/content/rules/Le-VPN.com.xml
+++ b/src/chrome/content/rules/Le-VPN.com.xml
@@ -19,13 +19,12 @@
 <ruleset name="Le-VPN.com (false MCB)" platform="mixedcontent">
 
 	<target host="le-vpn.com" />
-	<target host="*.le-vpn.com" />
+	<target host="www.le-vpn.com" />
 
 
 	<securecookie host="^\.le-vpn\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?le-vpn\.com/"
-		to="https://$1le-vpn.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/LeContrepied.org.xml b/src/chrome/content/rules/LeContrepied.org.xml
new file mode 100644
index 000000000000..44d07ad927c3
--- /dev/null
+++ b/src/chrome/content/rules/LeContrepied.org.xml
@@ -0,0 +1,18 @@
+<!--
+	Invalid certificate:
+		lecontrepied.org
+
+-->
+<ruleset name="LeContrepied.org">
+
+	<target host="lecontrepied.org" />
+	<target host="www.lecontrepied.org" />
+	<target host="crm.lecontrepied.org" />
+
+	<rule from="^http://lecontrepied\.org/"
+		to="https://www.lecontrepied.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/LeFebvre.org.xml b/src/chrome/content/rules/LeFebvre.org.xml
index d804fe99770d..f0867a7e426e 100644
--- a/src/chrome/content/rules/LeFebvre.org.xml
+++ b/src/chrome/content/rules/LeFebvre.org.xml
@@ -1,10 +1,15 @@
-<ruleset name="LeFebvre.org">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://lefebvre.org/ => https://lefebvre.org/: (51, "SSL: no alternative certificate subject name matches target host name 'lefebvre.org'")
+
+-->
+<ruleset name="LeFebvre.org" default_off="failed ruleset test">
 
 	<target host="lefebvre.org" />
 	<target host="www.lefebvre.org" />
 
 
-	<rule from="^http://(www\.)?lefebvre\.org/"
-		to="https://$1lefebvre.org/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/LeLanceur.fr.xml b/src/chrome/content/rules/LeLanceur.fr.xml
new file mode 100644
index 000000000000..d7019c137af3
--- /dev/null
+++ b/src/chrome/content/rules/LeLanceur.fr.xml
@@ -0,0 +1,12 @@
+<!--
+	Mixed content from fonts.googleapis.com
+
+-->
+<ruleset name="Le Lanceur">
+
+	<target host="lelanceur.fr" />
+	<target host="www.lelanceur.fr" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/LeMonde.fr.xml b/src/chrome/content/rules/LeMonde.fr.xml
new file mode 100644
index 000000000000..8314361409ee
--- /dev/null
+++ b/src/chrome/content/rules/LeMonde.fr.xml
@@ -0,0 +1,161 @@
+<!--
+	Other domains related to lemonde.fr are covered in:
+		+ Lemde.fr.xml
+
+	Invalid certificate:
+		lemonde.fr
+		*.actions.lemonde.fr
+		*.actu.lemonde.fr
+		actu-golf.lemonde.fr
+		anglais.lemonde.fr
+		apprendre-francais.lemonde.fr
+		art.lemonde.fr
+		athletisme.lemonde.fr
+		auto-moto.lemonde.fr
+		basket.lemonde.fr
+		basket-nba.lemonde.fr
+		*.blog.lemonde.fr
+		blogs.lemonde.fr
+		campus.lemonde.fr
+		*.campus.lemonde.fr
+		canadaexplorezsansfin.lemonde.fr
+		chefsimon.lemonde.fr
+		*.chefsimon.lemonde.fr
+		codepromo.lemonde.fr
+		conjugaison.lemonde.fr
+		contact.lemonde.fr
+		cyclisme.lemonde.fr
+		*.edito.lemonde.fr (mirror lemonde.fr ?)
+		encheres.lemonde.fr
+		evenement.lemonde.fr
+		*.evenement.lemonde.fr
+		evenements-abonnes.lemonde.fr
+		faq.lemonde.fr
+		football.lemonde.fr
+		football-nfl.lemonde.fr
+		formation-professionnelle.lemonde.fr
+		formule1.lemonde.fr
+		handball.lemonde.fr
+		hockey-nhl.lemonde.fr
+		immobilier.lemonde.fr
+		immobilier-prestige.lemonde.fr
+		info.lemonde.fr
+		jardinage.lemonde.fr
+		judo.lemonde.fr
+		legendesmarines.lemonde.fr
+		learn-french.lemonde.fr
+		lecabillaudnorvegien.lemonde.fr
+		lequebecdanstouslessens.lemonde.fr
+		lesartisansdelaperonomie.lemonde.fr
+		lesclesdedemain.lemonde.fr
+		modele-lettre.lemonde.fr
+		mondial.lemonde.fr
+		natation.lemonde.fr
+		prix-immobilier.lemonde.fr
+		progresser-orthographe.lemonde.fr
+		promo.lemonde.fr
+		rugby.lemonde.fr
+		ski.lemonde.fr
+		sport.lemonde.fr
+		sports-us.lemonde.fr
+		support.lemonde.fr
+		tennis.lemonde.fr
+		terresinconnues.lemonde.fr
+		unregardsurlecosse.lemonde.fr
+		voile.lemonde.fr
+		volley.lemonde.fr
+
+	Time out:
+		club.lemonde.fr
+		dev.lemonde.fr
+		jeux.lemonde.fr
+		resultats-examens.lemonde.fr
+		voiture-occasion.lemonde.fr
+
+	Refused:
+		collection-histoire.lemonde.fr
+		comparateurs-banques.lemonde.fr
+
+	Private subdomain:
+		huit.lemonde.fr
+
+	Secure connection failed:
+		paroles2chansons.lemonde.fr
+
+-->
+<ruleset name="LeMonde.fr" >
+
+	<target host="www.lemonde.fr" />
+	<target host="abo.lemonde.fr" />
+	<target host="abonnes.lemonde.fr" />
+	<target host="abosh.lemonde.fr" />
+	<target host="actu.lemonde.fr" />
+	<target host="actu-golf.lemonde.fr" />
+	<target host="athletisme.lemonde.fr" />
+	<target host="auto-moto.lemonde.fr" />
+	<target host="basket.lemonde.fr" />
+	<target host="basket-nba.lemonde.fr" />
+	<target host="blogs.lemonde.fr" />
+	<target host="bourse.lemonde.fr" />
+	<target host="boutique.lemonde.fr" />
+	<target host="campus.lemonde.fr" />
+	<target host="checkout.lemonde.fr" />
+	<target host="concoursasturies.lemonde.fr" />
+	<target host="contact.lemonde.fr" />
+	<target host="cyclisme.lemonde.fr" />
+	<target host="dicocitations.lemonde.fr" />
+	<target host="elles-defient-le-temps.lemonde.fr" />
+	<target host="faq.lemonde.fr" />
+	<target host="finance.lemonde.fr" />
+	<target host="finances.lemonde.fr" />
+	<target host="football.lemonde.fr" />
+	<target host="football-nfl.lemonde.fr" />
+	<target host="formule1.lemonde.fr" />
+	<target host="forums.lemonde.fr" />
+	<target host="golf.lemonde.fr" />
+	<target host="handball.lemonde.fr" />
+	<target host="hockey-nhl.lemonde.fr" />
+	<target host="info.lemonde.fr" />
+	<target host="innovation-sap.lemonde.fr" />
+	<target host="judo.lemonde.fr" />
+	<target host="mondial.lemonde.fr" />
+	<target host="natation.lemonde.fr" />
+	<target host="planetebusiness.lemonde.fr" />
+	<target host="regard-de-pro.lemonde.fr" />
+	<target host="rugby.lemonde.fr" />
+	<target host="secure.lemonde.fr" />
+	<target host="ski.lemonde.fr" />
+	<target host="sport.lemonde.fr" />
+	<target host="sports-us.lemonde.fr" />
+	<target host="tahitivahine.lemonde.fr" />
+	<target host="www.tahitivahine.lemonde.fr" />
+	<target host="tennis.lemonde.fr" />
+	<target host="vins.lemonde.fr" />
+	<target host="voile.lemonde.fr" />
+	<target host="volley.lemonde.fr" />
+	<target host="wwws.lemonde.fr" />
+
+	<securecookie host="^\.?(?:abo|boutique)\.lemonde\.fr$" name=".+" />
+
+	<rule from="^http://actu-golf\.lemonde\.fr/"
+		to="https://www.lemonde.fr/golf/" />
+
+	<rule from="^http://(athletisme|auto-moto|basket|blogs|campus|cyclisme|faq|football|handball|judo|natation|rugby|ski|sport|tennis|voile|volley)\.lemonde\.fr/"
+		to="https://www.lemonde.fr/$1/" />
+
+	<rule from="^http://(basket-nba|football-nfl|hockey-nhl|sports-us)\.lemonde\.fr/"
+		to="https://www.lemonde.fr/sports-us/" />
+
+	<rule from="^http://(contact|info)\.lemonde\.fr/"
+		to="https://www.lemonde.fr/service/qui_sommes_nous.html" />
+
+	<rule from="^http://formule1\.lemonde\.fr/"
+		to="https://www.lemonde.fr/formule-1/" />
+
+	<rule from="^http://mondial\.lemonde\.fr/"
+		to="https://www.lemonde.fr/coupe-du-monde/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/LePoing.net.xml b/src/chrome/content/rules/LePoing.net.xml
new file mode 100644
index 000000000000..35385a8a63ab
--- /dev/null
+++ b/src/chrome/content/rules/LePoing.net.xml
@@ -0,0 +1,15 @@
+<!--
+	Invalid certificate:
+		www.lepoing.net
+-->
+<ruleset name="LePoing.net">
+
+	<target host="lepoing.net" />
+	<target host="www.lepoing.net" />
+
+	<rule from="^http://www\.lepoing\.net/"
+		to="https://lepoing.net/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/LeRelais.org.xml b/src/chrome/content/rules/LeRelais.org.xml
new file mode 100644
index 000000000000..57bbc97b4d4d
--- /dev/null
+++ b/src/chrome/content/rules/LeRelais.org.xml
@@ -0,0 +1,36 @@
+<!--
+	No working URL known:
+		blog.lerelais.org
+		www.blog.lerelais.org
+		isolatiemetisse.lerelais.org
+		www.isolatiemetisse.lerelais.org
+		lestoitsdelespoir.lerelais.org
+		www.lestoitsdelespoir.lerelais.org
+
+	Private subdomain:
+		cloud.lerelais.org
+		shortrec.lerelais.org
+
+	Secure connection failed:
+		mail.lerelais.org
+		zimbra1.lerelais.org
+
+	Invalid certificate:
+		siroco-recette.lerelais.org
+
+	Time out:
+		zimbra2.lerelais.org
+
+-->
+<ruleset name="LeRelais.org">
+
+	<target host="lerelais.org" />
+	<target host="www.lerelais.org" />
+	<target host="root.lerelais.org" />
+	<target host="www.root.lerelais.org" />
+	<target host="siroco.lerelais.org" />
+		<test url="http://siroco.lerelais.org/index.php?do=pointsdecollecte/maplci" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Le_Loop.org.xml b/src/chrome/content/rules/Le_Loop.org.xml
new file mode 100644
index 000000000000..27103c2b960c
--- /dev/null
+++ b/src/chrome/content/rules/Le_Loop.org.xml
@@ -0,0 +1,45 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://leloop.org/ => https://leloop.org/: (60, 'SSL certificate problem: self signed certificate in certificate chain')
+Fetch error: http://cal.leloop.org/ => https://cal.leloop.org/: (7, 'Failed to connect to cal.leloop.org port 443: No route to host')
+Fetch error: http://git.leloop.org/ => https://git.leloop.org/: (7, 'Failed to connect to git.leloop.org port 443: No route to host')
+Fetch error: http://links.leloop.org/ => https://links.leloop.org/: (60, 'SSL certificate problem: self signed certificate in certificate chain')
+Fetch error: http://paste.leloop.org/ => https://paste.leloop.org/: (60, 'SSL certificate problem: self signed certificate in certificate chain')
+Fetch error: http://wiki.leloop.org/ => https://wiki.leloop.org/: (60, 'SSL certificate problem: self signed certificate in certificate chain')
+Fetch error: http://www.leloop.org/ => https://www.leloop.org/: (60, 'SSL certificate problem: self signed certificate in certificate chain')
+
+	www.leloop.org: Prints "Fsck !"
+
+
+	Insecure cookies are set for these hosts:
+
+		- git.leloop.org
+		- links.leloop.org
+
+-->
+<ruleset name="Le Loop.org" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="leloop.org" />
+	<target host="cal.leloop.org" />
+	<target host="git.leloop.org" />
+	<target host="links.leloop.org" />
+	<target host="paste.leloop.org" />
+	<target host="wiki.leloop.org" />
+	<target host="www.leloop.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^git\.leloop\.org$" name="^request_method$" /-->
+	<!--securecookie host="^links\.leloop\.org$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^(?:git|links)\.leloop\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Le_Monde.fr.xml b/src/chrome/content/rules/Le_Monde.fr.xml
deleted file mode 100644
index 4d85f8765af3..000000000000
--- a/src/chrome/content/rules/Le_Monde.fr.xml
+++ /dev/null
@@ -1,56 +0,0 @@
-<!--
-	CDN buckets:
-
-		- 2-01-271d-0015.cdx.cedexis.net
-
-			- live.lemde.fr
-
-		- s1.2-01-271d-001b.cdx.cedexis.net
-
-			- s1.lemde.fr
-
-		- pubs.lemonde.fr.2-01-271d-0016.cdx.cedexis.net
-		- www.lemonde.fr.2-01-271d-000d.cdx.cedexis.net
-
-
-	Nonfunctional domains:
-
-		- live.lemde.fr *
-
-		- lemonde.fr subdomains:
-
-			- ^		(shows wwws; mismatched, CN: wwws.lemonde.fr)
-			- pubs		(times out)
-			- www *
-
-	* 404; mismatched, CN: gp1.wac.edgecastcdn.net
-
-
-	Fully covered domains:
-
-		- s1.lemde.fr
-
-		- lemonde.fr subdomains:
-
-			- abo
-			- boutique
-			- monabo
-			- wwws
-
--->
-<ruleset name="Le Monde.fr (partial)">
-
-	<target host="s1.lemde.fr" />
-	<target host="*.lemonde.fr" />
-
-
-	<securecookie host="^\.?(?:abo|boutique|monabo)\.lemonde\.fr$" name=".+" />
-
-
-	<rule from="^http://s1\.lemde\.fr/"
-		to="https://s1.lemde.fr/" />
-
-	<rule from="^http://(abo|boutique|monabo|wwws)\.lemonde\.fr/"
-		to="https://$1.lemonde.fr/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/LeadFormix.xml b/src/chrome/content/rules/LeadFormix.xml
index 0773c426cd0e..af293e5b21f2 100644
--- a/src/chrome/content/rules/LeadFormix.xml
+++ b/src/chrome/content/rules/LeadFormix.xml
@@ -1,13 +1,14 @@
-<ruleset name="LeadFormix">
+<ruleset name="LeadFormix.com">
 
 	<target host="leadformix.com" />
-	<target host="*.leadformix.com" />
+	<target host="vlog.leadformix.com" />
+	<target host="www.leadformix.com" />
 
 
 	<securecookie host="^www\.leadformix\.com$" name=".+" />
 
 
-	<rule from="^http://(vlog\.|www\.)?leadformix\.com/"
-		to="https://$1leadformix.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/LeadLander.xml b/src/chrome/content/rules/LeadLander.xml
index f3dabbfa0a15..dc49eec7d36c 100644
--- a/src/chrome/content/rules/LeadLander.xml
+++ b/src/chrome/content/rules/LeadLander.xml
@@ -6,10 +6,10 @@
 
 	<!--	At least some pages 302 back.
 						-->
-	<rule from="^https?://(?:www\.)?leadlander\.com/([\w\-]+\.css|images/)"
+	<rule from="^http://(?:www\.)?leadlander\.com/([\w\-]+\.css|images/)"
 		to="https://ssl.leadlander.com/$1" />
 
 	<rule from="^http://ssl\.leadlander\.com/"
 		to="https://ssl.leadlander.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/LeadPages.net.xml b/src/chrome/content/rules/LeadPages.net.xml
new file mode 100644
index 000000000000..528bde1beccf
--- /dev/null
+++ b/src/chrome/content/rules/LeadPages.net.xml
@@ -0,0 +1,38 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- lps.leadpages.net
+		- my.leadpages.net
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="LeadPages.net">
+
+	<target host="blog.leadpages.net" />
+	<target host="consultants.leadpages.net" />
+	<target host="lp.leadpages.net" />
+	<target host="lps.leadpages.net" />
+	<target host="marketplace.leadpages.net" />
+	<target host="my.leadpages.net" />
+	<target host="podcast.leadpages.net" />
+	<target host="static.leadpages.net" />
+	<target host="support.leadpages.net" />
+	<target host="www.leadpages.net" />
+
+		<test url="http://static.leadpages.net/mktg/css/global.min.css" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^lps\.leadpages\.net$" name="^(?:-\d+){2}$" /-->
+	<!--securecookie host="^my\.leadpages\.net$" name="^(PV\.Split\.\d+\.\d+|-[\da-f]+|lb\d+)$" /-->
+
+	<securecookie host="^\.leadpages\.net$" name="^_ga(?:t?$|t_)" />
+	<securecookie host="^my\.leadpages\.net$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/LeadSpend.com.xml b/src/chrome/content/rules/LeadSpend.com.xml
new file mode 100644
index 000000000000..5e3d50ce3bbd
--- /dev/null
+++ b/src/chrome/content/rules/LeadSpend.com.xml
@@ -0,0 +1,32 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://leadspend.com/ => https://leadspend.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.leadspend.com/ => https://www.leadspend.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+-->
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://leadspend.com/ => https://leadspend.com/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="LeadSpend.com (partial)" default_off="failed ruleset test">
+
+	<target host="leadspend.com" />
+	<target host="www.leadspend.com" />
+
+		<!--	404:
+				-->
+		<exclusion pattern="^http://(?:www\.)?leadspend\.com/(?:blog|images/\S+\.[0-9a-zA-Z]{10}\.png)" />
+
+			<test url="http://www.leadspend.com/blog" />
+			<test url="http://www.leadspend.com/blog/cswerdloff/email-open-rates-are-on-their-way-up-so-why-does-no-one-care" />
+			<test url="http://www.leadspend.com/blog/development" />
+			<test url="http://www.leadspend.com/blog/rachelgianfredi/why-do-i-have-unknown-results-in-my-list" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Lead_Forensics.com.xml b/src/chrome/content/rules/Lead_Forensics.com.xml
index 48379e5a35b8..5b1f592ed450 100644
--- a/src/chrome/content/rules/Lead_Forensics.com.xml
+++ b/src/chrome/content/rules/Lead_Forensics.com.xml
@@ -1,27 +1,60 @@
 <!--
-	Nonfunctional domains:
+	Other Lead Forensics rulesets:
 
-		- (www.)leadforensics.com *
-		- new.leadforensics.com *
+		- chrs-mln-krs.com.xml
+		- gblwebcen.com.xml
+		- lead-analytics-1000.com.xml
+		- Path-follower.com.xml
+		- path-trail.com.xml
+		- srv2020real.com.xml
 
-	* Reset
 
+	(www.)?leadforensics.com: Refused
 
-	Problematic domains:
 
-		- tracker.leadforensics.com *
-		- (www.)path-follower.com *
+	Problematic hosts in *leadforensics.com:
 
-	* Mismatched, CN: secure.leadforensics.com
+		- tracker *
+
+	* Dropped
+
+
+	These altnames do not exist:
+
+		- www.new.leadforensics.com
+		- www.secure.leadforensics.com
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- new.leadforensics.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="Lead Forensics (partial)">
+<ruleset name="Lead Forensics.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="new.leadforensics.com" />
+	<target host="secure.leadforensics.com" />
+
+	<!--	Complications:
+				-->
+	<target host="tracker.leadforensics.com" />
 
-	<target host="*.leadforensics.com" />
-	<target host="path-follower.com" />
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^new\.leadforensics\.com$" name="^ASP\.NET_SessionId$" /-->
 
-	<rule from="^http://(?:(?:secure|tracker)\.leadforensics|(?:www\.)?path-follower)\.com/"
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://tracker\.leadforensics\.com/"
 		to="https://secure.leadforensics.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Leader-Technologies.xml b/src/chrome/content/rules/Leader-Technologies.xml
index 892f9fa196cc..eba6d6916743 100644
--- a/src/chrome/content/rules/Leader-Technologies.xml
+++ b/src/chrome/content/rules/Leader-Technologies.xml
@@ -1,20 +1,28 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://leadertech.com/ => https://www.leadertech.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.leadertech.com'")
+Fetch error: http://www.leadertech.com/ => https://www.leadertech.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.leadertech.com'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://leadertech.com/ => https://www.leadertech.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.leadertech.com/ => https://www.leadertech.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 	Other Leader Technologies rulesets:
 
 		- Online-Register.xml
 
 -->
-<ruleset name="Leader Technologies">
+<ruleset name="Leader Technologies" default_off="failed ruleset test">
 
 	<target host="leadertech.com" />
 	<target host="www.leadertech.com" />
 
 
-	<securecookie host="^www\.leadertech\.com$" name=".*" />
+	<securecookie host="^www\.leadertech\.com$" name=".+" />
 
 
 	<!--	Cert only matches www.	-->
-	<rule from="^https?://(?:www\.)?leadertech\.com/"
+	<rule from="^http://(?:www\.)?leadertech\.com/"
 		to="https://www.leadertech.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Leader.xml b/src/chrome/content/rules/Leader.xml
deleted file mode 100644
index 92be246212af..000000000000
--- a/src/chrome/content/rules/Leader.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	For other News-Gazette coverage, see News-Gazette.xml
-
-
-	- !www: mismatched, CN: digital.news-gazette.com
-	- Some pages redirect to http
-
--->
-<ruleset name="The Leader (partial)">
-
-	<target host="leaderlandnews.com" />
-	<target host="www.leaderlandnews.com" />
-
-
-	<rule from="^http://(?:www\.)?leaderlandnews\.com/(misc/|sites/|user(?:$|\?|/))"
-		to="https://www.leaderlandnews.com/$1" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Leadnow.xml b/src/chrome/content/rules/Leadnow.xml
index 7c2d61b7e035..df227206f5e3 100644
--- a/src/chrome/content/rules/Leadnow.xml
+++ b/src/chrome/content/rules/Leadnow.xml
@@ -1,11 +1,11 @@
-<ruleset name="Leadnow" default_off="mismatch">
+<ruleset name="Leadnow" default_off="mismatched">
 
 	<!--	Cert: *.heroku.com	-->
 	<target host="leadnow.ca" />
-	<target host="*.leadnow.ca" />
+	<target host="www.leadnow.ca" />
 
 
-	<securecookie host="^(.*\.)?leadnow\.ca$" name=".*" />
+	<securecookie host=".+" name=".+" />
 
 
 	<!--	Neither !www nor www redirect to the other,
diff --git a/src/chrome/content/rules/Leadwerks.com.xml b/src/chrome/content/rules/Leadwerks.com.xml
index 625a62ec629e..31a2fe521cfc 100644
--- a/src/chrome/content/rules/Leadwerks.com.xml
+++ b/src/chrome/content/rules/Leadwerks.com.xml
@@ -12,4 +12,4 @@
 	<rule from="^http://(www\.)?leadwerks\.com/(favicon\.ico|files/|img/|scripts/|/?werkspace/(?:cache/|cometchat/|index\.php|/?public/|uploads/))"
 		to="https://$1leadwerks.com/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Leaflet_JS.com.xml b/src/chrome/content/rules/Leaflet_JS.com.xml
new file mode 100644
index 000000000000..4d91e0eced4f
--- /dev/null
+++ b/src/chrome/content/rules/Leaflet_JS.com.xml
@@ -0,0 +1,14 @@
+<!--
+	^: refused
+	www: dropped
+	cdn: wrong CN
+-->
+<ruleset name="Leaflet JS.com">
+
+	<target host="cdn.leafletjs.com" />
+
+
+	<rule from="^http://cdn\.leafletjs\.com/"
+		to="https://d19vzq90twjlae.cloudfront.net/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Leafly.com.xml b/src/chrome/content/rules/Leafly.com.xml
new file mode 100644
index 000000000000..4585bdd209a8
--- /dev/null
+++ b/src/chrome/content/rules/Leafly.com.xml
@@ -0,0 +1,29 @@
+<!--
+	Problematic hosts in *leafly.com:
+
+		- ^ ¹
+		- shop ²
+
+	¹ Dropped
+	² Shopify
+
+-->
+<ruleset name="Leafly.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="developer.leafly.com" />
+	<target host="www.leafly.com" />
+
+	<!--	Complications:
+				-->
+	<target host="leafly.com" />
+
+
+	<rule from="^http://leafly\.com/"
+		to="https://www.leafly.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/League_of_Legends.com-problematic.xml b/src/chrome/content/rules/League_of_Legends.com-problematic.xml
new file mode 100644
index 000000000000..04f6bab24bf6
--- /dev/null
+++ b/src/chrome/content/rules/League_of_Legends.com-problematic.xml
@@ -0,0 +1,14 @@
+<!--
+	For rules that are on by default, see League_of_Legends.com.xml.
+
+-->
+<ruleset name="League of Legends.com (mismatched)" default_off="mismatched">
+
+	<target host="gameinfo.euw.leagueoflegends.com" />
+	<target host="gameinfo.na.leagueoflegends.com" />
+	<target host="prized.na.leagueoflegends.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/League_of_Legends.com.xml b/src/chrome/content/rules/League_of_Legends.com.xml
new file mode 100644
index 000000000000..0c5ae8e21ac2
--- /dev/null
+++ b/src/chrome/content/rules/League_of_Legends.com.xml
@@ -0,0 +1,105 @@
+<!--
+	For problematic rules, see League_of_Legends.com-problematic.xml.
+
+
+	CDN buckets:
+
+		- riot-web-static.s3.amazonaws.com
+
+		- d1qt4plxtxvxul.cloudfront.net
+
+			- gameinfo.euw
+
+		- d1xd5rklg0g0g1.cloudfront.net
+
+			- gameinfo.na
+
+		- competitive-akamai.edgesuite.net
+
+			- competitive.na
+
+		- edge.live.getpantheon.com
+
+			- prized.na
+
+
+	Nonfunctional subdomains:
+
+		- euw ¹
+		- na ¹
+		- forums.(na|euw) ¹
+		- community.na ²
+		- competitive.na ³
+		- jp ¹
+		- eune redirect to http
+		- ru redirect to http
+		- las redirect to http
+		- lan redirect to http
+		- br redirect to http
+		- tr redirect to http
+		- oce redirect to http
+		- ulol timed out
+
+	¹ 500
+	² Refused
+	³ 503, akamai
+
+
+	Problematic subdomains:
+
+		- cdn ¹
+		- gameinfo.euw ¹
+		- gameinfo.na ¹
+		- prized.na ²
+		- metrics ³
+		- boards.pbe ³
+		- pbr.pbe mixed content
+
+	¹ cloudfront
+	² Works; mismatched, CN: *.gotpantheon.com
+	³ mismatch
+
+
+	Partially covered subdomains:
+
+		- signup *
+
+	* Some pages redirect to http
+
+
+	Mixed content:
+
+		- css on gameinfo.na and prized.na from cdn *
+
+		- Images, on:
+
+			- pbesignup.euw, pbesignup.na, and prized.na from cdn *
+
+			- signup, from:
+
+				- $self *
+				- riot-web-static.s3.amazonaws.com *
+				- d2a0be06vdldp1.cloudfront.net *
+
+			- support from riot-web-static.s3.amazonaws.com *
+
+	* Secured by us
+
+-->
+<ruleset name="League of Legends.com (partial)">
+
+	<target host="leagueoflegends.com" />
+	<target host="signup.leagueoflegends.com" />
+	<target host="www.leagueoflegends.com" />
+	<target host="pbesignup.na.leagueoflegends.com" />
+	<target host="account.leagueoflegends.com" />
+	<target host="ddragon.leagueoflegends.com" />
+	<target host="cdn.leagueoflegends.com" />
+	<target host="status.leagueoflegends.com" />
+	<target host="support.leagueoflegends.com" />
+	<target host="ask.leagueoflegends.com" />
+	<target host="battlegrounds.leagueoflegends.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/LeahScape.com.xml b/src/chrome/content/rules/LeahScape.com.xml
index 12da503b1bd8..8803cb2be73b 100644
--- a/src/chrome/content/rules/LeahScape.com.xml
+++ b/src/chrome/content/rules/LeahScape.com.xml
@@ -1,13 +1,13 @@
 <ruleset name="LeahScape.com">
 
 	<target host="leahscape.com" />
-	<target host="*.leahscape.com" />
+	<target host="support.leahscape.com" />
+	<target host="www.leahscape.com" />
 
 
 	<securecookie host="^support\.leahscape.com$" name=".+" />
 
 
-	<rule from="^http://(support\.|www\.)?leahscape\.com/"
-		to="https://$1leahscape.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Leakedsource.com.xml b/src/chrome/content/rules/Leakedsource.com.xml
new file mode 100644
index 000000000000..e2934a4aa6bf
--- /dev/null
+++ b/src/chrome/content/rules/Leakedsource.com.xml
@@ -0,0 +1,32 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://leakedsource.com/ => https://leakedsource.com/: (6, 'Could not resolve host: leakedsource.com')
+Fetch error: http://id.leakedsource.com/ => https://id.leakedsource.com/: (6, 'Could not resolve host: id.leakedsource.com')
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.leakedsource.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="LeakedSource.com" default_off="failed ruleset test">
+
+	<target host="leakedsource.com" />
+	<target host="id.leakedsource.com" />
+	<target host="www.leakedsource.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.leakedsource\.com$" name="^secret$" /-->
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/LeanCrew.com.xml b/src/chrome/content/rules/LeanCrew.com.xml
new file mode 100644
index 000000000000..b0ba59d4e365
--- /dev/null
+++ b/src/chrome/content/rules/LeanCrew.com.xml
@@ -0,0 +1,10 @@
+<!--
+	LeanCrew.com has a wildcard DNS record, but the certificate is only valid for ^.
+-->
+<ruleset name="LeanCrew.com">
+	<target host="leancrew.com" />
+	<target host="www.leancrew.com" />
+
+	<rule from="^http://www\.leancrew\.com/" to="https://leancrew.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Leanpub.com.xml b/src/chrome/content/rules/Leanpub.com.xml
new file mode 100644
index 000000000000..7cc7620d28a6
--- /dev/null
+++ b/src/chrome/content/rules/Leanpub.com.xml
@@ -0,0 +1,14 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- blog.leanpub.com
+		- samples.leanpub.com
+-->
+<ruleset name="Leanpub.com (partial)">
+	<target host="leanpub.com" />
+	<target host="www.leanpub.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Leap_Motion.xml b/src/chrome/content/rules/Leap_Motion.xml
index f6fe65d89ca5..8873a81039d5 100644
--- a/src/chrome/content/rules/Leap_Motion.xml
+++ b/src/chrome/content/rules/Leap_Motion.xml
@@ -7,7 +7,6 @@
 	<securecookie host="^(?:www\.)?leapmotion\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?leapmotion\.com/"
-		to="https://$1leapmotion.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Learn-C.org.xml b/src/chrome/content/rules/Learn-C.org.xml
new file mode 100644
index 000000000000..cc7df3c5216d
--- /dev/null
+++ b/src/chrome/content/rules/Learn-C.org.xml
@@ -0,0 +1,22 @@
+<!--
+	Related Rulesets:
+		Learn-Cpp.org.xml
+		Learn-GoLang.org.xml
+		Learn-JS.org.xml
+		Learn-HTML.org.xml
+		Learn-PHP.org.xml
+		Learn-Perl.org.xml
+		LearnCS.org.xml
+		LearnJavaOnline.org.xml
+		LearnPython.org.xml
+		LearnShell.org.xml
+		LearnRubyOnline.org.xml
+-->
+<ruleset name="Learn-C.org">
+	<target host="learn-c.org" />
+	<target host="www.learn-c.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Learn-Cpp.org.xml b/src/chrome/content/rules/Learn-Cpp.org.xml
new file mode 100644
index 000000000000..aa6e3d246011
--- /dev/null
+++ b/src/chrome/content/rules/Learn-Cpp.org.xml
@@ -0,0 +1,11 @@
+<!--
+	For other related rulesets see: Learn-C.org.xml
+-->
+<ruleset name="Learn-Cpp.org">
+	<target host="learn-cpp.org" />
+	<target host="www.learn-cpp.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Learn-GoLang.org.xml b/src/chrome/content/rules/Learn-GoLang.org.xml
new file mode 100644
index 000000000000..c10e44006a5c
--- /dev/null
+++ b/src/chrome/content/rules/Learn-GoLang.org.xml
@@ -0,0 +1,11 @@
+<!--
+	For other related rulesets see: Learn-C.org.xml
+-->
+<ruleset name="Learn-GoLang.org">
+	<target host="learn-golang.org" />
+	<target host="www.learn-golang.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Learn-HTML.org.xml b/src/chrome/content/rules/Learn-HTML.org.xml
new file mode 100644
index 000000000000..b57722c319f6
--- /dev/null
+++ b/src/chrome/content/rules/Learn-HTML.org.xml
@@ -0,0 +1,11 @@
+<!--
+	For other related rulesets see: Learn-C.org.xml
+-->
+<ruleset name="Learn-HTML.org">
+	<target host="learn-html.org" />
+	<target host="www.learn-html.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Learn-JS.org.xml b/src/chrome/content/rules/Learn-JS.org.xml
new file mode 100644
index 000000000000..670bf9ea89b8
--- /dev/null
+++ b/src/chrome/content/rules/Learn-JS.org.xml
@@ -0,0 +1,11 @@
+<!--
+	For other related rulesets see: Learn-C.org.xml
+-->
+<ruleset name="Learn-JS.org">
+	<target host="learn-js.org" />
+	<target host="www.learn-js.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Learn-PHP.org.xml b/src/chrome/content/rules/Learn-PHP.org.xml
new file mode 100644
index 000000000000..5a6f23f4bae8
--- /dev/null
+++ b/src/chrome/content/rules/Learn-PHP.org.xml
@@ -0,0 +1,11 @@
+<!--
+	For other related rulesets see: Learn-C.org.xml
+-->
+<ruleset name="Learn-PHP.org">
+	<target host="learn-php.org" />
+	<target host="www.learn-php.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Learn-Perl.org.xml b/src/chrome/content/rules/Learn-Perl.org.xml
new file mode 100644
index 000000000000..6c9f47619bb6
--- /dev/null
+++ b/src/chrome/content/rules/Learn-Perl.org.xml
@@ -0,0 +1,11 @@
+<!--
+	For other related rulesets see: Learn-C.org.xml
+-->
+<ruleset name="Learn-Perl.org">
+	<target host="learn-perl.org" />
+	<target host="www.learn-perl.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/LearnCS.org.xml b/src/chrome/content/rules/LearnCS.org.xml
new file mode 100644
index 000000000000..8199481f61c1
--- /dev/null
+++ b/src/chrome/content/rules/LearnCS.org.xml
@@ -0,0 +1,11 @@
+<!--
+	For other related rulesets see: Learn-C.org.xml
+-->
+<ruleset name="LearnCS.org">
+	<target host="learncs.org" />
+	<target host="www.learncs.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/LearnJavaOnline.org.xml b/src/chrome/content/rules/LearnJavaOnline.org.xml
new file mode 100644
index 000000000000..2c7ce091ad78
--- /dev/null
+++ b/src/chrome/content/rules/LearnJavaOnline.org.xml
@@ -0,0 +1,11 @@
+<!--
+	For other related rulesets see: Learn-C.org.xml
+-->
+<ruleset name="LearnJavaOnline.org">
+	<target host="learnjavaonline.org" />
+	<target host="www.learnjavaonline.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/LearnPython.org.xml b/src/chrome/content/rules/LearnPython.org.xml
new file mode 100644
index 000000000000..d4bd06d6a2e5
--- /dev/null
+++ b/src/chrome/content/rules/LearnPython.org.xml
@@ -0,0 +1,11 @@
+<!--
+	For other related rulesets see: Learn-C.org.xml
+-->
+<ruleset name="LearnPython.org">
+	<target host="learnpython.org" />
+	<target host="www.learnpython.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/LearnRubyOnline.org.xml b/src/chrome/content/rules/LearnRubyOnline.org.xml
new file mode 100644
index 000000000000..fc7bab916e66
--- /dev/null
+++ b/src/chrome/content/rules/LearnRubyOnline.org.xml
@@ -0,0 +1,11 @@
+<!--
+	For other related rulesets see: Learn-C.org.xml
+-->
+<ruleset name="LearnRubyOnline.org">
+	<target host="learnrubyonline.org" />
+	<target host="www.learnrubyonline.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/LearnShare.com.xml b/src/chrome/content/rules/LearnShare.com.xml
index a964c69411f0..d1d73a93dfb0 100644
--- a/src/chrome/content/rules/LearnShare.com.xml
+++ b/src/chrome/content/rules/LearnShare.com.xml
@@ -1,13 +1,13 @@
 <ruleset name="LearnShare.com">
 
 	<target host="learnshare.com" />
-	<target host="*.learnshare.com" />
+	<target host="lms4.learnshare.com" />
+	<target host="www.learnshare.com" />
 
 
-	<securecookie host="(?:.+\.)?learnshare\.com$" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
 
-	<rule from="^http://(lms4\.|www\.)?learnshare\.com/"
-		to="https://$1learnshare.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/LearnShell.org.xml b/src/chrome/content/rules/LearnShell.org.xml
new file mode 100644
index 000000000000..13cf44be21c5
--- /dev/null
+++ b/src/chrome/content/rules/LearnShell.org.xml
@@ -0,0 +1,11 @@
+<!--
+	For other related rulesets see: Learn-C.org.xml
+-->
+<ruleset name="LearnShell.org">
+	<target host="learnshell.org" />
+	<target host="www.learnshell.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/LearnXInYMinutes.com.xml b/src/chrome/content/rules/LearnXInYMinutes.com.xml
new file mode 100644
index 000000000000..5beee6671997
--- /dev/null
+++ b/src/chrome/content/rules/LearnXInYMinutes.com.xml
@@ -0,0 +1,11 @@
+<!--
+	Mismatched:
+		- www.learnxinyminutes.com
+-->
+<ruleset name="LearnXInYMinutes.com">
+	<target host="learnxinyminutes.com" />
+	<target host="www.learnxinyminutes.com" />
+
+	<rule from="^http://www\.learnxinyminutes\.com/" to="https://learnxinyminutes.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Learn_my_way.com.xml b/src/chrome/content/rules/Learn_my_way.com.xml
index fa693292f486..baf06a822d97 100644
--- a/src/chrome/content/rules/Learn_my_way.com.xml
+++ b/src/chrome/content/rules/Learn_my_way.com.xml
@@ -4,7 +4,6 @@
 	<target host="www.learnmyway.com" />
 
 
-	<rule from="^http://(www\.)?learnmyway\.com/"
-		to="https://$1learnmyway.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/LearningCast.jp.xml b/src/chrome/content/rules/LearningCast.jp.xml
new file mode 100644
index 000000000000..50ce232fe0f6
--- /dev/null
+++ b/src/chrome/content/rules/LearningCast.jp.xml
@@ -0,0 +1,19 @@
+<!--
+	For other Unisys coverage, see Unisys.co.jp.xml.
+
+
+	(www.)?learningcast.jp doesn't exist.
+
+-->
+<ruleset name="LearningCast.jp">
+
+	<target host="dc2.learningcast.jp" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Learning_Biz_Package.com.xml b/src/chrome/content/rules/Learning_Biz_Package.com.xml
deleted file mode 100644
index 6f4be01ec4df..000000000000
--- a/src/chrome/content/rules/Learning_Biz_Package.com.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	CDN buckets:
-
-		- testing111.s3.amazonaws.com
-		- dwqee6201nsb9.cloudfront.net
-
--->
-<ruleset name="Learning Biz Package.com">
-
-	<target host="learningbizpackage.com" />
-	<target host="*.learningbizpackage.com" />
-
-
-	<securecookie host="^(?:w*\.)?learningbizpackage\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?learningbizpackage\.com/"
-		to="https://$1learningbizpackage.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/LeaseRig.net.xml b/src/chrome/content/rules/LeaseRig.net.xml
new file mode 100644
index 000000000000..90ccd9e064a5
--- /dev/null
+++ b/src/chrome/content/rules/LeaseRig.net.xml
@@ -0,0 +1,19 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://leaserig.net/ => https://leaserig.net/: (7, 'Failed to connect to leaserig.net port 443: Connection refused')
+Fetch error: http://www.leaserig.net/ => https://www.leaserig.net/: (7, 'Failed to connect to www.leaserig.net port 443: Connection refused')
+
+-->
+<ruleset name="LeaseRig.net" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="leaserig.net" />
+	<target host="www.leaserig.net" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/LeaseWeb.com.xml b/src/chrome/content/rules/LeaseWeb.com.xml
deleted file mode 100644
index 26ccec19110c..000000000000
--- a/src/chrome/content/rules/LeaseWeb.com.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- blog	(dropped)
-
--->
-<ruleset name="LeaseWeb.com (partial)">
-
-	<target host="leaseweb.com" />
-	<target host="*.leaseweb.com" />
-
-
-	<securecookie host="^(?:www\.)?leaseweb\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?leaseweb\.com/"
-		to="https://$1leaseweb.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/LeaseWeb.xml b/src/chrome/content/rules/LeaseWeb.xml
new file mode 100644
index 000000000000..9478fa0f4023
--- /dev/null
+++ b/src/chrome/content/rules/LeaseWeb.xml
@@ -0,0 +1,49 @@
+<!--
+	Nonfunctional subdomains:
+
+		- blog	(dropped)
+
+		- ns7.leaseweb.net (timeout)
+		- ns8.leaseweb.net (timeout)
+		- www.leaseweb.net (timeout)
+		- www.mirror.de.leaseweb.net	(mismatch)
+
+	Insecure cookies are set for these hosts:
+
+		- secure.leaseweb.com
+
+-->
+<ruleset name="LeaseWeb (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="leaseweb.com" />
+	<target host="www.leaseweb.com" />
+	<target host="auth.leaseweb.com" />
+	<target host="mirror.leaseweb.com" />
+	<target host="secure.leaseweb.com" />
+
+	<target host="mirror.ams1.nl.leaseweb.net" />
+	<target host="mirror.dal10.us.leaseweb.net" />
+	<target host="mirror.de.leaseweb.net" />
+	<target host="mirror.fra10.de.leaseweb.net" />
+	<target host="mirror.hk.leaseweb.net" />
+	<target host="mirror.hkg10.hk.leaseweb.net" />
+	<target host="mirror.leaseweb.net" />
+	<target host="mirror.nl.leaseweb.net" />
+	<target host="mirror.sfo12.us.leaseweb.net" />
+	<target host="mirror.sg.leaseweb.net" />
+	<target host="mirror.sin11.sg.leaseweb.net" />
+	<target host="mirror.syd10.au.leaseweb.net" />
+	<target host="mirror.us.leaseweb.net" />
+	<target host="mirror.wdc1.us.leaseweb.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^secure\.leaseweb\.com$" name="^PHPSESSID$" /-->
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Least_Authority.com.xml b/src/chrome/content/rules/Least_Authority.com.xml
new file mode 100644
index 000000000000..92dae90e9340
--- /dev/null
+++ b/src/chrome/content/rules/Least_Authority.com.xml
@@ -0,0 +1,28 @@
+<!--
+	Problematic hosts in *leastauthority.com:
+
+		- analytics ¹
+		- www ²
+
+	¹ Expired
+	² Mismatched
+
+-->
+<ruleset name="Least Authority.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="leastauthority.com" />
+
+	<!--	Complications:
+				-->
+	<target host="www.leastauthority.com" />
+
+
+	<rule from="^http://www\.leastauthority\.com/"
+		to="https://leastauthority.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Least_Fixed.com.xml b/src/chrome/content/rules/Least_Fixed.com.xml
new file mode 100644
index 000000000000..a6d0b0438945
--- /dev/null
+++ b/src/chrome/content/rules/Least_Fixed.com.xml
@@ -0,0 +1,14 @@
+<!--
+	www: refused
+
+-->
+<ruleset name="Least Fixed.com">
+
+	<target host="leastfixed.com" />
+	<target host="www.leastfixed.com" />
+
+
+	<rule from="^http://(?:www\.)?leastfixed\.com/"
+		to="https://leastfixed.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/LebLibrary.com.xml b/src/chrome/content/rules/LebLibrary.com.xml
new file mode 100644
index 000000000000..2866ef455d3b
--- /dev/null
+++ b/src/chrome/content/rules/LebLibrary.com.xml
@@ -0,0 +1,20 @@
+<!--
+	Mixed content:
+
+		- Image from th0\d.deviantart.net *
+
+	* Ruleset disabled by default
+
+-->
+<ruleset name="LebLibrary.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="leblibrary.com" />
+	<target host="www.leblibrary.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Lecanardenchaine.fr.xml b/src/chrome/content/rules/Lecanardenchaine.fr.xml
new file mode 100644
index 000000000000..f438d0e9f790
--- /dev/null
+++ b/src/chrome/content/rules/Lecanardenchaine.fr.xml
@@ -0,0 +1,7 @@
+<ruleset name="Lecanardenchaine.fr">
+	<target host="lecanardenchaine.fr" />
+	<target host="www.lecanardenchaine.fr" />
+	<target host="abonnement.lecanardenchaine.fr" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ledevoir.com.xml b/src/chrome/content/rules/Ledevoir.com.xml
new file mode 100644
index 000000000000..065eddf4392c
--- /dev/null
+++ b/src/chrome/content/rules/Ledevoir.com.xml
@@ -0,0 +1,33 @@
+<!--
+	Nonfunctional hosts in *.ledevoir.com:
+		- elections.ledevoir.com m
+		- m.ledevoir.com m
+		- www.offres.ledevoir.com m
+		- www.preprod.ledevoir.com m
+		- www.abonnement.preprod.ledevoir.com m
+		- jesoutiens.preprod.ledevoir.com m
+		- jesoutiens.ledevoir.com t
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Ledevoir.com">
+	<target host="ledevoir.com" />
+	<target host="www.ledevoir.com" />
+	<target host="abonnement.ledevoir.com" />
+	<target host="admin.ledevoir.com" />
+	<target host="boutique.ledevoir.com" />
+	<target host="mail.ledevoir.com" />
+	<target host="media1.ledevoir.com" />
+	<target host="media2.ledevoir.com" />
+
+	<rule from="^http:" to="https:" />
+
+	<securecookie host="^ledevoir\.com$" name=".+" />
+	<securecookie host="^boutique\.ledevoir\.com$" name=".+" />
+	<securecookie host="^media1\.ledevoir\.com$" name=".+" />
+	<securecookie host="^media2\.ledevoir\.com$" name=".+" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ledger.co.xml b/src/chrome/content/rules/Ledger.co.xml
new file mode 100644
index 000000000000..11e068540d13
--- /dev/null
+++ b/src/chrome/content/rules/Ledger.co.xml
@@ -0,0 +1,37 @@
+<!--
+	Other Ledger rulesets:
+
+		- Ledger_Wallet.com.xml
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .ledger.co
+		- www.ledger.co
+
+-->
+<ruleset name="Ledger.co">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ledger.co" />
+	<target host="www.ledger.co" />
+
+		<!--	Sets cookie without Secure:
+							-->
+		<test url="http://www.ledger.co/roadmap" />
+
+
+	<!--	Not secure by server:
+					-->
+	<!--securecookie host="^\.ledger\.co$" name="^(?:__cfduid|cf_clearance)$" /-->
+	<!--securecookie host="^www\.ledger\.co$" name="^_ledger-web_session$" /-->
+
+	<securecookie host="^\.ledger\.co$" name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^www\.ledger\.co$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ledger_Wallet.com.xml b/src/chrome/content/rules/Ledger_Wallet.com.xml
new file mode 100644
index 000000000000..c5003805583d
--- /dev/null
+++ b/src/chrome/content/rules/Ledger_Wallet.com.xml
@@ -0,0 +1,38 @@
+<!--
+	For other Ledger coverage, see Ledger.co.xml.
+
+
+	Nonfunctional hosts in *ledgerwallet.com:
+
+		- support *
+
+	* Redirects to http
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .ledgerwallet.com
+		- www.ledgerwallet.com
+
+-->
+<ruleset name="Ledger Wallet.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ledgerwallet.com" />
+	<target host="www.ledgerwallet.com" />
+
+
+	<!--	Not secure by server:
+					-->
+	<!--securecookie host="^\.ledgerwallet\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+	<!--securecookie host="^www\.ledgerwallet\.com$" name="^_ledger-wallet-web_session$" /-->
+
+	<securecookie host="^\.ledgerwallet\.com$" name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^www\.ledgerwallet\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ledgerscope.net.xml b/src/chrome/content/rules/Ledgerscope.net.xml
deleted file mode 100644
index 923d8943aafa..000000000000
--- a/src/chrome/content/rules/Ledgerscope.net.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!-- This rule was automatically generated based on an HSTS
-     preload rule in the Chromium browser.  See 
-     https://src.chromium.org/viewvc/chrome/trunk/src/net/base/transport_security_state.cc
-     for the list of preloads.  Sites are added to the Chromium HSTS
-     preload list on request from their administrators, so HTTPS should
-     work properly everywhere on this site.
- 
-     Because Chromium and derived browsers automatically force HTTPS for
-     every access to this site, this rule applies only to Firefox. -->
-<ruleset name="Ledgerscope.net" platform="firefox">
-  <target host="ledgerscope.net" />
-  <target host="www.ledgerscope.net" />
-
-  <securecookie host="^ledgerscope\.net$" name=".+" />
-  <securecookie host="^www\.ledgerscope\.net$" name=".+" />
-
-  <rule from="^http://(www\.)?ledgerscope\.net/" to="https://www.ledgerscope.net/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Ledgerscope.xml b/src/chrome/content/rules/Ledgerscope.xml
new file mode 100644
index 000000000000..1be38a099cab
--- /dev/null
+++ b/src/chrome/content/rules/Ledgerscope.xml
@@ -0,0 +1,18 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ledgerscope.net/ => https://ledgerscope.net/: (51, "SSL: no alternative certificate subject name matches target host name 'ledgerscope.net'")
+Fetch error: http://www.ledgerscope.net/ => https://www.ledgerscope.net/: (51, "SSL: no alternative certificate subject name matches target host name 'www.ledgerscope.net'")
+
+-->
+<ruleset name="Ledgerscope" default_off="failed ruleset test">
+	<target host="ledgerscope.net" />
+	<target host="www.ledgerscope.net" />
+	<target host="check.ledgerscope.com" />
+
+	<securecookie host="^ledgerscope\.net$" name=".+" />
+	<securecookie host="^www\.ledgerscope\.net$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Leechaccess.xml b/src/chrome/content/rules/Leechaccess.xml
deleted file mode 100644
index 69e6e2f8c4d3..000000000000
--- a/src/chrome/content/rules/Leechaccess.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<ruleset name="Leechaccess">
-
-	<target host="leechaccess.com"/>
-	<target host="www.leechaccess.com"/>
-
-	<securecookie host="^(.*\.)?leechaccess\.com$" name=".*"/>
-
-	<rule from="^http://(www\.)?leechaccess\.com/"
-		to="https://$1leechaccess.com/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Leeds.gov.uk.xml b/src/chrome/content/rules/Leeds.gov.uk.xml
new file mode 100644
index 000000000000..b202a3770cf1
--- /dev/null
+++ b/src/chrome/content/rules/Leeds.gov.uk.xml
@@ -0,0 +1,40 @@
+<!--
+	For other UK government coverage, see GOV.UK.xml.
+
+	Non-functional hosts
+		Couldn't connect to server:
+		- leeds.gov.uk
+		- democracy.leeds.gov.uk
+		- plandocs.leeds.gov.uk
+		- tithemaps.leeds.gov.uk
+		- www.leeds.gov.uk
+
+		SSL connect error:
+		- consult.leeds.gov.uk
+
+		SSL peer certificate was not OK:
+		- artprints.leeds.gov.uk
+
+		Mixed content blocking (MCB) triggered:
+		- observatory.leeds.gov.uk
+-->
+<ruleset name="Leeds.gov.uk (partial)">
+	<target host="bscmembers.leeds.gov.uk" />
+	<target host="housingssp.leeds.gov.uk" />
+	<target host="jobs.leeds.gov.uk" />
+	<target host="librarybookings.leeds.gov.uk" />
+	<target host="my.leeds.gov.uk" />
+	<target host="news.leeds.gov.uk" />
+	<target host="payments.leeds.gov.uk" />
+	<target host="planningapplications.leeds.gov.uk" />
+	<target host="publicaccess.leeds.gov.uk" />
+	<target host="schoolsonlineservices.leeds.gov.uk" />
+	<target host="secured.leeds.gov.uk" />
+	<target host="sport.leeds.gov.uk" />
+	<target host="whatson.leeds.gov.uk" />
+	<target host="youraccount.leeds.gov.uk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Leeds_Building_Society.co.uk.xml b/src/chrome/content/rules/Leeds_Building_Society.co.uk.xml
new file mode 100644
index 000000000000..5522d55f0f25
--- /dev/null
+++ b/src/chrome/content/rules/Leeds_Building_Society.co.uk.xml
@@ -0,0 +1,23 @@
+<!--
+	Nonfunctional hosts in *leedsbuildingsociety.co.uk:
+
+		- online *
+
+	* 404
+
+-->
+<ruleset name="Leeds Building Society.co.uk (partial)">
+
+	<target host="leedsbuildingsociety.co.uk" />
+	<target host="talkingpoint.leedsbuildingsociety.co.uk" />
+	<target host="www.leedsbuildingsociety.co.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+	<securecookie host="^\." name="^_gat?$" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Leet_Media.com.xml b/src/chrome/content/rules/Leet_Media.com.xml
new file mode 100644
index 000000000000..bbbfd0ddebf8
--- /dev/null
+++ b/src/chrome/content/rules/Leet_Media.com.xml
@@ -0,0 +1,27 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://leetmedia.com/ => https://leetmedia.com/: (60, 'SSL certificate problem: self signed certificate')
+Fetch error: http://www.leetmedia.com/ => https://www.leetmedia.com/: (60, 'SSL certificate problem: self signed certificate')
+
+-->
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://leetmedia.com/ => https://leetmedia.com/: (28, 'Operation timed out after 15000 milliseconds with 0 bytes received')
+
+-->
+<ruleset name="Leet Media.com" default_off="failed ruleset test">
+
+	<target host="leetmedia.com" />
+	<target host="www.leetmedia.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<securecookie host="^(?:w*\.)?leetmedia\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Leetway.com.xml b/src/chrome/content/rules/Leetway.com.xml
index 091c93f2b1a0..993008e0ad81 100644
--- a/src/chrome/content/rules/Leetway.com.xml
+++ b/src/chrome/content/rules/Leetway.com.xml
@@ -1,4 +1,15 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://leetway.com/ (200) => https://leetway.com/ (521)
+Non-2xx HTTP code: http://www.leetway.com/ (200) => https://www.leetway.com/ (521)
+
+-->
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://leetway.com/ => https://leetway.com/: (28, 'Operation timed out after 15001 milliseconds with 0 bytes received')
+
 	Mixed content:
 
 		- Video on www from www.youtube.com *
@@ -23,16 +34,15 @@
 	and css from (www.).
 
 -->
-<ruleset name="Leetway.com (false MCB)" platform="mixedcontent">
+<ruleset name="Leetway.com (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="leetway.com" />
-	<target host="*.leetway.com" />
+	<target host="www.leetway.com" />
 
 
 	<securecookie host="^\.leetway\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?leetway\.com/"
-		to="https://$1leetway.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Lef.org.xml b/src/chrome/content/rules/Lef.org.xml
deleted file mode 100644
index 74b422beed04..000000000000
--- a/src/chrome/content/rules/Lef.org.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="Life Extension Magazine">
-  <target host="www.lef.org"/>
-  <target host="lef.org"/>
-
-  <rule from="^http://(www\.)?lef\.org/" to="https://www.lef.org/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/LegTux.org.xml b/src/chrome/content/rules/LegTux.org.xml
new file mode 100644
index 000000000000..219dcf5b59e1
--- /dev/null
+++ b/src/chrome/content/rules/LegTux.org.xml
@@ -0,0 +1,21 @@
+<!--
+	Remark:
+		- LegTux offers hosting solutions, thus there exist a huge number
+			of sub-domains. 354 sub-domains with 'Incomplete certificate
+			chain error' are omitted from the comment.
+
+	Non-functional hosts
+		Timeout was reached:
+			 - ns2.legtux.org
+-->
+<ruleset name="LegTux.org (partial)">
+	<target host="legtux.org" />
+	<target host="www.legtux.org" />
+	<target host="mysql.legtux.org" />
+	<target host="webmail.legtux.org" />
+	<target host="www.webmail.legtux.org" />
+	<target host="webmailnew.legtux.org" />
+	<target host="www.webmailnew.legtux.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Legacy.com.xml b/src/chrome/content/rules/Legacy.com.xml
index b580e9c34015..605aba0b1dfa 100644
--- a/src/chrome/content/rules/Legacy.com.xml
+++ b/src/chrome/content/rules/Legacy.com.xml
@@ -1,65 +1,44 @@
 <!--
-	CDN buckets:
+	Invalid certificate:
+		- static.cms.legacy.com
+		- connect.legacy.com
+		- www.connect.legacy.com
 
-		- legacy.o.miisolutions.net/...
-
-			- mi-cache.legacy.com
-			- mi-static.legacy.com
-
-
-	Problematic subdomains:
-
-		- blog		(handled in WordPress-blogs.xml)
-		- connect	(CN: *.ning.com)
-		- mi-cache *
-		- mi-static *
-
-	* 404, CN: *.service.mirror-image.net
-
-
-	Partially covered subdomains:
-
-		- (www.) *
-		- memorialwebsites *
-
-	* Some pages redirect to http
-
-
-	Fully covered subdomains:
-
-		- ^
-		- cache
-		- mi
-		- mi-cache
-		- mi-static
-		- static
+	Partially redirects to HTTP:
+		- memorialwebsites.legacy.com
 
+	Timed out:
+		- legacy.com, equivalent to www.legacy.com
 -->
-<ruleset name="Legacy.com (partial)" platform="mixedcontent">
 
+<ruleset name="Legacy.com (partial)">
 	<target host="legacy.com" />
-	<target host="*.legacy.com" />
-		<exclusion pattern="^http://(?:www\.)?legacy\.com/(?!$|favicon\.ico|globalscripts/tracking/AIMWrapper\.js|Images/|(?:[\w/-]+/)?(?:images/|ObitsTileCorner\.axd|scripts/|Styles/)|ns/|NS/|OBITUARIES/AffiliateArtwork\.axd)" />
-		<exclusion pattern="^http://memorialwebsites\.legacy\.com/(?!create(?:account|memorial)\.aspx|images/|styles/)" />
-	<target host="*.legacyconnect.ning.com" />
-
-
-	<securecookie host="^static\.legacy\.com$" name=".+" />
-	<securecookie host="^\.legacyconnect\.ning\.com$" name=".+" />
-
-
-	<!--	obituaries/Images/ redirects to http.
-							-->
-	<rule from="^http://(www\.)?legacy\.com/obituaries/Images/"
-		to="https://$1legacy.com/obituaries/images/" />
-
-	<rule from="^http://((?:cache|mi|static|memorialwebsites|www)\.)?legacy\.com/"
-		to="https://$1legacy.com/" />
-
-	<rule from="^http://connect\.legacy\.com/"
-		to="https://legacyconnect.ning.com/" />
-
-	<rule from="^http://mi-(cache|static)\.legacy\.com/"
-		to="https://$1.legacy.com/" />
-
-</ruleset>
\ No newline at end of file
+	<target host="www.legacy.com" />
+	<target host="ak-static.legacy.com" />
+	<target host="blog.legacy.com" />
+	<target host="cache.legacy.com" />
+	<target host="cms.legacy.com" />
+	<target host="media2.legacy.com" />
+	<target host="memorialwebsites.legacy.com" />
+		<!-- Redirects to HTTP -->
+		<exclusion pattern="^http://memorialwebsites\.legacy\.com/(.*/)?(Homepage|InvalidPage)\.aspx" />
+			<test url="http://memorialwebsites.legacy.com/Homepage.aspx" />
+			<test url="http://memorialwebsites.legacy.com/InvalidPage.aspx" />
+			<test url="http://memorialwebsites.legacy.com/mi/Homepage.aspx" />
+			<test url="http://memorialwebsites.legacy.com/mi/InvalidPage.aspx" />
+	<target host="mi.legacy.com" />
+	<target host="mi-cache.legacy.com" />
+	<target host="mi-static.legacy.com" />
+	<target host="static.legacy.com" />
+	<target host="sympathy.legacy.com" />
+
+	<securecookie host=".+" name="^optimizely" />
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://legacy\.com/"
+		to="https://www.legacy.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Legacy.vg.xml b/src/chrome/content/rules/Legacy.vg.xml
new file mode 100644
index 000000000000..d2949810aec1
--- /dev/null
+++ b/src/chrome/content/rules/Legacy.vg.xml
@@ -0,0 +1,28 @@
+<!--
+	For other PlannedGiving coverage, see PlannedGiving.com.xml.
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.legacy.vg
+
+-->
+<ruleset name="legacy.vg">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="legacy.vg" />
+	<target host="www.legacy.vg" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.legacy\.vg$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^www\.legacy\.vg$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Legal_Directores.xml b/src/chrome/content/rules/Legal_Directores.xml
index 216726c4de4a..112150cff77d 100644
--- a/src/chrome/content/rules/Legal_Directores.xml
+++ b/src/chrome/content/rules/Legal_Directores.xml
@@ -7,7 +7,6 @@
 	<securecookie host="^www\.legaldirectories\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?legaldirectories\.com/"
-		to="https://$1legaldirectories.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/LegiScan.com.xml b/src/chrome/content/rules/LegiScan.com.xml
new file mode 100644
index 000000000000..1b1e08cbcadf
--- /dev/null
+++ b/src/chrome/content/rules/LegiScan.com.xml
@@ -0,0 +1,36 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://acme.legiscan.com/ => https://acme.legiscan.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	Fully covered hosts in *legiscan.com:
+
+		- (www.)?
+		- acme
+
+
+	Insecure cookies are set for these domains:
+
+		- .legiscan.com
+
+-->
+<ruleset name="LegiScan.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="legiscan.com" />
+	<target host="acme.legiscan.com" />
+	<target host="www.legiscan.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.legiscan\.com$" name="^SESS[\da-f]{32}$" /-->
+
+	<securecookie host="^\.legiscan\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Legislationsurveys.com.xml b/src/chrome/content/rules/Legislationsurveys.com.xml
deleted file mode 100644
index 38c0353b7168..000000000000
--- a/src/chrome/content/rules/Legislationsurveys.com.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	Problematic subdomains:
-
-		- ^	(mismatched, CN: acquia-sites.com)
-
--->
-<ruleset name="legislationsurveys.com">
-
-	<target host="legislationsurveys.com" />
-	<target host="www.legislationsurveys.com" />
-
-
-	<rule from="^http://(?:www\.)?legislationsurveys\.com/"
-		to="https://www.legislationsurveys.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/LegitScript.xml b/src/chrome/content/rules/LegitScript.xml
index 82c880db4a9d..7ff4049302ad 100644
--- a/src/chrome/content/rules/LegitScript.xml
+++ b/src/chrome/content/rules/LegitScript.xml
@@ -1,6 +1,7 @@
-<ruleset name="LegitScript">
-  <target host="www.legitscript.com" />
-  <target host="legitscript.com" />
-
-  <rule from="^http://(?:www\.)?legitscript\.com/" to="https://secure.legitscript.com/"/>
-</ruleset>
\ No newline at end of file
+<ruleset name="LegitScript">
+	<target host="www.legitscript.com" />
+	<target host="legitscript.com" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Legit_BS.net.xml b/src/chrome/content/rules/Legit_BS.net.xml
new file mode 100644
index 000000000000..9b910139f8b4
--- /dev/null
+++ b/src/chrome/content/rules/Legit_BS.net.xml
@@ -0,0 +1,33 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .legitbs.net
+
+
+	Mixed content:
+
+		- favicon on blog from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Legit BS.net">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="legitbs.net" />
+	<target host="blog.legitbs.net" />
+	<target host="www.legitbs.net" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.legitbs\.net$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.legitbs\.net$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Legolanddiscoverycenter.xml b/src/chrome/content/rules/Legolanddiscoverycenter.xml
new file mode 100644
index 000000000000..b8087da3e03a
--- /dev/null
+++ b/src/chrome/content/rules/Legolanddiscoverycenter.xml
@@ -0,0 +1,54 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://secure.legolanddiscoverycenter.com/ => https://secure.legolanddiscoverycenter.com/: (6, 'Could not resolve host: secure.legolanddiscoverycenter.com')
+Fetch error: http://secure.legolanddiscoverycentre.co.uk/ => https://secure.legolanddiscoverycentre.co.uk/: (7, 'Failed to connect to secure.legolanddiscoverycentre.co.uk port 443: Connection refused')
+
+	For other Merlin Entertainments coverage, see Merlin-Entertainments.xml.
+
+	Non-functional subdomain:
+		- legolanddiscoverycentre.com
+			- secure		(¹, CN: secure.sydneytowereye.com.au)
+
+		- legolanddiscoverycenter.com
+			- assets		(¹, CN: *.azurewebsites.net)
+
+	¹ cert mismatch
+-->
+<ruleset name="LEGOLAND Discovery Centre" default_off="failed ruleset test">
+	<target host="legolanddiscoverycenter.com" />
+	<target host="secure.legolanddiscoverycenter.com" />
+	<target host="www.legolanddiscoverycenter.com" />
+
+	<target host="legolanddiscoverycentre.co.uk" />
+	<target host="www.legolanddiscoverycentre.co.uk" />
+	<target host="secure.legolanddiscoverycentre.co.uk" />
+
+	<target host="legolanddiscoverycentre.ca" />
+	<target host="www.legolanddiscoverycentre.ca" />
+
+	<target host="legolanddiscoverycentre.de" />
+	<target host="secure.legolanddiscoverycentre.de" />
+	<target host="www.legolanddiscoverycentre.de" />
+
+	<target host="legolanddiscoverycenter.cn" />
+	<target host="shanghai.legolanddiscoverycenter.cn" />
+	<target host="www.legolanddiscoverycenter.cn" />
+
+	<target host="legolanddiscoverycenter.jp" />
+	<target host="www.legolanddiscoverycenter.jp" />
+
+	<securecookie host="www\.legolanddiscoverycentre\.(ca|co\.uk|de)$" name=".+" />
+	<securecookie host="www\.legolanddiscoverycenter\.(cn|com|jp)$" name=".+" />
+
+	<!-- Timeout: -->
+	<rule from="^http://legolanddiscoverycentre\.(ca|co\.uk|de)/"
+		to="https://www.legolanddiscoverycentre.$1/" />
+
+	<!-- Timeout: -->
+	<rule from="^http://legolanddiscoverycenter\.(cn|com|jp)/"
+		to="https://www.legolanddiscoverycenter.$1/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Legolas-Media-mismatches.xml b/src/chrome/content/rules/Legolas-Media-mismatches.xml
index 5bfb2fa3350a..356454ed2c25 100644
--- a/src/chrome/content/rules/Legolas-Media-mismatches.xml
+++ b/src/chrome/content/rules/Legolas-Media-mismatches.xml
@@ -2,7 +2,7 @@
 	For rules that are on by default, see Legolas-Media.xml.
 
 -->
-<ruleset name="Legolas Media (mismatches)" default_off="mismatch">
+<ruleset name="Legolas Media (mismatches)" default_off="mismatched">
 
 	<!--	Cert:	*.bluehost.com
 					-->
diff --git a/src/chrome/content/rules/Legolas-Media.xml b/src/chrome/content/rules/Legolas-Media.xml
deleted file mode 100644
index 4e11b20eb137..000000000000
--- a/src/chrome/content/rules/Legolas-Media.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	For problematic rules, see Legolas-Media-mismatches.xml.
-
--->
-<ruleset name="Legolas Media (partial)">
-
-	<target host="*.legolas-media.com" />
-
-
-	<!--	Set by rt:
-				-->
-	<securecookie host="^\.legolas-media\.com$" name="^uid$" />
-
-
-	<rule from="^http://rt\.legolas-media\.com/"
-		to="https://rt.legolas-media.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Legtux.xml b/src/chrome/content/rules/Legtux.xml
deleted file mode 100644
index a8d1fd733f37..000000000000
--- a/src/chrome/content/rules/Legtux.xml
+++ /dev/null
@@ -1,29 +0,0 @@
-<!--
-	Problematic subdomains:
-
-		- ^	(cert only matches *.legtux.org)
-
-
-	Fully covered subdomains:
-
-		- (www.)	(^ → www)
-		- davask
-		- faq
-
--->
-<ruleset name="Legtux (cacert)" platform="cacert">
-
-	<target host="legtux.org" />
-	<target host="*.legtux.org" />
-
-
-	<securecookie host="^(?:faq|www)\.legtux\.org$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?legtux\.org/"
-		to="https://www.legtux.org/" />
-
-	<rule from="^http://(davask|faq)\.legtux\.org/"
-		to="https://$1.legtux.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Lehrstellen-Radar.de.xml b/src/chrome/content/rules/Lehrstellen-Radar.de.xml
new file mode 100644
index 000000000000..749525d5f998
--- /dev/null
+++ b/src/chrome/content/rules/Lehrstellen-Radar.de.xml
@@ -0,0 +1,8 @@
+<ruleset name="Lehrstellen-Radar">
+
+	<target host="lehrstellen-radar.de"/>
+	<target host="www.lehrstellen-radar.de"/>
+
+	<rule from="^http:" to="https:"/>
+
+</ruleset>
diff --git a/src/chrome/content/rules/Leia_Jung.org.xml b/src/chrome/content/rules/Leia_Jung.org.xml
index 3a4cd5382306..e5b631850e46 100644
--- a/src/chrome/content/rules/Leia_Jung.org.xml
+++ b/src/chrome/content/rules/Leia_Jung.org.xml
@@ -12,4 +12,4 @@
 	<rule from="^http://(?:www\.)?leiajung\.org/"
 		to="https://leiajung.org/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Leibniz_Supercomputing_Centre.xml b/src/chrome/content/rules/Leibniz_Supercomputing_Centre.xml
index 2357e55f7838..e4e36d279a49 100644
--- a/src/chrome/content/rules/Leibniz_Supercomputing_Centre.xml
+++ b/src/chrome/content/rules/Leibniz_Supercomputing_Centre.xml
@@ -1,35 +1,34 @@
-<!--
-	Fully covered domains:
-
-		- www.leibniz-supercomputing-centre.de
-		- www.leibniz-supercomputing-centre.eu
 
-		- lrz.de subdomains:
-
-			- idportal
-			- (www.)v2c
-			- www
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://idportal.lrz-muenchen.de/ => https://idportal.lrz-muenchen.de/: (6, 'Could not resolve host: idportal.lrz-muenchen.de')
 
-		- www.lr-z.de
-		- www.lrz.eu
-		- idportal.lrz-muenchen.de
-		- www.lrz-muenchen.de
-		- www.lrz-munich.eu
+	^leibniz-supercomputing-centre.de, ^leibniz-supercomputing-centre.eu, ^lrz.de,
+	l-rz.de, ^lrz.eu, ^lrz-muenchen.de, lrz-munich.eu, & lrz-münchen.de do not exist.
 
 
-	www.lrz-münchen.de
+	Insecure cookies are set for these hosts:
 
-
-	^leibniz-supercomputing-centre.de, ^leibniz-supercomputing-centre.eu, ^lrz.de,
-	l-rz.de, ^lrz.eu, ^lrz-muenchen.de, lrz-munich.eu, & lrz-münchen.de do not exist.
+		- servicedesk.lrz.de
 
 -->
-<ruleset name="Leibniz Supercomputing Centre">
+<ruleset name="Leibniz Supercomputing Centre" default_off="failed ruleset test">
 
-	<target host="www.leibniz-supercomputing-centre.*" />
-	<target host="*.lrz.de" />
+	<!--	Direct rewrites:
+				-->
+	<target host="www.leibniz-supercomputing-centre.de" />
+	<target host="www.leibniz-supercomputing-centre.eu" />
 	<target host="www.l-rz.de" />
+
+	<target host="gitlab.lrz.de" />
+	<target host="idportal.lrz.de" />
+	<target host="servicedesk.lrz.de" />
+	<target host="v2c.lrz.de" />
+	<target host="www.v2c.lrz.de" />
+	<target host="www.lrz.de" />
+
 	<target host="www.lrz.eu" />
+	<target host="idportal.lrz-muenchen.de" />
 	<target host="www.lrz-muenchen.de" />
 	<target host="www.lrz-munich.eu" />
 	<!--
@@ -38,25 +37,14 @@
 	<target host="www.lrz-münchen.de" /-->
 
 
-	<securecookie host="^idportal\.lrz\.de$" name=".+" />
-
-
-	<rule from="^http://www\.leibniz-supercomputing-centre\.(de|eu)/"
-		to="https://www.leibniz-supercomputing-centre.$1/" />
-
-	<rule from="^http://www\.lr(-)?z\.(de|eu)/"
-		to="https://www.lr$1z.$2/" />
-
-	<rule from="^http://(idportal|(?:www\.)?v2c)\.lrz\.de/"
-		to="https://$1.lrz.de/" />
+	<!--	Not secured by server:
+					-->
+	<securecookie host="^servicedesk\.lrz\.de$" name="^PHPSESSID$" />
 
-	<rule from="^http://(idportal|www)\.lrz-muenchen\.de/"
-		to="https://$1.lrz-muenchen.de/" />
+	<securecookie host="^(?:idportal|servicedesk)\.lrz\.de$" name=".+" />
 
-	<rule from="^http://www\.lrz-munich\.eu/"
-		to="https://www.lrz-munich.eu/" />
 
-	<!--rule from="^http://www\.lrz-münchen\.de/"
-		to="https://www.lrz-münchen.de/" /-->
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Leicestershire.gov.uk.xml b/src/chrome/content/rules/Leicestershire.gov.uk.xml
new file mode 100644
index 000000000000..8dbd5d1f8b03
--- /dev/null
+++ b/src/chrome/content/rules/Leicestershire.gov.uk.xml
@@ -0,0 +1,19 @@
+<!--
+	Leicestershire County Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+-->
+<ruleset name="Leicestershire.gov.uk" default_off="mismatched">
+
+	<target host="leicestershire.gov.uk" />
+	<target host="www.leicestershire.gov.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/LeicestershirePolice.xml b/src/chrome/content/rules/LeicestershirePolice.xml
new file mode 100644
index 000000000000..e86377db0296
--- /dev/null
+++ b/src/chrome/content/rules/LeicestershirePolice.xml
@@ -0,0 +1,36 @@
+<!--
+	Leicestershire Police
+
+
+	Problematic hosts in *leics.police.uk:
+
+		- helicopter ᵐ
+
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- leics.police.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Leics.Police.uk">
+
+	<target host="leics.police.uk" />
+	<target host="www.leics.police.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^leics\.police\.uk$" name="^csrftoken$" /-->
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Leiden_Univ.nl.xml b/src/chrome/content/rules/Leiden_Univ.nl.xml
new file mode 100644
index 000000000000..6f0bad7dcf7b
--- /dev/null
+++ b/src/chrome/content/rules/Leiden_Univ.nl.xml
@@ -0,0 +1,110 @@
+<!--
+	Nonfunctional subdomains:
+
+		- (www.) ⁴
+		- (www.)alumni ¹
+		- (www.)bedrijfswetenschappen ²
+		- cdh ²
+		- (www.)hum ¹
+		- www.iclon ¹
+		- (www.)issc ¹
+		- (www.)languagecentre ²
+		- (www.)law ¹
+		- live ¹
+		- (www.)nieuws ¹
+		- (www.)nieuwsbrief ³
+		- onderwijs ¹
+		- (www.)organisatie ¹
+		- (www.)plexus ¹
+		- (www.)students-faq ⁴
+		- (www.)students
+
+	¹ Refused
+	² Redirects to http
+	³ 500
+	⁴ "Error"
+
+
+	Partially covered subdomains:
+
+		- biosyn.lic ¹
+		- physics ²
+		- science ³
+
+	¹ At last some pages redirect to http
+	² Mismatched
+	³ Works, expired
+
+
+	Fully covered subdomains:
+
+		- (www.)beeldbank
+		- blackboard
+		- (www.)disc
+		- lic
+		- www.math
+		- media
+		- nepo
+		- openaccess
+		- (www.)physics		(^ → www)
+		- socrates
+		- lcserver.strw
+		- studiegids
+		- uaccess
+		- login.uaccess
+		- usis
+		- weblog
+		- webmail
+
+
+	These altnames don't exist:
+
+		- nepo-p.leidenuniv.nl
+
+
+	Mixed content:
+
+		- css on nepo from www ¹
+
+		- Images, on:
+
+			- blackboard from $self ²
+			- nepo from www ¹
+			- www.physics from $self ²
+
+	¹ Unsecurable
+	² Secured by us
+
+-->
+<ruleset name="Leiden Univ.nl (partial)">
+
+	<target host="beeldbank.leidenuniv.nl" />
+	<target host="www.beeldbank.leidenuniv.nl" />
+	<target host="blackboard.leidenuniv.nl" />
+	<target host="disc.leidenuniv.nl" />
+	<target host="www.disc.leidenuniv.nl" />
+	<target host="lic.leidenuniv.nl" />
+	<target host="biosyn.lic.leidenuniv.nl" />
+	<target host="www.math.leidenuniv.nl" />
+	<target host="media.leidenuniv.nl" />
+	<target host="nepo.leidenuniv.nl" />
+	<target host="openaccess.leidenuniv.nl" />
+	<target host="socrates.leidenuniv.nl" />
+	<target host="lcserver.strw.leidenuniv.nl" />
+	<target host="studiegids.leidenuniv.nl" />
+	<target host="uaccess.leidenuniv.nl" />
+	<target host="login.uaccess.leidenuniv.nl" />
+	<target host="usis.leidenuniv.nl" />
+	<target host="weblog.leidenuniv.nl" />
+	<target host="webmail.leidenuniv.nl" />
+	<target host="physics.leidenuniv.nl" />
+	<target host="www.physics.leidenuniv.nl" />
+		<exclusion pattern="^http://biosyn\.lic\.leidenuniv\.nl/+(?!files/|modules/|sites/)" />
+
+
+
+	<rule from="^http://(?:www\.)?physics\.leidenuniv\.nl/"
+		to="https://www.physics.leidenuniv.nl/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Lektorium.tv.xml b/src/chrome/content/rules/Lektorium.tv.xml
new file mode 100644
index 000000000000..3036d2ffeb82
--- /dev/null
+++ b/src/chrome/content/rules/Lektorium.tv.xml
@@ -0,0 +1,6 @@
+<ruleset name="Lektorium.tv">
+  <target host="lektorium.tv" />
+  <target host="www.lektorium.tv" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Lelo.com.xml b/src/chrome/content/rules/Lelo.com.xml
index 11c1eee7c143..d79f5d0ff79c 100644
--- a/src/chrome/content/rules/Lelo.com.xml
+++ b/src/chrome/content/rules/Lelo.com.xml
@@ -1,6 +1,43 @@
+<!--
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- .lelo.com
+		- www.lelo.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Image on rs from leloimg.lelo.netdna-cdn.com
+
+-->
 <ruleset name="Lelo.com">
-        <target host="lelo.com" />
-        <target host="*.lelo.com" />
-        <rule from="^http://lelo\.com/" to="https://lelo.com/"/>
-        <rule from="^http://([^/:@\.]+)\.lelo\.com/" to="https://$1.lelo.com/"/>
+
+	<target host="lelo.com" />
+	<target host="*.lelo.com" />
+
+		<exclusion pattern="^http://(?:[^./]+\.){2,}lelo\.com/" />
+
+			<!--	+ve:
+					-->
+			<test url="http://this.host.lelo.com/" />
+			<test url="http://exists.not.lelo.com/" />
+
+		<test url="http://rs.lelo.com/" />
+		<test url="http://www.lelo.com/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.lelo\.com$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^www\.lelo\.com$" name="^SERVERID$" /-->
+
+	<securecookie host="^\." name="^(?:_gat?$|_gat_|PHPSESSID$)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/Lemde.fr.xml b/src/chrome/content/rules/Lemde.fr.xml
new file mode 100644
index 000000000000..bf57487b0e1c
--- /dev/null
+++ b/src/chrome/content/rules/Lemde.fr.xml
@@ -0,0 +1,23 @@
+<!--
+	For more Le Monde related rules, see LeMonde.fr.xml
+
+	Invalid certificate:
+		live.lemde.fr
+			<test url="http://live.lemde.fr/mux.json" />
+
+-->
+<ruleset name="Lemde.fr">
+
+	<target host="asset.lemde.fr" />
+		<test url="http://asset.lemde.fr/data/0.14.2/css/cadre-page.css" />
+	<target host="img.lemde.fr" />
+		<test url="http://img.lemde.fr/2017/07/05/0/0/2220/1311/534/0/60/0/8d05901_9403-7gtdra.3xsto9lik9.jpg" />
+	<target host="s1.lemde.fr" />
+		<test url="http://s1.lemde.fr/medias/web/1.2.702/img/placeholder/ratio-7.svg" />
+	<target host="s2.lemde.fr" />
+		<test url="http://s2.lemde.fr/medias/web/1.2.702/img/placeholder/ratio-7.svg" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Lendeavor.com.xml b/src/chrome/content/rules/Lendeavor.com.xml
new file mode 100644
index 000000000000..fc97dfd95084
--- /dev/null
+++ b/src/chrome/content/rules/Lendeavor.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Lendeavor.com">
+  <target host="lendeavor.com" />
+  <target host="www.lendeavor.com" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Lendo.se.xml b/src/chrome/content/rules/Lendo.se.xml
new file mode 100644
index 000000000000..bb5df0ce05cc
--- /dev/null
+++ b/src/chrome/content/rules/Lendo.se.xml
@@ -0,0 +1,35 @@
+<!--
+	Nonfunctional subdomains:
+
+		- nyheter *
+
+	* Dropped
+
+
+	^: cert only matches www
+
+
+	Insecure cookies are set for these domains:
+
+		- .lendo.se
+		- www.lendo.se
+
+-->
+<ruleset name="Lendo.se (partial)">
+
+	<target host="lendo.se" />
+	<target host="www.lendo.se" />
+
+
+	<!--	Not secured by server:
+					-->
+	<securecookie host="^\.lendo\.se$" name="^tracking_partner$" />
+	<!--securecookie host="^www\.lendo\.se$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^www\.lendo\.se$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?lendo\.se/"
+		to="https://www.lendo.se/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Lenos-Software.xml b/src/chrome/content/rules/Lenos-Software.xml
deleted file mode 100644
index fa0809d316e9..000000000000
--- a/src/chrome/content/rules/Lenos-Software.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="Lenos Softwarse (partial)">
-
-	<target host="secure.lenos.com"/>
-
-	<securecookie host="^secure\.lenos\.com$" name=".*"/>
-
-	<rule from="^http://secure\.lenos\.com/"
-		to="https://secure.lenos.com/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Lenovo.com-Problematic.xml b/src/chrome/content/rules/Lenovo.com-Problematic.xml
new file mode 100644
index 000000000000..bc5795871af8
--- /dev/null
+++ b/src/chrome/content/rules/Lenovo.com-Problematic.xml
@@ -0,0 +1,92 @@
+<!--
+	Related:
+		Lenovo.com.xml
+
+	Nonfunctional domains:
+		- blog.lenovo.com ¹
+		- click.lenovo.com	( Incomplete cert chain )
+		- consumersupport.lenovo.com	( Timeout )
+		- news.lenovo.com ³
+		- www.partnerinfo.lenovo.com ¹
+		- www2.partnerinfo.lenovo.com ¹
+		- partners.lenovo.com ¹
+		- search3.lenovo.com ( Mismatched	https://search3.lenovo.com/autocomplete/sli-rac.stub.js )
+		- shareit.lenovo.com ¹
+		- social.lenovo.com ⁵
+	¹ Refused
+	³ Show www.tvweeklynow.com
+	⁵ Dropped
+
+	Partially covered domains:
+		www.lenovo.com	( some paths 404 )*
+		www3.lenovo.com
+		outlet.lenovo.com
+		pcsupport.lenovo.com
+	* http://www.lenovo.com/training
+	redirects to http://training.lenovo.partner-management.com/
+	which has been down.
+
+	** ^ redirects to right page, no matter http or https.
+-->
+<ruleset name="Lenovo.com-Problematic">
+	<target host="www.lenovo.com" />
+	<target host="www3.lenovo.com" />
+	<target host="outlet.lenovo.com" />
+	<target host="pcsupport.lenovo.com" />
+
+	<rule from="^http://www\.lenovo\.com/"	to="https://www.lenovo.com/" />
+
+	<exclusion pattern="^http://www\.lenovo\.com/(depotstatus|friendsandfamily|lenovorecovery|support)" />
+	<!--	To pcsupport.lenovo.com	-->
+		<test url="http://www.lenovo.com/depotstatus" />
+		<test url="http://www.lenovo.com/lenovorecovery" />
+	<!--	To http://www3.lenovo.com/us/en/lenovofamily	-->
+		<test url="http://www.lenovo.com/friendsandfamily/" />
+	<!--	To support.lenovo.com	-->
+		<test url="http://www.lenovo.com/support" />
+
+	<!--	www3.	-->
+	<exclusion pattern="^http://www3\.lenovo\.com/$" />
+
+	<rule from="^http://www3\.lenovo\.com/(_ui|maintenance|medias)/"
+		to="https://www3.lenovo.com/$1/" />
+		<test url="http://www3.lenovo.com/_ui/addons/tsasmaddon/desktop/common/css/tsasmaddon.css" />
+		<test url="http://www3.lenovo.com/_ui/desktop/common/cssminc/header.css" />
+		<test url="http://www3.lenovo.com/_ui/desktop/common/ISS_Static/WW/site/scripts/handlebars/hybrisstatic/modal.html" />
+		<test url="http://www3.lenovo.com/maintenance/500page.html" />
+		<test url="http://www3.lenovo.com/maintenance/staticPageCss/themes/owv2/mq.css" />
+		<test url="http://www3.lenovo.com/medias/ls-override.css?context=bWFzdGVyfC9jc3MvZW1lYS9jb250ZW50L3wyNDh8dGV4dC9jc3N8aDI5L2gxMi85NDE3MjcwNjI0Mjg2LmNzc3w1ZDFkNWMxOGRiYmU1ZDkzNjAyY2VjZDI2MTE5MDc5ZDIyMDcyMDlhNzc2OWQxNzhhNzM3OGQyMWFkMTdkMWVk" />
+
+	<rule from="^http://www3\.lenovo\.com/(\S+)?dtagent_ICA23hjprx_6000500091501\.js"
+		to="https://www3.lenovo.com/$1dtagent_ICA23hjprx_6000500091501.js" />
+		<test url="http://www3.lenovo.com/dtagent_ICA23hjprx_6000500091501.js" />
+		<test url="http://www3.lenovo.com/en/dtagent_ICA23hjprx_6000500091501.js" />
+		<test url="http://www3.lenovo.com/it/it/dtagent_ICA23hjprx_6000500091501.js" />
+
+	<!--	outlet.	-->
+	<exclusion pattern="^http://outlet\.lenovo\.com/$" />
+
+	<rule from="^http://outlet\.lenovo\.com/(ISS_Static|SEUILibrary)/"
+		to="https://outlet.lenovo.com/$1/" />
+		<test url="http://outlet.lenovo.com/ISS_Static/images/lenovo_common/c.gif" />
+		<test url="http://outlet.lenovo.com/ISS_Static/WW/AG/outlet/images/products/M600Tiny.jpeg" />
+		<test url="http://outlet.lenovo.com/ISS_Static/WW/css/themes/owv2/images/banner-flag.png" />
+		<test url="http://outlet.lenovo.com/ISS_Static/WW/wci2/us/en/pixeltags/VendorGatekeeper.js" />
+
+		<test url="http://outlet.lenovo.com/SEUILibrary/hightech-portal/images/c.gif" />
+		<test url="http://outlet.lenovo.com/SEUILibrary/lenovo-portal/images/icons/cancel_rd.gif" />
+		<test url="http://outlet.lenovo.com/SEUILibrary/controller/e/outlet_us/LenovoPortal/en_US/catalog.workflow:GetCategoryFacetResultRow?category-id=71CA4FA889894DE833B851384B1F2D77&amp;facetType=null&amp;page=4&amp;itemid=:000001BD:000348DF:" />
+
+	<!--	pcsupport.	-->
+	<exclusion pattern="^http://pcsupport\.lenovo\.com/$" />
+
+	<rule from="^http://pcsupport\.lenovo\.com/(~|App|dist)/"
+		to="https://pcsupport.lenovo.com/$1/" />
+		<test url="http://pcsupport.lenovo.com/~/media/images/prodimagelaptops/lenovo_g480.ashx" />
+		<test url="http://pcsupport.lenovo.com/~/media/images/system/icon/rss.ashx" />
+		<test url="http://pcsupport.lenovo.com/App/Themes/Base/img/masthead_upper_texture_tile.png" />
+		<test url="http://pcsupport.lenovo.com/App/Themes/Base/output/Rebranding.css" />
+		<test url="http://pcsupport.lenovo.com/App/WCD/images/logo_h.png" />
+		<test url="http://pcsupport.lenovo.com/dist/plugins/lsb/framework/script/lsb_framework.bundle.js" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Lenovo.com.cn.xml b/src/chrome/content/rules/Lenovo.com.cn.xml
new file mode 100644
index 000000000000..2671a2af6c1f
--- /dev/null
+++ b/src/chrome/content/rules/Lenovo.com.cn.xml
@@ -0,0 +1,58 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://robot.lenovo.com.cn/ => https://robot.lenovo.com.cn/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://welfare.lenovo.com.cn/ => https://welfare.lenovo.com.cn/: (28, 'Connection timed out after 20001 milliseconds')
+
+	Related:
+		Lenovo.com.xml
+
+	Failed:
+		17ask.lenovo.com.cn
+		appserver.lenovo.com.cn
+		ask.lenovo.com.cn
+		ebidding.lenovo.com.cn
+		ec3.lenovo.com.cn
+		edu.lenovo.com.cn
+		lelink.lenovo.com.cn
+		pad.lenovo.com.cn
+		rd1.lenovo.com.cn
+		s.lenovo.com.cn
+		servicekb.lenovo.com.cn
+		smarttv.lenovo.com.cn
+		videoservice.lenovo.com.cn
+		weixin.lenovo.com.cn
+		zhi.lenovo.com.cn
+
+	Incomplete cert chain:
+		365.lenovo.com.cn
+
+	Mismatch:
+		^
+		b2b.lenovo.com.cn
+		img1cdn.clubstatic.lenovo.com.cn
+		js1cdn.clubstatic.lenovo.com.cn
+		rel.lenovo.com.cn
+		pic.shop.lenovo.com.cn
+		support.lenovo.com.cn
+		think.lenovo.com.cn
+		thinkbbs.lenovo.com.cn
+
+	MCB:
+		club.lenovo.com.cn
+		iknow.lenovo.com.cn	( https://iknow.lenovo.com.cn/detail/dc_153184.html )
+		m.lenovo.com.cn
+-->
+<ruleset name="lenovo.com.cn" default_off="failed ruleset test">
+	<target host="www.lenovo.com.cn" />
+	<target host="buy.lenovo.com.cn" />
+	<target host="17.lenovo.com.cn" />
+	<target host="apps.lenovo.com.cn" />
+	<target host="reg.lenovo.com.cn" />
+	<target host="robot.lenovo.com.cn" />
+	<target host="robotbd.lenovo.com.cn" />
+		<test url="http://robotbd.lenovo.com.cn/rjfiles/js/small-robot-red.js" />
+	<target host="welfare.lenovo.com.cn" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Lenovo.com.xml b/src/chrome/content/rules/Lenovo.com.xml
new file mode 100644
index 000000000000..d820be9b864f
--- /dev/null
+++ b/src/chrome/content/rules/Lenovo.com.xml
@@ -0,0 +1,42 @@
+<!--
+	Related:
+		Lenovo.com-Problematic.xml
+		Lenovo.com.cn.xml
+		Thinkpads.com.xml
+
+	(www.)?lenovo.co.uk redirects to different hosts by IP.
+
+	CDN buckets:
+		- lenovo.com.102.112.2o7.net
+			- s.lenovo.com
+		- lnv.lithium.com
+			- forum.lenovo.com
+			- forums.lenovo.com
+		- com-lenovo.netmng.com
+		- tags.tiqcdn.com/utag/lenovo/
+
+	Break server redirects:
+		shop.lenovo.com		( details: https://github.com/EFForg/https-everywhere/issues/1656 )
+-->
+<ruleset name="Lenovo.com">
+	<target host="lenovo.com" />
+	<target host="apps.lenovo.com" />
+	<target host="checkout.lenovo.com" />
+	<target host="download.lenovo.com" />
+	<target host="forum.lenovo.com" />
+	<target host="forums.lenovo.com" />
+	<target host="ovp.lenovo.com" />
+	<target host="passport.lenovo.com" />
+	<target host="s.lenovo.com" />
+
+	<!--	Too many redirects:	-->
+	<target host="support.lenovo.com" />
+	<exclusion pattern="^http://support\.lenovo\.com/$" />
+		<test url="http://support.lenovo.com/us/en?redir=y&amp;redirsrc=1" />
+
+	<!--	Mismatched	-->
+	<rule from="^http://forum\.lenovo\.com/"
+		to="https://forums.lenovo.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Lenovo.xml b/src/chrome/content/rules/Lenovo.xml
deleted file mode 100644
index 9cc9a36091bd..000000000000
--- a/src/chrome/content/rules/Lenovo.xml
+++ /dev/null
@@ -1,171 +0,0 @@
-<!--
-	CDN buckets:
-
-		- lenovo.com.102.112.2o7.net
-
-			- s.lenovo.com
-
-		- lnv.lithium.com
-
-			- forum.lenovo.com
-			- forums.lenovo.com
-
-		- com-lenovo.netmng.com
-		- tags.tiqcdn.com/utag/lenovo/
-
-
-	Nonfunctional domains;
-
-		- lenovo.com subdomains:
-
-			- blog *
-			- consumersupport **
-			- news			(handshake fails)
-			- social *
-			- support **
-
-		- training.lenovo.partner-management.com
-
-	* Redirects to www.lenovoblogs.com; expired 2011-10-05, CN: localhost.localdomain
-	** Times out
-
-
-	Problematic domains:
-
-		- lenovo.com			(cert is only valid for www)
-		- forum.lenovo.com *
-		- outlet.lenovo.com		($ 404s, some pages redirect to http, some paths work)
-		- (www.)lenovovision.com **
-		- (www.)thinkpad.com **
-
-	* Mismatched, CN: secure01.lithium.com
-	** Times out
-
-
-	Partially covered domains:
-
-		- (www.)lenovo.co.uk	(→ www.lenovo.com)
-		- (www.)lenovo.com	(^ → www, some paths 404)
-		- outlet.lenovo.com
-
-
-	Fully covered domains:
-
-		- lenovo.com subdomains:
-
-			- checkout
-			- download
-			- forum		(→ forums)
-			- forums
-			- s
-			- shop
-
-		- (www.)lenovoorders.com
-		- (www.)lenovovision.com	(→ www.lenovo.com)
-		- (www.)thinkpad.com		(→ www.lenovo.com)
-
--->
-<ruleset name="Lenovo (partial)" platform="mixedcontent">
-
-	<target host="lenovo.co.uk" />
-	<target host="www.lenovo.co.uk" />
-	<target host="lenovo.com" />
-	<target host="*.lenovo.com" />
-		<!--
-			https://mail1.eff.org/pipermail/https-everywhere-rules/2012-April/001098.html
-
-			Redirects that 404. Destinations don't support https:
-										-->
-		<exclusion pattern="^http://www\.lenovo\.com/(?:support|training)/" />
-		<!--
-			https://trac.torproject.org/projects/tor/ticket/9056
-
-			$ no longer works, some pages redirect to http:
-									-->
-		<exclusion pattern="^http://outlet\.lenovo\.com/(?!.+/images/|.+/js/|.+/seutil\.workflow:LoadCombinedResource|ISS_Static/|SEUILibrary/)" />
-		<!--
-			Redirects to http:
-						-->
-		<exclusion pattern="http://shop\.lenovo\.com/\w\w/\w\w/services-warranty(?:$|\?|/)" />
-	<target host="lenovoorders.com" />
-	<target host="www.lenovoorders.com" />
-	<target host="lenovovision.com" />
-	<target host="www.lenovovision.com" />
-	<target host="thinkpad.com" />
-	<target host="www.thinkpad.com" />
-
-
-	<!--	Tracking cookies:
-        These have been observed to break partner referral links and so are
-        disabled...
-	<securecookie host="^\.lenovo\.com$" name="^(?:exp_|oo_inv_|psp|s_|utag_)\w+$" />
-	<securecookie host="^(?:.+\.)?lenovo\.com$" name=".+" />
-					-->
-
-
-	<rule from="^http://(?:www\.)?lenovo\.co\.uk/?$"
-		to="https://www.lenovo.com/uk/en/" />
-
-	<!--	https://trac.torproject.org/projects/tor/ticket/8715
-
-		International domains fail to redirect properly:
-									-->
-	<rule from="^http://(?:www\.)?lenovo\.com(?::80)?/(?!us)(\w\w)/?(?:\?.*)?$"
-		to="https://www.lenovo.com/$1/$1/" />
-
-	<!--	404s as-is:
-				-->
-	<rule from="^http://(?:www\.)?lenovo\.com/depotstatus/?$"
-		to="https://download.lenovo.com/lenovo/content/vru/depotstatus.html" />
-
-	<!--	404s as-is:
-				-->
-	<rule from="^http://(?:www\.)?lenovo\.com/friendsandfamily/?$"
-		to="https://shop.lenovo.com/SEUILibrary/controller/Lenovo:EnterStdAffinity?affinity=lenovofamily&amp;ConfigContext=StdAffinityPortal" />
-
-	<!--	https://trac.torproject.org/projects/tor/ticket/6604
-
-		thinkpad.com redirects to www.lenovo.com/link/redirect.www.lenovo.com/www.thinkpad.com/,
-		which 404s over https but redirects like so over http:
-									-->
-	<rule from="^https?://(?:(?:www\.)?lenovo\.com/link/redirect\.www\.lenovo\.com/)?(?:www\.)?thinkpad\.com/(?:.*)"
-		to="https://www.lenovo.com/us/en/?cid=SEO-thinkpadcom" />
-
-	<rule from="^http://lenovo\.com/"
-		to="https://www.lenovo.com/" />
-
-	<!--	404s as-is:
-				-->
-	<rule from="^http:///shop\.lenovo\.com/us/?$"
-		to="https://www.lenovo.com/products/us/desktop/essential/c-series" />
-
-	<rule from="^http://(checkout|download|outlet|s|shop|www)\.lenovo\.com/"
-		to="https://$1.lenovo.com/"/>
- 
-	<rule from="^http://forums?\.lenovo\.com/"
-		to="https://forums.lenovo.com/" />
-
-	<rule from="^http://(www\.)?lenovoorders\.com/"
-		to="https://$1lenovoorders.com/" />
-
-	<!--	https://mail1.eff.org/pipermail/https-everywhere-rules/2012-June/001189.html
-
-		shop.lenovo points here:
-						-->
-	<rule from="^https?://(?:www\.)?lenovovision\.com/(?:.*)"
-		to="https://www.lenovo.com/" />
-
-	<!--	https://mail1.eff.org/pipermail/https-everywhere-rules/2012-April/001098.html
-
-		training redirects to training.lenovo.partner-management.com:
-										-->
-	<rule from="^https://www\.lenovo\.com/training/"
-		to="http://www.lenovo.com/training/" downgrade="1" />
-
-	<!--	- Social just redirects to blog
-		- Haven't seen blog nor support links, but just in case.
-										-->
-	<rule from="^https://(blog|(?:consumer)?support|news|social)\.lenovo\.com/"
-		to="http://$1.lenovo.com/" downgrade="1" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Lens.io.xml b/src/chrome/content/rules/Lens.io.xml
new file mode 100644
index 000000000000..e976cd5bc818
--- /dev/null
+++ b/src/chrome/content/rules/Lens.io.xml
@@ -0,0 +1,12 @@
+<ruleset name="Lens.io">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="lens.io" />
+	<target host="www.lens.io" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/LensRentals.xml b/src/chrome/content/rules/LensRentals.xml
index 2e4492f6c0c7..8402bd7e678c 100644
--- a/src/chrome/content/rules/LensRentals.xml
+++ b/src/chrome/content/rules/LensRentals.xml
@@ -2,5 +2,5 @@
   <target host="www.lensrentals.com" />
   <target host="lensrentals.com" />
 
-	<rule from="^http://(?:www\.)?lensrentals\.com/" to="https://www.lensrentals.com/"/>
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Lenstip.com.xml b/src/chrome/content/rules/Lenstip.com.xml
new file mode 100644
index 000000000000..4562fda9377c
--- /dev/null
+++ b/src/chrome/content/rules/Lenstip.com.xml
@@ -0,0 +1,10 @@
+<!--
+	Lenstip.com
+	Optical lens tests
+-->
+<ruleset name="Lenstip.com">
+	<target host="lenstip.com" />
+	<target host="www.lenstip.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Leo.org.xml b/src/chrome/content/rules/Leo.org.xml
index 48ba7d97c7df..8447edc05b04 100644
--- a/src/chrome/content/rules/Leo.org.xml
+++ b/src/chrome/content/rules/Leo.org.xml
@@ -1,7 +1,58 @@
+<!--
+	Encoding error:
+		frde.leo.org
+
+	Invalid certificate:
+		advert-nue.leo.org
+		redir-muc.leo.org
+
+	Refused:
+		bar.leo.org
+		t.cdn.leo.org
+		tndict.leo.org
+
+	Timeout:
+		q.cdn.leo.org
+		dz-becan12.leo.org
+		mx.leo.org
+		ns-1.leo.org
+		ns-2.leo.org
+		ns1.leo.org
+		ns2.leo.org
+		ns3.leo.org
+-->
 <ruleset name="Leo.org">
-  <target host="leo.org" />
-  <target host="*.leo.org" />
 
-  <rule from="^http://(www\.)?leo\.org/" to="https://www.leo.org/" />
-  <rule from="^http://([^/:@]*)\.leo\.org/" to="https://$1.leo.org/"/>
+	<target host="leo.org" />
+	<target host="www.leo.org" />
+	<target host="advert.leo.org" />
+		<test url="http://advert.leo.org/adv_pda" />
+	<target host="beta.leo.org" />
+	<target host="bwww.leo.org" />
+	<target host="dict.leo.org" />
+	<target host="www.dict.leo.org" />
+	<target host="dict-muc.leo.org" />
+	<target host="dict-nue.leo.org" />
+	<target host="ende.leo.org" />
+	<target host="esde.leo.org" />
+	<target host="itde.leo.org" />
+	<target host="mobile.leo.org" />
+	<target host="mobile-muc.leo.org" />
+	<target host="mobile-nue.leo.org" />
+	<target host="pda.leo.org" />
+	<target host="www.pda.leo.org" />
+	<target host="pda-muc.leo.org" />
+	<target host="pda-nue.leo.org" />
+	<target host="prev1.leo.org" />
+	<target host="prev2.leo.org" />
+	<target host="prev3.leo.org" />
+	<target host="redir.leo.org" />
+	<target host="rude.leo.org" />
+	<target host="tdict.leo.org" />
+	<target host="tpda.leo.org" />
+	<target host="twww.leo.org" />
+	<target host="zhde.leo.org" />
+
+	<rule from="^http:"	to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/Leona.my.xml b/src/chrome/content/rules/Leona.my.xml
new file mode 100644
index 000000000000..dc911d2b3f82
--- /dev/null
+++ b/src/chrome/content/rules/Leona.my.xml
@@ -0,0 +1,10 @@
+<ruleset name="Leona.my">
+	<target host="leona.my" />
+	<target host="www.leona.my" />
+	<target host="cpanel.leona.my" />
+	<target host="mail.leona.my" />
+	<target host="webdisk.leona.my" />
+	<target host="webmail.leona.my" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Leroy_Farmer_City_Press.xml b/src/chrome/content/rules/Leroy_Farmer_City_Press.xml
deleted file mode 100644
index 43bef015be9c..000000000000
--- a/src/chrome/content/rules/Leroy_Farmer_City_Press.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	For other News-Gazette coverage, see News-Gazette.xml
-
-
-	- !www: mismatched, CN: digital.news-gazette.com
-	- Some pages redirect to http
-
--->
-<ruleset name="Leroy Farmer City Press (partial)">
-
-	<target host="leroyfcpress.com" />
-	<target host="www.leroyfcpress.com" />
-
-
-	<rule from="^http://(?:www\.)?leroyfcpress\.com/(misc/|sites/|user(?:$|\?|/))"
-		to="https://www.leroyfcpress.com/$1" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Les-Crises.fr.xml b/src/chrome/content/rules/Les-Crises.fr.xml
new file mode 100644
index 000000000000..d1eda4adb96a
--- /dev/null
+++ b/src/chrome/content/rules/Les-Crises.fr.xml
@@ -0,0 +1,9 @@
+<ruleset name="Les-Crises.fr">
+	<target host="les-crises.fr" />
+	<target host="www.les-crises.fr" />
+	<target host="modo.les-crises.fr" />
+	<target host="public-app.les-crises.fr" />
+	<target host="rencontres.les-crises.fr" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/LesFurets.com.xml b/src/chrome/content/rules/LesFurets.com.xml
deleted file mode 100644
index d2af5d564e5b..000000000000
--- a/src/chrome/content/rules/LesFurets.com.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	CDN buckets:
-
-		- d2f59t599bk8ak.cloudfront.net
-
-			- cdn.lesfurets.com
-
-
-	Nonfunctional subdomains:
-
-		- (www.)
-
--->
-<ruleset name="LesFurets.com (partial)">
-
-	<target host="cdn.lesfurets.com" />
-
-
-	<rule from="^https?://cdn\.lesfurets\.com/"
-		to="https://d2f59t599bk8ak.cloudfront.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/LesInrocks.com.xml b/src/chrome/content/rules/LesInrocks.com.xml
new file mode 100644
index 000000000000..f273ded097f3
--- /dev/null
+++ b/src/chrome/content/rules/LesInrocks.com.xml
@@ -0,0 +1,55 @@
+<!--
+	Invalid certificate:
+		abonnement.lesinrocks.com
+		boutique.lesinrocks.com
+		live.lesinrocks.com
+		mon-compte.lesinrocks.com
+		revue-du-web.lesinrocks.com
+		statics.lesinrocks.com
+
+	Time out:
+		lesinrocks.com
+		blogs.lesinrocks.com
+		bruxelles.lesinrocks.com
+		cannes2012.lesinrocks.com
+		cannes2013.lesinrocks.com
+		cannes2014.lesinrocks.com
+		cannes2015.lesinrocks.com
+		cannes2016.lesinrocks.com
+		cannes2017.lesinrocks.com
+		extra-tmp.lesinrocks.com
+		festival2013.lesinrocks.com
+		festival2015.lesinrocks.com
+		festival2016.lesinrocks.com
+		helloplay.lesinrocks.com
+		hugoextreme.lesinrocks.com
+		irlande.lesinrocks.com
+		jemesouviens.lesinrocks.com
+		lesfreresjames.lesinrocks.com
+		nl.lesinrocks.com
+		pinkfloyd.lesinrocks.com
+		selectioncity.lesinrocks.com
+		sonosbluenote.lesinrocks.com
+		special.lesinrocks.com
+		suisseinmypocket.lesinrocks.com
+		test.lesinrocks.com
+		top1000.lesinrocks.com
+
+	No working URL known:
+		extra.lesinrocks.com
+
+-->
+<ruleset name="Les Inrocks.com" platform="mixedcontent">
+
+	<target host="lesinrocks.com" />
+	<target host="www.lesinrocks.com" />
+	<target host="abonnes.lesinrocks.com" />
+	<target host="mobile.lesinrocks.com" />
+
+	<rule from="^http://lesinrocks\.com/"
+		to="https://www.lesinrocks.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/LesLumieresdOrient.com.xml b/src/chrome/content/rules/LesLumieresdOrient.com.xml
new file mode 100644
index 000000000000..db29cdac45c8
--- /dev/null
+++ b/src/chrome/content/rules/LesLumieresdOrient.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="Les Lumières D'Orient.com">
+	<target host="leslumieresdorient.com" />
+	<target host="www.leslumieresdorient.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/LessThan3.xml b/src/chrome/content/rules/LessThan3.xml
index 87d043360763..9f95070ceac1 100644
--- a/src/chrome/content/rules/LessThan3.xml
+++ b/src/chrome/content/rules/LessThan3.xml
@@ -9,13 +9,13 @@
 <ruleset name="LessThan3" default_off="mismatched">
 
 	<target host="lessthan3.com" />
-	<target host="*.lessthan3.com" />
+	<target host="www.lessthan3.com" />
+	<target host="media.lessthan3.com" />
 
 
-	<rule from="^https?://(?:www\.)?lessthan3\.com/"
+	<rule from="^http://(?:www\.)?lessthan3\.com/"
 		to="https://www.lessthan3.com/" />
 
-	<rule from="^http://media\.lessthan3\.com/"
-		to="https://media.lessthan3.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/LessWrong.com.xml b/src/chrome/content/rules/LessWrong.com.xml
new file mode 100644
index 000000000000..58ed4ab7e653
--- /dev/null
+++ b/src/chrome/content/rules/LessWrong.com.xml
@@ -0,0 +1,15 @@
+<!--
+	Invalid certificate:
+		images.lesswrong.com
+
+-->
+<ruleset name="LessWrong.com">
+
+	<target host="lesswrong.com" />
+	<target host="www.lesswrong.com" />
+	<target host="wiki.lesswrong.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Lessig_2016.us.xml b/src/chrome/content/rules/Lessig_2016.us.xml
new file mode 100644
index 000000000000..0e0fed671d71
--- /dev/null
+++ b/src/chrome/content/rules/Lessig_2016.us.xml
@@ -0,0 +1,29 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .lessig2016.us
+		- .store.lessig2016.us
+
+-->
+<ruleset name="Lessig 2016.us">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="lessig2016.us" />
+	<target host="pledge.lessig2016.us" />
+	<target host="store.lessig2016.us" />
+	<target host="www.lessig2016.us" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.lessig2016\.us$" name="^(?:__cfduid|cf_clearance)$" /-->
+	<!--securecookie host="^\.store\.lessig2016\.us$" name="^(?:RECENTLY_VIEWED_PRODUCTS|SHOP_SESSION_TOKEN|fornax_anonymousId)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Lessig_for_president.com.xml b/src/chrome/content/rules/Lessig_for_president.com.xml
new file mode 100644
index 000000000000..2fee85ec6fc5
--- /dev/null
+++ b/src/chrome/content/rules/Lessig_for_president.com.xml
@@ -0,0 +1,32 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://lessigforpresident.com/ => https://lessigforpresident.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://store.lessigforpresident.com/ => https://store.lessigforpresident.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.lessigforpresident.com/ => https://www.lessigforpresident.com/: (28, 'Connection timed out after 20000 milliseconds')
+
+	Insecure cookies are set for these domains:
+
+		- .lessigforpresident.com
+
+-->
+<ruleset name="Lessig for president.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="lessigforpresident.com" />
+	<target host="store.lessigforpresident.com" />
+	<target host="www.lessigforpresident.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.lessigforpresident\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Lester_Chan.net.xml b/src/chrome/content/rules/Lester_Chan.net.xml
index a302d05cf0fb..d73a04d6008c 100644
--- a/src/chrome/content/rules/Lester_Chan.net.xml
+++ b/src/chrome/content/rules/Lester_Chan.net.xml
@@ -13,37 +13,18 @@
 		- lc2.lcstatic.net	(404; mismatched, CN: edgecastcdn.net)
 
 
-	Fully covered domains:
+	Insecure cookies are set for these hosts:
 
-		- lc2.lcstatic.net	(→ lesterchan-lesterchan.netdna-ssl.com)
-		- (www.)lesterchan.net
-
-
-	Mixed content:
-
-		- Images, on lesterchan.net from:
-
-			- feeds2.feedburner.com *
-			- farm3.staticflickr.com **
-
-	* Unsecurable, doesn't trip MCB
-	** Secured by us
+		- lesterchan.net
 
 -->
 <ruleset name="Lester Chan.net">
 
 	<target host="lc2.lcstatic.net" />
-	<target host="lesterchan.net" />
-	<target host="www.lesterchan.net" />
-
 
-	<securecookie host="^lesterchan\.net$" name=".+" />
+	<target host="lesterchan.lesterchan.netdna-cdn.com" />
 
-
-	<rule from="^http://lc2\.lcstatic\.net/"
+	<rule from="^http://l(?:c2\.lcstatic\.net|esterchan\.lesterchan\.netdna-cdn\.com)/"
 		to="https://lesterchan-lesterchan.netdna-ssl.com/" />
 
-	<rule from="^http://(www\.)?lesterchan\.net/"
-		to="https://$1lesterchan.net/" />
-
 </ruleset>
diff --git a/src/chrome/content/rules/LetMeTurnTheTables.com.xml b/src/chrome/content/rules/LetMeTurnTheTables.com.xml
new file mode 100644
index 000000000000..93b9d2441069
--- /dev/null
+++ b/src/chrome/content/rules/LetMeTurnTheTables.com.xml
@@ -0,0 +1,10 @@
+<!--
+	Secure Connection Failed:
+		fr.letmeturnthetables.com
+-->
+<ruleset name="LetMeTurnTheTables.com">
+	<target host="letmeturnthetables.com" />
+	<target host="www.letmeturnthetables.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/LetsSingIt.xml b/src/chrome/content/rules/LetsSingIt.xml
index 1f09726d120d..e5b7c7cef3d3 100644
--- a/src/chrome/content/rules/LetsSingIt.xml
+++ b/src/chrome/content/rules/LetsSingIt.xml
@@ -1,3 +1,7 @@
+<!--
+Automatically by https-everywhere-checker because:
+Non-2xx HTTP code: http://cdn.lsistatic.com/ (200) => https://lsi.cachefly.net/ (501)
+-->
 <ruleset name="LetsSingIt (partial)">
 
 	<target host="cdn.lsistatic.com"/>
diff --git a/src/chrome/content/rules/Lets_Encrypt.org.xml b/src/chrome/content/rules/Lets_Encrypt.org.xml
new file mode 100644
index 000000000000..85b79864ceec
--- /dev/null
+++ b/src/chrome/content/rules/Lets_Encrypt.org.xml
@@ -0,0 +1,26 @@
+<!--
+	Invalid certificate:
+		- ocsp.int-x3.letsencrypt.org
+-->
+<ruleset name="Lets Encrypt.org">
+
+	<target host="letsencrypt.org" />
+	<target host="www.letsencrypt.org" />
+	<target host="acme-staging.api.letsencrypt.org" />
+	<target host="acme-staging-v02.api.letsencrypt.org" />
+	<target host="acme-v01.api.letsencrypt.org" />
+	<target host="acme-v02.api.letsencrypt.org" />
+	<target host="community.letsencrypt.org" />
+	<target host="cps.letsencrypt.org" />
+	<target host="helloworld.letsencrypt.org" />
+	<target host="cert.int-x3.letsencrypt.org" />
+	<target host="cp.root-x1.letsencrypt.org" />
+	<target host="cps.root-x1.letsencrypt.org" />
+	<target host="status.letsencrypt.org" />
+	<target host="valid-isrgrootx1.letsencrypt.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Lets_Talk_Bitcoin.com.xml b/src/chrome/content/rules/Lets_Talk_Bitcoin.com.xml
new file mode 100644
index 000000000000..b073b720cf03
--- /dev/null
+++ b/src/chrome/content/rules/Lets_Talk_Bitcoin.com.xml
@@ -0,0 +1,34 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.letstalkbitcoin.com/ => https://www.letstalkbitcoin.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.letstalkbitcoin.com'")
+
+	Fully covered hosts in *letstalkbitcoin.com:
+
+		- (www.)?
+
+
+	Insecure cookies are set for these domains:
+
+		- .letstalkbitcoin.com
+
+-->
+<ruleset name="Lets Talk Bitcoin.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="letstalkbitcoin.com" />
+	<target host="www.letstalkbitcoin.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.letstalkbitcoin\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\.letstalkbitcoin\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Letterboxd.com.xml b/src/chrome/content/rules/Letterboxd.com.xml
new file mode 100644
index 000000000000..34800b6c9aed
--- /dev/null
+++ b/src/chrome/content/rules/Letterboxd.com.xml
@@ -0,0 +1,31 @@
+<ruleset name="Letterboxd.com">
+	<target host="letterboxd.com" />
+	<target host="www.letterboxd.com" />
+
+<!--
+	the following subdomains don't support https yet but are listed here for reference
+-->
+
+<!-- 	<target host="news.letterboxd.com" /> -->
+<!-- 	<target host="embed.letterboxd.com" /> -->
+<!-- 	<target host="feedback.letterboxd.com" /> -->
+
+<!--
+	there is also ltrbxd.com which appears to be mainly used for a cdn.
+	However not all subdomains work correctly with https. For example,
+	every file on a.ltrbxd.com is also available on skyfall.a.ltrbxd.com,
+	oblivion.a.ltrbxd.com etc. These servers can be accessed with https
+	but browsers will display errors/warnings because there is only a
+	wildcard certificate for *.ltrbxd.com and not one for each of the subdomains.
+-->
+
+	<target host="a.ltrbxd.com" />
+<!-- 	<target host="*.a.ltrbxd.com" /> -->
+	<target host="s1.ltrbxd.com" />
+<!-- 	<target host="*.s1.ltrbxd.com" /> -->
+	<target host="s2.ltrbxd.com" />
+<!-- 	<target host="*.s2.ltrbxd.com" /> -->
+
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Lettre-de-motivation-facile.com.xml b/src/chrome/content/rules/Lettre-de-motivation-facile.com.xml
new file mode 100644
index 000000000000..6c40342f23b4
--- /dev/null
+++ b/src/chrome/content/rules/Lettre-de-motivation-facile.com.xml
@@ -0,0 +1,14 @@
+<ruleset name="Lettre-de-motivation-facile.com">
+
+	<target host="lettre-de-motivation-facile.com" />
+	<target host="www.lettre-de-motivation-facile.com" />
+
+
+	<!--	Server doesn't set Secure:
+						-->
+	<securecookie host="^(?:w*\.)?lettre-de-motivation-facile\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Level1Techs.com.xml b/src/chrome/content/rules/Level1Techs.com.xml
new file mode 100644
index 000000000000..953bd327292f
--- /dev/null
+++ b/src/chrome/content/rules/Level1Techs.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="Level1Techs.com">
+	<target host="level1techs.com" />
+	<target host="www.level1techs.com" />
+	<target host="forum.level1techs.com" />
+	<target host="store.level1techs.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Level_3.com.xml b/src/chrome/content/rules/Level_3.com.xml
new file mode 100644
index 000000000000..dabd2d3f57b6
--- /dev/null
+++ b/src/chrome/content/rules/Level_3.com.xml
@@ -0,0 +1,41 @@
+<!--
+	Other Level 3 rulesets:
+
+		- Mylevel3.net.xml
+		- Ucommand.com.xml
+
+
+	Nonfunctional subdomains:
+
+		- (www.) ¹
+		- blog ¹
+		- cdn1 ¹
+		- conferencing ²
+		- investors ²
+		- maps ¹
+		- searchguide ¹
+
+	¹ Dropped
+	² Refused
+
+
+	Fully covered subdomains:
+
+		- account
+
+-->
+<ruleset name="Level 3.com (partial)">
+
+	<target host="account.level3.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^account\.level3\.com$" name="^JSESSIONID$" /-->
+
+	<securecookie host="^account\.level3\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Levels.io.xml b/src/chrome/content/rules/Levels.io.xml
new file mode 100644
index 000000000000..43071cf993f7
--- /dev/null
+++ b/src/chrome/content/rules/Levels.io.xml
@@ -0,0 +1,27 @@
+<!--
+	Other levels.io rulesets:
+
+		- GifBook.io.xml
+
+
+	www.levels.io: Redirects to http$
+
+-->
+<ruleset name="levels.io">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="levels.io" />
+
+	<!--	Complications:
+				-->
+	<target host="www.levels.io" />
+
+
+	<rule from="^http://www\.levels\.io/"
+		to="https://levels.io/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Lever.co.xml b/src/chrome/content/rules/Lever.co.xml
new file mode 100644
index 000000000000..60a6b0197a2e
--- /dev/null
+++ b/src/chrome/content/rules/Lever.co.xml
@@ -0,0 +1,17 @@
+<ruleset name="Lever.co">
+
+	<target host="lever.co" />
+	<target host="jobs.lever.co" />
+	<target host="www.lever.co" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^jobs\.lever\.co$" name="^lever-referer$" /-->
+
+	<securecookie host="^jobs\.lever\.co$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Leveson_Inquiry.xml b/src/chrome/content/rules/Leveson_Inquiry.xml
index 0b6ac14b3df7..a05c4e1919cb 100644
--- a/src/chrome/content/rules/Leveson_Inquiry.xml
+++ b/src/chrome/content/rules/Leveson_Inquiry.xml
@@ -1,14 +1,22 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://levesoninquiry.org.uk/ => https://www.levesoninquiry.org.uk/: (35, 'error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol')
+Fetch error: http://www.levesoninquiry.org.uk/ => https://www.levesoninquiry.org.uk/: (35, 'error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://levesoninquiry.org.uk/ => https://www.levesoninquiry.org.uk/: (7, 'Failed to connect to www.levesoninquiry.org.uk port 443: Connection refused')
+Fetch error: http://www.levesoninquiry.org.uk/ => https://www.levesoninquiry.org.uk/: (7, 'Failed to connect to www.levesoninquiry.org.uk port 443: Connection refused')
 	!www doesn't work.
 
 -->
-<ruleset name="The Leveson Inquiry">
+<ruleset name="The Leveson Inquiry" default_off="failed ruleset test">
 
 	<target host="levesoninquiry.org.uk" />
 	<target host="www.levesoninquiry.org.uk" />
 
 
-	<rule from="^https?://(?:www\.)?levesoninquiry\.org\.uk/"
+	<rule from="^http://(?:www\.)?levesoninquiry\.org\.uk/"
 		to="https://www.levesoninquiry.org.uk/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Levexis.xml b/src/chrome/content/rules/Levexis.xml
index 1ef9cf9aff44..be6ea6292cda 100644
--- a/src/chrome/content/rules/Levexis.xml
+++ b/src/chrome/content/rules/Levexis.xml
@@ -1,34 +1,38 @@
 <!--
-	Nonfunctional subdomains:
+	^levexis.com: shows default page
 
-		- ^	(shows default plesk page; expired 2007-06-15, CN: plesk)
 
+	Problematic hosts in *levexis.com:
 
-	Problematic subdomains:
+		- res ᴬ
 
-		- res	(akamai)
+	ᴬ Akamai / mismatched
 
 
-	Fully covered subdomains:
-
-		- pfa
-
-
-	www does not exist
+	www.levexis.com does not exist
 
 -->
-<ruleset name="Levexis (partial)">
+<ruleset name="Levexis.com (partial)">
 
-	<target host="*.levexis.com" />
+	<!--	Direct rewrites:
+				-->
+	<target host="pfa.levexis.com" />
+	<target host="sec.levexis.com" />
 
+	<!--	Complications:
+				-->
+	<target host="res.levexis.com" />
 
-	<securecookie host="^pfa\.levexis\.com$" name=".+" />
 
+	<securecookie host="^\w" name=".+" />
 
-	<rule from="^http://pfa\.levexis\.com/"
-		to="https://pfa.levexis.com/" />
 
-	<rule from="^http://(?:res|sec)\.levexis\.com/"
+	<rule from="^http://res\.levexis\.com/"
 		to="https://sec.levexis.com/" />
 
-</ruleset>
\ No newline at end of file
+		<test url="http://res.levexis.com/clientfiles/default/19/debenhamsie.htm" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Leviathan_Security.com.xml b/src/chrome/content/rules/Leviathan_Security.com.xml
new file mode 100644
index 000000000000..32aeb2206422
--- /dev/null
+++ b/src/chrome/content/rules/Leviathan_Security.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.leviathansecurity.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Leviathan Security.com">
+
+	<target host="leviathansecurity.com" />
+	<target host="www.leviathansecurity.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.leviathansecurity\.com$" name="^crumb$" /-->
+
+	<securecookie host="^\." name="^(?:__cfduid|cf-clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Levny-hosting.cz.xml b/src/chrome/content/rules/Levny-hosting.cz.xml
new file mode 100644
index 000000000000..8dd8ddbb22fb
--- /dev/null
+++ b/src/chrome/content/rules/Levny-hosting.cz.xml
@@ -0,0 +1,11 @@
+<ruleset name="Levny-hosting.cz">
+
+	<target host="levny-hosting.cz" />
+	<target host="www.levny-hosting.cz" />
+
+	<securecookie host="^www\.levny-hosting\.cz$" name=".+" />
+
+	<rule from="^http:"
+            to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Levo_League.com-problematic.xml b/src/chrome/content/rules/Levo_League.com-problematic.xml
deleted file mode 100644
index 0e3b6ae1750a..000000000000
--- a/src/chrome/content/rules/Levo_League.com-problematic.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	For rules that are on by default, see Levo_League.com.xml.
-
--->
-<ruleset name="Levo League.com (problematic)" default_off="mismatched">
-
-	<target host="levoleague.com" />
-	<target host="*.levoleague.com" />
-
-
-	<securecookie host="^www\.levoleague\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?levoleague\.com/"
-		to="https://www.levoleague.com/" />
-
-	<!--	Protocol-relative links from www:
-							-->
-	<rule from="^https://assets\.levoleague\.com/"
-		to="https://d1liz66zbw1f5h.cloudfront.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Levo_League.com.xml b/src/chrome/content/rules/Levo_League.com.xml
index a03ecc7b1710..694decd8c4e1 100644
--- a/src/chrome/content/rules/Levo_League.com.xml
+++ b/src/chrome/content/rules/Levo_League.com.xml
@@ -1,6 +1,8 @@
 <!--
 	For problematic rules, see Levo_League.com-problematic.xml.
 
+	For other Levo League coverage, see Levo.com.xml.
+
 
 	CDN buckets:
 
@@ -12,23 +14,37 @@
 			- assets.levoleague.com
 
 
-	- Nonfunctional subdomains:
+	Nonfunctional subdomains:
+
+		- developers *
 
-		- developers	(dropped)
+	* Refused
 
 
 	Problematic subdomains:
 
-		- (www.)	(works; mismatched, CN: *.heroku.com)
+		- (www.) ¹
 		- assets	(cloudfront)
 
+	¹ Refused
+
 -->
 <ruleset name="Levo League.com (partial)">
 
+	<!--	Complications:
+				-->
+	<target host="levoleague.com" />
 	<target host="assets.levoleague.com" />
+	<target host="www.levoleague.com" />
+
 
+	<!--	Redirect keeps path, args,
+		and forward slash:
+					-->
+	<rule from="^http://(?:www\.)?levoleague\.com/"
+		to="https://www.levo.com/" />
 
 	<rule from="^http://assets\.levoleague\.com/"
 		to="https://d1liz66zbw1f5h.cloudfront.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Levonline.com.xml b/src/chrome/content/rules/Levonline.com.xml
index 20c858707cff..aa0048a70bfa 100644
--- a/src/chrome/content/rules/Levonline.com.xml
+++ b/src/chrome/content/rules/Levonline.com.xml
@@ -13,7 +13,6 @@
 	<securecookie host="^(?:www\.)?levonline\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?levonline\.com/"
-		to="https://$1levonline.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/LewRockwell.com.xml b/src/chrome/content/rules/LewRockwell.com.xml
index 9d9fadc499d4..47b68e9e145a 100644
--- a/src/chrome/content/rules/LewRockwell.com.xml
+++ b/src/chrome/content/rules/LewRockwell.com.xml
@@ -9,13 +9,13 @@
 <ruleset name="LewRockwell.com">
 
 	<target host="lewrockwell.com" />
-	<target host="*.lewrockwell.com" />
+	<target host="beta.lewrockwell.com" />
+	<target host="www.lewrockwell.com" />
 
 
 	<securecookie host="^(?:beta|www)\.lewrockwell.com$" name=".+" />
 
 
-	<rule from="^http://(beta\.|www\.)?lewrockwell\.com/"
-		to="https://$1lewrockwell.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Lex_Machina.com.xml b/src/chrome/content/rules/Lex_Machina.com.xml
new file mode 100644
index 000000000000..b72ccc00a60a
--- /dev/null
+++ b/src/chrome/content/rules/Lex_Machina.com.xml
@@ -0,0 +1,51 @@
+<!--
+	Nonfunctional subdomains:
+
+		- pages *
+
+	* Marketo
+
+
+	Fully covered subdomains:
+
+		- (www.)?
+		- law
+
+
+	Mixed content:
+
+		- css from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Lex Machina.com (partial)">
+
+	<target host="lexmachina.com" />
+	<target host="law.lexmachina.com" />
+	<!--target host="pages.lexmachina.com" /-->
+	<target host="www.lexmachina.com" />
+
+		<!--exclusion pattern="^http://pages\.lexmachina\.com/(?!css/|images/|js/|rs/)" /-->
+
+			<!--	+ve:
+					-->
+			<!--test url="http://pages.lexmachina.com/Custom-Insights-Webcast.html" /-->
+			<!--test url="http://pages.lexmachina.com/RegisterPersonalDemo.html" /-->
+			<!--test url="http://pages.lexmachina.com/SubscribeToemailLP.html" /-->
+			<!--test url="http://pages.lexmachina.com/registerforPTABWebcast.html" /-->
+
+			<!--	-ve:
+					-->
+			<!--test url="http://pages.lexmachina.com/css/mktLPSupport.css" /-->
+
+
+	<!--	na-ab01: Self-signed:
+					-->
+	<!--rule from="^http://pages\.lexmachina\.com/"
+		to="https://na-ab01.market.com/" /-->
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Lexity.com.xml b/src/chrome/content/rules/Lexity.com.xml
new file mode 100644
index 000000000000..d83d0b20da48
--- /dev/null
+++ b/src/chrome/content/rules/Lexity.com.xml
@@ -0,0 +1,26 @@
+<!--
+	For other Yahoo coverage, see Yahoo.xml.
+
+-->
+<ruleset name="Lexity.com">
+
+	<target host="lexity.com" />
+	<target host="commercecentral.lexity.com" />
+	<target host="www.lexity.com" />
+
+
+	<!--	Secured by server:
+					-->
+	<!--securecookie host="^(www\.)?lexity\.com$" name="^_rockstar_session$" /-->
+	<!--
+		Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?lexity\.com$" name="^first_referer$" /-->
+	<!--securecookie host="^\.lexity\.com$" name="^BX$" /-->
+
+	<securecookie host="^(?:\.|www\.)?lexity\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/LezloveVideo.com.xml b/src/chrome/content/rules/LezloveVideo.com.xml
index c7400ac25d12..f16e565afca5 100644
--- a/src/chrome/content/rules/LezloveVideo.com.xml
+++ b/src/chrome/content/rules/LezloveVideo.com.xml
@@ -11,7 +11,6 @@
 	<securecookie host="^www\.lezlovevideo\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?lezlovevideo\.com/"
-		to="https://www.lezlovevideo.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Lfrs.sl.xml b/src/chrome/content/rules/Lfrs.sl.xml
new file mode 100644
index 000000000000..e35f8ad6449e
--- /dev/null
+++ b/src/chrome/content/rules/Lfrs.sl.xml
@@ -0,0 +1,7 @@
+<ruleset name="Lfrs.sl">
+	<target host="cdn.lfrs.sl" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Lh.co.th.xml b/src/chrome/content/rules/Lh.co.th.xml
index 94a0ae9e9c48..9f4e422a051c 100644
--- a/src/chrome/content/rules/Lh.co.th.xml
+++ b/src/chrome/content/rules/Lh.co.th.xml
@@ -1,6 +1,16 @@
-<ruleset name="Lh.co.th">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://lh.co.th/ => https://www.lh.co.th/: (7, 'Failed to connect to www.lh.co.th port 443: Connection refused')
+Fetch error: http://www.lh.co.th/ => https://www.lh.co.th/: (7, 'Failed to connect to www.lh.co.th port 443: Connection refused')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://lh.co.th/ => https://www.lh.co.th/: (7, 'Failed to connect to www.lh.co.th port 443: Connection refused')
+Fetch error: http://www.lh.co.th/ => https://www.lh.co.th/: (7, 'Failed to connect to www.lh.co.th port 443: Connection refused')
+-->
+<ruleset name="Lh.co.th" default_off="failed ruleset test">
   <target host="lh.co.th" />
   <target host="www.lh.co.th" />
 
-  <rule from="^http://(www\.)?lh\.co\.th/" to="https://www.lh.co.th/" />
+  <rule from="^http://(?:www\.)?lh\.co\.th/" to="https://www.lh.co.th/" />
 </ruleset>
diff --git a/src/chrome/content/rules/Li.ru.xml b/src/chrome/content/rules/Li.ru.xml
new file mode 100644
index 000000000000..369416ce99cb
--- /dev/null
+++ b/src/chrome/content/rules/Li.ru.xml
@@ -0,0 +1,11 @@
+<!--
+	For other LiveInternet coverage, see LiveInternet.ru.xml.
+-->
+<ruleset name="Li.ru">
+	<target host="li.ru" />
+	<target host="www.li.ru" />
+	<target host="captcha.li.ru" />
+	<target host="i.li.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/LiLux.lu.xml b/src/chrome/content/rules/LiLux.lu.xml
index d1ce47089107..9698faede84c 100644
--- a/src/chrome/content/rules/LiLux.lu.xml
+++ b/src/chrome/content/rules/LiLux.lu.xml
@@ -17,13 +17,14 @@
 <ruleset name="LiLux.lu">
 
 	<target host="lilux.lu" />
-	<target host="*.lilux.lu" />
+	<target host="lists.lilux.lu" />
+	<target host="mail.lilux.lu" />
+	<target host="www.lilux.lu" />
 
 
 	<securecookie host="^(?:mail|www)\.lilux\.lu$" name=".+" />
 
 
-	<rule from="^http://((?:lists|mail|www)\.)?lilux\.lu/"
-		to="https://$1lilux.lu/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Lib.rus.ec.xml b/src/chrome/content/rules/Lib.rus.ec.xml
new file mode 100644
index 000000000000..4e09834367b1
--- /dev/null
+++ b/src/chrome/content/rules/Lib.rus.ec.xml
@@ -0,0 +1,5 @@
+<ruleset name="Lib.rus.ec">
+  <target host="lib.rus.ec" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/LibAnswers.xml b/src/chrome/content/rules/LibAnswers.xml
index 0aa906337bc5..61ce3f90e018 100644
--- a/src/chrome/content/rules/LibAnswers.xml
+++ b/src/chrome/content/rules/LibAnswers.xml
@@ -7,13 +7,13 @@
 		- laimages.s3.amazonaws.com
 
 -->
-<ruleset name="LibAnswers">
+<ruleset name="LibAnswers.com">
 
 	<target host="libanswers.com" />
 	<target host="www.libanswers.com" />
 
 
-	<rule from="^http://(www\.)?libanswers\.com/"
-		to="https://$1libanswers.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/LibApps.com.xml b/src/chrome/content/rules/LibApps.com.xml
new file mode 100644
index 000000000000..1bfd7cafe95a
--- /dev/null
+++ b/src/chrome/content/rules/LibApps.com.xml
@@ -0,0 +1,26 @@
+<!--
+	For other Springshare coverage, see Springshare.xml.
+
+
+	CDN buckets:
+
+		- s3.amazonaws.com/libapps/
+
+-->
+<ruleset name="LibApps.com">
+
+	<target host="becker-wustl.libapps.com" />
+	<target host="springy.libapps.com" />
+	<target host="wustl.libapps.com" />
+
+		<test url="http://becker-wustl.libapps.com/libapps/login.php?site_id=1497" />
+		<test url="http://wustl.libapps.com/libapps/login.php?site_id=1858&amp;target=" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/LibCal.com.xml b/src/chrome/content/rules/LibCal.com.xml
new file mode 100644
index 000000000000..83703642be7c
--- /dev/null
+++ b/src/chrome/content/rules/LibCal.com.xml
@@ -0,0 +1,30 @@
+<!--
+	For other Springshare coverage, see Springshare.xml.
+
+
+	CDN buckets:
+
+		- lcimages.s3.amazonaws.com
+
+
+	Mixed content:
+
+		- Image on www from lcimages.s3.amazonaws.com
+
+-->
+<ruleset name="LibCal.com">
+
+	<target host="libcal.com" />
+	<target host="*.libcal.com" />
+
+		<test url="http://api3.libcal.com/" />
+		<test url="http://www.libcal.com/" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/LibGen.is.xml b/src/chrome/content/rules/LibGen.is.xml
new file mode 100644
index 000000000000..2fa1c3ddbea9
--- /dev/null
+++ b/src/chrome/content/rules/LibGen.is.xml
@@ -0,0 +1,6 @@
+<ruleset name="LibGen.is">
+	<target host="libgen.is" />
+	<target host="www.libgen.is" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/LibGuides.xml b/src/chrome/content/rules/LibGuides.xml
index b4498ee61f5b..8212e4b50f31 100644
--- a/src/chrome/content/rules/LibGuides.xml
+++ b/src/chrome/content/rules/LibGuides.xml
@@ -1,4 +1,10 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://libguides.com/ => https://libguides.com/: Too many redirects while fetching 'https://libguides.com/'
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://libguides.com/ => https://libguides.com/: Cycle detected - URL already encountered: https://libguides.com/
 	For other Springshare coverage, see Springshare.xml.
 
 
@@ -7,13 +13,13 @@
 		- lgimages.s3.amazonaws.com
 
 -->
-<ruleset name="LibGuides">
+<ruleset name="LibGuides" default_off="failed ruleset test">
 
 	<target host="libguides.com" />
-	<target host="www.libguides.com" />
+	<target host="*.libguides.com" />
 
 
-	<rule from="^http://(www\.)?libguides\.com/"
+	<rule from="^http://(\w+\.)?libguides\.com/"
 		to="https://$1libguides.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/LibSDL.org.xml b/src/chrome/content/rules/LibSDL.org.xml
new file mode 100644
index 000000000000..ae7a573e2244
--- /dev/null
+++ b/src/chrome/content/rules/LibSDL.org.xml
@@ -0,0 +1,41 @@
+<!--
+	Nonfunctional subdomains:
+
+		- lists	(refused)
+
+
+	Fully covered subdomains:
+
+		- (www.)
+		- bugzilla
+		- forums
+		- hg
+		- slouken
+		- wiki
+
+
+	Mixed content:
+
+		- Images on (www.) from cdn.steampowered.com *
+
+	* Rule disabled by default
+
+-->
+<ruleset name="libSDL.org (partial)">
+
+	<target host="libsdl.org" />
+	<target host="bugzilla.libsdl.org" />
+	<target host="forums.libsdl.org" />
+	<target host="hg.libsdl.org" />
+	<target host="slouken.libsdl.org" />
+	<target host="wiki.libsdl.org" />
+	<target host="www.libsdl.org" />
+
+
+	<securecookie host="^(?:\.bugzilla|forums)\.libsdl\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Libarchive.org.xml b/src/chrome/content/rules/Libarchive.org.xml
new file mode 100644
index 000000000000..db8b6316971f
--- /dev/null
+++ b/src/chrome/content/rules/Libarchive.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="Libarchive.org">
+	<target host="libarchive.org" />
+	<target host="www.libarchive.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Libav.org.xml b/src/chrome/content/rules/Libav.org.xml
new file mode 100644
index 000000000000..737c7a49f50f
--- /dev/null
+++ b/src/chrome/content/rules/Libav.org.xml
@@ -0,0 +1,34 @@
+<!--
+	Invalid certificate:
+		aruru.libav.org
+		builds.libav.org
+		chikinaro.libav.org
+		planet.libav.org
+		sakuya.libav.org
+		teoro.libav.org
+		win32.libav.org
+
+-->
+<ruleset name="libav">
+
+	<target host="libav.org" />
+	<target host="www.libav.org" />
+	<target host="bugzilla.libav.org" />
+	<target host="fate.libav.org" />
+	<target host="fate-suite.libav.org" />
+	<target host="git.libav.org" />
+	<target host="lists.libav.org" />
+	<target host="oboro.libav.org" />
+	<target host="oracle.libav.org" />
+	<target host="patches.libav.org" />
+	<target host="patchwork.libav.org" />
+	<target host="plaid.libav.org" />
+	<target host="samples.libav.org" />
+	<target host="wiki.libav.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Libav.xml b/src/chrome/content/rules/Libav.xml
deleted file mode 100644
index 4bfd5ed954ac..000000000000
--- a/src/chrome/content/rules/Libav.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<ruleset name="libav">
-
-	<target host="libav.org" />
-	<target host="*.libav.org" />
-
-
-	<securecookie host="^.*\.libav\.org$" name=".*" />
-
-
-	<!--	Observed subdomains:
-
-		- bugzilla
-		- fate
-		- git
-		- www
-
-    Sample does not work:
-    https://trac.torproject.org/projects/tor/ticket/7931
-			-->
-	<rule from="^http://((bugzilla|fate|git|www)\.)?libav\.org/"
-		to="https://$1libav.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Libdems.org.uk.xml b/src/chrome/content/rules/Libdems.org.uk.xml
index fd8fd12d1962..634501d79602 100644
--- a/src/chrome/content/rules/Libdems.org.uk.xml
+++ b/src/chrome/content/rules/Libdems.org.uk.xml
@@ -10,7 +10,8 @@
 <ruleset name="Libdems.org.uk (partial)">
 
 	<target host="libdems.org.uk" />
-	<target host="*.libdems.org.uk" />
+	<target host="www.libdems.org.uk" />
+	<target host="pdd.libdems.org.uk" />
 
 
 	<securecookie host="^(?:www\.)?libdems\.org\.uk$" name=".+" />
@@ -22,4 +23,4 @@
 	<rule from="^http://pdd\.libdems\.org\.uk/"
 		to="https://pdd.libdems.org.uk/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Libdrc.org.xml b/src/chrome/content/rules/Libdrc.org.xml
new file mode 100644
index 000000000000..ad35eacf4581
--- /dev/null
+++ b/src/chrome/content/rules/Libdrc.org.xml
@@ -0,0 +1,14 @@
+<!--
+	CN: *.alwaysdata.net
+
+-->
+<ruleset name="libdrc.org" default_off="mismatched">
+
+	<target host="libdrc.org" />
+	<target host="www.libdrc.org" />
+
+
+	<rule from="^http://(?:www\.)?libdrc\.org/"
+		to="https://libdrc.org/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Liberal.ca.xml b/src/chrome/content/rules/Liberal.ca.xml
new file mode 100644
index 000000000000..99580b885462
--- /dev/null
+++ b/src/chrome/content/rules/Liberal.ca.xml
@@ -0,0 +1,13 @@
+<!--
+	Non-functional subdomain:
+		- event		(server error)
+-->
+<ruleset name="Liberal Party of Canada (partial)">
+	<target host="liberal.ca" />
+	<target host="boutique.liberal.ca" />
+	<target host="convention.liberal.ca" />
+	<target host="www.liberal.ca" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Liberal_America.org-falsemixed.xml b/src/chrome/content/rules/Liberal_America.org-falsemixed.xml
new file mode 100644
index 000000000000..d92b4119fc52
--- /dev/null
+++ b/src/chrome/content/rules/Liberal_America.org-falsemixed.xml
@@ -0,0 +1,17 @@
+<!--
+	For rules not causing false/broken MCB, see Liberal_America.org.xml.
+
+-->
+<ruleset name="Liberal America.org (false MCB)" platform="mixedcontent">
+
+	<target host="liberalamerica.org" />
+	<target host="www.liberalamerica.org" />
+
+
+	<securecookie host="^\.liberalamerica\.org$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?liberalamerica\.org/"
+		to="https://www.liberalamerica.org/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Liberal_America.org.xml b/src/chrome/content/rules/Liberal_America.org.xml
new file mode 100644
index 000000000000..18abc2f463c6
--- /dev/null
+++ b/src/chrome/content/rules/Liberal_America.org.xml
@@ -0,0 +1,27 @@
+<!--
+	For rules causing false/broken MCB, see Liberal_America.org-falsemixed.xml.
+
+
+	Mixed content:
+
+		- css from $self *
+
+		- Images from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Liberal America.org (partial)">
+
+	<target host="liberalamerica.org" />
+	<target host="www.liberalamerica.org" />
+		<!--
+			Avoid false/broken MCB:
+						-->
+		<!--exclusion pattern="http://(www\.)?liberalamerica\.org/(?!wp-content/|wp-includes/)" /-->
+
+
+	<rule from="^http://(?:www\.)?liberalamerica\.org/(?=wp-content/|wp-includes/)"
+		to="https://www.liberalamerica.org/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/LiberationPledge.com.xml b/src/chrome/content/rules/LiberationPledge.com.xml
new file mode 100644
index 000000000000..0ffe293dbee8
--- /dev/null
+++ b/src/chrome/content/rules/LiberationPledge.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="The Liberation Pledge">
+
+	<target host="liberationpledge.com" />
+	<target host="www.liberationpledge.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Liberdade.Digital.xml b/src/chrome/content/rules/Liberdade.Digital.xml
new file mode 100644
index 000000000000..11cbec541f60
--- /dev/null
+++ b/src/chrome/content/rules/Liberdade.Digital.xml
@@ -0,0 +1,30 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://liberdade.digital/ => https://liberdade.digital/: (6, 'Could not resolve host: liberdade.digital')
+Fetch error: http://piwik.liberdade.digital/ => https://piwik.liberdade.digital/: (60, 'SSL certificate problem: self signed certificate')
+
+	These altnames don't exist:
+
+		- www.liberdade.digital
+
+
+	Mixed content:
+
+		- Bug from piwik.liberdade.digital *
+
+	* Secured by us
+
+-->
+<ruleset name="Liberdade.Digital" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="liberdade.digital" />
+	<target host="piwik.liberdade.digital" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Liberian_Geek.net.xml b/src/chrome/content/rules/Liberian_Geek.net.xml
new file mode 100644
index 000000000000..175878a0240a
--- /dev/null
+++ b/src/chrome/content/rules/Liberian_Geek.net.xml
@@ -0,0 +1,9 @@
+<ruleset name="Liberian Geek.net">
+
+	<target host="liberiangeek.net" />
+	<target host="www.liberiangeek.net" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Liberty.me.xml b/src/chrome/content/rules/Liberty.me.xml
new file mode 100644
index 000000000000..23f322339de8
--- /dev/null
+++ b/src/chrome/content/rules/Liberty.me.xml
@@ -0,0 +1,29 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .liberty.me
+		- .(account).liberty.me
+
+-->
+<ruleset name="Liberty.me">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="liberty.me" />
+	<target host="*.liberty.me" />
+
+		<test url="http://antiwar.liberty.me/" />
+		<test url="http://cryptoanarchy.liberty.me/" />
+		<test url="http://www.liberty.me/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.liberty\.me$" name="^(?:__cfduid|cf_clearance)$" /-->
+	<!--securecookie host="^\.(account)\.liberty\.me$" name="^liberty_blog_\d+_view_style$" /-->
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Liberty.xml b/src/chrome/content/rules/Liberty.xml
deleted file mode 100644
index 70643d89e361..000000000000
--- a/src/chrome/content/rules/Liberty.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Liberty">
-
-	<target host="liberty-human-rights.org.uk" />
-	<target host="www.liberty-human-rights.org.uk" />
-
-
-	<securecookie host="^(?:www\.)?liberty-human-rights\.org\.uk$" name=".+" />
-
-
-	<rule from="^http://(www\.)?liberty-human-rights\.org\.uk/"
-		to="https://$1liberty-human-rights.org.uk/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Libevent.org.xml b/src/chrome/content/rules/Libevent.org.xml
new file mode 100644
index 000000000000..f26d3a0fde3a
--- /dev/null
+++ b/src/chrome/content/rules/Libevent.org.xml
@@ -0,0 +1,11 @@
+<!--
+	Mismatch:
+		- www.libevent.org
+-->
+<ruleset name="Libevent.org">
+	<target host="libevent.org" />
+	<target host="www.libevent.org" />
+
+	<rule from="^http://www\.libevent\.org/" to="https://libevent.org/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Libgen.xml b/src/chrome/content/rules/Libgen.xml
new file mode 100644
index 000000000000..a8d713638bab
--- /dev/null
+++ b/src/chrome/content/rules/Libgen.xml
@@ -0,0 +1,21 @@
+<!--
+	Refused:
+		*.libgen.io
+
+	Invalid certificate:
+		*.libgen.me
+
+-->
+<ruleset name="Libgen" default_off="mismatched">
+
+	<target host="libgen.pw" />
+	<target host="www.libgen.pw" />
+	<target host="fiction.libgen.pw" />
+	<target host="www.fiction.libgen.pw" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Libis.be.xml b/src/chrome/content/rules/Libis.be.xml
new file mode 100644
index 000000000000..34eec7216533
--- /dev/null
+++ b/src/chrome/content/rules/Libis.be.xml
@@ -0,0 +1,23 @@
+<!--
+	(www.)?libis.be: Refused
+
+
+	Mixed content:
+
+		- Image on extranet from libis.be *
+
+	* Unsecurable <= refused
+
+-->
+<ruleset name="Libis.be (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="extranet.libis.be" />
+	<target host="services.libis.be" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Libraries.io.xml b/src/chrome/content/rules/Libraries.io.xml
new file mode 100644
index 000000000000..c34919a2f0b8
--- /dev/null
+++ b/src/chrome/content/rules/Libraries.io.xml
@@ -0,0 +1,12 @@
+<ruleset name="Libraries.io">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="libraries.io" />
+	<target host="www.libraries.io" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/LibraryAnywhere.xml b/src/chrome/content/rules/LibraryAnywhere.xml
index 2629fc313564..9b473092f1d7 100644
--- a/src/chrome/content/rules/LibraryAnywhere.xml
+++ b/src/chrome/content/rules/LibraryAnywhere.xml
@@ -1,10 +1,26 @@
-<ruleset name="Library Anywhere">
-	<target host="www.libanywhere.com"/>
-	<target host="libanywhere.com"/>
-	<target host="syndetics.com"/>
-	<target host="www.syndetics.com"/>
-	<target host="secure.syndetics.com"/>
-
-	<rule from="^http://(?:www\.)?libanywhere\.com/" to="https://www.libanywhere.com/"/>
-	<rule from="^http://(?:www\.)?syndetics\.com/" to="https://secure.syndetics.com/"/>
+<!--
+	Library Anywhere
+
+	For other ProQuest coverage, see ProQuest.xml.
+
+
+	Mixed content:
+
+		- Image from www.librarything.com *
+
+	* Secured by us
+
+-->
+<ruleset name="LibAnywhere.com">
+
+	<target host="libanywhere.com" />
+	<target host="www.libanywhere.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/LibraryThing.xml b/src/chrome/content/rules/LibraryThing.xml
index afeaa42bb2c6..d7f6f980b918 100644
--- a/src/chrome/content/rules/LibraryThing.xml
+++ b/src/chrome/content/rules/LibraryThing.xml
@@ -1,11 +1,16 @@
-<ruleset name="LibraryThing">
-  <target host="pics.librarything.com" />
-  <target host="static.librarything.com" />
-  <target host="www.librarything.com" />
-  <target host="librarything.com" />
+<ruleset name="LibraryThing.com">
 
-  <securecookie host="^(.*\.)?librarything\.com$" name=".*" />
+	<target host="librarything.com" />
+	<target host="pics.cdn.librarything.com" />
+	<target host="pics.librarything.com" />
+	<target host="static.librarything.com" />
+	<target host="www.librarything.com" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
-  <rule from="^http://(?:www\.)?librarything\.com/" to="https://www.librarything.com/"/>
-  <rule from="^http://(pics|static)?\.librarything\.com/" to="https://$1.librarything.com/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/Library_Freedom_Project.org.xml b/src/chrome/content/rules/Library_Freedom_Project.org.xml
new file mode 100644
index 000000000000..4b5b28953f32
--- /dev/null
+++ b/src/chrome/content/rules/Library_Freedom_Project.org.xml
@@ -0,0 +1,13 @@
+<!--
+	Invalid Certificate:
+		analytics.libraryfreedomproject.org
+		mail.libraryfreedomproject.org
+-->
+<ruleset name="Library Freedom Project.org" >
+	<target host="libraryfreedomproject.org" />
+	<target host="www.libraryfreedomproject.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Librato.com.xml b/src/chrome/content/rules/Librato.com.xml
new file mode 100644
index 000000000000..43413551dba0
--- /dev/null
+++ b/src/chrome/content/rules/Librato.com.xml
@@ -0,0 +1,11 @@
+<!--blog. mismatch
+support.metrics. refused
+info. mismatch-->
+<ruleset name="Librato.com">
+	<target host="librato.com" />
+	<target host="www.librato.com" />
+	<target host="metrics.librato.com" />
+	<target host="status.librato.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Libravatar.org.xml b/src/chrome/content/rules/Libravatar.org.xml
deleted file mode 100644
index 8172515c417d..000000000000
--- a/src/chrome/content/rules/Libravatar.org.xml
+++ /dev/null
@@ -1,26 +0,0 @@
-<!--
-	Problematic subdomains:
-
-		- cdn	(works; mismatched, CN: seccdn.libravatar.org)
-
-
-	Fully covered subdomains:
-
-		- (www.)
-		- cdn		(→ seccdn)
-		- seccdn
-
--->
-<ruleset name="Libravatar.org">
-
-	<target host="libravatar.org" />
-	<target host="*.libravatar.org" />
-
-
-	<rule from="^http://(www\.)?libravatar\.org/"
-		to="https://$1libravatar.org/" />
-
-	<rule from="^http://(?:sec)?cdn\.libravatar\.org/"
-		to="https://seccdn.libravatar.org/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/LibreLabUCM.org.xml b/src/chrome/content/rules/LibreLabUCM.org.xml
new file mode 100644
index 000000000000..aff9e1c21ef4
--- /dev/null
+++ b/src/chrome/content/rules/LibreLabUCM.org.xml
@@ -0,0 +1,26 @@
+<ruleset name="LibreLabUCM.org">
+    <target host="librelabucm.org"              />
+    <target host="foro.librelabucm.org"         />
+    <target host="liberarfdi.librelabucm.org"   />
+    <target host="trinity.librelabucm.org"      />
+    <target host="wekan.librelabucm.org"        />
+    <target host="pgp.librelabucm.org"          />
+    <target host="moodle.librelabucm.org"       />
+    <target host="mtproxy.librelabucm.org"      />
+    <target host="gitlab.librelabucm.org"       />
+    <target host="openproject.librelabucm.org"  />
+    <target host="peertube.librelabucm.org"     />
+    <target host="calendar.librelabucm.org"     />
+    <target host="gnusocial.librelabucm.org"    />
+    <target host="mattermost.librelabucm.org"   />
+    <target host="latex.librelabucm.org"        />
+    <target host="analytics.librelabucm.org"    />
+    <target host="xmpp.librelabucm.org"         />
+    <target host="minetest.librelabucm.org"     />
+    <target host="minecraft.librelabucm.org"    />
+    <target host="redeclipse.librelabucm.org"   />
+    <target host="syncthing.librelabucm.org"    />
+
+    <rule from="^http:"
+        to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/LibreOffice.org.xml b/src/chrome/content/rules/LibreOffice.org.xml
new file mode 100644
index 000000000000..c6075ee0dbb3
--- /dev/null
+++ b/src/chrome/content/rules/LibreOffice.org.xml
@@ -0,0 +1,87 @@
+<!--
+	Mismatch:
+		- api.libreoffice.org
+		- dev-builds.libreoffice.org
+		- tinderbox.libreoffice.org
+
+	Mixed content:
+		- devcentral.libreoffice.org
+		- perf.libreoffice.org
+-->
+<ruleset name="LibreOffice.org">
+	<target host="libreoffice.org" />
+	<target host="www.libreoffice.org" />
+	<target host="api.libreoffice.org" />
+	<target host="ar.libreoffice.org" />
+	<target host="ask.libreoffice.org" />
+	<target host="bg.libreoffice.org" />
+	<target host="brx.libreoffice.org" />
+	<target host="bugs.libreoffice.org" />
+	<target host="ca.libreoffice.org" />
+	<target host="ci.libreoffice.org" />
+	<target host="conference.libreoffice.org" />
+	<target host="crashreport.libreoffice.org" />
+	<target host="cs.libreoffice.org" />
+	<target host="cy.libreoffice.org" />
+	<target host="cz.libreoffice.org" />
+	<target host="da.libreoffice.org" />
+	<target host="de.libreoffice.org" />
+	<target host="dev-builds.libreoffice.org" />
+	<target host="dev-www.libreoffice.org" />
+	<target host="docs.libreoffice.org" />
+	<target host="documentation.libreoffice.org" />
+	<target host="donate.libreoffice.org" />
+	<target host="el.libreoffice.org" />
+	<target host="encontro.libreoffice.org" />
+	<target host="eo.libreoffice.org" />
+	<target host="es.libreoffice.org" />
+	<target host="et.libreoffice.org" />
+	<target host="extensions.libreoffice.org" />
+	<target host="fa.libreoffice.org" />
+	<target host="fi.libreoffice.org" />
+	<target host="fr.libreoffice.org" />
+	<target host="ga.libreoffice.org" />
+	<target host="gd.libreoffice.org" />
+	<target host="gerrit.libreoffice.org" />
+	<target host="gl.libreoffice.org" />
+	<target host="help.libreoffice.org" />
+	<target host="hu.libreoffice.org" />
+	<target host="it.libreoffice.org" />
+	<target host="ja.libreoffice.org" />
+	<target host="ka.libreoffice.org" />
+	<target host="ko.libreoffice.org" />
+	<target host="lcov.libreoffice.org" />
+	<target host="listarchives.libreoffice.org" />
+	<target host="lo.libreoffice.org" />
+	<target host="lt.libreoffice.org" />
+	<target host="marketing.libreoffice.org" />
+	<target host="mt.libreoffice.org" />
+	<target host="my.libreoffice.org" />
+	<target host="nl.libreoffice.org" />
+	<target host="no.libreoffice.org" />
+	<target host="oc.libreoffice.org" />
+	<target host="opengrok.libreoffice.org" />
+	<target host="pl.libreoffice.org" />
+	<target host="pt-br.libreoffice.org" />
+	<target host="pt.libreoffice.org" />
+	<target host="ro.libreoffice.org" />
+	<target host="ru.libreoffice.org" />
+	<target host="si.libreoffice.org" />
+	<target host="sid.libreoffice.org" />
+	<target host="sk.libreoffice.org" />
+	<target host="sl.libreoffice.org" />
+	<target host="sr.libreoffice.org" />
+	<target host="sv.libreoffice.org" />
+	<target host="ta.libreoffice.org" />
+	<target host="templates.libreoffice.org" />
+	<target host="tinderbox.libreoffice.org" />
+	<target host="tr.libreoffice.org" />
+	<target host="vi.libreoffice.org" />
+	<target host="website.libreoffice.org" />
+	<target host="zh-cn.libreoffice.org" />
+	<target host="zh-tw.libreoffice.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/LibreOffice.xml b/src/chrome/content/rules/LibreOffice.xml
deleted file mode 100644
index 19bd48f02cf7..000000000000
--- a/src/chrome/content/rules/LibreOffice.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- ask *
-		- dev-builds	(refused)
-
-	* Times out
-
--->
-<ruleset name="LibreOffice">
-
-	<target host="libreoffice.org" />
-	<target host="*.libreoffice.org" />
-
-
-	<securecookie host="^(?:donate|help|www)\.libreoffice\.org$" name=".*" />
-
-
-	<rule from="^http://(?:www\.)?libreoffice\.org/"
-		to="https://www.libreoffice.org/" />
-
-	<rule from="^http://(donate|help)\.libreoffice\.org/"
-		to="https://$1.libreoffice.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/LibreOfficeBox.xml b/src/chrome/content/rules/LibreOfficeBox.xml
deleted file mode 100644
index b07ee01f9eb5..000000000000
--- a/src/chrome/content/rules/LibreOfficeBox.xml
+++ /dev/null
@@ -1,5 +0,0 @@
-<ruleset name="LibreOffice-Box">
-<target host="libreofficebox.org" />
-<target host="www.libreofficebox.org" />
-<rule from="^http://(?:www\.)?libreofficebox\.org/" to="https://www.libreofficebox.org/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/LibrePlanet.org.xml b/src/chrome/content/rules/LibrePlanet.org.xml
index 9ab3153c6450..276eeb23f087 100644
--- a/src/chrome/content/rules/LibrePlanet.org.xml
+++ b/src/chrome/content/rules/LibrePlanet.org.xml
@@ -1,22 +1,21 @@
 <!--
-	Nonfunctional subdomains:
-
-		- media		(dropped)
-
+	Incomplete certificate chain, and expired:
+		- irc-dev.libreplanet.org
+		- irc0d.libreplanet.org
+
+	Timeout:
+		- games.libreplanet.org
+		- gaming.libreplanet.org
+		- minetest.libreplanet.org
 -->
-<ruleset name="LibrePlanet.org (partial)">
-
+<ruleset name="LibrePlanet.org">
 	<target host="libreplanet.org" />
 	<target host="www.libreplanet.org" />
+	<target host="gmg0p.libreplanet.org" />
+	<target host="lists.libreplanet.org" />
+	<target host="media.libreplanet.org" />
 
+	<securecookie host=".+" name=".+" />
 
-	<securecookie host="^libreplanet\.org$" name=".+" />
-
-
-	<!--	www redirects to ^ over http,
-		so copy that behavior:
-					-->
-	<rule from="^http://(?:www\.)?libreplanet\.org/"
-		to="https://libreplanet.org/" />
-
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/LibreSSL.org.xml b/src/chrome/content/rules/LibreSSL.org.xml
new file mode 100644
index 000000000000..e9db301253e1
--- /dev/null
+++ b/src/chrome/content/rules/LibreSSL.org.xml
@@ -0,0 +1,6 @@
+<ruleset name="LibreSSL.org">
+	<target host="libressl.org" />
+	<target host="www.libressl.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Libre_Graphics_World.org.xml b/src/chrome/content/rules/Libre_Graphics_World.org.xml
index 480ce2b90ae8..d866d5353727 100644
--- a/src/chrome/content/rules/Libre_Graphics_World.org.xml
+++ b/src/chrome/content/rules/Libre_Graphics_World.org.xml
@@ -28,4 +28,4 @@
 	<rule from="^http://(?:www\.)?libregraphicsworld\.org/"
 		to="https://libregraphicsworld.org/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Libreswan.org.xml b/src/chrome/content/rules/Libreswan.org.xml
new file mode 100644
index 000000000000..bb53a65f7d94
--- /dev/null
+++ b/src/chrome/content/rules/Libreswan.org.xml
@@ -0,0 +1,12 @@
+<ruleset name="Libreswan.org">
+
+	<target host="libreswan.org" />
+	<target host="download.libreswan.org" />
+	<target host="lists.libreswan.org" />
+	<target host="www.libreswan.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Libri.de.xml b/src/chrome/content/rules/Libri.de.xml
index 6122c0815abf..50d337333da0 100644
--- a/src/chrome/content/rules/Libri.de.xml
+++ b/src/chrome/content/rules/Libri.de.xml
@@ -1,17 +1,19 @@
+<!--
+  h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+
+  Nonfunctional hosts
+    - media.libri.de (m)
+  -->
 <ruleset name="Libri.de">
 
 	<target host="libri.de" />
-	<target host="*.libri.de" />
-
-
-	<securecookie host="^www\.libri\.de$" name=".*" />
-
-
-	<!--	Cert only matches www.	-->
-	<rule from="^https?://(?:www\.)?libri\.de/"
-		to="https://www.libri.de/" />
+	<target host="www.libri.de" />
 
-	<rule from="^http://media\.libri\.de/"
-		to="https://media.libri.de/" />
+	<securecookie host="^www\.libri\.de$" name=".+" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/LibriVox.org.xml b/src/chrome/content/rules/LibriVox.org.xml
new file mode 100644
index 000000000000..90041e47034f
--- /dev/null
+++ b/src/chrome/content/rules/LibriVox.org.xml
@@ -0,0 +1,14 @@
+<!--
+	Invalid certificate:
+		www.librivox.org
+
+-->
+<ruleset name="LibriVox.org (partial)">
+
+	<target host="librivox.org" />
+	<target host="forum.librivox.org" />
+	<target host="wiki.librivox.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/LibriVox.xml b/src/chrome/content/rules/LibriVox.xml
deleted file mode 100644
index 799726a52963..000000000000
--- a/src/chrome/content/rules/LibriVox.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<ruleset name="LibriVox (partial)">
-
-	<target host="librivox.org" />
-	<target host="catalog.librivox.org" />
-	<target host="www.librivox.org" />
-
-	<rule from="^http://catalog\.librivox\.org/"
-		to="https://catalog.librivox.org/" />
-
-	<rule from="^http://(?:www\.)?librivox\.org/public_pages/"
-		to="https://librivox.org/public_pages/" />
-
-	<!--	Some pages 404.
-
-	<exclusion pattern="^http://(www\.)?librivox\.org/(?:$|\w+\.gif|[^f][\w\-]*/?$|[\w\-]*[^m]+/?$|[\w\-]{1,4}/?|[\w\-]{6,}/?|feedback/)" /-->
-	<exclusion pattern="^http://(.*\.)?librivox\.org/wp-(images|content)/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Libspf2.org.xml b/src/chrome/content/rules/Libspf2.org.xml
new file mode 100644
index 000000000000..278173965da6
--- /dev/null
+++ b/src/chrome/content/rules/Libspf2.org.xml
@@ -0,0 +1,7 @@
+<ruleset name="Libspf2.org">
+	<target host="www.libspf2.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Libssh.org.xml b/src/chrome/content/rules/Libssh.org.xml
new file mode 100644
index 000000000000..322ab91615d6
--- /dev/null
+++ b/src/chrome/content/rules/Libssh.org.xml
@@ -0,0 +1,27 @@
+<!--
+	Nonfunctional subdomains:
+
+		- api *
+
+	* Shows another domain
+
+
+	Mixed content:
+
+		- Web bug from stats.0xbadc0de.be *
+
+	* Secured by us
+
+-->
+<ruleset name="libssh.org (partial)">
+
+	<target host="libssh.org" />
+	<target host="www.libssh.org" />
+
+
+	<securecookie host="^www\.libssh\.org$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Libssh2.org.xml b/src/chrome/content/rules/Libssh2.org.xml
new file mode 100644
index 000000000000..c836b96030ea
--- /dev/null
+++ b/src/chrome/content/rules/Libssh2.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="Libssh2.org">
+	<target host="libssh2.org" />
+	<target host="www.libssh2.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Libsyn.xml b/src/chrome/content/rules/Libsyn.xml
index 6c8513f216c0..5c2762ee22c9 100644
--- a/src/chrome/content/rules/Libsyn.xml
+++ b/src/chrome/content/rules/Libsyn.xml
@@ -1,61 +1,41 @@
 <!--
-	CDN buckets:
-
-		- wac.68fd.edgecastcdn.net/??68FD/
-
-			- static
-
-		- ssl-static.wac.68fd.edgecastcdn.net
-
-			- ssl-static
-
-		- cds.s7w4q6b5.hwcdn.net
-
-			- hwcdn
-
-
-	Nonfunctional domains:
-
-		- libsyn.com subdomains:
-
-			- hwcdn *
-			- imake *
-			- traffic	(redirects to static-ssl)
-			- \w+ **
-
-		- libsynpro.com		(shows www; mismatched, CN: *.libsyn.com)
-
-	* Refused
-	** Dropped - unique subdomains for podcasts
-
-
-	Problematic subdomains:
-
-		- static	(works; mismatched, CN: gp1.wac.edgecastcdn.net)
-
-
-	Fully covered subdomains:
-
-		- (www.)
-		- fusion
-		- ssl-static
-		- static	(→ ssl-static)
-		- three
+	Invalid certificate:
+		ec.libsyn.com
+		hwcdn.libsyn.com
 
 -->
-<ruleset name="libsyn (partial)">
+<ruleset name="libsyn.com">
 
 	<target host="libsyn.com" />
 	<target host="*.libsyn.com" />
 
-
-	<securecookie host="^\.libsyn\.com$" name=".+" />
-
-
-	<rule from="^http://((?:assets|fusion|html5-player|three|www)\.)?libsyn\.com/"
-		to="https://$1libsyn.com/" />
-
-	<rule from="^http://(?:ssl-)?static\.libsyn\.com/"
-		to="https://ssl-static.libsyn.com/" />
+		<test url="http://www.libsyn.com/" />
+		<test url="http://assets.libsyn.com/" />
+		<test url="http://fusion.libsyn.com/" />
+		<test url="http://html5-player.libsyn.com/" />
+		<test url="http://imake.libsyn.com/" />
+		<test url="http://ssl-static.libsyn.com/" />
+		<test url="http://three.libsyn.com/" />
+		<test url="http://traffic.libsyn.com/" />
+		<test url="http://secure-ec.libsyn.com/" />
+		<test url="http://secure-hwcdn.libsyn.com/" />
+		<test url="http://static.libsyn.com/" />
+
+		<!-- Each user gets their own subdomain -->
+		<test url="http://fightsgoneby.libsyn.com/" />
+		<test url="http://revolutionaryleftradio.libsyn.com/" />
+		<test url="http://securityinfive.libsyn.com/" />
+		<test url="http://stoicmettle.libsyn.com/" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://(ec|hwcdn)\.libsyn\.com/"
+		to="https://secure-$1.libsyn.com/" />
+
+		<test url="http://ec.libsyn.com/" />
+		<test url="http://hwcdn.libsyn.com/" />
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Libvirt.org.xml b/src/chrome/content/rules/Libvirt.org.xml
new file mode 100644
index 000000000000..904fe1a6094f
--- /dev/null
+++ b/src/chrome/content/rules/Libvirt.org.xml
@@ -0,0 +1,14 @@
+<!--
+	wiki: refused
+
+-->
+<ruleset name="libvirt.org (partial)">
+
+	<target host="libvirt.org" />
+	<target host="www.libvirt.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/License_buttons.net.xml b/src/chrome/content/rules/License_buttons.net.xml
new file mode 100644
index 000000000000..ad49078ae26f
--- /dev/null
+++ b/src/chrome/content/rules/License_buttons.net.xml
@@ -0,0 +1,23 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .licensebuttons.net
+
+-->
+<ruleset name="license buttons.net">
+
+	<target host="licensebuttons.net" />
+	<target host="www.licensebuttons.net" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.licensebuttons\.net$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.licensebuttons\.net$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Lichtblick.de.xml b/src/chrome/content/rules/Lichtblick.de.xml
index 8bb465a03501..28f2419d3d6d 100644
--- a/src/chrome/content/rules/Lichtblick.de.xml
+++ b/src/chrome/content/rules/Lichtblick.de.xml
@@ -2,5 +2,5 @@
   <target host="www.lichtblick.de"/>
   <target host="lichtblick.de"/>
 
-  <rule from="^http://(www\.)?lichtblick\.de/" to="https://www.lichtblick.de/"/>
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Lide.cz.xml b/src/chrome/content/rules/Lide.cz.xml
new file mode 100644
index 000000000000..42b012ea23eb
--- /dev/null
+++ b/src/chrome/content/rules/Lide.cz.xml
@@ -0,0 +1,10 @@
+<!--
+    For other Seznam.cz coverage, see Seznam.cz.xml.
+-->
+<ruleset name="Lidé.cz">
+    <target host="lide.cz" />
+    <target host="www.lide.cz" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Lidl.xml b/src/chrome/content/rules/Lidl.xml
index fedb6e498d61..7fb89e2a2c06 100644
--- a/src/chrome/content/rules/Lidl.xml
+++ b/src/chrome/content/rules/Lidl.xml
@@ -1,10 +1,34 @@
-<ruleset name="Lidl (partial)">
+<!--
+	Other Lidl rulesets:
+
+		- lidl.co.uk.xml
+		- lidlcommunity.co.uk.xml
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- webforms.lidl.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Lidl.com (partial)">
 
 	<target host="webforms.lidl.com"/>
 
-	<rule from="^http://webforms\.lidl\.com/"
-		to="https://webforms.lidl.com/"/>
+		<!--	Sets cookies without Secure:
+							-->
+		<!--test url="http://webforms.lidl.com/cps/rde/xchg/formular_baukasten/hs.xsl/10738.htm" /-->
+
+
+	<!--	not secured by server:
+					-->
+	<!--securecookie host="^webforms\.lidl\.com$" name="^JSESSIONID$"/-->
+
+	<securecookie host="^\w" name=".+" />
+
 
-	<securecookie host="^webforms\.lidl\.com$" name=".*"/>
+	<rule from="^http:"
+		to="https:"/>
 
 </ruleset>
diff --git a/src/chrome/content/rules/Life-in-the-Fast-Lane.xml b/src/chrome/content/rules/Life-in-the-Fast-Lane.xml
index 663bb5173ec5..962674f6abd9 100644
--- a/src/chrome/content/rules/Life-in-the-Fast-Lane.xml
+++ b/src/chrome/content/rules/Life-in-the-Fast-Lane.xml
@@ -1,3 +1,8 @@
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://lifeinthefastlane.ca/ => http://lifeinthefastlane.ca/: (6, 'Could not resolve host: lifeinthefastlane.ca')
+Fetch error: http://www.lifeinthefastlane.ca/ => http://www.lifeinthefastlane.ca/: (6, 'Could not resolve host: www.lifeinthefastlane.ca')
+-->
 <ruleset name="Life in the Fast Lane (partial)">
 
 	<!--	*.gridserver.com	-->
diff --git a/src/chrome/content/rules/LifeReimagined.org.xml b/src/chrome/content/rules/LifeReimagined.org.xml
new file mode 100644
index 000000000000..4fef1f52c04e
--- /dev/null
+++ b/src/chrome/content/rules/LifeReimagined.org.xml
@@ -0,0 +1,19 @@
+<!--
+	Problematic hosts in *lifereimagined.org:
+
+		- cms *
+
+	* Server sends no certificate chain, see https://whatsmychaincert.com
+
+-->
+<ruleset name="LifeReimagined.org" default_off="cert-chain">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="cms.lifereimagined.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Lifehacker.com.xml b/src/chrome/content/rules/Lifehacker.com.xml
deleted file mode 100644
index f5253199a96c..000000000000
--- a/src/chrome/content/rules/Lifehacker.com.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	For other Gawker coverage, see Gawker.xml.
-
-
-	CN: *.a.ssl.fastly.net
-
--->
-<ruleset name="Lifehacker.com" default_off="mismatched">
-
-	<target host="lifehacker.com" />
-	<target host="*.lifehacker.com" />
-
-
-	<securecookie host="^\.?lifehacker\.com$" name=".+" />
-
-
-	<rule from="^http://(?:(cache\.)|www\.)?lifehacker\.com/"
-		to="https://$1lifehacker.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Lifeline-Australia.xml b/src/chrome/content/rules/Lifeline-Australia.xml
index 70349883db24..8cd742d09c14 100644
--- a/src/chrome/content/rules/Lifeline-Australia.xml
+++ b/src/chrome/content/rules/Lifeline-Australia.xml
@@ -4,5 +4,5 @@
 
 	<securecookie host="^www\.lifeline\.org\.au$" name=".+" />
 
-	<rule from="^(http://(www\.)?|https://)lifeline\.org\.au/" to="https://www.lifeline.org.au/" />
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Liferay.com.xml b/src/chrome/content/rules/Liferay.com.xml
index 3c25c928929b..ae8d15adac1b 100644
--- a/src/chrome/content/rules/Liferay.com.xml
+++ b/src/chrome/content/rules/Liferay.com.xml
@@ -1,9 +1,13 @@
 <!-- cdn.www.liferay.com lacks ssl :( -->
 <!-- liferay.org lives under liferay.com. should be fixable. -->
 <ruleset name="Liferay.com">
-  <target host="www.liferay.com" />
-  <target host="liferay.com" />
-  <rule from="^http://www\.liferay\.com/" to="https://www.liferay.com/"/>
-  <rule from="^http://liferay\.com/" to="https://liferay.com/"/>
+
+	<target host="liferay.com" />
+	<target host="www.liferay.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
 
diff --git a/src/chrome/content/rules/Lifesaving-Resources.xml b/src/chrome/content/rules/Lifesaving-Resources.xml
index 6a6df139abcd..dd8e2e9221ee 100644
--- a/src/chrome/content/rules/Lifesaving-Resources.xml
+++ b/src/chrome/content/rules/Lifesaving-Resources.xml
@@ -1,12 +1,24 @@
-<ruleset name="Lifesaving Resources (partial)">
+<!--
+	Server attempts to redirect to http once,
+	then leaves us alone.
+
+
+	Mixed content:
+
+		- Web bug from img.constantcontact.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Lifesaving Resources">
 
 	<target host="lifesaving.com" />
 	<target host="www.lifesaving.com" />
 
 
-	<!--	At least some pages 302 to http.
-						-->
-	<rule from="^http://(www\.)?lifesaving\.com/(misc|modules|sites)/"
-		to="https://$1lifesaving.com/$2" />
+	<securecookie host="^\.lifesaving\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Lift-conference.xml b/src/chrome/content/rules/Lift-conference.xml
index e733369a6c8a..fddbfa597dd3 100644
--- a/src/chrome/content/rules/Lift-conference.xml
+++ b/src/chrome/content/rules/Lift-conference.xml
@@ -1,16 +1,17 @@
 <ruleset name="Lift conference" default_off="mismatch, self-signed">
 
 	<target host="liftconference.com" />
-	<target host="*.liftconference.com" />
+	<target host="videos.liftconference.com" />
+	<target host="www.liftconference.com" />
 
 
-	<securecookie host="^.*\.liftconference\.com$" name=".*" />
+	<securecookie host="^.*\.liftconference\.com$" name=".+" />
 
 
 	<!--	- (www.): self-signed
 		- videos cert: *.23video.com
 						-->
-	<rule from="^https?://(?:(videos\.)|www\.)?liftconference\.com/"
+	<rule from="^http://(?:(videos\.)|www\.)?liftconference\.com/"
 		to="https://$1liftconference.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/LiftShare.xml b/src/chrome/content/rules/LiftShare.xml
index e77b919e95d5..709bbf8c4975 100644
--- a/src/chrome/content/rules/LiftShare.xml
+++ b/src/chrome/content/rules/LiftShare.xml
@@ -4,8 +4,7 @@
   <target host="images.liftshare.com"/>
   <target host="scripts.liftshare.com"/>
 
-  <securecookie host="^(.+\.)?liftshare\.com$" name=".*"/>
+  <securecookie host=".+" name=".+" />
 
-  <rule from="^http://liftshare\.com/" to="https://liftshare.com/"/>
-  <rule from="^http://(images|www|scripts)\.liftshare\.com/" to="https://$1.liftshare.com/"/>
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Lift_Security.io.xml b/src/chrome/content/rules/Lift_Security.io.xml
new file mode 100644
index 000000000000..0ca6a26729f6
--- /dev/null
+++ b/src/chrome/content/rules/Lift_Security.io.xml
@@ -0,0 +1,15 @@
+<!--
+	www: mismatched, CN: *.andyet.net
+
+-->
+<ruleset name="Lift Security.io">
+
+	<target host="liftsecurity.io" />
+	<target host="blog.liftsecurity.io" />
+	<target host="www.liftsecurity.io" />
+
+
+	<rule from="^http://(?:(blog\.)|www\.)?liftsecurity\.io/"
+		to="https://$1liftsecurity.io/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Liftdna.com-problematic.xml b/src/chrome/content/rules/Liftdna.com-problematic.xml
index 351b5863f7af..9e42e6bbca21 100644
--- a/src/chrome/content/rules/Liftdna.com-problematic.xml
+++ b/src/chrome/content/rules/Liftdna.com-problematic.xml
@@ -15,4 +15,4 @@
 	<rule from="^http://(?:www\.)?liftdna\.com/(?!\w+\.js|css/|images/|js/)"
 		to="https://www.liftdna.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Liftdna.com.xml b/src/chrome/content/rules/Liftdna.com.xml
index 04189d97cef4..02c479b231be 100644
--- a/src/chrome/content/rules/Liftdna.com.xml
+++ b/src/chrome/content/rules/Liftdna.com.xml
@@ -43,9 +43,6 @@
 		<!--exclusion pattern="^http://(www\.)?liftdna\.com/(?!\w+\.js|css/|images/|js/)" /-->
 
 
-	<rule from="^http://(?:www\.)?liftdna\.com/(?=\w+\.js|css/|images/|js/)"
-		to="https://a248.e.akamai.net/f/1051/5327/3h/www.liftdna.com/" />
-
 	<rule from="^http://(hosted|static)\.liftdna\.com/"
 		to="https://$1.liftdna.com/" />
 
@@ -58,4 +55,4 @@
 	<rule from="^http://reporting\.liftdna\.com/users/([^?]*)(?:$\?.*)?"
 		to="https://lift.openx.com/users/$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Liftware.xml b/src/chrome/content/rules/Liftware.xml
new file mode 100644
index 000000000000..a93a573987b8
--- /dev/null
+++ b/src/chrome/content/rules/Liftware.xml
@@ -0,0 +1,9 @@
+<ruleset name="Liftware">
+
+	<target host="liftware.com" />
+	<target host="www.liftware.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ligatus.xml b/src/chrome/content/rules/Ligatus.xml
index d06b660b07b3..01f845501dbb 100644
--- a/src/chrome/content/rules/Ligatus.xml
+++ b/src/chrome/content/rules/Ligatus.xml
@@ -1,40 +1,131 @@
 <!--
-	Nonfunctional subdomains:
+		Connection refused:
 
-		- (www.)ligatus.at
-		- (www.)ligatus.be
+			- ads-*.ret01
+			- admin-*.ret01
+			- admin
+			- adyard-adfarm
+			- a-sll
+			- blackhole
+			- c
+			- d
+			- d-ssl
+			- directads-support
+			- fa.ssl
+			- fr1
+			- gw1
+			- gw2
+			- gw3
+			- h-sll
+			- id
+			- l
+			- mrelay8
+			- nat1
+			- render.helio
+			- render.helios
+			- report
+			- report-a
+			- reportd-d2
+			- reportingnew
+			- self-booking
+			- stats
+			- www.stats
+			- surfpoint
+			- track
+			- trk.hellos
+			- tr.hugin
+			- gw1.txx03
+			- gw3.txx03
+			- qa
+			- trk.elios
+			- vext
+			- www-test
 
-		- ligatus.com subdomains:
+		Cert mismatch
 
-			- (www.)
-			- a		(times out)
-			- r
+		- ct
+		- directads
+		- directads2
+		- e
+		- gw5.txx03
+		- h
+		- push.rce
+		- rce
 
-		- (www.)ligatus.de
-		- (www.)ligatus.es
-		- (www.)ligatus.fr
-		- (www.)ligatus.nl
-		- (www.)ligatus.se
 
+		TLS not supported:
 
-	Problematic domains:
+			- a3
+			- ap
+			- calendar
+			- drive
+			- dsp2
+			- sites
+			- video
 
-		- i.ligatus.com		(dropped)
+		Timeout:
 
+			- a2
+			- gw2.txx03
+			- gw4.txx03
+			- i-origin-mhenrich.webdev
+			- mrelay7
+			- webdev
+			- x3
+			- x4
 -->
 <ruleset name="Ligatus (partial)">
 
-	<target host="*.ligatus.com" />
+	<target host="ligatus.com" />
+	<target host="www.ligatus.com" />
+
+	<target host="a.ligatus.com" />
+	<target host="a-ssl.ligatus.com" />
+	<target host="analysis.ligatus.com" />
+	<target host="analysis1.ligatus.com" />
+	<target host="analysis2.ligatus.com" />
+	<target host="b.ligatus.com" />
+	<target host="gitlab.build.ligatus.com" />
+	<target host="cb.ligatus.com" />
+	<target host="cdn.cp.ligatus.com" />
+	<target host="tracking.cp.ligatus.com" />
+	<target host="d2.ligatus.com" />
+	<target host="directads-tool.ligatus.com" />
+	<target host="e.ligatus.com" />
+	<target host="e-ssl.ligatus.com" />
+	<target host="ext.ligatus.com" />
+	<target host="h.ligatus.com" />
+	<target host="h-ssl.ligatus.com" />
+	<target host="adx.helios.ligatus.com" />
+	<target host="trk.helios.ligatus.com" />
+	<target host="delivery.hyde.ligatus.com" />
+	<target host="tracking.hyde.ligatus.com" />
+	<target host="updater.hyde.ligatus.com" />
+	<target host="i.ligatus.com" />
+	<target host="i-origin.ligatus.com" />
+	<target host="i-ssl.ligatus.com" />
+	<target host="jira.intern.ligatus.com" />
+	<target host="ms.ligatus.com" />
+	<target host="r.ligatus.com" />
+	<target host="rce-reporting.ligatus.com" />
+	<target host="reporting.ligatus.com" />
+	<target host="s.ligatus.com" />
+	<target host="ssl.ligatus.com" />
+	<target host="t.ligatus.com" />
+	<target host="t-ssl.ligatus.com" />
+	<target host="x.ligatus.com" />
+	<target host="x-qa.ligatus.com" />
+	<target host="y.ligatus.com" />
 
 
 	<securecookie host="^\.ligatus\.com$" name="^LIG_Y$" />
 	<securecookie host="^\.ret01\.ligatus\.com$" name=".+" />
 
+	<rule from="^http://(a|e|h|i|t)\.ligatus\.com/"
+		to="https://$1-ssl.ligatus.com/" />
+
 
-	<rule from="^http://(d|ms|ads-(?:de|fr|nl)\.ret01)\.ligatus\.com/"
-		to="https://$1.ligatus.com/" />
 
-	<rule from="^http://i\.ligatus\.com/"
-		to="https://secure.footprint.net/ligatus/" />
+	<rule from="^http:" to="https:"/>
 
 </ruleset>
diff --git a/src/chrome/content/rules/LightEdge.com.xml b/src/chrome/content/rules/LightEdge.com.xml
new file mode 100644
index 000000000000..2a95fe71937c
--- /dev/null
+++ b/src/chrome/content/rules/LightEdge.com.xml
@@ -0,0 +1,28 @@
+<!--
+	Chain issue, missing intermediate:
+		- lightedge.com, equivalent to www.lightedge.com
+		- webmail.cyr.lightedge.com
+		- webmail.lightedge.com
+
+	Connection timed out:
+		- drsuse.lightedge.com
+		- speedtest.lightedge.com
+
+	Invalid certificate:
+		- as1.lightedge.com
+-->
+
+<ruleset name="LightEdge.com">
+	<target host="lightedge.com" />
+	<target host="www.lightedge.com" />
+	<target host="antispam.lightedge.com" />
+	<target host="ews4.lightedge.com" />
+	<target host="my.lightedge.com" />
+	<target host="securemessaging.lightedge.com" />
+	<target host="wxsp1.lightedge.com" />
+
+	<rule from="^http://lightedge\.com/"
+		  to="https://www.lightedge.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/LightTheNight.org.xml b/src/chrome/content/rules/LightTheNight.org.xml
new file mode 100644
index 000000000000..20dfa8911b0b
--- /dev/null
+++ b/src/chrome/content/rules/LightTheNight.org.xml
@@ -0,0 +1,22 @@
+<!--
+	MCB:
+		pages.lightthenight.org (e.g. https://pages.lightthenight.org/va/Frdrcksb13/TeamTomas)
+
+	No working URL known:
+		donate.lightthenight.org
+
+	This domain has a wildcard DNS.
+
+-->
+<ruleset name="LightTheNight.org">
+
+	<target host="lightthenight.org" />
+	<target host="www.lightthenight.org" />
+	<target host="registration.lightthenight.org" />
+
+	<securecookie host="^www\.lightthenight\.org" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Light_Blue_Touchpaper.org.xml b/src/chrome/content/rules/Light_Blue_Touchpaper.org.xml
new file mode 100644
index 000000000000..c0ca3519e0df
--- /dev/null
+++ b/src/chrome/content/rules/Light_Blue_Touchpaper.org.xml
@@ -0,0 +1,25 @@
+<!--
+	For other University of Cambridge coverage, see University-of-Cambridge.xml.
+
+
+	^lightbluetouchpaper.org: Redirect loop
+
+-->
+<ruleset name="Light Blue Touchpaper.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.lightbluetouchpaper.org" />
+
+	<!--	Complications:
+				-->
+	<target host="lightbluetouchpaper.org" />
+
+
+	<rule from="^http://lightbluetouchpaper\.org/"
+		to="https://www.lightbluetouchpaper.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Light_the_Night.org.xml b/src/chrome/content/rules/Light_the_Night.org.xml
deleted file mode 100644
index aa63e5550928..000000000000
--- a/src/chrome/content/rules/Light_the_Night.org.xml
+++ /dev/null
@@ -1,27 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- etools *
-		- pages *
-
-	* Dropped
-
-
-	Problematic subdomains:
-
-		- (www.)	(works; mismatched, CN:   *.lls.org)
-
--->
-<ruleset name="Light the Night.org" default_off="mismatched">
-
-	<target host="lightthenight.org" />
-	<target host="www.lightthenight.org" />
-
-
-	<securecookie host="^www\.lightthenight\.org" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?lightthenight\.org/"
-		to="https://www.lightthenight.org/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Lighthouse_app.com.xml b/src/chrome/content/rules/Lighthouse_app.com.xml
new file mode 100644
index 000000000000..046c9de7f532
--- /dev/null
+++ b/src/chrome/content/rules/Lighthouse_app.com.xml
@@ -0,0 +1,24 @@
+<!--
+	For other ENTP coverage, see ENTP.xml.
+
+	Non-functional host in *lighthouseapp.com:
+		SSL peer certificate was not OK:
+			 - help.lighthouseapp.com
+-->
+<ruleset name="Lighthouse app.com (partial)">
+	<target host="lighthouseapp.com" />
+	<target host="*.lighthouseapp.com" />
+	<exclusion pattern="^http://help\.lighthouseapp\.com/" />
+		<!-- match exclusion -->
+		<test url="http://help.lighthouseapp.com/" />
+		<!-- do not match exclusion -->
+		<test url="http://my.lighthouseapp.com/" />
+		<test url="http://play.lighthouseapp.com/" />
+		<test url="http://r00tshell.lighthouseapp.com/" />
+		<test url="http://rails.lighthouseapp.com/" />
+		<test url="http://www.lighthouseapp.com/" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/LightningMaps.org.xml b/src/chrome/content/rules/LightningMaps.org.xml
new file mode 100644
index 000000000000..ef79b5f3978b
--- /dev/null
+++ b/src/chrome/content/rules/LightningMaps.org.xml
@@ -0,0 +1,46 @@
+<!--
+	Mismatched:
+		- s4.www
+		- cdn
+		- fo-ovh
+		- fo-ovh3
+		- git
+		- s1.gitlab
+		- webmail.mail
+		- server1
+		- server4
+		- tiles-radar
+		- wiki
+		- ws
+		- s4.ws
+		- s5.ws
+		- ws1
+		- ws3
+		- www1
+		- www2
+
+	No test URL found:
+		- live
+		- live2
+		- map.tiles
+		- osm.tiles
+		- overlay.tiles
+-->
+<ruleset name="LightningMaps.org">
+	<target host="lightningmaps.org" />
+	<target host="www.lightningmaps.org" />
+	<target host="counter.lightningmaps.org" />
+	<target host="data.lightningmaps.org" />
+	<target host="docs.lightningmaps.org" />
+	<target host="forum.lightningmaps.org" />
+	<target host="gitlab.lightningmaps.org" />
+	<target host="ibod.lightningmaps.org" />
+	<target host="images.lightningmaps.org" />
+	<target host="mail.lightningmaps.org" />
+	<target host="monitor.lightningmaps.org" />
+	<target host="piwik.lightningmaps.org" />
+	<target host="tiles.lightningmaps.org" />
+	<target host="tracker.lightningmaps.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Lighttpd.net.xml b/src/chrome/content/rules/Lighttpd.net.xml
index eb583cb94798..526a19748799 100644
--- a/src/chrome/content/rules/Lighttpd.net.xml
+++ b/src/chrome/content/rules/Lighttpd.net.xml
@@ -1,23 +1,66 @@
-<ruleset name="lighttpd.net" platform="cacert">
+<!--
+	No working URL known:
+ 		admin.lighttpd.net (401)
+		buildbot.lighttpd.net (503)
+		dev.lighttpd.net (404)
+		jan.lighttpd.net (404)
+		jan-staging.lighttpd.net (401)
+		lists.lighttpd.net
+		mail.lighttpd.net (404)
+		munin.lighttpd.net (401)
+		ns1.lighttpd.net
+		pdnscontrol.lighttpd.net (401)
+		pdns.lighttpd.net
+		preview.lighttpd.net
+		preview-blog.lighttpd.net (401)
+		recursor.lighttpd.net (404)
+		review.lighttpd.net (404)
+		staging.lighttpd.net (404)
+		test.lighttpd.net (404)
+		torrent.lighttpd.net (401)
 
-	<target host="lighttpd.net" />
-	<target host="*.lighttpd.net" />
+	Private subdomain:
+		id.lighttpd.net
+		j.lighttpd.net
 
+	Insecure cookies are set for these hosts:
 
-	<securecookie host="^.*\.lighttpd\.net$" name=".*" />
+		- redmine.lighttpd.net
+		- xcache.lighttpd.net
 
+-->
+<ruleset name="lighttpd.net">
 
-	<!--	Observed domains:
+	<target host="lighttpd.net" />
+	<target host="www.lighttpd.net" />
+	<target host="blog.lighttpd.net" />
+	<target host="cgit.lighttpd.net" />
+	<target host="ci.lighttpd.net" />
+	<target host="debian.lighttpd.net" />
+	<target host="demo.lighttpd.net" />
+	<target host="doc.lighttpd.net" />
+	<target host="download.lighttpd.net" />
+	<target host="gerrit.lighttpd.net" />
+	<target host="git.lighttpd.net" />
+	<target host="paste.lighttpd.net" />
+	<target host="paste-dev.lighttpd.net" />
+	<target host="php.lighttpd.net" />
+	<target host="progress.lighttpd.net" />
+	<target host="redmine.lighttpd.net" />
+	<target host="trac.lighttpd.net" />
+	<target host="upload.lighttpd.net" />
+	<target host="weighttp.lighttpd.net" />
+	<target host="wiki.lighttpd.net" />
+	<target host="xcache.lighttpd.net" />
 
-			- blog
-			- download
-			- redmine
-			- wiki
-			- www
-			- xcache
-				-->
-	<rule from="^http://(\w+\.)?lighttpd\.net/"
-		to="https://$1lighttpd.net/"/>
+	<!--	Not secured by server:
+					-->
+	<!--ssecurecookie host="^redmine\.lighttpd\.net$" name="^_redmine_session$" /-->
+	<!--ssecurecookie host="^xcache\.lighttpd\.net$" name="^(trac_form_token|trac_session)$" /-->
 
-</ruleset>
+	<securecookie host=".*\.lighttpd\.net$" name=".+" />
 
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Lihm.net.xml b/src/chrome/content/rules/Lihm.net.xml
new file mode 100644
index 000000000000..cc3f77b05e23
--- /dev/null
+++ b/src/chrome/content/rules/Lihm.net.xml
@@ -0,0 +1,9 @@
+<ruleset name="lihm.net">
+
+	<target host="lihm.net" />
+	<target host="www.lihm.net" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Liikenneturva.fi.xml b/src/chrome/content/rules/Liikenneturva.fi.xml
index 7fe4525df4db..392c428e73cb 100644
--- a/src/chrome/content/rules/Liikenneturva.fi.xml
+++ b/src/chrome/content/rules/Liikenneturva.fi.xml
@@ -4,6 +4,5 @@
 
 	<securecookie host="^(?:www\.)liikenneturva\.fi$" name=".+" />
 
-	<rule from="^http://(www\.)?liikenneturva\.fi/"
-		to="https://$1liikenneturva.fi/"/>
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Lijit.com.xml b/src/chrome/content/rules/Lijit.com.xml
index d9835068c798..d7a2a436c78c 100644
--- a/src/chrome/content/rules/Lijit.com.xml
+++ b/src/chrome/content/rules/Lijit.com.xml
@@ -1,74 +1,85 @@
 <!--
-	CDN buckets:
-
-		- www.lijit.com.cdngc.net
-
-
-	Problematic subdomains:
-
-		- www	(403; CN: support3.cdnetworks.net)
-
-
-	Fully covered subdomains:
-
-		- ^
-		- ap *
-		- ce *
-		- secure
-		- www	(→ secure)
-
-	* Web bugs
-
-
-	Mixed content on secure:
-
-		- scripts, from:
-
-			- www *
-			- lijit.disqus.com
-			- ajax.googleapis.com *
+	For other sovrn coverage, see sovrn.com.xml.
 
-		- css, from:
-
-			- www *
-			- disqus.com
-
-		- Images, from:
-
-			- www *
-			- www.drivingdelta.com **
-			- www.gravatar.com *
-			- www.gravatar.com via www.gravatar.com *
-
-		- Web bugs, from:
-
-			- tags.bluekai.com *
-			- widget.quantcast.com *
-
-	* Secured by us
-	** Unsecurable, these 404 anyway
 
+	CDN buckets:
 
-	mixedcontent due to scripts and css from
-	www, disqus.com, and ajax.googelapis.com.
+		- www.lijit.com.cdngc.net
 
+	Cert expired:
+		- adintegration.lijit.com
+
+	Cert mismatch:
+		- apcdn.lijit.com
+		- ibv.lijit.com
+
+	Connection refused:
+		- up.lijit.com
+		- vap1sjc1.lijit.com
+		- vap1yyz1.lijit.com
+		- vap2sjc1.lijit.com
+		- vap2sna1.lijit.com
+		- vap3iad1.lijit.com
+		- vap4sna1.lijit.com
+
+	Timeout:
+		- blog.lijit.com
+		- mailx.lijit.com
+		- oops.lijit.com
+		- vap1aws.lijit.com
+		- vap1dfw1.lijit.com
+		- vap1sin1.lijit.com
+		- vap2dfw1.lijit.com
+		- vap3dfw1.lijit.com
+		- vap3yyz1.lijit.com
+		- vap4yyz1.lijit.com
+		- vap5iad1.lijit.com
+		- vapden1.lijit.com
+		- vap1iad3.lijit.com
+		- vap1sna1.lijit.com
+		- vap2iad3.lijit.com
+		- vap2yyz1.lijit.com
+		- vap3iad3.lijit.com
+		- vap3sna1.lijit.com
+		- vap4iad3.lijit.com
+		- vap5iad3.lijit.com
+		- vap5sna1.lijit.com
+		- vap6iad3.lijit.com
+		- vap6sna1.lijit.com
+		- vap6iad1.lijit.com
 -->
-<ruleset name="Lijit.com" platform="mixedcontent">
+<ruleset name="Lijit.com">
 
 	<target host="lijit.com" />
-	<target host="*.lijit.com" />
-
-
-	<!--	name="^(kohanasession|kohanasession_data|ljt_reader|ljtrtb|ljt_ts)$"
-							-->
-	<securecookie host="^\.lijit\.com$" name=".+" />
-	<securecookie host="^\.secure\.lijit\.com$" name=".+" />
-
-
-	<rule from="^http://(ap\.|ce\.)?lijit\.com/"
-		to="https://$1lijit.com/" />
-
-	<rule from="^http://(?:secure|www)\.lijit\.com/"
-		to="https://secure.lijit.com/" />
-
-</ruleset>
\ No newline at end of file
+	<target host="www.lijit.com" />
+
+	<target host="ap.lijit.com" />
+	<target host="apr.lijit.com" />
+	<target host="beacon.lijit.com" />
+	<target host="ce.lijit.com" />
+	<target host="gslbeacon.lijit.com" />
+	<target host="secure.lijit.com" />
+	<target host="vap.lijit.com" />
+	<target host="vap1ams2.lijit.com" />
+	<target host="vap1ewr1.lijit.com" />
+	<target host="vap1iad1.lijit.com" />
+	<target host="vap1sfo1.lijit.com" />
+	<target host="vap2ams2.lijit.com" />
+	<target host="vap2ewr1.lijit.com" />
+	<target host="vap2iad1.lijit.com" />
+	<target host="vap2sfo1.lijit.com" />
+	<target host="vap3ewr1.lijit.com" />
+	<target host="vap3sfo1.lijit.com" />
+	<target host="vap4ewr1.lijit.com" />
+	<target host="vap4iad1.lijit.com" />
+	<target host="vap4sfo1.lijit.com" />
+	<target host="vap5ewr1.lijit.com" />
+	<target host="vap5iad1.lijit.com" />
+	<target host="vap6ewr1.lijit.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Likes.xml b/src/chrome/content/rules/Likes.xml
deleted file mode 100644
index a9fce39b782a..000000000000
--- a/src/chrome/content/rules/Likes.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	CDN buckets:
-
-		- d1qfo1bk8s78mq.cloudfront.net
-
-			- i[1-6].likes-media.com
-
--->
-<ruleset name="Likes">
-
-	<target host="likes.com" />
-	<target host="*.likes.com" />
-	<target host="*.likes-media.com" />
-
-
-	<securecookie host="^\.likes\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?likes\.com/"
-		to="https://$1likes.com/" />
-
-	<rule from="^http://i\d\.likes-media\.com/"
-		to="https://d1qfo1bk8s78mq.cloudfront.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Likeyed.com.xml b/src/chrome/content/rules/Likeyed.com.xml
deleted file mode 100644
index 59547ea522c6..000000000000
--- a/src/chrome/content/rules/Likeyed.com.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	Mixed content:
-
-		- Images on (www.) from images100.xvideos.com *
-
-		- Ads/web bugs, on (www.) from:
-
-			- www.affxx.com *
-
-	* Unsecurable
-
--->
-<ruleset name="likeyed.com">
-
-	<target host="likeyed.com" />
-	<target host="www.likeyed.com" />
-
-
-	<rule from="^http://(www\.)?likeyed\.com/"
-		to="https://$1likeyed.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Liliani.xml b/src/chrome/content/rules/Liliani.xml
index fbcf7192cd2d..8a7ef10d417c 100644
--- a/src/chrome/content/rules/Liliani.xml
+++ b/src/chrome/content/rules/Liliani.xml
@@ -3,10 +3,9 @@
 	<target host="liliani.com.br"/>
 	<target host="www.liliani.com.br"/>
 
-	<securecookie host="^www\.liliani\.com\.br$" name=".*"/>
+	<securecookie host="^www\.liliani\.com\.br$" name=".+" />
 
 	<!--	cert doesn't match !www		-->
-	<rule from="^http://(?:www\.)?liliani\.com\.br/"
-		to="https://www.liliani.com.br/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Lilliputti.com.xml b/src/chrome/content/rules/Lilliputti.com.xml
index fe0869a19062..b9e623529263 100644
--- a/src/chrome/content/rules/Lilliputti.com.xml
+++ b/src/chrome/content/rules/Lilliputti.com.xml
@@ -2,5 +2,5 @@
   <target host="lilliputti.com" />
   <target host="www.lilliputti.com" />
 
-  <rule from="^http://(?:www\.)?lilliputti\.com/" to="https://lilliputti.com/"/>
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Limango.xml b/src/chrome/content/rules/Limango.xml
index 34c578139143..3e67df30133b 100644
--- a/src/chrome/content/rules/Limango.xml
+++ b/src/chrome/content/rules/Limango.xml
@@ -1,17 +1,21 @@
-<ruleset name="limango">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://img.limango-media.de/ => https://img.limango-media.de/: (6, 'Could not resolve host: img.limango-media.de')
+
+-->
+<ruleset name="limango" default_off="failed ruleset test">
 
 	<target host="limango.de" />
-	<target host="*.limango.de" />
+	<target host="checkout.limango.de" />
+	<target host="www.limango.de" />
 	<target host="img.limango-media.de" />
 
 
 	<securecookie host="^(?:.*\.)?limango\.de$" name=".+" />
 
 
-	<rule from="^http://(checkout\.|www\.)?limango\.de/"
-		to="https://$1limango.de/" />
 
-	<rule from="^http://img\.limango-media\.de/"
-		to="https://img.limango-media.de/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/LimeService.xml b/src/chrome/content/rules/LimeService.xml
deleted file mode 100644
index c99a98e2a81f..000000000000
--- a/src/chrome/content/rules/LimeService.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	Cert only matches www.
-
--->
-<ruleset name="LimeService">
-
-	<target host="limeservice.com" />
-	<target host="www.limeservice.com" />
-
-
-	<securecookie host="^www\.limeservice\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?limeservice\.com/"
-		to="https://www.limeservice.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/LimeSurvey.com.xml b/src/chrome/content/rules/LimeSurvey.com.xml
new file mode 100644
index 000000000000..70f345cb9b30
--- /dev/null
+++ b/src/chrome/content/rules/LimeSurvey.com.xml
@@ -0,0 +1,16 @@
+<!--
+	Non-functional domain:
+		- limesurvey.cn		(connection refused)
+
+	Wildcard DNS record and cert.
+-->
+<ruleset name="LimeSurvey.com">
+
+	<target host="limesurvey.com" />
+	<target host="www.limesurvey.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/LimeSurvey.org.xml b/src/chrome/content/rules/LimeSurvey.org.xml
new file mode 100644
index 000000000000..0ae8483607fa
--- /dev/null
+++ b/src/chrome/content/rules/LimeSurvey.org.xml
@@ -0,0 +1,17 @@
+<!--
+	For other LimeSurvey coverage, see LimeSurvey.com.xml
+
+  Wildcard DNS record and cert.
+-->
+<ruleset name="LimeSurvey.org">
+
+	<target host="limesurvey.org" />
+	<target host="www.limesurvey.org" />
+	<target host="manual.limesurvey.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/LimeSurvey.xml b/src/chrome/content/rules/LimeSurvey.xml
deleted file mode 100644
index d7985c101285..000000000000
--- a/src/chrome/content/rules/LimeSurvey.xml
+++ /dev/null
@@ -1,28 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- manual	(redirects to www, valid cert)
-
-
-	Problematic subdomains:
-
-		- ^	(mismatched, CN: www.limeservice.com)
-
-
-	Mixed webbug from xsltcache.alexa.com,
-	about which noone cares.
-
--->
-<ruleset name="LimeSurvey">
-
-	<target host="limesurvey.org" />
-	<target host="www.limesurvey.org" />
-
-
-	<securecookie host="^www\.limesurvey\.org$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?limesurvey\.org/"
-		to="https://www.limesurvey.org/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Limelight-Networks.xml b/src/chrome/content/rules/Limelight-Networks.xml
index f34a73f85736..068f40ee0c82 100644
--- a/src/chrome/content/rules/Limelight-Networks.xml
+++ b/src/chrome/content/rules/Limelight-Networks.xml
@@ -7,10 +7,16 @@
 <ruleset name="Limelight Networks (partial)">
 
 	<target host="*.hs.llnwd.net" />
+		<test url="http://pcvarkr.hs.llnwd.net/v1/astroreporter/sample/Kundali-Milan-English.pdf" />
+		<test url="http://polaris.hs.llnwd.net/o40/ind/2018/documents/coupons/november-brotherhood.pdf" />
+		<test url="http://primerica.hs.llnwd.net/o40/u/pol/wheel/index.html" />
+	<!-- Different content HTTP/HTTPS on some test urls (seems random):
+	<target host="*.vo.llnwd.net" />
+		<test url="http://synthes.vo.llnwd.net/o16/LLNWMB8/INT%20Mobile/Synthes%20International/Product%20Support%20Material/legacy_Synthes_PDF/DSEM-TRM-0416-0657-1_LR.pdf" />
+		<test url="http://tmz.vo.llnwd.net/o28/newsdesk/tmz_documents/charles-manson-will-02.pdf" />
+		<test url="http://wsba.vo.llnwd.net/v1/CLE%20Documents/Post/17516_FinalAgenda.pdf" />
+	-->
 
-
-	<!--	CDN.
-			-->
 	<rule from="^http://([\w\-]+)\.hs\.llnwd\.net/"
 		to="https://$1.hs.llnwd.net/" />
 
diff --git a/src/chrome/content/rules/Limited_2_Art.com.xml b/src/chrome/content/rules/Limited_2_Art.com.xml
index cfa4fecedb0b..a1f588643728 100644
--- a/src/chrome/content/rules/Limited_2_Art.com.xml
+++ b/src/chrome/content/rules/Limited_2_Art.com.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(www\.)?limited2art\.com/(?=content/|default\.asp\?template=l2art_checkout\d\.htm|favicon\.ico|statics/|templates/)"
 		to="https://$1limited2art.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Limun.org.xml b/src/chrome/content/rules/Limun.org.xml
new file mode 100644
index 000000000000..d76119bf04c3
--- /dev/null
+++ b/src/chrome/content/rules/Limun.org.xml
@@ -0,0 +1,24 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://archlinux.limun.org/ => https://archlinux.limun.org/: (7, 'Failed to connect to archlinux.limun.org port 443: Connection refused')
+
+-->
+<ruleset name="limun.org" default_off="failed ruleset test">
+
+	<target host="limun.org" />
+	<target host="*.limun.org" />
+
+	<test url="http://alice.limun.org/" />
+	<test url="http://archlinux.limun.org/" />
+	<test url="http://cinnarch.limun.org/" />
+	<test url="http://karin.limun.org/" />
+	<test url="http://marko.limun.org/" />
+	<test url="http://mots.limun.org/" />
+	<test url="http://mpranj.limun.org/" />
+	<test url="http://redmine.limun.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Lin_Shung_Huang.com.xml b/src/chrome/content/rules/Lin_Shung_Huang.com.xml
new file mode 100644
index 000000000000..806be23eec56
--- /dev/null
+++ b/src/chrome/content/rules/Lin_Shung_Huang.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="Lin Shung Huang.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="linshunghuang.com" />
+	<target host="www.linshunghuang.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Linaro.xml b/src/chrome/content/rules/Linaro.xml
index db13839b4967..821a74de4ec4 100644
--- a/src/chrome/content/rules/Linaro.xml
+++ b/src/chrome/content/rules/Linaro.xml
@@ -1,36 +1,51 @@
 <!--
 	Nonfunctional subdomains:
 
-		- (www.)	(redirects to http; CN: ask.linaro.org)
-		- connect	(shows ask; CN: ask.linaro.org)
-		- android.git *
 		- review.android.git *
-		- planet	(dropped)
 
-	* http reply
-	** Dropped
+	* Shows android.git
 
 
-	Fully covered subdomains:
+	Insecure cookies are set for these domains and hosts:
 
-		- android-build
-		- cards
-		- git
-		- lists
-		- patches
-		- releases
-		- status
+		- .linaro.org
+		- connect.linaro.org
+		- www.linaro.org
 
 -->
-<ruleset name="Linaro (partial)" default_off="webmaster request">
-
-	<target host="*.linaro.org" />
-
-
-	<securecookie host="^(?:android-built|ask|cards|patches|releases|status|support|wiki)\.linaro\.org$" name=".+" />
-
-
-	<rule from="^http://(android-build|ask|cards|git|lists|patches|releases|status|support|wiki)\.linaro\.org/"
-		to="https://$1.linaro.org/" />
+<ruleset name="Linaro.org (partial)" default_off="webmaster request">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="linaro.org" />
+	<target host="android-build.linaro.org" />
+	<target host="android-git.linaro.org" />
+	<target host="ask.linaro.org" />
+	<target host="cards.linaro.org" />
+	<target host="connect.linaro.org" />
+	<target host="git.linaro.org" />
+	<target host="android.git.linaro.org" />
+	<target host="irclogs.linaro.org" />
+	<target host="lists.linaro.org" />
+	<target host="patches.linaro.org" />
+	<target host="planet.linaro.org" />
+	<target host="releases.linaro.org" />
+	<target host="status.linaro.org" />
+	<target host="support.linaro.org" />
+	<target host="wiki.linaro.org" />
+	<target host="www.linaro.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.linaro\.org$" name="^(?:__cfduid|cf_clearance)$" /-->
+	<!--securecookie host="^(?:connect|www)\.linaro\.org$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\.linaro\.org$" name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host=".+\.linaro\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Lincoln.gov.uk.xml b/src/chrome/content/rules/Lincoln.gov.uk.xml
new file mode 100644
index 000000000000..43121baddd85
--- /dev/null
+++ b/src/chrome/content/rules/Lincoln.gov.uk.xml
@@ -0,0 +1,53 @@
+<!--
+	City of Lincoln Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *lincoln.gov.uk:
+
+		- christmasmarket ᵈ
+		- christmasmarket.wordpress ᵈ
+		- www ⁴
+
+	⁴ 400
+	ᵈ Dropped
+
+
+	^lincoln.gov.uk doesn't exist.
+
+
+	Insecure cookies are set for these hosts:
+
+		- democratic.lincoln.gov.uk
+		- forms.lincoln.gov.uk
+
+
+	Mixed content:
+
+		- Image on democratic from www.lincoln.gov.uk ⁴
+
+	⁴ Unsecurable <= 400
+
+-->
+<ruleset name="Lincoln.gov.uk (partial)">
+
+	<target host="air.lincoln.gov.uk" />
+	<target host="democratic.lincoln.gov.uk" />
+	<target host="forms.lincoln.gov.uk" />
+	<target host="myinfo.lincoln.gov.uk" />
+	<target host="parkingonline.lincoln.gov.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^democratic\.lincoln\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^forms\.lincoln\.gov\.uk$" name="^firmstep2se(?:rver|ssion)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Lincolnshire.gov.uk.xml b/src/chrome/content/rules/Lincolnshire.gov.uk.xml
new file mode 100644
index 000000000000..a3e9afbbfd52
--- /dev/null
+++ b/src/chrome/content/rules/Lincolnshire.gov.uk.xml
@@ -0,0 +1,105 @@
+<!--
+	Lincolnshire County Council
+
+	For rules causing false/broken MCB, see Lincolnshire.gov.uk-falsemixed.xml.
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *lincolnshire.gov.uk:
+
+		- culturalcollections *
+		- eplanning ³
+		- parishes ⁴
+		- partners ⁴
+		- row ʳ
+
+	* Redirects to another domain
+	³ 403
+	⁴ 400
+	ʳ Refused
+
+
+	Problematic hosts in *lincolnshire.gov.uk:
+
+		- ^ ⁴
+		- apps ˣ
+
+	⁴ 400
+	ˣ Mixed css
+
+
+	Insecure cookies are set for these hosts:
+
+		- apps.lincolnshire.gov.uk
+		- community.lincolnshire.gov.uk
+		- highways.lincolnshire.gov.uk
+		- lccdataexchange.lincolnshire.gov.uk
+		- microsites.lincolnshire.gov.uk
+		- www.lincolnshire.gov.uk
+		- zipapps.lincolnshire.gov.uk
+
+
+	Mixed content:
+
+		- css on apps from aspapps.lincolnshire.gov.uk ˢ
+
+		- Images, on:
+
+			- apps from aspapps.lincolnshire.gov.uk ˢ
+			- microsites, www from $self ˢ
+
+		- Bug on community from uk.sitestat.com ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="Lincolnshire.gov.uk (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<!--target host="apps.lincolnshire.gov.uk" /-->
+	<!--target host="aspapps.lincolnshire.gov.uk" /-->
+	<target host="community.lincolnshire.gov.uk" />
+	<target host="jobs.lincolnshire.gov.uk" />
+	<target host="lccdataexchange.lincolnshire.gov.uk" />
+	<target host="microsites.lincolnshire.gov.uk" />
+	<target host="www.lincolnshire.gov.uk" />
+	<target host="zipapps.lincolnshire.gov.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="lincolnshire.gov.uk" />
+
+		<!--	Mixed css:
+					-->
+		<!--test url="http://apps.lincolnshire.gov.uk/TrueTimes/SearchByStopCode.aspx" /-->
+
+		<!--	Mixed images:
+					-->
+		<!--test url="http://microsites.lincolnshire.gov.uk/countryside/section.asp?catId=22712" /-->
+
+		<!--	Sets cookie without Secure:
+							-->
+		<test url="http://www.lincolnshire.gov.uk/central-lincolnshire/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:apps|lccdataexchange)\.lincolnshire\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^community\.lincolnshire\.gov\.uk$" name="^ASPSESSIONID[A-Z]{8}$" /-->
+	<!--securecookie host="^highways\.lincolnshire\.gov\.uk$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^(?:microsites|www)\.lincolnshire\.gov\.uk$" name="^(?:ASP\.NET_SessionId|UserRecentHistory)$" /-->
+	<!--securecookie host="^zipapps\.lincolnshire\.gov\.uk$" name="^(?:ASP\.NET_SessionId|SessinId|eCeremonyPlannerSessionId)$" /-->
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://lincolnshire\.gov\.uk/"
+		to="https://www.lincolnshire.gov.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Lincs_to_the_Past.com.xml b/src/chrome/content/rules/Lincs_to_the_Past.com.xml
new file mode 100644
index 000000000000..2fb9abed0e32
--- /dev/null
+++ b/src/chrome/content/rules/Lincs_to_the_Past.com.xml
@@ -0,0 +1,27 @@
+<!--
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	NB: Server sends no certificate chain, see https://whatsmychaincert.com
+
+
+	^lincstothepast.com: 400 over http, 200 error.html over https
+
+
+	Mixed content:
+
+		- Images from $self
+
+-->
+<ruleset name="Lincs to the Past.com" default_off="cert-chain">
+
+	<target host="www.lincstothepast.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/LindtUSA.xml b/src/chrome/content/rules/LindtUSA.xml
index 51ed5a8cc4fb..bebb5e0fcbb8 100644
--- a/src/chrome/content/rules/LindtUSA.xml
+++ b/src/chrome/content/rules/LindtUSA.xml
@@ -2,5 +2,5 @@
   <target host="www.lindtusa.com" />
   <target host="lindtusa.com" />
 
-  <rule from="^http://(?:www\.)?lindtusa\.com/" to="https://www.lindtusa.com/"/>
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Lindy.com.xml b/src/chrome/content/rules/Lindy.com.xml
index 7f85fa846a98..b629b40f8db0 100644
--- a/src/chrome/content/rules/Lindy.com.xml
+++ b/src/chrome/content/rules/Lindy.com.xml
@@ -19,4 +19,4 @@
 	<rule from="^http://(?:www\.)?lindy\.com/"
 		to="https://www.lindy.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Linear_Collider_Collaboration.xml b/src/chrome/content/rules/Linear_Collider_Collaboration.xml
index 0b69f4d7838e..0543d4ec19a7 100644
--- a/src/chrome/content/rules/Linear_Collider_Collaboration.xml
+++ b/src/chrome/content/rules/Linear_Collider_Collaboration.xml
@@ -1,13 +1,12 @@
 <ruleset name="Linear Collider Collaboration">
 
 	<target host="linearcollider.org" />
-	<target host="*.linearcollider.org" />
+	<target host="www.linearcollider.org" />
 
 
 	<securecookie host="^\.linearcollider\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?linearcollider\.org/"
-		to="https://$1linearcollider.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Linerunner-mismatches.xml b/src/chrome/content/rules/Linerunner-mismatches.xml
deleted file mode 100644
index dc4820fe1e94..000000000000
--- a/src/chrome/content/rules/Linerunner-mismatches.xml
+++ /dev/null
@@ -1,29 +0,0 @@
-<!--
-	For rules that are on by default, see Linerunner.xml.
-
--->
-<ruleset name="Linerunner (mismatches)" default_off="mismatch">
-
-	<target host="cl.ly" />
-	<target host="my.cl.ly" />
-		<!--
-			Handled in Linerunner.xml.
-							-->
-		<exclusion pattern="^http://my\.cl\.ly/stylesheets/" />
-	<target host="getcloudapp.com" />
-	<target host="*.getcloudapp.com" />
-
-
-	<securecookie host="^my.cl.ly$" name=".*" />
-
-
-	<rule from="^http://(?:www\.)?(?:cl\.ly|getcloudapp\.com)/"
-		to="https://getcloudapp.com/" />
-
-	<rule from="^http://my\.cl\.ly/"
-		to="https://my.cl.ly/" />
-
-	<rule from="^http://(blog|developer)\.getcloudapp\.com/"
-		to="https://$1.getcloudapp.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Linerunner.xml b/src/chrome/content/rules/Linerunner.xml
deleted file mode 100644
index 158cbac9c1c2..000000000000
--- a/src/chrome/content/rules/Linerunner.xml
+++ /dev/null
@@ -1,62 +0,0 @@
-<!--
-	For problematic rules, see Linerunner-mismatches.xml.
-
-
-	CDN buckets:
-
-		- s3.amazonaws.com/f.cl.ly/
-		- d9yac136u048z.cloudfront.net
-		- cloudapp.herokuapp.com
-
-	- cloudapp.assistly.com
-	- cloudapp.desk.com	(redirects back to support.getcloudapp.com)
-
-
-	List of related domains:
-
-		- cl.ly
-		- f.cl.ly
-		- my.cl.ly
-		- api.cld.me
-		- my.cld.me
-		- assets.my.cld.me
-		- getcloudapp.com
-		- blog.getcloudapp.com
-		- developer.getcloudapp.com
-		- store.getcloudapp.com
-
-
--->
-<ruleset name="Linerunner (partial)">
-
-	<target host="f.cl.ly" />
-	<target host="my.cl.ly" />
-	<target host="api.cld.me" />
-	<target host="my.cld.me" />
-	<target host="assets.my.cld.me" />
-	<target host="store.getcloudapp.com" />
-
-
-	<rule from="^https?://f\.cl\.ly/"
-		to="https://s3.amazonaws.com/f.cl.ly/" />
-
-	<!--	Rewriting to herokuapp.com avoids writing
-		special cases for different paths.
-						-->
-	<rule from="^https?://(?:cl\.ly|api\.cld\.me)/"
-		to="https://cloudapp.herokuapp.com/" />
-
-	<!--	At least some pages 302 back.
-						-->
-	<rule from="^https?://my\.cl(?:\.ly|d\.me)/stylesheets/"
-		to="https://d9yac136u048z.cloudfront.net/stylesheets/" />
-
-	<rule from="^https?://assets\.my\.cld\.me/"
-		to="https://d9yac136u048z.cloudfront.net/" />
-
-	<!--	http 301s back, but https doesn't.
-							-->
-	<rule from="^https?://store\.getcloudapp\.com/"
-		to="https://cloudapp.myshopify.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Lingospot.xml b/src/chrome/content/rules/Lingospot.xml
index 4b618138c360..dc5bea323ce0 100644
--- a/src/chrome/content/rules/Lingospot.xml
+++ b/src/chrome/content/rules/Lingospot.xml
@@ -1,27 +1,42 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://console.lingospot.com/ => https://console.lingospot.com/: (7, 'Failed to connect to console.lingospot.com port 443: Connection refused')
+Fetch error: http://engine.lingospot.com/ => https://engine.lingospot.com/: (6, 'Could not resolve host: engine.lingospot.com')
+
 	Nonfunctional subdomains:
 
-		- corp		(replies with http)
+		- blog *
+		- corp *
 		- get		(shows engine; mismatched, CN: chill.planetdiscover.com)
-		- login		(no https, rly)
+		- login ³
+		- wordpress *
 		- www		(redirects to http, cert valid)
 
+	* WP Engine
+	³ Shows console.lingospot.com
+
 
-	Problematic subdomains:
+	Insecure cookies are set for these domains:
 
-		- blog		(mismatched, CN: *.wpengine.com)
-		- wordpress	(redirects to http; mismatched, CN: *.wpengine.com)
+		- .lingospot.com
 
 -->
-<ruleset name="Lingospot (partial)">
+<ruleset name="Lingospot.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="console.lingospot.com" />
+	<target host="engine.lingospot.com" />
+
 
-	<target host="*.lingospot.com" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.lingospot\.com$" name="^LUI$" /-->
 
 
-	<rule from="^http://engine\.lingospot\.com/"
-		to="https://engine.lingospot.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-	<rule from="^https?://(?:blog|wordpress)\.lingospot\.com/"
-		to="https://lingonew.wpengine.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Linguatec.xml b/src/chrome/content/rules/Linguatec.xml
new file mode 100644
index 000000000000..e0e9d6ce396e
--- /dev/null
+++ b/src/chrome/content/rules/Linguatec.xml
@@ -0,0 +1,40 @@
+<!--
+	Cert mismatch
+		- (www.)linguatec.org
+		- esd.linguatec.net
+
+	Chain issues:
+		- vpe.linguatec.org
+
+	Connection refused:
+
+		- activate.linguatec.net
+		- vpn-mnet.linguatec.net
+		- vrweb.linguatec.net
+		- vrweb1.linguatec.net
+
+	TLS errors:
+		- services.linguatec.org
+		- voicepro.linguatec.org
+		- vrweb21.linguatec.org
+		- vrserver1.linguatec.net
+		- vrserver2.linguatec.net
+		- vrserver3.linguatec.net
+		- vrserver4.linguatec.net
+		- vrserver5.linguatec.net
+		- vrserver15.linguatec.net
+		- vrserver17.linguatec.net
+-->
+<ruleset name="Linguatec.org (partial)">
+
+
+	<target host="vrweb15.linguatec.org"/>
+
+	<target host="linguatec.net"/>
+	<target host="www.linguatec.net"/>
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Linguee.xml b/src/chrome/content/rules/Linguee.xml
index 575dcea4a8bc..2c1c238e0165 100644
--- a/src/chrome/content/rules/Linguee.xml
+++ b/src/chrome/content/rules/Linguee.xml
@@ -1,10 +1,62 @@
+<!--
+	Wildcard certificate and DNS.
+
+	Localized versions of linguee (eg. de.linguee.com, cn.linguee.com)
+	have mixed content but it doesn't hinder site functionality.
+
+-->
 <ruleset name="Linguee">
-  <target host="linguee.com" />
-  <target host="www.linguee.com" />
-  <target host="tool.linguee.com" />
-  <target host="lingue.de" />
-  <target host="www.lingue.de" />
-
-  <rule from="^http://(?:www\.)?\.linguee\.(com|de)/" to="https://www.linguee.$1/" />
-  <rule from="^http://tool\.linguee\.com/" to="https://tool.linguee.com/" />
+
+	<target host="linguee.com" />
+	<target host="*.linguee.com" />
+		<test url="http://testurl1.linguee.com/" />
+		<test url="http://testurl2.linguee.com/" />
+		<test url="http://testurl3.linguee.com/" />
+		<test url="http://testurl4.linguee.com/" />
+
+	<target host="linguee.de" />
+	<target host="*.linguee.de" />
+		<test url="http://testurl1.linguee.de/" />
+		<test url="http://testurl2.linguee.de/" />
+		<test url="http://testurl3.linguee.de/" />
+		<test url="http://testurl4.linguee.de/" />
+
+	<target host="linguee.es" />
+	<target host="*.linguee.es" />
+		<test url="http://testurl1.linguee.es/" />
+		<test url="http://testurl2.linguee.es/" />
+		<test url="http://testurl3.linguee.es/" />
+		<test url="http://testurl4.linguee.es/" />
+
+	<target host="linguee.fr" />
+	<target host="*.linguee.fr" />
+		<test url="http://testurl1.linguee.fr/" />
+		<test url="http://testurl2.linguee.fr/" />
+		<test url="http://testurl3.linguee.fr/" />
+		<test url="http://testurl4.linguee.fr/" />
+
+	<target host="linguee.it" />
+	<target host="*.linguee.it" />
+		<test url="http://testurl1.linguee.it/" />
+		<test url="http://testurl2.linguee.it/" />
+		<test url="http://testurl3.linguee.it/" />
+		<test url="http://testurl4.linguee.it/" />
+
+	<target host="linguee.nl" />
+	<target host="*.linguee.nl" />
+		<test url="http://testurl1.linguee.nl/" />
+		<test url="http://testurl2.linguee.nl/" />
+		<test url="http://testurl3.linguee.nl/" />
+		<test url="http://testurl4.linguee.nl/" />
+
+	<target host="linguee.pt" />
+	<target host="*.linguee.pt" />
+		<test url="http://testurl1.linguee.pt/" />
+		<test url="http://testurl2.linguee.pt/" />
+		<test url="http://testurl3.linguee.pt/" />
+		<test url="http://testurl4.linguee.pt/" />
+
+
+	<rule from="^http:" to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/Lingvoforum.net.xml b/src/chrome/content/rules/Lingvoforum.net.xml
new file mode 100644
index 000000000000..b24ec24d1fb5
--- /dev/null
+++ b/src/chrome/content/rules/Lingvoforum.net.xml
@@ -0,0 +1,13 @@
+<!--
+	Invalid certificate:
+		www.lingvoforum.net
+		wiki.lingvoforum.net
+
+-->
+<ruleset name="Lingvoforum.net">
+	<target host="lingvoforum.net"/>
+	<target host="www.lingvoforum.net"/>
+
+	<rule from="^http://www\.lingvoforum\.net/" to="https://lingvoforum.net/"/>
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/Link-Plus-Catalog.xml b/src/chrome/content/rules/Link-Plus-Catalog.xml
deleted file mode 100644
index 6502e58a1b24..000000000000
--- a/src/chrome/content/rules/Link-Plus-Catalog.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<ruleset name="Link+ Catalog">
-	<target host="csul.iii.com" />
-
-	<!-- The following rule (including the downgrade to HTTP) handles a situation
-	where the user is on the info page for a specific title. (For example, the URL
-	https://csul.iii.com/record=b33044008~S0 leads to the info page for the book 
-	"Introducing Shakespeare" by Nick Groom.) Selecting the image of the book
-	cover causes the view to divide into two frames, such that the lower frame
-	contains an image of the book cover and a number of hyperlinks: "Summary,"
-	"Cover Image," and "Product Details." From what it appears, these hyperlinks
-	will not work unless the rule given below is present (noted on Sept 12, 2012.)
-	-->
-	<rule from="^https://csul\.iii\.com/search~S0\?/([^/]+)/([^/]+)/([^/]+)/bibimage($|[^a-zA-Z])"
-		to="http://csul.iii.com/search~S0?/$1/$2/$3/bibimage$4" downgrade="1" />
-
-	<!-- For other situations, simply redirect to HTTPS (as expected.) -->
-	<rule from="^http://csul\.iii\.com/" to="https://csul.iii.com/" />
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/LinkShare.xml b/src/chrome/content/rules/LinkShare.xml
new file mode 100644
index 000000000000..0e60ec8abbf5
--- /dev/null
+++ b/src/chrome/content/rules/LinkShare.xml
@@ -0,0 +1,13 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.lsh.re/ => https://www.lsh.re/: (51, "SSL: no alternative certificate subject name matches target host name 'www.lsh.re'")
+
+-->
+<ruleset name="LinkShare" default_off="failed ruleset test">
+	<target host="lsh.re" />
+	<target host="www.lsh.re" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Linkbucks.xml b/src/chrome/content/rules/Linkbucks.xml
index 1bbec70cb173..3d44fa79adcc 100644
--- a/src/chrome/content/rules/Linkbucks.xml
+++ b/src/chrome/content/rules/Linkbucks.xml
@@ -7,13 +7,14 @@
 <ruleset name="Linkbucks">
 
 	<target host="linkbucks.com" />
-	<target host="*.linkbucks.com" />
+	<target host="static.linkbucks.com" />
+	<target host="www.linkbucks.com" />
 
 
 	<securecookie host="^(?:www\.)?linkbucks\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:static\.|(www\.))?linkbucks\.com/"
+	<rule from="^http://(?:static\.|(www\.))?linkbucks\.com/"
 		to="https://$1linkbucks.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/LinkedIn.xml b/src/chrome/content/rules/LinkedIn.xml
index a69db75c928b..16279f2c852a 100644
--- a/src/chrome/content/rules/LinkedIn.xml
+++ b/src/chrome/content/rules/LinkedIn.xml
@@ -1,64 +1,388 @@
 <!--
+	Other LinkedIn rulesets:
+
+		- LI_CDN.com.xml
+		- Lnkd.In.xml
+
+
 	There are lots of places where it doesn't work, so rather
-	than add lots of exclusions, I've only added added rules
+	than add lots of exclusions, I've only added rules
 	for sections of the site that I know allow it.
 
 
-	Nonfunctional subdomains:
+	Nonfunctional domains:
+
+		- blog ¹
+		- compass ²
+		- investors ²
+
+	¹ Redirects to http
+	² Dropped
+
+
+	Problematic subdomains:
+
+		- \w\w ¹
+		- brand ¹
+		- bringinyourparents ¹
+		- business ¹
+		- certification ¹
+		- cms ¹
+		- commsconnect ¹
+		- developer ¹
+		- developers ¹
+		- economicgraph ²
+		- engineering ¹
+		- (www.)?financeconnect ¹
+		- forms ¹
+		- gsk ¹
+		- help-enterprise *
+		- imagine ¹
+		- ja *
+		- (www.)?lifg ¹
+		- linkedinforgood ¹
+		- (www.)?live ¹
+		- marketing		($ redirects to http)
+		- members ¹
+		- mobile ¹
+		- nonprofit ¹
+		- nonprofits ¹
+		- ourstory ¹
+		- press ¹
+		- sales ⁴
+		- (www.)?salesconnect ¹
+		- smallbusiness ¹
+		- specialedition ¹
+		- studentcareers ¹
+		- students ¹
+		- talent ¹
+		- university ¹
+		- veterans ¹
+		- volunteer ¹
+		- volunteers ¹
+
+	¹ Insecure renegotiation
+	² Refused
+	* Mismatched
+	³ Mismatched, CN: *.presscentre.com
+	⁴ Expired 2014
+
+
+	Fully covered subdomains:
+
+		- \w\w:
+
+			- es
+			- jp
+			- us
+
+		- dc.ads
+
+		- [\w-]+.dc.ads:
+
+			- ap-southeast-1
+			- eu-west-1
+			- us-east-1
+
+		- imp2.ads
+		- aide
+		- ajuda
+		- asistenta
+		- ayuda
+		- in.bantuan
+		- ms.bantuan
+		- (www.)?brand
+		- (www.)?bringinyourparents
+		- (www.)?business
+		- (www.)?certification
+		- cms
+		- (www.)?commsconnect
+		- developer
+		- developers
+		- e
+		- economicgraph
+		- engineering
+		- (www.)?financeconnect
+		- forms
+		- (www.)?gsk
+		- guida
+		- hilfe
+		- (www.)?imagine
+
+		- \w\w.help:
+
+			- ja
+			- ko
+			- ru
+
+		- \w\w-\w\w.help:
+
+			- ar-ae
+			- th-th
+			- zh-cn
+			- zh-tw
+
+		- help-internal
+		- help-test
+		- help-test2
+		- hilfe
+		- hjalp
+		- hjaelp
+		- hjelp
+		- hulp
+		- (www.)?lifg
+		- (www.)?linkedinforgood
+		- (www.)?live
 
-		- blog
-		- press	(expired; 403)
+		- lms
+		- dev.lms
+		- dev-signin.lms
+		- sandbox.lms
+		- signin.lms
 
+		- marketing
+		- (www.)?members
+		- (www.)?mobile
+		- napoveda
+		- (www.)?nonprofit
+		- nonprofits
+		- ourstory
+		- polls
+		- pomoc
+		- (www.)?premium
+		- press
+		- (www.)?purchasing
+		- (www.)?salesconnect
+		- security
+		- (www.)?smallbusiness
+		- specialedition
+		- (www.)?studentcareers
+		- (www.)?students
+		- talent
+		- tulong
+		- (www.)?university
+		- (www.)?veterans
+		- (www.)?volunteer
+		- volunteers
+		- touch.www
+		- yardim
 
-	Fully covered domains:
 
-		- static.licdn.com
+	These altnames don't exist:
+
+		- byip.linkedin.com
+		- www.byip.linkedin.com
+		- www.compass.linkedin.com
+		- www.developer.linkedin.com
+		- mstr.linkedin.com
+		- www.nonprofits.linkedin.com
+		- security.linkedin.com
+		- www.security.linkedin.com
+		- www.volunteers.linkedin.com
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .linkedin.com
+		- \w\w.linkedin.com
+		- .\w\w.linkedin.com
+		- .ads.linkedin.com
+		- aide.linkedin.com
+		- ajuda.linkedin.com
+		- asistenta.linkedin.com
+		- ayuda.linkedin.com
+		- in.bantuan.linkedin.com
+		- ms.bantuan.linkedin.com
+		- brand.linkedin.com
+		- business.linkedin.com
+		- developer.linkedin.com
+		- gsk.linkedin.com
+		- guida.linkedin.com
+		- help.linkedin.com
+		- \w\w.help.linkedin.com
+		- \w\w-\w\w.help.linkedin.com
+		- hilfe.linkedin.com
+		- hjaelp.linkedin.com
+		- hjalp.linkedin.com
+		- hjelp.linkedin.com
+		- hulp.linkedin.com
+		- linkedinforgood.linkedin.com
+		- mobile.linkedin.com
+		- napoveda.linkedin.com
+		- pomoc.linkedin.com
+		- premium.linkedin.com
+		- smallbusiness.linkedin.com
+		- students.linkedin.com
+		- www.linkedin.com
+		- .www.linkedin.com
+		- yardim.linkedin.com
+
+
+	LinkedIn users should also enable secure connections from:
+
+		- https://www.linkedin.com/settings/security-v2
+
+
+	Mixed content:
+
+		- favicon on engineering from s.c.lnkd.licdn.com
+
+		- Bug on business from www.pubads.g.doubleclick.net
 
-    LinkedIn users should also enable secure connections from:
-    - https://www.linkedin.com/settings/security-v2
 -->
-<ruleset name="LinkedIn (buggy)" default_off="unreliable">
+<ruleset name="LinkedIn.com (partial)">
 
-	<target host="*.licdn.com" />
 	<target host="linkedin.com" />
 	<target host="*.linkedin.com" />
+		<!--
+			Redirects to http:
+						-->
+		<!--exclusion pattern="^http://blog\.linkedin\.com/($|favicon\.ico|wp-content/)" /-->
 
+		<exclusion pattern="^http://help-enterprise\.linkedin\.com/" />
+		<exclusion pattern="^http://ja\.linkedin\.com/" />
 
-	<!--	Set by analytics/	-->
-	<securecookie host="^www\.linkedin\.com$" name="^(?:bcookie|L1e|X-LI-IDC)$" />
+			<test url="http://ja.linkedin.com/" />
 
+		<test url="http://es.linkedin.com/" />
+		<test url="http://jp.linkedin.com/" />
+		<test url="http://us.linkedin.com/" />
 
-	<rule from="^http://((?:[ms][1-4])(?:-s)|static)?\.licdn\.com/"
-		to="https://$1$2.licdn.com/" />
+		<test url="http://ar-ae.help.linkedin.com/" />
+		<test url="http://th-th.help.linkedin.com/" />
+		<test url="http://zh-cn.help.linkedin.com/" />
+		<test url="http://zh-tw.help.linkedin.com/" />
 
-	<!--	- !www times out over https
-		- !www 301s to www over http
-						-->
-	<rule from="^http://(?:www\.)?linkedin\.com/$"
-		to="https://www.linkedin.com/" />
+		<test url="http://dc.ads.linkedin.com/" />
+		<test url="http://ap-southeast-1.dc.ads.linkedin.com/collect/?pid=&amp;fmt=gif&amp;ck=" />
+		<test url="http://eu-west-1.dc.ads.linkedin.com/" />
+		<test url="http://us-east-1.dc.ads.linkedin.com/" />
+		<test url="http://imp2.ads.linkedin.com/" />
+
+		<test url="http://ajuda.linkedin.com/" />
+		<test url="http://asistenta.linkedin.com/" />
+		<test url="http://ayuda.linkedin.com/" />
+		<test url="http://in.bantuan.linkedin.com/" />
+		<test url="http://ms.bantuan.linkedin.com/" />
+		<test url="http://cms.linkedin.com/" />
+		<test url="http://content.linkedin.com/" />
+		<test url="http://developer.linkedin.com/" />
+		<test url="http://developers.linkedin.com/" />
+		<test url="http://e.linkedin.com/" />
+		<test url="http://economicgraph.linkedin.com/" />
+		<test url="http://engineering.linkedin.com/" />
+		<test url="http://forms.linkedin.com/" />
+		<test url="http://guida.linkedin.com/" />
+		<test url="http://help.linkedin.com/" />
+		<test url="http://help-enterprise.linkedin.com/" />
+		<test url="http://help-internal.linkedin.com/" />
+		<test url="http://help-test.linkedin.com/" />
+		<test url="http://help-test2.linkedin.com/" />
+		<test url="http://hilfe.linkedin.com/" />
+		<test url="http://hjalp.linkedin.com/" />
+		<test url="http://hjelp.linkedin.com/" />
+		<test url="http://hulp.linkedin.com/" />
+		<test url="http://marketing.linkedin.com/" />
+		<test url="http://napoveda.linkedin.com/" />
+		<test url="http://nonprofits.linkedin.com/" />
+		<test url="http://ourstory.linkedin.com/" />
+		<test url="http://platform.linkedin.com/" />
+		<test url="http://polls.linkedin.com/" />
+		<test url="http://pomoc.linkedin.com/" />
+		<test url="http://press.linkedin.com/" />
+		<test url="http://security.linkedin.com/" />
+		<test url="http://specialedition.linkedin.com/" />
+		<test url="http://talent.linkedin.com/" />
+		<test url="http://tulong.linkedin.com/" />
+		<test url="http://volunteers.linkedin.com/" />
+		<test url="http://www.linkedin.com/" />
+		<test url="http://touch.www.linkedin.com/" />
+		<test url="http://yardim.linkedin.com/" />
+
+		<test url="http://brand.linkedin.com/" />
+		<test url="http://www.brand.linkedin.com/" />
+		<test url="http://bringinyourparents.linkedin.com/" />
+		<test url="http://www.bringinyourparents.linkedin.com/" />
+		<test url="http://business.linkedin.com/" />
+		<test url="http://www.business.linkedin.com/" />
+		<test url="http://certification.linkedin.com/" />
+		<test url="http://www.certification.linkedin.com/" />
+		<test url="http://commsconnect.linkedin.com/" />
+		<test url="http://www.commsconnect.linkedin.com/" />
+		<test url="http://financeconnect.linkedin.com/" />
+		<test url="http://www.financeconnect.linkedin.com/" />
+		<test url="http://gsk.linkedin.com/" />
+		<test url="http://www.gsk.linkedin.com/" />
+		<test url="http://imagine.linkedin.com/" />
+		<test url="http://www.imagine.linkedin.com/" />
+		<test url="http://lifg.linkedin.com/" />
+		<test url="http://www.lifg.linkedin.com/" />
+		<test url="http://linkedinforgood.linkedin.com/" />
+		<test url="http://www.linkedinforgood.linkedin.com/" />
+		<test url="http://live.linkedin.com/" />
+		<test url="http://www.live.linkedin.com/" />
+
+		<test url="http://lms.linkedin.com/" />
+		<test url="http://dev.lms.linkedin.com/" />
+		<test url="http://dev-signin.lms.linkedin.com/" />
+		<test url="http://sandbox.lms.linkedin.com/" />
+		<test url="http://signin.lms.linkedin.com/" />
 
-	<!--	These paths redirect to http:
+		<test url="http://members.linkedin.com/" />
+		<test url="http://www.members.linkedin.com/" />
+		<test url="http://mobile.linkedin.com/" />
+		<test url="http://www.mobile.linkedin.com/" />
+		<test url="http://nonprofit.linkedin.com/" />
+		<test url="http://www.nonprofit.linkedin.com/" />
+		<test url="http://premium.linkedin.com/" />
+		<test url="http://www.premium.linkedin.com/" />
+		<test url="http://purchasing.linkedin.com/" />
+		<test url="http://www.purchasing.linkedin.com/" />
+		<test url="http://salesconnect.linkedin.com/" />
+		<test url="http://www.salesconnect.linkedin.com/" />
+		<test url="http://smallbusiness.linkedin.com/" />
+		<test url="http://www.smallbusiness.linkedin.com/" />
+		<test url="http://students.linkedin.com/" />
+		<test url="http://www.students.linkedin.com/" />
+		<test url="http://studentcareers.linkedin.com/" />
+		<test url="http://www.studentcareers.linkedin.com/" />
+		<test url="http://university.linkedin.com/" />
+		<test url="http://www.university.linkedin.com/" />
+		<test url="http://veterans.linkedin.com/" />
+		<test url="http://www.veterans.linkedin.com/" />
+		<test url="http://volunteer.linkedin.com/" />
+		<test url="http://www.volunteer.linkedin.com/" />
 
-			- groups?gid=\d+
-			- mpr$
-			- static?key=.+
+
+	<!--	Not secured by server:
 					-->
-	<rule from="^http://(?:www\.)?linkedin\.com/(analytics|company|home|media|profile|reg|scds|secure|settings|today|uas|ucds)([\?\/].*)?$"
-		to="https://www.linkedin.com/$1$2" />
+	<!--securecookie host="^\.linkedin\.com$" name="^(bcookie|cookie_support|lang|lidc|lihc_auth_\w\w|li_loc|li_trk)$" /-->
+	<!--securecookie host="^(\w\w\|www).linkedin\.com$" name="^(L1c|leo_auth_token|visit)$" /-->
+	<!--securecookie host="^(\.\w\w|brand|business|gsk|linkedinforgood|mobile|premium|smallbusiness|students)\.linkedin\.com$" name="^JSESSIONID$" /-->
+	<!--securecookie host="^\.ads\.linkedin\.com$" name="^BizoCustomSegments$" /-->
+	<!--securecookie host="^(aide|ajuda|asistenta|ayuda|in\.bantuan|ms\.bantuan|guida|help|\w\w\.help|\w\w-\w\w\.help|hilfe|hjalp|hjaelp|hjelp|hulp|napoveda|pomoc|yardim)\.linkedin\.com$" name="^cp_session$" /-->
+	<!--securecookie host="^press\.linkedin\.com$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^www\.linkedin\.com$" name="^(_lipt|denial-reason-code|s_leo_auth_token|sl)$" /-->
+	<!--securecookie host="^\.www\.linkedin\.com$" name="^(JSESSIONID|sl)$" /-->
+
+	<securecookie host="^(?:\.ads|aide|a[jy]uda|asistenta|(?:in|ms)\.bantuan|business|gsk|guida|help|\w\w\.help|\w\w-\w\w\.help|hilfe|hj[ae]lp|hjaelp|hulp|linkedinforgood|mobile|pomoc|press|www|yardim)?\.linkedin\.com$" name=".+" />
+
 
-	<rule from="^http://(?:www\.)?linkedin\.com/(img/|reg/join|mpr/)"
-		to="https://www.linkedin.com/$1" />
+	<rule from="^http://marketing\.linkedin\.com/$"
+		to="https://business.linkedin.com/marketing-solutions" />
 
-	<!--	Akamai.
-			-->
-	<rule from="^http://media(?:0[1-4])?\.linkedin\.com/"
-		to="https://www.linkedin.com/" />
+	<rule from="^http://sales\.linkedin\.com/$"
+		to="https://business.linkedin.com/sales-solutions" />
 
-	<rule from="^http://platform\.linkedin\.com/"
-		to="https://platform.linkedin.com/" />
+		<test url="http://sales.linkedin.com/" />
 
-	<!--	Akamai	-->
-	<rule from="^http://static0([1-4])\.linkedin\.com/"
-		to="https://s$1.licdn.com/" />
+	<rule from="^http://((?:\w\w|dc\.ads|[\w-]+\.dc\.ads|imp2\.ads|aide|a[jy]uda|asistenta|(?:in|ms)\.bantuan|cms|content|developers?|e|economicgraph|engineering|forms|guida|help|(?:\w\w|\w\w-\w\w)\.help|help-(?:enterprise|internal|test2?)|hilfe|hj[ae]lp|hjaelp|hulp|lms|(?:dev|dev-signin|sandbox|signin)\.lms|marketing|napoveda|nonprofits|ourstory|platform|polls|pomoc|press|security|specialedition|talent|tulong|volunteers|www|touch\.www|yardim)\.)?linkedin\.com/"
+		to="https://$1linkedin.com/" />
+
+	<!--	Domains for which both !www and www exist,
+		and both work without caveat:
+						-->
+	<rule from="^http://(www\.)?(brand|bringinyourparents|business|certification|commsconnect|financeconnect|gsk|imagine|lifg|linkedinforgood|live|members|mobile|nonprofit|premium|purchasing|salesconnect|smallbusiness|students|studentcareers|university|veterans|volunteer)\.linkedin\.com/"
+		to="https://$1$2.linkedin.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Linkomanija.xml b/src/chrome/content/rules/Linkomanija.xml
index 9261f39a78c6..ab85831d4fea 100644
--- a/src/chrome/content/rules/Linkomanija.xml
+++ b/src/chrome/content/rules/Linkomanija.xml
@@ -1,7 +1,7 @@
-<ruleset name="Linkomanija" default_off="self-signed">
-  <target host="linkomanija.net" />
-  <target host="www.linkomanija.net" />
+<ruleset name="Linkomanija">
+	<target host="linkomanija.net" />
+	<target host="www.linkomanija.net" />
 
-  <rule from="^http://(?:www\.)?linkomanija\.net/" 
-          to="https://www.linkomanija.net/"/>
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/LinksAlpha.com.xml b/src/chrome/content/rules/LinksAlpha.com.xml
index c1d6c94fb0cd..45f5fb9b4c24 100644
--- a/src/chrome/content/rules/LinksAlpha.com.xml
+++ b/src/chrome/content/rules/LinksAlpha.com.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://api.linksalpha.com/ => https://api.linksalpha.com/: (35, 'Unknown SSL protocol error in connection to api.linksalpha.com:443 ')
+
 	Nonfunctional subdomains:
 
 		- apidocs *
@@ -8,27 +12,35 @@
 	 * Interrupted
 
 
-	Problematic subdomains:
+	^linksalpha.com: Handshake fails
+
+
+	Mixed content:
 
-		- ^		(503, mismatched, CN: *.google.com)
+		- Bug on www from www.facebook.com *
+
+	* Secured by us
 
 -->
-<ruleset name="LinksAlpha.com (partial)">
+<ruleset name="LinksAlpha.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="api.linksalpha.com" />
+	<target host="www.linksalpha.com" />
 
+	<!--	Complications:
+				-->
 	<target host="linksalpha.com" />
-	<target host="*.linksalpha.com" />
 
 
-	<securecookie host="^.+\.linksalpha\.com$" name=".+" />
+	<securecookie host=".+\.linksalpha\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?linksalpha\.com/"
+	<rule from="^http://linksalpha\.com/"
 		to="https://www.linksalpha.com/" />
 
-	<rule from="^http://api\.linksalpha\.com/"
-		to="https://api.linksalpha.com/" />
-
-	<rule from="^https?://support\.linksalpha\.com/generated/"
-		to="https://generated.zendesk.com/generated/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/LinksFU.com.xml b/src/chrome/content/rules/LinksFU.com.xml
deleted file mode 100644
index 42e71f17395b..000000000000
--- a/src/chrome/content/rules/LinksFU.com.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	CN: vmi8267
-
--->
-<ruleset name="LinksFU.com" default_off="mismatched, self-signed">
-
-	<target host="linksfu.com" />
-	<target host="www.linksfu.com" />
-
-
-	<rule from="^https?://(?:www\.)?linksfu\.com/"
-		to="https://linksfu.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Linksmail.de.xml b/src/chrome/content/rules/Linksmail.de.xml
new file mode 100644
index 000000000000..e5ad0fa90775
--- /dev/null
+++ b/src/chrome/content/rules/Linksmail.de.xml
@@ -0,0 +1,19 @@
+<!--
+	For other Die Linke coverage, see Die-Linke.xml.
+
+
+	(www.)?linksmail.de: Mismatched
+
+-->
+<ruleset name="Linksmail.de">
+
+	<!--	Complications:
+				-->
+        <target host="linksmail.de" />
+        <target host="www.linksmail.de" />
+
+
+        <rule from="^http://(?:www\.)?linksmail\.de/"
+		to="https://mail.dielinke-sachsen.de/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Linksynergy.com.xml b/src/chrome/content/rules/Linksynergy.com.xml
new file mode 100644
index 000000000000..0f7d64edf33c
--- /dev/null
+++ b/src/chrome/content/rules/Linksynergy.com.xml
@@ -0,0 +1,31 @@
+<!--
+	For other Rakuten coverage, see Rakuten.co.jp.xml.
+
+	Invalid certificate:
+		- m.www.linksynergy.com, equivalent to linkshare.com
+-->
+
+<ruleset name="Linksynergy.com">
+	<target host="m.www.linksynergy.com" />
+	<target host="ad.linksynergy.com" />
+	<target host="banner.linksynergy.com" />
+	<target host="mproxy.banner.linksynergy.com" />
+	<target host="bento.linksynergy.com" />
+	<target host="cli.linksynergy.com" />
+	<target host="click.linksynergy.com" />
+	<target host="couponfeed.linksynergy.com" />
+	<target host="lld2.linksynergy.com" />
+	<target host="merchant.linksynergy.com" />
+	<target host="ssl.linksynergy.com" />
+
+	<!-- Not secured by server -->
+	<!--securecookie host="^cli\.linksynergy\.com$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^\.cli\.linksynergy\.com$" name="^langpref$" /-->
+	<!--securecookie host="^signup\.linksynergy\.com$" name="^NSC_\w+(-\w+){3}$" /-->
+	<securecookie host="^(?:\.?cli|signup)\.linksynergy\.com$" name=".+" />
+
+	<rule from="^http://m\.www\.linksynergy\.com/"
+		to="https://linkshare.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Linksys-problematic.xml b/src/chrome/content/rules/Linksys-problematic.xml
deleted file mode 100644
index a989ea7f809f..000000000000
--- a/src/chrome/content/rules/Linksys-problematic.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<!--
-	For rules that are on by default, see Linysys.xml.
-
--->
-<ruleset name="Linksys (problematic)" default_off="mismatched">
-
-	<target host="downloads.linksys.com" />
-
-
-	<rule from="^http://downloads\.linksys\.com/"
-		to="https://downloads.linksys.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Linksys.xml b/src/chrome/content/rules/Linksys.xml
index f49af521e584..8ba369ec5322 100644
--- a/src/chrome/content/rules/Linksys.xml
+++ b/src/chrome/content/rules/Linksys.xml
@@ -1,73 +1,209 @@
 <!--
-	For other Oracle coverage, see Oracle.xml.
-
-
-	For problematic rules, see Linksys-problematic.xml.
-
-
-	CDN buckets:
-
-		- downloads.linksys.com.edgesuite.net
-
-		- linksys.lithium.com
-
-			- community
-
-		- linksys-content.vcommerce.com
-
-			- 403; mismatched, CN: support3.cdnetworks.net
-
-
-	Nonfunctional subdomains:
-
-		- m		(shows another domain; mismatched, CN: www.linksysbycisco.com)
-
-
-	Problematic subdomains:
-
-		- ^		(mismatched, CN: homesupport.cisco.com)
-		- downloads	(works, akamai)
-
-
-	Partially covered subdomains:
-
-		- store		(some pages redirect to http)
-
-
-	Fully covered subdomains:
-
-		- (www.)	(^ → www)
-		- community
-		- support
-
-
-	Observed cookie domains:
-
-		- community
-
-
-	downloads serves mixed images on www and
-	support, but no scripts nor stylesheets.
-
+	Connection closed:
+		- broadband
+		- faq
+		- m
+		- msupport
+		- mumimo
+		- prod
+		- store
+		- store-ca
+		- support-origin
+		- uat-www-origin
+		- www-ae
+		- www-ar
+		- www-at
+		- www-au
+		- www-be
+		- www-bh
+		- www-bo
+		- www-br
+		- www-ca
+		- www-ch
+		- www-cn
+		- www-co
+		- www-cr
+		- www-cs
+		- www-cz
+		- www-de
+		- www-dk
+		- www-dz
+		- www-ee
+		- www-eg
+		- www-es
+		- www-fi
+		- www-fr
+		- www-gh
+		- www-hk
+		- www-hu
+		- www-id
+		- www-ie
+		- www-in
+		- www-is
+		- www-it
+		- www-jo
+		- www-ke
+		- www-kr
+		- www-kw
+		- www-lb
+		- www-lt
+		- www-lv
+		- www-ma
+		- www-mk
+		- www-mu
+		- www-mx
+		- www-my
+		- www-nl
+		- www-no
+		- www-nz
+		- www-om
+		- www-origin
+		- www-pa
+		- www-ph
+		- www-pk
+		- www-pl
+		- www-pt
+		- www-py
+		- www-qa
+		- www-ro
+		- www-ru
+		- www-sa
+		- www-se
+		- www-sg
+		- www-si
+		- www-sk
+		- www-th
+		- www-tn
+		- www-tr
+		- www-uk
+		- www-uy
+		- www-ve
+		- www-vn
+		- www-za
+		- www1
+
+	Connection timed out:
+		- alert
+		- alert-stage
+		- auth
+		- client1s
+		- client1s-stage
+		- client2s
+		- client2s-stage
+		- commerce-stage
+		- connect-stage
+		- csr
+		- directory
+		- downloads
+		- downloads-auth2
+		- downloads-qa
+		- extender
+		- hcsetup-stage
+		- homecentral-stage
+		- jira-external
+		- ld
+		- nmreports
+		- nmreports-stage
+		- pg
+		- ra
+		- ra-stage
+		- ras
+		- ras-stage
+		- redirect
+		- redirect-stage
+		- resources-www
+		- search
+		- search-auth2
+		- search-qa
+		- secure
+		- services
+		- services-stage
+		- smoke
+		- start
+		- support-auth2
+		- support-qa
+		- var
+		- vendors
+		- vendors-stage
+		- websearch
+		- websearch-stage
+		- websearch1
+		- ws
+		- ws-auth2
+		- ws-qa
+		- www-auth2
+
+	Mismatched:
+		- beta
+		- cache-www
+		- cdn-www
+		- download
+		- forums
+		- forums-tac
+		- lyncdiscover
+		- msoid
+		- router
+		- sip
+		- wnc
+		- eu.wnc
+		- wnc-eu
+		- wnc-event
+		- wnc-event-eu
+		- wnc-server
+
+	Operation timed out:
+		- connect
+		- developers
+		- go
+		- go-stage
+		- remote
+		- st-aws
+		- tac
+		- ui
+		- us-firmware
+
+	Incomplete certificate chain:
+		- qa
+		- update
+		- update-qa
+		- update-stage
+
+	Expired:
+		- support-stg
+		- www-stg
+
+	Connection refused:
+		- autodiscover
+
+	SSL handshake error:
+		- wnc-server-eu
 -->
-<ruleset name="Linksys (partial)">
-
+<ruleset name="Linksys.com">
 	<target host="linksys.com" />
-	<target host="*.linksys.com" />
-		<exclusion pattern="^http://store\.linksys\.com/(?!\w+\.css$|css/|imagecache/|images/|moduleimages/)" />
-	<target host="linksys-content.vcommerce.com" />
-
-
-	<securecookie host="^.*\.linksys\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?linksys\.com/"
-		to="https://www.linksys.com/" />
-
-	<rule from="^http://(community|store|support)\.linksys\.com/"
-		to="https://$1.linksys.com/" />
-
-	<rule from="^http://linksys-content\.vcommerce\.com/"
-		to="https://store.linksys.com/" />
-
-</ruleset>
\ No newline at end of file
+	<target host="www.linksys.com" />
+	<target host="business.linksys.com" />
+	<target host="community.linksys.com" />
+	<target host="community-stage.linksys.com" />
+	<target host="csc.linksys.com" />
+	<target host="friends.linksys.com" />
+	<target host="hybris1.linksys.com" />
+	<target host="hybris2.linksys.com" />
+	<target host="hybris3.linksys.com" />
+	<target host="hybris4.linksys.com" />
+	<target host="hybris5.linksys.com" />
+	<target host="hybris6.linksys.com" />
+	<target host="kb.linksys.com" />
+	<target host="partnerportal.linksys.com" />
+	<target host="promotions.linksys.com" />
+	<target host="rewards.linksys.com" />
+	<target host="sociallogin.linksys.com" />
+	<target host="support.linksys.com" />
+	<target host="uat-www.linksys.com" />
+	<target host="update1.linksys.com" />
+	<target host="update1-stage.linksys.com" />
+	<target host="varsite.linksys.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Linksysbycisco.com.xml b/src/chrome/content/rules/Linksysbycisco.com.xml
deleted file mode 100644
index 6b1b551ef7fd..000000000000
--- a/src/chrome/content/rules/Linksysbycisco.com.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="Linksysbycisco.com" platform="mixedcontent">
-  <target host="linksysbycisco.com" />
-  <target host="www.linksysbycisco.com" />
-
-  <rule from="^http://(?:www\.)?linksysbycisco\.com/" to="https://www.linksysbycisco.com/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Linn_Records.com.xml b/src/chrome/content/rules/Linn_Records.com.xml
index 198b9bedff06..efe8763aefb6 100644
--- a/src/chrome/content/rules/Linn_Records.com.xml
+++ b/src/chrome/content/rules/Linn_Records.com.xml
@@ -36,4 +36,4 @@
 	<rule from="^http://small\.linncdn\.com/"
 		to="https://gp1.wac.edgecastcdn.net/0043E0/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Linneanet.fi.xml b/src/chrome/content/rules/Linneanet.fi.xml
new file mode 100644
index 000000000000..35b7bfb6d865
--- /dev/null
+++ b/src/chrome/content/rules/Linneanet.fi.xml
@@ -0,0 +1,15 @@
+<!--
+	(www.)?linneanet.fi doesn't exist.
+
+-->
+<ruleset name="linneanet.fi">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="arsca.linneanet.fi" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Linode.xml b/src/chrome/content/rules/Linode.xml
index 6f5dd406a07f..9cee7761f9f5 100644
--- a/src/chrome/content/rules/Linode.xml
+++ b/src/chrome/content/rules/Linode.xml
@@ -1,9 +1,80 @@
-<ruleset name="Linode">
-  <target host="linode.com" />
-  <target host="*.linode.com" />
 
-  <securecookie host="^.*linode\.com$" name=".*"/>
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://atlanta.webconsole.linode.com/ => https://atlanta.webconsole.linode.com/: (7, 'Failed to connect to atlanta.webconsole.linode.com port 443: Connection refused')
+Fetch error: http://dallas.webconsole.linode.com/ => https://dallas.webconsole.linode.com/: (7, 'Failed to connect to dallas.webconsole.linode.com port 443: Connection refused')
+Fetch error: http://frankfurt.webconsole.linode.com/ => https://frankfurt.webconsole.linode.com/: (7, 'Failed to connect to frankfurt.webconsole.linode.com port 443: Connection refused')
+Fetch error: http://fremont.webconsole.linode.com/ => https://fremont.webconsole.linode.com/: (7, 'Failed to connect to fremont.webconsole.linode.com port 443: Connection refused')
+Fetch error: http://london.webconsole.linode.com/ => https://london.webconsole.linode.com/: (7, 'Failed to connect to london.webconsole.linode.com port 443: Connection refused')
+Fetch error: http://newark.webconsole.linode.com/ => https://newark.webconsole.linode.com/: (7, 'Failed to connect to newark.webconsole.linode.com port 443: Connection refused')
+Fetch error: http://singapore.webconsole.linode.com/ => https://singapore.webconsole.linode.com/: (7, 'Failed to connect to singapore.webconsole.linode.com port 443: Connection refused')
+Fetch error: http://tokyo.webconsole.linode.com/ => https://tokyo.webconsole.linode.com/: (7, 'Failed to connect to tokyo.webconsole.linode.com port 443: Connection refused')
+
+	Nonfunctional hosts in *linode.com:
+
+		- speedtest.atlanta ¹
+		- speedtest.dallas ¹
+		- speedtest.frankfurt ¹
+		- speedtest.fremont ¹
+		- speedtest.london ¹
+		- speedtest.newark ¹
+		- speedtest.singapore ¹
+		- speedtest.tokyo ¹
+
+		- mirrors ¹
+		- atlanta.mirrors ¹
+		- dallas.mirrors ¹
+		- frankfurt.mirrors ¹
+		- fremont.mirrors ¹
+		- london.mirrors ¹
+		- newark.mirrors ¹
+		- singapore.mirrors ¹
+		- tokyo.mirrors ¹
+
+		- *.members ²
+		- *.nodebalancer ²
+
+	¹ Refused
+	² Customer load balancers and VPSes. Mismatched, refused or time out.
+-->
+<ruleset name="Linode.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="linode.com" />
+	<target host="alpha.linode.com" />
+	<target host="api.alpha.linode.com" />
+	<target host="login.alpha.linode.com" />
+	<target host="api.linode.com" />
+	<target host="apt.linode.com" />
+	<target host="apt-longview.linode.com" />
+	<target host="blog.linode.com" />
+	<target host="developers.linode.com" />
+	<target host="engineering.linode.com" />
+	<target host="forum.linode.com" />
+	<target host="library.linode.com" />
+	<target host="login.linode.com" />
+	<target host="manager.linode.com" />
+	<target host="stats.linode.com" />
+	<target host="status.linode.com" />
+	<target host="atlanta.webconsole.linode.com" />
+	<target host="dallas.webconsole.linode.com" />
+	<target host="frankfurt.webconsole.linode.com" />
+	<target host="fremont.webconsole.linode.com" />
+	<target host="london.webconsole.linode.com" />
+	<target host="newark.webconsole.linode.com" />
+	<target host="singapore.webconsole.linode.com" />
+	<target host="tokyo.webconsole.linode.com" />
+	<target host="www.linode.com" />
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.forum\.linode\.com$" name="^phpbb3_\w+_(k|sid|u)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
-  <rule from="^http://linode\.com/" to="https://www.linode.com/"/>
-  <rule from="^http://(library|stats|manager|www)\.linode\.com/" to="https://$1.linode.com/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/Linotype.com.xml b/src/chrome/content/rules/Linotype.com.xml
new file mode 100644
index 000000000000..80c50cb64429
--- /dev/null
+++ b/src/chrome/content/rules/Linotype.com.xml
@@ -0,0 +1,53 @@
+<!--
+	For other Monotype Imaging coverage, see Monotype-Imaging.xml.
+
+
+	Nonfunctional subdomains:
+
+		- image *
+
+	* Refused
+
+-->
+<ruleset name="Linotype.com (partial)">
+
+	<target host="linotype.com" />
+	<target host="www.linotype.com" />
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="^http://www\.linotype\.com/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.linotype\.com/+(?!(?:account|cart)(?:$|[?/])|css/|favicon\.ico|gif/|images/|min/|redir/sampler\.php)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.linotype.com/10/company.html" />
+			<test url="http://www.linotype.com/2044/sitemap.html" />
+			<test url="http://www.linotype.com/2088/fontservices.html" />
+			<test url="http://www.linotype.com/40/press.html" />
+			<test url="http://www.linotype.com/5/productcatalog.html" />
+			<test url="http://www.linotype.com/53/contact.html" />
+			<test url="http://www.linotype.com/6633/blog.html" />
+			<test url="http://www.linotype.com/7/fontmagazine.html" />
+			<test url="http://www.linotype.com/7709/affiliateprogram.html" />
+			<test url="http://www.linotype.com/favorites/" />
+			<test url="http://www.linotype.com/newsletter/" />
+			<test url="http://www.linotype.com/search" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.linotype.com/account/login" />
+			<test url="http://www.linotype.com/cart/" />
+			<test url="http://www.linotype.com/css/images/header/header-logo.png" />
+			<test url="http://www.linotype.com/favicon.ico" />
+			<test url="http://www.linotype.com/min/v43/?f=/css/blog.css" />
+			<test url="http://www.linotype.com/redir/sampler.php" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Linphone.xml b/src/chrome/content/rules/Linphone.xml
index 9853c2eb168b..d7478644f645 100644
--- a/src/chrome/content/rules/Linphone.xml
+++ b/src/chrome/content/rules/Linphone.xml
@@ -1,10 +1,13 @@
+<!--
+	^: 404
+
+-->
 <ruleset name="Linphone">
 
 	<target host="linphone.org" />
 	<target host="www.linphone.org" />
 
 
-	<rule from="^http://(www\.)?linphone\.org/"
-		to="https://$1linphone.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/LinusTechTips.com.xml b/src/chrome/content/rules/LinusTechTips.com.xml
new file mode 100644
index 000000000000..0b300619c617
--- /dev/null
+++ b/src/chrome/content/rules/LinusTechTips.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="LinusTechTips.com">
+	<target host="linustechtips.com" />
+	<target host="www.linustechtips.com" />
+	<target host="merch.linustechtips.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Linutronix.xml b/src/chrome/content/rules/Linutronix.xml
index 96968b6cd7e9..bf1d77ccf2e2 100644
--- a/src/chrome/content/rules/Linutronix.xml
+++ b/src/chrome/content/rules/Linutronix.xml
@@ -1,15 +1,14 @@
 <ruleset name="linutronix">
 
-	<target host="linutronix.de"/>
-	<target host="www.linutronix.de"/>
+	<target host="linutronix.de" />
+	<target host="www.linutronix.de" />
 	<!--	* for cross-domain cookie	-->
-	<target host="*.www.linutronix.de"/>
 
 
-	<securecookie host="^(.*\.)?linutronix\.de$" name=".*"/>
 
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(www\.)?linutronix\.de/"
-		to="https://$1linutronix.de/"/>
+
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Linux-Counter-Trac.xml b/src/chrome/content/rules/Linux-Counter-Trac.xml
index cbab477c07a8..f0cb82ea5633 100644
--- a/src/chrome/content/rules/Linux-Counter-Trac.xml
+++ b/src/chrome/content/rules/Linux-Counter-Trac.xml
@@ -2,7 +2,6 @@
 
 	<target host="trac.linuxcounter.net" />
 
-	<rule from="^http://trac\.linuxcounter\.net/"
-		to="https://trac.linuxcounter.net/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Linux-Counter.xml b/src/chrome/content/rules/Linux-Counter.xml
deleted file mode 100644
index 6421a9713598..000000000000
--- a/src/chrome/content/rules/Linux-Counter.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<ruleset name="Linux Counter">
-
-  <target host="counter.li.org" />
-  <target host="linuxcounter.net" />
-  <target host="www.linuxcounter.net" />
-
-
-	<securecookie host="^linuxcounter.net$" name=".*" />
-
-
-  <rule from="^http://(www\.)?linuxcounter\.net/"
-          to="https://linuxcounter.net/" />
-
-  <rule from="^http://counter\.li\.org/"
-      		to="https://linuxcounter.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Linux-KVM.org.xml b/src/chrome/content/rules/Linux-KVM.org.xml
new file mode 100644
index 000000000000..1659042a7434
--- /dev/null
+++ b/src/chrome/content/rules/Linux-KVM.org.xml
@@ -0,0 +1,13 @@
+<!--
+	m: certificate mismatch
+		- linux-kvm.org
+-->
+<ruleset name="Linux-KVM.org">
+	<target host="linux-kvm.org" />
+	<target host="www.linux-kvm.org" />
+
+	<rule from="^http://linux-kvm\.org/"
+		to="https://www.linux-kvm.org/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Linux-Magazin-Online.xml b/src/chrome/content/rules/Linux-Magazin-Online.xml
index f3ebf3a451b9..b3413e37758b 100644
--- a/src/chrome/content/rules/Linux-Magazin-Online.xml
+++ b/src/chrome/content/rules/Linux-Magazin-Online.xml
@@ -1,31 +1,87 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://shop.linux-magazin.de/favicon.ico => https://shop.linux-magazin.de/favicon.ico: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://shop.linux-magazin.de/media/catalog/product/cache/3/small_image/135x/9df78eab33525d08d6e5fb8d27136e95/l/m/lm-nm_jdvd_2011.jpg => https://shop.linux-magazin.de/media/catalog/product/cache/3/small_image/135x/9df78eab33525d08d6e5fb8d27136e95/l/m/lm-nm_jdvd_2011.jpg: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://shop.linux-magazin.de/skin/frontend/lnm/cpt/images/i_asc_arrow.gif => https://shop.linux-magazin.de/skin/frontend/lnm/cpt/images/i_asc_arrow.gif: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://streaming.linux-magazin.de/ => https://streaming.linux-magazin.de/: (51, "SSL: no alternative certificate subject name matches target host name 'streaming.linux-magazin.de'")
+Fetch error: http://linux-magazin.de/ => https://www.linux-magazin.de/: Too many redirects while fetching 'https://www.linux-magazin.de/'
+
+-->
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://streaming.linux-magazin.de/ => https://streaming.linux-magazin.de/: (51, "SSL: no alternative certificate subject name matches target host name 'streaming.linux-magazin.de'")
+Fetch error: http://linux-magazin.de/ => https://www.linux-magazin.de/: Too many redirects while fetching 'https://www.linux-magazin.de/'
+
+	Linux-Magazin Online
+
 	For other Linux New Media coverage, see Linux-New-Media.xml.
 
+
+	Problematic hosts in *linux-magazin.de:
+
+		- academy *
+
+	* Expired
+
 -->
-<ruleset name="Linux-Magazin Online (partial)">
+<ruleset name="Linux-Magazin.de (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="shop.linux-magazin.de" />
+	<target host="streaming.linux-magazin.de" />
+	<target host="www.linux-magazin.de" />
 
+	<!--	Complications:
+				-->
 	<target host="linux-magazin.de" />
-	<target host="*.linux-magazin.de" />
 
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.linux-magazin\.de/(Ausgaben/\d\d/\d\d/[\w-]+$|Online-Artikel/)" /-->
+		<!--
+			404:
+				-->
+		<!--exclusion pattern="^http://academy\.linux-magazin\.de/(stylesheets/)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://shop.linux-magazin.de/+(?!favicon\.ico|media/|skin/)" />
+		<exclusion pattern="^http://www\.linux-magazin\.de/(?!extension/|var/)" />
 
-	<securecookie host="^.*\.linux-magazin\.de$" name=".*" />
+			<!--	+ve:
+					-->
 
+			<test url="http://shop.linux-magazin.de/agb/" />
+			<test url="http://shop.linux-magazin.de/dh11412.html" />
+			<test url="http://shop.linux-magazin.de/ehb0003.html" />
+			<test url="http://shop.linux-magazin.de/sh70007.html" />
+			<test url="http://shop.linux-magazin.de/widerruf/" />
 
-	<!--	Cert only matches www.	-->
-	<rule from="^https?://(?:www\.)?linux-magazin\.de/"
-		to="https://www.linux-magazin.de/" />
+			<test url="http://www.linux-magazin.de/Ausgaben/2013/08/SSH-Key-Management" />
+			<test url="http://www.linux-magazin.de/Jobs" />
+			<test url="http://www.linux-magazin.de/NEWS" />
+
+			<!--	-ve:
+					-->
+			<test url="http://shop.linux-magazin.de/favicon.ico" />
+			<test url="http://shop.linux-magazin.de/media/catalog/product/cache/3/small_image/135x/9df78eab33525d08d6e5fb8d27136e95/l/m/lm-nm_jdvd_2011.jpg" />
+			<test url="http://shop.linux-magazin.de/skin/frontend/lnm/cpt/images/i_asc_arrow.gif" />
 
-	<!--	At least the homepage redirects to http.
-		stylesheets/ 404s.	-->
-	<rule from="^http://academy\.linux-magazin\.de/(design|extension|user)/"
-		to="https://academy.linux-magazin.de/$1/" />
+			<test url="http://www.linux-magazin.de/extension/lnm/design/linux_magazin/images/links-li-bg.gif" />
+			<test url="http://www.linux-magazin.de/var/linux_magazin/storage/images/linux-magazin.de/e-bibliothek/themenpakete/expertenpost.-das-bundle-rund-um-e-mail-spam-mailserver-und-imap/563167-1-ger-DE/Expertenpost.-Das-Bundle-rund-um-E-Mail-Spam-Mailserver-und-IMAP_small.jpg" />
 
-	<!--	Redirects like so.
-		shop.linuxnewmedia.de redirects to http pages, which is handled in Linux-New-Media.xml.	-->
-	<rule from="^https?://academy\.linux-magazin\.de/lnmshop/forward/online-services/academy-schulungen-1\.html"
-		to="https://shop.linuxnewmedia.de/online-services/academy-schulungen-1.html" />
 
-	<rule from="^http://streaming\.linux-magazin\.de/"
-		to="https://streaming.linux-magazin.de/" />
+	<!--securecookie host="^.*\.linux-magazin\.de$" name=".*" /-->
+
+
+	<!--	Cert only matches www.	-->
+	<rule from="^http://linux-magazin\.de/"
+		to="https://www.linux-magazin.de/" />
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Linux-Magazine.xml b/src/chrome/content/rules/Linux-Magazine.xml
index 54156120fa13..53ce1f07e933 100644
--- a/src/chrome/content/rules/Linux-Magazine.xml
+++ b/src/chrome/content/rules/Linux-Magazine.xml
@@ -11,7 +11,7 @@
 	<!--	- Cert only matches www
 		- Unsupported pages redirect to http
 				-->
-	<rule from="^https?://linux-magazine\.com/"
+	<rule from="^http://linux-magazine\.com/"
 		to="https://www.linux-magazine.com/" />
 
 	<rule from="^http://www\.linux-magazine\.com/(design/|extension/|lnmshop/|static/|Subscribe/|var/)"
diff --git a/src/chrome/content/rules/Linux-New-Media-mismatches.xml b/src/chrome/content/rules/Linux-New-Media-mismatches.xml
index 1460d007b6d9..e4270f5d0402 100644
--- a/src/chrome/content/rules/Linux-New-Media-mismatches.xml
+++ b/src/chrome/content/rules/Linux-New-Media-mismatches.xml
@@ -2,7 +2,7 @@
 	For rules that are on by default, see Linux-New-Media.xml.
 
 -->
-<ruleset name="Linux New Media (mismatches)" default_off="mismatch">
+<ruleset name="Linux New Media (mismatches)" default_off="mismatched">
 
 	<target host="linuxnewmedia.de" />
 	<target host="www.linuxnewmedia.de" />
@@ -12,7 +12,7 @@
 
 
 	<!--	!www redirects to www.	-->
-	<rule from="^https?://(?:www\.)?linuxnewmedia.de/"
+	<rule from="^http://(?:www\.)?linuxnewmedia\.de/"
 		to="https://www.linuxnewmedia.de/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Linux-New-Media.xml b/src/chrome/content/rules/Linux-New-Media.xml
index 65dce410d41c..7681a6234d79 100644
--- a/src/chrome/content/rules/Linux-New-Media.xml
+++ b/src/chrome/content/rules/Linux-New-Media.xml
@@ -10,20 +10,16 @@
 -->
 <ruleset name="Linux New Media (partial)">
 
-	<target host="*.linuxnewmedia.com" />
+	<target host="rotation.linuxnewmedia.com" />
+	<target host="shop.linuxnewmedia.com" />
+	<target host="shop.linuxnewmedia.de" />
 	<!--	* for cross-domain cookie.	-->
-	<target host="*.shop.linuxnewmedia.com" />
-	<target host="*.linuxnewmedia.de" />
-	<target host="*.shop.linuxnewmedia.de" />
 
 
-	<securecookie host="^.*\.linuxnewmedia\.(com|de)$" name=".*" />
 
+	<securecookie host=".+" name=".+"/>
 
-	<rule from="^http://rotation\.linuxnewmedia\.com/"
-		to="https://rotation.linuxnewmedia.com/" />
 
-	<rule from="^http://shop\.linuxnewmedia\.(com|de)/"
-		to="https://shop.linuxnewmedia.$1/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Linux-Plumbers-Conference.xml b/src/chrome/content/rules/Linux-Plumbers-Conference.xml
index 6137231d8f3a..468d3b78abe6 100644
--- a/src/chrome/content/rules/Linux-Plumbers-Conference.xml
+++ b/src/chrome/content/rules/Linux-Plumbers-Conference.xml
@@ -3,16 +3,29 @@
 
 		- wiki		(cert matches; shows www data)
 
+
+	(www.)?linuxplumbersconf.net: Mismatched
+
 -->
-<ruleset name="Linux Plumbers Conference (partial)" default_off="expired, self-signed">
+<ruleset name="Linux Plumbers Conference (partial)">
 
-	<target host="linuxplumbersconf.net"/>
-	<target host="www.linuxplumbersconf.net"/>
+	<!--	Direct rewrites:
+				-->
+	<target host="linuxplumbersconf.com"/>
+	<target host="www.linuxplumbersconf.com"/>
 	<target host="linuxplumbersconf.org"/>
 	<target host="www.linuxplumbersconf.org"/>
 
-	<!--	Cert only matches *.linuxplumbersconf.org	-->
-	<rule from="^http://(?:www\.)?linuxplumbersconf\.(?:net|org)/"
-		to="https://www.linuxplumbersconf.org/"/>
+	<!--	Complications:
+				-->
+	<target host="linuxplumbersconf.net"/>
+	<target host="www.linuxplumbersconf.net"/>
+
+
+	<rule from="^http://(?:www\.)?linuxplumbersconf\.net/"
+		to="https://linuxplumbersconf.org/"/>
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Linux-Tage.de.xml b/src/chrome/content/rules/Linux-Tage.de.xml
new file mode 100644
index 000000000000..2deb57a9e31c
--- /dev/null
+++ b/src/chrome/content/rules/Linux-Tage.de.xml
@@ -0,0 +1,31 @@
+<!--
+	(www.)?linux-tage.de: Shows default page
+
+-->
+<ruleset name="Linux-Tage.de">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="chemnitzer.linux-tage.de" />
+
+	<!--	Complications:
+				-->
+	<target host="linux-tage.de" />
+	<target host="www.linux-tage.de" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<!--	Redirect keeps path and args,
+		but not forward slash:
+					-->
+	<rule from="^http://(?:www\.)?linux-tage\.de/+"
+		to="https://chemnitzer.linux-tage.de/" />
+
+		<test url="http://chemnitzer.linux-tage.de//home.htm" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Linux-Tips.org.xml b/src/chrome/content/rules/Linux-Tips.org.xml
new file mode 100644
index 000000000000..e688036ff90b
--- /dev/null
+++ b/src/chrome/content/rules/Linux-Tips.org.xml
@@ -0,0 +1,27 @@
+<!--
+	Insecure cookies are set for these domains and hosts:
+
+		- .linux-tips.org
+		- www.linux-tips.org
+
+-->
+<ruleset name="Linux-Tips.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="linux-tips.org" />
+	<target host="www.linux-tips.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.linux-tips\.org$" name="^(?:__cfduid|cf_clearance)$" /-->
+	<!--securecookie host="^www\.linux-tips\.org$" name="^_session_id$" /-->
+
+	<securecookie host="^(?:www)?\.linux-tips\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Linux-apps.com.xml b/src/chrome/content/rules/Linux-apps.com.xml
new file mode 100644
index 000000000000..d42c2d0cf6dd
--- /dev/null
+++ b/src/chrome/content/rules/Linux-apps.com.xml
@@ -0,0 +1,12 @@
+<!--
+	For other openDesktop rules, see openDesktop.org.xml
+
+-->
+<ruleset name="Linux-apps.com">
+
+	<target host="linux-apps.com" />
+	<target host="www.linux-apps.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Linux-dev.org.xml b/src/chrome/content/rules/Linux-dev.org.xml
index 30096082a156..6585357f6f7d 100644
--- a/src/chrome/content/rules/Linux-dev.org.xml
+++ b/src/chrome/content/rules/Linux-dev.org.xml
@@ -1,26 +1,20 @@
 <!--
-	Problematic subdomains:
-
-		- ^	(cert only matches www)
-
-
-	Mixed content:
-
-		- Images on www from www *
-
-	* Secured by us
-
+	Non-functional hosts
+		SSL peer certificate was not OK:
+			 - misc.linux-dev.org
+			 - odamvlw2iq.linux-dev.org
+			 - pnopaste.linux-dev.org
+			 - srv1.linux-dev.org
+
+		Different content:
+			 - svn.linux-dev.org
 -->
-<ruleset name="linux-dev.org" platform="cacert">
-
+<ruleset name="linux-dev.org">
 	<target host="linux-dev.org" />
 	<target host="www.linux-dev.org" />
+	<target host="nopaste.linux-dev.org" />
 
+	<securecookie host=".+" name=".+" />
 
-	<securecookie host="^www\.linux-dev\.org$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?linux-dev\.org/"
-		to="https://www.linux-dev.org/" />
-
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Linux-nfs.org.xml b/src/chrome/content/rules/Linux-nfs.org.xml
new file mode 100644
index 000000000000..259e1aeb623f
--- /dev/null
+++ b/src/chrome/content/rules/Linux-nfs.org.xml
@@ -0,0 +1,14 @@
+<!--
+	Expired:
+		- nfsometer.linux-nfs.org
+-->
+<ruleset name="Linux-nfs.org" default_off="cert-chain">
+	<target host="linux-nfs.org" />
+	<target host="www.linux-nfs.org" />
+	<target host="bugzilla.linux-nfs.org" />
+	<target host="client.linux-nfs.org" />
+	<target host="git.linux-nfs.org" />
+	<target host="wiki.linux-nfs.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Linux-sunxi.org.xml b/src/chrome/content/rules/Linux-sunxi.org.xml
index a4061ebe36fe..ba4e84c7a6e0 100644
--- a/src/chrome/content/rules/Linux-sunxi.org.xml
+++ b/src/chrome/content/rules/Linux-sunxi.org.xml
@@ -5,8 +5,10 @@
 		- (www.)sunxi.org
 
 -->
-<ruleset name="linux-sunxi.org" platform="cacert">
+<ruleset name="linux-sunxi.org">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="linux-sunxi.org" />
 	<target host="www.linux-sunxi.org" />
 	<target host="sunxi.org" />
@@ -16,7 +18,7 @@
 	<securecookie host="^(?:linux-)?sunxi\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?(linux-)?sunxi\.org/"
-		to="https://$1$2sunxi.org/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Linux.com.xml b/src/chrome/content/rules/Linux.com.xml
index 641cecdfd349..1e2e93c7a512 100644
--- a/src/chrome/content/rules/Linux.com.xml
+++ b/src/chrome/content/rules/Linux.com.xml
@@ -1,29 +1,29 @@
 <!--
-	Much of jobs.linux.com is handled in JobThread-clients.xml.
-
-
-	Nonfunctional subdomains:
-
-		- blogs
-
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- archive09.linux.com
+		- japan.linux.com
+		- jobs.linux.com
+
+		4xx client error:
+		- shop.linux.com
+		- store.linux.com
+
+		Mixed content blocking (MCB) triggered:
+		- jp.linux.com
 -->
-<ruleset name="Linux.com" platform="mixedcontent">
-
+<ruleset name="Linux.com">
 	<target host="linux.com" />
-	<target host="*.linux.com" />
-	<!--	* for cross-domain cookies.	-->
-	<target host="*.store.linux.com" />
-
-
-	<securecookie host="^.*\.linux\.com$" name=".*" />
-
-
-	<rule from="^http://((?:store|video|www)\.)?linux\.com/"
-		to="https://$1linux.com/" />
-
-	<!--	Cert: www.jobthread.com
-					-->
-	<rule from="^https?://jobs\.linux\.com/(image|file|partner)s/"
-		to="https://www.jobthread.com/$1s/" />
-
+	<target host="www.linux.com" />
+	<target host="archive15.linux.com" />
+	<target host="ideaforge.linux.com" />
+	<target host="ideas.linux.com" />
+	<target host="video.linux.com" />
+	<target host="videos.linux.com" />
+	<target host="w.linux.com" />
+	<target host="ww.linux.com" />
+	<target host="wwwnew.linux.com" />
+	<target host="wwww.linux.com" />
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Linux.conf.au.xml b/src/chrome/content/rules/Linux.conf.au.xml
deleted file mode 100644
index e03edcd8aba3..000000000000
--- a/src/chrome/content/rules/Linux.conf.au.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	Problematic domains:
-
-		- (www.)linux.conf.au	(mismatched, CN: lca2014.linux.org.au)
-
--->
-<ruleset name="linux.conf.au">
-
-	<target host="linux.conf.au" />
-	<target host="www.linux.conf.au" />
-	<target host="lca2014.linux.org.au" />
-
-
-	<rule from="^http://(?:(?:www\.)?linux\.conf|lca2014\.linux\.org)\.au/"
-		to="https://lca2014.linux.org.au/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Linux.it.xml b/src/chrome/content/rules/Linux.it.xml
new file mode 100644
index 000000000000..f81a24fb1b33
--- /dev/null
+++ b/src/chrome/content/rules/Linux.it.xml
@@ -0,0 +1,181 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+			 - belluno.linux.it
+			 - donazioni.linux.it
+			 - enna.linux.it
+			 - erlug.linux.it
+			 - www.erlug.linux.it
+			 - mail.erlug.linux.it
+			 - firenze.linux.it
+			 - www.firenze.linux.it
+			 - gardalug.linux.it
+			 - www.gardalug.linux.it
+			 - gimp.linux.it
+			 - ns2.glue.linux.it
+			 - golem.linux.it
+			 - www.golem.linux.it
+			 - nabble.gulp.linux.it
+			 - ham.linux.it
+			 - lecco.linux.it
+			 - www.lecco.linux.it
+			 - leonforte.linux.it
+			 - lugbs.linux.it
+			 - www.lugbs.linux.it
+			 - pergamena.lugbs.linux.it
+			 - risotto.lugbs.linux.it
+			 - lugmap.linux.it
+			 - openvideo.linux.it
+			 - palermo.linux.it
+			 - www.palermo.linux.it
+			 - parma.linux.it
+			 - www.parma.linux.it
+			 - planet.linux.it
+			 - relug.linux.it
+			 - savona.linux.it
+			 - scotty.linux.it
+			 - scuola.linux.it
+			 - siena.linux.it
+			 - www.siena.linux.it
+			 - gaia.siena.linux.it
+			 - liste.siena.linux.it
+			 - lists.siena.linux.it
+			 - ns.siena.linux.it
+			 - wiki.siena.linux.it
+			 - ww.siena.linux.it
+			 - siracusa.linux.it
+			 - www.siracusa.linux.it
+			 - sulu.linux.it
+			 - tlug.linux.it
+			 - torino.linux.it
+			 - torrelug.linux.it
+			 - tp.linux.it
+			 - trieste.linux.it
+			 - venezia.linux.it
+			 - xn__lzg.linux.it (Remark: - is replaced by _, see https://stackoverflow.com/questions/10842131/)
+
+		Timeout was reached:
+			 - appunti.linux.it
+			 - cleopatra.linux.it
+			 - cuneo.linux.it
+			 - www.cuneo.linux.it
+			 - mail.cuneo.linux.it
+			 - cadalboia.ferrara.linux.it
+			 - ftp.linux.it
+			 - fvg.linux.it
+			 - lodi.linux.it
+			 - www.lodi.linux.it
+			 - lugbari.linux.it
+			 - milano.linux.it
+			 - norp.linux.it
+			 - pinerolo.linux.it
+			 - www.pinerolo.linux.it
+			 - verona.linux.it
+			 - www.verona.linux.it
+
+		SSL connect error:
+			 - www.pluto.linux.it
+			 - a2.pluto.linux.it
+			 - devel.pluto.linux.it
+			 - eros.pluto.linux.it
+			 - fabrizio.pluto.linux.it
+			 - ildp.pluto.linux.it
+			 - lists.pluto.linux.it
+			 - discourse.trieste.linux.it:8003
+
+		SSL peer certificate was not OK:
+			 - www.alessandria.linux.it
+			 - www.basilicata.linux.it
+			 - bglug.linux.it
+			 - cassino.linux.it
+			 - folug.linux.it
+			 - genova.linux.it
+			 - ns.glue.linux.it
+			 - ftgm2.gulp.linux.it
+			 - linuxday.gulp.linux.it
+			 - linuxday2008.gulp.linux.it
+			 - linuxday2009.gulp.linux.it
+			 - linuxday2010.gulp.linux.it
+			 - linuxday2011.gulp.linux.it
+			 - linuxday2014.gulp.linux.it
+			 - linuxday2015.gulp.linux.it
+			 - mail.gulp.linux.it
+			 - piwik.gulp.linux.it
+			 - ischia.linux.it
+			 - knopils.linux.it
+			 - livorno.linux.it
+			 - ns.linux.it
+			 - padova.linux.it
+			 - pordenone.linux.it
+			 - rclug.linux.it
+			 - rimini.linux.it
+			 - vercelli.linux.it
+
+		Peer certificate cannot be authenticated with given CA certificates:
+			 - ar.linux.it
+			 - www.ar.linux.it
+			 - arcana.linux.it
+			 - catania.linux.it
+			 - www.catania.linux.it
+			 - lists.catania.linux.it
+			 - fe.linux.it
+			 - imap.fe.linux.it
+			 - mail.fe.linux.it
+			 - pop.fe.linux.it
+			 - smtp.fe.linux.it
+			 - webmail.fe.linux.it
+			 - ferrara.linux.it
+			 - www.ferrara.linux.it
+			 - guercino.ferrara.linux.it
+			 - imap.ferrara.linux.it
+			 - linuxday.ferrara.linux.it
+			 - www.linuxday.ferrara.linux.it
+			 - members.ferrara.linux.it
+			 - ns1.ferrara.linux.it
+			 - pop.ferrara.linux.it
+			 - servizi.ferrara.linux.it
+			 - smtp.ferrara.linux.it
+			 - ml.gardalug.linux.it
+			 - ilsmanager.linux.it
+			 - jabber.linux.it
+			 - lugotto.linux.it
+			 - pdp.linux.it
+			 - mailman.pinerolo.linux.it
+			 - sarek.linux.it
+			 - www.varese.linux.it
+			 - vicenza.linux.it
+			 - www.vicenza.linux.it
+
+		Incomplete certificate chain error:
+			 - www.bilug.linux.it
+			 - mail.bilug.linux.it
+			 - mumble.bilug.linux.it
+			 - webmail.bilug.linux.it
+			 - wiki.gulp.linux.it
+			 - lilliput.linux.it
+			 - www.lilliput.linux.it
+			 - eraldo.lilliput.linux.it
+			 - ragusa.linux.it
+			 - www.ragusa.linux.it
+-->
+<ruleset name="Linux.it">
+	<target host="www.linux.it" />
+	<target host="hamradio.fe.linux.it" />
+	<target host="www.hamradio.fe.linux.it" />
+	<target host="liste.fe.linux.it" />
+	<target host="hamradio.ferrara.linux.it" />
+	<target host="www.hamradio.ferrara.linux.it" />
+	<target host="liste.ferrara.linux.it" />
+	<target host="mail.ferrara.linux.it" />
+	<target host="webmail.ferrara.linux.it" />
+	<target host="gulp.linux.it" />
+	<target host="www.gulp.linux.it" />
+	<target host="lists.gulp.linux.it" />
+	<target host="lists.linux.it" />
+	<target host="picard.linux.it" />
+	<target host="wiki.linux.it" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Linux.lu.xml b/src/chrome/content/rules/Linux.lu.xml
index 6652ceb83acf..d3d22bfa5595 100644
--- a/src/chrome/content/rules/Linux.lu.xml
+++ b/src/chrome/content/rules/Linux.lu.xml
@@ -16,7 +16,9 @@
 <ruleset name="Linux.lu (partial)">
 
 	<target host="linux.lu" />
-	<target host="*.linux.lu" />
+	<target host="www.linux.lu" />
+	<target host="udpcast.linux.lu" />
+	<target host="www.udpcast.linux.lu" />
 
 
 	<!--	Server does not drop path:
@@ -24,7 +26,6 @@
 	<rule from="^http://(?:www\.)?linux\.lu/"
 		to="https://www.lilux.lu/" />
 
-	<rule from="^http://(www\.)?udpcast\.linux\.lu/"
-		to="https://$1udpcast.linux.lu/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Linux.org.au-problematic.xml b/src/chrome/content/rules/Linux.org.au-problematic.xml
new file mode 100644
index 000000000000..e62df050ca04
--- /dev/null
+++ b/src/chrome/content/rules/Linux.org.au-problematic.xml
@@ -0,0 +1,13 @@
+<!--
+	For rules that are on by default, see Linux.org.au.xml.
+
+-->
+<ruleset name="Linux.org.au (problematic)" default_off="expired, self-signed">
+
+	<target host="lca2014.linux.org.au" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Linux.org.au.xml b/src/chrome/content/rules/Linux.org.au.xml
new file mode 100644
index 000000000000..57582847851f
--- /dev/null
+++ b/src/chrome/content/rules/Linux.org.au.xml
@@ -0,0 +1,40 @@
+<!--
+	For problematic rules, see Linux.org.au-problematic.xml.
+
+
+	Nonfunctional hosts in *linux.org.au:
+
+		- mirror *
+
+	* Refused
+
+
+	^linux.org.au: Refused
+
+-->
+<ruleset name="Linux.org.au">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.linux.org.au" />
+
+	<!--	Complications:
+				-->
+	<target host="linux.org.au" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.linux\.org\.au$" name="^SESS[0-9a-f]{32}$" /-->
+	<!--securecookie host="^www\.linux\.org\.au$" name="^PHPSESSID$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://linux\.org\.au/"
+		to="https://www.linux.org.au/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Linux.org.ru.xml b/src/chrome/content/rules/Linux.org.ru.xml
index 007dd31bd4e7..ebe9772df777 100644
--- a/src/chrome/content/rules/Linux.org.ru.xml
+++ b/src/chrome/content/rules/Linux.org.ru.xml
@@ -2,5 +2,13 @@
   <target host="www.linux.org.ru" />
   <target host="linux.org.ru" />
 
-  <rule from="^http://(www\.)?linux\.org\.ru/" to="https://www.linux.org.ru/"/>
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.linux\.org\.ru$" name="^CSRF_TOKEN$" /-->
+
+	<securecookie host="^www\.linux\.org\.ru$" name=".+" />
+
+
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/LinuxFR.xml b/src/chrome/content/rules/LinuxFR.xml
index 9ddffc283c96..eec6218164f7 100644
--- a/src/chrome/content/rules/LinuxFR.xml
+++ b/src/chrome/content/rules/LinuxFR.xml
@@ -1,14 +1,21 @@
 <!--
+	DaLinuxFrenchPage
+
+
 	http://prod & https://prod differ
 
 -->
-<ruleset name="DaLinuxFrenchPage" platform="cacert">
+<ruleset name="LinuxFR.org">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="linuxfr.org" />
-	<target host="*.linuxfr.org" />
+	<target host="alpha.linuxfr.org" />
+	<target host="img.linuxfr.org" />
+	<target host="www.linuxfr.org" />
 
 
-	<rule from="^http://(alpha\.|img\.|www\.)?linuxfr\.org/"
-		to="https://$1linuxfr.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/LinuxFound.info.xml b/src/chrome/content/rules/LinuxFound.info.xml
new file mode 100644
index 000000000000..06caef8842e6
--- /dev/null
+++ b/src/chrome/content/rules/LinuxFound.info.xml
@@ -0,0 +1,16 @@
+<!--
+	For other Linux Foundation coverage, see LinuxFoundation.xml.
+
+-->
+<ruleset name="LinuxFound.info">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="linuxfound.info" />
+	<target host="www.linuxfound.info" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/LinuxFoundation.xml b/src/chrome/content/rules/LinuxFoundation.xml
index 4790892e8f3e..8cb5df7abb4c 100644
--- a/src/chrome/content/rules/LinuxFoundation.xml
+++ b/src/chrome/content/rules/LinuxFoundation.xml
@@ -1,54 +1,76 @@
+
 <!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Fetch error: http://developerbugs.linuxfoundation.org/ => https://developerbugs.linuxfoundation.org/: (28, 'Connection timed out after 20000 milliseconds')
+
+
 	Other Linux Foundation rulesets:
 
+		- Automotive_Linux.org.xml
 		- FOSSBazaar.org.xml
+		- hyperledger.org.xml
+		- iovisor.org.xml
+		- LinuxFound.info.xml
 		- OpenDaylight.xml
+		- Openprinting.xml
 		- Poky.xml
 		- SPDX.org.xml
+		- xen.org.xml
+		- Xen_Project.org.xml
 		- Yocto_Project.org.xml
 
 
-	Fully covered domains:
+	Partially covered hosts in *linuxfoundation.org:
 
-		- linuxfoundation.org subdomains:
+		- events ʰ
 
-			- lsbbugs
-
-
-	Observed cookie domains:
-
-		- lsbbugs.linuxfoundation.org
+	ʰ Some pages redirect to http
 
 -->
-<ruleset name="Linux Foundation (partial)">
-
-	<target host="linuxfoundation.org" />
-	<target host="*.linuxfoundation.org" />
-		<exclusion pattern="^http://(?:www\.)?linuxfoundation\.org/(?!about/join/individual(?:$|\?|/)|misc/|sites/|user(?:$|\?))" />
-		<!--
-			These paths started redirecting to http:
-
-				- $
-				- events$
-				- events/[\w-]+(?!/register)
-								-->
-		<exclusion pattern="^http://events\.linuxfoundation\.org/(?:events(?:/|/[\w-]+)?)?(?!/register)(?:\?.*)?$" />
-	<target host="*.linux-foundation.org" />
-
-
-	<securecookie host="^(?!events\.).*\.linuxfoundation\.org$" name=".+" />
+<ruleset name="Linux Foundation.org (partial)" >
 
+	<!--	Direct rewrites:
+				-->
+	<target host="lists.linux-foundation.org" />
 
-	<rule from="^http://((?:admin|automotive|events|identity|ldn|lsbbugs|training|www)\.)?linuxfoundation\.org/"
-		to="https://$1linuxfoundation.org/" />
-
-	<rule from="^http://go\.linuxfoundation\.org/+(?:\?.*)?$"
-		to="https://www.linuxfoundation.org/" />
-
-	<rule from="^http://go\.linuxfoundation\.org/"
-		to="https://pi.pardot.com/" />
-
-	<rule from="^http://lists\.linux(-)?foundation\.org/"
-		to="https://lists.linux$1foundation.org/" />
+	<target host="linuxfoundation.org" />
+	<target host="www.linuxfoundation.org" />
+	<target host="admin.linuxfoundation.org" />
+	<target host="automotive.linuxfoundation.org" />
+	<target host="collabprojects.linuxfoundation.org" />
+	<!-- target host="developerbugs.linuxfoundation.org" /-->
+	<target host="events.linuxfoundation.org" />
+		<exclusion pattern="^http://events\.linuxfoundation\.org/((events/|\?).*)?$" />
+		<!-- Secured -->
+		<test url="http://events.linuxfoundation.org/sponsor" />
+		<test url="http://events.linuxfoundation.org/sites/events/files/styles/events_listing_192x192/public/ccc_eu_color.png" />
+		<!-- Excluded -->
+		<test url="http://events.linuxfoundation.org/events/embedded-linux-conference-europe/attend/register" />
+		<test url="http://events.linuxfoundation.org/events/linuxcon-europe/program/cfp" />
+		<test url="http://events.linuxfoundation.org/events/mesoscon/attend/register?utm_source=lf" />
+		<test url="http://events.linuxfoundation.org/?utm_source=lf" />
+	<target host="go.linuxfoundation.org" />
+		<exclusion pattern="^http://go\.linuxfoundation\.org/$" />
+	<target host="identity.linuxfoundation.org" />
+	<target host="ldn.linuxfoundation.org" />
+	<target host="lists.linuxfoundation.org" />
+	<target host="lsbbugs.linuxfoundation.org" />
+	<target host="training.linuxfoundation.org" />
+
+	<securecookie host="^(?!collabprojects\.|events\.)." name=".+" />
+
+	<!-- http://help.pardot.com/customer/portal/articles/2126757-using-vanity-urls -->
+	<!-- http://help.pardot.com/customer/portal/articles/2126640-how-to-ssl-enable-http-secure-pardot-urls -->
+	<rule from="^http://go\.linuxfoundation\.org/([el])/"
+		to="https://go.pardot.com/$1/" />
+
+		<test url="http://go.linuxfoundation.org/e/6342/TheLinuxFoundation/ymc8q/578968329" />
+		<test url="http://go.linuxfoundation.org/l/6342/2016-03-23/33c3kc" />
+
+	<rule from="^http://linuxfoundation\.org/" to="https://linuxfoundation.org/" />
+	<rule from="^http://(www|admin|automotive|collabprojects|developerbugs|events|identity|ldn|lists|lsbbugs|training)\.linuxfoundation\.org/"
+		to="https://$1.linuxfoundation.org/" />
+	<rule from="^http://lists\.linux-foundation\.org/" to="https://lists.linux-foundation.org/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/LinuxMIPS.xml b/src/chrome/content/rules/LinuxMIPS.xml
index 10452d7c807a..30f6a2c98d55 100644
--- a/src/chrome/content/rules/LinuxMIPS.xml
+++ b/src/chrome/content/rules/LinuxMIPS.xml
@@ -1,14 +1,37 @@
-<ruleset name="LinuxMIPS" platform="cacert">
+<!--
+	NB: Server sends no certificate chain, see https://whatsmychaincert.com
 
-	<target host="linux-mips.org"/>
-	<target host="www.linux-mips.org"/>
 
+	These altnames don't exist:
 
-	<securecookie host="^www\.linux-mips\.org$" name=".*"/>
+		- linux-mips.org
 
 
-	<!--	!www doesn't work	-->
-	<rule from="^http://(?:www\.)?linux-mips\.org/"
-		to="https://www.linux-mips.org/"/>
+	Insecure cookies are set for these hosts:
+
+		- patchwork.linux-mips.org
+
+-->
+<ruleset name="Linux-MIPS.org (partial)" default_off="cert-chain">
+
+	<target host="bugs.linux-mips.org" />
+	<target host="cvs.linux-mips.org" />
+	<target host="eddie.linux-mips.org" />
+	<target host="ftp.linux-mips.org" />
+	<target host="git.linux-mips.org" />
+	<target host="mail.linux-mips.org" />
+	<target host="marvin.linux-mips.org" />
+	<target host="operation-cambridge.linux-mips.org" />
+	<target host="patchwork.linux-mips.org" />
+	<target host="www.linux-mips.org" />
+
+
+	<!--securecookie host="^patchwork\.linux-mips\.org$" name="^csrftoken$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/LinuxMusicians.com.xml b/src/chrome/content/rules/LinuxMusicians.com.xml
new file mode 100644
index 000000000000..45066b930f9d
--- /dev/null
+++ b/src/chrome/content/rules/LinuxMusicians.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="LinuxMusicians.com">
+
+	<target host="linuxmusicians.com" />
+	<target host="www.linuxmusicians.com" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/LinuxQuestions.xml b/src/chrome/content/rules/LinuxQuestions.xml
index be7ff439db89..3db3f760d0d6 100644
--- a/src/chrome/content/rules/LinuxQuestions.xml
+++ b/src/chrome/content/rules/LinuxQuestions.xml
@@ -4,7 +4,7 @@
 		- lqo-thequestionsnetw.netdna-ssl.com
 
 
-	Problematic subdoamins:
+	Problematic subdomains:
 
 		- account	(works; mismatched, CN: www.linuxquestions.org)
 		- static	(refused)
@@ -18,10 +18,6 @@
 
 	Mixed content:
 
-		- Frame on www from account 
-
-		- Images on www from static
-
 		- Ads/web bugs, on www from:
 
 			- pagead2.googlesyndication.com *
@@ -32,23 +28,24 @@
 
 	* Secured by us
 
-
-	mixedcontent due to frame from account.
-
 -->
-<ruleset name="LinuxQuestions.org (partial)" platform="mixedcontent">
+<ruleset name="LinuxQuestions.org (partial)">
 
 	<target host="linuxquestions.org" />
-	<target host="*.linuxquestions.org" />
+	<target host="www.linuxquestions.org" />
+	<target host="static.linuxquestions.org" />
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.linuxquestions\.org$" name="^(bb2_screener_|bbsessionhash)$" /-->
 
 	<securecookie host="^www\.linuxquestions\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?linuxquestions\.org/"
-		to="https://$1linuxquestions.org/" />
 
 	<rule from="^http://static\.linuxquestions\.org/"
 		to="https://lqo-thequestionsnetw.netdna-ssl.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/LinuxTV.org.xml b/src/chrome/content/rules/LinuxTV.org.xml
index 9226ab87333c..34593b682404 100644
--- a/src/chrome/content/rules/LinuxTV.org.xml
+++ b/src/chrome/content/rules/LinuxTV.org.xml
@@ -1,22 +1,12 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.) *
-		- git *
-
-	* Shows patchwork
-
-
-	- Expired 2007-06-26
-	- Mismatched, CN: www.linuxtv.org
-
--->
-<ruleset name="LinuxTV.org (partial)" default_off="expired, mismatched, self-signed">
+<ruleset name="LinuxTV.org">
 
+	<target host="linuxtv.org" />
+	<target host="git.linuxtv.org" />
 	<target host="patchwork.linuxtv.org" />
+	<target host="www.linuxtv.org" />
 
 
-	<rule from="^http://patchwork\.linuxtv\.org/"
-		to="https://patchwork.linuxtv.org/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/LinuxTag.org.xml b/src/chrome/content/rules/LinuxTag.org.xml
index be4d52003565..2b4b061b029b 100644
--- a/src/chrome/content/rules/LinuxTag.org.xml
+++ b/src/chrome/content/rules/LinuxTag.org.xml
@@ -1,19 +1,26 @@
 <!--
-	Problematic subdomains:
+	Non-functional hosts
+		Timeout was reached:
+		- eticket.linuxtag.org
+		- hacking.linuxtag.org
+		- mailtest.linuxtag.org
 
-		- ^	(cert only matches www)
+		SSL peer certificate was not OK:
+		- openmusic.linuxtag.org
 
 -->
-<ruleset name="LinuxTag.org" platform="cacert">
-
+<ruleset name="LinuxTag.org" default_off="cert-chain">
 	<target host="linuxtag.org" />
 	<target host="www.linuxtag.org" />
-
-
-	<securecookie host="^www\.linuxtag\.org$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?linuxtag\.org/"
-		to="https://www.linuxtag.org/" />
-
-</ruleset>
\ No newline at end of file
+	<target host="intern.linuxtag.org" />
+	<target host="mail.linuxtag.org" />
+	<target host="newsletter.linuxtag.org" />
+	<target host="planet.linuxtag.org" />
+	<target host="ssl.linuxtag.org" />
+	<target host="staging.linuxtag.org" />
+	<target host="svn.linuxtag.org" />
+	<target host="vcc.linuxtag.org" />
+	<target host="wiki.linuxtag.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Linux_Academy.com.xml b/src/chrome/content/rules/Linux_Academy.com.xml
new file mode 100644
index 000000000000..d7049080dce5
--- /dev/null
+++ b/src/chrome/content/rules/Linux_Academy.com.xml
@@ -0,0 +1,14 @@
+<ruleset name="Linux Academy.com">
+
+	<target host="linuxacademy.com" />
+	<target host="assets.linuxacademy.com" />
+	<target host="www.linuxacademy.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Linux_Cloud_VPS.com.xml b/src/chrome/content/rules/Linux_Cloud_VPS.com.xml
new file mode 100644
index 000000000000..be70275dfeba
--- /dev/null
+++ b/src/chrome/content/rules/Linux_Cloud_VPS.com.xml
@@ -0,0 +1,16 @@
+<!--
+	For other Rose Web Services coverage, see RoseHosting.com.xml.
+
+-->
+<ruleset name="Linux Cloud VPS.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="linuxcloudvps.com" />
+	<target host="www.linuxcloudvps.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Linux_Containers.org.xml b/src/chrome/content/rules/Linux_Containers.org.xml
new file mode 100644
index 000000000000..d3deb91828a2
--- /dev/null
+++ b/src/chrome/content/rules/Linux_Containers.org.xml
@@ -0,0 +1,10 @@
+<ruleset name="Linux Containers.org">
+	<target host="linuxcontainers.org" />
+	<target host="cgmanager.linuxcontainers.org" />
+	<target host="images.linuxcontainers.org" />
+	<target host="jenkins.linuxcontainers.org" />
+	<target host="lists.linuxcontainers.org" />
+	<target host="www.linuxcontainers.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Linux_Forums.xml b/src/chrome/content/rules/Linux_Forums.xml
deleted file mode 100644
index f10b4b0a547c..000000000000
--- a/src/chrome/content/rules/Linux_Forums.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- dir *
-		- hosts *
-
-	* Shows www, mismatched
-
--->
-<ruleset name="Linux Forums (partial)">
-
-	<target host="linuxforums.org" />
-	<target host="*.linuxforums.org" />
-
-
-	<securecookie host="^(?:w*\.)?linuxforums\.org$" name=".+" />
-
-
-	<rule from="^http://(www\.)?linuxforums\.org/"
-		to="https://$1linuxforums.org/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Linux_Game_Publishing.xml b/src/chrome/content/rules/Linux_Game_Publishing.xml
index 9d75cc48234c..d22dee17fd40 100644
--- a/src/chrome/content/rules/Linux_Game_Publishing.xml
+++ b/src/chrome/content/rules/Linux_Game_Publishing.xml
@@ -1,4 +1,12 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://linuxgamepublishing.com/ => https://linuxgamepublishing.com/: (60, 'SSL certificate problem: self signed certificate')
+Fetch error: http://www.linuxgamepublishing.com/ => https://www.linuxgamepublishing.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.linuxgamepublishing.com'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://linuxgamepublishing.com/ => https://linuxgamepublishing.com/: (7, 'Failed to connect to linuxgamepublishing.com port 443: Connection timed out')
+Fetch error: http://www.linuxgamepublishing.com/ => https://www.linuxgamepublishing.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.linuxgamepublishing.com'")
 	Nonfunctional subdomains:
 
 		- blog *
@@ -9,13 +17,12 @@
 	* Shows www
 
 -->
-<ruleset name="Linux Game Publishing (partial)">
+<ruleset name="Linux Game Publishing (partial)" default_off="failed ruleset test">
 
 	<target host="linuxgamepublishing.com" />
 	<target host="www.linuxgamepublishing.com" />
 
 
-	<rule from="^http://(www\.)?linuxgamepublishing\.com/"
-		to="https://$1linuxgamepublishing.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Linux_Luddites.com.xml b/src/chrome/content/rules/Linux_Luddites.com.xml
new file mode 100644
index 000000000000..d8ba278c5e52
--- /dev/null
+++ b/src/chrome/content/rules/Linux_Luddites.com.xml
@@ -0,0 +1,25 @@
+<!--
+	www.linuxluddites.com: Mismatched
+
+-->
+<ruleset name="Linux Luddites.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="linuxluddites.com" />
+
+	<!--	Complications:
+				-->
+	<target host="www.linuxluddites.com" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://www\.linuxluddites\.com/"
+		to="https://linuxluddites.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Linux_control_panel.co.uk.xml b/src/chrome/content/rules/Linux_control_panel.co.uk.xml
new file mode 100644
index 000000000000..a72fe9ae8cc1
--- /dev/null
+++ b/src/chrome/content/rules/Linux_control_panel.co.uk.xml
@@ -0,0 +1,21 @@
+<!--
+	For other Storm Internet coverage, see Storm-Internet.xml.
+
+
+	Website administration pages.
+
+	(www.)?linuxcontrolpanel.co.uk doesn't exist.
+
+-->
+<ruleset name="Linux control panel.co.uk">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="linsrv101.linuxcontrolpanel.co.uk" />
+	<target host="linsrv104.linuxcontrolpanel.co.uk" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Linuxaria.com.xml b/src/chrome/content/rules/Linuxaria.com.xml
new file mode 100644
index 000000000000..a6d6de459678
--- /dev/null
+++ b/src/chrome/content/rules/Linuxaria.com.xml
@@ -0,0 +1,18 @@
+<!--
+	Invalid certificate:
+		mail.linuxaria.com
+
+-->
+<ruleset name="Linuxaria.com">
+
+	<target host="linuxaria.com" />
+	<target host="www.linuxaria.com" />
+	<target host="cdn.linuxaria.com" />
+		<test url="http://cdn.linuxaria.com/wp-content/themes/suffusion/scripts/html5.js" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Linuxaudio.org.xml b/src/chrome/content/rules/Linuxaudio.org.xml
index cf3075d03943..2bf4d1d409a5 100644
--- a/src/chrome/content/rules/Linuxaudio.org.xml
+++ b/src/chrome/content/rules/Linuxaudio.org.xml
@@ -6,9 +6,9 @@
 
 	<target host="linuxaudio.org"/>
 	<!--	* for cross-domain cookie	-->
-	<target host="*.linuxaudio.org"/>
+	<target host="www.linuxaudio.org" />
 
-	<securecookie host="^\.linuxaudio\.org$" name=".*"/>
+	<securecookie host="^\.linuxaudio\.org$" name=".+" />
 
 	<rule from="^http://(?:www\.)?linuxaudio\.org/"
 		to="https://linuxaudio.org/"/>
diff --git a/src/chrome/content/rules/Linuxbenchmarking.com.xml b/src/chrome/content/rules/Linuxbenchmarking.com.xml
new file mode 100644
index 000000000000..2e284f2b7d77
--- /dev/null
+++ b/src/chrome/content/rules/Linuxbenchmarking.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="Linuxbenchmarking.com">
+	<target host="linuxbenchmarking.com" />
+	<target host="www.linuxbenchmarking.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Linuxjournal.com.xml b/src/chrome/content/rules/Linuxjournal.com.xml
new file mode 100644
index 000000000000..d0ad12840006
--- /dev/null
+++ b/src/chrome/content/rules/Linuxjournal.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Linuxjournal.com">
+  <target host="linuxjournal.com" />
+  <target host="www.linuxjournal.com" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Linuxlovers.at-mixedcontent.xml b/src/chrome/content/rules/Linuxlovers.at-mixedcontent.xml
new file mode 100644
index 000000000000..be4839a1bc54
--- /dev/null
+++ b/src/chrome/content/rules/Linuxlovers.at-mixedcontent.xml
@@ -0,0 +1,17 @@
+<!--
+	For rules not causing MCB, see Linuxlovers.at.xml.
+
+-->
+<ruleset name="Linuxlovers.at (MCB)" platform="mixedcontent">
+
+	<target host="linuxlovers.at" />
+	<target host="www.linuxlovers.at" />
+	<target host="tools.linuxlovers.at" />
+
+	<rule from="^http://www\.linuxlovers\.at/"
+		to="https://linuxlovers.at/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Linuxlovers.at.xml b/src/chrome/content/rules/Linuxlovers.at.xml
new file mode 100644
index 000000000000..f59a976476d4
--- /dev/null
+++ b/src/chrome/content/rules/Linuxlovers.at.xml
@@ -0,0 +1,37 @@
+<!--
+	Mixed content (secured in Linuxlovers.at-mixedcontent.xml):
+		linuxlovers.at
+		tools.linuxlovers.at
+
+	Invalid certificate:
+		www.linuxlovers.at
+		jabber.linuxlovers.at (broken chain)
+		www.js.linuxlovers.at
+		mb.linuxlovers.at
+		muclog.linuxlovers.at
+		www.tools.linuxlovers.at
+
+	Different content http/https:
+		ahrjnmojn0ra.linuxlovers.at
+
+	Login required:
+		jw-chat.linuxlovers.at
+		mattermost.linuxlovers.at
+		ttrss.linuxlovers.at
+
+	This website has a wildcard DNS.
+
+-->
+<ruleset name="Linuxlovers.at (partial)">
+
+	<target host="chat.linuxlovers.at" />
+	<target host="git.linuxlovers.at" />
+	<target host="js.linuxlovers.at" />
+	<target host="wiki.linuxlovers.at" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Linuxmonk.ch.xml b/src/chrome/content/rules/Linuxmonk.ch.xml
new file mode 100644
index 000000000000..0345467829e1
--- /dev/null
+++ b/src/chrome/content/rules/Linuxmonk.ch.xml
@@ -0,0 +1,10 @@
+<ruleset name="linuxmonk.ch">
+
+	<target host="linuxmonk.ch" />
+	<target host="www.linuxmonk.ch" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Linuxpl.com.xml b/src/chrome/content/rules/Linuxpl.com.xml
new file mode 100644
index 000000000000..1f0218ee183a
--- /dev/null
+++ b/src/chrome/content/rules/Linuxpl.com.xml
@@ -0,0 +1,47 @@
+<!--
+	Nonfunctional subdomains:
+
+		- forum *
+
+	* Prints status, valid cert
+
+
+	Problematic subdomains:
+
+		- blog *
+
+	* Configured for rc4 only
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- (www.) from ^ *
+			- blog from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Linuxpl.com (partial)">
+
+	<target host="linuxpl.com" />
+	<target host="blog.linuxpl.com" />
+	<target host="support.linuxpl.com" />
+	<target host="webftp.linuxpl.com" />
+	<target host="www.linuxpl.com" />
+		<!--exclusion pattern="^http://forum\.linuxpl\.com/" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?linuxpl\.com$" name="^linuxpl_urad$" /-->
+	<!--securecookie host="^support\.linuxpl\.com$" name="^(SWIFT_client|SWIFT_sessionid\d+)$" /-->
+	<!--securecookie host="^webftp\.linuxpl\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^(?:(?:support|webftp|www)\.)?linuxpl\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Linuxserver.io.xml b/src/chrome/content/rules/Linuxserver.io.xml
new file mode 100644
index 000000000000..501956e8808f
--- /dev/null
+++ b/src/chrome/content/rules/Linuxserver.io.xml
@@ -0,0 +1,31 @@
+<!--
+	NB: Tor users cannot view* this website due to CloudFlare settings.
+
+        See:
+
+                - https://blog.torproject.org/blog/call-arms-helping-internet-services-accept-anonymous-users
+                - https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block-Tor-
+                - https://support.cloudflare.com/hc/en-us/articles/200170206-How-do-I-turn-I-m-Under-Attack-mode-on-
+
+        * without enabling javascript, for security and privacy implications see e.g.:
+
+                - https://www.mozilla.org/security/known-vulnerabilities/firefox.html
+                - https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-fingerprinting
+                - https://panopticlick.eff.org
+
+-->
+<ruleset name="Linuxserver.io">
+
+	<target host="linuxserver.io" />
+	<target host="forum.linuxserver.io" />
+	<target host="www.linuxserver.io" />
+
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Linuxslut.net.xml b/src/chrome/content/rules/Linuxslut.net.xml
new file mode 100644
index 000000000000..77665010ce01
--- /dev/null
+++ b/src/chrome/content/rules/Linuxslut.net.xml
@@ -0,0 +1,22 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://linuxslut.net/ => https://linuxslut.net/: (7, 'Failed to connect to linuxslut.net port 443: Connection refused')
+Fetch error: http://www.linuxslut.net/ => https://www.linuxslut.net/: (7, 'Failed to connect to www.linuxslut.net port 443: Connection refused')
+
+-->
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.linuxslut.net/ => https://www.linuxslut.net/: (51, "SSL: no alternative certificate subject name matches target host name 'www.linuxslut.net'")
+
+-->
+<ruleset name="linuxslut.net" default_off="failed ruleset test">
+
+	<target host="linuxslut.net" />
+	<target host="www.linuxslut.net" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Linuxwall.info.xml b/src/chrome/content/rules/Linuxwall.info.xml
new file mode 100644
index 000000000000..9db9cc3c108d
--- /dev/null
+++ b/src/chrome/content/rules/Linuxwall.info.xml
@@ -0,0 +1,26 @@
+<!--
+	wiki: 503
+
+
+	www: mismatched
+
+-->
+<ruleset name="linuxwall.info (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="linuxwall.info" />
+	<target host="jve.linuxwall.info" />
+
+	<!--	Complications:
+				-->
+	<target host="www.linuxwall.info" />
+
+
+	<rule from="^http://www\.linuxwall\.info/"
+		to="https://linuxwall.info/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Linx.net.xml b/src/chrome/content/rules/Linx.net.xml
deleted file mode 100644
index 0ee5b7dba261..000000000000
--- a/src/chrome/content/rules/Linx.net.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!-- This rule was automatically generated based on an HSTS
-     preload rule in the Chromium browser.  See 
-     https://src.chromium.org/viewvc/chrome/trunk/src/net/base/transport_security_state.cc
-     for the list of preloads.  Sites are added to the Chromium HSTS
-     preload list on request from their administrators, so HTTPS should
-     work properly everywhere on this site.
- 
-     Because Chromium and derived browsers automatically force HTTPS for
-     every access to this site, this rule applies only to Firefox. -->
-<ruleset name="Linx.net" platform="firefox">
-  <target host="linx.net" />
-  <target host="www.linx.net" />
-
-  <securecookie host="^linx\.net$" name=".+" />
-  <securecookie host="^www\.linx\.net$" name=".+" />
-
-  <rule from="^http://(www\.)?linx\.net/" to="https://www.linx.net/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Lionbrand.com.xml b/src/chrome/content/rules/Lionbrand.com.xml
new file mode 100644
index 000000000000..8c5eea7f4b54
--- /dev/null
+++ b/src/chrome/content/rules/Lionbrand.com.xml
@@ -0,0 +1,11 @@
+<!--
+	Refused:
+		Seems like most functioning subdomains do not have https
+		*.lionbrand.com
+-->
+<ruleset name="Lionbrand.com">
+	<target host="lionbrand.com" />
+	<target host="www.lionbrand.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Lippincott_Williams_and_Wilkins.xml b/src/chrome/content/rules/Lippincott_Williams_and_Wilkins.xml
deleted file mode 100644
index e11f41320b14..000000000000
--- a/src/chrome/content/rules/Lippincott_Williams_and_Wilkins.xml
+++ /dev/null
@@ -1,29 +0,0 @@
-<!--
-	For problematic rules, see Lippincott_Williams_and_Wilkins-problematic.xml.
-
-
-	Nonfunctional domains:
-
-		- thepoint	(times out)
-
--->
-<ruleset name="Lippincott Williams &amp; Wilkins (partial)">
-
-	<target host="lww.com" />
-	<target host="*.lww.com" />
-
-
-	<securecookie host="^www\.lww\.com$" name=".+" />
-
-
-	<!--	Cert only matches www.
-					-->
-	<rule from="^https?://(?:www\.)?lww\.com/"
-		to="https://www.lww.com/" />
-
-	<!--	At least some pages 302 to http.
-							-->
-	<rule from="^http://journals\.lww\.com/(_layouts/|WebResource\.axd)"
-		to="https://journals.lww.com/$1" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Lippincott_Williams_and_Wilkins_problematic.xml b/src/chrome/content/rules/Lippincott_Williams_and_Wilkins_problematic.xml
index 8ee414ae8001..5797f9d994d1 100644
--- a/src/chrome/content/rules/Lippincott_Williams_and_Wilkins_problematic.xml
+++ b/src/chrome/content/rules/Lippincott_Williams_and_Wilkins_problematic.xml
@@ -2,7 +2,7 @@
 	For rules that are on by default, see Lippincott_Williams_and_Wilkins.xml.
 
 -->
-<ruleset name="Lippincott Williams &amp; Wilkins (problematic)" default_off="mismatch">
+<ruleset name="Lippincott Williams &amp; Wilkins (problematic)" default_off="mismatched">
 
 	<target host="images.journals.lww.com" />
 
@@ -13,7 +13,6 @@
 	<!--	- Cert only matches ^journals
 		- Paths 404 when rewritten there
 							-->
-	<rule from="^http://images\.journals\.lww\.com/"
-		to="https://images.journals.lww.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Lippupiste_Oy.xml b/src/chrome/content/rules/Lippupiste_Oy.xml
index ae5d128406fc..bf03b3cd8518 100644
--- a/src/chrome/content/rules/Lippupiste_Oy.xml
+++ b/src/chrome/content/rules/Lippupiste_Oy.xml
@@ -1,5 +1,11 @@
+
 <!--
-	For other Eventim coverage, see Eventim.xml.
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://lippu.fi/ (200) => https://www.lippu.fi/ (403)
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://lippu.fi/ => https://www.lippu.fi/: Redirect for 'http://lippu.fi/' missing Location
+	For other Eventim coverage, see Eventim.com.xml.
 
 
 	Problematic domains:
@@ -8,21 +14,21 @@
 		- lippu.fi
 
 -->
-<ruleset name="Lippupiste Oy">
+<ruleset name="Lippupiste Oy" default_off="failed ruleset test">
 
 	<target host="eventim.fi" />
 	<target host="www.eventim.fi" />
 	<target host="lippu.fi" />
-	<target host="*.lippu.fi" />
+	<target host="www.lippu.fi" />
+	<target host="secure.lippu.fi" />
 
 
 	<securecookie host="^.*\.lippu\.fi$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?(?:eventim|lippu)\.fi/"
+	<rule from="^http://(?:www\.)?(?:eventim|lippu)\.fi/"
 		to="https://www.lippu.fi/" />
 
-	<rule from="^http://secure\.lippu\.fi/"
-		to="https://secure.lippu.fi/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Lipreading.org.xml b/src/chrome/content/rules/Lipreading.org.xml
new file mode 100644
index 000000000000..aeedc6da3786
--- /dev/null
+++ b/src/chrome/content/rules/Lipreading.org.xml
@@ -0,0 +1,9 @@
+<ruleset name="Lipreading.org">
+
+	<target host="lipreading.org" />
+	<target host="www.lipreading.org" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Liquid-Web.xml b/src/chrome/content/rules/Liquid-Web.xml
index 389fa60d4a74..17b3a3a79b6b 100644
--- a/src/chrome/content/rules/Liquid-Web.xml
+++ b/src/chrome/content/rules/Liquid-Web.xml
@@ -1,16 +1,17 @@
 <ruleset name="Liquid Web">
 
 	<target host="liquidweb.com"/>
-	<target host="*.liquidweb.com"/>
-	<target host="media.cdn.liquidweb.com"/>
+	<target host="moya.liquidweb.com" />
+	<target host="www.liquidweb.com" />
+	<target host="media.liquidweb.com" />
+	<target host="media.cdn.liquidweb.com" />
 
-	<securecookie host="^(.*\.)?liquidweb\.com$" name=".*"/>
+	<securecookie host=".+" name=".+"/>
 
-	<rule from="^http://(moya\.|www\.)?liquidweb\.com/"
-		to="https://$1liquidweb.com/"/>
 
 	<!--	media.cdn: timeout	-->
 	<rule from="^http://media(?:\.cdn)?\.liquidweb\.com/"
 		to="https://media.liquidweb.com/"/>
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Liquid_Light.co.uk.xml b/src/chrome/content/rules/Liquid_Light.co.uk.xml
new file mode 100644
index 000000000000..440276d94780
--- /dev/null
+++ b/src/chrome/content/rules/Liquid_Light.co.uk.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- www.liquidlight.co.uk
+
+-->
+<ruleset name="Liquid Light.co.uk">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="liquidlight.co.uk" />
+	<target host="www.liquidlight.co.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.liquidlight\.co\.uk$" name="^fe_typo_user$" /-->
+
+	<securecookie host="^www\.liquidlight\.co\.uk$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Liquorland.com.au.xml b/src/chrome/content/rules/Liquorland.com.au.xml
new file mode 100644
index 000000000000..b5d4f731cef8
--- /dev/null
+++ b/src/chrome/content/rules/Liquorland.com.au.xml
@@ -0,0 +1,23 @@
+<!--
+	For other Coles coverage, see Coles.com.au.xml
+
+
+	Non-functional subdomains:
+		- beta		(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Liquorland">
+
+	<target host="liquorland.com.au" />
+	<target host="www.liquorland.com.au" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/List-manage.com.xml b/src/chrome/content/rules/List-manage.com.xml
new file mode 100644
index 000000000000..95ea01f84044
--- /dev/null
+++ b/src/chrome/content/rules/List-manage.com.xml
@@ -0,0 +1,24 @@
+<!--
+	For other MailChimp coverage, see MailChimp.xml.
+
+-->
+<ruleset name="list-manage.com">
+
+	<target host="*.list-manage.com" />
+
+		<test url="http://bitcoin.us3.list-manage.com/subscribe" />
+		<test url="http://blogspot.us6.list-manage.com/subscribe?u=" />
+		<test url="http://statnews.us11.list-manage.com/subscribe?u=" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^statnews\.us11\.list-manage\.com$" name="^_AVESTA_ENVIRONMENT$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://([\w-]+)\.us(\d+)\.list-manage\.com/"
+		to="https://$1.us$2.list-manage.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/List-manage2.com.xml b/src/chrome/content/rules/List-manage2.com.xml
new file mode 100644
index 000000000000..027e8b24da80
--- /dev/null
+++ b/src/chrome/content/rules/List-manage2.com.xml
@@ -0,0 +1,27 @@
+<!--
+	For other MailChimp coverage, see MailChimp.xml.
+
+	*.us\d+.list-manage2.com: Akamai
+
+-->
+<ruleset name="list-manage2.com">
+
+	<target host="*.list-manage2.com" />
+
+		<test url="http://bitcoin.us3.list-manage2.com/subscribe" />
+		<test url="http://blogspot.us6.list-manage2.com/subscribe?u=" />
+		<test url="http://kent.us5.list-manage2.com/subscribe?u=&amp;id=" />
+		<test url="http://statnews.us11.list-manage2.com/subscribe?u=" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(account)\.us11\.list-manage\.com$" name="^_AVESTA_ENVIRONMENT$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://([\w-]+)\.us(\d+)\.list-manage2\.com/"
+		to="https://$1.us$2.list-manage.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/List.org.xml b/src/chrome/content/rules/List.org.xml
new file mode 100644
index 000000000000..a3d32ff71bed
--- /dev/null
+++ b/src/chrome/content/rules/List.org.xml
@@ -0,0 +1,9 @@
+<!--  GNU Mailman
+-->
+<ruleset name="List.org">
+	<target host="list.org" />
+	<target host="www.list.org" />
+	<target host="wiki.list.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/List.ru.xml b/src/chrome/content/rules/List.ru.xml
new file mode 100644
index 000000000000..121426c31b66
--- /dev/null
+++ b/src/chrome/content/rules/List.ru.xml
@@ -0,0 +1,25 @@
+<!--
+	For other Mail.ru coverage, see Mail.ru.xml.
+
+
+	Problematic domains:
+
+		- top.list.ru *
+		- (\w\w\.){4}top.list.ru *
+
+	* Mismatched, CN: *.mail.ru
+
+-->
+<ruleset name="List.ru">
+
+	<target host="top.list.ru" />
+	<target host="*.top.list.ru" />
+
+		<test url="http://top.list.ru/counter?id=" />
+		<test url="http://a1.a1.a1.a1.top.list.ru/counter?id=" />
+
+
+	<rule from="^http://(?:\w\w\.){0,4}top\.list\.ru/"
+		to="https://top-fwz1.mail.ru/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Listbox.xml b/src/chrome/content/rules/Listbox.xml
index a6169b04509a..debad2f32d60 100644
--- a/src/chrome/content/rules/Listbox.xml
+++ b/src/chrome/content/rules/Listbox.xml
@@ -1,13 +1,12 @@
 <ruleset name="Listbox">
 
 	<target host="listbox.com" />
-	<target host="*.listbox.com" />
+	<target host="www.listbox.com" />
 
 
-	<securecookie host="^\.listbox\.com$" name=".*" />
+	<securecookie host="^\.listbox\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?listbox\.com/"
-		to="https://$1listbox.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/ListenOnRepeat.com.xml b/src/chrome/content/rules/ListenOnRepeat.com.xml
new file mode 100644
index 000000000000..25cc257f999b
--- /dev/null
+++ b/src/chrome/content/rules/ListenOnRepeat.com.xml
@@ -0,0 +1,18 @@
+<!--
+	Invalid Certificate:
+		m.listenonrepeat.com
+
+		m.youtuberepeat.com
+-->
+<ruleset name="ListenOnRepeat.com">
+	<target host="listenonrepeat.com" />
+	<target host="www.listenonrepeat.com" />
+	<target host="static.listenonrepeat.com" />
+
+	<target host="youtuberepeat.com" />
+	<target host="www.youtuberepeat.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Listener.co.nz.xml b/src/chrome/content/rules/Listener.co.nz.xml
index 7f5904fc9a9d..ca209cdb4d37 100644
--- a/src/chrome/content/rules/Listener.co.nz.xml
+++ b/src/chrome/content/rules/Listener.co.nz.xml
@@ -1,4 +1,12 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://listener.co.nz/ => https://www.listener.co.nz/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.listener.co.nz/ => https://www.listener.co.nz/: (28, 'Connection timed out after 20003 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://listener.co.nz/ => https://www.listener.co.nz/: Cycle detected - URL already encountered: https://www.listener.co.nz/
+Fetch error: http://www.listener.co.nz/ => https://www.listener.co.nz/: Cycle detected - URL already encountered: https://www.listener.co.nz/
 	New Zealand Listener
 
 
@@ -7,7 +15,7 @@
 		- ^	(refused)
 
 -->
-<ruleset name="Listener.co.nz">
+<ruleset name="Listener.co.nz" default_off="failed ruleset test">
 
 	<target host="listener.co.nz" />
 	<target host="www.listener.co.nz" />
@@ -19,4 +27,4 @@
 	<rule from="^http://(?:www\.)?listener\.co\.nz/"
 		to="https://www.listener.co.nz/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Listener_Approved.xml b/src/chrome/content/rules/Listener_Approved.xml
index a25d505c68e7..6452a5abcb2c 100644
--- a/src/chrome/content/rules/Listener_Approved.xml
+++ b/src/chrome/content/rules/Listener_Approved.xml
@@ -1,13 +1,27 @@
-<ruleset name="Listener Approved">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://listenerapproved.com/ => https://listenerapproved.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://api.listenerapproved.com/ => https://api.listenerapproved.com/: (28, 'Connection timed out after 20005 milliseconds')
+Fetch error: http://www.listenerapproved.com/ => https://www.listenerapproved.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+
+-->
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://listenerapproved.com/ (200) => https://listenerapproved.com/ (500)
+
+-->
+<ruleset name="Listener Approved" default_off="failed ruleset test">
 
 	<target host="listenerapproved.com" />
-	<target host="*.listenerapproved.com" />
+	<target host="api.listenerapproved.com" />
+	<target host="www.listenerapproved.com" />
 
 
 	<securecookie host="^\.listenerapproved.com$" name=".+" />
 
 
-	<rule from="^http://(api\.|www\.)?listenerapproved\.com/"
-		to="https://$1listenerapproved.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Listings360.xml b/src/chrome/content/rules/Listings360.xml
new file mode 100644
index 000000000000..0e42232f5d94
--- /dev/null
+++ b/src/chrome/content/rules/Listings360.xml
@@ -0,0 +1,117 @@
+<!--
+	This host is referenced on listings360.africa, but does not work:
+		- listings360.com.sd
+		- www.listings360.com.sd
+-->
+<ruleset name="Listings360">
+	<target host="listings360.africa" />
+	<target host="www.listings360.africa" />
+	<target host="ao.listings360.africa" />
+	<target host="bw.listings360.africa" />
+	<target host="cd.listings360.africa" />
+	<target host="cg.listings360.africa" />
+	<target host="cv.listings360.africa" />
+	<target host="dz.listings360.africa" />
+	<target host="eg.listings360.africa" />
+	<target host="er.listings360.africa" />
+	<target host="et.listings360.africa" />
+	<target host="gh.listings360.africa" />
+	<target host="gm.listings360.africa" />
+	<target host="gn.listings360.africa" />
+	<target host="gw.listings360.africa" />
+	<target host="km.listings360.africa" />
+	<target host="lr.listings360.africa" />
+	<target host="ls.listings360.africa" />
+	<target host="ly.listings360.africa" />
+	<target host="mr.listings360.africa" />
+	<target host="mw.listings360.africa" />
+	<target host="na.listings360.africa" />
+	<target host="ne.listings360.africa" />
+	<target host="rw.listings360.africa" />
+	<target host="sc.listings360.africa" />
+	<target host="sh.listings360.africa" />
+	<target host="sl.listings360.africa" />
+	<target host="so.listings360.africa" />
+	<target host="ss.listings360.africa" />
+	<target host="sz.listings360.africa" />
+	<target host="td.listings360.africa" />
+	<target host="zm.listings360.africa" />
+	<target host="zw.listings360.africa" />
+
+	<target host="listings360.bf" />
+	<target host="www.listings360.bf" />
+
+	<target host="listings360.bj" />
+	<target host="www.listings360.bj" />
+
+	<target host="listings360.cf" />
+	<target host="www.listings360.cf" />
+
+	<target host="listings360.ci" />
+	<target host="www.listings360.ci" />
+
+	<target host="listings360.cm" />
+	<target host="www.listings360.cm" />
+
+	<target host="listings360.co.bi" />
+	<target host="www.listings360.co.bi" />
+
+	<target host="listings360.co.ke" />
+	<target host="www.listings360.co.ke" />
+
+	<target host="listings360.co.mz" />
+	<target host="www.listings360.co.mz" />
+
+	<target host="listings360.co.tz" />
+	<target host="www.listings360.co.tz" />
+
+	<target host="listings360.co.za" />
+	<target host="www.listings360.co.za" />
+
+	<target host="listings360.com.ng" />
+	<target host="www.listings360.com.ng" />
+
+	<target host="listings360.dj" />
+	<target host="www.listings360.dj" />
+
+	<target host="listings360.ga" />
+	<target host="www.listings360.ga" />
+
+	<target host="listings360.gq" />
+	<target host="www.listings360.gq" />
+
+	<target host="listings360.ma" />
+	<target host="www.listings360.ma" />
+
+	<target host="listings360.mg" />
+	<target host="www.listings360.mg" />
+
+	<target host="listings360.ml" />
+	<target host="www.listings360.ml" />
+
+	<target host="listings360.mu" />
+	<target host="www.listings360.mu" />
+
+	<target host="listings360.re" />
+	<target host="www.listings360.re" />
+
+	<target host="listings360.sn" />
+	<target host="www.listings360.sn" />
+
+	<target host="listings360.st" />
+	<target host="www.listings360.st" />
+
+	<target host="listings360.tg" />
+	<target host="www.listings360.tg" />
+
+	<target host="listings360.tn" />
+	<target host="www.listings360.tn" />
+
+	<target host="listings360.ug" />
+	<target host="www.listings360.ug" />
+
+	<target host="listings360.yt" />
+	<target host="www.listings360.yt" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Listonic.xml b/src/chrome/content/rules/Listonic.xml
index 6f0cb8116428..df555615b08a 100644
--- a/src/chrome/content/rules/Listonic.xml
+++ b/src/chrome/content/rules/Listonic.xml
@@ -18,13 +18,14 @@
 <ruleset name="Listonic (partial)">
 
 	<target host="listonic.com" />
-	<target host="*.listonic.com" />
+	<target host="www.listonic.com" />
+	<target host="static.listonic.com" />
 
 
 	<rule from="^http://(www\.)?listonic\.com/(en-us/WebResource\.axd|(?:en-us/)?login(?:$|\?))"
 		to="https://www.listonic.com/$1" />
 
-	<rule from="^https?://static\.listonic\.com/contentv2/"
+	<rule from="^http://static\.listonic\.com/contentv2/"
 		to="https://www.listonic.com/Static/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ListrakBI.com.xml b/src/chrome/content/rules/ListrakBI.com.xml
index b3426a255810..c17b881b6e73 100644
--- a/src/chrome/content/rules/ListrakBI.com.xml
+++ b/src/chrome/content/rules/ListrakBI.com.xml
@@ -19,10 +19,10 @@
 	<target host="*.listrakbi.com" />
 
 
-	<securecookie host=".*\.listrakbi\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http://((?:a[lt]|s|sca)\d*|www)\.listrakbi\.com/"
 		to="https://$1.listrakbi.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/LitRes.ru.xml b/src/chrome/content/rules/LitRes.ru.xml
new file mode 100644
index 000000000000..a482c79a37a8
--- /dev/null
+++ b/src/chrome/content/rules/LitRes.ru.xml
@@ -0,0 +1,19 @@
+<!-- LitRes.ru has both a wildcard certificate and a wildcard DNS record. -->
+<ruleset name="LitRes.ru">
+	<target host="litres.ru" />
+	<target host="*.litres.ru" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+	<test url="http://www.litres.ru/" />
+	<test url="http://cv0.litres.ru/" />
+	<test url="http://cv1.litres.ru/" />
+	<test url="http://cv2.litres.ru/" />
+	<test url="http://cv3.litres.ru/" />
+
+	<test url="http://wjpano1sy2iirsflgqkb.litres.ru/" />
+	<test url="http://rotigswy6pfsr6ny9mfn.litres.ru/" />
+	<test url="http://tszujktt0nvoixrv1dok.litres.ru/" />
+</ruleset>
diff --git a/src/chrome/content/rules/LiteHosting.org.xml b/src/chrome/content/rules/LiteHosting.org.xml
deleted file mode 100644
index 57512722aabf..000000000000
--- a/src/chrome/content/rules/LiteHosting.org.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	Some pages redirect to http.
-
--->
-<ruleset name="LiteHosting.org (partial)">
-
-	<target host="litehosting.org" />
-	<target host="www.litehosting.org" />
-
-
-	<rule from="^http://(www\.)?litehosting\.org/(API/|(?:cart|clientarea|serverstatus)\.php|images/|sitemap\.xml|templates/)"
-		to="https://$1litehosting.org/$2" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/LiteSpeed-Technologies-mismatches.xml b/src/chrome/content/rules/LiteSpeed-Technologies-mismatches.xml
index fc485b394675..c757b362d481 100644
--- a/src/chrome/content/rules/LiteSpeed-Technologies-mismatches.xml
+++ b/src/chrome/content/rules/LiteSpeed-Technologies-mismatches.xml
@@ -1,12 +1,13 @@
-<ruleset name="LiteSpeed Technologies (mismatches)" default_off="mismatch">
+<ruleset name="LiteSpeed Technologies (mismatches)" default_off="mismatched">
 
-	<target host="litespeedtech.com"/>
-	<target host="*.litespeedtech.com"/>
-		<exclusion pattern="^http://(www\.)?litespeedtech\.com/static/"/>
+	<target host="litespeedtech.com" />
+	<target host="www.litespeedtech.com" />
+
+
+	<securecookie host=".+" name=".+" />
 
-	<securecookie host="^(.*\.)?litespeedtech\.com$" name=".*"/>
 
 	<rule from="^http://(?:www\.)?litespeedtech\.com/"
-		to="https://www.litespeedtech.com/"/>
+		to="https://www.litespeedtech.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/LiteSpeed-Technologies.xml b/src/chrome/content/rules/LiteSpeed-Technologies.xml
index 501f5d454d86..c5fc54f71de6 100644
--- a/src/chrome/content/rules/LiteSpeed-Technologies.xml
+++ b/src/chrome/content/rules/LiteSpeed-Technologies.xml
@@ -1,19 +1,16 @@
 <ruleset name="LiteSpeed Technologies (partial)">
 
-	<target host="litespeedtech.com"/>
-	<target host="store.litespeedtech.com"/>
-	<target host="blog.litespeedtech.com"/>
-	<target host="www.litespeedtech.com"/>
+	<target host="store.litespeedtech.com" />
+	<target host="blog.litespeedtech.com" />
 
-	<securecookie host="^store\.litespeedtech\.com$" name=".*"/>
 
-	<rule from="^http://(?:www\.)?litespeedtech\.com/static/"
-		to="https://store.litespeedtech.com/static/"/>
+	<securecookie host="^store\.litespeedtech\.com$" name=".+" />
+
 
 	<rule from="^http://blog\.litespeedtech\.com/wp-content/themes/litespeed/litespeed/"
-		to="https://store.litespeedtech.com/store/templates/litespeedv4/images/"/>
+		to="https://store.litespeedtech.com/store/templates/litespeedv4/images/" />
 
 	<rule from="^http://store\.litespeedtech\.com/"
-		to="https://store.litespeedtech.com/"/>
+		to="https://store.litespeedtech.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/LiteTree.com.xml b/src/chrome/content/rules/LiteTree.com.xml
deleted file mode 100644
index f25169a71453..000000000000
--- a/src/chrome/content/rules/LiteTree.com.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="LiteTree.com">
-
-	<target host="litetree.com" />
-	<target host="*.litetree.com" />
-
-
-	<securecookie host="^\.litetree\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?litetree\.com/"
-		to="https://$1litetree.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Liteaddress.org.xml b/src/chrome/content/rules/Liteaddress.org.xml
new file mode 100644
index 000000000000..7dddfc721a13
--- /dev/null
+++ b/src/chrome/content/rules/Liteaddress.org.xml
@@ -0,0 +1,12 @@
+<ruleset name="liteaddress.org">
+
+	<target host="liteaddress.org" />
+	<target host="www.liteaddress.org" />
+
+
+	<securecookie host="^\.liteaddress\.org$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Litecoin.info.xml b/src/chrome/content/rules/Litecoin.info.xml
index 4da90705bcd6..a0385ef41b34 100644
--- a/src/chrome/content/rules/Litecoin.info.xml
+++ b/src/chrome/content/rules/Litecoin.info.xml
@@ -1,7 +1,7 @@
 <ruleset name="Litecoin.info">
 
 	<target host="litecoin.info" />
-	<target host="*.litecoin.info" />
+	<target host="www.litecoin.info" />
 
 
 	<securecookie host="^\.?litecoin\.info$" name=".+" />
@@ -10,7 +10,6 @@
 	<!--	www redirects to ^ over http,
 		so copy that behavior:
 					-->
-	<rule from="^http://(?:www\.)?litecoin\.info/"
-		to="https://litecoin.info/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Litecoin.org.xml b/src/chrome/content/rules/Litecoin.org.xml
index 5177eb29b0e9..4864bef83777 100644
--- a/src/chrome/content/rules/Litecoin.org.xml
+++ b/src/chrome/content/rules/Litecoin.org.xml
@@ -1,13 +1,15 @@
 <ruleset name="Litecoin.org">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="litecoin.org" />
-	<target host="*.litecoin.org" />
+	<target host="www.litecoin.org" />
 
 
 	<securecookie host="^\.litecoin\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?litecoin\.org/"
-		to="https://$1litecoin.org/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Litecoinlocal.net.xml b/src/chrome/content/rules/Litecoinlocal.net.xml
new file mode 100644
index 000000000000..60d43413bb13
--- /dev/null
+++ b/src/chrome/content/rules/Litecoinlocal.net.xml
@@ -0,0 +1,27 @@
+<!--
+	Insecure cookies are set for these domains and hosts:
+
+		- .litecoinlocal.net
+		- www.litecoinlocal.net
+
+-->
+<ruleset name="Litecoinlocal.net">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="litecoinlocal.net" />
+	<target host="www.litecoinlocal.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.litecoinlocal\.net$" name="^(__cfduid|cf_clearance)$" /-->
+	<!--securecookie host="^www\.litecoinlocal\.net$" name="^ltclocal_session$" /-->
+
+	<securecookie host="^(?:www)?\.litecoinlocal\.net$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Literature_and_Latte.com.xml b/src/chrome/content/rules/Literature_and_Latte.com.xml
index d507c25bf9b0..ebabf10a34ed 100644
--- a/src/chrome/content/rules/Literature_and_Latte.com.xml
+++ b/src/chrome/content/rules/Literature_and_Latte.com.xml
@@ -1,14 +1,9 @@
-<!--
-	Note: server is configured for rc4 only.
-
--->
 <ruleset name="Literature and Latte.com">
 
 	<target host="literatureandlatte.com" />
 	<target host="www.literatureandlatte.com" />
 
 
-	<rule from="^http://(www\.)?literatureandlatte\.com/"
-		to="https://$1literatureandlatte.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Literotica.com.xml b/src/chrome/content/rules/Literotica.com.xml
new file mode 100644
index 000000000000..b384bb3d8892
--- /dev/null
+++ b/src/chrome/content/rules/Literotica.com.xml
@@ -0,0 +1,66 @@
+<!--
+	Nonfunctional hosts in *literotica.com:
+
+		- forum *
+		- palm *
+		- vipcams *
+		- wap *
+		- wireless *
+
+	* Refused
+
+
+	Problematic hosts in *literotica.com:
+
+		- shop *
+
+	* Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- shop.literotica.com
+
+
+	Mixed content:
+
+		- Bug on i from piwik1eaf.literotica.com *
+
+		- Images, on:
+
+			- shop from cnvassets.s3.amazonaws.com *
+			- shop from d1o1wlqwda3y1b.cloudfront.net *
+			- shop from d235bdyk0zpoq6.cloudfront.net *
+
+	* Secured by us
+
+-->
+<ruleset name="Literotica.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="literotica.com" />
+	<target host="i.literotica.com" />
+	<target host="members.literotica.com" />
+	<target host="piwik1eaf.literotica.com" />
+	<target host="search.literotica.com" />
+	<!--target host="shop.literotica.com" /-->
+	<target host="tags.literotica.com" />
+
+	<target host="dutch.tags.literotica.com" />
+	<target host="french.tags.literotica.com" />
+	<target host="german.tags.literotica.com" />
+	<target host="spanish.tags.literotica.com" />
+
+	<target host="www.literotica.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^shop\.literotica\.com$" name="^laravel_session$" /-->
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Lithium-clients.xml b/src/chrome/content/rules/Lithium-clients.xml
index f3e08dd56baf..64c08bcec1f1 100644
--- a/src/chrome/content/rules/Lithium-clients.xml
+++ b/src/chrome/content/rules/Lithium-clients.xml
@@ -11,26 +11,15 @@
 -->
 <ruleset name="Lithium clients" default_off="mismatched">
 
-	<target host="discussions.nokia.co.uk" />
-		<!--
-			Handled in Nokia.xml.
-						-->
-		<exclusion pattern="^http://discussions\.nokia\.co\.uk/html/images/" />
 	<target host="businessforums.verizon.net" />
 		<!--
 			Handled in Verizon.xml.
 						-->
 		<exclusion pattern="^http://businessforums\.verizon\.net/html/" />
 
+	<securecookie host=".+" name=".+" />
 
-	<securecookie host="^discussions\.nokia\.co\.uk$" name=".+" />
-	<securecookie host="^businessforums\.verizon\.net$" name=".+" />
-
-
-	<rule from="^http://discussions\.nokia\.co\.uk/"
-		to="https://discussions.nokia.co.uk/" />
-
-	<rule from="^http://businessforums\.verizon\.net/"
-		to="https://businessforums.verizon.net/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Lithium.xml b/src/chrome/content/rules/Lithium.xml
index e8b78653f297..9e78b619799b 100644
--- a/src/chrome/content/rules/Lithium.xml
+++ b/src/chrome/content/rules/Lithium.xml
@@ -1,33 +1,48 @@
 <!--
-	Problematic domains:
+	Problematic hosts in *lithium.com:
 
-		- lithium.com	(mismatch)
+		- (client_id) ᵐ
+		- spark ᵐ
+
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- (client_id).lithium.com
+		- www.lithium.com
 
 -->
-<ruleset name="Lithium">
+<ruleset name="Lithium.com (partial)">
 
-	<target host="74.86.17.250" />
 	<target host="lithium.com" />
 	<target host="*.lithium.com" />
-	<target host="*.i.lithium.com" />
 
+		<test url="http://community.lithium.com/" />
+		<test url="http://lithosphere.lithium.com/" />
+		<test url="http://www.lithium.com/" />
+
+		<!--	Clients:
+				-->
+		<test url="http://canonusa.i.lithium.com/" />
 
-	<securecookie host="^.*\.lithium\.com$" name=".+" />
 
+	<!--securecookie host="^(client_id)\.lithium\.com$" name="^(?:LiSESSIONID|LithiumUserInfo|LithiumUserSecure|LithiumVisitor)$" /-->
+	<!--securecookie host="^www\.lithium\.com$" name="^PHPSESSID$" /-->
 
-	<rule from="^https?://74\.86\.17\.250/assets/"
-		to="https://www.lithium.com/assets/" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?lithium\.com/"
-		to="https://www.lithium.com/" />
+	<!--	Redirect drops forward slash
+		and path, but not args:
+					-->
+	<rule from="^http://spark\.lithium\.com/[^?]*"
+		to="https://www.lithium.com/lithium-social-media-monitoring" />
 
-	<rule from="^http://(lithosphere|spark)\.lithium\.com/"
-		to="https://$1.lithium.com/" />
+		<test url="http://spark.lithium.com/" />
+		<test url="http://spark.lithium.com/index.php" />
 
-	<!--	Clients have unique subdomains.
-						-->
-	<rule from="^http://(\w+)\.i\.lithium\.com/"
-		to="https://$1.i.lithium.com/" />
+	<rule from="^http://((?:community|\w+\.i|lithosphere|www)\.)?lithium\.com/"
+		to="https://$1lithium.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Litmus.com.xml b/src/chrome/content/rules/Litmus.com.xml
new file mode 100644
index 000000000000..2d972af0dadc
--- /dev/null
+++ b/src/chrome/content/rules/Litmus.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Other Litmus rulesets:
+
+		- LitmusCDN.com.xml
+
+
+	CDN buckets:
+
+		- litmuswww.s3.amazonaws.com
+
+-->
+<ruleset name="Litmus.com">
+
+	<target host="litmus.com" />
+	<target host="api.litmus.com" />
+	<target host="cluster.litmus.com" />
+	<target host="signup.litmus.com" />
+	<target host="status.litmus.com" />
+	<target host="www.litmus.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/LitmusCDN.com.xml b/src/chrome/content/rules/LitmusCDN.com.xml
new file mode 100644
index 000000000000..7942a9dab1ac
--- /dev/null
+++ b/src/chrome/content/rules/LitmusCDN.com.xml
@@ -0,0 +1,20 @@
+<!--
+	For other Litmus coverage, see Litmus.com.xml.
+
+-->
+<ruleset name="LitmusCDN.com">
+
+	<target host="assets.litmuscdn.com" />
+	<target host="img.litmuscdn.com" />
+	<target host="style.litmuscdn.com" />
+	<target host="styles.litmuscdn.com" />
+
+		<test url="http://assets.litmuscdn.com/images/next/shared/header-logo.svg" />
+		<test url="http://img.litmuscdn.com/assets/logo-app-e994f2a59c683b8dbc84d0c8339e81d2.png" />
+		<test url="http://styles.litmuscdn.com/assets/app-external-6ab842f705f5297f1b61728d7707ad06.css" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Litter.com.xml b/src/chrome/content/rules/Litter.com.xml
index 002c59423a54..639f72e6dc9a 100644
--- a/src/chrome/content/rules/Litter.com.xml
+++ b/src/chrome/content/rules/Litter.com.xml
@@ -13,4 +13,4 @@
 	<rule from="^http://(?:www\.)?littler\.com/(favicon\.ico|files/|sites/)"
 		to="https://www.littler.com/$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Little-Hotelier.xml b/src/chrome/content/rules/Little-Hotelier.xml
new file mode 100644
index 000000000000..227a12ccd397
--- /dev/null
+++ b/src/chrome/content/rules/Little-Hotelier.xml
@@ -0,0 +1,15 @@
+<!--
+	Non-functional subdomains:
+		- (www)		(hostname mismatch, CN: *.wpengine.com, wpengine.com)
+		- lh		(hostname mismatch, CN: *.marketo.com, marketo.com)
+-->
+<ruleset name="Little Hotelier (partial)">
+	<target host="apac.littlehotelier.com" />
+	<target host= "app.littlehotelier.com" />
+	<target host="emea.littlehotelier.com" />
+
+  	<securecookie host="^(apac|app|emea)\.littlehotelier\.com$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Little.my.xml b/src/chrome/content/rules/Little.my.xml
index aca7f1a1c3c2..dff98ba7e815 100644
--- a/src/chrome/content/rules/Little.my.xml
+++ b/src/chrome/content/rules/Little.my.xml
@@ -1,13 +1,14 @@
 <ruleset name="little.my">
 
 	<target host="little.my" />
-	<target host="*.little.my" />
+	<target host="hoof.little.my" />
+	<target host="jointheherd.little.my" />
+	<target host="www.little.my" />
 
 
 	<securecookie host="^\.little\.my$" name=".+" />
 
 
-	<rule from="^http://(hoof\.|jointheherd\.|www\.)?little\.my/"
-		to="https://$1little.my/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/LittleSis.org.xml b/src/chrome/content/rules/LittleSis.org.xml
new file mode 100644
index 000000000000..751118a8e5f9
--- /dev/null
+++ b/src/chrome/content/rules/LittleSis.org.xml
@@ -0,0 +1,56 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://api.littlesis.org/ (200) => https://api.littlesis.org/ (521)
+
+	CDN buckets:
+
+		- s3.amazonaws.com/pai-littlesis/
+
+
+	NB: Tor users cannot view* this website due to CloudFlare settings.
+
+	See:
+
+		- https://blog.torproject.org/blog/call-arms-helping-internet-services-accept-anonymous-users
+		- https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block-Tor-
+		- https://support.cloudflare.com/hc/en-us/articles/200170206-How-do-I-turn-I-m-Under-Attack-mode-on-
+
+	* without enabling javascript, for security and privacy implications see e.g.:
+
+		- https://www.mozilla.org/security/known-vulnerabilities/firefox.html
+		- https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-fingerprinting
+		- https://panopticlick.eff.org
+
+
+	Insecure cookies are set for these domains:
+
+		- .littlesis.org
+
+
+	Mixed content:
+
+		- css on ^ from fonts.googleapis.com ˢ
+		- Bug on ^ from i.creativecommons.org ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="LittleSis.org" default_off="failed ruleset test">
+
+	<target host="littlesis.org" />
+	<target host="api.littlesis.org" />
+	<target host="www.littlesis.org" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.littlesis\.org$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Little_CMS.com.xml b/src/chrome/content/rules/Little_CMS.com.xml
index 88f3c729f403..37d36c4c2bb6 100644
--- a/src/chrome/content/rules/Little_CMS.com.xml
+++ b/src/chrome/content/rules/Little_CMS.com.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(?:www\.)?littlecms\.com/"
 		to="https://www.littlecms.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Liv.ac.uk.xml b/src/chrome/content/rules/Liv.ac.uk.xml
new file mode 100644
index 000000000000..ad1be48b5f4e
--- /dev/null
+++ b/src/chrome/content/rules/Liv.ac.uk.xml
@@ -0,0 +1,41 @@
+<!--
+	University of Liverpool
+
+
+	Nonfunctional subdomains:
+
+		- vgm *
+
+	* Redirects to www
+
+
+	^: Cert only matches *.liv.ac.uk
+
+
+	Fully covered subdomains:
+
+		- people
+		- staff
+		- student
+		-
+
+-->
+<ruleset name="Liv.ac.uk (partial)">
+
+	<target host="liv.ac.uk" />
+	<target host="www.liv.ac.uk" />
+	<target host="people.liv.ac.uk" />
+	<target host="staff.liv.ac.uk" />
+	<target host="student.liv.ac.uk" />
+		<!--
+			Personal dirs 404:
+						-->
+		<exclusion pattern="^http://(?:www\.)?liv\.ac\.uk/+~" />
+
+
+	<rule from="^http://(?:www\.)?liv\.ac\.uk/"
+		to="https://www.liv.ac.uk/" />
+
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Live-Chat.xml b/src/chrome/content/rules/Live-Chat.xml
index d0968a00cc10..8a9969595d0b 100644
--- a/src/chrome/content/rules/Live-Chat.xml
+++ b/src/chrome/content/rules/Live-Chat.xml
@@ -1,43 +1,67 @@
-<!--	!functional:
-	-	status.livechatinc.com		(cert: *.imagin.pl; shows RoundCube webmail)
 
+<!--
+The following targets have been disabled at 2020-09-25 16:20:22:
 
-	Fully covered domains:
+Fetch error: http://chat1a.livechatinc.com/ => https://chat1a.livechatinc.com/: (6, 'Could not resolve host: chat1a.livechatinc.com')
 
-		- livechatinc.com subdomains:
+	Other LiveChat rulesets:
 
-			- app
-			- cdn
-			- support	(→ livechat.zendesk.com)
 
-		- chat.livechatinc.net
+
+	Fully covered hosts in *livechatinc.com:
+
+		- app
+		- cdn
+		- chat1a
+		- developers
+		- partners
+		- status	(→ livechat.statuspage.io)
+		- support
 
 -->
-<ruleset name="LiveChat (partial)">
+<ruleset name="LiveChat Inc.com (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="livechatinc.com"/>
-	<target host="*.livechatinc.com"/>
-		<exclusion pattern="^http://status\."/>
-	<target host="chat.livechatinc.net" />
-	<target host="livechat.zendesk.com"/>
-	<target host="www.livechat.zendesk.com"/>
+	<target host="app.livechatinc.com" />
+	<target host="cdn.livechatinc.com" />
+	<!-- target host="chat1a.livechatinc.com" /-->
+	<target host="developers.livechatinc.com" />
+	<target host="partners.livechatinc.com" />
+	<target host="support.livechatinc.com" />
+	<target host="www.livechatinc.com"/>
+
+	<!--	Complications:
+				-->
+	<target host="status.livechatinc.com" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.livechatinc\.com/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.livechatinc\.com/(?!signup/|wp-content/)" />
 
+			<!--	+ve:
+					-->
+			<test url="http://www.livechatinc.com/blog/" />
+			<test url="http://www.livechatinc.com/pricing/" />
 
-	<securecookie host="^(.*\.)?livechatinc\.com$" name=".*"/>
-	<securecookie host="^(www\.)?livechat\.zendesk\.com$" name=".*"/>
+			<!--	-ve:
+					-->
+			<test url="http://www.livechatinc.com/signup/" />
+			<test url="http://www.livechatinc.com/wp-content/themes/livechat2.0/media/img/home/business-companies.png" />
 
 
-	<rule from="^http://(www\.)?livechatinc\.com/(signup|wp-content)/"
-		to="https://$1livechatinc.com/$2/"/>
+	<securecookie host=".+\.livechatinc\.com$" name=".+" />
 
-	<rule from="^http://(app|cdn)\.livechatinc\.com/"
-		to="https://$1.livechatinc.com/"/>
 
-	<!--	doesn't redirect!  Kudos	-->
-	<rule from="^http://support\.livechatinc\.com/"
-		to="https://livechat.zendesk.com/"/>
+	<rule from="^http://status\.livechatinc\.com/"
+		to="https://livechat.statuspage.io/" />
 
-	<rule from="^http://chat\.livechatinc\.net/"
-		to="https://chat.livechatinc.net/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Live-Nation.xml b/src/chrome/content/rules/Live-Nation.xml
deleted file mode 100644
index 78b442b9d179..000000000000
--- a/src/chrome/content/rules/Live-Nation.xml
+++ /dev/null
@@ -1,119 +0,0 @@
-<!--
-	Other Live Nation rulesets:
-
-		- Ticketmaster.xml
-		- TicketsNow.xml
-
-
-	buckets:
-
-		a248.e.akamai.net/f/248/905/10m/media.livenationinternational.com/
-		- s3.amazonaws.com/lntv-beta/
-		- s3.amazonaws.com/lntv/
-		- assets.livenation.com.edgesuite.net
-
-
-	Nonfunctional domains:
-
-		- www.livenation.be		(reset)
-		- media.livenation.co.uk	(shows "UNSUBSCRIBE INFORMATION", akamai)
-		- assets.livenation.com		(503, akamai)
-		- media.livenationinternational.com	(akamai, few paths work)
-
-
-	Problematic domains:
-
-		- ads.livenation.com			(works; mismatched, CN: de.ticketmaster.com)
-		- onenation.livenation.com		(works, akamai)
-
-
-	Partially covered domains:
-
-		- (www.)livenation.com			(at least some pages redirect to http)
-
-
-	Fully covered domains:
-
-		- secure.getmein.com
-		- (www1?.)livenation.ae
-		- (www1?.)livenation.asia
-		- fr.livenation.be
-		- www1.fr.livenation.be
-		- nl.livenation.be
-		- www1.nl.livenation.be
-		- (www1?.)livenation.co.jp
-		- (www1?.)livenation.co.uk
-		- ads.livenation.com		(→ de.ticketmaster.com)
-		- (www1?.)livenation.com.au
-		- (www1?.)livenation.cz
-		- (www1?.)livenation.dk
-		- (www1?.)livenation.es
-		- (www1?.)livenation.fi
-		- (www1?.)livenation.fr
-		- (www1?.)livenation.hu
-		- (www1?.)livenation.it
-		- (www.)livenation.kr
-		- (www1?.)livenation.nl
-		- (www1?.)livenation.no
-		- (www1?.)livenation.pl
-		- (www1?.)livenation.se
-
--->
-<ruleset name="Live Nation Entertainment (partial)" platform="mixedcontent">
-
-	<target host="getmein.com" />
-	<target host="*.getmein.com" />
-	<target host="livenation.*" />
-	<target host="www.livenation.*" />
-	<target host="www1.livenation.*" />
-	<target host="*.livenation.be" />
-	<target host="livenation.co.*" />
-	<target host="www.livenation.co.*" />
-	<target host="www1.livenation.co.*" />
-	<target host="concerts.livenation.com" />
-	<target host="livenation.com.au" />
-	<target host="*.livenation.com.au" />
-	<!--target host="media.livenationinternational.com" /-->
-
-
-	<securecookie host="^(?:.*\.)?getmein\.com$" name=".+" />
-	<!--
-		Omniture cookies:
-					-->
-	<securecookie host="^\.ticketmaster\.com$" name="^s_v\w$" />
-	<!--
-		Other cookie domains:
-
-			- concerts.livenation.com
-			- .concerts.livenation.com
-							-->
-	<securecookie host="^www1?\.(?:fr\.|nl\.)?livenation\.(?:\w\w|co\.jp|co\.uk|com\.au)" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?getmein\.com/"
-		to="https://www.getmein.com/" />
-
-	<rule from="^http://secure\.getmein\.com/"
-		to="https://secure.getmein.com/" />
-
-
-	<rule from="^http://(?:www(1)?\.)?livenation\.(ae|asia|co\.jp|co\.uk|com\.au|cz|dk|es|fi|fr|hu|it|kr|nl|no|pl|se)/"
-		to="https://www$1.livenation.$2/" />
-
-	<rule from="^http://(www1\.)?(fr|nl)\.livenation\.be/"
-		to="https://$1$2.livenation.be/" />
-
-	<rule from="^http://(?:www\.)?livenation\.com/(favicon-ln\.ico|ln/)"
-		to="https://www.livenation.com/$1" />
-
-	<rule from="^http://ads\.livenation\.com/"
-		to="https://de.livenation.com/" />
-
-	<rule from="^http://concerts\.livenation\.com/(?!$|concerts)"
-		to="https://concerts.livenation.com/" />
-
-
-	<!--rule from="^http://media\.livenationinternational\.com/"
-		to="https://a248.e.akamai.net/f/248/905/10m/media.livenationinternational.com/"/-->
-
-</ruleset>
diff --git a/src/chrome/content/rules/Live.net.xml b/src/chrome/content/rules/Live.net.xml
new file mode 100644
index 000000000000..5d3b059e160f
--- /dev/null
+++ b/src/chrome/content/rules/Live.net.xml
@@ -0,0 +1,27 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://df-feeds.live.net/ => https://df-feeds.live.net/: (7, 'Failed to connect to df-feeds.live.net port 443: Connection refused')
+Fetch error: http://feeds.live.net/ => https://feeds.live.net/: (7, 'Failed to connect to feeds.live.net port 443: Connection refused')
+
+	For other Microsoft coverage, see Microsoft.xml.
+
+-->
+<ruleset name="Live.net" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="apis.live.net" />
+	<target host="df-feeds.live.net" />
+	<target host="feeds.live.net" />
+	<target host="js.live.net" />
+	<target host="l.live.net" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Live.xml b/src/chrome/content/rules/Live.xml
index a59714cd750d..de30547ab1af 100644
--- a/src/chrome/content/rules/Live.xml
+++ b/src/chrome/content/rules/Live.xml
@@ -4,274 +4,235 @@
 
 	Nonfunctional domains:
 
-		- explore.live.com		(404; mismatched, CN: *.windows.microsoft.com)
-		- idsignup.live.com		(no https)
-		- security.live.com		(no https)
-		- messenger.services.live.com
-		- startup.live.com
-		- msrvideo.vo.msecnd.net	(400)
-		- www.wlmessenger.net
-
-
-	Problematic domains:
-
-		- www.hotmail.co.jp *
-		- www.hotmail.co.uk *
-		- live.com		(no https)
-		- sc[34].maps.live.com
-
-	* Mismatched
-
-
-	Fully covered domains:
-
-		- dub*.afx.ms:
+		- in *live.com:
 
-			- dub002
-			- dub10[1-9]
-			- dub11\d
-			- dub12[0-4]
+			- explore ¹
+			- idsignup ²
+			- security ²
+			- messenger.services
+			- startup
 
-		- a.gfx.ms
-		- auth.gfx.ms
-		- (www.)hotmail.co.jp	(www → ^)
-		- (www.)hotmail.co.uk	(www → ^)
-		- hotmail.com
-		- www.hotmail.com
-		- gfx[5-8].hotmail.com
-
-		- live.com subdomains:
-
-			- (www.)	(^ → www)
-			- account
-			- c
-			- c-mid
-			- calendar
-			- consent
-			- contacts
-			- devices
-			- directory
-			- \w+.directory:
+		- www.wlmessenger.net
 
-				- people
+	¹ 404
+	² Refused
 
-			- domains
-			- login.domains
-			- favorites
-			- g
-			- groups
-			- h
-			- client.hip
-			- dc[12].client.hip
-			- hipservice
-			- home
-			- hotmail
-			- sc.imp
-			- login
-			- \w+.login
-			- mail
 
-			- *.mail:
+	Problematic hosts in *live.com:
 
-				- snt\d+
-				- m
-				- www
+		- ^ (r)
+		- onecare (t)
+		- sc2.maps (m)
+		- sc[34].maps (?)
+		- home.services.spaces (m)
 
-			- *.*.mail
+	m: certificate mismatch
+	t: time out
+	r: refused
 
-			- maps subdomains:
 
-				- mc1
-				- sc[12]
-				- sc[34]		(→ sc1.maps)
+	Fully covered hosts in *live.com:
 
-			- messenger
+		- (www.)?	(^ → www)
+		- account
+		- c
+		- c-mid
+		- calendar
+		- choice
 
-			- \w+.gateway.messenger:
+		- contacts
+		- contacts-df
+		- devices
 
-				- baymsg\d+
+		- *.directory:
 
-			- mid
-			- oauth
-			- office
-			- onecare
 			- people
-			- photos
-			- profile
-
-			- \w+.profile:
 
-				- cid-\w+
+		- domains
+		- login.domains
+		- favorites
+		- g
+		- groups
+		- h
+		- client.hip
+		- home
+		- hotmail
+		- odc.officeapps
+		- login
+		- *.login
+		- mail
 
-			- rad
+		- *.mail:	([^.]+.[^.] → \2)
 
-			- secure.\w+
+			- m
+			- snt\d+
+			- www
 
-				- secure.shared
+		- in *.maps:
 
-			- directory.services
-			- livecontacts.services
-			- geo.messenger.services
-			- signout
-			- signup
-			- skydrive
-			- skygfx
-			- status
-			- storage
+			- mc1
+			- sc1
+			- sc[34]		(→ sc1.maps)
 
-			- \w+.storage:
+		- messenger
 
-				- blufiles
-				- byfiles
-				- dm1files
+		- *.gateway.messenger:
 
-			- \w+.users.storage:
+			- baymsg\d+
 
-				- cid-\w+
+		- oauth
+		- office
+		- c2rsetup.officeapps
+		- onedrive
+		- people
+		- people-df
+		- photos
+		- postmaster
+		- profile
 
-			- max.sup
+		- *.profile:
 
-		- live.net subdomains:
+			- cid-\w+
 
-			- apis
-			- df-feeds
-			- feeds
-			- js
-			- l
+		- profile-df.live.com
+		- profiles
+		- rad
 
-		- \w+.bay.livefilestore.com:
+		- secure.shared
 
-			- c
+		- directory.services
 
-		- \w+.vo.msecnd.net:
+		- signup
+		- skydrive
+		- skygfx
+		- spaces
+		- mobile.spaces
+		- status
+		- storage
 
-			- az83882.vo.msecnd.net		(on windowsazure.com
-                        - az94986.vo.msecnd.net		(on so.cl)
-                        - officeimg.vo.msecnd.net
-			- s1-word-view-15.vo.msecnd.net
+		- *.storage:
 
-		- accountservices.passport.net
-		- www.passportimages.com
+			- blufiles
+			- byfiles
+			- dm1files
+			- cid-\w+.users
 
-		- p.sfx.ms
 
-		- so.cl
-		- www.so.cl
+	Insecure cookies are set for these domains and hosts:
 
-		- \w+.wlxrs.com:
+		- .live.com
+		- .h.live.com
+		- login.live.com
+		- .login.live.com
+		- office.live.com
+		- .office.live.com
+		- postmaster.live.com
 
-			- js2
-			- secure
-			- skydrive
 
+	Mixed content:
 
-	Wildcard cookies:
+		- Bug on onedrive from c.microsoft.com *
 
-		- *.account.live.com
+	* Secured by us
 
 -->
-<ruleset name="Hotmail / Live">
-
-	<target host="*.afx.ms" />
-	<target host="*.gfx.ms" />
-	<target host="hotmail.co.*" />
-	<target host="www.hotmail.co.*" />
-	<!--
-		Target host is * because Live URLs can contain multiple unpredictable
-		components, like http://snXXXw.sntXXX.mail.live.com/default.aspx
-		In the current target host syntax, a wildcard can match only one
-		hostname element, not two, and only one wildcard per target host
-		is permitted.
+<ruleset name="Live.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="secure.shared.live.com" />
+	<target host="account.live.com" />
+	<target host="calendar.live.com" />
+	<target host="c.live.com" />
+	<target host="c-mid.live.com" />
+	<target host="choice.live.com" />
+	<target host="contacts.live.com" />
+	<target host="contacts-df.live.com" />
+	<target host="devices.live.com" />
+	<target host="*.directory.live.com" />
+
+	<target host="domains.live.com" />
+	<target host="login.domains.live.com" />
+	<target host="favorites.live.com" />
+	<target host="g.live.com" />
+	<target host="groups.live.com" />
+	<target host="h.live.com" />
+
+	<target host="client.hip.live.com" />
+
+	<target host="home.live.com" />
+	<target host="hotmail.live.com" />
+	<target host="login.live.com" />
+	<target host="*.login.live.com" />
+	<target host="mail.live.com" />
+	<target host="*.mail.live.com" />
+
+	<target host="mc1.maps.live.com" />
+	<target host="sc1.maps.live.com" />
+
+	<target host="messenger.live.com" />
+	<target host="*.gateway.messenger.live.com" />
+	<target host="oauth.live.com" />
+	<target host="office.live.com" />
+	<target host="c2rsetup.officeapps.live.com" />
+	<target host="odc.officeapps.live.com" />
+	<target host="onedrive.live.com" />
+	<target host="people.live.com" />
+	<target host="people-df.live.com" />
+	<target host="photos.live.com" />
+	<target host="postmaster.live.com" />
+	<target host="profile.live.com" />
+	<target host="*.profile.live.com" />
+	<target host="profile-df.live.com" />
+	<target host="profiles.live.com" />
+	<target host="rad.live.com" />
+
+	<target host="directory.services.live.com" />
+
+	<target host="signup.live.com" />
+	<target host="skydrive.live.com" />
+	<target host="skygfx.live.com" />
+	<target host="spaces.live.com" />
+	<target host="mobile.spaces.live.com" />
+
+	<target host="*.storage.live.com" />
+	<target host="www.live.com" />
+
+	<!--	Complications:
 				-->
-	<target host="hotmail.com" />
-	<target host="*.hotmail.com" />
 	<target host="live.com" />
-	<target host="*.live.com" />
-	<target host="*.live.net" />
-	<target host="*.bay.livefilestore.com" />
-	<target host="*.vo.msecnd.net" />
-		<!--
-			400:
-
-				https://trac.torproject.org/projects/tor/ticket/9026
+	<target host="sc3.maps.live.com" />
+	<target host="sc4.maps.live.com" />
+
+		<test url="http://secure.shared.live.com/" />
+
+
+	<!--	Not secured by server:
 					-->
-		<exclusion pattern="^http://(?:az307127|az31465|az354189|az373151|az412849|msnchansea|msrvideo)\.vo\.msecnd\.net/" />
-	<target host="www.passportimages.com" />
-	<target host="p.sfx.ms" />
-	<target host="so.cl" />
-	<target host="www.so.cl" />
-	<target host="*.wlxrs.com" />
 
+	<!--securecookie host="^\.live\.com$" name="^(E|LD|MUID|RVC|wla\d+|xidseq)$" /-->
+	<!--securecookie host="^\.h\.live\.com$" name="^SM$" /-->
+	<!--securecookie host="^login\.live\.com$" name="^MSPRequ$" /-->
+	<!--securecookie host="^\.login\.live\.com$" name="^MSPOK$" /-->
+	<!--securecookie host="^office\.live\.com$" name="^BIGipCookie$" /-->
+	<!--securecookie host="^\.office\.live\.com$" name="^AM3-ARRAffinity" /-->
+	<!--securecookie host="^postmaster\.live\.com$" name="^ASP\.NET_SessionId$" /-->
 
 	<!--	NB: Are cross-domain cookies needed on unsecurable pages?
 
 	<securecookie host="^\.live\.com$" name=".+" /-->
-	<securecookie host="^\.?(?:account|consent|(?:login\.)?domains|login|mail|messenger|profile|signup)\.live\.com$" name=".+" />
-	<securecookie host="^people\.directory\.live\.com$" name=".+" />
-	<securecookie host="^l\.live\.net$" name=".+" />
-
 
-	<rule from="^http://dub(\d+)\.afx\.ms/"
-		to="https://dub$1.afx.ms/" />
+	<!-- Don't include ^login.live.com in the securecookie. See https://github.com/EFForg/https-everywhere/issues/9691. -->
+	<securecookie host="^\.?(?:account|people\.directory|(?:login\.)?domains|mail|messenger|postmaster|profile|signup)\.live\.com$" name=".+" />
 
-	<rule from="^http://a(uth)?\.gfx\.ms/"
-		to="https://a$1.gfx.ms/" />
 
-	<rule from="^https?://live\.com/"
+	<rule from="^http://live\.com/"
 		to="https://www.live.com/" />
 
-	<!--	Microsoft itself protects the login this way but we can prevent
-		against SSL stripping.
-					-->
-	<rule from="^http://(account|calendar|c|c-mid|consent|contacts|devices|(?:[\w-]+\.)?(?:directory|login|profile)|(?:login\.)?domains|favorites|g|groups|h|(?:dc\d\.)?client\.hip|hipservice|home|hotmail|sc\.imp|mail|(?:mc1|sc[12])\.maps|(?:\w+\.gateway\.)?messenger|mid|oauth|office|onecare|people|photos|rad|secure\.\w+|(?:directory|livecontacts|geo\.messenger)\.services|signout|signup|skydrive|skygfx|status|(?:[\w-]+(?:\.users)?\.)?storage|max\.sup|www)\.live\.com/"
-		to="https://$1.live.com/" />
-
-	<rule from="^https?://sc[34]\.maps\.live\.com/"
+	<rule from="^http://sc[34]\.maps\.live\.com/"
 		to="https://sc1.maps.live.com/" />
 
-	<rule from="^http://accountservices\.passport\.net/"
-		to="https://accountservices.passport.net/" />
-
-	<rule from="^https?://(?:www\.)?hotmail\.co\.(jp|uk)/"
-		to="https://hotmail.co.$1/" />
-
-	<!--	Both of these appear to trigger two good things: (1) the user is
-		prompted to make HTTPS the default; (2) even if the user decides
-		not to, the remainder of that mail-reading session is automatically
-		HTTPS-only.
-					-->
-	<rule from="^http://(www\.)?hotmail\.com/"
-		to="https://$1hotmail.com/" />
-
-	<rule from="^http://gfx(\d)\.hotmail\.com/"
-		to="https://gfx$1.hotmail.com/" />
-
-	<!--	Example:
-			http://sn133w.snt133.mail.live.com/default.aspx?wa=wsignin1.0 >>>
-			https://snt133.mail.live.com/default.aspx?wa=wsignin1.0
-							-->
-	<rule from="^http://[^@:/\.]+\.([^@:/\.]+)\.mail\.live\.com/"
-		to="https://$1.mail.live.com/" />
-
-	<rule from="^http://(apis|df-feeds|feeds|js|l)\.live\.net/"
-		to="https://$1.live.net/" />
-
-	<rule from="^http://(\w+)\.bay\.livefilestore\.com/"
-		to="https://$1.bay.livefilestore.com/" />
-
-	<rule from="^http://(\w+)\.vo\.msecnd\.net/"
-		to="https://$1.vo.msecnd.net/" />
-
-	<rule from="^http://www\.passportimages\.com/"
-		to="https://www.passportimages.com/" />
-
-	<rule from="^http://p\.sfx\.ms/"
-		to="https://p.sfx.ms/" />
-
-	<rule from="^http://(www\.)?so\.cl/"
-		to="https://$1so.cl/" />
-
-	<rule from="^http://(\w+)\.wlxrs\.com/"
-		to="https://$1.wlxrs.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/LiveAgent.xml b/src/chrome/content/rules/LiveAgent.xml
index 1b208f5bc055..aff394398ed6 100644
--- a/src/chrome/content/rules/LiveAgent.xml
+++ b/src/chrome/content/rules/LiveAgent.xml
@@ -1,24 +1,34 @@
 <!--
+	LiveAgent
+
 	For other QualityAgent coverage, see QualityAgent.xml.
 
 
-	Problematic subdomains:
+	Clients have unique subdomains.
+
+
+	Insecure cookies are set for these hosts:
 
-		- (www.)	(rx_record_too_long)
+		- ladesk.com
+		- www.ladesk.com
 
 -->
-<ruleset name="LiveAgent">
+<ruleset name="LAdesk.com">
 
 	<target host="ladesk.com" />
 	<target host="*.ladesk.com" />
 
+		<test url="http://www.ladesk.com/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?ladesk\.com$" name="^STICKYSESSION$" /-->
+
+	<securecookie host="^(?:www\.)?ladesk\.com$" name=".+" />
 
-	<!--	Clients have unique subdomains.
-							-->
-	<rule from="^http://(\w+)\.ladesk\.com/"
-		to="https://$1.ladesk.com/" />
 
-	<rule from="^https?://(?:www\.)?ladesk\.com/"
-		to="https://www.qualityunit.com/liveagent/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/LiveCorp.xml b/src/chrome/content/rules/LiveCorp.xml
new file mode 100644
index 000000000000..9fc0ba7086f2
--- /dev/null
+++ b/src/chrome/content/rules/LiveCorp.xml
@@ -0,0 +1,49 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.livecorp.com.au/favicon.ico => https://www.livecorp.com.au/favicon.ico: Too many redirects while fetching 'https://www.livecorp.com.au/favicon.ico'
+
+-->
+<ruleset name="LiveCorp.com.au (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.livecorp.com.au" />
+
+	<!--	Complications:
+				-->
+	<target host="livecorp.com.au" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.livecorp\.com\.au/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.livecorp\.com\.au/+(?!App_Themes/|favicon\.ico|LC/|getmedia/|(?:sp/)?register(?:$|\?))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.livecorp.com.au/about-us/chief-executive-officer" />
+			<test url="http://www.livecorp.com.au/about-us/introduction" />
+			<test url="http://www.livecorp.com.au/about-us/livecorp-information" />
+			<test url="http://www.livecorp.com.au/about-us/livecorp-information/annual-reports" />
+			<test url="http://www.livecorp.com.au/industry-information/industry-statistics/cattle-statistics" />
+			<test url="http://www.livecorp.com.au/livecorp-strategic-plan-0" />
+			<test url="http://www.livecorp.com.au/programs/animal-welfare" />
+			<test url="http://www.livecorp.com.au/publications" />
+			<test url="http://www.livecorp.com.au/research-development/about-r-d" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.livecorp.com.au/register" />
+			<test url="http://www.livecorp.com.au/sp/register" />
+			<test url="http://www.livecorp.com.au/App_Themes/LiveCorp/images/home-icon.png" />
+			<test url="http://www.livecorp.com.au/favicon.ico" />
+
+	<rule from="^http://livecorp\.com\.au/"
+		to="https://www.livecorp.com.au/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/LiveInternet-falsemixed.xml b/src/chrome/content/rules/LiveInternet-falsemixed.xml
deleted file mode 100644
index 31c9f3f08407..000000000000
--- a/src/chrome/content/rules/LiveInternet-falsemixed.xml
+++ /dev/null
@@ -1,31 +0,0 @@
-<!--
-	For rules not causing false/broken MCB, see LiveInternet.xml.
-
-
-	Fully covered domains:
-
-		- (www.)li.ru *
-		- i.li.ru *
-		- (www.)liveinternet.ru *
-
-	* → www.liveinternet.ru
-
--->
-<ruleset name="LiveInternet (false MCB)" platform="mixedcontent">
-
-	<target host="li.ru" />
-	<target host="*.li.ru" />
-	<target host="liveinternet.ru" />
-	<target host="www.liveinternet.ru" />
-
-
-	<securecookie host="^www\.liveinternet\.ru$" name=".+" />
-
-
-	<rule from="^http://(?:i\.|www\.)?li\.ru/"
-		to="https://www.liveinternet.ru/" />
-
-	<rule from="^http://(?:www\.)?liveinternet\.ru/"
-		to="https://www.liveinternet.ru/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/LiveInternet.ru.xml b/src/chrome/content/rules/LiveInternet.ru.xml
new file mode 100644
index 000000000000..ac8ded94a9cf
--- /dev/null
+++ b/src/chrome/content/rules/LiveInternet.ru.xml
@@ -0,0 +1,22 @@
+<!--
+	Other LiveInternet rulesets:
+		- Li.ru.xml
+		- Yadro.ru.xml
+
+	Dropped:
+		wiki		https://wiki.liveinternet.ru/ProektyLiveInternet
+-->
+<ruleset name="LiveInternet.ru">
+
+	<target host="liveinternet.ru" />
+	<target host="www.liveinternet.ru" />
+		<test url="http://www.liveinternet.ru/users/mila3107/post290166214/" />
+	<target host="g.liveinternet.ru" />
+	<target host="img.liveinternet.ru" />
+	<target host="img0.liveinternet.ru" />
+	<target host="img1.liveinternet.ru" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/LiveInternet.xml b/src/chrome/content/rules/LiveInternet.xml
deleted file mode 100644
index 6f6951aeeda9..000000000000
--- a/src/chrome/content/rules/LiveInternet.xml
+++ /dev/null
@@ -1,73 +0,0 @@
-<!--
-	For rules causing false/broken MCB, see LiveInternet-falsemixed.xml.
-
-
-	Other LiveInternet rulesets:
-
-		- Yadro.ru.xml
-
-
-	Nonfunctional domains:
-
-		- captcha.li.ru *
-		- wiki.liveinternet.ru *
-
-	* Dropped
-
-
-	Problematic domains:
-
-		- (www.)li.ru *
-		- i.li.ru		(refused)
-		- liveinternet.ru *
-
-	* Works; mismatched, CN: www.liveinternet.ru
-
-
-	Fully covered domains:
-
-		- g.liveinternet.ru
-
-
-	Mixed content:
-
-		- Scripts, on:
-
-			- www.liveinternet.ru from www.liveinternet.ru *
-			- www.liveinternet.ru from i.li.ru *
-
-		- css, on:
-
-			- www.liveinternet.ru from www.liveinternet.ru *
-			- www.liveinternet.ru from i.li.ru *
-
-		- Images, on:
-
-			- g.liveinternet.ru from captcha.li.ru
-
-		- Web bugs, on:
-
-			- www.liveinternet.ru from www.internalinspector.com **
-			- www.liveinternet.ru from www.tns-counter.ru *
-			- www.liveinternet.ru from slinks.yadro.ru **
-
-	* Secured by us
-	** Unsecurable, but who cares
-
-
-	NB: We secure all resources, and thus
-	-falsemixed should be merged for Ffx 24.
-
--->
-<ruleset name="LiveInternet (partial)">
-
-	<target host="g.liveinternet.ru" />
-
-
-	<securecookie host="^g\.liveinternet\.ru$" name=".+" />
-
-
-	<rule from="^http://g\.liveinternet\.ru/"
-		to="https://g.liveinternet.ru/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/LiveJasmin.xml b/src/chrome/content/rules/LiveJasmin.xml
index aa4da78b9203..0b613e60bf98 100644
--- a/src/chrome/content/rules/LiveJasmin.xml
+++ b/src/chrome/content/rules/LiveJasmin.xml
@@ -1,13 +1,90 @@
+<!--
+	For other Other DuoDecad IT Services coverage, see dditservices.com.xml.
+
+
+	Nonfunctional hosts in *livejasmin.com:
+
+		- (www.)? ᵈ
+		- modelcenter ʳ
+		- registration ᵈ
+		- wiki ᵈ
+
+	ᵈ Dropped
+	ʳ Refused
+
+
+	Insecure cookies are set for these domains: ᶜ
+
+		- .livejasmin.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
 <ruleset name="LiveJasmin (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="new.livejasmin.com" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://new\.livejasmin\.com/(?:$|[a-z]{2}/(?:$|contact-us$|policy$)|redirect/[\w-]+$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://new\.livejasmin\.com/(?!/*(?:favicon\.ico|[a-z]{2}/auth/))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://new.livejasmin.com/en/" />
+			<test url="http://new.livejasmin.com/en/contact-us" />
+			<test url="http://new.livejasmin.com/en/policy" />
+			<test url="http://new.livejasmin.com/en/redirect/awempire" />
+			<test url="http://new.livejasmin.com/nl/" />
+			<test url="http://new.livejasmin.com/nl/contact-us" />
+			<test url="http://new.livejasmin.com/nl/policy" />
+			<test url="http://new.livejasmin.com/nl/policy" />
+			<test url="http://new.livejasmin.com/nl/redirect/model-center-login" />
+			<test url="http://new.livejasmin.com/pt/" />
+			<test url="http://new.livejasmin.com/pt/contact-us" />
+
+			<!--	-ve:
+					-->
+			<test url="http://new.livejasmin.com/en/auth/credit" />
+			<test url="http://new.livejasmin.com/en/auth/forgot-password" />
+			<test url="http://new.livejasmin.com/en/auth/login" />
+			<test url="http://new.livejasmin.com/favicon.ico" />
+			<test url="http://new.livejasmin.com/nl/auth/forgot-password" />
+			<test url="http://new.livejasmin.com/nl/auth/login" />
+			<test url="http://new.livejasmin.com/nl/auth/sign-up" />
+			<test url="http://new.livejasmin.com/pt/auth/forgot-password" />
+			<test url="http://new.livejasmin.com/pt/auth/login" />
+			<test url="http://new.livejasmin.com/pt/auth/sign-up" />
+
+	<!--	Complications:
+				-->
 	<target host="*.new.livejasmincdn.com" />
 
+		<exclusion pattern="^http://(?!static\d\.new\.livejasmincdn\.com/).+\.new\.livejasmincdn\.com/" />
+
+			<!--	+ve:
+					-->
+			<test url="http://this.host.new.livejasmincdn.com/" />
+			<test url="http://exists.not.new.livejasmincdn.com/" />
+			<test url="http://really.not.new.livejasmincdn.com/" />
 
-	<rule from="^http://new\.livejasmin\.com/en/auth/([\w\-]+)($|\?)"
-		to="https://new.livejasmin.com/en/auth/$1$2" />
 
-	<rule from="^https?://static\d\.new\.livejasmincdn\.com/"
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.livejasmin\.com$" name="^(?:category|jasminsite|listPageIds|session|tppId)$" /-->
+
+
+	<rule from="^http://static\d\.new\.livejasmincdn\.com/"
 		to="https://new.livejasmin.com/" />
 
+		<test url="http://static1.new.livejasmincdn.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/LiveJournal-problematic.xml b/src/chrome/content/rules/LiveJournal-problematic.xml
deleted file mode 100644
index 3eabc728bced..000000000000
--- a/src/chrome/content/rules/LiveJournal-problematic.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<!-- NOTE: In its current form and with the current site configuration,
-this rule protects login passwords but prevents the user from reading
-other users' journals! -->
-
-<ruleset name="LiveJournal (buggy)" default_off="breaks for non-logged-in users">
-  <target host="livejournal.com" />
-  <target host="www.livejournal.com" />
-
-  <rule from="^http://(?:www\.)?livejournal\.com/" to="https://www.livejournal.com/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/LiveJournal.com.xml b/src/chrome/content/rules/LiveJournal.com.xml
new file mode 100644
index 000000000000..5dec01d72841
--- /dev/null
+++ b/src/chrome/content/rules/LiveJournal.com.xml
@@ -0,0 +1,43 @@
+<!--
+	LiveJournal.com has a wildcard DNS record.
+-->
+
+<ruleset name="LiveJournal.com">
+	<target host="livejournal.com" />
+	<target host="*.livejournal.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+	<test url="http://www.livejournal.com/" />
+	<test url="http://community-promo.livejournal.com/" />
+	<test url="http://community-quest.livejournal.com/" />
+	<test url="http://ic.pics.livejournal.com/" />
+	<test url="http://l-files.livejournal.com/" />
+	<test url="http://l-stat.livejournal.com/" />
+	<test url="http://l-userpic.livejournal.com/" />
+	<test url="http://lj-dev.livejournal.com/" />
+	<test url="http://maps.livejournal.com/" />
+	<test url="http://news.livejournal.com/" />
+	<test url="http://stat.livejournal.com/" />
+	<test url="http://xc3.services.livejournal.com/" />
+
+	<test url="http://evo-lutio.livejournal.com/" />
+	<test url="http://fritzmorgen.livejournal.com/" />
+	<test url="http://macos.livejournal.com/" />
+	<test url="http://mi3ch.livejournal.com/" />
+	<test url="http://miss-tramell.livejournal.com/" />
+	<test url="http://miumau.livejournal.com/" />
+	<test url="http://polydi.livejournal.com/" />
+	<test url="http://shakko-kitsune.livejournal.com/" />
+	<test url="http://tema.livejournal.com/" />
+
+	<test url="http://jh0om5kf8u.livejournal.com/" />
+	<test url="http://2o4kug3s5m.livejournal.com/" />
+	<test url="http://ienp7e7enw.livejournal.com/" />
+
+	<exclusion pattern="^http://status\.livejournal\.com/" />
+
+	<test url="http://status.livejournal.com/" />
+</ruleset>
diff --git a/src/chrome/content/rules/LiveJournal.xml b/src/chrome/content/rules/LiveJournal.xml
deleted file mode 100644
index f3ef53ec876e..000000000000
--- a/src/chrome/content/rules/LiveJournal.xml
+++ /dev/null
@@ -1,74 +0,0 @@
-<!--
-	CDN buckets:
-
-		- s3.amazonaws.com/status-livejournal/
-		- l-stat.livejournal.com.cdngc.net
-		- l-userpic.livejournal.com.cdngc.net
-		- ic.pics.livejournal.com.cdngc.net
-
-
-	Nonfunctional subdomains:
-
-		- files		(redirects to www)
-		- l-userpic	(403, CN: ssl.cdngc.net)
-		- ic.pics	(reset)
-		- xc3.services	(dropped)
-		- user		(404)
-
-
-	Problematic subdomains:
-
-		- l-stat	(403, CN: ssl2.cdngc.net)
-
-
-	Partially covered subdomains:
-
-		- (www.)
-		- status	(→ s3.amazonaws.com)
-
-
-	Fully covered subdomains:
-
-		- l-stat	(→ s3.amazonaws.com & stat)
-		- stat
-
-
-	Caution: LiveJournal breaks us proactively.
-
--->
-<ruleset name="LiveJournal (partial)">
-
-	<target host="livejournal.com" />
-	<target host="*.livejournal.com" />
-
-
-	<!--	paths under img/ & stc/ have started redirecting to http.
-
-		.n|n, LJ.
-			-->
-	<rule from="^http://(www\.)?livejournal\.com/(?=(?:changepassword|create|login)\.html|manage/|shop/)"
-		to="https://$1livejournal.com/" />
-
-	<rule from="^http://status\.livejournal\.com/img/"
-		to="https://s3.amazonaws.com/status-livejournal/img/" />
-
-	<!--	Also on stat.livejournal.com, but as these are
-		on a CDN too, be kind and point there instead.
-								-->
-	<rule from="^http://(?:l-)stat\.livejournal\.com/img/error-pages/(?=bg-error-page\.jpg|bullet-round-grey\.gif|frank\.png|logo-lj\.png|rule-grey\.gif)"
-		to="https://s3.amazonaws.com/status-livejournal/img/" />
-
-	<rule from="^http://(?:l-)?stat\.livejournal\.com/"
-		to="https://stat.livejournal.com/" />
-
-	<!--	User journal entries work, but user pages redirect to www.
-
-		This broke, but appears to work again.
-							-->
-	<rule from="^http://([\w-]+)\.livejournal\.com/(?=\d+\.html)"
-		to="https://$1.livejournal.com/" />
-
-	<!--rule from="^https://www\.livejournal\.com/stc/img/error-pages/"
-		to="https://www.livejournal.com/img/error-pages/" /-->
-
-</ruleset>
diff --git a/src/chrome/content/rules/LiveMeme.xml b/src/chrome/content/rules/LiveMeme.xml
new file mode 100644
index 000000000000..0e99de357a22
--- /dev/null
+++ b/src/chrome/content/rules/LiveMeme.xml
@@ -0,0 +1,28 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://i.lvme.me/ => https://i.lvme.me/: (60, 'SSL certificate problem: certificate has expired')
+
+
+	Nonfunctional domains:
+
+		aht.livememe.com	(reset)
+		t1.livememe.com		(reset)
+		lvme.me			(reset)
+		www.lvme.me		(reset)
+		static.lvme.me		(mismatched)
+
+-->
+
+<ruleset name="LiveMeme (partial)" default_off="failed ruleset test">
+
+	<target host="livememe.com" />
+	<target host="www.livememe.com" />
+
+	<target host="e.lvme.me" />
+	<target host="i.lvme.me" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/LiveNation.ae.xml b/src/chrome/content/rules/LiveNation.ae.xml
new file mode 100644
index 000000000000..bd24ccd9cee2
--- /dev/null
+++ b/src/chrome/content/rules/LiveNation.ae.xml
@@ -0,0 +1,17 @@
+<!--
+	For other related rulesets, see LiveNation.com.xml
+
+	Non-functional hosts
+		Couldn't connect to server:
+		- livenation.ae
+-->
+<ruleset name="LiveNation.ae (partial)">
+	<target host="livenation.ae" />
+	<target host="www.livenation.ae" />
+
+	<rule from="^http://livenation\.ae/"
+			to="https://www.livenation.ae/" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/LiveNation.asia.xml b/src/chrome/content/rules/LiveNation.asia.xml
new file mode 100644
index 000000000000..500e0d38e3a6
--- /dev/null
+++ b/src/chrome/content/rules/LiveNation.asia.xml
@@ -0,0 +1,17 @@
+<!--
+	For other related rulesets, see LiveNation.com.xml
+
+	Non-functional hosts
+		Couldn't connect to server:
+		- livenation.asia
+-->
+<ruleset name="LiveNation.asia (partial)">
+	<target host="livenation.asia" />
+	<target host="www.livenation.asia" />
+
+	<rule from="^http://livenation\.asia/"
+			to="https://www.livenation.asia/" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/LiveNation.be.xml b/src/chrome/content/rules/LiveNation.be.xml
new file mode 100644
index 000000000000..4a62199c854d
--- /dev/null
+++ b/src/chrome/content/rules/LiveNation.be.xml
@@ -0,0 +1,16 @@
+<!--
+	For other related rulesets, see LiveNation.com.xml
+
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- livenation.be
+		- www.livenation.be
+-->
+<ruleset name="LiveNation.be (partial)" default_off="cert-invalid">
+	<target host="livenation.be" />
+	<target host="www.livenation.be" />
+	<target host="fr.livenation.be" />
+	<target host="nl.livenation.be" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/LiveNation.co.jp.xml b/src/chrome/content/rules/LiveNation.co.jp.xml
new file mode 100644
index 000000000000..412b90ba195b
--- /dev/null
+++ b/src/chrome/content/rules/LiveNation.co.jp.xml
@@ -0,0 +1,17 @@
+<!--
+	For other related rulesets, see LiveNation.com.xml
+
+	Non-functional hosts
+		Timeout was reached:
+		- livenation.co.jp
+-->
+<ruleset name="LiveNation.co.jp (partial)">
+	<target host="livenation.co.jp" />
+	<target host="www.livenation.co.jp" />
+
+	<rule from="^http://livenation\.co\.jp/"
+			to="https://www.livenation.co.jp/" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/LiveNation.co.uk.xml b/src/chrome/content/rules/LiveNation.co.uk.xml
new file mode 100644
index 000000000000..dc2f2fd61773
--- /dev/null
+++ b/src/chrome/content/rules/LiveNation.co.uk.xml
@@ -0,0 +1,20 @@
+<!--
+	For other related rulesets, see LiveNation.com.xml
+
+	Non-functional hosts
+		Couldn't connect to server:
+		- livenation.co.uk
+
+		SSL peer certificate was not OK:
+		- media.livenation.co.uk
+-->
+<ruleset name="LiveNation.co.uk (partial)">
+	<target host="livenation.co.uk" />
+	<target host="www.livenation.co.uk" />
+
+	<rule from="^http://livenation\.co\.uk/"
+			to="https://www.livenation.co.uk/" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/LiveNation.com.au.xml b/src/chrome/content/rules/LiveNation.com.au.xml
new file mode 100644
index 000000000000..ed05deaad370
--- /dev/null
+++ b/src/chrome/content/rules/LiveNation.com.au.xml
@@ -0,0 +1,17 @@
+<!--
+	For other related rulesets, see LiveNation.com.xml
+
+	Non-functional hosts
+		Couldn't connect to server:
+		- livenation.com.au
+-->
+<ruleset name="LiveNation.com.au (partial)">
+	<target host="livenation.com.au" />
+	<target host="www.livenation.com.au" />
+
+	<rule from="^http://livenation\.com\.au/"
+			to="https://www.livenation.com.au/" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/LiveNation.com.xml b/src/chrome/content/rules/LiveNation.com.xml
new file mode 100644
index 000000000000..e125909f14dd
--- /dev/null
+++ b/src/chrome/content/rules/LiveNation.com.xml
@@ -0,0 +1,50 @@
+<!--
+	Other Live Nation rulesets:
+		+ GETMEIN.com.xml
+		+ LiveNation.ae.xml
+		+ LiveNation.asia.xml
+		+ LiveNation.be.xml
+		+ LiveNation.co.jp.xml
+		+ LiveNation.co.uk.xml
+		+ LiveNation.com.au.xml
+		+ LiveNation.cz.xml
+		+ LiveNation.de.xml
+		+ LiveNation.dk.xml
+		+ LiveNation.es.xml
+		+ LiveNation.fi.xml
+		+ LiveNation.fr.xml
+		+ LiveNation.hu.xml
+		+ LiveNation.it.xml
+		+ LiveNation.kr.xml
+		+ LiveNation.nl.xml
+		+ LiveNation.no.xml
+		+ LiveNation.pl.xml
+		+ LiveNation.se.xml
+		+ Ticketmaster.xml
+		+ TicketsNow.xml
+
+	Non-functional hosts
+		Timeout was reached:
+		- livenation.com
+
+		Mixed content blocking (MCB) triggered:
+		- onenation.livenation.com
+
+		Secure connection redirects to plaintext:
+		- concerts.livenation.com
+-->
+<ruleset name="LiveNation.com (partial)">
+	<target host="livenation.com" />
+	<target host="www.livenation.com" />
+	<target host="assets.livenation.com" />
+		<test url="http://assets.livenation.com/assets/v3/VIPnation-365899086b46ff23e480b4d3121ce1db.png" />
+	<target host="identity.livenation.com" />
+	<target host="media.livenation.com" />
+		<test url="http://media.livenation.com/promotions/2883/2883--514121.jpg" />
+
+	<rule from="^http://livenation\.com/"
+		  	to="https://www.livenation.com/" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/LiveNation.cz.xml b/src/chrome/content/rules/LiveNation.cz.xml
new file mode 100644
index 000000000000..e3ddf5891416
--- /dev/null
+++ b/src/chrome/content/rules/LiveNation.cz.xml
@@ -0,0 +1,17 @@
+<!--
+	For other related rulesets, see LiveNation.com.xml
+
+	Non-functional hosts
+		Couldn't connect to server:
+		- livenation.cz
+-->
+<ruleset name="LiveNation.cz (partial)">
+	<target host="livenation.cz" />
+	<target host="www.livenation.cz" />
+
+	<rule from="^http://livenation\.cz/"
+			to="https://www.livenation.cz/" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/LiveNation.de.xml b/src/chrome/content/rules/LiveNation.de.xml
new file mode 100644
index 000000000000..036801add791
--- /dev/null
+++ b/src/chrome/content/rules/LiveNation.de.xml
@@ -0,0 +1,17 @@
+<!--
+	For other related rulesets, see LiveNation.com.xml
+
+	Non-functional hosts
+		Couldn't connect to server:
+		- livenation.de
+-->
+<ruleset name="LiveNation.de (partial)">
+	<target host="livenation.de" />
+	<target host="www.livenation.de" />
+
+	<rule from="^http://livenation\.de/"
+			to="https://www.livenation.de/" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/LiveNation.dk.xml b/src/chrome/content/rules/LiveNation.dk.xml
new file mode 100644
index 000000000000..58ff9f269008
--- /dev/null
+++ b/src/chrome/content/rules/LiveNation.dk.xml
@@ -0,0 +1,17 @@
+<!--
+	For other related rulesets, see LiveNation.com.xml
+
+	Non-functional hosts
+		Couldn't connect to server:
+		- livenation.dk
+-->
+<ruleset name="LiveNation.dk (partial)">
+	<target host="livenation.dk" />
+	<target host="www.livenation.dk" />
+
+	<rule from="^http://livenation\.dk/"
+			to="https://www.livenation.dk/" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/LiveNation.es.xml b/src/chrome/content/rules/LiveNation.es.xml
new file mode 100644
index 000000000000..c07099fbcb11
--- /dev/null
+++ b/src/chrome/content/rules/LiveNation.es.xml
@@ -0,0 +1,17 @@
+<!--
+	For other related rulesets, see LiveNation.com.xml
+
+	Non-functional hosts
+		Timeout was reached:
+		- livenation.es
+-->
+<ruleset name="LiveNation.es (partial)">
+	<target host="livenation.es" />
+	<target host="www.livenation.es" />
+
+	<rule from="^http://livenation\.es/"
+			to="https://www.livenation.es/" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/LiveNation.fi.xml b/src/chrome/content/rules/LiveNation.fi.xml
new file mode 100644
index 000000000000..5b3e8d14c02d
--- /dev/null
+++ b/src/chrome/content/rules/LiveNation.fi.xml
@@ -0,0 +1,17 @@
+<!--
+	For other related rulesets, see LiveNation.com.xml
+
+	Non-functional hosts
+		Couldn't connect to server:
+		- livenation.fi
+-->
+<ruleset name="LiveNation.fi (partial)">
+	<target host="livenation.fi" />
+	<target host="www.livenation.fi" />
+
+	<rule from="^http://livenation\.fi/"
+			to="https://www.livenation.fi/" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/LiveNation.fr.xml b/src/chrome/content/rules/LiveNation.fr.xml
new file mode 100644
index 000000000000..2841327df7f7
--- /dev/null
+++ b/src/chrome/content/rules/LiveNation.fr.xml
@@ -0,0 +1,17 @@
+<!--
+	For other related rulesets, see LiveNation.com.xml
+
+	Non-functional hosts
+		Couldn't connect to server:
+		- livenation.fr
+-->
+<ruleset name="LiveNation.fr (partial)">
+	<target host="livenation.fr" />
+	<target host="www.livenation.fr" />
+
+	<rule from="^http://livenation\.fr/"
+			to="https://www.livenation.fr/" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/LiveNation.hu.xml b/src/chrome/content/rules/LiveNation.hu.xml
new file mode 100644
index 000000000000..e3978c28ada0
--- /dev/null
+++ b/src/chrome/content/rules/LiveNation.hu.xml
@@ -0,0 +1,17 @@
+<!--
+	For other related rulesets, see LiveNation.com.xml
+
+	Non-functional hosts
+		Couldn't connect to server:
+		- livenation.hu
+-->
+<ruleset name="LiveNation.hu (partial)">
+	<target host="livenation.hu" />
+	<target host="www.livenation.hu" />
+
+	<rule from="^http://livenation\.hu/"
+			to="https://www.livenation.hu/" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/LiveNation.it.xml b/src/chrome/content/rules/LiveNation.it.xml
new file mode 100644
index 000000000000..d1960360b3c5
--- /dev/null
+++ b/src/chrome/content/rules/LiveNation.it.xml
@@ -0,0 +1,17 @@
+<!--
+	For other related rulesets, see LiveNation.com.xml
+
+	Non-functional hosts
+		Timeout was reached:
+		- livenation.it
+-->
+<ruleset name="LiveNation.it (partial)">
+	<target host="livenation.it" />
+	<target host="www.livenation.it" />
+
+	<rule from="^http://livenation\.it/"
+			to="https://www.livenation.it/" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/LiveNation.kr.xml b/src/chrome/content/rules/LiveNation.kr.xml
new file mode 100644
index 000000000000..95c526e715da
--- /dev/null
+++ b/src/chrome/content/rules/LiveNation.kr.xml
@@ -0,0 +1,17 @@
+<!--
+	For other related rulesets, see LiveNation.com.xml
+
+	Non-functional hosts
+		Timeout was reached:
+		- livenation.kr
+-->
+<ruleset name="LiveNation.kr (partial)">
+	<target host="livenation.kr" />
+	<target host="www.livenation.kr" />
+
+	<rule from="^http://livenation\.kr/"
+			to="https://www.livenation.kr/" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/LiveNation.nl.xml b/src/chrome/content/rules/LiveNation.nl.xml
new file mode 100644
index 000000000000..b9a5787a9e11
--- /dev/null
+++ b/src/chrome/content/rules/LiveNation.nl.xml
@@ -0,0 +1,17 @@
+<!--
+	For other related rulesets, see LiveNation.com.xml
+
+	Non-functional hosts
+		Timeout was reached:
+		- livenation.nl
+-->
+<ruleset name="LiveNation.nl (partial)">
+	<target host="livenation.nl" />
+	<target host="www.livenation.nl" />
+
+	<rule from="^http://livenation\.nl/"
+			to="https://www.livenation.nl/" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/LiveNation.no.xml b/src/chrome/content/rules/LiveNation.no.xml
new file mode 100644
index 000000000000..05b8a7148afb
--- /dev/null
+++ b/src/chrome/content/rules/LiveNation.no.xml
@@ -0,0 +1,17 @@
+<!--
+	For other related rulesets, see LiveNation.com.xml
+
+	Non-functional hosts
+		Couldn't connect to server:
+		- livenation.no
+-->
+<ruleset name="LiveNation.no (partial)">
+	<target host="livenation.no" />
+	<target host="www.livenation.no" />
+
+	<rule from="^http://livenation\.no/"
+			to="https://www.livenation.no/" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/LiveNation.pl.xml b/src/chrome/content/rules/LiveNation.pl.xml
new file mode 100644
index 000000000000..f9f81b5f59b7
--- /dev/null
+++ b/src/chrome/content/rules/LiveNation.pl.xml
@@ -0,0 +1,17 @@
+<!--
+	For other related rulesets, see LiveNation.com.xml
+
+	Non-functional hosts
+		Timeout was reached:
+		- livenation.pl
+-->
+<ruleset name="LiveNation.pl (partial)">
+	<target host="livenation.pl" />
+	<target host="www.livenation.pl" />
+
+	<rule from="^http://livenation\.pl/"
+			to="https://www.livenation.pl/" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/LiveNation.se.xml b/src/chrome/content/rules/LiveNation.se.xml
new file mode 100644
index 000000000000..c8e6327a43f1
--- /dev/null
+++ b/src/chrome/content/rules/LiveNation.se.xml
@@ -0,0 +1,17 @@
+<!--
+	For other related rulesets, see LiveNation.com.xml
+
+	Non-functional hosts
+		Couldn't connect to server:
+		- livenation.se
+-->
+<ruleset name="LiveNation.se (partial)">
+	<target host="livenation.se" />
+	<target host="www.livenation.se" />
+
+	<rule from="^http://livenation\.se/"
+			to="https://www.livenation.se/" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/LivePerson.net.xml b/src/chrome/content/rules/LivePerson.net.xml
new file mode 100644
index 000000000000..3c6e6bc57330
--- /dev/null
+++ b/src/chrome/content/rules/LivePerson.net.xml
@@ -0,0 +1,72 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://adminlogon.liveperson.net/ => https://adminlogon.liveperson.net/: (6, 'Could not resolve host: adminlogon.liveperson.net')
+Fetch error: http://base.liveperson.net/ => https://base.liveperson.net/: (35, 'Unknown SSL protocol error in connection to solutions.liveperson.com:443 ')
+Fetch error: http://dev.liveperson.net/ => https://dev.liveperson.net/: (7, 'Failed to connect to dev.liveperson.net port 443: Connection refused')
+Fetch error: http://server.iad.liveperson.net/ => https://server.iad.liveperson.net/: (35, 'Unknown SSL protocol error in connection to solutions.liveperson.com:443 ')
+Fetch error: http://sales.liveperson.net/ => https://sales.liveperson.net/: (35, 'Unknown SSL protocol error in connection to solutions.liveperson.com:443 ')
+Fetch error: http://sr2.liveperson.net/ => https://sr2.liveperson.net/: (35, 'Unknown SSL protocol error in connection to solutions.liveperson.com:443 ')
+Fetch error: http://sr4.liveperson.net/ => https://sr4.liveperson.net/: (35, 'Unknown SSL protocol error in connection to solutions.liveperson.com:443 ')
+Fetch error: http://sso.liveperson.net/ => https://sso.liveperson.net/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	For other LivePerson coverage, see LivePerson.xml.
+
+
+	Fully covered hosts in *liveperson.net:
+
+		- adminlogon
+		- base
+		- dev
+		- server.iad
+		- lptag
+		- sales
+		- sr[24]
+		- sso
+		- tags
+
+
+	Observed cookie domains:
+
+		- liveperson.net:
+
+			- .
+			- base
+			- server.iad
+			- sales
+			- sr2
+
+
+	server.iad and sales set lpFPCtest and HumanClickSiteContainerID_\d{8}
+	cookies on whichever domain either is loaded from.
+
+	server.iad also sets the following cookies cookies
+	on whichever domain it is loaded from:
+
+		- \d{8}-SKEY
+		- \d{8}-VID
+
+-->
+<ruleset name="LivePerson.net" default_off="failed ruleset test">
+
+	<target host="adminlogon.liveperson.net" />
+	<target host="base.liveperson.net" />
+	<target host="dev.liveperson.net" />
+	<target host="server.iad.liveperson.net" />
+	<target host="lptag.liveperson.net" />
+	<target host="sales.liveperson.net" />
+	<target host="sr2.liveperson.net" />
+	<target host="sr4.liveperson.net" />
+	<target host="sso.liveperson.net" />
+	<target host="tags.liveperson.net" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<!--	sr2 example: https://www.oracle.com/partners/index.html
+									-->
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/LivePerson.xml b/src/chrome/content/rules/LivePerson.xml
index c1667f63c7a1..5c71eb9d0682 100644
--- a/src/chrome/content/rules/LivePerson.xml
+++ b/src/chrome/content/rules/LivePerson.xml
@@ -1,4 +1,19 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://hc2.humanclick.com/ => https://hc2.humanclick.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://apps.liveperson.com/ => https://apps.liveperson.com/: (35, 'Unknown SSL protocol error in connection to apps.liveperson.com:443 ')
+Fetch error: http://base.liveperson.com/ => https://base.liveperson.com/: (6, 'Could not resolve host: base.liveperson.com')
+Fetch error: http://community.liveperson.com/ => https://community.liveperson.com/: (6, 'Could not resolve host: community.liveperson.com')
+Fetch error: http://solutions.liveperson.com/ => https://solutions.liveperson.com/: (35, 'Unknown SSL protocol error in connection to solutions.liveperson.com:443 ')
+Fetch error: http://sr2.liveperson.com/ => https://sr2.liveperson.com/: (6, 'Could not resolve host: sr2.liveperson.com')
+Fetch error: http://liveperson.hosted.jivesoftware.com/ => https://community.liveperson.net/: (6, 'Could not resolve host: community.liveperson.net')
+
+	Other LivePerson rulesets:
+
+		- LivePerson.net.xml
+
+
 	Problematic domains:
 
 		- liveperson.com	(cert only matches *.liveperson.com)
@@ -19,18 +34,6 @@
 			- solutions
 			- sr2
 
-		- liveperson.net subdomains:
-
-			- adminlogon
-			- base
-			- dev
-			- server.iad
-			- lptag
-			- sales
-			- sr[24]
-			- sso
-			- tags
-
 
 	Observed cookie domains:
 
@@ -43,54 +46,39 @@
 			- connect
 			- customercenter
 
-		- liveperson.net:
-
-			- .
-			- base
-			- server.iad
-			- sales
-			- sr2
-
-
-	server.iad and sales set lpFPCtest and HumanClickSiteContainerID_\d{8}
-	cookies on whichever domain either is loaded from.
-
-	server.iad also sets the following cookies cookies
-	on whichever domain it is loaded from:
-
-		- \d{8}-SKEY
-		- \d{8}-VID
-
 -->
-<ruleset name="LivePerson (partial)" platform="mixedcontent">
+<ruleset name="LivePerson (partial)" platform="mixedcontent" default_off="failed ruleset test">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="hc2.humanclick.com" />
+
+	<target host="apps.liveperson.com" />
+	<target host="base.liveperson.com" />
+	<target host="community.liveperson.com" />
+	<target host="customercenter.liveperson.com" />
+	<target host="solutions.liveperson.com" />
+	<target host="sr2.liveperson.com" />
+	<target host="www.liveperson.com" />
+
+	<!--	Complications:
+				-->
 	<target host="liveperson.hosted.jivesoftware.com" />
+
 	<target host="liveperson.com" />
-	<target host="*.liveperson.com" />
-	<target host="liveperson.net" />
-	<target host="*.liveperson.net" />
 
 
 	<securecookie host="^hc2\.humanclick\.com$" name=".+" />
-	<securecookie host=".*\.liveperson\.(?:com|net)$" name=".+" />
+	<securecookie host=".*\.liveperson\.com$" name=".+" />
 
 
-	<rule from="^http://hc2\.humanclick\.com/"
-		to="https://hc2.humanclick.com/" />
+	<rule from="^http://liveperson\.hosted\.jivesoftware\.com/"
+		to="https://community.liveperson.net/" />
 
-	<rule from="^http://(?:www\.)?liveperson\.com/"
+	<rule from="^http://liveperson\.com/"
 		to="https://www.liveperson.com/" />
 
-	<rule from="^http://(apps|base|community|customercenter|solutions|sr2)\.liveperson\.com/"
-		to="https://$1.liveperson.com/" />
-
-	<!--	sr2 example: https://www.oracle.com/partners/index.html
-									-->
-	<rule from="^http://(adminlogon|base|dev|lptag|sales|server\.iad|sr[24]|sso|tags)\.liveperson\.net/"
-		to="https://$1.liveperson.net/" />
-
-	<rule from="^http://liveperson\.hosted\.jivesoftware\.com/"
-		to="https://community.liveperson.net/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/LiveRail-problematic.xml b/src/chrome/content/rules/LiveRail-problematic.xml
index c88daca3c059..bee411ff2d4a 100644
--- a/src/chrome/content/rules/LiveRail-problematic.xml
+++ b/src/chrome/content/rules/LiveRail-problematic.xml
@@ -2,13 +2,13 @@
 	For rules that are on by default, see LiveRail.xml.
 
 -->
-<ruleset name="LiveRail (problematic)" default_off="mismatch">
+<ruleset name="LiveRail (problematic)" default_off="mismatched">
 
 	<target host="cdn-static.liverail.com" />
 	<target host="static.liverail.com" />
 
 
-	<rule from="^https?://(?:cdn-)?static\.liverail\.com/"
+	<rule from="^http://(?:cdn-)?static\.liverail\.com/"
 		to="https://cdn-static.liverail.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/LiveRail.xml b/src/chrome/content/rules/LiveRail.xml
index 8090159e8e98..4f2adc4be31f 100644
--- a/src/chrome/content/rules/LiveRail.xml
+++ b/src/chrome/content/rules/LiveRail.xml
@@ -1,4 +1,11 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ad4.liverail.com/ => https://ad4.liverail.com/: (6, 'Could not resolve host: ad4.liverail.com')
+Fetch error: http://cdn-static-secure.liverail.com/ => https://cdn-static-secure.liverail.com/: (6, 'Could not resolve host: cdn-static-secure.liverail.com')
+Fetch error: http://platform4.liverail.com/ => https://platform4.liverail.com/: (6, 'Could not resolve host: platform4.liverail.com')
+Fetch error: http://t4.liverail.com/ => https://t4.liverail.com/: (6, 'Could not resolve host: t4.liverail.com')
+
 	For problematic rules, see LiveRail-problematic.xml.
 
 
@@ -15,13 +22,15 @@
 
 	Nonfunctional subdomains:
 
-		- (www.) *
+		- (www.) ¹
+		- lp ²
 		- platform
-		- platform4
 		- static *
 		- support	(times out)
 		- wp *
 
+	¹ 404
+	² Marketo
 	* 403, CN: test.liverail.com, self-signed
 
 
@@ -35,18 +44,64 @@
 
 	Partially covered subdomains:
 
-		- lp		(→ na-n.marketo.com; $ redirects to app-n.marketo.com, CN: *.marketo.com)
+		- lp		(→ na-n.marketo.com)
+
+
+	Fully covered hosts in *liverail.com:
+
+		- ad4
+		- cdn-static-secure
+		- platform4
+		- t4
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .liverail.com
+		- platform4.liverail.com
 
 -->
-<ruleset name="LiveRail (partial) ">
+<ruleset name="LiveRail.com (partial) " default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ad4.liverail.com" />
+	<target host="cdn-static-secure.liverail.com" />
+	<target host="platform4.liverail.com" />
+	<target host="t4.liverail.com" />
+
+	<!--	Complications:
+				-->
+	<target host="lp.liverail.com" />
+
+		<exclusion pattern="^http://lp\.liverail\.com/+(?!css/|images/|rs/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://lp.liverail.com/VPX.html" />
+			<test url="http://lp.liverail.com/VPX.html?" />
+			<test url="http://lp.liverail.com/VPX.html?f" />
+			<test url="http://lp.liverail.com//VPX.html" />
+
+			<!--	-ve:
+					-->
+			<test url="http://lp.liverail.com/css/mktLPSupport.css" />
+			<test url="http://lp.liverail.com/images/forms/backRequiredGray.gif" />
+			<test url="http://lp.liverail.com/rs/liverail/images/footer-content-bg.jpg" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.liverail\.com$" name="^(lr_bknd|lr_uds|lr_uid)$" /-->
+	<!--securecookie host="^platform4\.liverail\.com$" name="^PHPSESSID$" /-->
 
-	<target host="*.liverail.com" />
+	<securecookie host="^(?:platform4)?\.liverail\.com$" name=".+" />
 
 
-	<rule from="^http://(ad|t)4\.liverail\.com/"
-		to="https://$14.liverail.com/" />
+	<rule from="^http://lp\.liverail\.com/"
+		to="https://na-n.marketo.com/" />
 
-	<rule from="^https?://lp\.liverail\.com/(css|images|rs)/"
-		to="https://na-n.marketo.com/$1/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/LiveRamp.xml b/src/chrome/content/rules/LiveRamp.xml
index 03170f31abfe..8dd8ac40ff38 100644
--- a/src/chrome/content/rules/LiveRamp.xml
+++ b/src/chrome/content/rules/LiveRamp.xml
@@ -1,7 +1,29 @@
-<ruleset name="LiveRamp">
+<!--
+	Problematic hosts in *liveramp.com:
 
-	<target host="liveramp.com" />
-	<target host="*.liveramp.com" />
+		- (www.)? *
+		- blog *
+
+	* Expired
+
+
+	Fully covered hosts in *liveramp.com:
+
+		- connect
+		- dashboard
+		- gp
+
+-->
+<ruleset name="LiveRamp.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<!--target host="liveramp.com" /-->
+	<!--target host="blog.liveramp.com" /-->
+	<target host="connect.liveramp.com" />
+	<target host="dashboard.liveramp.com" />
+	<target host="go.liveramp.com" />
+	<!--target host="www.liveramp.com" /-->
 
 
 	<!--	Observed cookie subdomains:
@@ -10,10 +32,10 @@
 			- dashboard
 			- www
 					-->
-	<securecookie host="^(?:.+\.)?liveramp\.com$" name=".+" />
+	<!--securecookie host="^(?:.+\.)?liveramp\.com$" name=".+" /-->
 
 
-	<rule from="^http://(dashboard\.|www\.)?liveramp\.com/"
-		to="https://$1liveramp.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/LiveStrong.com.xml b/src/chrome/content/rules/LiveStrong.com.xml
new file mode 100644
index 000000000000..a58a3e10ff58
--- /dev/null
+++ b/src/chrome/content/rules/LiveStrong.com.xml
@@ -0,0 +1,26 @@
+<!--
+	For other Demand Media coverage, see Demand-Media.xml.
+
+	All subdomains seem to redirect to www.livestrong.com.
+
+	Non-functional hosts:
+		Timeout:
+		- i.lsimg.net
+
+-->
+<ruleset name="Live Strong.com (partial)">
+
+	<target host="livestrong.com" />
+	<target host="www.livestrong.com" />
+
+	<target host="dynamic01.livestrongcdn.com" />
+	<target host="dynamic02.livestrongcdn.com" />
+	<target host="img.aws.livestrongcdn.com" />
+	<target host="static.livestrongcdn.com" />
+
+	<securecookie host="^(?:.*\.)?livestrong\.com$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/LiveWyer.com.xml b/src/chrome/content/rules/LiveWyer.com.xml
new file mode 100644
index 000000000000..227e029175ba
--- /dev/null
+++ b/src/chrome/content/rules/LiveWyer.com.xml
@@ -0,0 +1,22 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://livewyer.com/ => https://livewyer.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.livewyer.com/ => https://www.livewyer.com/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="LiveWyer.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="livewyer.com" />
+	<target host="www.livewyer.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/LiveZilla.net.xml b/src/chrome/content/rules/LiveZilla.net.xml
index d661c0ff4c1b..bb917aef0b77 100644
--- a/src/chrome/content/rules/LiveZilla.net.xml
+++ b/src/chrome/content/rules/LiveZilla.net.xml
@@ -1,24 +1,51 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://livezilla.net/ => https://livezilla.net/: (51, "SSL: no alternative certificate subject name matches target host name 'livezilla.net'")
+
 	CDN buckets:
 
 		- livezilla.idea.informer.com
 
 
-	Problematic subdomains:
+	Nonfunctional hosts in *livezilla.net:
+
+		- forum *
+
+	* Shows dedi3494.your-server.de
+
+
+	Problematic hosts in *livezilla.net:
+
+		- changelog *
+		- roadmap *
+
+	* Mismatched
+
+
+	Fully covered hosts in *livezilla.net:
+
+		- (www.)?
+
+
+	Insecure cookies are set for these domains:
 
-		- ^	(works, cert only matches www)
+		- .livezilla.net
 
 -->
-<ruleset name="LiveZilla.net">
+<ruleset name="LiveZilla.net (partial)" default_off="failed ruleset test">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="livezilla.net" />
+	<target host="chat.livezilla.net" />
 	<target host="www.livezilla.net" />
 
 
 	<securecookie host="^www\.livezilla\.net$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?livezilla\.net/"
-		to="https://www.livezilla.net/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Live_Lingua.com.xml b/src/chrome/content/rules/Live_Lingua.com.xml
new file mode 100644
index 000000000000..58739ccefb36
--- /dev/null
+++ b/src/chrome/content/rules/Live_Lingua.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- www.livelingua.com
+
+-->
+<ruleset name="Live Lingua.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="livelingua.com" />
+	<target host="www.livelingua.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.livelingua\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^www\.livelingua\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Live_filestore.com.xml b/src/chrome/content/rules/Live_filestore.com.xml
new file mode 100644
index 000000000000..96b11dcbc52a
--- /dev/null
+++ b/src/chrome/content/rules/Live_filestore.com.xml
@@ -0,0 +1,22 @@
+<!--
+	For other Microsoft coverage, see Microsoft.xml.
+
+
+	Fully covered domains:
+
+		- \w+.bay.livefilestore.com:
+
+			- c
+
+-->
+<ruleset name="Live filestore.com">
+
+	<target host="*.bay.livefilestore.com" />
+
+		<test url="http://c.bay.livefilestore.com/" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Liveclicker.com.xml b/src/chrome/content/rules/Liveclicker.com.xml
new file mode 100644
index 000000000000..dbf3cffc94fb
--- /dev/null
+++ b/src/chrome/content/rules/Liveclicker.com.xml
@@ -0,0 +1,28 @@
+<!--
+	Other Liveclicker rulesets:
+
+		- RealTime.Email.xml
+
+
+	Fully covered hosts in *liveclicker.com:
+
+		- (www.)?
+
+
+	Mixed content:
+
+		- Image from www.realtime.email
+
+-->
+<ruleset name="Liveclicker.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="liveclicker.com" />
+	<target host="www.liveclicker.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Liveclicker.net.xml b/src/chrome/content/rules/Liveclicker.net.xml
new file mode 100644
index 000000000000..d1e5f234929c
--- /dev/null
+++ b/src/chrome/content/rules/Liveclicker.net.xml
@@ -0,0 +1,8 @@
+<ruleset name="Liveclicker.net">
+
+	<target host="ecdn.liveclicker.net" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Livecoding.tv.xml b/src/chrome/content/rules/Livecoding.tv.xml
new file mode 100644
index 000000000000..654e83a92d57
--- /dev/null
+++ b/src/chrome/content/rules/Livecoding.tv.xml
@@ -0,0 +1,21 @@
+<!--
+	Nonfunctional hosts in *livecoding.tv:
+
+		- blog *
+		- roadmap *
+
+	* 503
+
+-->
+<ruleset name="Livecoding.tv (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="livecoding.tv" />
+	<target host="www.livecoding.tv" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Livefyre-mismatches.xml b/src/chrome/content/rules/Livefyre-mismatches.xml
index 705e13bc5cbc..4732cbfc7cef 100644
--- a/src/chrome/content/rules/Livefyre-mismatches.xml
+++ b/src/chrome/content/rules/Livefyre-mismatches.xml
@@ -2,7 +2,7 @@
 	For rules that are on by default, see Livefyre.xml.
 
 -->
-<ruleset name="Livefyre (mismatches)" default_off="mismatch">
+<ruleset name="Livefyre (mismatches)" default_off="mismatched">
 
 	<target host="blog.livefyre.com" />
 	<target host="press.livefyre.com" />
diff --git a/src/chrome/content/rules/Livefyre.com.xml b/src/chrome/content/rules/Livefyre.com.xml
new file mode 100644
index 000000000000..23aa95216db1
--- /dev/null
+++ b/src/chrome/content/rules/Livefyre.com.xml
@@ -0,0 +1,21 @@
+<!--
+	Not covered:
+
+		- ^ ¹
+		- web ²
+		- www ³
+
+	¹: Refused
+	²: Bad CN in cert
+	³: Redirects to web.livefyre.com
+-->
+<ruleset name="Livefyre.com (partial)">
+
+	<target host="cdn.livefyre.com" />
+
+	<test url="http://cdn.livefyre.com/libs/commentcount/v1.0/commentcount.js" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Livefyre.xml b/src/chrome/content/rules/Livefyre.xml
index 4fd9d30e511a..b72700b63f5c 100644
--- a/src/chrome/content/rules/Livefyre.xml
+++ b/src/chrome/content/rules/Livefyre.xml
@@ -1,33 +1,20 @@
 <!--
 	For problematic rules, see Livefyre-mismatches.xml.
-
-
-	CDN buckets:
-
-		- livefyre-avatar.s3.amazonaws.com | dpstvy7p9whsy.cloudfront.net
-		- d584h2bjreb1u.cloudfront.net 
-
 -->
 <ruleset name="Livefyre (partial)">
 
-	<!--	cloudfront.net
-			-->
-	<target host="*.fyre.co" />
-	<!--	No https.
-			-->
-	<target host="livefyre.com" />
-	<target host="*.livefyre.com" />
-
-
-	<securecookie host="^\.livefyre\.co$" name=".+" />
+	<!-- *.fyre.co -->
+	<target host="avatars.fyre.co" />
+	<target host="zor.fyre.co" />
 
+	<!-- *.livefyre.com -->
+	<target host="livefyre.com" />
+	<target host="www.livefyre.com" />
+	<target host="web.livefyre.com" />
+	<target host="zor.livefyre.com" />
 
-	<rule from="^https?://avatars\.fyre\.co/"
-		to="https://dpstvy7p9whsy.cloudfront.net/" />
+	<securecookie host=".+" name=".+" />
 
-	<!--	Data appear to be identical.
-						-->
-	<rule from="^http://(?:zor\.fyre\.co|(?:www\.|zor\.)?livefyre\.com)/"
-		to="https://d584h2bjreb1u.cloudfront.net/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Livelib.ru.xml b/src/chrome/content/rules/Livelib.ru.xml
new file mode 100644
index 000000000000..6235e18f7dc1
--- /dev/null
+++ b/src/chrome/content/rules/Livelib.ru.xml
@@ -0,0 +1,6 @@
+<ruleset name="Livelib.ru">
+	<target host="livelib.ru" />
+	<target host="www.livelib.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Livermores-Centennial-Light-Live-Cam.xml b/src/chrome/content/rules/Livermores-Centennial-Light-Live-Cam.xml
deleted file mode 100644
index 951fe2b72dc3..000000000000
--- a/src/chrome/content/rules/Livermores-Centennial-Light-Live-Cam.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="Livermore's Centennial Light Live Cam" default_off="expired, self-signed">
-
-	<!--	cert: ip-72-167-166-180.ip.secureserver.net	-->
-	<target host="centennialbulb.org"/>
-	<target host="www.centennialbulb.org"/>
-
-	<rule from="^http://(?:www\.)?centennialbulb\.org/"
-		to="https://centennialbulb.org/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Liverpool_Victoria.xml b/src/chrome/content/rules/Liverpool_Victoria.xml
index 9854f7cb4ccb..693f02815fce 100644
--- a/src/chrome/content/rules/Liverpool_Victoria.xml
+++ b/src/chrome/content/rules/Liverpool_Victoria.xml
@@ -16,7 +16,6 @@
 	<securecookie host="^www\.lv\.com$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?lv\.com/"
-		to="https://www.lv.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Livestatserver.com.xml b/src/chrome/content/rules/Livestatserver.com.xml
new file mode 100644
index 000000000000..1741eac3d975
--- /dev/null
+++ b/src/chrome/content/rules/Livestatserver.com.xml
@@ -0,0 +1,20 @@
+<!--
+	No working URL known:
+		cdn.livestatserver.com
+		images.livestatserver.com
+		ssl.livestatserver.com
+		staging.livestatserver.com
+		w1.livestatserver.com
+
+-->
+<ruleset name="Livestatserver.com">
+
+	<target host="livestatserver.com" />
+		<test url="http://livestatserver.com/form-analytics.php" />
+	<target host="www.livestatserver.com" />
+		<test url="http://www.livestatserver.com/form-analytics.php" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Livestock-Transport.xml b/src/chrome/content/rules/Livestock-Transport.xml
index 805515da9154..bf71d9fe0fe8 100644
--- a/src/chrome/content/rules/Livestock-Transport.xml
+++ b/src/chrome/content/rules/Livestock-Transport.xml
@@ -1,17 +1,24 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://livestock-transport.com/ => https://livestock-transport.com/: (51, "SSL: no alternative certificate subject name matches target host name 'livestock-transport.com'")
+Fetch error: http://www.livestock-transport.com/ => https://www.livestock-transport.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.livestock-transport.com'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://livestock-transport.com/ => https://livestock-transport.com/: (35, 'error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol')
+Fetch error: http://www.livestock-transport.com/ => https://www.livestock-transport.com/: (35, 'error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol')
 	livestock.ning.com
 
 -->
-<ruleset name="Livestock Transport">
+<ruleset name="Livestock Transport" default_off="failed ruleset test">
 
 	<target host="livestock-transport.com" />
 	<target host="www.livestock-transport.com" />
 
 
-	<securecookie host="^(www\.)?livestock-transport\.com$" name=".*" />
+	<securecookie host="^(?:www\.)?livestock-transport\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?livestock-transport\.com/"
-		to="https://$1livestock-transport.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Livestream.xml b/src/chrome/content/rules/Livestream.xml
index f60849065ddc..e0e8c022143d 100644
--- a/src/chrome/content/rules/Livestream.xml
+++ b/src/chrome/content/rules/Livestream.xml
@@ -1,26 +1,30 @@
 <!--
-	Fully covered subdomains:
+	Nonfunctional hosts in *livestream.com:
 
-		- \w+.api	(per-account subdomains)
-		- thumbnail.api
-		- cdn
-		- new
-		- img.new
-		- secure
-		- upload-downloads
-		- www
+		- upload-downloads -> refused
+		- blog             -> wrong domain
+
+
+	^(?!thumbnail\.)*.api: Per-account subdomains
 
 -->
-<ruleset name="Livestream">
+<ruleset name="Livestream.com">
 
 	<target host="livestream.com" />
-	<target host="*.livestream.com" />
+	<target host="*.api.livestream.com" />
+	<target host="cdn.livestream.com" />
+	<target host="new.livestream.com" />
+	<target host="img.new.livestream.com" />
+	<target host="secure.livestream.com" />
+	<target host="www.livestream.com" />
+
+		<test url="http://cdn.livestream.com/embedfiles/mask.png" />
 
 
-	<securecookie host="^.*\.livestream\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://((?:\w+\.api|cdn|new|img\.new|secure|upload-downloads|www)\.)?livestream\.com/"
-		to="https://$1livestream.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Livestrong.xml b/src/chrome/content/rules/Livestrong.xml
index 7ff8ffe25ec0..e401f7235860 100644
--- a/src/chrome/content/rules/Livestrong.xml
+++ b/src/chrome/content/rules/Livestrong.xml
@@ -1,11 +1,13 @@
-<ruleset name="Livestrong (partial)" platform="mixedcontent">
-
-	<target host="livestrong.org"/>
-	<target host="*.livestrong.org"/>
-
-	<securecookie host="^(.*\.)?livestrong\.org$" name=".*"/>
-
-	<rule from="^http://(blog\.|www\.)?livestrong\.org/"
-		to="https://$1livestrong.org/"/>
-
+<!--
+	Not supported:
+	- ^ŵww
+	- blog (expired)
+-->
+<ruleset name="Livestrong (partial)" default_off="redirect loop">
+	<target host="www.livestrong.org"/>
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/LivingIslam.org.xml b/src/chrome/content/rules/LivingIslam.org.xml
new file mode 100644
index 000000000000..f1864f8242b0
--- /dev/null
+++ b/src/chrome/content/rules/LivingIslam.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="LivingIslam.org" platform="mixedcontent">
+	<target host="livingislam.org" />
+	<target host="www.livingislam.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/LivingSocial.co.uk.xml b/src/chrome/content/rules/LivingSocial.co.uk.xml
new file mode 100644
index 000000000000..05c7cc27b45d
--- /dev/null
+++ b/src/chrome/content/rules/LivingSocial.co.uk.xml
@@ -0,0 +1,27 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://help.livingsocial.co.uk/ => https://help.livingsocial.co.uk/: (28, 'Connection timed out after 20001 milliseconds')
+
+	For other LivingSocial coverage, see LivingSocial.xml.
+
+
+	Fully covered hosts in *livingsocial.co.uk:
+
+		- (www.)?
+		- help
+
+-->
+<ruleset name="LivingSocial.co.uk" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="livingsocial.co.uk" />
+	<target host="help.livingsocial.co.uk" />
+	<target host="www.livingsocial.co.uk" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/LivingSocial.xml b/src/chrome/content/rules/LivingSocial.xml
index cd11954d4b33..f0e9dc1e5a6f 100644
--- a/src/chrome/content/rules/LivingSocial.xml
+++ b/src/chrome/content/rules/LivingSocial.xml
@@ -1,35 +1,102 @@
+
 <!--
-	CDN buckets:
+Disabled by https-everywhere-checker because:
+Fetch error: http://payments.livingsocial.com/ => https://payments.livingsocial.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://paypass.livingsocial.com/ => https://paypass.livingsocial.com/: (28, 'Connection timed out after 20002 milliseconds')
 
-		- a248.e.akamai.net/si.lscdn.net/
+	Other LivingSocial rulesets:
 
+		- LS_CDN.net.xml
+		- LivingSocial.co.uk.xml
 
-	Problematic domains:
 
-		- help.livingsocial.co.uk	(mismatched)
+	Nonfunctional hosts in *livingsocial.com:
 
--->
-<ruleset name="LivingSocial (partial)">
+		- blog *
+
+	* wpengine
+
+
+	Fully covered hosts in *livingsocial.com:
+
+		- (www.)?
+		- corporate
+		- feed
+		- feeder
+		- help
+		- living
+		- login
+		- mailtracker
+		- mdn
+		- menus
+		- merchant
+		- merchants
+		- payments
+		- paypass
+		- pipeline
+		- pixels
+		- promotionbuilder
+		- share
+		- sherlock
+		- subscribe
+		- touch
 
-	<target host="help.livingsocial.co.uk" />
-	<target host="livingsocial.com" />
-	<target host="*.livingsocial.com" />
-	<target host="*.lscdn.net" />
 
+	These altnames don't exist:
 
-	<securecookie host="^(?:www)?\.livingsocial\.com$" name=".+" />
+		- www.payments.livingsocial.com
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .livingsocial.com
+		- mailtracker.livingsocial.com
+		- merchant.livingsocial.com
+		- pipeline.livingsocial.com
+		- www.livingsocial.com
+
+-->
+<ruleset name="LivingSocial.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="livingsocial.com" />
+	<target host="corporate.livingsocial.com" />
+	<target host="feed.livingsocial.com" />
+	<target host="feeder.livingsocial.com" />
+	<target host="help.livingsocial.com" />
+	<target host="living.livingsocial.com" />
+	<target host="login.livingsocial.com" />
+	<target host="mailtracker.livingsocial.com" />
+	<target host="mdn.livingsocial.com" />
+	<target host="menus.livingsocial.com" />
+	<target host="merchant.livingsocial.com" />
+	<target host="merchants.livingsocial.com" />
+	<target host="payments.livingsocial.com" />
+	<target host="paypass.livingsocial.com" />
+	<target host="pipeline.livingsocial.com" />
+	<target host="pixels.livingsocial.com" />
+	<target host="promotionbuilder.livingsocial.com" />
+	<target host="share.livingsocial.com" />
+	<target host="sherlock.livingsocial.com" />
+	<target host="subscribe.livingsocial.com" />
+	<target host="touch.livingsocial.com" />
+	<target host="www.livingsocial.com" />
 
 
-	<rule from="^http://help\.livingsocial\.co\.uk/(image|stylesheet)s/"
-		to="https://help.livingsocial.com/$1s/" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.livingsocial\.com$" name="^(__fs|ls_pipeline_deals_st|market|preferred_city_id|purchase_in_progress|ref_code|root_visit|useracq-data-cookie)$" /-->
+	<!--securecookie host="^mailtracker\.livingsocial\.com$" name="^_session_id$" /-->
+	<!--securecookie host="^merchant\.livingsocial\.com$" name="^_mc_chrome_session$" /-->
+	<!--securecookie host="^pipeline\.livingsocial\.com$" name="^(_ia-pipeline-r3_2_session|Accept-Language)$" /-->
+	<!--securecookie host="^sherlock\.livingsocial\.com$" name="^_sherlock_session$" /-->
+	<!--securecookie host="^www\.livingsocial\.com$" name="^msdc_for_\d+$" /-->
 
-	<rule from="^http://(corporate\.|help\.|www\.)?livingsocial\.com/"
-		to="https://$1livingsocial.com/" />
+	<securecookie host="^(?:mailtracker|merchant|pipeline|sherlock|www)?\.livingsocial\.com$" name=".+" />
 
-	<rule from="^http://a(\d)\.lscdn\.net/"
-		to="https://a$1.lscdn.net/" />
 
-	<rule from="^http://a\d\.ak\.lscdn\.net/"
-		to="https://a248.e.akamai.net/si.lscdn.net/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Living_Routes.org.xml b/src/chrome/content/rules/Living_Routes.org.xml
deleted file mode 100644
index 53bc0a2f2960..000000000000
--- a/src/chrome/content/rules/Living_Routes.org.xml
+++ /dev/null
@@ -1,29 +0,0 @@
-<!--
-	Mixed content:
-
-		- css, on ^ from:
-
-			- ^ *
-			- fonts.googleapis.com *
-
-		- Images, on ^ from:
-
-			- ^ *
-			- \d.staticflickr.com *
-
-	* Secured by us
-
--->
-<ruleset name="Living Routes.org (false MCB)" platform="mixedcontent">
-
-	<target host="livingroutes.org" />
-	<target host="*.livingroutes.org" />
-
-
-	<securecookie host="^(?:www)?\.livingroutes\.org$" name=".+" />
-
-
-	<rule from="^http://(www\.)?livingroutes\.org/"
-		to="https://$1livingroutes.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Liwenhaosuper.com.xml b/src/chrome/content/rules/Liwenhaosuper.com.xml
new file mode 100644
index 000000000000..b86e547dc9d0
--- /dev/null
+++ b/src/chrome/content/rules/Liwenhaosuper.com.xml
@@ -0,0 +1,27 @@
+<!--
+	www: cert only matches ^liwenhaosuper.com
+
+
+	At least some pages redirect to www.
+
+
+	Mixed content:
+
+		- Images from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="liwenhaosuper.com" default_off="expired, mismatched, self-signed">
+
+	<target host="liwenhaosuper.com" />
+	<target host="www.liwenhaosuper.com" />
+
+
+	<securecookie host="^(?:www\.)?liwenhaosuper\.com$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?liwenhaosuper\.com/"
+		to="https://liwenhaosuper.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Liz_denys.com.xml b/src/chrome/content/rules/Liz_denys.com.xml
new file mode 100644
index 000000000000..a806c25d4178
--- /dev/null
+++ b/src/chrome/content/rules/Liz_denys.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="liz denys.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="lizdenys.com" />
+	<target host="blog.lizdenys.com" />
+	<target host="www.lizdenys.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Lizard_Wrangler.com.xml b/src/chrome/content/rules/Lizard_Wrangler.com.xml
new file mode 100644
index 000000000000..52675cc7a45c
--- /dev/null
+++ b/src/chrome/content/rules/Lizard_Wrangler.com.xml
@@ -0,0 +1,16 @@
+<!--
+	For other Mozilla coverage, see Mozilla.xml.
+
+
+	(www.): http reply
+
+-->
+<ruleset name="Lizard Wrangler.com (partial)">
+
+	<target host="blog.lizardwrangler.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Llanfairpwllgwyngyllgogerychwyrndrobwllllantysiliogogogoch.co.uk.xml b/src/chrome/content/rules/Llanfairpwllgwyngyllgogerychwyrndrobwllllantysiliogogogoch.co.uk.xml
new file mode 100644
index 000000000000..c6859aecc6bd
--- /dev/null
+++ b/src/chrome/content/rules/Llanfairpwllgwyngyllgogerychwyrndrobwllllantysiliogogogoch.co.uk.xml
@@ -0,0 +1,6 @@
+<ruleset name="Llanfairpwllgwyngyllgogerychwyrndrobwllllantysiliogogogoch.co.uk">
+  <target host="llanfairpwllgwyngyllgogerychwyrndrobwllllantysiliogogogoch.co.uk" />
+  <target host="www.llanfairpwllgwyngyllgogerychwyrndrobwllllantysiliogogogoch.co.uk" />
+  <target host="mail.llanfairpwllgwyngyllgogerychwyrndrobwllllantysiliogogogoch.co.uk" />
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Lloyds_TSB_Offshore.xml b/src/chrome/content/rules/Lloyds_TSB_Offshore.xml
index ab39d2be1064..96a2a11bb553 100644
--- a/src/chrome/content/rules/Lloyds_TSB_Offshore.xml
+++ b/src/chrome/content/rules/Lloyds_TSB_Offshore.xml
@@ -1,10 +1,20 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://online-offshore.lloydstsb.com/ => https://online-offshore.lloydstsb.com/: (28, 'Operation timed out after 0 milliseconds with 0 out of 0 bytes received')
+Fetch error: http://lloydstsb-offshore.com/ => https://www.lloydstsb-offshore.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.lloydstsb-offshore.com/ => https://www.lloydstsb-offshore.com/: (28, 'Connection timed out after 20000 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://online-offshore.lloydstsb.com/ => https://online-offshore.lloydstsb.com/: (28, 'Connection timed out after 10001 milliseconds')
+Fetch error: http://lloydstsb-offshore.com/ => https://www.lloydstsb-offshore.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.lloydstsb-offshore.com'")
+Fetch error: http://www.lloydstsb-offshore.com/ => https://www.lloydstsb-offshore.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.lloydstsb-offshore.com'")
 	Problematic domains:
 
 		- lloydstsb-offshore.com	(cert only matches www)
 
 -->
-<ruleset name="Lloyds TSB Offshore">
+<ruleset name="Lloyds TSB Offshore" default_off="failed ruleset test">
 
 	<target host="online-offshore.lloydstsb.com" />
 	<target host="lloydstsb-offshore.com" />
@@ -20,4 +30,4 @@
 	<rule from="^http://(?:www\.)?lloydstsb-offshore\.com/"
 		to="https://www.lloydstsb-offshore.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Lloydsbank.com.xml b/src/chrome/content/rules/Lloydsbank.com.xml
new file mode 100644
index 000000000000..2b80daaa178b
--- /dev/null
+++ b/src/chrome/content/rules/Lloydsbank.com.xml
@@ -0,0 +1,36 @@
+
+<!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Fetch error: http://choicerewards.lloydsbank.com/ => https://choicerewards.lloydsbank.com/: (6, 'Could not resolve host: choicerewards.lloydsbank.com')
+Fetch error: http://toolbox.lloydsbank.com/ => https://toolbox.lloydsbank.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+	Dropped:
+		- infotools
+
+	Incomplete certificate chain:
+		- lloydslink.online
+
+  Connection refused:
+    - secure.lloydsbank.com
+-->
+
+<ruleset name="Lloydsbank.com (partial)">
+	<target host="lloydsbank.com" />
+	<target host="www.lloydsbank.com" />
+	<!-- target host="choicerewards.lloydsbank.com" /-->
+	<target host="commercialbanking.lloydsbank.com" />
+	<target host="community.lloydsbank.com" />
+	<target host="international.lloydsbank.com" />
+	<target host="islands.lloydsbank.com" />
+	<target host="islandscommercial.lloydsbank.com" />
+	<target host="mycarfinance.lloydsbank.com" />
+	<target host="www.mycarfinance.lloydsbank.com" />
+	<target host="request.lloydsbank.com" />
+	<target host="resources.lloydsbank.com" />
+	<!-- target host="toolbox.lloydsbank.com" /-->
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/LmnCDN.com.xml b/src/chrome/content/rules/LmnCDN.com.xml
new file mode 100644
index 000000000000..c36db3012352
--- /dev/null
+++ b/src/chrome/content/rules/LmnCDN.com.xml
@@ -0,0 +1,15 @@
+<!--
+	For other lastminute.com coverage, see Lastminute.xml.
+
+-->
+<ruleset name="LmnCDN.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="s.lmncdn.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Lnkd.In.xml b/src/chrome/content/rules/Lnkd.In.xml
new file mode 100644
index 000000000000..c1e26c3aa6f3
--- /dev/null
+++ b/src/chrome/content/rules/Lnkd.In.xml
@@ -0,0 +1,13 @@
+<!--
+	For other LinkedIn coverage, see LinkedIn.xml.
+
+-->
+<ruleset name="Lnked.In">
+
+	<target host="lnkd.in" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/LoA.org.xml b/src/chrome/content/rules/LoA.org.xml
new file mode 100644
index 000000000000..c5c69e366d58
--- /dev/null
+++ b/src/chrome/content/rules/LoA.org.xml
@@ -0,0 +1,7 @@
+<ruleset name="LoA.org">
+	<target host="loa.org" />
+	<target host="www.loa.org" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/LoC.gov.xml b/src/chrome/content/rules/LoC.gov.xml
new file mode 100644
index 000000000000..e87479e08340
--- /dev/null
+++ b/src/chrome/content/rules/LoC.gov.xml
@@ -0,0 +1,29 @@
+<!--
+
+
+	Problematic hosts in *lov.gov:
+
+		- thomas ᵐ
+
+	ᵐ Mismatched
+
+-->
+<ruleset name="LoC.gov (partial)">
+
+	<target host="loc.gov" />
+	<target host="blogs.loc.gov" />
+	<target host="catalog.loc.gov" />
+	<target host="cdn.loc.gov" />
+	<target host="lccn.loc.gov" />
+	<target host="memory.loc.gov" />
+	<target host="www.loc.gov" />
+	<target host="wwws.loc.gov" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/LoadImpact.com.xml b/src/chrome/content/rules/LoadImpact.com.xml
index 08cbc82fa810..df10593e5696 100644
--- a/src/chrome/content/rules/LoadImpact.com.xml
+++ b/src/chrome/content/rules/LoadImpact.com.xml
@@ -1,7 +1,35 @@
+<!--
+	www.loadimpact.com: Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- loadimpact.com
+
+-->
 <ruleset name="LoadImpact.com">
+
+	<!--	Direct rewrites:
+				-->
 	<target host="loadimpact.com" />
+	<target host="app.loadimpact.com" />
+
+	<!--	Complications:
+				-->
 	<target host="www.loadimpact.com" />
-	<rule from="^http://www\.loadimpact\.com/" to="https://www.loadimpact.com/"/>
-	<rule from="^http://loadimpact\.com/" to="https://loadimpact.com/"/>
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^loadimpact\.com$" name="^django_language$" /-->
+
+	<securecookie host="^loadimpact\.com$" name=".+" />
+
+
+	<rule from="^http://www\.loadimpact\.com/"
+		to="https://loadimpact.com/" />
+
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
 
diff --git a/src/chrome/content/rules/Load_Average.org.xml b/src/chrome/content/rules/Load_Average.org.xml
new file mode 100644
index 000000000000..99e114ee1f63
--- /dev/null
+++ b/src/chrome/content/rules/Load_Average.org.xml
@@ -0,0 +1,22 @@
+<!--
+	Fully covered hosts in *loadaverage.org:
+
+		- ^
+		- wiki
+
+
+	www: Refused over http & https
+
+-->
+<ruleset name="Load Average.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="loadaverage.org" />
+	<target host="wiki.loadaverage.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Loan_Science.xml b/src/chrome/content/rules/Loan_Science.xml
deleted file mode 100644
index 9aa2d49e6a6e..000000000000
--- a/src/chrome/content/rules/Loan_Science.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	^loanscience.com times out
-
--->
-<ruleset name="Loan Science">
-
-	<target host="loanscience.com" />
-	<target host="*.loanscience.com" />
-
-
-	<securecookie host="^\.loanscience\.com$" name=".+" />
-
-
-	<rule from="^https?://(?:www\.)?loanscience\.com/"
-		to="https://www.loanscience.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Loanliner.com.xml b/src/chrome/content/rules/Loanliner.com.xml
new file mode 100644
index 000000000000..0e4851523836
--- /dev/null
+++ b/src/chrome/content/rules/Loanliner.com.xml
@@ -0,0 +1,17 @@
+<!--
+
+	^: cert only matches www
+
+-->
+<ruleset name="Loanliner.com">
+
+	<target host="loanliner.com" />
+	<target host="www.loanliner.com" />
+
+
+	<securecookie host="^(?:www\.)?loanliner\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Loans.com.au.xml b/src/chrome/content/rules/Loans.com.au.xml
new file mode 100644
index 000000000000..bd2b034415fb
--- /dev/null
+++ b/src/chrome/content/rules/Loans.com.au.xml
@@ -0,0 +1,15 @@
+<ruleset name="Loans.com.au">
+
+	<target host="loans.com.au" />
+	<target host="www.loans.com.au" />
+	<target host="login.loans.com.au" />
+	<target host="login1.loans.com.au" />
+	<target host="mobilemoney.loans.com.au" />
+	<target host="money.loans.com.au" />
+	<target host="money2.loans.com.au" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Locaid.xml b/src/chrome/content/rules/Locaid.xml
deleted file mode 100644
index 21b5917cd700..000000000000
--- a/src/chrome/content/rules/Locaid.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- developer	(shows www, CN: ip-72-167-203-92.ip.secureserver.net)
-		- login		(redirects to http, valid cert)
-
-
-	Problematic subdomains:
-
-		- www		(works, CN: ip-72-167-203-92.ip.secureserver.net)
-
--->
-<ruleset name="Locaid (partial)">
-
-	<target host="instantlocatedemo.loc-aid.com" />
-
-
-	<securecookie host="^instantlocatedemo\.loc-aid\.com$" name=".+" />
-
-
-	<rule from="^http://instantlocatedemo\.loc-aid\.com/"
-		to="https://instantlocatedemo.loc-aid.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Local.ch.xml b/src/chrome/content/rules/Local.ch.xml
index 32f0614ba1ca..e58cad9ebfb5 100644
--- a/src/chrome/content/rules/Local.ch.xml
+++ b/src/chrome/content/rules/Local.ch.xml
@@ -1,58 +1,39 @@
 <!--
-	CDN buckets:
+	For other Localsearch coverage, see Localsearch.ch.xml.
 
-		- s3-external-3.amazonaws.com/static.blog.local.ch/
-
-		- s3-eu-west-1.amazonaws.com/s.staticlocal.ch/
-
-
-	Problematic domains:
-
-		- local.ch *
-		- s.staticlocal.ch *	(works)
-
-	* Cert only matches *.local.ch
-
-
-	Fully covered local.ch subdomains:
-
-		- (www.)	(^ → www)
-		- auto
-		- blog
-		- developer
-		- guide
-		- id
-		- immo
-		- info
-		- map
-		- market
-		- my
-		- news
-		- tel
-		- yellow
-
-
-	Mixed on multiple subdomains from local.wemfbox.ch
-
-	Mixed image from s.staticlocal.ch on yellow
+	Mismatch:
+		- auth.glb.local.ch
 
+	connection reset on (www.)staticlocal.ch
 -->
-<ruleset name="Local.ch" platform="mixedcontent">
-
+<ruleset name="Local.ch">
 	<target host="local.ch" />
-	<target host="*.local.ch" />
-
-
-	<securecookie host="^\.local\.ch$" name="^l(?:ang|cl_session_1_production)$" />
-
-
-	<rule from="^http://(?:www\.)?local\.ch/"
-		to="https://www.local.ch/" />
-
-	<rule from="^http://(auto|blog|developer|guide|id|immo|info|map|market|my|news|tel|yellow)\.local\.ch/"
-		to="https://$1.local.ch/" />
-
-	<rule from="^http://static\.blog\.local\.ch/"
-		to="https://s3-eu-west-1.amazonaws.com/static.blog.local.ch/" />
-
+	<target host="www.local.ch" />
+	<target host="a.local.ch" />
+	<target host="areyou.local.ch" />
+	<target host="auth.local.ch" />
+	<target host="blog.local.ch" />
+	<target host="customercenter.local.ch" />
+	<target host="help.local.ch" />
+	<target host="i.local.ch" />
+	<target host="images.local.ch" />
+	<target host="info.local.ch" />
+	<target host="localina.local.ch" />
+	<target host="m.local.ch" />
+	<target host="map.local.ch" />
+	<target host="mobile.local.ch" />
+	<target host="tel.local.ch" />
+	<target host="update.local.ch" />
+	<target host="website.local.ch" />
+	<target host="yellow.local.ch" />
+
+	<target host="bin.staticlocal.ch" />
+	<target host="mobile.staticlocal.ch" />
+
+	<test url="http://bin.staticlocal.ch/website-content/d6/d6912435d905ef42a40655d6564523770a898ee9/mediacube.pdf" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Local.xml b/src/chrome/content/rules/Local.xml
index 237066b0a835..ff1405721fd3 100644
--- a/src/chrome/content/rules/Local.xml
+++ b/src/chrome/content/rules/Local.xml
@@ -1,41 +1,38 @@
 <!--
-	Nonfunctional domains:
+	Other The Local:
 
-		- (www.)thelocal.ch *
-		- m.thelocal.ch *
-		- (www.)thelocal.com *
-		- (www.)thelocal.de *
-		- m.thelocal.de *
-		- (www.)thelocal.es *
-		- m.thelocal.es *
-		- (www.)thelocal.fr *
-		- m.thelocal.fr *
-		- (www.)thelocal.it *
-		- m.thelocal.it *
-		- (www.)thelocal.no *
-		- m.thelocal.no *
-		- (www.)thelocal.se *
-		- m.thelocal.se *
+		- thelocal.at.xml
+		- thelocal.ch.xml
+		- thelocal.de.xml
+		- thelocal.dk.xml
+		- thelocal.es.xml
+		- thelocal.fr.xml
+		- thelocal.it.xml
+		- thelocal.no.xml
+		- thelocal.se.xml
 
-	* http reply
 
+	Insecure cookies are set for these hosts: ᶜ
 
-	Problematic domains:
+		- www.thelocal.com
 
-		- d.thelocal.com		(mismatched, CN: *.openxenterprise.com)
-		- sifomedia.thelocal.se		(mismatched, CN: openadstream16.247realmedia.com)
+	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="The Local (partial)">
+<ruleset name="The Local.com">
 
-	<target host="d.thelocal.com" />
-	<target host="sifomedia.thelocal.se" />
+	<target host="thelocal.com" />
+	<target host="www.thelocal.com" />
 
 
-	<rule from="^http://sifomedia\.thelocal\.se/"
-		to="https://oasc16.247realmedia.com/" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.thelocal\.com$" name="^ci_session$" /-->
 
-	<rule from="^http://d\.thelocal\.com/"
-		to="https://thelocal-d3.openxenterprise.com/" />
+	<securecookie host="^\w" name=".+" />
 
-</ruleset>
\ No newline at end of file
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/LocalEdge.xml b/src/chrome/content/rules/LocalEdge.xml
index cbcb91d476b5..f535c7dfca37 100644
--- a/src/chrome/content/rules/LocalEdge.xml
+++ b/src/chrome/content/rules/LocalEdge.xml
@@ -11,23 +11,26 @@
 <ruleset name="LocalEdge (partial)" platform="mixedcontent">
 
 	<target host="localedge.com" />
-	<target host="*.localedge.com" />
+	<target host="extranet.localedge.com" />
+	<target host="sso.localedge.com" />
+	<target host="static.localedge.com" />
+	<target host="www.localedge.com" />
 	<target host="talkingphonebook.com" />
-	<target host="*.talkingphonebook.com" />
+	<target host="images.talkingphonebook.com" />
+	<target host="www.talkingphonebook.com" />
 
 
-	<securecookie host="^.*\.localedge\.com$" name=".*" />
+	<securecookie host="^.*\.localedge\.com$" name=".+" />
 
 
-	<rule from="^http://((?:extranet|sso|static|www)\.)?localedge\.com/"
-		to="https://$1localedge.com/" />
 
 	<!--	www times out over https, redirects to localedge over http.
 
 		images presents cert for localedge,
 		doesn't redirect, but data are identical.
 					-->
-	<rule from="^https?://(?:images\.|www\.)?talkingphonebook\.com/"
+	<rule from="^http://(?:images\.|www\.)?talkingphonebook\.com/"
 		to="https://www.localedge.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/LocalWiki.org.xml b/src/chrome/content/rules/LocalWiki.org.xml
new file mode 100644
index 000000000000..06885584e40e
--- /dev/null
+++ b/src/chrome/content/rules/LocalWiki.org.xml
@@ -0,0 +1,11 @@
+<ruleset name="LocalWiki.org">
+
+	<target host="localwiki.org" />
+	<target host="www.localwiki.org" />
+	<target host="es.localwiki.org" />
+	<target host="ja.localwiki.org" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Local_Media.org.xml b/src/chrome/content/rules/Local_Media.org.xml
new file mode 100644
index 000000000000..a48e21407eee
--- /dev/null
+++ b/src/chrome/content/rules/Local_Media.org.xml
@@ -0,0 +1,30 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- www.localmedia.org
+
+
+	Mixed content:
+
+		- Image from pbs.twimg.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Local Media.org">
+
+	<target host="localmedia.org" />
+	<target host="www.localmedia.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.localmedia\.org$" name="^(PHPSESSID|woocommerce_cart_hash|woocommerce_items_in_cart|wordpress_wp_session|wp_woocommerce_session_[\da-f]{32})$" /-->
+
+	<securecookie host="^www\.localmedia\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Localbitcoins.com.xml b/src/chrome/content/rules/Localbitcoins.com.xml
deleted file mode 100644
index 93bb0ff1d9f7..000000000000
--- a/src/chrome/content/rules/Localbitcoins.com.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="localbitcoins.com">
-
-	<target host="localbitcoins.com" />
-	<target host="*.localbitcoins.com" />
-
-
-	<securecookie host="^(?:w*\.)?localbitcoins\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?localbitcoins\.com/"
-		to="https://$1localbitcoins.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Localist.com.xml b/src/chrome/content/rules/Localist.com.xml
new file mode 100644
index 000000000000..a5400d148b47
--- /dev/null
+++ b/src/chrome/content/rules/Localist.com.xml
@@ -0,0 +1,51 @@
+<!--
+	CDN buckets:
+
+		- d3o66cj8sacbos.cloudfront.net
+
+
+	Problematic hosts in *localist.com:
+
+		- images-cf ¹
+		- images-www ¹
+		- info ²
+
+	¹ Cloudfront/mismatched
+	² Hubspot/mismatched
+
+
+	Mixed content:
+
+		- css on (www.)?, blog, info, support from fonts.googleapis.com *
+		- Images on blog from $self *
+		- favicon on blog, support from www.localist.com *
+
+-->
+<ruleset name="Localist.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="localist.com" />
+	<target host="blog.localist.com" />
+	<target host="support.localist.com" />
+	<target host="www.localist.com" />
+
+	<!--	Complications:
+				-->
+	<!--target host="images-cf.localist.com" /-->
+	<target host="images-www.localist.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<!--rule from="^http://images-cf\.localist\.com/"
+		to="https://???.cloudfront.net/" /-->
+
+	<rule from="^http://images-www\.localist\.com/"
+		to="https://d3o66cj8sacbos.cloudfront.net/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Localsearch.ch.xml b/src/chrome/content/rules/Localsearch.ch.xml
new file mode 100644
index 000000000000..5ef8802a7aeb
--- /dev/null
+++ b/src/chrome/content/rules/Localsearch.ch.xml
@@ -0,0 +1,18 @@
+<!--
+	Other Localsearch rulesets:
+
+		- Local.ch.xml
+		- Search.ch.xml
+
+	Mismatch:
+		- werbung.localsearch.ch
+-->
+<ruleset name="Localsearch.ch">
+	<target host="localsearch.ch" />
+	<target host="www.localsearch.ch" />
+	<target host="areyou.localsearch.ch" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Locaweb.com.br.xml b/src/chrome/content/rules/Locaweb.com.br.xml
new file mode 100644
index 000000000000..2bc492f52fc9
--- /dev/null
+++ b/src/chrome/content/rules/Locaweb.com.br.xml
@@ -0,0 +1,20 @@
+<!--
+	Non-functional hosts
+		Timeout was reached:
+		- forum.locaweb.com.br
+
+		Incomplete certificate chain error:
+		- blog.locaweb.com.br
+		- press.locaweb.com.br
+		- statusblog.locaweb.com.br
+		- wiki.locaweb.com.br
+-->
+<ruleset name="Locaweb.com.br (partial)">
+	<target host="locaweb.com.br" />
+	<target host="www.locaweb.com.br" />
+	<target host="developer.locaweb.com.br" />
+	<target host="painel.locaweb.com.br" />
+	<target host="site.locaweb.com.br" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Locaweb.xml b/src/chrome/content/rules/Locaweb.xml
deleted file mode 100644
index 03c154dc822d..000000000000
--- a/src/chrome/content/rules/Locaweb.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)	(redirects to http)
-
-
-	Problematic subdomains:
-
-		- sugestoes	(mismatched, CN: *.uservoice.com)
-		- wiki		(works; expired 2009-07-17, self-signed, mismatched, CN: lw-mod-rails)
-
--->
-<ruleset name="Locaweb (partial)">
-
-	<target host="*.locaweb.com.br" />
-
-
-	<securecookie host="^.+\.locaweb\.com\.br$" name=".+" />
-
-
-	<rule from="^http://(blog|developer|forum|painel|press|site|statusblog)\.locaweb\.com\.br/"
-		to="https://$1.locaweb.com.br/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Lockbox.com.xml b/src/chrome/content/rules/Lockbox.com.xml
deleted file mode 100644
index c68c7ceb2fcd..000000000000
--- a/src/chrome/content/rules/Lockbox.com.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	Fully covered subdomains:
-
-		- (www.)lockbox.com
-		- support.lockbox.com
-		- client.lockbox.net
-
--->
-<ruleset name="Lockbox.com">
-
-	<target host="lockbox.com" />
-	<target host="*.lockbox.com" />
-	<target host="client.lock-box.net" />
-
-
-	<rule from="^http://(support\.|www\.)?lockbox\.com/"
-		to="https://$1lockbox.com/" />
-
-	<rule from="^http://client\.lock-box\.net/"
-		to="https://client.lock-box.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/LockerDome.com.xml b/src/chrome/content/rules/LockerDome.com.xml
new file mode 100644
index 000000000000..c6a47da40906
--- /dev/null
+++ b/src/chrome/content/rules/LockerDome.com.xml
@@ -0,0 +1,17 @@
+<!--
+	These altnames don't exist:
+
+		- www.cdn2.lockerdome.com
+
+-->
+<ruleset name="LockerDome.com">
+
+	<target host="lockerdome.com" />
+	<target host="cdn.lockerdome.com" />
+	<target host="cdn2.lockerdome.com" />
+	<target host="www.lockerdome.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Lockerz.xml b/src/chrome/content/rules/Lockerz.xml
deleted file mode 100644
index 744edf78ced4..000000000000
--- a/src/chrome/content/rules/Lockerz.xml
+++ /dev/null
@@ -1,36 +0,0 @@
-<!--
-	CDN buckets:
-
-		- lockerz-media.s3.amazonaws.com
-		- lockerz-media-prod.s3.amazonaws.com
-		- lockerz-static-dev.s3.amazonaws.com
-
-		- d8o6wu1tc2zf3.cloudfront.net
-			 - static.lockerz.com
-
-
-	Nonfunctional domains:
-
-		- pics.lockerz.com
-		- support.lockerz.com	(CN: *.zendesk.com; redirects to http)
-
--->
-<ruleset name="Lockerz (partial)">
-
-	<target host="*.lockerz.com" />
-	<target host="api.plixi.com" />
-
-
-	<rule from="^https://shop\.lockerz\.com/"
-		to="https://shop.lockerz.com/" />
-
-	<rule from="^https?://static\.lockerz\.com/"
-		to="https://d8o6wu1tc2zf3.cloudfront.net/" />
-
-	<rule from="^https?://support\.lockerz\.com/generated/"
-		to="https://generated.zendesk.com/generated/" />
-
-	<rule from="^http://api\.plixi\.com/"
-		to="https://api.plixi.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Lockify.com.xml b/src/chrome/content/rules/Lockify.com.xml
deleted file mode 100644
index 42865aa82665..000000000000
--- a/src/chrome/content/rules/Lockify.com.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!-- This rule was automatically generated based on an HSTS
-     preload rule in the Chromium browser.  See
-     https://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.h
-     for the list of preloads.  Sites are added to the Chromium HSTS
-     preload list on request from their administrators, so HTTPS should
-     work properly everywhere on this site.
-
-     Because Chromium and derived browsers automatically force HTTPS for
-     every access to this site, this rule applies only to Firefox. -->
-<ruleset name="Lockify.com" platform="firefox">
-<target host="lockify.com" />
-
-<securecookie host="^lockify\.com$" name=".+" />
-
-<rule from="^http://lockify\.com/" to="https://lockify.com/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Loctudy.xml b/src/chrome/content/rules/Loctudy.xml
deleted file mode 100644
index f48fbbd752d3..000000000000
--- a/src/chrome/content/rules/Loctudy.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<ruleset name="Loctudy" platform="mixedcontent">
-
-	<target host="loctudy.fr" />
-	<target host="www.loctudy.fr" />
-
-
-	<securecookie host="^www\.loctudy\.fr$" name=".*" />
-
-
-	<!--	Cert doesn't match !www.	-->
-	<rule from="^http://(?:www\.)?loctudy\.fr/"
-		to="https://www.loctudy.fr/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/LogMe.In.xml b/src/chrome/content/rules/LogMe.In.xml
new file mode 100644
index 000000000000..ee672d0d44a6
--- /dev/null
+++ b/src/chrome/content/rules/LogMe.In.xml
@@ -0,0 +1,27 @@
+<!--
+	For other LogMeIn coverage, see LogMeIn_Inc.com.xml.
+
+
+	Nonfunctional hosts in *logme.in:
+
+		- b *
+
+	* Plaintext reply
+
+
+	Fully covered hosts in *logme.in:
+
+		- accounts
+
+-->
+<ruleset name="LogMe.In (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="accounts.logme.in" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/LogMeIn-mismatches.xml b/src/chrome/content/rules/LogMeIn-mismatches.xml
index 6b058329f874..ce0defd7b23a 100644
--- a/src/chrome/content/rules/LogMeIn-mismatches.xml
+++ b/src/chrome/content/rules/LogMeIn-mismatches.xml
@@ -5,17 +5,10 @@
 <ruleset name="LogMeIn (mismatches)" default_off="mismatched">
 
 	<target host="blog.join.me" />
-	<target host="b.logme.in" />
 	<target host="image.logmein-inc.com" />
 
 
-	<rule from="^http://blog\.join\.me/"
-		to="https://blog.join.me/" />
-
-	<rule from="^http://b\.logme\.in/"
-		to="https://b.logme.in/" />
-
-	<rule from="^http://image\.logmein-inc\.com/"
-		to="https://image.logmein-inc.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/LogMeIn.xml b/src/chrome/content/rules/LogMeIn.xml
index dd7d4221841e..248e146e54c0 100644
--- a/src/chrome/content/rules/LogMeIn.xml
+++ b/src/chrome/content/rules/LogMeIn.xml
@@ -2,44 +2,58 @@
 	For problematic rules, see LogMeIn-mismatches.xml.
 
 
-	Other LogMeIn rulesets:
+	For other LogMeIn coverage, see LogMeIn_Inc.com.xml.
 
-		- BoldChat.com.xml
 
+	Nonfunctional hosts in *logmein.com:
 
-		ToDo: Find Akamai bucket
+		- blog ¹
+		- community ²
+		- help ³
 
--->
-<ruleset name="LogMeIn.com (partial)" platform="mixedcontent">
+	¹ WP Engine
+	² Refused
+	³ Redirects to http
 
-	<target host="join.me" />
-	<target host="*.join.me" />
-	<target host="logmein.com" />
-	<target host="*.logmein.com" />
-	<target host="logmeinrescue.com" />
-	<target host="*.logmeinrescue.com" />
-	<target host="remotelyanywhere.com" />
-	<target host="*.remotelyanywhere.com" />
 
+	Fully covered hosts in *logmein.com:
 
-	<securecookie host="^(?:secure\.)?(?:join\.me|remotelyanywhere\.com)$" name=".+" />
-	<securecookie host="^(?:content|\.?investor|secure)?\.logmein\.com$" name=".+" />
-	<securecookie host="^secure\.logmeinrescue\.com$" name=".+" />
+		- (www.)?
+		- content
+		- investor
+		- secure
+		- uk
+		- usca
+		- usil
+		- welcome
+
+
+	Insecure cookies are set for these domains:
 
+		- .logmein.com
 
-	<rule from="^http://(secure\.|www\.)?join\.me/"
-		to="https://$1join.me/" />
+-->
+<ruleset name="LogMeIn.com (partial)">
+
+	<target host="logmein.com" />
+	<target host="content.logmein.com" />
+	<target host="investor.logmein.com" />
+	<target host="secure.logmein.com" />
+	<target host="uk.logmein.com" />
+	<target host="usca.logmein.com" />
+	<target host="usil.logmein.com" />
+	<target host="welcome.logmein.com" />
+	<target host="www.logmein.com" />
 
-	<rule from="^http://(?:secure\.|www\.)?(logmein(?:rescue)?\.com|remotelyanywhere\.com)/"
-		to="https://secure.$1/" />
 
-	<rule from="^http://(content|investor)?\.logmein\.com/"
-		to="https://$1.logmein.com/" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.logmein\.com$" name="^LMIorigin$" /-->
+
+	<securecookie host="^(?:content|\.?investor|secure)?\.logmein\.com$" name=".+" />
 
-	<rule from="^http://(?:www\.)?remotelyanywhere\.com/$"
-		to="https://secure.remotelyanywhere.com/template.asp?page=home" />
 
-	<rule from="^http://(?:www\.)?remotelyanywhere\.com/(.+)"
-		to="https://secure.remotelyanywhere.com/$1" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/LogMeIn_Inc.com.xml b/src/chrome/content/rules/LogMeIn_Inc.com.xml
new file mode 100644
index 000000000000..010b4b6f6b6f
--- /dev/null
+++ b/src/chrome/content/rules/LogMeIn_Inc.com.xml
@@ -0,0 +1,60 @@
+<!--
+	For problematic rules, see LogMeIn-mismatches.xml.
+
+
+	Other LogMeIn, Inc rulesets:
+
+		- AppGuru.com.xml
+		- BoldChat.com.xml
+		- Cubby.com.xml
+		- Join.me.xml
+		- LogMe.In.xml
+		- LogMeIn.xml
+		- LogMeIn_Rescue.com.xml
+		- Meldium.com.xml
+		- RemotelyAnywhere.com.xml
+
+
+	Problematic hosts in *logmeininc.com:
+
+		- image *
+
+	* Mismatched
+
+
+	Fully covered hosts in *logmeininc.com:
+
+		- (www.)?
+		- investor
+
+
+	These altnames don't exist:
+
+		- Api.logmeininc.com
+
+
+	Insecure cookies are set for these hosts:
+
+		- investor.logmeininc.com
+
+-->
+<ruleset name="LogMeIn Inc.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="logmeininc.com" />
+	<target host="investor.logmeininc.com" />
+	<target host="www.logmeininc.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^investor\.logmeininc\.com$" name="^(ASP\.NET_SessionId|investor\.logmeininc\.com_Q4_ASPX_PUBLIC_LanguageId|ServerID)$" /-->
+
+	<securecookie host="^investor\.logmeininc\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/LogMeIn_Rescue.com.xml b/src/chrome/content/rules/LogMeIn_Rescue.com.xml
new file mode 100644
index 000000000000..ae97217e5d12
--- /dev/null
+++ b/src/chrome/content/rules/LogMeIn_Rescue.com.xml
@@ -0,0 +1,24 @@
+<!--
+	For other LogMeIn coverage, see LogMeIn_Inc.com.xml.
+
+
+	Fully covered hosts in *logmeinrescue.com:
+
+		- (www.)?
+		- mc
+		- secure
+
+-->
+<ruleset name="LogMeIn Rescue.com (partial)">
+
+	<target host="logmeinrescue.com" />
+	<target host="mc.logmeinrescue.com" />
+	<target host="secure.logmeinrescue.com" />
+	<target host="www.logmeinrescue.com" />
+
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/LoganCIJ.com.xml b/src/chrome/content/rules/LoganCIJ.com.xml
new file mode 100644
index 000000000000..cd337f86cfec
--- /dev/null
+++ b/src/chrome/content/rules/LoganCIJ.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="LoganCIJ">
+
+	<target host="logancij.com" />
+	<target host="www.logancij.com" />
+
+	<rule from="^http://www\.logancij\.com/" to="https://logancij.com/"/>
+	<rule from="^http:" to="https:" />
+
+</ruleset>
+
diff --git a/src/chrome/content/rules/Logdown.com.xml b/src/chrome/content/rules/Logdown.com.xml
new file mode 100644
index 000000000000..f18f6ad394e9
--- /dev/null
+++ b/src/chrome/content/rules/Logdown.com.xml
@@ -0,0 +1,15 @@
+<ruleset name="Logdown.com" platform="mixedcontent">
+	<target host="logdown.com" />
+
+	<!--
+		- Wildcard DNS records for *.logdown.com
+		- Wildcard SSL certificate for *.logdown.com
+	-->
+	<target host="*.logdown.com" />
+		<test url="http://www.logdown.com/" />
+		<test url="http://assets0.logdown.com/" />
+		<test url="http://blog.logdown.com/" />
+		<test url="http://hello-logdown.logdown.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Logentries.com.xml b/src/chrome/content/rules/Logentries.com.xml
index 4c8d81237eac..716dcc81e3ee 100644
--- a/src/chrome/content/rules/Logentries.com.xml
+++ b/src/chrome/content/rules/Logentries.com.xml
@@ -1,19 +1,56 @@
-<!-- This rule was automatically generated based on an HSTS
-     preload rule in the Chromium browser.  See 
-     https://src.chromium.org/viewvc/chrome/trunk/src/net/base/transport_security_state.cc
-     for the list of preloads.  Sites are added to the Chromium HSTS
-     preload list on request from their administrators, so HTTPS should
-     work properly everywhere on this site.
- 
-     Because Chromium and derived browsers automatically force HTTPS for
-     every access to this site, this rule applies only to Firefox. -->
-<ruleset name="Logentries.com" platform="firefox">
-  <target host="logentries.com" />
-  <target host="www.logentries.com" />
-
-  <securecookie host="^logentries\.com$" name=".+" />
-  <securecookie host="^www\.logentries\.com$" name=".+" />
-
-  <rule from="^http://logentries\.com/" to="https://logentries.com/" />
-  <rule from="^http://www\.logentries\.com/" to="https://www.logentries.com/" />
+<!--
+	Problematic hosts in *logentries.com:
+
+		- info ¹
+		- labs ²
+
+	¹ Hubspot/mismatched
+	² Server sends no certificate chain, see https://whatsmychaincert.com
+
+
+	These altnames don't exist:
+
+		- www.forum.logentries.com
+		- www.labs.logentries.com
+
+
+	Insecure cookies are set for these hosts:
+
+		- logentries.com
+		- info.logentries.com
+		- labs.logentries.com
+		- www.logentries.com
+
+
+	Mixed content:
+
+		- css on info from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Logentries.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="logentries.com" />
+	<target host="community.logentries.com" />
+	<target host="blog.logentries.com" />
+	<target host="forum.logentries.com" />
+	<!--target host="labs.logentries.com" /-->
+	<target host="www.logentries.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?logentries\.com$" name="^SERVERID$" /-->
+	<!--securecookie host="^info\.logentries\.com$" name="^hsPagesViewedThissession$" /-->
+	<!--securecookie host="^labs\.logentries\.com$" name="^crSession$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/Loggly.com.xml b/src/chrome/content/rules/Loggly.com.xml
new file mode 100644
index 000000000000..9f2ed0651b31
--- /dev/null
+++ b/src/chrome/content/rules/Loggly.com.xml
@@ -0,0 +1,21 @@
+<!--
+	Mixed content:
+
+		- Images on www from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Loggly.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="loggly.com" />
+	<target host="logs-01.loggly.com" />
+	<target host="www.loggly.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Loggn.de.xml b/src/chrome/content/rules/Loggn.de.xml
new file mode 100644
index 000000000000..581429e5fe5c
--- /dev/null
+++ b/src/chrome/content/rules/Loggn.de.xml
@@ -0,0 +1,17 @@
+<ruleset name="loggn.de">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="loggn.de" />
+	<target host="cloud.loggn.de" />
+	<target host="nh.loggn.de" />
+	<target host="www.loggn.de" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/LogicBox_Software.xml b/src/chrome/content/rules/LogicBox_Software.xml
deleted file mode 100644
index b6c81ceed27f..000000000000
--- a/src/chrome/content/rules/LogicBox_Software.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	Clients have unique subdomains.
-
--->
-<ruleset name="LogicBox Software">
-
-	<target host="logicboxsoftware.com" />
-	<target host="*.logicboxsoftware.com" />
-
-
-	<securecookie host=".+\.logicboxsoftware\.com$" name=".+" />
-
-
-	<rule from="^http://([\w-]+\.)?logicboxsoftware\.com/"
-		to="https://$1logicboxsoftware.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Logika.net.xml b/src/chrome/content/rules/Logika.net.xml
new file mode 100644
index 000000000000..754450cc96bf
--- /dev/null
+++ b/src/chrome/content/rules/Logika.net.xml
@@ -0,0 +1,12 @@
+<ruleset name="Logika.net">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="logika.net" />
+	<target host="www.logika.net" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Logilab-self-signed.xml b/src/chrome/content/rules/Logilab-self-signed.xml
deleted file mode 100644
index 50b8752bed3b..000000000000
--- a/src/chrome/content/rules/Logilab-self-signed.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	For rules that are on by
-	default, see Logilab.xml.
-
--->
-<ruleset name="Logilab (self-signed)" default_off="self-signed">
-
-	<target host="logilab.org" />
-	<target host="www.logilab.org" />
-
-
-	<!--	!www doesn't work over https,
-		redirects to www over http.
-
-		The homepage redirects over
-		https to a login page at:
-
-		www.logilab.org/856/
-					-->
-	<rule from="^http://(?:www\.)?logilab\.org/data/"
-		to="https://www.logilab.org/data/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Logilab.fr.xml b/src/chrome/content/rules/Logilab.fr.xml
new file mode 100644
index 000000000000..69108c5ea032
--- /dev/null
+++ b/src/chrome/content/rules/Logilab.fr.xml
@@ -0,0 +1,41 @@
+<!--
+	For other rules about logilab, see
+		Logilab.org.xml
+
+	Bad certificate:
+		logilab.fr
+		bagu.logilab.fr
+		cetus.logilab.fr
+		nossl.demo.logilab.fr
+		hegu.logilab.fr
+		pingxing.logilab.fr
+		piwik.logilab.fr
+		planet.logilab.fr
+		slides.logilab.fr
+
+	Private subdomain:
+		extranet.logilab.fr
+		sentry.logilab.fr
+
+-->
+<ruleset name="Logilab.fr">
+
+	<target host="logilab.fr" />
+	<target host="www.logilab.fr" />
+	<target host="bagu.logilab.fr" />
+	<target host="demo.logilab.fr" />
+	<target host="lists.logilab.fr" />
+	<target host="survey.logilab.fr" />
+
+	<securecookie host=".+" name=".+"/>
+
+	<rule from="^http://bagu\.logilab\.fr/"
+		to="https://astroid.org/" />
+
+	<rule from="^http://logilab\.fr/"
+		to="https://www.logilab.fr/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Logilab.org.xml b/src/chrome/content/rules/Logilab.org.xml
new file mode 100644
index 000000000000..2986bf07bc37
--- /dev/null
+++ b/src/chrome/content/rules/Logilab.org.xml
@@ -0,0 +1,27 @@
+<!--
+	For other rules about logilab, see
+		+ Logilab.fr.xml
+
+	Bad certificate:
+		docs.logilab.org
+		download.logilab.org
+		lax.logilab.org
+
+-->
+<ruleset name="Logilab.org">
+
+	<target host="logilab.org" />
+	<target host="www.logilab.org" />
+	<target host="hg.logilab.org" />
+	<target host="jabber.logilab.org" />
+	<target host="jenkins.logilab.org" />
+	<target host="lax.logilab.org" />
+	<target host="lists.logilab.org" />
+
+	<rule from="^http://lax\.logilab\.org/"
+		to="https://www.cubicweb.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Logilab.xml b/src/chrome/content/rules/Logilab.xml
deleted file mode 100644
index 9ce6c601b2bb..000000000000
--- a/src/chrome/content/rules/Logilab.xml
+++ /dev/null
@@ -1,27 +0,0 @@
-<!--
-	For problematic rules, see
-	Logilab-self-signed.xml.
-
--->
-<ruleset name="Logilab (partial)">
-
-	<target host="logilab.fr" />
-	<target host="*.logilab.fr" />
-
-
-	<securecookie host="^(.*\.)?logilab\.fr$" name=".*" />
-
-
-	<!--	!www doesn't work over https,
-		redirects to www over http.
-
-		The homepage shows a login
-		prompt over https.
-					-->
-	<rule from="^http://(?:www\.)?logilab\.fr/data/"
-		to="https://www.logilab.fr/data/" />
-
-	<rule from="^http://piwik\.logilab\.fr/"
-		to="https://piwik.logilab.fr/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Loginza.ru.xml b/src/chrome/content/rules/Loginza.ru.xml
index dd1fa08639a4..afbfb80653ae 100644
--- a/src/chrome/content/rules/Loginza.ru.xml
+++ b/src/chrome/content/rules/Loginza.ru.xml
@@ -1,17 +1,29 @@
 <!--
 	For other Yandex coverage, see Yandex.xml.
 
+
+	Insecure cookies are set for these hosts:
+
+		- loginza.ru
+		- www.loginza.ru
+
 -->
-<ruleset name="loginza.ru">
+<ruleset name="Loginza.ru">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="loginza.ru" />
 	<target host="www.loginza.ru" />
 
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?loginza\.ru$" name="^sid$" /-->
+
 	<securecookie host="^(?:www\.)?loginza\.ru$" name=".+" />
 
 
-	<rule from="^http://(www\.)?loginza\.ru/"
-		to="https://$1loginza.ru/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Logitech.com.xml b/src/chrome/content/rules/Logitech.com.xml
new file mode 100644
index 000000000000..96611128716a
--- /dev/null
+++ b/src/chrome/content/rules/Logitech.com.xml
@@ -0,0 +1,75 @@
+<!--
+	Nonfunctional subdomains:
+
+		- gaming *
+
+	* Dropped
+
+
+	Problematic subdomains:
+
+		- ^ ¹
+		- origin2 ¹
+		- www ²
+
+	¹ Refused
+	² Dropped
+
+
+	Fully covered subdomains:
+
+		- alert
+		- buy
+		- forums
+		- register
+		- secure
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- alert from www.adobe.com *
+			- forums from dl.dropbox.com *
+			- forums and register from www *
+
+	* Unsecurable <= dropped
+
+-->
+<ruleset name="Logitech.com (partial)">
+
+	<target host="logitech.com" />
+	<target host="origin2.logitech.com" />
+	<target host="secure.logitech.com" />
+	<target host="www.logitech.com" />
+	<target host="alert.logitech.com" />
+	<target host="buy.logitech.com" />
+	<target host="forums.logitech.com" />
+	<target host="register.logitech.com" />
+		<!--
+			Handling any pages but those under country_code-locale/
+			would require nontrivial effort, so ToDo:
+									-->
+		<exclusion pattern="^http://(?:origin2\.|www\.)?logitech\.com/+(?!\w\w-\w+(?:$|[?/])||assets/|images/|js/|styles/)" />
+
+
+	<!--	Secured by server:
+					-->
+	<!--securecookie host="^buy\.logitech\.com$" name="^gc_ss_logib2c$" /-->
+	<!--securecookie host="^forums\.logitech\.com$" name="^LiSESSIONID$" /-->
+	<!--
+		Not secured by server:
+					-->
+	<!--securecookie host="^buy\.logitech\.com$" name="^(BIGipServerp-\w+-prd-active-\w+-\w+|JSESSIONID|VISITOR_ID|X-DR-CURRENCY|X-DR-LOCALE|X-DR-THEME)$" /-->
+	<!--securecookie host="^forums\.logitech\.com$" name="^LithiumVisitor$" /-->
+	<!--securecookie host="^secure\.logitech\.com$" name="^(CFID|CFTOKEN)$" /-->
+
+	<securecookie host="^(?:buy|forums|secure)\.logitech\.com$" name=".+" />
+
+
+	<rule from="^http://(?:(?:origin2|secure|www)\.)?logitech\.com/"
+		to="https://secure.logitech.com/" />
+
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/LogoYes.xml b/src/chrome/content/rules/LogoYes.xml
deleted file mode 100644
index 989f600980bf..000000000000
--- a/src/chrome/content/rules/LogoYes.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	For other Web.com coverage, see Web.com.xml.
-
-
-	www: cert only matches ^logoyes.com
-
--->
-<ruleset name="LogoYes">
-
-	<target host="logoyes.com" />
-	<target host="www.logoyes.com" />
-
-
-	<securecookie host="^logoyes\.com$" name=".+" />
-
-
-	<rule from="^https?://(?:www\.)?logoyes\.com/"
-		to="https://logoyes.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Logotype.se.xml b/src/chrome/content/rules/Logotype.se.xml
index 0f295f5ef05e..515b68deb00f 100644
--- a/src/chrome/content/rules/Logotype.se.xml
+++ b/src/chrome/content/rules/Logotype.se.xml
@@ -1,16 +1,9 @@
-<!-- This rule was automatically generated based on an HSTS
-     preload rule in the Chromium browser.  See
-     https://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.h
-     for the list of preloads.  Sites are added to the Chromium HSTS
-     preload list on request from their administrators, so HTTPS should
-     work properly everywhere on this site.
+<ruleset name="Logotype.se">
+	<target host="logotype.se" />
+	<target host="www.logotype.se" />
 
-     Because Chromium and derived browsers automatically force HTTPS for
-     every access to this site, this rule applies only to Firefox. -->
-<ruleset name="Logotype.se" platform="firefox">
-<target host="logotype.se" />
+	<securecookie host="^logotype\.se$" name=".+" />
 
-<securecookie host="^logotype\.se$" name=".+" />
-
-<rule from="^http://logotype\.se/" to="https://logotype.se/" />
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Logout.hu.xml b/src/chrome/content/rules/Logout.hu.xml
new file mode 100644
index 000000000000..4738bd3e043b
--- /dev/null
+++ b/src/chrome/content/rules/Logout.hu.xml
@@ -0,0 +1,17 @@
+<!--
+	Invalid certificate:
+		www.logout.hu
+
+	Time out:
+		r6.logout.hu
+
+-->
+<ruleset name="Logout.hu">
+	<target host="logout.hu" />
+	<target host="www.logout.hu" />
+	<target host="m.logout.hu" />
+
+	<rule from="^http://www\.logout\.hu/" to="https://logout.hu/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
+
diff --git a/src/chrome/content/rules/Lohud.com.xml b/src/chrome/content/rules/Lohud.com.xml
index 4d54f2a2c56f..e944580eae9d 100644
--- a/src/chrome/content/rules/Lohud.com.xml
+++ b/src/chrome/content/rules/Lohud.com.xml
@@ -1,40 +1,19 @@
 <!--
 	For other Gannett Company coverage, see Gannett-Company.xml.
 
-
-	Problematic domains:
-
-		- lohud.com			(refused)
-		- (www.)thejournalnews.com	(times out)
-		- cmsimg.thejournalnews.com	(503, akamai)
-
-
-	Fully covered domains:
-
-		- (www.)lohud.com		(^ → www)
-		- (www.)thejournalnews.com	(→ www.lohud.com)
-		- cmsimg.thejournalnews.com	(→ www.lohud.com
-
-
-	Mixed images from:
-
-		- bcdownload.gannett.edgesuite.net
-		- www.gannett-cdn.com
-		- lohudblogs.com
-
+	Non-functional hosts
+		Mismatched:
+		- cmsimg.lohud.com
 -->
-<ruleset name="lohud.com">
+<ruleset name="lohud.com (partial)">
 
 	<target host="lohud.com" />
-	<target host="*.lohud.com" />
-	<target host="thejournalnews.com" />
-	<target host="*.thejournalnews.com" />
-
+	<target host="www.lohud.com" />
+	<target host="user.lohud.com" />
 
-	<securecookie host="^(?:www)?\.lohud\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(?:cmsimg\.|www\.)?lohud\.com/"
-		to="https://www.lohud.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Lois_Kolkhorst.xml b/src/chrome/content/rules/Lois_Kolkhorst.xml
deleted file mode 100644
index 30119aedd747..000000000000
--- a/src/chrome/content/rules/Lois_Kolkhorst.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="Lois Kolkhorst">
-
-	<target host="loisfortexas.com" />
-	<target host="www.loisfortexas.com" />
-
-
-	<rule from="^http://(www\.)?loisfortexas\.com/"
-		to="https://$1loisfortexas.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Lokun.is.xml b/src/chrome/content/rules/Lokun.is.xml
new file mode 100644
index 000000000000..7e5d19b9015f
--- /dev/null
+++ b/src/chrome/content/rules/Lokun.is.xml
@@ -0,0 +1,31 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://lokun.is/ => https://lokun.is/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.lokun.is/ => https://www.lokun.is/: (60, 'SSL certificate problem: certificate has expired')
+
+	Insecure cookies are set for these hosts:
+
+		- lokun.is
+		- www.lokun.is
+
+-->
+<ruleset name="Lokun.is" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="lokun.is" />
+	<target host="www.lokun.is" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?lokun\.is$" name="^beaker\.session\.id$" /-->
+
+	<securecookie host="^(?:www\.)?lokun\.is$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Lokus.no.xml b/src/chrome/content/rules/Lokus.no.xml
index 0d414ab74333..07cb19149080 100644
--- a/src/chrome/content/rules/Lokus.no.xml
+++ b/src/chrome/content/rules/Lokus.no.xml
@@ -16,4 +16,4 @@
 	<rule from="^http://(?:www\.)?lokus\.no/"
 		to="https://www.lokus.no/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Lokus.se.xml b/src/chrome/content/rules/Lokus.se.xml
index fc3995b62bfe..a0a65642a37e 100644
--- a/src/chrome/content/rules/Lokus.se.xml
+++ b/src/chrome/content/rules/Lokus.se.xml
@@ -7,7 +7,8 @@
 -->
 <ruleset name="Lokus.se (partial)">
 
-	<target host="*.lokus.se" />
+	<target host="secure.lokus.se" />
+	<target host="sifomedia.lokus.se" />
 
 
 	<!--	Tracking cookies:
@@ -16,10 +17,9 @@
 	<securecookie host="^secure\.lokus\.se$" name=".+" />
 
 
-	<rule from="^http://secure\.lokus\.se/"
-		to="https://secure.lokus.se/" />
 
 	<rule from="^http://sifomedia\.lokus\.se/"
 		to="https://oasc07.247realmedia.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Lolagrove.com.xml b/src/chrome/content/rules/Lolagrove.com.xml
new file mode 100644
index 000000000000..6c0f13156111
--- /dev/null
+++ b/src/chrome/content/rules/Lolagrove.com.xml
@@ -0,0 +1,36 @@
+<!--
+	^lolagrove.com: Prints string
+
+
+	Insecure cookies are set for these hosts:
+
+		- v3.lolagrove.com
+
+-->
+<ruleset name="Lolagrove.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="v3.lolagrove.com" />
+
+	<!--	Complications:
+				-->
+
+		<test url="http://v3.lolagrove.com/admin/login.aspx" />
+		<test url="http://v3.lolagrove.com/LeadPages/CondeNast.340/Wired.728/Cover/wired-cover-image.jpg" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^v3\.lolagrove\.com$" name="^(?:ASP\.NET_SessionId|AspxAutoDetectCookieSupport)$" /-->
+
+	<securecookie host="^v3\.lolagrove\.com$" name=".+" />
+
+
+	<!-- <rule from="^http://lolagrove\.com/"
+		to="https://www.lolagrove.com/" /> expired certificate -->
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Lolicore.ch.xml b/src/chrome/content/rules/Lolicore.ch.xml
deleted file mode 100644
index 6e3725e457b7..000000000000
--- a/src/chrome/content/rules/Lolicore.ch.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!-- This rule was automatically generated based on an HSTS
-     preload rule in the Chromium browser.  See
-     https://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.h
-     for the list of preloads.  Sites are added to the Chromium HSTS
-     preload list on request from their administrators, so HTTPS should
-     work properly everywhere on this site.
-
-     Because Chromium and derived browsers automatically force HTTPS for
-     every access to this site, this rule applies only to Firefox. -->
-<ruleset name="Lolicore.ch" platform="firefox">
-<target host="lolicore.ch" />
-
-<securecookie host="^lolicore\.ch$" name=".+" />
-
-<rule from="^http://lolicore\.ch/" to="https://lolicore.ch/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Lolnet.org.xml b/src/chrome/content/rules/Lolnet.org.xml
index 803c8ed3b0bb..c979aeb4bde6 100644
--- a/src/chrome/content/rules/Lolnet.org.xml
+++ b/src/chrome/content/rules/Lolnet.org.xml
@@ -1,19 +1,31 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://files.lolnet.org/ => https://files.lolnet.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.lolnet.org/ => https://www.lolnet.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://lolnet.org/ => https://www.lolnet.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
 	Problematic subdomains:
 
 		- ^	(cert only matches *.lolnet.org)
 
 -->
-<ruleset name="lolnet.org" platform="cacert">
+<ruleset name="lolnet.org" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="files.lolnet.org" />
+	<target host="www.lolnet.org" />
 
+	<!--	Complications:
+				-->
 	<target host="lolnet.org" />
-	<target host="*.lolnet.org" />
 
 
 	<rule from="^http://lolnet\.org/"
 		to="https://www.lolnet.org/" />
 
-	<rule from="^http://(files|www)\.lolnet\.org/"
-		to="https://$1.lolnet.org/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Lolware.net.xml b/src/chrome/content/rules/Lolware.net.xml
new file mode 100644
index 000000000000..b6d6fef3719d
--- /dev/null
+++ b/src/chrome/content/rules/Lolware.net.xml
@@ -0,0 +1,12 @@
+<ruleset name="Lolware.net">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="lolware.net" />
+	<target host="www.lolware.net" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Londit.com.xml b/src/chrome/content/rules/Londit.com.xml
new file mode 100644
index 000000000000..053226dfdb03
--- /dev/null
+++ b/src/chrome/content/rules/Londit.com.xml
@@ -0,0 +1,32 @@
+<!--
+	Nonfunctional subdomains:
+
+		- (www.) ¹
+		- tools.1026 ²
+		- tools.1162 ¹
+		- tools.1227 ¹
+
+	¹ Refused
+	² Plaintext reply
+
+
+	These altnames don't exist:
+
+		- www.manager.londit.com
+
+-->
+<ruleset name="londit.com (partial)">
+
+	<target host="manager.londit.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^manager\.londit\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^manager\.londit\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/London-2012-mismatches.xml b/src/chrome/content/rules/London-2012-mismatches.xml
index 65a78e114ce2..0ebca3248c2a 100644
--- a/src/chrome/content/rules/London-2012-mismatches.xml
+++ b/src/chrome/content/rules/London-2012-mismatches.xml
@@ -1,10 +1,10 @@
-<ruleset name="London 2012 (mismatches)" default_off="mismatch">
+<ruleset name="London 2012 (mismatches)" default_off="mismatched">
 
 	<!--	Akamai	-->
 	<target host="londonpreparesseries.com"/>
 	<target host="www.londonpreparesseries.com"/>
 
-	<securecookie host="^(.*\.)?londonpreparesseries\.com$" name=".*"/>
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http://(?:www\.)?londonpreparesseries\.com/"
 		to="https://www.londonpreparesseries.com/"/>
diff --git a/src/chrome/content/rules/London-2012.xml b/src/chrome/content/rules/London-2012.xml
index 0962d9089941..17673d135462 100644
--- a/src/chrome/content/rules/London-2012.xml
+++ b/src/chrome/content/rules/London-2012.xml
@@ -1,13 +1,27 @@
-<ruleset name="London 2012" platform="mixedcontent">
 
-	<target host="london2012.com"/>
-	<target host="*.london2012.com"/>
-		<exclusion pattern="^http://getset\.london2012\.com/((cy|en)/(home)?)?$"/>
-	<target host="www.festival.london2012.com"/>
-	<target host="tickets.london2012.com"/>
-	<target host="www.tickets.london2012.com"/>
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://london2012.com/ => https://www.london2012.com/: (7, 'Failed to connect to www.london2012.com port 443: Connection refused')
+Fetch error: http://www.festival.london2012.com/ => https://festival.london2002.com/: (6, 'Could not resolve host: festival.london2002.com')
+Fetch error: http://tickets.london2012.com/ => https://www.tickets.london2012.com/: (7, 'Failed to connect to www.tickets.london2012.com port 443: Connection refused')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://london2012.com/ => https://www.london2012.com/: (7, 'Failed to connect to www.london2012.com port 443: Connection refused')
+Fetch error: http://www.festival.london2012.com/ => https://festival.london2002.com/: (6, 'Could not resolve host: festival.london2002.com')
+Fetch error: http://tickets.london2012.com/ => https://www.tickets.london2012.com/: (7, 'Failed to connect to www.tickets.london2012.com port 443: Connection refused')
+-->
+<ruleset name="London 2012" platform="mixedcontent" default_off="failed ruleset test">
 
-	<securecookie host="^((festival|www)?\.)?london2012\.com$" name=".*"/>
+	<target host="london2012.com"/>
+	<target host="getset.london2012.com" />
+	<target host="www.festival.london2012.com" />
+	<target host="shop.london2012.com" />
+	<target host="www.london2012.com" />
+	<target host="tickets.london2012.com" />
+	<target host="www.tickets.london2012.com" />
+		<exclusion pattern="^http://getset\.london2012\.com/(?:(?:cy|en)/(?:home)?)?$"/>
+
+	<securecookie host="^(?:(?:festival|www)?\.)?london2012\.com$" name=".+" />
 
 	<rule from="^http://london2012\.com/"
 		to="https://www.london2012.com/"/>
diff --git a/src/chrome/content/rules/London-Eye.xml b/src/chrome/content/rules/London-Eye.xml
new file mode 100644
index 000000000000..9258c7365512
--- /dev/null
+++ b/src/chrome/content/rules/London-Eye.xml
@@ -0,0 +1,15 @@
+<!--
+	For other Merlin Entertainments coverage, see Merlin-Entertainments.xml.
+
+	Non-functional subdomains:
+		- ^		(timeout)
+		- secure	(timeout)
+-->
+<ruleset name="London Eye">
+	<target host="www.londoneye.com" />
+
+	<securecookie host="www\.londoneye\.com$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/London-School-of-Hygiene-and-Tropical-Medicine.xml b/src/chrome/content/rules/London-School-of-Hygiene-and-Tropical-Medicine.xml
index 38a3fdfc0c4b..3eedbc03011e 100644
--- a/src/chrome/content/rules/London-School-of-Hygiene-and-Tropical-Medicine.xml
+++ b/src/chrome/content/rules/London-School-of-Hygiene-and-Tropical-Medicine.xml
@@ -1,15 +1,25 @@
-<ruleset name="London School of Hygiene &amp; Tropical Medicine">
-
-  <target host="lshtm.ac.uk" />
-  <target host="www.lshtm.ac.uk" />
-  <target host="jobs.lshtm.ac.uk" />
-  <target host="intra.lshtm.ac.uk" />
-  <target host="blogs.lshtm.ac.uk" />
-  <target host="forums.lshtm.ac.uk" />
-
-  <rule from="^http://lshtm\.ac\.uk/" to="https://www.lshtm.ac.uk/"/>
-  <rule from="^http://(www|jobs|intra|blogs|forums)\.lshtm\.ac\.uk/" to="https://$1.lshtm.ac.uk/"/>
-
-  <exclusion pattern="^http://blogs\.lshtm\.ac\.uk/(spring|csm|crash3|tbsymposium|bcges|pathways|crises|disabilitycentre|itservices|ucu|ghlc|hme|same|genderviolence)/"/>
-
-</ruleset>
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://forums.lshtm.ac.uk/ => https://forums.lshtm.ac.uk/: (6, 'Could not resolve host: forums.lshtm.ac.uk')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://lshtm.ac.uk/ => https://www.lshtm.ac.uk/: (6, 'Could not resolve host: lshtm.ac.uk')
+Fetch error: http://blogs.lshtm.ac.uk/ => https://blogs.lshtm.ac.uk/: Cycle detected - URL already encountered: https://blogs.lshtm.ac.uk/
+Fetch error: http://forums.lshtm.ac.uk/ => https://forums.lshtm.ac.uk/: (6, 'Could not resolve host: forums.lshtm.ac.uk')
+-->
+<ruleset name="London School of Hygiene &amp; Tropical Medicine" default_off="failed ruleset test">
+
+  <target host="lshtm.ac.uk" />
+  <target host="www.lshtm.ac.uk" />
+  <target host="jobs.lshtm.ac.uk" />
+  <target host="intra.lshtm.ac.uk" />
+  <target host="blogs.lshtm.ac.uk" />
+  <target host="forums.lshtm.ac.uk" />
+
+  <rule from="^http://lshtm\.ac\.uk/" to="https://www.lshtm.ac.uk/"/>
+  <rule from="^http://(www|jobs|intra|blogs|forums)\.lshtm\.ac\.uk/" to="https://$1.lshtm.ac.uk/"/>
+
+  <exclusion pattern="^http://blogs\.lshtm\.ac\.uk/(?:spring|csm|crash3|tbsymposium|bcges|pathways|crises|disabilitycentre|itservices|ucu|ghlc|hme|same|genderviolence)/"/>
+
+</ruleset>
diff --git a/src/chrome/content/rules/London-Stock-Exchange.xml b/src/chrome/content/rules/London-Stock-Exchange.xml
deleted file mode 100644
index 8cc4905a56c9..000000000000
--- a/src/chrome/content/rules/London-Stock-Exchange.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="London Stock Exchange (partial)">
-
-	<target host="londonstockexchange.com"/>
-	<target host="www.londonstockexchange.com"/>
-
-	<rule from="^http://(?:www\.)?londonstockexchange\.com/(exchange/user|global|home|media|news)/"
-		to="https://www.londonstockexchange.com/$1/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/London.gov.uk.xml b/src/chrome/content/rules/London.gov.uk.xml
new file mode 100644
index 000000000000..40f4958e3f3d
--- /dev/null
+++ b/src/chrome/content/rules/London.gov.uk.xml
@@ -0,0 +1,83 @@
+<!--
+	Greater London Authority
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *london.gov.uk:
+
+		- data ʳ
+		- mqt ʳ
+		- my ᵈ
+		- questions ʳ
+		- volunteerteam ᵃ
+
+	ᵃ Shows another domain
+	ʳ Refused
+
+
+	Partially covered hosts in *london.gov.uk:
+
+		- talklondon ʰ
+
+	ʰ Some pages redirect to http
+
+
+	These altnames don't exist:
+
+		- www.volunteerbooking.london.gov.uk
+
+
+	Insecure cookies are set for these hosts:
+
+		- .london.gov.uk
+		- www.london.gov.uk
+
+-->
+<ruleset name="London.gov.uk">
+
+	<target host="london.gov.uk" />
+	<target host="speedvolunteer.london.gov.uk" />
+	<target host="talklondon.london.gov.uk" />
+	<target host="volunteerbooking.london.gov.uk" />
+	<target host="www.london.gov.uk" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://talklondon\.london\.gov\.uk/(?:$|contact$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://talklondon\.london\.gov\.uk/+(?!(?:london-survey|user)(?:$|\?)|misc/|profiles/|sites/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://talklondon.london.gov.uk/blogs/" />
+			<test url="http://talklondon.london.gov.uk/contact" />
+			<test url="http://talklondon.london.gov.uk/forms/mail-mayor" />
+			<test url="http://talklondon.london.gov.uk/privacypolicy" />
+			<test url="http://talklondon.london.gov.uk/smart-london" />
+			<test url="http://talklondon.london.gov.uk/topics/safety" />
+
+			<!--	-ve:
+					-->
+			<test url="http://talklondon.london.gov.uk/misc/menu-leaf.png" />
+			<test url="http://talklondon.london.gov.uk/profiles/gla_profile/themes/custom/gla/images/mayor_of_london_160_14.gif" />
+			<test url="http://talklondon.london.gov.uk/sites/default/files/css/css_2rLQNuPNFWGrnNgvhQ00u-7MbdrV58mnoPf2z4bNQ_Y.css" />
+			<test url="http://talklondon.london.gov.uk/user/register" />
+			<test url="http://talklondon.london.gov.uk/user/login?destination=" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.london\.gov\.uk$" name="^(?:_gat|(?:incap_ses_\d+|nlbi|visid_incap)_\d+)$" /-->
+	<!--securecookie host="^www\.london\.gov\.uk$" name="^___utmp[abm]" /-->
+
+	<securecookie host="^\." name="^(?:_gat|(?:incap_ses_\d+|nlbi|visid_incap)_\d+)$" />
+	<securecookie host="^(?!talklondon\.)\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/LondonDrugs.com.xml b/src/chrome/content/rules/LondonDrugs.com.xml
new file mode 100644
index 000000000000..5ee45ab88a4f
--- /dev/null
+++ b/src/chrome/content/rules/LondonDrugs.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="London Drugs">
+        <target host="londondrugs.com" />
+        <target host="www.londondrugs.com" />
+        <target host="customworks.ca" />
+        <target host="www.customworks.ca" />
+
+        <securecookie host="^(?:www)?(?:\.)?londondrugs\.com$" name=".+" />
+        <securecookie host="^(?:www)?(?:\.)?customworks\.ca$" name=".+" />
+
+        <rule from="^http:"
+                to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/LondonStockExchange.com.xml b/src/chrome/content/rules/LondonStockExchange.com.xml
new file mode 100644
index 000000000000..60f680d5bb91
--- /dev/null
+++ b/src/chrome/content/rules/LondonStockExchange.com.xml
@@ -0,0 +1,15 @@
+<ruleset name="London Stock Exchange">
+	<target host="londonstockexchange.com" />
+	<target host="www.londonstockexchange.com" />
+	<target host="api.londonstockexchange.com" />
+		<test url="http://api.londonstockexchange.com/api/gw/lse/download/COCPG/tearsheet" />
+	<target host="docs.londonstockexchange.com" />
+		<test url="http://docs.londonstockexchange.com/sites/default/files/documents/fees-for-issuers.pdf" />
+	<target host="www.rns-pdf.londonstockexchange.com" />
+	<target host="services.londonstockexchange.com" />
+	<target host="www.unavista.londonstockexchange.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/London_City_Airport.xml b/src/chrome/content/rules/London_City_Airport.xml
index 687039c91d44..fae5314f9dd7 100644
--- a/src/chrome/content/rules/London_City_Airport.xml
+++ b/src/chrome/content/rules/London_City_Airport.xml
@@ -2,9 +2,9 @@
     <target host="londoncityairport.com" />
     <target host="*.londoncityairport.com" />
 
-    <securecookie host="^(.*\.)?londoncityairport\.com$" name=".+" />
+    <securecookie host=".+" name=".+"/>
 
-    <rule from="^https?://londoncityairport\.com/"
+    <rule from="^http://londoncityairport\.com/"
         to="https://www.londoncityairport.com/"/>
     <rule from="^http://([^/:@]+)?\.londoncityairport\.com/"
         to="https://$1.londoncityairport.com/" />
diff --git a/src/chrome/content/rules/London_Hackspace.xml b/src/chrome/content/rules/London_Hackspace.xml
index 817c8ff6ddbb..1caafc7a484f 100644
--- a/src/chrome/content/rules/London_Hackspace.xml
+++ b/src/chrome/content/rules/London_Hackspace.xml
@@ -2,7 +2,7 @@
     <target host="london.hackspace.org.uk" />
     <target host="*.london.hackspace.org.uk" />
 
-    <rule from="^https?://london\.hackspace\.org\.uk/"
+    <rule from="^http://london\.hackspace\.org\.uk/"
         to="https://london.hackspace.org.uk/"/>
     <rule from="^http://([^/:@]+)?\.london\.hackspace\.org\.uk/"
         to="https://$1.london.hackspace.org.uk/" />
diff --git a/src/chrome/content/rules/London_Review_of_Books.xml b/src/chrome/content/rules/London_Review_of_Books.xml
index 1ed524173fdc..1fcf35db10a9 100644
--- a/src/chrome/content/rules/London_Review_of_Books.xml
+++ b/src/chrome/content/rules/London_Review_of_Books.xml
@@ -18,13 +18,14 @@
 <ruleset name="London Review of Books (partial)">
 
 	<target host="lrb.co.uk" />
-	<target host="*.lrb.co.uk" />
+	<target host="www.lrb.co.uk" />
+	<target host="cdn.lrb.co.uk" />
 
 
 	<rule from="^http://(?:www\.)?lrb\.co\.uk/(activate/?(?:$|\?)|assets/|Shibboleth\.sso)"
 		to="https://www.lrb.co.uk/$1" />
 
 	<rule from="^http://cdn\.lrb\.co\.uk/"
-		to="https://d7mx03fbraf30.cloudfront.net/" />
+		to="https://cdn.lrb.co.uk/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/London_Sock_Company.com.xml b/src/chrome/content/rules/London_Sock_Company.com.xml
new file mode 100644
index 000000000000..59e845ebcffb
--- /dev/null
+++ b/src/chrome/content/rules/London_Sock_Company.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="London Sock Company.com">
+
+	<target host="londonsockcompany.com" />
+	<target host="www.londonsockcompany.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Londonist.com.xml b/src/chrome/content/rules/Londonist.com.xml
new file mode 100644
index 000000000000..f35cc1adabc7
--- /dev/null
+++ b/src/chrome/content/rules/Londonist.com.xml
@@ -0,0 +1,45 @@
+<!--
+	CDN buckets:
+
+		- londonist.wpengine.netdna-cdn.com
+
+			- cdn
+
+
+	Problematic subdomains:
+
+		- cdn *
+
+	* 404; mismatched, CN: *.netdna-ssl.com
+
+
+	At least some pages redirect to http.
+
+-->
+<ruleset name="Londonist.com (partial)">
+
+	<target host="londonist.com" />
+	<target host="www.londonist.com" />
+	<target host="cdn.londonist.com" />
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="^http://londonist\.com/+($|\?|subscribe$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="^http://londonist\.com/+(?!favicon\.ico|wp-content/|wp-includes/)" /-->
+
+
+	<!--	Tracking cookies:
+					-->
+	<securecookie host="^\.londonist\.com$" name="^__qca$" />
+
+
+	<rule from="^http://(www\.)?londonist\.com/(?=favicon\.ico|wp-content/|wp-includes/)"
+		to="https://$1londonist.com/" />
+
+	<rule from="^http://cdn\.londonist\.com/"
+		to="https://londonist.wpengine.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Lone-Survivor.xml b/src/chrome/content/rules/Lone-Survivor.xml
index 9841a9b7e2ea..34b7f0e57199 100644
--- a/src/chrome/content/rules/Lone-Survivor.xml
+++ b/src/chrome/content/rules/Lone-Survivor.xml
@@ -1,11 +1,10 @@
-<ruleset name="Lone Survivor" default_off="self-signed">
+<ruleset name="Lone Survivor.co.uk" default_off="shows default page">
 
-	<!--	Cert: plesk	-->
 	<target host="lonesurvivor.co.uk" />
 	<target host="www.lonesurvivor.co.uk" />
 
 
-	<rule from="^https?://(?:www\.)?lonesurvivor\.co\.uk/"
-		to="https://lonesurvivor.co.uk/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Lone_Sysadmin.net.xml b/src/chrome/content/rules/Lone_Sysadmin.net.xml
new file mode 100644
index 000000000000..3253b99a24e4
--- /dev/null
+++ b/src/chrome/content/rules/Lone_Sysadmin.net.xml
@@ -0,0 +1,13 @@
+<!--
+	www doesn't exist.
+
+-->
+<ruleset name="Lone Sysadmin.net">
+
+	<target host="lonesysadmin.net" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Lonelyplanet.com.xml b/src/chrome/content/rules/Lonelyplanet.com.xml
new file mode 100644
index 000000000000..22fd5eacf07a
--- /dev/null
+++ b/src/chrome/content/rules/Lonelyplanet.com.xml
@@ -0,0 +1,16 @@
+<!--
+	Invalid Certificate:
+		hotels.lonelyplanet.com
+-->
+<ruleset name="Lonelyplanet.com">
+	<target host="lonelyplanet.com" />
+	<target host="www.lonelyplanet.com" />
+	<target host="auth.lonelyplanet.com" />
+	<target host="media.lonelyplanet.com" />
+	<target host="shop.lonelyplanet.com" />
+	<target host="support.lonelyplanet.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/LongDate.pl.xml b/src/chrome/content/rules/LongDate.pl.xml
new file mode 100644
index 000000000000..a5e00aa4dd20
--- /dev/null
+++ b/src/chrome/content/rules/LongDate.pl.xml
@@ -0,0 +1,44 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://longdate.pl/ => https://longdate.pl/: (6, 'Could not resolve host: longdate.pl')
+Fetch error: http://www.longdate.pl/ => https://www.longdate.pl/: (6, 'Could not resolve host: www.longdate.pl')
+
+	Problematic hosts:
+
+		- test *
+
+	* Mismatched
+
+
+	Fully covered hosts:
+
+		- (www.)?
+
+
+	Insecure cookies are set for these hosts:
+
+		- longdate.pl
+		- www.longdate.pl
+
+-->
+<ruleset name="LongDate.pl (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="longdate.pl" />
+	<target host="www.longdate.pl" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?longdate\.pl$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^longdate\.pl$" name="^invite-anyone$" /-->
+
+	<securecookie host="^(?:www\.)?longdate\.pl$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/LongTail.xml b/src/chrome/content/rules/LongTail.xml
index df8fcb33649a..938002f6029f 100644
--- a/src/chrome/content/rules/LongTail.xml
+++ b/src/chrome/content/rules/LongTail.xml
@@ -1,98 +1,82 @@
 <!--
-	CDN buckets:
-
-		- cs28.wpc.edgecastcdn.net
-
-			- p.jwpcdn.com
-
-
-	Nonfunctional subdomains:
-
-		- developer	(cert: secure; 301s to http)
-
-
-	Problematic domains:
-
-		- cdn.s.jwpcdn.com	(akamai)
-
-
-	Fully covered domains:
-
-		- longtailvideo.com subdomains:
-
-			- securelp
-
-		- jwpcdn.com subdomains:
-
-			- ssl.p
-
+	Other LongTail rulesets:
+		- Bitsontherun.com.xml
+		- JW_Platform.com.xml
+
+	Cert mismatch:
+		- go.longtailvideo.com
+		- ltvimg.com
+		- s0-www.ltvimg.com
+		- s1-www.ltvimg.com
+		- www.ltvimg.com
+		- a.jwpcdn.com
+		- p.jwpcdn.com, equivalent to ssl.p.jwpcdn.com
+
+	Redirect loop:
+		- mvn.jwplayer.com
+
+	Timeout:
+		- demo.longtailvideo.com
+		- design.longtailvideo.com
+		- bob.jwplayer.com
+		- demo.jwplayer.com
+		- qa.jwplayer.com
+
+	TLS error:
+		- g5bmawnx.cdn.jwplayer.com
 -->
-<ruleset name="LongTail (partial)">
+<ruleset name="LongTail (partial)" >
 
-	<target host="dashboard.bitsontherun.com" />
-	<target host="*.jwpcdn.com" />
-	<target host="*.jwpltx.com" />
-	<target host="longtail.tv" />
-	<target host="www.longtail.tv" />
-	<target host="longtailvideo.com" />
-	<target host="*.longtailvideo.com" />
-	<target host="ltvimg.com" />
-	<target host="*.ltvimg.com" />
-		<!--
-			302 to http.
-					-->
-		<exclusion pattern="^https?://(?:s[01]-)?www\.l(?:ongtailvideo|tvimg)\.com/sites/all/themes/(?!community/)\w+/images/\w+\.png$" />
-
-
-	<securecookie host="^\w\.jwpltx\.com$" name=".+" />
-	<securecookie host="^.+\.longtailvideo\.com$" name=".+" />
-
-
-	<!--	At least some pages 303 to http.
-							-->
-	<rule from="^http://dashboard\.bitsontherun\.com/static/"
-		to="https://dashboard.bitsontherun.com/static/" />
-
-	<rule from="^http://(a|v)\.jwpcdn\.com/"
-		to="https://$1.jwpcdn.com/" />
-
-	<rule from="^http://(?:cdn\.|ssl\.)?p\.jwpcdn\.com/"
-		to="https://ssl.p.jwpcdn.com/" />
+	<target host="p.jwpcdn.com" />
+	<target host="ssl.p.jwpcdn.com" />
 
-	<rule from="^http://(i|s)\.jwpltx\.com/"
-		to="https://$1.jwpltx.com/" />
+	<target host="jwpltx.com" />
+	<target host="dev.jwpltx.com" />
+	<target host="stg.jwpltx.com" />
 
-	<!--	- Cert valid for www, but $ 404s
-		- 301s like so
-						-->
-	<rule from="^http://(?:www\.)?longtail\.tv/"
-		to="https://www.longtailvideo.com/" />
-
-	<!--	- !www cert only matches secure
-		- Some (most?) pages redirect to http
-		- As do these paths:
-
-			- addons/images/
-						-->
-	<rule from="^http://(?:www\.)?longtailvideo\.com/(bits-on-the-run/sign-up|content/|jw/|sites/)"
-		to="https://www.longtailvideo.com/$1" />
-
-	<rule from="^http://(content|dashboard|l|lp|player|plugins|secure|securelp)\.longtailvideo\.com/"
-		to="https://$1.longtailvideo.com/" />
-
-	<!--	- !www CN: edgecastcdn.net
-		- www CN: *.longtailvideo.com
-		- Both 404
-					-->
-	<rule from="^http://(?:www\.)?ltvimg\.com/"
-		to="https://s0-www.ltvimg.com/" />
-
-	<!--	Redirects like so:
-					-->
-	<rule from="^http://s(?:0|1)-www\.ltvimg\.com/(\?.*)?$"
-		to="https://www.longtailvideo.com/$1" />
-
-	<rule from="^http://s(0|1)-www\.ltvimg\.com/"
-		to="https://s$1-www.ltvimg.com/" />
+	<target host="longtailvideo.com" />
+	<target host="www.longtailvideo.com" />
+	<target host="account.longtailvideo.com" />
+	<target host="code.longtailvideo.com" />
+	<target host="developer.longtailvideo.com" />
+	<target host="l.longtailvideo.com" />
+	<target host="lp.longtailvideo.com" />
+	<target host="ova.longtailvideo.com" />
+	<target host="playertest.longtailvideo.com" />
+	<target host="plugins.longtailvideo.com" />
+	<target host="secure.longtailvideo.com" />
+	<target host="securel.longtailvideo.com" />
+	<target host="securelp.longtailvideo.com" />
+	<target host="secureplugins.longtailvideo.com" />
+	<target host="static-account.longtailvideo.com" />
+	<target host="www3.longtailvideo.com" />
+
+	<target host="jwplayer.com" />
+	<target host="www.jwplayer.com" />
+	<target host="account.jwplayer.com" />
+	<target host="api.jwplayer.com" />
+	<target host="apidocs.jwplayer.com" />
+	<target host="cdn.jwplayer.com" />
+	<target host="checkout.jwplayer.com" />
+	<target host="dashboard.jwplayer.com" />
+	<target host="developer.jwplayer.com" />
+	<target host="entitlements.jwplayer.com" />
+	<target host="go.jwplayer.com" />
+	<target host="insights.jwplayer.com" />
+	<target host="jw7.jwplayer.com" />
+	<target host="jw7beta.jwplayer.com" />
+	<target host="recommendations.jwplayer.com" />
+	<target host="sdk.jwplayer.com" />
+	<target host="status.jwplayer.com" />
+	<target host="support.jwplayer.com" />
+	<target host="tv.jwplayer.com" />
+	<target host="vr.jwplayer.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://p\.jwpcdn\.com/"
+		  to="https://ssl.p.jwpcdn.com/" />
+
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Long_Now.org.xml b/src/chrome/content/rules/Long_Now.org.xml
new file mode 100644
index 000000000000..59fd85d00e06
--- /dev/null
+++ b/src/chrome/content/rules/Long_Now.org.xml
@@ -0,0 +1,17 @@
+<!--
+	www: cert only matches ^longnow.org
+
+
+	$ redirects to http.
+
+-->
+<ruleset name="Long Now.org (partial)">
+
+	<target host="longnow.org" />
+	<target host="www.longnow.org" />
+
+
+	<rule from="^http://(?:www\.)?longnow\.org/(?=media/|membership(?:$|[?/])|static/)"
+		to="https://longnow.org/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Longform.org.xml b/src/chrome/content/rules/Longform.org.xml
new file mode 100644
index 000000000000..2b92fed592ad
--- /dev/null
+++ b/src/chrome/content/rules/Longform.org.xml
@@ -0,0 +1,33 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- longform.org
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Images from s3.longform.org.s3.amazonaws.com
+		- Web bugs from pixel.quantserve.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Longform.org">
+
+	<target host="longform.org" />
+	<target host="www.longform.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^longform\.org$" name="^_longform\.org_session$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/LoohPress.com.xml b/src/chrome/content/rules/LoohPress.com.xml
new file mode 100644
index 000000000000..718c3b72a650
--- /dev/null
+++ b/src/chrome/content/rules/LoohPress.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="LoohPress.com">
+	<target host="loohpress.com" />
+	<target host="www.loohpress.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Look.co.uk-mixed.xml b/src/chrome/content/rules/Look.co.uk-mixed.xml
index b1617074b402..5fbf75a27c0d 100644
--- a/src/chrome/content/rules/Look.co.uk-mixed.xml
+++ b/src/chrome/content/rules/Look.co.uk-mixed.xml
@@ -1,8 +1,12 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://shop.look.co.uk/ => https://shop.look.co.uk/: (7, 'Failed to connect to shop.look.co.uk port 443: Connection timed out')
+
 	For rules not causing mixed content, see Look.co.uk.xml.
 
 -->
-<ruleset name="Look.co.uk (mixed content)" platform="mixedcontent">
+<ruleset name="Look.co.uk (mixed content)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="shop.look.co.uk" />
 		<!--
@@ -11,7 +15,6 @@
 		<exclusion pattern="^http://shop\.look\.co\.uk/(?:[\w-]+\.css|favicon\.ico|images/|javascript/)" />
 
 
-	<rule from="^http://shop\.look\.co\.uk/"
-		to="https://shop.look.co.uk/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Look.co.uk.xml b/src/chrome/content/rules/Look.co.uk.xml
index 3e90045d494b..32a7897f431d 100644
--- a/src/chrome/content/rules/Look.co.uk.xml
+++ b/src/chrome/content/rules/Look.co.uk.xml
@@ -24,7 +24,8 @@
 -->
 <ruleset name="Look.co.uk (partial)">
 
-	<target host="*.look.co.uk" />
+	<target host="comps.look.co.uk" />
+	<target host="shop.look.co.uk" />
 		<!--
 			$ redirects to http:
 						-->
@@ -40,7 +41,6 @@
 	<securecookie host="^\.(?:comps\.)?look\.co\.uk$" name="^__utm\w$" />
 
 
-	<rule from="^http://(comps|shop)\.look\.co\.uk/"
-		to="https://$1.look.co.uk/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Look_Dumbass.xml b/src/chrome/content/rules/Look_Dumbass.xml
index af71c138a3fb..000e5ef2f084 100644
--- a/src/chrome/content/rules/Look_Dumbass.xml
+++ b/src/chrome/content/rules/Look_Dumbass.xml
@@ -17,10 +17,10 @@
 -->
 <ruleset name="Look Dumbass (partial)" default_off="mismatched">
 
-	<target host="*.lookdumbass.com" />
+	<target host="cdn00.lookdumbass.com" />
+	<target host="cdn01.lookdumbass.com" />
 
 
-	<rule from="^http://cdn0(0|1)\.lookdumbass\.com/"
-		to="https://cdn0$1.lookdumbass.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Lookback.io.xml b/src/chrome/content/rules/Lookback.io.xml
new file mode 100644
index 000000000000..8d8818c8db73
--- /dev/null
+++ b/src/chrome/content/rules/Lookback.io.xml
@@ -0,0 +1,15 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- www.lookback.io
+-->
+<ruleset name="Lookback.io">
+	<target host="lookback.io" />
+	<target host="www.lookback.io" />
+
+	<rule from="^http://www\.lookback\.io/"
+			to="https://lookback.io/" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Looking_Local.xml b/src/chrome/content/rules/Looking_Local.xml
index 403db33313bd..5430a7ba0fd7 100644
--- a/src/chrome/content/rules/Looking_Local.xml
+++ b/src/chrome/content/rules/Looking_Local.xml
@@ -2,7 +2,7 @@
 	For other UK government coverage, see GOV.UK.xml.
 
 -->
-<ruleset name="Looking Local">
+<ruleset name="Looking Local.gov.uk">
 
 	<target host="lookinglocal.gov.uk" />
 	<target host="www.lookinglocal.gov.uk" />
@@ -11,7 +11,7 @@
 	<securecookie host="^(?:www\.)?lookinglocal\.gov\.uk$" name=".+" />
 
 
-	<rule from="^http://(www\.)?lookinglocal\.gov\.uk/"
-		to="https://$1lookinglocal.gov.uk/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Lookingglass.xml b/src/chrome/content/rules/Lookingglass.xml
index be37ff127fef..83aa6542b47d 100644
--- a/src/chrome/content/rules/Lookingglass.xml
+++ b/src/chrome/content/rules/Lookingglass.xml
@@ -1,13 +1,12 @@
 <ruleset name="Lookingglass">
 
 	<target host="lgscout.com" />
-	<target host="*.lgscout.com" />
+	<target host="www.lgscout.com" />
 
 
 	<securecookie host="^\.lgscout\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?lgscout\.com/"
-		to="https://$1lgscout.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Lookout.com.xml b/src/chrome/content/rules/Lookout.com.xml
index 843fad0168f0..4040bb5b3140 100644
--- a/src/chrome/content/rules/Lookout.com.xml
+++ b/src/chrome/content/rules/Lookout.com.xml
@@ -1,24 +1,17 @@
-<!--
-     This rule was automatically generated based on an HSTS
-     preload rule in the Chromium browser.  See
-     https://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.h
-     for the list of preloads.  Sites are added to the Chromium HSTS
-     preload list on request from their administrators, so HTTPS should
-     work properly everywhere on this site.
-
--->
 <ruleset name="Lookout.com">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="lookout.com" />
-	<target host="*.lookout.com" />
-	<target host="mylookout.com" />
-	<target host="*.mylookout.com" />
+	<target host="blog.lookout.com" />
+	<target host="faq.lookout.com" />
+	<target host="www.lookout.com" />
 
 
-	<securecookie host="^(?:(?:dm|faq|www)\.)?(?:my)?lookout\.com$" name=".+" />
+	<securecookie host="^\." name="^__utm" />
 
 
-	<rule from="^http://((?:blog|dm|faq|www)\.)?(my)?lookout\.com/"
-		to="https://$1$2lookout.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Lookup.uribl.com.xml b/src/chrome/content/rules/Lookup.uribl.com.xml
new file mode 100644
index 000000000000..2b52a169caa4
--- /dev/null
+++ b/src/chrome/content/rules/Lookup.uribl.com.xml
@@ -0,0 +1,5 @@
+<ruleset name="Lookup.uribl.com">
+	<target host="lookup.uribl.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Looloo.com.xml b/src/chrome/content/rules/Looloo.com.xml
index ab493d0f70e3..381c17bac3f5 100644
--- a/src/chrome/content/rules/Looloo.com.xml
+++ b/src/chrome/content/rules/Looloo.com.xml
@@ -1,13 +1,18 @@
-<ruleset name="looloo.com">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.looloo.com/ => https://www.looloo.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.looloo.com'")
+
+-->
+<ruleset name="looloo.com" default_off="failed ruleset test">
 
 	<target host="looloo.com" />
-	<target host="*.looloo.com" />
+	<target host="www.looloo.com" />
 
 
 	<securecookie host="^\.?looloo\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?looloo\.com/"
-		to="https://$1looloo.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Loomio.org.xml b/src/chrome/content/rules/Loomio.org.xml
index 98360560a858..8a1512a537f8 100644
--- a/src/chrome/content/rules/Loomio.org.xml
+++ b/src/chrome/content/rules/Loomio.org.xml
@@ -3,22 +3,18 @@
 
 		- loomio-uploads.s3.amazonaws.com
 
-
-	Problematic subdomains:
-
-		- blog	(wordpress)
-
 -->
-<ruleset name="Loomio.org (partial)">
+<ruleset name="Loomio.org">
 
 	<target host="loomio.org" />
-	<target host="*.loomio.org" />
+	<target host="blog.loomio.org" />
+	<target host="www.loomio.org" />
 
 
-	<securecookie host="^(?:www)?\.loomio\.org$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(www\.)?loomio\.org/"
-		to="https://$1loomio.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/LoopFuse.xml b/src/chrome/content/rules/LoopFuse.xml
deleted file mode 100644
index 7da2c456bfed..000000000000
--- a/src/chrome/content/rules/LoopFuse.xml
+++ /dev/null
@@ -1,34 +0,0 @@
-<!--
-	Other LoopFuse rulesets:
-
-		- LFov.net.xml
-
--->
-<ruleset name="LoopFuse (partial)" platform="mixedcontent">
-
-	<target host="loopfuse.com" />
-	<target host="*.loopfuse.com" />
-	<target host="loopfuse.net" />
-	<target host="*.loopfuse.net" />
-		<!--	404s over https.
-			There's another domain on which it works,
-			that's used on 3rd-party websites.
-			ToDo: Find it (again).	-->
-		<exclusion pattern="^http://(www\.)?loopfuse\.net/webrecorder/js/listen\.js" />
-
-
-	<securecookie host="^(.*\.)?loopfuse\.(com|net)$" name=".*" />
-
-
-	<!--	!www doesn't work over https.
-
-		com: main website.
-		net: members' area.
-			-->
-	<rule from="^https?://(?:www\.)?loopfuse\.(com|net)/"
-		to="https://www.loopfuse.$1/" />
-
-	<rule from="^http://(blog|community|help)\.loopfuse\.com/"
-		to="https://$1.loopfuse.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/LoopPay.xml b/src/chrome/content/rules/LoopPay.xml
new file mode 100644
index 000000000000..a633f98d92b4
--- /dev/null
+++ b/src/chrome/content/rules/LoopPay.xml
@@ -0,0 +1,19 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://checkout.looppay.com/ => https://checkout.looppay.com/: (28, 'Connection timed out after 20000 milliseconds')
+
+-->
+<ruleset name="LoopPay" default_off="failed ruleset test">
+
+	<target host="looppay.com" />
+	<target host="www.looppay.com" />
+	<target host="checkout.looppay.com" />
+
+	<securecookie host=".+" name=".+" />
+
+  <rule from="^http://looppay\.com/" to="https://www.looppay.com/" />
+  <rule from="^http:"
+    to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Loopia.xml b/src/chrome/content/rules/Loopia.xml
index 4942d741b91b..f85fc2b438f7 100644
--- a/src/chrome/content/rules/Loopia.xml
+++ b/src/chrome/content/rules/Loopia.xml
@@ -1,23 +1,32 @@
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://loopiasecure.com/ => https://www.loopia.se/: (60, 'SSL certificate problem: certificate has expired')
+	Other Loopia rulesets:
+
+		- Loopia_secure.com.xml
+
+-->
 <ruleset name="Loopia">
 
 	<target host="loopia.se" />
-	<target host="*.loopia.se" />
+	<target host="static.loopia.se" />
+	<target host="support.loopia.se" />
+	<target host="webmail.loopia.se" />
+	<target host="www.loopia.se" />
 		<!--	blogg times out.	-->
 		<exclusion pattern="^http://blogg\." />
 	<!--	* for cross-domain cookie.	-->
-	<target host="*.www.loopia.se" />
 	<target host="loopiasecure.com" />
 
 
-	<securecookie host="^(.*\.)?loopia\.se$" name=".*" />
+	<securecookie host="^(?:.*\.)?loopia\.se$" name=".+" />
 
 
-	<rule from="^http://((static|support|webmail|www)\.)?loopia\.se/"
-		to="https://$1loopia.se/" />
 
 	<!--	Cert doesn't match,
 		server redirects as so.	-->
 	<rule from="^http://loopiasecure\.com/"
 		to="https://www.loopia.se/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Loopia_secure.com.xml b/src/chrome/content/rules/Loopia_secure.com.xml
new file mode 100644
index 000000000000..ea3decffc5de
--- /dev/null
+++ b/src/chrome/content/rules/Loopia_secure.com.xml
@@ -0,0 +1,13 @@
+<!--
+	For other Loopia coverage, see Loopia.xml.
+
+-->
+<ruleset name="Loopia secure.com">
+
+	<target host="*.loopiasecure.com" />
+
+
+	<rule from="^http://([\w-]+)\.loopiasecure\.com/"
+		to="https://$1.loopiasecure.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Loopt.xml b/src/chrome/content/rules/Loopt.xml
index dbc65b15cd82..83792bc265ae 100644
--- a/src/chrome/content/rules/Loopt.xml
+++ b/src/chrome/content/rules/Loopt.xml
@@ -1,4 +1,14 @@
-<ruleset name="Loopt">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://loopt.com/ => https://www.loopt.com/: (7, 'Failed to connect to www.loopt.com port 443: No route to host')
+Fetch error: http://www.loopt.com/ => https://www.loopt.com/: (7, 'Failed to connect to www.loopt.com port 443: No route to host')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://loopt.com/ => https://www.loopt.com/: (28, 'Connection timed out after 10001 milliseconds')
+Fetch error: http://www.loopt.com/ => https://www.loopt.com/: (28, 'Connection timed out after 10001 milliseconds')
+-->
+<ruleset name="Loopt" default_off="failed ruleset test">
   <target host="loopt.com" />
   <target host="www.loopt.com" />
 
diff --git a/src/chrome/content/rules/Lords-of-the-Blog.xml b/src/chrome/content/rules/Lords-of-the-Blog.xml
index bfc72597803c..b93c6c05dbf4 100644
--- a/src/chrome/content/rules/Lords-of-the-Blog.xml
+++ b/src/chrome/content/rules/Lords-of-the-Blog.xml
@@ -3,7 +3,7 @@
 	<target host="lordsoftheblog.net"/>
 	<target host="www.lordsoftheblog.net"/>
 
-	<securecookie host="^lordsoftheblog\.net$" name=".*"/>
+	<securecookie host="^lordsoftheblog\.net$" name=".+" />
 
 	<rule from="^http://(?:www\.)?lordsoftheblog\.net/"
 		to="https://lordsoftheblog.net/"/>
diff --git a/src/chrome/content/rules/Lorea.xml b/src/chrome/content/rules/Lorea.xml
deleted file mode 100644
index 1e7a3995bd82..000000000000
--- a/src/chrome/content/rules/Lorea.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="Lorea">
-
-	<target host="lorea.org" />
-	<target host="www.lorea.org" />
-
-
-	<rule from="^http://(www\.)?lorea\.org/"
-		to="https://$1lorea.org/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Lorentz_Center.nl.xml b/src/chrome/content/rules/Lorentz_Center.nl.xml
new file mode 100644
index 000000000000..eced1fdd4127
--- /dev/null
+++ b/src/chrome/content/rules/Lorentz_Center.nl.xml
@@ -0,0 +1,10 @@
+<ruleset name="Lorentz Center.nl">
+
+	<target host="lorentzcenter.nl" />
+	<target host="www.lorentzcenter.nl" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Los_Angeles_Times.xml b/src/chrome/content/rules/Los_Angeles_Times.xml
index 45399815cb20..b7207559b5b6 100644
--- a/src/chrome/content/rules/Los_Angeles_Times.xml
+++ b/src/chrome/content/rules/Los_Angeles_Times.xml
@@ -1,6 +1,16 @@
+
 <!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Fetch error: http://origin-www.latimes.com/ => https://origin-www.latimes.com/: (6, 'Could not resolve host: origin-www.latimes.com')
+Fetch error: http://circulars.latimes.com/ => https://circulars.latimes.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+	lat.ms is handled in Bit.ly_vanity_domains.xml.
+
 	For other Tribune coverage, see Tribune.xml.
 
+  Timeout:
+    secure.latimes.com
 
 	CDN buckets:
 
@@ -18,39 +28,31 @@
 
 
 	Problematic subdomains:
-
+    May 7, 2020: Doesn't seem to be in active use, but will keep in the target list
 		- circulars	(pages redirect to http; mismatched, CN: www.flyertown.ca)
 
 -->
 <ruleset name="Los Angeles Times (partial)">
 
 	<target host="latimes.com" />
-	<target host="*.latimes.com" />
+	<target host="www.latimes.com" />
+	<!-- target host="origin-www.latimes.com" /-->
+	<target host="membership.latimes.com" />
+	<target host="myaccount2.latimes.com" />
+	<!-- target host="circulars.latimes.com" /-->
 		<!--
+      May 7, 2020 - Doesn't seem to be in use as much, they have converted to
+      another insecure CDN ca-times.brightspotcdn.com
 			Not on secure, redirects to another domain. e.g.
 
+      outdated reference
 				latimes.com/media/photo/2009-11/50719492.jpg
 
 			redirects to
 
 				latimes.image2.trb.com/lanews/media/photo/2009-11/50719492.jpg
 									-->
-		<exclusion pattern="^http://(www\.)?latimes\.com/media/photo/" />
-
-
-	<!--	Tracking cookies:
-					-->
-	<securecookie host="^\.latimes\.com$" name="^(gpv_p\w|metrics_id|s_\w+|tribanalyticscookie)$" />
-	<securecookie host="^.+\.latimes\.com$" name=".+" />
-
-
-	<rule from="^http://(?:(?:origin-)?www\.)?latimes\.com/(favicon\.ico|hive/|images/|includes/|media/|stylesheets/)"
-		to="https://secure.latimes.com/$1" />
-
-	<rule from="^http://(membership|myaccount2|secure)\.latimes\.com/"
-		to="https://$1.latimes.com/" />
-
-	<rule from="^http://circulars\.latimes\.com/(assets/|dist_stage/|favicon\.ico|images/)"
-		to="https://www.flyertown.ca/$1" />
+  <securecookie host=".+" name=".+" />
 
-</ruleset>
\ No newline at end of file
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Lotame.xml b/src/chrome/content/rules/Lotame.xml
index 2a6833fbd89f..77d4e95f7cce 100644
--- a/src/chrome/content/rules/Lotame.xml
+++ b/src/chrome/content/rules/Lotame.xml
@@ -1,23 +1,35 @@
 <!--
-	Nonfunctional domains:
-
-		- www.lotame.com	(cert: Parallels Panel; shows Media Temple default page)
-
+	crwdcntrl.net:
+		Invalid certificate:
+			- gui.crwdcntrl.net
 -->
-<ruleset name="Lotame (partial)">
-
-	<target host="*.crwdcntrl.net" />
-	<target host="*.lotame.com" />
-
-
-	<securecookie host="^(ad|bcp|meez|multiply|tags)?\.crwdcntrl\.net$" name=".+" />
-
-
-	<!--	Tracking on 3rd-party websites.	-->
-	<rule from="^http://(ad|bcp|meez|multiply|tags)\.crwdcntrl\.net/"
-		to="https://$1.crwdcntrl.net/" />
-
-	<rule from="^http://(crowdcontrol|widgets)\.lotame\.com/"
-		to="https://$1.lotame.com/" />
 
+<ruleset name="Lotame">
+	<!-- lotame.com -->
+	<target host="lotame.com" />
+	<target host="www.lotame.com" />
+	<target host="api.lotame.com" />
+	<target host="crowdcontrol.lotame.com" />
+	<target host="platform.lotame.com" />
+	<target host="resources.lotame.com" />
+	<target host="widgets.lotame.com" />
+
+
+	<!-- crwdcntrl.net -->
+	<target host="crwdcntrl.net" />
+	<target host="www.crwdcntrl.net" />
+	<target host="ad.crwdcntrl.net" />
+	<target host="bcp.crwdcntrl.net" />
+	<target host="meez.crwdcntrl.net" />
+	<target host="multiply.crwdcntrl.net" />
+	<target host="optout.crwdcntrl.net" />
+	<target host="tags.crwdcntrl.net" />
+	<target host="td.crwdcntrl.net" />
+	<target host="td2.crwdcntrl.net" />
+	<target host="ts.crwdcntrl.net" />
+
+	<securecookie host="^(?:ad|bcp|meez|multiply|tags)?\.crwdcntrl\.net$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Lotto.de.xml b/src/chrome/content/rules/Lotto.de.xml
new file mode 100644
index 000000000000..187352d61441
--- /dev/null
+++ b/src/chrome/content/rules/Lotto.de.xml
@@ -0,0 +1,9 @@
+<ruleset name="Lotto.de">
+
+	<target host="lotto.de"/>
+	<target host="m.lotto.de"/>
+	<target host="www.lotto.de"/>
+
+	<rule from="^http:" to="https:"/>
+
+</ruleset>
diff --git a/src/chrome/content/rules/Lotus-Cars-mismatches.xml b/src/chrome/content/rules/Lotus-Cars-mismatches.xml
index fc754b87ecc4..3ff6221c5cf6 100644
--- a/src/chrome/content/rules/Lotus-Cars-mismatches.xml
+++ b/src/chrome/content/rules/Lotus-Cars-mismatches.xml
@@ -7,14 +7,14 @@
 	c660175.r75.cf3.rackcdn.com
 
 -->
-<ruleset name="Lotus Cars (mismatches)" default_off="mismatch">
+<ruleset name="Lotus Cars (mismatches)" default_off="mismatched">
 
 	<!--	Cert: magazine.lotuscars.com	-->
 	<target host="lotuscars.com" />
 	<target host="www.lotuscars.com" />
 
 
-	<rule from="^https?://(?:www\.)?lotuscars\.com/"
+	<rule from="^http://(?:www\.)?lotuscars\.com/"
 		to="https://lotuscars.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Lotus-Cars.xml b/src/chrome/content/rules/Lotus-Cars.xml
index 8f96792038ad..394bf5f92941 100644
--- a/src/chrome/content/rules/Lotus-Cars.xml
+++ b/src/chrome/content/rules/Lotus-Cars.xml
@@ -1,26 +1,26 @@
 <!--
+	magazine.lotus.com: gone
+
 	For problematic rules, see Lotus-Cars-mismatches.xml.
 
 
 	Nonfunctional domains:
 
 		- media.lotus.com		(cert: www.digitalnewsagency.com; 404)
+		- (www.)?lotusoriginals.com ²
 		- cdn.lotusoriginals.com	(times out)
 
+	² Refused
+
 -->
-<ruleset name="Lotus Cars (partial)" platform="mixedcontent">
+<ruleset name="Lotus Cars (partial)" default_off="refused" platform="mixedcontent">
 
-	<target host="magazine.lotus.com" />
 	<target host="lotusoriginals.com" />
 	<target host="www.lotusoriginals.com" />
 
 
-	<!--	Some pages redirect to http.	-->
-	<rule from="^http://magazine\.lotus\.com/(modules/|sites/|subscribe)"
-		to="https://magazine.lotus.com/$1" />
-
 	<!--	Cert only matches www.	-->
-	<rule from="^https?://(?:www\.)?lotusoriginals\.com/"
+	<rule from="^http://(?:www\.)?lotusoriginals\.com/"
 		to="https://www.lotusoriginals.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Lotus.xml b/src/chrome/content/rules/Lotus.xml
deleted file mode 100644
index 5534a1059dd4..000000000000
--- a/src/chrome/content/rules/Lotus.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	For other IBM coverage, see IBM.xml.
-
--->
-<ruleset name="Lotus (partial)">
-
-	<target host="www-10.lotus.com" />
-
-
-	<securecookie host="^www-10\.lotus\.com$" name=".+" />
-
-
-	<rule from="^http://www-10\.lotus\.com/"
-		to="https://www-10.lotus.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Louder_Than_War.com.xml b/src/chrome/content/rules/Louder_Than_War.com.xml
index bd158b5b8a96..91c7c859e763 100644
--- a/src/chrome/content/rules/Louder_Than_War.com.xml
+++ b/src/chrome/content/rules/Louder_Than_War.com.xml
@@ -14,7 +14,7 @@
 <ruleset name="Louder Than War.com" default_off="expired, self-signed">
 
 	<target host="louderthanwar.com" />
-	<target host="*.louderthanwar.com" />
+	<target host="www.louderthanwar.com" />
 
 
 	<securecookie host="^\.?louderthanwar\.com$" name=".+" />
@@ -23,4 +23,4 @@
 	<rule from="^http://(?:www\.)?louderthanwar\.com/"
 		to="https://louderthanwar.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Louhi.net.xml b/src/chrome/content/rules/Louhi.net.xml
index 1051e9095473..71b8ec6a6c8a 100644
--- a/src/chrome/content/rules/Louhi.net.xml
+++ b/src/chrome/content/rules/Louhi.net.xml
@@ -23,4 +23,4 @@
 	<rule from="^http://(oma|webmail|whm\d\d)\.louhi\.net/"
 		to="https://$1.louhi.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Louis_Milan.xml b/src/chrome/content/rules/Louis_Milan.xml
deleted file mode 100644
index 098dd425f62e..000000000000
--- a/src/chrome/content/rules/Louis_Milan.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Louis Milan">
-
-	<target host="louismilan.com" />
-	<target host="*.louismilan.com" />
-
-
-	<securecookie host="^(?:.*\.)?louismilan\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?louismilan\.com/"
-		to="https://$1louismilan.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Louise_Harrison_Couture.com.xml b/src/chrome/content/rules/Louise_Harrison_Couture.com.xml
new file mode 100644
index 000000000000..41ec91d13891
--- /dev/null
+++ b/src/chrome/content/rules/Louise_Harrison_Couture.com.xml
@@ -0,0 +1,21 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://louiseharrisoncouture.com/ (200) => https://louiseharrisoncouture.com/ (521)
+Non-2xx HTTP code: http://www.louiseharrisoncouture.com/ (200) => https://www.louiseharrisoncouture.com/ (521)
+
+-->
+<ruleset name="Louise Harrison Couture.com" default_off="failed ruleset test">
+
+	<target host="louiseharrisoncouture.com" />
+	<target host="www.louiseharrisoncouture.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<securecookie host="^(?:w*\.)?louiseharrisoncouture\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Louisiana_State_University-problematic.xml b/src/chrome/content/rules/Louisiana_State_University-problematic.xml
index 7b146dac8b44..c1731480701c 100644
--- a/src/chrome/content/rules/Louisiana_State_University-problematic.xml
+++ b/src/chrome/content/rules/Louisiana_State_University-problematic.xml
@@ -10,7 +10,6 @@
 	<securecookie host="^my\.lsu\.edu$" name=".+" />
 
 
-	<rule from="^http://my\.lsu\.edu/"
-		to="https://my.lsu.edu/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Louisiana_State_University.xml b/src/chrome/content/rules/Louisiana_State_University.xml
index a0b7288ec788..591c52ad7f0f 100644
--- a/src/chrome/content/rules/Louisiana_State_University.xml
+++ b/src/chrome/content/rules/Louisiana_State_University.xml
@@ -1,4 +1,6 @@
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://lsu.edu/ => https://www.lsu.edu/: Pycurl fetch failed for 'https://www.lsu.edu/'
 	For problematic rules, see Louisiana_State_University-problematic.xml.
 
 
@@ -110,7 +112,60 @@
 <ruleset name="Louisiana State University (partial)">
 
 	<target host="lsu.edu" />
-	<target host="*.lsu.edu" />
+	<target host="www.lsu.edu" />
+	<target host="appl008.lsu.edu" />
+	<target host="appl008.ocs.lsu.edu" />
+	<target host="appl037.lsu.edu" />
+	<target host="appl037.ocs.lsu.edu" />
+	<target host="calendar.apps.lsu.edu" />
+	<target host="careercenter.apps.lsu.edu" />
+	<target host="mylsu.apps.lsu.edu" />
+	<target host="myproxy.apps.lsu.edu" />
+	<target host="web.apps.lsu.edu" />
+	<target host="courses.lsu.edu" />
+	<target host="connect.grok.lsu.edu" />
+	<target host="moodle2.grok.lsu.edu" />
+	<target host="networking.grok.lsu.edu" />
+	<target host="housing.lsu.edu" />
+	<target host="itservice.lsu.edu" />
+	<target host="sso.paws.lsu.edu" />
+	<target host="photo-management.lsu.edu" />
+	<target host="photos.lsu.edu" />
+	<target host="jlee.saa.lsu.edu" />
+	<target host="sites01.lsu.edu" />
+	<target host="lsumvs.sncc.lsu.edu" />
+	<target host="studlife-web1.lsu.edu" />
+	<target host="piwik.uss.lsu.edu" />
+	<target host="as.lsu.edu" />
+	<target host="bengalbound.lsu.edu" />
+	<target host="cas.lsu.edu" />
+	<target host="complaints.lsu.edu" />
+	<target host="deanofstudents.lsu.edu" />
+	<target host="disability.lsu.edu" />
+	<target host="fye.lsu.edu" />
+	<target host="greeks.lsu.edu" />
+	<target host="groksaa.lsu.edu" />
+	<target host="sfmc.lsu.edu" />
+	<target host="studentlife.lsu.edu" />
+	<target host="www.as.lsu.edu" />
+	<target host="www.bengalbound.lsu.edu" />
+	<target host="www.cas.lsu.edu" />
+	<target host="www.complaints.lsu.edu" />
+	<target host="www.deanofstudents.lsu.edu" />
+	<target host="www.disability.lsu.edu" />
+	<target host="www.fye.lsu.edu" />
+	<target host="www.greeks.lsu.edu" />
+	<target host="www.groksaa.lsu.edu" />
+	<target host="www.sfmc.lsu.edu" />
+	<target host="www.studentlife.lsu.edu" />
+	<target host="families.lsu.edu" />
+	<target host="www.families.lsu.edu" />
+	<target host="family.lsu.edu" />
+	<target host="sg.lsu.edu" />
+	<target host="www.family.lsu.edu" />
+	<target host="www.sg.lsu.edu" />
+	<target host="tigercard.lsu.edu" />
+	<target host="www.tigercard.lsu.edu" />
 		<exclusion pattern="^http://(?:careercenter|(?:www\.)?(?:bengalbound|cas|deanofstudents|disability|families|family|fye|greeks|sg|sfmc|studentlife))\.lsu\.edu/(?!favicon\.ico|misc/|sites/)" />
 
 
@@ -126,14 +181,10 @@
 	<rule from="^http://appl0(08|37)(?:\.ocs)?\.lsu\.edu/"
 		to="https://appl0$1.lsu.edu/" />
 
-	<rule from="^http://((?:calendar|careercenter|mylsu|myproxy|web)\.apps|courses|(?:connect|moodle2|networking)\.grok|housing|itservice|sso\.paws|photo-management|photos|jlee\.saa|sites01|lsumvs\.sncc|studlife-web1|piwik\.uss)\.lsu\.edu/"
-		to="https://$1.lsu.edu/" />
 
 	<!--	Domains for which both ^foo and www.foo
 		exist, and both work, with valid certs:
 							-->
-	<rule from="^http://(www\.)?(as|bengalbound|cas|complaints|deanofstudents|disability|fye|greeks|groksaa|sfmc|studentlife)\.lsu\.edu/"
-		to="https://$1$2.lsu.edu/" />
 
 	<rule from="^http://(?:www\.)?families\.lsu\.edu/"
 		to="https://studlife-web1.lsu.edu/" />
@@ -149,4 +200,5 @@
 	<rule from="^http://(?:www\.)?tigercard\.lsu\.edu/"
 		to="https://as.lsu.edu/tigercard" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/LoveFilm.xml b/src/chrome/content/rules/LoveFilm.xml
deleted file mode 100644
index ae37477e00bc..000000000000
--- a/src/chrome/content/rules/LoveFilm.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<ruleset name="LoveFilm">
-
-	<target host="lovefilm.*" />
-	<target host="www.lovefilm.*" />
-	<target host="static.lovefilm.*" />
-	<target host="*.lovefilm.com" />
-
-
-	<securecookie host="^\.lovefilm\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?lovefilm\.co\.uk/"
-		to="https://www.lovefilm.com/" />
-
-	<rule from="^http://(?:www\.)?lovefilm\.(com|de|dk|no|se)/"
-		to="https://www.lovefilm.$1/" />
-
-	<rule from="^http://static\.lovefilm\.(com|de|dk|no|se)/"
-		to="https://static.lovefilm.$1/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/LoveHoney.xml b/src/chrome/content/rules/LoveHoney.xml
deleted file mode 100644
index 6b8cc89c1495..000000000000
--- a/src/chrome/content/rules/LoveHoney.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	CDN buckets:
-
-		- d3f650ayx9w00n.cloudfront.net
-
-
-	- Cert only matches www
-	- Most pages redirect to http
-
--->
-<ruleset name="LoveHoney (partial)">
-
-	<target host="lovehoney.co.uk" />
-	<target host="www.lovehoney.co.uk" />
-
-
-	<rule from="^https?://(?:www\.)?lovehoney.co.uk/(help/contact-us|your-account)"
-		to="https://www.lovehoney.co.uk/$1" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/LovePlanet.ru.xml b/src/chrome/content/rules/LovePlanet.ru.xml
new file mode 100644
index 000000000000..d56346f50041
--- /dev/null
+++ b/src/chrome/content/rules/LovePlanet.ru.xml
@@ -0,0 +1,54 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://css.loveplanet.ru/ => https://css.loveplanet.ru/: (51, "SSL: no alternative certificate subject name matches target host name 'css.loveplanet.ru'")
+Fetch error: http://www.loveplanet.ru/ => https://www.loveplanet.ru/: (51, "SSL: no alternative certificate subject name matches target host name 'www.loveplanet.ru'")
+
+	Nonfunctional subdomains:
+
+		- bomber *
+		- figher *
+		- kapral *
+		- partner *
+		- paukan *
+
+	* Dropped
+
+
+	Fully covered subdomains:
+
+		- (www.)?
+		- css
+
+
+	Mixed content
+
+		- Images, on:
+
+			- ^ from bomber ¹
+			- ^ from figher ¹
+			- ^ from kapral ¹
+			- ^ from paukan ¹
+
+		- Bugs, on:
+
+			- ^ from engine.mediamir.medialand.ru ²
+			- ^ from count.rbc.ru ³
+			- ^ from www.tns-counter.ru ⁴
+
+	¹ Unsecurable <= dropped
+	² Unsecurable <= 404
+	³ Unsecurable <= refused
+	⁴ Secured by us
+
+-->
+<ruleset name="LovePlanet.ru (partial)" default_off="failed ruleset test">
+
+	<target host="loveplanet.ru" />
+	<target host="css.loveplanet.ru" />
+	<target host="www.loveplanet.ru" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Love_2D.org.xml b/src/chrome/content/rules/Love_2D.org.xml
new file mode 100644
index 000000000000..18aa015e3a02
--- /dev/null
+++ b/src/chrome/content/rules/Love_2D.org.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .love2d.org
+
+-->
+<ruleset name="Love 2D.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="love2d.org" />
+	<target host="www.love2d.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.love2d\.org$" name="^phpbb3_\w+_(?:k|sid|u)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Love_Our_Local_Business.xml b/src/chrome/content/rules/Love_Our_Local_Business.xml
deleted file mode 100644
index 07b60a13cf33..000000000000
--- a/src/chrome/content/rules/Love_Our_Local_Business.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	For other Intuit coverage, see Intuit.xml.
-
-
-	!www times out.
-
--->
-<ruleset name="Love Our Local Business">
-
-	<target host="loveourlocalbusiness.com" />
-	<target host="www.loveourlocalbusiness.com" />
-
-
-	<securecookie host="^www\.loveourlocalbusiness\.com$" name=".+" />
-
-
-	<rule from="^https?://(?:www\.)?loveourlocalbusiness\.com/"
-		to="https://www.loveourlocalbusiness.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Lovemoney.xml b/src/chrome/content/rules/Lovemoney.xml
index 506bd0b374a8..42d11c048bad 100644
--- a/src/chrome/content/rules/Lovemoney.xml
+++ b/src/chrome/content/rules/Lovemoney.xml
@@ -3,7 +3,9 @@
 	<target host="lovefood.com"/>
 	<target host="www.lovefood.com"/>
 	<target host="lovemoney.com"/>
-	<target host="*.lovemoney.com"/>
+	<target host="www.lovemoney.com" />
+	<target host="energy.lovemoney.com" />
+	<target host="sanalytics.lovemoney.com" />
 
 	<rule from="^http://(?:www\.)?love(food|money)\.com/(css|favicon\.ico|[iI]mages/|login/)"
 		to="https://www.love$1.com/$2"/>
diff --git a/src/chrome/content/rules/Loverpi.com.xml b/src/chrome/content/rules/Loverpi.com.xml
new file mode 100644
index 000000000000..c010497983ba
--- /dev/null
+++ b/src/chrome/content/rules/Loverpi.com.xml
@@ -0,0 +1,17 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://loverpi.com/ => https://loverpi.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.loverpi.com/ => https://www.loverpi.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://forum.loverpi.com/ => https://forum.loverpi.com/: (6, 'Could not resolve host: forum.loverpi.com')
+
+	share.loverpi.com (refused)
+-->
+
+<ruleset name="Loverpi.com" default_off="failed ruleset test">
+	<target host="loverpi.com" />
+	<target host="www.loverpi.com" />
+	<target host="forum.loverpi.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Loverslab.com.xml b/src/chrome/content/rules/Loverslab.com.xml
new file mode 100644
index 000000000000..43338110c81c
--- /dev/null
+++ b/src/chrome/content/rules/Loverslab.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="Loverslab.com">
+  <target host="loverslab.com" />
+  <target host="www.loverslab.com" />
+
+  <securecookie host="^(?:www\.)?loverslab\.com$" name=".+" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Lovett_Publishing_House.com.xml b/src/chrome/content/rules/Lovett_Publishing_House.com.xml
new file mode 100644
index 000000000000..d36c42fee6dc
--- /dev/null
+++ b/src/chrome/content/rules/Lovett_Publishing_House.com.xml
@@ -0,0 +1,29 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://lovettpublishinghouse.com/ => https://lovettpublishinghouse.com/: (6, 'Could not resolve host: lovettpublishinghouse.com')
+Fetch error: http://www.lovettpublishinghouse.com/ => https://www.lovettpublishinghouse.com/: (6, 'Could not resolve host: www.lovettpublishinghouse.com')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://lovettpublishinghouse.com/ => https://lovettpublishinghouse.com/: (60, 'SSL certificate problem: certificate has expired')
+	Mixed content:
+
+		- css from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Lovett Publishing House.com" default_off="failed ruleset test">
+
+	<target host="lovettpublishinghouse.com" />
+	<target host="www.lovettpublishinghouse.com" />
+
+
+	<!--	Server doesn't set Secure for:
+						-->
+	<securecookie host="^(?:w*\.)?lovettpublishinghouse\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Lovtidende.dk.xml b/src/chrome/content/rules/Lovtidende.dk.xml
new file mode 100644
index 000000000000..9f95f087bd9b
--- /dev/null
+++ b/src/chrome/content/rules/Lovtidende.dk.xml
@@ -0,0 +1,35 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://lovtidende.dk/ => https://lovtidende.dk/: (56, 'SSL read: error:00000000:lib(0):func(0):reason(0), errno 104')
+
+	^lovtidende.dk: Reset
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.lovtidende.dk
+
+-->
+<ruleset name="Lovtidende.dk" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.lovtidende.dk" />
+
+	<!--	Complications:
+				-->
+	<target host="lovtidende.dk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.lovtidende\.dk$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^www\.lovtidende\.dk$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/LowEndBox.com.xml b/src/chrome/content/rules/LowEndBox.com.xml
new file mode 100644
index 000000000000..59d1a8bdd9a2
--- /dev/null
+++ b/src/chrome/content/rules/LowEndBox.com.xml
@@ -0,0 +1,20 @@
+<!--
+	Dropped:
+		- helpdesk
+		- wiki
+
+	Mismatched:
+		- register (CN: a248.e.akamai.net)
+-->
+
+<ruleset name="LowEndBox.com">
+	<target host="lowendbox.com" />
+	<target host="www.lowendbox.com" />
+
+	<target host="lowendtalk.com" />
+	<target host="www.lowendtalk.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/LowPowerLab.com.xml b/src/chrome/content/rules/LowPowerLab.com.xml
new file mode 100644
index 000000000000..0fb348e1cbc3
--- /dev/null
+++ b/src/chrome/content/rules/LowPowerLab.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Mixed content:
+
+		- css from fonts.googleapis.com *
+
+		- Images, from:
+
+			- feedburner.google.com *
+			- lowpowerlab.com *
+
+	* Secured by us
+
+-->
+<ruleset name="LowPowerLab.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="lowpowerlab.com" />
+	<target host="www.lowpowerlab.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Lowes.com.xml b/src/chrome/content/rules/Lowes.com.xml
index 0d68ac42ed21..afcd0bb55f85 100644
--- a/src/chrome/content/rules/Lowes.com.xml
+++ b/src/chrome/content/rules/Lowes.com.xml
@@ -1,58 +1,32 @@
 <!--
-	Nonfunctional subdomains:
-
-		- ppmobileapps	(dropped)
-
-
-	Problematic subdomains:
-
-		- ^	(mismatched, CN: *.know-where.com)
-
-
-	Partially covered subdomains:
-
-		- (www.)	(some paths redirect to http)
-
-
-	Fully covered subdomains:
-
-		- dpmbapps
-		- dpmbappsqa
-		- images
-		- lwscomdtq8
-		- lwssvcs
-		- m
-		- mobileapps
-		- mobileimages
-		- pplwssvcs
-		- ppm
-		- ppmobileimages
-		- sadclwscom
-		- www[17]
-
-
-	Mixed images on m from www
-
+	Non-functional hosts
+		Couldn't connect to server:
+			 - www7.lowes.com
+
+		Timeout was reached:
+			 - deploy.lowes.com
+			 - dpmbapps.lowes.com
+			 - dpmbappsqa.lowes.com
+			 - mobileapps.lowes.com
+			 - sadclwscom.lowes.com
+
+		SSL peer certificate was not OK:
+			 - metrics.lowes.com
 -->
 <ruleset name="Lowes.com (partial)">
-
-	<target host="ak1.abmr.net" />
 	<target host="lowes.com" />
-	<target host="*.lowes.com" />
-
-
-	<securecookie host="^(?:lwssvcs|m|pplwssvcs|ppm|www7)\.lowes\.com$" name=".+" />
-
-
-	<!--	This makes some images redirect to https:
-								-->
-	<rule from="^http://ak1\.abmr\.net/is/www\.lowes\.com\?"
-		to="https://ak1s.abmr.net/is/www.lowes.com?" />
-
-	<rule from="^http://(?:www\.)?lowes\.com/(css/|favicon\.ico|(?:espot/.+/)?images/|javascript/|pdf/|UserAccountLanding(?:$|\?|/)|wcstore/|webapp/)"
-		to="https://www.lowes.com/$1" />
-
-	<rule from="^http://(dpmbapps(?:qa)?|images|lwscomdtq8|(?:pp)?(?:lwssvcs|m|mobileimages)|mobileapps|sadclwscom|www[17])\.lowes\.com/"
-		to="https://$1.lowes.com/" />
-
-</ruleset>
\ No newline at end of file
+	<target host="www.lowes.com" />
+	<target host="images.lowes.com" />
+	<target host="lda.lowes.com" />
+	<target host="lwscomdtq8.lowes.com" />
+	<target host="lwssvcs.lowes.com" />
+	<target host="m.lowes.com" />
+	<target host="mobileimages.lowes.com" />
+	<target host="ppmobileimages.lowes.com" />
+	<target host="www1.lowes.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Lowyat.NET.xml b/src/chrome/content/rules/Lowyat.NET.xml
new file mode 100644
index 000000000000..c59d7004f6e6
--- /dev/null
+++ b/src/chrome/content/rules/Lowyat.NET.xml
@@ -0,0 +1,34 @@
+<!--
+	Non-functional subdomains:
+		- adserv	(m)
+		- rss.forum	(m)
+		- microsite	(e)
+		- osiris	(t)
+		- forum.vm	(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Lowyat.NET">
+
+	<target host="lowyat.net" />
+	<target host="www.lowyat.net" />
+	<target host="beta.lowyat.net" />
+	<target host="cars.lowyat.net" />
+	<target host="cdn.lowyat.net" />
+	<target host="forum.lowyat.net" />
+	<target host="genesis.lowyat.net" />
+	<target host="images.lowyat.net" />
+	<target host="images-cdn.lowyat.net" />
+	<target host="jobs.lowyat.net" />
+	<target host="meow.lowyat.net" />
+	<target host="mitra.lowyat.net" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Loyal_Forex.xml b/src/chrome/content/rules/Loyal_Forex.xml
index 12c80029a542..d92643add474 100644
--- a/src/chrome/content/rules/Loyal_Forex.xml
+++ b/src/chrome/content/rules/Loyal_Forex.xml
@@ -1,13 +1,19 @@
-<ruleset name="Loyal Forex">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://loyalforex.com/ => https://loyalforex.com/: (35, 'Unknown SSL protocol error in connection to loyalforex.com:443 ')
+Fetch error: http://www.loyalforex.com/ => https://www.loyalforex.com/: (35, 'Unknown SSL protocol error in connection to www.loyalforex.com:443 ')
+
+-->
+<ruleset name="Loyal Forex" default_off="failed ruleset test">
 
 	<target host="loyalforex.com" />
-	<target host="*.loyalforex.com" />
+	<target host="www.loyalforex.com" />
 
 
 	<securecookie host="^\.loyalforex\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?loyalforex\.com/"
-		to="https://$1loyalforex.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Lp0.xml b/src/chrome/content/rules/Lp0.xml
index 4cf984aca678..0e584f065972 100644
--- a/src/chrome/content/rules/Lp0.xml
+++ b/src/chrome/content/rules/Lp0.xml
@@ -1,9 +1,55 @@
-<ruleset name="lp0 (CAcert)" platform="cacert">
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+			 - d.ns.lp0.eu
+			 - e.ns.lp0.eu
+			 - l.ns.lp0.eu
+			 - proxima.lp0.eu
+			 - alt1.proxima.lp0.eu
+			 - alt2.proxima.lp0.eu
+			 - traffic-pxa.lp0.eu
 
-	<target host="lp0.eu"/>
-	<target host="*.lp0.eu"/>
+		SSL connect error:
+			 - test-blog.lp0.eu
 
-	<rule from="^http://(\w+\.)?lp0\.eu/"
-		to="https://$1lp0.eu/"/>
+		SSL peer certificate was not OK:
+			 - c.ns.lp0.eu
 
+		Peer certificate cannot be authenticated with given CA certificates:
+			 - smtp.lp0.eu
+
+		Status code mismatch:
+			 - dav.redrum.lp0.eu
+
+		5xx server error:
+			 - cursus.lp0.eu
+-->
+<ruleset name="lp0.eu">
+	<target host="lp0.eu" />
+	<target host="www.lp0.eu" />
+	<target host="beecat.lp0.eu" />
+	<target host="comics.lp0.eu" />
+	<target host="earth.lp0.eu" />
+	<target host="fics.lp0.eu" />
+	<target host="fire.lp0.eu" />
+	<target host="git.lp0.eu" />
+	<target host="hackdiet.lp0.eu" />
+	<target host="heaven.lp0.eu" />
+	<target host="lake.lp0.eu" />
+	<target host="mountain.lp0.eu" />
+	<target host="osm.lp0.eu" />
+	<target host="paf.lp0.eu" />
+	<target host="pub.lp0.eu" />
+	<target host="qdb.lp0.eu" />
+	<target host="random.lp0.eu" />
+	<target host="rbl.lp0.eu" />
+	<target host="rbl2.lp0.eu" />
+	<target host="redrum.lp0.eu" />
+	<target host="thttpd.lp0.eu" />
+	<target host="thunder.lp0.eu" />
+	<target host="water.lp0.eu" />
+	<target host="wiki.lp0.eu" />
+	<target host="wind.lp0.eu" />
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/LuaJIT.org.xml b/src/chrome/content/rules/LuaJIT.org.xml
new file mode 100644
index 000000000000..a88f4fd811c1
--- /dev/null
+++ b/src/chrome/content/rules/LuaJIT.org.xml
@@ -0,0 +1,17 @@
+<!--
+	luajit.org has a wildcard DNS record, all other subdomains are mismatched.
+
+	Incomplete certificate chain:
+		- wiki
+
+	Mismatched:
+		- wiki
+-->
+<ruleset name="LuaJIT.org">
+	<target host="luajit.org" />
+	<target host="www.luajit.org" />
+	<target host="bitop.luajit.org" />
+	<target host="coco.luajit.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Luadns.com.xml b/src/chrome/content/rules/Luadns.com.xml
new file mode 100644
index 000000000000..1c4162230449
--- /dev/null
+++ b/src/chrome/content/rules/Luadns.com.xml
@@ -0,0 +1,19 @@
+<!--
+	Nonfunctional hosts in *.luadns.com:
+		- status.luadns.com (f)
+		- uptime.luadns.com (f)
+
+	f: secure connection failed
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Luadns.com">
+	<target host="luadns.com" />
+	<target host="www.luadns.com" />
+	<target host="api.luadns.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Lubin-1982.xml b/src/chrome/content/rules/Lubin-1982.xml
index 30642203c5ab..9a0039834800 100644
--- a/src/chrome/content/rules/Lubin-1982.xml
+++ b/src/chrome/content/rules/Lubin-1982.xml
@@ -1,4 +1,4 @@
-<ruleset name="Lubin 1982" default_off="mismatch">
+<ruleset name="Lubin 1982" default_off="mismatched">
 
 	<!--	tuitam.pl	-->
 	<target host="lubin82.pl"/>
diff --git a/src/chrome/content/rules/Lubuntu.me.xml b/src/chrome/content/rules/Lubuntu.me.xml
new file mode 100644
index 000000000000..b2aafcbe4220
--- /dev/null
+++ b/src/chrome/content/rules/Lubuntu.me.xml
@@ -0,0 +1,12 @@
+<ruleset name="Lubuntu.me">
+
+	<target host="lubuntu.me" />
+	<target host="www.lubuntu.me" />
+	<target host="manual.lubuntu.me" />
+	<target host="phab.lubuntu.me" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Lucaspetter.com.xml b/src/chrome/content/rules/Lucaspetter.com.xml
new file mode 100644
index 000000000000..f74343382744
--- /dev/null
+++ b/src/chrome/content/rules/Lucaspetter.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="Lucaspetter.com">
+    <target host="lucaspetter.com" />
+    <target host="www.lucaspetter.com" />
+
+    <securecookie host="^(?:www)?(?:\.)?lucaspetter\.com$" name=".+" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Lucid-Reverie.xml b/src/chrome/content/rules/Lucid-Reverie.xml
index 449a5c0ae142..a5d85aa5d3ef 100644
--- a/src/chrome/content/rules/Lucid-Reverie.xml
+++ b/src/chrome/content/rules/Lucid-Reverie.xml
@@ -1,14 +1,24 @@
-<ruleset name="Lucid Reverie">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://lrcd.com/ => https://lrcd.com/: (60, 'SSL certificate problem: self signed certificate')
+Fetch error: http://www.lrcd.com/ => https://lrcd.com/: (60, 'SSL certificate problem: self signed certificate')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://lrcd.com/ => https://lrcd.com/: (60, 'SSL certificate problem: self signed certificate')
+Fetch error: http://www.lrcd.com/ => https://lrcd.com/: (60, 'SSL certificate problem: self signed certificate')
+-->
+<ruleset name="Lucid Reverie" default_off="failed ruleset test">
 
 	<target host="lrcd.com" />
 	<target host="www.lrcd.com" />
 
 
-	<securecookie host="^lrcd\.com$" name=".*" />
+	<securecookie host="^lrcd\.com$" name=".+" />
 
 
 	<!--	Cert only matches //lrcd.com.	-->
-	<rule from="^https?://(?:www\.)?lrcd\.com/"
+	<rule from="^http://(?:www\.)?lrcd\.com/"
 		to="https://lrcd.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Lucid_Media.com.xml b/src/chrome/content/rules/Lucid_Media.com.xml
new file mode 100644
index 000000000000..713df83bef2f
--- /dev/null
+++ b/src/chrome/content/rules/Lucid_Media.com.xml
@@ -0,0 +1,20 @@
+<!--
+	^lucidmedia.com: Refused
+	www.lucidmedia.com: Shows default page
+
+-->
+<ruleset name="Lucid Media.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ads.lucidmedia.com" />
+	<target host="user.lucidmedia.com" />
+
+		<test url="http://ads.lucidmedia.com/pixel?id=&amp;t=" />
+		<test url="http://user.lucidmedia.com/user?p=&amp;r=&amp;google_error=" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Lucid_Solutions.co.nz.xml b/src/chrome/content/rules/Lucid_Solutions.co.nz.xml
new file mode 100644
index 000000000000..45c16ec0b75e
--- /dev/null
+++ b/src/chrome/content/rules/Lucid_Solutions.co.nz.xml
@@ -0,0 +1,13 @@
+<ruleset name="Lucid Solutions.co.nz">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="lucidsolutions.co.nz" />
+	<target host="plone.lucidsolutions.co.nz" />
+	<target host="www.lucidsolutions.co.nz" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Lucidchart.com.xml b/src/chrome/content/rules/Lucidchart.com.xml
new file mode 100644
index 000000000000..d0d546a9dd6b
--- /dev/null
+++ b/src/chrome/content/rules/Lucidchart.com.xml
@@ -0,0 +1,47 @@
+<!--
+	For other Lucid Software coverage, see Go_Lucid.co.xml.
+
+
+	Nonfunctional hosts in *lucidchart.com:
+
+		- support *
+
+	* Zendesk
+
+-->
+<ruleset name="Lucidchart.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="lucidchart.com" />
+	<target host="www.lucidchart.com" />
+
+	<!--	Complications:
+				-->
+	<target host="support.lucidchart.com" />
+
+		<exclusion pattern="^http://support\.lucidchart\.com/+(?!favicon\.ico|generated/|images/|system/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://support.lucidchart.com/entries/21760404-Private-Publishing" />
+			<test url="http://support.lucidchart.com/entries/22181882-Collaboration-Limits-" />
+			<test url="http://support.lucidchart.com/entries/58372194-Watermark" />
+			<test url="http://support.lucidchart.com/entries/61639814-JIRA-Cloud" />
+			<test url="http://support.lucidchart.com/forums" />
+
+			<!--	-ve:
+					-->
+			<test url="http://support.lucidchart.com/favicon.ico" />
+			<test url="http://support.lucidchart.com/generated/stylesheets/branding/2014/201415/1429143857.css" />
+			<test url="http://support.lucidchart.com/images/logo-delimiter.png" />
+			<test url="http://support.lucidchart.com/system/logos/2043/0407/ZenDesk.png" />
+
+
+	<rule from="^http://support\.lucidchart\.com/"
+		to="https://lucidchart.zendesk.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Lucidpress.com.xml b/src/chrome/content/rules/Lucidpress.com.xml
new file mode 100644
index 000000000000..3b403613537e
--- /dev/null
+++ b/src/chrome/content/rules/Lucidpress.com.xml
@@ -0,0 +1,58 @@
+<!--
+	For other Lucid Software coverage, see Go_Lucid.co.xml.
+
+
+	Nonfunctional hosts in *lucidpress.com:
+
+		- support *
+
+	* Zendesk
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.lucidpress.com
+
+-->
+<ruleset name="Lucidpress.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="lucidpress.com" />
+	<target host="www.lucidpress.com" />
+
+	<!--	Complications:
+				-->
+	<target host="support.lucidpress.com" />
+
+		<exclusion pattern="^http://support\.lucidpress\.com/+(?!favicon\.ico|generated/|images/|system/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://support.lucidpress.com/entries/28962708-Print-templates" />
+			<test url="http://support.lucidpress.com/entries/30904117-Insert-PDF" />
+			<test url="http://support.lucidpress.com/entries/39560553-Mail-Merge" />
+			<test url="http://support.lucidpress.com/entries/40196923-Offline-Version" />
+			<test url="http://support.lucidpress.com/forums" />
+
+			<!--	-ve:
+					-->
+			<test url="http://support.lucidpress.com/favicon.ico" />
+			<test url="http://support.lucidpress.com/generated/stylesheets/branding/3526/352613/1426187775.css" />
+			<test url="http://support.lucidpress.com/images/logo-delimiter.png" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.lucidpress\.com$" name="^(_kmRegister|lucidchart_analytics_visit_id|lucidchart_analytics_visitor_id|site_event_user_id)$" /-->
+
+	<securecookie host="^www\.lucidpress\.com$" name=".+" />
+
+
+	<rule from="^http://support\.lucidpress\.com/"
+		to="https://lucidpress.zendesk.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Lucina.net.xml b/src/chrome/content/rules/Lucina.net.xml
new file mode 100644
index 000000000000..339a0d967f9f
--- /dev/null
+++ b/src/chrome/content/rules/Lucina.net.xml
@@ -0,0 +1,9 @@
+<ruleset name="Lucina.net">
+
+	<target host="lucina.net" />
+	<target host="www.lucina.net" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Lucios_Gold.xml b/src/chrome/content/rules/Lucios_Gold.xml
index a071220cd1e3..01a9c6f8b98b 100644
--- a/src/chrome/content/rules/Lucios_Gold.xml
+++ b/src/chrome/content/rules/Lucios_Gold.xml
@@ -1,13 +1,21 @@
-<ruleset name="Lucio's Gold">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://luciosgold.ca/ => https://luciosgold.ca/: (60, 'SSL certificate problem: self signed certificate')
+Fetch error: http://www.luciosgold.ca/ => https://www.luciosgold.ca/: (60, 'SSL certificate problem: self signed certificate')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://luciosgold.ca/ => https://luciosgold.ca/: (60, 'SSL certificate problem: self signed certificate')
+-->
+<ruleset name="Lucio's Gold" default_off="failed ruleset test">
 
 	<target host="luciosgold.ca" />
-	<target host="*.luciosgold.ca" />
+	<target host="www.luciosgold.ca" />
 
 
 	<securecookie host="^(?:www)?\.luciosgold\.ca$" name=".+" />
 
 
-	<rule from="^http://(www\.)?luciosgold\.ca/"
-		to="https://$1luciosgold.ca/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Lucky2u.net.xml b/src/chrome/content/rules/Lucky2u.net.xml
index 3e1f9b862eb9..19b1e4adaba7 100644
--- a/src/chrome/content/rules/Lucky2u.net.xml
+++ b/src/chrome/content/rules/Lucky2u.net.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(?:www\.)?lucky2u\.net/"
 		to="https://lucky2u.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/LuckyMarmot.com.xml b/src/chrome/content/rules/LuckyMarmot.com.xml
new file mode 100644
index 000000000000..c3704ca2b522
--- /dev/null
+++ b/src/chrome/content/rules/LuckyMarmot.com.xml
@@ -0,0 +1,20 @@
+<!--
+	Nonfunctional hosts in *luckymarmot.com:
+
+		- blog *
+
+	* Refused
+
+-->
+<ruleset name="LuckyMarmot.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="luckymarmot.com" />
+	<target host="www.luckymarmot.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/LuckyShare.xml b/src/chrome/content/rules/LuckyShare.xml
index c069e79b99d2..b6123acc5d71 100644
--- a/src/chrome/content/rules/LuckyShare.xml
+++ b/src/chrome/content/rules/LuckyShare.xml
@@ -1,13 +1,26 @@
-<ruleset name="LuckyShare">
+<!--
+	Insecure cookies are set for these domains and hosts:
+
+		- luckyshare.net
+		- .luckyshare.net
+		- www.luckyshare.net
+
+-->
+<ruleset name="LuckyShare.net">
 
 	<target host="luckyshare.net" />
-	<target host="*.luckyshare.net" />
+	<target host="www.luckyshare.net" />
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^luckyshare\.net$" name="^glo_session_eac2$" /-->
+	<!--securecookie host="^\.luckyshare\.net$" name="^(?:__cfduid|cf_clearance)$" /-->
 
-	<securecookie host="^\.?luckyshare\.net$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(www\.)?luckyshare\.net/"
-		to="https://$1luckyshare.net/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/LucyPavia.com.xml b/src/chrome/content/rules/LucyPavia.com.xml
new file mode 100644
index 000000000000..6a9b09d44c8a
--- /dev/null
+++ b/src/chrome/content/rules/LucyPavia.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="LucyPavia.com">
+	<target host="lucypavia.com" />
+	<target host="www.lucypavia.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ludialudom.sk.xml b/src/chrome/content/rules/Ludialudom.sk.xml
new file mode 100644
index 000000000000..8d90c18ab6db
--- /dev/null
+++ b/src/chrome/content/rules/Ludialudom.sk.xml
@@ -0,0 +1,35 @@
+<!--
+    Nonfunctional hosts in *.ludialudom.sk:
+
+    certificate mismatch:
+	- 2percenta.ludialudom.sk
+	- advent.ludialudom.sk
+	- bezsosrdcom.ludialudom.sk
+	- detskycin.ludialudom.sk
+	- detskycin2013.ludialudom.sk
+	- detskycin2014.ludialudom.sk
+	- detskycin2015.ludialudom.sk
+	- kamosizwebu.ludialudom.sk
+	- www.malikamosi.ludialudom.sk
+	- www.nadaciarz.ludialudom.sk
+	- old.ludialudom.sk
+	- restart.ludialudom.sk
+	- silnematky.ludialudom.sk
+	- sppolocne.ludialudom.sk
+	- velkikamosi.ludialudom.sk
+	- veslovanie.ludialudom.sk
+	- www2.ludialudom.sk
+    Secure connection failed:
+	- www.vilo.ludialudom.sk
+-->
+
+<ruleset name="Ludialudom.sk">
+  <target host="ludialudom.sk" />
+  <target host="www.ludialudom.sk" />
+  <target host="aukcie.ludialudom.sk" />
+  <target host="blog.ludialudom.sk" />
+  <target host="dobrovolnici.ludialudom.sk" />
+
+  <rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ludios.org.xml b/src/chrome/content/rules/Ludios.org.xml
index a7dee28a65c6..b0382ff2158e 100644
--- a/src/chrome/content/rules/Ludios.org.xml
+++ b/src/chrome/content/rules/Ludios.org.xml
@@ -1,8 +1,13 @@
-<ruleset name="Ludios.org">
-  <target host="www.ludios.org" />
-  <target host="ludios.org" />
+<ruleset name="ludios.org">
 
-  <securecookie host="^(www\.)?ludios\.org$" name=".*" />
+	<target host="ludios.org" />
+	<target host="www.ludios.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
-  <rule from="^http://(www\.)?ludios\.org/" to="https://ludios.org/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/Ludis_Media.com.xml b/src/chrome/content/rules/Ludis_Media.com.xml
index a56cfb414aaf..ea3fcdc15adf 100644
--- a/src/chrome/content/rules/Ludis_Media.com.xml
+++ b/src/chrome/content/rules/Ludis_Media.com.xml
@@ -1,23 +1,10 @@
-<!--
-	Mixed content:
-
-		- css on ^ from fonts.googleapis.com *
-
-		- Images on ^ from ^ *
-
-	* Secured by us
-
--->
-<ruleset name="Ludis Media.com" default_off="self-signed">
+<ruleset name="Ludis Media.com" default_off="404">
 
 	<target host="ludismedia.com" />
 	<target host="www.ludismedia.com" />
 
 
-	<securecookie host="^ludismedia\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?ludismedia\.com/"
-		to="https://ludismedia.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Ludwigshafen-diskutiert.de.xml b/src/chrome/content/rules/Ludwigshafen-diskutiert.de.xml
new file mode 100644
index 000000000000..2fffe4487a64
--- /dev/null
+++ b/src/chrome/content/rules/Ludwigshafen-diskutiert.de.xml
@@ -0,0 +1,13 @@
+<!--
+	This domain contains a wildcard DNS record.
+-->
+<ruleset name="Ludwigshafen-diskutiert.de">
+
+	<target host="ludwigshafen-diskutiert.de" />
+	<target host="www.ludwigshafen-diskutiert.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ludwigshafen.de.xml b/src/chrome/content/rules/Ludwigshafen.de.xml
new file mode 100644
index 000000000000..3209e1b1dc72
--- /dev/null
+++ b/src/chrome/content/rules/Ludwigshafen.de.xml
@@ -0,0 +1,42 @@
+<!--
+	Connection closed:
+		sentry.ludwigshafen.de
+
+	Content mismatch:
+		karriere.ludwigshafen.de
+
+	Invalid certificate:
+		alt.ludwigshafen.de
+		(www.)?dialog.ludwigshafen.de
+		lumm.ludwigshafen.de
+
+	Timeout:
+		bibliothek-katalog.ludwigshafen.de
+		geoportal.ludwigshafen.de
+		mail2.ludwigshafen.de
+		mailsec01.ludwigshafen.de
+-->
+<ruleset name="Ludwigshafen.de">
+
+	<target host="ludwigshafen.de" />
+	<target host="www.ludwigshafen.de" />
+	<target host="www.abfallkalender.ludwigshafen.de" />
+	<target host="bloch.ludwigshafen.de" />
+	<target host="dashaus.ludwigshafen.de" />
+	<target host="kitaportal.ludwigshafen.de" />
+	<target host="www.kitaportal.ludwigshafen.de" />
+	<target host="open-stadtbibliothek.ludwigshafen.de" />
+	<target host="portal.ludwigshafen.de" />
+	<target host="stadtplan.ludwigshafen.de" />
+	<target host="stadtplan2.ludwigshafen.de" />
+	<target host="stadtratlive.ludwigshafen.de" />
+	<target host="www.stadtratlive.ludwigshafen.de" />
+	<target host="tevisweb.ludwigshafen.de" />
+	<target host="teviswebdev.ludwigshafen.de" />
+	<target host="vsp.ludwigshafen.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Lufthansa.xml b/src/chrome/content/rules/Lufthansa.xml
index 5bd2f4a957f0..04d66afa7cf2 100644
--- a/src/chrome/content/rules/Lufthansa.xml
+++ b/src/chrome/content/rules/Lufthansa.xml
@@ -1,10 +1,16 @@
-<ruleset name="Lufthansa">
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://lufthansa.com/ (200) => https://www.lufthansa.com/ (404)
+
+-->
+<ruleset name="Lufthansa" default_off="failed ruleset test">
     <target host="lufthansa.com" />
     <target host="*.lufthansa.com" />
 
     <!--<securecookie host="^(.*\.)?lufthansa\.com$" name=".+" />-->
 
-    <rule from="^https?://lufthansa\.com/"
+    <rule from="^http://lufthansa\.com/"
         to="https://www.lufthansa.com/" />
     <rule from="^http://([^/:@]+)?\.lufthansa\.com/"
         to="https://$1.lufthansa.com/" />
diff --git a/src/chrome/content/rules/LukeSmith.xyz.xml b/src/chrome/content/rules/LukeSmith.xyz.xml
new file mode 100644
index 000000000000..34c76056b203
--- /dev/null
+++ b/src/chrome/content/rules/LukeSmith.xyz.xml
@@ -0,0 +1,16 @@
+<!--
+	Mismatch:
+		old.lukesmith.xyz
+		talk.lukesmith.xyz
+-->
+<ruleset name="LukeSmith.xyz">
+	<target host="lukesmith.xyz" />
+	<target host="www.lukesmith.xyz" />
+	<target host="forum.lukesmith.xyz" />
+	<target host="www.forum.lukesmith.xyz" />
+	<target host="git.lukesmith.xyz" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Lulea_Municipality.xml b/src/chrome/content/rules/Lulea_Municipality.xml
index 31d999664566..a5a314209b42 100644
--- a/src/chrome/content/rules/Lulea_Municipality.xml
+++ b/src/chrome/content/rules/Lulea_Municipality.xml
@@ -7,7 +7,6 @@
 	<securecookie host="^(?:www\.)?lulea\.se$" name=".+" />
 
 
-	<rule from="^http://(www\.)?lulea\.se/"
-		to="https://$1lulea.se/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Lulea_University_of_Technology.xml b/src/chrome/content/rules/Lulea_University_of_Technology.xml
index f9eeb6d91c24..7bbf680e3891 100644
--- a/src/chrome/content/rules/Lulea_University_of_Technology.xml
+++ b/src/chrome/content/rules/Lulea_University_of_Technology.xml
@@ -15,7 +15,8 @@
 <ruleset name="Luleå University of Technology (partial)">
 
 	<target host="ltu.se" />
-	<target host="*.ltu.se" />
+	<target host="www.ltu.se" />
+	<target host="weblogon.ltu.se" />
 
 
 	<securecookie host="^weblogon\.ltu\.se$" name=".+" />
@@ -27,4 +28,4 @@
 	<rule from="^http://weblogon\.ltu\.se/"
 		to="https://weblogon.ltu.se/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Lullabot.com.xml b/src/chrome/content/rules/Lullabot.com.xml
new file mode 100644
index 000000000000..4f87f99f55b0
--- /dev/null
+++ b/src/chrome/content/rules/Lullabot.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="Lullabot.com">
+
+	<target host="lullabot.com" />
+	<target host="www.lullabot.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Lulu.xml b/src/chrome/content/rules/Lulu.xml
index 3a690e2b7241..dd210b4ded07 100644
--- a/src/chrome/content/rules/Lulu.xml
+++ b/src/chrome/content/rules/Lulu.xml
@@ -1,7 +1,8 @@
 <ruleset name="Lulu (partial)">
 
 	<target host="lulu.com"/>
-	<target host="*.lulu.com"/>
+	<target host="www.lulu.com" />
+	<target host="static.lulu.com" />
 
 	<rule from="^http://(www\.)?lulu\.com/(login|register)\.php"
 		to="https://$1lulu.com/$2.php"/>
diff --git a/src/chrome/content/rules/LulzBot.com.xml b/src/chrome/content/rules/LulzBot.com.xml
new file mode 100644
index 000000000000..ae89ab8b8571
--- /dev/null
+++ b/src/chrome/content/rules/LulzBot.com.xml
@@ -0,0 +1,19 @@
+<!--
+	Invalid certificate:
+		commerce.lulzbot.com
+
+-->
+<ruleset name="LulzBot.com">
+
+	<target host="lulzbot.com" />
+	<target host="www.lulzbot.com" />
+	<target host="devel.lulzbot.com" />
+	<target host="download.lulzbot.com" />
+	<target host="forum.lulzbot.com" />
+	<target host="ohai.lulzbot.com" />
+
+	<securecookie host="\.lulzbot\.com$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/LulzBot.xml b/src/chrome/content/rules/LulzBot.xml
deleted file mode 100644
index f00ecedc582c..000000000000
--- a/src/chrome/content/rules/LulzBot.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- download
-
--->
-<ruleset name="LulzBot (partial)">
-
-	<target host="lulzbot.com" />
-	<target host="*.lulzbot.com" />
-
-
-	<securecookie host="\.lulzbot\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?lulzbot\.com/"
-		to="https://$1lulzbot.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Lumen.xml b/src/chrome/content/rules/Lumen.xml
new file mode 100644
index 000000000000..68119abd00cd
--- /dev/null
+++ b/src/chrome/content/rules/Lumen.xml
@@ -0,0 +1,9 @@
+<ruleset name="Lumen">
+	<target host="lumendatabase.org" />
+	<target host="www.lumendatabase.org" />
+
+	<securecookie host="(^|\.)lumendatabase\.org$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Lumension.com.xml b/src/chrome/content/rules/Lumension.com.xml
new file mode 100644
index 000000000000..8e9569adaa74
--- /dev/null
+++ b/src/chrome/content/rules/Lumension.com.xml
@@ -0,0 +1,88 @@
+<!--
+	CDN buckets:
+
+		- cdn.lumension.com.edgesuite.net
+
+			- marketing.cdn
+			- leic
+
+
+	Nonfunctional subdomains:
+
+		- my *
+
+	* Redirects to sftp, some paths 404
+
+
+	Problematic subdomains:
+
+		- blog ¹
+		- marketing.cdn ²
+		- leic ²
+
+	¹ Works, bluehost
+	² Works, akamai
+
+
+	Partially covered subdomains:
+
+		- blog ¹	(→ bluehost)
+		- leic ¹	(→ akamai)
+		- my ²		(→ www)
+
+	¹ Avoiding user-visible paths
+	² Some redirects preempted
+
+
+	Fully covered subdomains:
+
+		- (www.)
+		- marketing.cdn		(→ akamai)
+		- portal
+		- sftp
+		- support
+
+
+	Mixed content:
+
+		- css on leic from www *
+
+		- Images, on:
+
+			- blog and leic from marketing.cdn *
+			- blog and leic from www *
+
+	* Secured by us
+
+-->
+<ruleset name="Lumension.com (partial)">
+
+	<target host="lumension.com" />
+	<target host="*.lumension.com" />
+		<!--
+			Avoid user-visible paths:
+							-->
+		<!--exclusion pattern="^http://blog\.bluehost\.com/+(?!favicon\.ico|wp-content/)" /-->
+		<exclusion pattern="^http://leic\.lumensions\.com/+(?!css/|images/)" />
+		<!--exclusion pattern="^http://my\.lumension\.com/+(?!$|\?|partner_request_form\.jsp)" /-->
+
+
+	<securecookie host="^\.lumension\.com$" name="^_mkto_trk$" />
+
+
+	<rule from="^http://((?:portal|sftp|support|www)\.)?lumension\.com/"
+		to="https://$1lumension.com/" />
+
+	<rule from="^http://blog\.lumension\.com/favicon\.ico"
+		to="https://secure.bluehost.com/~lumensio/blog_prod/favicon.ico" />
+
+	<rule from="^http://blog\.lumension\.com/wp-content/"
+		to="https://secure.bluehost.com/~lumensio/blog_prod/wp-content/" />
+
+	<rule from="^http://my\.lumension\.com/+(?:\?.*)?$"
+		to="https://www.lumension.com/mylumension/mylumension.aspx" />
+
+	<rule from="^http://my\.lumension\.com/+partner_request_form\.jsp(?:\??$|(\?.+))"
+		to="https://www.lumension.com/Partners/Become-A-Lumension-Partner.aspx$1" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Lumesse.com.xml b/src/chrome/content/rules/Lumesse.com.xml
new file mode 100644
index 000000000000..352e98859883
--- /dev/null
+++ b/src/chrome/content/rules/Lumesse.com.xml
@@ -0,0 +1,52 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://lumesse.com/ => https://lumesse.com/: (60, 'SSL certificate problem: self signed certificate')
+Fetch error: http://www.lumesse.com/ => https://www.lumesse.com/: (60, 'SSL certificate problem: self signed certificate')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://lumesse.com/ => https://lumesse.com/: (51, "SSL: no alternative certificate subject name matches target host name 'lumesse.com'")
+Fetch error: http://www.lumesse.com/ => https://www.lumesse.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.lumesse.com'")
+	Other Lumesse rulesets:
+
+		- Recruitment_Platform.com.xml
+
+
+	Problematic subdomains:
+
+		- blog *
+
+	* Typepad
+
+
+	Mixed content:
+
+		- css, on:
+
+			- blog from $self ¹
+			- blog from static.typepad.com ²
+
+		- Images, on:
+
+			- blog from $self ¹
+			- blog from lumesse.typepad.com ³
+		- Bugs, on:
+
+			- blog from pixel.quantserve.com ⁴
+			- blog from b.scorecardresearch.com ⁴
+
+	¹ Not secured by us <= mismatched
+	² Unsecurable <= redirects to http
+	³ Not secured by us
+	⁴ Secured by us
+
+-->
+<ruleset name="Lumesse.com (partial)" default_off="failed ruleset test">
+
+	<target host="lumesse.com" />
+	<target host="www.lumesse.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Lumi.do.xml b/src/chrome/content/rules/Lumi.do.xml
deleted file mode 100644
index 77c291a5646a..000000000000
--- a/src/chrome/content/rules/Lumi.do.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!-- This rule was automatically generated based on an HSTS
-     preload rule in the Chromium browser.  See
-     https://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.h
-     for the list of preloads.  Sites are added to the Chromium HSTS
-     preload list on request from their administrators, so HTTPS should
-     work properly everywhere on this site.
-
-     Because Chromium and derived browsers automatically force HTTPS for
-     every access to this site, this rule applies only to Firefox. -->
-<ruleset name="Lumi.do" platform="firefox">
-<target host="lumi.do" />
-
-<securecookie host="^lumi\.do$" name=".+" />
-
-<rule from="^http://lumi\.do/" to="https://lumi.do/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Lumiblade.xml b/src/chrome/content/rules/Lumiblade.xml
index 60f426c9bd57..8163ed028fda 100644
--- a/src/chrome/content/rules/Lumiblade.xml
+++ b/src/chrome/content/rules/Lumiblade.xml
@@ -1,15 +1,24 @@
-<ruleset name="Lumiblade">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://lumiblade-shop.com/ => https://lumiblade-shop.com/: (7, 'Failed to connect to lumiblade-shop.com port 443: Connection refused')
+Fetch error: http://www.lumiblade-shop.com/ => https://www.lumiblade-shop.com/: (7, 'Failed to connect to www.lumiblade-shop.com port 443: Connection refused')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://lumiblade-shop.com/ => https://lumiblade-shop.com/: (7, 'Failed to connect to lumiblade-shop.com port 443: Connection refused')
+Fetch error: http://www.lumiblade-shop.com/ => https://www.lumiblade-shop.com/: (7, 'Failed to connect to www.lumiblade-shop.com port 443: Connection refused')
+-->
+<ruleset name="Lumiblade" default_off="failed ruleset test">
 
 	<target host="lumiblade-shop.com" />
 	<target host="www.lumiblade-shop.com" />
 	<!--	* for cross-domain cookie.	-->
-	<target host="*.www.lumiblade-shop.com" />
 
 
-	<securecookie host="^\.www\.lumiblade-shop\.com$" name=".*" />
+
+	<securecookie host="^\.www\.lumiblade-shop\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?lumiblade-shop\.com/"
-		to="https://$1lumiblade-shop.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Lumicall.org.xml b/src/chrome/content/rules/Lumicall.org.xml
new file mode 100644
index 000000000000..d3a7acd4bc3f
--- /dev/null
+++ b/src/chrome/content/rules/Lumicall.org.xml
@@ -0,0 +1,19 @@
+<!--
+	Nonfunctional hosts in *.lumicall.org:
+
+	certificate mismatch:
+	- lists.lumicall.org
+
+	https://www.lumicall.org has certificate mismatch, but
+	http://www.lumicall.org redirects to http://lumicall.org
+	https://lumicall.org has correct certificate
+-->
+<ruleset name="Lumicall.org">
+	<target host="lumicall.org" />
+	<target host="www.lumicall.org" />
+
+	<rule from="^http://www\.lumicall\.org/"
+		to="https://lumicall.org/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Lumigon.com.xml b/src/chrome/content/rules/Lumigon.com.xml
new file mode 100644
index 000000000000..ec946f528de4
--- /dev/null
+++ b/src/chrome/content/rules/Lumigon.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="Lumigon.com">
+
+	<target host="lumigon.com" />
+	<target host="www.lumigon.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/LuminoWorld.com.xml b/src/chrome/content/rules/LuminoWorld.com.xml
index 8bcff5969fc5..c3a655790c9b 100644
--- a/src/chrome/content/rules/LuminoWorld.com.xml
+++ b/src/chrome/content/rules/LuminoWorld.com.xml
@@ -1,4 +1,7 @@
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://luminoworld.com/ => http://luminoworld.com/: (6, 'Could not resolve host: luminoworld.com')
+Fetch error: http://www.luminoworld.com/ => http://www.luminoworld.com/: (6, 'Could not resolve host: www.luminoworld.com')
 	At least some pages redirect to http.
 
 -->
@@ -11,4 +14,4 @@
 	<rule from="^http://(www\.)?luminoworld\.com/(images/|Portals/|scripts/|show(?:Category|Product)Image\.aspx)"
 		to="https://$1luminoworld.com/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Lumo.xml b/src/chrome/content/rules/Lumo.xml
deleted file mode 100644
index 6aa8e13e3be2..000000000000
--- a/src/chrome/content/rules/Lumo.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Lumo">
-
-	<target host="lumo.me" />
-	<target host="www.lumo.me" />
-
-
-	<securecookie host="^lumo\.me$" name=".+" />
-
-
-	<rule from="^http://(www\.)?lumo\.me/"
-		to="https://$1lumo.me/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Lumosity.xml b/src/chrome/content/rules/Lumosity.xml
index 3aec4347fc6f..f7093a99dce3 100644
--- a/src/chrome/content/rules/Lumosity.xml
+++ b/src/chrome/content/rules/Lumosity.xml
@@ -7,7 +7,8 @@
 <ruleset name="Lumosity (partial)">
 
 	<target host="lumosity.com" />
-	<target host="*.lumosity.com" />
+	<target host="www.lumosity.com" />
+	<target host="static.lumosity.com" />
 	<target host="static.sl.lumosity.com" />
 
 
diff --git a/src/chrome/content/rules/Lumovies.com.xml b/src/chrome/content/rules/Lumovies.com.xml
deleted file mode 100644
index 4d258c6b4f15..000000000000
--- a/src/chrome/content/rules/Lumovies.com.xml
+++ /dev/null
@@ -1,28 +0,0 @@
-<!--
-	Problematic subdomains:
-
-		- r	(works; mismatched, CN: www.lumovies.com)
-
-
-	Mixed content:
-
-		- css on www from staticcdn.gmedianetworks.com *
-
-		- Images on www from staticcdn.gmedianetworks.com *
-
-	* Secured by us
-
--->
-<ruleset name="Lumovies.com (false MCB)" platform="mixedcontent">
-
-	<target host="lumovies.com" />
-	<target host="www.lumovies.com" />
-
-
-	<securecookie host="^www\.lumovies\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?lumovies\.com/"
-		to="https://$1lumovies.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Luna-Nivius.xml b/src/chrome/content/rules/Luna-Nivius.xml
index 94de41bd7d5c..c10c7ace2512 100644
--- a/src/chrome/content/rules/Luna-Nivius.xml
+++ b/src/chrome/content/rules/Luna-Nivius.xml
@@ -1,9 +1,18 @@
-<ruleset name="Luna Nivius">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://niveusluna.org/ => https://niveusluna.org/: (28, 'Connection timed out after 20009 milliseconds')
+Fetch error: http://www.niveusluna.org/ => https://www.niveusluna.org/: (28, 'Connection timed out after 20000 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://niveusluna.org/ => https://niveusluna.org/: (28, 'Connection timed out after 10001 milliseconds')
+Fetch error: http://www.niveusluna.org/ => https://www.niveusluna.org/: (28, 'Connection timed out after 10001 milliseconds')
+-->
+<ruleset name="Luna Nivius" default_off="failed ruleset test">
 
 	<target host="niveusluna.org" />
 	<target host="www.niveusluna.org" />
 
-	<rule from="^http://(www\.)?niveusluna\.org/"
-		to="https://$1niveusluna.org/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Lunarline.com.xml b/src/chrome/content/rules/Lunarline.com.xml
new file mode 100644
index 000000000000..9bf64cf96a50
--- /dev/null
+++ b/src/chrome/content/rules/Lunarline.com.xml
@@ -0,0 +1,18 @@
+<!--
+	Other Lunarline rulesets:
+
+		- SCAP_Sync.com.xml
+
+-->
+<ruleset name="Lunarline.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="lunarline.com" />
+	<target host="www.lunarline.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Lundi.am.xml b/src/chrome/content/rules/Lundi.am.xml
new file mode 100644
index 000000000000..39176b67a8fe
--- /dev/null
+++ b/src/chrome/content/rules/Lundi.am.xml
@@ -0,0 +1,20 @@
+<!--
+	Mixed content:
+
+		- Image from p4.storage.canalblog.com *
+
+	* Secured by us
+
+-->
+<ruleset name="lundi.am">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="lundi.am" />
+	<target host="www.lundi.am" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Lurkmore.net.xml b/src/chrome/content/rules/Lurkmore.net.xml
new file mode 100644
index 000000000000..620f91df14aa
--- /dev/null
+++ b/src/chrome/content/rules/Lurkmore.net.xml
@@ -0,0 +1,8 @@
+<ruleset name="Lurkmore.net">
+	<target host="lurkmore.net" />
+	<target host="www.lurkmore.net" />
+	<target host="ipv6.lurkmo.re" />
+	<target host="m.lurkmore.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Lurkmore.to.xml b/src/chrome/content/rules/Lurkmore.to.xml
index 2a4f01f523f0..f77af99dc622 100644
--- a/src/chrome/content/rules/Lurkmore.to.xml
+++ b/src/chrome/content/rules/Lurkmore.to.xml
@@ -1,33 +1,54 @@
 <!--
-	Problematic domains:
-
-		- www.lurkmore.to	(cert only matches ^lurkmore.to)
-
-
-	Fully covered domains:
-
-		- (www.)lurkmo.re
-		- (www.)lurkmore.so
-		- (www.)lurkmore.to	(www → ^)
-
+	Invalid certificate:
+		ad.lurkmore.to
+		egor.lurkmore.to
+		googlefffffffff9e3a2d8.lurkmore.to
+		failover.lurkmore.to
+		ftp.lurkmore.to
+		ipv6.lurkmore.to
+		irc.lurkmore.to
+		mail.lurkmore.to
+		ns.lurkmore.to
+		ns1.lurkmore.to
+		redmine.lurkmore.to
+		ssl.lurkmore.to
+
+	Time out:
+		riten.hn.lurkmore.to
+		munin.riten.hn.lurkmore.to
+		a.riten.hn.lurkmore.to
+		b.riten.hn.lurkmore.to
+		c.riten.hn.lurkmore.to
+		d.riten.hn.lurkmore.to
+		e.riten.hn.lurkmore.to
+		sunny.hn.lurkmore.to
+		a.sunny.hn.lurkmore.to
+		b.sunny.hn.lurkmore.to
+		c.sunny.hn.lurkmore.to
+		d.sunny.hn.lurkmore.to
+		e.sunny.hn.lurkmore.to
+		mail.in.lurkmore.to
+		meleno.in.lurkmore.to
+		newmeleno.in.lurkmore.to
+		ns.in.lurkmore.to
+		main.lurkmore.to
+		meleno.lurkmore.to
+		nauka.lurkmore.to
+		newmeleno.lurkmore.to
+		ivy.ns.lurkmore.to
+		jay.ns.lurkmore.to
+		nsmaster.lurkmore.to
+		science.lurkmore.to
+		test.lurkmore.to
+		wwwmeleno.lurkmore.to
 -->
-<ruleset name="Lurkmore.to">
-
-	<target host="lurkmo.re" />
-	<target host="*.lurkmo.re" />
-	<target host="lurkmore.so" />
-	<target host="*.lurkmore.so" />
+<ruleset name="lurkmore.to">
 	<target host="lurkmore.to" />
-	<target host="*.lurkmore.to" />
-
-
-	<securecookie host="^\.?lurkmo(?:\.re|re\.[st]o)$" name=".+" />
-
-
-	<rule from="^http://(www\.)?lurkmore\.to/"
-		to="https://lurkmore.to/" />
-
-	<rule from="^http://(www\.)?lurkmo(\.re|re\.so)/"
-		to="https://$1lurkmo$2/" />
+	<target host="www.lurkmore.to" />
+	<target host="m.lurkmore.to" />
+	<target host="forward.lurkmore.to" />
+	<target host="s.lurkmore.to" />
 
+	<rule from="^http://www\.lurkmore\.to/" to="https://lurkmore.to/" />
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Luvit.io.xml b/src/chrome/content/rules/Luvit.io.xml
new file mode 100644
index 000000000000..48829049db0b
--- /dev/null
+++ b/src/chrome/content/rules/Luvit.io.xml
@@ -0,0 +1,17 @@
+<!--
+	These altnames don't exist:
+
+		- www.luvit.io
+
+-->
+<ruleset name="Luvit.io">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="luvit.io" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/LuxSci.xml b/src/chrome/content/rules/LuxSci.xml
index 1fa02e2b6602..261eb5a8f95a 100644
--- a/src/chrome/content/rules/LuxSci.xml
+++ b/src/chrome/content/rules/LuxSci.xml
@@ -8,8 +8,6 @@
 
 	<target host="luxhv.com"/>
 	<target host="www.luxhv.com"/>
-	<target host="luxsci.com"/>
-	<target host="*.luxsci.com"/>
 	<target host="luxsci.mobi"/>
 	<target host="www.luxsci.mobi"/>
 
@@ -18,10 +16,6 @@
 	<rule from="^http://(?:www\.)?luxhv\.com/"
 		to="https://luxsci.com/extranet/hvmain.html"/>
 
-	<!--	cert doesn't match www	-->
-	<rule from="^http://(?:(securesend\.|webmail\.|xpress\.)|www\.)?luxsci\.com/"
-		to="https://$1luxsci.com/"/>
-
 	<!--	cert doesn't match www	-->
 	<rule from="^http://(?:www\.)?luxsci\.mobi/"
 		to="https://luxsci.mobi/"/>
diff --git a/src/chrome/content/rules/Luxomo.com.xml b/src/chrome/content/rules/Luxomo.com.xml
new file mode 100644
index 000000000000..5428d707a6ff
--- /dev/null
+++ b/src/chrome/content/rules/Luxomo.com.xml
@@ -0,0 +1,28 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://luxomo.com/ => https://luxomo.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://luxomo.com/ => https://luxomo.com/: (28, 'Connection timed out after 10001 milliseconds')
+	Mixed content:
+
+		- Image on www from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Luxomo.com" default_off="failed ruleset test">
+
+	<target host="luxomo.com" />
+	<target host="www.luxomo.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<securecookie host="^\.www\.luxomo\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Luxury_Custom_Wheels.xml b/src/chrome/content/rules/Luxury_Custom_Wheels.xml
index 5d678806e3d3..98055c6cf6e6 100644
--- a/src/chrome/content/rules/Luxury_Custom_Wheels.xml
+++ b/src/chrome/content/rules/Luxury_Custom_Wheels.xml
@@ -1,13 +1,19 @@
-<ruleset name="Luxury Custom Wheels">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://luxurycustomwheels.com/ => https://luxurycustomwheels.com/: (35, 'Unknown SSL protocol error in connection to luxurycustomwheels.com:443 ')
+Fetch error: http://www.luxurycustomwheels.com/ => https://www.luxurycustomwheels.com/: (35, 'Unknown SSL protocol error in connection to www.luxurycustomwheels.com:443 ')
+
+-->
+<ruleset name="Luxury Custom Wheels" default_off="failed ruleset test">
 
 	<target host="luxurycustomwheels.com" />
-	<target host="*.luxurycustomwheels.com" />
+	<target host="www.luxurycustomwheels.com" />
 
 
-	<securecookie host="^(?:.*\.)?luxurycustomwheels\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(www\.)?luxurycustomwheels\.com/"
-		to="https://$1luxurycustomwheels.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Luxury_Replica.xml b/src/chrome/content/rules/Luxury_Replica.xml
index 3ceef85335f0..f6ca93dac62e 100644
--- a/src/chrome/content/rules/Luxury_Replica.xml
+++ b/src/chrome/content/rules/Luxury_Replica.xml
@@ -1,13 +1,21 @@
-<ruleset name="Luxury Replica">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://luxuryreplica.net/ => https://luxuryreplica.net/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.luxuryreplica.net/ => https://www.luxuryreplica.net/: (28, 'Connection timed out after 20006 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://luxuryreplica.net/ => https://luxuryreplica.net/: (28, 'Connection timed out after 10000 milliseconds')
+-->
+<ruleset name="Luxury Replica" default_off="failed ruleset test">
 
 	<target host="luxuryreplica.net" />
-	<target host="*.luxuryreplica.net" />
+	<target host="www.luxuryreplica.net" />
 
 
 	<securecookie host="^\.luxuryreplica.net$" name=".+" />
 
 
-	<rule from="^http://(www\.)?luxuryreplica\.net/"
-		to="https://$1luxuryreplica.net/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Luzerner_Kantonalbank.xml b/src/chrome/content/rules/Luzerner_Kantonalbank.xml
deleted file mode 100644
index c093354a2c85..000000000000
--- a/src/chrome/content/rules/Luzerner_Kantonalbank.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<ruleset name="Luzerner Kantonalbank">
-    <target host="lukb.ch" />
-    <target host="*.lukb.ch" />
-
-    <securecookie host="^(.*\.)?lukb\.ch$" name=".+" />
-
-    <rule from="^https?://lukb\.ch/"
-        to="https://www.lukb.ch/"/>
-    <rule from="^http://([^/:@]+)?\.lukb\.ch/"
-        to="https://$1.lukb.ch/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Lxde.org.xml b/src/chrome/content/rules/Lxde.org.xml
new file mode 100644
index 000000000000..0f5cc0003922
--- /dev/null
+++ b/src/chrome/content/rules/Lxde.org.xml
@@ -0,0 +1,17 @@
+<!--
+	Nonfunctional hosts in *.lxde.org:
+		- lists.lxde.org redirects to NXDOMAIN
+-->
+<ruleset name="Lxde.org">
+	<target host="lxde.org" />
+	<target host="www.lxde.org" />
+	<target host="blog.lxde.org" />
+	<target host="git.lxde.org" />
+	<target host="wiki.lxde.org" />
+	<target host="pootle.lxde.org" />
+	<target host="forum.lxde.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Lyft.xml b/src/chrome/content/rules/Lyft.xml
index 49be69895b02..8e449ba822a9 100644
--- a/src/chrome/content/rules/Lyft.xml
+++ b/src/chrome/content/rules/Lyft.xml
@@ -24,7 +24,7 @@
 	<securecookie host="^lyft\.me$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?lyft\.me/"
+	<rule from="^http://(?:www\.)?lyft\.me/"
 		to="https://lyft.me/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/LyinComey.com.xml b/src/chrome/content/rules/LyinComey.com.xml
new file mode 100644
index 000000000000..ac7335cc9b8f
--- /dev/null
+++ b/src/chrome/content/rules/LyinComey.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="LyinComey.com">
+	<target host="lyincomey.com" />
+	<target host="www.lyincomey.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Lymo.fr.xml b/src/chrome/content/rules/Lymo.fr.xml
new file mode 100644
index 000000000000..15405ded50ff
--- /dev/null
+++ b/src/chrome/content/rules/Lymo.fr.xml
@@ -0,0 +1,11 @@
+<!--
+	Invalid certificate:
+		blog.lymo.fr
+
+-->
+<ruleset name="Lymo.fr">
+	<target host="lymo.fr" />
+	<target host="www.lymo.fr" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Lynch_Interactive.com.xml b/src/chrome/content/rules/Lynch_Interactive.com.xml
new file mode 100644
index 000000000000..5d0f1015956a
--- /dev/null
+++ b/src/chrome/content/rules/Lynch_Interactive.com.xml
@@ -0,0 +1,21 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://lynchinteractive.com/ => https://lynchinteractive.com/: Too many redirects while fetching 'https://lynchinteractive.com/'
+
+-->
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://lynchinteractive.com/ (200) => https://lynchinteractive.com/ (404)
+
+-->
+<ruleset name="Lynch Interactive.com" default_off="failed ruleset test">
+
+	<target host="lynchinteractive.com" />
+	<target host="www.lynchinteractive.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Lynda.com.xml b/src/chrome/content/rules/Lynda.com.xml
new file mode 100644
index 000000000000..e6c7f2e04516
--- /dev/null
+++ b/src/chrome/content/rules/Lynda.com.xml
@@ -0,0 +1,63 @@
+<!--
+	Nonfunctional hosts in *lynda.com:
+
+		- ios *
+
+	* 403
+
+
+	Problematic hosts in *lynda.com:
+
+		- files *
+		- files2 *
+		- flash *
+		- ios2 *
+		- ldcemailimages *
+
+	* Akamai
+
+
+	These altnames don't exist:
+
+		- quicktime.lynda.com
+
+-->
+<ruleset name="Lynda.com (partial)" platform="mixedcontent"><!-- Disabled due to #4072 and the amount of exclusions meaning it causes more problems than it solves -->
+
+	<!--	Direct rewrites:
+				-->
+	<target host="lynda.com" />
+	<target host="cdn.lynda.com" />
+	<target host="cdnstage.lynda.com" />
+	<target host="www.lynda.com" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.lynda\.com/(?:$|login/loginhelp\.aspx|support/$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.lynda\.com/+(?!(?:plans/renewal/select|promo/activatekey|registration/account)(?:$|[?/])|user/login/)" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.lynda.com/apps/ios" />
+			<test url="http://www.lynda.com/business" />
+			<test url="http://www.lynda.com/government" />
+			<test url="http://www.lynda.com/login/loginhelp.aspx" />
+			<test url="http://www.lynda.com/promo/trial/default.aspx" />
+			<test url="http://www.lynda.com/support/" />
+			<test url="http://www.lynda.com/support/contact.aspx" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.lynda.com/plans/registration/account?subscriptionId=1001" />
+			<test url="http://www.lynda.com/plans/renewal/select" />
+			<test url="http://www.lynda.com/promo/activatekey" />
+			<test url="http://www.lynda.com/user/login/modal" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Lynku.com.xml b/src/chrome/content/rules/Lynku.com.xml
index 3c7ee6f5a8a2..b99e9a0ccdf0 100644
--- a/src/chrome/content/rules/Lynku.com.xml
+++ b/src/chrome/content/rules/Lynku.com.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://images.lynku.com/ => https://shop.look.co.uk/: (7, 'Failed to connect to shop.look.co.uk port 443: Connection timed out')
+
 	CDN buckets:
 
 		- 843299975.r.cdn77.net
@@ -11,7 +15,7 @@
 		- images	(mismatched, CN: shop.look.co.uk)
 
 -->
-<ruleset name="Lynku.com (partial)">
+<ruleset name="Lynku.com (partial)" default_off="failed ruleset test">
 
 	<target host="images.lynku.com" />
 
@@ -19,4 +23,4 @@
 	<rule from="^http://images\.lynku\.com/"
 		to="https://shop.look.co.uk/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Lynxtech.xml b/src/chrome/content/rules/Lynxtech.xml
index f14d455db7eb..bb56478a916c 100644
--- a/src/chrome/content/rules/Lynxtech.xml
+++ b/src/chrome/content/rules/Lynxtech.xml
@@ -5,7 +5,7 @@
 	<target host="www.lynxtech.no" />
 
 
-	<rule from="^https?://(?:www\.)?lynxtech\.no/"
+	<rule from="^http://(?:www\.)?lynxtech\.no/"
 		to="https://lynxtech.no/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Lyris-mismatches.xml b/src/chrome/content/rules/Lyris-mismatches.xml
index 4a2a236ff19e..25922ead20c8 100644
--- a/src/chrome/content/rules/Lyris-mismatches.xml
+++ b/src/chrome/content/rules/Lyris-mismatches.xml
@@ -1,8 +1,7 @@
-<ruleset name="Lyris (mismatches)" default_off="mismatch">
+<ruleset name="Lyris (mismatches)" default_off="mismatched">
 
 	<target host="landing.lyris.com"/>
 
-	<rule from="^http://landing\.lyris\.com/"
-		to="https://landing.lyris.com/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Lyris.xml b/src/chrome/content/rules/Lyris.xml
index d10719d55a83..2266b31fb8f9 100644
--- a/src/chrome/content/rules/Lyris.xml
+++ b/src/chrome/content/rules/Lyris.xml
@@ -1,40 +1,49 @@
-<!--	Bucket at c307956.ssl.cf1.rackcdn.com
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://clicktracks.com/ => https://www.clicktracks.com/: (35, 'error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol')
+Fetch error: http://lyris.com/ => https://www.lyris.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.lyris.com'")
+Fetch error: http://lyrishq.com/ => https://www.lyris.com/blog: (51, "SSL: no alternative certificate subject name matches target host name 'www.lyris.com'")
+Fetch error: http://www.lyrishq.com/ => https://www.lyris.com/blog: (51, "SSL: no alternative certificate subject name matches target host name 'www.lyris.com'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://clicktracks.com/ => https://www.clicktracks.com/: (28, 'Connection timed out after 10000 milliseconds')
+Fetch error: http://lyris.com/ => https://www.lyris.com/: (28, 'Connection timed out after 10000 milliseconds')
+Fetch error: http://lyrishq.com/ => https://www.lyris.com/blog: (28, 'Connection timed out after 10000 milliseconds')
+Fetch error: http://www.lyrishq.com/ => https://www.lyris.com/blog: (28, 'Connection timed out after 10001 milliseconds')	Bucket at c307956.ssl.cf1.rackcdn.com
+
+
+	Other Lyris rulesets:
+
+		- Up0.net.xml
+
 -->
-<ruleset name="Lyris (partial)" platform="mixedcontent">
+<ruleset name="Lyris (partial)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="clicktracks.com" />
-	<target host="*.clicktracks.com" />
+	<target host="stats1.clicktracks.com" />
+	<target host="www.clicktracks.com" />
 	<target host="lyris.com"/>
-	<target host="*.lyris.com"/>
+	<target host="landing.lyris.com" />
+	<target host="www.lyris.com" />
 	<target host="lyrishq.com"/>
 	<target host="www.lyrishq.com"/>
-	<target host="up0.net"/>
-	<target host="*.up0.net"/>
 
 
-	<securecookie host="^(.*\.)?lyris\.com$" name=".*"/>
+	<securecookie host="^(?:.*\.)?lyris\.com$" name=".+" />
 
 
 	<!--	Cert only matches *.clicktracks.com.	-->
-	<rule from="^https?://clicktracks\.com/"
+	<rule from="^http://clicktracks\.com/"
 		to="https://www.clicktracks.com/" />
 
-	<rule from="^http://(stats1|www)\.clicktracks\.com/"
-		to="https://$1.clicktracks.com/" />
 
 	<rule from="^http://lyris\.com/"
 		to="https://www.lyris.com/"/>
 
-	<rule from="^http://(landing|www)\.lyris\.com/"
-		to="https://$1.lyris.com/"/>
 
 	<rule from="^http://(?:www\.)?lyrishq\.com/"
 		to="https://www.lyris.com/blog"/>
 
-	<rule from="^http://up0\.net/"
-		to="https://www.up0.net/"/>
-
-	<rule from="^http://(\w+)\.up0\.net/"
-		to="https://$1.up0.net/"/>
-
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Lyrk.de.xml b/src/chrome/content/rules/Lyrk.de.xml
new file mode 100644
index 000000000000..08dd1293bb4d
--- /dev/null
+++ b/src/chrome/content/rules/Lyrk.de.xml
@@ -0,0 +1,26 @@
+<!--
+	Mixed content:
+
+		- css on ^ from necolas.github.io *
+
+	* Secured by us, minimal effect
+
+-->
+<ruleset name="Lyrk.de">
+
+	<target host="lyrk.de" />
+	<target host="geodienste.lyrk.de" />
+	<target host="www.lyrk.de" />
+
+
+	<!--	 Not secured by server:
+					-->
+	<!--securecookie host="^geodienste\.lyrk\.de$" name="^session_id$" /-->
+
+	<securecookie host="^geodienste\.lyrk\.de$" name=".+" />
+
+
+	<rule from="^http://(?:(geodienste\.)|www\.)?lyrk\.de/"
+		to="https://$1lyrk.de/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/M-VG.de.xml b/src/chrome/content/rules/M-VG.de.xml
new file mode 100644
index 000000000000..cc0381bd2ca2
--- /dev/null
+++ b/src/chrome/content/rules/M-VG.de.xml
@@ -0,0 +1,33 @@
+<!--
+	Nonfunctional hosts in *m-vg.de:
+
+		- vorschau *
+
+	* 404
+
+
+	Insecure cookies are set for these hosts:
+
+		- m-vg.de
+		- www.m-vg.de
+
+-->
+<ruleset name="M-VG.de">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="m-vg.de" />
+	<target host="www.m-vg.de" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?m-vg\.de$" name="^csrftoken$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/M-W.co.uk.xml b/src/chrome/content/rules/M-W.co.uk.xml
index 5b93c09cf1a5..c1036b8ebf24 100644
--- a/src/chrome/content/rules/M-W.co.uk.xml
+++ b/src/chrome/content/rules/M-W.co.uk.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://m-w.co.uk/ => https://m-w.co.uk/: Too many redirects while fetching 'https://m-w.co.uk/'
+
 	Mixed content:
 
 		- Images on www from www *
@@ -13,13 +17,12 @@
 	* Secured by us
 
 -->
-<ruleset name="M-W.co.uk (false MCB)" platform="mixedcontent">
+<ruleset name="M-W.co.uk (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="m-w.co.uk" />
 	<target host="www.m-w.co.uk" />
 
 
-	<rule from="^http://(www\.)?m-w\.co\.uk/"
-		to="https://$1m-w.co.uk/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/M-and-T_Bank.xml b/src/chrome/content/rules/M-and-T_Bank.xml
index 453511cb86a5..f54c72baa872 100644
--- a/src/chrome/content/rules/M-and-T_Bank.xml
+++ b/src/chrome/content/rules/M-and-T_Bank.xml
@@ -14,7 +14,10 @@
 
 	<target host="onlinebanking.mandtbank.com" />
 	<target host="mtb.com" />
-	<target host="*.mtb.com" />
+	<target host="www.mtb.com" />
+	<target host="applynow.mtb.com" />
+	<target host="services.mtb.com" />
+	<target host="webmail.mtb.com" />
 	<target host="mandtbank.spatialpoint.com" />
 
 
@@ -22,16 +25,11 @@
 	<securecookie host="^.*\.mtb\.com$" name=".+" />
 
 
-	<rule from="^http://onlinebanking\.mandtbank\.com/"
-		to="https://onlinebanking.mandtbank.com/" />
 
-	<rule from="^https?://(?:www\.)?mtb\.com/"
+	<rule from="^http://(?:www\.)?mtb\.com/"
 		to="https://www.mtb.com/" />
 
-	<rule from="^http://(applynow|services|webmail)\.mtb\.com/"
-		to="https://$1.mtb.com/" />
 
-	<rule from="^http://mandtbank\.spatialpoint\.com/"
-		to="https://mandtbank.spatialpoint.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/M-net.de.xml b/src/chrome/content/rules/M-net.de.xml
deleted file mode 100644
index a9d68feda0d4..000000000000
--- a/src/chrome/content/rules/M-net.de.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="M-net.de">
-<target host="www.m-net.de"/>
-<target host="m-net.de"/>
-<rule from="^http://(www\.)?m-net\.de/" to="https://www.m-net.de/"/>
-</ruleset>
- 
diff --git a/src/chrome/content/rules/M-pathy.xml b/src/chrome/content/rules/M-pathy.xml
index 33d16df76c35..04f45723f3d3 100644
--- a/src/chrome/content/rules/M-pathy.xml
+++ b/src/chrome/content/rules/M-pathy.xml
@@ -10,7 +10,8 @@
 <ruleset name="m-pathy (partial)">
 
 	<target host="m-pathy.com" />
-	<target host="*.m-pathy.com" />
+	<target host="www.m-pathy.com" />
+	<target host="cdn.m-pathy.com" />
 
 
 	<rule from="^http://(?:www\.)?m-pathy\.com/(css/|favicon\.ico|images/|questionnaire/|sf/|user/)"
@@ -19,4 +20,4 @@
 	<rule from="^http://cdn\.m-pathy\.com/"
 		to="https://cdn.m-pathy.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/M-privacy.xml b/src/chrome/content/rules/M-privacy.xml
index a767c0e33511..c20c2bf48e62 100644
--- a/src/chrome/content/rules/M-privacy.xml
+++ b/src/chrome/content/rules/M-privacy.xml
@@ -1,13 +1,18 @@
 <ruleset name="m-privacy">
 
 	<target host="m-privacy.de" />
+	<target host="git.m-privacy.de" />
+	<target host="rsbac.m-privacy.de" />
 	<target host="www.m-privacy.de" />
 
 
-	<securecookie host="^www\.m-privacy\.de$" name=".*" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^rsbac\.m-privacy\.de$" name="^DokuWiki$" /-->
 
+	<securecookie host="^(?:rsbac|www)\.m-privacy\.de$" name=".+" />
 
-	<rule from="^http://(www\.)?m-privacy\.de/"
-		to="https://$1m-privacy.de/" />
+
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/M2fjob.com.xml b/src/chrome/content/rules/M2fjob.com.xml
deleted file mode 100644
index 6a58a340efa9..000000000000
--- a/src/chrome/content/rules/M2fjob.com.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="M2fjob.com" default_off="Breaks login functionality">
-  <target host="m2fjob.com" />
-  <target host="www.m2fjob.com" />
-
-  <rule from="^http://(www\.)?m2fjob\.com/" to="https://www.m2fjob.com/" />
-</ruleset>
diff --git a/src/chrome/content/rules/M2pub.com.xml b/src/chrome/content/rules/M2pub.com.xml
deleted file mode 100644
index 156ab9967b9c..000000000000
--- a/src/chrome/content/rules/M2pub.com.xml
+++ /dev/null
@@ -1,44 +0,0 @@
-<!--
-	For other Matomy Media coverage, see Matomy-Media.xml.
-
-
-	CDN buckets:
-
-		- ads.adk2.com
-
-			- s
-
-		- d3vg9hiogk70qz.cloudfront.net
-
-			creative
-
-
-	Problematic subdomains:
-
-		- creative	(cloudfront)
-		- s		(works; mismatched, CN: ads.adk2.com)
-
-
-	Fully covered subdomains:
-
-		- creative	(→ d3vg9hiogk70qz.cloudfront.net)
-		- s		(→ ads.adk2.com)
-
-
-	(www.)m2pub.com doesn't exist.
-
-	Ads and web bugs.
-
--->
-<ruleset name="M2pub.com">
-
-	<target host="*.m2pub.com" />
-
-
-	<rule from="^http://creative\.m2pub\.com/"
-		to="https://d3vg9hiogk70qz.cloudfront.net/" />
-
-	<rule from="^http://s\.m2pub\.com/"
-		to="https://ads.adk2.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/M3Server.com.xml b/src/chrome/content/rules/M3Server.com.xml
new file mode 100644
index 000000000000..8fbf253a72e7
--- /dev/null
+++ b/src/chrome/content/rules/M3Server.com.xml
@@ -0,0 +1,33 @@
+<!--
+	Other M3Server rulesets:
+
+		- M3xs.net.xml
+
+
+	Problematic hosts in *m3server.com:
+
+		- blog *
+
+	* Mismatched
+
+
+	Mixed content:
+
+		- Image on blog from www.m3server.com *
+
+	* Secured by us
+
+-->
+<ruleset name="M3Server.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="m3server.com" />
+	<!--target host="blog.m3server.com" /-->
+	<target host="www.m3server.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/M3xs.net.xml b/src/chrome/content/rules/M3xs.net.xml
new file mode 100644
index 000000000000..54148b562bdc
--- /dev/null
+++ b/src/chrome/content/rules/M3xs.net.xml
@@ -0,0 +1,27 @@
+<!--
+	For other M3Server coverage, see M3Server.com.xml.
+
+
+	Insecure cookies are set for these hosts:
+
+		- my.m3xs.net
+
+-->
+<ruleset name="M3xs.net">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="my.m3xs.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^my\.m3xs\.net$" name="^WHMCS[a-zA-Z]+$" /-->
+
+	<securecookie host="^my\.m3xs\.net$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/M6R.fr.xml b/src/chrome/content/rules/M6R.fr.xml
new file mode 100644
index 000000000000..673d2397c6a4
--- /dev/null
+++ b/src/chrome/content/rules/M6R.fr.xml
@@ -0,0 +1,28 @@
+<!--
+	Mouvement 6e République
+
+
+	Fully covered hosts *m6r.fr:
+
+		- (www.)?
+		- financement
+
+
+	These altnames don't exist:
+
+		- www.financement.m6r.fr
+
+-->
+<ruleset name="M6R.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="m6r.fr" />
+	<target host="financement.m6r.fr" />
+	<target host="www.m6r.fr" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/M6r.eu.xml b/src/chrome/content/rules/M6r.eu.xml
new file mode 100644
index 000000000000..8d252ce68478
--- /dev/null
+++ b/src/chrome/content/rules/M6r.eu.xml
@@ -0,0 +1,29 @@
+<!--
+	Fully covered hosts in *m6r.eu:
+
+		- tracking
+
+
+	Insecure cookies are set for these domains:
+
+		- .m6r.eu
+
+-->
+<ruleset name="m6r.eu">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="tracking.m6r.eu" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.m6r\.eu$" name="^id$" /-->
+
+	<securecookie host="^\.m6r\.eu$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MA-General-Hospital-OCD.xml b/src/chrome/content/rules/MA-General-Hospital-OCD.xml
index feb76006c423..edc0e5cb4422 100644
--- a/src/chrome/content/rules/MA-General-Hospital-OCD.xml
+++ b/src/chrome/content/rules/MA-General-Hospital-OCD.xml
@@ -2,5 +2,5 @@
 	<target host="mghocd.org" />
 	<target host="www.mghocd.org" />
 
-	<rule from="^http://(www\.)?mghocd\.org/" to="https://mghocd.org/" />
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MAA.org.xml b/src/chrome/content/rules/MAA.org.xml
new file mode 100644
index 000000000000..854afe0ebaca
--- /dev/null
+++ b/src/chrome/content/rules/MAA.org.xml
@@ -0,0 +1,28 @@
+<!--
+	Invalid Certificate:
+		calculuscourse.maa.org
+		eulerarchive.maa.org
+		jmobile.maa.org
+		sections.maa.org
+		sigmaa.maa.org
+		www.p.maa.org
+		www.courses1.webwoek.maa.org
+	Unable to Connect:
+		webwork.maa.org
+	Cloudflare Error (Server is down):
+		mathcareers.maa.org
+	Secure Connection Failed:
+		mail.maa.org
+-->
+<ruleset name="MAA.org">
+	<target host="maa.org" />
+	<target host="www.maa.org" />
+	<target host="cupm.maa.org" />
+	<target host="lmathdl.maa.org" />
+	<target host="section.maa.org" />
+	<target host="store.maa.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MAAWG.xml b/src/chrome/content/rules/MAAWG.xml
index c48962b7cca3..42ef5863dbcf 100644
--- a/src/chrome/content/rules/MAAWG.xml
+++ b/src/chrome/content/rules/MAAWG.xml
@@ -2,5 +2,5 @@
   <target host="maawg.org" />
   <target host="www.maawg.org" />
 
-  <rule from="^http://(www\.)?maawg\.org/" to="https://$1maawg.org/" />
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/MAC_Paper.com.xml b/src/chrome/content/rules/MAC_Paper.com.xml
index aeb0efe55849..5f715035742c 100644
--- a/src/chrome/content/rules/MAC_Paper.com.xml
+++ b/src/chrome/content/rules/MAC_Paper.com.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://macpaper.com/ => https://secure.macpaper.com/: (51, "SSL: no alternative certificate subject name matches target host name 'secure.macpaper.com'")
+
 	Nonfunctional subdomains:
 
 		- blog		(shows w3; mismatched, CN: w3.ts.iohost.com)
@@ -16,16 +20,17 @@
 	* Secured by us
 
 -->
-<ruleset name="MAC Paper.com (partial)">
+<ruleset name="MAC Paper.com (partial)" default_off="failed ruleset test">
 
 	<target host="macpaper.com" />
-	<target host="*.macpaper.com" />
+	<target host="secure.macpaper.com" />
+	<target host="www.macpaper.com" />
 
 
 	<securecookie host="^secure\.macpaper\.com$" name=".+" />
 
 
-	<rule from="^http://(secure\.|www\.)?macpaper\.com/"
+	<rule from="^http://(?:secure\.|www\.)?macpaper\.com/"
 		to="https://secure.macpaper.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/MADD-California.xml b/src/chrome/content/rules/MADD-California.xml
index 0ddfbaac0265..50d7e3611b3f 100644
--- a/src/chrome/content/rules/MADD-California.xml
+++ b/src/chrome/content/rules/MADD-California.xml
@@ -1,6 +1,13 @@
-<ruleset name="MADD California">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://maddcalifornia.org/ => https://www.maddcalifornia.org/: (35, 'Unknown SSL protocol error in connection to www.maddcalifornia.org:443 ')
+Fetch error: http://www.maddcalifornia.org/ => https://www.maddcalifornia.org/: (35, 'Unknown SSL protocol error in connection to www.maddcalifornia.org:443 ')
+
+-->
+<ruleset name="MADD California" default_off="failed ruleset test">
 	<target host="maddcalifornia.org" />
 	<target host="www.maddcalifornia.org" />
 
 	<rule from="^http://(?:www\.)?maddcalifornia\.org/" to="https://www.maddcalifornia.org/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MAGIX-Online.com.xml b/src/chrome/content/rules/MAGIX-Online.com.xml
new file mode 100644
index 000000000000..691c660e4613
--- /dev/null
+++ b/src/chrome/content/rules/MAGIX-Online.com.xml
@@ -0,0 +1,28 @@
+<!--
+	For other MAGIX coverage, see MAGIX.xml.
+
+-->
+<ruleset name="MAGIX-Online.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="magix-online.com" />
+	<target host="www.magix-online.com" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.magix-online\.com/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.magix-online\.com/+(?!themes/|uploads/)" />
+
+			<test url="http://www.magix-online.com/tr/" />
+			<test url="http://www.magix-online.com/uk/help-support.1499.html" />
+			<test url="http://www.magix-online.com/uk/website-maker/offers-prices.2611.html" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MAGIX.info.xml b/src/chrome/content/rules/MAGIX.info.xml
new file mode 100644
index 000000000000..44162e79e96b
--- /dev/null
+++ b/src/chrome/content/rules/MAGIX.info.xml
@@ -0,0 +1,16 @@
+<!--
+	For other MAGIX coverage, see MAGIX.xml.
+
+-->
+<ruleset name="MAGIX.info">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="magix.info" />
+	<target host="www.magix.info" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MAGIX.xml b/src/chrome/content/rules/MAGIX.xml
index 59d000569a1b..d01944f8b6f0 100644
--- a/src/chrome/content/rules/MAGIX.xml
+++ b/src/chrome/content/rules/MAGIX.xml
@@ -1,49 +1,78 @@
-<!--	!functional:
-		- cms.content.magix.net
+<!--
+	Other MAGIX rulesets:
+
+		- Catooh.com.xml
+		- MAGIX.info.xml
+		- MAGIX-Online.com.xml
+		- Mufin.com.xml
+		- Mygoya.de.xml
+		- XCDN.co.xml
+		- Xara.com.xml
+		- Xara_online.com.xml
+
+
+	Nonfunctional hosts in *magix.com:
+
+		- pro *
+
+	* Redirects to pro.../$
+
 -->
-<ruleset name="MAGIX (partial)" platform="mixedcontent">
-
-	<target host="catooh.com"/>
-	<target host="www.catooh.com"/>
-	<target host="magix.com"/>
-	<target host="*.magix.com"/>
-	<target host="magix.info"/>
-	<target host="www.magix.info"/>
-	<target host="magix-online.com"/>
-	<target host="www.magix-online.com"/>
-	<target host="mufin.com"/>
-	<target host="www.mufin.com"/>
-	<target host="mygoya.de"/>
-	<target host="www.mygoya.de"/>
-	<target host="service.xara.com"/>
-	<target host="app.xaraonline.com"/>
-	<target host="secure.xaraonline.com"/>
-
-	<rule from="^http://(www\.)?catooh\.com/(catoohthumb\d\d/|html/|magix/|themes/)"
-		to="https://$1catooh.com/$2"/>
-
-	<rule from="^http://(www\.)?magix\.com/(clear\.gif|fileadmin/|typo3temp/)"
-		to="https://$1magix.com/$2"/>
-
-	<rule from="^http://s(hop|upport2)\.magix\.com/"
-		to="https://s$1.magix.com/"/>
-
-	<rule from="^http://(www\.)?magix\.info/(\w\w)/(courses/|favicon\.ico|forum|knowledge|local/|media/|mcpool01/|media|member|online-training|pages/|performance-check|[\w\-\.]+\.\d+\.html)"
-		to="https://$1magix.info/$2/$3"/>
-
-	<rule from="^http://(www\.)?magix-online\.com/(theme|upload)s/"
-		to="https://$1magix-online.com/$2s/"/>
-
-	<rule from="^http://(www\.)?mufin\.com/(css/|favicon\.ico|images/|\w\w/(login|register))"
-		to="https://$1mufin.com/$2"/>
-
-	<rule from="^http://(www\.)?mygoya\.de/(favicon\.ico|themes/|\w\w/(anmelden\.13\|login\.18)\.html)"
-		to="https://$1mygoya.de/$2"/>
-
-	<rule from="^http://service\.xara\.com/"
-		to="https://service.xara.com/"/>
-
-	<rule from="^http://(?:app|secure)\.xaraonline\.com/"
-		to="https://secure.xaraonline.com/"/>
+<ruleset name="MAGIX.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="magix.com" />
+	<target host="content.magix.com" />
+	<target host="education.magix.com" />
+	<target host="magazine.magix.com" />
+	<target host="shop.magix.com" />
+	<target host="support2.magix.com" />
+	<target host="www.magix.com" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://magazine\.magix\.com/\w\w/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://magazine\.magix\.com/+(?!\w\w/+wp-content/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://magazine.magix.com/en/" />
+			<test url="http://magazine.magix.com/en/about/" />
+			<test url="http://magazine.magix.com/en/archive/" />
+			<test url="http://magazine.magix.com/en/category/common/" />
+			<test url="http://magazine.magix.com/en/category/web/" />
+
+			<!--	-ve:
+					-->
+			<test url="http://magazine.magix.com/en/wp-content/uploads/sites/3/2014/03/magazine_logo_int2.png" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://(?:www\.)?magix\.com/\w\w/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://(?:www\.)?magix\.com/+(?!clear\.gif|fileadmin/|typo3temp/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.magix.com/us/" />
+			<test url="http://www.magix.com/us/support/" />
+			<test url="http://www.magix.com/us/video/" />
+			<test url="http://www.magix.com/us/products/" />
+			<test url="http://www.magix.com/us/photo-graphic/" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.magix.com/clear.gif" />
+			<test url="http://www.magix.com/fileadmin/fe/images/logos/magix.png" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/MARC.info.xml b/src/chrome/content/rules/MARC.info.xml
deleted file mode 100644
index 35bc758eaaed..000000000000
--- a/src/chrome/content/rules/MARC.info.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	CN: localhost
-
--->
-<ruleset name="MARC.info" default_off="self-signed">
-
-	<target host="marc.info" />
-	<target host="www.marc.info" />
-
-
-	<rule from="^http://(?:www\.)?marc\.info/"
-		to="https://marc.info/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/MARE-system.de.xml b/src/chrome/content/rules/MARE-system.de.xml
new file mode 100644
index 000000000000..3745e3bde58d
--- /dev/null
+++ b/src/chrome/content/rules/MARE-system.de.xml
@@ -0,0 +1,27 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.mare-system.de/ => https://www.mare-system.de/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://mare-system.de/ => https://www.mare-system.de/: (60, 'SSL certificate problem: certificate has expired')
+
+	^: Cert only matches www
+
+-->
+<ruleset name="MARE-system.de" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.mare-system.de" />
+
+	<!--	Complications:
+				-->
+	<target host="mare-system.de" />
+
+
+	<rule from="^http://mare-system\.de/"
+		to="https://www.mare-system.de/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MARSocial.com.xml b/src/chrome/content/rules/MARSocial.com.xml
new file mode 100644
index 000000000000..12681362aea1
--- /dev/null
+++ b/src/chrome/content/rules/MARSocial.com.xml
@@ -0,0 +1,39 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://marsocial.com/ => https://marsocial.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.marsocial.com/ => https://www.marsocial.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+	Insecure cookies are set for these domains and hosts:
+
+		- marsocial.com
+		- .marsocial.com
+
+
+	Mixed content:
+
+		- Ads from ads-by.yieldselect.com *
+
+	* Not secured by us <= missing certificate chain
+
+-->
+<ruleset name="MARSocial.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="marsocial.com" />
+	<target host="www.marsocial.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^marsocial\.com$" name="^(invite-anyone|wfvt_\d+)$" /-->
+	<!--securecookie host="^\.marsocial\.com$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.?marsocial\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MASSPIRG.xml b/src/chrome/content/rules/MASSPIRG.xml
index d3579a4107d2..09874dd763ed 100644
--- a/src/chrome/content/rules/MASSPIRG.xml
+++ b/src/chrome/content/rules/MASSPIRG.xml
@@ -17,4 +17,4 @@
 	<rule from="^http://(?:www\.)?masspirg\.org/"
 		to="https://masspirg.org/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MASSPIRG_Education_Fund.xml b/src/chrome/content/rules/MASSPIRG_Education_Fund.xml
index d1b75dbf77e6..5d4732615273 100644
--- a/src/chrome/content/rules/MASSPIRG_Education_Fund.xml
+++ b/src/chrome/content/rules/MASSPIRG_Education_Fund.xml
@@ -14,4 +14,4 @@
 	<rule from="^http://(?:www\.)?masspirgedfund\.org/"
 		to="https://masspirgedfund.org/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MASSPIRG_Students.xml b/src/chrome/content/rules/MASSPIRG_Students.xml
index 44e8658438f6..034b315025c1 100644
--- a/src/chrome/content/rules/MASSPIRG_Students.xml
+++ b/src/chrome/content/rules/MASSPIRG_Students.xml
@@ -14,4 +14,4 @@
 	<rule from="^http://(?:www\.)?masspirgstudents\.org/"
 		to="https://masspirgstudents.org/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MATE-Desktop.xml b/src/chrome/content/rules/MATE-Desktop.xml
new file mode 100644
index 000000000000..cbd579072306
--- /dev/null
+++ b/src/chrome/content/rules/MATE-Desktop.xml
@@ -0,0 +1,55 @@
+<!--
+	Timeout on both http and https:
+		forums.mate-desktop.*
+		ml.mate-desktop.*
+		paste.mate-desktop.*
+		repo.mate-desktop.*
+
+	Connection refused on https:
+		mx1.mate-desktop.*
+
+	Mixed content:
+		Images from mate-desktop.org on planet.mate-desktop.*
+
+	http redirect:
+		www.mate-desktop.* to mate-desktop.org
+	* = (org|com|co|info|net)
+-->
+<ruleset name="MATE Desktop">
+	<target host="mate-desktop.org" />
+	<target host="www.mate-desktop.org" />
+	<target host="git.mate-desktop.org" />
+	<target host="planet.mate-desktop.org" />
+	<target host="pub.mate-desktop.org" />
+	<target host="wiki.mate-desktop.org" />
+	<!-- .com -->
+	<target host="mate-desktop.com" />
+	<target host="www.mate-desktop.com" />
+	<target host="git.mate-desktop.com" />
+	<target host="planet.mate-desktop.com" />
+	<target host="pub.mate-desktop.com" />
+	<target host="wiki.mate-desktop.com" />
+	<!-- .co -->
+	<target host="mate-desktop.co" />
+	<target host="www.mate-desktop.co" />
+	<target host="git.mate-desktop.co" />
+	<target host="planet.mate-desktop.co" />
+	<target host="pub.mate-desktop.co" />
+	<target host="wiki.mate-desktop.co" />
+	<!-- .info -->
+	<target host="mate-desktop.info" />
+	<target host="www.mate-desktop.info" />
+	<target host="git.mate-desktop.info" />
+	<target host="planet.mate-desktop.info" />
+	<target host="pub.mate-desktop.info" />
+	<target host="wiki.mate-desktop.info" />
+	<!-- .net -->
+	<target host="mate-desktop.net" />
+	<target host="www.mate-desktop.net" />
+	<target host="git.mate-desktop.net" />
+	<target host="planet.mate-desktop.net" />
+	<target host="pub.mate-desktop.net" />
+	<target host="wiki.mate-desktop.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MAXROAM.xml b/src/chrome/content/rules/MAXROAM.xml
index 0bac73aa668b..eb7106dc6b69 100644
--- a/src/chrome/content/rules/MAXROAM.xml
+++ b/src/chrome/content/rules/MAXROAM.xml
@@ -1,7 +1,8 @@
 <ruleset name="MAXROAM (partial)">
 
 	<target host="maxroam.com" />
-	<target host="*.maxroam.com" />
+	<target host="www.maxroam.com" />
+	<target host="hostels.maxroam.com" />
 
 
 	<!--	Some pages redirect to http.	-->
diff --git a/src/chrome/content/rules/MAZDA_Web_Members.xml b/src/chrome/content/rules/MAZDA_Web_Members.xml
index 669ab5644e95..180407254d96 100644
--- a/src/chrome/content/rules/MAZDA_Web_Members.xml
+++ b/src/chrome/content/rules/MAZDA_Web_Members.xml
@@ -1,9 +1,14 @@
-<ruleset name="MAZDA Web Members">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.m-wm.com/ => https://www.m-wm.com/: (6, 'Could not resolve host: www.m-wm.com')
+
+-->
+<ruleset name="MAZDA Web Members" default_off="failed ruleset test">
 
 	<target host="www.m-wm.com" />
 
 
-	<rule from="^http://www\.m-wm\.com/"
-		to="https://www.m-wm.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MB-Detox.xml b/src/chrome/content/rules/MB-Detox.xml
index d58d10fe0f5f..374288e4da2d 100644
--- a/src/chrome/content/rules/MB-Detox.xml
+++ b/src/chrome/content/rules/MB-Detox.xml
@@ -3,7 +3,6 @@
 	<target host="mbdetox.com" />
 	<target host="www.mbdetox.com" />
 
-	<rule from="^http://(www\.)?mbdetox\.com/"
-		to="https://$1mbdetox.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/MBC-Karlsruhe.de.xml b/src/chrome/content/rules/MBC-Karlsruhe.de.xml
new file mode 100644
index 000000000000..f56fb2b00404
--- /dev/null
+++ b/src/chrome/content/rules/MBC-Karlsruhe.de.xml
@@ -0,0 +1,8 @@
+<ruleset name="MBC-Karlsruhe.de">
+
+	<target host="mbc-karlsruhe.de" />
+	<target host="www.mbc-karlsruhe.de" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MBSportsWeb.xml b/src/chrome/content/rules/MBSportsWeb.xml
index 682ba6afd753..723ace1146cf 100644
--- a/src/chrome/content/rules/MBSportsWeb.xml
+++ b/src/chrome/content/rules/MBSportsWeb.xml
@@ -14,7 +14,7 @@
 	<target host="mbsportsweb.ca" />
 	<target host="www.mbsportsweb.ca" />
 	<target host="mbsportsweb.com" />
-	<target host="*.mbsportsweb.com" />
+	<target host="www.mbsportsweb.com" />
 
 
 	<securecookie host="^\.mbsportsweb\.com$" name=".+" />
@@ -23,4 +23,4 @@
 	<rule from="^http://(www\.)?mbsportsweb\.c(?:a|om)/"
 		to="https://$1mbsportsweb.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MBank.xml b/src/chrome/content/rules/MBank.xml
index 688add1bae04..71a3903a42b4 100644
--- a/src/chrome/content/rules/MBank.xml
+++ b/src/chrome/content/rules/MBank.xml
@@ -1,45 +1,110 @@
+
 <!--
-	Problematic:
+Disabled by https-everywhere-checker because:
+Fetch error: http://ssl1.mbank.pl/ => https://ssl1.mbank.pl/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 
-		- mbank.com.pl
-			- Presents cert for ssl.mbank.com.pl.
-			- Redirects to www.mbank.pl via http.
+	Nonfunctional:
 
-		- media.mbank.eu
-			- Presents cert for secure.netpr.pl.
-		- mbank.cz
-			- Presents cert for ssl.mbank.com.pl.
-			- Redirects to www.mbank.cz via http.
+		- mbank.com.pl ¹
+		- analyzer.mbank.pl ¹
+		- demo.mbank.cz ¹
+		- demo.mbank.sk ¹
+		- ebics.mbank.pl ¹
+		- guest-wlan.mbank.pl ¹
+		- info.mbank.cz ¹
+		- info.mbank.sk ¹
+		- lyncdiscover.partners.mbank.cz ¹
+		- lyncdiscover.partners.mbank.pl ¹
+		- lyncdiscover.partners.mbank.sk ¹
+		- lyncdiscover.sprzedaz.mbank.pl ¹
+		- market.mbank.pl ¹
+		- media.mbank.pl ¹
+		- mokazje.mbank.pl ¹
+		- m.rrev.mbank.pl ¹
+		- novedemo.mbank.cz ¹
+		- novedemo.mbank.sk ¹
+		- partners.mbank.cz ¹
+		- partners.mbank.pl ¹
+		- partners.mbank.sk ¹
+		- projekt40.mbank.pl ¹
+		- raportroczny2013.mbank.pl ¹
+		- raportroczny.mbank.pl ¹
+		- sip.partners.mbank.cz ¹
+		- sip.partners.mbank.pl ¹
+		- sip.partners.mbank.sk ¹
+		- sip.sprzedaz.mbank.pl ¹
+		- sprzedaz.mbank.pl ¹
+		- ssl2.mbank.pl ¹
+		- webconf.mbank.pl ¹
+		- www.analyzer.mbank.pl ¹
+		- www.companynet.mbank.pl ¹
+		- www.nowedemo.mbank.pl ¹
+		- www.nowy.mbank.pl ¹
+		- www.off-festival.mbank.pl ¹
 
-		- ssl.mbank.com.pl
-			- Displays blank page via https.
+	¹ Refused
 
+	Problematic:
 
+		- media.mbank.eu
+			- Presents cert for secure.netpr.pl.
 -->
-<ruleset name="mBank (partial)">
+<ruleset name="mBank (partial)" default_off="failed ruleset test">
 
+	<target host="mbank.cz"/>
+	<target host="mbank.pl"/>
+	<target host="mbank.sk"/>
+	<target host="www.mbank.com.pl"/>
+	<target host="www.mbank.cz"/>
+	<target host="www.mbank.pl"/>
+	<target host="www.mbank.sk"/>
+	<target host="3dsecure-korporacje.mbank.pl"/>
+	<target host="3dsecure.mbank.cz"/>
+	<target host="3dsecure.mbank.pl"/>
+	<target host="3dsecure.mbank.sk"/>
+	<target host="box.mbank.pl"/>
+	<target host="companynet.mbank.pl"/>
 	<target host="cz.mbank.eu"/>
 	<target host="form.cz.mbank.eu"/>
-	<target host="sk.mbank.eu"/>
-	<target host="form.sk.mbank.eu"/>
 	<target host="form.mbank.com.pl"/>
-	<!--target host="ssl.mbank.com.pl"/-->
-	<target host="www.mbank.com.pl"/>
-
-
-	<securecookie host="^(cz|sk)\.mbank\.eu$" name=".*"/>
-
+	<target host="form.mbank.cz"/>
+	<target host="form.mbank.pl"/>
+	<target host="form.mbank.sk"/>
+	<target host="form.sk.mbank.eu"/>
+	<target host="join.mbank.pl"/>
+	<target host="lajt.mbank.pl"/>
+	<target host="lyncdiscover.mbank.cz"/>
+	<target host="lyncdiscover.mbank.pl"/>
+	<target host="lyncdiscover.mbank.sk"/>
+	<target host="m.companynet.mbank.pl"/>
+	<target host="m.mbank.cz"/>
+	<target host="m.mbank.pl"/>
+	<target host="m.mbank.sk"/>
+	<target host="mra.mbank.pl"/>
+	<target host="mt.companynet.mbank.pl"/>
+	<target host="news.companynet.mbank.pl"/>
+	<target host="online.mbank.cz"/>
+	<target host="online.mbank.pl"/>
+	<target host="online.mbank.sk"/>
+	<target host="p1.mail.mbank.pl"/>
+	<target host="platby.mbank.cz"/>
+	<target host="platby.mbank.sk"/>
+	<target host="przelewy.mbank.pl"/>
+	<target host="sip.mbank.cz"/>
+	<target host="sip.mbank.pl"/>
+	<target host="sip.mbank.sk"/>
+	<target host="sk.mbank.eu"/>
+	<target host="ssl1.mbank.pl"/>
+	<target host="webapps.mbank.pl"/>
+	<target host="webext.mbank.pl"/>
+	<target host="ws.companynet.mbank.pl"/>
+	<target host="www.badania.mbank.pl"/>
+	<target host="zakupy.mbank.pl"/>
 
-	<rule from="^http://(form\.)?(cz|sk)\.mbank\.eu/"
-		to="https://$1$2.mbank.eu/"/>
+	<securecookie host="^(?:cz|sk)\.mbank\.eu$" name=".+" />
 
-	<!--	http://pavelmachek.livejournal.com/105225.html
-		Shows a blank page atm...
-		Redirects to www.mbank.pl over http.
-	<rule from="^http://ssl\.mbank\.com\.pl/"
-		to="https://ssl.mbank.com.pl/"/-->
 
-	<rule from="^http://(form|www)\.mbank\.com\.pl/"
-		to="https://$1.mbank.com.pl/"/>
+	<rule from="^http:"
+		to="https:"/>
 
 </ruleset>
diff --git a/src/chrome/content/rules/MBnet.xml b/src/chrome/content/rules/MBnet.xml
index 5f25ec168bc1..662fcb9f89ee 100644
--- a/src/chrome/content/rules/MBnet.xml
+++ b/src/chrome/content/rules/MBnet.xml
@@ -1,10 +1,61 @@
-<ruleset name="MBnet">
 
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://mbi.mbnet.fi/ => https://mbi.mbnet.fi/: (7, 'Failed to connect to mbi.mbnet.fi port 443: Connection refused')
+Fetch error: http://webmail.mbnet.fi/ => https://webmail.mbnet.fi/: (7, 'Failed to connect to webmail.mbnet.fi port 443: Connection refused')
+
+	^mbnet.fi: Refused
+
+
+	Insecure cookies are set for these hosts:
+
+		- mbi.mbnet.fi
+		- webmail.mbnet.fi
+
+-->
+<ruleset name="MBnet.fi (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="mbi.mbnet.fi" />
+	<target host="webmail.mbnet.fi" />
+	<target host="www.mbnet.fi" />
+
+	<!--	Complications:
+				-->
 	<target host="mbnet.fi" />
-	<target host="*.mbnet.fi" />
 
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.mbnet\.fi/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.mbnet\.fi/+(?!images/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.mbnet.fi/hintaseuranta" />
+			<test url="http://www.mbnet.fi/mbinternet" />
+			<test url="http://www.mbnet.fi/selainpelit/category/all/order/most-played" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.mbnet.fi/images/home.png" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^mbi\.mbnet\.fi$" name="^ASPSESSIONID[A-Z]{8}$" /-->
+	<!--securecookie host="^webmail\.mbnet\.fi$" name="^SQMSESSID$" /-->
+
+	<securecookie host="^(?:mbi|webmail)\.mbnet\.fi$" name=".+" />
+
+
+	<rule from="^http://mbnet\.fi/"
+		to="https://www.mbnet.fi/" />
 
-	<rule from="^http://(mbi\.|webmail\.|www\.)?mbnet\.fi/"
-		to="https://$1mbnet.fi/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/MBusa.com.xml b/src/chrome/content/rules/MBusa.com.xml
index 35a7a0b764f2..5d581817e2e6 100644
--- a/src/chrome/content/rules/MBusa.com.xml
+++ b/src/chrome/content/rules/MBusa.com.xml
@@ -12,20 +12,42 @@
 		- (www.)	(^ → www)
 		- stage
 
+
+	Insecure cookies are set for these hosts:
+
+		- www.mbusa.com
+
+
+	Mixed content:
+
+		- Images on www from $self *
+
+	* Secured by us
+
 -->
 <ruleset name="MBusa.com">
 
+	<!--	Direct rewrites:
+				-->
+	<target host="stage.mbusa.com" />
+	<target host="www.mbusa.com" />
+
+	<!--	Complications:
+				-->
 	<target host="mbusa.com" />
-	<target host="*.mbusa.com" />
 
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.mbusa\.com$" name="WAS8\.mbusaprod-BGN\.sticky\.prod-81$" /-->
+
 	<securecookie host="^(?:stage|www)?\.mbusa\.com$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?mbusa\.com/"
+	<rule from="^http://mbusa\.com/"
 		to="https://www.mbusa.com/" />
 
-	<rule from="^http://stage\.mbusa\.com/"
-		to="https://stage.mbusa.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MBuy.com.xml b/src/chrome/content/rules/MBuy.com.xml
index f9d0e963f9ef..d2d967c4e02f 100644
--- a/src/chrome/content/rules/MBuy.com.xml
+++ b/src/chrome/content/rules/MBuy.com.xml
@@ -1,10 +1,14 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://app.mbuy.com/ => https://app.mbuy.com/: (7, 'Failed to connect to app.mbuy.com port 443: No route to host')
+
 	Nonfunctional subdomains:
 
 		- (www.)	(refused)
 
 -->
-<ruleset name="MBuy.com (partial)">
+<ruleset name="MBuy.com (partial)" default_off="failed ruleset test">
 
 	<target host="app.mbuy.com" />
 
@@ -12,7 +16,6 @@
 	<securecookie host="^app\.mbuy\.com$" name=".+" />
 
 
-	<rule from="^http://app\.mbuy\.com/"
-		to="https://app.mbuy.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MCA-Marines.org.xml b/src/chrome/content/rules/MCA-Marines.org.xml
new file mode 100644
index 000000000000..c3a2d78f4e3c
--- /dev/null
+++ b/src/chrome/content/rules/MCA-Marines.org.xml
@@ -0,0 +1,12 @@
+<ruleset name="MCA-Marines.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="mca-marines.org" />
+	<target host="www.mca-marines.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MCLU.xml b/src/chrome/content/rules/MCLU.xml
index b53c25aaa636..0555a04794f5 100644
--- a/src/chrome/content/rules/MCLU.xml
+++ b/src/chrome/content/rules/MCLU.xml
@@ -1,6 +1,16 @@
-<ruleset name="Maine Civil Liberties Union">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://mclu.org/ => https://www.mclu.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.mclu.org'")
+Fetch error: http://www.mclu.org/ => https://www.mclu.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.mclu.org'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://mclu.org/ => https://www.mclu.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.mclu.org/ => https://www.mclu.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+-->
+<ruleset name="Maine Civil Liberties Union" default_off="failed ruleset test">
 	<target host="mclu.org" />
 	<target host="www.mclu.org" />
 
 	<rule from="^http://(?:www\.)?mclu\.org/" to="https://www.mclu.org/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MCM_Electronics.com.xml b/src/chrome/content/rules/MCM_Electronics.com.xml
index 1b373e740838..d39adcf03a34 100644
--- a/src/chrome/content/rules/MCM_Electronics.com.xml
+++ b/src/chrome/content/rules/MCM_Electronics.com.xml
@@ -31,4 +31,4 @@
 	<rule from="^http://(?:www\.)?mcmelectronics\.com/"
 		to="https://www.mcmelectronics.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MCPmag.com.xml b/src/chrome/content/rules/MCPmag.com.xml
new file mode 100644
index 000000000000..c4072785f608
--- /dev/null
+++ b/src/chrome/content/rules/MCPmag.com.xml
@@ -0,0 +1,28 @@
+<!--
+	For other 1105 Media coverage, see 1105_Media.com.xml.
+
+
+	Insecure cookies are set for these hosts:
+
+		- mcpmag.com
+
+-->
+<ruleset name="MCPmag.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="mcpmag.com" />
+	<target host="www.mcpmag.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^mcpmag\.com$" name="^(ASP\.NET_SessionId|BIGipServerPool[\w-]+)$" /-->
+
+	<securecookie host="^mcpmag\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MDC_US.com.xml b/src/chrome/content/rules/MDC_US.com.xml
deleted file mode 100644
index 65307d785b59..000000000000
--- a/src/chrome/content/rules/MDC_US.com.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	CDN buckets:
-
-		- nebula.wsimg.com
-
--->
-<ruleset name="MDC US.com">
-
-	<target host="mdcus.com" />
-	<target host="www.mdcus.com" />
-
-
-	<rule from="^http://(www\.)?mdcus\.com/"
-		to="https://$1mdcus.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/MDGx.com.xml b/src/chrome/content/rules/MDGx.com.xml
new file mode 100644
index 000000000000..50db8099b6a3
--- /dev/null
+++ b/src/chrome/content/rules/MDGx.com.xml
@@ -0,0 +1,21 @@
+<!--
+	CN: *.powweb.com
+
+
+	Mixed content:
+
+		- favicon from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="MDGx.com" default_off="mismatched">
+
+	<target host="mdgx.com" />
+	<target host="www.mdgx.com" />
+
+
+	<rule from="^http://(?:www\.)?mdgx\.com/"
+		to="https://mdgx.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MDR.de.xml b/src/chrome/content/rules/MDR.de.xml
new file mode 100644
index 000000000000..81ae42fb2019
--- /dev/null
+++ b/src/chrome/content/rules/MDR.de.xml
@@ -0,0 +1,105 @@
+<!--
+	Invalid certificate:
+		autodiscover.mdr.de
+		*.cast.mdr.de
+		event.mdr.de
+		gastwlan.mdr.de
+		live.mdr.de
+		liveevent1.mdr.de
+		liveevent2.mdr.de
+		livetvsachsen.mdr.de
+		livetvsachsenanhalt.mdr.de
+		livetvthueringen.mdr.de
+		mdm2.mdr.de
+		ondemand.mdr.de
+		ondemanddownload.mdr.de
+		ondemandgeo.mdr.de
+		ondemandstatic.mdr.de
+		pageflow-(image|static|video).mdr.de
+		sachsen-anhalt-live.mdr.de
+		sachen-live.mdr.de
+		teamwire.mdr.de
+		thueringen-live.mdr.de
+
+	Non-2xx HTTP code:
+		mdr-284290-0.sslcast.mdr.de
+		mdr-284320-0.sslcast.mdr.de
+		mdr-284350-0.sslcast.mdr.de
+
+	Refused:
+		data.mdr.de
+		dlvr.mdr.de
+		ucweb.mdr.de
+		hundertprozentich.mdr.de
+		klimakarte.mdr.de
+		livestream.mdr.de
+		m.mdr.de
+		mail.mdr.de
+		mediabox.mdr.de
+		www.mobil.mdr.de
+		stg2.mdr.de
+		sync.mdr.de
+		sync2.mdr.de
+		sync3.mdr.de
+		www-stg.mdr.de
+		www[1-4].mdr.de
+
+	Timeout:
+		esponse.mdr.de
+		ftp.mdr.de
+		hinkelstein.mdr.de
+		hinkelstein2.mdr.de
+		mobile.mdr.de
+		mx[1-3].mdr.de
+
+	Unable to get local issuer certificate:
+		ecs.mdr.de
+		sts.mdr.de
+-->
+<ruleset name="MDR.de">
+
+	<target host="mdr.de" />
+	<target host="www.mdr.de" />
+	<target host="100prozentich.mdr.de" />
+	<target host="app.mdr.de" />
+	<target host="avw.mdr.de" />
+	<target host="cdn.mdr.de" />
+	<target host="ellen.mdr.de" />
+	<target host="ellen-dev.mdr.de" />
+	<target host="ellen2.mdr.de" />
+	<target host="entwicklungslabor.mdr.de" />
+	<target host="frequenzsuche.mdr.de" />
+	<target host="frequenzsuchetest.mdr.de" />
+	<target host="git.mdr.de" />
+	<target host="heuteimosten.mdr.de" />
+	<target host="incontrol.mdr.de" />
+	<target host="intraportal.mdr.de" />
+	<target host="intraportaldev.mdr.de" />
+	<target host="isec.mdr.de" />
+	<target host="kandidatencheck.mdr.de" />
+	<target host="kinder.mdr.de" />
+	<target host="kommentare.mdr.de" />
+	<target host="kommentare-live.mdr.de" />
+	<target host="listserver.mdr.de" />
+	<target host="lyncjoin.mdr.de" />
+	<target host="mdm.mdr.de" />
+	<target host="mdm3.mdr.de" />
+	<target host="mftweb1.mdr.de" />
+	<target host="origin.mdr.de" />
+	<target host="owasvc.mdr.de" />
+	<target host="reportage.mdr.de" />
+	<target host="search.mdr.de" />
+	<target host="secure.mdr.de" />
+	<target host="securemail.mdr.de" />
+	<target host="sip.mdr.de" />
+	<target host="sommer88.mdr.de" />
+	<target host="topoftheday.mdr.de" />
+	<target host="volo.mdr.de" />
+	<target host="wahlzone.mdr.de" />
+	<target host="worldskills.mdr.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MDTS.xml b/src/chrome/content/rules/MDTS.xml
deleted file mode 100644
index 816c26156d4b..000000000000
--- a/src/chrome/content/rules/MDTS.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="MDTS">
-
-	<target host="mdts.uk.com" />
-
-
-	<securecookie host="^mdts\.uk\.com$" name=".*" />
-
-
-	<rule from="^http://mdts\.uk\.com/"
-		to="https://mdts.uk.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/MDapplicants.com.xml b/src/chrome/content/rules/MDapplicants.com.xml
new file mode 100644
index 000000000000..851c782f7c9e
--- /dev/null
+++ b/src/chrome/content/rules/MDapplicants.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="MDapplicants.com">
+	<target host="mdapplicants.com" />
+	<target host="www.mdapplicants.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ME.com.xml b/src/chrome/content/rules/ME.com.xml
new file mode 100644
index 000000000000..cc24ac66c421
--- /dev/null
+++ b/src/chrome/content/rules/ME.com.xml
@@ -0,0 +1,9 @@
+<!--
+	For other Apple coverage, see Apple.com.xml.
+-->
+<ruleset name="ME.com">
+	<target host="me.com" />
+	<target host="www.me.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MEBank.xml b/src/chrome/content/rules/MEBank.xml
new file mode 100644
index 000000000000..2600c0525e0e
--- /dev/null
+++ b/src/chrome/content/rules/MEBank.xml
@@ -0,0 +1,14 @@
+<ruleset name="MEBank">
+	<target host="mebank.com.au" />
+	<target host="www.mebank.com.au" />
+	<target host="apply.mebank.com.au" />
+	<target host="ib.mebank.com.au" />
+	<target host="verify.mebank.com.au" />
+
+	<!-- !www has a mismatch -->
+	<rule from="^http://mebank\.com\.au/"
+			to="https://www.mebank.com.au/" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MEPS-FPX.com.my.xml b/src/chrome/content/rules/MEPS-FPX.com.my.xml
new file mode 100644
index 000000000000..1fce1b7863c5
--- /dev/null
+++ b/src/chrome/content/rules/MEPS-FPX.com.my.xml
@@ -0,0 +1,24 @@
+<!--
+	Non-functional subdomains:
+		- uatdemo	(r)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="MEPS FPX.com.my">
+
+	<target host="mepsfpx.com.my" />
+	<target host="www.mepsfpx.com.my" />
+	<target host="uat.mepsfpx.com.my" />
+	<target host="uatwv.mepsfpx.com.my" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MERY.jp.xml b/src/chrome/content/rules/MERY.jp.xml
new file mode 100644
index 000000000000..9aecb60bd1fe
--- /dev/null
+++ b/src/chrome/content/rules/MERY.jp.xml
@@ -0,0 +1,28 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://mery.jp/ => https://mery.jp/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.mery.jp/ => https://www.mery.jp/: (6, 'Could not resolve host: www.mery.jp')
+
+-->
+<ruleset name="MERY.jp" default_off="failed ruleset test">
+
+	<target host="assets.mery.jp" />
+	<target host="bravo.mery.jp" />
+	<target host="cashmere.mery.jp" />
+	<target host="content.mery.jp" />
+	<target host="galena.mery.jp" />
+	<target host="mery.jp" />
+	<target host="pass.mery.jp" />
+	<target host="www.mery.jp" />
+
+	<test url="http://assets.mery.jp/1471426005608/images/noimage_person.png" />
+	<test url="http://bravo.mery.jp/lists/282143/large.jpg/thumb" />
+	<test url="http://cashmere.mery.jp/137/e4d15243f58c478fd07d5d8ce7c0066a_s.jpg/thumb" />
+	<test url="http://content.mery.jp/1100x2000/images/2011871/M111642626500_M_LL.jpg/original" />
+	<test url="http://galena.mery.jp/3475206/large.jpg/thumb" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MESO-Rx.xml b/src/chrome/content/rules/MESO-Rx.xml
index 4a3bb68f5537..88189014db93 100644
--- a/src/chrome/content/rules/MESO-Rx.xml
+++ b/src/chrome/content/rules/MESO-Rx.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://www.thinksteroids.com/ (200) => https://www.thinksteroids.com/ (404)
+
 	CDN buckets:
 
 		- d1uxx6tvzy89fj.cloudfront.net
@@ -21,20 +25,26 @@
 			- cdn-ru.thinksteroids.com
 
 -->
-<ruleset name="MESO-Rx">
+<ruleset name="MESO-Rx" default_off="failed ruleset test">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="thinksteroids.com" />
-	<target host="*.thinksteroids.com" />
+	<target host="es.thinksteroids.com" />
+	<target host="fr.thinksteroids.com" />
+	<target host="ru.thinksteroids.com" />
+	<target host="www.thinksteroids.com" />
 
+	<!--	Special cases:
+				-->
+	<target host="cdn.thinksteroids.com" />
+	<target host="cdn-ru.thinksteroids.com" />
+	<target host="js-fr.thinksteroids.com" />
+	<target host="static.thinksteroids.com" />
 
-	<securecookie host="^(?:.*\.)?thinksteroids\.com$" name=".+" />
 
+	<securecookie host=".+" name=".+"/>
 
-	<rule from="^http://((?:es|fr|ru|www)\.)?thinksteroids\.com/"
-		to="https://$1thinksteroids.com/" />
-
-	<rule from="^http://cdn\.thinksteroids\.com/"
-		to="https://d1uxx6tvzy89fj.cloudfront.net/" />
 
 	<rule from="^http://cdn-ru\.thinksteroids\.com/"
 		to="https://ru.thinksteroids.com/" />
@@ -45,4 +55,7 @@
 	<rule from="^http://static\.thinksteroids\.com/"
 		to="https://thinksteroids.com/forum/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/METEO.PL.xml b/src/chrome/content/rules/METEO.PL.xml
new file mode 100644
index 000000000000..56e1e25c7c0b
--- /dev/null
+++ b/src/chrome/content/rules/METEO.PL.xml
@@ -0,0 +1,14 @@
+<ruleset name="METEO.PL">
+	<target host="meteo.pl" />
+	<target host="www.meteo.pl" />
+	<target host="biznes.meteo.pl" />
+	<target host="faq.meteo.pl" />
+	<target host="m.meteo.pl" />
+	<target host="maps.meteo.pl" />
+	<target host="mapy.meteo.pl" />
+	<target host="nowe.meteo.pl" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/METRO-Transit.xml b/src/chrome/content/rules/METRO-Transit.xml
deleted file mode 100644
index 0d5e1a919727..000000000000
--- a/src/chrome/content/rules/METRO-Transit.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="METRO Transit (Harris County, Houston, Texas)">
-	<target host="ridemetro.org" />
-	<target host="www.ridemetro.org" />
-	<target host="jobs.ridemetro.org" />
-	<target host="pass-web.ridemetro.org" />
-
-	<rule from="^((http://((www)\.)?)|https://)ridemetro\.org/" to="https://www.ridemetro.org/" />
-	<rule from="^http://(pass-web|jobs)\.ridemetro\.org/" to="https://$1.ridemetro.org/" />
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/MFi.re.xml b/src/chrome/content/rules/MFi.re.xml
new file mode 100644
index 000000000000..1316a4f1c3f5
--- /dev/null
+++ b/src/chrome/content/rules/MFi.re.xml
@@ -0,0 +1,13 @@
+<!--
+	For other MediaFire coverage, see MediaFire.com.xml.
+
+	Mismatch:
+		^
+		www
+-->
+<ruleset name="MFi.re">
+	<target host="mfi.re" />
+	<target host="www.mfi.re" />
+
+	<rule from="^http://(www\.)?mfi\.re/" to="https://$1mediafire.com/" />
+</ruleset>
diff --git a/src/chrome/content/rules/MGID.com.xml b/src/chrome/content/rules/MGID.com.xml
index d66c9948bff8..5af1018e08ee 100644
--- a/src/chrome/content/rules/MGID.com.xml
+++ b/src/chrome/content/rules/MGID.com.xml
@@ -1,4 +1,7 @@
 <!--
+	For other MarketGid coverage, see MarketGid.com.xml.
+
+
 	Nonfunctional domains:
 
 		- blog.mgid.com *
@@ -55,28 +58,50 @@
 		- Images, on:
 
 			- admin4.dt07.net from img.dt00.net *
+			- (www.)mgid.com from img.dt07.net *
 			- news.mgid.com from imgn.dt07.net *
 
 		- Ads/web bugs, on:
 
 			- (www.)mgid.com and news.mgid.com from b.scorecardresearch.com *
 			- news.mgid.com from news.mgid.com *
-			- news.mgid.com from pixel.quantserve.com *
+			- (www.)mgid.com and news.mgid.com from edge.quantserve.com *
+			- (www.)mgid.com and news.mgid.com from pixel.quantserve.com *
 
 	* Secured by us
 
 -->
 <ruleset name="MGID.com (partial)">
 
-	<target host="*.dt00.net" />
+	<target host="img.dt00.net" />
+	<target host="imgn.dt00.net" />
+	<target host="jsc.dt00.net" />
+	<target host="oth.dt00.net" />
 		<!--
 			Not identical to mgid.com:
 						-->
 		<exclusion pattern="^http://imgn\.dt00\." />
-	<target host="*.dt07.net" />
+	<target host="img.dt07.net" />
+	<target host="imgn.dt07.net" />
+	<target host="jsc.dt07.net" />
+	<target host="oth.dt07.net" />
+	<target host="admin.dt07.net" />
+	<target host="admin4.dt07.net" />
 	<target host="mgid.com" />
-	<target host="*.mgid.com" />
+	<target host="img.mgid.com" />
+	<target host="imgn.mgid.com" />
+	<target host="jsc.mgid.com" />
+	<target host="oth.mgid.com" />
+	<target host="dashboard.mgid.com" />
+	<target host="freelance.mgid.com" />
+	<target host="my.mgid.com" />
+	<target host="usr.mgid.com" />
+	<target host="www.mgid.com" />
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.mgid\.com$" name="^(referal|utmc)$" /-->
 
 	<securecookie host="^admin4\.dt07\.net$" name=".+" />
 	<securecookie host="^(?:dashboard|my)?\.mgid\.com$" name=".+" />
@@ -85,10 +110,7 @@
 	<rule from="^http://(imgn?|jsc|oth)\.(?:dt0[07]\.net|mgid\.com)/"
 		to="https://$1.mgid.com/" />
 
-	<rule from="^http://admin(4)?\.dt07\.net/"
-		to="https://admin$1.dt07.net/" />
 
-	<rule from="^http://((?:dashboard|freelance|my|usr|www)\.)?mgid\.com/"
-		to="https://$1mgid.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/MI5.xml b/src/chrome/content/rules/MI5.xml
index 51259e4c04b9..70c675390d88 100644
--- a/src/chrome/content/rules/MI5.xml
+++ b/src/chrome/content/rules/MI5.xml
@@ -1,14 +1,17 @@
 <!--
+	British SS (aka 'MI5')
+
 	For other UK government coverage, see GOV.UK.xml.
 
+
+	^mi5.gov.uk doesn't exist.
+
 -->
-<ruleset name="MI5">
+<ruleset name="MI5.gov.uk">
 
-	<target host="mi5.gov.uk" />
 	<target host="www.mi5.gov.uk" />
 
 
-	<rule from="^http://(?:www\.)?mi5\.gov\.uk/"
-		to="https://www.mi5.gov.uk/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/MI6.ua.xml b/src/chrome/content/rules/MI6.ua.xml
new file mode 100644
index 000000000000..1f52956c5ff2
--- /dev/null
+++ b/src/chrome/content/rules/MI6.ua.xml
@@ -0,0 +1,17 @@
+<ruleset name="MI6.ua" default_off="refused">
+
+	<target host="mi6.ua" />
+	<target host="www.mi6.ua" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www.)?mi6\.ua$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^(?:www.)?mi6\.ua$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MIC-Gadget.xml b/src/chrome/content/rules/MIC-Gadget.xml
deleted file mode 100644
index 1ad2d4b9729e..000000000000
--- a/src/chrome/content/rules/MIC-Gadget.xml
+++ /dev/null
@@ -1,28 +0,0 @@
-<!--
-	CDN buckets:
-
-		- images.micgadget.com.s3.amazonaws.com
-
-
-	Nonfunctional subdomains:
-
-		- (www.)	(cert: store; shows directory listing)
-
--->
-<ruleset name="M.I.C. Gadget (partial)">
-
-	<target host="*.micgadget.com" />
-	<target host="*.store.micgadget.com" />
-
-
-	<securecookie host="^\.store\.micgadget\.com$" name=".+" />
-
-
-
-	<rule from="^https?://images\.micgadget\.com/"
-		to="https://s3.amazonaws.com/images.micgadget.com/" />
-
-	<rule from="^http://store\.micgadget\.com/"
-		to="https://store.micgadget.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/MICGadget.com.xml b/src/chrome/content/rules/MICGadget.com.xml
new file mode 100644
index 000000000000..9052d06c3651
--- /dev/null
+++ b/src/chrome/content/rules/MICGadget.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="MICGadget.com">
+	<target host="micgadget.com" />
+	<target host="www.micgadget.com" />
+	<target host="store.micgadget.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MIMS.xml b/src/chrome/content/rules/MIMS.xml
new file mode 100644
index 000000000000..55fc195e8bbd
--- /dev/null
+++ b/src/chrome/content/rules/MIMS.xml
@@ -0,0 +1,44 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://www.idr-trade.com/ (200) => https://www.idr-trade.com/ (502)
+Fetch error: http://pub.mims.com/ => https://pub.mims.com/: (60, 'SSL certificate problem: self signed certificate')
+Non-2xx HTTP code: http://www.mims.com.vn/ (200) => https://www.mims.com.vn/ (502)
+Non-2xx HTTP code: http://www.mimsonline.com/ (200) => https://www.mimsonline.com/ (502)
+Non-2xx HTTP code: http://www.idrtrade.com/ (200) => https://www.idrtrade.com/ (502)
+Non-2xx HTTP code: http://www.mims.com.ph/ (200) => https://www.mims.com.ph/ (502)
+Non-2xx HTTP code: http://www.mims.com.tw/ (200) => https://www.mims.com.tw/ (502)
+
+	Non-functional subdomains:
+		- mims.com
+			- pubmiddleware		(timeout)
+-->
+<ruleset name="MIMS (partial)" platform="mixedcontent" default_off="failed ruleset test">
+	<target host="www.mims.com" />
+	<target host="mims.com" />
+	<target host="www.cimsasia.com" />
+	<target host="www.mims.co.id" />
+	<target host="www.idr-trade.com" />
+	<target host="www.mims.com.sg" />
+	<target host="www.mims.com.my" />
+	<target host="pub.mims.com" />
+	<target host="china.mims.com" />
+	<target host="www.mims.com.vn" />
+	<target host="subscription.mims.com" />
+	<target host="healthtoday.mims.com" />
+	<target host="www.mimsonline.com" />
+	<target host="www.mimsonline.com.au" />
+	<target host="www.idrbiz.com" />
+	<target host="www.idrtrade.com" />
+	<target host="www.mims-online.com" />
+	<target host="www.mims.com.ph" />
+	<target host="www.idr-biz.com" />
+	<target host="www.mims.com.tw" />
+	<target host="sso.mims.com" />
+	<target host="www.mims.com.hk" />
+	<target host="admin.mims.com" />
+	<target host="news.mims.com" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MIMuslimCouncil.org.xml b/src/chrome/content/rules/MIMuslimCouncil.org.xml
new file mode 100644
index 000000000000..e27a0f5b8da3
--- /dev/null
+++ b/src/chrome/content/rules/MIMuslimCouncil.org.xml
@@ -0,0 +1,14 @@
+<!--
+	Time out:
+	- mimuslimcouncil.org
+
+-->
+<ruleset name="MIMuslimCouncil.org">
+	<target host="mimuslimcouncil.org" />
+	<target host="www.mimuslimcouncil.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://mimuslimcouncil\.org/" to="https://www.mimuslimcouncil.org/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MIN-Commsy.xml b/src/chrome/content/rules/MIN-Commsy.xml
index db04a40b336f..2884316d11b8 100644
--- a/src/chrome/content/rules/MIN-Commsy.xml
+++ b/src/chrome/content/rules/MIN-Commsy.xml
@@ -1,5 +1,5 @@
 <ruleset name="MIN_Commsy" platform="mixedcontent">
   <target host="www.mincommsy.uni-hamburg.de"/>
   <target host="mincommsy.uni-hamburg.de"/>
-  <rule from="^http://(?:www\.)?mincommsy\.uni-hamburg\.de/" to="https://www.mincommsy.uni-hamburg.de/"/>
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/MINV.sk.xml b/src/chrome/content/rules/MINV.sk.xml
new file mode 100644
index 000000000000..1811063c7156
--- /dev/null
+++ b/src/chrome/content/rules/MINV.sk.xml
@@ -0,0 +1,16 @@
+<!--
+Ministry of Interior of the Slovak Republic
+
+certificate mismatch:
+	minv.sk
+-->
+<ruleset name="MINV.sk">
+	<target host="minv.sk" />
+	<target host="www.minv.sk" />
+	<target host="portal.minv.sk" />
+
+	<rule from="^http://minv\.sk/"
+		to="https://www.minv.sk/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MIPS-Technologies.xml b/src/chrome/content/rules/MIPS-Technologies.xml
index 42175bee74f4..21dc40e6b019 100644
--- a/src/chrome/content/rules/MIPS-Technologies.xml
+++ b/src/chrome/content/rules/MIPS-Technologies.xml
@@ -1,13 +1,27 @@
-<ruleset name="MIPS Technologies">
+<!--
+	MIPS Technologies
+
+	For other Imagination Technologies coverage, see imgtec.com.xml.
+
+
+	^mips.com: Dropped
+	www.mips.com: Mismatched
+
+-->
+<ruleset name="MIPS.com">
 
 	<target host="mips.com" />
-	<target host="*.mips.com" />
+	<target host="www.mips.com" />
+
 
+	<securecookie host=".+" name=".+" />
 
-	<securecookie host="^(.*\.)?mips\.com$" name=".*" />
 
+	<!--	Redirect drops all:
+					-->
+	<rule from="^http://(?:www\.)?mips\.com/.*"
+		to="https://imgtec.com/mips" />
 
-	<rule from="^http://(developer\.|www\.)?mips\.com/"
-		to="https://$1mips.com/" />
+		<test url="http://www.mips.com/index.htm" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/MIT-complex.xml b/src/chrome/content/rules/MIT-complex.xml
new file mode 100644
index 000000000000..b6ed49f3fe29
--- /dev/null
+++ b/src/chrome/content/rules/MIT-complex.xml
@@ -0,0 +1,22 @@
+<!--
+	For simple rules, see MIT.xml.
+-->
+
+<ruleset name="MIT.edu (complex)">
+	<target host="mit.edu" />
+	<target host="www.mit.edu" />
+	<target host="web.mit.edu" />
+
+	<!-- https://github.com/EFForg/https-everywhere/issues/14397
+		Should not get secured:
+			- http://mit.edu/~puzzle/
+			- http://www.mit.edu/~puzzle/
+			- http://web.mit.edu/puzzle/www/
+	-->
+	<rule from="^http://(www\.|web\.)?mit\.edu/($|files/)" to="https://web.mit.edu/$2" />
+
+		<!-- Should get secured: -->
+		<test url="http://mit.edu/files/assets/images/favicon.ico" />
+		<test url="http://www.mit.edu/files/assets/images/favicon.ico" />
+		<test url="http://web.mit.edu/files/assets/images/favicon.ico" />
+</ruleset>
diff --git a/src/chrome/content/rules/MIT-mismatches.xml b/src/chrome/content/rules/MIT-mismatches.xml
index b71eb509b17c..7d606e0ed1c6 100644
--- a/src/chrome/content/rules/MIT-mismatches.xml
+++ b/src/chrome/content/rules/MIT-mismatches.xml
@@ -2,31 +2,73 @@
 	For rules that are on by default, see MIT.xml.
 
 -->
-<ruleset name="Massachusetts Institute of Technology (mismatches)" default_off="expired, mismatch, self-signed">
+<ruleset name="Massachusetts Institute of Technology (problematic)" default_off="expired, mismatched, missing certificate chain, self-signed">
 
-	<target host="3down.mit.edu" />
-	<target host="calendar.mit.edu" />
+	<!--	Direct rewrites:
+				-->
+	<target host="www.advancedligo.mit.edu" />
+	<target host="counter.mit.edu" />
 	<target host="cluedumps.mit.edu" />
-	<!--	cert: *.scripts.mit.edu		-->
+	<target host="diversity.mit.edu" />
 	<target host="hacks.mit.edu" />
-	<target host="mosh.mit.edu" />
+	<target host="iceo.mit.edu" />
+	<target host="tmg-trackr.media.mit.edu" />
+	<target host="mlkscholars.mit.edu" />
+	<target host="relate.mit.edu" />
 	<!--	Self-signed	-->
 	<target host="people.mit.edu" />
-		<!--
-			- 403 over https
+	<target host="zscore.mit.edu" />
+
+	<!--	Complications:
+				-->
+	<target host="advancedligo.mit.edu" />
+	<target host="techtime.mit.edu" />
+
+		<!--	- 403 over https
 			- 302s to www.csail.mit.edu/peoplesearch over http
 										-->
-		<exclusion pattern="^http://people\.mit\.edu/($|\?)" />
-	<target host="techtime.mit.edu" />
+		<exclusion pattern="^http://people\.mit\.edu/(?:$|\?)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://people.mit.edu/?f" />
+			<test url="http://people.mit.edu/?o" />
+
 
+		<!--	>=1 path 404s:
+					-->
+		<exclusion pattern="^http://tmg-tracker\.media\.mit\.edu/(?!$|\?)" />
 
-	<securecookie host="^(?:3down|cluedumps)\.mit\.edu$" name=".+" />
+			<!--	+ve:
+					-->
+			<test url="http://tmg-trackr.media.mit.edu/publishedmedia/Papers/604-HydroMorph%20Shape%20Changing%20Water/Published/PDF" />
 
+		<exclusion pattern="^http://techtime\.mit\.edu/(?!$|\?)" />
 
-	<rule from="^http://(3down|calendar|cluedumps|hacks|mosh|people)\.mit\.edu/"
-		to="https://$1.mit.edu/" />
+			<!--	+ve:
+					-->
+			<test url="http://techtime.mit.edu/f" />
+			<test url="http://techtime.mit.edu/o" />
+			<test url="http://techtime.mit.edu/b" />
+			<test url="http://techtime.mit.edu/a" />
 
-	<rule from="^http://techtime\.mit\.edu/(?:\?.*)?$"
+			<!--	-ve:
+					-->
+			<test url="http://techtime.mit.edu/?f" />
+			<test url="http://techtime.mit.edu/?o" />
+			<test url="http://techtime.mit.edu/?b" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://advancedligo\.mit\.edu/"
+		to="https://www.advancedligo.mit.edu/" />
+
+	<rule from="^http://techtime\.mit\.edu/(?:$|\?.*)"
 		to="https://calendar.mit.edu/techtime/index.shtml" />
 
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/MIT.edu-falsemixed.xml b/src/chrome/content/rules/MIT.edu-falsemixed.xml
new file mode 100644
index 000000000000..455a2598c6cb
--- /dev/null
+++ b/src/chrome/content/rules/MIT.edu-falsemixed.xml
@@ -0,0 +1,16 @@
+<!--
+	For rules not causing false/broken MCB, see MIT.xml.
+
+-->
+<ruleset name="MIT.edu (false MCB)" platform="mixedcontent">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="president.mit.edu" />
+	<target host="resources.mit.edu" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MIT.xml b/src/chrome/content/rules/MIT.xml
index 439416acf2f0..8cedaa06834d 100644
--- a/src/chrome/content/rules/MIT.xml
+++ b/src/chrome/content/rules/MIT.xml
@@ -1,146 +1,267 @@
 <!--
-	For problematic rules, see MIT-mismatches.xml.
+	Massachusetts Institute of Technology
 
+	For rules with complex rewrites, see MIT-complex.xml.
+	For rules causing false/broken MCB, see MIT.edu-falsemixed.xml.
+	For problematic rules, see MIT-mismatches.xml.
 
 	Other MIT rulesets:
+		+ MIT_Press_Journals.org.xml
+		+ TechnologyReview.xml
+		+ technologyreview.in.xml
+		+ Touchstone_Network.xml
 
-		- Touchstone_Network.xml
+	Nonfunctional hosts:
+		- alloy ¹
+		- appinventor ³
+		- ai2.appinventor ⁵
+		- arts ²
+		- artscal ³
+		- calendars (redirects to HTTP)
+		- cesf ²
+		- classics ⁴
+		- cmsw ⁷
+		- connect ³
+		- bigdata.csail ⁵
+		- inquir.csail ⁵
+		- nms.csail ²
+		- publications.csail ⁵
+		- research.csail ⁵
+		- tig.csail ⁵
+		- wireless.csail ⁵
+		- development ⁵
+		- eaps4 ³
+		- economics ²
+		- events ⁶
+		- executive
+		- gambit ⁷
+		- global	(Redirects to wayf.mit.edu)
+		- img ⁸
+		- ki ⁵
+		- lsc ⁵
+		- atlas.media ³
+		- macroconnections.media	(Shows blank tree)
+		- pantheon.media ²
+		- pulse.media ³
+		- tangible.media ²
+		- web.media
+		- mitworld ²
+		- mvl ⁹
+		- oastories ²
+		- ocw ᵃ
+		- sap		(Plaintext reply)
+		- sloanreview ²
+		- ssg ᶜ
+		- student ᵈ
+		- tech ⁴
+		- the-tech ⁴
+		- video ²
+		- webcast	(Shows RHEL test page)
+		- xvm ⁵
+		- websis ᶠ
 
+	¹ Shows projects.csail
+	² Refused
+	³ Times out
+	⁴ 401
+	⁵ Handshake fails
+	⁶ Interrupted
+	⁷ Shows default page
+	⁸ Shows web
+	⁹ 403
+	ᵃ 503
+	ᵇ 400
+	ᶜ Shows lids
+	ᵈ Redirects to idp
+	ᶠ Shows student
 
-	Nonfunctional mit.edu subdomains:
+	Problematic hosts in *mit.edu:
+		- ^ *
+		- www *
+		- advancedligo ᶜ ᵐ
+		- www.advancedligo ᶜ
+		- calendar ²
+		- counter ¹
+		- csail ³
+		- css.csail ᶜ
+		- people.csail	($ 403s)
+		- cluedumps ⁴
+		- diversity ⁴
+		- apply.eecs ²
+		- eecs-search.eecs ᶜ
+		- eecscal	(404)
+		- events ³
+		- executive	(Mismatched, CN: cms.executive.mit.edu)
+		- cdn.executive	(Cloudfront)
+		- hacks ⁴
+		- iceo ⁴
+		- iceoblog ⁴
+		- ideabank ⁵
+		- itinfo ⁶
+		- libguides	(LibGuides.com/mismatched)
+		- media		(Cert only matches *.media)
+		- mitei-members ᵐ
+		- mitsloan ᶜ
+		- oeit-tsa ¹
+		- tmg-trackr.media ² ᵐ **
+		- pdos.csail
+		- mlkscholars ⁴
+		- president	(Mixed iframe)
+		- reap ᶜ
+		- resources	(Mixed iframe)
+		- sdm-admissions ᶜ
+		- shass		(Configured for SSL3 only)
+		- reap ᶜ
+		- relate ¹
+		- techblogs ⁷
+		- techtime ⁸
+		- tgcat ¹ ²
+		- web *
+		- webmail ᶜ
 
-		- arts *
-		- artscal **
-		- civic		(no https)
-		- csail		(cert: inquir.csail.mit.edu; handshake fails)
-		- css.csail *
-		- inquir.csail	(cert: inquir.csail.mit.edu; handshake fails)
-		- www.csail	(handshake_failure)
-		- development ***
-		- events	(interruped)
-		- executive
-		- img		(shows web; mismatched, CN: web.mit.edu)
-		- web.media
-		- mvl		(self-signed, expired; 403)
-		- ocw		(503, Akamai)
-		- scratch	(times out)
-		- student	(redirects to idp, valid cert)
-		- stuff *
-		- tech		(cert: the-tech.mit.edu; 401)
-		- the-tech	(401)
-		- web ****
-		- xvm ***
-		- websis	(shows student; mismatched, CN: student.mit.edu)
-		- www ****
+	* "client certificate was invalid or not provided"
+	** Some paths 404
+	¹ Self-signed
+	² Expired
+	³ Handshake fails
+	⁴ Mismatched, CN: *.scripts.mit.edu
+	⁵ Mismatched, CN: future.mit.edu
+	⁶ Redirects to ist
+	⁷ $ works, at least some pages 404, expired, self-signed
+	⁸ Mismatched, CN: calendar.mit.edu
+	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
+	ᵐ Mismatched
+-->
 
-	* No https
-	** Times out
-	*** Handshake fails
-	**** Redirects to cert_error/
+<ruleset name="MIT.edu (partial)">
+	<target host="3down.mit.edu" />
+	<target host="alum.mit.edu" />
+	<target host="alumsso.mit.edu" />
+	<target host="athena10.mit.edu" />
+	<target host="blossoms.mit.edu" />
+	<target host="ca.mit.edu" />
+	<target host="calendar.mit.edu" />
+	<target host="chemefacsrch.mit.edu" />
+	<target host="civic.mit.edu" />
+	<target host="connect.mit.edu" />
+	<target host="csail.mit.edu" />
+	<target host="people.csail.mit.edu" />
+	<target host="eecscal.mit.edu" />
+	<target host="energy.mit.edu" />
+	<target host="executive.mit.edu" />
+	<target host="cdn.executive.mit.edu" />
+	<target host="calendar.csail.mit.edu" />
+	<target host="cap.csail.mit.edu" />
+	<target host="groups.csail.mit.edu" />
+	<target host="pdos.csail.mit.edu" />
+	<target host="projects.csail.mit.edu" />
+	<target host="www.csail.mit.edu" />
+	<target host="dc.mit.edu" />
+	<target host="debathena.mit.edu" />
+	<target host="athena.dialup.mit.edu" />
+	<target host="dome.mit.edu" />
+	<target host="dspace.mit.edu" />
+	<target host="eecs.mit.edu" />
+	<target host="www.eecs.mit.edu" />
+	<target host="engineering.mit.edu" />
+	<target host="esd.mit.edu" />
+	<target host="cms.executive.mit.edu" />
+	<target host="future.mit.edu" />
+	<target host="giving.mit.edu" />
+	<target host="gsc.mit.edu" />
+	<target host="iceoblog.mit.edu" />
+	<target host="ideabank.mit.edu" />
+	<target host="idm.mit.edu" />
+	<target host="idp.mit.edu" />
+	<target host="innovation.mit.edu" />
+	<target host="ist.mit.edu" />
+	<target host="kb.mit.edu" />
+	<target host="lgo.mit.edu" />
+	<target host="lgosdm.mit.edu" />
+	<target host="libguides.mit.edu" />
+	<target host="libraries.mit.edu" />
+	<target host="library.mit.edu" />
+	<target host="lids.mit.edu" />
+	<target host="linc.mit.edu" />
+	<target host="listart.mit.edu" />
+	<target host="llwebprod2.ll.mit.edu" />
+	<target host="www.ll.mit.edu" />
+	<target host="immersion.media.mit.edu" />
+	<target host="www.media.mit.edu" />
+	<target host="media.mit.edu" />
+	<target host="mit-amps.mit.edu" />
+	<target host="mit150.mit.edu" />
+	<target host="mitei.mit.edu" />
+	<target host="mitpress.mit.edu" />
+	<target host="www.mitpress.mit.edu" />
+	<target host="mitstory.mit.edu" />
+	<target host="mosh.mit.edu" />
+	<target host="mysloan.mit.edu" />
+	<target host="news.mit.edu" />
+	<target host="newsoffice.mit.edu" />
+	<target host="www.newsoffice.mit.edu" />
+	<target host="oastats.mit.edu" />
+	<target host="odge.mit.edu" />
+	<target host="odl.mit.edu" />
+	<target host="openafs.mit.edu" />
+	<target host="orgchart.mit.edu" />
+	<target host="pgp.mit.edu" />
+	<target host="picker.mit.edu" />
+	<target host="school-of-engineering-faculty-search.mit.edu" />
+	<target host="scratch.mit.edu" />
+	<target host="api.scratch.mit.edu" />
+	<target host="www.scratch.mit.edu" />
+	<target host="scripts.mit.edu" />
+	<target host="www.scripts.mit.edu" />
+	<target host="zyan.scripts.mit.edu" />
+	<target host="sdm.mit.edu" />
+	<target host="sipb.mit.edu" />
+	<target host="slice.mit.edu" />
+	<target host="shop.sloanreview.mit.edu" />
+	<target host="subscribe.sloanreview.mit.edu" />
+	<target host="stellar.mit.edu" />
+	<target host="stuff.mit.edu" />
+	<target host="teachingexcellence.mit.edu" />
+	<target host="techtv.mit.edu" />
+	<target host="tll.mit.edu" />
+	<target host="wayf.mit.edu" />
+	<target host="webmail.mit.edu" />
+	<target host="whereis.mit.edu" />
+	<target host="wikis.mit.edu" />
 
+	<securecookie host="^(?!calendars\.mit\.edu$)\w" name=".+" />
+	<securecookie host="^\." name="^__utm" />
 
-	Problematic subdomains:
+	<rule from="^http://csail\.mit\.edu/" to="https://www.csail.mit.edu/" />
 
-		- 3down		(works, self-signed)
-		- calendar	(works, expired 2013-01-27)
-		- cluedumps *
-		- hacks *
-		- ideabank	(mismatched, CN: future.mit.edu)
-		- itinfo	(redirects to ist; mismatched, CN: ist.mit.edu)
-		- techblogs	($ works, at least some pages 404, expired, self-signed)
-		- techtime	(mismatched, CN: calendar.mit.edu)
+	<!-- Redirect keeps args but not forward slash: -->
+	<rule from="^http://people\.csail\.mit\.edu/+(?:\?.*)?$" to="https://www.csail.mit.edu/peoplesearch" />
 
-	* Works; mismatched, CN: *.scripts.mit.edu
+	<test url="http://people.csail.mit.edu/?a" />
+	<test url="http://people.csail.mit.edu/?b" />
+	<test url="http://people.csail.mit.edu/?c" />
+	<test url="http://people.csail.mit.edu/?d" />
+	<test url="http://people.csail.mit.edu//?a" />
+	<test url="http://people.csail.mit.edu//?b" />
+	<test url="http://people.csail.mit.edu//?c" />
+	<test url="http://people.csail.mit.edu//?d" />
 
+	<!-- Redirect drops path and args: -->
+	<rule from="^http://eecscal\.mit\.edu/.*" to="https://calendars.mit.edu/eecs" />
 
+	<test url="http://eecscal.mit.edu/home.php" />
 
-	Fully covered subdomains:
+	<rule from="^http://cdn\.executive\.mit\.edu/" to="https://d3f3qxt87iw6id.cloudfront.net/" />
 
-		- alum
-		- alumsso
-		- athena10
-		- ca
-		- pdos.csail
-		- debathena
-		- future
-		- giving
-		- gsc
-		- ideabank	(→ future)
-		- idp
-		- linerva
-		- immersion.media
-		- mit150
-		- odge
-		- orgchart
-		- picker
-		- sipb
-		- stellar
-		- webpub
-		- whereis
-		- wikis
-
-
-	Mixed image on picker from web
+	<rule from="^http://ideabank\.mit\.edu/" to="https://future.mit.edu/" />
 
--->
-<ruleset name="Massachusetts Institute of Technology (partial)">
+	<rule from="^http://www\.mitpress\.mit\.edu/" to="https://mitpress.mit.edu/" />
 
-	<target host="*.mit.edu" />
-	<target host="www.*.mit.edu" />
-	<target host="people.csail.mit.edu" />
-	<target host="mitpressjournals.org" />
-	<target host="www.mitpressjournals.org" />
-
-
-	<!--	Observed cookie domains:
-
-			- alum
-			- .alum
-			- alumsso
-			- athena10
-			- ca
-			- cluedumps
-			- debathena
-			- .future
-			- giving
-			- gsc
-			- idp
-			- .ist
-			- kb
-			- .mit150
-			- mitpress
-			- scripts
-			- stellar
-			- student
-			- wayf
-			- webpub
-			- whereis
-			- wikis
-				-->
-	<securecookie host="^(?:alum|alumsso|athena10|ca|debathena|giving|gsc|idp|kb|mitpress|scripts|stellar|webpub|wikis).mit\.edu$" name=".*" />
-	<!--securecookie host="^\.alum\.mist\.edu$" name="^S?SESS\w{32}$" /-->
-	<!--securecookie host="^\.future\.mist\.edu$" name="^SSESS\w{32}$" /-->
-	<!--securecookie host="^\.ist\.mist\.edu$" name="^SSESS\w{32}$" /-->
-	<!--securecookie host="^\.mit150\.mist\.edu$" name="^SESS\w{32}$" /-->
-	<securecookie host="^wayf\.mit\.edu$" name=".*" />
-
-
-	<rule from="^http://mit\.edu/"
-		to="https://mit.edu/" />
-
-	<rule from="^http://(alum|alumsso|athena10|ca|(?:groups|pdos|people)\.csail|debathena|future|giving|gsc|idp|ist|kb|librar(?:ies|y)|linerva|mail|immersion\.media|mit150|odge|orgchart|picker|(?:www\.)?scripts|sipb|stellar|wayf|webpub|whereis|wikis)\.mit\.edu/"
-		to="https://$1.mit.edu/" />
-
-	<rule from="^http://ideabank\.mit\.edu/"
-		to="https://future.mit.edu/" />
-
-	<rule from="^https?://(?:www\.)?mitpress\.mit\.edu/"
-		to="https://mitpress.mit.edu/" />
-
-	<rule from="^http://scripts\.mit\.edu:444/"
-		to="https://scripts.mit.edu:444/" />
-
-	<rule from="^http://(www\.)?mitpressjournals\.org/((?:entityImage|na101|sda|templates|userimages)/|action/(?:registration|showLogin)$)"
-		to="https://www.mitpressjournals.org/$2" />
+	<rule from="^http://media\.mit\.edu/" to="https://www.media.mit.edu/" />
+
+	<rule from="^http://scripts\.mit\.edu:444/" to="https://scripts.mit.edu:444/" />
+
+	<test url="http://scripts.mit.edu:444/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/MIT_Press_Journals.org.xml b/src/chrome/content/rules/MIT_Press_Journals.org.xml
new file mode 100644
index 000000000000..93cfcc56d868
--- /dev/null
+++ b/src/chrome/content/rules/MIT_Press_Journals.org.xml
@@ -0,0 +1,14 @@
+<!--
+	For other MIT coverage, see MIT.xml.
+
+-->
+<ruleset name="MIT Press Journals.org (partial)">
+
+	<target host="mitpressjournals.org" />
+	<target host="www.mitpressjournals.org" />
+
+
+	<rule from="^http://(?:www\.)?mitpressjournals\.org/(?=(?:entityImage|na101|sda|templates|userimages)/|action/(?:registration|showLogin)$)"
+		to="https://www.mitpressjournals.org/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MIUI.com.xml b/src/chrome/content/rules/MIUI.com.xml
new file mode 100644
index 000000000000..34874084eca8
--- /dev/null
+++ b/src/chrome/content/rules/MIUI.com.xml
@@ -0,0 +1,47 @@
+<!--
+	For other domains belong to Xiaomi, see Xiaomi.com.xml
+
+	404:
+		^
+
+	Expired:
+		https://static.bbs.miui.com
+
+	Invalid certificate:
+		https://bbs.miui.com
+		https://embed.bbs.miui.com
+		https://geek.miui.com
+
+	MCB:
+		https://video.browser.miui.com
+		https://webapp.browser.miui.com
+-->
+<ruleset name="MIUI.com">
+	<target host="miui.com" />
+	<target host="www.miui.com" />
+	<target host="api.bbs.miui.com" />
+	<target host="attach.bbs.miui.com" />
+		<test url="http://attach.bbs.miui.com/common/6d/common_331_icon.png" />
+	<target host="avatar.bbs.miui.com" />
+		<test url="http://avatar.bbs.miui.com/data/avatar/000/00/00/00_avatar_small.jpg" />
+		<test url="http://avatar.bbs.miui.com/data/avatar/noavatar_small.gif" />
+	<target host="embed.bbs.miui.com" />
+	<target host="news.browser.miui.com" />
+	<target host="bigota.d.miui.com" />
+	<target host="en.miui.com" />
+	<target host="hk.miui.com" />
+	<target host="testit.miui.com" />
+	<target host="tw.miui.com" />
+	<target host="rs.vip.miui.com" />
+	<target host="web.vip.miui.com" />
+		<test url="http://web.vip.miui.com/page/packet2017" />
+
+	<rule from="^http://miui\.com/" to="https://www.miui.com/" />
+
+	<rule from="^http://embed\.bbs\.miui\.com/" to="https://www.miui.com/" />
+		<test url="http://embed.bbs.miui.com/download.html" />
+		<test url="http://embed.bbs.miui.com/thread-14022542-1-1.html" />
+		<test url="http://embed.bbs.miui.com/index.php?29961042" />
+	
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MIX-Computer.de.xml b/src/chrome/content/rules/MIX-Computer.de.xml
index 1de0d3557fb5..0e736791c00d 100644
--- a/src/chrome/content/rules/MIX-Computer.de.xml
+++ b/src/chrome/content/rules/MIX-Computer.de.xml
@@ -2,6 +2,6 @@
   <target host="www.mix-computer.de"/>
   <target host="mix-computer.de"/>
 
-  <rule from="^http://(www\.)?mix-computer\.de/" to="https://www.mix-computer.de/"/>
+  <rule from="^http:" to="https:" />
 </ruleset>
 
diff --git a/src/chrome/content/rules/MJG_International.xml b/src/chrome/content/rules/MJG_International.xml
index 82be4b79f6e7..58a3313288ad 100644
--- a/src/chrome/content/rules/MJG_International.xml
+++ b/src/chrome/content/rules/MJG_International.xml
@@ -1,4 +1,14 @@
-<ruleset name="MJG International">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://mjg.in/ => https://mjg.in/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.mjg.in/ => https://www.mjg.in/: (60, 'SSL certificate problem: certificate has expired')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://mjg.in/ => https://mjg.in/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.mjg.in/ => https://www.mjg.in/: (60, 'SSL certificate problem: certificate has expired')
+-->
+<ruleset name="MJG International" default_off="failed ruleset test">
 
 	<target host="mjg.in" />
 	<target host="www.mjg.in" />
@@ -7,7 +17,6 @@
 	<securecookie host="^(?:www\.)?mjg\.in$" name=".+" />
 
 
-	<rule from="^http://(www\.)?mjg\.in/"
-		to="https://$1mjg.in/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MK2.com.xml b/src/chrome/content/rules/MK2.com.xml
new file mode 100644
index 000000000000..7c87b2b6e492
--- /dev/null
+++ b/src/chrome/content/rules/MK2.com.xml
@@ -0,0 +1,39 @@
+<!--
+	No known URL working:
+		at.mk2.com
+		db.mk2.com
+		dvd.mk2.com (403)
+		exchange.mk2.com
+		gw-uunet-colo2.mk2.com
+		pmt.mk2.com
+
+	Bad certificate:
+		link.mk2.com
+		mail.mk2.com
+		ml.mk2.com
+
+	Refused:
+		media.mk2.com
+
+	Timeout:
+		maki.mk2.com
+		www.rumba-film.mk2.com
+		sushi.mk2.com
+		v2dev.mk2.com
+		v2preprod.mk2.com
+-->
+
+<ruleset name="MK2 (partial)">
+
+	<target host="mk2.com" />
+	<target host="www.mk2.com" />
+	<target host="api.mk2.com" />
+	<target host="m.mk2.com" />
+	<target host="nuitnoire.mk2.com" />
+	<target host="preprod.mk2.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MKK.com.tr.xml b/src/chrome/content/rules/MKK.com.tr.xml
new file mode 100644
index 000000000000..fd2d2e317a58
--- /dev/null
+++ b/src/chrome/content/rules/MKK.com.tr.xml
@@ -0,0 +1,24 @@
+<!--
+	These altnames don't exist:
+
+		- e-sirket2.mkk.com.tr
+		- egk2.mkk.com.tr
+		- portal2.mkk.com.tr
+		- www2.mkk.com.tr
+
+-->
+<ruleset name="MKK.com.tr">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="mkk.com.tr" />
+	<target host="e-sirket.mkk.com.tr" />
+	<target host="egk.mkk.com.tr" />
+	<target host="portal.mkk.com.tr" />
+	<target host="www.mkk.com.tr" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MKS_Software.com.xml b/src/chrome/content/rules/MKS_Software.com.xml
new file mode 100644
index 000000000000..de3b8441fc8d
--- /dev/null
+++ b/src/chrome/content/rules/MKS_Software.com.xml
@@ -0,0 +1,27 @@
+<!--
+	Insecure cookies are set for these hosts and domains: ᶜ
+
+		- mkssoftware.com
+		- .mkssoftware.com
+		- www.mkssoftware.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="MKS Software.com">
+
+	<target host="mkssoftware.com" />
+	<target host="www.mkssoftware.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.mkssoftware\.com$" name="^$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ML314.com.xml b/src/chrome/content/rules/ML314.com.xml
index 60a59d78a568..39da7ef3051a 100644
--- a/src/chrome/content/rules/ML314.com.xml
+++ b/src/chrome/content/rules/ML314.com.xml
@@ -4,6 +4,11 @@
 
 	Web bugs.
 
+
+	Insecure cookies are set for these hosts:
+
+		- www.ml314.com
+
 -->
 <ruleset name="ML314.com">
 
@@ -11,7 +16,14 @@
 	<target host="www.ml314.com" />
 
 
-	<rule from="^http://(www\.)?ml314\.com/"
-		to="https://$1ml314.com/" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.ml314\.com$" name="^pi$" /-->
+
+	<securecookie host="^www\.ml314\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MLFA.org.xml b/src/chrome/content/rules/MLFA.org.xml
new file mode 100644
index 000000000000..4393e9a417e3
--- /dev/null
+++ b/src/chrome/content/rules/MLFA.org.xml
@@ -0,0 +1,13 @@
+<!--
+	Invalid certificate:
+	- dev.mlfa.org
+
+-->
+<ruleset name="MLFA.org">
+	<target host="mlfa.org" />
+	<target host="www.mlfa.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MLP_Forums.xml b/src/chrome/content/rules/MLP_Forums.xml
index 4f812d6bdd71..665497531a27 100644
--- a/src/chrome/content/rules/MLP_Forums.xml
+++ b/src/chrome/content/rules/MLP_Forums.xml
@@ -32,7 +32,7 @@
 	<rule from="^http://(www\.)?mlpforums\.com/"
 		to="https://$1mlpforums.com/" />
 
-	<rule from="^https?://s\.mlpforums\.com/"
+	<rule from="^http://s\.mlpforums\.com/"
 		to="https://mlpforums-feld0.netdna-ssl.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MLSec_Project.org.xml b/src/chrome/content/rules/MLSec_Project.org.xml
new file mode 100644
index 000000000000..5685878521c6
--- /dev/null
+++ b/src/chrome/content/rules/MLSec_Project.org.xml
@@ -0,0 +1,39 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://mlsecproject.org/ => https://mlsecproject.org/: (28, 'Connection timed out after 20001 milliseconds')
+
+	Nonfunctional hosts in *mlsecproject.org:
+
+		- www2 *
+
+	* Redirects to http
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .mlsecproject.org
+		- www.mlsecproject.org
+
+-->
+<ruleset name="MLSec Project.org (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="mlsecproject.org" />
+	<target host="www.mlsecproject.org" />
+
+		<!--	Redirects to http:
+					-->
+		<!--exclusion pattern="^http://www2\.mlsecproject\.org/$" /-->
+
+
+	<!--	Incapsula cookies:
+					-->
+	<securecookie host="^(?:www)?\.mlsecproject\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MLive.com.xml b/src/chrome/content/rules/MLive.com.xml
new file mode 100644
index 000000000000..d1ad600fafff
--- /dev/null
+++ b/src/chrome/content/rules/MLive.com.xml
@@ -0,0 +1,75 @@
+<!--
+	For other MassLive coverage, see MassLive.com.xml.
+
+
+	CDN buckets:
+
+		- ssf-prod.advance.net
+
+			- mobile
+
+		- hssn-prod.advance.net.edgesuite.net
+
+			- highschoolsports
+
+		- mdw-prod.advance.net.edgesuite.net
+
+			- autos
+			- classifieds
+			- realestate
+
+		- mt4-prod.advance.net.edgesuite.net
+
+			- a68.b.akamai.net
+			- blog
+			- media
+			- photos
+			- videos
+
+		- www-prod.advance.net.edgesuite.net
+
+			- www
+
+		- mlive.advance.ypbot.net
+
+			- businessfinder
+
+
+	Nonfunctional subdomains:
+
+		- ^ ¹
+		- autos ²
+		- blog ²
+		- businessfinder ³
+		- classifieds ²
+		- highschoolsports ²
+		- mobile ¹
+		- photos ²
+		- realestate ²
+		- videos ²
+		- www ²
+
+	¹ Refused
+	² 503, akamai
+	³ Redirects to http, valid cert
+
+-->
+<ruleset name="MLive.com (partial)">
+
+	<target host="members.mlive.com" />
+	<target host="businessfinder.mlive.com" />
+		<!--
+			Other resources are loaded from other domains:
+									-->
+		<exclusion pattern="^http://businessfinder\.mlive\.com/+(?!favicon\.ico)" />
+
+
+	<!--	Not secured by server:
+					-->
+	<securecookie host="^members\.mlive\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MLno6.com.xml b/src/chrome/content/rules/MLno6.com.xml
index b0750b035717..91c49afd2f50 100644
--- a/src/chrome/content/rules/MLno6.com.xml
+++ b/src/chrome/content/rules/MLno6.com.xml
@@ -1,17 +1,24 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://mlno6.com/ => https://mlno6.com/: (6, 'Could not resolve host: mlno6.com')
+Fetch error: http://www.mlno6.com/ => https://www.mlno6.com/: (6, 'Could not resolve host: www.mlno6.com')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://mlno6.com/ => https://mlno6.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.mlno6.com/ => https://www.mlno6.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 	For other Madison Logic coverage, see Madison-Logic.xml.
 
 
 	Web bugs.
 
 -->
-<ruleset name="MLno6.com">
+<ruleset name="MLno6.com" default_off="failed ruleset test">
 
 	<target host="mlno6.com" />
 	<target host="www.mlno6.com" />
 
 
-	<rule from="^http://(www\.)?mlno6\.com/"
-		to="https://$1mlno6.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MMAHQ.xml b/src/chrome/content/rules/MMAHQ.xml
index 214e6bc54448..139d945b4238 100644
--- a/src/chrome/content/rules/MMAHQ.xml
+++ b/src/chrome/content/rules/MMAHQ.xml
@@ -16,13 +16,13 @@
 <ruleset name="MMAHQ">
 
 	<target host="mmahq.com" />
-	<target host="*.mmahq.com" />
+	<target host="www.mmahq.com" />
 
 
 	<securecookie host="^(?:www)?\.mmahq\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?mmahq\.com/"
+	<rule from="^http://(?:www\.)?mmahq\.com/"
 		to="https://www.mmahq.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MMOGA.xml b/src/chrome/content/rules/MMOGA.xml
index 21918256ef06..86c2b456fbf0 100644
--- a/src/chrome/content/rules/MMOGA.xml
+++ b/src/chrome/content/rules/MMOGA.xml
@@ -1,15 +1,16 @@
 <ruleset name="MMOGA">
 
 	<target host="mmoga.com" />
-	<target host="*.mmoga.com" />
 	<target host="mmoga.de" />
-	<target host="*.mmoga.de" />
+	<target host="blog.mmoga.com" />
+	<target host="blog.mmoga.de" />
+	<target host="www.mmoga.com" />
+	<target host="www.mmoga.de" />
 
 
 	<securecookie host="^\.mmoga\.(?:com|de)$" name=".+" />
 
 
-	<rule from="^http://(blog\.|www\.)?mmoga\.(com|de)/"
-		to="https://$1mmoga.$2/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MMO_Culture.xml b/src/chrome/content/rules/MMO_Culture.xml
index 4abd251b819e..6197fcf50b6c 100644
--- a/src/chrome/content/rules/MMO_Culture.xml
+++ b/src/chrome/content/rules/MMO_Culture.xml
@@ -1,13 +1,12 @@
 <ruleset name="MMO Culture">
 
 	<target host="mmoculture.com" />
-	<target host="*.mmoculture.com" />
+	<target host="www.mmoculture.com" />
 
 
 	<securecookie host="^\.mmoculture\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?mmoculture\.com/"
-		to="https://$1mmoculture.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MND_CDN.com.xml b/src/chrome/content/rules/MND_CDN.com.xml
index 6a21c8943be6..d61f5dada018 100644
--- a/src/chrome/content/rules/MND_CDN.com.xml
+++ b/src/chrome/content/rules/MND_CDN.com.xml
@@ -1,4 +1,7 @@
 <!--
+	For other Mynewsdesk coverage, see Mynewsdesk.com.xml.
+
+
 	CDN buckets:
 
 		- d20tdhwx2i89n1.cloudfront.net
diff --git a/src/chrome/content/rules/MNGinteractive.com.xml b/src/chrome/content/rules/MNGinteractive.com.xml
deleted file mode 100644
index 2ab003dcd014..000000000000
--- a/src/chrome/content/rules/MNGinteractive.com.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	CDN buckets:
-
-		- extras.mnginteractive.com.edgesuite.net
-
-
-	Problematic subdomains:
-
-		- extras	(redirects to http.../$, akamai)
-
--->
-<ruleset name="MNGinteractive.com">
-
-	<target host="*.mnginteractive.com" />
-
-
-	<rule from="^http://(?:secure\.)?extras\.mnginteractive\.com/"
-		to="https://secure.extras.mnginteractive.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/MNN.com.xml b/src/chrome/content/rules/MNN.com.xml
new file mode 100644
index 000000000000..073ff04767dd
--- /dev/null
+++ b/src/chrome/content/rules/MNN.com.xml
@@ -0,0 +1,41 @@
+<!--
+	Nonfunctional hosts in *mnn.com:
+
+		- editorsblog *
+
+	* Tumblr/refused
+
+
+	Problematic hosts in *mnn.com:
+
+		- ^ ¹
+		- static-assets ²
+		- www ²
+
+	¹ Dropped
+	² Cloudfront/mismatched
+
+-->
+<ruleset name="MNN.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="media.mnn.com" />
+
+	<!--	Complications:
+				-->
+	<!--target host="mnn.com" /-->
+	<!--target host="static-assets.mnn.com" /-->
+	<!--target host="www.mnn.com" /-->
+
+
+	<!--rule from="^http://(?:www\.)?mnn\.com/"
+		to="https://???.cloudfront.net/" /-->
+
+	<!--rule from="^http://static-assets\.mnn\.com/"
+		to="https://???.cloudfront.net/" /-->
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MOBIUS.xml b/src/chrome/content/rules/MOBIUS.xml
index 00e794f13740..861fe270074e 100644
--- a/src/chrome/content/rules/MOBIUS.xml
+++ b/src/chrome/content/rules/MOBIUS.xml
@@ -3,21 +3,13 @@
 
 		- MOBIUS_Catalog.xml
 
-
-	- www: mismatched
-	- Expired 2012-12-06
-
 -->
-<ruleset name="MOBIUS" default_off="expired">
+<ruleset name="MOBIUS">
 
 	<target host="mobiusconsortium.org" />
 	<target host="www.mobiusconsortium.org" />
 
+	<rule from="^http:"
+		to="https:" />
 
-	<!--securecookie host="^\.mobiusconsortium\.org$" name=".+" /-->
-
-
-	<rule from="^http://(?:www\.)?mobiusconsortium\.org/"
-		to="https://mobiusconsortium.org/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MOBIUS_Catalog.xml b/src/chrome/content/rules/MOBIUS_Catalog.xml
index 21a88b856440..222f9a896882 100644
--- a/src/chrome/content/rules/MOBIUS_Catalog.xml
+++ b/src/chrome/content/rules/MOBIUS_Catalog.xml
@@ -8,13 +8,11 @@
 <ruleset name="MOBIUS Catalog">
 
 	<target host="searchmobius.org" />
-	<target host="*.searchmobius.org" />
 
 
 	<securecookie host="^\.?searchmobius\.org$" name=".+" />
 
 
-	<rule from="^http://searchmobius\.org/"
-		to="https://searchmobius.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MODX.xml b/src/chrome/content/rules/MODX.xml
index 51e1656f6ece..0931c089e04c 100644
--- a/src/chrome/content/rules/MODX.xml
+++ b/src/chrome/content/rules/MODX.xml
@@ -18,11 +18,11 @@
 -->
 <ruleset name="MODX (partial)" platform="mixedcontent">
 
-	<target host="*.modx.com" />
-		<exclusion pattern="^https?://services\.modx\.com/(?!stylesheets/|user(?:$|\?|/))" />
+	<target host="pta.modx.com" />
+	<target host="services.modx.com" />
+		<exclusion pattern="^http://services\.modx\.com/(?!stylesheets/|user(?:$|\?|/))" />
 
 
-	<rule from="^http?://(?:pta|services)\.modx\.com/"
-		to="https://services.modx.com/$1" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MODX_Cloud.xml b/src/chrome/content/rules/MODX_Cloud.xml
index a5d479d8fa23..3f8ebb12fef4 100644
--- a/src/chrome/content/rules/MODX_Cloud.xml
+++ b/src/chrome/content/rules/MODX_Cloud.xml
@@ -13,7 +13,6 @@
 	<target host="www.modxcloud.com" />
 
 
-	<rule from="^https?://(?:www\.)?modxcloud\.com/"
-		to="https://modxcloud.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MOG-mismatches.xml b/src/chrome/content/rules/MOG-mismatches.xml
deleted file mode 100644
index a27bda3fa2c2..000000000000
--- a/src/chrome/content/rules/MOG-mismatches.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	For rules that are on by default, see MOG.xml.
-
--->
-<ruleset name="MOG (mismatches)" default_off="mismatch">
-
-	<!--	Cert: *.gridserver.com	-->
-	<target host="blog.mog.com" />
-
-
-	<securecookie host="^blog\.mog\.com$" name=".*" />
-
-
-	<rule from="^http://blog\.mog\.com/"
-		to="https://blog.mog.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/MOG.xml b/src/chrome/content/rules/MOG.xml
index 5c873b6d3dee..961e1ad6e586 100644
--- a/src/chrome/content/rules/MOG.xml
+++ b/src/chrome/content/rules/MOG.xml
@@ -1,14 +1,20 @@
 <!--
-	For problematic rules, see MOG-mismatches.xml.
+	Nonfunctional hosts in *mog.com:
+
+		- (www.)? ᵈ
+		- blog ᵈ
+
+	ᵈ Dropped
 
 -->
-<ruleset name="MOG">
+<ruleset name="MOG.com" default_off="refused">
 
 	<target host="mog.com" />
+	<target host="blog.mog.com" />
 	<target host="www.mog.com" />
 
 
-	<rule from="^http://(www\.)?mog\.com/"
-		to="https://$1mog.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/MOJANG.com.xml b/src/chrome/content/rules/MOJANG.com.xml
new file mode 100644
index 000000000000..3d4894e4d471
--- /dev/null
+++ b/src/chrome/content/rules/MOJANG.com.xml
@@ -0,0 +1,40 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+			 - minecon.mojang.com
+
+		Timeout was reached:
+			 - blockbyblock.mojang.com
+			 - crownandcouncil.mojang.com
+
+		SSL peer certificate was not OK:
+			 - assets.mojang.com
+
+		4xx client error:
+			 - launchermeta.mojang.com
+-->
+<ruleset name="MOJANG.com">
+	<target host="mojang.com" />
+	<target host="www.mojang.com" />
+	<target host="account.mojang.com" />
+	<target host="accounts.mojang.com" />
+	<target host="api.mojang.com" />
+	<target host="api-staging.mojang.com" />
+	<target host="assistlyhelper.mojang.com" />
+	<target host="auth.mojang.com" />
+	<target host="authserver.mojang.com" />
+	<target host="blog.mojang.com" />
+	<target host="bugs.mojang.com" />
+	<target host="friends.mojang.com" />
+	<target host="help.mojang.com" />
+	<target host="launcher.mojang.com" />
+	<target host="media.mojang.com" />
+		<test url="http://media.mojang.com/blog-image/2c34ca1217c7d95e76a6f8d646adf9208f78145a/blogmcnet.png" />
+		<test url="http://media.mojang.com/blog-image/c615ca91da33ad11a4d72780873f053775f60746/minecreaft-realms-header-2016-12-02.jpg" />
+	<target host="sessionserver.mojang.com" />
+	<target host="status.mojang.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MOLPay.xml b/src/chrome/content/rules/MOLPay.xml
new file mode 100644
index 000000000000..c7b3e8cc7e2e
--- /dev/null
+++ b/src/chrome/content/rules/MOLPay.xml
@@ -0,0 +1,9 @@
+<ruleset name="MOLPay">
+	<target host=    "onlinepayment.com.my" />
+	<target host="www.onlinepayment.com.my" />
+
+  	<securecookie host="^(www\.)?onlinepayment\.com\.my$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MOOC-List.com-falsemixed.xml b/src/chrome/content/rules/MOOC-List.com-falsemixed.xml
new file mode 100644
index 000000000000..08c1b036e1ca
--- /dev/null
+++ b/src/chrome/content/rules/MOOC-List.com-falsemixed.xml
@@ -0,0 +1,20 @@
+<!--
+	For rules not causing false/broken MCB, see MOOC-List.com.xml.
+
+-->
+<ruleset name="MOOC-List.com (false MCB)" platform="mixedcontent">
+
+	<target host="*.mooc-list.com" />
+		<!--
+			Handled in MOOC-List.com.xml:
+							-->
+		<!--exclusion pattern="^http://www\.mooc-list.com/(favicon\.ico|sites/)" /-->
+
+
+	<securecookie host="^\.mooc-list\.com$" name=".+" />
+
+
+	<rule from="^http://www\.mooc-list\.com/(?!favicon\.ico|sites/)"
+		to="https://www.mooc-list.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MOOC-List.com.xml b/src/chrome/content/rules/MOOC-List.com.xml
new file mode 100644
index 000000000000..cd79334575f0
--- /dev/null
+++ b/src/chrome/content/rules/MOOC-List.com.xml
@@ -0,0 +1,32 @@
+<!--
+	For rules causing false/broken MCB, see MOOC-List.com-falsemixed.xml.
+
+
+	Mixed  content:
+
+		- css from $self *
+
+		- Images from $self *
+
+		- Web bugs from www.facebook.com *
+
+	* Secured by us
+
+-->
+<ruleset name="MOOC-List.com (partial)">
+
+	<target host="mooc-list.com" />
+	<target host="www.mooc-list.com" />
+		<!--
+			As s://moo... redirects to p://w..., we
+			can avoid a duplicate a target warning
+			by blanket-rewriting !www here.
+
+			Avoid false/broken MCB:
+						-->
+		<exclusion pattern="^http://www\.mooc-list.com/(?!favicon\.ico|sites/)" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MORryde.com.xml b/src/chrome/content/rules/MORryde.com.xml
new file mode 100644
index 000000000000..14493b77260d
--- /dev/null
+++ b/src/chrome/content/rules/MORryde.com.xml
@@ -0,0 +1,18 @@
+<!--
+	Active mixed content:
+		- www.morryde.com, e.g. www.morryde.com/find-a-dealer
+
+	Invalid certificate:
+		- webapps.morryde.com
+
+	Wildcard DNS records:
+		- *.morryde.com
+-->
+
+<ruleset name="MORryde.com" platform="mixedcontent">
+	<target host="morryde.com" />
+	<target host="www.morryde.com" />
+	<target host="m.morryde.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MOSIS.com.xml b/src/chrome/content/rules/MOSIS.com.xml
new file mode 100644
index 000000000000..16cbe47d2b34
--- /dev/null
+++ b/src/chrome/content/rules/MOSIS.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="MOSIS.com">
+
+	<target host="mosis.com" />
+	<target host="www.mosis.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MPG.de.xml b/src/chrome/content/rules/MPG.de.xml
new file mode 100644
index 000000000000..0f067a13b1ce
--- /dev/null
+++ b/src/chrome/content/rules/MPG.de.xml
@@ -0,0 +1,21 @@
+<ruleset name="MPG.de">
+	<target host="mpg.de" />
+	<target host="www.mpg.de" />
+	<target host="billingpreis.mpg.de" />
+	<target host="www.billingpreis.mpg.de" />
+	<target host="www.cbs.mpg.de" />
+	<target host="dsb.mpg.de" />
+	<target host="www.dsb.mpg.de" />
+	<target host="oc-molgen.gnz.mpg.de" />
+	<target host="molgen.mpg.de" />
+	<target host="www.molgen.mpg.de" />
+	<target host="github.molgen.mpg.de" />
+	<target host="labfolder.molgen.mpg.de" />
+	<target host="owww.molgen.mpg.de" />
+	<target host="webmail.molgen.mpg.de" />
+	<target host="ws.molgen.mpg.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"	to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MPI_web.org.xml b/src/chrome/content/rules/MPI_web.org.xml
new file mode 100644
index 000000000000..a4b4ca6c8ff2
--- /dev/null
+++ b/src/chrome/content/rules/MPI_web.org.xml
@@ -0,0 +1,41 @@
+<!--
+	Meeting Professionals International
+
+
+	Nonfunctional subdomains:
+
+		- i	(redirects to www)
+
+
+	Problematic subdomains:
+
+		- ccdb	(works, expired 2013-12-22)
+
+
+	Partially covered subdomains:
+
+		- (www.)	(some pages redirect to http)
+		- m		(some paths redirect to www)
+
+-->
+<ruleset name="MPI web.org (partial)">
+
+	<target host="mpiweb.org" />
+	<target host="m.mpiweb.org" />
+	<target host="sts.mpiweb.org" />
+	<target host="www.mpiweb.org" />
+		<!--
+			Redirects to http:
+						-->
+		<!--exclusion pattern="^http://(www\.)?mpiweb\.org/+(About|Home|Community|Membership/Directory|portal/career)?($|[?/])" /-->
+		<exclusion pattern="^http://(?:www\.)?mpiweb\.org/+(?![aA]pp_[mM]aster/|favicon\.ico|Libraries/|Scripts/|SignIn\.aspx|sitefinity(?:$|[?/]))" />
+		<!--
+			Redirects to www:
+						-->
+		<!--exclusion pattern="^http://m\.mpiweb\.org/+($|\?|favicon\.ico|(Calendar|EandE|Home)($|[?/])|Scripts/)" /-->
+		<exclusion pattern="^http://m\.mpiweb\.org/+(?!Content/)" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MPNewMedia.xml b/src/chrome/content/rules/MPNewMedia.xml
new file mode 100644
index 000000000000..27d85938815d
--- /dev/null
+++ b/src/chrome/content/rules/MPNewMedia.xml
@@ -0,0 +1,4 @@
+<ruleset name="MPNewMedia">
+<target host="www1.mpnrs.com" />
+<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MP_Bio.com.xml b/src/chrome/content/rules/MP_Bio.com.xml
new file mode 100644
index 000000000000..2d26106f77fc
--- /dev/null
+++ b/src/chrome/content/rules/MP_Bio.com.xml
@@ -0,0 +1,32 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .mpbio.com
+
+
+	Mixed content:
+
+		- Bug from image.providesupport.com *
+
+	* Secured by us
+
+-->
+<ruleset name="MP Bio.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="mpbio.com" />
+	<target host="www.mpbio.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.mpbio\.com$" name="^(?:coutry|osCsid)$" /-->
+
+	<securecookie host="^\.mpbio\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MPlayer.xml b/src/chrome/content/rules/MPlayer.xml
index ceb97dbd9b34..c6b5f897261d 100644
--- a/src/chrome/content/rules/MPlayer.xml
+++ b/src/chrome/content/rules/MPlayer.xml
@@ -1,28 +1,35 @@
-<!--
-	Nonfunctional subdomains:
 
-		- bugzilla	(shows bunkus.org; mismatched, CN: *.bunkus.org)
-		- samples	(shows warthog; mismatched, CN: warthog.acenet-inc.net)
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://bugzilla.mplayerhq.hu/ => https://bugzilla.mplayerhq.hu/: (7, 'Failed to connect to bugzilla.mplayerhq.hu port 443: No route to host')
 
+	Nonfunctional hosts in *mplayerhq.hu:
 
-	Fully covered subdomains:
+		- www2 ʳ
+		- www5 ʳ
+		- www7 ʳ
+		- www8 ʳ
 
-		- (www.)
-		- dvdnav
-		- ftp
-		- lists
-		- rtmpdump
-		- svn
-		- www1
+	ʳ Refused
 
 -->
-<ruleset name="MPlayer">
+<ruleset name="MPlayer" default_off="failed ruleset test">
 
 	<target host="mplayerhq.hu" />
-	<target host="*.mplayerhq.hu" />
-
-
-	<rule from="^http://((?:dvdnav|ftp|lists|rtmpdump|svn|www1?)\.)?mplayerhq\.hu/"
-		to="https://$1mplayerhq.hu/" />
+	<target host="bugzilla.mplayerhq.hu" />
+	<target host="dvdnav.mplayerhq.hu" />
+	<target host="ffmpeg.mplayerhq.hu" />
+	<target host="ftp.mplayerhq.hu" />
+	<target host="lists.mplayerhq.hu" />
+	<target host="rtmpdump.mplayerhq.hu" />
+	<target host="samples.mplayerhq.hu" />
+	<target host="svn.mplayerhq.hu" />
+	<target host="trac.mplayerhq.hu" />
+	<target host="www.mplayerhq.hu" />
+	<target host="www1.mplayerhq.hu" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/MPort.ua.xml b/src/chrome/content/rules/MPort.ua.xml
new file mode 100644
index 000000000000..914c73420f66
--- /dev/null
+++ b/src/chrome/content/rules/MPort.ua.xml
@@ -0,0 +1,24 @@
+<!--
+	For other bigmir coverage, see Bigmirnet.xml.
+
+	Mismatched hosts in *mport.ua:
+
+		- www
+
+-->
+<ruleset name="MPort.ua">
+
+	<target host="mport.ua" />
+	<target host="www.mport.ua" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://www\.mport\.ua/"
+		to="https://mport.ua/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MQTT.org.xml b/src/chrome/content/rules/MQTT.org.xml
new file mode 100644
index 000000000000..d554eb894253
--- /dev/null
+++ b/src/chrome/content/rules/MQTT.org.xml
@@ -0,0 +1,12 @@
+<!--
+	Invalid certificate:
+		- webmail.mqtt.org
+		- www.webmail.mqtt.org
+-->
+
+<ruleset name="MQTT.org">
+	<target host="mqtt.org" />
+	<target host="www.mqtt.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MRMCD.net.xml b/src/chrome/content/rules/MRMCD.net.xml
index 55a219df0d9b..1c6ef942fce3 100644
--- a/src/chrome/content/rules/MRMCD.net.xml
+++ b/src/chrome/content/rules/MRMCD.net.xml
@@ -1,16 +1,10 @@
-<!--
-	Problematic subdomains:
-
-		- www	(cert only matches ^mrmcd.net)
-
--->
-<ruleset name="MRMCD.net" default_off="self-signed">
+<ruleset name="MRMCD.net">
 
 	<target host="mrmcd.net" />
 	<target host="www.mrmcd.net" />
 
 
-	<rule from="^http://(?:www\.)?mrmcd\.net/"
-		to="https://mrmcd.net/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MR_PORTER.xml b/src/chrome/content/rules/MR_PORTER.xml
index 399ab48895eb..b05feb243506 100644
--- a/src/chrome/content/rules/MR_PORTER.xml
+++ b/src/chrome/content/rules/MR_PORTER.xml
@@ -1,20 +1,25 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://mrporter.com/ (200) => https://www.mrporter.com/ (403)
+
 	!www: cert only matches www.
 
 -->
-<ruleset name="MR PORTER">
+<ruleset name="MR PORTER" default_off="failed ruleset test">
 
 	<target host="mrporter.com" />
-	<target host="*.mrporter.com" />
+	<target host="www.mrporter.com" />
+	<target host="cache.mrporter.com" />
+	<target host="www-lt.mrporter.com" />
 
 
 	<securecookie host="^\.?www\.mrporter\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?mrporter\.com/"
+	<rule from="^http://(?:www\.)?mrporter\.com/"
 		to="https://www.mrporter.com/" />
 
-	<rule from="^http://(cache|www-lt)\.mrporter\.com/"
-		to="https://$1.mrporter.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MSDN.xml b/src/chrome/content/rules/MSDN.xml
index 11874b798c31..c885ccd523b9 100644
--- a/src/chrome/content/rules/MSDN.xml
+++ b/src/chrome/content/rules/MSDN.xml
@@ -1,4 +1,6 @@
+
 <!--
+
 	For other Microsoft coverage, see Microsoft.xml.
 
 
@@ -15,58 +17,60 @@
 	Nonfunctional domains:
 
 		- media.ch9.ms			(CN: *.sharepointonline.com; 400)
-		- files.channel9.msdn.com	(CN: *.sharepointonline.com; 400)
-
-
-	Partially covered msdn.com subdomains:
+		- files.channel9.msdn.com	(400; CN: *.vo.msecnd.net)
 
 		- public.create
+		- profile.create
 
 
 	Fully covered msdn.com subdomains:
-
-		- i1.blogs
+		- www
 		- channel9
-		- create
-		- forums.create
-		- profile.create
-		- users.create
-		- windowsphone.create
-		- www.create
-		- social
-		- i1.social
+
+
+	Insecure cookies are set for these hosts:
+
+		- blogs.msdn.com
+		- create.msdn.com
+
+
+	Mixed content:
+
+		- css on blogs from i1.blogs *
+
+		- Images on channel9 from files.channel9
+		- Images on channel9 from video.ch9.ms *
+
+		- Web bugs on blogs from msstomsdnblogs.112.2o7.net *
+
+	* Secured by us
 
 -->
-<ruleset name="MSDN (partial)">
 
-	<target host="*.msdn.com" />
-		<!--
-			https://trac.torproject.org/projects/tor/ticket/8778
-										-->
-		<exclusion pattern="^http://blogs\.msdn\.com/" />
-	<target host="i1.*.msdn.com" />
-	<target host="create.msdn.com" />
-	<target host="*.create.msdn.com" />
+<ruleset name="MSDN.com (partial)">
 
+	<!--	Direct rewrites:
+				-->
+	<target host="msdn.com" />
+	<target host="www.msdn.com" />
+	<target host="channel9.msdn.com" />
 
-	<!--	Observed cookie subdomains:
+	<!--target host="www.create.msdn.com" /-->
 
-			- blogs
-			- forums.create
+
+	<!--	Not secured by server:
 					-->
-	<securecookie host="^.+\.msdn\.com$" name=".+" />
+	<!--securecookie host="^blogs\.msdn\.com$" name="^AuthorizationCookie$" /-->
+	<!--securecookie host="^channel9\.msdn.com$" name="^c9id$" /-->
 
-	<!--	i1: Akamai
-				-->
-	<rule from="^https?://(?:i1\.)?(blogs|social)\.msdn\.com/"
-		to="https://$1.msdn.com/" />
+	<!--
+		Observed cookie subdomains:
 
-	<rule from="^http://(channel9|(?:(?:forums|profile|users|windowsphone|www)\.)?create)\.msdn\.com/"
-		to="https://$1.msdn.com/" />
+			- blogs
+			- forums.create
+					-->
+	<securecookie host=".+" name=".+"/>
 
-	<!--	Cert doesn't match public
-						-->
-	<rule from="^https?://public\.create\.msdn\.com/assets/"
-		to="https://www.create.msdn.com/assets/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/MSF-Online.com.xml b/src/chrome/content/rules/MSF-Online.com.xml
new file mode 100644
index 000000000000..38ec445973c4
--- /dev/null
+++ b/src/chrome/content/rules/MSF-Online.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="MSF-Online.com" platform="mixedcontent">
+	<target host="msf-online.com" />
+	<target host="www.msf-online.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MSF.org.au.xml b/src/chrome/content/rules/MSF.org.au.xml
new file mode 100644
index 000000000000..c77593b837dd
--- /dev/null
+++ b/src/chrome/content/rules/MSF.org.au.xml
@@ -0,0 +1,20 @@
+<!--
+	Invalid certificate:
+		associativehistory.msf.org.au
+		childmortality.msf.org.au
+		malnutrition.msf.org.au
+		maternity.msf.org.au
+		refugeecamp.msf.org.au
+		southsudan.msf.org.au
+
+-->
+<ruleset name="MSF Australia">
+
+	<target host="msf.org.au" />
+	<target host="www.msf.org.au" />
+	<target host="donate.msf.org.au" />
+		<test url="http://donate.msf.org.au/ccard_details.cfm" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MSF.org.uk.xml b/src/chrome/content/rules/MSF.org.uk.xml
new file mode 100644
index 000000000000..de61234efadb
--- /dev/null
+++ b/src/chrome/content/rules/MSF.org.uk.xml
@@ -0,0 +1,64 @@
+<!--
+	Problematic hosts in *msf.org.uk:
+
+		- ^ ² ² ³
+		- cdn ⁴
+
+	² Expired
+	² Mismatched
+	³ Untrusted root
+	⁴ Fastly
+
+-->
+<ruleset name="MSF.org.uk (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.msf.org.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="msf.org.uk" />
+	<target host="cdn.msf.org.uk" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.msf\.org\.uk/(?:email-signup|home|quick-signup-confirm|request-msf-speaker-uk)$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.msf\.org\.uk/+(?!favicon\.ico|sites/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.msf.org.uk/email-signup" />
+			<test url="http://www.msf.org.uk/events-main" />
+			<test url="http://www.msf.org.uk/fundraise-msf" />
+			<test url="http://www.msf.org.uk/home" />
+			<test url="http://www.msf.org.uk/make-a-donation" />
+			<test url="http://www.msf.org.uk/support-us" />
+			<!--
+				(physical address, email, real name...):
+									-->
+			<test url="http://www.msf.org.uk/quick-signup-confirm" />
+			<!--
+				(same & phone number):
+							-->
+			<test url="http://www.msf.org.uk/request-msf-speaker-uk" />
+			<test url="http://www.msf.org.uk/volunteer-uk" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.msf.org.uk/favicon.ico" />
+			<test url="http://www.msf.org.uk/sites/all/themes/unified_template/ut_zen/logo.png" />
+
+		<test url="http://cdn.msf.org.uk/sites/all/themes/unified_template/ut_zen/logo.png" />
+
+
+	<rule from="^http://(?:cdn\.)?msf\.org\.uk/"
+		to="https://www.msf.org.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MSFN.org.xml b/src/chrome/content/rules/MSFN.org.xml
new file mode 100644
index 000000000000..418b130a2117
--- /dev/null
+++ b/src/chrome/content/rules/MSFN.org.xml
@@ -0,0 +1,18 @@
+<!--
+	Non-functional hosts
+		Mixed content blocking (MCB) tiggered:
+			 - win2k3.msfn.org
+			 - win2k8.msfn.org
+-->
+<ruleset name="MSFN.org">
+	<target host="msfn.org" />
+	<target host="www.msfn.org" />
+	<target host="flyakite.msfn.org" />
+	<target host="gosh.msfn.org" />
+	<target host="mail.msfn.org" />
+	<target host="unattended.msfn.org" />
+
+	<securecookie host="^(www\.)?msfn\.org$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MSFN.xml b/src/chrome/content/rules/MSFN.xml
deleted file mode 100644
index 511b86d37ab3..000000000000
--- a/src/chrome/content/rules/MSFN.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<ruleset name="MSFN" default_off="expired, mismatch, self-signed">
-
-	<target host="msfn.org" />
-	<!--	* for cross-domain cookie.	-->
-	<target host="www.msfn.org" />
-
-
-	<securecookie host="^\.msfn\.org$" name=".*" />
-
-
-	<!--	Cert doesn't match !www,
-		but !www redirects to www.	-->
-	<rule from="^http://(?:www\.)?msfn\.org/"
-		to="https://www.msfn.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/MSI-Shop.de.xml b/src/chrome/content/rules/MSI-Shop.de.xml
new file mode 100644
index 000000000000..86ea5e13516b
--- /dev/null
+++ b/src/chrome/content/rules/MSI-Shop.de.xml
@@ -0,0 +1,17 @@
+<!--
+	For other MSI coverage, see MSI.com.xml.
+
+-->
+<ruleset name="MSI-Shop.de" default_off="shows another domain">
+
+	<target host="msi-shop.de" />
+	<target host="www.msi-shop.de" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MSI.com.xml b/src/chrome/content/rules/MSI.com.xml
new file mode 100644
index 000000000000..85977e26ed8f
--- /dev/null
+++ b/src/chrome/content/rules/MSI.com.xml
@@ -0,0 +1,160 @@
+<!--
+	Other MSI rulesets:
+
+		- MSI_Computer.com.xml
+		- MSI-Shop.de.xml
+
+
+	Nonfunctional hosts in *msi.com:
+
+		- ^ ¹
+		- ar ²
+		- asset ²
+		- au ³
+		- be ¹
+		- br ³
+		- by ¹
+		- cafr ³
+		- cn ¹
+		- cz ²
+		- de ³
+		- dk ¹
+		- dl ¹
+		- es ²
+		- eu ²
+		- fi ²
+		- forum-sc ⁴
+		- fr ²
+		- gr ¹
+		- hu ¹
+		- jp ³
+		- kr ³
+		- latam ³
+		- mga ⁵
+		- my ³
+		- nl ²
+		- no ¹
+		- pl ¹
+		- pt ¹
+		- ro ¹
+		- rs ²
+		- ru ²
+		- se ¹
+		- sk ¹
+		- th ³
+		- tr ³
+		- tw ²
+		- ua ²
+		- uk ²
+		- us ³
+		- vn ³
+		- workstations ⁵
+		- www ²
+		- za ³
+
+	¹ Refused
+	² 503, Akamai
+	³ Dropped
+	⁴ Redirects to http
+	⁵ Shows another domain
+
+
+	Problematic hosts in *msi.com:
+
+		- dragoonarmy ¹
+		- event ²
+		- forum-tc ³
+		- support ⁴
+
+	¹ Redirect from $ differs
+	² Akamai
+	³ Server sends no certificate chain, see https://whatsmychaincert.com
+	⁴ Mismatched, CN: register.msi.com
+
+
+	These altnames don't exist:
+
+		- www.register.msi.com
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- dragoonarmy.msi.com
+		- forum-de.msi.com
+		- forum-en.msi.com
+		- forum-fr.msi.com
+		- forum-pl.msi.com
+		- forum-ru.msi.com
+		- forum-tc.msi.com
+		- frsupport.msi.com
+		- .gaming.msi.com
+		- register.msi.com
+		- sam.msi.com
+		- somethings.msi.com
+
+
+	Mixed content:
+
+		- css on somethings from fonts.googleapis.com *
+		- Images on frsupport from $self *
+		- Web bugs on media from b.static.ak.fbcdn.net
+
+	* Secured by us
+
+-->
+<ruleset name="MSI.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="cms.msi.com" />
+	<target host="euinline.msi.com" />
+	<target host="euscripts.msi.com" />
+	<target host="forum-de.msi.com" />
+	<target host="forum-en.msi.com" />
+	<target host="forum-fr.msi.com" />
+	<target host="forum-pl.msi.com" />
+	<!--target host="forum-tc.msi.com" /-->
+	<target host="frsupport.msi.com" />
+	<target host="game-static.msi.com" />
+	<target host="game.msi.com" />
+	<target host="gaming.msi.com" />
+	<target host="media.msi.com" />
+	<target host="register.msi.com" />
+	<target host="sam.msi.com" />
+	<target host="somethings.msi.com" />
+
+	<!--	Complications:
+				-->
+	<target host="dragoonarmy.msi.com" />
+	<target host="support.msi.com" />
+
+
+	<!--    Not secured by server:
+					-->
+	<!--securecookie host="^(?:dragoonarmy|somethings)\.msi\.com$" name="^ci_session$" /-->
+	<!--securecookie host="^forum-(?:de|en|fr|pl|ru|tc)\.msi\.com$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^frsupport\.msi\.com$" name="^(SWIFT_client|SWIFT_sessionid\d+)$" /-->
+	<!--securecookie host="^\.gaming\.msi\.com$" name="^_icl_current_language$" /-->
+	<!--securecookie host="^register\.msi\.com$" name="^reg_grb_session_[\da-f]{32}$" /-->
+	<!--securecookie host="^sam\.msi\.com$" name="^se_id_ui$" /-->
+
+	<securecookie host="^\w" name=".+" />
+	<securecookie host="^\.gaming\.msi\.com$" name=".+" />
+
+
+	<!--	Redirects as so:
+				-->
+	<rule from="^http://dragoonarmy\.msi\.com/$"
+		to="https://gaming.msi.com/" />
+
+	<!--	Server drops path:
+					-->
+	<rule from="^http://support\.msi\.com/[^?]*"
+		to="https://register.msi.com/" />
+
+		<test url="http://support.msi.com/index.php" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MSI_Computer.com.xml b/src/chrome/content/rules/MSI_Computer.com.xml
new file mode 100644
index 000000000000..188c61ad0f2c
--- /dev/null
+++ b/src/chrome/content/rules/MSI_Computer.com.xml
@@ -0,0 +1,31 @@
+<!--
+	For other MSI coverage, see MSI.com.xml.
+
+
+	(www.)?msicomputer.com: dropped, destination doesn't support tls
+
+
+	These altnames don't exist:
+
+		- www.service.msicomputer.com
+
+-->
+<ruleset name="MSI Computer.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="service.msicomputer.com" />
+	<target host="shop.msicomputer.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^shop\.msicomputer\.com$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MSN-mismatches.xml b/src/chrome/content/rules/MSN-mismatches.xml
index 2929b71dddf6..d85467600591 100644
--- a/src/chrome/content/rules/MSN-mismatches.xml
+++ b/src/chrome/content/rules/MSN-mismatches.xml
@@ -7,7 +7,7 @@
 		- www.msnbc.msn.com.edgesuite.net
 
 -->
-<ruleset name="MSN (mismatches)" default_off="mismatch">
+<ruleset name="MSN (mismatches)" default_off="expired, mismatch">
 
 	<!--	*.msnbc.msn.com, doesn't redirect to www
 						-->
@@ -15,31 +15,19 @@
 	<!--
 		301s to www.
 					-->
-		<exclusion pattern="^https?://www\.msnbc\.msn\.com/id/" />
+		<exclusion pattern="^http://www\.msnbc\.msn\.com/id/" />
+	<target host="msndata.jp.msn.com" />
 	<!--
 		Akamai: assets(\dd)?, www
 						-->
+
 	<target host="*.msnbc.msn.com" />
-	<target host="*.today.msnbc.msn.com" />
-	<target host="msnbcmedia.msn.com" />
-	<target host="msnbcmedia1.msn.com" />
-	<target host="msnbcmedia2.msn.com" />
-	<target host="msnbcmedia3.msn.com" />
-	<target host="msnbcmedia4.msn.com" />
 	<target host="my.msn.com" />
+	<target host="eb.my.msn.com" />
+	<target host="m.now.msn.com" />
 	<target host="realestate.msn.com" />
+	<target host="wonderwall.msn.com" />
 	<target host="img1.video.s-msn.com" />
-	<!--
-		Akamai
-			-->
-	<target host="polls.newsvine.com" />
-	<target host="www.polls.newsvine.com" />
-		<!--
-			Also hosted on www, handled in Newsvine.com.xml
-									-->
-		<exclusion pattern="http://(?:www\.)?polls\.newsvine\.com/_(?:static|vine)/" />
-	<target host="m.static.newsvine.com" />
-
 
 	<!--	www moved from Akamai to pantherssl and so stopped working.
 
@@ -54,9 +42,6 @@
 	<rule from="^http://(?:www\.)?msnbc\.msn\.com/"
 		to="https://msnbc.msn.com/" />
 
-	<rule from="^http://m(edia\.msnbc|snbcmedia\d?)\.msn\.com/"
-		to="https://a248.e.akamai.net/f/1127/349/8m/m$1.msn.com/" />
-
 	<!--	Akamai
 			-->
 	<rule from="^http://(behindthewall|bodyodd|bottomline|cartoonblog|cosmiclog|ed|dailynightly|entertainment|firstread|hardballblog|insidedateline|itineraries|maddowblog|mojoe|openchannel|overheadbin|photoblog|presspass|redtape|scoop|thelastword|(?:animaltracks|bites|celebrate|digitallife|lifeinc|moms|rockcenter|scoop|theclicker|thelook|today(?:entertainment|health|hiringourheroes|onthetrail|travel)|windsorknot)\.today|travelkit|usnews(?:first)?|vitals|world(?:blog|news|newsfirst))\.msnbc\.msn\.com/"
@@ -86,13 +71,10 @@
 	<rule from="^http://(?:www\.)?today\.msnbc\.msn\.com/"
 		to="https://today.msnbc.msn.com/" />
 
-	<rule from="^http://(my|realestate)\.msn\.com/"
+	<rule from="^http://(msndata\.jp|my|eb\.my|realestate|wonderwall)\.msn\.com/"
 		to="https://$1.msn.com/" />
 
 	<rule from="^http://img1\.video\.s-msn\.com/"
 		to="https://img1.video.s-msn.com/" />
 
-	<rule from="^http://((?:www\.)?polls|m\.static)\.newsvine\.com/"
-		to="https://$1.newsvine.com/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MSN.co.jp.xml b/src/chrome/content/rules/MSN.co.jp.xml
new file mode 100644
index 000000000000..d7869fdd52db
--- /dev/null
+++ b/src/chrome/content/rules/MSN.co.jp.xml
@@ -0,0 +1,27 @@
+<!--
+	For other Microsoft coverage, see Microsoft.xml.
+
+
+	Insecure cookies are set for these domains:
+
+		- .msn.co.jp
+
+	* Secured by us
+
+-->
+<ruleset name="MSN.co.jp (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="c.msn.co.jp" />
+
+
+	<!--	Not secured by server (set by c):
+						-->
+	<securecookie host="^\.msn\.co\.jp$" name="^MUID$" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MSN.xml b/src/chrome/content/rules/MSN.xml
index c940b2df508b..eb5b3a43bac8 100644
--- a/src/chrome/content/rules/MSN.xml
+++ b/src/chrome/content/rules/MSN.xml
@@ -1,7 +1,6 @@
 <!--
 	For problematic rules, see MSN-mismatches.xml.
 
-
 	For other Microsoft coverage, see Microsoft.xml.
 
 
@@ -17,7 +16,6 @@
 
 		- sgsts.msn.com.edgesuite.net | sgst.sin.cb3.glbdns.microsoft.com
 
-			- a38.g2.akamai.net
 			- sgst[cj].msn.com
 			- sin.st[cjs].s-msn.com
 
@@ -25,7 +23,6 @@
 
 		- catalog.video.msn.com.edgesuite.net
 
-			- a726.g.akamai.net
 			- img[123].catalog.video.msn.com
 			- img.widgets.video.msn.com
 
@@ -35,10 +32,6 @@
 
 			- static.stratosphere.msn.com
 
-		- glo.vo.msecnd.net/...
-
-			- static[12]?.glo.com
-
 		- msnimstore.vo.msecnd.net/...
 
 			- x.msimg.com
@@ -47,11 +40,6 @@
 
 			- img[123].catalog.video.msn.com
 
-		- wonderwall.vo.msecnd.net
-
-			- static.wonderwall.com
-			- static[1-5].wonderwall.com
-
 
 	Nonfunctional domains:
 
@@ -60,21 +48,31 @@
 			- ads
 			- ads1 *
 			- fp.images.autos **
+			- bedrockformsemea ⁵
+			- bedrockformsemeanext ⁵
+			- bedrockformssg ⁵
+			- bedrockformssgnext ⁵
 			- br *
 			- causes **
 			- cityofspeed **
 			- colstc		(503, akamai)
+			- entertainment		(interrupted)
 			- estc			(404, akamai)
 			- fitbie		(503, akamai)
 			- healthyliving *
+			- imgs1-video.ssl.catalog.video *
 			- jp
 			- ads1.jp		(404, valid cert)
 			- sankei.jp *
 			- r.sankei.jp *
 			- utm.sankei.jp *
-			- living *
-			- money
-			- onmobile
+			- latino		(404; mismatched, CN: *.secure.co1.msn.com)
+			- living		(refused)
+			- local			(refused)
+			- money			(refused)
+			- investing.money	(dropped)
+			- onmobile		(refused)
+			- c.sg *
 			- sgst[cj]		(504, akamai)
 			- signout *
 			- specials
@@ -86,14 +84,16 @@
 			- money.uk ***
 			- partner.uk
 			- prodigy *
+			- setstj		Reset
 			- static.stratosphere	(400; mismatched, CN: images.partner.windowsphone.com)
 			- socialvoices.uk ***
 			- stjjp *
 			- vfcdn **
 			- video			(503, akamai)
+			- catalog.video *
 			- hub.video		(503, akamai)
-			- www			(404)
 			- co3.www *
+			- wx			(404, valid cert)
 
 			- xin subdomains:
 
@@ -119,180 +119,132 @@
 	** 400
 	*** Reset
 	⁴ 503, akamai; !www redirects to www
+	⁵ Travis error 6: 'Could not resolve host'
+
+
+	Problematic hosts in *msn.com:
+
+		- h			Mismatched
+		- imgs1-video *
+		- c.jp			(mismatched, CN: c.msn.co.jp)
+		- g.jp			(works; mismatched, CN: g.live.co.jp, g.live.co.jp does not exist)
+		- msndata.jp		Mismatched
+		- assets[1-4]c.msnbc *
+		- assets[1-4]d.msnbc		(works, akamai)
+		- assets[1-4]z.msnbc *
+		- media.msnbc ***
+		- msnbcmedia ***
+		- msnbcmedia[1-4] ***
+		- m.now				Mismatched
+		- my				(works; expired, mismatched, CN: eb.my.msn.com)
+		- eb.my				Mismatched
+		- realestate			(CN: now.msn.com; works)
+		- c.sg				(mismatched, CN: c.msn.co.jp)
+		- static.stratosphere		(mismatched, CN: images.partner.windowsphone.com)
+		- img[123].catalog.video *
+		- imgs1-video (Mismatched)
+		- wonderwall			Expired, Untrusted root
 
+	* Works, akamai
+	*** Sometimes works, sometimes 403s; akamai
 
-	Problematic domains:
 
-		- static[12]?.glo.com			(400)
+-	c.msn.com redirects to c.atdmt.com with
+	a unique ID, which then redirects back
+	to c.msn, with the unique ID appended.
 
-		- msn.com subdomains:
 
-			- c.jp			(mismatched, CN: c.msn.co.jp)
-			- g.jp			(works; mismatched, CN: g.live.co.jp, g.live.co.jp does not exist)
-			- assets[1-4]c.msnbc *
-			- assets[1-4]d.msnbc		(works, akamai)
-			- assets[1-4]z.msnbc *
-			- media.msnbc ***
-			- msnbcmedia ***
-			- msnbcmedia[1-4] ***
-			- m.now				(works; mismatched, CN: home.now.msn.com)
-			- realestate			(CN: now.msn.com; works)
-			- c.sg				(mismatched, CN: c.msn.co.jp)
-			- static.stratosphere		(mismatched, CN: images.partner.windowsphone.com)
-			- img[123].catalog.video *
+	Insecure cookies are set for these domains:
 
-		- static.wonderwall.com ****
-		- static[1-5].wonderwall.com ****
+		- .msn.com
+		- .bat.r.msn.com
 
 
-	* Works, akamai
-	*** Sometimes works, sometimes 403s; akamai
-	**** 400; mismatched, CN: images.partner.windowsphone.com
+	Mixed content:
 
+		- Images, on:
 
-	Fully covered domains:
+			- www from static-finance-neu.s-msn.com *
+			- preview from img.s-msn.com *
 
-		- static[12]?.glo.com
+	* Secured by us
 
-		- c.msn.co.jp
+-->
+<ruleset name="MSN.com (partial)">
 
-		- msn.com subdomains:
+	<!--	Direct rewrites:
+				-->
+	<target host="msn.com" />
+	<target host="www.msn.com" />
+	<target host="adserver.msn.com" />
+	<target host="bedrockbluenext.msn.com" />
+	<target host="bedrockformsbluenext.msn.com" />
+	<target host="bedrockformskaw.msn.com" />
+	<target host="blstc.msn.com" />
+	<target host="c.msn.com" />
+	<target host="*.secure.co1.msn.com" />
+	<target host="contacts.msn.com" />
+	<target host="flex.msn.com" />
+	<target host="g.msn.com" />
+	<target host="hotmail.msn.com" />
+	<target host="www.hotmail.msn.com" />
+	<target host="hp.msn.com" />
+	<target host="jp.msn.com" />
+	<target host="moneycentral.msn.com" />
+	<target host="now.msn.com" />
+	<target host="otf.msn.com" />
+	<target host="postmaster.msn.com" />
+	<target host="preview.msn.com" />
+	<target host="*.r.msn.com" />
+	<target host="rad.msn.com" />
+	<target host="a.rad.msn.com" />
+	<target host="b.rad.msn.com" />
+	<target host="stcjp.msn.com" />
+	<target host="storage.msn.com" />
+
+	<target host="blufiles.storage.msn.com" />
+	<target host="bn1files.storage.msn.com" />
+	<target host="byfiles.storage.msn.com" />
+
+	<target host="udc.msn.com" />
+	<target host="*.ssl.catalog.video.msn.com" />
+
+	<!--	Complications:
+				-->
+	<target host="h.msn.com" />
+	<target host="c.jp.msn.com" />
+	<target host="static.stratosphere.msn.com" />
 
-			- ac3
-			- accountservices
-			- adsyndication
-			- appexformsblu
-			- appexformscol
-			- appexformskaw
-			- appexformssg
-			- bedrockblu
-			- bedrockblunext
-			- bedrockcn
-			- bedrockcol
-			- bedrockcolnext
-			- bedrockemea
-			- bedrockemeanext
-			- bedrockformsblu
-			- bedrockformsblunext
-			- bedrockformscn
-			- bedrockformscol
-			- bedrockformscolnext
-			- bedrockformsemea
-			- bedrockformsemeanext
-			- bedrockformskaw
-			- bedrockformskawnext
-			- bedrockformssg
-			- bedrockformssgnext
-			- bedrockjp
-			- bedrockkawnext
-			- bedrocksg
-			- bedrocksgnext
-			- blstc
-			- c
-			- *.secure.co1:
-
-				- login
-
-			- contacts
-			- entimg
-			- estc
-			- g
-			- glo
-			- h
-			- (www.)hotmail
-			- hp
-			- imgs1-video
-			- c.jp		(→ c.msn.co.jp)
-			- msndata.jp
-
-			- msnbc subdomains:
-
-				- assets *
-				- assets[1-4]c *
-				- assets[1-4]d *
-				- assets[1-4]z *
-
-			- eb.my
-			- now
-			- nowformsblu
-			- \d+.r
-			- rad
-			- a.rad
-			- b.rad
-			- stcjp
-			- setstj
-			- c.sg		(→ c.msn.co.jp)
-			- storage
-
-			- *.storage:
-
-				- blufiles
-				- bn1files
-				- byfiles
-
-			- stratosphere
-			- static.stratosphere	(→ az29590.vo.msecnd.net)
-			- catalog.video
-			- img[123].catalog.video *
-			- wonderwall
-
-		- static.wonderwall.com		(→ wonderwall.msn.com)
-		- static[1-5].wonderwall.com	(→ wonderwall.msn.com)
-
-	* → akamai
+		<test url="http://otf.msn.com/c.gif?js=&amp;evt=&amp;di=&amp;pi=&amp;ps=&amp;su=&amp;pageid=&amp;mkt=&amp;pn=&amp;mv=&amp;pp=&amp;cv.product=&amp;cv.partner=&amp;cv.publcat=&amp;st.dpt=&amp;st.sdpt=&amp;dv.Title1=&amp;cts=&amp;rf=&amp;rid=&amp;cvs=&amp;subcvs=&amp;cv.entityId=&amp;cv.entitySrc=&amp;provid=&amp;ar=&amp;d.dgk=&amp;d.imd=&amp;cv.parentId=&amp;isCorePV=&amp;pgIdx=&amp;pgTot=&amp;activityId=" />
 
--->
-<ruleset name="MSN (partial)">
+		<!--	Sets insecure cookies:
+						-->
+		<test url="http://c.msn.com/c.gif?udc=true&amp;rid=&amp;rnd=&amp;rf=&amp;tp=&amp;di=&amp;lng=&amp;cv.product=&amp;pn=&amp;activityId=&amp;d.dgk=&amp;d.imd=0" />
 
-	<target host="*.glo.com" />
-	<target host="*.msn.co.jp" />
-	<target host="*.msn.com" />
-		<!--exclusion pattern="^http://www.msnbc.msn.com/(?!id/)" /-->
-	<target host="*.wonderwall.com" />
+	<!--	Not secured by server:
 
+		(MUID: Set by c.msn.com)
+					-->
+	<!--securecookie host="^\.msn\.com$" name="^MUID$" /-->
+	<!--securecookie host="^\.bat\.r\.msn\.com$" name="^MR$" /-->
+	<!--securecookie host="^preview\.msn\.com$" name="^Preferences$" /-->
 
 	<!--	Set by c.atdmt.com:
 						-->
-	<securecookie host="^\.msn\.co(?:\.jp|m)$" name="^MUID$" />
-	<securecookie host="^\.msn\.com$" name="^s_\w+$" />
+	<securecookie host="^\.msn\.com$" name="^(?:MUID|s_\w+)$" />
 	<!--securecookie host="^\.msn\.com$" name="(cbus|Sample)$" /-->
-	<securecookie host="^(?:\.c|now)\.msn\.com$" name=".+" />
-
-
-	<rule from="^http://static[12]?\.glo\.com/"
-		to="https://glo.msn.com/" />
-
-	<rule from="^http://c\.(?:msn\.co\.jp|(?:jp|sg)\.msn\.com)/"
-		to="https://c.msn.co.jp/" />
+	<securecookie host="^(?:\.c|now|preview|\.bat\.r)\.msn\.com$" name=".+" />
 
-	<!--	c.msn.com redirects to c.atdmt.com with
-		a unique ID, which then redirects back
-		to c.msn, with the unique ID appended.
-				-->
-	<rule from="^http://(ac3|accountservices|adsyndication|appexforms(?:blu|col|kaw|sg)|bedrock(?:blu|bluenext|col|colnext|cn|emea|emeanext|jp|kawnext|sg|sgnext)|bedrockforms(?:blu|bluenext|cn|col|colnext|emea|emeanext|kaw|kawnext|sg|sgnext)|blstc|c|\w+\.secure\.co1|contacts|entimg|g|h|(?:www\.)?hotmail|hp|imgs1-video|msndata\.jp|eb\.my|now|nowformsblu|\d+\.r|(?:[ab]\.)?rad|stcjp|setstj|(?:\w+\.)?storage|stratosphere|udc|catalog\.video|wonderwall)\.msn\.com/"
-		to="https://$1.msn.com/" />
-
-	<rule from="^http://\w\w\.c\.msn\.com/"
-		to="https://c.msn.com/" />
-
-	<rule from="^http://assets(\d\w)?\.msnbc\.msn\.com/"
-		to="https://a248.e.akamai.net/f/1127/349/8m/assets$1.msnbc.msn.com/" />
+	<rule from="^http://c\.jp\.msn\.com/"
+		  to="https://c.msn.co.jp/" />
 
-	<!--rule from="^http://www\.msnbc\.msn\.com/"
-		to="https://a248.e.akamai.net/f/1167/54/1m/www.msnbc.msn.com/" /-->
-
-	<rule from="^http://m\.now\.msn\.com/sc/i/"
-		to="https://stc-now.s-msn.com/sc/i/" />
+	<rule from="^http://h\.msn\.com/"
+		to="https://h.live.com/" />
 
 	<rule from="^http://static\.stratosphere\.msn\.com/"
 		to="https://az29590.vo.msecnd.net/" />
 
-	<rule from="^http://img(\d)\.catalog\.video\.msn\.com/"
-		to="https://a248.e.akamai.net/f/726/5897/8m/img$1.catalog.video.msn.com/" />
-
-	<!--	wonderwall.vo.msecnd.net 400s:
-						-->
-	<rule from="^http://static\d?\.wonderwall\.com/"
-		to="https://wonderwall.msn.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MSNBC.com.xml b/src/chrome/content/rules/MSNBC.com.xml
new file mode 100644
index 000000000000..92bdef83d279
--- /dev/null
+++ b/src/chrome/content/rules/MSNBC.com.xml
@@ -0,0 +1,50 @@
+<!--
+	CDN buckets:
+
+		- nvcdn.msnbc.com.edgesuite.net
+
+			- nvcdn
+
+
+	Nonfunctional subdomains:
+
+		- info *
+
+	* Redirects to http
+
+
+	www: some pages redirect to http.
+
+
+	Problematic subdomains:
+
+		- nvcdn.msnbc.com *
+
+	* Works, akamai
+
+	5-Jun-2017: Set to default_off="broken", see https://github.com/EFForg/https-everywhere/issues/10099
+		for more information.
+
+-->
+<ruleset name="MSNBC.com (partial)" default_off="broken">
+
+	<target host="msnbc.com" />
+	<target host="www.msnbc.com" />
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="^http://www\.msnbc\.com/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.msnbc\.com/+(?!favicon\.ico|sites/)" />
+		<!--
+			Avoid user-visible paths:
+							-->
+		<!--exclusion pattern="^http://nvcdn\.msnbc\.com/+(?!_sites/)" /-->
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MSobieh.com.xml b/src/chrome/content/rules/MSobieh.com.xml
new file mode 100644
index 000000000000..86865b24b67c
--- /dev/null
+++ b/src/chrome/content/rules/MSobieh.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="MSobieh.com">
+	<target host="msobieh.com" />
+	<target host="www.msobieh.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MT-CDN.net.xml b/src/chrome/content/rules/MT-CDN.net.xml
new file mode 100644
index 000000000000..6eca2faf3e5b
--- /dev/null
+++ b/src/chrome/content/rules/MT-CDN.net.xml
@@ -0,0 +1,25 @@
+<!--
+	For other MediaTemple coverage, see MediaTemple.xml.
+
+-->
+<ruleset name="MT-CDN.net">
+
+	<!--	Complications:
+				-->
+	<target host="origin.mt-cdn.net" />
+	<target host="s0.mt-cdn.net" />
+	<target host="s1.mt-cdn.net" />
+	<target host="s2.mt-cdn.net" />
+	<target host="s3.mt-cdn.net" />
+	<target host="s4.mt-cdn.net" />
+	<target host="s5.mt-cdn.net" />
+	<target host="s6.mt-cdn.net" />
+	<target host="s7.mt-cdn.net" />
+	<target host="s8.mt-cdn.net" />
+	<target host="s9.mt-cdn.net" />
+
+
+	<rule from="^http://(?:origin|s\d)\.mt-cdn\.net/"
+		to="https://mediatemple.net/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MTAC.xml b/src/chrome/content/rules/MTAC.xml
index 63ebbe046f42..f7c6dab5c5f7 100644
--- a/src/chrome/content/rules/MTAC.xml
+++ b/src/chrome/content/rules/MTAC.xml
@@ -1,7 +1,11 @@
+<!--
+Automatically by https-everywhere-checker because:
+Fetch error: http://mtac.org/ => https://www.mtac.org/: Cycle detected - URL already encountered: https://www.mtac.org/
+-->
 <ruleset name="Music Teachers' Association of California">
 
 	<target host="mtac.org"/>
-	<target host="*.mtac.org"/>
+	<target host="www.mtac.org" />
 
 	<rule from="^http://(?:www\.)?mtac\.org/"
 		to="https://www.mtac.org/"/>
diff --git a/src/chrome/content/rules/MTCCC.com.xml b/src/chrome/content/rules/MTCCC.com.xml
new file mode 100644
index 000000000000..68e5b0835c9d
--- /dev/null
+++ b/src/chrome/content/rules/MTCCC.com.xml
@@ -0,0 +1,15 @@
+<!--
+	Chain issue, missing intermediate:
+		- employee.mtccc.com
+
+	Connection refused:
+		- blog.mtccc.com
+-->
+
+<ruleset name="MTCCC.com">
+	<target host="mtccc.com" />
+	<target host="www.mtccc.com" />
+	<target host="iebms.mtccc.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MTNA-mismatches.xml b/src/chrome/content/rules/MTNA-mismatches.xml
index a4d475a26962..835a07b27ed2 100644
--- a/src/chrome/content/rules/MTNA-mismatches.xml
+++ b/src/chrome/content/rules/MTNA-mismatches.xml
@@ -1,4 +1,4 @@
-<ruleset name="MTNA" default_off="mismatch">
+<ruleset name="MTNA" default_off="mismatched">
 
 	<target host="mtna.org"/>
 	<target host="www.mtna.org"/>
diff --git a/src/chrome/content/rules/MTNA.xml b/src/chrome/content/rules/MTNA.xml
index 2c9dfea2d24f..f7b274c0a60a 100644
--- a/src/chrome/content/rules/MTNA.xml
+++ b/src/chrome/content/rules/MTNA.xml
@@ -6,10 +6,6 @@
 	<target host="mtnafoundation.org"/>
 	<target host="www.mtnafoundation.org"/>
 
-	<rule from="^http://members\.mtna\.org/"
-		to="https://members.mtna.org/"/>
-
-	<rule from="^http://(www\.)?mtnafoundation\.org/"
-		to="https://$1mtnafoundation.org/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/MTS-Banka.xml b/src/chrome/content/rules/MTS-Banka.xml
new file mode 100644
index 000000000000..26145e428060
--- /dev/null
+++ b/src/chrome/content/rules/MTS-Banka.xml
@@ -0,0 +1,9 @@
+<ruleset name="MTS Banka">
+
+	<target host="www.mtsbanka.rs" />
+	<target host="mtsbanka.rs" />
+	<target host="online.mtsbanka.rs" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MTU.edu.xml b/src/chrome/content/rules/MTU.edu.xml
new file mode 100644
index 000000000000..c98056026354
--- /dev/null
+++ b/src/chrome/content/rules/MTU.edu.xml
@@ -0,0 +1,13 @@
+<!--
+Michigan Technological University
+-->
+<ruleset name="MTU.edu">
+  <target host="mtu.edu" />
+  <target host="www.mtu.edu" />
+  <target host="lug.mtu.edu" />
+  <target host="www.bookstore.mtu.edu" />
+
+  <rule from="^http://(?:www\.)?mtu\.edu/" to="https://www.mtu.edu/" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MTVN-images.xml b/src/chrome/content/rules/MTVN-images.xml
index 450c34617891..295028af05f2 100644
--- a/src/chrome/content/rules/MTVN-images.xml
+++ b/src/chrome/content/rules/MTVN-images.xml
@@ -1,9 +1,11 @@
-<ruleset name="MTVN images (partial)" default_off="mismatched">
+<ruleset name="MTVN images.com (partial)" default_off="mismatched">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="southparkstudios-intl.mtvnimages.com" />
 
 
-	<rule from="^http://southparkstudios-intl\.mtvnimages\.com/"
-		to="https://southparkstudios-intl.mtvnimages.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MTailor.com.xml b/src/chrome/content/rules/MTailor.com.xml
new file mode 100644
index 000000000000..d5f6b71a4916
--- /dev/null
+++ b/src/chrome/content/rules/MTailor.com.xml
@@ -0,0 +1,17 @@
+<!--
+	Mixed content:
+
+		- css from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="MTailor.com">
+
+	<target host="mtailor.com" />
+	<target host="www.mtailor.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MTurk.com.xml b/src/chrome/content/rules/MTurk.com.xml
new file mode 100644
index 000000000000..d67e6888053f
--- /dev/null
+++ b/src/chrome/content/rules/MTurk.com.xml
@@ -0,0 +1,31 @@
+<!--
+	For other Amazon coverage, see Amazon.xml.
+
+
+	^mturk.com: Refused
+	blog.mturk.com: CN mismatch
+
+-->
+<ruleset name="MTurk.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="requester.mturk.com" />
+	<target host="workersandbox.mturk.com" />
+	<target host="www.mturk.com" />
+
+	<!--	Complications:
+				-->
+	<target host="mturk.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://mturk\.com/"
+		to="https://www.mturk.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MVG-mobil.de.xml b/src/chrome/content/rules/MVG-mobil.de.xml
index 107cdedcbe0f..3cb19401417e 100644
--- a/src/chrome/content/rules/MVG-mobil.de.xml
+++ b/src/chrome/content/rules/MVG-mobil.de.xml
@@ -13,7 +13,7 @@
 	<securecookie host="^www\.mvg-mobil\.de$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?mvg-mobile\.de/"
-		to="https://www.mvg-mobile.de/" />
+	<rule from="^http://(?:www\.)?mvg-mobil\.de/"
+		to="https://www.mvg.de/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MVP_National_Title.xml b/src/chrome/content/rules/MVP_National_Title.xml
index f5d107a5087f..e1041e95f808 100644
--- a/src/chrome/content/rules/MVP_National_Title.xml
+++ b/src/chrome/content/rules/MVP_National_Title.xml
@@ -4,7 +4,6 @@
 	<target host="www.mvptitle.com" />
 
 
-	<rule from="^http://(www\.)?mvptitle\.com/"
-		to="https://$1mvptitle.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MVPs.org.xml b/src/chrome/content/rules/MVPs.org.xml
index bd70f92aa96f..25e8e5415110 100644
--- a/src/chrome/content/rules/MVPs.org.xml
+++ b/src/chrome/content/rules/MVPs.org.xml
@@ -14,7 +14,6 @@
 	<target host="www.mvps.org" />
 
 
-	<rule from="^http://(www\.)?mvps\.org/"
-		to="https://$1mvps.org/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/MVV.xml b/src/chrome/content/rules/MVV.xml
new file mode 100644
index 000000000000..c7c60556dc7a
--- /dev/null
+++ b/src/chrome/content/rules/MVV.xml
@@ -0,0 +1,79 @@
+<!--
+	Certificate chain:
+		- atron
+		- media
+		- mobil
+		- polizei
+
+	Certificate expired:
+		- istleistung
+		- redaktion
+
+	Certificate mismatch:
+		- www.citrix
+
+	Connection refused:
+		- mail2
+		- mu17-srv01
+		- newsletter-abo
+		- sftp
+		- womo
+
+	Timeout:
+		- avaya
+		- bcast3-mu17
+		- efa-alt
+		- efa10test
+		- efa2
+		- efa9
+		- efa9test
+		- ex2007
+		- helpdesk
+		- intranet
+		- ipo
+		- live1
+		- live2
+		- m
+		- mail
+		- mail.oscar
+		- mailserver
+		- middleware
+		- mp
+		- net3-mu17
+		- netupdate
+		- news
+		- partnerbereich
+		- radroutenplaner
+		- suche
+		- tarifberater
+		- temp-redaktion
+		- wap
+		- websense
+		- zeiterfassung
+		- zope1
+		- zope2
+
+	Too many redircets:
+		- www
+-->
+<ruleset name="Münchner Verkehrsverbund">
+
+	<target host="app.mvv-muenchen.de" />
+	<target host="auswertung.mvv-muenchen.de" />
+	<target host="beta.mvv-muenchen.de" />
+	<target host="citrix.mvv-muenchen.de" />
+	<target host="efa.mvv-muenchen.de" />
+	<target host="map1.mvv-muenchen.de" />
+	<target host="map2.mvv-muenchen.de" />
+	<target host="map3.mvv-muenchen.de" />
+	<target host="map4.mvv-muenchen.de" />
+	<target host="rad.mvv-muenchen.de" />
+	<target host="redmine.mvv-muenchen.de" />
+	<target host="redmine2.mvv-muenchen.de" />
+	<target host="sbahn.mvv-muenchen.de" />
+	<target host="ticketshop.mvv-muenchen.de" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MWR_InfoSecurity.com.xml b/src/chrome/content/rules/MWR_InfoSecurity.com.xml
new file mode 100644
index 000000000000..ee415e9c5b40
--- /dev/null
+++ b/src/chrome/content/rules/MWR_InfoSecurity.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Other MWR InfoSecurity rulesets:
+
+		- Phishd.com.xml
+
+
+	Fully covered hosts in *mwrinfosecurity.com:
+
+		- (www.)?
+		- labs
+
+-->
+<ruleset name="MWR InfoSecurity.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="mwrinfosecurity.com" />
+	<target host="labs.mwrinfosecurity.com" />
+	<target host="www.mwrinfosecurity.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MXGM.org.xml b/src/chrome/content/rules/MXGM.org.xml
new file mode 100644
index 000000000000..5af5688947a1
--- /dev/null
+++ b/src/chrome/content/rules/MXGM.org.xml
@@ -0,0 +1,28 @@
+<!--
+	Insecure cookies are set for these domains and hosts:
+
+		- mxgm.org
+		- .mxgm.org
+		- www.mxgm.org
+
+-->
+<ruleset name="MXGM.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="mxgm.org" />
+	<target host="www.mxgm.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?mxgm\.org$" name="^wfvt_\d+$" /-->
+	<!--securecookie host="^\.mxgm\.org$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^(?:\.|www\.)?mxgm\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MXGuarddog.xml b/src/chrome/content/rules/MXGuarddog.xml
index a06671f2ee64..aa8c968d7f8a 100644
--- a/src/chrome/content/rules/MXGuarddog.xml
+++ b/src/chrome/content/rules/MXGuarddog.xml
@@ -11,13 +11,12 @@
 		<!--
 			301 to http.
 					-->
-		<exclusion pattern="^http://(www\.)?mxguarddog\.com/faq(?:$|[/\.\?])" />
+		<exclusion pattern="^http://(?:www\.)?mxguarddog\.com/faq(?:$|[/\.\?])" />
 
 
-	<securecookie host="^(www\.)?mxguarddog\.com$" name=".+" />
+	<securecookie host="^(?:www\.)?mxguarddog\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?mxguarddog\.com/"
-		to="https://$1mxguarddog.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MXToolBox.xml b/src/chrome/content/rules/MXToolBox.xml
index 8060417168f1..54f58d963669 100644
--- a/src/chrome/content/rules/MXToolBox.xml
+++ b/src/chrome/content/rules/MXToolBox.xml
@@ -1,13 +1,47 @@
-<ruleset name="MXToolBox">
+<!--
+	Redirect appears to have been disabled
+
+	https://github.com/EFForg/https-everywhere/issues/1509
+
+
+	Problematic hosts in *mxtoolbox.com:
+
+		- community *
+
+	* Server sends no certificate chain, see https://whatsmychaincert.com
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- mxtoolbox.com
+		- .community.mxtoolbox.com
+		- www.mxtoolbox.com
+
+
+	Mixed content:
+
+		- Images on community from ^mxtoolbox.com *
+
+	* Secured by us
+
+-->
+<ruleset name="MXToolBox.com (partial)">
 
 	<target host="mxtoolbox.com" />
+	<!--target host="community.mxtoolbox.com" /-->
 	<target host="www.mxtoolbox.com" />
 
 
-	<securecookie host="^(www\.)?mxtoolbox\.com$" name=".*" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^mxtoolbox\.com$" name="^ismobile$" /-->
+	<!--securecookie host="^\.community\.mxtoolbox\.com$" name="^phpbb3_tru2e_(?:k|sid|u)$" /-->
+	<!--securecookie host="^(?:www\.)?mxtoolbox\.com$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^(?:www\.)?mxtoolbox\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?mxtoolbox\.com/"
-		to="https://$1mxtoolbox.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/MX_Cursos.com.xml b/src/chrome/content/rules/MX_Cursos.com.xml
new file mode 100644
index 000000000000..ce13603292fb
--- /dev/null
+++ b/src/chrome/content/rules/MX_Cursos.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="MX Cursos.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="mxcursos.com" />
+	<target host="www.mxcursos.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MYEDDEBT.com.xml b/src/chrome/content/rules/MYEDDEBT.com.xml
deleted file mode 100644
index a3b5e89eaf35..000000000000
--- a/src/chrome/content/rules/MYEDDEBT.com.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="MYEDDEBT.com">
-	<target host="myeddebt.com" />
-	<target host="www.myeddebt.com" />
-
-	<securecookie host="(^|\.)myeddebt\.com$" name=".+" />
-
-	<rule from="^(http://(www\.)?|https://)myeddebt\.com/" to="https://www.myeddebt.com/" />
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/MYOB.com.xml b/src/chrome/content/rules/MYOB.com.xml
new file mode 100644
index 000000000000..d45217932809
--- /dev/null
+++ b/src/chrome/content/rules/MYOB.com.xml
@@ -0,0 +1,19 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://myob.com/ => https://myob.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+-->
+<ruleset name="MYOB.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="myob.com" />
+	<target host="underthehood.myob.com" />
+	<target host="www.myob.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ma.ttias.be.xml b/src/chrome/content/rules/Ma.ttias.be.xml
new file mode 100644
index 000000000000..86fc473fbb82
--- /dev/null
+++ b/src/chrome/content/rules/Ma.ttias.be.xml
@@ -0,0 +1,7 @@
+<ruleset name="ma.ttias.be">
+	<target host="ma.ttias.be" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MacArthur_Foundation.xml b/src/chrome/content/rules/MacArthur_Foundation.xml
index ba4f152d4eb1..2d87b3528b2d 100644
--- a/src/chrome/content/rules/MacArthur_Foundation.xml
+++ b/src/chrome/content/rules/MacArthur_Foundation.xml
@@ -1,31 +1,42 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://autodiscover.macfound.org/ => https://autodiscover.macfound.org/: (7, 'Failed to connect to autodiscover.macfound.org port 443: Connection refused')
+Fetch error: http://client.macfound.org/ => https://client.macfound.org/: (6, 'Could not resolve host: client.macfound.org')
+Fetch error: http://legacy.macfound.org/ => https://legacy.macfound.org/: (6, 'Could not resolve host: legacy.macfound.org')
+Fetch error: http://owa.macfound.org/ => https://owa.macfound.org/: (51, "SSL: no alternative certificate subject name matches target host name 'owa.macfound.org'")
+
+	MacArthur Foundation
+
+
 	Nonfunctional subdomains:
 
-		- www		(no https)
 		- macgrants	(redirects to owa; mismatched, CN: owa.macfound.org)
 
 
-	Problematic subdomains:
-
-		- ^		(works, CN: Parallels Panel)
+	Mixed content:
 
-	Fully covered subdomains:
+		- Image on www from $self *
 
-		- autodiscover
-		- client
-		- legacy
-		- owa
+	* Secured by us
 
 -->
-<ruleset name="MacArthur Foundation (partial)">
+<ruleset name="MacFound.org (partial)" default_off="failed ruleset test">
 
-	<target host="*.macfound.org" />
+	<!--	Direct rewrites:
+				-->
+	<target host="macfound.org" />
+	<target host="autodiscover.macfound.org" />
+	<target host="client.macfound.org" />
+	<target host="legacy.macfound.org" />
+	<target host="owa.macfound.org" />
+	<target host="www.macfound.org" />
 
 
 	<securecookie host=".+\.macfound\.org$" name=".+" />
 
 
-	<rule from="^http://(autodiscover|client|legacy|owa)\.macfound\.org/"
-		to="https://$1.macfound.org/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MacKeeper.com.xml b/src/chrome/content/rules/MacKeeper.com.xml
new file mode 100644
index 000000000000..85a5c0fbe19b
--- /dev/null
+++ b/src/chrome/content/rules/MacKeeper.com.xml
@@ -0,0 +1,33 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .mackeeper.com
+
+
+	Mixed content:
+
+		- css on account from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="MacKeeper.com">
+
+	<target host="mackeeper.com" />
+	<target host="account.mackeeper.com" />
+	<target host="static-cdn.mackeeper.com" />
+	<target host="www.mackeeper.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.mackeeper\.com$" name="^lang$" /-->
+
+	<securecookie host="^\." name="^lang$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MacOSForge.org.xml b/src/chrome/content/rules/MacOSForge.org.xml
index cc7b9c83f846..fa5f98692649 100644
--- a/src/chrome/content/rules/MacOSForge.org.xml
+++ b/src/chrome/content/rules/MacOSForge.org.xml
@@ -1,12 +1,28 @@
-<ruleset name="MacOSForge.org">
-  <target host="www.macosforge.org" />
-  <target host="macosforge.org" />
-  <target host="*.macosforge.org" />
-
-  <exclusion pattern="^http://xquartz\.macosforge\.org/"/>
-  <exclusion pattern="^http://launchd\.macosforge\.org/"/>
-  <exclusion pattern="^http://fstools\.macosforge\.org/"/>
-  
-  <rule from="^http://(www\.)?macosforge\.org/" to="https://www.macosforge.org/"/>
-  <rule from="^http://([^/:@]*)\.macosforge\.org/" to="https://$1.macosforge.org/"/>
-</ruleset>
+<!--
+	Mismatch:
+		- collaboration
+		- calendarserver
+		- cups
+		- dcerpc
+		- webkit
+		- macports
+
+	HTTP:
+		- dss
+-->
+<ruleset name="MacOSForge.org">
+	<target host="macosforge.org" />
+	<target host="www.macosforge.org" />
+	<target host="alac.macosforge.org" />
+	<target host="darwinbuild.macosforge.org" />
+	<target host="fstools.macosforge.org" />
+	<target host="lists.macosforge.org" />
+	<target host="scap-on-apple.macosforge.org" />
+	<target host="smartcardservices.macosforge.org" />
+	<target host="xquartz.macosforge.org" />
+
+	<rule from="^http://macosforge\.org/"
+		to="https://www.macosforge.org/"/>
+	<rule from="^http:"
+		to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/MacPorts.org.xml b/src/chrome/content/rules/MacPorts.org.xml
index f77daa12072c..eb20f1479ba1 100644
--- a/src/chrome/content/rules/MacPorts.org.xml
+++ b/src/chrome/content/rules/MacPorts.org.xml
@@ -1,12 +1,89 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+		- jog.id.distfiles.macports.org
+		- jog.id.packages.macports.org
+
+		Timeout was reached:
+		- cjj.kr.distfiles.macports.org
+		- nou.nc.distfiles.macports.org
+		- aus.us.distfiles.macports.org
+		- nou.nc.packages.macports.org
+		- cjj.kr.rsync.macports.org
+
+		SSL peer certificate was not OK:
+		- build2.macports.org
+		- aarnet.au.distfiles.macports.org
+		- ykf.ca.distfiles.macports.org
+		- nue.de.distfiles.macports.org
+		- her.gr.distfiles.macports.org
+		- fco.it.distfiles.macports.org
+		- osl.no.distfiles.macports.org
+		- mse.uk.distfiles.macports.org
+		- jnb.za.distfiles.macports.org
+		- distfiles-origin.macports.org
+		- mail.macports.org
+		- man-origin.macports.org
+		- nerv.macports.org
+		- nue.de.packages.macports.org
+		- her.gr.packages.macports.org
+		- fco.it.packages.macports.org
+		- osl.no.packages.macports.org
+		- mse.uk.packages.macports.org
+		- jnb.za.packages.macports.org
+		- packages-origin.macports.org
+		- rsync.macports.org
+		- nue.de.rsync.macports.org
+		- rsync-origin.macports.org
+		- trac-origin.macports.org
+		- webapp.macports.org
+
+		Peer certificate cannot be authenticated with given CA certificates:
+		- cph.dk.distfiles.macports.org
+		- cph.dk.packages.macports.org
+
+		4xx client error:
+		- distfiles-private.macports.org
+		- distfiles-private-origin.macports.org
+		- packages-private.macports.org
+		- packages-private-origin.macports.org
+
+		Empty reply from server:
+		- pek.cn.distfiles.macports.org
+		- pek.cn.packages.macports.org
+		- pek.cn.rsync.macports.org
+-->
 <ruleset name="MacPorts.org">
-  <target host="www.macports.org" />
-  <target host="macports.org" />
-  <target host="guide.macports.org" />
-  <target host="svn.macports.org" />
-  <target host="trac.macports.org" />
-
-  <rule from="^http://(www\.)?macports\.org/" to="https://www.macports.org/"/>
-  <rule from="^http://svn\.macports\.org/" to="https://svn.macports.org/"/>
-  <rule from="^http://trac\.macports\.org/" to="https://trac.macports.org/"/>
-  <rule from="^http://guide\.macports\.org/" to="https://www.macports.org/guide/"/>
+	<target host="macports.org" />
+	<target host="www.macports.org" />
+	<target host="braeburn.macports.org" />
+	<target host="build.macports.org" />
+	<target host="chat.macports.org" />
+	<target host="distfiles.macports.org" />
+	<target host="ywg.ca.distfiles.macports.org" />
+	<target host="lil.fr.distfiles.macports.org" />
+	<target host="kmq.jp.distfiles.macports.org" />
+	<target host="guide.macports.org" />
+	<target host="guide-origin.macports.org" />
+	<target host="guide-test.macports.org" />
+	<target host="infra.macports.org" />
+	<target host="lists.macports.org" />
+	<target host="man.macports.org" />
+	<target host="packages.macports.org" />
+	<target host="ywg.ca.packages.macports.org" />
+	<target host="lil.fr.packages.macports.org" />
+	<target host="kmq.jp.packages.macports.org" />
+	<target host="paste.macports.org" />
+	<target host="ports.macports.org" />
+	<target host="ywg.ca.rsync.macports.org" />
+	<target host="svn.macports.org" />
+	<target host="svn-test.macports.org" />
+	<target host="trac.macports.org" />
+	<target host="trac-test.macports.org" />
+	<target host="www-origin.macports.org" />
+	<target host="www-test.macports.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/MacRuby.org.xml b/src/chrome/content/rules/MacRuby.org.xml
index 7b828fb10ba7..ec2b496df97c 100644
--- a/src/chrome/content/rules/MacRuby.org.xml
+++ b/src/chrome/content/rules/MacRuby.org.xml
@@ -1,8 +1,18 @@
-<ruleset name="MacRuby">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.macruby.org/ => https://www.macruby.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.macruby.org'")
+Fetch error: http://macruby.org/ => https://www.macruby.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.macruby.org'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.macruby.org/ => https://www.macruby.org/: (28, 'Connection timed out after 10000 milliseconds')
+Fetch error: http://macruby.org/ => https://www.macruby.org/: (28, 'Connection timed out after 10000 milliseconds')
+-->
+<ruleset name="MacRuby" default_off="failed ruleset test">
   <target host="www.macruby.org" />
   <target host="macruby.org" />
 
-  <rule from="^http://(www\.)?macruby\.org/" to="https://www.macruby.org/"/>
+  <rule from="^http://(?:www\.)?macruby\.org/" to="https://www.macruby.org/"/>
 
-  <securecookie host="^(www)?\.macruby\.org" name=".*" />
+  <securecookie host="^(?:www)?\.macruby\.org" name=".+" />
 </ruleset>
diff --git a/src/chrome/content/rules/MacWorld.com.au.xml b/src/chrome/content/rules/MacWorld.com.au.xml
deleted file mode 100644
index b18aedfd3601..000000000000
--- a/src/chrome/content/rules/MacWorld.com.au.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--	niche-macworld-production.s3.amazonaws.com | d2eii7mnmr40od.cloudfront.net
--->
-<ruleset name="Macworld.com.au" default_off="self-signed">
-
-	<!--	cert: plesk	-->
-	<target host="macworld.com.au"/>
-	<target host="www.macworld.com.au"/>
-
-	<securecookie host="^www\.macworld\.com\.au$" name=".*"/>
-
-	<!--	!www redirects to www	-->
-	<rule from="^http://(?:www\.)?macworld\.com\.au/"
-		to="https://www.macworld.com.au/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/MacWorld.com.xml b/src/chrome/content/rules/MacWorld.com.xml
index a871d333dedd..95da562c62d4 100644
--- a/src/chrome/content/rules/MacWorld.com.xml
+++ b/src/chrome/content/rules/MacWorld.com.xml
@@ -1,23 +1,26 @@
 <!--
-	For other IDG coverage, see IDG.se.xml.
-
-
-	Nonfunctional subdomains:
-
-		- forums *
-		- hints *
-		- images	(404, CN: *.https.internapcdn.net)
-
-	* Times out
-
+	MacWorld.com has a wildcard SSL certificate.
 -->
-<ruleset name="MacWorld.com" platform="mixedcontent">
 
+<ruleset name="MacWorld.com">
 	<target host="macworld.com" />
-	<target host="www.macworld.com" />
-
-
-	<rule from="^http://(www\.)?macworld\.com/"
-		to="https://$1macworld.com/" />
-
-</ruleset>
\ No newline at end of file
+	<target host="*.macworld.com" />
+
+	<test url="http://www.macworld.com/" />
+	<test url="http://edge.macworld.com/" />
+	<test url="http://files.macworld.com/" />
+	<test url="http://find.macworld.com/" />
+	<test url="http://forums.macworld.com/" />
+	<test url="http://hints.macworld.com/" />
+	<test url="http://images.macworld.com/" />
+	<test url="http://iphone.macworld.com/" />
+	<test url="http://podcasts.macworld.com/" />
+	<test url="http://rss.macworld.com/" />
+	<test url="http://shop.macworld.com/" />
+	<test url="http://static.macworld.com/" />
+	<test url="http://video.macworld.com/" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MacaInfo.org.xml b/src/chrome/content/rules/MacaInfo.org.xml
index 3cdc3fc179da..59282637ca4e 100644
--- a/src/chrome/content/rules/MacaInfo.org.xml
+++ b/src/chrome/content/rules/MacaInfo.org.xml
@@ -4,10 +4,10 @@
 		- ^	(times out)
 
 -->
-<ruleset name="MacaInfo.org">
+<ruleset name="MacaInfo.org" default_off="mismatch">
 
 	<target host="macainfo.org" />
-	<target host="*.macainfo.org" />
+	<target host="www.macainfo.org" />
 
 
 	<securecookie host="^\.macainfo\.org$" name=".+" />
@@ -16,4 +16,4 @@
 	<rule from="^http://(?:www\.)?macainfo\.org/"
 		to="https://www.macainfo.org/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Macfarlane_Packaging.com.xml b/src/chrome/content/rules/Macfarlane_Packaging.com.xml
index 096e422e01bb..a604d5531d74 100644
--- a/src/chrome/content/rules/Macfarlane_Packaging.com.xml
+++ b/src/chrome/content/rules/Macfarlane_Packaging.com.xml
@@ -12,7 +12,7 @@
 <ruleset name="Macfarlane Packaging.com">
 
 	<target host="macfarlanepackaging.com" />
-	<target host="*.macfarlanepackaging.com" />
+	<target host="www.macfarlanepackaging.com" />
 
 
 	<securecookie host="^(?:[.w]*\.)?macfarlanepackaging\.com$" name=".+" />
diff --git a/src/chrome/content/rules/Macgamestore.com.xml b/src/chrome/content/rules/Macgamestore.com.xml
new file mode 100644
index 000000000000..3494a2776f96
--- /dev/null
+++ b/src/chrome/content/rules/Macgamestore.com.xml
@@ -0,0 +1,13 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://macgamestore.com/ => https://macgamestore.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.macgamestore.com/ => https://www.macgamestore.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+-->
+<ruleset name="Macgamestore.com" default_off="failed ruleset test">
+  <target host="macgamestore.com" />
+  <target host="www.macgamestore.com" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mach_Comedy_Fest.co.uk.xml b/src/chrome/content/rules/Mach_Comedy_Fest.co.uk.xml
new file mode 100644
index 000000000000..a748787b227a
--- /dev/null
+++ b/src/chrome/content/rules/Mach_Comedy_Fest.co.uk.xml
@@ -0,0 +1,14 @@
+<!--
+	CN: *.secure-secure.co.uk
+
+-->
+<ruleset name="Mach Comedy Fest.co.uk" default_off="self-signed">
+
+	<target host="machcomedyfest.co.uk" />
+	<target host="www.machcomedyfest.co.uk" />
+
+
+	<rule from="^http://(?:www\.)?machcomedyfest\.co\.uk/"
+		to="https://machcomedyfest.co.uk/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Machine_Guns_Vegas.com.xml b/src/chrome/content/rules/Machine_Guns_Vegas.com.xml
new file mode 100644
index 000000000000..107fa0b441b2
--- /dev/null
+++ b/src/chrome/content/rules/Machine_Guns_Vegas.com.xml
@@ -0,0 +1,22 @@
+<!--
+	Mixed content:
+
+		- css on ^ from fonts.googleapis.com *
+
+		- Images on ^ from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Machine Guns Vegas.com">
+
+	<target host="machinegunsvegas.com" />
+	<target host="www.machinegunsvegas.com" />
+
+
+	<securecookie host="^\.machinegunsvegas\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Machines_Like_Us.xml b/src/chrome/content/rules/Machines_Like_Us.xml
index 6164ace0fe2a..1ecdd59a097f 100644
--- a/src/chrome/content/rules/Machines_Like_Us.xml
+++ b/src/chrome/content/rules/Machines_Like_Us.xml
@@ -1,14 +1,19 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://machineslikeus.com/ => https://machineslikeus.com/: (7, 'Failed to connect to machineslikeus.com port 443: Connection refused')
+Fetch error: http://www.machineslikeus.com/ => https://machineslikeus.com/: (7, 'Failed to connect to machineslikeus.com port 443: Connection refused')
+
 	Cert doesn't match www.
 
 -->
-<ruleset name="Machines Like Us">
+<ruleset name="Machines Like Us" default_off="failed ruleset test">
 
 	<target host="machineslikeus.com" />
 	<target host="www.machineslikeus.com" />
 
 
-	<rule from="^https?://(?:www\.)?machineslikeus\.com/"
+	<rule from="^http://(?:www\.)?machineslikeus\.com/"
 		to="https://machineslikeus.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Macmillan.xml b/src/chrome/content/rules/Macmillan.xml
deleted file mode 100644
index 111c9e227583..000000000000
--- a/src/chrome/content/rules/Macmillan.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	hbpub.vo.llnwd.net/o16/		-	appears equivalent to:
-							- media.us.macmillan.com
-							- resources.macmillanusa.com
-		hbpub.hs.llnwd.net doesn't work
-		We need a LimeLight Networks ruleset.
-
-	!functional:
-		- us.macmillan.com	(timeout)
-		- forum.tor.com		(cert: www.tor.com; 404)
--->
-<ruleset name="Macmillan (partial)" default_off="self-signed">
-
-	<target host="tor.com"/>
-	<target host="www.tor.com"/>
-
-	<!--	cert doesn't match !www
-		pages, media/, templates/ redirect to http	-->
-	<rule from="^http://(?:www\.)?tor\.com/images/"
-		to="https://www.tor.com/images/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Macmillan_Dictionary.com.xml b/src/chrome/content/rules/Macmillan_Dictionary.com.xml
new file mode 100644
index 000000000000..656258b26b0c
--- /dev/null
+++ b/src/chrome/content/rules/Macmillan_Dictionary.com.xml
@@ -0,0 +1,21 @@
+<!--
+	^: cert only matches www
+
+-->
+<ruleset name="Macmillan Dictionary.com">
+
+	<target host="macmillandictionary.com" />
+	<target host="www.macmillandictionary.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.macmillandictionary\.com$" name="^experiment$" /-->
+
+	<securecookie host="^www\.macmillandictionary\.com$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?macmillandictionary\.com/"
+		to="https://www.macmillandictionary.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Macobserver.com.xml b/src/chrome/content/rules/Macobserver.com.xml
new file mode 100644
index 000000000000..4a27a8144779
--- /dev/null
+++ b/src/chrome/content/rules/Macobserver.com.xml
@@ -0,0 +1,21 @@
+<!--
+	Nonfunctional hosts in *.macobserver.com:
+	    liveblog.macobserver.com (HTTPS connection refused)
+	    skimlinks.macobserver.com (HTTPS connection refused)
+	    blog.macobserver.com (Error 51 - SSL Certificate mismatch)
+        blogs.macobserver.com (Error 51 - SSL Certificate mismatch)
+	    mgg.macobserver.com (Error 51 - SSL Certificate mismatch)
+
+-->
+<ruleset name="Macobserver">
+
+	<target host="macobserver.com" />
+	<target host="www.macobserver.com" />
+	<target host="altmedia.macobserver.com" />
+	<target host="deals.macobserver.com" />
+	<target host="mint.macobserver.com" />
+	<target host="mp3.macobserver.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Macquarie.com.au.xml b/src/chrome/content/rules/Macquarie.com.au.xml
new file mode 100644
index 000000000000..f9291c49e1c4
--- /dev/null
+++ b/src/chrome/content/rules/Macquarie.com.au.xml
@@ -0,0 +1,108 @@
+<!--
+	For other Macquarie coverage, see Macquarie.com.xml
+
+
+	Non-functional subdomains:
+		- macquarie.com.au	(m)
+			- api-pb-sit		(r)
+			- apple		(t)
+			- apply-uat	(t)
+			- autodiscover		(t)
+			- beta-opdcs8	(i)
+			- bfs-softlaunch	(e)
+			- cygnus	(t)
+			- cygnusdr	(t)
+			- cygnusx1	(r)
+			- emgdemo	(e)
+			- fx		(m)
+			- highway	(t)
+			- (www.)introducer-stg	(t)
+			- lab-opdcs8	(e)
+			- macserv2	(t)
+			- mapscafegpo	(t)
+			- metrics	(m)
+			- oneteam	(r)
+			- oneteamdr	(t)
+			- salesforce-prod	(r)
+			- search	(r)
+			- trading	(m)
+			- ws	(r)
+			- www-test2	(t)
+			- xplan	(t)
+
+		- macinfotrac.com.au	(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Macquarie.com.au">
+
+	<target host="macquarie.com.au" />
+	<target host="www.macquarie.com.au" />
+	<target host="advisers.macquarie.com.au" />
+	<target host="api.macquarie.com.au" />
+	<target host="api-dev.macquarie.com.au" />
+	<target host="api-sit.macquarie.com.au" />
+	<target host="api-stage.macquarie.com.au" />
+	<target host="api-svt.macquarie.com.au" />
+	<target host="api-uat.macquarie.com.au" />
+	<target host="apply.macquarie.com.au" />
+	<target host="apply-nft.macquarie.com.au" />
+	<target host="apply-stg.macquarie.com.au" />
+	<target host="beta.macquarie.com.au" />
+	<target host="bfs-softlaunch-opdcs8.macquarie.com.au" />
+	<target host="bfs-webservices-prod.macquarie.com.au" />
+	<target host="bfs-webservices-test.macquarie.com.au" />
+	<target host="businessonline.macquarie.com.au" />
+	<target host="cashonline.macquarie.com.au" />
+	<target host="demo.macquarie.com.au" />
+	<target host="www.di.macquarie.com.au" />
+	<target host="introducer.macquarie.com.au" />
+	<target host="www.introducer.macquarie.com.au" />
+	<target host="lab.macquarie.com.au" />
+	<target host="legacy.macquarie.com.au" />
+	<target host="legacy-dr.macquarie.com.au" />
+	<target host="ma.macquarie.com.au" />
+	<target host="mlportal.macquarie.com.au" />
+	<target host="www.mlportal.macquarie.com.au" />
+	<target host="ninja.macquarie.com.au" />
+	<target host="ninja-opdcs8.macquarie.com.au" />
+	<target host="online.macquarie.com.au" />
+	<target host="online-opdcs8.macquarie.com.au" />
+	<target host="personal.macquarie.com.au" />
+	<target host="secure.macquarie.com.au" />
+	<target host="sso.macquarie.com.au" />
+	<target host="sso-trading.macquarie.com.au" />
+	<target host="trading.macquarie.com.au" />
+	<target host="www.trading.macquarie.com.au" />
+	<target host="www1.trading.macquarie.com.au" />
+	<target host="www2.trading.macquarie.com.au" />
+	<target host="unite.macquarie.com.au" />
+	<target host="unite-dr.macquarie.com.au" />
+
+	<target host="macinfotrac.com.au" />
+	<target host="www.macinfotrac.com.au" />
+
+	<securecookie host=".+" name=".+" />
+
+	<!-- mismatch hostname -->
+	<rule from="^http://macquarie\.com\.au/"
+		to="https://www.macquarie.com.au/" />
+
+	<!-- mismatch hostname -->
+	<rule from="^http://trading\.macquarie\.com\.au/"
+		to="https://www.trading.macquarie.com.au/" />
+
+	<!-- mismatch hostname -->
+	<rule from="^http://macinfotrac\.com\.au/"
+		to="https://www.macinfotrac.com.au/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Macquarie.com.xml b/src/chrome/content/rules/Macquarie.com.xml
new file mode 100644
index 000000000000..02ebb33d1d02
--- /dev/null
+++ b/src/chrome/content/rules/Macquarie.com.xml
@@ -0,0 +1,210 @@
+<!--
+	Other Macquarie Group ruleset:
+		- Macquarie.com.au.xml
+
+
+	Non-functional subdomains:
+		- SYDCAS03	(t)
+		- SYDCAS04	(t)
+		- SYDMTA03	(t)
+		- SYDMTA04	(t)
+		- api-nonprod-caf-1	(r)
+		- api-prod-caf-1	(r)
+		- apply		(e)
+		- apply-nft		(e)
+		- apply-stg		(e)
+		- click.assetfinance	(t)
+		- image.assetfinance	(m)
+		- view.assetfinance	(r)
+		- bfscanada		(t)
+		- blueprint		(r)
+		- www.careers		(m)
+		- www.careerspageup		(m)
+		- click.communications		(t)
+		- view.communications		(r)
+		- connect	(t)
+		- connect-americas	(t)
+		- connect-anz	(t)
+		- connect-asia	(t)
+		- connect-emea	(t)
+		- cportal	(t)
+		- dealsite		(m)
+		- deviceadmin	(t)
+		- deviceadmin-staging	(t)
+		- deviceadmin-uat	(t)
+		- deviceregister	(t)
+		- deviceregister-staging	(t)
+		- deviceregister-uat	(t)
+		- ews	(t)
+		- click.ficcemail	(t)
+		- image.ficcemail	(m)
+		- fx		(e)
+		- fxdemo		(e)
+		- mglpor.gslb		(m)
+		- ncgtm1.gslb		(t)
+		- pngfed.gslb		(m)
+		- srgtm1.gslb		(t)
+		- im-gw		(t)
+		- (www.)introducer-stg		(t)
+		- lync			(t)
+		- lyncaccess		(r)
+		- lyncaccessdr		(r)
+		- lyncavdr		(t)
+		- lyncdiscover		(m)
+		- lyncwebcon		(r)
+		- lyncwebcondr		(t)
+		- lyncwebext		(t)
+		- click.maccap		(t)
+		- image.maccap		(m)
+		- pages.maccap		(t)
+		- view.maccap		(r)
+		- maccapapi	(i)
+		- maccapapi-dev		(t)
+		- www.macnetcareers		(m)
+		- macserv2	(t)
+		- mailsvc	(t)
+		- www.managed-funds-uat		(i)
+		- mapscafehkg		(t)
+		- mapscafelon		(r)
+		- mapscafelondr		(r)
+		- mapscafenj		(r)
+		- mapscafeny		(r)
+		- mail.mfg		(m)
+		- app.mail.mfg		(m)
+		- images.mail.mfg	(m)
+		- mim-event.mfg		(m)
+		- mim-survey.mfg	(m)
+		- mim-teleconference.mfg	(m)
+		- mpwresearch		(t)
+		- click.msgemail	(t)
+		- image.msgemail	(m)
+		- pages.msgemail	(t)
+		- view.msgemail		(r)
+		- njbcas	(t)
+		- njcas		(t)
+		- bitbucket.devtoools.non	(t)
+		- confluence.devtoools.non	(t)
+		- jira.devtoools.non		(t)
+		- bitbucket.devtoools.non	(t)
+		- click.notifications		(t)
+		- nyccas01	(t)
+		- nyccas02	(t)
+		- nyccas03	(t)
+		- nyccas04	(t)
+		- nycmta01	(t)
+		- nycmta02	(t)
+		- nycmta03	(t)
+		- nycmta04	(t)
+		- pb	(i)
+		- pb-beta	(e)
+		- pb-dev1	(t)
+		- pb-dev2	(t)
+		- pb-sit1	(t)
+		- pb-sit2	(t)
+		- pb-stage	(t)
+		- pb-uat1	(t)
+		- pb-uat2	(t)
+		- personal	(m)
+		- portal	(t)
+		- privatewealth		(t)
+		- click.remail		(t)
+		- image.remail		(m)
+		- pages.remail		(t)
+		- view.remail		(r)
+		- rhovas	(r)
+		- sip		(r)
+		- statements		(r)
+		- uat.statements	(e)
+		- static-origin-test	(t)
+		- sydcas01	(t)
+		- sydcas02	(t)
+		- sydcas03	(t)
+		- sydcas04	(t)
+		- sydmta01	(t)
+		- sydmta02	(t)
+		- sydmta03	(t)
+		- sydmta04	(t)
+		- sync		(r)
+		- sync-americas		(r)
+		- sync-anz		(r)
+		- sync-asia		(r)
+		- sync-emea		(r)
+		- sync365		(r)
+		- tunnel-anz		(t)
+		- tunnel-asia		(t)
+		- tunnel-emea		(t)
+		- tunnel-hka1dc		(t)
+		- tunnel-lonsdc		(t)
+		- tunnel-lontdc		(t)
+		- tunnel-njbdc		(t)
+		- tunnel-njdc		(t)
+		- tunnel-sr		(t)
+		- tunnel-su		(t)
+		- tunnel-sr		(t)
+		- tunnelflex		(t)
+		- ultcas		(t)
+		- tunnelflex		(t)
+		- your		(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Macquarie.com">
+
+	<target host="macquarie.com" />
+	<target host="www.macquarie.com" />
+	<target host="anywhere.macquarie.com" />
+	<target host="anywhere-americas.macquarie.com" />
+	<target host="anywhere-anz.macquarie.com" />
+	<target host="anywhere-asia.macquarie.com" />
+	<target host="anywhere-emea.macquarie.com" />
+	<target host="apps.macquarie.com" />
+	<target host="apps-americas.macquarie.com" />
+	<target host="apps-anz.macquarie.com" />
+	<target host="apps-asia.macquarie.com" />
+	<target host="apps-emea.macquarie.com" />
+	<target host="autodiscover.macquarie.com" />
+	<target host="image.communications.macquarie.com" />
+	<target host="pages.communications.macquarie.com" />
+	<target host="datarooms.macquarie.com" />
+	<target host="bitbucket.devtools.macquarie.com" />
+	<target host="bitbucket-beta.devtools.macquarie.com" />
+	<target host="confluence.devtools.macquarie.com" />
+	<target host="confluence-beta.devtools.macquarie.com" />
+	<target host="jira.devtools.macquarie.com" />
+	<target host="jira-beta.devtools.macquarie.com" />
+	<target host="form.macquarie.com" />
+	<target host="introducer.macquarie.com" />
+	<target host="www.introducer.macquarie.com" />
+	<target host="leasing-optout.macquarie.com" />
+	<target host="www.managed-funds.macquarie.com" />
+	<target host="mappsgw.macquarie.com" />
+	<target host="markets.macquarie.com" />
+	<target host="mft.macquarie.com" />
+	<target host="miradatarooms.macquarie.com" />
+	<target host="mlportal.macquarie.com" />
+	<target host="www.mlportal.macquarie.com" />
+	<target host="pb-lab.macquarie.com" />
+	<target host="pb-opdcs8.macquarie.com" />
+	<target host="staffid.macquarie.com" />
+	<target host="static.macquarie.com" />
+	<target host="static-origin.macquarie.com" />
+
+	<target host="www.macquarieconnections.com" />
+	<target host="www.macquarieresearch.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<!-- connection timeout -->
+	<rule from="^http://macquarie\.com/"
+		to="https://www.macquarie.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Macromates.com.xml b/src/chrome/content/rules/Macromates.com.xml
new file mode 100644
index 000000000000..260f24c4598d
--- /dev/null
+++ b/src/chrome/content/rules/Macromates.com.xml
@@ -0,0 +1,19 @@
+<!--
+
+	Problematic domains:
+
+		- blog.macromates.com (certificate mismatch)
+		- lists.macromates.com (certificate mismatch)
+		- sigpipe.macromates.com (certificate mismatch)
+		- ticket.macromates.com (certificate mismatch)
+		- wiki.macromates.com (certificate mismatch)
+
+-->
+<ruleset name="Macromates.com">
+	<target host="macromates.com" />
+	<target host="license.macromates.com" />
+	<target host="manual.macromates.com" />
+	<target host="shop.macromates.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Macromedia.com.xml b/src/chrome/content/rules/Macromedia.com.xml
new file mode 100644
index 000000000000..a10bcb06bfd4
--- /dev/null
+++ b/src/chrome/content/rules/Macromedia.com.xml
@@ -0,0 +1,40 @@
+<!--
+	For other Adobe coverage, see Adobe.xml.
+
+
+	Problematic domains:
+
+		- macromedia.com ⁷
+
+	⁷ Cert only matches www
+
+
+	Fully covered domains:
+
+		- macromedia.com subdomains:
+
+			- (www.)		(^ → www)
+			- download
+			- fpdownload
+
+-->
+<ruleset name="Macromedia.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="download.macromedia.com" />
+	<target host="fpdownload.macromedia.com" />
+	<target host="www.macromedia.com" />
+
+	<!--	Special cases:
+				-->
+	<target host="macromedia.com" />
+
+
+	<rule from="^http://macromedia\.com/"
+		to="https://www.macromedia.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Macular.org.xml b/src/chrome/content/rules/Macular.org.xml
new file mode 100644
index 000000000000..56c694a58b2c
--- /dev/null
+++ b/src/chrome/content/rules/Macular.org.xml
@@ -0,0 +1,16 @@
+<!--
+	American Macular Degeneration Foundation
+
+
+	^: cert only matches www
+
+-->
+<ruleset name="Macular.org">
+
+	<target host="macular.org" />
+	<target host="www.macular.org" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mad_Mimi.com.xml b/src/chrome/content/rules/Mad_Mimi.com.xml
new file mode 100644
index 000000000000..12a667f16b75
--- /dev/null
+++ b/src/chrome/content/rules/Mad_Mimi.com.xml
@@ -0,0 +1,56 @@
+<!--
+	CDN buckets:
+
+		- d1lggihq2bt4jo.cloudfront.net
+		- d2vnkn0bfhsarv.cloudfront.net
+		- d2voeg3kbgjfsb.cloudfront.net
+
+
+	Nonfunctional subdomains:
+
+		- blog *
+
+	* http reply
+
+
+	Fully covered subdomains:
+
+		- (www.)
+		- api
+		- billing
+
+
+	Observed cookie domains:
+
+		- ^ ¹
+		- . ²
+		- api ²
+		- billing ²
+		- go ¹
+		- www ¹
+
+	¹ Secured by server
+	² Secured by us <= not secured by server
+
+-->
+<ruleset name="Mad Mimi.com (partial)">
+
+	<target host="madmimi.com" />
+	<target host="api.madmimi.com" />
+	<target host="billing.madmimi.com" />
+	<target host="go.madmimi.com" />
+	<target host="www.madmimi.com" />
+
+
+	<!--	Secured by server
+					-->
+	<!--securecookie host="^(go\.|www\.)?madmimi\.com$" name="^mimi2$" /-->
+	<!--
+		Not secured by server:
+					-->
+	<securecookie host="^(?:api|billing)?\.madmimi\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Madame-Tussauds.xml b/src/chrome/content/rules/Madame-Tussauds.xml
new file mode 100644
index 000000000000..b556403b1373
--- /dev/null
+++ b/src/chrome/content/rules/Madame-Tussauds.xml
@@ -0,0 +1,38 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cms.madametussauds.com/ => https://cms.madametussauds.com/: (7, 'Failed to connect to cms.madametussauds.com port 443: No route to host')
+Fetch error: http://m.madametussauds.com/ => https://m.madametussauds.com/: (7, 'Failed to connect to m.madametussauds.com port 443: No route to host')
+Fetch error: http://starwars.madametussauds.com/ => https://starwars.madametussauds.com/: (51, "SSL: no alternative certificate subject name matches target host name 'starwars.madametussauds.com'")
+Fetch error: http://www2.madametussauds.com/ => https://www2.madametussauds.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www2.madametussauds.com'")
+
+	For other Merlin Entertainments coverage, see Merlin-Entertainments.xml.
+
+	Nonfunctional subdomain:
+		- assets		(refused)
+		- beijing		(timeout)
+		- gaga			(timeout)
+		- justinbieber		(cert only matches www)
+		- (www.)promotix	(expired cert)
+		- reservations		(expired cert)
+		- !www			(cert only matches www)
+-->
+<ruleset name="Madame Tussauds" default_off="failed ruleset test">
+	<target host="madametussauds.com" />
+	<target host="cms.madametussauds.com" />
+	<target host="m.madametussauds.com" />
+	<target host="secure.madametussauds.com" />
+	<target host="shanghai.madametussauds.com" />
+	<target host="starwars.madametussauds.com" />
+	<target host="www.madametussauds.com" />
+	<target host="www2.madametussauds.com" />
+
+	<securecookie host=".*\.madametussauds\.com$" name=".+" />
+
+	<!-- cert mismatch: -->
+	<rule from="^http://madametussauds\.com/"
+		to="https://www.madametussauds.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Madboa.com.xml b/src/chrome/content/rules/Madboa.com.xml
new file mode 100644
index 000000000000..2b241264cfe7
--- /dev/null
+++ b/src/chrome/content/rules/Madboa.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="madboa.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="madboa.com" />
+	<target host="www.madboa.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Made_In_a_Free_World.com.xml b/src/chrome/content/rules/Made_In_a_Free_World.com.xml
index 818b600c0a7d..4f68fd50f94a 100644
--- a/src/chrome/content/rules/Made_In_a_Free_World.com.xml
+++ b/src/chrome/content/rules/Made_In_a_Free_World.com.xml
@@ -23,13 +23,12 @@
 <ruleset name="Made In a Free World.com (false MCB)" platform="mixedcontent">
 
 	<target host="madeinafreeworld.com" />
-	<target host="*.madeinafreeworld.com" />
+	<target host="www.madeinafreeworld.com" />
 
 
 	<securecookie host="^\.madeinafreeworld\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?madeinafreeworld\.com/"
-		to="https://$1madeinafreeworld.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Made_with_Code.com.xml b/src/chrome/content/rules/Made_with_Code.com.xml
new file mode 100644
index 000000000000..59909377e38f
--- /dev/null
+++ b/src/chrome/content/rules/Made_with_Code.com.xml
@@ -0,0 +1,25 @@
+<!--
+	For other Google coverage, see GoogleServices.xml.
+
+
+	^madewithcode.com: Handshake fails
+
+-->
+<ruleset name="Made with Code.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.madewithcode.com" />
+
+	<!--	Complications:
+				-->
+	<target host="madewithcode.com" />
+
+
+	<rule from="^http://madewithcode\.com/"
+		to="https://www.madewithcode.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Madetech.com.xml b/src/chrome/content/rules/Madetech.com.xml
new file mode 100644
index 000000000000..83475a05817f
--- /dev/null
+++ b/src/chrome/content/rules/Madetech.com.xml
@@ -0,0 +1,27 @@
+<!--
+	Insecure cookies are set for these domains and hosts:
+
+		- .madetech.com
+		- www.madetech.com
+
+-->
+<ruleset name="Madetech.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="madetech.com" />
+	<target host="www.madetech.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.madetech\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+	<!--securecookie host="^www\.madetech\.com$" name="^request_method$" /-->
+
+	<securecookie host="^(?:www)?\.madetech\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MadgexJB.com.xml b/src/chrome/content/rules/MadgexJB.com.xml
new file mode 100644
index 000000000000..98897952f186
--- /dev/null
+++ b/src/chrome/content/rules/MadgexJB.com.xml
@@ -0,0 +1,31 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ijobs-rs.madgexjb.com/ => https://ijobs-rs.madgexjb.com/: (51, "SSL: no alternative certificate subject name matches target host name 'ijobs-rs.madgexjb.com'")
+
+	(www.)?madgexjb.com doesn't exist.
+
+
+	Insecure cookies are set for these hosts:
+
+		- ijobs-rs.madgexjb.com
+
+-->
+<ruleset name="MadgexJB.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ijobs-rs.madgexjb.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^ijobs-rs\.madgexjb\.com$" name="^BrowserSession$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Madison-Logic.xml b/src/chrome/content/rules/Madison-Logic.xml
index 546a76f591dd..e5eb441eb9fb 100644
--- a/src/chrome/content/rules/Madison-Logic.xml
+++ b/src/chrome/content/rules/Madison-Logic.xml
@@ -6,70 +6,27 @@
 
 	Problematic domains:
 
-		- (www.)dinclinx.com	(mismatched, CN: *.madisonlogic.com)
-
-		- (www.)madisonlogic.com
-
-			- Data differ
-			- $ redirects to Login.aspx
-			- css/ & graphics/ 404
-
-
-	Partially covered domains:
-
-		- (www.)madisonlogic.com
-
+		- (www|blog.)madisonlogic.com	SSL certificate problem: unable to get local issuer certificate
 
 	Fully covered domains:
 
-		- (www.)dinclinx.com	(→ clk.madisonlogic.com)
-
 		- madisonlogic.com subdomains:
 
-			- blog
 			- clk
-			- js-agent
 			- jsc
 			- st
 
-
-	Mixed content:
-
-		- Script on blog from blog *
-
-		- css:
-
-			- On blog from blog *
-			- On blog from fonts.googleapis.com **
-
-		- Images on blog from blog ***
-
-	* Secured by us, just a facebook widget
-	** Secured by us
-	*** Secured by us, doesn't trip MCB anyway
-
 -->
 <ruleset name="Madison Logic (partial)">
 
-	<target host="dinclinx.com" />
-	<target host="www.dinclinx.com" />
-	<target host="*.madisonlogic.com"/>
-
-
-	<!--	Tracking cookies:
-					-->
-	<securecookie host="^\.madisonlogic\.com$" name="^__(?:utm\w|zlcid)$" />
-
-
-	<rule from="^http://(?:www\.)?dinclinx\.com/"
-		to="https://clk.madisonlogic.com/" />
+	<target host="clk.madisonlogic.com" />
+	<target host="jsc.madisonlogic.com" />
+	<target host="st.madisonlogic.com" />
 
-	<rule from="^http://www\.madisonlogic\.com/images/(arrow|bg|headBg|linkbutton_background|mainNav)\.gif$"
-		to="https://www.madisonlogic.com/images/$2.gif"/>
 
 	<!--	Included on 3rd-party websites.
 						-->
-	<rule from="^http://(blog|clk|js-agent|jsc|st)\.madisonlogic\.com/"
-		to="https://$1.madisonlogic.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Madstein.at.xml b/src/chrome/content/rules/Madstein.at.xml
index 41670e7a7af8..4d40675b90ed 100644
--- a/src/chrome/content/rules/Madstein.at.xml
+++ b/src/chrome/content/rules/Madstein.at.xml
@@ -2,5 +2,5 @@
   <target host="www.madstein.at" />
   <target host="madstein.at" />
 
-  <rule from="^http://(www\.)?madstein\.at/" to="https://secure.madstein.at/"/>
+  <rule from="^http://(?:www\.)?madstein\.at/" to="https://secure.madstein.at/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/Maemo.xml b/src/chrome/content/rules/Maemo.xml
index b57a9a8c0fcc..153da98e51c1 100644
--- a/src/chrome/content/rules/Maemo.xml
+++ b/src/chrome/content/rules/Maemo.xml
@@ -1,4 +1,10 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.maemo.org/midcom-static/midcom.helper.datamanager2/legacy.css => https://maemo.org/midcom-static/midcom.helper.datamanager2/legacy.css: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://garage.maemo.org/ => https://garage.maemo.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://static.maemo.org/ => https://maemo.org/midcom-static/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
 	Partially covered subdomains:
 
 		- (www.)	(pages & downloads 403)
@@ -7,24 +13,53 @@
 	Nonfunctional subdomains:
 
 		- static	(data are also on www)
-		- talk		(reset)
+		- talk		(refused)
+
+
+	Problematic subdomains:
+
+		- wiki *
+
+	* Blocks Tor users
+
+
+	Fully covered subdomains:
+
+		- wiki
 
 -->
-<ruleset name="Maemo (partial)">
+<ruleset name="Maemo.org (partial)" default_off="failed ruleset test">
 
 	<target host="maemo.org" />
-	<target host="*.maemo.org" />
+	<target host="garage.maemo.org" />
+	<target host="static.maemo.org" />
+	<target host="wiki.maemo.org" />
+	<target host="www.maemo.org" />
+
+		<exclusion pattern="^http://(?:www\.)?maemo\.org/(?!(?:midcom-)?static/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.maemo.org/community/" />
+			<test url="http://www.maemo.org/development/" />
+			<test url="http://www.maemo.org/downloads/" />
+			<test url="http://www.maemo.org/intro/" />
+			<test url="http://www.maemo.org/news/" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.maemo.org/midcom-static/midcom.helper.datamanager2/legacy.css" />
 
 
 	<!--	Cert only matches ^maemo.org.
 						-->
-	<rule from="^https?://(?:www\.)?maemo\.org/(midcom-)?static/"
-		to="https://maemo.org/$1static/" />
-
-	<rule from="^http://garage\.maemo\.org/"
-		to="https://garage.maemo.org/" />
+	<rule from="^http://www\.maemo\.org/"
+		to="https://maemo.org/" />
 
-	<rule from="^https?://static\.maemo\.org/"
+	<rule from="^http://static\.maemo\.org/"
 		to="https://maemo.org/midcom-static/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Magazin.io.xml b/src/chrome/content/rules/Magazin.io.xml
new file mode 100644
index 000000000000..dff60f5803d8
--- /dev/null
+++ b/src/chrome/content/rules/Magazin.io.xml
@@ -0,0 +1,27 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://magazin.io/ => https://magazin.io/: (7, 'Failed to connect to magazin.io port 443: Connection refused')
+Fetch error: http://www.magazin.io/ => https://magazin.io/: (7, 'Failed to connect to magazin.io port 443: Connection refused')
+
+	www.magazin.io: Expired, mismatched		-
+
+-->
+<ruleset name="Magazin.io" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="magazin.io" />
+
+	<!--	Complications:
+				-->
+	<target host="www.magazin.io" />
+
+
+	<rule from="^http://www\.magazin\.io/"
+		to="https://magazin.io/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Magazinesdirect.com.xml b/src/chrome/content/rules/Magazinesdirect.com.xml
index f6a1e3fe5c32..7767b0835f37 100644
--- a/src/chrome/content/rules/Magazinesdirect.com.xml
+++ b/src/chrome/content/rules/Magazinesdirect.com.xml
@@ -14,7 +14,6 @@
 	<securecookie host="^www\.magazinesdirect\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?magazinesdirect\.com/"
-		to="https://$1magazinesdirect.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Mageia.xml b/src/chrome/content/rules/Mageia.xml
index 7c232e1d4ec3..a59098c3c894 100644
--- a/src/chrome/content/rules/Mageia.xml
+++ b/src/chrome/content/rules/Mageia.xml
@@ -1,31 +1,12 @@
-<!--
-	Problematic subdomains:
-
-		- svn	(prints "it works!")
-
-
-	Fully covered subdomains:
-
-		- (www.)
-		- blog
-		- bugs
-		- doc
-		- forums
-		- identity
-		- ml
-		- nav
-		- planet
-		- svn		(→ svnweb)
-		- svnweb
-		- wiki
 
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://svnweb.mageia.org/ (200) => https://svnweb.mageia.org/ (403)
+Non-2xx HTTP code: http://svn.mageia.org/ (200) => https://svnweb.mageia.org/ (403)
 
-	Observed cookie domains:
+	Problematic hosts in *mageia.org:
 
-		- bugs
-		- .forums
-		- ml
-		- wiki
+		- svn	(prints "it works!")
 
 
 	Mixed content:
@@ -42,24 +23,40 @@
 				- feeds.wordpress.com *
 				- s0.wp.com *
 
-		- Web bug on planet from stats.wordpress.com *
+		- Bug on planet from stats.wordpress.com *
 
 	* Secured by us
 
 -->
-<ruleset name="Mageia">
+<ruleset name="Mageia.org" default_off="failed ruleset test">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="mageia.org" />
-	<target host="*.mageia.org" />
+	<target host="blog.mageia.org" />
+	<target host="bugs.mageia.org" />
+	<target host="doc.mageia.org" />
+	<target host="forums.mageia.org" />
+	<target host="identity.mageia.org" />
+	<target host="ml.mageia.org" />
+	<target host="nav.mageia.org" />
+	<target host="planet.mageia.org" />
+	<target host="svnweb.mageia.org" />
+	<target host="wiki.mageia.org" />
+	<target host="www.mageia.org" />
 
+	<!--	Complications:
+				-->
+	<target host="svn.mageia.org" />
 
-	<securecookie host="^(?:.*\.)?mageia\.org$" name=".+" />
 
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://((?:blog|bugs|doc|forums|identity|ml|nav|planet|wiki|www)\.)?mageia\.org/"
-		to="https://$1mageia.org/" />
 
-	<rule from="^http://svn(?:web)?\.mageia\.org/"
+	<rule from="^http://svn\.mageia\.org/"
 		to="https://svnweb.mageia.org/" />
 
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/Magellan_Models.com.xml b/src/chrome/content/rules/Magellan_Models.com.xml
index 64c8088141c0..ee25a028f38c 100644
--- a/src/chrome/content/rules/Magellan_Models.com.xml
+++ b/src/chrome/content/rules/Magellan_Models.com.xml
@@ -1,34 +1,11 @@
-<!--
-	blog is handled in WordPress-blogs.xml.
-
-
-	Problematic subdomains:
-
-		- blog	(wordpress)
-
-
-	Mixed content:
-
-		- css on www from www *
-		- Images on www from www *
-
-	* Secured by us
-
-
-	NB: We secure all resources, and thus
-	platform should be removed with Ffx 24.
-
--->
-<ruleset name="Magellan Models.com (false MCB)" platform="mixedcontent">
+<ruleset name="Magellan Models.com">
 
 	<target host="magellanmodels.com" />
-	<target host="*.magellanmodels.com" />
-
-
-	<securecookie host="^(?:www)?\.magellanmodels\.com$" name=".+" />
+	<target host="www.magellanmodels.com" />
+	<target host="blog.magellanmodels.com" />
 
+	<securecookie host="^(www)?\.magellanmodels\.com$" name=".+" />
 
-	<rule from="^http://(www\.)?magellanmodels\.com/"
-		to="https://$1magellanmodels.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Magento.co.uk.xml b/src/chrome/content/rules/Magento.co.uk.xml
new file mode 100644
index 000000000000..3a36034ffe5d
--- /dev/null
+++ b/src/chrome/content/rules/Magento.co.uk.xml
@@ -0,0 +1,24 @@
+<!--
+	For other Magento coverage, see Magento.xml.
+
+
+	Partially covered hosts in *magento.co.uk:
+
+		- go *
+
+	* At least some pages redirect to http
+
+-->
+<ruleset name="Magento.co.uk (partial)" default_off="mismatched">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="go.magento.co.uk" />
+
+		<exclusion pattern="^http://go\.magento\.co\.uk/(?!ee/sso/|skin/)" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Magento.xml b/src/chrome/content/rules/Magento.xml
index a5a4eefdbe05..0834ef1daa27 100644
--- a/src/chrome/content/rules/Magento.xml
+++ b/src/chrome/content/rules/Magento.xml
@@ -1,39 +1,101 @@
 <!--
 	Other Magento rulesets:
+		+ Magento_Commerce.com.xml
+		+ Magento_Go_images.xml
 
-		- Magento_Go_images.xml
+	Non-functional hosts
+		Couldn't connect to server:
+			 - autodiscover.magento.com
+			 - email2.magento.com
 
+		Timeout was reached:
+			 - reno-stg.bcn.magento.com
+			 - jenkins.sandbox.bcn.magento.com
+			 - kvm.magento.com
+			 - o1.mail.magento.com
+			 - documentation.cs.mcom.magento.com
+			 - ns1.magento.com
+			 - ns2.magento.com
+			 - ns3.magento.com
+			 - ns4.magento.com
 
-	Partially covered domains:
+		SSL peer certificate was not OK:
+			 - conf.magento.com
+			 - de.magento.com
+			 - devdocs.magento.com
+			 - docs.magento.com
+			 - merch.docs.magento.com
+			 - eeeula.magento.com
+			 - eeula.magento.com
+			 - email.magento.com
+			 - enterprise.magento.com
+			 - de.enterprise.magento.com
+			 - go.magento.com
+			 - golinks.magento.com
+			 - imagine2015.magento.com
+			 - insights.magento.com
+			 - mail.magento.com
+			 - meesa.magento.com
+			 - mobile-sdk-demo-store.magento.com
+			 - support.magento.com
+			 - training.magento.com
+			 - ua.magento.com
+			 - wiki.magento.com
+			 - www1.magento.com
 
-		- go.magento.com *
-		- go.magento.co.uk *
-
-	* At least some pages redirect to http
+		Peer certificate cannot be authenticated with given CA certificates:
+			 - ausvpn.magento.com
+			 - documentation.bcn.magento.com
+			 - hhprd.bcn.magento.com
+			 - bt11202-p53.ecg.magento.com
+			 - bt11420-p55.ecg.magento.com
+			 - gts.ecg.magento.com
+			 - php53-bt11202.ecg.magento.com
+			 - quicken-api.ecg.magento.com
 
+		4xx client error:
+			 - b2b.dev.magento.com
+			 - developer-enh.magento.com
+			 - qa.m1ce.vantiv.ecg.magento.com
+			 - uat.m1ce.vantiv.ecg.magento.com
+			 - qa.m1ee.vantiv.ecg.magento.com
+			 - uat.m1ee.vantiv.ecg.magento.com
+			 - dev.m2ce.vantiv.ecg.magento.com
+			 - qa.m2ce.vantiv.ecg.magento.com
+			 - uat.m2ce.vantiv.ecg.magento.com
+			 - dev.m2ee.vantiv.ecg.magento.com
+			 - qa.m2ee.vantiv.ecg.magento.com
+			 - uat.m2ee.vantiv.ecg.magento.com
+			 - payment-broker.magento.com
+			 - stage-community.magento.com
 -->
-<ruleset name="Magento (buggy)" default_off="breaks downloads">
-
-	<target host="*.magento.com" />
-	<target host="go.magento.co.uk" />
-	<target host="magentocommerce.com" />
-	<target host="www.magentocommerce.com" />
-		<!--
-			 urgh ^http://(?:www\.)?magentocommerce\.com/
-									-->
-  		<exclusion pattern="^http://(?:www\.)?magentocommerce\.com/download" />
-
-
-	<rule from="^http://go\.magento\.com/skin/"
-		to="https://go.magento.com/skin/" />
-
-	<rule from="^http://golinks\.magento\.com/"
-		to="https://golinks.magento.com/" />
-
-	<rule from="^http://go\.magento\.co\.uk/(ee/sso|skin)/"
-		to="https://go.magento.co.uk/$1/" />
-
-	<rule from="^http://(?:www\.)?magentocommerce\.com/"
-		to="https://www.magentocommerce.com/" />
+<ruleset name="Magento.com">
+	<target host="magento.com" />
+	<target host="www.magento.com" />
+	<target host="about.magento.com" />
+	<target host="account.magento.com" />
+	<target host="irbt.bcn.magento.com" />
+	<target host="community.magento.com" />
+	<target host="demo.magento.com" />
+	<target host="developer.magento.com" />
+	<target host="fisheye.magento.com" />
+	<target host="gp.magento.com" />
+	<target host="guide.magento.com" />
+	<target host="imagine.magento.com" />
+	<target host="info.magento.com" />
+	<target host="info2.magento.com" />
+	<target host="int-bi.magento.com" />
+	<target host="magento-u.magento.com" />
+	<target host="marketplace.magento.com" />
+	<target host="partners.magento.com" />
+	<target host="repo.magento.com" />
+	<target host="smallbusiness.magento.com" />
+	<target host="static.magento.com" />
+	<target host="sts.magento.com" />
+	<target host="su.magento.com" />
+	<target host="u.magento.com" />
+	<target host="webinar.magento.com" />
+	<target host="you.magento.com" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Magento_Commerce.com.xml b/src/chrome/content/rules/Magento_Commerce.com.xml
new file mode 100644
index 000000000000..d2967f0abfc7
--- /dev/null
+++ b/src/chrome/content/rules/Magento_Commerce.com.xml
@@ -0,0 +1,34 @@
+<!--
+	For other Magento coverage, see Magento.xml.
+
+	Non-functional hosts
+		Timeout was reached:
+			 - ns1.magentocommerce.com
+			 - ns2.magentocommerce.com
+			 - ns3.magentocommerce.com
+			 - ns4.magentocommerce.com
+
+		SSL peer certificate was not OK:
+			 - answers.magentocommerce.com
+			 - de.magentocommerce.com
+			 - demo.magentocommerce.com
+			 - demo-admin.magentocommerce.com
+			 - docs.magentocommerce.com
+			 - enterprise-admin.magentocommerce.com
+			 - enterprise-demo.magentocommerce.com
+			 - reviews.magentocommerce.com
+			 - support.magentocommerce.com
+
+		4xx client error:
+			 - notifications.magentocommerce.com
+-->
+<ruleset name="Magento Commerce.com">
+	<target host="magentocommerce.com" />
+	<target host="www.magentocommerce.com" />
+	<target host="connect.magentocommerce.com" />
+	<target host="connect20.magentocommerce.com" />
+	<target host="license.magentocommerce.com" />
+	<target host="widgets.magentocommerce.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Magento_Go_images.xml b/src/chrome/content/rules/Magento_Go_images.xml
index 369f5ac1d5b4..abf8069415f0 100644
--- a/src/chrome/content/rules/Magento_Go_images.xml
+++ b/src/chrome/content/rules/Magento_Go_images.xml
@@ -10,4 +10,4 @@
 	<rule from="^http://(\w+\.)?img\.gostorego\.com/"
 		to="https://$1img.gostorego.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Magentohotel.dk.xml b/src/chrome/content/rules/Magentohotel.dk.xml
new file mode 100644
index 000000000000..57cbcdeb63fb
--- /dev/null
+++ b/src/chrome/content/rules/Magentohotel.dk.xml
@@ -0,0 +1,15 @@
+<!--
+	(www.): redirect to http, valid cert
+
+-->
+<ruleset name="Magentohotel.dk (partial)" default_off="self-signed">
+
+	<target host="prod6.magentohotel.dk" />
+
+
+	<securecookie host="^prod6\.magentohotel\.dk$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Magic.fr.xml b/src/chrome/content/rules/Magic.fr.xml
new file mode 100644
index 000000000000..05e7dfb16c99
--- /dev/null
+++ b/src/chrome/content/rules/Magic.fr.xml
@@ -0,0 +1,20 @@
+<!--
+	Other Magic Online rulesets:
+
+		- LEspace_client.fr.xml
+-->
+<ruleset name="Magic.fr">
+
+	<target host="magic.fr" />
+	<target host="www.magic.fr" />
+
+
+	<!--	Not secured by server:
+					-->
+	<securecookie host="^(?:www\.)?magic\.fr$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Magic_Affiliate_plugin.com.xml b/src/chrome/content/rules/Magic_Affiliate_plugin.com.xml
new file mode 100644
index 000000000000..557c17056444
--- /dev/null
+++ b/src/chrome/content/rules/Magic_Affiliate_plugin.com.xml
@@ -0,0 +1,22 @@
+<!--
+	Mixed content:
+
+		- favicon from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Magic Affiliate plugin.com">
+
+	<target host="magicaffiliateplugin.com" />
+	<target host="www.magicaffiliateplugin.com" />
+
+
+	<!--	Server doesn't set Secure for:
+						-->
+	<securecookie host="^(?:w*\.)?magicaffiliateplugin\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Magic_Members.com.xml b/src/chrome/content/rules/Magic_Members.com.xml
new file mode 100644
index 000000000000..211e8b5bb4d1
--- /dev/null
+++ b/src/chrome/content/rules/Magic_Members.com.xml
@@ -0,0 +1,22 @@
+<!--
+	Mixed content:
+
+		- favicon from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Magic Members.com">
+
+	<target host="magicmembers.com" />
+	<target host="www.magicmembers.com" />
+
+
+	<!--	Server doesn't set Secure:
+						-->
+	<securecookie host="^(?:w*\.)?magicmembers\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MagicalButter.xml b/src/chrome/content/rules/MagicalButter.xml
new file mode 100644
index 000000000000..b8abd88aa3ee
--- /dev/null
+++ b/src/chrome/content/rules/MagicalButter.xml
@@ -0,0 +1,23 @@
+<!--
+	Non-functional subdomains:
+		- www				(hostname mismatch, CN: magicalbutter.com, magicalbutter.com.au)
+		- shop.magicalbutter.com.au	(hostname mismatch, CN: *.myshopify.com, myshopify.com)
+		- store.magicalbutter.com.au	(403)
+-->
+<ruleset name="MagicalButter (partial)">
+	<target host=      "magicalbutter.com" />
+	<target host=  "www.magicalbutter.com" />
+	<target host="store.magicalbutter.com" />
+	<target host=      "magicalbutter.com.au" />
+	<target host=  "www.magicalbutter.com.au" />
+
+	<!-- no secure cookie for .au -->
+  	<securecookie host="^(store\.)?magicalbutter\.com$" name=".+" />
+
+  	<!-- hostname mismatch -->
+	<rule from="^http://www\.magicalbutter\.com(\.au)?/"
+		to="https://magicalbutter.com$1/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Magictail.net.xml b/src/chrome/content/rules/Magictail.net.xml
new file mode 100644
index 000000000000..a804718bb9ee
--- /dev/null
+++ b/src/chrome/content/rules/Magictail.net.xml
@@ -0,0 +1,6 @@
+<ruleset name="magictail.net">
+	<target host="magictail.net" />
+	<target host="www.magictail.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Magnatune.xml b/src/chrome/content/rules/Magnatune.xml
deleted file mode 100644
index 7b20318fefbc..000000000000
--- a/src/chrome/content/rules/Magnatune.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- blog	(times out)
-
--->
-<ruleset name="Magnatune (partial)" platform="mixedcontent">
-
-	<target host="magnatune.com" />
-	<target host="*.magnatune.com" />
-
-
-	<securecookie host="^(.*\.)magnatune\.com$" name=".*" />
-
-
-	<rule from="^https?://(?:he3\.|(www\.))?magnatune\.com/"
-		to="https://$1magnatune.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Magnet.ie.xml b/src/chrome/content/rules/Magnet.ie.xml
index 0c1917ff6f9f..9fb778577ad3 100644
--- a/src/chrome/content/rules/Magnet.ie.xml
+++ b/src/chrome/content/rules/Magnet.ie.xml
@@ -1,7 +1,24 @@
+<!--
+	Insecure cookies are set for these domains and hosts:
+
+		- .magnet.ie
+		- www.magnet.ie
+
+-->
 <ruleset name="Magnet.ie">
-  <!-- cert valid only for www. -->
   <target host="magnet.ie" />
+	<target host="mymagnet.magnet.ie" />
   <target host="www.magnet.ie" />
 
-  <rule from="^http://(?:www\.)?magnet\.ie/" to="https://www.magnet.ie/"/>
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.magnet\.ie$" name="^multisitevisited$" /-->
+	<!--securecookie host="^www\.magnet\.ie$" name="^(?:PHPSESSID|fileDownload|magsignpaysession)$" /-->
+
+	<securecookie host="^(?:www)?\.magnet\.ie$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Magnetise_Media.com.xml b/src/chrome/content/rules/Magnetise_Media.com.xml
new file mode 100644
index 000000000000..c630e9263a63
--- /dev/null
+++ b/src/chrome/content/rules/Magnetise_Media.com.xml
@@ -0,0 +1,29 @@
+<!--
+	(www.)?magnetisemedia.com: Refused
+
+
+	Insecure cookies are set for these hosts:
+
+		- adcentre.magnetisemedia.com
+		- console.magnetisemedia.com
+
+-->
+<ruleset name="Magnetise Media.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="adcentre.magnetisemedia.com" />
+	<target host="console.magnetisemedia.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:adcentre|console)\.magnetisemedia\.com$" name="^s$" /-->
+
+	<securecookie host="^(?:adcentre|console)\.magnetisemedia\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Magserv.com.xml b/src/chrome/content/rules/Magserv.com.xml
deleted file mode 100644
index 3a45fff6e148..000000000000
--- a/src/chrome/content/rules/Magserv.com.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	Subscription service.
-
--->
-<ruleset name="magserv.com">
-
-	<target host="magserv.com" />
-	<target host="*.magserv.com" />
-
-
-	<rule from="^http://([\w-]+\.)?magserv\.com/"
-		to="https://$1magserv.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Magyar_Telekom.xml b/src/chrome/content/rules/Magyar_Telekom.xml
index 77d05f08937a..1b59341f63d4 100644
--- a/src/chrome/content/rules/Magyar_Telekom.xml
+++ b/src/chrome/content/rules/Magyar_Telekom.xml
@@ -1,10 +1,14 @@
-<!-- Nonfunctional subdomains:
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://pool.telekom.hu/ => https://pool.telekom.hu/: (28, 'Connection timed out after 20000 milliseconds')
+ Nonfunctional subdomains:
 	 - tudakozo.telekom.hu (cert mismatch, expired)
 	 - telefonkonyv.telekom.hu
 -->
-<ruleset name="Magyar Telekom (partial)">
+<ruleset name="Magyar Telekom (partial)" default_off="failed ruleset test">
 	<target host="pool.telekom.hu" />
 	<target host="www.telekom.hu" />
 
-	<rule from="^http://(www|pool)\.telekom\.hu/" to="https://$1.telekom.hu/" />
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Mahan-Consulting.xml b/src/chrome/content/rules/Mahan-Consulting.xml
deleted file mode 100644
index 524e44af6b87..000000000000
--- a/src/chrome/content/rules/Mahan-Consulting.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="Mahan Consulting" default_off="expired">
-
-	<target host="consultmahan.com"/>
-	<target host="www.consultmahan.com"/>
-
-	<rule from="^http://(www\.)?consultmahan\.com/"
-		to="https://consultmahan.com/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Mahomet_Citizen.xml b/src/chrome/content/rules/Mahomet_Citizen.xml
index e7b1d3524321..7f6ea220f19e 100644
--- a/src/chrome/content/rules/Mahomet_Citizen.xml
+++ b/src/chrome/content/rules/Mahomet_Citizen.xml
@@ -15,4 +15,4 @@
 	<rule from="^http://(?:www\.)?mcitizen\.com/(misc/|sites/|user(?:$|\?|/))"
 		to="https://www.mcitizen.com/$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Mahones_Home_Decor.xml b/src/chrome/content/rules/Mahones_Home_Decor.xml
deleted file mode 100644
index 8f593efbae04..000000000000
--- a/src/chrome/content/rules/Mahones_Home_Decor.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Mahones Home Decor">
-
-	<target host="mahoneshomedecor.com" />
-	<target host="*.mahoneshomedecor.com" />
-
-
-	<securecookie host="^(?:.*\.)?mahoneshomedecor\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?mahoneshomedecor\.com/"
-		to="https://$1mahoneshomedecor.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Mahran.net.xml b/src/chrome/content/rules/Mahran.net.xml
new file mode 100644
index 000000000000..e00476455091
--- /dev/null
+++ b/src/chrome/content/rules/Mahran.net.xml
@@ -0,0 +1,8 @@
+<ruleset name="Mahran.net">
+	<target host="mahran.net" />
+	<target host="www.mahran.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Maidsafe.org.xml b/src/chrome/content/rules/Maidsafe.org.xml
new file mode 100644
index 000000000000..9a2dd2bb08a5
--- /dev/null
+++ b/src/chrome/content/rules/Maidsafe.org.xml
@@ -0,0 +1,16 @@
+<ruleset name="maidsafe.org">
+
+	<target host="maidsafe.org" />
+	<target host="www.maidsafe.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.maidsafe\.org$" name="^_forum_session$" /-->
+
+	<securecookie host="^www\.maidsafe\.org$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Maidstone.gov.uk.xml b/src/chrome/content/rules/Maidstone.gov.uk.xml
new file mode 100644
index 000000000000..8565cadd0178
--- /dev/null
+++ b/src/chrome/content/rules/Maidstone.gov.uk.xml
@@ -0,0 +1,68 @@
+<!--
+	Maidstone Borough Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *maidstone.gov.uk:
+
+		- (www.)? ʳ
+		- dynamic ʳ
+		- (www.)?museum ᵈ
+		- pcm ᵈ
+
+	ᵈ Dropped
+	ʳ Refused
+
+
+	Problematic hosts in *maidstone.gov.uk:
+
+		- consult ᵐ
+		- maps ᵐ
+
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- consult.maidstone.gov.uk
+		- services.maidstone.gov.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Maidstone.gov.uk (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ecitizen.maidstone.gov.uk" />
+	<target host="self.maidstone.gov.uk" />
+	<target host="services.maidstone.gov.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="consult.maidstone.gov.uk" />
+
+		<!--	Set cookies without Secure:
+							-->
+		<!--test url="http://services.maidstone.gov.uk/meetings/mgParishCouncilDetailsList.aspx" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^consult\.maidstone\.gov\.uk$" name="^(?:JSESSION|Server)ID$" /-->
+	<!--securecookie host="^services\.maidstone\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://consult\.maidstone\.gov\.uk/"
+		to="https://maidstone-consult.objective.co.uk/" />
+
+		<test url="http://consult.maidstone.gov.uk/portal/ditsfeb16" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mail-archive.com.xml b/src/chrome/content/rules/Mail-archive.com.xml
index f800d328783d..166334204f38 100644
--- a/src/chrome/content/rules/Mail-archive.com.xml
+++ b/src/chrome/content/rules/Mail-archive.com.xml
@@ -1,7 +1,7 @@
-<ruleset name="Mail-archive.com">
+<ruleset name="Mail-Archive.com">
   <target host="mail-archive.com" />
   <target host="www.mail-archive.com" />
 
-  <rule from="^http://(www\.)?mail-archive\.com/"
-to="https://www.mail-archive.com/" />
+  <rule from="^http:"
+to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Mail-tester.com.xml b/src/chrome/content/rules/Mail-tester.com.xml
new file mode 100644
index 000000000000..47ccb2aaae43
--- /dev/null
+++ b/src/chrome/content/rules/Mail-tester.com.xml
@@ -0,0 +1,23 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- www.mail-tester.com
+
+-->
+<ruleset name="mail-tester.com">
+
+	<target host="mail-tester.com" />
+	<target host="www.mail-tester.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.mail-tester\.com$" name="^(lang|visited)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mail.be.xml b/src/chrome/content/rules/Mail.be.xml
new file mode 100644
index 000000000000..eb3264e0cd05
--- /dev/null
+++ b/src/chrome/content/rules/Mail.be.xml
@@ -0,0 +1,7 @@
+<ruleset name="Mail.be">
+  <target host="mail.be" />
+  <target host="www.mail.be" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mail.bg.xml b/src/chrome/content/rules/Mail.bg.xml
new file mode 100644
index 000000000000..5510e89463ca
--- /dev/null
+++ b/src/chrome/content/rules/Mail.bg.xml
@@ -0,0 +1,16 @@
+<!--
+	Nonfunctional hosts in *.mail.bg:
+
+	certificate mismatch:
+		- corp.mail.bg
+-->
+<ruleset name="Mail.bg">
+	<target host="mail.bg" />
+	<target host="www.mail.bg" />
+	<target host="adsy.mail.bg" />
+	<target host="beta.mail.bg" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mail.com.xml b/src/chrome/content/rules/Mail.com.xml
deleted file mode 100644
index 11756bc652a4..000000000000
--- a/src/chrome/content/rules/Mail.com.xml
+++ /dev/null
@@ -1,32 +0,0 @@
-<!--
-	For other United Internet coverage, see United-Internet.xml.
-
-
-	Nonfunctional subdomains:
-
-		- search
-
-
-	Fully covered subdomains:
-
-		- (www.)
-		- dl
-		- www.faq
-		- help
-		- sec-i0
-		- service
-
--->
-<ruleset name="Mail.com">
-
-	<target host="mail.com" />
-	<target host="*.mail.com" />
-
-
-	<securecookie host=".*\.mail\.com$" name=".+" />
-
-
-	<rule from="^http://((?:dl|www\.faq|help|sec-i0|service|www)\.)?mail\.com/"
-		to="https://$1mail.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Mail.de.xml b/src/chrome/content/rules/Mail.de.xml
deleted file mode 100644
index c3e41b4de837..000000000000
--- a/src/chrome/content/rules/Mail.de.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="mail.de">
-  <target host="mail.de" />
-  <target host="*.mail.de" />
-
-  <rule from="^http://(?:www\.)?mail\.de/" to="https://mail.de/" />
-  <rule from="^http://(adressbuch|free|kalender|my|registrierung)\.mail\.de/" to="https://$1.mail.de/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Mail.ru.xml b/src/chrome/content/rules/Mail.ru.xml
index 34cb5737391a..832c349dd0bb 100644
--- a/src/chrome/content/rules/Mail.ru.xml
+++ b/src/chrome/content/rules/Mail.ru.xml
@@ -1,84 +1,417 @@
 <!--
-	Nonfunctional domains:
+	Other Mail.ru rulesets:
 
-		- afisha.mail.ru	(timeout)
-		- blogs.mail.ru
-		- internet.mail.ru	(timeout)
-		- limg.imgsmail.ru	(cert: *.mail.ru; 403)
-		- r2.mail.ru
-		- d4.c8.b0.a2.top.mail.ru
-		- (www.)mail.ru
+		- DatacloudMail.ru.xml
+		- ICQ.com.xml
+		- Imgs_Mail.ru.xml
+		- List.ru.xml
+		- Mradx.net.xml
+		- Ok.ru.xml
+		- TimeZero.ru.xml
 
 
-	Problematic domains:
+	Nonfunctional hosts in *mail.ru:
 
-		- top.list.ru *
-		- \w\d.\w\d.\w\d.\w\d.top.mail.ru *
+		- forum.games.mail.ru ²
 
-	* Mismatched, CN: *.mail.ru
+		- m.agent ²
+		- rfr.agent ³
+		- internet ⁵
 
+		- love ⁴
+		- m.love ᵃ
+		- wap.love ²
 
-	Fully covered domains:
+		- mailblog ²
+		- mra ³
+		- click.my ⁷
+		- otvet ⁴
+		- pogoda ²
+		- r2 ¹
 
-		- top.list.ru				(→ top-fwz1.mail.ru)
-		- \w\d.\w\d.\w\d.\w\d.top.mail.ru	(→ top-fwz1.mail.ru)
-		- top-fwz1.mail.ru
+		- showbiz.mail.ru ³
+
+		- team ⁴
+		- d4.c8.b0.a2.top
+
+		- torg ⁴
+		- chelyabinsk.torg ⁴
+		- img.torg ⁴
+		- m.torg ⁴
+
+		- lotro ²
+		- webmaster ¹
+		- xhtml.wap ²
+
+	ᵃ Shows another domain
+	¹ Dropped
+	² Refused
+	³ Plaintext reply
+	⁴ Redirects to http
+	⁵ 403
+	⁷ 400
+
+
+	Problematic hosts in *mail.ru:
+
+		- s1.amigo ¹
+		- blogs ²
+		- cdn.connect ¹
+		- w2.dwar	Mixed css
+		- content.foto ¹
+		- m.go ¹
+		- imgs2 ³
+		- m.my ¹
+		- stat.my ¹
+		- \w\d.\w\d.\w\d.\w\d.top ¹
+		- img.pre.realty ¹
+		- wap ⁴
+
+	¹ Mismatched
+	² Shows another domain
+	³ 403
+	⁴ Refused
+
+
+	Partially covered hosts in *mail.ru:
+
+		- go *
+
+	* Some pages redirect to http
+
+
+	Wildcards covered:
+
+		- avt-\d+.foto:
+
+			- [1-9]
+			- [12]\d
+			- 30
+
+		- cdn\d+.my:
+
+			- 41
+
+		- filed\d+-\d+.my
+
+		- content-\d+.foto.my:
+
+			- [3468]
+			- 1[048]
+			- 2[267-9]
+			- 30
+
+		- (\w\d.){4}top		(→ top-fwz1.mail.ru)
+
+
+	r2: Dropped over http
+
+
+	These altnames don't exist:
+
+		- mobfarm.mail.ru
+		- wartune.mail.ru
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .mail.ru
+		- 1link.mail.ru
+		- .agent.mail.ru
+		- .bb.mail.ru
+		- cfire.mail.ru
+		- .dn.mail.ru
+		- .games.mail.ru
+		- hi-tech.mail.ru
+		- it.mail.ru
+		- .jd.mail.ru
+		- parapa.mail.ru
+		- pw.mail.ru
+		- realty.mail.ru
+		- .realty.mail.ru
+		- pro.realty.mail.ru
+		- .tv.mail.ru
+
+
+	Mixed content:
+
+		- css on dwar from odnoklassniki.ru
+
+		- Images, on:
+
+			- blogs from rs.mail.ru *
+			- dobro, corp from $self *
+			- m.games from games *
+			- m.games from stat.my *
+			- m.games from my1.imgsmail.com *
+			- s1.jugger from s1.jugger.ru *
+			- rabota from hh.ru *
+			- tz from www.timezero.ru *
+
+		- favicon on m.games from games *
+
+		- Bugs, on:
+
+			- blogs from stat.my *
+			- sales from rss
+			- maps, sales from www.tns-counter.ru *
+
+	* Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
 <ruleset name="Mail.ru (partial)">
 
-	<target host="*.mail.ru" />
-		<!--	afisha & internet time out.	-->
-		<exclusion pattern="^http://(afisha|blogs|internet|www)\." />
-	<target host="cdn.connect.mail.ru" />
-	<target host="avt.foto.mail.ru" />
+	<!--	as-is rewrites:
+				-->
+	<target host="mail.ru" />
+	<target host="1l-go.mail.ru" />
+	<target host="1l-view.mail.ru" />
+	<target host="1link.mail.ru" />
+	<target host="portal.1link.mail.ru" />
+	<target host="3k.mail.ru" />
+	<target host="aa.mail.ru" />
+	<target host="ad.mail.ru" />
+	<target host="afisha.mail.ru" />
+	<target host="pic.afisha.mail.ru" />
+	<target host="touch.afisha.mail.ru" />
+	<target host="agent.mail.ru" />
+	<target host="allods.mail.ru" />
+	<target host="amigo.mail.ru" />
+	<target host="auto.mail.ru" />
+	<target host="touch.auto.mail.ru" />
+	<target host="bb.mail.ru" />
+	<target host="bs.mail.ru" />
+	<target host="biz.mail.ru" />
+	<target host="c.mail.ru" />
+	<target host="promo.calendar.mail.ru" />
+	<target host="cars.mail.ru" />
+	<target host="cfire.mail.ru" />
+	<target host="cloud.mail.ru" />
+	<target host="connect.mail.ru" />
+	<target host="corp.mail.ru" />
+	<target host="cp-filin.mail.ru" />
+	<target host="static.dl.mail.ru" />
+	<target host="deti.mail.ru" />
+	<target host="touch.deti.mail.ru" />
+	<target host="touch.forum.deti.mail.ru" />
+	<target host="dn.mail.ru" />
+	<target host="dobro.mail.ru" />
+	<target host="dwar.mail.ru" />
+	<!--target host="d2.dwar.mail.ru" /-->
+	<target host="filin.mail.ru" />
+	<target host="*.foto.mail.ru" />
+	<target host="games.mail.ru" />
+
+	<target host="bonus.games.mail.ru" />
+	<target host="m.games.mail.ru" />
+
+	<target host="go.mail.ru" />
+	<target host="health.mail.ru" />
+	<target host="help.mail.ru" />
+	<target host="hi-tech.mail.ru" />
+	<target host="m.hi-tech.mail.ru" />
+	<target host="horo.mail.ru" />
+	<target host="touch.horo.mail.ru" />
+	<target host="img.mail.ru" />
+	<target host="it.mail.ru" />
+	<target host="www.it.mail.ru" />
+	<target host="jd.mail.ru" />
+	<target host="jugger.mail.ru" />
+	<target host="s1.jugger.mail.ru" />
+	<target host="lady.mail.ru" />
+	<target host="images.lady.mail.ru" />
+	<target host="bar.love.mail.ru" />
+	<target host="m.mail.ru" />
+	<target host="maps.mail.ru" />
+	<target host="minigames.mail.ru" />
+	<target host="money.mail.ru" />
+	<target host="m.money.mail.ru" />
+	<target host="my.mail.ru" />
+
+	<target host="*.my.mail.ru" />
+	<!--target host="*.foto.my.mail.ru" /-->
+
+	<target host="news.mail.ru" />
+
 	<target host="m.news.mail.ru" />
-	<target host="*.tv.mail.ru" />
-	<target host="*.imgsmail.ru" />
+	<target host="pic.news.mail.ru" />
+	<target host="retina.news.mail.ru" />
+	<target host="touch.news.mail.ru" />
 
+	<target host="opensource.mail.ru" />
+	<target host="touch.otvet.mail.ru" />
+	<target host="parapa.mail.ru" />
+	<target host="pirates.mail.ru" />
+	<target host="pw.mail.ru" />
+	<target host="rabota.mail.ru" />
+	<target host="r.mail.ru" />
+	<target host="r3.mail.ru" />
+	<target host="realty.mail.ru" />
+	<target host="img.realty.mail.ru" />
+	<target host="pro.realty.mail.ru" />
+	<target host="riot.mail.ru" />
+	<target host="rs.mail.ru" />
+	<target host="sales.mail.ru" />
+	<target host="security.mail.ru" />
+	<target host="sf.mail.ru" />
+	<target host="socdwar.mail.ru" />
+	<target host="sport.mail.ru" />
+	<target host="status.mail.ru" />
+	<target host="swa.mail.ru" />
+	<target host="tanki.mail.ru" />
+	<target host="tanks.mail.ru" />
+	<target host="target.mail.ru" />
+	<target host="tel.mail.ru" />
+	<target host="top.mail.ru" />
+	<target host="top-fwz1.mail.ru" />
+	<target host="tv.mail.ru" />
+	<target host="my.tv.mail.ru" />
+	<target host="wap.tv.mail.ru" />
+	<target host="tz.mail.ru" />
+	<target host="wf.mail.ru" />
+	<target host="wot.mail.ru" />
+	<target host="why.mail.ru" />
+	<target host="www.mail.ru" />
 
-  <!-- Disable securecokie for this?
-  https://mail1.eff.org/pipermail/https-everywhere-rules/2012-December/001422.html
-  -->
-	<!-- <securecookie host="^\.mail\.ru$" name=".*" /> -->
-	<!--	Are .tv.mail.ru cookies used on unsecurable pages?	-->
+	<!--	Special cases:
+				-->
+	<target host="blogs.mail.ru" />
+	<target host="cdn.connect.mail.ru" />
+	<target host="img.pre.realty.mail.ru" />
+	<target host="*.top.mail.ru" />
+	<target host="wap.mail.ru" />
+
+		<!-- Flash-based players fails load ads if detect redirects. It can issue lower video quality on videohostings like on rutube.ru -->
+		<exclusion pattern="^http://ad\.mail\.ru/crossdomain.xml" />
+
+			<!--	+ve:
+					-->
+			<test url="http://ad.mail.ru/crossdomain.xml" />
+
+		<!--	Redirect to http:
+						-->
+		<!--exclusion pattern="^http://otvet\.mail\.ru/($|auth$|favicon\.ico|favicon-(16|32|64)\.png|images/|question/\d+$|s\.css)" /-->
+		<!--exclusion pattern="^http://team\.mail\.ru/($|\?mcsf_action=main_css|favicon\.ico|wp-content/)" /-->
+		<!--exclusion pattern="^http://(torg|m\.torg|wap)\.mail\.ru/($|favicon\.ico)" /-->
+
+		<!--	Formerly redirected to http:
+							-->
+		<!--exclusion pattern="^http://games\.mail\.ru/($|\?from=navi$|support/tanks/$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="^http://games\.mail\.ru/+(?!css/|favicon\.ico|fonts/|img/|pic/|pre_big2?_crop/|r/)" /-->
+
+			<!--	+ve:
+					-->
+			<test url="http://games.mail.ru/feedback/" />
+			<test url="http://games.mail.ru/gamecenter/download/" />
+			<test url="http://games.mail.ru/pc/" />
+			<test url="http://games.mail.ru/pc/video/" />
+			<test url="http://games.mail.ru/play/client/" />
+			<test url="http://games.mail.ru/play/new/" />
+			<test url="http://games.mail.ru/play/social/" />
+			<test url="http://games.mail.ru/profile/" />
+			<test url="http://games.mail.ru/support/" />
+			<test url="http://games.mail.ru/support/tz/" />
+
+			<!--	-ve:
+					-->
+			<test url="http://games.mail.ru/css/new_design/main.css" />
+			<test url="http://games.mail.ru/favicon.ico" />
+			<test url="http://games.mail.ru/img/18.png" />
+
+		<!--	Redirect to http:
+						-->
+		<!--exclusion pattern="^http://go\.mail\.ru/($|\?module_result=)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://go\.mail\.ru/(?!/*(?:favicon\.ico|static/))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://go.mail.ru/blog/" />
+			<test url="http://go.mail.ru/news" />
+			<test url="http://go.mail.ru/realtime" />
+			<test url="http://go.mail.ru/search" />
+
+			<!--	-ve:
+					-->
+			<test url="http://go.mail.ru/static/web/img/opera_bookmark/sd_search_img.png" />
+
+		<test url="http://avt-1.foto.mail.ru/" />
+		<test url="http://avt-10.foto.mail.ru/" />
+		<test url="http://avt-20.foto.mail.ru/" />
+		<test url="http://avt-30.foto.mail.ru/" />
+		<test url="http://cdn41.my.mail.ru/" />
+		<test url="http://content-1.foto.my.mail.ru/" />
+		<test url="http://content-10.foto.my.mail.ru/" />
+		<test url="http://content-20.foto.my.mail.ru/" />
+		<test url="http://content-30.foto.my.mail.ru/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.mail\.ru$" name="^(FTID|VID|c|i|mc2|mrcu|p|searchuid)$" /-->
+	<!--securecookie host="^1link\.mail\.ru$" name="^c_\d+_\d+$" /-->
+	<!--securecookie host="^\.agent\.mail\.ru$" name="^agent_family$" /-->
+	<!--securecookie host="^allods\.mail\.ru$" name="^(?:bblastactivity|bblastvisit|bbsessionhash|no_splash|usecache)$" /-->
+	<!--securecookie host="^(?:cfire|parapa)\.mail\.ru$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^\.(?:bb|dn|jd)\.mail\.ru$" name="^(?:___mrtc|SESS[\da-f]{32})$" /-->
+	<!--securecookie host="^\.games\.mail\.ru$" name="^(?:gmab|targeting)$" /-->
+	<!--securecookie host="^it\.mail\.ru$" name="^csrftoken$" /-->
+	<!--securecookie host="^hi-tech\.mail\.ru$" name="^last_visits$" /-->
+	<!--securecookie host="^(pro\.)?realty\.mail\.ru$" name="^x_user_id$" /-->
+	<!--securecookie host="^\.realty\.mail\.ru$" name="^(realty_geo|rrbrg|saved_segment)$" /-->
+	<!--securecookie host="^pro\.realty\.mail\.ru$" name="^REALTYSESS$" /-->
+	<!--securecookie host="^pw\.mail\.ru$" name="^(?:bblastactivity|bblastvisit|bbsessionhash|usecache)$" /-->
+
+	<!--	Disable securecookie for this?
+		https://mail1.eff.org/pipermail/https-everywhere-rules/2012-December/001422.html
+  	-->
+	<!--securecookie host="^\.mail\.ru$" name=".+" /-->
 
 
 	<!--	Tracking cookies:
 					-->
-	<securecookie host="^\.mail\.ru$" name="^(?:FT|V)ID$" />
+	<securecookie host="^\.mail\.ru$" name="^(?:FTID|VID|searchuid)$" />
+	<securecookie host="^(?:1link|allods|\.bb|cfire|\.dn|hi-tech|it|\.jd|parapa|pw)\.mail\.ru$" name=".+" />
 
 
-	<!--	cert doesn't match img.tv
-		ditto my.tv.  my.tv appears identical to tv	-->
-	<rule from="^http://(?:(ad|corp|avt\.foto|r3?|sales|showbiz|status)|(img)(?:\.tv)?|(?:my\.)?(tv))\.mail\.ru/"
-		to="https://$1$2$3.mail.ru/" />
+	<!--	Redirect drops path and args:
+						-->
+	<rule from="^http://blogs\.mail\.ru/.*"
+		to="https://my.mail.ru/" />
 
-	<!--	Cert only matches *.mail.ru	-->
-	<rule from="^http://(?:cdn\.)?connect\.mail\.ru/"
-		to="https://connect.mail.ru/" />
+		<test url="http://blogs.mail.ru/foo" />
 
-	<rule from="^http://lady\.mail\.ru/([^/])\.css"
-		to="https://lady.mail.ru/$1.css" />
+	<rule from="^http://cdn\.connect\.mail\.ru/"
+		to="https://connect.mail.ru/" />
 
-	<rule from="^http://news\.mail\.ru/(_css/|favicon\.ico$|img/|pic/|prev\d{1,6}/)"
-		to="https://news.mail.ru/$1" />
+	<rule from="^http://content\.foto\.mail\.ru/"
+		to="https://content.foto.my.mail.ru/" />
 
-	<!--	cert doesn't match m.news	-->
-	<rule from="^http://m\.news\.mail\.ru/(_css/|favicon\.ico$|img/)"
-		to="https://news.mail.ru/$1" />
+	<rule from="^http://stat\.my\.mail\.ru/"
+		to="https://my.mail.ru/" />
 
-	<rule from="^http://r[23s]\.mail\.ru/"
-		to="https://rs.mail.ru/" />
+	<rule from="^http://img\.pre\.realty\.mail\.ru/"
+		to="https://img.realty.mail.ru/" />
 
-	<rule from="^http://(?:top\.list|(?:\w\d\.){4}top\.mail|top-fwz1\.mail)\.ru/"
+	<rule from="^http://(?:\w\w\.){4}top\.mail\.ru/"
 		to="https://top-fwz1.mail.ru/" />
 
-	<rule from="^http://go\.imgsmail\.ru/"
-		to="https://go.imgsmail.ru/" />
+		<test url="http://a1.a1.a1.a1.top.mail.ru/" />
+
+	<!--	Redirect drops path but not args:
+							-->
+	<rule from="^http://wap\.mail\.ru/[^?]*"
+		to="https://tel.mail.ru/" />
+
+		<test url="http://wap.mail.ru//" />
+		<test url="http://wap.mail.ru/foo" />
 
-	<!--	also on img.mail.ru	-->
-	<rule from="^http://l?img\.imgsmail\.ru/"
-		to="https://img.imgsmail.ru/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Mail4kidz.eu.xml b/src/chrome/content/rules/Mail4kidz.eu.xml
new file mode 100644
index 000000000000..b4aaac1b7b0b
--- /dev/null
+++ b/src/chrome/content/rules/Mail4kidz.eu.xml
@@ -0,0 +1,7 @@
+<ruleset name="Mail4kidz.eu">
+	<target host="mail4kidz.eu" />
+	<target host="www.mail4kidz.eu" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MailChimp-mismatches.xml b/src/chrome/content/rules/MailChimp-mismatches.xml
deleted file mode 100644
index cb5e91070b44..000000000000
--- a/src/chrome/content/rules/MailChimp-mismatches.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	For rules that are enabled by default, see MailChimp.xml.
-
--->
-<ruleset name="MailChimp (mismatches)" default_off="mismatch">
-
-	<target host="status.mailchimp.com" />
-
-
-	<securecookie host="^status\.mailchimp\.com$" name=".+" />
-
-
-	<rule from="^http://status\.mailchimp\.com/"
-		to="https://status.mailchimp.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/MailChimp.xml b/src/chrome/content/rules/MailChimp.xml
index 76a6b714bbab..1d91c415d91e 100644
--- a/src/chrome/content/rules/MailChimp.xml
+++ b/src/chrome/content/rules/MailChimp.xml
@@ -1,92 +1,164 @@
 <!--
-	For problematic rules, see MailChimp-mismatches.xml.
+	For rules covering resources which do not secure
+	mixed content, see mailchimp.com-resources.xml.
 
+	Other MailChimp rulesets:
 
-	CDN buckets:
-
-		- s3.amazonaws.com:
-
-			- cdn-images.mailchimp.com
-			- experts-production		(used on experts)
-			- int-dir			(used on connect.; doesn't have "blog" in filenames)
+		- List-manage.com.xml
 
 
-		- dbfv8p2wljo34.cloudfront.net
+	CDN buckets:
 
-			- static.mailchimp.com
+		- cdn-images.mailchimp.com.s3.amazonaws.com
+		- int-dir.s3.amazonaws.com
+		- experts-production.s3.amazonaws.com
+		- mc-delivery-status.s3.amazonaws.com
+		- s3.amazonaws.com/downloads.mailchimp.com/ | d1zgderxoe1a.cloudfront.net
+		- dbfv8p2wljo34.cloudfront.net	← static
 
-		- dbhkt46el5ri0.cloudfront.net
+		- dbhkt46el5ri0.cloudfront.net	← cdn-images
 
 			- equivalent to cdn-images.mailchimp.com.s3.amazonaws.com
-			- cdn-images.mailchimp.com
 
-		- mcid.heroku.com
+		- fukui-9447.herokussl.com	← connect
+		- mc-experts.herokuapp.com	← experts
+		- mc-status.herokuapp.com	← status
+
 
-		- mc-experts.herokuapp.com
+	Nonfunctional hosts in *mailchimp.com;
 
-			- experts.mailchimp.com
+		- fastfives ʳ
 
-		- mc-status.herokuapp.com		(404, "No such app")
+	ʳ Refused
 
-			- status.mailchimp.com
 
+	Problematic hosts in *mailchimp.com;
 
-	Nonfunctional domains:
+		- delivery ᵐ
+		- downloads ᵐ
+		- styleguide ᵐ
 
-		- 50.23.108.136		(shows sfbloghost)
+	ᵐ Mismatched
 
-		- mailchimp.com subdomains:
 
-			- apidocs	(shows sfbloghost, cert valid)
-			- cf		(shows sfbloghost over https, 403 over http)
-			- creative	(hosted on Tumblr)
+	Partially covered hosts in *mailchimp.com;
 
+		- kb ʰ
 
-	Problematic subdomains:
+	ʰ Some paths redirect to http
 
-		- status		(mismatched, CN: *.herokuapp.com)
 
+	Insecure cookies are set for these hosts: ᶜ
 
-	Fully covered subdomains:
+		- us\d+.admin.mailchimp.com
+		- kb.mailchimp.com
+		- login.mailchimp.com
+		- lurvin.mailchimp.com
+		- status.mailchimp.com
+		- ux.mailchimp.com
 
-		- (www.)
-		- admin
+	ᶜ See https://owasp.org/index.php/SecureFlag
 
-		- \w+.admin:
 
-			- us2
+	Mixed content:
 
-		- blog
-		- cdn-images
-		- connect	(→ mcid.heroku.com)
-		- experts	(→ mc-experts.herokuapp.com)
-		- login
-		- sfbloghost
-		- static	(→ dbfv8p2wljo34.cloudfront.net)
+		- Image on downloads from gallery.mailchimp.com ˢ
+		- favicon on styleguide, templates from static.mailchimp.com ˢ
 
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
 <ruleset name="MailChimp (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="mailchimp.com" />
-	<target host="*.mailchimp.com" />
-
+	<target host="admin.mailchimp.com" />
+	<target host="*.admin.mailchimp.com" />
+	<target host="us1.api.mailchimp.com" />
+	<target host="apidocs.mailchimp.com" />
+	<target host="blog.mailchimp.com" />
+	<target host="casl.mailchimp.com" />
+	<target host="cdn-images.mailchimp.com" />
+	<target host="cf.mailchimp.com" />
+	<target host="connect.mailchimp.com" />
+	<target host="creative.mailchimp.com" />
+	<target host="developer.mailchimp.com" />
+	<target host="devs.mailchimp.com" />
+	<target host="docmakers.mailchimp.com" />
+	<target host="eventbrite.mailchimp.com" />
+	<target host="experts.mailchimp.com" />
+	<target host="gallery.mailchimp.com" />
+	<target host="inspiration.mailchimp.com" />
+	<!--target host="kb.mailchimp.com" /-->
+	<target host="login.mailchimp.com" />
+	<target host="lurvin.mailchimp.com" />
+	<target host="static.mailchimp.com" />
+	<target host="status.mailchimp.com" />
+	<target host="templates.mailchimp.com" />
+	<target host="ux.mailchimp.com" />
+	<target host="www.mailchimp.com" />
+
+		<exclusion pattern="^http://(?:[^./]+\.){2,}admin\.mailchimp\.com/" />
+
+			<!--	+ve:
+					-->
+			<test url="http://this.host.admin.mailchimp.com/" />
+			<test url="http://exists.not.admin.mailchimp.com/" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://kb\.mailchimp\.com/(?:$|(?:accounts|facebook|growth|lists|login)$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="^http://kb\.mailchimp\.com/(?!/*(?:binarie|cs|image)s/)" /-->
+
+			<!--	+ve:
+					-->
+			<!--
+			<test url="http://kb.mailchimp.com/accounts" />
+			<test url="http://kb.mailchimp.com/facebook" />
+			<test url="http://kb.mailchimp.com/growth" />
+			<test url="http://kb.mailchimp.com/lists" />
+			<test url="http://kb.mailchimp.com/login" />
+			-->
+
+			<!--	-ve:
+					-->
+			<!--
+			<test url="http://kb.mailchimp.com/binaries/content/assets/mailchimpkb/kbicon_start.png" />
+			<test url="http://kb.mailchimp.com/css/kb.css" />
+			<test url="http://kb.mailchimp.com/images/winking-freddie.svg" />
+			-->
+
+		<test url="http://us14.admin.mailchimp.com/" />
+		<test url="http://us2.admin.mailchimp.com/" />
+		<test url="http://static.mailchimp.com/web/design/white.png" />
+
+	<!--	Complications:
+				-->
+	<target host="downloads.mailchimp.com" />
+
+		<!--	$ 403s, so:
+					-->
+		<test url="http://downloads.mailchimp.com/querytemplate.html" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:us\d+\.admin|ux)\.mailchimp\.com$" name="^_AVESTA_ENVIRONMENT$" /-->
+	<!--securecookie host="^kb\.mailchimp\.com$" name="^JSESSIONID$" /-->
+	<!--securecookie host="^login\.mailchimp\.com$" name="^_(?:AVESTA_ENVIRONMENT|TEST_COOKIE)$" /-->
+	<!--securecookie host="^lurvin\.mailchimp\.com$" name="_sessions$" /-->
+	<!--securecookie host="^status\.mailchimp\.com$" name="_session$" /-->
 
 	<!--	is wildcard login cookie used on unsecureable pages?
 									-->
-	<securecookie host="^.+\.mailchimp\.com$" name=".+" />
-
-
-	<rule from="^http://((?:(?:\w+\.)?admin|blog|cdn-images|login|sfbloghost|www)\.)?mailchimp\.com/"
-		to="https://$1mailchimp.com/" />
-
-	<rule from="^https?://connect\.mailchimp\.com/"
-		to="https://mcid.heroku.com/" />
+	<securecookie host="^\." name="^_ga" />
+	<securecookie host=".\.mailchimp\.com$" name=".+" />
 
-	<rule from="^https?://experts\.mailchimp\.com/"
-		to="https://mc-experts.herokuapp.com/" />
 
-	<rule from="^https?://static\.mailchimp\.com/"
-		to="https://dbfv8p2wljo34.cloudfront.net/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MailNull.com.xml b/src/chrome/content/rules/MailNull.com.xml
index 0123e0086805..689acb65c357 100644
--- a/src/chrome/content/rules/MailNull.com.xml
+++ b/src/chrome/content/rules/MailNull.com.xml
@@ -1,19 +1,13 @@
 <!--
-	REQUESTED: https://trac.torproject.org/projects/tor/ticket/9218
-
-
-	Problematic subdomains:
-
-		- www	(cert only matches ^mailnull.com)
-
+	Mismatched:
+		- out
+		- outside
 -->
 <ruleset name="MailNull.com">
-
 	<target host="mailnull.com" />
 	<target host="www.mailnull.com" />
 
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(?:www\.)?mailnull\.com/"
-		to="https://mailnull.com/" />
-
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MailPoet.com.xml b/src/chrome/content/rules/MailPoet.com.xml
new file mode 100644
index 000000000000..2fa3f95930a4
--- /dev/null
+++ b/src/chrome/content/rules/MailPoet.com.xml
@@ -0,0 +1,45 @@
+<!--
+	^mailpoet.com: cert only matches *.mailpoet.com
+
+
+	Mixed content:
+
+
+		- Images, on:
+
+			- support from $self ¹
+			- support and www from www ¹
+			- www from $self ¹
+			- www from 2014.miami.wordcamp.org ²
+			- www from 2014.paris.wordcamp.org ²
+
+	¹ Secured by us
+	² Unsecurable <= redirects to http
+
+-->
+<ruleset name="MailPoet.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="support.mailpoet.com" />
+	<target host="www.mailpoet.com" />
+
+	<!--	Complications:
+				-->
+	<target host="mailpoet.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^support\.mailpoet\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^support\.mailpoet\.com$" name=".+" />
+
+
+	<rule from="^http://mailpoet\.com/"
+		to="https://www.mailpoet.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mailerlite.com.xml b/src/chrome/content/rules/Mailerlite.com.xml
new file mode 100644
index 000000000000..3e1ad46d3daf
--- /dev/null
+++ b/src/chrome/content/rules/Mailerlite.com.xml
@@ -0,0 +1,27 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .mailerlite.com
+
+-->
+<ruleset name="Mailerlite.com">
+
+	<target host="mailerlite.com" />
+	<target host="app.mailerlite.com" />
+	<target host="cdn.mailerlite.com" />
+	<target host="static1.mailerlite.com" />
+	<target host="www.mailerlite.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.mailerlite\.com$" name="^(?:__cfduid|_gat?$|cf_clearance|mailerlite:language)$" /-->
+
+	<securecookie host="^\." name="^(?:__cfduid|_gat?$|cf_clearance|mailerlite:language)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mailgun.net-problematic.xml b/src/chrome/content/rules/Mailgun.net-problematic.xml
new file mode 100644
index 000000000000..7e75e0251eee
--- /dev/null
+++ b/src/chrome/content/rules/Mailgun.net-problematic.xml
@@ -0,0 +1,15 @@
+<!--
+	For rules that are on by default, see Mailgun.net.xml.
+
+-->
+<ruleset name="Mailgun.net (mismatched)" default_off="mismatched">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="bin.mailgun.net" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mailgun.net.xml b/src/chrome/content/rules/Mailgun.net.xml
new file mode 100644
index 000000000000..700cc8c636d3
--- /dev/null
+++ b/src/chrome/content/rules/Mailgun.net.xml
@@ -0,0 +1,24 @@
+<!--
+	For other Rackspace coverage, see Rackspace.xml.
+
+
+	Problematic hosts in *mailgun.net:
+
+		- bin *
+
+	* Heroku
+
+-->
+<ruleset name="Mailgun.net (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="mailgun.net" />
+	<!--target host="bin.mailgun.net" /-->
+	<target host="www.mailgun.net" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mailigen.xml b/src/chrome/content/rules/Mailigen.xml
index 2359614f0721..04d52f16c689 100644
--- a/src/chrome/content/rules/Mailigen.xml
+++ b/src/chrome/content/rules/Mailigen.xml
@@ -1,7 +1,11 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://static-admin.mailigen.com/ => https://static-admin.mailigen.com/: (35, 'error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error')
+
 	CDN buckets:
 
-		- 500745869.r.cdn77.net 
+		- 500745869.r.cdn77.net
 
 			- static.mailigen.com
 
@@ -12,28 +16,53 @@
 
 	Nonfunctional subdomains:
 
-		- (www.)
-		- affiliate
+		- affiliate ¹
 		- blog
 		- list
 
+	¹ Shows default page
+
+
 	Problematic subdomains:
 
-		- static *
 		- static-blog *
 
 	* Works; mismatched, CN: *.r.worldssl.net
 
+
+	Insecure cookies are set for these domains:
+
+		- .mailigen.com
+
+
+	Mixed content:
+
+		- Images on www from ^mailigen.com *
+
+	* Secured by us
+
 -->
-<ruleset name="Mailigen (partial)">
+<ruleset name="Mailigen.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="mailigen.com" />
+	<target host="admin.mailigen.com" />
+	<target host="api.mailigen.com" />
+	<target host="login.mailigen.com" />
+	<target host="static.mailigen.com" />
+	<target host="static-admin.mailigen.com" />
+	<target host="www.mailigen.com" />
 
-	<target host="*.mailigen.com" />
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.mailigen\.com$" name="^PHPSESSID$" /-->
 
-	<securecookie host="^.+\.mailigen\.com$" name=".+" />
+	<securecookie host=".+\.mailigen\.com$" name=".+" />
 
 
-	<rule from="^http://(adm|log|static-adm)in\.mailigen\.com/"
-		to="https://$1in.mailigen.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Mailinator.com.xml b/src/chrome/content/rules/Mailinator.com.xml
index 88780985302f..fd1bb4b81961 100644
--- a/src/chrome/content/rules/Mailinator.com.xml
+++ b/src/chrome/content/rules/Mailinator.com.xml
@@ -1,21 +1,16 @@
-<!--
-	Mixed content:
-
-		- css on www from fonts.googleapis.com *
-
-	* Secured by us
-
--->
 <ruleset name="Mailinator.com">
 
 	<target host="mailinator.com" />
-	<target host="www.mailinator.com" />
-
+	<target host="*.mailinator.com" />
+	<!-- All subdomains are valid and
+		mirror https://www.mailinator.com/ -->
+		<test url="http://testurl1.mailinator.com/" />
+		<test url="http://testurl2.mailinator.com/" />
+		<test url="http://testurl3.mailinator.com/" />
 
 	<securecookie host="^(?:www\.)?mailinator\.com$" name=".+" />
 
+	<rule from="^http:"
+		to="https:" />
 
-	<rule from="^http://(www\.)?mailinator\.com/"
-		to="https://$1mailinator.com/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Mailoo.xml b/src/chrome/content/rules/Mailoo.xml
index 8ea6d22dc044..dfef17af27e2 100644
--- a/src/chrome/content/rules/Mailoo.xml
+++ b/src/chrome/content/rules/Mailoo.xml
@@ -1,6 +1,20 @@
-<ruleset name="Mailoo">
-  <target host="mailoo.org" />
+<!--
+	^mailoo.org: Mismatched, missing certificate chain
+
+-->
+<ruleset name="Mailoo.org">
+
+	<!--	Direct rewrites:
+				-->
   <target host="www.mailoo.org" />
 
-  <rule from="^http://(www\.)?mailoo\.org/" to="https://www.mailoo.org/" />
+	<!--	Complications:
+				-->
+  <target host="mailoo.org" />
+
+	<rule from="^http://mailoo\.org/"
+		to="https://www.mailoo.org/" />
+
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Mailout_Interactive.com.xml b/src/chrome/content/rules/Mailout_Interactive.com.xml
index 7ca71dbe0538..08e570c47bb7 100644
--- a/src/chrome/content/rules/Mailout_Interactive.com.xml
+++ b/src/chrome/content/rules/Mailout_Interactive.com.xml
@@ -1,4 +1,9 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://mailoutinteractive.com/ => https://mailoutinteractive.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.mailoutinteractive.com/ => https://mailoutinteractive.com/: (28, 'Connection timed out after 20001 milliseconds')
+
 	Nonfunctional subdomains:
 
 		- blog	(shows industrymailout.com)
@@ -9,7 +14,7 @@
 		- www	(shows industrymailout.com)
 
 -->
-<ruleset name="Mailout Interactive.com (partial)">
+<ruleset name="Mailout Interactive.com (partial)" default_off="failed ruleset test">
 
 	<target host="mailoutinteractive.com" />
 	<target host="www.mailoutinteractive.com" />
diff --git a/src/chrome/content/rules/Mailpile.is.xml b/src/chrome/content/rules/Mailpile.is.xml
index 4e6d97d67766..d99cbf63dace 100644
--- a/src/chrome/content/rules/Mailpile.is.xml
+++ b/src/chrome/content/rules/Mailpile.is.xml
@@ -1,9 +1,4 @@
 <!--
-	Problematic subdomains:
-
-		- ^	(recursive redirect)
-
-
 	There are several subdomains listed as
 	alternative subjects which don't exist.
 
@@ -14,7 +9,7 @@
 	<target host="www.mailpile.is" />
 
 
-	<rule from="^http://(?:www\.)?mailpile\.is/"
-		to="https://www.mailpile.is/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Mailstation.de.xml b/src/chrome/content/rules/Mailstation.de.xml
deleted file mode 100644
index 30eef58265df..000000000000
--- a/src/chrome/content/rules/Mailstation.de.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	Problematic subdomains:
-
-		- (www.)	(mismatched, CN: galileo.mailstation.de)
-
--->
-<ruleset name="mailstation.de">
-
-	<target host="mailstation.de" />
-	<target host="*.mailstation.de" />
-
-
-	<!--	Server redirect from (www.) to
-		galileo preserves path and args:
-						-->
-	<rule from="^http://(?:galileo\.|www\.)?mailstation\.de/"
-		to="https://galileo.mailstation.de/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Mailvelope.com.xml b/src/chrome/content/rules/Mailvelope.com.xml
new file mode 100644
index 000000000000..8a37c746cf63
--- /dev/null
+++ b/src/chrome/content/rules/Mailvelope.com.xml
@@ -0,0 +1,19 @@
+<!--
+	Invalid certificate:
+		fosdem2014.mailvelope.com
+
+-->
+
+<ruleset name="Mailvelope.com">
+
+	<target host="mailvelope.com" />
+	<target host="www.mailvelope.com" />
+	<target host="build.mailvelope.com" />
+	<target host="demo.mailvelope.com" />
+	<target host="download.mailvelope.com" />
+	<target host="keys.mailvelope.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mailvelope.xml b/src/chrome/content/rules/Mailvelope.xml
deleted file mode 100644
index 265433043ada..000000000000
--- a/src/chrome/content/rules/Mailvelope.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	CN: aries.uberspace.de
-
--->
-<ruleset name="Mailvelope" default_off="mismatched">
-
-	<target host="mailvelope.com" />
-	<target host="www.mailvelope.com" />
-
-
-	<rule from="^http://(?:www\.)?mailvelope\.com/"
-		to="https://mailvelope.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Main-host.de.xml b/src/chrome/content/rules/Main-host.de.xml
deleted file mode 100644
index 2a97da9afba8..000000000000
--- a/src/chrome/content/rules/Main-host.de.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	Problematic subdomains:
-
-		- ^	(404, valid cert)
-
--->
-<ruleset name="main-host.de">
-
-	<target host="main-host.de" />
-	<target host="*.main-host.de" />
-
-
-	<rule from="^http://(?:www\.)?main-host\.de/"
-		to="https://www.main-host.de/" />
-
-	<rule from="^http://kunden\.main-host\.de/"
-		to="https://kunden.main-host.de/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Maine.gov.xml b/src/chrome/content/rules/Maine.gov.xml
index 675ca8cae32f..77d8f021ded4 100644
--- a/src/chrome/content/rules/Maine.gov.xml
+++ b/src/chrome/content/rules/Maine.gov.xml
@@ -1,19 +1,79 @@
+
 <!--
-	For other U.S. government coverage, see US-government.xml.
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://www.maine.gov/local/ (200) => https://www.maine.gov/local/ (404)
+
+
+
+	Problematic hosts in *maine.gov:
+
+		- legislature ¹
+		- media ²
+
+	¹ Mismatched
+	² Expired
+
+
+	Mixed content:
+
+		- iframe on www1 from www.maine.gov *
+		- flash on media from $self
+
+		- css, on:
 
+			- media, www1 from www.maine.gov *
+			- www1 from fonts.googleapis.com *
 
-	- governor/ redirects to http
-	- local/ 404s
-	- portal/$ differs between http & https
+		- Images, on:
+
+			- media from $self
+			- media from www.maine.gov *
+
+	* Secured by us
 
 -->
-<ruleset name="Maine.gov (partial)">
+<ruleset name="Maine.gov (partial)" default_off="failed ruleset test">
 
 	<target host="maine.gov" />
+	<target host="data.maine.gov" />
 	<target host="www.maine.gov" />
+	<target host="www1.maine.gov" />
+
+	<!--	Complications:
+				-->
+	<target host="legislature.maine.gov" />
+
+		<!--exclusion pattern="^http://(?:www\.)?maine\.gov/(?!(?:agriculture|informe|msl|portal/(?:government|online_services)|tools)(?:$|\?|/)|portal/(?:css|images|img)/)" /-->
+
+		<!--	Avoid broken MCB:
+						-->
+		<exclusion pattern="^http://www1\.maine\.gov/governor/lepage/(?!css/|images/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www1.maine.gov/governor/lepage/" />
+			<test url="http://www1.maine.gov/governor/lepage/citizen_services/" />
+			<test url="http://www1.maine.gov/governor/lepage/index.shtml" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www1.maine.gov/governor/lepage/css/mobile.css" />
+			<test url="http://www1.maine.gov/governor/lepage/images/flickr.png" />
+
+		<test url="http://www.maine.gov/awt/css2/stylesv2.css" />
+		<test url="http://www.maine.gov/awt/images/maine_gov_logo.gif" />
+		<test url="http://www.maine.gov/governor/" />
+		<test url="http://www.maine.gov/images/rss.gif" />
+		<test url="http://www.maine.gov/local/" />
+		<test url="http://www.maine.gov/online/apps/css/mobile.css" />
+		<test url="http://www.maine.gov/portal/" />
+		<test url="http://www.maine.gov/tools/whatsnew/attach.php?id=607299&amp;an=1" />
+
 
+	<rule from="^http://legislature\.maine\.gov/"
+		to="https://mainelegislature.org/" />
 
-	<rule from="^http://(www\.)?maine\.gov/((?:agriculture|informe|msl|portal/(?:government|online_services)|tools)(?:$|\?|/)|portal/(?:css|images|img)/)"
-		to="https://$1maine.gov/$2" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Maine_Legislature.org.xml b/src/chrome/content/rules/Maine_Legislature.org.xml
new file mode 100644
index 000000000000..80601a99c0cc
--- /dev/null
+++ b/src/chrome/content/rules/Maine_Legislature.org.xml
@@ -0,0 +1,27 @@
+<!--
+
+
+	www.mainelegislature.org: 404
+
+-->
+<ruleset name="Maine Legislature.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="mainelegislature.org" />
+
+	<!--	Complications:
+				-->
+	<target host="www.mainelegislature.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://www\.mainelegislature\.org/"
+		to="https://mainelegislature.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mainstrat.com.xml b/src/chrome/content/rules/Mainstrat.com.xml
new file mode 100644
index 000000000000..3196bab7beb5
--- /dev/null
+++ b/src/chrome/content/rules/Mainstrat.com.xml
@@ -0,0 +1,11 @@
+<ruleset name="mainstrat.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="sdc-cordis.mainstrat.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Major-Designs-Doll-Fashions.xml b/src/chrome/content/rules/Major-Designs-Doll-Fashions.xml
deleted file mode 100644
index 9bd33e704846..000000000000
--- a/src/chrome/content/rules/Major-Designs-Doll-Fashions.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="Major Designs Doll Fashions">
-
-	<target host="majordesignsdollfashions.com"/>
-	<target host="www.majordesignsdollfashions.com"/>
-
-	<rule from="^http://(www\.)?majordesignsdollfashions\.com/"
-		to="https://$1majordesignsdollfashions.com/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Major.io.xml b/src/chrome/content/rules/Major.io.xml
new file mode 100644
index 000000000000..9b66074b15cd
--- /dev/null
+++ b/src/chrome/content/rules/Major.io.xml
@@ -0,0 +1,9 @@
+<ruleset name="major.io">
+
+	<target host="major.io" />
+	<target host="www.major.io" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Majordomo.ru.xml b/src/chrome/content/rules/Majordomo.ru.xml
new file mode 100644
index 000000000000..312defe8538e
--- /dev/null
+++ b/src/chrome/content/rules/Majordomo.ru.xml
@@ -0,0 +1,56 @@
+<!--
+	403:
+		7years.majordomo.ru
+		leto.majordomo.ru
+
+	Mismatched:
+		baton.majordomo.ru
+		m.control.majordomo.ru
+		isp2.majordomo.ru
+
+	Refused:
+		chucho.majordomo.ru
+
+	Timeout by travis:
+		11.majordomo.ru
+		upgrade.majordomo.ru
+		work.majordomo.ru
+
+	curl: (6) Could not resolve host: billing2.intr
+		billing2.majordomo.ru
+		https://github.com/EFForg/https-everywhere/pull/9504#issuecomment-294360643
+-->
+<ruleset name="Majordomo.ru">
+	<target host="majordomo.ru" />
+	<target host="www.majordomo.ru" />
+	<target host="10.majordomo.ru" />
+	<target host="2011.majordomo.ru" />
+	<target host="50000.majordomo.ru" />
+	<target host="aedrvt.majordomo.ru" />
+	<target host="apscatalog.majordomo.ru" />
+	<target host="book.majordomo.ru" />
+	<target host="chat.majordomo.ru" />
+	<target host="control.majordomo.ru" />
+	<target host="control2.majordomo.ru" />
+	<target host="fastsite.majordomo.ru" />
+	<target host="ho.majordomo.ru" />
+	<target host="ho13.majordomo.ru" />
+	<target host="ho14.majordomo.ru" />
+	<target host="ho15.majordomo.ru" />
+	<target host="ho16.majordomo.ru" />
+	<target host="ho17.majordomo.ru" />
+	<target host="ho18.majordomo.ru" />
+	<target host="ho19.majordomo.ru" />
+	<target host="m.majordomo.ru" />
+	<target host="mail.majordomo.ru" />
+	<target host="mj.majordomo.ru" />
+	<target host="new.majordomo.ru" />
+	<target host="newmail.majordomo.ru" />
+	<target host="office.majordomo.ru" />
+	<target host="old.majordomo.ru" />
+	<target host="podarok.majordomo.ru" />
+	<target host="staff.majordomo.ru" />
+	<target host="tinkoff.majordomo.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Make-A-Wish-Foundation-MI.xml b/src/chrome/content/rules/Make-A-Wish-Foundation-MI.xml
index e9cd358c4260..24e4f7d13008 100644
--- a/src/chrome/content/rules/Make-A-Wish-Foundation-MI.xml
+++ b/src/chrome/content/rules/Make-A-Wish-Foundation-MI.xml
@@ -1,6 +1,16 @@
-<ruleset name="Make-A-Wish Foundation of Michigan">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://wishmich.org/ => https://www.wishmich.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.wishmich.org'")
+Fetch error: http://www.wishmich.org/ => https://www.wishmich.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.wishmich.org'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://wishmich.org/ => https://www.wishmich.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.wishmich.org'")
+Fetch error: http://www.wishmich.org/ => https://www.wishmich.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.wishmich.org'")
+-->
+<ruleset name="Make-A-Wish Foundation of Michigan" default_off="failed ruleset test">
 	<target host="wishmich.org" />
 	<target host="www.wishmich.org" />
 
 	<rule from="^http://(?:www\.)?wishmich\.org/" to="https://www.wishmich.org/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Make-Projects.xml b/src/chrome/content/rules/Make-Projects.xml
deleted file mode 100644
index 2c7a3f4421db..000000000000
--- a/src/chrome/content/rules/Make-Projects.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	CDN buckets:
-
-		- d1c7nyv5gwvh6t.cloudfront.net
-			- guide-images.makeprojects.org
-
--->
-<ruleset name="Make: Projects (partial)">
-
-	<target host="makeprojects.org" />
-	<target host="*.makeprojects.org" />
-
-
-	<!--	- Cert doesn't match www
-		- Some (most?) pages 302 to http
-						-->
-	<rule from="^https?://(?:www\.)?makeprojects\.org/Project/login(/register)?($|\?)"
-		to="https://makeprojects.org/Project/login$1$2" />
-
-	<rule from="^https?://guide-images\.makeprojects\.org/"
-		to="https://d1c7nyv5gwvh6t.cloudfront.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/MakeFrontendShitAgain.party.xml b/src/chrome/content/rules/MakeFrontendShitAgain.party.xml
new file mode 100644
index 000000000000..9499493eef9e
--- /dev/null
+++ b/src/chrome/content/rules/MakeFrontendShitAgain.party.xml
@@ -0,0 +1,8 @@
+<ruleset name="MakeFrontendShitAgain.party">
+	<target host="makefrontendshitagain.party" />
+	<target host="www.makefrontendshitagain.party" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MakeMyTrip.xml b/src/chrome/content/rules/MakeMyTrip.xml
index 6837e7c76df2..3f078b421337 100644
--- a/src/chrome/content/rules/MakeMyTrip.xml
+++ b/src/chrome/content/rules/MakeMyTrip.xml
@@ -1,9 +1,28 @@
+
+<!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Fetch error: http://makemytrip.com/holidays-india/ => https://www.makemytrip.com/holidays-india/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://makemytrip.com/ => https://www.makemytrip.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://image4.makemytrip.com/ => https://image4.makemytrip.com/: (6, 'Could not resolve host: image4.makemytrip.com')
+Fetch error: http://image5.makemytrip.com/ => https://image5.makemytrip.com/: (6, 'Could not resolve host: image5.makemytrip.com')
+Fetch error: http://m.makemytrip.com/ => https://m.makemytrip.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://railtourism.makemytrip.com/ => https://railtourism.makemytrip.com/: (6, 'Could not resolve host: railtourism.makemytrip.com')
+Fetch error: http://support.makemytrip.com/ => https://support.makemytrip.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://us.makemytrip.com/ => https://us.makemytrip.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.makemytrip.com/ => https://www.makemytrip.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+
+-->
 <ruleset name="Make My Trip" platform="mixedcontent">
-  <target host="makemytrip.com" />
-  <target host="*.makemytrip.com" />
+  <!-- target host="makemytrip.com" /-->
+  <target host="cheapfaresindia.makemytrip.com" />
+  <!-- target host="image4.makemytrip.com" /-->
+  <!-- target host="image5.makemytrip.com" /-->
+  <!-- target host="m.makemytrip.com" /-->
+  <!-- target host="railtourism.makemytrip.com" /-->
+  <!-- target host="support.makemytrip.com" /-->
+  <!-- target host="us.makemytrip.com" /-->
+  <!-- target host="www.makemytrip.com" /-->
 
-  <rule from="^http://makemytrip\.com/"
-          to="https://www.makemytrip.com/" />
-  <rule from="^http://(cheapfaresindia|image4|image5|m|railtourism|support|us|www)\.makemytrip\.com/"
-          to="https://$1.makemytrip.com/" />
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/MakeShop.jp.xml b/src/chrome/content/rules/MakeShop.jp.xml
new file mode 100644
index 000000000000..638a9f5bf304
--- /dev/null
+++ b/src/chrome/content/rules/MakeShop.jp.xml
@@ -0,0 +1,21 @@
+<!--
+	For other GMO coverage, see GMO_Internet.xml.
+
+
+	custom: at least some pages redirect to http.
+
+-->
+<ruleset name="MakeShop.jp (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="makeshop.jp" />
+	<target host="www.makeshop.jp" />
+
+		<!--exclusion pattern="http://custom\.makeshop\.jp/" /-->
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MakeUseOf.com.xml b/src/chrome/content/rules/MakeUseOf.com.xml
new file mode 100644
index 000000000000..c3738bc4ff6e
--- /dev/null
+++ b/src/chrome/content/rules/MakeUseOf.com.xml
@@ -0,0 +1,18 @@
+<!--
+	Mismatch:
+		wiki.makeuseof.com
+-->
+<ruleset name="MakeUseOf.com">
+	<target host="makeuseof.com" />
+	<target host="www.makeuseof.com" />
+	<target host="cdn.makeuseof.com" />
+	<target host="deals.makeuseof.com" />
+	<target host="groups.makeuseof.com" />
+	<target host="mail.makeuseof.com" />
+	<target host="www.mail.makeuseof.com" />
+	<target host="static.makeuseof.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MakeUseOf.xml b/src/chrome/content/rules/MakeUseOf.xml
deleted file mode 100644
index 04e367f573cb..000000000000
--- a/src/chrome/content/rules/MakeUseOf.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	CDN buckets:
-
-		- main.makeuseoflimited.netdna-cdn.com
-
-			- ssl doesn't exist
-
-
-	Some pages redirect to http.
-
--->
-<ruleset name="MakeUseOf (partial)">
-
-	<target host="makeuseof.com" />
-	<target host="www.makeuseof.com" />
-	<target host="main.makeuseoflimited.netdna-cdn.com" />
-
-
-	<rule from="^http://(www\.)?makeuseof\.com/(favicon\.ico|wp-content/)"
-		to="https://$1makeuseof.com/$2" />
-
-	<rule from="^http://main\.makeuseoflimited\.netdna-cdn\.com/"
-		to="https://makeuseof.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Make_Loveland.com.xml b/src/chrome/content/rules/Make_Loveland.com.xml
new file mode 100644
index 000000000000..7358d1dc8f7b
--- /dev/null
+++ b/src/chrome/content/rules/Make_Loveland.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .makeloveland.com
+
+-->
+<ruleset name="make Loveland.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="makeloveland.com" />
+	<target host="www.makeloveland.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.makeloveland\.com$" name="^_session_id$" /-->
+
+	<securecookie host="^\.makeloveland\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Make_Tech_Easier.com.xml b/src/chrome/content/rules/Make_Tech_Easier.com.xml
new file mode 100644
index 000000000000..7559c93ab20e
--- /dev/null
+++ b/src/chrome/content/rules/Make_Tech_Easier.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="Make Tech Easier.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="maketecheasier.com" />
+	<target host="www.maketecheasier.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Maker.tv.xml b/src/chrome/content/rules/Maker.tv.xml
new file mode 100644
index 000000000000..242710aec14e
--- /dev/null
+++ b/src/chrome/content/rules/Maker.tv.xml
@@ -0,0 +1,8 @@
+<ruleset name="Maker.tv">
+
+	<target host="maker.tv" />
+	<target host="www.maker.tv" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Maker_Shed.xml b/src/chrome/content/rules/Maker_Shed.xml
index edf523127420..7736af3af6d5 100644
--- a/src/chrome/content/rules/Maker_Shed.xml
+++ b/src/chrome/content/rules/Maker_Shed.xml
@@ -7,7 +7,6 @@
 	<securecookie host="^(?:www\.)?makershed\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?makershed\.com/"
-		to="https://$1makershed.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Makerble.xml b/src/chrome/content/rules/Makerble.xml
new file mode 100644
index 000000000000..7c0e9e606d26
--- /dev/null
+++ b/src/chrome/content/rules/Makerble.xml
@@ -0,0 +1,9 @@
+<ruleset name="Makerble">
+    <target host="makerble.com" />
+    <target host="*.makerble.com" />
+
+    <rule from="^http://makerble\.com/"
+        to="https://www.makerble.com/" />
+    <rule from="^http://([^/:@]+)\.makerble\.com/"
+        to="https://$1.makerble.com/" />
+</ruleset>
diff --git a/src/chrome/content/rules/Makerbot.xml b/src/chrome/content/rules/Makerbot.xml
index 1eb18b4983e7..04eb8e525d41 100644
--- a/src/chrome/content/rules/Makerbot.xml
+++ b/src/chrome/content/rules/Makerbot.xml
@@ -1,24 +1,59 @@
 <!--
-	Nonfunctional subdomains:
+	CDN buckets:
 
-		- ^	(refused)
-		- www	(521)
+		- makerbot-blog.s3.amazonaws.com
+		- s3.amazonaws.com/mb-nav/
 
 
 	Problematic subdomains:
 
 		- www.store	(cert only matches *.markerbot.com)
 
+
+	Fully covered subdomains:
+
+		- (www.)
+		- accounts
+		- digitalstore
+		- (www.)store	(^ → www)
+
+
+	Observed cookie domains:
+
+		- . *
+		- accounts *
+		- .digitalstore *
+
+	* Secured by us <= not secured by server
+
+
+	Mixed content:
+
+		- Images, on (www.) from:
+
+			- distilleryimage\d\d?.s3.amazonaws.com *
+			- makerbot-blog.s3.amazonaws.com *
+			- pbs.twimg.com *
+
+	* Secured by us
+
 -->
-<ruleset name="Makerbot (partial)">
+<ruleset name="Makerbot">
+
+	<target host="makerbot.com" />
+	<target host="accounts.makerbot.com" />
+	<target host="digitalstore.makerbot.com" />
+	<target host="www.makerbot.com" />
+	<target host="store.makerbot.com" />
+	<target host="www.store.makerbot.com" />
 
-	<target host="*.makerbot.com" />
 
+	<securecookie host="^(?:accounts|\.digitalstore|\.store)?\.makerbot\.com$" name=".+" />
 
-	<securecookie host="^\.store\.makerbot\.com$" name=".+" />
 
 
 	<rule from="^http://(?:www\.)?store\.makerbot\.com/"
 		to="https://store.makerbot.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Makery.info.xml b/src/chrome/content/rules/Makery.info.xml
new file mode 100644
index 000000000000..e8eacaa5c3b3
--- /dev/null
+++ b/src/chrome/content/rules/Makery.info.xml
@@ -0,0 +1,19 @@
+<!--
+	Invalid certificate:
+		cdn.makery.info
+		cop21.makery.info
+		dadadata.makery.info
+		fablabfestival.makery.info
+		laviede.makery.info
+		medialab.makery.info
+		static.makery.info
+
+-->
+<ruleset name="Makery.info" platform="mixedcontent">
+
+	<target host="makery.info" />
+	<target host="www.makery.info" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Makes.org.xml b/src/chrome/content/rules/Makes.org.xml
new file mode 100644
index 000000000000..285c4fb8d2c7
--- /dev/null
+++ b/src/chrome/content/rules/Makes.org.xml
@@ -0,0 +1,29 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://gerv.makes.org/ => https://gerv.makes.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	For other Mozilla coverage, see Mozilla.xml.
+
+
+	CDN buckets:
+
+		- s3.amazonaws.com/makes.org/
+
+
+	Fully covered hosts in *makes.org:
+
+		- gerv
+
+-->
+<ruleset name="Makes.org" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="gerv.makes.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Makewebeasy.com.xml b/src/chrome/content/rules/Makewebeasy.com.xml
index 53b45d111911..99143d2dbdb6 100644
--- a/src/chrome/content/rules/Makewebeasy.com.xml
+++ b/src/chrome/content/rules/Makewebeasy.com.xml
@@ -1,6 +1,6 @@
-<ruleset name="Makewebeasy.com">
-  <target host="makewebeasy.com" />
-  <target host="www.makewebeasy.com" />
+<ruleset name="Makewebeasy.com" default_off="refused">
+	<target host="makewebeasy.com" />
+	<target host="www.makewebeasy.com" />
 
-  <rule from="^http://(www\.)?makewebeasy\.com/" to="https://www.makewebeasy.com/" />
+	<rule from="^http://(?:www\.)?makewebeasy\.com/" to="https://www.makewebeasy.com/" />
 </ruleset>
diff --git a/src/chrome/content/rules/Makeyourlaws.org.xml b/src/chrome/content/rules/Makeyourlaws.org.xml
deleted file mode 100644
index 8d0ccbcb364d..000000000000
--- a/src/chrome/content/rules/Makeyourlaws.org.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!-- This rule was automatically generated based on an HSTS
-     preload rule in the Chromium browser.  See
-     https://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.h
-     for the list of preloads.  Sites are added to the Chromium HSTS
-     preload list on request from their administrators, so HTTPS should
-     work properly everywhere on this site.
-
-     Because Chromium and derived browsers automatically force HTTPS for
-     every access to this site, this rule applies only to Firefox. -->
-<ruleset name="Makeyourlaws.org" platform="firefox">
-<target host="makeyourlaws.org" />
-<target host="www.makeyourlaws.org" />
-
-<securecookie host="^makeyourlaws\.org$" name=".+" />
-<securecookie host="^www\.makeyourlaws\.org$" name=".+" />
-
-<rule from="^http://makeyourlaws\.org/" to="https://makeyourlaws.org/" />
-<rule from="^http://www\.makeyourlaws\.org/" to="https://www.makeyourlaws.org/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Makezine.com.xml b/src/chrome/content/rules/Makezine.com.xml
new file mode 100644
index 000000000000..b328bfbe14ac
--- /dev/null
+++ b/src/chrome/content/rules/Makezine.com.xml
@@ -0,0 +1,23 @@
+<ruleset name="Makezine.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<!--target host="makezine.com" /-->
+	<target host="www.makezine.com" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://makezine\.com/($|\?custom-css=)" /-->
+
+			<!--	+ve:
+					-->
+			<!--test url="http://makezine.com/?custom-css=1" /-->
+
+
+	<securecookie host="^\.makezine\.com$" name="^__cfduid$" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MakiBox.xml b/src/chrome/content/rules/MakiBox.xml
index 7976a009e3a8..2d76d19d7fec 100644
--- a/src/chrome/content/rules/MakiBox.xml
+++ b/src/chrome/content/rules/MakiBox.xml
@@ -1,4 +1,14 @@
-<ruleset name="MakiBox">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://makibox.com/ => https://makibox.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.makibox.com/ => https://www.makibox.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://makibox.com/ => https://makibox.com/: (28, 'Connection timed out after 10001 milliseconds')
+Fetch error: http://www.makibox.com/ => https://www.makibox.com/: (28, 'Connection timed out after 10000 milliseconds')
+-->
+<ruleset name="MakiBox" default_off="failed ruleset test">
 
 	<target host="makibox.com" />
 	<target host="www.makibox.com" />
@@ -7,7 +17,6 @@
 	<securecookie host="^(?:www\.)?makibox\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?makibox\.com/"
-		to="https://$1makibox.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Makrotex.hu.xml b/src/chrome/content/rules/Makrotex.hu.xml
index 28faacddca58..d64914c7e8f9 100644
--- a/src/chrome/content/rules/Makrotex.hu.xml
+++ b/src/chrome/content/rules/Makrotex.hu.xml
@@ -1,5 +1,36 @@
-<ruleset name="Makrotex.hu">
+<!--
+	NB: Server sends no certificate chain, see https://whatsmychaincert.com
+
+
+	Insecure cookies are set for these domains:
+
+		- .makrotex.hu
+
+
+	Mixed content:
+
+		- Images, from:
+
+			- image.arukereso.hu ¹
+			- www.kirakat.hu ²
+
+	¹ Secured by us
+	² Unsecurable <= plaintext reply
+
+-->
+<ruleset name="Makrotex.hu" default_off="cert-chain">
+
 	<target host="makrotex.hu" />
+	<target host="www.makrotex.hu" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.makrotex\.hu$" name="^(?:store_language|xcart_\w+_I|xid_[\da-f]+)$" /-->
+
+	<securecookie host="^\.makrotex\.hu$" name=".+" />
+
 
-	<rule from="^http://makrotex\.hu/" to="https://makrotex.hu/" />
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Malcontents_Gambit.com.xml b/src/chrome/content/rules/Malcontents_Gambit.com.xml
new file mode 100644
index 000000000000..8c1420643ee5
--- /dev/null
+++ b/src/chrome/content/rules/Malcontents_Gambit.com.xml
@@ -0,0 +1,22 @@
+<!--
+	CN: *.ipage.com
+
+
+	Mixed content:
+
+		- iframe from www.hipcast.com
+
+-->
+<ruleset name="Malcontents Gambit.com" default_off="mismatched">
+
+	<target host="malcontentsgambit.com" />
+	<target host="www.malcontentsgambit.com" />
+
+
+	<securecookie host="^(?:www\.)?malcontentsgambit\.com$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?malcontentsgambit\.com/"
+		to="https://www.malcontentsgambit.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Malcovery.com.xml b/src/chrome/content/rules/Malcovery.com.xml
new file mode 100644
index 000000000000..56cd40bc894b
--- /dev/null
+++ b/src/chrome/content/rules/Malcovery.com.xml
@@ -0,0 +1,49 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://blog.malcovery.com/ => https://blog.malcovery.com/: (51, "SSL: no alternative certificate subject name matches target host name 'blog.malcovery.com'")
+Fetch error: http://www.malcovery.com/ => https://www.malcovery.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.malcovery.com'")
+Fetch error: http://malcovery.com/ => https://www.malcovery.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.malcovery.com'")
+
+	Nonfunctional hosts in *malcovery.com:
+
+		- info *
+
+	* 404
+
+
+	^malcovery.com: Refused
+
+
+	Insecure cookies are set for these hosts:
+
+		- blog.malcovery.com
+		- www.malcovery.com
+
+-->
+<ruleset name="Malcovery.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="blog.malcovery.com" />
+	<target host="www.malcovery.com" />
+
+	<!--	Complications:
+				-->
+	<target host="malcovery.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:blog|www)\.malcovery\.com$" name="^hsPagesViewedThisSession$" /-->
+
+	<securecookie host="^(?:blog|www)\.malcovery\.com$" name=".+" />
+
+
+	<rule from="^http://malcovery\.com/"
+		to="https://www.malcovery.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Maliit.org.xml b/src/chrome/content/rules/Maliit.org.xml
deleted file mode 100644
index 93c65897ec3f..000000000000
--- a/src/chrome/content/rules/Maliit.org.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	Fully covered subdomains:
-
-		- wiki
-
-
-	Partially covered subdomains:
-
-		- (www.)	(→ wiki)
-
--->
-<ruleset name="Maliit.org (partial)">
-
-	<target host="maliit.org" />
-	<target host="*.maliit.org" />
-		<exclusion pattern="^http://(?:www\.)?maliit\.org/+(?!\?)" />
-
-
-	<securecookie host="^wiki\.maliit\.org$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?(?:wiki\.)?maliit\.org/"
-		to="https://wiki.maliit.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Mall.cz_sk_pl.xml b/src/chrome/content/rules/Mall.cz_sk_pl.xml
new file mode 100644
index 000000000000..8ff5342d39f2
--- /dev/null
+++ b/src/chrome/content/rules/Mall.cz_sk_pl.xml
@@ -0,0 +1,44 @@
+<!--
+	Nonfunctional hosts in *.mall.sk, mall.cz, mall.pl:
+
+	certificate mismatch:
+		- cs.i.mall.cz
+		- sk.i.mall.cz
+	timeout on https:
+		- test.api.mall.cz
+		- www.blog.mall.cz
+		- test.e.mall.cz
+		- test.m.mall.cz
+		- vanoce.mall.cz
+		- www.vanoce.mall.cz
+		- test.www.mall.cz
+		- test.api.mall.sk
+		- test.m.mall.sk
+		- vianoce.mall.sk
+		- www.vianoce.mall.sk
+		- test.www.mall.sk
+		- test.api.mall.pl
+		- test.m.mall.pl
+		- mallkolaj.mall.pl
+		- www.mallkolaj.mall.pl
+		- test.www.mall.pl
+-->
+<ruleset name="Mall.cz_sk_pl">
+	<target host="mall.cz" />
+	<target host="www.mall.cz" />
+	<target host="mall.sk" />
+	<target host="www.mall.sk" />
+	<target host="mall.pl" />
+	<target host="www.mall.pl" />
+	<target host="api.mall.cz" />
+	<target host="blog.mall.cz" />
+	<target host="m.mall.cz" />
+	<target host="p4u.mall.cz" />
+	<target host="api.mall.sk" />
+	<target host="m.mall.sk" />
+	<target host="api.mall.pl" />
+	<target host="m.mall.pl" />
+	<target host="raty.mall.pl" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Maltris.org.xml b/src/chrome/content/rules/Maltris.org.xml
new file mode 100644
index 000000000000..b7856ced1919
--- /dev/null
+++ b/src/chrome/content/rules/Maltris.org.xml
@@ -0,0 +1,25 @@
+<!--
+	www.maltris.org: Mismatched, CAcert
+
+-->
+<ruleset name="maltris.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="maltris.org" />
+
+	<!--	Complications:
+				-->
+	<target host="www.maltris.org" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://www\.maltris\.org/"
+		to="https://maltris.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Malvern_Diabetic_Foot.org.xml b/src/chrome/content/rules/Malvern_Diabetic_Foot.org.xml
new file mode 100644
index 000000000000..f5aba69948e3
--- /dev/null
+++ b/src/chrome/content/rules/Malvern_Diabetic_Foot.org.xml
@@ -0,0 +1,19 @@
+<!--
+	^malverndiabeticfoot.org doesn't exist.
+
+-->
+<ruleset name="Malvern Diabetic Foot.org">
+
+	<target host="www.malverndiabeticfoot.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.malverndiabeticfoot\.org$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^www\.malverndiabeticfoot\.org$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Malware-research.org.xml b/src/chrome/content/rules/Malware-research.org.xml
new file mode 100644
index 000000000000..463d34a54764
--- /dev/null
+++ b/src/chrome/content/rules/Malware-research.org.xml
@@ -0,0 +1,37 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://malware-research.org/ => https://malware-research.org/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://www.malware-research.org/ => https://www.malware-research.org/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+
+	Insecure cookies are set for these domains:
+
+		- .malware-research.org
+
+
+	Mixed content:
+
+		- css from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="malware-research.org" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="malware-research.org" />
+	<target host="www.malware-research.org" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.malware-research\.org$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.malware-research\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MalwareDomainList.com.xml b/src/chrome/content/rules/MalwareDomainList.com.xml
new file mode 100644
index 000000000000..5b2af70f274d
--- /dev/null
+++ b/src/chrome/content/rules/MalwareDomainList.com.xml
@@ -0,0 +1,14 @@
+<!--
+	Invalid Certificate:
+		malwaredomainlist.com
+-->
+<ruleset name="MalwareDomainList.com" >
+	<target host="malwaredomainlist.com" />
+	<target host="www.malwaredomainlist.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://malwaredomainlist\.com/" to="https://www.malwaredomainlist.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Malware_Tracker.com.xml b/src/chrome/content/rules/Malware_Tracker.com.xml
new file mode 100644
index 000000000000..00b3af6e6a32
--- /dev/null
+++ b/src/chrome/content/rules/Malware_Tracker.com.xml
@@ -0,0 +1,31 @@
+<!--
+	Nonfunctional subdomains:
+
+		- blog *
+
+	* Blogger
+
+
+	Problematic domains:
+
+		- malware-tracker.com *
+
+	* Mismatched
+
+-->
+<ruleset name="Malware Tracker.com (partial)">
+
+	<target host="malwaretracker.com" />
+	<target host="app.malwaretracker.com" />
+	<target host="www.malwaretracker.com" />
+		<!--exclusion pattern="http://blog\.malwaretracker\.com/" /-->
+	<target host="malware-tracker.com" />
+	<target host="www.malware-tracker.com" />
+
+
+
+	<rule from="^http://(?:www\.)?malware-tracker\.com/"
+		to="https://www.malware-tracker.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Malwarebytes.com.xml b/src/chrome/content/rules/Malwarebytes.com.xml
new file mode 100644
index 000000000000..11965db97634
--- /dev/null
+++ b/src/chrome/content/rules/Malwarebytes.com.xml
@@ -0,0 +1,35 @@
+<!--
+
+	For other Malwarebytes coverage, see Malwarebytes.xml
+
+-->
+
+<ruleset name="Malwarebytes.com">
+	<target host="malwarebytes.com" />
+	<target host="www.malwarebytes.com" />
+	<target host="block.malwarebytes.com" />
+	<target host="blog.malwarebytes.com" />
+	<target host="br.malwarebytes.com" />
+	<target host="buy.malwarebytes.com" />
+	<target host="cloud.malwarebytes.com" />
+	<target host="de.malwarebytes.com" />
+	<target host="downloads.malwarebytes.com" />
+	<target host="es.malwarebytes.com" />
+	<target host="forums.malwarebytes.com" />
+	<target host="fr.malwarebytes.com" />
+	<target host="it.malwarebytes.com" />
+	<target host="jobs.malwarebytes.com" />
+	<target host="my.malwarebytes.com" />
+	<target host="nl.malwarebytes.com" />
+	<target host="pl.malwarebytes.com" />
+	<target host="press.malwarebytes.com" />
+	<target host="pt.malwarebytes.com" />
+	<target host="ru.malwarebytes.com" />
+	<target host="shop.malwarebytes.com" />
+	<target host="store.malwarebytes.com" />
+	<target host="support.malwarebytes.com" />
+
+	<securecookie host="^\.store\.malwarebytes\.com$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Malwarebytes.xml b/src/chrome/content/rules/Malwarebytes.xml
index 77b6eba51195..9fc7d9c0fc20 100644
--- a/src/chrome/content/rules/Malwarebytes.xml
+++ b/src/chrome/content/rules/Malwarebytes.xml
@@ -1,11 +1,12 @@
+
 <!--
+	For other Malwarebytes coverage, see Malwarebytes.com.xml
+
+
 	CDN buckets:
 
 		cs88.wac.edgecastcdn.net
 
-			- css.cdn.static
-			- images.cdn.static
-			- js.cdn.static
 			- www
 
 		- wac.1d00.edgecastcdn.net/??1D00/
@@ -33,64 +34,60 @@
 
 	Nonfunctional subdomains:
 
-		- blog *
 		- cdn.blog	(404, netdna)
-		- de **
-		- es **
-		- fr **
-		- it **
-		- press *
-		- pt **
-
-	* Redirects to http, wpengine
-	** 404, edgecast
 
 
 	Problematic subdomains:
 
-		- static-cdn		(404, edgecast)
+		- static		(timeout)
 
 
 	Fully covered subdomains:
 
 		- (www.)
+		- blog
+		- de
+		- es
 		- downloads
 		- facebook
 		- forums
+		- fr
 		- helpdesk
-		- static
-		- cdn.static
-
-		- \w+.cdn.static:
-
-			- css
-			- images
-			- js
-
-		- static-cdn	(→ static)
+		- it
+		- press
+		- pt
+		- static-cdn
 		- store
 		- twitter
 
 
 	Mixed content:
 
-
 		- Images on forums from www
 
 -->
 <ruleset name="Malwarebytes (partial)">
-
+	<!--	Direct rewrites: -->
 	<target host="malwarebytes.org" />
-	<target host="*.malwarebytes.org"/>
+	<target host="www.malwarebytes.org" />
+	<target host="blog.malwarebytes.org" />
+	<target host="de.malwarebytes.org" />
+	<target host="downloads.malwarebytes.org" />
+	<target host="es.malwarebytes.org" />
+	<target host="facebook.malwarebytes.org" />
+	<target host="forums.malwarebytes.org" />
+	<target host="fr.malwarebytes.org" />
+	<target host="helpdesk.malwarebytes.org" />
+	<target host="it.malwarebytes.org" />
+	<target host="press.malwarebytes.org" />
+	<target host="pt.malwarebytes.org" />
+	<target host="static-cdn.malwarebytes.org"/>
+	<target host="store.malwarebytes.org" />
 
 
 	<securecookie host="^(?:helpdesk|\.?store)?\.malwarebytes\.org$" name=".+" />
 
 
-	<rule from="^http://((?:downloads|facebook|forums|helpdesk|static|(?:\w+\.)?cdn\.static|store|www)\.)?malwarebytes\.org/"
-		to="https://$1malwarebytes.org/" />
-
-	<rule from="^http://static(?:-cdn)?\.malwarebytes\.org/"
-		to="https://static.malwarebytes.org/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Malwr.com.xml b/src/chrome/content/rules/Malwr.com.xml
new file mode 100644
index 000000000000..cebcaee10faf
--- /dev/null
+++ b/src/chrome/content/rules/Malwr.com.xml
@@ -0,0 +1,19 @@
+<!--
+	Nonfunctional subdomains:
+
+		- blog *
+
+	* Shows ^
+
+
+	www doesn't exist.
+
+-->
+<ruleset name="Malwr.com (partial)">
+
+	<target host="malwr.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mamba.xml b/src/chrome/content/rules/Mamba.xml
index 03fd80d15bbf..29b589130061 100644
--- a/src/chrome/content/rules/Mamba.xml
+++ b/src/chrome/content/rules/Mamba.xml
@@ -1,12 +1,24 @@
-<ruleset name="Mamba" platform="mixedcontent">
+<!--
+	For other Wamba coverage, see Wamba.com.xml.
 
-	<target host="mamba.ru"/>
-	<target host="*.mamba.ru"/>
-	<target host="www.corp.mamba.ru"/>
+	mamba.ru has both a wildcard DNS record and a wildcard certificate.
+-->
 
-	<rule from="^http://(?:www\.)?(corp\.|img\.|partner\.)?mamba\.ru/"
-		to="https://$1mamba.ru/"/>
+<ruleset name="Mamba.ru">
+	<target host="mamba.ru" />
+	<target host="*.mamba.ru" />
 
-	<securecookie host="^\.mamba\.ru$" name=".*"/>
+	<securecookie host=".+" name=".+" />
 
+	<rule from="^http:" to="https:" />
+
+	<test url="http://www.mamba.ru/" />
+	<test url="http://corp.mamba.ru/" />
+	<test url="http://partner.mamba.ru/" />
+
+	<test url="http://ermgw4vcq52y3mm8wzyk.mamba.ru/" />
+	<test url="http://3yari6sl2tnv4fo6fq3a.mamba.ru/" />
+	<test url="http://vjjmbf91sj523vrpxosp.mamba.ru/" />
+	<test url="http://yz1ahazbbfq58h3qpqy7.mamba.ru/" />
+	<test url="http://flmwkdfd300k1ehphgwn.mamba.ru/" />
 </ruleset>
diff --git a/src/chrome/content/rules/Mammut.xml b/src/chrome/content/rules/Mammut.xml
index d0e1f8de8105..46c3e2d668f7 100644
--- a/src/chrome/content/rules/Mammut.xml
+++ b/src/chrome/content/rules/Mammut.xml
@@ -1,9 +1,13 @@
-<ruleset name="Mammut">
-    <target host="mammut.ch" />
-    <target host="www.mammut.ch" />
 
-    <rule from="^https?://mammut\.ch/"
-        to="https://www.mammut.ch/"/>
-    <rule from="^http://([^/:@]+)?\.mammut\.ch/"
-        to="https://$1.mammut.ch/" />
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://mammut.ch/ => https://mammut.ch/: (28, 'Connection timed out after 20001 milliseconds')
+
+-->
+<ruleset name="Mammut" default_off="failed ruleset test">
+	<target host="mammut.ch" />
+	<target host="www.mammut.ch" />
+
+	<rule from="^http:"
+		to="https:"/>
 </ruleset>
diff --git a/src/chrome/content/rules/ManISec.xml b/src/chrome/content/rules/ManISec.xml
index 5b79916b49be..eb3bace9fd59 100644
--- a/src/chrome/content/rules/ManISec.xml
+++ b/src/chrome/content/rules/ManISec.xml
@@ -8,7 +8,7 @@
 	<target host="www.manisec.com" />
 
 
-	<rule from="^https?://(?:www\.)?manisec\.com/"
+	<rule from="^http://(?:www\.)?manisec\.com/"
 		to="https://www.manisec.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Man_Group.xml b/src/chrome/content/rules/Man_Group.xml
index a62a64e13b7e..2ad73bc753b2 100644
--- a/src/chrome/content/rules/Man_Group.xml
+++ b/src/chrome/content/rules/Man_Group.xml
@@ -2,9 +2,9 @@
     <target host="man.com" />
     <target host="*.man.com" />
 
-    <securecookie host="^(.*\.)?man\.com$" name=".+" />
+    <securecookie host=".+" name=".+"/>
 
-    <rule from="^https?://man\.com/"
+    <rule from="^http://man\.com/"
         to="https://www.man.com/" />
     <rule from="^http://([^/:@]+)?\.man\.com/"
         to="https://$1.man.com/" />
diff --git a/src/chrome/content/rules/Man_in_the_Mirror.org.xml b/src/chrome/content/rules/Man_in_the_Mirror.org.xml
index 8e1c4191a506..fddbc71e2a98 100644
--- a/src/chrome/content/rules/Man_in_the_Mirror.org.xml
+++ b/src/chrome/content/rules/Man_in_the_Mirror.org.xml
@@ -9,13 +9,12 @@
 <ruleset name="Man in the Mirror.org">
 
 	<target host="maninthemirror.org" />
-	<target host="*.maninthemirror.org" />
+	<target host="www.maninthemirror.org" />
 
 
 	<securecookie host="^(?:w*\.)?maninthemirror\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?maninthemirror\.org/"
-		to="https://$1maninthemirror.org/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/ManaBalss.lv.xml b/src/chrome/content/rules/ManaBalss.lv.xml
new file mode 100644
index 000000000000..dc3deede84a0
--- /dev/null
+++ b/src/chrome/content/rules/ManaBalss.lv.xml
@@ -0,0 +1,6 @@
+<ruleset name="ManaBalss.lv">
+  <target host="manabalss.lv" />
+  <target host="www.manabalss.lv" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Manage.cm.xml b/src/chrome/content/rules/Manage.cm.xml
deleted file mode 100644
index cb5dce34fa6a..000000000000
--- a/src/chrome/content/rules/Manage.cm.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="manage.cm">
-
-	<target host="manage.cm" />
-	<target host="*.manage.cm" />
-
-
-	<securecookie host="^\.manage\.cm$" name=".+" />
-
-
-	<rule from="^http://(www\.)?manage\.cm/"
-		to="https://$1manage.cm/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/ManageEngine.jp.xml b/src/chrome/content/rules/ManageEngine.jp.xml
new file mode 100644
index 000000000000..e4af4e40ec86
--- /dev/null
+++ b/src/chrome/content/rules/ManageEngine.jp.xml
@@ -0,0 +1,15 @@
+<!--
+	For other Zoho coverage, see Zoho.xml.
+
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- download.manageengine.jp
+		- support.manageengine.jp
+-->
+<ruleset name="ManageEngine.jp">
+	<target host="manageengine.jp" />
+	<target host="www.manageengine.jp" />
+	<target host="blogs.manageengine.jp" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ManageEngine.xml b/src/chrome/content/rules/ManageEngine.xml
index f16eb2e2b381..ddb0c2291e6a 100644
--- a/src/chrome/content/rules/ManageEngine.xml
+++ b/src/chrome/content/rules/ManageEngine.xml
@@ -2,53 +2,54 @@
 	For other Zoho coverage, see Zoho.xml.
 
 
-	Nonfunctional domains:
+	Nonfunctional hosts in *manageengine.com:
 
-		- www.manageengine.jp	(shows zoho.jp; mismatched, CN: www.zoho.jp)
-		- blogs.manageengine.jp	(403, valid cert)
+		- pl ᵈ
+		- se ᵈ
 
-
-	Problematic domains:
-
-		- training.manageengine.com	(shows www)
-
-
-	Fully covered domains:
-
-		- manageengine.com subdomains:
-
-			- (www.)
-			- blogs
-			- community
-			- forums
-			- ondemand
-			- pitstop *
-			- store
-
-	* Server is configured for rc4 only
+	ᵈ Dropped
 
 
 	Mixed content:
 
+		- css on www from fonts.googleapis.com ¹
+
 		- Images, on:
 
-			- blogs.manageengine.com from blogs.manageengine.com ¹
-			- forums.manageengine.com from uploads.zohocorp.com ²
+			- blogs from blogs.manageengine.com ¹
+			- forums from uploads.zohocorp.com ²
+			- newsletter from tools.manageengine.com ¹
+			- newsletter from www.manageengine.com ¹
 
 	¹ Secured by us
 	² Unsecurable
 
 -->
-<ruleset name="ManageEngine">
+<ruleset name="ManageEngine.com (partial)">
 
 	<target host="manageengine.com" />
-	<target host="*.manageengine.com" />
+	<target host="blogs.manageengine.com" />
+	<target host="community.manageengine.com" />
+	<target host="forums.manageengine.com" />
+	<target host="newsletter.manageengine.com" />
+	<target host="ondemand.manageengine.com" />
+	<target host="partners.manageengine.com" />
+	<target host="pitstop.manageengine.com" />
+	<target host="store.manageengine.com" />
+	<target host="tools.manageengine.com" />
+	<target host="training.manageengine.com" />
+	<target host="www.manageengine.com" />
+
+		<!--	Mixed css from fonts.googleapis.com:
+								-->
+		<test url="http://www.manageengine.com/training/training.html" />
 
 
-	<securecookie host="^forums\.manageengine\.com$" name=".+" />
+	<securecookie host="^\." name="^_gat?$" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^http://((?:blogs|community|forums|ondemand|pitstop|store|www)\.)?manageengine\.com/"
-		to="https://$1manageengine.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Managed_Forex_Program.com.xml b/src/chrome/content/rules/Managed_Forex_Program.com.xml
new file mode 100644
index 000000000000..3eb0473eaeea
--- /dev/null
+++ b/src/chrome/content/rules/Managed_Forex_Program.com.xml
@@ -0,0 +1,39 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://managedforexprogram.com/ => https://managedforexprogram.com/: (51, "SSL: no alternative certificate subject name matches target host name 'managedforexprogram.com'")
+Fetch error: http://www.managedforexprogram.com/ => https://www.managedforexprogram.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.managedforexprogram.com'")
+
+	Insecure cookies are set for these hosts:
+
+		- managedforexprogram.com
+		- www.managedforexprogram.com
+
+
+	Mixed content:
+
+		- css from www.managedforexprogram.com *
+		- Images from www.managedforexprogram.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Managed Forex Program.com (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="managedforexprogram.com" />
+	<target host="www.managedforexprogram.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?managedforexprogram\.com$" name="^[\da-f]{32}$" /-->
+
+	<securecookie host="^(?:www\.)?managedforexprogram\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Manasource.org.xml b/src/chrome/content/rules/Manasource.org.xml
new file mode 100644
index 000000000000..efc20fee0b63
--- /dev/null
+++ b/src/chrome/content/rules/Manasource.org.xml
@@ -0,0 +1,15 @@
+<!--
+	^: refused
+	www: hosted by akamai.
+
+-->
+<ruleset name="manasource.org" default_off="mismatched">
+
+	<target host="manasource.org" />
+	<target host="www.manasource.org" />
+
+
+	<rule from="^http://(?:www\.)?manasource\.org/"
+		to="https://www.manasource.org/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Manchester.gov.uk.xml b/src/chrome/content/rules/Manchester.gov.uk.xml
new file mode 100644
index 000000000000..f60d7526eea4
--- /dev/null
+++ b/src/chrome/content/rules/Manchester.gov.uk.xml
@@ -0,0 +1,138 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://open.manchester.gov.uk/favicon.ico => https://open.manchester.gov.uk/favicon.ico: (51, "SSL: no alternative certificate subject name matches target host name 'open.manchester.gov.uk'")
+Fetch error: http://open.manchester.gov.uk/open => https://open.manchester.gov.uk/open: (51, "SSL: no alternative certificate subject name matches target host name 'open.manchester.gov.uk'")
+
+	Manchester City Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *manchester.gov.uk:
+
+		- www.burialrecords ᶠ
+		- mymanchesterservices ᵈ
+		- www.publicaccess ᵈ
+
+	ᵈ Dropped
+	ᶠ Handshake fails
+
+
+	Problematic hosts in *manchester.gov.uk:
+
+		- (www.)? ᵐ
+		- b3 ᵐ
+		- consult ᵐ
+		- open ᵐ
+		- petitions ᵐ
+		- posters ᵐ
+
+	ᵐ Mismatched
+
+
+	Partially covered hosts in *manchester.gov.uk:
+
+		- open *
+
+	* Some paths differ from (cms|secure)
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- .manchester.gov.uk
+		- consult.manchester.gov.uk
+		- posters.manchester.gov.uk
+		- www.revbens.manchester.gov.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css, on:
+
+			- cms from www.manchester.gov.uk ˢ *
+			- petitions from fonts.typotheque.com
+			- www.revbens from www.manchester.gov.uk ˢ **
+
+		- Images, on:
+
+			- cms, open from open.manchester.gov.uk ˢ
+			- cms, open, www.revbens from www.manchester.gov.uk ˢ
+
+	* Minor
+	** 404s over http & https
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Manchester.gov.uk (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.b3.manchester.gov.uk" />
+	<target host="cms.manchester.gov.uk" />
+	<target host="www.lea.manchester.gov.uk" />
+	<target host="www.revbens.manchester.gov.uk" />
+	<target host="secure.manchester.gov.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="manchester.gov.uk" />
+	<target host="b3.manchester.gov.uk" />
+	<target host="consult.manchester.gov.uk" />
+	<target host="open.manchester.gov.uk" />
+	<target host="www.manchester.gov.uk" />
+
+		<!--	Some paths differ:
+						-->
+		<exclusion pattern="^http://open\.manchester\.gov\.uk/(?!/*(?:favicon\.ico|open(?:$|[?/])))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://open.manchester.gov.uk/Default.aspx" />
+			<test url="http://open.manchester.gov.uk/index.htm" />
+			<test url="http://open.manchester.gov.uk/index.php" />
+			<test url="http://open.manchester.gov.uk/index.xhtml" />
+			<test url="http://open.manchester.gov.uk/site/index.php" />
+
+			<!--	-ve:
+					-->
+			<test url="http://open.manchester.gov.uk/favicon.ico" />
+			<test url="http://open.manchester.gov.uk/open" />
+
+		<!--	Mixed css:
+					-->
+		<!--test url="http://cms.manchester.gov.uk/aab/site_map" /-->
+
+		<!--	Ses cookies without Secure:
+							-->
+		<!--test url="http://www.revbens.manchester.gov.uk/HubEforms/default.asp?ScreenId=eform006" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.manchester\.gov\.uk$" name="^(?:_gat|\w{16}|TestCookie)$" /-->
+	<!--securecookie host="^consult\.manchester\.gov\.uk$" name="^(?:JSESSIONID|ServerID)$" /-->
+	<!--securecookie host="^posters\.manchester\.gov\.uk$" name="^ekm_(?:archiveplus|mo_archivesplus)$" /-->
+	<!--securecookie host="^www\.revbens\.manchester\.gov\.uk$" name="^(?:ASPSESSIONID[A-Z]{8}|CONNECTSID)$" /-->
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^(?!open\.)\w" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?manchester\.gov\.uk/"
+		to="https://cms.manchester.gov.uk/" />
+
+	<rule from="^http://b3\.manchester\.gov\.uk/"
+		to="https://www.b3.manchester.gov.uk/" />
+
+	<rule from="^http://consult\.manchester\.gov\.uk/"
+		to="https://manchester-consult.objective.co.uk/" />
+
+		<test url="http://consult.manchester.gov.uk/portal/contact_us" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MandS.xml b/src/chrome/content/rules/MandS.xml
index 4befc1f71e32..df033307d822 100644
--- a/src/chrome/content/rules/MandS.xml
+++ b/src/chrome/content/rules/MandS.xml
@@ -38,16 +38,23 @@
 <ruleset name="Marks &amp; Spencer" platform="mixedcontent">
 
 	<target host="marksandspencer.com" />
-	<target host="*.marksandspencer.com" />
+	<target host="www.marksandspencer.com" />
+	<target host="www7.marksandspencer.com" />
+	<target host="www10.marksandspencer.com" />
+	<target host="www11.marksandspencer.com" />
+	<target host="asset1.marksandspencer.com" />
+	<target host="asset2.marksandspencer.com" />
+	<target host="help.marksandspencer.com" />
+	<target host="m.marksandspencer.com" />
+	<target host="plana.marksandspencer.com" />
 
 
-	<securecookie host="^(?:.*\.)?marksandspencer\.com$" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
 
 	<rule from="^http://(?:www(7|10|11)?\.)?marksandspencer\.com/"
 		to="https://www$1.marksandspencer.com/" />
 
-	<rule from="^http://(asset[12]|help|m|plana)\.marksandspencer\.com/"
-		to="https://$1.marksandspencer.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Mandrillapp.com.xml b/src/chrome/content/rules/Mandrillapp.com.xml
new file mode 100644
index 000000000000..33d2a14aaaf0
--- /dev/null
+++ b/src/chrome/content/rules/Mandrillapp.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Mandrillapp.com">
+	<target host="mandrillapp.com" />
+	<target host="www.mandrillapp.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mandriva.com-falsemixed.xml b/src/chrome/content/rules/Mandriva.com-falsemixed.xml
deleted file mode 100644
index 3fe698ba99de..000000000000
--- a/src/chrome/content/rules/Mandriva.com-falsemixed.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	For rules not causing false/broken MCB, see Mandriva.com.xml.
-
--->
-<ruleset name="Mandriva.com (false MCB)" platform="mixedcontent">
-
-	<target host="blog.mandriva.com" />
-	<target host="forum.mandriva.com" />
-		<!--
-			Handled in Mandriva.com.xml:
-							-->
-		<!--exclusion pattern="^http://blog\.mandriva\.com/(?!favicon\.ico|\w\w/wp-content/)" /-->
-		<!--exclusion pattern="^http://forum\.mandriva\.com/(?!cron\.php|favicon\.ico|style\.php|\w\w/styles/)" /-->
-		<!--exclusion pattern="^http://(blog|forum)\.mandriva\.com/(?!cron\.php|favicon\.ico|style\.php|\w\w/styles/|\w\w/wp-content/)" /-->
-
-
-	<rule from="^http://(blog|forum)\.mandriva\.com/(?!cron\.php|favicon\.ico|style\.php|\w\w/(?:styles|wp-content)/)"
-		to="https://$1.mandriva.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Mandriva.com.xml b/src/chrome/content/rules/Mandriva.com.xml
deleted file mode 100644
index 78482925dc5c..000000000000
--- a/src/chrome/content/rules/Mandriva.com.xml
+++ /dev/null
@@ -1,100 +0,0 @@
-<!--
-	For rules causing false/broken MCB, see Mandriva.com-falsemixed.xml.
-
-
-	Problematic subdomains:
-
-		- store		(works, expired 2013-05-22)
-
-
-	Partially covered subdomains:
-
-		- blog *
-		- forum *
-
-	* Avoiding false/broken MCB, rest covered in Mandriva.com-falsemixed.xml
-
-
-	Fully covered subdomains:
-
-		- (www.)
-		- expert
-		- git
-		- my
-		- qa
-		- serviceplace
-		- store		(→ serviceplace)
-		- webapps
-		- www2
-
-
-	Observed cookie domains:
-
-		- expert
-		- .forum
-		- lists
-		- my
-		- qa
-		- serviceplace
-
-
-	Mixed content:
-
-		- css, on:
-
-			- blog, from:
-
-				- webapps *
-				- www *
-				- yui.yahooapis.com *
-
-			- forum from www *
-
-		- Images, on:
-
-			- blog, from:
-
-				- blog
-				- webapps *
-				- www *
-				- www.fsfe.org *
-
-			- expert from webapps *
-			- forum from webapps *
-
-	* Secured by us
-
-
-	blog and forum are in a separate falsemixed ruleset
-	due to css from forum, webapps, and www.
-
-	NB: We secure all resources, and thus
-	falsemixed should be merged for Ffx 24.
-
--->
-<ruleset name="Mandriva.com">
-
-	<target host="mandriva.com" />
-	<target host="*.mandriva.com" />
-		<!--
-			Avoid false/broken MCB:
-						-->
-		<!--exclusion pattern="^http://blog\.mandriva\.com/(?!favicon\.ico|\w\w/wp-content/)" /-->
-		<!--exclusion pattern="^http://forum\.mandriva\.com/(?!cron\.php|favicon\.ico|style\.php|\w\w/styles/)" /-->
-		<exclusion pattern="^http://(?:blog|forum)\.mandriva\.com/(?!cron\.php|favicon\.ico|style\.php|\w\w/(?:styles|wp-content)/)" />
-
-
-	<!--securecookie host="^(expert|\.forum|lists|my|qa|serviceplace)\.mandriva\.com$" name=".+" /-->
-	<securecookie host=".+\.mandriva\.com$" name=".+" />
-
-
-	<rule from="^http://((?:blog|expert|forum|git|lists|my|qa|serviceplace|svn|webapps|www2?)\.)?mandriva\.com/"
-		to="https://$1mandriva.com/" />
-
-	<!--	Server drops both trailing slash and path, but we can't
-		emulate the former due to ruleset validation:
-								-->
-	<rule from="^http://store\.mandriva\.com/[^?]*(?=\?.*)?"
-		to="https://serviceplace.mandriva.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Manga.xml b/src/chrome/content/rules/Manga.xml
index c0d6c69cc8d8..917ebf10e690 100644
--- a/src/chrome/content/rules/Manga.xml
+++ b/src/chrome/content/rules/Manga.xml
@@ -1,15 +1,16 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://secure.manga.com/ => https://secure.manga.com/: (7, 'Failed to connect to secure.manga.com port 443: Connection timed out')
+
 	Nonfunctional subdomains:
 
 		- (www.)	(shows secure; mismatched, CN: secure.manga.com
 
 -->
-<ruleset name="Manga (partial)">
-
+<ruleset name="Manga (partial)" default_off="failed ruleset test">
 	<target host="secure.manga.com" />
 
-
-	<rule from="^http://secure\.manga\.com/"
-		to="https://secure.manga.com/" />
-
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mangaupdates.com.xml b/src/chrome/content/rules/Mangaupdates.com.xml
new file mode 100644
index 000000000000..c097e103fe11
--- /dev/null
+++ b/src/chrome/content/rules/Mangaupdates.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Mangaupdates.com">
+  <target host="mangaupdates.com" />
+  <target host="www.mangaupdates.com" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mango.xml b/src/chrome/content/rules/Mango.xml
index eef5c7e6fe46..6260142b45b2 100644
--- a/src/chrome/content/rules/Mango.xml
+++ b/src/chrome/content/rules/Mango.xml
@@ -31,14 +31,14 @@
 -->
 <ruleset name="Mango (partial)">
 
-	<target host="*.mango.com" />
+	<target host="shop.mango.com" />
+	<target host="ssl.mango.com" />
 
 
 	<!--securecookie host="^\.mango\.com$" name="^JSESSIONID$" /-->
 	<securecookie host="^s(?:hop|ssl)\.mango\.com$" name=".+" />
 
 
-	<rule from="^http://s(hop|sl)\.mango\.com/"
-		to="https://s$1.mango.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Mango_Languages.com.xml b/src/chrome/content/rules/Mango_Languages.com.xml
new file mode 100644
index 000000000000..a380f4d2b293
--- /dev/null
+++ b/src/chrome/content/rules/Mango_Languages.com.xml
@@ -0,0 +1,27 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- org.mangolanguages.com
+
+-->
+<ruleset name="Mango Languages.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="mangolanguages.com" />
+	<target host="blog.mangolanguages.com" />
+	<target host="org.mangolanguages.com" />
+	<target host="www.mangolanguages.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^org\.mangolanguages\.com$" name="^(?:_map_session|request_method)$" /-->
+
+	<securecookie host="^org\.mangolanguages\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Manhattan-Institute.xml b/src/chrome/content/rules/Manhattan-Institute.xml
index bf2d345bb603..098d8e66c6b6 100644
--- a/src/chrome/content/rules/Manhattan-Institute.xml
+++ b/src/chrome/content/rules/Manhattan-Institute.xml
@@ -1,10 +1,21 @@
-<ruleset name="Manhattan Institute" platform="mixedcontent">
+<!--
+	www3: Shows default page
+
+
+	Mixed content:
+
+		- Images from www.manhattan-institute.org ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Manhattan-Institute.org">
 
 	<target host="manhattan-institute.org" />
 	<target host="www.manhattan-institute.org" />
 
 
-	<rule from="^http://(www\.)?manhattan-institute\.org/"
-		to="https://$1manhattan-institute.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Manhattanite.xml b/src/chrome/content/rules/Manhattanite.xml
index 2d5905615485..2cedae23b3eb 100644
--- a/src/chrome/content/rules/Manhattanite.xml
+++ b/src/chrome/content/rules/Manhattanite.xml
@@ -2,13 +2,11 @@
 
 	<target host="shopmanhattanite.com" />
 	<target host="www.shopmanhattanite.com" />
-	<target host="*.www.shopmanhattanite.com" />
 
 
 	<securecookie host="^\.www\.shopmanhattanite\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?shopmanhattanite\.com/"
-		to="https://$1shopmanhattanite.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Manhattanville_College.xml b/src/chrome/content/rules/Manhattanville_College.xml
index ae7dfad109c3..25c79b22e70e 100644
--- a/src/chrome/content/rules/Manhattanville_College.xml
+++ b/src/chrome/content/rules/Manhattanville_College.xml
@@ -5,14 +5,15 @@
 <ruleset name="Manhattanville College (partial)">
 
 	<target host="mville.edu" />
-	<target host="*.mville.edu" />
+	<target host="community.mville.edu" />
+	<target host="selfservice.mville.edu" />
+	<target host="www.mville.edu" />
 		<exclusion pattern="^http://(?:www\.)?mville\.edu/(?!/?images/|favicon\.ico|modules/|plugins/|templates/)" />
 
 
 	<securecookie host="^(?:community|selfservice)\.mville\.edu$" name=".+" />
 
 
-	<rule from="^http://(community\.|selfservice\.|www\.)?mville\.edu/"
-		to="https://$1mville.edu/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Manitu.de.xml b/src/chrome/content/rules/Manitu.de.xml
new file mode 100644
index 000000000000..c23ab5a8a39b
--- /dev/null
+++ b/src/chrome/content/rules/Manitu.de.xml
@@ -0,0 +1,25 @@
+<!--
+	Problematic domains:
+
+		- manitu.net *
+
+	* Mismatched
+
+-->
+<ruleset name="manitu.de">
+
+	<target host="manitu.de" />
+	<target host="status.manitu.de" />
+	<target host="www.manitu.de" />
+	<target host="manitu.net" />
+	<target host="www.manitu.net" />
+
+
+
+	<!--	Simple redirect to .de:
+					-->
+	<rule from="^http://(?:www\.)?manitu\.net/"
+		to="https://www.manitu.net/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Manjaro.org.xml b/src/chrome/content/rules/Manjaro.org.xml
new file mode 100644
index 000000000000..902bc53929ea
--- /dev/null
+++ b/src/chrome/content/rules/Manjaro.org.xml
@@ -0,0 +1,38 @@
+<!--
+	Nonfunctional hosts in *manjaro.org:
+
+		- (www.)? ¹
+		- repo ²
+
+	¹ Redirects to wiki.manjaro.org
+	² Refused
+
+
+	Mixed content:
+
+		- Image on de from forum.manjaro.org *
+
+	* Secured by us
+
+-->
+<ruleset name="Manjaro.org (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="de.manjaro.org" />
+	<target host="forum.manjaro.org" />
+	<target host="lists.manjaro.org" />
+	<target host="wiki.manjaro.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:de|forum)\.manjaro\.org$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^(?:de|forum)\.manjaro\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Manlysealifesanctuary.com.au.xml b/src/chrome/content/rules/Manlysealifesanctuary.com.au.xml
new file mode 100644
index 000000000000..55dcb379ace8
--- /dev/null
+++ b/src/chrome/content/rules/Manlysealifesanctuary.com.au.xml
@@ -0,0 +1,18 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://secure.manlysealifesanctuary.com.au/ => https://secure.manlysealifesanctuary.com.au/: (6, 'Could not resolve host: secure.manlysealifesanctuary.com.au')
+
+	For other Merlin Entertainments coverage, see Merlin-Entertainments.xml.
+-->
+
+<ruleset name="Manly SEA LIFE Sanctuary" default_off="failed ruleset test">
+	<target host="manlysealifesanctuary.com.au" />
+	<target host="secure.manlysealifesanctuary.com.au" />
+	<target host="www.manlysealifesanctuary.com.au" />
+
+	<securecookie host=".*\.manlysealifesanctuary\.com\.au$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mannheim.de.xml b/src/chrome/content/rules/Mannheim.de.xml
new file mode 100644
index 000000000000..732da331c164
--- /dev/null
+++ b/src/chrome/content/rules/Mannheim.de.xml
@@ -0,0 +1,19 @@
+<!--
+	Invalid Certificate:
+		beteiligungshaushalt.mannheim.de
+		konversion.mannheim.de
+		waehlenab18.mannheim.de
+-->
+<ruleset name="Mannheim.de (partial)">
+
+	<!-- *mannheim.de -->
+	<target host="mannheim.de"/>
+	<target host="www.mannheim.de"/>
+	<target host="katalog.mannheim.de"/>
+	<target host="opendata.mannheim.de"/>
+	<target host="stadtarchiv.mannheim.de"/>
+	<target host="web2.mannheim.de"/>
+		<test url="http://web2.mannheim.de/wahlatlas/" />
+
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/Manor.ch.xml b/src/chrome/content/rules/Manor.ch.xml
new file mode 100644
index 000000000000..cc243266bec3
--- /dev/null
+++ b/src/chrome/content/rules/Manor.ch.xml
@@ -0,0 +1,25 @@
+<!--
+	Nonfunctional hosts in *.manor.ch:
+		- foto.manor.ch (m)
+		- fotos.manor.ch (m)
+		- m.de.fotos.manor.ch (m)
+		- m.fr.fotos.manor.ch (m)
+		- m.it.fotos.manor.ch (m)
+		- photo.manor.ch (m)
+		- shoppingquiz.manor.ch (m)
+		- tokyo.manor.ch (m)
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Manor.ch">
+	<target host="manor.ch" />
+	<target host="www.manor.ch" />
+	<target host="careers.manor.ch" />
+	<target host="connect.manor.ch" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Manta.xml b/src/chrome/content/rules/Manta.xml
index 6ff3c33a4f78..471f6a5dbaf1 100644
--- a/src/chrome/content/rules/Manta.xml
+++ b/src/chrome/content/rules/Manta.xml
@@ -1,4 +1,14 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://manta.com/ => https://manta.com/: (51, "SSL: no alternative certificate subject name matches target host name 'manta.com'")
+
+-->
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://manta.com/ => https://manta.com/: (51, "SSL: no alternative certificate subject name matches target host name 'manta.com'")
+
 	Nonfunctional domains:
 
 		- services.manta-r1.com		(400; mismatched, CN: *.hs.llnwd.net)
@@ -13,7 +23,7 @@
 	* Works; mismatched, CN: www.manta.com
 
 -->
-<ruleset name="Manta (partial)">
+<ruleset name="Manta (partial)" default_off="failed ruleset test">
 
 	<target host="manta.com" />
 	<target host="*.manta.com" />
@@ -26,7 +36,7 @@
 	<rule from="^http://(?:llnw\.|(www\.))?manta\.com/"
 		to="https://$1manta.com/" />
 
-	<rule from="^https?://m\d\.manta-r1\.com/"
+	<rule from="^http://m\d\.manta-r1\.com/"
 		to="https://www.mata.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Manticore.xml b/src/chrome/content/rules/Manticore.xml
deleted file mode 100644
index 6fda5ea8f061..000000000000
--- a/src/chrome/content/rules/Manticore.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<ruleset name="Manticore (partial)">
-
-	<target host="*.manticoretechnology.com"/>
-
-
-	<securecookie host="^stats\.manticoretechnology\.com$" name=".*" />
-
-
-	<rule from="^http://(?:app|purl)\.manticoretechnology\.com/"
-		to="https://app.manticoretechnology.com/"/>
-
-	<rule from="^http://stats\.manticoretechnology\.com/"
-		to="https://stats.manticoretechnology.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Mantis_Ad_Network.com.xml b/src/chrome/content/rules/Mantis_Ad_Network.com.xml
new file mode 100644
index 000000000000..a5d479e8a271
--- /dev/null
+++ b/src/chrome/content/rules/Mantis_Ad_Network.com.xml
@@ -0,0 +1,55 @@
+<!--
+	CDN buckets:
+
+		- mantis-wp.s3.amazonaws.com
+
+
+	(www.)?mantisadnetwork.com: Mismatched
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .mantisadnetwork.com
+		- admin.mantisadnetwork.com
+
+
+	Mixed content:
+
+		- css on www from $self
+
+		- Images, on:
+
+			- www from mantis-wp.s3.amazonaws.com
+			- www from $self
+
+-->
+<ruleset name="Mantis Ad Network.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<!--target host="mantisadnetwork.com" /-->
+	<target host="admin.mantisadnetwork.com" />
+	<target host="mantodea.mantisadnetwork.com" />
+	<!--target host="www.mantisadnetwork.com" /-->
+
+	<!--	Complications:
+				-->
+	<target host="status.mantisadnetwork.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.mantisadnetwork\.com$" name="^uuid$" /-->
+	<!--securecookie host="^admin\.mantisadnetwork\.com$" name="connect\.sid$" /-->
+
+	<securecookie host="^\.mantisadnetwork\.com$" name="^uuid$" />
+	<securecookie host="^admin\.mantisadnetwork\.com$" name=".+" />
+
+
+	<rule from="^http://status\.mantisadnetwork\.com/"
+		to="https://mantisadnetwork.statuspage.io/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mantor.org.xml b/src/chrome/content/rules/Mantor.org.xml
new file mode 100644
index 000000000000..046f2f19c40e
--- /dev/null
+++ b/src/chrome/content/rules/Mantor.org.xml
@@ -0,0 +1,13 @@
+<ruleset name="Mantor.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="mantor.org" />
+	<target host="danny.mantor.org" />
+	<target host="www.mantor.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ManuFrog-Webbhotell.xml b/src/chrome/content/rules/ManuFrog-Webbhotell.xml
index 07e3d1669a8f..165d8b36894a 100644
--- a/src/chrome/content/rules/ManuFrog-Webbhotell.xml
+++ b/src/chrome/content/rules/ManuFrog-Webbhotell.xml
@@ -11,7 +11,7 @@
 	<target host="*.manufrog.com" />
 
 
-	<securecookie host="^webmail\.manufrog\.com$" name=".*" />
+	<securecookie host="^webmail\.manufrog\.com$" name=".+" />
 
 
 	<!--	manu1 to manu31 exist.	-->
diff --git a/src/chrome/content/rules/Manutan.fr.xml b/src/chrome/content/rules/Manutan.fr.xml
new file mode 100644
index 000000000000..c2d060efd0f5
--- /dev/null
+++ b/src/chrome/content/rules/Manutan.fr.xml
@@ -0,0 +1,53 @@
+<!--
+	Problematic hosts:
+
+		- ^ *
+
+	* Mismatched
+
+
+	Fully covered hosts:
+
+		- (www.)?	(^ → www)
+		- static
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.manutan.fr
+
+
+	Mixed content:
+
+		- Images from $self *
+		- Ads from meltwaternews.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Manutan.fr">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="static.manutan.fr" />
+	<target host="www.manutan.fr" />
+
+	<!--	Complications:
+				-->
+	<target host="manutan.fr" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.manutan\.fr$" name="^(JSESSIONID|WC_ACTIVEPOINTER|WC_AUTHENTICATION_-\d+|WC_GENERIC_ACTIVITYDATA|WC_PERSISTENT|WC_SESSION_ESTABLISHED|WC_USERACTIVITY_-\d+)$" /-->
+
+	<securecookie host="^www\.manutan\.fr$" name=".+" />
+
+
+	<rule from="^http://manutan\.fr/"
+		to="https://www.manutan.fr/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Manx_Computer_Bureau.xml b/src/chrome/content/rules/Manx_Computer_Bureau.xml
index 65617a710793..58983c762aaf 100644
--- a/src/chrome/content/rules/Manx_Computer_Bureau.xml
+++ b/src/chrome/content/rules/Manx_Computer_Bureau.xml
@@ -1,10 +1,18 @@
-<ruleset name="Manx Computer Bureau">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://mcb.net/ => https://mcb.net/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://mail.mcb.net/ => https://mail.mcb.net/: (7, 'Failed to connect to mail.mcb.net port 443: No route to host')
+Fetch error: http://www.mcb.net/ => https://www.mcb.net/: (28, 'Connection timed out after 20002 milliseconds')
+
+-->
+<ruleset name="Manx Computer Bureau" default_off="failed ruleset test">
 
 	<target host="mcb.net" />
-	<target host="*.mcb.net" />
+	<target host="mail.mcb.net" />
+	<target host="www.mcb.net" />
 
 
-	<rule from="^http://(mail\.|www\.)?mcb\.net/"
-		to="https://$1mcb.net/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ManyVids.com.xml b/src/chrome/content/rules/ManyVids.com.xml
new file mode 100644
index 000000000000..8bdcb2587dc6
--- /dev/null
+++ b/src/chrome/content/rules/ManyVids.com.xml
@@ -0,0 +1,34 @@
+<!--
+	Nonfunctional hosts in *manyvids.com:
+
+		- support *
+
+	* Zendesk / redirects to http
+
+
+	Insecure cookies are set for these domains: ᶜ
+
+		- .manyvids.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="ManyVids.com (partial)">
+
+	<target host="manyvids.com" />
+	<target host="dashboard.manyvids.com" />
+	<target host="upload.manyvids.com" />
+	<target host="www.manyvids.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.manyvids\.com$" name="^(?:AWSELB|PHPSESSID)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MapBox.xml b/src/chrome/content/rules/MapBox.xml
index 7c3eb1db44f6..5a40c7e480a1 100644
--- a/src/chrome/content/rules/MapBox.xml
+++ b/src/chrome/content/rules/MapBox.xml
@@ -1,40 +1,46 @@
 <!--
 	CDN buckets:
 
-		- dnv9my2eseobd.cloudfront.net
+		- d3eju24r2ptc5d.cloudfront.net
 
 			- api.tiles.mapbox.com
 
-		- mapbox.tenderapp.com
-
-			- support.mapbox.com
-
-
-	Nonfunctional subdomains:
+		- dnv9my2eseobd.cloudfront.net
 
-		- (www.)
 
+	Problematic hosts in *mapbox.com:
 
-	Problematic subdomains:
+		- support *
 
-		- support	(works; mismatched, CN: *.tenderapp.com)
+	* Refused
 
 -->
-<ruleset name="MapBox (partial)">
+<ruleset name="MapBox.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="mapbox.com" />
+	<target host="tiles.mapbox.com" />
+	<target host="api.tiles.mapbox.com" />
+	<target host="www.mapbox.com" />
 
-	<target host="*.mapbox.com" />
+	<!--	Complications:
+				-->
+	<target host="support.mapbox.com" />
 
 
-	<securecookie host="^mapbox\.tenderapp\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^https?://support\.mapbox\.com/"
-		to="https://mapbox.tenderapp.com/" />
+	<!--	Redirect drops path, args,
+		and forward slash:
+					-->
+	<rule from="^http://support\.mapbox\.com/.*"
+		to="https://www.mapbox.com/help/" />
 
-	<rule from="^http://tiles\.mapbox\.com/"
-		to="https://tiles.mapbox.com/" />
+		<test url="http://support.mapbox.com/home" />
 
-	<rule from="^https?://api\.tiles\.mapbox\.com/"
-		to="https://dnv9my2eseobd.cloudfront.net/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MapLight.org.xml b/src/chrome/content/rules/MapLight.org.xml
new file mode 100644
index 000000000000..830a04568f69
--- /dev/null
+++ b/src/chrome/content/rules/MapLight.org.xml
@@ -0,0 +1,21 @@
+<!--
+	Private subdomain:
+		civicrm.maplight.org
+
+	No working URL known:
+		staging.civicrm.maplight.org
+
+	Invalid certificate:
+		data.maplight.org
+		images.maplight.org
+
+-->
+<ruleset name="MapLight">
+
+	<target host="maplight.org" />
+	<target host="www.maplight.org" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MapLight.xml b/src/chrome/content/rules/MapLight.xml
deleted file mode 100644
index 0179351028d6..000000000000
--- a/src/chrome/content/rules/MapLight.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="MapLight" default_off="expired">
-
-	<target host="maplight.org" />
-	<target host="www.maplight.org" />
-
-
-	<rule from="^http://(?:www\.)?maplight\.org/"
-		to="https://maplight.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Mapillary.com.xml b/src/chrome/content/rules/Mapillary.com.xml
new file mode 100644
index 000000000000..875ba40936db
--- /dev/null
+++ b/src/chrome/content/rules/Mapillary.com.xml
@@ -0,0 +1,43 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://elva.mapillary.com/ => https://elva.mapillary.com/: (6, 'Could not resolve host: elva.mapillary.com')
+
+	Problematic subdomains:
+
+		^:    Refused
+		blog: Timeout
+		edu:  Mismatch
+
+
+
+	Mixed content:
+
+		- favicon from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Mapillary.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.mapillary.com" />
+
+	<target host="a.mapillary.com" />
+	<target host="elva.mapillary.com" />
+	<target host="legacy.mapillary.com" />
+	<target host="forum.mapillary.com" />
+
+	<!--	Complications:
+				-->
+	<target host="mapillary.com" />
+
+
+	<rule from="^http://mapillary\.com/"
+		to="https://www.mapillary.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Maplesoft.com.xml b/src/chrome/content/rules/Maplesoft.com.xml
new file mode 100644
index 000000000000..081c4be64904
--- /dev/null
+++ b/src/chrome/content/rules/Maplesoft.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Maplesoft.com">
+  <target host="maplesoft.com" />
+  <target host="www.maplesoft.com" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mapped_in_Israel.com.xml b/src/chrome/content/rules/Mapped_in_Israel.com.xml
new file mode 100644
index 000000000000..5fa8661ee651
--- /dev/null
+++ b/src/chrome/content/rules/Mapped_in_Israel.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="Mapped in Israel.com">
+
+	<target host="mappedinisrael.com" />
+	<target host="www.mappedinisrael.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mapping_Media_Freedom.org.xml b/src/chrome/content/rules/Mapping_Media_Freedom.org.xml
new file mode 100644
index 000000000000..207e41008ab9
--- /dev/null
+++ b/src/chrome/content/rules/Mapping_Media_Freedom.org.xml
@@ -0,0 +1,41 @@
+<!--
+	www.mappingmediafreedom.org: Mismatched
+
+
+	Insecure cookies are set for these domains:
+
+		- .mappingmediafreedom.org
+
+
+	Mixed content:
+
+		- css from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Mapping media freedom.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="mappingmediafreedom.org" />
+
+	<!--	Complications:
+				-->
+	<target host="www.mappingmediafreedom.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.mappingmediafreedom\.org$" name="^__utm\w+$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://www\.mappingmediafreedom\.org/"
+		to="https://mappingmediafreedom.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Maps.me.xml b/src/chrome/content/rules/Maps.me.xml
new file mode 100644
index 000000000000..f4a715319eee
--- /dev/null
+++ b/src/chrome/content/rules/Maps.me.xml
@@ -0,0 +1,20 @@
+<!--
+    Nonfunctional subdomains:
+	    - blog
+
+    Other My.com rulesets:
+	    - My.com.xml
+-->
+<ruleset name="Maps.me">
+    <target host="maps.me" />
+    <target host="www.maps.me" />
+    <target host="fb.maps.me" />
+
+    <securecookie host="^(www\.)?maps\.me" name=".+" />
+
+    <rule from="^http://fb\.maps\.me/"
+            to="https://www.facebook.com/MapsWithMe/" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mapy.cz.xml b/src/chrome/content/rules/Mapy.cz.xml
new file mode 100644
index 000000000000..980dacc52689
--- /dev/null
+++ b/src/chrome/content/rules/Mapy.cz.xml
@@ -0,0 +1,10 @@
+<!--
+    For other Seznam.cz coverage, see Seznam.cz.xml.
+-->
+<ruleset name="Mapy.cz">
+    <target host="mapy.cz" />
+    <target host="www.mapy.cz" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mapzen.com.xml b/src/chrome/content/rules/Mapzen.com.xml
new file mode 100644
index 000000000000..d52b2d0b8c92
--- /dev/null
+++ b/src/chrome/content/rules/Mapzen.com.xml
@@ -0,0 +1,17 @@
+<!--
+	CDN buckets:
+
+		- s3.amazonaws.com/assets-staging.mapzen.com/
+
+-->
+<ruleset name="Mapzen.com">
+
+	<target host="mapzen.com" />
+	<target host="whosonfirst.mapzen.com" />
+	<target host="www.mapzen.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Marathon_Bet.com.xml b/src/chrome/content/rules/Marathon_Bet.com.xml
index 231507f9995d..69966bb4b58e 100644
--- a/src/chrome/content/rules/Marathon_Bet.com.xml
+++ b/src/chrome/content/rules/Marathon_Bet.com.xml
@@ -39,7 +39,8 @@
 <ruleset name="Marathon Bet.com (partial)" platform="mixedcontent">
 
 	<target host="marathonbet.com" />
-	<target host="*.marathonbet.com" />
+	<target host="www.marathonbet.com" />
+	<target host="static.marathonbet.com" />
 
 
 	<securecookie host="^(?:www)?\.marathonbet\.com$" name=".+" />
@@ -48,7 +49,6 @@
 	<rule from="^http://(?:www\.)?marathonbet\.com/"
 		to="https://www.marathonbet.com/" />
 
-	<rule from="^http://static\.marathonbet\.com/"
-		to="https://static.marathonbet.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Marc-Stevens.nl.xml b/src/chrome/content/rules/Marc-Stevens.nl.xml
new file mode 100644
index 000000000000..a2a76d6e6245
--- /dev/null
+++ b/src/chrome/content/rules/Marc-Stevens.nl.xml
@@ -0,0 +1,9 @@
+<ruleset name="Marc-Stevens.nl">
+
+	<target host="marc-stevens.nl" />
+	<target host="www.marc-stevens.nl" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Marc_Rogers.org.xml b/src/chrome/content/rules/Marc_Rogers.org.xml
new file mode 100644
index 000000000000..09adc9a5e0de
--- /dev/null
+++ b/src/chrome/content/rules/Marc_Rogers.org.xml
@@ -0,0 +1,12 @@
+<ruleset name="Marc Rogers.org">
+
+	<target host="marcrogers.org" />
+	<target host="www.marcrogers.org" />
+
+
+	<securecookie host="^\.marcrogers\.org$" name="^__cfduid$" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Marcan.st.xml b/src/chrome/content/rules/Marcan.st.xml
new file mode 100644
index 000000000000..58abe8b996ff
--- /dev/null
+++ b/src/chrome/content/rules/Marcan.st.xml
@@ -0,0 +1,11 @@
+<ruleset name="marcan.st">
+
+	<target host="marcan.st" />
+	<target host="www.marcan.st" />
+	<target host="marcansoft.com" />
+	<target host="www.marcansoft.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/March_for_Babies.org.xml b/src/chrome/content/rules/March_for_Babies.org.xml
index ab9b05342910..26797d933021 100644
--- a/src/chrome/content/rules/March_for_Babies.org.xml
+++ b/src/chrome/content/rules/March_for_Babies.org.xml
@@ -24,7 +24,8 @@
 <ruleset name="March for Babies.org (partial)">
 
 	<target host="marchforbabies.org" />
-	<target host="*.marchforbabies.org" />
+	<target host="www.marchforbabies.org" />
+	<target host="m.marchforbabies.org" />
 
 
 	<securecookie host="^(?:www)?\.marchforbabies\.org$" name=".+" />
@@ -33,7 +34,6 @@
 	<rule from="^http://(?:www\.)?marchforbabies\.org/"
 		to="https://www.marchforbabies.org/" />
 
-	<rule from="^http://m\.marchforbabies\.org/"
-		to="https://m.marchforbabies.org/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Marchex.xml b/src/chrome/content/rules/Marchex.xml
index 611db5bade8f..c4a19dd149cf 100644
--- a/src/chrome/content/rules/Marchex.xml
+++ b/src/chrome/content/rules/Marchex.xml
@@ -1,13 +1,37 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://c.enhance.com/ => https://c.enhance.com/: (7, 'Failed to connect to c.enhance.com port 443: Connection refused')
+Fetch error: http://marchex.com/ => https://marchex.com/: (7, 'Failed to connect to marchex.com port 443: Connection timed out')
+Fetch error: http://voicestar.com/ => https://www.marchex.com/call-tracking/analytics/: (7, 'Failed to connect to www.marchex.com port 443: Connection timed out')
+Fetch error: http://www.voicestar.com/ => https://www.marchex.com/call-tracking/analytics/: (7, 'Failed to connect to www.marchex.com port 443: Connection timed out')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://c.enhance.com/ => https://c.enhance.com/: (60, 'SSL certificate problem: certificate has expired')
+
+
+	Other Marchex rulesets:
+
+		- Industrybrains.com.xml
+
+
 	Nonfunctional domains:
 
 		- (www.)enhance.com
-		- (www.)marchex.com
 
 
 	investors.marchex.com is handled in Thomson-Reuters-clients.xml.
 
 
+	Problematic domains:
+
+		- blog.marchex.com ¹
+		- investors.marchex.com ²
+
+	¹ Works; self-signed, CN: Parallels Panel
+	² Works, akamai
+
+
 	Fully covered domains:
 
 		- industrybrains.com subdomains:
@@ -15,8 +39,31 @@
 			- images
 			- shlinks
 
+		- (www.)marchex.com
+		- dcm.marchex.com
+
+		- (www.)voicestar.com	(-> www.marchex.com)
+
+
+	Mixed content:
+
+		- css, on:
+
+			- blog.marchex.com and investors.marchex.com from www.marchex.com ¹
+			- investors.marchex.com from phx.corporate-ir.net ¹
+
+		- Images, on:
+
+			- blog.marchex.com from $self ²
+			- investors from media.corporate-ir.net ¹
+
+		- favicon on www.marchex.com from $self ¹
+
+	¹ Secured by us
+	² Not secured by us <= invalid cert
+
 -->
-<ruleset name="Marchex (partial)">
+<ruleset name="Marchex (partial)" default_off="failed ruleset test">
 
 	<target host="c.enhance.com" />
 	<target host="industrybrains.com" />
@@ -25,11 +72,20 @@
 		Homepage 302s to http.
 					-->
 		<exclusion pattern="^http://www\.industrybrains\.com/(?:$|\?)" />
-	<target host="ppc.adhere.marchex.com" />
+	<target host="marchex.com" />
+	<target host="*.marchex.com" />
+	<target host="voicestar.com" />
+	<target host="www.voicestar.com" />
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^dcm\.marchex\.com$" name="^_pfc_ui_session$" /-->
+	<!--securecookie host="^www\.marchex\.com$" name="^PHPSESSID$" /-->
 
 	<securecookie host="^www\.industrybrains\.com$" name=".+" />
 	<securecookie host="^ppc\.adhere\.marchex\.com$" name=".+" />
+	<securecookie host="^(?:dcm|www)\.marchex\.com$" name=".+" />
 
 
 	<rule from="^http://c\.enhance\.com/"
@@ -44,7 +100,12 @@
 	<rule from="^http://(image|jlink|shlink)s\.industrybrains\.com/"
 		to="https://$1s.industrybrains.com/" />
 
-	<rule from="^http://ppc\.adhere\.marchex\.com/"
-		to="https://ppc.adhere.marchex.com/" />
+	<rule from="^http://((?:dcm|ppc\.adhere|www)\.)?marchex\.com/"
+		to="https://$1marchex.com/" />
+
+	<!--	Redirect drops path but not args:
+							-->
+	<rule from="^http://(?:www\.)?voicestar\.com/[^?]*"
+		to="https://www.marchex.com/call-tracking/analytics/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Marcusoft.net.xml b/src/chrome/content/rules/Marcusoft.net.xml
new file mode 100644
index 000000000000..e563d54f7ae1
--- /dev/null
+++ b/src/chrome/content/rules/Marcusoft.net.xml
@@ -0,0 +1,14 @@
+<!--
+	Timed out:
+		- marcusoft.net, equivalent to www.marcusoft.net
+-->
+
+<ruleset name="Marcusoft.net">
+	<target host="marcusoft.net" />
+	<target host="www.marcusoft.net" />
+
+	<rule from="^http://marcusoft\.net/"
+		to="https://www.marcusoft.net/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MarginalRevolution.com.xml b/src/chrome/content/rules/MarginalRevolution.com.xml
new file mode 100644
index 000000000000..e90bb8666255
--- /dev/null
+++ b/src/chrome/content/rules/MarginalRevolution.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="MarginalRevolution.com">
+	<target host="marginalrevolution.com" />
+	<target host="www.marginalrevolution.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Marhab.xml b/src/chrome/content/rules/Marhab.xml
deleted file mode 100644
index 2bb8b8673e7b..000000000000
--- a/src/chrome/content/rules/Marhab.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)	(record_too_long)
-		- www1		(shows fb, mismatched, CN: fb1)
-
--->
-<ruleset name="Marhab (partial)">
-
-	<target host="*.marhab.com" />
-
-
-	<securecookie host="^fb1\.marhab\.com$" name=".+" />
-
-
-	<rule from="^http://(cdn4|fb1|static)\.marhab\.com/"
-		to="https://$1.marhab.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Marhaba_Brighton.xml b/src/chrome/content/rules/Marhaba_Brighton.xml
deleted file mode 100644
index 209776b18b0f..000000000000
--- a/src/chrome/content/rules/Marhaba_Brighton.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Marhaba Brighton">
-
-	<target host="marhababrighton.co.uk" />
-	<target host="*.marhababrighton.co.uk" />
-
-
-	<securecookie host="^\.marhababrighton\.co\.uk$" name=".+" />
-
-
-	<rule from="^http://(www\.)?marhababrighton\.co\.uk/"
-		to="https://$1marhababrighton.co.uk/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/MariaDB.com.xml b/src/chrome/content/rules/MariaDB.com.xml
new file mode 100644
index 000000000000..ef14a713f8be
--- /dev/null
+++ b/src/chrome/content/rules/MariaDB.com.xml
@@ -0,0 +1,42 @@
+<!--
+	Other MariaDB Corporation rulesets:
+		- Monty_Program.xml
+		- SkySQL.com.xml
+
+	Content mismatch:
+		download.mariadb.com
+
+	Invalid certificate:
+		dl02.mariadb.com
+		feedback.mariadb.com
+		kbproxy.mariadb.com
+		maxscale-jenkins.mariadb.com
+
+	Timeout:
+		enterprise.mariadb.com
+-->
+<ruleset name="MariaDB.com">
+
+	<target host="mariadb.com" />
+	<target host="www.mariadb.com" />
+	<target host="cloud.mariadb.com" />
+	<target host="customers.mariadb.com" />
+	<target host="dlm.mariadb.com" />
+	<target host="downloads.mariadb.com" />
+	<target host="exam.mariadb.com" />
+	<target host="go.mariadb.com" />
+	<target host="go2.mariadb.com" />
+	<target host="id.mariadb.com" />
+	<target host="intranet.mariadb.com" />
+	<target host="jira-new.mariadb.com" />
+	<target host="maxscale-ci.mariadb.com" />
+	<target host="r.mariadb.com" />
+	<target host="sltk.mariadb.com" />
+	<target host="support.mariadb.com" />
+	<target host="training-exercises.mariadb.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"	to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MariaDB.org.xml b/src/chrome/content/rules/MariaDB.org.xml
new file mode 100644
index 000000000000..513f0485f663
--- /dev/null
+++ b/src/chrome/content/rules/MariaDB.org.xml
@@ -0,0 +1,34 @@
+<!--
+	For other Monty Program coverage, see Monty_Program.xml.
+
+	Invalid certificate:
+		archive.mariadb.org
+		bugs.mariadb.org
+		mirmon.mariadb.org
+
+	Timeout:
+		foundation01.mariadb.org
+		old.mariadb.org
+-->
+<ruleset name="MariaDB.org">
+
+	<target host="mariadb.org" />
+	<target host="www.mariadb.org" />
+	<target host="blog.mariadb.org" />
+	<target host="buildbot.mariadb.org" />
+	<target host="ci.mariadb.org" />
+	<target host="dev.mariadb.org" />
+	<target host="download.mariadb.org" />
+	<target host="downloads.mariadb.org" />
+	<target host="fi.mariadb.org" />
+	<target host="hbm.mariadb.org" />
+	<target host="jira.mariadb.org" />
+	<target host="monitoring.mariadb.org" />
+	<target host="tools.mariadb.org" />
+	<target host="yum.mariadb.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"	to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MariaDB.xml b/src/chrome/content/rules/MariaDB.xml
deleted file mode 100644
index 0b2edb0ee02e..000000000000
--- a/src/chrome/content/rules/MariaDB.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	For other Monty Program coverage, see Monty_Program.xml.
-
--->
-<ruleset name="MariaDB">
-
-	<target host="mariadb.org" />
-	<target host="*.mariadb.org" />
-
-
-	<rule from="^http://(blog\.|downloads\.|www\.)?mariadb\.org/"
-		to="https://$1mariadb.org/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Maricopa-Community-Colleges-self-signed.xml b/src/chrome/content/rules/Maricopa-Community-Colleges-self-signed.xml
index fbf8ee6bd652..91a693e35303 100644
--- a/src/chrome/content/rules/Maricopa-Community-Colleges-self-signed.xml
+++ b/src/chrome/content/rules/Maricopa-Community-Colleges-self-signed.xml
@@ -14,11 +14,10 @@
 	<target host="webcal.maricopa.edu" />
 
 
-	<securecookie host="^webcal\.maricopa\.edu$" name=".*" />
+	<securecookie host="^webcal\.maricopa\.edu$" name=".+" />
 
 
 	<!--	//mcli.dist doesn't exist.	-->
-	<rule from="^http://((?:www\.mcli|web1)\.dist|my|webcal)\.maricopa\.edu/"
-		to="https://$1.maricopa.edu/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Maricopa-Community-Colleges.xml b/src/chrome/content/rules/Maricopa-Community-Colleges.xml
index 0107443fadf6..e212b0bb55c7 100644
--- a/src/chrome/content/rules/Maricopa-Community-Colleges.xml
+++ b/src/chrome/content/rules/Maricopa-Community-Colleges.xml
@@ -10,21 +10,26 @@
 <ruleset name="Maricopa Community Colleges (partial)">
 
 	<target host="maricopa.edu" />
-	<target host="*.maricopa.edu" />
+	<target host="www.maricopa.edu" />
+	<target host="ecourses.maricopa.edu" />
+	<target host="eims.maricopa.edu" />
+	<target host="google.maricopa.edu" />
+	<target host="memo.maricopa.edu" />
+	<target host="memo2.maricopa.edu" />
+	<target host="memo3.maricopa.edu" />
+	<target host="student.sis.maricopa.edu" />
 	<!--	* for cross-domain cookie.	-->
-	<target host="*.sis.maricopa.edu" />
 
 
-	<securecookie host="^ecourses\.maricopa\.edu$" name=".*" />
+	<securecookie host="^ecourses\.maricopa\.edu$" name=".+" />
 	<!--	classes.sis uses a dedicated PHPSESSID cookie.	-->
 	<securecookie host="^\.sis\.maricopa\.edu$" name="^PSJSESSIONID$" />
 
 
 	<!--	Cert only matches www.	-->
-	<rule from="^https?://(?:www\.)?maricopa\.edu/"
+	<rule from="^http://(?:www\.)?maricopa\.edu/"
 		to="https://www.maricopa.edu/" />
 
-	<rule from="^http://(ecourses|eims|google|memo[23]?|student\.sis)\.maricopa\.edu/"
-		to="https://$1.maricopa.edu/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Marie-Isabelle-and-Associates.xml b/src/chrome/content/rules/Marie-Isabelle-and-Associates.xml
index bbfe9a2fa4fc..de5a493a140f 100644
--- a/src/chrome/content/rules/Marie-Isabelle-and-Associates.xml
+++ b/src/chrome/content/rules/Marie-Isabelle-and-Associates.xml
@@ -1,4 +1,4 @@
-<ruleset name="Marie Isabelle &amp; Associates" default_off="mismatch">
+<ruleset name="Marie Isabelle &amp; Associates" default_off="mismatched">
 
 	<!--	cert: *.hostmonster.com		-->
 	<target host="mi-ms.com"/>
diff --git a/src/chrome/content/rules/Marie-Stopes-Intl-Australia.xml b/src/chrome/content/rules/Marie-Stopes-Intl-Australia.xml
index f8912bb8b5c6..4d6bfa5045b9 100644
--- a/src/chrome/content/rules/Marie-Stopes-Intl-Australia.xml
+++ b/src/chrome/content/rules/Marie-Stopes-Intl-Australia.xml
@@ -1,18 +1,23 @@
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://mariestopes.org.au/ => https://www.mariestopes.org.au/: (60, 'SSL certificate problem: self signed certificate')
+Fetch error: http://www.mariestopes.org.au/ => https://www.mariestopes.org.au/: (60, 'SSL certificate problem: self signed certificate')
+-->
 <ruleset name="Marie Stopes International Australia" platform="mixedcontent">
 	<target host="mariestopes.org.au" />
 	<target host="giveto.mariestopes.org.au" />
 	<target host="www.mariestopes.org.au" />
 
-	<securecookie host="^(giveto|www)\.mariestopes\.org\.au$" name=".+" />
+	<securecookie host="^(?:giveto|www)\.mariestopes\.org\.au$" name=".+" />
 
 	<rule from="^http://giveto\.mariestopes\.org\.au/" to="https://giveto.mariestopes.org.au/" />
 
-	<rule from="^https?://(www\.)?mariestopes\.org\.au/cms/donate\.html($|#|\?)" to="https://giveto.mariestopes.org.au/$2" />
-	<rule from="^https?://(www\.)?mariestopes\.org\.au/cms/sex-appeal\.html($|#|\?)" to="https://www.mariestopes.org.au/how-we-help$2" />
-	<rule from="^https?://(www\.)?mariestopes\.org\.au/cms/Film-Night-Amelia\.html($|#|\?)" to="https://www.mariestopes.org.au/how-you-can-help/campaigns-and-appeals/film-nights$2" />
-	<rule from="^https?://(www\.)?mariestopes\.org\.au/cms/abortion-aid\.html($|#|\?)" to="https://www.mariestopes.org.au/news-room/international-programs/media-releases/item/389-abortion-aid-why-is-rudd-the-last-man-standing$2" />
-	<rule from="^https?://(www\.)?mariestopes\.org\.au/cms/Country-Programs\.html($|#|\?)" to="https://www.mariestopes.org.au/how-we-help/where-we-work$2" />
-	<rule from="^https?://(www\.)?mariestopes\.org\.au/cms/contact-us\.html($|#|\?)" to="https://www.mariestopes.org.au/contact-us$2" />
+	<rule from="^http://(www\.)?mariestopes\.org\.au/cms/donate\.html($|#|\?)" to="https://giveto.mariestopes.org.au/$2" />
+	<rule from="^http://(www\.)?mariestopes\.org\.au/cms/sex-appeal\.html($|#|\?)" to="https://www.mariestopes.org.au/how-we-help$2" />
+	<rule from="^http://(www\.)?mariestopes\.org\.au/cms/Film-Night-Amelia\.html($|#|\?)" to="https://www.mariestopes.org.au/how-you-can-help/campaigns-and-appeals/film-nights$2" />
+	<rule from="^http://(www\.)?mariestopes\.org\.au/cms/abortion-aid\.html($|#|\?)" to="https://www.mariestopes.org.au/news-room/international-programs/media-releases/item/389-abortion-aid-why-is-rudd-the-last-man-standing$2" />
+	<rule from="^http://(www\.)?mariestopes\.org\.au/cms/Country-Programs\.html($|#|\?)" to="https://www.mariestopes.org.au/how-we-help/where-we-work$2" />
+	<rule from="^http://(www\.)?mariestopes\.org\.au/cms/contact-us\.html($|#|\?)" to="https://www.mariestopes.org.au/contact-us$2" />
 
-	<rule from="^(http://(www\.)?|https://)mariestopes\.org\.au/" to="https://www.mariestopes.org.au/" />
-</ruleset>
\ No newline at end of file
+	<rule from="^http://(?:www\.)?mariestopes\.org\.au/" to="https://www.mariestopes.org.au/" />
+</ruleset>
diff --git a/src/chrome/content/rules/Marie_Claire.co.uk.xml b/src/chrome/content/rules/Marie_Claire.co.uk.xml
index b4b3979eeeb1..9f4f6d1648b0 100644
--- a/src/chrome/content/rules/Marie_Claire.co.uk.xml
+++ b/src/chrome/content/rules/Marie_Claire.co.uk.xml
@@ -34,4 +34,4 @@
 	<rule from="^http://(?:www\.)?marieclaire\.co\.uk/(css/|favicon\.ico|images/|js/)"
 		to="https://marieclaire.ipcmediasecure.com/$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Marijuana_Majority.xml b/src/chrome/content/rules/Marijuana_Majority.xml
deleted file mode 100644
index bdaeea63e23d..000000000000
--- a/src/chrome/content/rules/Marijuana_Majority.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	marijuana-majority.com.s133485.gridserver.com
-
--->
-<ruleset name="Marijauana Majority">
-
-	<target host="marijuanamajority.com" />
-	<target host="*.marijuanamajority.com" />
-
-
-	<securecookie host="^\.marijuanamajority\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?marijuanamajority\.com/"
-		to="https://$1marijuanamajority.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/MarinSm.com.xml b/src/chrome/content/rules/MarinSm.com.xml
new file mode 100644
index 000000000000..427ae681d326
--- /dev/null
+++ b/src/chrome/content/rules/MarinSm.com.xml
@@ -0,0 +1,25 @@
+<!--
+	For other Marin_Software coverage, see Marin_Software.xml.
+
+
+	www.marinsm.com: Mismatched
+
+-->
+<ruleset name="MarinSm.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="marinsm.com" />
+	<target host="tracker.marinsm.com" />
+	<!--target host="www.marinsm.com" /-->
+
+
+	<!--	Set by tracker:
+				-->
+	<securecookie host="^\.marinsm\.com$" name="^_msuuid$" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Marin_Software-problematic.xml b/src/chrome/content/rules/Marin_Software-problematic.xml
index 80ced1a328dd..a54718ee14ee 100644
--- a/src/chrome/content/rules/Marin_Software-problematic.xml
+++ b/src/chrome/content/rules/Marin_Software-problematic.xml
@@ -8,7 +8,7 @@
 	<target host="www.marinsoftware.de" />
 
 
-	<rule from="^https?://(?:www\.)?marinsoftware\.de/"
+	<rule from="^http://(?:www\.)?marinsoftware\.de/"
 		to="https://www.marinsoftware.de/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Marin_Software.xml b/src/chrome/content/rules/Marin_Software.xml
index fcf7a0fbfbcb..c91cc848f969 100644
--- a/src/chrome/content/rules/Marin_Software.xml
+++ b/src/chrome/content/rules/Marin_Software.xml
@@ -1,7 +1,17 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://lvw4.marinsoftware.com/ => https://lvw4.marinsoftware.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://rt.marinsoftware.com/ => https://rt.marinsoftware.com/: (51, "SSL: no alternative certificate subject name matches target host name 'rt.marinsoftware.com'")
+
 	For problematic rules, see Marin_Software-problematic.xml.
 
 
+	Other Marin Software rulesets:
+
+		- MarinSm.com.xml
+
+
 	Nonfunctional domains:
 
 		- forms.marinsoftware.com		(redirects to app-i.marketo.com, mismatched, CN: *.marketo.com)
@@ -13,34 +23,33 @@
 
 	Problematic domains:
 
-		- marinsm.com			(cert only matches *.marinsm.com)
 		- www.marinsoftware.de		(works, mismatched, CN: *.marinsoftware.com)
 
 -->
-<ruleset name="Marin Software (partial)">
+<ruleset name="Marin Software.com (partial)" default_off="failed ruleset test">
 
-	<target host="marinsm.com" />
-	<target host="*.marinsm.com" />
+	<!--	Direct rewrites:
+				-->
 	<target host="marinsoftware.com" />
-	<target host="*.marinsoftware.com" />
-
-
-	<!--	Set by tracker:
+	<target host="app.marinsoftware.com" />
+	<target host="cs.marinsoftware.com" />
+	<target host="lvw4.marinsoftware.com" />
+	<target host="pro.marinsoftware.com" />
+	<target host="rt.marinsoftware.com" />
+	<target host="www.marinsoftware.com" />
+
+	<!--	Complications:
 				-->
-	<securecookie host="^\.marinsm\.com$" name="^_msuuid$" />
-	<securecookie host="^(?:app|lvw4|pro|rt)\.marinsoftware\.com$" name=".+" />
+	<!--target host="prosupport.marinsoftware.com" /-->
 
 
-	<rule from="^https?://(?:www\.)?marinsm\.com/"
-		to="https://www.marinsm.com/" />
+	<securecookie host="^(?:app|lvw4|pro|rt)\.marinsoftware\.com$" name=".+" />
 
-	<rule from="^http://tracker\.marinsm\.com/"
-		to="https://tracker.marinsm.com/" />
 
-	<rule from="^http://((?:app|cs|lvw4|pro|rt|www)\.)?marinsoftware\.com/"
-		to="https://$1marinsoftware.com/" />
+	<!--rule from="^http://prosupport\.marinsoftware\.com/generated/"
+		to="https://generated.zendesk.com/generated/" /-->
 
-	<rule from="^https?://prosupport\.marinsoftware\.com/generated/"
-		to="https://generated.zendesk.com/generated/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Marine_Depot.com.xml b/src/chrome/content/rules/Marine_Depot.com.xml
new file mode 100644
index 000000000000..70d777292f35
--- /dev/null
+++ b/src/chrome/content/rules/Marine_Depot.com.xml
@@ -0,0 +1,37 @@
+<!--
+	^: Expired 2013-12-02
+
+
+	Mixed content:
+
+		- Images. from:
+
+			- c[123].f3images.com *
+			- www.f3images.com *
+			- f3mimages.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Marine Depot.com (partial)">
+
+	<target host="marinedepot.com" />
+	<target host="www.marinedepot.com" />
+	<target host="shop.marinedepot.com" />
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="^http://(www\.)?marinedepot\.com/+($|\?|md_homepage\.html)" /-->
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="^http://(www\.)?marinedepot\.com/+(?!App_Themes/|favicon\.ico)" /-->
+
+
+	<rule from="^http://(?:www\.)?marinedepot\.com/(?=App_Themes/|favicon\.ico)"
+		to="https://www.marinedepot.com/" />
+
+	<rule from="^http://shop\.marinedepot\.com/"
+		to="https://shop.marinedepot.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Marine_Shop.net.xml b/src/chrome/content/rules/Marine_Shop.net.xml
new file mode 100644
index 000000000000..43267c2d82a6
--- /dev/null
+++ b/src/chrome/content/rules/Marine_Shop.net.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- www.marineshop.net
+
+-->
+<ruleset name="Marine Shop.net">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="marineshop.net" />
+	<target host="www.marineshop.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.marineshop\.net$" name="^frontend$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MarinellaRose.com.xml b/src/chrome/content/rules/MarinellaRose.com.xml
index 336158dc46e0..20d6369f27a9 100644
--- a/src/chrome/content/rules/MarinellaRose.com.xml
+++ b/src/chrome/content/rules/MarinellaRose.com.xml
@@ -1,15 +1,24 @@
-<ruleset name="MarinellaRose.com">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://bellareed.com/ => https://bellareed.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://marinellarose.com/ => https://marinellarose.com/: (6, 'Could not resolve host: marinellarose.com')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://bellareed.com/ => https://bellareed.com/: (7, 'Failed to connect to bellareed.com port 443: Connection refused')
+Fetch error: http://marinellarose.com/ => https://marinellarose.com/: (28, 'Operation timed out after 15001 milliseconds with 0 bytes received')
+-->
+<ruleset name="MarinellaRose.com" default_off="failed ruleset test">
 
 	<target host="bellareed.com" />
-	<target host="*.bellareed.com" />
+	<target host="www.bellareed.com" />
 	<target host="marinellarose.com" />
-	<target host="*.marinellarose.com" />
+	<target host="www.marinellarose.com" />
 
 
 	<securecookie host="^(?:w*\.)?(?:bellareed|marinellarose)\.com" name=".+" />
 
 
-	<rule from="^http://(www\.)?(bellareed|marinellarose)\.com/"
-		to="https://$1$2.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MarioBoards.com.xml b/src/chrome/content/rules/MarioBoards.com.xml
new file mode 100644
index 000000000000..d0c9442bebbd
--- /dev/null
+++ b/src/chrome/content/rules/MarioBoards.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="MarioBoards.com">
+	<target host="marioboards.com" />
+	<target host="www.marioboards.com" />
+	<target host="mail.marioboards.com" />
+	<target host="webdisk.marioboards.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Marion_Star.xml b/src/chrome/content/rules/Marion_Star.xml
index 3e4aa004bfe7..068000965113 100644
--- a/src/chrome/content/rules/Marion_Star.xml
+++ b/src/chrome/content/rules/Marion_Star.xml
@@ -11,10 +11,11 @@
 <ruleset name="The Marion Star">
 
 	<target host="marionstar.com" />
-	<target host="*.marionstar.com" />
+	<target host="cmsimg.marionstar.com" />
+	<target host="www.marionstar.com" />
 
 
-	<rule from="^https?://(?:cmsimg\.|www\.)?marionstar\.com/"
+	<rule from="^http://(?:cmsimg\.|www\.)?marionstar\.com/"
 		to="https://www.marionstar.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Mark-Meyer-Photography.xml b/src/chrome/content/rules/Mark-Meyer-Photography.xml
index 9efe28cf9c84..1f845ae2e001 100644
--- a/src/chrome/content/rules/Mark-Meyer-Photography.xml
+++ b/src/chrome/content/rules/Mark-Meyer-Photography.xml
@@ -1,15 +1,15 @@
-<ruleset name="Mark Meyer Photography" default_off="mismatch">
+<ruleset name="Mark Meyer Photography" default_off="mismatched">
 
 	<!--	Cert: *.webfaction.com	-->
 	<target host="photo-mark.com" />
 	<target host="www.photo-mark.com" />
 
 
-	<securecookie host="^www\.photo-mark\.com$" name=".*" />
+	<securecookie host="^www\.photo-mark\.com$" name=".+" />
 
 
 	<!--	!www throws 403 over https.	-->
-	<rule from="^https?://(?:www\.)?photo-mark\.com/"
+	<rule from="^http://(?:www\.)?photo-mark\.com/"
 		to="https://www.photo-mark.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Mark-Monitor.xml b/src/chrome/content/rules/Mark-Monitor.xml
index 6c60213d3aed..294f66802f96 100644
--- a/src/chrome/content/rules/Mark-Monitor.xml
+++ b/src/chrome/content/rules/Mark-Monitor.xml
@@ -11,7 +11,8 @@
 <ruleset name="Mark Monitor">
 
 	<target host="markmonitor.com" />
-	<target host="*.markmonitor.com" />
+	<target host="www.markmonitor.com" />
+	<target host="corp.markmonitor.com" />
 
 
 	<securecookie host="^corp\.markmonitor\.com$" name=".+" />
@@ -23,7 +24,6 @@
 	<rule from="^http://(?:www\.)?markmonitor\.com/"
 		to="https://www.markmonitor.com/" />
 
-	<rule from="^http://corp\.markmonitor\.com/"
-		to="https://corp.markmonitor.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/MarkMail.xml b/src/chrome/content/rules/MarkMail.xml
index 4cb3fdbb8dd2..9526ee1f77fa 100644
--- a/src/chrome/content/rules/MarkMail.xml
+++ b/src/chrome/content/rules/MarkMail.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(?:www\.)?markmail\.biz/"
 		to="https://markmail.biz/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MarkRuler.xml b/src/chrome/content/rules/MarkRuler.xml
index bbede6e47b43..15cdc31997dc 100644
--- a/src/chrome/content/rules/MarkRuler.xml
+++ b/src/chrome/content/rules/MarkRuler.xml
@@ -4,7 +4,7 @@
 	<target host="*.conversionruler.com" />
 
 
-	<securecookie host="^(?:.*\.)?conversionruler\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http://(\w+\.)?conversionruler\.com/"
diff --git a/src/chrome/content/rules/MarkShuttleworth.com.xml b/src/chrome/content/rules/MarkShuttleworth.com.xml
new file mode 100644
index 000000000000..a988f731ce53
--- /dev/null
+++ b/src/chrome/content/rules/MarkShuttleworth.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="MarkShuttleworth.com">
+	<target host="markshuttleworth.com" />
+	<target host="www.markshuttleworth.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mark_NG.co.uk.xml b/src/chrome/content/rules/Mark_NG.co.uk.xml
new file mode 100644
index 000000000000..88d74ad3b257
--- /dev/null
+++ b/src/chrome/content/rules/Mark_NG.co.uk.xml
@@ -0,0 +1,19 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://markng.co.uk/ => https://markng.co.uk/: (35, 'error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol')
+Fetch error: http://www.markng.co.uk/ => https://www.markng.co.uk/: (35, 'error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol')
+
+-->
+<ruleset name="Mark NG.co.uk" default_off="failed ruleset test">
+
+	<target host="markng.co.uk" />
+	<target host="www.markng.co.uk" />
+
+
+	<securecookie host="^(?:www)?\.markng\.co\.uk$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Markee_Dragon.xml b/src/chrome/content/rules/Markee_Dragon.xml
index d1f8a9656f7c..96618859f189 100644
--- a/src/chrome/content/rules/Markee_Dragon.xml
+++ b/src/chrome/content/rules/Markee_Dragon.xml
@@ -1,10 +1,19 @@
-<ruleset name="Markee Dragon">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://markeedragon.com/ => https://markeedragon.com/: (51, "SSL: no alternative certificate subject name matches target host name 'markeedragon.com'")
+Fetch error: http://www.markeedragon.com/ => https://www.markeedragon.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.markeedragon.com'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://markeedragon.com/ => https://markeedragon.com/: (51, "SSL: no alternative certificate subject name matches target host name 'markeedragon.com'")
+Fetch error: http://www.markeedragon.com/ => https://www.markeedragon.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.markeedragon.com'")
+-->
+<ruleset name="Markee Dragon" default_off="failed ruleset test">
 
 	<target host="markeedragon.com" />
 	<target host="www.markeedragon.com" />
 
 
-	<rule from="^http://(www\.)?markeedragon\.com/"
-		to="https://$1markeedragon.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Market-ticker.org.xml b/src/chrome/content/rules/Market-ticker.org.xml
new file mode 100644
index 000000000000..2c72f52a2698
--- /dev/null
+++ b/src/chrome/content/rules/Market-ticker.org.xml
@@ -0,0 +1,8 @@
+<!-- Site already uses STS on HTTPS, but does not redirect HTTP to HTTPS -->
+<ruleset name="Market-ticker.org">
+	<target host="market-ticker.org" />
+	<target host="www.market-ticker.org" />
+
+	<rule from="^http:" to="https:" />
+	<securecookie host=".+" name=".+" />
+</ruleset>
diff --git a/src/chrome/content/rules/MarketGid.com.xml b/src/chrome/content/rules/MarketGid.com.xml
new file mode 100644
index 000000000000..1143df64eec7
--- /dev/null
+++ b/src/chrome/content/rules/MarketGid.com.xml
@@ -0,0 +1,74 @@
+<!--
+	Other MarketGid rulesets:
+
+		- MGID.com
+
+
+	Nonfunctional subdomains:
+
+		- (www.)? ¹
+		- goods ²
+		- news ³
+
+	¹ Redirects to http
+	² Dropped
+	³ Shows default page
+
+
+	Fully covered subdomains:
+
+		- a
+		- dashboard
+		- my
+		- tools
+		- usr
+
+
+	Insecure cookies are set for these domains:
+
+		- .marketgid.com
+		- dashboard.marketgid.com
+		- tools.marketgid.com
+		- .www.marketgid.com
+
+
+	Mixed content:
+
+		- Image on usr from tools ¹
+
+		- Bugs, on:
+
+			- usr from img.dt00.net ¹
+			- usr from c.bigmir.net ²
+			- usr from i.bigmir.net ¹
+			- usr from counter.rambler.ru ¹
+			- usr from top100-images.rambler.ru ¹
+
+	¹ Secured by us
+	² Unsecurable <= reset
+
+-->
+<ruleset name="MarketGid.com (partial)">
+
+	<target host="a.marketgid.com" />
+	<target host="dashboard.marketgid.com" />
+	<target host="my.marketgid.com" />
+	<target host="tools.marketgid.com" />
+	<target host="usr.marketgid.com" />
+		<!--
+			Redirects to http:
+						-->
+		<!--exclusion pattern="^http://(www\.)?marketgid\.com/($|favicon\.ico|fonts/|images/|styles/)" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<securecookie host="^(?:\.www)?\.marketgid\.com$" name="^httpsReferer$" />
+	<!--securecookie host="^(dashboard|tools)\.marketgid\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^(?:dashboard|tools)\.marketgid\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MarketPress.com.xml b/src/chrome/content/rules/MarketPress.com.xml
new file mode 100644
index 000000000000..eb59b009f3e0
--- /dev/null
+++ b/src/chrome/content/rules/MarketPress.com.xml
@@ -0,0 +1,17 @@
+<ruleset name="MarketPress.com">
+
+	<target host="marketpress.com" />
+	<target host="www.marketpress.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^marketpress\.com$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^\.marketpress\.com$" name="^wordpress_test_cookie$" /-->
+
+	<securecookie host="^\.?marketpress\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Market_Dojo.xml b/src/chrome/content/rules/Market_Dojo.xml
index 58fe0c9286ca..db7e05f179ba 100644
--- a/src/chrome/content/rules/Market_Dojo.xml
+++ b/src/chrome/content/rules/Market_Dojo.xml
@@ -1,13 +1,20 @@
-<ruleset name="Market Dojo">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://community.marketdojo.com/ => https://community.marketdojo.com/: (51, "SSL: no alternative certificate subject name matches target host name 'community.marketdojo.com'")
+
+-->
+<ruleset name="Market Dojo" default_off="failed ruleset test">
 
 	<target host="marketdojo.com" />
-	<target host="*.marketdojo.com" />
+	<target host="community.marketdojo.com" />
+	<target host="content.marketdojo.com" />
+	<target host="www.marketdojo.com" />
 
 
-	<securecookie host="^(?:.*\.)?marketdojo\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(community\.|content\.|www\.)?marketdojo\.com/"
-		to="https://$1marketdojo.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Marketing_G2.xml b/src/chrome/content/rules/Marketing_G2.xml
index d905792bcc23..d2fd4c270d89 100644
--- a/src/chrome/content/rules/Marketing_G2.xml
+++ b/src/chrome/content/rules/Marketing_G2.xml
@@ -7,10 +7,10 @@
 <ruleset name="Marketing G2">
 
 	<target host="subscriberconcierge.com" />
-	<target host="*.subscriberconcierge.com" />
+	<target host="digitaldoor.subscriberconcierge.com" />
+	<target host="www.subscriberconcierge.com" />
 
 
-	<rule from="^http://(digitaldoor\.|www\.)?subscriberconcierge\.com/"
-		to="https://$1subscriberconcierge.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Marketing_Matters.xml b/src/chrome/content/rules/Marketing_Matters.xml
index af05bc246578..7308486375f7 100644
--- a/src/chrome/content/rules/Marketing_Matters.xml
+++ b/src/chrome/content/rules/Marketing_Matters.xml
@@ -7,7 +7,6 @@
 	<securecookie host="^(?:www\.)?meeting-reg\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?meeting-reg\.com/"
-		to="https://$1meeting-reg.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Marketing_Research.org.xml b/src/chrome/content/rules/Marketing_Research.org.xml
index 1366b9da2560..18e37d3e35cd 100644
--- a/src/chrome/content/rules/Marketing_Research.org.xml
+++ b/src/chrome/content/rules/Marketing_Research.org.xml
@@ -21,7 +21,7 @@
 <ruleset name="Marketing Research.org (partial)" default_off="mismatched">
 
 	<target host="marketingresearch.org" />
-	<target host="*.marketingresearch.org" />
+	<target host="www.marketingresearch.org" />
 
 
 	<securecookie host="^\.marketingresearch\.org$" name=".+" />
diff --git a/src/chrome/content/rules/Marketingoops.com.xml b/src/chrome/content/rules/Marketingoops.com.xml
index a8c8eaaa166f..5f0541fb6b44 100644
--- a/src/chrome/content/rules/Marketingoops.com.xml
+++ b/src/chrome/content/rules/Marketingoops.com.xml
@@ -2,5 +2,5 @@
   <target host="marketingoops.com" />
   <target host="www.marketingoops.com" />
 
-  <rule from="^http://(www\.)?marketingoops\.com/" to="https://www.marketingoops.com/" />
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Marketo.net.xml b/src/chrome/content/rules/Marketo.net.xml
new file mode 100644
index 000000000000..1d5a85ec6339
--- /dev/null
+++ b/src/chrome/content/rules/Marketo.net.xml
@@ -0,0 +1,52 @@
+<!--
+	For other Marketo coverage, see Marketo.xml.
+
+
+	Problematic subdomains:
+
+		- (www.)? *
+
+	* Cert only matches *.marketo.com
+
+
+	Fully covered subdomains:
+
+		- (www.)?	(→ www.marketo.com)
+		- app		(→ app-a.marketo.com)
+		- munchkin
+		- ssl-munchkin
+
+
+	munchkin sets a "_mkto_trk" wildcard cookie on whichever domain it is
+	loaded from.
+
+-->
+<ruleset name="Marketo.net">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="munchkin.marketo.net" />
+	<target host="ssl-munchkin.marketo.net" />
+
+	<!--	Complications:
+				-->
+	<target host="marketo.net" />
+	<target host="app.marketo.net" />
+	<target host="www.marketo.net" />
+
+
+	<securecookie host=".*\.marketo\.net$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?marketo\.net/"
+		to="https://www.marketo.com/" />
+
+	<!--	Server redirects as so:
+					-->
+	<rule from="^http://app\.marketo\.net/"
+		to="https://app-a.marketo.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Marketo.xml b/src/chrome/content/rules/Marketo.xml
index bf5eb04ecf59..c348576174fe 100644
--- a/src/chrome/content/rules/Marketo.xml
+++ b/src/chrome/content/rules/Marketo.xml
@@ -2,80 +2,146 @@
 	Other Marketo rulesets:
 
 		- Crowd-Factory.xml
+		- Marketo.net.xml
 		- Mktoresp.com.xml
 
 
-	Problematic domains:
+	Nonfunctional hosts in *marketo.com:
 
-		- marketo.com *
-		- (www.)marketo.net *
+		- blog ¹
+		- developers ¹
+		- launchpoint ¹
+		- pages2 ²
 
-	* Cert only matches *.marketo.com
+	¹ Redirects to http
+	² 404
 
 
-	Fully covered domains:
+	Fully covered hosts in *marketo.com:
 
-		- marketo.com subdomains:
+		- (www.)?
+		- app
 
-			- (www.)	(^ → www)
-			- app
+		- app-\w+:
 
-			- app-\w+:
+			- -[a-q]
+			- -ab01
+			- -ab[ak]
+			- -lon0[23]
+			- -nation
+			- -sj\d
+			- -sj[fghlnp]
 
-				- -[a-q]
-				- -abk
-				- -lon02
-				- -sj\d
-				- -sj[fhn]
+		- b2c-mlm
+		- community
+		- fr
+		- micro
 
-			- b2c-mlm
-			- blog
-			- micro
-			- munchkin	(→ munchkin.marketo.net)
+		- na-\w+:
 
-			- na-\w+:
+			- -[a-df-q]
+			- -ab01
+			- -ab[ak]
+			- -lon0[23]
+			- -sj0\d
+			- -sj[fhlnp]
 
-				- -[a-df-q]
-				- -abk
-				- -lon02
-				- -sj0\d
-				- -sj[fhn]
+		- (www.)?nation
+		- app-www.nation
+		- summit
+		- support
 
-		- marketo.net subdomains:
 
-			- (www.)	(→ www.marketo.com)
-			- app		(→ app-a.marketo.com)
-			- munchkin
-			- ssl-munchkin
+	Insecure cookies are set for these hosts:
 
+		- app-\w+.marketo.com
+		- blog.marketo.com
+		- developers.marketo.com
+		- fr.marketo.com
+		- launchpoint.marketo.com
+		- nation.marketo.com
+		- app-www.nation.marketo.com
+		- www.nation.marketo.com
+		- summit.marketo.com
+		- www.marketo.com
 
-	munchkin sets a "_mkto_trk" wildcard cookie on whichever domain it is
-	loaded from.
+
+	Mixed content:
+
+		- Videos on fr from [\da-f-]+.r\d+.cf\d.rackcdn.com *
+		- Images on www from $self *
+
+	* Secured by us
 
 -->
-<ruleset name="Marketo">
+<ruleset name="Marketo.com (partial)">
 
 	<target host="marketo.com" />
 	<target host="*.marketo.com" />
-	<target host="marketo.net" />
-	<target host="*.marketo.net" />
 
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://blog\.marketo\.com/($|\?source=|favicon\.ico|wp-content/)" /-->
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://developers\.marketo\.com/(?:$|assets/|favicon\.ico|foundationforms/|themes/)" /-->
+
+		<test url="http://app-ab01.marketo.com/" />
+		<test url="http://app-aba.marketo.com/" />
+		<test url="http://app-abk.marketo.com/" />
+		<test url="http://app-nation.marketo.com/" />
+		<test url="http://b2c-mlm.marketo.com/" />
+		<test url="http://b2c-msm.marketo.com/" />
+		<test url="http://community.marketo.com/" />
+		<test url="http://fr.marketo.com/" />
+		<test url="http://micro.marketo.com/" />
+		<test url="http://na-ab01.marketo.com/" />
+		<test url="http://nation.marketo.com/" />
+		<test url="http://app-www.nation.marketo.com/" />
+		<test url="http://www.nation.marketo.com/" />
+		<test url="http://summit.marketo.com/" />
+		<test url="http://support.marketo.com/" />
+		<test url="http://www.marketo.com/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^app-(?!nation\.)\w+\.marketo\.com$" name="^BIGipServer[\w-]+$" /-->
+	<!--securecookie host="^(?:app-|app-www\.|www\.)?nation\.marketo\.com$" name="^BIGipServer" /-->
+	<!--securecookie host="^(blog|developers|fr|launchpoint|summit|support|www)\.marketo\.com$" name="^bIPs$" /-->
+
+	<!--	https://github.com/EFForg/https-everywhere/issues/1179
+
+		This seems to break login:
+						-->
+	<!--securecookie host="^\.marketo\.com$" name="^rememberUserId$" /-->
 
-	<securecookie host="^(?:.*\.)?marketo\.(?:com|net)$" name=".+" />
+	<securecookie host=".+" name="^(?!rememberUserId$).+" />
 
 
-	<rule from="^http://(?:www\.)?marketo\.(?:com|net)/"
+	<!--	Redirect drops slash and args:
+						-->
+	<rule from="^http://pages2\.marketo\.com/+(?:\?.*)?$"
 		to="https://www.marketo.com/" />
 
-	<rule from="^http://(app(?:-\w+)?|b2c-mlm|blog|micro|na-\w+)\.marketo\.com/"
-		to="https://$1.marketo.com/" />
+		<test url="http://pages2.marketo.com/" />
+		<test url="http://pages2.marketo.com/?" />
+		<test url="http://pages2.marketo.com/?foo" />
+		<test url="http://pages2.marketo.com//" />
+		<test url="http://pages2.marketo.com//?" />
 
-	<!--	Server redirects as so:
-					-->
-	<rule from="^http://app\.marketo\.net/"
-		to="https://app-a.marketo.com/" />
+	<rule from="^http://pages2\.marketo\.com/(?=css/|images/|js/|rs/)"
+		to="https://pages2.marketo.com/" />
+
+		<test url="http://pages2.marketo.com/css/mktLPSupportCompat.css" />
+		<test url="http://pages2.marketo.com/images/forms/backRequiredGray.gif" />
+		<test url="http://pages2.marketo.com/rs/marketob2/images/Marketing-First-Footer.gif" />
+		<test url="http://pages2.marketo.com/rs/marketob2/images/demo-video-no-play-button.jpg" />
+		<test url="http://pages2.marketo.com/rs/marketob2/images/logo_marketo_new.png" />
+		<test url="http://pages2.marketo.com/rs/marketob2/images/marketo-website-footer-lp-2.gif" />
 
-	<rule from="^http://(ssl-)?munchkin\.marketo\.(?:com|net)/"
-		to="https://$1munchkin.marketo.net/" />
+	<rule from="^http://((?:app|app-\w+|b2c-mlm|b2c-msm|community|fr|micro|na-\w+|nation|(?:app-)?www\.nation|summit|support|www)\.)?marketo\.com/"
+		to="https://$1marketo.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Marketplace.org-problematic.xml b/src/chrome/content/rules/Marketplace.org-problematic.xml
deleted file mode 100644
index bad607902295..000000000000
--- a/src/chrome/content/rules/Marketplace.org-problematic.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	For rules that are on by default, see Marketplace.org.xml.
-
--->
-<ruleset name="Marketplace.org (problematic)" default_off="cert mismatches">
-
-	<!--	Akamai	-->
-	<target host="marketplace.org"/>
-	<target host="www.marketplace.org"/>
-		<!--
-			Handled in Marketplace.org.xml:
-							-->
-		<exclusion pattern="^http://(?:www\.)?marketplace\.org/(?:favicon\.ico|misc/|modules/|sites/)" />
-	<target host="origin-www.marketplace.org"/>
-
-
-	<securecookie host="^origin-www\.marketplace\.org$" name=".+" />
-
-
-	<rule from="^http://(?:(?:origin-)?www\.)?marketplace\.org/"
-		to="https://origin-www.marketplace.org/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Marketplace.org.xml b/src/chrome/content/rules/Marketplace.org.xml
deleted file mode 100644
index a2e2e65a71bd..000000000000
--- a/src/chrome/content/rules/Marketplace.org.xml
+++ /dev/null
@@ -1,52 +0,0 @@
-<!--
-	For problematic rules, see Marketplace.org-problematic.xml.
-
-
-	CDN buckets:
-
-		- www.marketplace.akamai.org.edgesuite.net
-
-			- www.marketplace.org
-
-
-	Problematic subdomains: 
-
-		- ^		(redirects to http; mismatched, CN: *.publicinsightnetwork.org)
-		- thenumbers	(works; mismatched, CN: *.financialcontent.com)
-		- www		(works, akamai)
-
-
-	Partially covered subdomains:
-
-		- (www.)	(→ akamai)
-
-
-	Fully covered subdomains:
-
-		- thenumbers	(→ markets.financialcontent.com)
-		- tracker
-
--->
-<ruleset name="Marketplace.org (partial)">
-
-	<target host="marketplace.org" />
-	<target host="*.marketplace.org" />
-		<!--
-			Avoid user-visible paths:
-							-->
-		<exclusion pattern="^http://(?:www\.)?marketplace\.org/(?!favicon\.ico|misc/|modules/|sites/)" />
-
-
-	<securecookie host="^\.marketplace\.org$" name="^WT_FPC$" />
-
-
-	<rule from="^http://(?:www\.)?marketplace\.org/"
-		to="https://a248.e.akamai.net/f/38/9212/7m/www.marketplace.org/" />
-
-	<rule from="^http://thenumbers\.marketplace\.org/"
-		to="https://markets.financialcontent.com/" />
-
-	<rule from="^http://tracker\.financialcontent\.com/"
-		to="https://tracker.financialcontent.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Marketplace_Used.xml b/src/chrome/content/rules/Marketplace_Used.xml
deleted file mode 100644
index ec2a0a9f99b6..000000000000
--- a/src/chrome/content/rules/Marketplace_Used.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	Some pages redirect to http.
-
--->
-<ruleset name="Marketplace Used (partial)">
-
-	<target host="marketplace-used.com" />
-	<target host="www.marketplace-used.com" />
-
-
-	<rule from="^http://(www\.)?marketplace-used\.com/(addons/|geo_templates/|index\.php\?a=10|user_images/)"
-		to="https://$1marketplace-used.com/$2" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Marketwatch.com.xml b/src/chrome/content/rules/Marketwatch.com.xml
index 16b72b8232dc..a8e02c9f0c79 100644
--- a/src/chrome/content/rules/Marketwatch.com.xml
+++ b/src/chrome/content/rules/Marketwatch.com.xml
@@ -1,35 +1,50 @@
 <!--
 	Other News Corporation rulesets:
-
-		- News-Corporation.xml
 		- News-Corporation-mismatches.xml
 
--->
-<ruleset name="Marketwatch.com">
-
-	<target host="marketwatch.com" />
-	<target host="*.marketwatch.com" />
-	<target host="i.mktw.net" />
-	<target host="i.origin.mktw.net" />
+	Non-functional hosts:
+		Couldn't connect to server:
+			- sm.marketwatch.com
 
+		Expired certificate:
+			- id.marketwatch.com
 
-	<securecookie host="^\.marketwatch\.com$" name=".*" />
+		Timeout was reached:
+			- admin.marketwatch.com
 
+		SSL peer certificate was not OK:
+			- communitycontent.marketwatch.com
 
-	<!--	Data appear identical.
-		Since we know the CDN, be kind and point there.		-->
-	<rule from="^https?://(communitycontent|[is]|static)\.marketwatch\.com/"
-		to="https://a248.e.akamai.net/f/1731/67675/12h/$1.marketwatch.com/" />
+		Peer certificate cannot be authenticated with given CA certificates:
+			- marketwatch.com
+			- store.marketwatch.com
 
-	<rule from="^https?://i\.mktw\.net/"
-		to="https://a248.e.akamai.net/f/1731/67675/12h/i.mktw.net/" />
+		4xx client error:
+			- i.marketwatch.com
+			- static.marketwatch.com
 
-	<!--	If they're pointing explicitly to origin, there's
-		probably a good reason for that, so stick with it.	-->
-	<rule from="^http://i\.origin\.mktw\.net/"
-		to="https://i.origin.mktw.net/" />
+		5xx server error:
+			- portfolio.marketwatch.com
 
-	<rule from="^http://(?:secure\.|www\.)?marketwatch\.com/"
-		to="https://secure.marketwatch.com/" />
+		Secure connection redirects to plaintext:
+			- blogs.marketwatch.com
+-->
 
+<ruleset name="Marketwatch.com">
+	<target host="marketwatch.com" />
+	<target host="www.marketwatch.com" />
+	<target host="accounts.marketwatch.com" />
+	<target host="dev.accounts.marketwatch.com" />
+	<target host="int.accounts.marketwatch.com" />
+	<target host="s.marketwatch.com" />
+	<target host="s1.marketwatch.com" />
+	<target host="s2.marketwatch.com" />
+	<target host="s3.marketwatch.com" />
+	<target host="s4.marketwatch.com" />
+	<target host="secure.marketwatch.com" />
+
+	<rule from="^http://marketwatch\.com/"
+		to="https://www.marketwatch.com/" />
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Marketwire.com.xml b/src/chrome/content/rules/Marketwire.com.xml
deleted file mode 100644
index 9d4ed23379bf..000000000000
--- a/src/chrome/content/rules/Marketwire.com.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Marketwire">
-
-	<target host="marketwire.com" />
-	<target host="media.marketwire.com" />
-	<target host="www.marketwire.com" />
-
-	<rule from="^http://(www\.)?marketwire\.com/"
-		to="https://marketwire.com/" />
-
-	<rule from="^http://media\.marketwire\.com/"
-		to="https://media.marketwire.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Markit.xml b/src/chrome/content/rules/Markit.xml
index b62f497bcdc7..bdbe4338ad4c 100644
--- a/src/chrome/content/rules/Markit.xml
+++ b/src/chrome/content/rules/Markit.xml
@@ -1,7 +1,6 @@
 <!--
 	Other Markit rulesets:
 
-		- Markit_On_Demand.xml
 		- OpenF2.org.xml
 
 
@@ -22,18 +21,16 @@
 
 	<target host="markit.com" />
 	<target host="*.markit.com" />
+    <test url="http://wso.markit.com/" />
+    <test url="http://outreach360.uat.markit.com/" />
+    <test url="http://ufeqa.markit.com/" />
 
 
 	<securecookie host="^.*\.markit\.com$" name=".+" />
 
-
-	<rule from="^https?://markit\.com/"
+	<rule from="^http://markit\.com/"
 		to="https://www.markit.com/" />
 
-	<rule from="^http://(web\.apps|www)\.markit\.com/"
-		to="https://$1.markit.com/" />
-
-	<rule from="^https?://(?:www\.)?feedback\.markit\.com/dashboard/(?:\w+\.(?:cs|j)s|org/)"
-		to="https://www.clicktools.com/dashboard/$1" />
+  <rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Markit_On_Demand.xml b/src/chrome/content/rules/Markit_On_Demand.xml
deleted file mode 100644
index b049273ba88c..000000000000
--- a/src/chrome/content/rules/Markit_On_Demand.xml
+++ /dev/null
@@ -1,43 +0,0 @@
-<!--
-	For other Markit coverage, see Markit.xml.
-
-
-	Fully covered domains:
-
-		- wallst.com subdomains:
-
-			- (www.)
-			- cdn.markit
-			- media.scottrade
-
-		- *.wsod.com:
-
-			- ad
-			- admedia
-
-		- ad.wsodcdn.com
-		- media.wsodcdn.com
-
--->
-<ruleset name="Markit On Demand">
-
-	<target host="wallst.com" />
-	<target host="*.wallst.com" />
-	<target host="*.wsod.com" />
-	<target host="*.wsodcdn.com" />
-
-
-	<securecookie host="^(?:www\.)?wallst\.com$" name=".+" />
-	<securecookie host=".*\.wsod\.com$" name=".+" />
-
-
-	<rule from="^http://((?:cdn\.markit|media\.scottrade|www)\.)?wallst\.com/"
-		to="https://$1wallst.com/" />
-
-	<rule from="^http://([\w-]+)\.wsod\.com/"
-		to="https://$1.wsod.com/" />
-
-	<rule from="^http://(ad|media)\.wsodcdn\.com/"
-		to="https://$1.wsodcdn.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Markonefoods.com.xml b/src/chrome/content/rules/Markonefoods.com.xml
deleted file mode 100644
index 0ff0abfdba37..000000000000
--- a/src/chrome/content/rules/Markonefoods.com.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	Expired 2013-06-08
-
--->
-<ruleset name="markonefoods.com" default_off="expired">
-
-	<target host="markonefoods.com" />
-	<target host="www.markonefoods.com" />
-
-
-	<securecookie host="^markonefoods\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?markonefoods\.com/"
-		to="https://markonefoods.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Marktplaats.com.xml b/src/chrome/content/rules/Marktplaats.com.xml
new file mode 100644
index 000000000000..9f36b0cae498
--- /dev/null
+++ b/src/chrome/content/rules/Marktplaats.com.xml
@@ -0,0 +1,35 @@
+<!--
+	For other Marktplaats coverage, see Marktplaats.nl.xml
+
+
+	Non-functional subdomains:
+		- $self		(t)
+		- www		(m)
+		- cps		(t)
+		- e-mail	(m)
+		- gss		(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Marktplaats.com">
+
+	<target host="aanbieding.marktplaats.com" />
+	<target host="bigthumbs.marktplaats.com" />
+	<target host="fotos.marktplaats.com" />
+	<target host="i.marktplaats.com" />
+	<target host="kwsug.marktplaats.com" />
+	<target host="pers.marktplaats.com" />
+	<target host="s.marktplaats.com" />
+	<target host="static.marktplaats.com" />
+	<target host="statisch.marktplaats.com" />
+	<target host="thumbs.marktplaats.com" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Marktplaats.nl.xml b/src/chrome/content/rules/Marktplaats.nl.xml
new file mode 100644
index 000000000000..b959988e1a07
--- /dev/null
+++ b/src/chrome/content/rules/Marktplaats.nl.xml
@@ -0,0 +1,139 @@
+<!--
+	Other Marktplaats rulesets:
+		- Marktplaats.com.xml
+		- Marktplaatsautojournaal.nl.xml
+		- Marktplaatsjournaal.nl.xml
+		- Marktplaatsperskamer.nl.xml
+		- Nieuweautokopen.nl.xml
+
+
+	Non-functional subdomains:
+		- adyen	(i)
+		- cas-integration	(t)
+		- chat2	(r)
+		- csbizapp	(t)
+		- csreports	(t)
+		- e-mail	(m)
+		- gss	(r)
+		- help	(i)
+		- imx1	(r)
+		- imx2	(r)
+		- marketingactie	(m)
+		- marketingprogramma	(m)
+		- mededelingen	(i)
+		- meldingtransactiegeschil	(t)
+		- ntd	(t)
+		- payreports	(t)
+		- www.perskamer	(m)
+		- securemx	(t)
+		- worldpay	(t)
+		- ww	(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Marktplaats.nl">
+
+	<target host="marktplaats.nl" />
+	<target host="www.marktplaats.nl" />
+	<target host="aanbieding.marktplaats.nl" />
+	<target host="admarkt.marktplaats.nl" />
+	<target host="antiek-kunst.marktplaats.nl" />
+	<target host="api.marktplaats.nl" />
+	<target host="audio-tv-foto.marktplaats.nl" />
+	<target host="audio-video.marktplaats.nl" />
+	<target host="auth.marktplaats.nl" />
+	<target host="auto.marktplaats.nl" />
+	<target host="auto-diversen.marktplaats.nl" />
+	<target host="auto-onderdelen.marktplaats.nl" />
+	<target host="autoonderdelen.marktplaats.nl" />
+	<target host="banen.marktplaats.nl" />
+	<target host="betalingen.marktplaats.nl" />
+	<target host="bigthumbs.marktplaats.nl" />
+	<target host="boeken.marktplaats.nl" />
+	<target host="bouw-tuin.marktplaats.nl" />
+	<target host="caravan-kamperen.marktplaats.nl" />
+	<target host="cd-dvd.marktplaats.nl" />
+	<target host="chat0.marktplaats.nl" />
+	<target host="chat1.marktplaats.nl" />
+	<target host="computer-hardware.marktplaats.nl" />
+	<target host="computer-software.marktplaats.nl" />
+	<target host="contacten.marktplaats.nl" />
+	<target host="dealerdashboard.marktplaats.nl" />
+	<target host="diensten.marktplaats.nl" />
+	<target host="diensten-vakmensen.marktplaats.nl" />
+	<target host="dieren.marktplaats.nl" />
+	<target host="diversen.marktplaats.nl" />
+	<target host="doe-het-zelf-verbouw.marktplaats.nl" />
+	<target host="elektronica.marktplaats.nl" />
+	<target host="eml.marktplaats.nl" />
+	<target host="expert.marktplaats.nl" />
+	<target host="fiets.marktplaats.nl" />
+	<target host="fietsen-brommers.marktplaats.nl" />
+	<target host="fotografie.marktplaats.nl" />
+	<target host="fotos.marktplaats.nl" />
+	<target host="gateway.marktplaats.nl" />
+	<target host="gsm-telecom.marktplaats.nl" />
+	<target host="hobby.marktplaats.nl" />
+	<target host="huis-huren.marktplaats.nl" />
+	<target host="huis-inrichting.marktplaats.nl" />
+	<target host="huis-kopen.marktplaats.nl" />
+	<target host="huizen.marktplaats.nl" />
+	<target host="kind-baby.marktplaats.nl" />
+	<target host="kleding.marktplaats.nl" />
+	<target host="kleding-schoenen-dames.marktplaats.nl" />
+	<target host="kleding-schoenen-heren.marktplaats.nl" />
+	<target host="klussen.marktplaats.nl" />
+	<target host="koopjes.marktplaats.nl" />
+	<target host="kopen.marktplaats.nl" />
+	<target host="link.marktplaats.nl" />
+	<target host="m.marktplaats.nl" />
+	<target host="mktg.marktplaats.nl" />
+	<target host="img.mktg.marktplaats.nl" />
+	<target host="img-cdn.mktg.marktplaats.nl" />
+	<target host="secure.img-cdn.mktg.marktplaats.nl" />
+	<target host="motor-brommer.marktplaats.nl" />
+	<target host="motoren.marktplaats.nl" />
+	<target host="muziek.marktplaats.nl" />
+	<target host="nieuw.marktplaats.nl" />
+	<target host="nieuweauto.marktplaats.nl" />
+	<target host="nps.marktplaats.nl" />
+	<target host="outlet.marktplaats.nl" />
+	<target host="partner.marktplaats.nl" />
+	<target host="pers.marktplaats.nl" />
+	<target host="perskamer.marktplaats.nl" />
+	<target host="postzegels-munten.marktplaats.nl" />
+	<target host="proeftuin.marktplaats.nl" />
+	<target host="rbb.marktplaats.nl" />
+	<target host="recommendations.marktplaats.nl" />
+	<target host="sentry.marktplaats.nl" />
+	<target host="sieraden-tassen-uiterlijk.marktplaats.nl" />
+	<target host="slimmedeals.marktplaats.nl" />
+	<target host="spelcomputers-games.marktplaats.nl" />
+	<target host="sport.marktplaats.nl" />
+	<target host="static.marktplaats.nl" />
+	<target host="statisch.marktplaats.nl" />
+	<target host="thumbs.marktplaats.nl" />
+	<target host="tickets-kaartjes.marktplaats.nl" />
+	<target host="top40.marktplaats.nl" />
+	<target host="toppers.marktplaats.nl" />
+	<target host="tuin-terras.marktplaats.nl" />
+	<target host="vacatures.marktplaats.nl" />
+	<target host="vakantie.marktplaats.nl" />
+	<target host="verkopen.marktplaats.nl" />
+	<target host="verkopers.marktplaats.nl" />
+	<target host="vernieuwd.marktplaats.nl" />
+	<target host="verzamelen.marktplaats.nl" />
+	<target host="watersport.marktplaats.nl" />
+	<target host="witgoed-apparatuur.marktplaats.nl" />
+	<target host="zakelijk.marktplaats.nl" />
+	<target host="zoeken.marktplaats.nl" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Marktplaatsautojournaal.nl.xml b/src/chrome/content/rules/Marktplaatsautojournaal.nl.xml
new file mode 100644
index 000000000000..7c1c2f2d4430
--- /dev/null
+++ b/src/chrome/content/rules/Marktplaatsautojournaal.nl.xml
@@ -0,0 +1,11 @@
+<!--
+	For other Marktplaats coverage, see Marktplaats.nl.xml
+-->
+<ruleset name="Marktplaatsautojournaal.nl">
+
+	<target host="marktplaatsautojournaal.nl" />
+	<target host="www.marktplaatsautojournaal.nl" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Marktplaatsjournaal.nl.xml b/src/chrome/content/rules/Marktplaatsjournaal.nl.xml
new file mode 100644
index 000000000000..53d7b1c9d652
--- /dev/null
+++ b/src/chrome/content/rules/Marktplaatsjournaal.nl.xml
@@ -0,0 +1,11 @@
+<!--
+	For other Marktplaats coverage, see Marktplaats.nl.xml
+-->
+<ruleset name="Marktplaatsjournaal.nl">
+
+	<target host="marktplaatsjournaal.nl" />
+	<target host="www.marktplaatsjournaal.nl" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Marktplaatsperskamer.nl.xml b/src/chrome/content/rules/Marktplaatsperskamer.nl.xml
new file mode 100644
index 000000000000..aee48cb2dddf
--- /dev/null
+++ b/src/chrome/content/rules/Marktplaatsperskamer.nl.xml
@@ -0,0 +1,10 @@
+<!--
+	For other Marktplaats coverage, see Marktplaats.nl.xml
+-->
+<ruleset name="Marktplaatsperskamer.nl">
+	<target host="marktplaatsperskamer.nl" />
+	<target host="www.marktplaatsperskamer.nl" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Markup.xml b/src/chrome/content/rules/Markup.xml
index ac623930d26a..275565576374 100644
--- a/src/chrome/content/rules/Markup.xml
+++ b/src/chrome/content/rules/Markup.xml
@@ -1,4 +1,4 @@
-<ruleset name="Markup" default_off="mismatch">
+<ruleset name="Markup" default_off="mismatched">
 
 	<!--	Cert: js.thisismedium.com	-->
 	<target host="markup.io"/>
diff --git a/src/chrome/content/rules/Marmotte.net.xml b/src/chrome/content/rules/Marmotte.net.xml
new file mode 100644
index 000000000000..29c9d92f0424
--- /dev/null
+++ b/src/chrome/content/rules/Marmotte.net.xml
@@ -0,0 +1,32 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+		- amy.marmotte.net
+		- bcn30.marmotte.net
+		- fry.marmotte.net
+		- kif.marmotte.net
+		- ns1.marmotte.net
+
+		Incomplete certificate chain error:
+		- bubble2.marmotte.net
+		- bubble2-i1.marmotte.net
+		- bubble2-i2.marmotte.net
+		- bubble3.marmotte.net
+		- dl.marmotte.net
+		- mail.marmotte.net
+		- mx1.marmotte.net
+-->
+<ruleset name="Marmotte.net">
+	<target host="marmotte.net" />
+	<target host="www.marmotte.net" />
+	<target host="www.2010.marmotte.net" />
+	<target host="bcn26.marmotte.net" />
+	<target host="firefly.marmotte.net" />
+	<target host="git.marmotte.net" />
+	<target host="thias.marmotte.net" />
+	<target host="fr.thias.marmotte.net" />
+	<target host="webmail.marmotte.net" />
+	<target host="zap.marmotte.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MarocAnnonces.com.xml b/src/chrome/content/rules/MarocAnnonces.com.xml
new file mode 100644
index 000000000000..0f614a0b9207
--- /dev/null
+++ b/src/chrome/content/rules/MarocAnnonces.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="MarocAnnonces.com">
+	<target host="marocannonces.com" />
+	<target host="www.marocannonces.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MarsVenus.com.xml b/src/chrome/content/rules/MarsVenus.com.xml
new file mode 100644
index 000000000000..0c7afb41910a
--- /dev/null
+++ b/src/chrome/content/rules/MarsVenus.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="MarsVenus.com">
+	<target host="marsvenus.com" />
+	<target host="www.marsvenus.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mars_One.xml b/src/chrome/content/rules/Mars_One.xml
index b114cc4b4729..70b57f1986b6 100644
--- a/src/chrome/content/rules/Mars_One.xml
+++ b/src/chrome/content/rules/Mars_One.xml
@@ -15,7 +15,7 @@
 	<target host="cdn.mars-one.com" />
 
 
-	<rule from="^https?://cdn\.mars-one\.com/"
+	<rule from="^http://cdn\.mars-one\.com/"
 		to="https://d1qhvyunt8f5y3.cloudfront.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Marsica.lgbt.xml b/src/chrome/content/rules/Marsica.lgbt.xml
new file mode 100644
index 000000000000..3e86c16f6d4b
--- /dev/null
+++ b/src/chrome/content/rules/Marsica.lgbt.xml
@@ -0,0 +1,14 @@
+<!--
+	Mismatched:
+		- www (marsica.lgbt, fixed by this ruleset)
+-->
+
+<ruleset name="Marsica.lgbt">
+	<target host="marsica.lgbt" />
+	<target host="www.marsica.lgbt" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://www\.marsica\.lgbt/" to="https://marsica.lgbt/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Marsupi.org.xml b/src/chrome/content/rules/Marsupi.org.xml
new file mode 100644
index 000000000000..a834a2dfab6c
--- /dev/null
+++ b/src/chrome/content/rules/Marsupi.org.xml
@@ -0,0 +1,42 @@
+<!--
+	Nonfunctional subdomains:
+
+		- irc *
+
+	* Dropped
+
+
+	www: cert only matches ^marsupi.org
+
+
+	Mixed content:
+
+		- iframe from www.youtube.com ¹
+
+		- Images from $self ¹
+
+		- Bug from es.creativecommons.org ²
+
+		- favicon from www ¹
+
+	¹ Secured by us
+	² Unsecurable <= dropped
+
+-->
+<ruleset name="Marsupi.org (partial)" default_off="self-signed">
+
+	<target host="marsupi.org" />
+	<target host="www.marsupi.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.(www\.)?marsupi\.org$" name="^qtrans_cookie_test$" /-->
+
+	<securecookie host="^\.(?:www\.)?marsupi\.org$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?marsupi\.org/"
+		to="https://marsupi.org/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Martha-Stewart-mismatches.xml b/src/chrome/content/rules/Martha-Stewart-mismatches.xml
index 698f9d253974..cc9648cdba8b 100644
--- a/src/chrome/content/rules/Martha-Stewart-mismatches.xml
+++ b/src/chrome/content/rules/Martha-Stewart-mismatches.xml
@@ -6,24 +6,21 @@
 
 	<target host="shop.marthastewart.com" />
 	<target host="community.wholeliving.com" />
-	<!--	* for cross-domain cookie.	-->
-	<target host="*.community.wholeliving.com" />
 	<target host="wholelivingdaily.wholeliving.com" />
+	<!--	* for cross-domain cookie.	-->
+
 
 
-	<securecookie host="^\.community\.wholeliving\.com$" name=".*" />
+	<securecookie host="^\.community\.wholeliving\.com$" name=".+" />
 
 
 	<!--	Cert: storefront.amazon.com	-->
-	<rule from="^http://shop\.marthastewart\.com/"
-		to="https://shop.marthastewart.com/" />
+	<rule from="^http:" to="https:" />
 
 	<!--	Cert: *.ning.com	-->
-	<rule from="^http://community\.wholeliving\.com/"
-		to="https://community.wholeliving.com/" />
+
 
 	<!--	Expired, self-signed	-->
-	<rule from="^http://wholelivingdaily\.wholeliving\.com/"
-		to="https://wholelivingdaily.wholeliving.com/" />
+
 
 </ruleset>
diff --git a/src/chrome/content/rules/Martha-Stewart.xml b/src/chrome/content/rules/Martha-Stewart.xml
index 13020b6ef595..3e5f931a71ea 100644
--- a/src/chrome/content/rules/Martha-Stewart.xml
+++ b/src/chrome/content/rules/Martha-Stewart.xml
@@ -17,13 +17,19 @@
 <ruleset name="Martha Stewart (partial)">
 
 	<target host="marthastewart.com" />
-	<target host="*.marthastewart.com" />
+	<target host="www.marthastewart.com" />
+	<target host="images.marthastewart.com" />
+	<target host="my.marthastewart.com" />
+	<target host="metric.marthastewart.com" />
 	<target host="marthastewartweddings.com" />
-	<target host="*.marthastewartweddings.com" />
-	<target host="*.wholeliving.com" />
+	<target host="www.marthastewartweddings.com" />
+	<target host="images.marthastewartweddings.com" />
+	<target host="my.marthastewartweddings.com" />
+	<target host="images.wholeliving.com" />
+	<target host="my.wholeliving.com" />
 
 
-	<securecookie host="^my\.marthastewart(weddings)?\.com$" name=".*" />
+	<securecookie host="^my\.marthastewart(?:weddings)?\.com$" name=".+" />
 
 
 	<!--	- 301s like so
@@ -35,13 +41,13 @@
 	<!--	- weddings & wholeliving: Akamai
 		- Data appear the same
 			-->
-	<rule from="^https?://images\.(?:marthastewart(?:weddings)?|wholeliving)\.com/"
+	<rule from="^http://images\.(?:marthastewart(?:weddings)?|wholeliving)\.com/"
 		to="https://images.marthastewart.com/" />
 
 	<rule from="^http://my\.(marthastewart(?:weddings)?|wholeliving)\.com/"
 		to="https://my.$1.com/" />
 
-	<rule from="^https?://metric\.marthastewart\.com/"
+	<rule from="^http://metric\.marthastewart\.com/"
 		to="https://marthacom-marthacomglobal.122.2o7.net/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Martin_Eve.com.xml b/src/chrome/content/rules/Martin_Eve.com.xml
new file mode 100644
index 000000000000..216de10653ec
--- /dev/null
+++ b/src/chrome/content/rules/Martin_Eve.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="Martin Eve.com">
+
+	<target host="martineve.com" />
+	<target host="www.martineve.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Martin_Pitt.xml b/src/chrome/content/rules/Martin_Pitt.xml
index 9b650121884e..aa3603537ce4 100644
--- a/src/chrome/content/rules/Martin_Pitt.xml
+++ b/src/chrome/content/rules/Martin_Pitt.xml
@@ -1,28 +1,46 @@
 <!--
-	Problematic domains:
+	Martin Pitt
 
-		- www.mh21.de		(unconfigured wordpress)
-		- mh21.piware.de	(shows www)
 
--->
-<ruleset name="Martin Pitt" platform="cacert">
+	Nonfunctional hosts in *piware.de:
 
-	<target host="www.franziskawellner.de" />
-	<target host="mh21.de" />
-	<target host="www.mh21.de" />
-	<target host="mwellner.de" />
-	<target host="www.mwellner.de" />
-	<target host="piware.de" />
-	<target host="*.piware.de" />
+		- owncloud *
+
+	* Shows www.piware.de
+
+
+	Problematic hosts in *piware.de:
+
+		- mh21 *
+
+	* Shows www.piware.de
 
 
-	<securecookie host="^(?:www\.)?mwellner\.de$" name=".+" />
+	Mixed content:
 
+		- Images on www from $self *
 
-	<rule from="^http://(www\.)?(franziskawellner|mwellner|piware)\.de/"
-		to="https://$1$2.de/" />
+	* Secured by us
 
-	<rule from="^http://(?:(?:www\.)?mh21|mh21\.piware)\.de/"
+-->
+<ruleset name="piware.de (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="piware.de" />
+	<target host="annett.piware.de" />
+	<target host="mail.piware.de" />
+	<target host="www.piware.de" />
+
+	<!--	Complications:
+				-->
+	<target host="mh21.piware.de" />
+
+
+	<rule from="^http://mh21\.piware\.de/"
 		to="https://mh21.de/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Martinus.cz_sk.xml b/src/chrome/content/rules/Martinus.cz_sk.xml
new file mode 100644
index 000000000000..eda974b116b7
--- /dev/null
+++ b/src/chrome/content/rules/Martinus.cz_sk.xml
@@ -0,0 +1,43 @@
+<!--
+	Nonfunctional hosts in *.martinus.sk and *.martinus.cz:
+
+	http redirect:
+		- pf2015.martinus.sk
+	certificate mismatch:
+		- apps.martinus.cz
+		- apps.martinus.sk
+		- blog.martinus.cz
+		- pf2015.martinus.cz
+		- lepsi.martinus.sk
+		- my.martinus.sk
+		- pridajsa.martinus.sk
+		- slovenskocita.martinus.sk
+	mixed content:
+		- pridejse.martinus.cz
+		- ceskocte.martinus.cz
+-->
+<ruleset name="Martinus.cz_sk">
+	<target host="martinus.cz" />
+	<target host="www.martinus.cz" />
+	<target host="martinus.sk" />
+	<target host="www.martinus.sk" />
+	<target host="eshop.martinus.cz" />
+	<target host="export.martinus.cz" />
+	<target host="helpdesk.martinus.cz" />
+	<target host="m.martinus.cz" />
+	<target host="muj.martinus.cz" />
+	<target host="rss.martinus.cz" />
+	<target host="blog.martinus.sk" />
+	<target host="eshop.martinus.sk" />
+	<target host="export.martinus.sk" />
+	<target host="helpdesk.martinus.sk" />
+	<target host="ja.martinus.sk" />
+	<target host="m.martinus.sk" />
+	<target host="moj.martinus.sk" />
+	<target host="nespi2.martinus.sk" />
+	<target host="partner.martinus.sk" />
+	<target host="rss.martinus.sk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
+
diff --git a/src/chrome/content/rules/Martus.xml b/src/chrome/content/rules/Martus.xml
index abb87bd7da74..27f560f78ea3 100644
--- a/src/chrome/content/rules/Martus.xml
+++ b/src/chrome/content/rules/Martus.xml
@@ -4,7 +4,6 @@
 	<target host="www.martus.org" />
 
 
-	<rule from="^http://(www\.)?martus\.org/"
-		to="https://$1martus.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MartyKlein.com.xml b/src/chrome/content/rules/MartyKlein.com.xml
new file mode 100644
index 000000000000..d4799808de3b
--- /dev/null
+++ b/src/chrome/content/rules/MartyKlein.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="MartyKlein.com">
+	<target host="martyklein.com" />
+	<target host="www.martyklein.com" />
+	<target host="shop.martyklein.com" />
+	<target host="www.shop.martyklein.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Marum.de.xml b/src/chrome/content/rules/Marum.de.xml
new file mode 100644
index 000000000000..2dc57dfe653c
--- /dev/null
+++ b/src/chrome/content/rules/Marum.de.xml
@@ -0,0 +1,9 @@
+<ruleset name="Marum.de">
+
+	<target host="marum.de" />
+	<target host="www.marum.de" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Marvel.com.xml b/src/chrome/content/rules/Marvel.com.xml
index 685470a2eb22..ac122292c6da 100644
--- a/src/chrome/content/rules/Marvel.com.xml
+++ b/src/chrome/content/rules/Marvel.com.xml
@@ -1,43 +1,35 @@
 <!--
 	Other Marvel rulesets:
-
 		- Annihil.us.xml
 		- Marvel_Store.xml
 
+	Dropped:
+		- marvelstaging.marvel.com
 
-	Nonfunctional subdomains:
-
-		- marvelkids	(redirects to http, valid cert)
-
-
-	Partially covered subdomains:
-
-		- comicstore *
-		- secure *
-		- subscriptions *
-
-	* Some pages redirect to http
-
-
-	Fully covered subdomains:
-
-		- (www.)
-
+	Mismatched::
+		more.marvel.com	(Akamai)
+		spidermanonbroadway.marvel.com
 -->
-<ruleset name="Marvel.com (partial)">
-
+<ruleset name="Marvel.com">
 	<target host="marvel.com" />
-	<target host="*.marvel.com" />
-		<exclusion pattern="^http://comicstore\.marvel\.com/(?!assets/)" />
-		<exclusion pattern="^http://secure\.marvel\.com/(?:\?.*)?$" />
-		<exclusion pattern="^http://subscriptions\.marvel\.com/(?!css/|i/|images/|(?:login|store/shippingr)\.asp|script/)" />
-
-
-	<!--securecookie host="^\.marvel\.com$" name="^CMXSESSIONID$" /-->
-	<securecookie host="^marvel\.com$" name=".+" />
-
-
-	<rule from="^http://((?:comicstore|secure|subscriptions|www)\.)?marvel\.com/"
-		to="https://$1marvel.com/" />
-
-</ruleset>
\ No newline at end of file
+	<target host="www.marvel.com" />
+	<target host="developer.marvel.com" />
+	<target host="comicstore.marvel.com" />
+	<target host="marvelkids.marvel.com" />
+	<target host="mobilestore.marvel.com" />
+	<target host="news.marvel.com" />
+	<target host="secure.marvel.com" />
+	<target host="shop.marvel.com" />
+	<target host="subscriptions.marvel.com" />
+		<test url="http://marvel.com/universe3zx/index.php" />
+		<test url="http://secure.marvel.com/?f" />
+		<test url="http://secure.marvel.com/?o" />
+		<test url="http://secure.marvel.com//?o" />
+		<test url="http://secure.marvel.com/?b" />
+		<test url="http://secure.marvel.com/user/login" />
+		<test url="http://subscriptions.marvel.com/Default.asp" />
+		<test url="http://subscriptions.marvel.com/login.asp" />
+		<test url="http://subscriptions.marvel.com/shippingr.asp" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Marvel_Store.xml b/src/chrome/content/rules/Marvel_Store.xml
index 4de09b5e4e76..fa043d1d8a4e 100644
--- a/src/chrome/content/rules/Marvel_Store.xml
+++ b/src/chrome/content/rules/Marvel_Store.xml
@@ -1,4 +1,10 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://img.marvelstore.com/ => https://img.marvelstore.com/: (28, 'Operation timed out after 0 milliseconds with 0 out of 0 bytes received')
+Fetch error: http://static1.marvelstore.com/ => https://static1.marvelstore.com/: (28, 'Operation timed out after 0 milliseconds with 0 out of 0 bytes received')
+Fetch error: http://cdn.static1.marvelstore.com/ => https://cdn.static1.marvelstore.com/: (51, "SSL: no alternative certificate subject name matches target host name 'cdn.static1.marvelstore.com'")
+
 	For other Marvel coverage, see Marvel.com.xml.
 
 
@@ -21,10 +27,12 @@
 		- www	(some pages redirect to http)
 
 -->
-<ruleset name="Marvel Store.com">
+<ruleset name="Marvel Store.com" default_off="failed ruleset test">
 
-	<target host="marvelstore.com" />
-	<target host="*.marvelstore.com" />
+	<target host="img.marvelstore.com" />
+	<target host="static1.marvelstore.com" />
+	<target host="www.marvelstore.com" />
+	<target host="cdn.static1.marvelstore.com" />
 		<exclusion pattern="^http://www\.marvelstore\.com/(?!marvel/store/(?:DSIAjaxOrderItemAdd|DSIProcessWidget)(?:$|\?)|static/)" />
 
 
@@ -40,25 +48,13 @@
 	<rule from="^http://marvelstore\.com/.*"
 		to="https://www.marvelstore.com/" /-->
 
-	<rule from="^http://(img|static1|www)\.marvelstore\.com/"
-		to="https://$1.marvelstore.com/" />
-
-	<rule from="^http://cdn\.img\.marvelstore\.com/"
-		to="https://a248.e.akamai.net/f/1073/1/5m/cdn.img.marvelstore.com/" />
-
-	<rule from="^http://cdn\.s7\.marvelstore\.com/"
-		to="https://a248.e.akamai.net/f/1467/1/5m/cdn.s7.marvelstore.com/" />
-
 	<!--	Causes resources to be loaded from akamai.net/$
 		when rewritten to akamai:
 								-->
 	<rule from="^http://cdn\.static1\.marvelstore\.com/static/\?\?css/"
 		to="https://static1.marvelstore.com/static/??css/" />
 
-	<rule from="^http://cdn\.static1\.marvelstore\.com/"
-		to="https://a248.e.akamai.net/f/1170/1/5m/cdn.static1.marvelstore.com/" />
-
-	<rule from="^http://cdn\.static2\.marvelstore\.com/"
-		to="https://a248.e.akamai.net/f/402/1/5m/cdn.static2.marvelstore.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Marvell.xml b/src/chrome/content/rules/Marvell.xml
index 827ed5704318..cae1d49bab89 100644
--- a/src/chrome/content/rules/Marvell.xml
+++ b/src/chrome/content/rules/Marvell.xml
@@ -1,17 +1,18 @@
 <ruleset name="Marvell">
 
 	<target host="marvell.com"/>
-	<target host="*.marvell.com"/>
+	<target host="www.marvell.com" />
+	<target host="origin-www.marvell.com" />
+	<target host="extranet.marvell.com" />
 
 
-	<securecookie host="^origin-www\.marvell\.com$" name=".*"/>
+	<securecookie host="^origin-www\.marvell\.com$" name=".+" />
 
 
 	<!--	www: Akamai	-->
 	<rule from="^http://(?:(?:origin-)?www\.)?marvell\.com/"
 		to="https://origin-www.marvell.com/"/>
 
-	<rule from="^http://extranet\.marvell\.com/"
-		to="https://extranet.marvell.com/"/>
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Marxists.xml b/src/chrome/content/rules/Marxists.xml
deleted file mode 100644
index 23d5365b77f1..000000000000
--- a/src/chrome/content/rules/Marxists.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="Marxists Internet Archive ">
-  <target host="marxists.org" />
-  <target host="www.marxists.org" />
-  <target host="marx.org" />
-  <target host="www.marx.org" />
-
-  <rule from="^https?://(?:www\.)?marxists\.org/" to="https://www.marxists.org/"/>
-  <rule from="^https?://(?:www\.)?marx\.org/" to="https://www.marxists.org/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/Maryland_Shooters.xml b/src/chrome/content/rules/Maryland_Shooters.xml
index 3bf7b9353897..663d091e1190 100644
--- a/src/chrome/content/rules/Maryland_Shooters.xml
+++ b/src/chrome/content/rules/Maryland_Shooters.xml
@@ -7,7 +7,6 @@
 	<securecookie host="^(?:www\.)?mdshooters\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?mdshooters\.com/"
-		to="https://$1mdshooters.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Mashable.com.xml b/src/chrome/content/rules/Mashable.com.xml
index e5032c27de34..ffeab53ef08f 100644
--- a/src/chrome/content/rules/Mashable.com.xml
+++ b/src/chrome/content/rules/Mashable.com.xml
@@ -1,67 +1,28 @@
 <!--
-	CDN buckets:
+	For related Mashable rulesets, see mshcdn.com.xml
 
-		- cdn.mashable.com.edgesuite.net/.../
-			- a1015.g.akamai.net/.../
-		- rack.mshcdn.com.edgesuite.net/.../
-			- a756.g.akamai.net/.../
-		- mashableeventswidget.oxynade.netdna-cdn.com
+	Invalid certificate:
+		go.mashable.com
+		horizon.mashable.com
+		jobs.mashable.com
 
-
-	- rack.[0-3].mshcdn.com		(Akamai; works
-
-
-	ToDo: Find bucket.
-
-
-	mashable.d2.sc.omtrdc.net/b/ss/mashdev/
+	Connection closed:
+		feeds.mashable.com
 
 -->
-<ruleset name="Mashable.com (partial) " platform="mixedcontent">
+<ruleset name="Mashable.com">
 
 	<target host="mashable.com" />
 	<target host="www.mashable.com" />
-	<target host="*.mshcdn.com" />
-		<!--
-			Started 301 to http *sometimes*.
-
-
-			These paths do:
-
-				- \d{4}/\w\w/\w\w/[\w\-]+/?$	(articles)
-				- assets/
-				- follow/stories/shares.json?pids=...
-				- follow/stories/top/?tag=\d+&ts=\d{10}
-				- follow/images/[\w\-]+.\w{3}(\w{10})?$
-				- follow/images/facebook/facebook_app_icon_34x28.gif
-				- follow/images/new_badges/12/icebreaker_16x16.png?\d{10}
-				- follow/login/facebook/
-				- follow/login/oauth/twitter/
-				- follow/packages/wp-datauri.css?\d{10}
-				- follow/uploads/topic/image/(\w\w/){6}\w+-\w{10}.(jpe?g|png)
-				- media/
-
-
-			These paths don't (shhh!):
-
-				- $
-				- follow/images/avatars/thumb/
-				- follow/packages/shared.js?ver=\d{10}
-				- follow/packages/wp.js?ver=\d{10}
-				- stories.json
-				- tripleclick.html
-				- wp-content/uploads/
-
-					-->
-		<exclusion pattern="^https?://(?:(?:www\.)?mashable|(?:rack\.)?\d\.mshcdn)\.com/(?:\d{4}/\d\d/\d\d/[\w\-]+/?$|assets/|follow/(?:images/(?:facebook/|new_badges/\d\d/)?[\w\-]+\.\w{3}(?:$|\?)|login/|media/|packages/wp-datauri\.css(?:$|\?)|stories/(?:shares\.json|top/)(?:$|\?)|uploads/(?:topic/image|user/avatar)/\w\w/))" />
-
-
-	<rule from="^https?://(?:www\.)?mashable\.com/"
-		to="https://mashable.com/" />
-
-	<!--	mshcdn doesn't work over https.
-						-->
-	<rule from="^https?://(?:rack\.)?\d\.mshcdn\.com/"
-		to="https://mashable.com/" />
+	<target host="admin.mashable.com" />
+		<test url="http://admin.mashable.com/sgs-2014/" />
+	<target host="cms.mashable.com" />
+	<target host="evap.mashable.com" />
+		<test url="http://evap.mashable.com/2014/10/05/giant-clams-solar-technology/" />
+	<target host="kg.aws.mashable.com" />
+	<target host="shop.mashable.com" />
+	<target host="st.mashable.com" />
+
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Mashape.com.xml b/src/chrome/content/rules/Mashape.com.xml
new file mode 100644
index 000000000000..456776cc26dc
--- /dev/null
+++ b/src/chrome/content/rules/Mashape.com.xml
@@ -0,0 +1,50 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://api.analytics.mashape.com/ => https://api.analytics.mashape.com/: (6, 'Could not resolve host: api.analytics.mashape.com')
+
+	Other Mashape rulesets:
+
+
+
+	CDN buckets:
+
+		- s3.amazonaws.com/mashape-production-assets/
+
+
+	Nonfunctional subdomains:
+
+		- blog *
+
+	* Refused
+
+
+	Insecure cookies are set for these hosts:
+
+		- id.mashape.com
+		- www.mashape.com
+
+-->
+<ruleset name="Mashape.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="mashape.com" />
+	<target host="analytics.mashape.com" />
+	<target host="api.analytics.mashape.com" />
+	<target host="id.mashape.com" />
+	<target host="www.mashape.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^id\.mashape\.com$" name="^connect:session$" /-->
+	<!--securecookie host="^www\.mashape\.com$" name="^mashape\.sid$" /-->
+
+	<securecookie host="^(?:id|www)\.mashape\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mashery-clients.xml b/src/chrome/content/rules/Mashery-clients.xml
deleted file mode 100644
index 613ca37938a1..000000000000
--- a/src/chrome/content/rules/Mashery-clients.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="Mashery clients">
-
-	<target host="developer.netflix.com" />
-	<target host="dev.pipl.com" />
-
-
-	<rule from="^https?://dev(?:eloper\.netflix\.|\.pipl\.com)/public/Mashery/"
-		to="https://secure.mashery.com/public/Mashery/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Mashery.com.xml b/src/chrome/content/rules/Mashery.com.xml
new file mode 100644
index 000000000000..163d387adfb5
--- /dev/null
+++ b/src/chrome/content/rules/Mashery.com.xml
@@ -0,0 +1,33 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- content.developer.mashery.com
+		- tms.mashery.com
+		- visit.mashery.com
+
+		Redirect to HTTP:
+		- iata.mashery.com
+-->
+<ruleset name="Mashery.com (partial)">
+	<target host="mashery.com" />
+	<target host="www.mashery.com" />
+	<target host="dnbdirect.admin.mashery.com" />
+	<target host="hoovers.admin.mashery.com" />
+	<target host="nbcuni.admin.mashery.com" />
+	<target host="constantcontact.mashery.com" />
+	<target host="coxautoinc.mashery.com" />
+	<target host="demo1.mashery.com" />
+	<target host="dev.mashery.com" />
+	<target host="developer.mashery.com" />
+	<target host="docs.mashery.com" />
+	<target host="manheim.mashery.com" />
+	<target host="secure.mashery.com" />
+	<target host="sensis.mashery.com" />
+	<target host="stagingcs1.mashery.com" />
+	<target host="stagingcs9.mashery.com" />
+	<target host="support.mashery.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mashery.xml b/src/chrome/content/rules/Mashery.xml
deleted file mode 100644
index 317b26aaa95a..000000000000
--- a/src/chrome/content/rules/Mashery.xml
+++ /dev/null
@@ -1,36 +0,0 @@
-<!--
-	For clients, see Mashery-clients.xml.
-
-
-	CDN buckets:
-
-		- s3.amazonaws.com/content.developer.mashery.com/
-
-
-	Nonfunctional subdomains:
-
-		- (www.)	(times out)
-		- blog		(ditto)
-
--->
-<ruleset name="Mashery (partial)">
-
-	<target host="*.mashery.com" />
-	<target host="content.developer.mashery.com" />
-
-
-	<securecookie host="^secure\.mashery\.com$" name=".*" />
-
-
-	<!--	At least the home page 301s to http.
-				-->
-	<rule from="^http://developer\.mashery\.com/files/"
-		to="https://developer.mashery.com/files/" />
-
-	<rule from="^https?://content\.developer\.mashery\.com/"
-		to="https://s3.amazonaws.com/content.developer.mashery.com/" />
-
-	<rule from="^http://secure\.mashery\.com/"
-		to="https://secure.mashery.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/MassLive.com.xml b/src/chrome/content/rules/MassLive.com.xml
new file mode 100644
index 000000000000..6f66784d86da
--- /dev/null
+++ b/src/chrome/content/rules/MassLive.com.xml
@@ -0,0 +1,78 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://marketingsolutions.masslive.com/ => https://marketingsolutions.masslive.com/: (7, 'Failed to connect to marketingsolutions.masslive.com port 443: Connection timed out')
+
+	Other MassLive rulesets:
+
+		- MLive.com.xml
+
+
+	CDN buckets:
+
+		- masslive.careercast.com
+
+			- jobs
+
+		- mt4-prod.advance.net.edgesuite.net
+
+			- a68.b.akamai.net
+			- blog
+			- connect
+			- media
+
+		- www-prod.advance.net.edgesuite.net
+
+			- www
+
+
+	Nonfunctional subdomains:
+
+		- ^ ¹
+		- blog ²
+		- connect ²
+		- www ²
+
+	¹ Refused
+	² 503, akamai
+
+
+	Problematic subdomains:
+
+		- jobs ¹
+		- media ²
+
+	¹ Works; mismatched, CN: sitemanager2.adicio.com
+	² Works, akamai
+
+
+	Fully covered subdomains:
+
+		- marketingsolutions
+
+
+	Mixed content:
+
+		- images on marketingsolutions from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="MassLive.com (partial)" default_off="failed ruleset test">
+
+	<target host="marketingsolutions.masslive.com" />
+		<!--exclusion pattern="http://(blog|connect|jobs|www)\.masslive\.com/" /-->
+		<!--
+			References resources relative to root:
+								-->
+		<!--exclusion pattern="^http://media\.masslive\.com/+(design/alpha/css/adv-ziplist|design/baseline/css/common\.min|static/common/css/adv_footer|static/common/css/adv_toprail_v001|static/mass/static/css/affiliate)\.css" /-->
+		<!--
+			References resources relative to self:
+								-->
+		<!--exclusion pattern="^http://media\.masslive\.com/+(?!design/alpha/css/nocommentbox\.css|design/baseline/css/community\.min\.css|static/common/css/global\.min\.css).+\.css" /-->
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MassShootingTracker.org.xml b/src/chrome/content/rules/MassShootingTracker.org.xml
new file mode 100644
index 000000000000..1d927c8824c2
--- /dev/null
+++ b/src/chrome/content/rules/MassShootingTracker.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="MassShootingTracker.org">
+	<target host="massshootingtracker.org" />
+	<target host="www.massshootingtracker.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mass_Relevance.xml b/src/chrome/content/rules/Mass_Relevance.xml
index 1dbb832a12f7..460b4af4897a 100644
--- a/src/chrome/content/rules/Mass_Relevance.xml
+++ b/src/chrome/content/rules/Mass_Relevance.xml
@@ -23,21 +23,19 @@
 <ruleset name="Mass Relevance">
 
 	<target host="massrelevance.com" />
-	<target host="*.massrelevance.com" />
+	<target host="api.massrelevance.com" />
+	<target host="secure-up.massrelevance.com" />
+	<target host="up.massrelevance.com" />
 	<target host="tweetriver.com" />
-	<target host="*.tweetriver.com" />
+	<target host="www.tweetriver.com" />
+	<target host="proxy.tweetriver.com" />
 
 
-	<rule from="^http://(api\.|secure-up\.)?massrelevance\.com/"
-		to="https://$1massrelevance.com/" />
 
-	<rule from="^https?://up\.massrelevance\.com/"
-		to="https://d1rts87l9itzp2.cloudfront.net/" />
 
-	<rule from="^https?://(?:www\.)?tweetriver\.com/"
+	<rule from="^http://(?:www\.)?tweetriver\.com/"
 		to="https://tweetriver.com/" />
 
-	<rule from="^http://proxy\.tweetriver\.com/"
-		to="https://proxy.tweetriver.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MassageMagazine.xml b/src/chrome/content/rules/MassageMagazine.xml
index 03b5cba0880a..bca63eca3949 100644
--- a/src/chrome/content/rules/MassageMagazine.xml
+++ b/src/chrome/content/rules/MassageMagazine.xml
@@ -1,8 +1,8 @@
 <ruleset name="Massage Magazine" platform="mixedcontent">
         <target host="massagemag.com" />
         <target host="www.massagemag.com" />
-        <securecookie host="^(.*\.)?massagemag\.com$" name=".*" />
+        <securecookie host=".+" name=".+" />
 
-        <rule from="^http://(?:www\.)?massagemag\.com/" to="https://www.massagemag.com/"/>
+        <rule from="^http:" to="https:" />
 </ruleset>
 
diff --git a/src/chrome/content/rules/Massengeschmack.tv.xml b/src/chrome/content/rules/Massengeschmack.tv.xml
new file mode 100644
index 000000000000..a30c7b81cc07
--- /dev/null
+++ b/src/chrome/content/rules/Massengeschmack.tv.xml
@@ -0,0 +1,24 @@
+<!--
+    Mixed content (forum.massengeschmack.tv):
+        - Images from schnittbrot.com *
+        - Images from www.schnittbrot.com *
+-->
+<ruleset name="massengeschmack.tv">
+	<target host="massengeschmack.tv" />
+	<target host="alpha.massengeschmack.tv" />
+	<target host="beta.massengeschmack.tv" />
+	<target host="cache.massengeschmack.tv" />
+	<target host="dl.massengeschmack.tv" />
+	<target host="dl4.massengeschmack.tv" />
+	<target host="dl5.massengeschmack.tv" />
+	<target host="dl6.massengeschmack.tv" />
+	<target host="dl7.massengeschmack.tv" />
+	<target host="dla1.massengeschmack.tv" />
+	<target host="forum.massengeschmack.tv" />
+	<target host="www.massengeschmack.tv" />
+
+	<rule from="^http:" to="https:" />
+
+	<test url="http://massengeschmack.tv/infos" />
+	<test url="http://forum.massengeschmack.tv/faq.php" />
+</ruleset>
diff --git a/src/chrome/content/rules/Massrel.io.xml b/src/chrome/content/rules/Massrel.io.xml
new file mode 100644
index 000000000000..738dc3509111
--- /dev/null
+++ b/src/chrome/content/rules/Massrel.io.xml
@@ -0,0 +1,12 @@
+<ruleset name="Massrel.io">
+
+	<target host="smartronix.massrel.io" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MasterCard.xml b/src/chrome/content/rules/MasterCard.xml
index ba5f591bb2a2..1aabc344d784 100644
--- a/src/chrome/content/rules/MasterCard.xml
+++ b/src/chrome/content/rules/MasterCard.xml
@@ -1,41 +1,66 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://smetrics.mastercardintl.com/ => https://smetrics.mastercardintl.com/: (6, 'Could not resolve host: smetrics.mastercardintl.com')
+
+	Other MasterCard rulesets:
+
+		- mastercard.us.xml
+
+
 	Nonfunctional domains:
 
-		- mastercard.us			(reset)
-		- www.mastercard.us		(redirects to 127986/alternate/index.html, akamai)
 		- www.priceless.com		($ redirects to http, content/ 404s)
 
 
 	Problematic domains:
 
-		- mastercard.com				(mismatched, CN: www.securecode.com)
+		- mastercard.com	>= 1 path 404s
 		- investorrelations.mastercardintl.com		(works, akamai)
-		- securecode.com				(cert only matches www)
+		- securecode.com	404
+
+
+	These altnames do not exist:
+
+		- sea.mastercard.com
+
+
+	Mixed content:
+
+		- css on www.mastercard.com from fast.fonts.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="MasterCard">
+<ruleset name="MasterCard" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="newsroom.mastercard.com" />
+	<target host="www.mastercard.com" />
 
-	<target host="mastercard.com" />
-	<target host="*.mastercard.com" />
 	<target host="smetrics.mastercardintl.com" />
-	<target host="securecode.com" />
+
 	<target host="www.securecode.com" />
 
+	<!--	Complications:
+				-->
+	<target host="mastercard.com" />
+	<target host="securecode.com" />
 
-	<securecookie host="^.*\.mastercard\.com$" name=".+" />
-	<securecookie host="^www\.securecode\.com$" name=".+" />
 
+	<securecookie host="\.mastercard\.com$" name=".+" />
+	<securecookie host="^www\.securecode\.com$" name=".+" />
 
-	<rule from="^https?://(?:www\.)?mastercard\.com/"
-		to="https://www.mastercard.com/" />
 
-	<rule from="^http://newsroom\.mastercard\.com/"
-		to="https://newsroom.mastercard.com/" />
+	<rule from="^http://(mastercard|securecode)\.com/"
+		to="https://www.$1.com/" />
 
-	<rule from="^http://smetrics\.mastercardintl\.com/"
-		to="https://smetrics.mastercardintl.com/" />
+		<!--	404:
+				-->
+		<test url="http://mastercard.com/index.html" />
 
-	<rule from="^https?://(?:www\.)?securecode\.com/"
-		to="https://www.securecode.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MasterChan.org.xml b/src/chrome/content/rules/MasterChan.org.xml
new file mode 100644
index 000000000000..e677f308c68d
--- /dev/null
+++ b/src/chrome/content/rules/MasterChan.org.xml
@@ -0,0 +1,16 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.masterchan.org/ => https://www.masterchan.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.masterchan.org'")
+
+-->
+<ruleset name="MasterChan.org" default_off="failed ruleset test">
+
+	<target host="masterchan.org" />
+	<target host="www.masterchan.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MasterNet.xml b/src/chrome/content/rules/MasterNet.xml
index eb80fc0efac8..30e486358359 100644
--- a/src/chrome/content/rules/MasterNet.xml
+++ b/src/chrome/content/rules/MasterNet.xml
@@ -1,13 +1,12 @@
 <ruleset name="MasterNet">
 
 	<target host="masternet.org" />
-	<target host="*.masternet.org" />
+	<target host="www.masternet.org" />
 
 
 	<securecookie host="^(?:www)?\.masternet\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?masternet\.org/"
-		to="https://$1masternet.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MasterXchange.com.xml b/src/chrome/content/rules/MasterXchange.com.xml
new file mode 100644
index 000000000000..2e55054aa478
--- /dev/null
+++ b/src/chrome/content/rules/MasterXchange.com.xml
@@ -0,0 +1,24 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://masterxchange.com/ => https://masterxchange.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.masterxchange.com/ => https://www.masterxchange.com/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="MasterXchange.com" default_off="failed ruleset test">
+
+	<target host="masterxchange.com" />
+	<target host="www.masterxchange.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?masterxchange.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^(?:www\.)?masterxchange.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Master_Spas_WI.com.xml b/src/chrome/content/rules/Master_Spas_WI.com.xml
index a60ff1675f6b..a1850001aa4d 100644
--- a/src/chrome/content/rules/Master_Spas_WI.com.xml
+++ b/src/chrome/content/rules/Master_Spas_WI.com.xml
@@ -5,13 +5,12 @@
 <ruleset name="Master Spas WI.com">
 
 	<target host="masterspaswi.com" />
-	<target host="*.masterspaswi.com" />
+	<target host="www.masterspaswi.com" />
 
 
 	<securecookie host="^\.?masterspaswi\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?masterspaswi\.com/"
-		to="https://$1masterspaswi.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Mastercard.ru.xml b/src/chrome/content/rules/Mastercard.ru.xml
new file mode 100644
index 000000000000..fb2e19808a63
--- /dev/null
+++ b/src/chrome/content/rules/Mastercard.ru.xml
@@ -0,0 +1,40 @@
+<!--
+mastercard.ru ¹
+contactless.mastercard.ru ¹
+gift.mastercard.ru ¹
+www.gift.mastercard.ru ¹
+m.gift.mastercard.ru ⁴
+mobile.mastercard.ru ³
+www.mobile.mastercard.ru ³
+3ds.mobile.mastercard.ru ³
+m.mobile.mastercard.ru ³
+www.m.mobile.mastercard.ru ³
+raxstage.nfc.mastercard.ru ³
+rewards.mastercard.ru ¹
+www.rewards.mastercard.ru ¹
+sila.mastercard.ru ¹
+www.sila.mastercard.ru ¹
+
+
+¹ mismatch
+³ timed out
+⁴ self signed
+-->
+<ruleset name="mastercard.ru">
+	<target host="www.mastercard.ru" />
+	<target host="card2card.mastercard.ru" />
+	<target host="www.card2card.mastercard.ru" />
+	<target host="loanrepayment.mastercard.ru" />
+	<target host="www.loanrepayment.mastercard.ru" />
+	<target host="metro.mastercard.ru" />
+	<target host="www.metro.mastercard.ru" />
+	<target host="nfc.mastercard.ru" />
+	<target host="www.nfc.mastercard.ru" />
+
+	<target host="mastercard.ru" />
+
+	<rule from="^http://mastercard\.ru/"
+		to="https://www.mastercard.ru/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mastering_Emacs.org.xml b/src/chrome/content/rules/Mastering_Emacs.org.xml
new file mode 100644
index 000000000000..eff46e58da57
--- /dev/null
+++ b/src/chrome/content/rules/Mastering_Emacs.org.xml
@@ -0,0 +1,12 @@
+<ruleset name="Mastering Emacs.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="masteringemacs.org" />
+	<target host="www.masteringemacs.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mastermind.xml b/src/chrome/content/rules/Mastermind.xml
index 65047c95455e..6f0d364f0d65 100644
--- a/src/chrome/content/rules/Mastermind.xml
+++ b/src/chrome/content/rules/Mastermind.xml
@@ -1,8 +1,15 @@
+
 <!--
-	Fully covered subdomains:
+Disabled by https-everywhere-checker because:
+Fetch error: http://mastermindpro.com/ => https://mastermindpro.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.mastermindpro.com/ => https://www.mastermindpro.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://kserver.mastermindpro.com/ => https://kserver.mastermindpro.com/: (35, 'Unknown SSL protocol error in connection to kserver.mastermindpro.com:443 ')
+Fetch error: http://secure.mastermindpro.com/ => https://secure.mastermindpro.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://secure2.mastermindpro.com/ => https://secure2.mastermindpro.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	Wrong content:
 
-		- (www.)
-		- secure2
+		- web1
 
 
 	Mixed content:
@@ -12,16 +19,21 @@
 	* Secured by us
 
 -->
-<ruleset name="Mastermind">
+<ruleset name="Mastermind" default_off="failed ruleset test">
 
 	<target host="mastermindpro.com" />
-	<target host="*.mastermindpro.com" />
+	<target host="www.mastermindpro.com" />
+	<target host="kserver.mastermindpro.com" />
+	<target host="secure.mastermindpro.com" />
+	<target host="secure2.mastermindpro.com" />
 
 
+	<!--	Not secured by server:
+					-->
 	<securecookie host="^www\.mastermindpro\.com$" name=".+" />
 
 
-	<rule from="^http://(secure2\.|www\.)?mastermindpro\.com/"
-		to="https://$1mastermindpro.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Masterminds_Digital.com.xml b/src/chrome/content/rules/Masterminds_Digital.com.xml
new file mode 100644
index 000000000000..15aaf0c905cd
--- /dev/null
+++ b/src/chrome/content/rules/Masterminds_Digital.com.xml
@@ -0,0 +1,72 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://support.mastermindsdigital.com/ => https://support.mastermindsdigital.com/: (51, "SSL: no alternative certificate subject name matches target host name 'support.mastermindsdigital.com'")
+
+	Nonfunctional hosts in *mastermindsdigital.com:
+
+		- blog *
+
+	* Redirects to emailmarketing.techxpress.net
+
+
+	www: Mismatched
+
+
+	Fully covered hosts in *mastermindsdigital.com:
+
+		- (www.)?	(www → ^)
+		- emailmarketing
+		- support
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- mastermindsdigital.com
+		- .mastermindsdigital.com
+		- emailmarketing.mastermindsdigital.com
+		- support.mastermindsdigital.com
+
+
+	Mixed content:
+
+		- css on ^ from fonts.googleapis.com *
+
+		- Images, on:
+
+			- ^ from $self *
+			- support from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Masterminds Digital.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="mastermindsdigital.com" />
+	<target host="emailmarketing.mastermindsdigital.com" />
+	<target host="support.mastermindsdigital.com" />
+
+	<!--	Complications:
+				-->
+	<target host="www.mastermindsdigital.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^mastermindsdigital\.com$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^\.mastermindsdigital\.com$" name="^ct$" /-->
+	<!--securecookie host="^emailmarketing\.mastermindsdigital\.com$" name="^IEMSESSIONID$" /-->
+	<!--securecookie host="^support\.mastermindsdigital\.com$" name="^(SWIFT_client|SWIFT_sessionid40)$" /-->
+
+	<securecookie host="^(?:emailmarketing\.|support\.)?mastermindsdigital\.com$" name=".+" />
+
+
+	<rule from="^http://www\.mastermindsdigital\.com/"
+		to="https://mastermindsdigital.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Masters.com.au.xml b/src/chrome/content/rules/Masters.com.au.xml
new file mode 100644
index 000000000000..fc43563e4b37
--- /dev/null
+++ b/src/chrome/content/rules/Masters.com.au.xml
@@ -0,0 +1,31 @@
+<!--
+	For other Woolworths coverage, see Woolworths.com.au.xml
+
+
+	Nonfunctional subdomains:
+
+		- app		(self-signed cert)
+		- floorwizard	(connection refused)
+		- mobile	(timeout)
+		- reviews	(mismatch hostname, CN: *.ugc.bazaarvoice.com)
+		- stating	(timeout)
+
+-->
+<ruleset name="Masters.com.au">
+
+	<target host="masters.com.au" />
+	<target host="www.masters.com.au" />
+	<target host="m.masters.com.au" />
+	<target host="uat2.app.masters.com.au" />
+	<target host="uat2.m.masters.com.au" />
+	<target host="media1.masters.com.au" />
+	<target host="media2.masters.com.au" />
+	<target host="uat2.masters.com.au" />
+	<target host="uatmedia1.masters.com.au" />
+	<target host="uatmedia2.masters.com.au" />
+
+	<securecookie host="^m\.masters\.com\.au$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mastodon.cloud.xml b/src/chrome/content/rules/Mastodon.cloud.xml
new file mode 100644
index 000000000000..745716eca2ef
--- /dev/null
+++ b/src/chrome/content/rules/Mastodon.cloud.xml
@@ -0,0 +1,23 @@
+<!--
+	Nonfunctional hosts in *.mastodon.cloud:
+	assets.mastodon.cloud (t)
+	mail.mastodon.cloud (t)
+	s3.mastodon.cloud (t)
+	status.mastodon.cloud (t)
+	www.mastodon.cloud (t)	
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Mastodon.cloud">
+	<target host="mastodon.cloud" />
+	
+	<target host="media.mastodon.cloud" />
+	
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mastodon.social.xml b/src/chrome/content/rules/Mastodon.social.xml
new file mode 100644
index 000000000000..3e24e32ee28b
--- /dev/null
+++ b/src/chrome/content/rules/Mastodon.social.xml
@@ -0,0 +1,15 @@
+<!--
+	Site serves an HSTS header with includeSubdomains.
+-->
+<ruleset name="Mastodon.social">
+	<target host="mastodon.social" />
+	<target host="*.mastodon.social" />
+
+	<test url="http://www.mastodon.social/" />
+	<test url="http://assets.mastodon.social/assets/fluffy-elephant-friend-6b47d8e924332955795ff4b2d8fc446437d26b28bfc67d6be2a4d88995ab2c1f.png" />
+	<test url="http://assets.mastodon.social/assets/logo-5701d8d94bca66668f49a2803c984e960dfe0bf93a71f2d86be9455e66505cee.png" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mastozytose-Schweiz.org.xml b/src/chrome/content/rules/Mastozytose-Schweiz.org.xml
index 296aff64898a..d56bf296cce0 100644
--- a/src/chrome/content/rules/Mastozytose-Schweiz.org.xml
+++ b/src/chrome/content/rules/Mastozytose-Schweiz.org.xml
@@ -1,13 +1,12 @@
 <ruleset name="Mastozytose-Schweiz.org">
 
 	<target host="mastozytose-schweiz.org" />
-	<target host="*.mastozytose-schweiz.org" />
+	<target host="www.mastozytose-schweiz.org" />
 
 
 	<securecookie host="^\.?mastozytose-schweiz\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?mastozytose-schweiz\.org/"
-		to="https://$1mastozytose-schweiz.org/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Matalan.co.uk.xml b/src/chrome/content/rules/Matalan.co.uk.xml
new file mode 100644
index 000000000000..22d3142805fa
--- /dev/null
+++ b/src/chrome/content/rules/Matalan.co.uk.xml
@@ -0,0 +1,27 @@
+<!--
+	CDN buckets:
+
+		- jscsecmat.ctscdn.com
+
+
+	^: cert only matches www
+
+-->
+<ruleset name="Matalan.co.uk (partial)">
+
+	<target host="matalan.co.uk" />
+	<target host="www.matalan.co.uk" />
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="^http://www\.matalan\.co\.uk/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.matalan\.co\.uk/+(?!asset/|favicon\.ico)" />
+
+
+	<rule from="^http://(?:www\.)?matalan\.co\.uk/"
+		to="https://www.matalan.co.uk/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Matcc.company.xml b/src/chrome/content/rules/Matcc.company.xml
new file mode 100644
index 000000000000..3142d7b61027
--- /dev/null
+++ b/src/chrome/content/rules/Matcc.company.xml
@@ -0,0 +1,6 @@
+<ruleset name="Matcc.company" platform="mixedcontent">
+	<target host="matcc.company" />
+	<target host="www.matcc.company" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Match-Trade.xml b/src/chrome/content/rules/Match-Trade.xml
new file mode 100644
index 000000000000..7fd49271aab8
--- /dev/null
+++ b/src/chrome/content/rules/Match-Trade.xml
@@ -0,0 +1,37 @@
+<!--
+	Chain issue, missing intermediate:
+		- co.fxeprime.com
+
+	Connection closed:
+		- match-trade.com, equivalent to www.match-trade.com
+
+	Connection reset:
+		- platform.match-trade.com
+-->
+
+<ruleset name="Match Trade">
+	<!-- coinmatch.io -->
+	<target host="coinmatch.io" />
+	<target host="www.coinmatch.io" />
+	<target host="demo.coinmatch.io" />
+
+
+	<!-- fxedgellc.com -->
+	<target host="www.fxedgellc.com" />
+
+
+	<!-- fxeprime.com -->
+	<target host="fxeprime.com" />
+	<target host="www.fxeprime.com" />
+
+
+	<!-- match-trade.com -->
+	<target host="match-trade.com" />
+	<target host="www.match-trade.com" />
+
+	<rule from="^http://match-trade\.com/"
+		to="https://www.match-trade.com/" />
+
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Match.com.xml b/src/chrome/content/rules/Match.com.xml
new file mode 100644
index 000000000000..89f8e542d5fd
--- /dev/null
+++ b/src/chrome/content/rules/Match.com.xml
@@ -0,0 +1,57 @@
+<!--
+	CDN buckets:
+
+		- cp.match.com.edgesuite.net
+
+		- images.match.com.edgesuite.net
+
+			- a419.c.akamai.net
+			- images
+
+
+	Nonfunctional subdomains:
+
+		- cp *
+		- nl		Dropped
+		- www		Refused
+
+	* 504, akamai
+
+
+	^: cert only matches www
+
+
+	Fully covered subdomains:
+
+		- images	(→ a248.e.akamai.net)
+		- secure2.intl
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .match.com
+		- secure2.intl.match.com
+
+-->
+<ruleset name="Match.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<!--target host="match.com" /-->
+	<target host="secure2.intl.match.com" />
+
+		<!--exclusion pattern="^http://(?:cp|nl|www)\.match\.com/" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.match\.com$" name="^(dMatch|ppLoginReferer)$" /-->
+	<!--securecookie host="^secure2\.intl\.match\.com$" name="^(LinkedAccountsLandingUrl|Match|MatchSession|SECU)$" /-->
+
+	<securecookie host="^secure2\.intl\.match\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MatchEnDirect.fr.xml b/src/chrome/content/rules/MatchEnDirect.fr.xml
new file mode 100644
index 000000000000..6a88154bfcef
--- /dev/null
+++ b/src/chrome/content/rules/MatchEnDirect.fr.xml
@@ -0,0 +1,14 @@
+<ruleset name="MatchEnDirect.fr">
+	<target host="matchendirect.fr" />
+	<target host="www.matchendirect.fr" />
+	<target host="asset.matchendirect.fr" />
+	<target host="blog.matchendirect.fr" />
+	<target host="live-foot.matchendirect.fr" />
+	<target host="mobile.matchendirect.fr" />
+	<target host="partenaire.matchendirect.fr" />
+	<target host="qa.matchendirect.fr" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mate-look.org.xml b/src/chrome/content/rules/Mate-look.org.xml
new file mode 100644
index 000000000000..d6fa7f2299bd
--- /dev/null
+++ b/src/chrome/content/rules/Mate-look.org.xml
@@ -0,0 +1,12 @@
+<!--
+	For other openDesktop rules, see openDesktop.org.xml
+
+-->
+<ruleset name="Mate-look.org">
+
+	<target host="mate-look.org" />
+	<target host="www.mate-look.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MateLife.xml b/src/chrome/content/rules/MateLife.xml
deleted file mode 100644
index ece8b72690c5..000000000000
--- a/src/chrome/content/rules/MateLife.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="MateLife">
-
-	<target host="matelife.net" />
-	<target host="*.matelife.net" />
-
-
-	<securecookie host="^\.matelife\.net$" name=".+" />
-
-
-	<rule from="^http://(assets\.|static\.|www\.)?matelife\.net/"
-		to="https://$1matelife.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Materiel.net.xml b/src/chrome/content/rules/Materiel.net.xml
index 2d929f439209..15b45cf2f288 100644
--- a/src/chrome/content/rules/Materiel.net.xml
+++ b/src/chrome/content/rules/Materiel.net.xml
@@ -1,7 +1,47 @@
-<ruleset name="Materiel.net" platform="mixedcontent">
-  <target host="*.materiel.net" />
-  <target host="materiel.net" />
+<!--
+	Problematic hosts in *materiel.net:
+
+		- m *
+
+	* Missing certificate chain
+
+-->
+<ruleset name="Materiel.net (partial)">
+
+	<target host="materiel.net" />
+	<target host="www.materiel.net" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.materiel\.net/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.materiel\.net/+(?!assets/|css/|favicon\.ico|images/|pm/client/(?:login|register|sendpass)\.html)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.materiel.net/iphone/" />
+			<test url="http://www.materiel.net/js/jquery/themes/matnet/matnet.css" />
+			<test url="http://www.materiel.net/microsoft-xbox/" />
+			<test url="http://www.materiel.net/onduleur/" />
+			<test url="http://www.materiel.net/raspberry-pi/" />
+			<test url="http://www.materiel.net/televiseur/" />
+			<test url="http://www.materiel.net/toner/" />
+			<test url="http://www.materiel.net/videoprojecteur/" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.materiel.net/assets/17603.png" />
+			<test url="http://www.materiel.net/css/main/loupe-recherche.png" />
+			<test url="http://www.materiel.net/favicon.ico" />
+			<test url="http://www.materiel.net/images/logo-materiel-net.png" />
+			<test url="http://www.materiel.net/pm/client/login.html" />
+			<test url="http://www.materiel.net/pm/client/register.html" />
+			<test url="http://www.materiel.net/pm/client/sendpass.html" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
-  <rule from="^http://materiel\.net/" to="https://www.materiel.net/" />
-  <rule from="^http://([^@/:]*)\.materiel\.net/" to="https://$1.materiel.net/" />
 </ruleset>
diff --git a/src/chrome/content/rules/MathJax.org.xml b/src/chrome/content/rules/MathJax.org.xml
new file mode 100644
index 000000000000..916023b7c654
--- /dev/null
+++ b/src/chrome/content/rules/MathJax.org.xml
@@ -0,0 +1,13 @@
+<ruleset name="MathJax.org">
+	<target host="mathjax.org" />
+	<target host="www.mathjax.org" />
+	<target host="beta.mathjax.org" />
+		<test url="http://beta.mathjax.org/mathjax/latest/test/localization.html" />
+	<target host="cdn.mathjax.org" />
+		<test url="http://cdn.mathjax.org/mathjax/latest/docs/html/platforms/index.html" />
+	<target host="docs.mathjax.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MathWorks.com.xml b/src/chrome/content/rules/MathWorks.com.xml
new file mode 100644
index 000000000000..f9c400778855
--- /dev/null
+++ b/src/chrome/content/rules/MathWorks.com.xml
@@ -0,0 +1,13 @@
+<!--
+	Cert only matches www.
+
+-->
+<ruleset name="MathWorks.com">
+
+	<target host="mathworks.com" />
+	<target host="www.mathworks.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mathbuntu.org.xml b/src/chrome/content/rules/Mathbuntu.org.xml
new file mode 100644
index 000000000000..9c7240d7661d
--- /dev/null
+++ b/src/chrome/content/rules/Mathbuntu.org.xml
@@ -0,0 +1,14 @@
+<!--
+	(www.)?mathbuntu.org: Expired
+
+-->
+<ruleset name="Mathbuntu.org" default_off="expired">
+
+	<target host="mathbuntu.org" />
+	<target host="www.mathbuntu.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MathematiquesFaciles.com.xml b/src/chrome/content/rules/MathematiquesFaciles.com.xml
new file mode 100644
index 000000000000..12b41e18cd1d
--- /dev/null
+++ b/src/chrome/content/rules/MathematiquesFaciles.com.xml
@@ -0,0 +1,11 @@
+<!--
+	See for related rulesets: FrancaisFacile.com.xml
+-->
+<ruleset name="MathematiquesFaciles.com">
+	<target host="mathematiquesfaciles.com" />
+	<target host="www.mathematiquesfaciles.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mathias-Kettner.de.xml b/src/chrome/content/rules/Mathias-Kettner.de.xml
new file mode 100644
index 000000000000..d33bc1ae7266
--- /dev/null
+++ b/src/chrome/content/rules/Mathias-Kettner.de.xml
@@ -0,0 +1,14 @@
+<!--
+	www: cert only matches ^mathias-kettner.de
+
+-->
+<ruleset name="Mathias-Kettner.de">
+
+	<target host="mathias-kettner.de" />
+	<target host="www.mathias-kettner.de" />
+
+
+	<rule from="^http://(?:www\.)?mathias-kettner\.de/"
+		to="https://mathias-kettner.de/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mathias_Bynens.be.xml b/src/chrome/content/rules/Mathias_Bynens.be.xml
new file mode 100644
index 000000000000..72bd6e1b72c4
--- /dev/null
+++ b/src/chrome/content/rules/Mathias_Bynens.be.xml
@@ -0,0 +1,10 @@
+<ruleset name="Mathias Bynens.be">
+
+	<target host="mathiasbynens.be" />
+	<target host="www.mathiasbynens.be" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mathjobs.org.xml b/src/chrome/content/rules/Mathjobs.org.xml
new file mode 100644
index 000000000000..40d9638fb491
--- /dev/null
+++ b/src/chrome/content/rules/Mathjobs.org.xml
@@ -0,0 +1,10 @@
+<ruleset name="MathJobs.org">
+
+	<target host="mathjobs.org" />
+	<target host="www.mathjobs.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mathsisfun.com.xml b/src/chrome/content/rules/Mathsisfun.com.xml
new file mode 100644
index 000000000000..c5ee3dd1190f
--- /dev/null
+++ b/src/chrome/content/rules/Mathsisfun.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="Mathsisfun.com">
+	<target host="mathsisfun.com" />
+	<target host="www.mathsisfun.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mathtag.com.xml b/src/chrome/content/rules/Mathtag.com.xml
new file mode 100644
index 000000000000..4a62ce92721b
--- /dev/null
+++ b/src/chrome/content/rules/Mathtag.com.xml
@@ -0,0 +1,43 @@
+<!--
+	For other MediaMath coverage, see MediaMath.xml.
+
+
+	CDN buckets:
+
+		- ak1.abmr.net/is/pixel.mathtag.com
+
+
+	Insecure cookies are set for these domains: ᶜ
+
+		- .mathtag.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Mathtag.com">
+
+	<target host="action.mathtag.com" />
+	<target host="akamai.mathtag.com" />
+	<target host="mathid.mathtag.com" />
+	<target host="mathid-origin.mathtag.com" />
+	<target host="pixel.mathtag.com" />
+	<target host="sync.mathtag.com" />
+	<target host="tags.mathtag.com" />
+
+		<!--	Sets cookie without Secure:
+							-->
+		<!--test url="http://pixel.mathtag.com/event/img?mt_id=&amp;mt_adid=&amp;v1=&amp;v2=&amp;v3=&amp;s1=&amp;s2=&amp;s3=" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.mathtag\.com$" name="^(HRL8|uuid|uuidc)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+	<test url="http://tags.mathtag.com/notify/js?exch=ruc&amp;id=" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MathyVanhoef.com.xml b/src/chrome/content/rules/MathyVanhoef.com.xml
new file mode 100644
index 000000000000..01a97af1a178
--- /dev/null
+++ b/src/chrome/content/rules/MathyVanhoef.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="Mathy Vanhoef">
+
+	<target host="mathyvanhoef.com" />
+	<target host="www.mathyvanhoef.com" />
+	<target host="papers.mathyvanhoef.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Matilda_Jane_Platinum.com.xml b/src/chrome/content/rules/Matilda_Jane_Platinum.com.xml
new file mode 100644
index 000000000000..3051cd9dae96
--- /dev/null
+++ b/src/chrome/content/rules/Matilda_Jane_Platinum.com.xml
@@ -0,0 +1,27 @@
+<!--
+	Insecure cookies are set for these domains and hosts:
+
+		- matildajaneplatinum.com
+		- .matildajaneplatinum.com
+
+-->
+<ruleset name="Matilda Jane Platinum.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="matildajaneplatinum.com" />
+	<target host="www.matildajaneplatinum.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^matildajaneplatinum\.com$" name="^CustomerPortal$" /-->
+	<!--securecookie host="^\.matildajaneplatinum\.com$" name="^BIPSvr$" /-->
+
+	<securecookie host="^\.?matildajaneplatinum\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Matkahuolto.xml b/src/chrome/content/rules/Matkahuolto.xml
deleted file mode 100644
index dcc54e782f6e..000000000000
--- a/src/chrome/content/rules/Matkahuolto.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="Matkahuolto">
-	<target host="matkahuolto.info"/>
-	<target host="www.matkahuolto.info"/>
-
-	<securecookie host="^www\.matkahuolto\.info$" name=".+" />
-
-	<!-- Cert matches www -->
-	<rule from="^http://(?:www\.)?matkahuolto\.info/"
-		to="https://www.matkahuolto.info/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/Matomy-Media.xml b/src/chrome/content/rules/Matomy-Media.xml
index c871216227cc..cf8706b9618a 100644
--- a/src/chrome/content/rules/Matomy-Media.xml
+++ b/src/chrome/content/rules/Matomy-Media.xml
@@ -1,15 +1,3 @@
-<!--
-	Other Matomy Media rulesets:
-
-		- M2pub.com.xml
-		- Matomy_Market.xml
-		- Rev2pub.com.xml
-		- Xtendmedia.com.xml
-
-
-	Expired 2013-05-18
-
--->
 <ruleset name="Matomy Media" default_off="expired">
 
 	<target host="matomymedia.com" />
@@ -18,7 +6,7 @@
 
 	<!--	Cert only matches www.
 					-->
-	<rule from="^https?://(?:www\.)?matomymedia\.com/"
+	<rule from="^http://(?:www\.)?matomymedia\.com/"
 		to="https://www.matomymedia.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Matomy_Market.xml b/src/chrome/content/rules/Matomy_Market.xml
index 9458b78e4aa7..90c0dbb78f5e 100644
--- a/src/chrome/content/rules/Matomy_Market.xml
+++ b/src/chrome/content/rules/Matomy_Market.xml
@@ -1,21 +1,12 @@
-<!--
-	For other Matomy Media coverage, see Matomy-Media.xml.
-
-
-	Nonfunctional subdomains:
-
-		- (www.)	(shows matomymedia.com)
-
--->
 <ruleset name="Matomy Market">
 
-	<target host="*.adsmarket.com" />
+	<target host="adsmarket.com" />
+	<target host="www.adsmarket.com" />
 
 
-	<securecookie host="^\.?network\.adsmarket\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://network\.adsmarket\.com/"
-		to="https://network.adsmarket.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Matrix_Group.xml b/src/chrome/content/rules/Matrix_Group.xml
index eb066dd36def..a711a27db4e7 100644
--- a/src/chrome/content/rules/Matrix_Group.xml
+++ b/src/chrome/content/rules/Matrix_Group.xml
@@ -26,4 +26,4 @@
 	<rule from="^http://(clients|www)\.matrixgroup\.net/"
 		to="https://$1.matrixgroup.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Matrox.xml b/src/chrome/content/rules/Matrox.xml
index ea9b6c7d2beb..94bcb7165757 100644
--- a/src/chrome/content/rules/Matrox.xml
+++ b/src/chrome/content/rules/Matrox.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(www\.)?matrox\.com/video/media/"
 		to="https://$1matrox.com/video/media/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Matt.lgbt.xml b/src/chrome/content/rules/Matt.lgbt.xml
new file mode 100644
index 000000000000..d9e8a2168f35
--- /dev/null
+++ b/src/chrome/content/rules/Matt.lgbt.xml
@@ -0,0 +1,8 @@
+<ruleset name="Matt.lgbt">
+	<target host="matt.lgbt" />
+	<target host="www.matt.lgbt" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Matt_Drollette.xml b/src/chrome/content/rules/Matt_Drollette.xml
deleted file mode 100644
index 78ab73494f8c..000000000000
--- a/src/chrome/content/rules/Matt_Drollette.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Matt Drollette">
-
-	<target host="drollette.com" />
-	<target host="*.drollette.com" />
-
-
-	<securecookie host="^\.drollette\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?drollette\.com/"
-		to="https://$1drollette.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Matt_Wilcox.net.xml b/src/chrome/content/rules/Matt_Wilcox.net.xml
new file mode 100644
index 000000000000..7958f4e71f65
--- /dev/null
+++ b/src/chrome/content/rules/Matt_Wilcox.net.xml
@@ -0,0 +1,10 @@
+<ruleset name="Matt Wilcox.net">
+
+	<target host="mattwilcox.net" />
+	<target host="www.mattwilcox.net" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Matthew_Petroff.xml b/src/chrome/content/rules/Matthew_Petroff.xml
deleted file mode 100644
index 552988e871e7..000000000000
--- a/src/chrome/content/rules/Matthew_Petroff.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<ruleset name="Matthew Petroff" default_off="self-signed">
-
-	<target host="mpetroff.net" />
-	<target host="www.mpetroff.net" />
-
-
-	<securecookie host="^www\.mpetroff\.net$" name=".+" />
-
-
-	<!--	!www presents Google cert, 503.
-						-->
-	<rule from="^https?://(?:www\.)?mpetroff\.net/"
-		to="https://www.mpetroff.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Matthews_Marking.com.xml b/src/chrome/content/rules/Matthews_Marking.com.xml
new file mode 100644
index 000000000000..28c2271a4c1e
--- /dev/null
+++ b/src/chrome/content/rules/Matthews_Marking.com.xml
@@ -0,0 +1,14 @@
+<!--
+	Some pages redirect to http.
+
+-->
+<ruleset name="Matthews Marking.com (partial)">
+
+	<target host="matthewsmarking.com" />
+	<target host="www.matthewsmarking.com" />
+
+
+	<rule from="^http://(www\.)?matthewsmarking\.com/(?=css/|distributors(?:$|[?/])|favicon\.ico|images/|images_old/|wp-content/|wp-includes/)"
+		to="https://$1matthewsmarking.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mattmccutchen.net.xml b/src/chrome/content/rules/Mattmccutchen.net.xml
deleted file mode 100644
index cbefbd72b616..000000000000
--- a/src/chrome/content/rules/Mattmccutchen.net.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!-- This rule was automatically generated based on an HSTS
-     preload rule in the Chromium browser.  See 
-     https://src.chromium.org/viewvc/chrome/trunk/src/net/base/transport_security_state.cc
-     for the list of preloads.  Sites are added to the Chromium HSTS
-     preload list on request from their administrators, so HTTPS should
-     work properly everywhere on this site.
- 
-     Because Chromium and derived browsers automatically force HTTPS for
-     every access to this site, this rule applies only to Firefox. -->
-<ruleset name="MattMccutchen.net" platform="firefox">
-  <target host="mattmccutchen.net" />
-  <target host="www.mattmccutchen.net" />
-
-  <securecookie host="^mattmccutchen\.net$" name=".+" />
-
-  <rule from="^http://(www\.)?mattmccutchen\.net/" to="https://mattmccutchen.net/" />
-</ruleset>
diff --git a/src/chrome/content/rules/MauivaAirCruise.com.xml b/src/chrome/content/rules/MauivaAirCruise.com.xml
index f7ecd4fa0180..2f721bda9b62 100644
--- a/src/chrome/content/rules/MauivaAirCruise.com.xml
+++ b/src/chrome/content/rules/MauivaAirCruise.com.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(www\.)?mauivaaircruise\.com/(misc|modules|profiles|sites)/"
 		to="https://$1mauivaaircruise.com/$2/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Mauras.ch.xml b/src/chrome/content/rules/Mauras.ch.xml
new file mode 100644
index 000000000000..cae02a79a073
--- /dev/null
+++ b/src/chrome/content/rules/Mauras.ch.xml
@@ -0,0 +1,21 @@
+<!--
+	Nonfunctional hosts in *mauras.ch:
+
+		- git ʳ
+
+	ʳ Refused
+
+-->
+<ruleset name="Mauras.ch (partial)">
+
+	<target host="mauras.ch" />
+	<target host="www.mauras.ch" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Maurus.net.xml b/src/chrome/content/rules/Maurus.net.xml
deleted file mode 100644
index df9ddbfb5ea8..000000000000
--- a/src/chrome/content/rules/Maurus.net.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<ruleset name="maurus.net">
-
-	<target host="maurus.net" />
-	<target host="www.maurus.net" />
-
-
-	<securecookie host="^maurus\.net$" name=".*" />
-
-
-	<!--	Cert doesn't match www.
-					-->
-	<rule from="^https?://(?:www\.)?maurus\.net/"
-		to="https://maurus.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Maven.co.xml b/src/chrome/content/rules/Maven.co.xml
new file mode 100644
index 000000000000..8a3e786967e2
--- /dev/null
+++ b/src/chrome/content/rules/Maven.co.xml
@@ -0,0 +1,56 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://help.maven.co/ => https://help.maven.co/: Too many redirects while fetching 'https://help.maven.co/'
+
+	(www.)?: Some pages redirect to http
+
+
+	Fully covered subdomains:
+
+		- app
+		- help
+
+
+	Insecure cookies are set for these domains:
+
+		- .maven.co
+
+-->
+<ruleset name="Maven.co (partial)" default_off="failed ruleset test">
+
+	<target host="maven.co" />
+	<target host="app.maven.co" />
+	<target host="help.maven.co" />
+	<target host="www.maven.co" />
+		<!--
+			Redirects to http:
+						-->
+		<!--exclusion pattern="^http://(www\.)?maven\.co/($|blog$|login$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://(?:www\.)?maven\.co/(?!signup(?:$|[?/])|wp-content/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.maven.co/blog" />
+			<test url="http://www.maven.co/case-studies" />
+			<test url="http://www.maven.co/login" />
+			<test url="http://www.maven.co/smarter" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.maven.co/signup" />
+			<test url="http://www.maven.co/wp-content/plugins/gc-message-bar/style-gc-message-bar.php" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.maven\.co$" name="^SESS[\da-f]{32}$" /-->
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Maven.org.xml b/src/chrome/content/rules/Maven.org.xml
new file mode 100644
index 000000000000..a5f398ec5390
--- /dev/null
+++ b/src/chrome/content/rules/Maven.org.xml
@@ -0,0 +1,16 @@
+<!--
+	These altnames don't exist:
+
+		- www.search.maven.org
+
+-->
+<ruleset name="Maven.org (partial)">
+
+	<target host="repo1.maven.org" />
+	<target host="search.maven.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mawdoo3.com.xml b/src/chrome/content/rules/Mawdoo3.com.xml
new file mode 100644
index 000000000000..979baf937817
--- /dev/null
+++ b/src/chrome/content/rules/Mawdoo3.com.xml
@@ -0,0 +1,14 @@
+<!--
+	Mismatch:
+		academy.mawdoo3.com
+-->
+<ruleset name="Mawdoo3.com">
+	<target host="mawdoo3.com" />
+	<target host="www.mawdoo3.com" />
+	<target host="ai.mawdoo3.com" />
+	<target host="experts.mawdoo3.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Max-Planck-Institute-for-Software-Systems.xml b/src/chrome/content/rules/Max-Planck-Institute-for-Software-Systems.xml
index 6081b78e5bb5..87a4ef1453be 100644
--- a/src/chrome/content/rules/Max-Planck-Institute-for-Software-Systems.xml
+++ b/src/chrome/content/rules/Max-Planck-Institute-for-Software-Systems.xml
@@ -10,14 +10,37 @@
 	<target host="mpi-soft.mpg.de" />
 	<target host="www.mpi-soft.mpg.de" />
 	<target host="mpi-sws.org" />
-	<target host="*.mpi-sws.org" />
+	<target host="adresearch.mpi-sws.org" />
+	<target host="broadband.mpi-sws.org" />
+	<target host="bftsim.mpi-sws.org" />
+	<target host="bgp.mpi-sws.org" />
+	<target host="bugassist.mpi-sws.org" />
+	<target host="ceal.mpi-sws.org" />
+	<target host="cloud.mpi-sws.org" />
+	<target host="concurrency.mpi-sws.org" />
+	<target host="courses.mpi-sws.org" />
+	<target host="dependability.mpi-sws.org" />
+	<target host="friendlist-manager.mpi-sws.org" />
+	<target host="imprs.mpi-sws.org" />
+	<target host="mg.mpi-sws.org" />
+	<target host="monarch.mpi-sws.org" />
+	<target host="peerreview.mpi-sws.org" />
+	<target host="peerspective.mpi-sws.org" />
+	<target host="popl.mpi-sws.org" />
+	<target host="psn.mpi-sws.org" />
+	<target host="robust-fpga.mpi-sws.org" />
+	<target host="satellitelab.mpi-sws.org" />
+	<target host="simna2011.mpi-sws.org" />
+	<target host="socialnetworks.mpi-sws.org" />
+	<target host="twitter.mpi-sws.org" />
+	<target host="wiki.mpi-sws.org" />
+	<target host="www.mpi-sws.org" />
 
 
 	<!--	Cert doesn't match !www.	-->
-	<rule from="^https?://(?:www\.)?mpi-soft.mpg.de/"
+	<rule from="^http://(?:www\.)?mpi-soft\.mpg\.de/"
 		to="https://www.mpi-soft.mpg.de/" />
 
-	<rule from="^http://((?:adresearch|broadband|bftsim|bgp|bugassist|ceal|cloud|concurrency|courses|dependability|friendlist-manager|imprs|mg|monarch|peerreview|peerspective|popl|psn|robust-fpga|satellitelab|simna2011|socialnetworks|twitter|wiki|www)\.)?mpi-sws\.org/"
-		to="https://$1mpi-sws.org/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Max.se.xml b/src/chrome/content/rules/Max.se.xml
index c39f4b8304c5..f843ab41ddb9 100644
--- a/src/chrome/content/rules/Max.se.xml
+++ b/src/chrome/content/rules/Max.se.xml
@@ -2,5 +2,5 @@
   <target host="www.max.se" />
   <target host="max.se" />
 
-  <rule from="^http://(www\.)?max\.se/" to="https://www.max.se/"/>
-</ruleset>
\ No newline at end of file
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MaxCDN.com.xml b/src/chrome/content/rules/MaxCDN.com.xml
new file mode 100644
index 000000000000..6576c49f0ef6
--- /dev/null
+++ b/src/chrome/content/rules/MaxCDN.com.xml
@@ -0,0 +1,121 @@
+<!--
+	Other MaxCDN rulesets:
+
+		- BootstrapCDN.xml
+		- NetDNA.xml
+		- Netdna-ssl.com.xml
+
+
+	CDN buckets:
+
+		- maxcdn.wpengine.netdna-cdn.com
+
+			- maxcdn-wpengine.netdna-ssl.com doesn't exist
+
+		- toolsmaxcdn.netdnasa9.netdna-cdn.com
+
+
+	Nonfunctional hosts in *maxcdn.com:
+
+		- tools ʳ
+
+	ʳ Refused
+
+
+	Problematic hosts in *maxcdn.com:
+
+		- blog ʰ
+		- feedback ᵐ
+		- pages ᵐ
+		- support ᵛ
+
+	ʰ WP Engine / redirects to http, preemptable redirect
+	ᵐ Mismatched
+	ᵛ Revoked, preemptable redirect
+
+
+	These altnames do not exist:
+
+		- www.twemoji.maxcdn.com
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- cp.maxcdn.com
+		- rws.maxcdn.com
+		- secure.maxcdn.com
+		- secure-cdn.maxcdn.com
+		- tracking.maxcdn.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css on status from fonts.googleapis.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="MaxCDN.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="maxcdn.com" />
+	<target host="cp.maxcdn.com" />
+	<target host="docs.maxcdn.com" />
+	<target host="oss.maxcdn.com" />
+	<target host="reseller-docs.maxcdn.com" />
+	<target host="rws.maxcdn.com" />
+	<target host="secure.maxcdn.com" />
+	<target host="secure-cdn.maxcdn.com" />
+	<target host="status.maxcdn.com" />
+	<target host="tracking.maxcdn.com" />
+	<target host="twemoji.maxcdn.com" />
+	<target host="www.maxcdn.com" />
+
+	<!--	Complications:
+				-->
+	<target host="blog.maxcdn.com" />
+	<target host="pages.maxcdn.com" />
+	<target host="support.maxcdn.com" />
+
+		<!--test url="http://feedback.maxcdn.com/customer-happiness-awards-2015" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:cp|rws|secure|secure-cdn)\.maxcdn\.com$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^tracking\.maxcdn\.com$" name="^AWSELB$" /-->
+
+	<securecookie host="^\." name="^optimizely" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<!--	Redirect keeps path and args,
+		but not forward slash:
+					-->
+	<rule from="^http://blog\.maxcdn\.com/+"
+		to="https://www.maxcdn.com/blog/" />
+
+		<test url="http://blog.maxcdn.com//" />
+
+	<rule from="^http://pages\.maxcdn\.com/"
+		to="https://vault.stackpath.com/" />
+
+		<!--	$ redirects to another domain, so:
+								-->
+		<test url="http://pages.maxcdn.com/nginx-whitepaper" />
+
+	<!--	Redirect keeps path and args,
+		but not forward slash:
+					-->
+	<rule from="^http://support\.maxcdn\.com/+"
+		to="https://www.maxcdn.com/one/" />
+
+		<test url="http://support.maxcdn.com//" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MaxMaillots.org.xml b/src/chrome/content/rules/MaxMaillots.org.xml
new file mode 100644
index 000000000000..a03b06e1f2da
--- /dev/null
+++ b/src/chrome/content/rules/MaxMaillots.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="MaxMaillots.org">
+	<target host="maxmaillots.org" />
+	<target host="www.maxmaillots.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MaxServ.com.xml b/src/chrome/content/rules/MaxServ.com.xml
new file mode 100644
index 000000000000..184ce558d6e6
--- /dev/null
+++ b/src/chrome/content/rules/MaxServ.com.xml
@@ -0,0 +1,43 @@
+<!--
+	Problematic hosts in *maxserv.com:
+
+		- ^ *
+
+	* Mismatched
+
+
+	Fully covered hosts in *maxserv.com:
+
+		- (www.)?	(^ → www)
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.maxserv.com
+
+-->
+<ruleset name="MaxServ.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.maxserv.com" />
+
+	<!--	Complications:
+				-->
+	<target host="maxserv.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.maxserv\.com$" name="^fe_typo_user$" /-->
+
+	<securecookie host="^www\.maxserv\.com$" name=".+" />
+
+
+	<rule from="^http://maxserv\.com/"
+		to="https://www.maxserv.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MaxSpeed_CDN.com.xml b/src/chrome/content/rules/MaxSpeed_CDN.com.xml
index 7fe58f497c8d..60e99e5ec92c 100644
--- a/src/chrome/content/rules/MaxSpeed_CDN.com.xml
+++ b/src/chrome/content/rules/MaxSpeed_CDN.com.xml
@@ -18,13 +18,13 @@
 <ruleset name="MaxSpeed CDN.com">
 
 	<target host="maxspeedcdn.com" />
-	<target host="*.maxspeedcdn.com" />
+	<target host="on.maxspeedcdn.com" />
+	<target host="www.maxspeedcdn.com" />
 
 
 	<securecookie host="^\.maxspeedcdn\.com$" name=".+" />
 
 
-	<rule from="^http://(on\.|www\.)?maxspeedcdn\.com/"
-		to="https://$1maxspeedcdn.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Max_Kitap.com.xml b/src/chrome/content/rules/Max_Kitap.com.xml
index fb09e2c3b748..0ccfafd09114 100644
--- a/src/chrome/content/rules/Max_Kitap.com.xml
+++ b/src/chrome/content/rules/Max_Kitap.com.xml
@@ -1,13 +1,25 @@
-<ruleset name="Max Kitap.com">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://maxkitap.com/ => https://maxkitap.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.maxkitap.com/ => https://www.maxkitap.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+-->
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://maxkitap.com/ => https://maxkitap.com/: (60, 'SSL certificate problem: self signed certificate')
+
+-->
+<ruleset name="Max Kitap.com" default_off="failed ruleset test">
 
 	<target host="maxkitap.com" />
-	<target host="*.maxkitap.com" />
+	<target host="www.maxkitap.com" />
 
 
 	<securecookie host="^(?:www)?\.maxkitap\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?maxkitap\.com/"
-		to="https://$1maxkitap.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Maxdome.de.xml b/src/chrome/content/rules/Maxdome.de.xml
new file mode 100644
index 000000000000..6b49b0edb2e7
--- /dev/null
+++ b/src/chrome/content/rules/Maxdome.de.xml
@@ -0,0 +1,46 @@
+<!--
+
+        Invalid certificate:
+                - hilfe.maxdome.de
+                - presse.maxdome.de
+                - static.maxdome.de
+
+	Mixed content:
+		- blog.maxdome.de
+		- community.maxdome.de
+
+	Redirect to HTTP:
+		- faq.maxdome.de
+		- sony.maxdome.de
+
+-->
+<ruleset name="Maxdome.de">
+	<target host="maxdome.de" />
+	<target host="www.maxdome.de" />
+
+	<target host="angebote.maxdome.de" />
+	<target host="bild.maxdome.de" />
+	<target host="catchall.maxdome.de" />
+	<target host="computerbild.maxdome.de" />
+	<target host="developer.maxdome.de" />
+	<target host="kunde.maxdome.de" />
+	<target host="live.maxdome.de" />
+	<target host="prepaid.maxdome.de" />
+	<target host="register.maxdome.de" />
+	<target host="service.maxdome.de" />
+	<target host="shopfinder.maxdome.de" />
+	<target host="store.maxdome.de" />
+
+	<!-- Static content domains -->
+	<target host="01.static-maxdome.de" />
+	<target host="02.static-maxdome.de" />
+	<target host="03.static-maxdome.de" />
+	<target host="04.static-maxdome.de" />
+	<target host="05.static-maxdome.de" />
+	<target host="06.static-maxdome.de" />
+	<target host="07.static-maxdome.de" />
+	<target host="08.static-maxdome.de" />
+	<target host="09.static-maxdome.de" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Maxim-IC.com.xml b/src/chrome/content/rules/Maxim-IC.com.xml
new file mode 100644
index 000000000000..0a6e171facac
--- /dev/null
+++ b/src/chrome/content/rules/Maxim-IC.com.xml
@@ -0,0 +1,30 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.maxim-ic.com/ => https://www.maxim-ic.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://maxim-ic.com/ => https://www.maxim-ic.com/: (60, 'SSL certificate problem: certificate has expired')
+
+	For other Maxim Integrated coverage, see Maxim_Integrated.com.xml.
+
+
+	^maxim-ic.com: Mismatched
+
+-->
+<ruleset name="Maxim-IC.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.maxim-ic.com" />
+
+	<!--	Complications:
+				-->
+	<target host="maxim-ic.com" />
+
+
+	<rule from="^http://maxim-ic\.com/"
+		to="https://www.maxim-ic.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Maxim_Integrated.com.xml b/src/chrome/content/rules/Maxim_Integrated.com.xml
index d45b704545be..5a0007d7b5e3 100644
--- a/src/chrome/content/rules/Maxim_Integrated.com.xml
+++ b/src/chrome/content/rules/Maxim_Integrated.com.xml
@@ -1,31 +1,57 @@
+
 <!--
-	Nonfunctional domains:
+Disabled by https-everywhere-checker because:
+Fetch error: http://ibutton.maximintegrated.com/ => https://ibutton.maximintegrated.com/: (6, 'Could not resolve host: www.ibutton.maximintegrated.com')
+Fetch error: http://members.maximintegrated.com/ => https://members.maximintegrated.com/: (6, 'Could not resolve host: www.members.maximintegrated.com')
+Fetch error: http://search.maximintegrated.com/ => https://search.maximintegrated.com/: (6, 'Could not resolve host: www.search.maximintegrated.com')
 
-		- www.maximumintegrated.com	(redirects to maxim-ic.com, valid cert)
+	Other Maxim Integrated rulesets:
 
+		- Maxim-IC.com.xml
 
-	Problematic domains:
 
-		- maxim-ic.com	(differs from http)
+	Nonfunctional hosts in *maximintegrated.com:
 
+		- appnotes ¹
+		- blast ²
+		- files	²
 
-	Fully covered domains:
+	¹ Differs from http
+	² 200 "Error"
 
-		- (www.)maxim-ic.com	(^ → www)
-		- memcenter.maximintegrated.com
 
--->
-<ruleset name="Maxim Integrated.com (partial)">
+	Insecure cookies are set for these domains and hosts:
+
+		- .maximintegrated.com
+		- shop.maximintegrated.com
 
-	<target host="maxim-ic.com" />
-	<target host="www.maxim-ic.com" />
+-->
+<ruleset name="Maxim Integrated.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="maximintegrated.com" />
+	<target host="datasheets.maximintegrated.com" />
+	<target host="ibutton.maximintegrated.com" />
+	<target host="members.maximintegrated.com" />
 	<target host="memcenter.maximintegrated.com" />
+	<target host="my.maximintegrated.com" />
+	<target host="para.maximintegrated.com" />
+	<target host="pdfserv.maximintegrated.com" />
+	<target host="search.maximintegrated.com" />
+	<target host="support.maximintegrated.com" />
+	<target host="www.maximintegrated.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.maximintegrated\.com$" name="^MAX_(?:ID_CARD|TICKET|VISITOR)$" /-->
+	<!--securecookie host="^shop\.maximintegrated\.com$" name="^ORA_WX_SESSION$" /-->
 
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(?:www\.)?maxim-ic\.com/"
-		to="https://www.maxim-ic.com/" />
 
-	<rule from="^http://memcenter\.maximintegrated\.com/"
-		to="https://memcenter.maximintegrated.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Maxmind.xml b/src/chrome/content/rules/Maxmind.xml
deleted file mode 100644
index 82250295ecd2..000000000000
--- a/src/chrome/content/rules/Maxmind.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- forum		(record_too_long)
-
--->
-<ruleset name="MaxMind (partial)">
-
-	<target host="maxmind.com" />
-	<target host="*.maxmind.com" />
-
-
-	<securecookie host="^www\.maxmind\.com$" name=".*" />
-
-
-	<rule from="^http://((?:dev|geoip\d?|geolite|j|minfraud|www)\.)?maxmind\.com/"
-		to="https://$1maxmind.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Maxon.net.xml b/src/chrome/content/rules/Maxon.net.xml
new file mode 100644
index 000000000000..cffdd3fb024f
--- /dev/null
+++ b/src/chrome/content/rules/Maxon.net.xml
@@ -0,0 +1,23 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://nimius.maxon.net/ => https://nimius.maxon.net/: (35, 'error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol')
+
+-->
+<ruleset name="Maxon.net"  default_off="failed ruleset test">
+	<target host="maxon.net" />
+	<target host="www.maxon.net" />
+	<target host="developers.maxon.net" />
+	<target host="fc.maxon.net" />
+	<target host="fcws.maxon.net" />
+	<target host="help.maxon.net" />
+	<target host="http.maxon.net" />
+	<target host="intro.maxon.net" />
+	<target host="landingpage.maxon.net" />
+	<target host="nimius.maxon.net" />
+	<target host="r18.maxon.net" />
+	<target host="register.maxon.net" />
+	<target host="t3dev.maxon.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Maxymiser.xml b/src/chrome/content/rules/Maxymiser.xml
index 1480ea59cae8..9cf85235b570 100644
--- a/src/chrome/content/rules/Maxymiser.xml
+++ b/src/chrome/content/rules/Maxymiser.xml
@@ -1,30 +1,32 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://maxymiser.com/ => https://maxymiser.com/: Too many redirects while fetching 'https://maxymiser.com/'
+
 	CDN buckets:
 
 		- maxymiser.hs.llnwd.net/o36/
 
 -->
-<ruleset name="Maxymiser (partial)">
+<ruleset name="Maxymiser (partial)" default_off="failed ruleset test">
 
 	<target host="maxymiser.com" />
-	<target host="*.maxymiser.com" />
-	<target host="*.www.maxymiser.com" />
+	<target host="cg-global.maxymiser.com" />
+	<target host="hub.maxymiser.com" />
+	<target host="www.maxymiser.com" />
 	<target host="service.maxymiser.net" />
 
 
 	<securecookie host="^.*\.maxymiser\.com$" name=".+" />
 
 
-	<rule from="^http://(cg-global\.|hub\.|www\.)?maxymiser\.com/"
-		to="https://$1maxymiser.com/" />
 
 	<!--	- Cert: *.marketo.com
 		- 302s to app-c.market.com
 
-	<rule from="^https?://go\.maxymiser\.com/()"
+	<rule from="^http://go\.maxymiser\.com/()"
 		to="https://na-c.marketo.com/$1" /-->
 
-	<rule from="^http://service\.maxymiser\.net/"
-		to="https://service.maxymiser.net/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MayFirstPeopleLink-mismatches.xml b/src/chrome/content/rules/MayFirstPeopleLink-mismatches.xml
index 4beb1eead621..523e253a19e2 100644
--- a/src/chrome/content/rules/MayFirstPeopleLink-mismatches.xml
+++ b/src/chrome/content/rules/MayFirstPeopleLink-mismatches.xml
@@ -1,11 +1,11 @@
-<ruleset name="May First/People Link (mismatches)" default_off="mismatch">
+<ruleset name="May First.org (mismatches)" default_off="mismatched">
 
 	<!--	cert: secure.critpath.org	-->
 	<target host="didier.mayfirst.org"/>
 
-	<securecookie host="^didier\.mayfirst\.org$" name=".*"/>
+	<securecookie host="^didier\.mayfirst\.org$" name=".+" />
 
-	<rule from="^http://didier\.mayfirst\.org/"
-		to="https://didier.mayfirst.org/"/>
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/MayFirstPeopleLink.xml b/src/chrome/content/rules/MayFirstPeopleLink.xml
index 41a3d069ffd8..ec4685542300 100644
--- a/src/chrome/content/rules/MayFirstPeopleLink.xml
+++ b/src/chrome/content/rules/MayFirstPeopleLink.xml
@@ -1,20 +1,47 @@
-<!--	See MayFirstPeopleLink-mismatches.xml for problematic rules.
+<!--
+	May First/People Link
+
+	See MayFirstPeopleLink-mismatches.xml for problematic rules.
+
+
+	These altnames don't exist:
+
+		- www.social.mayfirst.org
+
+
+	Insecure cookies are set for these hosts:
+
+		- social.mayfirst.org
+
 -->
-<ruleset name="May First/People Link (partial)">
+<ruleset name="May First.org (partial)">
 
 	<target host="mayfirst.org"/>
-	<target host="*.mayfirst.org"/>
+	<target host="lists.mayfirst.org" />
+	<target host="live.mayfirst.org" />
+	<target host="members.mayfirst.org" />
+	<target host="roundcube.mayfirst.org" />
+	<target host="social.mayfirst.org" />
+	<target host="support.mayfirst.org" />
+	<target host="webmail.mayfirst.org" />
+	<target host="www.mayfirst.org" />
+
 		<!--	handled in mismatches	-->
-		<exclusion pattern="^http://didier\."/>
+		<!--exclusion pattern="^http://didier\."/-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^social\.mayfirst\.org$" name="^PHPSESSID$" /-->
 
-	<securecookie host="^(.*\.)?mayfirst\.org$" name=".*"/>
+	<securecookie host=".+" name=".+"/>
 
 	<!--	cert !match www	-->
-	<rule from="^http://(?:www\.)?mayfirst\.org/"
+	<rule from="^http://www\.mayfirst\.org/"
 		to="https://mayfirst.org/"/>
 
-	<rule from="^http://(id|lists|live|members|roundcube|support|webmail)\.mayfirst\.org/"
-		to="https://$1.mayfirst.org/"/>
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
 
diff --git a/src/chrome/content/rules/MayFlower-Software-mismatches.xml b/src/chrome/content/rules/MayFlower-Software-mismatches.xml
index e6d0eb7902ae..50b17b870a2b 100644
--- a/src/chrome/content/rules/MayFlower-Software-mismatches.xml
+++ b/src/chrome/content/rules/MayFlower-Software-mismatches.xml
@@ -1,9 +1,9 @@
-<ruleset name="MayFlower Software (mismatches)" default_off="mismatch">
+<ruleset name="MayFlower Software (mismatches)" default_off="mismatched">
 
 	<target host="justfordomino.com"/>
 	<target host="www.justfordomino.com"/>
 
-	<rule from="^http://(www\.)?justfordomino\.com/"
+	<rule from="^http://(?:www\.)?justfordomino\.com/"
 		to="https://justfordomino.com/"/>
 
 </ruleset>
diff --git a/src/chrome/content/rules/MayFlower-Software.xml b/src/chrome/content/rules/MayFlower-Software.xml
index a905711c13be..9bdbaca89757 100644
--- a/src/chrome/content/rules/MayFlower-Software.xml
+++ b/src/chrome/content/rules/MayFlower-Software.xml
@@ -1,14 +1,24 @@
-<ruleset name="MayFlower Software (partial)" platform="mixedcontent">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://notesappstore.com/ => https://www.notesappstore.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.notesappstore.com/ => https://www.notesappstore.com/: (28, 'Connection timed out after 20002 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://notesappstore.com/ => https://www.notesappstore.com/: (28, 'Connection timed out after 10000 milliseconds')
+Fetch error: http://www.notesappstore.com/ => https://www.notesappstore.com/: (28, 'Connection timed out after 10001 milliseconds')
+-->
+<ruleset name="MayFlower Software (partial)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="maysoft.com"/>
 	<target host="www.maysoft.com"/>
 	<target host="notesappstore.com"/>
 	<target host="www.notesappstore.com"/>
 
-	<rule from="^http://(www\.)?maysoft\.com/"
+	<rule from="^http://(?:www\.)?maysoft\.com/"
 		to="https://maysoft.com/"/>
 
-	<rule from="^http://(www\.)?notesappstore\.com/"
+	<rule from="^http://(?:www\.)?notesappstore\.com/"
 		to="https://www.notesappstore.com/"/>
 
 </ruleset>
diff --git a/src/chrome/content/rules/Maybank-IB.com.xml b/src/chrome/content/rules/Maybank-IB.com.xml
new file mode 100644
index 000000000000..bbb76182a5b1
--- /dev/null
+++ b/src/chrome/content/rules/Maybank-IB.com.xml
@@ -0,0 +1,34 @@
+<!--
+	For other Maybank coverage, see Maybank.com.xml
+
+
+	Non-functional host:
+		- (www.)maybank-ib.com	(r)
+			- rcs		(i)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Maybank Investment Bank">
+
+	<target host="btx.maybank-ib.com" />
+	<target host="d.maybank-ib.com" />
+	<target host="s.maybank-ib.com" />
+	<target host="t.maybank-ib.com" />
+
+	<target host="powerbroking2u.com.my" />
+	<target host="www.powerbroking2u.com.my" />
+	<target host="mbbibtwcms.powerbroking2u.com.my" />
+	<target host="mobiletrade.powerbroking2u.com.my" />
+	<target host="www.mobiletrade.powerbroking2u.com.my" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Maybank-KE.co.th.xml b/src/chrome/content/rules/Maybank-KE.co.th.xml
new file mode 100644
index 000000000000..c1c67ffac2e2
--- /dev/null
+++ b/src/chrome/content/rules/Maybank-KE.co.th.xml
@@ -0,0 +1,35 @@
+<!--
+	For other Maybank coverage, see Maybank.com.xml
+
+
+	Non-functional subdomains:
+
+		- www	(mixed content)
+		- event	(t)
+		- www.gslb	(r)
+		- m	(r)
+		- pda	(r)
+		- sse	(r)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Maybank-KE.co.th">
+
+	<target host="b2b.maybank-ke.co.th" />
+	<target host="kelive.maybank-ke.co.th" />
+	<target host="trading.maybank-ke.co.th" />
+	<target host="trading3.maybank-ke.co.th" />
+	<target host="tradingm.maybank-ke.co.th" />
+	<target host="tradings.maybank-ke.co.th" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Maybank-KE.com.xml b/src/chrome/content/rules/Maybank-KE.com.xml
new file mode 100644
index 000000000000..a52d726dd288
--- /dev/null
+++ b/src/chrome/content/rules/Maybank-KE.com.xml
@@ -0,0 +1,40 @@
+<!--
+	For other Maybank coverage, see Maybank.com.xml
+
+
+	Non-functional subdomains:
+		- maybank-ke.com	(r)
+			- www	(r)
+			- clientmanager	(r)
+			- groupfr	(m)
+			- www.m	(r)
+			- mail1	(r)
+
+		- ketradewl.com
+			- www.m		(r)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Maybank Kim Eng">
+
+	<target host="ehub.maybank-ke.com" />
+	<target host="factset.maybank-ke.com" />
+	<target host="factsetpdf.maybank-ke.com" />
+	<target host="factsettd.maybank-ke.com" />
+
+	<target host="www.ketradewl.com" />
+	<target host="backoffice.ketradewl.com" />
+	<target host="kest.ketradewl.com" />
+	<target host="kestbo.ketradewl.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Maybank.co.id.xml b/src/chrome/content/rules/Maybank.co.id.xml
new file mode 100644
index 000000000000..dfa2ef171e06
--- /dev/null
+++ b/src/chrome/content/rules/Maybank.co.id.xml
@@ -0,0 +1,50 @@
+<!--
+	For other Maybank coverage, see Maybank.com.xml
+
+
+	Non-functional subdomains:
+
+		- mail	(m)
+		- maingw2	(t)
+		- www.mbiwfh	(i)
+		- microsite	(m)
+		- myhr2u	(i)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Maybank.co.id">
+
+	<target host="maybank.co.id" />
+	<target host="www.maybank.co.id" />
+	<target host="3ds.maybank.co.id" />
+	<target host="3dsecure.maybank.co.id" />
+	<target host="autodiscover.maybank.co.id" />
+	<target host="boardpac.maybank.co.id" />
+	<target host="coolbanking.maybank.co.id" />
+	<target host="coolpay.maybank.co.id" />
+	<target host="coolpay-fscm.maybank.co.id" />
+	<target host="ecustody.maybank.co.id" />
+	<target host="form.maybank.co.id" />
+	<target host="m2e.maybank.co.id" />
+	<target host="m2u.maybank.co.id" />
+	<target host="microsite.maybank.co.id" />
+	<target host="www.microsite.maybank.co.id" />
+	<target host="move.maybank.co.id" />
+	<target host="tradeconnex.maybank.co.id" />
+	<target host="webmail.maybank.co.id" />
+
+	<securecookie host=".+" name=".+" />
+
+	<!-- certificate mismatch -->
+	<rule from="^http://microsite\.maybank\.co\.id/"
+		to="https://www.microsite.maybank.co.id/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Maybank.com.sg.xml b/src/chrome/content/rules/Maybank.com.sg.xml
new file mode 100644
index 000000000000..a1aeff4b4d74
--- /dev/null
+++ b/src/chrome/content/rules/Maybank.com.sg.xml
@@ -0,0 +1,39 @@
+<!--
+	For other Maybank coverage, see Maybank.com.xml
+
+
+	Non-functional hosts:
+
+		- (www.)maybank.com.sg	(m)
+			- dns1	(t)
+			- dns2	(t)
+			- mbb3dsecure	(t)
+			- securewo	(t)
+			- smtp	(t)
+
+		- (www.)maybank2u.com.sg	(m)
+			- info	(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Maybank.com.sg">
+
+	<target host="3dsecure.maybank.com.sg" />
+	<target host="apply.maybank.com.sg" />
+	<target host="eportal.maybank.com.sg" />
+	<target host="rewards.maybank.com.sg" />
+	<target host="sft.maybank.com.sg" />
+	<target host="sslsecure.maybank.com.sg" />
+	<target host="voltage-pp-0000.maybank.com.sg" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Maybank2e.com.xml b/src/chrome/content/rules/Maybank2e.com.xml
new file mode 100644
index 000000000000..f3f29d70cfd1
--- /dev/null
+++ b/src/chrome/content/rules/Maybank2e.com.xml
@@ -0,0 +1,12 @@
+<!--
+	For other Maybank coverage, see Maybank.com.xml
+-->
+<ruleset name="Maybank2e.com">
+
+	<target host="www.maybank2e.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Maybank2e.net.xml b/src/chrome/content/rules/Maybank2e.net.xml
new file mode 100644
index 000000000000..d8ecf02aa5cb
--- /dev/null
+++ b/src/chrome/content/rules/Maybank2e.net.xml
@@ -0,0 +1,12 @@
+<!--
+	For other Maybank coverage, see Maybank.com.xml
+-->
+<ruleset name="Maybank2e.net">
+
+	<target host="www.maybank2e.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Maybank2u.com.kh.xml b/src/chrome/content/rules/Maybank2u.com.kh.xml
new file mode 100644
index 000000000000..1d417eba1e77
--- /dev/null
+++ b/src/chrome/content/rules/Maybank2u.com.kh.xml
@@ -0,0 +1,12 @@
+<!--
+	For other Maybank coverage, see Maybank.com.xml
+-->
+<ruleset name="Maybank2u.com.kh">
+
+	<target host="www.maybank2u.com.kh" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Maybank2u.com.my.xml b/src/chrome/content/rules/Maybank2u.com.my.xml
new file mode 100644
index 000000000000..93eb9097a766
--- /dev/null
+++ b/src/chrome/content/rules/Maybank2u.com.my.xml
@@ -0,0 +1,47 @@
+<!--
+	For other Maybank coverage, see Maybank.com.xml
+
+
+	Non-functional subdomains:
+		- maybank2u.com.my	(m)
+		- apps	(t)
+		- apps2	(t)
+		- bills	(t)
+		- ecosoms1	(r)
+		- ecosoms2	(r)
+		- emerchant	(r)
+		- mobile	(r)
+		- mobiletradesit1	(i)
+		- mobiletradeuat1	(i)
+		- search	(r)
+		- stmts	(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Maybank2u.com.my">
+
+	<target host="maybank2u.com.my" />
+	<target host="www.maybank2u.com.my" />
+	<target host="ebpp.maybank2u.com.my" />
+	<target host="m2umobile.maybank2u.com.my" />
+	<target host="m2upay.maybank2u.com.my" />
+	<target host="m2upayuat.maybank2u.com.my" />
+	<target host="m2uplanner.maybank2u.com.my" />
+	<target host="ost.maybank2u.com.my" />
+	<target host="payee.maybank2u.com.my" />
+
+	<securecookie host=".+" name=".+" />
+
+	<!-- certificate mismatch -->
+	<rule from="^http://maybank2u\.com\.my/"
+		to="https://www.maybank2u.com.my/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Maybank2u.com.ph.xml b/src/chrome/content/rules/Maybank2u.com.ph.xml
new file mode 100644
index 000000000000..b1a1afc95db3
--- /dev/null
+++ b/src/chrome/content/rules/Maybank2u.com.ph.xml
@@ -0,0 +1,22 @@
+<!--
+	For other Maybank coverage, see Maybank.com.xml
+-->
+<ruleset name="Maybank2u.com.ph">
+
+	<target host="maybank2u.com.ph" />
+	<target host="www.maybank2u.com.ph" />
+
+	<securecookie host=".+" name=".+" />
+
+	<!-- only main website; RIBNOW, resources and ph_maybank_gif directories are functional -->
+	<rule from="^http://(www\.)?maybank2u\.com\.ph/$"
+		to="https://www.maybank2u.com.ph/" />
+
+	<rule from="^http://(www\.)?maybank2u\.com\.ph/(RIBNOW|resources|ph_maybank_gif)/"
+		to="https://www.maybank2u.com.ph/$2/" />
+
+		<test url="http://maybank2u.com.ph/RIBNOW/common/Login.do" />
+		<test url="http://www.maybank2u.com.ph/resources/my/img/common/logo-maybank2u_m.png" />
+		<test url="http://www.maybank2u.com.ph/ph_maybank_gif/image/BancNet.gif" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MaybankHeart.com.xml b/src/chrome/content/rules/MaybankHeart.com.xml
new file mode 100644
index 000000000000..a568f93996d5
--- /dev/null
+++ b/src/chrome/content/rules/MaybankHeart.com.xml
@@ -0,0 +1,13 @@
+<!--
+	For other Maybank coverage, see Maybank.com.xml
+-->
+<ruleset name="MaybankHeart.com">
+
+	<target host="maybankheart.com" />
+	<target host="www.maybankheart.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Maybe_Maimed.com.xml b/src/chrome/content/rules/Maybe_Maimed.com.xml
new file mode 100644
index 000000000000..a06f5042bac7
--- /dev/null
+++ b/src/chrome/content/rules/Maybe_Maimed.com.xml
@@ -0,0 +1,37 @@
+<!--
+	Nonfunctional hosts in *maybemaimed.com:
+
+		- days *
+
+	* Tumblr / refused
+
+
+	Insecure cookies are set for these domains:
+
+		- .maybemaimed.com
+
+
+	Mixed content:
+
+		- Image from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Maybe Maimed.com (partial)">
+
+	<target host="maybemaimed.com" />
+	<target host="www.maybemaimed.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.maybemaimed\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mayday.us.xml b/src/chrome/content/rules/Mayday.us.xml
new file mode 100644
index 000000000000..fb5243666154
--- /dev/null
+++ b/src/chrome/content/rules/Mayday.us.xml
@@ -0,0 +1,53 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://auth.mayday.us/ => https://auth.mayday.us/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+        NB: Tor users cannot view* this website due to CloudFlare settings.
+
+        See:
+
+                - https://blog.torproject.org/blog/call-arms-helping-internet-services-accept-anonymous-users
+                - https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block-Tor-
+                - https://support.cloudflare.com/hc/en-us/articles/200170206-How-do-I-turn-I-m-Under-Attack-mode-on-
+
+        * without enabling javascript, for security and privacy implications see e.g.:
+
+                - https://www.mozilla.org/security/known-vulnerabilities/firefox.html
+                - https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-fingerprinting
+                - https://panopticlick.eff.org
+
+
+	Fully covered hosts in *mayday.us:
+
+		- (www.)?
+		- auth
+		- my
+
+
+	Insecure cookies are set for these domains:
+
+		- .mayday.us
+
+-->
+<ruleset name="Mayday.us" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="mayday.us" />
+	<target host="auth.mayday.us" />
+	<target host="my.mayday.us" />
+	<target host="www.mayday.us" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.mayday\.us$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.mayday\.us$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Maymay.net.xml b/src/chrome/content/rules/Maymay.net.xml
new file mode 100644
index 000000000000..db347a8a7210
--- /dev/null
+++ b/src/chrome/content/rules/Maymay.net.xml
@@ -0,0 +1,23 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .maymay.net
+
+-->
+<ruleset name="maymay.net">
+
+	<target host="maymay.net" />
+	<target host="www.maymay.net" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.maymay\.net$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mayo-Clinic.xml b/src/chrome/content/rules/Mayo-Clinic.xml
index 9a307beafd2a..83ceab54bf64 100644
--- a/src/chrome/content/rules/Mayo-Clinic.xml
+++ b/src/chrome/content/rules/Mayo-Clinic.xml
@@ -1,32 +1,14 @@
-<!--
-	Nonfunctional domains:
-
-		- www.mayo.edu	(times out)
-
-
-	Problematic domains:
-
-		- mayoclinic.com	(cert only matches www)
-
--->
-<ruleset name="Mayo Clinic (partial)" platform="mixedcontent">
-
+<ruleset name="Mayo Clinic (partial)">
 	<target host="mayoclinic.com" />
-	<target host="*.mayoclinic.com" />
-	<target host="mayoclinic.org" />
-	<target host="*.mayoclinic.org" />
-
-
-	<securecookie host="^(?:.*\.)?mayoclinic\.(?:com|org)$" name=".+" />
+	<target host="www.mayoclinic.com" />
+	<target host="healthletter.mayoclinic.com" />
+	<target host="marketplace.mayoclinic.com" />
+	<target host="store.mayoclinic.com" />
 
+	<target host="mayoclinic.org" />
+	<target host="www.mayoclinic.org" />
 
-	<rule from="^https?://mayoclinic\.com/"
-		to="https://www.mayoclinic.com/" />
-
-	<rule from="^http://(healthletter|(?:book)?store|www)\.mayoclinic\.com/"
-		to="https://$1.mayoclinic.com/" />
-
-	<rule from="^http://(www\.)?mayoclinic\.org/"
-		to="https://$1mayoclinic.org/" />
+	<securecookie host=".+" name=".+" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/MazaCoin.org.xml b/src/chrome/content/rules/MazaCoin.org.xml
new file mode 100644
index 000000000000..4fd5a244e339
--- /dev/null
+++ b/src/chrome/content/rules/MazaCoin.org.xml
@@ -0,0 +1,36 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://mazacoin.org/ => https://mazacoin.org/: (7, 'Failed to connect to mazacoin.org port 443: Connection refused')
+Fetch error: http://www.mazacoin.org/ => https://www.mazacoin.org/: (7, 'Failed to connect to www.mazacoin.org port 443: Connection refused')
+
+	Fully covered hosts in *mazacoin.org:
+
+		- (www.)?
+
+
+	Insecure cookies are set for these hosts:
+
+		- mazacoin.org
+		- www.mazacoin.org
+
+-->
+<ruleset name="MazaCoin.org" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="mazacoin.org" />
+	<target host="www.mazacoin.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?mazacoin\.org$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^(?:www\.)?mazacoin\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mazacha.in.xml b/src/chrome/content/rules/Mazacha.in.xml
new file mode 100644
index 000000000000..dc51d314f0e4
--- /dev/null
+++ b/src/chrome/content/rules/Mazacha.in.xml
@@ -0,0 +1,21 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://mazacha.in/ => https://mazacha.in/: (28, 'Connection timed out after 20001 milliseconds')
+
+	These altnames don't exist:
+
+		- www.mazacha.in
+
+-->
+<ruleset name="mazacha.in" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="mazacha.in" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mbed.org.xml b/src/chrome/content/rules/Mbed.org.xml
new file mode 100644
index 000000000000..80cc003c1b9c
--- /dev/null
+++ b/src/chrome/content/rules/Mbed.org.xml
@@ -0,0 +1,55 @@
+<!--
+	For other ARM coverage, see ARM.xml.
+
+
+	www: Mismatched
+
+
+	Fully covered subdomains:
+
+		- (www.)?	(www → ^)
+		- developer
+		- tls
+
+
+	yotta: Dropped over http
+
+
+	These altnames don't exist:
+
+		- cdn.mbed.org
+		- www.tls.mbed.org
+
+
+	Insecure cookies are set for these hosts:
+
+		- mbed.org
+
+-->
+<ruleset name="mbed.org">
+
+	<target host="mbed.org" />
+	<target host="developer.mbed.org" />
+	<target host="tls.mbed.org" />
+	<target host="www.mbed.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^mbed\.org$" name="^csrftoken$" /-->
+
+	<securecookie host="^mbed\.org$" name=".+" />
+
+
+	<!--	Redirect keeps path and args,
+		but not forward slash:
+					-->
+	<rule from="^http://www\.mbed\.org/+"
+		to="https://mbed.org/" />
+
+		<test url="http://www.mbed.org/about/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mbl.is.xml b/src/chrome/content/rules/Mbl.is.xml
index 1f0d0da43ea6..de1d63895afd 100644
--- a/src/chrome/content/rules/Mbl.is.xml
+++ b/src/chrome/content/rules/Mbl.is.xml
@@ -5,10 +5,12 @@
 	Problematic subdomains:
 
 		- (www.) *
-		- m *		(works)
-		- static *	(works)
+		- icelandmonitor *
+		- m *
+		- media *
+		- static *
 
-	* Cert only matches secure
+	* curl: (35) Unknown SSL protocol error
 
 
 	Mixed images from:
@@ -24,9 +26,15 @@
 <ruleset name="mbl.is (partial)">
 
 	<target host="mbl.is" />
-	<target host="*.mbl.is" />
+	<target host="secure.mbl.is" />
+	<target host="www.mbl.is" />
 	<target host="mbl.teljari.is" />
 
+	<!-- Causes redirect loop and breaks search form. -->
+	<exclusion pattern="^http://(secure\.|www\.)?mbl\.is/fasteignir/" />
+		<test url="http://mbl.is/fasteignir/" />
+		<test url="http://www.mbl.is/fasteignir/" />
+		<test url="http://secure.mbl.is/fasteignir/" />
 
 	<rule from="^http://(?:secure\.|www\.)?mbl\.is/"
 		to="https://secure.mbl.is/" />
@@ -34,4 +42,4 @@
 	<rule from="^http://mbl\.teljari\.is/"
 		to="https://secure.teljari.is/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Mbnet.pt.xml b/src/chrome/content/rules/Mbnet.pt.xml
new file mode 100644
index 000000000000..7681c861b53b
--- /dev/null
+++ b/src/chrome/content/rules/Mbnet.pt.xml
@@ -0,0 +1,8 @@
+<ruleset name="Mbnet.pt">
+	<target host="www.mbnet.pt" />
+	<target host="teste.mbnet.pt" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mbsy.co.xml b/src/chrome/content/rules/Mbsy.co.xml
new file mode 100644
index 000000000000..bd78ee010651
--- /dev/null
+++ b/src/chrome/content/rules/Mbsy.co.xml
@@ -0,0 +1,20 @@
+<!--
+	For other Ambassador coverage, see Get_Ambassador.com.xml.
+
+
+	These altnames don't exist:
+
+		- www.mbsy.co
+
+-->
+<ruleset name="Mbsy.co">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="mbsy.co" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/McAfee-MX-Logic.xml b/src/chrome/content/rules/McAfee-MX-Logic.xml
index 6e1262d57043..3148eebe9410 100644
--- a/src/chrome/content/rules/McAfee-MX-Logic.xml
+++ b/src/chrome/content/rules/McAfee-MX-Logic.xml
@@ -1,16 +1,45 @@
-<ruleset name="McAfee MX Logic">
+<!--
+	McAfee MX Logic
 
-	<target host="mxlogic.com"/>
-	<target host="*.mxlogic.com"/>
+	For other McAfee coverage, see McAfee.xml.
 
-	<securecookie host="^(.*\.)?mxlogic\.com$" name=".*"/>
 
-	<!--	Cert isn't valid for !www.	-->
-	<rule from="^http://(?:www\.)?mxlogic\.com/"
-		to="https://www.mxlogic.com/"/>
+	(www.)?mxlogic.com: Mismatched
 
-	<!--	Clients have unique domains.	-->
-	<rule from="^http://([^\.]\.)?(console|portal)\.mxlogic\.com/"
-		to="https://$1$2.mxlogic.com/"/>
+-->
+<ruleset name="MX Logic.com">
+
+	<target host="mxlogic.com" />
+	<target host="console.mxlogic.com" />
+	<target host="*.console.mxlogic.com" />
+	<target host="portal.mxlogic.com" />
+	<target host="*.portal.mxlogic.com" />
+	<target host="www.mxlogic.com" />
+
+		<!--	Clients have unique domains.	-->
+		<exclusion pattern="^http://(?:[^./]+\.){2,}(?:console|portal)\.mxlogic\.com/" />
+
+			<!--	+ve:
+					-->
+			<test url="http://this.host.console.mxlogic.com/" />
+			<test url="http://exists.not.console.mxlogic.com/" />
+			<test url="http://this.host.portal.mxlogic.com/" />
+			<test url="http://exists.not.portal.mxlogic.com/" />
+
+		<test url="http://portal.mxlogic.com/images/transparent.gif" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<!--	Redirect drops all:
+					-->
+	<rule from="^http://(?:www\.)?mxlogic\.com/.*"
+		to="https://partnerfocus.mcafee.com/" />
+
+		<test url="http://www.mxlogic.com/terms/privacy.cfm" />
+
+	<rule from="^http:"
+		to="https:"/>
 
 </ruleset>
diff --git a/src/chrome/content/rules/McAfee-Mobile-Security.xml b/src/chrome/content/rules/McAfee-Mobile-Security.xml
new file mode 100644
index 000000000000..af6139051d47
--- /dev/null
+++ b/src/chrome/content/rules/McAfee-Mobile-Security.xml
@@ -0,0 +1,21 @@
+<!--
+	For other Intel coverage, see Intel.xml.
+
+
+	Problematic subdomains:
+
+		- ^	(cert only matches *.mcafeemobilesecurity.com)
+
+-->
+<ruleset name="McAffee Mobile Security">
+
+	<target host="mcafeemobilesecurity.com" />
+	<target host="www.mcafeemobilesecurity.com" />
+
+
+	<securecookie host="^www\.mcafeemobilesecurity\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/McAfee-SECURE.xml b/src/chrome/content/rules/McAfee-SECURE.xml
new file mode 100644
index 000000000000..7188f2a8b850
--- /dev/null
+++ b/src/chrome/content/rules/McAfee-SECURE.xml
@@ -0,0 +1,27 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www2.mcafeesecure.com/ => https://www2.mcafeesecure.com/: (6, 'Could not resolve host: www2.mcafeesecure.com')
+
+	For other Intel coverage, see Intel.xml.
+
+	Problematic domains
+		Timeout
+			- email.mcafeesecure.com
+		Mismatch
+			- email-cio.mcafeesecure.com
+		Incomplete certificate chain
+			- blog.mcafeesecure.com
+-->
+<ruleset name="McAfeeSECURE.com" default_off="failed ruleset test">
+	<target host="mcafeesecure.com" />
+	<target host="www.mcafeesecure.com" />
+	<target host="www2.mcafeesecure.com" />
+	<target host="images.mcafeesecure.com" />
+		<test url="http://images.mcafeesecure.com/static/css/fonts.css" />
+	<target host="support.mcafeesecure.com" />
+
+	<securecookie host="^(support\.|www\.|www2\.)?mcafeesecure\.com$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/McAfee.xml b/src/chrome/content/rules/McAfee.xml
index 6b386551184e..68e81656b3e2 100644
--- a/src/chrome/content/rules/McAfee.xml
+++ b/src/chrome/content/rules/McAfee.xml
@@ -1,50 +1,124 @@
 <!--
 	For other Intel coverage, see Intel.xml.
 
+	Insecure cookies are set for these domains and hosts: ᶜ
+		- .mcafee.com
+		- kc.mcafee.com
+		- partnerfocus.mcafee.com
+	ᶜ See https://owasp.org/index.php/SecureFlag
 
-	Av vendor. promos.mcafee.com lacks https
+	Redirect to http:
+		- www  *
+		- beta *
+		- secure
+	* Partial https
 
--->
-<ruleset name="McAfee (buggy)" default_off="Rediects to http, buggy">
+	Mismatch:
+		- cbsphishingquiz
+		- download.beta
+		- downloadcenter
+		- strongmail
+		- uat.planet
 
-	<target host="mcafee.com" />
-	<target host="*.mcafee.com" />
-		<!--
-			This redirects to http.  As in the
-			case below, after we give up (good),
-			we don't try again when it redirects
-			to something that we can secure (bad).
+	Incomplete certificate chain:
+		- www.blogs
+		- techmaster
 
-			Bug: https://trac.torproject.org/projects/tor/ticket/5686
-				-->
-		<exclusion pattern="^https?://(?:www\.)?mcafee\.com/error-pages/404\.aspx" />
-		<!--
-			At least the homepage redirects to http.
-								-->
-		<exclusion pattern="^http://service\.mcafee\.com/(?!css/|images/|js/|locale/|(?:Script|Web)Resource\.axd)" />
+	Timeout:
+		- apps-community
+		- partner
+		- phishingquiz
+		- att-dr
+		- att-prod
+		- exapp
+		- exmobile
+		- exmobiledev
+		- messagingwebservice
+		- notify
+		- service-dr
+		- truekey-dr
+		- truekey-prod
+		- util
+		- verizon-dr
+		- verizon-prod
 
+	Null response:
+		- ngfwlicenses
 
-	<!--	If we fetch a cookie over http,
-		we don't secure it, so there's
-		no need to play acrobatics in
-		order to avoid doing so.
-			-->
-	<securecookie host="^(?:.*\.)?mcafee\.com$" name=".+" />
+	403:
+		- app
+		- service-home
 
+	Reset:
+		- autodiscover
+		- jobs
+		- owa
 
-	<!--	/$ redirects to http.  We give
-		up, let it redirect to us/, and
-		don't rewrite to https once there.
+	Refused:
+		- cp
+		- podcasts
+-->
+<ruleset name="McAfee.com (partial)">
+	<target host="mcafee.com" />
+	<target host="www.mcafee.com" />
+	<target host="550g.mcafee.com" />
+	<target host="agent.mcafee.com" />
+	<target host="apps-planet.mcafee.com" />
+	<target host="att.mcafee.com" />
+	<target host="att-beta.mcafee.com" />
+	<target host="beta.mcafee.com" />
+	<target host="www.beta.mcafee.com" />
+	<target host="blogs.mcafee.com" />
+	<target host="www.blogs.mcafee.com" />
+	<target host="cart.mcafee.com" />
+	<target host="community.mcafee.com" />
+	<target host="www.community.mcafee.com" />
+	<target host="uat.community.mcafee.com" />
+	<target host="customersupport.mcafee.com" />
+	<target host="customersupport-prod.mcafee.com" />
+	<target host="download.mcafee.com" />
+	<target host="go.mcafee.com" />
+	<target host="home.mcafee.com" />
+	<target host="homeweb.mcafee.com" />
+	<target host="images.mcafee.com" />
+	<target host="jp.mcafee.com" />
+	<target host="kbim.mcafee.com" />
+	<target host="kc.mcafee.com" />
+	<target host="login.mcafee.com" />
+	<target host="manage.mcafee.com" />
+	<target host="mvt.mcafee.com" />
+	<target host="partnerfocus.mcafee.com" />
+	<target host="passwordbox.mcafee.com" />
+	<target host="passwordbox-prod.mcafee.com" />
+	<target host="pcm.mcafee.com" />
+	<target host="planet.mcafee.com" />
+	<target host="portal.mcafee.com" />
+	<target host="promos.mcafee.com" />
+	<target host="safekey.mcafee.com" />
+	<target host="secureimages.mcafee.com" />
+	<target host="service.mcafee.com" />
+	<target host="service-beta.mcafee.com" />
+	<target host="service-prod.mcafee.com" />
+	<target host="shop.mcafee.com" />
+	<target host="sm.mcafee.com" />
+	<target host="smarthelp.mcafee.com" />
+	<target host="smp.mcafee.com" />
+	<target host="software.mcafee.com" />
+	<target host="support.mcafee.com" />
+	<target host="truekey.mcafee.com" />
+	<target host="truekey-beta.mcafee.com" />
+	<target host="us.mcafee.com" />
+	<target host="verizon.mcafee.com" />
+	<target host="verizon-beta.mcafee.com" />
 
-		Bug: https://trac.torproject.org/projects/tor/ticket/5686
-			-->
-	<rule from="^https?://(?:www\.)?mcafee\.com/$"
-		to="https://www.mcafee.com/us/" />
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(?:www\.)?mcafee\.com/"
-		to="https://www.mcafee.com/" />
+	<rule from="^http://(www\.)?blogs\.mcafee\.com/"
+			to="https://blogs.mcafee.com/" />
 
-	<rule from="^http://(beta|blogs|community|home|(?:secure)?images|service|shop|us)\.mcafee\.com/"
-		to="https://$1.mcafee.com/" />
+	<rule from="^http:"	to="https:" />
 
+	<test url="http://download.mcafee.com/products/manuals/es/VSH_DataSheet_2006.pdf" />
+	<test url="http://sm.mcafee.com/ShowMessage.aspx" />
+	<test url="http://smarthelp.mcafee.com/help/verizon/14.0/internet%20security/en-us/GUID-C5FA6855-61ED-4861-8312-82B836A97F33.html" />
 </ruleset>
diff --git a/src/chrome/content/rules/McAfee_Mobile_Security.xml b/src/chrome/content/rules/McAfee_Mobile_Security.xml
deleted file mode 100644
index 3e88efadf8f3..000000000000
--- a/src/chrome/content/rules/McAfee_Mobile_Security.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	For other Intel coverage, see Intel.xml.
-
-
-	Problematic subdomains:
-
-		- ^	(cert only matches *.mcafeemobilesecurity.com)
-
--->
-<ruleset name="McAffee Mobile Security">
-
-	<target host="mcafeemobilesecurity.com" />
-	<target host="www.mcafeemobilesecurity.com" />
-
-
-	<securecookie host="^www\.mcafeemobilesecurity\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?mcafeemobilesecurity\.com/"
-		to="https://www.mcafeemobilesecurity.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/McAfee_SECURE.xml b/src/chrome/content/rules/McAfee_SECURE.xml
deleted file mode 100644
index e28913396352..000000000000
--- a/src/chrome/content/rules/McAfee_SECURE.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	For other Intel coverage, see Intel.xml.
-
--->
-<ruleset name="McAfee SECURE">
-
-	<target host="mcafeesecure.com" />
-	<target host="*.mcafeesecure.com" />
-
-
-	<securecookie host="^(?:www\.)?mcafeesecure\.com$" name=".+" />
-
-
-	<rule from="^http://(images\.|www\.)?mcafeesecure\.com/"
-		to="https://$1mcafeesecure.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/McClatchy.com.xml b/src/chrome/content/rules/McClatchy.com.xml
index 5f0b141ed80d..72b54c3027b1 100644
--- a/src/chrome/content/rules/McClatchy.com.xml
+++ b/src/chrome/content/rules/McClatchy.com.xml
@@ -1,4 +1,10 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://subscriberservices.mcclatchy.com/ => https://subscriberservices.mcclatchy.com/: (28, 'Connection timed out after 20000 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://subscriberservices.mcclatchy.com/ => https://subscriberservices.mcclatchy.com/: (28, 'Connection timed out after 10000 milliseconds')
 	Nonfunctional subdomains:
 
 		- media		(503, akamai)
@@ -9,7 +15,7 @@
 		- (www.)	(works; mismatched, CN: media.mcclatchyinteractive.com)
 
 -->
-<ruleset name="McClatchy.com (partial)">
+<ruleset name="McClatchy.com (partial)" default_off="failed ruleset test">
 
 	<target host="subscriberservices.mcclatchy.com" />
 
@@ -17,7 +23,6 @@
 	<securecookie host="^subscriberservices\.mcclatchy\.com$" name=".+" />
 
 
-	<rule from="^http://subscriberservices\.mcclatchy\.com/"
-		to="https://subscriberservices.mcclatchy.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/McClatchy_Interactive.com.xml b/src/chrome/content/rules/McClatchy_Interactive.com.xml
deleted file mode 100644
index a4a72398c9f4..000000000000
--- a/src/chrome/content/rules/McClatchy_Interactive.com.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	CDN buckets:
-
-		- mi.edgesuite.net
-
-			- www.mcclatchydc.com
-
-
-	Nonfunctional domains:
-
-		- www.mcclatchydc.com	(503, akamai)
-
--->
-<ruleset name="McClatchy Interactive.com (partial)">
-
-	<target host="media.mcclatchyinteractive.com" />
-
-
-	<rule from="^http://media\.mcclatchyinteractive\.com/"
-		to="https://media.mcclatchyinteractive.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/McDelivery-Malaysia.xml b/src/chrome/content/rules/McDelivery-Malaysia.xml
new file mode 100644
index 000000000000..151383f3cc53
--- /dev/null
+++ b/src/chrome/content/rules/McDelivery-Malaysia.xml
@@ -0,0 +1,17 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://mcdelivery.com.my/ => https://mcdelivery.com.my/: (35, 'Unknown SSL protocol error in connection to mcdelivery.com.my:443 ')
+
+	CDN bucket:
+		- d8x8n3ezc8rio.cloudfront.net
+-->
+<ruleset name="McDelivery Malaysia" default_off="failed ruleset test">
+	<target host=    "mcdelivery.com.my" />
+	<target host="www.mcdelivery.com.my" />
+
+  	<securecookie host="^(www\.)?mcdelivery\.com\.my$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/McEvoy-Group.xml b/src/chrome/content/rules/McEvoy-Group.xml
index 0c93b75c8a84..73930393911d 100644
--- a/src/chrome/content/rules/McEvoy-Group.xml
+++ b/src/chrome/content/rules/McEvoy-Group.xml
@@ -1,11 +1,10 @@
 <ruleset name="McEvoy Group (partial)" platform="mixedcontent">
 
-	<target host="chroniclebooks.com"/>
-	<target host="*.chroniclebooks.com"/>
+	<target host="chroniclebooks.com" />
+	<target host="www.chroniclebooks.com" />
 
-	<securecookie host="^(.*\.)?chroniclebooks.com$" name=".*"/>
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(www\.)?chroniclebooks\.com/"
-		to="https://$1chroniclebooks.com/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/McGrhill-Warez.xml b/src/chrome/content/rules/McGrhill-Warez.xml
index f3b978d7ec1b..62fadd8e12e3 100644
--- a/src/chrome/content/rules/McGrhill-Warez.xml
+++ b/src/chrome/content/rules/McGrhill-Warez.xml
@@ -13,14 +13,14 @@
 	<target host="www.speeddl.com" />
 
 
-	<securecookie host="^www\.mcgrhill-warez\.com$" name=".*" />
+	<securecookie host="^www\.mcgrhill-warez\.com$" name=".+" />
 
 
 	<rule from="^http://(?:www\.)?speeddl\.com/"
 		to="https://speeddl.com/" />
 
 	<!--	!www redirects to www.	-->
-	<rule from="^https?://(?:www\.)?mcgrhill-warez\.com/"
+	<rule from="^http://(?:www\.)?mcgrhill-warez\.com/"
 		to="https://www.mcgrhill-warez.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/McMaster_University.xml b/src/chrome/content/rules/McMaster_University.xml
index 49dc580f69ea..a398f4e92bb9 100644
--- a/src/chrome/content/rules/McMaster_University.xml
+++ b/src/chrome/content/rules/McMaster_University.xml
@@ -1,10 +1,14 @@
-<ruleset name="McMaster University">
 
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://mcmaster.ca/ => https://mcmaster.ca/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.mcmaster.ca/ => https://www.mcmaster.ca/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+-->
+<ruleset name="McMaster University" default_off="failed ruleset test">
 	<target host="mcmaster.ca" />
 	<target host="www.mcmaster.ca" />
 
-
-	<rule from="^http://(www\.)?mcmaster\.ca/"
-		to="https://$1mcmaster.ca/" />
-
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/McWhirter.com.au.xml b/src/chrome/content/rules/McWhirter.com.au.xml
new file mode 100644
index 000000000000..fedfcfa5f95c
--- /dev/null
+++ b/src/chrome/content/rules/McWhirter.com.au.xml
@@ -0,0 +1,14 @@
+<!--
+	www: cert only matches ^mcwhirter.com.au
+
+-->
+<ruleset name="McWhirter.com.au">
+
+	<target host="mcwhirter.com.au" />
+	<target host="www.mcwhirter.com.au" />
+
+
+	<rule from="^http://(?:www\.)?mcwhirter\.com\.au/"
+		to="https://mcwhirter.com.au/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mcdee.com.au.xml b/src/chrome/content/rules/Mcdee.com.au.xml
new file mode 100644
index 000000000000..957193717d8c
--- /dev/null
+++ b/src/chrome/content/rules/Mcdee.com.au.xml
@@ -0,0 +1,26 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://mcdee.com.au/ => https://mcdee.com.au/: (7, 'Failed to connect to mcdee.com.au port 443: Connection refused')
+Fetch error: http://www.mcdee.com.au/ => https://www.mcdee.com.au/: (7, 'Failed to connect to www.mcdee.com.au port 443: Connection refused')
+
+	Mixed content:
+
+		- css from fonts.googleapis.com *
+		- Images from \d.gravatar.com *
+
+	* Secured by us
+
+-->
+<ruleset name="mcdee.com.au" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="mcdee.com.au" />
+	<target host="www.mcdee.com.au" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mci.edu.xml b/src/chrome/content/rules/Mci.edu.xml
new file mode 100644
index 000000000000..f919e322839c
--- /dev/null
+++ b/src/chrome/content/rules/Mci.edu.xml
@@ -0,0 +1,5 @@
+<ruleset name="Mci.edu">
+	<target host="mci.edu" />
+	<target host="*.mci.edu" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mci4me.at.xml b/src/chrome/content/rules/Mci4me.at.xml
new file mode 100644
index 000000000000..299e84ab1566
--- /dev/null
+++ b/src/chrome/content/rules/Mci4me.at.xml
@@ -0,0 +1,5 @@
+<ruleset name="Mci4me.at">
+	<target host="mci4me.at" />
+	<target host="*.mci4me.at" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mcssl.com.xml b/src/chrome/content/rules/Mcssl.com.xml
index da3d461a4d72..59511fdfb682 100644
--- a/src/chrome/content/rules/Mcssl.com.xml
+++ b/src/chrome/content/rules/Mcssl.com.xml
@@ -1,4 +1,5 @@
 <!--
+
 	For other Web.com coverage, see Web.com.xml.
 
 
@@ -14,7 +15,6 @@
 	<securecookie host="^www\.mcssl\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?mcssl\.com/"
-		to="https://www.mcssl.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/McxNOW.com.xml b/src/chrome/content/rules/McxNOW.com.xml
new file mode 100644
index 000000000000..f168beac5157
--- /dev/null
+++ b/src/chrome/content/rules/McxNOW.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="mcxNOW.com" default_off="refused">
+
+	<target host="mcxnow.com" />
+	<target host="www.mcxnow.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mdgms.com.xml b/src/chrome/content/rules/Mdgms.com.xml
new file mode 100644
index 000000000000..d6a05f93f44f
--- /dev/null
+++ b/src/chrome/content/rules/Mdgms.com.xml
@@ -0,0 +1,31 @@
+<!--
+	Fully covered subdomains:
+
+		- gateway
+
+		- \w+	(per-client domains)
+
+
+	(www.) doesn't exist.
+
+-->
+<ruleset name="mdgms.com">
+
+	<target host="*.mdgms.com" />
+
+
+	<!--	Secured by server:
+					-->
+	<!--securecookie host="^dkb\.mdgms\.com$" name="^JSESSIONID$" /-->
+	<!--
+		Not secured by server:
+					-->
+	<!--securecookie host="^gateway\.mdgms\.com$" name="^SID$" /-->
+
+	<securecookie host="^gateway\.mdgms\.com$" name=".+" />
+
+
+	<rule from="^http://(\w+)\.mdgms\.com/"
+		to="https://$1.mdgms.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mdm.ru.xml b/src/chrome/content/rules/Mdm.ru.xml
new file mode 100644
index 000000000000..95c13505adbb
--- /dev/null
+++ b/src/chrome/content/rules/Mdm.ru.xml
@@ -0,0 +1,23 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://m.mdm.ru/ => https://m.mdm.ru/: (51, "SSL: no alternative certificate subject name matches target host name 'm.mdm.ru'")
+Fetch error: http://reg.mdm.ru/ => https://reg.mdm.ru/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://travel.mdm.ru/ => https://travel.mdm.ru/: (60, 'SSL certificate problem: certificate has expired')
+private. timed out
+business. timed out
+coins. timed out
+tehnosila. redirect
+distrib. expired-->
+<ruleset name="Mdm.ru" default_off="failed ruleset test">
+	<target host="mdm.ru" />
+	<target host="www.mdm.ru" />
+	<target host="m.mdm.ru" />
+	<target host="online.mdm.ru" />
+	<target host="p2p.mdm.ru" />
+	<target host="reg.mdm.ru" />
+	<target host="travel.mdm.ru" />
+	<target host="i.mdm.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Me.bf.xml b/src/chrome/content/rules/Me.bf.xml
new file mode 100644
index 000000000000..0a0711d182b2
--- /dev/null
+++ b/src/chrome/content/rules/Me.bf.xml
@@ -0,0 +1,8 @@
+<ruleset name="Me.bf">
+	<target host="me.bf" />
+	<target host="www.me.bf" />
+	<target host="jeb.me.bf" />
+	<target host="serviceamis.me.bf" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Me.me.xml b/src/chrome/content/rules/Me.me.xml
new file mode 100644
index 000000000000..4b6f050b5bf2
--- /dev/null
+++ b/src/chrome/content/rules/Me.me.xml
@@ -0,0 +1,12 @@
+<ruleset name="Me.me">
+	<target host="me.me" />
+	<target host="www.me.me" />
+	<target host="crowdfund.me.me" />
+	<target host="pics.me.me" />
+		<test url="http://pics.me.me/when-you-realize-you-only-have-to-work-four-days-33576865.png" />
+	<target host="secret.me.me" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MeCoffee.nl.xml b/src/chrome/content/rules/MeCoffee.nl.xml
new file mode 100644
index 000000000000..136f2b427897
--- /dev/null
+++ b/src/chrome/content/rules/MeCoffee.nl.xml
@@ -0,0 +1,12 @@
+<ruleset name="meCoffee.nl">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="mecoffee.nl" />
+	<target host="www.mecoffee.nl" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MeWe.com.xml b/src/chrome/content/rules/MeWe.com.xml
new file mode 100644
index 000000000000..1ac21c487e54
--- /dev/null
+++ b/src/chrome/content/rules/MeWe.com.xml
@@ -0,0 +1,27 @@
+<!--
+	Non-functional hosts
+		Timeout was reached:
+		- dev2.mewe.com
+-->
+<ruleset name="MeWe.com">
+	<target host="mewe.com" />
+	<target host="www.mewe.com" />
+	<target host="admin.mewe.com" />
+	<target host="api.mewe.com" />
+	<target host="blog.mewe.com" />
+	<target host="c.mewe.com" />
+	<target host="cdn.mewe.com" />
+	<test url="http://cdn.mewe.com/front/favicon.ico" />
+	<target host="img.mewe.com" />
+	<target host="media.mewe.com" />
+	<target host="secure.mewe.com" />
+	<test url="http://secure.mewe.com/matomo.js" />
+	<target host="sendy.mewe.com" />
+	<target host="sentry.mewe.com" />
+	<target host="support.mewe.com" />
+	<target host="ws.mewe.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MeXBT.com.xml b/src/chrome/content/rules/MeXBT.com.xml
new file mode 100644
index 000000000000..b87460347289
--- /dev/null
+++ b/src/chrome/content/rules/MeXBT.com.xml
@@ -0,0 +1,30 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://mexbt.com/ => https://mexbt.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://www.mexbt.com/ => https://www.mexbt.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+
+	Insecure cookies are set for these domains:
+
+		- .mexbt.com
+
+-->
+<ruleset name="MeXBT.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="mexbt.com" />
+	<target host="www.mexbt.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="\.mexbt\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="\.mexbt\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mean_Stinks.xml b/src/chrome/content/rules/Mean_Stinks.xml
index b126da692bde..256fb3507812 100644
--- a/src/chrome/content/rules/Mean_Stinks.xml
+++ b/src/chrome/content/rules/Mean_Stinks.xml
@@ -1,19 +1,25 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://meanstinks.com/ => https://meanstinks.com/: (60, 'SSL certificate problem: self signed certificate')
+Fetch error: http://www.meanstinks.com/ => https://www.meanstinks.com/: (60, 'SSL certificate problem: self signed certificate')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://meanstinks.com/ => https://meanstinks.com/: (7, 'Failed to connect to meanstinks.com port 443: Connection refused')
 	CDN buckets:
 
 		- 45192e03bdcc882f78f4-4b80efdc0c25f8535e19785674c1f42a.r22.cf1.rackcdn.com
 
 -->
-<ruleset name="Mean Stinks">
+<ruleset name="Mean Stinks" default_off="failed ruleset test">
 
 	<target host="meanstinks.com" />
-	<target host="*.meanstinks.com" />
+	<target host="www.meanstinks.com" />
 
 
 	<securecookie host="^\.meanstinks\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?meanstinks\.com/"
-		to="https://$1meanstinks.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MeatandLivestockAustralia.xml b/src/chrome/content/rules/MeatandLivestockAustralia.xml
new file mode 100644
index 000000000000..cfabd6cee591
--- /dev/null
+++ b/src/chrome/content/rules/MeatandLivestockAustralia.xml
@@ -0,0 +1,7 @@
+<ruleset name="Meat and Livestock Australia">
+	<target host="mla.com.au" />
+	<target host="www.mla.com.au" />
+
+	<rule from="^http://(?:www\.)?mla\.com\.au/"
+		to="https://www.mla.com.au/" />
+</ruleset>
diff --git a/src/chrome/content/rules/MeccaBooks.com.xml b/src/chrome/content/rules/MeccaBooks.com.xml
new file mode 100644
index 000000000000..0dc2e693e9d0
--- /dev/null
+++ b/src/chrome/content/rules/MeccaBooks.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="MeccaBooks.com">
+	<target host="meccabooks.com" />
+	<target host="www.meccabooks.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MechBunny.com.xml b/src/chrome/content/rules/MechBunny.com.xml
new file mode 100644
index 000000000000..67be48e8725e
--- /dev/null
+++ b/src/chrome/content/rules/MechBunny.com.xml
@@ -0,0 +1,16 @@
+<!--
+	NB: This website blocks Tor users.
+
+-->
+<ruleset name="MechBunny.com" default_off="needs clearnet testing">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="mechbunny.com" />
+	<target host="www.mechbunny.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mechon-Mamre.org.xml b/src/chrome/content/rules/Mechon-Mamre.org.xml
new file mode 100644
index 000000000000..c64cf6b434b0
--- /dev/null
+++ b/src/chrome/content/rules/Mechon-Mamre.org.xml
@@ -0,0 +1,15 @@
+<!--
+	- Expired 2010-03-11
+	- CN: plesk
+
+-->
+<ruleset name="Mechon-Mamre.org" default_off="expired, self-signed">
+
+	<target host="mechon-mamre.org" />
+	<target host="www.mechon-mamre.org" />
+
+
+	<rule from="^http://(?:www\.)?mechon-mamre\.org/"
+		to="https://mechon-mamre.org/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MedConfidential.org.xml b/src/chrome/content/rules/MedConfidential.org.xml
new file mode 100644
index 000000000000..0a4787fcb591
--- /dev/null
+++ b/src/chrome/content/rules/MedConfidential.org.xml
@@ -0,0 +1,20 @@
+<!--
+	Mixed content:
+
+		- Images from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="medConfidential.org">
+
+	<target host="medconfidential.org" />
+	<target host="www.medconfidential.org" />
+
+
+	<securecookie host="^\.medconfidential\.org$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MedWatch.xml b/src/chrome/content/rules/MedWatch.xml
new file mode 100644
index 000000000000..e8950e9e2e4c
--- /dev/null
+++ b/src/chrome/content/rules/MedWatch.xml
@@ -0,0 +1,16 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.medwatch.dk/ => https://www.medwatch.dk/: (51, "SSL: no alternative certificate subject name matches target host name 'www.medwatch.dk'")
+
+  This renders poorly. The style sheet
+    http://medwatch.dk/template/mwVer1-0/css/main.css?rev=35817
+  is essential for the layout but is initially considered mixed content.
+-->
+<ruleset name="Medwatch (mixed content)" platform="mixedcontent" default_off="failed ruleset test">
+	<target host="medwatch.dk" />
+	<target host="www.medwatch.dk" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Medarbejdersignatur.dk.xml b/src/chrome/content/rules/Medarbejdersignatur.dk.xml
new file mode 100644
index 000000000000..ef5dead2f1fe
--- /dev/null
+++ b/src/chrome/content/rules/Medarbejdersignatur.dk.xml
@@ -0,0 +1,25 @@
+<!--
+	For other NemID coverage, see NemID.xml.
+
+
+	^medarbejdersignatur.dk: Refused
+
+-->
+<ruleset name="medarbejdersignatur.dk">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.medarbejdersignatur.dk" />
+
+	<!--	Complications:
+				-->
+	<target host="medarbejdersignatur.dk" />
+
+
+	<rule from="^http://medarbejdersignatur\.dk/"
+		to="https://www.medarbejdersignatur.dk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mederra-Group.xml b/src/chrome/content/rules/Mederra-Group.xml
deleted file mode 100644
index 78e1402d8c17..000000000000
--- a/src/chrome/content/rules/Mederra-Group.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="Mederra Group (partial)">
-
-	<target host="digipaper.fi"/>
-	<target host="www.digipaper.fi"/>
-
-	<securecookie host="^www\.digipaper\.fi$" name=".*"/>
-
-	<!--	!www prints "s9"	-->
-	<rule from="^http://(?:www\.)?digipaper\.fi/"
-		to="https://www.digipaper.fi/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Medgadget.com.xml b/src/chrome/content/rules/Medgadget.com.xml
new file mode 100644
index 000000000000..3e643a0a2a82
--- /dev/null
+++ b/src/chrome/content/rules/Medgadget.com.xml
@@ -0,0 +1,14 @@
+<!--
+	Invalid certificate:
+		cdn.medgadget.com
+
+-->
+<ruleset name="Medgadget">
+
+	<target host="medgadget.com" />
+	<target host="www.medgadget.com"/>
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Medgadget.xml b/src/chrome/content/rules/Medgadget.xml
deleted file mode 100644
index ac6726be7544..000000000000
--- a/src/chrome/content/rules/Medgadget.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="Medgadget (partial)">
-
-	<target host="cdn.medgadget.com"/>
-
-	<rule from="^http://cdn\.medgadget\.com/"
-		to="https://s3.amazonaws.com/medgadgetenglish/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/MediPreis.de.xml b/src/chrome/content/rules/MediPreis.de.xml
new file mode 100644
index 000000000000..aedad2a7469d
--- /dev/null
+++ b/src/chrome/content/rules/MediPreis.de.xml
@@ -0,0 +1,16 @@
+<ruleset name="MediPreis.de">
+
+	<target host="medipreis.de" />
+	<target host="www.medipreis.de" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.medipreis\.de$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^www\.medipreis\.de$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MediStack.com.xml b/src/chrome/content/rules/MediStack.com.xml
new file mode 100644
index 000000000000..205bdf3ae229
--- /dev/null
+++ b/src/chrome/content/rules/MediStack.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="MediStack.com">
+
+	<target host="medistack.com" />
+	<target host="www.medistack.com" />
+
+
+	<securecookie host="^\.medistack\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Media-Democracy-Fund.xml b/src/chrome/content/rules/Media-Democracy-Fund.xml
index 444ffa97b2d5..fb46d4f00723 100644
--- a/src/chrome/content/rules/Media-Democracy-Fund.xml
+++ b/src/chrome/content/rules/Media-Democracy-Fund.xml
@@ -1,11 +1,11 @@
-<ruleset name="Media Democracy Fund" default_off="mismatch">
+<ruleset name="Media Democracy Fund" default_off="mismatched">
 
 	<!--	Cert: *.gridserver.com	-->
 	<target host="mediademocracyfund.org" />
 	<target host="www.mediademocracyfund.org" />
 
 
-	<rule from="^https?://(?:www\.)?mediademocracyfund\.org/"
+	<rule from="^http://(?:www\.)?mediademocracyfund\.org/"
 		to="https://mediademocracyfund.org/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Media-Storehouse.xml b/src/chrome/content/rules/Media-Storehouse.xml
index 58cee5f9d9b5..ed99110b1fa2 100644
--- a/src/chrome/content/rules/Media-Storehouse.xml
+++ b/src/chrome/content/rules/Media-Storehouse.xml
@@ -1,30 +1,32 @@
 <!--
-	s3.amazonaws.com/images.mediastorehouse.com/
+	Non-functional hosts in *.mediastorehouse.com
+		SSL peer certificate was not OK:
+		- mediastorehouse.com
 
+	Non-functional hosts in *.mediastorehouse.net
+		Timeout was reached:
+		- mediastorehouse.net
 
-	Nonfunctional:
-
-		- images.mediastorehouse.net	(times out; not on secure nor images...com)
-
+		SSL peer certificate was not OK:
+		- images.mediastorehouse.net
+		- www.mediastorehouse.net
 -->
 <ruleset name="Media Storehouse (partial)">
-
+	<!-- *.mediastorehouse.com -->
 	<target host="mediastorehouse.com" />
-	<target host="*.mediastorehouse.com" />
+	<target host="www.mediastorehouse.com" />
+	<target host="secure.mediastorehouse.com" />
+	<target host="static.mediastorehouse.com" />
+
+	<!-- *.mediastorehouse.net -->
 	<target host="mediastorehouse.net" />
 	<target host="www.mediastorehouse.net" />
 
+	<rule from="^http://mediastorehouse\.com/"
+		to="https://www.mediastorehouse.com/" />
 
-	<securecookie host="^secure\.mediastorehouse\.com$" name=".*" />
-
-
-	<!--	Cert not valid for static nor www.
-		Data appear identical.			-->
-	<rule from="^http://(?:static|www)\.mediastorehouse\.com/"
-		to="https://secure.mediastorehouse.com/" />
-
-	<!--	www...net redirects to www...com	-->
-	<rule from="^http://(?:www\.)?mediastorehouse\.net/"
-		to="https://secure.mediastorehouse.com/" />
+	<rule from="^http://(www\.)?mediastorehouse\.net/"
+		to="https://www.mediastorehouse.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Media.net.xml b/src/chrome/content/rules/Media.net.xml
index 8bb7677f0b0e..e1a1cad34395 100644
--- a/src/chrome/content/rules/Media.net.xml
+++ b/src/chrome/content/rules/Media.net.xml
@@ -3,11 +3,24 @@
 
 		- mycdn-a.akamaihd.net | cdn.media.net.edgesuite.net
 
+		- log-a.akamaihd.net
+
+			- static
+
 		- a1778.g.akamai.net/... | qsearch-a.akamaihd.net
 
 			- contextual.media.net
 
 		- srvjs-a.akamaihd.net
+
+		- qsearch.media.net.edgesuite.net
+
+			- a728.g.akamai.net
+
+		- static.media.net.edgesuite.net
+
+			- a1574.g.akamai.net
+
 		- www.media.net.edgesuite.net
 
 
@@ -21,13 +34,24 @@
 
 		- cdn *
 		- contextual *
+		- qsearch *
+		- static *
 
 	* Works, akamai
 
+
+	Fully covered subdomains:
+
+		- qsearch	(→ qsearch-a.akamaihd.net)
+		- static	(→ log-a.akamaihd.net)
+
 -->
 <ruleset name="media.net (partial)">
 
-	<target host="*.media.net" />
+	<target host="cdn.media.net" />
+	<target host="contextual.media.net" />
+	<target host="qsearch.media.net" />
+	<target host="static.media.net" />
 
 
 	<!--	Can this be secured safely?
@@ -43,7 +67,10 @@
 	<rule from="^http://cdn\.media\.net/"
 		to="https://mycdn-a.akamaihd.net/" />
 
-	<rule from="^http://contextual\.media\.net/"
+	<rule from="^http://(?:contextual|qsearch)\.media\.net/"
 		to="https://qsearch-a.akamaihd.net/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http://static\.media\.net/"
+		to="https://log-a.akamaihd.net/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Media6degrees.xml b/src/chrome/content/rules/Media6degrees.xml
index 715483d705c9..b4b4ab107691 100644
--- a/src/chrome/content/rules/Media6degrees.xml
+++ b/src/chrome/content/rules/Media6degrees.xml
@@ -36,7 +36,9 @@
 	<target host="m6d.com" />
 	<target host="www.m6d.com" />
 	<target host="media6degrees.com" />
-	<target host="*.media6degrees.com" />
+	<target host="www.media6degrees.com" />
+	<target host="action.media6degrees.com" />
+	<target host="secure.media6degrees.com" />
 
 
 	<securecookie host="^\.media6degrees\.com$" name=".+" />
@@ -48,4 +50,4 @@
 	<rule from="^http://(?:action|secure)\.media6degrees\.com/"
 		to="https://secure.media6degrees.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Media970.com.xml b/src/chrome/content/rules/Media970.com.xml
deleted file mode 100644
index b5eb3de402cd..000000000000
--- a/src/chrome/content/rules/Media970.com.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<!--
-	Ads.
-
-	For other Adperio coverage, see Adperio.com.xml.
-
-
-	Problematic subdomains:
-
-		- ^	(works, cert only matches www)
-
--->
-<ruleset name="media970.com">
-
-	<target host="media970.com" />
-	<target host="*.media970.com" />
-
-
-	<securecookie host="^\.?www\.media970\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?media970\.com/"
-		to="https://www.media970.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/MediaEd.org.xml b/src/chrome/content/rules/MediaEd.org.xml
new file mode 100644
index 000000000000..090814d490fe
--- /dev/null
+++ b/src/chrome/content/rules/MediaEd.org.xml
@@ -0,0 +1,46 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.mediaed.org/ => https://www.mediaed.org/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://mediaed.org/ => https://www.mediaed.org/: (60, 'SSL certificate problem: certificate has expired')
+
+	^mediaed.org: Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.mediaed.org
+
+
+	Mixed content:
+
+		- Image from ^mediaed.org *
+
+	* Secured by us
+
+-->
+<ruleset name="MediaEd.org" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.mediaed.org" />
+
+	<!--	Complications:
+				-->
+	<target host="mediaed.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.mediaed\.org$" name="^pdgcomm-babble$" /-->
+
+	<securecookie host="^www\.mediaed\.org$" name=".+" />
+
+
+	<rule from="^http://mediaed\.org/"
+		to="https://www.mediaed.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MediaFire.com.xml b/src/chrome/content/rules/MediaFire.com.xml
new file mode 100644
index 000000000000..e9a7eae6dc8f
--- /dev/null
+++ b/src/chrome/content/rules/MediaFire.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Other MediaFire.com related rulesets;
+		+ MFi.re.xml
+-->
+<ruleset name="MediaFire.com (partial)">
+	<target host="mediafire.com" />
+	<target host="www.mediafire.com" />
+	<target host="app.mediafire.com" />
+	<target host="blog.mediafire.com" />
+	<target host="cdn.mediafire.com" />
+	<target host="devtest.mediafire.com" />
+	<target host="m.mediafire.com" />
+	<target host="mediafire.mediafire.com" />
+	<target host="sandbox.mediafire.com" />
+	<target host="staticcdn.mediafire.com" />
+	<target host="support.mediafire.com" />
+	<target host="w.mediafire.com" />
+	<target host="www1.mediafire.com" />
+	<target host="www2.mediafire.com" />
+	<target host="www3.mediafire.com" />
+	<target host="www4.mediafire.com" />
+
+	<securecookie host=".+" name=".+" />
+	
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MediaFire.xml b/src/chrome/content/rules/MediaFire.xml
deleted file mode 100644
index 124ed23f6934..000000000000
--- a/src/chrome/content/rules/MediaFire.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	CDN buckets:
-
-		- staticcdn.mediafire.com.edgesuite.net
-
--->
-<ruleset name="MediaFire (buggy)" default_off="https://eff.org/r.2arJ">
-
-	<target host="mediafire.com"/>
-	<target host="*.mediafire.com"/>
-
-	<rule from="^http://(?:www\.)?mediafire\.com/(images/|js/|s(elect_account_type|sl_login)\.php)"
-		to="https://www.mediafire.com/$1"/>
-
-	<rule from="^http://(?:orig-|static)?cdn\.mediafire\.com/"
-		to="https://origin-cdn.mediafire.com/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/MediaGoblin.org.xml b/src/chrome/content/rules/MediaGoblin.org.xml
index d7dbeb973fb0..53b9d2f4d901 100644
--- a/src/chrome/content/rules/MediaGoblin.org.xml
+++ b/src/chrome/content/rules/MediaGoblin.org.xml
@@ -1,36 +1,28 @@
 <!--
-	- Expired 2013-03-28
-	- Cert only matches *.mediagoblin.org
+	Unsupported subdomains:
+	(Cert only matches wiki.mediagoblin.org and www.wiki.mediagoblin.org)
 
+		- (www.)	(^ → www)
+		- docs
+		- lists
+		- new
+		- status
 
 	Fully covered subdomains:
 
-		- (www.)	(^ → www)
-		- docs
 		- issues
 		- wiki
-
-
-	Mixed content:
-
-		- css on wiki from wiki *
-
-	* Secured by us
-
 -->
-<ruleset name="MediaGoblin.org" default_off="expired, self-signed">
-
-	<target host="mediagoblin.org" />
-	<target host="*.mediagoblin.org" />
+<ruleset name="MediaGoblin.org (partial)">
 
+	<target host="issues.mediagoblin.org" />
+	<target host="wiki.mediagoblin.org" />
 
-	<securecookie host="^(?:issues|wiki)\.mediagoblin\.org$" name=".+" />
 
+	<securecookie host="(^|\.)(issues|wiki)\.mediagoblin\.org$" name=".+" />
 
-	<rule from="^http://(?:www\.)?mediagoblin\.org/"
-		to="https://www.mediagoblin.org/" />
 
-	<rule from="^http://(docs|issues|wiki)\.mediagoblin\.org/"
-		to="https://$1.mediagoblin.org/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MediaHub.xml b/src/chrome/content/rules/MediaHub.xml
index d50f25284e9e..69ff6bb55e82 100644
--- a/src/chrome/content/rules/MediaHub.xml
+++ b/src/chrome/content/rules/MediaHub.xml
@@ -15,10 +15,10 @@
 	<target host="*.mediahub.com" />
 
 
-	<rule from="^https?://mail\.mediahub\.com/(?:.*)"
+	<rule from="^http://mail\.mediahub\.com/(?:.*)"
 		to="https://mail.google.com/a/mediahub.com" />
 
 	<rule from="^http://my\.mediahub\.com/"
 		to="https://my.mediahub.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MediaInfo.xml b/src/chrome/content/rules/MediaInfo.xml
deleted file mode 100644
index d9a29892fc93..000000000000
--- a/src/chrome/content/rules/MediaInfo.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="MediaInfo">
-
-	<target host="mediaarea.net" />
-	<target host="www.mediaarea.net" />
-
-
-	<rule from="^http://(www\.)?mediaarea\.net/"
-		to="https://$1mediaarea.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/MediaLayer.com-mismatches.xml b/src/chrome/content/rules/MediaLayer.com-mismatches.xml
deleted file mode 100644
index 5cbc54dc6099..000000000000
--- a/src/chrome/content/rules/MediaLayer.com-mismatches.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<!--	See MediaLayer.com-mismatches.xml also
--->
-<ruleset name="MediaLayer.com (mismatches)" default_off="Certificate mismatch">
-
-	<target host="medialayer.com" /> 
-	<target host="www.medialayer.com" /> 
-
-	<rule from="^http://(www\.)?medialayer\.com/"
-		to="https://www.medialayer.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/MediaLayer.com.xml b/src/chrome/content/rules/MediaLayer.com.xml
deleted file mode 100644
index 1149c04dae30..000000000000
--- a/src/chrome/content/rules/MediaLayer.com.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--	See MediaLayer.com-mismatches.xml also
--->
-<ruleset name="MediaLayer.com (partial)">
-
-	<target host="clients.medialayer.com" />
-	<target host="support.medialayer.com" />
-	<target host="medialayer.net" />
-	<target host="www.medialayer.net" />
-
-	<rule from="^http://(clients|support)\.medialayer\.com/" 
-		to="https://$1.medialayer.com/" />
-
-	<rule from="^http://(www\.)?medialayer\.net/"
-		to="https://www.medialayer.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/MediaMath.xml b/src/chrome/content/rules/MediaMath.xml
index e3001ec4ce55..2955274a5ab7 100644
--- a/src/chrome/content/rules/MediaMath.xml
+++ b/src/chrome/content/rules/MediaMath.xml
@@ -1,27 +1,50 @@
 <!--
+	Other MediaMath rulesets:
+
+		- Mathtag.com.xml
+
+
 	CDN buckets:
 
 		- ak1.abmr.net/is/pixel.mathtag.com
 
+
+	Fully covered hosts in *mediamath.com:
+
+		- (www.)?
+		- devblog
+		- developer
+		- t1
+		- t1beta
+		- t1cdn
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.mediamath.com
+
 -->
-<ruleset name="MediaMath" platform="mixedcontent">
+<ruleset name="MediaMath.com">
 
-	<target host="*.mathtag.com" />
+	<!--	Direct rewrites:
+				-->
 	<target host="mediamath.com" />
+	<target host="devblog.mediamath.com" />
+	<target host="developer.mediamath.com" />
 	<target host="t1.mediamath.com" />
+	<target host="t1beta.mediamath.com" />
+	<target host="t1cdn.mediamath.com" />
 	<target host="www.mediamath.com" />
 
 
-	<!--	name="^(HRL8|uuid)$"
+	<!--	Not secured by server:
 					-->
-	<securecookie host="^\.mathtag\.com$" name=".*" />
-	<securecookie host="^(.*\.)?mediamath\.com$" name=".*" />
+	<!--securecookie host="^www\.mediamath\.com$" name="^PHPSESSID$" /-->
 
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(action|akamai|pixel|sync)\.mathtag\.com/"
-		to="https://$1.mathtag.com/" />
 
-	<rule from="^http://(t1\.|www\.)?mediamath\.com/"
-		to="https://$1mediamath.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/MediaMatters.org.xml b/src/chrome/content/rules/MediaMatters.org.xml
index 39f29c42c862..d64df278d4a8 100644
--- a/src/chrome/content/rules/MediaMatters.org.xml
+++ b/src/chrome/content/rules/MediaMatters.org.xml
@@ -1,18 +1,27 @@
-<ruleset name="MediaMatters.org (partial)">
+<!--
+	Non-functional hosts
+		Timeout was reached:
+		- mta.e.mediamatters.org
+		- o1.email.mediamatters.org
+		- mail.mediamatters.org
+		- mythopedia.mediamatters.org
+		- www.mythopedia.mediamatters.org
+		- pti.mediamatters.org
 
-	<target host="mediamatters.org" />
-		<!--
-			At least two stylesheets 403
+		SSL connect error:
+		- feeds.mediamatters.org
 
-			https://mail1.eff.org/pipermail/https-everywhere/2012-May/001434.html
-						-->
-		<exclusion pattern="^http://mediamatters\.org/static/stylesheets/" />
-	<target host="cloudfront.mediamatters.org" />
-	<target host="s3.mediamatters.org" />
+		SSL peer certificate was not OK:
+		- s3.mediamatters.org
+-->
+<ruleset name="MediaMatters.org">
+	<target host="mediamatters.org" />
 	<target host="www.mediamatters.org" />
+	<target host="action.mediamatters.org" />
+	<target host="cloudfront.mediamatters.org" />
+	<target host="support.mediamatters.org" />
 
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://([csw]\w+\.)?mediamatters\.org/static/"
-		to="https://s3.amazonaws.com/s3.mediamatters.org/static/" />
-
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/MediaMind.xml b/src/chrome/content/rules/MediaMind.xml
index ff46a2c57572..533c504d9936 100644
--- a/src/chrome/content/rules/MediaMind.xml
+++ b/src/chrome/content/rules/MediaMind.xml
@@ -1,67 +1,22 @@
 <!--
 	Other MediaMind rulesets:
+		+ Peer39.xml
+		+ Serving-sys.com.xml
 
-		- Peer39.xml
-		- Serving-sys.com.xml
+	Non-functional hosts
+		Couldn't connect to server:
+		- creativezone.mediamind.com
 
+		SSL connect error:
+		- origin.demo.mediamind.com
 
-	CDN buckets:
-
-		- www.eyeblasterwiz.com.edgekey.net
-		- www.mediamind.com.edgekey.net
-
-
-	Nonfunctional domains:
-
-		- pilot.eyeblasterwiz.com	(403; mismatched, CN: platform.mediamind.com)
-		- mediamind.com			(refused)
-		- www.mediamind.com		(503, valid cert)
-
-
-	Problematic domains:
-
-		- demo.eyeblaster.com		(works, akamai)
-		- eyeblasterwiz.com		(400; mismatched, CN: platform.mediamind.com)
-		- www2.mediamind.com		(works; mismatched, CN: origin.demo.mediamind.com)
-
-
-	Fully covered domains:
-
-		- (www.)eyeblasterwiz.com	(^ → www)
-
-		- mediamind.com subdomains:
-
-			- creativezone
-			- demo
-			- origin.demo
-			- platform
-			- sandbox
-
-		- a.pgtb.me
-
-
-	Observed cookie domains:
-
-		- creativezone
-		- platform
-
+		Incomplete certificate chain error:
+		- mediamind.com
 -->
 <ruleset name="MediaMind (partial)">
+	<target host="www.mediamind.com" />
+	<target host="platform.mediamind.com" />
+	<target host="vpn.mediamind.com" />
 
-	<target host="*.mediamind.com" />
-	<target host="a.pgtb.me" />
-
-
-	<securecookie host="^(?:creativezone|platform)\.mediamind\.com$" name=".*" />
-
-
-	<rule from="^http://(?:www\.)?eyeblasterwiz\.com/"
-		to="https://www.eyeblasterwiz.com/" />
-
-	<rule from="^http://(creativezone|demo|origin\.demo|platform|sandbox)\.mediamind\.com/"
-		to="https://$1.mediamind.com/" />
-
-	<rule from="^http://a\.pgtb\.me/"
-		to="https://a.pgtb.me/" />
-
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/MediaNet.xml b/src/chrome/content/rules/MediaNet.xml
index 54530bd7de06..bf620b9117b2 100644
--- a/src/chrome/content/rules/MediaNet.xml
+++ b/src/chrome/content/rules/MediaNet.xml
@@ -1,17 +1,9 @@
-<ruleset name="MediaNet (partial)" platform="mixedcontent">
-
+<ruleset name="MediaNet">
 	<target host="mndigital.com" />
 	<target host="www.mndigital.com" />
-	<target host="images.musicnet.com" />
-
-
-	<securecookie host="^www\.mndigital\.com$" name=".*" />
-
-
-	<rule from="^http://(www\.)?mndigital\.com/"
-		to="https://$1mndigital.com/" />
 
-	<rule from="^http://images\.musicnet\.com/"
-		to="https://images.musicnet.com/" />
+	<securecookie host="^www\.mndigital\.com$" name=".+" />
 
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/MediaNews-Group.xml b/src/chrome/content/rules/MediaNews-Group.xml
index 47ebc39ec64d..e4f8f804bdd1 100644
--- a/src/chrome/content/rules/MediaNews-Group.xml
+++ b/src/chrome/content/rules/MediaNews-Group.xml
@@ -1,9 +1,15 @@
-<!--	!functional:
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://weather.mercurynews.com/ => https://www.weatherunderground.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.weatherunderground.com'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://weather.mercurynews.com/ => https://www.weatherunderground.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.weatherunderground.com'")	!functional:
 		- (www.)medianewsgroup.com	(timeout)
 		- (origin.|www.)mercurynews.com	(www: Akamai, redirects back to http; !www: timeout)
 		- extras.mnginteractive.com	(Akamai, redirects to http://.../ with "Directory Listing Denied")
 -->
-<ruleset name="MediaNews Group (partial)">
+<ruleset name="MediaNews Group (partial)" default_off="failed ruleset test">
 
 	<target host="weather.mercurynews.com"/>
 
diff --git a/src/chrome/content/rules/MediaPost.com.xml b/src/chrome/content/rules/MediaPost.com.xml
new file mode 100644
index 000000000000..9682181785bb
--- /dev/null
+++ b/src/chrome/content/rules/MediaPost.com.xml
@@ -0,0 +1,11 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- media.mediapost.com
+-->
+<ruleset name="MediaPost.com (partial)">
+	<target host="mediapost.com" />
+	<target host="www.mediapost.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MediaPost.xml b/src/chrome/content/rules/MediaPost.xml
deleted file mode 100644
index f19ee2249b20..000000000000
--- a/src/chrome/content/rules/MediaPost.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<!--
-	CDN buckets:
-
-		- s3.amazonaws.com/media.mediapost.com/
-
-
-	Partially covered subdomains:
-
-		- (www.)	(at least some pages redirect to http, including login)
-
--->
-<ruleset name="MediaPost (partial)">
-
-	<target host="mediapost.com" />
-	<target host="*.mediapost.com" />
-
-
-	<rule from="^http://(www\.)?mediapost\.com/(favicon\.ico|register(?:/?$|\?))"
-		to="https://$1mediapost.com/$2" />
-
-	<rule from="^https?://media\.mediapost\.com/"
-		to="https://s3.amazonaws.com/media.mediapost.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/MediaSpan.xml b/src/chrome/content/rules/MediaSpan.xml
deleted file mode 100644
index b260600edf79..000000000000
--- a/src/chrome/content/rules/MediaSpan.xml
+++ /dev/null
@@ -1,26 +0,0 @@
-<!--
-	Nonfunctional domains:
-
-		- captcha.fimc.net
-
-
-	Problematic domains:
-
-		- (www.)fimc.net	(mismatched)
-
--->
-<ruleset name="MediaSpan (partial)">
-
-	<target host="fimc.net" />
-	<target host="www.fimc.net" />
-	<target host="mediaspanonline.com" />
-	<target host="*.mediaspanonline.com" />
-
-
-	<securecookie host="^(?:.+\.)?mediaspanonline\.com$" name=".+" />
-
-
-	<rule from="^http://(assets\.|www\.)?(?:fimc\.net|mediaspanonline\.com)/"
-		to="https://$1mediaspanonline.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/MediaTakeOut.com.xml b/src/chrome/content/rules/MediaTakeOut.com.xml
new file mode 100644
index 000000000000..b0b8acc86494
--- /dev/null
+++ b/src/chrome/content/rules/MediaTakeOut.com.xml
@@ -0,0 +1,29 @@
+<!--
+	Problematic subdomains:
+
+		- ^ ¹
+		- i2 ²
+		- www ³
+
+	¹ Expired, self-signed
+	² 404, EdgeCast
+	³ Cert only matches ^mediatakeout.com
+
+
+	Mixed content:
+
+		- css from $self
+		- Images from i2
+
+-->
+<ruleset name="MediaTakeOut.com" default_off="expired, self-signed" platform="mixedcontent">
+
+	<target host="mediatakeout.com" />
+	<target host="i2.mediatakeout.com" />
+	<target host="www.mediatakeout.com" />
+
+
+	<rule from="^http://(?:i2\.|www\.)?mediatakeout\.com/"
+		to="https://mediatakeout.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MediaTemple.xml b/src/chrome/content/rules/MediaTemple.xml
index 7f192a9a584d..c7b352bbc067 100644
--- a/src/chrome/content/rules/MediaTemple.xml
+++ b/src/chrome/content/rules/MediaTemple.xml
@@ -1,35 +1,74 @@
 <!--
-	Nonfunctional domains:
+	Other MediaTemple rulesets:
 
-		- weblog.mediatemple.net
-		- wiki.mediatemple.net
+		- Gridserver.com.xml
+		- MT-CDN.net.xml
+
+
+	Nonfunctional hosts in *mediatemple.net:
+
+		- weblog
+
+
+	Problematic hosts in *mediatemple.net:
+
+		- status *
+
+	* StatusPage.io
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .mediatemple.net
+		- ac.mediatemple.net
 
 -->
-<ruleset name="Media Temple (partial)" platform="mixedcontent">
+<ruleset name="Media Temple.net (partial)">
 
-	<target host="gridserver.com" />
-	<target host="*.gridserver.com" />
+	<!--	Direct rewrites:
+				-->
 	<target host="mediatemple.net" />
-	<target host="*.mediatemple.net" />
-	<target host="*.mt-cdn.net" />
+	<target host="ac.mediatemple.net" />
+	<target host="accountcenter.mediatemple.net" />
+	<target host="affiliate.mediatemple.net" />
+	<target host="api.mediatemple.net" />
+	<target host="bin.mediatemple.net" />
+	<target host="forum.mediatemple.net" />
+	<target host="forums.mediatemple.net" />
+	<target host="kb.mediatemple.net" />
+	<target host="nova.mediatemple.net" />
+	<target host="static.mediatemple.net" />
+	<target host="wiki.mediatemple.net" />
+	<target host="www.mediatemple.net" />
 
+	<!--	Complications:
+				-->
+	<target host="status.mediatemple.net" />
 
-	<securecookie host=".*\.mediatemple\.net$" name=".*" />
+		<!--	Redirects to http:
+						-->
+		<exclusion pattern="^http://mediatemple\.net/blog(?:$|[?/])" />
+
+			<!--	+ve:
+					-->
+			<test url="http://mediatemple.net/blog" />
+			<test url="http://mediatemple.net/blog/madeonmt/" />
+			<test url="http://mediatemple.net/blog/news/" />
+			<test url="http://mediatemple.net/blog/tips/" />
 
 
-	<!--	e.g.
-		s69107.gridserver.com/wp-content/themes/pixel/img/interface/88x31.png
+	<!--	Not secured by server:
 					-->
-	<rule from="^http://(s\d+\.)?gridserver\.com/"
-		to="https://$1gridserver.com/" />
+	<!--securecookie host="\.mediatemple\.net$" name="^(ipb_session_id|session)$" /-->
+	<!--securecookie host="^ac\.mediatemple\.net$" name="^psc$" /-->
+
+	<securecookie host=".*\.mediatemple\.net$" name=".+" />
 
-	<rule from="^http://mediatemple\.net/"
-		to="https://mediatemple.net/" />
 
-	<rule from="^http://(ac|affiliate|api|bin|forum|www)\.mediatemple\.net/"
-		to="https://$1.mediatemple.net/" />
+	<rule from="^http://status\.mediatemple\.net/"
+		to="https://mtmediatemple.statuspage.io/" />
 
-	<rule from="^http://(?:origin|s\d)\.mt-cdn\.net/"
-		to="https://www.mediatemple.net/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/MediaWatch.xml b/src/chrome/content/rules/MediaWatch.xml
new file mode 100644
index 000000000000..b45ddf3b72b9
--- /dev/null
+++ b/src/chrome/content/rules/MediaWatch.xml
@@ -0,0 +1,15 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.mediawatch.dk/ => https://www.mediawatch.dk/: (51, "SSL: no alternative certificate subject name matches target host name 'www.mediawatch.dk'")
+
+  This renders poorly. The page requires two style sheets which are only
+  served over http.
+-->
+<ruleset name="MediaWatch (mixed content)" platform="mixedcontent" default_off="failed ruleset test">
+	<target host="mediawatch.dk" />
+	<target host="www.mediawatch.dk" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MediaWorks.xml b/src/chrome/content/rules/MediaWorks.xml
index dda861c0e2c5..da162612e280 100644
--- a/src/chrome/content/rules/MediaWorks.xml
+++ b/src/chrome/content/rules/MediaWorks.xml
@@ -6,19 +6,32 @@
 
 	Nonfunctional subdomains:
 
-		- (www.)
-		- cdn
+		- (www.)?mediaworks.co.nz refused
+		- (www.)?mediaworks.nz refused
+		- upload.mediaworks.co.nz refused
+		- test2.mediaworks.co.nz timed out
+		- test1.mediaworks.co.nz timed out
+		- test.mediaworks.co.nz timed out
 
 -->
 <ruleset name="MediaWorks (partial)">
 
+	<target host="cdn.mediaworks.co.nz" />
 	<target host="static.mediaworks.co.nz" />
+	<target host="cdn.mediaworks.nz" />
 
 
-	<securecookie host="^static\.mediaworks\.co\.nz$" name=".+" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^cdn\.mediaworks\.co\.nz$" name="^BIGipServercdn\.mediaworks\.co\.nz_pool$" /-->
 
+	<securecookie host="^(?:cdn|static)\.mediaworks\.co\.nz$" name=".+" />
 
-	<rule from="^http://static\.mediaworks\.co\.nz/"
-		to="https://static.mediaworks.co.nz/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http://cdn\.mediaworks\.co\.nz/"
+		to="https://cdn.mediaworks.nz/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Media_Factory.xml b/src/chrome/content/rules/Media_Factory.xml
deleted file mode 100644
index 3d5fc24b0c97..000000000000
--- a/src/chrome/content/rules/Media_Factory.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	For other Filemobile coverage, see Filemobile.xml.
-
-
-	Fully covered subdomains:
-
-		- (www.)
-		- developer
-
--->
-<ruleset name="Media Factory">
-
-	<target host="mediafactory.fm" />
-	<target host="*.mediafactory.fm" />
-
-
-	<securecookie host="^(?:www\.)?mediafactory\.fm$" name=".+" />
-
-
-	<rule from="^http://(\w+\.)?mediafactory\.fm/"
-		to="https://$1mediafactory.fm/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Mediabistro.xml b/src/chrome/content/rules/Mediabistro.xml
index 520d88127ace..0018f605bf3a 100644
--- a/src/chrome/content/rules/Mediabistro.xml
+++ b/src/chrome/content/rules/Mediabistro.xml
@@ -1,13 +1,23 @@
-<ruleset name="Mediabistro">
 
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://oxs.mediabistro.com/ => https://oxs.mediabistro.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+-->
+<ruleset name="Mediabistro.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
 	<target host="mediabistro.com" />
-	<target host="*.mediabistro.com" />
+	<target host="ox.mediabistro.com" />
+	<target host="oxs.mediabistro.com" />
+	<target host="www.mediabistro.com" />
 
 
-	<securecookie host="^(?:.*\.)?mediabistro\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(oxs?\.|www\.)?mediabistro\.com/"
-		to="https://$1mediabistro.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Mediacru.sh.xml b/src/chrome/content/rules/Mediacru.sh.xml
index ea976aa46346..55e711bde16d 100644
--- a/src/chrome/content/rules/Mediacru.sh.xml
+++ b/src/chrome/content/rules/Mediacru.sh.xml
@@ -1,16 +1,29 @@
-<!-- This rule was automatically generated based on an HSTS
-     preload rule in the Chromium browser.  See
-     https://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.h
-     for the list of preloads.  Sites are added to the Chromium HSTS
-     preload list on request from their administrators, so HTTPS should
-     work properly everywhere on this site.
+<!--
+	Problematic hosts in *mediacru.sh:
 
-     Because Chromium and derived browsers automatically force HTTPS for
-     every access to this site, this rule applies only to Firefox. -->
-<ruleset name="Mediacru.sh" platform="firefox">
-<target host="mediacru.sh" />
+		- (www.)? ¹ ²
+		- blog ¹ ²
 
-<securecookie host="^mediacru\.sh$" name=".+" />
+	¹ Mismatched
+	² Self-signed
+
+
+	cdn: Dropped over http & https
+
+-->
+<ruleset name="Mediacru.sh" default_off="mismatched, self-signed">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="mediacru.sh" />
+	<target host="blog.mediacru.sh" />
+	<target host="www.mediacru.sh" />
+
+
+	<securecookie host="^mediacru\.sh$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
-<rule from="^http://mediacru\.sh/" to="https://mediacru.sh/" />
 </ruleset>
diff --git a/src/chrome/content/rules/Mediaite.xml b/src/chrome/content/rules/Mediaite.xml
index c4f558d797a2..7023ce6f5bec 100644
--- a/src/chrome/content/rules/Mediaite.xml
+++ b/src/chrome/content/rules/Mediaite.xml
@@ -13,14 +13,14 @@
 		- www		(301 to http)
 
 -->
-<ruleset name="mediaite (partial)" default_off="mismatch">
+<ruleset name="mediaite (partial)" default_off="mismatched">
 
-	<target host="*.mediaite.com" />
+	<target host="media.mediaite.com" />
+	<target host="videos.mediaite.com" />
 
 
 	<!--	Cert: www.magnify.net
 					-->
-	<rule from="^http://(media|videos)\.mediaite\.com/"
-		to="https://$1.mediaite.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Medialand.ru.xml b/src/chrome/content/rules/Medialand.ru.xml
new file mode 100644
index 000000000000..509f7342d116
--- /dev/null
+++ b/src/chrome/content/rules/Medialand.ru.xml
@@ -0,0 +1,30 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://mediamir.medialand.ru/ => https://mediamir.medialand.ru/: (6, 'Could not resolve host: mediamir.medialand.ru')
+
+	Nonfunctional subdomains:
+
+		- (www.) ¹
+		- content.mediamir ²
+		- engine.mediamir ²
+
+	¹ Dropped
+	² 404; mismatched, CN: *.medialand.ru
+
+-->
+<ruleset name="Medialand.ru (partial)" default_off="failed ruleset test">
+
+	<target host="mediamir.medialand.ru" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^mediamir\.medialand\.ru$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^mediamir\.medialand\.ru$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Medialinx-Academy.de.xml b/src/chrome/content/rules/Medialinx-Academy.de.xml
new file mode 100644
index 000000000000..7e5cfe747833
--- /dev/null
+++ b/src/chrome/content/rules/Medialinx-Academy.de.xml
@@ -0,0 +1,17 @@
+<!--
+	^: cert only matches www
+
+
+	At least some pages redirect to http.
+
+-->
+<ruleset name="Medialinx Academy.de (partial)">
+
+	<target host="medialinx-academy.de" />
+	<target host="www.medialinx-academy.de" />
+
+
+	<rule from="^http://(?:www\.)?medialinx-academy\.de/sites/"
+		to="https://www.medialinx-academy.de/sites/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Medialoot.com.xml b/src/chrome/content/rules/Medialoot.com.xml
index c3ba5943677d..91e60c71de48 100644
--- a/src/chrome/content/rules/Medialoot.com.xml
+++ b/src/chrome/content/rules/Medialoot.com.xml
@@ -9,13 +9,12 @@
 <ruleset name="Medialoot.com">
 
 	<target host="medialoot.com" />
-	<target host="*.medialoot.com" />
+	<target host="www.medialoot.com" />
 
 
 	<securecookie host="^\.?medialoot\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?medialoot\.com/"
-		to="https://$1medialoot.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Mediamarkt.se.xml b/src/chrome/content/rules/Mediamarkt.se.xml
index d082d7d6a6ba..486d78ebe516 100644
--- a/src/chrome/content/rules/Mediamarkt.se.xml
+++ b/src/chrome/content/rules/Mediamarkt.se.xml
@@ -2,5 +2,5 @@
   <target host="mediamarkt.se" />
   <target host="www.mediamarkt.se" />
 
-  <rule from="^http://(?:www\.)?mediamarkt\.se/" to="https://www.mediamarkt.se/" />
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Mediametrie-eStat.xml b/src/chrome/content/rules/Mediametrie-eStat.xml
index 663a3da31542..1e76fc1318db 100644
--- a/src/chrome/content/rules/Mediametrie-eStat.xml
+++ b/src/chrome/content/rules/Mediametrie-eStat.xml
@@ -12,14 +12,14 @@
 -->
 <ruleset name="Médiamétrie-eStat (partial)">
 
-	<target host="*.estat.com" />
+	<target host="prof.estat.com" />
+	<target host="w.estat.com" />
 
 
 	<!--	e is set by prof & w	-->
-	<securecookie host="\.estat\.com$" name=".*" />
+	<securecookie host="\.estat\.com$" name=".+" />
 
 
-	<rule from="^http://(prof|w)\.estat\.com/"
-		to="https://$1.estat.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Median.xml b/src/chrome/content/rules/Median.xml
index ad6908e6c442..90d8d42689cc 100644
--- a/src/chrome/content/rules/Median.xml
+++ b/src/chrome/content/rules/Median.xml
@@ -1,10 +1,18 @@
-<ruleset name="Median">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://audit.median.hu/ => https://audit.median.hu/: (7, 'Failed to connect to audit.median.hu port 443: Connection timed out')
+
+	(www.)?median.hu: Refused
+
+-->
+<ruleset name="Median.hu (partial)" default_off="failed ruleset test">
 
 	<target host="audit.median.hu"/>
 
-	<securecookie host="^audit\.median\.hu$" name=".*"/>
+	<securecookie host="^audit\.median\.hu$" name=".+" />
 
-	<rule from="^http://audit\.median\.hu/"
-		to="https://audit.median.hu/"/>
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Medianova.com.xml b/src/chrome/content/rules/Medianova.com.xml
new file mode 100644
index 000000000000..270190dc646b
--- /dev/null
+++ b/src/chrome/content/rules/Medianova.com.xml
@@ -0,0 +1,53 @@
+<!--
+	Other Medianova rulesets:
+
+		- MnCDN.com.xml
+
+
+	(www.)?medianova.com: Refused
+
+
+	Problematic hosts in *medianova.com:
+
+		- blog-tr ¹
+		- cdn ²
+		- oyy ²
+		- prtg ²
+
+	¹ Mismatched
+	² Server sends no certificate chain, see https://whatsmychaincert.com
+
+
+	These altnames don't exist:
+
+		- www.oyy.medianova.com
+
+
+	Insecure cookies are set for these hosts:
+
+		- cdn.medianova.com
+		- oyy.medianova.com
+
+-->
+<ruleset name="Medianova.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<!--target host="cdn.medianova.com" /-->
+	<target host="cms.medianova.com" />
+	<!--target host="oyy.medianova.com" /-->
+	<target host="panel.medianova.com" />
+	<!--target host="prtg.medianova.com" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:cdn|oyy)\.medianova\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^(?:cdn|oyy)\.medianova\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mediant.xml b/src/chrome/content/rules/Mediant.xml
index 971df2c0aa5b..80e65d870b03 100644
--- a/src/chrome/content/rules/Mediant.xml
+++ b/src/chrome/content/rules/Mediant.xml
@@ -1,13 +1,19 @@
-<ruleset name="Mediant">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://mandiant.net/ => https://mandiant.net/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://www.mandiant.net/ => https://www.mandiant.net/: (28, 'Operation timed out after 30002 milliseconds with 0 bytes received')
+
+-->
+<ruleset name="Mediant" default_off="failed ruleset test">
 
 	<target host="mandiant.net" />
-	<target host="*.mandiant.net" />
+	<target host="www.mandiant.net" />
 
 
 	<securecookie host="^(?:w*\.)?mandiant\.net$" name=".+" />
 
 
-	<rule from="^http://(www\.)?mandiant\.net/"
-		to="https://$1mandiant.net/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Mediaquest_Corp.com.xml b/src/chrome/content/rules/Mediaquest_Corp.com.xml
new file mode 100644
index 000000000000..d2b468eb75fe
--- /dev/null
+++ b/src/chrome/content/rules/Mediaquest_Corp.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="Mediaquest Corp.com">
+
+	<target host="mediaquestcorp.com" />
+	<target host="www.mediaquestcorp.com" />
+
+
+	<securecookie host="^(?:www)?\.mediaquestcorp\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MediasLibres.org.xml b/src/chrome/content/rules/MediasLibres.org.xml
new file mode 100644
index 000000000000..d6403f31ba40
--- /dev/null
+++ b/src/chrome/content/rules/MediasLibres.org.xml
@@ -0,0 +1,27 @@
+<!--
+	Wildcard DNS.
+
+	Mixed content from fonts.googleapis.com:
+		mediaslibres.org
+
+	Invalid certificate:
+		www.mediaslibres.org
+
+-->
+<ruleset name="Medias Libres">
+
+	<target host="mediaslibres.org" />
+	<target host="atelier.mediaslibres.org" />
+	<target host="www.atelier.mediaslibres.org" />
+	<target host="brest.mediaslibres.org" />
+	<target host="grenobledev.mediaslibres.org" />
+	<target host="listes.mediaslibres.org" />
+	<target host="montpellier.mediaslibres.org" />
+	<target host="mutu.mediaslibres.org" />
+	<target host="rennestest.mediaslibres.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mediate.com.xml b/src/chrome/content/rules/Mediate.com.xml
index ff75657d96f1..6e15d80b02f9 100644
--- a/src/chrome/content/rules/Mediate.com.xml
+++ b/src/chrome/content/rules/Mediate.com.xml
@@ -3,10 +3,9 @@
 	<target host="mediate.com"/>
 	<target host="www.mediate.com"/>
 
-	<securecookie host="^(.*\.)mediate\.com$" name=".*"/>
+	<securecookie host="^(?:.*\.)mediate\.com$" name=".+" />
 
 	<!--	cert !valid for !www	-->
-	<rule from="^http://(?:www\.)?mediate\.com/"
-		to="https://www.mediate.com/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Mediaxus.com.xml b/src/chrome/content/rules/Mediaxus.com.xml
index 7130070867a1..d6fbfecc6b1b 100644
--- a/src/chrome/content/rules/Mediaxus.com.xml
+++ b/src/chrome/content/rules/Mediaxus.com.xml
@@ -1,13 +1,12 @@
 <ruleset name="Mediaxus.com">
 
 	<target host="mediaxus.com" />
-	<target host="*.mediaxus.com" />
+	<target host="www.mediaxus.com" />
 
 
 	<securecookie host="^\.mediaxus\.com4" name=".+" />
 
 
-	<rule from="^http://(www\.)?mediaxus\.com/"
-		to="https://$1mediaxus.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MedicAlert.xml b/src/chrome/content/rules/MedicAlert.xml
index 3721b6ea368e..7cfdf619a6b7 100644
--- a/src/chrome/content/rules/MedicAlert.xml
+++ b/src/chrome/content/rules/MedicAlert.xml
@@ -1,6 +1,33 @@
-<ruleset name="MedicAlert">
+<ruleset name="MedicAlert.org (partial)">
+
+	<!--	Direct rewrites:
+				-->
 	<target host="medicalert.org" />
 	<target host="www.medicalert.org" />
 
-	<rule from="^http://(?:www\.)?medicalert\.org/" to="https://www.medicalert.org/" />
-</ruleset>
\ No newline at end of file
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.medicalert\.org/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.medicalert\.org/+(?!misc/|sites/|user(?:$|[?/]))" />
+
+			<test url="http://www.medicalert.org/NewYear_Safety_Checklist_2014" />
+			<test url="http://www.medicalert.org/blog" />
+			<test url="http://www.medicalert.org/cart" />
+			<test url="http://www.medicalert.org/donate/now" />
+			<test url="http://www.medicalert.org/faq" />
+			<test url="http://www.medicalert.org/renew" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.medicalert.org/misc/menu-expanded.png" />
+			<test url="http://www.medicalert.org/sites/default/files/maf-white-logo_0.png" />
+			<test url="http://www.medicalert.org/user" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Medical_Express.xml b/src/chrome/content/rules/Medical_Express.xml
index 0b89cc6cb810..df9ebc657026 100644
--- a/src/chrome/content/rules/Medical_Express.xml
+++ b/src/chrome/content/rules/Medical_Express.xml
@@ -1,28 +1,14 @@
-<!--
-	CDN buckets:
-
-		- 1794-medicalxpress.voxcdn.com
-			- m.ph-cdn.com
-
-
-	Problematic domains:
-
-		- m.ph-cdn.com	(404s)
-
--->
-<ruleset name="Medical Express" platform="mixedcontent">
+<ruleset name="Medical Xpress.com">
 
 	<target host="medicalxpress.com" />
+	<target host="m.medicalxpress.com" />
 	<target host="www.medicalxpress.com" />
-	<target host="m.ph-cdn.com" />
 
 
-	<rule from="^http://(www\.)?medicalxpress\.com/"
-		to="https://$1medicalxpress.com/" />
+	<securecookie host="^\." name="^__qca" />
+
 
-	<!--	At least newman/gfx doesn't exist on medicalexpress.com.
-										-->
-	<rule from="^https?://m\.ph-cdn\.com/tmpl/"
-		to="https://medicalxpress.com/tmpl/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Medical_Jane.xml b/src/chrome/content/rules/Medical_Jane.xml
index 6fd1ba12c03e..2dc35622b07d 100644
--- a/src/chrome/content/rules/Medical_Jane.xml
+++ b/src/chrome/content/rules/Medical_Jane.xml
@@ -1,13 +1,20 @@
-<ruleset name="Medical Jane">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://medicaljane.com/ => https://medicaljane.com/: (7, 'Failed to connect to medicaljane.com port 443: Connection refused')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://medicaljane.com/ => https://medicaljane.com/: (51, "SSL: no alternative certificate subject name matches target host name 'medicaljane.com'")
+-->
+<ruleset name="Medical Jane" default_off="failed ruleset test">
 
 	<target host="medicaljane.com" />
-	<target host="*.medicaljane.com" />
+	<target host="www.medicaljane.com" />
 
 
 	<securecookie host="^\.medicaljane\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?medicaljane\.com/"
-		to="https://$1medicaljane.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Medical_Treatments_Management.xml b/src/chrome/content/rules/Medical_Treatments_Management.xml
index b18e96c7287e..bb38ef25f538 100644
--- a/src/chrome/content/rules/Medical_Treatments_Management.xml
+++ b/src/chrome/content/rules/Medical_Treatments_Management.xml
@@ -5,7 +5,7 @@
 <ruleset name="Medical Treatments Management">
 
 	<target host="medical-treatments-management.com" />
-	<target host="*.medical-treatments-management.com" />
+	<target host="www.medical-treatments-management.com" />
 	<target host="mtmweb.biz" />
 	<target host="www.mtmweb.biz" />
 	<target host="mtmweb.com" />
@@ -18,7 +18,6 @@
 	<rule from="^http://(www\.)?m(?:edical-treatments-management|tmweb)\.com/"
 		to="https://$1medical-treatments-management.com/" />
 
-	<rule from="^http://(www\.)?mtmweb\.biz/"
-		to="https://$1mtmweb.biz/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Medici-manager.com.xml b/src/chrome/content/rules/Medici-manager.com.xml
new file mode 100644
index 000000000000..944cf21dd4f1
--- /dev/null
+++ b/src/chrome/content/rules/Medici-manager.com.xml
@@ -0,0 +1,28 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://medici-manager.com/ => https://medici-manager.com/: (51, "SSL: no alternative certificate subject name matches target host name 'medici-manager.com'")
+Fetch error: http://www.medici-manager.com/ => https://www.medici-manager.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.medici-manager.com'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://medici-manager.com/ => https://medici-manager.com/: (51, "SSL: no alternative certificate subject name matches target host name 'medici-manager.com'")
+Fetch error: http://www.medici-manager.com/ => https://www.medici-manager.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.medici-manager.com'")
+	For other MediciGlobal coverage, see MediciGlobal.com.xml.
+
+
+	Mixed content:
+
+		- Web bug from server.iad.liveperson.net *
+
+	* Secured by us
+
+-->
+<ruleset name="Medici-manager.com" default_off="failed ruleset test">
+
+	<target host="medici-manager.com" />
+	<target host="www.medici-manager.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MediciGlobal.com.xml b/src/chrome/content/rules/MediciGlobal.com.xml
new file mode 100644
index 000000000000..518704776c04
--- /dev/null
+++ b/src/chrome/content/rules/MediciGlobal.com.xml
@@ -0,0 +1,52 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://stats.mediciglobal.com/ => https://stats.mediciglobal.com/: (6, 'Could not resolve host: stats.mediciglobal.com')
+
+	For rules causing false/broken MCB, see MediciGlobal.com-falsemixed.xml.
+
+
+	Other MediciGlobal rulesets:
+
+		- Medici-manager.com.xml
+
+
+	Mixed content:
+
+		- Scripts from $self *
+
+		- css from $self *
+
+		- Images, from:
+
+			- $self *
+			- farm\d.static.flickr.com *
+			- medici-manager.com *
+
+		- Web bugs, from:
+
+			- stats *
+			- www.statcounter.com *
+
+	* Secured by us
+
+-->
+<ruleset name="MediciGlobal.com (partial)" default_off="failed ruleset test">
+
+	<target host="mediciglobal.com" />
+	<target host="stats.mediciglobal.com" />
+	<target host="www.mediciglobal.com" />
+		<!--
+			Avoid false/broken MCB:
+						-->
+		<exclusion pattern="^http://mediciglobal\.com/+(?!css/|favicon\.ico|images/|js/)" />
+
+
+	<!--	Secured by server:
+					-->
+	<!--securecookie host="^stats\.mediciglobal\.com$" name="^PIWIK_SESSID$" /-->
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MedicineNet.com.xml b/src/chrome/content/rules/MedicineNet.com.xml
index 46be5b12a697..52d357cc87aa 100644
--- a/src/chrome/content/rules/MedicineNet.com.xml
+++ b/src/chrome/content/rules/MedicineNet.com.xml
@@ -1,39 +1,39 @@
 <!--
 	For other WebMD coverage, see WebMD.xml.
 
-
-	CDN buckets:
-
-		- images.medicinenet.com.edgesuite.net
-
-
-	Problematic subdomains:
-
-		- images	(503, akamai)
-
-
-	Partially covered subdomains:
-
-		- (www.) *
-		- images *	(→ ^)
-
-	* Some paths redirect to http://.../$
-
-
-	Fully covered subdomains:
-
-		- images	(→ ^)
-
+	Non-functional hosts
+		Couldn't connect to server:
+			 - medicinenet.com
+			 - search.iad1.medicinenet.com
+			 - search.sea1.medicinenet.com
+
+		Timeout was reached:
+			 - mta.messages.medicinenet.com
+			 - view.messages.medicinenet.com
+			 - proxy.medicinenet.com
+			 - www.qa00.medicinenet.com
+
+		SSL peer certificate was not OK:
+			 - optout.cc.medicinenet.com
+			 - www.iad1.medicinenet.com
+			 - images.medicinenet.com
+			 - img.medicinenet.com
+			 - li.medicinenet.com
+			 - messages.medicinenet.com
+			 - related.medicinenet.com
+			 - www.sea1.medicinenet.com
+			 - topics.medicinenet.com
+
+		Peer certificate cannot be authenticated with given CA certificates:
+			 - newsletters.medicinenet.com
+
+		Secure connection redirects to plaintext:
+			 - www.medicinenet.com
+			 - search.medicinenet.com
 -->
 <ruleset name="MedicineNet.com (partial)">
+	<target host="click.messages.medicinenet.com" />
+	<target host="regimg.medicinenet.com" />
 
-	<target host="medicinenet.com" />
-	<target host="*.medicinenet.com" />
-		<exclusion pattern="^http://images\.medicinenet\.com/css/" />
-		<exclusion pattern="^http://(?:www\.)?medicinenet\.com/(?!images/)" />
-
-
-	<rule from="^http://(?:images\.|(www\.))?medicinenet\.com/"
-		to="https://$1medicinenet.com/" />
-
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/MedicinesComplete.xml b/src/chrome/content/rules/MedicinesComplete.xml
index 476b8760f57f..b19af17fd908 100644
--- a/src/chrome/content/rules/MedicinesComplete.xml
+++ b/src/chrome/content/rules/MedicinesComplete.xml
@@ -1,24 +1,23 @@
 <!--
-	Problematic subdomains:
+	Insecure cookies are set for these domains:
 
-		- ^	(cert only matches www)
-
-
-	Some pages redirect to http.
+		- .medicinescomplete.com
 
 -->
-<ruleset name="MedicinesComplete (partial)">
+<ruleset name="MedicinesComplete.com">
 
 	<target host="medicinescomplete.com" />
 	<target host="www.medicinescomplete.com" />
-		<exclusion pattern="^http://www\.medicinescomplete\.com/(?!about/(?:269|images|style)/|mc(?:$|\?|/)|pdf/)" />
 
 
-	<!--	Server drops path like so, sans trailing slash:
-								-->
-	<rule from="^http://medicinescomplete\.com/.*"
-		to="https://www.medicinescomplete.com/" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.medicinescomplete\.com$" name="^d0$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
-	<rule from="^http://www\.medicinescomplete\.com/"
-		to="https://www.medicinescomplete.com/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Mediekompaniet.com.xml b/src/chrome/content/rules/Mediekompaniet.com.xml
index 92f5a9616d84..1a34edbb94f4 100644
--- a/src/chrome/content/rules/Mediekompaniet.com.xml
+++ b/src/chrome/content/rules/Mediekompaniet.com.xml
@@ -1,15 +1,18 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://nysk.mediekompaniet.com/ => https://nysk.mediekompaniet.com/: (6, 'Could not resolve host: nysk.mediekompaniet.com')
+
 	Nonfunctional subdomains:
 
 		- (www.)	(refused)
 
 -->
-<ruleset name="Mediekompaniet.com (partial)">
+<ruleset name="Mediekompaniet.com (partial)" default_off="failed ruleset test">
 
 	<target host="nysk.mediekompaniet.com" />
 
 
-	<rule from="^http://nysk\.mediekompaniet\.com/"
-		to="https://nysk.mediekompaniet.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Medium.xml b/src/chrome/content/rules/Medium.xml
deleted file mode 100644
index a03327ed40b1..000000000000
--- a/src/chrome/content/rules/Medium.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Medium">
-
-	<target host="medium.com" />
-	<target host="www.medium.com" />
-
-
-	<securecookie host="^medium\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?medium\.com/"
-		to="https://$1medium.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Medleyads.com.xml b/src/chrome/content/rules/Medleyads.com.xml
index 529ee95d550c..9b46502ce636 100644
--- a/src/chrome/content/rules/Medleyads.com.xml
+++ b/src/chrome/content/rules/Medleyads.com.xml
@@ -1,19 +1,26 @@
 <!--
-	Problematic subdomains:
+	Insecure cookies are set for these domains:
 
-		- (www.)	(mismatched, CN: secure.medleyads.com)
+		- .medleyads.com
 
 -->
 <ruleset name="medleyads.com">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="medleyads.com" />
-	<target host="*.medleyads.com" />
+	<target host="secure.medleyads.com" />
+	<target host="www.medleyads.com" />
 
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.medleyads\.com$" name="^(adgroups|mad_uid|sg_\d+|si_\d+)$" /-->
+
 	<securecookie host="^\.medleyads\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:secure\.|www\.)?medleyads\.com/"
-		to="https://secure.medleyads.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Medocmall.co.uk.xml b/src/chrome/content/rules/Medocmall.co.uk.xml
new file mode 100644
index 000000000000..261d65433d44
--- /dev/null
+++ b/src/chrome/content/rules/Medocmall.co.uk.xml
@@ -0,0 +1,9 @@
+<ruleset name="medocmall.co.uk">
+
+	<target host="medocmall.co.uk" />
+	<target host="www.medocmall.co.uk" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Medscape.xml b/src/chrome/content/rules/Medscape.xml
index 51c4bc713ae5..0a319aa42a0c 100644
--- a/src/chrome/content/rules/Medscape.xml
+++ b/src/chrome/content/rules/Medscape.xml
@@ -23,23 +23,25 @@
 -->
 <ruleset name="Medscape (partial)">
 
-	<target host="*.medscape.com" />
+	<target host="images.medscape.com" />
+	<target host="img.medscape.com" />
+	<target host="login.medscape.com" />
+	<target host="profreg.medscape.com" />
 
 
 	<!--	Presumably at least some cross-domain cookies need
 		to be unsecure in order for logging in to work.
 								-->
-	<securecookie host="^(?:login|profreg)\.medscape\.com$" name=".*" />
+	<securecookie host="^(?:login|profreg)\.medscape\.com$" name=".+" />
 
 
 	<!--	Akamai.
 			-->
-	<rule from="^https?://images\.medscape\.com/"
+	<rule from="^http://images\.medscape\.com/"
 		to="https://img.medscape.com/" />
 
-	<rule from="^http://(img|login|profreg)\.medscape\.com/"
-		to="https://$1.medscape.com/" />
 
 
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Medstop.se.xml b/src/chrome/content/rules/Medstop.se.xml
index 2ddb0e4f96ed..b3193132dbc2 100644
--- a/src/chrome/content/rules/Medstop.se.xml
+++ b/src/chrome/content/rules/Medstop.se.xml
@@ -1,8 +1,31 @@
-<!-- pharmacy. medical info should be private -->
-<ruleset name="Medstop.se">
+<!--
+	(www.)?medstop.se: Refused
+
+-->
+<ruleset name="Medstop.se (partial)">
+
+	<!--	Complications:
+				-->
 	<target host="medstop.se" />
 	<target host="www.medstop.se" />
-	<rule from="^http://medstop\.se/" to="https://www.medstop.se/"/>
-	<rule from="^http://www\.medstop\.se/" to="https://www.medstop.se/"/>
+
+		<!--	(?!$|\?) doesn't redirect
+						-->
+		<exclusion pattern="^http://(?:www\.)?medstop\.se/+(?!$|\?)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://medstop.se/4" />
+			<test url="http://medstop.se//0" />
+			<test url="http://medstop.se///4" />
+			<test url="http://www.medstop.se/4" />
+			<test url="http://www.medstop.se//0" />
+			<test url="http://www.medstop.se///4" />
+
+
+	<!--	Redirect keeps args and forward slash:
+							-->
+	<rule from="^http://(?:www\.)?medstop\.se/"
+		to="https://kronansapotek.se/" />
 </ruleset>
 
diff --git a/src/chrome/content/rules/Meebey.net.xml b/src/chrome/content/rules/Meebey.net.xml
new file mode 100644
index 000000000000..7221cbb53a43
--- /dev/null
+++ b/src/chrome/content/rules/Meebey.net.xml
@@ -0,0 +1,20 @@
+<!--
+	^: shows default page, valid cert
+
+-->
+<ruleset name="Meebey.net">
+
+	<target host="meebey.net" />
+	<target host="www.meebey.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.meebey\.net$" name="^ikiwiki_session_Hacking%20is%20Art$" /-->
+
+	<securecookie host="^www\.meebey\.net$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Meebo.xml b/src/chrome/content/rules/Meebo.xml
index a7252dc6e4b8..06c3280bfb0b 100644
--- a/src/chrome/content/rules/Meebo.xml
+++ b/src/chrome/content/rules/Meebo.xml
@@ -1,4 +1,10 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://meebo.com/ => https://www.meebo.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.meebo.com'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://meebo.com/ => https://www.meebo.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.meebo.com'")
 	For other Google coverage, see GoogleServices.xml.
 
 
@@ -8,10 +14,12 @@
 		- rd	(works; expired 2013-01-26)
 
 -->
-<ruleset name="Meebo">
+<ruleset name="Meebo" default_off="failed ruleset test">
 
 	<target host="meebo.com" />
-	<target host="*.meebo.com" />
+	<target host="www.meebo.com" />
+	<target host="cim.meebo.com" />
+	<target host="dashboard.meebo.com" />
 
 
 	<securecookie host="^\.meebo\.com$" name=".+" />
@@ -20,7 +28,6 @@
 	<rule from="^http://(?:www\.)?meebo\.com/"
 		to="https://www.meebo.com/" />
 
-	<rule from="^http://(cim|dashboard)\.meebo\.com/"
-		to="https://$1.meebo.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Meego.xml b/src/chrome/content/rules/Meego.xml
index 68298b5a19de..a786103e6c25 100644
--- a/src/chrome/content/rules/Meego.xml
+++ b/src/chrome/content/rules/Meego.xml
@@ -1,13 +1,21 @@
-<ruleset name="Meego">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://meego.com/ => https://meego.com/: (51, "SSL: no alternative certificate subject name matches target host name 'tizen.org'")
+Fetch error: http://www.meego.com/ => https://www.meego.com/: (51, "SSL: no alternative certificate subject name matches target host name 'tizen.org'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://meego.com/ => https://meego.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+-->
+<ruleset name="Meego" default_off="failed ruleset test">
 
 	<target host="meego.com" />
-	<target host="*.meego.com" />
+	<target host="www.meego.com" />
 
 
 	<securecookie host="^\.meego\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?meego\.com/"
-		to="https://$1meego.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Meet.fm.xml b/src/chrome/content/rules/Meet.fm.xml
deleted file mode 100644
index fab6f1603e27..000000000000
--- a/src/chrome/content/rules/Meet.fm.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Meet.fm">
-
-	<target host="meet.fm" />
-	<target host="*.meet.fm" />
-
-
-	<securecookie host="^\.meet\.fm$" name=".+" />
-
-
-	<rule from="^http://(www\.)?meet\.fm/"
-		to="https://$1meet.fm/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/MeetBSD.com.xml b/src/chrome/content/rules/MeetBSD.com.xml
new file mode 100644
index 000000000000..3d4a23f5fe47
--- /dev/null
+++ b/src/chrome/content/rules/MeetBSD.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="MeetBSD.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="meetbsd.com" />
+	<target host="www.meetbsd.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MeetInLeeds.xml b/src/chrome/content/rules/MeetInLeeds.xml
index 1123fa87c7bf..88d5985f294c 100644
--- a/src/chrome/content/rules/MeetInLeeds.xml
+++ b/src/chrome/content/rules/MeetInLeeds.xml
@@ -8,7 +8,6 @@
 	<target host="www.meetinleeds.co.uk" />
 
 
-	<rule from="^http://(?:www\.)?meetinleeds\.co\.uk/"
-		to="https://www.meetinleeds.co.uk/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MeetMe.xml b/src/chrome/content/rules/MeetMe.xml
index e555f987ba4d..aab520100772 100644
--- a/src/chrome/content/rules/MeetMe.xml
+++ b/src/chrome/content/rules/MeetMe.xml
@@ -1,17 +1,89 @@
-<ruleset name="MeetMe">
 
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://blinddate.meetme.com/ => https://blinddate.meetme.com/: (6, 'Could not resolve host: blinddate.meetme.com')
+Fetch error: http://causes.meetme.com/ => https://causes.meetme.com/: (6, 'Could not resolve host: causes.meetme.com')
+Fetch error: http://match.meetme.com/ => https://match.meetme.com/: (51, "SSL: no alternative certificate subject name matches target host name 'match.meetme.com'")
+Fetch error: http://nerve.meetme.com/ => https://nerve.meetme.com/: (6, 'Could not resolve host: nerve.meetme.com')
+Fetch error: http://photos.meetme.com/ => https://photos.meetme.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://vip.meetme.com/ => https://vip.meetme.com/: (51, "SSL: no alternative certificate subject name matches target host name 'vip.meetme.com'")
+
+	Other MeetMe rulesets:
+
+		- meetmecdna.com.xml
+
+
+	Problematic hosts in *meetme.com:
+
+		- games ᵐ
+
+	ᵐ Mismatched
+
+
+	These altnames do not exist:
+
+		- movies.meetme.com
+		- owned.meetme.com
+		- support.meetme.com
+
+
+	Insecure cookies are set for these domains: ᶜ
+
+		- .meetme.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="MeetMe" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
 	<target host="meetme.com" />
-	<target host="*.meetme.com" />
+	<target host="api.meetme.com" />
+	<target host="blinddate.meetme.com" />
+	<target host="causes.meetme.com" />
+	<target host="cpa.meetme.com" />
+	<target host="feed.meetme.com" />
+	<target host="friends.meetme.com" />
+	<target host="help.meetme.com" />
+	<target host="home.meetme.com" />
+	<target host="live.meetme.com" />
+	<target host="m.meetme.com" />
+	<target host="match.meetme.com" />
+	<target host="messages.meetme.com" />
+	<target host="nerve.meetme.com" />
+	<target host="photos.meetme.com" />
+	<target host="platform.meetme.com" />
+	<target host="profile.meetme.com" />
+	<target host="ssl.meetme.com" />
+	<target host="touch.meetme.com" />
+	<target host="vip.meetme.com" />
+	<target host="www.meetme.com" />
+
 	<target host="en.mtmei18n.com" />
 
+		<test url="http://en.mtmei18n.com/service/home/CSS/variations/b.min.css" />
+
+	<!--	Complications:
+				-->
+	<target host="games.meetme.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.meetme\.com$" name="^(?:MYB_TARGET|PHPSESSID|POSTAff2Cookie|mybLocale|mybRegData|mybRegTheme)$" /-->
+
+	<securecookie host=".+" name=".+" />
 
-	<securecookie host="^m?\.meetme\.com$" name=".+" />
 
+	<!--	Redirect drops all:
+					-->
+	<rule from="^http://games\.meetme\.com/.*"
+		to="https://www.myyearbook.com/" />
 
-	<rule from="^http://((?:api|blinddate|canvas|causes|cpa|feed|friends|games|help|home|live|m|match|messages|nerve|photos|platform|profile|ssl|vip|www)\.)?meetme\.com/"
-		to="https://$1meetme.com/" />
+		<test url="http://games.meetme.com/index.php" />
 
-	<rule from="^http://en\.mtmei18n\.com/"
-		to="https://en.mtmei18n.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MeetMe_Corp.xml b/src/chrome/content/rules/MeetMe_Corp.xml
index 07b11fa0ab0c..fe502bd8e6bb 100644
--- a/src/chrome/content/rules/MeetMe_Corp.xml
+++ b/src/chrome/content/rules/MeetMe_Corp.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(?:www\.)?meetmecorp\.com/"
 		to="https://www.meetmecorp.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Meetey.com.xml b/src/chrome/content/rules/Meetey.com.xml
deleted file mode 100644
index 538cd3276aa5..000000000000
--- a/src/chrome/content/rules/Meetey.com.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Meetey.com">
-
-	<target host="meetey.com" />
-	<target host="*.meetey.com" />
-
-
-	<securecookie host="^(?:w*\.)?meetey\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?meetey\.com/"
-		to="https://$1meetey.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Meetic-problematic.xml b/src/chrome/content/rules/Meetic-problematic.xml
index caf57258f116..518c16b5cfdc 100644
--- a/src/chrome/content/rules/Meetic-problematic.xml
+++ b/src/chrome/content/rules/Meetic-problematic.xml
@@ -4,23 +4,21 @@
 -->
 <ruleset name="Meetic (problematic)" default_off="mismatched">
 
-	<target host="*.ilius.net" />
-	<target host="static.editor.meetic.com" />
+	<target host="k.ilius.net" />
+	<target host="stda.ilius.net" />
+		<!--
+			Handled in Meetic.xml:
+						-->
+		<exclusion pattern="^http://stda\.ilius\.net/(?!css/(?!components/core/forgot\.css))" />
 	<target host="pictures.meetic.com" />
 	<target host="photos.meetic.fr" />
 	<target host="statics.meetic-affinity.com" />
 
 
-	<rule from="^http://(k|stda)\.ilius\.net/"
-		to="https://$1.ilius.net/" />
 
-	<rule from="^http://static\.editor\.meetic\.com/"
-		to="https://static.editor.meetic.com/" />
-
-	<rule from="^https?://p(ictures.meetic\.com|hotos\.meetic\.fr)/"
+	<rule from="^http://p(?:ictures\.meetic\.com|hotos\.meetic\.fr)/"
 		to="https://photos.meetic.fr/" />
 
-	<rule from="^https?://statics\.meetic-affinity.com/"
-		to="https://statics.meetic-affinity.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Meetic.pt.xml b/src/chrome/content/rules/Meetic.pt.xml
new file mode 100644
index 000000000000..7509a5c388be
--- /dev/null
+++ b/src/chrome/content/rules/Meetic.pt.xml
@@ -0,0 +1,7 @@
+<ruleset name="Meetic.pt">
+  <target host="meetic.pt" />
+  <target host="www.meetic.pt" />
+  <target host="touch.meetic.pt" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Meetic.xml b/src/chrome/content/rules/Meetic.xml
index de166cdf201c..726e5d6dc7b5 100644
--- a/src/chrome/content/rules/Meetic.xml
+++ b/src/chrome/content/rules/Meetic.xml
@@ -4,6 +4,8 @@
 
 	CDN buckets:
 
+		- iliusstda-a.akamaihd.net <=> stda.ilius.net.edgesuite.net
+
 		- meetic.fr.edgesuite.net
 
 			- static.editor.meetic.com
@@ -16,13 +18,13 @@
 
 	Nonfunctional domains:
 
-		- (www.)meetic.com
-		- (www.)meetic.fr
+		- (www.)meetic.fr *
+
+	* Dropped
 
 
 	Problematic domains:
 
-		- k.ilius.net		(works, mismatched, CN: *.keyade.com)
 		- stda.ilius.net *
 		- static.editor.meetic.com *
 		- pictures.meetic.com *
@@ -34,13 +36,41 @@
 -->
 <ruleset name="Meetic (partial)">
 
+	<!--	Direct rewrites:
+				-->
+	<target host="k.ilius.net" />
 	<target host="tk.ilius.net" />
+	<target host="meetic.com" />
+	<target host="www.meetic.com" />
+
+	<!--	Complications:
+				-->
+	<target host="stda.ilius.net" />
+
+		<!--	References images relative to /:
+								-->
+			<!--exclusion pattern="^http://stda\.ilius\.net/css/(brands/match/uk/signup/2013/01/23/landing_hpv_default_yahoo_profiles|components/themes/abyss/buttons\.css|core/login/login_form|core/login/login_form_a1)\.css" /-->
+			<!--exclusion pattern="^http://stda\.ilius\.net/css/(?!components/core/forgot\.css)" /-->
+
+		<test url="http://k.ilius.net/?mtcmk=&amp;fsid=" />
 
+		<!--	Sets cookies without Secure:
+							-->
+		<test url="http://www.meetic.com/signup/smart_landing_v2.phsl?tpl=&amp;mtcmk=&amp;fsid=&amp;ktid=&amp;klid=&amp;tckka=&amp;tckvs=" />
+
+
+	<!--securecookie host="^meetic\.com$" name="^(?:ADRUM_BT|MeeticLTM)$" /-->
+	<!--securecookie host="^www\.meetic\.com$" name="^(?:ADRUM_BT|KY_OPTS|MeeticLTM|STACK_CMK|ky|meetic_cmk)$" /-->
 
 	<securecookie host="^tk\.ilius\.net$" name=".+" />
 
 
-	<rule from="^http://tk\.ilius\.net/"
-		to="https://tk.ilius.net/" />
+	<rule from="^http://stda\.ilius\.net/"
+		to="https://iliusstda-a.akamaihd.net/" />
+
+		<test url="http://stda.ilius.net/css/core/common/maintenance.css" />
+
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Meetings.io.xml b/src/chrome/content/rules/Meetings.io.xml
deleted file mode 100644
index dab85434e1fb..000000000000
--- a/src/chrome/content/rules/Meetings.io.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	Fully covered subdomains:
-
-		- (www.)
-		- oi
-
-
-	Nonfunctional subdomains:
-
-		- blog	(dropped)
-
--->
-<ruleset name="Meetings.io (partial)">
-
-	<target host="meetings.io" />
-	<target host="*.meetings.io" />
-
-
-	<securecookie host="^(?:w*\.)?meetings\.io$" name=".+" />
-
-
-	<rule from="^http://(oi\.|www\.)?meetings\.io/"
-		to="https://$1meetings.io/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Meetrics.xml b/src/chrome/content/rules/Meetrics.xml
new file mode 100644
index 000000000000..d6e9ea9ebf87
--- /dev/null
+++ b/src/chrome/content/rules/Meetrics.xml
@@ -0,0 +1,50 @@
+<ruleset name="Meetrics">
+
+	<target host="*.meetrics.com"/>
+	<target host="*.meetrics.de"/>
+	<target host="*.meetrics.net"/>
+
+	<target host="meetrics.com"/>
+	<target host="meetrics.de"/>
+
+	<target host="*.mxcdn.net"/>
+
+	<target host="*.research.de.com"/>
+	<target host="research.de.com"/>
+
+	<test url="http://meetrics.com/" />
+	<test url="http://www.meetrics.com/" />
+	<test url="http://adam.meetrics.com/" />
+
+
+	<test url="http://hpv2.meetrics.de/" />
+	<test url="http://jira.meetrics.de/" />
+	<test url="http://liveview.meetrics.de/" />
+	<test url="http://phabricator.meetrics.de/" />
+	<test url="http://sandbox.meetrics.de/" />
+
+	<test url="http://www.meetrics.net/" />
+	<test url="http://dcheck01.meetrics.net/" />
+	<test url="http://s204.meetrics.net/" />
+	<test url="http://dc47.s204.meetrics.net/" />
+	<test url="http://s214.meetrics.net/" />
+	<test url="http://dc0.s214.meetrics.net/" />
+	<test url="http://dc28.s214.meetrics.net/" />
+
+	<test url="http://s290.mxcdn.net/" />
+	<test url="http://s361.mxcdn.net/" />
+	<test url="http://s400.mxcdn.net/" />
+	<test url="http://s79.mxcdn.net/" />
+
+	<test url="http://i2.s62.research.de.com/" />
+	<test url="http://s62.research.de.com/" />
+	<test url="http://mail.research.de.com/" />
+	<test url="http://dc7.s79.research.de.com/" />
+	<test url="http://s110.research.de.com/" />
+
+	<exclusion pattern="^http://www\.meetrics\.net/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Meetup.xml b/src/chrome/content/rules/Meetup.xml
index 5af6e58d8581..5935c1ba94b2 100644
--- a/src/chrome/content/rules/Meetup.xml
+++ b/src/chrome/content/rules/Meetup.xml
@@ -1,26 +1,41 @@
 <!--
-	CDN buckets:
-
-		- img1.meetupstatic.com.edgesuite.net
-		- img2.meetupstatic.com.edgesuite.net
-		- static1.meetupstatic.com.edgesuite.net
-		- static2.meetupstatic.com.edgesuite.net
-
-
 	Nonfunctional domains:
 
-		- www.meetup.com	(prints "our server wasn't
-					able to process your request")
-		- meetupblog.meetup.com	(hosted on Tumblr)
+		- making.meetup.com ¹
+		- help.meetup.com (http redirect)
+		- files.meetup.com	(prints "It's server
+					maintenance time!")
+		- blog.meetup.com	(mismatch)
 
+	¹ Refused
 -->
-<ruleset name="Meetup (partial)">
-
+<ruleset name="Meetup">
+	<target host="meetup.com" />
+	<target host="www.meetup.com" />
 	<target host="secure.meetup.com" />
-	<target host="*.meetupstatic.com" />
-
-
-	<rule from="^https?://(?:img[12]|secure|static[12])\.meetup\.com/"
-		to="https://secure.meetup.com/" />
-
+	<target host="photos1.meetupstatic.com" />
+	<target host="photos2.meetupstatic.com" />
+	<target host="photos3.meetupstatic.com" />
+	<target host="photos4.meetupstatic.com" />
+	<target host="static1.meetupstatic.com" />
+	<target host="static2.meetupstatic.com" />
+	<target host="static3.meetupstatic.com" />
+	<target host="static4.meetupstatic.com" />
+	<target host="secure.meetupstatic.com" />
+
+	<test url="http://photos1.meetupstatic.com/s/img/94156887029318281691566697/logo.svg" />
+	<test url="http://photos2.meetupstatic.com/s/img/94156887029318281691566697/logo.svg" />
+	<test url="http://photos3.meetupstatic.com/s/img/94156887029318281691566697/logo.svg" />
+	<test url="http://photos4.meetupstatic.com/s/img/94156887029318281691566697/logo.svg" />
+	<test url="http://static1.meetupstatic.com/s/img/94156887029318281691566697/logo.svg" />
+	<test url="http://static2.meetupstatic.com/s/img/94156887029318281691566697/logo.svg" />
+	<test url="http://static3.meetupstatic.com/s/img/94156887029318281691566697/logo.svg" />
+	<test url="http://static4.meetupstatic.com/s/img/94156887029318281691566697/logo.svg" />
+
+	<securecookie host="^\.meetup\.com$" name="^MEETUP_(?:AFFIL|TRACK)$" />
+
+	<rule from="^http://(photos|static)[1-4]\.meetupstatic\.com/"
+		to="https://secure.meetupstatic.com/" />
+	<rule from="^http:"
+		to="https:"/>
 </ruleset>
diff --git a/src/chrome/content/rules/MegWorld.xml b/src/chrome/content/rules/MegWorld.xml
index 0a0459bc30b7..8d6c8d2d563d 100644
--- a/src/chrome/content/rules/MegWorld.xml
+++ b/src/chrome/content/rules/MegWorld.xml
@@ -1,13 +1,19 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://megworld.co.uk/ => https://megworld.co.uk/: (60, 'SSL certificate problem: certificate has expired')
+
 	Problematic subdomains:
 
 		- www		(http redirects to https://www; mismatched, CN: pump.megaworld.co.uk)
 
 -->
-<ruleset name="MegWorld">
+<ruleset name="MegWorld" default_off="failed ruleset test">
 
 	<target host="megworld.co.uk" />
-	<target host="*.megworld.co.uk" />
+	<target host="pump.megworld.co.uk" />
+	<target host="webchat.megworld.co.uk" />
+	<target host="www.megworld.co.uk" />
 
 
 	<securecookie host="^pump\.megworld\.co\.uk$" name=".+" />
@@ -16,4 +22,4 @@
 	<rule from="^http://(?:(pump\.|webchat\.)|www\.)?megworld\.co\.uk/"
 		to="https://$1megworld.co.uk/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Mega.com.xml b/src/chrome/content/rules/Mega.com.xml
index 58d2f07a0d5c..273da809e55f 100644
--- a/src/chrome/content/rules/Mega.com.xml
+++ b/src/chrome/content/rules/Mega.com.xml
@@ -34,7 +34,6 @@
 	<securecookie host="^community\.mega\.com$" name=".+" />
 
 
-	<rule from="^http://community\.mega\.com/"
-		to="https://community.mega.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Mega.xml b/src/chrome/content/rules/Mega.xml
index 9b9d5da23ba5..3e840df994da 100644
--- a/src/chrome/content/rules/Mega.xml
+++ b/src/chrome/content/rules/Mega.xml
@@ -1,10 +1,28 @@
+<!--
+	Fully covered subdomains:
+		- mega.co.nz
+			- (www.)
+			- \w\w.api
+			- \w\w.static *
+			- \w+.userstorage *
+			- g.cdn1
+
+		- mega.nz
+			- (www.)
+			- cms
+-->
 <ruleset name="Mega">
 
-	<target host="mega.co.nz" />
 	<target host="*.mega.co.nz" />
 
+	<test url="http://eu.static.mega.co.nz/" />
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^mega\.co\.nz$" name="^geoip$" /-->
+	<securecookie host="^mega\.(co\.)?nz$" name=".+" />
 
-	<rule from="^http://(\w\w\.static\.|www\.)?mega\.co\.nz/"
-		to="https://$1mega.co.nz/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MegaBigPower.com.xml b/src/chrome/content/rules/MegaBigPower.com.xml
new file mode 100644
index 000000000000..bd43b6791c0f
--- /dev/null
+++ b/src/chrome/content/rules/MegaBigPower.com.xml
@@ -0,0 +1,22 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://megabigpower.com/ => https://megabigpower.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.megabigpower.com/ => https://www.megabigpower.com/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="MegaBigPower.com" default_off="failed ruleset test">
+
+	<target host="megabigpower.com" />
+	<target host="www.megabigpower.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?megabigpower\.com$" name="^(PHPSESSID|wordpress_test_cookie)$" /-->
+	<securecookie host="^(?:www\.)?megabigpower\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MegaFon.xml b/src/chrome/content/rules/MegaFon.xml
index d8172029230c..e92a0b99051f 100644
--- a/src/chrome/content/rules/MegaFon.xml
+++ b/src/chrome/content/rules/MegaFon.xml
@@ -22,10 +22,10 @@
 	<securecookie host="^.+\.megafon\.ru$" name=".+" />
 
 
-	<rule from="^https?://megafon\.ru/"
+	<rule from="^http://megafon\.ru/"
 		to="https://www.megafon.ru/" />
 
 	<rule from="^http://(cdnmf11|corp|english|m|sg|static\d|www)\.megafon\.ru/"
 		to="https://$1.megafon.ru/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MegaGames.com.xml b/src/chrome/content/rules/MegaGames.com.xml
new file mode 100644
index 000000000000..8d8c076fe4cf
--- /dev/null
+++ b/src/chrome/content/rules/MegaGames.com.xml
@@ -0,0 +1,16 @@
+<!--
+	Incomplete certificate chain:
+		- downloads
+
+	Mismatched (CN: b.oath.com):
+		- b
+-->
+
+<ruleset name="MegaGames.com">
+	<target host="megagames.com" />
+	<target host="www.megagames.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MegaGlest.org.xml b/src/chrome/content/rules/MegaGlest.org.xml
new file mode 100644
index 000000000000..f9ec4fbb6c42
--- /dev/null
+++ b/src/chrome/content/rules/MegaGlest.org.xml
@@ -0,0 +1,27 @@
+<!--
+	Invalid certificate:
+		getdeb.megaglest.org
+		snapshots.megaglest.org
+		softcoder.megaglest.org
+
+	Secure connection failed:
+		changelog.megaglest.org
+		faq.megaglest.org
+		paste.megaglest.org
+		readme.megaglest.org
+		transifex.megaglest.org
+		wiki.megaglest.org
+
+-->
+<ruleset name="MegaGlest.org">
+	<target host="megaglest.org" />
+	<target host="www.megaglest.org" />
+	<target host="archer.megaglest.org" />
+	<target host="ci.megaglest.org" />
+	<target host="docs.megaglest.org" />
+	<target host="filux.megaglest.org" />
+	<target host="forum.megaglest.org" />
+	<target host="titi.megaglest.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MegaPath-expired.xml b/src/chrome/content/rules/MegaPath-expired.xml
deleted file mode 100644
index b323c31f1adc..000000000000
--- a/src/chrome/content/rules/MegaPath-expired.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--	See MegaPath.xml also
--->
-<ruleset name="MegaPath (expired)" default_off="expired">
-
-	<target host="covad.com"/>
-	<target host="resource.covad.com"/>
-	<target host="www.covad.com"/>
-	<target host="covad.net"/>
-	<target host="www.covad.net"/>
-
-	<rule from="^http://resource\.covad\.com/"
-		to="https://resource.covad.com/"/>
-
-	<rule from="^http://(?:www\.)?covad\.(?:com|net)/"
-		to="https://www.covad.com/"/>
-
-	<securecookie host="^resource\.covad\.net/" name=".*"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/MegaPath.xml b/src/chrome/content/rules/MegaPath.xml
index 4e15290cd468..5ab459f98beb 100644
--- a/src/chrome/content/rules/MegaPath.xml
+++ b/src/chrome/content/rules/MegaPath.xml
@@ -1,35 +1,90 @@
-<!--	See MegaPath-expired.xml also
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://vp1-voiceportal.megapath.com/Login/ => https://vp1-voiceportal.megapath.com/Login/: (51, "SSL: no alternative certificate subject name matches target host name 'vp1-voiceportal.megapath.com'")
+
+	Other MegaPath rulesets:
+
+		- Speakeasy.net.xml
+
+
+	Nonfunctional hosts in *megapath.com:
+
+		- pontus ʳ
+
+	ʳ Refused
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .megapath.com
+		- extranet.megapath.com
+		- my.megapath.com
+		- www.megapath.com
+
 -->
-<ruleset name="MegaPath (partial)" platform="mixedcontent">
+<ruleset name="MegaPath.com (partial)" default_off="failed ruleset test">
 
-	<target host="dashboard.covad.com"/>
-	<target host="my.covad.com"/>
-	<target host="support.covad.com"/>
-		<exclusion pattern="^http://support\.covad\.com/export/"/>
 	<target host="megapath.com"/>
+	<target host="extranet.megapath.com"/>
+	<target host="my.megapath.com"/>
+	<target host="voice.megapath.com"/>
 	<target host="vp1-voiceportal.megapath.com"/>
 	<target host="www.megapath.com"/>
-	<target host="connect.megapathwholesale.com"/>
-	<target host="speakeasy.net"/>
-	<target host="*.speakeasy.net"/>
 
-	<rule from="^http://(dashboard|my|support)\.covad\.com/"
-		to="https://$1.covad.com/"/>
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://voice\.megapath\.com/(?:$|Error/invalidWebClient\.jsp)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://voice\.megapath\.com/(?!Login/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://voice.megapath.com/Error/invalidWebClient.jsp" />
+
+			<!--	-ve:
+					-->
+			<test url="http://voice.megapath.com/Login/" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://vp1-voiceportal\.megapath\.com/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://vp1-voiceportal\.megapath\.com/(?!Login/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://vp1-voiceportal.megapath.com/Error/invalidWebClient.jsp" />
+
+			<!--	-ve:
+					-->
+			<test url="http://vp1-voiceportal.megapath.com/Login/" />
+
+		<!--	Formerly redirected to http:
+							-->
+		<test url="http://www.megapath.com/about/" />
+		<test url="http://www.megapath.com/data/" />
+		<test url="http://www.megapath.com/partners/" />
+		<test url="http://www.megapath.com/sitemap/" />
+		<test url="http://www.megapath.com/support/login/" />
 
-	<rule from="^http://(?:www\.)?megapath\.com/"
-		to="https://www.megapath.com/"/>
 
-	<rule from="^http://vp1-voiceportal\.megapath\.com/"
-		to="https://vp1-voiceportal.megapath.com/Login/"/>
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.megapath\.com$" name="^(?:cfid|cftoken)$" /-->
+	<!--securecookie host="^events\.megapath\.com$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^my\.megapath\.com$" name="^(?:CF_COOKIE_SUPPORT|GUEST_LANGUAGE_ID|JSESSIONID)$" /-->
+	<!--securecookie host="^www\.megapath\.com$" name="^(?:CF_SESSION_\W+|MOBILEFORMAT|ORIGINALURLTOKEN|REFERRINGURL|SITEENTRYURL|VISITORID)$" /-->
 
-	<rule from="^http://connect\.megapathwholesale\.com/"
-		to="https://connect.megapathwholesale.com/"/>
+	<securecookie host="^\." name="^_gat?$" />
+	<securecookie host="^(?:events|my|www)\.megapath\.com$" name=".+" />
 
-	<rule from="^http://(?:www\.)?speakeasy\.net/"
-		to="https://speakeasy.net/"/>
 
-	<securecookie host="^my\.covad\.com$" name=".*"/>
-	<securecookie host="^(vp1-voiceportal|www)\.megapath\.com$" name=".*"/>
-	<securecookie host="^(www)?\.?speakeasy\.net$" name=".*"/>
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/MegaPath_Wholesale.com.xml b/src/chrome/content/rules/MegaPath_Wholesale.com.xml
new file mode 100644
index 000000000000..dc97ac3fb284
--- /dev/null
+++ b/src/chrome/content/rules/MegaPath_Wholesale.com.xml
@@ -0,0 +1,30 @@
+<!--
+	For other Global Capacity coverage, see Global_Capacity.com.xml.
+
+
+	(www.)?megapathwholesale.com: Self-signed
+
+
+	Mixed content:
+
+		- css on ^ from fonts.googleapis.com ¹
+		- favicon on ^ from globalcapacity.com ²
+		- Bug on ^ from c.staticounter.com ¹
+
+	¹ Secured by us
+	² Not secured by us <= expired & self-signed
+
+-->
+<ruleset name="MegaPath Wholesale.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<!--target host="megapathwholesale.com"/-->
+	<target host="connect.megapathwholesale.com"/>
+	<!--target host="www.megapathwholesale.com"/-->
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MegaStock.ru.xml b/src/chrome/content/rules/MegaStock.ru.xml
new file mode 100644
index 000000000000..007d9c259114
--- /dev/null
+++ b/src/chrome/content/rules/MegaStock.ru.xml
@@ -0,0 +1,12 @@
+<!--
+	For other WebMoney coverage, see WebMoney.xml.
+-->
+<ruleset name="MegaStock.ru">
+
+	<target host="megastock.ru" />
+	<target host="www.megastock.ru" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MegaStock.xml b/src/chrome/content/rules/MegaStock.xml
deleted file mode 100644
index fc6e18660767..000000000000
--- a/src/chrome/content/rules/MegaStock.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	For other WebMoney coverage, see WebMoney.xml.
-
-
-	- !www: cert only matches www
-	- Some pages redirect to http
-
--->
-<ruleset name="MegaStock (partial)" default_off="self-signed">
-
-	<target host="megastock.ru" />
-	<target host="www.megastock.ru" />
-
-
-	<rule from="^http://(?:www\.)?megastock\.ru/(css/|icon.ashx|Images/|scripts/|WebResource\.axd)"
-		to="https://www.megastock.ru/$1" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Mega_Youtube_Views.xml b/src/chrome/content/rules/Mega_Youtube_Views.xml
deleted file mode 100644
index 5accc65749e1..000000000000
--- a/src/chrome/content/rules/Mega_Youtube_Views.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Mega Youtube Views">
-
-	<target host="megayoutubeviews.com" />
-	<target host="www.megayoutubeviews.com" />
-
-
-	<securecookie host="^(?:www\.)?megayoutubeviews\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?megayoutubeviews\.com/"
-		to="https://$1megayoutubeviews.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Megabus.com.xml b/src/chrome/content/rules/Megabus.com.xml
new file mode 100644
index 000000000000..ddeb870435bf
--- /dev/null
+++ b/src/chrome/content/rules/Megabus.com.xml
@@ -0,0 +1,29 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://megabusgold.com/ => https://megabusgold.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.megabusgold.com/ => https://www.megabusgold.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	Nonfunctional domains:
+		festivals.megabus.com (wrong domain for certificate)
+-->
+<ruleset name="Megabus" default_off="failed ruleset test">
+	<target host="megabus.com" />
+	<target host="www.megabus.com" />
+	<target host="ca.megabus.com" />
+	<target host="caeu.megabus.com" />
+	<target host="deeu.megabus.com" />
+	<target host="eseu.megabus.com" />
+	<target host="esus.megabus.com" />
+	<target host="frca.megabus.com" />
+	<target host="freu.megabus.com" />
+	<target host="iteu.megabus.com" />
+	<target host="nleu.megabus.com" />
+	<target host="uk.megabus.com" />
+	<target host="us.megabus.com" />
+
+	<target host="megabusgold.com" />
+	<target host="www.megabusgold.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MegiTeam.pl.xml b/src/chrome/content/rules/MegiTeam.pl.xml
new file mode 100644
index 000000000000..cda08a94474a
--- /dev/null
+++ b/src/chrome/content/rules/MegiTeam.pl.xml
@@ -0,0 +1,43 @@
+<!--
+	^megiteam.pl: Expired
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.megiteam.pl
+
+
+	Mixed content:
+
+		- css on www from fonts.googleapis.com *
+		- css on www from $self *
+		- Images on www from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="MegiTeam.pl (false MCB)" platform="mixedcontent">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.megiteam.pl" />
+
+	<!--	Complications:
+				-->
+	<target host="megiteam.pl" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.megiteam\.pl$" name="^(?:_icl_current_language|PHPSESSID)$" /-->
+
+	<securecookie host="^www\.megiteam\.pl$" name=".+" />
+
+
+	<rule from="^http://megiteam\.pl/"
+		to="https://www.megiteam.pl/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mehring.com.xml b/src/chrome/content/rules/Mehring.com.xml
new file mode 100644
index 000000000000..b28b8081125f
--- /dev/null
+++ b/src/chrome/content/rules/Mehring.com.xml
@@ -0,0 +1,16 @@
+<!--
+	NB: This website blocks Tor users
+
+-->
+<ruleset name="Mehring.com" default_off="needs clearnet testing">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="mehring.com" />
+	<target host="www.mehring.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MeiPian.xml b/src/chrome/content/rules/MeiPian.xml
new file mode 100644
index 000000000000..a83df1b535d1
--- /dev/null
+++ b/src/chrome/content/rules/MeiPian.xml
@@ -0,0 +1,19 @@
+<!--
+	Invalid certificate:
+		download.meipian.cn
+		verify.meipian.cn
+
+		^meipian.me
+		editor.meipian.me
+-->
+<ruleset name="MeiPian (partial)">
+	<target host="meipian.cn" />
+	<target host="www.meipian.cn" />
+	<target host="a.meipian.cn" />
+
+	<target host="www.meipian.me" />
+	<target host="a.meipian.me" />
+	<target host="ss2.meipian.me" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MeiTuan.com.xml b/src/chrome/content/rules/MeiTuan.com.xml
new file mode 100644
index 000000000000..4c9be83c2210
--- /dev/null
+++ b/src/chrome/content/rules/MeiTuan.com.xml
@@ -0,0 +1,35 @@
+<!--
+	Related:
+		MeiTuan.net.xml
+
+	Cities:
+		There are more and more cities: https://www.meituan.com/changecity/
+		While this ruleset be created on 28 May 2016, there were 886 cities.
+		On 20 Feb 2017, the number is 964.
+		On 13 June 2020, the number is more than 1k.
+		We get error from travis: “The job exceeded the maximum time limit for jobs, and has been terminated.”
+		To fix this issue, maybe exclusion is the best choise.
+		Maybe we need strict regex ^http://(\w+)\.meituan\.com/ to avoid redirects on 4th level subdomains (*.*.meituan.com)
+
+	Invalid cert:
+		api.mobile.meituan.com
+-->
+<ruleset name="MeiTuan.com">
+	<target host="meituan.com"/>
+	<target host="*.meituan.com"/>
+
+	<exclusion pattern="^http://api\.mobile\.meituan\.com/" />
+		<test url="http://api.mobile.meituan.com/" />
+
+	<rule from="^http:" to="https:" />
+		<test url="http://bj.meituan.com/" />
+		<test url="http://sh.meituan.com/" />
+		<test url="http://gz.meituan.com/" />
+		<test url="http://sz.meituan.com/" />
+
+		<test url="http://i.meituan.com/mobile/down/meituan" />
+		<test url="http://s1.meituan.com/bs/js/?f=mta-js:mta.min.js" />
+		<test url="http://tech.meituan.com/" />
+		<test url="http://union.meituan.com/" />
+		<test url="http://kaidian.waimai.meituan.com/open_store/pclogin" />
+</ruleset>
diff --git a/src/chrome/content/rules/MeiTuan.net.xml b/src/chrome/content/rules/MeiTuan.net.xml
new file mode 100644
index 000000000000..ae11553b0af2
--- /dev/null
+++ b/src/chrome/content/rules/MeiTuan.net.xml
@@ -0,0 +1,25 @@
+<!--
+	Related:
+		MeiTuan.com.xml
+
+	Invalid cert:
+		^meituan.net
+		www.meituan.net
+		freb.meituan.net
+-->
+<ruleset name="MeiTuan.net">
+	<target host="frep.meituan.net"/>
+	<target host="ms0.meituan.net"/>
+	<target host="ms1.meituan.net"/>
+	<target host="p0.meituan.net"/>
+	<target host="p1.meituan.net"/>
+	<target host="s0.meituan.net"/>
+	<target host="s1.meituan.net"/>
+	<target host="s3.meituan.net"/>
+		<test url="http://s3.meituan.net/v1/mss_b26ab1d1472a43d5ba1a45188d68470a/mtfe-palette/ecom-icons.css" />
+	<target host="v.meituan.net"/>
+		<test url="http://v.meituan.net/mobile/app/Android/group-472_3-meituan_.apk" />
+	<target host="xs01.meituan.net"/>
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MeinFernbus.xml b/src/chrome/content/rules/MeinFernbus.xml
new file mode 100644
index 000000000000..366c31570ab8
--- /dev/null
+++ b/src/chrome/content/rules/MeinFernbus.xml
@@ -0,0 +1,39 @@
+<!--
+
+	Nonfunctional directory:
+		- en
+		- kundenservice
+		- ueber-uns
+		- presse
+		- staedte
+
+	Nonfunctional page:
+		- *.html
+		- seitenuebersicht
+
+-->
+
+<ruleset name="Meinfernbus.de (partial)">
+    <target host="meinfernbus.de" />
+    <target host="www.meinfernbus.de" />
+
+	<!-- Redirects to http: -->
+	<exclusion pattern="^http://meinfernbus\.de/(((kundenservice|ueber-uns|presse|staedte)/)|((agb|datenschutz|impressum|nutzungsbedingungen)\.html)|seitenuebersicht)" />
+
+	<test url="http://meinfernbus.de/kundenservice/" />
+	<test url="http://meinfernbus.de/ueber-uns/" />
+	<test url="http://meinfernbus.de/presse/" />
+	<test url="http://meinfernbus.de/staedte/" />
+	<test url="http://meinfernbus.de/agb.html" />
+	<test url="http://meinfernbus.de/datenschutz.html" />
+	<test url="http://meinfernbus.de/impressum.html" />
+	<test url="http://meinfernbus.de/nutzungsbedingungen.html" />
+	<test url="http://meinfernbus.de/seitenuebersicht" />
+
+	<!-- excludes /en directory except /en/rebooking/ -->
+	<exclusion pattern="^http://meinfernbus\.de/en(?!/rebooking)" />
+
+	<test url="http://meinfernbus.de/en" />
+
+    <rule from="^http://(?:www\.)?meinfernbus\.de/" to="https://meinfernbus.de/" />
+</ruleset>
diff --git a/src/chrome/content/rules/MeinVZ.xml b/src/chrome/content/rules/MeinVZ.xml
index 9ad6ace9292b..1c51e745846c 100644
--- a/src/chrome/content/rules/MeinVZ.xml
+++ b/src/chrome/content/rules/MeinVZ.xml
@@ -1,5 +1,5 @@
 <ruleset name="meinVZ" default_off="Certificate mismatch">
   <target host="www.meinvz.net" />
 
-  <rule from="^http://www\.meinvz\.net/" to="https://www.meinvz.net/"/>
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Mekanist.xml b/src/chrome/content/rules/Mekanist.xml
index dbd6bfe1f494..252ad3867a4c 100644
--- a/src/chrome/content/rules/Mekanist.xml
+++ b/src/chrome/content/rules/Mekanist.xml
@@ -1,8 +1,15 @@
-<ruleset name="Mekanist">
-  <target host="www.mekanist.net" />
-  <target host="mekanist.net" />
-
-  <securecookie host="^www\.mekanist\.net$" name=".*" />
-
-  <rule from="^http://(www\.)?mekanist\.net/" to="https://www.mekanist.net/" />
-</ruleset>
\ No newline at end of file
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.mekanist.net/ => https://www.mekanist.net/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://mekanist.net/ => https://www.mekanist.net/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="Mekanist" default_off="failed ruleset test">
+  <target host="www.mekanist.net" />
+  <target host="mekanist.net" />
+
+  <securecookie host="^www\.mekanist\.net$" name=".+" />
+
+  <rule from="^http://(?:www\.)?mekanist\.net/" to="https://www.mekanist.net/" />
+</ruleset>
diff --git a/src/chrome/content/rules/Melbourne-Aquarium.xml b/src/chrome/content/rules/Melbourne-Aquarium.xml
new file mode 100644
index 000000000000..a86f0b585f02
--- /dev/null
+++ b/src/chrome/content/rules/Melbourne-Aquarium.xml
@@ -0,0 +1,16 @@
+<!--
+	For other Merlin Entertainments coverage, see Merlin-Entertainments.xml.
+
+	Nonfunctional subdomains:
+		- calendar		(cert mismatch)
+-->
+<ruleset name="Melbourne Aquarium">
+	<target host="melbourneaquarium.com.au" />
+	<target host="m.melbourneaquarium.com.au" />
+	<target host="www.melbourneaquarium.com.au" />
+
+	<securecookie host=".*\.melbourneaquarium\.com\.au$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Meldium.com.xml b/src/chrome/content/rules/Meldium.com.xml
new file mode 100644
index 000000000000..32b5a838f93a
--- /dev/null
+++ b/src/chrome/content/rules/Meldium.com.xml
@@ -0,0 +1,31 @@
+<!--
+	For other LogMeIn coverage, see LogMeIn_Inc.com.xml.
+
+
+	CDN buckets:
+
+		- d2jv40ttku95za.cloudfront.net
+
+
+	^meldium.com: Dropped
+
+-->
+<ruleset name="Meldium.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="soak.meldium.com" />
+	<target host="www.meldium.com" />
+
+	<!--	Complications:
+				-->
+	<target host="meldium.com" />
+
+
+	<rule from="^http://meldium\.com/"
+		to="https://www.meldium.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Melectronics.ch.xml b/src/chrome/content/rules/Melectronics.ch.xml
new file mode 100644
index 000000000000..06970412de96
--- /dev/null
+++ b/src/chrome/content/rules/Melectronics.ch.xml
@@ -0,0 +1,14 @@
+<!--
+	For other Migros coverage, see Migros.xml.
+
+	Mismatch:
+		- ^melectronics.ch
+-->
+<ruleset name="Melectronics.ch">
+	<target host="melectronics.ch" />
+	<target host="www.melectronics.ch" />
+
+	<rule from="^http://melectronics\.ch/"
+		to="https://www.melectronics.ch/"/>
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mellanox-problematic.xml b/src/chrome/content/rules/Mellanox-problematic.xml
index e0dd97cd7ca4..856dd35adf5d 100644
--- a/src/chrome/content/rules/Mellanox-problematic.xml
+++ b/src/chrome/content/rules/Mellanox-problematic.xml
@@ -11,10 +11,9 @@
 		<exclusion pattern="^http://calc\.mellanox\.com/(?:$|\?)" />
 
 
-	<securecookie host="^calc\.mellanox\.com$" name=".*" />
+	<securecookie host="^calc\.mellanox\.com$" name=".+" />
 
 
-	<rule from="^http://calc\.mellanox\.com/"
-		to="https://calc.mellanox.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Mellanox.xml b/src/chrome/content/rules/Mellanox.xml
index 79e3ff0eb2e8..ee3c77b63def 100644
--- a/src/chrome/content/rules/Mellanox.xml
+++ b/src/chrome/content/rules/Mellanox.xml
@@ -4,7 +4,11 @@
 
 	Nonfunctional subdomains:
 
+		- community ¹
 		- ir		(cert: *.shareholder.com; "Directory Listing Denied")
+		- support ¹
+
+	¹ Refused
 
 
 	Problematic subdomains:
@@ -20,6 +24,7 @@
 	Fully covered subdomains:
 
 		- (www.)	(^ → www)
+		- (www.)partners
 
 -->
 <ruleset name="Mellanox (partial)">
@@ -28,7 +33,12 @@
 	<target host="*.mellanox.com" />
 
 
-	<securecookie host="^www\.mellanox\.com$" name=".+" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?mellanox\.com$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^(www\.)?partners\.mellanox\.com$" name="^BIGipServerHTTP_Pool$" /-->
+
+	<securecookie host="^(?:(?:www\.)?partners\.|www\.)?mellanox\.com$" name=".+" />
 
 
 	<!--	^ redirects to www over http,
@@ -40,4 +50,7 @@
 	<rule from="^http://calc\.mellanox\.com/(?:\?.*)?$"
 		to="https://www.mellanox.com/" />
 
+	<rule from="^http://(www\.)?partners\.mellanox\.com/"
+		to="https://$1partners.mellanox.com/" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/Melonbooks.co.jp.xml b/src/chrome/content/rules/Melonbooks.co.jp.xml
new file mode 100644
index 000000000000..02fafed3f6ae
--- /dev/null
+++ b/src/chrome/content/rules/Melonbooks.co.jp.xml
@@ -0,0 +1,52 @@
+<!--
+	Non-functional hosts:
+		Certificate mismatch:
+			- admin.melonbooks.co.jp
+			- cl.melonbooks.co.jp
+			- cts1.melonbooks.co.jp
+			- img.melonbooks.co.jp
+			- main.melonbooks.co.jp
+			- web01.melonbooks.co.jp
+			- web02.melonbooks.co.jp
+			- web03.melonbooks.co.jp
+			- web04.melonbooks.co.jp
+			- web05.melonbooks.co.jp
+			- web06.melonbooks.co.jp
+			- web07.melonbooks.co.jp
+			- web08.melonbooks.co.jp
+			- web09.melonbooks.co.jp
+			- web10.melonbooks.co.jp
+
+		Self-signed certificate:
+			- melonbooks.co.jp
+
+		Timeout:
+			- shop.melonbooks.co.jp
+
+		Unable to connect:
+			- smtp2.melonbooks.co.jp
+
+		403 Forbidden:
+			- admin-circle.melonbooks.co.jp
+
+		404 Not Found:
+			- circle-demo.melonbooks.co.jp
+-->
+<ruleset name="Melonbooks.co.jp">
+	<target host="melonbooks.co.jp" />
+	<target host="cdn.melonbooks.co.jp" />
+	<target host="circle.melonbooks.co.jp" />
+	<target host="touroku.melonbooks.co.jp" />
+	<target host="www.melonbooks.co.jp" />
+
+	<test url="http://cdn.melonbooks.co.jp/user_data/packages/default/css/layouts.css" />
+	<test url="http://touroku.melonbooks.co.jp/pointcard_entry.php" />
+
+	<securecookie host="melonbooks\.co\.jp$" name=".+" />
+
+	<rule from="^http://melonbooks\.co\.jp/"
+			to="https://www.melonbooks.co.jp/" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Melpa.org.xml b/src/chrome/content/rules/Melpa.org.xml
new file mode 100644
index 000000000000..6679a74737f5
--- /dev/null
+++ b/src/chrome/content/rules/Melpa.org.xml
@@ -0,0 +1,19 @@
+<!--
+	Scripts for building Emacs packages from Version Control
+	https://github.com/melpa/melpa
+
+	Invalid certificate:
+		beta.melpa.org
+		elpa.melpa.org
+		www.stable.melpa.org/
+
+-->
+<ruleset name="melpa.org">
+
+	<target host="melpa.org" />
+	<target host="www.melpa.org" />
+	<target host="stable.melpa.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Meltdownattack.com.xml b/src/chrome/content/rules/Meltdownattack.com.xml
new file mode 100644
index 000000000000..fb2aa94a0af3
--- /dev/null
+++ b/src/chrome/content/rules/Meltdownattack.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="Meltdownattack.com">
+	<target host="meltdownattack.com" />
+	<target host="www.meltdownattack.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Meltin.net.xml b/src/chrome/content/rules/Meltin.net.xml
new file mode 100644
index 000000000000..b769714d17f6
--- /dev/null
+++ b/src/chrome/content/rules/Meltin.net.xml
@@ -0,0 +1,19 @@
+<!--
+	Nonfunctional subdomains:
+
+		- martin *
+		- studios *
+
+	* Shows ozlabs.org; mismatched, CN: ozlabs.org
+
+-->
+<ruleset name="Meltin.net (partial)">
+
+	<target host="meltin.net" />
+	<target host="www.meltin.net" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Meltwater-News.xml b/src/chrome/content/rules/Meltwater-News.xml
index b7e4adf405ca..149432b38238 100644
--- a/src/chrome/content/rules/Meltwater-News.xml
+++ b/src/chrome/content/rules/Meltwater-News.xml
@@ -1,29 +1,46 @@
 <!--
 	These guys are included from some of the UN sites.
 
+
+	(www.)?meltwater.com: works; self-signed, CN: mw-mktg-prod-web01
+
+
+	These altnames don't exist:
+
+		- www.service.meltwaternews.com
+
+
+	Insecure cookies are set for these domains:
+
+		- service
+
 -->
 <ruleset name="Meltwater News">
 
-	<target host="meltwater.com" />
-	<target host="www.meltwater.com" />
+	<!--target host="meltwater.com" /-->
+	<!--target host="www.meltwater.com" /-->
 	<target host="meltwaternews.com" />
-	<target host="*.meltwaternews.com" />
+	<target host="service.meltwaternews.com" />
+	<target host="www.meltwaternews.com" />
+
 
-	<!--	Observed cookie domains:
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^service\.meltwaternews\.com$" name="^(JSESSIONID|mag-mnews2app)$" /-->
+	<!--
+		Observed cookie domains:
 
 			- ^/
 			- service
 			- ^www
 				-->
-	<securecookie host="^(.*\.)?meltwaternews\.com$" name=".*" />
+	<securecookie host=".+" name=".+" />
 
 
-	<!--	!www doesn't work.	-->
-	<rule from="^http://(?:www\.)?meltwater\.com/"
-		to="https://www.meltwater.com/" />
+	<!--rule from="^http://(?:www\.)?meltwater\.com/"
+		to="https://www.meltwater.com/" /-->
 
-	<rule from="^http://(service\.|www\.)?meltwaternews\.com/"
-		to="https://$1meltwaternews.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
 
diff --git a/src/chrome/content/rules/MemberCentral.xml b/src/chrome/content/rules/MemberCentral.xml
index 0400b95376e6..aabf9f7480b4 100644
--- a/src/chrome/content/rules/MemberCentral.xml
+++ b/src/chrome/content/rules/MemberCentral.xml
@@ -7,7 +7,6 @@
 	<securecookie host="^(?:www\.)?membercentral\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?membercentral\.com/"
-		to="https://$1membercentral.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MemberClicks.com.xml b/src/chrome/content/rules/MemberClicks.com.xml
new file mode 100644
index 000000000000..02f819548700
--- /dev/null
+++ b/src/chrome/content/rules/MemberClicks.com.xml
@@ -0,0 +1,49 @@
+<!--
+	Other MemberClicks rulesets:
+
+		- MemberClicks.net.xml
+
+
+	CDN buckets:
+
+		- 161031.group31.sites.hubspot.net
+
+			- blog
+			- www
+
+
+	Problematic subdomains:
+
+		- ^ ¹
+		- blog ²
+		- www ²
+
+	¹ Refused
+	² Works, akamai
+
+
+	These altnames don't exist:
+
+		- www.data.memberclicks.com
+
+
+	Mixed content:
+
+		- css on www from fonts.googleapis.com *
+
+		- Images on www from static.hubspot.com *
+
+		- favicons on blog and www from cdn1.hubspot.com *
+
+	* Secured by us
+
+-->
+<ruleset name="MemberClicks.com (partial)">
+
+	<target host="data.memberclicks.com" />
+	<target host="help.memberclicks.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MemberClicks.net.xml b/src/chrome/content/rules/MemberClicks.net.xml
new file mode 100644
index 000000000000..394ce56cb099
--- /dev/null
+++ b/src/chrome/content/rules/MemberClicks.net.xml
@@ -0,0 +1,21 @@
+<!--
+	For other MemberClicks coverage, see MemberClicks.com.xml.
+
+-->
+<ruleset name="MemberClicks.net">
+
+	<target host="memberclicks.net" />
+	<target host="*.memberclicks.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^client_domain\.memberclicks\.net$" name="^([0-9a-f]{32}|Login|ZDEDebuggerPresent|serviceID))" /-->
+
+	<securecookie host="^[\w-]+\.memberclicks\.net$" name=".+" />
+
+
+	<rule from="^http://([\w-]+\.)?memberclicks\.net/"
+		to="https://$1memberclicks.net/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Memberdirect.net.xml b/src/chrome/content/rules/Memberdirect.net.xml
new file mode 100644
index 000000000000..42c9b7e21975
--- /dev/null
+++ b/src/chrome/content/rules/Memberdirect.net.xml
@@ -0,0 +1,41 @@
+<!--
+	Invalid certificates:
+		- ac2.memberdirect.net
+		- onlinebanking.memberdirect.net
+
+	Refused:
+		- error.memberdirect.net
+
+	Timeout:
+		- memberdirect.net
+-->
+
+<ruleset name="Memberdirect.net">
+	<target host="ac1.memberdirect.net" />
+	<target host="bua.memberdirect.net" />
+		<test url="http://bua.memberdirect.net/business/info_help.jsp?inst=/bus/sk/conexus&amp;app=Business&amp;usecase=Biometric" />
+	<target host="bua-qa.memberdirect.net" />
+		<test url="http://bua-qa.memberdirect.net/business/info_privacy.jsp?inst=/bus/bc/coast/" />
+	<target host="business.memberdirect.net" />
+		<test url="http://business.memberdirect.net/business/info_privacy.jsp?inst=/bus/bc/coast/" />
+	<target host="business-qa.memberdirect.net" />
+		<test url="http://business-qa.memberdirect.net/business/info_secure.jsp?inst=/bus/bc/vancity/bus" />
+	<target host="cms.memberdirect.net" />
+	<target host="epostctfs.memberdirect.net" />
+	<target host="monitor-internet.memberdirect.net" />
+	<target host="monitor-lb.memberdirect.net" />
+	<target host="finapp.pfm.memberdirect.net" />
+	<target host="finapp.pfm-dev.memberdirect.net" />
+	<target host="sys-prod.memberdirect.net" />
+	<target host="training.memberdirect.net" />
+	<target host="vancity-test.memberdirect.net" />
+	<target host="www6.memberdirect.net" />
+		<test url="http://www6.memberdirect.net/brand/bc_khalsa/OnlineBanking/Accounts/" />
+	<target host="monitor.www6.memberdirect.net" />
+	<target host="www6p1.memberdirect.net" />
+	<target host="www6vdc.memberdirect.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Memberful.com.xml b/src/chrome/content/rules/Memberful.com.xml
new file mode 100644
index 000000000000..0b15b5080609
--- /dev/null
+++ b/src/chrome/content/rules/Memberful.com.xml
@@ -0,0 +1,18 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.memberful.com/ => https://www.memberful.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+-->
+<ruleset name="Memberful.com" default_off="failed ruleset test">
+
+	<target host="memberful.com" />
+	<target host="signup.memberful.com" />
+	<target host="stratechery.memberful.com" />
+	<target host="www.memberful.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Memberhealthplan.com.xml b/src/chrome/content/rules/Memberhealthplan.com.xml
new file mode 100644
index 000000000000..4d7a364154b3
--- /dev/null
+++ b/src/chrome/content/rules/Memberhealthplan.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Memberhealthplan.com">
+	<target host="memberhealthplan.com" />
+	<target host="www.memberhealthplan.com" />
+	<target host="edocs.memberhealthplan.com" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Membership_Rewards.com.xml b/src/chrome/content/rules/Membership_Rewards.com.xml
new file mode 100644
index 000000000000..c30dec5f10fa
--- /dev/null
+++ b/src/chrome/content/rules/Membership_Rewards.com.xml
@@ -0,0 +1,37 @@
+<!--
+	For other American Express coverage, see AmericanExpress.xml.
+
+
+	^membershiprewards.com: Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.membershiprewards.com
+
+-->
+<ruleset name="Membership Rewards.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.membershiprewards.com" />
+
+	<!--	Complications:
+				-->
+	<target host="membershiprewards.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.membershiprewards\.com$" name="^(ASP\.NET_SessionId|BIGipServerpool[\w-]+)$" /-->
+
+	<securecookie host="^www\.membershiprewards\.com$" name=".+" />
+
+
+	<rule from="^http://membershiprewards\.com/"
+		to="https://www.membershiprewards.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Memcached.org.xml b/src/chrome/content/rules/Memcached.org.xml
new file mode 100644
index 000000000000..d6aacf1d151c
--- /dev/null
+++ b/src/chrome/content/rules/Memcached.org.xml
@@ -0,0 +1,16 @@
+<!--
+	Nonfunctional hosts in *.memcached.org:
+		- build.memcached.org (r) (http lives on port 8010)
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Memcached.org">
+	<target host="memcached.org" />
+	<target host="www.memcached.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Meme_Center.xml b/src/chrome/content/rules/Meme_Center.xml
index ad733113c8d9..75e154f86d7f 100644
--- a/src/chrome/content/rules/Meme_Center.xml
+++ b/src/chrome/content/rules/Meme_Center.xml
@@ -6,18 +6,14 @@
 -->
 <ruleset name="Meme Center (partial)">
 
-	<target host="*.memecdn.com" />
+	<target host="scdn.memecdn.com" />
 	<target host="memecenter.com" />
-	<target host="*.memecenter.com" />
+	<target host="www.memecenter.com" />
 
 
 	<securecookie host="^\.memecenter\.com$" name=".+" />
 
 
-	<rule from="^http://(global3|scdn)\.memecdn\.com/"
-		to="https://$1.memecdn.com/" />
+	<rule from="^http:" to="https:" />
 
-	<rule from="^http://((?:ovh|red|rn|www|yntmeme)\.)?memecenter\.com/"
-		to="https://$1memecenter.com/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Memo.tv.xml b/src/chrome/content/rules/Memo.tv.xml
new file mode 100644
index 000000000000..e2816759f67e
--- /dev/null
+++ b/src/chrome/content/rules/Memo.tv.xml
@@ -0,0 +1,17 @@
+<!--
+	Mismatched:
+		- autoconfig
+		- autodiscover
+		- ftp
+
+	Connection closed:
+		- mail
+-->
+<ruleset name="Memo.tv">
+	<target host="memo.tv" />
+	<target host="www.memo.tv" />
+	<target host="wpmemo.memo.tv" />
+	<target host="www.wpmemo.memo.tv" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Memorial-University.xml b/src/chrome/content/rules/Memorial-University.xml
new file mode 100644
index 000000000000..d0a76b343cda
--- /dev/null
+++ b/src/chrome/content/rules/Memorial-University.xml
@@ -0,0 +1,33 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.cs.mun.ca/courses/ => https://www.cs.mun.ca/courses/: (60, 'SSL certificate problem: certificate has expired')
+
+	Problematic subdomains:
+
+		- www.ucs ¹
+
+	¹: Connection timeout
+-->
+<ruleset name="Memorial University" default_off="failed ruleset test">
+	<target host="*.mun.ca" />
+
+	<exclusion pattern="^http://www.ucs.mun.ca/" />
+
+	<securecookie host="^online\.mun\.ca$" name=".+" />
+
+	<test url="http://www.mun.ca/programs/" />
+	<test url="http://www.mun.ca/gazette/" />
+	<test url="http://www.cs.mun.ca/courses/" />
+	<test url="http://online.mun.ca/shared/D2LDocumentation/10/student/en/Dropbox.html" />
+	<test url="http://online.mun.ca/shared/D2LDocumentation/10/student/en.1.html" />
+	<test url="http://delts.mun.ca/" />
+	<test url="http://d2lservices.delts.mun.ca/copyrightnotice/notice.php" />
+
+	<rule from="^http://www\.([\w.-]+)?mun\.ca/"
+		to="https://www.$1mun.ca/" />
+	<rule from="^http://online\.mun\.ca/"
+		to="https://online.mun.ca/" />
+	<rule from="^http://([\w.-]+)?delts\.mun\.ca/"
+		to="https://$1delts.mun.ca/" />
+</ruleset>
diff --git a/src/chrome/content/rules/Memory-Alpha.xml b/src/chrome/content/rules/Memory-Alpha.xml
index 8ec1d611d5a1..3a084c78c848 100644
--- a/src/chrome/content/rules/Memory-Alpha.xml
+++ b/src/chrome/content/rules/Memory-Alpha.xml
@@ -19,16 +19,15 @@
 	little point in marking it as mixed.
 
 -->
-<ruleset name="Memory Alpha" default_off="mismatch">
+<ruleset name="Memory Alpha" default_off="mismatched">
 
 	<!--	Cert: *.a.ssl.fastly.net	-->
-	<target host="*.memory-alpha.org" />
+	<target host="en.memory-alpha.org" />
 
 
-	<securecookie host="^(?:en)?\.memory-alpha\.org$" name=".*" />
+	<securecookie host="^(?:en)?\.memory-alpha\.org$" name=".+" />
 
 
-	<rule from="^http://en\.memory-alpha\.org/"
-		to="https://en.memory-alpha.org/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Memorydealers.xml b/src/chrome/content/rules/Memorydealers.xml
deleted file mode 100644
index 96a601a27b6c..000000000000
--- a/src/chrome/content/rules/Memorydealers.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<ruleset name="Memorydealers" platform="mixedcontent">
-
-	<target host="memorydealers.com" />
-	<!--	* for cross-domain cookie.	-->
-	<target host="*.memorydealers.com" />
-
-
-	<securecookie host="^\.memorydealers\.com$" name=".*" />
-
-
-	<rule from="^http://(www\.)?memorydealers\.com/"
-		to="https://$1memorydealers.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/MemphisCourtside.xml b/src/chrome/content/rules/MemphisCourtside.xml
deleted file mode 100644
index 1892750439e9..000000000000
--- a/src/chrome/content/rules/MemphisCourtside.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="MemphisCourtside.com" default_off="expired, self-signed">
-
-	<target host="memphiscourtside.com" />
-	<target host="www.memphiscourtside.com" />
-
-
-	<securecookie host="^memphiscourtside.com$" name=".*" />
-
-
-	<rule from="^http://(?:www\.)?memphiscourtside\.com/"
-		to="https://memphiscourtside.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Memrise.xml b/src/chrome/content/rules/Memrise.xml
deleted file mode 100644
index 4c64fa360471..000000000000
--- a/src/chrome/content/rules/Memrise.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	CDN buckets:
-
-		- s3.amazonaws.com/static.memrise.com/ | d107cgb5lgj7br.cloudfront.net
-
-			- media.memrise.com
-			- static.memrise.com
-
-
-	Nonfunctional subdomains:
-
-		- (www.)	(no https)
-
--->
-<ruleset name="Memrise (partial)">
-
-	<target host="*.memrise.com" />
-
-
-	<rule from="^http://(?:media|static)\.memrise\.com/"
-		to="https://d107cgb5lgj7br.cloudfront.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Memset-self-signed.xml b/src/chrome/content/rules/Memset-self-signed.xml
deleted file mode 100644
index c3ab13993a36..000000000000
--- a/src/chrome/content/rules/Memset-self-signed.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<ruleset name="Memset (self-signed)" default_off="self-signed">
-
-	<target host="katescomment.com"/>
-	<target host="*.katescomment.com"/>
-
-	<securecookie host="^(.*\.)?katescomment\.com$" name=".*"/>
-
-	<rule from="^http://(?:www\.)?katescomment\.com/"
-		to="https://www.katescomment.com/"/>
-
-	<!--	doesn't work over https	-->
-	<rule from="^https?://cdn\.katescomment\.com/"
-		to="https://www.katescomment.com/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Memset.xml b/src/chrome/content/rules/Memset.xml
index e0fe518be0ad..192e719e0cf9 100644
--- a/src/chrome/content/rules/Memset.xml
+++ b/src/chrome/content/rules/Memset.xml
@@ -1,9 +1,27 @@
-<ruleset name="Memset">
+<!--
+	Other Memset rulesets:
+
+		- Kates_Comment.com.xml
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.memset.com
+
+-->
+<ruleset name="Memset.com">
 
 	<target host="memset.com"/>
 	<target host="*.memset.com"/>
 
-	<securecookie host="^(.*\.)?memset\.com$" name=".*"/>
+		<test url="http://status.memset.com/" />
+		<test url="http://www.memset.com/" />
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.memset\.com$" name="^(?:currency|navloggedin|visitorsession)$" /-->
+
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http://(\w+\.)?memset\.com/"
 		to="https://$1memset.com/"/>
diff --git a/src/chrome/content/rules/Memtest.org.xml b/src/chrome/content/rules/Memtest.org.xml
new file mode 100644
index 000000000000..bde759dfde10
--- /dev/null
+++ b/src/chrome/content/rules/Memtest.org.xml
@@ -0,0 +1,11 @@
+<!--
+	Mismatched:
+		- memtest.org
+-->
+<ruleset name="Memtest.org">
+	<target host="memtest.org" />
+	<target host="www.memtest.org" />
+
+	<rule from="^http://memtest\.org/" to="https://www.memtest.org/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mencap.org.uk.xml b/src/chrome/content/rules/Mencap.org.uk.xml
new file mode 100644
index 000000000000..3e6a40eb4495
--- /dev/null
+++ b/src/chrome/content/rules/Mencap.org.uk.xml
@@ -0,0 +1,90 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.tributefunds.mencap.org.uk/ => https://www.tributefunds.mencap.org.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'www.tributefunds.mencap.org.uk'")
+Fetch error: http://www.jobs.mencap.org.uk/ => https://www.jobs.mencap.org.uk/: (6, 'Could not resolve host: www.jobs.mencap.org.uk')
+
+	Nonfunctional hosts in *mencap.org.uk:
+
+		- mylife ᵈ
+		- snap ᵈ
+
+	ᵈ Dropped
+
+
+	Problematic hosts in *mencap.org.uk:
+
+		- old ᵀ
+
+	ᵀ Blocks Tor users
+
+
+	These altnames do not exist:
+
+		- www.jobs.mencap.org.uk
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- mencap.org.uk
+		- .donate.mencap.org.uk
+		- jobs.mencap.org.uk
+		- old.mencap.org.uk
+		- .old.mencap.org.uk
+		- www.mencap.org.uk
+		- yournetwork.mencap.org.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	STS header includes includeSubdomains
+	for ^, donate, www, yournetwork
+
+-->
+<ruleset name="Mencap.org.uk" default_off="failed ruleset test">
+
+	<target host="mencap.org.uk" />
+	<target host="*.mencap.org.uk" />
+
+		<!--	includeSubdomains applies to one level only, so:
+									-->
+		<exclusion pattern="^http://(?:(?!donate\.|www\.|yournetwork\.)(?:[^./]+\.){2,}|(?:[^./]+\.)+(?:donate|www|yournetwork)\.|mylife\.|snap\.|tributefunds\.)mencap\.org\.uk/" />
+
+			<!--	+ve:
+					-->
+			<test url="http://this.host.mencap.org.uk/" />
+			<test url="http://exists.not.mencap.org.uk/" />
+			<test url="http://really.host.mencap.org.uk/" />
+			<test url="http://honestly.not.mencap.org.uk/" />
+			<test url="http://this.host.donate.mencap.org.uk/" />
+			<test url="http://exists.not.donate.mencap.org.uk/" />
+			<test url="http://mylife.mencap.org.uk/" />
+			<test url="http://snap.mencap.org.uk/" />
+			<test url="http://tributefunds.mencap.org.uk/" />
+			<test url="http://www.tributefunds.mencap.org.uk/" />
+			<test url="http://this.host.www.mencap.org.uk/" />
+			<test url="http://exists.not.www.mencap.org.uk/" />
+			<test url="http://this.host.yournetwork.mencap.org.uk/" />
+			<test url="http://exists.not.yournetwork.mencap.org.uk/" />
+
+		<test url="http://donate.mencap.org.uk/" />
+		<test url="http://jobs.mencap.org.uk/" />
+		<test url="http://www.jobs.mencap.org.uk/" />
+		<test url="http://old.mencap.org.uk/" />
+		<test url="http://www.mencap.org.uk/" />
+		<test url="http://yournetwork.mencap.org.uk/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:old\.|yournetwork\.|www\.)?mencap\.org\.uk$" name="^SERVERID$" /-->
+	<!--securecookie host="^\.(?:donate|old)\.mencap\.org\.uk$" name="^SESS[\da-f]{32}$" /-->
+	<!--securecookie host="^jobs\.mencap\.org\.uk$" name="^CultureSystem(?:Cod|Languag)eID$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mendeley.com.xml b/src/chrome/content/rules/Mendeley.com.xml
new file mode 100644
index 000000000000..c318e7716308
--- /dev/null
+++ b/src/chrome/content/rules/Mendeley.com.xml
@@ -0,0 +1,42 @@
+<!--
+	Secure connection failed:
+		apidocs.mendeley.com
+
+	Time out:
+		dev.mendeley.com
+		gettingstarted.mendeley.com
+		online.mendeley.com
+
+	Invalid certificate:
+		cms.mendeley.com (broken chain)
+		community.mendeley.com (broken chain)
+		downtime.mendeley.com
+		feedback.mendeley.com
+		open.mendeley.com
+		static.blog.mendeley.com
+		support.mendeley.com
+
+
+	Refused:
+		csl.mendeley.com
+
+-->
+<ruleset name="Mendeley.com">
+
+	<target host="mendeley.com" />
+	<target host="www.mendeley.com" />
+	<target host="blog.mendeley.com" />
+	<target host="data.mendeley.com" />
+	<target host="download.mendeley.com" />
+	<target host="jobs.mendeley.com" />
+	<target host="photos.mendeley.com" />
+		<test url="http://photos.mendeley.com/02/1e/021eca8d8335e7b47708ac58719f6d43130d90ea-p256x256.jpg " />
+	<target host="recruiter.mendeley.com" />
+	<target host="resources.mendeley.com" />
+	<target host="static.mendeley.com" />
+		<test url="http://static.mendeley.com/bin/extensions/firefox/update.rdf" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mendeley.xml b/src/chrome/content/rules/Mendeley.xml
deleted file mode 100644
index fad638e75181..000000000000
--- a/src/chrome/content/rules/Mendeley.xml
+++ /dev/null
@@ -1,39 +0,0 @@
-<!--
-	d1rktifm8krpj.cloudfront.net/
-
-
-	Nonfunctional domains:
-
-		- apidocs.mendeley.com	(timeout)
-
--->
-<ruleset name="Mendeley (partial)">
-
-	<target host="*.mendeley.com" />
-	<!--
-		As of 2012-05-16, this has started redirecting back. :(
-
-		Note that all files are fetched from cloudfront anyway.
-
-	<target host="mendeley.com" />
-	<target host="ha3.www.mendeley.com" />
-
-
-	<rule from="^https?://(?:(?:ha3\.)?www\.)?mendeley\.com/"
-		to="https://d1rktifm8krpj.cloudfront.net/" />
-
-		Cert only matches (*.)mendeley.com	-->
-	<rule from="^https?://ha3\.www\.mendeley\.com/"
-		to="https://www.mendeley.com/" />
-
-	<rule from="^http://(www\.)?mendeley\.com/(jo|log)in/"
-		to="https://$1mendeley.com/$2in/" />
-
-	<!--	Looks like the 2012-05-11 change made this useless(?)
-	<rule from="^http://dev\.mendeley\.com/(applications/register/|forgot|graphics|join|login|styles)/"
-		to="https://dev.mendeley.com/$1/" /-->
-
-	<rule from="^https?://support\.mendeley\.com/(images/|track\.gif)"
-		to="https://mendeley.uservoice.com/$1" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Meningitis_Trust.xml b/src/chrome/content/rules/Meningitis_Trust.xml
deleted file mode 100644
index e0a8a6a0bceb..000000000000
--- a/src/chrome/content/rules/Meningitis_Trust.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- ^
-
-			- Refused
-			- redirects to easily.co.uk over http
-
-
-	Some pages redirect to http
-
--->
-<ruleset name="Meningitus Trust (partial)">
-
-	<target host="www.meningitis-trust.org" />
-
-
-	<rule from="^http://www\.meningitis-trust\.org/(blocks/|concrete/|favicon\.ico|files/|packages/|themes/)"
-		to="https://www.meningitis-trust.org/$1" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Mensa.org.uk.xml b/src/chrome/content/rules/Mensa.org.uk.xml
new file mode 100644
index 000000000000..17cd48eccae6
--- /dev/null
+++ b/src/chrome/content/rules/Mensa.org.uk.xml
@@ -0,0 +1,39 @@
+<ruleset name="Mensa.org.uk">
+	<!--
+	Ideally, the following six lines would be included in this
+	ruleset. Unfortunately, profile.mensa.org.uk has an
+	improperly configured certificate chain, and both
+	test.mensa.org.uk and test2.mensa.org.uk have certificates
+	that are not valid for test.mensa.org.uk or test2.mensa.org.uk
+	respectively. See:
+	https://github.com/EFForg/https-everywhere/issues/4948#issuecomment-222324457
+	https://github.com/EFForg/https-everywhere/pull/4953
+
+	<target host="test.mensa.org.uk" />
+	<target host="test2.mensa.org.uk" />
+	<target host="profile.mensa.org.uk" />
+	<securecookie host="^test\.mensa\.org\.uk$" name=".+" />
+	<securecookie host="^test2\.mensa\.org\.uk$" name=".+" />
+	<securecookie host="^profile\.mensa\.org\.uk$" name=".+" />
+
+	Other subdomains yet to be evaluated for inclusion into
+	HTTPS Everywhere:
+
+	autodiscover.mensa.org.uk
+	demon-gw.mensa.org.uk
+	localhost.mensa.org.uk
+	mailgate.mensa.org.uk
+	remote.mensa.org.uk
+	secure.mensa.org.uk
+	server.mensa.org.uk
+	uat.mensa.org.uk
+
+	-->
+	<target host="mensa.org.uk" />
+	<target host="www.mensa.org.uk" />
+
+	<rule from="^http:" to="https:" />
+
+	<securecookie host="^mensa\.org\.uk$" name=".+" />
+	<securecookie host="^www\.mensa\.org\.uk$" name=".+" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mensacard.de.xml b/src/chrome/content/rules/Mensacard.de.xml
new file mode 100644
index 000000000000..3062df5832fe
--- /dev/null
+++ b/src/chrome/content/rules/Mensacard.de.xml
@@ -0,0 +1,6 @@
+<ruleset name="Mensacard.de">
+	<target host="mensacard.de" />
+	<target host="www.mensacard.de" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mensaplan.de.xml b/src/chrome/content/rules/Mensaplan.de.xml
new file mode 100644
index 000000000000..d3be78a8bc74
--- /dev/null
+++ b/src/chrome/content/rules/Mensaplan.de.xml
@@ -0,0 +1,6 @@
+<ruleset name="Mensaplan.de">
+  <target host="mensaplan.de" />
+  <target host="www.mensaplan.de" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Menshealth.de.xml b/src/chrome/content/rules/Menshealth.de.xml
new file mode 100644
index 000000000000..1b252673566c
--- /dev/null
+++ b/src/chrome/content/rules/Menshealth.de.xml
@@ -0,0 +1,48 @@
+<!--
+	Content mismatch:
+		community.menshealth.de
+		images.menshealth.de
+		www2.menshealth.de
+
+	Invalid certificate:
+		editionshop.menshealth.de
+		www.editionshop.menshealth.de
+		lyncdiscover.menshealth.de
+		mail.menshealth.de
+		newsletter.menshealth.de
+		personaltrainer.menshealth.de
+		shop.menshealth.de
+		www.shop.menshealth.de
+		edition.shop.menshealth.de
+		track.menshealth.de
+		umfrage.menshealth.de
+
+	Not found:
+		arztauskunft.menshealth.de
+		dev.menshealth.de
+
+	Rejected:
+		abnehmcoach.menshealth.de
+		www.abnehmcoach.menshealth.de
+		bodycareshop.menshealth.de
+		rc.menshealth.de
+
+	Timeout:
+		fashionshop.menshealth.de
+-->
+<ruleset name="Menshealth.de">
+
+	<target host="menshealth.de" />
+	<target host="www.menshealth.de" />
+	<target host="camp.menshealth.de" />
+	<target host="charakterkoepfe.menshealth.de" />
+	<target host="cms.menshealth.de" />
+	<target host="coach.menshealth.de" />
+	<target host="forum.menshealth.de" />
+	<target host="m.menshealth.de" />
+	<target host="preview.menshealth.de" />
+	<target host="upload.menshealth.de" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mentalfloss.com.xml b/src/chrome/content/rules/Mentalfloss.com.xml
new file mode 100644
index 000000000000..3b6773839e88
--- /dev/null
+++ b/src/chrome/content/rules/Mentalfloss.com.xml
@@ -0,0 +1,22 @@
+<!--
+	Connection refused:
+		- aphrodite.mentalfloss.com
+		- cms.mentalfloss.com
+		- eros.mentalfloss.com
+
+	Invalid certificate:
+		- store.mentalfloss.com
+-->
+
+<ruleset name="Mentalfloss.com">
+	<target host="mentalfloss.com" />
+	<target host="www.mentalfloss.com" />
+	<target host="adonis.mentalfloss.com" />
+	<target host="images.mentalfloss.com" />
+	<target host="m.mentalfloss.com" />
+	<target host="subscribe.mentalfloss.com" />
+	<target host="us.mentalfloss.com" />
+	<target host="us1.mentalfloss.com" />
+	<target host="us2.mentalfloss.com" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mentalhealth.asn.au.xml b/src/chrome/content/rules/Mentalhealth.asn.au.xml
new file mode 100644
index 000000000000..76c8a369085a
--- /dev/null
+++ b/src/chrome/content/rules/Mentalhealth.asn.au.xml
@@ -0,0 +1,21 @@
+<!--
+	For mentalhealth.asn.au
+
+		Works:
+
+			- www
+			- $
+
+		Doesn't Work:
+			nil
+
+		https://mentalhealth.asn.au/ redirects to http://www.mentalhealth.asn.au/
+		doing rewrite here for performance.
+-->
+<ruleset name="Mentalhealth.asn.au">
+  <target host="mentalhealth.asn.au" />
+  <target host="www.mentalhealth.asn.au" />
+
+  <rule from="^http://(www\.)?mentalhealth\.asn\.au/"
+          to="https://www.mentalhealth.asn.au/" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mentor-Graphics.xml b/src/chrome/content/rules/Mentor-Graphics.xml
deleted file mode 100644
index 2babd863d547..000000000000
--- a/src/chrome/content/rules/Mentor-Graphics.xml
+++ /dev/null
@@ -1,38 +0,0 @@
-<!--
-	CDN buckets:
-
-		- s3.amazonaws.com/images.mentor.com/
-		- d30fqqf2omcq1k.cloudfront.net
-		- d3hnmhviacntp6.cloudfront.net
-
--->
-<ruleset name="Mentor Graphics (partial)">
-
-	<target host="codesourcery.com" />
-	<target host="www.codesourcery.com" />
-	<target host="mentor.com" />
-	<target host="*.mentor.com" />
-		<!--
-			* for cross-domain cookie.
-							-->
-		<target host="*.store1.mentor.com" />
-
-
-	<securecookie host="^\.store1\.mentor\.com$" name=".*" />
-
-
-	<rule from="^https?://(?:www\.)?codesourcery\.com/"
-		to="https://www.mentor.com/embedded-software/codesourcery" />
-
-	<!--	!www doesn't work.
-					-->
-	<rule from="^http://mentor\.com/"
-		to="https://www.mentor.com/" />
-
-	<rule from="^http://(accounts|store1?|supportnet)\.mentor\.com/"
-		to="https://$1.mentor.com/" />
-
-	<rule from="^https?://cache\.mentor\.com/"
-		to="https://d30fqqf2omcq1k.cloudfront.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Mentor.com.xml b/src/chrome/content/rules/Mentor.com.xml
new file mode 100644
index 000000000000..8a2d0ae644b4
--- /dev/null
+++ b/src/chrome/content/rules/Mentor.com.xml
@@ -0,0 +1,36 @@
+<!--
+	Refused:
+		- cache
+		- suggest
+
+	Timeout:
+		- wiki
+-->
+<ruleset name="Mentor.com">
+	<target host="mentor.com" />
+	<target host="www.mentor.com" />
+	<target host="accounts.mentor.com" />
+	<target host="advantage.mentor.com" />
+	<target host="analytics.mentor.com" />
+	<target host="beta.mentor.com" />
+	<target host="blogs.mentor.com" />
+	<target host="connect.mentor.com" />
+	<target host="crm.mentor.com" />
+	<target host="go.mentor.com" />
+	<target host="help.mentor.com" />
+	<target host="interactive.mentor.com" />
+	<target host="iweb.mentor.com" />
+	<target host="learn.mentor.com" />
+	<target host="login.mentor.com" />
+	<target host="marketing.mentor.com" />
+	<target host="salesconnect.mentor.com" />
+	<target host="signin.mentor.com" />
+	<target host="sourcery.mentor.com" />
+	<target host="store.mentor.com" />
+	<target host="store1.mentor.com" />
+	<target host="support.mentor.com" />
+	<target host="supportnet.mentor.com" />
+	<target host="video.mentor.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mentoring_Central.xml b/src/chrome/content/rules/Mentoring_Central.xml
index 1ed0faab77b5..a0eff0680785 100644
--- a/src/chrome/content/rules/Mentoring_Central.xml
+++ b/src/chrome/content/rules/Mentoring_Central.xml
@@ -1,13 +1,23 @@
-<ruleset name="Mentoring Central">
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://mentoringcentral.net/ (200) => https://mentoringcentral.net/ (404)
+Non-2xx HTTP code: http://resources.mentoringcentral.net/ (200) => https://resources.mentoringcentral.net/ (404)
+Non-2xx HTTP code: http://www.mentoringcentral.net/ (200) => https://www.mentoringcentral.net/ (404)
+
+Automatically by https-everywhere-checker because:
+Fetch error: http://mentoringcentral.net/ => https://mentoringcentral.net/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+-->
+<ruleset name="Mentoring Central" default_off="failed ruleset test">
 
 	<target host="mentoringcentral.net" />
-	<target host="*.mentoringcentral.net" />
+	<target host="resources.mentoringcentral.net" />
+	<target host="www.mentoringcentral.net" />
 
 
-	<securecookie host="^(?:.*\.)?mentoringcentral\.net$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(resources\.|www\.)?mentoringcentral\.net/"
-		to="https://$1mentoringcentral.net/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Meo.pt.xml b/src/chrome/content/rules/Meo.pt.xml
new file mode 100644
index 000000000000..8cdb1b3c1b11
--- /dev/null
+++ b/src/chrome/content/rules/Meo.pt.xml
@@ -0,0 +1,57 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://login.meo.pt/ => https://login.meo.pt/: (6, 'Could not resolve host: login.meo.pt')
+
+	Expired:
+	jogos.meo.pt
+	interactivo.meo.pt
+
+	Mismatch:
+	radiomeomusic.meo.pt
+	maresvivas.meo.pt
+	sudoeste.meo.pt
+	arena.meo.pt
+	catalogopontos.meo.pt
+	revista.meo.pt
+
+	Different content:
+	meogo.meo.pt
+
+	Timeout:
+	blog.meo.pt
+	waitingringiframe.meo.pt
+
+	HTTP redirect:
+	pontos.meo.pt
+
+	Refused:
+	sousmart.meo.pt
+	t.meo.pt
+	kids.meo.pt
+	waitingring.meo.pt
+	qos.sapo.pt
+	surf.moche.pt
+
+	self signed:
+	lojas.meo.pt
+-->
+
+<ruleset name="Meo.pt" default_off="failed ruleset test">
+	<target host="meo.pt" />
+	<target host="www.meo.pt" />
+	<target host="online.meo.pt" />
+	<target host="music.meo.pt" />
+	<target host="loja.meo.pt" />
+	<target host="wifi.meo.pt" />
+	<target host="kanal.meo.pt" />
+	<target host="meolocalizz.meo.pt" />
+	<target host="conteudos.meo.pt" />
+	<target host="forum.meo.pt" />
+	<target host="login.meo.pt" />
+	<target host="cliente.meo.pt" />
+	<target host="promospot.meo.pt" />
+	<target host="parking.meo.pt" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mephi.ru-problematic.xml b/src/chrome/content/rules/Mephi.ru-problematic.xml
index 893f2c7ee5e5..ce376f2da93f 100644
--- a/src/chrome/content/rules/Mephi.ru-problematic.xml
+++ b/src/chrome/content/rules/Mephi.ru-problematic.xml
@@ -10,7 +10,6 @@
 	<securecookie host="^voip\.mephi\.ru$" name=".+" />
 
 
-	<rule from="^http://voip\.mephi\.ru/"
-		to="https://voip.mephi.ru/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Mephi.ru.xml b/src/chrome/content/rules/Mephi.ru.xml
index 21dec071e208..9fb66ddb26d8 100644
--- a/src/chrome/content/rules/Mephi.ru.xml
+++ b/src/chrome/content/rules/Mephi.ru.xml
@@ -37,7 +37,11 @@
 -->
 <ruleset name="MEPhI.ru (partial)">
 
-	<target host="*.mephi.ru" />
+	<target host="ca.mephi.ru" />
+	<target host="eis.mephi.ru" />
+	<target host="oir.mephi.ru" />
+	<target host="ut.mephi.ru" />
+	<target host="mail.ut.mephi.ru" />
 		<!--exclusion pattern="^http://(readme\.campus|voip|www)\." /-->
 
 
@@ -47,7 +51,6 @@
 	<securecookie host="^(?:oir|ut|\.mail\.ut)\.mephi\.ru$" name=".+" />
 
 
-	<rule from="^http://(ca|eis|oir|ut|mail\.ut)\.mephi\.ru/"
-		to="https://$1.mephi.ru/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Mequoda.com.xml b/src/chrome/content/rules/Mequoda.com.xml
index a3e16fb4bc26..430e4cb592eb 100644
--- a/src/chrome/content/rules/Mequoda.com.xml
+++ b/src/chrome/content/rules/Mequoda.com.xml
@@ -1,4 +1,9 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://mequoda.com/ => https://www.mequoda.com/: (60, 'SSL certificate problem: self signed certificate')
+Fetch error: http://www.mequoda.com/ => https://www.mequoda.com/: (60, 'SSL certificate problem: self signed certificate')
+
 	Nonfunctional subdomains:
 
 		- ox	(shows CentOS test page; expired 2013-01-12, self-signed)
@@ -9,7 +14,7 @@
 		- ^	(cert only matches www)
 
 -->
-<ruleset name="Mequoda.com (partial)">
+<ruleset name="Mequoda.com (partial)" default_off="failed ruleset test">
 
 	<target host="mequoda.com" />
 	<target host="www.mequoda.com" />
@@ -21,4 +26,4 @@
 	<rule from="^http://(?:www\.)?mequoda\.com/"
 		to="https://www.mequoda.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Mer-Project.xml b/src/chrome/content/rules/Mer-Project.xml
deleted file mode 100644
index fd959809505d..000000000000
--- a/src/chrome/content/rules/Mer-Project.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="Mer Project (partial)">
-
-	<target host="bugs.merproject.org" />
-
-
-	<rule from="^http://bugs\.merproject\.org/"
-		to="https://bugs.merproject.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Mer.io.xml b/src/chrome/content/rules/Mer.io.xml
new file mode 100644
index 000000000000..4228a588e720
--- /dev/null
+++ b/src/chrome/content/rules/Mer.io.xml
@@ -0,0 +1,14 @@
+<ruleset name="mer.io">
+
+	<target host="mer.io" />
+	<target host="www.mer.io" />
+
+
+	<!--	Server doesn't set Secure for:
+						-->
+	<securecookie host="^(?:w*\.)?mer\.io$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MerNetwork.com.xml b/src/chrome/content/rules/MerNetwork.com.xml
new file mode 100644
index 000000000000..ea95f67bba33
--- /dev/null
+++ b/src/chrome/content/rules/MerNetwork.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="MerNetwork.com">
+	<target host="mernetwork.com" />
+	<target host="www.mernetwork.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MerProject.org.xml b/src/chrome/content/rules/MerProject.org.xml
new file mode 100644
index 000000000000..3e7abfcd02d9
--- /dev/null
+++ b/src/chrome/content/rules/MerProject.org.xml
@@ -0,0 +1,25 @@
+<!--
+	Invalid certificate:
+		merproject.org
+		www.merproject.org
+		gitweb.merproject.org
+		img.merproject.org
+		repo.merproject.org
+
+-->
+<ruleset name="Mer Project.org (partial)">
+
+	<target host="api.merproject.org" />
+	<target host="bugs.merproject.org" />
+	<target host="build.merproject.org" />
+	<target host="git.merproject.org" />
+	<target host="wiki.merproject.org" />
+	<target host="webhook.merproject.org" />
+		<test url="http://webhook.merproject.org/webhook/admin/login/" />
+
+	<securecookie host="^(bugs|build|wiki)\.merproject\.org$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mer_Project.org.xml b/src/chrome/content/rules/Mer_Project.org.xml
deleted file mode 100644
index ecd94331bdb5..000000000000
--- a/src/chrome/content/rules/Mer_Project.org.xml
+++ /dev/null
@@ -1,41 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)	(503; self-signed, CN: api.ci.merproject.org)
-
-
-	Problematic subdomains:
-
-		- api.ci *
-		- review *
-
-	* Works, self-signed
-
-
-	Partially covered subdomains:
-
-		- review	(→ code.google.com)
-
-
-	Fully covered subdomains:
-
-		- bugs
-		- build
-		- wiki
-
--->
-<ruleset name="Mer Project.org (partial)">
-
-	<target host="*.merproject.org" />
-
-
-	<securecookie host="^(?:bugs|build|wiki)\.merproject\.org$" name=".+" />
-
-
-	<rule from="^http://(bugs|build|wiki)\.merproject\.org/"
-		to="https://$1.merproject.org/" />
-
-	<rule from="^http://review\.merproject\.org/(?:\?.*)?$"
-		to="https://code.google.com/p/gerrit/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Meraki.xml b/src/chrome/content/rules/Meraki.xml
index bbbce6947de5..9ddb4c20ce91 100644
--- a/src/chrome/content/rules/Meraki.xml
+++ b/src/chrome/content/rules/Meraki.xml
@@ -5,13 +5,13 @@
 <ruleset name="Meraki">
 
 	<target host="meraki.com" />
-	<target host="*.meraki.com" />
+	<target host="account.meraki.com" />
+	<target host="www.meraki.com" />
 
 
 	<securecookie host=".*\.meraki\.com$" name=".+" />
 
 
-	<rule from="^http://(account\.|www\.)?meraki\.com/"
-		to="https://$1meraki.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Merca20.xml b/src/chrome/content/rules/Merca20.xml
index fce66e7bfbc2..f79d4979c45a 100644
--- a/src/chrome/content/rules/Merca20.xml
+++ b/src/chrome/content/rules/Merca20.xml
@@ -1,21 +1,13 @@
-<!--
-	Problematic subdomains:
-
-		- ^		(prints subscription form, redirects to www over http)
-		- cdn		(CN: gp1.wac.edgecastcdn.net; 404)
-		- www		(CN: sergio)
-
--->
-<ruleset name="Merca2.0" default_off="self-signed">
+<ruleset name="Merca2.0">
 
 	<target host="merca20.com" />
-	<target host="*.merca20.com" />
+	<target host="www.merca20.com" />
 
 
 	<securecookie host="^www\.merca20\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:cdn\.|www\.)?merca20\.com/"
-		to="https://www.merca20.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Mercatus-Center.xml b/src/chrome/content/rules/Mercatus-Center.xml
index 1dde4c6a701c..85a92fbff5d8 100644
--- a/src/chrome/content/rules/Mercatus-Center.xml
+++ b/src/chrome/content/rules/Mercatus-Center.xml
@@ -1,17 +1,45 @@
 <!--
 	For other George Mason University coverage, see George-Mason-University.xml.
 
--->
-<ruleset name="Mercatus Center" default_off="expired, self-signed">
+	Non-functional hosts
+		Couldn't connect to server:
+			 - regdatabeta.mercatus.org
+
+		SSL peer certificate was not OK:
+			 - cowps.mercatus.org
+			 - cwps.mercatus.org
+			 - fantasysports.mercatus.org
+			 - gspoa.mercatus.org
+			 - mediametrics.mercatus.org
+			 - neighborhoodeffects.mercatus.org
+			 - newjersey.mercatus.org
+
+		Peer certificate cannot be authenticated with given CA certificates:
+			 - my.mercatus.org
 
+		4xx client error:
+			 - capitolhillcampus.mercatus.org
+			 - development.mercatus.org
+			 - donate.mercatus.org
+			 - economicrecoverydigest.mercatus.org
+			 - insidestateandlocalpolicy.mercatus.org
+			 - localknowledge.mercatus.org
+			 - pages.mercatus.org
+			 - pensions.mercatus.org
+			 - regbudget.mercatus.org
+			 - regdata.mercatus.org
+			 - staff.mercatus.org
+-->
+<ruleset name="Mercatus Center (partial)">
 	<target host="mercatus.org" />
 	<target host="www.mercatus.org" />
+	<target host="asp.mercatus.org" />
+	<target host="grad.mercatus.org" />
+	<target host="hayek.mercatus.org" />
+	<target host="ppe.mercatus.org" />
+	<target host="students.mercatus.org" />
 
+	<securecookie host="^(www\.)?mercatus\.org$" name=".+" />
 
-	<!--	- Cert only matches //mercatus.org
-		- At least some pages redirect to http
-					-->
-	<rule from="^https?://(?:www\.)?mercatus\.org/sites/"
-		to="https://mercatus.org/sites/" />
-
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/MerchDirect.xml b/src/chrome/content/rules/MerchDirect.xml
index 9b578b6f4f83..7bb96456f720 100644
--- a/src/chrome/content/rules/MerchDirect.xml
+++ b/src/chrome/content/rules/MerchDirect.xml
@@ -1,4 +1,9 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://merchdirect.com/ => https://www.merchdirect.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.merchdirect.com'")
+Fetch error: http://www.merchdirect.com/ => https://www.merchdirect.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.merchdirect.com'")
+
 	CDN buckets:
 
 		- s3.amazonaws.com/merchdirect-stores/
@@ -12,13 +17,13 @@
 	Some (most?) pages redirect to http
 
 -->
-<ruleset name="MerchDirect (partial)">
+<ruleset name="MerchDirect (partial)" default_off="failed ruleset test">
 
 	<target host="merchdirect.com" />
 	<target host="www.merchdirect.com" />
 
 
-	<rule from="^https?://(?:www\.)?merchdirect\.com/($|\?|home(?:$|\?|/)|stores/(?:account_login\.php|images/|skins/))"
+	<rule from="^http://(?:www\.)?merchdirect\.com/($|\?|home(?:$|\?|/)|stores/(?:account_login\.php|images/|skins/))"
 		to="https://www.merchdirect.com/$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Merchant_City_Music.xml b/src/chrome/content/rules/Merchant_City_Music.xml
index fd709bf76807..a07a63b14c93 100644
--- a/src/chrome/content/rules/Merchant_City_Music.xml
+++ b/src/chrome/content/rules/Merchant_City_Music.xml
@@ -13,7 +13,7 @@
 	<target host="www.guitar.co.uk" />
 
 
-	<rule from="^https?://(?:www\.)?guitar\.co\.uk/(asset|image|stylesheet)s/"
+	<rule from="^http://(?:www\.)?guitar\.co\.uk/(asset|image|stylesheet)s/"
 		to="https://www.guitar.co.uk/$1s/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Merchantquest.net.xml b/src/chrome/content/rules/Merchantquest.net.xml
index 951b1a813896..c875e4c995c5 100644
--- a/src/chrome/content/rules/Merchantquest.net.xml
+++ b/src/chrome/content/rules/Merchantquest.net.xml
@@ -4,10 +4,10 @@
 		<exclusion pattern="^http://www\." />
 
 
-	<securecookie host=".+\.merchantquest\.net$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http://([\w-]+)\.merchantquest\.net/"
 		to="https://$1.merchantquest.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Mercurial_SCM.xml b/src/chrome/content/rules/Mercurial_SCM.xml
new file mode 100644
index 000000000000..7e65907ba526
--- /dev/null
+++ b/src/chrome/content/rules/Mercurial_SCM.xml
@@ -0,0 +1,17 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://mercurial.selenic.com/ => https://mercurial.selenic.com/: (6, 'Could not resolve host: mercurial.selenic.com')
+
+-->
+<ruleset name="Mercurial SCM" default_off="failed ruleset test">
+  <target host="mercurial-scm.org" />
+  <target host="www.mercurial-scm.org" />
+  <target host="bz.mercurial-scm.org" />
+
+  <target host="www.selenic.com" />
+  <target host="selenic.com" />
+  <target host="mercurial.selenic.com" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mercury_News.com.xml b/src/chrome/content/rules/Mercury_News.com.xml
index 96f3255972e4..b96090a9fe04 100644
--- a/src/chrome/content/rules/Mercury_News.com.xml
+++ b/src/chrome/content/rules/Mercury_News.com.xml
@@ -8,7 +8,9 @@
 
 	Nonfunctional subdomains:
 
-		- extras	(dropped)
+		- extras *
+
+	* 404
 
 
 	Problematic subdomains:
@@ -16,15 +18,38 @@
 		- ^	(dropped)
 		- www	(redirects to http, akamai)
 
+
+	Mixed content:
+
+		- css, on:
+
+			- secure.www from fonts.googleapis.com *
+			- secure.www from extras.mnginteractive.com *
+
+		- Images on secure.www from extras.mnginteractive.com *
+		- Bugs on secure.www from mngimercurynews.112.2o7.net *
+
+	* Secured by us
+
 -->
-<ruleset name="Mercury News.com (partial)">
+<ruleset name="Mercury News.com (partial)" default_off="expired" platform="mixedcontent">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="secure.www.mercurynews.com" />
 
+	<!--	Complications:
+				-->
 	<target host="mercurynews.com" />
-	<target host="*.mercurynews.com" />
+	<target host="www.mercurynews.com" />
+
 		<exclusion pattern="^http://(?:www\.)?mercurynews\.com/(?:\w+/ci_\d+(?:$|[?/]))" />
 
 
-	<rule from="^http://(?:(?:secure\.)?www\.)?mercurynews\.com/"
+	<rule from="^http://(?:www\.)?mercurynews\.com/"
 		to="https://secure.www.mercurynews.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mercury_News.xml b/src/chrome/content/rules/Mercury_News.xml
index 56a9d26f7788..a8dfc8100dfa 100644
--- a/src/chrome/content/rules/Mercury_News.xml
+++ b/src/chrome/content/rules/Mercury_News.xml
@@ -1,7 +1,9 @@
 <ruleset name="Mercury News">
 
 	<target host="mmedia.me" />
-	<target host="*.mmedia.me" />
+	<target host="now.mmedia.me" />
+	<target host="rss.mmedia.me" />
+	<target host="www.mmedia.me" />
 
 
 	<!--	Observed cookies domains:
@@ -10,10 +12,9 @@
 			- .
 			- now
 					-->
-	<securecookie host="^(?:.*\.)?mmedia\.me$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(now\.|rss\.|www\.)?mmedia\.me/"
-		to="https://$1mmedia.me/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MercyShips.org.xml b/src/chrome/content/rules/MercyShips.org.xml
new file mode 100644
index 000000000000..4c064868702e
--- /dev/null
+++ b/src/chrome/content/rules/MercyShips.org.xml
@@ -0,0 +1,19 @@
+<ruleset name="MercyShips.org">
+
+	<target host="mercyships.org" />
+	<target host="www.mercyships.org" />
+	<target host="apply.mercyships.org" />
+	<target host="careers.mercyships.org" />
+	<target host="donate.mercyships.org" />
+	<target host="mymercy.mercyships.org" />
+	<target host="navigator.mercyships.org" />
+	<target host="photos.mercyships.org" />
+	<target host="ssl.mercyships.org" />
+	<target host="store.mercyships.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mercy_Ships.xml b/src/chrome/content/rules/Mercy_Ships.xml
deleted file mode 100644
index a50a11a8c073..000000000000
--- a/src/chrome/content/rules/Mercy_Ships.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<ruleset name="Mercy Ships (partial)">
-
-	<target host="www.mercyships.org.s3.amazonaws.com" />
-	<target host="mercyships.org" />
-	<target host="*.mercyships.org" />
-
-
-	<securecookie host="^(?:w*\.)?mercyships\.org$" name=".+" />
-
-
-	<rule from="^https?://www\.mercyships\.org\.s3-us-west-1\.amazonaws\.com/"
-		to="https://s3-us-west-1.amazonaws.com/www.mercyships.org/" />
-
-	<rule from="^http://(www\.)?mercyships\.org/"
-		to="https://$1mercyships.org/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Meritrust_CU.org.xml b/src/chrome/content/rules/Meritrust_CU.org.xml
new file mode 100644
index 000000000000..72c711bbe051
--- /dev/null
+++ b/src/chrome/content/rules/Meritrust_CU.org.xml
@@ -0,0 +1,27 @@
+<!--
+	Meritrust Credit Union
+
+
+	^: cert only matches www
+
+-->
+<ruleset name="Meritrust CU.org">
+
+	<target host="meritrustcu.org" />
+	<target host="www.meritrustcu.org" />
+	<target host="xenapp.meritrustcu.org" />
+
+
+	<!--	Secured by server:
+					-->
+	<!--securecookie host="^xenapp\.meritrustcu\.org$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^(?:www)?\.meritrustcu\.org$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?meritrustcu\.org/"
+		to="https://www.meritrustcu.org/" />
+
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Merkur.de.xml b/src/chrome/content/rules/Merkur.de.xml
new file mode 100644
index 000000000000..fe2d0b06d07d
--- /dev/null
+++ b/src/chrome/content/rules/Merkur.de.xml
@@ -0,0 +1,33 @@
+<!--
+	Cert mismatch:
+		- epaper.merkur.de
+		- epaperapp.merkur.de
+		- epaperkiosk.merkur.de
+		- webviewer.merkur.de
+-->
+
+<ruleset name="Merkur.de">
+
+	<target host="merkur.de" />
+	<target host="www.merkur.de" />
+	<target host="autoanzeigen.merkur.de" />
+	<target host="druckhaustour.merkur.de" />
+	<target host="immobilien.merkur.de" />
+	<target host="jobs.merkur.de" />
+	<target host="markt.merkur.de" />
+	<target host="media.merkur.de" />
+	<target host="playground.merkur.de" />
+	<target host="promo.merkur.de" />
+	<target host="trauer.merkur.de" />
+	<target host="www.trauer.merkur.de" />
+	<target host="veranstaltungen.merkur.de" />
+
+	<test url="http://promo.merkur.de/abo/epaper/" />
+
+	<rule from="^http://www\.trauer\.merkur\.de/" to="https://trauer.merkur.de/"/>
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:"/>
+
+</ruleset>
diff --git a/src/chrome/content/rules/Merlinbreaks.co.uk.xml b/src/chrome/content/rules/Merlinbreaks.co.uk.xml
new file mode 100644
index 000000000000..d8a18184912d
--- /dev/null
+++ b/src/chrome/content/rules/Merlinbreaks.co.uk.xml
@@ -0,0 +1,18 @@
+<!--
+	Nonfunctional subdomain:
+		- (www)			(hostname mismatch, CN: www.hxtrack.com)
+-->
+<ruleset name="Merlinbreaks.co.uk">
+	<target host="*.merlinbreaks.co.uk" />
+
+		<test url="http://chessingtonholidays.merlinbreaks.co.uk/" />
+		<test url="http://legoland.merlinbreaks.co.uk/" />
+
+        <!-- cert mismatch -->
+	<exclusion pattern="^http://www.merlinbreaks\.co\.uk/" />
+
+		<test url="http://www.merlinbreaks.co.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Merlinux.xml b/src/chrome/content/rules/Merlinux.xml
index a633719c2cdc..7faa1e0590e9 100644
--- a/src/chrome/content/rules/Merlinux.xml
+++ b/src/chrome/content/rules/Merlinux.xml
@@ -1,19 +1,6 @@
-<ruleset name="Merlinux" default_off="self-signed">
-
-	<target host="merlinux.eu"/>
-	<target host="www.merlinux.eu"/>
-	<target host="pypy.org"/>
-	<target host="*.pypy.org"/>
-
-	<securecookie host="^(.*\.)?pypy\.org$" name=".*"/>
-
-	<rule from="^http://(?:www\.)?merlinux\.eu/"
-		to="https://merlinux.eu/"/>
-
-	<rule from="^http://(?:www\.)?pypy\.org/"
-		to="https://pypy.org/"/>
-
-	<rule from="^http://bugs\.pypy\.org/"
-		to="https://bugs.pypy.org/"/>
-
+<ruleset name="Merlinux">
+	<target host="merlinux.eu" />
+	<target host="www.merlinux.eu" />
+	<target host="hq5.merlinux.eu" />
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Mermaid-kat-shop.de.xml b/src/chrome/content/rules/Mermaid-kat-shop.de.xml
new file mode 100644
index 000000000000..25634abe3aee
--- /dev/null
+++ b/src/chrome/content/rules/Mermaid-kat-shop.de.xml
@@ -0,0 +1,10 @@
+<!--
+	For other Mermaid Kat Shop coverage, see Mermaidtailaustralia.com.au.xml
+
+-->
+<ruleset name="mermaid-kat-shop.de">
+	<target host="mermaid-kat-shop.de" />
+	<target host="www.mermaid-kat-shop.de" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mermaidkatshop.co.uk.xml b/src/chrome/content/rules/Mermaidkatshop.co.uk.xml
new file mode 100644
index 000000000000..033cbd7d1869
--- /dev/null
+++ b/src/chrome/content/rules/Mermaidkatshop.co.uk.xml
@@ -0,0 +1,10 @@
+<!--
+	For other Mermaid Kat Shop coverage, see Mermaidtailaustralia.com.au.xml
+
+-->
+<ruleset name="mermaidkatshop.co.uk">
+	<target host="mermaidkatshop.co.uk" />
+	<target host="www.mermaidkatshop.co.uk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mermaidkatshop.com.xml b/src/chrome/content/rules/Mermaidkatshop.com.xml
new file mode 100644
index 000000000000..6ae0fc6e0b3a
--- /dev/null
+++ b/src/chrome/content/rules/Mermaidkatshop.com.xml
@@ -0,0 +1,10 @@
+<!--
+	For other Mermaid Kat Shop coverage, see Mermaidtailaustralia.com.au.xml
+
+-->
+<ruleset name="mermaidkatshop.com">
+	<target host="mermaidkatshop.com" />
+	<target host="www.mermaidkatshop.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mermaidtailaustralia.com.au.xml b/src/chrome/content/rules/Mermaidtailaustralia.com.au.xml
new file mode 100644
index 000000000000..38d859cc5b78
--- /dev/null
+++ b/src/chrome/content/rules/Mermaidtailaustralia.com.au.xml
@@ -0,0 +1,13 @@
+<!--
+	For other Mermaid Kat Shop coverage, see:
+		Mermaid-kat-shop.de.xml
+		Mermaidkatshop.co.uk.xml
+		Mermaidkatshop.com.xml
+
+-->
+<ruleset name="mermaidtailaustralia.com.au">
+	<target host="mermaidtailaustralia.com.au" />
+	<target host="www.mermaidtailaustralia.com.au" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mersenne.org.xml b/src/chrome/content/rules/Mersenne.org.xml
new file mode 100644
index 000000000000..2cd2db987595
--- /dev/null
+++ b/src/chrome/content/rules/Mersenne.org.xml
@@ -0,0 +1,15 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+			 - ftp.mersenne.org
+			 - v5.mersenne.org
+			 - v5www.mersenne.org
+-->
+<ruleset name="Mersenne.org">
+	<target host="mersenne.org" />
+	<target host="www.mersenne.org" />
+
+	<securecookie host="^(www\.)?mersenne\.org$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Merton.gov.uk.xml b/src/chrome/content/rules/Merton.gov.uk.xml
new file mode 100644
index 000000000000..0f307ff7915b
--- /dev/null
+++ b/src/chrome/content/rules/Merton.gov.uk.xml
@@ -0,0 +1,117 @@
+<!--
+	Merton Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Problematic hosts in *merton.gov.uk:
+
+		- ^ ᵐ
+		- lbmsecure ᴿ ᶜ
+		- news ᵂ ᵐ
+
+	ᴿ Configured for RC4 only
+	ᵂ WordPress
+	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- autodiscover.merton.gov.uk
+		- democracy.merton.gov.uk
+		- webforms.merton.gov.uk
+		- webmail.merton.gov.uk
+
+-->
+<ruleset name="Merton.gov.uk (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="autodiscover.merton.gov.uk" />
+	<target host="democracy.merton.gov.uk" />
+	<target host="fsd.merton.gov.uk" />
+	<target host="lbmns.merton.gov.uk" />
+	<!--target host="lbmsecure.merton.gov.uk" /-->
+	<target host="webforms.merton.gov.uk" />
+	<target host="webmail.merton.gov.uk" />
+	<target host="www.merton.gov.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="merton.gov.uk" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="http://fsd\.merton\.gov\.uk/(?:$|kb5/merton/directory/(?:advice|family|home|localoffer|privacy_policy|results|shortlist|site|whats_on)\.page)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="http://fsd\.merton\.gov\.uk/+(?!kb5/merton/directory/(?:assets/|(?:contact|register|sign_in)\.page))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://fsd.merton.gov.uk/kb5/merton/directory/advice.page" />
+			<test url="http://fsd.merton.gov.uk/kb5/merton/directory/family.page" />
+			<test url="http://fsd.merton.gov.uk/kb5/merton/directory/home.page" />
+			<test url="http://fsd.merton.gov.uk/kb5/merton/directory/localoffer.page" />
+			<test url="http://fsd.merton.gov.uk/kb5/merton/directory/privacy_policy.page" />
+			<!--test url="http://fsd.merton.gov.uk/kb5/merton/directory/results.page" /-->
+			<!--test url="http://fsd.merton.gov.uk/kb5/merton/directory/shortlist.page" /-->
+			<!--test url="http://fsd.merton.gov.uk/kb5/merton/directory/site.page" /-->
+			<!--test url="http://fsd.merton.gov.uk/kb5/merton/directory/whats_on.page" /-->
+
+			<!--	-ve:
+					-->
+			<test url="http://fsd.merton.gov.uk/kb5/merton/directory/assets/css/print.min.css" />
+			<test url="http://fsd.merton.gov.uk/kb5/merton/directory/assets/images/presence/family_3.png" />
+			<test url="http://fsd.merton.gov.uk/kb5/merton/directory/contact.page" />
+			<test url="http://fsd.merton.gov.uk/kb5/merton/directory/register.page" />
+			<test url="http://fsd.merton.gov.uk/kb5/merton/directory/sign_in.page" />
+
+		<!--	Redirects to http:
+						-->
+		<exclusion pattern="http://www.merton.gov.uk/(?:$|\?)" />
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="http://www.merton.gov.uk/+(?![\w-]+\.(?:css|gif|jpg|pdf)|favicon\.ico|mymerton(?:\.htm)?(?:$|\?))" /-->
+
+			<!--	+ve:
+					-->
+			<test url="http://www.merton.gov.uk/?test" />
+			<test url="http://www.merton.gov.uk/?quota" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.merton.gov.uk/about-this-website.htm" />
+			<test url="http://www.merton.gov.uk/access.htm" />
+			<test url="http://www.merton.gov.uk/advice-benefits" />
+			<test url="http://www.merton.gov.uk/advice-benefits/counciltax/youraccount/ebilling.htm" />
+			<test url="http://www.merton.gov.uk/council" />
+			<test url="http://www.merton.gov.uk/council/gateway.htm" />
+			<test url="http://www.merton.gov.uk/css-home-complex.css" />
+			<test url="http://www.merton.gov.uk/favicon.ico" />
+			<test url="http://www.merton.gov.uk/fsd" />
+			<test url="http://www.merton.gov.uk/leader2011.jpg" />
+			<test url="http://www.merton.gov.uk/mymerton" />
+			<test url="http://www.merton.gov.uk/white-pixel.gif" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:autodiscover|webmail)\.merton\.gov\.uk$" name="^cadata[\dA-F]{32}$" /-->
+	<!--securecookie host="^democracy\.merton\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^webforms\.merton\.gov\.uk$" name="^(?:AWSELB|firmstep2session|firmstep2server)$" /-->
+	<!--securecookie host="^webmail\.merton\.gov\.uk$" name="^cadata[\dA-F]{32}$" /-->
+
+	<securecookie host="^(?!fsd\.|www\.)\w" name=".+" />
+
+
+	<rule from="^http://merton\.gov\.uk/"
+		to="https://www.merton.gov.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MesExercices.com.xml b/src/chrome/content/rules/MesExercices.com.xml
new file mode 100644
index 000000000000..22b104f93b7d
--- /dev/null
+++ b/src/chrome/content/rules/MesExercices.com.xml
@@ -0,0 +1,11 @@
+<!--
+	See for related rulesets: FrancaisFacile.com.xml
+-->
+<ruleset name="MesExercices.com">
+	<target host="mesexercices.com" />
+	<target host="www.mesexercices.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MesOutils.com.xml b/src/chrome/content/rules/MesOutils.com.xml
new file mode 100644
index 000000000000..341e7535394f
--- /dev/null
+++ b/src/chrome/content/rules/MesOutils.com.xml
@@ -0,0 +1,11 @@
+<!--
+	See for related rulesets: FrancaisFacile.com.xml
+-->
+<ruleset name="MesOutils.com">
+	<target host="mesoutils.com" />
+	<target host="www.mesoutils.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mesa3d.org.xml b/src/chrome/content/rules/Mesa3d.org.xml
new file mode 100644
index 000000000000..9e9d82a66b5d
--- /dev/null
+++ b/src/chrome/content/rules/Mesa3d.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="Mesa3d.org">
+
+	<target host="mesa3d.org" />
+	<target host="www.mesa3d.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mesamatrix.net.xml b/src/chrome/content/rules/Mesamatrix.net.xml
new file mode 100644
index 000000000000..028b3711fec6
--- /dev/null
+++ b/src/chrome/content/rules/Mesamatrix.net.xml
@@ -0,0 +1,8 @@
+<ruleset name="Mesamatrix.net">
+
+	<target host="mesamatrix.net"/>
+	<target host="www.mesamatrix.net"/>
+
+	<rule from="^http:" to="https:"/>
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mesh-Internet.xml b/src/chrome/content/rules/Mesh-Internet.xml
index 4a08da8c9d9c..3ef0242846c5 100644
--- a/src/chrome/content/rules/Mesh-Internet.xml
+++ b/src/chrome/content/rules/Mesh-Internet.xml
@@ -8,13 +8,13 @@
 -->
 <ruleset name="Mesh Internet (partial)">
 
-	<target host="*.mesh-internet.co.uk" />
+	<target host="my.mesh-internet.co.uk" />
+	<target host="secure.mesh-internet.co.uk" />
 
 
-	<securecookie host="^\w+\.mesh-internet\.co\.uk$" name=".*" />
+	<securecookie host="^\w+\.mesh-internet\.co\.uk$" name=".+" />
 
 
-	<rule from="^http://(my|secure)\.mesh-internet\.co\.uk/"
-		to="https://$1.mesh-internet.co.uk/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/MesonBuild.com.xml b/src/chrome/content/rules/MesonBuild.com.xml
new file mode 100644
index 000000000000..3cdf8c7fdb2c
--- /dev/null
+++ b/src/chrome/content/rules/MesonBuild.com.xml
@@ -0,0 +1,14 @@
+<!--
+	Mismatch:
+		www.mesonbuild.com
+-->
+<ruleset name="MesonBuild.com">
+	<target host="mesonbuild.com" />
+	<target host="www.mesonbuild.com" />
+	<target host="wrapdb.mesonbuild.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://www\.mesonbuild\.com/" to="https://mesonbuild.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mesosphere.com.xml b/src/chrome/content/rules/Mesosphere.com.xml
new file mode 100644
index 000000000000..5a78364ebd8b
--- /dev/null
+++ b/src/chrome/content/rules/Mesosphere.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="Mesosphere.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="mesosphere.com" />
+	<target host="docs.mesosphere.com" />
+	<target host="www.mesosphere.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Messenger.com.xml b/src/chrome/content/rules/Messenger.com.xml
new file mode 100644
index 000000000000..6f49bb3b7496
--- /dev/null
+++ b/src/chrome/content/rules/Messenger.com.xml
@@ -0,0 +1,21 @@
+<!--
+	For other Facebook coverage, see Facebook.xml.
+
+	HSTS preloaded:
+		- messenger.com
+		- www.messenger.com
+
+	Insecure cookies are set for these domains:
+		- .messenger.com
+-->
+
+<ruleset name="Messenger.com">
+	<!-- Direct rewrites -->
+	<target host="l.messenger.com" />
+
+	<!-- Not secured by server -->
+	<!--securecookie host="^\.messenger\.com$" name="^(datr|noscript)$" /-->
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Messer_Financial.xml b/src/chrome/content/rules/Messer_Financial.xml
index a50073bc9df8..83ef7c3369a7 100644
--- a/src/chrome/content/rules/Messer_Financial.xml
+++ b/src/chrome/content/rules/Messer_Financial.xml
@@ -1,13 +1,12 @@
 <ruleset name="Messer Financial">
 
 	<target host="messerfinancial.com" />
-	<target host="*.messerfinancial.com" />
+	<target host="www.messerfinancial.com" />
 
 
-	<securecookie host="^(?:.*\.)?messerfinancial\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(www\.)?messerfinancial\.com/"
-		to="https://$1messerfinancial.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Met-Art.com.xml b/src/chrome/content/rules/Met-Art.com.xml
new file mode 100644
index 000000000000..2efad1745935
--- /dev/null
+++ b/src/chrome/content/rules/Met-Art.com.xml
@@ -0,0 +1,46 @@
+<!--
+	For other MetArt Network coverage, see MetArt_Network.com.xml.
+
+
+	Nonfunctional hosts in *met-art.com:
+
+		- ^ ¹
+		- assets ²
+		- guests ²
+		- static ²
+		- www ²
+
+	¹ Refused
+	² Dropped
+
+
+	Problematic hosts in *met-art.com:
+
+		- members *
+
+	* Mixed css
+
+
+	Mixed content:
+
+		- css on members from guests.met-art.com *
+		- Images on members from guests.met-art.com *
+
+	* Unsecurable <= dropped
+
+-->
+<ruleset name="Met-Art.com (partial)" platform="mixedcontent">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="members.met-art.com" />
+
+		<!--	Mixed css:
+					-->
+		<test url="http://members.met-art.com/wronglogin.htm" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Met-Office.xml b/src/chrome/content/rules/Met-Office.xml
deleted file mode 100644
index 1501071501f4..000000000000
--- a/src/chrome/content/rules/Met-Office.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Met Office" default_off="mismatch">
-
-	<!--	Akamai	-->
-	<target host="metoffice.gov.uk" />
-	<target host="www.metoffice.gov.uk" />
-
-
-	<!--	!www 301s to www.
-					-->
-	<rule from="^https?://(?:www\.)?metoffice\.gov\.uk/"
-		to="https://www.metoffice.gov.uk/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/MetArt_Network.com.xml b/src/chrome/content/rules/MetArt_Network.com.xml
new file mode 100644
index 000000000000..5e1d31753d2e
--- /dev/null
+++ b/src/chrome/content/rules/MetArt_Network.com.xml
@@ -0,0 +1,43 @@
+<!--
+	Other MetArt Network rulesets:
+
+		- Met-Art.com.xml
+
+
+	Nonfunctional hosts in *metartnetwork.com:
+
+		- (www.)? ¹
+		- members ²
+		- static ¹
+
+	¹ Refused
+	² Shows members.met-art.com
+
+
+	Insecure cookies are set for these hosts:
+
+		- account.metartnetwork.com
+		- billing.metartnetwork.com
+
+-->
+<ruleset name="MetArt Network.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="account.metartnetwork.com" />
+	<target host="assets.metartnetwork.com" />
+	<target host="billing.metartnetwork.com" />
+	<target host="static-assets.metartnetwork.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:account|billing)\.metartnetwork\.com$" name="^nocache$" /-->
+
+	<securecookie host="^(?:account|billing)\.metartnetwork\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MetOffice.gov.uk.xml b/src/chrome/content/rules/MetOffice.gov.uk.xml
new file mode 100644
index 000000000000..7474e64e7eeb
--- /dev/null
+++ b/src/chrome/content/rules/MetOffice.gov.uk.xml
@@ -0,0 +1,13 @@
+<!--
+	For other UK government coverage, see GOV.UK.xml.
+
+	*.metoffice.gov.uk has a wildcard DNS record.
+-->
+<ruleset name="MetOffice.gov.uk">
+
+	<target host="metoffice.gov.uk" />
+	<target host="www.metoffice.gov.uk" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MetaCPAN.xml b/src/chrome/content/rules/MetaCPAN.xml
index ba31a43af488..c1db2f774423 100644
--- a/src/chrome/content/rules/MetaCPAN.xml
+++ b/src/chrome/content/rules/MetaCPAN.xml
@@ -1,13 +1,17 @@
-<ruleset name="MetaCPAN">
+<ruleset name="MetaCPAN.org">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="metacpan.org" />
-	<target host="*.metacpan.org" />
+	<target host="api.metacpan.org" />
+	<target host="cpan.metacpan.org" />
+	<target host="www.metacpan.org" />
 
 
-	<securecookie host="^(.*\.)?metacpan\.org$" name=".*" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(api\.|www\.)?metacpan\.org/"
-		to="https://$1metacpan.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/MetaEbene.xml b/src/chrome/content/rules/MetaEbene.xml
new file mode 100644
index 000000000000..443bf524fd52
--- /dev/null
+++ b/src/chrome/content/rules/MetaEbene.xml
@@ -0,0 +1,57 @@
+<!--
+	Invalid certificate:
+		- feeds.metaebene.me
+		- docs.podlove.org
+		- translate.podlove.org
+
+	TimeOut:
+		- tim.geekheim.de
+-->
+<ruleset name="Metaebene">
+
+	<target host="bundesradio.de" />
+	<target host="cre-podcast.de" />
+	<target host="cre.fm" />
+	<target host="das-sendezentrum.de" />
+	<target host="der-lautsprecher.de" />
+	<target host="die-sondersendung.de" />
+	<target host="diesondersendung.de" />
+	<target host="fokus-europa.de" />
+	<target host="fokuseuropa.de" />
+	<target host="forschergeist.de" />
+	<target host="freakshow.fm" />
+	<target host="futurologischer-salon.de" />
+	<target host="interhemd.de" />
+	<target host="kolophon.oreilly.de" />
+	<target host="logbuch-netzpolitik.de" />
+
+	<target host="blinkenlights.metaebene.me" />
+	<target host="diegesellschafter.metaebene.me" />
+	<target host="meta.metaebene.me" />
+	<target host="slackin.community.metaebene.me" />
+	<target host="test.metaebene.me" />
+	<target host="webciety.metaebene.me" />
+	<target host="metaebene.me" />
+
+	<target host="mobile-macs.de" />
+	<target host="mobilemacs.de" />
+	<target host="newz-of-the-world.com" />
+	<target host="newzoftheworld.com" />
+	<target host="not-safe-for-work.de" />
+	<target host="notsafeforwork.de" />
+
+	<target host="podlove.de" />
+
+	<target host="auth.podlove.org" />
+	<target host="cdn.podlove.org" />
+	<target host="community.podlove.org" />
+	<target host="publisher.podlove.org" />
+	<target host="podlove.org" />
+
+	<target host="raumzeit-podcast.de" />
+	<target host="tim.pritlove.org" />
+	<target host="ukw.fm" />
+
+	<rule from="^http:" to="https:"/>
+
+</ruleset>
diff --git a/src/chrome/content/rules/MetaGer.de.xml b/src/chrome/content/rules/MetaGer.de.xml
new file mode 100644
index 000000000000..8fbd6effb90c
--- /dev/null
+++ b/src/chrome/content/rules/MetaGer.de.xml
@@ -0,0 +1,14 @@
+<!--
+	For other University of Hannover coverage, see Uni-Hannover.xml.
+
+-->
+<ruleset name="MetaGer.de">
+
+	<target host="metager.de" />
+	<target host="www.metager.de" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MetaPress.com.xml b/src/chrome/content/rules/MetaPress.com.xml
index 729637f94868..8e0df62dd01d 100644
--- a/src/chrome/content/rules/MetaPress.com.xml
+++ b/src/chrome/content/rules/MetaPress.com.xml
@@ -8,7 +8,11 @@
 <ruleset name="Metapress (partial)">
 
 	<target host="metapress.com" />
-	<target host="*.metapress.com" />
+	<target host="www.metapress.com" />
+	<target host="ons.metapress.com" />
+	<target host="psycontent.metapress.com" />
+	<target host="shibboleth.metapress.com" />
+	<target host="springerlink3.metapress.com" />
 
 
 	<securecookie host="^s(?:hibboleth|pringerlink3)\.metapress\.com$" name=".+" />
@@ -17,7 +21,7 @@
 	<!--	- Cert only matches *.metapress.com
 		- At least some pages redirect from www to !www
 					-->
-	<rule from="^https?://(?:www\.)?metapress\.com/(account/|dynamic-file\.axd|identities/(?:help|me)/|images/|personalization/)"
+	<rule from="^http://(?:www\.)?metapress\.com/(account/|dynamic-file\.axd|identities/(?:help|me)/|images/|personalization/)"
 		to="https://www.metapress.com/$1" />
 
 	<!--	- 302s to http:
diff --git a/src/chrome/content/rules/MetaPress.org.xml b/src/chrome/content/rules/MetaPress.org.xml
deleted file mode 100644
index 15db488fbb3b..000000000000
--- a/src/chrome/content/rules/MetaPress.org.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="MetaPress (partial)">
-
-	<target host="metapress.org"/>
-	<target host="www.metapress.org"/>
-
-	<rule from="^http://(www\.)?metapress\.org/(dynamic-file\.axd|images/)"
-		to="https://www.metapress.org/$2"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/MetaProducts.com.xml b/src/chrome/content/rules/MetaProducts.com.xml
new file mode 100644
index 000000000000..827ee999ca60
--- /dev/null
+++ b/src/chrome/content/rules/MetaProducts.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- metaproducts.com
+		- www.metaproducts.com
+
+-->
+<ruleset name="MetaProducts.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="metaproducts.com" />
+	<target host="www.metaproducts.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?metaproducts\.com$" name="^(ASPSESSIONID[A-Z]{8}|cart)$" /-->
+
+	<securecookie host="^(?:www\.)?metaproducts\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Metaboli.co.uk.xml b/src/chrome/content/rules/Metaboli.co.uk.xml
new file mode 100644
index 000000000000..1935240d9dd6
--- /dev/null
+++ b/src/chrome/content/rules/Metaboli.co.uk.xml
@@ -0,0 +1,45 @@
+<!--
+	Insecure cookies are set for these domains and hosts:
+
+		- www.metaboli.co.uk
+		- .www.metaboli.co.uk
+
+
+	Mixed content:
+
+		- css from fonts.googleapis.com *
+
+		- Images, from:
+
+			- d10svsm0gnverk.cloudfront.net *
+			- img.metaboli.fr *
+
+	* Secured by us
+
+-->
+<ruleset name="Metaboli.co.uk" default_off="cert-chain">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.metaboli.co.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="metaboli.co.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.metaboli\.co\.uk$" name="^(?:PHPSESSID|splashscreen)$" /-->
+	<!--securecookie host="^\.www\.metaboli\.co\.uk$" name="^phpbb3_\w_(?:k|sid|u)$" /-->
+
+	<securecookie host="^\.?www\.metaboli\.co\.uk$" name=".+" />
+
+
+	<rule from="^http://metaboli\.co\.uk/"
+		to="https://www.metaboli.co.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Metaboli.fr.xml b/src/chrome/content/rules/Metaboli.fr.xml
new file mode 100644
index 000000000000..064450e31da5
--- /dev/null
+++ b/src/chrome/content/rules/Metaboli.fr.xml
@@ -0,0 +1,42 @@
+<!--
+	CDN buckets:
+
+		- d10svsm0gnverk.cloudfront.net
+
+			- img.metaboli.fr
+
+
+	Problematic hosts in *metaboli.fr:
+
+		- ^ ¹
+		- img ²
+		- www ³ ⁴
+
+	¹ Mismatched
+	² Cloudfront
+	³ Expired
+	⁴ Server sends no certificate chain, see https://whatsmychaincert.com
+
+-->
+<ruleset name="Metaboli.fr (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<!--target host="www.metaboli.fr" /-->
+
+	<!--	Complications:
+				-->
+	<!--target host="metaboli.fr" /-->
+	<target host="img.metaboli.fr" />
+
+
+	<!--rule from="^http://metaboli\.fr/"
+		to="https://www.metaboli.fr/" /-->
+
+	<rule from="^http://img\.metaboli\.fr/"
+		to="https://d10svsm0gnverk.cloudfront.net/" />
+
+	<!--rule from="^http:"
+		to="https:" /-->
+
+</ruleset>
diff --git a/src/chrome/content/rules/Metabunk.org.xml b/src/chrome/content/rules/Metabunk.org.xml
new file mode 100644
index 000000000000..ee144e1b7513
--- /dev/null
+++ b/src/chrome/content/rules/Metabunk.org.xml
@@ -0,0 +1,38 @@
+<!--
+	NB: Tor users cannot view* this website due to CloudFlare settings.
+
+	See:
+
+		- https://blog.torproject.org/blog/call-arms-helping-internet-services-accept-anonymous-users
+		- https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block-Tor-
+		- https://support.cloudflare.com/hc/en-us/articles/200170206-How-do-I-turn-I-m-Under-Attack-mode-on-
+
+	* without enabling javascript, for security and privacy implications see e.g.:
+
+		- https://www.mozilla.org/security/known-vulnerabilities/firefox.html
+		- https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-fingerprinting
+		- https://panopticlick.eff.org
+
+
+	Insecure cookies are set for these domains:
+
+		- .metabunk.org
+
+-->
+<ruleset name="Metabunk.org">
+
+	<target host="metabunk.org" />
+	<target host="www.metabunk.org" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.medium\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Metafetish.com.xml b/src/chrome/content/rules/Metafetish.com.xml
new file mode 100644
index 000000000000..60160f1b75f2
--- /dev/null
+++ b/src/chrome/content/rules/Metafetish.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Metafetish.com">
+	<target host="metafetish.com" />
+	<target host="www.metafetish.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Metal-Detector-Town.com.xml b/src/chrome/content/rules/Metal-Detector-Town.com.xml
index 8e8cbd45309e..d0817e9534db 100644
--- a/src/chrome/content/rules/Metal-Detector-Town.com.xml
+++ b/src/chrome/content/rules/Metal-Detector-Town.com.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://old.metal-detector-town.com/ => https://old.metal-detector-town.com/: (60, 'SSL certificate problem: self signed certificate')
+
 	Mixed content:
 
 		- Images, on www from:
@@ -11,16 +15,16 @@
 	* Secured by us
 
 -->
-<ruleset name="Metal-Detector-Town.com">
+<ruleset name="Metal-Detector-Town.com" default_off="failed ruleset test">
 
 	<target host="metal-detector-town.com" />
-	<target host="*.metal-detector-town.com" />
+	<target host="old.metal-detector-town.com" />
+	<target host="www.metal-detector-town.com" />
 
 
 	<securecookie host="^\.(?:www\.)?metal-detector-town\.com$" name=".+" />
 
 
-	<rule from="^http://(old\.|www\.)?metal-detector-town\.com/"
-		to="https://$1metal-detector-town.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Metalab.at.xml b/src/chrome/content/rules/Metalab.at.xml
new file mode 100644
index 000000000000..759486e83763
--- /dev/null
+++ b/src/chrome/content/rules/Metalab.at.xml
@@ -0,0 +1,36 @@
+<!--
+	Nonfunctional hosts in *metalab.at:
+
+		- log *
+
+	* Redirects to http
+
+
+	Insecure cookies are set for these hosts:
+
+		- metalab.at
+
+-->
+<ruleset name="metalab.at">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="metalab.at" />
+	<target host="lists.metalab.at" />
+	<target host="www.metalab.at" />
+
+		<test url="http://metalab.at/issues" />
+		<test url="http://metalab.at/member/login/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^metalab\.at$" name="^(?:csrftoken|trac_form_session|trac_session)$" /-->
+
+	<securecookie host="^metalab\.at$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Metallica.xml b/src/chrome/content/rules/Metallica.xml
index fd4b49844163..38120bc3ee82 100644
--- a/src/chrome/content/rules/Metallica.xml
+++ b/src/chrome/content/rules/Metallica.xml
@@ -7,16 +7,18 @@
 	Insecure images from orion.metallica.com.
 
 -->
-<ruleset name="Metallica (partial)">
+<ruleset name="Metallica.com (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="metallica.com" />
-	<target host="*.metallica.com" />
+	<target host="www.metallica.com" />
 
 
 	<securecookie host="^(?:w*\.)?metallica\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?metallica\.com/"
-		to="https://$1metallica.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Metalyzer.com.xml b/src/chrome/content/rules/Metalyzer.com.xml
index b064a3d03874..c0461b8fb8a6 100644
--- a/src/chrome/content/rules/Metalyzer.com.xml
+++ b/src/chrome/content/rules/Metalyzer.com.xml
@@ -1,12 +1,14 @@
 <ruleset name="metalyzer.com">
 
-	<target host="*.metalyzer.com" />
+	<!--	Direct rewrites:
+				-->
+	<target host="creative.metalyzer.com" />
 
 
 	<securecookie host="^\.metalyzer\.com$" name=".+" />
 
 
-	<rule from="^http://creative\.metalyzer\.com/"
-		to="https://creative.metalyzer.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Metanet.ch.xml b/src/chrome/content/rules/Metanet.ch.xml
new file mode 100644
index 000000000000..fd4dd5437149
--- /dev/null
+++ b/src/chrome/content/rules/Metanet.ch.xml
@@ -0,0 +1,32 @@
+<!--
+	Nonfunctional hosts in *metanet.ch:
+
+		- notfall *
+
+	* "Site Temporarily Closed"
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.metanet.ch
+
+-->
+<ruleset name="Metanet.ch (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="metanet.ch" />
+	<target host="www.metanet.ch" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.metanet\.ch$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^www\.metanet\.ch$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Metasploit.xml b/src/chrome/content/rules/Metasploit.xml
index 1fdaf1626d59..1e4a12eadd94 100644
--- a/src/chrome/content/rules/Metasploit.xml
+++ b/src/chrome/content/rules/Metasploit.xml
@@ -1,21 +1,58 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://mail.metasploit.com/ => https://mail.metasploit.com/: (51, "SSL: no alternative certificate subject name matches target host name 'mail.metasploit.com'")
+
 	For other Rapid7 coverage, see Rapid7.xml.
 
 
-	Nonfunctional subdomains:
+	NB: Tor users cannot view* this website due to CloudFlare settings.
+
+	See:
+
+		- https://blog.torproject.org/blog/call-arms-helping-internet-services-accept-anonymous-users
+		- https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block-Tor-
+		- https://support.cloudflare.com/hc/en-us/articles/200170206-How-do-I-turn-I-m-Under-Attack-mode-on-
+
+	* without enabling javascript, for security and privacy implications see e.g.:
+
+		- https://www.mozilla.org/security/known-vulnerabilities/firefox.html
+		- https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-fingerprinting
+		- https://panopticlick.eff.org
 
-		- www		($ redirects to dev, other paths redirect to http)
+
+	These altnames don't exist:
+
+		- www.help.metasploit.com
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .metasploit.com
+		- www.metasploit.com
 
 -->
-<ruleset name="Metasploit (partial)">
+<ruleset name="Metasploit.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="metasploit.com" />
+	<target host="dev.metasploit.com" />
+	<target host="help.metasploit.com" />
+	<target host="mail.metasploit.com" />
+	<target host="www.metasploit.com" />
 
-	<target host="*.metasploit.com" />
 
+	<!--	Secured by server:
+					-->
+	<!--securecookie host="^\.metasploit\.com$" name="^(__cfduid|cf_clearance)$" /-->
+	<!--securecookie host="^www\.metasploit\.com$" name="^JSESSIONID$" /-->
 
+	<securecookie host="^\.metasploit\.com$" name="^(?:__cfduid|cf_clearance)$" />
 	<securecookie host="^dev\.metasploit\.com$" name=".+" />
 
 
-	<rule from="^http://(dev|mail)\.metasploit\.com/"
-		to="https://$1.metasploit.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Metcombank.ru.xml b/src/chrome/content/rules/Metcombank.ru.xml
new file mode 100644
index 000000000000..182b13014987
--- /dev/null
+++ b/src/chrome/content/rules/Metcombank.ru.xml
@@ -0,0 +1,29 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://metcombank.ru/ => https://metcombank.ru/: (51, "SSL: no alternative certificate subject name matches target host name 'metcombank.ru'")
+Fetch error: http://www.metcombank.ru/ => https://www.metcombank.ru/: (51, "SSL: no alternative certificate subject name matches target host name 'www.metcombank.ru'")
+Fetch error: http://cfo.metcombank.ru/ => https://cfo.metcombank.ru/: (7, 'Failed to connect to cfo.metcombank.ru port 443: Connection timed out')
+Fetch error: http://dbo.metcombank.ru/ => https://dbo.metcombank.ru/: (7, 'Failed to connect to dbo.metcombank.ru port 443: Connection timed out')
+
+business.metcombank.ru ¹
+cfotest.metcombank.ru ¹
+edo.metcombank.ru ³
+inserv.metcombank.ru ³
+mail1.metcombank.ru ³
+mail2.metcombank.ru ³
+sdo.metcombank.ru ¹
+vklad.metcombank.ru ¹
+
+
+¹ mismatch
+³ timed out
+-->
+<ruleset name="metcombank.ru" default_off="failed ruleset test">
+	<target host="metcombank.ru" />
+	<target host="www.metcombank.ru" />
+	<target host="cfo.metcombank.ru" />
+	<target host="dbo.metcombank.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MeteoCiel.fr.xml b/src/chrome/content/rules/MeteoCiel.fr.xml
new file mode 100644
index 000000000000..df6ff646a88e
--- /dev/null
+++ b/src/chrome/content/rules/MeteoCiel.fr.xml
@@ -0,0 +1,31 @@
+<!--
+	Invalid certificate:
+		forums.meteociel.fr
+		mail.meteociel.fr
+		modeles4.meteociel.fr
+		neige2.meteociel.fr
+		tchat.meteociel.fr
+		www2.meteociel.fr
+
+	No working URL known:
+		modeles5.meteociel.fr
+		modeles7.meteociel.fr
+
+	Unknown error:
+		modeles9.meteociel.fr
+
+-->
+<ruleset name="MeteoCiel.fr">
+
+	<target host="meteociel.fr" />
+	<target host="www.meteociel.fr" />
+	<target host="images.meteociel.fr" />
+	<target host="modeles.meteociel.fr" />
+	<target host="modeles2.meteociel.fr" />
+	<target host="modeles8.meteociel.fr" />
+	<target host="neige.meteociel.fr" />
+	<target host="static.meteociel.fr" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MeteoNews.xml b/src/chrome/content/rules/MeteoNews.xml
index 2c497bc0e4b9..c1f086eaef93 100644
--- a/src/chrome/content/rules/MeteoNews.xml
+++ b/src/chrome/content/rules/MeteoNews.xml
@@ -27,10 +27,10 @@
 -->
 <ruleset name="MeteoNews (partial)">
 
-	<target host="*.meteonews.net" />
+	<target host="js.meteonews.net" />
+	<target host="static-media.meteonews.net" />
 
 
-	<rule from="^http://(js|static-media)\.meteonews\.net/"
-		to="https://$1.meteonews.net/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Meteoalarm.eu.xml b/src/chrome/content/rules/Meteoalarm.eu.xml
new file mode 100644
index 000000000000..8b52f08e5066
--- /dev/null
+++ b/src/chrome/content/rules/Meteoalarm.eu.xml
@@ -0,0 +1,21 @@
+
+<!--
+    Mismatched:
+        - www3
+        - www4
+        - ftp
+        - mail
+        - web
+
+    Self-signed:
+        - test2
+-->
+<ruleset name="Meteoalarm.eu">
+	<target host="meteoalarm.eu" />
+	<target host="www.meteoalarm.eu" />
+	<target host="alerthub.meteoalarm.eu" />
+	<target host="googleexport.meteoalarm.eu" />
+	<target host="test.meteoalarm.eu" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Meteoprog.kz.xml b/src/chrome/content/rules/Meteoprog.kz.xml
new file mode 100644
index 000000000000..bb198a7710a4
--- /dev/null
+++ b/src/chrome/content/rules/Meteoprog.kz.xml
@@ -0,0 +1,41 @@
+<!--
+	^meteoprog.kz: 404
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.meteoprog.kz
+
+
+	Mixed content:
+
+		- css from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Meteoprog.kz">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.meteoprog.kz" />
+
+	<!--	Complications:
+				-->
+	<target host="meteoprog.kz" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.meteoprog\.kz$" name="^session$" /-->
+
+	<securecookie host="^www\.meteoprog\.kz$" name=".+" />
+
+
+	<rule from="^http://meteoprog\.kz/"
+		to="https://www.meteoprog.kz/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Meteor.com.xml b/src/chrome/content/rules/Meteor.com.xml
new file mode 100644
index 000000000000..197a8d5dff62
--- /dev/null
+++ b/src/chrome/content/rules/Meteor.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="Meteor.com">
+
+	<target host="meteor.com" />
+	<target host="www.meteor.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MeteorHacks.com.xml b/src/chrome/content/rules/MeteorHacks.com.xml
new file mode 100644
index 000000000000..12b64c843507
--- /dev/null
+++ b/src/chrome/content/rules/MeteorHacks.com.xml
@@ -0,0 +1,30 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://meteorhacks.com/ => https://meteorhacks.com/: (51, "SSL: no alternative certificate subject name matches target host name 'meteorhacks.com'")
+Fetch error: http://www.meteorhacks.com/ => https://www.meteorhacks.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.meteorhacks.com'")
+
+	Insecure cookies are set for these
+
+		- .meteorhacks.com
+
+-->
+<ruleset name="MeteorHacks.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="meteorhacks.com" />
+	<target host="www.meteorhacks.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.meteorhacks\.com$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.meteorhacks\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Method_Acting_Strasberg.com.xml b/src/chrome/content/rules/Method_Acting_Strasberg.com.xml
deleted file mode 100644
index 7e26727f45de..000000000000
--- a/src/chrome/content/rules/Method_Acting_Strasberg.com.xml
+++ /dev/null
@@ -1,26 +0,0 @@
-<!--
-	The Lee Strasberg Theatre & Film Institute - New York
-
-
-	Mixed content:
-
-		- css on www from fonts.googleapis.com *
-
-		- Images on www from www *
-
-	* Secured by us
-
--->
-<ruleset name="Method Acting Strasberg.com">
-
-	<target host="methodactingstrasberg.com" />
-	<target host="*.methodactingstrasberg.com" />
-
-
-	<securecookie host="^(?:w*\.)?methodactingstrasberg.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?methodactingstrasberg\.com/"
-		to="https://$1methodactingstrasberg.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Metin2.co.nz.xml b/src/chrome/content/rules/Metin2.co.nz.xml
deleted file mode 100644
index 9173c740942d..000000000000
--- a/src/chrome/content/rules/Metin2.co.nz.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	Mixed images from:
-
-		- arena-top100.com
-		- i.epvpimg.com
-		- gamingtop100.net	(web bug)
-
--->
-<ruleset name="Metin2.co.nz">
-
-	<target host="metin2.co.nz" />
-	<target host="*.metin2.co.nz" />
-
-
-	<securecookie host="^\.?metin2\.co\.nz$" name=".+" />
-
-
-	<rule from="^http://(www\.)?metin2\.co\.nz/"
-		to="https://$1metin2.co.nz/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Metooo.io.xml b/src/chrome/content/rules/Metooo.io.xml
new file mode 100644
index 000000000000..9ae8ee4286e3
--- /dev/null
+++ b/src/chrome/content/rules/Metooo.io.xml
@@ -0,0 +1,38 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://test.metooo.io/ => https://test.metooo.io/: (6, 'Could not resolve host: test.metooo.io')
+
+	CDN buckets:
+
+		- s3-eu-west-1.amazonaws.com/cdn.metooo.it/
+
+
+	Insecure cookies are set for these domains:
+
+		- .metooo.io
+
+-->
+<ruleset name="Metooo.io" default_off="failed ruleset test">
+
+	<target host="metooo.io" />
+	<target host="api.metooo.io" />
+	<target host="beta.metooo.io" />
+	<target host="en.metooo.io" />
+	<target host="it.metooo.io" />
+	<target host="test.metooo.io" />
+	<target host="www.metooo.io" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.metooo\.io$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\." name="^PHPSESSID$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Metrix.xml b/src/chrome/content/rules/Metrix.xml
index 4c04685ed731..31caafce0dff 100644
--- a/src/chrome/content/rules/Metrix.xml
+++ b/src/chrome/content/rules/Metrix.xml
@@ -1,12 +1,27 @@
-<ruleset name="Metrix">
+<!--
+	Insecure cookies are set for these domains and hosts:
 
+		- .metrix.net
+		- www.metrix.net
+
+-->
+<ruleset name="Metrix.net" default_off="mismatched">
+
+	<!--	Direct rewrites:
+				-->
 	<target host="metrix.net"/>
-	<target host="secure.metrix.net"/>
 	<target host="www.metrix.net"/>
 
-	<rule from="^http://(secure\.|www\.)?metrix\.net/"
-		to="https://secure.metrix.net/"/>
 
-	<securecookie host="^\.secure\.metrix\.net$" name=".*"/>
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.metrix\.net$" name="^SS_MID$" /-->
+	<!--securecookie host="^www\.metrix\.net$" name="^(?:JSESSINID|crumb)$" /-->
+
+	<securecookie host="^(?:www)?\.metrix\.net$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Metro.Istanbul.xml b/src/chrome/content/rules/Metro.Istanbul.xml
new file mode 100644
index 000000000000..2873272473e7
--- /dev/null
+++ b/src/chrome/content/rules/Metro.Istanbul.xml
@@ -0,0 +1,8 @@
+<ruleset name="Metro.Istanbul">
+	<target host="metro.istanbul" />
+	<target host="www.metro.istanbul" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Metro.co.uk.xml b/src/chrome/content/rules/Metro.co.uk.xml
new file mode 100644
index 000000000000..4d93b9a87544
--- /dev/null
+++ b/src/chrome/content/rules/Metro.co.uk.xml
@@ -0,0 +1,17 @@
+<!--
+	Non-functional hosts:
+		Certificate mismatched:
+		- f.metro.co.uk
+		- img.metro.co.uk
+		- s.metro.co.uk
+-->
+<ruleset name="Metro.co.uk">
+
+	<target host="metro.co.uk" />
+	<target host="www.metro.co.uk" />
+	<target host="static.metro.co.uk" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Metro.xml b/src/chrome/content/rules/Metro.xml
deleted file mode 100644
index a4c0961729fd..000000000000
--- a/src/chrome/content/rules/Metro.xml
+++ /dev/null
@@ -1,30 +0,0 @@
-<!--
-	www is handled in WordPress-blogs.xml.
-
-
-	CDN buckets:
-
-		- f.metro.co.uk.edgesuite.net
-		- img.metro.co.uk.edgesuite.net
-		- s.metro.co.uk.edgesuite.net
-
-
-	Problematic subdomains:
-
-		- (www.)	(wordpress)
-		- f *
-		- img *
-		- s *
-
-	* Akamai, works.
-
--->
-<ruleset name="Metro (partial)" default_off="akamai certificate">
-
-	<target host="*.metro.co.uk" />
-
-
-	<rule from="^http://(f|img|s)\.metro\.co\.uk/"
-		to="https://$1.metro.co.uk/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/MetroLyrics.xml b/src/chrome/content/rules/MetroLyrics.xml
index 21386dc6bb4d..4d698c5fddb0 100644
--- a/src/chrome/content/rules/MetroLyrics.xml
+++ b/src/chrome/content/rules/MetroLyrics.xml
@@ -5,13 +5,12 @@
 		- www	(Akamai; "An error occurred")
 
 -->
-<ruleset name="MetroLyrics (partial)" default_off="mismatch">
+<ruleset name="MetroLyrics (partial)" default_off="mismatched">
 
 	<target host="netstorage.metrolyrics.com" />
 
 
 	<!--	Akamai	-->
-	<rule from="^http://netstorage\.metrolyrics\.com/"
-		to="https://netstorage.metrolyrics.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Metro_Ethernet_Forum.com.xml b/src/chrome/content/rules/Metro_Ethernet_Forum.com.xml
deleted file mode 100644
index 07896c7cff61..000000000000
--- a/src/chrome/content/rules/Metro_Ethernet_Forum.com.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- jira	(refused)
-
--->
-<ruleset name="Metro Ethernet Forum.com (partial)">
-
-	<target host="metroethernetforum.com" />
-	<target host="*.metroethernetforum.com" />
-
-
-	<securecookie host="^(?:.*\.)?metroethernetforum\.com$" name=".+" />
-
-
-	<rule from="^http://(wiki\.|www\.)?metroethernetforum\.com/"
-		to="https://$1metroethernetforum.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Metrogroup.de.xml b/src/chrome/content/rules/Metrogroup.de.xml
new file mode 100644
index 000000000000..711a476013e5
--- /dev/null
+++ b/src/chrome/content/rules/Metrogroup.de.xml
@@ -0,0 +1,22 @@
+<!--
+metrogroup.de ²
+reports.metrogroup.de ¹
+berichte.metrogroup.de ¹
+politik.metrogroup.de ²
+maintenance.metrogroup.de ²
+
+
+¹ mismatch
+² refused
+-->
+<ruleset name="metrogroup.de">
+	<target host="www.metrogroup.de" />
+	<target host="properties.metrogroup.de" />
+
+	<target host="metrogroup.de" />
+
+	<rule from="^http://metrogroup\.de/"
+		to="https://www.metrogroup.de/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MetroidWiki.org.xml b/src/chrome/content/rules/MetroidWiki.org.xml
new file mode 100644
index 000000000000..b843a566d01e
--- /dev/null
+++ b/src/chrome/content/rules/MetroidWiki.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="MetroidWiki.org">
+	<target host="metroidwiki.org" />
+	<target host="www.metroidwiki.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Metropolia.fi.xml b/src/chrome/content/rules/Metropolia.fi.xml
index 133c07cbbca0..e71472d067c6 100644
--- a/src/chrome/content/rules/Metropolia.fi.xml
+++ b/src/chrome/content/rules/Metropolia.fi.xml
@@ -1,6 +1,7 @@
 <ruleset name="Metropolia University of Applied Sciences">
-    <target host="*.metropolia.fi" />
+    <target host="metropooli.metropolia.fi" />
+	<target host="moodle.metropolia.fi" />
 
 
-    <rule from="^http://(moodle|metropooli)\.metropolia\.fi/" to="https://$1.metropolia.fi/" />
+    <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Metropolnews.info.xml b/src/chrome/content/rules/Metropolnews.info.xml
new file mode 100644
index 000000000000..d27465076983
--- /dev/null
+++ b/src/chrome/content/rules/Metropolnews.info.xml
@@ -0,0 +1,19 @@
+<!--
+	Invalid certificate:
+		stage.metropolnews.info
+		wp.metropolnews.info
+-->
+<ruleset name="Metropolnews.info">
+
+	<target host="metropolnews.info" />
+	<target host="www.metropolnews.info" />
+
+	<securecookie host=".+" name=".+" />
+
+	<!-- Invalid certificate on https://metropolnews.info/.-->
+	<rule from="^http://metropolnews\.info/"
+		  to="https://www.metropolnews.info/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Metrotransit.org.xml b/src/chrome/content/rules/Metrotransit.org.xml
new file mode 100644
index 000000000000..cbd850d0c0f4
--- /dev/null
+++ b/src/chrome/content/rules/Metrotransit.org.xml
@@ -0,0 +1,6 @@
+<ruleset name="Metro Transit">
+  <target host="metrotransit.org" />
+  <target host="www.metrotransit.org" />
+
+  <rule from="^http://(?:www\.)?metrotransit\.org/" to="https://www.metrotransit.org/" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mew.xml b/src/chrome/content/rules/Mew.xml
index 8956dd06652f..9c83f962930a 100644
--- a/src/chrome/content/rules/Mew.xml
+++ b/src/chrome/content/rules/Mew.xml
@@ -4,7 +4,6 @@
 	<target host="www.mewsite.com" />
 
 
-	<rule from="^http://(www\.)?mewsite\.com/"
-		to="https://$1mewsite.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MewsNavigator.com.xml b/src/chrome/content/rules/MewsNavigator.com.xml
new file mode 100644
index 000000000000..065b8b7dfa41
--- /dev/null
+++ b/src/chrome/content/rules/MewsNavigator.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="MewsNavigator.com">
+	<target host="mewsnavigator.com" />
+	<target host="www.mewsnavigator.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mexicantears.com.xml b/src/chrome/content/rules/Mexicantears.com.xml
new file mode 100644
index 000000000000..b317ee71fd28
--- /dev/null
+++ b/src/chrome/content/rules/Mexicantears.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Mexicantears.com">
+	<target host="mexicantears.com" />
+	<target host="www.mexicantears.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mexicantears.de.xml b/src/chrome/content/rules/Mexicantears.de.xml
new file mode 100644
index 000000000000..3b3e55810eea
--- /dev/null
+++ b/src/chrome/content/rules/Mexicantears.de.xml
@@ -0,0 +1,6 @@
+<ruleset name="Mexicantears.de">
+	<target host="mexicantears.de" />
+	<target host="www.mexicantears.de" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mexicoleaks.mx.xml b/src/chrome/content/rules/Mexicoleaks.mx.xml
new file mode 100644
index 000000000000..c9cc285941b9
--- /dev/null
+++ b/src/chrome/content/rules/Mexicoleaks.mx.xml
@@ -0,0 +1,12 @@
+<ruleset name="Mexicoleaks.mx">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="mexicoleaks.mx" />
+	<target host="www.mexicoleaks.mx" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MeynConnect.xml b/src/chrome/content/rules/MeynConnect.xml
index 1b30cb3a9c8b..f2753712ed99 100644
--- a/src/chrome/content/rules/MeynConnect.xml
+++ b/src/chrome/content/rules/MeynConnect.xml
@@ -1,8 +1,13 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://meynconnect.com/ => https://www.meynconnect.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.meynconnect.com/ => https://www.meynconnect.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
 	Cert only matches www
 
 -->
-<ruleset name="MeynConnect">
+<ruleset name="MeynConnect" default_off="failed ruleset test">
 
 	<target host="meynconnect.com" />
 	<target host="www.meynconnect.com" />
@@ -11,7 +16,7 @@
 	<securecookie host="^www\.meynconnect\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?meynconnect\.com/"
+	<rule from="^http://(?:www\.)?meynconnect\.com/"
 		to="https://www.meynconnect.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Mg2_mobile.com.xml b/src/chrome/content/rules/Mg2_mobile.com.xml
new file mode 100644
index 000000000000..207cc2cfc699
--- /dev/null
+++ b/src/chrome/content/rules/Mg2_mobile.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="Mg2 mobile.com">
+
+	<target host="mg2mobile.com" />
+	<target host="lte.mg2mobile.com" />
+	<target host="www.mg2mobile.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mh21.de.xml b/src/chrome/content/rules/Mh21.de.xml
new file mode 100644
index 000000000000..1977928b4f32
--- /dev/null
+++ b/src/chrome/content/rules/Mh21.de.xml
@@ -0,0 +1,30 @@
+<!--
+	Nonfunctional hosts in *mh21.de:
+
+		- mail *
+		- owncloud *
+
+	* 404
+
+
+	www.mh21.de: 404
+
+-->
+<ruleset name="mh21.de (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="mh21.de" />
+
+	<!--	Complications:
+				-->
+	<target host="www.mh21.de" />
+
+
+	<rule from="^http://www\.mh21\.de/"
+		to="https://mh21.de/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mhcache.com.xml b/src/chrome/content/rules/Mhcache.com.xml
new file mode 100644
index 000000000000..bced74def858
--- /dev/null
+++ b/src/chrome/content/rules/Mhcache.com.xml
@@ -0,0 +1,15 @@
+<!--
+    Other MyHeritage rulesets:
+	    - Myheritage
+	    - Myheritageimages.com
+-->
+<ruleset name="MyHeritage Cache">
+    <target host="mhcache.com" />
+    <target host="www.mhcache.com" />
+    <target host="d.mhcache.com" />
+
+    <securecookie host="^(www\.|d\.)?mhcache.com" name=".+" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mi-ACLU.xml b/src/chrome/content/rules/Mi-ACLU.xml
new file mode 100644
index 000000000000..624ebd1f504b
--- /dev/null
+++ b/src/chrome/content/rules/Mi-ACLU.xml
@@ -0,0 +1,22 @@
+<!--
+
+	For other ACLU coverage, see ACLU.xml
+
+
+	Problematic domains:
+	- ^miaclu.org		(doesn't redirect properly)
+	- webmail.miaclu.org	(cert mismatch)
+
+-->
+<ruleset name="Mi ACLU">
+
+	<target host="miaclu.org" />
+	<target host="www.miaclu.org" />
+
+	<securecookie host="^www\.miaclu\.org$" name=".+" />
+
+	<rule from="^http://miaclu\.org/"
+		to="https://www.miaclu.org/" />
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mi-img.com.xml b/src/chrome/content/rules/Mi-img.com.xml
new file mode 100644
index 000000000000..c0eca9a0f66c
--- /dev/null
+++ b/src/chrome/content/rules/Mi-img.com.xml
@@ -0,0 +1,24 @@
+<!--
+	For other domains belong to xiaomi, see Xiaomi.com.xml
+
+	Mismatch:
+		cdn.video.browser.mi-img.com	https://cdn.video.browser.mi-img.com/css/9gNd0X6z.css
+		cdn.webapp.browser.mi-img.com	https://cdn.webapp.browser.mi-img.com/css/nQOMgLvB.css
+		cdn.hao.mi-img.com
+		f[1-5].market.mi-img.com
+		t[1-5].market.mi-img.com
+		s2.mi-img.com
+-->
+
+<ruleset name="Mi-img.com">
+	<target host="cdn.awsbj0.fds.api.mi-img.com" />
+	<target host="cdn.cnbj1.fds.api.mi-img.com" />
+		<test url="http://cdn.cnbj1.fds.api.mi-img.com/src/gift/17f2d18a3442813daa3f26ce2fad47.jpg" />
+	<target host="cdn.cnbj2.fds.api.mi-img.com" />
+	<target host="ssl-cdn.static.browser.mi-img.com" />
+		<test url="http://ssl-cdn.static.browser.mi-img.com/hao/y3Y4qgA6.png" />
+	<target host="s1.mi-img.com" />
+		<test url="http://s1.mi-img.com/mfsv2/download/s010/p01C7OFSjK7P/cvJe4YjyheKeU6.pdf" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mi.com.xml b/src/chrome/content/rules/Mi.com.xml
new file mode 100644
index 000000000000..373373f22aa5
--- /dev/null
+++ b/src/chrome/content/rules/Mi.com.xml
@@ -0,0 +1,97 @@
+<!--
+	For other domains belong to xiaomi, see Xiaomi.com.xml
+
+	Different http/https content:
+		home.mi.com	( /faq.html )
+		huanxin.mi.com	( https redirect to www. )
+
+	Failed:
+		designer.mi.com
+		pcsuite.mi.com
+
+	Invalid certificate:
+		www.mi.com
+		2048.mi.com
+		app.mi.com
+		br.mi.com
+		call.mi.com
+		cat.mi.com
+		cok.mi.com
+		e.mi.com
+		static.g.mi.com	( https://static.g.mi.com/pages/static/jquery-1.11.3.min.js )
+		1.hd.mi.com
+		hr.mi.com
+		jxsj.mi.com
+		live.mi.com
+		ljm.mi.com
+		mahjong.mi.com
+		mobile.mi.com
+		order.mi.com/$	( redirect to www. )
+		pong.mi.com
+		popo.mi.com
+		promo.mi.com
+		qiye.mi.com
+		tuan.qiye.mi.com
+		texas.mi.com
+		theme.mi.com
+		tv.mi.com
+		wyft.mi.com
+		s.zb.mi.com	( https://s.zb.mi.com/static/js/bower_components/jwplayer/jwplayer.js )
+		zuma.mi.com
+
+	MCB:
+		hd.mi.com	( https://hd.mi.com/y/11021d/index.html )
+
+	Redirect to http:
+		buy.mi.com
+		c.mi.com
+		act.e.mi.com
+		global.mi.com
+		mitu.mi.com
+		store.mi.com
+		suliao.mi.com
+		union.mi.com
+		xmcs.mi.com
+
+	Timeout:
+		^
+-->
+
+<ruleset name="Mi.com (partial)">
+	<!--Complication:-->
+	<target host="item.mi.com" />
+	<exclusion pattern="^http://item\.mi\.com/$" />
+		<test url="http://item.mi.com/buyphone/note4/" />
+
+	<target host="order.mi.com" />
+	<exclusion pattern="^http://order\.mi\.com/$" />
+		<test url="http://order.mi.com/misc/checkindex" />
+
+	<!--Directly:-->
+	<target host="service.10046.mi.com" />
+		<test url="http://service.10046.mi.com/mh/main_home/explan" />
+	<target host="sg.xms.d.mi.com" />
+	<target host="dev.mi.com" />
+	<target host="hd.mi.com" />
+	<target host="heyue.mi.com" />
+	<target host="a.huodong.mi.com" />
+		<test url="http://a.huodong.mi.com/msg/pick/axmuid/212413411" />
+	<target host="open.home.mi.com" />
+	<target host="i.mi.com" />
+	<target host="jr.mi.com" />
+	<target host="list.mi.com" />
+	<target host="mibi.mi.com" />
+	<target host="m.mibi.mi.com" />
+	<target host="s1.mi.com" />
+		<test url="http://s1.mi.com/js/xmst.js" />
+	<target host="static.mi.com" />
+		<test url="http://static.mi.com/cart/" />
+	<target host="unity.mi.com" />
+	<target host="dl.zb.mi.com" />
+		<test url="http://dl.zb.mi.com/3026185@style@480jpg" />
+	<target host="zbtupian.zb.mi.com" />
+		<test url="http://zbtupian.zb.mi.com/pic_85ae03f432b6d02ad49478fe22d0ed86_1478249515349.jpg" />
+	<target host="zg.mi.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mi4urinsk.ru.xml b/src/chrome/content/rules/Mi4urinsk.ru.xml
deleted file mode 100644
index 47f6cff5a758..000000000000
--- a/src/chrome/content/rules/Mi4urinsk.ru.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="Mi4urinsk.ru" default_off="self-signed">
-
-	<target host="mi4urinsk.ru" />
-	<target host="www.mi4urinsk.ru" />
-
-
-	<rule from="^http://(?:www\.)?mi4urinsk\.ru/"
-		to="https://mi4urinsk.ru/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/MiApple.me.xml b/src/chrome/content/rules/MiApple.me.xml
new file mode 100644
index 000000000000..de07c3c67b7f
--- /dev/null
+++ b/src/chrome/content/rules/MiApple.me.xml
@@ -0,0 +1,41 @@
+<!--
+	Nonfunctional hosts in *miapple.me:
+
+		- feeds *
+
+	* Handshake fails
+
+
+	www.miapple.me: Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- miapple.me
+
+-->
+<ruleset name="miApple.me (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="miapple.me" />
+
+	<!--	Complications:
+				-->
+	<target host="www.miapple.me" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^miapple\.me$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^miapple\.me$" name=".+" />
+
+
+	<rule from="^http://www\.miapple\.me/"
+		to="https://miapple.me/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MiKTEX.org.xml b/src/chrome/content/rules/MiKTEX.org.xml
new file mode 100644
index 000000000000..b6a9417ed61c
--- /dev/null
+++ b/src/chrome/content/rules/MiKTEX.org.xml
@@ -0,0 +1,22 @@
+<!--
+	Non-functional hosts
+		SSL connect error:
+		- www.miktex.org
+		- ieyasu.miktex.org
+
+-->
+<ruleset name="MiKTEX.org">
+	<target host="miktex.org" />
+	<target host="www.miktex.org" />
+	<target host="api.miktex.org" />
+	<target host="api2.miktex.org" />
+	<target host="build.miktex.org" />
+	<target host="docs.miktex.org" />
+	<target host="staging.miktex.org" />
+
+	<rule from="^http://www\.miktex\.org/"
+			to="https://miktex.org/" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MiTLS.org.xml b/src/chrome/content/rules/MiTLS.org.xml
new file mode 100644
index 000000000000..ba6798e8138c
--- /dev/null
+++ b/src/chrome/content/rules/MiTLS.org.xml
@@ -0,0 +1,9 @@
+<ruleset name="miTLS.org">
+
+	<target host="mitls.org" />
+	<target host="www.mitls.org" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mi_file.com.xml b/src/chrome/content/rules/Mi_file.com.xml
new file mode 100644
index 000000000000..b9c976567c3c
--- /dev/null
+++ b/src/chrome/content/rules/Mi_file.com.xml
@@ -0,0 +1,27 @@
+<!--
+	CDN buckets:
+
+		- d1ah52fdvzqem9.cloudfront.net	← static01.global
+
+			- 404s
+
+
+	Problematic hosts in *mifile.cn:
+
+		- static01.global ᵐ
+
+	ᵐ Cloudfront/mismatched
+
+-->
+<ruleset name="Mi file.cn (partial)">
+
+	<target host="global01.mifile.cn" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mibbit.xml b/src/chrome/content/rules/Mibbit.xml
index c42e808ec979..661a36ad133a 100644
--- a/src/chrome/content/rules/Mibbit.xml
+++ b/src/chrome/content/rules/Mibbit.xml
@@ -12,34 +12,31 @@
 
 	* 401, valid cert
 
-
-	Fully covered subdomains:
-
-		- (www.)
-
-		- chat subdomains:
-
-			- ^
-			- 02
-			- client01
-
-		- data
-		- search
-		- widget
-		- widget0[1-4]
-		- widgetmanager
-
 -->
-<ruleset name="Mibbit">
+<ruleset name="Mibbit.com">
 
 	<target host="mibbit.com" />
 	<target host="*.mibbit.com" />
 
+		<test url="http://chat.mibbit.com/" />
+		<test url="http://client00.chat.mibbit.com/" />
+		<test url="http://client01.chat.mibbit.com/" />
+		<test url="http://client02.chat.mibbit.com/" />
+		<test url="http://search.mibbit.com/" />
+		<test url="http://widget.mibbit.com/" />
+		<test url="http://widget01.mibbit.com/" />
+		<test url="http://widget02.mibbit.com/" />
+		<test url="http://widget03.mibbit.com/" />
+		<test url="http://widget04.mibbit.com/" />
+		<test url="http://widgetmanager.mibbit.com/" />
+		<test url="http://wiki.mibbit.com/" />
+		<test url="http://www.mibbit.com/" />
+
 
-	<securecookie host="^(?:.*\.)?mibbit.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://((?:chat|(?:02|client01)\.chat|data|search|widget(?:0\d|manager)?|www)\.)?mibbit\.com/"
+	<rule from="^http://((?:chat|(?:02|client0\d)\.chat|search|widget(?:0\d|manager)?|wiki|www)\.)?mibbit\.com/"
 		to="https://$1mibbit.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Mibew.org.xml b/src/chrome/content/rules/Mibew.org.xml
new file mode 100644
index 000000000000..02fcc50a0c13
--- /dev/null
+++ b/src/chrome/content/rules/Mibew.org.xml
@@ -0,0 +1,17 @@
+<ruleset name="Mibew.org">
+
+	<target host="mibew.org" />
+	<target host="www.mibew.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^mibew\.org$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^\.(www\.)?mibew\.org$" name="^ppqtrans_cookie_test$" /-->
+
+	<securecookie host="^(?:\.|\.www\.)?mibew\.org$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Micah_F_Lee.com.xml b/src/chrome/content/rules/Micah_F_Lee.com.xml
new file mode 100644
index 000000000000..f3e6bc395abd
--- /dev/null
+++ b/src/chrome/content/rules/Micah_F_Lee.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="Micah F Lee.com">
+
+	<target host="micahflee.com" />
+	<target host="www.micahflee.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Micasa.ch.xml b/src/chrome/content/rules/Micasa.ch.xml
new file mode 100644
index 000000000000..09578235f3e9
--- /dev/null
+++ b/src/chrome/content/rules/Micasa.ch.xml
@@ -0,0 +1,33 @@
+<!--
+	For other Migros coverage, see Migros.xml.
+
+	HTTP redirect:
+		- www.micasa.ch (static resources are working)
+
+	Mismatch:
+		- ^micasa.ch
+		- myhome.micasa.ch
+-->
+<ruleset name="Micasa.ch (partial)">
+	<target host="www.micasa.ch"/>
+	<target host="cdn1.micasa.ch"/>
+	<target host="cdn2.micasa.ch"/>
+	<target host="cdn3.micasa.ch"/>
+	<target host="cdn4.micasa.ch"/>
+
+	<exclusion pattern="^http://www\.micasa\.ch/$" />
+
+	<test url="http://www.micasa.ch/de/localizations.js" />
+	<test url="http://www.micasa.ch/js/micasa.js" />
+	<test url="http://www.micasa.ch/medias/sys_master/8860298117150.jpg" />
+	<test url="http://www.micasa.ch/static/templates/micasa/resources/js/stats/confWrapper.json" />
+	<test url="http://www.micasa.ch/static/templates/micasa/resources/stylesheets/images/logos/migros.png" />
+	<test url="http://www.micasa.ch/static/templates/micasa/resources/stylesheets/screen.css" />
+	<test url="http://www.micasa.ch/static/templates/shared/resources/stylesheets/fonts/helveticaneue-condensed-bold.woff" />
+	<test url="http://www.micasa.ch/static/templates/shared/resources/stylesheets/images/m.svg" />
+
+	<rule from="^http://www\.micasa\.ch/([\.\-/%\w]+)\.(css|jpg|js|json|png|svg|woff)$"
+		to="https://www.micasa.ch/$1.$2" />
+	<rule from="^http://cdn([1-4])\.micasa\.ch/"
+		to="https://cdn$1.micasa.ch/" />
+</ruleset>
diff --git a/src/chrome/content/rules/Michael_W_Lucas.com.xml b/src/chrome/content/rules/Michael_W_Lucas.com.xml
index a361fdd9600a..8a9cbee50759 100644
--- a/src/chrome/content/rules/Michael_W_Lucas.com.xml
+++ b/src/chrome/content/rules/Michael_W_Lucas.com.xml
@@ -12,7 +12,6 @@
 	<target host="www.michaelwlucas.com" />
 
 
-	<rule from="^http://(www\.)?michaelwlucas\.com/"
-		to="https://$1michaelwlucas.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Michal_Hrusecky.xml b/src/chrome/content/rules/Michal_Hrusecky.xml
index 622b695e8984..6a0c9a95218b 100644
--- a/src/chrome/content/rules/Michal_Hrusecky.xml
+++ b/src/chrome/content/rules/Michal_Hrusecky.xml
@@ -1,17 +1,33 @@
 <!--
-	!www: cert only matches *.hrusecky.net
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- hrusecky.net
+		- arch.jan.hrusecky.net
+		- architecture.jan.hrusecky.net
+		- photo.jan.hrusecky.net
+		- people.photo.jan.hrusecky.net
+		- www.michal.hrusecky.net
+		- queeg.hrusecky.net
+		- sobas.hrusecky.net
+		- www.sobas.hrusecky.net
+		- svatba.hrusecky.net
+		- fotky.svatba.hrusecky.net
+		- www.svatba.hrusecky.net
+		- www.hrusecky.net
 
--->
-<ruleset name="Michal Hrušecký" platform="cacert">
-
-	<target host="hrusecky.net" />
-	<target host="*.hrusecky.net" />
+		Peer certificate cannot be authenticated with given CA certificates:
+		- analytics.hrusecky.net
+		- piwik.hrusecky.net
 
+		Incomplete certificate chain error:
+		- friends.hrusecky.net
+		- mail.hrusecky.net
 
-	<rule from="^http://(?:www\.)?hrusecky\.net/"
-		to="https://www.hrusecky.net/" />
-
-	<rule from="^http://michal\.hrusecky\.net/"
-		to="https://michal.hrusecky.net/" />
+		Mixed content blocking (MCB) triggered:
+		- michal.hrusecky.net
+-->
+<ruleset name="Michal Hrušecký" platform="mixedcontent">
+	<target host="michal.hrusecky.net" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MichelbergerHotel.com.xml b/src/chrome/content/rules/MichelbergerHotel.com.xml
new file mode 100644
index 000000000000..6405bd4a965e
--- /dev/null
+++ b/src/chrome/content/rules/MichelbergerHotel.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Self-signed:
+		- mail
+		- shop
+		- store
+		- vpn
+
+	michelbergerhotel.com has both a wildcard DNS record and a wildcard certificate, so enumerating all subdomains is impossible.
+-->
+<ruleset name="MichelbergerHotel.com">
+	<target host="michelbergerhotel.com" />
+	<target host="www.michelbergerhotel.com" />
+	<target host="archive.michelbergerhotel.com" />
+	<target host="beta.michelbergerhotel.com" />
+	<target host="download.michelbergerhotel.com" />
+	<target host="festival.michelbergerhotel.com" />
+	<target host="goto.michelbergerhotel.com" />
+	<target host="info.michelbergerhotel.com" />
+	<target host="m.michelbergerhotel.com" />
+	<target host="src.michelbergerhotel.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MichelbergerMonkey.com.xml b/src/chrome/content/rules/MichelbergerMonkey.com.xml
new file mode 100644
index 000000000000..e273791b5741
--- /dev/null
+++ b/src/chrome/content/rules/MichelbergerMonkey.com.xml
@@ -0,0 +1,14 @@
+<!--
+	Mismatched:
+		- hostmaster
+		- m
+		- store
+-->
+<ruleset name="MichelbergerMonkey.com">
+	<target host="michelbergermonkey.com" />
+	<target host="www.michelbergermonkey.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Michelle-Bridges-12-Week-Body-Transformation.xml b/src/chrome/content/rules/Michelle-Bridges-12-Week-Body-Transformation.xml
deleted file mode 100644
index e1a8e73f1d59..000000000000
--- a/src/chrome/content/rules/Michelle-Bridges-12-Week-Body-Transformation.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- public	(404)
-
--->
-<ruleset name="Michelle Bridges 12 Week Body Transformation (partial)">
-
-	<target host="12wbt.com" />
-	<target host="*.12wbt.com" />
-		<!--
-			Many paths redirect to http.  There may
-			be more than are handled here that don't.
-									-->
-		<exclusion pattern="^http://(?:www\.)?12wbt\.com/(?!assets/|(?:login|sign-up)(?:$|[\?/]))" />
-		<exclusion pattern="^http://shop\.12wbt\.com/(?!assets/|spree/)" />
-
-
-	<rule from="^http://(images\.|shop\.|www\.)?12wbt\.com/"
-		to="https://$112wbt.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Michigan_Campus_Compact.xml b/src/chrome/content/rules/Michigan_Campus_Compact.xml
index 8c69ed20cc3c..0062e12ee751 100644
--- a/src/chrome/content/rules/Michigan_Campus_Compact.xml
+++ b/src/chrome/content/rules/Michigan_Campus_Compact.xml
@@ -14,4 +14,4 @@
 	<rule from="^http://(?:www\.)?micampuscompact\.org/"
 		to="https://micampuscompact.org/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Michigan_Nonprofit_Association.xml b/src/chrome/content/rules/Michigan_Nonprofit_Association.xml
index ce9f5749e8c6..b9a761ee22f0 100644
--- a/src/chrome/content/rules/Michigan_Nonprofit_Association.xml
+++ b/src/chrome/content/rules/Michigan_Nonprofit_Association.xml
@@ -1,13 +1,13 @@
 <!--
-	Problematic subdomains:
-
+	Certificate Expired:
 		- mnaadmin	($ redirects to www; mismatched, CN: www.mnaonline.org)
 
 -->
 <ruleset name="Michigan Nonprofit Association (partial)">
 
 	<target host="mnaonline.org" />
-	<target host="*.mnaonline.org" />
+	<target host="www.mnaonline.org" />
+	<!-- <target host="mnaadmin.mnaonline.org" /> -->
 
 
 	<securecookie host="^(?:www\.)?mnaonline\.org$" name=".+" />
@@ -16,7 +16,9 @@
 	<rule from="^http://(www\.)?mnaonline\.org/"
 		to="https://$1mnaonline.org/" />
 
-	<rule from="^http://mnaadmin\.mnaonline\.org/(cmi|CMI)mages/"
-		to="https://www.mnaonline.org/$1mages/" />
+	<!--
+    cert expired:
+    <rule from="^http://mnaadmin\.mnaonline\.org/(cmi|CMI)mages/"
+		to="https://www.mnaonline.org/$1mages/" /> -->
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MicroAd.co.jp.xml b/src/chrome/content/rules/MicroAd.co.jp.xml
new file mode 100644
index 000000000000..1b12fca0ee3c
--- /dev/null
+++ b/src/chrome/content/rules/MicroAd.co.jp.xml
@@ -0,0 +1,34 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://careers.microad.co.jp/ => https://careers.microad.co.jp/: (6, 'Could not resolve host: careers.microad.co.jp')
+
+	For more MicroAd, Inc related ruleset, see MicroAdInc.com.xml
+
+	Non-functional hosts
+		Timeout was reached:
+			 - mail1.microad.co.jp
+			 - ns1.microad.co.jp
+
+		Peer certificate cannot be authenticated with given CA certificates:
+			 - president.microad.co.jp
+
+		4xx client error:
+			 - app.microad.co.jp
+-->
+<ruleset name="MicroAd.co.jp" default_off="failed ruleset test">
+	<target host="microad.co.jp" />
+	<target host="www.microad.co.jp" />
+	<target host="careers.microad.co.jp" />
+	<target host="ceo.microad.co.jp" />
+	<target host="magic.microad.co.jp" />
+	<target host="recruit.microad.co.jp" />
+	<target host="recruit-blog.microad.co.jp" />
+	<target host="salesblog.microad.co.jp" />
+	<target host="ssa.microad.co.jp" />
+	<target host="universe.microad.co.jp" />
+	<target host="universeblog.microad.co.jp" />
+	<target host="vdivpn.microad.co.jp" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MicroAd.jp.xml b/src/chrome/content/rules/MicroAd.jp.xml
index 4642fa6cfa63..5e981eb2aeba 100644
--- a/src/chrome/content/rules/MicroAd.jp.xml
+++ b/src/chrome/content/rules/MicroAd.jp.xml
@@ -1,44 +1,110 @@
 <!--
-	Problematic subdomains:
-
-		- d-cache	(reset)
-
-
-	Fully covered subdomains:
-
-		- (www.)
-		- d-cache	(→ d-track.send)
-		- send
-		- d-track.send
-
-
-	Mixed content:
-
-		- Image on www from www *
-		- Web bug, on www from:
-
-			- send *
-			- pixel.adbuyer.com *
-
-	* Secured by us
-
-
-	Web bugs.
-
+	For more MicroAd, Inc related ruleset, see MicroAdInc.com.xml
+
+	Non-functional hosts
+		Couldn't resolve host name:
+			 - b.send.microad.jp
+			 - dex.dsp.send.microad.jp
+			 - stgadfunnel.microad.jp
+
+		Timeout was reached:
+			 - a-rtb.microad.jp
+			 - advertiser.microad.jp
+			 - js.atf.microad.jp
+			 - ori.cache.microad.jp
+			 - dex.microad.jp
+			 - ex1.microad.jp
+			 - ma-mail02.microad.jp
+			 - mmt.microad.jp
+			 - mobile.microad.jp
+			 - adf.send.microad.jp
+			 - adfp.send.microad.jp
+			 - adn.send.microad.jp
+			 - ld.send.microad.jp
+			 - s-dsp.send.microad.jp
+			 - spvsc.send.microad.jp
+			 - vsc.send.microad.jp
+			 - stgvasco.microad.jp
+			 - svn.microad.jp
+			 - target.microad.jp
+
+		SSL connect error:
+			 - help.blade.microad.jp
+
+		SSL peer certificate or SSH remote key was not OK:
+			 - adblog.microad.jp
+			 - associate.microad.jp
+			 - log.atf.microad.jp
+			 - blog.microad.jp
+			 - cache.microad.jp
+			 - image-adf.microad.jp
+			 - image-vsc.microad.jp
+			 - msend.microad.jp
+			 - rmad.microad.jp
+			 - vasco.send.microad.jp
+			 - cache.ssend.microad.jp
+			 - cm.ssend.microad.jp
+			 - dsp.ssend.microad.jp
+
+		Peer certificate cannot be authenticated with given CA certificates:
+			 - adfunnel.microad.jp
+			 - adfunnel2.microad.jp
+			 - adtest.microad.jp
+			 - bsc.microad.jp
+			 - engineer.microad.jp
+			 - intro.microad.jp
+			 - labs.microad.jp
+			 - mav.microad.jp
+			 - mgv.microad.jp
+			 - mrs.microad.jp
+
+		Status code mismatch:
+			 - send.microad.jp:443
+
+		4xx client error:
+			 - linx.microad.jp
+			 - app-rd.send.microad.jp
+			 - static.engage.send.microad.jp
+			 - linx.send.microad.jp
+			 - track.send.microad.jp
+			 - universe.send.microad.jp
 -->
 <ruleset name="MicroAd.jp">
-
 	<target host="microad.jp" />
-	<target host="*.microad.jp" />
-
-
-	<securecookie host="^\.(?:send\.)?microad\.jp$" name=".+" />
-
-
-	<rule from="^http://((?:d-track\.)?send\.|www\.)?microad\.jp/"
-		to="https://$1microad.jp/" />
-
-	<rule from="^http://d-cache\.microad\.jp/"
-		to="https://d-track.send.microad.jp/" />
-
-</ruleset>
\ No newline at end of file
+	<target host="www.microad.jp" />
+	<target host="adfunnel3.microad.jp" />
+	<target host="blade.microad.jp" />
+	<target host="compass.microad.jp" />
+	<target host="help.compass.microad.jp" />
+	<target host="d-cache.microad.jp" />
+	<target host="d-rtb.microad.jp" />
+	<target host="engage.microad.jp" />
+	<target host="irlist.microad.jp" />
+	<target host="item.microad.jp" />
+	<target host="linx-cache.microad.jp" />
+	<target host="prcache.microad.jp" />
+	<target host="prlist.microad.jp" />
+	<target host="send.microad.jp" />
+	<target host="aid.send.microad.jp" />
+	<target host="cache.send.microad.jp" />
+	<target host="cm.send.microad.jp" />
+	<target host="d-track.send.microad.jp" />
+	<target host="deb.send.microad.jp" />
+	<target host="dex.send.microad.jp" />
+	<target host="dsp.send.microad.jp" />
+	<target host="engage.send.microad.jp" />
+	<target host="rtbtest.send.microad.jp" />
+	<target host="s.send.microad.jp" />
+	<target host="s-cm.send.microad.jp" />
+	<target host="s-cs.send.microad.jp" />
+	<target host="s-rtb.send.microad.jp" />
+	<target host="ssp.send.microad.jp" />
+	<target host="smart.microad.jp" />
+	<target host="ssend.microad.jp" />
+	<target host="ssp.microad.jp" />
+	<target host="vasco.microad.jp" />
+	<target host="vasco2.microad.jp" />
+	<target host="vasco3.microad.jp" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MicroAd.net.xml b/src/chrome/content/rules/MicroAd.net.xml
new file mode 100644
index 000000000000..945380b041aa
--- /dev/null
+++ b/src/chrome/content/rules/MicroAd.net.xml
@@ -0,0 +1,18 @@
+<!--
+	For more MicroAd, Inc related ruleset, see MicroAdInc.com.xml
+
+	Non-functional hosts
+		Certificate mismatch:
+			- microad.net
+			- www.microad.net
+
+		Server not found:
+			- ori.microad.net
+-->
+<ruleset name="MicroAd.net">
+	<target host="i.microad.net" />
+	<target host="j.microad.net" />
+	<target host="jgl.microad.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MicroAd.vn.xml b/src/chrome/content/rules/MicroAd.vn.xml
new file mode 100644
index 000000000000..2337fc40aadd
--- /dev/null
+++ b/src/chrome/content/rules/MicroAd.vn.xml
@@ -0,0 +1,9 @@
+<!--
+	For more MicroAd, Inc related ruleset, see MicroAdInc.com.xml
+-->
+<ruleset name="MicroAd.vn">
+	<target host="microad.vn" />
+	<target host="www.microad.vn" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MicroAdInc.com.xml b/src/chrome/content/rules/MicroAdInc.com.xml
new file mode 100644
index 000000000000..24b997e6a5ff
--- /dev/null
+++ b/src/chrome/content/rules/MicroAdInc.com.xml
@@ -0,0 +1,27 @@
+<!--
+	MicroAd, Inc related rulesets:
+		- MicroAd.co.jp.xml
+		- MicroAd.jp.xml
+		- MicroAd.vn.xml
+		- MicroAd.net.xml
+
+	Non-functional hosts
+		Certificate mismatch:
+			- send.microadinc.com
+-->
+<ruleset name="MicroAdInc.com" >
+	<target host="d-cache.microadinc.com" />
+	<target host="d-rtb.microadinc.com" />
+
+	<target host="prcache.microadinc.com" />
+	<target host="prlist.microadinc.com" />
+
+	<target host="cache.send.microadinc.com" />
+	<target host="cm.send.microadinc.com" />
+	<target host="d-track.send.microadinc.com" />
+	<target host="dsp.send.microadinc.com" />
+	<target host="ssp.send.microadinc.com" />
+	<target host="s-rtb.send.microadinc.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Micro_Focus.com.xml b/src/chrome/content/rules/Micro_Focus.com.xml
new file mode 100644
index 000000000000..ac3a0c58016c
--- /dev/null
+++ b/src/chrome/content/rules/Micro_Focus.com.xml
@@ -0,0 +1,86 @@
+<!--
+	Other Micro Focus rulesets:
+
+		- Attachmate.xml
+		- Attachmate-Group.xml
+		- Expanded_Support.com.xml
+		- NetIQ.xml
+		- Novell.xml
+		- OpenSUSE.xml
+		- SUSE.xml
+		- SUSE_Studio.com.xml
+
+
+	Nonfunctional hosts:
+
+		- investors *
+		- partnerportal *
+		- trainingstore *
+
+	* Refused
+
+
+	Problematic hosts:
+
+		- ^ *
+		- online *
+		- images.online *
+
+	* Mismatched
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .microfocus.com
+		- www.microfocus.com
+
+
+	Mixed content:
+
+		- Image, on:
+
+			- community from microfocustest.telligenthosting.net ¹
+			- online from images.online.microfocus.com ²
+			- online from now.eloqua.com ²
+			- online from img.en25.com ²
+
+		- Bug on supportline from s7.addthis.com ²
+
+	¹ Unsecurable <= dropped
+	² Secured by us
+
+-->
+<ruleset name="Micro Focus.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="community.microfocus.com" />
+	<target host="supportline.microfocus.com" />
+	<target host="www.microfocus.com" />
+
+	<!--	Complications:
+				-->
+	<target host="microfocus.com" />
+	<target host="images.online.microfocus.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.microfocus\.com$" name="^AuthorizationCookie$" /-->
+	<!--securecookie host="^www\.microfocus\.com$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^www\.microfocus\.com$" name=".+" />
+
+
+	<rule from="^http://microfocus\.com/"
+		to="https://www.microfocus.com/" />
+
+	<rule from="^http://images\.online\.microfocus\.com/"
+		to="https://secure.eloqua.com/" />
+
+		<test url="http://images.online.microfocus.com//" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Micro_Polia.xml b/src/chrome/content/rules/Micro_Polia.xml
index e51d5cc9b729..872d1e3123a7 100644
--- a/src/chrome/content/rules/Micro_Polia.xml
+++ b/src/chrome/content/rules/Micro_Polia.xml
@@ -1,19 +1,22 @@
+
 <!--
-	Nonfunctional subdomains:
+Disabled by https-everywhere-checker because:
+Fetch error: http://idp.micropolia.com/ => https://idp.micropolia.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 
-		- ^	(mismatched, CN: *.micropolia.com)
-		- www	(redirects to idp, valid cert)
+	(www.)?micropolia.com: 401
 
 -->
-<ruleset name="Micro Polia (partial)">
+<ruleset name="Micro Polia.com (partial)" default_off="failed ruleset test">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="idp.micropolia.com" />
 
 
 	<securecookie host="^idp\.micropolia\.com$" name=".+" />
 
 
-	<rule from="^http://idp\.micropolia\.com/"
-		to="https://idp.micropolia.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Micro_Python.org.xml b/src/chrome/content/rules/Micro_Python.org.xml
new file mode 100644
index 000000000000..32c050cff223
--- /dev/null
+++ b/src/chrome/content/rules/Micro_Python.org.xml
@@ -0,0 +1,28 @@
+<!--
+	Nonfunctional hosts in *micropython.org:
+
+		- forum *
+		- wiki *
+
+	* Shows mail.dpgeorge.net
+
+
+	Problematic hosts in *micropython.org:
+
+		- docs *
+
+	* Read the Docs
+
+-->
+<ruleset name="Micro Python.org (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="micropython.org" />
+	<target host="www.micropython.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Microblink.com.xml b/src/chrome/content/rules/Microblink.com.xml
new file mode 100644
index 000000000000..afa70ecc3af8
--- /dev/null
+++ b/src/chrome/content/rules/Microblink.com.xml
@@ -0,0 +1,19 @@
+<!--
+	Other microblink rulesets:
+
+		- PhotoMath.net.xml
+		- PhotoPay.net.xml
+
+-->
+<ruleset name="microblink.com">
+
+	<target host="microblink.com" />
+	<target host="www.microblink.com" />
+
+
+	<securecookie host="^\.microblink\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Microchip_Direct.com.xml b/src/chrome/content/rules/Microchip_Direct.com.xml
index 66e831c246f5..1560a1de14e9 100644
--- a/src/chrome/content/rules/Microchip_Direct.com.xml
+++ b/src/chrome/content/rules/Microchip_Direct.com.xml
@@ -13,7 +13,7 @@
 	<target host="www.microchipdirect.com" />
 
 
-	<securecookie host="^www\.microchipdirect\.com$$" name=".+" />
+	<securecookie host="^www\.microchipdirect\.com$" name=".+" />
 
 
 	<!--	Server drops path and args:
diff --git a/src/chrome/content/rules/Microcorruption.com.xml b/src/chrome/content/rules/Microcorruption.com.xml
new file mode 100644
index 000000000000..7858defd7ba4
--- /dev/null
+++ b/src/chrome/content/rules/Microcorruption.com.xml
@@ -0,0 +1,23 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- microcorruption.com
+		- www.microcorruption.com
+
+-->
+<ruleset name="microcorruption.com">
+
+	<target host="microcorruption.com" />
+	<target host="www.microcorruption.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?microcorruption\.com$" name="^_cpuctf_session$" /-->
+
+	<securecookie host="^(?:www\.)?microcorruption\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Microgaming.xml b/src/chrome/content/rules/Microgaming.xml
deleted file mode 100644
index 1bed2534c728..000000000000
--- a/src/chrome/content/rules/Microgaming.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	^tickerassist.co.uk doesn't exist
-
--->
-<ruleset name="Microgaming">
-
-	<target host="www.tickerassist.co.uk" />
-
-
-	<securecookie host="^www\.tickerassist\.co\.uk$" name=".+" />
-
-
-	<rule from="^http://www\.tickerassist\.co\.uk/"
-		to="https://www.tickerassist.co.uk/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/MicropartsUSA.xml b/src/chrome/content/rules/MicropartsUSA.xml
index 399a8385254c..d1cb7e6e64fe 100644
--- a/src/chrome/content/rules/MicropartsUSA.xml
+++ b/src/chrome/content/rules/MicropartsUSA.xml
@@ -1,10 +1,23 @@
-<ruleset name="MicropartsUSA">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://micropartsusa.com/ => https://micropartsusa.com/: (28, 'Operation timed out after 0 milliseconds with 0 out of 0 bytes received')
+Fetch error: http://www.micropartsusa.com/ => https://www.micropartsusa.com/: (28, 'Operation timed out after 0 milliseconds with 0 out of 0 bytes received')
+
+-->
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://micropartsusa.com/ => https://micropartsusa.com/: (28, 'Operation timed out after 0 milliseconds with 0 out of 0 bytes received')
+Fetch error: http://www.micropartsusa.com/ => https://www.micropartsusa.com/: (28, 'Operation timed out after 0 milliseconds with 0 out of 0 bytes received')
+
+-->
+<ruleset name="MicropartsUSA" default_off="failed ruleset test">
 
 	<target host="micropartsusa.com" />
 	<target host="www.micropartsusa.com" />
 
 
-	<rule from="^http://(www\.)?micropartsusa\.com/"
-		to="https://$1micropartsusa.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Microsoft-Atlas.xml b/src/chrome/content/rules/Microsoft-Atlas.xml
index 6f8bc659c295..435fde8f1349 100644
--- a/src/chrome/content/rules/Microsoft-Atlas.xml
+++ b/src/chrome/content/rules/Microsoft-Atlas.xml
@@ -1,5 +1,13 @@
+
 <!--
-	For other Microsoft coverage, see Microsoft.xml.
+Disabled by https-everywhere-checker because:
+Fetch error: http://c.atdmt.com/ => https://c.atdmt.com/: (51, "SSL: no alternative certificate subject name matches target host name 'c.atdmt.com'")
+Fetch error: http://c1.atdmt.com/ => https://c1.atdmt.com/: (51, "SSL: no alternative certificate subject name matches target host name 'c1.atdmt.com'")
+Fetch error: http://flex.atdmt.com/ => https://flex.atdmt.com/: (6, 'Could not resolve host: flex.atdmt.com')
+Fetch error: http://rad.atdmt.com/ => https://rad.atdmt.com/: (51, "SSL: no alternative certificate subject name matches target host name 'rad.atdmt.com'")
+Non-2xx HTTP code: http://h.atdmt.com/ (200) => https://h.bing.com/ (403)
+
+	For other Facebook coverage, see Facebook.xml.
 
 
 	CDN buckets:
@@ -9,31 +17,67 @@
 		- atlasdmt.vo.msecnd.net
 
 			- cdn.atdmt.com
-	
 
-	Problematic subdomains:
+
+	Problematic hosts in *atdmt.com:
 
 		- cdn		(mismatched, CN: *.sharepointonline.com)
+		- h ¹
+		- img ²
 		- exch-eu	(mismatched, CN: view.atdmt.com)
 		- spe		(akamai)
 
+	¹ Mismatched
+	² Server sends no certificate chain, see https://whatsmychaincert.com
+
+
+	Insecure cookies are set for these domains: ᶜ
+
+		- .atdmt.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
 
 	c.atdmt.com sets MUID wildcard cookie on
 	whichever domain it is loaded from.
 
 -->
-<ruleset name="Microsoft Atlas">
+<ruleset name="Atdmt.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ad.atdmt.com" />
+	<target host="c.atdmt.com" />
+	<target host="c1.atdmt.com" />
+	<target host="clk.atdmt.com" />
+	<target host="flex.atdmt.com" />
+	<target host="iact.atdmt.com" />
+	<target host="rad.atdmt.com" />
+	<target host="sact.atdmt.com" />
+	<target host="switch.atdmt.com" />
+	<target host="view.atdmt.com" />
+
+		<!--	Sets cookie without Secure:
+							-->
+		<!--test url="http://ad.atdmt.com/m/img;m=;cache=?revenue=&amp;order_id=&amp;qty=&amp;currency_code=&amp;country=&amp;region=&amp;product=" /-->
+
+	<!--	Complications:
+				-->
+	<target host="cdn.atdmt.com" />
+	<target host="exch-eu.atdmt.com" />
+	<target host="h.atdmt.com" />
 
-	<target host="*.atdmt.com" />
 		<exclusion pattern="^http://view\.atdmt\.com/action/windows_downloads_Upgrade" />
 
+			<test url="http://view.atdmt.com/action/windows_downloads_Upgrade" />
+
 
-	<!--securecookie host="^\.atdmt\.com$" name="^(AA002|MUID)$" /-->
-	<securecookie host="^(?:.*\.)?atdmt\.com$" name=".+" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.atdmt\.com$" name="^(?:AA002|ATN|MUID)$" /-->
 
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(c1?|clk|flex|h|image|rad|switch|view)\.atdmt\.com/"
-		to="https://$1.atdmt.com/" />
 
 	<rule from="^http://cdn\.atdmt\.com/"
 		to="https://atlasdmt.vo.msecnd.net/" />
@@ -41,10 +85,10 @@
 	<rule from="^http://exch-eu\.atdmt\.com/"
 		to="https://view.atdmt.com/" />
 
-	<rule from="^http://img\.atdmt\.com/"
-		to="https://a248.e.akamai.net/img.atdmt.com/" />
+	<rule from="^http://h\.atdmt\.com/"
+		to="https://h.bing.com/" />
 
-	<rule from="^http://spe\.atdmt\.com/"
-		to="https://image.atdmt.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Microsoft-mixedcontent.xml b/src/chrome/content/rules/Microsoft-mixedcontent.xml
deleted file mode 100644
index 5cb81b1279e7..000000000000
--- a/src/chrome/content/rules/Microsoft-mixedcontent.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<ruleset name="Microsoft (mixed content)" platform="mixedcontent">
-	<target host="blogs.msdn.com" />
-    <target host="www.microsoft.com" />
-
-	<!--    https://trac.torproject.org/projects/tor/ticket/5754    -->
-	<exclusion pattern="^https?://blogs\.msdn\.com/.*\?Redirected=true" />		
-	
-	<!--	Attempted workaround for
-
-		https://trac.torproject.org/projects/tor/ticket/5754
-				-->
-	<rule from="^https?://blogs\.msdn\.com/(.*(?:\.aspx|\.xml|/))?$"
-		to="https://blogs.msdn.com/$1?Redirected=true" />
-
-    <!-- Many things on www.microsoft.com, including Visual Studio, cause mixed content
-         https://trac.torproject.org/projects/tor/ticket/9305 -->
-    <rule from="^http://www\.microsoft\.com/" to="https://www.microsoft.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Microsoft.com-problematic.xml b/src/chrome/content/rules/Microsoft.com-problematic.xml
new file mode 100644
index 000000000000..a422f04552f1
--- /dev/null
+++ b/src/chrome/content/rules/Microsoft.com-problematic.xml
@@ -0,0 +1,32 @@
+<!--
+	For rules that are on by default, see Microsoft.xml.
+
+
+	Fully covered hosts in *microsoft.com:
+
+		- adcenter
+		- (www.)?update		(^ → www)
+
+-->
+<ruleset name="Microsoft.com (untrusted root)" default_off="expired, mismatched, untrusted root">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="widgets.membership.microsoft.com" />
+	<target host="www.update.microsoft.com" />
+	<target host="store.microsoft.com" />
+
+	<!--	Complications:
+				-->
+	<target host="update.microsoft.com" />
+	<target host="windowsupdate.microsoft.com" />
+	<target host="v4.windowsupdate.microsoft.com" />
+	<target host="v5.windowsupdate.microsoft.com" />
+
+
+	<rule from="^http://(?:(?:[45]\.)?windows)?update\.microsoft\.com/"
+		to="https://www.update.microsoft.com/" />
+
+	<rule from="^http:"	to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Microsoft.xml b/src/chrome/content/rules/Microsoft.xml
index 982e8de94355..5af9697a22ab 100644
--- a/src/chrome/content/rules/Microsoft.xml
+++ b/src/chrome/content/rules/Microsoft.xml
@@ -1,87 +1,193 @@
+
 <!--
-	For problematic rules, see Microsoft-mismatches.xml.
+The following targets have been disabled at 2020-09-25 16:20:22:
 
+Fetch error: http://preview.bingads.microsoft.com/ => https://preview.bingads.microsoft.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://sxp.microsoft.com/ => https://sxp.microsoft.com/: (6, 'Could not resolve host: sxp.microsoft.com')
+Time: 2020-09-25 16:20:22
+ Fetch error: http://spcache.microsoft.com/ => https://www.microsoft.com/: (6, 'Could not resolve host: spcache.microsoft.com')
 
 	Other Microsoft rulesets:
-
 		- Acik_Akademi.com.xml
-		- ASP.NET.xml
+		- Afx.ms.xml
+		- AKA.ms.xml
 		- ASPNETcdn.com.xml
+		- Azure.com.xml
+		- AzurecomCDN.net.xml
+		- Azure_websites.net.xml
 		- Bing.xml
+		- Bing.net.xml
+		- Bing_Places.com.xml
+		- Ch9.ms.xml
+		- Codeplex.xml
+		- Digital_WPC.com.xml
 		- DreamSpark.com.xml
+		- Dynamics.com.xml
+		- Get_Tag.mobi.xml
+		- Gfx.ms.xml
 		- Halo.xml
+		- Hotmail.co.jp.xml
+		- Hotmail.co.uk.xml
+		- Hotmail.com.xml
+		- How-Old.net.xml
 		- Live.xml
+		- Live.net.xml
+		- Live_filestore.com.xml
 		- Microsoft-Atlas.xml
+		- Microsoft_Online-p.com.xml
+		- Microsoft_Online-p.net.xml
 		- Microsoft_Online_Services.xml
+		- MicrosoftStudios.com.xml
+		- Microsoft_Translator.com.xml
+		- Microsoft_Ventures.com.xml
 		- Microsoft_Store.xml
+		- Modern.IE.xml
 		- Moreinterop.com.xml
 		- MSDN.xml
+		- Msecnd.net.xml
 		- MSN.xml
+		- MyMoustache.net.xml
 		- Newsvine.com.xml
-		- Outlook_Live.xml
+		- Office.com.xml
+		- Office.net.xml
+		- Office365.com.xml
+		- OneDrive.com.xml
+		- OneNote.com.xml
+		- OneNote.net.xml
+		- Onestore.ms.xml
 		- Photosynth.xml
-		- Skype.xml
+		- PowerShell_Gallery.com.xml
+		- Sfx.ms.xml
+		- Skype_assets.com.xml
+		- S-Microsoft.com.xml
 		- S-msn.com.xml
+		- So.cl.xml
+		- Surface.com.xml
 		- System_Center_Advisor.com.xml
 		- Technet.com.xml
+		- Translatoruser.net.xml
+		- TwinsOrNot.Net.xml
 		- Virtualearth.net.xml
+		- Visual_Studio.com.xml
+		- WLxrs.com.xml
 		- Windows_Azure.xml
+		- Windows.com.xml
 		- Windows.net.xml
 		- Windows_Phone.xml
 		- Xbox.xml
+		- Xbox_Live.com.xml
+		- Yammer.xml
 
 
 	CDN buckets:
-
-		- i.g.mobile.ms.akadns.net
-
-			- i1.mobile.microsoft.com
-
-		- res.windows.microsoft.com.edgesuite.net
-
-			- a1737.g2.akamai.net
-			- res2.windows.microsoft.com
-
-		- wscont.apps.microsoft.com.edgesuite.net
-
-			- wscont[12].apps.microsoft.com
-
+		- i.g.mobile.ms.akadns.net	← i1.mobile.microsoft.com
+		- i.g.social.ms.akadns.net	← i1.social.s-msft.com
+		- res.windows.microsoft.com.edgesuite.net	← res2.windows.microsoft.com
+		- wscont.apps.microsoft.com.edgesuite.net	← wscont[12].apps.microsoft.com
 		- az12410.vo.msecnd.net
 		- az373151.vo.msecnd.net	(used on imaginecup.com)
 		- msstore.vo.msecnd.net
 		- officeimg.vo.msecnd.net
-
 	msnportalmobileisv.112.2o7.net
 
 
 	Nonfunctional domains:
-
 		- www.buildmypinnedsite.com
 		- (www.)imaginecup.com ***
 		- compete.imaginecup.com ***
-
 		- microsoft.com subdomains:
-
+			- adcenter (timeout)
+			- www.bingads                  ᴹ
+			- advertising.bingads          ᴹ
+			- accountservices              ᴱ
+			- cv1-1.am.bingads             ᴹ
+			- adinsight.bcp.api.bingads    ᴹ
+			- audience-si.bingads          ᴿ
+			- ch1-c1.maf.api.bingads       ᴹ
+			- audience.bingads             ᴹ
+			- ui.bcp.bingads               ᴱ
+			- internal.bc.bingads          ʳ
+			- resources.bc.bingads         ʳ
+			- adinquiry.bcp.bingads        ᴹ
+			- secure.bcp.bingads           ᴹ
+			- secure.beta.bingads          ᴹ
+			- cam.bingads (timeout)
+			- community.bingads            ᴹ
+			- secure.eu.bingads            ᴹ
+			- internal.bingads             ᴵ
+			- beta.express.bingads         ʳ
+			- fd.bingads                   ᴹ
+			- help.bingads                 ᴵ
+			- internal.main.bingads        ᴿ
+			- secure.main.bingads          ᴹ
+			- express.next.bingads         ʳ
+			- internal.next.bingads        ʳ
+			- resources.next.bingads       ᴿ
+			- nirvana.bingads              ᴿ
+			- planner-int.bingads (timeout)
+			- express.perf.bingads         ʳ
+			- reportingapi.bingads         ᴿ
+			- download.reportingapi.bingadsᴿ
+			- si.bingads                   ᴹ
+			- listmanager.beta.si.bingads  ᴱ
+			- listmanager.si.bingads       ᴱ
+			- c1_maf.api.si.bingads        ʳ
+			- maf.api.si.bingads           ʳ
+			- c1_download.api.si.bingads   ᴹ
+			- c2_download.api.si.bingads   ᴹ
+			- adinquiry.beta.si.bingads    ʳ
+			- express.beta.si.bingads      ᴹ
+			- help.beta.si.bingads         ʳ
+			- irt.beta.si.bingads          ʳ
+			- ccmt.si.bingads              ᴹ
+			- editorialentitytracking.si.bingads ᴿ
+			- irt.si.bingads               ʳ
+			- reporting.si.bingads         ᴹ
+			- secure.si.bingads            ᴹ
+			- express.tip.bingads          ᴹ
+			- innovation.connect  (redirects to connect.microsoft.com)
+			- services.connect	  ᴹ
 			- silverlight.dlservice *
-			- download *
-			- web.esd *		(esd, origin, origin-web, and web don't exist)
-			- samples.msdn		(refused)
+			- web.esd *		      (esd, origin, origin-web, and web don't exist)
+			- widgets.membership  ᴹ
+			- apisandbox.msdn (expired)
+			- lab.msdn ***
+			- samples.msdn        ᴿ
 			- visualstudiogallery.msdn	(redirects to http, valid cert)
-			- mymfe			(reset)
-			- officeimages
-			- privacy		(times out)
+			- msevents (timeout)
+			- logobuilder.mspartner ᴱ
+			- mymfe               ʳ
+			- news			(Redirects to http)
+			- oem                 ᴿ
+			- onlinehelp          ᴿ
+			- i[1-3]?.onlinehelp  *
+			- outlook ***
+			- readytogo           ᴱ
 			- academic.research ***
 			- sharepoint		(redirects to login.live.com, cert valid)
+			- signature         (expired)
+			- services.social (cert-chain)
+			- i1.services.social (cert-chain)
+			- i2.services.social (cert-chain)
+			- i3.services.social (cert-chain)
+			- i4.services.social (cert-chain)
+			- corp.sts (cert-chain)
+			- fud.community.services.support (ssl-error)
+			- sysdev (ssl-error)
+			- tag.microsoft.com   ᴿ
+			- i1.gallery.technet  ᴹ
 			- edir.windowsm		(404)
 			- visio **
 			- (www.)windows **
-
+      - profile ᴿ
 		- msimg.com
-		- blogs.office.com ***
 		- blog.surface.com		(handshake fails)
-		- blogs.windows.com		(reset)
 		- (www.)windowsteamblog.com
-
+	ᴱ Expired
+	ʳ Reset
+	ᴿ Refused
+	ᴹ Mismatch
+	ᴵ Incomplete certificate chain
 	* 503, akamai
 	** 404, cert valid
 	*** Times out
@@ -90,204 +196,370 @@
 	Problematic domains:
 
 		- microsoft.com subdomains:
-
-			- ^ ***
+			- ^			(mismatched, CN: *.microsoft.com)
+			- (www.)? ¹
+			- feedback.adcenter	(Dropped)
+			- fp.advertising ⁴
 			- apps			(works; mismatched, CN: *.apps.microsoft.com)
 			- wscont[12].apps	(works, akamai)
-			- i[1-4].connect **
-			- i **
+			- i[1-4].connect *
+			- silverlight.dlservice **
 			- i\d **
-			- js **
+			- ie	(mismatched, CN: *.azurewebsites.net)
 			- i1.mobile **
+			- i[1-4].code.msdn	(Mismatched)
+			- i[23]?.msdn **
+			- office365		(Dropped)
 			- scache **
 			- search **
 			- spcache		(504, akamai)
 			- img3.store		(mismatched)
+			- i[23]?.technet **
+			- social.technet
 			- update *
-			- res[12].windows **
-
-		- office.com
+			- www.update		(Untrusted root)
+			- windowsupdate		(mismatched, untrusted root)
+			- v[45].windowsupdate	(mismatched, untrusted root)
+			- windows *
+			- res[1-4].windows **
 
-		- widgets.membership.s-msft.com		(akamai)
 		- compass.surface.com **
 
+	¹ Sets HSTS, thereby breaking oem/; however, Microsoft's website links to https://www....
 	* Cert only matches www
 	** akamai
-	*** Times out
-
-
-	Partially covered domains:
-
-		- answers.microsoft.com		(some pages redirect to http)
-		- code.msdn.microsoft.com	(pages redirect to http)
-
-
-	Fully covered domains:
-
-		- microsoft.com subdomains:
-
-			- accountservices
-			- feedback.adcenter
-			- ajax
-			- fb.answers
-			- wscont.apps
-			- wscont[12].apps	(→ wscont.apps)
-			- advertise.bingads
-			- secure.bingads
-			- c
-			- c1
-			- choice
-			- commerce
-
-			- connect subdomains:
-
-				- connect
-				- i[1-4]		(→ services)
-				- innovation
-				- services
-
-			- sas.css
-			- social.expression
-			- g
-			- m
-			- widgets.membership
-			- mobile
-			- i1.mobile		(→ m)
-			- social.msdn
-			- office15client
-			- officepreview
-			- officeredir
-			- o15.officeredir
-			- rad
-			- scache		(→ www)
-			- profileapi.services
-			- social
-			- services.social
-			- spcache		( → www)
-			- corp.sts
-			- social.technet
-			- res[12].windows	(→ akamai)
-
-		- (www.)office.com			(^ → www)
-		- i.s-microsoft.com
-		- widgets.membership.s-msft.com		(→ widgets.membership.microsoft.com)
-
-		- *.sec.s-msft.com:
-
-			- download-codeplex
-			- i-technet
-			- i2-technet
-
-
-	Wildcard cookies:
-
-		- *.office.microsoft.com
-		- *.support.microsoft.com
-
+	⁴ 404
+	⁷ Mixed css from i3.technet.microsoft.com and i1.social.s-msft.com
+
+
+	Partially covered microsoft.com subdomains:
+
+		- learning ¹
+		- snackbox		(→ learning.microsoft.com)
+		- social.technet *
+		- res[12].windows ³	(→ akamai)
+
+	¹ Some pages redirect to http
+	* Avoiding false/broken MCB
+	³ Attempting to avoid breaking Silverlight: https://github.com/EFForg/https-everywhere/issues/2274#issuecomment-122752763
+
+
+	m, mobile: Dropped over http & https
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- .microsoft.com
+		- account.microsoft.com
+		- .bingads.microsoft.com
+		- advertise.bingads.microsoft.com
+		- careers.microsoft.com
+		- choice.microsoft.com
+		- connect.microsoft.com
+		- info.microsoft.com
+		- learning.microsoft.com
+		- mbs.microsoft.com
+
+		- msdn.microsoft.com
+		- apisandbox.msdn.microsoft.com
+		- .apisandbox.msdn.microsoft.com
+		- code.msdn.microsoft.com
+		- lab.msdn.microsoft.com
+		- visualstudiogallery.msdn.microsoft.com
+
+		- mspartner.microsoft.com
+		- logobuilder.mspartner.microsoft.com
+
+		- news.microsoft.com
+		- .news.microsoft.com
+		- training.partner.microsoft.com
+		- gallery.technet.microsoft.com
+		- social.technet.microsoft.com
+		- support.microsoft.com
+		- support2.microsoft.com
+		- sxp.microsoft.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+		- css, on:
+			- onlinehelp from i3.onlinehelp            *
+			- social.technet from i3.technet           *
+			- social.technet from i1.social.s-msft.com *
+		- Fonts on careers from i.s-microsoft.com      *
+		- Images, on:
+			- blogs from mscorp.blob.core.windows.net  *
+			- news from mscorpnews.blob.core.windows.net
+			- onlinehelp from i.onlinehelp             *
+			- support from $self                       *
+			- smallbusiness.support from support
+			- smallbusiness.support from www           *
+			- social.technet from i1.social.s-msft.com *
+			- sxp from az648995.vo.msecnd.net
+			- sxp from blogs.technet.com
+		- Bugs, on:
+			- msdn from msstonojsmsdn.112.2o7.net       *
+			- technet from msstonojstechnet.112.2o7.net *
+			- social.technet from msstonojssocial.112.2o7.net *
+			- careers, msdn, logobuilder.mspartner, pinpoint, technet, social.technet from m.webtrends.com
+			- sxp from blogs.technet.com
+	* Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 -->
-<ruleset name="Microsoft (partial)">
-
+<ruleset name="Microsoft.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="account.microsoft.com" />
+	<target host="advertising.microsoft.com" />
+	<target host="ajax.microsoft.com" />
+	<target host="answers.microsoft.com" />
+	<target host="wscont.apps.microsoft.com" />
+	<target host="azure.microsoft.com" />
+
+	<target host="bingads.microsoft.com" />
+	<target host="adinquiry.bingads.microsoft.com" />
+	<target host="ads.bingads.microsoft.com" />
+	<target host="adslabs.bingads.microsoft.com" />
+	<target host="advertise.bingads.microsoft.com" />
+		<test url="http://advertise.bingads.microsoft.com/en-us/bing-ads-support" />
+	<target host="www.advertise.bingads.microsoft.com" />
+	<target host="azure.bingads.microsoft.com" />
+	<target host="secure.azure.bingads.microsoft.com" />
+	<target host="ui.beta.bingads.microsoft.com" />
+	<target host="developers.bingads.microsoft.com" />
+	<target host="m.bingads.microsoft.com" />
+	<target host="si.m.bingads.microsoft.com" />
+	<!-- target host="preview.bingads.microsoft.com" /-->
+	<target host="resources.bingads.microsoft.com" />
+	<target host="secure.bingads.microsoft.com" />
+	<target host="ucm.bingads.microsoft.com" />
+	<target host="ui.bingads.microsoft.com" />
+
+	<target host="blogs.microsoft.com" />
+	<target host="c1.microsoft.com" />
+	<target host="careers.microsoft.com" />
+	<target host="choice.microsoft.com" />
+	<target host="commerce.microsoft.com" />
+	<target host="compass-ssl.microsoft.com" />
+	<target host="connect.microsoft.com" />
+	<target host="developer.microsoft.com" />
+	<target host="download.microsoft.com" />
+	<target host="events.microsoft.com" />
+	<target host="g.microsoft.com" />
+	<target host="go.microsoft.com" />
+	<target host="go2.microsoft.com" />
+	<target host="i.microsoft.com" />
+	<target host="ieonline.microsoft.com" />
+	<target host="ignite.microsoft.com" />
+	<target host="info.microsoft.com" />
+	<target host="js.microsoft.com" />
+	<target host="learning.microsoft.com" />
+	<target host="mbs.microsoft.com" />
+	<target host="code.msdn.microsoft.com" />
+	<target host="msdn.microsoft.com" />
+
+	<target host="events.msdn.microsoft.com" />
+	<target host="social.msdn.microsoft.com" />
+	<target host="visualstudiogallery.msdn.microsoft.com" />
+
+	<target host="mspartner.microsoft.com" />
+
+	<target host="mvastorage.microsoft.com" />
+	<target host="news.microsoft.com" />
+	<target host="office.microsoft.com" />
+	<target host="office15client.microsoft.com" />
+	<target host="office2010.microsoft.com" />
+	<target host="officepreview.microsoft.com" />
+	<target host="officeredir.microsoft.com" />
+	<target host="o15.officeredir.microsoft.com" />
+	<target host="pinpoint.microsoft.com" />
+	<target host="privacy.microsoft.com" />
+	<!-- <target host="profile.microsoft.com" /> -->
+	<target host="profileapi.services.microsoft.com" />
+	<target host="schemas.microsoft.com" />
+	<target host="snackbox.microsoft.com" />
+	<target host="social.microsoft.com" />
+
+	<target host="support.microsoft.com" />
+	<target host="support2.microsoft.com" />
+	<!-- target host="sxp.microsoft.com" /-->
+	<target host="technet.microsoft.com" />
+	<target host="gallery.technet.microsoft.com" />
+	<target host="social.technet.microsoft.com" />
+	<target host="catalog.update.microsoft.com" />
+	<target host="www.catalog.update.microsoft.com" />
+	<target host="www.microsoft.com" />
+
+	<!--	Complications:
+				-->
 	<target host="microsoft.com" />
-	<target host="*.microsoft.com" />
-		<!--
-			https://mail1.eff.org/pipermail/https-everywhere-rules/2012-June/001189.html
-											-->
-		<exclusion pattern="^http://www\.microsoft\.com/.*[fF]amily[iI][dD]" />
-		<!--
-			Health pages 404:
+	<target host="feedback.adcenter.microsoft.com" />
+	<target host="fp.advertising.microsoft.com" />
+
+	<target host="wscont1.apps.microsoft.com" />
+	<target host="wscont2.apps.microsoft.com" />
+
+	<target host="i2.microsoft.com" />
+	<target host="i3.microsoft.com" />
+	<target host="i4.microsoft.com" />
+
+	<target host="i1.code.msdn.microsoft.com" />
+	<target host="i2.code.msdn.microsoft.com" />
+	<target host="i3.code.msdn.microsoft.com" />
+	<target host="i4.code.msdn.microsoft.com" />
+	<target host="i.msdn.microsoft.com" />
+	<target host="i2.msdn.microsoft.com" />
+	<target host="i3.msdn.microsoft.com" />
+
+	<target host="office365.microsoft.com" />
+	<target host="scache.microsoft.com" />
+
+	<target host="i1.social.microsoft.com" />
+	<target host="i2.social.microsoft.com" />
+	<target host="i3.social.microsoft.com" />
+	<target host="i4.social.microsoft.com" />
+
+	<!-- target host="spcache.microsoft.com" /-->
+	<target host="img3.store.microsoft.com" />
+
+	<target host="i1.gallery.technet.microsoft.com" />
+	<target host="i2.gallery.technet.microsoft.com" />
+	<target host="i3.gallery.technet.microsoft.com" />
+	<target host="i4.gallery.technet.microsoft.com" />
+	<target host="i.technet.microsoft.com" />
+	<target host="i2.technet.microsoft.com" />
+	<target host="i3.technet.microsoft.com" />
+
+	<target host="blogs.msdn.com" />
+
+		<!--	Redirect to http:
+						-->
+		<exclusion pattern="^http://careers\.microsoft\.com/careers/\w\w/\w\w/" />
+
+			<!--	+ve:
+					-->
+			<test url="http://careers.microsoft.com/careers/en/us/university-apply-non-technical.aspx" />
+			<test url="http://careers.microsoft.com/careers/fr/fr/home.aspx" />
+
+			<!--	-ve:
+					-->
+			<test url="http://careers.microsoft.com/Css/LanguageBar.css" />
+			<test url="http://careers.microsoft.com/Images/gear.png" />
+			<test url="http://careers.microsoft.com/appliedjobs.aspx" />
+			<test url="http://careers.microsoft.com/favicon.ico" />
+			<test url="http://careers.microsoft.com/global/careers/RenderingAssets/FR.css" />
+			<test url="http://careers.microsoft.com/jobalerts.aspx" />
+			<test url="http://careers.microsoft.com/search.aspx" />
+			<test url="http://careers.microsoft.com/shared/core/2/css/css.ashx" />
+			<test url="http://careers.microsoft.com/shared/templates/master/gcmodern/images/msft-logo.png" />
 
-				https://trac.torproject.org/projects/tor/ticket/9148
-											-->
-		<exclusion pattern="^http://(?:www\.)?microsoft\.com/health/(?:$|\?|.+\.aspx)" />
 		<!--
-			Redirects via JS to http.  Very secure indeed.
-									-->
-		<exclusion pattern="^http://www\.microsoft\.com/security/.+\.aspx(?:$|\?)" />
-		<!--
-			Microsoft won't serve OEM pages on https
-								-->
-    		<exclusion pattern="^http://(?:www\.)?microsoft\.com/[oO][eE][mM]/" />
-		<!--
-			Redirects to http:
+			Exceptions:
+					-->
+		<exclusion pattern="http://social\.technet\.microsoft\.com/+wiki(?!/CustomWidgets/|/themes/|/Utility/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://social.technet.microsoft.com/wiki/contents/articles/wiki-about-technet-wiki.aspx" />
+			<test url="http://social.technet.microsoft.com/wiki/contents/articles/wiki-getting-started.aspx" />
+			<test url="http://social.technet.microsoft.com/wiki/contents/articles/wiki-how-to-contribute.aspx" />
+			<test url="http://social.technet.microsoft.com/wiki/contents/articles/wiki-how-to-get-help.aspx" />
+			<test url="http://social.technet.microsoft.com/wiki" />
+			<test url="http://social.technet.microsoft.com/wiki/" />
+
+		<!--	Needed for Windows 8+ Captive Portal Helper:
+			See https://github.com/EFForg/https-everywhere/issues/835
 						-->
-		<exclusion pattern="^http://www\.microsoft\.com/Surface/\w\w-\w\w(?:$|\?|/)" />
-		<exclusion pattern="^http://answers\.microsoft\.com/(?!\w\w-\w\w/\w+/forum/[\w-]+/[\w-]+/)" />
-		<!--
-			https://trac.torproject.org/projects/tor/ticket/5754
-										-->
-		<exclusion pattern="^http://msdn\.microsoft\.com/(?:$|en-us/$|.+(?:/$|\.aspx|/\w\w\d{6,10}$))" />
-		<exclusion pattern="^http://code\.msdn\.microsoft\.com/(?![cC]content/|RequestReduceContent/)" />
-		<!--
-			Some data exist on www, exclude the rest here.
-									-->
-		<exclusion pattern="^https?://search\.microsoft\.com/(?!global/oneMscomSettings/|shared/)" />
-		<exclusion pattern="^http://technet\.microsoft\.com/(?!en-us/(?:library/[^\.]\.rss(?:$|\?)|security/(?:advisory|bulletin)(?:$|\?|/)))" />
-	<target host="office.com" />
-	<target host="www.office.com" />
-	<target host="i.s-microsoft.com" />
-	<target host="*.s-msft.com" />
+		<exclusion pattern="^http://go\.microsoft\.com/fwlink/\?LinkID=219472(.*)" />
 
+			<!--	It's impossible to fill the test coverage
+				quota for this, since \? is treated as ?
+									-->
+			<test url="http://go.microsoft.com/fwlink/?LinkID=219472" />
+			<test url="http://go.microsoft.com/fwlink/?LinkID=219472&amp;clcid" />
+			<test url="http://go.microsoft.com/fwlink/?LinkID=219472&amp;clcid=0x408" />
+			<test url="http://go.microsoft.com/fwlink/?LinkID=219472&amp;clcid=0x409" />
 
-	<!--
-		A, MC1, MS0: Cookies set by c.microsoft.com
+		<!--	Formerly problematic:
+						-->
+		<test url="http://www.microsoft.com/en-us/health/default.aspx" />
+		<test url="http://www.microsoft.com/health" />
+		<test url="http://www.microsoft.com/security/default.aspx" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.microsoft\.com$" name="^(A|FedCountryOfChoice|MC1|MS-CV|MS0|gssLANG|msdn|smcexpsessionticket|smcexpticket|smcflighting)$" /-->
+	<!--securecookie host="^account\.microsoft\.com$" name="^oref$" /-->
+	<!--securecookie host="^\.bingads\.microsoft\.com$" name="^ckyAdCenter$" /-->
+	<!--securecookie host="^advertise\.bingads\.microsoft\.com$" name="^(?:ASP\.NET_sessionId|CMSCsrfCookie|CMSPreferredCulture|Campaign|Source)$" /-->
+	<!--securecookie host="^(careers|support)\.microsoft\.com$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^choice\.microsoft\.com$" name="^PPLState$" /-->
+	<!--securecookie host="^(connect|mbs)\.microsoft\.com$" name="^BlueStripe\.PVN$" /-->
+	<!--securecookie host="^info\.microsoft\.com$" name="^BIGipServer" /-->
+	<!--securecookie host="^msdn\.microsoft\.com$" name="^(__RequestVerificationToken|TocHashCookie)$" /-->
+	<!--securecookie host="^apisandbox\.msdn\.microsoft\.com$" name="^(ai_session|ai_user)$" /-->
+	<!--securecookie host="^\.apisandbox\.msdn\.microsoft\.com$" name="^ARRAffinity$" /-->
+	<!--securecookie host="^(code|visualstudiogallery)\.msdn\.microsoft\.com$" name="^ssostate$" /-->
+	<!--securecookie host="^lab\.msdn\.microsoft\.com$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^mspartner\.microsoft\.com$" name="^(ai_session|ai_user)$" /-->
+	<!--securecookie host="^logobuilder\.mspartner\.microsoft\.com$" name="^(__RequestVerificationToken|UiLanguageCode)$" /-->
+	<!--securecookie host="^news\.microsoft\.com$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^\.news\.microsoft\.com$" name="^ARRAffinity$" /-->
+	<!--securecookie host="^training\.partner\.microsoft\.com$" name="^(ASP\.NET_SessionId|BlueStripe\.PVN|SUMTOTALAUTH)$" /-->
+	<!--securecookie host="^support\.microsoft\.com$" name="^(\.ASPXANONYMOUS|SMC_SAGE|smcexpsessionticket|smcexpticket)$" /-->
+	<!--securecookie host="^support2\.microsoft\.com$" name="^(\.ASPXANONYMOUS|GsfxSessionCookie|GsfxStatsLog)$" /-->
+	<!--securecookie host="^smallbusiness\.support\.microsoft.com$" name="^(breadcrumb|culture|exitinfo)$" /-->
+	<!--securecookie host="^sxp\.microsoft\.com$" name="^m0$" /-->
+	<!--securecookie host="^\.technet\.microsoft\.com$" name="^AuthorizationCookie$" /-->
+	<!--securecookie host="^gallery\.technet\.microsoft\.com$" name="^ssostate$" /-->
+	<!--securecookie host="^social\.technet\.microsoft\.com$" name="^(\.ASPXANONYMOUS|__RequestVerificationToken_\w+|CSExtendedAnalytics(Session)?$" /-->
+	<!--securecookie host="^www\.microsoft\.com$" name="^(defCulture|mslocale)$" /-->
+	<!--securecookie host="^\.www\.microsoft\.com$" name="^MS-CV$" /-->
+
+	<!--	A, MC1, MS0: Cookies set by c.microsoft.com
 		s_.+: Other tracking cookies
 						-->
 	<securecookie host="^\.microsoft\.com$" name="^(?:A|GsfxStatsLog|MC1|MS0|OnlineTrackingV2\.0|R|RioTracking\..+|s_.+)$" />
-	<securecookie host="^(?:feedback\.adcenter|advertising|advertise\.bingads|choice|commerce|ieonline|m|\.?office|office(?:15client|2010|preview|redir)|onlinehelp|corp\.sts|\.?support|\.?www)\.microsoft\.com$" name=".+" />
-	<securecookie host="^www\.office\.com$" name=".+" />
+	<securecookie host="^(account|advertising|advertise\.bingads|choice|commerce|connect|\.?developer|download|ieonline|info|m|mbs|msdn|(\.?apisandbox|lab|visualstudiogallery)\.msdn|mspartner|logobuilder\.mspartner|\.?news|\.?office|office(15client|2010|preview|redir)|training\.partner|\.?support|support2|sxp|gallery\.technet|\.?www)\.microsoft\.com$" name=".+" />
+	<securecookie host="^social\.technet\.microsoft\.com$" name="^CSExtendedAnalytics(?:Session)?$" />
+
+	<!--	Redirect drops path, args, and forward slash:
+								-->
+	<rule from="^http://feedback\.adcenter\.microsoft\.com/.*"
+		to="https://bingads.uservoice.com/" />
 
+		<test url="http://feedback.adcenter.microsoft.com/favicon.ico" />
 
-	<rule from="^http://(?:i\d?\.|js\.|search\.|spcache\.)?microsoft\.com/"
-		to="https://www.microsoft.com/" />
+	<rule from="^http://fp\.advertising\.microsoft\.com/"
+		to="https://advertising.microsoft.com/" />
 
-	<rule from="^http://(accountservices|(?:feedback\.)?adcenter|advertising|ajax|(?:fb\.)?answers|c1?|choice|commerce|(?:innovation\.|services\.)?connect|sas\.css|events|social\.expression|go?|ie|ieonline|m|mobile|code\.msdn|msdn|social\.msdn|office(?:15client|365|2010|preview|redir)?|o15\.officeredir|onlinehelp|profile|rad|research|profileapi\.services|signature|snackbox|(?:services\.)?social|store|corp\.sts|support|(?:social\.)?technet|www\.update|(?:v[45]\.)?windowsupdate)\.microsoft\.com/"
+	<!--	Akamai without valid cert.
+						-->
+	<rule from="^http://i\d?\.(msdn|social|technet)\.microsoft\.com/"
 		to="https://$1.microsoft.com/" />
 
-	<rule from="^http://wscont\d?\.apps\.microsoft\.com/"
+	<rule from="^http://wscont\d\.apps\.microsoft\.com/"
 		to="https://wscont.apps.microsoft.com/" />
 
-	<rule from="^http://i\.s-microsoft\.com/"
-		to="https://i.s-microsoft.com/" />
-
-	<rule from="^http://i\d\.social\.s-msft\.com/wiki/"
-		to="https://social.technet.microsoft.com/wiki/" />
+	<rule from="^http://i\d\.microsoft\.com/"
+		to="https://i.microsoft.com/" />
 
-	<!--	Akamai with no valid cert.
-						-->
-	<rule from="^http://i\d?\.((?:code\.)?msdn|onlinehelp|(?:services\.)?social|(?:gallery\.)?technet)\.(?:microso|s-ms)ft\.com/"
-		to="https://$1.microsoft.com/" />
+	<rule from="^http://i\d\.(code\.msdn|gallery\.technet)\.microsoft\.com/"
+		to="https://i1.$1.s-msft.com/" />
 
-	<rule from="^http://i\d\.connect\.microsoft\.com/"
-		to="https://services.connect.microsoft.com/" />
+		<test url="http://i1.code.msdn.microsoft.com/content/common/trans.gif" />
 
-	<rule from="^http://i1\.mobile\.microsoft\.com/"
-		to="https://m.microsoft.com/" />
+	<!--	Redirect drops path, args, and forward slash:
+								-->
+	<rule from="^http://office365\.microsoft\.com/.*"
+		to="https://www.microsoft.com/en-us/office365/" />
 
-	<rule from="^http://scache\.microsoft\.com/"
-		to="https://www.microsoft.com/" />
+		<test url="http://office365.microsoft.com/favicon.ico" />
 
 	<rule from="^http://img3\.store\.microsoft\.com/"
 		to="https://msstore.vo.msecnd.net/" />
 
-	<rule from="^http://update\.microsoft\.com/"
-		to="https://www.update.microsoft.com/" />
-
-	<rule from="^http://origin-res\.windows\.microsoft\.com/"
-		to="https://origin-res.windows.microsoft.com/" />
-
-	<rule from="^http://res(1|2)\.windows\.microsoft\.com/"
-		to="https://a248.e.akamai.net/f/1737/7533/6/res$1.windows.microsoft.com/" />
-
-	<rule from="^http://(?:www\.)?office\.com/"
-		to="https://www.office.com/" />
-
-	<rule from="^http://([\w-]+)\.sec\.s-msft\.com/"
-		to="https://$1.sec.s-msft.com/" />
-
-	<rule from="^http://widgets\.membership\.(?:s-ms|microso)ft\.com/"
-		to="https://widgets.membership.microsoft.com/" />
-
-	<rule from="^http://i\d\.social\.s-msft\.com/"
-		to="https://social.expression.microsoft.com/" />
+	<rule from="^http:"	to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/MicrosoftStudios.com.xml b/src/chrome/content/rules/MicrosoftStudios.com.xml
new file mode 100644
index 000000000000..53c8da88a65c
--- /dev/null
+++ b/src/chrome/content/rules/MicrosoftStudios.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Time out:
+		microsoftstudios.com
+
+	Invalid certificate:
+		casualgames.microsoftstudios.com
+		khforum.microsoftstudios.com
+
+-->
+<ruleset name="MicrosoftStudios.com">
+	
+	<target host="microsoftstudios.com" />
+	<target host="www.microsoftstudios.com" />
+	<target host="cdn.microsoftstudios.com" />
+		<test url="http://cdn.microsoftstudios.com/microsoftstudios/wp-content/uploads/2018/11/Microsoft-Studios_Hero.jpg" />
+	<target host="subscribe.microsoftstudios.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://microsoftstudios\.com/"
+		to="https://www.microsoftstudios.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Microsoft_Online-p.com.xml b/src/chrome/content/rules/Microsoft_Online-p.com.xml
new file mode 100644
index 000000000000..31226454a916
--- /dev/null
+++ b/src/chrome/content/rules/Microsoft_Online-p.com.xml
@@ -0,0 +1,20 @@
+<!--
+	For other Microsoft coverage, see Microsoft.xml.
+
+
+	Fully covered hosts in *microsoftonline-p.com:
+
+		- secure.aadcdn
+
+-->
+<ruleset name="Microsoft Online-p.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="secure.aadcdn.microsoftonline-p.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Microsoft_Online-p.net.xml b/src/chrome/content/rules/Microsoft_Online-p.net.xml
new file mode 100644
index 000000000000..19592b433640
--- /dev/null
+++ b/src/chrome/content/rules/Microsoft_Online-p.net.xml
@@ -0,0 +1,28 @@
+<!--
+	For other Microsoft coverage, see Microsoft.xml.
+
+
+	Nonfunctional hosts in *microsoftonline-p.net:
+
+		- accountservices *
+
+	* Dropped over http
+
+
+	Fully covered hosts in *microsoftonline-p.net:
+
+		- secure.aadcdn
+
+-->
+<ruleset name="Microsoft Online-p.net (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="secure.aadcdn.microsoftonline-p.net" />
+	<!--target host="accountservices.microsoftonline-p.net" /-->
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Microsoft_Online_Services.xml b/src/chrome/content/rules/Microsoft_Online_Services.xml
index a7929b3a517a..2140c2fbe719 100644
--- a/src/chrome/content/rules/Microsoft_Online_Services.xml
+++ b/src/chrome/content/rules/Microsoft_Online_Services.xml
@@ -1,30 +1,44 @@
 <!--
+	accountservices.microsoftonline-p.net: Dropped over http
+
+
 	For other Microsoft coverage, see Microsoft.xml.
 
 
-	Problematic domains:
+	Fully covered hosts in *microsoftonline.com:
 
-		- go.microsoftonline.com	(mismatched)
+		- g
+		- login
+		- loginex
+		- portal
 
--->
-<ruleset name="Microsoft Online Services (partial)">
 
-	<target host="*.microsoftonline.com" />
-	<target host="*.login.microsoftonline.com" />
-	<target host="secure.aadcdn.microsoftonline-p.net" />
-	<target host="accountservices.microsoftonline-p.net" />
+	Insecure cookies are set for these hosts and domains:
+
+		- login.microsoftonline.com
+		- .login.microsoftonline.com
+
+-->
+<ruleset name="Microsoft Online.com">
 
+	<!--	Direct rewrites:
+				-->
+	<target host="g.microsoftonline.com" />
+	<target host="login.microsoftonline.com" />
+	<target host="loginex.microsoftonline.com" />
+	<target host="portal.microsoftonline.com" />
 
-	<securecookie host="^(?:\.?login|portal)\.microsoftonline\.com$" name=".+" />
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^login\.microsoftonline\.com$" name="^MSPRequ$" /-->
+	<!--securecookie host="^\.login\.microsoftonline\.com$" name="^MSPOK$" /-->
+	<!--securecookie host="^loginex\.microsoftonline\.com$" name="^MSPRequ$" /-->
 
-	<rule from="^https?://go\.microsoftonline\.com/"
-		to="https://g.live.com/" />
+	<securecookie host="^(?:\.?login|loginex|portal)\.microsoftonline\.com$" name=".+" />
 
-	<rule from="^http://(login|portal)\.microsoftonline\.com/"
-		to="https://$1.microsoftonline.com/" />
 
-	<rule from="^http://(secure\.aadcdn|accountservices)\.microsoftonline-p\.net/"
-		to="https://$1.microsoftonline-p.net/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Microsoft_Store.xml b/src/chrome/content/rules/Microsoft_Store.xml
index 6e09c89736d2..6f8bcc9ed203 100644
--- a/src/chrome/content/rules/Microsoft_Store.xml
+++ b/src/chrome/content/rules/Microsoft_Store.xml
@@ -1,43 +1,17 @@
 <!--
 	For other Microsoft coverage, see Microsoft.xml.
 
-
-	CDN buckets:
-
-		- surface.microsoftstore.edgesuite.net
-		- msstore.vo.msecnd.net
-
-
-	Nonfunctional domains:
-
-		- surface.microsoftstore.com	(akamai; redirects to http)
-
-
-	Partially covered domains:
-
-		- (www.)microsoftstore.com	(some [most?] pages redirect to http)
-
+	Invalid certificate:
+		- content.microsoftstore.com
 -->
-<ruleset name="Microsoft Store (partial)" platform="mixedcontent">
 
+<ruleset name="Microsoft Store (partial)">
 	<target host="microsoftstore.com" />
-	<target host="*.microsoftstore.com" />
-		<exclusion pattern="^http://emea\.microsoftstore\.com/(?!\w+/(?:desktopdefault\.aspx|portaldata/|services/|tags\.axd))" />
-		<exclusion pattern="^https?://(?:www\.)?microsoftstore\.com/store(?:$|\?)" />
-	<target host="*.microsoftstoreassets.com" />
-	<target host="external.microsoftstoreservices.com" />
-
-
-	<rule from="^https?://(?:www\.)?microsoftstore\.com/"
-		to="https://www.microsoftstore.com/" />
-
-	<rule from="^http://(content|emea)\.microsoftstore\.com/"
-		to="https://$1.microsoftstore.com/" />
-
-	<rule from="^http://assets-(\d)\.microsoftstoreassets\.com/"
-		to="https://assets-$1.microsoftstoreassets.com/" />
-
-	<rule from="^http://external\.microsoftstoreservices\.com/"
-		to="https://external.microsoftstoreservices.com/" />
-
-</ruleset>
\ No newline at end of file
+	<target host="www.microsoftstore.com" />
+	<target host="answerdesk.microsoftstore.com" />
+	<target host="lobby.microsoftstore.com" />
+	<target host="surface.microsoftstore.com" />
+	<target host="xbox.microsoftstore.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Microsoft_Translator.com.xml b/src/chrome/content/rules/Microsoft_Translator.com.xml
new file mode 100644
index 000000000000..829a779c49c8
--- /dev/null
+++ b/src/chrome/content/rules/Microsoft_Translator.com.xml
@@ -0,0 +1,26 @@
+<!--
+
+	For other Microsoft coverage, see Microsoft.xml.
+
+	Nonfunctional subdomains:
+
+		- crossword	(times out)
+		- dev	(404)
+
+-->
+
+<ruleset name="Microsoft Translator">
+
+	<target host="api.microsofttranslator.com" />
+	<target host="docs.microsofttranslator.com" />
+	<target host="hub.microsofttranslator.com" />
+	<target host="labs.microsofttranslator.com" />
+	<target host="ssl.microsofttranslator.com" />
+	<target host="www.microsofttranslator.com" />
+
+	<test url="http://labs.microsofttranslator.com/static/234510/css/error404.css" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Microsoft_Ventures.com.xml b/src/chrome/content/rules/Microsoft_Ventures.com.xml
new file mode 100644
index 000000000000..cc8ad729e25c
--- /dev/null
+++ b/src/chrome/content/rules/Microsoft_Ventures.com.xml
@@ -0,0 +1,37 @@
+<!--
+	For other Microsoft coverage, see Microsoft.xml.
+
+
+	^microsoftventures.com: Mismatched
+
+
+	Insecure cookies are set for these domains:
+
+		- .www.microsoftventures.com
+
+-->
+<ruleset name="Microsoft Ventures.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.microsoftventures.com" />
+
+	<!--	Complications:
+				-->
+	<target host="microsoftventures.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.www\.microsoftventures\.com$" name="^ARRAffinity$" /-->
+
+	<securecookie host="^\.www\.microsoftventures\.com$" name=".+" />
+
+
+	<rule from="^http://microsoftventures\.com/"
+		to="https://www.microsoftventures.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Microtech.xml b/src/chrome/content/rules/Microtech.xml
index 04c5e6bbb210..abf3aa012f40 100644
--- a/src/chrome/content/rules/Microtech.xml
+++ b/src/chrome/content/rules/Microtech.xml
@@ -1,15 +1,29 @@
-<ruleset name="Microtech (partial)" platform="mixedcontent">
+<!--
+	Non-functional host in *.mtgsy.net
+		Timeout:
+		- mtgsy.net
+
+	Non-functional host in *.cloudfloordns.com
+		Refused:
+		- my.cloudfloordns.com
+-->
+<ruleset name="Microtech (partial)">
+
+	<target host="panel.cloudfloordns.com"/>
 
-	<target host="my.cloudfloordns.com"/>
 	<target host="mtgsy.net"/>
 	<target host="*.mtgsy.net"/>
+	<test url="http://www.mtgsy.net/" />
+	<test url="http://images1.mtgsy.net/" />
+	<test url="http://images2.mtgsy.net/" />
+	<test url="http://images3.mtgsy.net/" />
 
-	<securecookie host="^(.*\.)?mtgsy\.com$" name=".*"/>
+	<securecookie host="^(?:.*\.)?mtgsy\.net$" name=".+" />
 
-	<rule from="^http://my\.cloudfloordns\.com/"
-		to="https://www.mtgsy.net/myaccount.php"/>
+	<rule from="^http://mtgsy\.net/"
+		to="https://www.mtgsy.net/" />
 
-	<rule from="^http://(?:images\d\.|www\.)mtgsy\.net/"
-		to="https://www.mtgsy.net/"/>
+	<rule from="^http:"
+		to="https:"/>
 
 </ruleset>
diff --git a/src/chrome/content/rules/Microtronix.xml b/src/chrome/content/rules/Microtronix.xml
index 6745523deb96..8f465fff2148 100644
--- a/src/chrome/content/rules/Microtronix.xml
+++ b/src/chrome/content/rules/Microtronix.xml
@@ -28,4 +28,4 @@
 	<rule from="^http://clients\.microtronix-tech\.com/((?:affiliates|clientarea|contact|pwreset|register|submitticket)\.php|(?:imag|includ|templat)es/)"
 		to="https://clients.microtronix-tech.com/$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Middle_East_Monitor.com.xml b/src/chrome/content/rules/Middle_East_Monitor.com.xml
new file mode 100644
index 000000000000..1bf0da970169
--- /dev/null
+++ b/src/chrome/content/rules/Middle_East_Monitor.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these domains and hosts:
+
+		- .middleeastmonitor.com
+		- www.middleeastmonitor.com
+
+-->
+<ruleset name="Middle East Monitor.com">
+
+	<target host="middleeastmonitor.com" />
+	<target host="www.middleeastmonitor.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.middleeastmonitor\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+	<!--securecookie host="^www\.middleeastmonitor\.com$" name="^(?:JAHL-AUTOROLL|salaamhosting_tpl)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Midlothian.gov.uk.xml b/src/chrome/content/rules/Midlothian.gov.uk.xml
new file mode 100644
index 000000000000..cdbdeb8e0a8d
--- /dev/null
+++ b/src/chrome/content/rules/Midlothian.gov.uk.xml
@@ -0,0 +1,42 @@
+<!--
+	Midlothian Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *midlothian.gov.uk:
+
+		- pcbookings ʳ
+		- www2 ᵈ
+
+	ᵈ Dropped
+	ʳ Refused
+
+
+	^midlothian.gov.uk doesn't exist.
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- www.midlothian.gov.uk
+		- .www.midlothian.gov.uk
+
+-->
+<ruleset name="Midlothian.gov.uk (partial)">
+
+	<target host="libraries.midlothian.gov.uk" />
+	<target host="www.midlothian.gov.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.midlothian\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^\.www\.midlothian\.gov\.uk$" name="^TestCookie$" /-->
+
+	<securecookie host="^(?!\.modlothian\.gov\.uk$)." name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Midnight-Commander.org.xml b/src/chrome/content/rules/Midnight-Commander.org.xml
new file mode 100644
index 000000000000..3146b9628fb7
--- /dev/null
+++ b/src/chrome/content/rules/Midnight-Commander.org.xml
@@ -0,0 +1,15 @@
+<!--
+	Invalid certificate:
+		ftp.midnight-commander.org
+
+-->
+<ruleset name="Midnight Commander">
+
+	<target host="midnight-commander.org" />
+	<target host="www.midnight-commander.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Midnight-Commander.xml b/src/chrome/content/rules/Midnight-Commander.xml
deleted file mode 100644
index 69f8a7210e6b..000000000000
--- a/src/chrome/content/rules/Midnight-Commander.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<ruleset name="Midnight Commander" default_off="self-signed">
-
-	<target host="midnight-commander.org" />
-	<target host="www.midnight-commander.org" />
-
-
-	<securecookie host="^www\.midnight-commander\.org$" name=".*" />
-
-
-	<!--	Cert doesn't match www, but !www redirects to www.	-->
-	<rule from="^http://(?:www\.)?midnight-commander\.org/"
-		to="https://www.midnight-commander.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Midphase.xml b/src/chrome/content/rules/Midphase.xml
index a546f4fba1b5..96297a012f03 100644
--- a/src/chrome/content/rules/Midphase.xml
+++ b/src/chrome/content/rules/Midphase.xml
@@ -1,5 +1,5 @@
 <!--
-	Nonfunctional supdomains:
+	Nonfunctional subdomains:
 
 		- support	(shows il-mp-bk.slc; mismatched, CN: il-mp-bk.slc.westdc.net)
 
@@ -13,7 +13,6 @@
 	<securecookie host="^www\.midphase\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?midphase\.com/"
-		to="https://$1midphase.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Mietek.io.xml b/src/chrome/content/rules/Mietek.io.xml
new file mode 100644
index 000000000000..da469db2f59b
--- /dev/null
+++ b/src/chrome/content/rules/Mietek.io.xml
@@ -0,0 +1,23 @@
+<!--
+	www: refused
+
+
+	Fully covered subdomains:
+
+		- (www.)?	(www → ^)
+		- bashmenot
+		- cannot
+
+-->
+<ruleset name="Mietek.io">
+
+	<target host="mietek.io" />
+	<target host="bashmenot.mietek.io" />
+	<target host="cannot.mietek.io" />
+	<target host="www.mietek.io" />
+
+
+	<rule from="^http://(?:(bashmenot\.|cannot\.)|www\.)?mietek\.io/"
+		to="https://$1mietek.io/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mifile.cn.xml b/src/chrome/content/rules/Mifile.cn.xml
new file mode 100644
index 000000000000..4b6b9c813e6b
--- /dev/null
+++ b/src/chrome/content/rules/Mifile.cn.xml
@@ -0,0 +1,25 @@
+<!--
+	For other domains belong to xiaomi, see Xiaomi.com.xml
+
+	Invalid Certificate (360buyimg.com)
+		img04, img05
+-->
+<ruleset name="Mifile.cn (partial)">
+	<target host="s01.mifile.cn" />
+		<test url="http://s01.mifile.cn/js/base.min.js" />
+	<target host="c1.mifile.cn" />
+		<test url="http://c1.mifile.cn/f/i/15/stat/js/xmst.js" />
+
+	<target host="i1.mifile.cn" />
+	<target host="i2.mifile.cn" />
+	<target host="i3.mifile.cn" />
+		<test url="http://i3.mifile.cn/a1/T1_WhgBb_T1RXrhCrK.jpg" />
+
+	<target host="img03.mifile.cn" />
+	<target host="img06.mifile.cn" />
+	<target host="img07.mifile.cn" />
+	<target host="img08.mifile.cn" />
+		<test url="http://img08.mifile.cn/webfile/images/miui/12.16.4.png" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mightyupload.com.xml b/src/chrome/content/rules/Mightyupload.com.xml
index ac3917b8b07c..51683abaaf4b 100644
--- a/src/chrome/content/rules/Mightyupload.com.xml
+++ b/src/chrome/content/rules/Mightyupload.com.xml
@@ -1,17 +1,30 @@
+
 <!--
-	CN: Parallels Panel
+Disabled by https-everywhere-checker because:
+Fetch error: http://mightyupload.com/ => https://mightyupload.com/: (28, 'Operation timed out after 30000 milliseconds with 0 bytes received')
+Fetch error: http://www.mightyupload.com/ => https://www.mightyupload.com/: (28, 'Operation timed out after 30000 milliseconds with 0 bytes received')
+
+	Insecure cookies are set for these domains:
+
+		- .mightyupload.com
 
 -->
-<ruleset name="mightyupload.com" default_off="self-signed">
+<ruleset name="mightyupload.com" default_off="failed ruleset test">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="mightyupload.com" />
-	<target host="*.mightyupload.com" />
+	<target host="www.mightyupload.com" />
+
 
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.mightyupload\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
 
 	<securecookie host="^\.?mightyupload\.com$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?mightyupload\.com/"
-		to="https://mightyupload.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Migrol.ch.xml b/src/chrome/content/rules/Migrol.ch.xml
new file mode 100644
index 000000000000..31fdf0931c37
--- /dev/null
+++ b/src/chrome/content/rules/Migrol.ch.xml
@@ -0,0 +1,40 @@
+<!--
+	For other Migros coverage, see Migros.xml.
+
+	Mismatch:
+		- ^migrol.ch
+		- ^migrolcard.ch
+		- ^migrol-heizoel.ch
+		- ^mazout-migrol.ch
+		- ^migrol-olio-combustibile.ch
+-->
+<ruleset name="Migrol.ch">
+	<target host="migrol.ch" />
+	<target host="www.migrol.ch" />
+	<target host="b2b.migrol.ch" />
+	<target host="websvc.migrol.ch" />
+
+	<target host="migrolcard.ch" />
+	<target host="www.migrolcard.ch" />
+
+	<target host="migrol-heizoel.ch" />
+	<target host="www.migrol-heizoel.ch" />
+	<target host="migrol-olio-combustibile.ch" />
+	<target host="www.migrol-olio-combustibile.ch" />
+	<target host="mazout-migrol.ch" />
+	<target host="www.mazout-migrol.ch" />
+
+	<securecookie host="^b2b\.migrol\.ch" name=".+" />
+
+	<rule from="^http://migrol\.ch/"
+		to="https://www.migrol.ch/"/>
+	<rule from="^http://migrolcard\.ch/"
+		to="https://www.migrolcard.ch/"/>
+	<rule from="^http://migrol-heizoel\.ch/"
+		to="https://www.migrol-heizoel.ch/"/>
+	<rule from="^http://migrol-olio-combustibile\.ch/"
+		to="https://www.migrol-olio-combustibile.ch/"/>
+	<rule from="^http://mazout-migrol\.ch/"
+		to="https://www.mazout-migrol.ch/"/>
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Migros-Bank.xml b/src/chrome/content/rules/Migros-Bank.xml
new file mode 100644
index 000000000000..f2951fe84d2e
--- /dev/null
+++ b/src/chrome/content/rules/Migros-Bank.xml
@@ -0,0 +1,26 @@
+<!--
+	For other Migros coverage, see Migros.xml.
+
+	Mismatch:
+		- blog.bancamigros.ch
+		- blog.banquemigros.ch
+-->
+<ruleset name="Migros Bank">
+	<target host="migrosbank.ch" />
+	<target host="www.migrosbank.ch" />
+	<target host="blog.migrosbank.ch" />
+	<target host="boerse.migrosbank.ch" />
+	<target host="lieferanten.migrosbank.ch" />
+	<target host="onlinesupport.migrosbank.ch" />
+	<target host="secure.migrosbank.ch" />
+	<target host="standorte.migrosbank.ch" />
+	<target host="stats.migrosbank.ch" />
+
+	<target host="bancamigros.ch" />
+	<target host="www.bancamigros.ch" />
+
+	<target host="banquemigros.ch" />
+	<target host="www.banquemigros.ch" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Migros-Ferien.ch.xml b/src/chrome/content/rules/Migros-Ferien.ch.xml
new file mode 100644
index 000000000000..a8cd6846f436
--- /dev/null
+++ b/src/chrome/content/rules/Migros-Ferien.ch.xml
@@ -0,0 +1,17 @@
+<!--
+	For other Migros coverage, see Migros.xml.
+
+	Mismatch:
+		- ^migros-ferien.ch
+
+	Refused:
+		- kreuzfahrten.migros-ferien.ch
+-->
+<ruleset name="Migros Ferien">
+	<target host="migros-ferien.ch" />
+	<target host="www.migros-ferien.ch" />
+
+	<rule from="^http://migros-ferien\.ch/"
+		to="https://www.migros-ferien.ch/"/>
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Migros-Kulturprozent.ch.xml b/src/chrome/content/rules/Migros-Kulturprozent.ch.xml
new file mode 100644
index 000000000000..d05a4cd446f8
--- /dev/null
+++ b/src/chrome/content/rules/Migros-Kulturprozent.ch.xml
@@ -0,0 +1,21 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://facebook.migros-kulturprozent.ch/ => https://facebook.migros-kulturprozent.ch/: (28, 'Operation timed out after 30002 milliseconds with 0 bytes received')
+
+	For other Migros coverage, see Migros.xml.
+
+	Nonfunctional hosts in migros-kulturprozent.ch:
+		- migros-kulturprozent.ch (m)
+		- www.migros-kulturprozent.ch (m)
+		- archiv.migros-kulturprozent.ch (r)
+
+	m: mismatch
+	r: refused
+-->
+<ruleset name="Migros Kulturprozent (partial)" default_off="failed ruleset test">
+	<target host="facebook.migros-kulturprozent.ch"/>
+	<target host="foerderung.migros-kulturprozent.ch"/>
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Migros.xml b/src/chrome/content/rules/Migros.xml
new file mode 100644
index 000000000000..016ff6fd7033
--- /dev/null
+++ b/src/chrome/content/rules/Migros.xml
@@ -0,0 +1,146 @@
+
+<!--
+The following targets have been disabled at 2020-04-17 18:38:06:
+
+Fetch error: http://chinoise.migros.ch/ => https://chinoise.migros.ch/: (51, "SSL: no alternative certificate subject name matches target host name 'chinoise.migros.ch'")
+Fetch error: http://farmchips.migros.ch/ => https://farmchips.migros.ch/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://gmz75.migros.ch/ => https://gmz75.migros.ch/: (6, 'Could not resolve host: gmz75.migros.ch')
+Fetch error: http://momente.migros.ch/ => https://momente.migros.ch/: (51, "SSL: no alternative certificate subject name matches target host name 'momente.migros.ch'")
+Fetch error: http://vonuns-vonhier.migros.ch/ => https://vonuns-vonhier.migros.ch/: (51, "SSL: no alternative certificate subject name matches target host name 'vonuns-vonhier.migros.ch'")
+Fetch error: http://m-connect.ch/ => https://m-connect.ch/: (6, 'Could not resolve host: m-connect.ch')
+Fetch error: http://www.m-connect.ch/ => https://www.m-connect.ch/: (6, 'Could not resolve host: www.m-connect.ch')
+Fetch error: http://qual.m-connect.ch/ => https://qual.m-connect.ch/: (6, 'Could not resolve host: qual.m-connect.ch')
+
+	Other Migros rulesets:
+		- Chocolatfrey.ch.xml
+		- Exlibris.ch.xml
+		- Hotelplan.ch.xml
+		- Interhome.ch.xml
+		- Melectronics.ch.xml
+		- Micasa.ch.xml
+		- Migrol.ch.xml
+		- Migros-Bank.xml
+		- Migros-Ferien.ch.xml
+		- Migros-Kulturprozent.ch.xml
+		- Migrosmagazine.xml
+		- Myskai.ch.xml
+		- Officeworld.ch.xml
+		- Sportxx.ch.xml
+		- Tourismepourtous.ch.xml
+		- Vacando.ch.xml
+
+	HTTP redirect:
+		- generation-m.migros.ch
+		- sell.m-budget.migros.ch
+
+	Mismatch:
+		- banane.migros.ch
+		- captormania.migros.ch
+		- facebook.migros.ch
+		- farmmania.migros.ch
+		- icetea.migros.ch
+		- leger.migros.ch
+		- minimania.migros.ch
+		- photoservice.migros.ch
+		- sommer.cloud.migros.ch
+		- wiesenmilch.migros.ch
+
+		- (www\.)?migros-shop.ch
+		- migros-shop.de
+
+	Mixed content:
+		- www.migros-shop.at (product pages)
+		- www.migros-shop.de (product pages)
+
+	Refused:
+		- aha.migros.ch
+		- alnatura.migros.ch
+
+	Revoked:
+		- migros-shop.at
+
+	self-signed:
+		- 100ideen.migros.ch
+		- (www\.)?cloud.migros.ch
+
+	Incomplete cert chain:
+		- ideenfabrik.gmaare.migros.ch
+		- kundenrat.gmaare.migros.ch
+		- newsroom.migros.ch
+
+	Connection reset:
+		- dev.m-connect.ch
+-->
+<ruleset name="Migros">
+	<target host="migros.ch"/>
+	<target host="www.migros.ch"/>
+	<target host="american-favorites.migros.ch"/>
+	<target host="annasbest.migros.ch"/>
+	<target host="aproz.migros.ch"/>
+	<target host="aus-der-region.migros.ch"/>
+	<target host="avsb.migros.ch"/>
+	<target host="beauty.migros.ch"/>
+	<target host="bio.migros.ch"/>
+	<target host="brot.migros.ch"/>
+	<target host="candida.migros.ch"/>
+	<target host="cdn.migros.ch"/>
+	<!-- target host="chinoise.migros.ch" /-->
+	<target host="community.migros.ch"/>
+	<target host="famigros.migros.ch"/>
+	<target host="faq.migros.ch"/>
+	<!-- target host="farmchips.migros.ch" /-->
+	<target host="farmer.migros.ch"/>
+	<target host="filialen.migros.ch"/>
+	<target host="fisch.migros.ch"/>
+	<target host="geschenkkarte.migros.ch"/>
+	<!-- target host="gmz75.migros.ch" /-->
+	<target host="heidi.migros.ch"/>
+	<target host="image.migros.ch"/>
+	<target host="jobs.migros.ch"/>
+	<target host="kaffee.migros.ch"/>
+	<target host="login.migros.ch"/>
+	<target host="m-budget.migros.ch"/>
+		<target host="cockpit.m-budget.migros.ch"/>
+		<target host="guenstig.m-budget.migros.ch"/>
+		<target host="occasion.m-budget.migros.ch"/>
+		<target host="selfcare.m-budget.migros.ch"/>
+		<target host="shop.m-budget.migros.ch"/>
+	<target host="migipedia.migros.ch"/>
+	<target host="migros-service.migros.ch"/>
+	<target host="migusto.migros.ch"/>
+	<!-- target host="momente.migros.ch" /-->
+	<target host="prodotti.migros.ch"/>
+	<target host="produits.migros.ch"/>
+	<target host="produkte.migros.ch"/>
+	<target host="report.migros.ch"/>
+	<target host="selection.migros.ch"/>
+	<target host="sommer.migros.ch"/>
+	<target host="sozialnachhaltig.migros.ch"/>
+	<target host="subito.migros.ch"/>
+	<target host="sun-queen.migros.ch"/>
+	<target host="terrasuisse.migros.ch"/>
+	<target host="theke.migros.ch"/>
+	<target host="total.migros.ch"/>
+	<target host="valflora.migros.ch"/>
+	<!-- target host="vonuns-vonhier.migros.ch" /-->
+	<target host="wartung.migros.ch"/>
+	<target host="web-api.migros.ch"/>
+	<target host="weidebeef.migros.ch"/>
+
+	<target host="migipedia.ch"/>
+	<target host="www.migipedia.ch"/>
+
+	<!-- target host="m-connect.ch" /-->
+	<!-- target host="www.m-connect.ch" /-->
+	<!-- target host="qual.m-connect.ch" /-->
+
+	<target host="leshop.ch"/>
+	<target host="www.leshop.ch"/>
+
+	<!-- cert only matches www. -->
+	<rule from="^http://migipedia\.ch/"
+		to="https://www.migipedia.ch/"/>
+
+	<rule from="^http:"
+		to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/Migrosmagazine.xml b/src/chrome/content/rules/Migrosmagazine.xml
new file mode 100644
index 000000000000..6730ea653d31
--- /dev/null
+++ b/src/chrome/content/rules/Migrosmagazine.xml
@@ -0,0 +1,36 @@
+<!--
+	For other Migros coverage, see Migros.xml.
+
+	Nonfunctional hosts in brueckenbauer.ch:
+		- www.brueckenbauer.ch (m)
+
+	Nonfunctional hosts in migrosmagazin.ch:
+		- migrosmagazin.ch (m)
+		- news.migrosmagazin.ch (m)
+
+	Nonfunctional hosts in migrosmagazine.ch:
+		- migrosmagazine.ch (m)
+
+	m: mismatch
+	r: HTTP redirect
+-->
+<ruleset name="Migrosmagazine">
+	<!-- ^ does not exist -->
+	<target host="www.brueckenbauer.ch"/>
+
+	<target host="migrosmagazin.ch"/>
+	<target host="www.migrosmagazin.ch"/>
+
+	<target host="migrosmagazine.ch" />
+	<target host="www.migrosmagazine.ch" />
+
+	<!-- mismatch -->
+	<rule from="^http://www\.brueckenbauer\.ch/"
+		to="https://www.migrosmagazin.ch/"/>
+	<rule from="^http://migrosmagazin\.ch/"
+		to="https://www.migrosmagazin.ch/"/>
+	<rule from="^http://migrosmagazine\.ch/"
+		to="https://www.migrosmagazine.ch/"/>
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mijingo.com.xml b/src/chrome/content/rules/Mijingo.com.xml
new file mode 100644
index 000000000000..331fdb968ca7
--- /dev/null
+++ b/src/chrome/content/rules/Mijingo.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Mijingo.com">
+	<target host="mijingo.com"/>
+	<target host="www.mijingo.com"/>
+
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/MijnING.xml b/src/chrome/content/rules/MijnING.xml
deleted file mode 100644
index e84b1dac169f..000000000000
--- a/src/chrome/content/rules/MijnING.xml
+++ /dev/null
@@ -1,5 +0,0 @@
-<ruleset name="Mijn ING">
-  <target host="mijn.ing.nl" />
-  <target host="mijnzakelijk.ing.nl" />
-  <rule from="^http://mijn(zakelijk)?\.ing\.nl/" to="https://mijn$1.ing.nl/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/Mijn_D66.nl.xml b/src/chrome/content/rules/Mijn_D66.nl.xml
new file mode 100644
index 000000000000..e0246d4af5df
--- /dev/null
+++ b/src/chrome/content/rules/Mijn_D66.nl.xml
@@ -0,0 +1,16 @@
+<!--
+	For other D66 coverage, see D66.nl.xml.
+
+-->
+<ruleset name="Mijn D66.nl">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="mijnd66.nl" />
+	<target host="www.mijnd66.nl" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mike_Ash.com.xml b/src/chrome/content/rules/Mike_Ash.com.xml
new file mode 100644
index 000000000000..6c81a18b5d5f
--- /dev/null
+++ b/src/chrome/content/rules/Mike_Ash.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="Mike Ash.com">
+
+	<target host="mikeash.com" />
+	<target host="www.mikeash.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mike_Conley.ca.xml b/src/chrome/content/rules/Mike_Conley.ca.xml
new file mode 100644
index 000000000000..e8e1e038303a
--- /dev/null
+++ b/src/chrome/content/rules/Mike_Conley.ca.xml
@@ -0,0 +1,10 @@
+<ruleset name="Mike Conley.ca">
+
+	<target host="mikeconley.ca" />
+	<target host="www.mikeconley.ca" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mike_Masin.xml b/src/chrome/content/rules/Mike_Masin.xml
deleted file mode 100644
index 633151598306..000000000000
--- a/src/chrome/content/rules/Mike_Masin.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Mike Masin">
-
-	<target host="mikemasin.com" />
-	<target host="*.mikemasin.com" />
-
-
-	<securecookie host="^\.mikemasin\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?mikemasin\.com/"
-		to="https://$1mikemasin.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Mikel-Olasagasti-Uranga.xml b/src/chrome/content/rules/Mikel-Olasagasti-Uranga.xml
deleted file mode 100644
index bff2ae518f71..000000000000
--- a/src/chrome/content/rules/Mikel-Olasagasti-Uranga.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- revelation	(cert: olasagasti.info; redirects to mikel)
-
--->
-<ruleset name="Mikel Olasagasti Uranga (partial)" platform="cacert">
-
-	<target host="olasagasti.info" />
-	<target host="mikel.olasagasti.info" />
-
-
-	<rule from="^http://(mikel\.)?olasagasti\.info/"
-		to="https://$1olasagasti.info/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Mikle.com.xml b/src/chrome/content/rules/Mikle.com.xml
new file mode 100644
index 000000000000..640e9376a88a
--- /dev/null
+++ b/src/chrome/content/rules/Mikle.com.xml
@@ -0,0 +1,20 @@
+<!--
+	Nonfunctional hosts in *mikle.com:
+
+		- (www.)? *
+		- co *
+
+	* Dropped
+
+-->
+<ruleset name="Mikle.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="feed.mikle.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MikroTik.com.xml b/src/chrome/content/rules/MikroTik.com.xml
index b46ce427131d..d778d5525410 100644
--- a/src/chrome/content/rules/MikroTik.com.xml
+++ b/src/chrome/content/rules/MikroTik.com.xml
@@ -1,4 +1,9 @@
 <!--
+	CDN buckets:
+
+		- d355q2xs8kb5oj.cloudfront.net
+
+
 	Nonfunctional domains:
 
 		- mikrotik.com subdomains:
@@ -14,28 +19,63 @@
 
 	Problematic subdomains:
 
-		- ^		(cert only matches www)
-		- training	(dropped)
+		- download2 ¹
+		- training ²
 
-
-	Mixed content:
-
-		- Images on www from i.mt.lv
+	¹ Cloudfront
+	² Dropped
 
 -->
 <ruleset name="MikroTik.com (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="mikrotik.com" />
-	<target host="*.mikrotik.com" />
+	<target host="www.mikrotik.com" />
+
+	<!--	Complications:
+				-->
+	<target host="download2.mikrotik.com" />
+	<!--target host="training.mikrotik.com" /-->
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.mikrotik\.com/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.mikrotik\.com/+(?!client(?:$|[?/])|css/|favicon\.ico|img/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.mikrotik.com/buy" />
+			<test url="http://www.mikrotik.com/consultants" />
+			<test url="http://www.mikrotik.com/documentation" />
+			<test url="http://www.mikrotik.com/download" />
+			<test url="http://www.mikrotik.com/mfm" />
+			<test url="http://www.mikrotik.com/support.html" />
+			<test url="http://www.mikrotik.com/training/" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.mikrotik.com/client/" />
+			<test url="http://www.mikrotik.com/css/front.css" />
+			<test url="http://www.mikrotik.com/favicon.ico" />
+			<test url="http://www.mikrotik.com/img/header/gogo.png" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.mikrotik\.com$" name="^PHPSESSID$" /-->
+
+	<!--securecookie host="^www\.mikrotik\.com$" name=".+" /-->
 
 
-	<securecookie host="^www\.mikrotik\.com$" name=".+" />
+	<rule from="^http:" to="https:" />
 
+	<!--rule from="^http://training\.mikrotik\.com/.*"
+		to="https://www.mikrotik.com/training/" /-->
 
-	<rule from="^http://(?:www\.)?mikrotik\.com/"
-		to="https://www.mikrotik.com/" />
 
-	<rule from="^http://training\.mikrotik\.com/.*"
-		to="https://www.mikrotik.com/training/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Mikrocontroller.net.xml b/src/chrome/content/rules/Mikrocontroller.net.xml
index 209f8e288fc4..5aed0a36a305 100644
--- a/src/chrome/content/rules/Mikrocontroller.net.xml
+++ b/src/chrome/content/rules/Mikrocontroller.net.xml
@@ -2,5 +2,5 @@
     <target host="mikrocontroller.net" />
     <target host="www.mikrocontroller.net" />
 
-    <rule from="^http://(www\.)?mikrocontroller\.net/" to="https://www.mikrocontroller.net/" />
+    <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/MilAnuncios.com.xml b/src/chrome/content/rules/MilAnuncios.com.xml
new file mode 100644
index 000000000000..4840c961c267
--- /dev/null
+++ b/src/chrome/content/rules/MilAnuncios.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="MilAnuncios.com">
+
+	<target host="milanuncios.com" />
+
+	<target host="img.milanuncios.com" />
+	<target host="static.milanuncios.com" />
+	<target host="www.milanuncios.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Milchkind.net.xml b/src/chrome/content/rules/Milchkind.net.xml
index fa484eb96175..14dcbb772a3a 100644
--- a/src/chrome/content/rules/Milchkind.net.xml
+++ b/src/chrome/content/rules/Milchkind.net.xml
@@ -3,10 +3,9 @@
 	<target host="zwischenwelt.milchkind.net" />
 
 
-	<securecookie host="^zwischenwelt\.milchkind\.net$" name=".*" />
+	<securecookie host="^zwischenwelt\.milchkind\.net$" name=".+" />
 
 
-	<rule from="^http://zwischenwelt\.milchkind\.net/"
-		to="https://zwischenwelt.milchkind.net/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/MileIQ.com.xml b/src/chrome/content/rules/MileIQ.com.xml
new file mode 100644
index 000000000000..ad8d5ca67a33
--- /dev/null
+++ b/src/chrome/content/rules/MileIQ.com.xml
@@ -0,0 +1,51 @@
+<!--
+	Problematic hosts:
+
+		- support *
+		- try *
+
+	* Mismatched
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .mileiq.com
+		- dashboard.mileiq.com
+		- try.mileiq.com
+
+-->
+<ruleset name="MileIQ.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="dashboard.mileiq.com" />
+	<!--target host="support.mileiq.com" /-->
+	<!--target host="try.mileiq.com" /-->
+	<target host="www.mileiq.com" />
+
+	<!--	Complications:
+				-->
+	<target host="mileiq.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.mileiq\.com$" name="^(__cfduid|cf_clearance|ubvt)$" /-->
+	<!--securecookie host="^\.dashboard\.mileiq\.com$" name="^SessionProxyFilter_SessionId$" /-->
+	<!--securecookie host="^try\.mileiq\.com$" name="^(ubpv|ubvs)$" /-->
+
+	<securecookie host="^\.dashboard\.mileiq\.com$" name=".+" />
+
+
+	<!--	Redirect keeps path and args,
+		but not forward slash:
+					-->
+	<rule from="^http://mileiq\.com/+"
+		to="https://www.mileiq.com/" />
+
+		<test url="http://mileiq.com//resources" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Milepoint.xml b/src/chrome/content/rules/Milepoint.xml
deleted file mode 100644
index 5dc507668f7f..000000000000
--- a/src/chrome/content/rules/Milepoint.xml
+++ /dev/null
@@ -1,4 +0,0 @@
-<ruleset name="Milepoint.com">
-    <target host="milepoint.com"/>
-    <rule from="^http://(?:www\.)?milepoint\.com/" to="https://milepoint.com/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/Miles-and-more.xml b/src/chrome/content/rules/Miles-and-more.xml
index 3a90f7607f5a..fdab49992ffc 100644
--- a/src/chrome/content/rules/Miles-and-more.xml
+++ b/src/chrome/content/rules/Miles-and-more.xml
@@ -6,16 +6,16 @@
   <target host="miles-and-more-kreditkarte.com" />
   <target host="*.miles-and-more-kreditkarte.com" />
 
-  <securecookie host="^(.*\.)?miles-and-more.com$" name=".*" />
+  <securecookie host="^(?:.*\.)?miles-and-more.com$" name=".+" />
 
   <rule from="^http://(?:www\.)?miles-and-more\.com/" to="https://www.miles-and-more.com/"/>
 
-  <rule from="^https?://meilenrechner\.de/"
+  <rule from="^http://meilenrechner\.de/"
     to="https://www.meilenrechner.de/"/>
   <rule from="^http://([^/:@]+)?\.meilenrechner\.de/"
     to="https://$1.meilenrechner.de/" />
 
-  <rule from="^https?://miles-and-more-kreditkarte\.com/"
+  <rule from="^http://miles-and-more-kreditkarte\.com/"
     to="https://www.miles-and-more-kreditkarte.com/"/>
   <rule from="^http://([^/:@]+)?\.miles-and-more-kreditkarte\.com/"
     to="https://$1.miles-and-more-kreditkarte.com/" />
diff --git a/src/chrome/content/rules/MilitarySuper.xml b/src/chrome/content/rules/MilitarySuper.xml
new file mode 100644
index 000000000000..d46a02f5a292
--- /dev/null
+++ b/src/chrome/content/rules/MilitarySuper.xml
@@ -0,0 +1,7 @@
+<ruleset name="Military Super">
+	<target host="militarysuper.gov.au" />
+	<target host="www.militarysuper.gov.au" />
+
+	<rule from="^http://(?:www\.)?militarysuper\.gov\.au/"
+		to="https://www.militarysuper.gov.au/" />
+</ruleset>
diff --git a/src/chrome/content/rules/MilkAndMore.xml b/src/chrome/content/rules/MilkAndMore.xml
index 6b9281f01e14..1e41cf7d3dc7 100644
--- a/src/chrome/content/rules/MilkAndMore.xml
+++ b/src/chrome/content/rules/MilkAndMore.xml
@@ -2,7 +2,7 @@
   <target host="milkandmore.co.uk" />
   <target host="www.milkandmore.co.uk" />
 
-  <securecookie host="^([^@:/]+\.)?milkandmore\.co\.uk$" name=".*"/>
+  <securecookie host="^(?:[^@:/]+\.)?milkandmore\.co\.uk$" name=".+" />
 
   <rule from="^http://(?:www\.)?milkandmore\.co\.uk/" to="https://www.milkandmore.co.uk/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/Millennium_Seating.xml b/src/chrome/content/rules/Millennium_Seating.xml
index e092945deae5..6fb5fc32aa4e 100644
--- a/src/chrome/content/rules/Millennium_Seating.xml
+++ b/src/chrome/content/rules/Millennium_Seating.xml
@@ -5,25 +5,19 @@
 
 			- static.millenniumseating.com
 
-
-	Nonfunctional subdomains:
-
-		- blog		(502)
-
-
-	Some pages redirect to http.
-
 -->
 <ruleset name="Millennium Seating (partial)">
 
 	<target host="millenniumseating.com" />
 	<target host="www.millenniumseating.com" />
+	<target host="static.millenniumseating.com" />
 
+		<test url="http://www.millenniumseating.com/favicon.ico" />
+		<test url="http://millenniumseating.com/favicon.ico" />
 
-	<rule from="^http://(www\.)?millenniumseating\.com/(buttons/|favicon\.ico|images/|[sS]tore/(?:i/|inc/|login\.aspx|[tT]emplates/))"
-		to="https://$1millenniumseating.com/$2" />
-
-	<rule from="^https?://static\.millenniumseating\.com/"
+	<rule from="^http://static\.millenniumseating\.com/"
 		to="https://d2oplcg29czvvo.cloudfront.net/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MillionShort.com.xml b/src/chrome/content/rules/MillionShort.com.xml
new file mode 100644
index 000000000000..276ceaaa9bbc
--- /dev/null
+++ b/src/chrome/content/rules/MillionShort.com.xml
@@ -0,0 +1,13 @@
+<!--
+	Timeout:
+		- dns.millionshort.com
+		- gold.millionshort.com
+		- new.millionshort.com
+		- staging.millionshort.com
+-->
+<ruleset name="MillionShort.com">
+	<target host="millionshort.com" />
+	<target host="www.millionshort.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Millward-Brown.xml b/src/chrome/content/rules/Millward-Brown.xml
index bb96a2ee8307..bc590ba1151e 100644
--- a/src/chrome/content/rules/Millward-Brown.xml
+++ b/src/chrome/content/rules/Millward-Brown.xml
@@ -10,11 +10,11 @@
 	<target host="www.millwardbrown.com" />
 
 
-	<securecookie host="^www\.millwardbrown\.com$" name=".*" />
+	<securecookie host="^www\.millwardbrown\.com$" name=".+" />
 
 
 	<!--	Cert only matches www.	-->
-	<rule from="^https?://(?:www\.)?millwardbrown\.com/"
+	<rule from="^http://(?:www\.)?millwardbrown\.com/"
 		to="https://www.millwardbrown.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Milonic.xml b/src/chrome/content/rules/Milonic.xml
index 83a3cbe91e2d..e9ba37a65e60 100644
--- a/src/chrome/content/rules/Milonic.xml
+++ b/src/chrome/content/rules/Milonic.xml
@@ -1,3 +1,8 @@
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://milonic.com/ => http://milonic.com/: Redirect for 'http://www.milonic.com/' missing Location
+Fetch error: http://www.milonic.com/ => http://www.milonic.com/: Redirect for 'http://www.milonic.com/' missing Location
+-->
 <ruleset name="Milonic (partial)">
 
 	<target host="milonic.com" />
diff --git a/src/chrome/content/rules/Milton-Keynes.gov.uk.xml b/src/chrome/content/rules/Milton-Keynes.gov.uk.xml
new file mode 100644
index 000000000000..dcdd6decc1b2
--- /dev/null
+++ b/src/chrome/content/rules/Milton-Keynes.gov.uk.xml
@@ -0,0 +1,62 @@
+<!--
+	Milton Keynes Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *milton-keynes.gov.u:
+
+		- cmis ᶠ
+		- elicensing ᶠ
+
+	ᶠ Handshake fails
+
+
+	These altnames don't exist:
+
+		- www.childcare.milton-keynes.gov.uk
+		- www.emsonline.milton-keynes.gov.uk
+
+
+	Insecure cookies are set for these hosts:
+
+		- childcare.milton-keynes.gov.uk
+		- mapping.milton-keynes.gov.uk
+		- my.milton-keynes.gov.uk
+		- onlineservices.milton-keynes.gov.uk
+		- public01.milton-keynes.gov.uk
+
+
+	Mixed content:
+
+		- Bug on (www.)? from socitm.govmetric.com ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="Milton-Keynes.gov.uk (partial)">
+
+	<target host="milton-keynes.gov.uk" />
+	<target host="childcare.milton-keynes.gov.uk" />
+	<target host="emsonline.milton-keynes.gov.uk" />
+	<target host="mapping.milton-keynes.gov.uk" />
+	<target host="my.milton-keynes.gov.uk" />
+	<target host="onlineservices.milton-keynes.gov.uk" />
+	<target host="public01.milton-keynes.gov.uk" />
+	<target host="www.milton-keynes.gov.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^childcare\.milton-keynes\.gov\.uk$" name="^PE(?:Language|Test)Cookie$" /-->
+	<!--securecookie host="^mapping\.milton-keynes\.gov\.uk$" name="^(?:ASP\.NET_SessionId|astun|atLocation|atMyCouncil)$" /-->
+	<!--securecookie host="^my\.milton-keynes\.gov\.uk$" name="^(?:ASP\.NET_SessionId|PageMode)$" /-->
+	<!--securecookie host="^(?:onlineservices|public01)\.milton-keynes\.gov\.uk$" name="^ASPSESSIONID[A-Z]{8}$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Milwaukee-Makerspace.xml b/src/chrome/content/rules/Milwaukee-Makerspace.xml
index b25554f34cda..f61371ad9d39 100644
--- a/src/chrome/content/rules/Milwaukee-Makerspace.xml
+++ b/src/chrome/content/rules/Milwaukee-Makerspace.xml
@@ -1,14 +1,13 @@
-<ruleset name="Milwaukee Makerspace" default_off="self-signed">
+<ruleset name="Milwaukee Makerspace">
 
-	<!--	Cert: Parallels Panel	-->
 	<target host="milwaukeemakerspace.org" />
 	<target host="www.milwaukeemakerspace.org" />
 
 
-	<securecookie host="^milwaukeemakerspace\.org$" name=".*" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?milwaukeemakerspace\.org/"
-		to="https://milwaukeemakerspace.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/MinFil.org.xml b/src/chrome/content/rules/MinFil.org.xml
new file mode 100644
index 000000000000..2ad35609603f
--- /dev/null
+++ b/src/chrome/content/rules/MinFil.org.xml
@@ -0,0 +1,12 @@
+<ruleset name="MinFil.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="minfil.org" />
+	<target host="www.minfil.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Minalyzer.com.xml b/src/chrome/content/rules/Minalyzer.com.xml
deleted file mode 100644
index 203683b9d29f..000000000000
--- a/src/chrome/content/rules/Minalyzer.com.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<!--
-	For other Chambal coverage, see Chambal.com.xml.
-
-
-	CDN buckets:
-
-		- images.minalyzer.com.s3.amazonaws.com
-
-
-	Nonfunctional subdomains:
-
-		- ^	(http reply)
-		- www	(shows app; mismatched, CN: app.sunosunao.com)
-
--->
-<ruleset name="Minalyzer.com (partial)">
-
-	<target host="images.minalyzer.com" />
-
-
-	<rule from="^http://images\.minalyzer\.com/"
-		to="https://s3.amazonaws.com/images.minalyzer.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Minazo.net.xml b/src/chrome/content/rules/Minazo.net.xml
deleted file mode 100644
index c4666f8f03cb..000000000000
--- a/src/chrome/content/rules/Minazo.net.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!-- This rule was automatically generated based on an HSTS
-     preload rule in the Chromium browser.  See
-     https://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.h
-     for the list of preloads.  Sites are added to the Chromium HSTS
-     preload list on request from their administrators, so HTTPS should
-     work properly everywhere on this site.
-
-     Because Chromium and derived browsers automatically force HTTPS for
-     every access to this site, this rule applies only to Firefox. -->
-<ruleset name="Minazo.net" platform="firefox">
-<target host="bigshinylock.minazo.net" />
-
-<securecookie host="^bigshinylock\.minazo\.net$" name=".+" />
-
-<rule from="^http://bigshinylock\.minazo\.net/" to="https://bigshinylock.minazo.net/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Minbank.ru.xml b/src/chrome/content/rules/Minbank.ru.xml
new file mode 100644
index 000000000000..bcab2f946eb4
--- /dev/null
+++ b/src/chrome/content/rules/Minbank.ru.xml
@@ -0,0 +1,26 @@
+<!--
+bclb.minbank.ru ³
+crmgate.minbank.ru ³
+ns.minbank.ru ³
+old.minbank.ru ³
+relay438.minbank.ru ³
+relay600.minbank.ru ³
+ns.vladimir.minbank.ru ³
+wap.minbank.ru ³
+wclb.minbank.ru ³
+
+
+³ timed out
+-->
+<ruleset name="minbank.ru">
+	<target host="minbank.ru" />
+	<target host="www.minbank.ru" />
+	<target host="acs.minbank.ru" />
+	<target host="clbank.minbank.ru" />
+	<target host="gate.minbank.ru" />
+	<target host="mpi.minbank.ru" />
+	<target host="mpit.minbank.ru" />
+	<target host="telebank.minbank.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mind.org.uk.xml b/src/chrome/content/rules/Mind.org.uk.xml
new file mode 100644
index 000000000000..335314684bc8
--- /dev/null
+++ b/src/chrome/content/rules/Mind.org.uk.xml
@@ -0,0 +1,45 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+			 - crisiscareapp.mind.org.uk
+
+		Timeout was reached:
+			 - ecards.mind.org.uk
+			 - report.mind.org.uk
+
+		SSL peer certificate was not OK:
+			 - getsettogo.mind.org.uk
+			 - somewhere.mind.org.uk
+
+		Peer certificate cannot be authenticated with given CA certificates:
+			 - bluelight.mind.org.uk
+
+		Status code mismatch:
+			 - xmascards.mind.org.uk
+
+		4xx client error:
+			 - intranet.mind.org.uk
+			 - staging.mind.org.uk
+
+		Secure connection redirects to plaintext:
+			 - memoryspace.mind.org.uk
+
+		Mixed content blocking (MCB) tiggered:
+			 - shop.mind.org.uk (default to HTTPS)
+-->
+<ruleset name="Mind.org.uk (partial)">
+	<target host="mind.org.uk" />
+	<target host="www.mind.org.uk" />
+	<target host="action.mind.org.uk" />
+	<target host="www.action.mind.org.uk" />
+	<target host="anxiety.mind.org.uk" />
+	<target host="imt.mind.org.uk" />
+	<target host="lmas.mind.org.uk" />
+	<target host="shop.mind.org.uk" />
+	<target host="smtp.mind.org.uk" />
+	<target host="webaccess.mind.org.uk" />
+
+	<securecookie host="^(?:www\.|shop\.)?mind\.org\.uk$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mind.xml b/src/chrome/content/rules/Mind.xml
deleted file mode 100644
index f29e0c1d66d1..000000000000
--- a/src/chrome/content/rules/Mind.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	Problematic subdomains:
-
-		- ^	(cert only matches www)
-
-
-	Some pages redirect to http
-
--->
-<ruleset name="Mind (partial)">
-
-	<target host="mind.org.uk" />
-	<target host="www.mind.org.uk" />
-
-
-	<rule from="^http://(?:www\.)?mind\.org\.uk/(assets/|favicon\.ico|images/|javascripts/|login(?:$|\?|/)|stylesheets/)"
-		to="https://www.mind.org.uk/$1" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/MindModeling.org.xml b/src/chrome/content/rules/MindModeling.org.xml
new file mode 100644
index 000000000000..1e42062b1c23
--- /dev/null
+++ b/src/chrome/content/rules/MindModeling.org.xml
@@ -0,0 +1,13 @@
+<ruleset name="MindModeling.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="mindmodeling.org" />
+	<target host="flacs.mindmodeling.org" />
+	<target host="www.mindmodeling.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MindTouch.com.xml b/src/chrome/content/rules/MindTouch.com.xml
new file mode 100644
index 000000000000..181428e78d2e
--- /dev/null
+++ b/src/chrome/content/rules/MindTouch.com.xml
@@ -0,0 +1,48 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://f1.support.mindtouch.com/ => https://f1.support.mindtouch.com/: (51, "SSL: no alternative certificate subject name matches target host name 'f1.support.mindtouch.com'")
+
+	Other MindTouch rulesets:
+
+		- MindTouch.us.xml
+		- Mtstatic.com.xml
+
+
+	Fully covered hosts:
+
+		- (www.)?
+		- success
+		- f1.success
+		- support
+		- f1.support
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .mindtouch.com
+
+-->
+<ruleset name="MindTouch.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="mindtouch.com" />
+	<target host="success.mindtouch.com" />
+	<target host="f1.success.mindtouch.com" />
+	<target host="support.mindtouch.com" />
+	<target host="f1.support.mindtouch.com" />
+	<target host="www.mindtouch.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.mindtouch\.com$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.mindtouch\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MindTouch.us.xml b/src/chrome/content/rules/MindTouch.us.xml
new file mode 100644
index 000000000000..4b4c2a7f7713
--- /dev/null
+++ b/src/chrome/content/rules/MindTouch.us.xml
@@ -0,0 +1,34 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://help.mindtouch.us/ => https://help.mindtouch.us/: (51, "SSL: no alternative certificate subject name matches target host name 'help.mindtouch.us'")
+Fetch error: http://f1.help.mindtouch.us/ => https://f1.help.mindtouch.us/: (51, "SSL: no alternative certificate subject name matches target host name 'f1.help.mindtouch.us'")
+
+	For other MindTouch coverage, see MindTouch.com.xml.		-
+
+
+	Fully covered hosts:
+
+		- (www.)?
+		- help
+		- f1.help
+		- sapseod
+		- f1.sapseod
+
+-->
+<ruleset name="MindTouch.us" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="mindtouch.us" />
+	<target host="help.mindtouch.us" />
+	<target host="f1.help.mindtouch.us" />
+	<target host="sapseod.mindtouch.us" />
+	<target host="f1.sapseod.mindtouch.us" />
+	<target host="www.mindtouch.us" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mind_Tools.com.xml b/src/chrome/content/rules/Mind_Tools.com.xml
new file mode 100644
index 000000000000..542ebbd3d92e
--- /dev/null
+++ b/src/chrome/content/rules/Mind_Tools.com.xml
@@ -0,0 +1,42 @@
+<!--
+	NB: Tor users cannot view* this website due to CloudFlare settings.
+
+	See:
+
+		- https://blog.torproject.org/blog/call-arms-helping-internet-services-accept-anonymous-users
+		- https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block-Tor-
+		- https://support.cloudflare.com/hc/en-us/articles/200170206-How-do-I-turn-I-m-Under-Attack-mode-on-
+
+	* without enabling javascript, for security and privacy implications see e.g.:
+
+		- https://www.mozilla.org/security/known-vulnerabilities/firefox.html
+		- https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-fingerprinting
+		- https://panopticlick.eff.org
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- .mindtools.com
+		- www.mindtools.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Mind Tools.com">
+
+	<target host="mindtools.com" />
+	<target host="www.mindtools.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.mindtools\.com$" name="^(__cfduid|cf_clearance)$" /-->
+	<!--securecookie host="^www\.mindtools\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mindfactory.de.xml b/src/chrome/content/rules/Mindfactory.de.xml
new file mode 100644
index 000000000000..e7343eeda105
--- /dev/null
+++ b/src/chrome/content/rules/Mindfactory.de.xml
@@ -0,0 +1,22 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://image.mindfactory.de/ => https://image.mindfactory.de/: (51, "SSL: no alternative certificate subject name matches target host name 'image.mindfactory.de'")
+Fetch error: http://mobile.mindfactory.de/ => https://mobile.mindfactory.de/: (51, "SSL: no alternative certificate subject name matches target host name 'mobile.mindfactory.de'")
+
+    Problematic subdomains:
+    - blog.mindfactory.de (different content)
+    - user.mindfactory.de (invalid, CN=www6.kd-menue.de)
+-->
+<ruleset name="Mindfactory.de" default_off="failed ruleset test">
+	<target host="mindfactory.de" />
+	<target host="www.mindfactory.de" />
+
+	<target host="ads.mindfactory.de" />
+	<target host="forum.mindfactory.de" />
+	<target host="image.mindfactory.de" />
+	<target host="m.mindfactory.de" />
+	<target host="mobile.mindfactory.de" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mindrot.xml b/src/chrome/content/rules/Mindrot.xml
index 57360ca1b1bf..8abb67242d21 100644
--- a/src/chrome/content/rules/Mindrot.xml
+++ b/src/chrome/content/rules/Mindrot.xml
@@ -1,5 +1,29 @@
-<ruleset name="lists.mindrot.org">
-  <target host="lists.mindrot.org" />
+<!--
+	(www.)?mindrot.org: Plaintext reply
+
+
+	Insecure cookies are set for these hosts:
+
+		- bugzilla.mindrot.org
+
+-->
+<ruleset name="mindrot.org (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="anongit.mindrot.org" />
+	<target host="bugzilla.mindrot.org" />
+	<target host="lists.mindrot.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^bugzilla\.mindrot\.org$" name="^(Bugzilla_login_request_cookie|DEFAULTFORMAT)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
-  <rule from="^http://lists\.mindrot\.org/" to="https://lists.mindrot.org/" />
 </ruleset>
diff --git a/src/chrome/content/rules/Mindshare-Technologies.xml b/src/chrome/content/rules/Mindshare-Technologies.xml
index ee5b2b628cae..95e316535f3b 100644
--- a/src/chrome/content/rules/Mindshare-Technologies.xml
+++ b/src/chrome/content/rules/Mindshare-Technologies.xml
@@ -1,17 +1,8 @@
 <ruleset name="Mindshare Technologies">
-	<target host="fixuscms.com" />
-	<target host="www.fixuscms.com" />
 	<target host="mshare.net" />
-	<target host="em.mshare.net" />
-	<target host="webdev.mshare.net" />
 	<target host="www.mshare.net" />
 
-	<securecookie host="^(www\.)?mshare\.net$" name=".+" />
+	<securecookie host="^(?:www\.)?mshare\.net$" name=".+" />
 
-	<rule from="^https://(www\.)?fixuscms\.com/"
-		to="http://fixuscms.com/" downgrade="1" />
-	<rule from="^http://(www\.)?mshare\.net/"
-		to="https://$1mshare.net/" />
-	<rule from="^https://(em|webdev)\.mshare\.net/"
-		to="http://$1.mshare.net/" downgrade="1" />
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Minecraft.org.xml b/src/chrome/content/rules/Minecraft.org.xml
deleted file mode 100644
index 3a601800f53c..000000000000
--- a/src/chrome/content/rules/Minecraft.org.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Minecraft.org">
-
-	<target host="minecraft.org" />
-	<target host="*.minecraft.org" />
-
-
-	<securecookie host="^\.minecraft\.org$" name=".+" />
-
-
-	<rule from="^http://(forum\.|www\.)?minecraft\.org/"
-		to="https://$1minecraft.org/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Minecraft.xml b/src/chrome/content/rules/Minecraft.xml
index d0bffae8cea3..f4f5aeec535f 100644
--- a/src/chrome/content/rules/Minecraft.xml
+++ b/src/chrome/content/rules/Minecraft.xml
@@ -1,15 +1,52 @@
-<ruleset name="Minecraft">
+<!--
+	Non-functional hosts
+		Couldn't resolve host name:
+			 - account.minecraft.net
+			 - launch.minecraft.net
+			 - legacy-staging.minecraft.net
+			 - login.minecraft.net
+			 - peoapi.minecraft.net
+			 - peoapi-stage.minecraft.net
+			 - pigtales.minecraft.net
+			 - realms.minecraft.net
 
-	<target host="minecraft.net" />
-	<target host="www.minecraft.net" />
+		Couldn't connect to server:
+			 - hopper.minecraft.net
+			 - session.minecraft.net
+			 - snoop.minecraft.net
+
+		SSL connect error:
+			 - pocketbeta.minecraft.net
 
+		SSL peer certificate was not OK:
+			 - assets.minecraft.net
+			 - mcoapi.minecraft.net
+			 - mcoapi-stage.minecraft.net
 
-	<securecookie host="^www\.minecraft\.net$" name=".*" />
+		Status code mismatch:
+			 - libraries.minecraft.net
 
+		4xx client error:
+			 - resources.download.minecraft.net
+-->
+<ruleset name="Minecraft">
+	<target host="minecraft.net" />
+	<target host="www.minecraft.net" />
+	<target host="atlas.minecraft.net" />
+	<target host="beta.minecraft.net" />
+	<target host="community-content-assets.minecraft.net" />
+		<test url="http://community-content-assets.minecraft.net/upload/ed9b4900cb08e7816c271102383a250e-hiddenpitfall-download.pdf" />
+	<target host="education.minecraft.net" />
+	<target host="feedback.minecraft.net" />
+	<target host="minecon.minecraft.net" />
+	<target host="pi.minecraft.net" />
+	<target host="pc.realms.minecraft.net" />
+	<target host="pocket.realms.minecraft.net" />
+	<target host="redstone.minecraft.net" />
+	<target host="skins.minecraft.net" />
+	<target host="textures.minecraft.net" />
 
-	<!--	!www doesn't work.
-					-->
-	<rule from="^https?://(?:www\.)?minecraft\.net/"
-		to="https://www.minecraft.net/" />
+	<securecookie host=".+" name=".+" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Minecraft_Server_Lijst.NL.xml b/src/chrome/content/rules/Minecraft_Server_Lijst.NL.xml
index 4ab4e8c9783c..1cefee36d744 100644
--- a/src/chrome/content/rules/Minecraft_Server_Lijst.NL.xml
+++ b/src/chrome/content/rules/Minecraft_Server_Lijst.NL.xml
@@ -26,7 +26,7 @@
 			- i\d\d\d.photobucket.com
 			- www.planetminecraft.com
 			- cdn2.planetminecraft.com
-			- s\d\d.postimg.org
+			- s\d\d.postimg.org *
 			- puu.sh *
 			- minecraft.serverlijst.nl
 			- serverpact.nl
@@ -44,13 +44,12 @@
 <ruleset name="Minecraft Server Lijst.NL">
 
 	<target host="minecraftserverlijst.nl" />
-	<target host="*.minecraftserverlijst.nl" />
+	<target host="www.minecraftserverlijst.nl" />
 
 
 	<securecookie host="^\.?minecraftserverlijst\.nl$" name=".+" />
 
 
-	<rule from="^http://(www\.)?minecraftserverlijst\.nl/"
-		to="https://$1minecraftserverlijst.nl/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Minero.pw.xml b/src/chrome/content/rules/Minero.pw.xml
new file mode 100644
index 000000000000..25416b075d81
--- /dev/null
+++ b/src/chrome/content/rules/Minero.pw.xml
@@ -0,0 +1,8 @@
+<ruleset name="Minero.pw">
+	<target host="minero.pw" />
+	<target host="www.minero.pw" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Minetest.ru.xml b/src/chrome/content/rules/Minetest.ru.xml
index 756649ef2db5..20877175a5eb 100644
--- a/src/chrome/content/rules/Minetest.ru.xml
+++ b/src/chrome/content/rules/Minetest.ru.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://minetest.ru/ => https://minetest.ru/: (60, 'SSL certificate problem: certificate has expired')
+
 	Nonfunctional subdomains:
 
 		- users *
@@ -7,7 +11,7 @@
 	* Shows ^ over https
 
 -->
-<ruleset name="Minetest.ru (partial)">
+<ruleset name="Minetest.ru (partial)" default_off="failed ruleset test">
 
 	<target host="minetest.ru" />
 
@@ -15,7 +19,6 @@
 	<securecookie host="^minetest\.ru$" name=".+" />
 
 
-	<rule from="^http://minetest\.ru/"
-		to="https://minetest.ru/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/MingPao.com.xml b/src/chrome/content/rules/MingPao.com.xml
new file mode 100644
index 000000000000..27b2c923e27a
--- /dev/null
+++ b/src/chrome/content/rules/MingPao.com.xml
@@ -0,0 +1,82 @@
+<!--
+	Problematic domains:
+
+	Invalid certs:
+		- books.mingpao.com (incomplete certificate chain)
+		- www.jump.mingpao.com
+		- www.life.mingpao.com
+
+	SSL error:
+		- mobilenews.mingpao.com
+		- premium.mingpao.com
+		- tssl.mingpao.com
+		- video.mingpao.com
+
+	Mixed content:
+		- car.mingpao.com
+		- jump.mingpao.com
+		- jumpuat.mingpao.com
+		- video3.mingpao.com
+		- video4.mingpao.com
+
+	Different content in HTTPS:
+		- ce2017.mingpao.com
+		- eduexpo.mingpao.com
+		- fyp2016.mingpao.com
+		- happypama2.mingpao.com
+		- health2.mingpao.com
+		- oly2016.mingpao.com
+		- ppleak2016.mingpao.com
+		- wimbledon.mingpao.com
+		- wimbledon2016.mingpao.com
+
+	Timeout:
+		- code.mingpao.com
+		- ebook.mingpao.com
+		- indepth.mingpao.com
+		- link.mingpao.com
+		- reading.mingpao.com
+		- studentreporter.mingpao.com
+
+	Refused:
+		- mpdeluxe.mingpao.com
+
+	No working URL known:
+		- fs1.mingpao.com
+		- fs2.mingpao.com
+		- ol2.mingpao.com
+
+-->
+<ruleset name="MingPao.com">
+	<target host="mingpao.com" />
+	<target host="www.mingpao.com" />
+	<target host="creative.mingpao.com" />
+	<target host="education.mingpao.com" />
+	<target host="eletter.mingpao.com" />
+	<target host="english.mingpao.com" />
+	<target host="fs.mingpao.com" />
+		<test url="http://fs.mingpao.com/ins/20141008/s00001/1412782353076_A79F8ECD26DFA2241F3FC085E3A03B9F.pdf" />
+	<target host="happypama.mingpao.com" />
+	<target host="health.mingpao.com" />
+	<target host="jump.mingpao.com" />
+	<target host="jump2.mingpao.com" />
+	<target host="jumpuat.mingpao.com" />
+	<target host="jupas.mingpao.com" />
+	<target host="life.mingpao.com" />
+	<target host="life2.mingpao.com" />
+	<target host="m.mingpao.com" />
+	<target host="marketing.mingpao.com" />
+	<target host="marketing2.mingpao.com" />
+		<test url="http://marketing2.mingpao.com/htm/china_enterprise_2011/htm/album.htm" />
+	<target host="member.mingpao.com" />
+	<target host="news.mingpao.com" />
+	<target host="news1.mingpao.com" />
+	<target host="news2.mingpao.com" />
+	<target host="ol.mingpao.com" />
+	<target host="www.ol.mingpao.com" />
+	<target host="search.mingpao.com" />
+	<target host="startup.mingpao.com" />
+
+	<rule from="^http://www\.ol\.mingpao\.com/" to="https://ol.mingpao.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MiniJuegos_gratis.com.xml b/src/chrome/content/rules/MiniJuegos_gratis.com.xml
new file mode 100644
index 000000000000..2f4ab1261870
--- /dev/null
+++ b/src/chrome/content/rules/MiniJuegos_gratis.com.xml
@@ -0,0 +1,24 @@
+<!--
+	Nonfunctional subdomains:
+
+		- s3 *
+
+	* Shows ssl; mismatched, CN: ssl.minijuegosgratis.com
+
+
+	www: mismatched, CN: minijuegosgratis.com
+
+
+	^minijuegosgratis.com doesn't exist.
+
+-->
+<ruleset name="MiniJuegos gratis.com (partial)">
+
+	<target host="ssl.minijuegosgratis.com" />
+	<target host="www.minijuegosgratis.com" />
+		<!--exclusion pattern="http://s3\.minijuegosgratis\.com/" /-->
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MiniLock.io.xml b/src/chrome/content/rules/MiniLock.io.xml
new file mode 100644
index 000000000000..cc52a766df6e
--- /dev/null
+++ b/src/chrome/content/rules/MiniLock.io.xml
@@ -0,0 +1,28 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://minilock.io/ => https://minilock.io/: (6, 'Could not resolve host: minilock.io')
+Fetch error: http://www.minilock.io/ => https://www.minilock.io/: (6, 'Could not resolve host: www.minilock.io')
+
+	Insecure cookies are set for these domains:
+
+		- .minilock.io
+
+-->
+<ruleset name="miniLock.io" default_off="failed ruleset test">
+
+	<target host="minilock.io" />
+	<target host="www.minilock.io" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.minilock\.io$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.minilock\.io$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Miniand-Tech.xml b/src/chrome/content/rules/Miniand-Tech.xml
index 71dc1e648c0f..053f9e26af95 100644
--- a/src/chrome/content/rules/Miniand-Tech.xml
+++ b/src/chrome/content/rules/Miniand-Tech.xml
@@ -1,4 +1,9 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://miniand.com/ => https://miniand.com/: (7, 'Failed to connect to miniand.com port 443: Connection refused')
+Fetch error: http://www.miniand.com/ => https://www.miniand.com/: (6, 'Could not resolve host: www.miniand.com')
+
 	Nonfunctional subdomains:
 
 		- dl	(502)
@@ -7,16 +12,15 @@
 	dl serves images only.
 
 -->
-<ruleset name="Miniand Tech (partial)">
+<ruleset name="Miniand Tech (partial)" default_off="failed ruleset test">
 
 	<target host="miniand.com" />
-	<target host="*.miniand.com" />
+	<target host="www.miniand.com" />
 
 
-	<securecookie host="^(?:www)?\.miniand\.com$" name=".*" />
+	<securecookie host="^(?:www)?\.miniand\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?miniand\.com/"
-		to="https://www.miniand.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Miniatur-Wunderland.xml b/src/chrome/content/rules/Miniatur-Wunderland.xml
index 7d8c51114265..c656747c7e9b 100644
--- a/src/chrome/content/rules/Miniatur-Wunderland.xml
+++ b/src/chrome/content/rules/Miniatur-Wunderland.xml
@@ -2,5 +2,5 @@
  <target host="www.miniatur-wunderland.de" />
  <target host="miniatur-wunderland.de" />
 
- <rule from="^http://(www\.)?miniatur-wunderland\.de/" to="https://www.miniatur-wunderland.de/"/>
+ <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Miniclip_CDN.com.xml b/src/chrome/content/rules/Miniclip_CDN.com.xml
index 7253351344c2..f7d2d4750b5d 100644
--- a/src/chrome/content/rules/Miniclip_CDN.com.xml
+++ b/src/chrome/content/rules/Miniclip_CDN.com.xml
@@ -1,9 +1,10 @@
-<ruleset name="Miniclip CDN.com">
-
-	<target host="*.miniclipcdn.com" />
-
-
-	<rule from="^http://static(3)?\.miniclipcdn\.com/"
-		to="https://static$1.miniclipcdn.com/" />
-
+<ruleset name="MiniclipCDN.com">
+	<target host="images.miniclipcdn.com" />
+	<target host="images1.miniclipcdn.com" />
+	<target host="static.miniclipcdn.com" />
+	<target host="static2.miniclipcdn.com" />
+	<target host="static3.miniclipcdn.com" />
+
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Minijob-zentrale.de.xml b/src/chrome/content/rules/Minijob-zentrale.de.xml
new file mode 100644
index 000000000000..a09931f0df0a
--- /dev/null
+++ b/src/chrome/content/rules/Minijob-zentrale.de.xml
@@ -0,0 +1,17 @@
+<!--
+	Invalid certificate:
+		minijob-zentrale.de
+
+-->
+<ruleset name="Minijob-Zentrale.de">
+
+	<target host="minijob-zentrale.de" />
+	<target host="www.minijob-zentrale.de" />
+	<target host="blog.minijob-zentrale.de" />
+
+	<rule from="^http://minijob-zentrale\.de/"
+		to="https://www.minijob-zentrale.de/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mining.Bitcoin.cz.xml b/src/chrome/content/rules/Mining.Bitcoin.cz.xml
index 904c00e02244..f335fbe8fbb1 100644
--- a/src/chrome/content/rules/Mining.Bitcoin.cz.xml
+++ b/src/chrome/content/rules/Mining.Bitcoin.cz.xml
@@ -1,4 +1,19 @@
-<ruleset name="Mining.Bitcoin.cz">
-  <target host="*.bitcoin.cz" />
-  <rule from="^http://(www\.)?mining\.bitcoin\.cz/" to="https://mining.bitcoin.cz/"/>
-</ruleset>
+<!--
+  302 on mining.bitcoin.cz
+    https://slushpool.com/
+
+	Problematic subdomains:
+
+		- beta.mining (dropped, mismatch)
+		- support *
+
+	* Mismatched
+    - CN: *.kayako.com
+    - old.bitcoin.cz
+-->
+<ruleset name="Mining.Bitcoin.cz">
+	<target host="mining.bitcoin.cz" />
+
+	<rule from="^http:"
+		to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/Ministerialtidende.dk.xml b/src/chrome/content/rules/Ministerialtidende.dk.xml
new file mode 100644
index 000000000000..3508bd20c91d
--- /dev/null
+++ b/src/chrome/content/rules/Ministerialtidende.dk.xml
@@ -0,0 +1,34 @@
+<!--
+	^ministerialtidende.dk: Reset
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.ministerialtidende.dk
+
+-->
+<ruleset name="Ministerialtidende.dk">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.ministerialtidende.dk" />
+
+	<!--	Complications:
+				-->
+	<target host="ministerialtidende.dk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.ministerialtidende\.dk$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^www\.ministerialtidende\.dk$" name=".+" />
+
+
+	<rule from="^http://ministerialtidende\.dk/"
+		to="https://www.ministerialtidende.dk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ministry_of_Justice.xml b/src/chrome/content/rules/Ministry_of_Justice.xml
index a6b3d05a00c5..f2aebb8aa64d 100644
--- a/src/chrome/content/rules/Ministry_of_Justice.xml
+++ b/src/chrome/content/rules/Ministry_of_Justice.xml
@@ -1,18 +1,44 @@
 <!--
+	Ministry of Justice
+
 	For other UK government coverage, see GOV.UK.xml.
 
+
+	Nonfunctional hosts in *justice.gov.uk:
+
+		- csjm ʳ
+
+	ʳ Refused
+
+
+	Problematic hosts in *justice.gov.uk:
+
+		- aka ᵐ
+
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these domains:
+
+		- .www.justice.gov.uk ᶜ
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
 -->
-<ruleset name="Ministry of Justice">
+<ruleset name="Justice.gov.uk (partial)">
 
 	<target host="justice.gov.uk" />
 	<target host="www.justice.gov.uk" />
-	<target host="*.www.justice.gov.uk" />
 
 
-	<securecookie host="^\.www\.justice\.gov\.uk$" name=".+" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.www\.justice\.gov\.uk$" name="^SQ_SYSTEM_SESSION$" /-->
+
+	<securecookie host="^\.www\." name=".+" />
 
 
-	<rule from="^http://(www\.)?justice\.gov\.uk/"
-		to="https://$1justice.gov.uk/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Minix3.org.xml b/src/chrome/content/rules/Minix3.org.xml
new file mode 100644
index 000000000000..43ef5d0e2274
--- /dev/null
+++ b/src/chrome/content/rules/Minix3.org.xml
@@ -0,0 +1,24 @@
+<!--
+	Nonfunctional subdomains:
+		cd (certificate lacks the alt-name)
+		download (certificate lacks the alt-name)
+		ftp (certificate lacks the alt-name)
+		gerrit (unsupported)
+		jenkins (unsupported)
+		ns1 (certificate lacks the alt-name)
+		oldwiki (certificate lacks the alt-name)
+ 		packages (certificate lacks the alt-name)
+		server (certificate lacks the alt-name)
+-->
+<ruleset name="Minix3.org (partial)">
+	<target host="minix3.org" />
+	<target host="www.minix3.org" />
+	<target host="blog.minix3.org" />
+	<target host="git.minix3.org" />
+	<target host="man.minix3.org" />
+	<target host="wiki.minix3.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Minnesota-Public-Radio.xml b/src/chrome/content/rules/Minnesota-Public-Radio.xml
index fcf1adcb7045..5baec3cb3f42 100644
--- a/src/chrome/content/rules/Minnesota-Public-Radio.xml
+++ b/src/chrome/content/rules/Minnesota-Public-Radio.xml
@@ -12,7 +12,9 @@
 -->
 <ruleset name="Minnesota Public Radio (partial)">
 
-	<target host="*.publicradio.org" />
+	<target host="contribute.publicradio.org" />
+	<target host="www.publicradio.org" />
+	<target host="minnesota.publicradio.org" />
 
 
 	<securecookie host="^\.publicradio\.org$" name="^WT_FPC$" />
@@ -22,7 +24,7 @@
 	<rule from="^http://(contribute|www)\.publicradio\.org/"
 		to="https://$1.publicradio.org/" />
 
-	<rule from="^https?://minnesota\.publicradio\.org/www_publicradio/"
+	<rule from="^http://minnesota\.publicradio\.org/www_publicradio/"
 		to="https://www.publicradio.org/www_publicradio/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Mint.ca.xml b/src/chrome/content/rules/Mint.ca.xml
new file mode 100644
index 000000000000..96dd28c9055d
--- /dev/null
+++ b/src/chrome/content/rules/Mint.ca.xml
@@ -0,0 +1,49 @@
+<!--
+	Problematic hosts in *mint.ca:
+
+		- ^ *
+
+	* Mismatched
+
+-->
+<ruleset name="Mint.ca (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.mint.ca" />
+
+	<!--	Complications:
+				-->
+	<target host="mint.ca" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.mint\.ca/(store/template/home\.jsp)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.mint\.ca/(?!store/template/default/(?:image|cs)s/|registration/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.mint.ca/arctic" />
+			<test url="http://www.mint.ca/heroes" />
+			<test url="http://www.mint.ca/legendary" />
+			<test url="http://www.mint.ca/store/template/home.jsp" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.mint.ca/store/registration/forgotPassword.jsp" />
+			<test url="http://www.mint.ca/store/registration/login.jsp" />
+			<test url="http://www.mint.ca/store/registration/profileSummary.jsp" />
+			<test url="http://www.mint.ca/store/template/default/css/carousel.css" />
+			<test url="http://www.mint.ca/store/template/default/images/arrow_black.png" />
+
+
+	<rule from="^http://mint\.ca/"
+		to="https://www.mint.ca/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mint.com.xml b/src/chrome/content/rules/Mint.com.xml
new file mode 100644
index 000000000000..48f0f348c513
--- /dev/null
+++ b/src/chrome/content/rules/Mint.com.xml
@@ -0,0 +1,14 @@
+<ruleset name="Mint.com" >
+	<target host="mint.com" />
+	<target host="www.mint.com" />
+	<target host="accounts.mint.com" />
+	<target host="blog.mint.com" />
+	<target host="credit.mint.com" />
+	<target host="help.mint.com" />
+	<target host="mobile.mint.com" />
+	<target host="wwws.mint.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mint.xml b/src/chrome/content/rules/Mint.xml
deleted file mode 100644
index 86654d771d9f..000000000000
--- a/src/chrome/content/rules/Mint.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="Mint" platform="mixedcontent">
-  <target host="www.mint.com" />
-  <target host="mint.com" />
-
-  <rule from="^http://(?:www\.)?mint\.com/" to="https://www.mint.com/"/>
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/MintGuide.org.xml b/src/chrome/content/rules/MintGuide.org.xml
new file mode 100644
index 000000000000..ea3dd3b0a059
--- /dev/null
+++ b/src/chrome/content/rules/MintGuide.org.xml
@@ -0,0 +1,39 @@
+<!--
+	Problematic hosts in *mintguide.org:
+
+		- forum ¹ ²
+
+	¹ Mismatched
+	² Mixed css
+
+
+	Insecure cookies are set for these hosts:
+
+		- .mintguide.org
+
+
+	Mixed content:
+
+		- css on forum from $self
+		- Images on forum from $self
+
+-->
+<ruleset name="MintGuide.org (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="mintguide.org" />
+	<target host="www.mintguide.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.mintguide\.org$" name="^PHPSESSID$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Minted.xml b/src/chrome/content/rules/Minted.xml
index 3f67f5c64778..7224c9aec399 100644
--- a/src/chrome/content/rules/Minted.xml
+++ b/src/chrome/content/rules/Minted.xml
@@ -60,12 +60,12 @@
 		to="https://www.minted.com/" />
 
 	<rule from="^http://cdn3\.minted\.com/"
-		to="https://d2bhls43bg90ow.cloudfront.net/" />
+		to="https://cdn3.minted.com/" />
 
 	<rule from="^http://cdn4\.minted\.com/"
-		to="https://d27r269iws82ha.cloudfront.net/" />
+		to="https://cdn4.minted.com/" />
 
 	<rule from="^http://cdn5\.minted\.com/"
-		to="https://dyx88w6kx3fik.cloudfront.net/" />
+		to="https://cdn5.minted.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Minus.com-mismatches.xml b/src/chrome/content/rules/Minus.com-mismatches.xml
deleted file mode 100644
index ec068a2f582a..000000000000
--- a/src/chrome/content/rules/Minus.com-mismatches.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	For rules that are on by default, see Minus.com.xml.
-
--->
-<ruleset name="Minus.com (mismatches)" default_off="mismatched">
-
-	<target host="feedback.minus.com" />
-	<target host="*.feedback.minus.com" />
-
-
-	<securecookie host="^\.?feedback\.minus\.com$" name=".+" />
-
-
-	<rule from="^http://feedback\.minus\.com/"
-		to="https://feedback.minus.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Minus.com.xml b/src/chrome/content/rules/Minus.com.xml
deleted file mode 100644
index ba86bc07e507..000000000000
--- a/src/chrome/content/rules/Minus.com.xml
+++ /dev/null
@@ -1,33 +0,0 @@
-<!--
-	For problematic rules, see Minus.com-mismatches.xml.
-
-
-	CDN buckets:
-
-	- dgbc7tshfzi70.cloudfront.net
-
-
-	Problematic domains:
-
-		- feedback.minus.com	(works; mismatched, CN: *.userecho.com)
-
--->
-<ruleset name="Minus.com (partial)" platform="mixedcontent">
-
-	<target host="min.us" />
-	<target host="*.min.us" />
-	<target host="minus.com" />
-	<target host="*.minus.com" />
-		<exclusion pattern="^http://(?:blog|feedback)\." />
-
-
-	<securecookie host="^\.?minus\.com$" name=".+" />
-
-
-	<!--	Members have unique subdomains.
-		Cert only matches (*.)minus.com.
-							-->
-	<rule from="^https?://([^/:@\.]+\.)?min(?:\.us|us\.com)/"
-		to="https://$1minus.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Mipay.com.xml b/src/chrome/content/rules/Mipay.com.xml
new file mode 100644
index 000000000000..84dbc1af1440
--- /dev/null
+++ b/src/chrome/content/rules/Mipay.com.xml
@@ -0,0 +1,15 @@
+<!--
+	For other domains belong to xiaomi, see Xiaomi.com.xml
+-->
+<ruleset name="Mipay.com">
+	<target host="mipay.com" />
+	<target host="www.mipay.com" />
+	<target host="app.mipay.com" />
+	<target host="fundh5.mipay.com" />
+	<target host="fundres.mipay.com" />
+		<test url="http://fundres.mipay.com/app/assets/libs/zepto.min.js" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MirBSD.xml b/src/chrome/content/rules/MirBSD.xml
deleted file mode 100644
index 8b4597b088b1..000000000000
--- a/src/chrome/content/rules/MirBSD.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="MirBSD">
-  <target host="mirbsd.org" />
-  <target host="www.mirbsd.org" />
-
-  <rule from="^http://(?:www\.)?mirbsd\.org/" to="https://www.mirbsd.org/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Mirage.io.xml b/src/chrome/content/rules/Mirage.io.xml
new file mode 100644
index 000000000000..988095b9cded
--- /dev/null
+++ b/src/chrome/content/rules/Mirage.io.xml
@@ -0,0 +1,17 @@
+<!--
+	These altnames don't exist:
+
+		- www.mirage.io
+
+-->
+<ruleset name="Mirage.io">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="mirage.io" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mirakar.com.xml b/src/chrome/content/rules/Mirakar.com.xml
index 1c07a405fb05..ab346fa7e068 100644
--- a/src/chrome/content/rules/Mirakar.com.xml
+++ b/src/chrome/content/rules/Mirakar.com.xml
@@ -1,6 +1,16 @@
-<ruleset name="Mirakar.com">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://mirakar.com/ => https://www.mirakar.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.mirakar.com/ => https://www.mirakar.com/: (60, 'SSL certificate problem: certificate has expired')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://mirakar.com/ => https://www.mirakar.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.mirakar.com/ => https://www.mirakar.com/: (60, 'SSL certificate problem: certificate has expired')
+-->
+<ruleset name="Mirakar.com" default_off="failed ruleset test">
   <target host="mirakar.com" />
   <target host="www.mirakar.com" />
 
-  <rule from="^http://(www\.)?mirakar\.com/" to="https://www.mirakar.com/" />
+  <rule from="^http://(?:www\.)?mirakar\.com/" to="https://www.mirakar.com/" />
 </ruleset>
diff --git a/src/chrome/content/rules/Miramax.com.xml b/src/chrome/content/rules/Miramax.com.xml
index 82f5575ce8a9..c2cb9c9b279f 100644
--- a/src/chrome/content/rules/Miramax.com.xml
+++ b/src/chrome/content/rules/Miramax.com.xml
@@ -1,4 +1,13 @@
-<ruleset name="Miramax.com">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://miramax.com/ => https://miramax.com/: (7, 'Failed to connect to miramax.com port 443: Connection refused')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://miramax.com/ => https://miramax.com/: Cycle detected - URL already encountered: https://miramax.com/
+Fetch error: http://www.miramax.com/ => https://www.miramax.com/: Cycle detected - URL already encountered: https://www.miramax.com/
+-->
+<ruleset name="Miramax.com" default_off="failed ruleset test">
 
 	<target host="miramax.com" />
 	<target host="www.miramax.com" />
@@ -7,7 +16,6 @@
 	<securecookie host="^(?:www\.)?miramax\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?miramax\.com/"
-		to="https://$1miramax.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Miranda-IM.xml b/src/chrome/content/rules/Miranda-IM.xml
index 51ecd66990b5..251148354d34 100644
--- a/src/chrome/content/rules/Miranda-IM.xml
+++ b/src/chrome/content/rules/Miranda-IM.xml
@@ -27,10 +27,11 @@
 <ruleset name="Miranda IM (partial)">
 
 	<target host="miranda-im.org" />
-	<target host="*.miranda-im.org" />
+	<target host="www.miranda-im.org" />
+	<target host="addons.miranda-im.org" />
 
 
-	<securecookie host="^.*\.miranda-im\.org$" name=".*" />
+	<securecookie host="^.*\.miranda-im\.org$" name=".+" />
 
 
 	<!--	Unfortunately, css doesn't appear to be identical.
diff --git a/src/chrome/content/rules/Mirantis.com.xml b/src/chrome/content/rules/Mirantis.com.xml
new file mode 100644
index 000000000000..6c8b7351b85f
--- /dev/null
+++ b/src/chrome/content/rules/Mirantis.com.xml
@@ -0,0 +1,39 @@
+<!--
+	Fully covered subdomains:
+
+		- (www.)
+		- software
+		- training
+
+
+	Mixed content:
+
+		- Image on training from www *
+
+		- favicon on www from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Mirantis.com">
+
+	<target host="mirantis.com" />
+	<target host="software.mirantis.com" />
+	<target host="training.mirantis.com" />
+	<target host="www.mirantis.com" />
+
+
+	<!--	Secured by server:
+					-->
+	<!--securecookie host="^training\.mirantis\.com$" name="^JSESSIONID$" /-->
+	<!--
+		Not secured by server:
+					-->
+	<!--securecookie host="^training\.mirantis\.com$" name="^SE$" /-->
+
+	<securecookie host="^training\.mirantis\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Miretail.com.xml b/src/chrome/content/rules/Miretail.com.xml
new file mode 100644
index 000000000000..044185b3105d
--- /dev/null
+++ b/src/chrome/content/rules/Miretail.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="miretail.com">
+
+	<target host="images.miretail.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MirrorBingo.com.xml b/src/chrome/content/rules/MirrorBingo.com.xml
new file mode 100644
index 000000000000..fd4cfca3cd2d
--- /dev/null
+++ b/src/chrome/content/rules/MirrorBingo.com.xml
@@ -0,0 +1,27 @@
+<!--
+	Time out:
+		mirrorbingo.com
+
+	Invalid certificate:
+		banner.mirrorbingo.com
+		cache.download.banner.mirrorbingo.com
+		online.mirrorbingo.com
+		promos.mirrorbingo.com
+
+-->
+<ruleset name="MirrorBingo.com">
+
+	<target host="mirrorbingo.com" />
+	<target host="www.mirrorbingo.com" />
+	<target host="cachegames.mirrorbingo.com" />
+	<target host="cachewww.mirrorbingo.com" />
+	<target host="games.mirrorbingo.com" />
+	<target host="m.mirrorbingo.com" />
+
+	<rule from="^http://mirrorbingo\.com/"
+		to="https://www.mirrorbingo.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mirror_Image_Internet.xml b/src/chrome/content/rules/Mirror_Image_Internet.xml
index eadf045cc0a9..3fbd81de8233 100644
--- a/src/chrome/content/rules/Mirror_Image_Internet.xml
+++ b/src/chrome/content/rules/Mirror_Image_Internet.xml
@@ -8,4 +8,4 @@
 	<rule from="^http://(\w+)\.service\.mirror-image\.net/"
 		to="https://$1.service.mirror-image.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Mirror_Reader_Offers.co.uk.xml b/src/chrome/content/rules/Mirror_Reader_Offers.co.uk.xml
new file mode 100644
index 000000000000..2d059ff6bb25
--- /dev/null
+++ b/src/chrome/content/rules/Mirror_Reader_Offers.co.uk.xml
@@ -0,0 +1,21 @@
+<!--
+	^: cert only matches www
+
+-->
+<ruleset name="Mirror Reader Offers.co.uk">
+
+	<target host="mirrorreaderoffers.co.uk" />
+	<target host="www.mirrorreaderoffers.co.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.mirrorreaderoffers\.co\.uk$" name="^CSPWSERVERID$" /-->
+
+	<securecookie host="^www\.mirrorreaderoffers\.co\.uk$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?mirrorreaderoffers\.co\.uk/"
+		to="https://www.mirrorreaderoffers.co.uk/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mirrorcreator.com.xml b/src/chrome/content/rules/Mirrorcreator.com.xml
new file mode 100644
index 000000000000..d81a5c92b526
--- /dev/null
+++ b/src/chrome/content/rules/Mirrorcreator.com.xml
@@ -0,0 +1,10 @@
+<!--
+	Time out:
+		status.mirrorcreator.com
+-->
+<ruleset name="Mirrorcreator.com">
+	<target host="mirrorcreator.com"/>
+	<target host="www.mirrorcreator.com"/>
+
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/Mirrorservice.org.xml b/src/chrome/content/rules/Mirrorservice.org.xml
new file mode 100644
index 000000000000..81d9b42f5c01
--- /dev/null
+++ b/src/chrome/content/rules/Mirrorservice.org.xml
@@ -0,0 +1,7 @@
+<ruleset name="Mirrorservice.org">
+  <target host="mirrorservice.org" />
+  <target host="www.mirrorservice.org" />
+  <target host="ftp.mirrorservice.org" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mirt.net.xml b/src/chrome/content/rules/Mirt.net.xml
index 9026fa6504a9..a819f334a4ba 100644
--- a/src/chrome/content/rules/Mirt.net.xml
+++ b/src/chrome/content/rules/Mirt.net.xml
@@ -1,14 +1,30 @@
 <!--
-	Cert only matches www
+	Non-functional hosts
+		Couldn't connect to server:
+			 - mx2.mirt.net
+			 - nsi.mirt.net
 
+		SSL peer certificate was not OK:
+			 - abcorp.mirt.net
+			 - www.abcorp.mirt.net
+			 - bednarski.mirt.net
+			 - www.bednarski.mirt.net
+			 - ilion.mirt.net
+			 - www.ilion.mirt.net
+			 - kapa.mirt.net
+			 - www.kapa.mirt.net
+			 - linode.mirt.net
+			 - msdn.mirt.net
+			 - ns.mirt.net
+			 - ns1.mirt.net
+			 - stunnel.mirt.net
 -->
-<ruleset name="mirt.net" default_off="self-signed">
-
+<ruleset name="Mirt.net (partial)">
 	<target host="mirt.net" />
 	<target host="www.mirt.net" />
+	<target host="mike.mirt.net" />
 
+	<securecookie host="^(www\.)?mirt\.net$" name=".+" />
 
-	<rule from="^http://(?:www\.)?mirt\.net/"
-		to="https://www.mirt.net/" />
-
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MisadventuresWithAndi.com.xml b/src/chrome/content/rules/MisadventuresWithAndi.com.xml
new file mode 100644
index 000000000000..870c388bf6dc
--- /dev/null
+++ b/src/chrome/content/rules/MisadventuresWithAndi.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="Misadventures with Andi">
+
+	<target host="misadventureswithandi.com" />
+	<target host="www.misadventureswithandi.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Misadventures_with_Andi-problematic.xml b/src/chrome/content/rules/Misadventures_with_Andi-problematic.xml
deleted file mode 100644
index c8ed5d02a165..000000000000
--- a/src/chrome/content/rules/Misadventures_with_Andi-problematic.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	For rules that are on by default, see Misadventures_with_Andi.xml.
-
--->
-<ruleset name="Misadventures with Andi (problematic)" default_off="expired, self-signed">
-
-	<target host="misadventureswithandi.com" />
-	<target host="*.misadventureswithandi.com" />
-		<exclusion pattern="^http://(?:www\.)?misadventureswithandi.com/(?:\?drawer-css=|favicon\.ico|wp-content/)" />
-
-
-	<rule from="^http://(?:www\.)?misadventureswithandi\.com/"
-		to="https://misadventureswithandi.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Misadventures_with_Andi.xml b/src/chrome/content/rules/Misadventures_with_Andi.xml
deleted file mode 100644
index 61903007e2ea..000000000000
--- a/src/chrome/content/rules/Misadventures_with_Andi.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	For problematic rules, see Misadventures_with_Andi-problematic.xml.
-
-
-	Problematic subdomains:
-
-		- ^	(expired 2013-04-03, CN: Parallels Panel)
-
-
-	Some pages redirect to !www
-
--->
-<ruleset name="Misadventures with Andi (partial)">
-
-	<target host="misadventureswithandi.com" />
-	<target host="www.misadventureswithandi.com" />
-		<exclusion pattern="^http://(?:www\.)?misadventureswithandi.com/(?!\?drawer-css=|favicon\.ico|wp-content/)" />
-
-
-	<rule from="^http://(?:www\.)?misadventureswithandi\.com/"
-		to="https://www.misadventureswithandi.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Misco.co.uk.xml b/src/chrome/content/rules/Misco.co.uk.xml
new file mode 100644
index 000000000000..71d53ee6ee31
--- /dev/null
+++ b/src/chrome/content/rules/Misco.co.uk.xml
@@ -0,0 +1,29 @@
+<!--
+	^: cert only matches www
+
+
+	- Some pages redirect to http
+	- Server is configured for rc4 only
+
+-->
+<ruleset name="Misco.co.uk (partial)">
+
+	<target host="misco.co.uk" />
+	<target host="www.misco.co.uk" />
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="^http://(www\.)?misco\.co\.uk/+($|\?|help($|[?/])|productinfo/productinfo?productCode=\w\d+($|&amp;))" /-->
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="^http://(www\.)?misco\.co\.uk/+(?![aA]ccount/|(Basket|Order)($|[?/])|bundles/|Content/|favicon\.ico|[iI]mages/|Scripts/)" /-->
+
+
+	<securecookie host="^\.misco\.co\.uk$" name="^__utm\w+$" />
+
+
+	<rule from="^http://(?:www\.)?misco\.co\.uk/(?=[aA]ccount/|(?:Basket|Order)(?:$|[?/])|bundles/|Content/|favicon\.ico|[iI]mages/|Scripts/)"
+		to="https://www.misco.co.uk/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mises.org.xml b/src/chrome/content/rules/Mises.org.xml
index 38c0ed49371b..85f34fc8cde4 100644
--- a/src/chrome/content/rules/Mises.org.xml
+++ b/src/chrome/content/rules/Mises.org.xml
@@ -1,12 +1,11 @@
 <ruleset name="Mises.org">
 
-	<target host="mises.org"/>
-	<target host="*.mises.org"/>
+	<target host="mises.org" />
+	<target host="www.mises.org" />
         <exclusion pattern="^http://mises\.org/store/"/>
 
-	<securecookie host="^\.?mises\.org$" name=".*"/>
+	<securecookie host="^\.?mises\.org$" name=".+" />
 
-	<rule from="^http://(www\.)?mises\.org/"
-		to="https://$1mises.org/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Mishari_alAfasy.net.xml b/src/chrome/content/rules/Mishari_alAfasy.net.xml
new file mode 100644
index 000000000000..49be5ee2b94c
--- /dev/null
+++ b/src/chrome/content/rules/Mishari_alAfasy.net.xml
@@ -0,0 +1,8 @@
+<ruleset name="Mishari alAfasy.net">
+	<target host="misharialafasy.net" />
+	<target host="www.misharialafasy.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mispy.me.xml b/src/chrome/content/rules/Mispy.me.xml
new file mode 100644
index 000000000000..b296f2d9c124
--- /dev/null
+++ b/src/chrome/content/rules/Mispy.me.xml
@@ -0,0 +1,12 @@
+<ruleset name="mispy.me">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="mispy.me" />
+	<target host="www.mispy.me" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Missing_Link_Electronics.com.xml b/src/chrome/content/rules/Missing_Link_Electronics.com.xml
new file mode 100644
index 000000000000..9ff26d8be07e
--- /dev/null
+++ b/src/chrome/content/rules/Missing_Link_Electronics.com.xml
@@ -0,0 +1,28 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- devzone.missinglinkelectronics.com
+		- www.missinglinkelectronics.com
+
+-->
+<ruleset name="Missing Link Electronics.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="missinglinkelectronics.com" />
+	<target host="devzone.missinglinkelectronics.com" />
+	<target host="lxr.missinglinkelectronics.com" />
+	<target host="www.missinglinkelectronics.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:devzone|www)\.missinglinkelectronics\.com$" name="^norther_tpl$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MissionIslam.com.xml b/src/chrome/content/rules/MissionIslam.com.xml
new file mode 100644
index 000000000000..a805ca236473
--- /dev/null
+++ b/src/chrome/content/rules/MissionIslam.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="MissionIslam.com">
+	<target host="missionislam.com" />
+	<target host="www.missionislam.com" />
+	<target host="mail.missionislam.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mitmproxy.org.xml b/src/chrome/content/rules/Mitmproxy.org.xml
new file mode 100644
index 000000000000..e2e69d7911c5
--- /dev/null
+++ b/src/chrome/content/rules/Mitmproxy.org.xml
@@ -0,0 +1,12 @@
+<ruleset name="mitmproxy.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="mitmproxy.org" />
+	<target host="www.mitmproxy.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mito.hu.xml b/src/chrome/content/rules/Mito.hu.xml
new file mode 100644
index 000000000000..ced6d81e45fd
--- /dev/null
+++ b/src/chrome/content/rules/Mito.hu.xml
@@ -0,0 +1,17 @@
+<!--
+	^mito.hu: Expired
+
+-->
+<ruleset name="Mito.hu (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<!--target host="mito.hu" /-->
+	<target host="szamlazo.mito.hu" />
+	<target host="www.mito.hu" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mitre.org.xml b/src/chrome/content/rules/Mitre.org.xml
new file mode 100644
index 000000000000..a1b5a4848193
--- /dev/null
+++ b/src/chrome/content/rules/Mitre.org.xml
@@ -0,0 +1,33 @@
+<!--
+	Different content http/https:
+
+		recommendationtracker.mitre.org
+
+-->
+<ruleset name="mitre.org (partial)">
+
+	<target host="mitre.org" />
+	<target host="www.mitre.org" />
+	<target host="attack.mitre.org" />
+	<target host="capec.mitre.org" />
+	<target host="cce.mitre.org" />
+	<target host="cee.mitre.org" />
+	<target host="cme.mitre.org" />
+	<target host="cpe.mitre.org" />
+	<target host="cve.mitre.org" />
+	<target host="www.cve.mitre.org" />
+	<target host="cveform.mitre.org" />
+	<target host="cwe.mitre.org" />
+	<target host="cybox.mitre.org" />
+	<target host="maec.mitre.org" />
+	<target host="measurablesecurity.mitre.org" />
+	<target host="msm.mitre.org" />
+	<target host="oval.mitre.org" />
+	<target host="register.mitre.org" />
+	<target host="stix.mitre.org" />
+	<target host="taxii.mitre.org" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mitro.co.xml b/src/chrome/content/rules/Mitro.co.xml
new file mode 100644
index 000000000000..d00b98bdac27
--- /dev/null
+++ b/src/chrome/content/rules/Mitro.co.xml
@@ -0,0 +1,19 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://mitro.co/ => https://mitro.co/: (7, 'Failed to connect to mitro.co port 443: Connection refused')
+Fetch error: http://www.mitro.co/ => https://www.mitro.co/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="Mitro.co" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="mitro.co" />
+	<target host="www.mitro.co" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MivaCentral.xml b/src/chrome/content/rules/MivaCentral.xml
deleted file mode 100644
index 7fded3b83075..000000000000
--- a/src/chrome/content/rules/MivaCentral.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	For other Miva Merchant coverage, see Miva_Merchant.xml.
-
-
-	Problematic subdomains:
-
-		- ^	(cert only matches www)
-
--->
-<ruleset name="MivaCentral">
-
-	<target host="mivacentral.com" />
-	<target host="www.mivacentral.com" />
-
-
-	<securecookie host="^www\.mivacentral\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?mivacentral\.com/"
-		to="https://www.mivacentral.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Miva_Merchant.xml b/src/chrome/content/rules/Miva_Merchant.xml
index 2c83d4ec27d5..458ebd7318b1 100644
--- a/src/chrome/content/rules/Miva_Merchant.xml
+++ b/src/chrome/content/rules/Miva_Merchant.xml
@@ -1,7 +1,14 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://mivamerchant.com/ => https://mivamerchant.com/: (51, "SSL: no alternative certificate subject name matches target host name 'mivamerchant.com'")
+Fetch error: http://www.mivamerchant.com/ => https://www.mivamerchant.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.mivamerchant.com'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://mivamerchant.com/ => https://mivamerchant.com/: (51, "SSL: no alternative certificate subject name matches target host name 'mivamerchant.com'")
+Fetch error: http://www.mivamerchant.com/ => https://www.mivamerchant.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.mivamerchant.com'")
 	Other Miva Merchant rulesets:
 
-		- MivaCentral.xml
 
 
 	CDN buckets:
@@ -14,7 +21,7 @@
 		- ^	(cert only matches www)
 
 -->
-<ruleset name="Miva Merchant">
+<ruleset name="Miva Merchant" default_off="failed ruleset test">
 
 	<target host="mivamerchant.com" />
 	<target host="www.mivamerchant.com" />
@@ -23,7 +30,6 @@
 	<securecookie host="^www\.mivamerchant\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?mivamerchant\.com/"
-		to="https://$1mivamerchant.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MixBit.com.xml b/src/chrome/content/rules/MixBit.com.xml
index 9672fb589278..6265b4aeab45 100644
--- a/src/chrome/content/rules/MixBit.com.xml
+++ b/src/chrome/content/rules/MixBit.com.xml
@@ -1,13 +1,19 @@
-<ruleset name="MixBit.com">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://api.mixbit.com/ => https://api.mixbit.com/: (6, 'Could not resolve host: api.mixbit.com')
+
+-->
+<ruleset name="MixBit.com" default_off="failed ruleset test">
 
 	<target host="mixbit.com" />
-	<target host="*.mixbit.com" />
+	<target host="api.mixbit.com" />
+	<target host="www.mixbit.com" />
 
 
 	<securecookie host="^\.mixbit\.com$" name=".+" />
 
 
-	<rule from="^http://(api\.|www\.)?mixbit\.com/"
-		to="https://$1mixbit.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Mixcloud.com.xml b/src/chrome/content/rules/Mixcloud.com.xml
new file mode 100644
index 000000000000..6d76b5f5fa6a
--- /dev/null
+++ b/src/chrome/content/rules/Mixcloud.com.xml
@@ -0,0 +1,61 @@
+<!--
+	NB: Tor users cannot view* this website due to CloudFlare settings.
+
+	See:
+
+		- https://blog.torproject.org/blog/call-arms-helping-internet-services-accept-anonymous-users
+		- https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block-Tor-
+		- https://support.cloudflare.com/hc/en-us/articles/200170206-How-do-I-turn-I-m-Under-Attack-mode-on-
+
+	* without enabling javascript, for security and privacy implications see e.g.:
+
+		- https://www.mozilla.org/security/known-vulnerabilities/firefox.html
+		- https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-fingerprinting
+		- https://panopticlick.eff.org
+
+
+	CDN buckets:
+
+		- d1lolb6yyp8wyu.cloudfront.net
+		- d27ylsxkm6728c.cloudfront.net
+		- images-mix.netdna-ssl.com
+		- media-mix.netdna-ssl.com
+
+
+	Nonfunctional hosts in *mixcloud.com:
+
+		- support ᴬ
+
+	ᴬ Assistly/redirects to http
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- mixcloud.com
+		- .mixcloud.com
+		- www.mixcloud.com
+
+-->
+<ruleset name="Mixcloud.com (partial)">
+
+	<target host="mixcloud.com" />
+	<target host="api.mixcloud.com" />
+	<target host="www.mixcloud.com" />
+
+		<!--exclusion pattern="^http://support\.mixcloud\.com/" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^mixcloud\.com$" name="^redirref$" /-->
+	<!--securecookie host="^\.mixcloud\.com$" name="^(?:__cfduid|cf_clearance|csrftoken|s)$" /-->
+	<!--securecookie host="^www\.mixcloud\.com$" name="^(chid|previmpr)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance|csrftoken|s)$" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mixcloud.xml b/src/chrome/content/rules/Mixcloud.xml
deleted file mode 100644
index f1b04cd8b51f..000000000000
--- a/src/chrome/content/rules/Mixcloud.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	CDN buckets:
-
-		- d1lolb6yyp8wyu.cloudfront.net
-		- d27ylsxkm6728c.cloudfront.net
-
--->
-<ruleset name="Mixcloud (partial)">
-
-	<target host="mixcloud.com" />
-	<target host="www.mixcloud.com" />
-
-	<rule from="^http://mixcloud\.com/"
-		to="https://mixcloud.com/" />
-
-	<rule from="^http://www\.mixcloud\.com/(accounts|media)/"
-		to="https://www.mixcloud.com/$1/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Mixer.cz.xml b/src/chrome/content/rules/Mixer.cz.xml
new file mode 100644
index 000000000000..bb99e48fa9fd
--- /dev/null
+++ b/src/chrome/content/rules/Mixer.cz.xml
@@ -0,0 +1,10 @@
+<!--
+    For other Seznam.cz coverage, see Seznam.cz.xml.
+-->
+<ruleset name="Mixér.cz">
+    <target host="mixer.cz" />
+    <target host="www.mixer.cz" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mixi.xml b/src/chrome/content/rules/Mixi.xml
index ff3205b9a5f7..13bb5b84d2cb 100644
--- a/src/chrome/content/rules/Mixi.xml
+++ b/src/chrome/content/rules/Mixi.xml
@@ -12,21 +12,30 @@
 
 	<target host="mixi.co.jp" />
 	<target host="www.mixi.co.jp" />
+		<!--
+			https://trac.torproject.org/projects/tor/ticket/10504
+
+			Redirect to http:
+						-->
+		<!--exclusion pattern="^http://mixi\.jp/+(help\.pl|inquiry\.pl|remind_password\.pl)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://mixi\.jp/+(?!$|\?|appli_|comm/|favicon\.ico|photo/)" />
 	<target host="mixi.jp" />
-	<target host="*.mixi.jp" />
+	<target host="www.mixi.jp" />
+	<target host="plugins.mixi.jp" />
+	<target host="static.mixi.jp" />
 	<target host="img.mixi.net" />
 
 
-	<securecookie host="^\.?mixi\.jp$" name=".+" />
+	<!--securecookie host="^\.?mixi\.jp$" name=".+" /-->
 
 
 	<rule from="^http://(?:www\.)?mixi\.(co\.)?jp/"
 		to="https://mixi.$1jp/" />
 
-	<rule from="^http://(plugins|static)\.mixi\.jp/"
-		to="https://$1.mixi.jp/" />
 
-	<rule from="^http://img\.mixi\.net/"
-		to="https://img.mixi.net/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mixpanel.xml b/src/chrome/content/rules/Mixpanel.xml
index bd92f4cf4886..8178cd10c9e9 100644
--- a/src/chrome/content/rules/Mixpanel.xml
+++ b/src/chrome/content/rules/Mixpanel.xml
@@ -1,28 +1,37 @@
 <!--
+	Other Mixpanel rulesets:
+
+		- Mxpnl.com.xml
+
+
 	CDN buckets:
 
 		- mpdocs.s3.amazonaws.com/mpdocs/
 
 
-	cdn sets mp_\w{32}_mixpanel wildcard cookie
-	on whichever domain it is loaded from.
+	Insecure cookies are set for these domains:
+
+		- .mixpanel.com
 
 -->
-<ruleset name="Mixpanel (partial)">
+<ruleset name="Mixpanel.com">
 
 	<target host="mixpanel.com" />
 	<target host="*.mixpanel.com" />
-		<exclusion pattern="^http://blog\." />
-	<target host="cdn.mxpnl.com" />
+
+		<test url="http://blog.mixpanel.com/" />
+		<test url="http://code.mixpanel.com/" />
+		<test url="http://www.mixpanel.com/" />
 
 
-	<securecookie host="^(.*\.)?mixpanel\.com$" name=".*" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.mixpanel\.com$" name="^mp_metrics-1_mixpanel$" /-->
 
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(\w+\.)?mixpanel\.com/"
-		to="https://$1mixpanel.com/" />
 
-	<rule from="^http://cdn\.mxpnl\.com/"
-		to="https://cdn.mxpnl.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/MixtapeLeak.xml b/src/chrome/content/rules/MixtapeLeak.xml
index b7a78602c3e4..33ecdcffd116 100644
--- a/src/chrome/content/rules/MixtapeLeak.xml
+++ b/src/chrome/content/rules/MixtapeLeak.xml
@@ -1,13 +1,10 @@
-<ruleset name="MixtapeLeak">
-
+<ruleset name="MixtapeLeak" default_off="refused">
 	<target host="mixtapeleak.com" />
-	<target host="*.mixtapeleak.com" />
-
+	<target host="static.mixtapeleak.com" />
+	<target host="www.mixtapeleak.com" />
 
 	<securecookie host="^\.?mixtapeleak\.com$" name=".+" />
 
-
-	<rule from="^http://(static\.|www\.)?mixtapeleak\.com/"
-		to="https://$1mixtapeleak.com/" />
-
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mixtum.io.xml b/src/chrome/content/rules/Mixtum.io.xml
new file mode 100644
index 000000000000..5ca945673312
--- /dev/null
+++ b/src/chrome/content/rules/Mixtum.io.xml
@@ -0,0 +1,6 @@
+<ruleset name="Mixtum.io">
+	<target host="mixtum.io" />
+	<target host="www.mixtum.io" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mixx.com.xml b/src/chrome/content/rules/Mixx.com.xml
index 7b704b786a3a..f0985ebad051 100644
--- a/src/chrome/content/rules/Mixx.com.xml
+++ b/src/chrome/content/rules/Mixx.com.xml
@@ -1,11 +1,18 @@
-<!-- uses content from http://c0658142.cdn.cloudfiles.rackspacecloud.com which does not use https. -->
-<!-- blog.mixx.com doesnt use https -->
-<!-- help.mixx.com doesnt use https -->
-<!-- engineroom.mixx.com doesnt use https -->
-<ruleset name="mixx.com">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://mixx.com/ => https://mixx.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.mixx.com/ => https://www.mixx.com/: (28, 'Connection timed out after 20006 milliseconds')
+
+Automatically by https-everywhere-checker because:
+Fetch error: http://mixx.com/ => https://mixx.com/: (28, 'Connection timed out after 10001 milliseconds')
+Fetch error: http://www.mixx.com/ => https://www.mixx.com/: (28, 'Connection timed out after 10001 milliseconds') uses content from http://c0658142.cdn.cloudfiles.rackspacecloud.com which does not use https. -->
+<!-- blog.mixx.com doesn't use https -->
+<!-- help.mixx.com doesn't use https -->
+<!-- engineroom.mixx.com doesn't use https -->
+<ruleset name="mixx.com" default_off="failed ruleset test">
 	<target host="mixx.com" />
 	<target host="www.mixx.com" />
-	<rule from="^http://mixx\.com/" to="https://mixx.com/"/>
-	<rule from="^http://www\.mixx\.com/" to="https://www.mixx.com/"/>
+	<rule from="^http:" to="https:" />
 </ruleset>
 
diff --git a/src/chrome/content/rules/Mixxx.org.xml b/src/chrome/content/rules/Mixxx.org.xml
new file mode 100644
index 000000000000..c1db912c61d2
--- /dev/null
+++ b/src/chrome/content/rules/Mixxx.org.xml
@@ -0,0 +1,29 @@
+<!--
+
+	Mixed content:
+
+		- css from fonts.googleapis.com *
+
+		- Bugs from www.facebook.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Mixxx.org">
+
+	<target host="mixxx.org" />
+	<target host="www.mixxx.org" />
+	<target host="downloads.mixxx.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?mixxx\.org$" name="^DokuWiki$" /-->
+	<!--securecookie host="^\.mixxx\.org$" name="^phpbb3_\w+_(k|sid|u)$" /-->
+
+	<securecookie host="^(?:\.|www\.)?mixxx\.org$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mjam.xml b/src/chrome/content/rules/Mjam.xml
index 96df03973cb2..809018e049c2 100644
--- a/src/chrome/content/rules/Mjam.xml
+++ b/src/chrome/content/rules/Mjam.xml
@@ -4,7 +4,6 @@
 	<target host="www.mjam.net" />
 
 
-	<rule from="^http://(?:www\.)?mjam\.net/"
-		to="https://www.mjam.net/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Mkateb.com.xml b/src/chrome/content/rules/Mkateb.com.xml
index bf1f2b7d5ce0..2133395cffc3 100644
--- a/src/chrome/content/rules/Mkateb.com.xml
+++ b/src/chrome/content/rules/Mkateb.com.xml
@@ -1,13 +1,17 @@
-<ruleset name="Mkateb.com">
+<!--
+	Server sends a plaintext reply.
+
+-->
+<ruleset name="Mkateb.com" default_off="plaintext reply">
 
 	<target host="mkateb.com" />
-	<target host="*.mkateb.com" />
+	<target host="www.mkateb.com" />
 
 
 	<securecookie host="^\.mkateb\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?mkateb\.com/"
-		to="https://$1mkateb.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Mkb.ru.xml b/src/chrome/content/rules/Mkb.ru.xml
new file mode 100644
index 000000000000..be47263f53ea
--- /dev/null
+++ b/src/chrome/content/rules/Mkb.ru.xml
@@ -0,0 +1,37 @@
+<!--
+1c-directbank.mkb.ru ⁴
+1c-directbank-test.mkb.ru ⁴
+gw.mkb.ru ³
+hpv.mkb.ru ³
+mobsrv.mkb.ru ²
+mpi.mkb.ru non-2xx http code
+navigator.mkb.ru ⁴
+office.mkb.ru ⁴
+ts-ecom-web.mkb.ru ¹
+vip.mkb.ru ¹
+voltage-pp-0000.mkb.ru ³
+mpi.mkb.ru:8443 ³
+card2card.mkb.ru different content
+notariat.mkb.ru different content
+rdg.mkb.ru different content
+
+
+¹ mismatch
+² refused
+³ timed out
+⁴ self signed
+-->
+<ruleset name="mkb.ru">
+	<target host="mkb.ru" />
+	<target host="www.mkb.ru" />
+	<target host="2wd68p.mkb.ru" />
+	<target host="autodiscover.mkb.ru" />
+	<target host="corporate.mkb.ru" />
+	<target host="mail.mkb.ru" />
+	<target host="omega.mkb.ru" />
+	<target host="online.mkb.ru" />
+	<target host="stat.mkb.ru" />
+	<target host="vbo.mkb.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mktoresp.com.xml b/src/chrome/content/rules/Mktoresp.com.xml
index 4d91c31d7074..8bd229e9db51 100644
--- a/src/chrome/content/rules/Mktoresp.com.xml
+++ b/src/chrome/content/rules/Mktoresp.com.xml
@@ -11,10 +11,10 @@
 
 
 	<!--	name="^(BIGipServersjnweb_mch_https|RSMKTO1)$"	-->
-	<securecookie host=".+\.mktoresp\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http://(\d{3}-\w{3}-\d{3})\.mktoresp\.com/"
 		to="https://$1.mktoresp.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Mmister.com.xml b/src/chrome/content/rules/Mmister.com.xml
deleted file mode 100644
index 4c6ab4e2dfe1..000000000000
--- a/src/chrome/content/rules/Mmister.com.xml
+++ /dev/null
@@ -1,32 +0,0 @@
-<ruleset name="mmister.com/machys.net (partial)" default_off="mismatch">
-
-	<!--	all cert: *.hostmonster.com	-->
-	<target host="euroseptik.cz"/>
-	<target host="www.euroseptik.cz"/>
-	<target host="mmister.com"/>
-	<target host="*.mmister.com"/>
-	<target host="www.*.mmister.com"/>
-	<target host="silnejsipes.cz"/>
-	<target host="www.silnejsipes.cz"/>
-	<!--	cert: *	-->
-	<target host="*.machys.net"/>
-	<target host="www.*.machys.net"/>
-
-	<!--	all: pages redirect infinitely, homepages 404	-->
-
-	<rule from="^http://(?:www\.)?euroseptik\.(?:cz|mmister\.com)/wp-(content|includes)/"
-		to="https://euroseptik.mmister.com/~mmisterc/eu/wp-$1/"/>
-
-	<rule from="^http://(?:www\.)?(karasek|koala|nota|wc)\.machys\.net/"
-		to="https://$1.machys.net/"/>
-
-	<rule from="^http://(?:www\.)?mmister\.com/(images|wp-content|wp-includes)/"
-		to="https://mmister.com/~mmisterc/$1/"/>
-
-	<rule from="^http://(?:www\.)?(decaci|drd|gallery|gen|pes)\.mmister\.com/(dec|images|wp-content|wp-includes)/"
-		to="https://mmister.com/~mmisterc/$1/$2/"/>
-
-	<rule from="^http://(?:www\.)?silnejsipes\.cz/(images|wp-content|wp-includes)/"
-		to="https://mmister.com/~mmisterc/pes/$1/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Mmixr.com.xml b/src/chrome/content/rules/Mmixr.com.xml
index 8962bbb39105..7f99f4951f51 100644
--- a/src/chrome/content/rules/Mmixr.com.xml
+++ b/src/chrome/content/rules/Mmixr.com.xml
@@ -1,13 +1,20 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://mmixr.com/ => https://www.mmixr.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://mmixr.com/ => https://www.mmixr.com/: (28, 'Connection timed out after 10000 milliseconds')
 	Problematic subdomains:
 
 		- ^	(shows app)
 
 -->
-<ruleset name="mmixr.com">
+<ruleset name="mmixr.com" default_off="failed ruleset test">
 
 	<target host="mmixr.com" />
-	<target host="*.mmixr.com" />
+	<target host="www.mmixr.com" />
+	<target host="app.mmixr.com" />
 
 
 	<securecookie host="^\.mmixr\.com$" name=".+" />
@@ -16,7 +23,6 @@
 	<rule from="^http://(?:www\.)?mmixr\.com/"
 		to="https://www.mmixr.com/" />
 
-	<rule from="^http://app\.mmixr\.com/"
-		to="https://app.mmixr.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mmstat.com.xml b/src/chrome/content/rules/Mmstat.com.xml
new file mode 100644
index 000000000000..c68035667cb1
--- /dev/null
+++ b/src/chrome/content/rules/Mmstat.com.xml
@@ -0,0 +1,30 @@
+<!--
+	For other Alibaba coverage, see Alibaba.xml.
+
+	Mismatch:
+		- ^(www.)?
+
+	Insecure cookies are set for these domains:
+
+		- .mmstat.com
+
+-->
+<ruleset name="mmstat.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ac.mmstat.com" />
+	<target host="gm.mmstat.com" />
+	<target host="ju.mmstat.com" />
+	<target host="res.mmstat.com" />
+	<target host="wgo.mmstat.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<securecookie host="^\.mmstat\.com$" name="^(?:atpsida|cna|sca)$" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MnCDN.com.xml b/src/chrome/content/rules/MnCDN.com.xml
new file mode 100644
index 000000000000..f5c4769e337f
--- /dev/null
+++ b/src/chrome/content/rules/MnCDN.com.xml
@@ -0,0 +1,33 @@
+<!--
+	For other Medianova coverage, see Medianova.com.xml.
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- img-super11.mncdn.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="MnCDN.com">
+
+	<target host="img-carrefour.mncdn.com" />
+	<target host="img-sporx.mncdn.com" />
+	<target host="img-super11.mncdn.com" />
+	<target host="sporxtv-p.mncdn.com" />
+
+		<test url="http://img-super11.mncdn.com/_img/anasayfa/tab2.png" />
+		<test url="http://sporxtv-p.mncdn.com/flv/2016/06/21/1466518062_icon212x119.jpg" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^img-super11\.mncdn\.com$" name="^BIGipServer" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MnetAd.xml b/src/chrome/content/rules/MnetAd.xml
new file mode 100644
index 000000000000..218d35bd2a68
--- /dev/null
+++ b/src/chrome/content/rules/MnetAd.xml
@@ -0,0 +1,13 @@
+<!--
+	Cert mismatch:
+		- (www.)mnet-ad.net
+		- c.mnet-ad.net
+-->
+<ruleset name="Mnet-Ad.net">
+
+	<target host="s.mnet-ad.net" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mnot.net.xml b/src/chrome/content/rules/Mnot.net.xml
new file mode 100644
index 000000000000..be8473d95d55
--- /dev/null
+++ b/src/chrome/content/rules/Mnot.net.xml
@@ -0,0 +1,22 @@
+<!--
+	^mnot.net: "TLS SNI Required"
+
+-->
+<ruleset name="mnot.net">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.mnot.net" />
+
+	<!--	Complications:
+				-->
+	<target host="mnot.net" />
+
+
+	<rule from="^http://mnot\.net/"
+		to="https://www.mnot.net/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MoAF.org-problematic.xml b/src/chrome/content/rules/MoAF.org-problematic.xml
new file mode 100644
index 000000000000..2052bdfd25b9
--- /dev/null
+++ b/src/chrome/content/rules/MoAF.org-problematic.xml
@@ -0,0 +1,25 @@
+<!--
+	For rules that are on by default, see MoAF.org.xml.
+
+-->
+<ruleset name="MoAF.org (expired)" default_off="expired">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.moaf.org" />
+
+	<!--	Complications:
+				-->
+	<target host="moaf.org" />
+
+
+	<securecookie host="^www\.moaf\.org$" name=".+" />
+
+
+	<rule from="^http://moaf\.org/"
+		to="https://www.moaf.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MoE.gov.my.xml b/src/chrome/content/rules/MoE.gov.my.xml
new file mode 100644
index 000000000000..a144dccaab0b
--- /dev/null
+++ b/src/chrome/content/rules/MoE.gov.my.xml
@@ -0,0 +1,136 @@
+<!--
+	Non-functional subdomains:
+		- abpg	(t)
+		- akept	(t)
+		- apdm	(t)
+		- apfec2016	(r)
+		- app	(m)
+		- apps	(t)
+		- apps2	(t)
+		- aset	(t)
+		- bpk	(t)
+		- bpkhas	(t)
+		- bptv	(t)
+		- btp	(t)
+		- btpnjohor	(s)
+		- btpnkedah	(t)
+		- btpnkelantan	(t)
+		- btpnkl	(t)
+		- btpnmelaka	(t)
+		- btpnpahang	(r)
+		- btpnperak	(t)
+		- btpnperlis	(t)
+		- btpnppinang	(t)
+		- btpnsabah	(t)
+		- btpnsarawak	(t)
+		- btpnterengganu	(t)
+		- direktoripsh	(e)
+		- e-myra	(m)
+		- egraduan	(t)
+		- egsentrik	(s)
+		- ehlp	(t)
+		- emisonline	(t)
+		- emkoko	(t)
+		- enazir	(t)
+		- eoperasi	(t)
+		- epangkat	(t)
+		- epelepasan	(t)
+		- epenawaran	(t)
+		- epkhas	(t)
+		- epkm	(t)
+		- eprasekolah	(t)
+		- eprestasi	(t)
+		- espbt	(t)
+		- esppsel	(t)
+		- essem	(t)
+		- estam	(t)
+		- etukar	(t)
+		- geraksel	(r)
+		- graduan	(m)
+		- graduat	(m)
+		- hes	(m)
+		- www.iab	(r)
+		- www.iabcgh	(r)
+		- iabu	(s)
+		- www.iabu	(s)
+		- ifms	(m)
+		- jpnjohor	(i)
+		- jpnkedah	(r)
+		- jpnkelantan	(r)
+		- jpnmelaka	(r)
+		- jpnns	(r)
+		- jpnpahang	(r)
+		- jpnperak	(r)
+		- jpnsabah	(r)
+		- jpnsarawak	(r)
+		- jpnselangor	(r)
+		- jpnterengganu	(r)
+		- jpwpkl	(r)
+		- jpwpl	(r)
+		- jpwpp	(r)
+		- kissm	(t)
+		- kwsg	(t)
+		- matrikulasi	(t)
+		- moesmtp2	(t)
+		- mygfl	(t)
+		- mymohes	(t)
+		- naikpangkat	(t)
+		- online	(t)
+		- pajsk	(t)
+		- pentaho	(t)
+		- pidp	(t)
+		- pismp	(t)
+		- pkgbtpnkedah	(t)
+		- ppdbalingsik	(r)
+		- ppdkbb	(r)
+		- ppdkmy	(r)
+		- ppdkotatinggi	(m)
+		- ppdks	(r)
+		- ppdkubangpasu	(r)
+		- ppdlangkawi	(r)
+		- ppdpendang	(r)
+		- ppdpterap	(r)
+		- ppdsegamat	(m)
+		- pt3	(t)
+		- ptm	(t)
+		- sapsnkra	(t)
+		- sarana	(t)
+		- sgmy	(t)
+		- sisppa	(t)
+		- slpa	(t)
+		- smips	(t)
+		- smpk	(t)
+		- spassm	(t)
+		- spikedah	(r)
+		- spks	(t)
+		- spkws	(t)
+		- splkpm	(t)
+		- spmu	(t)
+		- sps1	(t)
+		- sptv	(t)
+		- ssdm	(t)
+		- sst1	(t)
+		- sst4	(t)
+		- upu	(t)
+		- web	(t)
+		- webmail	(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Ministry of Education Malaysia">
+
+	<target host="moe.gov.my" />
+	<target host="www.moe.gov.my" />
+	<target host="btpnnsembilan.moe.gov.my" />
+	<target host="jpnperlis.moe.gov.my" />
+	<target host="textbook.moe.gov.my" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MoL.org.xml b/src/chrome/content/rules/MoL.org.xml
new file mode 100644
index 000000000000..a845be57ab7c
--- /dev/null
+++ b/src/chrome/content/rules/MoL.org.xml
@@ -0,0 +1,22 @@
+<!--
+	No working URL known:
+		data.mol.org
+
+-->
+<ruleset name="Map of Life">
+
+	<target host="mol.org" />
+	<target host="www.mol.org" />
+	<target host="api.mol.org" />
+		<test url="http://api.mol.org/map/Danaus_plexippus/640/640/6901f2a6-3c8d-11e5-a151-feff819cdc9f" />
+	<target host="auth.mol.org" />
+	<target host="beta.mol.org" />
+	<target host="carto.mol.org" />
+	<target host="cdn.mol.org" />
+	<target host="map.mol.org" />
+	<target host="patterns.mol.org" />
+	<target host="species.mol.org" />
+
+	<rule from="^http:"	to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MoS.org.xml b/src/chrome/content/rules/MoS.org.xml
new file mode 100644
index 000000000000..ed5f869b235f
--- /dev/null
+++ b/src/chrome/content/rules/MoS.org.xml
@@ -0,0 +1,45 @@
+<!--
+	No working URL known:
+		triton.mos.org (403)
+		live-proxy.mos.org (403)
+		tessituralive.mos.org (403)
+		tessituraqa.mos.org (403)
+
+	Invalid certificate:
+		email.mos.org
+		etf.mos.org
+		mail.mos.org
+		mailarchive.mos.org
+		www.starwars.mos.org
+		team.mos.org
+		tracking.mos.org
+
+	Time out:
+		exhibits.mos.org
+		library.mos.org
+
+	Private subdomain:
+		kronos.mos.org
+		login.mos.org
+
+	Redirect to http:
+		legacy.mos.org
+		starwars.mos.org
+		cst.mos.org
+
+-->
+<ruleset name="Museum of Science">
+
+	<target host="mos.org" />
+	<target host="www.mos.org" />
+	<target host="cdn1.mos.org" />
+	<target host="cdn2.mos.org" />
+	<target host="cdn3.mos.org" />
+	<target host="giftshop.mos.org" />
+
+	<securecookie host="^\.mos\.org$" name="^MOS_store$" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Moana_Surfrider.xml b/src/chrome/content/rules/Moana_Surfrider.xml
index f9c158511b04..7f84fd8f9461 100644
--- a/src/chrome/content/rules/Moana_Surfrider.xml
+++ b/src/chrome/content/rules/Moana_Surfrider.xml
@@ -16,4 +16,4 @@
 	<rule from="^http://(?:www\.)?moana-surfrider\.com/images/"
 		to="https://www.moana-surfrider.com/images/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Moat.xml b/src/chrome/content/rules/Moat.xml
index e7e519cc8faf..1c79146fdbfb 100644
--- a/src/chrome/content/rules/Moat.xml
+++ b/src/chrome/content/rules/Moat.xml
@@ -1,36 +1,33 @@
 <!--
+	Other Moat rulesets:
+
+		- Moat_ads.com.xml
+
+
 	CDN buckets:
 
 		- moat-ads.s3.amazonaws.com
 		- moatsearch-data.s3.amazonaws.com
 		- s3.amazonaws.com/search.moat/
-		- s.moatads.com.edgesuite.net/...
+		- search-web-assets.s3.amazonaws.com
+		- d39qxjx2pcysy1.cloudfront.net
 
 
-	Nonfunctional domains:
+	Mixed content:
 
-		- (www.)moatads.com
-		- s.moatads.com		(Akamai; 503)
-		- v3.moatads.com
+		- Images on www from moatsearch-data.s3.amazonaws.com
 
 -->
-<ruleset name="Moat (partial)">
+<ruleset name="Moat.com">
 
 	<target host="moat.com" />
-	<target host="*.moat.com" />
-	<target host="moatads.com" />
-	<target host="www.moatads.com" />
-
+	<target host="www.moat.com" />
 
-	<securecookie host="^(?:www\.)?moat\.com$" name=".*" />
 
+	<securecookie host="^\w" name=".+" />
 
-	<rule from="^http://(www\.)?moat\.com/"
-		to="https://$1moat.com/" />
 
-	<!--	Redirects like so. 
-					-->
-	<rule from="^https?://(?:www\.)?moatads\.com/$"
-		to="https://www.moat.com/" />
+	<rule from="^http:"
+		to="https:"/>
 
 </ruleset>
diff --git a/src/chrome/content/rules/Moat_ads.com.xml b/src/chrome/content/rules/Moat_ads.com.xml
new file mode 100644
index 000000000000..b8e6f66215f8
--- /dev/null
+++ b/src/chrome/content/rules/Moat_ads.com.xml
@@ -0,0 +1,59 @@
+<!--
+	For other Moat coverage, see Moat.xml.
+
+
+	CDN buckets:
+
+		- s.moatads.com.edgesuite.net
+
+
+	(www.)?moatads.com: Refused
+
+
+	Problematic hosts in *moatads.com:
+
+		- js ᴬ
+		- s ᴬ
+
+	ᴬ Akamai/mismatched
+
+-->
+<ruleset name="Moat ads.com (partial)">
+
+	<target host="moatads.com" />
+	<target host="*.moatads.com" />
+
+		<exclusion pattern="^http://(?!(?:dbg\d+|v\d+|www)\.moatads\.com/)" />
+
+			<test url="http://js.moatads.com/" />
+			<test url="http://js.moatads.com//" />
+			<test url="http://js.moatads.com/swf/p6.v3.swf" />
+			<test url="http://s.moatads.com/" />
+			<test url="http://s.moatads.com/swf/MessageSenderV3.swf" />
+
+		<test url="http://v1.moatads.com/" />
+		<test url="http://v2.moatads.com/" />
+		<test url="http://v3.moatads.com/" />
+		<test url="http://v4.moatads.com/" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<!--	Redirects like so:
+					-->
+	<rule from="^http://(?:www\.)?moatads\.com/"
+		to="https://www.moat.com/" />
+
+		<exclusion pattern="^http://(?:www\.)?moatads\.com/(?!$)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.moatads.com/Default.aspx" />
+			<test url="http://www.moatads.com/index.htm" />
+			<test url="http://www.moatads.com/index.php" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Moava.xml b/src/chrome/content/rules/Moava.xml
index 8393479e3582..6fe41a6ce1fc 100644
--- a/src/chrome/content/rules/Moava.xml
+++ b/src/chrome/content/rules/Moava.xml
@@ -1,13 +1,12 @@
 <ruleset name="Moava">
 
 	<target host="moava.org" />
-	<target host="*.moava.org" />
+	<target host="www.moava.org" />
 
 
 	<securecookie host="^.*\.moava\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?moava\.org/"
-		to="https://$1moava.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MobStac.xml b/src/chrome/content/rules/MobStac.xml
index cc04c60d137e..e35703e70e16 100644
--- a/src/chrome/content/rules/MobStac.xml
+++ b/src/chrome/content/rules/MobStac.xml
@@ -5,16 +5,17 @@
 <ruleset name="MobStac (partial)">
 
 	<target host="mobstac.com" />
-	<target host="*.mobstac.com" />
+	<target host="www.mobstac.com" />
+	<target host="cdn.mobstac.com" />
 
 
 	<!--	At least some pages 301 to http.
 							-->
-	<rule from="^https?://(www\.)?mobstac\.com/a/(login|password/reset)(/)?"
+	<rule from="^http://(www\.)?mobstac\.com/a/(login|password/reset)(/)?"
 		to="https://$1mobstac.com/a/login$2$3" />
 
 
-	<rule from="^https?://cdn\.mobstac\.com/"
+	<rule from="^http://cdn\.mobstac\.com/"
 		to="https://d9ic2hg1x4ep8.cloudfront.net/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Mobclix.com.xml b/src/chrome/content/rules/Mobclix.com.xml
new file mode 100644
index 000000000000..02da9d6a6185
--- /dev/null
+++ b/src/chrome/content/rules/Mobclix.com.xml
@@ -0,0 +1,18 @@
+<!--
+	Nonfunctional subdomains:
+
+		- ads *
+		- data *
+
+	* Refused
+
+-->
+<ruleset name="Mobclix.com (partial)" default_off="expired">
+
+	<target host="cdn.mobclix.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MobiGum.com.xml b/src/chrome/content/rules/MobiGum.com.xml
deleted file mode 100644
index 3962fff4b896..000000000000
--- a/src/chrome/content/rules/MobiGum.com.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="MobiGum.com">
-
-	<target host="mobigum.com" />
-	<target host="*.mobigum.com" />
-
-
-	<securecookie host="^\.mobigum\.com$" name=".+" />
-
-
-	<rule from="^http://(ndpeeps\.|www\.)?mobigum\.com/"
-		to="https://$1mobigum.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/MobiHand-clients.xml b/src/chrome/content/rules/MobiHand-clients.xml
deleted file mode 100644
index 7b62f3dd521a..000000000000
--- a/src/chrome/content/rules/MobiHand-clients.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<!--
-	For MobiHand proper, see MobiHand.xml.
-
--->
-<ruleset name="MobiHand clients">
-
-	<target host="store.androidguys.com" />
-
-
-	<rule from="^https?://store\.androidguys\.com/common_files/"
-		to="https://www.mobihand.com/common_files/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/MobiHand.xml b/src/chrome/content/rules/MobiHand.xml
deleted file mode 100644
index 1373ffa31063..000000000000
--- a/src/chrome/content/rules/MobiHand.xml
+++ /dev/null
@@ -1,28 +0,0 @@
-<!--
-	For clients, see MobiHand-clients.xml.
-
-
-	Nonfunctional domains:
-
-		- corporate.mobihand.com	(cert: www.mobihand.com; shows www's data)
-
--->
-<ruleset name="MobiHand">
-
-	<target host="mobihand.com" />
-	<target host="www.mobihand.com" />
-	<target host="mobireach.com" />
-	<target host="www.mobireach.com" />
-
-
-	<securecookie host="^(www\.)?mobi(hand|reach)\.com$" name=".*" />
-
-
-	<!--	Cert only matches www.	-->
-	<rule from="^https?://(?:www\.)?mobihand\.com/"
-		to="https://www.mobihand.com/" />
-
-	<rule from="^http://(www\.)?mobireach\.com/"
-		to="https://$1mobireach.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Mobify.me.xml b/src/chrome/content/rules/Mobify.me.xml
new file mode 100644
index 000000000000..5c755d66c004
--- /dev/null
+++ b/src/chrome/content/rules/Mobify.me.xml
@@ -0,0 +1,35 @@
+<!--
+	Other Mobify rulesets:
+
+
+
+	(www.)?, community: Mismatched
+
+-->
+<ruleset name="Mobify.me">
+
+	<!--	Complications:
+				-->
+	<target host="mobify.me" />
+	<target host="community.mobify.me" />
+	<target host="www.mobify.me" />
+
+
+	<!--	Redirect keeps path and args,
+		but not forward slash:
+					-->
+	<rule from="^http://(?:www\.)?mobify\.me/+"
+		to="https://mobify.com/" />
+
+		<test url="http://mobify.me//" />
+
+	<!--	Redirect drops path and forward
+		slash, but not args:
+					-->
+	<rule from="^http://community\.mobify\.me/[^?]*"
+		to="https://support.mobify.com/" />
+
+		<test url="http://community.mobify.me/?" />
+		<test url="http://community.mobify.me//" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mobify.xml b/src/chrome/content/rules/Mobify.xml
index 4464bc08ef0b..3b051cda852b 100644
--- a/src/chrome/content/rules/Mobify.xml
+++ b/src/chrome/content/rules/Mobify.xml
@@ -1,56 +1,63 @@
+
 <!--
-	Problematic domains:
+The following targets have been disabled at 2020-09-25 16:20:22:
 
-		- (www.)mobify.net	(mismatched, CN: *.mobify.com)
+Fetch error: http://community.mobify.com/ => https://community.mobify.com/: (35, 'error:1408F10B:SSL routines:ssl3_get_record:wrong version number')
+Fetch error: http://portal.mobify.com/ => https://portal.mobify.com/: (6, 'Could not resolve host: portal.mobify.com')
 
+	Other Mobify rulesets:
 
-	Fully covered domains:
+		- Mobify.me.xml
 
-		- (www.)mobify.net	(→ mobify.com)
 
--->
-<ruleset name="Mobify">
+	Nonfunctional hosts in *mobify.com:
 
-	<target host="mobify.com" />
-	<target host="*.mobify.com" />
-		<!--	Cert: *.desk.com.
-			mobify.desk.com redirects back to support.	-->
-		<exclusion pattern="^http://support\." />
-	<target host="mobify.me" />
-	<target host="*.mobify.me" />
-	<target host="mobifyagogo.wpengine.netdna-cdn.com" />
+		- docs ¹
+		- insights ²
 
+	¹ Refused
+	² Shows default page
 
-	<!--	Observed cookie domains:
 
-			- ^.
-			- cloud
-			- ^portal
-					-->
-	<securecookie host="^.*\.mobify\.com$" name=".*" />
+	Problematic hosts in *mobify.com:
+
+		- adaptivejs *
+
+	* Mismatched
+
+
+	Insecure cookies are set for these hosts:
 
+		- cloud.mobify.com
 
-	<!--	Observed domains:
 
-			- cdn
-			- cloud
-			- community
-			- portal
-			- www
+	Mixed content:
+
+		- css on adaptivejs.mobify.com from laughable-jam.surge.sh
+
+-->
+<ruleset name="Mobify.com (partial)">
+
+	<!--	Direct rewrites:
 				-->
-	<rule from="^http://(\w+\.)?mobify\.com/"
-		to="https://$1mobify.com/" />
+	<target host="mobify.com" />
+	<target host="a.mobify.com" />
+	<target host="cdn.mobify.com" />
+	<target host="cloud.mobify.com" />
+	<!-- target host="community.mobify.com" /-->
+	<!-- target host="portal.mobify.com" /-->
+	<target host="support.mobify.com" />
+	<target host="www.mobify.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^cloud\.mobify\.com$" name="^csrftoken$" /-->
 
-	<!--	Cert doesn't match *.me, data are identical.	-->
-	<rule from="^http://(?:(community\.)|www\.)?mobify\.me/"
-		to="https://$1mobify.com/" />
+	<securecookie host=".*\.mobify\.com$" name=".+" />
 
-	<rule from="^http://(?:www\.)?mobify\.net/"
-		to="https://mobify.com/" />
 
-	<!--	Cert: *.netdna-ssl.com; 404.	-->
-	<rule from="^http://mobifyagogo\.wpengine\.netdna-cdn\.com/"
-		to="https://www.mobify.com/" />
-	
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Mobile01.com.xml b/src/chrome/content/rules/Mobile01.com.xml
new file mode 100644
index 000000000000..429826be5e98
--- /dev/null
+++ b/src/chrome/content/rules/Mobile01.com.xml
@@ -0,0 +1,17 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://mobile01.com/ => https://mobile01.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+-->
+<ruleset name="Mobile01.com" default_off="failed ruleset test">
+	<target host="mobile01.com" />
+	<target host="www.mobile01.com" />
+	<target host="attach.mobile01.com" />
+	<target host="attach2.mobile01.com" />
+	<target host="attach4.mobile01.com" />
+	<target host="download.mobile01.com" />
+	<target host="m.mobile01.com" />
+	<target host="static.mobile01.com" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MobileCore.com.xml b/src/chrome/content/rules/MobileCore.com.xml
new file mode 100644
index 000000000000..33a42527f37e
--- /dev/null
+++ b/src/chrome/content/rules/MobileCore.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="MobileCore.com">
+
+	<target host="mobilecore.com" />
+	<target host="www.mobilecore.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MobilePay.dk.xml b/src/chrome/content/rules/MobilePay.dk.xml
new file mode 100644
index 000000000000..098f617e6f14
--- /dev/null
+++ b/src/chrome/content/rules/MobilePay.dk.xml
@@ -0,0 +1,16 @@
+<!--
+	For other Danske Bank coverage, see DanskeBank.xml.
+
+-->
+<ruleset name="MobilePay.dk">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="mobilepay.dk" />
+	<target host="www.mobilepay.dk" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MobileRead.xml b/src/chrome/content/rules/MobileRead.xml
deleted file mode 100644
index 64c2062df179..000000000000
--- a/src/chrome/content/rules/MobileRead.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)	(times out)
-		- wiki		(ditto)
-
--->
-<ruleset name="MobileRead (partial)">
-
-	<target host="dev.mobileread.com" />
-
-
-	<securecookie host="^dev.mobileread.com$" name=".+" />
-
-
-	<rule from="^http://dev\.mobileread\.com/"
-		to="https://dev.mobileread.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Mobile_Asia_Expo.xml b/src/chrome/content/rules/Mobile_Asia_Expo.xml
index 07a1dac2e1e2..34a3275fba53 100644
--- a/src/chrome/content/rules/Mobile_Asia_Expo.xml
+++ b/src/chrome/content/rules/Mobile_Asia_Expo.xml
@@ -19,4 +19,4 @@
 	<rule from="^http://content\.mobileasiaexpo\.com/"
 		to="https://d1cu38qo94v965.cloudfront.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Mobile_Enterprise_360.com.xml b/src/chrome/content/rules/Mobile_Enterprise_360.com.xml
index 5ee80c5eccf1..328a8fa64ff8 100644
--- a/src/chrome/content/rules/Mobile_Enterprise_360.com.xml
+++ b/src/chrome/content/rules/Mobile_Enterprise_360.com.xml
@@ -6,7 +6,7 @@
 <ruleset name="Mobile Enterprise 360.com" default_off="expired, mismatched, self-signed">
 
 	<target host="mobileenterprise360.com" />
-	<target host="*.mobileenterprise360.com" />
+	<target host="www.mobileenterprise360.com" />
 
 
 	<securecookie host="^(?:www)?\.mobileenterprise360\.com$" name=".+" />
@@ -15,4 +15,4 @@
 	<rule from="^http://(?:www\.)?mobileenterprise360\.com/"
 		to="https://www.mobileenterprise360.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Mobile_Nations.xml b/src/chrome/content/rules/Mobile_Nations.xml
index 8bc2498d2975..faf0e9897e34 100644
--- a/src/chrome/content/rules/Mobile_Nations.xml
+++ b/src/chrome/content/rules/Mobile_Nations.xml
@@ -1,4 +1,9 @@
 <!--
+  Host unresolved:
+    - shop.mobilenations.com
+    - cdn.passport.mobilenations.com
+    - passport-cdn.mobilenations.com
+
 	Problematic domains:
 
 		- cdn.passport.mobilenations.com	(mismatched)
@@ -6,13 +11,7 @@
 -->
 <ruleset name="Mobile Nations (partial)">
 
-	<target host="*.mobilenations.com" />
-
-
-	<rule from="^http://passport\.mobilenations\.com/"
-		to="https://passport.mobilenations.com/" />
-
-	<rule from="^http://(?:cdn\.passport|passport-cdn)\.mobilenations\.com/"
-		to="https://passport-cdn.mobilenations.com/" />
+	<target host="passport.mobilenations.com" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mobile_Vikings.xml b/src/chrome/content/rules/Mobile_Vikings.xml
index 12ad8468976a..6f96fdd62210 100644
--- a/src/chrome/content/rules/Mobile_Vikings.xml
+++ b/src/chrome/content/rules/Mobile_Vikings.xml
@@ -18,7 +18,6 @@
 	<securecookie host="^(?:www\.)?mobilevikings\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?mobilevikings\.com/"
-		to="https://$1mobilevikings.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Mobilepki.org.xml b/src/chrome/content/rules/Mobilepki.org.xml
new file mode 100644
index 000000000000..316863e422fe
--- /dev/null
+++ b/src/chrome/content/rules/Mobilepki.org.xml
@@ -0,0 +1,9 @@
+<ruleset name="mobilepki.org">
+
+	<target host="mobilepki.org" />
+	<target host="www.mobilepki.org" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mobio_INsider.xml b/src/chrome/content/rules/Mobio_INsider.xml
index 82d71993d488..dcc667a812c7 100644
--- a/src/chrome/content/rules/Mobio_INsider.xml
+++ b/src/chrome/content/rules/Mobio_INsider.xml
@@ -1,18 +1,23 @@
-<ruleset name="Mobio INsider">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://s.mobioinsider.com/ => https://s.mobioinsider.com/: (6, 'Could not resolve host: s.mobioinsider.com')
+Fetch error: http://stage-mobioinsider.com/ => https://stage-mobioinsider.com/: (28, 'Operation timed out after 30000 milliseconds with 0 bytes received')
+Fetch error: http://www.stage-mobioinsider.com/ => https://www.stage-mobioinsider.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+
+-->
+<ruleset name="Mobio INsider" default_off="failed ruleset test">
 
 	<target host="mobioinsider.com" />
-	<target host="*.mobioinsider.com" />
+	<target host="s.mobioinsider.com" />
+	<target host="www.mobioinsider.com" />
 	<target host="stage-mobioinsider.com" />
-	<target host="*.stage-mobioinsider.com" />
+	<target host="www.stage-mobioinsider.com" />
 
 
 	<securecookie host="^(?:w*\.)?(?:stage-)?mobioinsider\.com$" name=".+" />
 
 
-	<rule from="^http://(s\.|www\.)?mobioinsider\.com/"
-		to="https://$1mobioinsider.com/" />
-
-	<rule from="^http://(www\.)?stage-mobioinsider\.com/"
-		to="https://$1stage-mobioinsider.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MobyGames.xml b/src/chrome/content/rules/MobyGames.xml
index 1259b51e7d2e..8a5188398ab7 100644
--- a/src/chrome/content/rules/MobyGames.xml
+++ b/src/chrome/content/rules/MobyGames.xml
@@ -1,12 +1,29 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .mobygames.com
+
+-->
 <ruleset name="Mobygames.com">
-  <target host="*.mobygames.com"/>
+
+	<!--	Direct rewrites:
+				-->
   <target host="mobygames.com"/>
+	<target host="pics.mobygames.com"/>
+	<target host="www.mobygames.com"/>
+
+	<!--	Complications:
+				-->
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.mobygames\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.mobygames\.com$" name="^(?:__cfduid|cf_clearance)$" />
 
-  <rule from="^https?://(?:pics\.|www\.)?mobygames\.com/" to="https://www.mobygames.com/"/>
 
-	<!--	https://mail1.eff.org/pipermail/https-everywhere-rules/2012-July/001248.html
-												-->
-	<rule from="^https://www\.mobygames\.com/http://pics\.mobygames\.com/"
-		to="https://www.mobygames.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Mobypicture.xml b/src/chrome/content/rules/Mobypicture.xml
index 177b4a63d651..2289ea9ecce8 100644
--- a/src/chrome/content/rules/Mobypicture.xml
+++ b/src/chrome/content/rules/Mobypicture.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://mobypicture.com/ => https://mobypicture.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
 	CDN buckets:
 
 		- mobypicture.s3.amazonaws.com
@@ -23,12 +27,17 @@
 
 	Nonfunctional subdomains:
 
+		- developers ¹
 		- i
 
+	¹ Refused
+
 
 	Problematic subdomains:
 
-		- www
+		- secure *
+
+	* Mismatched, CN: api.mobypicture.com
 
 
 	Fully covered subdomains:
@@ -37,39 +46,56 @@
 		- (www.)api
 		- img		(→ d2d8v8ddwfpkhk.cloudfront.net)
 		- a\d.img	(→ d2d8v8ddwfpkhk.cloudfront.net)
-		- secure
-		- www		(→ secure.mobypicture.com)
+		- secure	(→ www.mobypicture.com)
+		- www
+
+
+	Insecure cookies are set for these domains:
+
+		- .
+
+
+	Mixed content:
+
+		- css on (www.)mobypicture.com from fonts.googleapis.com *
+
+		- Bug on (www.)mobypicture.com from www.facebook.com *
+
+	* Secured by us
 
 -->
-<ruleset name="Mobypicture">
+<ruleset name="Mobypicture" default_off="failed ruleset test">
 
 	<target host="media.mobyhub.com" />
 	<target host="*.media.mobyhub.com" />
 	<target host="mobypicture.com" />
 	<target host="*.mobypicture.com" />
-	<target host="www.api.mobypicture.com" />
-	<target host="*.img.mobypicture.com" />
 
 
-	<rule from="^https?://(?:\w+\.)?media\.mobyhub\.com/"
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.mobypicture\.com$" name="^PHPSESSID$" /-->
+
+
+	<rule from="^http://(?:\w+\.)?media\.mobyhub\.com/"
 		to="https://d1u33j8blhxgzy.cloudfront.net/" />
 
-	<rule from="^http://((?:www\.)?api\.|secure\.)?mobypicture\.com/"
+	<rule from="^http://((?:www\.)?api\.|www\.)?mobypicture\.com/"
 		to="https://$1mobypicture.com/" />
 
-	<rule from="^http://www\.mobypicture\.com/"
-		to="https://secure.mobypicture.com/" />
+	<rule from="^http://secure\.mobypicture\.com/"
+		to="https://www.mobypicture.com/" />
 
-	<rule from="^https?://(?:a\d\.)?img\.mobypicture\.com/"
+	<rule from="^http://(?:a\d\.)?img\.mobypicture\.com/"
 		to="https://d2d8v8ddwfpkhk.cloudfront.net/" />
 
-	<rule from="^https?://layout\.mobypicture\.com/"
+	<rule from="^http://layout\.mobypicture\.com/"
 		to="https://dq8u4hkdxtrwa.cloudfront.net/" />
 
-	<rule from="^https?://static\.mobypicture\.com/"
+	<rule from="^http://static\.mobypicture\.com/"
 		to="https://d3l076gtvxuom7.cloudfront.net/" />
 
-	<rule from="^https?://vid\.mobypicture\.com/"
-		to="https://dxujr96dorra9.cloudfront.net/" />
+	<rule from="^http://vid\.mobypicture\.com/"
+		to="https://vid.mobypicture.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MochaHost.xml b/src/chrome/content/rules/MochaHost.xml
index b6d2373e54d7..b35ffa9e01d0 100644
--- a/src/chrome/content/rules/MochaHost.xml
+++ b/src/chrome/content/rules/MochaHost.xml
@@ -4,10 +4,9 @@
 	<target host="www.mochahost.com" />
 
 
-	<securecookie host="^(www\.)?mochahost\.com$" name=".*" />
+	<securecookie host="^(?:www\.)?mochahost\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?mochahost\.com/"
-		to="https://$1mochahost.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Mochajs.org.xml b/src/chrome/content/rules/Mochajs.org.xml
new file mode 100644
index 000000000000..41521e62c3f3
--- /dev/null
+++ b/src/chrome/content/rules/Mochajs.org.xml
@@ -0,0 +1,6 @@
+<ruleset name="Mochajs.org">
+  <target host="mochajs.org" />
+  <target host="www.mochajs.org" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mochi_ads.com.xml b/src/chrome/content/rules/Mochi_ads.com.xml
deleted file mode 100644
index 010e948404c7..000000000000
--- a/src/chrome/content/rules/Mochi_ads.com.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	For other Mochi Media coverage, see Mochimedia.xml.
-
-
-	CDN buckets:
-
-		- thumbs.mochiads.com.edgesuite.net
-
-			- a478.g.akamai.net
-
--->
-<ruleset name="Mochi ads.com">
-
-	<target host="thumbs.mochiads.com" />
-
-
-	<rule from="^http://thumbs\.mochiads\.com/"
-		to="https://a248.e.akamai.net/f/478/4144/6/thumbs.mochiads.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Mochimedia.xml b/src/chrome/content/rules/Mochimedia.xml
index 7ae0ed436a22..8aa94c1c8551 100644
--- a/src/chrome/content/rules/Mochimedia.xml
+++ b/src/chrome/content/rules/Mochimedia.xml
@@ -1,12 +1,6 @@
-<!--
-	Other Mochi Media rulesets:
-
-		- Mochi_ads.com.xml
-
--->
 <ruleset name="Mochimedia (partial)">
 	<target host="*.mochimedia.com" />
 
-	<exclusion pattern="^http://(games|wiki)\.mochimedia\.com/" />
+	<exclusion pattern="^http://(?:games|wiki)\.mochimedia\.com/" />
 	<rule from="^http://([^@:/]*)\.mochimedia\.com/" to="https://$1.mochimedia.com/" />
 </ruleset>
diff --git a/src/chrome/content/rules/Mochtu.de.xml b/src/chrome/content/rules/Mochtu.de.xml
new file mode 100644
index 000000000000..4065a1e9b687
--- /dev/null
+++ b/src/chrome/content/rules/Mochtu.de.xml
@@ -0,0 +1,35 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://mochtu.de/ => https://mochtu.de/: (51, "SSL: no alternative certificate subject name matches target host name 'mochtu.de'")
+Fetch error: http://www.mochtu.de/ => https://mochtu.de/: (51, "SSL: no alternative certificate subject name matches target host name 'mochtu.de'")
+
+	www.mochtu.de: Mismatched
+
+
+	These altnames don't exist:
+
+		- walla.mochtu.de
+
+-->
+<ruleset name="mochtu.de" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="mochtu.de" />
+
+	<!--	Complications:
+				-->
+	<target host="www.mochtu.de" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://www\.mochtu\.de/"
+		to="https://mochtu.de/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ModArchive.org.xml b/src/chrome/content/rules/ModArchive.org.xml
new file mode 100644
index 000000000000..93c54e9ca817
--- /dev/null
+++ b/src/chrome/content/rules/ModArchive.org.xml
@@ -0,0 +1,26 @@
+<!--
+	Timeout:
+		- ircstats.modarchive.org
+		- lite.modarchive.org
+		- sidney.mirror.modarchive.org
+		- tracker.modarchive.org
+
+	Mismatched:
+		- mail.modarchive.org
+		- mirror.modarchive.org
+		- new.modarchive.org
+
+	HTTP != HTTPS:
+		- pma.modarchive.org
+-->
+<ruleset name="ModArchive.org">
+	<target host="modarchive.org" />
+	<target host="www.modarchive.org" />
+	<target host="api.modarchive.org" />
+	<target host="data.modarchive.org" />
+	<target host="forums.modarchive.org" />
+	<target host="img.modarchive.org" />
+	<target host="quotes.modarchive.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ModMyPi.xml b/src/chrome/content/rules/ModMyPi.xml
index c2635ce917fd..a01c2c543484 100644
--- a/src/chrome/content/rules/ModMyPi.xml
+++ b/src/chrome/content/rules/ModMyPi.xml
@@ -1,13 +1,12 @@
 <ruleset name="ModMyPi">
 
 	<target host="modmypi.com" />
-	<target host="*.modmypi.com" />
+	<target host="www.modmypi.com" />
 
 
 	<securecookie host="^\.?www\.modmypi\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?modmypi\.com/"
-		to="https://$1modmypi.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ModMyi.xml b/src/chrome/content/rules/ModMyi.xml
index 1e0b866b03f5..09572d02633c 100644
--- a/src/chrome/content/rules/ModMyi.xml
+++ b/src/chrome/content/rules/ModMyi.xml
@@ -1,13 +1,40 @@
-<ruleset name="ModMyi">
+<!--
+	NB: Tor users cannot view* this website due to CloudFlare settings.
 
+	See:
+
+		- https://blog.torproject.org/blog/call-arms-helping-internet-services-accept-anonymous-users
+		- https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block-Tor-
+		- https://support.cloudflare.com/hc/en-us/articles/200170206-How-do-I-turn-I-m-Under-Attack-mode-on-
+
+	* without enabling javascript, for security and privacy implications see e.g.:
+
+		- https://www.mozilla.org/security/known-vulnerabilities/firefox.html
+		- https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-fingerprinting
+		- https://panopticlick.eff.org
+
+
+	Insecure cookies are set for these domains:
+
+		- .modmyi.com
+
+-->
+<ruleset name="ModMyi.com">
+
+	<!--	Direct rewrites:
+				-->
 	<target host="modmyi.com" />
-	<target host="*.modmyi.com" />
+	<target host="www.modmyi.com" />
+
 
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.modmyi\.com$" name="^(__cfduid|cf_clearance)$" /-->
 
 	<securecookie host="^\.?modmyi\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?modmyi\.com/"
-		to="https://$1modmyi.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ModSecurity.xml b/src/chrome/content/rules/ModSecurity.xml
index 002209690990..dcc404fa7fb1 100644
--- a/src/chrome/content/rules/ModSecurity.xml
+++ b/src/chrome/content/rules/ModSecurity.xml
@@ -1,6 +1,12 @@
-<ruleset name="ModSecurity" platform="mixedcontent">
-  <target host="modsecurity.org" />
-  <target host="www.modsecurity.org" />
+<ruleset name="ModSecurity.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="modsecurity.org" />
+	<target host="www.modsecurity.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
-  <rule from="^http://(?:www\.)?modsecurity\.org/" to="https://modsecurity.org/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/ModTheSims.info.xml b/src/chrome/content/rules/ModTheSims.info.xml
new file mode 100644
index 000000000000..d80ae07e19b1
--- /dev/null
+++ b/src/chrome/content/rules/ModTheSims.info.xml
@@ -0,0 +1,28 @@
+<!--
+	Refused:
+		- chii.modthesims.info
+
+	Timeout:
+		- mail.modthesims.info
+
+	Mismatched:
+		- bulma.modthesims.info
+		- *.modthesims.info (wildcard record)
+
+	Mixed content:
+		- classic.modthesims.info
+		- upload.modthesims.info
+-->
+<ruleset name="ModTheSims.info">
+	<target host="modthesims.info" />
+	<target host="www.modthesims.info" />
+	<target host="bootstrap.modthesims.info" />
+	<target host="forums.modthesims.info" />
+	<target host="linna.modthesims.info" />
+	<target host="nene.modthesims.info" />
+	<target host="skuld.modthesims.info" />
+	<target host="thumbs.modthesims.info" />
+	<target host="thumbs2.modthesims.info" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mod_DB.com.xml b/src/chrome/content/rules/Mod_DB.com.xml
index 8985e1b42dbd..52a3cb2e82a3 100644
--- a/src/chrome/content/rules/Mod_DB.com.xml
+++ b/src/chrome/content/rules/Mod_DB.com.xml
@@ -20,10 +20,11 @@
 -->
 <ruleset name="Mod DB.com (partial)">
 
-	<target host="*.moddb.com" />
+	<target host="secure.moddb.com" />
+	<target host="static.moddb.com" />
 
 
 	<rule from="^http://s(?:ecure|tatic)\.moddb\.com/"
 		to="https://secure.moddb.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Model_Mayhem-problematic.xml b/src/chrome/content/rules/Model_Mayhem-problematic.xml
index 0148207b118b..d6e827df2678 100644
--- a/src/chrome/content/rules/Model_Mayhem-problematic.xml
+++ b/src/chrome/content/rules/Model_Mayhem-problematic.xml
@@ -7,7 +7,6 @@
 	<target host="photos.modelmayhem.com" />
 
 
-	<rule from="^http://photos\.modelmayhem\.com/"
-		to="https://photos.modelmayhem.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Model_Mayhem.xml b/src/chrome/content/rules/Model_Mayhem.xml
index 69502f82544f..cbaa02afe65d 100644
--- a/src/chrome/content/rules/Model_Mayhem.xml
+++ b/src/chrome/content/rules/Model_Mayhem.xml
@@ -13,13 +13,14 @@
 <ruleset name="Model Mayhem (partial)" platform="mixedcontent">
 
 	<target host="modelmayhem.com" />
-	<target host="*.modelmayhem.com" />
+	<target host="secure.modelmayhem.com" />
+	<target host="www.modelmayhem.com" />
 
 
 	<securecookie host="^.*\.modelmayhem\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:secure\.|www\.)?modelmayhem\.com/"
+	<rule from="^http://(?:secure\.|www\.)?modelmayhem\.com/"
 		to="https://secure.modelmayhem.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Model_View_Culture.com.xml b/src/chrome/content/rules/Model_View_Culture.com.xml
new file mode 100644
index 000000000000..ad5418440892
--- /dev/null
+++ b/src/chrome/content/rules/Model_View_Culture.com.xml
@@ -0,0 +1,11 @@
+<ruleset name="Model View Culture.com">
+
+	<target host="modelviewculture.com" />
+	<target host="images.modelviewculture.com" />
+	<target host="www.modelviewculture.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ModerateUmmah.com.xml b/src/chrome/content/rules/ModerateUmmah.com.xml
new file mode 100644
index 000000000000..bdb266ced85a
--- /dev/null
+++ b/src/chrome/content/rules/ModerateUmmah.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="ModerateUmmah.com">
+	<target host="moderateummah.com" />
+	<target host="www.moderateummah.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Modern.IE.xml b/src/chrome/content/rules/Modern.IE.xml
new file mode 100644
index 000000000000..d4e4bb7a01a0
--- /dev/null
+++ b/src/chrome/content/rules/Modern.IE.xml
@@ -0,0 +1,60 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://remote.modern.ie/ => https://remote.modern.ie/: (6, 'Could not resolve host: remote.modern.ie')
+
+	For other Microsoft coverage, see Microsoft.xml.
+
+
+	Problematic subdomains:
+
+		- www. mismatch
+		- virtualization. mismatch
+		- uservoice. mismatch
+
+
+	Insecure cookies are set for these domains:
+
+		- .
+		- .devchannel
+		- remote
+		- .remote
+		- .status
+		- .www
+
+
+	Mixed content:
+
+		- Fonts on devchannel from www.modern.ie *
+
+	* Secured by us
+
+-->
+<ruleset name="modern.IE" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="modern.ie" />
+	<target host="devchannel.modern.ie" />
+	<target host="remote.modern.ie" />
+	<target host="status.modern.ie" />
+	<target host="dev.modern.ie" />
+	<target host="www.modern.ie" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.(devchannel\.|status\.|www\.)?modern\.ie$" name="^ARRAffinity$" /-->
+	<!--securecookie host="^remote\.modern\.ie$" name="^connect\.sid$" /-->
+
+	<securecookie host="^(?:\.devchannel|\.?remote|\.status|\.www)?\.modern\.ie$" name=".+" />
+
+
+	<rule from="^http://www\.modern\.ie/"
+		to="https://modern.ie/"/>
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Modern_Crypto.org.xml b/src/chrome/content/rules/Modern_Crypto.org.xml
new file mode 100644
index 000000000000..84bf6850bf4c
--- /dev/null
+++ b/src/chrome/content/rules/Modern_Crypto.org.xml
@@ -0,0 +1,9 @@
+<ruleset name="Modern Crypto.org">
+
+	<target host="moderncrypto.org" />
+	<target host="www.moderncrypto.org" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Modern_Giver.xml b/src/chrome/content/rules/Modern_Giver.xml
index 39a78375659b..eabe3bd1f081 100644
--- a/src/chrome/content/rules/Modern_Giver.xml
+++ b/src/chrome/content/rules/Modern_Giver.xml
@@ -8,7 +8,7 @@
 <ruleset name="Modern Giver">
 
 	<target host="moderngiver.com" />
-	<target host="*.moderngiver.com" />
+	<target host="www.moderngiver.com" />
 	<target host="simplegiver.com" />
 	<target host="www.simplegiver.com" />
 
diff --git a/src/chrome/content/rules/Modernpgp.org.xml b/src/chrome/content/rules/Modernpgp.org.xml
new file mode 100644
index 000000000000..c1d52a4503fb
--- /dev/null
+++ b/src/chrome/content/rules/Modernpgp.org.xml
@@ -0,0 +1,9 @@
+<ruleset name="Modernpgp.org" default_off="mismatched">
+    <target host="modernpgp.org" />
+    <target host="www.modernpgp.org" />
+
+    <securecookie host="^(www\.)?modernpgp\.org" name=".+" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Modernus.xml b/src/chrome/content/rules/Modernus.xml
index d6fe629928b2..ba0b434dfa74 100644
--- a/src/chrome/content/rules/Modernus.xml
+++ b/src/chrome/content/rules/Modernus.xml
@@ -13,10 +13,6 @@
 	<target host="secure.teljari.is" />
 
 
-	<rule from="^http://login\.modernus\.is/"
-		to="https://login.modernus.is/" />
+	<rule from="^http:" to="https:" />
 
-	<rule from="^http://secure\.teljari\.is/"
-		to="https://secure.teljari.is/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Modicine.ru.xml b/src/chrome/content/rules/Modicine.ru.xml
new file mode 100644
index 000000000000..18c68d5cae92
--- /dev/null
+++ b/src/chrome/content/rules/Modicine.ru.xml
@@ -0,0 +1,10 @@
+<!--
+	Mismatched:
+		- mail
+-->
+<ruleset name="Modicine.ru">
+	<target host="modicine.ru" />
+	<target host="www.modicine.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Modlife.xml b/src/chrome/content/rules/Modlife.xml
deleted file mode 100644
index 0402dff1598c..000000000000
--- a/src/chrome/content/rules/Modlife.xml
+++ /dev/null
@@ -1,27 +0,0 @@
-<!--
-	CDN buckets:
-
-		- s3.amazonaws.com/images.modlife.com/ | d1gy20lpqgjyb5.cloudfront.net
-
-			- images.modlife.com
-
-
-	Problematic subdomains:
-
-		- www		(cert only matches ^modlife.com)
-		- images	(cloudfront)
-
--->
-<ruleset name="Modlife">
-
-	<target host="modlife.com" />
-	<target host="*.modlife.com" />
-
-
-	<rule from="^http://(?:www\.)?modlife\.com/"
-		to="https://modlife.com/" />
-
-	<rule from="^http://images\.modlife\.com/"
-		to="https://d1gy20lpqgjyb5.cloudfront.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Modoee.com.xml b/src/chrome/content/rules/Modoee.com.xml
new file mode 100644
index 000000000000..5cc20ffb593c
--- /dev/null
+++ b/src/chrome/content/rules/Modoee.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="Modoee.com">
+	<target host="modoee.com" />
+	<target host="www.modoee.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ModrsBook.com.xml b/src/chrome/content/rules/ModrsBook.com.xml
new file mode 100644
index 000000000000..1c6d47fd6b2e
--- /dev/null
+++ b/src/chrome/content/rules/ModrsBook.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="ModrsBook.com">
+	<target host="modrsbook.com" />
+	<target host="www.modrsbook.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Modulus.io.xml b/src/chrome/content/rules/Modulus.io.xml
new file mode 100644
index 000000000000..096a4db939ee
--- /dev/null
+++ b/src/chrome/content/rules/Modulus.io.xml
@@ -0,0 +1,60 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://modulus.io/ => https://modulus.io/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://addons.modulus.io/ => https://addons.modulus.io/: (28, 'Connection timed out after 20002 milliseconds')
+Fetch error: http://my.modulus.io/ => https://my.modulus.io/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.modulus.io/ => https://modulus.io/: (28, 'Connection timed out after 20000 milliseconds')
+
+	Nonfunctional subdomains:
+
+		- help *
+
+	* Desk.com
+
+
+	Problematic subdomains:
+
+		- enterprise *
+		- www *
+
+	* Mismatched
+
+
+	Fully covered subdomains:
+
+		- (www.)?	(www → ^)
+		- addons
+		- my
+
+
+	Insecure cookies are set for these domains:
+
+		- .modulus.io
+
+-->
+<ruleset name="Modulus.io (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="modulus.io" />
+	<target host="addons.modulus.io" />
+	<target host="my.modulus.io" />
+
+	<!--	Special cases:
+				-->
+	<target host="www.modulus.io" />
+
+
+	<!--	Not secured by server:
+					-->
+	<securecookie host="^\.modulus\.io$" name="^modulus\.sid$" />
+
+
+	<rule from="^http://www\.modulus\.io/"
+		to="https://modulus.io/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Moelleken.org.xml b/src/chrome/content/rules/Moelleken.org.xml
new file mode 100644
index 000000000000..0ebc289f6817
--- /dev/null
+++ b/src/chrome/content/rules/Moelleken.org.xml
@@ -0,0 +1,23 @@
+<!--
+	Mixed content:
+
+		- Images from moelleken.org *
+
+	* Secured by us
+
+-->
+<ruleset name="Moelleken.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="moelleken.org" />
+	<target host="www.moelleken.org" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Moevideo.xml b/src/chrome/content/rules/Moevideo.xml
index e9fae3381214..a2903bbcee2f 100644
--- a/src/chrome/content/rules/Moevideo.xml
+++ b/src/chrome/content/rules/Moevideo.xml
@@ -6,8 +6,9 @@
 
 	<securecookie host="^(?:www\.)?moevideo\.net$" name=".+" />
 
+    <exclusion pattern="^http://(?:www\.)?moevideo\.net/geocode\.php(?:\?|$)" />
+    <exclusion pattern="^http://(?:www\.)?moevideo\.net/(?:crossdomain\.xml|geocode\.php)(?:\?|$)" />
 
-	<rule from="^http://(www\.)?moevideo\.net/"
-		to="https://$1moevideo.net/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Mofobian.com.xml b/src/chrome/content/rules/Mofobian.com.xml
index 1898e534a45b..afeb08316ea1 100644
--- a/src/chrome/content/rules/Mofobian.com.xml
+++ b/src/chrome/content/rules/Mofobian.com.xml
@@ -1,14 +1,9 @@
-<!--
-	CN: *.bluehost.com
-
--->
-<ruleset name="Mofobian.com (partial)">
+<ruleset name="Mofobian.com">
 
 	<target host="mofobian.com" />
 	<target host="www.mofobian.com" />
 
+	<rule from="^http:"
+		to="https:" />
 
-	<rule from="^http://(?:www\.)?mofobian\.com/(favicon\.ico|wp-content/|wp-includes/)"
-		to="https://secure.bluehost.com/~mofobian/$1" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Moikrug.ru.xml b/src/chrome/content/rules/Moikrug.ru.xml
new file mode 100644
index 000000000000..251512d193fa
--- /dev/null
+++ b/src/chrome/content/rules/Moikrug.ru.xml
@@ -0,0 +1,54 @@
+<!--
+	For other Yandex coverage, see Yandex.xml.
+
+
+	Fully covered subdomains:
+
+		- (www.)?
+		- api
+		- css
+		- pass
+		- [\w-]+ *
+
+	* Per-user domains
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- moikrug.ru
+		- .moikrug.ru
+		- api.moikrug.ru
+
+
+	Mixed content:
+
+		- css on api from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Moikrug.ru (partial)">
+
+	<target host="moikrug.ru" />
+	<target host="*.moikrug.ru" />
+
+		<test url="http://api.moikrug.ru/" />
+		<test url="http://www.moikrug.ru/" />
+
+		<!--	Mixed css from fonts.googleapis.com:
+								-->
+		<test url="http://api.moikrug.ru/v1/my/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:api\.)?moikrug\.ru$" name="^(_moikrug_session|check_cookies)$" /-->
+	<!--securecookie host="^\.moikrug\.ru$" name="^(Cookie_check|L|Session_id|mkrs|my|rems|sessionid2|yandex_gid|yandex_login|yandexuid)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://([\w-]+\.)?moikrug\.ru/"
+		to="https://$1moikrug.ru/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MoinMoin.xml b/src/chrome/content/rules/MoinMoin.xml
index df5b4bcc58e7..eedb696a6907 100644
--- a/src/chrome/content/rules/MoinMoin.xml
+++ b/src/chrome/content/rules/MoinMoin.xml
@@ -3,7 +3,6 @@
 	<target host="moinmo.in" />
 	<target host="www.moinmo.in"/>
 
-	<rule from="^http://(www\.)?moinmo\.in/"
-	        to="https://$1moinmo.in/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Mojandroid.sk.xml b/src/chrome/content/rules/Mojandroid.sk.xml
new file mode 100644
index 000000000000..3e7d91be35c9
--- /dev/null
+++ b/src/chrome/content/rules/Mojandroid.sk.xml
@@ -0,0 +1,6 @@
+<ruleset name="Mojandroid.sk">
+  <target host="mojandroid.sk" />
+  <target host="www.mojandroid.sk" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MojeDatovaSchranka.cz.xml b/src/chrome/content/rules/MojeDatovaSchranka.cz.xml
new file mode 100644
index 000000000000..4484cb276ea4
--- /dev/null
+++ b/src/chrome/content/rules/MojeDatovaSchranka.cz.xml
@@ -0,0 +1,6 @@
+<ruleset name="MojeDatovaSchranka.cz">
+	<target host="mojedatovaschranka.cz" />
+	<target host="www.mojedatovaschranka.cz" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MojeID.cz.xml b/src/chrome/content/rules/MojeID.cz.xml
new file mode 100644
index 000000000000..00752b682aaf
--- /dev/null
+++ b/src/chrome/content/rules/MojeID.cz.xml
@@ -0,0 +1,14 @@
+<!--
+	For other CZ.NIC coverage, see Nic.cz.xml.
+
+-->
+<ruleset name="mojeID.cz">
+
+	<target host="mojeid.cz" />
+	<target host="www.mojeid.cz" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MojoHaus.org.xml b/src/chrome/content/rules/MojoHaus.org.xml
new file mode 100644
index 000000000000..ca431159f954
--- /dev/null
+++ b/src/chrome/content/rules/MojoHaus.org.xml
@@ -0,0 +1,15 @@
+<ruleset name="MojoHaus.org">
+
+	<target host="mojohaus.org" />
+	<target host="www.mojohaus.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<!-- 'no alternative certificate subject name matches target host name'
+	on https://mojohaus.org/, http://mojohaus.org/ redirects to http://www.mojohaus.org/ -->
+	<rule from="^http://mojohaus\.org/"
+		to="https://www.mojohaus.org/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MokaFive.xml b/src/chrome/content/rules/MokaFive.xml
deleted file mode 100644
index a0a9a27064fa..000000000000
--- a/src/chrome/content/rules/MokaFive.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<ruleset name="MokaFive (partial)">
-
-	<!--	cert: mokafive.com	-->
-	<target host="moka5.com"/>
-	<target host="*.moka5.com"/>
-		<!--	404 on mokafive.com	-->
-		<exclusion pattern="^http://(www\.)?moka5\.com/ios$"/>
-	<target host="mokafive.com"/>
-	<target host="*.mokafive.com"/>
-
-	<securecookie host="^(.*\.)?mokafive\.com$" name=".*"/>
-
-	<rule from="^http://(blog\.|www\.)?moka(?:5|five)\.com/"
-		to="https://$1mokafive.com/"/>
-
-	<!--	404 on mokafive.com	-->
-	<rule from="^https?://(www\.)?mokafive\.com/ios$"
-		to="http://$1moka5.com/ios" downgrade="1" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Mollom.xml b/src/chrome/content/rules/Mollom.xml
index eeb3ed842eb6..32765046c99c 100644
--- a/src/chrome/content/rules/Mollom.xml
+++ b/src/chrome/content/rules/Mollom.xml
@@ -1,7 +1,34 @@
-<ruleset name="Mollom">
 
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://wdc-api04.mollom.com/ => https://wdc-api04.mollom.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://wdc-cmp01.mollom.com/ => https://wdc-cmp01.mollom.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+-->
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://wdc-api04.mollom.com/ => https://wdc-api04.mollom.com/: (28, 'Connection timed out after 10001 milliseconds')
+
+	Fully covered hosts in *mollom.com:
+
+		- (www.)?
+		- rest-production
+		- wdc-api04
+		- wdc-cmp01
+		- xmlrpc2
+
+-->
+<ruleset name="Mollom.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
 	<target host="mollom.com" />
-	<target host="*.mollom.com" />
+	<target host="rest-production.mollom.com" />
+	<target host="wdc-api04.mollom.com" />
+	<target host="wdc-cmp01.mollom.com" />
+	<target host="www.mollom.com" />
+	<target host="xmlrpc2.mollom.com" />
 
 
 	<securecookie host="^\.mollom\.com$" name=".+" />
@@ -9,7 +36,7 @@
 
 	<!--	xmlrpc2: Included on 3rd-party
 		websites for captchas.	-->
-	<rule from="^http://((?:wdc-cmp01|www|xmlrpc2)\.)?mollom\.com/"
-		to="https://$1mollom.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/MomentusMedia.xml b/src/chrome/content/rules/MomentusMedia.xml
deleted file mode 100644
index 6e409de18900..000000000000
--- a/src/chrome/content/rules/MomentusMedia.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="MomentusMedia" platform="mixedcontent">
-  <target host="momentusmedia.com" />
-  <target host="www.momentusmedia.com" />
-
-  <securecookie host="^(.+\.)?momentusmedia\.com$" name=".*"/>
-
-  <rule from="^http://momentusmedia\.com/" to="https://momentusmedia.com/"/>
-  <rule from="^http://www\.momentusmedia\.com/" to="https://www.momentusmedia.com/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/Monarch.co.uk.xml b/src/chrome/content/rules/Monarch.co.uk.xml
index ffdf3f030b0f..d54bfff89c49 100644
--- a/src/chrome/content/rules/Monarch.co.uk.xml
+++ b/src/chrome/content/rules/Monarch.co.uk.xml
@@ -1,7 +1,14 @@
-<ruleset name="Monarch.co.uk" platform="mixedcontent">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://monarch.co.uk/ => https://www.monarch.co.uk/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.monarch.co.uk/ => https://www.monarch.co.uk/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+-->
+<ruleset name="Monarch.co.uk" platform="mixedcontent" default_off="failed ruleset test">
   <target host="monarch.co.uk" />
   <target host="www.monarch.co.uk" />
 
   <rule from="^http://(?:www\.)?monarch\.co\.uk/"
           to="https://www.monarch.co.uk/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Monash.edu.xml b/src/chrome/content/rules/Monash.edu.xml
new file mode 100644
index 000000000000..8d99a635fd50
--- /dev/null
+++ b/src/chrome/content/rules/Monash.edu.xml
@@ -0,0 +1,72 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://login.monash.edu/ (200) => https://login.monash.edu/ (404)
+
+	Other Monash University rulesets:
+
+		- Study.Monash.xml
+
+
+	These altnames don't exist:
+
+		- www.blogs.monash.edu
+		- www.my.monash.edu
+		- www.secure.monash.edu
+
+
+	Insecure cookies are set for these hosts:
+
+		- community.monash.edu
+
+
+	Mixed content:
+
+		- Images on (www.)? from www.monash.edu.au
+
+-->
+<ruleset name="Monash.edu (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="monash.edu" />
+	<target host="blogs.monash.edu" />
+	<target host="community.monash.edu" />
+	<target host="login.monash.edu" />
+	<target host="my.monash.edu" />
+	<target host="secure.monash.edu" />
+	<target host="www.monash.edu" />
+
+		<!--	Redirects to http:
+						-->
+		<exclusion pattern="^http://www\.monash\.edu/(?:$|\?)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.monash.edu/?f" />
+			<test url="http://www.monash.edu/?o" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.monash.edu/__data/assets/image/0016/13813/monash-logo.png" />
+			<test url="http://www.monash.edu/_globaldesigns/css/printing.css" />
+			<test url="http://www.monash.edu/favicon.ico" />
+			<test url="http://www.monash.edu/giving/" />
+			<test url="http://www.monash.edu/library/" />
+
+		<!--	Mixed images:
+					-->
+		<test url="http://monash.edu/students/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^community\.monash\.edu$" name="^BIGipServer[\w~]+$" /-->
+
+	<securecookie host="^community\.monash\.edu$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MondeDiplo.com.xml b/src/chrome/content/rules/MondeDiplo.com.xml
new file mode 100644
index 000000000000..8e5223fc1ef7
--- /dev/null
+++ b/src/chrome/content/rules/MondeDiplo.com.xml
@@ -0,0 +1,66 @@
+<!--
+	For other rules related to the Monde Diplomatique, see:
+		Le-Monde-diplomatique.de.xml
+		monde-diplomatique.fr.xml
+		MondeDiplo.net.xml
+
+	Secure connection failed:
+		- feed.mondediplo.com
+
+	Invalid Certificate
+		- blogs.mondediplo.com
+		- bugs.mondediplo.com
+		- www.cl-kit.mondediplo.com
+		- www.eo.mondediplo.com
+		- formation.mondediplo.com
+		- formations.mondediplo.com
+		- logi[\d].mondediplo.com
+		- www.pt-kit.mondediplo.com
+		- zinc.mondediplo.com
+-->
+<ruleset name="MondeDiplo.com">
+	<target host="mondediplo.com" />
+	<target host="www.mondediplo.com" />
+	<target host="2010.mondediplo.com" />
+	<target host="abo.mondediplo.com" />
+	<target host="archives.mondediplo.com" />
+	<target host="bg.mondediplo.com" />
+	<target host="blog.mondediplo.com" />
+	<target host="carto.mondediplo.com" />
+	<target host="cl-kit.mondediplo.com" />
+	<target host="cn.mondediplo.com" />
+	<target host="commerce.mondediplo.com" />
+	<target host="dev.mondediplo.com" />
+	<target host="diploar.mondediplo.com" />
+	<target host="diploby.mondediplo.com" />
+	<target host="diplode.mondediplo.com" />
+	<target host="diplopt.mondediplo.com" />
+	<target host="doostan.mondediplo.com" />
+	<target host="dostan.mondediplo.com" />
+	<target host="edition.mondediplo.com" />
+	<target host="eo.mondediplo.com" />
+	<target host="www.eo.mondediplo.com" />
+		<rule from="^http://www\.eo\.mondediplo\.com/"
+			to="https://eo.mondediplo.com/" />
+	<target host="fr.mondediplo.com" />
+	<target host="int.mondediplo.com" />
+	<target host="ir.mondediplo.com" />
+	<target host="kit.mondediplo.com" />
+	<target host="lab.mondediplo.com" />
+	<target host="oa.mondediplo.com" />
+	<target host="pt.mondediplo.com" />
+	<target host="pt-kit.mondediplo.com" />
+	<target host="ru.mondediplo.com" />
+	<target host="sc.mondediplo.com" />
+	<target host="temp-pt.mondediplo.com" />
+	<target host="theorie.mondediplo.com" />
+	<target host="theory.mondediplo.com" />
+	<target host="tuiles.mondediplo.com" />
+	<target host="vieux.mondediplo.com" />
+	<target host="mail.vieux.mondediplo.com" />
+	<target host="wiki.mondediplo.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"	to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MondeDiplo.net.xml b/src/chrome/content/rules/MondeDiplo.net.xml
new file mode 100644
index 000000000000..0b01b936e009
--- /dev/null
+++ b/src/chrome/content/rules/MondeDiplo.net.xml
@@ -0,0 +1,36 @@
+<!--
+	For other rules related to the Monde Diplomatique, see MondeDiplo.com.xml
+
+	Bad certificate:
+		mondediplo.net
+		www.mondediplo.net
+		formations.mondediplo.net
+		www.formations.mondediplo.net
+		intranet.mondediplo.net
+		langues.mondediplo.net
+		www.lecteurs.mondediplo.net
+
+	Internal:
+		intra.mondediplo.net
+
+	Different content for HTTPS:
+		telex.mondediplo.net
+		typo.mondediplo.net
+
+	No known URL working:
+		ws.mondediplo.net (406)
+
+	Mixed content:
+		zinc.mondediplo.net
+
+-->
+<ruleset name="MondeDiplo.net (partial)">
+
+	<target host="blog.mondediplo.net" />
+	<target host="blogs.mondediplo.net" />
+	<target host="formation.mondediplo.net" />
+	<target host="lecteurs.mondediplo.net" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mondemp3.com.xml b/src/chrome/content/rules/Mondemp3.com.xml
index 50ebd9ebd61d..3e2d6f74284c 100644
--- a/src/chrome/content/rules/Mondemp3.com.xml
+++ b/src/chrome/content/rules/Mondemp3.com.xml
@@ -1,13 +1,21 @@
-<ruleset name="mondemp3.com">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://mondemp3.com/ => https://mondemp3.com/: (51, "SSL: no alternative certificate subject name matches target host name 'mondemp3.com'")
+Fetch error: http://www.mondemp3.com/ => https://www.mondemp3.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.mondemp3.com'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://mondemp3.com/ => https://mondemp3.com/: (60, 'SSL certificate problem: self signed certificate')
+-->
+<ruleset name="mondemp3.com" default_off="failed ruleset test">
 
 	<target host="mondemp3.com" />
-	<target host="*.mondemp3.com" />
+	<target host="www.mondemp3.com" />
 
 
 	<securecookie host="^\.mondemp3\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?mondemp3\.com/"
-		to="https://$1mondemp3.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Mondo-2000.xml b/src/chrome/content/rules/Mondo-2000.xml
index a1175ce16bb9..33817c0f281b 100644
--- a/src/chrome/content/rules/Mondo-2000.xml
+++ b/src/chrome/content/rules/Mondo-2000.xml
@@ -1,9 +1,9 @@
-<ruleset name="Mondo 2000" default_off="mismatch">
+<ruleset name="Mondo 2000" default_off="mismatched">
 
 	<target host="mondo2000.net"/>
 	<target host="www.mondo2000.net"/>
 
-	<rule from="^http://(www\.)?mondo2000\.net/"
+	<rule from="^http://(?:www\.)?mondo2000\.net/"
 		to="https://mondo2000.net/"/>
 
 </ruleset>
diff --git a/src/chrome/content/rules/Monetate.xml b/src/chrome/content/rules/Monetate.xml
index 3ca92f4e76b8..622e460c38b2 100644
--- a/src/chrome/content/rules/Monetate.xml
+++ b/src/chrome/content/rules/Monetate.xml
@@ -1,47 +1,37 @@
 <!--
-	CDN buckets:
-
-		- monetate-university.s3.amazonaws.com
-
-		- b.monetate.net.edgesuite.net
-
-			- a727.g.akamai.net
-
 
 	Nonfunctional domains:
 
 		- (www.)monetate.com		(record_too_long)
 
-
-	Problematic domains:
-
-		- university.monetate.com	(mismatched, CN: *herokuapp.com)
-
-
 	Fully covered domains:
 
 		- monetate.net subdomains:
 
-			- b		(→ akamai)
+			- b
 			- d
+			- e
+			- f
+			- marketer
 
 -->
 <ruleset name="Monetate (partial)">
 
-	<target host="university.monetate.com" />
-	<target host="*.monetate.net" />
-
-
-	<securecookie host="^.+\.monetate\.net$" name=".+" />
-
+	<target host="b.monetate.net" />
+	<target host="d.monetate.net" />
+	<target host="e.monetate.net" />
+	<target host="f.monetate.net" />
+	<target host="marketer.monetate.net" />
+	<target host="sb.monetate.net" />
+	<target host="sd.monetate.net" />
+	<target host="se.monetate.net" />
+	<target host="sf.monetate.net" />
 
-	<rule from="^http://university\.monetate\.com/"
-		to="https://monetate-university.herokuapp.com/" />
+	<securecookie host=".+" name=".+"/>
 
-	<rule from="^http://b\.monetate\.net/"
-		to="https://a248.e.akamai.net/f/727/7826/3m/b.monetate.net/" />
+	<rule from="^http://(b|d|e|f)\.monetate\.net/"
+		to="https://s$1.monetate.net/" />
 
-	<rule from="^http://(d|marketer|sb)\.monetate\.net/"
-		to="https://$1.monetate.net/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Monex.co.jp.xml b/src/chrome/content/rules/Monex.co.jp.xml
new file mode 100644
index 000000000000..7ec0ff98f108
--- /dev/null
+++ b/src/chrome/content/rules/Monex.co.jp.xml
@@ -0,0 +1,39 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://its2.monex.co.jp/ => https://its2.monex.co.jp/: (28, 'Connection timed out after 20001 milliseconds')
+
+
+	Nonfunctional subdomains:
+
+		- answer	(refused)
+		- trade1	(403)
+		- trade2	(403)
+		- www2	(works on only some pages)
+
+	Problematic subdomains:
+
+		- lounge *
+		- money *
+		- ondemand *
+
+	* Invalid cert
+
+-->
+
+<ruleset name="Monex.co.jp" default_off="failed ruleset test">
+
+	<target host="fs.monex.co.jp" />
+	<target host="fund.monex.co.jp" />
+	<target host="gold.monex.co.jp" />
+	<target host="info.monex.co.jp" />
+	<target host="its2.monex.co.jp" />
+	<target host="mail01.monex.co.jp" />
+	<target host="ondemand2.monex.co.jp" />
+	<target host="seminar.monex.co.jp" />
+	<target host="www.monex.co.jp" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Money.pl-falsemixed.xml b/src/chrome/content/rules/Money.pl-falsemixed.xml
index 63c949750425..93707b9568c1 100644
--- a/src/chrome/content/rules/Money.pl-falsemixed.xml
+++ b/src/chrome/content/rules/Money.pl-falsemixed.xml
@@ -1,48 +1,28 @@
-<!--
-	For rules not causing false/broken MCB, see Money.pl.xml.
 
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://przetargi.money.pl/ => https://przetargi.money.pl/: Too many redirects while fetching 'https://przetargi.money.pl/'
 
-	mixedcontent due to css from static1.
+	For rules not causing false/broken MCB, see Money.pl.xml.
 
 -->
-<ruleset name="Money.pl (false MCB)" platform="mixedcontent">
+<ruleset name="Money.pl (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
 
-	<target host="autogielda.money.pl" />
-	<target host="dom.money.pl" />
-	<target host="edukacja.money.pl" />
+	<target host="firma.money.pl" />
 	<target host="fundusze-emerytalne.money.pl" />
 	<target host="fundusze-inwestycyjne.money.pl" />
-	<target host="grupy-dyskusyjne.money.pl" />
 	<target host="karty-kredytowe.money.pl" />
 	<target host="kredyty-gotowkowe.money.pl" />
+	<target host="kredyty-mieszkaniowe.money.pl" />
 	<target host="kredyty-samochodowe.money.pl" />
-	<target host="login.money.pl" />
 	<target host="lokaty-bankowe.money.pl" />
-	<target host="manager.money.pl" />
-	<target host="moto.money.pl" />
-	<target host="msp.money.pl" />
-	<target host="news.money.pl" />
-	<target host="pogoda.money.pl" />
-	<target host="praca.money.pl" />
-	<target host="prawo.money.pl" />
-	<target host="tech.money.pl" />
-	<target host="www.money.pl" />
-	<target host="*.www.money.pl" />
-		<!--
-			Handled in Money.pl.xml:
-						-->
-		<exclusion pattern="^http;//(?:fundusze-(?:emerytal|inwestycyj)ne|karty-kredytowe|kredyty-(?:gotowk|samochod)owe|lokaty-bankowe)\.money\.com/[ijs]/" />
-		<exclusion pattern="^http://praca\.money\.pl/img/" />
-		<exclusion pattern="^http://www\.money\.pl/(?:i/|d/\w+/|u/money_chart/graphchart_hp\.php)" />
-
-
-	<!--	Not handling ^\.money.pl so as
-		to avoid duplicate target spam.
-						-->
-	<securecookie host="^(?!direct\.)(?:.+\.)?money\.pl$" name=".+" />
-
-
-	<rule from="^http://((?:autogielda|dom|edukacja|fundusze-(?:emerytal|inwestycyj)ne|grupy-dyskusyjne|karty-kredytowe|kredyty-(?:gotowk|samochod)owe|login|lokaty-bankowe|manager|moto|msp|news|pogoda|praca|prawo|tech|www)\.)?money\.pl/"
-		to="https://$1money.pl/" />
-
-</ruleset>
\ No newline at end of file
+	<target host="przetargi.money.pl" />
+
+
+	<securecookie host=".\.money\.pl$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Money.pl.xml b/src/chrome/content/rules/Money.pl.xml
index e6a737c3284d..6236235aede9 100644
--- a/src/chrome/content/rules/Money.pl.xml
+++ b/src/chrome/content/rules/Money.pl.xml
@@ -1,176 +1,247 @@
-<!--
-	For rules causing false/broken MCB, see Money.pl-falsemixed.xml.
-
-
-	Nonfunctional subdomains:
-
-		- opony *
-		- pixel *
-
-	* Dropped
-
-
-	Fully covered subdomains:
-
-		- akademia
-		- kredyt-mieszkaniowy
-		- paszport
-		- static[12]
 
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://adv.money.pl/ => https://adv.money.pl/: Too many redirects while fetching 'https://adv.money.pl/'
+Fetch error: http://dot.money.pl/ => https://dot.money.pl/: Too many redirects while fetching 'https://dot.money.pl/'
+Fetch error: http://ebook.money.pl/ => https://ebook.money.pl/: Too many redirects while fetching 'https://ebook.money.pl/'
+Fetch error: http://finanse.money.pl/ => https://finanse.money.pl/: Too many redirects while fetching 'https://finanse.money.pl/'
+Fetch error: http://grupy-dyskusyjne.money.pl/ => https://grupy-dyskusyjne.money.pl/: Too many redirects while fetching 'https://grupy-dyskusyjne.money.pl/'
+Fetch error: http://www.money.pl/ => https://www.money.pl/: Too many redirects while fetching 'https://www.money.pl/'
 
-	Partially covered subdomains:
+	For rules causing false/broken MCB, see Money.pl-falsemixed.xml.
 
-		- www *
-		- direct		(kartykredytowe/ & leasing/ redirect to http)
-		- fundusze-emerytalne *
-		- fundusze-inwestycyjne *
-		- karty-kredytowe *
-		- kredyty-samochodowe *
-		- lokaty-bankowe *
-		- praca *
 
-	* Avoiding false/broken MCB, rest handled in Money.pl-falsemixed.xml
+	Nonfunctional hosts in *money.pl:
+
+		- akademia ʰ
+		- autogielda ʰ
+		- dom ʰ
+		- edukacja ʰ
+		- ksiegarnia ʰ
+		- kuponyrabatowe ʳ
+		- manager ʰ
+		- moto ʰ
+		- msp ʰ
+		- nauka ʰ
+		- news ʰ
+		- opony ᵈ
+		- pixel ᵈ
+		- pogoda ʰ
+		- praca ʰ
+		- prawo ʰ
+		- ranking ʰ
+		- tech ʰ
+		- www ʰ
+
+	ᵈ Dropped
+	ʰ Redirects to http
+	ʳ Refused
+
+
+	Partially covered hosts in *money.pl:
+
+		- direct ʰ
+		- fundusze-emerytalne ˣ
+		- fundusze-inwestycyjne ˣ
+		- karty-kredytowe ˣ
+		- kredyty-gotowkowe ˣ
+		- kredyty-mieszkaniowe ˣ
+		- kredyty-samochodowe ˣ
+		- lokaty-bankowe ˣ
+
+	ʰ kartykredytowe/ & leasing/ redirect to http
+	ˣ Avoiding false/broken MCB, rest handled in Money.pl-falsemixed.xml
+
+
+	Problematic hosts in *money.pl:
+
+		- ^ ʷ
+		- agrobiznes ⁴
+		- direct ⁴
+		- firma ˣ
+		- fundusze-emerytalne ˣ
+		- fundusze-inwestycyjne ˣ
+		- karty-kredytowe ˣ
+		- kredyty-gotowkowe ˣ
+		- kredyty-mieszkaniowe ˣ
+		- kredyty-samochodowe ˣ
+		- lokaty-bankowe ˣ
+		- m ˣ
+		- poczta ᶜ
+		- przetargi ˣ
+
+	⁴ >=1 path 404s
+	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
+	ʷ Configured from weak ciphers only
+	ˣ Mixed scripts or css
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- direct.money.pl
+		- .direct.money.pl
+		- poczta.money.pl
 
 
 	Mixed content:
 
 		- Scripts, on:
 
-			- autogielda from static1 *
-			- autogielda from www *
-			- dom from static1 *
-			- edukacja from static1 *
+			- direct from static1.money.pl *
 			- fundusze-emerytalne from direct *
 			- fundusze-inwestycyjne from direct *
-			- grupy-dyskusyjne from static1 *
 			- karty-kredytowe from direct *
 			- kredyty-gotowkowe from direct *
+			- kredyty-mieszkaniowe from direct *
 			- kredyty-samochodowe from direct *
-			- login from static1 *
 			- lokaty-bankowe from direct *
-			- manager from static1 *
-			- moto from static1 *
-			- msp from static1 *
-			- news from static1 *
-			- pogoda from static1 *
-			- praca from static1 *
-			- prawo from static1 *
-			- tech from static1 *
-			- www from static1 *
-			- www from www *
 
 		- css, on:
 
-			- autogielda from static1 *
-			- dom from static1 *
-			- edukacja from static1 *
-			- grupy-dyskusyjne from static1 *
-			- login from static1 *
-			- manager from static1 *
-			- moto from static1 *
-			- msp from static1 *
-			- news from static1 *
-			- pogoda from static1 *
-			- praca from static1 *
-			- prawo from static1 *
-			- tech from static1 *
-			- www from static1 *
-			- www from fonts.googleapis.com *
+			- direct from $self *
+			- direct, firma, przetargi, wibor from fonts.googleapis.com *
+			- firma, przetargi, wibor from static1.money.pl *
 
 		- Images. on:
 
-			- akademia from static1 *
-			- autogielda from static1 *
-			- dom from static1 *
-			- edukacja from praca *
-			- edukacja from static1 *
 			- fundusze-emerytalne from direct *
 			- fundusze-inwestycyjne from direct *
-			- grupy-dyskusyjne from static1 *
 			- karty-kredytowe from direct *
 			- kredyt-mieszkaniowy from direct *
 			- kredyty-gotowkowe from direct *
+			- kredyty-mieszkaniowe from direct *
 			- kredyty-samochodowe from direct *
-			- login from static1 *
 			- lokaty-bankowe from direct *
-			- manager from static1 *
-			- moto from direct *
-			- moto from static1 *
-			- msp from static1 *
-			- news from static1 *
-			- pogoda from static1 *
-			- prawo from static1 *
-			- prawo from static1.iwoman.pl
-			- tech from static1 *
-			- www from static1 *
-			- www from static2 *
+			- firma, przetargi, wibor from static1.money.pl *
+			- wibor from www.money.pl ʰ
+
+		- favicon on direct, firma, wdireczibo from www.money.pl ʰ
 
 		- Ads/web bugs, on:
 
-			- msp from www.facebook.com *
-			- msp from arbo.hit.gemius.pl *
-			- msp from diff.smartadserver.com *
-			- www from pixel **
+			- direct, przetargi from diff.smartadserver.com *
+			- direct from imppl.tradedoubler.com *
+			- direct from dot.wp.pl *
 
+	ʰ Unsecurable <= redirects to http
 	* Secured by us
-	** Unsecurable, and no one cares
-
-
-	The following domains are in a separate mixedcontent ruleset
-	due to css and scripts from direct, static1, and www:
-
-		- (www.)
-		- autogielda
-		- dom
-		- edukacja
-		- fundusze-emerytalne
-		- fundusze-inwestycyjne
-		- grupy-dyskusyjne
-		- karty-kredytowe
-		- kredyty-gotowkowe
-		- kredyty-samochodowe
-		- login
-		- lokaty-bankowe
-		- manager
-		- moto
-		- msp
-		- news
-		- pogoda
-		- praca
-		- prawo
-		- tech
-
-	NB: We secure all resources, and thus
-	-falsemixed should be merged for Ffx 24.
 
 -->
-<ruleset name="Money.pl (partial)">
-
-	<target host="*.money.pl" />
-		<!--
-			Redirects to http:
-						-->
-		<exclusion pattern="^http://direct\.money\.pl/(?:kartykredytowe|leasing)(?:$|[?/])" />
+<ruleset name="Money.pl (partial)" default_off="failed ruleset test">
+
+	<target host="adv.money.pl" />
+	<!--target host="agrobiznes.money.pl" /-->
+	<target host="direct.money.pl" />
+	<target host="dot.money.pl" />
+	<target host="ebook.money.pl" />
+	<target host="finanse.money.pl" />
+	<!--target host="firma.money.pl" /-->
+	<target host="fundusze-emerytalne.money.pl" />
+	<target host="fundusze-inwestycyjne.money.pl" />
+	<target host="grupy-dyskusyjne.money.pl" />
+	<target host="karty-kredytowe.money.pl" />
+	<target host="konto.money.pl" />
+	<target host="kredyty-gotowkowe.money.pl" />
+	<target host="kredyty-mieszkaniowe.money.pl" />
+	<target host="kredyty-samochodowe.money.pl" />
+	<target host="lokaty-bankowe.money.pl" />
+	<target host="login.money.pl" />
+	<target host="paszport.money.pl" />
+	<!--target host="poctza.money.pl" /-->
+	<!--target host="przetargi.money.pl" /-->
+	<target host="static1.money.pl" />
+	<!--target host="wibor.money.pl" /-->
+	<target host="www.money.pl" />
+
+		<!--	404:
+				-->
+		<!--exclusion pattern="^http://direct\.money\.pl/(?:karty-kredytowe|leasing|millennium|sekcje)(?:$|[?/])" /-->
 		<!--
-			Avoid false/broken MCB:
+			More conservatively:
 						-->
-		<exclusion pattern="^http;//(?:fundusze-(?:emerytal|inwestycyj)ne|karty-kredytowe|kredyty-(?:gotowk|samochod)owe|lokaty-bankowe)\.money\.com/(?![ijs]/)" />
-		<exclusion pattern="^http://praca\.money\.pl/(?!img/)" />
-		<exclusion pattern="^http://www\.money\.pl/(?!i/|d/\w+/|u/money_chart/graphchart_hp\.php)" />
+		<exclusion pattern="^http://direct\.money\.pl/+(?![do]/)" />
 
+			<!--	+ve:
+					-->
+			<test url="http://direct.money.pl/kartykredytowe/" />
+			<test url="http://direct.money.pl/millennium/" />
+			<test url="http://direct.money.pl/sekcje/ranking-lokat-luty-2016" />
 
-	<securecookie host="^\.money\.pl$" name="^usertrack$" />
-	<!--
-		Can we secure either of these here safely?
+			<!--	-ve:
+					-->
+			<test url="http://direct.money.pl/d/1/s/print.css" />
+			<test url="http://direct.money.pl/d/1/i/a2.gif" />
+			<test url="http://direct.money.pl/o/_logo/6.gif" />
+
+		<!--	Avoid false/broken MCB:
+						-->
+		<exclusion pattern="^http://(?:fundusze-(?:emerytal|inwestycyj)ne|karty-kredytowe|kredyty-(?:gotowk|mieszkaniosamochod|samochod)owe|lokaty-bankowe)\.money\.pl/(?![ijs]/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://fundusze-emerytalne.money.pl/home.htm" />
+			<test url="http://fundusze-inwestycyjne.money.pl/home.htm" />
+			<test url="http://karty-kredytowe.money.pl/home.htm" />
+			<test url="http://kredyty-gotowkowe.money.pl/home.htm" />
+			<test url="http://kredyty-mieszkaniowe.money.pl/home.htm" />
+			<test url="http://kredyty-samochodowe.money.pl/home.htm" />
+			<test url="http://lokaty-bankowe.money.pl/home.htm" />
+
+			<!--	-ve:
+					-->
+			<test url="http://fundusze-emerytalne.money.pl/i/ar.gif" />
+			<test url="http://fundusze-emerytalne.money.pl/s/fi.css" />
+			<test url="http://fundusze-inwestycyjne.money.pl/i/ar.gif" />
+			<test url="http://fundusze-inwestycyjne.money.pl/s/fi.css" />
+			<test url="http://karty-kredytowe.money.pl/i/ar.gif" />
+			<test url="http://karty-kredytowe.money.pl/s/kk.css" />
+			<test url="http://kredyty-gotowkowe.money.pl/i/ar.gif" />
+			<test url="http://kredyty-gotowkowe.money.pl/s/lb.css" />
+			<test url="http://kredyty-mieszkaniowe.money.pl/i/ar.gif" />
+			<test url="http://kredyty-mieszkaniowe.money.pl/s/km.css" />
+			<test url="http://kredyty-samochodowe.money.pl/i/ar.gif" />
+			<test url="http://kredyty-samochodowe.money.pl/s/ks.css" />
+			<test url="http://lokaty-bankowe.money.pl/i/ar.gif" />
+			<test url="http://lokaty-bankowe.money.pl/s/lb.css" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.money\.pl/(?:d/favicon\.ico|d/przetargi/\w+\.pdf|forum/[\w-]+\.html|pit/program-pit/$|u/money_chart/graphchart_(?:mid|nhp)\.php)" /-->
+
+			<!--	+ve:
+					-->
+			<!--test url="http://www.money.pl/d/favicon.ico" /-->
+			<!--test url="http://www.money.pl/d/przetargi/regulamin.pdf" /-->
+			<!--test url="http://www.money.pl/forum/odzyskiwanie-naleznosci-a-zawieszenie-wykonywania-dzialalnosci-gospodarczej-t3477900.html" /-->
+			<!--test url="http://www.money.pl/pit/program-pit/" /-->
+			<!--test url="http://www.money.pl/u/money_chart/graphchart_nhp.php?ds=&amp;de=&amp;sdx=&amp;i=&amp;ty=&amp;ug=&amp;s[0]=&amp;fg=&amp;fr=&amp;w=&amp;h=&amp;cm=&amp;rl=&amp;time=" /-->
+			<!--test url="http://www.money.pl/u/money_chart/graphchart_mid.php?ds=&amp;de=&amp;sdx=&amp;i=&amp;ty=&amp;ug=&amp;s[0]=&amp;fg=&amp;fr=&amp;w=&amp;h=&amp;cm=&amp;rl=" /-->
+
+		<!--	404:
+				-->
+		<!--test url="http://agrobiznes.money.pl/artykul/jurgiel-ustawa-o-wstrzymaniu-sprzedazy-ziemi,100,0,2018404.html" /-->
+		<!--test url="http://m.money.pl/wiadomosci/" /-->
+
+		<!--	Sets cookie without Secure:
+							-->
+		<!--test url="http://direct.money.pl/o/salechannel.php?idSaleChannel=&amp;idDistributor=1" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.money\.pl$" name="^usertrack$" /-->
+	<!--securecookie host="^direct\.money\.pl$" name="^(?:PHPSESSID|PlatformM2M|nodeID)$" /-->
+	<!--securecookie host="^\.direct\.money\.pl$" name="^directtrack$" /-->
+	<!--securecookie host="^poczta\.money\.pl$" name="^rlsession$" /-->
+
+	<!--	Could we secure either of these here safely?
 								-->
 	<!--securecookie host="^\.money\.pl$" name="^(money_auto_a27_tpl|mnyuser)" /-->
-	<securecookie host="^(?:\.?akademia|\.direct|kredyt-mieszkaniowy)\.money\.pl$" name=".+" />
+	<securecookie host="^\." name="^usertrack$" />
+	<securecookie host="^\.direct\." name="^directtrack$" />
 
 
-	<!--	Not handling ^money.pl so as to
-		avoid duplicate target spam.
-						-->
-	<rule from="^http://(akademia|direct|fundusze-(?:emerytal|inwestycyj)ne|grupy-dyskusyjne|karty-kredytowe|kredyt(?:-mieszkaniowy|y-gotowkowe|y-samochodowe)|lokaty-bankowe|paszport|praca|static[12]|www)\.money\.pl/"
-		to="https://$1.money.pl/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Money_Advice_Service_UK.xml b/src/chrome/content/rules/Money_Advice_Service_UK.xml
index b82e8841aa48..f9d44d9f110d 100644
--- a/src/chrome/content/rules/Money_Advice_Service_UK.xml
+++ b/src/chrome/content/rules/Money_Advice_Service_UK.xml
@@ -2,7 +2,7 @@
     <target host="moneyadviceservice.org.uk" />
     <target host="*.moneyadviceservice.org.uk" />
 
-    <rule from="^https?://moneyadviceservice\.org\.uk/"
+    <rule from="^http://moneyadviceservice\.org\.uk/"
         to="https://www.moneyadviceservice.org.uk/" />
     <rule from="^http://([^/:@]+)?\.moneyadviceservice\.org\.uk/"
         to="https://$1.moneyadviceservice.org.uk/" />
diff --git a/src/chrome/content/rules/Money_Saving_Expert.com.xml b/src/chrome/content/rules/Money_Saving_Expert.com.xml
index 20a65365964f..10a1d51b5c0d 100644
--- a/src/chrome/content/rules/Money_Saving_Expert.com.xml
+++ b/src/chrome/content/rules/Money_Saving_Expert.com.xml
@@ -42,4 +42,4 @@
 	<rule from="^http://static\d?\.moneysavingexpert\.com/"
 		to="https://c950035.ssl.cf3.rackcdn.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Moneybookers.xml b/src/chrome/content/rules/Moneybookers.xml
index 892e49d32d77..510c7efc7333 100644
--- a/src/chrome/content/rules/Moneybookers.xml
+++ b/src/chrome/content/rules/Moneybookers.xml
@@ -23,18 +23,16 @@
 -->
 <ruleset name="Moneybookers">
 
-	<target host="*.mbsvr.net" />
+	<target host="i1.mbsvr.net" />
+	<target host="i2.mbsvr.net" />
 	<target host="moneybookers.com" />
-	<target host="*.moneybookers.com" />
+	<target host="www.moneybookers.com" />
 
 
 	<securecookie host="^(?:.*\.)?moneybookers\.com$" name=".+" />
 
 
-	<rule from="^http://i(1|2)\.mbsvr\.net/"
-		to="https://i$1.mbsvr.net/" />
 
-	<rule from="^http://(www\.)?moneybookers\.com/"
-		to="https://$1moneybookers.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Mongabay.com-problematic.xml b/src/chrome/content/rules/Mongabay.com-problematic.xml
index 498cf03752cc..d2af07a9d521 100644
--- a/src/chrome/content/rules/Mongabay.com-problematic.xml
+++ b/src/chrome/content/rules/Mongabay.com-problematic.xml
@@ -2,12 +2,11 @@
 	For rules that are on by default, see Mongabay.xml.
 
 -->
-<ruleset name="Mongabay.com (mismatches)" default_off="mismatch">
+<ruleset name="Mongabay.com (mismatches)" default_off="mismatched">
 
 	<target host="travel.mongabay.com" />
 
 
-	<rule from="^http://travel\.mongabay\.com/"
-		to="https://travel.mongabay.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Mongabay.com.xml b/src/chrome/content/rules/Mongabay.com.xml
index 2cb557b47d92..08986b5349ac 100644
--- a/src/chrome/content/rules/Mongabay.com.xml
+++ b/src/chrome/content/rules/Mongabay.com.xml
@@ -42,4 +42,4 @@
 	<rule from="^http://www\.supporter\.mongabay\.com/(?:\?.*)?$"
 		to="https://news.mongabay.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MongoDB.com.xml b/src/chrome/content/rules/MongoDB.com.xml
new file mode 100644
index 000000000000..3c2f51f76eb2
--- /dev/null
+++ b/src/chrome/content/rules/MongoDB.com.xml
@@ -0,0 +1,28 @@
+<!--
+	For other 10gen coverage, see 10gen.xml.
+
+
+	Nonfunctional subdomains:
+
+		- ed-blog	(dropped - tumblr)
+
+-->
+<ruleset name="MongoDB.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="mongodb.com" />
+	<target host="api.mongodb.com" />
+	<target host="cloud.mongodb.com" />
+	<target host="education.mongodb.com" />
+	<target host="university.mongodb.com" />
+	<target host="www.mongodb.com" />
+
+
+	<securecookie host="^(?:education|university)\.mongodb\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MongoDB.org.xml b/src/chrome/content/rules/MongoDB.org.xml
new file mode 100644
index 000000000000..50633ce1e216
--- /dev/null
+++ b/src/chrome/content/rules/MongoDB.org.xml
@@ -0,0 +1,52 @@
+<!--
+	CDN buckets:
+
+		- media.mongodb.org.s3.amazonaws.com | dg3s276bkct46.cloudfront.net
+
+			- media
+
+
+	Nonfunctional subdomains:
+
+		- blog	(dropped - tumblr)
+		- docs	(redirects to http)
+
+
+	Insecure cookies are set for these hosts:
+
+		- jira.mongodb.org
+		- www.mongodb.org
+
+
+	Mixed content:
+
+		Images on www, from:
+
+			- media.mongodb.org
+			- media.mongodb.org.s3.amazonaws.com *
+
+	* Secured by us
+
+-->
+<ruleset name="mongoDB.org (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="mongodb.org" />
+	<target host="jira.mongodb.org" />
+	<target host="try.mongodb.org" />
+	<target host="www.mongodb.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^jira\.mongodb\.org$" name="^(JSESSIONID|atlassian\.xsrf\.token)" /-->
+	<!--securecookie host="^www\.mongodb\.org$" name="^__sid$" /-->
+
+	<securecookie host="^(?:jira|www)\.mongodb\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MongoDB.xml b/src/chrome/content/rules/MongoDB.xml
deleted file mode 100644
index aca1023a4bf9..000000000000
--- a/src/chrome/content/rules/MongoDB.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- blog
-
-	For rules that are on by default, see 10gen.xml.
-
--->
-<ruleset name="mongoDB (partial)" default_off="mismatch">
-
-	<!--	Cert: *.10gen.com	-->
-	<target host="mongodb.org" />
-	<target host="www.mongodb.org" />
-
-
-	<securecookie host="^www\.mongodb\.org$" name=".*" />
-
-
-	<!--	!www redirects to www.	-->
-	<rule from="^http://(?:www\.)?mongodb\.org/"
-		to="https://www.mongodb.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Mongoliad.xml b/src/chrome/content/rules/Mongoliad.xml
deleted file mode 100644
index 72bbd2d945b3..000000000000
--- a/src/chrome/content/rules/Mongoliad.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="The Mongoliad">
-
-	<target host="mongoliad.com" />
-	<target host="www.mongoliad.com" />
-
-
-	<securecookie host="^(?:www\.)?mongoliad\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?mongoliad\.com/"
-		to="https://$1mongoliad.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Monitis.com.xml b/src/chrome/content/rules/Monitis.com.xml
index 4841cca1b18a..17bfa8c0a9b0 100644
--- a/src/chrome/content/rules/Monitis.com.xml
+++ b/src/chrome/content/rules/Monitis.com.xml
@@ -1,4 +1,10 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://monitis.com/ => https://www.monitis.com/: Too many redirects while fetching 'https://www.monitis.com/'
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://monitis.com/ => https://www.monitis.com/: Cycle detected - URL already encountered: https://www.monitis.com/
 	CDN buckets:
 
 		- monitis-images.s3.amazonaws.com
@@ -22,10 +28,12 @@
 		- portal
 
 -->
-<ruleset name="monitis.com (partial)">
+<ruleset name="monitis.com (partial)" default_off="failed ruleset test">
 
 	<target host="monitis.com" />
-	<target host="*.monitis.com" />
+	<target host="www.monitis.com" />
+	<target host="dashboard.monitis.com" />
+	<target host="portal.monitis.com" />
 
 
 	<securecookie host="^(?:dashboard|portal|www)\.monitis\.com$" name=".+" />
@@ -34,7 +42,6 @@
 	<rule from="^http://(?:www\.)?monitis\.com/"
 		to="https://www.monitis.com/" />
 
-	<rule from="^http://(dashboard|portal)\.monitis\.com/"
-		to="https://$1.monitis.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Monitoring-Plugins.org.xml b/src/chrome/content/rules/Monitoring-Plugins.org.xml
new file mode 100644
index 000000000000..c474cc5e9b87
--- /dev/null
+++ b/src/chrome/content/rules/Monitoring-Plugins.org.xml
@@ -0,0 +1,12 @@
+<ruleset name="Monitoring-Plugins.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="monitoring-plugins.org" />
+	<target host="www.monitoring-plugins.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MonkeyGuts.com.xml b/src/chrome/content/rules/MonkeyGuts.com.xml
new file mode 100644
index 000000000000..3eff18fd18c4
--- /dev/null
+++ b/src/chrome/content/rules/MonkeyGuts.com.xml
@@ -0,0 +1,19 @@
+<ruleset name="MonkeyGuts.com" default_off="expired">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="monkeyguts.com" />
+	<target host="www.monkeyguts.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^monkeyguts\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^monkeyguts\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Monkeybrains.net.xml b/src/chrome/content/rules/Monkeybrains.net.xml
new file mode 100644
index 000000000000..9938d8aabbda
--- /dev/null
+++ b/src/chrome/content/rules/Monkeybrains.net.xml
@@ -0,0 +1,28 @@
+<!--
+	Fully covered hosts in *monkeybrains.net:
+
+		- (www.)?
+		- mail
+
+
+	Mixed content:
+
+		- Images, from:
+
+			- www.cyberstreet.com
+			- www.monkeybrains.net
+
+-->
+<ruleset name="Monkeybrains.net">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="monkeybrains.net" />
+	<target host="mail.monkeybrains.net" />
+	<target host="www.monkeybrains.net" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Monkeys-Audio.xml b/src/chrome/content/rules/Monkeys-Audio.xml
deleted file mode 100644
index 9e2ab4e8d662..000000000000
--- a/src/chrome/content/rules/Monkeys-Audio.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<ruleset name="Monkey’s Audio" default_off="mismatch">
-
-	<target host="ashlands.net"/>
-	<target host="*.ashlands.net"/>
-	<target host="monkeysaudio.com"/>
-	<target host="www.monkeysaudio.com"/>
-
-	<rule from="^http://(?:www\.)?ashlands\.net/"
-		to="https://ashlands.net/~monkeys6/"/>
-
-	<rule from="^http://audio\.ashlands\.net/"
-		to="https://audio.ashlands.net/~monkeys6/monkeysaudio/"/>
-
-	<rule from="^http://(?:www\.)monkeysaudio\.com/"
-		to="https://audio.ashlands.net/~monkeys6/monkeysaudio/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/MonkeysAudio.com.xml b/src/chrome/content/rules/MonkeysAudio.com.xml
new file mode 100644
index 000000000000..122885ffc919
--- /dev/null
+++ b/src/chrome/content/rules/MonkeysAudio.com.xml
@@ -0,0 +1,11 @@
+<!--
+	Other MonkeysAudio.com related rulesets:
+		+ Ashlands.net.xml
+-->
+<ruleset name="MonkeysAudio.com">
+	<target host="monkeysaudio.com"/>
+	<target host="www.monkeysaudio.com"/>
+
+	<rule from="^http:" to="https:"/>
+
+</ruleset>
diff --git a/src/chrome/content/rules/Monmouthshire.gov.uk.xml b/src/chrome/content/rules/Monmouthshire.gov.uk.xml
new file mode 100644
index 000000000000..0cc3b3f4d110
--- /dev/null
+++ b/src/chrome/content/rules/Monmouthshire.gov.uk.xml
@@ -0,0 +1,63 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://monmouthshire.gov.uk/ => https://monmouthshire.gov.uk/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.monmouthshire.gov.uk/ => https://www.monmouthshire.gov.uk/: (60, 'SSL certificate problem: certificate has expired')
+
+	Monmouthshire County Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *monmouthshire.gov.uk:
+
+		- access ᵈ
+		- catalogue ᵈ
+		- democracy ᵈ
+		- elicensing ᵈ
+		- idox ᵈ
+		- maps ᵈ
+		- www.planningpolicy ʳ
+
+	ᵈ Dropped
+	ʳ Refused
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- monmouthshire.gov.uk
+		- .monmouthshire.gov.uk
+		- forms.monmouthshire.gov.uk
+		- www.monmouthshire.gov.uk
+
+
+	Mixed content:
+
+		- css on www from fonts.googleapis.com ˢ
+		- Images on www from $self ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="Monmouthshire.gov.uk (partial)" default_off="failed ruleset test">
+
+	<target host="monmouthshire.gov.uk" />
+	<target host="forms.monmouthshire.gov.uk" />
+	<target host="oneonline.monmouthshire.gov.uk" />
+	<target host="www.monmouthshire.gov.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?monmouthshire\.gov\.uk$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^\.monmouthshire\.gov\.uk$" name="^_icl_current_language$" /-->
+	<!--securecookie host="^forms\.monmouthshire\.gov\.uk$" name="^ASPSESSIONID[A-Z]{8}$" /-->
+
+	<securecookie host="^\." name="^_icl_current_language$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mono-project.xml b/src/chrome/content/rules/Mono-project.xml
new file mode 100644
index 000000000000..72ae0e3c3121
--- /dev/null
+++ b/src/chrome/content/rules/Mono-project.xml
@@ -0,0 +1,12 @@
+<ruleset name="Mono project">
+	<target host="mono-project.com" />
+	<target host="www.mono-project.com" />
+	<target host="download.mono-project.com" />
+	<target host="jenkins.mono-project.com" />
+	<target host="news.mono-project.com" />
+	<target host="origin-download.mono-project.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Monoprice.xml b/src/chrome/content/rules/Monoprice.xml
index 8370fc7aba2d..d05d020d9906 100644
--- a/src/chrome/content/rules/Monoprice.xml
+++ b/src/chrome/content/rules/Monoprice.xml
@@ -5,16 +5,16 @@
 <ruleset name="Monoprice">
 
 	<target host="monoprice.com" />
-	<target host="*.monoprice.com" />
+	<target host="www.monoprice.com" />
+	<target host="images.monoprice.com" />
 
 
 	<securecookie host="^(?:www)?\.monoprice\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?monoprice\.com/"
+	<rule from="^http://(?:www\.)?monoprice\.com/"
 		to="https://www.monoprice.com/" />
 
-	<rule from="^http://images\.monoprice\.com/"
-		to="https://images.monoprice.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Monotype-Imaging.xml b/src/chrome/content/rules/Monotype-Imaging.xml
index 3f5ab29ce296..ed34a92281e1 100644
--- a/src/chrome/content/rules/Monotype-Imaging.xml
+++ b/src/chrome/content/rules/Monotype-Imaging.xml
@@ -1,41 +1,30 @@
 <!--
-	Nonfunctional domains:
+	Other Monotype Imaging rulesets:
 
-		- (www.)fontslive.com	(reset)
+		- FontMarketplace.com.xml
+		- Fonts.com.xml
+		- Fonts.net.xml
+		- Linotype.com.xml
 
--->
-<ruleset name="Monotype Imaging (partial)">
 
-	<target host="ascenderfonts.com"/>
-	<target host="www.ascenderfonts.com"/>
-	<target host="fontmarketplace.com"/>
-	<target host="www.fontmarketplace.com"/>
-	<target host="fonts.com"/>
-	<target host="*.fonts.com"/>
-	<target host="webfonts.fonts.com"/>
-	<target host="www.webfonts.fonts.com"/>
-	<target host="webfonts.fontslive.com"/>
-	<target host="frs.monotypeimaging.com"/>
+	Nonfunctional domains:
+
+		- (www.)fontslive.com ²
+
+	² Reset
 
-	<rule from="^http://(?:www\.)?ascenderfonts\.com/(account/login|af|local)/"
-		to="https://www.ascenderfonts.com/$1/"/>
 
-	<rule from="^http://(?:www\.)?fontmarketplace\.com/(images/|local/|signin\.aspx$)"
-		to="https://www.fontmarketplace.com/$1"/>
+	Mixed content:
 
-	<rule from="^http://(?:www(?:\d\d)?\.)?fonts\.com/(.+)"
-		to="https://www.fonts.com/$1"/>
+		- Image on frs from $self
 
-	<rule from="^http://fast\.fonts\.com/"
-		to="https://fast.fonts.com/"/>
+-->
+<ruleset name="Monotype Imaging.com (partial)">
 
-	<rule from="^http://(?:www\.)?webfonts\.fonts\.com/([cC]ontent|min|.+/Subscription)/"
-		to="https://webfonts.fonts.com/$1/"/>
+	<target host="frs.monotypeimaging.com" />
 
-	<rule from="^http://webfonts\.fontslive\.com/"
-		to="https://webfonts.fontslive.com/"/>
 
-	<rule from="^http://frs\.monotypeimaging\.com/"
-		to="https://frs.monotypeimaging.com/"/>
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Monsoon.xml b/src/chrome/content/rules/Monsoon.xml
index f2b07af9ad31..76b9f51b6bd5 100644
--- a/src/chrome/content/rules/Monsoon.xml
+++ b/src/chrome/content/rules/Monsoon.xml
@@ -9,13 +9,14 @@
 -->
 <ruleset name="Monsoon (partial)">
 
-	<target host="*.monsoon.co.uk" />
+	<target host="media.monsoon.co.uk" />
+	<target host="uk.monsoon.co.uk" />
 
 
-	<rule from="^https?://media\.monsoon\.co\.uk/"
+	<rule from="^http://media\.monsoon\.co\.uk/"
 		to="https://uk.monsoon.co.uk/" />
 
 	<rule from="^http://uk\.monsoon\.co\.uk/(medias/|monsoon/|registerSession\.gif|static/)"
 		to="https://uk.monsoon.co.uk/$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Monster.com.xml b/src/chrome/content/rules/Monster.com.xml
new file mode 100644
index 000000000000..2582874635c0
--- /dev/null
+++ b/src/chrome/content/rules/Monster.com.xml
@@ -0,0 +1,56 @@
+
+<!--
+The following targets have been disabled at 2020-04-17 18:38:06:
+
+Fetch error: http://cookie.monster.com/ => https://cookie.monster.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://oas.monster.com/ => https://oas.monster.com/: (60, 'SSL certificate problem: certificate has expired')
+
+	Other Monster rulesets:
+
+		- Admissions.com.xml
+		- Fastweb.com.xml
+		- Newjobs.com.xml
+
+	Invalid certificate:
+			- advertising
+			- career-services
+			- inside
+			- jdn
+			- my
+			- partner
+			- promotion
+			- resume
+	Time out:
+			- chat
+			- company
+			- jobs
+			- jobsearch
+	Redirect to http:
+			- ^
+			- answers
+			- help
+
+-->
+<ruleset name="Monster.com (partial)">
+
+	<target host="monster.com" />
+	<target host="www.monster.com" />
+	<!-- target host="cookie.monster.com" /-->
+	<target host="hiring.monster.com" />
+	<target host="login.monster.com" />
+	<target host="media.monster.com" />
+	<!-- target host="oas.monster.com" /-->
+
+	<securecookie host="^\.monster\.com$" name="^(OAX|v1st|WT_FPC)$" />
+	<securecookie host="^(cookie|login|oas)\.monster\.com$" name=".+" />
+
+	<rule from="^http://media\.monster\.com/"
+		to="https://securemedia.newjobs.com/" />
+
+	<rule from="^http://monster\.com/"
+		to="https://www.monster.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Monster.xml b/src/chrome/content/rules/Monster.xml
deleted file mode 100644
index de32b1e99876..000000000000
--- a/src/chrome/content/rules/Monster.xml
+++ /dev/null
@@ -1,111 +0,0 @@
-<!--
-	ir.monster.com is handled in Thomson-Reuters-clients.xml.
-
-
-	Other Monster rulesets:
-
-		- MyResumeAgent.com.xml
-		- Newjobs.com.xml
-
-
-	CDN buckets:
-
-		- jdn.monster.com.edgesuite.net
-
-			- a479.g.akamai.net
-
-		- www.monster.com.edgesuite.net
-
-		- nswildcard.newjobs.com.edgesuite.net
-
-			- media.monster.com
-			- media.newjobs.com
-
-
-	Nonfunctional domains:
-
-		- (www.)about-monster.com	(shows facebook; mismatched, CN: facebook.ketchum.com)
-
-		- education.org subdomains:
-
-			- (www.) *
-			- ai *
-			- degrees *
-
-		- monster.com subdomains:
-
-			- ^ *
-			- advertising *
-			- answers *
-			- career-services *
-			- chat *
-			- company *
-			- help *
-			- inside *
-			- jobs *
-			- jobsearch *
-			- my *
-			- partner *
-			- promotion *
-			- resume *
-			- www			(504, akamai)
-
-		- (www.)programadvisor.com *
-		- edu.programadvisor.com *
-
-	* Dropped
-
-
-	Problematic subdomains:
-
-		- jdn *
-		- media		(works, akamai)
-
-	* Works, akamai
-
-
-	Partially covered subdomains:
-
-		- hiring.* ¹	(per-client subdomains)
-		- hiring ¹
-
-	¹ Some pages redirect to http
-
-
-	Fully covered subdomains:
-
-		- cookie
-		- login
-		- media		(→ akamai)
-		- oas
-
-
-	cookie.monster.com and track.newjobs.com appear to by synonyms.
-
--->
-<ruleset name="Monster (partial)">
-
-	<target host="*.monster.com" />
-		<exclusion pattern="^http://hiring\.(?:[\w-]+\.)?monster\.com/(?!favicon\.ico|images/|(?:Script|Web)Resource\.axd|[sS]ervices/|SharedUI/)" />
-
-
-	<!--	Tracking cookies:
-
-			- OAX is set by oas
-			- v1st is set by cookie
-			- WT_FPC is set by cookie
-						-->
-	<securecookie host="^\.monster\.com$" name="^(?:OAX|v1st|WT_FPC)$" />
-	<securecookie host="^(?:cookie|login|oas)\.monster\.com$" name=".+" />
-
-
-	<rule from="^http://(hiring(?:\.[\w-]+)?|cookie|login|oas)\.monster\.com/"
-		to="https://$1.monster.com/" />
-
-	<rule from="^http://jdn\.monster\.com/"
-		to="https://a248.e.akamai.net/f/479/5386/8/jdn.monster.com/" />
-
-	<rule from="^http://media\.monster\.com/"
-		to="https://a248.e.akamai.net/f/1015/8220/1m/media.monster.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/MonsterDivx.com.xml b/src/chrome/content/rules/MonsterDivx.com.xml
deleted file mode 100644
index e3545fb39c5f..000000000000
--- a/src/chrome/content/rules/MonsterDivx.com.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- foros		(shows www)
-
--->
-<ruleset name="MonsterDivx.com (partial)">
-
-	<target host="monsterdivx.com" />
-	<target host="www.monsterdivx.com" />
-
-
-	<securecookie host="^monsterdivx\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?monsterdivx\.com/"
-		to="https://$1monsterdivx.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/MonsterLessons.com.xml b/src/chrome/content/rules/MonsterLessons.com.xml
new file mode 100644
index 000000000000..b443853522b5
--- /dev/null
+++ b/src/chrome/content/rules/MonsterLessons.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="MonsterLessons.com">
+	<target host="monsterlessons.com" />
+	<target host="www.monsterlessons.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Monster_WoW.xml b/src/chrome/content/rules/Monster_WoW.xml
index 67581e9085de..417b4a6ccbaf 100644
--- a/src/chrome/content/rules/Monster_WoW.xml
+++ b/src/chrome/content/rules/Monster_WoW.xml
@@ -1,13 +1,20 @@
-<ruleset name="Monster WoW">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://forum.monster-wow.com/ => https://forum.monster-wow.com/: Too many redirects while fetching 'https://forum.monster-wow.com/'
+
+-->
+<ruleset name="Monster WoW" default_off="failed ruleset test">
 
 	<target host="monster-wow.com" />
-	<target host="*.monster-wow.com" />
+	<target host="armory.monster-wow.com" />
+	<target host="forum.monster-wow.com" />
+	<target host="www.monster-wow.com" />
 
 
-	<securecookie host="^(?:.*\.)?monster-wow\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(armory\.|forum\.|www\.)?monster-wow\.com/"
-		to="https://$1monster-wow.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Montazar.net.xml b/src/chrome/content/rules/Montazar.net.xml
new file mode 100644
index 000000000000..ab94c16303e3
--- /dev/null
+++ b/src/chrome/content/rules/Montazar.net.xml
@@ -0,0 +1,7 @@
+<ruleset name="Montazar.net">
+	<target host="montazar.net" />
+	<target host="www.montazar.net" />
+	<target host="mail.montazar.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Monterey_Bay_Aquarium.xml b/src/chrome/content/rules/Monterey_Bay_Aquarium.xml
index 7b86bce61448..827d8c6ec127 100644
--- a/src/chrome/content/rules/Monterey_Bay_Aquarium.xml
+++ b/src/chrome/content/rules/Monterey_Bay_Aquarium.xml
@@ -1,17 +1,20 @@
 <!--
-	!www: cert only matches www
-
+	Invalid certificate:
+		montereybayaquarium.org
+		tmp.montereybayaquarium.org
+	Time out:
+		static.montereybayaquarium.org
+		storage.montereybayaquarium.org
 -->
 <ruleset name="Monterey Bay Aquarium">
-
-	<target host="montereybayaquarium.org" />
 	<target host="www.montereybayaquarium.org" />
+	<target host="affiliate.montereybayaquarium.org" />
+	<target host="m.montereybayaquarium.org" />
+	<target host="mobile.montereybayaquarium.org" />
+	<target host="newsroom.montereybayaquarium.org" />
+	<target host="tickets.montereybayaquarium.org" />
 
+	<securecookie host="^(www|affiliate|m|mobile|newsroom|tickets)\.montereybayaquarium\.org$" name=".+" />
 
-	<securecookie host="^www\.montereybayaquarium\.org$" name=".+" />
-
-
-	<rule from="^http://(www\.)?montereybayaquarium\.org/"
-		to="https://$1montereybayaquarium.org/" />
-
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Monthly_Review.org.xml b/src/chrome/content/rules/Monthly_Review.org.xml
new file mode 100644
index 000000000000..cfb91fb8d51e
--- /dev/null
+++ b/src/chrome/content/rules/Monthly_Review.org.xml
@@ -0,0 +1,43 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://mrzine.monthlyreview.org/ => https://mrzine.monthlyreview.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	Insecure cookies are set for these hosts:
+
+		- monthlyreview.org
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- ^ from $self *
+			- mrzine from $self *
+
+		- favicon on mrzine from monthlyreview.org *
+		- Bugs on mrzine from c\d.statcounter.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Monthly Review.org" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="monthlyreview.org" />
+	<target host="mrzine.monthlyreview.org" />
+	<target host="www.monthlyreview.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^monthlyreview\.org$" name="^Cart\w+$" /-->
+
+	<securecookie host="^monthlyreview\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Montpellier.fr.xml b/src/chrome/content/rules/Montpellier.fr.xml
new file mode 100644
index 000000000000..1e47f955aa72
--- /dev/null
+++ b/src/chrome/content/rules/Montpellier.fr.xml
@@ -0,0 +1,60 @@
+<!--
+	Different content http/https:
+		archives.montpellier.fr
+		bambineo.montpellier.fr
+		cartescolaire.montpellier.fr
+		circulation.montpellier.fr
+		hopitauxfacultes.montpellier.fr
+		lescevennes.montpellier.fr
+		montpelliercentre.montpellier.fr
+		mosson.montpellier.fr
+		portmarianne.montpellier.fr
+		presdarenes.montpellier.fr
+		recherche.montpellier.fr
+		tiptop.montpellier.fr
+		us.montpellier.fr
+
+	Secure connection failed:
+		assos.montpellier.fr
+		www.assos.montpellier.fr
+		zoo.montpellier.fr
+		www.zoo.montpellier.fr
+
+	Refused:
+		carto.montpellier.fr
+		gip.montpellier.fr
+
+	Invalid certificate:
+		cartographie.montpellier.fr
+		www.circulation.montpellier.fr
+		comediedulivre.montpellier.fr
+		www.comediedulivre.montpellier.fr
+		www.crise.montpellier.fr
+		extrassos.montpellier.fr
+		www.mesinfos.montpellier.fr
+		newsletter.montpellier.fr
+		photo.montpellier.fr
+		printempsdelademocratie.montpellier.fr
+		www.quotidien.montpellier.fr
+		theatrejeanvilar.montpellier.fr
+		www.theatrejeanvilar.montpellier.fr
+		www.tiptop.montpellier.fr
+		voeux.montpellier.fr
+		zat.montpellier.fr
+		www.zat.montpellier.fr
+
+	No working URL known:
+		extranet.montpellier.fr
+		mesinfos.montpellier.fr
+		webmail.montpellier.fr
+
+-->
+<ruleset name="Montpellier.fr">
+
+	<target host="montpellier.fr" />
+	<target host="www.montpellier.fr" />
+	<target host="wizzbe.montpellier.fr" />
+
+	<rule from="^http:"	to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Montpellier3M.fr.xml b/src/chrome/content/rules/Montpellier3M.fr.xml
new file mode 100644
index 000000000000..fe6f9788ccfe
--- /dev/null
+++ b/src/chrome/content/rules/Montpellier3M.fr.xml
@@ -0,0 +1,67 @@
+<!--
+	Invalid certificate:
+		archive-ecolotheque.montpellier3m.fr
+		archive-planetarium.montpellier3m.fr
+		www.bic.montpellier3m.fr
+		connexion.montpellier3m.fr
+		covoiturage.montpellier3m.fr
+		www-test.entrouvert.montpellier3m.fr
+		www.marches.montpellier3m.fr
+		mediatheque.montpellier3m.fr
+		eco.mbp.montpellier3m.fr
+		newsroom.montpellier3m.fr
+		packcroissancepme.montpellier3m.fr
+		www.planetarium-galilee.montpellier3m.fr
+		www.regiedeseaux.montpellier3m.fr
+		voeux.montpellier3m.fr
+
+	Secure connection failed:
+		www.cyberbase.montpellier3m.fr
+
+	Refused:
+		museefabre.montpellier3m.fr
+		10ansdeprets.museefabre.montpellier3m.fr
+		museefabre-admin.montpellier3m.fr
+		museefabre-en.montpellier3m.fr
+
+-->
+<ruleset name="Montpellier Méditerranée Métropole">
+
+	<target host="montpellier3m.fr" />
+	<target host="www.montpellier3m.fr" />
+	<target host="auth.montpellier3m.fr" />
+	<target host="collecte2016.montpellier3m.fr" />
+	<target host="compte-citoyen.montpellier3m.fr" />
+	<target host="compte-usager.montpellier3m.fr" />
+	<target host="conservatoire.montpellier3m.fr" />
+	<target host="data.montpellier3m.fr" />
+	<target host="ecolotheque.montpellier3m.fr" />
+	<target host="edemat.montpellier3m.fr" />
+	<target host="emailing.montpellier3m.fr" />
+	<target host="eqt-voirie.montpellier3m.fr" />
+	<target host="ermes3.montpellier3m.fr" />
+	<target host="eservices.montpellier3m.fr" />
+	<target host="*.eservices.montpellier3m.fr" />
+		<test url="http://lattes.eservices.montpellier3m.fr/" />
+		<test url="http://montpellier.eservices.montpellier3m.fr/" />
+		<test url="http://castelnau-le-lez.eservices.montpellier3m.fr/" />
+	<target host="geowbs.montpellier3m.fr" />
+	<target host="intranet.montpellier3m.fr" />
+	<target host="iparapheur.montpellier3m.fr" />
+	<target host="marches.montpellier3m.fr" />
+	<target host="www.marches.montpellier3m.fr" />
+	<target host="mediatheques.montpellier3m.fr" />
+	<target host="messagerie.montpellier3m.fr" />
+	<target host="museearcheo.montpellier3m.fr" />
+	<target host="passerelle.montpellier3m.fr" />
+	<target host="planetarium-galilee.montpellier3m.fr" />
+	<target host="regiedeseaux.montpellier3m.fr" />
+	<target host="www.regiedeseaux.montpellier3m.fr" />
+	<target host="stats.montpellier3m.fr" />
+
+	<rule from="^http://www\.(marches|regiedeseaux)\.montpellier3m\.fr/"
+		to="https://$1.montpellier3m.fr/" />
+
+	<rule from="^http:"	to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Monty_Program.xml b/src/chrome/content/rules/Monty_Program.xml
index a15e14e0d2b3..d9b68d7d02c3 100644
--- a/src/chrome/content/rules/Monty_Program.xml
+++ b/src/chrome/content/rules/Monty_Program.xml
@@ -1,22 +1,45 @@
 <!--
+	For other MariaDB Corporation coverage, see MariaDB.com.xml
+
+
 	Other Monty Program rulesets:
 
 		- AskMonty.xml
-		- MariaDB.xml
+		- MariaDB.org.xml
 
 
 	Problematic subdomains:
 
-		- www	(redirects to blog.mariadb.org over https)
+		- (www.)? ¹
+		- blog ¹ ²
+
+	¹ Expired
+	² Server sends no certificate chain, see https://whatsmychaincert.com
 
 -->
-<ruleset name="Monty Program">
+<ruleset name="Monty Program.com">
 
+	<!--	Complications:
+				-->
 	<target host="montyprogram.com" />
-	<target host="*.montyprogram.com" />
+	<target host="blog.montyprogram.com" />
+	<target host="www.montyprogram.com" />
+
+
+	<!--	Redirect keeps path and args,
+		but not forward slash:
+					-->
+	<rule from="^http://(?:www\.)?montyprogram\.com/+"
+		to="https://mariadb.com/" />
+
+		<test url="http://montyprogram.com//" />
 
+	<!--	Redirect keeps path and args,
+		but not forward slash:
+					-->
+	<rule from="^http://blog\.montyprogram\.com/+"
+		to="https://mariadb.com/blog/" />
 
-	<rule from="^https?://(?:(blog\.)|www\.)?montyprogram\.com/"
-		to="https://$1montyprogram.com/" />
+		<test url="http://blog.montyprogram.com//" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MoodSmith.com.xml b/src/chrome/content/rules/MoodSmith.com.xml
index 97b242a36016..48194938915f 100644
--- a/src/chrome/content/rules/MoodSmith.com.xml
+++ b/src/chrome/content/rules/MoodSmith.com.xml
@@ -1,13 +1,12 @@
 <ruleset name="MoodSmith.com">
 
 	<target host="moodsmith.com" />
-	<target host="*.moodsmith.com" />
+	<target host="www.moodsmith.com" />
 
 
 	<securecookie host="^(?:w*\.)?moodsmith\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?moodsmith\.com/"
-		to="https://$1moodsmith.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Mood_Disorders.ca.xml b/src/chrome/content/rules/Mood_Disorders.ca.xml
new file mode 100644
index 000000000000..0913145b69dd
--- /dev/null
+++ b/src/chrome/content/rules/Mood_Disorders.ca.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- .mooddisorders.ca
+
+-->
+<ruleset name="Mood Disorders.ca">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="mooddisorders.ca" />
+	<target host="www.mooddisorders.ca" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.mooddisorders\.ca$" name="^SESS[\da-f]{32}$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Moodle.com.xml b/src/chrome/content/rules/Moodle.com.xml
new file mode 100644
index 000000000000..ab599362bc56
--- /dev/null
+++ b/src/chrome/content/rules/Moodle.com.xml
@@ -0,0 +1,45 @@
+<!--
+	Insecure cookies are set for these domains and hosts:
+
+		- .moodle.com
+		- future.moodle.com
+		- git.in.moodle.com
+
+
+	Mixed content:
+
+		- Image on ^ from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Moodle.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="moodle.com" />
+	<target host="future.moodle.com" />
+	<target host="git.in.moodle.com" />
+	<target host="partners.moodle.com" />
+	<target host="www.moodle.com" />
+
+		<test url="http://moodle.com/contact/" />
+		<test url="http://moodle.com/hq" />
+		<test url="http://moodle.com/news/" />
+		<test url="http://moodle.com/partners" />
+		<test url="http://moodle.com/sitemap/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.moodle\.com$" name="^(__cfduid|cf_clearance)$" /-->
+	<!--securecookie host="^future\.moodle\.com$" name="^MoodleSession" /-->
+	<!--securecookie host="^git\.in\.moodle\.com$" name="^request_method$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Moodle.net-problematic.xml b/src/chrome/content/rules/Moodle.net-problematic.xml
new file mode 100644
index 000000000000..2eb77107c9da
--- /dev/null
+++ b/src/chrome/content/rules/Moodle.net-problematic.xml
@@ -0,0 +1,13 @@
+<!--
+	For rules that are on by default, see Moodle.net.xml.
+
+-->
+<ruleset name="Moodle.net (missing certificate chain)" default_off="cert-chain">
+
+	<target host="messages.moodle.net" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Moodle.net.xml b/src/chrome/content/rules/Moodle.net.xml
new file mode 100644
index 000000000000..03a0a4be6bd6
--- /dev/null
+++ b/src/chrome/content/rules/Moodle.net.xml
@@ -0,0 +1,38 @@
+<!--
+	For problematic rules, see Moodle.net-problematic.xml.
+
+
+	Problematic hosts in *moodle.net:
+
+		- messages *
+
+	* Server sends no certificate chain, see https://whatsmychaincert.com
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- moodle.net
+		- .moodle.net
+
+-->
+<ruleset name="Moodle.net (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="moodle.net" />
+	<!--target host="messages.moodle.net" /-->
+	<target host="www.moodle.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^moodle\.net$" name="^MoodleSessionhub$" /-->
+	<!--securecookie host="^\.moodle\.net$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Moodle.org.xml b/src/chrome/content/rules/Moodle.org.xml
index 10a349ca86cb..aa77a8686eed 100644
--- a/src/chrome/content/rules/Moodle.org.xml
+++ b/src/chrome/content/rules/Moodle.org.xml
@@ -1,50 +1,42 @@
 <!--
-	Nonfunctional subdomains:
+	Problematic hosts in *moodle.org:
 
-		- demo	("Unknown Virtual Host")
-		- docs *
 		- git *
 
-	* Refused
+	* Mismatched
 
 
-	Problematic subdomains:
+	Insecure cookies are set for these domains and hosts:
 
-		- planet	(works; expired 2013-09-05)
-		- www		(mismatched, CN: moodle.org)
-
-
-	Fully covered subdomains:
-
-		- (www.)	(www → ^)
-		- download
-		- tracker
-
-
-	Mixed content:
-
-		- Images, on planet from:
-
-			- \d.bp.blogspot.com *
-			- feeds.wordpress.com *
-			- \w+.files.wordpress.com *
-			- i\d.wp.com *
-
-		- Web bugs on planet from stats.wordpress.com *
-
-	* Secured by us
+		- .moodle.org
+		- download.moodle.org
+		- lang.moodle.org
+		- tracker.moodle.org
 
 -->
 <ruleset name="Moodle.org (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="moodle.org" />
-	<target host="*.moodle.org" />
+	<target host="docs.moodle.org" />
+	<target host="download.moodle.org" />
+	<target host="lang.moodle.org" />
+	<target host="planet.moodle.org" />
+	<target host="tracker.moodle.org" />
+	<target host="www.moodle.org" />
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.moodle\.org$" name="^(__cfduid|cf_clearance)$" /-->
+	<!--securecookie host="^(download|lang)\.moodle\.org$" name="^MoodleSession" /-->
+	<!--securecookie host="^tracker\.moodle\.org$" name="^(JSESSIONID|atlassian\.xsrf\.token)$" /-->
 
-	<securecookie host="^(?:download\.|tracker\.|\.)?moodle\.org$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(?:(download\.|tracker\.)|www\.)?moodle\.org/"
-		to="https://$1moodle.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Mookie1.com.xml b/src/chrome/content/rules/Mookie1.com.xml
index 6a132a58c7fa..48249e5bc5be 100644
--- a/src/chrome/content/rules/Mookie1.com.xml
+++ b/src/chrome/content/rules/Mookie1.com.xml
@@ -1,30 +1,127 @@
 <!--
-	Nonfunctional subdomains:
-
-		- (www.)
-
+	Cert mismatch:
+		- gmads.mookie1.com
+		- ca.gmads.mookie1.com
+		- cz.gmads.mookie1.com
+		- hk.gmads.mookie1.com
+		- id.gmads.mookie1.com
+		- in.gmads.mookie1.com
+		- it.gmads.mookie1.com
+		- jp.gmads.mookie1.com
+		- my.gmads.mookie1.com
+		- ph.gmads.mookie1.com
+		- ro.gmads.mookie1.com
+		- ru.gmads.mookie1.com
+		- sg.gmads.mookie1.com
+		- th.gmads.mookie1.com
+		- tr.gmads.mookie1.com
+		- tw.gmads.mookie1.com
+		- vn.gmads.mookie1.com
+		- optout.b3.mookie1.com
+		- optout.b3-uk.mookie1.com
+		- ib-test.mookie1.com
+		- zap.mookie1.com
 
-	Fully covered subdomains:
+	Connection refused:
+		- euoptout.mookie1.com
+		- euoptout.ib.mookie1.com
 
-		- t
-		- t1
-		- b3
-		- b3-uk
-		- dna1
+	Nonfunctional subdomains:
+		- (www.)mookie1.com
 
+	Timeout:
+		- adp1-kr.mookie1.com
+		- b3-eu.mookie1.com
+		- dna2.mookie1.com
+		- ibeu.mookie1.com
+		- xaxis-emea.mookie1.com
 
-	Tracking beacons.
+	TLS error:
+		- ib.mookie1.com
+		- ibeu2.mookie1.com
 
 -->
 <ruleset name="Mookie1.com">
 
-	<target host="*.mookie1.com" />
-
-
-	<securecookie host=".*\.mookie1\.com$" name=".+" />
+	<target host="ae-gmtdmp.mookie1.com" />
+	<target host="ar-gmtdmp.mookie1.com" />
+	<target host="at-gmtdmp.mookie1.com" />
+	<target host="au-gmtdmp.mookie1.com" />
+	<target host="b3.mookie1.com" />
+	<target host="b3-uk.mookie1.com" />
+	<target host="be-gmtdmp.mookie1.com" />
+	<target host="br-gmtdmp.mookie1.com" />
+	<target host="ca-gmtdmp.mookie1.com" />
+	<target host="cdn-akamai.mookie1.com" />
+	<target host="ch-gmtdmp.mookie1.com" />
+	<target host="cl-gmtdmp.mookie1.com" />
+	<target host="cn-gmtdmp.mookie1.com" />
+	<target host="co-gmtdmp.mookie1.com" />
+	<target host="cz-gmtdmp.mookie1.com" />
+	<target host="de-gmtdmp.mookie1.com" />
+	<target host="dk-gmtdmp.mookie1.com" />
+	<target host="es-gmtdmp.mookie1.com" />
+	<target host="eu-gmtdmp.mookie1.com" />
+	<target host="fi-gmtdmp.mookie1.com" />
+	<target host="fr-gmtdmp.mookie1.com" />
+	<target host="gb-gmtdmp.mookie1.com" />
+	<target host="eu-gmtdmp.gd1.mookie1.com" />
+	<target host="static-tagr.gd1.mookie1.com" />
+	<target host="sg-gmtdmp.gd2.mookie1.com" />
+	<target host="au-gmtdmp.gd3.mookie1.com" />
+	<target host="jp-gmtdmp.gd9.mookie1.com" />
+	<target host="fr.gmads.mookie1.com" />
+	<target host="pt.gmads.mookie1.com" />
+	<target host="gmtdmp.mookie1.com" />
+	<target host="hk-gmtdmp.mookie1.com" />
+	<target host="hu-gmtdmp.mookie1.com" />
+	<target host="optout.ib.mookie1.com" />
+	<target host="id-gmtdmp.mookie1.com" />
+	<target host="in-gmtdmp.mookie1.com" />
+	<target host="it-gmtdmp.mookie1.com" />
+	<target host="jp-gmtdmp.mookie1.com" />
+	<target host="kr-gmtdmp.mookie1.com" />
+	<target host="mena-gmtdmp.mookie1.com" />
+	<target host="mx-gmtdmp.mookie1.com" />
+	<target host="my-gmtdmp.mookie1.com" />
+	<target host="nl-gmtdmp.mookie1.com" />
+	<target host="no-gmtdmp.mookie1.com" />
+	<target host="nz-gmtdmp.mookie1.com" />
+	<target host="odr.mookie1.com" />
+	<target host="optout.mookie1.com" />
+	<target host="pe-gmtdmp.mookie1.com" />
+	<target host="ph-gmtdmp.mookie1.com" />
+	<target host="pl-gmtdmp.mookie1.com" />
+	<target host="pr-gmtdmp.mookie1.com" />
+	<target host="premium.mookie1.com" />
+	<target host="pt-gmtdmp.mookie1.com" />
+	<target host="qa-gmtdmp.mookie1.com" />
+	<target host="ro-gmtdmp.mookie1.com" />
+	<target host="ru-gmtdmp.mookie1.com" />
+	<target host="se-gmtdmp.mookie1.com" />
+	<target host="sg-gmtdmp.mookie1.com" />
+	<target host="sk-gmtdmp.mookie1.com" />
+	<target host="t.mookie1.com" />
+	<target host="th-gmtdmp.mookie1.com" />
+	<target host="tlg.mookie1.com" />
+	<target host="tr-gmtdmp.mookie1.com" />
+	<target host="tw-gmtdmp.mookie1.com" />
+	<target host="us-gmtdmp.mookie1.com" />
+	<target host="uy-gmtdmp.mookie1.com" />
+	<target host="ve-gmtdmp.mookie1.com" />
+	<target host="vip32-t.mookie1.com" />
+	<target host="vip48-t.mookie1.com" />
+	<target host="vn-gmtdmp.mookie1.com" />
+	<target host="xaxis-it.mookie1.com" />
+	<target host="ch.xs.mookie1.com" />
+	<target host="it.xs.mookie1.com" />
+	<target host="ru.xs.mookie1.com" />
+	<target host="uk.xs.mookie1.com" />
+	<target host="za-gmtdmp.mookie1.com" />
 
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(t1?|b3-uk|b3|dna1)\.mookie1\.com/"
-		to="https://$1.mookie1.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Moon-ray.com.xml b/src/chrome/content/rules/Moon-ray.com.xml
new file mode 100644
index 000000000000..91be35bb7e84
--- /dev/null
+++ b/src/chrome/content/rules/Moon-ray.com.xml
@@ -0,0 +1,28 @@
+<!--
+	Mixed content:
+
+		- css on (www.)?, forms from www.sendpepper.com ¹
+
+		- Images, on:
+
+			- (www.)?, forms from ^ ²
+			- (www.)?, forms from www.sendpepper.com ¹
+
+	¹ Rule disabled by default <= expired & mismatched
+	² Secured by us
+
+-->
+<ruleset name="Moon-ray.com (partial)">
+
+	<target host="moon-ray.com" />
+	<target host="forms.moon-ray.com" />
+	<target host="www.moon-ray.com" />
+		<!--
+			Avoid valid MCB:
+						-->
+		<exclusion pattern="^http://(?:forms\.|www\.)?moon-ray\.com/+(?:$|\?)" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MoonPig.xml b/src/chrome/content/rules/MoonPig.xml
index 93bbd034b55a..f79954fc908a 100644
--- a/src/chrome/content/rules/MoonPig.xml
+++ b/src/chrome/content/rules/MoonPig.xml
@@ -4,7 +4,7 @@
   <target host="moonpig.com.au" />
   <target host="www.moonpig.com.au" />
 
-  <securecookie host="^(.+\.)?moonpig\.com(\.au)?$" name=".*"/>
+  <securecookie host="^(?:.+\.)?moonpig\.com(?:\.au)?$" name=".+" />
 
   <rule from="^http://(?:www\.)?moonpig\.com/"     to="https://moonpig.com/"/>
   <rule from="^http://(?:www\.)?moonpig\.com\.au/" to="https://www.moonpig.com.au/"/>
diff --git a/src/chrome/content/rules/MoonScript.org.xml b/src/chrome/content/rules/MoonScript.org.xml
new file mode 100644
index 000000000000..6dec8de0df90
--- /dev/null
+++ b/src/chrome/content/rules/MoonScript.org.xml
@@ -0,0 +1,13 @@
+<!--
+	Mismatched:
+		- dc-a6e751df4fc0
+		- rocks
+-->
+<ruleset name="MoonScript.org">
+	<target host="moonscript.org" />
+	<target host="www.moonscript.org" />
+	<target host="rocks.moonscript.org" />
+
+	<rule from="^http://rocks\.moonscript\.org/" to="https://luarocks.org/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Moonfruit.com.xml b/src/chrome/content/rules/Moonfruit.com.xml
new file mode 100644
index 000000000000..36ae0324e75b
--- /dev/null
+++ b/src/chrome/content/rules/Moonfruit.com.xml
@@ -0,0 +1,32 @@
+<!--
+	Problematic subdomains:
+
+		- ^ ¹
+		- ubt ²
+
+	¹ No cert chain
+	² unbounce
+
+
+	Mixed content:
+
+		- Image on ubt from assets.unbounce.com *
+		- Image on www from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Moonfruit.com (partial)">
+
+	<target host="moonfruit.com" />
+	<target host="www.moonfruit.com" />
+	<target host="secure.moonfruit.com" />
+		<!--exclusion pattern="http://ubt\.moonfruit\.com" /-->
+
+
+	<rule from="^http://(?:www\.)?moonfruit\.com/"
+		to="https://www.moonfruit.com/" />
+
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mooshi.com.au.xml b/src/chrome/content/rules/Mooshi.com.au.xml
deleted file mode 100644
index 55bfd388bf3f..000000000000
--- a/src/chrome/content/rules/Mooshi.com.au.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	Some pages redirect to http
-
--->
-<ruleset name="Mooshi.com.au (partial)">
-
-	<target host="mooshi.com.au" />
-	<target host="www.mooshi.com.au" />
-
-
-	<rule from="^http://(www\.)?mooshi\.com\.au/(\?ai1ec_render_css=|(?:my-account|pay)(?:$|\?|/)|wp-content/)"
-		to="https://$1mooshi.com.au/$1" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Moot.it.xml b/src/chrome/content/rules/Moot.it.xml
index f99f3b6c6237..da5a5f80bad0 100644
--- a/src/chrome/content/rules/Moot.it.xml
+++ b/src/chrome/content/rules/Moot.it.xml
@@ -21,7 +21,10 @@
 <ruleset name="Moot.it">
 
 	<target host="moot.it" />
-	<target host="*.moot.it" />
+	<target host="api.moot.it" />
+	<target host="www.moot.it" />
+	<target host="cdn.moot.it" />
+	<target host="origin.moot.it" />
 
 
 	<securecookie host="^moot\.it$" name=".+" />
@@ -33,4 +36,4 @@
 	<rule from="^http://(?:cd|origi)n\.moot\.it/"
 		to="https://cdn.moot.it/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Moovweb.xml b/src/chrome/content/rules/Moovweb.xml
index fb87e4101537..be0af42a846b 100644
--- a/src/chrome/content/rules/Moovweb.xml
+++ b/src/chrome/content/rules/Moovweb.xml
@@ -23,8 +23,11 @@
 <ruleset name="Moovweb (partial)">
 
 	<target host="moovweb.com" />
-	<target host="*.moovweb.com" />
-	<target host="*.moovweb.net" />
+	<target host="www.moovweb.com" />
+	<target host="console.moovweb.com" />
+	<target host="help.moovweb.com" />
+	<target host="assets.moovweb.net" />
+	<target host="cloud.moovweb.net" />
 
 
 	<securecookie host="^(?:help)?\.moovweb\.com$" name=".+" />
@@ -33,10 +36,7 @@
 	<rule from="^http://(?:www\.)?moovweb\.com/"
 		to="https://www.moovweb.com/" />
 
-	<rule from="^http://(console|help)\.moovweb\.com/"
-		to="https://$1.moovweb.com/" />
 
-	<rule from="^http://(assets|cloud)\.moovweb\.net/"
-		to="https://$1.moovweb.net/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mopidy.com.xml b/src/chrome/content/rules/Mopidy.com.xml
new file mode 100644
index 000000000000..c7f84758eb23
--- /dev/null
+++ b/src/chrome/content/rules/Mopidy.com.xml
@@ -0,0 +1,46 @@
+<!--
+	NB: Tor users cannot view* this website due to CloudFlare settings.
+
+	See:
+
+		- https://blog.torproject.org/blog/call-arms-helping-internet-services-accept-anonymous-users
+		- https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block-Tor-
+		- https://support.cloudflare.com/hc/en-us/articles/200170206-How-do-I-turn-I-m-Under-Attack-mode-on-
+
+	* without enabling javascript, for security and privacy implications see e.g.:
+
+		- https://www.mozilla.org/security/known-vulnerabilities/firefox.html
+		- https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-fingerprinting
+		- https://panopticlick.eff.org
+
+
+	Fully covered hosts in *mopidy.com:
+
+		- apt
+		- docs
+
+
+	Insecure cookies are set for these domains:
+
+		- .mopidy.com
+
+-->
+<ruleset name="Mopidy.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="apt.mopidy.com" />
+	<target host="docs.mopidy.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.mopidy\.com$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.mopidy\.com$" name="^__cfduid$" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/More-IP-event.net.xml b/src/chrome/content/rules/More-IP-event.net.xml
new file mode 100644
index 000000000000..ab30ea1ecbbe
--- /dev/null
+++ b/src/chrome/content/rules/More-IP-event.net.xml
@@ -0,0 +1,12 @@
+<ruleset name="More-IP-event.net">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="more-ip-event.net" />
+	<target host="www.more-ip-event.net" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/More-onion.com.xml b/src/chrome/content/rules/More-onion.com.xml
new file mode 100644
index 000000000000..42f95dc8e3ae
--- /dev/null
+++ b/src/chrome/content/rules/More-onion.com.xml
@@ -0,0 +1,43 @@
+<!--
+	Fully covered hosts in *more-onion.com:
+
+		- (www.)?
+		- devblog
+
+
+	Insecure cookies are set for these domains:
+
+		- .more-onion.com
+
+
+	Mixed content:
+
+		- Images on www from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="more-onion.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="more-onion.com" />
+	<target host="devblog.more-onion.com" />
+	<target host="www.more-onion.com" />
+
+		<!--	Mixed images:
+					-->
+		<test url="http://www.more-onion.com/en/lets-grow-change" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.more-onion.com$" name="^Drupal\.session_cache\.sid$" /-->
+
+	<securecookie host="^\.more-onion.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/More_Than_Two.com.xml b/src/chrome/content/rules/More_Than_Two.com.xml
new file mode 100644
index 000000000000..7446a5382e70
--- /dev/null
+++ b/src/chrome/content/rules/More_Than_Two.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="More Than Two.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="morethantwo.com" />
+	<target host="www.morethantwo.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Moreinterop.com.xml b/src/chrome/content/rules/Moreinterop.com.xml
index 8c0c009304dd..5a508bdcf85c 100644
--- a/src/chrome/content/rules/Moreinterop.com.xml
+++ b/src/chrome/content/rules/Moreinterop.com.xml
@@ -5,13 +5,21 @@
 	!www: cert only matches www
 
 -->
-<ruleset name="moreinterop.com">
+<ruleset name="moreinterop.com" default_off="refused">
 
-	<target host="moreinterop.com" />
+	<!--	Direct rewrites:
+				-->
 	<target host="www.moreinterop.com" />
 
+	<!--	Complications:
+				-->
+	<target host="moreinterop.com" />
+
 
-	<rule from="^http://(?:www\.)?moreinterop\.com/"
+	<rule from="^http://moreinterop\.com/"
 		to="https://www.moreinterop.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Morello.se.xml b/src/chrome/content/rules/Morello.se.xml
deleted file mode 100644
index 2afb23aded24..000000000000
--- a/src/chrome/content/rules/Morello.se.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Morello.se">
-
-	<target host="morello.se" />
-	<target host="*.morello.se" />
-
-
-	<securecookie host="^\.morello\.se$" name=".+" />
-
-
-	<rule from="^http://(www\.)?morello\.se/"
-		to="https://$1morello.se/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Moreover-Technologies.xml b/src/chrome/content/rules/Moreover-Technologies.xml
index d6984b5c25aa..953a3335397a 100644
--- a/src/chrome/content/rules/Moreover-Technologies.xml
+++ b/src/chrome/content/rules/Moreover-Technologies.xml
@@ -1,18 +1,17 @@
 <!--
-	Nonfunctonal subdomains:
+	Nonfunctional subdomains:
 
 		- (www.)	(times out)
 
 -->
 <ruleset name="Moreover Technologies (partial)">
 
-	<target host="*.moreover.com" />
+	<target host="newsdesk4.moreover.com" />
 
 
 	<securecookie host="^newsdesk4\.moreover\.com$" name=".+" />
 
 
-	<rule from="^http://(c|newsdesk4)\.moreover\.com/"
-		to="https://$1.moreover.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Morgenweb.de.xml b/src/chrome/content/rules/Morgenweb.de.xml
new file mode 100644
index 000000000000..5d3935e6b520
--- /dev/null
+++ b/src/chrome/content/rules/Morgenweb.de.xml
@@ -0,0 +1,19 @@
+<!--
+	Invalid Certificate:
+		cityguide.morgenweb.de
+	Timeout:
+		veranstaltungen.morgenweb.de
+		veranstaltungen-mannheimer-morgen.morgenweb.de
+-->
+<ruleset name="Morgenweb.de">
+	<target host="morgenweb.de" />
+	<target host="www.morgenweb.de" />
+	<target host="digitalezeitung.morgenweb.de" />
+	<target host="flirt.morgenweb.de" />
+	<target host="www2.morgenweb.de" />
+	<target host="www2-mannheimer-morgen.morgenweb.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mork.xml b/src/chrome/content/rules/Mork.xml
index 9ef914ca0876..34b2ed6070a2 100644
--- a/src/chrome/content/rules/Mork.xml
+++ b/src/chrome/content/rules/Mork.xml
@@ -2,7 +2,7 @@
 	!www: cert only matches www
 
 -->
-<ruleset name="Mork" default_off="self-signed">
+<ruleset name="Mork.no" default_off="403">
 
 	<target host="mork.no" />
 	<target host="www.mork.no" />
@@ -11,4 +11,4 @@
 	<rule from="^http://(?:www\.)?mork\.no/"
 		to="https://www.mork.no/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Mork_Namnelag.xml b/src/chrome/content/rules/Mork_Namnelag.xml
deleted file mode 100644
index 2139b9f9b711..000000000000
--- a/src/chrome/content/rules/Mork_Namnelag.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	!www: cert only matches www
-
--->
-<ruleset name="Mork Namnelag" default_off="self-signed">
-
-	<target host="mork.mo" />
-	<target host="www.mork.mo" />
-
-
-	<rule from="^http://(?:www\.)?mork\.no/"
-		to="https://www.mork.no/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Morning_Star_Online.co.uk.xml b/src/chrome/content/rules/Morning_Star_Online.co.uk.xml
new file mode 100644
index 000000000000..c01e45c3c6f2
--- /dev/null
+++ b/src/chrome/content/rules/Morning_Star_Online.co.uk.xml
@@ -0,0 +1,30 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://shop.morningstaronline.co.uk/ => https://shop.morningstaronline.co.uk/: (60, 'SSL certificate problem: certificate has expired')
+
+	Mixed content:
+
+		- css on (www.) from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Morning Star Online.co.uk" default_off="failed ruleset test">
+
+	<target host="morningstaronline.co.uk" />
+	<target host="shop.morningstaronline.co.uk" />
+	<target host="www.morningstaronline.co.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?morningstaronline\.co\.uk$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^\.morningstaronline\.co\.uk$" name="^SESS[\da-f]{32}$" /-->
+
+	<securecookie host="^(?:\.|www\.)?morningstaronline\.co\.uk$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Morningstar.co.uk.xml b/src/chrome/content/rules/Morningstar.co.uk.xml
new file mode 100644
index 000000000000..096a83c9886e
--- /dev/null
+++ b/src/chrome/content/rules/Morningstar.co.uk.xml
@@ -0,0 +1,22 @@
+<!--
+	For other Morningstar coverage, see Morningstar.xml.
+
+
+	Problematic subdomains:
+
+		- tools		(works; mismatched, CN: *.morningstar.com)
+
+
+	Some pages redirect to http.
+
+-->
+<ruleset name="Morningstar.co.uk (partial)">
+
+	<target host="morningstar.co.uk" />
+	<target host="www.morningstar.co.uk" />
+
+
+	<rule from="^http://(?:www\.)?morningstar\.co\.uk/(?=.+/css/|favicon\.ico|includes/|static/)"
+		to="https://www.morningstar.co.uk/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Morningstar.xml b/src/chrome/content/rules/Morningstar.xml
index 3b403dd9c1d3..740e715808e8 100644
--- a/src/chrome/content/rules/Morningstar.xml
+++ b/src/chrome/content/rules/Morningstar.xml
@@ -1,12 +1,21 @@
+<!--
+	Other Morningstar rulesets:
+
+		- Morningstar.co.uk.xml
+		- Mstar.com.xml
+
+-->
 <ruleset name="Morningstar (partial)">
 
 	<target host="corporate.morningstar.com" />
+	<target host="media.morningstar.com" />
+	<target host="video.morningstar.com" />
 
 
+	<!--securecookie host="^\.morningstar\.com$" name="^fp$" /-->
 	<securecookie host="^corporate\.morningstar\.com$" name=".+" />
 
 
-	<rule from="^http://corporate\.morningstar\.com/"
-		to="https://corporate.morningstar.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Moroccan-Bazaar.xml b/src/chrome/content/rules/Moroccan-Bazaar.xml
deleted file mode 100644
index 5b914639fcb6..000000000000
--- a/src/chrome/content/rules/Moroccan-Bazaar.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<ruleset name="Moroccan Bazaar">
-
-	<target host="moroccanbazaar.co.uk"/>
-	<target host="*.moroccanbazaar.co.uk"/>
-
-	<securecookie host="^(.*\.)?moroccanbazaar\.co\.uk$" name=".*"/>
-
-	<rule from="^http://(www\.)?moroccanbazaar\.co\.uk/"
-		to="https://$1moroccanbazaar.co.uk/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Morphis.com.xml b/src/chrome/content/rules/Morphis.com.xml
new file mode 100644
index 000000000000..a07cfa979635
--- /dev/null
+++ b/src/chrome/content/rules/Morphis.com.xml
@@ -0,0 +1,27 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://morphis.com/ => https://morphis.com/: (51, "SSL: no alternative certificate subject name matches target host name 'morphis.com'")
+Fetch error: http://www.morphis.com/ => https://morphis.com/: (51, "SSL: no alternative certificate subject name matches target host name 'morphis.com'")
+
+	www.morphis.com: Mismatched
+
+-->
+<ruleset name="Morphis.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="morphis.com" />
+
+	<!--	Complications:
+				-->
+	<target host="www.morphis.com" />
+
+
+	<rule from="^http://www\.morphis\.com/"
+		to="https://morphis.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Morpho.hu.xml b/src/chrome/content/rules/Morpho.hu.xml
index e3e42c4c2f6f..a302c1c8ac51 100644
--- a/src/chrome/content/rules/Morpho.hu.xml
+++ b/src/chrome/content/rules/Morpho.hu.xml
@@ -1,7 +1,22 @@
-<ruleset name="Morpho.hu">
+<!--
+	NB: Server sends no certificate chain, see https://whatsmychaincert.com
 
+	www.morpho.hu: Mismatched
+
+-->
+<ruleset name="Morpho.hu" default_off="expired, missing certificate chain">
+
+	<!--	Direct rewrites:
+				-->
 	<target host="morpho.hu" />
 
-	<securecookie host="^morpho\.hu$" name=".+" />
-  <rule from="^http://morpho\.hu/" to="https://morpho.hu/" />
+	<!--	Complications:
+				-->
+	<target host="www.morpho.hu" />
+
+	<securecookie host="^\w" name=".+" />
+  <rule from="^http://www\.morpho\.hu/" to="https://morpho.hu/" />
+
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Morrisons-Corporate.com.xml b/src/chrome/content/rules/Morrisons-Corporate.com.xml
new file mode 100644
index 000000000000..d05bb4487ec4
--- /dev/null
+++ b/src/chrome/content/rules/Morrisons-Corporate.com.xml
@@ -0,0 +1,27 @@
+<!--
+	For other Morrisons coverage, see Morrisons.xml.
+
+
+	CN: *.morrisons.com
+
+
+	Mixed content:
+
+		- Image from miranda.hemscott.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Morrisons-Corporate.com" default_off="mismatched">
+
+	<target host="morrisons-corporate.com" />
+	<target host="www.morrisons-corporate.com" />
+
+
+	<securecookie host="^www\.morrisons-corporate\.com$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?morrisons-corporate\.com/"
+		to="https://www.morrisons-corporate.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Morrisons.xml b/src/chrome/content/rules/Morrisons.xml
index 5d5085d59212..d95974262029 100644
--- a/src/chrome/content/rules/Morrisons.xml
+++ b/src/chrome/content/rules/Morrisons.xml
@@ -1,14 +1,75 @@
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://morrisons.com/ => https://morrisons.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+	Other Morrisons rulesets:
+
+		- Morrisons_Cellar.com.xml
+		- Morrisons-Corporate.com.xml
+
+
+	Problematic domains:
+
+		- (www.)morrisons.co.uk *
+		- admin.morrisons.co.uk *
+		- your.morrisons.co.uk *
+
+	* Mismatched, CN: *.morrisons.com
+
+
+	Fully covered domains:
+
+		- morrisons.co.uk subdomains:
+
+			- (www.)	(→ your.morrisons.com)
+			- admin		(→ admin.morrisons.com)
+			- your		(→ your.morrisons.com)
+
+		- morrisons.com subdomains:
+
+			- (www.)
+			- admin
+			- groceries
+			- your
+
+
+	Server is configured for 3des, rc4, and weaker ciphers only.
+
+
+	Mixed content:
+
+		- Scripts on www from ajax.googleapis.com *
+
+		- Ads, on www from:
+
+			- googleads.g.doubleclick.net *
+			- www.googleadservices.com *
+
+	* Secured by us
+
+-->
 <ruleset name="Morrisons">
 
 	<target host="morrisons.co.uk" />
-	<!--	* for cross-domain cookie.	-->
-	<target host="*.morrisons.co.uk" />
+	<target host="www.morrisons.co.uk" />
+	<target host="admin.morrisons.co.uk" />
+	<target host="groceries.morrisons.co.uk" />
+	<target host="your.morrisons.co.uk" />
+	<target host="morrisons.com" />
+	<target host="admin.morrisons.com" />
+	<target host="groceries.morrisons.com" />
+	<target host="your.morrisons.com" />
+	<target host="www.morrisons.com" />
+
+
+	<securecookie host="^(?:\.?groceries|\.?your)?\.morrisons\.com$" name=".+" />
 
 
-	<securecookie host="^(.*\.)?morrisons\.co\.uk$" name=".*" />
+	<rule from="^http://(?:www\.)?morrisons\.co\.uk/"
+		to="https://your.morrisons.com/" />
 
+	<rule from="^http://(admin|groceries|your)\.morrisons\.co(?:\.uk|m)/"
+		to="https://$1.morrisons.com/" />
 
-	<rule from="^http://(www\.)?morrisons\.co\.uk/"
-		to="https://$1morrisons.co.uk/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Morrisons_Cellar.com.xml b/src/chrome/content/rules/Morrisons_Cellar.com.xml
new file mode 100644
index 000000000000..1faeb8894500
--- /dev/null
+++ b/src/chrome/content/rules/Morrisons_Cellar.com.xml
@@ -0,0 +1,41 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://morrisonscellar.com/ => https://morrisonscellar.com/webapp/wcs/stores/servlet/TopCategoriesDisplay?storeId=10701&: (51, "SSL: no alternative certificate subject name matches target host name 'morrisonscellar.com'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://morrisonscellar.com/ => https://morrisonscellar.com/webapp/wcs/stores/servlet/TopCategoriesDisplay?storeId=10701&: (28, 'Connection timed out after 10001 milliseconds')
+	For other Morrisons coverage, see Morrisons.xml.
+
+
+	Mixed content:
+
+		- Images, on www from:
+
+			- img *
+			- cdn-morrisons.amplience.com
+
+	* Secured by us
+
+-->
+<ruleset name="Morrisons Cellar.com" default_off="failed ruleset test">
+
+	<target host="morrisonscellar.com" />
+	<target host="*.morrisonscellar.com" />
+
+
+	<securecookie host="^www\.morrisonscellar\.com$" name=".+" />
+
+
+	<!--	$ redirects to http
+					-->
+	<rule from="^http://(www\.)?morrisonscellar\.com/+(?:\?(.+))?$"
+		to="https://$1morrisonscellar.com/webapp/wcs/stores/servlet/TopCategoriesDisplay?storeId=10701&amp;$2" />
+
+	<rule from="^http://(www\.)?morrisonscellar\.com/+(?:\?)?$"
+		to="https://$1morrisonscellar.com/webapp/wcs/stores/servlet/TopCategoriesDisplay?storeId=10701" />
+
+	<rule from="^http://(img\.|www\.)?morrisonscellar\.com/"
+		to="https://$1morrisonscellar.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mosaic_Science.com.xml b/src/chrome/content/rules/Mosaic_Science.com.xml
new file mode 100644
index 000000000000..da2dfde7ead8
--- /dev/null
+++ b/src/chrome/content/rules/Mosaic_Science.com.xml
@@ -0,0 +1,18 @@
+<ruleset name="Mosaic Science.com (partial)">
+
+	<target host="mosaicscience.com" />
+	<target host="www.mosaicscience.com" />
+		<!--
+			Redirects to http:
+						-->
+		<!--exclusion pattern="^http://mosaicscience.com/($|\?|story/[\w-]+)" /-->
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="^http://mosaicscience\.com/+(?!sites/)" /-->
+
+
+	<rule from="^http://(?:www\.)?mosaicscience\.com/(?=sites/)"
+		to="https://mosaicscience.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mosh.org.xml b/src/chrome/content/rules/Mosh.org.xml
new file mode 100644
index 000000000000..571203759165
--- /dev/null
+++ b/src/chrome/content/rules/Mosh.org.xml
@@ -0,0 +1,10 @@
+<ruleset name="Mosh.org">
+
+	<target host="mosh.org" />
+	<target host="www.mosh.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Moshimonsters.com.xml b/src/chrome/content/rules/Moshimonsters.com.xml
new file mode 100644
index 000000000000..470a19b338b1
--- /dev/null
+++ b/src/chrome/content/rules/Moshimonsters.com.xml
@@ -0,0 +1,24 @@
+<!--
+    Non-functional hosts:
+        Timeout:
+        - admin.moshimonsters.com
+        - jam.moshimonsters.com	
+        
+        SSL peer certificate was not OK:
+        - origin.moshimonsters.com
+        - store.moshimonsters.com
+        - static.moshimonsters.com
+        - forums.moshimonsters.com
+        - news.moshimonsters.com
+        - service.moshimonsters.com
+        - api.moshimonsters.com
+-->
+<ruleset name="Moshimonsters.com">
+    <target host="moshimonsters.com" />
+    <target host="www.moshimonsters.com" />
+    <target host="secure.moshimonsters.com" />
+
+    <rule from="^http:" to="https:" />
+
+    <securecookie host=".+" name=".+" />
+</ruleset>
diff --git a/src/chrome/content/rules/MosqueeDeParis.net.xml b/src/chrome/content/rules/MosqueeDeParis.net.xml
new file mode 100644
index 000000000000..9ad5bf479740
--- /dev/null
+++ b/src/chrome/content/rules/MosqueeDeParis.net.xml
@@ -0,0 +1,8 @@
+<ruleset name="MosqueeDeParis.net">
+	<target host="mosqueedeparis.net" />
+	<target host="www.mosqueedeparis.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mosso.com.xml b/src/chrome/content/rules/Mosso.com.xml
new file mode 100644
index 000000000000..19a5548cff57
--- /dev/null
+++ b/src/chrome/content/rules/Mosso.com.xml
@@ -0,0 +1,33 @@
+<!--
+	For other Rackspace coverage, see Rackspace.xml.
+
+
+	Problematic domains:
+
+		- mosso.com				(redirects to www.rackspace.com/cloud/; mismatched, CN: *.rackspacecloud.com)
+		- cdn.cloudfiles.mosso.com		(401, akamai)
+
+-->
+<ruleset name="Mosso.com (partial)">
+
+	<!--	Complications:
+				-->
+	<target host="cdn.cloudfiles.mosso.com" />
+
+		<exclusion pattern="^http://cdn\.cloudfiles\.mosso\.com/(?!\w+/)" />
+
+			<!--	ve:
+					-->
+			<test url="http://cdn.cloudfiles.mosso.com/home" />
+			<test url="http://cdn.cloudfiles.mosso.com/index.php" />
+
+			<!--	ve:
+					-->
+			<test url="http://cdn.cloudfiles.mosso.com/c0703792/2Furious_Tony_500.jpg" />
+			<test url="http://cdn.cloudfiles.mosso.com/c1910342/media_center/images/static/total_access/Wat.jpg" />
+
+
+	<rule from="^http://cdn\.cloudfiles\.mosso\.com/(\w+)/"
+		to="https://$1.ssl.cf0.rackcdn.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Moswarat.com.xml b/src/chrome/content/rules/Moswarat.com.xml
new file mode 100644
index 000000000000..9e3da3cdc6dd
--- /dev/null
+++ b/src/chrome/content/rules/Moswarat.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="Moswarat.com">
+	<target host="moswarat.com" />
+	<target host="www.moswarat.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Motesplatsen.se.xml b/src/chrome/content/rules/Motesplatsen.se.xml
index 42792566a461..e8c4feed07dc 100644
--- a/src/chrome/content/rules/Motesplatsen.se.xml
+++ b/src/chrome/content/rules/Motesplatsen.se.xml
@@ -1,6 +1,6 @@
 <!-- dating sites. included on lots of other sites -->
 <ruleset name="Motesplatsen.se">
 	<target host="www.motesplatsen.se" />
-	<rule from="^http://www\.motesplatsen\.se/" to="https://www.motesplatsen.se/"/>
+	<rule from="^http:" to="https:" />
 </ruleset>
 
diff --git a/src/chrome/content/rules/MotherJones.com.xml b/src/chrome/content/rules/MotherJones.com.xml
index 08eaa83a6a05..38010bc5a8bc 100644
--- a/src/chrome/content/rules/MotherJones.com.xml
+++ b/src/chrome/content/rules/MotherJones.com.xml
@@ -1,35 +1,15 @@
 <!--
-	CDN buckets:
-
-		- mjassets.s3.amazonaws.com
-			- assets.motherjones.com
-
-		- mjcdn.s3.amazonaws.com
-			- mjcdn.motherjones.com
-
-		- wildcard.motherjones.com.edgekey.net
-		- assets.motherjones.com.edgesuite.net
-		- mjcdn.motherjones.com.edgesuite.net
-
+	Non-functional hosts
+		Certificate Mismatched:
+		- mjcdn.motherjones.com
 -->
-<ruleset name="MotherJones.com (partial)">
-
+<ruleset name="MotherJones.com">
 	<target host="motherjones.com" />
-	<target host="*.motherjones.com" />
-
-
-	<!--	At least some pages 302 to http.
-						-->
-	<rule from="^http://(www\.)?motherjones\.com/(files|misc|sites|transition)/"
-		to="https://$1motherjones.com/$2/" />
-
-	<rule from="^https?://(?:(assets)|mj(cdn))\.motherjones\.com/"
-		to="https://mj$1$2.s3.amazonaws.com/" />
-
-	<rule from="^https?://oascentral\.motherjones\.com/"
-		to="https://oasc11a.247realmedia.com/" />
-
-	<rule from="^http://secure\.motherjones\.com/"
-		to="https://secure.motherjones.com/" />
+	<target host="www.motherjones.com" />
+	<target host="assets.motherjones.com" />
+	<target host="preprod.motherjones.com" />
+	<target host="secure.motherjones.com" />
+	<target host="store.motherjones.com" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Motherboard.tv.xml b/src/chrome/content/rules/Motherboard.tv.xml
new file mode 100644
index 000000000000..2ceae3822fc8
--- /dev/null
+++ b/src/chrome/content/rules/Motherboard.tv.xml
@@ -0,0 +1,50 @@
+<!--
+	For other Vice Media coverage, see Vice.xml.
+
+
+	CDN buckets:
+
+		- d7qfuicnb8zug.cloudfront.net
+		- dz6snzmhpcl6f.cloudfront.net
+
+
+	Problematic hosts in *motherboard.tv:
+
+		- (www.)? ¹
+		- assets ²
+		- assets2 ²
+
+	¹ 503
+	² Cloudfront
+
+
+	Fully covered hosts in *motherboard.tv:
+
+		- (www.)?	(→ motherboard.vice.com)
+		- assets	(→ dz6snzmhpcl6f.cloudfront.net)
+		- assets2	(→ d7qfuicnb8zug.cloudfront.net)
+
+-->
+<ruleset name="Motherboard.tv">
+
+	<!--	Complications:
+				-->
+	<target host="motherboard.tv" />
+	<target host="assets.motherboard.tv" />
+	<target host="assets2.motherboard.tv" />
+	<target host="www.motherboard.tv" />
+
+
+	<!--	Redirect keeps path, args,
+		and forward slash:
+					-->
+	<rule from="^http://(?:www\.)?motherboard\.tv/"
+		to="https://motherboard.vice.com/" />
+
+	<rule from="^http://assets\.motherboard\.tv/"
+		to="https://dz6snzmhpcl6f.cloudfront.net/" />
+
+	<rule from="^http://assets2\.motherboard\.tv/"
+		to="https://d7qfuicnb8zug.cloudfront.net/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Motherless-media.xml b/src/chrome/content/rules/Motherless-media.xml
index 73a67043736d..110f708f80d6 100644
--- a/src/chrome/content/rules/Motherless-media.xml
+++ b/src/chrome/content/rules/Motherless-media.xml
@@ -15,7 +15,7 @@
 	<target host="thumbs.motherlessmedia.com" />
 	<target host="www.motherlessmedia.com" />
 
-	<rule from="^http://(www\.)?motherlessmedia\.com/"
+	<rule from="^http://(?:www\.)?motherlessmedia\.com/"
 		to="https://motherlessmedia.com/" />
 
 	<rule from="^http://(avatars|thumbs)\.motherlessmedia\.com/"
diff --git a/src/chrome/content/rules/Motherpipe.co.uk.xml b/src/chrome/content/rules/Motherpipe.co.uk.xml
new file mode 100644
index 000000000000..bd4a8a0fce3b
--- /dev/null
+++ b/src/chrome/content/rules/Motherpipe.co.uk.xml
@@ -0,0 +1,23 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://motherpipe.co.uk/ => https://motherpipe.co.uk/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.motherpipe.co.uk/ => https://www.motherpipe.co.uk/: (28, 'Connection timed out after 20001 milliseconds')
+
+	Other Motherpipe rulesets:
+
+		- Motherpipe.com.xml
+
+-->
+<ruleset name="Motherpipe.co.uk" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="motherpipe.co.uk" />
+	<target host="www.motherpipe.co.uk" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Motherpipe.com.xml b/src/chrome/content/rules/Motherpipe.com.xml
new file mode 100644
index 000000000000..1b28da2551f4
--- /dev/null
+++ b/src/chrome/content/rules/Motherpipe.com.xml
@@ -0,0 +1,22 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://search.motherpipe.com/ => https://search.motherpipe.com/: (28, 'Connection timed out after 20000 milliseconds')
+
+	For other Motherpipe coverage, see Motherpipe.co.uk.xml.
+
+
+	(www.)?motherpipe.com: Refused
+
+-->
+<ruleset name="Motherpipe.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="search.motherpipe.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Motigo.xml b/src/chrome/content/rules/Motigo.xml
index 1da648c55ec8..4a3a99800547 100644
--- a/src/chrome/content/rules/Motigo.xml
+++ b/src/chrome/content/rules/Motigo.xml
@@ -6,7 +6,7 @@
 
 	<!--	At least some pages 302 to http.
 						-->
-	<rule from="^https?://(?:www\.)?motigo\.com/(cs|image)s/"
+	<rule from="^http://(?:www\.)?motigo\.com/(cs|image)s/"
 		to="https://motigo.com/$1s/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Motley-Fool-Australia.xml b/src/chrome/content/rules/Motley-Fool-Australia.xml
new file mode 100644
index 000000000000..732ac8fc59bc
--- /dev/null
+++ b/src/chrome/content/rules/Motley-Fool-Australia.xml
@@ -0,0 +1,13 @@
+<!--
+	For other Motley Fool related rulesets, see Motley-Fool.xml
+-->
+<ruleset name="The Motley Fool Australia">
+
+	<target host="fool.com.au" />
+	<target host="www.fool.com.au" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Motley-Fool-Canada.xml b/src/chrome/content/rules/Motley-Fool-Canada.xml
new file mode 100644
index 000000000000..0f2910925785
--- /dev/null
+++ b/src/chrome/content/rules/Motley-Fool-Canada.xml
@@ -0,0 +1,13 @@
+<!--
+	For other Motley Fool related rulesets, see Motley-Fool.xml
+-->
+<ruleset name="The Motley Fool Canada">
+
+	<target host="fool.ca" />
+	<target host="www.fool.ca" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Motley-Fool-Germany.xml b/src/chrome/content/rules/Motley-Fool-Germany.xml
new file mode 100644
index 000000000000..014c1c853f46
--- /dev/null
+++ b/src/chrome/content/rules/Motley-Fool-Germany.xml
@@ -0,0 +1,13 @@
+<!--
+	For other Motley Fool related rulesets, see Motley-Fool.xml
+-->
+<ruleset name="The Motley Fool Germany">
+
+	<target host="fool.de" />
+	<target host="www.fool.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Motley-Fool-Singapore.xml b/src/chrome/content/rules/Motley-Fool-Singapore.xml
new file mode 100644
index 000000000000..33ef4fe9cc8f
--- /dev/null
+++ b/src/chrome/content/rules/Motley-Fool-Singapore.xml
@@ -0,0 +1,13 @@
+<!--
+	For other Motley Fool related rulesets, see Motley-Fool.xml
+-->
+<ruleset name="The Motley Fool Singapore">
+
+	<target host="fool.sg" />
+	<target host="www.fool.sg" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Motley-Fool-UK.xml b/src/chrome/content/rules/Motley-Fool-UK.xml
new file mode 100644
index 000000000000..c911aa461732
--- /dev/null
+++ b/src/chrome/content/rules/Motley-Fool-UK.xml
@@ -0,0 +1,26 @@
+<!--
+	For other Motley Fool related rulesets, see Motley-Fool.xml
+
+
+	Non-functional subdomains:
+		- beta	(m)
+		- boards	(e)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="The Motley Fool UK">
+
+	<target host="fool.co.uk" />
+	<target host="www.fool.co.uk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Motley-Fool.xml b/src/chrome/content/rules/Motley-Fool.xml
index 30fd4642d428..db7d54a0886a 100644
--- a/src/chrome/content/rules/Motley-Fool.xml
+++ b/src/chrome/content/rules/Motley-Fool.xml
@@ -1,38 +1,73 @@
-<ruleset name="The Motley Fool (partial)">
+<!--
+	Other related rulesets:
+		- Fool-CDN.com.xml
+		- Motley-Fool-Australia.xml
+		- Motley-Fool-Canada.xml
+		- Motley-Fool-Germany.xml
+		- Motley-Fool-Singapore.xml
+		- Motley-Fool-UK.xml
 
-	<target host="fool.com"/>
-	<!-- /g.:	Akamai	-->
-	<target host="*.fool.com"/>
-	<target host="fool.com.au"/>
-	<target host="*.fool.com.au"/>
-	<target host="fool.co.uk"/>
-	<target host="*.fool.co.uk"/>
-	<target host="*.foolcdn.com"/>
-	<target host="marketfoolery.com"/>
-	<target host="www.marketfoolery.com"/>
-	
-	<rule from="^http://fool\.com/"
-		to="https://www.fool.com/"/>
 
-	<rule from="^http://www\.fool\.co(m|m\.au|\.uk)/(ads/|author/|Foolwatch/|help/|img/|Landing/|marketing/|PopUps/|press/|Scripts/|secure/|shop/|tracking/)"
-		to="https://www.fool.co$1/$2"/>
+	Non-functional subdomains:
+		- autodiscover	(r)
+		- bbnvoting	(t)
+		- boards	(h)
+		- caps		(h)
+		- staging.fool-iq	(m)
+		- insight	(e)
+		- test.investigator	(m)
+		- m		(h)
+		- mockup.m	(m)
+		- my	(h)
+		- offers	(m)
+		- passwordreset	(m)
+		- social	(m)
+		- staging.tmf-mobile-api	(m)
+		- staging.www	(t)
 
-	<rule from="^http://boards\.fool\.com/(Css/|\w+\.aspx$)"
-		to="https://boards.fool.com/$1"/>
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
 
-	<rule from="^http://caps\.fool\.com/(Blogs|Ticker/)"
-		to="https://caps.fool.com/$1"/>
+	Host has wildcard dns.
+-->
+<ruleset name="The Motley Fool">
 
-	<rule from="^http://my\.fool\.com/"
-		to="https://my.fool.com/"/>
+	<target host="fool.com" />
+	<target host="www.fool.com" />
+	<target host="api.fool.com" />
+	<target host="beta.fool.com" />
+	<target host="careers.fool.com" />
+	<target host="cms.fool.com" />
+	<target host="consenter-center-de.fool.com" />
+	<target host="staging.consenter-center-de.fool.com" />
+	<target host="consenter-center-uk.fool.com" />
+	<target host="staging.consenter-center-uk.fool.com" />
+	<target host="culture.fool.com" />
+	<target host="disclosure.fool.com" />
+	<target host="farmteam.fool.com" />
+	<target host="feeds.fool.com" />
+	<target host="g.fool.com" />
+	<target host="infotron.fool.com" />
+	<target host="infotron-admin.fool.com" />
+	<target host="infotron-splitter.fool.com" />
+	<target host="infotron-track.fool.com" />
+	<target host="iq.fool.com" />
+	<target host="newsletters.fool.com" />
+	<target host="onesupport.fool.com" />
+	<target host="scorecard.fool.com" />
+	<target host="supernovasupport.fool.com" />
+	<target host="support.fool.com" />
+	<target host="tmf-mobile-api.fool.com" />
+	<target host="wiki.fool.com" />
+	<target host="preview.www.fool.com" />
 
-	<rule from="^http://[gs]\.fool(?:cdn)?\.co(m|m\.au|\.uk)/"
-		to="https://s.foolcdn.co$1/"/>
-
-	<rule from="^http://wiki\.fool\.com/"
-		to="https://wiki.fool.com/"/>
-
-	<rule from="^http://(?:www\.)?marketfoolery\.com/"
-		to="https://wiki.fool.com/MarketFoolery"/>
+	<securecookie host=".+" name=".+" />
 
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Moto-G.com.xml b/src/chrome/content/rules/Moto-G.com.xml
index 18eeb10f72ec..d05a2f0fc8ff 100644
--- a/src/chrome/content/rules/Moto-G.com.xml
+++ b/src/chrome/content/rules/Moto-G.com.xml
@@ -1,4 +1,12 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://moto-g.com/ => https://www.moto-g.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.moto-g.com/ => https://www.moto-g.com/: (60, 'SSL certificate problem: certificate has expired')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://moto-g.com/ => https://www.moto-g.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.moto-g.com/ => https://www.moto-g.com/: (60, 'SSL certificate problem: certificate has expired')
 	For other Motorola coverage, see Motorola.xml.
 
 
@@ -12,7 +20,7 @@
 		- ^	(dropped)
 
 -->
-<ruleset name="Moto-G.com">
+<ruleset name="Moto-G.com" default_off="failed ruleset test">
 
 	<target host="moto-g.com" />
 	<target host="www.moto-g.com" />
diff --git a/src/chrome/content/rules/Motorola.xml b/src/chrome/content/rules/Motorola.xml
index 27992c3171b8..96666e132ced 100644
--- a/src/chrome/content/rules/Motorola.xml
+++ b/src/chrome/content/rules/Motorola.xml
@@ -1,4 +1,10 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://sdc.motorola.com/ => https://sdc.motorola.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://cdn.motorola-2.com/ => https://cdn.motorola-2.com/: (51, "SSL: no alternative certificate subject name matches target host name 'cdn.motorola-2.com'")
+Non-2xx HTTP code: http://www.motorola.de/ (200) => https://www.motorola.de/ (403)
+
 	Other Motorola rulesets:
 
 		- Moto-G.com.xml
@@ -61,36 +67,42 @@
 	* Secured by us
 
 -->
-<ruleset name="Motorola (partial)">
+<ruleset name="Motorola (partial)" default_off="failed ruleset test">
 
-	<target host="*.email-motorola.com" />
 	<target host="*.motorola.com" />
 		<exclusion pattern="^http://(?:www\.)?motorola\.com/(?:Business|staticfiles)/" />
 	<target host="cdn.motorola-2.com" />
 	<target host="motorolasolutions.com" />
 	<target host="*.motorolasolutions.com" />
+	<target host="www.motorola.de" />
 
 
 	<securecookie host="^(?:globalrepairtools|mediacenter|membership)\.motorola\.com$" name=".+" />
 	<securecookie host="^mediacenter\.motorolasolutions\.com$" name=".+" />
 
+	<test url="http://motorola.com/" />
+	<test url="http://www.motorola.com/" />
+
+	<test url="http://membership.motorola.com/" />
+	<test url="http://globalrepairtools.motorola.com/" />
+	<test url="http://mediacenter.motorola.com/" />
+	<test url="http://sdc.motorola.com/" />
+
+	<test url="http://mediacenter.motorolasolutions.com/" />
 
-	<rule from="^http://[ls]\.email-motorola\.com/"
-		to="https://s.email-motorola.com/" />
+	<test url="http://www.motorola.com/Business/" />
+	<test url="http://www.motorola.com/staticfiles/" />
+	<test url="http://motorola.com/staticfiles/" />
+
+	<rule from="^http://motorolasolutions\.com/"
+		to="https://www.motorolasolutions.com/" />
 
 	<rule from="^http://motorola\.com/"
 		to="https://www.motorola.com/" />
 
-	<rule from="^http://(globalrepairtools|mediacenter|membership|sdc|www)\.motorola\.com/"
-		to="https://$1.motorola.com/" />
-
-	<rule from="^http://cdn\.motorola-2\.com/"
-		to="https://cdn.motorola-2.com/" />
+	<rule from="^http:" to="https:" />
 
-	<rule from="^https?://(?:www\.)?motorolasolutions.com/web/"
+	<rule from="^http://(?:www\.)?motorolasolutions\.com/web/"
 		to="https://www.motorolasolutions.com/web/" />
 
-	<rule from="^http://mediacenter\.motorolasolutions\.com/"
-		to="https://mediacenter.motorolasolutions.com/" />
-
 </ruleset>
diff --git a/src/chrome/content/rules/Motorola_Trade_Up.xml b/src/chrome/content/rules/Motorola_Trade_Up.xml
index 7cea8a460d4b..efdfbc5305c6 100644
--- a/src/chrome/content/rules/Motorola_Trade_Up.xml
+++ b/src/chrome/content/rules/Motorola_Trade_Up.xml
@@ -1,14 +1,20 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://mototradeup.com/ => https://www.mototradeup.com/: (6, 'Could not resolve host: www.mototradeup.com')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://mototradeup.com/ => https://www.mototradeup.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 	For other Motorola coverage, see Motorola.xml.
 
 
 	!www: mismatched, CN: mac.fairbanksllc.com
 
 -->
-<ruleset name="Motorola Trade Up">
+<ruleset name="Motorola Trade Up" default_off="failed ruleset test">
 
 	<target host="mototradeup.com" />
-	<target host="*.mototradeup.com" />
+	<target host="www.mototradeup.com" />
 
 
 	<securecookie host="^\.mototradeup\.com$" name=".+" />
@@ -17,4 +23,4 @@
 	<rule from="^http://(?:www\.)?mototradeup\.com/"
 		to="https://www.mototradeup.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Motricity.xml b/src/chrome/content/rules/Motricity.xml
index e5911055069e..e6f314745c7d 100644
--- a/src/chrome/content/rules/Motricity.xml
+++ b/src/chrome/content/rules/Motricity.xml
@@ -1,16 +1,23 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://alltel.web.mcore.com/ => https://alltel.web.mcore.com/: (7, 'Failed to connect to alltel.web.mcore.com port 443: Connection refused')
+Fetch error: http://webshared.mcore.com/ => https://webshared.mcore.com/: (7, 'Failed to connect to webshared.mcore.com port 443: Connection refused')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://alltel.web.mcore.com/ => https://alltel.web.mcore.com/: (6, 'Could not resolve host: alltel.web.mcore.com')
+Fetch error: http://webshared.mcore.com/ => https://webshared.mcore.com/: (6, 'Could not resolve host: webshared.mcore.com')
 	Nonfunctional domains:
 
 		- sry.it.mcore.com
 
 -->
-<ruleset name="Motricity (partial)">
+<ruleset name="Motricity (partial)" default_off="failed ruleset test">
 
 	<target host="alltel.web.mcore.com" />
 	<target host="webshared.mcore.com" />
 
 
-	<rule from="^http://(alltel\.web|webshared)\.mcore\.com/"
-		to="https://$1.mcore.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Mount_Sinai.org.xml b/src/chrome/content/rules/Mount_Sinai.org.xml
new file mode 100644
index 000000000000..9cd932537ba9
--- /dev/null
+++ b/src/chrome/content/rules/Mount_Sinai.org.xml
@@ -0,0 +1,43 @@
+<!--
+	Mount Sinai Hospital
+
+
+	Fully covered subdomains:
+
+		- (www.)
+		- mychart
+		- philanthropy
+
+
+	Observed cookie domains:
+
+		- ^
+		- mychart
+		- philanthropy
+		- www
+
+
+	Mixed content:
+
+		- Images, on philanthropy from:
+
+			- $self *
+			- www *
+
+	* Secured by us
+
+-->
+<ruleset name="Mount Sinai.org">
+
+	<target host="mountsinai.org" />
+	<target host="mychart.mountsinai.org" />
+	<target host="philanthropy.mountsinai.org" />
+	<target host="www.mountsinai.org" />
+
+
+	<securecookie host="^(?:(?:mychart|philanthropy|www)\.)?mountsinai\.org$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mountain_Reservations.xml b/src/chrome/content/rules/Mountain_Reservations.xml
index 534cd729a1d7..14c71ee8d661 100644
--- a/src/chrome/content/rules/Mountain_Reservations.xml
+++ b/src/chrome/content/rules/Mountain_Reservations.xml
@@ -11,7 +11,7 @@
 	<securecookie host="^www\.mountainreservations\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?mountainreservations\.com/"
+	<rule from="^http://(?:www\.)?mountainreservations\.com/"
 		to="https://www.mountainreservations.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MountaineeringMethodology.com.xml b/src/chrome/content/rules/MountaineeringMethodology.com.xml
new file mode 100644
index 000000000000..d3dcce65694d
--- /dev/null
+++ b/src/chrome/content/rules/MountaineeringMethodology.com.xml
@@ -0,0 +1,12 @@
+<!--
+	Active mixed content:
+		- www.mountaineeringmethodology.com
+-->
+
+<ruleset name="MountaineeringMethodology.com" platform="mixedcontent">
+	<target host="mountaineeringmethodology.com" />
+	<target host="www.mountaineeringmethodology.com" />
+	<target host="cms.mountaineeringmethodology.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mountspace.com.xml b/src/chrome/content/rules/Mountspace.com.xml
deleted file mode 100644
index cda085661fad..000000000000
--- a/src/chrome/content/rules/Mountspace.com.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="Mountspace.com">
-  <target host="www.mountspace.com"/>
-  <target host="mountspace.com"/>
-  <rule from="^http://(www\.)?mountspace\.com/" to="https://www.mountspace.com/"/>
-</ruleset>
-<!-- Rule generated by HTTPS Finder 0.85 -->
\ No newline at end of file
diff --git a/src/chrome/content/rules/Mountyhall.com.xml b/src/chrome/content/rules/Mountyhall.com.xml
index be0f7eab63eb..33ab7c429614 100644
--- a/src/chrome/content/rules/Mountyhall.com.xml
+++ b/src/chrome/content/rules/Mountyhall.com.xml
@@ -1,5 +1,29 @@
-<ruleset name="Mountyhall" default_off="self-signed">
-  <target host="games.mountyhall.com" />
+<!--
+	Invalid certificate:
+		mountyhall.com
+		blason.mountyhall.com
+		lists.mountyhall.com
+		m.mountyhall.com
+		mobile.mountyhall.com
+		mountypedia.mountyhall.com
+		serv01.mountyhall.com
+		serv03.mountyhall.com
+		smartphone.mountyhall.com
+		sp.mountyhall.com
+		svn.mountyhall.com
+		troc.mountyhall.com
+		upload.mountyhall.com
+		webring.mountyhall.com
+
+	No working URL known:
+		phpmyadmin.mountyhall.com
+
+-->
+<ruleset name="Mountyhall" default_off="cert-chain">
+
+	<target host="www.mountyhall.com" />
+	<target host="games.mountyhall.com" />
+
+	<rule from="^http:" to="https:" />
 
-  <rule from="^http://games\.mountyhall\.com/" to="https://games.mountyhall.com/" />
 </ruleset>
diff --git a/src/chrome/content/rules/Mouse_Blocker.com.xml b/src/chrome/content/rules/Mouse_Blocker.com.xml
new file mode 100644
index 000000000000..966728540257
--- /dev/null
+++ b/src/chrome/content/rules/Mouse_Blocker.com.xml
@@ -0,0 +1,22 @@
+<!--
+	Mixed content:
+
+		- Images from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Mouse Blocker.com">
+
+	<target host="mouseblocker.com" />
+	<target host="www.mouseblocker.com" />
+
+
+	<!--	Some, but not all, secured by server:
+							-->
+	<securecookie host="^(?:w*\.)?mouseblocker\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mouseflow.xml b/src/chrome/content/rules/Mouseflow.xml
index 90b1b335d337..8c87ef2f1b9c 100644
--- a/src/chrome/content/rules/Mouseflow.xml
+++ b/src/chrome/content/rules/Mouseflow.xml
@@ -1,20 +1,31 @@
-<!--
-	Nonfunctional subdomains:
 
-		- account	(404)
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://nl.mouseflow.com/ => https://mouseflow.nl/: (7, 'Failed to connect to mouseflow.nl port 443: Connection refused')
+Fetch error: http://www.mouseflow.de/ => https://www.mouseflow.de/: (51, "SSL: no alternative certificate subject name matches target host name 'www.mouseflow.de'")
+Fetch error: http://mouseflow.nl/ => https://mouseflow.nl/: (7, 'Failed to connect to mouseflow.nl port 443: Connection refused')
+Fetch error: http://www.mouseflow.nl/ => https://www.mouseflow.nl/: (28, 'Connection timed out after 20000 milliseconds')
 
+	Mismtached:
+		- go.mouseflow.com
 -->
-<ruleset name="Mouseflow (partial)">
-
+<ruleset name="Mouseflow" default_off="failed ruleset test">
 	<target host="mouseflow.com" />
-	<target host="*.mouseflow.com" />
-		<!--
-			404s(!)
-				-->
-		<exclusion pattern="^http://(?:www\.)?mouseflow\.com/sign-in" />
+	<target host="cdn.mouseflow.com" />
+	<target host="www.mouseflow.com" />
+	<target host="app.mouseflow.com" />
+	<target host="account.mouseflow.com" />
+	<target host="de.mouseflow.com" />
+	<target host="eu.mouseflow.com" />
+	<target host="nl.mouseflow.com" />
 
+	<target host="mouseflow.de" />
+	<target host="www.mouseflow.de" />
 
-	<rule from="^http://(cdn\.|www\.)?mouseflow\.com/"
-		to="https://$1mouseflow.com/" />
+	<target host="mouseflow.nl" />
+	<target host="www.mouseflow.nl" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http://de\.mouseflow\.com/" to="https://mouseflow.de/" />
+	<rule from="^http://nl\.mouseflow\.com/" to="https://mouseflow.nl/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mousematrix.com.xml b/src/chrome/content/rules/Mousematrix.com.xml
deleted file mode 100644
index 77f929d5a06c..000000000000
--- a/src/chrome/content/rules/Mousematrix.com.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="Mousematrix.com">
-
-	<target host="mousematrix.com" />
-	<target host="www.mousematrix.com" />
-
-
-	<rule from="^http://(www\.)?mousematrix\.com/"
-		to="https://$1mousematrix.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Mov.ad.xml b/src/chrome/content/rules/Mov.ad.xml
new file mode 100644
index 000000000000..10097e16fb39
--- /dev/null
+++ b/src/chrome/content/rules/Mov.ad.xml
@@ -0,0 +1,30 @@
+	<!--
+	cert not valid for the mainpage
+
+	cert expired:
+		- cdn.movad.net
+		- beta.cdn.movad.net
+		- beta.track.movad.net
+
+	connection refused:
+		- adscale.movad.net
+		- event.movad.net
+		- prelive.movad.net
+		- preview.movad.net
+
+	timeout:
+		- ad.movad.net
+		- reptracy.movad.net
+		- dev.reptracy.movad.net
+	-->
+
+<ruleset name="Mov.ad">
+
+	<target host="ad2.movad.net" />
+	<target host="cdn2.movad.net" />
+ 	<target host="track.movad.net" />
+
+ 	<rule from="^http:"
+ 		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MovableType.org.xml b/src/chrome/content/rules/MovableType.org.xml
new file mode 100644
index 000000000000..f214358de118
--- /dev/null
+++ b/src/chrome/content/rules/MovableType.org.xml
@@ -0,0 +1,21 @@
+<!--
+	Mixed content:
+
+		- Image on (www.)? from www.movabletype.jp *
+
+	* Unsecurable <= refused
+
+-->
+<ruleset name="MovableType.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="movabletype.org" />
+	<target host="plugins.movabletype.org" />
+	<target host="www.movabletype.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Movable_Ink.com.xml b/src/chrome/content/rules/Movable_Ink.com.xml
new file mode 100644
index 000000000000..bb6de680d146
--- /dev/null
+++ b/src/chrome/content/rules/Movable_Ink.com.xml
@@ -0,0 +1,70 @@
+<!--
+	Problematic hosts in *movableink.com:
+
+		- info *
+
+	* Pardot
+
+
+	Insecure cookies are set for these hosts:
+
+		- movableink.com
+		- info.movableink.com
+
+
+	Mixed content:
+
+		- Image on blog from nycventurefellows.org
+
+-->
+<ruleset name="Movable Ink.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="movableink.com" />
+	<target host="app.movableink.com" />
+	<target host="blog.movableink.com" />
+	<target host="www.movableink.com" />
+
+	<!--	Complications:
+				-->
+	<target host="info.movableink.com" />
+
+		<exclusion pattern="^http://info\.movableink\.com/+(?!$|\?|css/)" />
+
+
+			<test url="http://info.movableink.com/10-Instagram-Marketing-Strategies-Ebook" />
+			<test url="http://info.movableink.com/Download-Responsive-Email-Hacks-Guide" />
+			<test url="http://info.movableink.com/Responsive-Design" />
+			<test url="http://info.movableink.com/agileEMAIL-Overview" />
+			<test url="http://info.movableink.com/request-demo" />
+
+			<!--	-ve:
+					-->
+			<test url="http://info.movableink.com/?" />
+			<test url="http://info.movableink.com//" />
+			<test url="http://info.movableink.com/css/form.css" />
+			<test url="http://info.movableink.com/css/form.css?foo" />
+			<test url="http://info.movableink.com/css/form.css?bar" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^movableink\.com$" name="^_portada_session$" /-->
+	<!--securecookie host="^info\.movableink\.com$" name="^visitor_id\w+$" /-->
+
+	<securecookie host="^movableink\.com$" name=".+" />
+
+
+	<rule from="^http://info\.movableink\.com/(?=/*css/)"
+		to="https://go.pardot.com/" />
+
+	<!--	Redirect drops args and forward slash:
+							-->
+	<rule from="^http://info\.movableink\.com/.*"
+		to="https://movableink.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Movable_Type.com.xml b/src/chrome/content/rules/Movable_Type.com.xml
new file mode 100644
index 000000000000..c330f33bd1fd
--- /dev/null
+++ b/src/chrome/content/rules/Movable_Type.com.xml
@@ -0,0 +1,13 @@
+<!--
+	For other Six Apart coverage, see SixApart.xml.
+
+-->
+<ruleset name="Movable Type.com">
+
+	<target host="movabletype.com" />
+	<target host="www.movabletype.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MoveOn.org-falsemixed.xml b/src/chrome/content/rules/MoveOn.org-falsemixed.xml
new file mode 100644
index 000000000000..8dee75777009
--- /dev/null
+++ b/src/chrome/content/rules/MoveOn.org-falsemixed.xml
@@ -0,0 +1,16 @@
+<!--
+	For rules not causing false/broken MCB, see MoveOn.xml.
+
+-->
+<ruleset name="MoveOn.org (false MCB)" platform="mixedcontent">
+
+	<target host="petitions.moveon.org" />
+
+
+	<securecookie host="^petitions\.moveon\.org$" name=".+" />
+	<securecookie host="^\.signon\.org$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MoveOn.org.xml b/src/chrome/content/rules/MoveOn.org.xml
new file mode 100644
index 000000000000..9a6a5b766511
--- /dev/null
+++ b/src/chrome/content/rules/MoveOn.org.xml
@@ -0,0 +1,86 @@
+<!--
+	Connection closed:
+		- start
+
+	Connection timed out:
+		- bb
+		- bugzilla
+		- cloudondev
+		- code
+		- dev
+		- dev.front
+		- fwc
+		- kb
+		- o17.list
+		- o23.list
+		- o24.list
+		- o9.list
+		- notes
+		- offsite
+		- piwik
+		- thanks
+
+	Incomplete certificate chain:
+		- action
+		- cnnbc
+		- cdn.front
+		- peace
+		- www.realvotervoices
+
+	Mismatched:
+		- call
+		- cf
+		- www.civ
+		- www.civic
+		- petitions.cloudon
+		- front-stage-original
+		- img
+		- jonossoff
+		- list
+		- local
+		- www.opensource
+		- www.peace
+		- s3.petitions
+		- www.pol
+		- www.political
+		- s3
+-->
+<ruleset name="MoveOn.org">
+	<target host="moveon.org" />
+	<target host="www.moveon.org" />
+	<target host="2016forum.moveon.org" />
+	<target host="act.moveon.org" />
+	<target host="campaigns.moveon.org" />
+	<target host="campaigns-stage.moveon.org" />
+	<target host="candidates.moveon.org" />
+	<target host="cdn.moveon.org" />
+	<target host="civ.moveon.org" />
+	<target host="civic.moveon.org" />
+	<target host="direct.moveon.org" />
+	<target host="electilhanomar.moveon.org" />
+	<target host="electrashidatlaib.moveon.org" />
+	<target host="field.moveon.org" />
+	<target host="forums.moveon.org" />
+	<target host="front.moveon.org" />
+	<target host="front-stage.moveon.org" />
+	<target host="gianforte.moveon.org" />
+	<target host="opensource.moveon.org" />
+	<target host="petitions.moveon.org" />
+	<target host="www.petitions.moveon.org" />
+	<target host="pac.petitions.moveon.org" />
+	<target host="static.petitions.moveon.org" />
+	<target host="pol.moveon.org" />
+	<target host="political.moveon.org" />
+	<target host="quiz.moveon.org" />
+	<target host="realvotervoices.moveon.org" />
+	<target host="rwleaders.moveon.org" />
+	<target host="share.moveon.org" />
+	<target host="share-stage.moveon.org" />
+	<target host="spoke.moveon.org" />
+	<target host="static.moveon.org" />
+	<target host="swingvotergostatic.moveon.org" />
+	<target host="votelove.moveon.org" />
+	<target host="wiki.moveon.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MoveOn.xml b/src/chrome/content/rules/MoveOn.xml
deleted file mode 100644
index d95fae6cebe2..000000000000
--- a/src/chrome/content/rules/MoveOn.xml
+++ /dev/null
@@ -1,32 +0,0 @@
-<ruleset name="MoveOn">
-	<target host="moveon.org" />
-	<target host="*.moveon.org" />
-	<target host="moveonpac.org" />
-	<target host="www.moveonpac.org" />
-
-	<!-- For a URL such as http://www.moveon.org/press where
-	there is no trailing slash, add a trailing slash when
-	changing the URL to HTTPS (the previous URL becomes
-	https://www.moveon.org/press/ for instance.) -->
-	<rule from="^https?://(?:www\.)?moveon\.org/([a-z0-9]+)$" to="https://www.moveon.org/$1/" />
-	<rule from="^https?://(pol|civic|civ)\.moveon\.org/([a-z0-9]+)$" to="https://$1.moveon.org/$2/" />
-
-	<!-- As of April 23, 2011, the URL https://www.moveon.org/keepmeposted/ redirects to the
-	https://civic.moveon.org/keepmeposted// URL. This is probably an error-the correct URL
-	should be https://civic.moveon.org/keepmeposted/ instead. The rule that comes next tries
-	to correct this error by adjusting certain URLs that end with two or more slashes. -->
-	<rule from="^https?://civic\.moveon\.org/([a-z0-9]+){1}/{2,}" to="https://civic.moveon.org/$1/" />
-
-	<!-- Change URLs that start with http://www.moveon.org/r? to start with
-	https://www.moveon.org/r/? instead. -->
-	<rule from="^http://(?:www\.)?moveon\.org/r\?" to="https://www.moveon.org/r/?" />
-
-	<!-- Handle URLs that do not fall within the previously mentioned
-	special cases. -->
-	<rule from="^http://(?:www\.)?moveon\.org/((?:[^a-z0-9]+)|(?:[a-z0-9]{2,}\?)|(?:[a-qs-z0-9]\?)|(?:[a-z0-9]+[^a-z0-9?]+)){1}" to="https://www.moveon.org/$1" />
-	<rule from="^http://(pol|civ)\.moveon\.org/([^a-z0-9]+|(?:[a-z0-9]+[^a-z0-9]+)|$){1}" to="https://$1.moveon.org/$2" />
-	<rule from="^http://civic\.moveon\.org/((?:[^a-z0-9]+)|(?:[a-z0-9]+[^a-z0-9/]+)|(?:[a-z0-9]+/(?:$|[^/]+))|$){1}" to="https://civic.moveon.org/$1" />
-
-	<!-- Handle URLs for the moveonpac.org domain. -->
-	<rule from="^http://(?:www\.)?moveonpac\.org/" to="https://www.moveonpac.org/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Movelia.xml b/src/chrome/content/rules/Movelia.xml
index 98f8ea994d2a..a8a35769bf47 100644
--- a/src/chrome/content/rules/Movelia.xml
+++ b/src/chrome/content/rules/Movelia.xml
@@ -1,6 +1,28 @@
-<ruleset name="Movelia">
-  <target host="movelia.es" />
+<!--
+	^movelia.es: Mismatched
+
+
+	Mixed content:
+
+		- Images from $self *
+		- Ad from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Movelia.es">
+
+	<!--	Direct rewrites:
+				-->
   <target host="www.movelia.es" />
 
-  <rule from="^http://(?:www\.)?movelia\.es/" to="https://www.movelia.es/" />
+	<!--	Complications:
+				-->
+  <target host="movelia.es" />
+
+	<rule from="^http://movelia\.es/"
+		to="https://www.movelia.es/" />
+
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Moverall.com.xml b/src/chrome/content/rules/Moverall.com.xml
new file mode 100644
index 000000000000..d5b6e87cea64
--- /dev/null
+++ b/src/chrome/content/rules/Moverall.com.xml
@@ -0,0 +1,25 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://moverall.com/ => https://www.moverall.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.moverall.com/ => https://www.moverall.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://moverall.com/ => https://www.moverall.com/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="Moverall" default_off="failed ruleset test">
+
+	<target host="moverall.com" />
+	<target host="www.moverall.com" />
+	<target host="cdn.moverall.com" />
+	<target host="az698912.vo.msecnd.net" />
+
+	<test url="http://moverall.com/" />
+	<test url="http://www.moverall.com/" />
+	<test url="http://cdn.moverall.com/" />
+	<test url="http://az698912.vo.msecnd.net/" />
+
+	<rule from="^http://(www\.)?moverall\.com/" to="https://www.moverall.com/" />
+	<rule from="^http://cdn\.moverall\.com/" to="https://az698912.vo.msecnd.net/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Movian.tv.xml b/src/chrome/content/rules/Movian.tv.xml
new file mode 100644
index 000000000000..6b9dfc9f4788
--- /dev/null
+++ b/src/chrome/content/rules/Movian.tv.xml
@@ -0,0 +1,17 @@
+<!--
+	www.movian.tv doesn't exist.
+
+-->
+<ruleset name="Movian.tv">
+
+	<target host="movian.tv" />
+
+
+	<securecookie host="^\w" name=".+" />
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Movie2k.tv.xml b/src/chrome/content/rules/Movie2k.tv.xml
new file mode 100644
index 000000000000..fb6dc003b8ec
--- /dev/null
+++ b/src/chrome/content/rules/Movie2k.tv.xml
@@ -0,0 +1,23 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://movie2k.cm/ => https://movie2k.cm/: (51, "SSL: no alternative certificate subject name matches target host name 'movie2k.cm'")
+Fetch error: http://www.movie2k.cm/ => https://www.movie2k.cm/: (51, "SSL: no alternative certificate subject name matches target host name 'www.movie2k.cm'")
+Fetch error: http://movie2k.nu/ => https://movie2k.nu/: (51, "SSL: no alternative certificate subject name matches target host name 'movie2k.nu'")
+Fetch error: http://www.movie2k.nu/ => https://www.movie2k.nu/: (51, "SSL: no alternative certificate subject name matches target host name 'www.movie2k.nu'")
+Fetch error: http://movie2k.pe/ => https://movie2k.pe/: (51, "SSL: no alternative certificate subject name matches target host name 'movie2k.pe'")
+Fetch error: http://www.movie2k.pe/ => https://www.movie2k.pe/: (51, "SSL: no alternative certificate subject name matches target host name 'www.movie2k.pe'")
+
+movie2k.tv is on sale
+-->
+<ruleset name="Movie2k.tv" default_off="failed ruleset test">
+	<target host="movie2k.cm"/>
+	<target host="www.movie2k.cm"/>
+	<target host="movie2k.nu"/>
+	<target host="www.movie2k.nu"/>
+	<target host="movie2k.pe"/>
+	<target host="www.movie2k.pe"/>
+
+	<rule from="^http:"
+		to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/Movie4k.to.xml b/src/chrome/content/rules/Movie4k.to.xml
new file mode 100644
index 000000000000..76576d014797
--- /dev/null
+++ b/src/chrome/content/rules/Movie4k.to.xml
@@ -0,0 +1,17 @@
+<ruleset name="Movie4k.to">
+	<target host="movie4k.me"/>
+	<target host="www.movie4k.me"/>
+	<target host="movie4k.org"/>
+	<target host="www.movie4k.org"/>
+	<target host="movie4k.pe"/>
+	<target host="www.movie4k.pe"/>
+	<target host="movie.to"/>
+	<target host="www.movie.to"/>
+	<target host="movie4k.to"/>
+	<target host="www.movie4k.to"/>
+	<target host="movie4k.tv"/>
+	<target host="www.movie4k.tv"/>
+
+	<rule from="^http:"
+		to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/MovieMaps.org.xml b/src/chrome/content/rules/MovieMaps.org.xml
new file mode 100644
index 000000000000..3b2b538dafc5
--- /dev/null
+++ b/src/chrome/content/rules/MovieMaps.org.xml
@@ -0,0 +1,9 @@
+<ruleset name="MovieMaps.org">
+	<target host=    "moviemaps.org" />
+	<target host="www.moviemaps.org" />
+
+        <securecookie host="^moviemaps\.org$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MovieTH.com.xml b/src/chrome/content/rules/MovieTH.com.xml
deleted file mode 100644
index 1ce8dfe96d59..000000000000
--- a/src/chrome/content/rules/MovieTH.com.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="MovieTH.com">
-
-	<target host="movieth.com" />
-	<target host="*.movieth.com" />
-
-
-	<securecookie host="^\.movieth\.com$" name=".+" />
-
-
-	<rule from="^http://(sexy\.|www2?\.)?movieth\.com/"
-		to="https://$1movieth.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/MovieTickets.com.xml b/src/chrome/content/rules/MovieTickets.com.xml
index 9da760eba0c2..dd0a58b9e788 100644
--- a/src/chrome/content/rules/MovieTickets.com.xml
+++ b/src/chrome/content/rules/MovieTickets.com.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://movietickets.com/ (200) => https://movietickets.com/ (526)
+
 	CDN buckets:
 
 		- a1608.g.akamai.net/7/1608/1174/20136715301/
@@ -8,11 +12,10 @@
 			- reviews.movietickets.com
 
 -->
-<ruleset name="MovieTickets.com">
+<ruleset name="MovieTickets.com" default_off="failed ruleset test">
 
-	<target host="a1608.g.akamai.net" />
 	<target host="movietickets.com" />
-	<target host="*.movietickets.com" />
+	<target host="www.movietickets.com" />
 
 
 	<securecookie host="^(?:www\.)?movietickets\.com$" name=".+" />
@@ -22,17 +25,7 @@
 	<securecookie host="^\.movietickets\.com$" name="^s_\w\w$" />
 
 
-	<rule from="^http://(www\.)?movietickets\.com/"
-		to="https://$1movietickets.com/" />
-
-	<!--	www uses some protocol-relative links:
-							-->
-	<rule from="^https?://a1608\.g\.akamai\.net/7/1608/1174/20136715301/"
-		to="https://a248.e.akamai.net/7/1608/1174/20136715301/" />
-
-	<!--	Ditto:
-			-->
-	<rule from="^https?://reviews\.movietickets\.com/(6056|module|static)/"
-		to="https://a248.e.akamai.net/7/1608/1174/20136715301/reviews.movietickets.com/$1/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Moviease.com.xml b/src/chrome/content/rules/Moviease.com.xml
index 14a746bfb2e3..5c529b432320 100644
--- a/src/chrome/content/rules/Moviease.com.xml
+++ b/src/chrome/content/rules/Moviease.com.xml
@@ -1,19 +1,18 @@
 <!--
 	Nonfunctional subdomains:
 
-		- ads	(502; mismatched, CN: 
+		- ads	(502; mismatched, CN:
 
 -->
 <ruleset name="moviease.com">
 
 	<target host="moviease.com" />
-	<target host="*.moviease.com" />
+	<target host="www.moviease.com" />
 
 
 	<securecookie host="^(?:w*\.)?moviease\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?moviease\.com/"
-		to="https://$1moviease.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Moviefone.xml b/src/chrome/content/rules/Moviefone.xml
index b69cceb36410..14de066450c0 100644
--- a/src/chrome/content/rules/Moviefone.xml
+++ b/src/chrome/content/rules/Moviefone.xml
@@ -1,22 +1,11 @@
 <!--
 	For othe AOL coverage, see AOL.xml.
-
-
-	!www doesn't work
-
 -->
-<ruleset name="Moviefone">
+<ruleset name="Moviefone.com">
 
-	<target host="blogsmithmedia.com" />
-	<target host="www.blogsmithmedia.com" />
 	<target host="moviefone.com" />
 	<target host="www.moviefone.com" />
 
-
-	<securecookie host="^(?:www)?\.moviefone\.com$" name=".+" />
-
-
-	<rule from="^https?://(?:(?:www\.)?blogsmithmedia\.com/)?(?:www\.)?moviefone\.com/"
-		to="https://www.moviefone.com/" />
-
-</ruleset>
\ No newline at end of file
+	<rule from="^http://(www\.)?moviefone\.com/"
+			to="https://www.moviefone.com/" />
+</ruleset>
diff --git a/src/chrome/content/rules/Moviemagnet.net.xml b/src/chrome/content/rules/Moviemagnet.net.xml
new file mode 100644
index 000000000000..1052940dd4e2
--- /dev/null
+++ b/src/chrome/content/rules/Moviemagnet.net.xml
@@ -0,0 +1,13 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://moviemagnet.net/ => https://moviemagnet.net/: (35, 'Unknown SSL protocol error in connection to moviemagnet.net:443 ')
+Fetch error: http://www.moviemagnet.net/ => https://www.moviemagnet.net/: (35, 'Unknown SSL protocol error in connection to www.moviemagnet.net:443 ')
+
+-->
+<ruleset name="Moviemagnet.net" default_off="failed ruleset test">
+	<target host="moviemagnet.net" />
+	<target host="www.moviemagnet.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Movienewsletters.net.xml b/src/chrome/content/rules/Movienewsletters.net.xml
new file mode 100644
index 000000000000..0f1ac023ec3e
--- /dev/null
+++ b/src/chrome/content/rules/Movienewsletters.net.xml
@@ -0,0 +1,9 @@
+<ruleset name="movienewsletters.net">
+
+	<target host="movienewsletters.net" />
+	<target host="www.movienewsletters.net" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Movieposter.com.xml b/src/chrome/content/rules/Movieposter.com.xml
index 9fe0129c6080..adc881ec97bf 100644
--- a/src/chrome/content/rules/Movieposter.com.xml
+++ b/src/chrome/content/rules/Movieposter.com.xml
@@ -4,7 +4,6 @@
 	<target host="www.movieposter.com" />
 
 
-	<rule from="^http://(www\.)?movieposter\.com/"
-		to="https://$1movieposter.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Movim.eu.xml b/src/chrome/content/rules/Movim.eu.xml
new file mode 100644
index 000000000000..f3a2108bffd3
--- /dev/null
+++ b/src/chrome/content/rules/Movim.eu.xml
@@ -0,0 +1,33 @@
+<!--
+	Invalid certificate:
+		www.movim.eu
+		edhelas.movim.eu (broken chain)
+		img.movim.eu
+		pubsub.movim.eu
+		wiki.movim.eu
+
+	Different content http/https:
+		stats.movim.eu
+		upload.movim.eu
+
+-->
+<ruleset name="Movim">
+
+	<target host="movim.eu" />
+	<target host="www.movim.eu" />
+	<target host="api.movim.eu" />
+	<target host="apt.movim.eu" />
+	<target host="fr.movim.eu" />
+	<target host="it.movim.eu" />
+	<target host="nl.movim.eu" />
+	<target host="pod.movim.eu" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://www\.movim\.eu/"
+		to="https://movim.eu/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Movim.xml b/src/chrome/content/rules/Movim.xml
deleted file mode 100644
index e6137cde48d8..000000000000
--- a/src/chrome/content/rules/Movim.xml
+++ /dev/null
@@ -1,29 +0,0 @@
-<!--
-	CN: web.tuxfamily.net
-
-
-	Fully covered subdomains:
-
-		- (www.)	(www → ^)
-		- blog
-		- planet
-		- pod
-		- wiki
-
-
-	Mixed images on blog & planet from various domains
-
--->
-<ruleset name="Movim" default_off="mismatched, self-signed">
-
-	<target host="movim.eu" />
-	<target host="*.movim.eu" />
-
-
-	<securecookie host="^wiki\.movim\.eu$" name=".+" />
-
-
-	<rule from="^http://(?:((?:blog|planet|pod|wiki)\.)|www\.)?movim\.eu/"
-		to="https://$1movim.eu/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Moxie_Soft.com.xml b/src/chrome/content/rules/Moxie_Soft.com.xml
new file mode 100644
index 000000000000..3abef4a69726
--- /dev/null
+++ b/src/chrome/content/rules/Moxie_Soft.com.xml
@@ -0,0 +1,54 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://moxiesoft.com/ => https://moxiesoft.com/: (51, "SSL: no alternative certificate subject name matches target host name 'moxiesoft.com'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://gomoxie.com/ => https://gomoxie.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://moxiesoft.com/ => https://moxiesoft.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+	Nonfunctional domains:
+
+		- resources.moxiesoft.com *
+
+	* Marketo
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- www.gomoxie.com from $self *
+			- www.gomoxie.com from farm\d.static.flickr.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Moxie Soft.com" default_off="failed ruleset test">
+
+	<target host="gomoxie.com" />
+	<target host="support.gomoxie.com" />
+	<target host="www.gomoxie.com" />
+	<target host="moxiesoft.com" />
+	<target host="www.moxiesoft.com" />
+	<target host="resources.moxiesoft.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^support\.gomoxie\.com$" name="^BIGipServerPool_ITSM_Prod_Admin_SSL$" /-->
+	<!--securecookie host="^(www\.)?(gomoxie|moxiesoft)\.com$" name="^(cbc_country_code|cbc_country_name)$" /-->
+
+	<securecookie host="^(?:www\.)?(?:gomoxie|moxiesoft)\.com$" name=".+" />
+	<securecookie host="^support\.gomoxie\.com$" name="^$" />
+
+
+	<rule from="^http://(support\.|www\.)?gomoxie\.com/"
+		to="https://$1gomoxie.com/" />
+
+	<rule from="^http://(www\.)?moxiesoft\.com/"
+		to="https://$1moxiesoft.com/" />
+
+	<rule from="^http://resources\.moxiesoft\.com/(?=css/|images/|js/|rs/)"
+		to="https://na-sjg.marketo.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MoyoTheatre.com.xml b/src/chrome/content/rules/MoyoTheatre.com.xml
new file mode 100644
index 000000000000..5d143fdfe21d
--- /dev/null
+++ b/src/chrome/content/rules/MoyoTheatre.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="MoyoTheatre.com">
+	<target host="moyotheatre.com" />
+	<target host="www.moyotheatre.com" />
+	<target host="autodiscover.moyotheatre.com" />
+	<target host="bloodwatch-org.moyotheatre.com" />
+	<target host="cpanel.moyotheatre.com" />
+	<target host="mail.moyotheatre.com" />
+	<target host="webdisk.moyotheatre.com" />
+	<target host="webmail.moyotheatre.com" />
+	<target host="www.bloodwatch-org.moyotheatre.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mozdev-mismatches.xml b/src/chrome/content/rules/Mozdev-mismatches.xml
index fcb2d4d05c21..a590184d9d61 100644
--- a/src/chrome/content/rules/Mozdev-mismatches.xml
+++ b/src/chrome/content/rules/Mozdev-mismatches.xml
@@ -1,13 +1,19 @@
-<!--	ruleset for all projects, which are hosted on subdomains.
+<!--
+	See the main Mozdev ruleset, see Mozdev.xml.
 -->
-<ruleset name="Mozdev (mismatches)" default_off="expired, mismatch">
+<ruleset name="Mozdev (mismatches)" default_off="mismatched">
 
-	<target host="*.mozdev.org"/>
-		<!--	domains for which the cert is valid
-			handled in Mozdev.xml	-->
-		<exclusion pattern="^http://(bugzilla\.|hg\.|www\.)?mozdev\.org/"/>
+	<target host="*.mozdev.org" />
+		<test url="http://firefox.mozdev.org/" />
+		<test url="http://maf.mozdev.org/" />
+		<test url="http://zombiekeys.mozdev.org/" />
+		<!-- Domains handled in Mozdev.xml. -->
+		<exclusion pattern="^http://(bugzilla\.|www\.)?mozdev\.org/"/>
+			<test url="http://bugzilla.mozdev.org/" />
+			<test url="http://www.mozdev.org/" />
+			<test url="http://mozdev.org/" />
 
-	<securecookie host="^.*\.mozdev\.org$" name=".*"/>
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http://([\w\-]+)\.mozdev\.org/"
 		to="https://$1.mozdev.org/"/>
diff --git a/src/chrome/content/rules/Mozdev.xml b/src/chrome/content/rules/Mozdev.xml
deleted file mode 100644
index 45bbf4f836b2..000000000000
--- a/src/chrome/content/rules/Mozdev.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	Expired 2013-07-01
-
--->
-<ruleset name="Mozdev (partial, expired)" default_off="expired">
-
-	<target host="mozdev.org"/>
-	<target host="bugzilla.mozdev.org"/>
-	<target host="hg.mozdev.org"/>
-	<target host="svn.mozdev.org"/>
-	<target host="www.mozdev.org"/>
-
-	<securecookie host="^(.*\.)?mozdev\.org$" name=".*"/>
-
-	<rule from="^http://(hg\.|svn\.|www\.)?mozdev\.org/"
-		to="https://$1mozdev.org/"/>
-
-	<rule from="^http://bugzilla\.mozdev\.org/"
-		to="https://www.mozdev.org/bugs/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Mozdev_Group.com.xml b/src/chrome/content/rules/Mozdev_Group.com.xml
new file mode 100644
index 000000000000..e4cd01ffe4d4
--- /dev/null
+++ b/src/chrome/content/rules/Mozdev_Group.com.xml
@@ -0,0 +1,48 @@
+<!--
+	Nonfunctional subdomains:
+
+		- openkiosk *
+
+	* Refused
+
+
+	Problematic subdomains:
+
+		- jslib *
+
+	* Mismatched, CN: www.mozdev.org
+
+
+	Mixed content:
+
+		- Bug on jslib from www.google.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Mozdev Group.com (partial)">
+
+	<target host="mozdevgroup.com" />
+	<target host="air.mozdevgroup.com" />
+	<target host="emory.mozdevgroup.com" />
+	<target host="fresenius.mozdevgroup.com" />
+	<target host="ipcache.mozdevgroup.com" />
+	<target host="measurement.mozdevgroup.com" />
+	<target host="okcd.mozdevgroup.com" />
+	<target host="vantage.mozdevgroup.com" />
+	<target host="www.mozdevgroup.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(air|emory|fresenius|ipcache|measurement|okcd|vantage)\.mozdevgroup\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^(?:air|emory|fresenius|ipcache|measurement|okcd|vantage)\.mozdevgroup\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+	<!--rule from="^http://jslib\.mozdevgroup\.com/"
+		to="https://jslib.mozdev.org/" /-->
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mozgvya.com.xml b/src/chrome/content/rules/Mozgvya.com.xml
new file mode 100644
index 000000000000..c769577b1fd5
--- /dev/null
+++ b/src/chrome/content/rules/Mozgvya.com.xml
@@ -0,0 +1,11 @@
+<!--
+	Non-active domain:
+	- www.mozgvya.com
+-->
+<ruleset name="mozgvya.com">
+	<target host="mozgvya.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mozilla-Community.org.xml b/src/chrome/content/rules/Mozilla-Community.org.xml
new file mode 100644
index 000000000000..d295a3bff1ac
--- /dev/null
+++ b/src/chrome/content/rules/Mozilla-Community.org.xml
@@ -0,0 +1,16 @@
+<!--
+	For other Mozilla coverage, see Mozilla.xml.
+
+
+	(www.)? doesn't exist.
+
+-->
+<ruleset name="Mozilla-Community.org">
+
+	<target host="discourse.mozilla-community.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mozilla-Russia.org.xml b/src/chrome/content/rules/Mozilla-Russia.org.xml
index 81a4893b99c9..d07eff5bb1e2 100644
--- a/src/chrome/content/rules/Mozilla-Russia.org.xml
+++ b/src/chrome/content/rules/Mozilla-Russia.org.xml
@@ -31,7 +31,9 @@
 <ruleset name="Mozilla-Russia.org (partial)">
 
 	<target host="mozilla-russia.org" />
-	<target host="*.mozilla-russia.org" />
+	<target host="bugzilla.mozilla-russia.org" />
+	<target host="forum.mozilla-russia.org" />
+	<target host="www.mozilla-russia.org" />
 
 
 	<securecookie host="^(?:bugzilla|forum)\.mozilla-russia\.org$" name=".+" />
diff --git a/src/chrome/content/rules/Mozilla-self-signed.xml b/src/chrome/content/rules/Mozilla-self-signed.xml
deleted file mode 100644
index c89d8fcef9b4..000000000000
--- a/src/chrome/content/rules/Mozilla-self-signed.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	For rules that are on by default, see Mozilla.xml.
-
--->
-<ruleset name="Mozilla (self-signed)" default_off="mismatched, self-signed">
-
-	<target host="blog.lizardwrangler.com" />
-	<target host="krakenbenchmark.mozilla.org" />
-
-
-	<rule from="^http://blog\.lizardwrangler\.com/"
-		to="https://blog.lizardwrangler.com/" />
-
-	<!--	Cert: www.mozilla.com
-					-->
-	<rule from="^http://krakenbenchmark\.mozilla\.org/"
-		to="https://krakenbenchmark.mozilla.org/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Mozilla.com.tw.xml b/src/chrome/content/rules/Mozilla.com.tw.xml
index e9044acb2556..b9c6e65fb46c 100644
--- a/src/chrome/content/rules/Mozilla.com.tw.xml
+++ b/src/chrome/content/rules/Mozilla.com.tw.xml
@@ -1,13 +1,13 @@
 <!--
-	For other Mozilla coverage, see Mozilla.xml.
-
+	For other Mozilla coverage, see Mozilla.xml
 -->
-<ruleset name="Mozilla.com.tw (partial)">
-
+<ruleset name="Mozilla.com.tw">
+	<target host="mozilla.com.tw" />
+	<target host="www.mozilla.com.tw" />
+	<target host="blog.mozilla.com.tw" />
+	<target host="fun.mozilla.com.tw" />
 	<target host="fxosphone.mozilla.com.tw" />
+	<target host="tech.mozilla.com.tw" />
 
-
-	<rule from="^http://fxosphone\.mozilla\.com\.tw/"
-		to="https://fxosphone.mozilla.com.tw/" />
-
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mozilla.com.xml b/src/chrome/content/rules/Mozilla.com.xml
new file mode 100644
index 000000000000..172c11a4f656
--- /dev/null
+++ b/src/chrome/content/rules/Mozilla.com.xml
@@ -0,0 +1,63 @@
+<!--
+	NB: If a host ceases to exist, just remove the respective test.
+
+	For other Mozilla coverage, see Mozilla.xml.
+
+
+	Problematic hosts in *mozilla.com:
+
+		- air ¹
+		- labs ¹
+
+	¹ Refused
+	² Mismatched
+-->
+<ruleset name="Mozilla.com">
+
+	<target host="mozilla.com" />
+	<target host="*.mozilla.com" />
+
+		<exclusion pattern="^http://fxfeeds\.mozilla\.com/" />
+
+			<test url="http://fxfeeds.mozilla.com/" />
+
+		<!--	Direct rewrites:
+					-->
+		<test url="http://activations.mozilla.com/" />
+		<test url="http://addons.mozilla.com/" />
+		<test url="http://basket.mozilla.com/" />
+		<test url="http://blog.mozilla.com/" />
+		<test url="http://brasstacks.mozilla.com/" />
+		<test url="http://careers.mozilla.com/" />
+		<test url="http://crash-stats.mozilla.com/" />
+		<test url="http://data.mozilla.com/" />
+		<test url="http://fhr.data.mozilla.com/" />
+		<test url="http://hardware.metrics.mozilla.com/" />
+		<test url="http://input.mozilla.com/" />
+		<test url="http://phish-report.mozilla.com/" />
+		<test url="http://en-us.phish-report.mozilla.com/" />
+		<test url="http://snippets.mozilla.com/" />
+		<test url="http://support.mozilla.com/" />
+		<test url="http://tr.malware-error.mozilla.com/" />
+		<test url="http://v.mozilla.com/" />
+		<test url="http://www.mozilla.com/" />
+
+		<!--	Complications:
+					-->
+		<test url="http://air.mozilla.com/" />
+		<test url="http://labs.mozilla.com/" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://labs\.mozilla\.com/"
+		to="https://www.mozillalabs.com/" />
+
+	<rule from="^http://air\.mozilla\.com/"
+		to="https://air.mozilla.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mozilla.jp.xml b/src/chrome/content/rules/Mozilla.jp.xml
new file mode 100644
index 000000000000..aeea565bb0b0
--- /dev/null
+++ b/src/chrome/content/rules/Mozilla.jp.xml
@@ -0,0 +1,13 @@
+<!--
+	For other Mozilla coverage, see Mozilla.xml.
+-->
+<ruleset name="Mozilla.jp" >
+	<target host="mozilla.jp" />
+	<target host="www.mozilla.jp" />
+	<target host="dev.mozilla.jp" />
+	<target host="secure.mozilla.jp" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mozilla.net.xml b/src/chrome/content/rules/Mozilla.net.xml
new file mode 100644
index 000000000000..d48d84834427
--- /dev/null
+++ b/src/chrome/content/rules/Mozilla.net.xml
@@ -0,0 +1,45 @@
+<!--
+	For other Mozilla coverage, see Mozilla.xml.
+
+	CDN buckets:
+		- 2-01-2967-0005.cdx.cedexis.net
+			- cdn.mozilla.net
+		- wac.1237.edgecastcdn.net/??1237/
+			- hardhat.mozilla.net
+
+	Problematic hosts in *mozilla.net:
+		- hardhat ²
+	² Works; mismatched, CN: gp1.wac.edgecastcdn.net
+-->
+<ruleset name="Mozilla.net">
+
+	<target host="*.mozilla.net" />
+		<test url="http://assets.mozilla.net/pdf/IHPbriefs_Web_Literacy_March_2017.pdf" />
+		<test url="http://cdn.mozilla.net/browserquest/img/1/spritesheet.png" />
+			<test url="http://activations.cdn.mozilla.net/" />
+			<test url="http://addons-discovery.cdn.mozilla.net/50b599424886d5ec9380d52b954087cb.webm" />
+			<test url="http://addons.cdn.mozilla.net/user-media/addon_icons/5/5890-64.png" />
+			<test url="http://air.cdn.mozilla.net/" />
+			<test url="http://blocked.cdn.mozilla.net/" />
+			<test url="http://code.cdn.mozilla.net/fonts/fira.css" />
+			<test url="http://developer.cdn.mozilla.net/" />
+			<test url="http://download-installer.cdn.mozilla.net/" />
+			<test url="http://download.cdn.mozilla.net/" />
+			<test url="http://fhr.cdn.mozilla.net/" />
+			<test url="http://hardhat.cdn.mozilla.net/" />
+			<test url="http://mozorg.cdn.mozilla.net/" />
+			<test url="http://snippets.cdn.mozilla.net/" />
+			<test url="http://support.cdn.mozilla.net/" />
+			<test url="http://videos.cdn.mozilla.net/" />
+		<test url="http://interactive-examples.mdn.mozilla.net/pages/tabbed/map.html" />
+		<test url="http://static.addons.mozilla.net/en-US/firefox/.pdf" />
+		<test url="http://www.mozilla.net/" />
+
+	<!--	Mismatched:	-->
+	<exclusion pattern="^http://hardhat\.mozilla\.net/" />
+		<test url="http://hardhat.mozilla.net/en-US/outages.html" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mozilla.xml b/src/chrome/content/rules/Mozilla.xml
index 9856c1eb1027..55908ba52d1c 100644
--- a/src/chrome/content/rules/Mozilla.xml
+++ b/src/chrome/content/rules/Mozilla.xml
@@ -1,26 +1,41 @@
 <!--
+The following targets have been disabled at 2020-10-14 21:27:05:
+
+Fetch error: http://advocacy.mozilla.org/ => https://advocacy.mozilla.org/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://alerts.telemetry.mozilla.org/ => https://alerts.telemetry.mozilla.org/: (6, 'Could not resolve host: alerts.telemetry.mozilla.org')
+Fetch error: http://mig.mozilla.org/ => https://mig.mozilla.org/: (6, 'Could not resolve host: mig.mozilla.org')
+
+	NB: If a host ceases to exist, just remove the respective test
+
+
 	Other Mozilla rulesets:
 
-		- BrowserID.xml
+		- Allizom.org.xml
+		- BadgeKit.org.xml
 		- Bugzilla.xml
-		- GetPersonas.xml
+		- Firefox.com.xml
+		- Lizard_Wrangler.com.xml
+		- Makes.org.xml
+		- Mozilla-Community.org.xml
 		- Mozilla.com.tw.xml
-		- Mozilla_Persona.xml
+		- Mozilla.com.xml
+		- Mozilla.jp.xml
+		- Mozilla.net.xml
+		- Mozilla_Demos.org.xml
+		- Mozilla_Messaging.com.xml
 		- Mozilla_Webmaker.xml
+		- Mozillalabs.com.xml
+		- Moztw.org.xml
+		- mzl.la (via Bitly_branded_short_domains.xml)
 		- Open_Badges.xml
+		- TaskCluster.net
+		- TogetherJS.com.xml
+		- WebFWD.org.xml
 
 
 	CDN buckets:
 
-		- 2-01-2967-0005.cdx.cedexis.net
-
-			- cdn.mozilla.net
-
-		- wac.1237.edgecastcdn.net/??1237/
-
-			- getpersonas-cdn.mozilla.net
-
-		- images.s4.exacttarget.com.edgesuite.net
+		- a248.e.akamai.net/f/1/1/1/image.e.mozilla.org/
 
 			- image.e.mozilla.org
 
@@ -35,301 +50,105 @@
 
 	Nonfunctional domains:
 
-		- identity.mozilla.com ¹
+		- (www.)?drumbeat.org ³
 
-		- mozilla.org subdomains:
+	³ Refused
 
-			- browserquest ²
-			- dxr ²
-			- view.e ³
-			- graphs ²
-			- planet ²
-			- releases ³
-			- sfx-images ²		(banners)
-			- start ²
-			- www-archive		(prompts for LDAP login, CN: static-san.mozilla.org)
-
-		- blog.webfwd.org ³
-
-	¹ Hosted on tumblr
-	² Refused
-	³ Dropped
-
-
-	Problematic domains:
-
-		- firefox.com
-		- www.firefox.com		(works; mismatched, CN: static-san.mozilla.org)
-		- blog.lizardwrangler.com	(self-signed)
-		- cdn.mozilla.net		(404; mismatched, CN: gp1.wac.edgecastcdn.net)
-		- download.cdn.mozilla.net	(503, akamai)
-		- getpersonas-cdn.mozilla.net	(mismatched, CN: ssl2.cdngc.net)
-
-		- mozilla.org subdomains:
-
-			- affiliates-cdn	(works; mismatched, CN: affiliates.mozilla.org)
-			- beta *
-			- click.e		(works; mismatched, CN: *.virt.s4.exacttarget.com)
-			- image.e		(works, akamai)
-			- krakenbenchmark	(works; mismatched, CN: static-san.mozilla.org)
-			- labs *
-			- talkback-public *
-			- videos		(works; mismatched, CN: static-cdn.addons.mozilla.net)
-
-	* Prompts for LDAP login; mismatched, CN: static-san.mozilla.org
-
-
-	Fully covered domains:
-
-		- drumbeat.org
-		- www.drumbeat.org
-		- (www.)firefox.com		(→ www.mozilla.org)
-		- marketplace.firefox.com
-
-		- mozilla.com subdomains:
-
-			- (www.)
-			- addons
-			- air
-			- basket
-			- blog
-			- brasstacks
-			- crash-analysis
-			- crash-stats
-			- data
-			- input
-			- people
-			- support
-
-		- mozilla.net subdomains:
-
-			- (www.)		(→ www.mozilla.org)
-			- static-cdn.addons
-			- static-ssl-cdn.addons
-
-			- cdn subdomains:
-
-				- addons
-				- developer
-				- download		(→ ftp.mozilla.org)
-				- download-installer
-				- fhr
-				- getpersonas
-				- marketplace
-				- mozorg
-				- support
-				- versioncheck
-
-			- getpersonas-cdn	(→ getpersonas.cdn)
-			- videos-cdn
-
-		- mozilla.org subdomains:
-
-			- (www.)
-
-			- addons subdomains:
-
-				- ^
-				- forums
-				- pyrepo
-				- services
-
-			- affiliates
-			- affiliates-cdn	(→ affiliates)
-			- air
-			- basket
-			- beta		(→ mozilla.org/en-US/firefox/channel/)
-			- blog
-			- boardwiki
-			- bugzilla
-			- bzr
-			- careers
-			- communitystore
-			- creative
-			- developer
-			- directory
-			- dnt
-			- donate
-			- download
-			- education
-			- etherpad
-			- fb-affiliates
-			- firefoxflicks
-			- firefoxlive
-			- forums
-			- foundationwiki
-			- ftp
-			- gameon
-			- gpg
-			- hacks
-			- hg
-			- inform
-			- input
-			- intlstore
-			- join
-                        - keys
-                        - keyserver
-			- l10n
-			- labs		(→ mozillalabs.com)
-			- ldap
-			- lists
-			- localize
-			- mail
-			- mana
-			- marketplace
-			- metrics
-			- moztrap
-			- mpl
-			- mxr
-			- nightly
-			- outgoing
-			- people	(→ people.mozilla.com)
-			- quality
-			- reps
-			- securitywiki
-			- sendto
-			- studentreps
-			- support
-			- talkback-public	(→ crash-stats.mozilla.com)
-			- tbpl
-			- videos	(→ videos-cdn.mozilla.net)
-			- wiki
-
-		- mdn.mozillademos.org
-		- (www.)mozillaignite.org
-		- blog.mozillaignite.org
-
-		- mozillalabs.com subdomains:
-
-			- (www.)
-			- apps
-			- bespin
-			- bespinplugins
-			- gaming
-			- heatmap
-			- jetpack
-			- testpilot
-			- webmaker
-
-		- planet.mozillamessaging.com
-		- support.mozillamessaging.com
-		- (www.)webfwd.org
-
-
-	Cookie domains:
 
-		- addons.mozilla.org
-		- reps.mozilla.org
+	Problematic hosts in *mozilla.org:
+
+		- browserquest ⁴
+		- bzr ²
+		- labs ¹
+		- talkback-public ⁴
 
+	¹ https://labs.mozilla.org refuses connections.
+	  http://labs.mozilla redirects to http://mozillalabs.com, and
+	  https://mozillalabs.com uses a mismatched certificate.
+	² Invalid certificate
+	⁴ Connection refused
 
-	Mixed content:
 
-		- Image on www.mozilla.org from www.seamonkey-project.org
+	Insecure cookies are set for these domains:
 
+		- .mozilla.org
+		- addons.mozilla.org
+		- bugzilla.mozilla.org
+		- .sendto.mozilla.org
+		- support.mozilla.org
+		- telemetry.mozilla.org
 -->
-<ruleset name="Mozilla">
-
-	<target host="drumbeat.org" />
-	<target host="www.drumbeat.org" />
-	<target host="firefox.com" />
-	<target host="*.firefox.com" />
-	<target host="mozilla.com" />
-	<target host="*.mozilla.com" />
-		<exclusion pattern="^http://identity\.mozilla\.com/" />
-	<target host="mozilla.net" />
-	<target host="*.mozilla.net" />
-		<exclusion pattern="^http://cdn\.mozilla\.net/" />
+<ruleset name="Mozilla.org">
+
 	<target host="mozilla.org" />
 	<target host="*.mozilla.org" />
 		<!--
 			https://mail1.eff.org/pipermail/https-everywhere-rules/2013-July/001649.html
-													-->
-		<exclusion pattern="^http://(?:browserquest|dxr|graphs|krakenbenchmark|planet|releases|sfx-images|start|www-archive)\.mozilla\.org/" />
-		<!--
-			Breaks newsletter:
-
-				https://mail1.eff.org/pipermail/https-everywhere-rules/2013-June/001635.html
-									-->
-		<exclusion pattern="^http://\w+\.e\.mozilla\.org/" />
-	<target host="mdn.mozillademos.org" />
-	<target host="mozillaignite.com" />
-	<target host="*.mozillaignite.com" />
-	<target host="mozillalabs.com" />
-	<target host="*.mozillalabs.com" />
-	<target host="*.mozillamessaging.com" />
-	<target host="webfwd.org" />
-	<target host="www.webfwd.org" />
-
-
-	<securecookie host="^marketplace\.firefox\.com$" name=".+" />
-	<securecookie host="^.*\.mozilla\.(?:com|org)$" name=".+" />
-	<securecookie host="^mozilla(?:ignite|labs)\.com$" name=".+" />
-
 
-	<rule from="^http://(www\.)?(drumbeat|webfwd)\.org/"
-		to="https://$1$2.org/" />
+			\w+.e.mozilla.org breaks newsletter:
 
-	<!--	Redirects like so over http.
-						-->
-	<rule from="^https?://(?:www\.)?firefox\.com/"
-		to="https://www.mozilla.org/firefox/" />
-
-	<rule from="^http://marketplace\.firefox\.com/"
-		to="https://marketplace.firefox.com/" />
-
-	<rule from="^http://([\w-]+\.)?mozilla\.com/"
-		to="https://$1mozilla.com/" />
-
-	<!--	Redirects as so over http.
-						-->
-	<rule from="^https?://(?:www\.)?mozilla\.net/"
-		to="https://www.mozilla.org/" />
-
-	<rule from="^https?://download\.cdn\.mozilla\.net/"
-		to="https://ftp.mozilla.org/" />
-
-	<rule from="^https?://getpersonas-cdn\.mozilla\.net/"
-		to="https://getpersonas.cdn.mozilla.net/" />
-
-	<rule from="^http://([\w\.-]+)\.mozilla\.net/"
-		to="https://$1.mozilla.net/" />
-
-	<rule from="^https?://affiliates-cdn\.mozilla\.org/"
-		to="https://affiliates.mozilla.org/" />
-
-	<rule from="^https?://beta\.mozilla\.org/"
-		to="https://www.mozilla.org/firefox/channel/" />
-
-	<rule from="^http://labs\.mozilla\.org/"
-		to="https://mozillalabs.com/" />
+				https://mail1.eff.org/pipermail/https-everywhere-rules/2013-June/001635.html
+													-->
+		<exclusion pattern="^http://(europe|browserquest|trychooser\.pub\.build|bzr|symbolapi)\.mozilla\.org/" />
+
+			<test url="http://europe.mozilla.org/" />
+			<test url="http://browserquest.mozilla.org/" />
+			<test url="http://bzr.mozilla.org/" />
+			<test url="http://trychooser.pub.build.mozilla.org/" />
+			<test url="http://symbolapi.mozilla.org/" />
+
+		<test url="http://addons.mozilla.org/" />
+		<test url="http://air.mozilla.org/" />
+		<test url="http://archive.mozilla.org/" />
+		<test url="http://bugzilla.mozilla.org/" />
+		<test url="http://careers.mozilla.org/" />
+		<test url="http://click.e.mozilla.org/" />
+		<test url="http://developer.mozilla.org/" />
+		<test url="http://dxr.mozilla.org/" />
+		<test url="http://ftp.mozilla.org/" />
+		<test url="http://git.mozilla.org/" />
+		<test url="http://hg.mozilla.org/" />
+		<test url="http://image.e.mozilla.org/" />
+		<test url="http://iot.mozilla.org/" />
+		<test url="http://krakenbenchmark.mozilla.org/" />
+		<test url="http://lists.mozilla.org/" />
+		<test url="http://planet.mozilla.org/" />
+		<test url="http://pulse.mozilla.org/" />
+		<test url="http://release.mozilla.org/" />
+		<test url="http://releases.mozilla.org/" />
+		<test url="http://sendto.mozilla.org/page/-/ssou-logos/twitter-bird-white-on-blue.png" />
+		<test url="http://start.mozilla.org/" />
+		<test url="http://support.mozilla.org/" />
+		<test url="http://symbols.mozilla.org/" />
+		<test url="http://telemetry.mozilla.org/" />
+		<test url="http://videos.mozilla.org/" />
+		<test url="http://view.e.mozilla.org/" />
+		<test url="http://website-archive.mozilla.org/" />
+		<test url="http://wiki.mozilla.org/" />
+		<test url="http://www-archive.mozilla.org/" />
+		<test url="http://www.mozilla.org/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.mozilla\.org$" name="^(optimizelyBuckets|optimizelyEndUserId|optimizelyPendingLogEvents|optimizelySegments)$" /-->
+	<!--securecookie host="^addons\.mozilla\.org$" name="^(apps/files/tabstops|multidb_pin_writes|recently-viewed-collections|search-appver|search-platform|visitor-seen_impala_first_visit)$" /-->
+	<!--securecookie host="^bugzilla\.mozilla\.org$" name="^(BUGLIST|LASTORDER)$" /-->
+	<!--securecookie host="^\.sendto\.mozilla\.org$" name="^X-CheckNode$" /-->
+	<!--securecookie host="^support\.mozilla\.org$" name="^dwf_surveygizmo$" /-->
+	<!--securecookie host="^telemetry-dash\.mozilla\.org$" name="^session$" /-->
+
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^https?://people\.mozilla\.org/"
-		to="https://people.mozilla.com/" />
 
 	<!--	Redirects like so over http.
 						-->
-	<rule from="^https?://talkback-public\.mozilla\.org/"
+	<rule from="^http://talkback-public\.mozilla\.org/"
 		to="https://crash-stats.mozilla.com/" />
 
-	<rule from="^https?://videos\.mozilla\.org/"
-		to="https://videos-cdn.mozilla.net/" />
-
-	<rule from="^http://([\w\.-]+\.)?mozilla\.org/"
-		to="https://$1mozilla.org/" />
-
-	<rule from="^http://mdn\.mozillademos\.org/"
-		to="https://mdn.mozillademos.org/" />
-
-	<rule from="^http://(\w+\.)?mozillaignite\.com/"
-		to="https://$1mozillaignite.com/" />
-
-	<rule from="^http://(www\.)?mozillalabs\.com/"
-		to="https://$1mozillalabs.com/" />
-
-	<rule from="^http://(\w+)\.mozillalabs\.com/"
-		to="https://$1.mozillalabs.com/"/>
+		<test url="http://talkback-public.mozilla.org/" />
 
-	<rule from="^http://(planet|support)\.mozillamessaging\.com/"
-		to="https://$1.mozillamessaging.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Mozilla_Demos.org.xml b/src/chrome/content/rules/Mozilla_Demos.org.xml
new file mode 100644
index 000000000000..adc4cdaf9d94
--- /dev/null
+++ b/src/chrome/content/rules/Mozilla_Demos.org.xml
@@ -0,0 +1,20 @@
+<!--
+	For other Mozilla coverage, see Mozilla.xml.
+
+
+	Fully covered hosts in *mozillademos.org:
+
+		- mdn
+
+-->
+<ruleset name="Mozilla Demos.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="mdn.mozillademos.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mozilla_Messaging.com.xml b/src/chrome/content/rules/Mozilla_Messaging.com.xml
new file mode 100644
index 000000000000..11efccdc1a94
--- /dev/null
+++ b/src/chrome/content/rules/Mozilla_Messaging.com.xml
@@ -0,0 +1,29 @@
+<!--
+	For other Mozilla coverage, see Mozilla.xml.
+
+
+	Nonfunctional hosts in *mozillamessaging.com:
+
+		- (www.)? ¹
+		- planet ²
+
+	¹ Refused
+	² 401
+
+
+	Fully covered hosts in *mozillamessaging.com:
+
+		- support
+
+-->
+<ruleset name="Mozilla Messaging.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="support.mozillamessaging.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mozilla_Persona.xml b/src/chrome/content/rules/Mozilla_Persona.xml
deleted file mode 100644
index d38cdc25a998..000000000000
--- a/src/chrome/content/rules/Mozilla_Persona.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	For other Mozilla coverage, see Mozilla.xml.
-
--->
-<ruleset name="Mozilla Persona">
-
-	<target host="persona.org" />
-	<target host="*.persona.org" />
-
-
-	<rule from="^http://(apps\.|(?:static\.|verifier\.)?login\.|www\.)?persona\.org/"
-		to="https://$1persona.org/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Mozilla_Webmaker.xml b/src/chrome/content/rules/Mozilla_Webmaker.xml
index 2b5d23ae1be7..c6ef1b6f8f81 100644
--- a/src/chrome/content/rules/Mozilla_Webmaker.xml
+++ b/src/chrome/content/rules/Mozilla_Webmaker.xml
@@ -1,23 +1,17 @@
 <!--
-	For other Mozilla coverage, see Mozilla.xml
 
+	Mozilla Webmaker
 
-	Fully covered subdomains:
-
-		- (www.)
-		- popcorn
+	For other Mozilla coverage, see Mozilla.xml.
 
 -->
-<ruleset name="Mozilla Webmaker">
-
+<ruleset name="Webmaker.org" >
 	<target host="webmaker.org" />
-	<target host="*.webmaker.org" />
-
-
-	<securecookie host="^(?:.+\.)?webmaker\.org$" name=".+" />
-
+	<target host="www.webmaker.org" />
+	<target host="blog.webmaker.org" />
+	<target host="popcorn.webmaker.org" />
 
-	<rule from="^http://(popcorn\.|www\.)?webmaker\.org/"
-		to="https://$1webmaker.org/" />
+	<securecookie host=".+" name=".+" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mozillalabs.com.xml b/src/chrome/content/rules/Mozillalabs.com.xml
new file mode 100644
index 000000000000..e8e36741fb14
--- /dev/null
+++ b/src/chrome/content/rules/Mozillalabs.com.xml
@@ -0,0 +1,24 @@
+<!--
+	For other Mozilla coverage, see Mozilla.xml.
+
+	Nonfunctional hosts in *.mozillalabs.com:
+		- mozillalabs.com (m)
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Mozillalabs.com">
+	<target host="mozillalabs.com" />
+	<target host="www.mozillalabs.com" />
+	<target host="pontoon.mozillalabs.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://mozillalabs\.com/"
+		to="https://www.mozillalabs.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mozio.com.xml b/src/chrome/content/rules/Mozio.com.xml
new file mode 100644
index 000000000000..ecacac3d5ae6
--- /dev/null
+++ b/src/chrome/content/rules/Mozio.com.xml
@@ -0,0 +1,82 @@
+<!--
+	Invalid certificate:
+		- www.blog.mozio.com
+		- try.mozio.com
+-->
+
+<ruleset name="Mozio.com">
+	<target host="mozio.com" />
+	<target host="www.mozio.com" />
+	<target host="accor.mozio.com" />
+	<target host="aegeanair.mozio.com" />
+	<target host="agoda.mozio.com" />
+	<target host="airbaltic.mozio.com" />
+	<target host="airportparkingreservations.mozio.com" />
+	<target host="airportshuttle.mozio.com" />
+	<target host="airtickets.mozio.com" />
+	<target host="amoma.mozio.com" />
+	<target host="analytics.mozio.com" />
+	<target host="api.mozio.com" />
+	<target host="api-staging.mozio.com" />
+	<target host="app-prod.mozio.com" />
+	<target host="app-prod-gbt.mozio.com" />
+	<target host="app-widget.mozio.com" />
+	<target host="autocomplete.mozio.com" />
+	<target host="blog.mozio.com" />
+	<target host="booking.mozio.com" />
+	<target host="budgetair.mozio.com" />
+	<target host="budgetairbe.mozio.com" />
+	<target host="budgetaircomau.mozio.com" />
+	<target host="budgetaircouk.mozio.com" />
+	<target host="budgetaires.mozio.com" />
+	<target host="budgetairfr.mozio.com" />
+	<target host="budgetairit.mozio.com" />
+	<target host="budgetairnl.mozio.com" />
+	<target host="cheaptickets.mozio.com" />
+	<target host="cheapticketsbe.mozio.com" />
+	<target host="cheapticketsch.mozio.com" />
+	<target host="cheapticketscoth.mozio.com" />
+	<target host="cheapticketsde.mozio.com" />
+	<target host="cheapticketshk.mozio.com" />
+	<target host="chef-server.mozio.com" />
+	<target host="cityjet.mozio.com" />
+	<target host="confirmationdesk.mozio.com" />
+	<target host="dev.mozio.com" />
+	<target host="edreams.mozio.com" />
+	<target host="ethiopianairlines.mozio.com" />
+	<target host="flugladenat.mozio.com" />
+	<target host="flugladende.mozio.com" />
+	<target host="guesthouser.mozio.com" />
+	<target host="hostelworld.mozio.com" />
+	<target host="hotels.mozio.com" />
+	<target host="hsbc.mozio.com" />
+	<target host="infobooking.mozio.com" />
+	<target host="internationaltransfer.mozio.com" />
+	<target host="jetblue.mozio.com" />
+	<target host="kiwi.mozio.com" />
+	<target host="lozadaviajes.mozio.com" />
+	<target host="m.mozio.com" />
+	<target host="onefinestay.mozio.com" />
+	<target host="parksleepfly.mozio.com" />
+	<target host="partners.mozio.com" />
+	<target host="secure-widget.mozio.com" />
+	<target host="shuttleman.mozio.com" />
+	<target host="skgroup.mozio.com" />
+	<target host="skys.mozio.com" />
+	<target host="skyscanner.mozio.com" />
+	<target host="spirit.mozio.com" />
+	<target host="staging-static.mozio.com" />
+	<target host="static.mozio.com" />
+	<target host="studentuniverse.mozio.com" />
+	<target host="sydneyairport.mozio.com" />
+	<target host="tripcase.mozio.com" />
+	<target host="tripsta.mozio.com" />
+	<target host="ui-test-2.mozio.com" />
+	<target host="vayama.mozio.com" />
+	<target host="vayamaie.mozio.com" />
+	<target host="vliegwinkel.mozio.com" />
+	<target host="widget.mozio.com" />
+	<target host="wtg.mozio.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mozo.com.au.xml b/src/chrome/content/rules/Mozo.com.au.xml
new file mode 100644
index 000000000000..53f8b8f8c8d9
--- /dev/null
+++ b/src/chrome/content/rules/Mozo.com.au.xml
@@ -0,0 +1,20 @@
+<!--
+	Doesn't exist:
+		^mozo.co
+
+	Mismatched:
+		www.mozo.co
+		resources2.news.com.au	(503, akamai)
+
+	Refused:
+		insights.mozo.com.au
+-->
+<ruleset name="Mozo.com.au">
+	<target host="mozo.com.au" />
+	<target host="www.mozo.com.au" />
+	<target host="calculators.mozo.com.au" />
+	<target host="stat.mozo.com.au" />
+	<target host="static.mozo.com.au" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Moztw.org.xml b/src/chrome/content/rules/Moztw.org.xml
new file mode 100644
index 000000000000..9383d5d4eafb
--- /dev/null
+++ b/src/chrome/content/rules/Moztw.org.xml
@@ -0,0 +1,24 @@
+<!--
+	For other Mozilla coverage, see Mozilla.xml.
+
+	Timeout:
+		- mozlinks
+
+	Refused:
+		www	( equal to ^ )
+-->
+
+<ruleset name="Moztw.org">
+
+	<target host="moztw.org" />
+	<target host="www.moztw.org" />
+
+	<rule from="^http://(www\.)?moztw\.org/" to="https://moztw.org/" />
+
+
+	<target host="wiki.moztw.org" />
+	<target host="forum.moztw.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mozy.xml b/src/chrome/content/rules/Mozy.xml
index 3f708232325a..3faf135a6079 100644
--- a/src/chrome/content/rules/Mozy.xml
+++ b/src/chrome/content/rules/Mozy.xml
@@ -4,8 +4,8 @@
   <target host="www.mozy.com" />
   <target host="www.mozy.co.uk" />
 
-  <securecookie host="^(.+\.)?mozy\.com$" name=".*"/>
-  <securecookie host="^(.+\.)?mozy\.co\.uk$" name=".*"/>
+  <securecookie host="^(?:.+\.)?mozy\.com$" name=".+" />
+  <securecookie host="^(?:.+\.)?mozy\.co\.uk$" name=".+" />
 
   <rule from="^http://(?:www\.)?mozy\.com/" to="https://mozy.com/"/>
   <rule from="^http://(?:www\.)?mozy\.co\.uk/" to="https://mozy.co.uk/"/>
diff --git a/src/chrome/content/rules/Mpagano.com.xml b/src/chrome/content/rules/Mpagano.com.xml
index 0edf8c10a4af..52d62324c32a 100644
--- a/src/chrome/content/rules/Mpagano.com.xml
+++ b/src/chrome/content/rules/Mpagano.com.xml
@@ -1,14 +1,18 @@
 <!--
-	CN: localhost
+	Refused:
+		blog.mpagano.com
+		picks.mpagano.com
+
+	Invalid certificate:
+		git.mpagano.com
 
 -->
-<ruleset name="mpagano.com" default_off="mismatched, self-signed">
+<ruleset name="mpagano.com">
 
 	<target host="mpagano.com" />
 	<target host="www.mpagano.com" />
 
-
-	<rule from="^http://(?:www\.)?mpagano\.com/"
-		to="https://www.mpagano.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Mpornpass.com.xml b/src/chrome/content/rules/Mpornpass.com.xml
new file mode 100644
index 000000000000..a491bb408572
--- /dev/null
+++ b/src/chrome/content/rules/Mpornpass.com.xml
@@ -0,0 +1,39 @@
+<!--
+	Nonfunctional hosts in *mpornpass.com:
+
+		- imedia.l3 *
+
+	* 404
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.mpornpass.com
+
+
+	Mixed content:
+
+		- Images from imedia.l3.mpornpass.com *
+
+	* Unsecurable <= 404
+
+-->
+<ruleset name="mpornpass.com (partial)" default_off="expired">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="mpornpass.com" />
+	<target host="www.mpornpass.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.mpornpass\.com$" name="^(?:RNLBSERVERID|csrfst)$" /-->
+
+	<securecookie host="\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mpv.io.xml b/src/chrome/content/rules/Mpv.io.xml
new file mode 100644
index 000000000000..4f7947872002
--- /dev/null
+++ b/src/chrome/content/rules/Mpv.io.xml
@@ -0,0 +1,15 @@
+<ruleset name="mpv.io">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="mpv.io" />
+	<target host="www.mpv.io" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MrMondialisation.org.xml b/src/chrome/content/rules/MrMondialisation.org.xml
new file mode 100644
index 000000000000..ad5491ddcb62
--- /dev/null
+++ b/src/chrome/content/rules/MrMondialisation.org.xml
@@ -0,0 +1,14 @@
+<!--
+	Mismatch:
+		www.mrmondialisation.org
+-->
+<ruleset name="MrMondialisation.org">
+	<target host="mrmondialisation.org" />
+	<target host="www.mrmondialisation.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://www\.mrmondialisation\.org/" to="https://mrmondialisation.org/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mr_File.me.xml b/src/chrome/content/rules/Mr_File.me.xml
new file mode 100644
index 000000000000..fae956e687d2
--- /dev/null
+++ b/src/chrome/content/rules/Mr_File.me.xml
@@ -0,0 +1,37 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .mrfile.me
+
+
+	Mixed content:
+
+		- css, from:
+
+			- fonts.googleapis.com *
+			- mrfile.me
+
+		- Images from mrfile.me
+
+	* Secured by us
+
+-->
+<ruleset name="Mr File.me" default_off="expired, self-signed" platform="mixedcontent">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="mrfile.me" />
+	<target host="www.mrfile.me" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.mrfile\.me$" name="^lang$" /-->
+
+	<securecookie host="^\.mrfile\.me$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mr_cote.info.xml b/src/chrome/content/rules/Mr_cote.info.xml
new file mode 100644
index 000000000000..5ac3b426dead
--- /dev/null
+++ b/src/chrome/content/rules/Mr_cote.info.xml
@@ -0,0 +1,26 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://mrcote.info/ => https://mrcote.info/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.mrcote.info/ => https://www.mrcote.info/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	Mixed content:
+
+		- css from fonts.googleapis.com *
+		- Image from i.imgur.com *
+
+	* Secured by us
+
+-->
+<ruleset name="mr cote.info" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="mrcote.info" />
+	<target host="www.mrcote.info" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mradx.net.xml b/src/chrome/content/rules/Mradx.net.xml
new file mode 100644
index 000000000000..2ab1fdf9f40b
--- /dev/null
+++ b/src/chrome/content/rules/Mradx.net.xml
@@ -0,0 +1,16 @@
+<!--
+	For other Mail.ru coverage, see Mail.ru.xml.
+
+
+	(www.) doesn't exist.
+
+-->
+<ruleset name="mradx.net">
+
+	<target host="r.mradx.net" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mrlocksmith.com.xml b/src/chrome/content/rules/Mrlocksmith.com.xml
new file mode 100644
index 000000000000..f149552f3fbc
--- /dev/null
+++ b/src/chrome/content/rules/Mrlocksmith.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Mrlocksmith.com" platform="mixedcontent">
+	<target host="mrlocksmith.com" />
+	<target host="www.mrlocksmith.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mrs_McNastys.xml b/src/chrome/content/rules/Mrs_McNastys.xml
index 44f5505b05c7..ceab4bbdfc2b 100644
--- a/src/chrome/content/rules/Mrs_McNastys.xml
+++ b/src/chrome/content/rules/Mrs_McNastys.xml
@@ -1,13 +1,21 @@
-<ruleset name="Mrs. McNasty's">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://mrsmcnastys.com/ => https://mrsmcnastys.com/: (7, 'Failed to connect to mrsmcnastys.com port 443: Connection refused')
+Fetch error: http://www.mrsmcnastys.com/ => https://www.mrsmcnastys.com/: (7, 'Failed to connect to www.mrsmcnastys.com port 443: Connection refused')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://mrsmcnastys.com/ => https://mrsmcnastys.com/: (7, 'Failed to connect to mrsmcnastys.com port 443: Connection refused')
+-->
+<ruleset name="Mrs. McNasty's" default_off="failed ruleset test">
 
 	<target host="mrsmcnastys.com" />
-	<target host="*.mrsmcnastys.com" />
+	<target host="www.mrsmcnastys.com" />
 
 
-	<securecookie host="^(?:.*\.)?mrsmcnastys\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(www\.)?mrsmcnastys\.com/"
-		to="https://$1mrsmcnastys.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Msecnd.net.xml b/src/chrome/content/rules/Msecnd.net.xml
new file mode 100644
index 000000000000..222bcc576755
--- /dev/null
+++ b/src/chrome/content/rules/Msecnd.net.xml
@@ -0,0 +1,45 @@
+<!--
+	For other Microsoft coverage, see Microsoft.xml.
+
+
+	Nonfunctional domains:
+
+		- msrvideo.vo.msecnd.net	(400)
+
+
+	Fully covered domains:
+
+		- (?!az(?!83882|94986)\d+)\w+.vo.msecnd.net:
+
+			- az83882.vo.msecnd.net		(on windowsazure.com
+                        - az94986.vo.msecnd.net		(on so.cl)
+			- az623152.vo.msecnd.net
+                        - officeimg.vo.msecnd.net
+			- s1-word-view-15.vo.msecnd.net
+
+-->
+<ruleset name="msecnd.net (partial)">
+
+	<target host="*.vo.msecnd.net" />
+		<!--
+			400:
+
+				https://github.com/EFForg/https-everywhere/issues/596
+				https://trac.torproject.org/projects/tor/ticket/9026
+				https://trac.torproject.org/projects/tor/ticket/11418
+					-->
+		<!--exclusion pattern="^http://(?:az307127|az31465|az13800[78]|az13801[0127]|az354189|az373151|az412849|msnchansea|msrvideo)\.vo\.msecnd\.net/" /-->
+		<!--
+			More conservatively, exclude all in az\d+ that isn't explicitly known to work:
+													-->
+		<!--exclusion pattern="^http://az(?!83882|94986|623152)\d+\.vo\.msecnd\.net/" /-->
+		<!--
+			Summated again:
+					-->
+		<exclusion pattern="^http://(?:az(?!83882\.|94986\.|623152\.)\d+|msnchansea|msrvideo)\.vo\.msecnd\.net/" />
+
+
+	<rule from="^http://(\w+)\.vo\.msecnd\.net/"
+		to="https://$1.vo.msecnd.net/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mstar.com.xml b/src/chrome/content/rules/Mstar.com.xml
new file mode 100644
index 000000000000..8234221851f4
--- /dev/null
+++ b/src/chrome/content/rules/Mstar.com.xml
@@ -0,0 +1,14 @@
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://euim.mstar.com/ => https://euim.mstar.com/: (28, 'Operation timed out after 0 milliseconds with 0 out of 0 bytes received')
+	For other Morningstar coverage, see Morningstar.xml.
+
+-->
+<ruleset name="Mstar.com (partial)">
+
+	<target host="euim.mstar.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MtGox.xml b/src/chrome/content/rules/MtGox.xml
index 133b8d2b417b..df091c9148cd 100644
--- a/src/chrome/content/rules/MtGox.xml
+++ b/src/chrome/content/rules/MtGox.xml
@@ -1,13 +1,23 @@
-<ruleset name="Mt.Gox">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://mtgox.com/ => https://mtgox.com/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="Mt.Gox" default_off="failed ruleset test">
 
 	<target host="mtgox.com" />
-	<target host="*.mtgox.com" />
+	<target host="bitcoind.mtgox.com" />
+	<target host="data.mtgox.com" />
+	<target host="m.mtgox.com" />
+	<target host="support.mtgox.com" />
+	<target host="www.mtgox.com" />
+	<target host="yubikey.mtgox.com" />
 
 
-	<securecookie host="^(?:.*\.)?mtgox\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://((?:bitcoind|data|m|support|www|yubikey)\.)?mtgox\.com/"
-		to="https://$1mtgox.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/MtSystems.com.xml b/src/chrome/content/rules/MtSystems.com.xml
new file mode 100644
index 000000000000..d97a378f8b6e
--- /dev/null
+++ b/src/chrome/content/rules/MtSystems.com.xml
@@ -0,0 +1,20 @@
+<!--
+	Mismatch:
+		- mtsystems.ch
+		- www.mtsystems.ch
+-->
+<ruleset name="mtSystems.com">
+
+	<target host="mtsystems.com" />
+	<target host="www.mtsystems.com" />
+
+	<target host="mtsystems.ch" />
+	<target host="www.mtsystems.ch" />
+
+
+	<rule from="^http://(www\.)?mtsystems\.ch/"
+		to="https://www.mtsystems.com/" />
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mtekk.us.xml b/src/chrome/content/rules/Mtekk.us.xml
new file mode 100644
index 000000000000..13be013923df
--- /dev/null
+++ b/src/chrome/content/rules/Mtekk.us.xml
@@ -0,0 +1,24 @@
+<!--
+	Mixed content:
+
+		- Images from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="mtekk.us">
+
+	<target host="mtekk.us" />
+	<target host="www.mtekk.us" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?mtekk\.us$" name="^(PHPSESSID|bb2_screener_)$" /-->
+
+	<securecookie host="^(?:www\.)?mtekk\.us$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mtsbank.ru.xml b/src/chrome/content/rules/Mtsbank.ru.xml
new file mode 100644
index 000000000000..72b33ca3c1d4
--- /dev/null
+++ b/src/chrome/content/rules/Mtsbank.ru.xml
@@ -0,0 +1,121 @@
+<!--
+mtsbank.ru ³
+www.mtsbank.ru ³
+ca.mtsbank.ru/: (35, 'error:14092105:SSL routines:ssl3_get_server_hello:wrong cipher returned')
+cbdv.mtsbank.ru ³
+chl.mtsbank.ru ³
+mail.chl.mtsbank.ru ³
+mail1.chl.mtsbank.ru ³
+course.mtsbank.ru ⁵
+cyberark.mtsbank.ru ³
+dbodv.mtsbank.ru ³
+mail1.dv.mtsbank.ru ³
+ns.dv.mtsbank.ru ³
+ns1.dv.mtsbank.ru ³
+ns2.dv.mtsbank.ru ³
+owa.dv.mtsbank.ru ⁴
+vpn1.dv.mtsbank.ru ⁴
+egar-shop.mtsbank.ru ³
+mail.ekt.mtsbank.ru ³
+ns.ekt.mtsbank.ru ³
+fly.mtsbank.ru ¹
+fwspl1.mtsbank.ru ⁴
+fwspl2.mtsbank.ru ²
+ib.mtsbank.ru ³
+ibeta.mtsbank.ru ³
+ns.irk.mtsbank.ru ³
+mail.izh.mtsbank.ru ³
+ns.izh.mtsbank.ru ³
+jira.mtsbank.ru ³
+kmr.mtsbank.ru ³
+mail.kmr.mtsbank.ru ³
+mail1.kmr.mtsbank.ru ³
+mail2.kmr.mtsbank.ru ³
+ns.kmr.mtsbank.ru ³
+mail.knd.mtsbank.ru ³
+ns.knd.mtsbank.ru ³
+sc.knd.mtsbank.ru ³
+mail.kra.mtsbank.ru ³
+mail3.kra.mtsbank.ru ³
+lyncav.mtsbank.ru ³
+lyncdialin.mtsbank.ru ³
+lyncdiscover.mtsbank.ru ³
+lyncextweb.mtsbank.ru ³
+lyncmeet.mtsbank.ru ³
+lyncrproxy.mtsbank.ru ³
+lyncwebcon.mtsbank.ru ³
+ma.mtsbank.ru ⁴
+mail1.mtsbank.ru ³
+nfo.mtsbank.ru ³
+ns.nng.mtsbank.ru ³
+ns.mtsbank.ru ³
+ns1.mtsbank.ru ³
+cbank.nvs.mtsbank.ru ³
+mail.nvs.mtsbank.ru ³
+ns.nvs.mtsbank.ru ³
+old.mtsbank.ru ³
+www.online.mtsbank.ru ¹
+promo.mtsbank.ru ³
+rnd.mtsbank.ru ³
+mail.rnd.mtsbank.ru ³
+mail2.rnd.mtsbank.ru ³
+mail3.rnd.mtsbank.ru ³
+ns.rnd.mtsbank.ru ³
+sar.mtsbank.ru ³
+mail.sar.mtsbank.ru ³
+mail1.sar.mtsbank.ru ³
+ns.sar.mtsbank.ru ³
+sc.mtsbank.ru ⁴
+sip.mtsbank.ru ³
+mail.spb.mtsbank.ru ⁴
+mail1.spb.mtsbank.ru ³
+ns.spb.mtsbank.ru ³
+stat-dv.mtsbank.ru ³
+mail.str.mtsbank.ru ³
+ns.str.mtsbank.ru ³
+mail.stv.mtsbank.ru ³
+mail1.stv.mtsbank.ru ³
+ns.stv.mtsbank.ru ³
+mail.syk.mtsbank.ru ³
+mail1.syk.mtsbank.ru ³
+testpayments.mtsbank.ru ³
+cbank.tmn.mtsbank.ru ³
+mail.tmn.mtsbank.ru ³
+ns.tmn.mtsbank.ru ³
+mail.tom.mtsbank.ru ³
+ns.tom.mtsbank.ru ³
+travel.mtsbank.ru ³
+ts-cb-a12.mtsbank.ru ¹
+ts-cb-dv-a12.mtsbank.ru ³
+ts-cb-dv-s75.mtsbank.ru ³
+ts-cb-s75.mtsbank.ru ¹
+tstbi.mtsbank.ru ³
+mail.ufa.mtsbank.ru ³
+ns.ufa.mtsbank.ru ³
+mail.vlg.mtsbank.ru ³
+mail1.vlg.mtsbank.ru ³
+ns.vlg.mtsbank.ru ³
+wac.mtsbank.ru ³
+cb.mtsbank.ru different content
+dbo.mtsbank.ru different content
+stat.mtsbank.ru different content
+
+
+¹ mismatch
+² refused
+³ timed out
+⁴ self signed
+⁵ expired
+-->
+<ruleset name="mtsbank.ru (partial)">
+	<target host="app.mtsbank.ru" />
+	<target host="autodiscover.mtsbank.ru" />
+	<target host="mb.mtsbank.ru" />
+	<target host="omr.mtsbank.ru" />
+	<target host="online.mtsbank.ru" />
+	<target host="owa.mtsbank.ru" />
+	<target host="payments.mtsbank.ru" />
+	<target host="terminal.mtsbank.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mtstatic.com.xml b/src/chrome/content/rules/Mtstatic.com.xml
new file mode 100644
index 000000000000..772b928abb9a
--- /dev/null
+++ b/src/chrome/content/rules/Mtstatic.com.xml
@@ -0,0 +1,11 @@
+<!--
+	For other MindTouch coverage, see MindTouch.com.xml.
+-->
+
+<ruleset name="Mtstatic.com">
+	<target host="a.mtstatic.com" />
+		<test url="http://a.mtstatic.com/@public/production/site_6795/1450392481-logo.png" />
+	<target host="files.mtstatic.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Muckrock.xml b/src/chrome/content/rules/Muckrock.xml
index 9d7221dcfa04..4fcbee99ee95 100644
--- a/src/chrome/content/rules/Muckrock.xml
+++ b/src/chrome/content/rules/Muckrock.xml
@@ -3,11 +3,6 @@
 
 		- muckrock.s3.amazonaws.com
 
-
-	Problematic subdomains:
-
-		- ^	(self-signed, CN: redirector.zerigo.net)
-
 -->
 <ruleset name="Muckrock">
 
@@ -15,10 +10,9 @@
 	<target host="www.muckrock.com" />
 
 
-	<securecookie host="^www\.muckrock\.com$" name=".*" />
+	<securecookie host="^www\.muckrock\.com$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?muckrock\.com/"
-		to="https://www.muckrock.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Mudah.my.xml b/src/chrome/content/rules/Mudah.my.xml
new file mode 100644
index 000000000000..fd576ef339ea
--- /dev/null
+++ b/src/chrome/content/rules/Mudah.my.xml
@@ -0,0 +1,44 @@
+<!--
+	Non-functional subdomains:
+
+		- mudah.my	(redirects to invalid "www.mudah.my/www.mudah.my/")
+		- blog	(r)
+		- chat-preprod	(r)
+		- edm	(r)
+		- hydra1-staging	(i)
+		- panel	(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+
+	Wildcard DNS and cert.
+-->
+<ruleset name="Mudah.my">
+
+	<target host="mudah.my" />
+	<target host="www.mudah.my" />
+	<target host="api.mudah.my" />
+	<target host="chat.mudah.my" />
+	<target host="chat1.mudah.my" />
+	<target host="chatweb.mudah.my" />
+	<target host="dpfluentd02.mudah.my" />
+	<target host="hydra.mudah.my" />
+	<target host="m.mudah.my" />
+	<target host="maintenance.mudah.my" />
+	<target host="socket.mudah.my" />
+	<target host="static.mudah.my" />
+	<target host="upcomingcars.mudah.my" />
+	<target host="www2.mudah.my" />
+
+	<!-- invalid redirect -->
+	<rule from="^http://mudah\.my/"
+		to="https://www.mudah.my/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mudcrab.us.xml b/src/chrome/content/rules/Mudcrab.us.xml
deleted file mode 100644
index 47897a915215..000000000000
--- a/src/chrome/content/rules/Mudcrab.us.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!-- This rule was automatically generated based on an HSTS
-     preload rule in the Chromium browser.  See
-     https://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.h
-     for the list of preloads.  Sites are added to the Chromium HSTS
-     preload list on request from their administrators, so HTTPS should
-     work properly everywhere on this site.
-
-     Because Chromium and derived browsers automatically force HTTPS for
-     every access to this site, this rule applies only to Firefox. -->
-<ruleset name="Mudcrab.us" platform="firefox">
-<target host="mudcrab.us" />
-
-<securecookie host="^mudcrab\.us$" name=".+" />
-
-<rule from="^http://mudcrab\.us/" to="https://mudcrab.us/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Mudgum.net.xml b/src/chrome/content/rules/Mudgum.net.xml
new file mode 100644
index 000000000000..bfeb26711325
--- /dev/null
+++ b/src/chrome/content/rules/Mudgum.net.xml
@@ -0,0 +1,9 @@
+<ruleset name="mudgum.net">
+
+	<target host="mudgum.net" />
+	<target host="www.mudgum.net" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Muenchen-Transparent.xml b/src/chrome/content/rules/Muenchen-Transparent.xml
new file mode 100644
index 000000000000..d52614d312ec
--- /dev/null
+++ b/src/chrome/content/rules/Muenchen-Transparent.xml
@@ -0,0 +1,8 @@
+<ruleset name="Muenchen Transparent">
+
+	<target host="muenchen-transparent.de"/>
+	<target host="www.muenchen-transparent.de"/>
+
+	<rule from="^http:" to="https:"/>
+
+</ruleset>
diff --git a/src/chrome/content/rules/Muenchen.de.xml b/src/chrome/content/rules/Muenchen.de.xml
new file mode 100644
index 000000000000..9d745a74ef5b
--- /dev/null
+++ b/src/chrome/content/rules/Muenchen.de.xml
@@ -0,0 +1,4 @@
+<ruleset name="Muenchen.de">
+<target host="www.muenchen.de" />
+<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Muenchen.tv.xml b/src/chrome/content/rules/Muenchen.tv.xml
new file mode 100644
index 000000000000..a96b1792ed9d
--- /dev/null
+++ b/src/chrome/content/rules/Muenchen.tv.xml
@@ -0,0 +1,8 @@
+<ruleset name="Muenchen.tv">
+	<target host="muenchen.tv"/>
+	<target host="www.muenchen.tv"/>
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mufin.com.xml b/src/chrome/content/rules/Mufin.com.xml
new file mode 100644
index 000000000000..9e49f829375a
--- /dev/null
+++ b/src/chrome/content/rules/Mufin.com.xml
@@ -0,0 +1,14 @@
+<!--
+	For other MAGIX coverage, see MAGIX.xml.
+
+-->
+<ruleset name="Mufin.com">
+
+	<target host="mufin.com" />
+	<target host="www.mufin.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Muflihun.com.xml b/src/chrome/content/rules/Muflihun.com.xml
new file mode 100644
index 000000000000..8773caa8ffbb
--- /dev/null
+++ b/src/chrome/content/rules/Muflihun.com.xml
@@ -0,0 +1,13 @@
+<!--
+	Connection refused:
+		rc.muflihun.com
+-->
+<ruleset name="Muflihun.com">
+	<target host="muflihun.com" />
+	<target host="www.muflihun.com" />
+	<target host="easylogging.muflihun.com" />
+	<target host="img.muflihun.com" />
+	<target host="labs.muflihun.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Muftah.org.xml b/src/chrome/content/rules/Muftah.org.xml
new file mode 100644
index 000000000000..2a88419fc6d5
--- /dev/null
+++ b/src/chrome/content/rules/Muftah.org.xml
@@ -0,0 +1,9 @@
+<ruleset name="Muftah.org">
+	<target host="muftah.org" />
+	<target host="www.muftah.org" />
+	<target host="dev.muftah.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MugenMonkey.com.xml b/src/chrome/content/rules/MugenMonkey.com.xml
new file mode 100644
index 000000000000..f0d273c32a63
--- /dev/null
+++ b/src/chrome/content/rules/MugenMonkey.com.xml
@@ -0,0 +1,21 @@
+<!--
+	Problematic hosts in *mugenmonkey.com:
+
+		- beta ᵐ
+
+	ᵐ Mismatched
+
+-->
+<ruleset name="MugenMonkey.com (partial)">
+
+	<target host="mugenmonkey.com" />
+	<target host="www.mugenmonkey.com" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MuhibAdDeen.com.xml b/src/chrome/content/rules/MuhibAdDeen.com.xml
new file mode 100644
index 000000000000..eaa70dbe3eee
--- /dev/null
+++ b/src/chrome/content/rules/MuhibAdDeen.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="MuhibAdDeen.com">
+	<target host="muhibaddeen.com" />
+	<target host="www.muhibaddeen.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MujBiz.cz.xml b/src/chrome/content/rules/MujBiz.cz.xml
index 5818174d2b68..35db5f7db281 100644
--- a/src/chrome/content/rules/MujBiz.cz.xml
+++ b/src/chrome/content/rules/MujBiz.cz.xml
@@ -15,4 +15,4 @@
 	<rule from="^http://(?:www\.)?mujbiz\.cz/"
 		to="https://www.mujbiz.cz/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MuleSoft.com.xml b/src/chrome/content/rules/MuleSoft.com.xml
new file mode 100644
index 000000000000..58acfac956c3
--- /dev/null
+++ b/src/chrome/content/rules/MuleSoft.com.xml
@@ -0,0 +1,22 @@
+<!--
+	Nonfunctional hosts in *mulesoft.com:
+
+		- blogs *
+
+	* Dropped
+
+-->
+<ruleset name="MuleSoft.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="mulesoft.com" />
+	<target host="anypoint.mulesoft.com" />
+	<target host="developer.mulesoft.com" />
+	<target host="www.mulesoft.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mullberry.xml b/src/chrome/content/rules/Mullberry.xml
deleted file mode 100644
index e5598b9feb3b..000000000000
--- a/src/chrome/content/rules/Mullberry.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<ruleset name="Mullberry" default_off="expired, mismatch, self-signed">
-
-	<!--	- All: self-signed
-		- trac only: expired & mismatched	-->
-	<target host="mulberrymail.com" />
-	<target host="*.mulberrymail.com" />
-
-
-	<securecookie host="^trac\.mulberrymail\.com$" name=".*" />
-
-
-	<!--	Cert doesn't match www.	-->
-	<rule from="^https?://(?:(trac\.)|www\.)?mulberrymail\.com/"
-		to="https://$1mulberrymail.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Mullet.se.xml b/src/chrome/content/rules/Mullet.se.xml
index 6ed51c8ff50e..60a3a9f63977 100644
--- a/src/chrome/content/rules/Mullet.se.xml
+++ b/src/chrome/content/rules/Mullet.se.xml
@@ -1,7 +1,6 @@
 <ruleset name="Mullet.se">
 	<target host="mullet.se" />
 	<target host="www.mullet.se" />
-	<rule from="^http://www\.mullet\.se/" to="https://www.mullet.se/"/>
-	<rule from="^http://mullet\.se/" to="https://mullet.se/"/>
+	<rule from="^http:" to="https:" />
 </ruleset>
 
diff --git a/src/chrome/content/rules/Mullvad.net.xml b/src/chrome/content/rules/Mullvad.net.xml
index 30ecb9194e2b..ebf2dc81117c 100644
--- a/src/chrome/content/rules/Mullvad.net.xml
+++ b/src/chrome/content/rules/Mullvad.net.xml
@@ -1,7 +1,19 @@
 <ruleset name="Mullvad.net">
+
+	<!--	Direct rewrites:
+				-->
 	<target host="mullvad.net" />
 	<target host="www.mullvad.net" />
-	<rule from="^http://mullvad\.net/" to="https://mullvad.net/"/>
-	<rule from="^http://www\.mullvad\.net/" to="https://www.mullvad.net/"/>
-</ruleset>
 
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?mullvad\.net$" name="^language$" /-->
+
+	<securecookie host="^(?:www\.)?mullvad\.net$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MultiBit.xml b/src/chrome/content/rules/MultiBit.xml
index 8b79277760f5..68eb1d72a262 100644
--- a/src/chrome/content/rules/MultiBit.xml
+++ b/src/chrome/content/rules/MultiBit.xml
@@ -1,10 +1,26 @@
-<ruleset name="MultiBit">
+<!--
+	Problematic hosts in *multibit.org:
+
+		- translate
+
+
+	Insecure cookies are set for these hosts:
+
+		- translate.multibit.org
+
+-->
+<ruleset name="MultiBit.org (partial)">
 
 	<target host="multibit.org" />
 	<target host="www.multibit.org" />
 
 
-	<rule from="^http://(www\.)?multibit\.org/"
-		to="https://$1multibit.org/" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^translate\.multibit\.org$" name="^cid$" /-->
+
+
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MultiSeek.xml b/src/chrome/content/rules/MultiSeek.xml
index 17e963e2357f..4b3f0848f275 100644
--- a/src/chrome/content/rules/MultiSeek.xml
+++ b/src/chrome/content/rules/MultiSeek.xml
@@ -1,16 +1,27 @@
+
 <!--
-	Problematic subdomains:
+Disabled by https-everywhere-checker because:
+Fetch error: http://mail.multiseek.net/ => https://mail.multiseek.net/: (51, "SSL: no alternative certificate subject name matches target host name 'mail.multiseek.net'")
 
-		- www	(mismatched)
+	www.multiseek.net: Mismatched
 
 -->
-<ruleset name="MultiSeek">
+<ruleset name="MultiSeek.net" default_off="failed ruleset test">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="multiseek.net" />
-	<target host="*.multiseek.net" />
+	<target host="mail.multiseek.net" />
+
+	<!--	Complications:
+				-->
+	<target host="www.multiseek.net" />
+
 
+	<rule from="^http://www\.multiseek\.net/"
+		to="https://multiseek.net/" />
 
-	<rule from="^https?://(?:(mail\.)|www\.)?multiseek\.net/"
-		to="https://$1multiseek.net/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MultiSoft.xml b/src/chrome/content/rules/MultiSoft.xml
index 9e84032155b0..b9b0df07505b 100644
--- a/src/chrome/content/rules/MultiSoft.xml
+++ b/src/chrome/content/rules/MultiSoft.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(www\.)?multisoft\.com/([aA]pp_[tT]hemes/|jssrc/|moduleskins/|[mM]ulti[sS]oft[cC]orporation/|[rR]ad[sS]kins/|[sS]kinning/|[wW]eb[rR]esource\.axd)"
 		to="https://$1multisoft.com/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MultiVPN.xml b/src/chrome/content/rules/MultiVPN.xml
deleted file mode 100644
index 89c25ac3a40f..000000000000
--- a/src/chrome/content/rules/MultiVPN.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="MultiVPN">
-
-	<target host="multi-vpn.biz" />
-	<target host="*.multi-vpn.biz" />
-
-
-	<securecookie host="^(?:.*\.)?multi-vpn\.biz$" name=".+" />
-
-
-	<rule from="^http://(www\.)?multi-vpn\.biz/"
-		to="https://$1multi-vpn.biz/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Multicast_Media.xml b/src/chrome/content/rules/Multicast_Media.xml
index a5fd1e2230c5..dd6065e287be 100644
--- a/src/chrome/content/rules/Multicast_Media.xml
+++ b/src/chrome/content/rules/Multicast_Media.xml
@@ -1,10 +1,16 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://multicastmedia.com/ => https://www.kitd.com/multicast/: (51, "SSL: no alternative certificate subject name matches target host name 'www.kitd.com'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://multicastmedia.com/ => https://www.kitd.com/multicast/: (51, "SSL: no alternative certificate subject name matches target host name 'www.kitd.com'")
 	Problematic subdomains:
 
 		- (www.)	(mismatched, CN: *.kitd.com)
 
 -->
-<ruleset name="Multicast Media">
+<ruleset name="Multicast Media" default_off="failed ruleset test">
 
 	<target host="multicastmedia.com" />
 	<target host="*.multicastmedia.com" />
@@ -19,4 +25,4 @@
 	<rule from="^http://(static\.|vidego\.)?multicastmedia\.com/"
 		to="https://$1multicastmedia.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Multicore-DevCon.com.xml b/src/chrome/content/rules/Multicore-DevCon.com.xml
new file mode 100644
index 000000000000..835fe0666228
--- /dev/null
+++ b/src/chrome/content/rules/Multicore-DevCon.com.xml
@@ -0,0 +1,30 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://multicore-devcon.com/ => https://multicore-devcon.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.multicore-devcon.com/ => https://www.multicore-devcon.com/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://multicore-devcon.com/ => https://multicore-devcon.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.multicore-devcon.com/ => https://www.multicore-devcon.com/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="Multicore-DevCon.com" default_off="failed ruleset test">
+
+	<target host="multicore-devcon.com" />
+	<target host="www.multicore-devcon.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?multicore-devcon\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^(?:www\.)?multicore-devcon\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Multimedia.cx.xml b/src/chrome/content/rules/Multimedia.cx.xml
new file mode 100644
index 000000000000..aab6d520bb39
--- /dev/null
+++ b/src/chrome/content/rules/Multimedia.cx.xml
@@ -0,0 +1,22 @@
+<!--
+	Mismatched:
+		- www (fixed by this ruleset)
+		- fate
+		- gamemusic
+-->
+
+<ruleset name="Multimedia.cx">
+	<target host="multimedia.cx" />
+	<target host="www.multimedia.cx" />
+	<target host="codecs.multimedia.cx" />
+	<target host="emptyv.multimedia.cx" />
+	<target host="games.multimedia.cx" />
+	<target host="guru.multimedia.cx" />
+	<target host="planet.multimedia.cx" />
+	<target host="wiki.multimedia.cx" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://www\.multimedia\.cx/" to="https://multimedia.cx/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Multinationales.org.xml b/src/chrome/content/rules/Multinationales.org.xml
new file mode 100644
index 000000000000..b50a4ec7a2a8
--- /dev/null
+++ b/src/chrome/content/rules/Multinationales.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="Multinationales.org">
+
+	<target host="multinationales.org" />
+	<target host="www.multinationales.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Multiply.xml b/src/chrome/content/rules/Multiply.xml
index 4126d4bac5e9..99a07d0e8b71 100644
--- a/src/chrome/content/rules/Multiply.xml
+++ b/src/chrome/content/rules/Multiply.xml
@@ -1,20 +1,23 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://multiply.com/ => https://multiply.com/: (51, "SSL: no alternative certificate subject name matches target host name 'multiply.com'")
+
 	Nonfunctional subdomains:
 
 		- images	(cert: multiply.com; shows that domain)
 		- multiply	(ditto)
 
 -->
-<ruleset name="Multiply (partial)">
+<ruleset name="Multiply (partial)" default_off="failed ruleset test">
 
 	<target host="multiply.com" />
-	<target host="*.multiply.com" />
+	<target host="www.multiply.com" />
 
 
 	<securecookie host="^\.multiply\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?multiply\.com/"
-		to="https://$1multiply.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Mumble.info.xml b/src/chrome/content/rules/Mumble.info.xml
new file mode 100644
index 000000000000..d30ae3afbbc3
--- /dev/null
+++ b/src/chrome/content/rules/Mumble.info.xml
@@ -0,0 +1,19 @@
+<!--
+    Nonfunctional subdomains:
+	    - $     -> requires authentication with client cert
+	    - blog  -> requires authentication with client cert
+	    - stats -> wrong domain
+
+    Notes:
+	    - Fastly SSL
+-->
+<ruleset name="Mumble.info">
+    <target host="www.mumble.info" />
+    <target host="wiki.mumble.info" />
+    <target host="forums.mumble.info" />
+
+    <securecookie host="^(www\.|wiki\.|forums\.)?mumble\.info" name=".+" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mumsnet.com.xml b/src/chrome/content/rules/Mumsnet.com.xml
new file mode 100644
index 000000000000..1f33f5e2201e
--- /dev/null
+++ b/src/chrome/content/rules/Mumsnet.com.xml
@@ -0,0 +1,19 @@
+<!--
+	Mismatched:
+	- email (*.createsend.com)
+	- logger (*.devmn.net)
+-->
+
+<ruleset name="Mumsnet.com">
+	<target host="mumsnet.com" />
+	<target host="www.mumsnet.com" />
+	<target host="jobs.mumsnet.com" />
+	<target host="local.mumsnet.com" />
+	<target host="monit.mumsnet.com" />
+	<target host="onlinetutoring.mumsnet.com" />
+	<target host="recruiters.mumsnet.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mumzworld.com.xml b/src/chrome/content/rules/Mumzworld.com.xml
index 2239a687f7fc..597056bb6f81 100644
--- a/src/chrome/content/rules/Mumzworld.com.xml
+++ b/src/chrome/content/rules/Mumzworld.com.xml
@@ -22,7 +22,8 @@
 <ruleset name="Mumzworld.com">
 
 	<target host="mumzworld.com" />
-	<target host="*.mumzworld.com" />
+	<target host="media.mumzworld.com" />
+	<target host="www.mumzworld.com" />
 
 
 	<securecookie host="^\.mumzworld\.com$" name=".+" />
diff --git a/src/chrome/content/rules/Muni.cz.xml b/src/chrome/content/rules/Muni.cz.xml
new file mode 100644
index 000000000000..a97dcf50f705
--- /dev/null
+++ b/src/chrome/content/rules/Muni.cz.xml
@@ -0,0 +1,164 @@
+<!--
+	Other Masaryk University rulesets:
+
+		- CERIT.cz.xml
+		- CERIT-SC.cz.xml
+		- Odevzdej.cz.xml
+		- PravyDiplom.cz.xml
+		- Repozitar.cz.xml
+
+
+	Nonfunctional subdomains:
+
+		- 95 ¹
+		- patat06 ²
+		- science ³
+		- (www.)veda ³
+		- www.video ⁴
+
+	¹ Shows webserver.ics; mismatched, CN: webserver.ics.muni.cz
+	² Shows marach.ics; mismatched, CN: www.cerit.cz
+	³ Shows morwen2.rect; mismatched, CN: morwen2.rect.muni.cz
+	⁴ Redirects to idp2.ics, valid cert
+
+
+	Problematic subdomains:
+
+		- cic ¹
+		- www.cic ²
+		- www.czs ²
+		- discovery ³
+		- fi ⁴
+		- scb.ics ⁵
+		- (www.)info ²
+		- www.ois ²
+		- online ²
+		- morwen2.rect ⁶
+		- skm ⁷
+
+	¹ Works; mismatched, CN: online.muni.cz
+	³ Shows ezdroje; mismatched, CN: ezdroje.muni.cz
+	⁴ Cert only matches www.foo
+	⁵ Mismatched, CN: www.cerit.cz
+	² Shows morwen2.rect; mismatched, CN: morwen2.rect.muni.cz
+	⁶ Works; expired 2013-05-15, self-signed
+	⁷ Mismatched, CN: www.skm.muni.cz
+
+
+	Partially covered subdomains:
+
+		- isc *
+		- (www.)kite *
+
+	* $ redirects to http
+
+
+	Fully covered subdomains:
+
+		- (www.)
+		- (www.)czs	(www ^)
+		- discovery	( search.ebscohost.com)
+		- (www.)em2il
+		- ezdroje
+		- (www.)fi	(^ www)
+		- fadmin.fi
+
+		- (www.)ics
+		- dior.ics
+		- idp2.ics
+		- inet.dis.ics
+		- marach.ics
+		- scb.ics	( www.cerit.cz)
+		- webserver.ics
+
+		- inet
+		- (www.)info	( www.online)
+		- is
+		- knihovna
+		- knihovna-tst
+		- library
+		- mailman
+		- (www.)ois	(www ^)
+		- isois.ois
+		- (www.)online	(^ www)
+		- (www.)skm	(^ www)
+		- intranet.skm
+
+
+	Observed cookie domains:
+
+		- cic
+		- czs
+		- em2il
+		- www.em2il
+		- idp2.ics
+		- is
+		- kite
+		- www.kite
+		- isois.ois
+		- www.online
+		- intranet.skm
+		- www.veda
+		- www.video
+		- www
+
+-->
+<ruleset name="Muni.cz (partial)">
+
+	<target host="muni.cz" />
+	<target host="*.muni.cz" />
+		<!--exclusion pattern="^http://(95|(www\.)?cic|patat06|morwen2\.rect|(www\.)?veda|www\.video)\.muni\.cz/" /-->
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="^http://(isc|kite)\.muni\.cz/+($|\?)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://isc\.muni\.cz/+(?!\w+\.css|favicon\.(?:ico|png)|images/)" />
+		<exclusion pattern="^http://(?:www\.)?kite\.muni\.cz/+(?!css/|favicon\.ico|img/|online-application/public/login(?:$|[?/]))" />
+
+
+	<!--	Secured by server:
+					-->
+	<!--securecookie host="^idp2\.ics\.muni\.cz$" name="^(JSESSIONID|_idp_authn_lc_key)$" /-->
+	<!--
+		Not secured by server:
+					-->
+	<!--securecookie host="^(cic|czs|www\.(online|veda))\.muni\.cz$" name="^[\da-f]{32}$" /-->
+	<!--securecookie host="^inet\.(dis\.ics\.)?muni\.cz$" name="^JSESSIONID$" /-->
+	<!--securecookie host="^is\.muni\.cz$" name="^issession$" /-->
+	<!--securecookie host="^(www\.)?kite\.muni\.cz$" name="^(Kite_lang|PHPSESSID)$" /-->
+	<!--securecookie host="^isois\.ois\.muni\.cz$" name="^(PHPSESSID_ISOIS|lang)$" /-->
+	<!--securecookie host="^((www\.)?em2il|intranet\.skm)\.muni\.cz$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^www\.video\.muni\.cz$" name="^_shibstate_[\da-f]{8}$" /-->
+	<!--securecookie host="^www\.muni\.cz$" name="^w3mu\.(global|prev-page)$" /-->
+
+	<securecookie host="^(?:czs|(?:www\.)?em2il|inet\.dis\.ics|inet|is|isois\.ois|www\.online|intranet\.skm|www)\.muni\.cz$" name=".+" />
+
+
+	<rule from="^http://((?:(?:www\.)?em2il|ezdroje|fadmin\.fi|(?:(?:dior|inet\.dis|idp2|marach|webserver|www)\.)?ics|inet|isc?|(?:www\.)?kite|knihovna|knihovna-tst|library|mailman|isois\.ois|intranet\.skm|www)\.)?muni\.cz/"
+		to="https://$1muni.cz/" />
+
+	<rule from="^http://(?:www\.)?(cz|oi)s\.muni\.cz/"
+		to="https://$1s.muni.cz/" />
+
+	<!--	Redirect keeps path but not args:
+							-->
+	<rule from="^http://discovery\.muni\.cz/+([^?]).*"
+		to="https://search.ebscohost.com/login.aspx?authtype=cookie,ip,guest&amp;profile=eds&amp;groupid=infolib&amp;custid=s8431878$1" />
+
+	<rule from="^http://(?:www\.)?(fi|online|skm)\.muni\.cz/"
+		to="https://www.$1.muni.cz/" />
+
+	<!--	Redirect drops path but not args:
+						-->
+	<rule from="^http://scb\.ics\.muni\.cz/[^?]*"
+		to="https://www.cerit.cz/cs/cerit-sc/" />
+
+	<!--	Redirect keeps path and args:
+						-->
+	<rule from="^http://(?:www\.)?info\.muni\.cz/+"
+		to="https://www.online.muni.cz/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Municode.com.xml b/src/chrome/content/rules/Municode.com.xml
new file mode 100644
index 000000000000..1e6f69c3b1d2
--- /dev/null
+++ b/src/chrome/content/rules/Municode.com.xml
@@ -0,0 +1,34 @@
+<!--
+	Fully covered hosts in *municode.com:
+
+		- (www.)?
+		- secure
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- www.municode.com
+		- .www.municode.com
+
+-->
+<ruleset name="Municode.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="municode.com" />
+	<target host="secure.municode.com" />
+	<target host="www.municode.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.municode\.com$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^\.www\.municode\.com$" name="^ARRAffinity$" /-->
+
+	<securecookie host="^\.?www\.municode\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Munzinger.de.xml b/src/chrome/content/rules/Munzinger.de.xml
index dbd6ebdbdc65..6a5c29b93ec9 100644
--- a/src/chrome/content/rules/Munzinger.de.xml
+++ b/src/chrome/content/rules/Munzinger.de.xml
@@ -13,7 +13,6 @@
 	<securecookie host="^www\.munzinger\.de$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?munzinger\.de/"
-		to="https://www.munzinger.de/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Muqri.com.xml b/src/chrome/content/rules/Muqri.com.xml
new file mode 100644
index 000000000000..4cec05fbd39f
--- /dev/null
+++ b/src/chrome/content/rules/Muqri.com.xml
@@ -0,0 +1,36 @@
+<ruleset name="Muqri.com">
+	<target host="muqri.com" />
+	<target host="www.muqri.com" />
+	<target host="ar.muqri.com" />
+	<target host="bn.muqri.com" />
+	<target host="bs.muqri.com" />
+	<target host="de.muqri.com" />
+	<target host="en.muqri.com" />
+	<target host="es.muqri.com" />
+	<target host="fa.muqri.com" />
+	<target host="fr.muqri.com" />
+	<target host="gr.muqri.com" />
+	<target host="hi.muqri.com" />
+	<target host="id.muqri.com" />
+	<target host="it.muqri.com" />
+	<target host="ja.muqri.com" />
+	<target host="ko.muqri.com" />
+	<target host="ku.muqri.com" />
+	<target host="mk.muqri.com" />
+	<target host="ms.muqri.com" />
+	<target host="nl.muqri.com" />
+	<target host="no.muqri.com" />
+	<target host="pt.muqri.com" />
+	<target host="ru.muqri.com" />
+	<target host="sq.muqri.com" />
+	<target host="sv.muqri.com" />
+	<target host="th.muqri.com" />
+	<target host="tr.muqri.com" />
+	<target host="ur.muqri.com" />
+	<target host="vi.muqri.com" />
+	<target host="zh.muqri.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MusaFurber.com.xml b/src/chrome/content/rules/MusaFurber.com.xml
new file mode 100644
index 000000000000..46e011b4f0cb
--- /dev/null
+++ b/src/chrome/content/rules/MusaFurber.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="MusaFurber.com">
+	<target host="musafurber.com" />
+	<target host="www.musafurber.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Musalbas.com.xml b/src/chrome/content/rules/Musalbas.com.xml
new file mode 100644
index 000000000000..a1b1a3e7d5ca
--- /dev/null
+++ b/src/chrome/content/rules/Musalbas.com.xml
@@ -0,0 +1,25 @@
+<!--
+	^www.musalbas.com: Mismatched
+
+-->
+<ruleset name="Musalbas.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="musalbas.com" />
+
+	<!--	Complications:
+				-->
+	<target host="www.musalbas.com" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://www\.musalbas\.com/"
+		to="https://musalbas.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Muscle_and_Strength.com.xml b/src/chrome/content/rules/Muscle_and_Strength.com.xml
new file mode 100644
index 000000000000..4a651f3d099c
--- /dev/null
+++ b/src/chrome/content/rules/Muscle_and_Strength.com.xml
@@ -0,0 +1,20 @@
+<!--
+	Fully covered hosts in *muscleandstrength.com:
+
+		- (www.)?
+		- cdn
+
+-->
+<ruleset name="Muscle and Strength.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="muscleandstrength.com" />
+	<target host="cdn.muscleandstrength.com" />
+	<target host="www.muscleandstrength.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Muse.mu.xml b/src/chrome/content/rules/Muse.mu.xml
index 9fde5bac4040..02cb311d8c9b 100644
--- a/src/chrome/content/rules/Muse.mu.xml
+++ b/src/chrome/content/rules/Muse.mu.xml
@@ -1,24 +1,97 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://muse-cdn.warnerartists.com/ => https://muse-cdn.warnerartists.com/: (51, "SSL: no alternative certificate subject name matches target host name 'origin.muse-cdn.warnerartists.com'")
+
+	"You'll never own me agaaain (but you can keep our fans)"
+
+	For problematic rules, see muse.mu-problematic.xml.
+
+
 	CDN buckets:
 
 		- musecdn.warnerartists.com.edgesuite.net
 
+
+	Problematic hosts in *muse.mu:
+
+		- board *
+		- preorder *
+
+	* Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- muse.mu
+		- board.muse.mu
+		- www.muse.mu
+
+
+	Mixed content:
+
+		- css on preorder from wmiuk.edgeboss.net
+		- Images on preorder from wmiuk.edgeboss.net
+
 -->
-<ruleset name="Muse.mu (partial)">
+<ruleset name="Muse.mu (partial)" default_off="failed ruleset test">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="muse.mu" />
 	<target host="www.muse.mu" />
-	<target host="musecdn.warnerartists.com" />
 
+	<target host="muse-cdn.warnerartists.com" />
+
+	<!--	Complications:
+				-->
+	<!--target host="board.muse.mu" /-->
+	<!--target host="preorder.muse.mu" /-->
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://muse\.mu/(?:$|terms/privacy-policy.htm)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://(?:www\.)?muse\.mu/(?!/*(?:(?:_handlers|_iiwm|_popup|_static|_widgets|siteimg|ugc_1)/|(?:Script|Web)Resource\.axd(?:$|\?)|favicon\.ico))" />
+
+			<!--	+ve:
+						-->
+			<test url="http://muse.mu/360app.htm" />
+			<test url="http://muse.mu/images,wembley-stadium-september-2010-friday_153.htm?photo=" />
+			<test url="http://muse.mu/images.htm" />
+			<test url="http://muse.mu/links.htm" />
+			<test url="http://muse.mu/map.htm" />
+			<test url="http://muse.mu/music-video.htm" />
+			<test url="http://muse.mu/news,drones-world-tour-201516_1704.htm?f=" />
+			<test url="http://muse.mu/news,q-awards_1701.htm?f=" />
+			<test url="http://muse.mu/news.htm" />
+			<test url="http://muse.mu/store.htm" />
+			<test url="http://muse.mu/terms/privacy-policy.htm" />
+			<test url="http://muse.mu/tour-dates,_1970.htm?" />
+			<test url="http://muse.mu/tour-dates,palacio-de-los-deportes-mxico-city-mexico_1913.htm" />
+			<test url="http://muse.mu/tour-dates.htm" />
 
-	<!--	Cert only matches ^muse.mu.
+			<!--	-ve:
 						-->
-	<rule from="^https?://(?:www\.)?muse\.mu/((?:_handlers|_iiwm|_popup|_static|_widgets|ugc_1)/|(?:Script|Web)Resource\.axd(?:$|\?))"
-		to="https://muse.mu/$1" />
+			<test url="http://muse.mu/_static/local/images/logo-muse.png" />
+			<test url="http://muse.mu/_static/shared/images/pixel.gif" />
+			<test url="http://muse.mu/favicon.ico" />
+			<test url="http://muse.mu/siteimg/bgtheme/ugc-1/themes/band/band-2.jpg" />
+			<test url="http://muse.mu/ugc-1/themes/albums/albums-1.jpg" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^muse\.mu$" name="^(?:ASP\.NET_SessionId|ii_Globalisation)$" /-->
+	<!--securecookie host="^board\.muse\.mu$" name="^bbsessionhash$" /-->
+	<!--securecookie host="^www\.muse\.mu$" name="^ASP\.NET_SessionId$" /-->
+
+	<!--securecookie host="^board\.muse\.mu$" name=".+" /-->
+
 
-	<!--	Akamai.
-			-->
-	<rule from="^https?://musecdn\.warnerartists\.com/"
-		to="https://muse.mu/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Muselive.com.xml b/src/chrome/content/rules/Muselive.com.xml
new file mode 100644
index 000000000000..2a31bdc4ee9e
--- /dev/null
+++ b/src/chrome/content/rules/Muselive.com.xml
@@ -0,0 +1,31 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://community.muselive.com/ => https://community.muselive.com/: (7, 'Failed to connect to community.muselive.com port 443: Connection refused')
+
+	(www.)?muselive.com: Dropped
+
+
+	Insecure cookies are set for these hosts:
+
+		- community.muselive.com
+
+-->
+<ruleset name="Muselive.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="community.muselive.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^community\.muselive\.com$" name="^_forum_session$" /-->
+
+	<securecookie host="^community\.muselive\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Museodelprado.es.xml b/src/chrome/content/rules/Museodelprado.es.xml
new file mode 100644
index 000000000000..80eb9810b248
--- /dev/null
+++ b/src/chrome/content/rules/Museodelprado.es.xml
@@ -0,0 +1,30 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://content.museodelprado.es/ => https://content.museodelprado.es/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://content1.museodelprado.es/ => https://content1.museodelprado.es/: (7, 'Failed to connect to content1.museodelprado.es port 443: No route to host')
+Fetch error: http://content2.museodelprado.es/ => https://content2.museodelprado.es/: (7, 'Failed to connect to content2.museodelprado.es port 443: No route to host')
+Fetch error: http://content3.museodelprado.es/ => https://content3.museodelprado.es/: (7, 'Failed to connect to content3.museodelprado.es port 443: No route to host')
+Fetch error: http://static.museodelprado.es/ => https://static.museodelprado.es/: (7, 'Failed to connect to static.museodelprado.es port 443: No route to host')
+Fetch error: http://museodelprado.es/ => https://museodelprado.es/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+-->
+<ruleset name="MuseoDelPrado.es" default_off="failed ruleset test">
+
+	<target host="museodelprado.es" />
+	<!-- HTTPS available on all subdomains -->
+	<target host="*.museodelprado.es" />
+
+	<test url="http://biblioteca.museodelprado.es/" />
+	<test url="http://content.museodelprado.es/" />
+	<test url="http://content1.museodelprado.es/" />
+	<test url="http://content2.museodelprado.es/" />
+	<test url="http://content3.museodelprado.es/" />
+	<test url="http://servicios.museodelprado.es/" />
+	<test url="http://static.museodelprado.es/" />
+	<test url="http://www.museodelprado.es/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Museter.com-problematic.xml b/src/chrome/content/rules/Museter.com-problematic.xml
new file mode 100644
index 000000000000..58cfa105570d
--- /dev/null
+++ b/src/chrome/content/rules/Museter.com-problematic.xml
@@ -0,0 +1,13 @@
+<!--
+	For rules that are on by default, see Museter.com.xml.
+
+-->
+<ruleset name="Museter.com (self-signed)" default_off="self-signed">
+
+	<target host="streams.museter.com" />
+
+
+	<rule from="^http://streams\.museter\.com:2199/"
+		to="https://streams.museter.com:2199/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Museter.com.xml b/src/chrome/content/rules/Museter.com.xml
new file mode 100644
index 000000000000..9bc9cf4abc94
--- /dev/null
+++ b/src/chrome/content/rules/Museter.com.xml
@@ -0,0 +1,44 @@
+<!--
+	For problematic rules, see Museter.com-problematic.xml.
+
+
+	Nonfunctional subdomains:
+
+		- (www.) *
+		- streams *
+
+	* Shows client; mismatched, CN: client.museter.com
+
+
+	Problematic subdomains:
+
+		- streams:2199 *
+
+	* Works; self-signed, CN: 192.184.9.157
+
+
+	These altnames don't exist:
+
+		- www.client.museter.com
+
+
+	Mixed content:
+
+		- Images on streams:2199 from www *
+
+	* Unsecurable
+
+-->
+<ruleset name="Museter.com (partial)">
+
+	<target host="client.museter.com" />
+
+
+	<!--	Server doesn't set Secure for:
+						-->
+	<securecookie host="^client\.museter\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Museum_of_Science-problematic.xml b/src/chrome/content/rules/Museum_of_Science-problematic.xml
deleted file mode 100644
index 7214415aa6b9..000000000000
--- a/src/chrome/content/rules/Museum_of_Science-problematic.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	For rules that are on by default, see Museum_of_Science.xml.
-
--->
-<ruleset name="Museum of Science (problematic)" default_off="expired, mismatched, self-signed">
-
-	<target host="mos.org" />
-	<target host="www.mos.org" />
-		<exclusion pattern="^https?://(?:www\.)?mos\.org/sites/dev-elvis\.mos\.org/themes/.*\.(?:jp|pn)g$" />
-
-
-	<rule from="^https?://(?:www\.)?mos\.org/"
-		to="https://mos.org/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Museum_of_Science.xml b/src/chrome/content/rules/Museum_of_Science.xml
deleted file mode 100644
index bf7825dde685..000000000000
--- a/src/chrome/content/rules/Museum_of_Science.xml
+++ /dev/null
@@ -1,31 +0,0 @@
-<!--
-	For problematic rules, see Museum_of_Science-problematic.xml.
-
-
-	Problematic subdomains:
-
-		- (www.)	(CN: *.acquia-sites.com)
-
-
-	Partially covered subdomains:
-
-		- legacy	(at least some paths redirect to http)
-
--->
-<ruleset name="Museum of Science (partial)">
-
-	<target host="mos.org" />
-	<target host="*.mos.org" />
-		<exclusion pattern="http://legacy\.mos\.org/(?!media/)" />
-
-
-	<securecookie host="^\.mos\.org$" name="^MOS_store$" />
-
-
-	<rule from="^https?://(?:www\.)?mos\.org/sites/dev-elvis\.mos\.org/themes/(.*)\.(jp|pn)g$"
-		to="https://store.mos.org/common/themes/$1.$2g" />
-
-	<rule from="^http://(legacy|store)\.mos\.org/"
-		to="https://$1.mos.org/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Music-Map.com.xml b/src/chrome/content/rules/Music-Map.com.xml
new file mode 100644
index 000000000000..2017cb0880d8
--- /dev/null
+++ b/src/chrome/content/rules/Music-Map.com.xml
@@ -0,0 +1,18 @@
+<!--
+	Invalid certificate:
+		music-map.com
+		box.music-map.com
+
+-->
+<ruleset name="Music-Map.com">
+
+	<target host="music-map.com" />
+	<target host="www.music-map.com" />
+
+	<rule from="^http://music-map\.com/"
+		to="https://www.music-map.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Music-Week.xml b/src/chrome/content/rules/Music-Week.xml
index f3129444c259..b6fa8073a116 100644
--- a/src/chrome/content/rules/Music-Week.xml
+++ b/src/chrome/content/rules/Music-Week.xml
@@ -4,12 +4,11 @@
 	<target host="www.musicweek.com" />
 
 
-	<securecookie host="^www\.musicweek\.com$" name=".*" />
+	<securecookie host="^www\.musicweek\.com$" name=".+" />
 
 
 	<!--	Cert only matches www.
 					-->
-	<rule from="^https?://(?:www\.)?musicweek\.com/"
-		to="https://www.musicweek.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/MusicBrainz.org.xml b/src/chrome/content/rules/MusicBrainz.org.xml
new file mode 100644
index 000000000000..1a9543f71c45
--- /dev/null
+++ b/src/chrome/content/rules/MusicBrainz.org.xml
@@ -0,0 +1,32 @@
+<!--
+	Other MusicBrainz rulesets:
+
+		- Cover_Art_Archive.org.xml
+
+	Other related unprotected hosts:
+
+		- metabrainz.org
+
+	Refused:
+		freedb.musicbrainz.org
+
+-->
+<ruleset name="MusicBrainz.org (partial)">
+
+	<target host="musicbrainz.org" />
+	<target host="www.musicbrainz.org" />
+	<target host="beta.musicbrainz.org" />
+	<target host="blog.musicbrainz.org" />
+	<target host="bugs.musicbrainz.org" />
+	<target host="classic.musicbrainz.org" />
+	<target host="picard.musicbrainz.org" />
+	<target host="search.musicbrainz.org" />
+	<target host="tickets.musicbrainz.org" />
+	<target host="wiki.musicbrainz.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MusicBrainz.xml b/src/chrome/content/rules/MusicBrainz.xml
deleted file mode 100644
index 49b4998bc6b1..000000000000
--- a/src/chrome/content/rules/MusicBrainz.xml
+++ /dev/null
@@ -1,31 +0,0 @@
-<!--
-	As of 2012-10-09, known unprotected subdomains are:
-
-		- forums
-		- blog
-		- tickets
-		- svn
-
-	Other related unprotected hosts:
-
-		- metabrainz.org
--->
-<ruleset name="MusicBrainz">
-	<target host="musicbrainz.org" />
-	<target host="www.musicbrainz.org" />
-	<target host="wiki.musicbrainz.org" />
-	<target host="test.musicbrainz.org" />
-	<target host="beta.musicbrainz.org" />
-
-        <target host="coverartarchive.org" />
-        <target host="www.coverartarchive.org" />
-
-        <securecookie host="^([^/:@]*\.)?musicbrainz\.org$" name=".*" />
-
-        <rule from="^http://(www\.)?musicbrainz\.org/"
-		to="https://musicbrainz.org/" />
-	<rule from="^http://([^/:@]*)\.musicbrainz\.org/"
-		to="https://$1.musicbrainz.org/" />
-        <rule from="^http://(www\.)?coverartarchive\.org/"
-		to="https://coverartarchive.org/" />
-</ruleset>
diff --git a/src/chrome/content/rules/MusicPD.org.xml b/src/chrome/content/rules/MusicPD.org.xml
new file mode 100644
index 000000000000..af1d7c6d25ef
--- /dev/null
+++ b/src/chrome/content/rules/MusicPD.org.xml
@@ -0,0 +1,22 @@
+<!--
+	Non-functional subdomains:
+		- git	(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="MusicPD.org">
+
+	<target host="musicpd.org" />
+	<target host="www.musicpd.org" />
+	<target host="bugs.musicpd.org" />
+	<target host="forum.musicpd.org" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Musicians_Friend.xml b/src/chrome/content/rules/Musicians_Friend.xml
index 1f1246826ffe..a06805b7509d 100644
--- a/src/chrome/content/rules/Musicians_Friend.xml
+++ b/src/chrome/content/rules/Musicians_Friend.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://musiciansfriend.com/ (200) => http://musiciansfriend.com/ (403)
+
 	Nonfunctional subdomains:
 
 		- img3		(shows static, valid cert)
@@ -13,10 +17,12 @@
 	At least some pages redirect to http.
 
 -->
-<ruleset name="Musician's Friend (partial)">
+<ruleset name="Musician's Friend (partial)" default_off="failed ruleset test">
 
 	<target host="musiciansfriend.com" />
-	<target host="*.musiciansfriend.com" />
+	<target host="www.musiciansfriend.com" />
+	<target host="static.musiciansfriend.com" />
+	<target host="origin-static.musiciansfriend.com" />
 
 
 	<securecookie host="^origin-static\.musiciansfriend\.com$" name=".+" />
@@ -28,4 +34,4 @@
 	<rule from="^http://(origin-)?static\.musiciansfriend\.com/"
 		to="https://$1static.musiciansfriend.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Musicmetric.xml b/src/chrome/content/rules/Musicmetric.xml
index 5587006bda1a..0f0245264af1 100644
--- a/src/chrome/content/rules/Musicmetric.xml
+++ b/src/chrome/content/rules/Musicmetric.xml
@@ -1,20 +1,40 @@
+
 <!--
-	!www loops
+Disabled by https-everywhere-checker because:
+Fetch error: http://app.musicmetric.com/ => https://app.musicmetric.com/: (28, 'Connection timed out after 20007 milliseconds')
+Fetch error: http://knowledgebase.musicmetric.com/ => https://knowledgebase.musicmetric.com/: (28, 'Connection timed out after 20000 milliseconds')
+
+	Nonfunctional hosts in *musicmetric.com:
+
+		- (www.)? ¹
+		- artist ²
+
+	¹ WP Engine
+	² Refused
+
+
+	Insecure cookies are set for these hosts:
+
+		- app.musicmetric.com
+		- knowledgebase.musicmetric.com
 
 -->
-<ruleset name="Musicmetric">
+<ruleset name="Musicmetric.com (partial)" default_off="failed ruleset test">
 
-	<target host="musicmetric.com" />
-	<target host="*.musicmetric.com" />
+	<!--	Direct rewrites:
+				-->
+	<target host="app.musicmetric.com" />
+	<target host="knowledgebase.musicmetric.com" />
 
 
-	<securecookie host="^.+\.musicmetric\.com$" name=".+" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="(?:app|knowledgebase)\.musicmetric\.com$" name=".+" /-->
 
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^https?://(?:www\.)?musicmetric\.com/"
-		to="https://www.musicmetric.com/" />
 
-	<rule from="^http://app\.musicmetric\.com/"
-		to="https://app.musicmetric.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Musicnotes.xml b/src/chrome/content/rules/Musicnotes.xml
new file mode 100644
index 000000000000..1447728325c3
--- /dev/null
+++ b/src/chrome/content/rules/Musicnotes.xml
@@ -0,0 +1,44 @@
+<!--
+	^: 404, valid cert
+
+
+	Nonfunctional subdomains:
+
+		- blog ¹
+		- search ²
+
+	¹ Dropped
+	² 403; mismatched, CN: www.musicnotes.com
+
+
+	These altnames don't exist:
+
+		- checkout.musicnotes.com
+		- www.help.musicnotes.com
+
+-->
+<ruleset name="Musicnotes.com (partial)">
+
+	<target host="musicnotes.com" />
+	<target host="www.musicnotes.com" />
+	<target host="help.musicnotes.com" />
+	<target host="origin-www.musicnotes.com" />
+	<target host="sheetmusic.musicnotes.com" />
+	<target host="stage.musicnotes.com" />
+	<target host="tx.musicnotes.com" />
+		<!--exclusion pattern="^http://(blog|search)\.musicnotes\.com/" /-->
+
+
+	<!--	Secured by server:
+					-->
+	<!--securecookie host="^help\.musicnotes\.com$" name="^(_help_center_session|_zendesk_session|_zendesk_shared_session)$" /-->
+
+	<securecookie host="^(?:origin-www|stage|www)?\.musicnotes\.com$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?musicnotes\.com/"
+		to="https://www.musicnotes.com/" />
+
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MusikhusetAarhus.dk.xml b/src/chrome/content/rules/MusikhusetAarhus.dk.xml
new file mode 100644
index 000000000000..afd737ed635e
--- /dev/null
+++ b/src/chrome/content/rules/MusikhusetAarhus.dk.xml
@@ -0,0 +1,14 @@
+<!--
+	Mismatched:
+		- mail
+-->
+<ruleset name="MusikhusetAarhus.dk">
+	<target host="musikhusetaarhus.dk" />
+	<target host="www.musikhusetaarhus.dk" />
+	<target host="billet.musikhusetaarhus.dk" />
+	<target host="konkurrence.musikhusetaarhus.dk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Musikskole-tilmelding.dk.xml b/src/chrome/content/rules/Musikskole-tilmelding.dk.xml
new file mode 100644
index 000000000000..bcfc81494d1d
--- /dev/null
+++ b/src/chrome/content/rules/Musikskole-tilmelding.dk.xml
@@ -0,0 +1,6 @@
+<ruleset name="Musikskole-tilmelding.dk">
+	<target host="musikskole-tilmelding.dk" />
+	<target host="www.musikskole-tilmelding.dk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Musixmatch.com.xml b/src/chrome/content/rules/Musixmatch.com.xml
new file mode 100644
index 000000000000..201f681cffe8
--- /dev/null
+++ b/src/chrome/content/rules/Musixmatch.com.xml
@@ -0,0 +1,50 @@
+<!--
+	Other Musixmatch rulesets:
+
+		- MxmCDN.net.xml
+
+
+	These altnames do not exist:
+
+		- www.blog.musixmatch.com
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- .about.musixmatch.com
+		- forum.musixmatch.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Bug on developer from www.googleadservices.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Musixmatch.com">
+
+	<target host="musixmatch.com" />
+	<target host="about.musixmatch.com" />
+	<target host="api.musixmatch.com" />
+	<target host="blog.musixmatch.com" />
+	<target host="developer.musixmatch.com" />
+	<target host="forum.musixmatch.com" />
+	<target host="support.musixmatch.com" />
+	<target host="www.musixmatch.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.about\.musixmatch\.com$" name="^ARRAffinity$" /-->
+	<!--securecookie host="^forum\.musixmatch\.com$" name="^express\.sid$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Musl-libc.org.xml b/src/chrome/content/rules/Musl-libc.org.xml
new file mode 100644
index 000000000000..ea7fa546cd75
--- /dev/null
+++ b/src/chrome/content/rules/Musl-libc.org.xml
@@ -0,0 +1,10 @@
+<ruleset name="musl-libc.org">
+	<target host="musl-libc.org" />
+	<target host="www.musl-libc.org" />
+	<target host="git.musl-libc.org" />
+	<target host="wiki.musl-libc.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Muslim-Library.com.xml b/src/chrome/content/rules/Muslim-Library.com.xml
new file mode 100644
index 000000000000..72a5db7000cd
--- /dev/null
+++ b/src/chrome/content/rules/Muslim-Library.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="Muslim-Library.com">
+	<target host="muslim-library.com" />
+	<target host="www.muslim-library.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MuslimAdvocates.org.xml b/src/chrome/content/rules/MuslimAdvocates.org.xml
new file mode 100644
index 000000000000..427f59dbbc3e
--- /dev/null
+++ b/src/chrome/content/rules/MuslimAdvocates.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="MuslimAdvocates.org">
+	<target host="muslimadvocates.org" />
+	<target host="www.muslimadvocates.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MuslimAmericanSociety.org.xml b/src/chrome/content/rules/MuslimAmericanSociety.org.xml
new file mode 100644
index 000000000000..7a689e760d9f
--- /dev/null
+++ b/src/chrome/content/rules/MuslimAmericanSociety.org.xml
@@ -0,0 +1,12 @@
+<!--
+	Invalid certificate:
+	- nj.muslimamericansociety.org
+	- seattle.muslimamericansociety.org
+
+-->
+<ruleset name="MuslimAmericanSociety.org">
+	<target host="muslimamericansociety.org" />
+	<target host="www.muslimamericansociety.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MuslimAnswers.net.xml b/src/chrome/content/rules/MuslimAnswers.net.xml
new file mode 100644
index 000000000000..819ac99d8c74
--- /dev/null
+++ b/src/chrome/content/rules/MuslimAnswers.net.xml
@@ -0,0 +1,8 @@
+<ruleset name="MuslimAnswers.net">
+	<target host="muslimanswers.net" />
+	<target host="www.muslimanswers.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MuslimCentral.com.xml b/src/chrome/content/rules/MuslimCentral.com.xml
new file mode 100644
index 000000000000..843cba81c8c7
--- /dev/null
+++ b/src/chrome/content/rules/MuslimCentral.com.xml
@@ -0,0 +1,14 @@
+<!--
+	Related Ruleset:
+		QuranCentral.com.xml
+-->
+<ruleset name="MuslimCentral.com">
+	<target host="muslimcentral.com" />
+	<target host="www.muslimcentral.com" />
+	<target host="cdn.muslimcentral.com" />
+	<target host="quran.muslimcentral.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MuslimInstitute.org.xml b/src/chrome/content/rules/MuslimInstitute.org.xml
new file mode 100644
index 000000000000..fad403d7ea2b
--- /dev/null
+++ b/src/chrome/content/rules/MuslimInstitute.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="MuslimInstitute.org">
+	<target host="musliminstitute.org" />
+	<target host="www.musliminstitute.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MuslimMatters.org.xml b/src/chrome/content/rules/MuslimMatters.org.xml
new file mode 100644
index 000000000000..135192f903e1
--- /dev/null
+++ b/src/chrome/content/rules/MuslimMatters.org.xml
@@ -0,0 +1,12 @@
+<!--
+	Invalid Certificate:
+		cdn.muslimmatters.org
+-->
+<ruleset name="MuslimMatters.org">
+	<target host="muslimmatters.org" />
+	<target host="www.muslimmatters.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MuslimPro.com.xml b/src/chrome/content/rules/MuslimPro.com.xml
new file mode 100644
index 000000000000..6a625cc8442d
--- /dev/null
+++ b/src/chrome/content/rules/MuslimPro.com.xml
@@ -0,0 +1,23 @@
+<!--
+	Invalid certificate:
+	- download.muslimpro.com
+	- salam.muslimpro.com
+	- translate.muslimpro.com
+
+	No working URL known:
+	- api.muslimpro.com
+
+	Secure connection failed:
+	- muslimpro.com
+
+-->
+<ruleset name="MuslimPro.com">
+	<target host="muslimpro.com" />
+	<target host="www.muslimpro.com" />
+	<target host="support.muslimpro.com" />
+
+	<securecookie host="^(www|support)\.muslimpro\.com$" name=".+" />
+
+	<rule from="^http://muslimpro\.com/" to="https://www.muslimpro.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MuslimVillage.com.xml b/src/chrome/content/rules/MuslimVillage.com.xml
new file mode 100644
index 000000000000..5e7e2f38a312
--- /dev/null
+++ b/src/chrome/content/rules/MuslimVillage.com.xml
@@ -0,0 +1,30 @@
+<!--
+	Invalid certificate:
+	- ar.muslimvillage.com
+	- da.muslimvillage.com
+	- de.muslimvillage.com
+	- es.muslimvillage.com
+	- fa.muslimvillage.com
+	- fi.muslimvillage.com
+	- fr.muslimvillage.com
+	- hi.muslimvillage.com
+	- id.muslimvillage.com
+	- it.muslimvillage.com
+	- ja.muslimvillage.com
+	- ms.muslimvillage.com
+	- nl.muslimvillage.com
+	- no.muslimvillage.com
+	- pt.muslimvillage.com
+	- ru.muslimvillage.com
+	- sv.muslimvillage.com
+	- tl.muslimvillage.com
+	- tr.muslimvillage.com
+	- zh-cn.muslimvillage.com
+
+-->
+<ruleset name="MuslimVillage.com">
+	<target host="muslimvillage.com" />
+	<target host="www.muslimvillage.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Muslim_Aid.org.xml b/src/chrome/content/rules/Muslim_Aid.org.xml
new file mode 100644
index 000000000000..42e67f11cf63
--- /dev/null
+++ b/src/chrome/content/rules/Muslim_Aid.org.xml
@@ -0,0 +1,13 @@
+<!--
+	Invalid Certificate:
+		ramadan.muslimaid.org
+-->
+<ruleset name="Muslim Aid.org">
+	<target host="muslimaid.org" />
+	<target host="www.muslimaid.org" />
+	<target host="qurbani.muslimaid.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MuslimsFacingTomorrow.com.xml b/src/chrome/content/rules/MuslimsFacingTomorrow.com.xml
new file mode 100644
index 000000000000..1ce1a6806ca6
--- /dev/null
+++ b/src/chrome/content/rules/MuslimsFacingTomorrow.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="MuslimsFacingTomorrow.com">
+	<target host="muslimsfacingtomorrow.com" />
+	<target host="www.muslimsfacingtomorrow.com" />
+	<target host="mail.muslimsfacingtomorrow.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Musopen.xml b/src/chrome/content/rules/Musopen.xml
index 03c2733bc7c0..f8b4524bd7ab 100644
--- a/src/chrome/content/rules/Musopen.xml
+++ b/src/chrome/content/rules/Musopen.xml
@@ -26,10 +26,9 @@
 	<target host="www.musopen.org" />
 
 
-	<securecookie host="^musopen\.org$" name=".*" />
+	<securecookie host="^musopen\.org$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?musopen\.org/"
-		to="https://musopen.org/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Muspy.xml b/src/chrome/content/rules/Muspy.xml
index 7818e5568395..f31f2ce4ea23 100644
--- a/src/chrome/content/rules/Muspy.xml
+++ b/src/chrome/content/rules/Muspy.xml
@@ -4,7 +4,6 @@
 	<target host="www.muspy.com" />
 
 
-	<rule from="^http://(www\.)?muspy\.com/"
-		to="https://$1muspy.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Mutantbrains.com.xml b/src/chrome/content/rules/Mutantbrains.com.xml
index 026306cde1a3..73854df3f236 100644
--- a/src/chrome/content/rules/Mutantbrains.com.xml
+++ b/src/chrome/content/rules/Mutantbrains.com.xml
@@ -2,7 +2,6 @@
 
 	<target host="piwik.mutantbrains.com" />
 
-	<rule from="^http://piwik\.mutantbrains\.com/"
-		to="https://piwik.mutantbrains.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Mutelight.org.xml b/src/chrome/content/rules/Mutelight.org.xml
new file mode 100644
index 000000000000..18220e30a74a
--- /dev/null
+++ b/src/chrome/content/rules/Mutelight.org.xml
@@ -0,0 +1,12 @@
+<ruleset name="Mutelight.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="mutelight.org" />
+	<target host="www.mutelight.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mutoon.one.xml b/src/chrome/content/rules/Mutoon.one.xml
new file mode 100644
index 000000000000..744f0618b9b2
--- /dev/null
+++ b/src/chrome/content/rules/Mutoon.one.xml
@@ -0,0 +1,14 @@
+<!--
+	Invalid certificate:
+		www.mutoon.one
+-->
+<ruleset name="Mutoon.one">
+	<target host="mutoon.one" />
+	<target host="www.mutoon.one" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://www\.mutoon\.one/" to="https://mutoon.one/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mutt.xml b/src/chrome/content/rules/Mutt.xml
deleted file mode 100644
index b12e1fd14f1e..000000000000
--- a/src/chrome/content/rules/Mutt.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)
-		- wiki
-
--->
-<ruleset name="mutt (partial)" default_off="self-signed">
-
-	<target host="dev.mutt.org" />
-
-
-	<securecookie host="^dev\.mutt\.org$" name=".*" />
-
-
-	<!--	- Cert: dev.mutt.org
-		- 302s like so
-				-->
-	<rule from="^http://bugs\.mutt\.org/"
-		to="https://dev.mutt.org/trac/" />
-
-	<rule from="^http://dev\.mutt\.org/"
-		to="https://dev.mutt.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Mutterschaftsgeld.de.xml b/src/chrome/content/rules/Mutterschaftsgeld.de.xml
new file mode 100644
index 000000000000..f8aa6aa47bf6
--- /dev/null
+++ b/src/chrome/content/rules/Mutterschaftsgeld.de.xml
@@ -0,0 +1,8 @@
+<ruleset name="Mutterschaftsgeld.de" default_off="cert-chain">
+
+	<target host="mutterschaftsgeld.de" />
+	<target host="www.mutterschaftsgeld.de" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MutualArt.com.xml b/src/chrome/content/rules/MutualArt.com.xml
index 9f59a3aee3b9..72e0ccc32622 100644
--- a/src/chrome/content/rules/MutualArt.com.xml
+++ b/src/chrome/content/rules/MutualArt.com.xml
@@ -16,7 +16,6 @@
 	<securecookie host="^www\.mutualart\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?mutualart\.com/"
-		to="https://www.mutualart.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Mutual_of_America.xml b/src/chrome/content/rules/Mutual_of_America.xml
index c23bd568916d..1148840178b0 100644
--- a/src/chrome/content/rules/Mutual_of_America.xml
+++ b/src/chrome/content/rules/Mutual_of_America.xml
@@ -1,22 +1,29 @@
 <!--
-	Problematic subdomains:
+	Insecure cookies are set for these hosts:
 
-		- ^	(cert only matches www)
+		- m.mutualofamerica.com
 
 -->
-<ruleset name="Mutual of America">
+<ruleset name="Mutual of America.com">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="mutualofamerica.com" />
-	<target host="*.mutualofamerica.com" />
+	<target host="common.mutualofamerica.com" />
+	<target host="hotlineplus.mutualofamerica.com" />
+	<target host="m.mutualofamerica.com" />
+	<target host="myaccount.mutualofamerica.com" />
+	<target host="www.mutualofamerica.com" />
 
 
-	<securecookie host="^.+\.mutualofamerica\.com$" name=".+" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^m\.mutualofamerica\.com$" name="^(?:X-Mapping-[a-z]+|-un-device-|-un-ss-|-un-ws-)$" /-->
 
+	<securecookie host=".+\.mutualofamerica\.com$" name=".+" />
 
-	<rule from="^http://(?:www\.)?mutualofamerica\.com/"
-		to="https://www.mutualofamerica.com/" />
 
-	<rule from="^http://(bocam|common|hotlineplus|myaccount)\.mutualofamerica\.com/"
-		to="https://$1.mutualofamerica.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Muusikoiden.net.xml b/src/chrome/content/rules/Muusikoiden.net.xml
deleted file mode 100644
index 8e90a7cdcd0c..000000000000
--- a/src/chrome/content/rules/Muusikoiden.net.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="Muusikoiden.net">
-	<target host="muusikoiden.net"/>
-	<target host="www.muusikoiden.net"/>
-
-	<securecookie host="^muusikoiden\.net$" name=".+" />
-
-	<rule from="^http://(www\.)?muusikoiden\.net/"
-		to="https://$1muusikoiden.net/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/Muut.com.xml b/src/chrome/content/rules/Muut.com.xml
new file mode 100644
index 000000000000..9c566d252171
--- /dev/null
+++ b/src/chrome/content/rules/Muut.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="Muut.com">
+
+	<target host="muut.com" />
+	<target host="www.muut.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Muwazna.org.xml b/src/chrome/content/rules/Muwazna.org.xml
new file mode 100644
index 000000000000..79bfba883218
--- /dev/null
+++ b/src/chrome/content/rules/Muwazna.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="Muwazna.org">
+	<target host="muwazna.org" />
+	<target host="www.muwazna.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mux.de.xml b/src/chrome/content/rules/Mux.de.xml
new file mode 100644
index 000000000000..f71d953d4501
--- /dev/null
+++ b/src/chrome/content/rules/Mux.de.xml
@@ -0,0 +1,23 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://mux.de/ => https://mux.de/: Too many redirects while fetching 'https://mux.de/'
+Fetch error: http://static.mux.de/ => https://static.mux.de/: Too many redirects while fetching 'https://static.mux.de/'
+Fetch error: http://www.mux.de/ => https://www.mux.de/: Too many redirects while fetching 'https://www.mux.de/'
+ Mixed content breakage on customer-specific subdomains like
+	- wortwahl.mux.de
+	- beatrixzurek.mux.de
+	- reichenbachdelikatessen.mux.de
+	- bidjanbek.mux.de
+-->
+<ruleset name="Branchenbuch München" default_off="failed ruleset test">
+
+	<target host="mux.de"/>
+	<target host="edit.mux.de"/>
+	<target host="static.mux.de"/>
+	<target host="www.mux.de"/>
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mvnrepository.com.xml b/src/chrome/content/rules/Mvnrepository.com.xml
new file mode 100644
index 000000000000..58c8f35ddcd5
--- /dev/null
+++ b/src/chrome/content/rules/Mvnrepository.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Mvnrepository.com">
+	<target host="mvnrepository.com" />
+	<target host="www.mvnrepository.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mwave.com.au.xml b/src/chrome/content/rules/Mwave.com.au.xml
new file mode 100644
index 000000000000..91e00d1c4e33
--- /dev/null
+++ b/src/chrome/content/rules/Mwave.com.au.xml
@@ -0,0 +1,17 @@
+<!--
+	Invalid certificate:
+		computers.mwave.com.au
+		specs.mwave.com.au
+		vendor.mwave.com.au
+
+-->
+<ruleset name="Mwave.com.au">
+
+	<target host="mwave.com.au" />
+	<target host="www.mwave.com.au" />
+	<target host="blog.mwave.com.au" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mwave.xml b/src/chrome/content/rules/Mwave.xml
deleted file mode 100644
index 3ebb528a04f4..000000000000
--- a/src/chrome/content/rules/Mwave.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	Some pages redirect to http
-
--->
-<ruleset name="Mwave Australia (partial)">
-
-	<target host="mwave.com.au" />
-	<target host="www.mwave.com.au" />
-
-
-	<rule from="^https?://(?:www\.)?mwave\.com\.au/((?:businesscorp|checkout|help|myaccount|privacy-policy|terms-and-conditions)(?:$|\?|/)|catalog/emailsubscribe|[cC]ontent/|favicon\.ico|images/|[sS]ecure/)"
-		to="https://www.mwave.com.au/$1" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Mwellner.de.xml b/src/chrome/content/rules/Mwellner.de.xml
new file mode 100644
index 000000000000..c73236463f2b
--- /dev/null
+++ b/src/chrome/content/rules/Mwellner.de.xml
@@ -0,0 +1,33 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- mwellner.de
+		- www.mwellner.de
+
+
+	Mixed content:
+
+		- css from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="mwellner.de (false MCB)" platform="mixedcontent">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="mwellner.de" />
+	<target host="www.mwellner.de" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?mwellner\.de$" name="^_icl_current_language$" /-->
+
+	<securecookie host="^(?:www\.)?mwellner\.de$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mwop.net.xml b/src/chrome/content/rules/Mwop.net.xml
new file mode 100644
index 000000000000..3644ad9f5bf4
--- /dev/null
+++ b/src/chrome/content/rules/Mwop.net.xml
@@ -0,0 +1,12 @@
+<ruleset name="mwop.net">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="mwop.net" />
+	<target host="www.mwop.net" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MxmCDN.net.xml b/src/chrome/content/rules/MxmCDN.net.xml
new file mode 100644
index 000000000000..8874542654db
--- /dev/null
+++ b/src/chrome/content/rules/MxmCDN.net.xml
@@ -0,0 +1,40 @@
+<!--
+	For other Musixmatch coverage, see Musixmatch.com.xml.
+
+
+	NB: Tor users cannot view* this website due to CloudFlare settings.
+
+	See:
+
+		- https://blog.torproject.org/blog/call-arms-helping-internet-services-accept-anonymous-users
+		- https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block-Tor-
+		- https://support.cloudflare.com/hc/en-us/articles/200170206-How-do-I-turn-I-m-Under-Attack-mode-on-
+
+	* without enabling javascript, for security and privacy implications see e.g.:
+
+		- https://www.mozilla.org/security/known-vulnerabilities/firefox.html
+		- https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-fingerprinting
+		- https://panopticlick.eff.org
+
+
+	Insecure cookies are set for these domains:
+
+		- .mxmcdn.net
+
+-->
+<ruleset name="MxmCDN.net">
+
+	<target host="s.mxmcdn.net" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.mxmcdn\.net$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mxpnl.com.xml b/src/chrome/content/rules/Mxpnl.com.xml
new file mode 100644
index 000000000000..fbf25f77e036
--- /dev/null
+++ b/src/chrome/content/rules/Mxpnl.com.xml
@@ -0,0 +1,17 @@
+<!--
+	For other Mixpanel coverage, see Mixpanel.xml.
+
+
+	cdn sets insecure mp_\w{32}_mixpanel wildcard
+	cookie on whichever domain it is loaded from.
+
+-->
+<ruleset name="Mxpnl.com">
+
+	<target host="cdn.mxpnl.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mxptint.net.xml b/src/chrome/content/rules/Mxptint.net.xml
new file mode 100644
index 000000000000..6a73ba27b14e
--- /dev/null
+++ b/src/chrome/content/rules/Mxptint.net.xml
@@ -0,0 +1,52 @@
+<!--
+	Connection refused:
+		- noredir.mxptint.net
+		- r.mxptint.net
+
+	Timeout:
+		- ftp.mxptint.net
+		- mlc.mxptint.net
+		- mpt.mxptint.net
+		- preview.mxptint.net
+		- www.mxptint.net
+
+	TLS error:
+		- aep.emea.mxptint.net
+		- bkp.emea.mxptint.net
+		- mps.mxptint.net
+		- mpc.nl.mxptint.net
+		- mpd.nl.mxptint.net
+		- oxp.emea.mxptint.net
+		- rbp.emea.mxptint.net
+-->
+<ruleset name="mxptint.net">
+
+	<target host="mxptint.net" />
+
+	<target host="abp.mxptint.net" />
+	<target host="aep.mxptint.net" />
+	<target host="atp.mxptint.net" />
+	<target host="bkp.mxptint.net" />
+	<target host="brp.mxptint.net" />
+	<target host="cxp.mxptint.net" />
+	<target host="mpp.emea.mxptint.net" />
+	<target host="exp.mxptint.net" />
+	<target host="lrp.mxptint.net" />
+	<target host="mpc.mxptint.net" />
+	<target host="mpd.mxptint.net" />
+	<target host="mpp.mxptint.net" />
+	<target host="optout.mxptint.net" />
+	<target host="oxp.mxptint.net" />
+	<target host="pmp.mxptint.net" />
+	<target host="rbp.mxptint.net" />
+	<target host="sxp.mxptint.net" />
+	<target host="tap.mxptint.net" />
+	<target host="test.mxptint.net" />
+	<target host="yhp.mxptint.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/My-Aime.net.xml b/src/chrome/content/rules/My-Aime.net.xml
new file mode 100644
index 000000000000..6f23c565d680
--- /dev/null
+++ b/src/chrome/content/rules/My-Aime.net.xml
@@ -0,0 +1,11 @@
+<!--
+	Timeout:
+		- mx
+-->
+<ruleset name="My-Aime.net">
+	<target host="my-aime.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/My-Files.xml b/src/chrome/content/rules/My-Files.xml
index 8b61a62ba952..b4fa63340e6d 100644
--- a/src/chrome/content/rules/My-Files.xml
+++ b/src/chrome/content/rules/My-Files.xml
@@ -1,4 +1,12 @@
-<ruleset name="My-files.de">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://w01.my-files.de/ => https://w01.my-files.de/: (60, 'SSL certificate problem: certificate has expired')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://w01.my-files.de/ => https://w01.my-files.de/: (60, 'SSL certificate problem: certificate has expired')
+-->
+<ruleset name="My-files.de" default_off="failed ruleset test">
   <target host="w01.my-files.de" />
-  <rule from="^http://w01\.my-files\.de/" to="https://w01.my-files.de/"/>
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/My.com.xml b/src/chrome/content/rules/My.com.xml
new file mode 100644
index 000000000000..ee17f7707d3f
--- /dev/null
+++ b/src/chrome/content/rules/My.com.xml
@@ -0,0 +1,45 @@
+<!--
+    Nonfunctional subdomains:
+
+        - blog   -> redirects to http
+
+    Mixed content:
+        - css on mymail from fonts.googleapis.com *
+
+    * Secured by us
+
+    Other My.com rulesets:
+        - Maps.me.xml
+-->
+<ruleset name="My.com (partial)">
+    <target host="my.com" />
+    <target host="*.my.com" />
+
+	<test url="http://account.my.com/" />
+	<test url="http://allods.my.com/" />
+	<test url="http://aw.my.com/" />
+	<test url="http://blog.my.com/" />
+	<test url="http://evo.my.com/" />
+	<test url="http://evo2.my.com/" />
+	<test url="http://help.my.com/" />
+	<test url="http://hou.my.com/" />
+	<test url="http://id.my.com/" />
+	<test url="http://jh.my.com/" />
+	<test url="http://jw.my.com/" />
+	<test url="http://legal.my.com/" />
+	<test url="http://mg.my.com/" />
+	<test url="http://mymail.my.com/" />
+	<test url="http://pay.my.com/" />
+	<test url="http://poker.my.com/" />
+	<test url="http://press.my.com/" />
+	<test url="http://r.my.com/" />
+	<test url="http://sf.my.com/" />
+	<test url="http://support.my.com/" />
+	<test url="http://target.my.com/" />
+	<test url="http://wos.my.com/" />
+
+    <securecookie host="^(.*\.)?my\.com$" name=".+" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MyAJC.com.xml b/src/chrome/content/rules/MyAJC.com.xml
new file mode 100644
index 000000000000..e18b6be31eb8
--- /dev/null
+++ b/src/chrome/content/rules/MyAJC.com.xml
@@ -0,0 +1,38 @@
+<!--
+	Other Atlanta Journal Constitution rulesets:
+		* AJC.com.xml
+
+	Unsupported subdomains:
+		Error code: SSL_ERROR_RX_RECORD_TOO_LONG:
+			preview.myajc.com
+
+		Invalid Cert:
+			myajc.com (without www.)
+			doctors.myajc.com
+			schools.myajc.com
+			specials.myajc.com
+
+		Redirects to http:
+			*.blog.myajc.com
+			membercenter.myajc.com
+
+		Timeout on HTTPS:
+			atlantaforward.myajc.com
+			battleofatlanta.myajc.com
+			breakdown.myajc.com
+			crime.myajc.com
+			elections.myajc.com
+			games.myajc.com
+			hospitals.myajc.com
+			investigations.myajc.com
+			legislativenavigator.myajc.com
+			memories.myajc.com
+			personaljourneys.myajc.com
+			specialprojects.myajc.com
+			sports.myajc.com
+-->
+<ruleset name="MyAJC.com (partial)">
+	<target host="www.myajc.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MyAMS.org.xml b/src/chrome/content/rules/MyAMS.org.xml
new file mode 100644
index 000000000000..cd2e15239513
--- /dev/null
+++ b/src/chrome/content/rules/MyAMS.org.xml
@@ -0,0 +1,6 @@
+<ruleset name="MyAMS.org">
+	<target host="myams.org" />
+	<target host="www.myams.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MyBB_Central.xml b/src/chrome/content/rules/MyBB_Central.xml
index 43014b533252..2b5ce5cb3624 100644
--- a/src/chrome/content/rules/MyBB_Central.xml
+++ b/src/chrome/content/rules/MyBB_Central.xml
@@ -1,13 +1,12 @@
 <ruleset name="MyBB Central">
 
 	<target host="mybbcentral.com" />
-	<target host="*.mybbcentral.com" />
+	<target host="www.mybbcentral.com" />
 
 
 	<securecookie host="^\.mybbcentral\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?mybbcentral\.com/"
-		to="https://$1mybbcentral.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MyBenefits-CalWIN.xml b/src/chrome/content/rules/MyBenefits-CalWIN.xml
new file mode 100644
index 000000000000..39e4ae30afe2
--- /dev/null
+++ b/src/chrome/content/rules/MyBenefits-CalWIN.xml
@@ -0,0 +1,21 @@
+<!--
+	Problematic domains:
+
+		- mybenefitscalwin.org *
+
+	* Mismatched
+
+-->
+<ruleset name="MyBenefits CalWIN">
+	<target host="mybenefitscalwin.com" />
+	<target host="www.mybenefitscalwin.com" />
+	<target host="mybenefitscalwin.net" />
+	<target host="www.mybenefitscalwin.net" />
+	<target host="mybenefitscalwin.org" />
+	<target host="www.mybenefitscalwin.org" />
+
+	<securecookie host="^www\.mybenefitscalwin\.org$" name=".+" />
+
+	<rule from="^http://(?:www\.)?mybenefitscalwin\.(?:com|net|org)/"
+		to="https://www.mybenefitscalwin.org/" />
+</ruleset>
diff --git a/src/chrome/content/rules/MyBetter.com.xml b/src/chrome/content/rules/MyBetter.com.xml
index 59800744d511..6322855ef60c 100644
--- a/src/chrome/content/rules/MyBetter.com.xml
+++ b/src/chrome/content/rules/MyBetter.com.xml
@@ -1,4 +1,10 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://mybetter.com/ => https://mybetter.com/: (60, 'SSL certificate problem: certificate has expired')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://mybetter.com/ => https://mybetter.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 	MyBetter Hosting
 
 
@@ -9,19 +15,17 @@
 		- server2...:2222
 
 -->
-<ruleset name="MyBetter.com">
+<ruleset name="MyBetter.com" default_off="failed ruleset test">
 
 	<target host="mybetter.com" />
-	<target host="*.mybetter.com" />
+	<target host="server2.mybetter.com" />
+	<target host="www.mybetter.com" />
 
 
 	<securecookie host="^server2\.mybetter\.com$" name=".+" />
 
 
-	<rule from="^http://(server2\.|www\.)?mybetter\.com/"
-		to="https://$1mybetter.com/" />
 
-	<rule from="^http://server2\.mybetter\.com:2222/"
-		to="https://server2.mybetter.com:2222/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MyBrowserAddon.com.xml b/src/chrome/content/rules/MyBrowserAddon.com.xml
new file mode 100644
index 000000000000..cc29cedad44c
--- /dev/null
+++ b/src/chrome/content/rules/MyBrowserAddon.com.xml
@@ -0,0 +1,15 @@
+<!--
+	Invalid certificate:
+		media.mybrowseraddon.com
+
+-->
+<ruleset name="MyBrowserAddon">
+
+	<target host="mybrowseraddon.com" />
+	<target host="www.mybrowseraddon.com" />
+	<target host="cdn.mybrowseraddon.com" />
+		<test url="http://cdn.mybrowseraddon.com/images/easy-emoji-big.png" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MyBuys.com-falsemixed.xml b/src/chrome/content/rules/MyBuys.com-falsemixed.xml
deleted file mode 100644
index 0e8f16966b43..000000000000
--- a/src/chrome/content/rules/MyBuys.com-falsemixed.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	For rules not causing false/broken MCB, see MyBuys.xml.
-
--->
-<ruleset name="MyBuys.com (false MCB)" platform="mixedcontent">
-
-	<target host="mybuys.com" />
-	<target host="www.mybuys.com" />
-		<!--
-			Handled in MyBuys.xml:
-						-->
-		<!--exclusion pattern="^http://(www\.)?mybuys\.com/+(favicon\.ico|wp-content/|wp-includes/)" /-->
-
-
-	<rule from="^http://(www\.)?mybuys\.com/(?!favicon\.ico|wp-content/|wp-includes/)"
-		to="https://$1mybuys.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/MyBuys.xml b/src/chrome/content/rules/MyBuys.xml
index 4aae82661fdd..781079adca73 100644
--- a/src/chrome/content/rules/MyBuys.xml
+++ b/src/chrome/content/rules/MyBuys.xml
@@ -1,7 +1,4 @@
 <!--
-	For rules causing false/broken MCB, see MyBuys.com-falsemixed.xml.
-
-
 		- mybuys.mktoweb.com
 
 			- www2
@@ -14,12 +11,13 @@
 
 	Partially covered subdomains:
 
-		- (www.)	(avoiding false/broken MCB)
 		- www2		($ redirects to app-sjh.marketo.com)
 
 
 	Fully covered subdomains:
 
+		- (www.)
+
 		- p subdomains:
 
 			- bi5
@@ -37,7 +35,7 @@
 
 	Mixed content:
 
-		- css on www from www *
+		- css on www from fonts.googleapis.com *
 
 		- Images on www from www *
 
@@ -53,11 +51,12 @@
 <ruleset name="MyBuys (partial)">
 
 	<target host="mybuys.com" />
-	<target host="*.mybuys.com" />
-		<!--
-			Avoid false/broken MCB:
-						-->
-		<exclusion pattern="^http://(?:www\.)?mybuys\.com/+(?!favicon\.ico|wp-content/|wp-includes/)" />
+	<target host="bi5.p.mybuys.com" />
+	<target host="portal.p.mybuys.com" />
+	<target host="t.p.mybuys.com" />
+	<target host="w.p.mybuys.com" />
+	<target host="www.mybuys.com" />
+	<target host="www2.mybuys.com" />
 
 
 	<securecookie host=".*\.mybuys\.com$" name=".+" />
diff --git a/src/chrome/content/rules/MyCalendar.xml b/src/chrome/content/rules/MyCalendar.xml
deleted file mode 100644
index 192784374192..000000000000
--- a/src/chrome/content/rules/MyCalendar.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="MyCalendar">
-
-	<target host="mycalendarbook.com" />
-	<target host="www.mycalendarbook.com" />
-
-
-	<!--	Cert doesn't match !www.
-						-->
-	<rule from="^https?://(?:www\.)?mycalendarbook\.com/"
-		to="https://mycalendarbook.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/MyCanvas.com.xml b/src/chrome/content/rules/MyCanvas.com.xml
new file mode 100644
index 000000000000..ddb912685110
--- /dev/null
+++ b/src/chrome/content/rules/MyCanvas.com.xml
@@ -0,0 +1,12 @@
+<!--
+	Refused:
+		secure.mycanvas.com
+-->
+<ruleset name="MyCanvas.com">
+	<target host="mycanvas.com" />
+	<target host="www.mycanvas.com" />
+	<target host="ancestrysso.mycanvas.com" />
+	<target host="help.mycanvas.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MyCharity.ie.xml b/src/chrome/content/rules/MyCharity.ie.xml
index 2da1451c17ba..2add9da0b56b 100644
--- a/src/chrome/content/rules/MyCharity.ie.xml
+++ b/src/chrome/content/rules/MyCharity.ie.xml
@@ -1,4 +1,11 @@
-<ruleset name="MyCharity.ie">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://mycharity.ie/ => https://www.mycharity.ie/: (7, 'Failed to connect to www.mycharity.ie port 443: Connection refused')
+Fetch error: http://www.mycharity.ie/ => https://www.mycharity.ie/: (7, 'Failed to connect to www.mycharity.ie port 443: Connection refused')
+
+-->
+<ruleset name="MyCharity.ie" default_off="failed ruleset test">
   <!-- cert valid only for www. -->
   <target host="mycharity.ie" />
   <target host="www.mycharity.ie" />
diff --git a/src/chrome/content/rules/MyChart.xml b/src/chrome/content/rules/MyChart.xml
index a6799893ffa0..04f201679b6f 100644
--- a/src/chrome/content/rules/MyChart.xml
+++ b/src/chrome/content/rules/MyChart.xml
@@ -1,13 +1,13 @@
 <ruleset name="MyChart" platform="mixedcontent">
 
 	<target host="viewmychart.com" />
-	<target host="*.viewmychart.com" />
+	<target host="www.viewmychart.com" />
 
 
-	<securecookie host="^(.*\.)?viewmychart\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?viewmychart\.com/"
+	<rule from="^http://(?:www\.)?viewmychart\.com/"
 		to="https://www.viewmychart.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/MyCommerce.xml b/src/chrome/content/rules/MyCommerce.xml
index c98a462a3b38..b2da12c021c7 100644
--- a/src/chrome/content/rules/MyCommerce.xml
+++ b/src/chrome/content/rules/MyCommerce.xml
@@ -2,66 +2,34 @@
 	For other Digital River coverage, see Digital-River.xml.
 
 
-	Nonfunctional domains:
+	CDN buckets:
 
-		- (www.)shareit.com	(no https)
+		- mycommerce-a.akamaihd.net
 
 
-	Problematic domains:
+	Insecure cookies are set for these hosts:
 
-		- esellerate.net	(400)
-
-
-	Fully covered domains:
-
-		- esellerate.net subdomains:
-
-			- (www.)	(^ → www)
-			- publishers
-			- store
-			- store\d
-
-		- (www.)mycommerce.com
-		- ccc.shareit.com
-		- secure.shareit.com
+		- cs.mycommerce.com
+		- www.mycommerce.com
 
 -->
-<ruleset name="MyCommerce">
+<ruleset name="MyCommerce.com">
 
-	<target host="esellerate.net" />
-	<target host="*.esellerate.net" />
 	<target host="mycommerce.com" />
+	<target host="cdn.mycommerce.com" />
+	<target host="cs.mycommerce.com" />
 	<target host="www.mycommerce.com" />
-	<target host="shareit.com" />
-	<target host="*.shareit.com" />
-
-
-	<!--	Observed cookie domains:
-
-			- publishers.esellerate.net
-			- store[236].esellerate.net
-			- mycommerce.com
-			- partner.mycommerce.com
-			- www.mycommerce.com
-			- ccc.shareit.com
-			- secure.shareit.com
-						-->
-	<securecookie host="^(?:.*\.)?(?:esellerate|mycommerce|shareit)\.com$" name=".+" />
-
 
-	<rule from="^http://esellerate\.net/"
-		to="https://www.esellerate.net/" />
 
-	<rule from="^http://(partner|publishers|store\d?|www)\.esellerate\.net/"
-		to="https://$1.esellerate.net/"/>
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^cs\.mycommerce\.com$" name="^BIGipServer.*" /-->
+	<!--securecookie host="^www\.mycommerce\.com$" name="^[\da-f]{32}$" /-->
 
-	<rule from="^http://(www\.)?mycommerce\.com/"
-		to="https://mycommerce.com/"/>
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(?:www\.)?shareit\.com/signup\.html"
-		to="https://secure.shareit.com/signup.html" />
 
-	<rule from="^http://(ccc|secure)\.shareit\.com/"
-		to="https://$1.shareit.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MyComputer.com.xml b/src/chrome/content/rules/MyComputer.com.xml
index 62dfe1db6ea0..27c7c6416d81 100644
--- a/src/chrome/content/rules/MyComputer.com.xml
+++ b/src/chrome/content/rules/MyComputer.com.xml
@@ -1,7 +1,21 @@
 <!--
 	For other Network Solutions coverage, see Network-Solutions.xml.
 
-
+	Nonfunctional subdomains:
+
+		a		(hostname mismatch, CN: a248.e.akamai.net)
+		sa		(hostname mismatch, CN: a248.e.akamai.net)
+		mail	(timeout)
+		siteminer	(timeout)
+		ppctool		(timeout)
+		phoenix-adrunner	(timeout)
+		405f42d2.chi	(connection refused)
+
+		www.guestbook
+		www.counter
+		www.bannerexchange
+		www.boardserver
+		www.superstats
 	^: cert only matches *.mycomputer.com
 
 -->
@@ -9,12 +23,32 @@
 
 	<target host="mycomputer.com" />
 	<target host="www.mycomputer.com" />
-
-
-	<rule from="^http://(?:www\.)?mycomputer\.com/"
-		to="https://www.mycomputer.com/" />
-
-	<rule from="^http://watchdog\.mycomputer\.com/"
-		to="https://watchdog.mycomputer.com/" />
+	<target host="123counter.mycomputer.com" />
+	<target host="bannerexchange.mycomputer.com" />
+	<target host="boardserver.mycomputer.com" />
+	<target host="code-adrunner.mycomputer.com" />
+	<target host="code-mc-adrunner.mycomputer.com" />
+	<target host="counter.mycomputer.com" />
+	<target host="domains.mycomputer.com" />
+	<target host="enterprise.mycomputer.com" />
+	<target host="ezpolls.mycomputer.com" />
+	<target host="guestbook.mycomputer.com" />
+	<target host="iclicks.mycomputer.com" />
+	<target host="linkcount.mycomputer.com" />
+	<target host="media-adrunner.mycomputer.com" />
+	<target host="media-mc-adrunner.mycomputer.com" />
+	<target host="new.mycomputer.com" />
+	<target host="phoenix-mc-adrunner.mycomputer.com" />
+	<target host="sitemechanic.mycomputer.com" />
+	<target host="siterewards.mycomputer.com" />
+	<target host="submitwizard.mycomputer.com" />
+	<target host="superstats.mycomputer.com" />
+	<target host="textomatic.mycomputer.com" />
+	<target host="watchdog.mycomputer.com" />
+	<target host="webrookie.mycomputer.com" />
+	<target host="websnapshot.mycomputer.com" />
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/MyCryptoPedia.com.xml b/src/chrome/content/rules/MyCryptoPedia.com.xml
new file mode 100644
index 000000000000..f02fbbfedeee
--- /dev/null
+++ b/src/chrome/content/rules/MyCryptoPedia.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="MyCryptoPedia.com">
+	<target host="mycryptopedia.com" />
+	<target host="www.mycryptopedia.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MyDealz.de.xml b/src/chrome/content/rules/MyDealz.de.xml
new file mode 100644
index 000000000000..d8e45468eb03
--- /dev/null
+++ b/src/chrome/content/rules/MyDealz.de.xml
@@ -0,0 +1,18 @@
+<!--
+	Mismatch:
+		- gutscheine.mydealz.de
+		- links.mydealz.de
+		- live.mydealz.de
+		- visit.hukd.mydealz.de
+-->
+<ruleset name="MyDealz.de">
+	<target host="mydealz.de" />
+	<target host="www.mydealz.de" />
+	<target host="hukd.mydealz.de" />
+	<target host="images.mydealz.de" />
+	<target host="static.mydealz.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MyEdAccount.Com.xml b/src/chrome/content/rules/MyEdAccount.Com.xml
deleted file mode 100644
index fb983f363376..000000000000
--- a/src/chrome/content/rules/MyEdAccount.Com.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="MyEdAccount.Com">
-	<target host="myedaccount.com" />
-	<target host="www.myedaccount.com" />
-
-	<securecookie host="(^|\.)myedaccount\.com$" name=".+" />
-
-	<rule from="^(http://(www\.)?|https://)myedaccount\.com/" to="https://www.myedaccount.com/" />
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/MyFBO.com.xml b/src/chrome/content/rules/MyFBO.com.xml
new file mode 100644
index 000000000000..d8d43095fcbd
--- /dev/null
+++ b/src/chrome/content/rules/MyFBO.com.xml
@@ -0,0 +1,28 @@
+<!--
+	Invalid certificate:
+		www.condair.myfbo.com
+
+-->
+<ruleset name="MyFBO">
+
+	<target host="myfbo.com" />
+	<target host="www.myfbo.com" />
+	<target host="condair.myfbo.com" />
+	<target host="help.myfbo.com" />
+		<test url="http://help.myfbo.com/docs/maint/stat_maint.htm" />
+	<target host="s01.myfbo.com" />
+	<target host="s04.myfbo.com" />
+	<target host="s05.myfbo.com" />
+	<target host="s06.myfbo.com" />
+	<target host="s08.myfbo.com" />
+	<target host="s09.myfbo.com" />
+	<target host="s10.myfbo.com" />
+	<target host="s11.myfbo.com" />
+	<target host="s13.myfbo.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MyFRITZ.net.xml b/src/chrome/content/rules/MyFRITZ.net.xml
new file mode 100644
index 000000000000..7d6094d58330
--- /dev/null
+++ b/src/chrome/content/rules/MyFRITZ.net.xml
@@ -0,0 +1,12 @@
+<!--
+	This domain contains several customer controlled subdomains.
+-->
+<ruleset name="MyFRITZ.net (partial)">
+
+	<target host="myfritz.net" />
+	<target host="www.myfritz.net" />
+	<target host="sso.myfritz.net" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MyFitnessPal.com.xml b/src/chrome/content/rules/MyFitnessPal.com.xml
new file mode 100644
index 000000000000..7e5bd1cd4432
--- /dev/null
+++ b/src/chrome/content/rules/MyFitnessPal.com.xml
@@ -0,0 +1,36 @@
+<!--
+	Mixed content:
+		- ads from self on www and community
+			<test url="http://www.myfitnesspal.com/" />
+		- images from d34yn14tavczy0.cloudfront.net on www and community
+
+	Breaks various site parts. See:
+		- https://github.com/EFForg/https-everywhere/issues/11029
+		- https://trac.torproject.org/projects/tor/ticket/22887
+
+	Redirect to http:
+		myfitnesspal.com (all pages when logged in)
+		www.myfitnesspal.com (all pages when logged in)
+			<test url="http://www.myfitnesspal.com/food/calorie-chart-nutrition-facts" /> (redirects even when logged out)
+		tickers.myfitnesspal.com
+			<test url="http://tickers.myfitnesspal.com/food/calories/487183300" />
+		tickers2.myfitnesspal.com
+			<test url="http://tickers2.myfitnesspal.com/food/calories/487183300" />
+
+	Invalid certificate:
+		images.myfitnesspal.com
+			<test url="http://images.myfitnesspal.com/images/brands/4/584/4584_small.gif" />
+
+	Announcement from their tech team (July 2017):
+		https://myfitnesspal.desk.com/customer/en/portal/articles/2840040-some-members-are-having-trouble-adding-food-to-their-food-diary-from-the-website
+
+-->
+<ruleset name="MyFitnessPal">
+
+	<target host="api.myfitnesspal.com" />
+		<test url="http://api.myfitnesspal.com/v2" />
+	<target host="blog.myfitnesspal.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MyFitnessPal.xml b/src/chrome/content/rules/MyFitnessPal.xml
deleted file mode 100644
index 94fa6ed28166..000000000000
--- a/src/chrome/content/rules/MyFitnessPal.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	CDN buckets:
-
-		- d34yn14tavczy0.cloudfront.net
-
--->
-<ruleset name="MyFitnessPal">
-
-	<target host="myfitnesspal.com" />
-	<target host="www.myfitnesspal.com" />
-
-
-	<securecookie host="^www\.myfitnesspal\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?myfitnesspal\.com/"
-		to="https://$1myfitnesspal.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/MyFonts.com.xml b/src/chrome/content/rules/MyFonts.com.xml
index 958d1c562eda..5bfbbf9ab57f 100644
--- a/src/chrome/content/rules/MyFonts.com.xml
+++ b/src/chrome/content/rules/MyFonts.com.xml
@@ -1,32 +1,42 @@
 <!--
+	Other MyFonts rulesets:
+
+		- MyFonts.net.xml
+
+
 	CDN buckets:
 
 		- d2c1cl1a12l6zn.cloudfront.net
 
 			- cdn.myfonts.com
-			- cdn.myfonts.net
 
 
 	Nonfunctional domains:
 
-		- webfonts.myfonts.com
+		- meta.myfonts.com *
+
+	* Dropped
 
 -->
 <ruleset name="MyFonts.com (partial)">
 
 	<target host="myfonts.com" />
-	<target host="*.myfonts.com" />
-		<exclusion pattern="^http://(?:www\.)?myfonts\.com/(?!my/|s/|secure/|viewlicense(?:$|\?))" />
-	<target host="*.myfonts.net" />
+	<target host="cdn.myfonts.com" />
+	<target host="origin.myfonts.com" />
+	<target host="www.myfonts.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.myfonts\.com$" name="^apisession$" /-->
 
+	<securecookie host="^www\.myfonts\.com$" name=".+" />
 
-	<rule from="^http://(origin\.|www\.)?myfonts\.com/"
-		to="https://$1myfonts.com/" />
 
-	<rule from="^https?://cdn\.myfonts\.(?:com|net)/"
-		to="https://d2c1cl1a12l6zn.cloudfront.net/" />
+	<rule from="^http://cdn\.myfonts\.com/"
+		to="https://cdn.myfonts.net/" />
 
-	<rule from="^http://(hello|origin|your)\.myfonts\.net/"
-		to="https://$1.myfonts.net/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/MyFonts.net.xml b/src/chrome/content/rules/MyFonts.net.xml
new file mode 100644
index 000000000000..548745a00c7c
--- /dev/null
+++ b/src/chrome/content/rules/MyFonts.net.xml
@@ -0,0 +1,24 @@
+<!--
+	For other MyFonts coverage, see MyFonts.com.xml.
+
+
+	CDN buckets:
+
+		- d2c1cl1a12l6zn.cloudfront.net
+
+			- cdn.myfonts.net
+
+-->
+<ruleset name="MyFonts.net">
+
+	<target host="cdn.myfonts.net" />
+	<target host="easy.myfonts.net" />
+	<target host="hello.myfonts.net" />
+	<target host="origin.myfonts.net" />
+	<target host="your.myfonts.net" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MyFreeCopyright.com-problematic.xml b/src/chrome/content/rules/MyFreeCopyright.com-problematic.xml
deleted file mode 100644
index 094cfa49d468..000000000000
--- a/src/chrome/content/rules/MyFreeCopyright.com-problematic.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	For rules that are on by default, see MyFreeCopyright.com.xml.
-
--->
-<ruleset name="MyFreeCopyright.com (problematic)" default_off="expired">
-
-	<target host="myfreecopyright.com" />
-	<target host="www.myfreecopyright.com" />
-
-
-	<securecookie host="^myfreecopyright\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?myfreecopyright\.com/"
-		to="https://myfreecopyright.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/MyFreeCopyright.com.xml b/src/chrome/content/rules/MyFreeCopyright.com.xml
deleted file mode 100644
index 916088d04991..000000000000
--- a/src/chrome/content/rules/MyFreeCopyright.com.xml
+++ /dev/null
@@ -1,33 +0,0 @@
-<!--
-	For problematic rules, see MyFreeCopyright.com-problematic.xml.
-
-
-	CDN buckets:
-
-		- myfreecopyright.s3.amazonaws.com
-
-			- storage
-
-
-	Problematic subdomains:
-
-		- (www.)	(works, expired 2013-11-07)
-		- storage	(amazonws)
-
-
-	Mixed content:
-
-		- Images on (www.) from (www.) *
-
-	* Secured by us
-
--->
-<ruleset name="MyFreeCopyright.com (partial)">
-
-	<target host="storage.myfreecopyright.com" />
-
-
-	<rule from="^http://storage\.myfreecopyright\.com/"
-		to="https://myfreecopyright.s3.amazonaws.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/MyGNU.de.xml b/src/chrome/content/rules/MyGNU.de.xml
deleted file mode 100644
index e77a4bbace08..000000000000
--- a/src/chrome/content/rules/MyGNU.de.xml
+++ /dev/null
@@ -1,41 +0,0 @@
-<!--
-	Mixed content:
-
-		- Images, on www from:
-
-			- jigsaw.w3.org *
-			- validator.w3.org *
-			- www.w3.org *
-
-		- Ads/web bugs, on www from:
-
-			- freiware.beepworld.de, via www.beepworld.de *
-			- www.beepworld.de, via www.free-toplisten.at *
-			- www.bloggeramt.de *
-			- www.blogscene.de *
-			- www.blogverzeichnis.eu *
-			- www.bt07.de, via www.werbezeiger.de *
-			- www.free-toplisten.at *
-			- is.gd *
-			- main-host.de **
-			- static.technorati.com *
-			- www.werbezeiger.de, via is.gd *
-			- vg09.met.vgwort.de *
-
-	* Unsecurable, and no one cares
-	** Secured by us
-
--->
-<ruleset name="MyGNU.de">
-
-	<target host="mygnu.de" />
-	<target host="www.mygnu.de" />
-
-
-	<securecookie host="^www\.mygnu\.de$" name=".+" />
-
-
-	<rule from="^http://(www\.)?mygnu\.de/"
-		to="https://$1mygnu.de/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/MyGirlFund.xml b/src/chrome/content/rules/MyGirlFund.xml
index 7f82f50b63e5..174a96c78244 100644
--- a/src/chrome/content/rules/MyGirlFund.xml
+++ b/src/chrome/content/rules/MyGirlFund.xml
@@ -1,13 +1,12 @@
 <ruleset name="MyGurlFund">
 
 	<target host="mygirlfund.com" />
-	<target host="*.mygirlfund.com" />
+	<target host="www.mygirlfund.com" />
 
 
 	<securecookie host="^\.mygirlfund\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?mygirlfund\.com/"
-		to="https://$1mygirlfund.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MyInteriorDecorator.com.xml b/src/chrome/content/rules/MyInteriorDecorator.com.xml
index da9bc8a99925..85f4725be6bc 100644
--- a/src/chrome/content/rules/MyInteriorDecorator.com.xml
+++ b/src/chrome/content/rules/MyInteriorDecorator.com.xml
@@ -1,13 +1,21 @@
-<ruleset name="MyInteriorDecorator.com">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://myinteriordecorator.com/ => https://myinteriordecorator.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.myinteriordecorator.com/ => https://www.myinteriordecorator.com/: (60, 'SSL certificate problem: certificate has expired')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://myinteriordecorator.com/ => https://myinteriordecorator.com/: (51, "SSL: no alternative certificate subject name matches target host name 'myinteriordecorator.com'")
+-->
+<ruleset name="MyInteriorDecorator.com" default_off="failed ruleset test">
 
 	<target host="myinteriordecorator.com" />
-	<target host="*.myinteriordecorator.com" />
+	<target host="www.myinteriordecorator.com" />
 
 
 	<securecookie host="^(?:w*\.)?myinteriordecorator\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?myinteriordecorator\.com/"
-		to="https://$1myinteriordecorator.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MyKolab.com.xml b/src/chrome/content/rules/MyKolab.com.xml
index 843405e2326c..fbbff739519d 100644
--- a/src/chrome/content/rules/MyKolab.com.xml
+++ b/src/chrome/content/rules/MyKolab.com.xml
@@ -1,22 +1,18 @@
-<!--
-	Fully covered subdomains:
-
-		- (www.)
-		- cockpit
-		- webmail
-
--->
 <ruleset name="MyKolab.com">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="mykolab.com" />
-	<target host="*.mykolab.com" />
+	<target host="cockpit.mykolab.com" />
+	<target host="webmail.mykolab.com" />
+	<target host="www.mykolab.com" />
 
 
 	<!--securecookie host="^\.mykolab\.com$" name="^roundcube_sessid$" /-->
 	<securecookie host="^(?:cockpit)?\.mykolab\.com$" name=".+" />
 
 
-	<rule from="^http://((?:cockpit|webmail|www)\.)?mykolab\.com/"
-		to="https://$1mykolab.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MyLeague.xml b/src/chrome/content/rules/MyLeague.xml
index f543e8b3ce1b..422fafff115f 100644
--- a/src/chrome/content/rules/MyLeague.xml
+++ b/src/chrome/content/rules/MyLeague.xml
@@ -8,13 +8,13 @@
 <ruleset name="MyLeague">
 
 	<target host="myleague.com" />
-	<target host="*.myleague.com" />
+	<target host="www.myleague.com" />
 
 
 	<securecookie host="^\.myleague\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?myleague\.com/"
+	<rule from="^http://(?:www\.)?myleague\.com/"
 		to="https://www.myleague.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MyLifetime.com.xml b/src/chrome/content/rules/MyLifetime.com.xml
index d1f65a715dcf..5a1b518b9340 100644
--- a/src/chrome/content/rules/MyLifetime.com.xml
+++ b/src/chrome/content/rules/MyLifetime.com.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ssos.mylifetime.com/ => https://ssos.mylifetime.com/: (6, 'Could not resolve host: ssos.mylifetime.com')
+
 	CDN buckets:
 
 		- servicesaetn-a.akamaihd.net
@@ -55,49 +59,16 @@
 
 	Fully covered domains:
 
-		- ltcdn.com subdomains:
-
-			- movies *
-			- mylt *
-			- tn *
-
 		- ssos.mylifetime.com
 
 	* → akamai
 
 -->
-<ruleset name="myLifetime.com (partial)">
-
-	<target host="*.ltcdn.com" />
-	<target host="mylifetime.com" />
-	<target host="*.mylifetime.com" />
-		<!--
-			Avoid user-visible paths:
-							-->
-		<exclusion pattern="^http://(?:www\.)?mylifetime\.com/(?!d6/sites/|movies/(?:profiles|rest|sites)/)" />
-		<exclusion pattern="^http://moms.mylifetime\.com/(?!files/)" />
-		<!--
-			Some (not all) stylesheets links files relative to /
-
-			There may be more than aren't excluded that don't.
-										-->
-		<exclusion pattern="^http://mylt\.ltcdn\.com/d6/sites/mylifetime\.com/files/images/advagg_css/" />
-		<exclusion pattern="^http://moms\.mylifetime\.com/(?:files/advagg_css/|sites/all/modules/contrib/nice_menus/nice_menus_default\.css|sites/moms.mylifetime.com/themes/ltv_moms/css/(?:fonts/|less/ie\.css))" />
-
-
-	<rule from="^http://(?:movies\.ltcdn|(?:www\.)?mylifetime)\.com/"
-		to="https://a248.e.akamai.net/f/216/4274/5m/www.mylifetime.com/" />
-
-	<rule from="^http://moms\.mylifetime\.com/"
-		to="https://a248.e.akamai.net/f/1073/9929/5m/moms.mylifetime.com/" />
-
-	<rule from="^http://mylt\.ltcdn\.com/"
-		to="https://a248.e.akamai.net/f/1854/7725/5h/mylt.ltcdn.com/" />
+<ruleset name="myLifetime.com (partial)" default_off="failed ruleset test">
 
-	<rule from="^http://tn\.ltcdn\.com/"
-		to="https://a248.e.akamai.net/f/1621/7552/8f/tn.ltcdn.com/" />
+	<target host="ssos.mylifetime.com" />
 
-	<rule from="^http://ssos\.mylifetime\.com/"
-		to="https://ssos.mylifetime.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MyLikes.xml b/src/chrome/content/rules/MyLikes.xml
index 9cf16cb2e046..cfbb9ada2c17 100644
--- a/src/chrome/content/rules/MyLikes.xml
+++ b/src/chrome/content/rules/MyLikes.xml
@@ -1,4 +1,7 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://mlv-cdn.com/ => https://mylikes.com/: (28, 'Connection timed out after 10000 milliseconds')
 	CDN buckets:
 
 		- d1t8hc7w4sf1nn.cloudfront.net
@@ -19,15 +22,15 @@
 	- www.mlv-cdn.com doesn't exist
 
 -->
-<ruleset name="MyLikes">
+<ruleset name="MyLikes" default_off="failed ruleset test">
 
-	<target host="clnk.me" />
 	<target host="longurl.it" />
 	<target host="*.longurl.it" />
 	<target host="mlv-cdn.com" />
 	<target host="w.mlv-cdn.com" />
 	<target host="mylikes.com" />
-	<target host="*.mylikes.com" />
+	<target host="ads.mylikes.com" />
+	<target host="www.mylikes.com" />
 
 
 	<securecookie host="^\.longurl\.it$" name=".+" />
@@ -36,8 +39,8 @@
 
 	<!--	www doesn't exist.
 					-->
-	<rule from="^http://(clnk\.me|longurl\.it)/"
-		to="https://$1/" />
+	<rule from="^http://longurl\.it/"
+		to="https://longurl.it/" />
 
 	<rule from="^http://mlv-cdn\.com/"
 		to="https://mylikes.com/" />
@@ -48,4 +51,4 @@
 	<rule from="^http://(ads\.|www\.)?mylikes\.com/"
 		to="https://$1mylikes.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MyLoc.de.xml b/src/chrome/content/rules/MyLoc.de.xml
index 9671ed4b647e..25160dea3c63 100644
--- a/src/chrome/content/rules/MyLoc.de.xml
+++ b/src/chrome/content/rules/MyLoc.de.xml
@@ -1,13 +1,9 @@
 <ruleset name="myLoc.de">
-
 	<target host="myloc.de" />
 	<target host="www.myloc.de" />
 
-
 	<securecookie host="^www\.myloc\.de$" name=".+" />
 
-
-	<rule from="^http://(www\.)?myloc\.de/"
-		to="https://$1myloc.de/" />
-
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MyMoustache.net.xml b/src/chrome/content/rules/MyMoustache.net.xml
new file mode 100644
index 000000000000..2356faac3e77
--- /dev/null
+++ b/src/chrome/content/rules/MyMoustache.net.xml
@@ -0,0 +1,17 @@
+<!--
+	For other Microsoft coverage, see Microsoft.xml.
+-->
+
+<ruleset name="MyMoustache.net">
+	<target host=    "mymoustache.net" />
+	<target host="www.mymoustache.net" />
+
+  	<securecookie host="^.*\.mymoustache\.net$" name=".+" />
+
+	<!-- connection timeout -->
+	<rule from="^http://mymoustache\.net/"
+		to="https://www.mymoustache.net/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MyNXT.info.xml b/src/chrome/content/rules/MyNXT.info.xml
new file mode 100644
index 000000000000..2e71f30fc23a
--- /dev/null
+++ b/src/chrome/content/rules/MyNXT.info.xml
@@ -0,0 +1,35 @@
+<!--
+	Fully covered hosts:
+
+		- (www.)?
+		- wallet
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- mynxt.info
+		- .mynxt.info
+		- www.mynxt.info
+
+-->
+<ruleset name="myNXT.info">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="mynxt.info" />
+	<target host="wallet.mynxt.info" />
+	<target host="www.mynxt.info" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?mynxt\.info$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^\.mynxt\.info$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^(?:\.|www\.)?mynxt\.info$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MyOpenID.xml b/src/chrome/content/rules/MyOpenID.xml
deleted file mode 100644
index 8a2045e019ae..000000000000
--- a/src/chrome/content/rules/MyOpenID.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="MyOpenID (buggy)" default_off="https://eff.org/r.1apH">
-  <target host="www.myopenid.com"/>
-  <target host="myopenid.com"/>
-  <!-- avoid open id breakage: https://trac.torproject.org/projects/tor/ticket/5306 -->
-  <exclusion pattern="http://www\.myopenid\.com/server" />
-  <rule from="^http://(www\.)?myopenid\.com/" to="https://myopenid.com/"/>
-</ruleset>
-<!-- Rule generated by HTTPS Finder 0.77 -->
diff --git a/src/chrome/content/rules/MyPass.de.xml b/src/chrome/content/rules/MyPass.de.xml
new file mode 100644
index 000000000000..a6e7e3babdd3
--- /dev/null
+++ b/src/chrome/content/rules/MyPass.de.xml
@@ -0,0 +1,21 @@
+<!--
+	(www.): dropped
+-->
+<ruleset name="myPass.de (partial)">
+
+	<target host="secure.mypass.de" />
+
+        <exclusion pattern="^http://secure\.mypass\.de/$" />
+
+	<test url="http://secure.mypass.de/offerpage/BDEP/voucher" />
+
+
+	<!--	Server secures some, but not all, for:
+							-->
+	<securecookie host="^secure\.mypass\.de$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MyPlayDirect.xml b/src/chrome/content/rules/MyPlayDirect.xml
index 90561a354996..52c717c99245 100644
--- a/src/chrome/content/rules/MyPlayDirect.xml
+++ b/src/chrome/content/rules/MyPlayDirect.xml
@@ -1,8 +1,15 @@
-<ruleset name="MyPlayDirect">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://myplaydirect.com/ => https://www.myplaydirect.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.myplaydirect.com/ => https://www.myplaydirect.com/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="MyPlayDirect" default_off="failed ruleset test">
   <target host="myplaydirect.com" />
   <target host="www.myplaydirect.com" />
 
-  <securecookie host="^(.+\.)?myplaydirect\.com$" name=".*"/>
+  <securecookie host=".+" name=".+" />
 
   <rule from="^http://(?:www\.)?myplaydirect\.com/" to="https://www.myplaydirect.com/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/MyPoints.xml b/src/chrome/content/rules/MyPoints.xml
index 2af8aba9d334..9ece5cd52a0a 100644
--- a/src/chrome/content/rules/MyPoints.xml
+++ b/src/chrome/content/rules/MyPoints.xml
@@ -1,6 +1,29 @@
-<ruleset name="MyPoints">
-  <target host="mypoints.com" />
-  <target host="www.mypoints.com" />
+<!--
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- www.mypoints.com
+		- .www.mypoints.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="MyPoints.com">
+
+	<target host="mypoints.com" />
+	<target host="www.mypoints.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.mypoints\.com$" name="^(?:BID|GOSECURE|HJS|JSESSIONID|MIDA)$" /-->
+	<!--securecookie host="^\.www\.mypoints\.com$" name="^NMID$" /-->
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\.www\." name=".+" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
-  <rule from="^http://(?:www\.)?mypoints\.com/" to="https://www.mypoints.com/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/MyPortal.im.xml b/src/chrome/content/rules/MyPortal.im.xml
index 7b68e5070e75..aab015aa7278 100644
--- a/src/chrome/content/rules/MyPortal.im.xml
+++ b/src/chrome/content/rules/MyPortal.im.xml
@@ -1,14 +1,30 @@
 <!--
-	www.myportal.im doesn't exist
+	(www.)?myportal.im does not exist.
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- qtime.myportal.im
+		- wiki.myportal.im
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
 <ruleset name="myPortal.im">
 
-	<target host="myportal.im" />
+	<target host="qtime.myportal.im" />
 	<target host="wiki.myportal.im" />
 
 
-	<rule from="^http://(wiki\.)?myportal\.im/"
-		to="https://$1myportal.im/" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^qtime\.myportal\.im$" name="^(?:\.ASPXANONYMOUS|ASP\.NET_SessionId)$" /-->
+	<!--securecookie host="^wiki\.myportal\.im$" name="^(?:ASP\.NET_SessionId|WT_Cookie)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MyPreferences.com.xml b/src/chrome/content/rules/MyPreferences.com.xml
new file mode 100644
index 000000000000..5b2146cb472b
--- /dev/null
+++ b/src/chrome/content/rules/MyPreferences.com.xml
@@ -0,0 +1,24 @@
+<!--
+	Nonfunctional subdomains:
+
+		- (www.) *
+		- blog *
+
+	* Dropped
+
+-->
+<ruleset name="MyPreferences.com (partial)">
+
+	<target host="pc2.mypreferences.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^pc2\.mypreferences\.com$" name="^(PCCookieTest|TS[\da-f])$" /-->
+
+	<securecookie host="^pc2\.mypreferences\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MyRA.gov.xml b/src/chrome/content/rules/MyRA.gov.xml
new file mode 100644
index 000000000000..15eb82ab1f55
--- /dev/null
+++ b/src/chrome/content/rules/MyRA.gov.xml
@@ -0,0 +1,28 @@
+<!--
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- myra.gov
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="myRA.gov">
+
+	<target host="myra.gov" />
+	<target host="www.myra.gov" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^myra\.gov$" name="^(?:BIGipServer|TS[\da-f]{8}$)" /-->
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MyResumeAgent.com.xml b/src/chrome/content/rules/MyResumeAgent.com.xml
deleted file mode 100644
index 75004fbc7ecf..000000000000
--- a/src/chrome/content/rules/MyResumeAgent.com.xml
+++ /dev/null
@@ -1,30 +0,0 @@
-<!--
-	For other Monster coverage, see Monster.xml.
-
-
-	Problematic domains:
-
-		- myresumeagent.com	(cert only matches www)
-
-	* Works, akamai
-
-
-
-	Fully covered domains:
-
-		- (www.)myresumeagent.com	(^ → www)
-
--->
-<ruleset name="myResumeAgent.com (partial)">
-
-	<target host="myresumeagent.com" />
-	<target host="*.myresumeagent.com" />
-
-
-	<securecookie host="^(?:www)?\.myresumeagent\.com$" name=".*" />
-
-
-	<rule from="^http://(?:www\.)?myresumeagent\.com/"
-		to="https://www.myresumeagent.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/MySQL.xml b/src/chrome/content/rules/MySQL.xml
index 376d6bba8825..690226bd8e89 100644
--- a/src/chrome/content/rules/MySQL.xml
+++ b/src/chrome/content/rules/MySQL.xml
@@ -1,34 +1,60 @@
 <!--
-	Other Oracle rulesets:
+	For other Oracle coverage, see Oracle.xml.
 
-		- NetBeans.xml
-		- Oracle.xml
-		- Oracle-mismatches.xml
+	Problematic subdomains:
 
+		- cdn	(akamai)
+	forums
+        lists
+	labs
+	planet
 
-	See Oracle-mismatches.xml for problematic rules.
 
+	Nonfunctional subdomains:
 
-	Problematic subdomains:
+		- downloads *
 
-		- cdn	(akamai)
+	* Refused
 
 -->
 <ruleset name="MySQL">
 
-	<target host="mysql.com"/>
-	<target host="*.mysql.com"/>
-    <!-- forums works but is a cert mismatch -->
-		<exclusion pattern="^http://(bugs|cdn|forge|lists|planet|wb|forums)\.mysql\.com/"/>
-	<target host="mysql.de"/>
+	<!--	Direct rewrites:
+				-->
+	<target host=          "mysql.com"/>
+	<target host=     "bugs.mysql.com"/>
+	<target host=      "cdn.mysql.com"/>
+	<target host=      "dev.mysql.com"/>
+	<target host=     "repo.mysql.com"/>
+	<target host=      "www.mysql.com"/>
+	<target host=   "www-jp.mysql.com"/>
 	<target host="www.mysql.de"/>
-	<target host="mysql.fr"/>
 	<target host="www.mysql.fr"/>
-	<target host="mysql.it"/>
 	<target host="www.mysql.it"/>
 
+	<!--	Complications:
+				-->
+	<target host="downloads.mysql.com"/>
+	<target host=    "forge.mysql.com"/>
+	<target host=       "wb.mysql.com"/>
+
+	<target host=    "mysql.de"/>
+	<target host=    "mysql.fr"/>
+	<target host=    "mysql.it"/>
+
+		<!--  http://downloads.mysql.com/ -> https://dev.mysql.com/downloads/
+		      Other pages like http://downloads.mysql.com/archives/
+	              don't have https pages
+		-->
+		<exclusion pattern="^http://downloads\.mysql\.com/[^\n]" />
 
-	<!--	Cookies observered:
+			<test url="http://downloads.mysql.com/archives/" />
+
+		<test url="http://cdn.mysql.com/Downloads/Connector-J/mysql-connector-java-5.1.34.tar.gz.md5" />
+		<test url="http://cdn.mysql.com/Downloads/MySQL-5.6/MySQL-5.6.23-1.linux_glibc2.5.i386.rpm-bundle.tar.md5" />
+
+
+	<!--	Cookies observed:
 
 			- MySQL_S
 			- SSO_Interstitial
@@ -39,17 +65,24 @@
 		- http://bugs.mysql.com/bug.php?id=67311
 
 		Shared with at least bugs.
-
 							-->
 	<securecookie host="^\.mysql\.\w{2,3}$" name="^MySQL_S$"/>
 
 
+	<rule from="^http://downloads\.mysql\.com/$"
+		to="https://dev.mysql.com/downloads/" />
+
+	<rule from="^http://forge\.mysql\.com/"
+		to="https://www.mysql.com/" />
 
-	<rule from="^http://([^/:@\.]+\.)?mysql\.com/"
-		to="https://$1mysql.com/"/>
+	<rule from="^http://wb\.mysql\.com/"
+		to="https://www.mysql.com/products/workbench/" />
 
 	<!--	Cert doesn't match !www		-->
-	<rule from="^http://(?:www\.)?mysql\.(\w\w)/"
+	<rule from="^http://mysql\.(\w\w)/"
 		to="https://www.mysql.$1/"/>
 
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/MyScienceWork.com.xml b/src/chrome/content/rules/MyScienceWork.com.xml
new file mode 100644
index 000000000000..10b3c480dadc
--- /dev/null
+++ b/src/chrome/content/rules/MyScienceWork.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="MyScienceWork.com">
+
+	<target host="mysciencework.com" />
+	<target host="www.mysciencework.com" />
+
+
+	<securecookie host="^(?:www\.)?\.mysciencework\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MyScore180.com.xml b/src/chrome/content/rules/MyScore180.com.xml
index a4438ac4f259..4907d37ba9ec 100644
--- a/src/chrome/content/rules/MyScore180.com.xml
+++ b/src/chrome/content/rules/MyScore180.com.xml
@@ -1,13 +1,12 @@
 <ruleset name="MyScore180.com">
 
 	<target host="myscore180.com" />
-	<target host="*.myscore180.com" />
+	<target host="www.myscore180.com" />
 
 
 	<securecookie host="^(?:[w.]*\.)?myscore180\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?myscore180\.com/"
-		to="https://$1myscore180.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/MySecureConnect.com.xml b/src/chrome/content/rules/MySecureConnect.com.xml
deleted file mode 100644
index 60c893cc9018..000000000000
--- a/src/chrome/content/rules/MySecureConnect.com.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	For other Trustwave coverage, see Trustwave.xml.
-
--->
-<ruleset name="mySecureConnect">
-
-	<target host="mysecureconnect.com" />
-	<target host="*.mysecureconnect.com" />
-
-
-	<securecookie host="^(?:order\.|www\.)?mysecureconnect\.com$" name=".+" />
-
-
-	<rule from="^http://(order\.|www\.)?mysecureconnect\.com/"
-		to="https://$1mysecureconnect.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/MySkreen.com.xml b/src/chrome/content/rules/MySkreen.com.xml
new file mode 100644
index 000000000000..57145515ffb5
--- /dev/null
+++ b/src/chrome/content/rules/MySkreen.com.xml
@@ -0,0 +1,19 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://medias.myskreen.com/ => https://medias.myskreen.com/: (60, 'SSL certificate problem: certificate has expired')
+
+	Nonfunctional subdomains:
+
+		- ^	(prints "web1.myskreen", valid cert)
+		- www	(redirects to http, valid cert)
+
+-->
+<ruleset name="mySkreen.com (partial)" default_off="failed ruleset test">
+
+	<target host="medias.myskreen.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MySociety.co.uk.xml b/src/chrome/content/rules/MySociety.co.uk.xml
new file mode 100644
index 000000000000..0fa2708966f0
--- /dev/null
+++ b/src/chrome/content/rules/MySociety.co.uk.xml
@@ -0,0 +1,32 @@
+<!--
+	Other mySociety rulesets:
+
+		- FixMyStreet.com.xml
+		- WhatDoTheyKnow.com.xml
+
+
+	Insecure cookies are set for these hosts:
+
+		- mysociety.co.uk
+		- www.mysociety.co.uk
+
+-->
+<ruleset name="mySociety.co.uk">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="mysociety.co.uk" />
+	<target host="www.mysociety.co.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?mysociety\.co\.uk$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^(?:www\.)?mysociety\.co\.uk$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MySociety.org.xml b/src/chrome/content/rules/MySociety.org.xml
new file mode 100644
index 000000000000..06922e9f44b8
--- /dev/null
+++ b/src/chrome/content/rules/MySociety.org.xml
@@ -0,0 +1,27 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://mysociety.org/ => https://mysociety.org/: (51, "SSL: no alternative certificate subject name matches target host name 'mysociety.org'")
+
+	Insecure cookies are set for these hosts:
+
+		- www.mysociety.org
+
+-->
+<ruleset name="mySociety.org" default_off="failed ruleset test">
+
+	<target host="mysociety.org" />
+	<target host="www.mysociety.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.mysociety\.org$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^www\.mysociety\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MyStockOptions.com.xml b/src/chrome/content/rules/MyStockOptions.com.xml
index 1c2ae95e91c0..6d6def4fc041 100644
--- a/src/chrome/content/rules/MyStockOptions.com.xml
+++ b/src/chrome/content/rules/MyStockOptions.com.xml
@@ -7,7 +7,7 @@
 <ruleset name="myStockOptions.com">
 
 	<target host="mystockoptions.com" />
-	<target host="*.mystockoptions.com" />
+	<target host="www.mystockoptions.com" />
 
 
 	<securecookie host="^(?:www)?\.mystockoptions\.com$" name=".+" />
diff --git a/src/chrome/content/rules/MySweetIQ.com.xml b/src/chrome/content/rules/MySweetIQ.com.xml
deleted file mode 100644
index 82d405b3b39e..000000000000
--- a/src/chrome/content/rules/MySweetIQ.com.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="mySweetIQ.com">
-
-	<target host="mysweetiq.com" />
-	<target host="www.mysweetiq.com" />
-
-
-	<securecookie host="^mysweetiq\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?mysweetiq\.com/"
-		to="https://$1mysweetiq.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/MyTUM.de.xml b/src/chrome/content/rules/MyTUM.de.xml
index 5c0b79676856..965c22d56c77 100644
--- a/src/chrome/content/rules/MyTUM.de.xml
+++ b/src/chrome/content/rules/MyTUM.de.xml
@@ -1,7 +1,7 @@
 <ruleset name="MyTUM.de">
   <target host="portal.mytum.de"/>
 
-  <securecookie host="portal.mytum\.de$" name=".*" />
+  <securecookie host="portal.mytum\.de$" name=".+" />
 
-  <rule from="^http://portal\.mytum\.de/" to="https://portal.mytum.de/"/>
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/MyTemp.email.xml b/src/chrome/content/rules/MyTemp.email.xml
new file mode 100644
index 000000000000..0fa19fc183dc
--- /dev/null
+++ b/src/chrome/content/rules/MyTemp.email.xml
@@ -0,0 +1,43 @@
+<!--
+	Nonfunctional hosts:
+
+		- blog *
+
+	* Refused
+
+
+	Fully covered hosts:
+
+		- (www.)?
+		- cdn
+		- ws
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- mytemp.email
+		- .mytemp.email
+
+-->
+<ruleset name="myTemp.email (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="mytemp.email" />
+	<target host="cdn.mytemp.email" />
+	<target host="ws.mytemp.email" />
+	<target host="www.mytemp.email" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^mytemp\.email$" name="^(inbox|inbox_hash)$" /-->
+	<!--securecookie host="^\.mytemp\.email$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.?mytemp\.email$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MyTextGraphics.com.xml b/src/chrome/content/rules/MyTextGraphics.com.xml
index 334f35797753..d49e8388a6b0 100644
--- a/src/chrome/content/rules/MyTextGraphics.com.xml
+++ b/src/chrome/content/rules/MyTextGraphics.com.xml
@@ -52,4 +52,4 @@
 	<rule from="^http://img-s3-01\.mytextgraphics\.com/"
 		to="https://dn7bb6u52b8om.cloudfront.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MyTime.com.xml b/src/chrome/content/rules/MyTime.com.xml
new file mode 100644
index 000000000000..bdf1c448c192
--- /dev/null
+++ b/src/chrome/content/rules/MyTime.com.xml
@@ -0,0 +1,14 @@
+<ruleset name="MyTime.com">
+
+	<target host="mytime.com" />
+	<target host="www.mytime.com" />
+
+
+	<securecookie host="^\." name="^(?:__cfduid|_gat?|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MyUHC.xml b/src/chrome/content/rules/MyUHC.xml
index 13a89de7e920..39dbd5df457b 100644
--- a/src/chrome/content/rules/MyUHC.xml
+++ b/src/chrome/content/rules/MyUHC.xml
@@ -2,6 +2,6 @@
   <target host="myuhc.com" />
   <target host="www.myuhc.com" />
 
-  <rule from="^http://(?:www\.)?myuhc\.com/" to="https://www.myuhc.com/"/>
+  <rule from="^http:" to="https:" />
 </ruleset>
 
diff --git a/src/chrome/content/rules/MyUS.com.xml b/src/chrome/content/rules/MyUS.com.xml
index 5a05f542f377..be7d4d8c851c 100644
--- a/src/chrome/content/rules/MyUS.com.xml
+++ b/src/chrome/content/rules/MyUS.com.xml
@@ -1,64 +1,13 @@
+<!--
+	Non-functional hosts
+		Secure connection redirects to plaintext:
+		- account.myus.com
+-->
 <ruleset name="MyUS.com (partial)">
-
 	<target host="myus.com" />
-	<target host="*.myus.com" />
-		<!--exclusion pattern="^http://www\.myus\.com/(?:$|en/contact/|en/tips-faq/|getmedia/)" /-->
-
-
-	<!--	!www paths that don't support https redirect to http://www.	-->
-	<rule from="^http://(account)?myus\.com/"
-		to="https://$1myus.com/" />
-
-	<!--	- Some pages redirect to http
-		- There may be more than handled here that don't
-
-		Paths that do redirect to http:
-
-			- $
-			- en/contact/$
-			- en/login$
-			- en/tips-faq/top-faq/$
-			- getmedia/
-
-		Paths that don't:
-
-			NB: some in en/... redirect to http when requested *once* but don't on the 2nd request.
-				Shouldn't be a problem.  Hopefully.
-
-			- app_themes/
-			- App_Themes/
-			- CMSPages/
-			- en/$
-			- en/about-myus/$
-			- en/blog/$
-			- en/compare-memberships/$
-			- en/customer-reviews/$
-			- en/deals-coupons/$
-			- en/global-ecommerce/$
-			- en/home/$
-			- en/how-it-works/$
-			- en/login/
-			- en/my-account/$
-			- en/news-press/$
-			- en/our-services/$
-			- en/our-story/$
-			- en/personal-shopper/$
-			- en/price-comparison/$
-			- en/register/$
-			- en/ship-globally/$
-			- en/shop-smarter/$
-			- en/top-usa-stores/$
-			- en/whichmembership/$
-			- en/why-myus/$
-			- favicon.ico$
-			- MyUs/media/MyUS_WebsiteImages/MyUS-Awards/
-				-->
-	<rule 
-from="^http://www\.myus\.com/([aA]pp_[tT]hemes/|CMSPages/|en/(?:blog|customer-reviews|global-commerce|home|my-account|news-press|our-services|our-story|personal-shopper|price-register|register|ship-globally|shop-smarter|top-usa-stores|whichmembership|why-myus)/|favicon\.ico|MyUs/)"
-		to="https://www.myus.com/$1" />
+	<target host="www.myus.com" />
 
-	<!--	Redirects to http before login/	-->
-	<rule from="^http://www\.myus\.com/en/login$"
-		to="https://www.myus.com/en/login/" />
+	<securecookie host=".+" name=".+" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/MyVPS.jp.xml b/src/chrome/content/rules/MyVPS.jp.xml
new file mode 100644
index 000000000000..1485adbc2c3b
--- /dev/null
+++ b/src/chrome/content/rules/MyVPS.jp.xml
@@ -0,0 +1,26 @@
+<!--
+	For other GMO coverage, see GMO_Internet.xml.
+
+
+	(www.) doesn't exist.
+
+-->
+<ruleset name="myVPS.jp">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="cp.myvps.jp" />
+	<target host="cp-hv.myvps.jp" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^cp(-hv)?\.myvps\.jp$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^cp(?:-hv)?\.myvps\.jp$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MyVarian.com.xml b/src/chrome/content/rules/MyVarian.com.xml
index eda6f6680cec..8fb26964aaec 100644
--- a/src/chrome/content/rules/MyVarian.com.xml
+++ b/src/chrome/content/rules/MyVarian.com.xml
@@ -1,19 +1,28 @@
 <!--
-	Problematic subdomains:
+	Fpr other Varian Medical Systems coverage, see Varian.com.xml.
 
-		- www	(mismatched, CN: acquia-sites.com)
+
+	^myvarian.com: Server sends no certificate chain, see https://whatsmychaincert.com
 
 -->
 <ruleset name="MyVarian.com">
 
+	<!--	Direct rewrites:
+				-->
+	<target host="www.myvarian.com" />
+
+	<!--	Complications:
+				-->
 	<target host="myvarian.com" />
-	<target host="*.myvarian.com" />
 
 
 	<securecookie host="^\.myvarian\.com$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?myvarian\.com/"
-		to="https://myvarian.com/" />
+	<rule from="^http://myvarian\.com/"
+		to="https://www.myvarian.com/" />
+
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MyWOT-problematic.xml b/src/chrome/content/rules/MyWOT-problematic.xml
deleted file mode 100644
index 63087383df5d..000000000000
--- a/src/chrome/content/rules/MyWOT-problematic.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<!--
-	For rules that are on by default, see MyWOT.xml.
-
--->
-<ruleset name="MyWOT (problematic)" default_off="breaks MyWOT extension">
-
-	<target host="api.mywot.com" />
-
-
-	<rule from="^http://api\.mywot\.com/"
-		to="https://api.mywot.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/MyWOT.xml b/src/chrome/content/rules/MyWOT.xml
index eb5748b6a65b..6258d5df3070 100644
--- a/src/chrome/content/rules/MyWOT.xml
+++ b/src/chrome/content/rules/MyWOT.xml
@@ -1,34 +1,31 @@
-<!--
-	For problematic rules, see MyWOT-problematic.xml.
-
-
-	api.mywot.com for the time being breaks the MyWOT extension:
-
-		https://trac.torproject.org/projects/tor/ticket/5912
 
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://search.mywot.com/ => https://search.mywot.com/: (6, 'Could not resolve host: search.mywot.com')
+Fetch error: http://mywot.net/ => https://mywot.net/: (51, "SSL: no alternative certificate subject name matches target host name 'mywot.net'")
+Fetch error: http://www.mywot.net/ => https://www.mywot.net/: (51, "SSL: no alternative certificate subject name matches target host name 'www.mywot.net'")
 
 	CDN buckets
-
 		- d203dmbd9wdx7j.cloudfront.net
-
 -->
-<ruleset name="MyWOT (partial)">
+
+<ruleset name="MyWOT" default_off="failed ruleset test">
 
 	<target host="mywot.com" />
-	<target host="*.mywot.com" />
-	<target host="mywot.net" />
-	<target host="*.mywot.net" />
+	<target host="api.mywot.com" />
+	<target host="ctn.mywot.com" />
+	<target host="filter.mywot.com" />
+	<target host="search.mywot.com" />
+	<target host="www.mywot.com" />
 
+	<target host="mywot.net" />
+	<target host="cdn-cf.mywot.net" />
+	<target host="www.mywot.net" />
 
 	<!--securecookie host="^\.mywot\.com$" name="^(?:SESS\w{32}|wot_lang)$" -->
-	<securecookie host="^(?:search\.|www\.)?mywot\.com" name=".*" />
+	<securecookie host="^(?:search\.|www\.)?mywot\.com" name=".+" />
 	<securecookie host="^\.mywot\.net$" name=".+" />
 
-
-	<rule from="^http://(search\.|www\.)?mywot\.com/"
-		to="https://$1mywot.com/" />
-
-	<rule from="^http://(cdn-cf\.|www\.)?mywot\.net/"
-		to="https://$1mywot.net/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/MyWell-Being.com.xml b/src/chrome/content/rules/MyWell-Being.com.xml
index e8d5618d0ceb..662ca6c09c46 100644
--- a/src/chrome/content/rules/MyWell-Being.com.xml
+++ b/src/chrome/content/rules/MyWell-Being.com.xml
@@ -1,11 +1,19 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://mywell-being.com/ => https://www.mywell-being.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.mywell-being.com/ => https://www.mywell-being.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://mywell-being.com/ => https://www.mywell-being.com/: (28, 'Connection timed out after 10000 milliseconds')
+Fetch error: http://www.mywell-being.com/ => https://www.mywell-being.com/: (28, 'Connection timed out after 10000 milliseconds')
 	Problematic subdomains:
 
 		- ^	(mismatched, CN: acquia-sites.com)
 
 
 -->
-<ruleset name="MyWell-Being.com">
+<ruleset name="MyWell-Being.com" default_off="failed ruleset test">
 
 	<target host="mywell-being.com" />
 	<target host="www.mywell-being.com" />
@@ -14,4 +22,4 @@
 	<rule from="^http://(?:www\.)?mywell-being\.com/"
 		to="https://www.mywell-being.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/My_Aloe_Cleanse.com.xml b/src/chrome/content/rules/My_Aloe_Cleanse.com.xml
deleted file mode 100644
index 37fd908d6e48..000000000000
--- a/src/chrome/content/rules/My_Aloe_Cleanse.com.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<ruleset name="My Aloe Cleanse.com">
-
-	<target host="myaloecleanse.com" />
-	<target host="*.myaloecleanse.com" />
-	<target host="tryprocleanse.com" />
-	<target host="*.tryprocleanse.com" />
-
-
-	<securecookie host="^\.(?:myaloe|trypto)cleanse\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?(myaloe|trypto)cleanse\.com/"
-		to="https://$1$2cleanse.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/My_Bluemix.net.xml b/src/chrome/content/rules/My_Bluemix.net.xml
new file mode 100644
index 000000000000..cdac071fca95
--- /dev/null
+++ b/src/chrome/content/rules/My_Bluemix.net.xml
@@ -0,0 +1,15 @@
+<!--
+	For other IBM coverage, see IBM.xml.
+
+-->
+<ruleset name="my Bluemix.net">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="piwik240.mybluemix.net" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/My_Care_In_Birmingham.org.uk.xml b/src/chrome/content/rules/My_Care_In_Birmingham.org.uk.xml
new file mode 100644
index 000000000000..de5b16d97490
--- /dev/null
+++ b/src/chrome/content/rules/My_Care_In_Birmingham.org.uk.xml
@@ -0,0 +1,35 @@
+<!--
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	These altnames don't exist:
+
+		- mycareinbirmingham.org.uk
+
+
+	Insecure cookies are set for these hosts:
+
+		- childrens.mycareinbirmingham.org.uk
+		- sso.childrensmarketplace.mycareinbirmingham.org.uk
+		- www.mycareinbirmingham.org.uk
+
+-->
+<ruleset name="My Care In Birmingham.org.uk">
+
+	<target host="childrens.mycareinbirmingham.org.uk" />
+	<target host="sso.childrensmarketplace.mycareinbirmingham.org.uk" />
+	<target host="www.mycareinbirmingham.org.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:childrens|www)\.mycareinbirmingham\.org\.uk$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^sso\.childrensmarketplace\.mycareinbirmingham\.org\.uk$" name="^(?:__RequestVerificationToken|ASP\.NET_SessionId)" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/My_Datapipe.com.xml b/src/chrome/content/rules/My_Datapipe.com.xml
new file mode 100644
index 000000000000..56d68f31fb2f
--- /dev/null
+++ b/src/chrome/content/rules/My_Datapipe.com.xml
@@ -0,0 +1,32 @@
+<!--
+	For other Datapipe coverage, see Datapipe.com.xml.
+
+
+	Insecure cookies are set for these hosts:
+
+		- mydatapipe.com
+		- sso.smq.mydatapipe.com
+		- www.mydatapipe.com
+
+-->
+<ruleset name="My Datapipe.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="mydatapipe.com" />
+	<target host="sso.smq.mydatapipe.com" />
+	<target host="www.mydatapipe.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?mydatapipe\.com$" name="^RT_SID_DataPipe\.443$" /-->
+	<!--securecookie host="^sso\.smq\.mydatapipe\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/My_Datapipe.net.xml b/src/chrome/content/rules/My_Datapipe.net.xml
new file mode 100644
index 000000000000..12498158c228
--- /dev/null
+++ b/src/chrome/content/rules/My_Datapipe.net.xml
@@ -0,0 +1,19 @@
+<!--
+	For other Datapipe coverage, see Datapipe.com.xml.
+
+
+	(www.)?mydatapipe.net: Mismatched
+
+-->
+<ruleset name="My Datapipe.net">
+
+	<!--	Complications:
+				-->
+	<target host="mydatapipe.net" />
+	<target host="www.mydatapipe.net" />
+
+
+	<rule from="^http://(?:www\.)?mydatapipe\.net/"
+		to="https://www.mydatapipe.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/My_Healthcare_Contacts.xml b/src/chrome/content/rules/My_Healthcare_Contacts.xml
deleted file mode 100644
index 5df071bf20c6..000000000000
--- a/src/chrome/content/rules/My_Healthcare_Contacts.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="My Healthcare Contacts">
-
-	<target host="minavardkontakter.se" />
-	<target host="*.minavardkontakter.se" />
-
-
-	<securecookie host="^kontakt\.minavardkontakter\.se$" name=".+" />
-
-
-	<rule from="^http://(kontakt\.|www\.)?minavardkontakter\.se/"
-		to="https://minavardkontakter.se/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/My_IP.ms.xml b/src/chrome/content/rules/My_IP.ms.xml
new file mode 100644
index 000000000000..cd2f1ff738c4
--- /dev/null
+++ b/src/chrome/content/rules/My_IP.ms.xml
@@ -0,0 +1,13 @@
+<ruleset name="My IP.ms">
+
+	<target host="myip.ms" />
+	<target host="www.myip.ms" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/My_IT_Works_Events.com.xml b/src/chrome/content/rules/My_IT_Works_Events.com.xml
new file mode 100644
index 000000000000..6e4923a194b8
--- /dev/null
+++ b/src/chrome/content/rules/My_IT_Works_Events.com.xml
@@ -0,0 +1,19 @@
+<!--
+	For other IT Works coverage, see My_IT_Works_Events.com.xml.
+
+-->
+<ruleset name="my IT Works Events.com" default_off="mismatched">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="myitworksevents.com" />
+	<target host="www.myitworksevents.com" />
+
+
+	<securecookie host="^(?:w*\.)?myitworksevents\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/My_IU.org.xml b/src/chrome/content/rules/My_IU.org.xml
new file mode 100644
index 000000000000..6e27c6ab8f02
--- /dev/null
+++ b/src/chrome/content/rules/My_IU.org.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- myiu.org
+		- www.myiu.org
+
+-->
+<ruleset name="My IU.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="myiu.org" />
+	<target host="www.myiu.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?myiu\.org$" name="^NSC_" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/My_InMon.com.xml b/src/chrome/content/rules/My_InMon.com.xml
index bf946feb56be..54822c49020d 100644
--- a/src/chrome/content/rules/My_InMon.com.xml
+++ b/src/chrome/content/rules/My_InMon.com.xml
@@ -7,7 +7,7 @@
 <ruleset name="my InMon.com">
 
 	<target host="myinmon.com" />
-	<target host="*.myinmon.com" />
+	<target host="www.myinmon.com" />
 
 
 	<securecookie host="^\.www\.myinmon\.com$" name=".+" />
diff --git a/src/chrome/content/rules/My_LiveChat.xml b/src/chrome/content/rules/My_LiveChat.xml
index aca1204054d5..0d9bfe2517c3 100644
--- a/src/chrome/content/rules/My_LiveChat.xml
+++ b/src/chrome/content/rules/My_LiveChat.xml
@@ -1,13 +1,36 @@
-<ruleset name="My LiveChat">
+<!--
+	For other CuteSoft Components coverage, see cutesoft.net.xml.
+
+
+	Nonfunctional hosts in *mylivechat.com:
+
+		- forums ᵈ
+
+	ᵈ Dropped
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- chat1.mylivechat.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="My LiveChat.com (partial)">
 
 	<target host="mylivechat.com" />
-	<target host="*.mylivechat.com" />
+	<target host="chat1.mylivechat.com" />
+	<target host="www.mylivechat.com" />
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^chat1\.mylivechat\.com$" name="^\.ASPXANONYMOUS$" /-->
 
-	<securecookie host="^\.mylivechat\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(www\.)?mylivechat\.com/"
-		to="https://$1mylivechat.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/My_Media_Magnet.xml b/src/chrome/content/rules/My_Media_Magnet.xml
index 8de60760f2b2..6a1be5ff66e3 100644
--- a/src/chrome/content/rules/My_Media_Magnet.xml
+++ b/src/chrome/content/rules/My_Media_Magnet.xml
@@ -1,20 +1,26 @@
 <!--
-	- !www: self-signed, CN: plesk
 	- Expired 2010-10-01
-	- www: refused
-	- Some pages redirect to !www from www
+	- www.mymediamagnet.com: Internal error
 
 -->
-<ruleset name="My Media Magnet" default_off="expired, self-signed">
+<ruleset name="My Media Magnet.com" default_off="expired, mismatched, self-signed">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="mymediamagnet.com" />
+
+	<!--	Complications:
+				-->
 	<target host="www.mymediamagnet.com" />
 
 
-	<securecookie host="^mymediamagnet\.com$" name=".+" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?mymediamagnet\.com/"
+	<rule from="^http://www\.mymediamagnet\.com/"
 		to="https://mymediamagnet.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/My_OptPlus_secure.com.xml b/src/chrome/content/rules/My_OptPlus_secure.com.xml
new file mode 100644
index 000000000000..c2b4a6e87c3e
--- /dev/null
+++ b/src/chrome/content/rules/My_OptPlus_secure.com.xml
@@ -0,0 +1,19 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://myoptplussecure.com/ => https://myoptplussecure.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.myoptplussecure.com/ => https://www.myoptplussecure.com/: (28, 'Connection timed out after 20000 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://myoptplussecure.com/ => https://myoptplussecure.com/: (7, 'Failed to connect to myoptplussecure.com port 80: Connection refused')
+Fetch error: http://www.myoptplussecure.com/ => https://www.myoptplussecure.com/: (7, 'Failed to connect to www.myoptplussecure.com port 80: Connection refused')
+-->
+<ruleset name="My OptPlus secure.com" default_off="failed ruleset test">
+
+	<target host="myoptplussecure.com" />
+	<target host="www.myoptplussecure.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/My_OptimizerPlus.com.xml b/src/chrome/content/rules/My_OptimizerPlus.com.xml
new file mode 100644
index 000000000000..c798bd400522
--- /dev/null
+++ b/src/chrome/content/rules/My_OptimizerPlus.com.xml
@@ -0,0 +1,23 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://myoptimizerplus.com/ => https://myoptimizerplus.com/: (51, "SSL: no alternative certificate subject name matches target host name 'myoptimizerplus.com'")
+Fetch error: http://www.myoptimizerplus.com/ => https://www.myoptimizerplus.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.myoptimizerplus.com'")
+
+-->
+<ruleset name="My OptimizerPlus.com" default_off="failed ruleset test">
+
+	<target host="myoptimizerplus.com" />
+	<target host="www.myoptimizerplus.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.myoptimizerplus\.com$" name="^(JROUTE|JSESSIONID)$" /-->
+
+	<securecookie host="^www\.myoptimizerplus\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/My_Portable_World.com.xml b/src/chrome/content/rules/My_Portable_World.com.xml
index 7da7a02a24a4..95b0ebf330dc 100644
--- a/src/chrome/content/rules/My_Portable_World.com.xml
+++ b/src/chrome/content/rules/My_Portable_World.com.xml
@@ -4,17 +4,32 @@
 		- mpw-myportableworld.netdna-ssl.com
 		- i[012].wp.com/myportableworld.com/
 
+
+	^myportableworld.com: Mismatched
+
 -->
 <ruleset name="My Portable World.com">
 
+	<!--	Direct rewrites:
+				-->
+	<target host="www.myportableworld.com" />
+
+	<!--	Complications:
+				-->
 	<target host="myportableworld.com" />
-	<target host="*.myportableworld.com" />
 
 
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.myportableworld\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+
 	<securecookie host="^\.?myportableworld\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?myportableworld\.com/"
-		to="https://$1myportableworld.com/" />
+	<rule from="^http://myportableworld\.com/"
+		to="https://www.myportableworld.com/" />
+
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/My_Radio_Creative.xml b/src/chrome/content/rules/My_Radio_Creative.xml
index 1ad8eee2809f..cc019cf3ed32 100644
--- a/src/chrome/content/rules/My_Radio_Creative.xml
+++ b/src/chrome/content/rules/My_Radio_Creative.xml
@@ -1,13 +1,18 @@
-<ruleset name="My Radio Creative">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://myradiocreative.com/ => https://myradiocreative.com/: (6, 'Could not resolve host: myradiocreative.com')
+
+-->
+<ruleset name="My Radio Creative" default_off="failed ruleset test">
 
 	<target host="myradiocreative.com" />
-	<target host="*.myradiocreative.com" />
+	<target host="www.myradiocreative.com" />
 
 
 	<securecookie host="^\.myradiocreative\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)myradiocreative\.com/"
-		to="https://$1myradiocreative.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/My_Shadow.com.xml b/src/chrome/content/rules/My_Shadow.com.xml
index 62e09c6bceb7..b957fc970643 100644
--- a/src/chrome/content/rules/My_Shadow.com.xml
+++ b/src/chrome/content/rules/My_Shadow.com.xml
@@ -1,10 +1,27 @@
+<!--
+	For other Tactical Technology coverage, see Tactical_Tech.org.xml.
+
+
+	Insecure cookies are set for these hosts:
+
+		- myshadow.org
+		- www.myshadow.org
+
+-->
 <ruleset name="My Shadow.com">
 
 	<target host="myshadow.org" />
 	<target host="www.myshadow.org" />
 
 
-	<rule from="^http://(www\.)?myshadow\.org/"
-		to="https://$1myshadow.org/" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?myshadow\.org$" name="^_app_session$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/My_Shazam.com.xml b/src/chrome/content/rules/My_Shazam.com.xml
new file mode 100644
index 000000000000..ace0334bd44d
--- /dev/null
+++ b/src/chrome/content/rules/My_Shazam.com.xml
@@ -0,0 +1,40 @@
+<!--
+	For other Shazam coverage, see Shazam.xml.
+
+
+	^myshazam.com: Server sends no certificate chain, see https://whatsmychaincert.com
+	www.myshazam.com: Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- myshazam.com
+
+-->
+<ruleset name="My Shazam.com" default_off="cert-chain">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="myshazam.com" />
+
+	<!--	Complications:
+				-->
+	<target host="www.myshazam.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^myshazam\.com$" name="^JSESSIONID$" /-->
+
+	<securecookie host="^myshazam\.com$" name=".+" />
+
+
+	<!--	Redirects like so.
+					-->
+	<rule from="^http://www\.myshazam\.com/"
+		to="https://www.shazam.com/" />
+
+	<rule from="^http://myshazam\.com/"
+		to="https://myshazam.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/My_SlideRule.com.xml b/src/chrome/content/rules/My_SlideRule.com.xml
new file mode 100644
index 000000000000..ef8868ccfd4c
--- /dev/null
+++ b/src/chrome/content/rules/My_SlideRule.com.xml
@@ -0,0 +1,40 @@
+<!--
+	NB: Tor users cannot view* this website due to CloudFlare settings.
+
+	See:
+
+		- https://blog.torproject.org/blog/call-arms-helping-internet-services-accept-anonymous-users
+		- https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block-Tor-
+		- https://support.cloudflare.com/hc/en-us/articles/200170206-How-do-I-turn-I-m-Under-Attack-mode-on-
+
+	* without enabling javascript, for security and privacy implications see e.g.:
+
+		- https://www.mozilla.org/security/known-vulnerabilities/firefox.html
+		- https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-fingerprinting
+		- https://panopticlick.eff.org
+
+
+	Insecure cookies are set for these domains:
+
+		- .mysliderule.com
+
+-->
+<ruleset name="My SlideRule.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="mysliderule.com" />
+	<target host="www.mysliderule.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.mysliderule\.com$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^(?:\.|www\.)?mysliderule\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/My_Sullivan_News.com.xml b/src/chrome/content/rules/My_Sullivan_News.com.xml
new file mode 100644
index 000000000000..33907aa4d836
--- /dev/null
+++ b/src/chrome/content/rules/My_Sullivan_News.com.xml
@@ -0,0 +1,14 @@
+<!--
+	Mismatched, CN: *.hostmonster.com
+
+-->
+<ruleset name="My Sullivan News.com (partial)">
+
+	<target host="mysullivannews.com" />
+	<target host="www.mysullivannews.com" />
+
+
+	<rule from="^http://(?:www\.)?mysullivannews\.com/(?=wp-content/|wp-includes/)"
+		to="https://secure.hostmonster.com/~mysulliv/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/My_Virtual_Paper.xml b/src/chrome/content/rules/My_Virtual_Paper.xml
deleted file mode 100644
index 3d7cfb8d8293..000000000000
--- a/src/chrome/content/rules/My_Virtual_Paper.xml
+++ /dev/null
@@ -1,30 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- admin		(shows secure.admin; mismatched, CN: secure.admin.myvirtualpaper.com)
-		- america *
-		- cdn-aec2w1	(503, akamai)
-		- img *
-		- www *
-
-	* No https
-
-
-	Problematic domains:
-
-		- ^		(works; expired 2011-11-05, CN: web6)
-		- cdn-as3	(works, akamai)
-
--->
-<ruleset name="My Virtual Paper (partial)">
-
-	<target host="secure.admin.myvirtualpaper.com" />
-
-
-	<securecookie host="^secure\.admin\.myvirtualpaper\.com$" name=".+" />
-
-
-	<rule from="^http://secure\.admin\.myvirtualpaper\.com/"
-		to="https://secure.admin.myvirtualpaper.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/My_Year_Book.xml b/src/chrome/content/rules/My_Year_Book.xml
index bd26851b933e..f7a1315ff9a7 100644
--- a/src/chrome/content/rules/My_Year_Book.xml
+++ b/src/chrome/content/rules/My_Year_Book.xml
@@ -1,13 +1,16 @@
-<ruleset name="My Year Book (partial)">
+<!--
+	For other MeetMe coverage, see MeetMe.xml.
 
-	<target host="live.assets.mybcdna.com" />
-	<target host="*.myyearbook.com" />
+-->
+<ruleset name="My Year Book.com">
 
+	<target host="myyearbook.com" />
+	<target host="assets.myyearbook.com" />
+	<target host="content1.myyearbook.com" />
+	<target host="www.myyearbook.com" />
 
-	<rule from="^http://live\.assets\.mybcdna\.com/"
-		to="https://live.assets.mybcdna.com/" />
 
-	<rule from="^http://(assets|content1)\.myyearbook\.com/"
-		to="https://$1.myyearbook.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/My_phone.coop.xml b/src/chrome/content/rules/My_phone.coop.xml
new file mode 100644
index 000000000000..ffad52b9115a
--- /dev/null
+++ b/src/chrome/content/rules/My_phone.coop.xml
@@ -0,0 +1,36 @@
+<!--
+	For other phone co-operative coverage, see Thephone.coop.xml.
+
+
+	^myphone.coop: Mismatched
+
+
+	www.myphone.coop doesn't exist
+
+-->
+<ruleset name="my phone.coop">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="webmail.myphone.coop" />
+
+	<!--	Complications:
+				-->
+	<target host="myphone.coop" />
+
+
+	<!--	Redirect keeps path, but not
+		args nor forward slash:
+					-->
+	<rule from="^http://myphone\.coop/+([^?]*).*"
+		to="https://www.thephone.coop/$1" />
+
+		<test url="http://myphone.coop/index" />
+		<test url="http://myphone.coop/index.asp?drop" />
+		<test url="http://myphone.coop/index.aspx?me" />
+		<test url="http://myphone.coop/index.php" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mycdn.me.xml b/src/chrome/content/rules/Mycdn.me.xml
new file mode 100644
index 000000000000..d41d96039738
--- /dev/null
+++ b/src/chrome/content/rules/Mycdn.me.xml
@@ -0,0 +1,47 @@
+<!--
+	Problematic hosts in *mycdn.me:
+
+		- gic7 *
+
+	* Dropped
+
+-->
+<ruleset name="mycdn.me">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="dg50.mycdn.me" />
+	<target host="dg53.mycdn.me" />
+	<target host="dg54.mycdn.me" />
+	<target host="gic1.mycdn.me" />
+	<target host="gic2.mycdn.me" />
+	<target host="gic3.mycdn.me" />
+	<target host="gic4.mycdn.me" />
+	<target host="gic5.mycdn.me" />
+	<target host="groupava1.mycdn.me" />
+	<target host="groupava2.mycdn.me" />
+	<target host="i500.mycdn.me" />
+	<target host="pimg.mycdn.me" />
+	<target host="st.mycdn.me" />
+	<target host="umd1.mycdn.me" />
+	<target host="umd2.mycdn.me" />
+	<target host="umd3.mycdn.me" />
+	<target host="vdp.mycdn.me" />
+
+	<!--	Complications:
+				-->
+	<target host="gic7.mycdn.me" />
+
+		<!--	If this stops being equivalent to groupava1,
+			comment out the target/rule/test:
+							-->
+		<test url="http://gic7.mycdn.me/getImage?photoId=772304538350" />
+
+
+	<rule from="^http://gic7\.mycdn\.me/"
+		to="https://groupava1.mycdn.me/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mycliplister.com.xml b/src/chrome/content/rules/Mycliplister.com.xml
index e68d831e6905..7bbb09e2f2c8 100644
--- a/src/chrome/content/rules/Mycliplister.com.xml
+++ b/src/chrome/content/rules/Mycliplister.com.xml
@@ -7,7 +7,6 @@
 	<target host="mycliplister.com" />
 
 
-	<rule from="^http://mycliplister\.com/"
-		to="https://mycliplister.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Mycoles.com.au.xml b/src/chrome/content/rules/Mycoles.com.au.xml
new file mode 100644
index 000000000000..9825ac5a498b
--- /dev/null
+++ b/src/chrome/content/rules/Mycoles.com.au.xml
@@ -0,0 +1,14 @@
+<!--
+	For other Coles coverage, see Coles.com.au.xml
+-->
+<ruleset name="mycoles.com.au">
+
+	<target host="mycoles.com.au" />
+	<target host="www.mycoles.com.au" />
+	<target host="apps.mycoles.com.au" />
+	<target host="learning.mycoles.com.au" />
+	<target host="notifications.mycoles.com.au" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mycotopia.net.xml b/src/chrome/content/rules/Mycotopia.net.xml
index 08b69d4b4a99..638b03310aec 100644
--- a/src/chrome/content/rules/Mycotopia.net.xml
+++ b/src/chrome/content/rules/Mycotopia.net.xml
@@ -13,7 +13,6 @@
 	<securecookie host="^mycotopia\.net$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?mycotopia\.net/"
-		to="https://mycotopia.net/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Mydigipass.com.xml b/src/chrome/content/rules/Mydigipass.com.xml
deleted file mode 100644
index d9869a0175dc..000000000000
--- a/src/chrome/content/rules/Mydigipass.com.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!-- This rule was automatically generated based on an HSTS
-     preload rule in the Chromium browser.  See 
-     https://src.chromium.org/viewvc/chrome/trunk/src/net/base/transport_security_state.cc
-     for the list of preloads.  Sites are added to the Chromium HSTS
-     preload list on request from their administrators, so HTTPS should
-     work properly everywhere on this site.
- 
-     Because Chromium and derived browsers automatically force HTTPS for
-     every access to this site, this rule applies only to Firefox. -->
-<ruleset name="Mydigipass.com" platform="firefox">
-  <target host="mydigipass.com" />
-  <target host="www.mydigipass.com" />
-  <target host="developer.mydigipass.com" />
-  <target host="www.developer.mydigipass.com" />
-  <target host="sandbox.mydigipass.com" />
-  <target host="www.sandbox.mydigipass.com" />
-
-  <securecookie host="^([a-z]+\.)mydigipass\.com$" name=".+" />
-
-  <rule from="^http://([a-z]+\.)?mydigipass\.com/" to="https://$1mydigipass.com/" />
-  <rule from="^http://www\.sandbox\.mydigipass\.com/" to="https://www.sandbox.mydigipass.com/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Mydrive.ch.xml b/src/chrome/content/rules/Mydrive.ch.xml
new file mode 100644
index 000000000000..5d3eda70c86c
--- /dev/null
+++ b/src/chrome/content/rules/Mydrive.ch.xml
@@ -0,0 +1,10 @@
+<ruleset name="Mydrive.ch">
+	<target host="mydrive.ch"/>
+	<target host="www.mydrive.ch"/>
+	<target host="static.mydrive.ch"/>
+	<target host="webdav.mydrive.ch"/>
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/Mydrive.xml b/src/chrome/content/rules/Mydrive.xml
deleted file mode 100644
index dcfd3d284d4e..000000000000
--- a/src/chrome/content/rules/Mydrive.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="Mydrive">
-  <target host="mydrive.ch"/>
-  <target host="www.mydrive.ch"/>
-  <target host="static.mydrive.ch"/>
-  <target host="webdav.mydrive.ch"/>
-  
-   <securecookie host="^(.*\.)?mydrive\.ch$" name=".*" />
-   
-  <rule from="^http://(www|static|webdav)\.?mydrive\.ch/" to="https://$1.mydrive.ch/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/Myfolder.xml b/src/chrome/content/rules/Myfolder.xml
index 807066dc8644..467fb78f64de 100644
--- a/src/chrome/content/rules/Myfolder.xml
+++ b/src/chrome/content/rules/Myfolder.xml
@@ -1,4 +1,9 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://myfolder.net/ => https://myfolder.net/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.myfolder.net/ => https://www.myfolder.net/: (28, 'Connection timed out after 20001 milliseconds')
+
 	Nonfunctional subdomains:
 
 		- bin		(cert: www.myfolder.net; shows www's data)
@@ -9,16 +14,15 @@
 		- vaccine	(cert: www.myfolder.net; shows www's data)
 
 -->
-<ruleset name="myfolder (partial)">
+<ruleset name="myfolder (partial)" default_off="failed ruleset test">
 
 	<target host="myfolder.net" />
 	<target host="www.myfolder.net" />
 
 
-	<securecookie host="^(www\.)?myfolder\.net$" name=".*" />
+	<securecookie host="^(?:www\.)?myfolder\.net$" name=".+" />
 
 
-	<rule from="^http://(www\.)?myfolder\.net/"
-		to="https://$1myfolder.net/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Myftp.utechsoft.com.xml b/src/chrome/content/rules/Myftp.utechsoft.com.xml
deleted file mode 100644
index 24d4381aa3de..000000000000
--- a/src/chrome/content/rules/Myftp.utechsoft.com.xml
+++ /dev/null
@@ -1,5 +0,0 @@
-<ruleset name="Myftp.utechsoft.com">
-  <target host="myftp.utechsoft.com"/>
-  <rule from="^http://(www\.)?myftp\.utechsoft\.com/" to="https://myftp.utechsoft.com/"/>
-</ruleset>
-<!-- Rule generated by HTTPS Finder 0.85 -->
\ No newline at end of file
diff --git a/src/chrome/content/rules/Mygoya.de.xml b/src/chrome/content/rules/Mygoya.de.xml
new file mode 100644
index 000000000000..071bd4dead96
--- /dev/null
+++ b/src/chrome/content/rules/Mygoya.de.xml
@@ -0,0 +1,14 @@
+<!--
+	For other MAGIX coverage, see MAGIX.xml.
+
+-->
+<ruleset name="Mygoya.de" default_off="refused">
+
+	<target host="mygoya.de" />
+	<target host="www.mygoya.de" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Myhappyoffice.com.xml b/src/chrome/content/rules/Myhappyoffice.com.xml
index 7e22e6d325ad..549eede19947 100644
--- a/src/chrome/content/rules/Myhappyoffice.com.xml
+++ b/src/chrome/content/rules/Myhappyoffice.com.xml
@@ -2,5 +2,5 @@
   <target host="myhappyoffice.com" />
   <target host="www.myhappyoffice.com" />
 
-  <rule from="^http://(www\.)?myhappyoffice\.com/" to="https://www.myhappyoffice.com/" />
+  <rule from="^http://(?:www\.)?myhappyoffice\.com/" to="https://www.myhappyoffice.com/" />
 </ruleset>
diff --git a/src/chrome/content/rules/Myheritage.xml b/src/chrome/content/rules/Myheritage.xml
new file mode 100644
index 000000000000..de96498b69b2
--- /dev/null
+++ b/src/chrome/content/rules/Myheritage.xml
@@ -0,0 +1,160 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://myheritage.br/ => https://myheritage.br/: (6, 'Could not resolve host: myheritage.br')
+Fetch error: http://www.myheritage.br/ => https://www.myheritage.br/: (6, 'Could not resolve host: www.myheritage.br')
+Fetch error: http://myheritage.com.il/ => https://myheritage.com.il/: (6, 'Could not resolve host: myheritage.com.il')
+Fetch error: http://www.myheritage.com.il/ => https://www.myheritage.com.il/: (6, 'Could not resolve host: www.myheritage.com.il')
+Fetch error: http://helpcenter.myheritage.com/ => https://helpcenter.myheritage.com/: (51, "SSL: no alternative certificate subject name matches target host name 'helpcenter.myheritage.com'")
+Fetch error: http://blog.myheritage.br/ => https://blog.myheritage.br/: (6, 'Could not resolve host: blog.myheritage.br')
+Fetch error: http://helpcenter.myheritage.br/ => https://helpcenter.myheritage.br/: (6, 'Could not resolve host: helpcenter.myheritage.br')
+Fetch error: http://blog.myheritage.co/ => https://blog.myheritage.co/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://helpcenter.myheritage.co/ => https://helpcenter.myheritage.co/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://blog.myheritage.il/ => https://blog.myheritage.il/: (6, 'Could not resolve host: blog.myheritage.il')
+Fetch error: http://helpcenter.myheritage.il/ => https://helpcenter.myheritage.il/: (6, 'Could not resolve host: helpcenter.myheritage.il')
+Fetch error: http://myheritage.br/ => https://myheritage.br/: (6, 'Could not resolve host: myheritage.br')
+Fetch error: http://myheritage.com.il/ => https://myheritage.com.il/: (6, 'Could not resolve host: myheritage.com.il')
+
+    Nonfunctional domains:
+        - blog.myheritage.*          -> stupid error 29 by incapsula
+        - helpcenter.myheritage.*    -> wrong cert (valid for nanorep.com)
+
+	Mixed content:
+		- iframes on myheritage.* *
+
+	* secured by us
+
+    Other MyHeritage rulesets:
+	    - Mhcache.com
+	    - Myheritageimages.com
+-->
+<ruleset name="MyHeritage" platform="mixedcontent" default_off="failed ruleset test">
+    <!-- .com -->
+    <target host="myheritage.com" />
+    <target host="*.myheritage.com" />
+
+    <test url="http://myheritage.com/" />
+    <test url="http://www.myheritage.com/" />
+    <test url="http://lastnames.myheritage.com/" />
+    <test url="http://secure.myheritage.com/" />
+
+    <!-- .no -->
+    <target host="myheritage.no" />
+    <target host="*.myheritage.no" />
+
+    <test url="http://myheritage.no/" />
+    <test url="http://www.myheritage.no/" />
+
+    <!-- .nl -->
+    <target host="myheritage.nl" />
+    <target host="*.myheritage.nl" />
+
+    <test url="http://myheritage.nl/" />
+    <test url="http://www.myheritage.nl/" />
+
+    <!-- .de -->
+    <target host="myheritage.de" />
+    <target host="*.myheritage.de" />
+
+    <test url="http://myheritage.de/" />
+    <test url="http://www.myheritage.de/" />
+
+    <!-- .dk -->
+    <target host="myheritage.dk" />
+    <target host="*.myheritage.dk" />
+
+    <test url="http://myheritage.dk/" />
+    <test url="http://www.myheritage.dk/" />
+
+    <!-- .se -->
+    <target host="myheritage.se" />
+    <target host="*.myheritage.se" />
+
+    <test url="http://myheritage.se/" />
+    <test url="http://www.myheritage.se/" />
+
+    <!-- .fr -->
+    <target host="myheritage.fr" />
+    <target host="*.myheritage.fr" />
+
+    <test url="http://myheritage.fr/" />
+    <test url="http://www.myheritage.fr/" />
+
+    <!-- .fi -->
+    <target host="myheritage.fi" />
+    <target host="*.myheritage.fi" />
+
+    <test url="http://myheritage.fi/" />
+    <test url="http://www.myheritage.fi/" />
+
+    <!-- .br -->
+    <target host="myheritage.br" />
+    <target host="*.myheritage.br" />
+
+    <test url="http://myheritage.br/" />
+    <test url="http://www.myheritage.br/" />
+
+    <!-- .com.br -->
+    <target host="myheritage.com.br" />
+    <target host="*.myheritage.com.br" />
+
+    <test url="http://myheritage.com.br/" />
+    <test url="http://www.myheritage.com.br/" />
+
+    <!-- .com.il -->
+    <target host="myheritage.com.il" />
+    <target host="*.myheritage.com.il" />
+
+    <test url="http://myheritage.com.il/" />
+    <test url="http://www.myheritage.com.il/" />
+
+    <!-- .es -->
+    <target host="myheritage.es" />
+    <target host="*.myheritage.es" />
+
+    <test url="http://myheritage.es/" />
+    <test url="http://www.myheritage.es/" />
+
+    <!-- .pl -->
+    <target host="myheritage.pl" />
+    <target host="*.myheritage.pl" />
+
+    <test url="http://myheritage.pl/" />
+    <test url="http://www.myheritage.pl/" />
+
+    <!-- https://regex101.com/r/fT8rK6/6 -->
+    <exclusion pattern="^http://(blog|helpcenter)\.myheritage\.(com\.br|co\.il|no|nl|de|dk|se|fr|fi|es|pl)" />
+
+    <test url="http://blog.myheritage.com/" />
+    <test url="http://helpcenter.myheritage.com/" />
+    <test url="http://blog.myheritage.br/" />
+    <test url="http://helpcenter.myheritage.br/" />
+    <test url="http://blog.myheritage.co/" />
+    <test url="http://helpcenter.myheritage.co/" />
+    <test url="http://blog.myheritage.il/" />
+    <test url="http://helpcenter.myheritage.il/" />
+    <test url="http://blog.myheritage.no/" />
+    <test url="http://helpcenter.myheritage.no/" />
+    <test url="http://blog.myheritage.nl/" />
+    <test url="http://helpcenter.myheritage.nl/" />
+    <test url="http://blog.myheritage.de/" />
+    <test url="http://helpcenter.myheritage.de/" />
+    <test url="http://blog.myheritage.dk/" />
+    <test url="http://helpcenter.myheritage.dk/" />
+    <test url="http://blog.myheritage.se/" />
+    <test url="http://helpcenter.myheritage.se/" />
+    <test url="http://blog.myheritage.fr/" />
+    <test url="http://helpcenter.myheritage.fr/" />
+    <test url="http://blog.myheritage.fi/" />
+    <test url="http://helpcenter.myheritage.fi/" />
+    <test url="http://blog.myheritage.es/" />
+    <test url="http://helpcenter.myheritage.es/" />
+    <test url="http://blog.myheritage.pl/" />
+    <test url="http://helpcenter.myheritage.pl/" />
+
+    <!-- https://regex101.com/r/iN4bF4/6 -->
+    <securecookie host="^(?!blog|helpcenter)(\w*\.)?myheritage\.(com\.br|co\.il|com|no|nl|de|dk|se|fr|fi|es|pl)" name=".+" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Myheritageimages.com.xml b/src/chrome/content/rules/Myheritageimages.com.xml
new file mode 100644
index 000000000000..e8c1d1488a9a
--- /dev/null
+++ b/src/chrome/content/rules/Myheritageimages.com.xml
@@ -0,0 +1,15 @@
+<!--
+    Other MyHeritage rulesets:
+	    - Myheritage
+	    - Mhcache.com
+-->
+<ruleset name="MyHeritageImages.com">
+    <target host="myheritageimages.com" />
+    <target host="www.myheritageimages.com" />
+    <target host="thumbnail.myheritageimages.com" />
+
+    <securecookie host="^(www\.)?myheritageimages.com" name=".+" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Myinterfase.com.xml b/src/chrome/content/rules/Myinterfase.com.xml
new file mode 100644
index 000000000000..3c1a9571117e
--- /dev/null
+++ b/src/chrome/content/rules/Myinterfase.com.xml
@@ -0,0 +1,16 @@
+<ruleset name="myinterfase.com">
+
+	<target host="myinterfase.com" />
+	<target host="www.myinterfase.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?myinterfase\.com$" name="^_shibstate_[\da-f]{8}$" /-->
+
+	<securecookie host="^(?:www\.)?myinterfase\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Myitcv.org.uk.xml b/src/chrome/content/rules/Myitcv.org.uk.xml
new file mode 100644
index 000000000000..dfeb9d6f7817
--- /dev/null
+++ b/src/chrome/content/rules/Myitcv.org.uk.xml
@@ -0,0 +1,36 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://myitcv.org.uk/ => https://www.myitcv.org.uk/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.myitcv.org.uk/ => https://www.myitcv.org.uk/: (28, 'Connection timed out after 20003 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://myitcv.org.uk/ => https://www.myitcv.org.uk/: (7, 'Failed to connect to www.myitcv.org.uk port 443: Connection refused')
+Fetch error: http://www.myitcv.org.uk/ => https://www.myitcv.org.uk/: (7, 'Failed to connect to www.myitcv.org.uk port 443: Connection refused')
+	Nonfunctional subdomains:
+
+		- blog *
+
+	* github
+
+-->
+<ruleset name="myitcv.org.uk (partial)" default_off="failed ruleset test">
+
+	<target host="myitcv.org.uk" />
+	<target host="www.myitcv.org.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?myitcv\.org\.uk$" name="^request_method$" /-->
+
+	<securecookie host="^(?:www\.)?myitcv\.org\.uk$" name=".+" />
+
+
+	<!--	!www redirects to www over http,
+		so copy that behavior:
+					-->
+	<rule from="^http://(?:www\.)?myitcv\.org\.uk/"
+		to="https://www.myitcv.org.uk/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Myjobscotland.gov.uk.xml b/src/chrome/content/rules/Myjobscotland.gov.uk.xml
new file mode 100644
index 000000000000..8eb108c5454a
--- /dev/null
+++ b/src/chrome/content/rules/Myjobscotland.gov.uk.xml
@@ -0,0 +1,44 @@
+<!--
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *myjobscotland.gov.uk:
+
+		- old ⁴
+
+	⁴ 404
+
+
+	includeSubdomains is included in STS header.
+
+
+	Insecure cookies are set for these hosts:
+
+		- admin.myjobscotland.gov.uk
+		- www.myjobscotland.gov.uk
+
+-->
+<ruleset name="myjobscotland.gov.uk (partial)">
+
+	<target host="myjobscotland.gov.uk" />
+	<target host="*.myjobscotland.gov.uk" />
+
+		<exclusion pattern="^http://old\.myjobscotland\.gov\.uk/" />
+
+			<test url="http://old.myjobscotland.gov.uk/" />
+
+		<test url="http://admin.myjobscotland.gov.uk/" />
+		<test url="http://www.myjobscotland.gov.uk/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:admin|www)\.myjobscotland\.gov\.uk$" name="^X-Mapping-" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mylevel3.net.xml b/src/chrome/content/rules/Mylevel3.net.xml
new file mode 100644
index 000000000000..99361f709950
--- /dev/null
+++ b/src/chrome/content/rules/Mylevel3.net.xml
@@ -0,0 +1,19 @@
+<!--
+	For other Level 3 coverage, see Level_3.com.xml.
+
+-->
+<ruleset name="mylevel3.net">
+
+	<target host="mylevel3.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^mylevel3\.net$" name="^JSESSIONID$" /-->
+
+	<securecookie host="^mylevel3\.net$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mynaweb.com.xml b/src/chrome/content/rules/Mynaweb.com.xml
index d1e9f33cb1b0..5e779842c391 100644
--- a/src/chrome/content/rules/Mynaweb.com.xml
+++ b/src/chrome/content/rules/Mynaweb.com.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://mynaweb.com/ => https://mynaweb.com/: (51, "SSL: no alternative certificate subject name matches target host name 'mynaweb.com'")
+
 	CDN buckets:
 
 		- ddnxkh4q55q4m.cloudfront.net
@@ -20,22 +24,23 @@
 		- cdn	(→ ddnxkh4q55q4m.cloudfront.net)
 
 
-	api sets myna cookie on whichver domain it is loaded from
+	api sets myna cookie on whichever domain it is loaded from
 
 -->
-<ruleset name="Mynaweb.com (partial)">
+<ruleset name="Mynaweb.com (partial)" default_off="failed ruleset test">
 
 	<target host="mynaweb.com" />
-	<target host="*.mynaweb.com" />
+	<target host="api.mynaweb.com" />
+	<target host="www.mynaweb.com" />
+	<target host="cdn.mynaweb.com" />
 
 
 	<securecookie host="^mynaweb\.com$" name=".+" />
 
 
-	<rule from="^http://(api\.|www\.)?mynaweb\.com/"
-		to="https://$1mynaweb.com/" />
 
 	<rule from="^http://cdn\.mynaweb\.com/"
 		to="https://ddnxkh4q55q4m.cloudfront.net/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mynewsdesk.com.xml b/src/chrome/content/rules/Mynewsdesk.com.xml
new file mode 100644
index 000000000000..2975479440a9
--- /dev/null
+++ b/src/chrome/content/rules/Mynewsdesk.com.xml
@@ -0,0 +1,59 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://get.mynewsdesk.com/ => https://get.mynewsdesk.com/: (60, 'SSL certificate problem: certificate has expired')
+
+	Other Mynewsdesk rulesets:
+
+		- MND_CDN.com.xml
+
+
+	CDN buckets:
+
+		- get-mynewsdesk.herokuapp.com
+
+
+	Nonfunctional hosts in *mynewsdesk.com:
+
+		- careers ʳ
+		- people ᵈ
+
+	ᵈ Dropped
+	ʳ Refused
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- .mynewsdesk.com
+		- get.mynewsdesk.com
+		- publish.mynewsdesk.com
+		- www.mynewsdesk.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Mynewsdesk.com (partial)" default_off="failed ruleset test">
+
+	<target host="mynewsdesk.com" />
+	<target host="get.mynewsdesk.com" />
+	<target host="insight.mynewsdesk.com" />
+	<target host="publish.mynewsdesk.com" />
+	<target host="resources.mynewsdesk.com" />
+	<target host="www.mynewsdesk.com" />
+
+		<test url="http://resources.mynewsdesk.com/image/upload/t_next_gen_thumb_mini/nmtybnpx2hqlcobix63t.jpg" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.mynewsdesk.com$" name="^(_mynewsdesk_session|origin_site|picked_site)$" /-->
+	<!--securecookie host="^get\.mynewsdesk\.com$" name="^(_get-mynewsdesk_session|site)$" /-->
+	<!--securecookie host="^(?:publish|www)\.mynewsdesk\.com$" name="^comebacks$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Myregisteredsite.com.xml b/src/chrome/content/rules/Myregisteredsite.com.xml
index 52b8d0c7d504..561bd26d56fc 100644
--- a/src/chrome/content/rules/Myregisteredsite.com.xml
+++ b/src/chrome/content/rules/Myregisteredsite.com.xml
@@ -7,10 +7,10 @@
 	<target host="*.myregisteredsite.com" />
 
 
-	<securecookie host="^.+\.myregisteredsite\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http://(iscorecard|\d+\.sites)\.myregisteredsite\.com/"
 		to="https://$1.myregisteredsite.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Myricom.com.xml b/src/chrome/content/rules/Myricom.com.xml
new file mode 100644
index 000000000000..ad21f548b088
--- /dev/null
+++ b/src/chrome/content/rules/Myricom.com.xml
@@ -0,0 +1,29 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://myricom.com/ => https://myricom.com/: (51, "SSL: no alternative certificate subject name matches target host name 'myricom.com'")
+Fetch error: http://www.myricom.com/ => https://www.myricom.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.myricom.com'")
+
+	Insecure cookies are set for these hosts:
+
+		- myricom.com
+		- www.myricom.com
+
+-->
+<ruleset name="Myricom.com" default_off="failed ruleset test">
+
+	<target host="myricom.com" />
+	<target host="www.myricom.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?myricom\.com$" name="^[\da-f]{32}$" /-->
+
+	<securecookie host="^(?:www\.)?myricom\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MyrtleBeachShows.com.xml b/src/chrome/content/rules/MyrtleBeachShows.com.xml
deleted file mode 100644
index 739e8a97d8eb..000000000000
--- a/src/chrome/content/rules/MyrtleBeachShows.com.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	Nonfunctional  subdomains:
-
-		- ^	(times out)
-		- www	(redirects to secure, cert valid)
-
--->
-<ruleset name="MyrtleBeachShows.com (partial)">
-
-	<target host="secure.myrtlebeachshows.com" />
-
-
-	<securecookie host="^secure\.myrtlebeachshows\.com$" name=".+" />
-
-
-	<rule from="^http://secure\.myrtlebeachshows\.com/"
-		to="https://secure.myrtlebeachshows.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Mysitemyway.xml b/src/chrome/content/rules/Mysitemyway.xml
index a63f6bb67b2b..d7e0e9df346c 100644
--- a/src/chrome/content/rules/Mysitemyway.xml
+++ b/src/chrome/content/rules/Mysitemyway.xml
@@ -1,10 +1,18 @@
-<ruleset name="Mysitemyway">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://mysitemyway.com/ => https://mysitemyway.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.mysitemyway.com/ => https://www.mysitemyway.com/: (60, 'SSL certificate problem: certificate has expired')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.mysitemyway.com/ => https://www.mysitemyway.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.mysitemyway.com'")
+-->
+<ruleset name="Mysitemyway" default_off="failed ruleset test">
 
 	<target host="mysitemyway.com" />
 	<target host="www.mysitemyway.com" />
 
 
-	<rule from="^http://(www\.)?mysitemyway\.com/"
-		to="https://$1mysitemyway.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Myskai.ch.xml b/src/chrome/content/rules/Myskai.ch.xml
new file mode 100644
index 000000000000..179c5571bbb0
--- /dev/null
+++ b/src/chrome/content/rules/Myskai.ch.xml
@@ -0,0 +1,9 @@
+<!--
+	For other Migros coverage, see Migros.xml.
+-->
+<ruleset name="Myskai.ch">
+	<target host="myskai.ch" />
+	<target host="www.myskai.ch" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mysn.de.xml b/src/chrome/content/rules/Mysn.de.xml
index fee0d26d3e38..023246905035 100644
--- a/src/chrome/content/rules/Mysn.de.xml
+++ b/src/chrome/content/rules/Mysn.de.xml
@@ -2,5 +2,5 @@
   <target host="mysn.de" />
   <target host="www.mysn.de" />
 
-  <rule from="^http://(www\.)?mysn\.de/" to="https://www.mysn.de/" />
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Myspace.xml b/src/chrome/content/rules/Myspace.xml
index 308317845759..5f3136ff48b7 100644
--- a/src/chrome/content/rules/Myspace.xml
+++ b/src/chrome/content/rules/Myspace.xml
@@ -1,55 +1,47 @@
 <!--
-	Nonfunctional domains:
+	Other Myspace rulesets:
 
-		- developer.myspace.com
-		- cms.myspacecdn.com		(valid cert; 504)
+		- Imeem.com.xml
+		- Myspace_CDN.com.xml
 
 
-	Problematic domains:
+	Fully covered hosts in *myspace.com:
 
-		- 1[1-4].ec-images.myspacecdn.com	(CN: gp1.wac.edgecastcdn.net; works)
+		- (www.)?
+		- b\d+ *
 
+	* Bugs
 
-	Fully covered domains:
 
-		- secure.adviva.net
-		- (www.)imeem.com
-		- (www.)myspace.com
-		- new.myspace.com
-		- a[1-4].ec-images.myspacecdn.com
-		- a[1-4]-images.myspacecdn.com
-		- x.myspacecdn.com
+	Insecure cookies are set for these domains: ᶜ
+
+		- .myspace.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="Myspace (mixed content)" platform="mixedcontent">
+<ruleset name="Myspace.com">
 
-	<target host="secure.adviva.net" />
-	<target host="imeem.com" />
-	<target host="www.imeem.com" />
 	<target host="myspace.com" />
 	<target host="*.myspace.com" />
-	<target host="*.myspacecdn.com" />
-	<target host="*.ec-images.myspacecdn.com" />
-
 
-	<securecookie host="^\.myspace\.com$" name=".*" />
+		<test url="http://b12.myspace.com/" />
+		<test url="http://b12.myspace.com/b12/" />
+		<test url="http://www.myspace.com/" />
 
+		<!--	Sets cookies without Secure:
+							-->
+		<!--test url="http://b12.myspace.com/b12/0" /-->
 
-	<rule from="^http://secure\.adviva\.net/"
-		to="https://secure.adviva.net/" />
 
-	<!--	Redirects like so.
+	<!--	Not secured by server:
 					-->
-	<rule from="^https?://(?:www\.)?imeem\.com/"
-		to="https://www.myspace.com/music/" />
+	<!--securecookie host="^\.myspace\.com$" name="^(?:ads|beacons_enabled|persistent_id|player|visit_id)$" /-->
 
-	<rule from="^http://(new\.|www\.)?myspace\.com/"
-		to="https://$1myspace.com/" />
+	<securecookie host="^\." name=".+" />
 
-	<rule from="^http://(a\d-images|x)\.myspacecdn\.com/"
-		to="https://$1.myspacecdn.com/" />
 
-	<rule from="^https?://a(\d)\.ec-images\.myspacecdn\.com/"
-		to="https://a$1-images.myspacecdn.com/" />
+	<rule from="^http://(b\d+\.|www\.)?myspace\.com/"
+		to="https://$1myspace.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Myspace_CDN.com.xml b/src/chrome/content/rules/Myspace_CDN.com.xml
new file mode 100644
index 000000000000..f6d202ef7952
--- /dev/null
+++ b/src/chrome/content/rules/Myspace_CDN.com.xml
@@ -0,0 +1,43 @@
+<!--
+	For other Myspace coverage, see Myspace.xml.
+
+
+	Problematic hosts in *myspacecdn.com:
+
+		- 1[1-4].ec-images	(CN: gp1.wac.edgecastcdn.net; works)
+
+
+	Fully covered hosts in *myspacecdn.com:
+
+		- a[1-4]-images
+		- cms
+		- a[1-4].ec-images
+		- x
+
+-->
+<ruleset name="Myspace CDN.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="a1-images.myspacecdn.com" />
+	<target host="a2-images.myspacecdn.com" />
+	<target host="a3-images.myspacecdn.com" />
+	<target host="a4-images.myspacecdn.com" />
+	<target host="cms.myspacecdn.com" />
+	<target host="x.myspacecdn.com" />
+
+	<!--	Complications:
+				-->
+	<target host="a1.ec-images.myspacecdn.com" />
+	<target host="a2.ec-images.myspacecdn.com" />
+	<target host="a3.ec-images.myspacecdn.com" />
+	<target host="a4.ec-images.myspacecdn.com" />
+
+
+	<rule from="^http://a(\d)\.ec-images\.myspacecdn\.com/"
+		to="https://a$1-images.myspacecdn.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mystaging.org.xml b/src/chrome/content/rules/Mystaging.org.xml
deleted file mode 100644
index dbb5554f31e8..000000000000
--- a/src/chrome/content/rules/Mystaging.org.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	CN: *.ipage.com
-
--->
-<ruleset name="mystaging.org" default_off="mismatched">
-
-	<target host="mystaging.org" />
-	<target host="www.mystaging.org" />
-
-
-	<rule from="^http://(?:www\.)?mystaging\.org/"
-		to="https://mystaging.org/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/MythTV.org.xml b/src/chrome/content/rules/MythTV.org.xml
new file mode 100644
index 000000000000..f2810fb9a55d
--- /dev/null
+++ b/src/chrome/content/rules/MythTV.org.xml
@@ -0,0 +1,21 @@
+<!--
+	These altnames don't exist:
+
+		- autodiscover.mythtv.org
+
+-->
+<ruleset name="MythTV.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="mythtv.org" />
+	<target host="code.mythtv.org" />
+	<target host="forum.mythtv.org" />
+	<target host="wiki.mythtv.org" />
+	<target host="www.mythtv.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mythic-Beasts.xml b/src/chrome/content/rules/Mythic-Beasts.xml
index 4428c9b4a13c..ae05886ae34b 100644
--- a/src/chrome/content/rules/Mythic-Beasts.xml
+++ b/src/chrome/content/rules/Mythic-Beasts.xml
@@ -1,24 +1,31 @@
 <!--
-	Nonfunctional subdomains:
+    Mythic Beasts
 
-		- (www.)
-		- status	(shows wiki)
-		
--->
-<ruleset name="Mythinc Beasts (partial)">
-
-	<target host="mythic-beasts.com" />
-	<target host="*.mythic-beasts.com" />
+    Nonfunctional subdomains:
+      - blog ¹
+    ¹ Redirects to www
 
+    Fully covered subdomains:
 
-	<!--	No cross-domain cookies observed, but just in case.	-->
-	<securecookie host="^\w+\.mythic-beasts\.com$" name=".*" />
-
+      - (www.)
+      - ctrlpanel
+      - secure
+      - static
+      - wiki
+-->
+<ruleset name="Mythic Beasts">
+    <target host="mythic-beasts.com" />
+    <target host="www.mythic-beasts.com" />
+    <target host="ctrlpanel.mythic-beasts.com" />
+    <target host="secure.mythic-beasts.com" />
+    <target host="static.mythic-beasts.com" />
+    <target host="status.mythic-beasts.com" />
+    <target host="wiki.mythic-beasts.com" />
 
-	<rule from="^http://(?:www\.)?mythic-beasts\.com/(mblogo-2stripe-[lr]\.png|penguin-mac-small\.png|std3\.css)"
-		to="https://secure.mythic-beats.com/$1" />
+    <!-- Not secured by server: -->
+    <!--securecookie host="^\.mythic-beasts\.com$" name="^(acct|id)$" /-->
+    <securecookie host="^\w+\.mythic-beasts\.com$" name=".+" />
 
-	<rule from="^http://(secure|wiki)\.mythic-beasts\.com/"
-		to="https://$1.mythic-beasts.com/" />
 
+    <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Mythical_Creatures_List.xml b/src/chrome/content/rules/Mythical_Creatures_List.xml
index 6ccbbb479e6d..64ad70c89690 100644
--- a/src/chrome/content/rules/Mythical_Creatures_List.xml
+++ b/src/chrome/content/rules/Mythical_Creatures_List.xml
@@ -9,7 +9,7 @@
 	<target host="www.mythicalcreatureslist.com" />
 
 
-	<rule from="^https?://(?:www\.)?mythicalcreatureslist\.com/"
+	<rule from="^http://(?:www\.)?mythicalcreatureslist\.com/"
 		to="https://mythicalcreatureslist.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Mzstatic.com.xml b/src/chrome/content/rules/Mzstatic.com.xml
new file mode 100644
index 000000000000..b905cdac9699
--- /dev/null
+++ b/src/chrome/content/rules/Mzstatic.com.xml
@@ -0,0 +1,51 @@
+<!--
+	For other Apple coverage, see Apple.com.xml.
+
+	CDN buckets:
+		- a([1-5]).mzstatic.com.edgesuite.net/...
+			- a$1.da1.akamai.net/...
+
+	Data differ between http & https:
+		dzc-metrics.mzstatic.com
+
+	Problematic hosts in *mzstatic.com:
+		- a\d *
+		- r *
+		- r[1-8] *
+	* Akamai
+-->
+<ruleset name="Mzstatic.com (partial)">
+
+	<!--	Direct rewrites:	-->
+	<target host="mzstatic.com" />
+	<target host="www.mzstatic.com" />
+	<target host="accertify.mzstatic.com" />
+	<target host="itc.mzstatic.com" />
+	<target host="metrics.mzstatic.com" />
+	<target host="s.mzstatic.com" />
+	<target host="s1.mzstatic.com" />
+	<target host="s2.mzstatic.com" />
+	<target host="s3.mzstatic.com" />
+	<target host="s4.mzstatic.com" />
+	<target host="s5.mzstatic.com" />
+	<target host="store.mzstatic.com" />
+
+	<!--	Complications:	-->
+	<target host="a1.mzstatic.com" />
+	<target host="a2.mzstatic.com" />
+	<target host="a3.mzstatic.com" />
+	<target host="a4.mzstatic.com" />
+	<target host="a5.mzstatic.com" />
+	<target host="r.mzstatic.com" />
+
+	<rule from="^http://a(\d)\.mzstatic\.com/"
+			to="https://s$1.mzstatic.com/" />
+		<test url="http://a1.mzstatic.com/us/r30/Video2/v4/e5/3f/9d/e53f9dc7-e0f9-66eb-d4fd-ff6c289d7780/poster212x312.jpeg" />
+		<test url="http://a2.mzstatic.com/us/r30/Music/v4/46/c5/35/46c53591-9adf-c950-c05f-e755b8d41a44/cover600x600.jpeg" />
+
+	<rule from="^http://r\.mzstatic\.com/"
+			to="https://s.mzstatic.com/" />
+		<test url="http://r.mzstatic.com/email/images_shared/header_welcome.gif" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/N-2.org.xml b/src/chrome/content/rules/N-2.org.xml
new file mode 100644
index 000000000000..1e41437a6fbf
--- /dev/null
+++ b/src/chrome/content/rules/N-2.org.xml
@@ -0,0 +1,18 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.n-2.org/ => https://www.n-2.org/: (6, 'Could not resolve host: www.n-2.org')
+
+-->
+<ruleset name="N-2.org" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="n-2.org" />
+	<target host="www.n-2.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/N-ERGIE.xml b/src/chrome/content/rules/N-ERGIE.xml
new file mode 100644
index 000000000000..231739f5d612
--- /dev/null
+++ b/src/chrome/content/rules/N-ERGIE.xml
@@ -0,0 +1,7 @@
+<ruleset name="N-ERGIE Aktiengesellschaft">
+<target host="www.n-ergie.de" />
+
+<rule from="^http:" to="https:" />
+
+
+</ruleset>
diff --git a/src/chrome/content/rules/N-JOY.de.xml b/src/chrome/content/rules/N-JOY.de.xml
new file mode 100644
index 000000000000..0b5b1951a26b
--- /dev/null
+++ b/src/chrome/content/rules/N-JOY.de.xml
@@ -0,0 +1,23 @@
+<!--
+	Other NDR rulesets:
+		- Ndr.de
+
+    Mixed content:
+
+        - Ads, from:
+
+            - www.ndr.de *
+            - www.tagesschau.de
+
+    * Secured by us
+-->
+<ruleset name="N-JOY.de">
+
+    <target host="n-joy.de" />
+    <target host="www.n-joy.de" />
+
+	<securecookie host="^(www\.)?n-joy\.de$" name=".+" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/N-Kesteven.gov.uk.xml b/src/chrome/content/rules/N-Kesteven.gov.uk.xml
new file mode 100644
index 000000000000..8215e92d2dfe
--- /dev/null
+++ b/src/chrome/content/rules/N-Kesteven.gov.uk.xml
@@ -0,0 +1,54 @@
+<!--
+	North Kesteven District Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *n-kesteven.gov.uk:
+
+		- bins ᵃ
+		- balances ᵃ
+		- info ᵃ
+		- houbal ᵃ
+
+	ᵃ Shows another domain
+
+
+	www.n-kesteven.gov.uk: Server sends no certificate chain, see https://whatsmychaincert.com
+
+
+	These altnames don't exist:
+
+		- n-kesteven.gov.uk
+		- www.selfserve.n-kesteven.gov.uk
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.n-kesteven.gov.uk
+
+
+	Mixed content:
+
+		- Images on www from $self
+
+-->
+<ruleset name="N-Kesteven.gov.uk (partial)">
+
+	<target host="jobs.n-kesteven.gov.uk" />
+	<target host="payments.n-kesteven.gov.uk" />
+	<target host="selfserve.n-kesteven.gov.uk" />
+	<!--target host="www.n-kesteven.gov.uk" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.n-kesteven\.gov\.uk$" name="^ASP\\.NET_SessionId$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/N-Somerset.gov.uk.xml b/src/chrome/content/rules/N-Somerset.gov.uk.xml
new file mode 100644
index 000000000000..9c65a1018984
--- /dev/null
+++ b/src/chrome/content/rules/N-Somerset.gov.uk.xml
@@ -0,0 +1,78 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://beta.n-somerset.gov.uk/ => https://beta.n-somerset.gov.uk/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://ehmlive.n-somerset.gov.uk/ => https://ehmlive.n-somerset.gov.uk/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	North Somerset Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *n-somerset.gov.uk:
+
+		- adforms ʳ
+		- data ʳ
+		- fostering ʰ
+		- map ᵈ
+		- new ᶠ
+		- old ᶠ
+		- northsomersetonlinedirectory ʰ
+		- nsod ʰ
+
+	ᵈ Dropped
+	ᶠ Handshake fails
+	ʰ Redirects to http
+	ʳ Refused
+
+
+	Problematic hosts in *n-somerset.gov.uk:
+
+		- ^ ⁴
+		- consult ᵐ ˢ
+		- theaccessofficer ᵐ
+
+	⁴ 404
+	ᵐ Mismatched
+	ˢ Self-signed
+
+
+	Insecure cookies are set for these hosts:
+
+		- myaccount.n-somerset.gov.uk
+		- travelcardonline.n-somerset.gov.uk
+
+-->
+<ruleset name="N-Somerset.gov.uk" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="apps.n-somerset.gov.uk" />
+	<target host="beta.n-somerset.gov.uk" />
+	<target host="ehmlive.n-somerset.gov.uk" />
+	<target host="jobs.n-somerset.gov.uk" />
+	<target host="myaccount.n-somerset.gov.uk" />
+	<target host="travelcardonline.n-somerset.gov.uk" />
+	<target host="www.n-somerset.gov.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="n-somerset.gov.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^apps\.n-somerset\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^myaccount\.n-somerset\.gov\.uk$" name="^\.ASPXFORMSAUTH$" /-->
+	<!--securecookie host="^travelcardonline\.n-somerset\.gov\.uk$" name="^JSESSIONID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://n-somerset\.gov\.uk/"
+		to="https://www.n-somerset.gov.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/N-able.com.xml b/src/chrome/content/rules/N-able.com.xml
index 971c7c48864e..ad754eaeb46d 100644
--- a/src/chrome/content/rules/N-able.com.xml
+++ b/src/chrome/content/rules/N-able.com.xml
@@ -15,7 +15,6 @@
 	<securecookie host="^secure\.n-able\.com$" name=".+" />
 
 
-	<rule from="^http://secure\.n-able\.com/"
-		to="https://secure.n-able.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/N.runs.xml b/src/chrome/content/rules/N.runs.xml
deleted file mode 100644
index a5285fbed16c..000000000000
--- a/src/chrome/content/rules/N.runs.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="n.runs">
-
-	<target host="nruns.com" />
-	<target host="www.nruns.com" />
-
-
-	<rule from="^http://(www\.)?nruns\.com/"
-		to="https://$1nruns.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/N0where.org.xml b/src/chrome/content/rules/N0where.org.xml
new file mode 100644
index 000000000000..7d4124929ce7
--- /dev/null
+++ b/src/chrome/content/rules/N0where.org.xml
@@ -0,0 +1,7 @@
+<ruleset name="n0where.org">
+	<target host="n0where.org" />
+	<target host="www.n0where.org" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/NAACP.xml b/src/chrome/content/rules/NAACP.xml
deleted file mode 100644
index 3c7187202817..000000000000
--- a/src/chrome/content/rules/NAACP.xml
+++ /dev/null
@@ -1,27 +0,0 @@
-<!--
-	Other NAACP rulestets:
-
-		- NAACP_Company_Store.xml
-		- NAACP_Image_Awards.xml
-
-
-	Problematic subdomains:
-
-		- (www.)	(mismatched, CN: donate.naacp.org)
-
--->
-<ruleset name="NAACP">
-
-	<target host="naacp.org" />
-	<target host="*.naacp.org" />
-
-
-	<securecookie host="^\.?donate\.naacp\.org$" name=".+" />
-
-
-	<!--	All appear identical:
-					-->
-	<rule from="^http://(?:donate\.|www\.)?naacp\.org/"
-		to="https://donate.naacp.org/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/NAACP_Company_Store.org.xml b/src/chrome/content/rules/NAACP_Company_Store.org.xml
new file mode 100644
index 000000000000..7f1c6064dd93
--- /dev/null
+++ b/src/chrome/content/rules/NAACP_Company_Store.org.xml
@@ -0,0 +1,12 @@
+<!--
+	For other NAACP coverage, see NAACP.org.xml.
+
+-->
+<ruleset name="NAACPCompanyStore.org">
+	<target host="naacpcompanystore.org" />
+	<target host="www.naacpcompanystore.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/NAACP_Company_Store.xml b/src/chrome/content/rules/NAACP_Company_Store.xml
deleted file mode 100644
index e8dc0f60f07d..000000000000
--- a/src/chrome/content/rules/NAACP_Company_Store.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	For other NAACP coverage, see NAACP.xml.
-
--->
-<ruleset name="NAACP Company Store">
-
-	<target host="naacpcompanystore.org" />
-	<target host="www.naacpcompanystore.org" />
-
-
-	<securecookie host="^(?:www\.)?naacpcompanystore\.org$" name=".+" />
-
-
-	<rule from="^http://(www\.)?naacpcompanystore\.org/"
-		to="https://$1naacpcompanystore.org/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/NAACP_Image_Awards.net.xml b/src/chrome/content/rules/NAACP_Image_Awards.net.xml
new file mode 100644
index 000000000000..2cc1dcb03a58
--- /dev/null
+++ b/src/chrome/content/rules/NAACP_Image_Awards.net.xml
@@ -0,0 +1,11 @@
+<!--
+	For other NAACP coverage, see NAACP.org.xml.
+
+-->
+<ruleset name="NAACPImageAwards.net">
+	<target host="naacpimageawards.net" />
+	<target host="www.naacpimageawards.net" />
+	<target host="mail.naacpimageawards.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/NAACP_Image_Awards.xml b/src/chrome/content/rules/NAACP_Image_Awards.xml
deleted file mode 100644
index f92f1d5ab86b..000000000000
--- a/src/chrome/content/rules/NAACP_Image_Awards.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	For other NAACP coverage, see NAACP.xml.
-
-
-	^naacpimageawards.net does not exist
-
--->
-<ruleset name="NAACP Image Awards">
-
-	<target host="www.naacpimageawards.net" />
-
-
-	<rule from="^http://www\.naacpimageawards\.net/"
-		to="https://www.naacpimageawards.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/NAB.com.au.xml b/src/chrome/content/rules/NAB.com.au.xml
new file mode 100644
index 000000000000..50e80443d46e
--- /dev/null
+++ b/src/chrome/content/rules/NAB.com.au.xml
@@ -0,0 +1,225 @@
+<!--
+	Non-functional subdomains:
+
+		- nab.com.au
+			- apimlc	(t)
+			- image.assetmanagement	(m)
+			- m.benefits	(m)
+			- t.benefits	(m)
+			- bpaybiller	(m)
+			- breakup	(m)
+			- bst	(t)
+			- web.businessbank	(t)
+			- businesscentre	(m)
+			- businesstips	(m)
+			- careers	(m)
+			- cmsnab	(m)
+			- cr	(m)
+			- click.customerfeedback	(m)
+			- image.customerfeedback	(m)
+			- view.customerfeedback	(m)
+			- emarketing	(m)
+			- equitylendingtest	(t)
+			- hackathon-melb.api.extnp	(t)
+			- hackathon-syd.api.extnp	(t)
+			- impactinvestment	(m)
+			- internalcareers	(m)
+			- learn	(m)
+			- lens	(m)
+			- lifeevents	(m)
+			- lyncdiscover	(r)
+			- financial.markets	(m)
+			- memorybank	(m)
+			- click.messages	(m)
+			- view.messages	(m)
+			- metrics	(m)
+			- moreless	(m)
+			- myday	(t)
+			- myday-uat	(t)
+			- nabcapitalnotesoffer	(t)
+			- www1.nabconnect	(m)
+			- www2.nabconnect	(m)
+			- nabconnect-classic	(e)
+			- nabconnect-pilot	(e)
+			- nabconnect1-classic	(m)
+			- nabconnect1-pilot	(m)
+			- nabconnect2-classic	(m)
+			- nabconnect2-pilot	(m)
+			- nabeasyrent	(t)
+			- nabextras	(e)
+			- nablens	(m)
+			- links.nabrewards-order	(m)
+			- nabsubordinatednotes2offer	(t)
+			- newnabconnect	(e)
+			- newnabconnect1	(m)
+			- newnabconnect2	(m)
+			- nol	(t)
+			- ols-iod	(t)
+			- www.privatewealth	(m)
+			- prodnabposna300	(t)
+			- reviews	(m)
+			- sip	(t)
+			- smallbusiness	(m)
+			- smtp	(t)
+			- smtpmsin	(t)
+			- standins	(m)
+			- tempaccesseng	(t)
+			- theblock	(r)
+			- trading	(t)
+			- www.trading	(t)
+			- m.transact	(m)
+			- mdemo.transact	(m)
+			- m.updates	(m)
+			- t.updates	(m)
+			- comms.wln	(t)
+			- worklife	(m)
+			- yourguide	(m)
+
+		- nabtrade.com.au
+			- image.email	(m)
+			- learn	(m)
+			- maint	(t)
+			- online	(m)
+
+	e: expired certificate
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+
+-->
+<ruleset name="National Australia Bank">
+
+	<target host="nab.com.au" />
+	<target host="www.nab.com.au" />
+	<target host="afl.nab.com.au" />
+	<target host="api.nab.com.au" />
+	<target host="api2.nab.com.au" />
+	<target host="autodiscover.nab.com.au" />
+	<target host="business.nab.com.au" />
+	<target host="campaigns.nab.com.au" />
+	<target host="capital.nab.com.au" />
+	<target host="cardsecurity.nab.com.au" />
+	<target host="cf.nab.com.au" />
+	<target host="crer.nab.com.au" />
+	<target host="demopaybyweb.nab.com.au" />
+	<target host="dev-nabc-content.nab.com.au" />
+	<target host="developer.nab.com.au" />
+	<target host="api.developer.nab.com.au" />
+	<target host="staging-api.developer.nab.com.au" />
+	<target host="digdeeper.nab.com.au" />
+	<target host="digitalrewards.nab.com.au" />
+	<target host="equitylending.nab.com.au" />
+	<target host="hackathon.api.extnp.nab.com.au" />
+	<target host="hackathon-docs.api.extnp.nab.com.au" />
+	<target host="developer.extnp.nab.com.au" />
+	<target host="api.developer.extnp.nab.com.au" />
+	<target host="staging-api.developer.extnp.nab.com.au" />
+	<target host="nabconnect-tst1.nabc.extnp.nab.com.au" />
+	<target host="nabconnect-tst10.nabc.extnp.nab.com.au" />
+	<target host="nabconnect-tst2.nabc.extnp.nab.com.au" />
+	<target host="nabconnect-tst3.nabc.extnp.nab.com.au" />
+	<target host="nabconnect-tst4.nabc.extnp.nab.com.au" />
+	<target host="nabconnect-tst5.nabc.extnp.nab.com.au" />
+	<target host="nabconnect-tst6.nabc.extnp.nab.com.au" />
+	<target host="nabconnect-tst7.nabc.extnp.nab.com.au" />
+	<target host="nabconnect-tst8.nabc.extnp.nab.com.au" />
+	<target host="nabconnect-tst9.nabc.extnp.nab.com.au" />
+	<target host="quickbuslending.extnp.nab.com.au" />
+	<target host="quickbuslending-d1.extnp.nab.com.au" />
+	<target host="quickbuslending-d2.extnp.nab.com.au" />
+	<target host="staging-developer.extnp.nab.com.au" />
+	<target host="staging-quickbuslending.extnp.nab.com.au" />
+	<target host="staging-quickbuslending-d1.extnp.nab.com.au" />
+	<target host="staging-quickbuslending-d2.extnp.nab.com.au" />
+	<target host="ffa.nab.com.au" />
+	<target host="football.nab.com.au" />
+	<target host="ib.nab.com.au" />
+	<target host="advice.ib.nab.com.au" />
+	<target host="dev-advice.ib.nab.com.au" />
+	<target host="download.ib.nab.com.au" />
+	<target host="mlc.ib.nab.com.au" />
+	<target host="sit-advice.ib.nab.com.au" />
+	<target host="staging-advice.ib.nab.com.au" />
+	<target host="staging-dev-advice.ib.nab.com.au" />
+	<target host="staging-nextrel-advice.ib.nab.com.au" />
+	<target host="staging-sit-advice.ib.nab.com.au" />
+	<target host="staging-uat-advice.ib.nab.com.au" />
+	<target host="uat-advice.ib.nab.com.au" />
+	<target host="ibcms.nab.com.au" />
+	<target host="ibpilot.nab.com.au" />
+	<target host="id.nab.com.au" />
+	<target host="id2.nab.com.au" />
+	<target host="idp.nab.com.au" />
+	<target host="insure.nab.com.au" />
+	<target host="intranet.nab.com.au" />
+	<target host="join.nab.com.au" />
+	<target host="lsrp.nab.com.au" />
+	<target host="lsrp2.nab.com.au" />
+	<target host="lsweb.nab.com.au" />
+	<target host="mdm.nab.com.au" />
+	<target host="merchant.nab.com.au" />
+	<target host="morethanmoney.nab.com.au" />
+	<target host="nabam.nab.com.au" />
+	<target host="www.nabam.nab.com.au" />
+	<target host="nabconnect.nab.com.au" />
+	<target host="nabconnect1.nab.com.au" />
+	<target host="nabconnect2.nab.com.au" />
+	<target host="nabdrive.nab.com.au" />
+	<target host="www.nabeasyrent.nab.com.au" />
+	<target host="nabquickbizloan.nab.com.au" />
+	<target host="news.nab.com.au" />
+	<target host="nextrel-www.nab.com.au" />
+	<target host="ols.nab.com.au" />
+	<target host="oms.nab.com.au" />
+	<target host="api.partner.nab.com.au" />
+	<target host="paybyweb.nab.com.au" />
+	<target host="pilot-www.nab.com.au" />
+	<target host="privatewealth.nab.com.au" />
+	<target host="quickbuslending.nab.com.au" />
+	<target host="rewards.nab.com.au" />
+	<target host="scep.nab.com.au" />
+	<target host="seebusiness.nab.com.au" />
+	<target host="sit-nabc-content.nab.com.au" />
+	<target host="sit-www.nab.com.au" />
+	<target host="smetrics.nab.com.au" />
+	<target host="staging-developer.nab.com.au" />
+	<target host="staging-merchant.nab.com.au" />
+	<target host="staging-nextrel-www.nab.com.au" />
+	<target host="staging-quickbuslending.nab.com.au" />
+	<target host="staging-sit-nabc-content.nab.com.au" />
+	<target host="staging-sit-www.nab.com.au" />
+	<target host="staging-uat-www.nab.com.au" />
+	<target host="staging-www.nab.com.au" />
+	<target host="supersizer.nab.com.au" />
+	<target host="www.supersizer.nab.com.au" />
+	<target host="transact.nab.com.au" />
+	<target host="demo.transact.nab.com.au" />
+	<target host="uat-www.nab.com.au" />
+	<target host="webmail.nab.com.au" />
+	<target host="webmail2.nab.com.au" />
+	<target host="wln.nab.com.au" />
+
+	<target host="nabtrade.com.au" />
+	<target host="www.nabtrade.com.au" />
+	<target host="docs.nabtrade.com.au" />
+	<target host="click.email.nabtrade.com.au" />
+	<target host="online.email.nabtrade.com.au" />
+	<target host="view.email.nabtrade.com.au" />
+	<target host="fss.nabtrade.com.au" />
+	<target host="m.nabtrade.com.au" />
+	<target host="mobile.nabtrade.com.au" />
+	<target host="res1.nabtrade.com.au" />
+	<target host="res2.nabtrade.com.au" />
+	<target host="research.nabtrade.com.au" />
+	<target host="cdn.research.nabtrade.com.au" />
+	<target host="streamer.research.nabtrade.com.au" />
+
+  	<securecookie host="^www\.nab\.com\.au$" name=".+" />
+  	<securecookie host="^www\.nabtrade\.com\.au$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NAB.org.xml b/src/chrome/content/rules/NAB.org.xml
index c21b185e1bc7..89cd23860de1 100644
--- a/src/chrome/content/rules/NAB.org.xml
+++ b/src/chrome/content/rules/NAB.org.xml
@@ -26,4 +26,4 @@
 	<rule from="^http://(?:www\.)?nab\.org/"
 		to="https://www.nab.org/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/NAB.xml b/src/chrome/content/rules/NAB.xml
deleted file mode 100644
index 4d8f8bbac1e3..000000000000
--- a/src/chrome/content/rules/NAB.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="NAB">
-  <target host="nab.com.au" />
-  <target host="*.nab.com.au" />
-
-  <rule from="^http://nab\.com\.au/"
-          to="https://www.nab.com.au/" />
-  <rule from="^http://(equitylending|mobile|transact|www)\.nab\.com\.au/"
-          to="https://$1.nab.com.au/" />
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/NACL.org.xml b/src/chrome/content/rules/NACL.org.xml
new file mode 100644
index 000000000000..f3931836b8c8
--- /dev/null
+++ b/src/chrome/content/rules/NACL.org.xml
@@ -0,0 +1,25 @@
+<!--
+	National Association of Criminal Defense Lawyers
+
+
+	Mixed content:
+
+		- Image from www *
+
+	* Secured by us
+
+-->
+<ruleset name="NACL.org">
+
+	<target host="nacdl.org" />
+	<target host="www.nacdl.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<securecookie host="^(?:www\.)?nacdl\.org$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NADAguides.xml b/src/chrome/content/rules/NADAguides.xml
index a60e972ea4ac..9752e4536927 100644
--- a/src/chrome/content/rules/NADAguides.xml
+++ b/src/chrome/content/rules/NADAguides.xml
@@ -1,19 +1,25 @@
+<!--
+Automatically by https-everywhere-checker because:
+Fetch error: http://nadaguides.com/ => https://www.nadaguides.com/: Cycle detected - URL already encountered: https://www.nadaguides.com/
+-->
 <ruleset name="NADAguides">
 
 	<target host="nadaguides.com" />
-	<target host="*.nadaguides.com" />
+	<target host="www.nadaguides.com" />
+	<target host="images.nadaguides.com" />
+	<target host="images-ssl.nadaguides.com" />
 	<target host="nadaguidesstore.com" />
 	<target host="www.nadaguidesstore.com" />
 
 
-	<securecookie host="^.*\.nadaguides(?:store)?\.com$" name=".*" />
+	<securecookie host="^.*\.nadaguides(?:store)?\.com$" name=".+" />
 
 
 	<!--	Cert only matches www.	-->
-	<rule from="^https?://(?:www\.)?nadaguides(store)?\.com/"
+	<rule from="^http://(?:www\.)?nadaguides(store)?\.com/"
 		to="https://www.nadaguides$1.com/" />
 
-	<rule from="^https?://images(?:-ssl)?\.nadaguides\.com/"
+	<rule from="^http://images(?:-ssl)?\.nadaguides\.com/"
 		to="https://images-ssl.nadaguides.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/NARSOL.org.xml b/src/chrome/content/rules/NARSOL.org.xml
new file mode 100644
index 000000000000..99d375f60b4e
--- /dev/null
+++ b/src/chrome/content/rules/NARSOL.org.xml
@@ -0,0 +1,13 @@
+<!--
+	See also NationalRSOL.org.xml, RSOLConference.org.xml
+-->
+<ruleset name="NARSOL.org">
+	<target host="narsol.org" />
+	<target host="www.narsol.org" />
+	<target host="conference.narsol.org" />
+	<target host="humans.narsol.org" />
+	<target host="test.narsol.org" />
+	<target host="tftr.narsol.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/NASA.gov-falsemixed.xml b/src/chrome/content/rules/NASA.gov-falsemixed.xml
new file mode 100644
index 000000000000..681319da547f
--- /dev/null
+++ b/src/chrome/content/rules/NASA.gov-falsemixed.xml
@@ -0,0 +1,39 @@
+<!--
+	For rules not causing false/broken MCB, see NASA.gov.xml.
+
+-->
+<ruleset name="NASA.gov (false MCB)" platform="mixedcontent">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="jwst.gsfc.nasa.gov" />
+	<target host="smap.jpl.nasa.gov" />
+
+		<exclusion pattern="^http://smap\.jpl\.nasa\.gov/(?!/*(?:assets|system)/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://smap.jpl.nasa.gov/documents" />
+			<test url="http://smap.jpl.nasa.gov/feedback" />
+			<test url="http://smap.jpl.nasa.gov/map" />
+
+			<!--	-ve:
+					-->
+			<test url="http://smap.jpl.nasa.gov/assets/arrow_down_prompt.png" />
+			<test url="http://smap.jpl.nasa.gov/system/internal_resources/details/original/258_ERN-Ad.jpg" />
+
+	<!--	Complications:
+				-->
+	<target host="jwst.nasa.gov" />
+
+
+	<securecookie host="^\.?[jw]" name=".+" />
+
+
+	<rule from="^http://jwst\.nasa\.gov/"
+		to="https://jwst.gsfc.nasa.gov/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NASA.gov.xml b/src/chrome/content/rules/NASA.gov.xml
index e5dc57a8bee5..0c22778ee43f 100644
--- a/src/chrome/content/rules/NASA.gov.xml
+++ b/src/chrome/content/rules/NASA.gov.xml
@@ -1,6 +1,7 @@
 <!--
-	For other US government coverage, see US-government.xml.
+	National Aeronautics and Space Administration
 
+	For rules causing false/broken MCB, see NASA.gov-falsemixed.
 
 	stiesx2-ntrs.larc.nasa.gov, ntrs.larc.nasa.gov, &
 	ntrs.nasa.gov are handled in US-government-mismatches.xml.
@@ -12,27 +13,16 @@
 
 		- d1p01lglytwktu.cloudfront.net
 
-			- marsrovers.jpl.nasa.gov
-
-		- d2cj35nmzi9erd.cloudfront.net
-
 			- mars.jpl.nasa.gov
 
-		- d3r05mwudimf00.cloudfront.net
-
-			- marsstaticcdn.jpl.nasa.gov
-
-		- msfcnasa.r3h.net/.../
-			- www.msfc.nasa.gov.edgesuite.net/.../
-				- a974.dscg.akamai.net/.../
+		- msfcnasa.r3h.net
+			- www.msfc.nasa.gov.edgesuite.net
 
 		- spaceflight.nasa.gov.speedera.net
-			- spaceflight.nasa.gov.edgesuite.net/.../
-				- a1295.dscg.akamai.net/.../
+			- spaceflight.nasa.gov.edgesuite.net
 
 		- www.nasa.gov.speedera.net
-			- www.nasa.gov.edgesuite.net/.../
-				- a1718.dscg.akamai.net/.../
+			- www.nasa.gov.edgesuite.net
 
 
 	Nonfunctional domains:
@@ -42,155 +32,636 @@
 
 		- nasa.gov subdomains:
 
-			- apod
-			- aquarius *
+			- aquarius ᵈ
+
+			- afinternal.arc ᵖ
+			- www.aviationsystemsdivision.arc ᵖ
 			- impact.arc		(shows astrobiology2.arc; mismatched, CN: astrobiology.nasa.gov)
+			- lcross.arc ʳ
+			- worldwind.arc **
+			- builds.worldwind.arc **
+			- issues.worldwind.arc **
+
 			- www.argo *
+			- cce **
 			- www.cdscc		(redirects infinitely, CN: TS Series NAS)
-			- climate
+			- climate ʰ
+			- www.csbf *
 			- earthobservatory *
-			- data.giss *
+			- lance-modis.eosdis **
+			- gcmd ᵈ
+			- genelab **
+
+			- aom.giss *
+			- data.giss ʳ
+			- gacp.giss ʳ
+			- glory.giss ʳ
+			- gsfcir.giss *
+			- isccp.giss ᵈ
+			- pubs.giss ʳ
+			- www.giss ʳ
 
 			- gsfc subdomains:
 
+				- apd440 (redirect to non-existent domain)
+				- arcade ᵃ
+				- asd ᵃ
+				- astrophysics ᵃ
+				- atmospheres ᵖ
+				- cats *
+				- iswa.ccmc *
+				- decadal (refused)
+				- disc ʰ
 				- eclipse *
+				- eoimages ᵈ
+				- exist ᵃ
 				- fermi		(redirects to http, expired 2011-12-31)
+				- giovanni ᵃ
+				- icesat ᵈ
 				- jdem
+				- landsat ᵖ
+				- lws-trt **
+				- mirador ᵃ
+				- nightglow ᵃ
 				- nssdc *
+				- oceancolor ᵈ
+				- owl ᵃ
+				- pace ᵈ
+				- pwg ʳ
+				- radhome ᵈ
+				- seabass ᵈ
+				- seadas ᵈ
+				- glory (refused)
+				- giovanni.sci ᵃ
+				- oceandata.sci ᵈ
 				- sdo *
+				- sma ᵈ
 				- sunearthday *
-				- svs *
+				- tigerz ᵃ
+				- trmm ᵈ
 				- venustransit *
 				- voyager
 
-			- history		(shows www.hq, CN: www.hq.nasa.gov)
+			- www.hec *
+			- corts.hq (refused)
 			- dayton.hq *
 			- grin.hq *
+			- icb *
 
 			- jpl subdomains:
 
-				- ^ *			(redirects to www over http)
-				- blogs **
-				- directory		(redirects to http, valid cert)
-				- genesismission **
-				- hydro *
-				- maps *
-				- neo *
-				- photojournal *
-				- planetquest
-				- saturn *
-				- space *
+				- (www.)? ʳ
+				- blogs ʳ
+				- cercla ᵈ
+				- cisto **
+				- cmds-gis ᵃ
+				- dawn ʳ
+				- genesismission ʳ
+				- gracefo (incomplete cert chain)
+				- hydro ʳ
+				- careerlaunch ʳ
+				- grace		403
+				- ipnpr ʳ
+				- www.istp *
+				- jplnet *
+				- maps ʳ
+				- neo ʳ
+				- opendap ʳ
+				- opendap-uat ʳ
+				- pds-imaging **
+				- photojournal **
+				- podaac-tools ʳ
+				- space ʳ
 				- ssd *
-				- stardust **
+				- stardust ʳ
+				- stardustnext ʳ
+				- thredds ʳ
 				- trs-new *
-				- voyager
-				- www *
-				- www-robotics *
+				- voyager ʳ
+				- virtualfieldtrip ᶠ
 
 			- www.jps
 			- eol.jsc
-			- (www.)jwst
+			- www.jwst **
 			- kepler		(shows astrobiology, CN: astrobiology)
-			- science.ksc
+			- science.ksc **
 			- www-pao.ksc *
-			- www.msfc		(301s to http, akamai)
-			- sohowww.nascom *
-			- pds *
-			- spaceflight		(504, akamai)
-			- (www.)spaceplace **
-			- sunearthday		(some paths 404, others work-ToDo: sort which ones; akamai)
-			- venustransit *
-			- visibleearth *
 
-	* Times out
-	** No https
-
-
-	Problematic subdomains:
-
-		- astrobiology2.arc	(works; mismatched, CN: astrobiology.nasa.gov)
-		- heasarc	(cert only matches heasarc.gsfc)
-		- mars.jpl *
-		- marsrovers.jpl *
-		- marsstaticcdn.jpl *
-		- mars *
-
-	* Cloudfront
-
-
-	Fully covered subdomains:
-
-		- airbornescience
-		- cloud1.arc
-		- astrobiology
-		- ws1.ems.eosdis	(tracking beacon)
-		- esdpubs
-		- (www.)espo
-		- espoarchive
-		- eyes
-		- rt.grs
-		- heasarc.gsfc
-		- heasarc	(→ heasarc.gsfc)
-		- corts.hq
-		- www.hq
-
-		- jpl subdomains:
-
-			- acquisition
-			- beacon
-			- careerlaunch
-			- dir
-			- enose
-			- icis
-			- jpldataeval
-			- jplnet
-			- jplspaceship
-			- mars			(→ d2cj35nmzi9erd.cloudfront.net)
-			- marsrovers		(→ d1p01lglytwktu.cloudfront.net)
-			- marsstaticcdn		(→ d3r05mwudimf00.cloudfront.net)
-			- metrics		(→ jpl-nasa-gov.122.2o7.net)
-			- nightsky
-			- pds
-			- ras
-			- science
-			- scienceandtechnology
-			- solarsystem
-			- sse
-			- studentprograms
-			- telework
-
-		- mars		(→ d2cj35nmzi9erd.cloudfront.net)
-		- people
-		- solarsystem
-		- (www.)spacecomm
+			- ceres.larc *
+			- discover-aq.larc
+			- geo-cape.larc
 
--->
-<ruleset name="NASA">
-
-	<target host="*.nasa.gov" />
+			- lisa **
+			- lance.nsstc ʰ
+			- mynasa		400
 
+			- soho.nascom *
+			- sohowww.nascom *
+			- stereo-ssc.nascom *
+			- umbra.nascom *
+
+			- mcszulu21.ndc ᵃ
+			- nix ᵃ
+			- www.nsbf ʳ
+
+			- open (expired)
+
+			- atmos.pds **
+			- geo.pds *
+			- img.pds ᶠ
+			- mgmt.pds *
+			- ppi.pds **
+			- rings.pds *
+
+			- pigiceshelf ᵃ
+			- psi ᶠ
+			- science		400
+			- spaceflight **
+			- (www.)?spaceplace ʳ
+			- spotthestation *
+			- sunearthday **
+			- technology		Redirects to ntr.ndc.nasa.gov
+			- venustransit *
+			- visibleearth *
 
-	<securecookie host="^.*\.nasa\.gov$" name=".+" />
+			- atm.wff ᵈ
+			- coastal.wff ᵈ
+			- gfo.wff ᵈ
+			- glas.wff ᵈ
+			- npol.wff ᵈ
+			- science.wff ᵈ
+			- topex.wff ᵈ
+			- uairp.wff ᵈ
 
+	ᵃ Shows another domain
+	* Times out
+	ᵈ Dropped
+	ᶠ Handshake fails
+	ʰ Redirects to http
+	ᵖ Plaintext reply
+	ʳ Refused
+	** Refused
+
+
+	Problematic hosts in *nasa.gov:
+
+		- www.aeronautics ¹
+		- appel ᵐ
+
+		- astrobiology2.arc ¹
+		- (www.)?space.arc ᶜ
+		- (www.)?utm.arc ᶜ
+		- worldwind31.arc ᵉ ⁵
+
+		- ccmc.gsfc ᵐ ᵘ
+		- kahala2.ccmc.gsfc ᵘ
+		- kauai.ccmc.gsfc ᶜ
+		- modis.gsfc ᵘ
+
+		- discovery ᵘ
+		- www.discovery ᵃ ᵐ ᵘ
+		- www.echo ˣ
+		- firms.modaps.eosdis ᶜ
+		- esto ᵘ
+		- www.esto ᵐ ᵘ
+
+		- aeronet.gsfc ᵘ
+		- aetd.gsfc ᵘ
+		- ccmc.gsfc ᵐ ᵘ
+		- esto.gsfc ᵘ
+		- gmao.gsfc ᵘ
+		- jwst.gsfc ˣ
+		- neptune.gsfc ᶜ
+		- science.gsfc ᵘ
+		- swrc.gsfc ᵉ ¹ ⁵
+		- terra.gsfc ¹ ᵘ
+		- uae2.gsfc ᶜ ¹
 
-	<rule from="^http://(airbornescience|cloud1\.arc|astrobiology|ws1\.ems\.eosdis|esdpubs|(?:www\.)?(?:espo|spacecomm)|espoarchive|eyes|rt\.grc|heasarc\.gsfc|(?:corts|www)\.hq|(?:acquisition|beacon|careerlaunch|dir|enose|icis|jpldataeval|jplnet|jplspaceship|nightsky|pds|science(?:andtechnology)?|solarsystem|sse|studentprograms|telework)\.jpl|people|ras|solarsystem)\.nasa\.gov/"
-		to="https://$1.nasa.gov/" />
+		- (www.)?history ᵐ
 
-	<rule from="^https?://heasarc\.nasa\.gov/"
-		to="https://heasarc.gsfc.nasa.gov/" />
+		- beacon.jpl ᶜ
+		- insight.jpl ᵐ ˣ
+		- marsmobile.jpl ⁴
+		- marsstaticcdn.jpl ⁴
+		- marstrek.jpl ᵐ
+		- rosetta.jpl ᵉ ˣ
+
+		- jwst ᵐ ˣ
+		- km ᵐ
+
+		- discovery.larc ᵘ ˣ
+		- essp.larc ᵘ
+		- explorers.larc ᵘ ˣ
+		- lws.larc ᵘ ˣ
+		- mynasadata.larc ᶜ ˣ
+		- newfrontiers.larc ᵘ
+		- stiprod.larc ᵘ
+		- stiprod-ntrs.larc ᵘ
+
+		- lunarscience ᵘ
+
+		- artgallery.msfc ᵘ
+		- discovery.msfc ᵘ
+		- discovery-alpha.msfc ᵘ
+
+		- nccs ᵈ
+		- esto.ndc ᵘ
+		- nepp ᵘ
+		- www.nepp ᵐ ᵘ
+		- nscs ᵈ
+		- www.sti ᶜ
+		- terra ᵘ
+
+	ᵃ Shows another domain, preemptable redirect
+	ᵈ Dropped, equivalent to another domain or preemptable redirect
+	¹ Mismatched
+	² 404
+	³ Cert only matches heasarc.gsfc
+	⁴ Cloudfront
+	⁵ Self-signed
+	ᵇ Shows default page, preemptable redirect
+	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
+	ᵉ Expired
+	ᵐ Mismatched
+	ᵘ Untrusted root
+	ˣ Mixed css
+
+
+	Partially covered hosts in *nasa.gov:
+
+		- smap.jpl ʰ
+
+	ʰ >=1 path redirects to http
+
+
+	STS header includes includeSubdomains
+	for towerfts.csbf, www.csbf, discovery, esto, esto.gsfc, history, www.history, discovery.msfc, discovery.msfc, esto.ndc, nepp, towerfts.csbf, www.csbf
+
+
+	These altnames do not exist:
+
+		- www.c3.nasa.gov
+		- visual.gsfc.nasa.gov
+		- www.lists.nasa.gov
+		- utm.nasa.gov
+		- www.utm.nasa.gov
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- access.earthdata.nasa.gov
+		- ecc.earthdata.nasa.gov
+		- search.earthdata.nasa.gov
+		- urs.earthdata.nasa.gov
+
+		- firms.modaps.eosdis.nasa.gov
+		- exoplanets.nasa.gov
+		- flightopportunities.nasa.gov
+		- neptune.gsfc.nasa.gov
+
+		- cancer.jpl.nasa.gov
+		- edrn.jpl.nasa.gov
+		- nisar.jpl.nasa.gov
+		- saturn.jpl.nasa.gov
+		- sealevel.jpl.nasa.gov
+		- swot.jpl.nasa.gov
+
+		- lsda.jsc.nasa.gov
+		- answers.nssc.nasa.gov
+		- sage.nasa.gov
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- iframe on employeeorientation, jwst.gsfc, jwst, www.echo from www.youtube.com ¹
+
+		- css, on:
+
+			- employeeorientation from $self ¹
+			- jwst.gsfc, jwst from jwst.nasa.gov ¹
+			- insight.jpl from solarsystem.nasa.gov ¹
+			- rosetta.jpl from $self ᵉ
+			- discovery.larc, explorers.larc, lws.larc from soma.larc.nasa.gov ᵘ
+			- mynasadata.larc from $self
+			- kauai.ccmc.gsfc, nisar.jpl, oig, pds-engineering from fonts.googleapis.com ¹
+			- sage from $self ¹
+			- www.sti from $self
+
+		- Images, on:
+
+			- appel from $self ᵐ
+			- appel, km from wpsites.nasawestprime.com
+			- (www.)?space.arc from astrobiology.nasa.gov ¹
+			- (www.)?space.arc from sservi.nasa.gov
+			- discovery, pub.lmmp, discovery.msfc from www.adobe.com ¹
+			- jwst.gsfc, jwst from jwst.nasa.gov ¹
+			- modis.gsfc from $self ᵘ
+			- neptune.gsfc from $self
+			- (www.)?history, sage from www.nasa.gov ¹
+			- insight.jpl from $self
+			- insight.jpl, mars.jpl from mars.nasa.gov ¹
+			- insight.jpl from solarsystem.nasa.gov ¹
+			- podaac-www from podaac.jpl.nasa.gov ¹
+			- rosetta.jpl from $self ᵉ
+			- scienceandtechnology.jpl from www-robotics.jpl ¹
+			- lsda.jsc from $self
+			- km from appel.nasa.gov ᵐ
+			- km from $self ᵐ
+			- discovery.larc, essp.larc, newfrontiers.larc from soma.larc.nasa.gov ᵘ
+			- explorers.larc from $self ᵘ
+			- mynasadata.larc from $self
+			- discovery-alpha.msfc from mcszulu21.ndc.nasa.gov ᵃ
+			- www.nccs from www.hec.nasa.gov
+			- www.nccs from nccs.nasa.gov
+			- www.nccs from $self
+			- sage from $self ¹
+			- open from $self ¹
+			- ppm from trmm.gsfc.nasa.gov ᵈ
+			- www.sti from $self
+			- www from $self ¹
 
-	<rule from="^http://mars\.(?:jpl\.)?nasa\.gov/"
-		to="https://d2cj35nmzi9erd.cloudfront.net/" />
+		- favicons, on:
 
-	<rule from="^http://marsrovers\.jpl\.nasa\.gov/"
-		to="https://d1p01lglytwktu.cloudfront.net/" />
+			- essp.larc, explorers.larc, lws.larc, newfrontiers.larc from soma.larc.nasa.gov ᵘ
 
-	<rule from="^http://marsstaticcdn\.jpl\.nasa\.gov/"
-		to="https://d3r05mwudimf00.cloudfront.net/" />
+		- Bugs, on:
+
+			- scienceandtechnology.jpl from static.addtoany.com ¹
+			- nccs from twitter-badges.s3.amazonaws.com ¹
+			- podaac.jpl, podaac-www.jpl, ghrc.nsstc from ws1.ems.eosdis.nasa.gov ¹
+
+	ᵃ Unsecurable <= shows another domain
+	ᵈ Unsecurable <= dropped
+	ᵉ Not secured by us <= expired
+	ᵐ Not secured by us <= mismatched
+	¹ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+	ᵘ Not secured by us <= untrusted root
 
-	<!--	Protocol-relative links from scienceandtechnology.jpl:
-							-->
-	<rule from="^https?://metrics\.jpl\.nasa\.gov/"
-		to="https://jpl-nasa-gov.122.2o7.net/" />
+-->
+<ruleset name="NASA.gov (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="nasa.gov" />
+	<target host="airbornescience.nasa.gov" />
+	<target host="apod.nasa.gov" />
+	<target host="applyonline.nasa.gov" />
+
+	<target host="cloud1.arc.nasa.gov" />
+	<!--target host="space.arc.nasa.gov" /-->
+	<!--target host="www.space.arc.nasa.gov" /-->
+
+	<target host="astrobiology.nasa.gov" />
+	<target host="astronauts.nasa.gov" />
+
+	<target host="towerfts.csbf.nasa.gov" />
+	<target host="*.towerfts.csbf.nasa.gov" />
+	<target host="www.csbf.nasa.gov" />
+
+	<target host="blogs.nasa.gov" />
+	<target host="c3.nasa.gov" />
+	<target host="code.nasa.gov" />
+	<target host="data.nasa.gov" />
+	<target host="earthdata.nasa.gov" />
+
+	<target host="access.earthdata.nasa.gov" />
+	<target host="cdn.earthdata.nasa.gov" />
+	<target host="ecc.earthdata.nasa.gov" />
+	<target host="search.earthdata.nasa.gov" />
+	<target host="urs.earthdata.nasa.gov" />
+	<target host="wiki.earthdata.nasa.gov" />
+
+	<!--target host="www.echo.nasa.gov" /-->
+	<target host="employeeorientation.nasa.gov" />
+	<target host="eods.nasa.gov" />
+
+	<target host="ws1.ems.eosdis.nasa.gov" />
+	<!--target host="firms.modaps.eosdis.nasa.gov" /-->
+
+	<target host="esdpubs.nasa.gov" />
+	<target host="espo.nasa.gov" />
+	<target host="www.espo.nasa.gov" />
+	<target host="spacecomm.nasa.gov" />
+	<target host="www.spacecomm.nasa.gov" />
+	<target host="espoarchive.nasa.gov" />
+	<target host="exoplanets.nasa.gov" />
+	<target host="eyes.nasa.gov" />
+	<target host="flightopportunities.nasa.gov" />
+	<target host="gpm.nasa.gov" />
+
+	<target host="rt.grc.nasa.gov" />
+	<target host="wordpress.grc.nasa.gov" />
+	<target host="www.grc.nasa.gov" />
+
+	<target host="acemission.gsfc.nasa.gov" />
+	<target host="apod.gsfc.nasa.gov" />
+	<target host="aura.gsfc.nasa.gov" />
+	<!--target host="kauai.ccmc.gsfc.nasa.gov" /-->
+	<target host="cilab.gsfc.nasa.gov" />
+	<target host="cor.gsfc.nasa.gov" />
+	<target host="cosmicopia.gsfc.nasa.gov" />
+	<target host="daac.gsfc.nasa.gov" />
+	<!-- target host="decadal.gsfc.nasa.gov" / -->
+	<target host="ehpd.gsfc.nasa.gov" />
+	<target host="explorers.gsfc.nasa.gov" />
+	<target host="fits.gsfc.nasa.gov" />
+	<target host="fpd.gsfc.nasa.gov" />
+	<!-- target host="glory.gsfc.nasa.gov" / -->
+	<target host="gms.gsfc.nasa.gov" />
+	<target host="heasarc.gsfc.nasa.gov" />
+	<target host="hires.gsfc.nasa.gov" />
+	<target host="iris.gsfc.nasa.gov" />
+	<target host="ixo.gsfc.nasa.gov" />
+	<target host="jointmission.gsfc.nasa.gov" />
+	<!--target host="jwst.gsfc.nasa.gov" /-->
+	<target host="lambda.gsfc.nasa.gov" />
+	<target host="lola.gsfc.nasa.gov" />
+	<target host="lunar.gsfc.nasa.gov" />
+	<target host="lws.gsfc.nasa.gov" />
+	<target host="lws-set.gsfc.nasa.gov" />
+	<target host="mms.gsfc.nasa.gov" />
+	<target host="nasaviz.gsfc.nasa.gov" />
+	<!--target host="neptune.gsfc.nasa.gov" /-->
+	<target host="pmm.gsfc.nasa.gov" />
+	<target host="poes.gsfc.nasa.gov" />
+	<target host="rsdo.gsfc.nasa.gov" />
+	<target host="satellitesafety.gsfc.nasa.gov" />
+	<target host="disc.sci.gsfc.nasa.gov" />
+	<target host="ssco.gsfc.nasa.gov" />
+	<target host="stp.gsfc.nasa.gov" />
+	<target host="sustainablelandimaging.gsfc.nasa.gov" />
+	<target host="svs.gsfc.nasa.gov" />
+	<target host="tess.gsfc.nasa.gov" />
+
+	<!-- target host="corts.hq.nasa.gov" / -->
+	<target host="www.hq.nasa.gov" />
+	<target host="intern.nasa.gov" />
+	<target host="invention.nasa.gov" />
+
+	<target host="acquisition.jpl.nasa.gov" />
+	<!--target host="beacon.jpl.nasa.gov" /-->
+	<!--<target host="cancer.jpl.nasa.gov" />-->
+	<target host="dir.jpl.nasa.gov" />
+	<target host="directory.jpl.nasa.gov" />
+	<target host="edrn.jpl.nasa.gov" />
+	<target host="enose.jpl.nasa.gov" />
+	<target host="exep.jpl.nasa.gov" />
+	<target host="exoplanets.jpl.nasa.gov" />
+	<target host="eyes.jpl.nasa.gov" />
+	<target host="eyesstage.jpl.nasa.gov" />
+	<!-- target host="gracefo.jpl.nasa.gov" / -->
+	<target host="hyspiri.jpl.nasa.gov" />
+	<target host="icis.jpl.nasa.gov" />
+	<target host="jpldataeval.jpl.nasa.gov" />
+	<target host="jplspaceship.jpl.nasa.gov" />
+	<target host="mars.jpl.nasa.gov" />
+	<target host="marsrovers.jpl.nasa.gov" />
+	<target host="naif.jpl.nasa.gov" />
+	<target host="nightsky.jpl.nasa.gov" />
+	<target host="nisar.jpl.nasa.gov" />
+	<target host="pds.jpl.nasa.gov" />
+	<target host="pds-engineering.jpl.nasa.gov" />
+	<target host="planetquest.jpl.nasa.gov" />
+	<target host="podaac.jpl.nasa.gov" />
+	<target host="podaac-uat.jpl.nasa.gov" />
+	<target host="podaac-www.jpl.nasa.gov" />
+	<target host="ras.jpl.nasa.gov" />
+	<target host="saturn.jpl.nasa.gov" />
+	<target host="science.jpl.nasa.gov" />
+	<target host="scienceandtechnology.jpl.nasa.gov" />
+	<target host="sealevel.jpl.nasa.gov" />
+	<!--target host="smap.jpl.nasa.gov" /-->
+	<target host="solarsystem.jpl.nasa.gov" />
+	<target host="studentprograms.jpl.nasa.gov" />
+	<target host="swot.jpl.nasa.gov" />
+	<target host="technology.jpl.nasa.gov" />
+	<target host="www-robotics.jpl.nasa.gov" />
+
+	<target host="lsda.jsc.nasa.gov" />
+	<target host="clarreo.larc.nasa.gov" />
+	<!--target host="mynasadata.larc.nasa.gov" /-->
+	<target host="launchpad.nasa.gov" />
+	<target host="auth.launchpad.nasa.gov" />
+	<target host="lists.nasa.gov" />
+	<target host="see.msfc.nasa.gov" />
+	<target host="nasajobs.nasa.gov" />
+	<target host="nasapeople.nasa.gov" />
+	<target host="www.nccs.nasa.gov" />
+
+	<target host="genelab-data.ndc.nasa.gov" />
+	<target host="gs66-vdclambda.ndc.nasa.gov" />
+	<target host="mail01.ndc.nasa.gov" />
+
+	<target host="neba.nasa.gov" />
+	<target host="towerfts.nsbf.nasa.gov" />
+	<target host="*.towerfts.nsbf.nasa.gov" />
+	<target host="nasasearch.nasa.gov" />
+	<target host="*.nasasearch.nasa.gov" />
+
+	<target host="answers.nssc.nasa.gov" />
+	<target host="searchpub.nssc.nasa.gov" />
+	<target host="www.nssc.nasa.gov" />
+
+	<target host="ghrc.nsstc.nasa.gov" />
+	<target host="ntrs.nasa.gov" />
+	<target host="oig.nasa.gov" />
+	<!-- target host="open.nasa.gov" / -->
+	<target host="pds.nasa.gov" />
+	<target host="people.nasa.gov" />
+	<target host="pmm.nasa.gov" />
+	<target host="retiree.nasa.gov" />
+	<target host="sage.nasa.gov" />
+	<target host="satern.nasa.gov" />
+	<target host="software.nasa.gov" />
+	<target host="solarsystem.nasa.gov" />
+	<target host="spinoff.nasa.gov" />
+	<target host="sservi.nasa.gov" />
+	<!--target host="www.sti.nasa.gov" /-->
+	<target host="webmail.nasa.gov" />
+	<target host="www.nasa.gov" />
+
+		<!--	includeSubdomains applies to one level only, so:
+									-->
+		<exclusion pattern="^http://(?:[^./]+\.){2,}(?:towerfts\.[cn]sbf|nasasearch)\.nasa\.gov/" />
+
+			<!--	+ve:
+					-->
+			<test url="http://this.host.towerfts.csbf.nasa.gov/" />
+			<test url="http://exists.not.towerfts.csbf.nasa.gov/" />
+			<test url="http://this.host.nasasearch.nasa.gov/" />
+			<test url="http://exists.not.nasasearch.nasa.gov/" />
+			<test url="http://this.host.towerfts.nsbf.nasa.gov/" />
+			<test url="http://exists.not.towerfts.nsbf.nasa.gov/" />
+
+	<!--	Complications:
+				-->
+	<target host="helios.gsfc.nasa.gov" />
+	<target host="www.gsfc.nasa.gov" />
+
+	<target host="heasarc.nasa.gov" />
+
+	<target host="marsstaticcdn.jpl.nasa.gov" />
+
+	<!--target host="jwst.nasa.gov" /-->
+	<target host="mars.nasa.gov" />
+	<target host="www.msfc.nasa.gov" />
+	<target host="nccs.nasa.gov" />
+	<target host="nscs.nasa.gov" />
+	<target host="search.nasa.gov" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://smap\.jpl\.nasa\.gov/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="^http://smap\.jpl\.nasa\.gov/(?!/*(?:assets|system)/)" /-->
+
+			<!--	+ve:
+					-->
+			<!--
+			<test url="http://smap.jpl.nasa.gov/documents" />
+			<test url="http://smap.jpl.nasa.gov/feedback" />
+			<test url="http://smap.jpl.nasa.gov/map" />
+			-->
+
+			<!--	-ve:
+					-->
+			<!--
+			<test url="http://smap.jpl.nasa.gov/assets/arrow_down_prompt.png" />
+			<test url="http://smap.jpl.nasa.gov/system/internal_resources/details/original/258_ERN-Ad.jpg" />
+			-->
+
+		<!--	Mixed css:
+					-->
+		<!--test url="http://www.echo.nasa.gov/reverb/about_reverb.htm" /-->
+
+		<!--	Mixed images:
+					-->
+		<!--test url="http://mars.jpl.nasa.gov/blogs/" /-->
+		<!--test url="http://mars.jpl.nasa.gov/mer/home/" /-->
+		<!--test url="http://www.nasa.gov/centers/glenn/home/index.html" /-->
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<!--	Redirect keeps all:
+					-->
+	<rule from="^http://nccs\.nasa\.gov/"
+		to="https://www.nccs.nasa.gov/" />
+
+	<!--	Redirect drops all:
+					-->
+	<rule from="^http://nscs\.nasa\.gov/.*"
+		to="https://nasapeople.nasa.gov/redirect.htm" />
+
+		<test url="http://nscs.nasa.gov/nscs_lp.htm" />
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/NASASpaceFlight.com.xml b/src/chrome/content/rules/NASASpaceFlight.com.xml
new file mode 100644
index 000000000000..53303a2b1955
--- /dev/null
+++ b/src/chrome/content/rules/NASASpaceFlight.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="NASASpaceFlight.com">
+
+	<target host="nasaspaceflight.com" />
+	<target host="www.nasaspaceflight.com" />
+	<target host="content.nasaspaceflight.com" />
+	<target host="forum.nasaspaceflight.com" />
+	<target host="media.nasaspaceflight.com" />
+	<target host="web.nasaspaceflight.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NASDAQ.xml b/src/chrome/content/rules/NASDAQ.xml
index 79e8bdf4616f..13b16ab72eb0 100644
--- a/src/chrome/content/rules/NASDAQ.xml
+++ b/src/chrome/content/rules/NASDAQ.xml
@@ -1,4 +1,6 @@
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://secure.directorsdesk.com/ => https://secure.directorsdesk.com/: (28, 'Connection timed out after 10000 milliseconds')
 	Other NASDAQ rulesets:
 
 		- Shareholder.com.xml
@@ -23,7 +25,7 @@
 
 	<target host="secure.directorsdesk.com" />
 	<target host="community.nasdaq.com" />
-	<target host="*.nasdaqomx.com" />
+	<target host="corporateintelligence.nasdaqomx.com" />
 	<target host="dialogue.openboard.info" />
 
 
@@ -33,16 +35,6 @@
 	<securecookie host="^dialogue\.openboard\.info$" name=".+" />
 
 
-	<rule from="^http://secure\.directorsdesk\.com/"
-		to="https://secure.directorsdesk.com/" />
-
-	<rule from="^http://community\.nasdaq\.com/"
-		to="https://community.nasdaq.com/" />
-
-	<rule from="^http://(corporateintelligence|listingcenter)\.nasdaqomx\.com/"
-		to="https://$1.nasdaqomx.com/" />
-
-	<rule from="^http://dialogue\.openboard\.info/"
-		to="https://dialogue.openboard.info/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/NAV.gov.hu.xml b/src/chrome/content/rules/NAV.gov.hu.xml
new file mode 100644
index 000000000000..783f3c3bac1a
--- /dev/null
+++ b/src/chrome/content/rules/NAV.gov.hu.xml
@@ -0,0 +1,25 @@
+<!--
+	403, HTTPS only:
+		clo.nav.gov.hu
+
+-->
+<ruleset name="Nemzeti Adó- és Vámhivatal">
+	<target host="nav.gov.hu" />
+	<target host="www.nav.gov.hu" />
+	<target host="abpe.nav.gov.hu" />
+	<target host="adatbazisok.nav.gov.hu" />
+	<target host="arveres.nav.gov.hu" />
+	<target host="ebev.nav.gov.hu" />
+	<target host="ekaer.nav.gov.hu" />
+	<target host="elekafa.nav.gov.hu" />
+	<target host="en.nav.gov.hu" />
+	<target host="hirlevel.nav.gov.hu" />
+	<target host="kkk.nav.gov.hu" />
+	<target host="moss.nav.gov.hu" />
+	<target host="openkkk.nav.gov.hu" />
+	<target host="secure.nav.gov.hu" />
+	<target host="vpi.nav.gov.hu" />
+
+	<rule from="^http:"
+		  to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/NAVTEQ-problematic.xml b/src/chrome/content/rules/NAVTEQ-problematic.xml
index a9b02298e4d8..dd49f70b421c 100644
--- a/src/chrome/content/rules/NAVTEQ-problematic.xml
+++ b/src/chrome/content/rules/NAVTEQ-problematic.xml
@@ -9,7 +9,6 @@
 
 	<!--	CN: www.navteq.com
 					-->
-	<rule from="^http://corporate\.navteq\.com/"
-		to="https://corporate.navteq.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/NAVTEQ.xml b/src/chrome/content/rules/NAVTEQ.xml
index e48300bb1487..6003c4b52b17 100644
--- a/src/chrome/content/rules/NAVTEQ.xml
+++ b/src/chrome/content/rules/NAVTEQ.xml
@@ -1,4 +1,13 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://navteq.com/ => https://www.navteq.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.navteq.com'")
+Fetch error: http://navteqmedia.com/ => https://primeplace.nokia.com/: (6, 'Could not resolve host: primeplace.nokia.com')
+Fetch error: http://www.navteqmedia.com/ => https://primeplace.nokia.com/: (6, 'Could not resolve host: primeplace.nokia.com')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://navteqmedia.com/ => https://primeplace.nokia.com/: (51, "SSL: no alternative certificate subject name matches target host name 'primeplace.nokia.com'")
+Fetch error: http://www.navteqmedia.com/ => https://primeplace.nokia.com/: (51, "SSL: no alternative certificate subject name matches target host name 'primeplace.nokia.com'")
 	For problematic rules, see NAVTEQ-problematic.xml.
 
 
@@ -11,11 +20,20 @@
 		- sampledata.navteq.com		(ditto)
 		- (www.)navteqmedia.com		(ditto)
 
+
+	Problematic domains:
+
+		- www.mapreporter.navteq.com *
+
+	* Mismatched, CN: mapreporter.navteq.com
+
 -->
-<ruleset name="NAVTEQ (partial)">
+<ruleset name="NAVTEQ (partial)" default_off="failed ruleset test">
 
 	<target host="navteq.com" />
-	<target host="*.navteq.com" />
+	<target host="www.navteq.com" />
+	<target host="www2-test.navteq.com" />
+	<target host="mapreporter.navteq.com" />
 	<target host="css.mapreporter.navteq.com" />
 	<target host="navteqmedia.com" />
 	<target host="www.navteqmedia.com" />
@@ -27,17 +45,17 @@
 	<!--	- !www: cert only matches www
 		- www2-test: ditto
 					-->
-	<rule from="^https?://(www(?:2-test)?\.)?navteq\.com/"
+	<rule from="^http://(?:www(?:2-test)?\.)?navteq\.com/"
 		to="https://www.navteq.com/" />
 
 	<!--	Cert only matches ^mapreporter.
 						-->
-	<rule from="^https?://(?:css\.)?mapreporter\.navteq\.com/"
+	<rule from="^http://(?:css\.)?mapreporter\.navteq\.com/"
 		to="https://mapreporter.navteq.com/" />
 
 	<!--	Redirects like so.
 					-->
-	<rule from="^https?://(?:www\.)?navteqmedia\.com/"
+	<rule from="^http://(?:www\.)?navteqmedia\.com/"
 		to="https://primeplace.nokia.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/NBC-News.xml b/src/chrome/content/rules/NBC-News.xml
index 7bb90ce956dd..64f45afb252f 100644
--- a/src/chrome/content/rules/NBC-News.xml
+++ b/src/chrome/content/rules/NBC-News.xml
@@ -1,30 +1,22 @@
 <!--
-	For other National Broadcasting Company coverage, see National-Broadcasting-Company.xml.
+	For other National Broadcasting Company coverage, see
+		+ National-Broadcasting-Company.xml
 
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- cosmiclog.nbcnews.com
+		- redtape.nbcnews.com
 
-	CDN buckets:
-
-		- vineblogs.msnbc.msn.com.edgesuite.net
-			- redtape.nbcnews.com
-
-
-	Problematic domains:
-
-		- (www.)nbcnews.com	(works, akamai)
-
+	Secure connection redirects to plain-text:
+		- nvcdn.nbcnews.com
 -->
-<ruleset name="NBC News (partial)" default_off="mismatch">
-
+<ruleset name="NBC News (partial)">
 	<target host="nbcnews.com" />
-	<target host="*.nbcnews.com" />
-
-
-	<rule from="^https?://(?:www\.)?nbcnews\.com/"
-		to="https://www.nbcnews.com/" />
-
-	<!--	Akamai.
-			-->
-	<rule from="^http://(cosmiclog|redtape)\.nbcnews\.com/"
-		to="https://$1.nbcnews.com/" />
+	<target host="www.nbcnews.com" />
+	<target host="geoip.nbcnews.com" />
+	<target host="jetpack.nbcnews.com" />
+	<target host="mps.nbcnews.com" />
+	<target host="nodeassets.nbcnews.com" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/NBCOlympics.com.xml b/src/chrome/content/rules/NBCOlympics.com.xml
new file mode 100644
index 000000000000..c0d8163d14fa
--- /dev/null
+++ b/src/chrome/content/rules/NBCOlympics.com.xml
@@ -0,0 +1,51 @@
+<!--
+	Mixed content:
+		api-gracenote.nbcolympics.com
+
+	Invalid certificate:
+		archiverio.nbcolympics.com
+		olystreameast.nbcolympics.com
+		olystreamwest.nbcolympics.com
+		olyvodeast.nbcolympics.com
+		olyvodwest.nbcolympics.com
+		publisher.nbcolympics.com
+		rss.nbcolympics.com
+		telemundo.nbcolympics.com
+
+	Time out:
+		cms.devstream.nbcolympics.com
+
+	No working URL known:
+		edit.nbcolympics.com
+
+	Different content HTTP/HTTPS:
+		m.nbcolympics.com
+
+	Redirect to HTTP:
+		stream.nbcolympics.com
+
+-->
+<ruleset name="NBC Olympics.com">
+
+	<target host="nbcolympics.com" />
+	<target host="www.nbcolympics.com" />
+	<target host="api.nbcolympics.com" />
+	<target host="images.nbcolympics.com" />
+		<test url="http://images.nbcolympics.com/www.nbcolympics.com/affiliate-logos/default_260.png" />
+	<target host="load.nbcolympics.com" />
+	<target host="loadedit.nbcolympics.com" />
+	<target host="assets.rio2016.nbcolympics.com" />
+		<test url="http://assets.rio2016.nbcolympics.com/country-flags/168x112/AUT.png" />
+	<target host="results.nbcolympics.com" />
+		<test url="http://results.nbcolympics.com/taekwondo/event/women-49kg/index.html" />
+	<target host="search.nbcolympics.com" />
+	<target host="staging.nbcolympics.com" />
+	<target host="sweepstakes.nbcolympics.com" />
+	<target host="widgets.nbcolympics.com" />
+		<test url="http://widgets.nbcolympics.com/v2.0.0/7f762a6f8a4b74449995bc4524b00f06.ttf" />
+	<target host="vplayer.nbcolympics.com" />
+		<test url="http://vplayer.nbcolympics.com/p/BxmELC/nbcolympics/select/mIytHBVUNcY3" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NBCUDigitalAdOps.com.xml b/src/chrome/content/rules/NBCUDigitalAdOps.com.xml
new file mode 100644
index 000000000000..c703e7676c28
--- /dev/null
+++ b/src/chrome/content/rules/NBCUDigitalAdOps.com.xml
@@ -0,0 +1,20 @@
+<!--
+	Digital Ad Operations
+
+	Non-functional hosts
+		Incomplete certificate chain error:
+		- nbcudigitaladops.com
+		- origin-www.nbcudigitaladops.com
+
+-->
+<ruleset name="NBCUDigitalAdOps.com">
+
+	<target host="www.nbcudigitaladops.com" />
+	<test url="http://www.nbcudigitaladops.com/hosted/global_header.js" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NBCUniversal_Media.xml b/src/chrome/content/rules/NBCUniversal_Media.xml
deleted file mode 100644
index a7c35b3fef08..000000000000
--- a/src/chrome/content/rules/NBCUniversal_Media.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	Problematic subdomains:
-
-		- ^	(mismatched)
-
--->
-<ruleset name="NBCUniversal Media (partial)">
-
-	<target host="nbcudigitaladops.com" />
-	<target host="*.nbcudigitaladops.com" />
-
-
-	<securecookie host="^(?:origin-)?www\.nbcudigitaladops\.com$" name=".+" />
-
-
-	<rule from="^https?://(?:(origin-)?www\.)?nbcudigitaladops\.com/"
-		to="https://$1www.nbcudigitaladops.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/NBCWashington.com.xml b/src/chrome/content/rules/NBCWashington.com.xml
new file mode 100644
index 000000000000..d2fb81b198cb
--- /dev/null
+++ b/src/chrome/content/rules/NBCWashington.com.xml
@@ -0,0 +1,39 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+		- nbcwashington.com
+		- identity.nbcwashington.com
+		- m.nbcwashington.com
+		- mail1.mail.nbcwashington.com
+		- mail2.mail.nbcwashington.com
+		- mail3.mail.nbcwashington.com
+		- mail4.mail.nbcwashington.com
+		- mail5.mail.nbcwashington.com
+		- mail6.mail.nbcwashington.com
+		- mail7.mail.nbcwashington.com
+
+		Timeout was reached:
+		- the20.nbcwashington.com
+
+		SSL connect error:
+		- mail.nbcwashington.com
+		- www.mail.nbcwashington.com
+		- click1.mail.nbcwashington.com
+
+		SSL peer certificate was not OK:
+		- click.nbcwashington.com
+		- events.nbcwashington.com
+		- finance.nbcwashington.com
+-->
+<ruleset name="NBC Washington.com" platform="mixedcontent">
+	<target host="nbcwashington.com" />
+	<target host="www.nbcwashington.com" />
+	<target host="media.nbcwashington.com" />
+	<target host="stage.www.nbcwashington.com" />
+
+	<rule from="^http://nbcwashington\.com/"
+			to="https://www.nbcwashington.com/" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/NBN_Co.com.au.xml b/src/chrome/content/rules/NBN_Co.com.au.xml
index 3541bb848453..08704fb21633 100644
--- a/src/chrome/content/rules/NBN_Co.com.au.xml
+++ b/src/chrome/content/rules/NBN_Co.com.au.xml
@@ -1,38 +1,29 @@
-<!--
-	Problematic subdomains:
-
-		- ^	(mismatched, CN: www.nbnco.com.au)
-		- www	(some pages redirect to http)
 
+<!--
 
-	Fully covered subdomains:
+	Mismatched hosts in *nbnco.com.au:
 
-		- (www.)	(→ www1)
-		- autodiscover
-		- exch-cas-[12]
-		- outlook
-		- outlook[12]
-		- www[12]
+		- click.email
+		- glocals-competition
+		- image.email
+		- metrics
+		- mobile
+		- response
+		- www.egslb
 
 -->
 <ruleset name="NBN Co.com.au">
 
 	<target host="nbnco.com.au" />
-	<target host="*.nbnco.com.au" />
-		<!--exclusion pattern="^http://(www\.)?nbnco\.com\.au/(?!(contact-us|subscriptions($|[?/])|content/|etc/)" /-->
-
-
-	<!--	Tracking cookies:
-					-->
-	<!--securecookie host="^\.nbnco\.com\.au$" name="^(gpv_p\w|mbox|s_\w+)$" /-->
-	<!--securecookie host="^\.nbnco\.com\.au$" name="^cmgvo$" /-->
-	<securecookie host="^(?:www\d?)?\.nbnco\.com\.au$" name=".+" />
-
+	<target host="www.nbnco.com.au" />
+	<target host="autodiscover.nbnco.com.au" />
+	<target host="enable.nbnco.com.au" />
+	<target host="www1.nbnco.com.au" />
+	<target host="www2.nbnco.com.au" />
 
-	<rule from="^http://(?:www1?\.)?nbnco\.com\.au/"
-		to="https://www1.nbnco.com.au/" />
+	<securecookie host="^(www\d?)?\.nbnco\.com\.au$" name=".+" />
 
-	<rule from="^http://(autodiscover|exch-cas-[12]|outlook\d?|www2)\.nbnco\.com\.au/"
-		to="https://$1.nbnco.com.au/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/NBWN.xml b/src/chrome/content/rules/NBWN.xml
new file mode 100644
index 000000000000..567cbd2241f2
--- /dev/null
+++ b/src/chrome/content/rules/NBWN.xml
@@ -0,0 +1,6 @@
+<ruleset name="Notebooks Wie Neu">
+    <target host="nbwn.de" />
+    <target host="www.nbwn.de" />
+
+    <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/NC.me.xml b/src/chrome/content/rules/NC.me.xml
new file mode 100644
index 000000000000..16d85a79ceb5
--- /dev/null
+++ b/src/chrome/content/rules/NC.me.xml
@@ -0,0 +1,22 @@
+<!--
+	For other Namecheap coverage, see NameCheap.xml.
+
+-->
+<ruleset name="NC.me">
+
+	<!--	Direct rewrites:
+				-->
+  	<target host="www.nc.me" />
+
+	<!--	Complications:
+				-->
+  <target host="nc.me" />
+
+
+	<rule from="^http://nc\.me/"
+		to="https://www.nc.me/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NCC_Group.com.xml b/src/chrome/content/rules/NCC_Group.com.xml
new file mode 100644
index 000000000000..b5ce3333ba69
--- /dev/null
+++ b/src/chrome/content/rules/NCC_Group.com.xml
@@ -0,0 +1,19 @@
+<!--
+	Other NCC Group rulesets:
+
+		- Escrow_Live.net.xml
+		- NCC_Group.trust.xml
+		- Who_do_you.trust.xml
+
+-->
+<ruleset name="NCC Group.com">
+
+	<target host="nccgroup.com" />
+	<target host="portal.nccgroup.com" />
+	<target host="www.nccgroup.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NCC_Group.trust.xml b/src/chrome/content/rules/NCC_Group.trust.xml
new file mode 100644
index 000000000000..171fc83ecffb
--- /dev/null
+++ b/src/chrome/content/rules/NCC_Group.trust.xml
@@ -0,0 +1,30 @@
+<!--
+	For other NCC Group coverage, see NCC_Group.com.xml.
+
+
+	Insecure cookies are set for these hosts:
+
+		- nccgroup.trust
+		- www.nccgroup.trust
+
+-->
+<ruleset name="NCC Group.trust">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="nccgroup.trust" />
+	<target host="www.nccgroup.trust" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?nccgroup\.trust$" name="^(?:___utmv[abm]\w+|incap_ses_\d+_\d+|visid_incap_\d+)$" /-->
+	<!--securecookie host="^www\.nccgroup\.trust$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^(?:www\.)?nccgroup\.trust$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NCISF.org.xml b/src/chrome/content/rules/NCISF.org.xml
new file mode 100644
index 000000000000..36de1a5a0647
--- /dev/null
+++ b/src/chrome/content/rules/NCISF.org.xml
@@ -0,0 +1,17 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ncisf.org/ => https://ncisf.org/: (7, 'Failed to connect to ncisf.org port 443: Connection refused')
+Fetch error: http://www.ncisf.org/ => https://www.ncisf.org/: (7, 'Failed to connect to www.ncisf.org port 443: Connection refused')
+
+-->
+<ruleset name="NCISF.org" default_off="failed ruleset test">
+
+	<target host="ncisf.org" />
+	<target host="www.ncisf.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NCJRS.gov.xml b/src/chrome/content/rules/NCJRS.gov.xml
new file mode 100644
index 000000000000..a5a56cf29895
--- /dev/null
+++ b/src/chrome/content/rules/NCJRS.gov.xml
@@ -0,0 +1,27 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ncjrs.gov/ => https://ncjrs.gov/: (51, "SSL: no alternative certificate subject name matches target host name 'ncjrs.gov'")
+
+	National Criminal Justice Reference Service
+
+
+-->
+<ruleset name="NCJS.gov" default_off="failed ruleset test">
+
+	<target host="ncjrs.gov" />
+	<target host="puborder.ncjrs.gov" />
+	<target host="www.ncjrs.gov" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?ncjrs\.gov$" name="^(ASP\.NET_SessionId|ASPSESSIONID[A-Z]{8}|DSLB)$" /-->
+	<!--securecookie host="^puborder\.ncjrs\.gov$" name="^(ASPSESSIONID[A-Z]{8}|BIGipServerprd_puborder|LBServerID)$" /-->
+
+	<securecookie host="^(?:puborder\.|www\.)?ncjrs\.gov$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NCL.ac.uk.xml b/src/chrome/content/rules/NCL.ac.uk.xml
new file mode 100644
index 000000000000..16b10e72978b
--- /dev/null
+++ b/src/chrome/content/rules/NCL.ac.uk.xml
@@ -0,0 +1,77 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://saptraining.ncl.ac.uk/ => https://saptraining.ncl.ac.uk/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	University of Newcastle upon Tyne
+
+
+	Nonfunctional hosts in *ncl.ac.uk:
+
+		- www.nhsn ᵖ
+
+	ᵖ Shows default page
+
+
+
+	Problematic hosts in *ncl.ac.uk:
+
+		- contact ᶜ
+		- nucontact ᶜ
+
+	ᶜ Missing certificate chain
+
+
+	Mixed content:
+
+		- Image on teaching from www.ncl.ac.uk
+
+-->
+<ruleset name="NCL.ac.uk (partial)" default_off="failed ruleset test">
+
+	<target host="apps.ncl.ac.uk" />
+	<target host="blackboard.ncl.ac.uk" />
+	<target host="blackboardtest.ncl.ac.uk" />
+	<target host="blogs.ncl.ac.uk" />
+	<!--target host="contact.ncl.ac.uk" /-->
+	<target host="crypt.ncl.ac.uk" />
+	<target host="directory.ncl.ac.uk" />
+	<target host="forms.ncl.ac.uk" />
+	<target host="gateway.ncl.ac.uk" />
+	<target host="includes.ncl.ac.uk" />
+	<target host="internal.ncl.ac.uk" />
+	<target host="ltms.ncl.ac.uk" />
+	<target host="my.ncl.ac.uk" />
+	<target host="myimpact.ncl.ac.uk" />
+	<target host="www.myprojects.ncl.ac.uk" />
+	<target host="www.myprojects-proposals.ncl.ac.uk" />
+	<target host="myworkplace.ncl.ac.uk" />
+	<target host="ness.ncl.ac.uk" />
+	<!--target host="nucontact.ncl.ac.uk" /-->
+	<target host="owa.ncl.ac.uk" />
+	<target host="payments.ncl.ac.uk" />
+	<target host="portfolio.ncl.ac.uk" />
+	<target host="ras.ncl.ac.uk" />
+	<target host="ras-gateway.ncl.ac.uk" />
+	<target host="saptraining.ncl.ac.uk" />
+	<target host="sitemanager.ncl.ac.uk" />
+	<target host="vacancies.ncl.ac.uk" />
+	<target host="webmail.ncl.ac.uk" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.ncl\.ac\.uk/$" /-->
+
+		<!--	Mixed image:
+					-->
+		<test url="http://teaching.ncl.ac.uk/recap/" />
+
+
+	<securecookie host="^\." name="^_gat?$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NCRIC.xml b/src/chrome/content/rules/NCRIC.xml
index 6856106cbee8..11f34a4fadc6 100644
--- a/src/chrome/content/rules/NCRIC.xml
+++ b/src/chrome/content/rules/NCRIC.xml
@@ -19,4 +19,4 @@
 	<rule from="^http://www\.ncric\.org/.*"
 		to="https://ncric.org/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/NCRegister.com.xml b/src/chrome/content/rules/NCRegister.com.xml
new file mode 100644
index 000000000000..eaf24a6f74f3
--- /dev/null
+++ b/src/chrome/content/rules/NCRegister.com.xml
@@ -0,0 +1,22 @@
+<!--
+	Refused:
+		- mail
+
+	Mismatched:
+		- m
+		- mail2
+		- pages
+		- test
+		- www.test
+-->
+<ruleset name="NCRegister.com">
+	<target host="ncregister.com" />
+	<target host="www.ncregister.com" />
+	<target host="donate.ncregister.com" />
+	<target host="m-origin.ncregister.com" />
+	<target host="origin.ncregister.com" />
+	<target host="www.pages.ncregister.com" />
+	<target host="sd.ncregister.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/NCSC.nl.xml b/src/chrome/content/rules/NCSC.nl.xml
new file mode 100644
index 000000000000..6f3043ed21ae
--- /dev/null
+++ b/src/chrome/content/rules/NCSC.nl.xml
@@ -0,0 +1,14 @@
+<!--
+	Nationaal Cyber Security Centrum
+
+-->
+<ruleset name="NCSC.nl">
+
+	<target host="ncsc.nl" />
+	<target host="www.ncsc.nl" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NCSI.com.xml b/src/chrome/content/rules/NCSI.com.xml
new file mode 100644
index 000000000000..6ec27e88721d
--- /dev/null
+++ b/src/chrome/content/rules/NCSI.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="NCSI.com">
+
+	<target host="ncsi.com" />
+	<target host="www.ncsi.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NCStateFair.org.xml b/src/chrome/content/rules/NCStateFair.org.xml
new file mode 100644
index 000000000000..262ca051435d
--- /dev/null
+++ b/src/chrome/content/rules/NCStateFair.org.xml
@@ -0,0 +1,13 @@
+<!--
+	Timeout:
+		- secure-registration
+
+	Mismatched:
+		- wwwdev
+-->
+<ruleset name="NCStateFair.org">
+	<target host="ncstatefair.org" />
+	<target host="www.ncstatefair.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/NCTA.com.xml b/src/chrome/content/rules/NCTA.com.xml
new file mode 100644
index 000000000000..3886adc69bad
--- /dev/null
+++ b/src/chrome/content/rules/NCTA.com.xml
@@ -0,0 +1,17 @@
+<!--
+	National Cable & Telecommunications Association
+
+
+	^: 400
+
+-->
+<ruleset name="NCTA.com">
+
+	<target host="ncta.com" />
+	<target host="www.ncta.com" />
+
+
+	<rule from="^http://(?:www\.)?ncta\.com/"
+		to="https://www.ncta.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NCWIT.org.xml b/src/chrome/content/rules/NCWIT.org.xml
new file mode 100644
index 000000000000..1c8a4f1403ed
--- /dev/null
+++ b/src/chrome/content/rules/NCWIT.org.xml
@@ -0,0 +1,14 @@
+<ruleset name="NCWIT.org">
+
+	<target host="ncwit.org" />
+	<target host="trackingtool.ncwit.org" />
+	<target host="www.ncwit.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NC_Bar.org.xml b/src/chrome/content/rules/NC_Bar.org.xml
new file mode 100644
index 000000000000..6cf69700b38a
--- /dev/null
+++ b/src/chrome/content/rules/NC_Bar.org.xml
@@ -0,0 +1,29 @@
+<!--
+	Mixed content:
+
+		- favicon from www *
+
+	* Secured by us
+
+-->
+<ruleset name="NC Bar.org">
+
+	<target host="ncbar.org" />
+	<target host="www.ncbar.org" />
+
+
+	<!--	Incapsula cookies:
+					-->
+	<!--securecookie host="^\.ncbar\.org$" name="^___utm\w{8}$" /-->
+	<!--securecookie host="^(www\.)?ncbar\.org$" name="^(incap_ses_\d+_\d+|visid_incap_\d+)" /-->
+	<!--
+		Not secured by server:
+					-->
+	<!--securecookie host="^\.ncbar\.org$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^(?:\.|www\.)?ncbar\.org$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NCatLab.org.xml b/src/chrome/content/rules/NCatLab.org.xml
new file mode 100644
index 000000000000..461aa69bb078
--- /dev/null
+++ b/src/chrome/content/rules/NCatLab.org.xml
@@ -0,0 +1,9 @@
+<ruleset name="nCatLab.org">
+	<target host="ncatlab.org" />
+	<target host="www.ncatlab.org" />
+	<target host="nforum.ncatlab.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/NCsoft.com.xml b/src/chrome/content/rules/NCsoft.com.xml
new file mode 100644
index 000000000000..83eeb60d4c66
--- /dev/null
+++ b/src/chrome/content/rules/NCsoft.com.xml
@@ -0,0 +1,27 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ncsoft.com/ => https://ncsoft.com/: (28, 'Operation timed out after 0 milliseconds with 0 out of 0 bytes received')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://ncsoft.com/ => https://ncsoft.com/: (28, 'Operation timed out after 0 milliseconds with 0 out of 0 bytes received')
+	Other NCsoft rulesets:
+
+		- Guild-Wars-2.xml
+		- StaticWars.com.xml
+		- WildStar-online.com.xml
+
+-->
+<ruleset name="NCsoft.com" default_off="failed ruleset test">
+
+	<target host="ncsoft.com" />
+	<target host="help.ncsoft.com" />
+	<target host="secure.ncsoft.com" />
+	<target host="static.ncsoft.com" />
+	<target host="us.ncsoft.com" />
+	<target host="www.ncsoft.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NDCHost.com.xml b/src/chrome/content/rules/NDCHost.com.xml
index 6f05e8f52755..3fa61d25e0fb 100644
--- a/src/chrome/content/rules/NDCHost.com.xml
+++ b/src/chrome/content/rules/NDCHost.com.xml
@@ -9,13 +9,14 @@
 <ruleset name="NDCHost.com">
 
 	<target host="ndchost.com" />
-	<target host="*.ndchost.com" />
+	<target host="customer.ndchost.com" />
+	<target host="helpdesk.ndchost.com" />
+	<target host="www.ndchost.com" />
 
 
 	<securecookie host="^(?:customer|helpdesk|www)\.ndchost\.com$" name=".+" />
 
 
-	<rule from="^http://((?:customer|helpdesk|www)\.)?ndchost\.com/"
-		to="https://$1ndchost.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/NDI.org.xml b/src/chrome/content/rules/NDI.org.xml
new file mode 100644
index 000000000000..5bb88cf74083
--- /dev/null
+++ b/src/chrome/content/rules/NDI.org.xml
@@ -0,0 +1,26 @@
+<!--
+	^: self-signed
+
+
+	These altnames don't exist:
+
+		- www.contribute.ndi.org
+		- www.idp.ndi.org
+		- www.portal.ndi.org
+
+-->
+<ruleset name="NDI.org">
+
+	<target host="ndi.org" />
+	<target host="www.ndi.org" />
+	<target host="contribute.ndi.org" />
+	<target host="idp.ndi.org" />
+	<target host="portal.ndi.org" />
+
+
+	<rule from="^http://(?:www\.)?ndi\.org/"
+		to="https://www.ndi.org/" />
+
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/NEC_Display.com.xml b/src/chrome/content/rules/NEC_Display.com.xml
index acf020af6ab0..b52ed1f83cdb 100644
--- a/src/chrome/content/rules/NEC_Display.com.xml
+++ b/src/chrome/content/rules/NEC_Display.com.xml
@@ -15,7 +15,8 @@
 <ruleset name="NEC Display.com (partial)">
 
 	<target host="necdisplay.com" />
-	<target host="*.necdisplay.com" />
+	<target host="www.necdisplay.com" />
+	<target host="partners.necdisplay.com" />
 		<!--exclusion pattern="^http://(www\.)?necdisplay\.com/+($|\?|(about|accessories|awards|category|company-profile|contactus|digital-media-library|downloads|email-signup|events|global-locations|nectools|press-room|products|programs|solutions?|terms|tool)($|[?/]))" /-->
 
 
diff --git a/src/chrome/content/rules/NEK_Vapor.com.xml b/src/chrome/content/rules/NEK_Vapor.com.xml
new file mode 100644
index 000000000000..62e9acf3fe55
--- /dev/null
+++ b/src/chrome/content/rules/NEK_Vapor.com.xml
@@ -0,0 +1,22 @@
+<!--
+	Mixed content:
+
+		- Images from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="NEK Vapor.com">
+
+	<target host="nekvapor.com" />
+	<target host="www.nekvapor.com" />
+
+
+	<!--	Server doesn't set Secure for:
+						-->
+	<securecookie host="^\.nekvapor\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NEO-Direct.xml b/src/chrome/content/rules/NEO-Direct.xml
index 18212bc3a8fd..87187110f3aa 100644
--- a/src/chrome/content/rules/NEO-Direct.xml
+++ b/src/chrome/content/rules/NEO-Direct.xml
@@ -1,4 +1,14 @@
-<ruleset name="NEO Direct">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://neo-direct.com/ => https://www.neo-direct.com/: (7, 'Failed to connect to www.neo-direct.com port 443: Connection refused')
+Fetch error: http://www.neo-direct.com/ => https://www.neo-direct.com/: (7, 'Failed to connect to www.neo-direct.com port 443: Connection refused')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://neo-direct.com/ => https://www.neo-direct.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.neo-direct.com'")
+Fetch error: http://www.neo-direct.com/ => https://www.neo-direct.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.neo-direct.com'")
+-->
+<ruleset name="NEO Direct" default_off="failed ruleset test">
 
 	<target host="neo-direct.com" />
 	<target host="www.neo-direct.com" />
@@ -9,7 +19,7 @@
 
 	<!--	Cert only matches www.
 					-->
-	<rule from="^https?://(?:www\.)?neo-direct\.com/"
+	<rule from="^http://(?:www\.)?neo-direct\.com/"
 		to="https://www.neo-direct.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/NEOS.eu.xml b/src/chrome/content/rules/NEOS.eu.xml
new file mode 100644
index 000000000000..09dcd4b5e98f
--- /dev/null
+++ b/src/chrome/content/rules/NEOS.eu.xml
@@ -0,0 +1,42 @@
+<!--
+	Problematic hosts in *neos.eu:
+
+		- presse *
+
+	* Server sends no certificate chain, see https://whatsmychaincert.com
+
+-->
+<ruleset name="NEOS.eu (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="neos.eu" />
+	<target host="burgenland.neos.eu" />
+	<target host="europa.neos.eu" />
+	<target host="glasneost.neos.eu" />
+	<target host="hypo.neos.eu" />
+	<target host="kaernten.neos.eu" />
+	<target host="lab.neos.eu" />
+	<target host="niederoesterreich.neos.eu" />
+	<target host="oberoesterreich.neos.eu" />
+	<target host="parlament.neos.eu" />
+	<!--target host="presse.neos.eu" /-->
+	<target host="salzburg.neos.eu" />
+	<target host="steiermark.neos.eu" />
+	<target host="vorarlberg.neos.eu" />
+	<target host="wien.neos.eu" />
+	<target host="www.neos.eu" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:europa\.|www\.)?neos\.eu$" name="^(?:PHPSESSID|wfvt_\d+)$" /-->
+	<!--securecookie host="^(?:burgenland|glasneost|hypo|kaernten|lab|niederoesterreich|oberoesterreich|salzburg|steiermark|vorarlberg|wien)\.neos\.eu$" name="^wfvt_\d+$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NESEA.xml b/src/chrome/content/rules/NESEA.xml
index 54c25852ebcd..bec37801bb52 100644
--- a/src/chrome/content/rules/NESEA.xml
+++ b/src/chrome/content/rules/NESEA.xml
@@ -1,10 +1,7 @@
-<ruleset name="NESEA">
-
+<ruleset name="NESEA" default_off="http redirect">
 	<target host="nesea.org" />
 	<target host="www.nesea.org" />
 
-
-	<rule from="^http://(www\.)?nesea\.org/"
-		to="https://$1nesea.org/" />
-
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/NESL.edu.xml b/src/chrome/content/rules/NESL.edu.xml
new file mode 100644
index 000000000000..528471c4a369
--- /dev/null
+++ b/src/chrome/content/rules/NESL.edu.xml
@@ -0,0 +1,20 @@
+<!--
+	New England School of Law-Boston
+
+
+	Mixed content:
+
+		- favicon from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="NESL.edu">
+
+	<target host="nesl.edu" />
+	<target host="www.nesl.edu" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NETZWELT.de.xml b/src/chrome/content/rules/NETZWELT.de.xml
new file mode 100644
index 000000000000..7b2ce4fa8b25
--- /dev/null
+++ b/src/chrome/content/rules/NETZWELT.de.xml
@@ -0,0 +1,43 @@
+<!--
+	This domain contains a wildcard DNS record.
+
+	Invalid certificate:
+		2fwww.netzwelt.de
+		3dwww.netzwelt.de
+		www.dl2.netzwelt.de
+		download.netzwelt.de
+		downloads.netzwelt.de
+		eee.netzwelt.de
+		favatars.netzwelt.de
+		fclientscript.netzwelt.de
+		1f4yt8j.gi.netzwelt.de
+		jfikozeo.gi.netzwelt.de
+		pwsadptr.gi.netzwelt.de
+		images.netzwelt.de
+		media.netzwelt.de
+		preisvergleich.netzwelt.de
+		related.netzwelt.de
+		*.schulterglatze.netzwelt.de
+		www.slick-sleeve.netzwelt.de
+		toidl.netzwelt.de
+		tumblr.netzwelt.de
+		pseudo.videos.netzwelt.de
+-->
+<ruleset name="NETZWELT.de">
+
+	<target host="netzwelt.de" />
+	<target host="www.netzwelt.de" />
+	<target host="amp.netzwelt.de" />
+	<target host="area52.netzwelt.de" />
+	<target host="dl1.netzwelt.de" />
+	<target host="dl2.netzwelt.de" />
+	<target host="img.netzwelt.de" />
+	<target host="static.netzwelt.de" />
+	<target host="suche.netzwelt.de" />
+	<target host="videos.netzwelt.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NEU.edu.xml b/src/chrome/content/rules/NEU.edu.xml
new file mode 100644
index 000000000000..7af51e8047a2
--- /dev/null
+++ b/src/chrome/content/rules/NEU.edu.xml
@@ -0,0 +1,52 @@
+<!--
+	For other Northeastern University coverage, see Northeastern.edu.xml.
+
+
+	Nonfunctional hosts in *neu.edu:
+
+		- nuapps1 ¹
+		- nuapps3 ²
+
+	¹ Dropped
+	² Refused
+
+
+	Insecure cookies are set for these hosts and domains:
+
+		- .neu.edu
+		- laweval.neu.edu
+		- myneu.neu.edu
+		- prod-web.neu.edu
+
+
+	Mixed content:
+
+		- Images on myneu from nuapps3.neu.edu *
+
+	* Unsecurable <= refused
+
+-->
+<ruleset name="NEU.edu (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="laweval.neu.edu" />
+	<target host="myneu.neu.edu" />
+	<target host="prod-web.neu.edu" />
+	<target host="registerresnet.neu.edu" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.neu\.edu$" name="^(?:CPSESSID|JSESSIONID|UserAgentId|fos\.web\.server|iPlanetDirectory-ims|iPlanetDirectory-uwc|runId|usid)$" /-->
+	<!--securecookie host="^laweval\.neu\.edu$" name="^(?:JSESSIONID|WASReqURL)$" /-->
+	<!--securecookie host="^myneu\.neu\.edu$" name="^(?:JSESSIONID|iPlanetDirectory-ims|luminus|sctSession|UserAgentId|webmailsid)$" /-->
+	<!--securecookie host="^prod-web\.neu\.edu$" name="^JSESSIONID$" /-->
+
+	<securecookie host="^(?:laweval|myneu|prod-web)\.neu\.edu$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NEXTINpact.com.xml b/src/chrome/content/rules/NEXTINpact.com.xml
new file mode 100644
index 000000000000..89cb9bd188b2
--- /dev/null
+++ b/src/chrome/content/rules/NEXTINpact.com.xml
@@ -0,0 +1,52 @@
+<!--
+	For other EDI7 Media coverage, see EDI7.lu.xml.
+
+
+	Nonfunctional hosts in *nextinpact.com:
+
+		- ^ *
+		- cdn ³
+		- forum ¹
+		- www ²
+
+	* 526
+	¹ Dropped
+	² Redirects to http
+	³ CloudFlare error: Invalid SSL cert
+
+
+	Fully covered hosts in *nextinpact.com:
+
+		- compte
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .nextinpact.com
+		- compte.nextinpact.com
+
+-->
+<ruleset name="Next INpact.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="compte.nextinpact.com" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.nextinpact\.com/($|Content/|[Ii]mages/|favicon\.ico|news/\d+-[\w-]+\.htm)" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.nextinpact\.com$" name="^(__cfduid|ARRAffinity|cf_clearance)$" /-->
+	<!--securecookie host="^compte\.nextinpact\.com$" name="^__RequestVerificationToken$" /-->
+
+	<!--securecookie host="^\.nextinpact\.com$" name="^__cfduid$" /-->
+	<securecookie host="^compte\.nextinpact\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NFARL.org.xml b/src/chrome/content/rules/NFARL.org.xml
new file mode 100644
index 000000000000..1be2c90bc3f0
--- /dev/null
+++ b/src/chrome/content/rules/NFARL.org.xml
@@ -0,0 +1,28 @@
+<!--
+	Mismatched:
+		- autodiscover.nfarl.org
+		- cloudflare-resolve-to.nfarl.org
+		- cpanel.nfarl.org
+		- ftp.nfarl.org
+		- autodiscover.hamjam.nfarl.org
+		- webmail.hamjam.nfarl.org
+		- autodiscover.hamjaminfo.nfarl.org
+		- webmail.hamjaminfo.nfarl.org
+		- mail.nfarl.org
+		- autodiscover.nfareswrc.nfarl.org
+		- webmail.nfareswrc.nfarl.org
+		- webmail.nfarl.org
+-->
+<ruleset name="NFARL.org">
+	<target host="nfarl.org" />
+	<target host="www.nfarl.org" />
+	<target host="hamjam.nfarl.org" />
+	<target host="www.hamjam.nfarl.org" />
+	<target host="hamjaminfo.nfarl.org" />
+	<target host="www.hamjaminfo.nfarl.org" />
+	<target host="nfares.nfarl.org" />
+	<target host="nfareswrc.nfarl.org" />
+	<target host="www.nfareswrc.nfarl.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/NFrance.xml b/src/chrome/content/rules/NFrance.xml
index 4a3108c97eaf..72ae9946877b 100644
--- a/src/chrome/content/rules/NFrance.xml
+++ b/src/chrome/content/rules/NFrance.xml
@@ -4,7 +4,6 @@
 	<target host="www.nfadmin.net" />
 
 
-	<rule from="^http://(www\.)?nfadmin\.net/"
-		to="https://$1nfadmin.net/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/NGA_cn.xml b/src/chrome/content/rules/NGA_cn.xml
new file mode 100644
index 000000000000..4d3ca6fec3d7
--- /dev/null
+++ b/src/chrome/content/rules/NGA_cn.xml
@@ -0,0 +1,22 @@
+<!--
+	404:
+		www.178.com
+	Mismatched:
+		www.ngabbs.com === www.ngacn.cc
+-->
+<ruleset name="NGA_cn (partial)">
+
+	<target host="bbs.nga.cn" />
+	<target host="g.nga.cn" />
+		<test url="http://g.nga.cn/read.php?tid=13018116" />
+	<exclusion pattern="^http://g\.nga\.cn/$" /> <!-- https://travis-ci.org/EFForg/https-everywhere/jobs/487776087#L571 -->
+
+	<target host="ngabbs.com" />
+
+	<target host="bbs.ngacn.cc" />
+
+	<target host="nga.178.com" />
+	<target host="img.nga.178.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/NGP-VAN.xml b/src/chrome/content/rules/NGP-VAN.xml
new file mode 100644
index 000000000000..db2538cea31d
--- /dev/null
+++ b/src/chrome/content/rules/NGP-VAN.xml
@@ -0,0 +1,43 @@
+<!--
+	ngpvan.com:
+		Timed out:
+			- act2.ngpvan.com
+			- socialfundraising.ngpvan.com
+
+
+	ngpvanhost.com:
+		Wildcard certificate and DNS:
+			- ngpvanhost.com
+-->
+
+<ruleset name="NGP VAN">
+	<!-- ngpvan.com -->
+	<target host="ngpvan.com" />
+	<target host="www.ngpvan.com" />
+	<target host="accounts.ngpvan.com" />
+	<target host="accounts3.ngpvan.com" />
+	<target host="accountsprimary.ngpvan.com" />
+	<target host="act.ngpvan.com" />
+	<target host="blog.ngpvan.com" />
+	<target host="click.ngpvan.com" />
+	<target host="developers.ngpvan.com" />
+	<target host="election2013.ngpvan.com" />
+	<target host="email.ngpvan.com" />
+	<target host="fastaction.ngpvan.com" />
+	<target host="go.ngpvan.com" />
+	<target host="help.ngpvan.com" />
+	<target host="progress.ngpvan.com" />
+	<target host="secure.ngpvan.com" />
+	<target host="support.ngpvan.com" />
+	<target host="accelerator.support.ngpvan.com" />
+
+
+	<!-- ngpvanhost.com -->
+	<target host="*.ngpvanhost.com" />
+		<test url="http://everytown.ngpvanhost.com/" />
+		<test url="http://hoyerforcongress.ngpvanhost.com/" />
+		<test url="http://kevinmatthews.ngpvanhost.com/" />
+
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/NGP_VAN.xml b/src/chrome/content/rules/NGP_VAN.xml
deleted file mode 100644
index 0c3ff8bb6496..000000000000
--- a/src/chrome/content/rules/NGP_VAN.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	Problematic domains:
-
-		- (www.)ngpvan.com	(mismatched, CN: *.ngpvanhost.com)
-
--->
-<ruleset name="NGP VAN">
-
-	<target host="ngpvan.com" />
-	<target host="www.ngpvan.com" />
-	<target host="*.ngpvanhost.com" />
-
-
-	<rule from="^https?://(?:www\.)?ngpvan\.com/"
-		to="https://ngpvan.ngpvanhost.com/" />
-
-	<rule from="^http://(\w+)\.ngpvanhost\.com/"
-		to="https://$1.ngpvanhost.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/NHN-Corporation.xml b/src/chrome/content/rules/NHN-Corporation.xml
deleted file mode 100644
index f56b167ae881..000000000000
--- a/src/chrome/content/rules/NHN-Corporation.xml
+++ /dev/null
@@ -1,26 +0,0 @@
-<!--
-	Other NHN Corporation rulesets:
-
-		- Anker.xml
-		- Unthem.xml
-
--->
-<ruleset name="NHN Corporation">
-
-	<target host="nhn.com" />
-	<target host="www.nhn.com" />
-	<target host="nhncorp.com" />
-	<target host="www.nhncorp.com" />
-
-
-	<securecookie host="^www\.nhncorp\.com$" name=".+" />
-
-
-	<!--	- Cert only matches www.nhncorp.com
-		- !www redirects to www
-		- nhm.com 301s to nhcorp.com
-					-->
-	<rule from="^https?://(?:www\.)?nhn(?:corp)?\.com/"
-		to="https://www.nhncorp.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/NHS-Direct.xml b/src/chrome/content/rules/NHS-Direct.xml
index f66050c91fdd..e24b0a0a3a59 100644
--- a/src/chrome/content/rules/NHS-Direct.xml
+++ b/src/chrome/content/rules/NHS-Direct.xml
@@ -1,11 +1,19 @@
-<ruleset name="NHS Direct (partial)">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://nhsdirect.nhs.uk/ => https://www.nhsdirect.nhs.uk/: (60, 'SSL certificate problem: self signed certificate')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://nhsdirect.nhs.uk/ => https://www.nhsdirect.nhs.uk/: (6, 'Could not resolve host: nhsdirect.nhs.uk')
+-->
+<ruleset name="NHS Direct (partial)" default_off="failed ruleset test">
 
 	<target host="nhsdirect.nhs.uk" />
 	<target host="*.nhsdirect.nhs.uk" />
 
 
 	<!--	!www doesn't work.	-->
-	<rule from="^https?://nhsdirect\.nhs\.uk/"
+	<rule from="^http://nhsdirect\.nhs\.uk/"
 		to="https://www.nhsdirect.nhs.uk/" />
 
 	<!--	Some pages redirect to http.	-->
diff --git a/src/chrome/content/rules/NHS.uk-falsemixed.xml b/src/chrome/content/rules/NHS.uk-falsemixed.xml
new file mode 100644
index 000000000000..e54e8b4a9ec1
--- /dev/null
+++ b/src/chrome/content/rules/NHS.uk-falsemixed.xml
@@ -0,0 +1,17 @@
+<!--
+	For rules not causing false/broken MCB, see NHS.xml.
+
+-->
+<ruleset name="NHS.uk (false MCB)" platform="mixedcontent">
+
+	<target host="indicators.ic.nhs.uk" />
+	<target host="www.tamesidehospital.nhs.uk" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NHS.xml b/src/chrome/content/rules/NHS.xml
index 1115784c7534..0cf258cf86e0 100644
--- a/src/chrome/content/rules/NHS.xml
+++ b/src/chrome/content/rules/NHS.xml
@@ -1,47 +1,668 @@
-<ruleset name="NHS (partial)">
 
-	<target host="healthunlocked.com"/>
-	<target host="*.healthunlocked.com"/>
-	<target host="nhs.uk"/>
-	<target host="*.nhs.uk"/>
-	<target host="talkhealthpartnership.com"/>
-	<target host="*.talkhealthpartnership.com"/>
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://bhamcommunity.nhs.uk/EasySiteWeb/EasySite/StyleData/Birmingham2015_Master/Images/footer-divider.png => https://bhamcommunity.nhs.uk/EasySiteWeb/EasySite/StyleData/Birmingham2015_Master/Images/footer-divider.png: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.bhamcommunity.nhs.uk/EasySiteWeb/EasySite/SupportFiles/jquery/ui.css => https://www.bhamcommunity.nhs.uk/EasySiteWeb/EasySite/SupportFiles/jquery/ui.css: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.bhamcommunity.nhs.uk/EasysiteWeb/getresource.axd?AssetID=20251&type=custom&servicetype=Inline&customSizeId=1 => https://www.bhamcommunity.nhs.uk/EasysiteWeb/getresource.axd?AssetID=20251&type=custom&servicetype=Inline&customSizeId=1: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.bhamcommunity.nhs.uk/easysiteweb/style/faux/css/ux.paux.css => https://www.bhamcommunity.nhs.uk/easysiteweb/style/faux/css/ux.paux.css: (60, 'SSL certificate problem: certificate has expired')
+Non-2xx HTTP code: http://nhs.uk/10-minute-shake-up (200) => https://www.nhs.uk/10-minute-shake-up (403)
+Non-2xx HTTP code: http://nhs.uk/_layouts/1033/styles/Menu.css (200) => https://www.nhs.uk/_layouts/1033/styles/Menu.css (403)
+Fetch error: http://www.noo.nhs.uk/index.htm => https://www.noo.org.uk/index.htm: (51, "SSL: no alternative certificate subject name matches target host name 'www.noo.org.uk'")
+Fetch error: http://www.barnsley.nhs.uk/ => https://www.barnsley.nhs.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'www.barnsley.nhs.uk'")
+Fetch error: http://www.cheshiremerseysidecsu.nhs.uk/ => https://www.cheshiremerseysidecsu.nhs.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'www.cheshiremerseysidecsu.nhs.uk'")
+Fetch error: http://opis.cmft.nhs.uk/ => https://opis.cmft.nhs.uk/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://healthiertogethergm.nhs.uk/ => https://healthiertogethergm.nhs.uk/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.healthiertogethergm.nhs.uk/ => https://www.healthiertogethergm.nhs.uk/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://specialitytraining.hee.nhs.uk/ => https://specialitytraining.hee.nhs.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'specialitytraining.hee.nhs.uk'")
+Fetch error: http://hps.nhs.uk/ => https://hps.nhs.uk/: (6, 'Could not resolve host: hps.nhs.uk')
+Fetch error: http://projects.ic.nhs.uk/ => https://projects.ic.nhs.uk/: (28, 'Connection timed out after 20015 milliseconds')
+Fetch error: http://www.institute.nhs.uk/ => https://www.institute.nhs.uk/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://leadershipacademy.nhs.uk/ => https://leadershipacademy.nhs.uk/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://anderson-stage.leadershipacademy.nhs.uk/ => https://anderson-stage.leadershipacademy.nhs.uk/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://moh.nhs.uk/ => https://moh.nhs.uk/: (6, 'Could not resolve host: moh.nhs.uk')
+Fetch error: http://www.moh.nhs.uk/ => https://www.moh.nhs.uk/: (6, 'Could not resolve host: www.moh.nhs.uk')
+Fetch error: http://www.neqos.nhs.uk/ => https://www.neqos.nhs.uk/: (60, 'SSL certificate problem: self signed certificate')
+Fetch error: http://www.nhsbsadental.nhs.uk/ => https://www.nhsbsadental.nhs.uk/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.nycris.nhs.uk/ => https://www.nycris.nhs.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'www.nycris.nhs.uk'")
+Fetch error: http://www.peterboroughandstamford.nhs.uk/ => https://www.peterboroughandstamford.nhs.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'www.peterboroughandstamford.nhs.uk'")
+Fetch error: http://addtoyourlife.wales.nhs.uk/ => https://addtoyourlife.wales.nhs.uk/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.noo.nhs.uk/ => https://www.noo.org.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'www.noo.org.uk'")
 
+	For rules causing false/broken MCB, see NHS.uk-falsemixed.xml.
 
-	<securecookie host="^(www2?\.)?healthunlocked\.com$" name=".*"/>
-	<securecookie host="^(.*\.)?talkhealthpartnership\.com$" name=".*"/>
+	Other NHS rulesets:
 
+		- NHS_ePortfolios.org.xml
 
-	<rule from="^http://(www2?\.)?healthunlocked\.com/"
-		to="https://$1healthunlocked.com/"/>
 
-	<!--	communities pages redirect to http	-->
-	<rule from="^http://([\w\-]+)\.healthunlocked\.com/(assets/|images/)"
-		to="https://$1.healthunlocked.com/$2"/>
+	Nonfunctional hosts in *nhs.uk:
 
-	<rule from="^http://(?:www\.)?nhs\.uk/(\?.*)?$"
-		to="https://www.nhs.uk/Pages/HomePage.aspx$1" />
+		- www.awp ᶠ
+		- berkshirehealthcare ᵇ
+		- www.berkshirehealthcare ᶠ
+		- bhamcrosscityccg ᵈ
+		- www.brighterfuturesgwh ᵇ
+		- www.connectingforhealth ᵈ
+		- www.corelearningunit ᵇ
+		- dudleygroup ᵈ
+		- egap.evidence ʰ
+		- www.foundationprogramme ᶠ
+		- www.gwh ᵇ
+		- www.iapt ʳ
+		- www.ic ᵈ
+		- jobs.kch ᵃ
+		- insights.london ᵃ
+		- www.londonhp ᵖ
+		- www.medicinesresources ᵗ
+		- www.midlandsmedicines ᵃ
+		- guide.moh ʰ
+		- www.nhsbsa ᵈ
+		- www.nhscarerecords ᵈ
+		- (www.)?northwestcsu ᶠ
+		- www.nrls.npsa ʰ
+		- www.qualityobservatory ᶠ
 
-	<!--	everything on login page and a little more, namely:
+		- (www.)?scot ᵃ
+		- www.cen.scot ᵃ
+		- cfs.scot ᵃ
+		- www.cleftsis.scot ᵃ
+		- www.communitypharmacy.scot ᵃ
+		- www.cso.scot ᵃ
+		- www.elib.scot ᵃ
+		- www.fitfortravel.scot ᵃ
+		- www.qifv.scot ᵃ
+		- www.isdscotland.scot ᵃ
+		- auth.knowledge.scot ᵃ
+		- www.lsamoforumuk.scot ᵃ
+		- www.mcs.scot ʰ
+		- www.moodjuice.scot ᵈ
+		- www.mydiabetesmyway.scot ᵈ
+		- www.supportworkercentral.nes.scot ᵃ
+		- www.nes.scot ᵃ
+		- www.nisg.scot ᵃ
+		- www.nhsborders.scot ᵃ
+		- www.nhsfife.scot ᵃ
+		- www.ohb.scot ᶠ
+		- peopleconnect.scot ʰ
+		- www.promotion.scot ᵃ
+		- www.promotionswi.scot ᵃ
+		- www.rehabilitationmkn.scot ʰ
+		- www.scan.scot ᵃ
+		- www.sci-diabetes.scot ᵃ
+		- www.sharedlearning.scot ᵃ
+		- www.show.scot ᵃ
+		- www.sma.scot ᵃ
+		- www.smvn.scot ᵃ
+		- www.travax.scot ᵃ
 
-			- NHSEngland/Healthcosts/Pages/Dentalcosts.aspx
-			- NHSEngland/Healthcosts/Pages/PPC.aspx
-			- NHSEngland/Healthcosts/Pages/universal-credit.aspx
-			- NHSEngland/Pages/NHSEngland.aspx
-			- Pages/HomePage.aspx
-			- PublishingImages/PersonalisationModules/Modules/newsletterpromo.jpg
+		- www.swpho ᶠ
+		- www.childrenandyoungpatients.uclh ᵇ
+		- www.ukmi ᵃ
 
-			And most probably a fair bit more.
+		- (www.)?wales ʳ
+		- www.1000liveplus.wales ʳ
+		- www.1000ofywydauamwy.wales ʳ
+		- www.abm.wales ʳ
+		- ambulance.wales ʰ
+		- www.bcu.wales ʳ
+		- www.cancerservicesdirectory.wales ʳ
+		- www.cardiffandvaleuhb.wales ʳ
+		- www.e-das.wales ʳ
+		- www.eiapractice.wales ʳ
+		- www.hywelddalhb.wales ʳ
+		- nww.immunisation.wales ʳ
+		- www.nwisinformationstandards.wales ʳ
+		- www.p2.wales ʳ
+		- www.patientsafety.wales ᵃ
+		- www.powysthb.wales ʳ
+		- www.publichealthwales.wales ʳ
+		- static.wales ʳ
+		- www.theroom.wales ᵃ
+		- www.velindrecc.wales ʳ
+		- www.wcisu.wales ʳ
+		- www.weds.wales ʳ
+		- www.wemerec.wales ᵈ
+		- www.wmic.wales ᵈ
 
-			No discernable pattern for which work and which don't.
-							-->
-	<rule from="^http://(?:www\.)?nhs\.uk/(_layouts/\d\d\d\d/styles/Menu\.css|conditions/|css/(?:base|find-services|personalisation|print|reset|screen)\.css|img/(?:buttons/btn-arrow\.gif|header/|(?:chevron-grey|directgov|information-standards|sprite-footer)\.gif|sub-nav-b(?:g|order))|News/|NHSEngland/(?:Healthcosts/Pages/(?:Dentalcosts|PPC|universal-credit)|Pages/NHSEngland)\.aspx|Pages/HomePage\.aspx|Personalisation/|PublishingImages/PersonalisationModules/Modules/newsletterpromo\.jpg)"
-		to="https://www.nhs.uk/$1"/>
+	ᵃ Shows another domain
+	ᵇ Shows default page
+	ᵈ Dropped
+	ᶠ Handshake fails
+	ʰ Redirects to http
+	ᵖ Plaintext reply
+	ʳ Refused
+	ᵗ Reset
 
-	<rule from="^http://(www\.)?wales\.nhs\.uk/"
-		to="https://$1wales.nhs.uk/" />
 
-	<rule from="^http://(www\.)?talkhealthpartnership\.com/"
-		to="https://$1talkhealthpartnership.com/"/>
+	Problematic hosts in *nhs.uk:
+
+		- ^ ᵐ
+		- www.cancerscreening ᵐ
+		- (www.)?cpft ᵐ
+		- www.cscsu ᶜ
+		- elft		404
+		- live2.evidence ᵉ ᵐ
+		- www.haringeyccg ᵐ
+		- healthcareers ᵈ
+		- healthiernorthwestlondon	200 "could not find key"
+		- healthystart ʳ
+		- www.hey ᵐ
+		- www.hps ᵐ
+		- www.humber ᵐ
+		- indicators.ic ˣ
+		- kentsexualhealth ᵐ
+		- neas ᵐ
+		- blogs.nhsbt ᵐ
+		- www.nhsbt ᵐ
+		- www.nhscareers ᵈ
+		- www.nice ᵐ
+		- www.nnuh ᵐ ˢ
+		- www.noo ᵐ
+		- www.northumbria ᵒ
+		- helpdesk.pcc ᵐ
+		- (www.)?royalmarsden ᶜ
+		- isdscotland.scot ˣ
+		- www.knowledge.scot ᵉ
+		- www.midwiferysupervision.scot ᵐ
+		- www.sphil ᵐ
+		- www.tamesidehospital ˣ
+
+		- www.myhealthonline-inps.wales ᶜ
+		- www.procurement.wales ᵉ
+
+	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
+	ᵈ Dropped
+	ᵉ Expired
+	ᵐ Mismatched
+	ˢ Self-signed
+	ᵒ Tor users blocked by CloudFlare settings
+	ʳ Refused
+	ˣ Mixed css
+
+
+	These altnames don't exist:
+
+		- hpac.nhs.uk
+		- jobs.nhs.uk
+		- nwppn.nhs.uk
+		- poole.nhs.uk
+		- frameworks-scotland2.scot.nhs.uk
+		- www.quitnow.smokefree.nhs.uk
+		- uclh.nhs.uk
+		- e-learning2.wales.nhs.uk
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- www.aquanw.nhs.uk
+		- www.croydonhealthservice.nhs.uk
+		- www.farehamandgosportccg.nhs.uk
+		- intranet.humber.nhs.uk
+
+		- esuppliers.ic.nhs.uk
+		- extranet.ic.nhs.uk
+		- groups.ic.nhs.uk
+		- indicators.ic.nhs.uk
+		- panelsurveys.ic.nhs.uk
+
+		- www.jobs.nhs.uk
+		- .kch.nhs.uk
+		- www.kmpt.nhs.uk
+		- .moh.nhs.uk
+		- apps.nhsbsa.nhs.uk
+		- .nhsbt.nhs.uk
+		- .blogs.nhsbt.nhs.uk
+		- www.nwppn.nhs.uk
+		- .organdonation.nhs.uk
+		- helpdesk.pcc.nhs.uk
+		- primarycare.nhs.uk
+		- www.primarycare.nhs.uk
+		- www.royalfree.nhs.uk
+		- www.sbs.nhs.uk
+
+		- www.frameworks-scotland2.scot.nhs.uk
+		- isdscotland.scot.nhs.uk
+		- .nes.scot.nhs.uk
+		- scotpho.nhsnss.scot.nhs.uk
+		- peopleconnect.scot.nhs.uk
+		- youngcancer.scot.nhs.uk
+		- www.youngcancer.scot.nhs.uk
+
+		- www.sheffieldchildrens.nhs.uk
+		- www.staffordshireandstokeontrent.nhs.uk
+		- www.southeasternhampshireccg.nhs.uk
+		- www.tamesidehospital.nhs.uk
+
+		- addtoyourlife.wales.nhs.uk
+		- www.myhealthonline-emisweb.wales.nhs.uk
+		- www.myhealthonline-inps.wales.nhs.uk
+		- www.nhsdirect.wales.nhs.uk
+		- www.procurement.wales.nhs.uk
+		- securefileshare.wales.nhs.uk
+
+		- www.nhs.uk
+		- . . .
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- iframe, on:
+
+			- indicators.ic from $self ˢ
+			- www.tamesidehospital from player.vimeo.com
+
+		- css, on:
+
+			- www.cscsu, www.elft from fonts.googleapis.com ˢ
+			- specialitytraining.hee, indicators.ic, www.tamesidehospital from $self ˢ
+			- blogs.nhsbt from $self
+			- isdscotland.scot from $self
+
+		- Images, on:
+
+			- www.croydonhealthservices from mhn2065.sitekit.net
+			- www.elft, www.nwas from pbs.twimg.com ˢ
+			- healthiertogethergm from www.image-maps.com ˢ
+			- intranet.humber, www.leadershipacademy, www.rdash, www.tamesidehospital from $self ˢ
+			- blogs.nhsbt from $self
+			- isdscotland.scot from $self
+			- www.walsallhealthcare from demo.walsallhealthcare.nhs.uk.smart-hosting.co.uk
+
+		- Bug on jobs.scot from logger.scot.nhs.uk ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="NHS.uk (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.aquanw.nhs.uk" />
+	<target host="iapt-sglos.awp.nhs.uk" />
+	<target host="lift.awp.nhs.uk" />
+	<target host="www.barnsley.nhs.uk" />
+	<target host="bedfordhospital.nhs.uk" />
+	<target host="www.bedfordhospital.nhs.uk" />
+	<target host="www.bedfordshireccg.nhs.uk" />
+	<target host="bhamcommunity.nhs.uk" />
+	<target host="www.bhamcommunity.nhs.uk" />
+	<target host="www.chesterfieldroyal.nhs.uk" />
+	<target host="www.cheshiremerseysidecsu.nhs.uk" />
+	<target host="opis.cmft.nhs.uk" />
+	<target host="www.croydonhealthservices.nhs.uk" />
+	<!--target host="www.cscsu.nhs.uk" /-->
+	<target host="cumbriapartnership.nhs.uk" />
+	<target host="www.cumbriapartnership.nhs.uk" />
+	<target host="digital.nhs.uk" />
+	<target host="www.easterncheshireccg.nhs.uk" />
+	<target host="www.elft.nhs.uk" />
+	<target host="www.england.nhs.uk" />
+	<target host="www.performer.england.nhs.uk" />
+	<target host="epsom-sthelier.nhs.uk" />
+	<target host="www.epsom-sthelier.nhs.uk" />
+	<target host="www.evidence.nhs.uk" />
+	<target host="www.farehamandgosportccg.nhs.uk" />
+	<target host="gmw.nhs.uk" />
+	<target host="www.gmw.nhs.uk" />
+	<target host="members.gwh.nhs.uk" />
+	<target host="www.healthcareers.nhs.uk" />
+	<target host="healthiertogethergm.nhs.uk" />
+	<target host="www.healthiertogethergm.nhs.uk" />
+	<target host="www.healthiernorthwestlondon.nhs.uk" />
+	<target host="www.healthystart.nhs.uk" />
+	<target host="hee.nhs.uk" />
+
+	<target host="www.genomicseducation.hee.nhs.uk" />
+	<target host="gprecruitment.hee.nhs.uk" />
+	<target host="specialitytraining.hee.nhs.uk" />
+	<target host="www.hee.nhs.uk" />
+
+	<target host="www.hpac.nhs.uk" />
+	<target host="hps.nhs.uk" />
+	<target host="intranet.humber.nhs.uk" />
+
+	<target host="catalogue.ic.nhs.uk" />
+	<target host="esuppliers.ic.nhs.uk" />
+	<target host="extranet.ic.nhs.uk" />
+	<target host="groups.ic.nhs.uk" />
+	<target host="imca.ic.nhs.uk" />
+	<!--target host="indicators.ic.nhs.uk" /-->
+	<target host="panelsurveys.ic.nhs.uk" />
+	<target host="projects.ic.nhs.uk" />
+	<target host="rocrsubmissions.ic.nhs.uk" />
+
+	<target host="www.imperial.nhs.uk" />
+	<target host="www.institute.nhs.uk" />
+	<target host="www.jobs.nhs.uk" />
+	<target host="kch.nhs.uk" />
+	<target host="careers.kch.nhs.uk" />
+	<target host="www.kch.nhs.uk" />
+	<target host="www.kmpt.nhs.uk" />
+	<target host="leadershipacademy.nhs.uk" />
+
+	<target host="anderson.leadershipacademy.nhs.uk" />
+	<target host="anderson-stage.leadershipacademy.nhs.uk" />
+	<target host="www.leadershipacademy.nhs.uk" />
+
+	<target host="modalitypartnership.nhs.uk" />
+	<target host="www.modalitypartnership.nhs.uk" />
+	<target host="moh.nhs.uk" />
+	<target host="www.moh.nhs.uk" />
+	<target host="www.ebs.ncrs.nhs.uk" />
+	<target host="www.neas.nhs.uk" />
+	<target host="www.neqos.nhs.uk" />
+
+	<target host="*.networks.nhs.uk" /><!-- STS header includes includeSubdomains	-->
+
+		<test url="http://www.networks.nhs.uk/" />
+
+	<target host="apps.nhsbsa.nhs.uk" />
+	<target host="www.nhsbsadental.nhs.uk" />
+	<!--target host="www.northumbria.nhs.uk" />	Needs clearnet testing	-->
+	<target host="report.nrls.nhs.uk" />
+	<target host="www.ntw.nhs.uk" />
+	<target host="www.nwas.nhs.uk" />
+	<target host="www.nwppn.nhs.uk" />
+	<target host="www.nycris.nhs.uk" />
+	<target host="www.organdonation.nhs.uk" />
+	<target host="penninecare.nhs.uk" />
+
+	<target host="*.penninecare.nhs.uk" /><!--	STS header includes includeSubdomains	-->
+
+		<test url="http://www.penninecare.nhs.uk/" />
+
+	<target host="www.peterboroughandstamford.nhs.uk" />
+	<target host="www.poole.nhs.uk" />
+	<target host="primarycare.nhs.uk" />
+	<target host="www.primarycare.nhs.uk" />
+	<target host="www.rdash.nhs.uk" />
+
+	<target host="*.reportnhsfraud.nhs.uk" /><!--	STS header includes includeSubdomains	-->
+
+		<test url="http://www.reportnhsfraud.nhs.uk/" />
+
+	<target host="www.royalfree.nhs.uk" />
+	<!--target host="royalmarsden.nhs.uk" /-->
+	<!--target host="www.royalmarsden.nhs.uk" /-->
+	<target host="www.safetythermometer.nhs.uk" />
+	<target host="www.sbs.nhs.uk" />
+	<target host="quitnow.smokefree.nhs.uk" />
+
+	<target host="babylink.scot.nhs.uk" />
+	<target host="dmp.scot.nhs.uk" />
+	<target host="gohealthservices.scot.nhs.uk" />
+	<target host="www.frameworks-scotland2.scot.nhs.uk" />
+	<!--target host="isdscotland.scot.nhs.uk" /-->
+	<target host="jobs.scot.nhs.uk" />
+	<!--target host="www.knowledge.scot.nhs.uk" /-->
+	<target host="logger.scot.nhs.uk" />
+	<target host="intranet.nes.scot.nhs.uk" />
+	<target host="nam.nes.scot.nhs.uk" />
+	<target host="namgate.nes.scot.nhs.uk" />
+	<target host="scotpho.nhsnss.scot.nhs.uk" />
+	<target host="www.peopleconnect.scot.nhs.uk" />
+	<target host="portal.scot.nhs.uk" />
+	<target host="www.portal.scot.nhs.uk" />
+	<target host="youngcancer.scot.nhs.uk" />
+	<target host="www.youngcancer.scot.nhs.uk" />
+
+	<target host="www.sheffieldchildrens.nhs.uk" />
+	<target host="www.southeasternhampshireccg.nhs.uk" />
+	<target host="www.staffordshireandstokeontrent.nhs.uk" />
+	<target host="stgeorges.nhs.uk" />
+	<target host="www.stgeorges.nhs.uk" />
+	<target host="stockport.nhs.uk" />
+	<target host="www.stockport.nhs.uk" />
+
+	<target host="media.supplychain.nhs.uk" />
+	<target host="my.supplychain.nhs.uk" />
+	<target host="www.supplychain.nhs.uk" />
+
+	<target host="www.swft.nhs.uk" />
+	<!--target host="www.tamesidehospital.nhs.uk" /-->
+	<target host="www.uclh.nhs.uk" />
+
+	<target host="addtoyourlife.wales.nhs.uk" />
+	<target host="learning.wales.nhs.uk" />
+	<target host="www.myhealthonline-emisweb.wales.nhs.uk" />
+	<!--target host="www.myhealthonline-inps.wales.nhs.uk" /-->
+	<target host="www.nhsdirect.wales.nhs.uk" />
+	<!--target host="www.procurement.wales.nhs.uk" /-->
+	<target host="securefileshare.wales.nhs.uk" />
+
+	<target host="www.walsallhealthcare.nhs.uk" />
+	<target host="www.wirralccg.nhs.uk" />
+	<target host="www.nhs.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="nhs.uk" />
+	<target host="elft.nhs.uk" />
+	<target host="healthcareers.nhs.uk" />
+	<target host="healthiernorthwestlondon.nhs.uk" />
+	<target host="healthystart.nhs.uk" />
+	<target host="kentsexualhealth.nhs.uk" />
+	<target host="neas.nhs.uk" />
+	<target host="www.nhscareers.nhs.uk" />
+	<target host="www.nice.nhs.uk" />
+	<target host="www.noo.nhs.uk" />
+	<target host="helpdesk.pcc.nhs.uk" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="http://(?:www\.)?bhamcommunity\.nhs\.uk/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="http://(?:www\.)?bhamcommunity\.nhs\.uk/(?!/*(?:[Ee]asy[Ss]ite[Ww]eb/))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://bhamcommunity.nhs.uk/about-us/" />
+			<test url="http://www.bhamcommunity.nhs.uk/contact/" />
+			<test url="http://www.bhamcommunity.nhs.uk/professionals/medicines-management/" />
+
+			<!--	-ve:
+					-->
+			<test url="http://bhamcommunity.nhs.uk/EasySiteWeb/EasySite/StyleData/Birmingham2015_Master/Images/footer-divider.png" />
+			<test url="http://www.bhamcommunity.nhs.uk/EasySiteWeb/EasySite/SupportFiles/jquery/ui.css" />
+			<test url="http://www.bhamcommunity.nhs.uk/EasysiteWeb/getresource.axd?AssetID=20251&amp;type=custom&amp;servicetype=Inline&amp;customSizeId=1" />
+			<test url="http://www.bhamcommunity.nhs.uk/easysiteweb/style/faux/css/ux.paux.css" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.knowledge\.scot\.nhs\.uk/home\.aspx$" /-->
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="^http://www\.knowledge\.scot\.nhs\.uk/(?!ImageGen\.ashx)" /-->
+
+			<!--	+ve:
+					-->
+			<!--test url="http://www.knowledge.scot.nhs.uk/home.aspx" /-->
+
+			<!--	-ve:
+					-->
+			<!--test url="http://www.knowledge.scot.nhs.uk/ImageGen.ashx?image=/media/9683435/people%20connect.jpg&amp;width=192" /-->
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.mcs\.scot\.nhs\.uk/home\.aspx" /-->
+
+			<!--	+ve:
+					-->
+			<!--test url="http://www.mcs.scot.nhs.uk/home.aspx" /-->
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.procurement\.wales\.nhs\.uk/(?:$|favicon\.ico)" /-->
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="^http://www\.procurement\.wales\.nhs\.uk/(?!css/|resource/)" /-->
+
+			<!--	+ve:
+					-->
+			<!--test url="http://www.procurement.wales.nhs.uk/favicon.ico" /-->
+
+			<!--	-ve:
+					-->
+			<!--test url="http://www.procurement.wales.nhs.uk/css/sIFR-print.css" /-->
+			<!--test url="http://www.procurement.wales.nhs.uk/images/searcharrow.gif" /-->
+			<!--test url="http://www.procurement.wales.nhs.uk/resource/16573.24155.imgRandom.eng.jpg" /-->
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.nhs\.uk/($|Conditions/Pages/hub\.aspx|IPS$|NHSEngland/Pages/NHSEngland\.aspx|Personalisation$|aboutNHSChoices$|aboutNHSChoices/Pages/ContactUs\.aspx|favicon\.ico|find$|ipg/Pages/IPStart\.aspx|medicine-guides$|pages/(?:home|languagehub)\.aspx|press$|[Ss]ervice-[Ss]earch$|video$|yourhealth$)" /-->
+		<!--
+			Exceptions include everything on login page and a little more, namely:
+
+				- NHSEngland/Healthcosts/Pages/Dentalcosts.aspx
+				- NHSEngland/Healthcosts/Pages/PPC.aspx
+				- NHSEngland/Healthcosts/Pages/universal-credit.aspx
+
+			This needs lots and lots and lots ... of tests
+									-->
+		<!--exclusion pattern="^http://(?:www\.)?nhs\.uk/(?!sub-nav-b(?:g|order))|News/|NHSEngland/Healthcosts/Pages/(?:Dentalcosts|PPC|universal-credit)\.aspx|Personalisation/)" /-->
+		<exclusion pattern="^http://(?:www\.)?nhs\.uk/(?!/*(?:_layouts/\d\d\d\d/|(?:10-minute-shake-up|change4life-beta/campaigns/sugar-smart/home|[Ss]ervice-[Ss]earch/performance/search|start4life/signups/new)(?:$|\?)|Personalisation/(?:Login|Registration|ResetPassword)\.aspx|(?:[\w/-]+/)?PublishingImages/|[Ss]ervice-[Ss]earch/[Cc]ontent/(?:css|img)/|Tools/Documents/|aboutNHSChoices/aboutnhschoices/e-newsletters/Pages/newsletters-home\.aspx|ipgcontrols/(?:css|image)s/|ipgmedia/|css/|img/))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.nhs.uk/Conditions/Pages/hub.aspx" />
+			<test url="http://www.nhs.uk/IPS" />
+			<test url="http://www.nhs.uk/NHSEngland" />
+			<test url="http://www.nhs.uk/Personalisation" />
+			<test url="http://www.nhs.uk/PersonalisationModules/PublishingImages/logo-giveblood.png" />
+			<test url="http://www.nhs.uk/Service-Search" />
+			<test url="http://www.nhs.uk/aboutNHSChoices" />
+			<test url="http://www.nhs.uk/conditions/measles/Pages/Introduction.aspx" />
+			<test url="http://www.nhs.uk/conditions/social-care-and-support-guide/pages/nhs-continuing-care.aspx" />
+			<test url="http://www.nhs.uk/favicon.ico" />
+			<test url="http://www.nhs.uk/ipg/Pages/AboutThisService.aspx" />
+			<test url="http://www.nhs.uk/ipg/Pages/IPStart.aspx" />
+			<test url="http://www.nhs.uk/livewell/fitness/Pages/Fitnesshome.aspx" />
+			<test url="http://www.nhs.uk/medicine-guides" />
+			<test url="http://www.nhs.uk/news/Pages/NewsIndex.aspx" />
+			<test url="http://www.nhs.uk/pages/home.aspx" />
+			<test url="http://www.nhs.uk/press" />
+			<test url="http://www.nhs.uk/service-search" />
+			<test url="http://www.nhs.uk/service-search/dentist/locationsearch/3" />
+			<test url="http://www.nhs.uk/video" />
+			<test url="http://www.nhs.uk/yourhealth" />
+			<test url="http://www.nhs.uk/pages/languagehub.aspx" />
+
+			<!--	-ve:
+					-->
+			<test url="http://nhs.uk/10-minute-shake-up" />
+			<test url="http://nhs.uk/_layouts/1033/styles/Menu.css" />
+			<test url="http://www.nhs.uk/Conditions/PublishingImages/For%20hub%20page.jpg" />
+			<!--test url="http://www.nhs.uk/NHSEngland/ARC/PublishingImages/2016/S_0416_antibiotics_C0150331_ST.jpg" /-->
+			<!--test url="http://www.nhs.uk/NHSEngland/Healthcareabroad/PublishingImages/T_0416_healthcare-abroad_468044224_st.jpg" /-->
+			<test url="http://www.nhs.uk/NHSEngland/PublishingImages/2015/my-nhs.jpg" />
+			<!--test url="http://www.nhs.uk/NHSEngland/bruce-keogh-review/PublishingImages/2016/MS_0416_bruce-keogh_ST.jpg" /-->
+			<test url="http://www.nhs.uk/NHSEngland/complaints-and-feedback/PublishingImages/complaints_183x90_ThinkstockPhotos-515056570.jpg" />
+			<test url="http://www.nhs.uk/Personalisation/Login.aspx" />
+			<test url="http://www.nhs.uk/Personalisation/Registration.aspx" />
+			<test url="http://www.nhs.uk/Personalisation/ResetPassword.aspx" />
+			<test url="http://www.nhs.uk/PersonalisationModules/PublishingImages/logo-giveblood.png" />
+			<test url="http://www.nhs.uk/PublishingImages/PersonalisationModules/Modules/newsletterpromo.jpg" />
+			<test url="http://www.nhs.uk/PublishingImages/nhs-services.jpg" />
+			<test url="http://www.nhs.uk/Service-Search/Content/css/reset.css" />
+			<test url="http://www.nhs.uk/Service-Search/Content/img/geolocation.png" />
+			<!--test url="http://www.nhs.uk/Tools/Documents/NHS_ExercisesForOlderPeople.pdf" />	too large for automated check -->
+			<test url="http://www.nhs.uk/aboutNHSChoices/aboutnhschoices/e-newsletters/Pages/newsletters-home.aspx" />
+			<!--test url="http://www.nhs.uk/aboutNHSChoices/PublishingImages/2015/about-us_183x90.jpg" /-->
+			<test url="http://www.nhs.uk/aboutNHSChoices/professionals/developments/PublishingImages/analytics_183x90_DFHAW6.jpg" />
+			<test url="http://www.nhs.uk/change4life-beta/campaigns/sugar-smart/home" />
+			<test url="http://www.nhs.uk/choiceintheNHS/Yourchoices/personal-health-budgets/PublishingImages/personal-health-budgets_183x90_GP031-5510.jpg" />
+			<test url="http://www.nhs.uk/css/reset.css" />
+			<test url="http://www.nhs.uk/img/login.png" />
+			<test url="http://www.nhs.uk/ipgcontrols/css/reset.css" />
+			<test url="http://www.nhs.uk/ipgcontrols/images/buttons/btn-arrow.gif" />
+			<test url="http://www.nhs.uk/ipgmedia/local/Pauls%20Cancer%20Support%20Centre/paulscancersupport.jpg" />
+			<test url="http://www.nhs.uk/ipgmedia/national/Royal%20College%20of%20Psychiatrists/RCP2~2513995.jpg" />
+			<test url="http://www.nhs.uk/service-search/performance/Consultants" />
+			<test url="http://www.nhs.uk/service-search/performance/search" />
+			<test url="http://www.nhs.uk/start4life/signups/new" />
+
+		<!--	Mixed css:
+					-->
+		<!--test url="http://indicators.ic.nhs.uk/webview/index/en/MyServer/NHS-Information-Centre-indicators.c.MyServer/GP-Practice-data.d.48/Demography.d.77/Deprivation.d.202/Income-Deprivation-Affecting-Older-People-Index-IDAOPI-2010-practice-attributed-dataset-/fStudy/P01114" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.(?:aquanw|croydonhealthservice|farehamandgosportccg|kmpt|sheffieldchildrens|southeasternhampshireccg|staffordshireandstokeontrent|tamesidehospital)\.nhs\.uk$" name="^SKSession$" /-->
+	<!--securecookie host="^(?:esuppliers|extranet|groups|panelsurveys)\.ic\.nhs\.uk$" name="^IC\.SP\.(?:HasRedirectedAfterLogin|RedirectURLCookie)$" /-->
+	<!--securecookie host="^indicators\.ic\.nhs\.uk$" name="^JSESSIONID$" /-->
+	<!--securecookie host="^www\.jobs\.nhs\.uk$" name="^X-Mapping-\w+$" /-->
+	<!--securecookie host="^\.kch\.nhs\.uk$" name="^KCHCookies(?:_Banner)?$" /-->
+	<!--securecookie host="^\.moh\.nhs\.uk$" name="^SESS[\da-f]{32}$" /-->
+	<!--securecookie host="^\.(?:nhsbt|blogs\.nhsbt|organdonation)\.nhs\.uk$" name="^ARRAffinity$" /-->
+	<!--securecookie host="^apps\.nhsbsa\.nhs\.uk$" name="^JSESSIONID$" /-->
+	<!--securecookie host="^www\.nhsbsadental\.nhs\.uk$" name="^PROXY_SESSIONID$" /-->
+	<!--securecookie host="^www\.(?:nwppn|sbs)\.nhs\.uk$" name="^[\da-f]{32}$" /-->
+	<!--securecookie host="^helpdesk\.pcc\.nhs\.uk$" name="^SWIFT_(?:client|sessionid40)$" /-->
+	<!--securecookie host="^(?:www\.)?primarycare\.nhs\.uk$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^www\.royalfree\.nhs\.uk$" name="^(?:PHPSESSID|rf_(?:csrf_token|last_ativity|last_visit|stashid|tracker))$" /-->
+	<!--securecookie host="^www\.frameworks-scotland2\.scot\.nhs\.uk$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^isdscotland\.scot\.nhs\.uk$" name="^ASPSESSIONID[A-Z]+$" /-->
+	<!--securecookie host="^jobs\.scot\.nhs\.uk$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^\.nes\.scot\.nhs\.uk$" name="^IPCZQX[\da-f]$" /-->
+	<!--securecookie host="^scotpho\.nhsnss\.scot\.nhs\.uk$" name="^(?:JSESSIONID|OASINET)$" /-->
+	<!--securecookie host="^peopleconnect\.scot\.nhs\.uk$" name="^(?:__RequestVerificationToken|ASP\.NET_SessionId)$" /-->
+	<!--securecookie host="^(?:www\.)?youngcancer\.scot\.nhs\.uk$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^addtoyourlife\.wales\.nhs\.uk$" name="^(?:LANG|PIENAV$)" /-->
+	<!--securecookie host="^www\.(?:myhealthonline-emisweb|procurement)\.wales\.nhs\.uk$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^www\.myhealthonline-inps\.wales\.nhs\.uk$" name="^TS[\da-f]+$" /-->
+	<!--securecookie host="^www\.nhsdirect\.wales\.nhs\.uk$" name="^(?:ASP\.NET_SessionId|NHSDWCookieSettings)$" /-->
+	<!--securecookie host="^securefileshare\.wales\.nhs\.uk$" name="^(?:DesignModeTest|DMZCookieTest|JavascriptTest|LongTermCookieExpireDate|MIDMZLang|TS[\da-f]+|WizardVersions|siLockLongTermInstID)$" /-->
+	<!--securecookie host="^www\.nhs\.uk$" name="^(?:_isp-form_session|_ten-minute-shake-up_session|CAM|WFE)$" /-->
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^(?!(?:www\.)?bhamcommunity\.|www\.)\w" name=".+" />
+
+
+	<rule from="^http://nhs\.uk/"
+		to="https://www.nhs.uk/" />
+
+	<rule from="^http://(elft|healthcareers|healthiernorthwestlondon|healthystart|neas)\.nhs\.uk/"
+		to="https://www.$1.nhs.uk/" />
+
+	<!--	Redirect drops forward slash
+		and path, but not args:
+						-->
+	<rule from="^http://kentsexualhealth\.nhs\.uk/[^?]*"
+		to="https://www.kent.gov.uk/sexualhealth" />
+
+		<test url="http://kentsexualhealth.nhs.uk/home.htm" />
+
+	<!--	Redirect drops path and args:
+						-->
+	<rule from="^http://www\.nhscareers\.nhs\.uk/.*"
+		to="https://www.healthcareers.nhs.uk/" />
+
+		<test url="http://www.nhscareers.nhs.uk/index.php" />
+
+	<!--	Redirect keeps path and args,
+		but not forward slash:
+					-->
+	<rule from="^http://www\.n(ice|oo)\.nhs\.uk/+"
+		to="https://www.n$1.org.uk/" />
+
+		<test url="http://www.nice.nhs.uk/index.htm" />
+		<test url="http://www.noo.nhs.uk/index.htm" />
+
+	<!--	Redirect drops path and args:
+						-->
+	<rule from="^http://helpdesk\.pcc\.nhs\.uk/.*"
+		to="https://helpdesk.pcc-cic.org.uk/" />
+
+		<test url="http://helpdesk.pcc.nhs.uk/Default.aspx" />
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/NHS_ePortfolios.org.xml b/src/chrome/content/rules/NHS_ePortfolios.org.xml
new file mode 100644
index 000000000000..86c6a05b53d0
--- /dev/null
+++ b/src/chrome/content/rules/NHS_ePortfolios.org.xml
@@ -0,0 +1,53 @@
+<!--
+	For other NHS coverage, see NHS.xml.
+
+
+	Nonfunctional hosts in *nhseportfolios.org:
+
+		- guide ᵈ
+
+	ᵈ Dropped
+
+
+	Problematic hosts in *nhseportfolios.org:
+
+		- ^ ⁴
+		- talkback ᵐ
+
+	⁴ 404
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these domains:
+
+		- .talkback.nhseportfolios.org
+		- .www.nhseportfolios.org
+
+-->
+<ruleset name="NHS ePortfolios.org (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.nhseportfolios.org" />
+
+	<!--	Complications:
+				-->
+	<target host="nhseportfolios.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.talkback\.nhseportfolios\.org$" name="^ARRAffinity$" /-->
+	<!--securecookie host="^\.www\.nhseportfolios\.org$" name="^Affinity$" /-->
+
+	<securecookie host="^\w" name=".+" />
+	<securecookie host="^\.www\.nhseportfolios\.org$" name=".+" />
+
+
+	<rule from="^http://nhseportfolios\.org/"
+		to="https://www.nhseportfolios.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NIAP-CCEVS.org.xml b/src/chrome/content/rules/NIAP-CCEVS.org.xml
new file mode 100644
index 000000000000..465df2271c48
--- /dev/null
+++ b/src/chrome/content/rules/NIAP-CCEVS.org.xml
@@ -0,0 +1,16 @@
+<ruleset name="NIAP-CCEVS.org">
+
+	<target host="niap-ccevs.org" />
+	<target host="www.niap-ccevs.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.niap-ccevs\.org$" name="^(CFID|CFTOKEN)$" /-->
+
+	<securecookie host="^www\.niap-ccevs\.org$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NIBC_Direct.nl.xml b/src/chrome/content/rules/NIBC_Direct.nl.xml
index 9fa70fc25bf9..089e92217f64 100644
--- a/src/chrome/content/rules/NIBC_Direct.nl.xml
+++ b/src/chrome/content/rules/NIBC_Direct.nl.xml
@@ -22,7 +22,9 @@
 <ruleset name="NIBC Direct.nl">
 
 	<target host="nibcdirect.nl" />
-	<target host="*.nibcdirect.nl" />
+	<target host="www.nibcdirect.nl" />
+	<target host="service.nibcdirect.nl" />
+	<target host="sparen.nibcdirect.nl" />
 
 
 	<securecookie host=".+\.nibcdirect\.nl$" name=".+" />
@@ -31,7 +33,6 @@
 	<rule from="^http://(?:www\.)?nibcdirect\.nl/"
 		to="https://www.nibcdirect.nl/" />
 
-	<rule from="^http://s(ervice|paren)\.nibcdirect\.nl/"
-		to="https://s$1.nibcdirect.nl/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/NIC.Ar.xml b/src/chrome/content/rules/NIC.Ar.xml
new file mode 100644
index 000000000000..6cd8a426e20c
--- /dev/null
+++ b/src/chrome/content/rules/NIC.Ar.xml
@@ -0,0 +1,42 @@
+<!--
+	Other NIC.Ar rulesets:
+
+		- Puntu.ar.xml
+
+
+	www: Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- nic.ar
+
+-->
+<ruleset name="NIC.Ar">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="nic.ar" />
+
+	<!--	Special cases:
+				-->
+	<target host="www.nic.ar" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^nic\.ar$" name="^(JSESSIONID|NIC|TS[\da-f])$" /-->
+
+	<securecookie host="^nic\.ar$" name=".+" />
+
+
+	<!--	Redirect keeps path, args,
+		and forward slash:
+					-->
+	<rule from="^http://www\.nic\.ar/"
+		to="https://nic.ar/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NIC.ad.jp.xml b/src/chrome/content/rules/NIC.ad.jp.xml
new file mode 100644
index 000000000000..dbbea6118da1
--- /dev/null
+++ b/src/chrome/content/rules/NIC.ad.jp.xml
@@ -0,0 +1,14 @@
+<!--
+	^: cert only matches www
+
+-->
+<ruleset name="NIC.ad.jp">
+
+	<target host="nic.ad.jp" />
+	<target host="www.nic.ad.jp" />
+
+
+	<rule from="^http://(?:www\.)?nic\.ad\.jp/"
+		to="https://www.nic.ad.jp/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NIC.br.xml b/src/chrome/content/rules/NIC.br.xml
new file mode 100644
index 000000000000..143c9c4b2133
--- /dev/null
+++ b/src/chrome/content/rules/NIC.br.xml
@@ -0,0 +1,44 @@
+<!--
+	Nonfunctional subdomains:
+
+		- saladeaula *
+
+	* Refused
+
+
+	Mixed content:
+
+		- Images, from:
+
+			- on (www.)gter and www from ^ ¹
+			- (www.)cetic.br ²
+			- (www.)cgi.br ²
+
+		- Bugs, from:
+
+			- validador.ipv6.br
+			- monitor.ntp.br
+
+	¹ Secured by server
+	² Unsecurable <= refused
+
+-->
+<ruleset name="NIC.br (partial)">
+
+	<target host="nic.br" />
+	<target host="gter.nic.br" />
+	<target host="www.gter.nic.br" />
+	<target host="www.nic.br" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^eventos\.nic\.br$" name="^_eventos_session$" /-->
+	<!--securecookie host="^(www\.)?gter\.nic\.br$" name="^I18N_LANGUAGE$" /-->
+
+	<securecookie host="^(?:eventos|gter|www\.gter)\.nic\.br$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NIC.ch.xml b/src/chrome/content/rules/NIC.ch.xml
index c0c394d8d4a3..d402332f0a9c 100644
--- a/src/chrome/content/rules/NIC.ch.xml
+++ b/src/chrome/content/rules/NIC.ch.xml
@@ -13,10 +13,13 @@
 	<target host="www.nic.ch" />
 
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.nic\.ch$" name="^JSESSIONID$" /-->
+
 	<securecookie host="^www\.nic\.ch$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?nic\.ch/"
-		to="https://www.nic.ch/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/NICE.org.uk.xml b/src/chrome/content/rules/NICE.org.uk.xml
new file mode 100644
index 000000000000..c0e60adaffde
--- /dev/null
+++ b/src/chrome/content/rules/NICE.org.uk.xml
@@ -0,0 +1,60 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://docs.nice.org.uk/ => https://docs.nice.org.uk/: (6, 'Could not resolve host: docs.nice.org.uk')
+
+	Nonfunctional hosts in *nice.org.uk:
+
+		- cks ᵗ
+		- publications ʰ
+
+	ʰ Redirects to http
+	ᵗ Reset
+
+
+	^nice.org.uk: Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.nice.org.uk
+
+
+	Mixed content:
+
+		- css on pathways.nice.org.uk from fonts.googleapis.com ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="NICE.org.uk (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="accounts.nice.org.uk" />
+	<target host="api.nice.org.uk" />
+	<target host="cdn.nice.org.uk" />
+	<target host="docs.nice.org.uk" />
+	<target host="pathways.nice.org.uk" />
+	<target host="www.nice.org.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="nice.org.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.nice.org\.uk$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^\." name="^_gat?$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://nice\.org\.uk/"
+		to="https://www.nice.org.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NICTA.com.au-problematic.xml b/src/chrome/content/rules/NICTA.com.au-problematic.xml
new file mode 100644
index 000000000000..d1de5a5b20f4
--- /dev/null
+++ b/src/chrome/content/rules/NICTA.com.au-problematic.xml
@@ -0,0 +1,13 @@
+<!--
+	For rules that are on by default, see NICTA.xml.
+
+-->
+<ruleset name="NICTA.com.au (expired)" default_off="expired">
+
+	<target host="ertos.nicta.com.au" />
+	<target host="www.ertos.nicta.com.au" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NICTA.xml b/src/chrome/content/rules/NICTA.xml
index 76db57fa4a7a..3925a10cbf7b 100644
--- a/src/chrome/content/rules/NICTA.xml
+++ b/src/chrome/content/rules/NICTA.xml
@@ -1,16 +1,31 @@
 <!--
-	Nonfunctional subdomains:
+	For problematic rules, see NICTA.com.au-problematic.xml.
+
+
+	Problematic subdomains:
+
+		- (www.)ertos *
+
+	* Expired 2013-04-11
+
+
+	Fully covered subdomains:
 
 		- (www.)
+		- owa
+		- ssrg
+		- webmail
 
 -->
 <ruleset name="NICTA (partial)">
 
-	<target host="ertos.nicta.com.au" />
-	<target host="www.ertos.nicta.com.au" />
+	<target host="nicta.com.au" />
+	<target host="owa.nicta.com.au" />
+	<target host="ssrg.nicta.com.au" />
+	<target host="webmail.nicta.com.au" />
+	<target host="www.nicta.com.au" />
 
 
-	<rule from="^http://(www\.)?ertos\.nicta\.com\.au/"
-		to="https://$1ertos.nicta.com.au/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/NIFTY.xml b/src/chrome/content/rules/NIFTY.xml
deleted file mode 100644
index cdd35aa9d2fb..000000000000
--- a/src/chrome/content/rules/NIFTY.xml
+++ /dev/null
@@ -1,37 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- btm	(times out)
-		- clip	(ditto)
-
--->
-<ruleset name="NIFTY (buggy)" default_off="https://trac.torproject.org/projects/tor/ticket/7107">
-
-	<target host="nifty.com" />
-	<target host="*.nifty.com" />
-		<!--
-			At least some paths 404 over https.
-
-			This pattern attempts to exclude everything
-			but favicon.ico and images/, which do work.
-									-->
-		<exclusion pattern="^http://www\.nifty\.com/(?:\w+$|[^fi]|f[^/]+\.\w+$|i[^m].*/|\w{1,5}/|\w{7,}/)" />
-		<exclusion pattern="^http://(?:btm|clip)\." />
-
-
-	<securecookie host="^.*\.nifty\.com$" name=".+" />
-
-
-	<!--	!www redirects to www.nifty.com/$ over https.
-								-->
-	<rule from="^https?://(?:www\.)?nifty\.com/(favicon\.ico|images/)"
-		to="https://www.nifty.com/$1" />
-
-	<!--	Clients have unique subdomains.  e.g.
-
-		azby.nifty.com
-			-->
-	<rule from="^http://([\w\-]+)\.nifty\.com/"
-		to="https://$1.nifty.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/NII.ac.jp-mixedcontent.xml b/src/chrome/content/rules/NII.ac.jp-mixedcontent.xml
new file mode 100644
index 000000000000..1d7ea2aa62c3
--- /dev/null
+++ b/src/chrome/content/rules/NII.ac.jp-mixedcontent.xml
@@ -0,0 +1,18 @@
+<!--
+	For rules not causing valid mixed content, see NII.ac.jp.xml.
+
+-->
+<ruleset name="NII.ac.jp (mixed content)" platform="mixedcontent">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.nii.ac.jp" />
+
+
+	<securecookie host="^www\.nii\.ac\.jp$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NII.ac.jp.xml b/src/chrome/content/rules/NII.ac.jp.xml
new file mode 100644
index 000000000000..249c69b147e2
--- /dev/null
+++ b/src/chrome/content/rules/NII.ac.jp.xml
@@ -0,0 +1,46 @@
+<!--
+	National Institute of Informatics
+
+	For rules causing valid mixed content, see NII.ac.jp-falsemixed.xml.
+
+
+	Problematic hosts in *nii.ac.jp:
+
+		- www ¹
+		- www-nc ²
+
+	¹ Mixed css
+	² Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.nii.ac.jp
+
+
+	Mixed content:
+
+		- Flash on www from $self
+		- css on www from www-nc.nii.ac.jp
+		- Images on www from www-nc.nii.ac.jp
+		- favicon on www from www-nc.nii.ac.jp
+
+-->
+<ruleset name="NII.ac.jp (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ds.hpci.nii.ac.jp" />
+	<!--target host="www.nii.ac.jp" /-->
+	<!--target host="www-nc.nii.ac.jp" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.nii\.ac\.jp$" name="^(?:Apache|nc_password|nc_session)$" /-->
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NIIF.xml b/src/chrome/content/rules/NIIF.xml
index 17c08ba8c994..c6969e285ff6 100644
--- a/src/chrome/content/rules/NIIF.xml
+++ b/src/chrome/content/rules/NIIF.xml
@@ -1,8 +1,13 @@
+<!--
+	Expired:
+		- www.hboneplus.hu
+-->
+
 <ruleset name="NIIF Int&#233;zet (partial)">
-	<target host="www.hboneplus.hu" />
+	<target host="niif.hu" />
 	<target host="www.niif.hu" />
 	<target host="www.ca.niif.hu" />
+	<target host="keys.niif.hu" />
 
-	<rule from="^http://www\.hboneplus\.hu/" to="https://www.hboneplus.hu/" />
-	<rule from="^http://([^@:/]*)\.niif\.hu/" to="https://$1.niif.hu/" />
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/NIPS.cc.xml b/src/chrome/content/rules/NIPS.cc.xml
new file mode 100644
index 000000000000..4a4f34d54bd6
--- /dev/null
+++ b/src/chrome/content/rules/NIPS.cc.xml
@@ -0,0 +1,33 @@
+<!--
+	Problematic hosts in *nips.cc:
+
+		- old ¹
+		- www ¹ ²
+
+	¹ Missing certificate chain
+	² Mismatched
+
+-->
+<ruleset name="NIPS.cc (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="nips.cc" />
+	<target host="media.nips.cc" />
+	<!--target host="old.nips.cc" /-->
+
+	<!--	Complications:
+				-->
+	<target host="www.nips.cc" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://www\.nips\.cc/"
+		to="https://nips.cc/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NJ.com.xml b/src/chrome/content/rules/NJ.com.xml
new file mode 100644
index 000000000000..6dcb7f7ae0e5
--- /dev/null
+++ b/src/chrome/content/rules/NJ.com.xml
@@ -0,0 +1,101 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://signup.nj.com/ => https://signup.nj.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+	CDN buckets:
+
+		- nj.fe-prod.vast.com
+
+			- autos
+
+		- hssn-prod.advance.net.edgesuite.net
+
+			- highschoolsports
+
+		- imgick-prod.advance.net.edgesuite.net
+
+		- mdw-prod.advance.net.edgesuite.net
+
+			- classifieds
+
+		- mt4-prod.advance.net.edgesuite.net
+
+			- media
+			- photos
+			- topics
+			- videos
+
+		- search-prod.advance.net.edgesuite.net
+
+		- www-prod.advance.net.edgesuite.net
+
+			- www
+
+		- njcom.findnsave.com
+
+
+	Nonfunctional subdomains:
+
+		- businessfinder ¹
+		- classifieds ²
+		- findnsave		(mismatched, CN: *.findnsave.com)
+		- foreclosures ¹
+		- highschoolsports ²
+		- imgick ²
+		- jobs ³
+		- photos ²
+		- realestate ²
+		- sections ⁴
+		- topics ²
+		- update ⁴
+		- videos ²
+		- www ²
+
+	¹ Redirects to http, valid cert
+	² 503, akamai
+	³ Redirects to http; mismatched, CN: sitemanager2.adicio.com
+	⁴ Dropped
+
+
+	Problematic subdomains:
+
+		- autos ¹
+		- media ²
+
+	¹ Works; mismatched, CN: *.vast.com
+	² Works, akamai
+
+
+	Mixed content:
+
+		- css, on:
+
+			- autos from media
+			- autos from fonts.googleapis.com *
+
+		- Images, on:
+
+			- autos from img.vast.com *
+			- autos and signup for media *
+
+	* Secured by us
+
+-->
+<ruleset name="NJ.com (partial)" default_off="failed ruleset test">
+
+	<target host="findnsave.nj.com" />
+	<target host="signup.nj.com" />
+		<!--
+			At least some stylesheets reference resources relative to root:
+											-->
+		<!--exclusion pattern="^http://media\.nj\.com/.+\.css($|\?)" /-->
+
+
+	<rule from="^http://findnsave\.nj\.com/(?=static/)"
+		to="https://njcom.findnsave.com/" />
+
+	<rule from="^http://signup\.nj\.com/"
+		to="https://signup.nj.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NJIT.edu.xml b/src/chrome/content/rules/NJIT.edu.xml
new file mode 100644
index 000000000000..db40c1d4a047
--- /dev/null
+++ b/src/chrome/content/rules/NJIT.edu.xml
@@ -0,0 +1,121 @@
+<!--
+	New Jersey Institute of Technology
+
+
+	Nonfunctional subdomains:
+
+		- biomedical ¹
+		- ece ¹
+		- help ²
+		- library ¹
+		- nce ¹
+		- ovsa ³
+
+	¹ Plaintext reply
+	² 403
+	³ Shows tree
+
+
+	Problematic subdomains:
+
+		- ^ ¹
+		- cp4 ²
+		- mail.g ³
+		- moodle ⁴
+		- my ⁵
+		- r25livepr1 ⁴
+		- www ⁴
+
+	¹ Dropped
+	² Unsafe renegotiation
+	³ Google
+	⁴ Mixed css
+	⁵ Refused
+
+
+	Partially covered subdomains:
+
+		- (www.) ¹	(^ → www)
+		- cp4 ²
+		- r25livepr1 ¹
+
+	¹ Avoiding broken MCB
+	² Some pages redirect to http
+
+
+
+	Fully covered subdomains:
+
+		- courseschedules
+		- directory
+		- mail.g	(→ mail.google.com
+		- ist
+		- my		(→ www)
+		- njit-connect
+		- webmail
+
+
+	Insecure cookies are set for these domains:
+
+		- cp4
+		- directory
+		- njit-connect
+
+
+	Mixed content:
+
+		- css, on:
+
+			- moodle from njit2.mrooms.net
+			- r25livepr1 and www from www *
+			- r25livepr1 from ajax.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="NJIT.edu (partial)">
+
+	<target host="njit.edu" />
+	<target host="*.njit.edu" />
+		<!--
+			Avoid broken MCB:
+						-->
+		<exclusion pattern="^http://(?:www\.)?njit\.edu/+(?!.+\.(?:css|jpg|gif|ico|png)(?:$|\?)|calendar(?:$|\?)|cp/login\.php|uws/feeds/thumb\.php|uws/ldapimage\.php)" />
+		<exclusion pattern="^http://r25livepr1\.njit\.edu/+(?!.+\.jpg(?:$|\?))" />
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="^http://cp4\.njit\.edu/cp/home/check/post($|\?)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://cp4\.njit\.edu/+(?!favicon\.ico|misc/|cp/content/|cps/images/|custom/|site/)" />
+
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^cp4\.njit\.edu$" name="^UserAgentId$" /-->
+	<!--securecookie host="^(directory|njit-connect)\.njit\.edu$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^njit-connect\.njit\.edu$" name="^(NSC_QH-\d+|ShoppingCartCookieID)$" /-->
+
+	<securecookie host="^(?:directory|njit-connect)\.njit\.edu$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?njit\.edu/"
+		to="https://www.njit.edu/" />
+
+	<rule from="^http://(courseschedules|cp4|directory|ist|njit-connect|r25livepr1|webmail)\.njit\.edu/"
+		to="https://$1.njit.edu/" />
+
+	<!--	Redirect drops path and args:
+						-->
+	<rule from="^http://mail\.g\.njit\.edu/.*"
+		to="https://mail.google.com/a/njit.edu" />
+
+	<!--	Redirect drops path but not args:
+						-->
+	<rule from="^http://my\.njit\.edu/[^?]*"
+		to="https://www.njit.edu/cp/login.php" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NJ_Edge.Net.xml b/src/chrome/content/rules/NJ_Edge.Net.xml
index d2908018d178..56de4cd65f9f 100644
--- a/src/chrome/content/rules/NJ_Edge.Net.xml
+++ b/src/chrome/content/rules/NJ_Edge.Net.xml
@@ -7,10 +7,10 @@
 -->
 <ruleset name="NJ Edge.Net (partial)">
 
-	<target host="*.njedge.net" />
+	<target host="federation.njedge.net" />
+	<target host="lists.njedge.net" />
 
 
-	<rule from="^http://(federation|lists)\.njedge\.net/"
-		to="https://$1.njedge.net/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/NK_News.org.xml b/src/chrome/content/rules/NK_News.org.xml
index 9a8f997293f9..c03c4988f12b 100644
--- a/src/chrome/content/rules/NK_News.org.xml
+++ b/src/chrome/content/rules/NK_News.org.xml
@@ -1,30 +1,34 @@
 <!--
-	Nonfunctional subdomains:
+	Nonfunctional hosts in *nknews.org:
 
-		- kcnawatch	(shows www)
+		- kcnawatch *
 
+	* Shows www
 
-	Some pages redirect to http.
 
+	Problematic hosts in *nknews.org:
 
-	Mixed content:
+		signup *
+		support *
+		sendy *
 
-		- Images on shop from shop *
+	* Invalid Certificate
 
-	* Secured by us
 
+	Insecure cookies are set for these domains and hosts:
+
+		- nknews.org
+		- .nknews.org
+		- signup.nknews.org
+		- www.nknews.org
 -->
 <ruleset name="NK News.org (partial)">
-
 	<target host="nknews.org" />
-	<target host="*.nknews.org" />
-		<exclusion pattern="^http://(?:www\.)?nknews\.org/+(?!favicon\.ico|register(?:$|[?/])|wp-content/|wp-includes/)" />
-
-
-	<securecookie host="^shop\.nknews\.org$" name=".+" />
-
+	<target host="www.nknews.org" />
+	<target host="kr.nknews.org" />
+	<target host="shop.nknews.org" />
 
-	<rule from="^http://(shop\.|www\.)?nknews\.org/"
-		to="https://$1nknews.org/" />
+	<securecookie host=".+" name=".+" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/NL-Politiek.xml b/src/chrome/content/rules/NL-Politiek.xml
index c548a8f2da5b..b53c39c0aef4 100644
--- a/src/chrome/content/rules/NL-Politiek.xml
+++ b/src/chrome/content/rules/NL-Politiek.xml
@@ -1,15 +1,22 @@
-<ruleset name="NL Politiek" platform="mixedcontent">
-  <!-- Rule created by Jeroen van der Gun -->
-
-  <target host="cda.nl" />
-  <target host="www.cda.nl" />
-  <target host="d66.nl" />
-  <target host="www.d66.nl" />
-  <target host="groenlinks.nl" />
-  <target host="www.groenlinks.nl" />
-  <target host="sp.nl" />
-  <target host="www.sp.nl" />
-
-  <rule from="^http://(?:www\.)?(cda|d66|sp)\.nl/" to="https://www.$1.nl/" />
-  <rule from="^http://(?:www\.)?(groenlinks)\.nl/" to="https://$1.nl/" />
+<!-- Rule created by Jeroen van der Gun
+
+
+	Nonfunctional hosts in *cda.nl:
+
+		- (www.)?webwinkel *
+
+	* Shows www.hexspoorwms.nl
+
+-->
+<ruleset name="CDA.nl (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="cda.nl" />
+	<target host="www.cda.nl" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/NLFacile.com.xml b/src/chrome/content/rules/NLFacile.com.xml
new file mode 100644
index 000000000000..ba0f88a45478
--- /dev/null
+++ b/src/chrome/content/rules/NLFacile.com.xml
@@ -0,0 +1,11 @@
+<!--
+	See for related rulesets: FrancaisFacile.com.xml
+-->
+<ruleset name="NLFacile.com">
+	<target host="nlfacile.com" />
+	<target host="www.nlfacile.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/NLG.xml b/src/chrome/content/rules/NLG.xml
index 96c5475f18fd..1b02b1ceed2e 100644
--- a/src/chrome/content/rules/NLG.xml
+++ b/src/chrome/content/rules/NLG.xml
@@ -1,6 +1,12 @@
-<ruleset name="National Lawyers Guild">
+<!--
+	National Lawyers Guild
+
+-->
+<ruleset name="NLG.org">
   <target host="nlg.org" />
   <target host="www.nlg.org" />
 
-  <rule from="^http://(?:www\.)?nlg\.org/" to="https://www.nlg.org/" />
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/NLLGG.nl.xml b/src/chrome/content/rules/NLLGG.nl.xml
index 0db335097ce5..8af59660ab6f 100644
--- a/src/chrome/content/rules/NLLGG.nl.xml
+++ b/src/chrome/content/rules/NLLGG.nl.xml
@@ -1,14 +1,10 @@
-<!--
-	Cert only matches *.nllgg.nl.
-
--->
-<ruleset name="NLLGG.nl" platform="cacert">
+<ruleset name="NLLGG.nl">
 
 	<target host="nllgg.nl" />
 	<target host="www.nllgg.nl" />
 
 
-	<rule from="^http://(?:www\.)?nllgg\.nl/"
-		to="https://www.nllgg.nl/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/NLUUG.nl.xml b/src/chrome/content/rules/NLUUG.nl.xml
index ba170a5c39a7..b6d00ccb39ca 100644
--- a/src/chrome/content/rules/NLUUG.nl.xml
+++ b/src/chrome/content/rules/NLUUG.nl.xml
@@ -13,7 +13,6 @@
 	<!--	^ redirects to www over http,
 		so copy that behavior:
 					-->
-	<rule from="^http://(?:www\.)?nluug\.nl/"
-		to="https://www.nluug.nl/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/NLayer-Communications.xml b/src/chrome/content/rules/NLayer-Communications.xml
deleted file mode 100644
index 567cf78c4cf4..000000000000
--- a/src/chrome/content/rules/NLayer-Communications.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- lg		(redirects to www.servercentral.com)
-		- origin	(ditto)
-
--->
-<ruleset name="nLayer Communications (partial)">
-
-	<target host="nlayer.net" />
-	<target host="www.nlayer.net" />
-
-
-	<rule from="^https?://(?:www\.)?nlayer\.net/"
-		to="https://nlayer.cachefly.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/NLnet-Labs.xml b/src/chrome/content/rules/NLnet-Labs.xml
deleted file mode 100644
index 8e82ac07eea4..000000000000
--- a/src/chrome/content/rules/NLnet-Labs.xml
+++ /dev/null
@@ -1,29 +0,0 @@
-<ruleset name="NLnet Labs">
-
-	<target host="net-dns.org"/>
-	<target host="www.net-dns.org"/>
-	<target host="nlnetlabs.nl"/>
-	<target host="*.nlnetlabs.nl"/>
-	<target host="opendnssec.org"/>
-	<target host="*.opendnssec.org"/>
-	<target host="unbound.net"/>
-	<target host="www.unbound.net"/>
-
-	<securecookie host="^wiki\.opendnssec\.org$" name=".*"/>
-
-	<rule from="^http://(www\.)?net-dns\.org/"
-		to="https://$1net-dns.org/"/>
-
-	<rule from="^http://(open\.|www\.)?nlnetlabs\.nl/"
-		to="https://$1nlnetlabs.nl/"/>
-
-	<rule from="^http://opendnssec\.org/"
-		to="https://www.opendnssec.org/"/>
-
-	<rule from="^http://w(iki|ww)\.opendnssec\.org/"
-		to="https://w$1.opendnssec.org/"/>
-
-	<rule from="^http://(?:www\.)?unbound\.net/"
-		to="https://unbound.net/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/NLnet_Labs.nl.xml b/src/chrome/content/rules/NLnet_Labs.nl.xml
new file mode 100644
index 000000000000..66f0d0e0fc53
--- /dev/null
+++ b/src/chrome/content/rules/NLnet_Labs.nl.xml
@@ -0,0 +1,126 @@
+<!--
+	Other NLnet Labs related ruleset:
+		- OpenDNSSEC.org.xml
+
+	Non-functional hosts
+		Couldn't connect to server:
+			 - afgepunt.nlnetlabs.nl
+			 - agenda.nlnetlabs.nl
+			 - alcatraz.nlnetlabs.nl
+			 - alpha.nlnetlabs.nl
+			 - area51.nlnetlabs.nl
+			 - axiom.nlnetlabs.nl
+			 - azkaban.nlnetlabs.nl
+			 - bakkie.nlnetlabs.nl
+			 - balou.nlnetlabs.nl
+			 - bartok.nlnetlabs.nl
+			 - bgpplayground.nlnetlabs.nl
+			 - dolguldur.nlnetlabs.nl
+			 - dromedary.nlnetlabs.nl
+			 - fluffy.nlnetlabs.nl
+			 - gary.nlnetlabs.nl
+			 - gloom.nlnetlabs.nl
+			 - gorilla.nlnetlabs.nl
+			 - guts.nlnetlabs.nl
+			 - hp2055dn.nlnetlabs.nl
+			 - iii.nlnetlabs.nl
+			 - kimai.nlnetlabs.nl
+			 - lummel.nlnetlabs.nl
+			 - lustra.nlnetlabs.nl
+			 - magnesium.nlnetlabs.nl
+			 - nagini.nlnetlabs.nl
+			 - nagios.nlnetlabs.nl
+			 - cu1.nccoelab.nlnetlabs.nl
+			 - ns.nlnetlabs.nl
+			 - ns-ext.nlnetlabs.nl
+			 - ns-pt.nlnetlabs.nl
+			 - obelisk.nlnetlabs.nl
+			 - overview.nlnetlabs.nl
+			 - pan.nlnetlabs.nl
+			 - parrot.nlnetlabs.nl
+			 - phobos.nlnetlabs.nl
+			 - radius.nlnetlabs.nl
+			 - bind.resolver.nlnetlabs.nl
+			 - unbound.resolver.nlnetlabs.nl
+			 - rt.nlnetlabs.nl
+			 - rt4.nlnetlabs.nl
+			 - rurapenthe.nlnetlabs.nl
+			 - dmz.rurapenthe.nlnetlabs.nl
+			 - se-dns-probe.nlnetlabs.nl
+			 - shada.nlnetlabs.nl
+			 - sidnlabs.nlnetlabs.nl
+			 - snom0.nlnetlabs.nl
+			 - sparc5.nlnetlabs.nl
+			 - switch1.nlnetlabs.nl
+			 - switch7.nlnetlabs.nl
+			 - switch8.nlnetlabs.nl
+			 - titanium.nlnetlabs.nl
+			 - umbra.nlnetlabs.nl
+			 - uren.nlnetlabs.nl
+			 - vijfje.nlnetlabs.nl
+			 - xmpp.nlnetlabs.nl
+			 - yobro.nlnetlabs.nl
+			 - ziz.nlnetlabs.nl
+			 - zoidberg.nlnetlabs.nl
+
+		Timeout was reached:
+			 - dmz.alcatraz.nlnetlabs.nl
+			 - dmz.dolguldur.nlnetlabs.nl
+			 - klaaswierenga.friends.nlnetlabs.nl
+			 - hathi.nlnetlabs.nl
+			 - kern.nlnetlabs.nl
+			 - mcvax.nlnetlabs.nl
+			 - poudriere.nlnetlabs.nl
+			 - secure.ripe-hackathon2.nlnetlabs.nl
+			 - salt.nlnetlabs.nl
+			 - sane.nlnetlabs.nl
+			 - spider.nlnetlabs.nl
+
+		SSL connect error:
+			 - bijgepunt.nlnetlabs.nl
+
+		SSL peer certificate was not OK:
+			 - dns-lg.nlnetlabs.nl
+			 - internetnl.nlnetlabs.nl
+			 - new.nlnetlabs.nl
+			 - odstools.nlnetlabs.nl
+			 - opendnssec.nlnetlabs.nl
+
+		Peer certificate cannot be authenticated with given CA certificates:
+			 - behemoth.nlnetlabs.nl
+			 - zus.nlnetlabs.nl
+
+		Incomplete certificate chain error:
+			 - willemtoorop.friends.nlnetlabs.nl
+
+		4xx client error:
+			 - redmine.nlnetlabs.nl
+			 - twiki-bela.nlnetlabs.nl
+
+		5xx server error:
+			 - ieniemienie.nlnetlabs.nl
+
+		Different content:
+			 - getdns.nlnetlabs.nl
+-->
+<ruleset name="NLnet Labs.nl (partial)">
+	<target host="nlnetlabs.nl" />
+	<target host="www.nlnetlabs.nl" />
+	<target host="bela.nlnetlabs.nl" />
+	<target host="blogs.nlnetlabs.nl" />
+	<target host="nlnetlabs.blogs.nlnetlabs.nl" />
+	<target host="dicht.nlnetlabs.nl" />
+	<target host="git.nlnetlabs.nl" />
+	<target host="gitlab.nlnetlabs.nl" />
+	<target host="new.gitlab.nlnetlabs.nl" />
+	<target host="gitlab-ci.nlnetlabs.nl" />
+	<target host="imap.nlnetlabs.nl" />
+	<target host="mine.nlnetlabs.nl" />
+	<target host="open.nlnetlabs.nl" />
+	<target host="smtp.nlnetlabs.nl" />
+	<target host="ster.nlnetlabs.nl" />
+	<target host="unbound.nlnetlabs.nl" />
+	<target host="zaanbajes.nlnetlabs.nl" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/NMU.xml b/src/chrome/content/rules/NMU.xml
index f7a5bd914afa..fb7a0ecf7706 100644
--- a/src/chrome/content/rules/NMU.xml
+++ b/src/chrome/content/rules/NMU.xml
@@ -1,13 +1,15 @@
 <ruleset name="NMU">
 
 	<target host="nmugroup.com" />
-	<target host="*.nmugroup.com" />
+	<target host="mail.nmugroup.com" />
+	<target host="portal.nmugroup.com" />
+	<target host="webmail.nmugroup.com" />
+	<target host="www.nmugroup.com" />
 
 
-	<securecookie host="^(?:.*\.)?nmugroup\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://((?:mail|portal|webmail|www)\.)?nmugroup\.com/"
-		to="https://$1nmugroup.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/NNM-Club.xml b/src/chrome/content/rules/NNM-Club.xml
index 4303762a54b1..3708ad8bcd8e 100644
--- a/src/chrome/content/rules/NNM-Club.xml
+++ b/src/chrome/content/rules/NNM-Club.xml
@@ -1,13 +1,37 @@
-<ruleset name="NNM-Club">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ipv6.nnm-club.me/ => https://ipv6.nnm-club.me/: (7, '')
+Fetch error: http://ipv6.nnmclub.to/ => https://ipv6.nnmclub.to/: (7, '')
+ipv4. mismatch
+tor. mismatch-->
+<ruleset name="NNM-Club" default_off="failed ruleset test">
 
 	<target host="nnm-club.me" />
-	<target host="*.nnm-club.me" />
+	<target host="www.nnm-club.me" />
+	<target host="ipv6.nnm-club.me" />
+	<target host="nnmclub.to" />
+	<target host="www.nnmclub.to" />
+	<target host="ipv6.nnmclub.to" />
+	<target host="assets.nnm-club.ws" />
+	<target host="assets-ssl.nnm-club.ws" />
+
+	<exclusion pattern="^http://assets-ssl.nnm-club.ws/?$" />
+	<exclusion pattern="^http://assets-ssl.nnm-club.ws/?\?" />
+	<exclusion pattern="^http://assets-ssl.nnm-club.ws/?#" />
+
+	<test url="http://assets-ssl.nnm-club.ws/" />
+	<test url="http://assets-ssl.nnm-club.ws/?" />
+	<test url="http://assets-ssl.nnm-club.ws/#" />
+	<test url="http://assets-ssl.nnm-club.ws?" />
+	<test url="http://assets-ssl.nnm-club.ws#" />
+	<test url="http://assets-ssl.nnm-club.ws/?q" />
 
 
 	<securecookie host="^(?:.*\.)?nnm-club\.me$" name=".+" />
 
 
-	<rule from="^http://([\w\W]+\.)?nnm-club\.me/"
-		to="https://nnm-club.me/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/NOO.org.uk.xml b/src/chrome/content/rules/NOO.org.uk.xml
new file mode 100644
index 000000000000..1f226b1c81b8
--- /dev/null
+++ b/src/chrome/content/rules/NOO.org.uk.xml
@@ -0,0 +1,30 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.noo.org.uk/ => https://www.noo.org.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'www.noo.org.uk'")
+Fetch error: http://noo.org.uk/ => https://www.noo.org.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'www.noo.org.uk'")
+
+	^noo.org.uk: Mismatched
+
+-->
+<ruleset name="NOO.org.uk" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.noo.org.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="noo.org.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://noo\.org\.uk/"
+		to="https://www.noo.org.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NOS.xml b/src/chrome/content/rules/NOS.xml
index f492297880d0..56902a94df84 100644
--- a/src/chrome/content/rules/NOS.xml
+++ b/src/chrome/content/rules/NOS.xml
@@ -7,11 +7,8 @@
 
 -->
 <ruleset name="NOS (partial)">
-
 	<target host="download.nos.nl" />
 
-
-	<rule from="^http://download\.nos\.nl/"
-		to="https://download.nos.nl/" />
-
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/NOYB.xml b/src/chrome/content/rules/NOYB.xml
new file mode 100644
index 000000000000..315cbf58f1fc
--- /dev/null
+++ b/src/chrome/content/rules/NOYB.xml
@@ -0,0 +1,16 @@
+<!-- TLS error:
+		- ftp.noyb.eu
+		- stats.noyb.eu
+		- v2.noyb.eu
+-->
+<ruleset name="Noyb.eu">
+
+	<target host="noyb.eu" />
+	<target host="www.noyb.eu" />
+
+	<target host="support.noyb.eu" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NPAC.com.xml b/src/chrome/content/rules/NPAC.com.xml
new file mode 100644
index 000000000000..debade23e1b0
--- /dev/null
+++ b/src/chrome/content/rules/NPAC.com.xml
@@ -0,0 +1,35 @@
+<!--
+	For other Neustar coverage, see NeuStar.xml.
+
+
+	Problematic hosts:
+
+		- www.npac.com *
+
+	* Server sends no certificate chain, see https://whatsmychaincert.com
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.npac.com
+
+-->
+<ruleset name="NPAC.com" default_off="cert-chain">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="npac.com" />
+	<target host="www.npac.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.npac\.com$" name="^eZSESSID[\da-f]{32}$" /-->
+
+	<securecookie host="^www\.npac\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NPD_Group.xml b/src/chrome/content/rules/NPD_Group.xml
index d3d0b6b20566..8feae1da0d9b 100644
--- a/src/chrome/content/rules/NPD_Group.xml
+++ b/src/chrome/content/rules/NPD_Group.xml
@@ -7,7 +7,10 @@
 <ruleset name="NPD Group">
 
 	<target host="npd.com" />
-	<target host="*.npd.com" />
+	<target host="autodiscover.npd.com" />
+	<target host="webmail.npd.com" />
+	<target host="www.npd.com" />
+	<target host="www0.npd.com" />
 	<target host="npdgroup.com" />
 	<target host="www.npdgroup.com" />
 
@@ -15,10 +18,7 @@
 	<securecookie host="^.+\.npd\.com$" name=".+" />
 
 
-	<rule from="^http://(autodiscover\.|webmail\.|www0?\.)?npd\.com/"
-		to="https://$1npd.com/" />
 
-	<rule from="^http://(www\.)?npdgroup\.com/"
-		to="https://$1npdgroup.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/NPI.org.uk.xml b/src/chrome/content/rules/NPI.org.uk.xml
new file mode 100644
index 000000000000..4f18bbdda3c7
--- /dev/null
+++ b/src/chrome/content/rules/NPI.org.uk.xml
@@ -0,0 +1,13 @@
+<ruleset name="NPI.org.uk" default_off="expired, mismatched, self-signed">
+
+	<target host="npi.org.uk" />
+	<target host="www.npi.org.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NPO.nl.xml b/src/chrome/content/rules/NPO.nl.xml
new file mode 100644
index 000000000000..ab97fe81abd2
--- /dev/null
+++ b/src/chrome/content/rules/NPO.nl.xml
@@ -0,0 +1,45 @@
+<!--
+	(www.): refused
+
+
+	Fully covered subdomains:
+
+		- help
+		- mijn
+		- assets.www
+
+
+	These altnames don't exist:
+
+		- www.assets.www.npo.nl
+		- www.help.npo.nl
+		- www.mijn.npo.nl
+
+
+	Insecure cookies are set for these domains:
+
+		- .
+		- help
+		- .help
+		- mijn
+		- .mijn
+
+-->
+<ruleset name="NPO.nl (partial)">
+
+	<target host="assets.www.npo.nl" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.npo\.nl$" name="^_npo_portal_session$" /-->
+	<!--securecookie host="^(help|mijn)\.npo\.nl$" name="^balancer://\w+cluster$" /-->
+	<!--securecookie host="^\.(help|mijn)\.npo\.nl$" name="^npo_cc$" /-->
+
+	<securecookie host="^(?:help|mijn)\.npo\.nl$" name=".+" />
+
+
+	<rule from="^http://(help|mijn|assets\.www)\.npo\.nl/"
+		to="https://$1.npo.nl/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NPO3FM.nl.xml b/src/chrome/content/rules/NPO3FM.nl.xml
new file mode 100644
index 000000000000..6f57573175be
--- /dev/null
+++ b/src/chrome/content/rules/NPO3FM.nl.xml
@@ -0,0 +1,13 @@
+<!--
+	Related ruleset: 3FM.nl.xml
+
+	Invalid Certificate:
+		michiel.npo3fm.nl
+		onstage.npo3fm.nl
+-->
+<ruleset name="NPO3FM.nl">
+	<target host="npo3fm.nl" />
+	<target host="www.npo3fm.nl" />
+
+	<rule from="^http:"	to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/NPR.org.xml b/src/chrome/content/rules/NPR.org.xml
index 7a8f60e465c3..0ea49ce93c98 100644
--- a/src/chrome/content/rules/NPR.org.xml
+++ b/src/chrome/content/rules/NPR.org.xml
@@ -1,55 +1,73 @@
 <!--
-	CDN buckets:
-
-		- docj27ko03fnu.cloudfront.net
-			- Used on login.npr.org
-
-		- images.npr.org.edgesuite.net
-		- s.npr.org.edgesuite.net
-
+	Non-functional hosts
+		Couldn't connect to server:
+		- n.npr.org
+
+		Timeout was reached:
+		- elections2014.npr.org
+
+		SSL connect error (TLSv1 or TLSv1.1 earlier):
+		- ccp.npr.org
+		- teleport.npr.org
+
+		SSL peer certificate was not OK:
+		- download.npr.org
+		- election2012.npr.org
+		- elections2012.npr.org
+		- pages.et.npr.org
+		- live.npr.org
+		- att.m.npr.org
+		- pd.npr.org
+		- podcastdownload.npr.org
+		- public.npr.org
+
+		Incomplete certificate chain error:
+		- help.npr.org
+
+		Status code mismatch:
+		- armstrong.npr.org
+		- fessenden.npr.org
+
+		Mixed content blocking (MCB) triggered:
+		- elections.npr.org
 -->
 <ruleset name="NPR.org (partial)">
-
-	<target host="kunk.org" />
-	<target host="*.kunk.org" />
 	<target host="npr.org" />
-	<target host="*.npr.org" />
-
-
-	<securecookie host="^support\.kunc\.org$" name=".+" />
-	<!--	Observed cookies:
-
-			^login:
-				- _accelerator_session_id
-			^shop:
-				- ShoppingCartSession
-			^www:
-				- rosi
-						-->
-
-
-	<!--	Cert doesn't match.  Luckily...
-						-->
-	<rule from="^https?://(?:www\.)?kunk\.org/"
-		to="https://kunc.drupal.publicbroadcasting.net/" />
-
-	<rule from="^http://support\.kunc\.org/"
-		to="https://support.kunc.org/" />
-
-	<rule from="^https?://help\.npr\.org/$"
-		to="https://www.fuzeqna.com/npr/consumer/search.asp" />
-
-	<rule from="^http://help\.npr\.org/npr/"
-		to="https://www.fuzeqna.com/npr/"/>
-
-  <!-- Moved to Akamai, broke
-	<securecookie host="^.*\.npr\.org$" name=".+" />
-	<rule from="^https?://(?:media\.|s\.|www\.)?npr\.org/"
-		to="https://www.npr.org/" />
-    -->
-
-	<rule from="^http://shop\.npr\.org/"
-		to="https://shop.npr.org/" />
-
+	<target host="www.npr.org" />
+	<target host="sso.ad.npr.org" />
+	<target host="apps.npr.org" />
+	<target host="blog.apps.npr.org" />
+	<target host="dev.npr.org" />
+	<target host="digitalservices.npr.org" />
+	<target host="cpa.ds.npr.org" />
+		<test url="http://cpa.ds.npr.org/wrkf/audio/2013/01/En_Luisiana,_Los_Cubanos_Tocan_Ranch.mp3" />
+	<target host="generationlisten.npr.org" />
+	<target host="livesessions.npr.org" />
+	<target host="local.npr.org" />
+	<target host="mail.npr.org" />
+	<target host="media.npr.org" />
+		<test url="http://media.npr.org/templates/favicon/favicon-180x180.png" />
+	<target host="news.npr.org" />
+	<target host="one.npr.org" />
+	<target host="partners.npr.org" />
+	<target host="rad.npr.org" />
+	<target host="s.npr.org" />
+		<test url="http://s.npr.org/templates/javascript/lib/modernizr/modernizr.custom.js" />
+	<target host="seamus.npr.org" />
+	<target host="secure.npr.org" />
+	<target host="shop.npr.org" />
+	<target host="sources.npr.org" />
+	<target host="stateimpact.npr.org" />
+	<target host="studio.npr.org" />
+	<target host="support.npr.org" />
+	<target host="text.npr.org" />
+	<target host="tinydeskcontest.npr.org" />
+	<target host="training.npr.org" />
+	<target host="ww.npr.org" />
+	<target host="www-cdn.npr.org" />
+	<target host="www-cf.npr.org" />
+	
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
 </ruleset>
-
diff --git a/src/chrome/content/rules/NPario.xml b/src/chrome/content/rules/NPario.xml
deleted file mode 100644
index e515c09988a6..000000000000
--- a/src/chrome/content/rules/NPario.xml
+++ /dev/null
@@ -1,40 +0,0 @@
-<!--
-	Other nPario rulesets:
-
-		- Audience_Discovery.com.xml
-
-
-	eu sets "nPsegs" wildcard cookie on whichever domain it is loaded
-	from.
-
-
-	Nonfunctional domains:
-
-		- (www.)npario.com *
-		- www.npario-inc.net *
-
-	* http reply
-
-
-	Mixed image on audiencediscovery from www
-
--->
-<ruleset name="nPario (partial)">
-
-	<target host="*.npario.com" />
-	<target host="*.npario-inc.net" />
-
-
-	<securecookie host="^\.?audiencediscovery\.npario\.com$" name=".+" />
-	<!--	Set by eu:
-				-->
-	<securecookie host="^\.npario-inc\.net$" name="^(?:andata|C\d{3}_seg|npidl?|npst)$" />
-
-
-	<rule from="^http://audiencediscovery\.npario\.com/"
-		to="https://audiencediscovery.npario.com/" />
-
-	<rule from="^http://eu\.npario-inc\.net/"
-		to="https://eu.npario-inc.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/NQuran.com.xml b/src/chrome/content/rules/NQuran.com.xml
new file mode 100644
index 000000000000..0e99fd307875
--- /dev/null
+++ b/src/chrome/content/rules/NQuran.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="NQuran.com">
+	<target host="nquran.com" />
+	<target host="www.nquran.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/NR-assets.net.xml b/src/chrome/content/rules/NR-assets.net.xml
new file mode 100644
index 000000000000..430d54002968
--- /dev/null
+++ b/src/chrome/content/rules/NR-assets.net.xml
@@ -0,0 +1,12 @@
+<!--
+	For other New Relic coverage, see New-Relic.xml.
+
+-->
+<ruleset name="NR-assets.net">
+
+	<target host="storefront.nr-assets.net" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NR-data.net.xml b/src/chrome/content/rules/NR-data.net.xml
new file mode 100644
index 000000000000..1bf3ac432411
--- /dev/null
+++ b/src/chrome/content/rules/NR-data.net.xml
@@ -0,0 +1,32 @@
+<!--
+	For other New Relic coverage, see New-Relic.xml.
+
+
+	Fully covered hosts:
+
+		- bam
+
+
+	Insecure cookies are set for these hosts:
+
+		- bam.nr-data.net
+
+-->
+<ruleset name="NR-data.net">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="bam.nr-data.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^bam\.nr-data\.net$" name="^JSESSIONID" /-->
+
+	<securecookie host="^bam\.nr-data\.net$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NRAO.edu.xml b/src/chrome/content/rules/NRAO.edu.xml
new file mode 100644
index 000000000000..c57107d0b456
--- /dev/null
+++ b/src/chrome/content/rules/NRAO.edu.xml
@@ -0,0 +1,65 @@
+<!--
+	National Radio Astronomy Observatory
+
+
+	Nonfunctional subdomains:
+
+		- www.aips ¹
+		- www.alma ²
+		- www.aoc ¹
+		- casa ³
+		- www.gb ⁴
+		- gbtidl ²
+		- images ²
+		- legacy ²
+		- www.ska ¹
+		- status ⁵
+		- www.tuc ²
+		- www.vla ¹
+		- www.vlba ¹
+
+	¹ Redirects to bugs
+	² "currently unavailable"
+	³ Redirects to http
+	⁴ Redirects to my
+	⁵ Refused
+
+
+	Problematic domains:
+
+		- rsync.aoc *
+
+	* Shows svn.aoc
+
+
+	Mixed content:
+
+		- Image on www from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="NRAO.edu (partial)">
+
+	<target host="nrao.edu" />
+	<target host="*.nrao.edu" />
+		<!--exclusion pattern="^http://(www\.aips|www\.alma|www\.aoc|casa|www\.gb|gbtidl|images|legacy|www\.ska|status|www\.tuc|www\.vla|www\.vlba)\.nrao\.edu/" /-->
+
+
+	<securecookie host="^(?:bugs|www)?\.nrao\.edu$" name=".+" />
+	<!--
+		Server sets Secure:
+					-->
+	<!--securecookie host="^(archive|my|safe)\.nrao\.edu$" name=".+" /-->
+
+
+	<rule from="^http://((?:svn\.aoc|archive|blogs|bugs|svn\.cv|www\.cv|inside|my|public|safe|science|search|staff|www)\.)?nrao\.edu/"
+		to="https://$1nrao.edu/" />
+
+	<rule from="^http://rsync\.aoc\.nrao\.edu/+"
+		to="https://svn.aoc.nrao.edu/" />
+
+	<rule from="^http://www\.vla\.nrao\.edu/genpub/tours(?=$|\?)"
+		to="https://public.nrao.edu/tours/visitvla" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NRC.xml b/src/chrome/content/rules/NRC.xml
new file mode 100644
index 000000000000..3ee4c1f05b81
--- /dev/null
+++ b/src/chrome/content/rules/NRC.xml
@@ -0,0 +1,19 @@
+<ruleset name="NRC">
+
+  <target host="nrc.nl" />
+  <target host="*.nrc.nl" />
+
+  <test url="http://www.nrc.nl/" />
+  <test url="http://zoeken.nrc.nl/" />
+  <test url="http://digitaleeditie.nrc.nl/" />
+
+  <exclusion pattern="^http://www\.nrc\.nl/next/" />
+
+  <!-- NRC Next has mixed content issues  -->
+  <test url="http://www.nrc.nl/next/" />
+
+  <securecookie host="^\.nrc\.nl$" name=".+" />
+
+  <rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NRC_Handelsblad.xml b/src/chrome/content/rules/NRC_Handelsblad.xml
deleted file mode 100644
index 5fc5ae4fd21f..000000000000
--- a/src/chrome/content/rules/NRC_Handelsblad.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	https://eff.org/r.b8Sr
-
--->
-<ruleset name="NRC Handelsblad (buggy)" default_off="JS redirect to http">
-
-	<target host="nrc.nl" />
-	<target host="*.nrc.nl" />
-	<target host="*.service.nrc.nl" />
-
-
-	<securecookie host="^(?:\.?service)?\.nrc\.nl$" name=".+" />
-
-
-	<rule from="^http://(login\.|service\.|www\.)?nrc\.nl/"
-		to="https://$1nrc.nl/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/NRI.com.xml b/src/chrome/content/rules/NRI.com.xml
new file mode 100644
index 000000000000..46be2d0c97c4
--- /dev/null
+++ b/src/chrome/content/rules/NRI.com.xml
@@ -0,0 +1,16 @@
+<!--
+	Non-functional hosts from nri.com
+		Timeout was reached:
+			 - aw-acc.nri.com
+			 - india.nri.com
+			 - pn.nri.com
+
+		SSL connect error:
+			 - senjufamily.nri.com
+-->
+<ruleset name="Nomura Research Institute">
+	<target host="www.nri.com" />
+	<target host="api.nri.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/NRKbeta.no.xml b/src/chrome/content/rules/NRKbeta.no.xml
new file mode 100644
index 000000000000..221e6b36f1f5
--- /dev/null
+++ b/src/chrome/content/rules/NRKbeta.no.xml
@@ -0,0 +1,13 @@
+<!--
+	For other Norsk rikskringkasting coverage, see Nrk.no.xml.
+
+-->
+<ruleset name="NRKbeta.no">
+
+	<target host="nrkbeta.no" />
+	<target host="www.nrkbeta.no" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NSRC.xml b/src/chrome/content/rules/NSRC.xml
index 6b8d2c865800..36446166d65b 100644
--- a/src/chrome/content/rules/NSRC.xml
+++ b/src/chrome/content/rules/NSRC.xml
@@ -1,9 +1,22 @@
-<ruleset name="NSRC" platform="mixedcontent">
+<!--
+	For other University of Oregon coverage, see UOregon.xml.
+
+-->
+<ruleset name="NSRC.org">
 
 	<target host="nsrc.org"/>
-	<target host="www.nsrc.org"/>
+	<target host="photos.nsrc.org" />
+	<target host="www.nsrc.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?nsrc\.org$" name="^trac_session$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
 
-	<rule from="^http://(www\.)?nsrc\.org/"
-		to="https://nsrc.org/"/>
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/NSS_Labs.xml b/src/chrome/content/rules/NSS_Labs.xml
index 2bd76ddd1964..7ac18f1f09a1 100644
--- a/src/chrome/content/rules/NSS_Labs.xml
+++ b/src/chrome/content/rules/NSS_Labs.xml
@@ -1,10 +1,17 @@
-<ruleset name="NSS Labs">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://nsslabs.com/ => https://nsslabs.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://dev.nsslabs.com/ => https://dev.nsslabs.com/: (6, 'Could not resolve host: dev.nsslabs.com')
+
+-->
+<ruleset name="NSS Labs.com" default_off="failed ruleset test">
 
 	<target host="nsslabs.com" />
+	<target host="dev.nsslabs.com" />
 	<target host="www.nsslabs.com" />
 
 
-	<rule from="^http://(www\.)?nsslabs\.com/"
-		to="https://$1nsslabs.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/NTC-Hosting.xml b/src/chrome/content/rules/NTC-Hosting.xml
index 1ffe4204fac5..13a1df55d002 100644
--- a/src/chrome/content/rules/NTC-Hosting.xml
+++ b/src/chrome/content/rules/NTC-Hosting.xml
@@ -12,7 +12,6 @@
 	<target host="www.ntchosting.com" />
 
 
-	<rule from="^http://(www\.)?ntchosting\.com/"
-		to="https://$1ntchosting.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/NTI.org.xml b/src/chrome/content/rules/NTI.org.xml
new file mode 100644
index 000000000000..051a391a0488
--- /dev/null
+++ b/src/chrome/content/rules/NTI.org.xml
@@ -0,0 +1,25 @@
+<!--
+	Some (most)? pages redirect to http.
+
+
+	^: cert only matches www
+
+-->
+<ruleset name="NTI.org (partial)">
+
+	<target host="nti.org" />
+	<target host="www.nti.org" />
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="^http://www\.nti\.org/+($|\?|favicon\.ico|get-involved/subscribe($|[?/]))" /-->
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="^http://www\.nti\.org/+(?!get-involved/donate($|[?/])|media/|static/)" /-->
+
+
+	<rule from="^http://(?:www\.)?nti\.org/(?=get-involved(?:$|[?/])|media/|static/)"
+		to="https://www.nti.org/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NTLDStats.com.xml b/src/chrome/content/rules/NTLDStats.com.xml
new file mode 100644
index 000000000000..49e3458f9be6
--- /dev/null
+++ b/src/chrome/content/rules/NTLDStats.com.xml
@@ -0,0 +1,36 @@
+<!--
+	Fully covered subdomains:
+
+		- (www.)?
+		- x
+
+
+	These altnames don't exist:
+
+		- www.x.ntldstats.com
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .ntldstats.com
+		- x.ntldstats.com
+
+-->
+<ruleset name="nTLDStats.com">
+
+	<target host="ntldstats.com" />
+	<target host="www.ntldstats.com" />
+	<target host="x.ntldstats.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.ntldstats\.com$" name="^__qca" /-->
+	<!--securecookie host="^x\.ntldstats\.com$" name="^(OAGEO|OAID|OAVARS\[default\])$" /-->
+
+	<securecookie host="^(?:x)?\.ntldstats\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NTNU.edu.xml b/src/chrome/content/rules/NTNU.edu.xml
new file mode 100644
index 000000000000..50589db13599
--- /dev/null
+++ b/src/chrome/content/rules/NTNU.edu.xml
@@ -0,0 +1,36 @@
+<!--
+	Norwegian University of Science and Technology
+
+	Other Norwegian University of Science and Technology rulesets:
+
+		- NTNU.no.xml
+
+
+	^ntnu.edu: Refused
+
+
+	Mixed content:
+
+		- Image on www from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="NTNU.edu">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.ntnu.edu" />
+
+	<!--	Complications:
+				-->
+	<target host="ntnu.edu" />
+
+
+	<rule from="^http://ntnu\.edu/"
+		to="https://www.ntnu.edu/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NTNU.no.xml b/src/chrome/content/rules/NTNU.no.xml
new file mode 100644
index 000000000000..0d3636572471
--- /dev/null
+++ b/src/chrome/content/rules/NTNU.no.xml
@@ -0,0 +1,52 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://er.ntnu.no/ => https://er.ntnu.no/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	Norwegian University of Science and Technology
+
+
+	Problematic hosts in *ntnu.no:
+
+		- ^ ¹
+		- idi ²
+
+	¹ Refused
+	² Cert only matches *.idi
+
+
+	Mixed content:
+
+		- Image on er from www *
+
+	* Secured by us
+
+-->
+<ruleset name="NTNU.no" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="alumni.ntnu.no" />
+	<target host="er.ntnu.no" />
+	<target host="www.hf.ntnu.no" />
+	<target host="innsida.ntnu.no" />
+	<target host="www.idi.ntnu.no" />
+	<target host="videre.ntnu.no" />
+	<target host="www.ntnu.no" />
+
+	<!--	Complications:
+				-->
+	<target host="ntnu.no" />
+	<target host="idi.ntnu.no" />
+
+
+	<rule from="^http://ntnu\.no/"
+		to="https://www.ntnu.no/" />
+
+	<rule from="^http://idi\.ntnu\.no/"
+		to="https://www.idi.ntnu.no/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NTP.org.xml b/src/chrome/content/rules/NTP.org.xml
index 82f408164149..8f7ea48934b6 100644
--- a/src/chrome/content/rules/NTP.org.xml
+++ b/src/chrome/content/rules/NTP.org.xml
@@ -1,17 +1,83 @@
+
 <!--
-	Nonfunctional subdomains:
+Disabled by https-everywhere-checker because:
+Fetch error: http://lists.ntp.org/ => https://lists.ntp.org/: (60, 'SSL certificate problem: certificate has expired')
 
-		- (www.)	(ssl_error_rx_record_too_long)
+	Remark: [0-9].*pool.ntp.org are completely omitted here.
+		*.pool.ntp.org are omitted if they do not give SSL error.
 
--->
-<ruleset name="NTP.org (partial)" platform="cacert">
+	Non-functional hosts
+		Couldn't connect to server:
+			 - archive.ntp.org
+			 - bk1.ntp.org
+			 - doc.ntp.org
+			 - packages.ntp.org
+			 - psp3.ntp.org
 
-	<target host="support.ntp.org" />
-	<target host="lists.ntp.org" />
+		Timeout was reached:
+			 - mail1.ntp.org
+			 - ns1.ntp.org
+			 - ns2.ntp.org
+
+		SSL connect error:
+			 - ntp.org
+			 - www.ntp.org
+			 - bk.ntp.org
+			 - ar.pool.ntp.org
+			 - ec.pool.ntp.org
+			 - id.pool.ntp.org
+			 - in.pool.ntp.org
+			 - uk.pool.ntp.org
+			 - uy.pool.ntp.org
 
-	<securecookie host="^(?:support|lists)\.ntp\.org$" name=".*" />
+		SSL peer certificate was not OK:
+			 - mailman.ntp.org
+			 - pool.ntp.org
+			 - www.pool.ntp.org
+			 - cn.pool.ntp.org
+			 - cz.pool.ntp.org
+			 - de.pool.ntp.org
+			 - ee.pool.ntp.org
+			 - es.pool.ntp.org
+			 - europe.pool.ntp.org
+			 - fi.pool.ntp.org
+			 - fr.pool.ntp.org
+			 - hu.pool.ntp.org
+			 - il.pool.ntp.org
+			 - lu.pool.ntp.org
+			 - no.pool.ntp.org
+			 - north-america.pool.ntp.org
+			 - pl.pool.ntp.org
+			 - rs.pool.ntp.org
+			 - sg.pool.ntp.org
+			 - ua.pool.ntp.org
+			 - us.pool.ntp.org
+			 - vn.pool.ntp.org
+
+		Peer certificate cannot be authenticated with given CA certificates:
+			 - ae.pool.ntp.org
+			 - au.pool.ntp.org
+			 - bg.pool.ntp.org
+			 - dk.pool.ntp.org
+			 - jp.pool.ntp.org
+			 - mk.pool.ntp.org
+			 - ro.pool.ntp.org
+			 - ru.pool.ntp.org
+
+		Incomplete certificate chain error:
+			 - bugs.ntp.org
+			 - bugzilla.ntp.org
+			 - people.ntp.org
+			 - africa.pool.ntp.org
+			 - asia.pool.ntp.org
+			 - psp2.ntp.org
+			 - support.ntp.org
+			 - twiki.ntp.org
+-->
+<ruleset name="NTP.org (partial)" default_off="failed ruleset test">
+	<target host="lists.ntp.org" />
 
-	<rule from="^http://(support|lists)\.ntp\.org/"
-		to="https://$1.ntp.org/" />
+	<securecookie host="^lists\.ntp\.org$" name=".+" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/NTT.com.xml b/src/chrome/content/rules/NTT.com.xml
new file mode 100644
index 000000000000..7c544118760e
--- /dev/null
+++ b/src/chrome/content/rules/NTT.com.xml
@@ -0,0 +1,40 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ntt.com/ => https://www.ntt.com/: Too many redirects while fetching 'https://www.ntt.com/'
+
+	^: cert only matches www
+
+
+	Mixed content:
+
+		- favicon on support from www *
+
+	* Secured by us
+
+-->
+<ruleset name="NTT.com" default_off="failed ruleset test">
+
+	<target host="ntt.com" />
+	<target host="www.ntt.com" />
+	<target host="support.ntt.com" />
+
+
+	<!--	Secured by server:
+					-->
+	<!--securecookie host="^support\.ntt\.com$" name="^JSESSIONID$" /-->
+	<!--
+		Not secured by server:
+					-->
+	<!--securecookie host="^support\.ntt\.com$" name="^wholepagesliderviewmode$" /-->
+	<!--securecookie host="^www\.ntt\.com$" name="^(agilit02|TS[0-9a-f]{6})$" /-->
+
+	<securecookie host="^(?:support|www)\.ntt\.com$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?ntt\.com/"
+		to="https://www.ntt.com/" />
+
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/NTTCom.xml b/src/chrome/content/rules/NTTCom.xml
index 3441da9f31b7..6fb5c5e17c3f 100644
--- a/src/chrome/content/rules/NTTCom.xml
+++ b/src/chrome/content/rules/NTTCom.xml
@@ -1,10 +1,16 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.digitalforest.co.jp/ => https://www.digitalforest.co.jp/: (35, 'error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.digitalforest.co.jp/ => https://www.digitalforest.co.jp/: (35, 'error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol')
 	Problematic domains:
 
 		- nttcoms.com	(cert only matches www)
 
 -->
-<ruleset name="NTTCom">
+<ruleset name="NTTCom" default_off="failed ruleset test">
 
 	<target host="www.digitalforest.co.jp" />
 	<target host="nttcoms.com" />
@@ -18,10 +24,10 @@
 	<rule from="^http://www\.digitalforest\.co\.jp/"
 		to="https://www.digitalforest.co.jp/" />
 
-	<rule from="^https?://(?:www\.)?nttcoms\.com/"
+	<rule from="^http://(?:www\.)?nttcoms\.com/"
 		to="https://www.nttcoms.com/" />
 
 	<rule from="^http://www01\.tracer\.jp/"
 		to="https://www01.tracer.jp/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/NTTDocomo.com.xml b/src/chrome/content/rules/NTTDocomo.com.xml
deleted file mode 100644
index 591c15604c17..000000000000
--- a/src/chrome/content/rules/NTTDocomo.com.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	CDN buckets:
-
-		- nttdocomo.vo.llnwd.net
-			- hs doesn't exist
-
-
-	Nonfunctional domains:
-
-		- www.nttdocomo.com	(CN: *.hs.llnwd.net; 400)
-
--->
-<ruleset name="Nttdocomo.com" default_off="broken">
-  <target host="www.nttdocomo.com" />
-  <target host="nttdocomo.com" />
-  <rule from="^http://www\.nttdocomo\.com/" to="https://www.nttdocomo.com/"/>
-  <rule from="^http://nttdocomo\.com/" to="https://www.nttdocomo.com/"/>
-</ruleset>
-
diff --git a/src/chrome/content/rules/NTT_Docomo.co.jp.xml b/src/chrome/content/rules/NTT_Docomo.co.jp.xml
new file mode 100644
index 000000000000..5b3a4b22b575
--- /dev/null
+++ b/src/chrome/content/rules/NTT_Docomo.co.jp.xml
@@ -0,0 +1,22 @@
+<!--
+	Nonfunctional hosts in *nttdocomo.co.jp:
+
+		- www.catalog *
+
+	* Refused
+
+
+	^nttdocomo.co.jp doesn't exist.
+
+-->
+<ruleset name="NTT Docomo.co.jp">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.nttdocomo.co.jp" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NTU.edu.tw-falsemixed.xml b/src/chrome/content/rules/NTU.edu.tw-falsemixed.xml
new file mode 100644
index 000000000000..0a82c0bb8a6b
--- /dev/null
+++ b/src/chrome/content/rules/NTU.edu.tw-falsemixed.xml
@@ -0,0 +1,16 @@
+<!--
+	For rules not causing false/broken MCB, see NTU.edu.tw.xml.
+
+-->
+<ruleset name="NTU.edu.tw (false MCB)" platform="mixedcontent">
+
+	<target host="epaper.ntu.edu.tw" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NTU.edu.tw.xml b/src/chrome/content/rules/NTU.edu.tw.xml
new file mode 100644
index 000000000000..f8161c8e38e0
--- /dev/null
+++ b/src/chrome/content/rules/NTU.edu.tw.xml
@@ -0,0 +1,174 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://galogin.ntu.edu.tw/ => https://galogin.ntu.edu.tw/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	National Taiwan University
+
+	For rules causing false/broken MCB, see NTU.edu.tw-falsemixed.xml.
+
+
+	Nonfunctional hosts in *ntu.edu.tw:
+
+		- ah ʳ
+
+		- apply.cc ᵃ
+		- changepassword.cc ᵃ
+		- checkdns.cc ᵃ
+		- help.cc ᵃ
+		- jsc.cc ʳ
+		- notice.cc ᵃ
+		- softbank.cc ʳ
+
+		- ccnet ʳ
+		- cis ᵈ
+		- www.coss ʳ
+		- www.exfo ᵈ
+
+		- doc.ga ᵃ
+		- medicine.ga ᵃ
+		- sec.ga ᵃ
+
+		- giving ᵃ
+		- grid ʳ
+		- homepage ʳ
+
+		- aborg.lib ᵈ
+		- beta.lib ᵈ
+		- ci59.lib ᵈ
+		- donate.lib ᵈ
+		- drm.lib ʳ
+		- ejdb.lib ʳ
+		- elearning.lib ᵈ
+		- exam.lib ᵈ
+		- help.lib ᵈ
+		- jpndbs.lib ᵈ
+		- lcsrs.lib ʳ
+		- lostfound.lib ᵈ
+		- metacat.lib ᵈ
+		- newbooks.lib ᵈ
+		- ntur.lib ʳ
+		- primo.lib ʳ
+		- sg.lib ʳ
+		- speccoll.lib ᵈ
+		- suggestion.lib ʳ
+		- web.lib ᵈ
+		- webarchive.lib ᵈ
+
+		- ntlib.mc ʳ
+		- ntuml.mc ᵈ
+		- ntuvoip ʳ
+		- www.science ᵈ
+		- webmail ᵃ
+		- www ᵈ
+
+	ᵃ Shows another domain
+	ᵈ Dropped
+	ᵖ Plaintext reply
+	ʳ Refused
+
+
+	Problematic hosts in *ntu.edu.tw:
+
+		- kmsvpn.cc ᵘ
+		- epaper ˣ
+		- info ᵉ ᵘ
+		- www.inm ᵐ
+		- www.law ᵉ ˢ ᵘ
+
+	ᵉ Expired
+	ᵐ Mismatched
+	ˢ Self-signed
+	ᵘ Untrusted root
+	ˣ Mixed css
+
+
+	^ntu.edu.tw doesn't exist.
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .ntu.edu.tw
+		- host.cc.ntu.edu.tw
+		- mis.cc.ntu.edu.tw
+		- misweb.cc.ntu.edu.tw
+		- .wmail1.cc.ntu.edu.tw
+		- www.csie.ntu.edu.tw
+		- epaper.ntu.edu.tw
+		- galogin.ntu.edu.tw
+		- info.ntu.edu.tw
+		- info2.ntu.edu.tw
+		- www.inm.ntu.edu.tw
+		- www.law.ntu.edu.tw
+		- mail.ntu.edu.tw
+		- my.ntu.edu.tw
+		- tulips.ntu.edu.tw
+
+
+	Mixed content:
+
+		- css, on:
+
+			- epaper from $self ˢ
+			- galong from fonts.googleapis.com ˢ
+
+		- Images, on:
+
+			- epaper from $self ˢ
+			- epaper from aborg.lib.ntu.edu.tw ᵈ
+
+		- Bugs, on:
+
+			- www.cc, info from www.ntu.edu.tw ᵈ
+			- epaper from www.google.com ˢ
+
+	ᵈ Unsecurable <= dropped
+	ˢ Secured by us
+
+-->
+<ruleset name="NTU.edu.tw (partial)" default_off="failed ruleset test">
+
+	<target host="adfs.ntu.edu.tw" />
+
+	<target host="ann.cc.ntu.edu.tw" />
+	<target host="download.cc.ntu.edu.tw" />
+	<target host="host.cc.ntu.edu.tw" />
+	<target host="mis.cc.ntu.edu.tw" />
+	<target host="misweb.cc.ntu.edu.tw" />
+	<target host="oper.cc.ntu.edu.tw" />
+	<target host="web3.cc.ntu.edu.tw" />
+	<target host="wmail1.cc.ntu.edu.tw" />
+	<target host="www.cc.ntu.edu.tw" />
+
+	<target host="www.csie.ntu.edu.tw" />
+	<!--target host="epaper.ntu.edu.tw" /-->
+	<target host="galogin.ntu.edu.tw" />
+	<target host="info2.ntu.edu.tw" />
+	<target host="mail.ntu.edu.tw" />
+	<target host="meeting.ntu.edu.tw" />
+	<target host="my.ntu.edu.tw" />
+	<target host="sslvpn.ntu.edu.tw" />
+	<target host="sslvpn2.ntu.edu.tw" />
+	<target host="tulips.ntu.edu.tw" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.ntu\.edu\.tw$" name="^(?:III_EXPT_FILE|III_SESSION_ID|SESSION_LANGUAGE)$" /-->
+	<!--securecookie host="^(?:(?:host|mis|misweb)\.cc|info)\.ntu\.edu\.tw$" name="^ASPSESSIONID[A-Z]{8}$" /-->
+	<!--securecookie host="^\.wmail1\.cc\.ntu\.edu\.tw$" name="^(?:Horde|auth_key|imp_key)$" /-->
+	<!--securecookie host="^www\.(?:csie|inm)\.ntu\.edu\.tw$" name="^(?:RSS2_[\fa-f]{32}|Visit)$" /-->
+	<!--securecookie host="^(?:epaper|law)\.ntu\.edu\.tw$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^galogin\.ntu\.edu\.tw$" name="^_session_id$" /-->
+	<!--securecookie host="^(?:info2|my)\.ntu\.edu\.tw$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^mail\.ntu\.edu\.tw$" name="^(?:cadata|sessionid)$" /-->
+	<!--securecookie host="^tulips\.ntu\.edu\.tw$" name="^SESSION_SCOPE$" /-->
+
+	<securecookie host="^\w" name=".+" />
+	<securecookie host="^\.wmail1\.cc\.ntu\.edu\.tw$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NTVB-Media.xml b/src/chrome/content/rules/NTVB-Media.xml
index 485a8e2d1b7c..54ac3ebfde64 100644
--- a/src/chrome/content/rules/NTVB-Media.xml
+++ b/src/chrome/content/rules/NTVB-Media.xml
@@ -1,18 +1,31 @@
 <!--
-	!www times out
+	Mixed content:
+
+		- Image on (www.) from www.adobe.com ¹
+
+		- Bug on (www.) from stats.ntvbmedia.com ²
+
+
+	¹ Secured by us
+	² Unsecurable <= redirects to secure.iwantmytvmagazine.com
 
 -->
-<ruleset name="NTVB Media (partial)" platform="mixedcontent">
+<ruleset name="NTVB Media (partial)">
+
+	<target host="iwantmytvmagazine.com" />
+	<target host="secure.iwantmytvmagazine.com" />
+	<target host="www.iwantmytvmagazine.com" />
+
 
-	<target host="iwantmytvmagazine.com"/>
-	<target host="*.iwantmytvmagazine.com"/>
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^secure\.myhearstnewspaper\.com$" name="^session$" /-->
+	<!--securecookie host="^www\.myhearstnewspaper\.com$" name="^ASP\.NET_SessionId$" /-->
 
-	<securecookie host="^.*\.iwantmytvmagazine\.com$" name=".*"/>
+	<securecookie host=".*\.iwantmytvmagazine\.com$" name=".+" />
 
-	<rule from="^https?://(?:www\.)?iwantmytvmagazine\.com/"
-		to="https://www.iwantmytvmagazine.com/" />
 
-	<rule from="^http://secure\.iwantmytvmagazine\.com/"
-		to="https://secure.iwantmytvmagazine.com/"/>
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/NTVSpor.xml b/src/chrome/content/rules/NTVSpor.xml
index bf5277411619..3b189f605c01 100644
--- a/src/chrome/content/rules/NTVSpor.xml
+++ b/src/chrome/content/rules/NTVSpor.xml
@@ -1,8 +1,15 @@
-<ruleset name="NTVSpor" platform="mixedcontent">
-  <target host="www.ntvspor.net" />
-  <target host="ntvspor.net" />
-
-  <securecookie host="^(www\.)?ntvspor\.net$" name=".*" />
-
-  <rule from="^http://(www\.)?ntvspor\.net/" to="https://www.ntvspor.net/" />
-</ruleset>
\ No newline at end of file
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.ntvspor.net/ => https://www.ntvspor.net/: Too many redirects while fetching 'https://www.ntvspor.net/'
+Fetch error: http://ntvspor.net/ => https://www.ntvspor.net/: Too many redirects while fetching 'https://www.ntvspor.net/'
+
+-->
+<ruleset name="NTVSpor" platform="mixedcontent" default_off="failed ruleset test">
+  <target host="www.ntvspor.net" />
+  <target host="ntvspor.net" />
+
+  <securecookie host="^(?:www\.)?ntvspor\.net$" name=".+" />
+
+  <rule from="^http://(?:www\.)?ntvspor\.net/" to="https://www.ntvspor.net/" />
+</ruleset>
diff --git a/src/chrome/content/rules/NTpandp.com.xml b/src/chrome/content/rules/NTpandp.com.xml
deleted file mode 100644
index 55ed535fa262..000000000000
--- a/src/chrome/content/rules/NTpandp.com.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="NTpandp.com">
-
-	<target host="ntpandp.com" />
-	<target host="*.ntpandp.com" />
-
-
-	<securecookie host="^(?:w*\.)?ntpandp\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?ntpandp\.com/"
-		to="https://$1ntpandp.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/NURD.space.xml b/src/chrome/content/rules/NURD.space.xml
new file mode 100644
index 000000000000..4d788cd276e8
--- /dev/null
+++ b/src/chrome/content/rules/NURD.space.xml
@@ -0,0 +1,42 @@
+<!--
+	For other NURDspace coverage, see NURDspace.nl.xml.
+
+
+	(www.)?nurd.space: Shows another domain
+
+-->
+<ruleset name="NURD.space">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="public.nurd.space" />
+
+	<!--	Complications:
+				-->
+	<target host="nurd.space" />
+	<target host="www.nurd.space" />
+
+		<!--	/*(?!$|\?) 404s:
+					-->
+		<exclusion pattern="^http://(?:www\.)?nurd\.space/+(?!$|\?)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://nurd.space/home" />
+			<test url="http://nurd.space/home.htm" />
+			<test url="http://nurd.space/home.php" />
+			<test url="http://www.nurd.space/home" />
+			<test url="http://www.nurd.space/home.htm" />
+			<test url="http://www.nurd.space/home.php" />
+
+
+	<!--	Redirect drops args
+		and forward slash:
+					-->
+	<rule from="^http://(?:www\.)?nurd\.space/.*"
+		to="https://nurdspace.nl/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NURDspace.nl.xml b/src/chrome/content/rules/NURDspace.nl.xml
new file mode 100644
index 000000000000..d9f6b8876690
--- /dev/null
+++ b/src/chrome/content/rules/NURDspace.nl.xml
@@ -0,0 +1,25 @@
+<!--
+	Other NURDspace rulesets:
+
+		- NURD.space.xml
+
+
+	Problematic hosts in *nurdspace.nl:
+
+		- lists *
+
+	* Mismatched
+
+-->
+<ruleset name="NURDspace.nl (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="nurdspace.nl" />
+	<target host="www.nurdspace.nl" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NUUG.no.xml b/src/chrome/content/rules/NUUG.no.xml
new file mode 100644
index 000000000000..0855321d4482
--- /dev/null
+++ b/src/chrome/content/rules/NUUG.no.xml
@@ -0,0 +1,62 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+			 - archiver.nuug.no
+			 - dugnadsnett.nuug.no
+			 - fiksgatami-prod.nuug.no
+			 - fiksgatami2-dev.nuug.no
+			 - frikanalen.nuug.no
+			 - mapit.nuug.no
+			 - master.nuug.no
+			 - master2.nuug.no
+			 - portal.nuug.no
+			 - scraper.nuug.no
+			 - vert.nuug.no
+
+		Timeout was reached:
+			 - cserv.nuug.no
+			 - fiksgatami-dev.nuug.no
+			 - fiksgatami2-prod.nuug.no
+			 - sqldb.nuug.no
+
+		SSL peer certificate was not OK:
+			 - alaveteli-prod.nuug.no
+			 - bsd.nuug.no
+			 - foundation.nuug.no
+			 - freebsd.nuug.no
+			 - haugalandlug.nuug.no
+			 - login.nuug.no
+			 - munin.nuug.no
+			 - mx1.nuug.no
+			 - ns1.nuug.no
+			 - openbsd.nuug.no
+
+		Peer certificate cannot be authenticated with given CA certificates:
+			 - frikanalen-dev.nuug.no
+			 - tjener.nuug.no
+
+		Status code mismatch:
+			 - video.nuug.no (require auth)
+
+		4xx client error:
+			 - approve.nuug.no
+
+		5xx server error:
+			 - varnish.nuug.no
+-->
+<ruleset name="NUUG.no">
+	<target host="nuug.no" />
+	<target host="www.nuug.no" />
+	<target host="alaveteli-dev.nuug.no" />
+	<target host="home.nuug.no" />
+	<target host="hotell.nuug.no" />
+	<target host="lists.nuug.no" />
+	<target host="memberdb.nuug.no" />
+	<target host="nerdhaven.nuug.no" />
+	<target host="piwik.nuug.no" />
+	<target host="planet.nuug.no" />
+	<target host="rt.nuug.no" />
+	<target host="wiki.nuug.no" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/NV.ua.xml b/src/chrome/content/rules/NV.ua.xml
new file mode 100644
index 000000000000..b0a2e139bac0
--- /dev/null
+++ b/src/chrome/content/rules/NV.ua.xml
@@ -0,0 +1,31 @@
+<!--
+	Different HTTP/HTTPS content:
+		biz.dev.nv.ua
+		m.dev.nv.ua
+
+	Invalid certificate:
+		new.nv.ua
+		np.nv.ua
+
+	No working URL known:
+		ext.nv.ua
+
+	Refused connection:
+		biz.nv.ua
+		m.biz.nv.ua
+
+-->
+<ruleset name="NV.ua">
+	<target host="nv.ua"/>
+	<target host="www.nv.ua"/>
+	<target host="dev.nv.ua"/>
+	<target host="i.nv.ua"/>
+		<test url="http://i.nv.ua/theme/img/logo_mag.png"/>
+	<target host="m.nv.ua"/>
+	<target host="magazine.nv.ua"/>
+	<target host="magazine2.nv.ua"/>
+	<target host="mail.nv.ua"/>
+	<target host="projects.nv.ua"/>
+
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/NVMExpress.org.xml b/src/chrome/content/rules/NVMExpress.org.xml
new file mode 100644
index 000000000000..4cc0d250c399
--- /dev/null
+++ b/src/chrome/content/rules/NVMExpress.org.xml
@@ -0,0 +1,14 @@
+<!--
+	Invalid certificate:
+		- www.nvmexpress.org
+-->
+
+<ruleset name="NVMExpress.org">
+	<target host="nvmexpress.org" />
+	<target host="www.nvmexpress.org" />
+	<target host="workspace.nvmexpress.org" />
+
+	<rule from="^http://www\.nvmexpress\.org/"
+		to="https://nvmexpress.org/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/NV_Energy.com.xml b/src/chrome/content/rules/NV_Energy.com.xml
new file mode 100644
index 000000000000..c37eb0333996
--- /dev/null
+++ b/src/chrome/content/rules/NV_Energy.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="NV Energy.com">
+
+	<target host="nvenergy.com" />
+	<target host="www.nvenergy.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NVidia-mismatches.xml b/src/chrome/content/rules/NVidia-mismatches.xml
deleted file mode 100644
index e24a3403e7b5..000000000000
--- a/src/chrome/content/rules/NVidia-mismatches.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	For rules that are on by default, see NVidia.xml.
-
--->
-<ruleset name="nVidia (mismatches)" default_off="mismatched">
-
-	<target host="blogs.nvidia.com" />
-	<target host="shield.nvidia.com" />
-		<!--
-			Handled in NVidia.xml:
-						-->
-		<exclusion pattern="^http://blogs\.nvidia\.com/(?:favicon\.ico|wp-content/(?!.+\.css)|wp-includes/)" />
-		<exclusion pattern="^http://shield\.nvidia\.com/(?!favicon\.ico|images/|javascripts/)" />
-
-
-	<rule from="^http://(blogs|shield)\.nvidia\.com/"
-		to="https://$1.nvidia.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/NVidia.co.uk.xml b/src/chrome/content/rules/NVidia.co.uk.xml
new file mode 100644
index 000000000000..5e8f19408b3c
--- /dev/null
+++ b/src/chrome/content/rules/NVidia.co.uk.xml
@@ -0,0 +1,36 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://www.nvidia.co.uk/ (200) => https://www.nvidia.co.uk/ (504)
+Non-2xx HTTP code: http://nvidia.co.uk/ (200) => https://www.nvidia.co.uk/ (504)
+
+	For other nVidia coverage, see NVidia.xml.
+
+
+	Problematic hosts in *nvidia.co.uk:
+
+		- ^ ¹
+		- shield ²
+
+	¹ Refused
+	² Akamai
+
+-->
+<ruleset name="nVidia.co.uk (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.nvidia.co.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="nvidia.co.uk" />
+
+
+	<rule from="^http://nvidia\.co\.uk/"
+		to="https://www.nvidia.co.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NVidia.eu.xml b/src/chrome/content/rules/NVidia.eu.xml
new file mode 100644
index 000000000000..015a3f046e5d
--- /dev/null
+++ b/src/chrome/content/rules/NVidia.eu.xml
@@ -0,0 +1,31 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://nvidia.eu/ => https://nvidia.eu/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://partners.nvidia.eu/ => https://partners.nvidia.eu/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	For other nVidia coverage, see NVidia.xml.
+
+
+	Nonfunctional hosts in *nvidia.eu:
+
+		- support *
+
+	* Zendesk
+
+-->
+<ruleset name="nVidia.eu (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="nvidia.eu" />
+	<target host="contests.nvidia.eu" />
+	<target host="partners.nvidia.eu" />
+	<target host="services.nvidia.eu" />
+	<target host="www.nvidia.eu" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NVidia.ru.xml b/src/chrome/content/rules/NVidia.ru.xml
new file mode 100644
index 000000000000..de82be2f3eaf
--- /dev/null
+++ b/src/chrome/content/rules/NVidia.ru.xml
@@ -0,0 +1,30 @@
+<!--
+	For other NVidia coverage, see NVidia.xml.
+
+	Dropped:
+		- ^
+
+	504:
+		- www (except of /shield/)
+-->
+
+<ruleset name="NVidia.ru">
+	<target host="nvidia.ru" />
+	<target host="www.nvidia.ru" />
+	<target host="shield.nvidia.ru" />
+	<target host="store.nvidia.ru" />
+	<target host="support-shield.nvidia.ru" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://(www\.)?nvidia\.ru/shield/" to="https://www.nvidia.ru/shield/" />
+
+	<test url="http://nvidia.ru/shield/" />
+	<test url="http://www.nvidia.ru/shield/" />
+
+	<rule from="^http://(shield|store|support-shield)\.nvidia\.ru/" to="https://$1.nvidia.ru/" />
+
+	<!-- These exclusions are required for the tests to pass. -->
+	<exclusion pattern="^http://nvidia\.ru/$" />
+	<exclusion pattern="^http://www.nvidia\.ru/$" />
+</ruleset>
diff --git a/src/chrome/content/rules/NVidia.xml b/src/chrome/content/rules/NVidia.xml
index 47c56b5b3509..593174afa66f 100644
--- a/src/chrome/content/rules/NVidia.xml
+++ b/src/chrome/content/rules/NVidia.xml
@@ -1,14 +1,9 @@
 <!--
-	For problematic rules, see NVidia-mismatches.xml.
-
-
 	Other nVidia rulesets:
-
-		- 3D_Vision_Live.com.xml
-
+		- GeForce.com.xml
+		- NVidia.ru.xml
 
 	CDN buckets:
-
 		- nvidia.com.122.2o7.net
 
 		- nvidiaus.122.2o7.net/b/ss/nvidiausdev/1/
@@ -16,90 +11,186 @@
 			- omniture.nvidia.com
 
 		- blogs.nvidia.com.edgesuite.net
-
-			- a11.g1.akamai.net
-
+		- http.developer.nvidia.com.edgesuite.net
+		- developer.download.nvidia.com.edgesuite.net
+		- international.download.nvidia.com.edgesuite.net
+		- us.download.nvidia.com.edgesuite.net
 		- shield.nvidia.com.edgesuite.net
-
-			- a1017.g2.akamai.net
-
 		- www.nvidia.com.edgesuite.net
 
-			- a1650.g.akamai.net
-
-
 	Nonfunctional subdomains:
-
-		- forums		(503, akamai)
-		- origin-forums		(dropped)
-
+		- news.developer ²
+		- ngvpn04.nvidia.com ²
+		- ngvpn12.nvidia.com ²
+		- ngvpn15.nvidia.com ²
+		- ngvpn31.nvidia.com ²
+		- ngvpn32.nvidia.com ²
+		- ngvpn33.nvidia.com ²
+		- download.gfe ²
+		- download-dce-2.gfe ²
+		- investor ²
+		- origin-forums ²
+		- research.nvidia.com ³
+		- nbound.nvidia.com ¹
+
+	¹ 503
+	² Dropped
+	³ Redirects to HTTP
 
 	Problematic subdomains:
-
-		- ^		(times out)
-		- blogs *
-		- shield *
-		- www *
-
-	* Works, akamai
-
-
-	Partially covered subdomains:
-
-		- (www.) *
-		- blogs *
-		- shield *
-
-	* → akamai, avoiding user-visible paths
-
-
-	Fully covered subdomains:
-
-		- developer
-
+		- ^ ¹
+		- careers	403
+		- cdn ²
+		- cn ²
+		- http.developer ²
+		- developer.download ²
+		- us.download ²
+		- forums ³
+		- enterprisesupport	Missing certificate chain
+		- ftpservices-uk	Missing certificate chain
+		- ngvpn ²
+		- ngvpn17 ⁴
+		- nvidianews **
+		- omniture ⁴
+		- registration	Missing certificate chain
+		- support	Handshake fails
+		- support-shield ²
+
+	¹ Refused
+	² Works, akamai
+	³ Mismatched, CN: forums.geforce.com
+	** Mismatched
+	⁴ Expired
+
+
+	These altnames don't exist:
+		- account-stage.nvidia.com
+		- giveaways.nvidia.com
+
+
+	Insecure cookies are set for these domains and hosts:
+		- .nvidia.com
+		- developer.nvidia.com
+		- devtalk.nvidia.com
+		- enterprisesupport.nvidia.com
+		- gridforums.nvidia.com
+		- nbound.nvidia.com
+		- nvdeveloper.nvidia.com
+		- nvidianews.nvidia.com
+		- registration.nvidia.com
+
+
+	Mixed content:
+		- css on ngvpn from www.nvidia.com *
+
+		- Images, on:
+
+			- nvidianews from cms.ipressroom.com.s3.amazonaws.com
+			- ngvpn, nvidianews, www from www.nvidia.com *
+			- www from international.download.nvidia.com *
+
+		- favicon on shield from $self *
+
+		- Bugs, on:
+
+			- nvidianews from:
+
+				- s7.addthis.com *
+				- platform.linkedin.com *
+				- platform.twitter.com *
+
+			- store from omniture *
+			- www from \w+.fls.doubleclick.net
+			- www from media.fastclick.net *
+
+	* Secured by us
 -->
-<ruleset name="nVidia (partial) ">
 
+<ruleset name="nVidia.com (partial)">
+	<!--	Direct rewrites:
+				-->
+	<target host="account.nvidia.com" />
+	<target host="blogs.nvidia.com" />
+	<target host="careers.nvidia.com" />
+	<target host="contests.nvidia.com" />
+	<target host="developer.nvidia.com" />
+	<target host="devtalk.nvidia.com" />
+	<target host="download-cdn.gfe.nvidia.com" />
+	<target host="gridforums.nvidia.com" />
+	<target host="images.nvidia.com" />
+	<target host="ngvpn01.nvidia.com" />
+	<target host="ngvpn03.nvidia.com" />
+	<target host="ngvpn05.nvidia.com" />
+	<target host="ngvpn10.nvidia.com" />
+	<target host="ngvpn13.nvidia.com" />
+	<target host="ngvpn16.nvidia.com" />
+	<target host="ngvpn19.nvidia.com" />
+	<target host="ngvpn20.nvidia.com" />
+	<target host="ngvpn21.nvidia.com" />
+	<target host="ngvpn30.nvidia.com" />
+	<target host="ngvpn34.nvidia.com" />
+	<target host="ngvpn35.nvidia.com" />
+	<target host="ngvpn36.nvidia.com" />
+	<target host="ngvpn37.nvidia.com" />
+	<target host="partners.nvbugs.nvidia.com" />
+	<target host="nvdeveloper.nvidia.com" />
+	<target host="nvidianews.nvidia.com" />
+	<target host="partners.nvidia.com" />
+	<target host="es.pforce.nvidia.com" />
+	<target host="redeem.nvidia.com" />
+	<!--target host="registration.nvidia.com" /-->
+	<target host="shield.nvidia.com" />
+	<target host="store.nvidia.com" />
+	<target host="www.nvidia.com" />
+
+	<!--	Complications:
+				-->
 	<target host="nvidia.com" />
-	<target host="*.nvidia.com" />
-		<!--
-			Avoid user-visible paths:
-							-->
-		<!--exclusion pattern="^http://(?:www\.)?nvidia\.com/(?!content/|docs/.+\.(jpg|png)$|Download/NvidiaDownload\.css|favicon\.ico|props/)" /-->
-		<!--exclusion pattern="^http://blogs\.nvidia\.com/(?!favicon\.ico|wp-content/|wp-includes/)" /-->
-		<!--exclusion pattern="^http://shield\.nvidia\.com/(?!favicon\.ico|images/|javascripts/|stylesheets/)" /-->
-		<!--
-			Some stylesheets link images relative to /
-									-->
-		<exclusion pattern="^http://(?:www\.)?nvidia\.com/content/(?!.+/global-nav-home|.+/masthead-oldtemplate|.+/nvidia_nav_us|.+/reset-min|.+/share-2013).+\.css" />
-		<!--exclusion pattern="^http://blogs\.nvidia\.com/wp-content/.+\.css" /-->
-		<!--exclusion pattern="^http://shield\.nvidia\.com/stylesheets/(?!normalize\.min\.css)" /-->
-		<!--
-			Some pages redirect to http.
-							-->
-		<exclusion pattern="^http://store\.nvidia\.com/(?!DRHM/)" />
 
+	<target host="forums.nvidia.com" />
+	<target host="nsomniture.nvidia.com" />
 
-	<securecookie host="^(?:\.?developer|\.?devtalk|nvidianews)\.nvidia\.com$" name=".+" />
-	<!--
-		Omniture tracking cookies:
-						-->
-	<securecookie host="^\.store\.nvidia\.com$" name="^s_\w+$" />
+		<!--	Some pages redirect to http.
+							-->
+		<exclusion pattern="^http://store\.nvidia\.com/(?!DRHM/|store\?Action=(?:DisplayEditProfilePage|DisplayHelpPage)(?:$|&amp;)|sstore\?)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://store.nvidia.com/store?Action=DisplayReturnAndCancellationsPage&amp;Locale=it_IT&amp;SiteID=nvidia" />
+			<test url="http://store.nvidia.com/store/defaults/ru_RU/DisplayDRTermsAndConditionsPage" />
+			<test url="http://store.nvidia.com/store/nvidia/it_IT/contact" />
+			<test url="http://store.nvidia.com/store/nvidiamr/en_GB/Content/pbPage.mental-ray" />
+			<test url="http://store.nvidia.com/store/nvidia/en_US/list/ThemeID.326200/categoryID.57244200" />
+			<test url="http://store.nvidia.com/store?Action=DisplayHomePage&amp;Locale=en_US&amp;SiteID=nvidia" />
+			<test url="http://store.nvidia.com/store/nvidia/en_US/custom/pbPage.ShieldTabletPage" />
+
+			<!--	-ve:
+					-->
+			<test url="http://store.nvidia.com/DRHM/Storefront/Site/nvidia/pb/multimedia/dojo/css/fonts.css" />
+			<test url="http://store.nvidia.com/DRHM/servlet/SecureControllerServlet?Action=DisplayHomePage&amp;SiteID=nvidia&amp;locale=en_US" />
+			<test url="http://store.nvidia.com/sstore?Action=DisplayHomePage&amp;SiteID=nvidia&amp;locale=en_US" />
 
+		<!--
+			XXX Chrome specific rule to workaround issues
+			https://github.com/EFForg/https-everywhere/issues/793
+			https://code.google.com/p/chromium/issues/detail?id=122548
+			https://github.com/EFForg/https-everywhere/issues/4028
+		-->
+		<exclusion pattern="^http://www\.nvidia\.com/(download|content)/" />
+		<test url="http://www.nvidia.com/download/driverResults.aspx/97765/en-us" />
+		<test url="http://www.nvidia.com/content/DriverDownload-March2009/confirmation.php?url=/Windows/361.75/361.75-desktop-win10-64bit-international-whql.exe&amp;lang=us&amp;type=GeForce" />
 
-	<rule from="^http://(?:www\.)?nvidia\.com/(?=content/|docs/.+\.(?:jp|pn)g$|Download/NvidiaDownload\.css|favicon\.ico|props/)"
-		to="https://a248.e.akamai.net/f/1650/3297/9h/www.nvidia.com/" />
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://blogs\.nvidia\.com/(?=favicon\.ico|wp-content/(?!.+\.css)|wp-includes/)"
-		to="https://a248.e.akamai.net/f/11/2817/6m/blogs.nvidia.com/" />
+	<rule from="^http://nvidia\.com/"
+		to="https://www.nvidia.com/" />
 
-	<rule from="^http://(developer|devtalk|nvidianews|omniture|store)\.nvidia\.com/"
-		to="https://$1.nvidia.com/" />
+	<rule from="^http://forums\.nvidia\.com/"
+		to="https://forums.geforce.com/" />
 
 	<rule from="^http://nsomniture\.nvidia\.com/"
-		to="https://nvidia-com.122.2o7.net/" />
-
-	<rule from="^http://shield\.nvidia\.com/(?=favicon\.ico|images/|javascripts/|stylesheets/normalize\.min\.css)"
-		to="https://a248.e.akamai.net/f/1017/6644/6h/shield.nvidia.com/" />
+		to="https://nvidia.122.2o7.net/" />
 
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/NVisium.com.xml b/src/chrome/content/rules/NVisium.com.xml
new file mode 100644
index 000000000000..8f9a78ef40a8
--- /dev/null
+++ b/src/chrome/content/rules/NVisium.com.xml
@@ -0,0 +1,24 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://blog.nvisium.com/ => https://blog.nvisium.com/: (6, 'Could not resolve host: blog.nvisium.com')
+
+	Mixed content:
+
+		- Image on blog from \d.bp.blogspot.com ˢ
+		- favicon on blog from $self ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="NVisium.com" default_off="failed ruleset test">
+
+	<target host="nvisium.com" />
+	<target host="blog.nvisium.com" />
+	<target host="www.nvisium.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NXBus.co.uk.xml b/src/chrome/content/rules/NXBus.co.uk.xml
new file mode 100644
index 000000000000..3f36c07a4c8c
--- /dev/null
+++ b/src/chrome/content/rules/NXBus.co.uk.xml
@@ -0,0 +1,7 @@
+<ruleset name="NXBus.co.uk">
+	<target host="nxbus.co.uk" />
+	<target host="secure.nxbus.co.uk" />
+	<target host="www.nxbus.co.uk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/NXTblocks.info.xml b/src/chrome/content/rules/NXTblocks.info.xml
new file mode 100644
index 000000000000..bd5e8a04ce5c
--- /dev/null
+++ b/src/chrome/content/rules/NXTblocks.info.xml
@@ -0,0 +1,12 @@
+<ruleset name="NXTblocks.info">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="nxtblocks.info" />
+	<target host="www.nxtblocks.info" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NY-Tech-Meetup.xml b/src/chrome/content/rules/NY-Tech-Meetup.xml
index a5843a7fc79c..9ab4e9e9bd01 100644
--- a/src/chrome/content/rules/NY-Tech-Meetup.xml
+++ b/src/chrome/content/rules/NY-Tech-Meetup.xml
@@ -1,4 +1,4 @@
-<ruleset name="NY Tech Meetup (partial)" default_off="mismatch">
+<ruleset name="NY Tech Meetup (partial)" default_off="mismatched">
 
 	<!--	gridserver.com	-->
 	<target host="nytm.org"/>
diff --git a/src/chrome/content/rules/NYAquarium.com.xml b/src/chrome/content/rules/NYAquarium.com.xml
new file mode 100644
index 000000000000..411492318a0a
--- /dev/null
+++ b/src/chrome/content/rules/NYAquarium.com.xml
@@ -0,0 +1,15 @@
+<!--
+	Invalid certificate:
+		www.nyaquarium.org
+		m.nyaquarium.org
+		pages.nyaquarium.org
+		transform-dev.nyaquarium.org
+-->
+<ruleset name="NYAquarium">
+	<target host="nyaquarium.com" />
+	<target host="transform.nyaquarium.com" />
+
+	<securecookie host="^(transform\.)?nyaquarium\.com$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/NYCLA.org.xml b/src/chrome/content/rules/NYCLA.org.xml
new file mode 100644
index 000000000000..6fb4c4a3ea40
--- /dev/null
+++ b/src/chrome/content/rules/NYCLA.org.xml
@@ -0,0 +1,14 @@
+<ruleset name="NYCLA.org">
+
+	<target host="nycla.org" />
+	<target host="www.nycla.org" />
+
+
+	<!--securecookie host="^(www\.)?nycla\.org$" name="^(CFID|CFTOKEN|USERID)$" /-->
+
+	<securecookie host="^(?:www\.)?nycla\.org$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NYDailyNews.com-falsemixed.xml b/src/chrome/content/rules/NYDailyNews.com-falsemixed.xml
new file mode 100644
index 000000000000..4c93a2e949a5
--- /dev/null
+++ b/src/chrome/content/rules/NYDailyNews.com-falsemixed.xml
@@ -0,0 +1,26 @@
+<!--
+	For rules not causing false/broken MCB, see NYDailyNews.xml.
+
+	Server error:
+		- nydailynews.com/(autos|horoscopes)
+
+	SSL error:
+		- nydailynews.com, equivalent to www.nydailynews.com
+-->
+
+<ruleset name="NYDailyNews (false MCB)" platform="mixedcontent">
+
+	<target host="nydailynews.com" />
+	<target host="www.nydailynews.com" />
+
+	<rule from="^http://nydailynews\.com/"
+		  to="https://www.nydailynews.com/" />
+
+	<exclusion pattern="^http://www\.nydailynews\.com/(autos|horoscopes)" />
+		<test url="http://www.nydailynews.com/autos" />
+		<test url="http://www.nydailynews.com/autos/" />
+		<test url="http://www.nydailynews.com/horoscopes" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NYDailyNews.xml b/src/chrome/content/rules/NYDailyNews.xml
index b7f75c9935e7..aaee3f6af7cf 100644
--- a/src/chrome/content/rules/NYDailyNews.xml
+++ b/src/chrome/content/rules/NYDailyNews.xml
@@ -1,45 +1,70 @@
 <!--
+	For rules causing false/broken MCB, see NYDailyNews.com-falsemixed.xml.
+
+
 	CDN buckets:
 
+		- casmp.adperfect.com
+
+			- classifieds
+
 		- dailynews.vo.llnwd.net
 
 			- .hs. doesn't exist
 			- assets
 			- multimedia
-			- static[123]
 
 
 	Nonfunctional subdomains:
 
+		- assets: Invalid certificate. Also causes CORS problem, see https://github.com/EFForg/https-everywhere/pull/11514
+		- classifieds: Works; mismatched, CN: *.adperfect.com
+		- creative.nydailynews.com: Works; mismatched, CN: *.creatavist.com
+		- games.nydailynews.com: Timed out
+		- homedelivery.nydailynews.com: Self-signed certificate
+		- interactive.nydailynews.com: 500; mismatched, CN: a248.e.akamai.net
+		- live.nydailynews.com: Works; mismatched, CN: *.scribblelive.com
+		- liveblog.nydailynews.com: Works; mismatched, CN: *.scribblelive.com
+		- local.nydailynews.com: Works; mismatched, CN: *.localedge.com
+		- m: Invalid certificate
 		- multimedia *
+		- obituaries: 400; mismatched, CN: *.legacy.com
+		- video: Works; mismatched, CN: *.newsinc.com
+		- webport1.nydailynews.com:8443: Chain issue (missing intermediate certificate)
 
-	* 400; mismatched, CN: *.hs.llnwd.net
-
+	* 400; mismatched, CN: a248.e.akamai.net
 
-	Problematic subdomains:
 
-		- assets *
-		- static[123] *
+	Mixed content:
 
-	* 400; mismatched, CN: *.hs.llnwd.net
+		- css, on:
 
+			- classifieds from *.cloudfront.net *
+			- www from assets
 
-	Mixed image on www from multimedia
+		- Images, on:
 
--->
-<ruleset name="NYDailyNews" platform="mixedcontent">
+			- classifieds from *.cloudfront.net *
 
-	<target host="nydailynews.com" />
-	<target host="*.nydailynews.com" />
 
+		Web bugs, on www from:
 
-	<securecookie host="^[^@:/]*\.nydailynews\.com$" name=".+" />
+			- assets
+			- www.facebook.com *
+			- cdn.gigya.com *
+			- pixel.quantserve.com *
+			- b.scorecardresearch.com *
+			- i.simpli.fi *
 
+	* Secured by us
+-->
 
-	<rule from="^http://(?:(?:assets|static\d|www)\.)?nydailynews\.com/"
-		to="https://www.nydailynews.com/" />
+<ruleset name="NYDailyNews (partial)">
+	<target host="beta.nydailynews.com" />
+	<target host="myaccount2.nydailynews.com" />
+	<target host="placeanad.nydailynews.com" />
 
-	<rule from="^http://classifiedads\.nydailynews\.com/"
-		to="https://classifiedads.nydailynews.com/" />
+	<securecookie host="^[^@:/]*\.nydailynews\.com$" name=".+" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/NYI.net-falsemixed.xml b/src/chrome/content/rules/NYI.net-falsemixed.xml
new file mode 100644
index 000000000000..6d4f4c68a601
--- /dev/null
+++ b/src/chrome/content/rules/NYI.net-falsemixed.xml
@@ -0,0 +1,19 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://webmail.nyi.net/ => https://webmail.nyi.net/: (28, 'Connection timed out after 20000 milliseconds')
+
+	For rules not causing broken MCB, see NYI.net.xml.
+
+-->
+<ruleset name="NYI.net (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="webmail.nyi.net" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NYI.net.xml b/src/chrome/content/rules/NYI.net.xml
new file mode 100644
index 000000000000..9e44be313fb5
--- /dev/null
+++ b/src/chrome/content/rules/NYI.net.xml
@@ -0,0 +1,58 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://webmail.nyi.net/webmailimages/sm_logo_tp.png => https://webmail.nyi.net/webmailimages/sm_logo_tp.png: (28, 'Connection timed out after 20001 milliseconds')
+
+	For rules causing broken MCB, see NYI.net-falsemixed.xml.
+
+
+	Problematic hosts in *nyi.net:
+
+		- webmail *
+
+	* Mixed css
+
+
+	Fully covered hosts in *nyi.net:
+
+		- (www.)?
+		- my
+		- quotes
+
+
+	Mixed content:
+
+		- css on webmail from www.nyi.net *
+		- Images on webmail, www from www.nyi.net *
+
+	* Secured by us
+
+-->
+<ruleset name="NYI.net (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="nyi.net" />
+	<target host="my.nyi.net" />
+	<target host="quotes.nyi.net" />
+	<target host="webmail.nyi.net" />
+	<target host="www.nyi.net" />
+
+		<!--	Avoid broken MCB:
+						-->
+		<exclusion pattern="^http://webmail\.nyi\.net/+(?!webmailimages/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://webmail.nyi.net/?" />
+			<test url="http://webmail.nyi.net//" />
+
+			<!--	-ve:
+					-->
+			<test url="http://webmail.nyi.net/webmailimages/sm_logo_tp.png" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NYK.eu.xml b/src/chrome/content/rules/NYK.eu.xml
new file mode 100644
index 000000000000..4240cf33335a
--- /dev/null
+++ b/src/chrome/content/rules/NYK.eu.xml
@@ -0,0 +1,17 @@
+<!--
+	Cert mismatch on ^
+-->
+<ruleset name="NowYouKnow">
+
+	<target host="nowyouknow.eu" />
+	<target host="www.nowyouknow.eu" />
+
+	<target host="cdn.nowyouknow.eu" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://(www\.)?nowyouknow\.eu/" to="https://www.nowyouknow.eu/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/NYK_Europe.com-falsemixed.xml b/src/chrome/content/rules/NYK_Europe.com-falsemixed.xml
new file mode 100644
index 000000000000..16d8d5bf31f7
--- /dev/null
+++ b/src/chrome/content/rules/NYK_Europe.com-falsemixed.xml
@@ -0,0 +1,31 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://nykeurope.com/ => https://nykeurope.com/: Too many redirects while fetching 'https://nykeurope.com/'
+
+-->
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://nykeurope.com/ => https://nykeurope.com/: Too many redirects while fetching 'https://nykeurope.com/'
+
+	For rules not causing mixed content, see NYK_Europe.com.xml.
+
+-->
+<ruleset name="NYK Europe.com (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
+
+	<target host="nykeurope.com" />
+	<target host="*.nykeurope.com" />
+		<!--
+			Handled in NYK_Europe.com.xml:
+							-->
+		<!--exclusion pattern="^http://(www\.)?nykeurope\.com/+(favicon\.ico|images/|media/|modules/|templates/)" /-->
+
+
+	<securecookie host="^(?:w*\.)?nykeurope\.com$" name=".+" />
+
+
+	<rule from="^http://(www\.)?nykeurope\.com/(?!favicon\.ico|images/|media/|modules/|templates/)"
+		to="https://$1nykeurope.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NYK_Europe.com.xml b/src/chrome/content/rules/NYK_Europe.com.xml
new file mode 100644
index 000000000000..4709289b94c7
--- /dev/null
+++ b/src/chrome/content/rules/NYK_Europe.com.xml
@@ -0,0 +1,33 @@
+<!--
+	For rules causing mixed content, see NYK_Europe.com-falsemixed.xml.
+
+
+	Mixed content:
+
+		- Script from ajax.cloudflare.com ¹
+
+		- css from (www.) ¹
+
+		- Images, from:
+
+			- (www.) ¹
+			- www.seafarers-uk.org ²
+
+	¹ Secured by us
+	² Unsecurable
+
+-->
+<ruleset name="NYK Europe.com (partial)">
+
+	<target host="nykeurope.com" />
+	<target host="www.nykeurope.com" />
+		<!--
+			Avoid false/broken MCB:
+						-->
+		<!--exclusion pattern="^http://(www\.)?nykeurope\.com/+(?!favicon\.ico|images/|media/|modules/|templates/)" /-->
+
+
+	<rule from="^http://(www\.)?nykeurope\.com/(?=favicon\.ico|images/|media/|modules/|templates/)"
+		to="https://$1nykeurope.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NYMag.com.xml b/src/chrome/content/rules/NYMag.com.xml
new file mode 100644
index 000000000000..9b215b2a3b13
--- /dev/null
+++ b/src/chrome/content/rules/NYMag.com.xml
@@ -0,0 +1,17 @@
+<!--
+	SSL protocol error:
+		- mediakit.nymag.com
+-->
+
+<ruleset name="NYMag.com">
+	<target host="nymag.com" />
+	<target host="www.nymag.com" />
+	<target host="images.nymag.com" />
+	<target host="subs.nymag.com" />
+	<target host="taste.nymag.com" />
+	<target host="test.nymag.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/NYSE_Euronext.xml b/src/chrome/content/rules/NYSE_Euronext.xml
index 864fddbf2f78..858e33897eb4 100644
--- a/src/chrome/content/rules/NYSE_Euronext.xml
+++ b/src/chrome/content/rules/NYSE_Euronext.xml
@@ -1,4 +1,14 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://nyx.com/ => https://www.nyx.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+-->
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://nyx.com/ => https://www.nyx.com/: (28, 'Resolving timed out after 10519 milliseconds')
+
 	Problematic subdomains:
 
 		- ^	(times out)
@@ -22,10 +32,23 @@
 		- usequities
 
 -->
-<ruleset name="NYSE Euronext">
+<ruleset name="NYSE Euronext" default_off="failed ruleset test">
 
 	<target host="nyx.com" />
-	<target host="*.nyx.com" />
+	<target host="www.nyx.com" />
+	<target host="bonds.nyx.com" />
+	<target host="connect.nyx.com" />
+	<target host="corporate.nyx.com" />
+	<target host="etp.nyx.com" />
+	<target host="euconsumer.nyx.com" />
+	<target host="europeanequities.nyx.com" />
+	<target host="exchanges.nyx.com" />
+	<target host="globalderivatives.nyx.com" />
+	<target host="indices.nyx.com" />
+	<target host="markets.nyx.com" />
+	<target host="nyse.nyx.com" />
+	<target host="nysetechnologies.nyx.com" />
+	<target host="usequities.nyx.com" />
 
 
 	<securecookie host="^(?:bonds|connect|etp|euconsumer|europeanequities|exchanges|globalderivatives|indices|markets|nyse|nysetechnologies|usequities|www)\.nyx\.com$" name=".+" />
@@ -34,7 +57,6 @@
 	<rule from="^http://(?:www\.)?nyx\.com/"
 		to="https://www.nyx.com/" />
 
-	<rule from="^http://(bonds|connect|corporate|etp|euconsumer|europeanequities|exchanges|globalderivatives|indices|markets|nyse|nysetechnologies|usequities)\.nyx\.com/"
-		to="https://$1.nyx.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/NYT.com.xml b/src/chrome/content/rules/NYT.com.xml
new file mode 100644
index 000000000000..3f36ae4998bf
--- /dev/null
+++ b/src/chrome/content/rules/NYT.com.xml
@@ -0,0 +1,44 @@
+<!--
+	For other New York Times coverage, see NYTimes.xml.
+
+	Mismatch:
+		js.nyt.com.edgesuite.net	( Akamai )
+
+	Too many redirects:
+		^
+		www.nyt.com
+		m.nyt.com
+-->
+<ruleset name="NYT.com">
+	<target host="nyt.com" />
+	<target host="www.nyt.com" />
+	<rule from="^http://(www\.)?nyt\.com/" to="https://www.nytimes.com/" />
+
+	<target host="m.nyt.com" />
+	<rule from="^http://m\.nyt\.com/" to="https://mobile.nytimes.com/" />
+
+	<!--	Directly:	-->
+	<target host="a1.nyt.com" />
+	<target host="cdn1.nyt.com" />
+	<target host="cdn2.nyt.com" />
+	<target host="css.nyt.com" />
+	<target host="i1.nyt.com" />
+	<target host="int.nyt.com" />
+	<target host="js.nyt.com" />
+	<target host="s1.nyt.com" />
+	<target host="static01.nyt.com" />
+	<target host="static02.nyt.com" />
+	<target host="typeface.nyt.com" />
+
+		<test url="http://a1.nyt.com/assets/collection/20160620-123406/js/foundation/main.js" />
+		<test url="http://cdn1.nyt.com/images/2016/04/22/us/22CRUZ/22CRUZ-articleLarge.jpg" />
+		<test url="http://css.nyt.com/images/nytco/INFOIcon.png" />
+		<test url="http://i1.nyt.com/images/global/buttons/moth_forward.gif" />
+		<test url="http://int.nyt.com/data/weekend_reads/weekendreads-20151221-v1.js" />
+		<test url="http://js.nyt.com/video/vhs/build/vhs-2.x.js" />
+		<test url="http://s1.nyt.com/ugc/comments/commentData.json" />
+		<test url="http://static01.nyt.com/images/2017/03/30/insider/30-Insider-ChinaSmith-Image/30-Insider-ChinaSmith-Image-articleLarge.jpg" />
+		<test url="http://typeface.nyt.com/css/zam5nzz.css" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/NYT_Co.com.xml b/src/chrome/content/rules/NYT_Co.com.xml
new file mode 100644
index 000000000000..7b8a083bd965
--- /dev/null
+++ b/src/chrome/content/rules/NYT_Co.com.xml
@@ -0,0 +1,38 @@
+<!--
+	For other New York Times coverage, see
+		+ NYTimes.xml
+
+	Non-functional hosts
+		Couldn't connect to server:
+		- nytco.com
+		- www.nytco.com
+		- access.nytco.com
+		- careers.nytco.com
+		- jobs.nytco.com
+
+		Timeout was reached:
+		- ab.nytco.com
+		- chat.nytco.com
+		- concurexpense.nytco.com
+		- connect.nytco.com
+		- das.nytco.com
+		- eas.nytco.com
+		- news.nytco.com
+		- sip.nytco.com
+
+		SSL peer certificate was not OK:
+		- graphics8.nytco.com
+		- investors.nytco.com
+
+		Incomplete certificate chain error:
+		- myexpenses.nytco.com
+-->
+<ruleset name="NYT Co.com (partial)" default_off="cert-invalid">
+	<target host="graphics8.nytco.com" />
+	<target host="investors.nytco.com" />
+	<target host="myexpenses.nytco.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/NYT_Style.com.xml b/src/chrome/content/rules/NYT_Style.com.xml
new file mode 100644
index 000000000000..0f5c9e914fc8
--- /dev/null
+++ b/src/chrome/content/rules/NYT_Style.com.xml
@@ -0,0 +1,17 @@
+<!--
+	For other New York Times coverage, see NYTimes.xml.
+
+	Not exist:
+		^
+		www
+
+	Mixed content without broken:
+		cn.nytstyle.com	( On $ from graphics8.nytimes.com and js.nyt.com, secured by us. )
+-->
+<ruleset name="NYT_Style.com">
+	<target host="cn.nytstyle.com" />
+	<target host="m.cn.nytstyle.com" />
+		<test url="http://m.cn.nytstyle.com/travel/20170331/maldives-tourism-beach-erosion/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/NYT_cn.me.xml b/src/chrome/content/rules/NYT_cn.me.xml
new file mode 100644
index 000000000000..4bce462a2354
--- /dev/null
+++ b/src/chrome/content/rules/NYT_cn.me.xml
@@ -0,0 +1,15 @@
+<!--
+	For other New York Times coverage, see NYTimes.xml.
+
+	Not exist:
+		www
+
+	Timeout:
+		^
+-->
+<ruleset name="NYT_cn.me">
+	<target host="sso.nytcn.me" />
+		<test url="http://sso.nytcn.me/assets/js/subscribe.js" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/NYT_eXaminer.com.xml b/src/chrome/content/rules/NYT_eXaminer.com.xml
new file mode 100644
index 000000000000..30927efe143e
--- /dev/null
+++ b/src/chrome/content/rules/NYT_eXaminer.com.xml
@@ -0,0 +1,11 @@
+<!--
+	For other New York Times coverage, see NYTimes.xml.
+-->
+<ruleset name="NYT_eXaminer.com">
+	<target host="nytexaminer.com" />
+	<target host="www.nytexaminer.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/NYTimes.xml b/src/chrome/content/rules/NYTimes.xml
index 256816dc6afe..feffd672a6ec 100644
--- a/src/chrome/content/rules/NYTimes.xml
+++ b/src/chrome/content/rules/NYTimes.xml
@@ -1,157 +1,97 @@
 <!--
-	NB: https prevents comment threads from
-	loading, with or https-everywhere.
-
-
 	Other New York Times rulesets:
-
-		- The_Boston_Globe.xml
-
+		- NewYorkTimes.com.xml
+		- NYT.com.xml
+		- NYT_cn.me.xml
 
 	CDN buckets:
-
 		- pimage.timespeople.nytimes.com.amazonaws.com
-
 			- pimage.timespeople.nytimes.com
-
 		- pnytimes.chartbeat.net
-		- js.nyt.com.edgesuite.net
 		- graphics478.nytimes.com.edgesuite.net
 		- json8.nytimes.com.edgesuite.net
 
-
-	Nonfunctional domains:
-
-		- (www.)nytco.com
-
-		- nytimes.com subdomains:
-
-			- firstlook.blogs *
-			- dealbook
-			- documents
-			- dealbook.on
-			- firstlook *
-			- query		(redirects to www, valid cert)
-			- topics
-
-	* No https
-
-
-	Problematic domains:
-
-		- pimage.timespeople.nytimes.com	(amazonaws)
-
-
-	Fully covered domains:
-
-		- nytimes.com subdomains:
-
-			- et
-			- graphics
-			- markets.on
-			- meter-svc
-			- tagx
-			- pimage.timespeople	(→ amazonaws)
-
-
-	This ruleset currently prevents comment threads loading.  Example:
-
-		nytimes.com/2013/07/07/us/in-secret-court-vastly-broadens-powers-of-nsa.html?target=comments
+	Nonfunctional hosts in *nytimes.com:
+		- eedition ⁴
+		- dealbook.on ʳ
+		- spiderbites ᵈ
+		- topics ʳ
+    - messaging-notifications.api.nytimes.com ⁴
+	⁴ 404
+	ᵈ Dropped
+	ʳ Refused
+
+	Problematic hosts in *nytimes.com:
+		- content.api ᶜ
+		- beta620 ʰ
+		- developers ᶜ
+		- elections ᵐ
+		- www.global ᵐ
+		- json8 ʰ
+		- travels ʰ
+		- wt.o ᵐ
+		- pimage.timespeople ¹
+	¹ AmazonAWS / mismatched
+	ᶜ Missing certificate chain
+	ᵈ Dropped, preemptable redirect
+	ʰ Redirects to http
+	ᵐ Mismatched
+	⁴ Mixed css
+	² Mixed content (iframe)
+
+	Too many redirects:
+		homedelivery.nytimes.com
 
 -->
-<ruleset name="NYTimes (breaks comments)" default_off="comment threads fail to load" platform="mixedcontent">
-
-	<target host="newyorktimes.com" />
-	<target host="www.newyorktimes.com" />
-	<target host="nyt.com" />
-	<target host="*.nyt.com" />
+<ruleset name="NYTimes">
 	<target host="nytimes.com" />
-	<target host="*.nytimes.com" />
-		<exclusion pattern="^http://(?:www\.)?nytimes\.com/(?:200[0-4]|info)/" />
-		<exclusion pattern="^http://(?:www\.)?nytimes\.com/(?:roomfordebate|services/xml/rss/index\.html)" />
-		<!--
-			404s over https.
-
-			https://mail1.eff.org/pipermail/https-everywhere/2012-June/001448.html
-												-->
-		<exclusion pattern="^http://(?:www\.)?nytimes\.com/svc/community/V3/requestHandler(?:$|\?)" />
-		<!--
-			404s when rewritten to www:
-							-->
-		<exclusion pattern="^https?://graphics8\.nytimes\.com/bi/js/tagx/tagx\.js" />
-		<!--
-			Breaks slideshow.
-
-				- Lens/data/\d{8}POD.xml redirects to login page
-				- Lens/swfs/ & Lens/lens_post.swf fail to load
-										-->
-		<exclusion pattern="^https?://graphics8\.nytimes\.com/packages/flash/multimedia/" />
-
-
-	<!--	Other cross-domain cookies:
-
-			- nyt-a
-			- nyt-m		(set by meter-svc)
-			- nyt-recommend
-			- nyt5_disable
-			- RMID *
-			- tagx-[lps]
-			- WT_FPC
-
-		* Used on mobile.
-
-	NYT-S is the paywall cookie. Securing it may break random bits of the NYTimes site:
-
-		https://trac.torproject.org/projects/tor/ticket/7690
-
-	<securecookie host="^\.nytimes\.com$" name="^NYT-S$" />
-
-		Tracking cookies:
-					-->
-	<securecookie host="^\.nytimes\.com$" name="^(?:adxc\w|_chartbeat2)$" />
-	<securecookie host="^(?:homedelivery|markets\.on|wt\.o)\.nytimes\.com$" name=".+" />
-
+	<target host="www.nytimes.com" />
 
-	<rule from="^http://(?:www\.)?newyorktimes\.com/"
-		to="https://www.nytimes.com/" />
+	<target host="ads.nytimes.com" />
+	<!-- <target host="messaging-notifications.api.nytimes.com" /> -->
+	<target host="firstlook.blogs.nytimes.com" />
+	<target host="lens.blogs.nytimes.com" />
+	<target host="newoldage.blogs.nytimes.com" />
 
-	<rule from="^http://(?:www\.)?nyt(?:imes)?\.com/"
-		to="https://www.nytimes.com/" />
+	<target host="cn.nytimes.com" />
 
-	<rule from="^http://(?:css|i1|js)\.nyt\.com/"
-		to="https://www.nytimes.com/" />
+	<target host="dealbook.nytimes.com" />
+	<target host="developers.nytimes.com" />
+	<target host="documents.nytimes.com" />
 
-	<rule from="^http://\w+\.blogs\.nytimes\.com/favicon\.ico"
-		to="https://www.nytimes.com/favicon.ico" />
+	<target host="et.nytimes.com" />
 
-	<rule from="^http://(et|global|graphics|homedelivery|meter-svc|mirror-svc|myaccount|wt\.o|markets\.on|static|tagx|up)\.nytimes\.com/"
-		to="https://$1.nytimes.com/" />
+	<target host="graphics.nytimes.com" />
+		<test url="http://graphics.nytimes.com/subscriptions/components/img/icons/icons_gift.png" />
+	<target host="graphics8.nytimes.com" />
+		<test url="http://graphics8.nytimes.com/bi/js/tagx/tagx.js" />
+		<test url="http://graphics8.nytimes.com/css/common/global.css" />
+		<test url="http://graphics8.nytimes.com/images/blogs_v5/artsbeat/artsbeat_main.png" />
+		<test url="http://graphics8.nytimes.com/images/misc/nytlogo153x23.gif" />
 
-	<rule from="^http://graphics\d\.nytimes\.com/"
-		to="https://www.nytimes.com/" />
+	<target host="international.nytimes.com" />
 
-	<rule from="^http://jobmarket\.nytimes\.com/(adx|images)/"
-		to="https://www.nytimes.com/$1/" />
+	<target host="jobs.nytimes.com" />
+	<target host="jobmarket.nytimes.com" />
 
-	<rule from="^http://json8\.nytimes\.com/"
-		to="https://static.nytimes.com/" />
+	<target host="meter-svc.nytimes.com" />
+	<target host="myaccount.nytimes.com" />
+	<target host="markets.on.nytimes.com" />
+		<test url="http://markets.on.nytimes.com/research/Net/SectionFrontAPI/MarketModuleData/jsonp" />
+	<target host="mwcm.nytimes.com" />
 
-	<rule from="^http://pimage\.timespeople\.nytimes\.com/"
-		to="https://s3.amazonaws.com/pimage.timespeople.nytimes.com/" />
+	<target host="purr.nytimes.com" />
+	<target host="query.nytimes.com" />
+	<target host="regilite.nytimes.com" />
 
-	<!--		travel.nytimes.com doesn't work, but
-		articles on travel appear to be on www too.
+	<target host="samizdat-graphql.nytimes.com" />
+	<target host="static.nytimes.com" />
 
-			Ditto for adverts and scripts.
-							-->
-	<rule from="^http://travel\.nytimes\.com/(\d{4}/\d\d/\d\d|adx|js)/"
-		to="https://www.nytimes.com/$1/" />
+	<target host="typeface.nytimes.com" />
 
-	<!--	404s over https.
+	<target host="up.nytimes.com" />
 
-		https://mail1.eff.org/pipermail/https-everywhere/2012-June/001448.html
-											-->
-	<rule from="^https://www\.nytimes\.com/svc/community/V3/requestHandler($|\?)"
-		to="http://www.nytimes.com/svc/community/V3/requestHandler$1" downgrade="1" />
+	<securecookie host=".+" name=".+" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/NZBIndex.xml b/src/chrome/content/rules/NZBIndex.xml
index 1efca5817c0f..96953ffd68a5 100644
--- a/src/chrome/content/rules/NZBIndex.xml
+++ b/src/chrome/content/rules/NZBIndex.xml
@@ -1,15 +1,19 @@
+<!--
+	Mismatch:
+		-(www.)nzbindex.nl
+-->
 <ruleset name="NZBIndex">
-
 	<target host="nzbindex.com" />
 	<target host="www.nzbindex.com" />
 	<target host="nzbindex.nl" />
 	<target host="www.nzbindex.nl" />
 
+	<securecookie host="^(?:www\.)?nzbindex\.com$" name=".+" />
 
-	<securecookie host="^(www\.)?nzbindex\.com$" name=".*" />
-
-
-	<rule from="^http://(www\.)?nzbindex\.(?:nl|com)/"
-		to="https://$1nzbindex.com/" />
-
+	<rule from="^http://www\.nzbindex\.nl/"
+		to="https://www.nzbindex.com/" />
+	<rule from="^http://nzbindex\.nl/"
+		to="https://nzbindex.com/" />
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/NZBMatrix.xml b/src/chrome/content/rules/NZBMatrix.xml
index 173e1d5dca13..a270d730bd88 100644
--- a/src/chrome/content/rules/NZBMatrix.xml
+++ b/src/chrome/content/rules/NZBMatrix.xml
@@ -1,9 +1,15 @@
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://nzbmatrix.com/ => https://nzbmatrix.com/: (28, 'Resolving timed out after 10519 milliseconds')
+-->
 <ruleset name="nzbmatrix">
-  <target host="*.nzbmatrix.com" />
+  <target host="www.nzbmatrix.com" />
+  <target host="search.nzbmatrix.com" />
+  <target host="static.nzbmatrix.com" />
   <target host="nzbmatrix.com" />
-  
-  <securecookie host="^(. .)nzbmatrix\.com$" name=".*" />
-  
-  <rule from="^http://(www\.)?nzbmatrix\.com/" to="https://nzbmatrix.com/"/>
-  <rule from="^http://(search|static)\.nzbmatrix\.com/" to="https://$1.nzbmatrix.com/"/>
+
+  <securecookie host="^(?:. .)nzbmatrix\.com$" name=".+" />
+
+  <rule from="^http://(?:www\.)?nzbmatrix\.com/" to="https://nzbmatrix.com/"/>
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/NZF.org.uk.xml b/src/chrome/content/rules/NZF.org.uk.xml
new file mode 100644
index 000000000000..83f7ae3b5a42
--- /dev/null
+++ b/src/chrome/content/rules/NZF.org.uk.xml
@@ -0,0 +1,10 @@
+<ruleset name="NZF.org.uk">
+	<target host="nzf.org.uk" />
+	<target host="www.nzf.org.uk" />
+	<target host="go.nzf.org.uk" />
+	<target host="help.nzf.org.uk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/NZQA.govt.nz.xml b/src/chrome/content/rules/NZQA.govt.nz.xml
new file mode 100644
index 000000000000..0813eced8dde
--- /dev/null
+++ b/src/chrome/content/rules/NZQA.govt.nz.xml
@@ -0,0 +1,39 @@
+<!--
+	404 (except for root, which redirects):
+		- nzqa.govt.nz
+		- www.nzqa.govt.nz
+		- evaluate.nzqa.govt.nz
+
+	Mismatch:
+		- mail.nzqa.govt.nz
+
+	Refused:
+		- search.nzqa.govt.nz
+		- timetable.nzqa.govt.nz
+
+	Timeout:
+		- api.nzqa.govt.nz
+-->
+<ruleset name="NZQA.govt.nz">
+	<target host="nzqa.govt.nz" />
+	<target host="www.nzqa.govt.nz" />
+		<exclusion pattern="^http://(www\.)?nzqa\.govt\.nz/$" />
+		<rule from="^http://(www\.)?nzqa\.govt\.nz/(.+)\.(jpg|gif)$"
+			to="https://www.nzqa.govt.nz/$2.$3" />
+		<test url="http://nzqa.govt.nz/assets/Qualifications-and-standards/Qualifications/NCEA/NCEA-cartoon-screen1.gif" />
+		<test url="http://nzqa.govt.nz/assets/Imagery/landingpages/landing-ncea-tile.jpg" />
+		<test url="http://www.nzqa.govt.nz/assets/Qualifications-and-standards/Qualifications/NCEA/NCEA-cartoon-screen1.gif" />
+		<test url="http://www.nzqa.govt.nz/assets/Imagery/landingpages/landing-ncea-tile.jpg" />
+
+	<target host="api-store.nzqa.govt.nz" />
+	<target host="api-test.nzqa.govt.nz" />
+	<target host="api-test-store.nzqa.govt.nz" />
+	<target host="careers.nzqa.govt.nz" />
+	<target host="external-moderation.nzqa.govt.nz" />
+	<target host="lms.nzqa.govt.nz" />
+	<target host="secure.nzqa.govt.nz" />
+	<rule from="^http://(api-store|api-test|api-test-store|careers|external-moderation|lms|secure)\.nzqa\.govt\.nz/"
+		to="https://$1.nzqa.govt.nz/" />
+
+	<securecookie host="^(api-store|careers|secure)\.nzqa\.govt\.nz$" name=".+" />
+</ruleset>
diff --git a/src/chrome/content/rules/NZ_Herald.co.nz-problematic.xml b/src/chrome/content/rules/NZ_Herald.co.nz-problematic.xml
index b90cab728772..8e214e03773b 100644
--- a/src/chrome/content/rules/NZ_Herald.co.nz-problematic.xml
+++ b/src/chrome/content/rules/NZ_Herald.co.nz-problematic.xml
@@ -14,4 +14,4 @@
 	<rule from="^http://(?:www\.)?nzherald\.co\.nz/"
 		to="https://www.nzherald.co.nz/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Na_VUT.cz.xml b/src/chrome/content/rules/Na_VUT.cz.xml
new file mode 100644
index 000000000000..4cf127155bf3
--- /dev/null
+++ b/src/chrome/content/rules/Na_VUT.cz.xml
@@ -0,0 +1,36 @@
+<!--
+	For other Brno University of Technology coverage, see VUTBr.cz.xml.
+
+
+	Insecure cookies are set for these hosts:
+
+		- navut.cz
+		- www.navut.cz
+
+
+	Mixed content:
+
+		- Ads from www.googletagmanager.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Na VUT.cz">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="navut.cz" />
+	<target host="www.navut.cz" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?navut\.cz$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^(?:www\.)?navut\.cz$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Nabble.com.xml b/src/chrome/content/rules/Nabble.com.xml
new file mode 100644
index 000000000000..e5979a0eb428
--- /dev/null
+++ b/src/chrome/content/rules/Nabble.com.xml
@@ -0,0 +1,10 @@
+<!--
+	Nabble.com has hundreds of subdomains like watchophilia-forums.32196.x6.nabble.com,
+	some support HTTPS while the others do not, with no apparent pattern.
+-->
+<ruleset name="Nabble.com (partial)">
+	<target host="nabble.com" />
+	<target host="www.nabble.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Nabers.com.xml b/src/chrome/content/rules/Nabers.com.xml
new file mode 100644
index 000000000000..ec5043f3583b
--- /dev/null
+++ b/src/chrome/content/rules/Nabers.com.xml
@@ -0,0 +1,40 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .nabers.com
+
+-->
+<ruleset name="Nabers.com (partial)">
+
+	<target host="nabers.com" />
+	<target host="www.nabers.com" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.nabers\.com/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.nabers\.com/+(?!wp-content/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.nabers.com/category/protect-your-future/" />
+			<test url="http://www.nabers.com/tag/videos/" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.nabers.com/wp-content/plugins/genesis-slider/style.css" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.nabers\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.nabers\.com$" name="^__cfduid$" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Nadir.org.xml b/src/chrome/content/rules/Nadir.org.xml
index c7978b71f777..e404cc7fea06 100644
--- a/src/chrome/content/rules/Nadir.org.xml
+++ b/src/chrome/content/rules/Nadir.org.xml
@@ -1,47 +1,38 @@
 <!--
-	arranca is handled in Arranca.org.xml.
+	Nonfunctional hosts in *nadir.org:
 
+		- outpost ᵃ
 
-	Nonfunctional subdomains:
+	ᵃ Shows ^nadir.org
 
-		- status	(shows 23b; mismatched, CN: wiki.nadir.org)
 
+	Problematic hosts in *nadir.org:
 
-	Problematic subdomains:
+		- code ᶜ
+		- deb ᶜ ᵐ
+		- schleuder2 ᶜ
 
-		- ^		(cert only matches www)
-		- arranca	(works; mismatched, CN: *.so36.net)
-		- schleuder	(refused)
-
-
-	Fully covered subdomains:
-
-		- (www.)	(^ → www)
-		- 23b
-		- code
-		- deb
-		- schleuder	(→ schleuder2)
-		- schleuder2
-		- webschleuder
-		- wiki
+	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
+	ᵐ Mismatched
 
 -->
-<ruleset name="nadir.org (partial)" platform="cacert">
+<ruleset name="nadir.org (partial)">
 
 	<target host="nadir.org" />
-	<target host="*.nadir.org" />
-
-
-	<securecookie host="^(?:23b|wiki)\.nadir\.org$" name=".+" />
+	<!--target host="code.nadir.org" /-->
+	<target host="muckefuck.nadir.org" />
+	<target host="schleuder.nadir.org" />
+	<!--target host="schleuder2.nadir.org" /-->
+	<target host="search.nadir.org" />
+	<target host="status.nadir.org" />
+	<!--target host="webschleuder.nadir.org" /-->
+	<target host="www.nadir.org" />
 
 
-	<rule from="^http://(?:www\.)?nadir\.org/"
-		to="https://www.nadir.org/" />
+	<securecookie host="^\w" name=".+" />
 
-	<rule from="^http://(23b|code|deb|webschleuder|wiki)\.nadir\.org/"
-		to="https://$1.nadir.org/" />
 
-	<rule from="^http://schleuder2?\.nadir\.org/"
-		to="https://schleuder2.nadir.org/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Nagano.cz.xml b/src/chrome/content/rules/Nagano.cz.xml
index 428e1290381f..af6b7ae20a23 100644
--- a/src/chrome/content/rules/Nagano.cz.xml
+++ b/src/chrome/content/rules/Nagano.cz.xml
@@ -1,9 +1,9 @@
-<ruleset name="Nagano.cz" default_off="expired, mismatch, self-signed">
+<ruleset name="Nagano.cz" default_off="ssl-error">
 
 	<target host="nagano.cz"/>
 	<target host="*.nagano.cz"/>
 
-	<rule from="^http://(www\.)?nagano\.cz/"
+	<rule from="^http://(?:www\.)?nagano\.cz/"
 		to="https://nagano.cz/"/>
 
 	<rule from="^http://([^w]\w*|w[^w]\w*)\.nagano\.cz/"
diff --git a/src/chrome/content/rules/Nagios.com.xml b/src/chrome/content/rules/Nagios.com.xml
new file mode 100644
index 000000000000..3ee9ca2a5383
--- /dev/null
+++ b/src/chrome/content/rules/Nagios.com.xml
@@ -0,0 +1,34 @@
+<!--
+	Other Nagios rulesets:
+		- Nagios.org.xml
+
+	Nonfunctional hosts in *.nagios.com:
+		- nagioscore.demos.nagios.com (r)
+		- nagiosfusion.demos.nagios.com (r)
+		- nagiosls.demos.nagios.com (r)
+		- nagiosna.demos.nagios.com (r)
+		- nagiosxi.demos.nagios.com (r)
+		- reactor.nagios.com (r)
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Nagios.com">
+	<target host="nagios.com" />
+	<target host="www.nagios.com" />
+	<target host="assets.nagios.com" />
+	<target host="demos.nagios.com" />
+	<target host="dev.nagios.com" />
+	<target host="exchange.nagios.com" />
+	<target host="go.nagios.com" />
+	<target host="labs.nagios.com" />
+	<target host="library.nagios.com" />
+	<target host="repo.nagios.com" />
+	<target host="resellers.nagios.com" />
+	<target host="support.nagios.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Nagios.org.xml b/src/chrome/content/rules/Nagios.org.xml
new file mode 100644
index 000000000000..8dfe84c39177
--- /dev/null
+++ b/src/chrome/content/rules/Nagios.org.xml
@@ -0,0 +1,25 @@
+<!--
+	Other Nagios rulesets:
+		- Nagios.com.xml
+
+	Nonfunctional hosts in *.nagios.org:
+		- labs.nagios.org (m)
+		- wiki.nagios.org (wrong content)
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Nagios.org">
+	<target host="nagios.org" />
+	<target host="www.nagios.org" />
+	<target host="exchange.nagios.org" />
+	<target host="ideas.nagios.org" />
+	<target host="old.nagios.org" />
+	<target host="tracker.nagios.org" />
+	<target host="users.nagios.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Nagra.com.xml b/src/chrome/content/rules/Nagra.com.xml
new file mode 100644
index 000000000000..e104d40778d0
--- /dev/null
+++ b/src/chrome/content/rules/Nagra.com.xml
@@ -0,0 +1,30 @@
+<!--
+	^: refused
+
+
+	Fully covered subdomains:
+
+		- (www.)	(^ -> www)
+		- careers
+		- www2014
+
+
+	Mixed content:
+
+		- Ad on www and www2014 from ads.gamned.com
+
+-->
+<ruleset name="Nagra.com">
+
+	<target host="nagra.com" />
+	<target host="www.nagra.com" />
+	<target host="careers.nagra.com" />
+	<target host="www2014.nagra.com" />
+
+
+	<rule from="^http://(?:www\.)?nagra\.com/"
+		to="https://www.nagra.com/" />
+
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Naiadsystems.com.xml b/src/chrome/content/rules/Naiadsystems.com.xml
new file mode 100644
index 000000000000..ef130c0125c2
--- /dev/null
+++ b/src/chrome/content/rules/Naiadsystems.com.xml
@@ -0,0 +1,43 @@
+<!--
+	Nonfunctional hosts in *naiadsystems.com:
+
+		- ^ ¹
+		- www ²
+
+	¹ Refused
+	² Dropped
+
+
+	Fully covered hosts in *naiadsystems.com:
+
+		- secure
+
+
+	These altnames don't exist:
+
+		- www.secure.naiadsystems.com
+
+
+	Insecure cookies are set for these domains:
+
+		- .naiadsystems.com
+
+-->
+<ruleset name="naiadsystems.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="secure.naiadsystems.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.naiadsystems\.com$" name="^nsui$" /-->
+
+	<securecookie host="^\.naiadsystems\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Naiin.com.xml b/src/chrome/content/rules/Naiin.com.xml
index b994c1e2b477..7703450c75c8 100644
--- a/src/chrome/content/rules/Naiin.com.xml
+++ b/src/chrome/content/rules/Naiin.com.xml
@@ -2,5 +2,5 @@
   <target host="naiin.com" />
   <target host="www.naiin.com" />
 
-  <rule from="^http://(www\.)?naiin\.com/" to="https://www.naiin.com/" />
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/NakedCapitalism.com.xml b/src/chrome/content/rules/NakedCapitalism.com.xml
new file mode 100644
index 000000000000..6791fe4940a1
--- /dev/null
+++ b/src/chrome/content/rules/NakedCapitalism.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="NakedCapitalism.com">
+	<target host="nakedcapitalism.com" />
+	<target host="www.nakedcapitalism.com" />
+	<target host="staging.nakedcapitalism.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/NakedCitizens.eu.xml b/src/chrome/content/rules/NakedCitizens.eu.xml
new file mode 100644
index 000000000000..6f28a01f918d
--- /dev/null
+++ b/src/chrome/content/rules/NakedCitizens.eu.xml
@@ -0,0 +1,16 @@
+<!--
+	Invalid certificate:
+		fr.nakedcitizens.eu
+
+-->
+<ruleset name="NakedCitizens.eu">
+
+	<target host="nakedcitizens.eu" />
+	<target host="www.nakedcitizens.eu" />
+
+	<securecookie host="^(?:www\.)?nakedcitizens\.eu$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Naked_citizens.xml b/src/chrome/content/rules/Naked_citizens.xml
deleted file mode 100644
index 81eef715ca9c..000000000000
--- a/src/chrome/content/rules/Naked_citizens.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Naked citizens">
-
-	<target host="nakedcitizens.eu" />
-	<target host="www.nakedcitizens.eu" />
-
-
-	<securecookie host="^(?:www\.)?nakedcitizens\.eu$" name=".+" />
-
-
-	<rule from="^http://(www\.)?nakedcitizens\.eu/"
-		to="https://$1nakedcitizens.eu/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Nakovammaisten-Keskusliitto.xml b/src/chrome/content/rules/Nakovammaisten-Keskusliitto.xml
index 08934a09a0a2..9fa7c284ba1b 100644
--- a/src/chrome/content/rules/Nakovammaisten-Keskusliitto.xml
+++ b/src/chrome/content/rules/Nakovammaisten-Keskusliitto.xml
@@ -5,6 +5,5 @@
 	<securecookie host="^www\.nkl\.fi$" name=".+" />
 
 	<!-- WWW works -->
-	<rule from="^http://(?:www\.)?nkl\.fi/"
-		to="https://www.nkl.fi/"/>
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Name.com.xml b/src/chrome/content/rules/Name.com.xml
index 2b7d5073300e..dc6b26333c9a 100644
--- a/src/chrome/content/rules/Name.com.xml
+++ b/src/chrome/content/rules/Name.com.xml
@@ -1,27 +1,38 @@
 <!--
+	Other Name.com rulesets:
+
+		- domainsite.com.xml
+
+
 	CDN buckets:
 
 		- d19hkjflplfhx2.cloudfront.net
 
 
-	Nonfunctional subdomains:
+	Insecure cookies are set for these hosts:
 
-		- support	(zendesk)
+		- name.com
+		- support.name.com
+		- www.name.com
 
 -->
-<ruleset name="Name.com (partial)">
+<ruleset name="Name.com">
 
 	<target host="name.com" />
-	<target host="*.name.com" />
+	<target host="manage.name.com" />
+	<target host="support.name.com" />
+	<target host="www.name.com" />
 
 
-	<securecookie host="^www\.name\.com$" name=".+" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:support\.)?name\.com$" name="^BIGipServer" /-->
+	<!--securecookie host="^www\.name\.com$" name="^(?:BIGipServer|cart_id$|cart_totals$|pmo[lv]t$)" /-->
 
+	<securecookie host="^\w" name=".+" />
 
-	<rule from="^http://(manage\.|www\.)?name\.com/"
-		to="https://$1name.com/" />
 
-	<rule from="^http://support\.name\.com/(generated|system)/"
-		to="https://assets.zendesk.com/$1/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/NameBright.com.xml b/src/chrome/content/rules/NameBright.com.xml
new file mode 100644
index 000000000000..5ee64482a25e
--- /dev/null
+++ b/src/chrome/content/rules/NameBright.com.xml
@@ -0,0 +1,40 @@
+<!--
+	Other NameBright rulesets:
+
+		- NameBright_static.com.xml
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- namebright.com
+		- .namebright.com
+		- www.namebright.com
+
+
+	Mixed content:
+
+		- Bug on (www.)? from c.statcounter.com *
+
+	* Secured by us
+
+-->
+<ruleset name="NameBright.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="namebright.com" />
+	<target host="www.namebright.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<securecookie host="^(?:www\.)?namebright\.com$" name="^v$" />
+	<securecookie host="^\.namebright\.com$" name="^(?:NBSession|icart)$" />
+
+	<securecookie host="^(?:\.|www\.)?namebright\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NameBright_static.com.xml b/src/chrome/content/rules/NameBright_static.com.xml
new file mode 100644
index 000000000000..1441b3b0a55b
--- /dev/null
+++ b/src/chrome/content/rules/NameBright_static.com.xml
@@ -0,0 +1,16 @@
+<!--
+	For other NameBright coverage, see NameBright.com.xml.
+
+-->
+<ruleset name="NameBright static.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="namebrightstatic.com" />
+	<target host="www.namebrightstatic.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NameCentr.al.xml b/src/chrome/content/rules/NameCentr.al.xml
new file mode 100644
index 000000000000..53f67c7c61c1
--- /dev/null
+++ b/src/chrome/content/rules/NameCentr.al.xml
@@ -0,0 +1,30 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://namecentr.al/ => https://namecentr.al/: (6, 'Could not resolve host: namecentr.al')
+Fetch error: http://namecentral.com/ => https://namecentral.com/: (6, 'Could not resolve host: namecentral.com')
+
+	Problematic domains:
+
+		- www.namecentr.al ¹
+		- www.namecentral.com ²
+
+	¹ Dropped
+	² Mismatched, CN: namecentral.com
+
+-->
+<ruleset name="NameCentr.al" default_off="failed ruleset test">
+
+	<target host="namecentr.al" />
+	<target host="www.namecentr.al" />
+	<target host="namecentral.com" />
+	<target host="www.namecentral.com" />
+
+
+	<securecookie host="^\.namecentr(?:\.al|al\.com)$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?namecentr(\.al|al\.com)/"
+		to="https://namecentr$1/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NameCheap.xml b/src/chrome/content/rules/NameCheap.xml
index 49d8b0548bd7..1ab37e2a8836 100644
--- a/src/chrome/content/rules/NameCheap.xml
+++ b/src/chrome/content/rules/NameCheap.xml
@@ -1,12 +1,68 @@
-<ruleset name="NameCheap">
+<!--
+
+	Other Namecheap rulesets:
+
+		- CheapSSL.com.xml
+		- NC.me.xml
+		- SSLs.com.xml
+		- Simplekb.com.xml
+		- Web-hosting.com.xml
+
+
+	Fully covered hosts in *namecheap.com:
+
+		- (www.)?
+		- blog
+		- blogbeta
+		- community
+		- files
+		- 02.files
+		- status
+		- support
+		- manage.www
+
+	Nonfunctional hosts in *namecheap.com:
+
+		- hosting.www (dropped)
+
+	Problematic hosts in *namecheap.com:
+
+		- manage.www (incomplete certificate chain)
+
+	These altnames don't exist:
+
+		- payments.namecheap.com
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .namecheap.com
+		- .community.namecheap.com
+		- support.namecheap.com
+		- www.namecheap.com
+		- .www.namecheap.com
+		- manage.www.namecheap.com
+
+-->
+<ruleset name="NameCheap.com">
+
+	<!--	Direct rewrites:
+				-->
   <target host="namecheap.com" />
-  <target host="www.namecheap.com" />
-	<target host="*.www.namecheap.com" />
+	<target host="blog.namecheap.com" />
+	<target host="blogbeta.namecheap.com" />
+	<target host="community.namecheap.com" />
   <target host="files.namecheap.com" />
+	<target host="02.files.namecheap.com" />
+	<target host="status.namecheap.com" />
+	<target host="support.namecheap.com" />
+  <target host="www.namecheap.com" />
+
+
+	<securecookie host=".+" name=".+" />
 
-  <rule from="^http://(?:www\.)?namecheap\.com/" to="https://www.namecheap.com/"/>
-  <rule from="^http://files\.namecheap\.com/" to="https://files.namecheap.com/"/>
 
-  <securecookie host="^\.?www\.namecheap\.com$" name=".*"/>
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/NameMedia-mismatches.xml b/src/chrome/content/rules/NameMedia-mismatches.xml
deleted file mode 100644
index 027c27a71017..000000000000
--- a/src/chrome/content/rules/NameMedia-mismatches.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="NameMedia (mismatches)" default_off="Akamai certificate">
-
-	<target host="images.smartname.com"/>
-
-	<rule from="^http://images\.smartname\.com/"
-		to="https://images.smartname.com/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/NameMedia.xml b/src/chrome/content/rules/NameMedia.xml
index d528816e2242..20180e9cc599 100644
--- a/src/chrome/content/rules/NameMedia.xml
+++ b/src/chrome/content/rules/NameMedia.xml
@@ -5,15 +5,15 @@
 <ruleset name="NameMedia (partial)">
 
 	<target host="partners.smartname.com"/>
-	<target host="*.sitesense-oo.com"/>
+	<target host="images.sitesense-oo.com" />
+	<target host="origin-images.sitesense-oo.com" />
 
-	<securecookie host="^partners\.smartname\.com$" name=".*"/>
+	<securecookie host="^partners\.smartname\.com$" name=".+" />
 
 	<!--	!origin: Akamai		-->
 	<rule from="^http://(?:origin-)?images\.sitesense-oo\.com/"
 		to="https://origin-images.sitesense-oo.com/"/>
 
-	<rule from="^http://partners\.smartname\.com/"
-		to="https://partners.smartname.com/"/>
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/NameSilo.xml b/src/chrome/content/rules/NameSilo.xml
new file mode 100644
index 000000000000..ddb8f9901c94
--- /dev/null
+++ b/src/chrome/content/rules/NameSilo.xml
@@ -0,0 +1,22 @@
+<!--
+	Timeout on https:
+		- marketsites
+
+	Certificate mismatch:
+		- sandbox
+
+	Connection refused:
+		- whois
+-->
+<ruleset name="NameSilo.com">
+	<target host="namesilo.com" />
+	<target host="www.namesilo.com" />
+	<target host="blog.namesilo.com" />
+	<target host="host.namesilo.com" />
+	<target host="new.namesilo.com" />
+	<target host="sites.namesilo.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Namecoin.info.xml b/src/chrome/content/rules/Namecoin.info.xml
new file mode 100644
index 000000000000..35744b489083
--- /dev/null
+++ b/src/chrome/content/rules/Namecoin.info.xml
@@ -0,0 +1,29 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- wiki.namecoin.info
+
+-->
+<ruleset name="Namecoin.info">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="namecoin.info" />
+	<target host="bit.namecoin.info" />
+	<target host="explorer.namecoin.info" />
+	<target host="forum.namecoin.info" />
+	<target host="wiki.namecoin.info" />
+	<target host="www.namecoin.info" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^wiki\.namecoin\.info$" name="^bb2_screener$" /-->
+
+	<securecookie host="^wiki\.namecoin\.info$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Namecoin.xml b/src/chrome/content/rules/Namecoin.xml
deleted file mode 100644
index 5f00a329cd52..000000000000
--- a/src/chrome/content/rules/Namecoin.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	- Cert only matches ^namecoin.com
-	- 2013-06-05
-
--->
-<ruleset name="Namecoin" default_off="expired">
-
-	<target host="namecoin.com" />
-	<target host="www.namecoin.com" />
-
-
-	<rule from="^http://(?:www\.)?namecoin\.com/"
-		to="https://namecoin.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Namei.org.xml b/src/chrome/content/rules/Namei.org.xml
new file mode 100644
index 000000000000..243419a73c7b
--- /dev/null
+++ b/src/chrome/content/rules/Namei.org.xml
@@ -0,0 +1,19 @@
+<!--
+	Invalid certificate:
+		namei.org
+		mail.namei.org
+		tundra.namei.org
+
+-->
+<ruleset name="namei.org">
+
+	<target host="namei.org" />
+	<target host="blog.namei.org" />
+
+	<rule from="^http://namei\.org/"
+		to="https://blog.namei.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Names.xml b/src/chrome/content/rules/Names.xml
index d262fa986837..c55c4da49a4c 100644
--- a/src/chrome/content/rules/Names.xml
+++ b/src/chrome/content/rules/Names.xml
@@ -1,9 +1,42 @@
-<ruleset name="Names">
-  <target host="names.co.uk" />
-  <target host="www.names.co.uk" />
-  <target host="admin.names.co.uk" />
-  <target host="webmail4.names.co.uk" />
-
-  <rule from="^http://(?:www\.)?names\.co\.uk/" to="https://www.names.co.uk/"/>
-  <rule from="^http://(admin|webmail4?)\.names\.co\.uk/" to="https://$1.names.co.uk/"/>
+<!--
+	Other Namesco rulesets:
+
+		- Hosts.xml
+
+
+	Insecure cookies are set for these hosts:
+
+		- names.co.uk
+		- admin.names.co.uk
+		- blog.names.co.uk
+		- webmail.names.co.uk
+		- webmail4.names.co.uk
+		- www.names.co.uk
+
+-->
+<ruleset name="Names.co.uk">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="names.co.uk" />
+	<target host="admin.names.co.uk" />
+	<target host="blog.names.co.uk" />
+	<target host="trk.names.co.uk" />
+	<target host="webmail.names.co.uk" />
+	<target host="webmail4.names.co.uk" />
+	<target host="www.names.co.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.names\.co\.uk$" name="^(?:X-Mapping-\w+|dbmrtkg|dbmrktg_born|dbmrktg_sess)$" /-->
+	<!--securecookie host="^(?:(?:admin|blog|webmail4?|www)\.)?names\.co\.uk$" name="^X-Mapping-\w+$" /-->
+	<!--securecookie host="^webmail4\.names\.co\.uk$" name="roundcube_sessid$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/Nancys_Gone_Green.com.xml b/src/chrome/content/rules/Nancys_Gone_Green.com.xml
deleted file mode 100644
index e5ef0e5c1eed..000000000000
--- a/src/chrome/content/rules/Nancys_Gone_Green.com.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Nancys Gone Green.com">
-
-	<target host="nancysgonegreen.com" />
-	<target host="*.nancysgonegreen.com" />
-
-
-	<securecookie host="^(?:www)?\.nancysgonegreen\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?nancysgonegreen\.com/"
-		to="https://$1nancysgonegreen.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Nandos.com.xml b/src/chrome/content/rules/Nandos.com.xml
new file mode 100644
index 000000000000..8330d0b3137d
--- /dev/null
+++ b/src/chrome/content/rules/Nandos.com.xml
@@ -0,0 +1,20 @@
+<!--
+	^: refused
+
+
+	Some (most?) pages started redirecting to http.
+
+-->
+<ruleset name="Nandos.com (partial)">
+
+	<target host="nandos.com" />
+	<target host="www.nandos.com" />
+
+
+	<!--securecookie host="^(?:www)?\.nandos\.com$" name=".+" /-->
+
+
+	<rule from="^http://(?:www\.)?nandos\.com/(?=faq(?:$|[?/])|favicon\.ico|sites/)"
+		to="https://www.nandos.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Nanigans.xml b/src/chrome/content/rules/Nanigans.xml
index 92caa532db96..3ed5003e51f2 100644
--- a/src/chrome/content/rules/Nanigans.xml
+++ b/src/chrome/content/rules/Nanigans.xml
@@ -1,26 +1,39 @@
+
 <!--
-	Problematic domains:
+Disabled by https-everywhere-checker because:
+Fetch error: http://lp.nanigans.com/ => https://lp.nanigans.com/: (28, 'Connection timed out after 20000 milliseconds')
+
+	Other Nanigans rulesets:
+
+		- Socialtyzetracking.com.xml
+		- Unifiedtracking.com.xml
+
 
-		- www.unifiedtracking.com	(mismatched)
+	Insecure cookies are set for these domains: ᶜ
+
+		- .nanigans.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="Nanigans (partial)">
+<ruleset name="Nanigans.com (partial)" default_off="failed ruleset test">
+
+	<target host="api.nanigans.com" />
+	<target host="lp.nanigans.com" />
 
-	<target host="*.nanigans.com"/>
-	<target host="socialtyzetracking.com" />
-	<target host="www.socialtyzetracking.com" />
-	<target host="unifiedtracking.com" />
-	<target host="www.unifiedtracking.com" />
+		<!--	Sets cookies without Secure:
+							-->
+		<!--test url="http://api.nanigans.com/event.php?app_id=&amp;type=visit&amp;name=landing&amp;gtmcb=" /-->
 
 
-	<securecookie host="^lp\.nanigans\.com$" name=".+" />
-	<securecookie host="^www\.(?:socialtyze|unified)tracking\.com$" name=".+" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.nanigans\.com$" name="^(NaN_fbx|NaN_fbxa|NaN_hash|NaN_mt)$" /-->
 
+	<securecookie host="^\w" name=".+" />
 
-	<rule from="^http://(api|lp)\.nanigans\.com/"
-		to="https://$1.nanigans.com/"/>
 
-	<rule from="^http://(?:www\.)?(socialtyze|unified)tracking\.com/"
-		to="https://www.$1tracking.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/NanoHUB.xml b/src/chrome/content/rules/NanoHUB.xml
index 5f9761e28c67..cd1e605aad3c 100644
--- a/src/chrome/content/rules/NanoHUB.xml
+++ b/src/chrome/content/rules/NanoHUB.xml
@@ -2,5 +2,5 @@
     <target host="nanohub.org" />
     <target host="www.nanohub.org" />
 
-    <rule from="^http://(?:www\.)?nanohub\.org/" to="https://nanohub.org/" />
+    <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Nanopool.xml b/src/chrome/content/rules/Nanopool.xml
new file mode 100644
index 000000000000..f2c7f14ea203
--- /dev/null
+++ b/src/chrome/content/rules/Nanopool.xml
@@ -0,0 +1,17 @@
+<!--
+	Problematic subdomains:
+
+		- exp ¹
+		- exp1 ¹
+
+	¹: Timeout
+-->
+<ruleset name="Nanopool">
+
+	<target host="nanopool.org" />
+	<target host="www.nanopool.org" />
+	<target host="eth.nanopool.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Nanorep.com-falsemixed.xml b/src/chrome/content/rules/Nanorep.com-falsemixed.xml
new file mode 100644
index 000000000000..87d7ab9a5c45
--- /dev/null
+++ b/src/chrome/content/rules/Nanorep.com-falsemixed.xml
@@ -0,0 +1,18 @@
+<!--
+	For rules not causing false/broken MCB, see Nanorep.com.xml.
+
+-->
+<ruleset name="nanorep.com (false MCB)" platform="mixedcontent">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="support.nanorep.com" />
+
+
+	<securecookie host="^\.support\.nanorep\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Nanorep.com.xml b/src/chrome/content/rules/Nanorep.com.xml
new file mode 100644
index 000000000000..c9e6fcad5ce7
--- /dev/null
+++ b/src/chrome/content/rules/Nanorep.com.xml
@@ -0,0 +1,47 @@
+<!--
+	For rules causing false/broken MCB, see Nanorep.com-falsemixed.xml.
+
+
+	Problematic hosts in *nanorep.com:
+
+		- support *
+
+	* Mixed css
+
+
+	Insecure cookies are set for these domains:
+
+		- .support.nanorep.com
+
+
+	Mixed content:
+
+		- css on support from www.nanorep.com *
+		- Images on support from www.nanorep.com *
+
+	* Secured by us
+
+-->
+<ruleset name="nanorep.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="nanorep.com" />
+	<target host="cdn-my.nanorep.com" />
+	<target host="cdn-website.nanorep.com" />
+	<target host="my.nanorep.com" />
+	<!--target host="support.nanorep.com" /-->
+	<target host="www.nanorep.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.support\.nanorep\.com$" name="^REFERER$" /-->
+
+	<!--securecookie host="^\.support\.nanorep\.com$" name=".+" /-->
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Nanyang-Technological-University.xml b/src/chrome/content/rules/Nanyang-Technological-University.xml
index 6f4539b5ab77..bc37a10ec6be 100644
--- a/src/chrome/content/rules/Nanyang-Technological-University.xml
+++ b/src/chrome/content/rules/Nanyang-Technological-University.xml
@@ -1,20 +1,30 @@
 <!--
+
+	Nanyang Technological University
+
+
 	Nonfunctional subdomains:
 
+		- (www.)? ¹
+		- blogs ¹
 		- sdc
 
--->
-<ruleset name="Nanyang Technological University (partial)">
+	¹ Dropped
 
-	<target host="ntu.edu.sg" />
-	<target host="*.ntu.edu.sg" />
 
+	Fully covered hosts in *ntu.edu.sg:
+
+		- wis
+
+-->
+<ruleset name="NTU.edu.sg (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="wis.ntu.edu.sg" />
 
-	<!--	Cert only matches www.	-->
-	<rule from="^https?://(?:www\.)?ntu\.edu\.sg/"
-		to="https://www.ntu.edu.sg/" />
 
-	<rule from="^http://wis\.ntu\.edu\.sg/"
-		to="https://wis.ntu.edu.sg/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Naples_News.com.xml b/src/chrome/content/rules/Naples_News.com.xml
index b4337252c2db..fa60ecd5350c 100644
--- a/src/chrome/content/rules/Naples_News.com.xml
+++ b/src/chrome/content/rules/Naples_News.com.xml
@@ -12,47 +12,39 @@
 		- 4ebe66006af765aa8730-6d1a3af6588f9762b97dc42cf7c97a58.r12.cf1.rackcdn.com
 
 
+
+	Nonfunctional hosts in *naplesnews.com:
+
+		- ^ ¹
+		- media ²
+		- www ³
+
+	¹ Refused
+	² 503
+	³ "500"
+
+
 	Problematic subdomains:
 
-		- ^ *
 		- homes *
 		- m *
-		- media **
 		- web **
 
 	* Works; mismatched, CN: push.scrippsing.com
 	** Works, akamai
 
-
-	Fully covered subdomains:
-
-		- (www.)	(^ → www)
-		- login
-		- media *
-		- web *
-
-	* → akamai
-
 -->
 <ruleset name="Naples News.com (partial)">
 
-	<target host="naplesnews.com" />
-	<target host="*.naplesnews.com" />
+	<!--	Direct rewrites:
+				-->
+	<target host="login.naplesnews.com" />
 
 
 	<securecookie host="^(?:login)?\.naplesnews\.com$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?naplesnews\.com/"
-		to="https://www.naplesnews.com/" />
-
-	<rule from="^http://login\.naplesnews\.com/"
-		to="https://login.naplesnews.com/" />
-
-	<rule from="^http://media\.naplesnews\.com/"
-		to="https://a248.e.akamai.net/f/1092/7939/6m/media.naplesnews.com/" />
-
-	<rule from="^http://web\.naplesnews\.com/"
-		to="https://a248.e.akamai.net/f/1075/5672/8m/web.naplesnews.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Napoleon_Makeup_Academy.com.xml b/src/chrome/content/rules/Napoleon_Makeup_Academy.com.xml
index 25cf7acb54dc..6922c766ec6c 100644
--- a/src/chrome/content/rules/Napoleon_Makeup_Academy.com.xml
+++ b/src/chrome/content/rules/Napoleon_Makeup_Academy.com.xml
@@ -1,15 +1,20 @@
-<ruleset name="Napoleon Makeup Academy.com">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://napoleonmakeupacademy.com/ => https://napoleonmakeupacademy.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+
+-->
+<ruleset name="Napoleon Makeup Academy.com" default_off="failed ruleset test">
 
 	<target host="napoleonmakeupacademy.com" />
-	<target host="*.napoleonmakeupacademy.com" />
 	<target host="napoleonmakeupacademy.com.au" />
-	<target host="*.napoleonmakeupacademy.com.au" />
+	<target host="www.napoleonmakeupacademy.com" />
+	<target host="www.napoleonmakeupacademy.com.au" />
 
 
 	<securecookie host="^\.napoleonmakeupacademy\.com(?:\.au)?$" name=".+" />
 
 
-	<rule from="^http://(www\.)?napoleonmakeupacademy\.com(\.au)?/"
-		to="https://$1napoleonmakeupacademy.com$2/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Naqshbandi.org.xml b/src/chrome/content/rules/Naqshbandi.org.xml
new file mode 100644
index 000000000000..037128524c1d
--- /dev/null
+++ b/src/chrome/content/rules/Naqshbandi.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="Naqshbandi.org">
+	<target host="naqshbandi.org" />
+	<target host="www.naqshbandi.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Naromax.xml b/src/chrome/content/rules/Naromax.xml
deleted file mode 100644
index 3c6c5bf3387d..000000000000
--- a/src/chrome/content/rules/Naromax.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Naromax">
-
-	<target host="naromax.com" />
-	<target host="*.naromax.com" />
-
-
-	<securecookie host="^(?:w*\.)?naromax\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?naromax\.com/"
-		to="https://$1naromax.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Nartac.com.xml b/src/chrome/content/rules/Nartac.com.xml
new file mode 100644
index 000000000000..640920c5c64a
--- /dev/null
+++ b/src/chrome/content/rules/Nartac.com.xml
@@ -0,0 +1,22 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://nartac.com/ => https://nartac.com/: (51, "SSL: no alternative certificate subject name matches target host name 'nartac.com'")
+
+	These altnames don't exist:
+
+		- 2015.nartac.com
+
+-->
+<ruleset name="Nartac.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="nartac.com" />
+	<target host="www.nartac.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Nasuni.com.xml b/src/chrome/content/rules/Nasuni.com.xml
index be42b3f7daf4..55b22ab1ab0a 100644
--- a/src/chrome/content/rules/Nasuni.com.xml
+++ b/src/chrome/content/rules/Nasuni.com.xml
@@ -8,6 +8,6 @@
 
 	<rule from="^http://account\.nasuni\.com/" to="https://account.nasuni.com/"/>
 
-	<securecookie host="^account\.nasuni\.com$" name=".*"/>
+	<securecookie host="^account\.nasuni\.com$" name=".+" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Nat.ms.xml b/src/chrome/content/rules/Nat.ms.xml
new file mode 100644
index 000000000000..cf418ad7b97f
--- /dev/null
+++ b/src/chrome/content/rules/Nat.ms.xml
@@ -0,0 +1,12 @@
+<ruleset name="nat.ms">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="nat.ms" />
+	<target host="www.nat.ms" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NatMonitor.com.xml b/src/chrome/content/rules/NatMonitor.com.xml
index 00562c9255cb..68236f3b1e30 100644
--- a/src/chrome/content/rules/NatMonitor.com.xml
+++ b/src/chrome/content/rules/NatMonitor.com.xml
@@ -1,31 +1,18 @@
 <!--
-	- Expired 2013-03-12
-	- CN: localhost.localdomain
-
-
-	Mixed content:
-
-		- Images on ^ from ^ *
-
-		- Ads/web bugs, on www from:
-
-			- api.lanistaads.com **
-			- c7.zedo.com
-
-	* Secured by us
-	** Unsecurable
-
+	Invalid certificate:
+		ftp.natmonitor.com
+		ns1.natmonitor.com
+		ns2.natmonitor.com
 -->
-<ruleset name="NatMonitor.com" default_off="expired, self-signed">
-
+<ruleset name="natmonitor.com">
 	<target host="natmonitor.com" />
 	<target host="www.natmonitor.com" />
-
-
-	<securecookie host="^natmonitor\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?natmonitor\.com/"
-		to="https://natmonitor.com/" />
-
+	<target host="cpanel.natmonitor.com" />
+	<target host="cpcalendars.natmonitor.com" />
+	<target host="cpcontacts.natmonitor.com" />
+	<target host="mail.natmonitor.com" />
+	<target host="webdisk.natmonitor.com" />
+	<target host="webmail.natmonitor.com" />
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/NatalieJonckheere.com.xml b/src/chrome/content/rules/NatalieJonckheere.com.xml
new file mode 100644
index 000000000000..b5c0cf8102c8
--- /dev/null
+++ b/src/chrome/content/rules/NatalieJonckheere.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="NatalieJonckheere">
+	<target host="nataliejonckheere.com" />
+	<target host="www.nataliejonckheere.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/NationBuilder.xml b/src/chrome/content/rules/NationBuilder.xml
index 9bd05815945f..d6deadf255aa 100644
--- a/src/chrome/content/rules/NationBuilder.xml
+++ b/src/chrome/content/rules/NationBuilder.xml
@@ -4,22 +4,69 @@
 		- d3n8a8pro7vhmx.cloudfront.net
 
 
-	Problematic subdomains:
+	Nonfunctional hosts in *nationbuilder.com:
 
-		- www		(times out)
+		- status *
+
+	* Dropped
+
+
+	www.nationbuilder.com: Dropped
 
 -->
-<ruleset name="NationBuilder (partial)">
+<ruleset name="NationBuilder.com (partial)">
 
 	<target host="nationbuilder.com" />
 	<target host="*.nationbuilder.com" />
-		<exclusion pattern="^http://(?:www\.)?nationbuilder\.com/(?!assets/|themes/)" />
+
+		<exclusion pattern="^http://status\.nationbuilder\.com/" />
+
+			<test url="http://status.nationbuilder.com/" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://nationbuilder\.com/(?:$|nation_login$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://nationbuilder\.com/+(?!assets/|(?:create|login)(?:$|\?)|themes/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://nationbuilder.com/about" />
+			<test url="http://nationbuilder.com/apps" />
+			<test url="http://nationbuilder.com/community" />
+			<test url="http://nationbuilder.com/events" />
+			<test url="http://nationbuilder.com/nation_login" />
+			<test url="http://nationbuilder.com/pricing" />
+			<test url="http://nationbuilder.com/resources" />
+			<test url="http://nationbuilder.com/suggest" />
+			<test url="http://nationbuilder.com/support" />
+
+			<!--	-ve:
+					-->
+			<test url="http://nationbuilder.com/create" />
+			<test url="http://nationbuilder.com/login" />
+
+		<test url="http://www.nationbuilder.com/" />
+
+		<test url="http://3dna.nationbuilder.com/session_pair_phase_2" />
+		<test url="http://segreens.nationbuilder.com/session_pair_phase_2" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.nationbuilder\.com$" name="^(?:__cfduid|__qca|cf_clearance)$" /-->
+	<!--securecookie host="^3dna\.nationbuilder\.com$" name="^_nbuild_session$" /-->
+
+	<securecookie host="^\.nationbuilder\.com$" name="^(?:__cfduid|__qca|cf_clearance)$" />
+	<securecookie host="^3dna\.nationbuilder\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?nationbuilder\.com/"
+	<rule from="^http://www\.nationbuilder\.com/"
 		to="https://nationbuilder.com/" />
 
-	<rule from="^http://([\w-]+)\.nationbuilder\.com/"
-		to="https://$1.nationbuilder.com/" />
+	<rule from="^http://([\w-]+\.)?nationbuilder\.com/"
+		to="https://$1nationbuilder.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/NationStates.net.xml b/src/chrome/content/rules/NationStates.net.xml
new file mode 100644
index 000000000000..76091b9dd0aa
--- /dev/null
+++ b/src/chrome/content/rules/NationStates.net.xml
@@ -0,0 +1,32 @@
+<!--
+	Fully covered hosts in *nationstates.net:
+
+		- (www.)?
+		- forum
+
+
+	Insecure cookies are set for these domains:
+
+		- .forum.nationstates.net
+
+-->
+<ruleset name="NationStates.net">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="nationstates.net" />
+	<target host="forum.nationstates.net" />
+	<target host="www.nationstates.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.forum\.nationstates\.net$" name="^phpbb3_\w+_(k|sid|u)$" /-->
+
+	<securecookie host="^\.(?:forum\.)?nationstates\.net$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/National-Academies.xml b/src/chrome/content/rules/National-Academies.xml
index ae4623313d55..a8a44e68730d 100644
--- a/src/chrome/content/rules/National-Academies.xml
+++ b/src/chrome/content/rules/National-Academies.xml
@@ -25,13 +25,13 @@
 -->
 <ruleset name="The National Academies (partial)" platform="mixedcontent">
 
-	<target host="*.nationalacademies.org" />
+	<target host="www7.nationalacademies.org" />
+	<target host="www8.nationalacademies.org" />
 
 
 	<securecookie host="^www[78]\.nationalacademies\.org$" name=".+" />
 
 
-	<rule from="^http://www(7|8)\.nationalacademies\.org/"
-		to="https://www$1.nationalacademies.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/National-Arbitration-Forum.xml b/src/chrome/content/rules/National-Arbitration-Forum.xml
index 41368e83fd18..1c770da45d4f 100644
--- a/src/chrome/content/rules/National-Arbitration-Forum.xml
+++ b/src/chrome/content/rules/National-Arbitration-Forum.xml
@@ -3,10 +3,9 @@
 	<target host="secure.arb-forum.com" />
 
 
-	<securecookie host="^secure\.arb-forum\.com$" name=".*" />
+	<securecookie host="^secure\.arb-forum\.com$" name=".+" />
 
 
-	<rule from="^http://secure\.arb-forum\.com/"
-		to="https://secure.arb-forum.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/National-Association-of-Theatre-Owners.xml b/src/chrome/content/rules/National-Association-of-Theatre-Owners.xml
deleted file mode 100644
index 91048c33a8db..000000000000
--- a/src/chrome/content/rules/National-Association-of-Theatre-Owners.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<ruleset name="National Association of Theatre Owners (partial)" default_off="mismatch">
-
-	<target host="natoonline.org"/>
-	<target host="www.natoonline.org"/>
-		<!--	Blog pages 404.
-			d{4} matches blog entries, which begin with a year.	-->
-		<exclusion pattern="^http://(www\.)?natoonline\.org/blog(/?$|/(\d{4}|about|author|category|comments|disclaimer|feed|tag)/)"/>
-		<!--	Images redirect to www.natoonline.org/.
-			css is placed within images/ and works.		-->
-		<exclusion pattern="^http://(www\.)?natoonline\.org/images/(\w+\.(gif|jpg))$"/>
-		<!--	These images 404 too.
-			\d\d\w+ matches DateMonth.		-->
-		<exclusion pattern="^http://(www\.)?natoonline\.org/infocus/(\d\d\w+|infocusimages)/"/>
-
-	<rule from="^http://(?:www\.)?natoonline\.org/(?:~natoonli/)?"
-		to="https://natoonline.org/~natoonli/"/>
-
-	<rule from="^https://(?:www\.)?natoonline\.org/(?:~natoonli/)?images/(\w+\.(gif|jpg))$"
-		to="http://natoonline.org/images/$1" downgrade="1"/>
-
-	<rule from="^https://(?:www\.)?natoonline\.org/~natoonli/infocus/(\d\d\w+)/"
-		to="http://natoonline.org/infocus/$1/" downgrade="1"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/National-Broadcasting-Company.xml b/src/chrome/content/rules/National-Broadcasting-Company.xml
index 952edca06778..a66c93d2318d 100644
--- a/src/chrome/content/rules/National-Broadcasting-Company.xml
+++ b/src/chrome/content/rules/National-Broadcasting-Company.xml
@@ -2,23 +2,22 @@
 	Other National Broadcasting Company rulesets:
 
 		- NBC-News.xml
-		- S-nbcnews.com.xml
 
 -->
-<ruleset name="National Broadcasting Company" default_off="mismatch">
+<ruleset name="National Broadcasting Company" default_off="mismatched">
 
 	<!--	Akamai.
 			-->
 	<target host="nbc.com" />
-	<target host="*.nbc.com" />
+	<target host="www.nbc.com" />
 
 
-	<securecookie host="^(www)?\.nbc\.com$" name=".*" />
+	<securecookie host="^(?:www)?\.nbc\.com$" name=".+" />
 
 
 	<!--	!www redirects to www.
 					-->
-	<rule from="^https?://(?:www\.)?nbc\.com/"
+	<rule from="^http://(?:www\.)?nbc\.com/"
 		to="https://www.nbc.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/National-Express.xml b/src/chrome/content/rules/National-Express.xml
index be1bc046ac3e..a58ae03adc07 100644
--- a/src/chrome/content/rules/National-Express.xml
+++ b/src/chrome/content/rules/National-Express.xml
@@ -1,4 +1,7 @@
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://nationalexpress.jobs/ => https://nationalexpress.jobs/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.nationalexpress.jobs/ => https://www.nationalexpress.jobs/: (60, 'SSL certificate problem: certificate has expired')
 	Nonfunctional domains:
 
 		- (www.)nationalexpressgroup.com
@@ -7,7 +10,9 @@
 <ruleset name="National Express (partial)">
 
 	<target host="nationalexpress.com" />
-	<target host="*.nationalexpress.com" />
+	<target host="www.nationalexpress.com" />
+	<target host="coach.nationalexpress.com" />
+	<target host="help.nationalexpress.com" />
 	<target host="nationalexpress.jobs" />
 	<target host="www.nationalexpress.jobs" />
 
@@ -27,4 +32,4 @@
 	<rule from="^http://(www\.)?nationalexpress\.jobs/"
 		to="https://$1nationalexpress.jobs/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/National-Institute-of-Standards-and-Technology.xml b/src/chrome/content/rules/National-Institute-of-Standards-and-Technology.xml
index 3118e56ae272..a245ae5c0638 100644
--- a/src/chrome/content/rules/National-Institute-of-Standards-and-Technology.xml
+++ b/src/chrome/content/rules/National-Institute-of-Standards-and-Technology.xml
@@ -1,33 +1,61 @@
 <!--
-	For other US government coverage, see US-government.xml.
+	National Institute of Standards and Technology
+
 
 
 	Nonfunctional subdomains:
 
 		- ^ ¹
-		- csrc ¹
-		- expect ¹
-		- patapsco	(reset)
-		- physics	(refused)
-		- scap ²
-		- usgcb ²
-		- webbook	(dropped)
-		- www		(403, cert valid)
-
-	¹ 403; mismatched, CN: www.nist.gov)
-	² Shows nvd; mismatched, CN: nvd.nist.gov
+		- csrc ³
+		- expect ³
+		- nvlpubs ⁴
+		- patapsco ⁴
+		- physics ³
+		- scap ⁵
+		- usgcb ⁵
+		- www ¹
+
+	¹ 404
+	² 403
+	³ Refused
+	⁴ Handshake fails
+	⁵ Shows nvd; mismatched, CN: nvd.nist.gov
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- nvd.nist.gov
+		- web.nvd.nist.gov
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="National Institute of Standards and Technology (partial)">
+<ruleset name="NIST.gov (partial)">
 
-	<target host="*.nist.gov" />
+	<target host="beacon.nist.gov" />
+	<target host="nvd.nist.gov" />
 	<target host="web.nvd.nist.gov" />
+	<target host="pages.nist.gov" />
+	<target host="samate.nist.gov" />
+	<target host="tsapps.nist.gov" />
+
+		<!--	https://web.nvd.nist.gov/ redirects to itself
+									-->
+		<exclusion pattern="^http://web\.nvd\.nist\.gov/$" />
+
+			<!--	-ve:
+					-->
+			<test url="http://web.nvd.nist.gov/view/vuln/search" />
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(web\.)?nvd\.nist\.gov$" name="^(ASP\.NET_SessionId|CMSCurrentTheme|CMSPreferredCulture)$" /-->
 
-	<securecookie host="^.*\.nist\.gov$" name=".*" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://((?:web\.)?nvd|tsapps)\.nist\.gov/"
-		to="https://$1.nist.gov/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/National-Institutes-of-Health.xml b/src/chrome/content/rules/National-Institutes-of-Health.xml
index 47615641913b..c8e114dbe86e 100644
--- a/src/chrome/content/rules/National-Institutes-of-Health.xml
+++ b/src/chrome/content/rules/National-Institutes-of-Health.xml
@@ -1,71 +1,362 @@
 <!--
-	For other US government coverage, see US-government.xml.
 
 
-	Nonfunctional domains:
+	Nonfunctional hosts in *nih.gov:
 
-		- clinicaltrials.gov
-		- www.clinicaltrials.gov
+		- (www.)?braininitiative ⁵
+		- (www.)?cit ***
+		- barney2.cit	Redirects to http
+		- search2.google.cit	Redirects to http
+		- training.cit ⁵
 
-		- nih.gov subdomains:
+		- employees *
+		- exporter *
+		- federalreporter *
+		- (www.)?fic ⁵
+		- intramural ⁵
+		- itservicedesk ⁵
+		- livertox *
+		- ftp.ncbi *
+		- temp.my **
 
-			- ^ *
-			- cancergenome		(shows login; mismatched, self-signed, CN: emergencytoolprod.cancer.gov)
-			- jobs			(shows ugsp; mismatched, CN: ugsp.nih.gov)
-			- www.jobs **
-			- ncats *
-			- www.ncats
-			- patientinfo.ninds ***
-			- blast.ncbi.nlm	(shows ncbi, cert valid)
-			- od *
-			- acd.od		(404; expired, CN secure.palladianpartners.com)
-			- nihpublications.od **
-			- www.nimh ***
-			- www.od *
-			- www *
+		- cdp.nci ᵇ
+		- cpfp.nci ***
+		- ctd2-dashboard.nci ⁵
+		- deainfo.nci *
+		- discover.nci ⁵
+		- emice.nci ⁵
+		- cgci.nci ᵃ
+		- ncicb.nci ᵃ
+		- wikiutils.nci ⁵
 
-	* Times out
-	** Reset
+		- (www.)?niaid
+		- data.nidb ⁵
+		- www.niddk ⁵
+		- www2.niddk ⁵
+
+		- kids.niehs ⁵
+		- ntpsearch.niehs ⁵
+		- nihlibrary ⁵
+		- nihroadmap	Shows another domain
+
+		- patientinfo.ninds ***
+		- www.ninds ⁵
+
+		- americanindianhealth.nlm
+		- asianamericanhealth.nlm *
+		- chemm.nlm *
+		- collections.nlm *
+		- disasterlit.nlm *
+		- dr2.nlm *
+		- (www.)?dsld.nlm *
+		- dtd.nlm	Shows another domain
+		- gateway.nlm ⁵
+		- ghr.nlm ⁵
+		- hpd.nlm *
+		- hazmap.nlm *
+		- healthhotlines.nlm *
+		- jats.nlm	Shows another domain
+		- www.kidsenvirohealth *
+		- lexsrv3.nlm *
+		- ftp.ncbi.nlm *
+		- oculus.nlm *
+		- pillbox.nlm *
+		- pubmedhh.nlm *
+		- remm.nlm *
+		- toxmap.nlm *
+		- toxmystery.nlm *
+		- toxnet.nlm *
+		- (www.)?toxtown.nlm *
+		- webwiser.nlm *
+		- wiser.nlm	401
+
+		- od *
+		- acd.od		(404; expired, CN secure.palladianpartners.com)
+		- oeodm.od		Handshake fails
+		- (www.)?ors.od ⁵
+		- osp.od ᵇ
+		- search.od *
+		- www.od *
+
+		- oppnet	Shows another domain
+		- (www.)?pubmedcentral	Shows another domain
+		- recovery	Refused
+		- salud		Shows another domain
+		- search	403
+		- chem.sis *
+		- chem2.sis *
+
+	ᵃ Shows another domain
+	ᵇ Shows default page
+	⁵ Refused
 	*** Interrupted
+	** Reset
+	* Times out
+
 
+	Problematic hosts in *nih.gov:
 
-	Problematic domains:
+		- internet.csr ²
+		- directorsblog ¹
+		- www.chtn.nci ᵈ
+		- www.dtp.nci ¹
+		- circulatingnow.nlm ¹
+		- communityhealthmaps.nlm ¹
+		- infocus.nlm ¹
+		- skr3.nlm ²
+		- olpa.od ᵀ
+		- training ³
 
-		- nlm.nih.gov		(cert only matches www.nlm)
-		- training.nih.gov	(shows ugsp; mismatched, CN: ugsp.nih.gov)
-		- (www.)pubmed.gov	(mismatched, CN: *.ncbi.nlm.nih.gov)
+	ᵀ Blocks Tor users
+	ᵈ Dropped, preemptable redirect
+	¹ Mismatched
+	² Mixed css
+	³ Handshake fails, preemptable redirect
 
+	Insecure cookies are set for these hosts:
 
-	Fully covered domains:
+		- answers.nei.nih.gov
+		- nichd.nih.gov
+		- www.nichd.nih.gov
+		- report.nih.gov
 
-		- nih.gov subdomains:
 
-			- (www.)nlm		(^ → www)
-			- (www.)ncbi.nlm
-			- pubchem.ncbi.nlm
-			- www.nidcd.nlm
-			- (www.)training	(^ → www)
+	Mixed content:
 
-		- (www.)pubmed.gov	(→ www.ncbi.nlm.nih.gov)
+		- css, on:
+
+			- internet.csr, www.nhlbi from $self *
+			- edi, staffdirectory.nigms, lhncbc.nlm, skr3.nlm, outreach.ors from fonts.googleapis.com *
+			- skr3.nlm from www.lhncbc.nlm.nih.gov *
+			- www.nidcd from search.usa.gov *
+
+		- Images, on:
+
+			- internet.csr, www.nhlbi, www.nidcd, ntp.niehs, www.niehs, biobeat.nigms, loop.nigms, accessguidid.nlm, nexus.od, videocast, www from $self *
+			- directorsblog from www.nih.gov *
+			- ctd2.nci, target.nci from ocg.cancer.gov *
+			- www.nihms from publicaccess.nih.gov *
+			- loop.nigms from publications.nigms.nih.gov *
+			- infocus.nlm from $self
+			- blast.ncbi.nlm from www.ncbi.nlm.nih.gov *
+			- skr.nlm from ii-public2.nlm.nih.gov *
+			- skr3.nlm from www.lhncbc.nlm.nih.gov *
+			- toxlearn.nlm from www.adobe.com *
+			- wwwcf2.nlm from www.nlm.nih.gov *
+
+		- favicons, on:
+
+			- era, grants, www.jobs, hr.od from www.nih.gov *
+			- trainingcenter from $self *
+
+		- Bugs,
+
+			- aidsinfo from b.scorecardresearch.com *
+			- directorsblog from cdn.printfriendly.com *
+			- www.nhlbi from nhlbi.122.2o7.net *
+			- www.niehs from webtrends-sdc.niehs.nih.gov *
+			- apps.nlm, apps2.nlm, wwwcf2.nlm from wtsdc.nlm.nih.gov *
+			- researchfestival from s7.addthis.com *
+
+	* Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="National Institutes of Health (partial)" platform="mixedcontent">
+<ruleset name="NIH.gov (partial)">
+
+	<target host="nih.gov" />
+	<target host="www.nih.gov" />
+	<target host="aidsinfo.nih.gov" />
+	<target host="calendar.nih.gov" />
+	<target host="cancergenome.nih.gov" />
+	<target host="commonfund.nih.gov" />
+	<target host="science.education.nih.gov" />
+	<target host="edi.nih.gov" />
+	<target host="www.edi.nih.gov" />
+	<target host="era.nih.gov" />
+	<target host="commons.era.nih.gov" />
+	<target host="public.era.nih.gov" />
+	<target host="grants.nih.gov" />
+	<target host="health.nih.gov" />
+	<target host="clinicalstudies.info.nih.gov" />
+	<target host="infosida.nih.gov" />
+	<target host="irp.nih.gov" />
+	<target host="itrusteauth.nih.gov" />
+
+	<target host="jobs.nih.gov" />
+	<target host="www.jobs.nih.gov" />
+
+	<target host="list.nih.gov" />
+	<target host="www.lrp.nih.gov" />
+	<target host="myitsm.nih.gov" />
+
+	<target host="ncats.nih.gov" />
+	<target host="www.ncats.nih.gov" />
+
+	<target host="nccam.nih.gov" />
+	<target host="www.nccam.nih.gov" />
+
+	<target host="nccih.nih.gov" />
+	<target host="www.nccih.nih.gov" />
+
+	<target host="neuroscienceblueprint.nih.gov" />
+	<target host="report.nih.gov" />
+	<target host="stemcells.nih.gov" />
+	<target host="training.nih.gov" />
+
+	<target host="cc.nih.gov" />
+	<target host="www.cc.nih.gov" />
+	<target host="cris.cc.nih.gov" />
+
+	<target host="public.csr.nih.gov" />
+	<target host="internet.csr.nih.gov"/>
+
+	<target host="brd.nci.nih.gov" />
+	<target host="cananolab.nci.nih.gov" />
+	<target host="cbiit.nci.nih.gov" />
+	<target host="www.chtn.nci.nih.gov" />
+	<target host="ctd2.nci.nih.gov" />
+	<target host="dccps.nci.nih.gov" />
+	<target host="gsspubssl.nci.nih.gov" />
+	<target host="provocativequestions.nci.nih.gov" />
+	<target host="target.nci.nih.gov" />
+	<target host="wiki.nci.nih.gov" />
+
+	<target host="ned.nih.gov" />
+	<target host="nei.nih.gov" />
+
+	<target host="answers.nei.nih.gov" />
+	<target host="www.nei.nih.gov" />
+
+	<target host="newsinhealth.nih.gov" />
+	<target host="www.nhlbi.nih.gov" />
+	<target host="catalog.nhlbi.nih.gov" />
+
+	<target host="nia.nih.gov" />
+	<target host="www.nia.nih.gov" />
+
+	<target host="nichd.nih.gov" />
+	<target host="www.nichd.nih.gov" />
+	<target host="www.nidcd.nih.gov" />
+
+	<target host="livertox.niddk.nih.gov" />
+
+	<target host="niehs.nih.gov" />
+	<target host="www.niehs.nih.gov" />
+	<target host="ehp.niehs.nih.gov" />
+	<target host="ntp.niehs.nih.gov" />
+	<target host="webtrends-sdc.niehs.nih.gov" />
+
+	<target host="nigms.nih.gov" />
+	<target host="www.nigms.nih.gov" />
+	<target host="biobeat.nigms.nih.gov" />
+	<target host="loop.nigms.nih.gov" />
+	<target host="publications.nigms.nih.gov" />
+	<target host="staffdirectory.nigms.nih.gov" />
+
+	<target host="www.nihms.nih.gov" />
+	<target host="www.nimh.nih.gov" />
+
+	<target host="nihrecord.nih.gov" />
+
+	<target host="nlm.nih.gov" />
+	<target host="www.nlm.nih.gov" />
+	<target host="accessgudid.nlm.nih.gov" />
+	<target host="apps.nlm.nih.gov" />
+	<target host="apps2.nlm.nih.gov" />
+	<target host="dailymed.nlm.nih.gov" />
+	<target host="disaster.nlm.nih.gov" />
+	<target host="druginfo.nlm.nih.gov" />
+	<target host="geneed.nlm.nih.gov" />
+	<target host="healthreach.nlm.nih.gov" />
+	<target host="www.healthreach.nlm.nih.gov" />
+	<target host="id.nlm.nih.gov" />
+	<target host="ihm.nlm.nih.gov" />
+	<target host="ii.nlm.nih.gov" />
+	<target host="ii-public2.nlm.nih.gov" />
+	<target host="indexcat.nlm.nih.gov" />
+	<target host="lhncbc.nlm.nih.gov" />
+	<target host="www.lhncbc.nlm.nih.gov" />
+	<target host="local-www.nlm.nih.gov" />
+	<target host="mbr.nlm.nih.gov" />
+	<target host="metamap.nlm.nih.gov" />
+	<target host="mmtx.nlm.nih.gov" />
+	<target host="mor.nlm.nih.gov" />
+
+	<target host="ncbi.nlm.nih.gov" />
+	<target host="www.ncbi.nlm.nih.gov" />
+	<target host="blast.ncbi.nlm.nih.gov" />
+	<target host="pubchem.ncbi.nlm.nih.gov" />
+	<target host="structure.ncbi.nlm.nih.gov" />
+
+	<target host="profiles.nlm.nih.gov" />
+	<target host="rximage.nlm.nih.gov" />
+	<target host="rxnav.nlm.nih.gov" />
+	<target host="sis.nlm.nih.gov" />
+	<target host="www.sis.nlm.nih.gov" />
+	<target host="skr.nlm.nih.gov" />
+	<!--target host="skr3.nlm.nih.gov" /-->
+	<target host="structuredabstracts.nlm.nih.gov" />
+	<target host="toxlearn.nlm.nih.gov" />
+	<target host="uts.nlm.nih.gov" />
+	<target host="vsac.nlm.nih.gov" />
+	<target host="wsd.nlm.nih.gov" />
+	<target host="wtsdc.nlm.nih.gov" />
+	<target host="wwwcf.nlm.nih.gov" />
+	<target host="wwwcf2.nlm.nih.gov" />
+
+	<target host="ocio.nih.gov" />
+
+	<target host="hr.od.nih.gov" />
+	<target host="www.hr.od.nih.gov" />
+	<target host="nexus.od.nih.gov" />
+	<target host="nihpublications.od.nih.gov" />
+	<target host="oamp.od.nih.gov" />
+	<!--target host="olpa.od.nih.gov" />	needs clearnet testing	-->
 
-	<target host="*.nih.gov" />
-	<target host="pubmed.gov" />
-	<target host="*.pubmed.gov" />
+	<target host="oir.nih.gov" />
+	<target host="outreach.ors.nih.gov" />
+	<target host="projectreporter.nih.gov" />
+	<target host="publicaccess.nih.gov" />
+	<target host="researchfestival.nih.gov" />
+	<target host="smartcard.nih.gov" />
+	<target host="www.training.nih.gov" />
+	<target host="trainingcenter.nih.gov" />
+	<target host="www.trainingcenter.nih.gov" />
+	<target host="videocast.nih.gov" />
 
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://catalog\.nhlbi\.nih\.gov/catalog/home$" /-->
 
-	<securecookie host="^.*\.nih\.gov$" name=".+" />
+		<!--	Mixed css:
+					-->
+		<!--test url="http://www.nhlbi.nih.gov/health/health-topics/topics/hb" /-->
 
 
-	<rule from="^https?://(?:www\.)?(nlm|training)\.nih\.gov/"
-		to="https://www.$1.nih.gov/" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.nih\.gov$" name="^(?:NIHMS_LOGIN_ATTEMPT|FLAG|NIHMS_ROUTE_CHOICE|NIHMS_SESSION|WEB_NIHMS_LANG|ncbi_sid|xid)$" /-->
+	<!--securecookie host="^(?:aidsinfo|infosida|ned|(?:www\.)?nichd|nihpublications\.od|report)\.nih\.gov$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^public\.era\.nih\.gov$" name="^JSESSIONID$" /-->
+	<!--securecookie host="^healthreach\.nih\.gov$" name="^(?:ASP\.NET_SessionId$|BIGipServer)" /-->
+	<!--securecookie host="^imagebank\.nih\.gov$" name="^(?:CFID|CFTOKEN)$" /-->
+	<!--securecookie host="^(?:itrusteauth|ocio|smartcard)\.nih\.gov$" name="^asig_persistence$" /-->
+	<!--securecookie host="^wiki\.nci\.nih\.gov$" name="^JSESSIONID$" /-->
+	<!--securecookie host="^answers\.nei\.nih\.gov$" name="^TS[\da-f]+$" /-->
+	<!--securecookie host="^webtrends-sdc\.niehs\.nih\.gov$" name="^ACOOKIE$" /-->
+	<!--securecookie host="^\.nlm\.nih\.gov$" name="^WebEnv$" /-->
+	<!--securecookie host="^(?:apps\.nlm|projectreporter)\.nih\.gov$" name="^(?:CFID|CFTOKEN|JSESSIONID)$" /-->
+	<!--securecookie host="^dailymed\.nlm\.nih\.gov$" name="^(?:CFAUTHORIZATION_DAILYMED_[\dA-F]{32}|CFID|CFTOKEN|JSESSIONID)$" /-->
+	<!--securecookie host="^id\.nlm\.nih\.gov$" name="^JSESSIONID$" /-->
+	<!--securecookie host="^(?:local-)?rximage\.nlm\.nih\.gov$" name="^DocuWiki$" /-->
+	<!--securecookie host="^oamp\.od\.nih\.gov$" name="^textsize$" /-->
+	<!--securecookie host="^\.projectreporter\.nih\.gov$" name="^(?:REPORTERPORTFOLIO|RUPSID)$" /-->
+	<!--securecookie host="^www\.training\.nih\.gov$" name="^(?:PHPSESSID|symp_cookie_check)$" /-->
 
-	<rule from="^http://((?:pubchem\.|www\.)?ncbi|www\.nidcd)\.nlm\.nih\.gov/"
-		to="https://$1.nlm.nih.gov/" />
+	<securecookie host="^\." name="^s_vi" />
+	<securecookie host="^(?!catalog\.nhlbi\.)\w" name=".+" />
 
-	<rule from="^https?://(?:www\.)?pubmed\.gov/"
-		to="https://www.ncbi.nlm.nih.gov/pubmed/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/National-Optical-Astronomy-Observatory.xml b/src/chrome/content/rules/National-Optical-Astronomy-Observatory.xml
index 6548aa66f268..ff8f3581ab93 100644
--- a/src/chrome/content/rules/National-Optical-Astronomy-Observatory.xml
+++ b/src/chrome/content/rules/National-Optical-Astronomy-Observatory.xml
@@ -12,7 +12,6 @@
 
 
 	<!--	!www 503s over https	-->
-	<rule from="^https?://(?:www\.)?noao\.edu/"
-		to="https://www.noao.edu/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/National-Press-Photographers-Assoc.xml b/src/chrome/content/rules/National-Press-Photographers-Assoc.xml
index 2085052d720e..3377a7c711f7 100644
--- a/src/chrome/content/rules/National-Press-Photographers-Assoc.xml
+++ b/src/chrome/content/rules/National-Press-Photographers-Assoc.xml
@@ -4,7 +4,6 @@
 	<target host="www.nppa.org" />
 
 
-	<rule from="^https?://(?:www\.)?nppa\.org/"
-		to="https://www.nppa.org/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/National-Rail-Enquiries-mismatches.xml b/src/chrome/content/rules/National-Rail-Enquiries-mismatches.xml
index e49605f84227..2608c44ec127 100644
--- a/src/chrome/content/rules/National-Rail-Enquiries-mismatches.xml
+++ b/src/chrome/content/rules/National-Rail-Enquiries-mismatches.xml
@@ -2,16 +2,14 @@
 	For rules that are on by default, see National-Rail-Enquires.xml.
 
 -->
-<ruleset name="National Rail Enquiries (mismatches)" default_off="mismatch">
+<ruleset name="National Rail Enquiries (mismatches)" default_off="mismatched">
 
 	<target host="hotels.nationalrail.co.uk" />
-	<target host="*.hotels.nationalrail.co.uk" />
 
 
-	<securecookie host="^\.hotels\.nationalrail\.co\.uk$" name=".*" />
+	<securecookie host="^\.hotels\.nationalrail\.co\.uk$" name=".+" />
 
 
-	<rule from="^http://hotels\.nationalrail\.co\.uk/"
-		to="https://hotels.nationalrail.co.uk/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/National-Rail-Enquiries.xml b/src/chrome/content/rules/National-Rail-Enquiries.xml
index c711b2e40d93..3ca358d0d493 100644
--- a/src/chrome/content/rules/National-Rail-Enquiries.xml
+++ b/src/chrome/content/rules/National-Rail-Enquiries.xml
@@ -18,7 +18,10 @@
 <ruleset name="National Rail Enquiries (partial)">
 
 	<target host="nationalrail.co.uk" />
-	<target host="*.nationalrail.co.uk" />
+	<target host="www.nationalrail.co.uk" />
+	<target host="img.nationalrail.co.uk" />
+	<target host="js.nationalrail.co.uk" />
+	<target host="ojp.nationalrail.co.uk" />
 		<!--
 			Redirects to http.
 						-->
@@ -35,7 +38,7 @@
 	<rule from="^http://img\.nationalrail\.co\.uk/"
 		to="https://d7cizd44vlm94.cloudfront.net/" />
 
-	<rule from="^https?://js\.nationalrail\.co\.uk/"
+	<rule from="^http://js\.nationalrail\.co\.uk/"
 		to="https://d2uncb19xzxhzx.cloudfront.net/" />
 
 	<rule from="^http://ojp\.nationalrail\.co\.uk/"
diff --git a/src/chrome/content/rules/National-Renewable-Energy-Laboratory.xml b/src/chrome/content/rules/National-Renewable-Energy-Laboratory.xml
index f759d19e214e..5dbc974009a1 100644
--- a/src/chrome/content/rules/National-Renewable-Energy-Laboratory.xml
+++ b/src/chrome/content/rules/National-Renewable-Energy-Laboratory.xml
@@ -1,56 +1,24 @@
 <!--
-	Other US government rulesets:
+	Redirect to HTTP:
+		rredc.nrel.gov
 
-		- Colorado-Attorney-General.xml
-		- CPSC.xml
-		- Disability.gov.xml
-		- ED.gov.xml
-		- Employeeexpress.gov.xml
-		- EnergyStar.xml
-		- Epls.gov.xml
-		- Federal-Register.xml
-		- G5.gov.xml
-		- NSF.gov.xml
-		- OSHA.gov.xml
-		- Pay.gov.xml
-		- Senate.gov.xml
-		- SocialSecurity.xml
-		- StudentLoans.gov.xml
-		- Treasurydirect.gov.xml
-		- USA.gov.xml
-		- US-CBO.gov.xml
-		- Us-cert.gov.xml
-		- USDA-ARS.xml
-		- US-Dept-of-Veterans-Affairs.xml
-		- US-government.xml
-		- US-government-mismatches.xml
-		- US-Selective-Service-System.xml
--->
-<ruleset name="National Renewable Energy Laboratory (partial)">
+	Time out:
+		pvwatts.nrel.gov
 
-	<target host="nrel.gov"/>
-	<target host="rredc.nrel.gov"/>
-	<target host="www.nrel.gov"/>
+-->
+<ruleset name="NREL.gov (partial)">
 
-	<!--	Redirect to http:
-			- $
-			- \w+/$
-			- images1/
-			- news/features/\w+.cfm
-			- news/features/\d{8}_un_text.html
-			- sustainable_nrel/media/
-			- sustainable_nrel/rsf.html
-								-->
-	<rule from="^http://(www\.)?nrel\.gov/(?:((?:news/features/|sustainable_nrel/)?images)1?|((?:data/pix/)?includes|includes_tableless))/"
-		to="https://$1nrel.gov/$2$3/"/>
+	<target host="nrel.gov" />
+	<target host="www.nrel.gov" />
+	<target host="atb.nrel.gov" />
+	<target host="pvrw.nrel.gov" />
+	<target host="remdb.nrel.gov" />
+	<target host="reopt.nrel.gov" />
+	<target host="resstock.nrel.gov" />
+	<target host="sam.nrel.gov" />
+	<target host="sws.nrel.gov" />
 
-	<!--	Redirect to http:
-			- $
-			- css/
-			- solar/calculators
-			- 
-						-->
-	<rule from="^http://rredc\.nrel\.gov/gifs/"
-		to="https://rredc.nrel.gov/gifs/"/>
+	<rule from="^http:"
+		to="https:"/>
 
 </ruleset>
diff --git a/src/chrome/content/rules/National-Research-Council-Canada.xml b/src/chrome/content/rules/National-Research-Council-Canada.xml
index 7ecba15e193c..f585ea1e4be2 100644
--- a/src/chrome/content/rules/National-Research-Council-Canada.xml
+++ b/src/chrome/content/rules/National-Research-Council-Canada.xml
@@ -1,9 +1,18 @@
-<ruleset name="National Research Council Canada">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://nrc-cnrc.gc.ca/ => https://nrc-cnrc.gc.ca/: Too many redirects while fetching 'https://nrc-cnrc.gc.ca/'
+Fetch error: http://www.nrc-cnrc.gc.ca/ => https://www.nrc-cnrc.gc.ca/: Too many redirects while fetching 'https://www.nrc-cnrc.gc.ca/'
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://nrc-cnrc.gc.ca/ => https://nrc-cnrc.gc.ca/: Cycle detected - URL already encountered: https://www.nrc-cnrc.gc.ca/index.html
+Fetch error: http://www.nrc-cnrc.gc.ca/ => https://www.nrc-cnrc.gc.ca/: Cycle detected - URL already encountered: https://www.nrc-cnrc.gc.ca/index.html
+-->
+<ruleset name="National Research Council Canada" default_off="failed ruleset test">
 
 	<target host="nrc-cnrc.gc.ca"/>
 	<target host="www.nrc-cnrc.gc.ca"/>
 
-	<rule from="^http://(www\.)?nrc-cnrc\.gc\.ca/"
-		to="https://$1nrc-cnrc.gc.ca/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/National-Retail-Federation.xml b/src/chrome/content/rules/National-Retail-Federation.xml
index 2fa9418a2557..e7501bc15c5a 100644
--- a/src/chrome/content/rules/National-Retail-Federation.xml
+++ b/src/chrome/content/rules/National-Retail-Federation.xml
@@ -3,7 +3,6 @@
 	<target host="nrf.com"/>
 	<target host="www.nrf.com"/>
 
-	<rule from="^http://(www\.)?nrf\.com/"
-		to="https://$1nrf.com/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/National-Science-Foundation.xml b/src/chrome/content/rules/National-Science-Foundation.xml
index b3e376c82eaa..d499271eea55 100644
--- a/src/chrome/content/rules/National-Science-Foundation.xml
+++ b/src/chrome/content/rules/National-Science-Foundation.xml
@@ -1,62 +1,73 @@
 <!--
-	For other US government coverage, see US-government.xml.
+	National Science Foundation
+
+
+
+	Nonfunctional hosts in *nsf.gov:
+
+		- dellweb.bfa *
+
+	* Refused
+
+
+	Problematic hosts in *nsf.gov:
+
+		- fastlane *
+		- fldemo *
+
+	* Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- nsf.gov
+		- www.nsf.gov
+
+
+	Mixed content:
+
+		- Bug on www from wt.research.gov *
+
+	* Not secured by us <= missing certificate chain
 
 -->
-<ruleset name="National Science Foundation (partial)">
+<ruleset name="NSF.gov (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="nsf.gov" />
-	<target host="*.nsf.gov" />
-		<exclusion pattern="^http://www\.nsf\.gov/($|\?|index\.jsp|awardsearch|statistics)" />
-	<target host="www.*.nsf.gov" />
-
-
-	<securecookie host="^.*\.nsf\.gov$" name=".*" />
-
-
-	<!--	These paths redirect to http:
-
-			- $
-			- awardsearch$
-			- awardsearch/$
-			- awardsearch/common/images/
-			- awardsearch/style/
-			- index.jsp$
-			- statistics/$
-			- statistics/about.cfm$
-			- statistics/css/
-			- statistics/graphics/
-			- statistics/profiles/$
-			- statistics/showpub.cfm
-
-		These paths don't (shh!):
-
-			- about
-			- awards
-			- bfa
-			- cgi-bin
-			- css
-			- discoveries
-			- email.jsp
-			- funding
-			- help
-			- images
-			- news
-			- oirm
-			- policies
-			- staff
-
-
-		Cert only matches www.
-						
-	<rule from="^https?://(?:www\.)?nsf\.gov/((?:about|awards|bfa|cgi-bin|css|discoveries|funding|help|images|news|oirm|policies|publications|staff)(?:$|/|\?)|email\.jsp)"
-		to="https://www.nsf.gov/$1" /-->
-
-	<rule from="^https?://(?:www\.)?nsf\.gov/"
-		to="https://www.nsf.gov/" />
-
-	<!--	Cert only matches www.foo	-->
-	<rule from="^https?://(?:www\.)?f(astlane|ldemo)\.nsf\.gov/"
-		to="https://www.f$1.nsf.gov/" />
+	<target host="www.fastlane.nsf.gov" />
+	<target host="www.fldemo.nsf.gov" />
+	<target host="www.nsf.gov" />
+
+	<!--	Complications:
+				-->
+	<target host="fastlane.nsf.gov" />
+	<target host="fldemo.nsf.gov" />
+
+		<!--	Redirects to http:
+						-->
+		<exclusion pattern="^http://www\.nsf\.gov/(?:$|\?|awardsearch|index\.jsp|statistics)" />
+
+			<test url="http://www.nsf.gov/index.jsp" />
+			<test url="http://www.nsf.gov/awardsearch" />
+			<test url="http://www.nsf.gov/awardsearch/" />
+			<test url="http://www.nsf.gov/statistics" />
+			<test url="http://www.nsf.gov/statistics/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?nsf\.gov$" name="^JSESSIONID$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://(fastlane|fldemo)\.nsf\.gov/"
+		to="https://www.$1.nsf.gov/" />
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
 
diff --git a/src/chrome/content/rules/National-Security-Agency.xml b/src/chrome/content/rules/National-Security-Agency.xml
index 3c45f2895dd4..a5dd5292925c 100644
--- a/src/chrome/content/rules/National-Security-Agency.xml
+++ b/src/chrome/content/rules/National-Security-Agency.xml
@@ -1,9 +1,15 @@
-<ruleset name="National Security Agency" platform="mixedcontent">
+<!--
+	Other National Security Agency rulesets:
+		- Ghidra-SRE.org.xml
+
+	Not supporting HTTPS:
+		* m.nsa.gov
+-->
+<ruleset name="National Security Agency">
 
-	<target host="nsa.gov" />
 	<target host="www.nsa.gov" />
 
-	<rule from="^http://(www\.)?nsa\.gov/"
-		to="https://$1nsa.gov/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/National-Snow-and-Ice-Data-Center.xml b/src/chrome/content/rules/National-Snow-and-Ice-Data-Center.xml
index 7457c4d65377..1f2431362f56 100644
--- a/src/chrome/content/rules/National-Snow-and-Ice-Data-Center.xml
+++ b/src/chrome/content/rules/National-Snow-and-Ice-Data-Center.xml
@@ -1,37 +1,45 @@
 <!--
-	Covered nsidc.org subdomains:
+	503, HTTPS only:
+		- noaa_waf.apps.nsidc.org
+		- soac.apps.nsidc.org
 
-		- ^
-		- extranet
-		- staging.extranet
-		- igloo
-		- integration.igloo
-		- qa.igloo
-		- staging.igloo
-		- integration
-		- qa
-		- staging
+	Expired certificate:
+		- support.nsidc.org
 
+	Incomplete certificate chain:
+		- n5eil01u.ecs.nsidc.org
 
-	Certificate also matches these subdomains:
+	Invalid certificate:
+		- www.nsidc.org
+		- integration.igloo.nsidc.org
+		- qa.igloo.nsidc.org
+		- staging.igloo.nsidc.org
 
-		- ops
-		- scm
-		- wordpress
-		- staging.wordpress
+	No working URL known:
+		- inside.nsidc.org
+		- staging.inside.nsidc.org
 
+	Mixed content errors:
+		- http://nsidc.org/arcticseaicenews/charctic-interactive-sea-ice-graph/
 -->
-<ruleset name="National Snow and Ice Data Center">
 
+<ruleset name="National Snow and Ice Data Center">
 	<target host="nsidc.org" />
-	<target host="*.nsidc.org" />
+	<target host="www.nsidc.org" />
+	<target host="daacdata.apps.nsidc.org" />
+	<target host="smap_op.apps.nsidc.org" />
+	<target host="extranet.nsidc.org" />
 	<target host="staging.extranet.nsidc.org" />
-	<target host="*.igloo.nsidc.org" />
+	<target host="igloo.nsidc.org" />
+	<target host="integration.nsidc.org" />
+	<target host="qa.nsidc.org" />
+	<target host="staging.nsidc.org" />
 
+	<securecookie host="((daacdata|smap_op)\.apps|(staging\.)?extranet|igloo|integration|qa|staging|support)\.nsidc.org" name=".+" />
 
-	<!--	Cert doesn't match www.
-					-->
-	<rule from="^http://(?:((?:staging\.)?extranet\.|(?:integration\.|qa\.|staging\.)?igloo\.|integration\.|monitor\.|qa\.|staging\.)|www\.)?nsidc\.org/"
-		to="https://$1nsidc.org/" />
+	<exclusion pattern="^http://nsidc\.org/arcticseaicenews/charctic-interactive-sea-ice-graph/" />
+		<test url="http://nsidc.org/arcticseaicenews/charctic-interactive-sea-ice-graph/" />
 
+	<rule from="^http://www\.nsidc\.org/" to="https://nsidc.org/" />
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/National-University-of-Ireland-mismatches.xml b/src/chrome/content/rules/National-University-of-Ireland-mismatches.xml
index 2c266ad1fd44..edfb1ad4630f 100644
--- a/src/chrome/content/rules/National-University-of-Ireland-mismatches.xml
+++ b/src/chrome/content/rules/National-University-of-Ireland-mismatches.xml
@@ -2,7 +2,6 @@
 
 	<target host="www.library.nuigalway.ie"/>
 
-	<rule from="^http://www\.library\.nuigalway\.ie/"
-		to="https://www.library.nuigalway.ie/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/National-University-of-Ireland.xml b/src/chrome/content/rules/National-University-of-Ireland.xml
index 7a1dba3e7650..44083893b631 100644
--- a/src/chrome/content/rules/National-University-of-Ireland.xml
+++ b/src/chrome/content/rules/National-University-of-Ireland.xml
@@ -1,16 +1,22 @@
-<ruleset name="National University of Ireland (partial)">
 
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://deri.ie/ => https://deri.ie/: (28, 'Operation timed out after 0 milliseconds with 0 out of 0 bytes received')
+Fetch error: http://www.deri.ie/ => https://www.deri.ie/: (28, 'Operation timed out after 0 milliseconds with 0 out of 0 bytes received')
+
+	Mismatch:
+		- ^nuigalway.ie
+-->
+<ruleset name="National University of Ireland (partial)" default_off="failed ruleset test">
 	<target host="deri.ie"/>
 	<target host="www.deri.ie"/>
 	<target host="nuigalway.ie"/>
 	<target host="www.nuigalway.ie"/>
 
-	<securecookie host="^(?:www\.)?deri\.ie$" name=".*"/>
-
-	<rule from="^http://(www\.)?deri\.ie/"
-		to="https://$1deri.ie/"/>
+	<securecookie host="^(?:www\.)?deri\.ie$" name=".+" />
 
-	<rule from="^http://(?:www\.)?nuigalway\.ie/"
+	<rule from="^http://nuigalway\.ie/"
 		to="https://www.nuigalway.ie/"/>
-
+	<rule from="^http:"
+		to="https:"/>
 </ruleset>
diff --git a/src/chrome/content/rules/NationalArchivesGovUK.xml b/src/chrome/content/rules/NationalArchivesGovUK.xml
index 26854b4862c1..30798a4115d7 100644
--- a/src/chrome/content/rules/NationalArchivesGovUK.xml
+++ b/src/chrome/content/rules/NationalArchivesGovUK.xml
@@ -1,8 +1,99 @@
-<ruleset name="NationalArchivesGovUK">
-  <target host="nationalarchives.gov.uk"/>
-  <target host="www.nationalarchives.gov.uk"/>
 
-  <securecookie host="^(.+\.)?nationalarchives\.gov\.uk$" name=".*"/>
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://community.nationalarchives.gov.uk/ => https://community.nationalarchives.gov.uk/: (7, 'Failed to connect to community.nationalarchives.gov.uk port 443: Connection refused')
 
-  <rule from="^http://(?:www\.)?nationalarchives\.gov\.uk/" to="https://www.nationalarchives.gov.uk/"/>
+	The National Archives
+
+	For problematic rules, see National_Archives.gov.uk-problematic.xml.
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *nationalarchives.gov.uk:
+
+		- blog ¹
+		- bookshop ²
+		- media ²
+		- smartsource ¹
+		- webarchive ¹
+
+	¹ Refused
+	² Dropped
+
+
+	Problematic hosts in *nationalarchives.gov.uk:
+
+		- labs ¹ ²
+
+	¹ Expired
+	² Untrusted root
+
+
+	Insecure cookies are set for these hosts:
+
+		- discovery.nationalarchives.gov.uk
+
+
+	Mixed content:
+
+		- css, on:
+
+			- labs, www from fonts.googleapis.com ¹
+			- www from $self ¹
+
+		- Images on www from $self ¹
+		- Bugs on community, images, labs, www from smartsource.nationalarchives.gov.uk ²
+
+	¹ Secured by us
+	² Unsecurable
+
+-->
+<ruleset name="National Archives.gov.uk (partial)" default_off="failed ruleset test">
+
+	<target host="nationalarchives.gov.uk" />
+	<target host="community.nationalarchives.gov.uk" />
+	<target host="discovery.nationalarchives.gov.uk" />
+	<target host="images.nationalarchives.gov.uk" />
+	<target host="secure.nationalarchives.gov.uk" />
+	<target host="www.nationalarchives.gov.uk" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://discovery\.nationalarchives\.gov\.uk/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://discovery\.nationalarchives\.gov\.uk/(?!/*(?:Content/compiled-css/|Content/[Ii]mages/|SearchUI/Content/|favicon\.ico|register$|sign-in$))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://discovery.nationalarchives.gov.uk/advanced-search" />
+			<test url="http://discovery.nationalarchives.gov.uk/browse/" />
+			<test url="http://discovery.nationalarchives.gov.uk/details/c/F18168" />
+			<test url="http://discovery.nationalarchives.gov.uk/details/r/C10012" />
+			<test url="http://discovery.nationalarchives.gov.uk/details/r/C2322602" />
+			<test url="http://discovery.nationalarchives.gov.uk/details/r/C44" />
+			<test url="http://discovery.nationalarchives.gov.uk/find-an-archive" />
+			<test url="http://discovery.nationalarchives.gov.uk/results/r/?_q=service%20records&amp;_sd=1914&amp;_ed=1920&amp;_hb=tna&amp;_d=WO" />
+			<test url="http://discovery.nationalarchives.gov.uk/tags/index" />
+
+			<!--	-ve:
+					-->
+			<test url="http://discovery.nationalarchives.gov.uk/Content/Images/logo-white.png" />
+			<test url="http://discovery.nationalarchives.gov.uk/Content/compiled-css/main.min.4.1.0.css" />
+			<test url="http://discovery.nationalarchives.gov.uk/favicon.ico" />
+			<test url="http://discovery.nationalarchives.gov.uk/register" />
+			<test url="http://discovery.nationalarchives.gov.uk/sign-in" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="discovery\.nationalarchives\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host=".\.nationalarchives\.gov\.uk$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/NationalE-HealthTransitionAuthority.xml b/src/chrome/content/rules/NationalE-HealthTransitionAuthority.xml
new file mode 100644
index 000000000000..7fa7dea6fe83
--- /dev/null
+++ b/src/chrome/content/rules/NationalE-HealthTransitionAuthority.xml
@@ -0,0 +1,7 @@
+<ruleset name="National E-Health Transition Authority">
+	<target host="nehta.gov.au" />
+	<target host="www.nehta.gov.au" />
+
+	<rule from="^http://(?:www\.)?nehta\.gov\.au/"
+		to="https://www.nehta.gov.au/" />
+</ruleset>
diff --git a/src/chrome/content/rules/NationalEatingDisorders.org.xml b/src/chrome/content/rules/NationalEatingDisorders.org.xml
new file mode 100644
index 000000000000..170a15494dda
--- /dev/null
+++ b/src/chrome/content/rules/NationalEatingDisorders.org.xml
@@ -0,0 +1,17 @@
+<!--
+	Private subdomain:
+		bp.nationaleatingdisorders.org
+
+	Wildcard DNS but without wildcard certificate.
+
+	All other subdomains are mismatched.
+
+-->
+<ruleset name="National Eating Disorders Association">
+
+	<target host="nationaleatingdisorders.org" />
+	<target host="www.nationaleatingdisorders.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NationalHealthandMedicalResearchCouncil.xml b/src/chrome/content/rules/NationalHealthandMedicalResearchCouncil.xml
new file mode 100644
index 000000000000..3ec1b656746a
--- /dev/null
+++ b/src/chrome/content/rules/NationalHealthandMedicalResearchCouncil.xml
@@ -0,0 +1,7 @@
+<ruleset name="National Health and Medical Research Council">
+	<target host="nhmrc.gov.au" />
+	<target host="www.nhmrc.gov.au" />
+
+	<rule from="^http://(?:www\.)?nhmrc\.gov\.au/"
+		to="https://www.nhmrc.gov.au/" />
+</ruleset>
diff --git a/src/chrome/content/rules/NationalLibraryofAustralia.xml b/src/chrome/content/rules/NationalLibraryofAustralia.xml
new file mode 100644
index 000000000000..15d12922f753
--- /dev/null
+++ b/src/chrome/content/rules/NationalLibraryofAustralia.xml
@@ -0,0 +1,7 @@
+<ruleset name="National Library of Australia">
+	<target host="nla.gov.au" />
+	<target host="www.nla.gov.au" />
+
+	<rule from="^http://(?:www\.)?nla\.gov\.au/"
+		to="https://www.nla.gov.au/" />
+</ruleset>
diff --git a/src/chrome/content/rules/NationalLottery.xml b/src/chrome/content/rules/NationalLottery.xml
deleted file mode 100644
index b2cec467ef86..000000000000
--- a/src/chrome/content/rules/NationalLottery.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="NationalLottery">
-  <target host="national-lottery.co.uk" />
-  <target host="www.national-lottery.co.uk" />
-
-  <securecookie host="^(.+\.)?national-lottery\.co\.uk$" name=".*"/>
-
-  <rule from="^http://(?:www\.)?national-lottery\.co\.uk/" to="https://www.national-lottery.co.uk/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/NationalPortraitGallery.xml b/src/chrome/content/rules/NationalPortraitGallery.xml
new file mode 100644
index 000000000000..34a034d5f498
--- /dev/null
+++ b/src/chrome/content/rules/NationalPortraitGallery.xml
@@ -0,0 +1,36 @@
+<!--
+	National Portrait Gallery
+
+-->
+<ruleset name="Portrait.gov.au (partial)">
+	<target host="portrait.gov.au" />
+	<target host="www.portrait.gov.au" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://(?:www\.)?portrait\.gov\.au/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://(?:www\.)?portrait\.gov\.au/+(?!css/|favicon\.ico|files/|images/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://portrait.gov.au/content/education/" />
+			<test url="http://portrait.gov.au/content/the-gallery/" />
+			<test url="http://portrait.gov.au/exhibitions/" />
+			<test url="http://portrait.gov.au/magazines/" />
+			<test url="http://www.portrait.gov.au/portraits/" />
+			<test url="http://www.portrait.gov.au/postcards/" />
+			<test url="http://www.portrait.gov.au/stories/" />
+
+			<!--	-ve:
+					-->
+			<test url="http://portrait.gov.au/css/jquery.share.css" />
+			<test url="http://portrait.gov.au/favicon.ico" />
+			<test url="http://www.portrait.gov.au/images/nationalportraitgallery.gif" />
+
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/NationalRSOL.org.xml b/src/chrome/content/rules/NationalRSOL.org.xml
new file mode 100644
index 000000000000..7187c13e4c1b
--- /dev/null
+++ b/src/chrome/content/rules/NationalRSOL.org.xml
@@ -0,0 +1,16 @@
+<!--
+	See also NARSOL.org.xml, RSOLConference.org.xml
+-->
+<ruleset name="NationalRSOL.org">
+	<target host="nationalrsol.org" />
+	<target host="www.nationalrsol.org" />
+	<target host="mail.nationalrsol.org" />
+	<target host="rsolconference.nationalrsol.org" />
+	<target host="www.rsolconference.nationalrsol.org" />
+	<target host="talesfromtheregistry.nationalrsol.org" />
+	<target host="www.talesfromtheregistry.nationalrsol.org" />
+	<target host="tftr.nationalrsol.org" />
+	<target host="www.tftr.nationalrsol.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/NationalReview.com.xml b/src/chrome/content/rules/NationalReview.com.xml
index 07563b7039fd..ceadf9c40e58 100644
--- a/src/chrome/content/rules/NationalReview.com.xml
+++ b/src/chrome/content/rules/NationalReview.com.xml
@@ -1,4 +1,12 @@
-<ruleset name="NationalReview.com (partial)">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://nr-media-01.nationalreview.com/ => https://nr-media-01.nationalreview.com/: (60, 'SSL certificate problem: certificate has expired')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://nr-media-01.nationalreview.com/ => https://nr-media-01.nationalreview.com/: (60, 'SSL certificate problem: certificate has expired')
+-->
+<ruleset name="NationalReview.com (partial)" default_off="failed ruleset test">
 
 	<target host="nationalreview.com" />
 	<target host="nr-media-01.nationalreview.com" />
diff --git a/src/chrome/content/rules/National_Abortion_Federation.xml b/src/chrome/content/rules/National_Abortion_Federation.xml
index 6ce1ac738570..f15324e42109 100644
--- a/src/chrome/content/rules/National_Abortion_Federation.xml
+++ b/src/chrome/content/rules/National_Abortion_Federation.xml
@@ -1,14 +1,43 @@
 <!--
-	!www: cert only matches www
+	National Abortion Federation
+
+
+	Insecure cookies are set for these domains:
+
+		- .prochoice.org
 
 -->
-<ruleset name="National Abortion Federation">
+<ruleset name="Pro Choice.org (partial)">
 
 	<target host="prochoice.org" />
 	<target host="www.prochoice.org" />
 
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://prochoice\.org/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://prochoice\.org/+(?!wp-content/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://prochoice.org/about-naf/" />
+			<test url="http://prochoice.org/education-and-advocacy/violence/" />
+
+			<!--	-ve:
+					-->
+			<test url="http://prochoice.org/wp-content/themes/naf/style.css" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.prochoice\.org$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.prochoice\.org$" name="^__cfduid$" />
+
 
-	<rule from="^http://(?:www\.)?prochoice\.org/"
-		to="https://www.prochoice.org/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/National_Academy_of_Engineering.xml b/src/chrome/content/rules/National_Academy_of_Engineering.xml
index ddadb1507411..7160feb47909 100644
--- a/src/chrome/content/rules/National_Academy_of_Engineering.xml
+++ b/src/chrome/content/rules/National_Academy_of_Engineering.xml
@@ -8,10 +8,10 @@
 	<target host="www.nae.edu" />
 
 
-	<securecookie host="^(?:.*\.)?nae\.edu$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http://(?:www\.)?nae\.edu/"
 		to="https://www.nae.edu/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/National_Archives.gov.uk-problematic.xml b/src/chrome/content/rules/National_Archives.gov.uk-problematic.xml
new file mode 100644
index 000000000000..4e8bb3e5239d
--- /dev/null
+++ b/src/chrome/content/rules/National_Archives.gov.uk-problematic.xml
@@ -0,0 +1,13 @@
+<!--
+	For rules that are on by default, see NationalArchivesGovUK.xml.
+
+-->
+<ruleset name="National Archives.gov.uk (problematic)" default_off="expired, untrusted root">
+
+	<target host="labs.nationalarchives.gov.uk" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/National_Bureau_of_Economic_Research.xml b/src/chrome/content/rules/National_Bureau_of_Economic_Research.xml
index df64cdb01501..43b105be2da9 100644
--- a/src/chrome/content/rules/National_Bureau_of_Economic_Research.xml
+++ b/src/chrome/content/rules/National_Bureau_of_Economic_Research.xml
@@ -1,10 +1,10 @@
 <ruleset name="National Bureau of Economic Research">
 
 	<target host="nber.org" />
-	<target host="*.nber.org" />
+	<target host="img.nber.org" />
+	<target host="www.nber.org" />
 
 
-	<rule from="^http://(img\.|www\.)?nber\.org/"
-		to="https://$1nber.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/National_Consumer_Protection_Week.xml b/src/chrome/content/rules/National_Consumer_Protection_Week.xml
deleted file mode 100644
index 50e6076a74ed..000000000000
--- a/src/chrome/content/rules/National_Consumer_Protection_Week.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	For other U.S. government coverage, see US-government.xml.
-
-
-	Problematic domains:
-
-		- ^ncpw.gov		(mismatched)
-		- military.ncpw.gov	(expired 2012-10-19, self-signed, CN: ftc.gov)
-
--->
-<ruleset name="National Consumer Protection Week">
-
-	<target host="ncpw.gov" />
-	<target host="*.ncpw.gov" />
-	<target host="protecciondelconsumidor.gov" />
-	<target host="www.protecciondelconsumidor.gov" />
-
-
-	<rule from="^http://(?:www\.)?(ncpw|protecciondelconsumidor)\.gov/"
-		to="https://www.$1.gov/" />
-
-	<rule from="^http://(?:www\.)?military\.ncpw\.gov/"
-		to="https://www.military.ncpw.gov/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/National_Geographic.com.xml b/src/chrome/content/rules/National_Geographic.com.xml
new file mode 100644
index 000000000000..36a6fc440cf5
--- /dev/null
+++ b/src/chrome/content/rules/National_Geographic.com.xml
@@ -0,0 +1,89 @@
+<!--
+	CDN buckets:
+		- nationalgeographic.desk.com
+		- natgeo.edgeboss.net
+		- dotcom-media.nationalgeographic.com.edgesuite.net
+			- a1843.g1.akamai.net
+		- images.nationalgeographic.com.edgesuite.net
+			- a1621.g.akamai.net
+		- kids.nationalgeographic.com.edgesuite.net
+			- a1966.b.akamai.net
+		- news.nationalgeographic.com.edgesuite.net
+			- a1420.g.akamai.net
+		- t.p.mybuys.com/clients/NATIONALGEOGRAPHIC/
+		- s7d2.scene7.com/is/image/NationalGeographic/
+
+	Redirects to HTTP:
+		- channel
+		- media-channel (Redirects to channel)
+		- tvblogs (Redirects to channel)
+
+	Invalid certificate:
+		- adventureblog
+		- environment
+		- help
+		- metric
+		- newswatch
+		- ngm
+		- photography
+		- travel
+		- yourshotblog
+
+	502 proxy error:
+		- images
+
+	Mixed content:
+		- archive (Example: https://archive.nationalgeographic.com/?iid=133596#folio=CV1)
+		- news
+			- Images, from:
+				- avatars.fyre.co *
+				- zor.fyre.co *
+			- Ads/web bugs, from:
+				- b.comcardresearch.com *
+				- loadus.exelator.com *
+				- cdn.gigya.com *
+				- www.googleadservices.com *
+	* Secured by us
+
+	No working URL known:
+		- media-yourshot
+
+	Time out:
+		- nationalgeographic.com *
+
+	* Standard rule times out over HTTPS, new rule redirects to https://www.nationalgeographic.com/
+
+-->
+<ruleset name="National Geographic">
+
+	<target host="nationalgeographic.com" />
+	<target host="www.nationalgeographic.com" />
+	<target host="digitalnomad.nationalgeographic.com" />
+	<target host="events.nationalgeographic.com" />
+	<target host="genographic.nationalgeographic.com" />
+	<target host="intelligenttravel.nationalgeographic.com" />
+	<target host="kids.nationalgeographic.com" />
+	<target host="media-members.nationalgeographic.com" />
+		<test url="http://media-members.nationalgeographic.com/static-media/img/favicon.ico" />
+	<target host="media-mmdb.nationalgeographic.com" />
+		<test url="http://media-mmdb.nationalgeographic.com/static-media/img/favicon.ico" />
+	<target host="members.nationalgeographic.com" />
+	<target host="metrics.nationalgeographic.com" />
+	<target host="mmdb.nationalgeographic.com" />
+	<target host="mshop.nationalgeographic.com" />
+	<target host="news.nationalgeographic.com" />
+	<target host="press.nationalgeographic.com" />
+	<target host="shop.nationalgeographic.com" />
+	<target host="video.nationalgeographic.com" />
+
+	<!--	Tracking cookies:
+					-->
+	<securecookie host="^\.nationalgeographic\.com$" name="^(gpv_p\d+|s_\w+|__utm)?\w$" />
+
+	<rule from="^http://nationalgeographic\.com/"
+		to="https://www.nationalgeographic.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/National_Geographic.xml b/src/chrome/content/rules/National_Geographic.xml
deleted file mode 100644
index ba95c14e2b61..000000000000
--- a/src/chrome/content/rules/National_Geographic.xml
+++ /dev/null
@@ -1,150 +0,0 @@
-<!--
-	CDN buckets:
-
-		- nationalgeographic.com.112.2o7.net
-
-			- metric.nationalgeographic.com
-
-		- nationalgeographic.desk.com
-		- natgeo.edgeboss.net
-
-		- dotcom-media.nationalgeographic.com.edgesuite.net
-
-			- a1843.g1.akamai.net
-
-		- images.nationalgeographic.com.edgesuite.net
-
-			- a1621.g.akamai.net
-
-		- kids.nationalgeographic.com.edgesuite.net
-
-			- a1966.b.akamai.net
-
-		- news.nationalgeographic.com.edgesuite.net
-
-			- a1420.g.akamai.net
-
-		- t.p.mybuys.com/clients/NATIONALGEOGRAPHIC/
-		- s7d2.scene7.com/is/image/NationalGeographic/
-
-
-	Nonfunctional subdomains:
-
-		- adventureblog *
-		- digitalnomad *
-		- greenliving	(503, akamai)
-		- help		(redirects to http, desk.com)
-		- intelligenttravel *
-		- newswatch
-		- ngm		(504, akamai)
-		- tvblogs *
-
-	* Refused
-
-
-	Problematic domains:
-
-		nationalgeographic.com subdomains:
-
-			- dotcom-media *
-			- environment *
-			- images *
-			- kids *
-			- metric	(2o7.net)
-			- news *
-			- photography *
-			- travel *
-			- video *
-			- yourshot *
-			- www		(redirects to travel, akamai)
-
-		- s.ngeo.com *
-
-	* Works, akamai
-
-
-	Partially covered subdomains:
-
-		- (www.)	(→ www-s)
-		- kids		(→ akamai, avoiding user-visible paths)
-		- news		(→ akamai, some paths 404)
-		- mshop *
-		- shop *
-
-	* Some pages redirect to http
-
-
-	Fully covered subdomains:
-
-		- channel
-		- dotcom-media	(→ akamai)
-		- donate
-		- genographic
-		- images	(→ akamai)
-		- media-channel
-		- media-members
-		- media-mmdb
-		- media-yourshot
-		- members
-		- metric	(→ nationalgeographic-com.112.2o7.net)
-		- metrics
-		- mmdb
-		- natgeotv
-		- stage.natgeotv
-		- www-s
-
--->
-<ruleset name="National Geographic (partial)">
-
-	<target host="nationalgeographic.com" />
-	<target host="*.nationalgeographic.com" />
-		<!--
-			Avoid user-visible paths:
-							-->
-		<!--exclusion pattern="^http://kids\.nationalgeographic.com/(?!exposure/core_media/|fastfacts/get_json_fact_list/|favicon\.ico|sites/)" /-->
-		<!--
-			404 when rewritten:
-						-->
-		<!--exclusion pattern="^http://news\.nationalgeographic\.com/(images/|news/ax/|news/images/)" /-->
-		<!--
-			Some pages redirect to http:
-							-->
-		<!--exclusion pattern="^http://mshop\.nationalgeographic\.com/(?!favicon\.ico|html/|images/|javascript/|ngs/m/myaccount/login\.jsp|omniture/)" /-->
-		<!--exclusion pattern="^http://shop\.nationalgeographic\.com/(?!css/|favicon\.ico|html/|images/|javascript/|ngs/myaccount/login\.jsp|omniture/|pwr/)" /-->
-		<exclusion pattern="^http://m?shop\.nationalgeographic\.com/(?!css/|favicon\.ico|html/|images/|javascript/|ngs/(?:m/)?myaccount/login\.jsp|omniture/|pwr/)" />
-
-
-	<!--	Tracking cookies:
-					-->
-	<securecookie host="^\.nationalgeographic\.com$" name="^(?:gpv_p\d+|s_\w+|__utm)\w$" />
-	<securecookie host="^donate\.nationalgeographic\.com$" name=".+" />
-
-
-	<!--	$ is linked to from the footer of channel ("HOME"). Rewriting
-		$ to www-s saves us from having to use a downgrade rule:
-										-->
-	<rule from="^https?://(?:www\.)?nationalgeographic\.com/($|\?|leaderboard/quiz/)"
-		to="https://www-s.nationalgeographic.com/$1" />
-
-	<rule from="^http://(channel|donate|genographic|media-(?:channel|members|mmdb|yourshot)|members|metrics|mmdb|m?shop|(?:stage\.)?natgeotv|www-s)\.nationalgeographic\.com/"
-		to="https://$1.nationalgeographic.com/" />
-
-	<rule from="^http://dotcom-media\.nationalgeographic\.com/"
-		to="https://a248.e.akamai.net/f/1843/2965/3/dotcom-media.nationalgeographic.com/" />
-
-	<!--	All stylesheets appear to link images relative to themselves,
-		so a blanket rewrite should work properly:
-								-->
-	<rule from="^http://images\.nationalgeographic\.com/"
-		to="https://a248.e.akamai.net/f/1621/2601/6h/images.nationalgeographic.com/" />
-
-	<rule from="^http://kids\.nationalgeographic\.com/(?=exposure/core_media/|fastfacts/get_json_fact_list/|favicon\.ico|sites/)"
-		to="https://a248.e.akamai.net/f/1966/8789/10f/kids.nationalgeographic.com/" />
-
-	<rule from="^http://metric\.nationalgeographic\.com/"
-		to="https://nationalgeographic-com.112.2o7.net/" />
-
-	<rule from="^http://news\.nationalgeographic\.com/exposure/core_media/"
-		to="https://a248.e.akamai.net/f/1420/6828/10/news.nationalgeographic.com/exposure/core_media/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/National_Grid.xml b/src/chrome/content/rules/National_Grid.xml
index 0cc8af6d47ad..d17f0bbb9928 100644
--- a/src/chrome/content/rules/National_Grid.xml
+++ b/src/chrome/content/rules/National_Grid.xml
@@ -1,9 +1,44 @@
-<ruleset name="National Grid">
-    <target host="nationalgrid.com" />
-    <target host="*.nationalgrid.com" />
-
-    <rule from="^https?://nationalgrid\.com/"
-        to="https://www.nationalgrid.com/"/>
-    <rule from="^http://([^/:@]+)?\.nationalgrid\.com/"
-        to="https://$1.nationalgrid.com/" />
+<!--
+	Problematic domains:
+
+		- ^ ¹³
+		- www ¹
+
+		- agm ³
+		- beforeyoudig ³
+		- careers ²
+		- ecm ⁶
+		- fes ⁴
+		- investors ³
+		- ir ³
+		- kingslynnconsultation ⁵
+		- media ⁴
+		- www2 ²
+
+	¹: Redirect to www2
+	²: Connection refused
+	³: Mismatched
+	⁴: Timeout
+	⁵: Expired
+	⁶: Connection refused on port 80
+-->
+<ruleset name="National Grid (partial)">
+
+	<target host="nationalgrid.com" />
+	<target host="www.nationalgrid.com" />
+
+	<target host="beforeyoudig.nationalgrid.com" />
+	<target host="www.beforeyoudig.nationalgrid.com" />
+	<target host="ecm.nationalgrid.com" />
+	<target host="m.nationalgrid.com" />
+
+	<rule from="^http://nationalgrid\.com/"
+		to="https://www.nationalgrid.com/" />
+
+	<rule from="^http://beforeyoudig\.nationalgrid\.com/"
+		to="https://www.beforeyoudig.nationalgrid.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/National_Institute_for_Social_Media.xml b/src/chrome/content/rules/National_Institute_for_Social_Media.xml
index 2063c6d268c4..fbd5a1c0e97f 100644
--- a/src/chrome/content/rules/National_Institute_for_Social_Media.xml
+++ b/src/chrome/content/rules/National_Institute_for_Social_Media.xml
@@ -1,13 +1,12 @@
 <ruleset name="National Institute for Social Media">
 
 	<target host="nismonline.org" />
-	<target host="*.nismonline.org" />
+	<target host="www.nismonline.org" />
 
 
 	<securecookie host="^(?:w*\.)?nismonline\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?nismonline\.org/"
-		to="https://$1nismonline.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/National_Oceanic_and_Atmospheric_Administration.xml b/src/chrome/content/rules/National_Oceanic_and_Atmospheric_Administration.xml
index 567f1c75126b..7d64a673afb7 100644
--- a/src/chrome/content/rules/National_Oceanic_and_Atmospheric_Administration.xml
+++ b/src/chrome/content/rules/National_Oceanic_and_Atmospheric_Administration.xml
@@ -1,30 +1,114 @@
+
 <!--
-	For other U.S. government coverage, see US-government.xml.
+Disabled by https-everywhere-checker because:
+Fetch error: http://nes.ncdc.noaa.gov/ => https://nes.ncdc.noaa.gov/: (51, "SSL: no alternative certificate subject name matches target host name 'nes.ncdc.noaa.gov'")
+
+	National Oceanic and Atmospheric Administration
+
+
+
+	Nonfunctional hosts in *noaa.gov:
+
+		- (www.)? ¹
+		- www.aoml ²
+		- www.careers ¹
+		- www.cio ¹
+		- www.corporateservices ¹
+		- www.goes ¹
+		- habsos ³
+		- www.history ¹
+		- www.legislative ¹
+		- www.lib ⁴
+		- ecowatch.ncddc ³
+		- service.ncddc ⁵
+		- www.ncddc ³
+		- nomads.ncep ²
+		- www.nesdis ⁵
+		- www.nesdisia ¹
+		- spidr.ngdc ²
+		- www.nnvl ¹
+		- noaanews
+		- www.noaanews ¹
+		- www.nws ⁶
+		- oceanservice ¹
+		- www.ospo ²
+		- www.photolib ¹
+		- www.rdc ¹
+
+	¹ Times out
+	² Refused
+	³ Redirects to http
+	⁴ Data differ
+	⁵ 401
+	⁶ 503, Akamai
+
+
+	Problematic hosts in *noaa.gov:
+
+		- www.star.nesdis ¹ ²
+
+	¹ Mixed css
+	² Untrusted root
+
 
+	These altnames don't exist:
 
-	Cert only matches www.ncdc
+		- nodc.noaa.gov
 
 
-	Nonfunctional subdomains:
+	Insecure cookies are set for these hosts:
 
-		- (www.)noaa.gov *
-		- maps.ngdc.noaa.gov
-		- noaanews.noaa.gov
-		- www.noaanews.noaa.gov *
+		- nsd.rdc.noaa.gov
 
-	* Times out
+
+	Mixed content:
+
+		- css on www.star.nesdis from $self
+
+		- Image, on:
+
+			- gis.ncdc from www.adobe.com *
+			- www.star.nesdis from $self
+			- map.ngdc from www.ngdc.noaa.gov *
+
+	* Secured by us
 
 -->
-<ruleset name="National Oceanic and Atmospheric Administration (partial)">
+<ruleset name="NOAA.gov (partial)" default_off="failed ruleset test">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="ncdc.noaa.gov" />
+
+	<target host="gis.ncdc.noaa.gov" />
+	<target host="nes.ncdc.noaa.gov" />
 	<target host="www.ncdc.noaa.gov" />
 
+	<target host="ncei.noaa.gov" />
+	<target host="www.ncei.noaa.gov" />
+	<target host="ngdc.noaa.gov" />
 
-	<securecookie host="^www\.ncdc\.noaa\.gov$" name=".+" />
+	<target host="gis.ngdc.noaa.gov" />
+	<target host="maps.ngdc.noaa.gov" />
+	<target host="www.ngdc.noaa.gov" />
 
+	<target host="data.nodc.noaa.gov" />
+	<target host="www.nodc.noaa.gov" />
+	<target host="nsd.rdc.noaa.gov" />
+	<target host="tidesandcurrents.noaa.gov" />
 
-	<rule from="^https?://(?:www\.)?ncdc\.noaa\.gov/"
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^nsd\.rdc\.noaa\.gov$" name="^JSESSIONID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://ncdc\.noaa\.gov/"
 		to="https://www.ncdc.noaa.gov/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/National_Park_Service.xml b/src/chrome/content/rules/National_Park_Service.xml
index 61e27891ec1a..7739f773843c 100644
--- a/src/chrome/content/rules/National_Park_Service.xml
+++ b/src/chrome/content/rules/National_Park_Service.xml
@@ -1,23 +1,23 @@
+
 <!--
-	For other U.S. government coverage, see US-government.xml.
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.science.nature.nps.gov/ => https://www.science.nature.nps.gov/: (6, 'Could not resolve host: www.science.nature.nps.gov')
+Fetch error: http://www.npssa.nps.gov/ => https://www.npssa.nps.gov/: (6, 'Could not resolve host: www.npssa.nps.gov')
+
+	National Park Service
+
 
 
 	Nonfunctional subdomains:
 
-		- ^ *
 		- consessions **
-		- cr **
 		- focus **
 		- nrhp.focus **
 		- home *
 		- image1 **
 		- www.itd	(503; mismatched, CN: *.nps.gov)
-		- maps **
-		- mms *
-		- nature	(404, valid cert)
 		- npsfocus **
 		- watertrails **
-		- www **
 
 	* 503, valid cert
 	** Times out
@@ -27,16 +27,80 @@
 
 		- hfc		(works; mismatched, CN: zionpermits.nps.gov)
 
+
+	STS header includes includeSubdomains
+	for nature, science.nature, www.nature, www.npssa
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- .nps.gov
+		- .nature.nps.gov
+		- science.nature.nps.gov
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Images on www.ncptt from ncptt.nps.gov ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
 -->
-<ruleset name="National Park Service (partial)">
+<ruleset name="NPS.gov (partial)" default_off="failed ruleset test">
+
+	<target host="nps.gov" /><!--	for future commit -->
+	<target host="cr.nps.gov" /><!--	for future commit -->
+	<target host="irma.nps.gov" />
+	<target host="irmafiles.nps.gov" /><!--	for future commit -->
+	<target host="nature.nps.gov" /><!--	for future commit -->
+	<target host="*.nature.nps.gov" /><!--	for future commit -->
+	<target host="ncptt.nps.gov" />
+	<target host="www.ncptt.nps.gov" /><!--	for future commit -->
+	<target host="npssa.nps.gov" />
+	<target host="*.npssa.nps.gov" /><!--	for future commit -->
+	<target host="parkplanning.nps.gov" />
+	<target host="pepc.nps.gov" />
+	<target host="zionpermits.nps.gov" />
+	<target host="www.nps.gov" /><!--	for future commit -->
+
+		<!--	includeSubdomains applies to one level only, so:
+									-->
+		<exclusion pattern="^http://(?![^.]+\.science\.nature\.nps\.gov/)(?:[^.]+\.){2,}nature\.nps\.gov/" />
+
+			<!--	+ve:
+					-->
+			<test url="http://this.host.nature.nps.gov/" />
+			<test url="http://exists.not.nature.nps.gov/" />
+			<test url="http://this.host.science.nature.nps.gov/" />
+			<test url="http://exists.not.science.nature.nps.gov/" />
+
+		<!--	includeSubdomains applies to one level only, so:
+									-->
+		<exclusion pattern="^http://(?:[^.]+\.){2,}npssa\.nps\.gov/" />
+
+			<!--	+ve:
+					-->
+			<test url="http://this.host.npssa.nps.gov/" />
+			<test url="http://exists.not.npssa.nps.gov/" />
+
+		<test url="http://irmafiles.nps.gov/WebContentV2/ThirdParty/extJs/ext-4.2.1/resources/css/ext-all-gray.css" /><!--	58 -->
+
+		<test url="http://www.nature.nps.gov/" />
+		<test url="http://www.science.nature.nps.gov/" />
+		<test url="http://www.npssa.nps.gov/" />
 
-	<target host="*.nps.gov" />
 
+	<!--	Not secured by server:
+					-->
+	<securecookie host="^\.(?:nature\.)?nps\.gov$" name="^def_cookie_id$" />
+	<securecookie host="^science\.nature\.nps\.gov$" name="^CF(?:GLOBALS|ID|TOKEN)$" />
 
-	<securecookie host="^.+\.nps\.gov$" name=".+" />
+	<securecookie host=".\.nps\.gov$" name=".+" />
 
 
-	<rule from="^http://(irma|science\.nature|ncptt|npssa|parkplanning|pepc|zionpermits)\.nps\.gov/"
-		to="https://$1.nps.gov/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/National_Priorities.org.xml b/src/chrome/content/rules/National_Priorities.org.xml
new file mode 100644
index 000000000000..74266c0aa1a5
--- /dev/null
+++ b/src/chrome/content/rules/National_Priorities.org.xml
@@ -0,0 +1,11 @@
+<ruleset name="National Priorities.org">
+
+	<target host="nationalpriorities.org" />
+	<target host="media.nationalpriorities.org" />
+	<target host="static.nationalpriorities.org" />
+	<target host="www.nationalpriorities.org" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/National_Transport_Safety_Board.xml b/src/chrome/content/rules/National_Transport_Safety_Board.xml
deleted file mode 100644
index dbf6128ae0c4..000000000000
--- a/src/chrome/content/rules/National_Transport_Safety_Board.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	For other U.S. government coverage, see US-government.xml.
-
-
-	Cert only matches www
-
--->
-<ruleset name="National Transport Safety Board">
-
-	<target host="ntsb.gov" />
-	<target host="www.ntsb.gov" />
-
-
-	<rule from="^https?://(?:www\.)?ntsb\.gov/"
-		to="https://www.ntsb.gov/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/National_Travel_Health_Network_and_Centre.xml b/src/chrome/content/rules/National_Travel_Health_Network_and_Centre.xml
index 8ede2ca9f441..36cb99eb3e6d 100644
--- a/src/chrome/content/rules/National_Travel_Health_Network_and_Centre.xml
+++ b/src/chrome/content/rules/National_Travel_Health_Network_and_Centre.xml
@@ -1,8 +1,14 @@
-<ruleset name="National Travel Health Network and Centre (NaTHNaC)">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://nathnac.org/ => https://www.nathnac.org/: (35, 'Unknown SSL protocol error in connection to www.nathnac.org:443 ')
+
+-->
+<ruleset name="National Travel Health Network and Centre (NaTHNaC)" default_off="failed ruleset test">
     <target host="nathnac.org" />
     <target host="*.nathnac.org" />
 
-    <rule from="^https?://nathnac\.org/"
+    <rule from="^http://nathnac\.org/"
         to="https://www.nathnac.org/" />
     <rule from="^http://([^/:@]+)?\.nathnac\.org/"
         to="https://$1.nathnac.org/" />
diff --git a/src/chrome/content/rules/National_Wildlife_Foundation.xml b/src/chrome/content/rules/National_Wildlife_Foundation.xml
index c3d5ca584589..b559c8e21d0e 100644
--- a/src/chrome/content/rules/National_Wildlife_Foundation.xml
+++ b/src/chrome/content/rules/National_Wildlife_Foundation.xml
@@ -1,27 +1,81 @@
 <!--
-	Nonfunctional subdomains:
+	Refused:
+		action.nwf.org
+		affiliates.nwf.org
+		annualreport.nwf.org
+		blog.nwf.org
+		blogs.nwf.org
+		cardshop.nwf.org
+		extranet.nwf.org
+		gulfrestoration.nwf.org
+		international.nwf.org
+		keepitpublic.nwf.org
+		legacy.nwf.org
+		nationalwildlifefederation.nwf.org
+		nationalwildlifefederationuat.nwf.org
+		naturalist.nwf.org
+		nwf.nwf.org
+		photos.nwf.org
+		poll.nwf.org
+		restorethegulf.nwf.org
+		secure.nwf.org
+		wildlifeacre.nwf.org
 
-		- blog
+	Private subdomain:
+		citrix.nwf.org
+		owa.nwf.org
 
+	Different content http/https:
+		email.nwf.org
+		search.nwf.org
 
-	Problematic subdomains:
+	Secure connection failed:
+		jira.nwf.org:8080
 
-		- ^	(cert only matches www)
+	Redirect to http:
+		online.nwf.org
+
+	Refused:
+		tweetmixx.nwf.org
 
 -->
-<ruleset name="National Wildlife Foundation (partial)">
+<ruleset name="National Wildlife Foundation">
 
 	<target host="nwf.org" />
-	<target host="*.nwf.org" />
+	<target host="www.nwf.org" />
+	<target host="affiliates.nwf.org" />
+	<target host="cardshop.nwf.org" />
+	<target host="leaders.nwf.org" />
+	<target host="legacy.nwf.org" />
+	<target host="photocontest.nwf.org" />
+	<target host="photos.nwf.org" />
+	<target host="securepay.nwf.org" />
+	<target host="wildlifeacre.nwf.org" />
+
+	<target host="cardshopnwf.org" />
+	<target host="www.cardshopnwf.org" />
 
+	<target host="shopnwf.org" />
+	<target host="www.shopnwf.org" />
 
 	<securecookie host="^www\.nwf\.org$" name=".+" />
 
+	<rule from="^http://affiliates\.nwf\.org/"
+		to="https://www.nwf.org/Who-We-Are/Affiliate-Partnership.aspx" />
+
+	<rule from="^http://cardshop\.nwf\.org/"
+		to="https://www.cardshopnwf.org/" />
+
+	<rule from="^http://legacy\.nwf\.org/"
+		to="https://www.nwf.org/Legacy.aspx" />
+
+	<rule from="^http://photos\.nwf\.org/"
+		to="https://www.nwf.org/News-and-Magazines/National-Wildlife/PhotoZone.aspx" />
 
-	<rule from="^https?://(?:www\.)?nwf\.org/"
-		to="https://www.nwf.org/" />
+	<rule from="^http://wildlifeacre\.nwf\.org/"
+		to="https://www.nwf.org/Wildlife/Adopt-a-Wildlife-Acre.aspx" />
 
-	<rule from="^http://online\.nwf\.org/(?!site/PageServer)"
-		to="https://online.nwf.org/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Nationale-IT-Security-Monitor.nl.xml b/src/chrome/content/rules/Nationale-IT-Security-Monitor.nl.xml
new file mode 100644
index 000000000000..36b738db99de
--- /dev/null
+++ b/src/chrome/content/rules/Nationale-IT-Security-Monitor.nl.xml
@@ -0,0 +1,21 @@
+<!--
+	CN: Parallels Panel
+
+
+	Mixed content:
+
+		- Images from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Nationale-IT-Security-Monitor.nl" default_off="self-signed">
+
+	<target host="nationale-it-security-monitor.nl" />
+	<target host="www.nationale-it-security-monitor.nl" />
+
+
+	<rule from="^http://(?:www\.)?nationale-it-security-monitor\.nl/"
+		to="https://nationale-it-security-monitor.nl/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Nationalserviceresources.org.xml b/src/chrome/content/rules/Nationalserviceresources.org.xml
index 08886f0dc3e2..c13a2957ec24 100644
--- a/src/chrome/content/rules/Nationalserviceresources.org.xml
+++ b/src/chrome/content/rules/Nationalserviceresources.org.xml
@@ -1,4 +1,14 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://americorpsconnect.org/ => https://www.americorpsconnect.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.americorpsconnect.org'")
+Fetch error: http://www.americorpsconnect.org/ => https://www.americorpsconnect.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.americorpsconnect.org'")
+Fetch error: http://nationalserviceresources.org/ => https://www.nationalserviceresources.org/: (7, 'Failed to connect to www.nationalserviceresources.org port 443: Connection refused')
+Fetch error: http://www.nationalserviceresources.org/ => https://www.nationalserviceresources.org/: (7, 'Failed to connect to www.nationalserviceresources.org port 443: Connection refused')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://nationalserviceresources.org/ => https://www.nationalserviceresources.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.nationalserviceresources.org'")
+Fetch error: http://www.nationalserviceresources.org/ => https://www.nationalserviceresources.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.nationalserviceresources.org'")
 	Problematic domains:
 
 		- americorpsconnect.org *
@@ -7,7 +17,7 @@
 	* Mismatched, CN: acquia-sites.com
 
 -->
-<ruleset name="nationalserviceresources.org">
+<ruleset name="nationalserviceresources.org" default_off="failed ruleset test">
 
 	<target host="americorpsconnect.org" />
 	<target host="www.americorpsconnect.org" />
@@ -18,4 +28,4 @@
 	<rule from="^http://(?:www\.)?(americorpsconnect|nationalserviceresources)\.org/"
 		to="https://www.$1.org/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Nationwide.xml b/src/chrome/content/rules/Nationwide.xml
index 9d9842e2f0d6..12e6a623ef9d 100644
--- a/src/chrome/content/rules/Nationwide.xml
+++ b/src/chrome/content/rules/Nationwide.xml
@@ -1,4 +1,13 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://olb2.nationet.com/ => https://olb2.nationet.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://olb.nationwideuk.ie/ => https://olb.nationwideuk.ie/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://olb2.nationet.com/ => https://olb2.nationet.com/: (35, 'Unknown SSL protocol error in connection to olb2.nationet.com:443 ')
+Fetch error: http://olb.nationwideinternational.com/ => https://olb.nationwideinternational.com/: (28, 'Connection timed out after 10001 milliseconds')
+Fetch error: http://olb.nationwideuk.ie/ => https://olb.nationwideuk.ie/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 	Nonfunctional domains:
 
 		- nationwide.co.uk subdomains:
@@ -19,10 +28,13 @@
 		- nationwide-jobs.co.uk		(cert only matches www)
 
 -->
-<ruleset name="Nationwide Building Society (partial)">
+<ruleset name="Nationwide Building Society (partial)" default_off="failed ruleset test">
 
 	<target host="olb2.nationet.com" />
-	<target host="*.nationwide.co.uk" />
+	<target host="metrics.nationwide.co.uk" />
+	<target host="onlinebanking.nationwide.co.uk" />
+	<target host="savings.nationwide.co.uk" />
+	<target host="securemail.nationwide.co.uk" />
 	<target host="olb.nationwideinternational.com" />
 	<target host="nationwide-jobs.co.uk" />
 	<target host="www.nationwide-jobs.co.uk" />
@@ -38,19 +50,14 @@
 	<securecookie host="^www\.nationwide-jobs\.co\.uk$" name=".+" />
 
 
-	<rule from="^http://olb2\.nationet\.com/"
-		to="https://olb2.nationet.com/" />
 
-	<rule from="^https?://metrics\.nationwide\.co\.uk/"
+	<rule from="^http://metrics\.nationwide\.co\.uk/"
 		to="https://nationwide-co-uk.d2.sc.omtrdc.net/" />
 
-	<rule from="^http://(onlinebanking|savings|securemail)\.nationwide\.co\.uk/"
-		to="https://$1.nationwide.co.uk/" />
 
-	<rule from="^https?://(?:www\.)?nationwide-jobs\.co\.uk/"
+	<rule from="^http://(?:www\.)?nationwide-jobs\.co\.uk/"
 		to="https://www.nationwide-jobs.co.uk/" />
 
-	<rule from="^http://olb\.nationwide(international\.com|uk\.ie)/"
-		to="https://olb.nationwide$1/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Nativo.net.xml b/src/chrome/content/rules/Nativo.net.xml
index 5d81767afe51..a8a3f104f803 100644
--- a/src/chrome/content/rules/Nativo.net.xml
+++ b/src/chrome/content/rules/Nativo.net.xml
@@ -1,7 +1,10 @@
+
 <!--
-	Other Nativo rulesets:
+Disabled by https-everywhere-checker because:
+Fetch error: http://beta.nativo.net/ => https://beta.nativo.net/: (6, 'Could not resolve host: beta.nativo.net')
 
-		- Postrelease.com.xml
+	For other Nativo coverage, see:
+		+ Ntv.io.xml
 
 
 	Partially covered subdomains:
@@ -11,30 +14,18 @@
 
 	Fully covered subdomains:
 
+		- admin
 		- beta
 
 -->
-<ruleset name="Nativo.net">
-
+<ruleset name="Nativo.net (partial)" default_off="failed ruleset test">
 	<target host="nativo.net" />
-	<target host="*.nativo.net" />
-
-
-	<securecookie host="^beta\.nativo\.net$" name=".+" />
-
-
-	<!--	^ redirects to www over http,
-		so copy that behavior:
-					-->
-	<rule from="^http://(?:www\.)?nativo\.net/(?=favicon\.ico|v2/)"
-		to="https://www.nativo.net/" />
+	<target host="www.nativo.net" />
+	<target host="admin.nativo.net" />
+	<target host="beta.nativo.net" />
 
-	<!--	Redirects to http first:
-					-->
-	<rule from="^http://beta\.nativo\.net/(?:\?.*)?$"
-		to="https://beta.nativo.net/Account/Login" />
+	<securecookie host="^(?:admin|beta)\.nativo\.net$" name=".+" />
 
-	<rule from="^http://beta\.nativo\.net/"
-		to="https://beta.nativo.net/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Natl-American-Arab-Nursing-Assn.xml b/src/chrome/content/rules/Natl-American-Arab-Nursing-Assn.xml
index 758a94d9e702..de332b2ae2f4 100644
--- a/src/chrome/content/rules/Natl-American-Arab-Nursing-Assn.xml
+++ b/src/chrome/content/rules/Natl-American-Arab-Nursing-Assn.xml
@@ -1,6 +1,12 @@
-<ruleset name="National American Arab Nursing Association">
+<!--
+	Non-functional hosts:
+		Certificate mismatched:
+		- ^
+		- www
+-->
+<ruleset name="National American Arab Nursing Association" default_off="cert-invalid">
 	<target host="n-aana.org" />
 	<target host="www.n-aana.org" />
 
-	<rule from="^(http://(www\.)?|https://www\.)n-aana\.org/" to="https://n-aana.org/" />
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Natl-Childrens-Leukemia-Foundation.xml b/src/chrome/content/rules/Natl-Childrens-Leukemia-Foundation.xml
index a8e795e72117..e79c56b7292e 100644
--- a/src/chrome/content/rules/Natl-Childrens-Leukemia-Foundation.xml
+++ b/src/chrome/content/rules/Natl-Childrens-Leukemia-Foundation.xml
@@ -1,11 +1,21 @@
-<ruleset name="National Children's Leukemia Foundation">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://leukemiafoundation.org/ => https://www.leukemiafoundation.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.leukemiafoundation.org'")
+Fetch error: http://www.leukemiafoundation.org/ => https://www.leukemiafoundation.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.leukemiafoundation.org'")
+
+-->
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://leukemiafoundation.org/ => https://www.leukemiafoundation.org/: (28, 'Connection timed out after 10000 milliseconds')
+Fetch error: http://www.leukemiafoundation.org/ => https://www.leukemiafoundation.org/: (28, 'Connection timed out after 10001 milliseconds')
+
+-->
+<ruleset name="National Children's Leukemia Foundation" default_off="failed ruleset test">
 	<target host="leukemiafoundation.org" />
 	<target host="www.leukemiafoundation.org" />
 
-	<rule from="^http://(www\.)?leukemiafoundation\.org/" to="https://www.leukemiafoundation.org/" />
+	<rule from="^http://(?:www\.)?leukemiafoundation\.org/" to="https://www.leukemiafoundation.org/" />
 
-	<!-- Invoking https://leukemiafoundation.org/ produces a
-	certificate error, so redirect https://leukemiafoundation.org/
-	to https://www.leukemiafoundation.org/ -->
-	<rule from="^https://leukemiafoundation\.org/" to="https://www.leukemiafoundation.org/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Natl-Eating-Disorders-Assoc.xml b/src/chrome/content/rules/Natl-Eating-Disorders-Assoc.xml
deleted file mode 100644
index c30033916d17..000000000000
--- a/src/chrome/content/rules/Natl-Eating-Disorders-Assoc.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="National Eating Disorders Association">
-	<target host="nationaleatingdisorders.org" />
-	<target host="www.nationaleatingdisorders.org" />
-
-	<exclusion pattern="^http://(www.)?nationaleatingdisorders\.org/photo-gallery/" />
-	<!-- The page at [http://www.nationaleatingdisorders.org/photo-gallery/index.php] refers
-	to the file [http://www.nationaleatingdisorders.org/include/gallery/js/gallery_listing.js].
-	The gallery_listing.js file refers to a file under the /cmtadmin/ directory. -->
-	<exclusion pattern="^http://(www.)?nationaleatingdisorders\.org/cmtadmin/" />
-
-	<rule from="^(http://(www\.)?|https://)nationaleatingdisorders\.org/" to="https://www.nationaleatingdisorders.org/" />
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Natl-Federation-of-the-Blind.xml b/src/chrome/content/rules/Natl-Federation-of-the-Blind.xml
index 0e7226c7a50d..9021dfba9e5c 100644
--- a/src/chrome/content/rules/Natl-Federation-of-the-Blind.xml
+++ b/src/chrome/content/rules/Natl-Federation-of-the-Blind.xml
@@ -2,6 +2,5 @@
 	<target host="nfb.org" />
 	<target host="www.nfb.org" />
 
-	<rule from="^(http://|https?://www\.)nfb\.org/"
-		to="https://nfb.org/" />
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Natl-Suicide-Prevention-Lifeline.xml b/src/chrome/content/rules/Natl-Suicide-Prevention-Lifeline.xml
deleted file mode 100644
index 7e1175b2f782..000000000000
--- a/src/chrome/content/rules/Natl-Suicide-Prevention-Lifeline.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="National Suicide Prevention Lifeline" platform="mixedcontent">
-	<target host="suicidepreventionlifeline.org" />
-	<target host="www.suicidepreventionlifeline.org" />
-
-	<rule from="^http://(?:www\.)?suicidepreventionlifeline\.org/" to="https://www.suicidepreventionlifeline.org/" />
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Natl-Vulvodynia-Association.xml b/src/chrome/content/rules/Natl-Vulvodynia-Association.xml
index 24ac59100358..329543b91f2d 100644
--- a/src/chrome/content/rules/Natl-Vulvodynia-Association.xml
+++ b/src/chrome/content/rules/Natl-Vulvodynia-Association.xml
@@ -2,5 +2,5 @@
 	<target host="nva.org" />
 	<target host="www.nva.org" />
 
-	<rule from="^(http://(www\.)?|https://)nva\.org/" to="https://www.nva.org/" />
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Nattstad.se.xml b/src/chrome/content/rules/Nattstad.se.xml
index 09e08fb65563..577899251acb 100644
--- a/src/chrome/content/rules/Nattstad.se.xml
+++ b/src/chrome/content/rules/Nattstad.se.xml
@@ -1,4 +1,11 @@
-<ruleset name="Nattstad.se" platform="mixedcontent">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://nattstad.se/ => https://www.nattstad.se/: (51, "SSL: no alternative certificate subject name matches target host name 'www.nattstad.se'")
+Fetch error: http://www.nattstad.se/ => https://www.nattstad.se/: (51, "SSL: no alternative certificate subject name matches target host name 'www.nattstad.se'")
+
+-->
+<ruleset name="Nattstad.se" platform="mixedcontent" default_off="failed ruleset test">
 	<target host="nattstad.se" />
 	<target host="www.nattstad.se" />
 	<rule from="^http://www\.nattstad\.se/" to="https://www.nattstad.se/"/>
diff --git a/src/chrome/content/rules/Natural-Environment-Research-Council.xml b/src/chrome/content/rules/Natural-Environment-Research-Council.xml
index 7f498f8942bf..148bfca716d5 100644
--- a/src/chrome/content/rules/Natural-Environment-Research-Council.xml
+++ b/src/chrome/content/rules/Natural-Environment-Research-Council.xml
@@ -1,14 +1,16 @@
-<!--	!functional:
+<!--
 		nerc.ac.uk
+		- planetearth *
 		www.nerc.ac.uk	(cert: hds.nerc.ac.uk; shows that domain's data)
+
+	* Shows hds
 -->
 <ruleset name="Natural Environment Research Council (partial)">
 
 	<target host="hds.nerc.ac.uk"/>
 
-	<securecookie host="^hds\.nerc\.ac\.uk$" name=".*"/>
+	<securecookie host="^hds\.nerc\.ac\.uk$" name=".+" />
 
-	<rule from="^http://hds\.nerc\.ac\.uk/"
-		to="https://hds.nerc.ac.uk/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Natural_Resources.Wales.xml b/src/chrome/content/rules/Natural_Resources.Wales.xml
new file mode 100644
index 000000000000..9167f6ac13bd
--- /dev/null
+++ b/src/chrome/content/rules/Natural_Resources.Wales.xml
@@ -0,0 +1,13 @@
+<ruleset name="Natural Resources.Wales">
+
+	<target host="naturalresources.wales" />
+	<target host="www.naturalresources.wales" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Natural_Skin_Shop.xml b/src/chrome/content/rules/Natural_Skin_Shop.xml
index bccc41ac2df7..cad0ad656f48 100644
--- a/src/chrome/content/rules/Natural_Skin_Shop.xml
+++ b/src/chrome/content/rules/Natural_Skin_Shop.xml
@@ -1,7 +1,14 @@
-<ruleset name="Natural Skin Shop">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://store.naturalskinshop.com/ => https://store.naturalskinshop.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+-->
+<ruleset name="Natural Skin Shop" default_off="failed ruleset test">
 
 	<target host="naturalskinshop.com" />
-	<target host="*.naturalskinshop.com" />
+	<target host="store.naturalskinshop.com" />
+	<target host="www.naturalskinshop.com" />
 
 
 	<!--	Cookie domains:
@@ -13,7 +20,6 @@
 	<securecookie host="^.*\.naturalskinshop\.com$" name=".+" />
 
 
-	<rule from="^http://(store\.|www\.)?naturalskinshop\.com/"
-		to="https://$1naturalskinshop.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Nature.com.xml b/src/chrome/content/rules/Nature.com.xml
new file mode 100644
index 000000000000..da81f92eaed8
--- /dev/null
+++ b/src/chrome/content/rules/Nature.com.xml
@@ -0,0 +1,152 @@
+<!--
+	Time out:
+		nature.com
+		bts-wp.nature.com
+		darwin.nature.com
+		stingray.nature.com
+
+	Refused:
+		api.nature.com
+		blogs.nature.com
+		www.blogs.nature.com
+		biotech.nature.com
+		cellbio.nature.com
+		data.nature.com
+		demo.nature.com
+		deutsche.nature.com
+		eagleray.nature.com
+		bounce.ealert.nature.com
+		open.ealert.nature.com
+		reply.ealert.nature.com
+		external.nature.com
+		genetics.nature.com
+		guide.nature.com
+		www.guide.nature.com
+		immunology.nature.com
+		www.immunology.nature.com
+		mailart.nature.com
+		materials.nature.com
+		medecine.nature.com
+		www.medecine.nature.com
+		medicalresearch.nature.com
+		my.nature.com
+		naturejobs.nature.com
+		network.nature.com
+		neurosci.nature.com
+		npg.nature.com
+		ns.nature.com
+		palgrave.nature.com
+		physics.nature.com
+		platformsupport.nature.com
+		precedings.nature.com
+		preceedings.nature.com
+		press.nature.com
+		proceedings.nature.com
+		protocols.nature.com
+		reports.nature.com
+		search.nature.com
+		split.nature.com
+		structbio.nature.com
+		support.nature.com
+		xml.nature.com
+		xps.nature.com
+
+	Invalid certificate:
+		bugzilla.nature.com
+		links.ealert.nature.com
+		info.nature.com
+		lindau.nature.com
+		www.lindau.nature.com
+		track.nature.com
+
+	Secure connection failed:
+		fastart.nature.com
+		feeds.nature.com
+		media.nature.com
+		static.nature.com
+
+	No working URL known:
+		id.nature.com
+		idp.nature.com
+		memphis.nature.com
+
+	Redirect to http:
+		mts-*.nature.com
+
+-->
+<ruleset name="Nature.com">
+
+	<target host="nature.com" />
+	<target host="www.nature.com" />
+	<target host="arabicedition.nature.com" />
+	<target host="biopharmadealmakers.nature.com" />
+	<target host="biotech.nature.com" />
+	<target host="cellbio.nature.com" />
+	<target host="deutsche.nature.com" />
+	<target host="ealerts.nature.com" />
+	<target host="genetics.nature.com" />
+	<target host="guide.nature.com" />
+	<target host="www.guide.nature.com" />
+	<target host="immunology.nature.com" />
+	<target host="www.immunology.nature.com" />
+	<target host="languageediting.nature.com" />
+	<target host="identity.languageediting.nature.com" />
+	<target host="secure.languageediting.nature.com" />
+	<target host="masterclasses.nature.com" />
+	<target host="materials.nature.com" />
+	<target host="medicine.nature.com" />
+	<target host="www.medicine.nature.com" />
+	<target host="medicalresearch.nature.com" />
+	<target host="nano.nature.com" />
+	<target host="natureecoevocommunity.nature.com" />
+	<target host="naturejobs.nature.com" />
+	<target host="www.naturejobs.nature.com" />
+	<target host="naturemicrobiologycommunity.nature.com" />
+	<target host="nbmecommunity.nature.com" />
+	<target host="neuroalzheimerscommunity.nature.com" />
+	<target host="neurosci.nature.com" />
+	<target host="npjbiofilmscommunity.nature.com" />
+	<target host="npjmicrogravitycommunity.nature.com" />
+	<target host="npjscilearncommunity.nature.com" />
+	<target host="physics.nature.com" />
+	<target host="protocols.nature.com" />
+	<target host="qscience.nature.com" />
+	<target host="secure.nature.com" />
+	<target host="snappleweb.nature.com" />
+	<target host="status.nature.com" />
+	<target host="submission.nature.com" />
+	<target host="submit.nature.com" />
+	<target host="structbio.nature.com" />
+	<target host="verify.nature.com" /><!-- tracking pixel -->
+		<test url="http://verify.nature.com/verify/nature.png" />
+
+	<securecookie host="^secure\.nature\.com$" name=".+" />
+
+	<rule from="^http://(deutsche\.)?nature\.com/"
+		to="https://www.nature.com/" />
+
+	<rule from="^http://(biotech|genetics|materials|medicalresearch|neurosci|physics)\.nature\.com/"
+		to="https://www.nature.com/$1//index.html" />
+
+	<rule from="^http://(cellbio|structbio)\.nature\.com/"
+		to="https://www.nature.com/molcellbio//index.html" />
+
+	<rule from="^http://(www\.)?guide\.nature\.com/"
+		to="https://www.nature.com/nbt/index.html" />
+
+	<rule from="^http://(www\.)?immunology\.nature\.com/"
+		to="https://www.nature.com/subjects/immunology" />
+
+	<rule from="^http://(www\.)?medicine\.nature\.com/"
+		to="https://www.nature.com/medicalresearch//index.html" />
+
+	<rule from="^http://(www\.)?naturejobs\.nature\.com/"
+		to="https://www.nature.com/naturejobs/science/" />
+
+	<rule from="^http://protocols\.nature\.com/"
+		to="https://www.nature.com/protocolexchange/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Nature.org.xml b/src/chrome/content/rules/Nature.org.xml
new file mode 100644
index 000000000000..a659f3087b36
--- /dev/null
+++ b/src/chrome/content/rules/Nature.org.xml
@@ -0,0 +1,58 @@
+<!--
+	Self-signed certificate:
+		adopt.nature.org
+		change.nature.org
+		dr.nature.org
+		earthday.nature.org
+		help.nature.org
+		m.nature.org
+		my.nature.org
+		origin-stage.nature.org
+		origin-www.nature.org
+		search.nature.org (http redirects to www.nature.org)
+		shop.nature.org
+		m.support.nature.org (http redirects to www.nature.org)
+
+	Mismatched:
+		blog.nature.org
+		giftplanning.nature.org
+		jobs.nature.org
+
+	Expired certificate:
+		future.nature.org
+		secure.nature.org (http redirects to www.nature.org)
+
+	Broken chain cert:
+		nature.org
+		voice.nature.org
+
+	Different content http/https
+		magazine.nature.org
+		magazinestage.nature.org
+		naturerocksstage.nature.org
+
+	Mixed content:
+		water.nature.org
+
+	Problematic:
+		support.nature.org (see https://github.com/EFForg/https-everywhere/issues/14523)
+
+-->
+<ruleset name="Nature.org">
+
+	<target host="nature.org" />
+	<target host="www.nature.org" />
+	<target host="blog.nature.org" />
+	<target host="careers.nature.org" />
+	<target host="gift.nature.org" />
+	<target host="gifts.nature.org" />
+	<target host="global.nature.org" />
+	<target host="global.staging.nature.org" />
+	<target host="stage.nature.org" />
+
+	<rule from="^http://nature\.org/"
+		to="https://www.nature.org/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Nature.xml b/src/chrome/content/rules/Nature.xml
deleted file mode 100644
index 4bb4162e5901..000000000000
--- a/src/chrome/content/rules/Nature.xml
+++ /dev/null
@@ -1,29 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- /		(times out)
-		- mts-msb	(ditto)
-		- my *
-		- network **	(504, akamai)
-		- npg *
-		- www.		(Akamai; "An error occurred")
-
-	* Times out
-	** 503, akamai
-
--->
-<ruleset name="Nature (partial)">
-
-	<target host="nature.com" />
-	<target host="*.nature.com" />
-
-
-	<securecookie host="^secure\.nature\.com$" name=".*" />
-
-	<rule from="^https?://(?:www\.)?nature\.com/(cimages/|common/|favicon\.ico|info/|myaccount|(?:view/(?:\w+/)?)?(?:imag|styl)es/)"
-		to="https://secure.nature.com/$1" />
-
-	<rule from="^http://s(ecure|tatus)\.nature\.com/"
-		to="https://s$1.nature.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/NatureAsia.com.xml b/src/chrome/content/rules/NatureAsia.com.xml
new file mode 100644
index 000000000000..d5ce549fbb99
--- /dev/null
+++ b/src/chrome/content/rules/NatureAsia.com.xml
@@ -0,0 +1,22 @@
+<!--
+	No working URL known:
+		natureasia.com
+		ec.natureasia.com
+		nd.natureasia.com
+		nindia.natureasia.com
+		nme.natureasia.com
+
+	Mixed content:
+		openx.natureasia.com
+
+	Time out:
+		survey.natureasia.com
+
+-->
+<ruleset name="NatureAsia.com">
+
+	<target host="www.natureasia.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NatureCast.org.xml b/src/chrome/content/rules/NatureCast.org.xml
new file mode 100644
index 000000000000..9ededa480c18
--- /dev/null
+++ b/src/chrome/content/rules/NatureCast.org.xml
@@ -0,0 +1,19 @@
+<!--
+	Invalid certificate:
+		course.naturecast.org
+		phenology.naturecast.org
+
+	Refused:
+		www.naturecast.org
+
+	Time out:
+		naturecast.org
+
+-->
+<ruleset name="NatureCast.org (partial)">
+
+	<target host="portal.naturecast.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NatureIndex.com.xml b/src/chrome/content/rules/NatureIndex.com.xml
new file mode 100644
index 000000000000..e0f0c8f2d64b
--- /dev/null
+++ b/src/chrome/content/rules/NatureIndex.com.xml
@@ -0,0 +1,12 @@
+<!--
+	Mismatch:
+		feedback.natureindex.com
+-->
+<ruleset name="NatureIndex.com">
+	<target host="natureindex.com" />
+	<target host="www.natureindex.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Nature_Shop.xml b/src/chrome/content/rules/Nature_Shop.xml
index 4347d3484300..b12f9699ca9e 100644
--- a/src/chrome/content/rules/Nature_Shop.xml
+++ b/src/chrome/content/rules/Nature_Shop.xml
@@ -13,4 +13,4 @@
 	<rule from="^http://(www\.)?natureshop\.com/(cart/|Content/|s/|secure/|Support/index|upload/)"
 		to="https://$1natureshop.com/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Naturvardsverket.se.xml b/src/chrome/content/rules/Naturvardsverket.se.xml
index 36b0b6fdcf3f..749cf63cbcda 100644
--- a/src/chrome/content/rules/Naturvardsverket.se.xml
+++ b/src/chrome/content/rules/Naturvardsverket.se.xml
@@ -1,7 +1,6 @@
 <ruleset name="Naturvardsverket.se">
 	<target host="naturvardsverket.se" />
 	<target host="www.naturvardsverket.se" />
-	<rule from="^http://www\.naturvardsverket\.se/" to="https://www.naturvardsverket.se/"/>
-	<rule from="^http://naturvardsverket\.se/" to="https://naturvardsverket.se/"/>
+	<rule from="^http:" to="https:" />
 </ruleset>
 
diff --git a/src/chrome/content/rules/Nau.ch.xml b/src/chrome/content/rules/Nau.ch.xml
new file mode 100644
index 000000000000..5b50f5f22b9b
--- /dev/null
+++ b/src/chrome/content/rules/Nau.ch.xml
@@ -0,0 +1,18 @@
+
+<!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Non-2xx HTTP code: http://api.nau.ch/ (200) => https://api.nau.ch/ (404)
+
+-->
+<ruleset name="Nau.ch">
+	<target host="nau.ch" />
+	<target host="www.nau.ch" />
+	<!-- target host="api.nau.ch" /-->
+	<target host="create.nau.ch" />
+	<target host="media.nau.ch" />
+    <test url="http://media.nau.ch/default_avatar.png" />
+	<target host="t.nau.ch" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/NaughtyDog.com.xml b/src/chrome/content/rules/NaughtyDog.com.xml
new file mode 100644
index 000000000000..d4e08d8e0f1f
--- /dev/null
+++ b/src/chrome/content/rules/NaughtyDog.com.xml
@@ -0,0 +1,24 @@
+<!--
+	For other Sony coverage, see Sony.xml.
+
+	Different HTTP/HTTPS content:
+		naughtydog.com (503 status for HTTPS, 301 to www.naughtydog.com for HTTP)
+
+	Invalid certificate:
+		feedback.naughtydog.com
+		forums.naughtydog.com
+
+-->
+<ruleset name="Naughty Dog">
+
+	<target host="naughtydog.com" />
+	<target host="www.naughtydog.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://naughtydog\.com/"
+		to="https://www.naughtydog.com/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Naughty_Dog.xml b/src/chrome/content/rules/Naughty_Dog.xml
deleted file mode 100644
index f943851b5b51..000000000000
--- a/src/chrome/content/rules/Naughty_Dog.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	For other Sony coverage, see Sony.xml.
-
--->
-<ruleset name="Naughty Dog">
-
-	<target host="naughtydog.com" />
-	<target host="*.naughtydog.com" />
-
-
-	<securecookie host="^(?:w*\.)?naughtydog\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?naughtydog\.com/"
-		to="https://$1naughtydog.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Naukri.xml b/src/chrome/content/rules/Naukri.xml
index 71ee9bc0910c..df5ce5e3fa08 100644
--- a/src/chrome/content/rules/Naukri.xml
+++ b/src/chrome/content/rules/Naukri.xml
@@ -1,5 +1,49 @@
-<ruleset name="Naukri">
-  <target host="login.naukri.com" />
+<!--
+	Other naukri.com related rulesets:
+		+ naukimg.com.xml
 
-  <rule from="^http://login\.naukri\.com/" to="https://login.naukri.com/"/>
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- w6.naukri.com
+
+		Peer certificate cannot be authenticated with given CA certificates:
+		- careers.naukri.com
+		- mideast.naukri.com
+		- www.mideast.naukri.com
+		- w2.naukri.com
+		- w3.naukri.com
+		- w4.naukri.com
+		- w7.naukri.com
+
+-->
+<ruleset name="Naukri.com (partial)">
+	<target host="naukri.com" />
+	<target host="www.naukri.com" />
+	<target host="apply.naukri.com" />
+	<target host="blogs.naukri.com" />
+	<target host="careernavigator.naukri.com" />
+	<target host="companies.naukri.com" />
+	<target host="company.naukri.com" />
+		<test url="http://company.naukri.com/banners2016/kpit-ns-65x45-292016.gif" />
+	<target host="demoresdex.naukri.com" />
+	<target host="e-learning.naukri.com" />
+	<target host="engineering.naukri.com" />
+	<target host="freesearch.naukri.com" />
+	<target host="jobsearch.naukri.com" />
+	<target host="learning.naukri.com" />
+	<target host="lg.naukri.com" />
+		<test url="http://lg.naukri.com/nLogger/boomLogger.php" />
+	<target host="login.naukri.com" />
+	<target host="naukrirecruiter.naukri.com" />
+	<target host="login.recruit.naukri.com" />
+	<target host="recruit.naukri.com" />
+	<target host="recruiterzone.naukri.com" />
+	<target host="resume.naukri.com" />
+	<target host="static.naukri.com" />
+	<target host="w1.naukri.com" />
+	<target host="w5.naukri.com" />
+	<target host="w28.naukri.com" />
+		<test url="http://w28.naukri.com/advertiser/bms_logimpressions.php?banlist=1,1,1,1,1" />
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Nautil.us.xml b/src/chrome/content/rules/Nautil.us.xml
new file mode 100644
index 000000000000..f4a99fd98578
--- /dev/null
+++ b/src/chrome/content/rules/Nautil.us.xml
@@ -0,0 +1,31 @@
+<!--
+	CDN buckets:
+
+		- d3chnh8fr629l6.cloudfront.net
+
+			- static
+
+	Mixed content:
+
+		- Images on shop from $self ¹
+		- Images on shop from ^ ²
+
+	¹ Secured by us
+	² Unsecurable <= refused
+
+-->
+<ruleset name="Nautil.us">
+
+	<target host="shop.nautil.us" />
+	<target host="static.nautil.us" />
+	<target host="nautil.us" />
+	<target host="www.nautil.us" />
+		<!--exclusion pattern="http://www\.nautil\.us/" /-->
+
+
+
+	<rule from="^http://static\.nautil\.us/"
+		to="https://d3chnh8fr629l6.cloudfront.net/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Navalny.com.xml b/src/chrome/content/rules/Navalny.com.xml
new file mode 100644
index 000000000000..ea7e5feae828
--- /dev/null
+++ b/src/chrome/content/rules/Navalny.com.xml
@@ -0,0 +1,11 @@
+<ruleset name="Navalny.com">
+	<target host="navalny.com" />
+	<target host="www.navalny.com" />
+	<target host="20.navalny.com" />
+	<target host="chaika.navalny.com" />
+	<target host="chetverg.navalny.com" />
+	<target host="express.navalny.com" />
+	<target host="st.navalny.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Navdem.com.xml b/src/chrome/content/rules/Navdem.com.xml
new file mode 100644
index 000000000000..d636d27812ed
--- /dev/null
+++ b/src/chrome/content/rules/Navdem.com.xml
@@ -0,0 +1,13 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://navdem.com/ => https://navdem.com/: (35, 'error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error')
+Fetch error: http://www.navdem.com/ => https://www.navdem.com/: (35, 'error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error')
+
+-->
+<ruleset name="Navdem.com" default_off="failed ruleset test">
+	<target host="navdem.com" />
+	<target host="www.navdem.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Naver.net.xml b/src/chrome/content/rules/Naver.net.xml
new file mode 100644
index 000000000000..c1bb584f4c5b
--- /dev/null
+++ b/src/chrome/content/rules/Naver.net.xml
@@ -0,0 +1,49 @@
+<!--
+	For other Naver Corporation coverage, see Naver_Corp.com.xml.
+
+
+	Nonfunctional subdomains:
+
+		- blogfiles5 ¹
+		- blogfiles12 ¹
+		- blogimgs ¹
+		- blogthumb2 ¹
+		- imgmoneybook ¹
+		- static.mileage ²
+		- image.music ¹
+		- static.news ²
+		- landthumb.phinf ¹
+		- movie.phinf ¹
+		- movie2.phinf ¹
+		- pwe ²
+		- img.shop ¹
+
+	¹ 503, akamai
+	² Refused
+
+
+	Problematic subdomains:
+
+		- t.static.blog *
+		- static.checkout *
+		- imgmovie *
+		- static.land *
+		- static.shopping *
+		- static *
+
+	* Akamai
+
+-->
+<ruleset name="Naver.net (partial)">
+
+	<target host="img.calendar.naver.net" />
+	<target host="static.checkout.naver.net" />
+	<target host="static.mileage.naver.net" />
+
+
+
+	<rule from="^http://(static\.checkout|static\.mileage)\.naver\.net/"
+		to="https://ssl.pstatic.net/$1/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Naver_Corp.com.xml b/src/chrome/content/rules/Naver_Corp.com.xml
new file mode 100644
index 000000000000..7e567a053b41
--- /dev/null
+++ b/src/chrome/content/rules/Naver_Corp.com.xml
@@ -0,0 +1,29 @@
+<!--
+	Other Naver Corporation rulesets:
+
+		- naver.com.xml
+		- Naver.net.xml
+		- Pstatic.net.xml
+
+
+	^: cert only matches *.navercorp.com
+
+-->
+<ruleset name="Naver Corp.com">
+
+	<target host="navercorp.com" />
+	<target host="alice.navercorp.com" />
+	<target host="cos2.navercorp.com" />
+	<target host="enterprise-auth.navercorp.com" />
+	<target host="live.navercorp.com" />
+	<target host="mail.navercorp.com" />
+	<target host="mirror.navercorp.com" />
+	<target host="ndrive.navercorp.com" />
+	<target host="nss.navercorp.com" />
+	<target host="static.navercorp.com" />
+	<target host="recruit.navercorp.com" />
+	<target host="www.navercorp.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Navigant_Research.com.xml b/src/chrome/content/rules/Navigant_Research.com.xml
index 28fb8e093daf..887f2e805aec 100644
--- a/src/chrome/content/rules/Navigant_Research.com.xml
+++ b/src/chrome/content/rules/Navigant_Research.com.xml
@@ -27,4 +27,4 @@
 	<rule from="^http://(www\.)?navigantresearch\.com/(?=favicon\.ico|wordpress/wp-content/|wordpress/wp-login\.php|wp-assets/|wp-content/)"
 		to="https://$1navigantresearch.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/NavyNews.co.uk.xml b/src/chrome/content/rules/NavyNews.co.uk.xml
new file mode 100644
index 000000000000..04e4176909dc
--- /dev/null
+++ b/src/chrome/content/rules/NavyNews.co.uk.xml
@@ -0,0 +1,11 @@
+<!--
+	For other royalnavy.mod.uk related rulesets, see RoyalNavy.mod.uk.xml
+-->
+<ruleset name="NavyNews.co.uk">
+	<target host="navynews.co.uk" />
+	<target host="www.navynews.co.uk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Nawaat.xml b/src/chrome/content/rules/Nawaat.xml
index 175e40b8dc2a..6e5097fdf4d1 100644
--- a/src/chrome/content/rules/Nawaat.xml
+++ b/src/chrome/content/rules/Nawaat.xml
@@ -7,7 +7,6 @@
 	<securecookie host="^nawaat\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?nawaat\.org/"
-		to="https://$1nawaat.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Naytev.com.xml b/src/chrome/content/rules/Naytev.com.xml
new file mode 100644
index 000000000000..658f0e1f6d7f
--- /dev/null
+++ b/src/chrome/content/rules/Naytev.com.xml
@@ -0,0 +1,29 @@
+<!--
+	Nonfunctional hosts in *naytev.com:
+
+		- blog *
+
+	* Plaintext reply
+
+
+	^naytev.com: Refused
+
+-->
+<ruleset name="Naytev.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.naytev.com" />
+
+	<!--	Complications:
+				-->
+	<target host="naytev.com" />
+
+
+	<rule from="^http://naytev\.com/"
+		to="https://www.naytev.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Nazariyat.org.xml b/src/chrome/content/rules/Nazariyat.org.xml
new file mode 100644
index 000000000000..401cac81ca52
--- /dev/null
+++ b/src/chrome/content/rules/Nazariyat.org.xml
@@ -0,0 +1,12 @@
+<!--
+	Mismatch:
+		tracking.nazariyat.org
+-->
+<ruleset name="Nazariyat.org">
+	<target host="nazariyat.org" />
+	<target host="www.nazariyat.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Nazwa.pl.xml b/src/chrome/content/rules/Nazwa.pl.xml
new file mode 100644
index 000000000000..80c6b167dc94
--- /dev/null
+++ b/src/chrome/content/rules/Nazwa.pl.xml
@@ -0,0 +1,30 @@
+<!--
+	Nonfunctional hosts in *nazwa.pl:
+
+		- kl ³
+		- komunikaty ʳ
+
+	³ 403
+	ʳ Refused
+
+-->
+<ruleset name="nazwa.pl (partial)">
+
+	<target host="nazwa.pl" />
+	<target host="bisformat.nazwa.pl" />
+	<target host="blog.nazwa.pl" />
+	<target host="dm.nazwa.pl" />
+	<target host="konto.nazwa.pl" />
+	<target host="panel.nazwa.pl" />
+	<target host="pomoc.nazwa.pl" />
+	<target host="www.nazwa.pl" />
+
+
+	<securecookie host="^\w" name=".+" />
+	<securecookie host="^\." name="^_gat?$" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ncloud.dk.xml b/src/chrome/content/rules/Ncloud.dk.xml
new file mode 100644
index 000000000000..4ce0b3aa1022
--- /dev/null
+++ b/src/chrome/content/rules/Ncloud.dk.xml
@@ -0,0 +1,18 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://partner.ncloud.dk/ => https://partner.ncloud.dk/: (28, 'Connection timed out after 20000 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://partner.ncloud.dk/ => https://partner.ncloud.dk/: (28, 'Connection timed out after 10001 milliseconds')
+	For other Netgroup coverage, see Netgroup.dk.xml.
+
+-->
+<ruleset name="ncloud.dk" default_off="failed ruleset test">
+
+	<target host="partner.ncloud.dk" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ndla.no.xml b/src/chrome/content/rules/Ndla.no.xml
new file mode 100644
index 000000000000..f38ef790ec86
--- /dev/null
+++ b/src/chrome/content/rules/Ndla.no.xml
@@ -0,0 +1,63 @@
+<!--
+
+	Refused:
+		- bak.ndla.no
+		- ndlap4prodadm01v.ndlap4.ndla.no
+		- ndlat4cm02v.ndlap4.ndla.no
+
+	Mismatch:
+		- arkiv.ndla.no
+		- 2009.arkiv.ndla.no
+		- 2010.arkiv.ndla.no
+		- 2011.arkiv.ndla.no
+		- 2012.arkiv.ndla.no
+		- i.ndla.no
+		- om.ndla.no
+		- static.ndla.no
+		- ndlap4cm01v.ndlap4.ndla.no
+		- ndlap4frontend01v.ndlap4.ndla.no
+		- ndlap4frontend02v.ndlap4.ndla.no
+		- ndlap4revproxy01v.ndlap4.ndla.no
+		- ndlat4cm01v.ndlap4.ndla.no
+		- ndlat4jira01v.ndlap4.ndla.no
+		- ndlat4topics01v.ndlap4.ndla.no
+		- ndlat4topics02v.ndlap4.ndla.no
+		- ndlat4vhosts01v.ndlap4.ndla.no
+		- ndlat4vhosts02v.ndlap4.ndla.no
+		- ndlat4vhosts03v.ndlap4.ndla.no
+
+
+	Different content:
+		- samskrive.ndla.no
+		- sti.ndla.no
+
+	Timeout:
+		- nettskole.ndla.no
+		- www.nettskole.ndla.no
+		- tokt.ndla.no
+
+	Redirects to HTTP:
+		- deling.ndla.no
+		- fyr.ndla.no
+
+	Other HTTPS failure:
+		- ndlap4stream01v.ndlap4.ndla.no
+
+-->
+<ruleset name="Norwegian Digital Learning Arena">
+	<target host="ndla.no" />
+	<target host="www.ndla.no" />
+	<target host="alerter.ndla.no" />
+	<target host="auth.ndla.no" />
+	<target host="cdntest-a.ndla.no" />
+	<target host="cdntest-b.ndla.no" />
+	<target host="cdntest-c.ndla.no" />
+	<target host="feedback.ndla.no" />
+	<target host="frontend.ndla.no" />
+	<target host="min.ndla.no" />
+	<target host="ndlap4.ndla.no" />
+	<target host="search.ndla.no" />
+	<target host="ndlap4cpanelhost01v.ndlap4.ndla.no" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ndr.de.xml b/src/chrome/content/rules/Ndr.de.xml
new file mode 100644
index 000000000000..5c5eb37ed802
--- /dev/null
+++ b/src/chrome/content/rules/Ndr.de.xml
@@ -0,0 +1,30 @@
+<!--
+	Nonfunctional subdomains:
+		- media       -> wrong certificate (valid for akamaihd.net)
+
+	Other NDR rulesets:
+		- N-JOY.de
+
+    Mixed content:
+
+        - Ads on www from www.n-joy.de *
+
+    * Secured by us
+-->
+<ruleset name="Ndr.de">
+    <target host="ndr.de" />
+    <target host="www.ndr.de" />
+    <target host="static.ndr.de" />
+    <target host="hbbtv.ndr.de" />
+    <target host="ard.ndr.de" />
+	<!-- redirects to www.ndr.de -->
+    <target host="m.ndr.de" />
+	<!-- redirects to www.daserste.de -->
+    <target host="daserste.ndr.de" />
+
+    <securecookie host="^(www\.|static\.|hbbtv\.|ard\.|daserste\.)?ndr\.de$" name=".+" />
+
+    <rule from="^http:"
+            to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Neal_Poole.xml b/src/chrome/content/rules/Neal_Poole.xml
index 275cbd7129e8..6c8fb43cfb46 100644
--- a/src/chrome/content/rules/Neal_Poole.xml
+++ b/src/chrome/content/rules/Neal_Poole.xml
@@ -8,7 +8,6 @@
 	<target host="www.nealpoole.com" />
 
 
-	<rule from="^https?://(?:www\.)?nealpoole\.com/"
-		to="https://nealpoole.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Nearbuy_Systems.com-problematic.xml b/src/chrome/content/rules/Nearbuy_Systems.com-problematic.xml
deleted file mode 100644
index 0dbd56e8a1d1..000000000000
--- a/src/chrome/content/rules/Nearbuy_Systems.com-problematic.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	For rules that are on by default, see Nearbuysystems.com.xml.
-
--->
-<ruleset name="Nearbuy Systems.com (mismatched)" default_off="mismatched">
-
-	<target host="nearbuysystems.com" />
-	<target host="*.nearbuysystems.com" />
-
-
-	<securecookie host="^(?:www)?\.nearbuysystems\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?nearbuysystems\.com/"
-		to="https://www.nearbuysystems.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Nearbuysystems.com.xml b/src/chrome/content/rules/Nearbuysystems.com.xml
index 08666bab5b73..034daddfbbaa 100644
--- a/src/chrome/content/rules/Nearbuysystems.com.xml
+++ b/src/chrome/content/rules/Nearbuysystems.com.xml
@@ -1,25 +1,16 @@
-<!--
-	For problematic rules, see Nearbuy_Systems.com-problematic.xml.
-
-
-	Problematic subdomains:
-
-		- (www.)	(works; mismatched, CN: *.worldsecuresystems.com)
 
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://luneta.nearbuysystems.com/ => https://luneta.nearbuysystems.com/: (51, "SSL: no alternative certificate subject name matches target host name 'luneta.nearbuysystems.com'")
 
-     This rule was automatically generated based on an HSTS
-     preload rule in the Chromium browser.  See 
-     https://src.chromium.org/viewvc/chrome/trunk/src/net/base/transport_security_state.cc
-     for the list of preloads.  Sites are added to the Chromium HSTS
-     preload list on request from their administrators, so HTTPS should
-     work properly everywhere on this site.
- 
-     Because Chromium and derived browsers automatically force HTTPS for
-     every access to this site, this rule applies only to Firefox. -->
-<ruleset name="Nearbuysystems.com" platform="firefox">
-  <target host="luneta.nearbuysystems.com" />
+	-refused:
+		- (www.)
+-->
+<ruleset name="Nearbuysystems.com" default_off="failed ruleset test">
+	<target host="luneta.nearbuysystems.com" />
 
-  <securecookie host="^luneta\.nearbuysystems\.com$" name=".+" />
+	<securecookie host="^luneta\.nearbuysystems\.com$" name=".+" />
 
-  <rule from="^http://luneta\.nearbuysystems\.com/" to="https://luneta.nearbuysystems.com/" />
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/NearlyFreeSpeech.NET.xml b/src/chrome/content/rules/NearlyFreeSpeech.NET.xml
index eec04c961f80..07cebc6fe8eb 100644
--- a/src/chrome/content/rules/NearlyFreeSpeech.NET.xml
+++ b/src/chrome/content/rules/NearlyFreeSpeech.NET.xml
@@ -1,31 +1,30 @@
 <!--
 	Nonfunctional subdomains:
 
-		- ^	(times out)
-		- blog	(ditto)
-
-
 	Fully covered subdomains:
 
 		- ^
 		- members
 		- www
+		- blog
+		- faq
 
 -->
 <ruleset name="NearlyFreeSpeech.NET">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="nearlyfreespeech.net" />
-	<target host="*.nearlyfreespeech.net" />
-	<target host="*.members.nearlyfreespeech.net" />
+	<target host="blog.nearlyfreespeech.net" />
+	<target host="faq.nearlyfreespeech.net" />
+	<target host="members.nearlyfreespeech.net" />
+	<target host="www.nearlyfreespeech.net" />
 
 
 	<securecookie host="^\.members\.nearlyfreespeech\.net$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?nearlyfreespeech\.net/"
-		to="https://www.nearlyfreespeech.net/" />
-
-	<rule from="^http://members\.nearlyfreespeech\.net/"
-		to="https://members.nearlyfreespeech.net/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/NeatoShop.xml b/src/chrome/content/rules/NeatoShop.xml
index 625abda2846c..6478b25ece2f 100644
--- a/src/chrome/content/rules/NeatoShop.xml
+++ b/src/chrome/content/rules/NeatoShop.xml
@@ -5,11 +5,12 @@
 <ruleset name="NeatoShop.com">
 
 	<target host="neatoshop.com"/>
-	<target host="*.neatoshop.com"/>
+	<target host="static.neatoshop.com" />
+	<target host="www.neatoshop.com" />
 
 	<!--	observed cookies:
 			- PHPSESSID	-->
-	<securecookie host="^\.neatoshop\.com$" name=".*"/>
+	<securecookie host="^\.neatoshop\.com$" name=".+" />
 
 	<!--	static cert: static1.savingstar.com	-->
 	<rule from="^http://(?:static\.|(www\.))?neatoshop\.com/"
diff --git a/src/chrome/content/rules/Nebelwelt.net.xml b/src/chrome/content/rules/Nebelwelt.net.xml
new file mode 100644
index 000000000000..874b8bfafc04
--- /dev/null
+++ b/src/chrome/content/rules/Nebelwelt.net.xml
@@ -0,0 +1,9 @@
+<ruleset name="Nebelwelt.net">
+
+	<target host="nebelwelt.net" />
+	<target host="www.nebelwelt.net" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Nebezi.cz.xml b/src/chrome/content/rules/Nebezi.cz.xml
new file mode 100644
index 000000000000..0b53ab3af689
--- /dev/null
+++ b/src/chrome/content/rules/Nebezi.cz.xml
@@ -0,0 +1,20 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://nebezi.cz/ => https://nebezi.cz/: (7, '')
+Fetch error: http://www.nebezi.cz/ => https://www.nebezi.cz/: (7, '')
+Fetch error: http://ipv6.nebezi.cz/ => https://ipv6.nebezi.cz/: (7, '')
+
+    Other Nebezi.cz rulesets:
+        - DoesNotWork.eu.xml
+-->
+<ruleset name="Neběží.cz" default_off="failed ruleset test">
+    <target host="nebezi.cz" />
+    <target host="www.nebezi.cz" />
+    <target host="ipv4.nebezi.cz" />
+    <target host="ipv6.nebezi.cz" />
+    <target host="cas.nebezi.cz" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Nebrija.com.xml b/src/chrome/content/rules/Nebrija.com.xml
new file mode 100644
index 000000000000..cbbc8a576104
--- /dev/null
+++ b/src/chrome/content/rules/Nebrija.com.xml
@@ -0,0 +1,24 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://nebrija.com/ => https://nebrija.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.nebrija.com/ => https://www.nebrija.com/: (60, 'SSL certificate problem: certificate has expired')
+
+	Ruleset for nebrija.com.
+
+	Not supporting HTTPS or using an invalid certificate:
+		* list.nebrija.com
+		* mail.nebrija.com
+		* mobile.nebrija.com
+		* mysql.nebrija.com
+		* webmail.nebrija.com
+-->
+<ruleset name="nebrija.com" default_off="failed ruleset test">
+
+	<target host="nebrija.com" />
+	<target host="www.nebrija.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Nebula.xml b/src/chrome/content/rules/Nebula.xml
index 85582748ca8c..23882f644d50 100644
--- a/src/chrome/content/rules/Nebula.xml
+++ b/src/chrome/content/rules/Nebula.xml
@@ -1,20 +1,24 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://nebula.com/ => https://nebula.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.nebula.com/ => https://www.nebula.com/: (7, 'Failed to connect to www.nebula.com port 443: No route to host')
+
 	CDN buckets:
 
 		- nebula-static.s3.amazonaws.com
 		- nebula-www.s3.amazonaws.com
 
 -->
-<ruleset name="Nebula">
+<ruleset name="Nebula" default_off="failed ruleset test">
 
 	<target host="nebula.com" />
 	<target host="www.nebula.com" />
 
 
-	<securecookie host="^www\.nebula\.com$" name=".+" />
+	<securecookie host="^(?:www)?\.nebula\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?nebula\.com/"
-		to="https://$1nebula.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/NecessaryAndProportionate.net.xml b/src/chrome/content/rules/NecessaryAndProportionate.net.xml
new file mode 100644
index 000000000000..9004e67ed4ca
--- /dev/null
+++ b/src/chrome/content/rules/NecessaryAndProportionate.net.xml
@@ -0,0 +1,12 @@
+<!--
+	For other EFF coverage, see EFF.xml.
+-->
+
+<ruleset name="NecessaryAndProportionate.net">
+	<target host="necessaryandproportionate.net" />
+	<target host="www.necessaryandproportionate.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Necessary_and_Proportionate.org.xml b/src/chrome/content/rules/Necessary_and_Proportionate.org.xml
deleted file mode 100644
index e2d02a63dbc7..000000000000
--- a/src/chrome/content/rules/Necessary_and_Proportionate.org.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	For other EFF coverage, see EFF.xml.
-
--->
-<ruleset name="Necessary and Proportionate.org">
-
-	<target host="necessaryandproportionate.net" />
-	<target host="*.necessaryandproportionate.net" />
-	<target host="necessaryandproportionate.org" />
-	<target host="*.necessaryandproportionate.org" />
-
-
-	<rule from="^http://(\w\w\.|www\.)?necessaryandproportionate\.(net|org)/"
-		to="https://$1necessaryandproportionate.$2/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Neck2Neck.xml b/src/chrome/content/rules/Neck2Neck.xml
index c63661a9bcf7..c5f4a836e4e6 100644
--- a/src/chrome/content/rules/Neck2Neck.xml
+++ b/src/chrome/content/rules/Neck2Neck.xml
@@ -4,7 +4,6 @@
 	<target host="www.neck2neck.com" />
 
 
-	<rule from="^http://(www\.)?neck2neck\.com/"
-		to="https://$1neck2neck.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Necuhb.xml b/src/chrome/content/rules/Necuhb.xml
index 6931ce98845a..fa653cc71fdb 100644
--- a/src/chrome/content/rules/Necuhb.xml
+++ b/src/chrome/content/rules/Necuhb.xml
@@ -1,12 +1,12 @@
 <ruleset name="Northeast Credit Union" platform="mixedcontent">
-  <target host="necuhb.org" />
+  <!--
+    Failed to connect port 443
+
+    <target host="necuhb.org" />
+  -->
   <target host="necu.org" />
   <target host="www.necu.org" />
-  <target host="*.necuhb.org" />
-
-  <rule from="^http://([^/:@]*)\.necuhb\.org/"
-          to="https://$1.necuhb.org/"/>
 
-  <rule from="^https://(www\.)?necu\.org/"
-          to="https://$1.necu.org/"/>
+  <rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/NedLinux.com.xml b/src/chrome/content/rules/NedLinux.com.xml
deleted file mode 100644
index a3698f69633a..000000000000
--- a/src/chrome/content/rules/NedLinux.com.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<ruleset name="NedLinux.com">
-
-	<target host="nccc.nl"/>
-	<target host="www.nccc.nl"/>
-	<target host="nedlinux.com"/>
-	<target host="webmail.nedlinux.com"/>
-	<target host="www.nedlinux.com"/>
-
-	<rule from="^http://(www\.)?nccc\.nl/"
-		to="https://www.nccc.nl/"/>
-
-	<rule from="^http://(www\.)?nedlinux\.com/"
-		to="https://nedlinux.com/"/>
-
-	<rule from="^http://webmail\.nedlinux\.com/"
-		to="https://webmail.nedlinux.com/"/>
-
-	<securecookie host="^www\.nccc\.nl$" name=".*"/>
-	<securecookie host="^(www\.)?nedlinux\.com$" name=".*"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Nederland.xml b/src/chrome/content/rules/Nederland.xml
index 8c12b610fea3..357eb72046e8 100644
--- a/src/chrome/content/rules/Nederland.xml
+++ b/src/chrome/content/rules/Nederland.xml
@@ -1,4 +1,103 @@
-<ruleset name="NL Overheid" platform="mixedcontent">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://depolitiezoekt.nl/ => https://www.depolitiezoekt.nl/: (6, 'Could not resolve host: www.depolitiezoekt.nl')
+Fetch error: http://www.depolitiezoekt.nl/ => https://www.depolitiezoekt.nl/: (6, 'Could not resolve host: www.depolitiezoekt.nl')
+Fetch error: http://minbzk.nl/ => https://www.minbzk.nl/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.minbzk.nl/ => https://www.minbzk.nl/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://bprbzk.nl/ => https://www.bprbzk.nl/: (7, 'Failed to connect to www.bprbzk.nl port 443: Connection refused')
+Fetch error: http://www.bprbzk.nl/ => https://www.bprbzk.nl/: (7, 'Failed to connect to www.bprbzk.nl port 443: Connection refused')
+Fetch error: http://minfin.nl/ => https://www.minfin.nl/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.minfin.nl/ => https://www.minfin.nl/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://justitie.nl/ => https://www.justitie.nl/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.justitie.nl/ => https://www.justitie.nl/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://bergenopzoom.nl/ => https://www.bergenopzoom.nl/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.bergenopzoom.nl/ => https://www.bergenopzoom.nl/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://boarnsterhim.nl/ => https://www.boarnsterhim.nl/: (51, "SSL: no alternative certificate subject name matches target host name 'www.boarnsterhim.nl'")
+Fetch error: http://www.boarnsterhim.nl/ => https://www.boarnsterhim.nl/: (51, "SSL: no alternative certificate subject name matches target host name 'www.boarnsterhim.nl'")
+Fetch error: http://borne.nl/ => https://www.borne.nl/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.borne.nl/ => https://www.borne.nl/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://maarssen.nl/ => https://www.maarssen.nl/: (6, 'Could not resolve host: www.maarssen.nl')
+Fetch error: http://www.maarssen.nl/ => https://www.maarssen.nl/: (6, 'Could not resolve host: www.maarssen.nl')
+Fetch error: http://maastricht.nl/ => https://www.maastricht.nl/: (51, "SSL: no alternative certificate subject name matches target host name 'www.maastricht.nl'")
+Fetch error: http://www.maastricht.nl/ => https://www.maastricht.nl/: (51, "SSL: no alternative certificate subject name matches target host name 'www.maastricht.nl'")
+Fetch error: http://schijndel.nl/ => https://www.schijndel.nl/: (51, "SSL: no alternative certificate subject name matches target host name 'www.schijndel.nl'")
+Fetch error: http://www.schijndel.nl/ => https://www.schijndel.nl/: (51, "SSL: no alternative certificate subject name matches target host name 'www.schijndel.nl'")
+Fetch error: http://weert.nl/ => https://www.weert.nl/: (7, 'Failed to connect to www.weert.nl port 443: Connection refused')
+Fetch error: http://www.weert.nl/ => https://www.weert.nl/: (7, 'Failed to connect to www.weert.nl port 443: Connection refused')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://govcert.nl/ => https://www.govcert.nl/: (60, 'SSL certificate problem: self signed certificate')
+Fetch error: http://www.govcert.nl/ => https://www.govcert.nl/: (60, 'SSL certificate problem: self signed certificate')
+Fetch error: http://depolitiezoekt.nl/ => https://www.depolitiezoekt.nl/: (28, 'Connection timed out after 10000 milliseconds')
+Fetch error: http://www.depolitiezoekt.nl/ => https://www.depolitiezoekt.nl/: (28, 'Connection timed out after 10000 milliseconds')
+Fetch error: http://minbzk.nl/ => https://www.minbzk.nl/: (6, 'Could not resolve host: minbzk.nl')
+Fetch error: http://www.minbzk.nl/ => https://www.minbzk.nl/: (28, 'Connection timed out after 10000 milliseconds')
+Fetch error: http://waarschuwingsdienst.nl/ => https://www.waarschuwingsdienst.nl/: (60, 'SSL certificate problem: self signed certificate')
+Fetch error: http://www.waarschuwingsdienst.nl/ => https://www.waarschuwingsdienst.nl/: (60, 'SSL certificate problem: self signed certificate')
+Fetch error: http://minfin.nl/ => https://www.minfin.nl/: (28, 'Connection timed out after 10001 milliseconds')
+Fetch error: http://www.minfin.nl/ => https://www.minfin.nl/: (28, 'Connection timed out after 10001 milliseconds')
+Fetch error: http://domeinenrz.nl/ => https://www.domeinenrz.nl/: (28, 'Connection timed out after 10001 milliseconds')
+Fetch error: http://justitie.nl/ => https://www.justitie.nl/: (28, 'Connection timed out after 10000 milliseconds')
+Fetch error: http://www.justitie.nl/ => https://www.justitie.nl/: (28, 'Connection timed out after 10000 milliseconds')
+Fetch error: http://overijssel.nl/ => https://www.overijssel.nl/: (28, 'Connection timed out after 10001 milliseconds')
+Fetch error: http://www.overijssel.nl/ => https://www.overijssel.nl/: (28, 'Connection timed out after 10001 milliseconds')
+Fetch error: http://amersfoort.nl/ => https://www.amersfoort.nl/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.amersfoort.nl/ => https://www.amersfoort.nl/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://bergenopzoom.nl/ => https://www.bergenopzoom.nl/: (7, 'Failed to connect to www.bergenopzoom.nl port 443: Connection refused')
+Fetch error: http://www.bergenopzoom.nl/ => https://www.bergenopzoom.nl/: (7, 'Failed to connect to www.bergenopzoom.nl port 443: Connection refused')
+Fetch error: http://gemeenteberkelland.nl/ => https://www.gemeenteberkelland.nl/: (6, 'Could not resolve host: gemeenteberkelland.nl')
+Fetch error: http://gemeentebest.nl/ => https://www.gemeentebest.nl/: Cycle detected - URL already encountered: https://www.gemeentebest.nl/
+Fetch error: http://www.gemeentebest.nl/ => https://www.gemeentebest.nl/: Cycle detected - URL already encountered: https://www.gemeentebest.nl/
+Fetch error: http://boarnsterhim.nl/ => https://www.boarnsterhim.nl/: (28, 'Connection timed out after 10000 milliseconds')
+Fetch error: http://www.boarnsterhim.nl/ => https://www.boarnsterhim.nl/: (28, 'Connection timed out after 10001 milliseconds')
+Fetch error: http://borne.nl/ => https://www.borne.nl/: (7, 'Failed to connect to www.borne.nl port 443: Connection refused')
+Fetch error: http://www.borne.nl/ => https://www.borne.nl/: (7, 'Failed to connect to www.borne.nl port 443: Connection refused')
+Fetch error: http://elburg.nl/ => https://www.elburg.nl/: (6, 'Could not resolve host: elburg.nl')
+Fetch error: http://geldermalsen.nl/ => https://www.geldermalsen.nl/: (6, 'Could not resolve host: geldermalsen.nl')
+Fetch error: http://www.heusden.nl/ => https://www.heusden.nl/: (18, 'transfer closed with outstanding read data remaining')
+Fetch error: http://hoorn.nl/ => https://www.hoorn.nl/: Cycle detected - URL already encountered: https://www.hoorn.nl/Int
+Fetch error: http://www.hoorn.nl/ => https://www.hoorn.nl/: Cycle detected - URL already encountered: https://www.hoorn.nl/Int
+Fetch error: http://huizen.nl/ => https://www.huizen.nl/: (51, "SSL: no alternative certificate subject name matches target host name 'www.huizen.nl'")
+Fetch error: http://www.huizen.nl/ => https://www.huizen.nl/: (51, "SSL: no alternative certificate subject name matches target host name 'www.huizen.nl'")
+Fetch error: http://lochem.nl/ => https://www.lochem.nl/: (7, 'Failed to connect to www.lochem.nl port 443: No route to host')
+Fetch error: http://www.lochem.nl/ => https://www.lochem.nl/: (7, 'Failed to connect to www.lochem.nl port 443: No route to host')
+Fetch error: http://maarssen.nl/ => https://www.maarssen.nl/: (51, "SSL: no alternative certificate subject name matches target host name 'www.maarssen.nl'")
+Fetch error: http://www.maarssen.nl/ => https://www.maarssen.nl/: (51, "SSL: no alternative certificate subject name matches target host name 'www.maarssen.nl'")
+Fetch error: http://maastricht.nl/ => https://www.maastricht.nl/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.maastricht.nl/ => https://www.maastricht.nl/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://noordwijkerhout.nl/ => https://www.noordwijkerhout.nl/: (6, 'Could not resolve host: noordwijkerhout.nl')
+Fetch error: http://www.noordwijkerhout.nl/ => https://www.noordwijkerhout.nl/: (60, 'SSL certificate problem: self signed certificate')
+Fetch error: http://oldebroek.nl/ => https://www.oldebroek.nl/: None
+Fetch error: http://renkum.nl/ => https://www.renkum.nl/: (6, 'Could not resolve host: renkum.nl')
+Fetch error: http://rijswijk.nl/ => https://www.rijswijk.nl/: Cycle detected - URL already encountered: https://www.rijswijk.nl/
+Fetch error: http://www.rijswijk.nl/ => https://www.rijswijk.nl/: Cycle detected - URL already encountered: https://www.rijswijk.nl/
+Fetch error: http://schijndel.nl/ => https://www.schijndel.nl/: (28, 'Connection timed out after 10001 milliseconds')
+Fetch error: http://www.schijndel.nl/ => https://www.schijndel.nl/: (28, 'Connection timed out after 10000 milliseconds')
+Fetch error: http://stedebroec.nl/ => https://www.stedebroec.nl/: (6, 'Could not resolve host: stedebroec.nl')
+Fetch error: http://terneuzen.nl/ => https://www.terneuzen.nl/: (6, 'Could not resolve host: terneuzen.nl')
+Fetch error: http://tubbergen.nl/ => https://www.tubbergen.nl/: (7, 'Failed to connect to www.tubbergen.nl port 443: Connection refused')
+Fetch error: http://www.tubbergen.nl/ => https://www.tubbergen.nl/: (7, 'Failed to connect to www.tubbergen.nl port 443: Connection refused')
+Fetch error: http://uden.nl/ => https://www.uden.nl/: Cycle detected - URL already encountered: https://www.uden.nl/
+Fetch error: http://www.uden.nl/ => https://www.uden.nl/: Cycle detected - URL already encountered: https://www.uden.nl/
+Fetch error: http://weert.nl/ => https://www.weert.nl/: (7, 'Failed to connect to www.weert.nl port 443: Connection refused')
+Fetch error: http://www.weert.nl/ => https://www.weert.nl/: (7, 'Failed to connect to www.weert.nl port 443: Connection refused')
+Fetch error: http://wierden.nl/ => https://www.wierden.nl/: (51, "SSL: no alternative certificate subject name matches target host name 'www.wierden.nl'")
+Fetch error: http://www.wierden.nl/ => https://www.wierden.nl/: (51, "SSL: no alternative certificate subject name matches target host name 'www.wierden.nl'")
+Fetch error: http://wijchen.nl/ => https://www.wijchen.nl/: (51, "SSL: no alternative certificate subject name matches target host name 'www.wijchen.nl'")
+Fetch error: http://www.wijchen.nl/ => https://www.wijchen.nl/: (51, "SSL: no alternative certificate subject name matches target host name 'www.wijchen.nl'")
+Fetch error: http://zaltbommel.nl/ => https://www.zaltbommel.nl/: (51, "SSL: no alternative certificate subject name matches target host name 'www.zaltbommel.nl'")
+Fetch error: http://www.zaltbommel.nl/ => https://www.zaltbommel.nl/: (51, "SSL: no alternative certificate subject name matches target host name 'www.zaltbommel.nl'")
+Fetch error: http://zwijndrecht.nl/ => https://www.zwijndrecht.nl/: (6, 'Could not resolve host: zwijndrecht.nl')
+Fetch error: http://www.zwijndrecht.nl/ => https://www.zwijndrecht.nl/: (51, "SSL: no alternative certificate subject name matches target host name 'www.zwijndrecht.nl'")
+	Problematic domains:
+
+		- schiedam.nl *
+
+	* 404
+
+-->
+<ruleset name="NL Overheid" platform="mixedcontent" default_off="failed ruleset test">
   <!-- Ruleset created by Jeroen van der Gun
 
        This large ruleset secures a large amount of websites
diff --git a/src/chrome/content/rules/NeedMoreHits.com.xml b/src/chrome/content/rules/NeedMoreHits.com.xml
index 2be600081225..7ab322d0cb42 100644
--- a/src/chrome/content/rules/NeedMoreHits.com.xml
+++ b/src/chrome/content/rules/NeedMoreHits.com.xml
@@ -17,4 +17,4 @@
 	<rule from="^http://(?:www\.)?needmorehits\.com/"
 		to="https://www.needmorehits.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Neelwafurat.com.xml b/src/chrome/content/rules/Neelwafurat.com.xml
index f4bb75ee85d5..e8eb977e4e8b 100644
--- a/src/chrome/content/rules/Neelwafurat.com.xml
+++ b/src/chrome/content/rules/Neelwafurat.com.xml
@@ -2,5 +2,5 @@
   <target host="neelwafurat.com" />
   <target host="www.neelwafurat.com" />
 
-  <rule from="^http://(www\.)?neelwafurat\.com/" to="https://$1neelwafurat.com/" />
-</ruleset>
\ No newline at end of file
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Neg9.org.xml b/src/chrome/content/rules/Neg9.org.xml
deleted file mode 100644
index b5b33130400a..000000000000
--- a/src/chrome/content/rules/Neg9.org.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!-- This rule was automatically generated based on an HSTS
-     preload rule in the Chromium browser.  See 
-     https://src.chromium.org/viewvc/chrome/trunk/src/net/base/transport_security_state.cc
-     for the list of preloads.  Sites are added to the Chromium HSTS
-     preload list on request from their administrators, so HTTPS should
-     work properly everywhere on this site.
- 
-     Because Chromium and derived browsers automatically force HTTPS for
-     every access to this site, this rule applies only to Firefox. -->
-<ruleset name="Neg9.org" platform="firefox">
-  <target host="neg9.org" />
-
-  <securecookie host="^neg9\.org$" name=".+" />
-
-  <rule from="^http://neg9\.org/" to="https://neg9.org/" />
-</ruleset>
diff --git a/src/chrome/content/rules/NegativeSum.net.xml b/src/chrome/content/rules/NegativeSum.net.xml
new file mode 100644
index 000000000000..a769d7678000
--- /dev/null
+++ b/src/chrome/content/rules/NegativeSum.net.xml
@@ -0,0 +1,14 @@
+<!--
+	Expired 2015-03
+
+-->
+<ruleset name="NegativeSum.net" default_off="expired">
+
+	<target host="negativesum.net" />
+	<target host="www.negativesum.net" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NegotiatingSalary.com.xml b/src/chrome/content/rules/NegotiatingSalary.com.xml
index cb15272e7e53..f8fdf340cd10 100644
--- a/src/chrome/content/rules/NegotiatingSalary.com.xml
+++ b/src/chrome/content/rules/NegotiatingSalary.com.xml
@@ -1,13 +1,25 @@
-<ruleset name="NegotiatingSalary.com">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://negotiatingsalary.com/ => https://negotiatingsalary.com/: Too many redirects while fetching 'https://negotiatingsalary.com/'
+Fetch error: http://www.negotiatingsalary.com/ => https://www.negotiatingsalary.com/: Too many redirects while fetching 'https://www.negotiatingsalary.com/'
+
+-->
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://negotiatingsalary.com/ => https://negotiatingsalary.com/: Too many redirects while fetching 'https://negotiatingsalary.com/'
+
+-->
+<ruleset name="NegotiatingSalary.com" default_off="failed ruleset test">
 
 	<target host="negotiatingsalary.com" />
-	<target host="*.negotiatingsalary.com" />
+	<target host="www.negotiatingsalary.com" />
 
 
 	<securecookie host="^\.negotiatingsalary.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?negotiatingsalary\.com/"
-		to="https://$1negotiatingsalary.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Nehnutelnosti.sk.xml b/src/chrome/content/rules/Nehnutelnosti.sk.xml
new file mode 100644
index 000000000000..ddff25e3f7b6
--- /dev/null
+++ b/src/chrome/content/rules/Nehnutelnosti.sk.xml
@@ -0,0 +1,12 @@
+<!--
+	Real estate site nehnutelnosti.sk
+
+	Mismatch:
+		- m.nehnutelnosti.sk
+-->
+<ruleset name="Nehnutelnosti.sk">
+	<target host="nehnutelnosti.sk" />
+	<target host="www.nehnutelnosti.sk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Neil.brown.name.xml b/src/chrome/content/rules/Neil.brown.name.xml
new file mode 100644
index 000000000000..023f242b8fc3
--- /dev/null
+++ b/src/chrome/content/rules/Neil.brown.name.xml
@@ -0,0 +1,31 @@
+<!--
+	Network unreachable:
+		- ip6.neil.brown.name
+		- ipv6.neil.brown.name
+		- notabene.neil.brown.name
+		- v6.neil.brown.name
+
+	Connection timed out:
+		- joy.neil.brown.name
+
+	Mismatched:
+		- files.neil.brown.name
+		- gnubean.neil.brown.name
+		- ip4.neil.brown.name
+		- ipv4.neil.brown.name
+		- mail.neil.brown.name
+		- ns.neil.brown.name
+		- ns2.neil.brown.name
+		- v4.neil.brown.name
+
+	HTTP != HTTPS:
+		- cloud.neil.brown.name
+		- home.neil.brown.name
+-->
+<ruleset name="neil.brown.name">
+	<target host="neil.brown.name" />
+	<target host="blog.neil.brown.name" />
+	<target host="git.neil.brown.name" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Neis-One.org.xml b/src/chrome/content/rules/Neis-One.org.xml
new file mode 100644
index 000000000000..07491add0043
--- /dev/null
+++ b/src/chrome/content/rules/Neis-One.org.xml
@@ -0,0 +1,31 @@
+<!--
+	Mismatched:
+		- livechanges
+		- www.livechanges
+		- osmbirthday
+		- www.osmbirthday
+		- resultmap
+		- www.resultmap
+	
+	Active mixed content (see Neis-One.org_mixedcontent.xml):
+		- resultmaps
+		- www.resultmaps
+-->
+<ruleset name="Neis-One.org">
+	<target host="neis-one.org" />
+	<target host="www.neis-one.org" />
+	<target host="hdyc.neis-one.org" />
+	<target host="www.hdyc.neis-one.org" />
+	<target host="maps.neis-one.org" />
+	<target host="www.maps.neis-one.org" />
+	<target host="osmfight.neis-one.org" />
+	<target host="www.osmfight.neis-one.org" />
+	<target host="osmstats.neis-one.org" />
+	<target host="www.osmstats.neis-one.org" />
+	<target host="tools.neis-one.org" />
+	<target host="www.tools.neis-one.org" />
+	<target host="yosmhm.neis-one.org" />
+	<target host="www.yosmhm.neis-one.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Neis-One.org_mixedcontent.xml b/src/chrome/content/rules/Neis-One.org_mixedcontent.xml
new file mode 100644
index 000000000000..0e68cc40a21e
--- /dev/null
+++ b/src/chrome/content/rules/Neis-One.org_mixedcontent.xml
@@ -0,0 +1,9 @@
+<!--
+	For rules not causing mixed content issues, see Neis-One.org.xml.
+-->
+<ruleset name="Neis-One.org (mixed content)" platform="mixedcontent">
+	<target host="resultmaps.neis-one.org" />
+	<target host="www.resultmaps.neis-one.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Neko.im.xml b/src/chrome/content/rules/Neko.im.xml
new file mode 100644
index 000000000000..5f94399e47a0
--- /dev/null
+++ b/src/chrome/content/rules/Neko.im.xml
@@ -0,0 +1,18 @@
+<!--
+	Fully covered hosts:
+
+		- (www.)?
+
+-->
+<ruleset name="Neko.im">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="neko.im" />
+	<target host="www.neko.im" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Nelonen.fi-mixedvideo.xml b/src/chrome/content/rules/Nelonen.fi-mixedvideo.xml
deleted file mode 100644
index 0e3b80beebb5..000000000000
--- a/src/chrome/content/rules/Nelonen.fi-mixedvideo.xml
+++ /dev/null
@@ -1,29 +0,0 @@
-<!--
-	For rules not causing genuine mixed content, see Melonen.fi.xml.
-
-
-	NB: we cannot enable this ruleset until
-	adtech.de fixes its video loading code.
-
--->
-<ruleset name="Nelonen.fi (mixed videos)" platform="mixedcontent">
-
-	<target host="nelonen.fi" />
-	<target host="www.nelonen.fi" />
-		<!--
-			Breaks video:
-					-->
-		<exclusion pattern="^http://(?:www\.)?nelonen\.fi/(?:crossdomain\.xml|utils/video_config/geoblock\.php)" />
-		<!--
-			Handled in Nelonen.fi.xml:
-							-->
-		<exclusion pattern="^http://(?:www\.)?nelonen\.fi/utils/virheenmaaritys/(?:\w+\.jpg|css/|img/|js/|save\.php)" />
-
-
-	<securecookie host="^www\.nelonen\.fi$" name=".+" />
-
-
-	<rule from="^http://(www\.)?nelonen\.fi/"
-		to="https://$1nelonen.fi/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Nelonen.fi.xml b/src/chrome/content/rules/Nelonen.fi.xml
index 508643f44b5d..e5bd1acb1f13 100644
--- a/src/chrome/content/rules/Nelonen.fi.xml
+++ b/src/chrome/content/rules/Nelonen.fi.xml
@@ -1,104 +1,16 @@
 <!--
-	For rules causing real mixed content, see Nelonen.fi-mixedvideo.xml
-
-
-		- nelonen.spring-tns.net
-
-
-	Mixed content:
-
-		- Scripts:
-
-			- on www from www *
-			- on www from cts.sanoma.fi *
-			- on www from n.sestatic.fi *
-			- on www from nt.sestatic.fi *
-			- on www from rb2.sestatic.fi ***
-			- on www from assets.zendesk.com *
-
-		- css:
-
-			- on www from www *
-			- on www from fonts.googleapis.com *
-
-		- Flash:
-
-			- on www from www.ruutu.fi ***
-
-		- xml:
-
-			- on www from www **
-			- on www from adserver.adtech.de **
-			- on www from gatling.nelonenmedia.fi ***
-
-		- video:
-
-			- on www from www.ruutu.fi ***
-
-		- Images:
-
-			- on www from www *
-			- on www from sandbox.betatesti.com ****
-			- on www from rb3.sestatic.fi ****
-
-		- Web bugs and ads:
-
-			- on www from ad.360yield.com *
-			- on www from creative.360yield.com ***
-			- on www from s1.adform.net *
-			- on www from track.adform.net *
-			- on www from adserver.adtech.de *
-			- on www from aka-cdn-ns.adtech.de *
-			- on www from analytics.sanoma.fi *
-			- on www from is12.snstatic.fi *
-			- on www from anet.tradedoubler.com *
-			- on www from ad.yieldbot.net *
-
-	* Secured by us
-	** Breaks video
-	*** Unsecurable
-	**** Unsecurable, but images don't trigger MCB
-
-
-	NB: We *cannot* merge -mixedvideo because securing
-	adserver.adtech.de xml breaks video streams:
-
-		https://trac.torproject.org/projects/tor/ticket/7670
-
-	However, since we secure all active content
-	aside from that which is on pages under utils/,
-	we should remove platform for Ffx 24.
+	Invalid certificate:
+		gigantti.nelonen.fi
+		kampanjat.nelonen.fi
 
 -->
-<ruleset name="Nelonen.fi (partial)" platform="mixedcontent">
+<ruleset name="Nelonen.fi">
 
 	<target host="nelonen.fi" />
-	<target host="*.nelonen.fi" />
-		<!--
-			Videos subject to adtech.de mixed content:
-									-->
-		<!--exclusion pattern="^http://(www\.)?nelonen\.fi/utils/virheenmaaritys/" /-->
-		<!--
-			These breaks video:
-						-->
-		<exclusion pattern="^http://(?:www\.)?nelonen\.fi/crossdomain\.xml" />
-		<!--exclusion pattern="^http://(www\.)?nelonen\.fi/utils/video_config/geoblock\.php" /-->
-		<!--
-			Exclude everything under utils/ that hasn't been tested wrt to video:
-												-->
-		<exclusion pattern="^http://(?:www\.)?nelonen\.fi/utils/(?!virheenmaaritys/(?:\w+\.jpg|css/|img/|js/|save\.php))" />
-		<!--
-			Uncomment this if other videos turn out to break:
-										-->
-		<!--exclusion pattern="^http://(?:www\.)?nelonen\.fi/(?![\w-]+\.json|adimages/|sites/|utils/)" /-->
-
-
-	<!--	Tracking cookies:
-					-->
-	<securecookie host="^\.nelonen\.fi$" name="^(?:adptset|enzgd|evid1st|evid(?:_ref|_set)?|__utm\w)$" />
+	<target host="www.nelonen.fi" />
 
+	<securecookie host="^\.nelonen\.fi$" name="^(adptset|enzgd|evid1st|evid(_ref|_set)?|__utm\w)$" />
 
-	<rule from="^http://(www\.)?nelonen\.fi/"
-		to="https://$1nelonen.fi/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Nelonenmedia.fi.xml b/src/chrome/content/rules/Nelonenmedia.fi.xml
index 59614492d963..c3210d3e9556 100644
--- a/src/chrome/content/rules/Nelonenmedia.fi.xml
+++ b/src/chrome/content/rules/Nelonenmedia.fi.xml
@@ -19,7 +19,8 @@
 -->
 <ruleset name="Nelonmedia.fi (partial)">
 
-	<target host="*.nelonenmedia.fi" />
+	<target host="crossbow.nelonenmedia.fi" />
+	<target host="sso.nelonenmedia.fi" />
 		<!--
 			Redirects to http:
 						-->
@@ -29,7 +30,6 @@
 	<securecookie host="^crossbow\.nelonenmedia\.fi$" name=".+" />
 
 
-	<rule from="^http://(crossbow|sso)\.nelonenmedia\.fi/"
-		to="https://$1.nelonenmedia.fi/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/NemID.xml b/src/chrome/content/rules/NemID.xml
index 77044a7e923a..9ee7eabefed8 100644
--- a/src/chrome/content/rules/NemID.xml
+++ b/src/chrome/content/rules/NemID.xml
@@ -1,12 +1,29 @@
-<ruleset name="NemID">
+<!--
+	Other NemID rulesets:
+
+		- DanID.dk.xml
+		- Medarbejdersignatur.dk.xml
+		- Pbs-erhverv.dk.xml
+
+	Problematic domains:
+
+		- nemid.nu ¹
+
+	¹: Timeout
+
+-->
+<ruleset name="NemID.nu">
 
 	<target host="nemid.nu"/>
-	<!--	* for cross-domain cookie	-->
-	<target host="*.nemid.nu"/>
+	<target host="service.nemid.nu"/>
+	<target host="www.nemid.nu"/>
+
+	<securecookie host="^(?:www)?\.nemid\.nu$" name=".+" />
 
-	<securecookie host="^(www)?\.nemid\.nu$" name=".*"/>
+	<rule from="^http://nemid\.nu/"
+		to="https://www.nemid.nu/" />
 
-	<rule from="^http://(www\.)?nemid\.nu/"
-		to="https://$1nemid.nu/"/>
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/NemLog-in.dk.xml b/src/chrome/content/rules/NemLog-in.dk.xml
new file mode 100644
index 000000000000..60943e8ed234
--- /dev/null
+++ b/src/chrome/content/rules/NemLog-in.dk.xml
@@ -0,0 +1,30 @@
+<!--
+	www.nemlog-in.dk does not exist.
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- nemlog-in.dk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="NemLog-in.dk">
+
+	<target host="nemlog-in.dk" />
+	<target host="login.nemlog-in.dk" />
+
+		<test url="http://nemlog-in.dk/login.aspx/noeglekort" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^nemlog-in\.dk$" name="^cookieCheck$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Nemertes.com.xml b/src/chrome/content/rules/Nemertes.com.xml
new file mode 100644
index 000000000000..ffea4d67f241
--- /dev/null
+++ b/src/chrome/content/rules/Nemertes.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="Nemertes.com">
+
+	<target host="nemertes.com" />
+	<target host="www.nemertes.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Neo-interactive.hu.xml b/src/chrome/content/rules/Neo-interactive.hu.xml
index d90ad3ffddbb..236a8912e3c3 100644
--- a/src/chrome/content/rules/Neo-interactive.hu.xml
+++ b/src/chrome/content/rules/Neo-interactive.hu.xml
@@ -1,4 +1,12 @@
-<ruleset name="Neo-interactive.hu">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://neo-interactive.hu/ => https://neo-interactive.hu/: Too many redirects while fetching 'https://neo-interactive.hu/'
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://neo-interactive.hu/ => https://neo-interactive.hu/: Cycle detected - URL already encountered: https://neo-interactive.hu/
+-->
+<ruleset name="Neo-interactive.hu" default_off="failed ruleset test">
 	<target host="*.neo-interactive.hu" />
 	<target host="neo-interactive.hu" />
 
diff --git a/src/chrome/content/rules/Neo900.org.xml b/src/chrome/content/rules/Neo900.org.xml
new file mode 100644
index 000000000000..9a7d66eb5b91
--- /dev/null
+++ b/src/chrome/content/rules/Neo900.org.xml
@@ -0,0 +1,19 @@
+<!--
+	Nonfunctional hosts in *neo900.org:
+
+		- static ³
+
+	³ 403
+
+-->
+<ruleset name="Neo900.org (partial)">
+
+	<target host="neo900.org" />
+	<target host="my.neo900.org" />
+	<target host="www.neo900.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NeoBux.com.xml b/src/chrome/content/rules/NeoBux.com.xml
new file mode 100644
index 000000000000..05d65c7f1176
--- /dev/null
+++ b/src/chrome/content/rules/NeoBux.com.xml
@@ -0,0 +1,15 @@
+<!--
+	Wildcard DNS and certificate.
+
+-->
+<ruleset name="NeoBux.com">
+
+	<target host="neobux.com" />
+	<target host="www.neobux.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NeoDrive.co.xml b/src/chrome/content/rules/NeoDrive.co.xml
new file mode 100644
index 000000000000..fa3de8031657
--- /dev/null
+++ b/src/chrome/content/rules/NeoDrive.co.xml
@@ -0,0 +1,20 @@
+<!--
+	Mismatched:
+	- www.neodrive.co
+
+	Refused:
+	- d\d+.NeoDrive.co
+-->
+<ruleset name="NeoDrive.co" default_off="expired">
+
+	<target host="neodrive.co" />
+	<target host="www.neodrive.co" />
+
+
+	<rule from="^http://www\.neodrive\.co/"
+		to="https://neodrive.co/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NeoOffice.org.xml b/src/chrome/content/rules/NeoOffice.org.xml
index 943ecb20ac3e..f4e1ef35b0ed 100644
--- a/src/chrome/content/rules/NeoOffice.org.xml
+++ b/src/chrome/content/rules/NeoOffice.org.xml
@@ -1,42 +1,15 @@
 <!--
-	Some pages redirect to http.
-
-
-	Mixed content:
-
-		- Image on www from linkmaker.itunes.apple.com *
-
-	* Secured by us
-
+	401:
+	- userguide
 -->
-<ruleset name="NeoOffice.org (partial)">
+<ruleset name="NeoOffice.org">
 
 	<target host="neooffice.org" />
-	<target host="*.neooffice.org" />
-		<!--
-			These paths redirect to http:
-
-				- neojava/en/faq.php
-				- neojava/en/features.php
-				- neojava/en/index.php
-				- neojava/images/
-
-
-			These don't:
-
-				- neojava/en/contact.php
-				- neojava/en/download.php
-				- neojava/en/langpackdownload.php
-				- neojava/en/mirrors.php
-				- neojava/en/oldlangpackdownload.php
-				- images/
-							-->
-		<!--exclusion pattern="^http://(www\.)?neooffice\.org/neojava/(\w\w/(features|index)\.php|images/)" /-->
-		<exclusion pattern="^http://(?:www\.)?neooffice\.org/(?!default\.css|favicon\.png|images/|neojava/\w\w/(?:contact|download|(?:old)?langpackdownload|mirrors)\.php)" />
-		<exclusion pattern="^http://neowiki\.neooffice\.org/(?!index\.php/Special:Userlogin|skins/)" />
+	<target host="www.neooffice.org" />
+	<target host="neowiki.neooffice.org" />
+	<target host="trinity.neooffice.org" />
 
 
-	<rule from="^http://(neowiki\.|www\.)?neooffice\.org/"
-		to="https://$1neooffice.org/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/NeoSmart.com.xml b/src/chrome/content/rules/NeoSmart.com.xml
index 8e1635cd9faf..f6b9f5592cf3 100644
--- a/src/chrome/content/rules/NeoSmart.com.xml
+++ b/src/chrome/content/rules/NeoSmart.com.xml
@@ -16,7 +16,8 @@
 <ruleset name="NeoSmart.net">
 
 	<target host="neosmart.net" />
-	<target host="*.neosmart.net" />
+	<target host="www.neosmart.net" />
+	<target host="secure.neosmart.net" />
 
 
 	<securecookie host="^\.?(?:secure\.)?neosmart\.com$" name=".+" />
@@ -25,7 +26,6 @@
 	<rule from="^http://(?:www\.)?neosmart\.net/"
 		to="https://neosmart.net/" />
 
-	<rule from="^http://secure\.neosmart\.net/"
-		to="https://secure.neosmart.net/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Neobookings.xml b/src/chrome/content/rules/Neobookings.xml
index 991a13f60311..664bd6cf2856 100644
--- a/src/chrome/content/rules/Neobookings.xml
+++ b/src/chrome/content/rules/Neobookings.xml
@@ -13,7 +13,7 @@
 	<!--	- Cert doesn't match
 		- Redirects like so
 					-->
-	<rule from="^https?://demo\.neobookings\.com/"
+	<rule from="^http://demo\.neobookings\.com/"
 		to="https://secure.neobookings.com/es/step-1" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Neomailbox.xml b/src/chrome/content/rules/Neomailbox.xml
index 54e60c2c6058..aaaca9c522d6 100644
--- a/src/chrome/content/rules/Neomailbox.xml
+++ b/src/chrome/content/rules/Neomailbox.xml
@@ -1,14 +1,25 @@
+<!--
+	Invalid certificate:
+		support.neomailbox.com
+
+		www.neomailbox.net
+
+-->
 <ruleset name="neomailbox">
 
-	<target host="neomailbox.*" />
-	<target host="*.neomailbox.com" />
-	<target host="www.neomailbox.net" />
+	<target host="neomailbox.com" />
+	<target host="www.neomailbox.com" />
+	<target host="secure.neomailbox.com" />
 
+	<target host="neomailbox.net" />
+	<target host="www.neomailbox.net" />
 
-	<securecookie host="^(?:w*\.)?neomailbox\.(?:com|net)$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
+	<rule from="^http://www\.neomailbox\.net/"
+		to="https://www.neomailbox.com/" />
 
-	<rule from="^http://(www\.)?neomailbox\.(com|net)/"
-		to="https://$1neomailbox.$2/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/NeonMob.com.xml b/src/chrome/content/rules/NeonMob.com.xml
new file mode 100644
index 000000000000..4e0f603c44ef
--- /dev/null
+++ b/src/chrome/content/rules/NeonMob.com.xml
@@ -0,0 +1,22 @@
+<!--
+	CDN buckets:
+
+		- d1ld1je540hac5.cloudfront.net
+
+
+	^: refused
+
+-->
+<ruleset name="NeonMob.com">
+
+	<target host="neonmob.com" />
+	<target host="www.neonmob.com" />
+
+
+	<securecookie host="^(?:www)?\.neonmob\.com$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?neonmob\.com/"
+		to="https://www.neonmob.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Neonisi.com.xml b/src/chrome/content/rules/Neonisi.com.xml
deleted file mode 100644
index b631078f914b..000000000000
--- a/src/chrome/content/rules/Neonisi.com.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!-- This rule was automatically generated based on an HSTS
-     preload rule in the Chromium browser.  See
-     https://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.h
-     for the list of preloads.  Sites are added to the Chromium HSTS
-     preload list on request from their administrators, so HTTPS should
-     work properly everywhere on this site.
-
-     Because Chromium and derived browsers automatically force HTTPS for
-     every access to this site, this rule applies only to Firefox. -->
-<ruleset name="Neonisi.com" platform="firefox">
-<target host="neonisi.com" />
-<target host="www.neonisi.com" />
-<target host="shops.neonisi.com" />
-
-<securecookie host="^neonisi\.com$" name=".+" />
-<securecookie host="^www\.neonisi\.com$" name=".+" />
-<securecookie host="^shops\.neonisi\.com$" name=".+" />
-
-<rule from="^http://neonisi\.com/" to="https://neonisi.com/" />
-<rule from="^http://www\.neonisi\.com/" to="https://www.neonisi.com/" />
-<rule from="^http://shops\.neonisi\.com/" to="https://shops.neonisi.com/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Neos.io.xml b/src/chrome/content/rules/Neos.io.xml
new file mode 100644
index 000000000000..82b255e6e69e
--- /dev/null
+++ b/src/chrome/content/rules/Neos.io.xml
@@ -0,0 +1,51 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://jira.neos.io/ => https://jira.neos.io/: (28, 'Connection timed out after 20000 milliseconds')
+
+	Nonfunctional hosts in *neos.io:
+
+		- slack *
+
+	* Redirects to activecollab.sandstorm.de
+
+
+	Problematic hosts in *neos.io:
+
+		- translate *
+
+	* Mismatched
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .neos.io
+		- discuss.neos.io
+		- translate.neos.io
+
+-->
+<ruleset name="Neos.io (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="neos.io" />
+	<target host="discuss.neos.io" />
+	<target host="jira.neos.io" />
+	<!--target host="translate.neos.io" /-->
+	<target host="www.neos.io" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="\.neos\.io$" name="^(?:__cfduid|cf_clearance)" /-->
+	<!--securecookie host="^discuss\.neos\.io$" name="^(?:_forum_session|destination_url)$" /-->
+	<!--securecookie host="^translate\.neos.io$" name="^cid$" /-->
+
+	<securecookie host="\.neos\.io$" name="^(?:__cfduid|cf_clearance)" />
+	<securecookie host="discuss\.neos\.io$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Neoseeker.xml b/src/chrome/content/rules/Neoseeker.xml
index 298808542a2a..443633810ddc 100644
--- a/src/chrome/content/rules/Neoseeker.xml
+++ b/src/chrome/content/rules/Neoseeker.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://neoseeker.com/ => https://neoseeker.com/: (60, 'SSL certificate problem: certificate has expired')
+
 	CDN buckets:
 
 		- 306885977.r.cdn77.net
@@ -25,7 +29,7 @@
 
 		- cdn.staticneo.com
 -->
-<ruleset name="Neoseeker">
+<ruleset name="Neoseeker" default_off="failed ruleset test">
 
 	<target host="neoseeker.com" />
 	<target host="*.neoseeker.com" />
@@ -35,7 +39,7 @@
 	<securecookie host="^\.neoseeker\.com$" name=".+" />
 
 
-	<rule from="^https?://i(?:mg)?\.neoseeker\.com/"
+	<rule from="^http://i(?:mg)?\.neoseeker\.com/"
 		to="https://img.neoseeker.com/" />
 
 	<rule from="^http://cdn\.staticneo\.com/"
@@ -44,4 +48,4 @@
 	<rule from="^http://(\w+\.)?neoseeker\.com/"
 		to="https://$1neoseeker.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Neowin.net.xml b/src/chrome/content/rules/Neowin.net.xml
deleted file mode 100644
index ad8b8737ac53..000000000000
--- a/src/chrome/content/rules/Neowin.net.xml
+++ /dev/null
@@ -1,37 +0,0 @@
-<!--
-	Problematic subdomains:
-
-		- ^	(cert only matches www)
-
-
-	Some pages redirect to http.
-
-
-	Mixed content:
-
-		- Images, on www from:
-
-			- www *
-			- a0.twimg.com *
-
-		- Ads/web bugs, on www from:
-
-			- neowin.us.intellitxt.com
-			- ad\d.netshelter.net *
-			- track.netshelter.net *
-			- s.skimresources.com *
-
-	* Secured by us
-
--->
-<ruleset name="Neowin.net (partial)">
-
-	<target host="neowin.net" />
-	<target host="www.neowin.net" />
-		<!--exclusion pattern="^http://(www\.)?neowin\.net/(?!css/|favicon\.ico|forum($|[?/])|images/|js/)" /-->
-
-
-	<rule from="^http://(?:www\.)?neowin\.net/(?=css/|favicon\.ico|forum(?:$|[?/])|images/|js/)"
-		to="https://www.neowin.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Nerds_Nook.com.xml b/src/chrome/content/rules/Nerds_Nook.com.xml
new file mode 100644
index 000000000000..5b47472b3524
--- /dev/null
+++ b/src/chrome/content/rules/Nerds_Nook.com.xml
@@ -0,0 +1,30 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://nerdsnook.com/ => https://nerdsnook.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.nerdsnook.com/ => https://www.nerdsnook.com/: (60, 'SSL certificate problem: certificate has expired')
+
+	Insecure cookies are set for these domains:
+
+		- .nerdsnook.com
+
+-->
+<ruleset name="Nerds Nook.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="nerdsnook.com" />
+	<target host="www.nerdsnook.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.nerdsnook\.com$" name="^[\da-f]{32}$" /-->
+
+	<securecookie host="^\.nerdsnook\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Nerf_NOW.xml b/src/chrome/content/rules/Nerf_NOW.xml
index 895ba6ad4efe..6b31e68bde43 100644
--- a/src/chrome/content/rules/Nerf_NOW.xml
+++ b/src/chrome/content/rules/Nerf_NOW.xml
@@ -4,7 +4,6 @@
 	<target host="www.nerfnow.com" />
 
 
-	<rule from="^http://(www\.)?nerfnow\.com/"
-		to="https://$1nerfnow.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Nero.xml b/src/chrome/content/rules/Nero.xml
deleted file mode 100644
index 8d7dd5789d56..000000000000
--- a/src/chrome/content/rules/Nero.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- ^		(403)
-		- www		(403; mismatched, CN: ssl2.cdngc.net)
-
-
-	Problematic subdomains:
-
-		- webstatic	(works, akamai)
-
--->
-<ruleset name="Nero (partial)">
-
-	<target host="*.nero.com" />
-
-
-	<securecookie host="^apps\.nero\.com$" name=".+" />
-
-
-	<rule from="^http://(apps|shop(?:ing)?|stats)\.nero\.com/"
-		to="https://$1.nero.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Nervous_Systems.org.xml b/src/chrome/content/rules/Nervous_Systems.org.xml
new file mode 100644
index 000000000000..2699ba389544
--- /dev/null
+++ b/src/chrome/content/rules/Nervous_Systems.org.xml
@@ -0,0 +1,13 @@
+<ruleset name="Nervous Systems.org">
+
+	<target host="nervoussystems.org" />
+	<target host="www.nervoussystems.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Nessus.org.xml b/src/chrome/content/rules/Nessus.org.xml
new file mode 100644
index 000000000000..a7225c09468d
--- /dev/null
+++ b/src/chrome/content/rules/Nessus.org.xml
@@ -0,0 +1,19 @@
+<!--
+	(www.): dropped
+
+-->
+<ruleset name="Nessus.org (partial)">
+
+	<target host="discussions.nessus.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^discussions\.nessus\.org$" name="^(BIGipServerm\w{6}-\d+-pool|JSESSIONID|jive\.security\.context)$" /-->
+
+	<securecookie host="^discussions\.nessus\.org$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Nest.com.xml b/src/chrome/content/rules/Nest.com.xml
index d213bde58ab7..b106a70800eb 100644
--- a/src/chrome/content/rules/Nest.com.xml
+++ b/src/chrome/content/rules/Nest.com.xml
@@ -10,7 +10,7 @@
 	<target host="www.nest.com" />
 
 
-	<rule from="^http://(www\.)?nest\.com/"
-		to="https://$1nest.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Nestle.xml b/src/chrome/content/rules/Nestle.xml
index 56ddde1ce6c9..cdc248f1d975 100644
--- a/src/chrome/content/rules/Nestle.xml
+++ b/src/chrome/content/rules/Nestle.xml
@@ -32,10 +32,7 @@
 	<rule from="^http://((?:eur-tools|hosting|www)\.)?nestle\.com/"
 		to="https://$1nestle.com/" />
 
-	<rule from="^http://cdn\.nestle\.com/"
-		to="https://a248.e.akamai.net/f/1961/1/5m/cdn.nestle.com/" />
-
-	<rule from="^https?://(?:www\.)?nestle\.de/(_layouts/|DownloadPDF\.ashx|Helper/|MetaNavigation/|Style Library/)"
+	<rule from="^http://(?:www\.)?nestle\.de/(_layouts/|DownloadPDF\.ashx|Helper/|MetaNavigation/|Style Library/)"
 		to="https://www.nestle.de/$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Nestle_Purina_Careers.com.xml b/src/chrome/content/rules/Nestle_Purina_Careers.com.xml
new file mode 100644
index 000000000000..bd87c2671380
--- /dev/null
+++ b/src/chrome/content/rules/Nestle_Purina_Careers.com.xml
@@ -0,0 +1,30 @@
+<!--
+	For other Nestlé coverage, see Nestle.xml.
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .nestlepurinacareers.com
+		- www.nestlepurinacareers.com
+
+-->
+<ruleset name="Nestle Purina Careers.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="nestlepurinacareers.com" />
+	<target host="www.nestlepurinacareers.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.nestlepurinacareers\.com$" name="^(incap_ses_\d+_\d+|visid_incap_\d+)$" /-->
+	<!--securecookie host="^www\.nestlepurinacareers\.com$" name="^___utmv[abm]\w+$" /-->
+
+	<securecookie host="^(?:www)?\.nestlepurinacareers\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Nestle_Scholler.xml b/src/chrome/content/rules/Nestle_Scholler.xml
index e8a6e0212fc7..59f4224620f2 100644
--- a/src/chrome/content/rules/Nestle_Scholler.xml
+++ b/src/chrome/content/rules/Nestle_Scholler.xml
@@ -15,7 +15,7 @@
 
 	<!--	At least some pages redirect to http.
 							-->
-	<rule from="^https?://(?:www\.)?schoeller\.de/(NR|schoeller/Images)/"
+	<rule from="^http://(?:www\.)?schoeller\.de/(NR|schoeller/Images)/"
 		to="https://www.schoeller.de/$1/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Net-A-Porter.com.xml b/src/chrome/content/rules/Net-A-Porter.com.xml
index daf154f0b29f..6a9665226a3a 100644
--- a/src/chrome/content/rules/Net-A-Porter.com.xml
+++ b/src/chrome/content/rules/Net-A-Porter.com.xml
@@ -1,63 +1,62 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://fashionfix.net-a-porter.com/ => https://fashionfix.net-a-porter.com/: (28, 'Connection timed out after 20000 milliseconds')
+
 	CDN buckets:
 
 		- netaporterll3.sslcs.cdngc.net
 
 
-	Problematic subdomains:
-
-		- ^	(cert only matches www)
-
-
-	Fully covered subdomains:
-
-		- (www.)	(^ → www)
-		- cache
-		- fashionfix
-		- weathertop
-		- www-lt
+	Problematic hosts in *net-a-porter.com:
 
+		- ^ ¹
+		- weathertop ²
 
-	Observed cookie domains:
+	¹ Dropped
+	² Expired
 
-		- .
-		- .fashionfix
-		- weathertop
-		- www
-		- .www
-		- www-lt
-		- .www-lt
 
+	Insecure cookies are set for these domains and hosts: ᶜ
 
-	Mixed content:
+		- www.net-a-porter.com
+		- .www.net-a-porter.com
+		- .www-lt.net-a-porter.com
 
-		- Images:
-
-			- On fashionfix from fashionfix *
-			- On www from cache *
-
-		- Web bugs:
-
-			- On www from www **
-			- On www-lt from www **
-
-	* Secured by us, doesn't trip MCB anyway
-	** Secured by us, but who cares
+	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="Net-A-Porter.com">
-
+<ruleset name="Net-A-Porter.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="girdle-assets.net-a-porter.com" />
+	<target host="cache.net-a-porter.com" />
+	<target host="nap-assets.nap-live.ext.net-a-porter.com" />
+	<target host="fashionfix.net-a-porter.com" />
+	<!--target host="weathertop.net-a-porter.com" /-->
+	<target host="www.net-a-porter.com" />
+	<target host="www-lt.net-a-porter.com" />
+
+		<test url="http://nap-assets.nap-live.ext.net-a-porter.com/girdle/images/header/logo-net-a-porter.99b50697f42b8e42.svg" />
+
+	<!--	Complications:
+				-->
 	<target host="net-a-porter.com" />
-	<target host="*.net-a-porter.com" />
 
 
-	<securecookie host=".*\.net-a-porter\.com$" name=".+" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="www\.net-a-porter\.com$" name="^ADRUM_\d+_\d+_\d+" /-->
+	<!--securecookie host="\.www(?:-lt)?\.net-a-porter\.com$" name="^(?:channel|country_iso|deviceType|lang_iso|lang_time)$" /-->
+
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?net-a-porter\.com/"
+	<rule from="^http://net-a-porter\.com/"
 		to="https://www.net-a-porter.com/" />
 
-	<rule from="^http://(cache|fashionfix|weathertop|www-lt)\.net-a-porter\.com/"
-		to="https://$1.net-a-porter.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Net-Applications.xml b/src/chrome/content/rules/Net-Applications.xml
index 762ebc5302d4..c51f9a565745 100644
--- a/src/chrome/content/rules/Net-Applications.xml
+++ b/src/chrome/content/rules/Net-Applications.xml
@@ -1,37 +1,34 @@
 <!--
 	Other Net Applications rulesets:
 
+		- 1stWarning.com.xml
+		- Hits_processor.com.xml
 		- HitsLink.xml
+		- RealTimeStats.com.xml
 
 
 	Nonfunctional domains:
 
 		- (www.)loaddns.com	(reset)
+		- (www.)?netapplications.com ²
+		- searchterms.com ¹
+		- www.searchterms.com ²
 		- (www.)sharepost.com
 		- (www.)surveyware.com
 
--->
-<ruleset name="Net Applications">
-
-	<target host="1stwarning.com" />
-	<target host="www.1stwarning.com" />
-	<target host="netapplications.com" />
-	<target host="*.netapplications.com" />
-	<target host="searchterms.com" />
-	<target host="www.searchterms.com" />
+	¹ Reset
+	² Refused
 
+-->
+<ruleset name="Net Applications.com (partial)">
 
-	<securecookie host="^(.*\.)?1stwarning\.com$" name=".*" />
-	<securecookie host="^(.*\.)?netapplications\.com$" name=".*" />
+	<target host="partners.netapplications.com" />
 
 
-	<rule from="^http://(www\.)?1stwarning\.com/"
-		to="https://$11stwarning.com/" />
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(partners\.|www\.)?netapplications\.com/"
-		to="https://$1netapplications.com/" />
 
-	<rule from="^http://(www\.)?searchterms\.com/"
-		to="https://$1searchterms.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Net-Communities.xml b/src/chrome/content/rules/Net-Communities.xml
index 6d4aed1dfa3c..0313bb833b58 100644
--- a/src/chrome/content/rules/Net-Communities.xml
+++ b/src/chrome/content/rules/Net-Communities.xml
@@ -1,20 +1,28 @@
-<!--	!functional:
-		static.itproportal.com		(!alias for cdn)
-		(www.)itproportal.com		(timeout)
-		(www.)netcommunities.com	(timeout)
+<!--
+	Nonfunctional hosts in *netcommunities.com:
+
+		- (www.)? ᵈ
+		- adgallery ᵈ
+		- bagyourselfabillboard ᵈ
+
+	ᵈ Dropped
+
+
+	Problematic hosts in *netcommunities.com:
+
+		- ad ᵐ
+
+	ᵐ Mismatched
+
 -->
-<ruleset name="Net Communities (partial)">
+<ruleset name="Net Communities.com (partial)">
 
-	<target host="cdn.itproportal.com"/>
 	<target host="ad.netcommunities.com" />
 
 
-	<rule from="^http://cdn\.itproportal\.com/"
-		to="https://itpp.s3.amazonaws.com/"/>
+	<rule from="^http://ad\.netcommunities\.com/"
+		to="https://id.adnxs.com/" />
 
-	<!--	Certificate mismatch.
-					-->
-	<rule from="^https?://ad\.netcommunities\.com/"
-		to="https://ad.rmxads.com/" />
+		<test url="http://ad.netcommunities.com/seg?add=1&amp;t=1" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Net-Competition.xml b/src/chrome/content/rules/Net-Competition.xml
index 2900d86254ce..4afaa5a62a4b 100644
--- a/src/chrome/content/rules/Net-Competition.xml
+++ b/src/chrome/content/rules/Net-Competition.xml
@@ -1,18 +1,21 @@
 <!--
-	- Expired 2012-06-21
 	- Self-signed
-	- CN: Parallels Panel
+	- Cert only matches ^netcompetition.org
+	- ^netcompetition.org redirects to www.netcompetition.org
+
+
+	Mixed content:
+
+		- Images from $self
 
 -->
-<ruleset name="Net Competition" default_off="expired, self-signed">
+<ruleset name="Net Competition.org" default_off="mismatched, self-signed">
 
 	<target host="netcompetition.org" />
 	<target host="www.netcompetition.org" />
 
 
-	<!--	!www 301s to www.
-					-->
-	<rule from="^https?://(?:www\.)?netcompetition\.org/"
-		to="https://www.netcompetition.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Net-Dynamics.xml b/src/chrome/content/rules/Net-Dynamics.xml
index 7c75323e8398..a93d7320bdaf 100644
--- a/src/chrome/content/rules/Net-Dynamics.xml
+++ b/src/chrome/content/rules/Net-Dynamics.xml
@@ -1,15 +1,19 @@
-<!--	!functional:
+<!--
+	!functional:
 		- (www.)net-dynamics.net	(ssl_error_rx_record_too_long)
 		- (www.)p3pseal.com		(cert: p3pwiz.com, shows that domain's data)
+
 -->
-<ruleset name="Net Dynamics (partial)">
+<ruleset name="P3P Wiz.com" default_off="expired">
+
+	<target host="p3pwiz.com" />
+	<target host="www.p3pwiz.com" />
+
 
-	<target host="p3pwiz.com"/>
-	<target host="www.p3pwiz.com"/>
+	<securecookie host=".+" name=".+" />
 
-	<securecookie host="^(.*\.)?p3pwiz.com$" name=".*"/>
 
-	<rule from="^http://(www\.)?p3pwiz\.com/"
-		to="https://$1p3pwiz.com/"/>
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Net-Housting.de.xml b/src/chrome/content/rules/Net-Housting.de.xml
index 4dc2b59c659c..ec50844e9565 100644
--- a/src/chrome/content/rules/Net-Housting.de.xml
+++ b/src/chrome/content/rules/Net-Housting.de.xml
@@ -1,4 +1,11 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://housting.de/ => https://net-housting.de/: (51, "SSL: no alternative certificate subject name matches target host name 'net-housting.de'")
+Fetch error: http://www.housting.de/ => https://www.net-housting.de/: (51, "SSL: no alternative certificate subject name matches target host name 'www.net-housting.de'")
+Fetch error: http://net-housting.de/ => https://net-housting.de/: (51, "SSL: no alternative certificate subject name matches target host name 'net-housting.de'")
+Fetch error: http://www.net-housting.de/ => https://www.net-housting.de/: (51, "SSL: no alternative certificate subject name matches target host name 'www.net-housting.de'")
+
 	Nonfunctional subdomains:
 
 		- faq *
@@ -13,7 +20,7 @@
 		- (www.)housting.de	(mismatched, CN: *.net-housting.de)
 
 -->
-<ruleset name="Net-Housting.de (partial)">
+<ruleset name="Net-Housting.de (partial)" default_off="failed ruleset test">
 
 	<target host="housting.de" />
 	<target host="www.housting.de" />
@@ -27,4 +34,4 @@
 	<rule from="^http://(www\.)?(?:net-)?housting\.de/"
 		to="https://$1net-housting.de/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Net-Mobile.com.xml b/src/chrome/content/rules/Net-Mobile.com.xml
index 19699bdfc72a..2cc0ddfebc3c 100644
--- a/src/chrome/content/rules/Net-Mobile.com.xml
+++ b/src/chrome/content/rules/Net-Mobile.com.xml
@@ -20,7 +20,6 @@
 	<securecookie host="^www\.net-mobile\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?net-mobile\.com/"
-		to="https://$1net-mobile.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Net-Results.xml b/src/chrome/content/rules/Net-Results.xml
index c52771005d7b..d9f347663eaa 100644
--- a/src/chrome/content/rules/Net-Results.xml
+++ b/src/chrome/content/rules/Net-Results.xml
@@ -8,23 +8,15 @@
 
 	<target host="cdnma.com" />
 	<target host="sc.cdnma.com" />
-	<target host="*.net-results.com" />
+	<target host="apps.net-results.com" />
+	<target host="secure.net-results.com" />
 	<target host="nr7.us" />
 
 
 	<!--	Tracking cookies:
-					-->
-	<securecookie host="^\.net-results\.com$" name="^__utm\w$" />
-	<securecookie host="^(?:apps|\.?secure)\.net-results\.com$" name=".+" />
+					-->	<securecookie host="^(?:apps|\.?secure)\.net-results\.com$" name=".+" />
 
 
-	<rule from="^http://(sc\.)?cdnma\.com/"
-		to="https://$1cdnma.com/" />
+	<rule from="^http:" to="https:" />
 
-	<rule from="^http://(apps|secure)\.net-results\.com/"
-		to="https://$1.net-results.com/" />
-
-	<rule from="^http://nr7\.us/"
-		to="https://nr7.us/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Net-Safe.xml b/src/chrome/content/rules/Net-Safe.xml
deleted file mode 100644
index bca67334cd67..000000000000
--- a/src/chrome/content/rules/Net-Safe.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	For other Peercraft coverage, see Peercraft.xml.
-
--->
-<ruleset name="Net-Safe">
-
-	<target host="net-safe.info" />
-	<target host="*.net-safe.info" />
-
-
-	<securecookie host="^\.net-safe\.info$" name=".+" />
-
-
-	<rule from="^http://(www\.)?net-safe\.info/"
-		to="https://$1net-safe.info/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Net-dns.org.xml b/src/chrome/content/rules/Net-dns.org.xml
new file mode 100644
index 000000000000..796fa6b2f812
--- /dev/null
+++ b/src/chrome/content/rules/Net-dns.org.xml
@@ -0,0 +1,6 @@
+<ruleset name="Net-dns.org">
+	<target host="net-dns.org" />
+	<target host="www.net-dns.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Net-metrix.ch.xml b/src/chrome/content/rules/Net-metrix.ch.xml
new file mode 100644
index 000000000000..f3306592b452
--- /dev/null
+++ b/src/chrome/content/rules/Net-metrix.ch.xml
@@ -0,0 +1,24 @@
+<!--
+	For other NET-Metrix coverage, see Wemfbox.ch.xml.
+
+	Nonfunctional hosts in *.net-metrix.ch:
+		- sehstoff.net-metrix.ch (m)
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+
+	Host has a wildcard DNS record but serves no wildcard cert.
+-->
+<ruleset name="Net-metrix.ch">
+	<target host="net-metrix.ch" />
+	<target host="www.net-metrix.ch" />
+	<target host="tool.net-metrix.ch" />
+	<target host="kb.net-metrix.ch" />
+	<target host="scores.net-metrix.ch" />
+	<target host="heatmap.net-metrix.ch" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Net-security.org.xml b/src/chrome/content/rules/Net-security.org.xml
index 7acb6d81f120..fa33e3505e5f 100644
--- a/src/chrome/content/rules/Net-security.org.xml
+++ b/src/chrome/content/rules/Net-security.org.xml
@@ -1,28 +1,34 @@
 <!--
 	Mixed content:
 
-		- Video on www from www.youtube.com *
+		- Script from ajax.googleapis.com ¹
 
-		- Images, on www from :
+		- Images from www ²
 
-			- www *
+		- Web bugs, from:
 
-		- Web bugs, on www from:
+			- s7.addthis.com ²
+			- cdn-images.mailchimp.com ²
+			- downloads.mailchimp.com ²
+			- c.statcounter.com ²
+			- www.statcounter.com ²
+			- cts.tradepub.com ²
 
-			- s7.addthis.com *
-			- cdn-images.mailchimp.com *
-			- c.statcounter.com *
+	¹ Seems to be used for tracking only(?) Regardless,
+	  effects of its absence seem minimal. Secured by us.
 
-	* Secured by us
+	² Secured by us
+
+
+	Started redirecting to http.
 
 -->
-<ruleset name="net-security.org (false MCB)" platform="mixedcontent">
+<ruleset name="net-security.org" default_off="broken">
 
 	<target host="net-security.org" />
 	<target host="www.net-security.org" />
 
 
-	<rule from="^http://(www\.)?net-security\.org/"
-		to="https://$1net-security.org/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/NetApp-mismatches.xml b/src/chrome/content/rules/NetApp-mismatches.xml
index 5c7cbee367c7..fe6409b2464b 100644
--- a/src/chrome/content/rules/NetApp-mismatches.xml
+++ b/src/chrome/content/rules/NetApp-mismatches.xml
@@ -2,28 +2,17 @@
 	For rules that are on by default, see NetApp.xml.
 
 -->
-<ruleset name="NetApp (mismatches)" default_off="mismatched">
+<ruleset name="NetApp.com (mismatches)" default_off="mismatched">
 
-	<target host="netapp.com" />
-	<target host="*.netapp.com" />
-		<!--
-			Not available via https:
-						-->
-		<exclusion pattern="^http://(?:www\.)?netapp\.com/designimages/(?:bkg|icon)-" />
+	<!--	Direct rewrites:
+				-->
+	<target host="media.netapp.com" />
 
 
-	<!--	Observed cookie subdomains:
+	<securecookie host="^\.netapp\.com$" name=".+" />
 
-			- .
-			- www
-					-->
-	<securecookie host="^w*\.netapp\.com$" name=".+" />
 
-
-	<rule from="^http://(?:www\.)?netapp\.com/"
-		to="https://www.netapp.com/" />
-
-	<rule from="^http://media\.netapp\.com/"
-		to="https://media.netapp.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/NetApp.xml b/src/chrome/content/rules/NetApp.xml
index 32fb4866a47d..b29cebd1dc01 100644
--- a/src/chrome/content/rules/NetApp.xml
+++ b/src/chrome/content/rules/NetApp.xml
@@ -1,4 +1,12 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://private-communities.netapp.com/ => https://private-communities.netapp.com/: (51, "SSL: no alternative certificate subject name matches target host name 'private-communities.netapp.com'")
+Fetch error: http://tech.netapp.com/ => https://tech.netapp.com/: (51, "SSL: no alternative certificate subject name matches target host name 'tech.netapp.com'")
+
+	fast, fast-new, login: Gone
+
+
 	For problematic rules, see NetApp-mismatches.xml.
 
 
@@ -14,48 +22,105 @@
 
 	Problematic subdomains:
 
-		- (www.) *
-		- blogs		(no https)
+		- ^ ¹
+		- library ³
 		- media *
 
+	¹ Mismatched
+	³ Server sends no certificate chain, see https://whatsmychaincert.com
 	* Works, akamai
 
 
-	Mixed images on communities from www
+	Fully covered hosts in *netapp.com:
 
-	Mixed images on solutionconnection from media
+		- (www.)?		(^ → www)
+		- blogs
+		- communities
+		- community
+		- fieldportal
+		- forums
+		- mysupport
+		- private-communities
+		- signin
+		- support
+		- tech
+
+
+	services-new: Dropped over http & https
 
--->
-<ruleset name="NetApp (partial)">
 
-	<target host="*.netapp.com" />
+	Insecure cookies are set for these domains and hosts:
 
+		- .netapp.com
+		- community.netapp.com
+		- fieldportal.netapp.com
+		- forums.netapp.com
+		- library.netapp.com
+		- mysupport.netapp.com
+		- private-communities.netapp.com
+		- signin.netapp.com
 
-	<!--	Observed cookie subdomains:
 
-			- communities
-			- fast
-			- fast-new
-			- fieldportal
-			- forums
-			- login
-			- services-new
-			- solutionconnection
-			- support
-			- tech
+	Mixed content:
+
+	Mixed images on communities from www
+
+	Mixed images on solutionconnection from media
+
+		- favicon on www from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="NetApp.com (partial)" default_off="failed ruleset test">
+
+	<target host="learningcenter.netapp.com" />
+	<target host="learningcentre.netapp.com" />
+	<target host="now.netapp.com" />
+	<target host="services.netapp.com" />
+	<target host="solutionconnection.netapp.com" />
+
+	<!--	Direct rewrites:
+				-->
+	<target host="blogs.netapp.com" />
+	<target host="communities.netapp.com" />
+	<target host="community.netapp.com" />
+	<target host="fieldportal.netapp.com" />
+	<target host="forums.netapp.com" />
+	<!--target host="library.netapp.com" /-->
+	<target host="mysupport.netapp.com" />
+	<target host="private-communities.netapp.com" />
+	<target host="signin.netapp.com" />
+	<target host="support.netapp.com" />
+	<target host="tech.netapp.com" />
+	<target host="www.netapp.com" />
+
+	<!--	Complications:
+				-->
+	<target host="netapp.com" />
+
+
+	<!--	Not secured by server:
 					-->
+	<!--securecookie host="^\.netapp\.com$" name="^(ObSSOCookie|VISITORID)$" /-->
+	<!--securecookie host="^community\.netapp\.com$" name="^(LithiumUserInfo|LithiumUserSecure|LithiumVisitor)$" /-->
+	<!--securecookie host="^fieldportal\.netapp\.com$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^(forums|private-communities)\.netapp\.com$" name="^BIGipServer[\w.-]+$" /-->
+	<!--securecookie host="^forums\.netapp\.com$" name="^(jive\.login\.ts|jive\.security\.context)$" /-->
+	<!--securecookie host="^library\.netapp\.com$" name="^LTMD-COOKIE-LIBRARY-P80$" /-->
+	<!--securecookie host="^mysupport\.netapp\.com$" name="^(JSESSIONID_ESERVICE|LTMI-COOKIE-ESERVICE-P)$" /-->
+	<!--securecookie host="^(private-communities|signin)\.netapp\.com$" name="^JSESSIONID$" /-->
+	<!--securecookie host="^private-communities\.netapp\.com$" name="jive\.server\.info$" /-->
+	<!--securecookie host="^signin\.netapp\.com$" name="^(LTMD-COOKIE-SIGNIN-P443|ObFormLoginCookie)$" /-->
+
+	<securecookie host="^\.netapp\.com$" name="^VISITORID$" />
 	<securecookie host="^\w+\.netapp\.com$" name=".+" />
 
 
-	<!--	Server drops trailing slash:
-						-->
-	<rule from="^http://blogs\.netapp\.com/(\w+)/(\?.*)?$"
-		to="https://communities.netapp.com/community/netapp-blogs/$1$2" />
-
-	<rule from="^http://blogs\.netapp\.com/"
-		to="https://communities.netapp.com/community/netapp-blogs/" />
+	<rule from="^http://netapp\.com/"
+		to="https://www.netapp.com/" />
 
-	<rule from="^http://(communities|fast|fast-new|fieldportal|forums|learningcent(?:er|re)|login|now|services(?:-new)?|solutionconnection|support|tech)\.netapp\.com/"
-		to="https://$1.netapp.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/NetBSD.xml b/src/chrome/content/rules/NetBSD.xml
index e7ec88f44196..444a94119fcb 100644
--- a/src/chrome/content/rules/NetBSD.xml
+++ b/src/chrome/content/rules/NetBSD.xml
@@ -1,29 +1,31 @@
 <!--
-	Problematic subdomains:
+	Nonfunctional hosts in *netbsd.org:
 
-		- cvsweb *
-		- ftp **
-		- man		(shows another domain; expired 2008-05-22, mismatched, CN: www.gw.com)
-		- nxr **
-		- nyftp *
-
-	* Times out
-	** No https
-
-
-	Mixed images on blog from ftp
+		- cvsweb ¹
+		- www.jp ¹
+		- man ²
 
+	¹ Dropped
+	² Refused
 -->
-<ruleset name="NetBSD (partial)">
+<ruleset name="NetBSD.org (partial)">
 
 	<target host="netbsd.org" />
-	<target host="*.netbsd.org" />
+	<target host="www.netbsd.org" />
+	<target host="blog.netbsd.org" />
+	<target host="ftp.netbsd.org" />
+	<target host="gnats.netbsd.org" />
+	<target host="mail-index.netbsd.org" />
+	<target host="nxr.netbsd.org" />
+	<target host="nyftp.netbsd.org" />
+	<target host="releng.netbsd.org" />
+	<target host="wiki.netbsd.org" />
 
 
-	<securecookie host="^blog\.netbsd\.org$" name=".+" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^http://((?:blog|gnats|mail-index|releng|wiki|www)\.)?netbsd\.org/"
-		to="https://$1netbsd.org/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/NetBeans.xml b/src/chrome/content/rules/NetBeans.xml
index 6a5b9cc6c537..77dde912ec2a 100644
--- a/src/chrome/content/rules/NetBeans.xml
+++ b/src/chrome/content/rules/NetBeans.xml
@@ -1,32 +1,50 @@
 <!--
-	Other Oracle rulesets:
+	For other Oracle coverage, see Oracle.xml.
 
-		- MySQL.xml
-		- Oracle.xml
-		- Oracle-mismatches.xml
+	Refused:
+		- wiki.netbeans.org
 
+	SSL error:
+		- forums.netbeans.org
+		- plugins.netbeans.org
+		- services.netbeans.org
 
-	Nonfunctional subdomains:
-
-		- bits		(times out)
-		- edu		(cert: forums; displays planetnetbeans.org data)
-		- plugins	(times out)
-		- wiki		(ditto)
-		- (www.)	(cert: forums; displays planetnetbeans.org data)
-
-
-	See Oracle-mismatches for problematic rules.
+	HTTP =/= HTTPS:
+		- www.netbeans.org
 
+	Host contains a wildcard DNS record for project pages, but not all subdomains support HTTPS.
 -->
-<ruleset name="NetBeans (partial)">
-
-	<target host="forums.netbeans.org"/>
-
-
-	<securecookie host="^forums\.netbeans\.org$" name=".*"/>
-
-
-	<rule from="^http://forums\.netbeans\.org/"
-		to="https://forums.netbeans.org/"/>
-
+<ruleset name="NetBeans.org (partial)">
+	<target host="netbeans.org" />
+	<target host="www.netbeans.org" />
+	<target host="asset-0.netbeans.org" />
+	<target host="asset-1.netbeans.org" />
+	<target host="asset-2.netbeans.org" />
+	<target host="asset-3.netbeans.org" />
+	<target host="bits.netbeans.org" />
+	<target host="cnd.netbeans.org" />
+	<target host="core.netbeans.org" />
+	<target host="db.netbeans.org" />
+	<target host="download.netbeans.org" />
+	<target host="editor.netbeans.org" />
+	<target host="edu.netbeans.org" />
+	<target host="fr.netbeans.org" />
+	<target host="ja.netbeans.org" />
+	<target host="nblocalization.netbeans.org" />
+	<target host="performance.netbeans.org" />
+	<target host="php.netbeans.org" />
+	<target host="platform.netbeans.org" />
+	<target host="profiler.netbeans.org" />
+	<target host="soa.netbeans.org" />
+	<target host="ui.netbeans.org" />
+	<target host="versioncontrol.netbeans.org" />
+	<target host="web.netbeans.org" />
+	<target host="xml.netbeans.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://www\.netbeans\.org/"
+		to="https://netbeans.org/" />
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/NetBet.xml b/src/chrome/content/rules/NetBet.xml
new file mode 100644
index 000000000000..1ded0396c07b
--- /dev/null
+++ b/src/chrome/content/rules/NetBet.xml
@@ -0,0 +1,20 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://betnet.fr/ => https://betnet.fr/: (7, 'Failed to connect to betnet.fr port 443: Connection refused')
+Fetch error: http://www.betnet.fr/ => https://www.betnet.fr/: (7, 'Failed to connect to www.betnet.fr port 443: Connection refused')
+
+-->
+<ruleset name="NetBet" default_off="failed ruleset test">
+	<target host="betnet.fr" />
+	<target host="www.betnet.fr" />
+	<target host="m.netbet.fr" />
+	<target host="netbetsport.fr" />
+	<target host="www.netbetsport.fr" />
+
+	<securecookie host="^betnet\.fr$" name=".+" />
+	<securecookie host="^www\.betnet\.fr$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/NetClean.com.xml b/src/chrome/content/rules/NetClean.com.xml
new file mode 100644
index 000000000000..ce727c48babc
--- /dev/null
+++ b/src/chrome/content/rules/NetClean.com.xml
@@ -0,0 +1,35 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://netclean.com/ => https://netclean.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+	Problematic subdomains:
+
+		- blog *
+
+	* Works; mismatched, CN: *.azurewebsites.net
+
+
+	Mixed content:
+
+		- css on blog from fast.fonts.com ¹
+
+		- Images on blog from $self ²
+
+	¹ Secured by us
+	² Not secured by us <= mismatched
+
+-->
+<ruleset name="NetClean.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="netclean.com" />
+	<target host="my.netclean.com" />
+	<target host="www.netclean.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NetCologne.xml b/src/chrome/content/rules/NetCologne.xml
new file mode 100644
index 000000000000..c15df6dc6ccf
--- /dev/null
+++ b/src/chrome/content/rules/NetCologne.xml
@@ -0,0 +1,105 @@
+<!--NetCologne Gesellschaft für Telekommunikation mbH
+
+	Other NetCologne rulesets:
+
+		- DotCologne.de.xml
+
+	Cert expired:
+		- gk-shop
+		- hosting
+
+	Cert mismatch:
+		- ifr
+		- mg
+		- microsoft-hosting
+		- mirror2
+		- navigator
+		- partner
+		- prtg
+		- reg
+		- report
+		- vcp
+		- webcam
+		- webcluster01
+
+	Chain issues:
+		- cpbxlogin
+		- in-service
+		- ntmail
+		- owa
+		- sso-test
+		- vsm
+
+	Self-signed cert:
+		- cftp
+		- kftp
+
+	Timeout:
+		- netty
+		- speedtest
+		- plg
+		- merkur
+		- websitemakertest
+		- news
+		- sitestest[1-3]
+
+	TLS error:
+		- deny
+
+-->
+<ruleset name="NetCologne.de (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="netcologne.de" />
+	<target host="www.netcologne.de" />
+
+	<target host="aktion.netcologne.de" />
+	<target host="comcenter.netcologne.de" />
+	<target host="comcenter-test.netcologne.de" />
+	<target host="cpbxhilfe.netcologne.de" />
+	<target host="cpbxkalkulator.netcologne.de" />
+	<target host="cpbxshop.netcologne.de" />
+	<target host="fileservice.cnsrv.netcologne.de" />
+	<target host="debian.netcologne.de" />
+	<target host="einstellungen.netcologne.de" />
+	<target host="fb.netcologne.de" />
+	<target host="fcadmin.netcologne.de" />
+	<target host="fcdb.netcologne.de" />
+	<target host="fcdevadmin.netcologne.de" />
+	<target host="hilfe.netcologne.de" />
+	<target host="livechat.netcologne.de" />
+	<target host="mirror.netcologne.de" />
+	<target host="mobilshop.netcologne.de" />
+	<target host="musicbox.netcologne.de" />
+	<target host="netkompakt-fuer-mitarbeiter.netcologne.de" />
+	<target host="netkompakt.netcologne.de" />
+	<target host="nettv.netcologne.de" />
+	<target host="onlineservice.netcologne.de" />
+	<target host="planauskunft.netcologne.de" />
+	<target host="webmail.schulen.netcologne.de" />
+	<target host="secure.netcologne.de" />
+	<target host="shop.netcologne.de" />
+	<target host="sourceforge.netcologne.de" />
+	<target host="sso.netcologne.de" />
+	<target host="statistik.netcologne.de" />
+	<target host="view.netcologne.de" />
+	<target host="vpnj-fttb.netcologne.de" />
+	<target host="vpnj-nmc.netcologne.de" />
+	<target host="vpnj-saprov.netcologne.de" />
+	<target host="vpnjb-pg-iv.netcologne.de" />
+	<target host="vpnjb-pg-office.netcologne.de" />
+	<target host="wartung.netcologne.de" />
+	<target host="webmanager-cp.netcologne.de" />
+	<target host="webshop.netcologne.de" />
+	<target host="websitemaker.netcologne.de" />
+	<target host="wgc.netcologne.de" />
+	<target host="wwwftp.netcologne.de" />
+	<target host="wwwstaging.netcologne.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NetDNA.xml b/src/chrome/content/rules/NetDNA.xml
index eeec378dccf5..0ef9e24de297 100644
--- a/src/chrome/content/rules/NetDNA.xml
+++ b/src/chrome/content/rules/NetDNA.xml
@@ -1,60 +1,91 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://hddn.com/ => https://hddn.com/: (51, "SSL: no alternative certificate subject name matches target host name 'hddn.com'")
+Fetch error: http://login.hddn.com/ => https://login.hddn.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.hddn.com/ => https://www.hddn.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.hddn.com'")
+Fetch error: http://blog.netdna.com/ => https://blog.netdna.com/: (51, "SSL: no alternative certificate subject name matches target host name 'blog.netdna.com'")
+Fetch error: http://cp.netdna.com/ => https://cp.netdna.com/: (51, "SSL: no alternative certificate subject name matches target host name 'cp.netdna.com'")
+Fetch error: http://cp3support.netdna.com/ => https://cp3support.netdna.com/: (51, "SSL: no alternative certificate subject name matches target host name 'cp3support.netdna.com'")
+Fetch error: http://developer.netdna.com/ => https://developer.netdna.com/: (28, 'Connection timed out after 20014 milliseconds')
+Fetch error: http://login.netdna.com/ => https://login.netdna.com/: (28, 'Connection timed out after 20006 milliseconds')
+Fetch error: http://status.netdna.com/ => https://status.netdna.com/: (51, "SSL: no alternative certificate subject name matches target host name 'status.netdna.com'")
+Fetch error: http://support.netdna.com/ => https://support.netdna.com/: (51, "SSL: no alternative certificate subject name matches target host name 'support.netdna.com'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://hddn.com/ => https://hddn.com/: (51, "SSL: no alternative certificate subject name matches target host name 'hddn.com'")
+
+	For other MaxCDN coverage, see MaxCDN.com.xml.
+
+
 	Other NetDNA rulesets:
 
 		- BootstrapCDN.xml
+		- Netdna-ssl.com.xml
 
 
 	CDN buckets:
 
 		- s3.amazonaws.com/cdx-radar/
 
-		- maxcdn.wpengine.netdna-cdn.com
-
-			- maxcdn-wpengine.netdna-ssl.com doesn't exist
-
 
 	Nonfunctional domains:
 
-		- www.maxcdn.com	(moved to wpengine CDN and so broke)
 		- feedback.netdna.com	(prints "It works!", CN: squeeze)
 		- resources.netdna.com	(redirects to app-l.marketo.com)
 
+
+	Problematic hosts in *netdna.com:
+
+		- (www.)? ʰ
+
+	ʰ WP Engine / redirects to http
+
 -->
-<ruleset name="NetDNA (partial)">
+<ruleset name="NetDNA (partial)" default_off="failed ruleset test">
 
 	<target host="hddn.com" />
-	<target host="*.hddn.com" />
-	<target host="*.maxcdn.com" />
+	<target host="login.hddn.com" />
+	<target host="www.hddn.com" />
+
+	<target host="blog.netdna.com" />
+	<target host="cp.netdna.com" />
+	<target host="cp3support.netdna.com" />
+	<target host="developer.netdna.com" />
+	<target host="login.netdna.com" />
+	<target host="rws.netdna.com" />
+	<target host="status.netdna.com" />
+	<target host="support.netdna.com" />
+
+	<!--	Complications:
+				-->
 	<target host="netdna.com" />
-	<target host="*.netdna.com" />
+	<target host="www.netdna.com" />
+
 	<target host="netdnasite.wpengine.netdna-cdn.com" />
-	<target host="*.netdna-ssl.com" />
 
 
-	<securecookie host="^login\.(?:hd|maxc)dn\.com$" name=".+" />
-	<securecookie host="^maxcdn\.com$" name=".+" />
-	<securecookie host="^.+\.netdna\.com$" name=".+" />
+	<securecookie host="^login\.hddn\.com$" name=".+" />
+	<securecookie host=".\.netdna\.com$" name=".+" />
 
 
 	<rule from="^http://(login\.|www\.)?hddn\.com/"
 		to="https://$1hddn.com/" />
 
-	<rule from="^http://blog\.maxcdn\.com/wp-content/plugins/lytebox/"
-		to="https://www.maxcdn.com/wp-content/plugins/lytebox/" />
-
-	<rule from="^http://blog\.maxcdn\.com/wp-content/themes/Akdesigner2/"
-		to="https://www.maxcdn.com/wp-content/themes/AKD2/" />
-
-	<rule from="^http://secure\.maxcdn\.com/"
-		to="https://secure.maxcdn.com/" />
+	<!--	Redirect drops path and forward slash:
+							-->
+	<rule from="^http://(?:www\.)?netdna\.com/[^?]*\??$"
+		to="https://www.maxcdn.com/?ref=netdna" />
 
-	<rule from="^http://((?:blog|cp|developer|login|rws|status|(?:cp3)?support|www)\.)?netdna\.com/"
-		to="https://$1netdna.com/" />
+	<!--	...but not args:
+				-->
+	<rule from="^http://(?:www\.)?netdna\.com/[^?]*\?"
+		to="https://www.maxcdn.com/?ref=netdna&amp;" />
 
-	<rule from="^https?://netdnasite\.wpengine\.netdna-cdn\.com/"
-		to="https://www.netdna.com/" />
+	<rule from="^http://netdnasite\.wpengine\.netdna-cdn\.com/"
+		to="https://www.maxcdn.com/" />
 
-	<rule from="^http://([\w-]+)\.netdna-ssl\.com/"
-		to="https://$1.netdna-ssl.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/NetEase.com.xml b/src/chrome/content/rules/NetEase.com.xml
new file mode 100644
index 000000000000..42580d3ab925
--- /dev/null
+++ b/src/chrome/content/rules/NetEase.com.xml
@@ -0,0 +1,73 @@
+<!--
+	Related:
+		NetEase.im.xml
+
+	Mismatch:
+		^netease.com
+		www.netease.com
+		app.netease.com
+		dtws.netease.com
+		dtws2.netease.com
+		g5.gdl.netease.com
+		ma3.gdl.netease.com		https://ma3.gdl.netease.com/ninja2_101_netease.apk
+		f.mgame.netease.com
+		f.my.netease.com
+		res.nie.netease.com		https://res.nie.netease.com/comm/NIE_copyRight/images/nie.2.png
+		api.perf.netease.com
+		qn2.netease.com
+		app-down.x.netease.com	https://app-down.x.netease.com/download/game/yzr/channel/gw
+		xqn.netease.com
+-->
+
+<ruleset name="NetEase.com">
+	<target host="f.mgame.netease.com" />
+	<rule from="^http://f\.mgame\.netease\.com/" to="https://mgame-f.netease.com/" />
+		<test url="http://f.mgame.netease.com/forum/201605/11/230902s3cc5arieprveuv7.gif" />
+
+	<target host="f.my.netease.com" />
+	<rule from="^http://f\.my\.netease\.com/" to="https://my-f.netease.com/" />
+		<test url="http://f.my.netease.com/forum/month_1504/1504112159c01119d677545d25.png" />
+
+	<target host="adl.netease.com" />
+	<target host="apm.netease.com" />
+	<target host="art.netease.com" />
+	<target host="mov.bn.netease.com" />
+		<test url="http://mov.bn.netease.com/open-movie/nos/mp4/2015/03/25/SAKK9JTE7_sd.m3u8" />
+	<target host="img1.cache.netease.com" />
+		<test url="http://img1.cache.netease.com/cnews/netease/logo_w.gif" />
+		<test url="http://img1.cache.netease.com/common/script/wrating.js" />
+	<target host="img2.cache.netease.com" />
+	<target host="img3.cache.netease.com" />
+	<target host="img4.cache.netease.com" />
+	<target host="img5.cache.netease.com" />
+	<target host="img6.cache.netease.com" />
+	<target host="c.cotton.netease.com" />
+	<target host="rev.da.netease.com" />
+	<target host="wr.da.netease.com" />
+		<test url="http://wr.da.netease.com/ga.js" />
+	<target host="f.cc.netease.com" />
+	<target host="video.cc.netease.com" />
+	<target host="vodcover.cc.netease.com" />
+		<test url="http://vodcover.cc.netease.com/hdg1-cc-vodweb4/cover/mobile_game_capture/2017/0315/58c8c846e7e0050f56c8fe50.jpg" />
+	<target host="cc-f.netease.com" />
+	<target host="cc-uc.netease.com" />
+	<target host="g4.gdl.netease.com" />
+	<target host="g6.gdl.netease.com" />
+	<target host="wscs.gdl.netease.com" />
+	<target host="xym.gdl.netease.com" />
+	<target host="yx.gdl.netease.com" />
+	<target host="mam.netease.com" />
+		<test url="http://mam.netease.com/beacons/resources" />
+		<test url="http://mam.netease.com/data" />
+	<target host="mgame-f.netease.com" />
+	<target host="my.netease.com" />
+		<test url="http://my.netease.com/zt/js/swiper.js" />
+	<target host="my-f.netease.com" />
+	<target host="nos.netease.com" />
+	<target host="qnm-f.netease.com" />
+	<target host="cc.fp.ps.netease.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/NetEase.im.xml b/src/chrome/content/rules/NetEase.im.xml
new file mode 100644
index 000000000000..54c0b674a608
--- /dev/null
+++ b/src/chrome/content/rules/NetEase.im.xml
@@ -0,0 +1,23 @@
+<!--
+	Related:
+		NetEase.com.xml
+
+	MCB:
+		bbs.netease.im
+
+	Redirect to http:
+		^netease.im
+		www.netease.im
+
+	Strange travis error:
+		dev.netease.im	( May be resolved to different IPs and the servers are not configured the same. )
+-->
+
+<ruleset name="NetEase.im (partial)">
+	<target host="app.netease.im" />
+	<target host="lbs.netease.im" />
+
+	<securecookie host="^\w" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/NetFORUMpro.com.xml b/src/chrome/content/rules/NetFORUMpro.com.xml
index 720dd6d2bdda..7c9c4d2eb5c3 100644
--- a/src/chrome/content/rules/NetFORUMpro.com.xml
+++ b/src/chrome/content/rules/NetFORUMpro.com.xml
@@ -8,13 +8,13 @@
 <ruleset name="netFORUMpro.com">
 
 	<target host="netforumpro.com" />
-	<target host="*.netforumpro.com" />
+	<target host="prous01.netforumpro.com" />
+	<target host="www.netforumpro.com" />
 
 
 	<securecookie host="^(?:prous01\.|www\.)?netforumpro\.com$" name=".+" />
 
 
-	<rule from="^http://(prous01\.|www\.)?netforumpro\.com/"
-		to="https://$1netforumpro.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/NetFronts-mismatches.xml b/src/chrome/content/rules/NetFronts-mismatches.xml
index 736bee6cf4b3..7c3f777cba94 100644
--- a/src/chrome/content/rules/NetFronts-mismatches.xml
+++ b/src/chrome/content/rules/NetFronts-mismatches.xml
@@ -2,17 +2,18 @@
 	For rules that are on by default, see NetFronts.xml.
 
 -->
-<ruleset name="NetFronts (mismatches)" default_off="mismatch">
+<ruleset name="NetFronts (mismatches)" default_off="mismatched">
 
 	<!--	Cert: *.hosting-advantage.com	-->
 	<target host="netfronts.com" />
-	<target host="*.netfronts.com" />
+	<target host="support.netfronts.com" />
+	<target host="www.netfronts.com" />
 
 
-	<securecookie host="^.*\.netfronts\.com$" name=".*" />
+	<securecookie host="^.*\.netfronts\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:(support\.)|www\.)?netfronts\.com/"
+	<rule from="^http://(?:(support\.)|www\.)?netfronts\.com/"
 		to="https://$1netfronts.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/NetFronts.xml b/src/chrome/content/rules/NetFronts.xml
index 590dcf4c6074..42aa6ec42071 100644
--- a/src/chrome/content/rules/NetFronts.xml
+++ b/src/chrome/content/rules/NetFronts.xml
@@ -1,4 +1,14 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://hosting-advantage.com/ => https://hosting-advantage.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+-->
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://hosting-advantage.com/ => https://hosting-advantage.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
 	For problematic rules, see NetFronts-mismatches.xml.
 
 
@@ -8,13 +18,13 @@
 		- (www.)web-hsoting.com	(ditto)
 
 -->
-<ruleset name="NetFronts (partial)">
+<ruleset name="NetFronts (partial)" default_off="failed ruleset test">
 
 	<target host="hosting-advantage.com" />
 	<target host="*.hosting-advantage.com" />
 
 
-	<securecookie host="^order\.hosting-advantage\.com$" name=".*" />
+	<securecookie host="^order\.hosting-advantage\.com$" name=".+" />
 
 
 	<!--	Observed subdomains:
diff --git a/src/chrome/content/rules/NetGo.hu.xml b/src/chrome/content/rules/NetGo.hu.xml
index ae95f0357330..93c681dabfa3 100644
--- a/src/chrome/content/rules/NetGo.hu.xml
+++ b/src/chrome/content/rules/NetGo.hu.xml
@@ -2,5 +2,5 @@
 	<target host="www.netgo.hu" />
 
 	<securecookie host="^www\.netgo\.hu$" name=".+" />
-	<rule from="^http://www\.netgo\.hu/" to="https://www.netgo.hu/" />
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/NetHack.org.xml b/src/chrome/content/rules/NetHack.org.xml
new file mode 100644
index 000000000000..cdf6ebe2f35e
--- /dev/null
+++ b/src/chrome/content/rules/NetHack.org.xml
@@ -0,0 +1,16 @@
+<!--
+	Mismatched:
+		- ns1
+		- mail3
+-->
+<ruleset name="NetHack.org">
+	<target host="nethack.org" />
+	<target host="www.nethack.org" />
+	<target host="ww2.nethack.org" />
+	<target host="rodney.nethack.org" />
+	<target host="mail1.nethack.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/NetIQ.xml b/src/chrome/content/rules/NetIQ.xml
index a99955333aff..c40b23f80bd8 100644
--- a/src/chrome/content/rules/NetIQ.xml
+++ b/src/chrome/content/rules/NetIQ.xml
@@ -1,30 +1,53 @@
 <!--
-	For other Attachmate Group coverage, see Attachmate-Group.xml.
+	For other Micro Focus coverage, see Micro_Focus.com.xml.
 
 
 	Nonfunctional subdomains:
 
-		- community	(refused)
+		- community *
+
+	* Refused
 
 
 	Problematic subdomains:
 
-		- ^	(refused)
+		- ^ *
+
+	* Refused
+
+
+	Fully covered subdomains:
+
+		- (www.)?	(^ → www)
+		- forums
+
+
+	Insecure cookies are set for these domains:
+
+		- .netiq.com
 
 -->
-<ruleset name="NetIQ (partial)" platform="mixedcontent">
+<ruleset name="NetIQ.com (partial)">
 
 	<target host="netiq.com" />
-	<target host="*.netiq.com" />
+	<target host="forums.netiq.com" />
+	<target host="www.netiq.com" />
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.netiq\.com$" name="^(ZNCQ\d{3}-\d{8}|bb_sessionhash|lb_netiq)$" /-->
 
 	<securecookie host="^(?:www)?\.netiq\.com$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?netiq\.com/"
+	<!--	Redirect keeps forward slash,
+		path, and args:
+					-->
+	<rule from="^http://netiq\.com/"
 		to="https://www.netiq.com/" />
 
-	<rule from="^http://forums\.netiq\.com/"
-		to="https://forums.netiq.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/NetLib.re.xml b/src/chrome/content/rules/NetLib.re.xml
new file mode 100644
index 000000000000..90251fcf336f
--- /dev/null
+++ b/src/chrome/content/rules/NetLib.re.xml
@@ -0,0 +1,6 @@
+<ruleset name="NetLib.re">
+    <target host="netlib.re" />
+    <target host="www.netlib.re" />
+
+    <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/NetMarketShare.xml b/src/chrome/content/rules/NetMarketShare.xml
index 993f6e1b3f1a..8fabc5e1000d 100644
--- a/src/chrome/content/rules/NetMarketShare.xml
+++ b/src/chrome/content/rules/NetMarketShare.xml
@@ -1,17 +1,17 @@
-<!--
-	!www: mismatched
-
--->
-<ruleset name="NetMarketShare">
+<ruleset name="NetMarketShare.com">
 
 	<target host="netmarketshare.com" />
 	<target host="www.netmarketshare.com" />
 
 
-	<securecookie host="^www\.netmarketshare\.com$" name=".+" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?netmarketshare\.com$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?netmarketshare\.com/"
-		to="https://www.netmarketshare.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/NetMediaEurope.xml b/src/chrome/content/rules/NetMediaEurope.xml
index 6fb1c7d0c525..a5350c6479c7 100644
--- a/src/chrome/content/rules/NetMediaEurope.xml
+++ b/src/chrome/content/rules/NetMediaEurope.xml
@@ -17,15 +17,14 @@
 		techweekeurope.co.uk			(plesk default page)
 		www.techweekeurope.co.uk		(reset)
 		theinquirer.fr				(cert: plesk; pages redirect to www)
-		
+
 
 -->
 <ruleset name="NetMediaEurope" default_off="expired, mismatch">
-
-	<target host="quiz.itespresso.fr"/>
 	<!--	plesk	-->
 	<target host="itespresso.fr"/>
-	<target host="*.itespresso.fr"/>
+	<target host="www.itespresso.fr" />
+	<target host="quiz.itespresso.fr" />
 	<target host="netmediaeurope.co.uk"/>
 	<target host="www.netmediaeurope.co.uk"/>
 	<target host="netmediaeurope.fr"/>
@@ -38,8 +37,8 @@
 	<target host="theinquirer.fr"/>
 	<target host="www.theinquirer.fr"/>
 
-	<securecookie host="^quiz\.itespresso\.fr$" name=".*"/>
-	<securecookie host="^resourcecentre\.techweekeurope\.co\.uk$" name=".*"/>
+	<securecookie host="^quiz\.itespresso\.fr$" name=".+" />
+	<securecookie host="^resourcecentre\.techweekeurope\.co\.uk$" name=".+" />
 
 	<!-- !www pages redirect to www	-->
 	<rule from="^http://(?:www\.)?(itespresso|silicon|theinquirer)\.fr/(favicon\.ico|wp-(?:content|includes)/)"
@@ -63,4 +62,4 @@
 		to="https://techweekeurope.fr/"/>
 
 </ruleset>
-		
+
diff --git a/src/chrome/content/rules/NetMile.co.jp.xml b/src/chrome/content/rules/NetMile.co.jp.xml
new file mode 100644
index 000000000000..90da3a79dfe9
--- /dev/null
+++ b/src/chrome/content/rules/NetMile.co.jp.xml
@@ -0,0 +1,23 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.netmile.co.jp/ => https://www.netmile.co.jp/: Too many redirects while fetching 'https://www.netmile.co.jp/'
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.netmile.co.jp/ => https://www.netmile.co.jp/: (28, 'Operation timed out after 0 milliseconds with 0 out of 0 bytes received')
+	^netmile.co.jp doesn't exist.
+
+-->
+<ruleset name="NetMile.co.jp" default_off="failed ruleset test">
+
+	<target host="www.netmile.co.jp" />
+
+
+	<!--	Server doesn't set Secure for:
+						-->
+	<securecookie host="^www\.netmile\.co\.jp$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NetNewsCheck.com.xml b/src/chrome/content/rules/NetNewsCheck.com.xml
new file mode 100644
index 000000000000..c90d8ce17a48
--- /dev/null
+++ b/src/chrome/content/rules/NetNewsCheck.com.xml
@@ -0,0 +1,59 @@
+<!--
+	For other NewsCheckMedia coverage, see Newscheckmedia.com.xml.
+
+
+	Problematic hosts in *netnewscheck.com:
+
+		- ^ ᵐ
+		- assets ʳ
+
+	ᵐ Mismatched
+	ʳ Refused
+
+-->
+<ruleset name="NetNewsCheck.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.netnewscheck.com" />
+
+	<!--	Complications:
+				-->
+	<target host="netnewscheck.com" />
+	<target host="assets.netnewscheck.com" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.netnewscheck\.com/(?:article/\d+/[\w-]+$|contact$|member/(?:login|register|reset)$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://(?:www\.)?netnewscheck\.com/+(?!images/|resource/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.netnewscheck.com/article/46189/kptv-rules-social-portland" />
+			<test url="http://www.netnewscheck.com/contact" />
+			<test url="http://www.netnewscheck.com/member/login" />
+			<test url="http://www.netnewscheck.com/member/register" />
+			<test url="http://www.netnewscheck.com/member/reset" />
+			<test url="http://www.netnewscheck.com/sso/index/response-handler?sid=&amp;request=&amp;sig=" />
+
+			<!--	-ve:
+					-->
+			<test url="http://netnewscheck.com/images/icons/mail.png" />
+			<test url="http://www.netnewscheck.com/resource/css/r/e98db184ab2119a0a50a36d052994e0f_1432233109.css" />
+
+
+	<rule from="^http://netnewscheck\.com/"
+		to="https://www.netnewscheck.com/" />
+
+	<rule from="^http://assets\.netnewscheck\.com/"
+		to="https://secure.newscheckmedia.com/" />
+
+		<test url="http://assets.netnewscheck.com/sites/netnewscheck/images/article/toolbar-bkgd.png" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NetPR.xml b/src/chrome/content/rules/NetPR.xml
index f78c0d79b27a..18553f0858d3 100644
--- a/src/chrome/content/rules/NetPR.xml
+++ b/src/chrome/content/rules/NetPR.xml
@@ -10,10 +10,9 @@
 	<target host="secure.netpr.pl"/>
 
 
-	<securecookie host="^secure\.netpr\.pl$" name=".*"/>
+	<securecookie host="^secure\.netpr\.pl$" name=".+" />
 
 
-	<rule from="^http://secure\.netpr\.pl/"
-		to="https://secure.netpr.pl/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/NetPivotal.xml b/src/chrome/content/rules/NetPivotal.xml
deleted file mode 100644
index 7dc18fc4b20e..000000000000
--- a/src/chrome/content/rules/NetPivotal.xml
+++ /dev/null
@@ -1,32 +0,0 @@
-<!--
-	Problematic domains:
-
-		- netpivotal.co.uk *
-		- netpivotal.com *
-		- netpivotal.eu *
-
-	* Cert only matches www
-
-
-	Mixed images on com & eu from www.comparewebhosts.com
-
--->
-<ruleset name="NetPivotal">
-
-	<target host="netpivotal.*" />
-	<target host="netpivotal.co.uk" />
-	<target host="www.netpivotal.co.uk" />
-	<target host="*.netpivotal.com" />
-	<target host="www.netpivotal.eu" />
-
-
-	<securecookie host="^www\.netpivotal\.(?:co\.uk|com|eu)$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?netpivotal\.(co\.uk|com|eu)/"
-		to="https://www.netpivotal.$1/" />
-
-	<rule from="^http://alpha\.netpivotal\.com/"
-		to="https://alpha.netpivotal.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/NetS.ec.xml b/src/chrome/content/rules/NetS.ec.xml
new file mode 100644
index 000000000000..9427d4aa39a6
--- /dev/null
+++ b/src/chrome/content/rules/NetS.ec.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .nets.ec
+
+-->
+<ruleset name="NetS.ec">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="nets.ec" />
+	<target host="www.nets.ec" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.nets\.ec$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.nets\.ec$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NetSPI.com.xml b/src/chrome/content/rules/NetSPI.com.xml
new file mode 100644
index 000000000000..a7c3f2f063ff
--- /dev/null
+++ b/src/chrome/content/rules/NetSPI.com.xml
@@ -0,0 +1,36 @@
+<!--
+	Fully covered subdomains:
+
+		- (www.)?
+		- blog
+		- correlatedvm
+
+
+	Insecure cookies are set for these domains:
+
+		- netspi.com
+		- www.netspi.com
+
+-->
+<ruleset name="NetSPI.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="netspi.com" />
+	<target host="blog.netspi.com" />
+	<target host="correlatedvm.netspi.com" />
+	<target host="www.netspi.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?netspi\.com$" name="^um_IsMobile" /-->
+	<!--securecookie host="^www\.netspi\.com$" name="^(\.ASPXANONYMOUS|ASP\.NET_SessionId|language)$" /-->
+
+	<securecookie host="^(?:www\.)?netspi\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NetSeer.xml b/src/chrome/content/rules/NetSeer.xml
deleted file mode 100644
index f41eccab4142..000000000000
--- a/src/chrome/content/rules/NetSeer.xml
+++ /dev/null
@@ -1,29 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- ^	(404; mismatched, CN: google.com)
-		- www	(refused)
-
--->
-<ruleset name="NetSeer">
-
-	<target host="*.netseer.com" />
-
-
-	<!--	Wildcard cookies set by tracking beacons:
-								-->
-	<securecookie host="^\.netseer\.com$" name="^netseer_v3_(?:gp|vi)$" />
-	<securecookie host="^pixel\.netseer\.com$" name=".+" />
-
-
-	<!--	Tracking beacon.	-->
-	<rule from="^http://(cmi|pixel)\.netseer\.com/"
-		to="https://$1.netseer.com/" />
-
-	<!--	- Cert only matches (www.)leadback
-		- Data appear identical
-				-->
-	<rule from="^https?://(?:cl|contextlinks|leadback|media|staging)\.netseer\.com/"
-		to="https://leadback.netseer.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/NetShelter.xml b/src/chrome/content/rules/NetShelter.xml
index 81df5cfd428d..556e7202b3e8 100644
--- a/src/chrome/content/rules/NetShelter.xml
+++ b/src/chrome/content/rules/NetShelter.xml
@@ -1,23 +1,36 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ad.netshelter.net/ => https://ad.netshelter.net/: (6, 'Could not resolve host: ad.netshelter.net')
+
+	CDN buckets:
+
+		- s3.amazonaws.com/track.netshelter.net/
+		- track.nsredirector.com.s3.amazonaws.com
+
+			- track.netshelter.net
+
+
 	Nonfunctional domains:
 
 		- (www.)netshelter.com
 		- (www.)netshelter.net
 
-
-	Problematic domains:
-
-		- ad[1-5].netshelter.net	(no https)
 -->
-<ruleset name="NetShelter (partial)">
-
-	<target host="*.netshelter.net" />
+<ruleset name="NetShelter (partial)" default_off="failed ruleset test">
 
+	<!--	Direct rewrites:
+				-->
+	<target host="ad.netshelter.net" />
+	<target host="ad1.netshelter.net" />
+	<target host="ad2.netshelter.net" />
+	<target host="ad3.netshelter.net" />
+	<target host="ad4.netshelter.net" />
+	<target host="ad5.netshelter.net" />
+	<target host="track.netshelter.net" />
 
-	<rule from="^http://ad\d\.netshelter\.net/"
-		to="https://ad.doubleclick.net/" />
 
-	<rule from="^https?://track\.netshelter\.net/"
-		to="https://s3.amazonaws.com/track.netshelter.net/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/NetSuite.com.xml b/src/chrome/content/rules/NetSuite.com.xml
new file mode 100644
index 000000000000..b5e92111caa2
--- /dev/null
+++ b/src/chrome/content/rules/NetSuite.com.xml
@@ -0,0 +1,46 @@
+<!--
+	Nonfunctional subdomains:
+
+		- ^ ¹
+		- shopping ¹
+		- www ²
+
+	¹ Dropped
+	² 503, akamai
+
+
+	Insecure cookies are set for these domains:
+
+		- .netsuite.com
+		- checkout.netsuite.com
+		- .checkout.netsuite.com
+		- forms.netsuite.com
+		- .forms.netsuite.com
+		- .system.netsuite.com
+
+-->
+<ruleset name="NetSuite.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="checkout.netsuite.com" />
+	<target host="forms.netsuite.com" />
+	<target host="system.netsuite.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.netsuite\.com$" name="^mbox$" /-->
+	<!--securecookie host="^checkout\.netsuite\.com$" name="^JSESSIONID$" /-->
+	<!--securecookie host="^\.checkout\.netsuite\.com$" name="^(NLShopperId|NLVisitorId|NS_VER|gc)$" /-->
+	<!--securecookie host="^forms\.netsuite\.com$" name="^JSESSIONID$" /-->
+	<!--securecookie host="^\.forms\.netsuite\.com$" name="^NS_VER$" /-->
+	<!--securecookie host="^\.system\.netsuite\.com$" name="^country$" /-->
+
+	<securecookie host="^\.?(?:checkout|forms|system)\.netsuite\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Net_Index.xml b/src/chrome/content/rules/Net_Index.xml
index 9aa7f82c85e1..f9aeccc0e42d 100644
--- a/src/chrome/content/rules/Net_Index.xml
+++ b/src/chrome/content/rules/Net_Index.xml
@@ -11,10 +11,11 @@
 <ruleset name="Ookla" default_off="mismatched">
 
 	<target host="netindex.com" />
-	<target host="*.netindex.com" />
+	<target host="cdn.netindex.com" />
+	<target host="www.netindex.com" />
 
 
 	<rule from="^http://(?:cdn\.|www\.)?netindex\.com/"
 		to="https://netindex.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Net_Mobile.xml b/src/chrome/content/rules/Net_Mobile.xml
index 176a7b505a79..24c8bfdb478c 100644
--- a/src/chrome/content/rules/Net_Mobile.xml
+++ b/src/chrome/content/rules/Net_Mobile.xml
@@ -3,7 +3,6 @@
 	<target host="ssl.net-m.net" />
 
 
-	<rule from="^http://ssl\.net-m\.net/"
-		to="https://ssl.net-m.net/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Net_Mundial.net.xml b/src/chrome/content/rules/Net_Mundial.net.xml
new file mode 100644
index 000000000000..390f7a8cd39e
--- /dev/null
+++ b/src/chrome/content/rules/Net_Mundial.net.xml
@@ -0,0 +1,23 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://netmundial.net/ => https://netmundial.net/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.netmundial.net/ => https://www.netmundial.net/: (28, 'Connection timed out after 20000 milliseconds')
+
+-->
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://netmundial.net/ => https://netmundial.net/: (6, 'Could not resolve host: netmundial.net')
+Fetch error: http://www.netmundial.net/ => https://www.netmundial.net/: (6, 'Could not resolve host: www.netmundial.net')
+
+-->
+<ruleset name="Net Mundial.net" default_off="failed ruleset test">
+
+	<target host="netmundial.net" />
+	<target host="www.netmundial.net" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Net_Nanny.xml b/src/chrome/content/rules/Net_Nanny.xml
index 2a295b824686..1bdba99aba7f 100644
--- a/src/chrome/content/rules/Net_Nanny.xml
+++ b/src/chrome/content/rules/Net_Nanny.xml
@@ -1,13 +1,27 @@
-<ruleset name="Net Nanny">
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.netnanny.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Net Nanny.com">
 
 	<target host="netnanny.com" />
+	<target host="admin.netnanny.com" />
 	<target host="www.netnanny.com" />
 
 
-	<securecookie host="^(?:www\.)?netnanny\.com$" name=".+" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.netnanny\.com$" name="^(?:PHPSESSID|mid|pid)$" /-->
+
+	<securecookie host="^\." name="_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^http://(www\.)?netnanny\.com/"
-		to="https://$1netnanny.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Net_Semi.xml b/src/chrome/content/rules/Net_Semi.xml
index f37d6d9a8e5f..d4258762a822 100644
--- a/src/chrome/content/rules/Net_Semi.xml
+++ b/src/chrome/content/rules/Net_Semi.xml
@@ -1,11 +1,7 @@
-<!--
-	www: 403
-
--->
-<ruleset name="Net Semi">
+<ruleset name="Net Semi.com" default_off="404">
 
 	<target host="netsemi.com" />
-	<target host="*.netsemi.com" />
+	<target host="www.netsemi.com" />
 
 
 	<securecookie host="^\.?netsemi\.com$" name=".+" />
@@ -14,4 +10,4 @@
 	<rule from="^http://(?:www\.)?netsemi\.com/"
 		to="https://netsemi.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Netbank.de.xml b/src/chrome/content/rules/Netbank.de.xml
index ba8ef5bcb3bf..ebab734ff4e7 100644
--- a/src/chrome/content/rules/Netbank.de.xml
+++ b/src/chrome/content/rules/Netbank.de.xml
@@ -1,11 +1,6 @@
 <!--
 	netbank AG
 
-
-	Problematic subdomains:
-
-		- ^	(works, cert only matches www)
-
 -->
 <ruleset name="netbank.de">
 
@@ -13,10 +8,10 @@
 	<target host="www.netbank.de" />
 
 
-	<securecookie host="^www\.netbank\.de$" name=".+" />
+	<securecookie host="^(?:www\.)?netbank\.de$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?netbank\.de/"
-		to="https://www.netbank.de/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Netbeat-Webmail.xml b/src/chrome/content/rules/Netbeat-Webmail.xml
index 7658069db53c..2e1c2acd12f2 100644
--- a/src/chrome/content/rules/Netbeat-Webmail.xml
+++ b/src/chrome/content/rules/Netbeat-Webmail.xml
@@ -1,6 +1,24 @@
-<ruleset name="Netbeat Webmail">
+<!--
+	Insecure cookies are set for these hosts:
+
+		- netbeat.de
+		- www.netbeat.de
+
+-->
+<ruleset name="Netbeat.de">
   <target host="netbeat.de" />
   <target host="www.netbeat.de" />
 
-  <rule from="^http://(www\.)?netbeat\.de/webmail/" to="https://www.netbeat.de/webmail/"/>
+		<test url="http://www.netbeat.de/webmail/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?netbeat\.de$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^(?:www\.)?netbeat\.de$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Netbynet.ru.xml b/src/chrome/content/rules/Netbynet.ru.xml
new file mode 100644
index 000000000000..18e26abad07d
--- /dev/null
+++ b/src/chrome/content/rules/Netbynet.ru.xml
@@ -0,0 +1,52 @@
+<!--(www.)? different content
+b2b. different content
+corp. different content
+lbn. different content
+ramensk. different content
+belgorod. different content
+oskol. different content
+gubkin. different content
+vologda. different content
+cherepovec. different content
+vrn. different content
+eburg. different content
+kaliningrad. different content
+krd. different content
+kursk. different content
+kurchatov. different content
+lipetsk. different content
+murmansk. different content
+novgorod. different content
+n-urengoy. different content
+orel. different content
+mtsensk. different content
+stavropol. different content
+spb. different content
+slavyanka. different content
+lenobl. different content
+tver. different content
+shop. different content
+help. different content
+nht. different content
+kalitva. different content
+rostov. different content
+volgodonsk. different content
+serpuhov. different content
+newstat. different content
+safekids. mismatch
+podpiska. mismatch
+forum. expired
+retracker. refused
+kursk.shop. mismatch
+ugra.shop. mismatch
+vrn.shop. mismatch
+murmansk.shop. mismatch
+bel.shop. mismatch
+www.481185.forum. expired
+cheb.shop. mismatch-->
+<ruleset name="Netbynet.ru (partial)">
+	<target host="stat.netbynet.ru" />
+	<target host="selfcare.netbynet.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Netcloude.cz.xml b/src/chrome/content/rules/Netcloude.cz.xml
new file mode 100644
index 000000000000..f4c771268eae
--- /dev/null
+++ b/src/chrome/content/rules/Netcloude.cz.xml
@@ -0,0 +1,14 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://netcloude.cz/ => https://netcloude.cz/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.netcloude.cz/ => https://www.netcloude.cz/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="Netcloude.cz" default_off="failed ruleset test">
+    <target host="netcloude.cz" />
+    <target host="www.netcloude.cz" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Netdev01.org.xml b/src/chrome/content/rules/Netdev01.org.xml
new file mode 100644
index 000000000000..39e1f0aab3cb
--- /dev/null
+++ b/src/chrome/content/rules/Netdev01.org.xml
@@ -0,0 +1,13 @@
+<ruleset name="netdev01.org" default_off="expired">
+
+	<target host="netdev01.org" />
+	<target host="www.netdev01.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Netdialog.se.xml b/src/chrome/content/rules/Netdialog.se.xml
index c175aa10c414..917eb0e507d7 100644
--- a/src/chrome/content/rules/Netdialog.se.xml
+++ b/src/chrome/content/rules/Netdialog.se.xml
@@ -1,7 +1,7 @@
 <!--
 	CDN buckets:
 
-		- s3.netdialog.se.s3.amazonaws.com 
+		- s3.netdialog.se.s3.amazonaws.com
 
 			- s3.netdialog.se
 
diff --git a/src/chrome/content/rules/Netdna-ssl.com.xml b/src/chrome/content/rules/Netdna-ssl.com.xml
new file mode 100644
index 000000000000..79faf5699110
--- /dev/null
+++ b/src/chrome/content/rules/Netdna-ssl.com.xml
@@ -0,0 +1,21 @@
+<!--
+	For other MaxCDN coverage, see MaxCDN.com.xml.
+
+	Notes:
+	This is a ruleset for a CDN. Note that it should work in most
+	cases, but due to the properties of a CDN it is not possible to
+	test it on all sites. Please report problems.
+
+-->
+<ruleset name="NetDNA-SSL.com (CDN)">
+
+	<target host="*.netdna-ssl.com" />
+
+		<test url="http://thumbnails-visually.netdna-ssl.com/" />
+		<test url="http://2c5pah1z6hb21uo7d01fenam-wpengine.netdna-ssl.com/wp-content/plugins/revslider/admin/assets/images/dummy.png" />
+		<test url="http://ffp4g1ylyit3jdyti1hqcvtb-wpengine.netdna-ssl.com/press-de/files/2014/11/Search_Image.png" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Netdoktor.se.xml b/src/chrome/content/rules/Netdoktor.se.xml
index b1c2269e19c7..07099972dcc3 100644
--- a/src/chrome/content/rules/Netdoktor.se.xml
+++ b/src/chrome/content/rules/Netdoktor.se.xml
@@ -1,7 +1,44 @@
-<ruleset name="Netdoktor.se" platform="mixedcontent">
-  <target host="www.netdoktor.se" />
-  <target host="netdoktor.se" />
-  <rule from="^http://www\.netdoktor\.se/" to="https://www.netdoktor.se/"/>
-  <rule from="^http://netdoktor\.se/" to="https://www.netdoktor.se/"/>
+<!--
+	NB: server sends no certificate chain, see https://whatsmychaincert.com
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- netdoktor.se
+		- www.netdoktor.se
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css from $self ˢ
+		- Images from $self ˢ
+		- favicon from $self ˢ
+
+		- Ads, from:
+
+			- ad1.emediate.dk ˢ
+			- www.mynewsdesk.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Netdoktor.se (false MCB)" default_off="expired, missing certificate chain" platform="mixedcontent">
+
+	<target host="netdoktor.se" />
+	<target host="www.netdoktor.se" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?netdoktor\.se$" name="^(?:survey_toggle|vepa)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
 
diff --git a/src/chrome/content/rules/Netelligent.xml b/src/chrome/content/rules/Netelligent.xml
index 5c7f97fb349a..d8bbbf864470 100644
--- a/src/chrome/content/rules/Netelligent.xml
+++ b/src/chrome/content/rules/Netelligent.xml
@@ -1,12 +1,35 @@
-<ruleset name="Netelligent (partial)" platform="mixedcontent">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://netelligent.ca/ => https://netelligent.ca/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://iam.netelligent.ca/ => https://iam.netelligent.ca/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.netelligent.ca/ => https://www.netelligent.ca/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	Nonfunctional hosts in *netelligent.ca:
+
+		- promo *
+
+	* Plaintext reply
+
+
+	Mixed content:
+
+		- css on (www.)? from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Netelligent.ca (partial)" default_off="failed ruleset test">
 
 	<target host="netelligent.ca"/>
 	<target host="iam.netelligent.ca"/>
 	<target host="www.netelligent.ca"/>
 
-	<rule from="^http://(\w+\.)?netelligent\.ca/"
-		to="https://$1netelligent.ca/"/>
 
-	<securecookie host="^(\w+\.)?netelligent\.ca$" name=".*"/>
+	<securecookie host="^(?:\w+\.)?netelligent\.ca$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Netfilter.org.xml b/src/chrome/content/rules/Netfilter.org.xml
index 3afd3b80dab8..f294bd793ee4 100644
--- a/src/chrome/content/rules/Netfilter.org.xml
+++ b/src/chrome/content/rules/Netfilter.org.xml
@@ -1,38 +1,47 @@
 <!--
 	Nonfunctional subdomains:
 
-		- (www.) *
 		- ftp *
-		- people	(http reply)
+		- planet
+	* Shows bugzilla.netfilter.org
 
-	* Shows vishnu
 
+	Problematic hosts in *netfilter.org:
 
-	Fully covered subdomains:
+		- patchwork *
+		- svn *
+		- vishnu *
 
-		- bugzilla
-		- git
-		- lists
-		- svn
-		- vishnu
+	* Shows bugzilla.netfilter.org
 
 
-	Observed cookie domains:
+	Insecure cookies are set for these hosts:
 
-		- bugzilla
-		- svn
-		- vishnu
+		- bugzilla.netfilter.org
 
 -->
-<ruleset name="Netfilter.org (partial)" platform="cacert">
+<ruleset name="Netfilter.org (partial)">
 
-	<target host="*.netfilter.org" />
+	<!--	Direct rewrites:
+				-->
+	<target host="netfilter.org" />
+	<target host="bugzilla.netfilter.org" />
+	<target host="git.netfilter.org" />
+	<target host="ipset.netfilter.org" />
+	<target host="lists.netfilter.org" />
+	<target host="people.netfilter.org" />
+	<target host="workshop.netfilter.org" />
+	<target host="www.netfilter.org" />
 
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^bugzilla\.netfilter\.org$" name="^(?:Bugzilla_login_request_cookie|DEFAULTFORMAT)$" /-->
+
 	<securecookie host=".+\.netfilter\.org$" name=".+" />
 
 
-	<rule from="^http://(bugzilla|git|lists|svn)\.netfilter\.org/"
-		to="https://$1.netfilter.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Netfirms.xml b/src/chrome/content/rules/Netfirms.xml
index 589d76f5e425..92fcb634dda7 100644
--- a/src/chrome/content/rules/Netfirms.xml
+++ b/src/chrome/content/rules/Netfirms.xml
@@ -1,13 +1,15 @@
 <ruleset name="Netfirms">
 
 	<target host="netfirms.com" />
-	<target host="*.netfirms.com" />
+	<target host="images.netfirms.com" />
+	<target host="secure.netfirms.com" />
+	<target host="www.netfirms.com" />
+	<target host="www2.netfirms.com" />
 
 
-	<securecookie host="^\.netfirms\.com$" name=".*" />
+	<securecookie host="^\.netfirms\.com$" name=".+" />
 
 
-	<rule from="^http://(images\.|secure\.|www2?\.)?netfirms\.com/"
-		to="https://$1netfirms.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Netflame.cc.xml b/src/chrome/content/rules/Netflame.cc.xml
index 279373becc39..52dd9676f31c 100644
--- a/src/chrome/content/rules/Netflame.cc.xml
+++ b/src/chrome/content/rules/Netflame.cc.xml
@@ -1,4 +1,9 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://hints.netflame.cc/ => https://hints.netflame.cc/: (51, "SSL: no alternative certificate subject name matches target host name 'hints.netflame.cc'")
+Fetch error: http://ssl-hints.netflame.cc/ => https://ssl-hints.netflame.cc/: (51, "SSL: no alternative certificate subject name matches target host name 'ssl-hints.netflame.cc'")
+
 	For other Digital River coverage, see Digital-River.xml.
 
 
@@ -15,12 +20,13 @@
 		- fcR
 
 -->
-<ruleset name="netflame.cc">
+<ruleset name="netflame.cc" default_off="failed ruleset test">
 
-	<target host="*.netflame.cc" />
+	<target host="hints.netflame.cc" />
+	<target host="ssl-hints.netflame.cc" />
 
 
-	<rule from="^http://(ssl-)?hints\.netflame\.cc/"
-		to="https://$1hints.netflame.cc/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Netflix.com-problematic.xml b/src/chrome/content/rules/Netflix.com-problematic.xml
new file mode 100644
index 000000000000..699afc60ea8d
--- /dev/null
+++ b/src/chrome/content/rules/Netflix.com-problematic.xml
@@ -0,0 +1,15 @@
+<!--
+	For rules that are on by default, see Netflix.xml.
+-->
+<ruleset name="Netflix.com (buggy)" default_off="various things break">
+
+	<target host="ca.netflix.com" />
+	<target host="blog.netflix.com" />
+	<target host="developer.netflix.com"/>
+	<target host="techblog.netflix.com" />
+	<target host="ukirelandblog.netflix.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Netflix.xml b/src/chrome/content/rules/Netflix.xml
index fba333ddcaae..57f456f96391 100644
--- a/src/chrome/content/rules/Netflix.xml
+++ b/src/chrome/content/rules/Netflix.xml
@@ -1,55 +1,96 @@
 <!--
-	CDN buckets:
-
-		- netflix.hs.llnwd.net/e1/us/
-
-			- jsapi
-
-
-	Problematic subdomains:
-
-		- jsapi	(400; mismatched, CN: *.hs.llnwd.net)
+	Disabled per multiple user reports of intermittent breakage, one of which is at
+	https://github.com/EFForg/https-everywhere/issues/2232.
 
+	For problematic rules, see Netflix.com-problematic.xml.
 
-	Fully covered subdomains:
 
-		- jsapi		(→ netflix.hs.llnwd.net)
+	CDN buckets:
 
--->
-<ruleset name="Netflix (buggy)" default_off="various things break">
+		- images.netflix.com.edgesuite.net
 
-	<target host="netflix.com" />
-	<target host="*.netflix.com" />
-		<!--
-			blog, techblog, ukirelandblog:
+			- jsapi
 
-				- Hosted on Blogger
-				- Shows Google 404 page
+		- netflix.gilroystaging.co.uk
+		- netflix.hs.llnwd.net/e1/us/
 
-			developer:
 
-				- Handled in Mashery-clients.xml
+	Nonfunctional hosts in *netflix.com:
 
-			ir:
+		- blog ¹
+		- developer ²
+		- techblog ¹
+		- ukirelandblog ¹
+		- image
 
-				- Cert: *.shareholder.com
-				- Throws 403
+	¹ Blogger
+	² Mismatched
 
-			jobs:
+	Insecure cookies are set for these domains and hosts:
 
-				- reset
+		- .netflix.com
+		- .cl.netflix.com
+		- contactus.netflix.com
+		- help.netflix.com
+		- .help.netflix.com
+		- openconnect.netflix.com
 
-			-->
-		<exclusion pattern="^http://(blog|developer|ir|jobs|techblog|ukirelandblog)\.netflix\.com/" />
+	Trying to secure all cookies breaks dvd.netflix.com
 
+	Mixed content:
 
-	<securecookie host="^(contactus|signup)\.netflix\.com$" name=".*" />
+		- Images on help from secure *
 
+	* Secured by us
 
-	<rule from="^http://jsapi\.netflix\.com/"
-		to="https://netflix.hs.llnwd.net/e1/" />
+-->
+<ruleset name="Netflix.com (partial)" >
 
-	<rule from="^http://([^/:@\.]+\.)?netflix\.com/"
-		to="https://$1netflix.com/" />
+	<target host="netflix.com" />
+	<target host="account.netflix.com" />
+	<target host="api-global.netflix.com" />
+	<target host="contactus.netflix.com" />
+	<target host="customerevents.netflix.com" />
+	<target host="dvd.netflix.com" />
+	<target host="help.netflix.com" />
+	<target host="ir.netflix.com" />
+	<target host="jobs.netflix.com" />
+	<!--<target host="jsapi.netflix.com" /> cert only valid for akamai -->
+	<target host="ncds.netflix.com" />
+	<target host="openconnect.netflix.com" />
+	<target host="secure.netflix.com" />
+	<target host="signup.netflix.com" />
+	<target host="www.netflix.com" />
+	<target host="www1.netflix.com" />
+	<target host="www2.netflix.com" />
+	<target host="www3.netflix.com" />
+	<target host="pr.netflix.com" />
+	<target host="media.netflix.com" />
+
+	<target host="assets.nflxext.com" />
+	<target host="so-s.nflximg.net" />
+	<target host="tp-s.nflximg.net" />
+	<target host="www2-ext-s.nflximg.net" />
+	<target host="scdn.nflximg.net" />
+
+	<target host="*.isp.nflxvideo.net" />
+	<target host="*.ix.nflxvideo.net" />
+
+		<!--	Redirect to http:
+						-->
+		<!--exclusion pattern="^http://ca\.netflix\.com/($|\?)" /-->
+		<!--exclusion pattern="^http://(blog|ca|developer|ir|techblog|ukirelandblog)\.netflix\.com/" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.netflix\.com$" name="^(NetflixId|SID|memclid|tlr|zuulrgn)$" /-->
+	<!--securecookie host="^\.cl\.netflix\.com$" name="^cL$" /-->
+	<!--securecookie host="^\.(contactus|help)\.netflix\.com$" name="^hcVisitorId$" /-->
+	<!--securecookie host="^help\.netflix\.com$" name="^JSESSIONID$" /-->
+	<!--securecookie host="^openconnect\.netflix\.com$" name="^X-Mapping-\w+$" /-->
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Netfox.ru.xml b/src/chrome/content/rules/Netfox.ru.xml
new file mode 100644
index 000000000000..13dd4e9f73f9
--- /dev/null
+++ b/src/chrome/content/rules/Netfox.ru.xml
@@ -0,0 +1,11 @@
+<!--www. mismatch-->
+<ruleset name="Netfox.ru">
+	<target host="netfox.ru" />
+	<target host="www.netfox.ru" />
+	<target host="my.netfox.ru" />
+
+	<rule from="^http://www\.netfox\.ru/"
+		to="https://netfox.ru/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Netgate.com.xml b/src/chrome/content/rules/Netgate.com.xml
new file mode 100644
index 000000000000..33303e51cd22
--- /dev/null
+++ b/src/chrome/content/rules/Netgate.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Netgate.com">
+  <target host="netgate.com" />
+  <target host="www.netgate.com" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Netgear.xml b/src/chrome/content/rules/Netgear.xml
index a7624a5bc0a9..37727288a87a 100644
--- a/src/chrome/content/rules/Netgear.xml
+++ b/src/chrome/content/rules/Netgear.xml
@@ -1,23 +1,23 @@
-<!--
-	Nonfunctional subdomains:
-
-		- powershift
-		- (www.)	(times out)
-
--->
-<ruleset name="Netgear (partial)" platform="mixedcontent">
+<ruleset name="Netgear (partial)">
 
 	<target host="netgear.com" />
-	<target host="*.netgear.com" />
-
-
-	<securecookie host="^my\.netgear\.com$" name=".*" />
-
-
-	<rule from="^https?://(?:www\.)?netgear\.com/css/img/(?:(backgrounds/(?:body|nav)_bg\.jpg)|logos/(logo-netgear\.gif))"
-		to="https://my.netgear.com/myNETGEAR/includes/images/$1$2" />
-
-	<rule from="^http://my\.netgear\.com/"
-		to="https://my.netgear.com/" />
+	<target host="www.netgear.com" />
+	<target host="api.netgear.com" />
+	<target host="www.downloads.netgear.com" />
+	<target host="es.netgear.com" />
+	<target host="facebook.netgear.com" />
+	<target host="license.netgear.com" />
+	<target host="m.netgear.com" />
+	<target host="my.netgear.com" />
+	<target host="policy.netgear.com" />
+	<target host="powershift.netgear.com" />
+	<target host="support.netgear.com" />
+	<target host="th.netgear.com" />
+	<target host="updates.netgear.com" />
+	<target host="za.netgear.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Netgroup.dk.xml b/src/chrome/content/rules/Netgroup.dk.xml
new file mode 100644
index 000000000000..19a29d02a500
--- /dev/null
+++ b/src/chrome/content/rules/Netgroup.dk.xml
@@ -0,0 +1,27 @@
+<!--
+	Other Netgroup rulesets:
+
+		- Ncloud.dk.xml
+
+
+	Mixed content:
+
+		- Image from $self *
+
+		- Ads/web bugs, from:
+
+			- $self *
+			- trk.enecto.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Netgroup.dk">
+
+	<target host="netgroup.dk" />
+	<target host="www.netgroup.dk" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Netguava.xml b/src/chrome/content/rules/Netguava.xml
index 4870a77e4e5e..4d85b2ccaca9 100644
--- a/src/chrome/content/rules/Netguava.xml
+++ b/src/chrome/content/rules/Netguava.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(www\.)?netguava\.com/(app/|contact(?:$|\?)|c[ms]s/|favicon\.ico|images/|js/|scripts/)"
 		to="https://$1netguava.com/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Nether.xml b/src/chrome/content/rules/Nether.xml
index 823e134f2088..183b0315a680 100644
--- a/src/chrome/content/rules/Nether.xml
+++ b/src/chrome/content/rules/Nether.xml
@@ -1,7 +1,7 @@
 <ruleset name="Nether">
   <target host="puck.nether.net" />
 
-  <securecookie host="^puck\.nether\.net$" name=".*"/>
+  <securecookie host="^puck\.nether\.net$" name=".+" />
 
-  <rule from="^http://puck\.nether\.net/" to="https://puck.nether.net/"/>
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Netim.com.xml b/src/chrome/content/rules/Netim.com.xml
new file mode 100644
index 000000000000..dcc2a05fc44b
--- /dev/null
+++ b/src/chrome/content/rules/Netim.com.xml
@@ -0,0 +1,15 @@
+<!--
+	Invalid certificate:
+		support.netim.com
+	Secure connection failed:
+		zonecheck.netim.com
+-->
+<ruleset name="Netim.com">
+	<target host="netim.com" />
+	<target host="www.netim.com" />
+	<target host="api.netim.com" />
+
+	<securecookie host="^(www|api)\.netim\.com$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Netistrar.com-problematic.xml b/src/chrome/content/rules/Netistrar.com-problematic.xml
new file mode 100644
index 000000000000..51bda6204598
--- /dev/null
+++ b/src/chrome/content/rules/Netistrar.com-problematic.xml
@@ -0,0 +1,17 @@
+<!--
+	For rules that are on by default, see Netistrar.com.xml.
+
+-->
+<ruleset name="Netistrar.com (expired)" default_off="expired">
+
+	<target host="netistrar.com" />
+	<target host="www.netistrar.com" />
+
+
+	<securecookie host="^www\.netistrar\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Netistrar.com.xml b/src/chrome/content/rules/Netistrar.com.xml
new file mode 100644
index 000000000000..0fba07c9d74e
--- /dev/null
+++ b/src/chrome/content/rules/Netistrar.com.xml
@@ -0,0 +1,44 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://secure.netistrar.com/ => https://secure.netistrar.com/: (7, 'Failed to connect to secure.netistrar.com port 443: Connection refused')
+
+	For problematic rules, see Netistrar.com-problematic.xml.
+
+
+	Nonfunctional hosts in *netistrar.com:
+
+		- trade *
+
+	* Refused
+
+
+	(www.)?netistrar.com: Expired
+
+
+	Insecure cookies are set for these domains:
+
+		- secure.netistrar.com
+		- www.netistrar.com
+
+-->
+<ruleset name="Netistrar.com (partial)" default_off="failed ruleset test">
+
+	<!--target host="netistrar.com" /-->
+	<target host="secure.netistrar.com" />
+	<!--target host="www.netistrar.com" /-->
+
+
+	<!-- Not secured by server:
+					-->
+	<!--securecookie host="^secure\.netistrar\.com$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^www\.netistrar\.com$" name="^wordpress_test_cookie$" /-->
+
+	<!--securecookie host="^(?:secure|www)\.netistrar\.com$" name=".+" /-->
+	<securecookie host="^secure\.netistrar\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Netlib.org.xml b/src/chrome/content/rules/Netlib.org.xml
new file mode 100644
index 000000000000..29b615659786
--- /dev/null
+++ b/src/chrome/content/rules/Netlib.org.xml
@@ -0,0 +1,11 @@
+<!--
+	Mismatch:
+		- ftp.netlib.org
+-->
+<ruleset name="Netlib.org">
+	<target host="netlib.org" />
+	<target host="www.netlib.org" />
+	<target host="performance.netlib.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Netline.com.xml b/src/chrome/content/rules/Netline.com.xml
deleted file mode 100644
index 484b52f3ff63..000000000000
--- a/src/chrome/content/rules/Netline.com.xml
+++ /dev/null
@@ -1,36 +0,0 @@
-<!--
-	Other NetLine rulesets:
-
-		- RevResponse.com.xml
-
-
-		- netline-d3.openxenterprise.com
-
-			- ox-d.netline.com
-
-
-	Nonfunctional subdomains:
-
-		- (www.)	(shows my; mismatched, CN: my.netline.com)
-
-
-	Problematic subdomains:
-
-		- ox-d	(mismatched, CN: *.openxenterprise.com)
-
--->
-<ruleset name="netline.com (partial)">
-
-	<target host="ox-d.netline.com" />
-
-
-	<rule from="^http://my\.netline\.com/"
-		to="https://my.netline.com/" />
-
-	<!--rule from="^http://ox-d\.netline\.com/"
-		to="https://netline-d3.openxenterprise.com/" /-->
-
-	<rule from="^http://ox-d\.netline\.com/w/1\.0/afr\?cc=1&amp;auid=(\d+)&amp;cb="
-		to="https://u.openx.net/w/1.0/sc?r=https%3A%2F%2Fox-d.netline.com%2Fw%2F1.0%2Fafr%3Fcc%3D1%26auid%3D$1%26cb%3D" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Netload.xml b/src/chrome/content/rules/Netload.xml
index 853e7c58a569..4403f2573a15 100644
--- a/src/chrome/content/rules/Netload.xml
+++ b/src/chrome/content/rules/Netload.xml
@@ -1,13 +1,19 @@
-<ruleset name="Netload">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://netload.in/ => https://netload.in/: (6, 'Could not resolve host: netload.in')
+Fetch error: http://www.netload.in/ => https://www.netload.in/: (6, 'Could not resolve host: www.netload.in')
+
+-->
+<ruleset name="Netload" default_off="failed ruleset test">
 
 	<target host="netload.in" />
-	<target host="*.netload.in" />
+	<target host="www.netload.in" />
 
 
 	<securecookie host="^(?:w*\.)?netload\.in$" name=".+" />
 
 
-	<rule from="^http://(www\.)?netload\.in/"
-		to="https://$1netload.in/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Netmarble.xml b/src/chrome/content/rules/Netmarble.xml
index 17e44f0e1a73..6dc13a48d0fd 100644
--- a/src/chrome/content/rules/Netmarble.xml
+++ b/src/chrome/content/rules/Netmarble.xml
@@ -49,7 +49,14 @@
 <ruleset name="Netmarble (partial)">
 
 	<target host="netmarble.com" />
-	<target host="*.netmarble.com" />
+	<target host="auth.netmarble.com" />
+	<target host="bill.netmarble.com" />
+	<target host="nbill.netmarble.com" />
+	<target host="img.netmarble.com" />
+	<target host="simg.netmarble.com" />
+	<target host="member.netmarble.com" />
+	<target host="www.netmarble.com" />
+	<target host="img.cdn.global.netmarble.com" />
 
 
 	<securecookie host="^(?:auth|www)\.netmarble\.com$" name=".+" />
@@ -58,10 +65,9 @@
 	<rule from="^http://netmarble\.com/"
 		to="https://www.netmarble.com/" />
 
-	<rule from="^http://(auth|n?bill|s?img|member|www)\.netmarble\.com/"
-		to="https://$1.netmarble.com/" />
 
 	<rule from="^http://img\.cdn\.global\.netmarble\.com/"
 		to="https://simg.netmarble.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Netnod.se.xml b/src/chrome/content/rules/Netnod.se.xml
new file mode 100644
index 000000000000..ae4cb995612d
--- /dev/null
+++ b/src/chrome/content/rules/Netnod.se.xml
@@ -0,0 +1,29 @@
+<!--
+	^: refused
+
+
+	Mixed content:
+
+		- Images from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Netnod.se">
+
+	<target host="netnod.se" />
+	<target host="www.netnod.se" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.netnod.se$" name="^SESS[0-9a-f]{32}$" /-->
+	<!--securecookie host="^www\.netnod.se$" name="^csrftoken$" /-->
+
+	<securecookie host="^(?:www)?\.netnod.se$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?netnod\.se/"
+		to="https://www.netnod.se/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Netpol.org.xml b/src/chrome/content/rules/Netpol.org.xml
new file mode 100644
index 000000000000..0f579b643b9d
--- /dev/null
+++ b/src/chrome/content/rules/Netpol.org.xml
@@ -0,0 +1,24 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- netpol.org
+		- www.netpol.org
+
+-->
+<ruleset name="Netpol.org">
+
+	<target host="netpol.org" />
+	<target host="www.netpol.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?netpol\.org$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^(?:www\.)?netpol\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Nets-DanID.xml b/src/chrome/content/rules/Nets-DanID.xml
deleted file mode 100644
index 1e6dbd1efbc6..000000000000
--- a/src/chrome/content/rules/Nets-DanID.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<ruleset name="Nets DanID">
-
-	<target host="nets-danid.dk"/>
-	<target host="www.nets-danid.dk"/>
-
-	<securecookie host="^www\.nets-danid\.dk$" name=".*"/>
-
-	<rule from="^http://(www\.)?nets-danid\.dk/"
-		to="https://$1nets-danid.dk/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Netscape.com.xml b/src/chrome/content/rules/Netscape.com.xml
new file mode 100644
index 000000000000..e391d6f5e548
--- /dev/null
+++ b/src/chrome/content/rules/Netscape.com.xml
@@ -0,0 +1,31 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://netscape.com/ => https://netscape.aol.com/: (7, 'Failed to connect to netscape.aol.com port 443: Connection refused')
+Fetch error: http://home.netscape.com/ => https://netscape.aol.com/: (7, 'Failed to connect to netscape.aol.com port 443: Connection refused')
+Fetch error: http://www.netscape.com/ => https://netscape.aol.com/: (7, 'Failed to connect to netscape.aol.com port 443: Connection refused')
+
+	For other AOL coverage, see AOL.xml.
+
+-->
+<ruleset name="Netscape.com" default_off="failed ruleset test">
+
+	<!--	Complications:
+				-->
+	<target host="netscape.com" />
+	<target host="home.netscape.com" />
+	<target host="mail.netscape.com" />
+	<target host="webmail.netscape.com" />
+	<target host="www.netscape.com" />
+
+
+	<!--	- Doesn't work over https.
+		- Redirects as so.
+					-->
+	<rule from="^http://(?:home\.|www\.)?netscape\.com/"
+		to="https://netscape.aol.com/" />
+
+	<rule from="^http://(?:web)?mail\.netscape\.com/"
+		to="https://my.screenname.aol.com/_cqr/login/login.psp?sitedomain=sns.webmail.aol.com" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Netsekure.org.xml b/src/chrome/content/rules/Netsekure.org.xml
new file mode 100644
index 000000000000..a98b9019bf34
--- /dev/null
+++ b/src/chrome/content/rules/Netsekure.org.xml
@@ -0,0 +1,26 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://netsekure.org/ => https://netsekure.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://tests.netsekure.org/ => https://tests.netsekure.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.netsekure.org/ => https://www.netsekure.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://netsekure.org/ => https://netsekure.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+	Mixed content:
+
+		- Images on ^ from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="netsekure.org" default_off="failed ruleset test">
+
+	<target host="netsekure.org" />
+	<target host="tests.netsekure.org" />
+	<target host="www.netsekure.org" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Netswarm.net.xml b/src/chrome/content/rules/Netswarm.net.xml
index 12a3fee6c80b..b8ba9ed89b09 100644
--- a/src/chrome/content/rules/Netswarm.net.xml
+++ b/src/chrome/content/rules/Netswarm.net.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(?:www\.)?netswarm\.net/"
 		to="https://www.netswarm.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Nettica.xml b/src/chrome/content/rules/Nettica.xml
index ece03f8febf6..e34297a6c445 100644
--- a/src/chrome/content/rules/Nettica.xml
+++ b/src/chrome/content/rules/Nettica.xml
@@ -1,4 +1,10 @@
-<ruleset name="Nettica">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://nettica.com/ => https://www.nettica.com/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="Nettica" default_off="failed ruleset test">
   <target host="nettica.com" />
   <target host="www.netteca.com" />
 
diff --git a/src/chrome/content/rules/Nettog.dk.xml b/src/chrome/content/rules/Nettog.dk.xml
new file mode 100644
index 000000000000..b27770d96335
--- /dev/null
+++ b/src/chrome/content/rules/Nettog.dk.xml
@@ -0,0 +1,10 @@
+<ruleset name="nettog.dk">
+
+	<target host="nettog.dk"/>
+	<target host="www.nettog.dk"/>
+
+	<securecookie host="^(?:www)?\.nettog\.dk$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Netveano.com.xml b/src/chrome/content/rules/Netveano.com.xml
new file mode 100644
index 000000000000..acd97311afde
--- /dev/null
+++ b/src/chrome/content/rules/Netveano.com.xml
@@ -0,0 +1,16 @@
+<!--
+	Private subdomain:
+		webmail.netveano.com
+		whm.netveano.com
+
+-->
+<ruleset name="Netveano">
+
+	<target host="netveano.com" />
+	<target host="www.netveano.com" />
+	<target host="store.netveano.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Netveano.xml b/src/chrome/content/rules/Netveano.xml
deleted file mode 100644
index 7012103d77dc..000000000000
--- a/src/chrome/content/rules/Netveano.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="Netveano" default_off="expired, self-signed">
-
-	<target host="netveano.com" />
-	<target host="www.netveano.com" />
-
-	<!--	Cert doesn't match www.		-->
-	<rule from="^http://(?:www\.)?netveano\.com/"
-		to="https://netveano.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Netverify.xml b/src/chrome/content/rules/Netverify.xml
index 555fcbdbcd93..bd022954829b 100644
--- a/src/chrome/content/rules/Netverify.xml
+++ b/src/chrome/content/rules/Netverify.xml
@@ -5,13 +5,13 @@
 <ruleset name="Netverify">
 
 	<target host="netverify.com" />
-	<target host="*.netverify.com" />
+	<target host="pay.netverify.com" />
+	<target host="static.netverify.com" />
 
 
 	<securecookie host="^(?:pay\.)?netverify\.com$" name=".+" />
 
 
-	<rule from="^http://(pay\.|static\.)?netverify\.com/"
-		to="https://$1netverify.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Netvibes.com.xml b/src/chrome/content/rules/Netvibes.com.xml
index 5367a825205e..b528c62fc58b 100644
--- a/src/chrome/content/rules/Netvibes.com.xml
+++ b/src/chrome/content/rules/Netvibes.com.xml
@@ -1,12 +1,11 @@
 <!-- https://trac.torproject.org/projects/tor/ticket/7132 -->
-<ruleset name="Netvibes (buggy)" platform="mixedcontent" default_off="Breaks widgets">
+<ruleset name="Netvibes.com">
 
 	<target host="netvibes.com"/>
 	<target host="www.netvibes.com"/>
+	<target host="cdn.netvibes.com"/>
 
-	<rule from="^http://(www\.)?netvibes\.com/"
-		to="https://www.netvibes.com/"/>
-
-	<securecookie host="^www\.netvibes\.com$" name=".*"/>
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Netviewer.com.xml b/src/chrome/content/rules/Netviewer.com.xml
new file mode 100644
index 000000000000..dc6399fa4b34
--- /dev/null
+++ b/src/chrome/content/rules/Netviewer.com.xml
@@ -0,0 +1,34 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://my.netviewer.com/ => https://my.netviewer.com/: (28, 'Connection timed out after 20000 milliseconds')
+
+	For other Citrix coverage, see Citrix.xml.
+
+
+	Insecure cookies are set for these hosts:
+
+		- netviewer.com
+		- www.netviewer.com
+
+-->
+<ruleset name="Netviewer.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="netviewer.com" />
+	<target host="my.netviewer.com" />
+	<target host="www.netviewer.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?netviewer\.com$" name="^JSESSIONID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Netways.de.xml b/src/chrome/content/rules/Netways.de.xml
new file mode 100644
index 000000000000..9c7d8e35239a
--- /dev/null
+++ b/src/chrome/content/rules/Netways.de.xml
@@ -0,0 +1,46 @@
+<!--
+	Problematic hosts in *netways.de:
+
+		- jobs *
+
+	* Shows ^netways.de
+
+
+	Insecure cookies are set for these domains:
+
+		- .netways.de
+
+-->
+<ruleset name="Netways.de">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="netways.de" />
+	<target host="blog.netways.de" />
+	<target host="shop.netways.de" />
+	<target host="www.netways.de" />
+
+	<!--	Complications:
+				-->
+	<target host="jobs.netways.de" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.netways\.de$" name="^fe_typo_user$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<!--	Redirect drops path and forward,
+		slash, but not args:
+					-->
+	<rule from="^http://jobs\.netways\.de/[^?]*"
+		to="https://www.netways.de/ueber_netways/arbeiten_bei_netways/" />
+
+		<test url="http://jobs.netways.de//home.htm" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Network-Depot.xml b/src/chrome/content/rules/Network-Depot.xml
index f37a5b32fb3b..83323a7435d4 100644
--- a/src/chrome/content/rules/Network-Depot.xml
+++ b/src/chrome/content/rules/Network-Depot.xml
@@ -1,24 +1,12 @@
 <!--
-	CDN buckets:
-
-		- d1n2i0nchws850.cloudfront.net
-
-
-	Nonfunctional subdomains:
-
-		- (www.)	(rx_record_too_long)
-		- engage	(times out)
-
+	Non-functional hosts
+		Incomplete certificate chain error:
+		- onestepahead.networkdepot.com
 -->
 <ruleset name="Network Depot (partial)">
+	<target host="networkdepot.com" />
+	<target host="tips.networkdepot.com" />
+	<target host="www.networkdepot.com" />
 
-	<target host="*.networkdepot.com" />
-
-
-	<securecookie host="^.+\.networkdepot\.com$" name=".+" />
-
-
-	<rule from="^http://(onestepahead|support|tips)\.networkdepot\.com/"
-		to="https://$1.networkdepot.com/" />
-
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Network-Redux.xml b/src/chrome/content/rules/Network-Redux.xml
index 4815de4150e4..452537b77feb 100644
--- a/src/chrome/content/rules/Network-Redux.xml
+++ b/src/chrome/content/rules/Network-Redux.xml
@@ -1,9 +1,13 @@
-<ruleset name="Network Redux">
+<!--
+	Refused
+
+-->
+<ruleset name="Network Redux" default_off="broken">
 
 	<target host="networkredux.com" />
 	<target host="www.networkredux.com" />
 
-	<rule from="^http://(www\.)?networkredux\.com/"
+	<rule from="^http://(?:www\.)?networkredux\.com/"
 		to="https://networkredux.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Network-Science-Center-blog.xml b/src/chrome/content/rules/Network-Science-Center-blog.xml
deleted file mode 100644
index fb1cc10fa74f..000000000000
--- a/src/chrome/content/rules/Network-Science-Center-blog.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="Network Science Center blog" default_off="mismatch">
-
-	<!--	Cert: *.fatcow.com	-->
-	<target host="netsciwestpoint.org" />
-	<target host="*.netsciwestpoint.org" />
-
-
-	<!--	All redirect to blog.	-->
-	<rule from="^https?://(?:blog\.|www\.)?netsciwestpoint\.org/"
-		to="https://blog.netsciwestpoint.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Network-Solutions.xml b/src/chrome/content/rules/Network-Solutions.xml
index 4862beeade90..a9de0d60c11e 100644
--- a/src/chrome/content/rules/Network-Solutions.xml
+++ b/src/chrome/content/rules/Network-Solutions.xml
@@ -46,7 +46,7 @@
 
 
 	<securecookie host="^\.networksolutions\.com$" name="^s_\w+$" />
-	<securecookie host="^www\.networksolutions\.com$" name=".*" />
+	<securecookie host="^www\.networksolutions\.com$" name=".+" />
 
 
 	<rule from="^http://(?:cms\.|www\.)?networksolutions\.com(:443)?/"
diff --git a/src/chrome/content/rules/Network-for-Good.xml b/src/chrome/content/rules/Network-for-Good.xml
index 666e0be1a3eb..57bb8826c23e 100644
--- a/src/chrome/content/rules/Network-for-Good.xml
+++ b/src/chrome/content/rules/Network-for-Good.xml
@@ -6,20 +6,43 @@
 
 	Nonfunctional subdomains:
 
-		- www1		(Akamai; 503)
+		- www1 *
 
+	* 404, akamai
 
-	Note: server is configured for rc4 only.
+
+	Fully covered domains:
+
+		- networkforgood.org
+
+		- (?!www1\.)*.networkforgood.org:
+
+			- assets
+			- donatenow
+			- npo
+			- npo1
+			- www
 
 -->
-<ruleset name="Network for Good (cert warning)">
+<ruleset name="Network for Good.org">
 
 	<target host="networkforgood.org" />
 	<target host="*.networkforgood.org" />
+
 		<exclusion pattern="^http://www1\." />
 
+			<test url="http://www1.networkforgood.org/" />
+
+		<test url="http://account.networkforgood.org/" />
+		<test url="http://npo.networkforgood.org/" />
+		<test url="http://www.networkforgood.org/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^donatenow\.networkforgood\.org$" name="^ASP\.NET_SessionId$" /-->
 
-	<securecookie host="^npo1?\.networkforgood\.org$" name=".+" />
+	<securecookie host="^\w+\.networkforgood\.org$" name=".+" />
 
 
 	<rule from="^http://(\w+\.)?networkforgood\.org/"
diff --git a/src/chrome/content/rules/Network23.org.xml b/src/chrome/content/rules/Network23.org.xml
new file mode 100644
index 000000000000..fa32249fdcf4
--- /dev/null
+++ b/src/chrome/content/rules/Network23.org.xml
@@ -0,0 +1,34 @@
+<!--
+	www.network23.org: Redirects to http
+
+
+	Insecure cookies are set for these hosts:
+
+		- network23.org
+
+-->
+<ruleset name="network23.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="network23.org" />
+
+	<!--	Complications:
+				-->
+	<target host="www.network23.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="network23\.org" name="^PHPSESSID$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://www\.network23\.org/"
+		to="https://network23.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NetworkTimeFoundation.org.xml b/src/chrome/content/rules/NetworkTimeFoundation.org.xml
new file mode 100644
index 000000000000..a7d77e33662c
--- /dev/null
+++ b/src/chrome/content/rules/NetworkTimeFoundation.org.xml
@@ -0,0 +1,64 @@
+<!--
+	Mixed content:
+		- css on (www.) from fonts.googleapis.com *
+		- Images on (www.) from nwtime.org *
+	* Secured by us
+
+	Invalid certificate:
+		c.networktimefoundation.org
+		fw.networktimefoundation.org
+		members.networktimefoundation.org
+		c.nwtime.org
+		fw.nwtime.org
+		linuxptp.nwtime.org
+		members.nwtime.org
+		ntp.nwtime.org
+		shop.nwtime.org
+
+	No working URL known:
+		mail.networktimefoundation.org
+		imap.nwtime.org
+		lists.nwtime.org
+		mail.nwtime.org
+
+	Different content http/https:
+		owncloud.nwtime.org
+
+-->
+<ruleset name="Network Time Foundation.org">
+
+	<target host="networktimefoundation.org" />
+	<target host="www.networktimefoundation.org" />
+	<target host="ic.networktimefoundation.org" />
+	<target host="imap.networktimefoundation.org" />
+	<target host="shop.networktimefoundation.org" />
+	<target host="wiki.networktimefoundation.org" />
+
+	<target host="nwtime.org" />
+	<target host="www.nwtime.org" />
+	<target host="c1.nwtime.org" />
+	<target host="got.nwtime.org" />
+	<target host="ic.nwtime.org" />
+	<target host="linuxptp.nwtime.org" />
+	<target host="ntp.nwtime.org" />
+	<target host="web.nwtime.org" />
+	<target host="wiki.nwtime.org" />
+
+	<!--	Secured by server:
+					-->
+	<!--securecookie host="^(ic|wiki)\.(networktimefoundation|nwtime)\.org$" name="^(FOSWIKISTRIKEONE|SFOSWIKISID)$" /-->
+	<!--securecookie host="^imap\.networktimefoundation\.org$" name="^SQMSESSID$" /-->
+	<!--
+		Not secured by server:
+					-->
+	<!--securecookie host="^rt\.nwtime\.org$" name="^RT_SID_Network\ Time\ Foundation\.443$" /-->
+
+	<securecookie host="^rt\.nwtime\.org$" name=".+" />
+
+	<rule from="^http://(linuxptp|ntp)\.nwtime\.org/"
+		to="https://nwtime.org/projects/$1/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NetworkWorld-mismatches.xml b/src/chrome/content/rules/NetworkWorld-mismatches.xml
index 3dec60c193ee..8f7bcd7bb32b 100644
--- a/src/chrome/content/rules/NetworkWorld-mismatches.xml
+++ b/src/chrome/content/rules/NetworkWorld-mismatches.xml
@@ -2,7 +2,7 @@
 	For rules that are on by default, see NetworkWorld.xml.
 
 -->
-<ruleset name="NetworkWorld (mismatches)" default_off="mismatch" platform="mixedcontent">
+<ruleset name="NetworkWorld (mismatches)" default_off="mismatched" platform="mixedcontent">
 
 	<target host="events.networkworld.com" />
 
@@ -10,7 +10,6 @@
 	<!--	Cookies are handled in the main ruleset.	-->
 
 
-	<rule from="^http://events\.networkworld\.com/"
-		to="https://events.networkworld.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/NetworkWorld.xml b/src/chrome/content/rules/NetworkWorld.xml
index f2566bd3e978..a1c6ea5e10d6 100644
--- a/src/chrome/content/rules/NetworkWorld.xml
+++ b/src/chrome/content/rules/NetworkWorld.xml
@@ -1,4 +1,12 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://networkworld.com/ => https://www.networkworld.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.networkworld.com'")
+Fetch error: http://subscribenww.com/ => https://subscribenww.com/: (60, 'SSL certificate problem: self signed certificate')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://networkworld.com/ => https://www.networkworld.com/: (28, 'Connection timed out after 10001 milliseconds')
+Fetch error: http://subscribenww.com/ => https://subscribenww.com/: (60, 'SSL certificate problem: self signed certificate')
 	For problematic rules, see NetworkWorld-mismatches.xml.
 
 
@@ -8,6 +16,7 @@
 	CDN buckets:
 
 		- computerworld.com.edgesuite.net
+		- edge.networkworld.com.edgekey.net
 		- networkworld.mobify.me
 
 
@@ -23,25 +32,49 @@
 
 	Problematic subdomains:
 
+		- edge ¹
 		- events	(works, mismatched, CN: *.eiseverywhere.com)
 		- m		(redirects to www; mismatched, CN: *.mobify.com)
 
+	¹ 403; mismatched, CN: www.networkworld.com
+
+
+	Mixed content:
+
+		- Images, on www from:
+
+			- $self *
+			- computerworld.com.edgesuite.net *
+
+		- Ads/web bugs, on www from:
+
+			- tags.bkrtx.com *
+			- admin.brightcove.com *
+			- api.demandbase.com *
+			- content.dl-rms.com *
+			- ad.doubleclick.net *
+			- pubads.g.doubleclick.net *
+			- apis.google.com *
+			- ai.hitbox.com *
+			- b.scorecardresearch.com *
 
-	Mixed images from computerworld.com.edgesuite.net
+	* Secured by us
 
 -->
-<ruleset name="NetworkWorld (partial)">
+<ruleset name="NetworkWorld (partial)" default_off="failed ruleset test">
 
 	<target host="networkworld.com" />
-	<target host="*.networkworld.com" />
+	<target host="edge.networkworld.com" />
+	<target host="www.networkworld.com" />
+	<target host="m.networkworld.com" />
 	<target host="subscribenww.com" />
-	<target host="*.subscribenww.com" />
+	<target host="www.subscribenww.com" />
 
 
-	<securecookie host="^(?:.*\.)?(?:networkworld|subscribenww)\.com$" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
 
-	<rule from="^http://(?:www\.)?networkworld\.com/"
+	<rule from="^http://(?:edge\.|www\.)?networkworld\.com/"
 		to="https://www.networkworld.com/" />
 
 	<rule from="^http://m\.networkworld\.com/(mobify|static)/"
diff --git a/src/chrome/content/rules/Network_Advertising_Initiative.xml b/src/chrome/content/rules/Network_Advertising_Initiative.xml
index 6087b1ea525c..f3c6651a75aa 100644
--- a/src/chrome/content/rules/Network_Advertising_Initiative.xml
+++ b/src/chrome/content/rules/Network_Advertising_Initiative.xml
@@ -1,13 +1,17 @@
-<ruleset name="Network Advertising Initiative">
+<!--
+	Network Advertising Initiative
+
+-->
+<ruleset name="Network Advertising.org">
 
 	<target host="networkadvertising.org" />
-	<target host="*.networkadvertising.org" />
+	<target host="www.networkadvertising.org" />
 
 
 	<securecookie host="^(?:w*\.)?networkadvertising\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?networkadvertising\.org/"
-		to="https://$1networkadvertising.org/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Network_Computing.xml b/src/chrome/content/rules/Network_Computing.xml
index 0a20f449a7e7..ec036e79ef73 100644
--- a/src/chrome/content/rules/Network_Computing.xml
+++ b/src/chrome/content/rules/Network_Computing.xml
@@ -12,7 +12,7 @@
 <ruleset name="Network Computing" default_off="mismatched, self-signed">
 
 	<target host="networkcomputing.com" />
-	<target host="*.networkcomputing.com" />
+	<target host="www.networkcomputing.com" />
 
 
 	<!--securecookie host="^\.networkcomputing\.com$" name="^(s_\w\w|s_fid|s_lv_s|us_ubm_aut|__utm\w)$" /-->
@@ -22,4 +22,4 @@
 	<rule from="^http://(?:www\.)?networkcomputing\.com/"
 		to="https://www.networkcomputing.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Network_Maker.xml b/src/chrome/content/rules/Network_Maker.xml
deleted file mode 100644
index 884900ae387c..000000000000
--- a/src/chrome/content/rules/Network_Maker.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- ^	(500; mismatched, CN: *.socialgo.com)
-		- www	(shows another domain, valid cert)
-
--->
-<ruleset name="Network Maker (partial)">
-
-	<target host="signup.network-maker.com" />
-
-
-	<securecookie host="^signup\.network-maker\.com$" name=".+" />
-
-
-	<rule from="^http://signup\.network-maker\.com/"
-		to="https://signup.network-maker.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/NetworkedBlogs.xml b/src/chrome/content/rules/NetworkedBlogs.xml
index 27b3bb1352a8..131a0c2197dc 100644
--- a/src/chrome/content/rules/NetworkedBlogs.xml
+++ b/src/chrome/content/rules/NetworkedBlogs.xml
@@ -9,22 +9,23 @@
 
 	Problematic subdomains:
 
-		- ^	(self-signed)
+		- ^	(Handshake fails)
 
 -->
 <ruleset name="NetworkedBlogs">
 
 	<target host="networkedblogs.com" />
-	<target host="*.networkedblogs.com" />
+	<target host="www.networkedblogs.com" />
+	<target host="nwidget.networkedblogs.com" />
 
 
 	<securecookie host="^www\.networkedblogs\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?networkedblogs\.com/"
+	<rule from="^http://(?:www\.)?networkedblogs\.com/"
 		to="https://www.networkedblogs.com/" />
 
-	<rule from="^https?://nwidget\.networkedblogs\.com/getnetworkwidget"
+	<rule from="^http://nwidget\.networkedblogs\.com/getnetworkwidget"
 		to="https://www.networkedblogs.com/getnetworkwidget" />
 
 	<!-- https://mail1.eff.org/pipermail/https-everywhere/2013-February/001680.html -->
diff --git a/src/chrome/content/rules/Networkhm.com.xml b/src/chrome/content/rules/Networkhm.com.xml
deleted file mode 100644
index 92053901014c..000000000000
--- a/src/chrome/content/rules/Networkhm.com.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	Problematic subdomains:
-
-		- ads	(mismatched, CN: *.adnxs.com)
-
--->
-<ruleset name="networkhm.com">
-
-	<target host="ads.networkhm.com" />
-
-
-	<rule from="^http://ads\.networkhm\.com/"
-		to="https://ib.adnxs.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Netzfreiheit.org.xml b/src/chrome/content/rules/Netzfreiheit.org.xml
new file mode 100644
index 000000000000..d52063bfa7a4
--- /dev/null
+++ b/src/chrome/content/rules/Netzfreiheit.org.xml
@@ -0,0 +1,16 @@
+<!--
+	Initiative für Netzfreiheit
+
+-->
+<ruleset name="Netzfreiheit.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="netzfreiheit.org" />
+	<target host="www.netzfreiheit.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Netzguerilla.net.xml b/src/chrome/content/rules/Netzguerilla.net.xml
new file mode 100644
index 000000000000..2afff47a1830
--- /dev/null
+++ b/src/chrome/content/rules/Netzguerilla.net.xml
@@ -0,0 +1,16 @@
+<!--
+	www: cert only matches ^netzguerilla.net
+
+-->
+<ruleset name="netzguerilla.net">
+
+	<target host="netzguerilla.net" />
+	<target host="lists.netzguerilla.net" />
+	<target host="webmail.netzguerilla.net" />
+	<target host="www.netzguerilla.net" />
+
+
+	<rule from="^http://(?:(lists\.|webmail\.)|www\.)?netzguerilla\.net/"
+		to="https://$1netzguerilla.net/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Netzpolitik.xml b/src/chrome/content/rules/Netzpolitik.xml
index 95c98a93bd87..d8233407b70c 100644
--- a/src/chrome/content/rules/Netzpolitik.xml
+++ b/src/chrome/content/rules/Netzpolitik.xml
@@ -1,6 +1,30 @@
-<ruleset name="Netzpolitik.org" platform="mixedcontent">
+<!--
+  Invalid certificate:
+    2048.netzpolitik.org
+    asset.netzpolitik.org
+    conference.netzpolitik.org
+    matrix.netzpolitik.org
+    movim.netzpolitik.org
+    pound.netzpolitik.org
+    riot.netzpolitik.org
+    xmpp.netzpolitik.org
+-->
+<ruleset name="Netzpolitik.org">
+
   <target host="netzpolitik.org" />
   <target host="www.netzpolitik.org" />
+  <target host="10.netzpolitik.org" />
+  <target host="11.netzpolitik.org" />
+  <target host="12.netzpolitik.org" />
+  <target host="13.netzpolitik.org" />
+  <target host="be.netzpolitik.org" />
+  <target host="cdn.netzpolitik.org" />
+  <target host="hackmd.netzpolitik.org" />
+  <target host="proxy.netzpolitik.org" />
+  <target host="stories.netzpolitik.org" />
+  <target host="spenden.netzpolitik.org" />
+  <target host="vcs.netzpolitik.org" />
+
+  <rule from="^http:"	to="https:" />
 
-	<rule from="^http://(?:www\.)?netzpolitik\.org/" to="https://netzpolitik.org/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/Netztaucher.xml b/src/chrome/content/rules/Netztaucher.xml
index e2b4806cc2b5..98a93d368feb 100644
--- a/src/chrome/content/rules/Netztaucher.xml
+++ b/src/chrome/content/rules/Netztaucher.xml
@@ -4,16 +4,36 @@
 		- (www.)netztaucher.com		(shows kundenserver42; mismatched, CN: kundenserver42.kundenserver42.de)
 		- www.stu.kundenserver42.de	(403, valid cert)
 
+
+	Problematic hosts in *kundenserver42.de:
+
+		- www.kundenserver ᵐ
+
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- kundenserver42.kundenserver42.de
+		- stu.kundenserver42.de
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
 -->
 <ruleset name="die netztaucher (partial)">
 
-	<target host="*.kundenserver42.de" />
+	<target host="kundenserver42.kundenserver42.de" />
+	<target host="stu.kundenserver42.de" />
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:kundenserver42|stu)\.kundenserver42\.de$" name="^SID$" /-->
 
-	<securecookie host="^(?:(?:www\.)?kundenserver42|stu)\.kundenserver42\.de$" name=".+" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^http://((?:www\.)?kundenserver42|stu)\.kundenserver42\.de/"
-		to="https://$1.kundenserver42.de/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/NeuStar.xml b/src/chrome/content/rules/NeuStar.xml
index a6767c768247..82e703af2485 100644
--- a/src/chrome/content/rules/NeuStar.xml
+++ b/src/chrome/content/rules/NeuStar.xml
@@ -1,42 +1,130 @@
+
 <!--
-	Other NeuStar rulesets:
+Disabled by https-everywhere-checker because:
+Fetch error: http://atsevents.neustar.biz/ => https://atsevents.neustar.biz/: (6, 'Could not resolve host: atsevents.neustar.biz')
+Fetch error: http://platformone.neustar.biz/ => https://platformone.neustar.biz/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://registry.neustar.biz/ => https://registry.neustar.biz/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	Other Neustar rulesets:
 
+		- Browsermob.com.xml
+		- NPAC.com.xml
+		- Neustar_Localeze.biz.xml
+		- Neuweb.biz.xml
 		- UltraDNS.xml
+		- Webmetrics.com.xml
+		- Neustar.com.xml
+		- UltraTools.com.xml
 
 
 	Nonfunctional domains:
 
-		- blog.neustar.biz
 		- (www.)neustarlife.biz	(cert: www.neustarlife.biz; shows blank page)
 
+
+	Problematic hosts:
+
+		- community.neustar.biz *
+		- ipintelligence.neustar.biz *
+
+	* Server sends no certificate chain, see https://whatsmychaincert.com
+
+
+	Fully covered hosts:
+
+		- (www.)?
+		- atsevents
+		- blog
+		- ebill
+		- hello
+		- leap
+		- ns-cdn
+		- numbering
+		- platformone
+		- registry
+		- siteprotect
+
+		- alert.wpm
+		- crowd.wpm
+		- diagnostics.wpm
+		- home.wpm
+		- load.wpm
+		- monitor.wpm
+		- rum.wpm
+		- script.wpm
+		- static.wpm
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .neustar.biz
+		- community.neustar.biz
+		- hello.neustar.biz
+		- leap.neustar.biz
+		- registry.neustar.biz
+		- siteprotect.neustar.biz
+
+		- alert.wpm.neustar.biz
+		- crowd.wpm.neustar.biz
+		- diagnostics.wpm.neustar.biz
+		- home.wpm.neustar.biz
+		- load.wpm.neustar.biz
+		- monitor.wpm.neustar.biz
+		- rum.wpm.neustar.biz
+		- script.wpm.neustar.biz
+		- static.wpm.neustar.biz
+
 -->
-<ruleset name="NeuStar">
+<ruleset name="Neustar.biz (partial)" default_off="failed ruleset test">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="neustar.biz" />
-	<target host="www.neustar.biz" />
-	<target host="neustar.com" />
-	<target host="*.neustar.com" />
-	<target host="neustarultraservices.biz" />
-	<target host="www.neustarultraservices.biz" />
+	<target host="atsevents.neustar.biz" />
+	<target host="blog.neustar.biz" />
+	<!--target host="community.neustar.biz" /-->
+	<target host="ebill.neustar.biz" />
+	<target host="hello.neustar.biz" />
+	<!--target host="ipintelligence.neustar.biz" /-->
+	<target host="leap.neustar.biz" />
+	<target host="ns-cdn.neustar.biz" />
+	<target host="numbering.neustar.biz" />
+	<target host="platformone.neustar.biz" />
+	<target host="registry.neustar.biz" />
+	<target host="siteprotect.neustar.biz" />
 
+	<target host="alert.wpm.neustar.biz" />
+	<target host="crowd.wpm.neustar.biz" />
+	<target host="diagnostics.wpm.neustar.biz" />
+	<target host="home.wpm.neustar.biz" />
+	<target host="load.wpm.neustar.biz" />
+	<target host="monitor.wpm.neustar.biz" />
+	<target host="rum.wpm.neustar.biz" />
+	<target host="script.wpm.neustar.biz" />
+	<target host="static.wpm.neustar.biz" />
+
+	<target host="www.neustar.biz" />
 
-	<securecookie host="^(www\.)?neustar\.biz$" name=".*" />
-	<securecookie host="^payment\.neustar\.com$" name=".*" />
+	<!--	Mismatched:
+				-->
+	<!--target host="neustarultraservices.biz" /-->
+	<!--target host="www.neustarultraservices.biz" /-->
 
 
-	<rule from="^http://(www\.)?neustar\.biz/"
-		to="https://$1neustar.biz/" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.neustar\.biz$" name="^(PS_TOKEN|\w+-\d+-PORTAL-PSJSESSIONID)$" /-->
+	<!--securecookie host="^(community|hello)\.neustar\.biz$" name="^BIGipServer[\w-]+$" /-->
+	<!--securecookie host="^community\.neustar\.biz$" name="^(JSESSIONID|jive\.server\.info)$" /-->
+	<!--securecookie host="^leap\.neustar\.biz$" name="^(JSESSIONID|neustar\.cookie-\d+)$" /-->
+	<!--securecookie host="^registry\.neustar\.biz$" name="^\w{10}$" /-->
+	<!--securecookie host="^(registry|siteprotect|load\.wpm)\.neustar\.biz$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^(alert|crowd|diagnostics|home|load|monitor|rum|script|static)\.wpm\.neustar\.biz$" name="^neustar_cookie$" /-->
 
-	<!--	- Cert only matches (*.)neustar.biz
-		- .com 301s like so
-		- ...services.biz 301s:
+	<securecookie host="^(?:(?:hello|leap|registry|siteprotect|\w+\.wpm|www)\.)?neustar\.biz$" name=".+" />
 
-			neustarultraservices.biz → ultradns.com → neustar.biz
-										-->
-	<rule from="^https?://(?:www\.)?neustar\.com/"
-		to="https://www.neustar.biz/" />
 
-	<rule from="^http://payment\.neustar\.com/"
-		to="https://payment.neustar.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Neudesic-Media-Group.xml b/src/chrome/content/rules/Neudesic-Media-Group.xml
index 7b4a4a1932d2..a4b1fc591717 100644
--- a/src/chrome/content/rules/Neudesic-Media-Group.xml
+++ b/src/chrome/content/rules/Neudesic-Media-Group.xml
@@ -1,11 +1,17 @@
-<ruleset name="Neudesic Media Group (partial)">
 
-	<target host="ads.neudesicmediagroup.com"/>
-	<target host="*.ads.neudesicmediagroup.com"/>
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ads.neudesicmediagroup.com/ => https://ads.neudesicmediagroup.com/: (28, 'Connection timed out after 20001 milliseconds')
 
-	<securecookie host="^(.*\.)?ads\.neudesicmediagroup\.com$" name=".*"/>
+Disabled by https-everywhere-checker because:
+Fetch error: http://ads.neudesicmediagroup.com/ => https://ads.neudesicmediagroup.com/: (28, 'Connection timed out after 10001 milliseconds')
+-->
+<ruleset name="Neudesic Media Group (partial)" default_off="failed ruleset test">
 
-	<rule from="^http://ads\.neudesicmediagroup\.com/"
-		to="https://ads.neudesicmediagroup.com/"/>
+	<target host="ads.neudesicmediagroup.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Neustar.com.xml b/src/chrome/content/rules/Neustar.com.xml
new file mode 100644
index 000000000000..9c7e89a52a83
--- /dev/null
+++ b/src/chrome/content/rules/Neustar.com.xml
@@ -0,0 +1,37 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://payment.neustar.com/ => https://payment.neustar.com/: (51, "SSL: no alternative certificate subject name matches target host name 'payment.neustar.com'")
+
+-->
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://payment.neustar.com/ => https://payment.neustar.com/: (51, "SSL: no alternative certificate subject name matches target host name 'payment.neustar.com'")
+
+	For other NeuStar coverage, see NeuStar.xml.
+
+-->
+<ruleset name="Neustar.com" default_off="failed ruleset test">
+
+	<target host="neustar.com" />
+	<target host="payment.neustar.com" />
+	<target host="www.neustar.com" />
+
+
+	<securecookie host="^payment\.neustar\.com$" name=".+" />
+
+
+	<!--	- Cert only matches (*.)neustar.biz
+		- .com 301s like so
+		- ...services.biz 301s:
+
+			neustarultraservices.biz → ultradns.com → neustar.biz
+										-->
+	<rule from="^http://(?:www\.)?neustar\.com/"
+		to="https://www.neustar.biz/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Neustar_Localeze.biz.xml b/src/chrome/content/rules/Neustar_Localeze.biz.xml
new file mode 100644
index 000000000000..35a7807053b9
--- /dev/null
+++ b/src/chrome/content/rules/Neustar_Localeze.biz.xml
@@ -0,0 +1,21 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://neustarlocaleze.biz/ => https://neustarlocaleze.biz/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.neustarlocaleze.biz/ => https://www.neustarlocaleze.biz/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	For other NeuStar coverage, see NeuStar.xml.
+
+-->
+<ruleset name="Neustar Localeze.biz" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="neustarlocaleze.biz" />
+	<target host="www.neustarlocaleze.biz" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Neuweb.biz.xml b/src/chrome/content/rules/Neuweb.biz.xml
new file mode 100644
index 000000000000..3aabed171771
--- /dev/null
+++ b/src/chrome/content/rules/Neuweb.biz.xml
@@ -0,0 +1,20 @@
+<!--
+	For other Neustar coverage, see NeuStar.xml.
+
+
+	Fully covered hosts:
+
+		- ns-cdn
+
+-->
+<ruleset name="Neuweb.biz">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ns-cdn.neuweb.biz" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NeverDDoS.com.xml b/src/chrome/content/rules/NeverDDoS.com.xml
deleted file mode 100644
index e1cac8039c25..000000000000
--- a/src/chrome/content/rules/NeverDDoS.com.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="NeverDDoS.com">
-
-	<target host="neverddos.com" />
-	<target host="*.neverddos.com" />
-
-
-	<securecookie host="^(?:w*\.)?neverddos\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?neverddos\.com/"
-		to="https://$1neverddos.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Nevill_Holt_Opera.xml b/src/chrome/content/rules/Nevill_Holt_Opera.xml
index 70d132320044..ce0bb40c5f04 100644
--- a/src/chrome/content/rules/Nevill_Holt_Opera.xml
+++ b/src/chrome/content/rules/Nevill_Holt_Opera.xml
@@ -1,19 +1,25 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://nevillholtopera.net/ => https://www.nevillholtopera.net/: (60, 'SSL certificate problem: self signed certificate')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://nevillholtopera.net/ => https://www.nevillholtopera.net/: (60, 'SSL certificate problem: self signed certificate')
 	Problematic subdomains:
 
 		- ^	("Error"; mismatched, CN: *.eurodiet.co.uk)
 
 -->
-<ruleset name="Nevill Holt Opera">
+<ruleset name="Nevill Holt Opera" default_off="failed ruleset test">
 
 	<target host="nevillholtopera.net" />
-	<target host="*.nevillholtopera.net" />
+	<target host="www.nevillholtopera.net" />
 
 
 	<securecookie host="^w*\.nevillholtopera\.net$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?nevillholtopera\.net/"
+	<rule from="^http://(?:www\.)?nevillholtopera\.net/"
 		to="https://www.nevillholtopera.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Nevistas_Health.com.xml b/src/chrome/content/rules/Nevistas_Health.com.xml
new file mode 100644
index 000000000000..41f7c2cfb491
--- /dev/null
+++ b/src/chrome/content/rules/Nevistas_Health.com.xml
@@ -0,0 +1,27 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://nevistashealth.com/ => https://nevistashealth.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.nevistashealth.com/ => https://www.nevistashealth.com/: (60, 'SSL certificate problem: certificate has expired')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://nevistashealth.com/ => https://nevistashealth.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.nevistashealth.com/ => https://www.nevistashealth.com/: (60, 'SSL certificate problem: certificate has expired')
+	Mixed content:
+
+		- css from fonts.googleapis.com *
+
+		- Images from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Nevistas Health.com" default_off="failed ruleset test">
+
+	<target host="nevistashealth.com" />
+	<target host="www.nevistashealth.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/New-Dream-Network.xml b/src/chrome/content/rules/New-Dream-Network.xml
index 39711cf5389c..9eeb77ae804d 100644
--- a/src/chrome/content/rules/New-Dream-Network.xml
+++ b/src/chrome/content/rules/New-Dream-Network.xml
@@ -1,13 +1,18 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://newdream.net/ => https://newdream.net/: (60, 'SSL certificate problem: certificate has expired')
+
 	Other New Dream Network rulesets:
 
 		- DreamHost.xml
 
 -->
-<ruleset name="New Dream Network">
+<ruleset name="New Dream Network" default_off="failed ruleset test">
 
 	<target host="newdream.net" />
-	<target host="*.newdream.net" />
+	<target host="secure.newdream.net" />
+	<target host="www.newdream.net" />
 
 
 	<!--	www: Cert only matches ^newdream.net.
@@ -15,4 +20,4 @@
 	<rule from="^http://(?:(secure\.)|www\.)?newdream\.net/"
 		to="https://$1newdream.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/New-Matilda.xml b/src/chrome/content/rules/New-Matilda.xml
index 213becf85b5e..a440d928ccd7 100644
--- a/src/chrome/content/rules/New-Matilda.xml
+++ b/src/chrome/content/rules/New-Matilda.xml
@@ -1,11 +1,25 @@
-<ruleset name="New Matilda" default_off="expired, self-signed">
+<!--
+	Insecure cookies are set for these domains and hosts:
+
+		- newmatilda.com
+		- .newmatilda.com
+
+-->
+<ruleset name="New Matilda.com">
 
 	<target host="newmatilda.com"/>
 	<target host="www.newmatilda.com"/>
 
-	<rule from="^http://(www\.)?newmatilda\.com/"
-		to="https://newmatilda.com/"/>
 
-	<securecookie host="^\.newmatilda\.com$" name=".*"/>
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^newmatilda\.com$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^\.newmatilda\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/New-Moon-Girls-Online.xml b/src/chrome/content/rules/New-Moon-Girls-Online.xml
index 4d5c076ea10b..eccd4f6f1899 100644
--- a/src/chrome/content/rules/New-Moon-Girls-Online.xml
+++ b/src/chrome/content/rules/New-Moon-Girls-Online.xml
@@ -1,6 +1,20 @@
-<ruleset name="New Moon Girls Online">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://newmoon.com/ => https://www.newmoon.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.newmoon.com'")
+Fetch error: http://www.newmoon.com/ => https://www.newmoon.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.newmoon.com'")
+
+-->
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://newmoon.com/ => https://www.newmoon.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.newmoon.com'")
+Fetch error: http://www.newmoon.com/ => https://www.newmoon.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.newmoon.com'")
+
+-->
+<ruleset name="New Moon Girls Online" default_off="failed ruleset test">
 	<target host="newmoon.com" />
 	<target host="www.newmoon.com" />
 
-	<rule from="^http://(www\.)?newmoon\.com/" to="https://www.newmoon.com/" />
-</ruleset>
\ No newline at end of file
+	<rule from="^http://(?:www\.)?newmoon\.com/" to="https://www.newmoon.com/" />
+</ruleset>
diff --git a/src/chrome/content/rules/New-Relic.xml b/src/chrome/content/rules/New-Relic.xml
index 01d33baefe7a..75a13e9f2cba 100644
--- a/src/chrome/content/rules/New-Relic.xml
+++ b/src/chrome/content/rules/New-Relic.xml
@@ -1,4 +1,10 @@
 <!--
+	Other New Relic rulesets:
+
+		- NR-assets.net.xml
+		- NR-data.net.xml
+
+
 	CDN buckets:
 
 		- rewrelic.statuspage.io
@@ -12,44 +18,86 @@
 
 	Problematic subdomains:
 
-		- status	(mismatched, CN: *.statuspage.io)
-
-
-	Partially covered subdomains:
+		- blog-static *
+		- get *
 
-		- blog		($ redirects to http)
-
--->
-<ruleset name="New Relic (partial)">
-
-	<target host="newrelic.com" />
-	<target host="*.newrelic.com" />
-		<exclusion pattern="^http://blog\.newrelic\.com/(?!wp-(?:admin(?:$|[?/])|content/|includes/|login\.php))" />
+	* NetDNA
 
 
-	<securecookie host="^(?:.*\.)?newrelic\.com$" name=".+" />
+	Fully covered domains:
 
+		- blog-assets.newrelic.com	(→ blog)
 
-	<rule from="^http://status\.newrelic\.com/"
-		to="https://newrelic.statuspage.io/" />
-
-	<!--	Encountered subdomains:
+		- [\w-]+.newrelic.com:
 
 			- beacon
 			- beacon-[1-4]
+			- blog
+			- discuss
+			- docs
 			- js-agent
+			- login
 			- rpm
 			- rpm-images
 			- rpm-instart
 			- staging
 			- staging-beacon-1
+			- staging-discuss
+			- status
 			- support
+			- trust
+			- try
+			- www
 
-				- hosted on Zendesk, but cert matches.
 
-			- www
-				-->
-	<rule from="^http://([\w-]+\.)?newrelic\.com/"
-		to="https://$1newrelic.com/" />
+	Insecure cookies are set for these hosts:
+
+		- rpm.newrelic.com
+		- try.newrelic.com
+
+
+	Mixed content:
+
+		- css on blog from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="New Relic.com">
+
+	<target host="newrelic.com" />
+	<target host="*.newrelic.com" />
+
+		<exclusion pattern="^http://get\.newrelic\.com" />
+
+			<test url="http://get.newrelic.com/" />
+
+		<exclusion pattern="^http://(?:[^./]+\.){2,}newrelic\.com/" />
+
+			<!--	+ve:
+					-->
+			<test url="http://this.host.newrelic.com/" />
+			<test url="http://exists.not.newrelic.com/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^rpm\.newrelic\.com$" name="^omniauth\.states$" /-->
+	<!--securecookie host="^try\.newrelic\.com$" name="^BIGipServer" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://blog-assets\.newrelic\.com/"
+		to="https://blog.newrelic.com/" />
+
+		<test url="http://blog-assets.newrelic.com/wp-includes/js/jquery/jquery.js" />
+
+	<rule from="^http:"
+		to="https:" />
+
+		<test url="http://docs.newrelic.com/" />
+		<test url="http://rpm.newrelic.com/" />
+		<test url="http://www.newrelic.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/New-York-City.xml b/src/chrome/content/rules/New-York-City.xml
index ddc0b4c59076..33905fd86be3 100644
--- a/src/chrome/content/rules/New-York-City.xml
+++ b/src/chrome/content/rules/New-York-City.xml
@@ -1,47 +1,131 @@
+
 <!--
-	For other US government coverage, see US-government.xml.
+Disabled by https-everywhere-checker because:
+Fetch error: http://nyc.gov/ => https://nyc.gov/: (60, 'SSL certificate problem: self signed certificate in certificate chain')
+Fetch error: http://a856-citystore.nyc.gov/ => https://a856-citystore.nyc.gov/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 
--->
-<ruleset name="New York City (partial)">
 
-	<target host="nyc.gov" />
-	<target host="*.nyc.gov" />
-		<!--exclusion pattern="^http://(?:www\.)?nyc\.gov/(?:apps/311|html/index\.html|html/misc/gif/)" /-->
-	<target host="www.comptroller.nyc.gov" />
 
+	Nonfunctional hosts in *nyc.gov:
+
+		- schools *
 
-	<securecookie host="^comptroller\.nyc\.gov$" name=".*" />
+	* Dropped
 
 
-	<!--	These paths 404 over https:
+	Problematic hosts in *nyc.gov:
 
-			- html/index.html
-			- html/misc/gif/buz_express_module.gif
+		- www.comptroller *
 
-		These paths don't:
+	* Mismatched
 
-			- portal/apps/threeoneone/site_launch/css/stylesheet.css
-			- portal/apps/threeoneone/site_launch/img/footer.gif
-			- portal/css/nycgov2003.css
-			- portal/images/headers/nycgov/banner_man_midtownnight.jpg
 
+	Insecure cookies are set for these domains and hosts:
 
-		These paths 302 to http:
+		- .nyc.gov
+		- a127-ess.nyc.gov
 
-			- apps/311/advancedSearch.htm
-			- apps/311/feedbackForm.htm
 
+	Mixed content:
 
-		These paths redirect to http, but don't force doing so:
+		- css on a856-citystore from www.facebook.com *
 
-			- portal/site/nycgov/menuitem.beb0d8fdaa9e1607a62fa24601c789a0/
+	* Secured by us
 
+
+	For www, these paths redirect to http, but don't force doing so:
+
+		- portal/site/nycgov/menuitem.beb0d8fdaa9e1607a62fa24601c789a0/
+
+-->
+<ruleset name="NYC.gov (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="nyc.gov" />
+	<target host="a127-ess.nyc.gov" />
+	<target host="a856-citystore.nyc.gov" />
+	<target host="comptroller.nyc.gov" />
+	<target host="www.nyc.gov" />
+
+	<!--	Complications:
 				-->
-	<rule from="^http://(www\.)?nyc\.gov/(portal/(?:apps/threeoneone/site_launch/(?:css|img)|css|images)/)"
-		to="https://$1nyc.gov/$2" />
+	<target host="www.comptroller.nyc.gov" />
 
-	<!--	Cert only matches //comptroller.	-->
-	<rule from="^https?://(?:www\.)?comptroller\.nyc\.gov/"
+		<!--	404:
+				-->
+		<!--exclusion pattern="^http://(?:www\.)?nyc\.gov/(?:html/index\.html|html/misc/gif/buz_express_module\.gif)" /-->
+		<!--
+			Redirects to http:
+						-->
+		<!--exclusion pattern="^http://(?:www\.)?nyc\.gov/apps/311/(?:advancedSearch|feedbackForm)\.html" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://(?:www\.)?nyc\.gov/(?!$|portal/(?:apps/threeoneone/site_launch/(?:css|img)|css|images)/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.nyc.gov/apps/311/advancedSearch.htm" />
+			<test url="http://www.nyc.gov/apps/311/feedbackForm.htm" />
+			<test url="http://www.nyc.gov/html/index.html" />
+			<test url="http://www.nyc.gov/html/misc/gif/buz_express_module.gif" />
+			<test url="http://www.nyc.gov/pops" />
+			<test url="http://www.nyc.gov/reinventpayphones/" />
+			<test url="http://www.nyc.gov/service" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.nyc.gov/portal/apps/threeoneone/site_launch/css/stylesheet.css" />
+			<test url="http://www.nyc.gov/portal/apps/threeoneone/site_launch/img/footer.gif" />
+			<test url="http://www.nyc.gov/portal/css/nycgov2003.css" />
+			<test url="http://www.nyc.gov/portal/images/headers/nycgov/banner_man_midtownnight.jpg" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www1\.nyc\.gov/$" /-->
+		<!--
+			404:
+				-->
+		<!--exclusion pattern="http://www1\.nyc.gov/site/olr/wellness/wellness-flu-shot.page" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="http://www1\.nyc.gov/+(?!assets/(?:home/css/(?:includ|modul|pag)es|home/images/global|olr/css/|olr/images/content)/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www1.nyc.gov/home/" />
+			<test url="http://www1.nyc.gov/jobs" />
+			<test url="http://www1.nyc.gov/nyc-resources/" />
+			<test url="http://www1.nyc.gov/nyc-resources/service/2493/smoking" />
+			<test url="http://www1.nyc.gov/nyc-resources/service/2650/tuberculosis" />
+			<test url="http://www1.nyc.gov/sandytracker/" />
+			<test url="http://www1.nyc.gov/site/olr/wellness/wellness-flu-shot.page" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www1.nyc.gov/assets/home/css/includes/header-agencies.css" />
+			<test url="http://www1.nyc.gov/assets/home/css/modules/news-panel.css" />
+			<test url="http://www1.nyc.gov/assets/home/css/pages/agencies/inside.css" />
+			<test url="http://www1.nyc.gov/assets/home/images/global/print.png" />
+			<test url="http://www1.nyc.gov/assets/olr/css/agency-styles.css" />
+			<test url="http://www1.nyc.gov/assets/olr/images/content/agency/related-links.png" />
+			<test url="http://www1.nyc.gov/assets/olr/images/content/header/logo.png" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.nyc\.gov$" name="^PS_TOKEN$" /-->
+	<!--securecookie host="^a127-ess\.nyc\.gov$" name="^prdess-8040-PORTAL-PSJSESSIONID$" /-->
+
+	<securecookie host="^(?:a127-ess|comptroller)\.nyc\.gov$" name=".+" />
+
+
+	<rule from="^http://www\.comptroller\.nyc\.gov/"
 		to="https://comptroller.nyc.gov/" />
 
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/New-York-University-mismatches.xml b/src/chrome/content/rules/New-York-University-mismatches.xml
index 4da3975dc98e..603b0b0920b3 100644
--- a/src/chrome/content/rules/New-York-University-mismatches.xml
+++ b/src/chrome/content/rules/New-York-University-mismatches.xml
@@ -2,7 +2,7 @@
 	For rules that are on by default, see New-York-University.xml.
 
 -->
-<ruleset name="New York University (mismatches)" default_off="mismatch">
+<ruleset name="NYU.edu (mismatches)" default_off="mismatched">
 
 	<target host="events.nyu.edu" />
 
@@ -11,7 +11,6 @@
 
 
 	<!--	Cert: www.nyu.edu	-->
-	<rule from="^http://events\.nyu\.edu/"
-		to="https://events.nyu.edu/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/New-York-University.xml b/src/chrome/content/rules/New-York-University.xml
index daf565c87446..b7c42491c26f 100644
--- a/src/chrome/content/rules/New-York-University.xml
+++ b/src/chrome/content/rules/New-York-University.xml
@@ -1,20 +1,160 @@
 <!--
+	New York University
+
 	For problematic rules, see New-York-University-mismatches.xml.
 
 
 	Nonfunctional subdomains:
 
+		- albert ¹
 		- (www.)gsas
 		- stern		(times out)
 
+	¹ Refused
+
+
+	Problematic subdomains:
+
+		- admissions ¹
+		- bookstores ¹
+		- www.cims ²
+		- www.cs ²
+		- www.g4li ²
+		- www.home ²
+		- www.math ²
+		- www.mrl ²
+		- www.steinhardt ²
+
+	¹ Mismatched
+	² Cert only matches ^foo
+
+
+	Partially covered subdomains:
+
+		- engineering *
+
+	* Some pages redirect to http
+
+
+	Fully covered subdomains:
+
+		- (www.)?
+		- admissions		(→ www)
+		- (www.)?bookstores	(^ → www)
+		- (www.)cims		(www → ^)
+		- (www.)?cs		(www → ^)
+		- vlg.cs
+		- (www.)?g4li		(www → ^)
+		- (www.)?home		(www → ^)
+		- its.law
+
+		- library
+		- arch.library
+		- getit.library
+		- login.library
+
+		- login
+		- (www.)?math		(www → ^)
+		- (www.)?mrl		(www → ^)
+		- nursing
+		- frms.nursing
+		- orientation.nursing
+		- admin.portal
+		- shibboleth
+		- sis
+		- start
+		- (www.)?steinhardt	(www → ^)
+		- testhome.home.syr
+		- web.home.syr
+		- wikis
+
+
+	These domains don't work over http:
+
+		- jive.home.nyu.edu
+		- testhome.nyu.edu
+
+
+	Insecure cookies are set for these domains:
+
+		- .nyu.edu
+		- its.law.nyu.edu
+		- .library.nyu.edu
+		- getit.nyu.edu
+		- admin.portal.nyu.edu
+		- steinhardt.nyu.edu
+		- web.home.syr.nyu.edu
+		- www.nyu.edu
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- library and web1.library from library *
+			- wikis from www *
+
+	* Secured by us
+
 -->
-<ruleset name="New York University (partial)" platform="mixedcontent">
+<ruleset name="NYU.edu (partial)" platform="mixedcontent">
 
 	<target host="nyu.edu" />
-	<target host="*.nyu.edu" />
-	<target host="www.*.nyu.edu" />
+	<target host="www.nyu.edu" />
+	<target host="bookstores.nyu.edu" />
+	<target host="www.bookstores.nyu.edu" />
+	<target host="admissions.nyu.edu" />
+	<target host="cims.nyu.edu" />
+	<target host="cs.nyu.edu" />
+	<target host="g4li.nyu.edu" />
+	<target host="home.nyu.edu" />
+	<target host="math.nyu.edu" />
+	<target host="mrl.nyu.edu" />
+	<target host="steinhardt.nyu.edu" />
+	<target host="www.cims.nyu.edu" />
+	<target host="www.cs.nyu.edu" />
+	<target host="www.g4li.nyu.edu" />
+	<target host="www.home.nyu.edu" />
+	<target host="www.math.nyu.edu" />
+	<target host="www.mrl.nyu.edu" />
+	<target host="www.steinhardt.nyu.edu" />
 	<target host="vlg.cs.nyu.edu" />
+	<target host="engineering.nyu.edu" />
+	<target host="its.law.nyu.edu" />
+	<target host="library.nyu.edu" />
+	<target host="arch.library.nyu.edu" />
+	<target host="getit.library.nyu.edu" />
+	<target host="login.library.nyu.edu" />
+	<target host="login.nyu.edu" />
+	<target host="nursing.nyu.edu" />
+	<target host="frms.nursing.nyu.edu" />
+	<target host="orientation.nursing.nyu.edu" />
+	<target host="admin.portal.nyu.edu" />
+	<target host="shibboleth.nyu.edu" />
+	<target host="sis.nyu.edu" />
+	<target host="start.nyu.edu" />
+	<target host="testhome.home.syr.nyu.edu" />
+	<target host="web.home.syr.nyu.edu" />
+	<target host="wikis.nyu.edu" />
+		<!--
+			Redirects to http:
+						-->
+		<!--exclusion pattern="^http://engineering\.nyu\.edu/($|\?|crissp/$|events/\d{4}/\d\d/\d\d/[\w-]+$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://engineering\.nyu\.edu/+(?!crissp/(?:module|site|theme)s/|favicon\.ico|files/|sites/)" />
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^its\.law\.nyu\.edu$" name="^(CFID|CFTOKEN|JSESSIONID)$" /-->
+	<!--securecookie host="\.library\.nyu\.edu$" name="^(attempted_sso|xerxessession_)$" /-->
+	<!--securecookie host="^getit\.library\.nyu\.edu$" name="^_getit_session$" /-->
+	<!--securecookie host="^admin\.portal\.nyu\.edu$" name="^BIGipServerPeopleSoft-Portal[\d.]+-PT\d+-Prod-Pool$" /-->
+	<!--securecookie host="^steinhardt\.nyu\.edu$" name="^symfony$" /-->
+	<!--securecookie host="^web\.home\.syr\.nyu\.edu$" name="^BIGipServer~ES-PROD-MEDIUM~WWW-HTTP$" /-->
+	<!--securecookie host="^www\.nyu\.edu$" name="^BIGipServerWWW-HTTP$" /-->
 
 	<!--	Cross-domain cookies observed:
 
@@ -23,27 +163,21 @@
 
 		Not handled here in case they're used on unsecurable pages.
 				-->
-	<securecookie host="^\w+\.nyu\.edu$" name=".*" />
+	<securecookie host="^\w+[\w.]+\.nyu\.edu$" name=".+" />
 
 
-	<!--	- !www doesn't work over https
-		- Redirects to www over http
-		- Cert doesn't match //bookstores.
-					-->
-	<rule from="^https?://(?:www\.)?(bookstores\.)?nyu\.edu/"
-		to="https://www.$1nyu.edu/" />
 
-	<!--	- Cert: www.nyu.edu
-		- Redirects like so
+	<rule from="^http://(?:www\.)?bookstores\.nyu\.edu/"
+		to="https://www.bookstores.nyu.edu/" />
+
+	<!--	Redirects like so
 				-->
-	<rule from="^https?://admissions\.nyu\.edu/"
+	<rule from="^http://admissions\.nyu\.edu/"
 		to="https://www.nyu.edu/admissions/undergraduate-admissions.html" />
 
-	<!--	Cert doesn't match www.	-->
-	<rule from="^https?://(?:www\.)?(cims|cs|g4li|home|math|mrl|steinhardt)\.nyu\.edu/"
+	<rule from="^http://(?:www\.)?(cims|cs|g4li|home|math|mrl|steinhardt)\.nyu\.edu/"
 		to="https://$1.nyu.edu/" />
 
-	<rule from="^http://(vlg\.cs|login)\.nyu\.edu/"
-		to="https://$1.nyu.edu/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/New-nations.net.xml b/src/chrome/content/rules/New-nations.net.xml
new file mode 100644
index 000000000000..b5bf9c0da00e
--- /dev/null
+++ b/src/chrome/content/rules/New-nations.net.xml
@@ -0,0 +1,19 @@
+<!--
+	www: cert only matches ^new-nations.net
+
+
+	Mixed content:
+
+		- Bug from new-nations.ti
+
+-->
+<ruleset name="new-nations.net" default_off="self-signed">
+
+	<target host="new-nations.net" />
+	<target host="www.new-nations.net" />
+
+
+	<rule from="^http://(?:www\.)?new-nations\.net/"
+		to="https://new-nations.net/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NewIT.xml b/src/chrome/content/rules/NewIT.xml
index 3f1640f7e322..67aefa673adf 100644
--- a/src/chrome/content/rules/NewIT.xml
+++ b/src/chrome/content/rules/NewIT.xml
@@ -2,7 +2,7 @@
   <target host="newit.co.uk" />
   <target host="www.newit.co.uk" />
 
-  <securecookie host="^(.+\.)?newit\.co\.uk$" name=".*"/>
+  <securecookie host=".+" name=".+" />
 
-  <rule from="^http://(?:www\.)?newit\.co\.uk/" to="https://newit.co.uk/"/>
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/NewInt.org.xml b/src/chrome/content/rules/NewInt.org.xml
new file mode 100644
index 000000000000..582ce646de38
--- /dev/null
+++ b/src/chrome/content/rules/NewInt.org.xml
@@ -0,0 +1,51 @@
+<!--
+	Nonfunctional hosts in *newint.org:
+
+		- eewiki *
+
+	* Shows crm
+
+
+	These altnames don't exist:
+
+		- www.shop.newint.org
+
+
+	Insecure cookies are set for these domains:
+
+		- shop.newint.org
+		- .shop.newint.org
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- (www.)? from shop.newint.org *
+			- (www.)? from www.newint.org *
+
+		- Bug on (www.)? from pixel.quantserve.org *
+
+	* Secured by us
+
+-->
+<ruleset name="NewInt.org (partial)">
+
+	<target host="newint.org" />
+	<target host="crm.newint.org" />
+	<target host="shop.newint.org" />
+	<target host="www.newint.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.?shop\.newint\.org$" name="^frontend$" /-->
+
+	<securecookie host="^\." name="^(?:__cfduid|__qca|_gat?|cf_clearance)$" />
+	<securecookie host="^\.?shop\." name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NewIslamicDirections.com.xml b/src/chrome/content/rules/NewIslamicDirections.com.xml
new file mode 100644
index 000000000000..902d87c5ae5c
--- /dev/null
+++ b/src/chrome/content/rules/NewIslamicDirections.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="NewIslamicDirections.com">
+	<target host="newislamicdirections.com" />
+	<target host="www.newislamicdirections.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/NewScientist.com.xml b/src/chrome/content/rules/NewScientist.com.xml
index 1fbf8501656d..66db79b348e0 100644
--- a/src/chrome/content/rules/NewScientist.com.xml
+++ b/src/chrome/content/rules/NewScientist.com.xml
@@ -1,20 +1,64 @@
+<!--
+	Other NewScientist rulesets:
+
+		- NewScientist_Subscriptions.com.xml
+
+
+	Nonfunctional hosts in *newscientist.com:
+
+		- dating ¹
+		- mediacentre ²
+		- subscription ³
+
+	¹ Dropped
+	² Refused
+	³ 503
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .newscientist.com
+		- jobs.newscientist.com
+		- recruiters.newscientist.com
+		- subscribe.newscientist.com
+		- www.newscientist.com
+
+
+	Mixed content:
+
+		- Image on subscribe from www.newscientist.com ¹
+		- Ad on hobs from ad.doubleclick.net ²
+
+	¹ Secured by us
+	² Ruleset disabled by default <= breaks streaming
+
+-->
 <ruleset name="NewScientist.com (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="newscientist.com" />
-	<target host="*.newscientist.com" />
+	<target host="jobs.newscientist.com" />
+	<target host="jobsadmin.newscientist.com" />
+	<target host="recruiters.newscientist.com" />
+	<target host="subscribe.newscientist.com" />
+	<target host="www.newscientist.com" />
 
 
-	<!--	Tracking cookies:
+	<!--	Not secured by server:
 					-->
-	<securecookie host="^\.newscientist\.com$" name="^(?:__qca|s_\w+)$" />
-	<securecookie host="^subscribe\.newscientist\.com$" name=".*" />
+	<!--securecookie host="^\.newscientist\.com$" name="^(?:__qca|incap_ses_\d+_\d+|s_\w+|newscientist-ip-noauth-cookie|nlbi_\d+|visid_incap_\d+)$" /-->
+	<!--securecookie host="^jobs\.newscientist\.com$" name="^(?:AnonymousUserId|BrowserSession|FixedFacetDefaults)$" /-->
+	<!--securecookie host="^recruiters\.newscientist\.com$" name="^BrowserSession$" /-->
+	<!--securecookie host="^subscribe\.newscientist\.com$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^www\.newscientist\.com$" name="^___utm[abv]\w+$" /-->
 
+	<securecookie host="^\.newscientist\.com$" name="^(?:__qca|incap_ses_\d+_\d+|s_\w+|nlbi_\d+|visid_incap_\d+)$" />
+	<securecookie host="^(?:jobs|recruiters|subscribe|www)\.newscientist\.com$" name=".+" />
 
-	<rule from="^http://(?:www\.)?newscientist\.com/(css/|img/|script/|user(?:$|[?/]))"
-		to="https://www.newscientist.com/$1" />
 
-	<rule from="^http://subscribe\.newscientist\.com/"
-		to="https://subscribe.newscientist.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 
 </ruleset>
diff --git a/src/chrome/content/rules/NewScientist_Subscriptions.com.xml b/src/chrome/content/rules/NewScientist_Subscriptions.com.xml
new file mode 100644
index 000000000000..232ec1644539
--- /dev/null
+++ b/src/chrome/content/rules/NewScientist_Subscriptions.com.xml
@@ -0,0 +1,21 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://newscientistsubscriptions.com/ => https://newscientistsubscriptions.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.newscientistsubscriptions.com/ => https://www.newscientistsubscriptions.com/: (60, 'SSL certificate problem: certificate has expired')
+
+	For other NewScientist coverage, see NewScientist.com.xml.
+
+-->
+<ruleset name="NewScientist Subscriptions.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="newscientistsubscriptions.com" />
+	<target host="www.newscientistsubscriptions.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NewYorkTimes.com.xml b/src/chrome/content/rules/NewYorkTimes.com.xml
new file mode 100644
index 000000000000..00d8dc80b20e
--- /dev/null
+++ b/src/chrome/content/rules/NewYorkTimes.com.xml
@@ -0,0 +1,15 @@
+<!--
+	For other New York Times coverage, see NYTimes.xml.
+
+	Too many redirects:
+		^
+		www
+-->
+<ruleset name="NewYorkTimes.com">
+	<target host="newyorktimes.com" />
+	<target host="www.newyorktimes.com" />
+
+	<rule from="^http://(www\.)?newyorktimes\.com/"
+		to="https://www.nytimes.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NewYorkVocalCoaching.xml b/src/chrome/content/rules/NewYorkVocalCoaching.xml
new file mode 100644
index 000000000000..fe3ccbd80ab4
--- /dev/null
+++ b/src/chrome/content/rules/NewYorkVocalCoaching.xml
@@ -0,0 +1,28 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.theapp.voicelessonstotheworld.com/ => https://www.theapp.voicelessonstotheworld.com/: (6, 'Could not resolve host: www.theapp.voicelessonstotheworld.com')
+
+-->
+<ruleset name="NewYorkVocalCoaching" default_off="failed ruleset test">
+
+	<target host="newyorkvocalcoaching.com" />
+	<target host="theapp.voicelessonstotheworld.com" />
+	<target host="vocalarticles.com" />
+	<target host="voicelessonstotheworld.com" />
+	<target host="voiceteachertraining.com" />
+	<target host="www.newyorkvocalcoaching.com" />
+	<target host="www.theapp.voicelessonstotheworld.com" />
+	<target host="www.vocalarticles.com" />
+	<target host="www.voicelessonstotheworld.com" />
+	<target host="www.voiceteachertraining.com" />
+
+
+	<securecookie host="^(?:www\.|\.)?newyorkvocalcoaching\.com$" name=".+" />
+	<securecookie host="^(?:www\.|\.)?voiceteachertraining\.com$" name=".+" />
+	<securecookie host="^(?:www\.|\.)?voicelessonstotheworld\.com$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/New_America.org.xml b/src/chrome/content/rules/New_America.org.xml
new file mode 100644
index 000000000000..5e78640b3499
--- /dev/null
+++ b/src/chrome/content/rules/New_America.org.xml
@@ -0,0 +1,23 @@
+<!--
+	^newamerica.org: Refused
+
+-->
+<ruleset name="New America.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="static.newamerica.org" />
+	<target host="www.newamerica.org" />
+
+	<!--	Complications:
+				-->
+	<target host="newamerica.org" />
+
+
+	<rule from="^http://newamerica\.org/"
+		to="https://www.newamerica.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/New_Climate_for_Peace.org.xml b/src/chrome/content/rules/New_Climate_for_Peace.org.xml
new file mode 100644
index 000000000000..8610fb0819fb
--- /dev/null
+++ b/src/chrome/content/rules/New_Climate_for_Peace.org.xml
@@ -0,0 +1,17 @@
+<!--
+	For other ECC coverage, see ECC-Platform.org.xml.
+
+-->
+<ruleset name="New Climate for Peace.org">
+
+	<target host="newclimateforpeace.org" />
+	<target host="www.newclimateforpeace.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/New_England_Journal_of_Medicine-problematic.xml b/src/chrome/content/rules/New_England_Journal_of_Medicine-problematic.xml
index 13ba626f28b8..108a66f63fd8 100644
--- a/src/chrome/content/rules/New_England_Journal_of_Medicine-problematic.xml
+++ b/src/chrome/content/rules/New_England_Journal_of_Medicine-problematic.xml
@@ -7,7 +7,7 @@
 	<target host="cdn.nejm.org" />
 
 
-	<rule from="^https?://cdn\.nejm\.org/(?!5\.0/)"
+	<rule from="^http://cdn\.nejm\.org/(?!5\.0/)"
 		to="https://cdn.nejm.org/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/New_England_Journal_of_Medicine.xml b/src/chrome/content/rules/New_England_Journal_of_Medicine.xml
index 64a91ba33f22..b4ca4769d53a 100644
--- a/src/chrome/content/rules/New_England_Journal_of_Medicine.xml
+++ b/src/chrome/content/rules/New_England_Journal_of_Medicine.xml
@@ -18,19 +18,21 @@
 <ruleset name="New England Journal of Medicine (partial)">
 
 	<target host="nejm.org" />
-	<target host="*.nejm.org" />
+	<target host="www.nejm.org" />
+	<target host="cdf.nejm.org" />
+	<target host="cdn.nejm.org" />
 
 
 	<securecookie host="^cdf\.nejm\.org$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?nejm\.org/(action/s(?:howCDFLogin|so)|favicon\.ico|na101/|sda/)"
+	<rule from="^http://(?:www\.)?nejm\.org/(action/s(?:howCDFLogin|so)|favicon\.ico|na101/|sda/)"
 		to="https://www.nejm.org/$1" />
 
 	<rule from="^http://cdf\.nejm\.org/"
 		to="https://cdf.nejm.org/" />
 
-	<rule from="^https?://cdn\.nejm\.org/5\.0/"
+	<rule from="^http://cdn\.nejm\.org/5\.0/"
 		to="https://cdf.nejm.org/files/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/New_Flag.xml b/src/chrome/content/rules/New_Flag.xml
deleted file mode 100644
index b83f2e926232..000000000000
--- a/src/chrome/content/rules/New_Flag.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="New Flag">
-
-	<target host="mynewflag.com" />
-	<target host="*.mynewflag.com" />
-
-
-	<securecookie host="^\.mynewflag\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?mynewflag\.com/"
-		to="https://$1mynewflag.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/New_Hampshire_Civil_Liberties_Union.xml b/src/chrome/content/rules/New_Hampshire_Civil_Liberties_Union.xml
index dbdd00d9c7c2..e7e2fd0195e5 100644
--- a/src/chrome/content/rules/New_Hampshire_Civil_Liberties_Union.xml
+++ b/src/chrome/content/rules/New_Hampshire_Civil_Liberties_Union.xml
@@ -1,4 +1,6 @@
 <!--
+	New Hampshire Civil Liberties Union
+
 	For other ACLU coverage, see ACLU.xml.
 
 
@@ -7,7 +9,7 @@
 		- (www.)	(shows default IIS7 page)
 
 -->
-<ruleset name="New Hampshire Civil Liberties Union (partial)" default_off="self-signed">
+<ruleset name="NHCLU.org (partial)" default_off="self-signed">
 
 	<target host="remote.nhclu.org" />
 
@@ -15,7 +17,7 @@
 	<securecookie host="^remote\.nhclu\.org$" name=".+" />
 
 
-	<rule from="^http://remote\.nhclu\.org/"
-		to="https://remote.nhclu.org/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/New_Look.xml b/src/chrome/content/rules/New_Look.xml
index 7ea8fa00aaaa..23faa6cbc8b0 100644
--- a/src/chrome/content/rules/New_Look.xml
+++ b/src/chrome/content/rules/New_Look.xml
@@ -17,10 +17,7 @@
 	<target host="www.newlook.com" />
 
 
-	<rule from="^https?://(?:www\.)?newlook\.com/(css|images|MEDIA_\w+|secure)/"
+	<rule from="^http://(?:www\.)?newlook\.com/(css|images|MEDIA_\w+|secure)/"
 		to="https://www.newlook.com/$1/" />
 
-	<rule from="^https?://images\.newlook\.com/"
-		to="https://a248.e.akamai.net/f/248/9086/10h/origin-g3.scene7.com/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/New_Republic.com-problematic.xml b/src/chrome/content/rules/New_Republic.com-problematic.xml
index fa87275f1836..a45a4efc2f08 100644
--- a/src/chrome/content/rules/New_Republic.com-problematic.xml
+++ b/src/chrome/content/rules/New_Republic.com-problematic.xml
@@ -2,28 +2,16 @@
 	For rules that are on by default, see New_Republic.xml.
 
 -->
-<ruleset name="New Repubic.com (problematic)" default_off="mismatched">
+<ruleset name="New Republic.com (problematic)" default_off="mismatched">
 
-	<target host="newrepublic.com" />
-	<target host="*.newrepublic.com" />
-		<!--
-			Handled in New_Republic.xml:
-								-->
-		<exclusion pattern="^http://(?:(?:www\.)?newrepublic|blogs\.tnr)\.com/(?:favicon\.ico|sites/)" />
+	<target host="info.newrepublic.com" />
 	<target host="blogs.tnr.com" />
 
 
-	<securecookie host="^info\.newrepublic\.com$" name=".+" />
-	<securecookie host="^blogs\.tnr\.com$" name=".+" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?newrepublic\.com/"
-		to="https://www.newrepublic.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-	<rule from="^http://info\.newrepublic\.com/"
-		to="https://info.newrepublic.com/" />
-
-	<rule from="^http://blogs\.tnr\.com/"
-		to="https://blogs.tnr.com/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/New_Republic.xml b/src/chrome/content/rules/New_Republic.xml
index 50f2b8920a3d..26ee8cc04289 100644
--- a/src/chrome/content/rules/New_Republic.xml
+++ b/src/chrome/content/rules/New_Republic.xml
@@ -17,70 +17,37 @@
 			- info.newrepublic.com
 
 
-	Problematic domains:
+	Problematic hosts in *newrepublic.com:
 
-		- newrepublic.com subdomains:
+		- info *
 
-			- ^	(mismatched, CN: secure.newrepublic.com)
-			- info	(works, akamai)
-			- www *
-
-		- blogs.tnr.com *
-
-	* Works; mismatched, CN: *.gotpantheon.com
-
-
-	Fully covered domains:
-
-		- secure.newrepublic.com
-
-
-	Partially covered subdomains:
-
-		- (www.)newrepublic.com		(→ secure)
-		- blogs.tnr.com			(→ secure.newrepublic.com)
-
-
-	Observed cookie domains:
-
-		- info.newrepublic.com
+	* Hubspot/mismatched
 
 
 	Mixed content:
 
-		- iframe, on:
-
-			- www.newrepublic.com from info.newrepublic.com *
-			- blogs.tnr.com from info.newrepublic.com *
-
-		- Script on blogs.tnr.com from api.spokenlayer.com **
-
-		- css on www.newrepublic.com from www.newrepublic.com *
-
 		- Images, on:
 
-			- info.newrepublic.com from signup.tnr.com ***
-			- www.newrepublic.com from www.newrepublic.com ***
-			- www.newrepublic.com from blogs.tnr.com ***
-			- blogs.tnr.com from www.newrepublic.com ***
+			- info.newrepublic.com from signup.tnr.com *
+			- blogs.tnr.com from www.newrepublic.com *
 
 	* Secured by us
-	** Unsecurable
-	*** Secured by us, doesn't trip MCB anyway
 
 -->
-<ruleset name="New Repubic (partial)">
+<ruleset name="New Republic.com (partial)">
 
 	<target host="newrepublic.com" />
+	<target host="assets.newrepublic.com" />
+	<target host="images.newrepublic.com" />
 	<target host="secure.newrepublic.com" />
 	<target host="www.newrepublic.com" />
-		<!--
-			Pages redirect back:
-						-->
-		<exclusion pattern="^http://(?:(?:www\.)?newrepublic|blogs\.tnr)\.com/(?!favicon\.ico|sites/)" />
 
 
-	<rule from="^http://(?:(?:secure\.|www\.)?newrepublic|blogs\.tnr)\.com/"
-		to="https://secure.newrepublic.com/" />
+	<securecookie host="^\." name="^(?:__cfduid|__qca|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/New_Statesman.com-problematic.xml b/src/chrome/content/rules/New_Statesman.com-problematic.xml
new file mode 100644
index 000000000000..0b0079d87614
--- /dev/null
+++ b/src/chrome/content/rules/New_Statesman.com-problematic.xml
@@ -0,0 +1,26 @@
+<!--
+	For rules that are on by default, see New_Statesman.com.xml.
+
+-->
+<ruleset name="New Statesman.com (problematic)" default_off="mismatched">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.newstatesman.com" />
+
+	<!--	Complications:
+				-->
+	<target host="newstatesman.com" />
+
+
+	<securecookie host="^\.newstatesman\.com$" name="^__utm\w+$" />
+	<securecookie host="^www\.newstatesman\.com$" name=".+" />
+
+
+	<rule from="^http://newstatesman\.com/"
+		to="https://www.newstatesman.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/New_Statesman.com.xml b/src/chrome/content/rules/New_Statesman.com.xml
new file mode 100644
index 000000000000..44d21d17ac02
--- /dev/null
+++ b/src/chrome/content/rules/New_Statesman.com.xml
@@ -0,0 +1,57 @@
+<!--
+	For problematic rules, see New_Statesman.com-problematic.xml.
+
+
+	^newstatesman.com: Refused
+	www.newstatesman.com: Mismatched
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .newstatesman.com
+		- subscribe.newstatesman.com
+		- www.newstatesman.com
+
+
+	Mixed content:
+
+		- css, on:
+
+			- www from maxcdn.bootstrapcdn.com *
+			- www from fonts.googleapis.com *
+			- www from $self *
+
+		- Images on www from self *
+
+	* Secured by us
+
+-->
+<ruleset name="New Statesman.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="subscribe.newstatesman.com" />
+	<!--target host="www.newstatesman.com" /-->
+
+	<!--	Complications:
+				-->
+	<!--target host="newstatesman.com" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^subscribe\.newstatesman\.com$" name="^SESS[\da-f]{32}$" /-->
+	<!--securecookie host="^www\.newstatesman\.com$" name="^(cookiesDisclosureCount|has_js)$" /-->
+
+	<securecookie host="^\.newstatesman\.com$" name="^__utm\w+$" />
+	<!--securecookie host="^(?:subscribe|www)\.newstatesman\.com$" name=".+" /-->
+	<securecookie host="^subscribe\.newstatesman\.com$" name=".+" />
+
+
+	<!--rule from="^http://newstatesman\.com/"
+		to="https://www.newstatesman.com/" /-->
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/New_York_Needs_You.com.xml b/src/chrome/content/rules/New_York_Needs_You.com.xml
new file mode 100644
index 000000000000..1e85744ce198
--- /dev/null
+++ b/src/chrome/content/rules/New_York_Needs_You.com.xml
@@ -0,0 +1,25 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://newyorkneedsyou.org/ => https://newyorkneedsyou.org/: (7, 'Failed to connect to newyorkneedsyou.org port 443: Connection refused')
+Fetch error: http://www.newyorkneedsyou.org/ => https://www.newyorkneedsyou.org/: (7, 'Failed to connect to www.newyorkneedsyou.org port 443: Connection refused')
+
+	Mixed content:
+
+		- Images from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="New York Needs You.com" default_off="failed ruleset test">
+
+	<target host="newyorkneedsyou.org" />
+	<target host="www.newyorkneedsyou.org" />
+
+
+	<securecookie host="^www\.newyorkneedsyou\.org$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/New_Zealand_Herald.xml b/src/chrome/content/rules/New_Zealand_Herald.xml
index d84782071acd..3e131a485f4c 100644
--- a/src/chrome/content/rules/New_Zealand_Herald.xml
+++ b/src/chrome/content/rules/New_Zealand_Herald.xml
@@ -1,8 +1,7 @@
 <!--
-	For problematic rules, see NZ_Herald.co.nz-problematic.xml.
-
-	For other APN News & Media coverage, see APN_News_and_Media.xml.
+	New Zealand Herald
 
+	For problematic rules, see NZ_Herald.co.nz-problematic.xml.
 
 	Nonfunctional subdomains:
 
@@ -16,9 +15,13 @@
 		- www		(works; mismatched, CN: *.listener.co.nz)
 
 -->
-<ruleset name="New Zealand Herald (partial)">
+<ruleset name="NZ Herald.co.nz (partial)">
 
-	<target host="*.nzherald.co.nz" />
+	<!--	Direct rewrites:
+				-->
+	<target host="newspix.nzherald.co.nz" />
+	<target host="subscriptions.nzherald.co.nz" />
+	<target host="zen.nzherald.co.nz" />
 
 
 	<!--	Tracking cookies:
@@ -27,7 +30,7 @@
 	<securecookie host="^.+\.nzherald\.co\.nz$" name=".+" />
 
 
-	<rule from="^http://(newspix|subscriptions)\.nzherald\.co\.nz/"
-		to="https://$1.nzherald.co.nz/" />
+	<rule from="^http:"
+		to="https:"/>
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Newcastle.gov.uk.xml b/src/chrome/content/rules/Newcastle.gov.uk.xml
new file mode 100644
index 000000000000..0e755032017e
--- /dev/null
+++ b/src/chrome/content/rules/Newcastle.gov.uk.xml
@@ -0,0 +1,27 @@
+<!--
+	For other UK government coverage, see GOV.UK.xml.
+
+	Non-functional hosts
+		Timeout was reached:
+		- democracy.newcastle.gov.uk
+		- envirocall.newcastle.gov.uk
+		- www2.newcastle.gov.uk
+
+		Status code mismatch:
+		- buslanepayments.newcastle.gov.uk
+-->
+<ruleset name="Newcastle.gov.uk (partial)">
+	<target host="community2.newcastle.gov.uk" />
+	<target host="envirocallservice.newcastle.gov.uk" />
+	<target host="jobs.newcastle.gov.uk" />
+	<target host="library.newcastle.gov.uk" />
+	<target host="myaccount.newcastle.gov.uk" />
+	<target host="newcastlecollection.newcastle.gov.uk" />
+	<target host="parking.newcastle.gov.uk" />
+		<test url="http://parking.newcastle.gov.uk/pcn/" />
+	<target host="publicaccessapplications.newcastle.gov.uk" />
+	<target host="securenscb.newcastle.gov.uk" />
+	<target host="www.newcastle.gov.uk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Newegg.com.xml b/src/chrome/content/rules/Newegg.com.xml
new file mode 100644
index 000000000000..88a64cf08ef7
--- /dev/null
+++ b/src/chrome/content/rules/Newegg.com.xml
@@ -0,0 +1,150 @@
+<!--
+	Non-functional hosts in *newegg.com
+		Couldn't connect to server:
+			 - biz.newegg.com
+			 - e3wwwdemo.newegg.com
+			 - e3ssltestmobile.newegg.com
+			 - e3wwwtestmobile2.newegg.com
+			 - ftp03.newegg.com
+			 - gamecrate1.newegg.com
+			 - ms.newegg.com
+			 - nm2.newegg.com
+
+		Timeout was reached:
+			 - cm.newegg.com
+			 - e3servicetest.newegg.com
+			 - e3sslperf.newegg.com
+			 - e3ssltestmobile2.newegg.com
+			 - e3ssltestmobile3.newegg.com
+			 - e3wwwtestmobile3.newegg.com
+			 - e4ssltest.newegg.com
+			 - mta.email.newegg.com
+			 - mta2.email.newegg.com
+			 - mta3.email.newegg.com
+			 - mta4.email.newegg.com
+			 - view.email.newegg.com
+			 - ftp01.newegg.com
+			 - ftp02.newegg.com
+			 - mta.email.global.newegg.com
+			 - usvcsex.newegg.com
+			 - vpn.newegg.com
+			 - wanfest.newegg.com
+			 - ws.newegg.com
+			 - www1.newegg.com
+
+		SSL connect error:
+			 - imgion1.newegg.com
+			 - sip.newegg.com
+
+		SSL peer certificate was not OK:
+			 - download.newegg.com
+			 - click.email.newegg.com
+			 - image.email.newegg.com
+			 - pages.email.newegg.com
+			 - events.newegg.com
+			 - gamebase.newegg.com
+			 - gamecrate.newegg.com
+			 - click.email.global.newegg.com
+			 - imginstart1.newegg.com
+			 - imginstart3.newegg.com
+			 - imgion3.newegg.com
+			 - insten-finder.newegg.com
+			 - lenovo.newegg.com
+			 - mail.newegg.com
+			 - merchant.newegg.com
+			 - ss.newegg.com
+			 - state.newegg.com
+			 - video.newegg.com
+			 - wireless.newegg.com
+			 - www3.newegg.com
+
+		Peer certificate cannot be authenticated with given CA certificates:
+			 - e3flashtest.newegg.com
+			 - e3ssltest.newegg.com
+			 - e3wwwtest.newegg.com
+			 - e4wwwtest.newegg.com
+			 - e4wwwtestmobile.newegg.com
+			 - edi02.newegg.com
+
+		Incomplete certificate chain error::
+			 - kbtest.newegg.com
+
+		Status code mismatch:
+			 - edi04.newegg.com
+			 - educations.newegg.com
+			 - nm.newegg.com
+
+		4xx client error:
+			 - amber.newegg.com
+			 - apis.newegg.com
+			 - e4ssltestmobile.newegg.com
+			 - images1.newegg.com
+			 - images10.newegg.com
+			 - images10m.newegg.com
+			 - images17.newegg.com
+			 - images7.newegg.com
+			 - imagesinstest.newegg.com
+			 - imagesinstest2.newegg.com
+			 - imagesinstest3.newegg.com
+			 - www.ows.newegg.com
+			 - secure.ows.newegg.com
+			 - pf.newegg.com
+			 - pf2.newegg.com
+			 - promotions-game1.newegg.com
+			 - ssl-images.newegg.com
+			 - ssl-images17.newegg.com
+
+		5xx server error:
+			 - images18.newegg.com
+
+		Mixed content blocking (MCB) triggered:
+			 - unlocked.newegg.com
+-->
+<ruleset name="Newegg.com (partial)">
+	<!-- *newegg.com -->
+	<target host="newegg.com" />
+	<target host="www.newegg.com" />
+	<target host="api.newegg.com" />
+	<target host="api01.newegg.com" />
+	<target host="api02.newegg.com" />
+	<target host="blog.newegg.com" />
+	<target host="community.newegg.com" />
+	<target host="content.newegg.com" />
+	<target host="crowds.newegg.com" />
+	<target host="e3wwwtestmobile.newegg.com" />
+	<target host="eapi.newegg.com" />
+	<target host="ffasellerportal.newegg.com" />
+	<target host="flash.newegg.com" />
+	<target host="fp.newegg.com" />
+	<target host="help.newegg.com" />
+	<target host="images10.newegg.com" />
+		<test url="http://images10.newegg.com/WebResource/Scripts/USA/NeweggJS/NEG/ThirdParty/JQuery.12376.js" />
+	<target host="kb.newegg.com" />
+	<target host="lmstesting.newegg.com" />
+	<target host="lmwtesting.newegg.com" />
+	<target host="lyncdiscover.newegg.com" />
+	<target host="m.newegg.com" />
+	<target host="secure.m.newegg.com" />
+	<target host="mkpl.newegg.com" />
+	<target host="partner.newegg.com" />
+	<target host="promotions.newegg.com" />
+	<target host="promotions1.newegg.com" />
+	<target host="push.newegg.com" />
+	<target host="secure.newegg.com" />
+	<target host="sellerportal.newegg.com" />
+	<target host="sellerportal2.newegg.com" />
+	<target host="ssl-promotions.newegg.com" />
+	<target host="states.newegg.com" />
+	<target host="vendorportal.newegg.com" />
+	<target host="www2.newegg.com" />
+
+	<!-- *neweggimages.com -->
+	<target host="c1.neweggimages.com" />
+		<test url="http://c1.neweggimages.com/BizIntell/tool/psucalc/index.html" />
+
+	<securecookie host="^newegg\.com$" name=".+" />
+	<securecookie host="^www\.newegg\.com$" name=".+" />
+	<securecookie host="^secure\.newegg\.com$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Newegg.xml b/src/chrome/content/rules/Newegg.xml
deleted file mode 100644
index 1bd4e6a9bdd9..000000000000
--- a/src/chrome/content/rules/Newegg.xml
+++ /dev/null
@@ -1,69 +0,0 @@
-<!--
-	CDN buckets:
-
-		- ssl-images.newegg.com.edgekey.net
-
-		- images10.newegg.com.edgesuite.net	(maps directly)
-
-			- a200.g.akamai.net
-
-		- images17.newegg.com.edgesuite.net
-
-			- a1268.g.akamai.net
-
-		- promotion.newegg.com.edgesuite.net
-
-			- a363.g.akamai.net
-
-
-	Partially covered domains:
-
-		- images10.newegg.com *
-		- c1.neweggimages.com *
-
-	* → ssl-images.newegg.com
-
-
-	Fully covered newegg.com subdomains:
-
-		- content
-		- images17 *
-		- nm
-		- promotions *
-		- secure
-		- ssl-images
-
-	* → akamai
-
--->
-<ruleset name="Newegg (partial)">
-
-	<target host="*.newegg.com" />
-		<!--
-			ssl-images.newegg.com/WebResource/Themes/2005/Nest/blank.html 503s
-							-->
-		<exclusion pattern="^http://(?:images10\.newegg|c1\.neweggimages)\.com/WebResource/Themes/2005/Nest/\w+.html(?:$|\?)" />
-	<target host="c1.neweggimages.com" />
-
-
-	<securecookie host="^content\.newegg\.com$" name=".+" />
-
-
-	<rule from="^http://(content|nm|secure)\.newegg\.com/"
-		to="https://$1.newegg.com/" />
-
-	<!--	Akamai
-					-->
-	<rule from="^http://(?:(?:images10|ssl-images)\.newegg|c1\.neweggimages)\.com/"
-		to="https://ssl-images.newegg.com/" />
-
-	<!--	- Akamai
-		- Not on ssl-images
-					-->
-	<rule from="^http://images17\.newegg\.com/"
-		to="https://a248.e.akamai.net/f/1268/6718/1/images17.newegg.com/" />
-
-	<rule from="^http://promotions\.newegg\.com/"
-		to="https://a248.e.akamai.net/f/363/9331/6/promotions.newegg.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Newgrounds.com.xml b/src/chrome/content/rules/Newgrounds.com.xml
new file mode 100644
index 000000000000..f837382972b6
--- /dev/null
+++ b/src/chrome/content/rules/Newgrounds.com.xml
@@ -0,0 +1,17 @@
+<!--
+	Newgrounds.com has a wildcard DNS record.
+-->
+
+<ruleset name="Newgrounds.com">
+	<target host="newgrounds.com" />
+	<target host="*.newgrounds.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+	<test url="http://www.newgrounds.com/" />
+	<test url="http://tomfulp.newgrounds.com/" />
+	<test url="http://johnnyutah.newgrounds.com/" />
+	<test url="http://psychogoldfish.newgrounds.com/" />
+</ruleset>
diff --git a/src/chrome/content/rules/Newgrounds.xml b/src/chrome/content/rules/Newgrounds.xml
deleted file mode 100644
index 6620ff97bad0..000000000000
--- a/src/chrome/content/rules/Newgrounds.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="Newgrounds (partial, broken)" default_off="reported broken">
-
-	<target host="newgrounds.com"/>
-	<target host="www.newgrounds.com"/>
-
-	<rule from="^http://(www\.)?newgrounds\.com/"
-		to="https://www.newgrounds.com/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Newjobs.com.xml b/src/chrome/content/rules/Newjobs.com.xml
index 8b5e142ae7ba..7efffa33a762 100644
--- a/src/chrome/content/rules/Newjobs.com.xml
+++ b/src/chrome/content/rules/Newjobs.com.xml
@@ -16,19 +16,7 @@
 
 		- media *
 
-	* Works, akamai
-
-
-	Fully covered subdomains:
-
-		- css-hx
-		- img-hx
-		- js-hx
-		- css-seeker
-		- img-seeker
-		- js-seeker
-		- media		(→ akamai)
-		- securemedia
+	* 400, llnwd.net
 
 
 	track is used on 3rd-party websites.
@@ -36,16 +24,26 @@
 -->
 <ruleset name="newjobs.com">
 
-	<target host="*.newjobs.com" />
+	<!--	Direct rewrites:
+				-->
+	<target host="css-hx.newjobs.com" />
+	<target host="css-seeker.newjobs.com" />
+	<target host="img-hx.newjobs.com" />
+	<target host="img-seeker.newjobs.com" />
+	<target host="js-hx.newjobs.com" />
+	<target host="js-seeker.newjobs.com" />
+	<target host="securemedia.newjobs.com" />
+	<target host="track.newjobs.com" />
 
+	<!--	Complications:
+				-->
+	<target host="media.newjobs.com" />
 
-	<rule from="^http://media\.newjobs\.com/"
-		to="https://a248.e.akamai.net/f/1015/8220/1m/media.newjobs.com/" />
 
-	<rule from="^http://((css|img|js)-(?:hx|seeker)|track)\.newjobs\.com/"
-		to="https://$1.newjobs.com/" />
-
-	<rule from="^http://securemedia\.newjobs\.com/"
+	<rule from="^http://media\.newjobs\.com/"
 		to="https://securemedia.newjobs.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Newport_Motorsports.xml b/src/chrome/content/rules/Newport_Motorsports.xml
index 37628fec67f3..55dd0354ab9b 100644
--- a/src/chrome/content/rules/Newport_Motorsports.xml
+++ b/src/chrome/content/rules/Newport_Motorsports.xml
@@ -1,13 +1,21 @@
-<ruleset name="Newport Motorsports">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://newportmotorsports.com/ => https://newportmotorsports.com/: (7, 'Failed to connect to newportmotorsports.com port 443: Connection refused')
+Fetch error: http://www.newportmotorsports.com/ => https://www.newportmotorsports.com/: (7, 'Failed to connect to www.newportmotorsports.com port 443: Connection refused')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://newportmotorsports.com/ => https://newportmotorsports.com/: (51, "SSL: no alternative certificate subject name matches target host name 'newportmotorsports.com'")
+-->
+<ruleset name="Newport Motorsports" default_off="failed ruleset test">
 
 	<target host="newportmotorsports.com" />
-	<target host="*.newportmotorsports.com" />
+	<target host="www.newportmotorsports.com" />
 
 
-	<securecookie host="^(?:.*\.)?newportmotorsports\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(www\.)?newportmotorsports\.com/"
-		to="https://$1newportmotorsports.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/News-Corporation-mismatches.xml b/src/chrome/content/rules/News-Corporation-mismatches.xml
index 006920996ffa..e312feb41152 100644
--- a/src/chrome/content/rules/News-Corporation-mismatches.xml
+++ b/src/chrome/content/rules/News-Corporation-mismatches.xml
@@ -8,61 +8,26 @@
 			(www.)edgesuite.net/404.fox(business|news).com/
 
 -->
-<ruleset name="News Corporation (mismatches)" default_off="mismatch">
+
+<ruleset name="News Corporation (mismatches)" default_off="mismatched">
 
 	<!--	Akamai	-->
-	<target host="404.foxnews.com.edgesuite.net" />
 	<target host="dowjones.com" />
 	<target host="www.dowjones.com" />
-	<target host="ureport.foxnews.com" />
-		<!--
-			Handled in Fox_News.xml.
-							-->
-		<exclusion pattern="^http://ureport\.foxnews\.com/services/" />
+	<target host="404.foxnews.com.edgesuite.net" />
 	<target host="myfoxdetroit.com" />
 	<target host="www.myfoxdetroit.com" />
-	<target host="charts.smartmoney.com" />
-		<!--
-			Handled in News-Corporation.xml.
-							-->
-		<exclusion pattern="^http://charts\.smartmoney\.com/gifbuilder/" />
-	<!--	www.dowjones.com	-->
-	<target host="wsjpro.com" />
-	<target host="*.wsjpro.com" />
-
-
-	<securecookie host="^ureport\.foxnews\.com$" name=".+" />
-	<securecookie host="^(.*\.)?wsjpro\.com$" name=".*" />
-
-
-	<rule from="^http://404\.foxnews\.com\.edgesuite\.net/"
-		to="https://404.foxnews.com.edgesuite.net/" />
-
-	<!--	https slows things down a bit.
-		wsjpro.com isnt hosted on Akamai,
-		and since files appear to be on
-		wsjpro.com too, point there instead.
-						-->
-	<rule from="^https?://(?:www\.)?dowjones\.com/(carousel_files|(?:chart/)?css|factiva|images)/"
-		to="https://wsjpro.com/$1/" />
 
 	<!--	- !www cert: www.dowjones.com
 		- www cert: Akamai
 		- !www redirects to www.
 						-->
-	<rule from="^https?://(?:www\.)?dowjones\.com/"
+	<rule from="^http://dowjones\.com/"
 		to="https://www.dowjones.com/" />
 
-	<rule from="^http://ureport\.foxnews\.com/"
-		to="https://ureport.foxnews.com/" />
-
-	<rule from="^https?://(?:www\.)?myfoxdetroit\.com/"
+	<rule from="^http://myfoxdetroit\.com/"
 		to="https://www.myfoxdetroit.com/" />
 
-	<rule from="^http://charts\.smartmoney\.com/"
-		to="https://charts.smartmoney.com/" />
-
-	<rule from="^https?://(?:www\.)?wsjpro\.com/"
-		to="https://wsjpro.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/News-Corporation.xml b/src/chrome/content/rules/News-Corporation.xml
deleted file mode 100644
index 0870f821ed94..000000000000
--- a/src/chrome/content/rules/News-Corporation.xml
+++ /dev/null
@@ -1,164 +0,0 @@
-<!--
-	For problematic rules, see News-Corporation-mismatches.xml.
-
-
-	Other News Corporation rulesets:
-
-		- Fox_News.xml
-		- IGN.xml
-		- Marketwatch.com.xml
-
-
-	CDN buckets:
-
-		- a248.e.akamai.net/f/248/67675/6h/si.wsj.net/
-		- a248.e.akamai.net/f/1731/67675/12h/(m|s[1-4ci]?).wsj.net/
-		- s3.amazonaws.com/static.fins.com/
-		- efinancialnews.com.edgesuite.net/...
-			- a1859.g.akamai.net/...
-		- s.smartmoney.net.edgesuite.net/...
-			- a1092.g.akamai.net/...
-		- sj.smartmoney.net.edgesuite.net/...
-			- a1683.g.akamai.net/...
-		- fonts.wsj.com.edgesuite.net/...
-			- a1213.g.akamai.net/...
-		- sc.wsj.net.edgesuite.net/...
-			- a1574.g.akamai.net/...
-
-
-	Nonfunctional domains:
-
-		- blogs.barrons.com	(503, akamai)
-		- www.news.com.au	(Akamai; "Service Unavailable")
-		- live.wsj.com		(Cert: online.wsj.com; 301s there)
-		- online.wsj.com	(Cert: self-signed; 301s to http)
-		- uk.wsj.com		(Cert: online.wsj.com; 301s there)
-		- cs.wsj.net		(data also hosted on sc.wsj.net)
-		- synccontent.wsj.com
-
--->
-<ruleset name="News Corporation (partial)">
-
-	<target host="online.barrons.com" />
-	<target host="om.dowjoneson.com" />
-	<target host="djrc.portal.dowjones.com" />
-	<target host="efinancialnews.com" />
-	<target host="*.efinancialnews.com" />
-	<target host="factiva.com" />
-	<target host="*.factiva.com" />
-	<target host="fins.com" />
-	<target host="*.fins.com" />
-	<target host="secure.nypost.com" />
-	<target host="*.wsj.com" />
-	<target host="*.wsj.net" />
-		<!--
-			Doesn't translate directly to s2.wsj.net
-								-->
-		<exclusion pattern="^http://barrons\.wsj\.net/css/barronsDependencies/" />
-		<!--
-			2013 images 404:
-					-->
-		<exclusion pattern="^https?://si?\.wsj\.net/public/resources/images/\w\w-\w{5}_\w{3,6}_\w_2013" />
-	<target host="services.wsje.com" />
-	<target host="smartmoney.com" />
-	<target host="*.smartmoney.com" />
-	<target host="*.smartmoney.net" />
-	<target host="wsjeuropesubs.com" />
-	<target host="*.wsjeuropesubs.com" />
-	<target host="wsjsafehouse.com" />
-	<target host="*.wsjsafehouse.com" />
-
-
-	<securecookie host="^.*\.factiva\.com$" name=".*" />
-	<securecookie host="^secure\.nypost\.com$" name=".*" />
-	<securecookie host="^secure\.smartmoney\.com$" name=".*" />
-	<securecookie host="^(classifieds|customerceter)\.wsj\.com$" name=".*" />
-	<securecookie host="^services\.wsje?\.com$" name=".*" />
-	<securecookie host="^(.*\.)?wsj(eurosubs|safehouse)\.com$" name=".*" />
-
-
-	<rule from="^https?://online.barrons.com/img/"
-		to="https://a248.e.akamai.net/f/1731/67675/12h/s.wsj.net/img/" />
-
-	<rule from="^https?://om\.dowjoneson\.com/"
-		to="https://djglobal.122.2o7.net/" />
-
-	<rule from="^http://djrc\.portal\.dowjones\.com/"
-		to="https://djrc.portal.dowjones.com/" />
-
-	<rule from="^http://(www\.)?efinancialnews\.com/(about-us/tour/|css/|img/|js/|login/|forgot-password|register)"
-		to="https://$1efinancialnews.com/$2" />
-
-	<rule from="^https?://media\.efinancialnews\.com/"
-		to="https://a248.e.akamai.net/f/1731/67675/12h/media.efinancialnews.com/" />
-
-	<!--	Cert doesn't match !www.	-->
-	<rule from="^https?://factiva\.com/"
-		to="https://www.factiva.com/" />
-
-	<rule from="^http://(customer|global|www)\.factiva\.com/"
-		to="https://$1.factiva.com/" />
-
-	<rule from="^http://(?:www\.)?fins\.com/Finance/(cs|Image)s/"
-		to="https://www.fins.com/Finance/$1s/" />
-
-	<rule from="^https?://s\.fins\.com/"
-		to="https://a248.e.akamai.net/f/1731/67675/12h/s.fins.com/" />
-
-	<rule from="^http://secure\.nypost\.com/"
-		to="https://secure.nypost.com/"/>
-
-	<!--	At least some paths aren't available on (s|sc).smartmoney.net.
-										-->
-	<rule from="^https?://(?:www\.)?smartmoney\.com/img/"
-		to="https://a248.e.akamai.net/f/1731/67675/12h/s.smartmoney.net/img/" />
-
-	<rule from="^https?://charts\.smartmoney\.com/gifbuilder/"
-		to="https://a248.e.akamai.net/f/1731/67675/12h/charts.smartmoney.com/gifbuilder/" />
-
-	<rule from="^https?://fonts\.(smartmoney|wsj)\.com/"
-		to="https://a248.e.akamai.net/f/1731/67675/12h/fonts.smartmoney.com/" />
-
-	<rule from="^https?://j(?:tools|secure)?\.smartmoney\.com/"
-		to="https://jsecure.smartmoney.com/" />
-
-	<rule from="^https?://(charts|m1|s)\.smartmoney\.net/"
-		to="https://a248.e.akamai.net/f/1731/67675/12h/$1.smartmoney.net/" />
-
-	<rule from="^https?://sc\.smartmoney\.net/css/cssDependencies/hat-icons\.css"
-		to="https://a248.e.akamai.net/f/1731/67675/12h/sc.smartmoney.net/css/cssDependencies/hat-icons.css" />
-
-	<rule from="^http://\w+\.wsj\.com/(dscript/|favicon\.ico|img/|j20type\.css|static_html_files/)"
-		to="https://a248.e.akamai.net/f/1731/67675/12h/s.wsj.net/$1" />
-
-	<rule from="^http://(classifieds|customercenter)\.wsj\.com/"
-		to="https://buy.wsj.com/" />
-
-	<rule from="^http://id\.wsj\.com/"
-		to="https://id.wsj.com/" />
-
-	<rule from="^https?://live\.wsj\.com/djscript/"
-		to="https://a248.e.akamai.net/f/1731/67675/12h/live.wsj.com/djscript/" />
-
-	<rule from="^http://services\.wsj(e)?\.com/"
-		to="https://services.wsj$1.com/" />
-
-	<rule from="^https?://barrons\.wsj\.net/"
-		to="https://a248.e.akamai.net/f/1731/67675/12h/s.wsj.net/" />
-
-	<rule from="^https?://(bc|cc|m|s[1-4cgij]?)\.wsj\.net/"
-		to="https://a248.e.akamai.net/f/1731/67675/12h/$1.wsj.net/" />
-
-	<!--	Akamai
-		Some of this is also on secure.marketwatch.com.
-								-->
-	<rule from="^https?://mw(\d)\.wsj\.net/([mM][wW])5/"
-		to="https://a248.e.akamai.net/f/1731/67675/12h/mw$1.wsj.net/$25/" />
-
-	<rule from="^http://(www\.)?wsjeuropesubs\.com/"
-		to="https://$1wsjeuropesubs.com/" />
-
-	<rule from="^http://(?:www\.)?wsjsafehouse\.com/"
-		to="https://www.wsjsafehouse.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/News-Gazette.xml b/src/chrome/content/rules/News-Gazette.xml
index a75975ab8fda..ee32e8defbb1 100644
--- a/src/chrome/content/rules/News-Gazette.xml
+++ b/src/chrome/content/rules/News-Gazette.xml
@@ -1,10 +1,20 @@
+
+<!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Fetch error: http://assets.news-gazette.com/ => https://assets.news-gazette.com/: (51, "SSL: no alternative certificate subject name matches target host name 'assets.news-gazette.com'")
+Fetch error: http://static.news-gazette.com/ => https://static.news-gazette.com/: (51, "SSL: no alternative certificate subject name matches target host name 'static.news-gazette.com'")
+
+-->
+
 <!--
+The following targets have been disabled at 2020-04-17 18:38:06:
+
+Fetch error: http://digital.news-gazette.com/ => http://digital.news-gazette.com/: (28, 'Connection timed out after 20000 milliseconds')
+
 	Other News-Gazette rulesets:
 
-		- County_Star.xml
 		- Independent_News.xml
-		- Leader.xml
-		- Leroy_Farmer_City_Press.xml
 		- Mahomet_Citizen.xml
 		- Paxton_Record.xml
 		- Piatt_County_Journal-Republican.xml
@@ -28,13 +38,11 @@
 <ruleset name="The News-Gazette (partial)">
 
 	<target host="news-gazette.com" />
-	<target host="*.news-gazette.com" />
-
-
-	<rule from="^https?://(?:assets\.|static\.|www\.)?news-gazette.com/(misc/|sites/|user(?:$|\?|/))"
-		to="https://www.news-gazette.com/$1" />
+	<!-- target host="assets.news-gazette.com" /-->
+	<!-- target host="static.news-gazette.com" /-->
+	<target host="www.news-gazette.com" />
+	<!-- target host="digital.news-gazette.com" /-->
 
-	<rule from="^http://digital\.news-gazette\.com/(misc|sites)/"
-		to="https://digital.news-gazette.com/$1/" />
+  <rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/News-Limited.xml b/src/chrome/content/rules/News-Limited.xml
new file mode 100644
index 000000000000..c9fb31bc8230
--- /dev/null
+++ b/src/chrome/content/rules/News-Limited.xml
@@ -0,0 +1,36 @@
+<!--
+	CDN buckets:
+		- media.news.com.au.edgesuite.net
+		- resources.news.com.au.edgesuite.net
+			- resources[0-3]?.news.com.au
+		- subscription.news.com.au.edgesuite.net/...
+		- www.news.com.au.edgesuite.net
+
+	Nonfunctional domains:
+		- resources[0-3]?.news.com.au ¹
+		- search.news.com.au ²
+		- subscription.news.com.au	(500, akamai)
+		- www.news.com.au ¹
+	¹ 503, akamai
+	² Dropped
+
+	These altnames don't exist:
+		- www.media.foxsports.news.com.au
+		- www.media.foxsports.news.com.au
+-->
+
+<ruleset name="News Limited (partial)">
+	<target host="news.com.au" />
+	<target host="www.news.com.au" />
+	<target host="myaccount.news.com.au" />
+	<target host="preferences.news.com.au" />
+	<target host="sops.news.com.au" />
+	<target host="sslcam.news.com.au" />
+	<target host="tags.news.com.au" />
+	<target host="traktr.news.com.au" />
+	<target host="connect.news.com.au" />
+
+	<securecookie host="^myaccount\.news\.com\.au$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/News-Registry.xml b/src/chrome/content/rules/News-Registry.xml
index 145d1c81710a..d69a196ac90f 100644
--- a/src/chrome/content/rules/News-Registry.xml
+++ b/src/chrome/content/rules/News-Registry.xml
@@ -1,4 +1,12 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://newsregistry.com/ => https://newsregistry.com/: (60, 'SSL certificate problem: self signed certificate')
+Fetch error: http://www.newsregistry.com/ => https://www.newsregistry.com/: (60, 'SSL certificate problem: self signed certificate')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://newsregistry.com/ => https://newsregistry.com/: (6, 'Could not resolve host: newsregistry.com')
+Fetch error: http://www.newsregistry.com/ => https://www.newsregistry.com/: (6, 'Could not resolve host: www.newsregistry.com')
 	CDN buckets:
 
 		- d1aivi5dp2wry5.cloudfront.net
@@ -10,13 +18,12 @@
 		- marketing.newsregistry.com	(times out)
 
 -->
-<ruleset name="News Registry (partial)">
+<ruleset name="News Registry (partial)" default_off="failed ruleset test">
 
 	<target host="newsregistry.com" />
 	<target host="www.newsregistry.com" />
 
 
-	<rule from="^http://(www\.)?newsregistry\.com/"
-		to="https://$1newsregistry.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/News.com.xml b/src/chrome/content/rules/News.com.xml
new file mode 100644
index 000000000000..aea3022a4330
--- /dev/null
+++ b/src/chrome/content/rules/News.com.xml
@@ -0,0 +1,23 @@
+<!--
+	Non-functional hosts
+		Timeout was reached:
+		- news.com
+		- www.news.com
+
+		SSL peer certificate was not OK:
+		- investor.news.com
+
+		Peer certificate cannot be authenticated with given CA certificates:
+		- de.news.com
+		- fr.news.com
+
+		Incomplete certificate chain error:
+		- uk.news.com
+-->
+<ruleset name="News.com">
+	<target host="news.com" />
+	<target host="www.news.com" />
+
+	<rule from="^http://(www\.)?news\.com/"
+		to="https://www.cnet.com/news/" />
+</ruleset>
diff --git a/src/chrome/content/rules/News.dk.xml b/src/chrome/content/rules/News.dk.xml
new file mode 100644
index 000000000000..a99f75f7d60f
--- /dev/null
+++ b/src/chrome/content/rules/News.dk.xml
@@ -0,0 +1,28 @@
+<!--
+	For other Jubii coverage, see Jubii.dk.xml.
+
+
+	Mixed content:
+
+		- css from fonts.googleapis.com ˢ
+
+		- Images, from:
+
+			- ^news.dk
+			- imageservice.nordjyske.dk ˢ
+
+		- Bug from news.tns-gallup.dk
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="News.dk" default_off="mismatched">
+
+	<target host="news.dk" />
+	<target host="www.news.dk" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/News9daily.org.xml b/src/chrome/content/rules/News9daily.org.xml
deleted file mode 100644
index 3dea6e1192ee..000000000000
--- a/src/chrome/content/rules/News9daily.org.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="news9daily.org">
-
-	<target host="news9daily.org" />
-	<target host="*.news9daily.org" />
-
-
-	<securecookie host="^(?:w*\.)?news9daily\.org$" name=".+" />
-
-
-	<rule from="^http://(www\.)?news9daily\.org/"
-		to="https://$1news9daily.org/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/NewsBlur.com.xml b/src/chrome/content/rules/NewsBlur.com.xml
new file mode 100644
index 000000000000..19c50571c086
--- /dev/null
+++ b/src/chrome/content/rules/NewsBlur.com.xml
@@ -0,0 +1,19 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- popular.global.newsblur.com
+		- icons.newsblur.com
+		- pages.newsblur.com
+-->
+<ruleset name="NewsBlur.com">
+	<target host="newsblur.com" />
+	<target host="www.newsblur.com" />
+	<target host="blog.newsblur.com" />
+	<target host="global.newsblur.com" />
+	<target host="homepage.newsblur.com" />
+	<target host="macdrifter.newsblur.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/NewsBlur.xml b/src/chrome/content/rules/NewsBlur.xml
deleted file mode 100644
index 740a8c872556..000000000000
--- a/src/chrome/content/rules/NewsBlur.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="NewsBlur">
-  <target host="www.newsblur.com" />
-  <target host="newsblur.com" />
-  <target host="dev.newsblur.com" />
-
-  <rule from="^http://(www\.)?newsblur\.com/" to="https://www.newsblur.com/"/>
-  <rule from="^http://dev\.newsblur\.com/" to="https://dev.newsblur.com/" />
-  <securecookie host="^www\.newsblur\.com$" name=".*" />
-</ruleset>
diff --git a/src/chrome/content/rules/NewsCred.com.xml b/src/chrome/content/rules/NewsCred.com.xml
index 0cd029b479b0..ffa63120ce59 100644
--- a/src/chrome/content/rules/NewsCred.com.xml
+++ b/src/chrome/content/rules/NewsCred.com.xml
@@ -5,6 +5,10 @@
 
 			- static.cms.newscred.com
 
+		- ds9y5y40x6zaj.cloudfront.net
+
+			- daylifeimages.newscred.com
+
 
 	Nonfunctional subdomains:
 
@@ -16,22 +20,40 @@
 
 	Problematic subdomains:
 
-		- static.cms	(cloudfront)
-		- info		(redirects to app-sjn.marketo.com)
+		- static.cms ¹
+		- dailylifeimages ¹
+		- info ²
+
+	¹ cloudfront
+	² Marketo
+
+
+	Mixed content:
+
+		- Images on newsdaily.cms from images *
+
+	* Secured by us
 
 -->
 <ruleset name="NewsCred.com (partial)">
 
-	<target host="*.newscred.com" />
+	<target host="static.cms.newscred.com" />
+	<target host="newsdaily.cms.newscred.com" />
+	<target host="images.newscred.com" />
+	<target host="daylifeimages.newscred.com" />
+	<target host="info.newscred.com" />
 
 
 	<rule from="^http://static\.cms\.newscred\.com/"
 		to="https://d35o6c6ifjoa8g.cloudfront.net/" />
 
-	<rule from="^http://images\.newscred\.com/"
-		to="https://images.newscred.com/" />
+	<rule from="^http://(newsdaily\.cms|images)\.newscred\.com/"
+		to="https://$1.newscred.com/" />
+
+	<rule from="^http://daylifeimages\.newscred\.com/"
+		to="https://ds9y5y40x6zaj.cloudfront.net/" />
 
-	<rule from="^http://info\.newscred\.com/(cs|image|j)s/"
-		to="https://na-sjn.marketo.com/$1s/" />
+	<rule from="^http://info\.newscred\.com/(?=css/|images/|js/|rs/)"
+		to="https://na-sjn.marketo.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/NewsDaily.com.xml b/src/chrome/content/rules/NewsDaily.com.xml
new file mode 100644
index 000000000000..5ec6923f105a
--- /dev/null
+++ b/src/chrome/content/rules/NewsDaily.com.xml
@@ -0,0 +1,29 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://newsdaily.com/ => https://newsdaily.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.newsdaily.com/ => https://www.newsdaily.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+	For other ScienceDaily coverage, see ScienceDaily.com.xml.
+
+
+	Mixed content:
+
+		- Images from images.newscred.com *
+
+	* Secured by us
+
+-->
+<ruleset name="NewsDaily.com" default_off="failed ruleset test">
+
+	<target host="newsdaily.com" />
+	<target host="www.newsdaily.com" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NewsGator.xml b/src/chrome/content/rules/NewsGator.xml
index 158b7508efc9..c120735019b0 100644
--- a/src/chrome/content/rules/NewsGator.xml
+++ b/src/chrome/content/rules/NewsGator.xml
@@ -1,10 +1,20 @@
-<ruleset name="NewsGator">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://newsgator.com/ => https://www.newsgator.com/: (7, 'Failed to connect to www.newsgator.com port 443: Connection refused')
+Fetch error: http://www.newsgator.com/ => https://www.newsgator.com/: (7, 'Failed to connect to www.newsgator.com port 443: Connection refused')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://newsgator.com/ => https://www.newsgator.com/: (7, 'Failed to connect to www.newsgator.com port 443: Connection refused')
+Fetch error: http://www.newsgator.com/ => https://www.newsgator.com/: (7, 'Failed to connect to www.newsgator.com port 443: Connection refused')
+-->
+<ruleset name="NewsGator" default_off="failed ruleset test">
 
 	<target host="newsgator.com" />
 	<target host="www.newsgator.com" />
 
 
-	<securecookie host="^www\.newsgator\.com$" name=".*" />
+	<securecookie host="^www\.newsgator\.com$" name=".+" />
 
 
 	<!--	Cert doesn't match !www.	-->
diff --git a/src/chrome/content/rules/NewsLook.xml b/src/chrome/content/rules/NewsLook.xml
index 2481fb5d7b4d..911e2d0d36f7 100644
--- a/src/chrome/content/rules/NewsLook.xml
+++ b/src/chrome/content/rules/NewsLook.xml
@@ -1,44 +1,17 @@
 <!--
-	CDN buckets:
-
-		- d24lblqer3jbtz.cloudfront.net
-			- sta[0-3].newslook.com
-
-		- d24y7pjjfar7k.cloudfront.net
-			- img[0-3].newslook.com
-
-		- d2nj14si6cadzm.cloudfront.net
-			- cdn.newslook.com
-
-
-	Partially covered domains:
-
-		- (www.)newslook.com	(at least some pages redirect to http)
-
-
-	Fully covered domains:
-
-		- cdn.newslook.com
-		- img[0-3].newslook.com
-		- sta[0-3].newslook.com
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- www.newslook.com
+		- static.newslook.com
 
+		Redirects to HTTP:
+		- newslook.com
 -->
-<ruleset name="NewsLook (partial)">
-
+<ruleset name="NewsLook.com (partial)" default_off="cert-invalid">
 	<target host="newslook.com" />
-	<target host="*.newslook.com" />
-
-
-	<rule from="^http://(www\.)?newslook\.com/assets/"
-		to="https://$1newslook.com/assets/" />
-
-	<rule from="^https?://cdn\.newslook\.com/"
-		to="https://d2nj14si6cadzm.cloudfront.net/" />
-
-	<rule from="^https?://img[0-3]\.newslook\.com/"
-		to="https://d24y7pjjfar7k.cloudfront.net/" />
-
-	<rule from="^https?://sta[0-3]\.newslook\.com/"
-		to="https://d24lblqer3jbtz.cloudfront.net/" />
-
-</ruleset>
\ No newline at end of file
+	<target host="www.newslook.com" />
+	<target host="cdn.newslook.com" />
+	<target host="static.newslook.com" />
+	
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/NewsNetz.ch.xml b/src/chrome/content/rules/NewsNetz.ch.xml
new file mode 100644
index 000000000000..b7abee97a7fc
--- /dev/null
+++ b/src/chrome/content/rules/NewsNetz.ch.xml
@@ -0,0 +1,88 @@
+<!--
+	Cert expired:
+		- files.staging.newsnetz.ch
+		- staging01.newsnetz.ch
+		- staging02.newsnetz.ch
+
+	Cert mismatch:
+		- www.newsnetz.ch
+		- www.24heures.newsnetz.ch
+		- newdc.files.newsnetz.ch
+		- files-alias.newsnetz.ch
+		- www.bernerzeitung.newsnetz.ch
+		- agenda.bernerzeitung.newsnetz.ch
+		- www.landbote.newsnetz.ch
+		- m.landbote.newsnetz.ch
+		- www.lematin.newsnetz.ch
+		- www.tagesanzeiger.newsnetz.ch
+		- staging.tagesanzeiger.newsnetz.ch
+		- www.staging.tagesanzeiger.newsnetz.ch
+		- www.tdg.newsnetz.ch
+		- www.zsz.newsnetz.ch
+
+	Connection refused:
+		- app01.newsnetz.ch
+		- app02.newsnetz.ch
+		- app03.newsnetz.ch
+		- app04.newsnetz.ch
+		- app05.newsnetz.ch
+		- app06.newsnetz.ch
+		- app07.newsnetz.ch
+		- app08.newsnetz.ch
+		- app09.newsnetz.ch
+		- app10.newsnetz.ch
+		- app11.newsnetz.ch
+		- app12.newsnetz.ch
+		- app13.newsnetz.ch
+		- app14.newsnetz.ch
+		- cache01.newsnetz.ch
+		- cache02.newsnetz.ch
+		- cron01.newsnetz.ch
+		- db01.newsnetz.ch
+		- db02.newsnetz.ch
+		- db03.newsnetz.ch
+		- db04.newsnetz.ch
+		- db06.newsnetz.ch
+		- db07.newsnetz.ch
+		- es01.newsnetz.ch
+		- infografik01.newsnetz.ch
+		- infografik02.newsnetz.ch
+		- release01.newsnetz.ch
+		- release02.newsnetz.ch
+		- so.newsnetz.ch
+		- so01.newsnetz.ch
+		- so02.newsnetz.ch
+-->
+<ruleset name="NewsNetz.ch">
+
+	<target host="24heures.newsnetz.ch" />
+	<target host="bernerzeitung.newsnetz.ch" />
+	<target host="cd.newsnetz.ch" />
+	<target host="cdn.newsnetz.ch" />
+	<target host="editorial01.newsnetz.ch" />
+	<target host="editorial02.newsnetz.ch" />
+	<target host="editorial03.newsnetz.ch" />
+	<target host="editorial04.newsnetz.ch" />
+	<target host="files.newsnetz.ch" />
+	<target host="files2.newsnetz.ch" />
+	<target host="landbote.newsnetz.ch" />
+	<target host="lematin.newsnetz.ch" />
+	<target host="mcdn.newsnetz.ch" />
+	<target host="proxy01.newsnetz.ch" />
+	<target host="proxy02.newsnetz.ch" />
+	<target host="proxy03.newsnetz.ch" />
+	<target host="proxy04.newsnetz.ch" />
+	<target host="proxy05.newsnetz.ch" />
+	<target host="proxy06.newsnetz.ch" />
+	<target host="proxy07.newsnetz.ch" />
+	<target host="proxy08.newsnetz.ch" />
+	<target host="proxyserver.newsnetz.ch" />
+	<target host="tagesanzeiger.newsnetz.ch" />
+	<target host="tdg.newsnetz.ch" />
+	<target host="zsz.newsnetz.ch" />
+	<target host="zuonline.newsnetz.ch" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NewsNow.xml b/src/chrome/content/rules/NewsNow.xml
deleted file mode 100644
index 1e36d78a2401..000000000000
--- a/src/chrome/content/rules/NewsNow.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)	(401, CN: lennyamd64.webcluster.newsnow.co.uk)
-		- s		(redirects to www)
-
--->
-<ruleset name="NewsNow (partial)">
-
-	<target host="delivery.ad.newsnow.net" />
-
-
-	<securecookie host="^delivery\.ad\.newsnow\.net$" name=".+" />
-
-
-	<rule from="^http://delivery\.ad\.newsnow\.net/"
-		to="https://delivery.ad.newsnow.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/NewsWhip-mismatches.xml b/src/chrome/content/rules/NewsWhip-mismatches.xml
index ea82b7d9d532..9f8d58113134 100644
--- a/src/chrome/content/rules/NewsWhip-mismatches.xml
+++ b/src/chrome/content/rules/NewsWhip-mismatches.xml
@@ -2,16 +2,19 @@
 	For rules that are on by default, see NewsWhip.xml.
 
 -->
-<ruleset name="NewsWhip (mismatches)" default_off="mismatch">
+<ruleset name="NewsWhip.com (mismatched)" default_off="mismatched">
 
-	<!--	Cert:	*.reg365.net	-->
+	<!--	Direct rewrites:
+				-->
+	<target host="newswhip.com" />
 	<target host="blog.newswhip.com" />
+	<target host="www.newswhip.com" />
 
 
-	<securecookie host="^blog\.newswhip\.com$" name=".*" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^http://blog\.newswhip\.com/"
-		to="https://blog.newswhip.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/NewsWhip.xml b/src/chrome/content/rules/NewsWhip.xml
index 0fab8862ae5d..31a0459611d7 100644
--- a/src/chrome/content/rules/NewsWhip.xml
+++ b/src/chrome/content/rules/NewsWhip.xml
@@ -2,21 +2,43 @@
 	For problematic rules, see NewsWhip-mismatches.xml.
 
 
-	Nonfunctional subdomains:
+	Problematic hosts in *newswhip.com:
 
-		- blog	(cert:  *.reg365.net)
+		- (www.)? *
+		- blog *
+
+	* Cloudfront
+
+
+	These altnames don't exist:
+
+		- www.help.spike.newswhip.com
+
+
+	Insecure cookies are set for these hosts:
+
+		- help.spike.newswhip.com
 
 -->
-<ruleset name="NewsWhip (partial)">
+<ruleset name="NewsWhip.com (partial)">
 
-	<target host="newswhip.com" />
-	<target host="www.newswhip.com" />
+	<!--	Direct rewrites:
+				-->
+	<!--target host="newswhip.com" /-->
+	<!--target host="blog.newswhip.com" /-->
+	<target host="spike.newswhip.com" />
+	<target host="help.spike.newswhip.com" />
+	<!--target host="www.newswhip.com" /-->
 
 
-	<!--	Many pages redirect to http.  There may
-		be more than are listed here that don't.
+	<!--	Not secured by server:
 					-->
-	<rule from="^http://(www\.)?newswhip\.com/(css/|StartNewsWhipDaily)"
-		to="https://$1newswhip.com/$2" />
+	<!--securecookie host="^help\.spike\.newswhip\.com$" name="^sessionid$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/News_Challenge.org.xml b/src/chrome/content/rules/News_Challenge.org.xml
index 6eae501503e5..1244172898e0 100644
--- a/src/chrome/content/rules/News_Challenge.org.xml
+++ b/src/chrome/content/rules/News_Challenge.org.xml
@@ -1,16 +1,12 @@
 <ruleset name="News Challenge.org">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="newschallenge.org" />
 	<target host="www.newschallenge.org" />
 
 
-	<securecookie host="^www\.newschallenge\.org$" name=".+" />
+	<rule from="^http:"
+		to="https:" />
 
-
-	<!--	^ redirects to www over http,
-		so copy that behavior:
-					-->
-	<rule from="^http://(?:www\.)?newschallenge\.org/"
-		to="https://www.newschallenge.org/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/News_Distribution_Network.xml b/src/chrome/content/rules/News_Distribution_Network.xml
deleted file mode 100644
index a129aa280e38..000000000000
--- a/src/chrome/content/rules/News_Distribution_Network.xml
+++ /dev/null
@@ -1,60 +0,0 @@
-<!--
-	CDN buckets:
-
-		- landing.newsinc.com.s3.amazonaws.com | landing.newsinc.com.edgesuite.net
-		- assets.newsinc.com.s3.amazonaws.com | assets.newsinc.com.edgesuite.net
-		- widget.newsinc.com.s3.amazonaws.com
-
-		- dme-prod-1955759440.us-east-1.elb.amazonaws.com
-
-			- pp-serve
-
-		- dmeserv.newsinc.com.edgesuite.net
-
-
-	Nonfunctional subdomains:
-
-		- (www.) *
-		- control **
-		- dashboard **
-		- dmeserv	(503, akamai)
-		- embed *
-		- pp-serve *
-
-	* Refused
-	** Reset
-
-
-	Problematic subdomains:
-
-		- autodiscover	(refused)
-
-
-	Fully covered subdomains:
-
-		- assets	(→ s3.amazonaws.com)
-		- autodiscover	(→ autodiscover-s.outlook.com)
-		- landing	(→ s3.amazonaws.com)
-		- mail
-		- mailfire
-		- widget	(→ s3.amazonaws.com)
-
--->
-<ruleset name="News Distribution Network (partial)">
-
-	<target host="*.newsinc.com" />
-
-
-	<securecookie host="^mail(?:fire)?\.newsinc\.com$" name=".+" />
-
-
-	<rule from="^http://(assets|landing|widget)\.newsinc\.com/"
-		to="https://s3.amazonaws.com/$1.newsinc.com/" />
-
-	<rule from="^http://autodiscover\.newsinc\.com/"
-		to="https://autodiscover-s.outlook.com/" />
-
-	<rule from="^http://(mail|mailfire)\.newsinc\.com/"
-		to="https://$1.newsinc.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/News_Funnel.xml b/src/chrome/content/rules/News_Funnel.xml
index 405b7170f786..1b3b026b60d2 100644
--- a/src/chrome/content/rules/News_Funnel.xml
+++ b/src/chrome/content/rules/News_Funnel.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(www\.)?thenewsfunnel\.com/(modules/|(?:register-tnf|user/register)(?:$|\?|/)|sites/)"
 		to="https://$1thenewsfunnel.com/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/News_Limited-problematic.xml b/src/chrome/content/rules/News_Limited-problematic.xml
deleted file mode 100644
index 1f0851cac2b6..000000000000
--- a/src/chrome/content/rules/News_Limited-problematic.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	For rules that are on by default, see News_Limited.xml.
-
--->
-<ruleset name="News Limited (problematic)" default_off="Akamai">
-
-	<target host="media.news.com.au" />
-	<target host="*.video.news.com.au" />
-
-
-	<rule from="^http://(media|(?:player|static)\.video)\.news\.com\.au/"
-		to="https://$1.news.com.au/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/News_Limited.xml b/src/chrome/content/rules/News_Limited.xml
deleted file mode 100644
index debf0fd3b4a1..000000000000
--- a/src/chrome/content/rules/News_Limited.xml
+++ /dev/null
@@ -1,37 +0,0 @@
-<!--
-	For problematic rules, see News_Limited-problematic.xml.
-
-
-	CDN buckets:
-
-		- media.news.com.au.edgesuite.net
-
-		- resources.news.com.au.edgesuite.net
-			- resources[0-3]?.news.com.au
-
-		- subscription.news.com.au.edgesuite.net/...
-
-		- player.video.news.com.au.edgesuite.net/...
-
-		- static.video.news.com.au.edgesuite.net/...
-
-		- www.news.com.au.edgesuite.net
-
-
-	Nonfunctional domains:
-
-		- news.com.au
-		- resources[0-3]?.news.com.au	(503)
-		- subscription.news.com.au	(500)
-		- www.news.com.au		(503)
-
--->
-<ruleset name="News Limited (partial)">
-
-	<target host="sops.news.com.au" />
-
-
-	<rule from="^http://sops\.news\.com\.au/"
-		to="https://sops.news.com.au/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/News_Review.com.xml b/src/chrome/content/rules/News_Review.com.xml
new file mode 100644
index 000000000000..183b9ab6007e
--- /dev/null
+++ b/src/chrome/content/rules/News_Review.com.xml
@@ -0,0 +1,42 @@
+<!--
+	Nonfunctional hosts in *newsreview.com:
+
+		- allcrs ¹
+		- sacramento ¹
+		- posting.sacramento ²
+
+	¹ 404
+	² Redirects to posting.www.backpage.com
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .newsreview.com
+		- cnrsweetdeals.newsreview.com
+		- rnrsweetdeals.newsreview.com
+		- snrsweetdeals.newsreview.com
+
+-->
+<ruleset name="News Review.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="newsreview.com" />
+	<target host="cnrsweetdeals.newsreview.com" />
+	<target host="rnrsweetdeals.newsreview.com" />
+	<target host="snrsweetdeals.newsreview.com" />
+	<target host="www.newsreview.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.newsreview\.com$" name="^__qca$" /-->
+	<!--securecookie host="^[crs]nrsweetdeals\.newsreview\.com$" name="^(?:AWSELB|CFID|CFTOKEN)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Newscheckmedia.com.xml b/src/chrome/content/rules/Newscheckmedia.com.xml
index 056d38aa78c5..a191950763b6 100644
--- a/src/chrome/content/rules/Newscheckmedia.com.xml
+++ b/src/chrome/content/rules/Newscheckmedia.com.xml
@@ -1,20 +1,37 @@
 <!--
+	Other NewsCheckMedia rulesets:
+
+		- NetNewsCheck.com.xml
+
+
 	CDN buckets:
 
 		- c0021744.cdn1.cloudfiles.rackspacecloud.com
 
 
-	Problematic subdomains:
+	Problematic hosts in *newscheckmedia.com:
 
 		- assets	(refused)
+		- sso01 ᵐ
+
+	ᵐ Mismatched
 
 -->
 <ruleset name="newscheckmedia.com">
 
-	<target host="*.newscheckmedia.com" />
+	<!--	Direct rewrites:
+				-->
+	<target host="secure.newscheckmedia.com" />
+
+	<!--	Complications:
+				-->
+	<target host="assets.newscheckmedia.com" />
 
 
-	<rule from="^http://(?:assets|secure)\.newscheckmedia\.com/"
+	<rule from="^http://assets\.newscheckmedia\.com/"
 		to="https://secure.newscheckmedia.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Newsday.com.xml b/src/chrome/content/rules/Newsday.com.xml
new file mode 100644
index 000000000000..92b547bc787d
--- /dev/null
+++ b/src/chrome/content/rules/Newsday.com.xml
@@ -0,0 +1,48 @@
+<!--
+	CDN buckets:
+
+		- newsday.vo.llnwd.net
+
+
+	Nonfunctional subdomains:
+
+		- cars ¹
+		- homes ²
+		- local ²
+
+	¹ Refused
+	² Dropped
+
+
+	^: mismatched
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- long-island & www from cdn
+			- www from resize.wunderground.com
+
+		- Ads/web bugs, on:
+
+			- long-island from www
+			- long-island & www from b.comcardresearch.com
+			- long-island & www from \d+.fls.doubleclick.net
+			- www from a.postrelease.com
+
+-->
+<ruleset name="Newsday.com (partial)">
+
+	<target host="newsday.com" />
+	<target host="www.newsday.com" />
+	<target host="long-island.newsday.com" />
+		<!--exclusion pattern="^http://(cars|homes|local)\.newsday\.com/" /-->
+
+
+	<rule from="^http://(?:www\.)?newsday\.com/"
+		to="https://www.newsday.com/" />
+
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Newsmax.com.xml b/src/chrome/content/rules/Newsmax.com.xml
index e1e66e405db5..1fc206788ca4 100644
--- a/src/chrome/content/rules/Newsmax.com.xml
+++ b/src/chrome/content/rules/Newsmax.com.xml
@@ -1,28 +1,51 @@
 <!--
-	Nonfunctional subdomains:
+	Other Newsmax rulesets:
 
-		- profiles	("Invalid license key", valid cert)
+		- Newsmax_Health.com.xml
 
 
-	Problematic subdomains:
+	Nonfunctional hosts in *newsmax.com:
 
-		- ^	(works; mismatched, CN: WWW.NEWSMAX.COM)
+		- profiles *
+
+	* "Invalid license key"
+
+
+	^newsmax.com: Mismatched
+
+
+	Mixed content:
+
+		- Ads, on:
+
+			- www from intermrkts.vo.llnwd.net
+			- www from b.scorecardresearch.com *
+
+		Image on www from $self *
+
+	* Secured by us
 
 -->
 <ruleset name="Newsmax.com (partial)">
 
+	<!--	Direct rewrites:
+				-->
+	<target host="shop.newsmax.com" />
+	<target host="www.newsmax.com" />
+
+	<!--	Complications:
+				-->
 	<target host="newsmax.com" />
-	<target host="*.newsmax.com" />
 
 
-	<securecookie host="^\.newsmax\.com$" name="^__utm\w$" />
-	<securecookie host="^(?:shop|www)\.newsmax\.com$" name=".+" />
+	<securecookie host="^\." name="^__utm" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?newsmax\.com/"
+	<rule from="^http://newsmax\.com/"
 		to="https://www.newsmax.com/" />
 
-	<rule from="^http://shop\.newsmax\.com/"
-		to="https://shop.newsmax.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Newsmax_Health.com.xml b/src/chrome/content/rules/Newsmax_Health.com.xml
new file mode 100644
index 000000000000..63aa27d7a5e1
--- /dev/null
+++ b/src/chrome/content/rules/Newsmax_Health.com.xml
@@ -0,0 +1,33 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.newsmaxhealth.com/ => https://www.newsmaxhealth.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://newsmaxhealth.com/ => https://www.newsmaxhealth.com/: (28, 'Connection timed out after 20000 milliseconds')
+
+	For other Newsmax coverage, see Newsmax.com.xml.
+
+
+	^newsmaxhealth.com: Mismatched
+
+-->
+<ruleset name="Newsmax Health.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.newsmaxhealth.com" />
+
+	<!--	Complications:
+				-->
+	<target host="newsmaxhealth.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://newsmaxhealth\.com/"
+		to="https://www.newsmaxhealth.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Newsnet5.com.xml b/src/chrome/content/rules/Newsnet5.com.xml
index bbcb328d4be2..ca5132b56722 100644
--- a/src/chrome/content/rules/Newsnet5.com.xml
+++ b/src/chrome/content/rules/Newsnet5.com.xml
@@ -52,16 +52,10 @@
 -->
 <ruleset name="newsnet5.com (partial)">
 
-	<target host="*.newsnet5.com" />
+	<target host="contests.newsnet5.com" />
 
 
 	<rule from="^http://contests\.newsnet5\.com/shared/"
 		to="https://newsnet5.upickem.net/shared/" />
 
-	<rule from="^http://media2\.newsnet5\.com/"
-		to="https://a248.e.akamai.net/media2.newsnet5.com/" />
-
-	<rule from="^http://sharing\.newsnet5\.com/"
-		to="https://a248.e.akamai.net/f/1840/4749/2f/sharing.newsnet5.com/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/NewspaperDirect-mismatches.xml b/src/chrome/content/rules/NewspaperDirect-mismatches.xml
deleted file mode 100644
index 212cc187cc38..000000000000
--- a/src/chrome/content/rules/NewspaperDirect-mismatches.xml
+++ /dev/null
@@ -1,28 +0,0 @@
-<!--
-	For rules that are on by default, see NewspaperDirect.xml
-
-
-	Nonfunctional:
-
-		- cache-thumb1.pressdisplay.com		(Akamai; 503)
-		- cache2-thumb1.pressdisplay.com	(cert: gp1.wac.edgecastcdn.net; 404)
-
--->
-<ruleset name="NewspaperDirect (mismatches)" default_off="mismatch">
-
-	<target host="pressdisplay.com" />
-	<target host="*.pressdisplay.com" />
-		<!--	Rewritten back to http by JS	-->
-		<exclusion pattern="^http://(www\.)?pressdisplay/viewer\.aspx" />
-
-
-	<!--	Cert: www.newspapersdirect.com	-->
-	<rule from="^https?://(?:www\.)?pressreader\.com/"
-		to="https://pressreader.com/" />
-
-	<!--	!2:	Akamai
-		 2:	EdgeCast	-->
-	<rule from="^https?://cache2?-s(cripts|style)s\.pressdisplay\.com/"
-		to="https://cache-s$1s.pressdisplay.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/NewspaperDirect.xml b/src/chrome/content/rules/NewspaperDirect.xml
index a85df5c15475..151ad530a1f0 100644
--- a/src/chrome/content/rules/NewspaperDirect.xml
+++ b/src/chrome/content/rules/NewspaperDirect.xml
@@ -1,20 +1,18 @@
 <!--
-	For problematic rules, see NewspaperDirect-mismatches.xml.
-
-
-	blog.newspaperdirect.com is handled in BlueHost-clients.xml.
+	Other NewspaperDirect.com related rulesets:
+		+ PressDisplay.com.xml
 
+	Non-functional hosts:
+		SSL connect error:
+		- newspaperdirect.com
+		- www.newspaperdirect.com
 -->
 <ruleset name="NewspaperDirect (partial)">
 
-	<target host="newspaperdirect.com" />
-	<target host="www.newspaperdirect.com" />
-
-
-	<securecookie host="^(www\.)?newspaperdirect\.com$" name=".*" />
+	<target host="account.newspaperdirect.com" />
 
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(www\.)?newspaperdirect\.com/"
-		to="https://$1newspaperdirect.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Newsru.com.xml b/src/chrome/content/rules/Newsru.com.xml
new file mode 100644
index 000000000000..596b65a39fa7
--- /dev/null
+++ b/src/chrome/content/rules/Newsru.com.xml
@@ -0,0 +1,40 @@
+<!--
+m.newsru.com ²
+ino-image.newsru.com ¹
+txt.newsru.com ³
+classic.newsru.com ²
+palm.newsru.com ³
+moscow.newsru.com ²
+medicine.newsru.com ¹
+newslink.newsru.com ²
+wap.newsru.com ²
+travel.newsru.com ²
+msk.newsru.com ²
+antiterror.newsru.com ²
+supple.image.newsru.com ¹
+m.blog.newsru.com ²
+blog.classic.newsru.com ²
+hitech.classic.newsru.com ²
+auto.classic.newsru.com ²
+m.hitech.newsru.com ²
+m.realty.newsru.com ²
+m.auto.newsru.com ²
+
+
+¹ mismatch
+² refused
+³ timed out
+-->
+<ruleset name="Newsru.com (partial)">
+	<target host="newsru.com" />
+	<target host="www.newsru.com" />
+	<target host="auto.newsru.com" />
+	<target host="blog.newsru.com" />
+	<target host="hitech.newsru.com" />
+	<target host="image.newsru.com" />
+	<target host="realty.newsru.com" />
+	<target host="search.newsru.com" />
+	<target host="static.newsru.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Newstral.com.xml b/src/chrome/content/rules/Newstral.com.xml
new file mode 100644
index 000000000000..bff21ab4901d
--- /dev/null
+++ b/src/chrome/content/rules/Newstral.com.xml
@@ -0,0 +1,24 @@
+<!--
+	Problematic domains:
+
+		- www ¹
+		- blog ²
+
+	¹: Mismatched
+	²: Refused
+-->
+<ruleset name="Newstral.com (partial)">
+
+	<target host="newstral.com" />
+	<target host="www.newstral.com" />
+	<target host="m.newstral.com" />
+
+	<securecookie host="\.?newstral\.com" name=".+" />
+
+	<rule from="^http://www\.newstral\.com/"
+		to="https://newstral.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Newsvine.com.xml b/src/chrome/content/rules/Newsvine.com.xml
index e3a5891585a0..010b9696e86f 100644
--- a/src/chrome/content/rules/Newsvine.com.xml
+++ b/src/chrome/content/rules/Newsvine.com.xml
@@ -1,41 +1,95 @@
 <!--
-	For problematic rules, see MSN.com.xml.
+	For other NBCUniversal coverage, see NBCUniversal_Media.xml.
 
-	For other Microsoft coverage, see Microsoft.xml.
+
+	CDN buckets:
+
+		- m.static.newsvine.com.edgesuite.net
+
+
+	Problematic hosts in *newsvine.com:
+
+		- cdn.lib ¹
+		- m.static *
+
+	¹ Akamai
+	* Works, akamai
+
+
+	Insecure cookies are set for these domains:
+
+		- .newsvine.com
 
 -->
-<ruleset name="newsvine.com (partial)">
+<ruleset name="newsvine.com (partial)" default_off="Needs ruleset tests">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="newsvine.com" />
+	<!--target host="bonosrama.newsvine.com" /-->
+	<target host="lib.newsvine.com" />
+	<target host="log.newsvine.com" />
+	<target host="onesearch4-2.newsvine.com" />
+	<target host="www.newsvine.com" />
+
 	<!--	Akamai	-->
+	<target host="cdn.bonosrama.newsvine.com" />
+	<target host="www.cdn.newsvine.com" />
+	<target host="i.newsvine.com" />
 	<target host="cdn.lib.newsvine.com" />
-	<target host="*.newsvine.com" />
-		<!--	redirects to www	-->
-		<exclusion pattern="^http://www\.newsvine\.com/_nv/" />
-	<target host="www.*.newsvine.com" />
+	<target host="polls.newsvine.com" />
+	<target host="www.polls.newsvine.com" />
+	<target host="m.static.newsvine.com" />
 
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://bonosrama\.newsvine\.com/(?:$|_nv/)" /-->
 
-	<securecookie host="^\.newsvine\.com$" name=".*" />
+		<!--	Pages redirect to www:
+						-->
+		<exclusion pattern="^http://onesearch4-2\.newsvine\.com/+(?!_vine/)" />
 
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.polls\.newsvine\.com/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://(?:www\.)?polls\.newsvine\.com/(?!_static/|_vine/)" />
 
-	<!--	- Cert doesn't match !www.
-		- www.cdn: Akamai
-		- i times out as-is
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.newsvine\.com/(?:$|_nv/)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.newsvine\.com/(?!_static/|_vine/)" />
+
+
+	<!--	Not secured by server:
 					-->
-	<rule from="^https?://(?:i\.|www\.(?:cdn\.)?)?newsvine\.com/"
-		 to="https://www.newsvine.com/" />
+	<!--securecookie host="^\.newsvine\.com$" name="^vid$" /-->
 
-	<rule from="^http://(?:(?:cdn\.|www\.)?(bonosrama|lib)|(log))\.newsvine\.com/"
-		to="https://$1$2.newsvine.com/" />
 
-	<!--	Pages redirect to www.		-->
-	<rule from="^http://onesearch4-2\.newsvine\.com/_vine/"
-		to="https://onesearch4-2.newsvine.com/_vine/" />
+	<rule from="^http://cdn\.bonosrama\.newsvine\.com/"
+		to="https://bonosrama.newsvine.com/" />
+
+	<!--	- www.cdn: Akamai
+		- i times out as-is
+					-->
+	<rule from="^http://(?:www\.cdn|i)\.newsvine\.com/"
+		to="https://www.newsvine.com/" />
 
 	<!--	polls uses Akamai.
 		This is what server does for https pages.
 		NB: Most polls pages are handled in MSN.com.xml.	-->
-	<rule from="^http://(?:www\.)?polls\.newsvine\.com/_(static|vine)/"
-		to="https://www.newsvine.com/_$1/" />
+	<rule from="^http://(?:www\.)?polls\.newsvine\.com/"
+		to="https://www.newsvine.com/" />
+
+	<rule from="^http://m\.static\.newsvine\.com/"
+		to="https://m.newsvine.com/" />
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Newtention.net.xml b/src/chrome/content/rules/Newtention.net.xml
deleted file mode 100644
index ea22f5431526..000000000000
--- a/src/chrome/content/rules/Newtention.net.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	^newtention.net does not exist.
-
--->
-<ruleset name="newtention.net">
-
-	<target host="*.newtention.net" />
-
-
-	<securecookie host="^\.newtention\.net$" name=".+" />
-
-
-	<rule from="^http://(ads|www)\.newtention\.net/"
-		to="https://$1.newtention.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Newzbin.xml b/src/chrome/content/rules/Newzbin.xml
index ce106d6e7710..b4ca9fb0185d 100644
--- a/src/chrome/content/rules/Newzbin.xml
+++ b/src/chrome/content/rules/Newzbin.xml
@@ -1,9 +1,19 @@
-<ruleset name="Newzbin">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://newzbin.com/ => https://www.newzbin2.es/: (7, 'Failed to connect to www.newzbin2.es port 443: Connection refused')
+Fetch error: http://newzbin2.es/ => https://www.newzbin2.es/: (7, 'Failed to connect to www.newzbin2.es port 443: Connection refused')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://newzbin.com/ => https://www.newzbin2.es/: (7, 'Failed to connect to www.newzbin2.es port 443: Connection refused')
+Fetch error: http://newzbin2.es/ => https://www.newzbin2.es/: (7, 'Failed to connect to www.newzbin2.es port 443: Connection refused')
+-->
+<ruleset name="Newzbin" default_off="failed ruleset test">
   <target host="newzbin.com" />
   <target host="newzbin2.es" />
-  <target host="*.newzbin.com" />
-  <target host="*.newzbin2.es" />
+  <target host="www.newzbin.com" />
+  <target host="www.newzbin2.es" />
+  <target host="docs.newzbin2.es" />
 
-  <rule from="^http://(?:www\.)?newzbin(?:\.com|2\.es)/?" to="https://www.newzbin2.es/"/>
-  <rule from="^http://docs\.newzbin2\.es/?" to="https://docs.newzbin2.es/"/>
+  <rule from="^http:" to="https:"/>
 </ruleset>
diff --git a/src/chrome/content/rules/Newzsec.com.xml b/src/chrome/content/rules/Newzsec.com.xml
new file mode 100644
index 000000000000..b4ef776c54cd
--- /dev/null
+++ b/src/chrome/content/rules/Newzsec.com.xml
@@ -0,0 +1,43 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://newzsec.com/ (200) => https://saltysailor.github.io/ (404)
+Non-2xx HTTP code: http://www.newzsec.com/ (200) => https://saltysailor.github.io/ (404)
+
+	(www.)?newzsec.com: Some paths 404
+
+-->
+<ruleset name="newzsec.com (partial)" default_off="failed ruleset test">
+
+	<!--	Complications:
+				-->
+	<target host="newzsec.com" />
+	<target host="www.newzsec.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^newzsec\.com$" name="^(csrftoken|sessionid)$" /-->
+
+
+	<!--	Redirect keeps args but
+		not forward slash:
+					-->
+	<rule from="^http://(?:www\.)?newzsec\.com/+"
+		to="https://saltysailor.github.io/" />
+
+		<!--	\w$ 404s:
+					-->
+		<exclusion pattern="^http://(?:www\.)?newzsec\.com/(?!/*(?:$|\?))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://newzsec.com/1176" />
+			<test url="http://newzsec.com/1442" />
+			<test url="http://newzsec.com/279" />
+			<test url="http://newzsec.com/280" />
+			<test url="http://newzsec.com/291" />
+			<test url="http://newzsec.com/341" />
+			<test url="http://newzsec.com/44" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Nexac.com.xml b/src/chrome/content/rules/Nexac.com.xml
index 4644c26ec70a..49b75516ebec 100644
--- a/src/chrome/content/rules/Nexac.com.xml
+++ b/src/chrome/content/rules/Nexac.com.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://nexac.com/ => https://www.datalogix.com/index.php?id=19: Too many redirects while fetching 'https://www.datalogix.com/index.php?id=19'
+
 	For other Datalogix coverage, see Datalogix.com.xml.
 
 
@@ -23,7 +27,7 @@
 	Web bugs.
 
 -->
-<ruleset name="nexac.com (partial)">
+<ruleset name="nexac.com (partial)" default_off="failed ruleset test">
 
 	<target host="nexac.com" />
 	<target host="*.nexac.com" />
@@ -42,4 +46,4 @@
 	<rule from="^http://([efhpr])\.nexac\.com/"
 		to="https://$1.nexac.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Nexaway.xml b/src/chrome/content/rules/Nexaway.xml
deleted file mode 100644
index 8924ae2c1d68..000000000000
--- a/src/chrome/content/rules/Nexaway.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- corporate	(404, valid cert)
-
--->
-<ruleset name="Nexaway (partial)">
-
-	<target host="nexway.com" />
-	<target host="*.nexway.com" />
-
-
-	<rule from="^http://(www\.)?nexaway\.com/"
-		to="https://$1nexaway.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Nexcess.xml b/src/chrome/content/rules/Nexcess.xml
index 94f4caa1b5fd..a5f47cbad235 100644
--- a/src/chrome/content/rules/Nexcess.xml
+++ b/src/chrome/content/rules/Nexcess.xml
@@ -1,4 +1,9 @@
 <!--
+	Other Nexcess rulesets:
+
+		- Nexcess_CDN.net.xml
+
+
 	CDN buckets:
 
 		- wpc.3313.edgecastcdn.net/803313/
@@ -11,37 +16,26 @@
 		- lghttp.nex.nexcesscdn.net	(404, CN: edgecastcdn.net)
 		- (www.)nexess-status.com	(shows H-Sphere default page, CN: *.nozonenet.com)
 
-
-	Problematic subdomains:
-
-		- ^	(mismatched, CN: www.nexcess.net)
-
-
-	Fully covered subdomains:
-
-		- (www.)	(^ → www)
-		- affiliates
-		- blog
-		- docs
-		- nocworx
-		- order
-		- portal
-		- static
-
 -->
-<ruleset name="Nexcess (partial)">
+<ruleset name="Nexcess.net (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="nexcess.net" />
-	<target host="*.nexcess.net" />
+	<target host="affiliates.nexcess.net" />
+	<target host="blog.nexcess.net" />
+	<target host="docs.nexcess.net" />
+	<target host="nocworx.nexcess.net" />
+	<target host="order.nexcess.net" />
+	<target host="portal.nexcess.net" />
+	<target host="static.nexcess.net" />
+	<target host="www.nexcess.net" />
 
 
 	<securecookie host=".*\.nexcess\.net$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?nexcess\.net/"
-		to="https://www.nexcess.net/" />
-
-	<rule from="^http://(affiliates|blog|docs|nocworx|order|portal|static)\.nexcess\.net/"
-		to="https://$1.nexcess.net/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Nexcess_CDN.net.xml b/src/chrome/content/rules/Nexcess_CDN.net.xml
new file mode 100644
index 000000000000..166c31cac33a
--- /dev/null
+++ b/src/chrome/content/rules/Nexcess_CDN.net.xml
@@ -0,0 +1,15 @@
+<!--
+	For other Nexcess coverage, see Nexcess.xml.
+
+-->
+<ruleset name="Nexcess CDN.net">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="smhttp-nex.nexcesscdn.net" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Next-Update.xml b/src/chrome/content/rules/Next-Update.xml
index 3c9445c60052..9941f10e3bfa 100644
--- a/src/chrome/content/rules/Next-Update.xml
+++ b/src/chrome/content/rules/Next-Update.xml
@@ -2,7 +2,7 @@
 
 	<target host="sifterapp.com"/>
 	<target host="*.sifterapp.com"/>
-		<exclusion pattern="^http://(journal|status)\."/>
+		<exclusion pattern="^http://(?:journal|status)\."/>
 
 	<rule from="^http://(\w+\.)?sifterapp\.com/"
 		to="https://$1sifterapp.com/"/>
diff --git a/src/chrome/content/rules/Next.xml b/src/chrome/content/rules/Next.xml
index 8f5ecba57185..50ace319a712 100644
--- a/src/chrome/content/rules/Next.xml
+++ b/src/chrome/content/rules/Next.xml
@@ -1,8 +1,147 @@
-<ruleset name="Next">
-  <target host="next.co.uk" />
-  <target host="www.next.co.uk" />
 
-  <securecookie host="^(.+\.)?next\.co\.uk$" name=".*"/>
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://next.co.uk/CSS/storefronts.css (200) => https://www.next.co.uk/CSS/storefronts.css (403)
+Fetch error: http://gardenplants.next.co.uk/ => https://gardenplants.next.co.uk/: Too many redirects while fetching 'https://gardenplants.next.co.uk/'
+Fetch error: http://m.next.co.uk/ => https://m.next.co.uk/: (28, 'Connection timed out after 20001 milliseconds')
+
+	Nonfunctional hosts in *next.co.uk:
+
+		- art2order ʳ
+		- b2b ʳ
+		- blog ᵈ
+		- experiences ᶠ
+		- gifting ʳ
+		- nbn ᵈ
+		- photos ʳ
+		- reviews ʰ
+
+	ᵈ Dropped
+	ᶠ Handshake fails
+	ʰ Redirects to http
+	ʳ Refused
+
+
+	Problematic hosts in *next.co.uk:
+
+		- ^ ᵈ
+		- cdn ᴬ
+		- cdn2 ᴬ
+		- housesigns ᵐ
+		- press ᵐ
+		- stores ᶜ
+		- wallstickers ᵐ
+		- www ᵀ
+
+	ᴬ Akamai / mismatched
+	ᵀ Blocks Tor users
+	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
+	ᵈ Dropped, preemptable redirect
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- careers.next.co.uk
+		- .gardenplants.next.co.uk
+		- help.next.co.uk
+		- .help.next.co.uk
+		- housesigns.next.co.uk
+		- m.next.co.uk
+		- made2measure.next.co.uk
+		- press.next.co.uk
+		- stores.next.co.uk
+		- wallstickers.next.co.uk
+		- .wallstickers.next.co.uk
+		- wine.next.co.uk
+		- www.next.co.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css, on:
+
+			- housesigns from fast.fonts.com ˢ
+			- wallstickers from $self ᵐ
+
+		- Images, on:
+
+			- m, stores from cdn2.next.co.uk ᵐ
+			- wallstickers from $self ᵐ
+
+	ᵐ Not secured by us <= mismatched
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Next.co.uk (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="careers.next.co.uk" />
+	<target host="gardenplants.next.co.uk" />
+	<target host="m.next.co.uk" />
+	<target host="made2measure.next.co.uk" />
+	<!--target host="stores.next.co.uk" /-->
+	<target host="wine.next.co.uk" />
+	<target host="www.next.co.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="next.co.uk" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.next\.co\.uk/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://(?:www\.)?next\.co\.uk/(?!/*(?:[Cc][Ss][Ss]/|[Ii]mages/|content/common/|favicon\.ico|secure/))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.next.co.uk/clearance/" />
+			<test url="http://www.next.co.uk/homeware" />
+			<test url="http://www.next.co.uk/inspire/" />
+			<test url="http://www.next.co.uk/sale/" />
+			<test url="http://www.next.co.uk/stores/" />
+			<test url="http://www.next.co.uk/women/shoes" />
+
+			<!--	-ve:
+					-->
+			<test url="http://next.co.uk/CSS/storefronts.css" />
+			<test url="http://next.co.uk/Images/Mobile/ClearSearch.png" />
+			<test url="http://next.co.uk/content/common/items/default/default/footer/flags/big-flags-sprite.png" />
+			<test url="http://www.next.co.uk/favicon.ico" />
+			<test url="http://www.next.co.uk/secure/account/ForgottenPassword.aspx" />
+			<test url="http://www.next.co.uk/secure/account/Register.aspx" />
+			<test url="http://www.next.co.uk/secure/accounts/transfer" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:careers|\.gardenplants)\.next\.co\.uk$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^help\.next\.co\.uk$" name="^(?:ASP\.NET_SessionId$|NSC_)" /-->
+	<!--securecookie host="^\.help\.next\.co\.uk$" name="^NSC_" /-->
+	<!--securecookie host="^housesigns\.next\.co\.uk$" name="^(?:ASP\.NET_SessionId|AbodeHSCart)$" /-->
+	<!--securecookie host="^\.(?:housesigns|wallstickers)\.next\.co\.uk$" name="^ARRAffinity$" /-->
+	<!--securecookie host="^m\.next\.co\.uk$" name="^NSC_" /-->
+	<!--securecookie host="^(?:made2measure|wine)\.next\.co\.uk$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^press\.next\.co\.uk$" name="^AWSELB$" /-->
+	<!--securecookie host="^stores\.next\.co\.uk$" name="^laravel_session$" /-->
+	<!--securecookie host="^wallstickers\.next\.co\.uk$" name="^WallStickersCart$" /-->
+	<!--securecookie host="^www\.next\.co\.uk$" name="^(?:ASP\.NET_SessionId$|NSC_|NextIncentive$)" /-->
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\.help\." name=".+" />
+	<securecookie host="^(?!www\.)\w" name=".+" />
+
+
+	<rule from="^http://next\.co\.uk/"
+		to="https://www.next.co.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
 
-  <rule from="^http://(?:www\.)?next\.co\.uk/" to="https://www.next.co.uk/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/NextBus.com.xml b/src/chrome/content/rules/NextBus.com.xml
new file mode 100644
index 000000000000..2ac359605b2e
--- /dev/null
+++ b/src/chrome/content/rules/NextBus.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Login required:
+		demo.analytics.nextbus.com
+
+	Invalid certificate:
+		bounce.nextbus.com
+
+	Secure connection failed:
+		data.nextbus.com
+		webservices.nextbus.com
+
+	Time out:
+		stroll.nextbus.com
+
+-->
+<ruleset name="NextBus">
+
+	<target host="nextbus.com" />
+	<target host="www.nextbus.com" />
+	<target host="wmata.nextbus.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NextBus.xml b/src/chrome/content/rules/NextBus.xml
deleted file mode 100644
index a3e374b5dc1d..000000000000
--- a/src/chrome/content/rules/NextBus.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="NextBus">
-	<target host="nextbus.com" />
-	<target host="www.nextbus.com" />
-	<rule from="^http://(?:www\.)?nextbus\.com/"
-		to="https://www.nextbus.com/" />
-</ruleset>
diff --git a/src/chrome/content/rules/NextRegister.com.xml b/src/chrome/content/rules/NextRegister.com.xml
index 80f3c7a858f7..33708c10e21f 100644
--- a/src/chrome/content/rules/NextRegister.com.xml
+++ b/src/chrome/content/rules/NextRegister.com.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(?:www\.)?nextregister\.com/"
 		to="https://nextregister.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Nextag-self-signed.xml b/src/chrome/content/rules/Nextag-self-signed.xml
deleted file mode 100644
index be5652f4b395..000000000000
--- a/src/chrome/content/rules/Nextag-self-signed.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	For rules that are on by default, see Nextag.xml
-
--->
-<ruleset name="Nextag (self-signed)" default_off="self-signed">
-
-	<target host="nextagnews.nextag.com" />
-		<!--	Blog posts 404.	-->
-		<exclusion pattern="^http://nextagnews\.nextag\.com/\d{4}/\d\d/\d\d/" />
-
-
-	<rule from="^http://nextagnews\.nextag\.com/"
-		to="https://nextagnews.nextag.com/" />
-
-	<!--	Blog posts 404.	-->
-	<rule from="^https://nextagnews\.nextag\.com/(\d{4}/\d\d/\d\d/)"
-		to="http://nextagnews.nextag.com/$1" downgrade="1" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Nextag.com.xml b/src/chrome/content/rules/Nextag.com.xml
new file mode 100644
index 000000000000..40bc229763be
--- /dev/null
+++ b/src/chrome/content/rules/Nextag.com.xml
@@ -0,0 +1,57 @@
+<!--
+	Failed:
+		www42.nextag.com
+		travel.nextag.com
+
+		^nextag.it
+
+	Mismatch:
+		img.nextag.com	( equal to imgsrv )
+		stores.nextag.com
+		tickets.nextag.com
+
+		^(www.|m.)?nextag.ca
+		^(www.|m.)?nextag.co.jp
+		^(m.)?nextag.com.au
+		^(m.)?nextag.fr
+		m.nextag.it
+-->
+<ruleset name="Nextag.com">
+	<!--Directly:-->
+	<target host="www.nextag.com.au" />
+	<target host="www.nextag.de" />
+	<target host="www.nextag.fr" />
+
+	<target host="nextag.com" />
+	<target host="www.nextag.com" />
+	<target host="imgsrv.nextag.com" />
+	<target host="m.nextag.com" />
+	<target host="merchants.nextag.com" />
+	<target host="nextagnews.nextag.com" />
+		<test url="http://nextagnews.nextag.com/learn/2015/03/cool-new-uses-old-aquarium/" />
+
+	<!--Complication:-->
+	<target host="img.nextag.com" />
+
+	<target host="img01.static-nextag.com" />
+	<target host="img02.static-nextag.com" />
+	<target host="img03.static-nextag.com" />
+	<target host="img04.static-nextag.com" />
+	<target host="img05.static-nextag.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://img\.nextag\.com/"
+		to="https://imgsrv.nextag.com/" />
+		<test url="http://img.nextag.com/imagefiles/includes/roitrack.js" />
+
+	<rule from="^http://img0(1|2|3|4|5)\.static-nextag\.com/"
+		to="https://imgsrv.nextag.com/" />
+		<test url="http://img01.static-nextag.com/image/Boys-Pants/4/000/000/027/003/2700378.jpg" />
+		<test url="http://img02.static-nextag.com/biofiles/SheaKellyBio.pdf" />
+		<test url="http://img03.static-nextag.com/biofiles/SheaKellyBio.pdf" />
+		<test url="http://img04.static-nextag.com/biofiles/SheaKellyBio.pdf" />
+		<test url="http://img05.static-nextag.com/fontfiles/psm2_0/700i/MuseoSans.ttf" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Nextag.xml b/src/chrome/content/rules/Nextag.xml
deleted file mode 100644
index 06f3a4023e39..000000000000
--- a/src/chrome/content/rules/Nextag.xml
+++ /dev/null
@@ -1,50 +0,0 @@
-<!--
-	For problematic rules, see Nextag-self-signed.xml.
-
-
-	Nonfunctional:
-
-		- (www.)nextag.es
-		- (www.)nextag.co.jp
-		- (www.)nextag.com.au
-
--->
-<ruleset name="Nextag (partial)">
-
-	<target host="nextag.*" />
-	<target host="*.nextag.ca" />
-	<target host="*.nextag.com" />
-	<target host="*.nextag.de" />
-	<target host="*.nextag.fr" />
-	<target host="*.nextag.it" />
-	<target host="*.static-nextag.com" />
-
-
-	<securecookie host="^.*\.nextag\.com$" name=".*" />
-
-
-	<!--	!www doesn't work.	-->
-	<rule from="^https?://(?:www\.)?nextag\.(ca|com|de|fr|it)/"
-		to="https://www.nextag.$1/" />
-
-	<!--	img: Akamai	-->
-	<rule from="^https?://img(?:srv)?\.nextag\.com/"
-		to="https://imgsrv.nextag.com/" />
-
-	<rule from="^http://(merchants|stores|travel)\.nextag\.com/"
-		to="https://$1.nextag.com/" />
-
-	<!--	Cert only valid for fansnap.	-->
-	<rule from="^https?://tickets\.nextag\.com/la/"
-		to="https://www.fansnap.com/la/" />
-
-	<!--	Doesn't work over https,
-		seems identical to www.	-->
-	<rule from="^https?://www42.nextag\.com/"
-		to="https://www.nextag.com/" />
-
-	<!--	Akamai	-->
-	<rule from="^https?://img\d\d\.static-nextag\.com/"
-		to="https://imgsrv.nextag.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Nexternal-clients.xml b/src/chrome/content/rules/Nexternal-clients.xml
deleted file mode 100644
index abbcbe6f963f..000000000000
--- a/src/chrome/content/rules/Nexternal-clients.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	For Nexternal proper coverage, see Nexternal.xml.
-
--->
-<ruleset name="Nexternal clients" default_off="mismatch">
-
-	<!--	Cert: *.nexternal.com
-				-->
-	<target host="shop.blazingthyme.com" />
-	<target host="appmarket.nexternal.net" />
-
-
-	<rule from="^https?://(?:shop\.blazingthyme\.com|appmarket\.nexternal\.net)/Net/StoreFront/"
-		to="https://maxcdn.nexternal.com/Net/StoreFront/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Nexternal.xml b/src/chrome/content/rules/Nexternal.xml
index 3bc680b9c5fe..b53020f32405 100644
--- a/src/chrome/content/rules/Nexternal.xml
+++ b/src/chrome/content/rules/Nexternal.xml
@@ -1,22 +1,40 @@
 <!--
-	For clients, see Nexternal-clients.xml.
+	Connection reset:
+		cdndemo.nexternal.com
+		demo.nexternal.com
+		host.nexternal.com
+
+	Invalid certificate:
+		nexternal.net
+		www.nexternal.net
 
 -->
 <ruleset name="Nexternal">
 
 	<target host="nexternal.com" />
-	<target host="*.nexternal.com" />
-
-
-	<securecookie host="^.*\.nexternal\.com$" name=".*" />
-
-
-	<!--	Cert only matches *.nexternal.com.
-				-->
-	<rule from="^https?://(?:www\.)?nexternal\.com/"
-		to="https://www.nexternal.com/" />
-
-	<rule from="^http://(max)?cdn\.nexternal\.com/"
-		to="https://$1cdn.nexternal.com/" />
+	<target host="www.nexternal.com" />
+	<target host="cdn.nexternal.com" />
+	<target host="cdnuat.nexternal.com" />
+	<target host="ecommerce-blog.nexternal.com" />
+	<target host="hjcentral.nexternal.com" />
+	<target host="ims.nexternal.com" />
+	<target host="maxcdn.nexternal.com" />
+	<target host="oms.nexternal.com" />
+	<target host="secure1.nexternal.com" />
+	<target host="secure2.nexternal.com" />
+	<target host="secure3.nexternal.com" />
+	<target host="secure4.nexternal.com" />
+	<target host="secure5.nexternal.com" />
+	<target host="secure7.nexternal.com" />
+	<target host="secure9.nexternal.com" />
+	<target host="store.nexternal.com" />
+	<target host="uat.nexternal.com" />
+
+	<target host="appmarket.nexternal.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Nextgen-Gallery.com.xml b/src/chrome/content/rules/Nextgen-Gallery.com.xml
new file mode 100644
index 000000000000..0b6440d80ce6
--- /dev/null
+++ b/src/chrome/content/rules/Nextgen-Gallery.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Nonfunctional subdomains:
+
+		- affiliates *
+
+	* Refused
+
+-->
+<ruleset name="Nextgen-Gallery.com (partial)">
+
+	<target host="nextgen-gallery.com" />
+	<target host="www.nextgen-gallery.com" />
+		<!--
+			Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.nextgen-gallery\.com/($|login$|report-bug/$|wp-login\.php)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.nextgen-gallery\.com/+(?!(?:account|checkout|checkout-plus|help)(?:$|[?/])|favicon\.ico|no-access/|wp-content/|wp-includes/)" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Nextgen_Auto_Parts.com.xml b/src/chrome/content/rules/Nextgen_Auto_Parts.com.xml
new file mode 100644
index 000000000000..b58f8575a453
--- /dev/null
+++ b/src/chrome/content/rules/Nextgen_Auto_Parts.com.xml
@@ -0,0 +1,15 @@
+<!--
+	Some pages redirect to http.
+
+-->
+<ruleset name="Next Gen Auto Parts.com (partial)">
+
+	<target host="nextgenautoparts.com" />
+	<target host="*.nextgenautoparts.com" />
+		<!--exclusion pattern="^http://www\.nextgenautoparts\.com/+(?!favicon\.ico|images/|Portals/(\d+/theme\d/|_default))" /-->
+
+
+	<rule from="^http://(www\.)?nextgenautoparts\.com/(?=favicon\.ico|files/|images/|Portals/(?:\d+/portal\.css|\d+/theme\d/|_default/)|scripts/)"
+		to="https://$1nextgenautoparts.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Nextiva.xml b/src/chrome/content/rules/Nextiva.xml
deleted file mode 100644
index 126084022b76..000000000000
--- a/src/chrome/content/rules/Nextiva.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Nextiva">
-
-	<target host="nextiva.com" />
-	<target host="*.nextiva.com" />
-
-
-	<securecookie host="^\.nextiva\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?nextiva\.com/"
-		to="https://$1nextiva.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Nextmuni.xml b/src/chrome/content/rules/Nextmuni.xml
new file mode 100644
index 000000000000..6493446430fd
--- /dev/null
+++ b/src/chrome/content/rules/Nextmuni.xml
@@ -0,0 +1,15 @@
+<!--
+	Nonfunctional hosts in *.nextmuni.com:
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Nextmuni.com">
+	<target host="nextmuni.com" />
+	<target host="www.nextmuni.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Nexus_Pay.xml b/src/chrome/content/rules/Nexus_Pay.xml
deleted file mode 100644
index f8f1f86e2bbb..000000000000
--- a/src/chrome/content/rules/Nexus_Pay.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Nexus Pay">
-
-	<target host="nexuspays.com" />
-	<target host="*.nexuspays.com" />
-
-
-	<securecookie host="^(?:w*\.)?nexuspay\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?nexuspay\.com/"
-		to="https://$1nexuspay.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Nexway.com.xml b/src/chrome/content/rules/Nexway.com.xml
new file mode 100644
index 000000000000..99163a36c59f
--- /dev/null
+++ b/src/chrome/content/rules/Nexway.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="Nexway.com (partial)">
+
+	<target host="nexway.com" />
+	<target host="www.nexway.com" />
+	<target host="corporate.nexway.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ng-book.com.xml b/src/chrome/content/rules/Ng-book.com.xml
new file mode 100644
index 000000000000..341bca46d14a
--- /dev/null
+++ b/src/chrome/content/rules/Ng-book.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .ng-book.com
+
+-->
+<ruleset name="ng-book.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ng-book.com" />
+	<target host="www.ng-book.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.ng-book\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.ng-book\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ngage_ICS.xml b/src/chrome/content/rules/Ngage_ICS.xml
index 3936b3a072ee..80e98a56edfc 100644
--- a/src/chrome/content/rules/Ngage_ICS.xml
+++ b/src/chrome/content/rules/Ngage_ICS.xml
@@ -15,10 +15,6 @@
 	<securecookie host="^messenger\.ngageics\.com$" name=".+" />
 
 
-	<rule from="^http://messenger\.ngageics\.com/"
-		to="https://messenger.ngageics.com/" />
+	<rule from="^http:" to="https:" />
 
-	<rule from="^http://secure\.ngagelive\.com/"
-		to="https://secure.ngagelive.com/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Nghttp2.org.xml b/src/chrome/content/rules/Nghttp2.org.xml
new file mode 100644
index 000000000000..a4be8f4ecf57
--- /dev/null
+++ b/src/chrome/content/rules/Nghttp2.org.xml
@@ -0,0 +1,12 @@
+<ruleset name="nghttp2.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="nghttp2.org" />
+	<target host="www.nghttp2.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Nginx.org.xml b/src/chrome/content/rules/Nginx.org.xml
index dc792b37c625..5ab8d317c4ba 100644
--- a/src/chrome/content/rules/Nginx.org.xml
+++ b/src/chrome/content/rules/Nginx.org.xml
@@ -1,19 +1,14 @@
-<!--
-	Nonfunctional subdomains:
+<ruleset name="nginx.org">
 
-		- (www.)	(refused)
-		- wiki		(dropped)
+	<target host="nginx.org" />
+	<target host="www.nginx.org" />
+	<target host="forum.nginx.org" />
+	<target host="hg.nginx.org" />
+	<target host="mailman.nginx.org" />
+	<target host="trac.nginx.org" />
+	<target host="unit.nginx.org" />
+	<target host="wiki.nginx.org" />
 
--->
-<ruleset name="nginx.org (partial)">
+	<rule from="^http:" to="https:" />
 
-	<target host="*.nginx.org" />
-
-
-	<securecookie host="^\.?trac\.nginx\.org$" name=".+" />
-
-
-	<rule from="^http://trac\.nginx\.org/"
-		to="https://trac.nginx.org/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Ngrok.com.xml b/src/chrome/content/rules/Ngrok.com.xml
new file mode 100644
index 000000000000..057db72129b2
--- /dev/null
+++ b/src/chrome/content/rules/Ngrok.com.xml
@@ -0,0 +1,20 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://dl.ngrok.com/ => https://dl.ngrok.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+-->
+<ruleset name="ngrok.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ngrok.com" />
+	<target host="dashboard.ngrok.com" />
+	<target host="dl.ngrok.com" />
+	<target host="www.ngrok.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ngx.cc.xml b/src/chrome/content/rules/Ngx.cc.xml
new file mode 100644
index 000000000000..9343403f5e79
--- /dev/null
+++ b/src/chrome/content/rules/Ngx.cc.xml
@@ -0,0 +1,18 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://b.ngx.cc/ => https://b.ngx.cc/: (6, 'Could not resolve host: b.ngx.cc')
+
+-->
+<ruleset name="Ngx.cc" default_off="failed ruleset test">
+	<target host="ngx.cc" />
+	<target host="b.ngx.cc" />
+	<target host="bot.ngx.cc" />
+	<target host="i.ngx.cc" />
+	<target host="ip.ngx.cc" />
+	<target host="p.ngx.cc" />
+	<target host="paste.ngx.cc" />
+	<target host="www.ngx.cc" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Nhat_tao.com.xml b/src/chrome/content/rules/Nhat_tao.com.xml
new file mode 100644
index 000000000000..075efb7c0b0b
--- /dev/null
+++ b/src/chrome/content/rules/Nhat_tao.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these nhattao.com:
+
+		- .nhattao.com
+
+-->
+<ruleset name="Nhat tao.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="nhattao.com" />
+	<target host="www.nhattao.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.nhattao\.com$" name="^xf_session$" /-->
+
+	<securecookie host="^\.nhattao\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Nhentai.net.xml b/src/chrome/content/rules/Nhentai.net.xml
new file mode 100644
index 000000000000..e2756aba9422
--- /dev/null
+++ b/src/chrome/content/rules/Nhentai.net.xml
@@ -0,0 +1,15 @@
+<!--
+	Invalid certificate:
+		blog.nhentai.net
+-->
+<ruleset name="Nhentai.net">
+	<target host="nhentai.net" />
+	<target host="i.nhentai.net" />
+		<test url="http://i.nhentai.net/galleries/1150818/4.jpg" />
+	<target host="static.nhentai.net" />
+		<test url="http://static.nhentai.net/robots.txt" />
+	<target host="t.nhentai.net" />
+		<test url="http://t.nhentai.net/galleries/1149886/4t.png" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/NiKec_Solutions.xml b/src/chrome/content/rules/NiKec_Solutions.xml
index a83196076729..25fe77af5d1e 100644
--- a/src/chrome/content/rules/NiKec_Solutions.xml
+++ b/src/chrome/content/rules/NiKec_Solutions.xml
@@ -19,4 +19,4 @@
 	<rule from="^http://(?:www\.)?nikecsolutions\.com/"
 		to="https://nikecsolutions.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Nianet.dk.xml b/src/chrome/content/rules/Nianet.dk.xml
new file mode 100644
index 000000000000..198daab6c651
--- /dev/null
+++ b/src/chrome/content/rules/Nianet.dk.xml
@@ -0,0 +1,31 @@
+<!--
+	Mismatched:
+		- ^
+		- www
+		- m
+
+	Timeout:
+		- speedtest
+		- sslvpn
+		- test2
+
+	Only HTTPS version exists:
+		- autodiscover
+		- cloud
+		- consoleproxy
+		- test1.ip
+		- post
+		- snowlicense
+		- expe01.uc
+		- vpn
+-->
+<ruleset name="Nianet.dk (partial)">
+	<target host="ckm.nianet.dk" />
+	<target host="cloudvpn.nianet.dk" />
+	<target host="cst.nianet.dk" />
+	<target host="mit.nianet.dk" />
+	<target host="ok.nianet.dk" />
+	<target host="zenvpn.nianet.dk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Nic.bc.ca.xml b/src/chrome/content/rules/Nic.bc.ca.xml
new file mode 100644
index 000000000000..686700ebc934
--- /dev/null
+++ b/src/chrome/content/rules/Nic.bc.ca.xml
@@ -0,0 +1,12 @@
+<!--
+        Nonfunctional hosts in *.nic.bc.ca:
+                nic.bc.ca (404)
+-->
+<ruleset name="Nic.bc.ca">
+	<target host="nic.bc.ca" />
+	<target host="www.nic.bc.ca" />
+
+	<rule from="^http://nic\.bc\.ca/" to="https://www.nic.bc.ca/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Nic.cz.xml b/src/chrome/content/rules/Nic.cz.xml
index 545140f87c79..346aaeb34fbe 100644
--- a/src/chrome/content/rules/Nic.cz.xml
+++ b/src/chrome/content/rules/Nic.cz.xml
@@ -1,38 +1,41 @@
 <!--
-	Fully covered subdomains:
-
-		- (www.)
-		- blog
-		- git
-		- labs
-
-
-	Observed cookie domains:
-
-		- .
-		- .labs *
-		- www
-
-	* Tracking cookies only
-
-
-	Mixed content:
-
-		- Script on www from test-ipv6.cz *
-
-	* Secured by us
-
+	Other CZ.NIC rulesets:
+		- CSIRT.CZ.xml
+		- DNSSEC-Validator.cz.xml
+		- Domenovy_prohlizec.cz.xml
+		- Knot-DNS.cz.xml
+		- knot-resolver.cz.xml
+		- MojeID.cz.xml
+		- Turris.cz.xml
+
+	Mismatched:
+		- jsns.nic.cz
 -->
-<ruleset name="CZ.NIC" platform="mixedcontent">
-  <target host="nic.cz" />
-  <target host="www.nic.cz" />
-  <target host="labs.nic.cz" />
-  <target host="git.nic.cz" />
-  <target host="blog.nic.cz" />
 
-  <securecookie host="^((?:www|labs|git|blog|)\.)?nic\.cz$" name=".*" />
-
-  <rule from="^http://((?:www|labs|git|blog)\.)?nic\.cz/" to="https://$1nic.cz/"/>
+<ruleset name="CZ.NIC">
+	<target host="nic.cz" />
+	<target host="www.nic.cz" />
+	<target host="akademie.nic.cz" />
+	<target host="blog.nic.cz" />
+	<target host="en.blog.nic.cz" />
+	<target host="fred.nic.cz" />
+	<target host="git.nic.cz" />
+	<target host="gitlab.labs.nic.cz" />
+	<target host="intranet.nic.cz" />
+	<target host="jenkins.labs.nic.cz" />
+	<target host="knihy.nic.cz" />
+	<target host="labs.nic.cz" />
+	<target host="sks.labs.nic.cz" />
+	<target host="lists.nic.cz" />
+	<target host="mirrors.nic.cz" />
+	<target host="moodle.nic.cz" />
+	<target host="onlinechat.nic.cz" />
+	<target host="piwik.nic.cz" />
+	<target host="podpora.nic.cz" />
+	<target host="secure.nic.cz" />
+	<target host="stats.nic.cz" />
+
+	<securecookie host=".+" name=".+" />
+
+ 	<rule from="^http:" to="https:" />
 </ruleset>
-
-
diff --git a/src/chrome/content/rules/Nic.ir.xml b/src/chrome/content/rules/Nic.ir.xml
new file mode 100644
index 000000000000..5bcc89a1eae6
--- /dev/null
+++ b/src/chrome/content/rules/Nic.ir.xml
@@ -0,0 +1,14 @@
+<!--
+	Expired:
+		- tools.nic.ir
+		- whois.nic.ir
+
+	Incomplete certificate chain:
+		- rrmt.nic.ir
+-->
+<ruleset name="Nic.ir">
+	<target host="nic.ir" />
+	<target host="www.nic.ir" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Nic.ru.xml b/src/chrome/content/rules/Nic.ru.xml
new file mode 100644
index 000000000000..e5dd5b6bb2cb
--- /dev/null
+++ b/src/chrome/content/rules/Nic.ru.xml
@@ -0,0 +1,32 @@
+<!--auction. timed out
+info. self signed
+stat. timed out
+r01. refused
+mobile. mismatch
+ssl. expired
+moscow. timed out
+monoid. timed out
+ec. mismatch
+new. mismatch
+bulletin1. timed out
+forum. refused
+site. mismatch
+edu. mismatch
+ipv6. timed out
+blog. mismatch
+press. mismatch
+www.hosting. mismatch
+www.info. mismatch
+www.forum. mismatch
+nic.link. mismatch-->
+<ruleset name="Nic.ru">
+	<target host="nic.ru" />
+	<target host="www.nic.ru" />
+	<target host="parking.nic.ru" />
+	<target host="m.nic.ru" />
+	<target host="hosting.nic.ru" />
+	<target host="mail.nic.ru" />
+	<target host="www.mail.nic.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/NicAc.xml b/src/chrome/content/rules/NicAc.xml
index 673559882ff3..d5844c1261f9 100644
--- a/src/chrome/content/rules/NicAc.xml
+++ b/src/chrome/content/rules/NicAc.xml
@@ -2,7 +2,7 @@
   <target host="nic.ac" />
   <target host="www.nic.ac" />
 
-  <securecookie host="^(.+\.)?nic\.ac$" name=".*"/>
+  <securecookie host=".+" name=".+" />
 
-  <rule from="^http://(?:www\.)?nic\.ac/" to="https://www.nic.ac/"/>
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/NicIo.xml b/src/chrome/content/rules/NicIo.xml
index 71fe68a59380..2571f95f8273 100644
--- a/src/chrome/content/rules/NicIo.xml
+++ b/src/chrome/content/rules/NicIo.xml
@@ -2,7 +2,7 @@
   <target host="nic.io" />
   <target host="www.nic.io" />
 
-  <securecookie host="^(.+\.)?nic\.io$" name=".*"/>
+  <securecookie host=".+" name=".+" />
 
-  <rule from="^http://(?:www\.)?nic\.io/" to="https://www.nic.io/"/>
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Nice264.xml b/src/chrome/content/rules/Nice264.xml
new file mode 100644
index 000000000000..1072792b81b8
--- /dev/null
+++ b/src/chrome/content/rules/Nice264.xml
@@ -0,0 +1,19 @@
+<ruleset name="Nice 264">
+
+<!-- Internal Server Error for:
+	^ & www
+	Cert mismatch on:
+		- support - valid only for Zendesk
+		- svg1.webtv - connection refused
+		- nws - connection refused
+		- stage - connection refused
+		- mgmt - connection refused
+		- wpam - server error
+-->
+
+	<target host="nqs.nice264.com" />
+	<target host="test-nqs.nice264.com" />
+
+	<rule from="^http:" to="https:"/>
+
+</ruleset>
diff --git a/src/chrome/content/rules/NiceHash.com.xml b/src/chrome/content/rules/NiceHash.com.xml
new file mode 100644
index 000000000000..2a35da8deec1
--- /dev/null
+++ b/src/chrome/content/rules/NiceHash.com.xml
@@ -0,0 +1,16 @@
+<ruleset name="NiceHash.com">
+
+	<target host="nicehash.com" />
+	<target host="www.nicehash.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?nicehash\.com$" name="^(JSESSIONID|lastalgo)$" /-->
+
+	<securecookie host="^(?:\.|www\.)?nicehash\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NiceKicks.com.xml b/src/chrome/content/rules/NiceKicks.com.xml
index d5b16b67ba3f..baf96adc0b57 100644
--- a/src/chrome/content/rules/NiceKicks.com.xml
+++ b/src/chrome/content/rules/NiceKicks.com.xml
@@ -17,7 +17,7 @@
 	<target host="*.nicekicks.com" />
 
 
-	<rule from="^https?://\d\.nicekicks\.com/"
+	<rule from="^http://\d\.nicekicks\.com/"
 		to="https://d34jsf1j24280j.cloudfront.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Nice_n_Naughty.xml b/src/chrome/content/rules/Nice_n_Naughty.xml
index 8f3c74dd7de2..1420b6b9572d 100644
--- a/src/chrome/content/rules/Nice_n_Naughty.xml
+++ b/src/chrome/content/rules/Nice_n_Naughty.xml
@@ -2,13 +2,11 @@
 
 	<target host="nicennaughty.co.uk" />
 	<target host="www.nicennaughty.co.uk" />
-	<target host="*.www.nicennaughty.co.uk" />
 
 
 	<securecookie host="^\.www\.nicennaughty\.co\.uk$" name=".+" />
 
 
-	<rule from="^http://(www\.)?nicennaughty\.co\.uk/"
-		to="https://$1nicennaughty.co.uk/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Nicereply.com.xml b/src/chrome/content/rules/Nicereply.com.xml
new file mode 100644
index 000000000000..197afa0deeeb
--- /dev/null
+++ b/src/chrome/content/rules/Nicereply.com.xml
@@ -0,0 +1,30 @@
+<!--
+    Nonfunctional subdomains:
+        - help   -> wrong domain
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.nicereply.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Nicereply.com">
+
+	<target host="nicereply.com" />
+	<target host="public.nicereply.com" />
+	<target host="www.nicereply.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.nicereply\.com" name="^(?:PHPSESSID|referer|refererVisits)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Nicholas_Ranallo.xml b/src/chrome/content/rules/Nicholas_Ranallo.xml
deleted file mode 100644
index ea5d6a3abe10..000000000000
--- a/src/chrome/content/rules/Nicholas_Ranallo.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	mismatched, CN: *.bluehost.com
-
--->
-<ruleset name="Nicholas Ranallo (partial)">
-
-	<target host="ranallolawoffice.com" />
-	<target host="www.ranallolawoffice.com" />
-
-
-	<rule from="^http://(?:www\.)?ranallolawoffice\.com/(?:favicon\.ico|wp-content/|wp-includes/)"
-		to="https://secure.bluehost.com/~ranallol/$1" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/NickyHager.info.xml b/src/chrome/content/rules/NickyHager.info.xml
new file mode 100644
index 000000000000..d694b7cbba55
--- /dev/null
+++ b/src/chrome/content/rules/NickyHager.info.xml
@@ -0,0 +1,9 @@
+<ruleset name="NickyHager.info">
+
+	<target host="nickyhager.info" />
+	<target host="www.nickyhager.info" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Nicky_Hager.xml b/src/chrome/content/rules/Nicky_Hager.xml
deleted file mode 100644
index 4886927ab1ed..000000000000
--- a/src/chrome/content/rules/Nicky_Hager.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	CN: *.bluehost.com
-
--->
-<ruleset name="Nicky Hager (partial)">
-
-	<target host="nickyhager.info" />
-	<target host="www.nickyhager.info" />
-
-
-	<rule from="^http://(?:www\.)?nickyhager\.info/wp-content/"
-		to="https://secure.bluehost.com/~nickyhag/wp-content/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Nicotine-Anonymous.xml b/src/chrome/content/rules/Nicotine-Anonymous.xml
index 4f767d4f2845..f755e532e732 100644
--- a/src/chrome/content/rules/Nicotine-Anonymous.xml
+++ b/src/chrome/content/rules/Nicotine-Anonymous.xml
@@ -1,11 +1,11 @@
 <ruleset name="Nicotine Anonymous">
 	<target host="nicotine-anonymous.org" />
-	<target host="*.nicotine-anonymous.org" />
+	<target host="www.nicotine-anonymous.org" />
 
 
 	<securecookie host="^(?:w*\.)?nicotine-anonymous\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?nicotine-anonymous\.org/" to="https://$1nicotine-anonymous.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Nicovideo.jp.xml b/src/chrome/content/rules/Nicovideo.jp.xml
new file mode 100644
index 000000000000..53d21e590f28
--- /dev/null
+++ b/src/chrome/content/rules/Nicovideo.jp.xml
@@ -0,0 +1,53 @@
+<!--
+	Nicovideo related rulesets:
+
+		- Friends.nico.xml
+		- Nimg.jp.xml
+
+	Nonfunctional subdomains:
+
+		- bbs ¹
+		- ex ²
+		- jk ¹
+
+	¹ Dropped
+	² Refused
+
+	Problematic subdomains:
+
+		- sales.ads *
+		- help *
+
+	* Mismatched
+
+-->
+<ruleset name="nicovideo.jp (partial)">
+
+	<target host="3d.nicovideo.jp" />
+	<target host="account.nicovideo.jp" />
+	<target host="ads.nicovideo.jp" />
+	<target host="app.nicovideo.jp" />
+	<target host="blog.nicovideo.jp" />
+	<target host="ch.nicovideo.jp" />
+	<target host="com.nicovideo.jp" />
+	<target host="commons.nicovideo.jp" />
+	<target host="dic.nicovideo.jp" />
+	<target host="enquete.nicovideo.jp" />
+	<target host="game.nicovideo.jp" />
+	<target host="info.nicovideo.jp" />
+	<target host="live.nicovideo.jp" />
+	<target host="live2.nicovideo.jp" />
+	<target host="news.nicovideo.jp" />
+	<target host="nicovideo.jp" />
+	<target host="point.nicovideo.jp" />
+	<target host="qa.nicovideo.jp" />
+	<target host="rd.nicovideo.jp" />
+	<target host="secure.ch.nicovideo.jp" />
+	<target host="secure.nicovideo.jp" />
+	<target host="seiga.nicovideo.jp" />
+	<target host="www.nicovideo.jp" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Niden.net.xml b/src/chrome/content/rules/Niden.net.xml
new file mode 100644
index 000000000000..749aa5301b95
--- /dev/null
+++ b/src/chrome/content/rules/Niden.net.xml
@@ -0,0 +1,19 @@
+<!--
+	STS header includes includeSubdomains
+
+-->
+<ruleset name="niden.net">
+
+	<target host="niden.net" />
+	<target host="*.niden.net" />
+
+		<test url="http://www.niden.net/" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Nidwaldner_Kantonabank.xml b/src/chrome/content/rules/Nidwaldner_Kantonabank.xml
deleted file mode 100644
index 7c7ff86adef0..000000000000
--- a/src/chrome/content/rules/Nidwaldner_Kantonabank.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<ruleset name="Nidwaldner Kantonabank">
-    <target host="nkb.ch" />
-    <target host="*.nkb.ch" />
-
-    <securecookie host="^(.*\.)?nkb\.ch$" name=".+" />
-
-    <rule from="^https?://nkb\.ch/"
-        to="https://www.nkb.ch/"/>
-    <rule from="^http://([^/:@]+)?\.nkb\.ch/"
-        to="https://$1.nkb.ch/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Nie-wieder-VDS.de.xml b/src/chrome/content/rules/Nie-wieder-VDS.de.xml
new file mode 100644
index 000000000000..0cdb312f6755
--- /dev/null
+++ b/src/chrome/content/rules/Nie-wieder-VDS.de.xml
@@ -0,0 +1,39 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://nie-wieder-vds.de/ => https://nie-wieder-vds.de/: (7, 'Failed to connect to nie-wieder-vds.de port 443: Connection refused')
+Fetch error: http://www.nie-wieder-vds.de/ => https://nie-wieder-vds.de/: (7, 'Failed to connect to nie-wieder-vds.de port 443: Connection refused')
+
+	www.nie-wieder-vds.de: Shows hosting.pixelspread.de
+
+
+	Insecure cookies are set for these hosts:
+
+		- nie-wieder-vds.de
+
+-->
+<ruleset name="Nie-wieder-VDS.de" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="nie-wieder-vds.de" />
+
+	<!--	Complications:
+				-->
+	<target host="www.nie-wieder-vds.de" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^nie-wieder-vds\.de$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^nie-wieder-vds\.de$" name=".+" />
+
+
+	<rule from="^http://www\.nie-wieder-vds\.de/"
+		to="https://nie-wieder-vds.de/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Nieuweautokopen.nl.xml b/src/chrome/content/rules/Nieuweautokopen.nl.xml
new file mode 100644
index 000000000000..617536d9dda8
--- /dev/null
+++ b/src/chrome/content/rules/Nieuweautokopen.nl.xml
@@ -0,0 +1,97 @@
+<!--
+	For other Marktplaats coverage, see Marktplaats.nl.xml
+
+
+	Non-functional subdomains:
+
+		- dealers	(i)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+
+	Host has wildcard DNS
+-->
+<ruleset name="Nieuweautokopen.nl">
+
+	<target host="nieuweautokopen.nl" />
+	<target host="www.nieuweautokopen.nl" />
+	<target host="abmulder.nieuweautokopen.nl" />
+	<target host="www.adriejonk.nieuweautokopen.nl" />
+	<target host="inruilautos.aks.nieuweautokopen.nl" />
+	<target host="anwb.nieuweautokopen.nl" />
+	<target host="arendauto.nieuweautokopen.nl" />
+	<target host="autoaa.nieuweautokopen.nl" />
+	<target host="automotivated.nieuweautokopen.nl" />
+	<target host="www.autoscout24.nieuweautokopen.nl" />
+	<target host="www.autotekoop.nieuweautokopen.nl" />
+	<target host="autotelegraaf.nieuweautokopen.nl" />
+	<target host="www.autotrends.nieuweautokopen.nl" />
+	<target host="www.autovadah.nieuweautokopen.nl" />
+	<target host="autovisie.nieuweautokopen.nl" />
+	<target host="autowaarde.nieuweautokopen.nl" />
+	<target host="autowereld.nieuweautokopen.nl" />
+	<target host="autozaak.nieuweautokopen.nl" />
+	<target host="bmwkopen.nieuweautokopen.nl" />
+	<target host="bochane.nieuweautokopen.nl" />
+	<target host="www.boksdirect.nieuweautokopen.nl" />
+	<target host="broekhuisauto.nieuweautokopen.nl" />
+	<target host="chevroletkopen.nieuweautokopen.nl" />
+	<target host="coolendirect.nieuweautokopen.nl" />
+	<target host="extern.nieuweautokopen.nl" />
+	<target host="ford.nieuweautokopen.nl" />
+	<target host="ftp.nieuweautokopen.nl" />
+	<target host="greven.nieuweautokopen.nl" />
+	<target host="www.greven.nieuweautokopen.nl" />
+	<target host="www.h-point.nieuweautokopen.nl" />
+	<target host="hexon.nieuweautokopen.nl" />
+	<target host="www.hoogterp.nieuweautokopen.nl" />
+	<target host="hyundai.nieuweautokopen.nl" />
+	<target host="hyundaii10.nieuweautokopen.nl" />
+	<target host="demo.ilms.nieuweautokopen.nl" />
+	<target host="images.nieuweautokopen.nl" />
+	<target host="www.infinitikopen.nieuweautokopen.nl" />
+	<target host="inruilautos.nieuweautokopen.nl" />
+	<target host="www.james.nieuweautokopen.nl" />
+	<target host="kia.nieuweautokopen.nl" />
+	<target host="kiapicanto.nieuweautokopen.nl" />
+	<target host="kien.nieuweautokopen.nl" />
+	<target host="www.marcovanbeek.nieuweautokopen.nl" />
+	<target host="marktplaats.nieuweautokopen.nl" />
+	<target host="ilms.marktplaats.nieuweautokopen.nl" />
+	<target host="mazda.nieuweautokopen.nl" />
+	<target host="mercedeskopen.nieuweautokopen.nl" />
+	<target host="www.minikopen.nieuweautokopen.nl" />
+	<target host="www.nieuweautoleasen.nieuweautokopen.nl" />
+	<target host="nissan.nieuweautokopen.nl" />
+	<target host="nissanqashqai.nieuweautokopen.nl" />
+	<target host="outboundbdc.nieuweautokopen.nl" />
+	<target host="peugeot308.nieuweautokopen.nl" />
+	<target host="renaultclio.nieuweautokopen.nl" />
+	<target host="rfc.nieuweautokopen.nl" />
+	<target host="www.rfc.nieuweautokopen.nl" />
+	<target host="seatmii.nieuweautokopen.nl" />
+	<target host="skodacenterutrecht.nieuweautokopen.nl" />
+	<target host="skodacitigo.nieuweautokopen.nl" />
+	<target host="toyota.nieuweautokopen.nl" />
+	<target host="toyotaaygo.nieuweautokopen.nl" />
+	<target host="www.vanbeynum.nieuweautokopen.nl" />
+	<target host="vannieuwkerk.nieuweautokopen.nl" />
+	<target host="visscher.nieuweautokopen.nl" />
+	<target host="vkvgroep.nieuweautokopen.nl" />
+	<target host="volkswagenup.nieuweautokopen.nl" />
+	<target host="weblog.nieuweautokopen.nl" />
+	<target host="www.wesselink.nieuweautokopen.nl" />
+	<target host="wijnne.nieuweautokopen.nl" />
+
+	<!-- certificate mismatch -->
+	<rule from="^http://nieuweautokopen\.nl/"
+		to="https://www.nieuweautokopen.nl/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Nieuwsblad.be.xml b/src/chrome/content/rules/Nieuwsblad.be.xml
deleted file mode 100644
index 97b93f5ae589..000000000000
--- a/src/chrome/content/rules/Nieuwsblad.be.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- dating
-		- meteo1	(Akamai; 504)
-		- shop
-
--->
-<ruleset name="Nieuwsblad.be (mismatches)" default_off="cert warning">
-
-	<target host="nieuwsblad.be" />
-	<target host="www.nieuwsblad.be" />
-
-
-	<rule from="^http://(www\.)?nieuwsblad\.be/"
-		to="https://$1nieuwsblad.be/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Nifty.com.xml b/src/chrome/content/rules/Nifty.com.xml
new file mode 100644
index 000000000000..d6756c8a6cba
--- /dev/null
+++ b/src/chrome/content/rules/Nifty.com.xml
@@ -0,0 +1,34 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+		- dictionary.nifty.com
+
+		Peer certificate cannot be authenticated with given CA certificates:
+		- transit.nifty.com
+
+		Status code mismatch:
+		- homepage.nifty.com
+
+		4xx client error:
+		- clink.nifty.com
+		- track.nifty.com
+-->
+<ruleset name="Nifty.com (partial)">
+	<target host="nifty.com" />
+	<target host="www.nifty.com" />
+	<target host="arbeit.nifty.com" />
+	<target host="azby.nifty.com" />
+	<target host="chosa.nifty.com" />
+	<target host="game.nifty.com" />
+	<target host="hoken.nifty.com" />
+	<target host="keiba.nifty.com" />
+	<target host="news.nifty.com" />
+	<target host="onsen.nifty.com" />
+	<target host="oshiete1.nifty.com" />
+	<target host="portal.nifty.com" />
+	<target host="sportsclub.nifty.com" />
+	<target host="uranai.nifty.com" />
+	<target host="woman-money.nifty.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/NightDev.com.xml b/src/chrome/content/rules/NightDev.com.xml
new file mode 100644
index 000000000000..dd4c84d62353
--- /dev/null
+++ b/src/chrome/content/rules/NightDev.com.xml
@@ -0,0 +1,30 @@
+<!--
+	Other NightDev rulesets:
+
+
+
+	Insecure cookies are set for these hosts:
+
+		- community.nightdev.com
+
+-->
+<ruleset name="NightDev.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="nightdev.com" />
+	<target host="community.nightdev.com" />
+	<target host="www.nightdev.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^community\.nightdev\.com$" name="^_forum_session$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NightLove.xml b/src/chrome/content/rules/NightLove.xml
index 38f50f39baaf..52f3b332e6e6 100644
--- a/src/chrome/content/rules/NightLove.xml
+++ b/src/chrome/content/rules/NightLove.xml
@@ -1,13 +1,21 @@
-<ruleset name="NightLove">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://nightlove.me/ => https://nightlove.me/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.nightlove.me/ => https://www.nightlove.me/: (28, 'Connection timed out after 20001 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://nightlove.me/ => https://nightlove.me/: (6, 'Could not resolve host: nightlove.me')
+-->
+<ruleset name="NightLove" default_off="failed ruleset test">
 
 	<target host="nightlove.me" />
-	<target host="*.nightlove.me" />
+	<target host="www.nightlove.me" />
 
 
 	<securecookie host="^\.nightlove\.me$" name=".+" />
 
 
-	<rule from="^http://(www\.)?nightlove\.me/"
-		to="https://$1nightlove.me/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Nightcode.info.xml b/src/chrome/content/rules/Nightcode.info.xml
new file mode 100644
index 000000000000..ed9d495c0580
--- /dev/null
+++ b/src/chrome/content/rules/Nightcode.info.xml
@@ -0,0 +1,22 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://nightcode.info/ => https://nightcode.info/: (7, 'Failed to connect to nightcode.info port 443: Connection refused')
+
+-->
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://nightcode.info/ => https://nightcode.info/: (28, 'Connection timed out after 10000 milliseconds')
+
+	www.nightcode.info doesn't exist.
+
+-->
+<ruleset name="Nightcode.info" default_off="failed ruleset test">
+
+	<target host="nightcode.info" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Nightmarish-Dream.ru.xml b/src/chrome/content/rules/Nightmarish-Dream.ru.xml
new file mode 100644
index 000000000000..dd45d8d8d338
--- /dev/null
+++ b/src/chrome/content/rules/Nightmarish-Dream.ru.xml
@@ -0,0 +1,8 @@
+<ruleset name="Nightmarish-Dream.ru">
+	<target host="nightmarish-dream.ru" />
+	<target host="www.nightmarish-dream.ru" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Nightweb.net.xml b/src/chrome/content/rules/Nightweb.net.xml
new file mode 100644
index 000000000000..bf1f7ee38276
--- /dev/null
+++ b/src/chrome/content/rules/Nightweb.net.xml
@@ -0,0 +1,22 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://nightweb.net/ => https://nightweb.net/: (7, 'Failed to connect to nightweb.net port 443: Connection refused')
+
+-->
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://nightweb.net/ => https://nightweb.net/: (28, 'Connection timed out after 10001 milliseconds')
+
+	www.nightweb.net doesn't exist.
+
+-->
+<ruleset name="Nightweb.net" default_off="failed ruleset test">
+
+	<target host="nightweb.net" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Nijyuyon-Bimuunzu.xml b/src/chrome/content/rules/Nijyuyon-Bimuunzu.xml
index c79371a1b979..939b7215e39c 100644
--- a/src/chrome/content/rules/Nijyuyon-Bimuunzu.xml
+++ b/src/chrome/content/rules/Nijyuyon-Bimuunzu.xml
@@ -1,19 +1,11 @@
-<!--
-	Problematic domains:
-
-		e-nls.com	(cert only matches www)
-
--->
 <ruleset name="Nijyuyon-Bimuunzu">
 
 	<target host="e-nls.com" />
 	<target host="www.e-nls.com" />
+	<target host="img.e-nls.com" />
 
 
-	<rule from="^https?://(?:www\.)?e-nls\.com/"
-		to="https://www.e-nls.com/" />
-
-	<rule from="^http://img\.e-nls\.com/"
-		to="https://img.e-nls.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Nik_Cub.com.xml b/src/chrome/content/rules/Nik_Cub.com.xml
new file mode 100644
index 000000000000..55eaf894fe46
--- /dev/null
+++ b/src/chrome/content/rules/Nik_Cub.com.xml
@@ -0,0 +1,16 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://nikcub.com/ => https://nikcub.com/: (28, 'Operation timed out after 30002 milliseconds with 0 bytes received')
+Fetch error: http://www.nikcub.com/ => https://www.nikcub.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+
+-->
+<ruleset name="Nik Cub.com" default_off="failed ruleset test">
+
+	<target host="nikcub.com" />
+	<target host="www.nikcub.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Nik_Software.xml b/src/chrome/content/rules/Nik_Software.xml
index 701f1e8d40fd..ce9e29b33271 100644
--- a/src/chrome/content/rules/Nik_Software.xml
+++ b/src/chrome/content/rules/Nik_Software.xml
@@ -1,4 +1,10 @@
-<ruleset name="Nik Software (partial)">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://shop.niksoftware.com/ => https://shop.niksoftware.com/: (28, 'Connection timed out after 20000 milliseconds')
+
+-->
+<ruleset name="Nik Software (partial)" default_off="failed ruleset test">
 
 	<target host="shop.niksoftware.com" />
 
@@ -6,7 +12,6 @@
 	<securecookie host="^shop\.niksoftware\.com$" name=".+" />
 
 
-	<rule from="^http://shop\.niksoftware\.com/"
-		to="https://shop.niksoftware.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Nike.com.xml b/src/chrome/content/rules/Nike.com.xml
index 0ccce6bc62c3..c4eb6caac4b5 100644
--- a/src/chrome/content/rules/Nike.com.xml
+++ b/src/chrome/content/rules/Nike.com.xml
@@ -1,4 +1,5 @@
 <!--
+
 	CDN buckets:
 
 		- nike.112.2o7.net
@@ -12,49 +13,48 @@
 			- smodus
 
 		- ak1s.abmr.net/is/secure-store.nike.com
-
-		- images.nike.com.edgesuite.net
-
-			- a471.b.akamai.net
-
 		- nikeplus.nike.com.edgesuite.net
-
-			- a1758.b.akamai.net
-
 		- niketown.nike.com.edgesuite.net
 		- nikevideo.nike.com.edgesuite.net
 		- secure-niketown.nike.com.edgekey.net
 		- secure-store.nike.com.edgekey.net
 		- store.nike.com.edgesuite.net
-
 		- ugc.nikeid.com.edgesuite.net
 
-			- a259.b.akamai.net
-
 
 	Nonfunctional subdomains:
 
 		- legacydev	(refused)
+		- news ³
+		- origin-www ⁴
+
+	³ 503, Akamai
+	⁴ 404
 
 
 	Problematic subdomains:
 
-		- ^		(mismatched, CN: origin-www.nike.com)
+		- ^ ¹
+		- help-zh-tw ᵐ
 		- images *
-		- modus		(mismatched, CN: *.112.2o7.net)
+		- modus	ᵐ
 		- nikeplus *
 		- nikevideo *
+		- secure-nikeplus ᵀ
 		- store		(redirects to secure-store, akamai)
 		- ugc *
+		- www		(Blocks Tor users)
 
+	¹ Refused
+	ᵀ Blocks Tor users
 	* Works, akamai
+	ᵐ Mismatched
 
 
 	Partially covered subdomains:
 
-		- (www.)	(^ → www, $ redirects to http)
+		- ^	(→ www, $ redirects to http)
 		- nikeplus	(some pages redirect to http)
-		- nikevideo	(→ akamai)
 
 
 	Fully covered subdomains:
@@ -75,19 +75,14 @@
 		- help-ja-jp
 		- help-nl-eu
 		- help-pt-br
-		- help-zh-tw
 		- images *
 		- modus		(→ nike-com.112.2o7.net)
-		- origin-www
 		- secure-nikeplus
 		- secure-niketown
 		- secure-store
 		- store
 		- smodus
 		- store		(→ secure-store)
-		- ugc *
-
-	* → akamai
 
 
 	Observed cookie domains:
@@ -115,55 +110,52 @@
 -->
 <ruleset name="Nike.com (partial)">
 
+	<!--	Direct rewrites:
+				-->
+	<target host="developer.nike.com" />
+	<target host="help-all.nike.com" />
+	<target host="help-de-de.nike.com" />
+	<target host="help-de-eu.nike.com" />
+	<target host="help-en-cn.nike.com" />
+	<target host="help-en-eu.nike.com" />
+	<target host="help-en-gb.nike.com" />
+	<target host="help-en-us.nike.com" />
+	<target host="help-es-eu.nike.com" />
+	<target host="help-es-la.nike.com" />
+	<target host="help-fr-eu.nike.com" />
+	<target host="help-fr-fr.nike.com" />
+	<target host="help-it-eu.nike.com" />
+	<target host="help-ja-jp.nike.com" />
+	<target host="help-nl-eu.nike.com" />
+	<target host="help-pt-br.nike.com" />
+	<target host="secure-nikeplus.nike.com" />
+	<target host="secure-niketown.nike.com" />
+	<target host="smodus.nike.com" />
+	<target host="secure-store.nike.com" />
+	<target host="www.nike.com" />
+
+	<!--	Complications:
+				-->
 	<target host="nike.com" />
-	<target host="*.nike.com" />
-		<!--
-			At least one stylesheet links resources relative to /
-										-->
-		<!--exclusion pattern="^http://nikeplus\.nike\.com/plus/static/css/core/($|\?)" /-->
-		<!--exclusion pattern="^http://nikeplus\.nike\.com/(?!plus/(static/css/places_main/|static/css/logged_out_\w+/|static/js/|static/translations($|\?)|web/css/modules/activity_select\.css|web/images/|web/login/images/|web/login/js/)" /-->
-		<!--exclusion pattern="^http://nikevideo\.nike\.com/(?!\d+/[\w-]+\.jpg)" /-->
-
+	<target host="modus.nike.com" />
+	<target host="nikeplus.nike.com" />
+	<target host="nikevideo.nike.com" />
+	<target host="store.nike.com" />
 
-	<!--	Tracking cookies:
-					-->
-	<securecookie host="^\.nike\.com$" name="^(?:AnalysisUserId|ResonanceSegment|RES_TRACKINGID|s_\w+|utag_main)$" />
-	<!--securecookie host="^(help-(?:all|de-de|de-eu|en-cn|en-eu|en-gb|en-us|es-eu|es-la|fr-eu|fr-fr|it-eu|ja-jp|nl-eu|pt-br|zh-tw)|secure-store)\.nike\.com$" name=".+" /-->
-	<securecookie host="^(?:help-[\w-]+|secure-store)\.nike\.com$" name=".+" />
+	<securecookie host="^(help-[\w-]+|secure-store)?\.nike\.com$" name=".+" />
 
-
-	<rule from="^http://(?:www\.)?nike\.com/(?=/?apps/|/?content/|dat/tealeaftarget\.html|/?etc/|nikeos/scripts/)"
+	<rule from="^http://nike\.com/"
 		to="https://www.nike.com/" />
 
-	<rule from="^http://(developer|help-(?:all|de-de|de-eu|en-cn|en-eu|en-gb|en-us|es-eu|es-la|fr-eu|fr-fr|it-eu|ja-jp|nl-eu|pt-br|zh-tw)|origin-www|secure-nike(?:plus|town)|smodus)\.nike\.com/"
-		to="https://$1.nike.com/" />
-
-	<rule from="^http://images\.nike\.com/"
-		to="https://a248.e.akamai.net/f/471/3529/6d/images.nike.com/" />
-
 	<rule from="^http://modus\.nike\.com/"
 		to="https://nike-com.112.2o7.net/" />
 
-	<!--	First, rewrite what we can to akamai:
-							-->
-	<rule from="^http://nikeplus\.nike\.com/(?=plus/(?:static/css/(?:places_main|logged_out_\w+)/|static/js/|static/translations(?:$|\?)|web/css/modules/activity_select\.css|web/images/|web/login/(?:image|j)s/))"
-		to="https://a248.e.akamai.net/f/1758/2152/1m/nikeplus.nike.com/" />
-
-	<!--	Now rewrite to secure-nikeplus css that links resources relative to /
-
-		Unfortunately, secure-nikeplus pages redirect to http://nikeplus.,
-		so we cannot do a blanket rewrite.
-							-->
-	<rule from="^http://nikeplus\.nike\.com/plus/static/css/core/"
-		to="https://secure-nikeplus.nike.com/plus/static/css/core/" />
-
-	<rule from="^http://nikevideo\.nike\.com/(?=\d+/[\w-]+\.jpg)"
-		to="https://a248.e.akamai.net/f/1758/6850/6f/nikevideo.nike.com/" />
+	<rule from="^http://nikeplus\.nike\.com/"
+		to="https://secure-nikeplus.nike.com/" />
 
-	<rule from="^http://(?:secure-)?store\.nike\.com/"
+	<rule from="^http://store\.nike\.com/"
 		to="https://secure-store.nike.com/" />
 
-	<rule from="^http://ugc\.nike\.com/"
-		to="https://a248.e.akamai.net/f/259/7435/9m/ugc.nike.com/" />
+	<rule from="^http:"	to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Nikhef.nl.xml b/src/chrome/content/rules/Nikhef.nl.xml
index fa49f178e224..ecc6d4377aa6 100644
--- a/src/chrome/content/rules/Nikhef.nl.xml
+++ b/src/chrome/content/rules/Nikhef.nl.xml
@@ -1,16 +1,38 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://dong.nikhef.nl/ => https://dong.nikhef.nl/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://teams.nikhef.nl/ => https://teams.nikhef.nl/: (6, 'Could not resolve host: teams.nikhef.nl')
+
 	^nikhef.nl doesn't exist.
 
+
+	Insecure cookies are set for these hosts:
+
+		- www.nikhef.nl
+
 -->
-<ruleset name="Nikhef.nl">
+<ruleset name="Nikhef.nl" default_off="failed ruleset test">
 
+	<!--	Direct rewrites:
+				-->
+	<target host="dong.nikhef.nl" />
+	<target host="magro.nikhef.nl" />
+	<target host="sso.nikhef.nl" />
+	<target host="teams.nikhef.nl" />
+	<target host="webapps.nikhef.nl" />
+	<target host="wiki.nikhef.nl" />
 	<target host="www.nikhef.nl" />
 
 
-	<securecookie host="^www\.nikhef\.nl$" name=".+" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.nikhef\.nl$" name="^fe_typo_user$" /-->
+
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://www\.nikhef\.nl/"
-		to="https://www.nikhef.nl/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Nikkei.com.xml b/src/chrome/content/rules/Nikkei.com.xml
new file mode 100644
index 000000000000..cd089a225328
--- /dev/null
+++ b/src/chrome/content/rules/Nikkei.com.xml
@@ -0,0 +1,108 @@
+<!--
+	Reset:
+		invz.nikkei.com
+		leap.nikkei.com
+		sp.nikkei.com
+
+	Refused:
+		nikkei.com
+		adb.nikkei.com
+		adpriv.nikkei.com
+		adprivcache.nikkei.com
+		adrep.nikkei.com
+		ag.adrep.nikkei.com
+		jinji.api.nikkei.com
+		markets.api.nikkei.com
+		page.api.nikkei.com
+		jinji.api323.nikkei.com
+		markets.api323.nikkei.com
+		page.api323.nikkei.com
+		appli.nikkei.com
+		appli323.nikkei.com
+		mx.asia.nikkei.com
+		asianreview.nikkei.com
+		aspn.dspx.nikkei.com
+		qmd.dspx.nikkei.com
+		dspxapi.nikkei.com
+		dspxapi323.nikkei.com
+		dsquare.nikkei.com
+		election.nikkei.com
+		m.nikkei.com
+		m323.nikkei.com
+		mb.nikkei.com
+		mw.nikkei.com
+		markets.mw.nikkei.com
+		mw323.nikkei.com
+		mx.nikkei.com
+		mx3.nikkei.com
+		mx4.nikkei.com
+		mxt.nikkei.com
+		autodiscover.nex.nikkei.com
+		nwp.nikkei.com
+		parts.nikkei.com
+		pr.nikkei.com
+		markets.api.pre.nikkei.com
+		page.api.pre.nikkei.com
+		appli.pre.nikkei.com
+		room323.nikkei.com
+		store.nikkei.com
+		xc.nikkei.com
+
+	Timeout:
+		id.dev.nikkei.com
+		id.dev-ext.nikkei.com
+		hack.nikkei.com
+		rebuild.nikkei.com
+		weather.nikkei.com
+
+	Invalid Certificate:
+		my.api.nikkei.com
+		applicdn.nikkei.com
+		applicdnv2.nikkei.com
+		applicdnv2org.nikkei.com
+		asia.nikkei.com
+		horizon.asia.nikkei.com
+		link.asia.nikkei.com
+		video.asia.nikkei.com
+		cdn.nikkei.com
+		cn.nikkei.com
+		mail.cn.nikkei.com
+		regist.asia.dev.nikkei.com
+		faq.nikkei.com
+		mainta.nikkei.com
+		niid.nikkei.com
+		nkispa.nikkei.com
+		sp-ssl.nikkei.com
+		stats.nikkei.com
+		style.nikkei.com
+
+	404:
+		eb.store.nikkei.com
+
+	MCB:
+		zh.cn.nikkei.com (can be secured)
+
+-->
+
+<ruleset name="Nikkei.com">
+	<target host="nikkei.com" />
+	<target host="www.nikkei.com" />
+	<target host="regist.asia.nikkei.com" />
+	<target host="evernote.nikkei.com" />
+	<target host="id.nikkei.com" />
+	<target host="idrp.nikkei.com" />
+	<target host="lissn.nikkei.com" />
+	<target host="maint.nikkei.com" />
+	<target host="partsa.nikkei.com" />
+	<target host="r.nikkei.com" />
+	<target host="s.nikkei.com" />
+	<target host="sstats.nikkei.com" />
+	<target host="support.nikkei.com" />
+	<target host="vdata.nikkei.com" />
+	<target host="vrid.nikkei.com" />
+
+	<rule from="^http://nikkei\.com/"
+		to="https://www.nikkei.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Nikonrumors.com.xml b/src/chrome/content/rules/Nikonrumors.com.xml
new file mode 100644
index 000000000000..667343db86dd
--- /dev/null
+++ b/src/chrome/content/rules/Nikonrumors.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Nikonrumors.com">
+	<target host="nikonrumors.com" />
+	<target host="www.nikonrumors.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Nikos_Dano.com.xml b/src/chrome/content/rules/Nikos_Dano.com.xml
new file mode 100644
index 000000000000..7f75b4209274
--- /dev/null
+++ b/src/chrome/content/rules/Nikos_Dano.com.xml
@@ -0,0 +1,19 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://nikosdano.com/ => https://nikosdano.com/: (7, 'Failed to connect to nikosdano.com port 443: Connection refused')
+Fetch error: http://www.nikosdano.com/ => https://www.nikosdano.com/: (7, 'Failed to connect to www.nikosdano.com port 443: Connection refused')
+
+-->
+<ruleset name="Nikos Dano.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="nikosdano.com" />
+	<target host="www.nikosdano.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Nildram.net.xml b/src/chrome/content/rules/Nildram.net.xml
new file mode 100644
index 000000000000..074ae25463a1
--- /dev/null
+++ b/src/chrome/content/rules/Nildram.net.xml
@@ -0,0 +1,15 @@
+<!--
+	For other TalkTalk coverage, see TalkTalk.xml.
+
+-->
+<ruleset name="Nildram.net" default_off="expired">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="secure.nildram.net"/>
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Nileshgr.com.xml b/src/chrome/content/rules/Nileshgr.com.xml
new file mode 100644
index 000000000000..de2860b8ab43
--- /dev/null
+++ b/src/chrome/content/rules/Nileshgr.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .nileshgr.com
+
+-->
+<ruleset name="nileshgr.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="nileshgr.com" />
+	<target host="www.nileshgr.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.nileshgr\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Nimbledeals.com.xml b/src/chrome/content/rules/Nimbledeals.com.xml
new file mode 100644
index 000000000000..0258f1c34831
--- /dev/null
+++ b/src/chrome/content/rules/Nimbledeals.com.xml
@@ -0,0 +1,16 @@
+<!--
+	^nimbledeals.com doesn't exist
+
+-->
+<ruleset name="Nimbledeals.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="productimages.nimbledeals.com" />
+	<target host="www.nimbledeals.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Nimbus_Hosting.xml b/src/chrome/content/rules/Nimbus_Hosting.xml
index 9a144b88f47f..f177b34ffa83 100644
--- a/src/chrome/content/rules/Nimbus_Hosting.xml
+++ b/src/chrome/content/rules/Nimbus_Hosting.xml
@@ -7,7 +7,8 @@
 <ruleset name="Nimbus Hosting (partial)">
 
 	<target host="nimbushosting.co.uk" />
-	<target host="*.nimbushosting.co.uk" />
+	<target host="www.nimbushosting.co.uk" />
+	<target host="youraccount.nimbushosting.co.uk" />
 		<!--
 			Redirects to http:
 						-->
@@ -23,4 +24,4 @@
 	<rule from="^http://youraccount\.nimbushosting\.co\.uk/"
 		to="https://youtaccount.nimbushosting.co.uk/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Nimenhuuto.com.xml b/src/chrome/content/rules/Nimenhuuto.com.xml
new file mode 100644
index 000000000000..839b8d23e3d1
--- /dev/null
+++ b/src/chrome/content/rules/Nimenhuuto.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Nimenhuuto.com">
+  <target host="nimenhuuto.com" />
+  <target host="*.nimenhuuto.com" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Nimg.jp.xml b/src/chrome/content/rules/Nimg.jp.xml
new file mode 100644
index 000000000000..4b391cf6f396
--- /dev/null
+++ b/src/chrome/content/rules/Nimg.jp.xml
@@ -0,0 +1,64 @@
+<!--
+	For more NicoVideo related rulesets, see Nicovideo.jp.xml
+
+	Non-functional hosts
+		Couldn't connect to server:
+			 - p.news.nimg.jp
+			 - nl.nimg.jp
+			 - nle.nimg.jp
+
+		Timeout was reached:
+			 - abch.nimg.jp
+			 - icons.dev.nimg.jp
+			 - res.dev.nimg.jp
+			 - nlt01.nimg.jp
+			 - ausp.res.nimg.jp
+			 - embed.res.nimg.jp
+			 - sp.res.nimg.jp
+			 - swch.nimg.jp
+			 - res.test.nimg.jp
+
+		SSL connect error:
+			 - sp.ch.res.dev.nimg.jp
+
+		SSL peer certificate was not OK:
+			 - icons.nimg.jp
+			 - res.nimg.jp
+			 - uni.res.nimg.jp
+			 - usericon.nimg.jp
+
+		4xx client error:
+			 - dcdn.cdn.nimg.jp
+			 - sp.ch.res.nimg.jp
+-->
+<ruleset name="Nimg.jp">
+	<target host="appicon.nimg.jp" />
+	<test url="http://appicon.nimg.jp/42/icon48.png?1330318224" />
+
+	<target host="nicolive.cdn.nimg.jp" />
+	<test url="http://nicolive.cdn.nimg.jp/live/simg/img/a390/1169825.5fdc0f.jpg" />
+
+	<target host="nicovideo.cdn.nimg.jp" />
+		<exclusion pattern="^http://nicovideo\.cdn\.nimg\.jp/web/swf/" /> <!-- Fix #10674 -->
+			<!-- match exclusion -->
+			<test url="http://nicovideo.cdn.nimg.jp/web/swf/player/i18n/translation_version.json?v=1490254352" />
+			<test url="http://nicovideo.cdn.nimg.jp/web/swf/player/player_version.xml?v=1497858017" />
+			<!-- do not match exclusion -->
+			<test url="http://nicovideo.cdn.nimg.jp/web/img/favicon.ico" />
+		<exclusion pattern="^http://nicovideo\.cdn\.nimg\.jp/web/scripts/pages/watch/watch_\w{3}\.js" /> <!-- Fix #14774 -->
+			<test url="http://nicovideo.cdn.nimg.jp/web/scripts/pages/watch/watch_app.js" />
+			<test url="http://nicovideo.cdn.nimg.jp/web/scripts/pages/watch/watch_dll.js" />
+
+	<target host="secure-dcdn.cdn.nimg.jp" />
+	<test url="http://secure-dcdn.cdn.nimg.jp/nicochannel/channelapp/app.html?ch=mssp" />
+
+	<target host="icon.nimg.jp" />
+
+	<target host="nb.nimg.jp" />
+	<test url="http://nb.nimg.jp/book/static/img/book/pickup/book_composition_banner/vb2ei1owfn.jpg?1494237628" />
+
+	<target host="ch.res.nimg.jp" />
+	<target host="com.res.nimg.jp" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/NimporteQui.com.xml b/src/chrome/content/rules/NimporteQui.com.xml
new file mode 100644
index 000000000000..5fb65284bb12
--- /dev/null
+++ b/src/chrome/content/rules/NimporteQui.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="NimporteQui.com">
+	<target host="nimportequi.com" />
+	<target host="www.nimportequi.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Nimzone.com.xml b/src/chrome/content/rules/Nimzone.com.xml
index 6f68e8cb919c..6dded285aef5 100644
--- a/src/chrome/content/rules/Nimzone.com.xml
+++ b/src/chrome/content/rules/Nimzone.com.xml
@@ -1,9 +1,8 @@
-<ruleset name="nimzone.com" default_off="mismatch">
+<ruleset name="nimzone.com" default_off="mismatched">
 
 	<target host="server1.nimzone.com" />
 
 
-	<rule from="^http://server1\.nimzone\.com/"
-		to="https://server1.nimzone.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Nine-2-one.xml b/src/chrome/content/rules/Nine-2-one.xml
deleted file mode 100644
index e19dd9044b73..000000000000
--- a/src/chrome/content/rules/Nine-2-one.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<ruleset name="nine-2-one">
-
-	<target host="nine-2-one.com"/>
-	<target host="www.nine-2-one.com"/>
-
-	<securecookie host="^(www\.)?nine-2-one\.com$" name=".*"/>
-
-	<rule from="^http://(www\.)?nine-2-one\.com/"
-		to="https://$1nine-2-one.com/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Nine.xml b/src/chrome/content/rules/Nine.xml
index 61a0a449d332..f197ec596697 100644
--- a/src/chrome/content/rules/Nine.xml
+++ b/src/chrome/content/rules/Nine.xml
@@ -1,19 +1,18 @@
 <ruleset name="Nine">
-
 	<target host="nine.ch" />
 	<target host="*.nine.ch" />
-	<!--	* for cross-domain cookies.	-->
-	<target host="*.webmail.nine.ch" />
-
-
-	<securecookie host="^\.?webmail\.nine\.ch$" name=".*" />
-
 
-	<!--	Cert only matches *.nine.ch	-->
-	<rule from="^https?://(?:www\.)?nine\.ch/"
-		to="https://www.nine.ch/" />
+	<securecookie host="^\.?webmail\.nine\.ch$" name=".+" />
 
-	<rule from="^http://webmail\.nine\.ch/"
-		to="https://webmail.nine.ch/" />
+	<test url="http://cockpit.nine.ch/" />
+	<test url="http://mailadmin.nine.ch/" />
+	<test url="http://sso.nine.ch/" />
+	<test url="http://stats.nine.ch/" />
+	<test url="http://status.nine.ch/" />
+	<test url="http://support.nine.ch/" />
+	<test url="http://webmail.nine.ch/" />
+	<test url="http://www.nine.ch/" />
 
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Nines.nl.xml b/src/chrome/content/rules/Nines.nl.xml
new file mode 100644
index 000000000000..fa079c5fd33d
--- /dev/null
+++ b/src/chrome/content/rules/Nines.nl.xml
@@ -0,0 +1,16 @@
+<ruleset name="Nines.nl">
+
+	<target host="nines.nl" />
+	<target host="www.nines.nl" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.nines\.nl$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^www\.nines\.nl$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ning-falsemixed.xml b/src/chrome/content/rules/Ning-falsemixed.xml
index db39af473dbb..36a156849b68 100644
--- a/src/chrome/content/rules/Ning-falsemixed.xml
+++ b/src/chrome/content/rules/Ning-falsemixed.xml
@@ -1,19 +1,45 @@
 <!--
 	For rules that don't cause false/broken MCB, see Ning.xml.
-
 -->
 <ruleset name="Ning (false MCB)" platform="mixedcontent">
 
-	<target host="creators.ning.com" />
-	<target host="makemodules.ning.com" />
-		<!--
-			Handled in Ning.xml:
-						-->
-		<exclusion pattern="^http://creators\.ning\.com/(?:activity/|(?:[\w-]+/)?(?:cs|image)s/|favicon\.ico)" />
-		<exclusion pattern="^http://makemodules\.ning\.com/(?:activity/|colorbox/|(?:[\w-]+/)?(?:css|error|images)/|favicon\.ico|js/|xn/)" />
+	<target host="*.ning.com" />
+
+	<!-- Already included in Ning.xml -->
+	<exclusion pattern="^http://www\.ning\.com/" />
+	<exclusion pattern="^http://about\.ning\.com/" />
+	<exclusion pattern="^http://api\.ning\.com/" />
+	<exclusion pattern="^http://blog\.ning\.com/" />
+	<exclusion pattern="^http://creators\.ning\.com/" />
+	<exclusion pattern="^http://help\.ning\.com/" />
+	<exclusion pattern="^http://static\.ning\.com/" />
+
+	<!-- Nonfunctional subdomain (see Ning.xml) -->
+	<exclusion pattern="^http://status\.ning\.com/" />
+
+	<test url="http://www.ning.com/" />
+	<test url="http://about.ning.com/" />
+	<test url="http://api.ning.com/" />
+	<test url="http://blog.ning.com/" />
+	<test url="http://creators.ning.com/" />
+	<test url="http://help.ning.com/" />
+	<test url="http://static.ning.com/" />
+	<test url="http://status.ning.com/" />
+
+
+	<!-- covered by this ruleset -->
+	<test url="http://build.ning.com/" />
+	<test url="http://cultivate.ning.com/" />
+	<test url="http://design.ning.com/" />
+	<test url="http://developer.ning.com/" />
+
+	<!-- Examples of subdomains controlled by customers -->
+	<test url="http://beachescyclingclub.ning.com/" />
+	<test url="http://earlyguitar.ning.com/" />
+	<test url="http://minstrelbanjo.ning.com/" />
+	<test url="http://vpascal.ning.com/" />
 
 
-	<rule from="^http://(creator|makemodule)s\.ning\.com/"
-		to="https://$1s.ning.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Ning.xml b/src/chrome/content/rules/Ning.xml
index 69b829177f9f..710e61cda61a 100644
--- a/src/chrome/content/rules/Ning.xml
+++ b/src/chrome/content/rules/Ning.xml
@@ -1,120 +1,31 @@
 <!--
 	For rules that cause false/broken MCB, see Ning-falsemixed.xml.
 
-
-	CDN buckets:
-
-		- api.ning.com.edgesuite.net
-
-			- a1564.g.akamai.net
-
-
 	Nonfunctional subdomains:
 
-		- status	(dropped)
-
-
-	Problematic subdomains:
-
-		- api		(works, akamai)
-		- static	(503, akamai)
-
-
-	Fully covered subdomains:
-
-		- (www.)
-		- about
-		- api		(→ origin-api)
-		- build
-		- developer
-		- go
-		- help
-		- origin
-		- uk
-
-
-	Partially covered subdomains:
-
-		- creators *
-		- makemodules *
-		- static	(→ per-client subdomains)
-
-	* Avoiding false/broken MCB
-
-
-	Mixed content:
-
-		- Flash:
-
-			- On makemodules from static *
-
-		- Scripts:
-
-			- On creators from creators *
-			- On creators from makemodules *
-			- On creators from static *
-			- On creators from ajax.googleapis.com *
-			- On makemodules from makemodules *
-			- On makemodules from static *
-
-
-		- Frames:
-
-			- On creators from creators *
-			- On makemodules from www *
-
-		- css:
-
-			- On creators from makemodules *
-			- On makemodules from makemodules *
-			- On makemodules from static *
-			- On makemodules from www *
-
-		- Images:
-
-			- On creators from makemodules *
-			- On makemodules from makemodules *
-
-
-		- Web bugs:
-
-			- On creators from www22.glam.com *
-			- On creators from www35t.glam.com *
-			- On makemodules from www.35.glam.com *
-			- On creators from www.scoop.it
-			- On creators from img.scoop.it *
-
-	* Secured by us
-
-
-	NB: We secure all resources, and thus
-	-falsemixed should be merged for Ffx 24.
+		- *.coll.ning.com (mismatch, host only for tracking)
+		- build (mixed content, secured by us)
+		- cultivate (mixed content, secured by us)
+		- design (mixed content, secured by us)
+		- developer (mixed content, secured by us)
+		- status (timeout)
 
+	Ning has customer specific subdomains (some mixed content)
 -->
-<ruleset name="Ning (partial)">
+<ruleset name="Ning">
 
 	<target host="ning.com" />
-	<target host="*.ning.com" />
-		<!--exclusion pattern="^http://(www\.)?ning\.com/(?!\d\.\d\d\.\d\d(\.\d)?/|(about|blog|help|main)($|/)|payment/|\w+/wp-content/)" /-->
-		<!--
-			Avoid false/broken MCB:
-						-->
-		<exclusion pattern="^http://creators\.ning\.com/(?!activity/|(?:[\w-]+/)?(?:cs|image)s/|favicon\.ico)" />
-		<exclusion pattern="^http://makemodules\.ning\.com/(?!activity/|colorbox/|(?:[\w-]+/)?(?:css|error|images)/|favicon\.ico|js/|xn/)" />
-		<!--exclusion pattern="^http://status\.ning\.com/" /-->
-		<!--exclusion pattern="^http://uk\.ning\.com/(?!\d\.\d\d\.\d\d(\.\d)?/|favicon\.ico)" /-->
-
-
-	<securecookie host=".*\.ning\.com$" name=".+" />
-
-
-	<rule from="^http://((?:about|build|creators|developer|go|help|makemodules|uk|www)\.)?ning\.com/"
-		to="https://$1ning.com/" />
-
-	<rule from="^http://(?:origin-)?api\.ning\.com/"
-		to="https://origin-api.ning.com/" />
-
-	<rule from="^http://static\.ning\.com/([^/]+)/"
-		to="https://$1.ning.com/xn_resources/" />
+	<target host="www.ning.com" />
+	<target host="about.ning.com" />
+	<target host="api.ning.com" />
+	<target host="blog.ning.com" />
+	<target host="cdn.ning.com" />
+		<test url="http://cdn.ning.com/wp-content/themes/ning/assets/img/ui/black/s-icons/custom.svg" />
+	<target host="creators.ning.com" />
+	<target host="help.ning.com" />
+	<target host="static.ning.com" />
+		<test url="http://static.ning.com/socialnetworkmain/widgets/index/gfx/Ning_MM_footer_wht.png" />
+
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Ninite.xml b/src/chrome/content/rules/Ninite.xml
index a5dbf37a886a..910ec10ec6af 100644
--- a/src/chrome/content/rules/Ninite.xml
+++ b/src/chrome/content/rules/Ninite.xml
@@ -1,8 +1,8 @@
-<ruleset name="Ninite" platform="mixedcontent">
-  <target host="ninite.com" />
-  <target host="www.ninite.com" />
+<ruleset name="Ninite.com">
+	<target host="ninite.com" />
+	<target host="www.ninite.com" />
 
-  <securecookie host="^(.+\.)?ninite\.com$" name=".*"/>
+	<securecookie host=".+" name=".+" />
 
-  <rule from="^http://(?:www\.)?ninite\.com/" to="https://ninite.com/"/>
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ninja-Build.org.xml b/src/chrome/content/rules/Ninja-Build.org.xml
new file mode 100644
index 000000000000..9226d4c36127
--- /dev/null
+++ b/src/chrome/content/rules/Ninja-Build.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="Ninja-Build.org">
+	<target host="ninja-build.org" />
+	<target host="www.ninja-build.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Nintendo.com.xml b/src/chrome/content/rules/Nintendo.com.xml
deleted file mode 100644
index 4ec2e75f837d..000000000000
--- a/src/chrome/content/rules/Nintendo.com.xml
+++ /dev/null
@@ -1,42 +0,0 @@
-<!--
-	CDN buckets:
-
-		- wpc.92ED.att-acdn.net
-			- media.nintendo.com
-
-
-	Problematic subdomains:
-
-		- support	(refused)
-
-
-	Partially covered subdomains:
-
-		- support	(→ www)
-
-
-	Nonfunctional subdomains:
-
-		- media		(404, expired, mismatched, CN: *.eci.cdn.att.net)
-		- techforums	(times out)
-
-
-	Mixed images on www from media.nintendo.com
-
--->
-<ruleset name="Nintendo.com (partial) ">
-
-	<target host="nintendo.com" />
-	<target host="*.nintendo.com" />
-
-
-	<securecookie host="^.*\.nintendo\.com$" name=".+" />
-
-
-	<rule from="^http://((?:club|happyholidays|iwataasks|share|smetrics|store|www)\.)?nintendo\.com/"
-		to="https://$1nintendo.com/" />
-
-	<rule from="^http://support\.nintento\.com/(?:\?.*)?$"
-		to="https://www.nintendo.com/consumer/assets/region_select.jsp" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Nintendo.xml b/src/chrome/content/rules/Nintendo.xml
new file mode 100644
index 000000000000..a8d79e4c820c
--- /dev/null
+++ b/src/chrome/content/rules/Nintendo.xml
@@ -0,0 +1,136 @@
+<!--
+	Remark: For a list of Nintendo related ccTLD, please
+		visit https://www.nintendo.com/countryselector
+
+	Non-functional hosts
+		Couldn't connect to server:
+		- nintendods.cz
+		- www.nintendods.cz
+		- www.nintendo.com.hk
+		- www.nintendo.tw
+
+		Timeout was reached:
+		- haendlersuche.nintendo.de
+		- nintendo.com.hk
+		- nintendo.tw
+
+		SSL connect error:
+		- nintendo.at
+		- nintendo.be
+		- nintendo.ch
+		- nintendo-europe.com
+		- microsite.nintendo-europe.com
+		- nintendo.de
+		- nintendo.es
+		- nintendo.fr
+		- nintendo.it
+		- nintendo.nl
+		- nintendo.pt
+		- nintendo.ru
+		- nintendo.co.uk
+		- nintendo.co.za
+
+		SSL peer certificate was not OK:
+		- nintendo.gr
+		- www.nintendo.gr
+		- nintendo.co.nz
+		- www.nintendo.co.nz
+
+		Peer certificate cannot be authenticated with given CA certificates:
+		- nintendo.co.kr
+		- www.nintendo.co.kr
+
+		Problem with the SSL CA cert (path? access rights?):
+		- www.nintendo.no
+
+		Incomplete certificate chain error:
+		- nintendo.hu
+		- www.nintendo.hu
+
+		Mixed content blocking (MCB) triggered:
+		- iwataasks.nintendo.com
+-->
+<ruleset name="Nintendo (partial)">
+	<!-- *nintendo.at -->
+	<target host="www.nintendo.at" />
+
+	<!-- *nintendo.com.au -->
+	<target host="nintendo.com.au" />
+	<target host="www.nintendo.com.au" />
+
+	<!-- *nintendo.be -->
+	<target host="www.nintendo.be" />
+
+	<!-- *nintendo.ch -->
+	<target host="www.nintendo.ch" />
+
+	<!-- *nintendo.com -->
+	<target host="nintendo.com" />
+	<target host="accounts.nintendo.com" />
+	<target host="api.accounts.nintendo.com" />
+	<target host="cdn.accounts.nintendo.com" />
+	<target host="club.nintendo.com" />
+	<target host="ec.nintendo.com" />
+	<target host="api.ec.nintendo.com" />
+	<target host="happyholidays.nintendo.com" />
+	<target host="media.nintendo.com" />
+	<target host="share.nintendo.com" />
+	<target host="smetrics.nintendo.com" />
+	<target host="store.nintendo.com" />
+	<target host="support.nintendo.com" />
+	<target host="techforums.nintendo.com" />
+	<target host="www.nintendo.com" />
+
+	<!-- *nintendo-europe.com -->
+	<target host="cdn02.nintendo-europe.com" />
+	<target host="www.nintendo-europe.com" />
+
+	<!-- *nintendo.de -->
+	<target host="jobs.nintendo.de" />
+	<target host="www.nintendo.de" />
+
+	<!-- *nintendo.dk -->
+	<target host="nintendo.dk" />
+	<target host="www.nintendo.dk" />
+
+	<!-- *nintendo.es -->
+	<target host="www.nintendo.es" />
+
+	<!-- *nintendo.fi -->
+	<target host="nintendo.fi" />
+	<target host="www.nintendo.fi" />
+
+	<!-- *nintendo.fr -->
+	<target host="www.nintendo.fr" />
+
+	<!-- *nintendo.it -->
+	<target host="www.nintendo.it" />
+
+	<!-- *nintendo.co.jp -->
+	<target host="topics.nintendo.co.jp" />
+	<target host="www.nintendo.co.jp" />
+
+	<!-- *nintendo.nl -->
+	<target host="www.nintendo.nl" />
+
+	<!-- *nintendo.no -->
+	<target host="nintendo.no" />
+
+	<!-- *nintendo.pt -->
+	<target host="www.nintendo.pt" />
+
+	<!-- *nintendo.ru -->
+	<target host="www.nintendo.ru" />
+
+	<!-- *nintendo.se -->
+	<target host="nintendo.se" />
+	<target host="www.nintendo.se" />
+
+	<!-- *nintendo.co.uk -->
+	<target host="www.nintendo.co.uk" />
+
+	<!-- *nintendo.co.za -->
+	<target host="www.nintendo.co.za" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Nintendo_World_Report.xml b/src/chrome/content/rules/Nintendo_World_Report.xml
index e71128eac340..e96857416afc 100644
--- a/src/chrome/content/rules/Nintendo_World_Report.xml
+++ b/src/chrome/content/rules/Nintendo_World_Report.xml
@@ -7,7 +7,6 @@
 	<securecookie host="^(?:www\.)?nintendoworldreport\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?nintendoworldreport\.com/"
-		to="https://$1nintendoworldreport.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Nintendolife.com.xml b/src/chrome/content/rules/Nintendolife.com.xml
new file mode 100644
index 000000000000..945a1ee157de
--- /dev/null
+++ b/src/chrome/content/rules/Nintendolife.com.xml
@@ -0,0 +1,21 @@
+<ruleset name="Nintendolife.com">
+	<target host="nintendolife.com" />
+	<target host="www.nintendolife.com" />
+	<target host="3ds.nintendolife.com" />
+	<target host="3dsvc.nintendolife.com" />
+	<target host="3dsware.nintendolife.com" />
+	<target host="dsiware.nintendolife.com" />
+	<target host="ds.nintendolife.com" />
+	<target host="images.nintendolife.com" />
+	<target host="retro.nintendolife.com" />
+	<target host="fs.nintendolife.com" />
+	<target host="sp.nintendolife.com" />
+	<target host="static.nintendolife.com" />
+	<target host="vc.nintendolife.com" />
+	<target host="wii.nintendolife.com" />
+	<target host="wiiware.nintendolife.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/NinthDecimal.com.xml b/src/chrome/content/rules/NinthDecimal.com.xml
new file mode 100644
index 000000000000..179a8be2bce7
--- /dev/null
+++ b/src/chrome/content/rules/NinthDecimal.com.xml
@@ -0,0 +1,55 @@
+<!--
+	NB: Tor users cannot view* this website due to CloudFlare settings.
+
+	See:
+
+		- https://blog.torproject.org/blog/call-arms-helping-internet-services-accept-anonymous-users
+		- https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block-Tor-
+		- https://support.cloudflare.com/hc/en-us/articles/200170206-How-do-I-turn-I-m-Under-Attack-mode-on-
+
+	* without enabling javascript, for security and privacy implications see e.g.:
+
+		- https://www.mozilla.org/security/known-vulnerabilities/firefox.html
+		- https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-fingerprinting
+		- https://panopticlick.eff.org
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- .ninthdecimal.com
+		- www.ninthdecimal.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Images on www from $self ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="NinthDecimal.com">
+
+	<target host="ninthdecimal.com" />
+	<target host="lciapi.ninthdecimal.com" />
+	<target host="www.ninthdecimal.com" />
+
+		<!--	Sets cookie without Secure:
+							-->
+		<!--test url="http://lciapi.ninthdecimal.com/v1/lci/imp/adv-sgnl/c-1?typ=&amp;chn=&amp;brand=" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.ninthdecimal\.com$" name="^(?:__cfduid|cf_clearance|ndat)$" /-->
+	<!--securecookie host="^www\.ninthdecimal\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance|ndat)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ninux.org.xml b/src/chrome/content/rules/Ninux.org.xml
index 9472edddd0c6..4cc1b155e908 100644
--- a/src/chrome/content/rules/Ninux.org.xml
+++ b/src/chrome/content/rules/Ninux.org.xml
@@ -1,10 +1,44 @@
-<ruleset name="ninux.org (partial)" default_off="self-signed">
+<!--
+	Secure connection failed:
+		ninux.org
+		www.ninux.org
+		wiki.ninux.org
 
-	<target host="svn.ninux.org"/>
+	Invalid certificate:
+		controller.basilicata.ninux.org
+		calabria.ninux.org
+		galaxy.ninux.org
+		hg.ninux.org
+		hispanico.ninux.org
+		ml.ninux.org
+		mm.ninux.org
+		pad.ninux.org
+		www.palermo.ninux.org
+		planet.ninux.org
+		verona.ninux.org
 
-	<rule from="^http://svn\.ninux\.org/"
-		to="https://svn.ninux.org/"/>
+	Different content http/https:
+		fotogallery.ninux.org
 
-	<securecookie host="^svn\.ninux\.org$" name=".*"/>
+	Refused:
+		map.ninux.org
+
+-->
+<ruleset name="ninux.org (partial)">
+
+	<target host="basilicata.ninux.org" />
+	<target host="www.basilicata.ninux.org" />
+	<target host="blog.ninux.org" />
+	<target host="bologna.ninux.org" />
+	<target host="www.bologna.ninux.org" />
+	<target host="wiki.bologna.ninux.org" />
+	<target host="gitlab.ninux.org" />
+	<target host="ipam.ninux.org" />
+	<target host="meet.ninux.org" />
+	<target host="photogallery.ninux.org" />
+	<target host="zioproto.ninux.org" />
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/NirSoft.net.xml b/src/chrome/content/rules/NirSoft.net.xml
new file mode 100644
index 000000000000..d2cb29ee2918
--- /dev/null
+++ b/src/chrome/content/rules/NirSoft.net.xml
@@ -0,0 +1,23 @@
+<ruleset name="NirSoft.net">
+	<target host="nirsoft.net" />
+	<target host="www.nirsoft.net" />
+	<target host="blog.nirsoft.net" />
+	<target host="download.nirsoft.net" />
+	<target host="download2.nirsoft.net" />
+	<target host="extension.nirsoft.net" />
+	<target host="launcher.nirsoft.net" />
+	<target host="mail.nirsoft.net" />
+	<target host="newserver.nirsoft.net" />
+	<target host="nircmd.nirsoft.net" />
+	<target host="shellfix.nirsoft.net" />
+	<target host="start.nirsoft.net" />
+	<target host="usb3speed.nirsoft.net" />
+	<target host="usbspeed.nirsoft.net" />
+	<target host="win7dll.nirsoft.net" />
+	<target host="windows10dll.nirsoft.net" />
+	<target host="xpdll.nirsoft.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Nisit69.com.xml b/src/chrome/content/rules/Nisit69.com.xml
index abe802ed31eb..e56f4473e8ce 100644
--- a/src/chrome/content/rules/Nisit69.com.xml
+++ b/src/chrome/content/rules/Nisit69.com.xml
@@ -50,7 +50,6 @@
 	<securecookie host="^(?:w*\.)?nisit69\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?nisit69\.com/"
-		to="https://$1nisit69.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Niskanen_Center.org.xml b/src/chrome/content/rules/Niskanen_Center.org.xml
new file mode 100644
index 000000000000..a063943beb86
--- /dev/null
+++ b/src/chrome/content/rules/Niskanen_Center.org.xml
@@ -0,0 +1,12 @@
+<ruleset name="Niskanen Center.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="niskanencenter.org" />
+	<target host="www.niskanencenter.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NiteFlirt.com.xml b/src/chrome/content/rules/NiteFlirt.com.xml
new file mode 100644
index 000000000000..f9ee2873eaa8
--- /dev/null
+++ b/src/chrome/content/rules/NiteFlirt.com.xml
@@ -0,0 +1,29 @@
+<!--
+	Nonfunctional hosts in *niteflirt.com:
+
+		- phonesexblog *
+
+	* Shows test page
+
+
+	Fully covered hosts in *niteflirt.com:
+
+		- (www.)?
+		- affiliate
+		- support
+
+-->
+<ruleset name="NiteFlirt.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="niteflirt.com" />
+	<target host="affiliate.niteflirt.com" />
+	<target host="support.niteflirt.com" />
+	<target host="www.niteflirt.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NiteTimeToys.com.xml b/src/chrome/content/rules/NiteTimeToys.com.xml
new file mode 100644
index 000000000000..d22d02141181
--- /dev/null
+++ b/src/chrome/content/rules/NiteTimeToys.com.xml
@@ -0,0 +1,41 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://affiliates.nitetimetoys.com/ => https://affiliates.nitetimetoys.com/: (60, 'SSL certificate problem: certificate has expired')
+
+	These altnames don't exist:
+
+		- www.affiliates.nitetimetoys.com
+
+
+	Observed cookie domains:
+
+		- . *
+		- affiliates *
+		- www *
+
+	* Secured by us <= not secured by server
+
+
+	Mixed content:
+
+		- Images on affiliates and www from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="NiteTimeToys.com" default_off="failed ruleset test">
+
+	<target host="nitetimetoys.com" />
+	<target host="affiliates.nitetimetoys.com" />
+	<target host="www.nitetimetoys.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<securecookie host="^(?:affiliates|\.www)?\.nitetimetoys\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Nitro.dk.xml b/src/chrome/content/rules/Nitro.dk.xml
index f8f7cf2e1c2b..611a7700e92e 100644
--- a/src/chrome/content/rules/Nitro.dk.xml
+++ b/src/chrome/content/rules/Nitro.dk.xml
@@ -2,9 +2,8 @@
 
 	<target host="webmail.nitro.dk"/>
 
-	<securecookie host="^webmail\.nitro\.dk$" name=".*"/>
+	<securecookie host="^webmail\.nitro\.dk$" name=".+" />
 
-	<rule from="^http://webmail\.nitro\.dk/"
-		to="https://webmail.nitro.dk/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/NitroSell.com.xml b/src/chrome/content/rules/NitroSell.com.xml
new file mode 100644
index 000000000000..a222f1dd4f25
--- /dev/null
+++ b/src/chrome/content/rules/NitroSell.com.xml
@@ -0,0 +1,33 @@
+<!--
+	CDN buckets:
+
+		- images.nitrosell.com.edgesuite.net
+
+			- a1500.g.akamai.net
+
+
+	Nonfunctional subdomains:
+
+		- (www.)	(interrupted)
+
+
+	Fully covered subdomains:
+
+		- partner
+		- portal
+
+-->
+<ruleset name="NitroSell.com (partial)">
+
+	<target host="partner.nitrosell.com" />
+	<target host="portal.nitrosell.com" />
+		<!--
+			Some stylesheets reference images relative to /:
+									-->
+		<!--exclusion pattern="^http://images\.nitrosell\.com/+(assets/|public_html/.+\.css($|\?))" /-->
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Nitro_Cloud.com.xml b/src/chrome/content/rules/Nitro_Cloud.com.xml
new file mode 100644
index 000000000000..8cc8ad2f8d56
--- /dev/null
+++ b/src/chrome/content/rules/Nitro_Cloud.com.xml
@@ -0,0 +1,23 @@
+<!--
+
+	Other Nitro Software rulesets:
+
+		- PDF_to_Word.com.xml
+
+-->
+<ruleset name="Nitro Cloud.com">
+
+	<target host="nitrocloud.com" />
+	<target host="www.nitrocloud.com" />
+
+
+	<!--	Secured by server:
+					-->
+	<!--securecookie host="^www\.nitrocloud\.com$" name="^PLAY_SESSION$" /-->
+
+	<securecookie host="^\.nitrocloud\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NixOS.org.xml b/src/chrome/content/rules/NixOS.org.xml
new file mode 100644
index 000000000000..89624e7ba1e8
--- /dev/null
+++ b/src/chrome/content/rules/NixOS.org.xml
@@ -0,0 +1,21 @@
+<!--
+	www: Mismatched
+
+
+	Fully covered subdomains:
+
+		- (www.)?	(www → ^)
+		- hydra
+
+-->
+<ruleset name="NixOS.org">
+  <target host="nixos.org" />
+  <target host="hydra.nixos.org" />
+  <target host="www.nixos.org" />
+
+  <rule from="^http://www\.nixos\.org/" to="https://nixos.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Njal.la.xml b/src/chrome/content/rules/Njal.la.xml
new file mode 100644
index 000000000000..d4f9853850ea
--- /dev/null
+++ b/src/chrome/content/rules/Njal.la.xml
@@ -0,0 +1,26 @@
+<!--
+	Timeout:
+		- git
+		- mailfwd
+		- mx
+		- ns2
+		- ns3
+		- test
+
+	Mismatched:
+		- ns0
+		- redirect
+
+	HTTP != HTTPS:
+		- netbox
+-->
+<ruleset name="Njal.la">
+	<target host="njal.la" />
+	<target host="www.njal.la" />
+	<target host="dns.njal.la" />
+	<target host="next.njal.la" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Nmap.org.xml b/src/chrome/content/rules/Nmap.org.xml
index 798201fc6def..031df6cd6625 100644
--- a/src/chrome/content/rules/Nmap.org.xml
+++ b/src/chrome/content/rules/Nmap.org.xml
@@ -1,15 +1,18 @@
 <!--
-	Nonfunctional subdomains:
+	Fully covered subdomains:
 
-		- (www.)	(shows svn.nmap.org; mismatched, CN: svn.nmap.org)
+		- (www.)
+		- svn
 
 -->
-<ruleset name="Nmap.org (partial)">
+<ruleset name="Nmap.org">
 
+	<target host="nmap.org" />
 	<target host="svn.nmap.org" />
+	<target host="www.nmap.org" />
 
 
-	<rule from="^http://svn\.nmap\.org/"
-		to="https://svn.nmap.org/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Nnetworks.xml b/src/chrome/content/rules/Nnetworks.xml
deleted file mode 100644
index 51c81a1d5a2f..000000000000
--- a/src/chrome/content/rules/Nnetworks.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	Other Nnetworks rulesets:
-
-		- Rec-log.xml
-
--->
-<ruleset name="Nnetworks">
-
-	<target host="nnetworks.co.jp" />
-	<target host="www.nnetworks.co.jp" />
-
-
-
-	<rule from="^http://(www\.)?nnetworks\.co\.jp/"
-		to="https://$1nnetworks.co.jp/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/No-DPI-campaign.xml b/src/chrome/content/rules/No-DPI-campaign.xml
deleted file mode 100644
index 36fe8dee31fc..000000000000
--- a/src/chrome/content/rules/No-DPI-campaign.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="No Deep Packet Inspection campaign" platform="cacert">
-	<target host="nodpi.org" />
-	<target host="www.nodpi.org" />
-
-	<rule from="^http://(?:www\.)?nodpi\.org/" to="https://nodpi.org/" />
-</ruleset>
diff --git a/src/chrome/content/rules/No-Thank-You.de.xml b/src/chrome/content/rules/No-Thank-You.de.xml
new file mode 100644
index 000000000000..e8b2f535c040
--- /dev/null
+++ b/src/chrome/content/rules/No-Thank-You.de.xml
@@ -0,0 +1,14 @@
+<!--
+	Timeout:
+		www.no-thank-you.de
+-->
+<ruleset name="No-Thank-You.de">
+	<target host="no-thank-you.de" />
+	<target host="www.no-thank-you.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://www\.no-thank-you\.de/" to="https://no-thank-you.de/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/NoHold.xml b/src/chrome/content/rules/NoHold.xml
index eaebfaf57ab2..dbaa386c9fed 100644
--- a/src/chrome/content/rules/NoHold.xml
+++ b/src/chrome/content/rules/NoHold.xml
@@ -10,7 +10,6 @@
 	<target host="sw.nohold.net" />
 
 
-	<rule from="^http://sw\.nohold\.net/"
-		to="https://sw.nohold.net/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/NoMachine.com.xml b/src/chrome/content/rules/NoMachine.com.xml
new file mode 100644
index 000000000000..e62fce501d6c
--- /dev/null
+++ b/src/chrome/content/rules/NoMachine.com.xml
@@ -0,0 +1,20 @@
+<!--
+	^: cert only matches www
+
+-->
+<ruleset name="NoMachine.com">
+
+	<target host="nomachine.com" />
+	<target host="www.nomachine.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.nomachine\.com$" name="^(SESS[0-9a-f]{32})$" /-->
+
+	<securecookie host="^www\.nomachine\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NoTex.xml b/src/chrome/content/rules/NoTex.xml
deleted file mode 100644
index 71ffd70e7bff..000000000000
--- a/src/chrome/content/rules/NoTex.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	www works over neither http nor https.
-
--->
-<ruleset name="NoTex">
-
-	<target host="notex.ch" />
-	<target host="*.notex.ch" />
-
-
-	<securecookie host="^\.?notex\.ch$" name=".+" />
-
-
-	<rule from="^http://notex\.ch/"
-		to="https://notex.ch/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/NoVA_Infosec.xml b/src/chrome/content/rules/NoVA_Infosec.xml
index fe645b03633a..a6e5065f19dd 100644
--- a/src/chrome/content/rules/NoVA_Infosec.xml
+++ b/src/chrome/content/rules/NoVA_Infosec.xml
@@ -1,13 +1,40 @@
-<ruleset name="NoVA Infosec">
+<!--
+	NB: Tor users cannot view* this website due to CloudFlare settings.
 
+	See:
+
+		- https://blog.torproject.org/blog/call-arms-helping-internet-services-accept-anonymous-users
+		- https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block-Tor-
+		- https://support.cloudflare.com/hc/en-us/articles/200170206-How-do-I-turn-I-m-Under-Attack-mode-on-
+
+	* without enabling javascript, for security and privacy implications see e.g.:
+
+		- https://www.mozilla.org/security/known-vulnerabilities/firefox.html
+		- https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-fingerprinting
+		- https://panopticlick.eff.org
+
+
+	Insecure cookies are set for these domains:
+
+		- .novainfosec.com
+
+-->
+<ruleset name="NoVA Infosec.com">
+
+	<!--	Direct rewrites:
+				-->
 	<target host="novainfosec.com" />
-	<target host="*.novainfosec.com" />
+	<target host="www.novainfosec.com" />
+
 
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.novainfosec\.com$" name="^(__cfduid|cf_clearance)$" /-->
 
-	<securecookie host="^\.novainfosec.com$" name=".+" />
+	<securecookie host="^\.novainfosec\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?novainfosec\.com/"
-		to="https://$1novainfosec.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/No_1366.org.xml b/src/chrome/content/rules/No_1366.org.xml
new file mode 100644
index 000000000000..d1990b5fcd9d
--- /dev/null
+++ b/src/chrome/content/rules/No_1366.org.xml
@@ -0,0 +1,19 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://no1366.org/ => https://no1366.org/: (60, 'SSL certificate problem: self signed certificate')
+Fetch error: http://www.no1366.org/ => https://www.no1366.org/: (60, 'SSL certificate problem: self signed certificate')
+
+-->
+<ruleset name="No 1366.org" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="no1366.org" />
+	<target host="www.no1366.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/No_Hats.ca.xml b/src/chrome/content/rules/No_Hats.ca.xml
deleted file mode 100644
index 7953c06d53a9..000000000000
--- a/src/chrome/content/rules/No_Hats.ca.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	Mixed images from multiple domains.
-
--->
-<ruleset name="No Hats.ca">
-
-	<target host="nohats.ca" />
-	<target host="www.nohats.ca" />
-
-
-	<rule from="^http://(www\.)?nohats\.ca/"
-		to="https://$1nohats.ca/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/No_IP.com.xml b/src/chrome/content/rules/No_IP.com.xml
new file mode 100644
index 000000000000..d67a9e7c23fc
--- /dev/null
+++ b/src/chrome/content/rules/No_IP.com.xml
@@ -0,0 +1,28 @@
+<!--
+	CDN buckets:
+
+		- d394491aozrvw2.cloudfront.net
+		- dmej8g5cpdyqd.cloudfront.net
+
+
+	Mixed content:
+
+		- css from fonts.googleapis.com *
+
+		- Images from dmej8g5cpdyqd.cloudfront.net *
+
+	* Secured by us
+
+-->
+<ruleset name="No IP.com">
+
+	<target host="noip.com" />
+	<target host="www.noip.com" />
+
+
+	<securecookie host="^(?:www)?\.noip\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/No_Starch_Press.xml b/src/chrome/content/rules/No_Starch_Press.xml
index ed7d9f6db92c..e3594a66aac3 100644
--- a/src/chrome/content/rules/No_Starch_Press.xml
+++ b/src/chrome/content/rules/No_Starch_Press.xml
@@ -1,18 +1,39 @@
 <!--
+	CDN buckets:
+
+		- d19tnq0ilrg6a.cloudfront.net
+
+			- media
+
+
 	Problematic subdomains:
 
-		- mail	(shows www; mismatched, CN: nostarch.com)
+		- mail ¹
+		- media ²
+
+	¹ Shows www; mismatched, CN: nostarch.com
+	² cloudfront
 
 
 	Partially covered subdomains:
 
-		- mail	(→ mail.google.com)
+		- (www.) *
+		- mail		(→ mail.google.com)
+
+	* Some pages redirect to http
+
+
+	Fully covered subdomains:
+
+		- media		(→ d19tnq0ilrg6a.cloudfront.net)
 
 -->
 <ruleset name="No Starch Press (partial)">
 
 	<target host="nostarch.com" />
-	<target host="*.nostarch.com" />
+	<target host="www.nostarch.com" />
+	<target host="mail.nostarch.com" />
+	<target host="media.nostarch.com" />
 
 
 	<!--	Tracking cookies set by google-analytics.com
@@ -20,12 +41,13 @@
 	<securecookie host="^\.nostarch\.com$" name="^__utm\w$" />
 
 
-	<!--	Some pages 302 to http.
-						-->
-	<rule from="^http://(www\.)?nostarch\.com/((?:about|catalog|media|writeforus)\.htm|cart(?:$|[?/])|downloads/|favicon\.ico|images/|misc/|modules/|sites/)"
-		to="https://$1nostarch.com/$2" />
+	<rule from="^http://(www\.)?nostarch\.com/(?=(?:about|catalog|media|writeforus)\.htm|cart(?:$|[?/])|downloads/|favicon\.ico|images/|misc/|modules/|sites/)"
+		to="https://$1nostarch.com/" />
+
+	<rule from="^http://mail\.nostarch\.com/(?=$|\?)"
+		to="https://mail.google.com/a/nostarch.com" />
 
-	<rule from="^http://mail\.nostarch\.com/(\?.*)?$"
-		to="https://mail.google.com/a/nostarch.com$1" />
+	<rule from="^http://media\.nostarch\.com/"
+		to="https://media.nostarch.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/No_added_sugar.xml b/src/chrome/content/rules/No_added_sugar.xml
deleted file mode 100644
index e0c23f4e4eab..000000000000
--- a/src/chrome/content/rules/No_added_sugar.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="no added sugar">
-
-	<target host="noaddedsugar.com" />
-	<target host="*.noaddedsugar.com" />
-
-
-	<securecookie host="^\.noaddedsugar\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?noaddedsugar\.com/"
-		to="https://$1noaddedsugar.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/NobleHour.com.xml b/src/chrome/content/rules/NobleHour.com.xml
new file mode 100644
index 000000000000..d138df0fa35d
--- /dev/null
+++ b/src/chrome/content/rules/NobleHour.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="NobleHour.com">
+
+	<target host="noblehour.com" />
+	<target host="support.noblehour.com" />
+	<target host="www.noblehour.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Nocdirect.com.xml b/src/chrome/content/rules/Nocdirect.com.xml
deleted file mode 100644
index 28ecb858ebae..000000000000
--- a/src/chrome/content/rules/Nocdirect.com.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="nocdirect.com">
-
-	<target host="*.nocdirect.com" />
-
-
-	<securecookie host="^(?:ninja|radium)\.nocdirect\.com$" name=".+" />
-
-
-	<rule from="^http://(ninja|radium)\.nocdirect\.com/"
-		to="https://$1.nocdirect.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/NodeJS_Modules.org.xml b/src/chrome/content/rules/NodeJS_Modules.org.xml
new file mode 100644
index 000000000000..6dddf9983f83
--- /dev/null
+++ b/src/chrome/content/rules/NodeJS_Modules.org.xml
@@ -0,0 +1,23 @@
+<!--
+	CDN buckets:
+
+		- d1g0cckr7vxu10.cloudfront.net
+
+
+	Server sends no certificate chain *
+
+	* see https://whatsmychaincert.com
+
+-->
+<ruleset name="NodeJS Modules.org" default_off="expired, missing certificate chain">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="nodejsmodules.org" />
+	<target host="www.nodejsmodules.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NodeServ.com.xml b/src/chrome/content/rules/NodeServ.com.xml
new file mode 100644
index 000000000000..777e69046200
--- /dev/null
+++ b/src/chrome/content/rules/NodeServ.com.xml
@@ -0,0 +1,28 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://manage.nodeserv.com/ => https://manage.nodeserv.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+-->
+<ruleset name="NodeServ.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="nodeserv.com" />
+	<target host="billing.nodeserv.com" />
+	<target host="manage.nodeserv.com" />
+	<target host="www.nodeserv.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^billing\.nodeserv\.com$" name="^WHMCS[a-zA-Z]{12}$" /-->
+	<!--securecookie host="^manage\.nodeserv\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^(?:billing|manage)\.nodeserv\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NodeSource.com.xml b/src/chrome/content/rules/NodeSource.com.xml
new file mode 100644
index 000000000000..05d4e792f066
--- /dev/null
+++ b/src/chrome/content/rules/NodeSource.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="NodeSource.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="nodesource.com" />
+	<target host="www.nodesource.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Node_Security.io.xml b/src/chrome/content/rules/Node_Security.io.xml
new file mode 100644
index 000000000000..024d2b69aaf7
--- /dev/null
+++ b/src/chrome/content/rules/Node_Security.io.xml
@@ -0,0 +1,19 @@
+<!--
+	www: mismatched, CN: *.ampersandjs.com
+
+
+	These altnames don't exist:
+
+		- api.nodesecurity.io
+
+-->
+<ruleset name="Node Security.io">
+
+	<target host="nodesecurity.io" />
+	<target host="www.nodesecurity.io" />
+
+
+	<rule from="^http://(?:www\.)?nodesecurity\.io/"
+		to="https://nodesecurity.io/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Nodejitsu.com.xml b/src/chrome/content/rules/Nodejitsu.com.xml
index e48e1f2ac97e..f53c1d4d74bb 100644
--- a/src/chrome/content/rules/Nodejitsu.com.xml
+++ b/src/chrome/content/rules/Nodejitsu.com.xml
@@ -1,16 +1,64 @@
-<ruleset name="Nodejitsu.com (partial)">
 
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://legal.nodejitsu.com/ => https://legal.nodejitsu.com/: (7, 'Failed to connect to legal.nodejitsu.com port 443: No route to host')
+Fetch error: http://www.legal.nodejitsu.com/ => https://legal.nodejitsu.com/: (7, 'Failed to connect to legal.nodejitsu.com port 443: Connection timed out')
+
+	For other GoDaddy coverage, see GoDaddy.xml.
+
+
+	Problematic hosts in *nodejitsu.com:
+
+		- www.blog ¹
+		- status *
+
+	¹ Mismatched
+	* statuspage.io
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- blog from gravatar.com *
+			- docs from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Nodejitsu.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
 	<target host="nodejitsu.com" />
-	<target host="*.nodejitsu.com" />
+	<target host="blog.nodejitsu.com" />
+	<target host="docs.nodejitsu.com" />
+	<target host="legal.nodejitsu.com" />
+	<target host="versions.nodejitsu.com" />
+	<target host="www.nodejitsu.com" />
 
+	<!--	Complications:
+				-->
+	<target host="www.blog.nodejitsu.com" />
+	<target host="www.legal.nodejitsu.com" />
+	<target host="status.nodejitsu.com" />
+	<target host="www.versions.nodejitsu.com" />
 
-	<securecookie host="^\.nodejitsu\.com$" name=".+" />
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.nodejitsu\.com$" name="^jitsu\.id$" /-->
+
+	<securecookie host="^\.nodejitsu\.com$" name=".+" />
 
-	<rule from="^http://(www\.)?nodejitsu\.com/"
-		to="https://$1nodejitsu.com/" />
 
-	<rule from="^http://(?:www\.)?(blog|legal|versions)\.nodejitsu\.com/"
+	<rule from="^http://www\.(blog|legal|versions)\.nodejitsu\.com/"
 		to="https://$1.nodejitsu.com/" />
 
+	<rule from="^http://status\.nodejitsu\.com/"
+		to="https://nodejitsu.statuspage.io/" />
+
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/Nodejs.org.xml b/src/chrome/content/rules/Nodejs.org.xml
new file mode 100644
index 000000000000..8a68b51f91c0
--- /dev/null
+++ b/src/chrome/content/rules/Nodejs.org.xml
@@ -0,0 +1,60 @@
+<!--
+	For other Joyent coverage, see Joyent.xml.
+
+
+	Nonfunctional hosts in *nodejs.org:
+
+		- build *
+		- logs *
+
+	¹ Shows ^nodejs.org
+	* Refused
+
+
+	Problematic hosts in *nodejs.org:
+
+		- blog *
+		- jobs ¹
+
+	* Redirects to http
+	¹ Mismatched, CN: *.simply-partner.com
+
+
+	Mixed content:
+
+		- css on jobs from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="nodejs.org (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="nodejs.org" />
+	<target host="www.nodejs.org" />
+
+	<!--	Complications:
+				-->
+	<target host="blog.nodejs.org" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.nodejs\.org$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<!--	Redirect drops path and forward
+		slash, but not args:
+					-->
+	<rule from="^http://blog\.nodejs\.org/[^?]*"
+		to="https://nodejs.org/" />
+
+		<test url="http://blog.nodejs.org/home.php" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Nodes.dk.xml b/src/chrome/content/rules/Nodes.dk.xml
new file mode 100644
index 000000000000..e8aedaf80cd3
--- /dev/null
+++ b/src/chrome/content/rules/Nodes.dk.xml
@@ -0,0 +1,9 @@
+<ruleset name="Nodes.dk">
+
+	<target host="nodes.dk" />
+	<target host="www.nodes.dk" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NoelShack.com.xml b/src/chrome/content/rules/NoelShack.com.xml
new file mode 100644
index 000000000000..96538f6a2c9b
--- /dev/null
+++ b/src/chrome/content/rules/NoelShack.com.xml
@@ -0,0 +1,16 @@
+<!--
+	Connection closed:
+		- dev
+
+	NoelShack.com has both a wildcard certificate and a wildcard DNS record, all other subdomains return 503 error.
+-->
+<ruleset name="NoelShack.com">
+	<target host="noelshack.com" />
+	<target host="www.noelshack.com" />
+	<target host="image.noelshack.com" />
+	<target host="s2.noelshack.com" />
+	<target host="s3.noelshack.com" />
+	<target host="s4.noelshack.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Noelia.xml b/src/chrome/content/rules/Noelia.xml
index 74b8f3d61beb..6058fc8d7107 100644
--- a/src/chrome/content/rules/Noelia.xml
+++ b/src/chrome/content/rules/Noelia.xml
@@ -1,4 +1,11 @@
-<ruleset name="Noelia">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://noelia.fi/ => https://noelia.fi/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.noelia.fi/ => https://www.noelia.fi/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="Noelia" default_off="failed ruleset test">
 
 	<target host="noelia.fi" />
 	<target host="www.noelia.fi" />
@@ -7,7 +14,6 @@
 	<securecookie host="^noelia\.fi$" name=".+" />
 
 
-	<rule from="^http://(www\.)?noelia\.fi/"
-		to="https://$1noelia.fi/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Noembed.com.xml b/src/chrome/content/rules/Noembed.com.xml
index bb157b5e663c..53c6573ead4f 100644
--- a/src/chrome/content/rules/Noembed.com.xml
+++ b/src/chrome/content/rules/Noembed.com.xml
@@ -1,13 +1,7 @@
-<ruleset name="Noembed.com">
-
+<ruleset name="Noembed.com" >
 	<target host="noembed.com" />
-	<target host="*.noembed.com" />
-
-
-	<securecookie host="^\.noembed\.com$" name=".+" />
-
 
-	<rule from="^http://(www\.)?noembed\.com/"
-		to="https://$1noembed.com/" />
+	<securecookie host=".+" name=".+" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/NoiseProtocol.org.xml b/src/chrome/content/rules/NoiseProtocol.org.xml
new file mode 100644
index 000000000000..568e2a45ea45
--- /dev/null
+++ b/src/chrome/content/rules/NoiseProtocol.org.xml
@@ -0,0 +1,13 @@
+<!--
+	Mismatched:
+		- www
+-->
+<ruleset name="NoiseProtocol.org">
+	<target host="noiseprotocol.org" />
+	<target host="www.noiseprotocol.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://www\.noiseprotocol\.org/" to="https://noiseprotocol.org/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/NoiseTrade.xml b/src/chrome/content/rules/NoiseTrade.xml
new file mode 100644
index 000000000000..c6ddcf4da38b
--- /dev/null
+++ b/src/chrome/content/rules/NoiseTrade.xml
@@ -0,0 +1,24 @@
+<!--
+	Incomplete chain:
+	Fetch error: http://noisetrade.com/ => https://noisetrade.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+	Fetch error: http://www.noisetrade.com/ => https://www.noisetrade.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+	Fetch error: http://books.noisetrade.com/ => https://books.noisetrade.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+
+	Mixed content:
+
+		- blog.noisetrade.com
+
+-->
+
+<ruleset name="NoiseTrade (partial)" default_off="failed ruleset test">
+
+	<target host="noisetrade.com" />
+	<target host="www.noisetrade.com" />
+	<target host="books.noisetrade.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Noisebridge.xml b/src/chrome/content/rules/Noisebridge.xml
index f70bd74a37bc..c10ac6e9be88 100644
--- a/src/chrome/content/rules/Noisebridge.xml
+++ b/src/chrome/content/rules/Noisebridge.xml
@@ -1,6 +1,10 @@
-<ruleset name="Noisebridge">
-  <target host="www.noisebridge.net" />
-  <target host="noisebridge.net" />
+<ruleset name="Noisebridge.net">
+
+	<target host="noisebridge.net" />
+	<target host="www.noisebridge.net" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
-  <rule from="^http://(?:www\.)?noisebridge\.net/" to="https://www.noisebridge.net/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/Noisey.com.xml b/src/chrome/content/rules/Noisey.com.xml
new file mode 100644
index 000000000000..5bf5ceee1882
--- /dev/null
+++ b/src/chrome/content/rules/Noisey.com.xml
@@ -0,0 +1,45 @@
+<!--
+	For other Vice coverage, see Vice.xml.
+
+
+	CDN buckets:
+
+		- d2d9cnk8doncvf.cloudfront.net
+
+			- assets.noisey.com
+
+
+	Problematic hosts in *noisey.com:
+
+		- (www.)? ¹
+		- assets ²
+
+	¹ Dropped
+	² Cloudfront
+
+
+	Fully covered hosts in *noisey.com:
+
+		- (www.)?	(→ noisey.vice.com)
+		- assets	(→ d2d9cnk8doncvf.cloudfront.net)
+
+-->
+<ruleset name="Noisey.com">
+
+	<!--	Complications:
+				-->
+	<target host="noisey.com" />
+	<target host="assets.noisey.com" />
+	<target host="www.noisey.com" />
+
+
+	<!--	Redirect keeps path, args,
+		and forward slash:
+					-->
+	<rule from="^http://(?:www\.)?noisey\.com/"
+		to="https://noisey.vice.com/" />
+
+	<rule from="^http://assets\.noisey\.com/"
+		to="https://d2d9cnk8doncvf.cloudfront.net/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Nokia.xml b/src/chrome/content/rules/Nokia.xml
index b7beeb0f10d1..2bd6c281d754 100644
--- a/src/chrome/content/rules/Nokia.xml
+++ b/src/chrome/content/rules/Nokia.xml
@@ -1,119 +1,44 @@
-<!--
-	Other Nokia rulesets:
-
-		- Here.com.xml
-		- NAVTEQ.xml
-
-
-	discussions.nokia.co.uk is handled mostly in Lithium-clients.xml.
-
-
-	Problematic domains:
-
-		- nokia.(ca|co.uk|de|fr)	(mismatched, CN:  www.nokia.com)
-		- www.nokia.ca			(akamai)
-		- discussions.nokia.co.uk	(mismatched, CN: secure02.lithium.com)
-
-		- nokia.com subdomains:
-
-			- advertising		(self-signed)
-			- qt			(works; mismatched, CN: *.digia.com)
-			- blog.qt *
-			- developer.qt		(works; mismatched, CN: qt-project.org)
-			- labs.qt *
-			- doc.qt		(times out)
-
-		- nokiausa.com			(no https)
-
-		* Expired
-
-
-	Partially covered domains:
-
-		- discussions.nokia.co.uk	(→ discussions.europe.nokia.com)
-		- (www.)developer.nokia.com	(some pages redirect to http)
-
-
-
-	Fully covered domains:
-
-		- (www.)nokia.ca	(→ nokia.com)
-		- (www.)nokia.co.uk	(^ → www)
-
-		- nokia.com subdomains:
-
-			- account
-			- advertising	(→ primeplace)
 
-			- developer subdomains:
-
-				- analytics
-				- projects
-				- sso
-
-			- discussions.europe
-			- i
-			- maps
-			- api.maps
-			- maps.nlp
-			- \d.maps.nlp
-			- primeplace
-
-			- qt subdomains:
-
-				- ^		(→ qt.digia.com)
-				- blog		(→ blog.qt.digia.com)
-				- developer	(→ qt-project.org)
-				- labs		(→ blog.qt.digia.com)
+<!--
+The following targets have been disabled at 2020-04-17 18:38:06:
 
-		- (www.)nokia.de	(^ → www)
-		- (www.)nokia.fr	(^ → www)
-		- (www.)nokiausa.com	(^ → www)
+Fetch error: http://api.maps.nokia.com/ => https://api.maps.nokia.com/: (6, 'Could not resolve host: api.maps.nokia.com')
+Fetch error: http://health.nokia.com/ => https://health.nokia.com/: (6, 'Could not resolve host: health.nokia.com')
 
+	Other Nokia rulesets:
+		+ Here.com.xml
+		+ NAVTEQ.xml
+
+	Non-functional hosts
+		Couldn't connect to server:
+		- developer.qt.nokia.com
+
+		Timeout was reached:
+		- qt.nokia.com
+
+		SSL peer certificate was not OK:
+		- resources.ext.nokia.com
+		- tools.ext.nokia.com
+		- m.nokia.com
+		- map.nokia.com
+		- resources.nokia.com
+
+		4xx client error:
+		- maps.nlp.nokia.com
+		- 1.maps.nlp.nokia.com
+		- 2.maps.nlp.nokia.com
+		- 3.maps.nlp.nokia.com
+		- 4.maps.nlp.nokia.com
 -->
 <ruleset name="Nokia (partial)">
-
-	<target host="nokia.*" />
-	<target host="www.nokia.*" />
-	<target host="nokia.co.uk" />
-	<target host="www.nokia.co.uk" />
-	<target host="*.nokia.com" />
-		<!--
-			Redirect to http:
-						-->
-		<exclusion pattern="^http://www\.developer\.nokia\.com/(?:$|De(?:sign|velop|vices)/|Distribute/|info/)" />
-	<target host="nokiausa.com" />
-	<target host="www.nokiausa.com" />
-
-
-	<securecookie host="^(?:.*\.)?nokia\.(?:com|co\.uk|de|fr)$" name=".+" />
-
-
-	<rule from="^https?://(?:www\.)?nokia\.ca/"
-		to="https://www.nokia.com/ca-en/" />
-
-	<rule from="^https?://(?:www\.)?nokia\.(co\.uk|de|fr)/"
-		to="https://www.nokia.$1/" />
-
-	<rule from="^https?://advertising\.nokia\.com/"
-		to="https://primeplace.nokia.com/" />
-
-	<rule from="^http://((?:account|(?:(?:analytics|projects|sso|www)\.)?developer|discussions\.europe|[ir](?:\.prod)?|maps(?:\.nlp)?|api\.maps|\d\.maps\.nlp|primeplace|www)\.)?nokia\.com/"
-		to="https://$1nokia.com/" />
-
-	<rule from="^http://developer\.nokia\.com/"
-		to="https://qt-project.org/" />
-
-	<rule from="^http://qt\.nokia\.com/"
-		to="https://qt.digia.com/" />
-
-	<rule from="^https?://(?:blog|labs)\.qt\.nokia\.com/"
-		to="https://blog.qt.digia.com/" />
-
-	<rule from="^https?://discussions.nokia.co.uk/html/images/"
-		to="https://discussions.europe.nokia.com/html/images/" />
-
-	<rule from="^https?://(?:www\.)?nokiausa\.com/"
-		to="https://www.nokiausa.com/" />
-
+	<target host="nokia.com" />
+	<target host="www.nokia.com" />
+	<target host="account.nokia.com" />
+	<!-- target host="api.maps.nokia.com" /-->
+	<!-- target host="health.nokia.com" /-->
+	<target host="insight.nokia.com" />
+	<target host="networks.nokia.com" />
+	<target host="ozo.nokia.com" />
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Nokia_Siemens_Networks.xml b/src/chrome/content/rules/Nokia_Siemens_Networks.xml
index 9a3ffbb872f5..304fcbf82b18 100644
--- a/src/chrome/content/rules/Nokia_Siemens_Networks.xml
+++ b/src/chrome/content/rules/Nokia_Siemens_Networks.xml
@@ -17,7 +17,11 @@
 <ruleset name="Nokia Siemens Networks (partial)">
 
 	<target host="nokiasiemensnetworks.com" />
-	<target host="*.nokiasiemensnetworks.com" />
+	<target host="www.nokiasiemensnetworks.com" />
+	<target host="blogs.nokiasiemensnetworks.com" />
+	<target host="industryanalyst.nokiasiemensnetworks.com" />
+	<target host="online.portal.nokiasiemensnetworks.com" />
+	<target host="supplier.portal.nokiasiemensnetworks.com" />
 	<target host="nsn.com" />
 	<target host="www.nsn.com" />
 
@@ -37,4 +41,4 @@
 	<rule from="^http://(www\.)?nsn\.com/(?=jwbox/|sites/)"
 		to="https://$1nsn.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Nomadesk.xml b/src/chrome/content/rules/Nomadesk.xml
index f3f80ee8f215..b65165387ebe 100644
--- a/src/chrome/content/rules/Nomadesk.xml
+++ b/src/chrome/content/rules/Nomadesk.xml
@@ -1,4 +1,6 @@
 <!--
+Automatically by https-everywhere-checker because:
+Fetch error: http://nomadesk.com/ => https://www.nomadesk.com/: (28, 'Connection timed out after 10001 milliseconds')
 	Nonfunctional domains:
 
 		- blog.nomadesk.com *
@@ -15,7 +17,8 @@
 	<target host="mynomadesk.com" />
 	<target host="www.mynomadesk.com" />
 	<target host="nomadesk.com" />
-	<target host="*.nomadesk.com" />
+	<target host="www.nomadesk.com" />
+	<target host="secure.nomadesk.com" />
 
 
 	<securecookie host="^secure\.nomadesk\.com$" name=".+" />
@@ -27,7 +30,6 @@
 	<rule from="^http://(?:www\.)?nomadesk\.com/"
 		to="https://www.nomadesk.com/" />
 
-	<rule from="^http://secure\.nomadesk\.com/"
-		to="https://secure.nomadesk.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Nomensa.com.xml b/src/chrome/content/rules/Nomensa.com.xml
new file mode 100644
index 000000000000..7bea80accae2
--- /dev/null
+++ b/src/chrome/content/rules/Nomensa.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="Nomensa.com (partial)">
+
+	<target host="cdn.nomensa.com" />
+
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Nomura_Research_Institute.xml b/src/chrome/content/rules/Nomura_Research_Institute.xml
deleted file mode 100644
index 8dfff00244ef..000000000000
--- a/src/chrome/content/rules/Nomura_Research_Institute.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<!--
-	!www doesn't exist.
-
--->
-<ruleset name="Nomura Research Institute">
-
-	<target host="www.nri.co.jp" />
-
-
-	<rule from="^http://www\.nri\.co\.jp/"
-		to="https://www.nri.co.jp/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Non_Profit_Soapbox.com.xml b/src/chrome/content/rules/Non_Profit_Soapbox.com.xml
new file mode 100644
index 000000000000..96ef76c406ed
--- /dev/null
+++ b/src/chrome/content/rules/Non_Profit_Soapbox.com.xml
@@ -0,0 +1,16 @@
+<!--
+	(www.): dropped
+
+-->
+<ruleset name="Non Profit Soapbox.com (partial)">
+
+	<target host="*.secure.nonprofitsoapbox.com" />
+
+
+	<securecookie host="^\w+\.secure\.nonprofitsoapbox\.com$" name=".+" />
+
+
+	<rule from="^http://(\w+)\.secure\.nonprofitsoapbox\.com/"
+		to="https://$1.secure.nonprofitsoapbox.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Nonexiste.net.xml b/src/chrome/content/rules/Nonexiste.net.xml
deleted file mode 100644
index 75aac575e093..000000000000
--- a/src/chrome/content/rules/Nonexiste.net.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	Nonfunctional domains:
-
-		- (www.) *
-		- alice *
-
-	* Redirects to login, expired 2012-08-07
-
-
-	Problematic subdomains:
-
-		- www.images	(redirects to login; mismatched, CN: alice.nonexiste.net)
-
--->
-<ruleset name="nonexiste.net (partial)">
-
-	<target host="*.nonexiste.net" />
-
-
-	<rule from="^http://(?:www\.)?images\.nonexiste\.net/"
-		to="https://images.nonexiste.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/NooElec.com.xml b/src/chrome/content/rules/NooElec.com.xml
new file mode 100644
index 000000000000..8ee4c5b35ea8
--- /dev/null
+++ b/src/chrome/content/rules/NooElec.com.xml
@@ -0,0 +1,17 @@
+<ruleset name="NooElec.com">
+
+	<target host="nooelec.com" />
+	<target host="www.nooelec.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.(www\.)?nooelec\.com$" name="^frontend$" /-->
+
+	<securecookie host="^\.(?:www\.)?nooelec\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Noodleremover.news.xml b/src/chrome/content/rules/Noodleremover.news.xml
new file mode 100644
index 000000000000..ed5f15c56c34
--- /dev/null
+++ b/src/chrome/content/rules/Noodleremover.news.xml
@@ -0,0 +1,6 @@
+<ruleset name="Noodleremover.news">
+	<target host="noodleremover.news" />
+	<target host="www.noodleremover.news" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Nookipedia.com.xml b/src/chrome/content/rules/Nookipedia.com.xml
new file mode 100644
index 000000000000..c653dbca8206
--- /dev/null
+++ b/src/chrome/content/rules/Nookipedia.com.xml
@@ -0,0 +1,11 @@
+<!--
+	Nookipedia.com has a wildcard DNS record, but the certificate only covers ^.
+-->
+
+<ruleset name="Nookipedia.com">
+	<target host="nookipedia.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Nootriment.xml b/src/chrome/content/rules/Nootriment.xml
new file mode 100644
index 000000000000..2c3b7d5aa3f8
--- /dev/null
+++ b/src/chrome/content/rules/Nootriment.xml
@@ -0,0 +1,14 @@
+<!--
+
+		Mixed content:
+		- m.nootriment.com
+
+-->
+
+<ruleset name="Nootriment">
+        <target host="nootriment.com" />
+        <target host="www.nootriment.com" />
+
+        <rule from="^http:"
+                to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Nordea.xml b/src/chrome/content/rules/Nordea.xml
index 6ec9e47ffead..b27a4e74256f 100644
--- a/src/chrome/content/rules/Nordea.xml
+++ b/src/chrome/content/rules/Nordea.xml
@@ -1,8 +1,54 @@
-<ruleset name="Nordea">
-  <target host="www.nordea.*" />
-  <target host="nordea.*" />
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+			 - netbank.nordea.dk
+			 - nordea.ee
+			 - nordea.lv
 
-  <!-- .lt: bad cert, .lu: no SSL -->
-  <rule from="^http://(?:www\.)?nordea\.(com|dk|ee|fi|lv|no|se)/"
-          to="https://www.nordea.$1/"/>
+		Mixed content blocking (MCB) triggered:
+			 - www.nordea.lv
+-->
+<ruleset name="Nordea (partial)">
+	<!-- *nordea.com -->
+	<target host="nordea.com" />
+	<target host="www.nordea.com" />
+	<target host="cls.nordea.com" />
+	<target host="www.cls.nordea.com" />
+	<target host="solo.nordea.com" />
+	<target host="streaming1.nordea.com" />
+	<target host="wcms.nordea.com" />
+
+	<!-- *nordea.dk -->
+	<target host="nordea.dk" />
+	<target host="www.nordea.dk" />
+	<target host="www.netbank.nordea.dk" />
+	<target host="netpension.nordea.dk" />
+	<target host="www.netpension.nordea.dk" />
+
+	<!-- *nordea.ee -->
+	<target host="nordea.ee" />
+	<target host="www.nordea.ee" />
+
+	<!-- *nordea.fi -->
+	<target host="nordea.fi" />
+	<target host="www.nordea.fi" />
+	<target host="businesscard-online.nordea.fi" />
+	<target host="classic.nordea.fi" />
+	<target host="solo1.nordea.fi" />
+
+	<!-- *nordea.no -->
+	<target host="nordea.no" />
+	<target host="www.nordea.no" />
+	<target host="nb.nordea.no" />
+	<target host="nettbanken.nordea.no" />
+
+	<!-- *nordea.se -->
+	<target host="nordea.se" />
+	<target host="www.nordea.se" />
+	<target host="internetbanken.privat.nordea.se" />
+
+	<rule from="^http://nordea\.ee/"
+			to="https://www.nordea.ee/" />
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Norden.org.xml b/src/chrome/content/rules/Norden.org.xml
new file mode 100644
index 000000000000..3712b65221ba
--- /dev/null
+++ b/src/chrome/content/rules/Norden.org.xml
@@ -0,0 +1,9 @@
+<ruleset name="Norden.org">
+
+	<target host="norden.org" />
+	<target host="www.norden.org" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NordicHardware-mismatches.xml b/src/chrome/content/rules/NordicHardware-mismatches.xml
index 29a27e3d77bd..dee9df0c1f4a 100644
--- a/src/chrome/content/rules/NordicHardware-mismatches.xml
+++ b/src/chrome/content/rules/NordicHardware-mismatches.xml
@@ -2,7 +2,6 @@
 
 	<target host="images.nordichardware.com" />
 
-	<rule from="^http://images\.nordichardware\.com/"
-		to="https://images.nordichardware.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/NordicHardware.xml b/src/chrome/content/rules/NordicHardware.xml
index 8e7b29b33f22..1b485d26c112 100644
--- a/src/chrome/content/rules/NordicHardware.xml
+++ b/src/chrome/content/rules/NordicHardware.xml
@@ -1,6 +1,18 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://nordichardware.com/ => https://www.nordichardware.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.nordichardware.com'")
+Fetch error: http://www.nordichardware.com/ => https://www.nordichardware.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.nordichardware.com'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://nhw.se/ => https://www.nordichardware.se/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.nhw.se/ => https://www.nordichardware.se/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://nordichardware.com/ => https://www.nordichardware.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.nordichardware.com/ => https://www.nordichardware.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://nordichardware.se/ => https://www.nordichardware.se/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.nordichardware.se/ => https://www.nordichardware.se/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 
-  www.nordichardware.com , nordichardware.se , www.nordichardware.se , nordichardware.com , admin.nordichardware.se , admin.nordichardware.com  
+  www.nordichardware.com , nordichardware.se , www.nordichardware.se , nordichardware.com , admin.nordichardware.se , admin.nordichardware.com
 
 
 	Problematic domains:
@@ -14,7 +26,7 @@
 		- ads.nordichardware.com	(CN: www.nordichardware.com; 404)
 
 -->
-<ruleset name="NordicHardware" platform="mixedcontent">
+<ruleset name="NordicHardware" platform="mixedcontent" default_off="failed ruleset test">
 
 <!-- see also NordicHardware-mismatches.xml -->
 
@@ -29,7 +41,7 @@
 	<securecookie host="^www\.nordichardware\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?nhw\.se/"
+	<rule from="^http://(?:www\.)?nhw\.se/"
 		to="https://www.nordichardware.se/" />
 
 	<rule from="^http://(www\.)?nordichardware\.(com|se)/"
diff --git a/src/chrome/content/rules/Nordic_Academy.no.xml b/src/chrome/content/rules/Nordic_Academy.no.xml
index 09ad8f68e998..da09732520d3 100644
--- a/src/chrome/content/rules/Nordic_Academy.no.xml
+++ b/src/chrome/content/rules/Nordic_Academy.no.xml
@@ -1,10 +1,16 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://vpn.nordicacademy.no/ => https://vpn.nordicacademy.no/: (28, 'Connection timed out after 20000 milliseconds')
+
+Automatically by https-everywhere-checker because:
+Fetch error: http://vpn.nordicacademy.no/ => https://vpn.nordicacademy.no/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 	Nonfunctional subdomains:
 
 		- (www.)	(http reply)
 
 -->
-<ruleset name="Nordic Academy.no (partial)">
+<ruleset name="Nordic Academy.no (partial)" default_off="failed ruleset test">
 
 	<target host="vpn.nordicacademy.no" />
 
@@ -12,7 +18,6 @@
 	<securecookie host="^vpn\.nordicacademy\.no$" name=".+" />
 
 
-	<rule from="^http://vpn\.nordicacademy\.no/"
-		to="https://vpn.nordicacademy.no/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Nordic_Hosting.com.xml b/src/chrome/content/rules/Nordic_Hosting.com.xml
new file mode 100644
index 000000000000..cb6705ffd3d9
--- /dev/null
+++ b/src/chrome/content/rules/Nordic_Hosting.com.xml
@@ -0,0 +1,16 @@
+<ruleset name="Nordic Hosting.com">
+
+	<target host="nordichosting.com" />
+	<target host="www.nordichosting.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.nordichosting\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^www\.nordichosting\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Nordic_Semiconductor.xml b/src/chrome/content/rules/Nordic_Semiconductor.xml
index 99d88db486c2..7200cf01fbe9 100644
--- a/src/chrome/content/rules/Nordic_Semiconductor.xml
+++ b/src/chrome/content/rules/Nordic_Semiconductor.xml
@@ -11,7 +11,6 @@
 	<securecookie host="^www\.nordicsemi\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?nordicsemi\.com/"
-		to="https://www.nordicsemi.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/NordkappNett.no.xml b/src/chrome/content/rules/NordkappNett.no.xml
new file mode 100644
index 000000000000..5b2a17361e43
--- /dev/null
+++ b/src/chrome/content/rules/NordkappNett.no.xml
@@ -0,0 +1,31 @@
+<!--
+	Problematic domains:
+
+		- (www.)nordkapp.net	(403, valid cert)
+
+-->
+<ruleset name="NordkappNett.no">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="nordkappnett.no" />
+	<target host="www.nordkappnett.no" />
+
+	<!--	Complications:
+				-->
+	<target host="nordkapp.net" />
+	<target host="www.nordkapp.net" />
+
+
+	<securecookie host="^(?:www\.)?nordkappnett\.no$" name=".+" />
+
+
+	<!--	Server preserves path:
+					-->
+	<rule from="^http://(?:www\.)?nordkapp\.net/"
+		to="https://nordkappnett.no/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Nordkurier.xml b/src/chrome/content/rules/Nordkurier.xml
new file mode 100644
index 000000000000..d655f8535ea6
--- /dev/null
+++ b/src/chrome/content/rules/Nordkurier.xml
@@ -0,0 +1,29 @@
+<!--
+	Cert mismatch:
+		- themenwelten
+
+	Non 2xx status:
+		- magazine
+		- test08
+
+	Self-signed cert:
+		- wwz
+-->
+<ruleset name="Nordkurier">
+
+	<target host="nordkurier.de"/>
+	<target host="www.nordkurier.de"/>
+
+	<target host="idm.nordkurier.de"/>
+	<target host="kochtour.nordkurier.de"/>
+	<target host="kompakt.nordkurier.de"/>
+	<target host="partnersuche.nordkurier.de"/>
+	<target host="shop.nordkurier.de"/>
+	<target host="zisch.nordkurier.de"/>
+
+	<rule from="^http://nordkurier\.de/" to="https://www.nordkurier.de/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Nordstrom_Rack.com.xml b/src/chrome/content/rules/Nordstrom_Rack.com.xml
new file mode 100644
index 000000000000..147876443d95
--- /dev/null
+++ b/src/chrome/content/rules/Nordstrom_Rack.com.xml
@@ -0,0 +1,28 @@
+<!--
+	Other Nordstrom rulesets:
+
+		- HauteLook.com.xml
+		- HauteLook_CDN.com.xml
+
+
+	^nordstromrack.com: Mismatched
+
+-->
+<ruleset name="Nordstrom Rack.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.nordstromrack.com" />
+
+	<!--	Complications:
+				-->
+	<target host="nordstromrack.com" />
+
+
+	<rule from="^http://nordstromrack\.com/"
+		to="https://www.nordstromrack.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Nordvpn.com.xml b/src/chrome/content/rules/Nordvpn.com.xml
deleted file mode 100644
index e65412667c69..000000000000
--- a/src/chrome/content/rules/Nordvpn.com.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Nordvpn.com">
-
-	<target host="nordvpn.com" />
-	<target host="www.nordvpn.com" />
-
-
-	<securecookie host="^(?:www\.)?nordvpn\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?nordvpn\.com/"
-		to="https://$1nordvpn.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Noreplied.com.xml b/src/chrome/content/rules/Noreplied.com.xml
new file mode 100644
index 000000000000..68885a951fcb
--- /dev/null
+++ b/src/chrome/content/rules/Noreplied.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Noreplied.com">
+	<target host="noreplied.com" />
+	<target host="www.noreplied.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Norge.no.xml b/src/chrome/content/rules/Norge.no.xml
new file mode 100644
index 000000000000..62270acf89b0
--- /dev/null
+++ b/src/chrome/content/rules/Norge.no.xml
@@ -0,0 +1,17 @@
+<!--
+
+	Timeout:
+		- psi.norge.no
+		- www2.norge.no
+
+	Mismatch:
+		- test.norge.no
+
+-->
+<ruleset name="Norge.no">
+	<target host="norge.no" />
+	<target host="www.norge.no" />
+	<target host="data.norge.no" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Norid.no.xml b/src/chrome/content/rules/Norid.no.xml
new file mode 100644
index 000000000000..3e9eeba773c2
--- /dev/null
+++ b/src/chrome/content/rules/Norid.no.xml
@@ -0,0 +1,23 @@
+<!--
+	^: Cert only matches www
+
+
+	Fully covered subdomains:
+
+		- (www.)?	(^ → www)
+		- pid
+
+-->
+<ruleset name="Norid.no">
+
+	<target host="norid.no" />
+	<target host="www.norid.no" />
+	<target host="pid.norid.no" />
+
+
+	<rule from="^http://(?:www\.)?norid\.no/"
+		to="https://www.norid.no/" />
+
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Noris.org.xml b/src/chrome/content/rules/Noris.org.xml
index 0c9736721770..8d2975f0ea81 100644
--- a/src/chrome/content/rules/Noris.org.xml
+++ b/src/chrome/content/rules/Noris.org.xml
@@ -1,7 +1,10 @@
 <ruleset name="noris.net" platform="mixedcontent">
 
 	<target host="noris.net" />
-	<target host="*.noris.net" />
+	<target host="mail.noris.net" />
+	<target host="monitor.noris.net" />
+	<target host="service.noris.net" />
+	<target host="www.noris.net" />
 
 
 	<rule from="^http://(?:((?:mail|monitor|service)\.)|www\.)?noris\.net/"
diff --git a/src/chrome/content/rules/Normalesup.org.xml b/src/chrome/content/rules/Normalesup.org.xml
index b6b7356fed16..cb9b59348b62 100644
--- a/src/chrome/content/rules/Normalesup.org.xml
+++ b/src/chrome/content/rules/Normalesup.org.xml
@@ -1,18 +1,26 @@
 <!--
-	Nonfunctional subdomains:
-
-		- www.mail	(refused)
-
-
-	^normalesup.org does not exist.
-
+	Refused:
+		normalesup.org
+		www.mail.normalesup.org
+		semaphore.normalesup.org
+
+	Bad certificate:
+		phare.normalesup.org
+
+	No working URL known:
+		www.phare.normalesup.org
+		phare4.normalesup.org
+ 		phare5.normalesup.org
 -->
-<ruleset name="normalesup.org (partial)">
+<ruleset name="normalesup.org">
 
+	<target host="normalesup.org" />
 	<target host="www.normalesup.org" />
+	<target host="phare.normalesup.org" />
 
+	<rule from="^http://(phare\.)?normalesup\.org/"
+			to="https://www.normalesup.org/" />
+	<rule from="^http:"
+		  	to="https:" />
 
-	<rule from="^http://www\.normalesup\.org/"
-		to="https://www.normalesup.org/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Norman.com-problematic.xml b/src/chrome/content/rules/Norman.com-problematic.xml
new file mode 100644
index 000000000000..456b2002385a
--- /dev/null
+++ b/src/chrome/content/rules/Norman.com-problematic.xml
@@ -0,0 +1,14 @@
+<!--
+	For rules that are on by default, see Norman.com.xml.
+
+-->
+<ruleset name="Norman.com (problematic)" default_off="mismatched">
+
+	<target host="blogs.norman.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
+
diff --git a/src/chrome/content/rules/Norman.com.xml b/src/chrome/content/rules/Norman.com.xml
index 7dea6be88173..85dd61d9a9b6 100644
--- a/src/chrome/content/rules/Norman.com.xml
+++ b/src/chrome/content/rules/Norman.com.xml
@@ -1,20 +1,42 @@
+
 <!--
-	Nonfunctional:
+Disabled by https-everywhere-checker because:
+Fetch error: http://norman.com/ => https://norman.com/: (7, 'Failed to connect to norman.com port 443: Connection refused')
+Fetch error: http://www.norman.com/ => https://www.norman.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.norman.com'")
+
+	For problematic rules, see Norman.com-problematic.xml.
+
+
+	Problematic subdomains:
+
+		- blogs *
+
+	* Works; mismatched, CN: blogs.norman.com
+
+
+	Mixed content:
+
+		- Images on blogs from blogs ¹
+		- Bug on www from bstn-14-ma.com *
 
-		- blogs		(ssl_error_rx_record_too_long)
+	¹ Rule disabled by default
+	* Unsecurable <= refused
 
 -->
-<ruleset name="Norman.com (partial)">
+<ruleset name="Norman.com (partial)" default_off="failed ruleset test">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="norman.com" />
+	<!--target host="blog.norman.com" /-->
 	<target host="www.norman.com" />
 
 
-	<securecookie host="^(www\.)?norman\.com$" name=".*" />
+	<securecookie host="^(?:www\.)?norman\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?norman\.com/"
-		to="https://$1norman.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
 
diff --git a/src/chrome/content/rules/Normation.com.xml b/src/chrome/content/rules/Normation.com.xml
new file mode 100644
index 000000000000..6a8e1fb46a0d
--- /dev/null
+++ b/src/chrome/content/rules/Normation.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="Normation.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="normation.com" />
+	<target host="www.normation.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Norrgruppen.se.xml b/src/chrome/content/rules/Norrgruppen.se.xml
deleted file mode 100644
index e5e3c808ce8a..000000000000
--- a/src/chrome/content/rules/Norrgruppen.se.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		(www.)		(dropped)
-
--->
-<ruleset name="Norrgruppen.se (partial)">
-
-	<target host="*.norrgruppen.se" />
-
-
-	<!--	Tracking cookies:
-					-->
-	<securecookie host="^\.norrgruppen\.se$" name="^(?:NXCLICK2|OAX)$" />
-
-
-	<rule from="^http://sifomedia\.norrgruppen\.se/"
-		to="https://oasc07.247realmedia.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/North-American-Network-Operators-Group.xml b/src/chrome/content/rules/North-American-Network-Operators-Group.xml
index bd7e3d603705..812ccd5026b0 100644
--- a/src/chrome/content/rules/North-American-Network-Operators-Group.xml
+++ b/src/chrome/content/rules/North-American-Network-Operators-Group.xml
@@ -1,15 +1,71 @@
-<ruleset name="North American Network Operators' Group">
 
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://bcop.nanog.org/images/thumb/9/9c/Blueworld-sxc-198.jpg/650px-Blueworld-sxc-198.jpg => https://bcop.nanog.org/images/thumb/9/9c/Blueworld-sxc-198.jpg/650px-Blueworld-sxc-198.jpg: (6, 'Could not resolve host: bcop.nanog.org')
+Fetch error: http://bcop.nanog.org/skins/common/images/nanoglogo.gif => https://bcop.nanog.org/skins/common/images/nanoglogo.gif: (6, 'Could not resolve host: bcop.nanog.org')
+Fetch error: http://text.nanog.org/ => https://text.nanog.org/: (28, 'Connection timed out after 20001 milliseconds')
+
+	North American Network Operators' Group
+
+
+	Problematic hosts in *nanog.org:
+
+		- bcop ¹
+		- mailtest ²
+
+	¹ Mixed css
+	² Mismatched
+
+
+	Fully covered hosts in *nanog.org:
+
+		- (www.)?
+		- mailman
+		- mailtest	(→ mailman.nanog.org)
+		- secretariat
+		- text
+
+
+	Mixed content:
+
+		- css on bcop from $self
+
+-->
+<ruleset name="NANOG.org (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
 	<target host="nanog.org" />
-	<target host="*.nanog.org" />
+	<target host="bcop.nanog.org" />
+	<target host="mailman.nanog.org" />
+	<target host="secretariat.nanog.org" />
+	<target host="text.nanog.org" />
+	<target host="www.nanog.org" />
 
+	<!--	Complications:
+				-->
+	<target host="mailtest.nanog.org" />
 
-	<rule from="^http://(text\.|www\.)?nanog\.org/"
-		to="https://$1nanog.org/" />
+		<!--	Avoid broken MCB:
+					-->
+		<exclusion pattern="^http://bcop\.nanog\.org/+(?!images/|skins/)" />
 
-	<!--	Cert doesn't match mailtest.
-						-->
-	<rule from="^https?://mail(?:man|test)\.nanog\.org/"
+			<!--	+ve:
+					-->
+			<test url="http://bcop.nanog.org/index.php/BCOP_Drafts" />
+			<test url="http://bcop.nanog.org/index.php/IPv6_Subnetting" />
+			<test url="http://bcop.nanog.org/index.php/Ratified_BCOPs" />
+
+			<!--	-ve:
+					-->
+			<test url="http://bcop.nanog.org/images/thumb/9/9c/Blueworld-sxc-198.jpg/650px-Blueworld-sxc-198.jpg" />
+			<test url="http://bcop.nanog.org/skins/common/images/nanoglogo.gif" />
+
+
+	<rule from="^http://mailtest\.nanog\.org/"
 		to="https://mailman.nanog.org/" />
 
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/North-Carolina-State-University-problematic.xml b/src/chrome/content/rules/North-Carolina-State-University-problematic.xml
index a94eb82d0365..91e6f016a081 100644
--- a/src/chrome/content/rules/North-Carolina-State-University-problematic.xml
+++ b/src/chrome/content/rules/North-Carolina-State-University-problematic.xml
@@ -2,13 +2,22 @@
 	For rules that are on by default, see North-Carolina-State-University.xml.
 
 -->
-<ruleset name="North Carolina State University (problematic)" default_off="self-signed">
+<ruleset name="NCSU.edu (problematic)" default_off="cert-chain">
 
-	<target host="www.cs.ncsu.edu" />
+	<!--	Direct rewrites:
+				-->
 	<target host="www.csc.ncsu.edu" />
 
+	<!--	Complications:
+				-->
+	<target host="www.cs.ncsu.edu" />
+	<target host="csc.ncsu.edu" />
+
 
-	<rule from="^https?://www\.csc?\.ncsu\.edu/"
+	<rule from="^http://(?:www\.cs|csc)\.ncsu\.edu/"
 		to="https://www.csc.ncsu.edu/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/North-Carolina-State-University.xml b/src/chrome/content/rules/North-Carolina-State-University.xml
index e2df8ab827c6..48575eb519f8 100644
--- a/src/chrome/content/rules/North-Carolina-State-University.xml
+++ b/src/chrome/content/rules/North-Carolina-State-University.xml
@@ -1,51 +1,202 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ccfn.ncsu.edu/ => https://ccfn.ncsu.edu/: (6, 'Could not resolve host: ccfn.ncsu.edu')
+Fetch error: http://ptmt.fi.ncsu.edu/ => https://ptmt.fi.ncsu.edu/: Too many redirects while fetching 'https://ptmt.fi.ncsu.edu/'
+Fetch error: http://my.lib.ncsu.edu/ => https://my.lib.ncsu.edu/: (6, 'Could not resolve host: my.lib.ncsu.edu')
+
+	North Carolina State University
+
 	For problematic rules, see North_Carolina_State_University-problematic.xml.
 
 
 	Nonfunctional subdomains:
 
 		- www7.acs
-		- giving	(ssl_error_rx_record_too_long)
-		- news		(cert: ssl; shows ssl's data)
-		- v3prod.news	(ditto)
+		- ced ¹
+		- dic.fi ²
+		- info ¹
+		- v3prod.news		(cert: ssl; shows ssl's data)
+		- oied ⁵
 		- oncampus
-		- policies	(ssl_error_rx_record_too_long)
-		- web		(ditto)
+		- policies ¹
+		- search ³
+		- web		(ssl_error_rx_record_too_long)
+
+	¹ Shows default page
+	² Redirects to http, valid cert
+	³ Refused
+	⁵ Shows another domain; mismatched, CN: *.fi.ncsu.edu
 
 
 	Problematic subdomains:
 
-		- www.cs	(mismatched, CN: www.csc.ncsu.edu)
-		- www.csc	(self-signed)
+		- www.cs ¹ ²
+		- csc ¹ ²
+		- www.csc ²
+		- miso.fi *
+		- gmail ⁴
+		- miso *
+
+	¹ Mismatched
+	² Server sends no certificate chain, see https://whatsmychaincert.com
+	* Revoked certificate
+	⁴ Google
+
+
+	These altnames don't exist:
+
+		- acs.ncsu.edu
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- www.freedm.ncsu.edu
+		- golinks.ncsu.edu
+		- jobs.ncsu.edu
+		- .oit.ncsu.edu
+		- .policies.ncsu.edu
+
+
+	Mixed content:
+
+		- iframe on accessibility, assist, (www.)?centennial, news.engr, giving from www.ncsu.edu ¹
+
+		- css, on:
+
+			- accessibility, miso.fi, giving from www.ncsu.edu ¹
+			- news.engr from www.engr.ncsu.edu ¹
+			- assist, (www.)?centennial, eval.fi, www.freedm from fonts.googleapis.com ¹
+			- giving from $self ¹
+			- help from $self
+			- help from oit.ncsu.edu ¹
+
+		- Images, on:
+
+			- news.engr from www.engr.ncsu.edu ¹
+			- help from $self
+			- giving from $self
+			- miso.fi from miso.ncsu.edu
+			- oied from $self
+			- oit from drupal.ncsu.edu
+			- oit, policies from www.ncsu.edu ¹
+			- policies from $self ¹
+
+		- favicons, on:
+
+			- giving from ncsu.edu ¹
+
+		- Ads/bugs, on:
+
+			- help from twitter-badges.s3.amazonaws.com
+
+	¹ Secured by us
+	² Unsecurable
 
 -->
-<ruleset name="North Carolina State University (partial)">
+<ruleset name="NCSU.edu (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
 
 	<target host="libraryh3lp.com" />
-		<!--
-			Breaks widgets embedded on 3rd-party websites:
+
+		<!--	Breaks widgets embedded on 3rd-party websites:
 
 				https://trac.torproject.org/projects/tor/ticket/9325
 										-->
 		<exclusion pattern="^http://libraryh3lp\.com/(?:chat/|follow/)" />
-	<target host="ncsu.edu" />
-	<target host="*.ncsu.edu" />
-	<target host="www.*.ncsu.edu" />
-	<target host="portalsp.acs.ncsu.edu" />
-	<target host="*.lib.ncsu.edu" />
-
 
-	<securecookie host="^libraryh3lp\.com$" name=".*" />
-	<securecookie host="^(.*\.)?ncsu\.edu$" name=".*" />
+			<!--	+ve:
+					-->
+			<test url="http://libraryh3lp.com/chat/" />
+			<test url="http://libraryh3lp.com/follow/" />
 
+	<target host="ncsu.edu" />
+	<!--target host="accessibility.ncsu.edu" /-->
 
-	<rule from="^http://libraryh3lp\.com/"
-		to="https://libraryh3lp.com/" />
-
-	<rule from="^https?://(?:www\.)?ncsu\.edu/directory/"
-		to="https://www.ncsu.edu/directory/" />
-
-	<rule from="^http://(portalsp\.acs|jobs|(?:(?:my|staff|www)\.)?lib|oit|ssl|webauth)\.ncsu\.edu/"
-		to="https://$1.ncsu.edu/" />
+	<target host="ep91prd.acs.ncsu.edu" />
+	<target host="mypack.acs.ncsu.edu" />
+	<target host="portal.acs.ncsu.edu" />
+	<target host="portalsp.acs.ncsu.edu" />
+	<target host="www.acs.ncsu.edu" />
+
+	<!--target host="assist.ncsu.edu" /-->
+	<target host="ccfn.ncsu.edu" />
+	<target host="cdn.ncsu.edu" />
+	<!--target host="centennial.ncsu.edu" /-->
+	<!--target host="www.centennial.ncsu.edu" /-->
+	<target host="research.csc.ncsu.edu" />
+	<!--target host="www.csc.ncsu.edu" /-->
+	<!--target host="news.engr.ncsu.edu" /-->
+	<target host="www.engr.ncsu.edu" />
+	<target host="fi.ncsu.edu" />
+
+	<target host="eval.fi.ncsu.edu" />
+	<!--target host="miso.fi.ncsu.edu" /-->
+	<target host="ptmt.fi.ncsu.edu" />
+	<target host="stem.fi.ncsu.edu" />
+	<target host="surveys.fi.ncsu.edu" />
+	<target host="www.fi.ncsu.edu" />
+
+	<target host="www.freedm.ncsu.edu" />
+	<!--target host="giving.ncsu.edu" /-->
+	<target host="go.ncsu.edu" />
+	<target host="www.go.ncsu.edu" />
+	<target host="golinks.ncsu.edu" />
+	<!--target host="help.ncsu.edu" /-->
+	<target host="jobs.ncsu.edu" />
+	<target host="lib.ncsu.edu" />
+
+	<target host="my.lib.ncsu.edu" />
+	<target host="myaccount.lib.ncsu.edu" />
+	<target host="staff.lib.ncsu.edu" />
+	<target host="www.lib.ncsu.edu" />
+
+	<!--target host="miso.ncsu.edu" /-->
+	<target host="mypack.ncsu.edu" />
+	<target host="www.mypack.ncsu.edu" />
+	<target host="news.ncsu.edu" />
+	<target host="oied.ncsu.edu" />
+	<target host="oit.ncsu.edu" />
+	<target host="policies.ncsu.edu" />
+	<target host="shib.ncsu.edu" />
+	<target host="ssl.ncsu.edu" />
+	<target host="sysnews.ncsu.edu" />
+	<target host="webauth.ncsu.edu" />
+	<target host="www.ncsu.edu" />
+
+	<!--	Complications:
+				-->
+	<!--target host="www.cs.ncsu.edu" /-->
+	<!--target host="csc.ncsu.edu" /-->
+	<target host="gmail.ncsu.edu" />
+
+
+	<securecookie host="^libraryh3lp\.com$" name=".+" />
+
+	<!--	Not secured by server:
+						-->
+	<!--securecookie host="\.ncsu\.edu$" name="^(_dsncsu_redirection_state|_dsncsu_saml_sp|PAC|WRAP16|WRAP_REFERER)$" /-->
+	<!--securecookie host="^surveys\.fi\.ncsu\.edu$" name="^dvc$" /-->
+	<!--securecookie host="^www\.freedm\.ncsu\.edu$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^(go|golinks)\.ncsu\.edu$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^jobs\.ncsu\.edu$" name="^(?:_applicant_portal_session_1|COOKIE-SHIBBOLETH)$" /-->
+	<!--securecookie host="^\.(?:oit|policies)\.ncsu\.edu$" name="^SESS[0-9a-f]{32}$" /-->
+
+	<securecookie host="^(?:.*\.)?ncsu\.edu$" name=".+" />
+
+
+	<!--	Redirect drops path and forward
+		slash, but not args:
+					-->
+	<rule from="^http://gmail\.ncsu\.edu/[^?]*"
+		to="https://mail.google.com/a/ncsu.edu" />
+
+		<test url="http://gmail.ncsu.edu//" />
+		<test url="http://gmail.ncsu.edu/?" />
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/North-Herts.gov.uk.xml b/src/chrome/content/rules/North-Herts.gov.uk.xml
new file mode 100644
index 000000000000..fda9281ac1f3
--- /dev/null
+++ b/src/chrome/content/rules/North-Herts.gov.uk.xml
@@ -0,0 +1,50 @@
+<!--
+	North Hertfordshire District Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	www.north-herts.gov.uk: Mismatched
+
+
+	^north-herts.gov.uk doesn't exist.
+
+
+	Insecure cookies are set for these hosts:
+
+		- web.north-herts.gov.uk
+
+
+	Mixed content:
+
+		- css, on:
+
+			- www from fs-filestore-eu.s3.amazonaws.com
+			- www from fonts.googleapis.com ˢ
+			- www from $self
+
+		- Images, on:
+
+			- web from www.north-herts.gov.uk
+			- www from northherts-cms.cms-dev.firmstep.com
+			- www from $self
+
+	ˢ Secured by us
+
+-->
+<ruleset name="North-Herts.gov.uk (partial)">
+
+	<target host="web.north-herts.gov.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^web\.north-herts\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/North-Peace-Savings-Credit-Union.xml b/src/chrome/content/rules/North-Peace-Savings-Credit-Union.xml
new file mode 100644
index 000000000000..2aa34cca5bf7
--- /dev/null
+++ b/src/chrome/content/rules/North-Peace-Savings-Credit-Union.xml
@@ -0,0 +1,9 @@
+<ruleset name="North Peace Savings Credit Union">
+	<target host="npscu.ca" />
+	<target host="www.npscu.ca" />
+	<target host="mdws.npscu.ca" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/NorthClicks.xml b/src/chrome/content/rules/NorthClicks.xml
deleted file mode 100644
index f6218c5f238f..000000000000
--- a/src/chrome/content/rules/NorthClicks.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	!www: record_too_long
-
--->
-<ruleset name="NorthClicks">
-
-	<target host="northclicks.com" />
-	<target host="*.northclicks.com" />
-
-
-	<securecookie host="^(?:www)?\.northclicks\.com$" name=".+" />
-
-
-	<rule from="^https?://(?:www\.)?northclicks\.com/"
-		to="https://www.northclicks.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/North_Devon_Theatres.org.uk.xml b/src/chrome/content/rules/North_Devon_Theatres.org.uk.xml
index 6250dc229fc6..55362c665b23 100644
--- a/src/chrome/content/rules/North_Devon_Theatres.org.uk.xml
+++ b/src/chrome/content/rules/North_Devon_Theatres.org.uk.xml
@@ -1,18 +1,8 @@
-<!--
-	- CN: Parallels Panel
-	- Expired 2013-08-30
-
--->
-<ruleset name="North Devon Theatres.org.uk" default_off="expired, self-signed">
-
+<ruleset name="North Devon Theatres">
 	<target host="northdevontheatres.org.uk" />
 	<target host="www.northdevontheatres.org.uk" />
 
+	<securecookie host=".+" name=".+" />
 
-	<securecookie host="^northdevontheatres\.org\.uk$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?northdevontheatres\.org\.uk/"
-		to="https://northdevontheatres.org.uk/" />
-
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/North_Korea_Tech.org.xml b/src/chrome/content/rules/North_Korea_Tech.org.xml
new file mode 100644
index 000000000000..0d4f8b01dc30
--- /dev/null
+++ b/src/chrome/content/rules/North_Korea_Tech.org.xml
@@ -0,0 +1,17 @@
+<!--
+	Mixed content:
+
+		- Images from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="North Korea Tech.org">
+
+	<target host="northkoreatech.org" />
+	<target host="www.northkoreatech.org" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/North_Warks.gov.uk.xml b/src/chrome/content/rules/North_Warks.gov.uk.xml
new file mode 100644
index 000000000000..3512fa81b822
--- /dev/null
+++ b/src/chrome/content/rules/North_Warks.gov.uk.xml
@@ -0,0 +1,43 @@
+<!--
+	North Warwickshire Borough Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *northwarks.gov.uk:
+
+		- leisure ᵈ
+		- planning ᵈ
+
+	ᵈ Dropped
+
+
+	Insecure cookies are set for these hosts:
+
+		- securehnw.northwarks.gov.uk
+		- www.northwarks.gov.uk
+		- .www.northwarks.gov.uk
+
+-->
+<ruleset name="North Warks.gov.uk">
+
+	<target host="northwarks.gov.uk" />
+	<target host="securehnw.northwarks.gov.uk" />
+	<target host="secureselfservice.northwarks.gov.uk" />
+	<target host="www.northwarks.gov.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^securehnw\.northwarks\.gov\.uk$" name="^(?:anon-session|session-id)$" /-->
+	<!--securecookie host="^www\.northwarks\.gov\.uk$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^\.www\.northwarks\.gov\.uk$" name="^TestCookie$" /-->
+
+	<securecookie host="^\w" name=".+" />
+	<securecookie host="^\.www\." name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Northeastern.edu.xml b/src/chrome/content/rules/Northeastern.edu.xml
new file mode 100644
index 000000000000..ed9408c34d44
--- /dev/null
+++ b/src/chrome/content/rules/Northeastern.edu.xml
@@ -0,0 +1,63 @@
+<!--
+	Other Northeastern University rulesets:
+
+		- NEU.edu.xml
+
+
+	Nonfunctional hosts in *northeastern.edu:
+
+		- (www.)?damore-mckim *
+		- media.damore-mckim *
+		- static.damore-mckim *
+
+	* Refused
+
+
+	^northeastern.edu: Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- laweval.northeastern.edu
+		- calendar.northeastern.edu
+		- www.northeastern.edu
+
+
+	Mixed content:
+
+		- Images on calendar, www from www.northeastern.edu *
+
+	* Secured by us
+
+-->
+<ruleset name="Northeastern.edu (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="calendar.northeastern.edu" />
+	<target host="laweval.northeastern.edu" />
+	<target host="prod-web.northeastern.edu" />
+	<target host="registerresnet.northeastern.edu" />
+	<target host="www.northeastern.edu" />
+
+	<!--	Complications:
+				-->
+	<target host="northeastern.edu" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^calendar\.northeastern\.edu$" name="^_session_id$" /-->
+	<!--securecookie host="^laweval\.northeastern\.edu$" name="^(?:JSESSIONID|WASReqURL)$" /-->
+	<!--securecookie host="^www\.northeastern\.edu$" name="^www\.neu\.edu$" /-->
+
+	<securecookie host="^(?:calendar|laweval|www)\.northeastern\.edu$" name=".+" />
+
+
+	<rule from="^http://northeastern\.edu/"
+		to="https://www.northeastern.edu/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Northern_Tool.com.xml b/src/chrome/content/rules/Northern_Tool.com.xml
new file mode 100644
index 000000000000..c592412e0f00
--- /dev/null
+++ b/src/chrome/content/rules/Northern_Tool.com.xml
@@ -0,0 +1,56 @@
+<!--
+	Problematic subdomains:
+
+		- ^ ¹
+		- answers ²
+		- reviews ²
+
+	¹ Cert only matches www
+	² Mismatched, CN: *.ugc.bazaarvoice.com
+
+
+	Some pages redirect to http.
+
+
+	Mixed content:
+
+		- Images on www from $self *
+
+		- Ads from northerntool.ugc.bazaarvoice.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Northern Tool.com (partial)">
+
+	<target host="northerntool.ugc.bazaarvoice.com" />
+	<target host="northerntool.com" />
+	<target host="answers.northerntool.com" />
+	<target host="reviews.northerntool.com" />
+	<target host="www.northerntool.com" />
+	<target host="m.northerntool.com" />
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="^http://(www\.)?northerntool\.com/+($|\?|catalog/$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="^http://(www\.)?northerntool\.com/+(?!css/|favicon\.ico|images/|(shop|stores)($|[?/])|wcsstore/)" /-->
+
+
+	<!--	Server doesn't secure:
+					-->
+	<securecookie host="^m\.northerntool\.com$" name=".+" />
+
+
+	<rule from="^http://(?:northerntool\.ugc\.bazaarvoice|(?:answer|review)s\.northerntool)\.com/"
+		to="https://northerntool.ugc.bazaarvoice.com/" />
+
+	<rule from="^http://(?:www\.)?northerntool\.com/(?=css/|favicon\.ico|images/|s(?:hop|tores)(?:$|[?/])|wcsstore/)"
+		to="https://www.northerntool.com/" />
+
+	<rule from="^http://m\.northerntool\.com/"
+		to="https://m.northerntool.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Northpole.fi.xml b/src/chrome/content/rules/Northpole.fi.xml
index fcf89b4a52a8..f680a6247e35 100644
--- a/src/chrome/content/rules/Northpole.fi.xml
+++ b/src/chrome/content/rules/Northpole.fi.xml
@@ -1,8 +1,8 @@
 <ruleset name="Northpole.fi">
   <target host="northpole.fi" />
   <target host="www.northpole.fi" />
-  
-  <securecookie host="^(.*\.)northpole\.fi$" name=".*" />
-  
-  <rule from="^http://(?:www\.)?northpole\.fi/" to="https://northpole.fi/"/>
+
+  <securecookie host="^(?:.*\.)northpole\.fi$" name=".+" />
+
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Northwest_Swim_Shop.xml b/src/chrome/content/rules/Northwest_Swim_Shop.xml
deleted file mode 100644
index bfa2b86ce491..000000000000
--- a/src/chrome/content/rules/Northwest_Swim_Shop.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	Cert expired.
-
--->
-<ruleset name="Northwest Swim Shop">
-
-	<target host="nwswimshop.com" />
-	<target host="www.nwswimshop.com" />
-
-
-	<rule from="^https?://(?:www\.)?nwswimshop\.com/"
-		to="https://nwswimshop.myshopify.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Northwestern_University.xml b/src/chrome/content/rules/Northwestern_University.xml
index 2814b1b775b5..3bf8acbb9770 100644
--- a/src/chrome/content/rules/Northwestern_University.xml
+++ b/src/chrome/content/rules/Northwestern_University.xml
@@ -1,4 +1,7 @@
 <!--
+	Northwestern University
+
+
 	Nonfunctional subdomains:
 
 		- (www.) *
@@ -12,7 +15,7 @@
 		- m **
 		- maps **
 		- offices **
-		- planitpurple **
+		- planitpurple *
 		- policies *
 		- www.registrar *
 		- search **
@@ -70,6 +73,7 @@
 		- (www.)law
 		- careerspace.law
 		- mail
+		- (www.)math
 		- chitrec.nubic
 		- nuhr
 		- blog.oncofertility
@@ -95,9 +99,57 @@
 		- blog.womenshealth
 
 -->
-<ruleset name="Northwestern University (partial)">
-
-	<target host="*.northwestern.edu" />
+<ruleset name="Northwestern.edu (partial)">
+
+	<target host="blog.nuamps.at.northwestern.edu" />
+	<target host="websecurity.at.northwestern.edu" />
+	<target host="autodiscover.northwestern.edu" />
+	<target host="bfmf.northwestern.edu" />
+	<target host="carlsmith.northwestern.edu" />
+	<target host="mail.chicago.northwestern.edu" />
+	<target host="mail.evanston.northwestern.edu" />
+	<target host="collaborate.northwestern.edu" />
+	<target host="www.collaborate.northwestern.edu" />
+	<target host="courses.northwestern.edu" />
+	<target host="directory.northwestern.edu" />
+	<target host="blog.ipd.northwestern.edu" />
+	<target host="fed.it.northwestern.edu" />
+	<target host="validate.it.northwestern.edu" />
+	<target host="websso.it.northwestern.edu" />
+	<target host="law.northwestern.edu" />
+	<target host="careerspace.law.northwestern.edu" />
+	<target host="www.law.northwestern.edu" />
+	<target host="www.library.northwestern.edu" />
+	<target host="mail.northwestern.edu" />
+	<target host="math.northwestern.edu" />
+	<target host="www.math.northwestern.edu" />
+	<target host="chitrec.nubic.northwestern.edu" />
+	<target host="nuhr.northwestern.edu" />
+	<target host="blog.oncofertility.northwestern.edu" />
+	<target host="autodiscover.qatar.northwestern.edu" />
+	<target host="collaborate.qatar.northwestern.edu" />
+	<target host="www.collaborate.qatar.northwestern.edu" />
+	<target host="mail.qatar.northwestern.edu" />
+	<target host="webmail.qatar.northwestern.edu" />
+	<target host="research.northwestern.edu" />
+	<target host="www.research.northwestern.edu" />
+	<target host="blog.scienceinsociety.northwestern.edu" />
+	<target host="scs.northwestern.edu" />
+	<target host="www.scs.northwestern.edu" />
+	<target host="tss.northwestern.edu" />
+	<target host="umail.northwestern.edu" />
+	<target host="blog.undergradresearch.northwestern.edu" />
+	<target host="womenshealth.northwestern.edu" />
+	<target host="blog.womenshealth.northwestern.edu" />
+	<target host="cafe.northwestern.edu" />
+	<target host="ses.northwestern.edu" />
+	<target host="undergradresearch.northwestern.edu" />
+	<target host="www.cafe.northwestern.edu" />
+	<target host="www.ses.northwestern.edu" />
+	<target host="www.undergradresearch.northwestern.edu" />
+	<target host="u.northwestern.edu" />
+	<target host="wcas.northwestern.edu" />
+	<target host="www.wcas.northwestern.edu" />
 		<exclusion pattern="^http://www\.library\.northwestern\.edu/(?!misc/|modules/|sites/)" />
 
 
@@ -106,8 +158,6 @@
 	<securecookie host="^\.undergradresearch\.northwestern\.edu$" name="^SESS\w{32}$" />
 
 
-	<rule from="^http://((?:blog\.nuamps|websecurity)\.at|autodiscover|bfmf|carlsmith|mail\.(?:chicago|evanston)|(?:www\.)?collaborate|courses|directory|blog\.ipd|(?:fed|validate|websso)\.it|(?:careerspace\.|www\.)?law|www\.library|mail|chitrec\.nubic|nuhr|blog\.oncofertility|(?:autodiscover|(?:www\.)?collaborate|mail|webmail)\.qatar|(?:www\.)?research|blog\.scienceinsociety|(?:www\.)?scs|tss|umail|blog\.undergradresearch|(?:blog\.)?womenshealth)\.northwestern\.edu/"
-		to="https://$1.northwestern.edu/" />
 
 	<rule from="^http://(?:www\.)?(cafe|ses|undergradresearch)\.northwestern\.edu/"
 		to="https://$1.northwestern.edu/" />
@@ -118,4 +168,5 @@
 	<rule from="^http://(?:www\.)?wcas\.northwestern\.edu/"
 		to="https://www.wcas.northwestern.edu/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Norton.xml b/src/chrome/content/rules/Norton.xml
index 1f2a992d1202..0ba38ae869ab 100644
--- a/src/chrome/content/rules/Norton.xml
+++ b/src/chrome/content/rules/Norton.xml
@@ -2,10 +2,7 @@
 	For other Symantec coverage, see Symantec.xml.
 
 
-	norton.i.lithium.com
-
-
-	Nonfunctional norton.com subdomains:
+	Nonfunctional hosts in *norton.com:
 
 		- apps *
 		- appstore *
@@ -14,51 +11,179 @@
 	* At least $ redirects to http
 
 
-	Problematic domains:
+	Problematic hosts in *norton.com:
 
-		- ^ *
 		- arabic *
 		- asia *
-		- at *
-		- il *
 		- lu *
-		- ro *
+		- static-safeweb ²
+		- store ʰ
 
 	* Mismatched
+	² Akamai
+	ʰ Redirects to http
+
+
+	Insecure cookies are set for these domains:
+
+		- .norton.com
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- us from now-static.norton.com ˢ
+			- us from now.symassets.com ˢ
+
+	ˢ Secured by us
 
 -->
-<ruleset name="Norton (partial)" platform="mixedcontent">
+<ruleset name="Norton (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="mynortonaccount.com" />
 	<target host="www.mynortonaccount.com" />
 
 	<target host="norton.com" />
-	<target host="*.norton.com" />
-	<target host="*.nortoncdn.com" />
+	<target host="account.norton.com" />
+	<target host="www.account.norton.com" />
+	<target host="antitheft.norton.com" />
+	<target host="buy.norton.com" />
+	<target host="buy-static.norton.com" />
+	<target host="cloudconnect.norton.com" />
+	<target host="community.norton.com" />
+	<target host="dns.norton.com" />
+	<target host="hotspot.norton.com" />
+	<target host="login.norton.com" />
+	<target host="manage.norton.com" />
+	<target host="mobilesecurity.norton.com" />
+	<target host="now-static.norton.com" />
+	<target host="onlinefamily.norton.com" />
+	<target host="renew.norton.com" />
+	<target host="safeweb.norton.com" />
+	<target host="search.norton.com" />
+	<target host="static-wap.norton.com" />
+	<target host="static-wap-stg.norton.com" />
+	<target host="support.norton.com" />
+	<target host="support-stg.norton.com" />
+	<!--target host="static-safeweb.norton.com" /-->
+	<target host="updatecenter.norton.com" />
+	<target host="sealinfo.websecurity.norton.com" />
+	<target host="trustsealinfo.websecurity.norton.com" />
+	<target host="www.norton.com" />
+
+	<target host="ae.norton.com" />
+	<target host="ar.norton.com" />
+	<target host="at.norton.com" />
+	<target host="au.norton.com" />
+	<target host="be.norton.com" />
+	<target host="be-nl.norton.com" />
+	<target host="br.norton.com" />
+	<target host="ca.norton.com" />
+	<target host="ca-fr.norton.com" />
+	<target host="ch.norton.com" />
+	<target host="ch-fr.norton.com" />
+	<target host="ch-it.norton.com" />
+	<target host="cl.norton.com" />
+	<target host="cn.norton.com" />
+	<target host="co.norton.com" />
+	<target host="cz.norton.com" />
+	<target host="de.norton.com" />
+	<target host="dk.norton.com" />
+	<target host="es.norton.com" />
+	<target host="fi.norton.com" />
+	<target host="fr.norton.com" />
+	<target host="gr.norton.com" />
+	<target host="hk.norton.com" />
+	<target host="hk-en.norton.com" />
+	<target host="hu.norton.com" />
+	<target host="id.norton.com" />
+	<target host="ie.norton.com" />
+	<target host="il.norton.com" />
+	<target host="in.norton.com" />
+	<target host="it.norton.com" />
+	<target host="japan.norton.com" />
+	<target host="jp.norton.com" />
+	<target host="kh.norton.com" />
+	<target host="kr.norton.com" />
+	<target host="lam.norton.com" />
+	<target host="malaysia.norton.com" />
+	<target host="mx.norton.com" />
+	<target host="nl.norton.com" />
+	<target host="no.norton.com" />
+	<target host="nz.norton.com" />
+	<target host="ph.norton.com" />
+	<target host="pl.norton.com" />
+	<target host="pr.norton.com" />
+	<target host="pt.norton.com" />
+	<target host="ro.norton.com" />
+	<target host="ru.norton.com" />
+	<target host="se.norton.com" />
+	<target host="sg.norton.com" />
+	<target host="th.norton.com" />
+	<target host="tr.norton.com" />
+	<target host="tw.norton.com" />
+	<target host="vn.norton.com" />
+	<target host="uk.norton.com" />
+	<target host="us.norton.com" />
+	<target host="za.norton.com" />
+
+	<target host="stage.nortoncdn.com" />
+	<target host="static.nortoncdn.com" />
+
+	<!--	Complications:
+				-->
+	<target host="arabic.norton.com" />
+	<target host="asia.norton.com" />
+	<target host="lu.norton.com" />
+	<target host="store.norton.com" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://store\.norton\.com/$" /-->
+
+		<!--	Mixed images:
+					-->
+		<!--test url="http://us.norton.com/free-tools-trial/promo" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.norton\.com$" name="^v1st$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://arabic\.norton\.com/.*"
+		to="https://uk.norton.com/" />
 
+		<test url="http://arabic.norton.com/products" />
 
-	<securecookie host="^(?:.*\.)?norton\.com$" name=".+" />
+	<rule from="^http://asia\.norton\.com/.*"
+		to="https://sg.norton.com/" />
 
+		<test url="http://asia.norton.com/products" />
 
-	<rule from="^https?://(mynortonaccount|norton)\.com/"
-		to="https://www.$1.com/" />
+	<rule from="^http://lu\.norton\.com/.*"
+		to="https://fr.norton.com/" />
 
-	<rule from="^http://((?:www\.)?account|au|be|be-nl|br|buy|buy-static1?|c[ahlnz]|ca-fr|community|de|dk|dns|es|fi|fr|gr|hk|hk-en|hotspot|hu|i[ent]|jp|kr|login|malaysia|mx|n[loz]|now-static|onlinefamily|p[lrt]|ru|safeweb|se|sg|static-wap(?:-stg)?|store|support(?:-stg)?|tr|tw|uk|us|www|za)\.norton\.com/"
-		to="https://$1.norton.com/" />
+		<test url="http://lu.norton.com/products" />
 
-	<rule from="^https?://(?:arabic|il|ro)\.norton\.com/(?:.*)"
-		to="https://uk.norton.com/" />
+	<rule from="^http://store\.norton\.com/+(.*)\.html"
+		to="https://buy.norton.com/en-us/$1" />
 
-	<rule from="^https?://asia\.norton\.com/(?:.*)"
-		to="https://sg.norton.com/" />
+		<test url="http://store.norton.com/.html" />
+		<test url="http://store.norton.com/home.html" />
+		<test url="http://store.norton.com/norton-software.html" />
 
-	<rule from="^https?://at\.norton\.com/(?:.*)"
-		to="https://de.norton.com/" />
+	<rule from="^http://store\.norton\.com/[^?]*"
+		to="https://buy.norton.com/" />
 
-	<rule from="^https?://lu\.norton\.com/(?:.*)"
-		to="https://fr.norton.com/" />
+		<test url="http://store.norton.com/norton-software" />
 
-	<rule from="^http://sta(ge|tic)\.nortoncdn\.com/"
-		to="https://sta$1.nortoncdn.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Norton_Online_Backup.xml b/src/chrome/content/rules/Norton_Online_Backup.xml
index 25e903a3b65a..cc53001eaf45 100644
--- a/src/chrome/content/rules/Norton_Online_Backup.xml
+++ b/src/chrome/content/rules/Norton_Online_Backup.xml
@@ -11,19 +11,27 @@
 <ruleset name="Norton Online Backup">
 
 	<target host="backup.com" />
-	<target host="*.backup.com" />
+	<target host="www.backup.com" />
+	<target host="assets.backup.com" />
+	<target host="secure-assets.backup.com" />
+	<target host="centurylink.backup.com" />
+	<target host="delldatasafe.backup.com" />
+	<target host="dobu.backup.com" />
+	<target host="nobu.backup.com" />
+	<target host="nis.backup.com" />
+	<target host="nobu-nis.backup.com" />
+	<target host="vipprotection.backup.com" />
 
 
 	<securecookie host="^.+\.backup\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?backup\.com/"
+	<rule from="^http://(?:www\.)?backup\.com/"
 		to="https://www.backup.com/" />
 
-	<rule from="^https?://(?:secure-)?assets\.backup\.com/"
+	<rule from="^http://(?:secure-)?assets\.backup\.com/"
 		to="https://secure-assets.backup.com/" />
 
-	<rule from="^http://(centurylink|delldatasafe|[dn]obu|nis|nobu-nis|vipprotection)\.backup\.com/"
-		to="https://$1.backup.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Norwalk_Reflector.xml b/src/chrome/content/rules/Norwalk_Reflector.xml
index 4420d7eef744..59b587413b90 100644
--- a/src/chrome/content/rules/Norwalk_Reflector.xml
+++ b/src/chrome/content/rules/Norwalk_Reflector.xml
@@ -12,4 +12,4 @@
 	<rule from="^http://(?:www\.)?norwalkreflector\.com/(misc/|sites/|user(?:$|\?|/))"
 		to="https://www.norwalkreflector.com/$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Norwegian.com.xml b/src/chrome/content/rules/Norwegian.com.xml
index 998c34ab04c1..6d227ed28bb2 100644
--- a/src/chrome/content/rules/Norwegian.com.xml
+++ b/src/chrome/content/rules/Norwegian.com.xml
@@ -1,7 +1,17 @@
-<ruleset name="Norwegian.com" platform="mixedcontent">
-  <target host="www.norwegian.com" />
+<!--
+	Invalid:
+		annualreport.norwegian.com
+		brand.norwegian.com/
+		careers.norwegian.com
+		media.norwegian.com
+-->
+
+<ruleset name="Norwegian.com">
   <target host="norwegian.com" />
-  <rule from="^http://www\.norwegian\.com/" to="https://www.norwegian.com/"/>
-  <rule from="^http://norwegian\.com/" to="https://www.norwegian.com/"/>
+  <target host="www.norwegian.com" />
+
+  <securecookie host="^(www\.)?norwegian.com$" name=".+" />
+
+  <rule from="^http:" to="https:" />
 </ruleset>
 
diff --git a/src/chrome/content/rules/NorwegianClass101.com.xml b/src/chrome/content/rules/NorwegianClass101.com.xml
new file mode 100644
index 000000000000..09d205d4b73e
--- /dev/null
+++ b/src/chrome/content/rules/NorwegianClass101.com.xml
@@ -0,0 +1,25 @@
+<!--
+	^norwegianclass101.com: Mismatched
+
+-->
+<ruleset name="NorwegianClass101.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.norwegianclass101.com" />
+
+	<!--	Complications:
+				-->
+	<target host="norwegianclass101.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://norwegianclass101\.com/"
+		to="https://www.norwegianclass101.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Norx.io.xml b/src/chrome/content/rules/Norx.io.xml
new file mode 100644
index 000000000000..414e58db7678
--- /dev/null
+++ b/src/chrome/content/rules/Norx.io.xml
@@ -0,0 +1,10 @@
+<ruleset name="norx.io">
+
+	<target host="norx.io" />
+	<target host="www.norx.io" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Nos-oignons.net.xml b/src/chrome/content/rules/Nos-oignons.net.xml
index 3bd12771bc13..f7d78830e8a7 100644
--- a/src/chrome/content/rules/Nos-oignons.net.xml
+++ b/src/chrome/content/rules/Nos-oignons.net.xml
@@ -1,10 +1,16 @@
+<!--
+	All following domains redirect to .net
+	nos-oignons.net is preloaded
+
+-->
 <ruleset name="Nos-oignons.net">
-  <target host="nos-oignons.net" />
-  <target host="www.nos-oignons.net" />
-  <target host="nos-oignons.org" />
-  <target host="www.nos-oignons.org" />
-  <target host="nos-oignons.fr" />
-  <target host="www.nos-oignons.fr" />
-
-  <rule from="^http://(www\.)?nos-oignons\.(net|org|fr)/" to="https://nos-oignons.net/" />
+
+	<target host="nos-oignons.fr" />
+	<target host="www.nos-oignons.fr" />
+
+	<target host="nos-oignons.org" />
+	<target host="www.nos-oignons.org" />
+
+	<rule from="^http:" to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/Nos.pt.xml b/src/chrome/content/rules/Nos.pt.xml
new file mode 100644
index 000000000000..1084be39fc86
--- /dev/null
+++ b/src/chrome/content/rules/Nos.pt.xml
@@ -0,0 +1,6 @@
+<ruleset name="Nos.pt">
+  <target host="nos.pt" />
+  <target host="www.nos.pt" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/NosCommunes.ca.xml b/src/chrome/content/rules/NosCommunes.ca.xml
new file mode 100644
index 000000000000..9bd614305c3d
--- /dev/null
+++ b/src/chrome/content/rules/NosCommunes.ca.xml
@@ -0,0 +1,12 @@
+<!--
+	Related ruleset: OurCommons.ca.xml
+-->
+<ruleset name="NosCommunes.ca">
+	<target host="noscommunes.ca" />
+	<target host="www.noscommunes.ca" />
+	<target host="petitions.noscommunes.ca" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Not-your-server.de.xml b/src/chrome/content/rules/Not-your-server.de.xml
new file mode 100644
index 000000000000..fcf08ef92964
--- /dev/null
+++ b/src/chrome/content/rules/Not-your-server.de.xml
@@ -0,0 +1,11 @@
+<ruleset name="not-your-server.de (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="code.not-your-server.de" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NotAlwaysFriendly.com.xml b/src/chrome/content/rules/NotAlwaysFriendly.com.xml
new file mode 100644
index 000000000000..31be8895efce
--- /dev/null
+++ b/src/chrome/content/rules/NotAlwaysFriendly.com.xml
@@ -0,0 +1,18 @@
+<!--
+	See also: NotAlwaysRight.com.xml, NotAlwaysWorking.com.xml,
+	NotAlwaysHopeless.com.xml
+
+	HTTPS broken:
+		cdn.notalwaysfriendly.com
+
+	Website returns an error:
+		www.notalwaysfriendly.com
+		unfiltered.notalwaysfriendly.com
+-->
+<ruleset name="NotAlwaysFriendly.com">
+	<target host="notalwaysfriendly.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/NotAlwaysHopeless.com.xml b/src/chrome/content/rules/NotAlwaysHopeless.com.xml
new file mode 100644
index 000000000000..f197e5d6230e
--- /dev/null
+++ b/src/chrome/content/rules/NotAlwaysHopeless.com.xml
@@ -0,0 +1,12 @@
+<!--
+	See also: NotAlwaysRight.com.xml, NotAlwaysWorking.com.xml,
+	NotAlwaysFriendly.com.xml
+-->
+<ruleset name="NotAlwaysHopeless.com">
+	<target host="notalwayshopeless.com" />
+	<target host="www.notalwayshopeless.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/NotAlwaysRight.com.xml b/src/chrome/content/rules/NotAlwaysRight.com.xml
new file mode 100644
index 000000000000..69e037d735af
--- /dev/null
+++ b/src/chrome/content/rules/NotAlwaysRight.com.xml
@@ -0,0 +1,19 @@
+<!--
+	See also: NotAlwaysWorking.com.xml, NotAlwaysFriendly.com.xml,
+	NotAlwaysHopeless.com.xml
+
+	HTTPS broken:
+		cdn.notalwaysright.com
+
+	Not publicly accessible:
+		shop.notalwaysright.com
+-->
+<ruleset name="NotAlwaysRight.com">
+	<target host="notalwaysright.com" />
+	<target host="www.notalwaysright.com" />
+	<target host="about.notalwaysright.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/NotAlwaysWorking.com.xml b/src/chrome/content/rules/NotAlwaysWorking.com.xml
new file mode 100644
index 000000000000..19ac67ae6b8f
--- /dev/null
+++ b/src/chrome/content/rules/NotAlwaysWorking.com.xml
@@ -0,0 +1,18 @@
+<!--
+	See also: NotAlwaysRight.com.xml, NotAlwaysFriendly.com.xml,
+	NotAlwaysHopeless.com.xml
+
+	HTTPS broken:
+		cdn.notalwaysworking.com
+
+	Website returns an error:
+		www.notalwaysworking.com
+		unfiltered.notalwaysworking.com
+-->
+<ruleset name="NotAlwaysWorking.com">
+	<target host="notalwaysworking.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/NotBackingDownUMass.org.xml b/src/chrome/content/rules/NotBackingDownUMass.org.xml
new file mode 100644
index 000000000000..6ae63bd38ed3
--- /dev/null
+++ b/src/chrome/content/rules/NotBackingDownUMass.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="NotBackingDownUMass.org">
+	<target host="notbackingdownumass.org" />
+	<target host="www.notbackingdownumass.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Not_Enough_Shaders.com.xml b/src/chrome/content/rules/Not_Enough_Shaders.com.xml
new file mode 100644
index 000000000000..367dfd8666ef
--- /dev/null
+++ b/src/chrome/content/rules/Not_Enough_Shaders.com.xml
@@ -0,0 +1,41 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://notenoughshaders.com/ => https://notenoughshaders.com/: (35, 'error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol')
+Fetch error: http://www.notenoughshaders.com/ => https://www.notenoughshaders.com/: (35, 'error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://notenoughshaders.com/ => https://notenoughshaders.com/: (60, 'SSL certificate problem: self signed certificate')
+Fetch error: http://www.notenoughshaders.com/ => https://www.notenoughshaders.com/: (60, 'SSL certificate problem: self signed certificate')
+	Mixed content:
+
+		- css from fonts.googleapis.com *
+
+		- Images from www *
+
+		- favicon from www *
+
+		- Web bugs, from:
+
+			- www.facebook.com *
+			- reddit.com *
+			- www.stumbleupon.com *
+			- platform.twitter.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Not Enough Shaders.com" default_off="failed ruleset test">
+
+	<target host="notenoughshaders.com" />
+	<target host="www.notenoughshaders.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<securecookie host="^(?:www\.)?notenoughshaders\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Not_Even_Past.org.xml b/src/chrome/content/rules/Not_Even_Past.org.xml
new file mode 100644
index 000000000000..21b50f7866fc
--- /dev/null
+++ b/src/chrome/content/rules/Not_Even_Past.org.xml
@@ -0,0 +1,16 @@
+<!--
+	For other University of Texas at Austin coverage, see University-of-Texas-at-Austin.xml.
+
+-->
+<ruleset name="Not Even Past.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="notevenpast.org" />
+	<target host="www.notevenpast.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NotaNet.com.br.xml b/src/chrome/content/rules/NotaNet.com.br.xml
new file mode 100644
index 000000000000..6cdb521c6409
--- /dev/null
+++ b/src/chrome/content/rules/NotaNet.com.br.xml
@@ -0,0 +1,22 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://notanet.com.br/ => https://www.notanet.com.br/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.notanet.com.br/ => https://www.notanet.com.br/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	For other UOL coverage, see UOL.xml.
+
+
+	^: Cert only matches www
+
+-->
+<ruleset name="NotaNet.com.br" default_off="failed ruleset test">
+
+	<target host="notanet.com.br" />
+	<target host="www.notanet.com.br" />
+
+
+	<rule from="^http://(?:www\.)?notanet\.com\.br/"
+		to="https://www.notanet.com.br/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Notabug.io.xml b/src/chrome/content/rules/Notabug.io.xml
new file mode 100644
index 000000000000..24492ace788c
--- /dev/null
+++ b/src/chrome/content/rules/Notabug.io.xml
@@ -0,0 +1,9 @@
+<ruleset name="Notabug.io">
+	<target host="notabug.io" />
+	<target host="www.notabug.io" />
+	<target host="snew.notabug.io" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Notacon.org.xml b/src/chrome/content/rules/Notacon.org.xml
new file mode 100644
index 000000000000..089a3538d2cc
--- /dev/null
+++ b/src/chrome/content/rules/Notacon.org.xml
@@ -0,0 +1,19 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://notacon.org/ => https://notacon.org/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.notacon.org/ => https://www.notacon.org/: (60, 'SSL certificate problem: certificate has expired')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://notacon.org/ => https://notacon.org/: (51, "SSL: no alternative certificate subject name matches target host name 'notacon.org'")
+Fetch error: http://www.notacon.org/ => https://www.notacon.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.notacon.org'")
+-->
+<ruleset name="Notacon.org" default_off="failed ruleset test">
+
+	<target host="notacon.org" />
+	<target host="www.notacon.org" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NoteFly.xml b/src/chrome/content/rules/NoteFly.xml
new file mode 100644
index 000000000000..88010b270b86
--- /dev/null
+++ b/src/chrome/content/rules/NoteFly.xml
@@ -0,0 +1,10 @@
+<ruleset name="NoteFly">
+
+	<target host="notefly.org" />
+	<target host="www.notefly.org" />
+
+	<test url="http://www.notefly.org/downloads" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Noteapp.com.xml b/src/chrome/content/rules/Noteapp.com.xml
new file mode 100644
index 000000000000..18cc09e31cee
--- /dev/null
+++ b/src/chrome/content/rules/Noteapp.com.xml
@@ -0,0 +1,23 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.noteapp.com/ => https://www.noteapp.com/: (56, 'SSL read: error:00000000:lib(0):func(0):reason(0), errno 104')
+
+	Ruleset for noteapp.com.
+
+	Not supporting HTTPS or using an invalid certificate:
+		* cdn.noteapp.com
+		* git.noteapp.com
+		* rtc.noteapp.com
+-->
+<ruleset name="NoteApp.com" default_off="failed ruleset test">
+
+	<target host="noteapp.com" />
+
+	<target host="images.noteapp.com" />
+	<target host="www.noteapp.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Notebook_Italia.xml b/src/chrome/content/rules/Notebook_Italia.xml
index 981ddad9c06a..13e5f64c0bfc 100644
--- a/src/chrome/content/rules/Notebook_Italia.xml
+++ b/src/chrome/content/rules/Notebook_Italia.xml
@@ -1,8 +1,4 @@
-<!--
-	CN: pclab
-
--->
-<ruleset name="Notebook Italia" default_off="expired, self-signed">
+<ruleset name="Notebook Italia" default_off="redirects to http">
 
 	<target host="notebookitalia.it" />
 	<target host="www.notebookitalia.it" />
@@ -11,7 +7,7 @@
 	<securecookie host="^notebookitalia\.it$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?notebookitalia\.it/"
+	<rule from="^http://(www\.)?notebookitalia\.it/"
 		to="https://notebookitalia.it/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Notebooksbilliger.xml b/src/chrome/content/rules/Notebooksbilliger.xml
new file mode 100644
index 000000000000..9417d334c59c
--- /dev/null
+++ b/src/chrome/content/rules/Notebooksbilliger.xml
@@ -0,0 +1,6 @@
+<ruleset name="Notebooksbilliger.de">
+	<target host="blog.notebooksbilliger.de" />
+	<target host="img.notebooksbilliger.de" />
+	<target host="www.notebooksbilliger.de" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Notepad++.xml b/src/chrome/content/rules/Notepad++.xml
new file mode 100644
index 000000000000..87d74188e201
--- /dev/null
+++ b/src/chrome/content/rules/Notepad++.xml
@@ -0,0 +1,15 @@
+<!--
+	Invalid certificate:
+		download.notepad-plus-plus.org
+-->
+<ruleset name="Notepad-plus-plus.org">
+
+	<target host="notepad-plus-plus.org" />
+	<target host="www.notepad-plus-plus.org" />
+	<target host="community.notepad-plus-plus.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"	to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Notex.ch.xml b/src/chrome/content/rules/Notex.ch.xml
new file mode 100644
index 000000000000..11a020971497
--- /dev/null
+++ b/src/chrome/content/rules/Notex.ch.xml
@@ -0,0 +1,11 @@
+<ruleset name="Notex.ch">
+
+	<target host="notex.ch" />
+	<target host="www.notex.ch" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Nothing.ch.xml b/src/chrome/content/rules/Nothing.ch.xml
new file mode 100644
index 000000000000..d26ec1492bc6
--- /dev/null
+++ b/src/chrome/content/rules/Nothing.ch.xml
@@ -0,0 +1,18 @@
+<!--
+	Nothing Interactive
+
+-->
+<ruleset name="Nothing.ch">
+
+	<target host="nothing.ch" />
+	<target host="www.nothing.ch" />
+
+
+	<!--	Server sets Secure for:
+					-->
+	<!--securecookie host="^\.nothing\.ch$" name=".+" /-->
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Nottingham.ac.uk-falsemixed.xml b/src/chrome/content/rules/Nottingham.ac.uk-falsemixed.xml
new file mode 100644
index 000000000000..d5ee2c61ab02
--- /dev/null
+++ b/src/chrome/content/rules/Nottingham.ac.uk-falsemixed.xml
@@ -0,0 +1,16 @@
+<!--
+	For rules not causing false/broken MCB, see NottinghamAC.xml.
+
+-->
+<ruleset name="Nottingham.ac.uk (false MCB)" platform="mixedcontent">
+
+	<target host="eprints.nottingham.ac.uk" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NottinghamAC.xml b/src/chrome/content/rules/NottinghamAC.xml
index 2f1b7fb67edb..fa8b56815d0f 100644
--- a/src/chrome/content/rules/NottinghamAC.xml
+++ b/src/chrome/content/rules/NottinghamAC.xml
@@ -1,13 +1,158 @@
-<ruleset name="NottinghamAC">
 
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://idp.nottingham.ac.uk/ => https://idp.nottingham.ac.uk/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://pfact.nottingham.ac.uk/ => https://pfact.nottingham.ac.uk/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://selfservice.nottingham.ac.uk/ => https://selfservice.nottingham.ac.uk/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	For rules causing false/broken MCB, see Nottingham.ac.uk-falsemixed.xml.
+
+	Other University of Nottingham rulesets:
+
+		- CPIB.ac.uk.xml
+
+
+	Nonfunctional hosts in *nottingham.ac.uk:
+
+		- uiwapren01.ad ᵈ
+		- aleph ʳ
+		- asab ᵃ
+		- atensembl ʳ
+		- beta ᵃ
+		- bigf ʳ
+		- www.brainbody ʳ
+		- besley.chem ᵃ
+		- crc ᵃ
+		- click ᵃ
+		- www.eee ʳ
+		- www.egil ᵃ
+		- www.engineering ᵃ
+		- genomics ʳ
+		- h-atlas ʳ
+		- www.lsri ʳ
+		- status ᵃ
+		- kepn ᵃ
+		- metalib.library ᵈ
+		- lists ʳ
+		- intranet.magres ʳ
+		- mahara ʳ
+		- modulecatalogue ᵃ
+		- mpags ʳ
+		- mssweb ʳ
+		- opendoar ᵃ
+		- pcfinder ᵃ
+		- www.psychology ʳ
+		- readinglist ⁴
+		- rogo-oss ᵃ
+		- runicdictionary ᵃ
+		- store ʰ
+		- www.su-web2 ᵖ
+		- www.trentdeanery ᵃ
+		- tri ᵃ
+		- www.unim ᵃ
+		- unow ᵈ
+		- webct ᵈ
+		- windowsonwar ᵃ
+
+	⁴ 404
+	ᵃ Shows another domain
+	ᵈ Dropped
+	ʰ Redirects to http
+	ᵖ Plaintext reply
+	ʳ Refused
+
+
+	Problematic hosts in *nottingham.ac.uk:
+
+		- comp.chem ᵉ ᵐ ˢ
+		- eprints ˣ
+		- pepl ᵉ ˣ
+		- rogo-demo ᶜ
+		- saturnweb ᶜ
+		- ssbcpib01 ᵐ
+		- ukads ᵉ ᵐ ˢ
+
+	ᶜ Missing certificate chain
+	ᵉ Expired
+	ᵐ Mismatched
+	ˢ Self-signed
+	ˣ Mixed css
+
+
+	Mixed content:
+
+		- css, on:
+
+			- eprints from $self ˢ
+			- pesl from $self
+			- www.su from fonts.googleapis.com ˢ
+
+		- Images, on:
+
+			- equipment from www.nottingham.ac.uk ˢ
+			- exchange, www.su from $self ˢ
+			- pesl from $self
+
+	ˢ Secured by us
+
+-->
+<ruleset name="NottinghamAC" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
 	<target host="nottingham.ac.uk" />
-	<target host="*.nottingham.ac.uk" />
+	<target host="alumni.nottingham.ac.uk" />
+	<target host="www.alumni.nottingham.ac.uk" />
+	<target host="blogs.nottingham.ac.uk" />
+	<target host="bluecastle.nottingham.ac.uk" />
+	<target host="cas.nottingham.ac.uk" />
+	<target host="email.nottingham.ac.uk" />
+	<target host="equella.nottingham.ac.uk" />
+	<!--target host="eprints.nottingham.ac.uk" /-->
+	<target host="equipment.nottingham.ac.uk" />
+	<target host="estaffprofile.nottingham.ac.uk" />
+	<target host="estateshelpdesk.nottingham.ac.uk" />
+	<target host="exchange.nottingham.ac.uk" />
+	<target host="idea.nottingham.ac.uk" />
+	<target host="idp.nottingham.ac.uk" />
+	<target host="imat.nottingham.ac.uk" />
+	<target host="itaccounts.nottingham.ac.uk" />
+	<target host="jobs.nottingham.ac.uk" />
+	<target host="my.nottingham.ac.uk" />
+	<target host="www.maths.nottingham.ac.uk" />
+	<target host="mediaspace.nottingham.ac.uk" />
+	<target host="myfinances.nottingham.ac.uk" />
+	<target host="mynottingham.nottingham.ac.uk" />
+	<target host="pfact.nottingham.ac.uk" />
+	<target host="portal.nottingham.ac.uk" />
+	<target host="ppn.nottingham.ac.uk" />
+	<target host="printpin.nottingham.ac.uk" />
+	<target host="owa.nottingham.ac.uk" />
+	<target host="pgapps.nottingham.ac.uk" />
+	<!--target host="rogo-demo.nottingham.ac.uk" /-->
+	<target host="saturnug.nottingham.ac.uk" />
+	<!--target host="saturnweb.nottingham.ac.uk" /-->
+	<target host="selfservice.nottingham.ac.uk" />
+	<target host="su.nottingham.ac.uk" />
+	<target host="www.su.nottingham.ac.uk" />
+	<target host="psdev.transform.nottingham.ac.uk" />
+	<target host="webapps.nottingham.ac.uk" />
+	<target host="workspace.nottingham.ac.uk" />
+	<target host="www.nottingham.ac.uk" />
+	<target host="www5.nottingham.ac.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="ssbcpib01.nottingham.ac.uk" />
+
 
+	<securecookie host="^(?:.+\.)?nottingham\.ac\.uk$" name=".+" />
 
-	<securecookie host="^(.+\.)?nottingham\.ac\.uk$" name=".*" />
 
+	<rule from="^http://ssbcpib01\.nottingham\.ac\.uk/"
+		to="https://www.cpib.ac.uk/" />
 
-	<rule from="^http://((?:email|jobs|owa|www)\.)?nottingham\.ac\.uk/"
-		to="https://$1nottingham.ac.uk/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Nova.fr.xml b/src/chrome/content/rules/Nova.fr.xml
new file mode 100644
index 000000000000..537f2d498e54
--- /dev/null
+++ b/src/chrome/content/rules/Nova.fr.xml
@@ -0,0 +1,16 @@
+<!--
+	No working URL known:
+		api.nova.fr (401)
+		audio.nova.fr (403)
+
+	podcast.nova.fr ( various problems, see https://github.com/EFForg/https-everywhere/pull/15214 )
+
+-->
+<ruleset name="Nova.fr">
+
+	<target host="nova.fr" />
+	<target host="www.nova.fr" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Novaapi.net.xml b/src/chrome/content/rules/Novaapi.net.xml
new file mode 100644
index 000000000000..d93c5773d0ad
--- /dev/null
+++ b/src/chrome/content/rules/Novaapi.net.xml
@@ -0,0 +1,23 @@
+<!--
+	Nonfunctional hosts in *.novaapi.net:
+
+	h: http redirect
+		- www.novaapi.net
+			http://www.novaapi.net	> http://novaapi.net
+			https://www.novaapi.net	> http://novaapi.net
+
+	m: certificate mismatch
+		- ci.novaapi.net
+		- maven.novaapi.net
+
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+		- artifactory.novaapi.net
+-->
+<ruleset name="Novaapi.net">
+	<target host="novaapi.net" />
+	<target host="www.novaapi.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Novartisart.com.xml b/src/chrome/content/rules/Novartisart.com.xml
index 66695c2287bd..c0784e7e97a1 100644
--- a/src/chrome/content/rules/Novartisart.com.xml
+++ b/src/chrome/content/rules/Novartisart.com.xml
@@ -12,4 +12,4 @@
 	<rule from="^http://(?:www\.)?novartisart\.com/"
 		to="https://novartisart.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Novell.xml b/src/chrome/content/rules/Novell.xml
index f34f9b4aff16..54d9dfb6277f 100644
--- a/src/chrome/content/rules/Novell.xml
+++ b/src/chrome/content/rules/Novell.xml
@@ -1,27 +1,59 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://login.novell.com/ => https://login.novell.com/: (51, "SSL: no alternative certificate subject name matches target host name 'login.novell.com'")
+
+-->
+
 <!--
-	For other Attachmate Group coverage, see Attachmate-Group.xml.
+Disabled by https-everywhere-checker because:
+Fetch error: http://login.novell.com/ => https://login.novell.com/: (51, "SSL: no alternative certificate subject name matches target host name 'login.novell.com'")
+Fetch error: http://shop.novell.com/ => https://shop.novell.com/: (51, "SSL: no alternative certificate subject name matches target host name 'shop.novell.com'")
+
+	For other Micro Focus coverage, see Micro_Focus.com.xml.
 
 
 	Problematic domains:
 
-		- ^		(no https)
-		- bugzillafiles (times out)
+		- ^ ¹
+		- bugzillafiles ²
 
--->
-<ruleset name="Novell (partial)">
+	¹ Refused
+	² Dropped
 
+-->
+<ruleset name="Novell.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="bugzilla.novell.com" />
+	<target host="forums.novell.com" />
+	<target host="login.novell.com" />
+	<target host="shop.novell.com" />
+	<target host="secure-www.novell.com" />
+	<target host="support.novell.com" />
+
+	<target host="websupport.novell.com" />
+	<target host="c2c.websupport.novell.com" />
+	<target host="eservice.websupport.novell.com" />
+
+	<target host="wiki.novell.com" />
+	<target host="www.novell.com" />
+
+	<!--	Complications:
+				-->
 	<target host="novell.com" />
-	<target host="*.novell.com" />
 
 
 	<!--securecookie host="^\.novell\.com$" name="^(?:lb_snovell|ZNPCQ\d{3}-\d{8})$" /-->
-	<securecookie host="^(?:shop|wiki|www)\.novell\.com$" name=".+" />
+	<securecookie host="^\.novell\.com$" name="^bb_(?:sessionhash|lastactivity|lastvisit)$" />
+	<securecookie host="^(?:shop|(?:c2c\.|eservice\.)?websupport|wiki|www)\.novell\.com$" name=".+" />
 
 
-	<rule from="^https?://novell\.com/"
+	<rule from="^http://novell\.com/"
 		to="https://www.novell.com/" />
 
-	<rule from="^http://(bugzilla|login|shop|secure-www|wiki|www)\.novell\.com/"
-		to="https://$1.novell.com/"/>
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/NovoEd.com.xml b/src/chrome/content/rules/NovoEd.com.xml
new file mode 100644
index 000000000000..4b622318576a
--- /dev/null
+++ b/src/chrome/content/rules/NovoEd.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- novoed.com
+
+-->
+<ruleset name="NovoEd.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="novoed.com" />
+	<target host="www.novoed.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^novoed\.com$" name="^_novoed_session$" /-->
+
+	<securecookie host="^novoed\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Novosoft.net.xml b/src/chrome/content/rules/Novosoft.net.xml
new file mode 100644
index 000000000000..249bc48e4b67
--- /dev/null
+++ b/src/chrome/content/rules/Novosoft.net.xml
@@ -0,0 +1,16 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://novosoft.net/ => https://novosoft.net/: (51, "SSL: no alternative certificate subject name matches target host name 'novosoft.net'")
+Fetch error: http://www.novosoft.net/ => https://www.novosoft.net/: (51, "SSL: no alternative certificate subject name matches target host name 'www.novosoft.net'")
+
+-->
+<ruleset name="Novosoft.net" default_off="failed ruleset test">
+
+	<target host="novosoft.net" />
+	<target host="www.novosoft.net" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Now.com.xml b/src/chrome/content/rules/Now.com.xml
new file mode 100644
index 000000000000..0246a23e5a62
--- /dev/null
+++ b/src/chrome/content/rules/Now.com.xml
@@ -0,0 +1,35 @@
+<!--
+	Break content:
+		- nowplayer.now.com
+		- video.now.com
+
+	HTTP redirect:
+		- nowtv.now.com
+		- videoexpress.now.com
+
+	Timeout
+		- alipay.now.com
+		- game.now.com
+		- manutd.now.com
+		- nba.now.com
+		- servnotice.now.com
+
+	Could not connect:
+		- adapi.now.com
+
+	Non-2xx HTTP code:
+		- reg.now.com
+-->
+<ruleset name="Now.com">
+	<target host="now.com" />
+	<target host="www.now.com" />
+	<target host="finance.now.com" />
+	<target host="media.now.com" />
+	<target host="news.now.com" />
+	<target host="property.now.com" />
+	<target host="sports.now.com" />
+	<target host="store.now.com" />
+	<target host="tvbinding.now.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/NowSecure.com.xml b/src/chrome/content/rules/NowSecure.com.xml
new file mode 100644
index 000000000000..3a23465f84d1
--- /dev/null
+++ b/src/chrome/content/rules/NowSecure.com.xml
@@ -0,0 +1,27 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .nowsecure.com
+
+-->
+<ruleset name="NowSecure.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="nowsecure.com" />
+	<target host="info.nowsecure.com" />
+	<target host="www.nowsecure.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.nowsecure\.com$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Nowness.com.xml b/src/chrome/content/rules/Nowness.com.xml
new file mode 100644
index 000000000000..912a18504c8c
--- /dev/null
+++ b/src/chrome/content/rules/Nowness.com.xml
@@ -0,0 +1,26 @@
+<!--
+	^nowness.com: Dropped
+
+-->
+<ruleset name="Nowness.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.nowness.com" />
+
+	<!--	Complications:
+				-->
+	<target host="nowness.com" />
+
+
+	<securecookie host="^\." name="^_gat?$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://nowness\.com/"
+		to="https://www.nowness.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Nowtilus.tv.xml b/src/chrome/content/rules/Nowtilus.tv.xml
deleted file mode 100644
index c3e685ec6fc4..000000000000
--- a/src/chrome/content/rules/Nowtilus.tv.xml
+++ /dev/null
@@ -1,30 +0,0 @@
-<!--
-	For other Rovi coverage, see Rovi.xml.
-
-
-	CDN buckets:
-
-		- hansenet.download.nowtilus.tv.edgesuite.net
-
-			- a629.g.akamai.net
-
-
-	Nonfunctional subdomains:
-
-		- (www.)	(http reply)
-
-
-	Problematic subdomains:
-
-		- hansenet.download	(works, akamai)
-
--->
-<ruleset name="Nowtilus.tv (partial)">
-
-	<target host="hansenet.download.nowtilus.tv" />
-
-
-	<rule from="^http://hansenet\.download\.nowtilus\.tv/"
-		to="https://a248.e.akamai.net/f/629/9478/5m/hansenet.download.nowtilus.tv/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Nowy_BIP.xml b/src/chrome/content/rules/Nowy_BIP.xml
deleted file mode 100644
index d1415e110cf8..000000000000
--- a/src/chrome/content/rules/Nowy_BIP.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	CN: firmlet.pl
-
--->
-<ruleset name="Nowy BIP" default_off="mismatched">
-
-	<target host="nowybip.siteor.com" />
-	<target host="nowybip.pl" />
-	<target host="*.nowybip.pl" />
-
-
-	<securecookie host="^\.nowybip\.pl$" name=".+" />
-
-
-	<rule from="^https?://(?:www\.)?nowybip\.pl/"
-		to="https://nowybip.pl/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Noxsolutions.com.xml b/src/chrome/content/rules/Noxsolutions.com.xml
new file mode 100644
index 000000000000..cb91478c433e
--- /dev/null
+++ b/src/chrome/content/rules/Noxsolutions.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="Noxsolutions.com">
+	<target host="noxsolutions.com" />
+	<target host="www.noxsolutions.com" />
+	<target host="podone.noxsolutions.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Nplusonemag.com.xml b/src/chrome/content/rules/Nplusonemag.com.xml
new file mode 100644
index 000000000000..efd900ad51ce
--- /dev/null
+++ b/src/chrome/content/rules/Nplusonemag.com.xml
@@ -0,0 +1,38 @@
+<!--
+	Problematic hosts in *nplusonemag.com:
+
+		- shop *
+
+	* Shopify
+
+
+	Fully covered hosts in *nplusonemag.com:
+
+		- (www.)?
+
+
+	Insecure cookies are set for these hosts:
+
+		- nplusonemag.com
+		- www.nplusonemag.com
+
+-->
+<ruleset name="nplusonemag.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="nplusonemag.com" />
+	<target host="www.nplusonemag.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?nplusonemag\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^(?:www\.)?nplusonemag\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Npm.im.xml b/src/chrome/content/rules/Npm.im.xml
new file mode 100644
index 000000000000..3b3aa95762e6
--- /dev/null
+++ b/src/chrome/content/rules/Npm.im.xml
@@ -0,0 +1,18 @@
+<!--
+	For other Joyent coverage, see Joyent.xml.
+
+
+	^: Mismatched
+	www: Expired
+
+-->
+<ruleset name="npm.im" default_off="expired">
+
+	<target host="npm.im" />
+	<target host="www.npm.im" />
+
+
+	<rule from="^http://(?:www\.)?npm\.im/"
+		to="https://www.npm.im/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Npm_js.com.xml b/src/chrome/content/rules/Npm_js.com.xml
new file mode 100644
index 000000000000..ffb78ad40861
--- /dev/null
+++ b/src/chrome/content/rules/Npm_js.com.xml
@@ -0,0 +1,18 @@
+<!--
+	For other Joyent coverage, see Joyent.xml.
+
+-->
+<ruleset name="npm js.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="npmjs.com" />
+	<target host="docs.npmjs.com" />
+	<target host="preview.npmjs.com" />
+	<target host="www.npmjs.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Npm_js.org.xml b/src/chrome/content/rules/Npm_js.org.xml
index c140b79e5bd1..5d3220cb935c 100644
--- a/src/chrome/content/rules/Npm_js.org.xml
+++ b/src/chrome/content/rules/Npm_js.org.xml
@@ -1,32 +1,27 @@
 <!--
 	For other Joyent coverage, see Joyent.xml.
 
-
-	Problematic subdomains:
-
-		- couch *
-		- registry	(works, self-signed)
-		- scratch *
-
-	* Works; mismatched, CN: registry.npmjs.org
+	Invalid certificate:
+		blog.npmjs.org
+		docs.npmjs.org
 
 -->
-<ruleset name="npm js.org (partial)">
+<ruleset name="npmjs.org">
 
-	<target host="packages.nodejs.org" />
-	<target host="npm.im" />
-	<target host="www.npm.im" />
 	<target host="npmjs.org" />
 	<target host="www.npmjs.org" />
+	<target host="api.npmjs.org" />
+		<test url="http://api.npmjs.org/downloads/range/last-month/@types/express" />
+	<target host="docs.npmjs.org" />
+	<target host="registry.npmjs.org" />
+	<target host="status.npmjs.org" />
 
+	<securecookie host=".+" name=".+" />
 
-	<securecookie host="^npmjs\.org$" name=".+" />
-
-
-	<rule from="^http://packages\.nodejs\.org/"
-		to="https://packages.nodejs.org/" />
+	<rule from="^http://docs\.npmjs\.org/"
+		to="https://docs.npmjs.com/" />
 
-	<rule from="^http://(www\.)?npm(\.im|js\.org)/"
-		to="https://$1npm$2/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Npmawesome.com-falsemixed.xml b/src/chrome/content/rules/Npmawesome.com-falsemixed.xml
new file mode 100644
index 000000000000..72f38ad4da49
--- /dev/null
+++ b/src/chrome/content/rules/Npmawesome.com-falsemixed.xml
@@ -0,0 +1,12 @@
+<!--
+	For rules not causing false/broken MCB, see  Npmawesome.com.xml.
+
+-->
+<ruleset name="npmawesome.com (false MCB)" platform="mixedcontent">
+
+	<target host="npmawesome.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Npmawesome.com.xml b/src/chrome/content/rules/Npmawesome.com.xml
new file mode 100644
index 000000000000..efdacb6fb057
--- /dev/null
+++ b/src/chrome/content/rules/Npmawesome.com.xml
@@ -0,0 +1,35 @@
+<!--
+	For rules causing false/broken MCB, see  Npmawesome.com-falsemixed.xml.
+
+
+	Mixed content:
+
+		- css, from:
+
+			- $self *
+			- fonts.googleapis.com *
+
+		- Images, from:
+
+			- $self *
+			- www.gravatar.com *
+
+	* Secured by us
+
+-->
+<ruleset name="npmawesome.com (partial)">
+
+	<target host="npmawesome.com" />
+	<target host="www.npmawesome.com" />
+		<!--
+			Avoid broken MCB:
+						-->
+		<exclusion pattern="^http://npawesome\.com/+(?!favicon\.ico|wp-content/|wp-includes/)" />
+
+
+	<securecookie host="^\.npmawesome\.com$" name="^__cfduid$" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Npower.xml b/src/chrome/content/rules/Npower.xml
index 07d6c6cd156e..5a3c5d495d1f 100644
--- a/src/chrome/content/rules/Npower.xml
+++ b/src/chrome/content/rules/Npower.xml
@@ -21,4 +21,4 @@
 	<rule from="^http://(?:www\.)?npower\.com/([aA]t_[hH]ome/[aA]pplications/|favicon\.ico|idc/groups/wcms_|In_Business/)"
 		to="https://www.npower.com/$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Nqsb.io.xml b/src/chrome/content/rules/Nqsb.io.xml
new file mode 100644
index 000000000000..b3a6c44a76c4
--- /dev/null
+++ b/src/chrome/content/rules/Nqsb.io.xml
@@ -0,0 +1,20 @@
+<!--
+	www.nqsb.io doesn't exist.
+
+
+	These altnames don't exist:
+
+		- tls.nqsb.io
+
+-->
+<ruleset name="nqsb.io">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="nqsb.io" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Nrelate.xml b/src/chrome/content/rules/Nrelate.xml
deleted file mode 100644
index 5479ac967528..000000000000
--- a/src/chrome/content/rules/Nrelate.xml
+++ /dev/null
@@ -1,41 +0,0 @@
-<!--
-	CDN buckets:
-
-		- nrelate.scaleengine.net		(doesn't support https)
-			- static.nrelate.anycastcdn.net	(ditto)
-
-		- nrelate.cdn.scaleengine.net		(ditto)
-			- nrelate.anycastcdn.net	(ditto)
-
-				- imgcdn.nrelate.com
-
-
-	Nonfunctional subdomains:
-
-		- img		(once worked, no longer does)
-		- imgcdn *
-		- static *
-		- (www.)	(redirects to partners)
-
-	* Times out
-
--->
-<ruleset name="nrelate (partial)">
-
-	<target host="nrelate.com" />
-	<target host="*.nrelate.com" />
-
-
-	<securecookie host="^partners\.nrelate\.com$" name=".*" />
-
-
-	<rule from="^http://(?:www\.)?nrelate\.com/wp-content/uploads/2010/10/favicon\.ico"
-		to="https://partners.nrelate.com/wp-content/themes/partners-main/images/favicon.ico" />
-
-	<rule from="^http://(?:www\.)?nrelate\.com/wp-content/uploads/2012/01/nrelate\.png"
-		to="https://partners.nrelate.com/wp-content/themes/partners-main/images/logo2.png" />
-
-	<rule from="^http://partners\.nrelate\.com/"
-		to="https://partners.nrelate.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Nrk.no.xml b/src/chrome/content/rules/Nrk.no.xml
new file mode 100644
index 000000000000..10df680234ef
--- /dev/null
+++ b/src/chrome/content/rules/Nrk.no.xml
@@ -0,0 +1,81 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://fil.nrk.no/ => https://fil.nrk.no/: (56, 'SSL read: error:00000000:lib(0):func(0):reason(0), errno 104')
+
+	Norsk rikskringkasting AS
+
+	Other Norsk rikskringkasting rulesets:
+
+		- NRKbeta.no.xml
+
+
+	Nonfunctional hosts in *nrk.no:
+
+		- blogg ʳ
+		- pressbilder ʳ
+		- psfil.radio ²
+		- sprak ʰ
+		- trafikk ᵈ
+		- cdn.trafikk ᵈ
+		- psfil.tv ²
+
+	ᵈ Dropped
+	ʰ WP Engine / redirects to http
+	ʳ Refused
+	² 504, Akamai
+
+
+	Problematic hosts in *nrk.no:
+
+		- arkivpublisering ᵐ
+		- v8.psapi ᵐ
+
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- arkivpublisering.nrk.no
+		- .arkivpublisering.nrk.no
+		- snutt.nrk.no
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css on arkivpublisering from www.nrk.no ˢ
+		- Bugs on radio, tv from nrk.tns-cs.net ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="NRK.no (partial)" default_off="failed ruleset test">
+
+	<target host="nrk.no" />
+	<target host="fil.nrk.no" />
+	<target host="gfx.nrk.no" />
+	<target host="resultater.nrk.no" />
+	<target host="snutt.nrk.no" />
+	<target host="tv.nrk.no" />
+	<target host="www.nrk.no" />
+
+		<test url="http://fil.nrk.no/contentfile/web/files/nrk.no/_forsiden/images/Ytring_198px.jpg" />
+		<test url="http://gfx.nrk.no/WhohBNhFz937GN8XC1BIZgnXdlPeINQw35mJgM1IDEDA" />
+		<test url="http://tv.nrk.no/pakke73/2.4.75.0a/content/images/icons/heading-arrow.png" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^arkivpublisering\.nrk\.no$" name="^sails\.sid$" /-->
+	<!--securecookie host="^\.arkivpublisering\.nrk\.no$" name="^ARRAffinity$" /-->
+	<!--securecookie host="^snutt\.nrk\.no$" name="^BIGipServer" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Nruns.com.xml b/src/chrome/content/rules/Nruns.com.xml
new file mode 100644
index 000000000000..f9989474ea50
--- /dev/null
+++ b/src/chrome/content/rules/Nruns.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="Nruns.com">
+	<target host="nruns.com" />
+	<target host="www.nruns.com" />
+	<target host="mail.nruns.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Nserver.Ru.xml b/src/chrome/content/rules/Nserver.Ru.xml
new file mode 100644
index 000000000000..b4803156f1f5
--- /dev/null
+++ b/src/chrome/content/rules/Nserver.Ru.xml
@@ -0,0 +1,33 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ovh.nserver.ru/ => https://ovh.nserver.ru/: (7, 'Failed to connect to ovh.nserver.ru port 443: Connection refused')
+
+	Insecure cookies are set for these domains:
+
+		- .gpt.nserver.ru
+
+-->
+<ruleset name="Nserver.Ru" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="nserver.ru" />
+	<target host="bp.nserver.ru" />
+	<target host="dc.nserver.ru" />
+	<target host="gpt.nserver.ru" />
+	<target host="ovh.nserver.ru" />
+	<target host="www.nserver.ru" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.gpt\.nserver\.ru$" name="^regbase2_id$" /-->
+
+	<securecookie host="^\.gpt\.nserver\.ru$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Nsfwcorp.com.xml b/src/chrome/content/rules/Nsfwcorp.com.xml
index bc31c307e9ee..651d396fca41 100644
--- a/src/chrome/content/rules/Nsfwcorp.com.xml
+++ b/src/chrome/content/rules/Nsfwcorp.com.xml
@@ -4,26 +4,48 @@
 		- nsfw-live.s3.amazonaws.com
 
 
-	Nonfunctional subdomains:
+	Problematic hosts in *nsfwcorp.com:
 
-		- live	(times out)
+		- ^ ¹
+		- live ²
 
+	¹ Dropped
+	² Mismatched
 
-	Problematic subdomains:
 
-		- ^	(times out)
+	Mixed content:
+
+		- css on live from fonts.googleapis.com ¹
+		- on live from $self ²
+
+	¹ Secured by us
+	² Not secured by us <= mismatched
 
 -->
 <ruleset name="nsfwcorp.com (partial)">
 
-	<target host="nsfwcorp.com" />
+	<!--	Direct rewrites:
+				-->
+	<target host="conflict.nsfwcorp.com" />
+	<!--target host="live.nsfwcorp.com" /-->
 	<target host="www.nsfwcorp.com" />
 
+	<!--	Complications:
+				-->
+	<target host="nsfwcorp.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^live\.nsfwcorp\.com$" name="^it_exchange_session_[\da-f]{32}$" /-->
 
 	<securecookie host="^www\.nsfwcorp\.com$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?nsfwcorp\.com/"
+	<rule from="^http://nsfwcorp\.com/"
 		to="https://www.nsfwcorp.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Nsimg.net.xml b/src/chrome/content/rules/Nsimg.net.xml
new file mode 100644
index 000000000000..c098ab9f2b3e
--- /dev/null
+++ b/src/chrome/content/rules/Nsimg.net.xml
@@ -0,0 +1,19 @@
+<!--
+	Fully covered hosts in *nsimg.net:
+
+		- m1
+		- m2
+
+-->
+<ruleset name="nsimg.net">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="m1.nsimg.net" />
+	<target host="m2.nsimg.net" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Nsnam.org.xml b/src/chrome/content/rules/Nsnam.org.xml
new file mode 100644
index 000000000000..ccfbe5de2d23
--- /dev/null
+++ b/src/chrome/content/rules/Nsnam.org.xml
@@ -0,0 +1,23 @@
+<!--
+	Problematic hosts in *nsnam.org:
+
+	These altnames don't exist:
+
+		- nsnam.org
+
+-->
+<ruleset name="nsnam.org">
+	<target host="code.nsnam.org" />
+	<target host="www.nsnam.org" />
+
+	<test url="http://code.nsnam.org/ns-3-dev/" />
+
+	<rule from="^http://code\.nsnam\.org/$"
+	       to="https://code.nsnam.org/" />
+
+	<rule from="^http://code\.nsnam\.org/"
+	      to="https://code.nsnam.org/index.cgi/" />
+
+	<rule from="^http:"
+	      to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Nstatic.com.xml b/src/chrome/content/rules/Nstatic.com.xml
new file mode 100644
index 000000000000..4eed269ddb73
--- /dev/null
+++ b/src/chrome/content/rules/Nstatic.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="Nstatic.net">
+
+	<target host="nstatic.net" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Nsupdate.info.xml b/src/chrome/content/rules/Nsupdate.info.xml
new file mode 100644
index 000000000000..1d51b5d685f0
--- /dev/null
+++ b/src/chrome/content/rules/Nsupdate.info.xml
@@ -0,0 +1,9 @@
+<ruleset name="nsupdate.info">
+
+	<target host="nsupdate.info" />
+	<target host="www.nsupdate.info" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ntacdn1.net.xml b/src/chrome/content/rules/Ntacdn1.net.xml
deleted file mode 100644
index f42ceff7833f..000000000000
--- a/src/chrome/content/rules/Ntacdn1.net.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	For other Peercraft coverage, see Peercraft.xml.
-
--->
-<ruleset name="ntacdn1.net">
-
-	<target host="ntacdn1.net" />
-	<target host="*.ntacdn1.net" />
-
-
-	<securecookie host="^\.ntacdn1\.net$" name=".+" />
-
-
-	<rule from="^http://(www\.)?ntacdn1\.net/"
-		to="https://$1ntacdn1.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Ntk.me.xml b/src/chrome/content/rules/Ntk.me.xml
new file mode 100644
index 000000000000..feae0f651c3f
--- /dev/null
+++ b/src/chrome/content/rules/Ntk.me.xml
@@ -0,0 +1,40 @@
+<!--
+	NB: Tor users cannot view* this website due to CloudFlare settings.
+
+	See:
+
+		- https://blog.torproject.org/blog/call-arms-helping-internet-services-accept-anonymous-users
+		- https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block-Tor-
+		- https://support.cloudflare.com/hc/en-us/articles/200170206-How-do-I-turn-I-m-Under-Attack-mode-on-
+
+	* without enabling javascript, for security and privacy implications see e.g.:
+
+		- https://www.mozilla.org/security/known-vulnerabilities/firefox.html
+		- https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-fingerprinting
+		- https://panopticlick.eff.org
+
+
+	Insecure cookies are set for these domains:
+
+		- .ntk.me
+
+-->
+<ruleset name="ntk.me">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ntk.me" />
+	<target host="www.ntk.me" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.ntk\.me$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.ntk\.me$" name="^(?:__cfduid|cf_clearance)$" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ntmx.de.xml b/src/chrome/content/rules/Ntmx.de.xml
new file mode 100644
index 000000000000..ffd406fde61e
--- /dev/null
+++ b/src/chrome/content/rules/Ntmx.de.xml
@@ -0,0 +1,35 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://ntmx.de/ (200) => https://ntmx.de/ (403)
+Non-2xx HTTP code: http://mail.ntmx.de/ (200) => https://mail.ntmx.de/ (403)
+Non-2xx HTTP code: http://www.ntmx.de/ (200) => https://ntmx.de/ (403)
+
+	www: Mismatched
+
+
+	Fully covered hosts in *ntmx.de:
+
+		- (www.)?	(www → ^)
+		- mail
+
+-->
+<ruleset name="ntmx.de" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ntmx.de" />
+	<target host="mail.ntmx.de" />
+
+	<!--	Complications:
+				-->
+	<target host="www.ntmx.de" />
+
+
+	<rule from="^http://www\.ntmx\.de/"
+		to="https://ntmx.de/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ntop.org.xml b/src/chrome/content/rules/Ntop.org.xml
index 91a4f7d18433..82e34c035485 100644
--- a/src/chrome/content/rules/Ntop.org.xml
+++ b/src/chrome/content/rules/Ntop.org.xml
@@ -1,45 +1,16 @@
 <!--
-	Problematic subdomains:
-
-		- (www.)	(works; mismatched, CN: svn.ntop.org)
-
-
-	Fully covered subdomains:
-
-		- (www.)	(→ svn)
-		- svn
-
-
-	Mixed content:
-
-		- Script on svn from www *
-
-		- css:
-
-			- On svn from www *
-			- On svn from fonts.googleapis.com *
-
-		- Images on svn from www *
-
-	* Secured by us
-
-
-	NB: We secure all resources, and thus
-	platform should be removed with Ffx 24.
+	Invalid certificate:
+		ntop.org
+		www.ntop.org
+		packages.ntop.org
+		svn.ntop.org"
 
 -->
-<ruleset name="ntop.org (false MCB)" platform="mixedcontent">
-
-	<target host="ntop.org" />
-	<target host="*.ntop.org" />
-
+<ruleset name="ntop.org">
 
-	<rule from="^http://(?:svn\.|www\.)?ntop\.org/"
-		to="https://svn.ntop.org/" />
+	<target host="shop.ntop.org" />
 
-	<!--	Protocol-relative links from svn:
-							-->
-	<rule from="^https://www\.ntop\.org/"
-		to="https://svn.ntop.org/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Nttxstore.xml b/src/chrome/content/rules/Nttxstore.xml
index cabf57ba1883..890b4c859e69 100644
--- a/src/chrome/content/rules/Nttxstore.xml
+++ b/src/chrome/content/rules/Nttxstore.xml
@@ -2,5 +2,5 @@
   <target host="nttxstore.jp"/>
   <target host="www.nttxstore.jp"/>
 
-  <rule from="^http://(www\.)?nttxstore\.jp/" to="https://nttxstore.jp/"/>
+  <rule from="^http://(?:www\.)?nttxstore\.jp/" to="https://nttxstore.jp/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/Ntv.io.xml b/src/chrome/content/rules/Ntv.io.xml
new file mode 100644
index 000000000000..a6bdb2ef1449
--- /dev/null
+++ b/src/chrome/content/rules/Ntv.io.xml
@@ -0,0 +1,23 @@
+
+<!--
+	Ads.
+
+	For other Nativo coverage, see:
+		+ Nativo.net.xml
+
+	Fully covered subdomains:
+
+		s.ntv.io
+
+	Invalid Certificate:
+
+		a.ntv.io
+-->
+
+<ruleset name="ntv.io (partial)" >
+	<target host="s.ntv.io" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/NuBlue.xml b/src/chrome/content/rules/NuBlue.xml
index da613a21e8e5..e14461d5a14a 100644
--- a/src/chrome/content/rules/NuBlue.xml
+++ b/src/chrome/content/rules/NuBlue.xml
@@ -1,13 +1,12 @@
 <ruleset name="NuBlue">
 
 	<target host="nublue.co.uk" />
-	<target host="*.nublue.co.uk" />
+	<target host="www.nublue.co.uk" />
 
 
 	<securecookie host="^\.nublue\.co\.uk$" name=".+" />
 
 
-	<rule from="^http://(www\.)?nublue\.co\.uk/"
-		to="https://$1nublue.co.uk/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/NuButs.com.xml b/src/chrome/content/rules/NuButs.com.xml
new file mode 100644
index 000000000000..a2574cf6e50e
--- /dev/null
+++ b/src/chrome/content/rules/NuButs.com.xml
@@ -0,0 +1,29 @@
+<!--
+	Insecure cookies are set for these domains and hosts:
+
+		- .nubits.com
+		- discuss.nubits.com
+
+-->
+<ruleset name="NuBits.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="nubits.com" />
+	<target host="discuss.nubits.com" />
+	<target host="docs.nubits.com" />
+	<target host="www.nubits.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.nubits\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+	<!--securecookie host="^discuss\.nubits\.com$" name="^(?:_forum_session|destination_url)$" /-->
+
+	<securecookie host="^(?:discuss)?\.nubits\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NuGet.xml b/src/chrome/content/rules/NuGet.xml
index f24355f5152c..02852f7a4d9a 100644
--- a/src/chrome/content/rules/NuGet.xml
+++ b/src/chrome/content/rules/NuGet.xml
@@ -1,5 +1,36 @@
-<ruleset name="NuGet">
-  <target host="nuget.org" />
-  <target host="www.nuget.org" />
-  <rule from="^http://(www\.)?nuget\.org/" to="https://$1nuget.org/"/>
+<!--
+	Problematic hosts in *nuget.org:
+
+		- blog *
+
+	* Github / mismatched
+
+
+	Insecure cookies are set for these domains: ᶜ
+
+		- .docs.nuget.org
+		- .status.nuget.org
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="NuGet.org (partial)">
+
+	<target host="nuget.org" />
+	<target host="dist.nuget.org" />
+	<target host="docs.nuget.org" />
+	<target host="status.nuget.org" />
+	<target host="www.nuget.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.(?:docs|status)\.nuget\.org$" name="^ARRAffinity$" /-->
+
+	<securecookie host="^\.(?:doc|statu)s\." name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/NuStarz.com-falsemixed.xml b/src/chrome/content/rules/NuStarz.com-falsemixed.xml
index 7e2965bd1cc8..e3253d0552ec 100644
--- a/src/chrome/content/rules/NuStarz.com-falsemixed.xml
+++ b/src/chrome/content/rules/NuStarz.com-falsemixed.xml
@@ -5,13 +5,13 @@
 <ruleset name="NuStarz.com (false MCB)" platform="mixedcontent">
 
 	<target host="nustarz.com" />
-	<target host="*.nustarz.com" />
+	<target host="blog.nustarz.com" />
+	<target host="www.nustarz.com" />
 
 
 	<securecookie host="^\.nustarz\.com$" name=".+" />
 
 
-	<rule from="^http://(blog\.|www\.)?nustarz\.com/"
-		to="https://$1nustarz.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/NuStarz.com.xml b/src/chrome/content/rules/NuStarz.com.xml
index feef2dd0c685..33dea4ec684f 100644
--- a/src/chrome/content/rules/NuStarz.com.xml
+++ b/src/chrome/content/rules/NuStarz.com.xml
@@ -1,4 +1,10 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://customz.nustarz.com/ => https://customz.nustarz.com/: (51, "SSL: no alternative certificate subject name matches target host name 'customz.nustarz.com'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://customz.nustarz.com/ => https://customz.nustarz.com/: (51, "SSL: no alternative certificate subject name matches target host name 'customz.nustarz.com'")
 	For rules causing false/broken MCB, see NuStarz.com-falsemixed.xml.
 
 
@@ -20,7 +26,7 @@
 	* Secured by us
 
 -->
-<ruleset name="NuStarz.com (partial)">
+<ruleset name="NuStarz.com (partial)" default_off="failed ruleset test">
 
 	<target host="customz.nustarz.com" />
 
@@ -28,7 +34,6 @@
 	<securecookie host="^customz\.nustarz\.com$" name=".+" />
 
 
-	<rule from="^http://customz\.nustarz\.com/"
-		to="https://customz.nustarz.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Nu_Image_Medical.xml b/src/chrome/content/rules/Nu_Image_Medical.xml
index 50efc198e29f..1fff890fd4b1 100644
--- a/src/chrome/content/rules/Nu_Image_Medical.xml
+++ b/src/chrome/content/rules/Nu_Image_Medical.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(www\.)?nuimagemedical\.com/(order-hgh(?:$|\?|/)|wp-content/)"
 		to="https://$1nuimagemedical.com/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Nuand.com.xml b/src/chrome/content/rules/Nuand.com.xml
index d7041e60c3bb..848a4cec569a 100644
--- a/src/chrome/content/rules/Nuand.com.xml
+++ b/src/chrome/content/rules/Nuand.com.xml
@@ -1,18 +1,36 @@
 <!--
-	Some pages redirect to http.
+	This domain contains a wildcard DNS record.
+
+	Insecure cookies are set for these domains and hosts:
+
+		- nuand.com
+		- *.nuand.com
+
+	Mixed content:
+
+		- css from fonts.googleapis.com *
+		- Images from ^nuand.com *
+
+	* Secured by us
 
 -->
-<ruleset name="Nuand.com (partial)">
+<ruleset name="Nuand.com">
 
 	<target host="nuand.com" />
 	<target host="www.nuand.com" />
-		<exclusion pattern="^http://(?:www\.)?nuand\.com/blog/(?!(?:checkou|my-accoun)t(?:$|[?/])|css/|images/|wp-admin/|wp-content/)" />
+	<target host="forum.nuand.com" />
+	<target host="forums.nuand.com" />
 
+		<!--	Formerly redirected to http:
+							-->
+		<test url="http://www.nuand.com/blog/" />
 
-	<!--securecookie host="^(?:www\.)?nuand\.com$" name=".+" /-->
+		<!--	Sets cookies without Secure:
+							-->
+		<test url="http://nuand.com/forums/" />
 
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(www\.)?nuand\.com/"
-		to="https://$1nuand.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Nuclear-Blast.xml b/src/chrome/content/rules/Nuclear-Blast.xml
index 54784010b9d1..434ccdeb4c6b 100644
--- a/src/chrome/content/rules/Nuclear-Blast.xml
+++ b/src/chrome/content/rules/Nuclear-Blast.xml
@@ -7,7 +7,7 @@
 	<!--	- Cert only matches www
 		- Many pages redirect to http
 				-->
-	<rule from="^https?://(?:www\.)?nuclearblast\.de/(css|en/(?:data|shop/(?:order|registration)|system)|images|static)/"
+	<rule from="^http://(?:www\.)?nuclearblast\.de/(css|en/(?:data|shop/(?:order|registration)|system)|images|static)/"
 		to="https://www.nuclearblast.de/$1/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Nudevista.com.xml b/src/chrome/content/rules/Nudevista.com.xml
index 2fb7330486e9..3d9a7651178e 100644
--- a/src/chrome/content/rules/Nudevista.com.xml
+++ b/src/chrome/content/rules/Nudevista.com.xml
@@ -4,7 +4,9 @@
 -->
 <ruleset name="nudevista.com (partial)" default_off="mismatched">
 
-	<target host="*.nudevista.com" />
+	<target host="a97.nudevista.com" />
+	<target host="a98.nudevista.com" />
+	<target host="a99.nudevista.com" />
 
 
 	<rule from="^http://a9[789]\.nudevista\.com/"
diff --git a/src/chrome/content/rules/NuevaSync.xml b/src/chrome/content/rules/NuevaSync.xml
index 47bd9dfd19ea..3fbd14bfd043 100644
--- a/src/chrome/content/rules/NuevaSync.xml
+++ b/src/chrome/content/rules/NuevaSync.xml
@@ -10,7 +10,6 @@
 	<target host="www.nuevasync.com"/>
 
 	<!--	Cert doesn't match !www		-->
-	<rule from="^http://(?:www\.)?nuevasync\.com/"
-		to="https://www.nuevasync.com/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Nugg.ad.xml b/src/chrome/content/rules/Nugg.ad.xml
index 00944ec2b53f..1b0efe588417 100644
--- a/src/chrome/content/rules/Nugg.ad.xml
+++ b/src/chrome/content/rules/Nugg.ad.xml
@@ -1,21 +1,31 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.) *
-		- goldbach *
 
-	* Refused
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://71.nuggad.net/ => https://71.nuggad.net/: (6, 'Could not resolve host: 71.nuggad.net')
+Fetch error: http://mtm.nuggad.net/ => https://mtm.nuggad.net/: Too many redirects while fetching 'https://mtm.nuggad.net/'
 
 -->
-<ruleset name="nugg.ad (partial)">
+<ruleset name="nugg.ad" default_off="failed ruleset test">
 
+	<target host="*.nugg.ad" />
 	<target host="*.nuggad.net" />
 
-
 	<securecookie host="^\.nuggad\.net$" name="^d$" />
 
-
-	<rule from="^http://(hi-media-s|mtm)\.nuggad\.net/"
-		to="https://$1.nuggad.net/" />
-
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+	        to="https:" />
+
+	<test url="http://www.nugg.ad/" />
+	<test url="http://71.nuggad.net/" />
+	<test url="http://71iv.nuggad.net/" />
+	<test url="http://asv.nuggad.net/" />
+	<test url="http://bei.nuggad.net/" />
+	<test url="http://ci.nuggad.net/" />
+	<test url="http://gwp.nuggad.net/" />
+	<test url="http://ip-s.nuggad.net/" />
+	<test url="http://mtm.nuggad.net/" />
+	<test url="http://poldk.nuggad.net/" />
+	<test url="http://si.nuggad.net/" />
+	<test url="http://yahoo-s.nuggad.net/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Nuitka.net.xml b/src/chrome/content/rules/Nuitka.net.xml
new file mode 100644
index 000000000000..4d238b30d72a
--- /dev/null
+++ b/src/chrome/content/rules/Nuitka.net.xml
@@ -0,0 +1,8 @@
+<ruleset name="Nuitka.net">
+	<target host="nuitka.net" />
+	<target host="www.nuitka.net" />
+	<target host="bugs.nuitka.net" />
+	<target host="speedcenter.nuitka.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Nulab-Inc.com.xml b/src/chrome/content/rules/Nulab-Inc.com.xml
new file mode 100644
index 000000000000..b3f9dbf8350c
--- /dev/null
+++ b/src/chrome/content/rules/Nulab-Inc.com.xml
@@ -0,0 +1,15 @@
+<!--
+	www: cert only matches ^nulab-inc.com
+
+-->
+<ruleset name="Nulab-Inc.com">
+
+	<target host="nulab-inc.com" />
+	<target host="developer.nulab-inc.com" />
+	<target host="www.nulab-inc.com" />
+
+
+	<rule from="^http://(?:(developer\.)|www\.)?nulab-inc\.com/"
+		to="https://$1nulab-inc.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NullRefer.com.xml b/src/chrome/content/rules/NullRefer.com.xml
new file mode 100644
index 000000000000..32717a3a3c5b
--- /dev/null
+++ b/src/chrome/content/rules/NullRefer.com.xml
@@ -0,0 +1,24 @@
+<!--
+	Mixed content:
+
+		- css from www.nullrefer.com *
+		- Images from www.nullrefer.com *
+
+	* Secured by us
+
+-->
+<ruleset name="NullRefer.com (false MCB)" platform="mixedcontent">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="nullrefer.com" />
+	<target host="www.nullrefer.com" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NumPy.org.xml b/src/chrome/content/rules/NumPy.org.xml
new file mode 100644
index 000000000000..c6482a9f811c
--- /dev/null
+++ b/src/chrome/content/rules/NumPy.org.xml
@@ -0,0 +1,12 @@
+<!--
+	Misconfigured hosts:
+		numpy.org
+		(should redirect to www.numpy.org, but certificate lacks this alt-name)
+-->
+<ruleset name="NumPy.org">
+	<target host="numpy.org" />
+	<target host="www.numpy.org" />
+
+	<rule from="^http://numpy\.org/" to="https://www.numpy.org/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Numa.paris.xml b/src/chrome/content/rules/Numa.paris.xml
new file mode 100644
index 000000000000..e9f5bc3c67b9
--- /dev/null
+++ b/src/chrome/content/rules/Numa.paris.xml
@@ -0,0 +1,69 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.numa.paris/ => https://www.numa.paris/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://numa.paris/ => https://www.numa.paris/: (60, 'SSL certificate problem: certificate has expired')
+
+	Nonfunctional hosts in *numa.paris:
+
+		- apply *
+		- devfloor *
+
+	* 500
+
+
+	Problematic hosts in *numa.paris:
+
+		- ^ ¹
+		- accelerate ²
+		- cowork ²
+		- datashaker ²
+		- en ²
+		- events ²
+		- experiment ²
+		- manager ²
+		- schoolab ²
+
+	¹ Refused
+	² Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.numa.paris
+
+
+	Mixed content:
+
+		- css on accelerate, cowork, datashaker, from fonts.googleapis.com ¹
+		- Image on www from manager.numa.paris ²
+
+	¹ Secured by us
+	² Not secured by us <= mismatched
+
+-->
+<ruleset name="Numa.paris (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.numa.paris" />
+
+	<!--	Complications:
+				-->
+	<target host="numa.paris" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.numa\.paris$" name="^SiseSession$" /-->
+
+	<securecookie host="^www\.numa\.paris$" name=".+" />
+
+
+	<rule from="^http://numa\.paris/"
+		to="https://www.numa.paris/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Number-Resource-Organization.xml b/src/chrome/content/rules/Number-Resource-Organization.xml
index 961079c2acfb..6089d77e0223 100644
--- a/src/chrome/content/rules/Number-Resource-Organization.xml
+++ b/src/chrome/content/rules/Number-Resource-Organization.xml
@@ -1,11 +1,17 @@
-<ruleset name="Number Resource Organization" platform="mixedcontent">
+<!--
+	Number Resource Organization
+-->
+<ruleset name="NRO.net">
 
-	<target host="nro.net"/>
-	<target host="*.nro.net"/>
+	<target host="nro.net" />
+	<target host="www.nro.net" />
+	<target host="6to4.nro.net" />
 
-	<securecookie host="^(.*\.)nro\.net$" name=".*"/>
 
-	<rule from="^http://(www\.)?nro\.net/"
-		to="https://$1nro.net/"/>
+	<securecookie host="^(?:.*\.)nro\.net$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/NumbersUSA.xml b/src/chrome/content/rules/NumbersUSA.xml
index 304e687528db..5d9e08eb546b 100644
--- a/src/chrome/content/rules/NumbersUSA.xml
+++ b/src/chrome/content/rules/NumbersUSA.xml
@@ -1,13 +1,12 @@
 <ruleset name="NumbersUSA">
 
 	<target host="numbersusa.com" />
-	<target host="*.numbersusa.com" />
+	<target host="www.numbersusa.com" />
 
 
 	<securecookie host="^\.numbersusa\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?numbersusa\.com/"
-		to="https://$1numbersusa.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Numergy.com.xml b/src/chrome/content/rules/Numergy.com.xml
new file mode 100644
index 000000000000..b157c3cc5d1f
--- /dev/null
+++ b/src/chrome/content/rules/Numergy.com.xml
@@ -0,0 +1,15 @@
+<ruleset name="Numergy.com">
+
+	<target host="numergy.com" />
+	<target host="www.numergy.com" />
+	<target host="api.numergy.com" />
+	<target host="cloud.numergy.com" />
+	<target host="login.numergy.com" /><!-- Time out over port 80 -->
+	<target host="support.numergy.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Nuqayah.com.xml b/src/chrome/content/rules/Nuqayah.com.xml
new file mode 100644
index 000000000000..91de689f471a
--- /dev/null
+++ b/src/chrome/content/rules/Nuqayah.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="Nuqayah.com">
+	<target host="nuqayah.com" />
+	<target host="www.nuqayah.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Nurago.xml b/src/chrome/content/rules/Nurago.xml
new file mode 100644
index 000000000000..ae34cf6f6cb8
--- /dev/null
+++ b/src/chrome/content/rules/Nurago.xml
@@ -0,0 +1,13 @@
+<ruleset name="Nurago">
+    <target host="sensic.net" />
+    <target host="mco-pb.sensic.net" />
+    <target host="www.sensic.net" />
+
+	<rule from="^http://sensic\.net/"
+        to="https://www.sensic.net/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+
+</ruleset>
diff --git a/src/chrome/content/rules/Nuseek.com.xml b/src/chrome/content/rules/Nuseek.com.xml
deleted file mode 100644
index a8994818fa34..000000000000
--- a/src/chrome/content/rules/Nuseek.com.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="nuseek.com" default_off="Akamai certificate">
-
-	<target host="i.nuseek.com"/>
-
-	<rule from="^http://i\.nuseek\.com/"
-		to="https://i.nuseek.com/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/NutriCentre.xml b/src/chrome/content/rules/NutriCentre.xml
index 9e339e9fbdb9..f3ee3e753817 100644
--- a/src/chrome/content/rules/NutriCentre.xml
+++ b/src/chrome/content/rules/NutriCentre.xml
@@ -1,8 +1,15 @@
-<ruleset name="NutriCentre">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://nutricentre.com/ => https://www.nutricentre.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.nutricentre.com/ => https://www.nutricentre.com/: (7, 'Failed to connect to www.nutricentre.com port 443: Connection refused')
+
+-->
+<ruleset name="NutriCentre" default_off="failed ruleset test">
   <target host="nutricentre.com" />
   <target host="www.nutricentre.com" />
 
-  <securecookie host="^(.*\.)?nutricentre\.com$" name=".*" />
+  <securecookie host=".+" name=".+" />
 
   <rule from="^http://(?:www\.)?nutricentre\.com/" to="https://www.nutricentre.com/"/>
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Nutritiondata.self.com.xml b/src/chrome/content/rules/Nutritiondata.self.com.xml
new file mode 100644
index 000000000000..8643e33ad33d
--- /dev/null
+++ b/src/chrome/content/rules/Nutritiondata.self.com.xml
@@ -0,0 +1,12 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.nutritiondata.self.com/ => https://www.nutritiondata.self.com/: (6, 'Could not resolve host: www.nutritiondata.self.com')
+
+-->
+<ruleset name="Nutritiondata.self.com" default_off="failed ruleset test">
+  <target host="nutritiondata.self.com" />
+  <target host="www.nutritiondata.self.com" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Nuttcp.net.xml b/src/chrome/content/rules/Nuttcp.net.xml
new file mode 100644
index 000000000000..94d297746593
--- /dev/null
+++ b/src/chrome/content/rules/Nuttcp.net.xml
@@ -0,0 +1,17 @@
+<!--
+	Nonfunctional hosts in *.nuttcp.net:
+		- nuttcp.net (m)
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Nuttcp.net">
+	<target host="nuttcp.net" />
+	<target host="www.nuttcp.net" />
+
+	<rule from="^http://nuttcp\.net/" to="https://www.nuttcp.net/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Nuuvem.com.xml b/src/chrome/content/rules/Nuuvem.com.xml
new file mode 100644
index 000000000000..f23d864c0d86
--- /dev/null
+++ b/src/chrome/content/rules/Nuuvem.com.xml
@@ -0,0 +1,15 @@
+<!--
+  Broken:
+
+  alendadoheroi (timeout)
+  forum (refused)
+  support (mismatch)
+!-->
+
+<ruleset name="Nuuvem.com">
+  <target host="nuuvem.com" />
+  <target host="www.nuuvem.com" />
+  <target host="secure.nuuvem.com" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Nuwear.xml b/src/chrome/content/rules/Nuwear.xml
index d41ab5d2625f..4169793dfc16 100644
--- a/src/chrome/content/rules/Nuwear.xml
+++ b/src/chrome/content/rules/Nuwear.xml
@@ -1,13 +1,19 @@
-<ruleset name="Nuwear">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://nuwear.com/ => https://nuwear.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.nuwear.com/ => https://www.nuwear.com/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="Nuwear" default_off="failed ruleset test">
 
 	<target host="nuwear.com" />
-	<target host="*.nuwear.com" />
+	<target host="www.nuwear.com" />
 
 
 	<securecookie host="^(?:w*\.)?nuwear\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?nuwear\.com/"
-		to="https://$1nuwear.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Nuxx.net.xml b/src/chrome/content/rules/Nuxx.net.xml
new file mode 100644
index 000000000000..4d92340ae225
--- /dev/null
+++ b/src/chrome/content/rules/Nuxx.net.xml
@@ -0,0 +1,10 @@
+<ruleset name="nuxx.net">
+
+	<target host="nuxx.net" />
+	<target host="www.nuxx.net" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Nvcc.edu.xml b/src/chrome/content/rules/Nvcc.edu.xml
new file mode 100644
index 000000000000..44a96978c845
--- /dev/null
+++ b/src/chrome/content/rules/Nvcc.edu.xml
@@ -0,0 +1,36 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.student.nvcc.edu/ => https://www.student.nvcc.edu/: (28, 'Connection timed out after 20000 milliseconds')
+
+	Mismatch:
+		alert.nvcc.edu
+		libguides.nvcc.edu
+		vetcareers.nvcc.edu
+
+	Mixed content:
+		eli.nvcc.edu
+
+	Refused:
+		novastartalk.nvcc.edu
+-->
+<ruleset name="NVCC" default_off="failed ruleset test">
+	<target host="nvcc.edu" />
+	<target host="www.nvcc.edu" />
+	<target host="blogs.nvcc.edu" />
+	<target host="dashboard.nvcc.edu" />
+	<target host="housing.nvcc.edu" />
+	<target host="mysupport.nvcc.edu" />
+	<target host="novaonline.nvcc.edu" />
+	<target host="print2fastprint.nvcc.edu" />
+	<target host="staging.nvcc.edu" />
+	<target host="studentblogs.nvcc.edu" />
+	<target host="support.nvcc.edu" />
+	<target host="techplus.nvcc.edu" />
+	<target host="vod02.nvcc.edu" />
+	<target host="www.student.nvcc.edu" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Nventio.com.xml b/src/chrome/content/rules/Nventio.com.xml
deleted file mode 100644
index fde385674c1a..000000000000
--- a/src/chrome/content/rules/Nventio.com.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="nventio.com">
-
-	<target host="nventio.com" />
-	<target host="*.nventio.com" />
-
-
-	<securecookie host="^\.?nventio\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?nventio\.com/"
-		to="https://$1nventio.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Nvr.de.xml b/src/chrome/content/rules/Nvr.de.xml
new file mode 100644
index 000000000000..b1fe1bceab72
--- /dev/null
+++ b/src/chrome/content/rules/Nvr.de.xml
@@ -0,0 +1,19 @@
+<!--
+	Nonfunctional hosts in *.nvr.de:
+		- auskunft1.nvr.de (m)
+		- auskunft2.nvr.de (t)
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Nvr.de">
+	<target host="nvr.de" />
+	<target host="www.nvr.de" />
+	<target host="sdnet.nvr.de" />
+	<target host="test.nvr.de" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/NwProgressive.org.xml b/src/chrome/content/rules/NwProgressive.org.xml
new file mode 100644
index 000000000000..fdf9d056eb10
--- /dev/null
+++ b/src/chrome/content/rules/NwProgressive.org.xml
@@ -0,0 +1,35 @@
+<!--
+	Nonfunctional hosts in *nwprogressive.org:
+
+		- analytics ¹
+		- inbrief ²
+
+	¹ Dropped
+	² "Site Not Found"
+
+
+	Insecure cookies are set for these hosts:
+
+		- nwprogressive.org
+		- www.nwprogressive.org
+
+-->
+<ruleset name="NwProgressive.org (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="nwprogressive.org" />
+	<target host="www.nwprogressive.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?nwprogressive\.org$" name="^wfvt_\d+$" /-->
+
+	<securecookie host="^(?:www\.)?nwprogressive\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NxJimg.com.xml b/src/chrome/content/rules/NxJimg.com.xml
new file mode 100644
index 000000000000..04cec0596b53
--- /dev/null
+++ b/src/chrome/content/rules/NxJimg.com.xml
@@ -0,0 +1,15 @@
+<ruleset name="NxJimg.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="img.nxjimg.com" />
+	<target host="imga.nxjimg.com" />
+	<target host="imgb.nxjimg.com" />
+	<target host="imgc.nxjimg.com" />
+	<target host="imgd.nxjimg.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Nxt_Forum.org.xml b/src/chrome/content/rules/Nxt_Forum.org.xml
new file mode 100644
index 000000000000..f8c613c1df99
--- /dev/null
+++ b/src/chrome/content/rules/Nxt_Forum.org.xml
@@ -0,0 +1,29 @@
+
+<!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Time: 2020-09-25 16:20:22
+ Fetch error: http://www.nxtforum.org/index.php => https://nxtforum.org/index.php: (6, 'Could not resolve host: ardorforum.orgindex.php')
+Time: 2020-09-25 16:20:22
+ Fetch error: http://www.nxtforum.org/help/ => https://nxtforum.org/help/: (6, 'Could not resolve host: ardorforum.orghelp')
+
+	www.nxtforum.org: Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- nxtforum.org
+
+-->
+<ruleset name="Nxt Forum.org">
+
+	<!--	Complications:
+				-->
+	<target host="nxtforum.org" />
+
+	<securecookie host="^nxtforum\.org$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Nxtck.com.xml b/src/chrome/content/rules/Nxtck.com.xml
index 25cb4159903b..be9eddc5b81f 100644
--- a/src/chrome/content/rules/Nxtck.com.xml
+++ b/src/chrome/content/rules/Nxtck.com.xml
@@ -10,7 +10,6 @@
 	<securecookie host="^nxtck\.com$" name=".+" />
 
 
-	<rule from="^http://nxtck\.com/"
-		to="https://nxtck.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Nyaa.eu.xml b/src/chrome/content/rules/Nyaa.eu.xml
new file mode 100644
index 000000000000..06ce57927f9a
--- /dev/null
+++ b/src/chrome/content/rules/Nyaa.eu.xml
@@ -0,0 +1,22 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://files.nyaa.eu/ => https://files.nyaa.eu/: (6, 'Could not resolve host: files.nyaa.eu')
+Fetch error: http://sukebei.nyaa.eu/ => https://sukebei.nyaa.eu/: (6, 'Could not resolve host: sukebei.nyaa.eu')
+
+	nyaa.eu redirects to nyaa.se (See Nyaa.se.xml)
+
+	Self-signed, mismatch:
+		- cthuko.nyaa.eu
+-->
+<ruleset name="Nyaa.eu" default_off="failed ruleset test">
+	<target host="nyaa.eu" />
+	<target host="www.nyaa.eu" />
+	<target host="files.nyaa.eu" />
+	<target host="sukebei.nyaa.eu" />
+
+	<!-- CloudFlare cookies: -->
+	<securecookie host="^\.nyaa\.eu$" name="^(?:__cfduid|cf_clearance)$" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Nyaa.si.xml b/src/chrome/content/rules/Nyaa.si.xml
new file mode 100644
index 000000000000..019ce97a4c95
--- /dev/null
+++ b/src/chrome/content/rules/Nyaa.si.xml
@@ -0,0 +1,12 @@
+<ruleset name="Nyaa.si">
+
+	<target host="nyaa.si" />
+	<target host="www.nyaa.si" />
+	<target host="sukebei.nyaa.si" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Nylas.com.xml b/src/chrome/content/rules/Nylas.com.xml
new file mode 100644
index 000000000000..0bedb0a9cf08
--- /dev/null
+++ b/src/chrome/content/rules/Nylas.com.xml
@@ -0,0 +1,21 @@
+<!--
+	Problematic hosts in *nylas.com:
+
+		- slack-invite *
+
+	* Heroku
+
+-->
+<ruleset name="Nylas.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="nylas.com" />
+	<!--target host="slack-invite.nylas.com" /-->
+	<target host="www.nylas.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Nymity.ch.xml b/src/chrome/content/rules/Nymity.ch.xml
new file mode 100644
index 000000000000..49e3efb4a47f
--- /dev/null
+++ b/src/chrome/content/rules/Nymity.ch.xml
@@ -0,0 +1,23 @@
+<!--
+	Nonfunctional hosts in *nymity.ch:
+
+		- censorbib *
+
+	* Shows ^nymity.ch
+
+-->
+<ruleset name="Nymity.ch (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="nymity.ch" />
+	<target host="www.nymity.ch" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Nyx.cz.xml b/src/chrome/content/rules/Nyx.cz.xml
new file mode 100644
index 000000000000..440e223dc8bf
--- /dev/null
+++ b/src/chrome/content/rules/Nyx.cz.xml
@@ -0,0 +1,21 @@
+<!--
+	Invalid certificate:
+		nyx.cz
+		o6.nyx.cz
+		o7.nyx.cz
+		stage.nyx.cz
+
+-->
+<ruleset name="Nyx.cz">
+
+	<target host="nyx.cz" />
+	<target host="www.nyx.cz" />
+	<target host="beta.nyx.cz" />
+	<target host="i.nyx.cz" />
+		<test url="http://i.nyx.cz/files/00/00/17/71/1771222_ab36020eee014cdc3c71.pdf" />
+
+	<rule from="^http://nyx\.cz/" to="https://www.nyx.cz/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Nzbplanet.net.xml b/src/chrome/content/rules/Nzbplanet.net.xml
index 10e5471ab476..c4f73de4f56d 100644
--- a/src/chrome/content/rules/Nzbplanet.net.xml
+++ b/src/chrome/content/rules/Nzbplanet.net.xml
@@ -4,7 +4,6 @@
 	<target host="www.nzbplanet.net" />
 
 
-	<rule from="^http://(www\.)?nzbplanet\.net/"
-		to="https://$1nzbplanet.net/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/O2_online.de.xml b/src/chrome/content/rules/O2_online.de.xml
index 808052a515f1..f7c542d3e7f7 100644
--- a/src/chrome/content/rules/O2_online.de.xml
+++ b/src/chrome/content/rules/O2_online.de.xml
@@ -11,15 +11,22 @@
 
 	Nonfunctional subdomains:
 
-		- videothek	(dropped)
+		- videothek *
+
+	* Dropped
 
 
 	Problematic subdomains:
 
-		- ^			(works, cert only matches www)
-		- mobilefun		(mismatched, CN: o2-liv.mondiamedia.com)
-		- smartphonevergleich	(works; mismatched, CN: *.o2.vccp.de)
-		- tarifcheck		(works; mismatched, CN: *.interone.de)
+		- ^ ¹
+		- mobilefun ²
+		- smartphonevergleich ³
+		- tarifcheck ⁴
+
+	¹ Works, cert only matches www
+	² Mismatched, CN: o2-liv.mondiamedia.com
+	³ Works; mismatched, CN: *.o2.vccp.de
+	⁴ Works; mismatched, CN: *.interone.de
 
 
 	Fully covered subdomains:
@@ -29,29 +36,59 @@
 		- cct2
 		- dsl
 		- email
+		- login
 		- mobilefun	(→ o2-liv.mondiamedia.com)
 		- track
 
 
-	Mixed images on mobilefun from dynimages.handy.de
+	Mixed content:
+
+		- css on hilfe from $self ¹
+
+		- Images, on:
+
+			- hilfe from $self ²
+			- hilfe from $static ²
+			- mobilefun from dynimages.handy.de
+
+		- Bug on hilfe from static ²
+
+	¹ Secured by us, fetched over both https and http => no effect
+	² Secured by us
+
 
 -->
 <ruleset name="o2 online.de (partial)">
 
-	<target host="o2online.de"/>
-	<target host="*.o2online.de"/>
+	<target host="o2online.de" />
+	<target host="www.o2online.de" />
+	<target host="cct.o2online.de" />
+	<target host="cct2.o2online.de" />
+	<target host="dsl.o2online.de" />
+	<target host="email.o2online.de" />
+	<target host="hilfe.o2online.de" />
+	<target host="login.o2online.de" />
+	<target host="portal.o2online.de" />
+	<target host="track.o2online.de" />
+	<target host="mobilefun.o2online.de" />
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="\.o2online\.de$" name="^(VISITORID|al_tg||o2-Cust|touchPoints)$" /-->
+	<!--securecookie host="^dsl\.o2online\.de$" name="^(randomNumber|refresh_tg)$" /-->
+	<!--securecookie host="hilfe\.o2online\.de$" name="^(LiSESSIONID|LithiumVisitor)$" /-->
+	<!--securecookie host="\.www\.o2online\.de$" name="^mbox$" /-->
 
-	<securecookie host="^(.*\.)?o2online\.de$" name=".*"/>
+	<securecookie host=".+" name=".+"/>
 
 
 	<rule from="^http://(?:www\.)?o2online\.de/"
 		to="https://www.o2online.de/" />
 
-	<rule from="^http://(cct2?|dsl|email|hilfe|track)\.o2online\.de/"
-		to="https://$1.o2online.de/" />
 
 	<rule from="^http://mobilefun\.o2online\.de/"
 		to="https://o2-liv.mondiamedia.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/OADOI.org.xml b/src/chrome/content/rules/OADOI.org.xml
new file mode 100644
index 000000000000..468a212e9000
--- /dev/null
+++ b/src/chrome/content/rules/OADOI.org.xml
@@ -0,0 +1,13 @@
+<!--
+	For related rules, see Unpaywall.org.xml
+
+-->
+<ruleset name="OADOI.org">
+
+	<target host="oadoi.org" />
+	<target host="www.oadoi.org" />
+	<target host="api.oadoi.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OAG.xml b/src/chrome/content/rules/OAG.xml
index f6f142a6021f..bf676196266e 100644
--- a/src/chrome/content/rules/OAG.xml
+++ b/src/chrome/content/rules/OAG.xml
@@ -2,20 +2,14 @@
 	For other UBM coverage, see UBM-mismatches.xml.
 
 -->
-<ruleset name="OAG">
+<ruleset name="OAG (partial)">
 
-	<target host="oag.com"/>
-	<target host="*.oag.com"/>
+	<target host="oag.com" />
+	<target host="www.oag.com" />
+	<target host="tppro.oag.com" />
 
+	<securecookie host="^tppro\.oag\.com$" name=".+" />
 
-	<securecookie host="^tppro\.oag\.com$" name=".*"/>
-
-
-	<!--	!www doesn't work.	-->
-	<rule from="^http://(?:www\.)?oag\.com/"
-		to="https://www.oag.com/"/>
-
-	<rule from="^http://tppro\.oag\.com/"
-		to="https://tppro.oag.com/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/OASIS_Open.org-falsemixed.xml b/src/chrome/content/rules/OASIS_Open.org-falsemixed.xml
new file mode 100644
index 000000000000..c90b823d7b85
--- /dev/null
+++ b/src/chrome/content/rules/OASIS_Open.org-falsemixed.xml
@@ -0,0 +1,18 @@
+<!--
+	For rules not causing false/broken MCB, see OASIS_Open.org.xml.
+
+-->
+<ruleset name="OASIS Open.org (false MCB)" platform="mixedcontent">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="psi.oasis-open.org" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OASIS_Open.org.xml b/src/chrome/content/rules/OASIS_Open.org.xml
index f2d091f6693a..4234aaf170a0 100644
--- a/src/chrome/content/rules/OASIS_Open.org.xml
+++ b/src/chrome/content/rules/OASIS_Open.org.xml
@@ -1,13 +1,30 @@
-<ruleset name="OASIS Open.org">
+<!--
+	For rules causing false/broken MCB, see OASIS_Open.org-falsemixed.xml.
 
-	<target host="oasis-open.org" />
-	<target host="*.oasis-open.org" />
 
+	Invalid certificate:
+		- events.oasis-open.org
+		- search.oasis-open.org
+		- interoperate-iot.oasis-open.org
+
+	Mixed content:
+		- psi.oasis-open.org
+-->
+<ruleset name="OASIS Open.org (partial)">
+
+	<target host="oasis-open.org" />
+	<target host="www.oasis-open.org" />
+	<target host="docs.oasis-open.org" />
+	<target host="issues.oasis-open.org" />
+	<target host="lists.oasis-open.org" />
+	<target host="support.oasis-open.org" />
+	<target host="tools.oasis-open.org" />
+	<target host="wiki.oasis-open.org" />
 
-	<securecookie host="^\.oasis-open\.org$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(www\.)?oasis-open\.org/"
-		to="https://$1oasis-open.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/OAuth.net.xml b/src/chrome/content/rules/OAuth.net.xml
new file mode 100644
index 000000000000..e6ab113ca638
--- /dev/null
+++ b/src/chrome/content/rules/OAuth.net.xml
@@ -0,0 +1,25 @@
+<!--
+	Mismatched:
+		www.oauth.net
+		blog.oauth.net
+		oauthwiki.oauth.net
+		tokens.oauth.net
+		tumble.oauth.net
+		wiki.oauth.net
+
+-->
+<ruleset name="OAuth.net">
+
+	<target host="oauth.net" />
+	<target host="www.oauth.net" />
+	<target host="blog.oauth.net" />
+	<target host="oauthwiki.oauth.net" />
+	<target host="tokens.oauth.net" />
+	<target host="tumble.oauth.net" />
+
+	<rule from="^http://(www|blog|oauthwiki|tokens|tumble)\.oauth\.net/"
+		to="https://oauth.net/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OAuth.xml b/src/chrome/content/rules/OAuth.xml
deleted file mode 100644
index df5ae0b3b679..000000000000
--- a/src/chrome/content/rules/OAuth.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<ruleset name="OAuth" default_off="mismatch">
-
-	<!--	Cert: *.geoloqi.com	-->
-	<target host="oauth.net" />
-	<target host="www.oauth.net" />
-
-
-	<rule from="^https?://(?:www\.)?oauth\.net/"
-		to="https://oauth.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/OBLIC.org.xml b/src/chrome/content/rules/OBLIC.org.xml
new file mode 100644
index 000000000000..1a4cd64eca62
--- /dev/null
+++ b/src/chrome/content/rules/OBLIC.org.xml
@@ -0,0 +1,19 @@
+<!--
+	These altnames don't exist:
+
+		- www.ecommerce.oblic.com
+
+-->
+<ruleset name="OBLIC.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="oblic.com" />
+	<target host="ecommerce.oblic.com" />
+	<target host="www.oblic.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OC-static.com.xml b/src/chrome/content/rules/OC-static.com.xml
new file mode 100644
index 000000000000..272e61da18c8
--- /dev/null
+++ b/src/chrome/content/rules/OC-static.com.xml
@@ -0,0 +1,27 @@
+<!--
+	For other OpenClassrooms coverage, see OpenClassrooms.xml.
+
+
+	Insecure cookies are set for these domains:
+
+		- .oc-static.com
+
+-->
+<ruleset name="OC-static.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="static.oc-static.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.oc-static\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.oc-static\.com$" name="^(?:__cfduid|cf_clearance)$" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OCCRP.org.xml b/src/chrome/content/rules/OCCRP.org.xml
new file mode 100644
index 000000000000..e18b1a2e11dd
--- /dev/null
+++ b/src/chrome/content/rules/OCCRP.org.xml
@@ -0,0 +1,47 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.vis.occrp.org/ => https://www.vis.occrp.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.vis.occrp.org'")
+
+-->
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.vis.occrp.org/ => https://www.vis.occrp.org/: (6, 'Could not resolve host: www.vis.occrp.org')
+
+	For other Organized Crime and Corruption Reporting Project coverage, see Reporting_Project.net.xml.
+
+
+	Fully covered hosts in *occrp.org:
+
+		- (www.)?occrp.org
+		- (www.)?vis.occrp.org
+
+
+	Insecure cookies are set for these hosts:
+
+		- occrp.org
+		- www.occrp.org
+
+-->
+<ruleset name="OCCRP.org" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="occrp.org" />
+	<target host="vis.occrp.org" />
+	<target host="www.vis.occrp.org" />
+	<target host="www.occrp.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?occrp\.org$" name="^([\da-f]{32}|[\da-f]{32}\[lang\]|lang)$" /-->
+
+	<securecookie host="^(?:www\.)?occrp\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OCaml.xml b/src/chrome/content/rules/OCaml.xml
index f54d7ebc4a1b..3f6dab87baf8 100644
--- a/src/chrome/content/rules/OCaml.xml
+++ b/src/chrome/content/rules/OCaml.xml
@@ -1,9 +1,22 @@
-<ruleset name="OCaml (partial)">
 
-	<target host="forge.ocamlcore.org"/>
-	<target host="lists.ocamlcore.org"/>
+<!--
+	Mismatched:
+		www.ocaml.org
+		planet.ocaml.org
+		preview.ocaml.org
+		tools.ocaml.org
 
-	<rule from="^http://(forge|static)\.ocamlcore\.org/"
-		to="https://$1.ocamlcore.org/"/>
+	Refused:
+		forge.ocaml.org
+		lists.ocaml.org
+
+-->
+<ruleset name="OCaml.org (partial)">
+
+	<target host="ocaml.org" />
+	<target host="opam.ocaml.org" />
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/OCamlCore.org.xml b/src/chrome/content/rules/OCamlCore.org.xml
new file mode 100644
index 000000000000..c956edfc0920
--- /dev/null
+++ b/src/chrome/content/rules/OCamlCore.org.xml
@@ -0,0 +1,31 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://static.ocamlcore.org/ => https://static.ocamlcore.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	Nonfunctional hosts in *ocamlcore.org:
+
+		- (www.)? *
+		- darcs *
+		- git *
+		- hg *
+		- lists *
+		- mirror *
+		- planet *
+
+	* Shows lists.ocamlcore.org
+
+-->
+<ruleset name="OCamlCore.org (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="forge.ocamlcore.org"/>
+	<target host="lists.ocamlcore.org"/>
+	<target host="static.ocamlcore.org"/>
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OCharles.org.uk.xml b/src/chrome/content/rules/OCharles.org.uk.xml
new file mode 100644
index 000000000000..bef681b8a24a
--- /dev/null
+++ b/src/chrome/content/rules/OCharles.org.uk.xml
@@ -0,0 +1,10 @@
+<ruleset name="OCharles.org.uk">
+
+	<target host="ocharles.org.uk" />
+	<target host="www.ocharles.org.uk" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ODMWheels.xml b/src/chrome/content/rules/ODMWheels.xml
deleted file mode 100644
index 37b6e8334ec1..000000000000
--- a/src/chrome/content/rules/ODMWheels.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="ODMWheels">
-
-	<target host="odmwheels.com" />
-	<target host="*.odmwheels.com" />
-
-
-	<securecookie host="^(?:.*\.)?odmwheels\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?odmwheels\.com/"
-		to="https://$1odmwheels.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/OECD.xml b/src/chrome/content/rules/OECD.xml
index aa075c67a5b0..5e0a9bb3c3e6 100644
--- a/src/chrome/content/rules/OECD.xml
+++ b/src/chrome/content/rules/OECD.xml
@@ -5,7 +5,6 @@
 
 	<!--	!www doesn't exist.
 					-->
-	<rule from="^http://www\.oecd\.org/"
-		to="https://www.oecd.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/OECD_iLibrary.xml b/src/chrome/content/rules/OECD_iLibrary.xml
index 7da4d74eb3c2..fed69b661814 100644
--- a/src/chrome/content/rules/OECD_iLibrary.xml
+++ b/src/chrome/content/rules/OECD_iLibrary.xml
@@ -9,7 +9,7 @@
 	<target host="www.oecd-ilibrary.org" />
 
 
-	<rule from="^https?://www\.oecd-?ilibrary\.org/(cs|image)s/"
+	<rule from="^http://www\.oecd-?ilibrary\.org/(cs|image)s/"
 		to="https://www.oecd-ilibrary.org/$1s/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/OEIS.org.xml b/src/chrome/content/rules/OEIS.org.xml
new file mode 100644
index 000000000000..1f6d1fd855bf
--- /dev/null
+++ b/src/chrome/content/rules/OEIS.org.xml
@@ -0,0 +1,6 @@
+<ruleset name="OEIS.org">
+  <target host="oeis.org" />
+  <target host="www.oeis.org" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/OEPNVKarte.xml b/src/chrome/content/rules/OEPNVKarte.xml
new file mode 100644
index 000000000000..755ce487906b
--- /dev/null
+++ b/src/chrome/content/rules/OEPNVKarte.xml
@@ -0,0 +1,13 @@
+<!--
+	This domain contains a wildcard DNS record.
+-->
+<ruleset name="ÖPNVKarte.de">
+
+	<target host="xn--pnvkarte-m4a.de" />
+	<target host="www.xn--pnvkarte-m4a.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OFB.xml b/src/chrome/content/rules/OFB.xml
index 96b7395d9304..4ac662f066dc 100644
--- a/src/chrome/content/rules/OFB.xml
+++ b/src/chrome/content/rules/OFB.xml
@@ -1,13 +1,20 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ofb.net/ => https://ofb.net/: (35, 'error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://ofb.net/ => https://ofb.net/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 	Nonfunctional subdomains:
 
 		- lists		(cert: ofb.net; 302s to ofb.net/wp-signup.php?new=lists)
 
 -->
-<ruleset name="OFB (partial)">
+<ruleset name="OFB (partial)" default_off="failed ruleset test">
 
 	<target host="ofb.net" />
-	<target host="*.ofb.net" />
+	<target host="www.ofb.net" />
+	<target host="mail.ofb.net" />
 
 
 	<securecookie host="^ofb\.net$" name=".+" />
@@ -15,12 +22,12 @@
 
 	<!--	Cert only matches ^ofb.net.
 						-->
-	<rule from="^https?://(?:www\.)?ofb\.net/"
+	<rule from="^http://(?:www\.)?ofb\.net/"
 		to="https://ofb.net/" />
 
 	<!--	302s like so.
 				-->
-	<rule from="^https?://mail.ofb.net/"
+	<rule from="^http://mail\.ofb\.net/"
 		to="https://ofb.net:441/squirrelmail-apache2/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/OFFLINE.ee.xml b/src/chrome/content/rules/OFFLINE.ee.xml
index 83868d44c8f9..547555dbc46d 100644
--- a/src/chrome/content/rules/OFFLINE.ee.xml
+++ b/src/chrome/content/rules/OFFLINE.ee.xml
@@ -12,7 +12,6 @@
 	<securecookie host="^mail\.offline\.ee$" name=".+" />
 
 
-	<rule from="^http://mail\.offline\.ee/"
-		to="https://mail.offline.ee/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/OFTC.net.xml b/src/chrome/content/rules/OFTC.net.xml
new file mode 100644
index 000000000000..106306afea69
--- /dev/null
+++ b/src/chrome/content/rules/OFTC.net.xml
@@ -0,0 +1,17 @@
+<!--
+	Problematic subdomains:
+
+		- git *
+
+	* Mismatched, CN: webchat.oftc.net; shows webchat.oftc.net
+-->
+<ruleset name="OFTC.net">
+
+	<target host="oftc.net" />
+	<target host="webchat.oftc.net" />
+	<target host="www.oftc.net" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OFX.com.xml b/src/chrome/content/rules/OFX.com.xml
new file mode 100644
index 000000000000..c98f3da65713
--- /dev/null
+++ b/src/chrome/content/rules/OFX.com.xml
@@ -0,0 +1,70 @@
+<!--
+	Non-functional subdomains:
+		- beta.api	(HTTP 404 error)
+		- live.api	(HTTP 404 error)
+		- rc.api	(HTTP 404 error)
+		- sandbox.api	(HTTP 404 error)
+		- bamboo	(t)
+		- bitbucket	(t)
+		- confluence	(t)
+		- dev-01.api.dev	(HTTP 404 error)
+		- dev-02.api.dev	(HTTP 404 error)
+		- dev-03.api.dev	(HTTP 404 error)
+		- qa.api.dev	(HTTP 404 error)
+		- info	(m)
+		- jira	(t)
+		- refer	(m)
+		- internationalmoneytransfers-ca.04.sit	(HTTP 404 error)
+		- travelex-au.04.sit	(t)
+		- status	(t)
+		- tableau	(t)
+		- internationalmoneytransfers-au.02.uat	(HTTP 404 error)
+		- www.02.uat	(t)
+		- vpn	(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="OFX.com">
+
+	<target host="ofx.com" />
+	<target host="www.ofx.com" />
+	<target host="api.ofx.com" />
+	<target host="apps.ofx.com" />
+	<target host="au.ofx.com" />
+	<target host="content.au.ofx.com" />
+	<target host="blog.ofx.com" />
+	<target host="ca.ofx.com" />
+	<target host="admin.06.dev.ofx.com" />
+	<target host="dev.developer.dev.ofx.com" />
+	<target host="test.developer.dev.ofx.com" />
+	<target host="developer.ofx.com" />
+	<target host="docs.developer.ofx.com" />
+	<target host="payments.developer.ofx.com" />
+	<target host="etailing.ofx.com" />
+	<target host="hk.ofx.com" />
+	<target host="nz.ofx.com" />
+	<target host="content.nz.ofx.com" />
+	<target host="admin.02.pp.ofx.com" />
+	<target host="www.03.pp.ofx.com" />
+	<target host="sitecore.prd.ofx.com" />
+	<target host="secure.ofx.com" />
+	<target host="sg.ofx.com" />
+	<target host="content.sg.ofx.com" />
+	<target host="www.04.sit.ofx.com" />
+	<target host="uk.ofx.com" />
+	<target host="content.uk.ofx.com" />
+	<target host="us.ofx.com" />
+	<target host="content.us.ofx.com" />
+	<target host="widget-yahoo.ofx.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/OH-Tech.org.xml b/src/chrome/content/rules/OH-Tech.org.xml
new file mode 100644
index 000000000000..81fbc02eae7d
--- /dev/null
+++ b/src/chrome/content/rules/OH-Tech.org.xml
@@ -0,0 +1,26 @@
+<!--
+
+
+	Insecure cookies are set for these hosts:
+
+		- oh-tech.org
+		- www.oh-tech.org
+
+-->
+<ruleset name="OH-Tech.org">
+
+	<target host="oh-tech.org" />
+	<target host="www.oh-tech.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?oh-tech\.org$" name="^BIGipServer" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OHeffernan.xml b/src/chrome/content/rules/OHeffernan.xml
index 623579310536..c939f4b597cf 100644
--- a/src/chrome/content/rules/OHeffernan.xml
+++ b/src/chrome/content/rules/OHeffernan.xml
@@ -3,7 +3,7 @@
 	<target host="inachinashop.com"/>
 	<target host="www.inachinashop.com"/>
 
-	<rule from="^http://(?:www\.)?inchinashop\.com/"
+	<rule from="^http://(?:www\.)?inachinashop\.com/"
 		to="https://pingplanet.squarespace.com/"/>
 
 </ruleset>
diff --git a/src/chrome/content/rules/OK.de.xml b/src/chrome/content/rules/OK.de.xml
index 77d6512b6050..5efb5393825e 100644
--- a/src/chrome/content/rules/OK.de.xml
+++ b/src/chrome/content/rules/OK.de.xml
@@ -4,5 +4,5 @@
 
   <securecookie host="^(?:www\.)?ok\.de$" name=".+" />
 
-  <rule from="^http://(?:www\.)?ok\.de/" to="https://www.ok.de/" />
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/OKCoin.cn.xml b/src/chrome/content/rules/OKCoin.cn.xml
new file mode 100644
index 000000000000..b850ec232e99
--- /dev/null
+++ b/src/chrome/content/rules/OKCoin.cn.xml
@@ -0,0 +1,53 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://img.okcoin.cn/ => https://img.okcoin.cn/: (6, 'Could not resolve host: img.okcoin.cn')
+
+-->
+
+<!--
+	^: Dropped
+
+
+	Fully covered subdomains:
+
+		- (www.)?	(^ → www)
+		- img
+
+
+	These altnames don't exist:
+
+		- www.img.okcoin.cn
+
+
+	Insecure cookies are set for these domains:
+
+		- www.okcoin.cn
+
+-->
+<ruleset name="OKCoin.cn" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="img.okcoin.cn" />
+	<target host="www.okcoin.cn" />
+
+	<!--	Complications:
+				-->
+	<target host="okcoin.cn" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.okcoin\.cn$" name="^JSESSIONID$" /-->
+
+	<securecookie host="^www\.okcoin\.cn$" name=".+" />
+
+
+	<rule from="^http://okcoin\.cn/"
+		to="https://www.okcoin.cn/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OKCoin.com.xml b/src/chrome/content/rules/OKCoin.com.xml
new file mode 100644
index 000000000000..a92abf21aff7
--- /dev/null
+++ b/src/chrome/content/rules/OKCoin.com.xml
@@ -0,0 +1,44 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://img.okcoin.com/ => https://img.okcoin.com/: (6, 'Could not resolve host: img.okcoin.com')
+
+	^: cert only matches www
+
+
+	These altnames don't exist:
+
+		- www.img.okcoin.com
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.okcoin.com
+
+-->
+<ruleset name="OKCoin.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="img.okcoin.com" />
+	<target host="www.okcoin.com" />
+
+	<!--	Complications:
+				-->
+	<target host="okcoin.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.okcoin\.com$" name="^(JSESSIONID|channelId)$" /-->
+
+	<securecookie host="^(?:www)?\.okcoin\.com$" name=".+" />
+
+
+	<rule from="^http://okcoin\.com/"
+		to="https://www.okcoin.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OKPAY.com.xml b/src/chrome/content/rules/OKPAY.com.xml
deleted file mode 100644
index 53dc5b1dea4e..000000000000
--- a/src/chrome/content/rules/OKPAY.com.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	Problematic subdomains:
-
-		- ^	(works, cert only matches www)
-
--->
-<ruleset name="OKPAY.com">
-
-	<target host="okpay.com" />
-	<target host="*.okpay.com" />
-
-
-	<securecookie host="^(?:support|www)\.okpay\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?okpay\.com/"
-		to="https://www.okpay.com/" />
-
-	<rule from="^http://support\.okpay\.com/"
-		to="https://support.okay.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/OKamel.com.xml b/src/chrome/content/rules/OKamel.com.xml
new file mode 100644
index 000000000000..2f45d3ac9af7
--- /dev/null
+++ b/src/chrome/content/rules/OKamel.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="OKamel.com">
+	<target host="okamel.com" />
+	<target host="www.okamel.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/OLMN.org.xml b/src/chrome/content/rules/OLMN.org.xml
deleted file mode 100644
index f987490b1103..000000000000
--- a/src/chrome/content/rules/OLMN.org.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	Online Media Legal Network
-
-
-	Problematic subdomains:
-
-		- ^	(shows adam; mismatched, CN: adam.law.harvard.edu)
-
--->
-<ruleset name="OLMN.org">
-
-	<target host="olmn.org" />
-	<target host="www.olmn.org" />
-
-
-	<securecookie host="^www\.olmn\.org$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?olmn\.org/"
-		to="https://www.olmn.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/OLPC.xml b/src/chrome/content/rules/OLPC.xml
index af8a41fe069b..b2aff2bfff68 100644
--- a/src/chrome/content/rules/OLPC.xml
+++ b/src/chrome/content/rules/OLPC.xml
@@ -1,10 +1,15 @@
-<ruleset name="OLPC (partial)">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://dev.laptop.org/ => https://dev.laptop.org/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="OLPC (partial)" default_off="failed ruleset test">
 
 	<target host="dev.laptop.org"/>
 
-	<rule from="^http://dev\.laptop\.org/"
-		to="https://dev.laptop.org/"/>
+	<rule from="^http:" to="https:" />
 
-	<securecookie host="^dev\.laptop\.org$" name=".*"/>
+	<securecookie host="^dev\.laptop\.org$" name=".+" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/OLX.com.br.xml b/src/chrome/content/rules/OLX.com.br.xml
new file mode 100644
index 000000000000..d50132f25c65
--- /dev/null
+++ b/src/chrome/content/rules/OLX.com.br.xml
@@ -0,0 +1,49 @@
+<!--
+	Nonfunctional hosts in *olx.com.br:
+
+		- ba *
+		- sb *
+		- rs *
+		- www *
+
+	* Redirects to http
+
+
+	Insecure cookies are set for these domains:
+
+		- .olx.com.br
+
+
+	Mixed content:
+
+		- Bugs, on:
+
+			- www[23] from www.googletagmanager.com *
+			- www[23] from b.scorecardresearch.com *
+			- www[23] from logc\d+.xiti.com *
+
+	* Secured by us
+
+-->
+<ruleset name="OLX.com.br (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="img.olx.com.br" />
+	<target host="www2.olx.com.br" />
+	<target host="www3.olx.com.br" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.olx\.com\.br/$" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<securecookie host="^\.olx\.com\.br$" name="^(?:customer_chat|md|sq|s)$" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OMC.net.xml b/src/chrome/content/rules/OMC.net.xml
new file mode 100644
index 000000000000..c895bb006879
--- /dev/null
+++ b/src/chrome/content/rules/OMC.net.xml
@@ -0,0 +1,10 @@
+<ruleset name="OMC.net (partial)">
+	<target host="omc.net" />
+	<target host="www.omc.net" />
+	<target host="ftp.mvg.omc.net" />
+	<target host="ocp.omc.net" />
+	<target host="roundcube.omc.net" />
+	<target host="webmail.omc.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/OMDb_API.com.xml b/src/chrome/content/rules/OMDb_API.com.xml
new file mode 100644
index 000000000000..b6148648c6fc
--- /dev/null
+++ b/src/chrome/content/rules/OMDb_API.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="OMDb API">
+	<target host="omdbapi.com" />
+	<target host="www.omdbapi.com" />
+	<target host="img.omdbapi.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/OMG-Ubuntu.xml b/src/chrome/content/rules/OMG-Ubuntu.xml
deleted file mode 100644
index f1efb0c6e0cc..000000000000
--- a/src/chrome/content/rules/OMG-Ubuntu.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="OMG! Ubuntu! (partial)">
-
-	<target host="cloudfront.omgubuntu.co.uk" />
-
-
-	<rule from="^https?://cloudfront\.omgubuntu\.co\.uk/"
-		to="https://omgubuntu.s3-eu-west-1.amazonaws.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/OMICRON.xml b/src/chrome/content/rules/OMICRON.xml
index 35418e1882d0..663198d1968d 100644
--- a/src/chrome/content/rules/OMICRON.xml
+++ b/src/chrome/content/rules/OMICRON.xml
@@ -1,14 +1,9 @@
-<!--
-	Some (most?) pages redirect to http
-
--->
 <ruleset name="OMICRON (partial)">
 
 	<target host="omicron.at" />
 	<target host="www.omicron.at" />
 
 
-	<rule from="^http://(www\.)?omicron\.at/(\w\w/support/customer|fileadmin/|typo3(?:conf|temp)/)"
-		to="https://$1omicron.at/$2" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/OMNeTpp.org.xml b/src/chrome/content/rules/OMNeTpp.org.xml
new file mode 100644
index 000000000000..ef6dfeec10a7
--- /dev/null
+++ b/src/chrome/content/rules/OMNeTpp.org.xml
@@ -0,0 +1,16 @@
+<ruleset name="OMNeTpp.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="omnetpp.org" />
+	<target host="www.omnetpp.org" />
+
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OMS.eu.xml b/src/chrome/content/rules/OMS.eu.xml
new file mode 100644
index 000000000000..9472a0607cd7
--- /dev/null
+++ b/src/chrome/content/rules/OMS.eu.xml
@@ -0,0 +1,22 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://coyote.srv1.oms.eu/ => https://coyote.srv1.oms.eu/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="OMS Vermarktungs GmbH" default_off="failed ruleset test">
+
+	<target host="www.video.oms.eu"/>
+	<target host="cdn-t.omsnative.de"/>
+	<target host="coyote.srv1.oms.eu"/>
+	<target host="video.oms.eu"/>
+
+	<!-- cert mismatch on:
+		- (www.\)oms.eu
+		- werbeformate.oms.eu
+		- (www.)mobileformate.oms.eu
+	-->
+
+	<rule from="^http:" to="https:"/>
+
+</ruleset>
diff --git a/src/chrome/content/rules/ON24-mismatches.xml b/src/chrome/content/rules/ON24-mismatches.xml
index 2fe9c159cc8b..7ba025e6d13a 100644
--- a/src/chrome/content/rules/ON24-mismatches.xml
+++ b/src/chrome/content/rules/ON24-mismatches.xml
@@ -1,8 +1,7 @@
-<ruleset name="ON24 (mismatches)" default_off="mismatch" platform="mixedcontent">
+<ruleset name="ON24 (mismatches)" default_off="mismatched" platform="mixedcontent">
 
 	<target host="communication.on24.com"/>
 
-	<rule from="^http://communication\.on24\.com/"
-		to="https://communication.on24.com/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/ON24.xml b/src/chrome/content/rules/ON24.xml
index 657e8ad133c3..959921f3c30f 100644
--- a/src/chrome/content/rules/ON24.xml
+++ b/src/chrome/content/rules/ON24.xml
@@ -1,14 +1,36 @@
-<ruleset name="ON24 (partial)">
+<!--
+	Fully covered subdomains:
 
-	<target host="on24.com"/>
-	<target host="*.on24.com"/>
+		- (www.)	(^ → www)
+		- event
+		- eventprd10b
+		- w
+
+
+	Insecure cookies are set for these domains:
+
+		- event
+
+-->
+<ruleset name="ON24.com (partial)">
+
+	<target host="on24.com" />
+	<target host="www.on24.com" />
+	<target host="event.on24.com" />
+	<target host="eventprd10b.on24.com" />
+	<target host="w.on24.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^event\.on24\.com$" name="^(BIGipServereventprd_apache|BIGipServereventprd_wl|JSESSIONID)$"/-->
+
+	<securecookie host="^(?:event\.|eventprd10b\.|www\.)?on24\.com$" name=".+" />
 
-	<securecookie host="^(event\.|eventprd10b\.|www\.)?on24\.com$" name=".*"/>
 
 	<rule from="^http://(?:www\.)?on24\.com/"
-		to="https://www.on24.com/"/>
+		to="https://www.on24.com/" />
 
-	<rule from="^http://(event|eventprd10b|w)\.on24\.com/"
-		to="https://$1.on24.com/"/>
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/ONE.org.xml b/src/chrome/content/rules/ONE.org.xml
index 26d6d7c1ff5e..bfe0ea95b0d3 100644
--- a/src/chrome/content/rules/ONE.org.xml
+++ b/src/chrome/content/rules/ONE.org.xml
@@ -16,17 +16,17 @@
 <ruleset name="ONE.org">
 
 	<target host="one.org" />
-	<target host="*.one.org" />
+	<target host="www.one.org" />
+	<target host="give.one.org" />
 	<target host="one.actionkit.com" />
 
 
 	<securecookie host="^one\.actionkit\.com" name=".+" />
 
 
-	<rule from="^http://(www\.)?one\.org/"
-		to="https://$1one.org/" />
 
 	<rule from="^http://(?:one\.actionkit\.com|give\.one\.org)/"
 		to="https://one.actionkit.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ONEadmin.xml b/src/chrome/content/rules/ONEadmin.xml
index a9a94bac351c..053ed604c6c0 100644
--- a/src/chrome/content/rules/ONEadmin.xml
+++ b/src/chrome/content/rules/ONEadmin.xml
@@ -10,21 +10,29 @@
 	* Works; mismatched, CN: www.oneadmin.cz
 
 -->
-<ruleset name="ONEadmin (partial)">
+<ruleset name="ONEadmin.cz (partial)">
 
-	<target host="oneadmin.cz" />
+	<!--	Direct rewrites:
+				-->
 	<target host="www.oneadmin.cz" />
 
+	<!--	Complications:
+				-->
+	<target host="oneadmin.cz" />
+
 
 	<securecookie host="^www\.oneadmin\.cz$" name=".+" />
 
 
 	<!--	Server drops path, like so but sans trailing-slash:
 									-->
-	<rule from="^http://oneadmin\.cz/[^\?]*(\?.*)"
-		to="https://www.oneadmin.cz/$1" />
-
-	<rule from="^http://www\.oneadmin\.cz/"
+	<rule from="^http://oneadmin\.cz/[^?]*"
 		to="https://www.oneadmin.cz/" />
 
-</ruleset>
\ No newline at end of file
+		<test url="http://oneadmin.cz/index" />
+		<test url="http://oneadmin.cz//index" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ONEbit.xml b/src/chrome/content/rules/ONEbit.xml
index 9c1b50c1bbf1..01f5aff7525d 100644
--- a/src/chrome/content/rules/ONEbit.xml
+++ b/src/chrome/content/rules/ONEbit.xml
@@ -2,28 +2,28 @@
 	For other ONEsolution coverage, see ONEsolution.xml.
 
 
-	Problematic domains:
+	Insecure cookies are set for these hosts:
 
-		- onebit.cz *
-		- oneserver.cz *
-
-	* Mismatched, CN: www.oneadmin.cz
+		- www.onebit.cz
 
 -->
-<ruleset name="ONEbit">
+<ruleset name="ONEbit.cz">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="onebit.cz" />
-	<target host="*.onebit.cz" />
-	<target host="oneserver.cz" />
-	<target host="www.oneserver.cz" />
+	<target host="webmail.onebit.cz" />
+	<target host="www.onebit.cz" />
+
 
-	<securecookie host="^webmail\.onebit\.cz$" name=".+" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.onebit\.cz$" name="^ONEBIT$" /-->
 
+	<securecookie host="^w(?:ebmail|ww)\.onebit\.cz$" name=".+" />
 
-	<rule from="^http://(?:www\.)?one(bit|server)\.cz/"
-		to="https://www.one$1.cz/" />
 
-	<rule from="^http://webmail\.onebit\.cz/"
-		to="https://webmail.onebit.cz/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ONEhelp.xml b/src/chrome/content/rules/ONEhelp.xml
index 691cc52ea3d4..1eed5c18e915 100644
--- a/src/chrome/content/rules/ONEhelp.xml
+++ b/src/chrome/content/rules/ONEhelp.xml
@@ -27,4 +27,4 @@
 	<rule from="^http://www\.onehelp\.cz/"
 		to="https://www.onehelp.cz/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ONEnews.xml b/src/chrome/content/rules/ONEnews.xml
index d7e449fd35c8..b867d7d1989d 100644
--- a/src/chrome/content/rules/ONEnews.xml
+++ b/src/chrome/content/rules/ONEnews.xml
@@ -19,4 +19,4 @@
 	<rule from="^http://www\.onenews\.cz/"
 		to="https://www.onenews.cz/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ONEserver.cz.xml b/src/chrome/content/rules/ONEserver.cz.xml
new file mode 100644
index 000000000000..6f85cf343228
--- /dev/null
+++ b/src/chrome/content/rules/ONEserver.cz.xml
@@ -0,0 +1,25 @@
+<!--
+	For other ONEsolution coverage, see ONEsolution.xml.
+
+
+	^oneserver.cz: Mismatched, CN: www.oneadmin.cz
+
+-->
+<ruleset name="ONEserver.cz">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.oneserver.cz" />
+
+	<!--	Complications:
+				-->
+	<target host="oneserver.cz" />
+
+
+	<rule from="^http://oneserver\.cz/"
+		to="https://www.oneserver.cz/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ONEsite.xml b/src/chrome/content/rules/ONEsite.xml
index ae7be2c386f8..59a96ec0cd6e 100644
--- a/src/chrome/content/rules/ONEsite.xml
+++ b/src/chrome/content/rules/ONEsite.xml
@@ -17,19 +17,19 @@
 -->
 <ruleset name="ONEsite (partial)">
 
-	<target host="*.onesite.com" />
-	<target host="*.admin.onesite.com" />
+	<target host="admin.onesite.com" />
+	<target host="fast1.onesite.com" />
+	<target host="images.onesite.com" />
 
 
 	<securecookie host="^\.admin\.onesite\.com$" name=".+" />
 
 
-	<rule from="^http://admin\.onesite\.com/"
-		to="https://admin.onesite.com/" />
 
 	<!--	fast1: Akamai
 				-->
-	<rule from="^https?://(?:fast1|images)\.onesite\.com/"
+	<rule from="^http://(?:fast1|images)\.onesite\.com/"
 		to="https://images.onesite.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/ONEsolution.xml b/src/chrome/content/rules/ONEsolution.xml
index bd8c950c05de..94696d429779 100644
--- a/src/chrome/content/rules/ONEsolution.xml
+++ b/src/chrome/content/rules/ONEsolution.xml
@@ -5,22 +5,31 @@
 		- ONEbit.xml
 		- ONEhelp.xml
 		- ONEnews.xml
+		- ONEserver.cz.xml
 		- ONEweb.xml
 
 
-	!www: mismatched, CN: www.oneadmin.cz
+	onesolution.cz: Mismatched, CN: www.oneadmin.cz
 
 -->
-<ruleset name="ONEsolution">
+<ruleset name="ONEsolution.cz">
 
-	<target host="onesolution.cz" />
+	<!--	Direct rewrites:
+				-->
 	<target host="www.onesolution.cz" />
 
+	<!--	Complications:
+				-->
+	<target host="onesolution.cz" />
+
 
 	<securecookie host="^www\.onesolution\.cz$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?onesolution\.cz/"
+	<rule from="^http://onesolution\.cz/"
 		to="https://www.onesolution.cz/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ONEweb.xml b/src/chrome/content/rules/ONEweb.xml
index b3933dfe462f..77350171057c 100644
--- a/src/chrome/content/rules/ONEweb.xml
+++ b/src/chrome/content/rules/ONEweb.xml
@@ -20,4 +20,4 @@
 	<rule from="^http://(?:www\.)?oneweb\.cz/"
 		to="https://www.oneweb.cz/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ONOS_Project.org.xml b/src/chrome/content/rules/ONOS_Project.org.xml
new file mode 100644
index 000000000000..d903d31f88a0
--- /dev/null
+++ b/src/chrome/content/rules/ONOS_Project.org.xml
@@ -0,0 +1,17 @@
+<!--
+	(www.)?onosproject.org: WP Engine
+
+-->
+<ruleset name="ONOS Project.org (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="gerrit.onosproject.org" />
+	<target host="jira.onosproject.org" />
+	<target host="wiki.onosproject.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ONOrobot.org.xml b/src/chrome/content/rules/ONOrobot.org.xml
index 21e0e3ac9434..13639039a86d 100644
--- a/src/chrome/content/rules/ONOrobot.org.xml
+++ b/src/chrome/content/rules/ONOrobot.org.xml
@@ -1,17 +1,21 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://onorobot.org/ => https://onorobot.org/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.onorobot.org/ => https://www.onorobot.org/: (28, 'Connection timed out after 20001 milliseconds')
+
 	For other Tactical Technology coverage, see Tactical_Tech.org.xml.
 
 -->
-<ruleset name="ONOrobot.org">
+<ruleset name="ONOrobot.org" default_off="failed ruleset test">
 
 	<target host="onorobot.org" />
-	<target host="*.onorobot.org" />
+	<target host="www.onorobot.org" />
 
 
 	<securecookie host="^\.onorobot\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?onorobot\.org/"
-		to="https://$1onorobot.org/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/OODA.com.xml b/src/chrome/content/rules/OODA.com.xml
index a7a004a19903..76444cab1c60 100644
--- a/src/chrome/content/rules/OODA.com.xml
+++ b/src/chrome/content/rules/OODA.com.xml
@@ -29,4 +29,4 @@
 	<rule from="^http://(?:www\.)?ooda\.com/"
 		to="https://www.ooda.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/OODA_Loop.com.xml b/src/chrome/content/rules/OODA_Loop.com.xml
index 0802414ea563..2ae58d4c2989 100644
--- a/src/chrome/content/rules/OODA_Loop.com.xml
+++ b/src/chrome/content/rules/OODA_Loop.com.xml
@@ -31,4 +31,4 @@
 	<rule from="^http://(?:www\.)?oodaloop\.com/"
 		to="https://www.oodaloop.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/OPCW.org.xml b/src/chrome/content/rules/OPCW.org.xml
new file mode 100644
index 000000000000..981779d00d18
--- /dev/null
+++ b/src/chrome/content/rules/OPCW.org.xml
@@ -0,0 +1,20 @@
+<!--
+	Organisation for the Prohibition of Chemical Weapons
+
+	http redirect:
+		- ^
+
+	Mixed content:
+		- Images from $self *
+
+	* Secured by us
+-->
+<ruleset name="OPCW.org">
+	<target host="opcw.org" />
+	<target host="www.opcw.org" />
+
+	<rule from="^http://opcw\.org/"
+		to="https://www.opcw.org/" />
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/OPM.gov.xml b/src/chrome/content/rules/OPM.gov.xml
new file mode 100644
index 000000000000..d82a941b8725
--- /dev/null
+++ b/src/chrome/content/rules/OPM.gov.xml
@@ -0,0 +1,18 @@
+<ruleset name="OPM.gov (partial)">
+
+	<target host="opm.gov" />
+	<target host="www.opm.gov" />
+	<target host="apps.opm.gov" />
+	<target host="archive.opm.gov" />
+	<target host="leadership.opm.gov" />
+	<target host="listserv.opm.gov" />
+	<target host="www.servicesonline.opm.gov" />
+	<target host="timesheets.opm.gov" />
+	<target host="www.leadership.opm.gov" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OPML.xml b/src/chrome/content/rules/OPML.xml
deleted file mode 100644
index d8a946f807e3..000000000000
--- a/src/chrome/content/rules/OPML.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- www
-		- dev
-
--->
-<ruleset name="OPML (partial)">
-
-	<target host="static.opml.org" />
-
-
-	<rule from="^https?://static\.opml\.org/"
-		to="https://s3.amazonaws.com/static.opml.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/OPNsense.org.xml b/src/chrome/content/rules/OPNsense.org.xml
new file mode 100644
index 000000000000..7796ac86608d
--- /dev/null
+++ b/src/chrome/content/rules/OPNsense.org.xml
@@ -0,0 +1,29 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- opnsense.org
+		- forum.opnsense.org
+		- www.opnsense.org
+
+-->
+<ruleset name="OPNsense.org">
+
+	<target host="opnsense.org" />
+	<target host="docs.opnsense.org" />
+	<target host="forum.opnsense.org" />
+	<target host="lists.opnsense.org" />
+	<target host="wiki.opnsense.org" />
+	<target host="www.opnsense.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(forum\.|www\.)?opnsense\.org$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OPSWAT.com.xml b/src/chrome/content/rules/OPSWAT.com.xml
new file mode 100644
index 000000000000..9cf4beb10ac5
--- /dev/null
+++ b/src/chrome/content/rules/OPSWAT.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="OPSWAT.com">
+
+	<target host="opswat.com" />
+	<target host="www.opswat.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ORA.xml b/src/chrome/content/rules/ORA.xml
index ba8ff26263e2..4404f08662a4 100644
--- a/src/chrome/content/rules/ORA.xml
+++ b/src/chrome/content/rules/ORA.xml
@@ -1,13 +1,19 @@
-<ruleset name="ORA">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://orafarm.com/ => https://orafarm.com/: Too many redirects while fetching 'https://orafarm.com/'
+Fetch error: http://www.orafarm.com/ => https://www.orafarm.com/: Too many redirects while fetching 'https://www.orafarm.com/'
+
+-->
+<ruleset name="ORA" default_off="failed ruleset test">
 
 	<target host="orafarm.com" />
-	<target host="*.orafarm.com" />
+	<target host="www.orafarm.com" />
 
 
 	<securecookie host="^\.orafarm\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?orafarm\.com/"
-		to="https://$1orafarm.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ORB-International.com.xml b/src/chrome/content/rules/ORB-International.com.xml
new file mode 100644
index 000000000000..cfd0fc3f9784
--- /dev/null
+++ b/src/chrome/content/rules/ORB-International.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="ORB-International.com">
+
+	<target host="orb-international.com" />
+	<target host="www.orb-international.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ORCID.org.xml b/src/chrome/content/rules/ORCID.org.xml
new file mode 100644
index 000000000000..64573cbca057
--- /dev/null
+++ b/src/chrome/content/rules/ORCID.org.xml
@@ -0,0 +1,25 @@
+<!--
+	Website is configured so that any subdomain is valid and works
+	over https.
+
+	Time out:
+		qrcode.orcid.org
+
+-->
+<ruleset name="ORCID.org">
+
+	<target host="orcid.org" />
+	<target host="*.orcid.org" />
+		<test url="http://testurl1.orcid.org/" />
+		<test url="http://testurl2.orcid.org/" />
+		<test url="http://testurl3.orcid.org/" />
+
+		<exclusion pattern="^http://qrcode\.orcid\.org/" />
+			<test url="http://qrcode.orcid.org/" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ORF.at.xml b/src/chrome/content/rules/ORF.at.xml
new file mode 100644
index 000000000000..a70413afa08e
--- /dev/null
+++ b/src/chrome/content/rules/ORF.at.xml
@@ -0,0 +1,254 @@
+<!--
+
+	Non-2xx HTTP code:
+		- anmeldung.orf.at
+		- bachmannpreis.orf.at
+		- bewerbungen.orf.at
+		- burgenland.orf.at
+		- diegrossechance.orf.at
+		- game.orf.at
+		- games.orf.at
+		- hrvati.orf.at
+		- kaernten.orf.at
+		- mallorca.orf.at
+		- noe.orf.at
+		- oekastatic.orf.at
+		- oesterreich.orf.at
+		- ooe.orf.at
+		- salzburg.orf.at
+		- single.orf.at
+		- steiermark.orf.at
+		- tirol.orf.at
+		- volksgruppen.orf.at
+		- vorarlberg.orf.at
+		- voting.orf.at
+		- wien.orf.at
+
+	Cert expired:
+		- oe3verkehr.orf.at
+		- content.orf.at
+
+	Cert mismatch:
+		- burgenlandkalender.orf.at
+		- cluboe3.orf.at
+		- hanoi.orf.at
+		- ipv4.debatte.orf.at
+		- itv.orf.at
+		- langenacht2.orf.at
+		- musikprotokoll.orf.at
+		- newsletter.insider.orf.at
+		- orfdrei.insider.orf.at
+		- pub2.mc.orf.at
+		- radiokulturhaus.orf.at
+		- vorarlberg-sport.orf.at
+		- wahl.orf.at
+		- www.tvthek.orf.at
+
+	Chain issues:
+		- oe1.orf.at
+		- orfeapp6.orf.at
+		- orfeapp66.orf.at
+		- laos.orf.at
+		- roi.orf.at
+		- u19.orf.at
+
+	Redirect to plain:
+		- ^
+		- www
+		- api-stage-tvthek
+		- api-tvthek
+		- averell
+		- backstage
+		- bernard
+		- bianca
+		- brain
+		- brava
+		- clyde
+		- cook
+		- dalton
+		- dancingstars
+		- der
+		- drei
+		- echtjetzt
+		- extra
+		- files
+		- files2
+		- fm4
+		- go
+		- gutenmorgen
+		- help
+		- insider
+		- iptv
+		- jack
+		- jobs
+		- klimaschutzpreis
+		- m
+		- magazin
+		- mediaresearch
+		- medienforschung
+		- mobil
+		- muttererde
+		- nanga
+		- news
+		- oe3
+		- oe3dabei
+		- onepager
+		- pinky
+		- publikumsrat
+		- songcontest
+		- sport
+		- static
+		- static2
+		- suche
+		- tonga
+		- totoya
+		- tube
+		- tv
+		- tv-thek
+		- tvportal
+		- tvthek
+		- unterwegs
+		- video
+		- webport7
+		- werbung
+		- ws3
+		- ws4
+
+	TLS Error:
+		- adfs.orf.at
+		- avedge.orf.at
+		- conedge.orf.at
+		- eas.orf.at
+		- jericho.orf.at
+		- mash.orf.at
+		- members.orf.at
+		- osm.orf.at
+		- yucca.orf.at
+
+-->
+<ruleset name="ORF.at (partial)">
+
+	<target host="access.orf.at" />
+	<target host="appfeeds.orf.at" />
+	<target host="audioapi.orf.at" />
+	<target host="autodiscover.orf.at" />
+	<target host="bert.orf.at" />
+	<target host="bikini.orf.at" />
+	<target host="bits.orf.at" />
+	<target host="boa.orf.at" />
+	<target host="bolek.orf.at" />
+	<target host="book.orf.at" />
+	<target host="booking.orf.at" />
+	<target host="bpo.orf.at" />
+	<target host="buergerforumdb.orf.at" />
+	<target host="cloud.orf.at" />
+	<target host="crm.orf.at" />
+	<target host="crmtest.orf.at" />
+	<target host="crmweb.orf.at" />
+	<target host="ctest.orf.at" />
+	<target host="debatte.orf.at" />
+	<target host="dev.orf.at" />
+	<target host="developer.orf.at" />
+	<target host="dialin.orf.at" />
+	<target host="digital.orf.at" />
+	<target host="ecommerce.orf.at" />
+	<target host="emm.orf.at" />
+	<target host="enterprise.orf.at" />
+	<target host="enterpriseweb.orf.at" />
+	<target host="ernie.orf.at" />
+	<target host="extern-marco.orf.at" />
+	<target host="extranet.orf.at" />
+	<target host="extranet1.orf.at" />
+	<target host="extranet2.orf.at" />
+	<target host="ftp-test.orf.at" />
+	<target host="gmfi.orf.at" />
+	<target host="gomera.orf.at" />
+	<target host="gonzales.orf.at" />
+	<target host="gromit.orf.at" />
+	<target host="guns.orf.at" />
+	<target host="harris.orf.at" />
+	<target host="hermes.orf.at" />
+	<target host="ibiza.orf.at" />
+	<target host="insiderservice.orf.at" />
+	<target host="joe.orf.at" />
+	<target host="kundenportal.orf.at" />
+	<target host="langenacht.orf.at" />
+	<target host="lichtinsdunkel.orf.at" />
+	<target host="login.orf.at" />
+	<target host="lolek.orf.at" />
+	<target host="lyncdiscover.orf.at" />
+	<target host="mak.orf.at" />
+	<target host="mantis.orf.at" />
+	<target host="marco.orf.at" />
+	<target host="meet.orf.at" />
+	<target host="mercy.orf.at" />
+	<target host="moskau.orf.at" />
+	<target host="musiclibrary.orf.at" />
+	<target host="musikverlag.orf.at" />
+	<target host="mx.orf.at" />
+	<target host="my.orf.at" />
+	<target host="mykonos.orf.at" />
+	<target host="nachbarinnot.orf.at" />
+	<target host="oe1kalender.orf.at" />
+	<target host="oe3meta.orf.at" />
+	<target host="oe3pinnwand.orf.at" />
+	<target host="okidoki.orf.at" />
+	<target host="our.orf.at" />
+	<target host="pipe.orf.at" />
+	<target host="plovdiv.orf.at" />
+	<target host="preview.orf.at" />
+	<target host="prm.orf.at" />
+	<target host="programm.orf.at" />
+	<target host="pumuckl.orf.at" />
+	<target host="pvc.orf.at" />
+	<target host="radiobilder.orf.at" />
+	<target host="religion.orf.at" />
+	<target host="roses.orf.at" />
+	<target host="rso.orf.at" />
+	<target host="rss.orf.at" />
+	<target host="s4bpage.orf.at" />
+	<target host="science.orf.at" />
+	<target host="shop.orf.at" />
+	<target host="sister.orf.at" />
+	<target host="skype.orf.at" />
+	<target host="smartweb.orf.at" />
+	<target host="sms.orf.at" />
+	<target host="speedy.orf.at" />
+	<target host="sts.orf.at" />
+	<target host="teletext.orf.at" />
+	<target host="thredbo.orf.at" />
+	<target host="tickets.orf.at" />
+	<target host="tobago.orf.at" />
+	<target host="trichter.orf.at" />
+	<target host="trinidad.orf.at" />
+	<target host="tts.orf.at" />
+	<target host="tubestatic.orf.at" />
+	<target host="vote.orf.at" />
+	<target host="vpngate.orf.at" />
+	<target host="vpngate1.orf.at" />
+	<target host="wac.orf.at" />
+	<target host="walk.orf.at" />
+	<target host="wallace.orf.at" />
+	<target host="webim.orf.at" />
+	<target host="webmail.orf.at" />
+	<target host="weboffice.orf.at" />
+	<target host="webport1.orf.at" />
+	<target host="webport6.orf.at" />
+	<target host="werbenmal9.orf.at" />
+	<target host="piwik.werbenmal9.orf.at" />
+	<target host="william.orf.at" />
+	<target host="wilma.orf.at" />
+	<target host="ws.orf.at" />
+	<target host="ws1.orf.at" />
+	<target host="ws10.orf.at" />
+	<target host="ws11.orf.at" />
+	<target host="ws12.orf.at" />
+	<target host="ws2.orf.at" />
+	<target host="ws7.orf.at" />
+	<target host="ws9.orf.at" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OReilly-Media-mismatches.xml b/src/chrome/content/rules/OReilly-Media-mismatches.xml
deleted file mode 100644
index f8b2aaf13a1d..000000000000
--- a/src/chrome/content/rules/OReilly-Media-mismatches.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	For rules that are on by default, see OReilly-Media.xml.
-
--->
-<ruleset name="O’Reilly Media (mismatches)" default_off="mismatch">
-
-	<target host="akamaicovers.oreilly.com" />
-
-
-	<!--	Akamai	-->
-	<rule from="^http://akamaicovers\.oreilly\.com/"
-		to="https://akamaicovers.oreilly.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/OReilly-Media.xml b/src/chrome/content/rules/OReilly-Media.xml
deleted file mode 100644
index 6a304460e5f6..000000000000
--- a/src/chrome/content/rules/OReilly-Media.xml
+++ /dev/null
@@ -1,31 +0,0 @@
-<!--
-	For problematic rules, see OReilly-Media-mismatches.xml.
-
-
-	Nonfunctional subdomains:
-
-		- radar		(times out)
-
--->
-<ruleset name="O’Reilly Media (partial)">
-
-	<target host="*.oreilly.com" />
-	<target host="cdn.oreillystatic.com" />
-
-
-  <!--
-  This was breaking the O'Reilly shopping cart...
-	<securecookie host="^shop\.oreilly\.com$" name=".*" />
-  -->
-
-
-	<rule from="^http://members\.oreilly\.com/"
-		to="https://members.oreilly.com/" />
-
-	<rule from="^http://shop\.oreilly\.com/(images|includes|mod|text)/"
-		to="https://shop.oreilly.com/$1/" />
-
-	<rule from="^http://cdn\.oreillystatic\.com/"
-		to="https://cdn.oreillystatic.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/OReilly.com.xml b/src/chrome/content/rules/OReilly.com.xml
new file mode 100644
index 000000000000..e98f96959caf
--- /dev/null
+++ b/src/chrome/content/rules/OReilly.com.xml
@@ -0,0 +1,24 @@
+<!--
+	Different content HTTP/HTTPS:
+		answers.oreilley.com
+		bookworm.oreilly.com
+
+	Secure connection failed:
+		radar.oreilley.com
+
+	Redirect to http:
+		shop.oreilly.com
+
+-->
+<ruleset name="OReilly.com (partial)">
+
+	<target host="oreilly.com" />
+	<target host="www.oreilly.com" />
+	<target host="akamaicovers.oreilly.com" />
+	<target host="cdn.oreillystatic.com" />
+	<target host="examples.oreilly.com" />
+	<target host="members.oreilly.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OS.uk.xml b/src/chrome/content/rules/OS.uk.xml
new file mode 100644
index 000000000000..ac0a6d7dfc7c
--- /dev/null
+++ b/src/chrome/content/rules/OS.uk.xml
@@ -0,0 +1,17 @@
+<!--
+	For other Ordnance Survey coverage, see Ordnance_Survey.xml.
+
+-->
+<ruleset name="OS.uk">
+
+	<target host="os.uk" />
+	<target host="www.os.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OS3.nl.xml b/src/chrome/content/rules/OS3.nl.xml
new file mode 100644
index 000000000000..1f7c04850790
--- /dev/null
+++ b/src/chrome/content/rules/OS3.nl.xml
@@ -0,0 +1,24 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- os3.nl
+		- www.os3.nl
+
+-->
+<ruleset name="OS3.nl">
+
+	<target host="os3.nl" />
+	<target host="www.os3.nl" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?os3\.nl$" name="^(DokuWiki|DW[\da-f]{32})$" /-->
+
+	<securecookie host="^(?:www\.)?os3\.nl$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OSADL.org.xml b/src/chrome/content/rules/OSADL.org.xml
index 0a81583f816d..9c799d22c5e4 100644
--- a/src/chrome/content/rules/OSADL.org.xml
+++ b/src/chrome/content/rules/OSADL.org.xml
@@ -1,13 +1,13 @@
 <ruleset name="OSADL.org">
 
 	<target host="osadl.org" />
-	<target host="*.osadl.org" />
+	<target host="lists.osadl.org" />
+	<target host="www.osadl.org" />
 
 
 	<securecookie host="^\.osadl\.org$" name=".+" />
 
 
-	<rule from="^http://(lists\.|www\.)?osadl\.org/"
-		to="https://$1osadl.org/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/OSChina.net.xml b/src/chrome/content/rules/OSChina.net.xml
new file mode 100644
index 000000000000..ba21e54bddac
--- /dev/null
+++ b/src/chrome/content/rules/OSChina.net.xml
@@ -0,0 +1,18 @@
+<ruleset name="OSChina.net">
+	<target host="oschina.net" />
+	<target host="www.oschina.net" />
+	<target host="city.oschina.net" />
+	<target host="git.oschina.net" />
+	<target host="job.oschina.net" />
+	<target host="m.oschina.net" />
+	<target host="my.oschina.net" />
+	<target host="static.oschina.net" />
+	<target host="team.oschina.net" />
+	<target host="tool.oschina.net" />
+	<target host="tools.oschina.net" />
+	<target host="zb.oschina.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/OSDC.com.au.xml b/src/chrome/content/rules/OSDC.com.au.xml
new file mode 100644
index 000000000000..8ff15ffdb951
--- /dev/null
+++ b/src/chrome/content/rules/OSDC.com.au.xml
@@ -0,0 +1,47 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://osdc.com.au/home.php => https://2015.osdc.com.au/home.php: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://2015.osdc.com.au/ => https://2015.osdc.com.au/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://osdc.com.au/ => https://2015.osdc.com.au/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.osdc.com.au/ => https://2015.osdc.com.au/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	(www.)?osdc.com.au: Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- 2015.osdc.com.au
+
+-->
+<ruleset name="OSDC.com.au" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="2015.osdc.com.au" />
+
+	<!--	Complications:
+				-->
+	<target host="osdc.com.au" />
+	<target host="www.osdc.com.au" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^2015\.osdc\.com\.au$" name="^csrftoken$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<!--	Redirect keeps path and args,
+		but not forward slash:
+					-->
+	<rule from="^http://(?:www\.)?osdc\.com\.au/+"
+		to="https://2015.osdc.com.au/" />
+
+		<test url="http://osdc.com.au/home.php" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OSDV.org-problematic.xml b/src/chrome/content/rules/OSDV.org-problematic.xml
deleted file mode 100644
index 98a38cc9148f..000000000000
--- a/src/chrome/content/rules/OSDV.org-problematic.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	For rules that are on by default, see OSDV.org.xml.
-
--->
-<ruleset name="OSDV.org (problematic)" default_off="mismatched">
-
-	<target host="osdv.org" />
-	<target host="www.osdv.org" />
-		<!--
-			Handled in OSDV.org.xml:
-						-->
-		<exclusion pattern="^http://(?:www\.)?osdv\.org/wp-(?:content|includes)/" />
-
-
-	<rule from="^http://(?:www\.)?osdv\.org/"
-		to="https://www.osdv.org/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/OSDV.org.xml b/src/chrome/content/rules/OSDV.org.xml
index 4fc3befb5012..62be0996c947 100644
--- a/src/chrome/content/rules/OSDV.org.xml
+++ b/src/chrome/content/rules/OSDV.org.xml
@@ -1,33 +1,15 @@
 <!--
-	For problematic rules, see OSDV.org-problematic.xml.
-
-
-	CN: *.trustthevote.org
-
-
-	Mixed content:
-
-		- Script on www from ^ *
-		- css on www from ^ *
-		- Image on www from wordpress2.trustthevote.org *
-
-	* Secured by us
+	Redirect to http://www.osetfoundation.org/about
 
 -->
-<ruleset name="OSDV.org (partial)">
+<ruleset name="OSDV.org" default_off="mismatched">
 
 	<target host="osdv.org" />
-	<target host="*.osdv.org" />
-		<!--
-			Avoiding user-visible paths:
-							-->
-		<exclusion pattern="^http://(?:www\.)?osdv\.org/(?!wp-content/|wp-includes/)" />
-
-
-	<securecookie host="^\.osdv\.org$" name="^__utm\w$" />
+	<target host="www.osdv.org" />
 
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(?:www\.)?osdv\.org/"
-		to="https://wordpress2.trustthevote.org/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/OSGeo.org.xml b/src/chrome/content/rules/OSGeo.org.xml
index 4b50cc86e81d..450f71b365b5 100644
--- a/src/chrome/content/rules/OSGeo.org.xml
+++ b/src/chrome/content/rules/OSGeo.org.xml
@@ -1,49 +1,79 @@
 <!--
-	Nonfunctional subdomains:
-
-		- download	(http reply)
-		- geos *
-		- planet *
-
-	* Refused
-
-
-	Problematic subdomains:
-
-		- osgeo4w	(redirects to http)
-
-
-	Partially covered subdomains:
-
-		- (www.) *
-		- wiki *
-
-	* Some pages redirect to http
-
-
-	Fully covered subdomains:
-
-		- lists
-		- osgeo4w	(→ trac)
-		- svn
-		- trac
-
+	Invalid certificate:
+		de.osgeo.org
+		gallery.osgeo.org
+		grassold.osgeo.org
+		journal2.osgeo.org
+		mail.osgeo.org
+		orfeo-toolbox.osgeo.org
+		tilecache.osgeo.org
+		uk.osgeo.org
+
+	Different content HTTP/HTTPS:
+		downloads.osgeo.org
+		upload.osgeo.org
+
+	Refused:
+		geohealthcheck.osgeo.org
+		projects.mapbender.osgeo.org
+		oam.osgeo.org
+		docs.oam.osgeo.org
+
+	Time out:
+		mapguidebeta.osgeo.org
+		mapserver.osgeo.org
+		openid.osgeo.org
+
+	Redirect to HTTP:
+		www2.osgeo.org
+
+	Expired:
+		osgeo.org
+		csmap.osgeo.org
+		edu.osgeo.org
+		es.osgeo.org
+		fr.osgeo.org
+		geodata.osgeo.org
+		geotools.osgeo.org
+		gvsig.osgeo.org
+		incubator.osgeo.org
+		jp.osgeo.org
+		mapguide.osgeo.org
+		mapguide2.osgeo.org
+		metacrs.osgeo.org
+		openlayers.osgeo.org
+		osgeo4w.osgeo.org
+		ossim.osgeo.org
+		proj.osgeo.org
+		quebec.osgeo.org
+		vienna2014.sprint.osgeo.org
+		wiki2.osgeo.org
+		staging2.www.osgeo.org
 -->
-<ruleset name="OSGeo.org (partial)">
-
-	<target host="osgeo.org" />
-	<target host="*.osgeo.org" />
-		<exclusion pattern="^http://(?:www\.)?osgeo\.org/(?!favicon\.ico|files/|images/|misc/|modules/|sites/)" />
-		<exclusion pattern="^http://wiki\.osgeo\.org/(?!favicon\.ico|index\.php\?title=Special:UserLogin|skins/)" />
-
-
-	<securecookie host="^trac\.osgeo\.org$" name=".+" />
-
-
-	<rule from="^http://((?:lists|svn|trac|wiki|www)\.)?osgeo\.org/"
-		to="https://$1osgeo.org/" />
-
-	<rule from="^http://osgeo4w\.osgeo\.org/[^?]*(\?.*)?"
-		to="https://trac.osgeo.org/osgeo4w/$1" />
-
+<ruleset name="OSGeo.org">
+	<target host="www.osgeo.org" />
+	<target host="download.osgeo.org" />
+	<target host="drone.osgeo.org" />
+	<target host="fdo.osgeo.org" />
+	<target host="fdo2.osgeo.org" />
+	<target host="geos.osgeo.org" />
+	<target host="geotiff.osgeo.org" />
+	<target host="git.osgeo.org" />
+	<target host="grass.osgeo.org" />
+	<target host="grasswiki.osgeo.org" />
+	<target host="id.osgeo.org" />
+	<target host="journal.osgeo.org" />
+	<target host="lists.osgeo.org" />
+	<target host="live.osgeo.org" />
+	<target host="mapbender.osgeo.org" />
+	<target host="mapbuilder.osgeo.org" />
+	<target host="planet.osgeo.org" />
+	<target host="svn.osgeo.org" />
+	<target host="trac.osgeo.org" />
+	<target host="wiki.osgeo.org" />
+	<target host="staging.www.osgeo.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/OSHA.gov.xml b/src/chrome/content/rules/OSHA.gov.xml
index 1d4d55adfb81..a473af3c08fc 100644
--- a/src/chrome/content/rules/OSHA.gov.xml
+++ b/src/chrome/content/rules/OSHA.gov.xml
@@ -1,10 +1,40 @@
-<ruleset name="US OSHA.gov">
-	<target host="osha.gov" />
+<!--
+	Occupational Safety & Health Administration
+
+
+
+	Problematic hosts in *osha.gov:
+
+		- ^ ᵖ
+		- m ᵐ
+
+	ᵐ Mismatched
+	ᵖ Plaintext reply, preemptable redirect
+
+
+	Mixed content:
+
+		- Images on www from www.dol.gov ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="US OSHA.gov (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="test.osha.gov" />
 	<target host="www.osha.gov" />
 
-	<rule from="^http://(?:www\.)?osha\.gov/" to="https://www.osha.gov/" />
+	<!--	Complications:
+				-->
+	<target host="osha.gov" />
+
+
+	<rule from="^http://osha\.gov/"
+		to="https://www.osha.gov/" />
+
+	<rule from="^http:"
+		to="https:" />
 
-	<!-- Invoking https://osha.gov/ produces a certificate error, so
-	redirect https://osha.gov/ to https://www.osha.gov/ -->
-	<rule from="^https://osha\.gov/" to="https://www.osha.gov/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/OSI_Codes.xml b/src/chrome/content/rules/OSI_Codes.xml
index 8e09def6265e..1b78b115faa4 100644
--- a/src/chrome/content/rules/OSI_Codes.xml
+++ b/src/chrome/content/rules/OSI_Codes.xml
@@ -1,10 +1,15 @@
-<ruleset name="OSI Codes">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://osicodesinc.com/ => https://osicodesinc.com/: (51, "SSL: no alternative certificate subject name matches target host name 'osicodesinc.com'")
+
+-->
+<ruleset name="OSI Codes" default_off="failed ruleset test">
 
 	<target host="osicodesinc.com" />
 	<target host="www.osicodesinc.com" />
 
 
-	<rule from="^http://(www\.)?osicodesinc\.com/"
-		to="https://$1osicodesinc.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/OSM_Foundation.xml b/src/chrome/content/rules/OSM_Foundation.xml
new file mode 100644
index 000000000000..c69093302a13
--- /dev/null
+++ b/src/chrome/content/rules/OSM_Foundation.xml
@@ -0,0 +1,9 @@
+<ruleset name="OpenStreetMap Foundation">
+	<target host="osmfoundation.org" />
+	<target host="www.osmfoundation.org" />
+	<target host="blog.osmfoundation.org" />
+	<target host="wiki.osmfoundation.org" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/OSM_Group.xml b/src/chrome/content/rules/OSM_Group.xml
index 7dd6c258f4c0..6783a2d11703 100644
--- a/src/chrome/content/rules/OSM_Group.xml
+++ b/src/chrome/content/rules/OSM_Group.xml
@@ -1,10 +1,15 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://osmglobal.com/ => https://www.osmglobal.com/: (35, 'error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol')
+Fetch error: http://www.osmglobal.com/ => https://www.osmglobal.com/: (35, 'error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol')
+
 	Problematic subdomains:
 
 		- ^	(mismatched, CN: sip.osmglobal.com)
 
 -->
-<ruleset name="OSM Group">
+<ruleset name="OSM Group" default_off="failed ruleset test">
 
 	<target host="osmglobal.com" />
 	<target host="www.osmglobal.com" />
@@ -16,4 +21,4 @@
 	<rule from="^http://(?:www\.)?osmglobal\.com/"
 		to="https://www.osmglobal.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/OSNews.com.xml b/src/chrome/content/rules/OSNews.com.xml
new file mode 100644
index 000000000000..e28d33b04371
--- /dev/null
+++ b/src/chrome/content/rules/OSNews.com.xml
@@ -0,0 +1,11 @@
+<!--
+	Different HTTP/HTTPS content:
+		mobile.osnews.com
+
+-->
+<ruleset name="OSNews.com" platform="mixedcontent">
+	<target host="osnews.com" />
+	<target host="www.osnews.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/OSR_Foundation.org-problematic.xml b/src/chrome/content/rules/OSR_Foundation.org-problematic.xml
new file mode 100644
index 000000000000..4b2df931638c
--- /dev/null
+++ b/src/chrome/content/rules/OSR_Foundation.org-problematic.xml
@@ -0,0 +1,16 @@
+<!--
+	For rules that are on by default, see
+
+-->
+<ruleset name="OSR Foundation.org (expired)" default_off="expired">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="osrfoundation.org" />
+	<target host="www.osrfoundation.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OSU.edu-falsemixed.xml b/src/chrome/content/rules/OSU.edu-falsemixed.xml
new file mode 100644
index 000000000000..8c1912f9a71e
--- /dev/null
+++ b/src/chrome/content/rules/OSU.edu-falsemixed.xml
@@ -0,0 +1,42 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://footprint.osu.edu/ => https://footprint.osu.edu/: (51, "SSL: no alternative certificate subject name matches target host name 'footprint.osu.edu'")
+
+	For rules not causing false/broken MCB, see Ohio-State-University.xml.
+
+-->
+<ruleset name="OSU.edu (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="carmenconnect.osu.edu" />
+	<target host="fod.osu.edu" />
+	<target host="footprint.osu.edu" />
+	<target host="investments.osu.edu" />
+	<target host="liblearn.osu.edu" />
+	<target host="outreach.osu.edu" />
+	<target host="ppcw.osu.edu" />
+	<target host="tobaccofree.osu.edu" />
+	<target host="trustees.osu.edu" />
+
+	<!--	Complications:
+				-->
+	<target host="www.fod.osu.edu" />
+	<target host="www.investments.osu.edu" />
+	<target host="www.ppcw.osu.edu" />
+	<target host="www.tobaccofree.osu.edu" />
+	<target host="www.trustees.osu.edu" />
+
+
+	<securecookie host="^\." name="^_(?:gat?$|_utm)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://www\.(fod|investments|ppcw|tobaccofree|trustees)\.osu\.edu/"
+		to="https://$1.osu.edu/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OSUMC.edu.xml b/src/chrome/content/rules/OSUMC.edu.xml
new file mode 100644
index 000000000000..f5a4d0d92078
--- /dev/null
+++ b/src/chrome/content/rules/OSUMC.edu.xml
@@ -0,0 +1,19 @@
+<!--
+	^osumc.edu: Mismatched, untrusted root
+
+-->
+<ruleset name="OSUMC.edu (partial)">
+
+	<target host="osumychart.osumc.edu" />
+	<target host="www.osumc.edu" />
+	<target host="wwwow.osumc.edu" />
+
+
+	<securecookie host="^\." name="^_gat?$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OSVDB.org.xml b/src/chrome/content/rules/OSVDB.org.xml
deleted file mode 100644
index 030f97264c8e..000000000000
--- a/src/chrome/content/rules/OSVDB.org.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	Some pages redirect to http.
-
--->
-<ruleset name="OSVDB.org (partial)">
-
-	<target host="osvdb.org" />
-	<target host="*.osvdb.org" />
-		<!--exclusion pattern="^http://(www\.)?osvdb\.org/($|\?|account/forgot_password|(privacy|search|show/osvdb/\d+|support|tos)($|[?/]))" /-->
-
-
-	<securecookie host="^\.osvdb\.org$" name="^__utm\w$" />
-
-
-	<!--	Redirects to http first:
-						-->
-	<rule from="^http://(www\.)?osvdb\.org/account/?(?:\?.*)$"
-		to="https://$1osvdb.org/account/login" />
-
-	<rule from="^http://(www\.)?osvdb\.org/(account/(?:login|signup)(?:$|\?)|images/|javascripts/|stylesheets/)"
-		to="https://$1osvdb.org/$2" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/OS_Systems.xml b/src/chrome/content/rules/OS_Systems.xml
index de844ca68bc0..85d3a3898ae2 100644
--- a/src/chrome/content/rules/OS_Systems.xml
+++ b/src/chrome/content/rules/OS_Systems.xml
@@ -12,7 +12,6 @@
 	<securecookie host="^projetos\.ossystems\.com\.br$" name=".+" />
 
 
-	<rule from="^http://projetos\.ossystems\.com\.br/"
-		to="https://projetos.ossystems.com.br/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/OTAlliance.org.xml b/src/chrome/content/rules/OTAlliance.org.xml
index 344628a459c0..9bea273b3391 100644
--- a/src/chrome/content/rules/OTAlliance.org.xml
+++ b/src/chrome/content/rules/OTAlliance.org.xml
@@ -3,7 +3,6 @@
 	<target host="otalliance.org" />
 	<target host="www.otalliance.org" />
 
-	<rule from="^http://(www\.)?otalliance\.org/"
-		to="https://otalliance.org/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/OTR.im.xml b/src/chrome/content/rules/OTR.im.xml
new file mode 100644
index 000000000000..2e0471c86cb5
--- /dev/null
+++ b/src/chrome/content/rules/OTR.im.xml
@@ -0,0 +1,40 @@
+<!--
+	Problematic hosts in *otr.im:
+
+		- coverage *
+
+	* Server sends no certificate chain, see https://whatsmychaincert.com
+
+
+	Fully covered hosts in *otr.im:
+
+		- (www.)?
+		- bugs
+
+
+	Insecure cookies are set for these hosts:
+
+		- bugs.otr.im
+
+-->
+<ruleset name="OTR.im (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="otr.im" />
+	<target host="bugs.otr.im" />
+	<!--target host="coverage.otr.im" /-->
+	<target host="www.otr.im" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^bugs\.otr\.im$" name="^_redmine_otr$" /-->
+
+	<securecookie host="^bugs\.otr\.im$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OTR.to.xml b/src/chrome/content/rules/OTR.to.xml
new file mode 100644
index 000000000000..3d17ed3f9b70
--- /dev/null
+++ b/src/chrome/content/rules/OTR.to.xml
@@ -0,0 +1,11 @@
+<ruleset name="OTR.to">
+
+	<target host="otr.to" />
+	<target host="www.otr.to" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OU.edu.xml b/src/chrome/content/rules/OU.edu.xml
new file mode 100644
index 000000000000..1f5b3a21689c
--- /dev/null
+++ b/src/chrome/content/rules/OU.edu.xml
@@ -0,0 +1,35 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+		- tulsa.ou.edu
+
+		SSL peer certificate was not OK:
+		- forms.ou.edu
+		- heapofbirds.ou.edu
+		- platform.ou.edu
+-->
+<ruleset name="OU.edu (partial)">
+	<target host="ou.edu" />
+	<target host="www.ou.edu" />
+	<target host="account.ou.edu" />
+	<target host="benefitsenrollment.ou.edu" />
+	<target host="canvas.ou.edu" />
+	<target host="cceit.ou.edu" />
+	<target host="checksheets.ou.edu" />
+	<target host="financialaid.ou.edu" />
+	<target host="guides.ou.edu" />
+	<target host="hr.ou.edu" />
+	<target host="apps.hr.ou.edu" />
+	<target host="www.hr.ou.edu" />
+	<target host="janux.ou.edu" />
+	<target host="jobs.ou.edu" />
+	<target host="learn.ou.edu" />
+	<target host="market.ou.edu" />
+	<target host="meteorology.ou.edu" />
+	<target host="ozone.ou.edu" />
+	<target host="sso.ou.edu" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/OUYA.xml b/src/chrome/content/rules/OUYA.xml
deleted file mode 100644
index caf1c9d7f552..000000000000
--- a/src/chrome/content/rules/OUYA.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	Some pages redirect to http.
-
--->
-<ruleset name="OUYA (partial)">
-
-	<target host="ouya.tv" />
-	<target host="*.ouya.tv" />
-		<exclusion pattern="^http://(?:www\.)?ouya\.tv/(?!favicon\.ico|wp-content/)" />
-
-
-	<securecookie host="^devs\.ouya\.tv$" name=".+" />
-
-
-	<rule from="^http://(devs\.|www\.)?ouya\.tv/"
-		to="https://$1ouya.tv/" />
-
-	<rule from="^https?://shop\.ouya\.tv/"
-		to="https://ouya.myshopify.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/OVH.biz.xml b/src/chrome/content/rules/OVH.biz.xml
new file mode 100644
index 000000000000..a4063d326b1c
--- /dev/null
+++ b/src/chrome/content/rules/OVH.biz.xml
@@ -0,0 +1,29 @@
+<!--
+	For other OVH Group coverage, see Ovh.xml.
+
+
+	Insecure cookies are set for these hosts:
+
+		- ovh.biz
+		- www.ovh.biz
+
+-->
+<ruleset name="OVH.biz">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ovh.biz" />
+	<target host="www.ovh.biz" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?ovh\.biz$" name="^slb$" /-->
+
+	<securecookie host="^(?:www\.)?ovh\.biz$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OVH.us.xml b/src/chrome/content/rules/OVH.us.xml
new file mode 100644
index 000000000000..7be032785227
--- /dev/null
+++ b/src/chrome/content/rules/OVH.us.xml
@@ -0,0 +1,47 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://forum.ovh.us/ => https://forum.ovh.us/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	For other OVH coverage, see Ovh.xml.
+
+
+	(www.)?ovh.us: Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- forum.ovh.us
+
+-->
+<ruleset name="OVH.us" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="forum.ovh.us" />
+
+	<!--	Complications:
+				-->
+	<target host="ovh.us" />
+	<target host="www.ovh.us" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^forum\.ovh\.us$" name="^bb_sessionhash$" /-->
+
+	<securecookie host="^forum\.ovh\.us$" name=".+" />
+
+
+	<!--	Redirect keeps path and args,
+		but not forward slash:
+					-->
+	<rule from="^http://(?:www\.)?ovh\.us/+"
+		to="https://www.ovh.com/us/" />
+
+		<test url="http://ovh.us//" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OVH_Telecom.fr.xml b/src/chrome/content/rules/OVH_Telecom.fr.xml
new file mode 100644
index 000000000000..c82ab968e6d3
--- /dev/null
+++ b/src/chrome/content/rules/OVH_Telecom.fr.xml
@@ -0,0 +1,29 @@
+<!--
+	For other OVH Group coverage, see Ovh.xml.
+
+
+	Insecure cookies are set for these hosts:
+
+		- ovhtelecom.fr
+		- www.ovhtelecom.fr
+
+-->
+<ruleset name="OVH Telecom.fr">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ovhtelecom.fr" />
+	<target host="www.ovhtelecom.fr" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?ovhtelecom\.fr$" name="^slb$" /-->
+
+	<securecookie host="^(?:www\.)?ovhtelecom\.fr$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OVPN.se.xml b/src/chrome/content/rules/OVPN.se.xml
new file mode 100644
index 000000000000..498668bb6070
--- /dev/null
+++ b/src/chrome/content/rules/OVPN.se.xml
@@ -0,0 +1,27 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- ovpn.se
+		- www.ovpn.se
+
+-->
+<ruleset name="OVPN.se">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ovpn.se" />
+	<target host="piwik.ovpn.se" />
+	<target host="www.ovpn.se" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?ovpn\.se$" name="^SERVERID$" /-->
+
+	<securecookie host="^(?:www\.)?ovpn\.se$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OVPN.xml b/src/chrome/content/rules/OVPN.xml
index 6aeef8a7fa7a..066143b09282 100644
--- a/src/chrome/content/rules/OVPN.xml
+++ b/src/chrome/content/rules/OVPN.xml
@@ -10,7 +10,7 @@
 			- board
 			- cp
 				-->
-	<securecookie host="^.*\.ovpn\.to$" name=".*" />
+	<securecookie host=".+" name=".+" />
 
 
 	<!--	Observed subdomains:
diff --git a/src/chrome/content/rules/OWASP.xml b/src/chrome/content/rules/OWASP.xml
index 8e78a7be59aa..3061df18fc54 100644
--- a/src/chrome/content/rules/OWASP.xml
+++ b/src/chrome/content/rules/OWASP.xml
@@ -1,5 +1,7 @@
-<ruleset name="OWASP" platform="mixedcontent">
+<ruleset name="OWASP.org">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="owasp.org" />
 	<target host="www.owasp.org" />
 
@@ -7,7 +9,7 @@
 	<securecookie host="^(?:www\.)?owasp\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?owasp\.org/"
-		to="https://$1owasp.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Oak-Ridge-National-Laboratory.xml b/src/chrome/content/rules/Oak-Ridge-National-Laboratory.xml
index 57be74e964a2..a2467ac1040d 100644
--- a/src/chrome/content/rules/Oak-Ridge-National-Laboratory.xml
+++ b/src/chrome/content/rules/Oak-Ridge-National-Laboratory.xml
@@ -1,70 +1,250 @@
-<!--
-	For other US government coverage, see US-government.xml.
-
-
-	Nonfunctional subdomains:
 
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cci.ornl.gov/ => https://cci.ornl.gov/: (6, 'Could not resolve host: cci.ornl.gov')
+Fetch error: http://cmb.ornl.gov/ => https://cmb.ornl.gov/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://homer.ornl.gov/ => https://homer.ornl.gov/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://mercury.ornl.gov/ => https://mercury.ornl.gov/: (28, 'Connection timed out after 20006 milliseconds')
+Fetch error: http://msds.ornl.gov/ => https://msds.ornl.gov/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://nacp.ornl.gov/ => https://nacp.ornl.gov/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://neutrons.ornl.gov/ => https://neutrons.ornl.gov/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://nhaap.ornl.gov/ => https://nhaap.ornl.gov/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.phy.ornl.gov/ => https://www.phy.ornl.gov/: (28, 'Connection timed out after 20008 milliseconds')
+Fetch error: http://rais.ornl.gov/ => https://rais.ornl.gov/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://rsicc.ornl.gov/ => https://rsicc.ornl.gov/: (28, 'Connection timed out after 20008 milliseconds')
+Fetch error: http://user.ornl.gov/ => https://user.ornl.gov/: (28, 'Connection timed out after 20004 milliseconds')
+Fetch error: http://webgis.ornl.gov/ => https://webgis.ornl.gov/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://wiki.ornl.gov/ => https://wiki.ornl.gov/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://sustainability-ornl.org/ => https://sustainability-ornl.org/: (28, 'Connection timed out after 20001 milliseconds')
+
+	Oak Ridge National Laboratory
+
+
+
+	Nonfunctional hosts in *ornl.gov:
+
+		- ameriflux ʳ
+		- bsec ᵃ
+		- cam ᵖ
+		- camm ᵃ
+		- cca1 ᵃ
+		- ccp2011 ᵃ
+		- cda ᵃ
+		- cdiac ᵈ
+		- www.cesar ᵃ
+		- www.cisr ᵃ
+		- www.cnms ᵃ
+		- computing ᵃ
+		- csite ᵈ
+		- www.csm ᵖ
+		- www.csmb ᵃ
+		- cta ᵃ
+		- dtree ᵈ
+		- ebis ᵃ
+		- ecp ᵃ
+		- edde ᵃ
+		- emc ᵃ
+		- energy ᵈ
+		- www.epm ᵖ
+		- equinox ᵖ
+		- www.esd ᵃ
+		- face ᵃ
+		- facedata ᵈ
+		- feedstockreview ᵃ
+		- feerc ᵃ
+		- futureinstruments ᵃ
 		- gsearch	(cert: www.ornl.gov)
-		- neutrons	(501; 403)
-
-
-	Problematic subdomains:
-
-		- olcf		(cert only matches www.olcf)
+		- hippo ʰ
+		- html ᵃ
+		- hydropower ᵃ
+		- imaging ᵈ
+		- inspire ᵈ
+		- www.ioc ᵃ
+		- leafweb ᶠ
+		- lustre ᶠ
+		- mippi ᵃ
+		- mnc ᵃ
+		- www.ms ᵃ
+		- nanotech ᵃ
+		- www.nerp ᵃ
+		- neutrons2 ᵃ
+		- nhts ᵃ
+		- orca ᵃ
+		- peemrc ᵃ
+		- peepsrc ᵃ
+		- per ᵃ
+		- www-cfadc.phy ᵃ
+		- pmi ʳ
+		- popcseq ᵈ
+		- prodigal ᵃ
+		- rsc ᵈ
+		- scale ᵃ
+		- stargate ᵃ
+		- stem ᵃ
+		- tarp ᵃ
+		- tasmanian ᵖ
+		- tccon ʳ
+		- tde ᵃ
+		- traffic ᵈ
+		- trafficapp ᵈ
+		- udi ᵃ
+		- usgs ᵈ
+		- visac ᵃ
+		- bison.usgs ᵈ
+		- weatherization ᵃ
+		- walkerbranch ᵈ
+
+	ᵃ Shows another domain
+	ᵈ Dropped
+	ᶠ Handshake fails
+	ʰ Redirects to http
+	ᵖ Plaintext reply
+	ʳ Refused
+
+
+	Problematic hosts in *ornl.gov:
+
+		- archive2 ᶜ
+		- climate ˢ
+		- compbio ᵉ ᵘ
+		- thredds.daac ᵐ ˣ
+		- fluxnet ᵉ ᵐ ˢ
+		- fsnutown.phy ᵉ
+		- genome ᵉ ᵘ
+		- mnspruce ᶜ
+		- mouse	*
+		- ngee ᵐ
+		- olcf ᵐ
+		- radware.phy ˢ
+		- plot1 ᶜ
+		- web **
+		- webmap ˣ
+
+	* Redirects to besc-lims.ornl.gov:9090
+	** >=1 paths 404
+	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
+	ᵉ Expired
+	ᵐ Mismatched
+	ᵖ Plaintext reply
+	ˢ Self-signed
+	ᵘ Untrusted root
+	ˣ Mixed css
+
+
+	Mixed content:
+
+		- css, on:
+
+			- archive2 from www.archive.arm.gov *
+			- archive2 from www.arm.gov *
+			- thredds.daac, webmap from daac.ornl.gov ˢ
+			- webmap from visapi-gadgets.googlecode.com ˢ
+			- epa-bdcc, epa-bprg, epa-dccs, epa-heast, epa-prgs, epa-sdcc, epa-sprg, hhpprtv, info from fonts.googleapis.com ˢ
+
+		- Images, on:
+
+			- archive2 from www.arm.gov
+			- benefits, ft, info from $self ˢ
+			- fluxnet from $self
+			- mercury from usgs.ornl.gov ᵈ
+
+		- Bug, on:
+
+			- fluxnet from c.statcounter.com ˢ
+			- webmap from static.addtoany.com ˢ
+
+	* Irrelevant <= 404 over http
+	ᵈ Unsecurable <= dropped
+	ˢ Secured by us
 
 -->
-<ruleset name="Oak Ridge National Laboratory (partial)">
+<ruleset name="ORNL.gov (partial)" default_off="failed ruleset test">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="ornl.gov" />
-	<target host="*.ornl.gov" />
-		<!--	Redirect to 404 page	-->
-		<exclusion pattern="^http://www\.ornl\.gov/(adm/|info/|ornlreview/|partnerships/(css/handheld\.css|university)|search)" />
-	<target host="sustainability-ornl.org" />
-
-
-	<!--	Cert only matches www.	-->
-	<rule from="^https?://ornl\.gov/"
-		to="https://www.ornl.gov/" />
-
-	<!--	At least some paths redirect to http.
+	<!--target host="archive2.ornl.gov" /-->
+	<target host="benefits.ornl.gov" />
+	<target host="cci.ornl.gov" />
+	<target host="climatechangescience.ornl.gov" />
+	<target host="cmb.ornl.gov" />
+	<target host="crpk.ornl.gov" />
+	<target host="csites.ornl.gov" />
+	<target host="daac.ornl.gov" />
+	<target host="daac-news.ornl.gov" />
+	<target host="daymet.ornl.gov" />
+	<target host="ddr.ornl.gov" />
+	<target host="epa-bdcc.ornl.gov" />
+	<target host="epa-bprg.ornl.gov" />
+	<target host="epa-dccs.ornl.gov" />
+	<target host="epa-heast.ornl.gov" />
+	<target host="epa-prgs.ornl.gov" />
+	<target host="epa-sdcc.ornl.gov" />
+	<target host="epa-sprg.ornl.gov" />
+	<target host="extidp.ornl.gov" />
+	<target host="faf.ornl.gov" />
+	<target host="ft.ornl.gov" />
+	<target host="hhpprtv.ornl.gov" />
+	<target host="homer.ornl.gov" />
+	<target host="info.ornl.gov" />
+	<target host="itstools.ornl.gov" />
+	<target host="learning.ornl.gov" />
+	<target host="libcat.ornl.gov" />
+	<target host="mercury.ornl.gov" />
+	<!--target host="mnspruce.ornl.gov" /-->
+	<target host="msds.ornl.gov" />
+	<target host="nacp.ornl.gov" />
+	<target host="neutrons.ornl.gov" />
+	<!--target host="ngee-arctic.ornl.gov" /-->
+	<target host="nhaap.ornl.gov" />
+	<target host="www.olcf.ornl.gov" />
+	<!--target host="fsnutown.phy.ornl.gov" /-->
+	<target host="www.phy.ornl.gov" />
+	<!--target host="plot1.ornl.gov" /-->
+	<target host="rais.ornl.gov" />
+	<target host="rsicc.ornl.gov" />
+	<target host="user.ornl.gov" />
+	<target host="webgis.ornl.gov" />
+	<!--target host="webmap.ornl.gov" /-->
+	<target host="wiki.ornl.gov" />
+	<target host="www.ornl.gov" />
+
+	<!--	Complications:
+				-->
+	<!--target host="ngee.ornl.gov" /-->
+	<target host="olcf.ornl.gov" />
 
-		These paths work:
+	<target host="sustainability-ornl.org" />
 
-			- $
-			- ornlhome/
-			- partnerships/			(except those listed below)
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://ngee(?:-arctic)?\.ornl\.gov/$" /-->
 
-		These don't:
+		<!--	Redirects to 404:
+						-->
+		<!--test url="http://web.ornl.gov/info/ornlreview/v33_3_00/carbon.htm" /-->
 
-			- adm/contracts/$
-			- adm/user_facilities/$
-			- info/features/get_feature.cfm
-			- info/library/$
-			- info/ornlreview/$
-			- info/ornlreview/images_home/pdficon_small.gif
-			- info/press_releases/get_press_release.cfm
-			- ornlreview/v45_1_12/article02.shtml
-			- partnerships/css/handheld.css?v=1
-			- partnerships/university$
-			- search
+		<!--	Mixed content:
+					-->
+		<!--test url="http://benefits.ornl.gov/spd/default.aspx" /-->
+		<!--test url="http://info.ornl.gov/sites/sbpo/default.aspx" /-->
 
-		Hint:
-			- Working paths return 200.
-			- Nonworking paths return 302.
+		<!--	Formerly 404d
+					-->
+		<test url="http://www.ornl.gov/adm/user_facilities/" />
 
-				-->
-	<rule from="^http://www\.ornl\.gov/($|ornlhome/|partnerships/)"
-		to="https://www.ornl.gov/$1" />
 
-	<!--	ornlhome/ pages link to nonworking info/ & ornlreview/ pages via https.	-->
-	<rule from="^https://www\.ornl\.gov/(adm|info|ornlreview)/"
-		to="http://www.ornl.gov/$1/" downgrade="1" />
+	<!--rule from="^http://ngee\.ornl\.gov/"
+		to="https://ngee-arctic.ornl.gov/" /-->
 
-	<rule from="^https?://(?:www\.)?olcf\.ornl\.gov/"
+	<rule from="^http://olcf\.ornl\.gov/"
 		to="https://www.olcf.ornl.gov/" />
 
 	<!--	www doesn't appear to exist.	-->
 	<rule from="^http://sustainability-ornl\.org/"
 		to="https://sustainability-ornl.org/" />
 
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/OakValleyChico.com.xml b/src/chrome/content/rules/OakValleyChico.com.xml
new file mode 100644
index 000000000000..e8ba5504378e
--- /dev/null
+++ b/src/chrome/content/rules/OakValleyChico.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="OakValleyChico.com">
+
+	<target host="oakvalleychico.com" />
+	<target host="www.oakvalleychico.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Oaklandish.xml b/src/chrome/content/rules/Oaklandish.xml
index ecc5e5e939a1..c4b8e0b35672 100644
--- a/src/chrome/content/rules/Oaklandish.xml
+++ b/src/chrome/content/rules/Oaklandish.xml
@@ -1,13 +1,12 @@
 <ruleset name="Oaklandish">
 
 	<target host="oaklandish.com" />
-	<target host="*.oaklandish.com" />
+	<target host="www.oaklandish.com" />
 
 
 	<securecookie host="^\.oaklandish\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?oaklandish\.com/"
-		to="https://$1oaklandish.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ObDev.at.xml b/src/chrome/content/rules/ObDev.at.xml
new file mode 100644
index 000000000000..edb41b172b34
--- /dev/null
+++ b/src/chrome/content/rules/ObDev.at.xml
@@ -0,0 +1,30 @@
+<!--
+	Insecure cookies are set for these domains and hosts:
+
+		- obdev.at
+		- .forums.obdev.at
+		- www.obdev.at
+
+-->
+<ruleset name="ObDev.at">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="obdev.at" />
+	<target host="blog.obdev.at" />
+	<target host="forums.obdev.at" />
+	<target host="www.obdev.at" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?obdev\.at$" name="^ODSessionID$" /-->
+	<!--securecookie host="^\.forums\.obdev\.at$" name="^phpbb3_\w+_(?:k|sid|u)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Obedovat.sk.xml b/src/chrome/content/rules/Obedovat.sk.xml
new file mode 100644
index 000000000000..2690501da5c2
--- /dev/null
+++ b/src/chrome/content/rules/Obedovat.sk.xml
@@ -0,0 +1,11 @@
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://obedovat.sk/ => https://www.obedovat.sk/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.obedovat.sk/ => https://www.obedovat.sk/: (60, 'SSL certificate problem: certificate has expired')
+-->
+<ruleset name="Obedovat.sk">
+  <target host="obedovat.sk" />
+  <target host="www.obedovat.sk" />
+
+  <rule from="^http://(?:www\.)?obedovat\.sk/" to="https://www.obedovat.sk/" />
+</ruleset>
diff --git a/src/chrome/content/rules/Oberheide.org.xml b/src/chrome/content/rules/Oberheide.org.xml
new file mode 100644
index 000000000000..5b15da981e70
--- /dev/null
+++ b/src/chrome/content/rules/Oberheide.org.xml
@@ -0,0 +1,17 @@
+<!--
+
+	Refused hosts in *oberheide.org:
+
+		- ^
+
+-->
+<ruleset name="Oberheide.org">
+
+	<target host="www.oberheide.org" />
+	<target host="jon.oberheide.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Oberlin_College.xml b/src/chrome/content/rules/Oberlin_College.xml
index 972a650116d3..a66cb7371f66 100644
--- a/src/chrome/content/rules/Oberlin_College.xml
+++ b/src/chrome/content/rules/Oberlin_College.xml
@@ -1,4 +1,10 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://oncampus.csr.oberlin.edu/ => https://oncampus.csr.oberlin.edu/: (51, "SSL: no alternative certificate subject name matches target host name 'oncampus.csr.oberlin.edu'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://oncampus.csr.oberlin.edu/ => https://oncampus.csr.oberlin.edu/: (51, "SSL: no alternative certificate subject name matches target host name 'oncampus.csr.oberlin.edu'")
 		oberlin.catalog.acalog.com
 			- catalog.oberlin.edu
 
@@ -28,20 +34,24 @@
 		- oncampus
 
 -->
-<ruleset name="Oberlin College (partial)">
+<ruleset name="Oberlin College (partial)" default_off="failed ruleset test">
 
-	<target host="*.oberlin.edu" />
-	<target host="*.cs.oberlin.edu" />
+	<target host="blackboard.oberlin.edu" />
+	<target host="classifieds.oberlin.edu" />
+	<target host="new.oberlin.edu" />
+	<target host="oncampus.oberlin.edu" />
 	<target host="oncampus.csr.oberlin.edu" />
+	<target host="cs.oberlin.edu" />
+	<target host="occs.cs.oberlin.edu" />
+	<target host="www.cs.oberlin.edu" />
 
 
-	<securecookie host="^.+\.oberlin\.edu$" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
 
-	<rule from="^http://(blackboard|classifieds|new|oncampus(?:\.csr)?)\.oberlin\.edu/"
-		to="https://$1.oberlin.edu/" />
 
 	<rule from="^http://(?:occs\.|www\.)?cs\.oberlin\.edu/"
 		to="https://occs.cs.oberlin.edu/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Obermassing.at.xml b/src/chrome/content/rules/Obermassing.at.xml
new file mode 100644
index 000000000000..3e32f1953167
--- /dev/null
+++ b/src/chrome/content/rules/Obermassing.at.xml
@@ -0,0 +1,14 @@
+<!--
+	^: Loops
+
+-->
+<ruleset name="Obermassing.at">
+
+	<target host="obermassing.at" />
+	<target host="www.obermassing.at" />
+
+
+	<rule from="^http://(?:www\.)?obermassing\.at/"
+		to="https://www.obermassing.at/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Object-Management-Group.xml b/src/chrome/content/rules/Object-Management-Group.xml
index da0cae1a4b5d..8eb9592bf1a0 100644
--- a/src/chrome/content/rules/Object-Management-Group.xml
+++ b/src/chrome/content/rules/Object-Management-Group.xml
@@ -9,7 +9,6 @@
 	<target host="secure.omg.org" />
 
 
-	<rule from="^http://secure\.omg\.org/"
-		to="https://secure.omg.org/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Object_Security.xml b/src/chrome/content/rules/Object_Security.xml
index bd4ea8169881..4941d71ebc6f 100644
--- a/src/chrome/content/rules/Object_Security.xml
+++ b/src/chrome/content/rules/Object_Security.xml
@@ -6,7 +6,7 @@
 
 	<!--	CN: *.securedata.net
 					-->
-	<rule from="^https?://(?:www\.)?objectsecurity\.com/"
+	<rule from="^http://(?:www\.)?objectsecurity\.com/"
 		to="https://objectsecurity.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Objectif-Securite.ch.xml b/src/chrome/content/rules/Objectif-Securite.ch.xml
index 3df4855c38a8..ae7392fcc2ec 100644
--- a/src/chrome/content/rules/Objectif-Securite.ch.xml
+++ b/src/chrome/content/rules/Objectif-Securite.ch.xml
@@ -4,7 +4,6 @@
 	<target host="www.objectif-securite.ch" />
 
 
-	<rule from="^http://(www\.)?objectif-securite\.ch/"
-		to="https://$1objectif-securite.ch/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Objective-See.com.xml b/src/chrome/content/rules/Objective-See.com.xml
new file mode 100644
index 000000000000..7ac419ddab78
--- /dev/null
+++ b/src/chrome/content/rules/Objective-See.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="Objective-See.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="objective-see.com" />
+	<target host="www.objective-see.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Obnox.de.xml b/src/chrome/content/rules/Obnox.de.xml
deleted file mode 100644
index 396928e9b581..000000000000
--- a/src/chrome/content/rules/Obnox.de.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="obnox.de (CAcert, partial)" platform="cacert">
-
-	<target host="blog.obnox.de"/>
-
-	<rule from="^http://blog\.obnox\.de/"
-		to="https://blog.obnox.de/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/OboeInsight.com.xml b/src/chrome/content/rules/OboeInsight.com.xml
new file mode 100644
index 000000000000..71bfb1f9c856
--- /dev/null
+++ b/src/chrome/content/rules/OboeInsight.com.xml
@@ -0,0 +1,17 @@
+<!--
+	Active mixed content:
+		- www.oboeinsight.com
+
+	Invalid certificate:
+		- oboeinsight.com, equivalent to www.oboeinsight.com
+-->
+
+<ruleset name="OboeInsight.com" platform="mixedcontent">
+	<target host="oboeinsight.com" />
+	<target host="www.oboeinsight.com" />
+
+	<rule from="^http://oboeinsight\.com/"
+		to="https://www.oboeinsight.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ObsPol.be.xml b/src/chrome/content/rules/ObsPol.be.xml
new file mode 100644
index 000000000000..759538e61f62
--- /dev/null
+++ b/src/chrome/content/rules/ObsPol.be.xml
@@ -0,0 +1,10 @@
+<ruleset name="ObsPol.be">
+
+	<target host="obspol.be" />
+	<target host="www.obspol.be" />
+	<target host="archives.obspol.be" />
+	<target host="controles.obspol.be" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Observium.org.xml b/src/chrome/content/rules/Observium.org.xml
new file mode 100644
index 000000000000..da21c1e07c74
--- /dev/null
+++ b/src/chrome/content/rules/Observium.org.xml
@@ -0,0 +1,27 @@
+<!--
+	Nonfunctional subdomains:
+
+		- demo *
+
+	* Shows www
+
+
+	Mixed content:
+
+		- Bugs, on:
+
+			- (www.)? from static.ak.facebook.com *
+			- (www.)? from www.facebook.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Observium.org (partial)">
+
+	<target host="observium.org" />
+	<target host="www.observium.org" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Obsidian.net.xml b/src/chrome/content/rules/Obsidian.net.xml
new file mode 100644
index 000000000000..ba768998580e
--- /dev/null
+++ b/src/chrome/content/rules/Obsidian.net.xml
@@ -0,0 +1,32 @@
+<!-- cert mismatch on:
+		- blog.obsidian.net
+		- www.tyrannygame.com
+		- content.forums.obsidian.net
+		- media.obsidian.net
+		- nwn2.obsidian.net
+		- nwn2patch.obsidian.net
+		- webmail.obsidian.net
+
+	 Timeout:
+		- causeway.obsidian.net
+		- mx1.obsidian.net
+		- partners.obsidian.net
+
+	403:
+		- autodiscover.obsidian.net
+-->
+<ruleset name="Obsidian Entertainment">
+
+	<target host="obsidian.net"/>
+	<target host="eternity.obsidian.net"/>
+	<target host="forums.obsidian.net"/>
+	<target host="mail.obsidian.net"/>
+	<target host="newsletters.obsidian.net"/>
+	<target host="pathfinder.obsidian.net"/>
+	<target host="support.obsidian.net"/>
+	<target host="www.obsidian.net"/>
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Occupy_Corporatism.com.xml b/src/chrome/content/rules/Occupy_Corporatism.com.xml
new file mode 100644
index 000000000000..b6e25ca4ea72
--- /dev/null
+++ b/src/chrome/content/rules/Occupy_Corporatism.com.xml
@@ -0,0 +1,32 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .occupycorporatism.com
+
+
+	Mixed content:
+
+		- css from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Occupy Corporatism.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="occupycorporatism.com" />
+	<target host="www.occupycorporatism.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.occupycorporatism\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ocean-Climate.org.xml b/src/chrome/content/rules/Ocean-Climate.org.xml
new file mode 100644
index 000000000000..2ccab69482c1
--- /dev/null
+++ b/src/chrome/content/rules/Ocean-Climate.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="Ocean-Climate.org">
+
+	<target host="ocean-climate.org" />
+	<target host="www.ocean-climate.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OceaniaBedCollection.com.xml b/src/chrome/content/rules/OceaniaBedCollection.com.xml
new file mode 100644
index 000000000000..e82772487281
--- /dev/null
+++ b/src/chrome/content/rules/OceaniaBedCollection.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="OceaniaBedCollection.com">
+	<target host="oceaniabedcollection.com" />
+	<target host="www.oceaniabedcollection.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/OceaniaCruises.com.xml b/src/chrome/content/rules/OceaniaCruises.com.xml
new file mode 100644
index 000000000000..0aef6c30f203
--- /dev/null
+++ b/src/chrome/content/rules/OceaniaCruises.com.xml
@@ -0,0 +1,39 @@
+<!--
+	Invalid certificate:
+		- discover.oceaniacruises.com
+		- l.discover.oceaniacruises.com, = https://rts.eccmp.com/
+		- i.discover-intl.oceaniacruises.com
+		- l.discover-intl.oceaniacruises.com, = https://rts.eccmp.com/
+		- x.discover-intl.oceaniacruises.com, = https://rts.eccmp.com/
+		- metrics.oceaniacruises.com
+-->
+
+<ruleset name="OceaniaCruises.com">
+	<target host="www.oceaniacruises.com" />
+	<target host="assistivesite.oceaniacruises.com" />
+	<target host="brochures.oceaniacruises.com" />
+	<target host="cn.oceaniacruises.com" />
+	<target host="de.oceaniacruises.com" />
+	<target host="l.discover.oceaniacruises.com" />
+	<target host="l.discover-intl.oceaniacruises.com" />
+	<target host="x.discover-intl.oceaniacruises.com" />
+	<target host="dr.oceaniacruises.com" />
+	<target host="es.oceaniacruises.com" />
+	<target host="experience.oceaniacruises.com" />
+	<target host="explore.oceaniacruises.com" />
+	<target host="fr.oceaniacruises.com" />
+	<target host="explore.intl.oceaniacruises.com" />
+	<target host="jp.oceaniacruises.com" />
+	<target host="preprod.oceaniacruises.com" />
+	<target host="pt.oceaniacruises.com" />
+	<target host="qa-assistivesite.oceaniacruises.com" />
+	<target host="qa1.oceaniacruises.com" />
+	<target host="qa2.oceaniacruises.com" />
+	<target host="smetrics.oceaniacruises.com" />
+	<target host="value.oceaniacruises.com" />
+
+	<rule from="^http://(l|x)\.discover(-intl)?\.oceaniacruises\.com/"
+		to="https://rts.eccmp.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Oclaserver.com.xml b/src/chrome/content/rules/Oclaserver.com.xml
new file mode 100644
index 000000000000..2e3390f5a349
--- /dev/null
+++ b/src/chrome/content/rules/Oclaserver.com.xml
@@ -0,0 +1,19 @@
+<!--
+	For other Propeller Ads Media coverage, see PropellerAds.xml.
+
+
+	(www.)?oclaserver.com does not exist.
+
+-->
+<ruleset name="oclaserver.com">
+
+	<target host="go.oclaserver.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ocrete.ca.xml b/src/chrome/content/rules/Ocrete.ca.xml
new file mode 100644
index 000000000000..80650b349de9
--- /dev/null
+++ b/src/chrome/content/rules/Ocrete.ca.xml
@@ -0,0 +1,6 @@
+<ruleset name="ocrete.ca">
+	<target host="ocrete.ca" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Octopart.com.xml b/src/chrome/content/rules/Octopart.com.xml
new file mode 100644
index 000000000000..d92d4f7c88b0
--- /dev/null
+++ b/src/chrome/content/rules/Octopart.com.xml
@@ -0,0 +1,33 @@
+<!--
+	Other Octopart rulesets:
+
+		- Octostatic.com.xml
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- octopart.com
+		- .octopart.com
+
+-->
+<ruleset name="Octopart.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="octopart.com" />
+	<target host="blog.octopart.com" />
+	<target host="www.octopart.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^octopart\.com$" name="^SID$" /-->
+	<!--securecookie host="^\.octopart\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.?octopart\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Octopoos.com.xml b/src/chrome/content/rules/Octopoos.com.xml
deleted file mode 100644
index 234898269f00..000000000000
--- a/src/chrome/content/rules/Octopoos.com.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Octopoos.com">
-
-	<target host="octopoos.com" />	
-	<target host="www.octopoos.com" />
-
-
-	<securecookie host="^www\.octopoos\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?octopoos\.com/"
-		to="https://$1octopoos.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Octopuce.fr.xml b/src/chrome/content/rules/Octopuce.fr.xml
new file mode 100644
index 000000000000..51776a9b0740
--- /dev/null
+++ b/src/chrome/content/rules/Octopuce.fr.xml
@@ -0,0 +1,14 @@
+<ruleset name="Octopuce.fr">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.octopuce.fr" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Octopuspop.com.xml b/src/chrome/content/rules/Octopuspop.com.xml
new file mode 100644
index 000000000000..b86db8b85558
--- /dev/null
+++ b/src/chrome/content/rules/Octopuspop.com.xml
@@ -0,0 +1,45 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://iwa.ap.test.octopuspop.com/ => https://iwa.ap.test.octopuspop.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://kuki.ap.test.octopuspop.com/ => https://kuki.ap.test.octopuspop.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://file.test.octopuspop.com/ => https://file.test.octopuspop.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://iwa.file.test.octopuspop.com/ => https://iwa.file.test.octopuspop.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://kuki.js.test.octopuspop.com/ => https://kuki.js.test.octopuspop.com/: (60, 'SSL certificate problem: certificate has expired')
+
+
+	Non-functional subdomains:
+
+		- file ¹
+		- kuki.admin.test ²
+		- status ²
+
+	¹: Refused
+	²: Invalid certificate
+
+-->
+<ruleset name="octopuspop.com" default_off="failed ruleset test">
+
+	<target host="octopuspop.com" />
+	<target host="www.octopuspop.com" />
+
+	<target host="admin.octopuspop.com" />
+	<target host="ap.octopuspop.com" />
+	<target host="cdn.file.octopuspop.com" />
+	<target host="js.octopuspop.com" />
+
+	<target host="admin.test.octopuspop.com" />
+	<target host="iwa.admin.test.octopuspop.com" />
+	<target host="ap.test.octopuspop.com" />
+	<target host="iwa.ap.test.octopuspop.com" />
+	<target host="kuki.ap.test.octopuspop.com" />
+	<target host="file.test.octopuspop.com" />
+	<target host="iwa.file.test.octopuspop.com" />
+	<target host="js.test.octopuspop.com" />
+	<target host="iwa.js.test.octopuspop.com" />
+	<target host="kuki.js.test.octopuspop.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Octorate.xml b/src/chrome/content/rules/Octorate.xml
new file mode 100644
index 000000000000..3399dae3b08f
--- /dev/null
+++ b/src/chrome/content/rules/Octorate.xml
@@ -0,0 +1,9 @@
+<ruleset name="Octorate">
+	<target host=    "octorate.com" />
+	<target host="www.octorate.com" />
+
+  	<securecookie host="^(www\.)?octorate\.com$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Octoshape.xml b/src/chrome/content/rules/Octoshape.xml
new file mode 100644
index 000000000000..1267e5d633b4
--- /dev/null
+++ b/src/chrome/content/rules/Octoshape.xml
@@ -0,0 +1,28 @@
+<!--
+	Problematic domains:
+
+		- ond.octoshape.com ¹
+		- statsrvs.octoshape.com ¹
+
+		- octoshape.net ²
+		- www.octoshape.net ²
+		- streams.cdn.octoshape.net ²
+
+	¹: Weak DH parameters
+	²: Bad CN in cert
+
+	Note: It would appear that the content on (www.)octoshape.net
+	      is identical to that on (www.)octoshape.com, so that one
+	      could probably redirect the .net version to the .com
+              version.
+-->
+<ruleset name="Octoshape">
+
+	<target host="octoshape.com" />
+	<target host="www.octoshape.com" />
+	<target host="support.octoshape.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Octostatic.com.xml b/src/chrome/content/rules/Octostatic.com.xml
new file mode 100644
index 000000000000..97de7c40c0f8
--- /dev/null
+++ b/src/chrome/content/rules/Octostatic.com.xml
@@ -0,0 +1,27 @@
+<!--
+	For other Octopart coverage, see Octopart.com.xml.
+
+
+	Insecure cookies are set for these domains:
+
+		- .octostatic.com
+
+-->
+<ruleset name="Octostatic.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="n1.octostatic.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.octostatic\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.octostatic\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Oculu.com.xml b/src/chrome/content/rules/Oculu.com.xml
index fd8f1704c14b..53e4dc5c1051 100644
--- a/src/chrome/content/rules/Oculu.com.xml
+++ b/src/chrome/content/rules/Oculu.com.xml
@@ -34,7 +34,8 @@
 <ruleset name="Oculu.com (partial)">
 
 	<target host="oculu.com" />
-	<target host="*.oculu.com" />
+	<target host="www.oculu.com" />
+	<target host="zinc.oculu.com" />
 
 
 	<securecookie host="^(?:www\.)?oculu\.com$" name=".+" />
@@ -43,4 +44,4 @@
 	<rule from="^http://(?:(www\.)|zinc\.)?oculu\.com/"
 		to="https://$1oculu.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/OculusVR.com.xml b/src/chrome/content/rules/OculusVR.com.xml
new file mode 100644
index 000000000000..bd9b0c819d2a
--- /dev/null
+++ b/src/chrome/content/rules/OculusVR.com.xml
@@ -0,0 +1,19 @@
+<ruleset name="OculusVR.com">
+	<target host="oculusvr.com" />
+	<target host="www.oculusvr.com" />
+	<target host="answers.oculusvr.com" />
+	<target host="careers.oculusvr.com" />
+	<target host="developer.oculusvr.com" />
+	<target host="forums.oculusvr.com" />
+	<target host="live.oculusvr.com" />
+	<target host="share.oculusvr.com" />
+	<target host="static.oculusvr.com" />
+	<target host="storystudio.oculusvr.com" />
+	<target host="support.oculusvr.com" />
+	<target host="tickets.oculusvr.com" />
+	<target host="www1.oculusvr.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Oculus_VR.xml b/src/chrome/content/rules/Oculus_VR.xml
deleted file mode 100644
index 8ad1ba551fe3..000000000000
--- a/src/chrome/content/rules/Oculus_VR.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	At least some pages redirect to http via JS
-
-
-	Mixed content:
-
-		- Images on www from www *
-
-	* Secured by us
-
--->
-<ruleset name="Oculus VR (partial)">
-
-	<target host="oculusvr.com" />
-	<target host="*.oculusvr.com" />
-		<exclusion pattern="^http://(?:www\.)?oculusvr\.com/(?!_core/|pre-order|wp-content/|wp-includes/)" />
-
-
-	<securecookie host="^(?:careers|developer)\.oculusvr\.com$" name=".+" />
-
-
-	<rule from="^http://((?:careers|developer|www)\.)?oculusvr\.com/"
-		to="https://$1oculusvr.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Oderland.se.xml b/src/chrome/content/rules/Oderland.se.xml
new file mode 100644
index 000000000000..788dc3b381ac
--- /dev/null
+++ b/src/chrome/content/rules/Oderland.se.xml
@@ -0,0 +1,9 @@
+<ruleset name="Oderland.se">
+
+	<target host="oderland.se" />
+	<target host="www.oderland.se" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Odesk.by.xml b/src/chrome/content/rules/Odesk.by.xml
new file mode 100644
index 000000000000..b6f2b2cc98a7
--- /dev/null
+++ b/src/chrome/content/rules/Odesk.by.xml
@@ -0,0 +1,26 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://odesk.by/ => https://odesk.by/: (7, 'Failed to connect to odesk.by port 443: Connection refused')
+Fetch error: http://www.odesk.by/ => https://odesk.by/: (7, 'Failed to connect to odesk.by port 443: Connection refused')
+
+	www: mismatched
+
+-->
+<ruleset name="odesk.by" default_off="failed ruleset test">
+
+	<target host="odesk.by" />
+	<target host="www.odesk.by" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^odesk\.by$" name="^wfvt_\d+$" /-->
+
+	<securecookie host="^odesk\.by$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?odesk\.by/"
+		to="https://odesk.by/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Odevzdej.cz.xml b/src/chrome/content/rules/Odevzdej.cz.xml
new file mode 100644
index 000000000000..f617ce224c0d
--- /dev/null
+++ b/src/chrome/content/rules/Odevzdej.cz.xml
@@ -0,0 +1,24 @@
+<!--
+	For other Masaryk University coverage, see Muni.cz.xml.
+
+
+	www: cert only matches ^odevzdej.cz
+
+-->
+<ruleset name="Odevzdej.cz">
+
+	<target host="odevzdej.cz" />
+	<target host="www.odevzdej.cz" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^odevzdej\.cz$" name="^issession$" /-->
+
+	<securecookie host="^odevzdej\.cz$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?odevzdej\.cz/"
+		to="https://odevzdej.cz/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Odnoklassniki.ru.xml b/src/chrome/content/rules/Odnoklassniki.ru.xml
new file mode 100644
index 000000000000..e665c37df42a
--- /dev/null
+++ b/src/chrome/content/rules/Odnoklassniki.ru.xml
@@ -0,0 +1,42 @@
+<!--
+	(www.)?: Most paths redirect to http
+
+
+	Problematic hosts in *odnoklassniki.ru:
+
+		- stg *
+
+	* Mismatched
+
+-->
+<ruleset name="Odnoklassniki.ru (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="odnoklassniki.ru" />
+	<target host="m.odnoklassniki.ru" />
+	<target host="www.odnoklassniki.ru" />
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="^http://(www\.)?odnoklassniki\.ru/($|cdk/nomr/on$|dk\?cmd=anonymLoginImport&amp;nc=\d+$|favicon\.ico|oauth/resources\.do\?type=css$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://(?:www\.)?odnoklassniki\.ru/(?!dk\?st\.cmd=updateAuthCode)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://odnoklassniki.ru/dk?cmd=anonymLoginImport&amp;nc=" />
+			<test url="http://www.odnoklassniki.ru/dk?cmd=anonymLoginImport" />
+			<test url="http://www.odnoklassniki.ru/oauth/resources.do?type=css" />
+
+			<!--	-ve:
+					-->
+			<test url="http://odnoklassniki.ru/dk?st.cmd=updateAuthCode&amp;nc=&amp;st.auth=&amp;st.js=" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Odoo.com.xml b/src/chrome/content/rules/Odoo.com.xml
new file mode 100644
index 000000000000..f99c32c72ba5
--- /dev/null
+++ b/src/chrome/content/rules/Odoo.com.xml
@@ -0,0 +1,49 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://demo1.odoo.com/ => https://demo1.odoo.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	Nonfunctional hosts:
+
+		- runbot *
+
+	* Differs from http
+
+
+	Fully covered hosts:
+
+		- (www.)?
+		- demo
+		- demo1
+		- master
+
+
+	Insecure cookies are set for these hosts:
+
+		- demo1.odoo.com
+		- master.odoo.com
+		- runbot.odoo.com
+		- www.odoo.com
+
+-->
+<ruleset name="Odoo.com (partial)" default_off="failed ruleset test">
+
+	<target host="odoo.com" />
+	<target host="demo.odoo.com" />
+	<target host="demo1.odoo.com" />
+	<!--target host="runbot.odoo.com" /-->
+	<target host="master.odoo.com" />
+	<target host="www.odoo.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(demo1|master|runbot|www)\.odoo\.com$" name="^session_id$" /-->
+
+	<securecookie host="^(?:demo1|master|www)\.odoo\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Oe24.xml b/src/chrome/content/rules/Oe24.xml
index 84693e6314bc..50bd9a9e6899 100644
--- a/src/chrome/content/rules/Oe24.xml
+++ b/src/chrome/content/rules/Oe24.xml
@@ -7,7 +7,7 @@
 	<target host="wetter.at"/>
 	<target host="www.wetter.at"/>
 
-	<securecookie host="^(.*\.)?(oe24|wetter)\.at$" name=".*"/>
+	<securecookie host="^(?:.*\.)?(?:oe24|wetter)\.at$" name=".+" />
 
 	<rule from="^http://oe24\.at/"
 		to="https://www.oe24.at/"/>
diff --git a/src/chrome/content/rules/Oeffentliche-it.de.xml b/src/chrome/content/rules/Oeffentliche-it.de.xml
new file mode 100644
index 000000000000..cb324cf92dc7
--- /dev/null
+++ b/src/chrome/content/rules/Oeffentliche-it.de.xml
@@ -0,0 +1,6 @@
+<ruleset name="Oeffentliche-it.de">
+  <target host="oeffentliche-it.de" />
+  <target host="www.oeffentliche-it.de" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Oeffentliche.de.xml b/src/chrome/content/rules/Oeffentliche.de.xml
new file mode 100644
index 000000000000..0caacd27b7ca
--- /dev/null
+++ b/src/chrome/content/rules/Oeffentliche.de.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- oeffentliche.de
+		- www.oeffentliche.de
+
+-->
+<ruleset name="Oeffentliche.de">
+
+	<target host="oeffentliche.de" />
+	<target host="kunde.oeffentliche.de" />
+	<target host="www.oeffentliche.de" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?oeffentliche\.de$" name="^SERVERID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Oeticket.xml b/src/chrome/content/rules/Oeticket.xml
index 709c89969940..26965f6663d0 100644
--- a/src/chrome/content/rules/Oeticket.xml
+++ b/src/chrome/content/rules/Oeticket.xml
@@ -1,22 +1,17 @@
 <!--
-	For other Eventim coverage, see Eventim.xml.
+	For other Eventim coverage, see Eventim.com.xml.
 
 
 	Problematic subdomains:
-
-		- ^	(mismatched, cert only matches www)
-
-
-	Many (most?) pages redirect to http.
-
+		- ^ (timeout)
+		- m (refused)
 -->
-<ruleset name="oeticket (partial)">
-
+<ruleset name="oeticket">
 	<target host="oeticket.com" />
 	<target host="www.oeticket.com" />
 
-
-	<rule from="^https?://(?:www\.)?oeticket\.com/de/(my_account|sign-in)/"
-		to="https://www.oeticket.com/de/$1/" />
-
-</ruleset>
\ No newline at end of file
+	<rule from="^http://oeticket\.com/"
+		to="https://www.oeticket.com/" />
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ofcom.org.uk-falsemixed.xml b/src/chrome/content/rules/Ofcom.org.uk-falsemixed.xml
new file mode 100644
index 000000000000..a27528efef3e
--- /dev/null
+++ b/src/chrome/content/rules/Ofcom.org.uk-falsemixed.xml
@@ -0,0 +1,17 @@
+<!--
+	For rules not causing false/broken MCB, see Ofcom.org.uk.xml.
+
+-->
+<ruleset name="Ofcom.org.uk (false MCB)" platform="mixedcontent">
+
+	<target host="licensing.ofcom.org.uk" />
+	<target host="styles.ofcom.org.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ofcom.org.uk.xml b/src/chrome/content/rules/Ofcom.org.uk.xml
new file mode 100644
index 000000000000..ddc4f07473c0
--- /dev/null
+++ b/src/chrome/content/rules/Ofcom.org.uk.xml
@@ -0,0 +1,103 @@
+<!--
+	For rules causing false/broken MCB, see Ofcom.org.uk-falsemixed.xml.
+
+
+	Nonfunctional hosts in *ofcom.org.uk:
+
+		- (www.)? ¹
+		- consumers ²
+		- images
+		- media ²
+
+	¹ Redirects to http
+	² Dropped
+
+
+	Problematic hosts in *ofcom.org.uk:
+
+		- ask ¹
+		- licensing ²
+		- styles ²
+
+	¹ Mismatched, CN: *.metafaq.com
+	² Mixed css, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- licensing.ofcom.org.uk
+		- stakeholders.ofcom.org.uk
+		- styles.ofcom.org.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css on licensing, styles from $self *
+		- Images on licensing, styles from $self *
+
+	* Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Ofcom.org.uk (partial)">
+
+	<target host="licensing.ofcom.org.uk" />
+	<target host="stakeholders.ofcom.org.uk" />
+	<target host="styles.ofcom.org.uk" />
+
+		<!--	Redirect to http:
+						-->
+		<!--exclusion pattern="^http://(?:www\.)?ofcom\.org\.uk/($|email-updates/$|favicon\.ico|widgets/defaultpagewidgets/ttgifpng)" /-->
+
+		<!--	Redirect to http:
+						-->
+		<!--exclusion pattern="^http://stakeholders\.ofcom\.org\.uk/($|favicon\.ico|tell-us/$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://stakeholders\.ofcom\.org\.uk/(?!tell-us/contact-the-webmaster(?:$|\?))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://stakeholders.ofcom.org.uk//tell-us/contact-the-webmaster" />
+			<test url="http://stakeholders.ofcom.org.uk/favicon.ico" />
+			<test url="http://stakeholders.ofcom.org.uk/tell-us/" />
+
+			<!--	-ve:
+					-->
+			<test url="http://stakeholders.ofcom.org.uk/tell-us/contact-the-webmaster" />
+
+		<!--	Avoid broken MCB:
+						-->
+		<exclusion pattern="^http://(?:licensing|styles)\.ofcom\.org\.uk/(?!/*(?:acm/css/|favicon\.ico|html5/|images/|styles/))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://licensing.ofcom.org.uk/radio-broadcast-licensing/" />
+			<test url="http://licensing.ofcom.org.uk/radiocommunication-licences/satellite-earth/" />
+			<test url="http://licensing.ofcom.org.uk/tv-broadcast-licences/" />
+			<test url="http://styles.ofcom.org.uk/default.aspx" />
+			<test url="http://styles.ofcom.org.uk/index.htm" />
+			<test url="http://styles.ofcom.org.uk/index.html" />
+
+			<!--	-ve:
+					-->
+			<test url="http://styles.ofcom.org.uk/acm/css/img/grey-arrow.png" />
+			<test url="http://styles.ofcom.org.uk/favicon.ico" />
+			<test url="http://styles.ofcom.org.uk/images/ofcom.gif" />
+			<test url="http://styles.ofcom.org.uk/styles/long.css" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:licensing|stakeholders)\.ofcom\.org\.uk$" name="^(?:JSESSIONID|Stakeholders)$" /-->
+	<!--securecookie host="^styles\.ofcom\.org\.uk$" name="^ofclb$" /-->
+
+	<!--securecookie host="^(licensing|styles)\.ofcom\.org\.uk$" name="." /-->
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Offcloud.com.xml b/src/chrome/content/rules/Offcloud.com.xml
new file mode 100644
index 000000000000..13368f4e0131
--- /dev/null
+++ b/src/chrome/content/rules/Offcloud.com.xml
@@ -0,0 +1,11 @@
+<ruleset name="Offcloud.com">
+
+	<target host=    "offcloud.com" />
+	<target host="www.offcloud.com" />
+
+  	<securecookie host="^(www\.)?offcloud\.com$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Offensive-Security.com.xml b/src/chrome/content/rules/Offensive-Security.com.xml
index 7841c1a43d81..95c61e7bece4 100644
--- a/src/chrome/content/rules/Offensive-Security.com.xml
+++ b/src/chrome/content/rules/Offensive-Security.com.xml
@@ -1,13 +1,13 @@
-<ruleset name="Offensive-Security.com">
-
+<!--
+	Timeout:
+		cracker.offensive-security.com
+-->
+<ruleset name="Offensive-Security.com" >
 	<target host="offensive-security.com" />
-	<target host="*.offensive-security.com" />
-
-
-	<securecookie host="^\.offensive-security\.com$" name="^__utm\w$" />
-
+	<target host="www.offensive-security.com" />
+	<target host="forums.offensive-security.com" />
 
-	<rule from="^http://(www\.)?offensive-security\.com/"
-		to="https://$1offensive-security.com/" />
+	<securecookie host=".+" name=".+" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Offensive_Bits.com.xml b/src/chrome/content/rules/Offensive_Bits.com.xml
new file mode 100644
index 000000000000..fcf2c2df14c7
--- /dev/null
+++ b/src/chrome/content/rules/Offensive_Bits.com.xml
@@ -0,0 +1,19 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://offensivebits.com/ => https://offensivebits.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.offensivebits.com/ => https://www.offensivebits.com/: (28, 'Connection timed out after 20000 milliseconds')
+
+-->
+<ruleset name="Offensive Bits.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="offensivebits.com" />
+	<target host="www.offensivebits.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Offermatica.com.xml b/src/chrome/content/rules/Offermatica.com.xml
index 01971d98e80b..7eb1604f1cd3 100644
--- a/src/chrome/content/rules/Offermatica.com.xml
+++ b/src/chrome/content/rules/Offermatica.com.xml
@@ -1,13 +1,20 @@
 <!--
 	For other Adobe coverage, see Adobe.xml.
 
+
+	Fully covered hosts in *offermatica.com:
+
+		- mbox9
+
 -->
 <ruleset name="offermatica.com">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="mbox9.offermatica.com" />
 
 
-	<rule from="^http://mbox9\.offermatica\.com/"
-		to="https://mbox9.offermatica.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Offerpop.com.xml b/src/chrome/content/rules/Offerpop.com.xml
new file mode 100644
index 000000000000..f31556fbca9d
--- /dev/null
+++ b/src/chrome/content/rules/Offerpop.com.xml
@@ -0,0 +1,56 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://images.offerpop.com/ => https://d3nxc88n0lpo37.cloudfront.net/: (6, 'Could not resolve host: d3nxc88n0lpo37.cloudfront.net')
+
+	CDN buckets:
+
+		- s3.amazonaws.com/assets.offerpop.com/
+
+		- d3nxc88n0lpo37.cloudfront.net
+
+			- images.offerpop.com
+
+
+	Problematic hosts in *offerpop.com:
+
+		- images *
+
+	* Cloudfront
+
+
+	Insecure cookies are set for these hosts:
+
+		- app-community.offerpop.com
+		- community.offerpop.com
+
+-->
+<ruleset name="Offerpop.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="offerpop.com" />
+	<target host="app-community.offerpop.com" />
+	<target host="community.offerpop.com" />
+	<target host="www.offerpop.com" />
+
+	<!--	Complications:
+				-->
+	<target host="images.offerpop.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:app-)?community\.offerpop\.com$" name="^BIGipServer" /-->
+
+	<securecookie host="^\." name="^_gat?$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://images\.offerpop\.com/"
+		to="https://d3nxc88n0lpo37.cloudfront.net/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Office-of-the-Commissioner-of-Lobbying-of-Canada.xml b/src/chrome/content/rules/Office-of-the-Commissioner-of-Lobbying-of-Canada.xml
index 2648c1d5be2d..5f912d29174a 100644
--- a/src/chrome/content/rules/Office-of-the-Commissioner-of-Lobbying-of-Canada.xml
+++ b/src/chrome/content/rules/Office-of-the-Commissioner-of-Lobbying-of-Canada.xml
@@ -1,15 +1,21 @@
-<ruleset name="Office of the Commissioner of Lobbying of Canada">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ocl-cal.gc.ca/ => https://ocl-cal.gc.ca/eic/site/012.nsf/Intro: (51, "SSL: no alternative certificate subject name matches target host name 'ocl-cal.gc.ca'")
+
+-->
+<ruleset name="Office of the Commissioner of Lobbying of Canada" default_off="failed ruleset test">
 
 	<target host="ocl-cal.gc.ca" />
 
 
-	<securecookie host="^ocl-cal\.gc\.ca$" name=".*" />
+	<securecookie host="^ocl-cal\.gc\.ca$" name=".+" />
 
 
 	<!--	- 403s over https
 		- Redirects like so over http
 			-->
-	<rule from="^https?://ocl-cal\.gc\.ca/"
+	<rule from="^http://ocl-cal\.gc\.ca/"
 		to="https://ocl-cal.gc.ca/eic/site/012.nsf/Intro" />
 
 	<rule from="^http://ocl-cal\.gc\.ca/"
diff --git a/src/chrome/content/rules/Office.co.uk.xml b/src/chrome/content/rules/Office.co.uk.xml
index 0f40f8563c94..1cc1baa2ca3c 100644
--- a/src/chrome/content/rules/Office.co.uk.xml
+++ b/src/chrome/content/rules/Office.co.uk.xml
@@ -1,12 +1,80 @@
-<ruleset name="Office.co.uk (partial)">
 
-	<target host="office.co.uk" />
-	<target host="www.office.co.uk" />
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://media.office.co.uk/ => https://media.office.co.uk/: Too many redirects while fetching 'https://media.office.co.uk/'
+
+	^office.co.uk: Dropped
 
+-->
+<ruleset name="Office.co.uk (partial)" default_off="failed ruleset test">
 
-	<!--	!www times out.
+	<!--	Direct rewrites:
 				-->
-	<rule from="^http://(?:www\.)?office\.co\.uk/(img|images|javascript|scripts|styles)/"
-		to="https://www.office.co.uk/$1/" />
+	<target host="t.eml.office.co.uk" />
+	<target host="m.office.co.uk" />
+	<target host="media.office.co.uk" />
+	<target host="www.office.co.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="office.co.uk" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://m\.office\.co\.uk/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://m\.office\.co\.uk/+(?!assets/|favicon\.ico)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://m.office.co.uk/sale" />
+			<test url="http://m.office.co.uk/view/search?search=" />
+			<test url="http://m.office.co.uk/womens" />
+
+			<!--	-ve:
+					-->
+			<test url="http://m.office.co.uk/assets/images/christmasSkin/cards.png" />
+			<test url="http://m.office.co.uk/favicon.ico" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.office\.co\.uk/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.office\.co\.uk/+(?!assets/|favicon\.ico|img/|images/|javascript/|scripts/|office/styles/|styles/|view/secured/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.office.co.uk/accessories" />
+			<test url="http://www.office.co.uk/blog/" />
+			<test url="http://www.office.co.uk/brand" />
+			<test url="http://www.office.co.uk/kids" />
+			<test url="http://www.office.co.uk/mens" />
+			<test url="http://www.office.co.uk/sale" />
+			<test url="http://www.office.co.uk/trainers" />
+			<test url="http://www.office.co.uk/view/content/contactus-info-page" />
+			<test url="http://www.office.co.uk/view/cookies" />
+			<test url="http://www.office.co.uk/womens" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.office.co.uk/assets/images/christmasSkin/icn.png" />
+			<test url="http://www.office.co.uk/favicon.ico" />
+			<test url="http://www.office.co.uk/office/styles/images/DE-large-flag.gif" />
+			<test url="http://www.office.co.uk/view/secured/content/login" />
+			<test url="http://www.office.co.uk/view/secured/content/myaccount" />
+
+		<test url="http://t.eml.office.co.uk/webApp/ofcOfficeSimpleRegistrationWebApp?b=1&amp;s=" />
+		<test url="http://media.office.co.uk/office/styles/iphone/images/breadcrumb-seperated.png" />
+
+
+	<rule from="^http://office\.co\.uk/"
+		to="https://www.office.co.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Office.com.xml b/src/chrome/content/rules/Office.com.xml
new file mode 100644
index 000000000000..efa57152f881
--- /dev/null
+++ b/src/chrome/content/rules/Office.com.xml
@@ -0,0 +1,57 @@
+<!--
+	For other Microsoft coverage, see Microsoft.xml.
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- office.com
+		- .office.com
+		- blogs.office.com
+		- dev.office.com
+		- .dev.office.com
+		- www.office.com
+
+
+	Mixed content:
+
+		- Images on blogs from officeblogswest.blob.core.windows.net *
+
+		- Bugs, on:
+
+			- blogs, dev from c.microsoft.com *
+			- blogs from m.webtrends.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Office.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="office.com" />
+	<target host="blogs.office.com" />
+	<target host="dev.office.com" />
+	<target host="portal.office.com" />
+	<target host="products.office.com" />
+	<target host="store.office.com" />
+	<target host="support.office.com" />
+	<target host="templates.office.com" />
+	<target host="www.office.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?office\.com$" name="^BIGipCookie$" /-->
+	<!--securecookie host="^\.office\.com$" name="^(AM3-ARRAffinity|MS-CV)$" /-->
+	<!--securecookie host="^blogs\.office\.com$" name="^(PHPSESSID|wordpress_test_cookie)$" /-->
+	<!--securecookie host="^dev\.office\.com$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^\.dev\.office\.com$" name="^ARRAffinity$" /-->
+
+	<securecookie host="^\w" name=".+" />
+	<securecookie host="^\.dev\.office\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Office.net.xml b/src/chrome/content/rules/Office.net.xml
new file mode 100644
index 000000000000..017b16552706
--- /dev/null
+++ b/src/chrome/content/rules/Office.net.xml
@@ -0,0 +1,25 @@
+<!--
+	For other Microsoft coverage, see Microsoft.xml.
+
+
+	Fully covered hosts in *office.net:
+
+		- *.cdn:
+
+			- s1-odc-15
+
+-->
+<ruleset name="Office.net">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="*.cdn.office.net" />
+
+		<test url="http://s1-odc-15.cdn.office.net/start/1639303200_resources/1033/App_Switcher_Waffle.50x50x32.png" />
+		<test url="http://s1-odc-15.cdn.office.net/start/1639303200_resources/1033/home.css" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Office365.com.xml b/src/chrome/content/rules/Office365.com.xml
new file mode 100644
index 000000000000..dd06128a5993
--- /dev/null
+++ b/src/chrome/content/rules/Office365.com.xml
@@ -0,0 +1,63 @@
+<!--
+	For other Microsoft coverage, see Microsoft.xml.
+
+
+	Partially covered hosts in *office365.com:
+
+		- community *
+
+	* At least some pages redirect to http
+
+
+	Fully covered hosts in *office365.com:
+
+		- (www.)?
+		- outlook
+
+
+	Insecure cookies are set for these hosts:
+
+		- office365.com
+		- www.office365.com
+
+-->
+<ruleset name="Office365.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="office365.com" />
+	<target host="community.office365.com" />
+	<target host="outlook.office365.com" />
+	<target host="www.office365.com" />
+
+		<!--	Exceptions:
+					-->
+		<exclusion pattern="^http://community\.office365\.com/+(?![Tt]hemes/|cfs-filesystemfile\.ashx/|favicon\.ico|resized-image\.ashx/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://community.office365.com/en-us/b/default.aspx" />
+			<test url="http://community.office365.com/en-us/default.aspx" />
+			<test url="http://community.office365.com/en-us/w/exchange/1043.aspx" />
+			<test url="http://community.office365.com/en-us/w/exchange/default.aspx" />
+			<test url="http://community.office365.com/f/" />
+
+			<!--	-ve:
+					-->
+			<test url="http://community.office365.com/cfs-filesystemfile.ashx/__key/communityserver-components-imagefileviewer/communityserver-components-avatars-00-00-61-20-58/4TTMZNETNSCZ.png_2D00_32x32.png" />
+			<test url="http://community.office365.com/favicon.ico" />
+			<test url="http://community.office365.com/resized-image.ashx/__size/550x0/__key/communityserver-components-userfiles/00-00-00-56-86-attached+files/about.png" />
+			<test url="http://community.office365.com/themes/generic/css/layout.css" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?office365\.com$" name="^m0$" /-->
+
+	<securecookie host="^(?:www\.)?office365\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OfficeLeaks.com.xml b/src/chrome/content/rules/OfficeLeaks.com.xml
new file mode 100644
index 000000000000..216b8e5e03ef
--- /dev/null
+++ b/src/chrome/content/rules/OfficeLeaks.com.xml
@@ -0,0 +1,22 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://secure.officeleaks.com/ => https://secure.officeleaks.com/: (60, 'SSL certificate problem: certificate has expired')
+
+	CDN buckets:
+
+		- az27429.vo.msecnd.net
+
+
+	^: Refused
+	www: Redirects to http
+
+-->
+<ruleset name="OfficeLeaks.com (partial)" default_off="failed ruleset test">
+
+	<target host="secure.officeleaks.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Office_Depot.xml b/src/chrome/content/rules/Office_Depot.xml
index 1dbba6a29e76..9b4be5b34a92 100644
--- a/src/chrome/content/rules/Office_Depot.xml
+++ b/src/chrome/content/rules/Office_Depot.xml
@@ -59,4 +59,4 @@
 	<rule from="^http://www18\.officedepot\.com/"
 		to="https://www18.officedepot.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/OfficeofParliamentaryCounsel.xml b/src/chrome/content/rules/OfficeofParliamentaryCounsel.xml
new file mode 100644
index 000000000000..6b06f343957f
--- /dev/null
+++ b/src/chrome/content/rules/OfficeofParliamentaryCounsel.xml
@@ -0,0 +1,13 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://opc.gov.au/ => https://www.opc.gov.au/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+-->
+<ruleset name="Office of Parliamentary Counsel" default_off="failed ruleset test">
+	<target host="opc.gov.au" />
+	<target host="www.opc.gov.au" />
+
+	<rule from="^http://(?:www\.)?opc\.gov\.au/"
+		to="https://www.opc.gov.au/" />
+</ruleset>
diff --git a/src/chrome/content/rules/OfficeoftheMigrationAgentsRegistrationAuthority.xml b/src/chrome/content/rules/OfficeoftheMigrationAgentsRegistrationAuthority.xml
new file mode 100644
index 000000000000..d889d827e975
--- /dev/null
+++ b/src/chrome/content/rules/OfficeoftheMigrationAgentsRegistrationAuthority.xml
@@ -0,0 +1,7 @@
+<ruleset name="Office of the Migration Agents Registration Authority">
+	<target host="mara.gov.au" />
+	<target host="www.mara.gov.au" />
+
+	<rule from="^http://(?:www\.)?mara\.gov\.au/"
+		to="https://www.mara.gov.au/" />
+</ruleset>
diff --git a/src/chrome/content/rules/Officer_Down_Memorial_Page.xml b/src/chrome/content/rules/Officer_Down_Memorial_Page.xml
index 27f377f572f9..de88ca6d4834 100644
--- a/src/chrome/content/rules/Officer_Down_Memorial_Page.xml
+++ b/src/chrome/content/rules/Officer_Down_Memorial_Page.xml
@@ -14,7 +14,8 @@
 <ruleset name="Officer Down Memorial Page (partial)">
 
 	<target host="odmp.org" />
-	<target host="*.odmp.org" />
+	<target host="www.odmp.org" />
+	<target host="store.odmp.org" />
 
 
 	<securecookie host="^(?:www)?\.odmp\.org$" name=".+" />
@@ -23,7 +24,7 @@
 	<rule from="^http://(www\.)?odmp\.org/"
 		to="https://$1odmp.org/" />
 
-	<rule from="^https?://store\.odmp\.org/lib/"
+	<rule from="^http://store\.odmp\.org/lib/"
 		to="https://lib.store.yahoo.net/lib/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Officeworks.com.au.xml b/src/chrome/content/rules/Officeworks.com.au.xml
new file mode 100644
index 000000000000..88a0388e806f
--- /dev/null
+++ b/src/chrome/content/rules/Officeworks.com.au.xml
@@ -0,0 +1,70 @@
+<!--
+	For other Coles coverage, see Coles.com.au.xml
+
+
+	Non-functional subdomains:
+		- autodiscover	(r)
+		- av	(t)
+		- blog	(m)
+		- careers	(m)
+		- catalogues	(m)
+		- forestsurvey	(SSL connection error)
+		- uat.forestsurvey	(SSL connection error)
+		- isc	(t)
+		- lyncwebs	(t)
+		- m	(m)
+		- origin1	(m)
+		- ovtrnexpe001	(t)
+		- (www.)photos	(t)
+		- pimtest	(t)
+		- print	(t)
+		- t.service	(m)
+		- ugc	(m)
+		- vpn	(t)
+		- webconf	(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Officeworks">
+
+	<target host="officeworks.com.au" />
+	<target host="www.officeworks.com.au" />
+	<target host="api.officeworks.com.au" />
+	<target host="as2test.officeworks.com.au" />
+	<target host="t.comms.officeworks.com.au" />
+	<target host="disney.officeworks.com.au" />
+	<target host="edi.officeworks.com.au" />
+	<target host="enterpriseregistration.officeworks.com.au" />
+	<target host="idfed.officeworks.com.au" />
+	<target host="jabber.officeworks.com.au" />
+	<target host="mail.officeworks.com.au" />
+	<target host="onet.officeworks.com.au" />
+	<target host="onet-admin.officeworks.com.au" />
+	<target host="ovtllasa001.officeworks.com.au" />
+	<target host="ovtllexpe001.officeworks.com.au" />
+	<target host="ovtllexpe002.officeworks.com.au" />
+	<target host="ovtrnasa001.officeworks.com.au" />
+	<target host="ovtrnexpe002.officeworks.com.au" />
+	<target host="owprod-bigidea.officeworks.com.au" />
+	<target host="pbsactivate.officeworks.com.au" />
+	<target host="pim.officeworks.com.au" />
+	<target host="printandcopy.officeworks.com.au" />
+		<test url="http://printandcopy.officeworks.com.au/OPSWebshopv2/flyers/create/create.seam?productname=place-cards&amp;isSecure=true" />
+	<target host="prod-b2b-azure.officeworks.com.au" />
+	<target host="sip.officeworks.com.au" />
+	<target host="suppliers.officeworks.com.au" />
+	<target host="training.officeworks.com.au" />
+	<target host="vpn2.officeworks.com.au" />
+	<target host="webaccess.officeworks.com.au" />
+	<target host="wsm.officeworks.com.au" />
+	<target host="www1.officeworks.com.au" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Officeworld.ch.xml b/src/chrome/content/rules/Officeworld.ch.xml
new file mode 100644
index 000000000000..b6e4eb4bd8e6
--- /dev/null
+++ b/src/chrome/content/rules/Officeworld.ch.xml
@@ -0,0 +1,14 @@
+<!--
+	For other Migros coverage, see Migros.xml.
+
+	Mismatch:
+		- ilovemyself.officeworld.ch
+		- mobile.officeworld.ch
+		- noel.officeworld.ch
+-->
+<ruleset name="Officeworld.ch">
+	<target host="officeworld.ch" />
+	<target host="www.officeworld.ch" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Officiel-des-Vacances.com.xml b/src/chrome/content/rules/Officiel-des-Vacances.com.xml
new file mode 100644
index 000000000000..48133137ea97
--- /dev/null
+++ b/src/chrome/content/rules/Officiel-des-Vacances.com.xml
@@ -0,0 +1,64 @@
+<!--
+	Problematic hosts in *officiel-des-vacances.com:
+
+		- cdn ᵈ
+		- www ˣ
+
+	ᵈ Dropped
+	ˣ Mixed css
+
+
+	Insecure cookies are set for these hosts:
+
+		- officiel-des-vacances.com
+		- www.officiel-des-vacances.com
+
+
+	Mixed content:
+
+		- css, from:
+
+			- www from cdn.officiel-des-vacances.com ˢ
+			- www from www.officiel-des-vacances.com ˢ
+
+		- Images, from:
+
+			- www from cdn.officiel-des-vacances.com ˢ
+			- www from www.officiel-des-vacances.com ˢ
+
+		favicon on www from www.officiel-des-vacances.com ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="Officiel-des-Vacances.com (false MCB)" platform="mixedcontent">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="officiel-des-vacances.com" />
+	<target host="sejour.officiel-des-vacances.com" />
+	<target host="www.officiel-des-vacances.com" />
+
+	<!--	Complications:
+				-->
+	<target host="cdn.officiel-des-vacances.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?officiel-des-vacances\.com$" name="^abgroup$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://cdn\.officiel-des-vacances\.com/"
+		to="https://www.officiel-des-vacances.com/sites/default/" />
+
+		<test url="http://cdn.officiel-des-vacances.com/files/css/css_xE-rWrJf-fncB6ztZfd2huxqgxu4WO-qwma6Xer30m4.css" />
+		<test url="http://cdn.officiel-des-vacances.com/files/styles/user_65x80/public/user2/herveavatar.png" />
+		<test url="http://cdn.officiel-des-vacances.com/themes/responsive/resources/styles/breakpoint-480.css" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Offlineimap.org.xml b/src/chrome/content/rules/Offlineimap.org.xml
new file mode 100644
index 000000000000..e5fe609fb55c
--- /dev/null
+++ b/src/chrome/content/rules/Offlineimap.org.xml
@@ -0,0 +1,20 @@
+<!--
+	Nonfunctional hosts in *.offlineimap.org:
+		- offlineimap.org (m)
+		- docs.offlineimap.org (m)
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Offlineimap.org">
+	<target host="offlineimap.org" />
+	<target host="www.offlineimap.org" />
+	<target host="imapfw.offlineimap.org" />
+	<target host="imapfwdoc.offlineimap.org" />
+
+	<rule from="^http://offlineimap\.org/" to="https://www.offlineimap.org/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Offlinemode.org.xml b/src/chrome/content/rules/Offlinemode.org.xml
index 1c41c41b2d62..32c33c5a228d 100644
--- a/src/chrome/content/rules/Offlinemode.org.xml
+++ b/src/chrome/content/rules/Offlinemode.org.xml
@@ -1,11 +1,11 @@
+<!--
+	Mismatch:
+		- mail
+-->
 <ruleset name="offlinemode.org">
-
 	<target host="offlinemode.org" />
-	<target host="*.offlinemode.org" />
-
-
-	<!--	Cert doesn't match www.	-->
-	<rule from="^https?://(?:(mail\.)|www\.)?offlinemode\.org/"
-		to="https://$1offlinemode.org/" />
+	<target host="www.offlinemode.org" />
 
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Offog.org.xml b/src/chrome/content/rules/Offog.org.xml
index 083bf4463ad9..0f55cebf5417 100644
--- a/src/chrome/content/rules/Offog.org.xml
+++ b/src/chrome/content/rules/Offog.org.xml
@@ -1,16 +1,24 @@
 <!--
-	Problematic subdomains:
-
-		- www	(cert only matches ^offog.org)
+	Non-functional hosts
+		SSL peer certificate was not OK:
+			 - cartman.offog.org
+			 - fuego.offog.org
+			 - phd.offog.org
 
+		Peer certificate cannot be authenticated with given CA certificates:
+			 - frets.offog.org
+			 - a.mx.offog.org
 -->
-<ruleset name="offog.org" default_off="self-signed">
-
+<ruleset name="Offog.org (partial)">
 	<target host="offog.org" />
 	<target host="www.offog.org" />
+	<target host="bookmarks.offog.org" />
+	<target host="www.bookmarks.offog.org" />
+	<target host="photos.offog.org" />
+	<target host="www.photos.offog.org" />
+	<target host="stuff.offog.org" />
 
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(?:www\.)?offog\.org/"
-		to="https://offog.org/" />
-
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Ofo.so.xml b/src/chrome/content/rules/Ofo.so.xml
new file mode 100644
index 000000000000..514d07751bbc
--- /dev/null
+++ b/src/chrome/content/rules/Ofo.so.xml
@@ -0,0 +1,27 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+			 - cms.ofo.so
+			 - mail.ofo.so
+
+		4xx client error:
+			 - one.ofo.so
+
+		5xx server error:
+			 - bug.ofo.so
+-->
+<ruleset name="Ofo.so (partial)">
+	<target host="ofo.so" />
+	<target host="www.ofo.so" />
+	<target host="common.ofo.so" />
+		<test url="http://common.ofo.so/app/" />
+		<test url="http://common.ofo.so/about/legal.html#general" />
+		<test url="http://common.ofo.so/about/share/?updated=2016-12-17" />
+	<target host="img.ofo.so" />
+		<test url="http://img.ofo.so/apk/" />
+	<target host="m.ofo.so" />
+	<target host="san.ofo.so" />
+	<target host="scofo.ofo.so" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ogone.xml b/src/chrome/content/rules/Ogone.xml
index 18a8c92eab76..6aa7be606dac 100644
--- a/src/chrome/content/rules/Ogone.xml
+++ b/src/chrome/content/rules/Ogone.xml
@@ -1,6 +1,13 @@
-<ruleset name="Ogone">
+<!--
+	(www.)?ogone.com: Dropped
+
+-->
+<ruleset name="Ogone.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
     <target host="secure.ogone.com" />
 
-    <rule from="^http://([^/:@]+)?\.ogone\.com/"
-        to="https://$1.ogone.com/" />
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Oh-So-Cool.xml b/src/chrome/content/rules/Oh-So-Cool.xml
deleted file mode 100644
index 2b48d40fe691..000000000000
--- a/src/chrome/content/rules/Oh-So-Cool.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="Oh So Cool !">
-
-	<target host="ohsocool.org" />
-	<target host="www.ohsocool.org" />
-
-
-	<rule from="^http://(www\.)?ohsocool\.org/"
-		to="https://$1ohsocool.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Ohio-State-University-self-signed.xml b/src/chrome/content/rules/Ohio-State-University-self-signed.xml
index 36fa13948ad3..824ee40355b0 100644
--- a/src/chrome/content/rules/Ohio-State-University-self-signed.xml
+++ b/src/chrome/content/rules/Ohio-State-University-self-signed.xml
@@ -1,14 +1,14 @@
 <!--
-	See Ohio-State-University for rules that are on by default.
+	For rules that are on by default, see Ohio-State.edu.xml.
 
 -->
-<ruleset name="Ohio State University (self-signed)" default_off="mismatch, self-signed">
+<ruleset name="Ohio-State.edu (problematic)" default_off="mismatched, self-signed">
 
 	<target host="mvapich.cse.ohio-state.edu" />
 	<target host="nowlab.cse.ohio-state.edu" />
 
 
-	<rule from="^http://(mvapich|nowlab)\.cse\.ohio-state\.edu/"
-		to="https://$1.cse.ohio-state.edu/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Ohio-State-University.xml b/src/chrome/content/rules/Ohio-State-University.xml
index cdccfa815293..6d06fe575746 100644
--- a/src/chrome/content/rules/Ohio-State-University.xml
+++ b/src/chrome/content/rules/Ohio-State-University.xml
@@ -1,93 +1,940 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://osucentralreceiving.osu.edu/Default.aspx => https://osu.sclintra.edu/Default.aspx: (6, 'Could not resolve host: osu.sclintra.edu')
+Fetch error: http://acell.osu.edu/ => https://acell.osu.edu/: (6, 'Could not resolve host: acell.osu.edu')
+Fetch error: http://aerospace.osu.edu/ => https://aerospace.osu.edu/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://armstrong.osu.edu/ => https://armstrong.osu.edu/: (6, 'Could not resolve host: armstrong.osu.edu')
+Fetch error: http://bprc.osu.edu/ => https://bprc.osu.edu/: (51, "SSL: no alternative certificate subject name matches target host name 'bprc.osu.edu'")
+Fetch error: http://ccem.osu.edu/ => https://ccem.osu.edu/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://ceaa.osu.edu/ => https://ceaa.osu.edu/: (51, "SSL: no alternative certificate subject name matches target host name 'ceas.osu.edu'")
+Fetch error: http://ceas.osu.edu/ => https://ceas.osu.edu/: (51, "SSL: no alternative certificate subject name matches target host name 'ceas.osu.edu'")
+Fetch error: http://cmt.osu.edu/ => https://cmt.osu.edu/: (6, 'Could not resolve host: cmt.osu.edu')
+Fetch error: http://diningservices.osu.edu/ => https://diningservices.osu.edu/: (35, 'Unknown SSL protocol error in connection to diningservices.osu.edu:443 ')
+Fetch error: http://cdmi.engineering.osu.edu/ => https://cdmi.engineering.osu.edu/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://electroscience-backup.engineering.osu.edu/ => https://electroscience-backup.engineering.osu.edu/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://ma2jic.engineering.osu.edu/ => https://ma2jic.engineering.osu.edu/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://solar.engineering.osu.edu/ => https://solar.engineering.osu.edu/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://tamlab.engineering.osu.edu/ => https://tamlab.engineering.osu.edu/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://tcrl.engineering.osu.edu/ => https://tcrl.engineering.osu.edu/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://nuclear.osu.edu/ => https://nuclear.osu.edu/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://receivingmail.osu.edu/ => https://receivingmail.osu.edu/: (6, 'Could not resolve host: receivingmail.osu.edu')
+Fetch error: http://www.surplus.osu.edu/ => https://www.surplus.osu.edu/: (51, "SSL: no alternative certificate subject name matches target host name 'www.surplus.osu.edu'")
+Fetch error: http://www.bprc.osu.edu/ => https://bprc.osu.edu/: (51, "SSL: no alternative certificate subject name matches target host name 'bprc.osu.edu'")
+Fetch error: http://gradsch.osu.edu/ => https://www.gradsch.ohio-state.edu/: (51, "SSL: no alternative certificate subject name matches target host name 'www.gradsch.ohio-state.edu'")
+Fetch error: http://www.gradsch.osu.edu/ => https://www.gradsch.ohio-state.edu/: (51, "SSL: no alternative certificate subject name matches target host name 'www.gradsch.ohio-state.edu'")
+Fetch error: http://www.mansfield.osu.edu/ => https://www.mansfield.osu.edu/: (51, "SSL: no alternative certificate subject name matches target host name 'www.mansfield.osu.edu'")
+
+	Ohio State University
+
+	For rules causing false/broken MCB, see OSU.edu-falsemixed.xml.
+
+	Other Ohio State University rulesets:
+
+		- Jobs_at_OSU.com.xml
+		- Ohio-State.edu.xml
+		- Ohio_State_Alumni.org.xml
+
+
+	CDN buckets:
+
+		- s3.amazonaws.com/pa-hrsuite-production/
+
+
+	Nonfunctional hosts in *osu.edu:
+
+		- 8help ³
+		- aede ᵃ
+		- airquality ᵃ
+		- ap ᵃ
+		- (www.)?ati ᵃ
+		- buckeyalert ᵈ
+		- busfin ᵃ
+		- ced ³
+		- cem ʳ
+		- cfaes ᵃ
+		- cfaesfinance ᵃ
+		- chadwickarboretum ᵃ
+		- (www.)?cmif ᵈ
+		- ctc ᵃ
+		- energydashboard ᵈ
+		- epn ᵃ
+		- (www.)?exploration ʰ
+		- extension ᵃ
+		- fabe ᵃ
+		- field2faucet ᵃ
+		- fsr ᵃ
+		- fyfamilies ᵃ
+		- greatvision ᵈ
+		- hscounselors ᵃ
+		- ilo ʳ
+		- imr ʳ
+		- innovativefunding ³
+		- ise ³
+		- leadershipcenter ᵃ
+		- majors ᵃ
+		- medicalcenter ʰ
+		- mynewark ʳ
+		- oardc ᵃ
+		- oee ³
+		- ohioline ᵃ
+		- ohioseagrat	Differs from http
+		- oma ⁴
+		- oncampus ³
+		- optometry ᵈ
+		- orc ʳ
+		- orientation ᵃ
+		- orrp ʳ
+		- osp ʳ
+		- osura ⁴
+		- osustores ᶠ
+		- ouab ᵈ
+		- professional ᵃ
+		- research ʳ
+		- researchcalendar ʳ
+		- rna ʳ
+		- (www.)?scsc ᵃ
+		- senate ᵃ
+		- senr ᵃ
+		- serc ᵃ
+		- stemm ʳ
+		- alumni.techhub ᵃ
+		- ular ʳ
+		- veterans ᵈ
+
+	³ 403
+	⁴ 404
+	ᵃ Shows another domain
+	ᵈ Dropped
+	ᶠ Handshake fails
+	ʰ Redirects to http
+	ʳ Refused
+
+
+	Problematic hosts in *osu.edu:
+
+		- www.ada ᵐ
+		- www.advancement ᵐ
+		- apply ᵐ
+		- www.artsandsciences ᵐ
+		- www.asc ᵐ
+		- autodiscover	Redirect differs
+		- www.box ᵐ
+		- www.brand ᵐ
+		- www.buckeyemail ᵐ
+		- www.buckeyevoices ᵐ
+		- cancer ᶜ ᵉ
+		- ccapp ᶜ ᵐ
+		- www.carmen ᵐ
+		- carmenconnect ˣ
+		- www.cgs ᵐ
+		- www.changingclimate ᵐ
+		- www.classes ᵐ
+		- www.code ᵐ
+		- www.courses ᵐ
+		- www.cse ᵐ
+		- www.degreeaudit ᵐ
+		- www.dentistry ᵐ
+		- www.dimauro ᵐ
+		- www.disabilitystudies ᵐ
+		- www.ece ᵐ
+		- www.eleave ᵐ
+		- www.ercnsm ᵐ
+		- www.fml ᵐ
+		- fod ˣ
+		- www.fod ᵐ
+		- food ᵐ
+		- www.fye ᵐ
+		- gradadmissions ᵐ
+		- (www.)?gradsch ᵐ
+		- www.hhg ᵐ
+		- www.housing ᵐ
+		- jobs ⁴
+		- investments ˣ
+		- www.investments ᵐ
+		- itunes ᵃ
+		- libanswers ᵐ
+		- liblearn ˣ
+		- lpsi ᵐ
+		- lt ᵃ
+		- www.mansfield ᵐ
+		- www.marionlibrary ᵐ
+		- www.mooculus ᵐ
+		- www.my ᵐ
+		- mybenefitsplan ⁴
+		- www.news ᵐ
+		- www.oaa ᵐ
+		- www.oesar ᵐ
+		- www.offcampus ᵐ
+		- www.ohiounion ᵐ
+		- www.online ᵐ
+		- osucentralreceiving ᵐ
+		- www.osumarion ᵐ
+		- www.osutravel ᵐ
+		- outreach ˣ
+		- www.physics ᵐ
+		- ppcw ˣ
+		- www.ppcw ᵐ
+		- www.president ᵐ
+		- www.registrar ᵐ
+		- www.researchnews ᵐ
+		- www.rf ᵐ
+		- www.shakespeare ᵐ
+		- www.slfacilities ᵐ
+		- www.slts ᵐ
+		- www.smileexperts ᵐ
+		- www.ssc ᵐ
+		- www.studentlife ᵐ
+		- tobaccofree ˣ
+		- www.tobaccofree ᵐ
+		- trustees ˣ
+		- www.trustees ᵐ
+		- streaming ᵐ
+		- www.tco ᵐ
+		- www.ucat ᵐ
+		- www.undergraduateresearch ᵐ
+		- viewbook ᵉ
+		- wiredout ᵉ
+		- www.yp4h ᵐ
+
+	ᵃ Shows another domain
+	ᶜ Missing certificate chain
+	ᵉ Expired
+	ᵐ Mismatched
+	ˣ Mixed css
+
 
-	s3.amazonaws.com/pa-hrsuite-production/
+	Partially covered hosts in *osu.edu:
 
+		- research.bpcrc ʰ
+		- cartoons ʰ
+		- wexnermedical ʰ
 
-	Nonfunctional:
+	ʰ Some pages redirect to http
 
-		.ohio-state.edu:
 
-			- cse		(times out)
-			- www.cse	(shows test page)
+	These altnames don't exist:
 
-		.osu.edu:
-			- 8help		(403; 404)
-			- buckeyeemail	(times out)
-			- buckeyelink	(403)
-			- carmen
-			- connect	(cert: secure2.convio.com; shows that domain's data)
-			- cse		(cert: www.cse.ohio-state.edu; shows test page)
-			- www.cse	(ditto)
-			- digitalunion	(cert: lt.osu.edu; shows that domain's data [i.e. redirects to ocio.osu.edu/elearning])
-			- jobs		(cert: hr.osu.edu; shows that domain's data)
-			- oaa		(cert valid; shows login page)
+		- osuad.osu.edu
 
 
-	See Ohio-State-University-self-signed.xml for problematic rules.
+	Insecure cookies are set for these domains and hosts:
 
+		- .osu.edu
+		- advancement.osu.edu
+		- advisingconnect.osu.edu
+		- armstrong.osu.edu
+		- brand.osu.edu
+		- buckeyevoices.osu.edu
+		- buckeyelink.osu.edu
+		- campusvisit.osu.edu
+		- www.campusvisit.osu.edu
+		- cgs.osu.edu
+		- dining.osu.edu
+		- diningservices.osu.edu
+		- fml.osu.edu
+		- food.osu.edu
+		- footprint.osu.edu
+		- giveto.osu.edu
+		- www.giveto.osu.edu
+		- go.osu.edu
+		- housing.osu.edu
+		- innovateeu.osu.edu
+		- investments.osu.edu
+		- library.osu.edu
+		- lima.osu.edu
+		- mediasite.osu.edu
+		- my.osu.edu
+		- newark.osu.edu
+		- nursing.osu.edu
+		- .blogs.nursing.osu.edu
+		- oaa.osu.edu
+		- odee.osu.edu
+		- offcampus.osu.edu
+		- orhelp.osu.edu
+		- president.odee.osu.edu
+		- resourcecenter.odee.osu.edu
+		- odi.osu.edu
+		- ohiounion.osu.edu
+		- orapps.osu.edu
+		- osumarion.osu.edu
+		- osutravel.osu.edu
+		- outreach.osu.edu
+		- parent.osu.edu
+		- purchasing.osu.edu
+		- www.purchasing.osu.edu
+		- rf.osu.edu
+		- slfacilities.osu.edu
+		- slts.osu.edu
+		- studentlife.osu.edu
+		- tco.osu.edu
+		- trustees.osu.edu
+		- u.osu.edu
+		- ucom.osu.edu
+		- www.osu.edu
 
-	Fully covered domains:
 
-		- osu.edu subdomains:
+	Mixed content:
 
-			- mooculus
+		- iframe on footprint from www.youtube.com ˢ
 
+		- css, on:
 
-	Observed cookie domains:
+			- carmenconnect, fod, footprint, investments, outreach, tobaccofree from $self ˢ
+			- fod, footprint, gradsch, tco, trustees from www.osu.edu ˢ
+			- liblearn from library.osu.edu ˢ
+			- carmenconnect, changingclimate, cics, blogs.nursing, stonelab from fonts.googleapis.com ˢ
+			- online from live-osuonline.gotpantheon.com *
+			- trustees from www.trustees.osu.edu ˢ
 
-		- osu.edu subdomains:
+		- Images, on:
 
-			- mooculus
+			- ada, dimauro, fod, footprint, investments, library, odee, uas, ucat, outreach, tobaccofree from $self ˢ
+			- artsinitiative, uas from www.oac.state.oh.us
+			- connect1 from regional.osu.edu ˢ
+			- footprint from www.osu.edu ˢ
+			- tobaccofree from img.youtube.com ˢ
+			- trustees from www.trustees.osu.edu ˢ
+
+		- Bugs, on:
+
+			- ada from jigsaw.w3.org ˢ
+			- ada from www.w3.org ˢ
+			- mooculus from i.creativecommons.org ˢ
+			- stonelab from icons-ak.wxug.com
+
+	* Just fonts
+	ˢ Secured by us
 
 -->
-<ruleset name="Ohio State University (partial)">
-
-	<target host="jobsatosu.com" />
-	<target host="www.jobsatosu.com" />
-	<target host="esue.ohio-state.edu" />
-	<target host="www.esue.ohio-state.edu" />
-	<target host="ohiostatealumni.org" />
-	<target host="www.ohiostatealumni.org" />
+<ruleset name="OSU.edu (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
 	<target host="osu.edu" />
-	<target host="*.osu.edu" />
+	<target host="acell.osu.edu" />
+	<target host="acml.osu.edu" />
+	<target host="ada.osu.edu" />
+	<target host="adl.osu.edu" />
+	<target host="admissions.osu.edu" />
+	<target host="www.admissions.osu.edu" />
+	<target host="advancement.osu.edu" />
+	<target host="advisingconnect.osu.edu" />
+	<target host="aerosollab.osu.edu" />
+	<target host="aerospace.osu.edu" />
+	<target host="afcad.osu.edu" />
+	<target host="airport-store.osu.edu" />
+	<target host="aises.osu.edu" />
+	<target host="apel.osu.edu" />
+	<target host="apl.osu.edu" />
+	<target host="appstatus.osu.edu" />
+	<target host="arc.osu.edu" />
+	<target host="armstrong.osu.edu" />
+	<target host="artsandsciences.osu.edu" />
+	<target host="artsinitiative.osu.edu" />
+	<target host="asc.osu.edu" />
+	<target host="asee.osu.edu" />
+	<target host="assist-erp.osu.edu" />
+	<target host="research.bpcrc.osu.edu" />
+	<target host="aviation.osu.edu" />
+	<target host="baja.osu.edu" />
+	<target host="biomechanics.osu.edu" />
+	<target host="biotronicslab.osu.edu" />
+	<target host="bme.osu.edu" />
+	<target host="box.osu.edu" />
+	<target host="bprc.osu.edu" />
+	<target host="bpte.osu.edu" />
+	<target host="brand.osu.edu" />
+	<target host="buckeyelink.osu.edu" />
+	<target host="buckeyelink3.osu.edu" />
+	<target host="buckeyemail.osu.edu" />
+	<target host="buckeyevoices.osu.edu" />
+	<target host="buckid.osu.edu" />
+	<target host="www.buckid.osu.edu" />
+	<target host="camm.osu.edu" />
+	<target host="campusvisit.osu.edu" />
+	<target host="www.campusvisit.osu.edu" />
+	<target host="carmen.osu.edu" />
+	<!--target host="carmenconnect.osu.edu" /-->
+	<target host="cartoons.osu.edu" />
+	<target host="car.osu.edu" />
+	<target host="careereagles.osu.edu" />
+	<target host="catalysts.osu.edu" />
+	<target host="research.cbc.osu.edu" />
+	<target host="cbe.osu.edu" />
+	<target host="cce.osu.edu" />
+	<target host="ccem.osu.edu" />
+	<target host="ccp.osu.edu" />
+	<target host="cdme.osu.edu" />
+	<target host="cdmi.osu.edu" />
+	<target host="ceaa.osu.edu" />
+	<target host="ceas.osu.edu" />
+	<target host="ceg.osu.edu" />
+	<target host="cemas.osu.edu" />
+	<target host="cgs.osu.edu" />
+	<target host="changingclimate.osu.edu" />
+	<target host="chppe.osu.edu" />
+	<target host="cics.osu.edu" />
+	<target host="cimjsea.osu.edu" />
+	<target host="classes.osu.edu" />
+	<target host="cmnf.osu.edu" />
+	<target host="cmt.osu.edu" />
+	<target host="code.osu.edu" />
+	<target host="coham.osu.edu" />
+	<target host="connect.osu.edu" />
+	<target host="connect1.osu.edu" />
+	<target host="controller.osu.edu" />
+	<target host="courses.osu.edu" />
+	<target host="cpf.osu.edu" />
+	<target host="crnt.osu.edu" />
+	<target host="cse.osu.edu" />
+	<target host="csmm.osu.edu" />
+	<target host="csr.osu.edu" />
+	<target host="decs.osu.edu" />
+	<target host="degreeaudit.osu.edu" />
+	<target host="delegated.osu.edu" />
+	<target host="denman.osu.edu" />
+	<target host="dentistry.osu.edu" />
+	<target host="digitalunion.osu.edu" />
+	<target host="dimauro.osu.edu" />
+	<target host="dining.osu.edu" />
+	<target host="diningservices.osu.edu" />
+	<target host="directory.osu.edu" />
+	<target host="disabilitystudies.osu.edu" />
+	<target host="disl.osu.edu" />
+	<target host="drupal.osu.edu" />
+	<target host="ec.osu.edu" />
+	<target host="e-cosm2015.osu.edu" />
+	<target host="ece.osu.edu" />
+	<target host="ecocar.osu.edu" />
+	<target host="ecocar2.osu.edu" />
+	<target host="ecocar3.osu.edu" />
+	<target host="ecos.osu.edu" />
+	<target host="ecs.osu.edu" />
+	<target host="eed.osu.edu" />
+	<target host="eeic.osu.edu" />
+	<target host="ehs.osu.edu" />
+	<target host="ehsa.osu.edu" />
+	<target host="eleave.osu.edu" />
+	<target host="electroscience.osu.edu" />
+	<target host="email.osu.edu" />
+	<target host="emdl.osu.edu" />
+	<target host="englearn.osu.edu" />
+	<target host="engineering.osu.edu" />
+
+	<target host="acml.engineering.osu.edu" />
+	<target host="adl.engineering.osu.edu" />
+	<target host="advising.engineering.osu.edu" />
+	<target host="afcad.engineering.osu.edu" />
+	<target host="airport-store.engineering.osu.edu" />
+	<target host="atohio.engineering.osu.edu" />
+	<target host="biomechanics.engineering.osu.edu" />
+	<target host="bme.engineering.osu.edu" />
+	<target host="boc.engineering.osu.edu" />
+	<target host="catalysts.engineering.osu.edu" />
+	<target host="cbe.engineering.osu.edu" />
+	<target host="cce.engineering.osu.edu" />
+	<target host="cdme.engineering.osu.edu" />
+	<target host="cdmi.engineering.osu.edu" />
+	<target host="chppe.engineering.osu.edu" />
+	<target host="cimjsea.engineering.osu.edu" />
+	<target host="cmnf.engineering.osu.edu" />
+	<target host="cpf.engineering.osu.edu" />
+	<target host="crnt.engineering.osu.edu" />
+	<target host="csmm.engineering.osu.edu" />
+	<target host="csr.engineering.osu.edu" />
+	<target host="ctc.engineering.osu.edu" />
+	<target host="drupal.engineering.osu.edu" />
+	<target host="e-cosm2015.engineering.osu.edu" />
+	<target host="ece.engineering.osu.edu" />
+	<target host="ecr6.engineering.osu.edu" />
+	<target host="ecs-store.engineering.osu.edu" />
+	<target host="eeiccourses.engineering.osu.edu" />
+	<target host="electroscience-backup.engineering.osu.edu" />
+	<target host="electroscience-new.engineering.osu.edu" />
+	<target host="emdl.engineering.osu.edu" />
+	<target host="englearn.engineering.osu.edu" />
+	<target host="ese.engineering.osu.edu" />
+	<target host="expo.engineering.osu.edu" />
+	<target host="fluiddynamics.engineering.osu.edu" />
+	<target host="formulabuckeyes.engineering.osu.edu" />
+	<target host="gdtl.engineering.osu.edu" />
+	<target host="ghazisaeidigroup.engineering.osu.edu" />
+	<target host="global.engineering.osu.edu" />
+	<target host="guatemala.engineering.osu.edu" />
+	<target host="hallgroup.engineering.osu.edu" />
+	<target host="hebook.engineering.osu.edu" />
+	<target host="hecourse.engineering.osu.edu" />
+	<target host="heeseminars.engineering.osu.edu" />
+	<target host="hevcp.engineering.osu.edu" />
+	<target host="honda.engineering.osu.edu" />
+	<target host="hwang.engineering.osu.edu" />
+	<target host="ileansigma.engineering.osu.edu" />
+	<target host="imsl.engineering.osu.edu" />
+	<target host="intranet.engineering.osu.edu" />
+	<target host="ismart.engineering.osu.edu" />
+	<target host="istem.engineering.osu.edu" />
+	<target host="koellinglab.engineering.osu.edu" />
+	<target host="leightlab.engineering.osu.edu" />
+	<target host="lmsl.engineering.osu.edu" />
+	<target host="lsvr.engineering.osu.edu" />
+	<target host="ma2jic.engineering.osu.edu" />
+	<target host="mae-hpc.engineering.osu.edu" />
+	<target host="mep.engineering.osu.edu" />
+	<target host="mep-store.engineering.osu.edu" />
+	<target host="mip2014.engineering.osu.edu" />
+	<target host="mirg.engineering.osu.edu" />
+	<target host="mnmdl.engineering.osu.edu" />
+	<target host="msns.engineering.osu.edu" />
+	<target host="muri.engineering.osu.edu" />
+	<target host="myersgroup.engineering.osu.edu" />
+	<target host="nars.engineering.osu.edu" />
+	<target host="nlbb.engineering.osu.edu" />
+	<target host="nmbl.engineering.osu.edu" />
+	<target host="nmfc.engineering.osu.edu" />
+	<target host="osuhe.engineering.osu.edu" />
+	<target host="ozkanhcrg.engineering.osu.edu" />
+	<target host="pcvlab.engineering.osu.edu" />
+	<target host="professionals.engineering.osu.edu" />
+	<target host="ramsis.engineering.osu.edu" />
+	<target host="resilience.engineering.osu.edu" />
+	<target host="simcenter.engineering.osu.edu" />
+	<target host="solar.engineering.osu.edu" />
+	<target host="supermileage.engineering.osu.edu" />
+	<target host="svc.engineering.osu.edu" />
+	<target host="swe.engineering.osu.edu" />
+	<target host="swefair.engineering.osu.edu" />
+	<target host="tamlab.engineering.osu.edu" />
+	<target host="tcrl.engineering.osu.edu" />
+	<target host="thl.engineering.osu.edu" />
+	<target host="tme.engineering.osu.edu" />
+	<target host="tml.engineering.osu.edu" />
+	<target host="uam.engineering.osu.edu" />
+	<target host="sitemgr.web.engineering.osu.edu" />
+	<target host="windlgroup.engineering.osu.edu" />
+	<target host="www.engineering.osu.edu" />
 
+	<target host="eprofile.osu.edu" />
+	<target host="ercnsm.osu.edu" />
+	<target host="eresearch.osu.edu" />
+	<target host="ergonomics.osu.edu" />
+	<target host="esac.osu.edu" />
+	<target host="ese.osu.edu" />
+	<target host="esw.osu.edu" />
+	<target host="ews.osu.edu" />
+	<target host="fcc.osu.edu" />
+	<target host="fders.osu.edu" />
+	<target host="fluiddynamics.osu.edu" />
+	<target host="fml.osu.edu" />
+	<!--target host="fod.osu.edu" /-->
+	<!--target host="footprint.osu.edu" /-->
+	<target host="fye.osu.edu" />
+	<target host="gearlab.osu.edu" />
+	<target host="gdtl.osu.edu" />
+	<target host="giveto.osu.edu" />
+	<target host="www.giveto.osu.edu" />
+	<target host="go.osu.edu" />
+	<target host="gpadmissions.osu.edu" />
+	<target host="www.gpadmissions.osu.edu" />
+	<target host="gtl.osu.edu" />
+	<target host="hboc.osu.edu" />
+	<target host="hhg.osu.edu" />
+	<target host="housing.osu.edu" />
+	<target host="hr.osu.edu" />
+	<target host="hvpe.osu.edu" />
+	<target host="ieee.osu.edu" />
+	<target host="ileansigma.osu.edu" />
+	<target host="iml.osu.edu" />
+	<target host="ims.osu.edu" />
+	<target host="innovateu.osu.edu" />
+	<!--target host="investments.osu.edu" /-->
+	<target host="kb.osu.edu" />
+	<!--target host="liblearn.osu.edu" /-->
+	<target host="library.osu.edu" />
+	<target host="lima.osu.edu" />
+	<target host="lsvr.osu.edu" />
+	<target host="ma2jic.osu.edu" />
+	<target host="mae.osu.edu" />
+	<target host="mae-hpc.osu.edu" />
+	<target host="mansfield.osu.edu" />
+	<target host="manufacturing.osu.edu" />
+	<target host="marionlibrary.osu.edu" />
+	<target host="mbdcs.osu.edu" />
+	<target host="mediasite.osu.edu" />
+	<target host="mekar.osu.edu" />
+	<target host="meso.osu.edu" />
+	<target host="mgel.osu.edu" />
+	<target host="millionhearts.osu.edu" />
+	<target host="mirg.osu.edu" />
+	<target host="mnmdl.osu.edu" />
+	<target host="mooculus.osu.edu" />
+	<target host="motorsports.osu.edu" />
+	<target host="mse.osu.edu" />
+	<target host="msns.osu.edu" />
+	<target host="muri.osu.edu" />
+	<target host="my.osu.edu" />
+	<target host="nano.osu.edu" />
+	<target host="nbl.osu.edu" />
+	<target host="newark.osu.edu" />
+	<target host="news.osu.edu" />
+	<target host="nars.osu.edu" />
+	<target host="nlbb.osu.edu" />
+	<target host="nmbl.osu.edu" />
+	<target host="nmfc.osu.edu" />
+	<target host="nsec.osu.edu" />
+	<target host="nuclear.osu.edu" />
+	<target host="nursing.osu.edu" />
 
-	<securecookie host="^www\.jobsatosu\.com$" name=".*" />
-	<!--	Observed cookie domains:
+	<target host="blogs.nursing.osu.edu" />
+	<target host="cdn.nursing.osu.edu" />
+	<target host="elearning.nursing.osu.edu" />
+	<target host="nucleus.nursing.osu.edu" />
+	<target host="production.nursing.osu.edu" />
+	<target host="www.nursing.osu.edu" />
 
-			- ^carmen
-			- ^.ced
-			- ^www.ced
-			- ^go
-			- ^ocio
-			- ^my
-			- ^registrar
+	<target host="oaa.osu.edu" />
+	<target host="ocio.osu.edu" />
+	<target host="ociolaportal.osu.edu" />
+	<target host="odee.osu.edu" />
+	<target host="resourcecenter.odee.osu.edu" />
+	<target host="odi.osu.edu" />
+	<target host="ohiounion.osu.edu" />
+	<target host="oia.osu.edu" />
+	<target host="oesar.osu.edu" />
+	<target host="offcampus.osu.edu" />
+	<target host="omi.osu.edu" />
+	<target host="online.osu.edu" />
+	<target host="opensource.osu.edu" />
+	<target host="optics.osu.edu" />
+	<target host="orapps.osu.edu" />
+	<target host="orhelp.osu.edu" />
+	<target host="osemagazine.osu.edu" />
+	<target host="osmi.osu.edu" />
+	<target host="osumarion.osu.edu" />
+	<target host="osutravel.osu.edu" />
+	<!--target host="outreach.osu.edu" /-->
+	<target host="pac.osu.edu" />
+	<target host="parent.osu.edu" />
+	<target host="peem.osu.edu" />
+	<target host="physics.osu.edu" />
+	<target host="ppc.osu.edu" />
+	<!--target host="ppcw.osu.edu" /-->
+	<target host="president.osu.edu" />
+	<target host="pse.osu.edu" />
+	<target host="purchasing.osu.edu" />
+	<target host="www.purchasing.osu.edu" />
+	<target host="radar.osu.edu" />
+	<target host="ramsis.osu.edu" />
+	<target host="reactor.osu.edu" />
+	<target host="receivingmail.osu.edu" />
+	<target host="recsports.osu.edu" />
+	<target host="regional.osu.edu" />
+	<target host="registrar.osu.edu" />
+	<target host="researchnews.osu.edu" />
+	<target host="rf.osu.edu" />
+	<target host="rise.osu.edu" />
+	<target host="rrl.osu.edu" />
+	<target host="sdm.osu.edu" />
+	<target host="seal.osu.edu" />
+	<target host="seo.osu.edu" />
+	<target host="sfa.osu.edu" />
+	<target host="www.sfa.osu.edu" />
+	<target host="simcenter.osu.edu" />
+	<target host="slfacilities.osu.edu" />
+	<target host="slts.osu.edu" />
+	<target host="smileexperts.osu.edu" />
+	<target host="smsl.osu.edu" />
+	<target host="spine.osu.edu" />
+	<target host="spinlab.osu.edu" />
+	<target host="ssc.osu.edu" />
+	<target host="stonelab.osu.edu" />
+	<target host="studentlife.osu.edu" />
+	<target host="supermileage.osu.edu" />
+	<target host="surplus.osu.edu" />
+	<target host="www.surplus.osu.edu" />
+	<target host="svc.osu.edu" />
+	<target host="swe.osu.edu" />
+	<target host="tamlab.osu.edu" />
+	<target host="tbp.osu.edu" />
+	<target host="tco.osu.edu" />
+	<target host="tcrl.osu.edu" />
+	<target host="techhub.osu.edu" />
+	<target host="thl.osu.edu" />
+	<target host="tme.osu.edu" />
+	<target host="tml.osu.edu" />
+	<!--target host="tobaccofree.osu.edu" /-->
+	<target host="transitlab.osu.edu" />
+	<!--target host="trustees.osu.edu" /-->
+	<target host="u.osu.edu" />
+	<target host="uam.osu.edu" />
+	<target host="uas.osu.edu" />
+	<target host="ucat.osu.edu" />
+	<target host="ucom.osu.edu" />
+	<target host="undergrad.osu.edu" />
+	<target host="undergraduateresearch.osu.edu" />
+	<target host="www.undergrad.osu.edu" />
+	<target host="vet.osu.edu" />
+	<!--target host="viewbook.osu.edu" /-->
+	<target host="vscl.osu.edu" />
+	<target host="wecar.osu.edu" />
+	<target host="webmail.osu.edu" />
+	<target host="wexnermedical.osu.edu" />
+	<target host="wie.osu.edu" />
+	<target host="wrc.osu.edu" />
+	<target host="www.osu.edu" />
+	<target host="yp4h.osu.edu" />
+
+	<!--	Complications:
+				-->
+	<target host="www.ada.osu.edu" />
+	<target host="www.advancement.osu.edu" />
+	<target host="www.artsandsciences.osu.edu" />
+	<target host="www.asc.osu.edu" />
+	<target host="autodiscover.osu.edu" />
+	<target host="www.box.osu.edu" />
+	<target host="www.bprc.osu.edu" />
+	<target host="www.brand.osu.edu" />
+	<target host="www.buckeyemail.osu.edu" />
+	<target host="www.buckeyevoices.osu.edu" />
+	<target host="www.car.osu.edu" />
+	<target host="www.carmen.osu.edu" />
+	<target host="www.cgs.osu.edu" />
+	<target host="www.changingclimate.osu.edu" />
+	<target host="www.classes.osu.edu" />
+	<target host="www.code.osu.edu" />
+	<target host="www.courses.osu.edu" />
+	<target host="www.cse.osu.edu" />
+	<target host="www.degreeaudit.osu.edu" />
+	<target host="www.dentistry.osu.edu" />
+	<target host="www.dimauro.osu.edu" />
+	<target host="www.disabilitystudies.osu.edu" />
+	<target host="www.ece.osu.edu" />
+	<target host="www.eleave.osu.edu" />
+	<target host="www.ercnsm.osu.edu" />
+	<target host="www.fml.osu.edu" />
+	<!--target host="www.fod.osu.edu" /-->
+	<!--target host="www.investments.osu.edu" /-->
+	<target host="food.osu.edu" />
+	<target host="www.fye.osu.edu" />
+	<target host="gradadmissions.osu.edu" />
+	<target host="gradsch.osu.edu" />
+	<target host="www.gradsch.osu.edu" />
+	<target host="www.hhg.osu.edu" />
+	<target host="www.housing.osu.edu" />
+	<target host="itunes.osu.edu" />
+	<target host="jobs.osu.edu" />
+	<target host="lt.osu.edu" />
+	<target host="www.mansfield.osu.edu" />
+	<target host="www.marionlibrary.osu.edu" />
+	<target host="www.mooculus.osu.edu" />
+	<target host="www.my.osu.edu" />
+	<target host="mybenefitsplan.osu.edu" />
+	<target host="www.news.osu.edu" />
+	<target host="www.oaa.osu.edu" />
+	<target host="www.oesar.osu.edu" />
+	<target host="www.offcampus.osu.edu" />
+	<target host="www.online.osu.edu" />
+	<target host="www.ohiounion.osu.edu" />
+	<target host="osucentralreceiving.osu.edu" />
+	<target host="www.osumarion.osu.edu" />
+	<target host="www.osutravel.osu.edu" />
+	<target host="www.physics.osu.edu" />
+	<!--target host="www.ppcw.osu.edu" /-->
+	<target host="www.president.osu.edu" />
+	<target host="www.recsports.osu.edu" />
+	<target host="www.registrar.osu.edu" />
+	<target host="www.researchnews.osu.edu" />
+	<target host="www.rf.osu.edu" />
+	<target host="www.shakespeare.osu.edu" />
+	<target host="www.slfacilities.osu.edu" />
+	<target host="www.slts.osu.edu" />
+	<target host="www.smileexperts.osu.edu" />
+	<target host="www.ssc.osu.edu" />
+	<target host="streaming.osu.edu" />
+	<target host="www.studentlife.osu.edu" />
+	<target host="www.tco.osu.edu" />
+	<!--target host="www.tobaccofree.osu.edu" /-->
+	<!--target host="www.trustees.osu.edu" /-->
+	<target host="www.ucat.osu.edu" />
+	<target host="www.undergraduateresearch.osu.edu" />
+	<target host="wiredout.osu.edu" />
+	<target host="www.yp4h.osu.edu" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://research\.bpcrc\.osu\.edu/(?:$|favicon\.ico)" /-->
+		<!--
+			Exceptions:
 					-->
-	<securecookie host="^.*\.osu\.edu$" name=".*" />
+		<exclusion pattern="^http://research\.bpcrc\.osu\.edu/+(?!assets/|data/)" />
 
+			<!--	+ve:
+					-->
+			<test url="http://research.bpcrc.osu.edu/LARISSA/" />
+			<test url="http://research.bpcrc.osu.edu/favicon.ico" />
+			<test url="http://research.bpcrc.osu.edu/geo/" />
 
-	<!--	!www doesn't work over https.
-		Redirects to www over http.	-->
-	<rule from="^http://(?:www\.)?jobsatosu\.com/"
-		to="https://www.jobsatosu.com/" />
+			<!--	-ve:
+					-->
+			<test url="http://research.bpcrc.osu.edu/assets/images/logo_bpcrc_32px.png" />
+			<test url="http://research.bpcrc.osu.edu/data/osu_navbar/images/osu_name.png" />
 
-	<rule from="^http://(www\.)?esue\.ohio-state\.edu/"
-		to="https://$1esue.ohio-state.edu/" />
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://cartoons\.osu\.edu/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://cartoons\.osu\.edu/+(?!wp-content/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://cartoons.osu.edu/about-us/" />
+			<test url="http://cartoons.osu.edu/search/" />
+
+			<!--	-ve:
+					-->
+			<test url="http://cartoons.osu.edu/wp-content/plugins/hours-widget/css/widget.css?ver=4.4.1" />
 
-	<!--	!www throws error.	-->
-	<rule from="^http://(?:www\.)?ohiostatealumni\.org/"
-		to="https://www.ohiostatealumni.org/" />
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://wexnermedical\.osu\.edu/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://wexnermedical\.osu\.edu/+(?!_Images/|stylesbundle(?:$|[?/])|~/)" />
 
-	<!--	Cert only matches *.osu.edu.	-->
-	<rule from="^http://(?:www\.)?osu\.edu/(\d{4})/(css|images|inc)/"
-		to="https://www.osu.edu/$1/$2/" />
+			<!--	+ve:
+					-->
+			<test url="http://wexnermedical.osu.edu/about-us/rankings-and-awards" />
+			<test url="http://wexnermedical.osu.edu/careers" />
+			<test url="http://wexnermedical.osu.edu/mediaroom/pressreleaselisting/mcquaid-ceo-and-coo" />
+			<test url="http://wexnermedical.osu.edu/patient-care/find-a-doctor" />
+			<test url="http://wexnermedical.osu.edu/patient-care/locations-and-parking" />
+			<test url="http://wexnermedical.osu.edu/patient-care/participate-in-research" />
 
-	<!--	At least some www.ced data aren't available over https.		-->
-	<rule from="^http://(carmen|ced|contoller|email|go|hr|library|lt|my|ocio|mooculus|registrar|webmail)\.osu\.edu/"
+			<!--	-ve:
+					-->
+			<test url="http://wexnermedical.osu.edu/_Images/WexnerMedical/icon-sprite.png" />
+			<test url="http://wexnermedical.osu.edu/stylesbundle" />
+			<test url="http://wexnermedical.osu.edu/stylesbundle/wexner2" />
+			<test url="http://wexnermedical.osu.edu/~/media/Images/WexnerMedical/Global/Modules/Global/Header/OSUWexMedCtr.png?mw=1382" />
+
+		<!--	Set cookie without Secure:
+							-->
+		<!--test url="http://courses.osu.edu/psp/csosuct/EMPLOYEE/PUB/c/COMMUNITY_ACCESS.OSR_CAT_SRCH.GBL" /-->
+		<!--test url="http://delegated.osu.edu/psp/csosuda/EMPLOYEE/CAMP/c/OAD_GEA.OAD_GEA_NUR_APL.GBL" /-->
+		<!--test url="http://go.osu.edu/remoteaccess" /-->
+		<!--test url="http://orapps.osu.edu/webmaster/" /-->
+		<!--test url="http://www.osu.edu/giving/" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.osu\.edu$" name="^[\w-]+-PSJSESSIONID$" /-->
+	<!--securecookie host="^(?:advancement|brand|buckeyelink|buckeyevoices|footprint|investments|lima|newark|oaa|odi|osumarion|outreach|president|tco|trustees|ucom|www)\.osu\.edu$" name="^sess_id$" /-->
+	<!--securecookie host="^advisingconnect\.osu\.edu$" name="^_session_id$" /-->
+	<!--securecookie host="^armstrong\.osu\.edu$" name="^Elgg$" /-->
+	<!--securecookie host="^(?:(?:www\.)?campusvisit|cgs|food|dining|diningservices|fml|(?:www\.)?giveto|housing|mediasite|offcampus|ohiounion|parent|(?:www\.)?purchasing|slfacilities|slts|studentlife)\.osu\.edu$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^go\.osu\.edu$" name="^symfony$" /-->
+	<!--securecookie host="^(?:innovateu|odee|resourcecenter\.odee)\.osu\.edu$" name="^SimpleSAMLSessionID$" /-->
+	<!--securecookie host="^library\.osu\.edu$" name="^NSC_" /-->
+	<!--securecookie host="^my\.osu\.edu$" name="^JSESSIONID$" /-->
+	<!--securecookie host="^(?:\.blogs\.)?nursing\.osu\.edu$" name="^osuconSession$" /-->
+	<!--securecookie host="^orapps\.osu\.edu$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^orhelp\.osu\.edu$" name="^SWIFT_(?:client|sessionid40)$" /-->
+	<!--securecookie host="^osutravel\.osu\.edu$" name="^wfvt_\d+$" /-->
+	<!--securecookie host="^rf\.osu\.edu$" name="^CF(?:ID|TOKEN)$" /-->
+	<!--securecookie host="^u\.osu\.edu$" name="^xid$" /-->
+
+	<securecookie host="^\." name="^_(?:gat?$|_utm)" />
+	<securecookie host="^(?!(?:research\.bpcrc|cartoons|wexnermedical)\.)\w" name=".+" />
+	<securecookie host="^\.blogs\.nursing\." name=".+" />
+
+
+	<rule from="^http://www\.(ada|advancement|artsandsciences|asc|box|bprc|brand|buckeyemail|buckeyevoices|car|carmen|cgs|changingclimate|classes|code|courses|cse|degreeaudit|dentistry|dimauro|disabilitystudies|ece|eleave|ercnsm|fml|fye|hhg|housing|marionlibrary|mooculus|my|news|oaa|oesar|ohiounion|offcampus|online|osumarion|osutravel|physics|president|recsports|registrar|researchnews|rf|shakespeare|slfacilities|slts|smileexperts|ssc|studentlife|tco|ucat|undergraduateresearch|yp4h)\.osu\.edu/"
 		to="https://$1.osu.edu/" />
 
-	<!--	Cert doesn't match !www.	-->
-	<rule from="^http://(?:www\.)?giveto\.osu\.edu/"
-		to="https://www.giveto.osu.edu/" />
+	<!--	Redirect keeps path and args,
+		but not forward slash:
+					-->
+	<rule from="^http://autodiscover\.osu\.edu/+"
+		to="https://email.osu.edu/" />
+
+		<test url="http://autodiscover.osu.edu/Default.aspx" />
+
+	<!--rule from="^http://www\.(fod|investments|ppcw|tobaccofree|trustees)\.osu\.edu/"
+		to="https://$1.osu.edu/" /-->
+
+	<rule from="^http://food\.osu\.edu/"
+		to="https://dining.osu.edu/" />
+
+	<!--	Redirect drops forward slash and args:
+							-->
+	<rule from="^http://gradadmissions\.osu\.edu/+(?:\?.*)?$"
+		to="https://gpadmissions.osu.edu/" />
+
+		<test url="http://gradadmissions.osu.edu//" />
+
+	<rule from="^http://gradadmissions\.osu\.edu/"
+		to="https://gpadmissions.osu.edu/" />
+
+		<test url="http://gradadmissions.osu.edu/Default.aspx" />
+
+	<rule from="^http://(?:www\.)?gradsch\.osu\.edu/"
+		to="https://www.gradsch.ohio-state.edu/" />
+
+	<!--	Redirect drops forward slash
+		and path, but not args:
+					-->
+	<rule from="^http://itunes\.osu\.edu/[^?]*"
+		to="https://odee.osu.edu/itunes-u" />
+
+		<test url="http://itunes.osu.edu/home.php" />
+
+	<rule from="^http://jobs\.osu\.edu/"
+		to="https://hr.osu.edu/jobs" />
+
+	<!--	Redirect drops forward slash
+		and path, but not args:
+					-->
+	<rule from="^http://lt\.osu\.edu/[^?]*"
+		to="https://ocio.osu.edu/elearning" />
+
+		<test url="http://lt.osu.edu/index.htm" />
+
+	<!--	Redirect drops forward slash,
+		path, and args:
+				-->
+	<rule from="^http://mybenefitsplan\.osu\.edu/.*"
+		to="https://hr.osu.edu/oe" />
+
+		<test url="http://mybenefitsplan.osu.edu/Default.aspx" />
+
+	<!--	Redirect drops forward slash and args:
+							-->
+	<rule from="^http://osucentralreceiving\.osu\.edu/+(?:\?.*)?$"
+		to="https://osu.sclintra.com/Enterprise/SCLIntraOmni/etix7f/search" />
+
+		<test url="http://osucentralreceiving.osu.edu//" />
+
+	<rule from="^http://osucentralreceiving\.osu\.edu/"
+		to="https://osu.sclintra.edu/" />
+
+		<test url="http://osucentralreceiving.osu.edu/Default.aspx" />
+
+	<rule from="^http://streaming\.osu\.edu/"
+		to="https://streamwww.classroom.ohio-state.edu/" />
+
+	<!--	Redirect drops forward slash,
+		path, and args:
+				-->
+	<rule from="^http://wiredout\.osu\.edu/.*"
+		to="https://techhub.osu.edu/" />
+
+		<test url="http://wiredout.osu.edu/Default.aspx" />
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Ohio-State.edu.xml b/src/chrome/content/rules/Ohio-State.edu.xml
new file mode 100644
index 000000000000..48346920ae92
--- /dev/null
+++ b/src/chrome/content/rules/Ohio-State.edu.xml
@@ -0,0 +1,208 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://newman.uts.ohio-state.edu/ods/secure/SIS_Setup_Reporting_Job_Aids.html => https://upem.it.ohio-state.edu/ods/secure/SIS_Setup_Reporting_Job_Aids.html: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://research.chemistry.ohio-state.edu/ => https://research.chemistry.ohio-state.edu/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://esue.ohio-state.edu/ => https://esue.ohio-state.edu/: (7, 'Failed to connect to esue.ohio-state.edu port 443: Connection timed out')
+Fetch error: http://www.gradsch.ohio-state.edu/ => https://www.gradsch.ohio-state.edu/: (51, "SSL: no alternative certificate subject name matches target host name 'www.gradsch.ohio-state.edu'")
+Fetch error: http://upem.it.ohio-state.edu/ => https://upem.it.ohio-state.edu/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://intranet.mecheng.ohio-state.edu/ => https://intranet.mecheng.ohio-state.edu/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.medctr.ohio-state.edu/ => https://www.medctr.ohio-state.edu/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://newman.uts.ohio-state.edu/ => https://upem.it.ohio-state.edu/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	For problematic rules, see Ohio-State-University-self-signed.xml.
+
+	For other Ohio State University coverage, see Ohio-State-University.xml.
+
+
+	CDN buckets:
+
+		- s3.amazonaws.com/pa-hrsuite-production/
+
+
+	Nonfunctional hosts in *ohio-state.edu:
+
+		- www.atronomy ʳ
+		- www.busfin ᵃ
+		- www.ccic ᵈ
+		- cfaes ᵃ
+
+		- cfaesmonthly.cfaes ᵃ
+		- communications.cfaes ᵃ
+		- equityandinclusion.cfaes ᵃ
+		- fabe-dev.cfaes ᵃ
+		- hr.cfaes ᵃ
+		- itservices.cfaes ᵃ
+		- studentblogs.cfaes ᵃ
+
+		- cse ᵃ
+		- www.cse ᵇ
+		- www2.ece ᵈ
+		- www.ia ᵃ
+		- www.ps ᵈ
+		- www.rms ᵃ
+		- www.rpia ᵃ
+		- www.treasurer ᶠ
+
+	ᵃ Shows another domain
+	ᵇ Shows default page
+	ᵈ Dropped
+	ᶠ Handshake fails
+	ʳ Refused
+
+
+	Problematic hosts in *ohio-state.edu:
+
+		proxy.lib ᵐ
+		newman.uts ᵐ
+
+	ᵐ Mismatched
+
+
+	Partially covered hosts in *ohio-state.edu:
+
+		- panopto.con ʰ
+		- www ⁵
+
+	⁵ [/\w] 503s
+	ʰ Some pages redirect to http
+
+
+	^ohio-state.edu doesn't exist.
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .ohio-state.edu
+		- portal.erp.ohio-state.edu
+		- www.gradsch.ohio-state.edu
+		- library.ohio-state.edu
+		- .intranet.mecheng.ohio-state.edu
+		- my.newark.ohio-state.edu
+
+
+	Mixed content:
+
+		- css on www.gradsch from www.osu.edu * ˢ
+
+		- Images, on:
+
+			- nucleus.con from silverlight.dlservice.microsoft.com
+			- nucleus.con from go2.microsoft.com
+			- studentweb.con from nursing.osu.edu ˢ
+			- intraweb.marion from osumarion.osu.edu ˢ
+
+	* Just fonts
+	ˢ Secured by us
+
+-->
+<ruleset name="Ohio-State.edu (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="fod-web-01.busfin.ohio-state.edu" />
+	<target host="sslvpn.busfin.ohio-state.edu" />
+	<target host="research.chemistry.ohio-state.edu" />
+	<target host="streamwww.classroom.ohio-state.edu" />
+
+	<target host="nucleus.con.ohio-state.edu" />
+	<target host="panopto.con.ohio-state.edu" />
+	<target host="studentweb.con.ohio-state.edu" />
+
+	<target host="opensource.cse.ohio-state.edu" />
+	<target host="pcvlab.ceegs.ohio-state.edu" />
+	<target host="portal.erp.ohio-state.edu" />
+	<target host="esue.ohio-state.edu" />
+	<target host="www.esue.ohio-state.edu" />
+	<target host="www.gradsch.ohio-state.edu" />
+	<target host="mediasite.it.ohio-state.edu" />
+	<target host="upem.it.ohio-state.edu" />
+	<target host="login.proxy.lib.ohio-state.edu" />
+	<target host="library.ohio-state.edu" />
+	<target host="intranet.mecheng.ohio-state.edu" />
+	<target host="www.medctr.ohio-state.edu" />
+	<target host="intraweb.marion.ohio-state.edu" />
+	<target host="my.newark.ohio-state.edu" />
+	<target host="rdgate01.newark.ohio-state.edu" />
+	<target host="recycling.org.ohio-state.edu" />
+	<target host="www.physics.ohio-state.edu" />
+	<target host="cayuse.rf.ohio-state.edu" />
+	<target host="webauth.service.ohio-state.edu" />
+
+	<!--	Complications:
+				-->
+	<target host="proxy.lib.ohio-state.edu" />
+	<target host="newman.uts.ohio-state.edu" />
+	<target host="www.ohio-state.edu" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="http://panopto\.con\.ohio-state\.edu/Panopto/Pages/Default\.aspx" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="http://panopto\.con\.ohio-state\.edu/+(?!Panopto/Cache/|Panopto/Pages/Viewer\.aspx)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://panopto.con.ohio-state.edu//Panopto/Pages/Default.aspx" />
+			<test url="http://panopto.con.ohio-state.edu/Panopto/Pages/Default.aspx" />
+			<test url="http://panopto.con.ohio-state.edu/Panopto/Pages/Sessions/List.aspx" />
+
+			<!--	-ve:
+					-->
+			<test url="http://panopto.con.ohio-state.edu/Panopto/Cache/4.7.0.18259/Styles/Ocupop/images/icon_search_clear.gif" />
+			<test url="http://panopto.con.ohio-state.edu/Panopto/Pages/Viewer.aspx" />
+
+		<!--	[/\w] 503s:
+					-->
+		<exclusion pattern="^http://www\.ohio-state\.edu/(?!$|\?)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.ohio-state.edu//" />
+			<test url="http://www.ohio-state.edu/Default.aspx" />
+			<test url="http://www.ohio-state.edu/home.htm" />
+			<test url="http://www.ohio-state.edu/home.php" />
+
+		<!--	Mixed image:
+					-->
+		<!--test url="http://intraweb.marion.ohio-state.edu/InfoRequest/formpage.php" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.ohio-state\.edu$" name="^(?:__utm|III_EXPT_FILE$|III_SESSION_ID$|SESSION_LANGUAGE$)" /-->
+	<!--securecookie host="^portal\.erp\.ohio-state\.edu$" name="^_shibstate_\d+_\d+$" /-->
+	<!--securecookie host="^www\.gradsch\.ohio-state\.edu$" name="^SN[\da-f]+$" /-->
+	<!--securecookie host="^library\.ohio-state\.edu$" name="^SESSION_SCOPE$" /-->
+	<!--securecookie host="^\.intranet\.mecheng\.ohio-state\.edu$" name="^SESS[\da-f]{32}$" /-->
+	<!--securecookie host="^my\.newark\.ohio-state\.edu$" name="^ISAWPLB\{[\dA-F]{8}(?:-[\dA-F]{4}){3}-[\dA-F]{12}\}$" /-->
+
+	<securecookie host="^\." name="^__utm" />
+	<securecookie host="^(?!panopto\.)\w" name=".+" />
+	<securecookie host="^\.intranet\." name=".+" />
+
+
+	<rule from="^http://proxy\.lib\.ohio-state\.edu/"
+		to="https://login.proxy.lib.ohio-state.edu/" />
+
+	<rule from="^http://my\.newark\.ohio-state\.edu:444/"
+		to="https://my.newark.ohio-state.edu:444/" />
+
+		<test url="http://my.newark.ohio-state.edu:444/" />
+
+	<rule from="^http://newman\.uts\.ohio-state\.edu/"
+		to="https://upem.it.ohio-state.edu/" />
+
+		<test url="http://newman.uts.ohio-state.edu/ods/secure/SIS_Setup_Reporting_Job_Aids.html" />
+
+	<!--	Redirect keeps args:
+					-->
+	<rule from="^http://www\.ohio-state\.edu/"
+		to="https://www.osu.edu/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OhioLINK.edu.xml b/src/chrome/content/rules/OhioLINK.edu.xml
new file mode 100644
index 000000000000..b9611168037f
--- /dev/null
+++ b/src/chrome/content/rules/OhioLINK.edu.xml
@@ -0,0 +1,74 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://proxy.ohiolink.edu:9099/ => https://proxy.ohiolink.edu/: (7, 'Failed to connect to proxy.ohiolink.edu port 443: No route to host')
+Fetch error: http://proxy.ohiolink.edu/ => https://proxy.ohiolink.edu/: (7, 'Failed to connect to proxy.ohiolink.edu port 443: No route to host')
+
+	Nonfunctional hosts in *ohiolink.edu:
+
+		- ead ʳ
+		- ebooks ʰ
+		- journals ʰ
+
+	ʳ Refused
+	ʰ Redirects to http
+
+
+	Problematic hosts in *ohiolink.edu:
+
+		- drc ᴿ
+
+	ᴿ Configured for RC4 only
+
+
+	Insecure cookies are set for these hosts:
+
+		- .ohiolink.edu
+		- databases.ohiolink.edu
+		- olc1.ohiolink.edu
+		- platinum.ohiolink.edu
+		- rave.ohiolink.edu
+		- www.ohiolink.edu
+
+-->
+<ruleset name="OhioLINK.edu (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ohiolink.edu" />
+	<target host="auth.ohiolink.edu" />
+	<target host="authdb.ohiolink.edu" />
+	<target host="databases.ohiolink.edu" />
+	<target host="drc.ohiolink.edu" />
+	<target host="etd.ohiolink.edu" />
+	<target host="music.ohiolink.edu" />
+	<target host="olc1.ohiolink.edu" />
+	<target host="platinum.ohiolink.edu" />
+	<target host="rave.ohiolink.edu" />
+	<target host="www.ohiolink.edu" />
+
+	<!--	Complications:
+				-->
+	<target host="proxy.ohiolink.edu" />
+
+		<test url="http://proxy.ohiolink.edu:9100/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:(?:databases|platinum|rave|www)\.)?ohiolink\.edu$" name="^BIGipServer" /-->
+	<!--securecookie host="^\.ohiolink\.edu$" name="^(?:III_EXPT_FILE|III_SESSION_ID|SESSION_LANGUAGE)$" /-->
+	<!--securecookie host="^olc1\.ohiolink\.edu$" name="^SESSION_SCOPE$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://proxy\.ohiolink\.edu:9099/"
+		to="https://proxy.ohiolink.edu/" />
+
+		<test url="http://proxy.ohiolink.edu:9099/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ohio_Bar.org.xml b/src/chrome/content/rules/Ohio_Bar.org.xml
new file mode 100644
index 000000000000..e2099c71d1f3
--- /dev/null
+++ b/src/chrome/content/rules/Ohio_Bar.org.xml
@@ -0,0 +1,44 @@
+<!--
+	^ohiobar.org: 404
+
+
+	Fully covered hosts in *ohiobar.org:
+
+		- (www.)?	(^ → www)
+		- connect
+		- downloads
+		- ebar
+
+
+	Insecure cookies are set for these hosts:
+
+		- connect.ohiobar.org
+
+-->
+<ruleset name="Ohio Bar.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="connect.ohiobar.org" />
+	<target host="downloads.ohiobar.org" />
+	<target host="ebar.ohiobar.org" />
+
+	<!--	Complications:
+				-->
+	<target host="ohiobar.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^connect\.ohiobar\.org$" name="^^(ASP\.NET_SessionId|HLTC)$" /-->
+
+	<securecookie host="^connect\.ohiobar\.org$" name=".+" />
+
+
+	<rule from="^http://ohiobar\.org/"
+		to="https://www.ohiobar.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ohio_State_Alumni.org.xml b/src/chrome/content/rules/Ohio_State_Alumni.org.xml
new file mode 100644
index 000000000000..91383dcf28dc
--- /dev/null
+++ b/src/chrome/content/rules/Ohio_State_Alumni.org.xml
@@ -0,0 +1,31 @@
+<!--
+	For other Ohio State University coverage, see Ohio-State-University.xml.
+
+
+	(www.)?ohiostatealumni.org: Mismatched
+
+-->
+<ruleset name="Ohio State Alumni.org (partial)">
+
+	<!--	Complications:
+				-->
+	<target host="ohiostatealumni.org" />
+	<target host="www.ohiostatealumni.org" />
+
+		<!--	(?!$|\?) doesn't redirect:
+							-->
+		<exclusion pattern="^http://(?:www\.)?ohiostatealumni\.org/(?!$|\?)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://ohiostatealumni.org/Default.aspx" />
+			<test url="http://www.ohiostatealumni.org/Default.aspx" />
+			<test url="http://www.ohiostatealumni.org/index.htm" />
+
+
+	<!--	Redirect keeps args:
+					-->
+	<rule from="^http://(?:www\.)?ohiostatealumni\.org/"
+		to="https://www.osu.edu/alumni/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ohloh.xml b/src/chrome/content/rules/Ohloh.xml
deleted file mode 100644
index 7718418a221b..000000000000
--- a/src/chrome/content/rules/Ohloh.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<ruleset name="Ohloh">
-  <target host="ohloh.net" />
-  <target host="*.ohloh.net" />
-  <target host="ohloh.com" />
-  <target host="www.ohloh.com" />
-  <target host="ohloh.org" />
-  <target host="www.ohloh.org" />
-
-  <securecookie host="^(.+\.)?ohloh\.(net|com|org)$" name=".*"/>
-
-  <rule from="^http://(?:www\.)?ohloh\.(?:net|com|org)/" to="https://www.ohloh.net/" />
-
-	<rule from="^http://meta\.ohloh\.net/"
-		to="https://meta.ohloh.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Ohnward.com.xml b/src/chrome/content/rules/Ohnward.com.xml
new file mode 100644
index 000000000000..ecb73fda46d5
--- /dev/null
+++ b/src/chrome/content/rules/Ohnward.com.xml
@@ -0,0 +1,24 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://fas.ohnward.com/ => https://fas.ohnward.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+	(www.)?ohnward.com: Refused
+
+
+	These altnames don't exist:
+
+		- www.fas.ohnward.com
+
+-->
+<ruleset name="Ohnward.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="fas.ohnward.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OilandGasInternational.com.xml b/src/chrome/content/rules/OilandGasInternational.com.xml
new file mode 100644
index 000000000000..be0d158d0694
--- /dev/null
+++ b/src/chrome/content/rules/OilandGasInternational.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="OilandGasInternational.com">
+	<target host="oilandgasinternational.com" />
+	<target host="www.oilandgasinternational.com" />
+
+	<securecookie host=".+" name=".+" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Oilshell.org.xml b/src/chrome/content/rules/Oilshell.org.xml
new file mode 100644
index 000000000000..7b16cad231c8
--- /dev/null
+++ b/src/chrome/content/rules/Oilshell.org.xml
@@ -0,0 +1,13 @@
+<!--
+	Refused:
+		lists.oilshell.org
+
+-->
+<ruleset name="Oilshell.org">
+
+	<target host="oilshell.org" />
+	<target host="www.oilshell.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ojrq.net.xml b/src/chrome/content/rules/Ojrq.net.xml
new file mode 100644
index 000000000000..9084adf47069
--- /dev/null
+++ b/src/chrome/content/rules/Ojrq.net.xml
@@ -0,0 +1,36 @@
+<!--
+	For other Impact Radius coverage, see Impact-Radius.xml.
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- ojrq.net
+		- .ojrq.net
+		- www.ojrq.net
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="ojrq.net">
+
+	<target host="ojrq.net" />
+	<target host="www.ojrq.net" />
+
+		<!--	Sets cookies without Secure:
+							-->
+		<!--test url="http://www.ojrq.net/p/?return=" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^ojrq\.net$" name="^epersist$" /-->
+	<!--securecookie host="^\.ojrq\.net$" name="^brwsr$" /-->
+	<!--securecookie host="^www.ojrq\.net$" name="^AWSELB$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ok.ru.xml b/src/chrome/content/rules/Ok.ru.xml
new file mode 100644
index 000000000000..a56f18995a42
--- /dev/null
+++ b/src/chrome/content/rules/Ok.ru.xml
@@ -0,0 +1,18 @@
+<!--
+	For other Mail.ru coverage, see Mail.ru.xml.
+
+	Mismatch:
+		- new.apiok.ru
+-->
+<ruleset name="Ok.ru">
+
+
+	<target host="apiok.ru" />
+	<target host="www.apiok.ru" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OkCDN.com.xml b/src/chrome/content/rules/OkCDN.com.xml
new file mode 100644
index 000000000000..5cbe570203ea
--- /dev/null
+++ b/src/chrome/content/rules/OkCDN.com.xml
@@ -0,0 +1,27 @@
+<!--
+	For other OkCupid coverage, see OkCupid.xml.
+
+	Non-functional hosts
+		Timeout was reached:
+			 - okccdn.com
+			 - ak0.okccdn.com
+			 - ak1.okccdn.com
+			 - ak2.okccdn.com
+			 - ak3.okccdn.com
+			 - akcdn.okccdn.com
+			 - cdn.okccdn.com
+			 - k0.okccdn.com
+			 - k1.okccdn.com
+			 - k3.okccdn.com
+			 - nameserver1.okccdn.com
+			 - nameserver2.okccdn.com
+
+		4xx client error:
+			 - k2.okccdn.com
+-->
+<ruleset name="OkC CDN.com (partial)">
+	<target host="akincludes.okccdn.com" />
+	<target host="includes.okccdn.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/OkCimg.com.xml b/src/chrome/content/rules/OkCimg.com.xml
new file mode 100644
index 000000000000..5150546df971
--- /dev/null
+++ b/src/chrome/content/rules/OkCimg.com.xml
@@ -0,0 +1,44 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ads.okcimg.com/ => https://ads.okcimg.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+
+	For other OkCupid coverage, see OkCupid.xml.
+
+
+	Insecure cookies are set for these domains:
+
+		- .okcimg.com
+
+-->
+<ruleset name="OkCimg.com (partial)" default_off="failed ruleset test">
+
+	<target host="ads.okcimg.com"/>
+	<!--	520, CloudFlare	-->
+	<target host="cdn.okcimg.com"/>
+
+		<exclusion pattern="^http://cdn\.okcimg\.com/(?!media/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://cdn.okcimg.com/foo" />
+
+			<!--	-ve:
+					-->
+			<test url="http://cdn.okcimg.com/media/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.okcimg\.com$" name="^(cf_clearance|guest)$" /-->
+
+	<securecookie host="^\.okcimg\.com$" name=".+" />
+
+
+	<rule from="^http://cdn\.okcimg\.com/"
+		to="https://www.okcupid.com/flat/"/>
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OkCupid.xml b/src/chrome/content/rules/OkCupid.xml
index 116b49baee5f..bc9f4c240e96 100644
--- a/src/chrome/content/rules/OkCupid.xml
+++ b/src/chrome/content/rules/OkCupid.xml
@@ -1,30 +1,69 @@
-<!--	!functional:
-		blog.okcupid.com	(okcupid.com/blog redirects to here)
--->
-<ruleset name="OkCupid (partial)">
+<!--
+	Other OkCupid rulesets:
+		+ OkCimg.com.xml
+
+	Non-functional hosts
+		Timeout was reached:
+			 - cdn.okcupid.com
+			 - nameserver1.okcupid.com
+			 - nameserver2.okcupid.com
+			 - staffrobot.okcupid.com
 
-	<!--	Akamai, "Service Unavailable"	-->
-	<target host="akcdn.okccdn.com"/>
-	<!--	Akamai	-->
-	<target host="akincludes.okccdn.com"/>
-	<!--	Akamai	-->
-	<target host="ads.okcimg.com"/>
-	<!--	Akamai, 404	-->
-	<target host="cdn.okcimg.com"/>
-	<!--	*.okcupid.com	-->
-	<target host="includes.okcimg.com"/>
-	<target host="okcupid.com"/>
-	<target host="www.okcupid.com"/>
+		SSL peer certificate was not OK:
+			 - o2.mailgrid.okcupid.com
+			 - o1.supportmail.okcupid.com
 
-	<rule from="^http://(?:akcdn\.okccdn|cdn\.okcimg)\.com/media/"
-		to="https://www.okcupid.com/flat/media/"/>
+		Status code mismatch:
+			 - api.okcupid.com
 
-	<rule from="^http://(?:(?:ak)?includes\.okccdn|(?:ads|includes)\.okcimg|okcupid)\.com/"
-		to="https://www.okcupid.com/"/>
+		4xx client error:
+			 - developer.okcupid.com
+			 - li.okcupid.com
+			 - mailgrid.okcupid.com
+			 - services.okcupid.com
+			 - supportmail.okcupid.com
+			 - techblog-static.okcupid.com
 
-	<rule from="^http://www\.okcupid\.com/(about/okcupid|careers|contact-us|daisy|flat/|help/\w+|legal/terms|login|press/news|w3c/)"
-		to="https://www.okcupid.com/$1"/>
+		5xx server error:
+			 - piwik.okcupid.com
 
+		Different content:
+			 - jobs.okcupid.com
+			 - quiz.okcupid.com
+-->
+<ruleset name="OkCupid.com (partial)">
+	<target host="okcupid.com" />
+	<target host="www.okcupid.com" />
+	<target host="1-instant.okcupid.com" />
+	<target host="10-instant.okcupid.com" />
+	<target host="11-instant.okcupid.com" />
+	<target host="12-instant.okcupid.com" />
+	<target host="2-instant.okcupid.com" />
+	<target host="3-instant.okcupid.com" />
+	<target host="4-instant.okcupid.com" />
+	<target host="5-instant.okcupid.com" />
+	<target host="6-instant.okcupid.com" />
+	<target host="7-instant.okcupid.com" />
+	<target host="8-instant.okcupid.com" />
+	<target host="9-instant.okcupid.com" />
+	<target host="blog.okcupid.com" />
+	<target host="de.okcupid.com" />
+	<target host="en.okcupid.com" />
+	<target host="fr.okcupid.com" />
+	<target host="he.okcupid.com" />
+	<target host="helloquizzy.okcupid.com" />
+	<target host="m.okcupid.com" />
+	<target host="mobile-web.okcupid.com" />
+	<target host="mobile_web.okcupid.com" />
+	<target host="nl.okcupid.com" />
+	<target host="oktrends.okcupid.com" />
+	<target host="status.okcupid.com" />
+	<target host="tech.okcupid.com" />
+	<target host="theblog.okcupid.com" />
+	<target host="trends.okcupid.com" />
+	<target host="www2.okcupid.com" />
 
+	<securecookie host="^(www\.)?okcupid\.com$" name=".+" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/OkTurtles.com.xml b/src/chrome/content/rules/OkTurtles.com.xml
new file mode 100644
index 000000000000..03e9e26140a0
--- /dev/null
+++ b/src/chrome/content/rules/OkTurtles.com.xml
@@ -0,0 +1,44 @@
+<!--
+	Other okTurtles rulesets:
+
+		- OkTurtles.org.xml
+
+
+	www.okturtles.com: Redirect destination mismatched
+
+
+	Mixed content:
+
+		- Web bugs on forums and www from piwik.okturtles.com *
+
+	* Secured by us
+
+-->
+<ruleset name="okTurtles.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="okturtles.com" />
+	<target host="blog.okturtles.com" />
+	<target host="forums.okturtles.com" />
+	<target host="piwik.okturtles.com" />
+
+	<!--	Complications:
+				-->
+	<target host="www.okturtles.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(forums|www)\.okturtles\.com$" name="^(PHPSESSID|bb2_screener_)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://www\.okturtles\.com/"
+		to="https://okturtles.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OkTurtles.org.xml b/src/chrome/content/rules/OkTurtles.org.xml
new file mode 100644
index 000000000000..5a4023ad4599
--- /dev/null
+++ b/src/chrome/content/rules/OkTurtles.org.xml
@@ -0,0 +1,22 @@
+<!--
+	For other okTurtles coverage, see OkTurtles.com.xml.
+
+
+	(www.)?okturtles.org: Mismatched
+
+-->
+<ruleset name="okTurtles.org">
+
+	<!--	Complications:
+				-->
+	<target host="okturtles.org" />
+	<target host="www.okturtles.org" />
+
+
+	<!--	Redirect keeps path, args,
+		and forward slash:
+					-->
+	<rule from="^http://(?:www\.)?okturtles\.org/"
+		to="https://okturtles.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Okaz.com.sa.xml b/src/chrome/content/rules/Okaz.com.sa.xml
new file mode 100644
index 000000000000..78664b98be20
--- /dev/null
+++ b/src/chrome/content/rules/Okaz.com.sa.xml
@@ -0,0 +1,8 @@
+<ruleset name="Okaz.com.sa">
+	<target host="okaz.com.sa" />
+	<target host="www.okaz.com.sa" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Okdiario.com.xml b/src/chrome/content/rules/Okdiario.com.xml
new file mode 100644
index 000000000000..3c9b76537c11
--- /dev/null
+++ b/src/chrome/content/rules/Okdiario.com.xml
@@ -0,0 +1,19 @@
+<!--
+	No working URL known:
+		newsletter.okdiario.com
+
+-->
+<ruleset name="Okdiario.com">
+	<target host="okdiario.com" />
+	<target host="www.okdiario.com" />
+	<target host="blogs.okdiario.com" />
+	<target host="cdn1.okdiario.com" />
+	<target host="cdn2.okdiario.com" />
+	<target host="cdn3.okdiario.com" />
+	<target host="cdn4.okdiario.com" />
+	<target host="diariomadridista.okdiario.com" />
+	<target host="look.okdiario.com" />
+	<target host="yotele.okdiario.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Okopnik.xml b/src/chrome/content/rules/Okopnik.xml
index 09a7835a2126..1e03dd6931c7 100644
--- a/src/chrome/content/rules/Okopnik.xml
+++ b/src/chrome/content/rules/Okopnik.xml
@@ -1,4 +1,4 @@
-<ruleset name="Okopnik.com" default_off="self-signed">
+<ruleset name="Okopnik.com" default_off="refused">
 
 	<target host="okopnik.com"/>
 	<target host="www.okopnik.com"/>
diff --git a/src/chrome/content/rules/Okoun.cz.xml b/src/chrome/content/rules/Okoun.cz.xml
new file mode 100644
index 000000000000..20548a066dcd
--- /dev/null
+++ b/src/chrome/content/rules/Okoun.cz.xml
@@ -0,0 +1,11 @@
+<!--
+
+	http redirects: okoun.cz -> www.okoun.cz
+
+-->
+<ruleset name="Okoun.cz">
+	<target host="www.okoun.cz" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Okta.com.xml b/src/chrome/content/rules/Okta.com.xml
new file mode 100644
index 000000000000..4f03efe73fd0
--- /dev/null
+++ b/src/chrome/content/rules/Okta.com.xml
@@ -0,0 +1,45 @@
+<!--
+	Nonfunctional subdomains:
+
+		- ^ (cert-chain)
+		- community (cert-chain)
+
+
+
+	Fully covered subdomains:
+
+		- (www.)?	(^ → www)
+		- advent-hub
+		- support
+
+
+	Insecure cookies are set for these hosts:
+
+		- advent-hub.okta.com
+		- community.okta.com
+		- support.okta.com
+		- www.okta.com
+
+-->
+<ruleset name="Okta.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="advent-hub.okta.com" />
+	<target host="developer.okta.com" />
+	<target host="support.okta.com" />
+	<target host="www.okta.com" />
+
+	<!--	Complications:
+				-->
+	<target host="okta.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://okta\.com/"
+		to="https://www.okta.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Oktatas.hu.xml b/src/chrome/content/rules/Oktatas.hu.xml
index 3f5f8c4b0717..7faf0a4adcfa 100644
--- a/src/chrome/content/rules/Oktatas.hu.xml
+++ b/src/chrome/content/rules/Oktatas.hu.xml
@@ -1,4 +1,4 @@
-<ruleset name="Oktat&#225;si Hivatal">
+<ruleset name="Oktat&#225;si Hivatal" platform="mixedcontent">
   <target host="kir.hu" />
   <target host="oktatas.hu" />
   <target host="www.kir.hu" />
diff --git a/src/chrome/content/rules/Okura.nl.xml b/src/chrome/content/rules/Okura.nl.xml
new file mode 100644
index 000000000000..718113dca706
--- /dev/null
+++ b/src/chrome/content/rules/Okura.nl.xml
@@ -0,0 +1,23 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- www.okura.nl
+
+-->
+<ruleset name="Okura.nl">
+
+	<target host="okura.nl" />
+	<target host="www.okura.nl" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.okura\.nl$" name="^(__RequestVerificationToken|ASP.NET_SessionId)$" /-->
+
+	<securecookie host="^www\.okura\.nl$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Olark.xml b/src/chrome/content/rules/Olark.xml
index 67d32b0cb8d5..838de8fba91d 100644
--- a/src/chrome/content/rules/Olark.xml
+++ b/src/chrome/content/rules/Olark.xml
@@ -1,13 +1,40 @@
-<ruleset name="Olark">
+<!--
+	 hosts in *olark.com:
+
+		- special *
+
+	* Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.olark.com
+
+-->
+<ruleset name="Olark.com (partial)">
 
 	<target host="olark.com" />
 	<target host="*.olark.com" />
 
+		<test url="http://999-async.olark.com/nrpc/c" />
+		<test url="http://assets.olark.com/" />
+		<test url="http://chat.olark.com/" />
+		<test url="http://chat2.olark.com/" />
+		<test url="http://dyn.olark.com/online/image.cgi" />
+		<test url="http://images-async.olark.com/status" />
+		<test url="http://static.olark.com/" />
+		<test url="http://static.olark.com/js/html/url_handler.html" />
+		<test url="http://www.olark.com/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.olark\.com$" name="^analytics_user_id$" /-->
 
-	<securecookie host="^(?:.+\.)?olark\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://((?:assets|chat2?|static|\d+-async|testcdn|www)\.)?olark\.com/"
+	<rule from="^http://((?:assets|chat2?|dyn|static|\w+-async|testcdn|www)\.)?olark\.com/"
 		to="https://$1olark.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Olasagasti.info.xml b/src/chrome/content/rules/Olasagasti.info.xml
new file mode 100644
index 000000000000..7d8a01c54c83
--- /dev/null
+++ b/src/chrome/content/rules/Olasagasti.info.xml
@@ -0,0 +1,16 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+			 - omega.olasagasti.info
+-->
+<ruleset name="Olasagasti.info">
+	<target host="olasagasti.info" />
+	<target host="www.olasagasti.info" />
+	<target host="laino.olasagasti.info" />
+	<target host="mikel.olasagasti.info" />
+	<target host="revelation.olasagasti.info" />
+
+	<securecookie host="^(www\.)olasagasti\.info$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/OldUnreal.com.xml b/src/chrome/content/rules/OldUnreal.com.xml
new file mode 100644
index 000000000000..5c21953cc793
--- /dev/null
+++ b/src/chrome/content/rules/OldUnreal.com.xml
@@ -0,0 +1,22 @@
+<!--
+	Mismatched:
+		- master
+
+	Wildcard DNS record, any other subdomains are self-signed.
+-->
+<ruleset name="OldUnreal.com">
+	<target host="oldunreal.com" />
+	<target host="www.oldunreal.com" />
+	<target host="forums.oldunreal.com" />
+	<target host="www.forums.oldunreal.com" />
+	<target host="gatherstone.oldunreal.com" />
+	<target host="www.gatherstone.oldunreal.com" />
+	<target host="quickdog.oldunreal.com" />
+	<target host="www.quickdog.oldunreal.com" />
+	<target host="wiki.oldunreal.com" />
+	<target host="www.wiki.oldunreal.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Olimex.com.xml b/src/chrome/content/rules/Olimex.com.xml
index e343de520f6a..d0f182d279cf 100644
--- a/src/chrome/content/rules/Olimex.com.xml
+++ b/src/chrome/content/rules/Olimex.com.xml
@@ -1,5 +1,7 @@
 <ruleset name="Olimex.com">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="olimex.com" />
 	<target host="www.olimex.com" />
 
@@ -7,7 +9,7 @@
 	<securecookie host="^www\.olimex\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?olimex\.com/"
-		to="https://$1olimex.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Ology.com-problematic.xml b/src/chrome/content/rules/Ology.com-problematic.xml
index a68030d47846..c14f97601022 100644
--- a/src/chrome/content/rules/Ology.com-problematic.xml
+++ b/src/chrome/content/rules/Ology.com-problematic.xml
@@ -5,7 +5,7 @@
 <ruleset name="Ology.com (problematic)" default_off="mismatched">
 
 	<target host="ology.com" />
-	<target host="*.ology.com" />
+	<target host="www.ology.com" />
 
 
 	<securecookie host="^\.ology\.com$" name=".+" />
@@ -14,4 +14,4 @@
 	<rule from="^http://(?:www\.)?ology\.com/"
 		to="https://www.ology.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Ology.com.xml b/src/chrome/content/rules/Ology.com.xml
deleted file mode 100644
index f6491b59b140..000000000000
--- a/src/chrome/content/rules/Ology.com.xml
+++ /dev/null
@@ -1,31 +0,0 @@
-<!--
-	For problematic rules, see Ology.com-problematic.xml.
-
-
-	CDN buckets:
-
-		- d2hddv4f3m6vd2.cloudfront.net
-
-			- cdn
-
-
-	Nonfunctional subdomains:
-
-		- nodejs.www	(shows biglive.com)
-
-
-	Problematic subdomains:
-
-		- (www.)	(works; mismatched, CN: www.biglive.com)
-
-
--->
-<ruleset name="Ology.com (partial)">
-
-	<target host="cdn.ology.com" />
-
-
-	<rule from="^http://cdn\.ology\.com/"
-		to="https://d2hddv4f3m6vd2.cloudfront.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Olvi.fi.xml b/src/chrome/content/rules/Olvi.fi.xml
index 8d2a4fbd33d2..9056bbe0b99a 100644
--- a/src/chrome/content/rules/Olvi.fi.xml
+++ b/src/chrome/content/rules/Olvi.fi.xml
@@ -1,10 +1,20 @@
+<!--
+	Mismatch:
+		- aineistopankki
+		- ecomm
+		- puoti
+
+	Refused:
+		- ^
+-->
 <ruleset name="Olvi.fi">
-  <target host="www.olvi.fi"/>
-  <target host="olvi.fi"/>
-  <target host="puoti.olvi.fi"/>
-  <target host="palaute.olvi.fi"/>
-<rule from="^http://(www\.)?olvi\.fi/" to="https://www.olvi.fi/"/>
-<rule from="^https://olvi\.fi/" to="https://www.olvi.fi/"/>
-<rule from="^http://(puoti|palaute)\.olvi\.fi/" to="https://$1.olvi.fi/"/>
+	<target host="olvi.fi"/>
+	<target host="www.olvi.fi"/>
+	<target host="palaute.olvi.fi"/>
+
+	<rule from="^http://olvi\.fi/"
+		to="https://www.olvi.fi/"/>
+	<rule from="^http:"
+		to="https:"/>
 </ruleset>
-<!-- Rule generated by HTTPS Finder 0.85 and manually edited -->
\ No newline at end of file
+<!-- Rule generated by HTTPS Finder 0.85 and manually edited -->
diff --git a/src/chrome/content/rules/Olx.pt.xml b/src/chrome/content/rules/Olx.pt.xml
new file mode 100644
index 000000000000..b19f4fb2d4b6
--- /dev/null
+++ b/src/chrome/content/rules/Olx.pt.xml
@@ -0,0 +1,14 @@
+<!--
+	Mismatch:
+	help.olx.pt
+
+ 	Timeout:
+	www.olx.pt
+-->
+
+<ruleset name="Olx.pt">
+	<target host="olx.pt" />
+	<target host="yasukegroup.olx.pt" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/OmNovia-Technologies.xml b/src/chrome/content/rules/OmNovia-Technologies.xml
index 0acd5b783964..5873f34b2dde 100644
--- a/src/chrome/content/rules/OmNovia-Technologies.xml
+++ b/src/chrome/content/rules/OmNovia-Technologies.xml
@@ -3,7 +3,7 @@
 	<target host="omnovia.com"/>
 	<target host="*.omnovia.com"/>
 
-	<securecookie host="^(.*\.)omnovia\.com$" name=".*"/>
+	<securecookie host="^(?:.*\.)omnovia\.com$" name=".+" />
 
 	<!--	cert !match !www	-->
 	<rule from="^http://omnovia\.com/"
diff --git a/src/chrome/content/rules/Omaha.com.xml b/src/chrome/content/rules/Omaha.com.xml
new file mode 100644
index 000000000000..b72fd4468f47
--- /dev/null
+++ b/src/chrome/content/rules/Omaha.com.xml
@@ -0,0 +1,19 @@
+<!--
+	Handled in Bitly_branded_short_domains.xml:
+		- on.omaha.com
+
+	Invalid certificate:
+		- ballot.omaha.com
+		- studio.omaha.com
+
+	Redirects to HTTP:
+		- www.omaha.com
+-->
+
+<ruleset name="Omaha.com">
+	<target host="omaha.com" />
+	<target host="checkout.omaha.com" />
+	<target host="myaccount.omaha.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/OmakaseWeb.com.xml b/src/chrome/content/rules/OmakaseWeb.com.xml
new file mode 100644
index 000000000000..1a429a0be70c
--- /dev/null
+++ b/src/chrome/content/rules/OmakaseWeb.com.xml
@@ -0,0 +1,21 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://omakaseweb.com/ => https://omakaseweb.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.omakaseweb.com/ => https://www.omakaseweb.com/: (28, 'Connection timed out after 20000 milliseconds')
+
+	For other GMO coverage, see GMO_Internet.xml.
+
+-->
+<ruleset name="OmakaseWeb.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="omakaseweb.com" />
+	<target host="www.omakaseweb.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Omaze.com.xml b/src/chrome/content/rules/Omaze.com.xml
new file mode 100644
index 000000000000..52ba015c6515
--- /dev/null
+++ b/src/chrome/content/rules/Omaze.com.xml
@@ -0,0 +1,19 @@
+<!--
+	Other Omaze rulesets:
+
+		- Omaze.info.xml
+
+
+	At least some pages redirect to http.
+
+-->
+<ruleset name="Omaze.com (partial)">
+
+	<target host="omaze.com" />
+	<target host="www.omaze.com" />
+
+
+	<rule from="^http://(www\.)?omaze\.com/(?=favicon\.ico|wp-content/|wp-includes)"
+		to="https://$1omaze.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Omaze.info.xml b/src/chrome/content/rules/Omaze.info.xml
new file mode 100644
index 000000000000..7100b768c4ac
--- /dev/null
+++ b/src/chrome/content/rules/Omaze.info.xml
@@ -0,0 +1,20 @@
+<!--
+	For other Omaze coverage, see Omaze.com.xml.
+
+
+	www doesn't exist.
+
+-->
+<ruleset name="Omaze.info">
+
+	<target host="omaze.info" />
+	<target host="*.omaze.info" />
+
+
+	<securecookie host="^\.omaze\.info$" name="^__cfduid$" />
+
+
+	<rule from="^http://(\d\.)?omaze\.info/"
+		to="https://$1omaze.info/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Omeda.xml b/src/chrome/content/rules/Omeda.xml
index ce72a94e0582..05eef76d3011 100644
--- a/src/chrome/content/rules/Omeda.xml
+++ b/src/chrome/content/rules/Omeda.xml
@@ -4,7 +4,7 @@
 		<!--	(www.) times out.	-->
 		<exclusion pattern="^http://www\." />
 
-	<securecookie host="^.*\.omeda\.com$" name=".*" />
+	<securecookie host=".+" name=".+" />
 
 
 	<!--	Clients have unique subdomains, e.g.
diff --git a/src/chrome/content/rules/OmegaUp.com.xml b/src/chrome/content/rules/OmegaUp.com.xml
new file mode 100644
index 000000000000..240e26ee5fb7
--- /dev/null
+++ b/src/chrome/content/rules/OmegaUp.com.xml
@@ -0,0 +1,33 @@
+<!--
+	Nonfunctional hosts in *omegaup.com:
+
+		- blog *
+
+	* Shows ^omegaup.com
+
+
+	Insecure cookies are set for these hosts:
+
+		- omegaup.com
+		- www.omegaup.com
+
+-->
+<ruleset name="omegaUp.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="omegaup.com" />
+	<target host="www.omegaup.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?omegaup\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^(?:www\.)?omegaup\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Omgubuntu.co.uk.xml b/src/chrome/content/rules/Omgubuntu.co.uk.xml
new file mode 100644
index 000000000000..e6556949c09a
--- /dev/null
+++ b/src/chrome/content/rules/Omgubuntu.co.uk.xml
@@ -0,0 +1,23 @@
+<!--
+	Non-functional subdomains:
+		- $host		(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="omgubuntu.co.uk">
+
+	<target host="omgubuntu.co.uk" />
+	<target host="www.omgubuntu.co.uk" />
+
+	<rule from="^http://omgubuntu\.co\.uk/"
+		to="https://www.omgubuntu.co.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/OmniGroup.com.xml b/src/chrome/content/rules/OmniGroup.com.xml
index 0c12082f83ec..7bf685809075 100644
--- a/src/chrome/content/rules/OmniGroup.com.xml
+++ b/src/chrome/content/rules/OmniGroup.com.xml
@@ -1,7 +1,49 @@
-<ruleset name="OmniGroup.com">
+<!--
+	Nonfunctional subdomains:
+
+		- forums *
+
+	* Plaintext reply
+
+
+	^: Refused
+
+
+	Insecure cookies are set for these hosts:
+
+		- store.omnigroup.com
+		- www.omnigroup.com
+
+
+	Mixed content:
+
+		- Bug on www from piwik.omnigroup.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Omni Group.com (partial)">
 	<target host="omnigroup.com" />
+	<target host="piwik.omnigroup.com" />
+	<target host="store.omnigroup.com" />
 	<target host="www.omnigroup.com" />
-	<rule from="^http://omnigroup\.com/" to="https://www.omnigroup.com/"/>
-	<rule from="^http://www\.omnigroup\.com/" to="https://www.omnigroup.com/"/>
-</ruleset>
 
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^store\.omnigroup\.com$" name="^(PHPSESSID|pad)$" /-->
+	<!--securecookie host="^(store|www)\.omnigroup\.com$" name="^exp_(last_activity|last_visit|tracker)$" /-->
+	<!--securecookie host="^www\.omnigroup\.com$" name="^exp_csrf_token$" /-->
+
+	<securecookie host="^(?:store|www)\.omnigroup\.com$" name=".+" />
+
+
+	<!--	Redirect keeps path, args,
+		but not forward slash:
+					-->
+	<rule from="^http://omnigroup\.com/+" to="https://www.omnigroup.com/"/>
+
+		<test url="http://omnigroup.com/blog/" />
+
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/OmniTI.com-falsemixed.xml b/src/chrome/content/rules/OmniTI.com-falsemixed.xml
new file mode 100644
index 000000000000..038155e5ef12
--- /dev/null
+++ b/src/chrome/content/rules/OmniTI.com-falsemixed.xml
@@ -0,0 +1,14 @@
+<!--
+	For rules not causing false/broken MCB, see OmniTI.com.xml.
+
+-->
+<ruleset name="OmniTI.com (false MCB)" platform="mixedcontent">
+
+	<target host="omniti.com" />
+	<target host="www.omniti.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OmniUpdate.com.xml b/src/chrome/content/rules/OmniUpdate.com.xml
index 00d365d53992..8a2fcb00a828 100644
--- a/src/chrome/content/rules/OmniUpdate.com.xml
+++ b/src/chrome/content/rules/OmniUpdate.com.xml
@@ -18,13 +18,15 @@
 <ruleset name="OmniUpdate.com">
 
 	<target host="omniupdate.com" />
-	<target host="*.omniupdate.com" />
+	<target host="apps.omniupdate.com" />
+	<target host="commons.omniupdate.com" />
+	<target host="support.omniupdate.com" />
+	<target host="www.omniupdate.com" />
 
 
 	<securecookie host="^www\.omniupdate\.com$" name=".+" />
 
 
-	<rule from="^http://((?:apps|commons|support|www)\.)?omniupdate\.com/"
-		to="https://$1omniupdate.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Omniref.com.xml b/src/chrome/content/rules/Omniref.com.xml
new file mode 100644
index 000000000000..99eebd43c747
--- /dev/null
+++ b/src/chrome/content/rules/Omniref.com.xml
@@ -0,0 +1,30 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://omniref.com/ => https://omniref.com/: (7, 'Failed to connect to omniref.com port 443: Connection refused')
+Fetch error: http://www.omniref.com/ => https://www.omniref.com/: (7, 'Failed to connect to www.omniref.com port 443: Connection refused')
+
+-->
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://omniref.com/ => https://omniref.com/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="Omniref.com" default_off="failed ruleset test">
+
+	<target host="omniref.com" />
+	<target host="www.omniref.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.omniref\.com$" name="^promo_box_cohort$" /-->
+
+	<securecookie host="^www\.omniref\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Omnirom.org.xml b/src/chrome/content/rules/Omnirom.org.xml
index df4b9102644d..673bd965a6c9 100644
--- a/src/chrome/content/rules/Omnirom.org.xml
+++ b/src/chrome/content/rules/Omnirom.org.xml
@@ -1,6 +1,18 @@
+<!--
+	Mismatch:
+		- jira.omnirom.org
+-->
 <ruleset name="Omnirom.org">
-<target host="omnirom.org"/>
-<target host="www.omnirom.org"/>
-<rule from="^http://(www\.)?omnirom\.org/" to="https://omnirom.org/"/>
+	<target host="omnirom.org"/>
+	<target host="www.omnirom.org"/>
+	<target host="blog.omnirom.org"/>
+	<target host="dl.omnirom.org"/>
+	<target host="docs.omnirom.org"/>
+	<target host="gerrit.omnirom.org"/>
+	<target host="jenkins.omnirom.org"/>
+	<target host="lists.omnirom.org"/>
+		<test url="http://lists.omnirom.org/pipermail/maintainers/" />
+	<target host="paste.omnirom.org"/>
+
+	<rule from="^http:" to="https:" />
 </ruleset>
- 
\ No newline at end of file
diff --git a/src/chrome/content/rules/Omnitec.xml b/src/chrome/content/rules/Omnitec.xml
deleted file mode 100644
index 9449b79e944d..000000000000
--- a/src/chrome/content/rules/Omnitec.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<ruleset name="Omnitec">
-
-	<target host="omnitec.com"/>
-	<target host="*.omnitec.com"/>
-
-	<securecookie host="^(.*\.)?omnitec\.com$" name=".*"/>
-
-	<!--	access denied via https
-		redirect via http	-->
-	<rule from="^http://omnitec\.com/"
-		to="https://www.omnitec.com/"/>
-
-	<rule from="^http://(\w+)\.omnitec\.com/"
-		to="https://$1.omnitec.com/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Omniture-static.com.xml b/src/chrome/content/rules/Omniture-static.com.xml
new file mode 100644
index 000000000000..38b91329977f
--- /dev/null
+++ b/src/chrome/content/rules/Omniture-static.com.xml
@@ -0,0 +1,15 @@
+<!--
+	For other Adobe coverage, see Adobe.xml.
+
+
+	If we are going to include ads and tracking info, let's at least do it by https.
+
+-->
+<ruleset name="Omniture-static.com">
+
+	<target host="www.omniture-static.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Omniture.com.xml b/src/chrome/content/rules/Omniture.com.xml
new file mode 100644
index 000000000000..b9e8d6b5dcaa
--- /dev/null
+++ b/src/chrome/content/rules/Omniture.com.xml
@@ -0,0 +1,51 @@
+<!--
+	For other Adobe coverage, see Adobe.xml.
+
+
+	Fully covered subdomains:
+
+		- (www.)?
+		- assets
+		- my
+		- origin-enterprise
+		- publish
+		- sc-css-1
+		- scripts
+		- searchandpromote
+		- style
+		- testandtarget
+		- admin.testandtarget
+
+
+	Insecure cookies are set for these hosts:
+
+		- assets.omniture.com
+
+-->
+<ruleset name="Omniture.com">
+
+	<target host="omniture.com" />
+	<target host="assets.omniture.com" />
+	<target host="my.omniture.com" />
+	<target host="origin-enterprise.omniture.com" />
+	<target host="publish.omniture.com" />
+	<target host="sc-css-1.omniture.com" />
+	<target host="scripts.omniture.com" />
+	<target host="searchandpromote.omniture.com" />
+	<target host="style.omniture.com" />
+	<target host="testandtarget.omniture.com" />
+	<target host="admin.testandtarget.omniture.com" />
+	<target host="www.omniture.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^assets\.omniture\.com" name="^BIGipServerhttps_omniture$" /-->
+
+	<securecookie host=".+" name=".+"/>
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Omtrdc.net.xml b/src/chrome/content/rules/Omtrdc.net.xml
new file mode 100644
index 000000000000..382376638727
--- /dev/null
+++ b/src/chrome/content/rules/Omtrdc.net.xml
@@ -0,0 +1,46 @@
+<!--
+	For other Adobe coverage, see Adobe.xml.
+
+
+	Problematic domains:
+
+		- \w+-\w+.d[1-3].sc.omtrdc.net *
+
+	* Mismatched
+
+
+	Mixed content:
+
+		- Images from assets.omniture.com *
+
+	* Secured by us
+
+
+	If we are going to include ads and tracking info, let's at least do it by https.
+
+-->
+<ruleset name="omtrdc.net">
+
+	<target host="*.sc.omtrdc.net" />
+	<target host="*.tt.omtrdc.net" />
+
+		<test url="http://totalsystemservices.d1.sc.omtrdc.net/optout.html" />
+		<test url="http://www.d1.sc.omtrdc.net/optout.html" />
+		<test url="http://nhkonline.sc.omtrdc.net/optout.html" />
+		<test url="http://adobe.tt.omtrdc.net/" />
+
+
+	<securecookie host=".+" name=".+"/>
+
+
+	<rule from="^http://(\w+)\.(\w+)\.d([1-3])\.sc\.omtrdc\.net/"
+		to="https://$1-$2.d$3.sc.omtrdc.net/" />
+
+		<test url="http://schindler.com.d3.sc.omtrdc.net/optout.html" />
+		<test url="http://www.totalsystemservices.d1.sc.omtrdc.net/optout.html" />
+		<test url="http://www.wackerchemie.d1.sc.omtrdc.net/optout.html" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/On-Disk.com.xml b/src/chrome/content/rules/On-Disk.com.xml
index 6f375169813d..38931f03a95b 100644
--- a/src/chrome/content/rules/On-Disk.com.xml
+++ b/src/chrome/content/rules/On-Disk.com.xml
@@ -1,11 +1,17 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://on-disk.com/ => https://on-disk.com/: (7, 'Failed to connect to on-disk.com port 443: Connection refused')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://on-disk.com/ => https://on-disk.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 	Cert only matches ^on-disk.com
 
 -->
-<ruleset name="On-Disk.com">
+<ruleset name="On-Disk.com" default_off="failed ruleset test">
 
 	<target host="on-disk.com" />
-	<target host="*.on-disk.com" />
+	<target host="www.on-disk.com" />
 
 
 	<securecookie host="^\.on-disk\.com$" name=".+" />
diff --git a/src/chrome/content/rules/On-web.fr.xml b/src/chrome/content/rules/On-web.fr.xml
index e11c6449dab8..019fac33c5c9 100644
--- a/src/chrome/content/rules/On-web.fr.xml
+++ b/src/chrome/content/rules/On-web.fr.xml
@@ -1,4 +1,6 @@
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://on-web.fr/ => https://www.planet-work.com/: (28, 'Operation timed out after 15001 milliseconds with 0 bytes received')
 	For other Planet-Work coverage, see Planet-Work.xml.
 
 
@@ -25,4 +27,4 @@
 	<rule from="^http://([\w-]+)\.on-web\.fr/"
 		to="https://$1.on-web.fr/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/OnApp.com.xml b/src/chrome/content/rules/OnApp.com.xml
new file mode 100644
index 000000000000..91218595539c
--- /dev/null
+++ b/src/chrome/content/rules/OnApp.com.xml
@@ -0,0 +1,38 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- onapp.com
+		- docs.onapp.com
+		- www.onapp.com
+
+
+	Mixed content:
+
+		- css on (www.)? from fast.fonts.com *
+		- Image on (www.)? from cdn.onapp.com *
+
+	* Secured by us
+
+-->
+<ruleset name="OnApp.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="onapp.com" />
+	<target host="cdn.onapp.com" />
+	<target host="docs.onapp.com" />
+	<target host="www.onapp.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?onapp\.com$" name="^exp_(?:last_activity|last_visit|tracker)$" /-->
+	<!--securecookie host="^docs\.onapp\.com$" name="^JSESSIONID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OnBeing.org.xml b/src/chrome/content/rules/OnBeing.org.xml
index a79ced09e352..302fb34e44c9 100644
--- a/src/chrome/content/rules/OnBeing.org.xml
+++ b/src/chrome/content/rules/OnBeing.org.xml
@@ -1,17 +1,20 @@
 <!--
-	Problematic subdomains:
+	Invalid certificate:
+		blog.onbeing.org
+		kristasblog.onbeing.org
+		legacy.onbeing.org
+		ssl.onbeing.org
 
-		- ^	(mismatched, CN: *.publicinsightnetwork.org)
-		- www	(akamai)
+	Refused:
+		test.onbeing.org
 
 -->
 <ruleset name="OnBeing.org">
 
 	<target host="onbeing.org" />
-	<target host="*.onbeing.org" />
+	<target host="www.onbeing.org" />
 
+	<rule from="^http:"
+		to="https:" />
 
-	<rule from="^http://(?:ssl\.|www\.)?onbeing\.org/"
-		to="https://ssl.onbeing.org/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/OnGuard_Online.xml b/src/chrome/content/rules/OnGuard_Online.xml
deleted file mode 100644
index 5388004657a4..000000000000
--- a/src/chrome/content/rules/OnGuard_Online.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	For other U.S. government coverage, see US-government.xml.
-
-
-	^: mismatched
-
--->
-<ruleset name="OnGuard Online">
-
-	<target host="alertaenlinea.gov" />
-	<target host="www.alertaenlinea.gov" />
-	<target host="onguardonline.gov" />
-	<target host="www.onguardonline.gov" />
-
-
-	<rule from="^https?://(?:www\.)?(alertaenlinea|onguardonline)\.gov/"
-		to="https://www.$1.gov/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/OnJive.com.xml b/src/chrome/content/rules/OnJive.com.xml
index 75dc4423064e..30c9a0ef47ad 100644
--- a/src/chrome/content/rules/OnJive.com.xml
+++ b/src/chrome/content/rules/OnJive.com.xml
@@ -11,7 +11,7 @@
 	<securecookie host="^www\.onjive\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?onjive\.com/"
-		to="https://$1onjive.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/OnLive.com.xml b/src/chrome/content/rules/OnLive.com.xml
new file mode 100644
index 000000000000..ee79c03f2075
--- /dev/null
+++ b/src/chrome/content/rules/OnLive.com.xml
@@ -0,0 +1,32 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://blog.onlive.com/ => https://blog.onlive.com/: (51, "SSL: no alternative certificate subject name matches target host name 'blog.onlive.com'")
+
+	CDN buckets:
+
+		- dy96a7026js9l.cloudfront.net
+		- onlive.com.s206375.gridserver.com
+
+
+	Problematic hosts in *onlive.com:
+
+		- (www.)? *
+		- games *
+		- support *
+
+	* Mismatched
+
+-->
+<ruleset name="OnLive.com (partial)" default_off="failed ruleset test">
+
+	<target host="blog.onlive.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OnScroll.com.xml b/src/chrome/content/rules/OnScroll.com.xml
new file mode 100644
index 000000000000..2b77db6c9d6d
--- /dev/null
+++ b/src/chrome/content/rules/OnScroll.com.xml
@@ -0,0 +1,31 @@
+<!--
+	CDN buckets:
+
+		- do4jjo8w6mmm0.cloudfront.net	← cdn
+
+
+	Nonfunctional subdomains:
+
+		- (www.) *
+		- console *
+
+	* Refused
+
+
+	These altnames do not exist:
+
+		- www.cdn.onscroll.com
+
+-->
+<ruleset name="OnScroll.com (partial)">
+
+	<target host="cdn.onscroll.com" />
+	<target host="impl.onscroll.com" />
+	<target host="tag.onscroll.com" />
+	<target host="tags.onscroll.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OnSecure.xml b/src/chrome/content/rules/OnSecure.xml
new file mode 100644
index 000000000000..ad207bd92c71
--- /dev/null
+++ b/src/chrome/content/rules/OnSecure.xml
@@ -0,0 +1,7 @@
+<ruleset name="OnSecure">
+	<target host="onsecure.gov.au" />
+	<target host="www.onsecure.gov.au" />
+
+	<rule from="^http://(?:www\.)?onsecure\.gov\.au/"
+		to="https://www.onsecure.gov.au/" />
+</ruleset>
diff --git a/src/chrome/content/rules/OnSugar.xml b/src/chrome/content/rules/OnSugar.xml
index 13bdaa12f6a1..305e136916ff 100644
--- a/src/chrome/content/rules/OnSugar.xml
+++ b/src/chrome/content/rules/OnSugar.xml
@@ -11,12 +11,10 @@
 		<!--
 			301s back to www.
 						-->
-		<exclusion pattern="^http://www\.onsugar\.com/($|\?)" />
-	<target host="secure.*.onsugar.com" />
-	<target host="www.*.onsugar.com" />
+		<exclusion pattern="^http://www\.onsugar\.com/(?:$|\?)" />
 
 
-	<securecookie host="^.*\.onsugar\.com$" name=".*" />
+	<securecookie host="^.*\.onsugar\.com$" name=".+" />
 
 
 	<!--	Cert isn't valid for (www.).
@@ -27,10 +25,10 @@
 	<!--	- lim → 35 media\d+: Akamai
 		- media2: Akamai; 504
 					-->
-	<rule from="^https?://media(\d|[12]\d|3[1-5])?\.onsugar\.com/"
+	<rule from="^http://media(?:\d|[12]\d|3[1-5])?\.onsugar\.com/"
 		to="https://sugarinc-a.akamaihd.net/" />
 
-	<rule from="^https?://(?:secure\.|www\.)?(dev[123567]|local)\.onsugar\.com/"
+	<rule from="^http://(?:secure\.|www\.)?(dev[123567]|local)\.onsugar\.com/"
 		to="https://secure.$1.onsugar.com/" />
 
 	<rule from="^http://(www\.)?secure\.onsugar\.com/"
@@ -39,7 +37,7 @@
 	<!--	- Cert doesn't match
 		- 301s liks so, sans-https.
 						-->
-	<rule from="^https?://(?:www\.)?shopsense\.onsugar\.com/"
+	<rule from="^http://(?:www\.)?shopsense\.onsugar\.com/"
 		to="https://shopsense.shopstyle.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/OnSwitch_IT.ca.xml b/src/chrome/content/rules/OnSwitch_IT.ca.xml
new file mode 100644
index 000000000000..3402eecefb56
--- /dev/null
+++ b/src/chrome/content/rules/OnSwitch_IT.ca.xml
@@ -0,0 +1,20 @@
+<!--
+	Mixed content:
+
+		- Images from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="OnSwitch IT.ca">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="onswitchit.ca" />
+	<target host="www.onswitchit.ca" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OnTheGoMap.com.xml b/src/chrome/content/rules/OnTheGoMap.com.xml
new file mode 100644
index 000000000000..616aa3c2bf2b
--- /dev/null
+++ b/src/chrome/content/rules/OnTheGoMap.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="On The Go Map">
+
+	<target host="onthegomap.com" />
+	<target host="www.onthegomap.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/On_Landscape.co.uk.xml b/src/chrome/content/rules/On_Landscape.co.uk.xml
new file mode 100644
index 000000000000..18a33ffcf931
--- /dev/null
+++ b/src/chrome/content/rules/On_Landscape.co.uk.xml
@@ -0,0 +1,21 @@
+<ruleset name="On Landscape.co.uk">
+
+	<target host="onlandscape.co.uk" />
+	<target host="www.onlandscape.co.uk" />
+
+
+	<!--	Incapsula cookies:
+					-->
+	<!--securecookie host="^\.onlandscape\.co\.uk$" name="^(incap_ses_\d+_\d+|visid_incap_\d+)$" /-->
+	<!--securecookie host="^www\.onlandscape\.co\.uk$" name="^___utm\w+$" /-->
+	<!--
+		Not secured by server:
+					-->
+	<!--securecookie host="^www\.onlandscape\.co\.uk$" name="^(PHPSESSID|wordpress_test_cookie)$" /-->
+
+	<securecookie host="^(?:\.|www\.)?onlandscape\.co\.uk$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/On_the_Media.org.xml b/src/chrome/content/rules/On_the_Media.org.xml
index e5ec281cdaa3..8629a0e7a3e1 100644
--- a/src/chrome/content/rules/On_the_Media.org.xml
+++ b/src/chrome/content/rules/On_the_Media.org.xml
@@ -1,6 +1,16 @@
 <!--
 	CN: *.wnyc.org
 
+
+	Insecure cookies are set for these domains:
+
+		- .onthemedia.org
+
+
+	Mixed content:
+
+		- Image from www.wnyc.com
+
 -->
 <ruleset name="On the Media.org" default_off="mismatched">
 
@@ -8,7 +18,14 @@
 	<target host="www.onthemedia.org" />
 
 
-	<rule from="^http://(?:www\.)?onthemedia\.org/"
-		to="https://www.onthemedia.org/" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.onthemedia\.org$" name="^__qca$" /-->
+
+	<securecookie host="^\.onthemedia\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/On_the_Wire.io.xml b/src/chrome/content/rules/On_the_Wire.io.xml
new file mode 100644
index 000000000000..249149405f56
--- /dev/null
+++ b/src/chrome/content/rules/On_the_Wire.io.xml
@@ -0,0 +1,13 @@
+<ruleset name="On the Wire.io">
+
+	<target host="onthewire.io" />
+	<target host="www.onthewire.io" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Onamae-server.com.xml b/src/chrome/content/rules/Onamae-server.com.xml
new file mode 100644
index 000000000000..a3507351c27d
--- /dev/null
+++ b/src/chrome/content/rules/Onamae-server.com.xml
@@ -0,0 +1,37 @@
+<!--
+	For other GMO coverage, see GMO_Internet.xml.
+
+
+	Nonfunctional subdomains:
+
+		- guide *
+
+	* Refused
+
+
+	Mixed content:
+
+		- Images from cache.img.gmo.jp *
+
+	* Secured by us
+
+-->
+<ruleset name="Onamae-server.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="onamae-server.com" />
+	<target host="www.onamae-server.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.(www\.)?onamae-server\.com$" name="^keniAB$" /-->
+
+	<securecookie host="^\.(?:www\.)?onamae-server\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Onamae.com.xml b/src/chrome/content/rules/Onamae.com.xml
new file mode 100644
index 000000000000..3664b47cfc55
--- /dev/null
+++ b/src/chrome/content/rules/Onamae.com.xml
@@ -0,0 +1,18 @@
+<!--
+	For other GMO coverage, see GMO_Internet.xml.
+
+	Non-functional hosts:
+		Timeout:
+		- jp.onamae.com
+-->
+<ruleset name="Onamae.com (partial)">
+
+	<target host="onamae.com" />
+	<target host="www.onamae.com" />
+	<target host="help.onamae.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Onarbor.com.xml b/src/chrome/content/rules/Onarbor.com.xml
new file mode 100644
index 000000000000..6870a82887dd
--- /dev/null
+++ b/src/chrome/content/rules/Onarbor.com.xml
@@ -0,0 +1,23 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://onarbor.com/ => https://onarbor.com/: (7, 'Failed to connect to onarbor.com port 443: Connection refused')
+Fetch error: http://www.onarbor.com/ => https://www.onarbor.com/: (7, 'Failed to connect to www.onarbor.com port 443: Connection refused')
+
+-->
+<ruleset name="Onarbor.com" default_off="failed ruleset test">
+
+	<target host="onarbor.com" />
+	<target host="www.onarbor.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?onarbor\.com$" name="^(imgDimensionLg|imgDimensionSm|o)$" /-->
+
+	<securecookie host="^(?:www\.)?onarbor\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Onclickads.net.xml b/src/chrome/content/rules/Onclickads.net.xml
new file mode 100644
index 000000000000..f533a3ed9d0c
--- /dev/null
+++ b/src/chrome/content/rules/Onclickads.net.xml
@@ -0,0 +1,30 @@
+<!--
+	For other Propeller Ads Media coverage, see PropellerAds.xml.
+
+
+	www.onclickads.net: Refused
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- onclickads.net
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="onclickads.net (partial)">
+
+	<target host="onclickads.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^onclickads\.net$" name="^OAGEO[\da-f]+$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ondarossa.info.xml b/src/chrome/content/rules/Ondarossa.info.xml
new file mode 100644
index 000000000000..7a8126aa5436
--- /dev/null
+++ b/src/chrome/content/rules/Ondarossa.info.xml
@@ -0,0 +1,33 @@
+<!--
+	Invalid certificate:
+		ondarossa.info
+		dev.ondarossa.info
+  		mail.ondarossa.info
+		player.ondarossa.info
+		techrec.ondarossa.info
+		web.ondarossa.info
+
+	Login required:
+		autogestione.ondarossa.info
+		edicola.ondarossa.info
+		megaror.ondarossa.info
+		rec.ondarossa.info
+		webmail.ondarossa.info
+		webmail2.ondarossa.info
+
+-->
+<ruleset name="OndaRossa.info">
+
+	<target host="ondarossa.info" />
+	<target host="www.ondarossa.info" />
+	<target host="40anni.ondarossa.info" />
+	<target host="old.ondarossa.info" />
+	<target host="scarceranda.ondarossa.info" />
+
+	<rule from="^http://ondarossa\.info/"
+		to="https://www.ondarossa.info/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/One-Good-Driver.xml b/src/chrome/content/rules/One-Good-Driver.xml
deleted file mode 100644
index 93ae6c7f9736..000000000000
--- a/src/chrome/content/rules/One-Good-Driver.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<ruleset name="One Good Driver">
-
-	<target host="onegooddriver.com" />
-	<target host="www.onegooddriver.com" />
-
-
-	<securecookie host="^www\.onegooddriver\.com$" name=".*" />
-
-
-	<!--	Cert only matches www.	-->
-	<rule from="^https?://(?:www\.)?onegooddriver\.com/"
-		to="https://www.onegooddriver.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/One.com.xml b/src/chrome/content/rules/One.com.xml
index 04a877377ffe..66b2ee6ff6be 100644
--- a/src/chrome/content/rules/One.com.xml
+++ b/src/chrome/content/rules/One.com.xml
@@ -2,7 +2,6 @@
   <target host="one.com" />
   <target host="www.one.com" />
 
-  <rule from="^http://(?:www\.)?one\.com/"
-	  to="https://www.one.com/"/>
+  <rule from="^http:" to="https:" />
 </ruleset>
 
diff --git a/src/chrome/content/rules/One2Buy.xml b/src/chrome/content/rules/One2Buy.xml
index 7d0278a70123..0b2fe760929c 100644
--- a/src/chrome/content/rules/One2Buy.xml
+++ b/src/chrome/content/rules/One2Buy.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(www\.)?one2buy\.com/(media|skin)/"
 		to="https://$1one2buy.com/$2/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/OneBookShelf.xml b/src/chrome/content/rules/OneBookShelf.xml
new file mode 100644
index 000000000000..56698596b203
--- /dev/null
+++ b/src/chrome/content/rules/OneBookShelf.xml
@@ -0,0 +1,46 @@
+<!--
+	Sites associated with OneBookShelf, Inc.
+	See the list here: http://www.onebookshelf.com/
+
+	Bad certificate:
+		- dndclassics.com
+		- www.dndclassics.com
+		- onebookshelf.com
+		- www.onebookshelf.com
+		- support.^ (except support.ulisses-ebooks.de)
+
+	Refused:
+		- support.ulisses-ebooks.de
+		- watermark.^ (unable to connect/connection refused)
+
+-->
+<ruleset name="OneBookShelf">
+	<target host="dmsguild.com" />
+	<target host="www.dmsguild.com" />
+
+	<target host="drivethrucards.com" />
+	<target host="www.drivethrucards.com" />
+
+	<target host="drivethrucomics.com" />
+	<target host="www.drivethrucomics.com" />
+
+	<target host="drivethrufiction.com" />
+	<target host="www.drivethrufiction.com" />
+
+	<target host="drivethrurpg.com" />
+	<target host="www.drivethrurpg.com" />
+
+	<target host="pegasusdigital.de" />
+	<target host="www.pegasusdigital.de" />
+
+	<target host="rpgnow.com" />
+	<target host="www.rpgnow.com" />
+
+	<target host="ulisses-ebooks.de" />
+	<target host="www.ulisses-ebooks.de" />
+
+	<target host="wargamevault.com" />
+	<target host="www.wargamevault.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/OneCloudSecurity.com.xml b/src/chrome/content/rules/OneCloudSecurity.com.xml
index cd5ba4adaa36..60b73579a31b 100644
--- a/src/chrome/content/rules/OneCloudSecurity.com.xml
+++ b/src/chrome/content/rules/OneCloudSecurity.com.xml
@@ -1,13 +1,25 @@
-<ruleset name="OneCloudSecurity.com">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://onecloudsecurity.com/ => https://onecloudsecurity.com/: Too many redirects while fetching 'https://onecloudsecurity.com/'
+Fetch error: http://www.onecloudsecurity.com/ => https://www.onecloudsecurity.com/: Too many redirects while fetching 'https://www.onecloudsecurity.com/'
+
+-->
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://onecloudsecurity.com/ => https://onecloudsecurity.com/: Too many redirects while fetching 'https://onecloudsecurity.com/'
+
+-->
+<ruleset name="OneCloudSecurity.com" default_off="failed ruleset test">
 
 	<target host="onecloudsecurity.com" />
-	<target host="*.onecloudsecurity.com" />
+	<target host="www.onecloudsecurity.com" />
 
 
 	<securecookie host="^(?:w*\.)?onecloudsecurity\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?onecloudsecurity\.com/"
-		to="https://$1onecloudsecurity.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/OneDrive.com.xml b/src/chrome/content/rules/OneDrive.com.xml
new file mode 100644
index 000000000000..05ddf748c131
--- /dev/null
+++ b/src/chrome/content/rules/OneDrive.com.xml
@@ -0,0 +1,54 @@
+<!--
+	For other Microsoft coverage, see Microsoft.xml.
+
+
+	Fully ccovered hosts in *onedrive.com:
+
+		- (www.)?
+		- blog
+		- dev
+		- developer
+		- developers
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- blog.onedrive.com
+		- .blog.onedrive.com
+		- .dev.onedrive.com
+
+
+	Mixed content:
+
+		- Bugs, on:
+
+			- blog from c.microsoft.com *
+			- blog from m.webtrends.com *
+
+	* Secured by us
+
+-->
+<ruleset name="OneDrive.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="onedrive.com" />
+	<target host="dev.onedrive.com" />
+	<target host="developer.onedrive.com" />
+	<target host="developers.onedrive.com" />
+	<target host="blog.onedrive.com" />
+	<target host="www.onedrive.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^blog\.onedrive\.com$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^\.(blog|dev)\.onedrive\.com$" name="^ARRAffinity$" /-->
+
+	<securecookie host="^(?:\.?blog|\.dev)\.onedrive\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OneExchange.xml b/src/chrome/content/rules/OneExchange.xml
new file mode 100644
index 000000000000..1484378a0979
--- /dev/null
+++ b/src/chrome/content/rules/OneExchange.xml
@@ -0,0 +1,9 @@
+<ruleset name="OneExchange">
+	<target host="oneexchange.com" />
+	<target host="*.oneexchange.com" />
+
+	<securecookie host="(^|([\w-]*)\.)oneexchange\.com$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/OneGreenPlanet.org.xml b/src/chrome/content/rules/OneGreenPlanet.org.xml
new file mode 100644
index 000000000000..685f5ee13463
--- /dev/null
+++ b/src/chrome/content/rules/OneGreenPlanet.org.xml
@@ -0,0 +1,26 @@
+<!--
+	No working URL known:
+		dev.aws.onegreenplanet.org
+
+	Invalid certificate:
+		ogp-cdn.aws.onegreenplanet.org
+		cdn.onegreenplanet.org
+		cdn1.onegreenplanet.org
+		cdn2.onegreenplanet.org
+
+	502:
+		fm-v1.onegreenplanet.org
+
+-->
+<ruleset name="One Green Planet.org" platform="mixedcontent">
+
+	<target host="onegreenplanet.org" />
+	<target host="www.onegreenplanet.org" />
+	<target host="prod.aws.onegreenplanet.org" />
+
+	<securecookie host="^\.onegreenplanet\.org$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OneHockey.com.xml b/src/chrome/content/rules/OneHockey.com.xml
new file mode 100644
index 000000000000..aef1dcd3988d
--- /dev/null
+++ b/src/chrome/content/rules/OneHockey.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="OneHockey.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="onehockey.com" />
+	<target host="www.onehockey.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OneHub.xml b/src/chrome/content/rules/OneHub.xml
index 4f9e7268698a..ba8664032765 100644
--- a/src/chrome/content/rules/OneHub.xml
+++ b/src/chrome/content/rules/OneHub.xml
@@ -2,5 +2,5 @@
   <target host="onehub.com" />
   <target host="www.onehub.com" />
 
-  <rule from="^http://(?:www\.)?onehub\.com/" to="https://onehub.com/"/>
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/OneLogin.com.xml b/src/chrome/content/rules/OneLogin.com.xml
index 19a736150fe6..d86bfc9cb7cd 100644
--- a/src/chrome/content/rules/OneLogin.com.xml
+++ b/src/chrome/content/rules/OneLogin.com.xml
@@ -6,69 +6,55 @@
 
 	Problematic subdomains:
 
-		- ^		(dropped)
+		- staging.www *
 		- support	(zendesk)
 
+	* Mismatched
+
 
 	Fully covered subdomains:
 
-		- (www.)	(^ → www)
+		- (www.)
 		- app
-		- assets[0-3]
+		- assets
+		- mindtouch
 		- support	(→ onelogin.zendesk.com)
-		- staging.www
-
-
-	Mixed content:
-
-		- Scripts:
-
-			- On app from ajax.googleapis.com *
-			- On www from www *
-			- On www from fast.wistia.com *
-			- On www from ajax.googleapis.com *
-
-		- css:
-
-			- On www from www **
-			- On www from fast.wistia.net *
 
-		- Images:
 
-			- On app from www ***
-			- On www from www ***
+	Insecure cookies are set for these hosts:
 
-		- Web bugs:
-
-			- On app from munchkin.marketo.net *
-			- On www from t6.trackalyzer.com *
-
-	* Secured by us
-	** Secured by us. These apply to social widgets, and are not at all vital
-	*** Secured by us, doesn't trip MCB anyway
-
-
-	NB: We secure all resources, and thus
-	platform should be removed with Ffx 24.
+		- www.onelogin.com
 
 -->
-<ruleset name="OneLogin.com" platform="mixedcontent">
+<ruleset name="OneLogin.com (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="onelogin.com" />
-	<target host="*.onelogin.com" />
+	<target host="app.onelogin.com" />
+	<target host="assets.onelogin.com" />
+	<target host="mindtouch.onelogin.com" />
+	<target host="www.onelogin.com" />
+
+	<!--	Complications:
+				-->
+	<target host="support.onelogin.com" />
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.onelogin\.com$" name="^(AWSELB|PHPSESSID|onelogin_check_cookie|stat_auth_cookie)$" /-->
 
-	<!--securecookie host="^\.onelogin\.com$" name="^(__atuvc|_ga|mp_\w{32}_mixpanel|_mkto_trk|onelogin_referrer|session_onelogin\.com|__utm\w)$" /-->
+	<!--securecookie host="^\.onelogin\.com$" name="^(__atuvc|_ga|mp_\w{32}_mixpanel|_mkto_trk|onelogin_referrer|__utm\w)$" /-->
 	<securecookie host="^(?:www)?\.onelogin\.com$" name=".+" />
 
 
-	<rule from="^http://(?:(staging\.)?www\.)?onelogin\.com/"
-		to="https://$1www.onelogin.com/" />
+	<rule from="^http://support\.onelogin\.com/.*"
+		to="https://onelogin.zendesk.com/hc" />
 
-	<rule from="^http://a(pp|ssets)\.onelogin\.com/"
-		to="https://a$1.onelogin.com/" />
+		<test url="http://support.onelogin.com//" />
 
-	<rule from="^http://support\.onelogin\.com/"
-		to="https://onelogin.zendesk.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/OneMathematicalCat.org.xml b/src/chrome/content/rules/OneMathematicalCat.org.xml
new file mode 100644
index 000000000000..5cfd0e2c6d10
--- /dev/null
+++ b/src/chrome/content/rules/OneMathematicalCat.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="OneMathematicalCat.org">
+	<target host="onemathematicalcat.org" />
+	<target host="www.onemathematicalcat.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/OneName.com.xml b/src/chrome/content/rules/OneName.com.xml
new file mode 100644
index 000000000000..191ef7833e76
--- /dev/null
+++ b/src/chrome/content/rules/OneName.com.xml
@@ -0,0 +1,31 @@
+<!--
+	Other OneName rulesets:
+
+		- OneName.io.xml
+
+
+	Insecure cookies are set for these hosts:
+
+		- onename.com
+		- www.onename.com
+
+-->
+<ruleset name="OneName.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="onename.com" />
+	<target host="www.onename.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?onename\.com$" name="^session$" /-->
+
+	<securecookie host="^(?:www\.)?onename\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OneName.io.xml b/src/chrome/content/rules/OneName.io.xml
new file mode 100644
index 000000000000..dd250c3477a8
--- /dev/null
+++ b/src/chrome/content/rules/OneName.io.xml
@@ -0,0 +1,28 @@
+<!--
+	For other OneName coverage, see OneName.com.xml.
+
+
+	Insecure cookies are set for these domains:
+
+		- .onename.io
+
+-->
+<ruleset name="OneName.io">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="onename.io" />
+	<target host="www.onename.io" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.onename\.io$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.onename\.io$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OneNetworkDirect.xml b/src/chrome/content/rules/OneNetworkDirect.xml
index 4cba8208a640..c5c812456205 100644
--- a/src/chrome/content/rules/OneNetworkDirect.xml
+++ b/src/chrome/content/rules/OneNetworkDirect.xml
@@ -5,13 +5,13 @@
 <ruleset name="oneNetworkDirect">
 
 	<target host="onenetworkdirect.com" />
-	<target host="*.onenetworkdirect.com" />
+	<target host="aff.onenetworkdirect.com" />
+	<target host="www.onenetworkdirect.com" />
 
 
 	<securecookie host="^(?:aff)?\.onenetworkdirect\.com$" name=".+" />
 
 
-	<rule from="^http://(aff\.|www\.)?onenetworkdirect\.com/"
-		to="https://$1onenetworkdirect.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/OneNote.com.xml b/src/chrome/content/rules/OneNote.com.xml
new file mode 100644
index 000000000000..2ad4d2883f52
--- /dev/null
+++ b/src/chrome/content/rules/OneNote.com.xml
@@ -0,0 +1,11 @@
+<!--
+	For other Microsoft coverage, see Microsoft.xml.
+-->
+
+<ruleset name="OneNote.com">
+	<target host="onenote.com" />
+	<target host="www.onenote.com" />
+	<target host="dev.onenote.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/OneNote.net.xml b/src/chrome/content/rules/OneNote.net.xml
new file mode 100644
index 000000000000..0f8ac39644f1
--- /dev/null
+++ b/src/chrome/content/rules/OneNote.net.xml
@@ -0,0 +1,9 @@
+<!--
+	For other Microsoft coverage, see Microsoft.xml.
+-->
+<ruleset name="OneNote.net">
+	<target host="cdn.onenote.net" />
+	<target host="site-cdn.onenote.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/OnePlus.net.xml b/src/chrome/content/rules/OnePlus.net.xml
new file mode 100644
index 000000000000..9eef18d8684b
--- /dev/null
+++ b/src/chrome/content/rules/OnePlus.net.xml
@@ -0,0 +1,36 @@
+<!--
+	CDN buckets:
+
+		- s3.amazonaws.com/oneplussupport/
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .oneplus.net
+		- account.oneplus.net
+
+-->
+<ruleset name="OnePlus.net">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="oneplus.net" />
+	<target host="account.oneplus.net" />
+	<target host="blog.oneplus.net" />
+	<target host="content.oneplus.net" />
+	<target host="forums.oneplus.net" />
+	<target host="www.oneplus.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.oneplus\.net$" name="^(?:__cfduid|AWSELB|cf_clearance|lbid|redirectedCountry|refererstore)$" /-->
+	<!--securecookie host="^account\.oneplus\.net$" name="^AWSELB$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OneScreen.xml b/src/chrome/content/rules/OneScreen.xml
index 46fd2f876344..1d38c2769f33 100644
--- a/src/chrome/content/rules/OneScreen.xml
+++ b/src/chrome/content/rules/OneScreen.xml
@@ -18,11 +18,12 @@
 		- new.onescreen.com	(cert: *.onescreen.net; pages 301 to http)
 
 -->
-<ruleset name="OneScreen (partial)" default_off="mismatch">
+<ruleset name="OneScreen (partial)" default_off="mismatched">
 
 	<target host="images.1sfx.net" />
 	<target host="onescreen.com" />
-	<target host="*.onescreen.com" />
+	<target host="cdn.onescreen.com" />
+	<target host="www.onescreen.com" />
 
 
 	<!--	- !www times out
@@ -31,7 +32,7 @@
 		- www cert: *.onescreen.net
 		- Pages 301 to http
 					-->
-	<rule from="^https?://(?:cdn\.|www\.)?onescreen.com/wp-content/"
+	<rule from="^http://(?:cdn\.|www\.)?onescreen\.com/wp-content/"
 		to="https://www.onescreen.com/wp-content/" />
 
 	<!--	Cert: gp1.wac.edgecastcdn.net
@@ -39,4 +40,4 @@
 	<rule from="^http://images\.1sfx\.net/"
 		to="https://images.1sfx.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/OneSignal.com.xml b/src/chrome/content/rules/OneSignal.com.xml
new file mode 100644
index 000000000000..149fac5ccbcb
--- /dev/null
+++ b/src/chrome/content/rules/OneSignal.com.xml
@@ -0,0 +1,31 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- onesignal.com
+		- documentation.onesignal.com
+		- www.onesignal.com
+
+-->
+<ruleset name="OneSignal.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="onesignal.com" />
+	<target host="www.onesignal.com" />
+	<target host="cdn.onesignal.com" />
+	<target host="documentation.onesignal.com" />
+	<target host="jobs.onesignal.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?onesignal\.com$" name="^_OneSignal_session$" /-->
+	<!--securecookie host="^documentation\.onesignal\.com$" name="^(?:XSRF-TOKEN|connect\.sid)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OneStat.xml b/src/chrome/content/rules/OneStat.xml
index db5e098a2507..8fb23cb5d317 100644
--- a/src/chrome/content/rules/OneStat.xml
+++ b/src/chrome/content/rules/OneStat.xml
@@ -3,18 +3,36 @@
 
 		- (www.)	(times out)
 
+
+	Fully covered hosts in *onestat.com:
+
+		- (www.)?stat *
+
+	* Included on 3rd-party websites
+
+
+	Insecure cookies are set for these hosts:
+
+		- stat.onestat.com
+		- www.stat.onestat.com
+
 -->
-<ruleset name="OneStat (partial)">
+<ruleset name="OneStat.com (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="stat.onestat.com" />
+	<target host="www.stat.onestat.com" />
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?stat\.onestat\.com$" name="^(\d+|ONESTAT)$" /-->
 
-	<securecookie host="^stat\.onestat\.com$" name=".*" />
+	<securecookie host="^(?:www\.)?stat\.onestat\.com$" name=".+" />
 
 
-	<!--	Included on 3rd-party websites.
-						-->
-	<rule from="^http://stat\.onestat\.com/"
-		to="https://stat.onestat.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/OneTaste.us.xml b/src/chrome/content/rules/OneTaste.us.xml
new file mode 100644
index 000000000000..3b21189835a2
--- /dev/null
+++ b/src/chrome/content/rules/OneTaste.us.xml
@@ -0,0 +1,29 @@
+<!--
+	www: wpengine
+
+
+	Mixed content:
+
+		- Image from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="OneTaste.us (partial)">
+
+	<target host="onetaste.us" />
+	<target host="www.onetaste.us" />
+		<!--
+			Redirects to http:
+						-->
+		<!--exclusion pattern="^http://onetaste\.us/($|events/$|events/[\w-]+/$|how-to-om-class/$|shop/$|support/$|turn-on-events/$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://onetaste\.us/+(?!favicon\.ico|om-essentials(?:$|[?/])|wp-content/|wp-includes/)" />
+
+
+	<rule from="^http://(?:www\.)?onetaste\.us/"
+		to="https://onetaste.us/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/One_Eyed_Man.net.xml b/src/chrome/content/rules/One_Eyed_Man.net.xml
new file mode 100644
index 000000000000..31ac6e417ed1
--- /dev/null
+++ b/src/chrome/content/rules/One_Eyed_Man.net.xml
@@ -0,0 +1,19 @@
+<!--
+	STS header includes includeSubDomains
+
+-->
+<ruleset name="One Eyed Man.net">
+
+	<target host="oneeyedman.net" />
+	<target host="*.oneeyedman.net" />
+
+		<test url="http://www.oneeyedman.net/" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/One_Green_Planet.org.xml b/src/chrome/content/rules/One_Green_Planet.org.xml
deleted file mode 100644
index ac6b44a9d5a1..000000000000
--- a/src/chrome/content/rules/One_Green_Planet.org.xml
+++ /dev/null
@@ -1,32 +0,0 @@
-<!--
-	CDN buckets:
-
-		- ogp.onegreenplanetll.netdna-cdn.com
-
-			- -ssl doesn't exist
-			- cdn
-
-
-	Problematic subdomains:
-
-		- cdn	(403; mismatched, CN: *.netdna-ssl.com)
-
--->
-<ruleset name="One Green Planet.org">
-
-	<target host="onegreenplanet.org" />
-	<target host="*.onegreenplanet.org" />
-
-
-	<securecookie host="^\.onegreenplanet\.org$" name=".+" />
-
-
-	<rule from="^http://(www\.)?onegreenplanet\.org/"
-		to="https://$1onegreenplanet.org/" />
-
-	<!--	Protocol-relative links on www:
-						-->
-	<rule from="^https?://cdn\.onegreenplanet\.org/"
-		to="https://www.onegreenplanet.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/One_Health_Talk.org.xml b/src/chrome/content/rules/One_Health_Talk.org.xml
index 111b85b1c40d..a5dbbc07ab35 100644
--- a/src/chrome/content/rules/One_Health_Talk.org.xml
+++ b/src/chrome/content/rules/One_Health_Talk.org.xml
@@ -2,14 +2,16 @@
 	Some pages redirect to http.
 
 -->
-<ruleset name="One Health Talk.org (partial)">
+<ruleset name="One Health Talk.org (partial)" default_off="404">
 
 	<target host="onehealthtalk.org" />
 	<target host="www.onehealthtalk.org" />
+
 		<!--exclusion pattern="^http://(www\.)?onehealthtalk\.org/+($|\?|index\.cfm)" /-->
+		<exclusion pattern="^http://(?:www\.)?onehealthtalk\.org/(?!1/(?:assets|cache|css|includes|js)/|favicon\.ico|images/|_Incapsula_Resource(?:$|\?)|member(?:$|[?/]))" />
 
 
-	<rule from="^http://(www\.)?onehealthtalk\.org/(1/(?:assets|cache|css|includes|js)/|favicon\.ico|images/|_Incapsula_Resource(?:$|\?)|member(?:$|[?/]))"
-		to="https://$1onehealthtalk.org/$2" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/One_Man_Can.xml b/src/chrome/content/rules/One_Man_Can.xml
index bc18113cbb60..dc913413790f 100644
--- a/src/chrome/content/rules/One_Man_Can.xml
+++ b/src/chrome/content/rules/One_Man_Can.xml
@@ -1,13 +1,19 @@
-<ruleset name="One Man Can">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://onemancan.org/ => https://onemancan.org/: (51, "SSL: no alternative certificate subject name matches target host name 'onemancan.org'")
+Fetch error: http://www.onemancan.org/ => https://www.onemancan.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.onemancan.org'")
+
+-->
+<ruleset name="One Man Can" default_off="failed ruleset test">
 
 	<target host="onemancan.org" />
-	<target host="*.onemancan.org" />
+	<target host="www.onemancan.org" />
 
 
 	<securecookie host="^(?:\.?www\.)?\.onemancan\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?onemancan\.org/"
-		to="https://$1onemancan.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/One_Month.com.xml b/src/chrome/content/rules/One_Month.com.xml
new file mode 100644
index 000000000000..dc6ed777ef2d
--- /dev/null
+++ b/src/chrome/content/rules/One_Month.com.xml
@@ -0,0 +1,66 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://refer.onemonth.com/ => https://refer.onemonth.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	Other One Month rulesets:
+
+		- GoRails.com.xml
+
+
+	Nonfunctional hosts in *onemonth.com:
+
+		- support *
+
+	* Zendesk
+
+
+	Problematic hosts in *onemonth.com:
+
+		- get ¹
+		- jobs ²
+		- learn ¹
+
+	¹ Hubspot
+	² Jazz
+
+
+	These altnames don't exist:
+
+		- www.refer.onemonth.com
+
+
+	Insecure cookies are set for these hosts:
+
+		- get.onemonth.com
+		- learn.onemonth.com
+
+
+	Mixed content:
+
+		- Fonts on get, learn from cdn2.hubspot.net *
+
+	* Secured by us
+
+-->
+<ruleset name="One Month.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="onemonth.com" />
+	<!--target host="get.onemonth.com" /-->
+	<!--target host="learn.onemonth.com" /-->
+	<target host="refer.onemonth.com" />
+	<target host="www.onemonth.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^get\.onemonth\.com$" name="^_ab_test_\d+" /-->
+	<!--securecookie host="^learn\.onemonth\.com$" name="^PagesViewedThisSession$" /-->
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/One_Time_Secret.com.xml b/src/chrome/content/rules/One_Time_Secret.com.xml
new file mode 100644
index 000000000000..c52e3e3f3132
--- /dev/null
+++ b/src/chrome/content/rules/One_Time_Secret.com.xml
@@ -0,0 +1,18 @@
+<!--
+	Nonfunctional subdomains:
+
+		- blog *
+
+	* GitHub
+
+-->
+<ruleset name="One Time Secret.com (partial)">
+
+	<target host="onetimesecret.com" />
+	<target host="www.onetimesecret.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/One_in_3_Campaign.xml b/src/chrome/content/rules/One_in_3_Campaign.xml
index 940733e85f88..e7a204ab164a 100644
--- a/src/chrome/content/rules/One_in_3_Campaign.xml
+++ b/src/chrome/content/rules/One_in_3_Campaign.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(?:www\.)?1in3campaign\.org/"
 		to="https://onein3.wpengine.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Onebillion.org.uk.xml b/src/chrome/content/rules/Onebillion.org.uk.xml
new file mode 100644
index 000000000000..836de864ea78
--- /dev/null
+++ b/src/chrome/content/rules/Onebillion.org.uk.xml
@@ -0,0 +1,13 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.onebillion.org.uk/ => https://www.onebillion.org.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'www.onebillion.org.uk'")
+
+-->
+<ruleset name="onebillion.org.uk" default_off="failed ruleset test">
+	<target host="onebillion.org.uk" />
+	<target host="www.onebillion.org.uk" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Onebitbug.me.xml b/src/chrome/content/rules/Onebitbug.me.xml
new file mode 100644
index 000000000000..152d083ceabc
--- /dev/null
+++ b/src/chrome/content/rules/Onebitbug.me.xml
@@ -0,0 +1,15 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.onebitbug.me/ => https://www.onebitbug.me/: (51, "SSL: no alternative certificate subject name matches target host name 'www.onebitbug.me'")
+
+-->
+<ruleset name="onebitbug.me" default_off="failed ruleset test">
+
+	<target host="onebitbug.me" />
+	<target host="www.onebitbug.me" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Oneclickads.net.xml b/src/chrome/content/rules/Oneclickads.net.xml
deleted file mode 100644
index 587326b4a87f..000000000000
--- a/src/chrome/content/rules/Oneclickads.net.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	For other Propeller Ads Media coverage, see PropellerAds.xml.
-
-
-	Nonfunctional subdomains:
-
-		 - www	(http reply)
-
--->
-<ruleset name="oneclickads.net (partial)">
-
-	<target host="oneclickads.net" />
-
-
-	<securecookie host="^oneclicks\.net$" name=".+" />
-
-
-	<rule from="^http://oneclickads\.net/"
-		to="https://oneclickads.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Onefeed.co.uk.xml b/src/chrome/content/rules/Onefeed.co.uk.xml
new file mode 100644
index 000000000000..45ddbdff1f2c
--- /dev/null
+++ b/src/chrome/content/rules/Onefeed.co.uk.xml
@@ -0,0 +1,18 @@
+<!--
+	Nonfunctional subdomains:
+
+		- (www.)? *
+		- clientcentre *
+		- comparison-shopping-forum *
+
+	* Shows tracking
+
+-->
+<ruleset name="Onefeed.co.uk (partial)">
+
+	<target host="tracking.onefeed.co.uk" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Onepager.xml b/src/chrome/content/rules/Onepager.xml
index b97ea74e835b..00f2fa728fda 100644
--- a/src/chrome/content/rules/Onepager.xml
+++ b/src/chrome/content/rules/Onepager.xml
@@ -16,4 +16,4 @@
 	<rule from="^http://(www\.)?onepagerapp\.com/(assets/|errors/|signin(?:$|\?|/))"
 		to="https://$1onepagerapp.com/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Onestore.ms.xml b/src/chrome/content/rules/Onestore.ms.xml
new file mode 100644
index 000000000000..d5fd460ab5df
--- /dev/null
+++ b/src/chrome/content/rules/Onestore.ms.xml
@@ -0,0 +1,15 @@
+<!--
+	For other Microsoft coverage, see Microsoft.xml.
+
+-->
+<ruleset name="onestore.ms">
+
+	<target host="assets.onestore.ms" />
+
+		<test url="http://assets.onestore.ms/cdnfiles/onestorerolling-1604-22001/shell/v3/images/logo/microsoft.png" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Oneworld-Publications.com.xml b/src/chrome/content/rules/Oneworld-Publications.com.xml
new file mode 100644
index 000000000000..742ae8197850
--- /dev/null
+++ b/src/chrome/content/rules/Oneworld-Publications.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="Oneworld-Publications.com">
+	<target host="oneworld-publications.com" />
+	<target host="www.oneworld-publications.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Onfleet.com.xml b/src/chrome/content/rules/Onfleet.com.xml
new file mode 100644
index 000000000000..f1d48445209a
--- /dev/null
+++ b/src/chrome/content/rules/Onfleet.com.xml
@@ -0,0 +1,62 @@
+<!--
+
+	Nonfunctional hosts in *onfleet.com:
+
+		- support *
+
+	* Zendesk
+
+
+	Problematic hosts in *onfleet.com:
+
+		- blog ¹
+		- docs ¹
+		- status ²
+		- www ¹
+
+	¹ Mismatched
+	² StatusPage.io
+
+
+	Fully covered hosts in *onfleet.com:
+
+		- (www.)?	(www → ^)
+		- status	(→ onfleet.statuspage.io)
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .onfleet.com
+		- docs.onfleet.com
+
+-->
+<ruleset name="Onfleet.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="onfleet.com" />
+
+	<!--	Complications:
+				-->
+	<target host="status.onfleet.com" />
+	<target host="www.onfleet.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.onfleet\.com$" name="^onfleet_lang$" /-->
+	<!--securecookie host="^docs\.onfleet\.com$" name="^(XSRF-TOKEN|connect\.sid)$" /-->
+
+	<securecookie host="^\.onfleet\.com$" name=".+" />
+
+
+	<rule from="^http://status\.onfleet\.com/"
+		to="https://onfleet.statuspage.io/" />
+
+	<rule from="^http://www\.onfleet\.com/"
+		to="https://onfleet.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Onion.to.xml b/src/chrome/content/rules/Onion.to.xml
new file mode 100644
index 000000000000..bd206738d303
--- /dev/null
+++ b/src/chrome/content/rules/Onion.to.xml
@@ -0,0 +1,19 @@
+<ruleset name="onion.to">
+
+	<target host="onion.to" />
+	<target host="*.onion.to" />
+
+	<!-- Certificate is only valid for first-level subdomains:
+
+		<test url="http://m.facebookcorewwwi.onion.to/" />
+		<test url="http://static.propub3r6espa33w.onion.to/" />
+
+	-->
+	<rule from="^http://(\w+\.)?onion\.to/"
+		to="https://$1onion.to/" />
+
+	<test url="http://duskgytldkxiuqc6.onion.to/" />
+	<test url="http://5nca3wxl33tzlzj5.onion.to/" />
+	<test url="http://protonirockerxow.onion.to/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Onion.xml b/src/chrome/content/rules/Onion.xml
deleted file mode 100644
index adc5e93b839c..000000000000
--- a/src/chrome/content/rules/Onion.xml
+++ /dev/null
@@ -1,28 +0,0 @@
-<!--
-	CDN buckets:
-
-		- o.onionstatic.com.cdngc.net
-		- www.theonion.com.cdngc.net
-
-
-	Nonfunction subdomains:
-
-		- ^	(refused)
-		- o *
-		- www *
-
-	* 403; mismatched, CN: ssl2.cdngc.net
-
--->
-<ruleset name="The Onion (partial)">
-
-	<target host="store.theonion.com" />
-
-
-	<securecookie host="^store\.theonion\.com$" name=".+" />
-
-
-	<rule from="^http://store\.theonion\.com/"
-		to="https://store.theonion.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/OnionCat.org.xml b/src/chrome/content/rules/OnionCat.org.xml
new file mode 100644
index 000000000000..ec9425c5d26e
--- /dev/null
+++ b/src/chrome/content/rules/OnionCat.org.xml
@@ -0,0 +1,25 @@
+<!--
+	NB: Server sends no certificate chain, see https://whatsmychaincert.com
+
+
+	^onioncat.org: Mismatched
+
+-->
+<ruleset name="OnionCat.org" default_off="cert-chain">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.onioncat.org" />
+
+	<!--	Complications:
+				-->
+	<target host="onioncat.org" />
+
+
+	<rule from="^http://onioncat\.org/"
+		to="https://www.onioncat.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OnionShare.org.xml b/src/chrome/content/rules/OnionShare.org.xml
new file mode 100644
index 000000000000..387fde444eaa
--- /dev/null
+++ b/src/chrome/content/rules/OnionShare.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="OnionShare.org">
+	<target host="onionshare.org" />
+	<target host="www.onionshare.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"	to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/OnionTip.com.xml b/src/chrome/content/rules/OnionTip.com.xml
new file mode 100644
index 000000000000..3b5a55d7a948
--- /dev/null
+++ b/src/chrome/content/rules/OnionTip.com.xml
@@ -0,0 +1,17 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://oniontip.com/ => https://oniontip.com/: (7, 'Failed to connect to oniontip.com port 443: No route to host')
+Fetch error: http://www.oniontip.com/ => https://www.oniontip.com/: (7, 'Failed to connect to www.oniontip.com port 443: No route to host')
+
+-->
+<ruleset name="OnionTip.com" default_off="failed ruleset test">
+
+	<target host="oniontip.com" />
+	<target host="www.oniontip.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Onlime.ch.xml b/src/chrome/content/rules/Onlime.ch.xml
deleted file mode 100644
index 33ecfc19322a..000000000000
--- a/src/chrome/content/rules/Onlime.ch.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!-- This rule was automatically generated based on an HSTS
-     preload rule in the Chromium browser.  See
-     https://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.h
-     for the list of preloads.  Sites are added to the Chromium HSTS
-     preload list on request from their administrators, so HTTPS should
-     work properly everywhere on this site.
-
-     Because Chromium and derived browsers automatically force HTTPS for
-     every access to this site, this rule applies only to Firefox. -->
-<ruleset name="Onlime.ch" platform="firefox">
-<target host="my.onlime.ch" />
-<target host="webmail.onlime.ch" />
-<target host="crm.onlime.ch" />
-
-<securecookie host="^my\.onlime\.ch$" name=".+" />
-<securecookie host="^webmail\.onlime\.ch$" name=".+" />
-<securecookie host="^crm\.onlime\.ch$" name=".+" />
-
-<rule from="^http://my\.onlime\.ch/" to="https://my.onlime.ch/" />
-<rule from="^http://webmail\.onlime\.ch/" to="https://webmail.onlime.ch/" />
-<rule from="^http://crm\.onlime\.ch/" to="https://crm.onlime.ch/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Onlime.ru.xml b/src/chrome/content/rules/Onlime.ru.xml
new file mode 100644
index 000000000000..9e12b8c54e03
--- /dev/null
+++ b/src/chrome/content/rules/Onlime.ru.xml
@@ -0,0 +1,58 @@
+<!--
+onlime.ru ²
+www.onlime.ru ²
+4game.onlime.ru ²
+b2b.onlime.ru ²
+block.onlime.ru ³
+corp.onlime.ru ²
+double.onlime.ru ²
+el.onlime.ru ²
+forum.onlime.ru ²
+games.onlime.ru ²
+i.onlime.ru ²
+internet.onlime.ru ²
+mail.onlime.ru ⁵
+mm.onlime.ru ²
+api.asrz.moscow.onlime.ru ⁴
+con.asrz.moscow.onlime.ru ⁴
+con-pvn.asrz.moscow.onlime.ru ⁴
+con-zu.asrz.moscow.onlime.ru ⁴
+master.asrz.moscow.onlime.ru ⁴
+ms.onlime.ru ²
+mv.onlime.ru ²
+my3.onlime.ru ³
+newsite2.onlime.ru ²
+ns1.onlime.ru ³
+ns2.onlime.ru ³
+open.onlime.ru ²
+philips.onlime.ru ²
+promo.onlime.ru ³
+rt.onlime.ru ²
+shop.onlime.ru ²
+speed.onlime.ru ³
+speedtest.onlime.ru ²
+tv.onlime.ru ⁵
+tvgid-api.onlime.ru ²
+viasat.onlime.ru ²
+web.onlime.ru ²
+wg.onlime.ru ²
+work.onlime.ru ²
+www2.onlime.ru ²
+www3.onlime.ru ²
+
+
+² refused
+³ timed out
+⁴ self signed
+⁵ expired
+-->
+<ruleset name="onlime.ru (partial)">
+	<target host="dealer.onlime.ru" />
+	<target host="lk.onlime.ru" />
+	<target host="lkdapi.onlime.ru" />
+	<target host="mlk.onlime.ru" />
+	<target host="my.onlime.ru" />
+	<target host="soho.onlime.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Online-Mahnantrag.de.xml b/src/chrome/content/rules/Online-Mahnantrag.de.xml
new file mode 100644
index 000000000000..e1ae3eb1668d
--- /dev/null
+++ b/src/chrome/content/rules/Online-Mahnantrag.de.xml
@@ -0,0 +1,17 @@
+
+<!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Time: 2020-09-25 16:20:22
+ Fetch error: http://online-mahnantrag.de/omahn/Mahnantrag?_ts=496048-1589412980912&Command=start => https://www.online-mahnantrag.de/omahn/Mahnantrag?_ts=496048-1589412980912&Command=start: (6, 'Could not resolve host: online-mahnantrag.de')
+Time: 2020-09-25 16:20:22
+ Fetch error: http://online-mahnantrag.de/ => https://www.online-mahnantrag.de/: (6, 'Could not resolve host: online-mahnantrag.de')
+
+-->
+<ruleset name="Online-Mahnantrag.de">
+	<target host="www.online-mahnantrag.de" />
+	<!-- target host="online-mahnantrag.de" /-->
+
+	<rule from="^http:"
+	        to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Online-Register.xml b/src/chrome/content/rules/Online-Register.xml
index 075cc4201f34..29368adc1429 100644
--- a/src/chrome/content/rules/Online-Register.xml
+++ b/src/chrome/content/rules/Online-Register.xml
@@ -10,11 +10,10 @@
 	<target host="www.onlineregister.com" />
 
 
-	<securecookie host="^www\.onlineregister\.com$" name=".*" />
+	<securecookie host="^www\.onlineregister\.com$" name=".+" />
 
 
 	<!--	!www cert: www.leadertech.com	-->
-	<rule from="^https?://(?:www\.)?onlineregister.com/"
-		to="https://www.onlineregister.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Online-convert.com.xml b/src/chrome/content/rules/Online-convert.com.xml
index 9e67691b3dec..1c225e76e0d5 100644
--- a/src/chrome/content/rules/Online-convert.com.xml
+++ b/src/chrome/content/rules/Online-convert.com.xml
@@ -5,12 +5,19 @@
 <ruleset name="online-convert.com (partial)">
 
 	<target host="online-convert.com" />
-	<target host="*.online-convert.com" />
+	<target host="archive.online-convert.com" />
+	<target host="audio.online-convert.com" />
+	<target host="document.online-convert.com" />
+	<target host="ebook.online-convert.com" />
+	<target host="hash.online-convert.com" />
+	<target host="image.online-convert.com" />
+	<target host="static.online-convert.com" />
+	<target host="video.online-convert.com" />
+	<target host="www.online-convert.com" />
 		<exclusion pattern="^http://(?:www\.)?online-convert\.com/(?!favicon\.ico|login|password-recovery|register)" />
 		<exclusion pattern="^http://(?:archive|audio|document|ebook|hash|image|video)\.online-convert\.com/(?!favicon\.ico)" />
 
 
-	<rule from="^http://((?:archive|audio|document|ebook|hash|image|static|video|www)\.)?online-convert\.com/"
-		to="https://$1online-convert.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Online-go.com.xml b/src/chrome/content/rules/Online-go.com.xml
new file mode 100644
index 000000000000..e9e9cd635882
--- /dev/null
+++ b/src/chrome/content/rules/Online-go.com.xml
@@ -0,0 +1,5 @@
+<ruleset name="online-go.com">
+  <target host="online-go.com" />
+  <target host="www.online-go.com" />
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Online-metrix.net.xml b/src/chrome/content/rules/Online-metrix.net.xml
index c4bf25d5e2bd..a0d2d6014740 100644
--- a/src/chrome/content/rules/Online-metrix.net.xml
+++ b/src/chrome/content/rules/Online-metrix.net.xml
@@ -3,10 +3,10 @@
 	<target host="h.online-metrix.net" />
 
 
-	<securecookie host="^h\.online-metrix\.net$" name=".*" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^http://h\.online-metrix\.net/"
-		to="https://h.online-metrix.net/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Online.net.xml b/src/chrome/content/rules/Online.net.xml
new file mode 100644
index 000000000000..857fa5ffd6bd
--- /dev/null
+++ b/src/chrome/content/rules/Online.net.xml
@@ -0,0 +1,62 @@
+<!--
+	Nonfunctional hosts in *online.net:
+
+		- analytics *
+		- documentation *
+		- forum *
+
+	* Shows another domain
+
+
+	Problematic hosts in *online.net:
+
+		- webmail *
+
+	* Server sends no certificate chain, see https://whatsmychaincert.com
+
+
+	Fully covered hosts in *online.net:
+
+		- (www.)?
+		- stats.cloud
+		- console
+		- status
+		- phpmyadmin
+
+
+	Insecure cookies are set for these hosts:
+
+		- console.online.net
+		- status.online.net
+
+
+	Mixed content:
+
+		- Bugs on (www.)? from analytics.online.net
+
+-->
+<ruleset name="Online.net (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="online.net" />
+	<target host="stats.cloud.online.net" />
+	<target host="console.online.net" />
+	<target host="status.online.net" />
+	<!--target host="webmail.online.net" /-->
+	<target host="www.online.net" />
+	<target host="phpmyadmin.online.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^status\.online\.net$" name="^(FreeSoftware|GetFirefox|NoMicrosoft|ReadTheFAQ|RTFM|SubliminalAdvertising|ThinkB4Replying|UseLinux|VisitAU|flyspray_project)$" /-->
+	<!--securecookie host="^console\.online\.net$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^(?:console|status)\.online\.net$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Online.nl.xml b/src/chrome/content/rules/Online.nl.xml
index d05768250457..6e76c6072dc2 100644
--- a/src/chrome/content/rules/Online.nl.xml
+++ b/src/chrome/content/rules/Online.nl.xml
@@ -1,6 +1,15 @@
+<!--
+	Non-functional hosts:
+		Mismatched:
+		- home.online.nl
+-->
 <ruleset name="Online.nl">
-  <target host="*.online.nl" />
+	<target host="online.nl" />
+	<target host="www.online.nl" />
+	<target host="pop.online.nl" />
+	<target host="vragen.online.nl" />
+	<target host="webmail.online.nl" />
+	<target host="www1.online.nl" />
 
-  <rule from="^http://(?:www\.)?online\.nl/" to="https://www.online.nl/"/>
-  <rule from="^http://registratie\.online\.nl/" to="https://registratie.online.nl/"/>
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Online2pdf.com.xml b/src/chrome/content/rules/Online2pdf.com.xml
new file mode 100644
index 000000000000..44d0cb455e2e
--- /dev/null
+++ b/src/chrome/content/rules/Online2pdf.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="Online2pdf.com">
+    <target host="online2pdf.com" />
+    <target host="s1.online2pdf.com" />
+
+    <securecookie host="^(s1\.)?online2pdf\.com$" name=".+" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/OnlineSBI.com.xml b/src/chrome/content/rules/OnlineSBI.com.xml
new file mode 100644
index 000000000000..0a807e7fa2e1
--- /dev/null
+++ b/src/chrome/content/rules/OnlineSBI.com.xml
@@ -0,0 +1,36 @@
+<!--
+	Other SBI (State Bank of India) rulesets:
+		- SBI.xml
+
+	Problematic hosts:
+		- ^ (mismatched)
+		- www (insecure renegotiation)
+		- cmp (dropped)
+		- sbi (self-signed)
+-->
+
+<ruleset name="OnlineSBI.com">
+	<target host="onlinesbi.com" />
+	<target host="www.onlinesbi.com" />
+	<target host="acs.onlinesbi.com" />
+	<target host="cms.onlinesbi.com" />
+	<target host="corp.onlinesbi.com" />
+	<target host="etradesbi.onlinesbi.com" />
+	<target host="hrms.onlinesbi.com" />
+	<target host="kiosk.onlinesbi.com" />
+	<target host="m.onlinesbi.com" />
+	<target host="merchant.onlinesbi.com" />
+	<target host="mobile.onlinesbi.com" />
+	<target host="mpi.onlinesbi.com" />
+	<target host="oaa.onlinesbi.com" />
+	<target host="pg.onlinesbi.com" />
+	<target host="prepaid.onlinesbi.com" />
+	<target host="remit.onlinesbi.com" />
+	<target host="retail.onlinesbi.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://onlinesbi\.com/" to="https://www.onlinesbi.com/" />
+
+	<rule from="^http:"	to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/OnlineShoes.com.xml b/src/chrome/content/rules/OnlineShoes.com.xml
index 973e8b463eab..7aff1d87d490 100644
--- a/src/chrome/content/rules/OnlineShoes.com.xml
+++ b/src/chrome/content/rules/OnlineShoes.com.xml
@@ -1,22 +1,26 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://onlineshoes.com/ => https://www.onlineshoes.com/: (6, 'Could not resolve host: www.onlineshoes.com')
+
 	Problematic subdomains:
 
 		- ^	(reset)
 
 -->
-<ruleset name="OnlineShoes.com">
+<ruleset name="OnlineShoes.com" default_off="failed ruleset test">
 
 	<target host="onlineshoes.com" />
-	<target host="*.onlineshoes.com" />
+	<target host="www.onlineshoes.com" />
+	<target host="static.onlineshoes.com" />
 
 
 	<securecookie host="^(?:static|www)\.onlineshoes\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?onlineshoes\.com/"
+	<rule from="^http://(?:www\.)?onlineshoes\.com/"
 		to="https://www.onlineshoes.com/" />
 
-	<rule from="^http://static\.onlineshoes\.com/"
-		to="https://static.onlineshoes.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Online_EMR.xml b/src/chrome/content/rules/Online_EMR.xml
index c18d73fd473a..c57465fd4243 100644
--- a/src/chrome/content/rules/Online_EMR.xml
+++ b/src/chrome/content/rules/Online_EMR.xml
@@ -1,13 +1,12 @@
 <ruleset name="Online EMR">
 
 	<target host="online-emr.com" />
-	<target host="*.online-emr.com" />
+	<target host="www.online-emr.com" />
 
 
 	<securecookie host="^\.online-emr\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?online-emr\.com/"
-		to="https://$1online-emr.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Online_Registration_Center.com.xml b/src/chrome/content/rules/Online_Registration_Center.com.xml
new file mode 100644
index 000000000000..9a940cd2da69
--- /dev/null
+++ b/src/chrome/content/rules/Online_Registration_Center.com.xml
@@ -0,0 +1,20 @@
+<!--
+	^: cert only matches www
+
+-->
+<ruleset name="Online Registration Center.com">
+
+	<target host="onlineregistrationcenter.com" />
+	<target host="www.onlineregistrationcenter.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.onlineregistrationcenter\.com$" name="^ASPSESSIONID$" /-->
+
+	<securecookie host="^www\.onlineregistrationcenter\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Online_Threat_Alerts.xml b/src/chrome/content/rules/Online_Threat_Alerts.xml
new file mode 100644
index 000000000000..6cbafc87fac3
--- /dev/null
+++ b/src/chrome/content/rules/Online_Threat_Alerts.xml
@@ -0,0 +1,9 @@
+<ruleset name="Online Threat Alerts.com">
+
+	<target host="onlinethreatalerts.com" />
+	<target host="www.onlinethreatalerts.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Online_Wellness_Association.xml b/src/chrome/content/rules/Online_Wellness_Association.xml
deleted file mode 100644
index a3cb14a9200e..000000000000
--- a/src/chrome/content/rules/Online_Wellness_Association.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Online Wellness Association">
-
-	<target host="onlinewellnessassociation.com" />
-	<target host="*.onlinewellnessassociation.com" />
-
-
-	<securecookie host="^(?:w*\.)?onlinewellnessassociation\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?onlinewellnessassociation\.com/"
-		to="https://$1onlinewellnessassociation.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Onlinecreditcenter6.com.xml b/src/chrome/content/rules/Onlinecreditcenter6.com.xml
new file mode 100644
index 000000000000..6c6973cfbc73
--- /dev/null
+++ b/src/chrome/content/rules/Onlinecreditcenter6.com.xml
@@ -0,0 +1,13 @@
+<!--
+	^onlinecreditcenter6.com doesn't exist.
+
+-->
+<ruleset name="onlinecreditcenter6.com">
+
+	<target host="www.onlinecreditcenter6.com" />
+	<target host="www2.onlinecreditcenter6.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Onliner.by.xml b/src/chrome/content/rules/Onliner.by.xml
new file mode 100644
index 000000000000..6eb2a904f925
--- /dev/null
+++ b/src/chrome/content/rules/Onliner.by.xml
@@ -0,0 +1,64 @@
+<!--
+	HTTPS and HTTP content differ:
+		- dengi
+
+	HTTP 404:
+		- cart.api
+		- catalog.api
+		- credentials.api
+		- delivery.api
+		- pk.api
+
+	Mismatched:
+		- static.forum (CN: *.onliner.by)
+-->
+
+<ruleset name="Onliner.by">
+	<target host="onliner.by" />
+	<target host="www.onliner.by" />
+	<target host="a.onliner.by" />
+	<target host="ab.onliner.by" />
+	<target host="acp.onliner.by" />
+	<target host="ad.onliner.by" />
+	<target host="api.onliner.by" />
+	<target host="asd.onliner.by" />
+	<target host="auto.onliner.by" />
+	<target host="b2b.onliner.by" />
+	<target host="b2breg.onliner.by" />
+	<target host="baraholka.onliner.by" />
+	<target host="blog.onliner.by" />
+	<target host="cart.onliner.by" />
+	<target host="chats.onliner.by" />
+	<target host="catalog.onliner.by" />
+	<target host="content.onliner.by" />
+	<target host="content1.onliner.by" />
+	<target host="content2.onliner.by" />
+	<target host="forum.onliner.by" />
+	<target host="gc.onliner.by" />
+	<target host="gomel.onliner.by" />
+	<target host="gomelnews.onliner.by" />
+	<target host="kurs.onliner.by" />
+	<target host="marafon.onliner.by" />
+	<target host="mb.onliner.by" />
+	<target host="mts.onliner.by" />
+	<target host="notifications.onliner.by" />
+	<target host="people.onliner.by" />
+	<target host="pogoda.onliner.by" />
+	<target host="profile.onliner.by" />
+	<target host="r.onliner.by" />
+	<target host="realt.onliner.by" />
+	<target host="s.onliner.by" />
+	<target host="shop.onliner.by" />
+	<target host="*.shop.onliner.by" />
+	<target host="static.onliner.by" />
+	<target host="support.onliner.by" />
+	<target host="tech.onliner.by" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+	<test url="http://1000.shop.onliner.by/" />
+	<test url="http://10005.shop.onliner.by/" />
+	<test url="http://10085.shop.onliner.by/" />
+</ruleset>
diff --git a/src/chrome/content/rules/Onlychange.com.xml b/src/chrome/content/rules/Onlychange.com.xml
index ef5d3e9a80d2..13dc45e750df 100644
--- a/src/chrome/content/rules/Onlychange.com.xml
+++ b/src/chrome/content/rules/Onlychange.com.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(?:www\.)?onlychange\.com/"
 		to="https://onlychange.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Onlyoffice.com.xml b/src/chrome/content/rules/Onlyoffice.com.xml
new file mode 100644
index 000000000000..53f8c56a8751
--- /dev/null
+++ b/src/chrome/content/rules/Onlyoffice.com.xml
@@ -0,0 +1,15 @@
+<!--
+	Other Onlyoffice rulesets:
+		- Onlyoffice.org.xml
+
+	Host has wildcard DNS and cert.
+-->
+<ruleset name="Onlyoffice.com">
+	<target host="onlyoffice.com" />
+	<target host="www.onlyoffice.com" />
+	<target host="api.onlyoffice.com" />
+	<target host="helpcenter.onlyoffice.com" />
+	<target host="personal.onlyoffice.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Onlyoffice.org.xml b/src/chrome/content/rules/Onlyoffice.org.xml
new file mode 100644
index 000000000000..c5a161ec5489
--- /dev/null
+++ b/src/chrome/content/rules/Onlyoffice.org.xml
@@ -0,0 +1,28 @@
+
+<!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Fetch error: http://onlyoffice.org/ => https://onlyoffice.org/: (51, "SSL: no alternative certificate subject name matches target host name 'onlyoffice.org'")
+Fetch error: http://www.onlyoffice.org/ => https://www.onlyoffice.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.onlyoffice.org'")
+
+	For other Onlyoffice coverage, see Onlyoffice.com.xml.
+
+	Expired:
+		- onlyoffice.org
+		- www.onlyoffice.org
+
+	Host has wildcard DNS.
+-->
+<ruleset name="Onlyoffice.org">
+	<!-- target host="onlyoffice.org" /-->
+	<!-- target host="www.onlyoffice.org" /-->
+	<target host="dev.onlyoffice.org" />
+	<target host="cloud.onlyoffice.org" />
+
+	<!--
+    Can't find examples for this host pattern,
+    but keeping since it exists
+    <rule from="^http://(www\.)?onlyoffice\.org/" to="https://$1onlyoffice.com/" /> 
+  -->
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ono.xml b/src/chrome/content/rules/Ono.xml
index 222167213b75..d745ed0bbe6c 100644
--- a/src/chrome/content/rules/Ono.xml
+++ b/src/chrome/content/rules/Ono.xml
@@ -9,7 +9,6 @@
 
 	<!--	Cert only matches www.
 					-->
-	<rule from="^http://(?:www\.)?ono\.es/"
-		to="https://www.ono.es/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Onpage.org.xml b/src/chrome/content/rules/Onpage.org.xml
new file mode 100644
index 000000000000..279ed74d38f7
--- /dev/null
+++ b/src/chrome/content/rules/Onpage.org.xml
@@ -0,0 +1,53 @@
+<!--
+	Chain issues:
+		- indexability.yoast.onpage.org
+
+	Cert mismatch:
+		-
+	Connection refused:
+		- lb.onpage.org
+
+	TLS error:
+		- webmail.onpage.org
+-->
+<ruleset name="Onpage.org">
+
+	<target host="onpage.org" />
+	<target host="www.onpage.org" />
+
+	<target host="account.onpage.org" />
+	<target host="act.onpage.org" />
+	<target host="acc.onpage.org" />
+	<target host="bot.onpage.org" />
+	<target host="de.onpage.org" />
+	<target host="ed.onpage.org"/>
+	<target host="en.onpage.org" />
+	<target host="es.onpage.org" />
+	<target host="fr.onpage.org" />
+	<target host="api.onpage.org" />
+	<target host="it.onpage.org" />
+	<target host="cdn1-my.onpage.org" />
+	<target host="cdn2-my.onpage.org" />
+	<target host="cdn1-zoom.onpage.org" />
+	<target host="cdn2-zoom.onpage.org" />
+	<target host="cdn3-zoom.onpage.org" />
+	<target host="cdn4-zoom.onpage.org" />
+	<target host="info.onpage.org" />
+	<target host="mentions.onpage.org" />
+	<target host="my.onpage.org" />
+	<target host="support.onpage.org" />
+	<target host="lp.onpage.org" />
+	<target host="tool.onpage.org" />
+	<target host="tr.onpage.org" />
+	<target host="wiki.onpage.org" />
+	<target host="static1.onpage.org" />
+	<target host="static2.onpage.org" />
+	<target host="static3.onpage.org" />
+	<target host="static4.onpage.org" />
+	<target host="videos.onpage.org" />
+	<target host="yoast.onpage.org" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Onsalesit.com.xml b/src/chrome/content/rules/Onsalesit.com.xml
index a1bb51e332e3..adb28b53ef28 100644
--- a/src/chrome/content/rules/Onsalesit.com.xml
+++ b/src/chrome/content/rules/Onsalesit.com.xml
@@ -1,13 +1,12 @@
 <ruleset name="Onsalesit.com">
 
 	<target host="onsalesit.com" />
-	<target host="*.onsalesit.com" />
+	<target host="www.onsalesit.com" />
 
 
 	<securecookie host="^(?:www)?\.onsalesit\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?onsalesit\.com/"
-		to="https://$1onsalesit.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Onstream-Media.xml b/src/chrome/content/rules/Onstream-Media.xml
index 22e504f66bf7..c40129b883ad 100644
--- a/src/chrome/content/rules/Onstream-Media.xml
+++ b/src/chrome/content/rules/Onstream-Media.xml
@@ -1,16 +1,20 @@
 <!--
+	Other Onstream Media rulesets:
+
+		- Onstream_secure.com.xml
+
+
 	Nonfunctional subdomains:
 
 		- (www.)
 
 -->
-<ruleset name="Onstream Media (partial)" default_off="mismatch">
+<ruleset name="Onstream Media (partial)" default_off="mismatched">
 
 	<target host="sas-origin.onstreammedia.com" />
 
 
 	<!--	Akamai	-->
-	<rule from="^http://sas-origin\.onstreammedia\.com/"
-		to="https://sas-origin.onstreammedia.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Onstream_secure.com.xml b/src/chrome/content/rules/Onstream_secure.com.xml
new file mode 100644
index 000000000000..d00b13292686
--- /dev/null
+++ b/src/chrome/content/rules/Onstream_secure.com.xml
@@ -0,0 +1,16 @@
+<!--
+	For other Onstream Media coverage, see Onstream-Media.xml.
+
+
+	(www.) doesn't exist.
+
+-->
+<ruleset name="Onstream secure.com">
+
+	<target host="*.onstreamsecure.com" />
+
+
+	<rule from="^http://([\w-]+)\.onstreamsecure\.com/"
+		to="https://$1.onstreamsecure.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Onswipe.com.xml b/src/chrome/content/rules/Onswipe.com.xml
new file mode 100644
index 000000000000..bcc19eb84d92
--- /dev/null
+++ b/src/chrome/content/rules/Onswipe.com.xml
@@ -0,0 +1,12 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- email.onswipe.com
+		- mail.onswipe.com
+-->
+<ruleset name="Onswipe.com">
+	<target host="onswipe.com" />
+	<target host="www.onswipe.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Onswipe.xml b/src/chrome/content/rules/Onswipe.xml
deleted file mode 100644
index 5ef0a8da60b2..000000000000
--- a/src/chrome/content/rules/Onswipe.xml
+++ /dev/null
@@ -1,31 +0,0 @@
-<!--
-	CDN buckets:
-
-		- assets.onswipe.com.edgesuite.net
-
-
-	Nonfunctional subdomains:
-
-		- (www.) *
-		- dashboard *
-
-	* Times out
-
-
-	Problematic subdomains:
-
-		- static	(works, akamai)
-
--->
-<ruleset name="Onswipe">
-
-	<target host="*.onswipe.com" />
-
-
-	<rule from="^http://static\.onswipe\.com/synapse/"
-		to="https://s3.amazonaws.com/cdn.onswipe.com/synapse/" />
-
-	<rule from="^https?://(cdn|plug)\.onswipe\.com/"
-		to="https://s3.amazonaws.com/$1.onswipe.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Ontario-Lung-Assoc.xml b/src/chrome/content/rules/Ontario-Lung-Assoc.xml
index 47afc8a0c6ba..c0bd1dac38b7 100644
--- a/src/chrome/content/rules/Ontario-Lung-Assoc.xml
+++ b/src/chrome/content/rules/Ontario-Lung-Assoc.xml
@@ -4,7 +4,4 @@
 
 	<rule from="^http://(?:www\.)?on\.lung\.ca/" to="https://www.on.lung.ca/" />
 
-	<!-- Invoking https://on.lung.ca/ produces a certificate error, so
-	redirect https://on.lung.ca/ to https://www.on.lung.ca/ -->
-	<rule from="^https://on\.lung\.ca/" to="https://www.on.lung.ca/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Ontario_Minor_Hockey_Association.xml b/src/chrome/content/rules/Ontario_Minor_Hockey_Association.xml
index 19ea7a3250a6..079d81e867a3 100644
--- a/src/chrome/content/rules/Ontario_Minor_Hockey_Association.xml
+++ b/src/chrome/content/rules/Ontario_Minor_Hockey_Association.xml
@@ -1,13 +1,21 @@
-<ruleset name="Ontario Minor Hockey Association">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://omha.net/ => https://omha.net/: (51, "SSL: no alternative certificate subject name matches target host name 'omha.net'")
+Fetch error: http://www.omha.net/ => https://www.omha.net/: (51, "SSL: no alternative certificate subject name matches target host name 'www.omha.net'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://omha.net/ => https://omha.net/: (51, "SSL: no alternative certificate subject name matches target host name 'omha.net'")
+-->
+<ruleset name="Ontario Minor Hockey Association" default_off="failed ruleset test">
 
 	<target host="omha.net" />
-	<target host="*.omha.net" />
+	<target host="www.omha.net" />
 
 
 	<securecookie host="^(?:w*\.)?omha\.net$" name=".+" />
 
 
-	<rule from="^http://(www\.)?omha\.net/"
-		to="https://$1omha.net/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Onthe.io.xml b/src/chrome/content/rules/Onthe.io.xml
new file mode 100644
index 000000000000..995e5e61610f
--- /dev/null
+++ b/src/chrome/content/rules/Onthe.io.xml
@@ -0,0 +1,33 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- onthe.io
+		- me.onthe.io
+		- sun.onthe.io
+		- t.onthe.io
+
+-->
+<ruleset name="onthe.io">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="onthe.io" />
+	<target host="e.onthe.io" />
+	<target host="i.onthe.io" />
+	<target host="me.onthe.io" />
+	<target host="sun.onthe.io" />
+	<target host="t.onthe.io" />
+	<target host="www.onthe.io" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:(?:me|sun|t)\.)?onthe\.io$" name="^s$" /-->
+
+	<securecookie host=".+" name=".+"/>
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ontology.co.xml b/src/chrome/content/rules/Ontology.co.xml
new file mode 100644
index 000000000000..d85db355f023
--- /dev/null
+++ b/src/chrome/content/rules/Ontology.co.xml
@@ -0,0 +1,12 @@
+<ruleset name="Ontology.co">
+
+	<target host="ontology.co" />
+	<target host="www.ontology.co" />
+
+
+	<securecookie host="^\.ontology\.co$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ontrac.com.xml b/src/chrome/content/rules/Ontrac.com.xml
index cbad2a097925..456301d92173 100644
--- a/src/chrome/content/rules/Ontrac.com.xml
+++ b/src/chrome/content/rules/Ontrac.com.xml
@@ -2,5 +2,5 @@
   <target host="ontrac.com" />
   <target host="www.ontrac.com" />
 
-  <rule from="^http://(?:www\.)?ontrac\.com/" to="https://www.ontrac.com/" />
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Oo-software.com.xml b/src/chrome/content/rules/Oo-software.com.xml
new file mode 100644
index 000000000000..3b2c0eafaab8
--- /dev/null
+++ b/src/chrome/content/rules/Oo-software.com.xml
@@ -0,0 +1,30 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://dl2.oo-software.com/ (200) => https://dl2.oo-software.com/ (403)
+
+    Nonfunctional subdomain:
+	    - obot     -> different site (authentication required)
+
+    Active mixed content:
+	    - corp*
+
+	* Secured by us
+
+    More O&O rulesets:
+	    - Syspectr.com
+-->
+<ruleset name="OO-Software.com" default_off="failed ruleset test">
+    <target host="oo-software.com" />
+    <target host="www.oo-software.com" />
+    <target host="shop.oo-software.com" />
+    <target host="blog.oo-software.com" />
+    <target host="partners.oo-software.com" />
+    <target host="dl2.oo-software.com" />
+    <target host="dl5.oo-software.com" />
+
+    <securecookie host="^(www\.|shop\.|blog\.|partners\.)?oo-software\.com" name=".+" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ookla-mismatches.xml b/src/chrome/content/rules/Ookla-mismatches.xml
index f365d424a2cd..b8e0160451cd 100644
--- a/src/chrome/content/rules/Ookla-mismatches.xml
+++ b/src/chrome/content/rules/Ookla-mismatches.xml
@@ -2,7 +2,7 @@
 	For rules that are on by default, see Ookla.xml.
 
 -->
-<ruleset name="Ookla (mismatches)" default_off="mismatch">
+<ruleset name="Ookla (mismatches)" default_off="mismatched">
 
 	<!--	Cert: www.ookla.com	-->
 	<target host="ads.ookla.com" />
@@ -23,7 +23,7 @@
 	<!--	- (www.) cert: www.ookla.com
 		- cdn cert: edgecastcdn.net
 						-->
-	<rule from="^https?://(?:cdn\.|www\.)?pingtest\.net/"
+	<rule from="^http://(?:cdn\.|www\.)?pingtest\.net/"
 		to="https://pingtest.net/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Ookla.xml b/src/chrome/content/rules/Ookla.xml
index d915f1d75b9c..a2edd227a1fd 100644
--- a/src/chrome/content/rules/Ookla.xml
+++ b/src/chrome/content/rules/Ookla.xml
@@ -7,24 +7,36 @@
 		- Net_Index.xml
 		- Speedtest.net.xml
 
+
+	Nonfunctional subdomains:
+
+		- cdn.ads *
+
+	* 404
+
 -->
 <ruleset name="Ookla (partial)">
 
 	<target host="ookla.com" />
-	<target host="*.ookla.com" />
+	<target host="api.ookla.com" />
+	<target host="support.ookla.com" />
+	<target host="www.ookla.com" />
 
 
-	<securecookie host="^.*\.ookla\.com$" name=".*" />
+	<securecookie host="^.*\.ookla\.com$" name=".+" />
 
 
 	<!--	Cert only matches www.
 					-->
-	<rule from="^https?://(?:www\.)?ookla\.com/"
+	<rule from="^http://ookla\.com/"
 		to="https://www.ookla.com/" />
 
+	<!--rule from="^http://status\.ookla\.com/"
+		to="https://???.statuspage.io/" /-->
+
 	<!--	ookla.zendesk.com
 					-->
-	<rule from="^http://support\.ookla\.com/"
-		to="https://support.ookla.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Oomphme.xml b/src/chrome/content/rules/Oomphme.xml
index e0484e809f44..6a216f5d4153 100644
--- a/src/chrome/content/rules/Oomphme.xml
+++ b/src/chrome/content/rules/Oomphme.xml
@@ -1,4 +1,8 @@
-<ruleset name="OomphMe" default_off="Cert warning">
+<!--
+	(www.)?: Refused
+
+-->
+<ruleset name="OomphMe" default_off="refused">
   <target host="www.oomphme.com" />
   <target host="oomphme.com" />
 
diff --git a/src/chrome/content/rules/Oops.org.xml b/src/chrome/content/rules/Oops.org.xml
new file mode 100644
index 000000000000..3ca3d832d1e1
--- /dev/null
+++ b/src/chrome/content/rules/Oops.org.xml
@@ -0,0 +1,20 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.oops.org/ => https://www.oops.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.oops.org'")
+
+mirror.kr1.oops.org refused
+-->
+<ruleset name="oops.org" default_off="failed ruleset test">
+	<target host="oops.org" />
+	<target host="www.oops.org" />
+	<target host="annyung.oops.org" />
+	<target host="devel.oops.org" />
+	<target host="my.oops.org" />
+	<target host="jokbo.oops.org" />
+	<target host="pear.oops.org" />
+	<target host="mirror.oops.org" />
+	<target host="cdn.oops.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ooyala-mismatches.xml b/src/chrome/content/rules/Ooyala-mismatches.xml
index 9e0ee953d340..f79074969712 100644
--- a/src/chrome/content/rules/Ooyala-mismatches.xml
+++ b/src/chrome/content/rules/Ooyala-mismatches.xml
@@ -3,18 +3,23 @@
 	default, see Ooyala.xml.
 
 -->
-<ruleset name="Ooyala (mismatches)" default_off="mismatch" platform="mixedcontent">
+<ruleset name="Ooyala (mismatches)" default_off="mismatched" platform="mixedcontent">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="support.ooyala.com" />
 	<target host="videomind.ooyala.com" />
-	<target host="ooyala.jp" />
 	<target host="www.ooyala.jp" />
 
+	<!--	Complications:
+				-->
+	<target host="ooyala.jp" />
 
-	<rule from="^http://(support|videomind)\.ooyala\.com/"
-		to="https://$1.ooyala.com/" />
 
-	<rule from="^http://(?:www\.)?ooyala\.jp/"
+	<rule from="^http://ooyala\.jp/"
 		to="https://www.ooyala.jp/" />
 
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/Ooyala.xml b/src/chrome/content/rules/Ooyala.xml
index 12a91462597e..0dc7450889c3 100644
--- a/src/chrome/content/rules/Ooyala.xml
+++ b/src/chrome/content/rules/Ooyala.xml
@@ -5,31 +5,63 @@
 		- ak.c.ooyala.com.edgesuite.net
 
 
+	Nonfunctional hosts in *ooyala.com:
+
+		- community	Refused
+
+
 	Problematic subdomains:
 
 		- ak.c.ooyala.com	(akamai)
+		- player.ooyala.com
+			Player JS correctly chooses secure player based on parent document
+			protocol, but fails if parent document is HTTP and player is rewritten to
+			HTTPS. Therefore, only enabled on mixedcontent platforms. See
+			https://github.com/EFForg/https-everywhere/issues/1421 for example of breakage.
 
--->
-<ruleset name="Ooyala (partial)">
+		- status.ooyala.com	Mismatched
+		- support.ooyala.com	Mismatched
 
-	<target host="ooyala.com" />
-	<target host="*.ooyala.com" />
-		<!--
-			https://trac.torproject.org/projects/tor/ticket/7615
-							-->
-		<exclusion pattern="crossdomain\.xml$" />
 
+	Mixed content:
 
-	<securecookie host="^(?:.*\.)?ooyala\.com$" name=".+" />
+		- css on www from fast.fonts.net *
+		- Ads on www from www.googleadservices.com *
 
+	* Secured by us
 
-	<rule from="^http://ooyala\.com/"
-		to="https://www.ooyala.com/" />
+-->
+<ruleset name="Ooyala.com (partial)" platform="mixedcontent">
 
-	<rule from="^http://(ak-c|backlot|cdn-api|extras|info|l|player(?:-ssl)?|www)\.ooyala\.com/"
-		to="https://$1.ooyala.com/" />
+	<target host="ak-c.ooyala.com" />
+	<target host="api.ooyala.com" />
+	<target host="backlot.ooyala.com" />
+	<target host="cdn-api.ooyala.com" />
+	<target host="extras.ooyala.com" />
+	<target host="info.ooyala.com" />
+	<target host="l.ooyala.com" />
+	<target host="opf.ooyala.com" />
+	<target host="player.ooyala.com" />
+	<target host="www.ooyala.com" />
+
+	<!--	Complications:
+				-->
+	<target host="ooyala.com" />
+	<target host="c.ooyala.com" />
+	<target host="ak.c.ooyala.com" />
+
+		<!--	https://trac.torproject.org/projects/tor/ticket/7615
+							-->
+		<exclusion pattern="crossdomain\.xml$" />
+	<test url="http://www.ooyala.com/crossdomain.xml" />
+	<test url="http://api.ooyala.com/docs/v2/" />
+
+	<securecookie host=".+" name=".+"/>
 
 	<rule from="^http://(?:ak\.)?c\.ooyala\.com/"
-		to="https://s3.amazonaws.com/c.ooyala.com/" />
+		to="https://ak-c.ooyala.com/" />
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Op-co.de.xml b/src/chrome/content/rules/Op-co.de.xml
index fadd31e4903e..2ee6e7397673 100644
--- a/src/chrome/content/rules/Op-co.de.xml
+++ b/src/chrome/content/rules/Op-co.de.xml
@@ -1,22 +1,9 @@
-<!--
-	Problematic subdomains:
-
-		- www	(cert only matches ^op-co.de)
-
-
-	Fully covered subdomains:
-
-		- (www.)	(www → ^)
-		- gallery
-
--->
-<ruleset name="op-co.de" platform="cacert">
-
+<ruleset name="Op-co.de">
 	<target host="op-co.de" />
-	<target host="*.op-co.de" />
-
+	<target host="www.op-co.de" />
+	<target host="gallery.op-co.de" />
 
-	<rule from="^http://(?:(gallery\.)|www\.)?op-co\.de/"
-		to="https://$1op-co.de/" />
+	<securecookie host=".+" name=".+" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Op5.com.xml b/src/chrome/content/rules/Op5.com.xml
new file mode 100644
index 000000000000..bcff4aaf3b31
--- /dev/null
+++ b/src/chrome/content/rules/Op5.com.xml
@@ -0,0 +1,14 @@
+<ruleset name="Op5.com">
+
+	<target host="op5.com" />
+	<target host="demo.op5.com" />
+	<target host="www.op5.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Opa.xml b/src/chrome/content/rules/Opa.xml
index 60dab7161926..4816d9c4d438 100644
--- a/src/chrome/content/rules/Opa.xml
+++ b/src/chrome/content/rules/Opa.xml
@@ -1,4 +1,12 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://opalang.org/ => https://opalang.org/: (51, "SSL: no alternative certificate subject name matches target host name 'opalang.org'")
+Fetch error: http://www.opalang.org/ => https://www.opalang.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.opalang.org'")
+
+Automatically by https-everywhere-checker because:
+Fetch error: http://opalang.org/ => https://opalang.org/: (7, 'Failed to connect to opalang.org port 443: Connection timed out')
+Fetch error: http://www.opalang.org/ => https://www.opalang.org/: (28, 'Connection timed out after 10001 milliseconds')
 	Nonfunctional subdomains:
 
 		- blog	(hosted on Blogger, shows Google 404 page)
@@ -6,16 +14,15 @@
 		- forum	(ditto)
 
 -->
-<ruleset name="Opa (partial)">
+<ruleset name="Opa (partial)" default_off="failed ruleset test">
 
 	<target host="opalang.org" />
 	<target host="www.opalang.org" />
 
 
-	<securecookie host="^(www.)?opalang\.org$" name=".*" />
+	<securecookie host="^(?:www.)?opalang\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?opalang\.org/"
-		to="https://$1opalang.org/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Opal.xml b/src/chrome/content/rules/Opal.xml
new file mode 100644
index 000000000000..03bd6d310658
--- /dev/null
+++ b/src/chrome/content/rules/Opal.xml
@@ -0,0 +1,10 @@
+<ruleset name="Opal Card">
+	<target host="opal.com.au" />
+	<target host="www.opal.com.au" />
+	<!--
+		retailers.opal.com.au: mismatch, self signed
+	-->
+
+	<!-- opal.com.au is mismatched -->
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Open-Clipart-Library.xml b/src/chrome/content/rules/Open-Clipart-Library.xml
deleted file mode 100644
index 6007352737f8..000000000000
--- a/src/chrome/content/rules/Open-Clipart-Library.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<!--
-	Problematic subdomains:
-
-		- www	(mismatched, CN: dev.openclipart.org)
-
-
-	Fully covered subdomains:
-
-		- (www.)	(www → ^)
-
--->
-<ruleset name="Open Clipart Library">
-
-	<target host="openclipart.org" />
-	<target host="*.openclipart.org" />
-
-
-	<securecookie host="^\.openclipart\.org$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?openclipart\.org/"
-		to="https://openclipart.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Open-Invention-Network.xml b/src/chrome/content/rules/Open-Invention-Network.xml
deleted file mode 100644
index 507515773d96..000000000000
--- a/src/chrome/content/rules/Open-Invention-Network.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="Open Invention Network" default_off="Certificate mismatch, self-signed">
-
-	<target host="openinventionnetwork.com" />
-	<target host="www.openinventionnetwork.com" />
-
-	<rule from="^http://(www\.)?openinventionnetwork\.com/"
-		to="https://openinventionnetwork.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Open-MPI.xml b/src/chrome/content/rules/Open-MPI.xml
index 80ad28565882..480d8f4518cd 100644
--- a/src/chrome/content/rules/Open-MPI.xml
+++ b/src/chrome/content/rules/Open-MPI.xml
@@ -1,11 +1,10 @@
-<ruleset name="Open MPI" default_off="self-signed">
+<ruleset name="Open MPI">
 
 	<target host="open-mpi.org" />
 	<target host="www.open-mpi.org" />
 
 
 	<!--	Cert only matches www.	-->
-	<rule from="^https?://(?:www\.)?open-mpi\.org/"
-		to="https://www.open-mpi.org/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Open-Mesh.xml b/src/chrome/content/rules/Open-Mesh.xml
index 074afbd15e69..414246ae07ab 100644
--- a/src/chrome/content/rules/Open-Mesh.xml
+++ b/src/chrome/content/rules/Open-Mesh.xml
@@ -1,8 +1,52 @@
-<ruleset name="Open-Mesh" platform="mixedcontent">
-  <target host="open-mesh.com" />
-  <target host="www.open-mesh.com" />
-  <target host="dashboard.open-mesh.com" />
+<!--
+	Problematic subdomains:
+
+		- dashboard *
+
+	* Mismatched, CN: *.cloudtrax.com
+
+
+	Fully covered hosts in *open-mesh.com:
+
+		- (www.)?
+		- dashboard	(→ cloudtrax.com)
+
+
+	Insecure cookies are set for these domains:
+
+		- .www.open-mesh.com
+
+
+	Mixed content:
+
+		- Images on www from www *
+
+	* Secured by us
+
+-->
+<ruleset name="Open-Mesh.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="open-mesh.com" />
+	<target host="www.open-mesh.com" />
+
+	<!--	Complications:
+				-->
+	<target host="dashboard.open-mesh.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.www\.open-mesh\.com$" name="^frontend$" /-->
+
+	<securecookie host="^\.www\.open-mesh\.com$" name=".+" />
+
+
+	<rule from="^http://dashboard\.open-mesh\.com/"
+		to="https://cloudtrax.com/" />
+
+	<rule from="^http:"
+		to="https:" />
 
-  <rule from="^http://(?:www\.)?open-mesh\.com/" to="https://www.open-mesh.com/"/>
-  <rule from="^http://dashboard\.open-mesh\.com/" to="https://dashboard.open-mesh.com/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/Open-Researcher-and-Contributor-ID.xml b/src/chrome/content/rules/Open-Researcher-and-Contributor-ID.xml
deleted file mode 100644
index 2d1538e7d03d..000000000000
--- a/src/chrome/content/rules/Open-Researcher-and-Contributor-ID.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<ruleset name="Open Researcher &amp; Contributor ID" default_off="mismatch">
-
-	<!--	Cert: *.securesites.net	-->
-	<target host="orcid.org" />
-	<target host="*.orcid.org" />
-
-
-	<securecookie host="^\.about\.org$" name=".*" />
-
-
-	<!--	All appear to be identical.	-->
-	<rule from="^https?://(?:about\.|www\.)?orcid\.org/"
-		to="https://orcid.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Open-Society-Foundations.xml b/src/chrome/content/rules/Open-Society-Foundations.xml
index b30cd01183a9..afcde6c86523 100644
--- a/src/chrome/content/rules/Open-Society-Foundations.xml
+++ b/src/chrome/content/rules/Open-Society-Foundations.xml
@@ -1,10 +1,10 @@
 <!--
 	Nonfunctional subdomains:
 
-		- origin-www	(cert: www.soros.org; pages redirect redirect there)
+		- origin-www	(cert: www.soros.org; pages redirect there)
 
 -->
-<ruleset name="Open Society Foundations" default_off="mismatch">
+<ruleset name="Open Society Foundations" default_off="mismatched">
 
 	<!--	Akamai	-->
 	<target host="soros.org" />
@@ -12,7 +12,7 @@
 
 
 	<!--	!www redirects to www.	-->
-	<rule from="^https?://(?:www\.)?soros\.org/"
+	<rule from="^http://(?:www\.)?soros\.org/"
 		to="https://www.soros.org/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Open-Source-Education-Center.xml b/src/chrome/content/rules/Open-Source-Education-Center.xml
index a0b526d4e158..3f23d4240994 100644
--- a/src/chrome/content/rules/Open-Source-Education-Center.xml
+++ b/src/chrome/content/rules/Open-Source-Education-Center.xml
@@ -1,14 +1,19 @@
-<ruleset name="Open Source Education Center">
+<!--
+	Open Source Education Center
 
+-->
+<ruleset name="OSEC.pl">
+
+	<!--	Direct rewrites:
+				-->
 	<target host="osec.pl" />
-	<!--	* for cross-domain cookie.	-->
-	<target host="*.osec.pl" />
+	<target host="www.osec.pl" />
 
 
-	<securecookie host="^\.osec\.pl$" name=".*" />
+	<securecookie host="^\.osec\.pl$" name=".+" />
 
 
-	<rule from="^http://(www\.)?osec\.pl/"
-		to="https://$1osec.pl/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Open-Source-Robotics-Foundation.xml b/src/chrome/content/rules/Open-Source-Robotics-Foundation.xml
deleted file mode 100644
index 056156b1c70a..000000000000
--- a/src/chrome/content/rules/Open-Source-Robotics-Foundation.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="Open Source Robotics Foundation" default_off="mismatch">
-
-	<!--	Cert: *.fatcow.com	-->
-	<target host="osrfoundation.org" />
-	<target host="www.osrfoundation.org" />
-
-
-	<!--	!www redirects to www.	-->
-	<rule from="^https?://(?:www\.)?osrfoundation\.org/"
-		to="https://www.osrfoundation.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Open-WebMail.xml b/src/chrome/content/rules/Open-WebMail.xml
deleted file mode 100644
index 2572d4d7a85e..000000000000
--- a/src/chrome/content/rules/Open-WebMail.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="Open WebMail" default_off="self-signed">
-
-	<target host="openwebmail.org" />
-	<target host="www.openwebmail.org" />
-
-	<!--	Cert doesn't match !www.	-->
-	<rule from="^http://(?:www\.)?openwebmail\.org/"
-		to="https://openwebmail.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Open.ac.uk.xml b/src/chrome/content/rules/Open.ac.uk.xml
new file mode 100644
index 000000000000..ef936c2f6a0a
--- /dev/null
+++ b/src/chrome/content/rules/Open.ac.uk.xml
@@ -0,0 +1,60 @@
+<!--
+	The Open University
+
+	Non-functional hosts
+		Couldn't connect to server:
+			 - business-school.open.ac.uk
+			 - centre-for-policing.open.ac.uk
+			 - fass.open.ac.uk
+			 - law-school.open.ac.uk
+			 - library.open.ac.uk
+			 - oro.open.ac.uk
+			 - stem.open.ac.uk
+			 - wels.open.ac.uk
+			 - www7.open.ac.uk
+			 - www8.open.ac.uk
+
+		Timeout was reached:
+			 - giving.open.ac.uk
+
+		SSL connect error:
+			 - pirate.open.ac.uk
+
+		SSL peer certificate was not OK:
+			 - open.ac.uk
+			 - info1.open.ac.uk
+
+		4xx client error:
+			 - www3.open.ac.uk
+-->
+<ruleset name="Open.ac.uk (partial)">
+	<target host="open.ac.uk" />
+	<target host="www.open.ac.uk" />
+	<target host="appstore.open.ac.uk" />
+	<target host="css2.open.ac.uk" />
+	<target host="intranet.open.ac.uk" />
+	<target host="learn1.open.ac.uk" />
+	<target host="mediaplayer.open.ac.uk" />
+	<target host="msds.open.ac.uk" />
+	<target host="player.open.ac.uk" />
+	<target host="podcast.open.ac.uk" />
+	<target host="researchposters.open.ac.uk" />
+	<target host="www2.open.ac.uk" />
+
+	<securecookie host="^open\.ac\.uk$" name=".+" />
+	<securecookie host="^www\.open\.ac\.uk$" name=".+" />
+	<securecookie host="^msds\.open\.ac\.uk$" name=".+" />
+
+	<rule from="^http://open\.ac\.uk/"
+			to="https://www.open.ac.uk/" />
+
+	<rule from="^http:"
+			to="https:" />
+
+	<exclusion pattern="^http://(www\.)?open\.ac\.uk/courses(/|$)" />
+
+	<test url="http://open.ac.uk/courses" />
+	<test url="http://www.open.ac.uk/courses" />
+	<test url="http://open.ac.uk/courses/arts" />
+	<test url="http://www.open.ac.uk/courses/arts" />
+</ruleset>
diff --git a/src/chrome/content/rules/Open.com.au.xml b/src/chrome/content/rules/Open.com.au.xml
new file mode 100644
index 000000000000..ca947b8a0ffd
--- /dev/null
+++ b/src/chrome/content/rules/Open.com.au.xml
@@ -0,0 +1,12 @@
+<ruleset name="Open.com.au">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="open.com.au" />
+	<target host="www.open.com.au" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OpenAFS.org.xml b/src/chrome/content/rules/OpenAFS.org.xml
index de7f9b5908fc..94d9a275243c 100644
--- a/src/chrome/content/rules/OpenAFS.org.xml
+++ b/src/chrome/content/rules/OpenAFS.org.xml
@@ -4,16 +4,35 @@
 		- git *
 		- wiki *
 
-	* http reply
+	* Shows default page
+
+
+	Problematic hosts in *openafs.org:
+
+		- docs *
+		- workshop *
+
+	* Mismatched
+
+
+	Fully covered hosts in *openafs.org:
+
+		- (www.)?
+		- lists
 
 -->
-<ruleset name="OpenAFS.org">
+<ruleset name="OpenAFS.org (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="openafs.org" />
-	<target host="*.openafs.org" />
+	<!--target host="docs.openafs.org" /-->
+	<target host="lists.openafs.org" />
+	<!--target host="workshop.openafs.org" /-->
+	<target host="www.openafs.org" />
 
 
-	<rule from="^http://((?:docs|lists|worshop|www)\.)?openafs\.org/"
-		to="https://$1openafs.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/OpenAI.com.xml b/src/chrome/content/rules/OpenAI.com.xml
new file mode 100644
index 000000000000..69aa221457cb
--- /dev/null
+++ b/src/chrome/content/rules/OpenAI.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="OpenAI.com">
+
+	<target host="openai.com" />
+	<target host="www.openai.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OpenAccessButton.org.xml b/src/chrome/content/rules/OpenAccessButton.org.xml
new file mode 100644
index 000000000000..729f7558c66c
--- /dev/null
+++ b/src/chrome/content/rules/OpenAccessButton.org.xml
@@ -0,0 +1,28 @@
+<!--
+	Invalid certificate:
+		www.openaccessbutton.org
+		data.openaccessbutton.org
+
+-->
+<ruleset name="OpenAccessButton.org">
+
+	<target host="openaccessbutton.org" />
+	<target host="www.openaccessbutton.org" />
+	<target host="api.openaccessbutton.org" />
+	<target host="blog.openaccessbutton.org" />
+	<target host="data.openaccessbutton.org" />
+	<target host="dev.openaccessbutton.org" />
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?openaccessbutton\.org$" name="^session$" /-->
+
+	<securecookie host="^(?:www\.)?openaccessbutton\.org$" name=".+" />
+
+	<rule from="^http://(www|data)\.openaccessbutton\.org/"
+		to="https://openaccessbutton.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OpenAdultDirectory.com.xml b/src/chrome/content/rules/OpenAdultDirectory.com.xml
index 4db5f16aea77..fb657bc8a583 100644
--- a/src/chrome/content/rules/OpenAdultDirectory.com.xml
+++ b/src/chrome/content/rules/OpenAdultDirectory.com.xml
@@ -1,4 +1,7 @@
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://openadultdirectory.com/ => http://openadultdirectory.com/: (28, 'Operation timed out after 15001 milliseconds with 3872 bytes received')
+Fetch error: http://www.openadultdirectory.com/ => http://www.openadultdirectory.com/: (28, 'Connection timed out after 10000 milliseconds')
 	At least some paths 404.
 
 -->
@@ -11,4 +14,4 @@
 	<rule from="^http://(www\.)?openadultdirectory\.com/(banner-img/|favicon\.ico|oad_html/images/)"
 		to="https://$1openadultdirectory.com/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/OpenAthens.xml b/src/chrome/content/rules/OpenAthens.xml
deleted file mode 100644
index 646bbb983060..000000000000
--- a/src/chrome/content/rules/OpenAthens.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="OpenAthens (partial)">
-
-	<target host="auth.athensams.net"/>
-
-	<rule from="^http://auth\.athensams\.net/"
-		to="https://auth.athensams.net/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/OpenBSD.org.xml b/src/chrome/content/rules/OpenBSD.org.xml
new file mode 100644
index 000000000000..dc5b473d84da
--- /dev/null
+++ b/src/chrome/content/rules/OpenBSD.org.xml
@@ -0,0 +1,24 @@
+<!--
+	Mismatched certificate:
+		- firmware.openbsd.org
+
+-->
+<ruleset name="OpenBSD.org (partial)">
+	<target host="openbsd.org" />
+	<target host="www.openbsd.org" />
+	<target host="cvsweb.openbsd.org" />
+	<target host="ftp.openbsd.org" />
+	<target host="ftp.eu.openbsd.org" />
+	<target host="ftp2.eu.openbsd.org" />
+	<target host="ftp.fr.openbsd.org" />
+	<target host="ftp.usa.openbsd.org" />
+	<target host="ftp3.usa.openbsd.org" />
+	<target host="ftp4.usa.openbsd.org" />
+	<target host="ftp5.usa.openbsd.org" />
+	<target host="lists.openbsd.org" />
+	<target host="man.openbsd.org" />
+	<target host="portroach.openbsd.org" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/OpenBSDEurope.com.xml b/src/chrome/content/rules/OpenBSDEurope.com.xml
deleted file mode 100644
index 1e65fa01dd07..000000000000
--- a/src/chrome/content/rules/OpenBSDEurope.com.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="OpenBSD Europe">
-  <target host="openbsdeurope.com" />
-  <target host="shop.openbsdeurope.com" />
-
-  <rule from="^http://(?:shop\.)?openbsdeurope\.com/" to="https://shop.openbsdeurope.com/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/OpenBSD_Store.com.xml b/src/chrome/content/rules/OpenBSD_Store.com.xml
new file mode 100644
index 000000000000..58127fd23ea0
--- /dev/null
+++ b/src/chrome/content/rules/OpenBSD_Store.com.xml
@@ -0,0 +1,19 @@
+<ruleset name="OpenBSD Store.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="openbsdstore.com" />
+	<target host="www.openbsdstore.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.openbsdstore\.com$" name="^REALURLMEDOC%23shop_openbsdeurope_dollar$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OpenBenchmarking.org.xml b/src/chrome/content/rules/OpenBenchmarking.org.xml
new file mode 100644
index 000000000000..650a42b5e90f
--- /dev/null
+++ b/src/chrome/content/rules/OpenBenchmarking.org.xml
@@ -0,0 +1,19 @@
+<!--
+	For other Phoronix Media coverage, see Phoronix-Media.xml.
+
+-->
+<ruleset name="OpenBenchmarking.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="openbenchmarking.org" />
+	<target host="www.openbenchmarking.org" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OpenCCC.xml b/src/chrome/content/rules/OpenCCC.xml
new file mode 100644
index 000000000000..261f0eeafb53
--- /dev/null
+++ b/src/chrome/content/rules/OpenCCC.xml
@@ -0,0 +1,25 @@
+<ruleset name="OpenCCC">
+
+	<target host="openccc.net" />
+	<target host="admin.openccc.net" />
+	<target host="test.admin.openccc.net" />
+	<target host="ci.openccc.net" />
+	<target host="ci.control.openccc.net" />
+	<target host="www.openccc.net" />
+
+
+	<securecookie host="(^|\.)(admin|test\.admin|ci|ci\.control|www)\.openccc\.net$" name=".+" />
+
+
+	<exclusion pattern="^http://((ci|www)\.)?openccc\.net/$" />
+
+
+	<test url="http://openccc.net/" />
+	<test url="http://ci.openccc.net/" />
+	<test url="http://www.openccc.net/" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OpenCPU.org.xml b/src/chrome/content/rules/OpenCPU.org.xml
new file mode 100644
index 000000000000..157bf2eb32e2
--- /dev/null
+++ b/src/chrome/content/rules/OpenCPU.org.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .opencpu.org
+
+-->
+<ruleset name="OpenCPU.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="opencpu.org" />
+	<target host="www.opencpu.org" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.opencpu\.org$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OpenCSW.org.xml b/src/chrome/content/rules/OpenCSW.org.xml
new file mode 100644
index 000000000000..87c7171057d5
--- /dev/null
+++ b/src/chrome/content/rules/OpenCSW.org.xml
@@ -0,0 +1,23 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://opencsw.org/ => https://opencsw.org/: (51, "SSL: no alternative certificate subject name matches target host name 'opencsw.org'")
+
+	Nonfunctional hosts in *opencsw.org:
+
+		- wiki *
+
+	* Redirects to http
+
+-->
+<ruleset name="OpenCSW.org (partial)" default_off="failed ruleset test">
+
+	<target host="opencsw.org" />
+	<target host="lists.opencsw.org" />
+	<target host="www.opencsw.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OpenCV.org.xml b/src/chrome/content/rules/OpenCV.org.xml
new file mode 100644
index 000000000000..2c532ae70cff
--- /dev/null
+++ b/src/chrome/content/rules/OpenCV.org.xml
@@ -0,0 +1,26 @@
+<!--
+	Self-signed:
+		- www.answers
+		- www.code
+
+	Mismatched:
+		- www.courses
+		- dl
+		- www.store
+-->
+<ruleset name="OpenCV.org">
+	<target host="opencv.org" />
+	<target host="www.opencv.org" />
+	<target host="answers.opencv.org" />
+	<target host="build.opencv.org" />
+	<target host="www.build.opencv.org" />
+	<target host="code.opencv.org" />
+	<target host="courses.opencv.org" />
+	<target host="docs.opencv.org" />
+	<target host="www.docs.opencv.org" />
+	<target host="pullrequest.opencv.org" />
+	<target host="www.pullrequest.opencv.org" />
+	<target host="store.opencv.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/OpenCalais.xml b/src/chrome/content/rules/OpenCalais.xml
deleted file mode 100644
index 836c3552c4ee..000000000000
--- a/src/chrome/content/rules/OpenCalais.xml
+++ /dev/null
@@ -1,72 +0,0 @@
-<!--
-	CDN buckets:
-
-		- opencalais-com-p-1664263593.us-east-1.elb.amazonaws.com
-			- api.opencalais.org
-
-		- proxycluster-p-2125821298.us-east-1.elb.amazonaws.com
-			- beta.opencalais.org
-
-
-	Nonfunctional subdomains:
-
-		- beta *
-		- opencalaisbeta.api *
-		- viewer		(redirects to opencalais.com/gnosis)
-
-	* Mismatch, CN: *.mashery.com
-
-
-	Problematic subdomains:
-
-		- mail		(mismatch, CN: *.gridserver.com)
-
-
-	Partially supported subdomains:
-
-		- (www.)	(some paths 404)
-
--->
-<ruleset name="OpenCalais (partial)">
-
-	<target host="opencalais.org" />
-	<target host="*.opencalais.org" />
-		<!--
-			These paths 404:
-
-				- about$
-				- about/developer$
-				- APIkey$
-				- apps/register$
-				- blog$
-				- Community$
-				- Contact$
-				- documentation/opencalais-documentation$
-				- faq$
-				- forum/3
-				- news/opencalais-46-now-released$
-				- news-room$
-				- rss-feeds$
-				- showcase$
-				- user$
-
-			These paths don't:
-
-				- $ *
-				- files/
-				- misc/
-				- sites/
-				- themes/
-
-			* $ points to pages which do 404.
-
-		<exclusion pattern="^http://(?:www\.)?opencalais\.org/(?:APIkey|apps|about|blog|CommercialCalais|Community|Contact|documentation|faq|forum|news|news-room|rss-feeds|showcase|user)(?:$|\?|/)" /-->
-
-
-	<rule from="^http://(www\.)?opencalais\.org/(files|misc|sites|themes)/"
-		to="https://$1opencalais.org/$2/" />
-
-	<rule from="^http://api\.opencalais\.org/"
-		to="https://api.opencalais.org/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/OpenCart.com.xml b/src/chrome/content/rules/OpenCart.com.xml
new file mode 100644
index 000000000000..3017133a51a2
--- /dev/null
+++ b/src/chrome/content/rules/OpenCart.com.xml
@@ -0,0 +1,37 @@
+<!--
+	Nonfunctional hosts in *opencart.com:
+
+		- forums *
+
+	* Shows www.opencart.com
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .opencart.com
+		- www.opencart.com
+		- .www.opencart.com
+
+-->
+<ruleset name="OpenCart.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="opencart.com" />
+	<target host="www.opencart.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.opencart\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+	<!--securecookie host="^www\.opencart\.com$" name="^PHPSESSID" /-->
+	<!--securecookie host="^\.www\.opencart\.com$" name="^currency$" /-->
+
+	<securecookie host="^\.opencart\.com$" name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\.?www\.opencart\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OpenClassrooms.xml b/src/chrome/content/rules/OpenClassrooms.xml
new file mode 100644
index 000000000000..34ef978b83d9
--- /dev/null
+++ b/src/chrome/content/rules/OpenClassrooms.xml
@@ -0,0 +1,34 @@
+<!--
+	Other OpenClassrooms rulesets:
+
+		- OC-static.com.xml
+
+
+    https version of {lists,next}.openclassrooms.com
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- openclassrooms.com
+		- .openclassrooms.com
+		- www.openclassrooms.com
+
+-->
+<ruleset name="OpenClassrooms.com">
+
+	<target host="openclassrooms.com" />
+	<target host="www.openclassrooms.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^openclassrooms\.com$" name="^(?:AWSELB|PHPSESSID)$" /-->
+	<!--securecookie host="^\.openclassrooms\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+	<!--securecookie host="^www\.openclassrooms\.com$" name="^AWSELB$" /-->
+
+	<securecookie host="^(?:\.|www\.)?openclassrooms\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/OpenClipart.org.xml b/src/chrome/content/rules/OpenClipart.org.xml
new file mode 100644
index 000000000000..8d6315d9ec40
--- /dev/null
+++ b/src/chrome/content/rules/OpenClipart.org.xml
@@ -0,0 +1,16 @@
+<!--
+	Invalid certificate:
+		www.openclipart.org
+
+-->
+<ruleset name="Open Clipart.org">
+
+	<target host="openclipart.org" />
+	<target host="www.openclipart.org" />
+
+	<securecookie host="^\.openclipart\.org$" name=".+" />
+
+	<rule from="^http://(www\.)?openclipart\.org/"
+		to="https://openclipart.org/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OpenContrail.org.xml b/src/chrome/content/rules/OpenContrail.org.xml
new file mode 100644
index 000000000000..bdd2e1a222b2
--- /dev/null
+++ b/src/chrome/content/rules/OpenContrail.org.xml
@@ -0,0 +1,15 @@
+<!--
+	(www.)?opencontrail.org: Refused
+
+-->
+<ruleset name="OpenContrail.org (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="review.opencontrail.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OpenCores.xml b/src/chrome/content/rules/OpenCores.xml
deleted file mode 100644
index c18d8a5e86b8..000000000000
--- a/src/chrome/content/rules/OpenCores.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- cdn	(403)
-
--->
-<ruleset name="OpenCores (partial)">
-
-	<target host="opencores.org" />
-	<target host="www.opencores.org" />
-
-
-	<securecookie host="^opencores\.org$" name=".*" />
-
-
-	<!--	- www 403s over https
-		- www redirects to !www over http
-			-->
-	<rule from="^https?://(?:www\.)?opencores\.org/"
-		to="https://opencores.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/OpenCorporates.com.xml b/src/chrome/content/rules/OpenCorporates.com.xml
new file mode 100644
index 000000000000..ccc0bce55b19
--- /dev/null
+++ b/src/chrome/content/rules/OpenCorporates.com.xml
@@ -0,0 +1,59 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://support.opencorporates.com/ => https://support.opencorporates.com/: (6, 'Could not resolve host: support.opencorporates.com')
+
+	Nonfunctional hosts in *opencorporates.com:
+
+		- assets *
+		- registries *
+
+	* Shows ^opencorporates.com
+
+
+	Problematic hosts in *opencorporates.com:
+
+		- blog *
+
+	* WordPress
+
+
+	These altnames don't exist:
+
+		- www.api.opencorporates.com
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- opencorporates.com
+		- .opencorporates.com
+		- www.opencorporates.com
+
+-->
+<ruleset name="OpenCorporates.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="opencorporates.com" />
+	<target host="api.opencorporates.com" />
+	<target host="missions.opencorporates.com" />
+	<target host="sources.opencorporates.com" />
+	<target host="support.opencorporates.com" />
+	<target host="turbot.opencorporates.com" />
+	<target host="wiki.opencorporates.com" />
+	<target host="www.opencorporates.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?opencorporates\.com$" name="^SERVERID$" /-->
+	<!--securecookie host="^\.opencorporates\.com$" name="^_openc_turbot_session$" /-->
+
+	<securecookie host="^(?:www\.)?opencorporates\.com$" name=".+" />
+	<securecookie host="^\.opencorporates\.com$" name="^_openc_turbot_session$" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OpenCycleMap.org.xml b/src/chrome/content/rules/OpenCycleMap.org.xml
new file mode 100644
index 000000000000..6a9c7487e3e4
--- /dev/null
+++ b/src/chrome/content/rules/OpenCycleMap.org.xml
@@ -0,0 +1,17 @@
+<!--
+	Invalid certificate:
+		tile.opencyclemap.org
+		*.tile.opencyclemap.org
+		tile\d.opencyclemap.org
+		*.tile\d.opencyclemap.org
+
+-->
+<ruleset name="OpenCycleMap.org">
+
+	<target host="opencyclemap.org" />
+	<target host="www.opencyclemap.org" />
+	<target host="shop.opencyclemap.org" />
+
+	<rule from="^http:"	to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OpenDNS.xml b/src/chrome/content/rules/OpenDNS.xml
index 38761768f193..7d6b9bf3b291 100644
--- a/src/chrome/content/rules/OpenDNS.xml
+++ b/src/chrome/content/rules/OpenDNS.xml
@@ -1,32 +1,93 @@
 <!--
+	Other OpenDNS rulesets:
+
+		- BGPStream.com.xml
+
+
 	CDN buckets:
 
 		- d1c21ex135qvy3.cloudfront.net
 
 			- cdn-blog
 
+
+	Nonfunctional hosts in *opendns.com:
+
+		- feeds *
+
+	* Handshake fails
+
+
+	Fully covered hosts in *opendns.com:
+
+		- (www.)?
+		- blog
+		- careers
+		- cdn-blog	(→ d1c21ex135qvy3.cloudfront.net)
+		- community
+		- dashboard
+		- engineering
+		- ideabank
+		- labs
+		- login
+		- shared
+		- support
+		- system
+
+
+	Insecure cookies are set for these domains:
+
+		- .opendns.com
+
+
+	Mixed content:
+
+		- Images on community from shared.opendns.com
+		- Bug on labs from code.highcharts.com *
+
+	* Secured by us
+
 -->
-<ruleset name="OpenDNS (JS loop)" default_off="https://lists.eff.org/pipermail/https-everywhere-rules/2013-November/001736.html">
+<ruleset name="OpenDNS (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="opendns.com" />
-	<target host="*.opendns.com" />
-		<!--
-			https://trac.torproject.org/projects/tor/ticket/3734
+	<target host="blog.opendns.com" />
+	<target host="careers.opendns.com" />
+	<target host="community.opendns.com" />
+	<target host="dashboard.opendns.com" />
+	<target host="engineering.opendns.com" />
+	<target host="ideabank.opendns.com" />
+	<target host="labs.opendns.com" />
+	<target host="login.opendns.com" />
+	<target host="shared.opendns.com" />
+	<target host="support.opendns.com" />
+	<target host="system.opendns.com" />
+	<target host="www.opendns.com" />
+
+	<!--	Complications:
+				-->
+	<target host="cdn-blog.opendns.com" />
+
+		<!--	https://trac.torproject.org/projects/tor/ticket/3734
 										-->
-		<exclusion pattern="^http://screenshots\.opendns\.com/" />
+		<!--exclusion pattern="^http://screenshots\.opendns\.com/" /-->
 		<!--
 			More breakage reported by OpenDNS users:
 								 -->
-		<exclusion pattern="^http://(?:block|feeds|guide|info|malware|phish)\.opendns\.com/" />
+		<!--exclusion pattern="^http://(?:block|feeds|guide|info|malware|phish)\.opendns\.com/" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.opendns\.com$" name="^OPENDNS_ACCOUNT$" /-->
 
 
 	<rule from="^http://cdn-blog\.opendns\.com/"
 		to="https://d1c21ex135qvy3.cloudfront.net/" />
 
-	<rule from="^http://opendns\.com/"
-		to="https://www.opendns.com/" />
-
-	<rule from="^http://([^/:@\.]+)\.opendns\.com/"
-		to="https://$1.opendns.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/OpenDNSSEC.org.xml b/src/chrome/content/rules/OpenDNSSEC.org.xml
new file mode 100644
index 000000000000..eb58c60d248a
--- /dev/null
+++ b/src/chrome/content/rules/OpenDNSSEC.org.xml
@@ -0,0 +1,26 @@
+<!--
+	For more NLnet Labs related ruleset, see NLnet_Labs.nl.xml
+
+	Non-functional hosts
+		Couldn't connect to server:
+			 - tools.opendnssec.org
+
+		SSL peer certificate was not OK:
+			 - bugs.opendnssec.org
+			 - ns.opendnssec.org
+-->
+<ruleset name="OpenDNSSEC.org (partial)">
+	<target host="www.opendnssec.org" />
+	<target host="crowd.opendnssec.org" />
+	<target host="dist.opendnssec.org" />
+	<target host="issues.opendnssec.org" />
+	<target host="jenkins.opendnssec.org" />
+	<target host="lists.opendnssec.org" />
+	<target host="svn.opendnssec.org" />
+	<target host="wiki.opendnssec.org" />
+
+	<securecookie host="^www\.opendnssec\.org$" name=".+" />
+	<securecookie host="^lists\.opendnssec\.org$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/OpenDZ.xml b/src/chrome/content/rules/OpenDZ.xml
index e40514fea2ac..043a501b1706 100644
--- a/src/chrome/content/rules/OpenDZ.xml
+++ b/src/chrome/content/rules/OpenDZ.xml
@@ -8,11 +8,11 @@
 	<target host="www.opendz.org" />
 
 
-	<securecookie host="^opendz\.org$" name=".*" />
+	<securecookie host="^opendz\.org$" name=".+" />
 
 
 	<!--	Cert only matches !www.	-->
-	<rule from="^https?://(?:www\.)?opendz\.org/"
+	<rule from="^http://(?:www\.)?opendz\.org/"
 		to="https://opendz.org/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/OpenDaylight.xml b/src/chrome/content/rules/OpenDaylight.xml
index 2b98233adfe4..a6001308b0fa 100644
--- a/src/chrome/content/rules/OpenDaylight.xml
+++ b/src/chrome/content/rules/OpenDaylight.xml
@@ -2,13 +2,34 @@
 	For other Linux Foundation coverage, see LinuxFoundation.xml.
 
 -->
-<ruleset name="OpenDaylight">
+<ruleset name="OpenDaylight.org (partial)">
 
 	<target host="opendaylight.org" />
+	<target host="wiki.opendaylight.org" />
 	<target host="www.opendaylight.org" />
 
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.opendaylight\.org/$" /-->
 
-	<rule from="^http://(www\.)?opendaylight\.org/"
-		to="https://$1opendaylight.org/" />
+		<!--	Exceptions:
+					-->
+		<exclusion pattern="^http://www\.opendaylight\.org/+(?!misc/|sites/)" />
 
-</ruleset>
\ No newline at end of file
+			<!--	+ve:
+					-->
+			<test url="http://www.opendaylight.org/blog" />
+			<test url="http://www.opendaylight.org/news" />
+			<test url="http://www.opendaylight.org/software/downloads" />
+			<test url="http://www.opendaylight.org/trademarks" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.opendaylight.org/misc/menu-leaf.png" />
+			<test url="http://www.opendaylight.org/sites/all/themes/opendaylight/ixm/images/di_white.png" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OpenDefinition.org.xml b/src/chrome/content/rules/OpenDefinition.org.xml
new file mode 100644
index 000000000000..2ea9fc7dcfab
--- /dev/null
+++ b/src/chrome/content/rules/OpenDefinition.org.xml
@@ -0,0 +1,9 @@
+<ruleset name="OpenDefinition.org">
+
+	<target host="opendefinition.org" />
+	<target host="www.opendefinition.org" />
+	<target host="licenses.opendefinition.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OpenEZX.org.xml b/src/chrome/content/rules/OpenEZX.org.xml
deleted file mode 100644
index 59057217ade1..000000000000
--- a/src/chrome/content/rules/OpenEZX.org.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="OpenEZX.org (CAcert, partial)" platform="cacert">
-
-	<target host="svn.openezx.com" />
-	<target host="svn.openezx.net" />
-	<target host="svn.openezx.org" />
-
-	<rule from="^http://svn\.openezx\.(com|net|org)/"
-		to="https://svn.openezx.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/OpenF2.org.xml b/src/chrome/content/rules/OpenF2.org.xml
index 5270501543fa..f1ade5984003 100644
--- a/src/chrome/content/rules/OpenF2.org.xml
+++ b/src/chrome/content/rules/OpenF2.org.xml
@@ -60,9 +60,15 @@
 -->
 <ruleset name="OpenF2.org (partial)">
 
-	<target host="*.openf2.com" />
+	<target host="www.openf2.com" />
+	<target host="developer.openf2.com" />
 	<target host="openf2.org" />
-	<target host="*.openf2.org" />
+	<target host="cdn.openf2.org" />
+	<target host="developer.openf2.org" />
+	<target host="developer.btc.openf2.org" />
+	<target host="developer.ltc.openf2.org" />
+	<target host="services.openf2.org" />
+	<target host="www.openf2.org" />
 
 
 	<securecookie host="^developer\.openf2\.com$" name=".+" />
@@ -72,10 +78,7 @@
 	<rule from="^http://www\.openf2\.com/"
 		to="https://www.openf2.org/" />
 
-	<rule from="^http://developer\.openf2\.com/"
-		to="https://developer.openf2.com/" />
 
-	<rule from="^http://((?:cdn|developer(?:\.[bl]tc)?|services|www)\.)?openf2\.org/"
-		to="https://$1openf2.org/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/OpenFabrics-Alliance.xml b/src/chrome/content/rules/OpenFabrics-Alliance.xml
index 8373454f0af6..7271fba7a62f 100644
--- a/src/chrome/content/rules/OpenFabrics-Alliance.xml
+++ b/src/chrome/content/rules/OpenFabrics-Alliance.xml
@@ -1,13 +1,29 @@
-<ruleset name="OpenFabrics Alliance">
+<!--
+	OpenFabrics Alliance
 
+
+	Nonfunctional hosts in *openfabrics.org:
+
+		- bugs *
+		- downloads *
+		- git *
+		- lists *
+
+	* Shows ^openfabrics.org
+
+-->
+<ruleset name="OpenFabrics.org (partial)">
+
+	<!--	Direct rewrites:
+				-->
 	<target host="openfabrics.org" />
 	<target host="www.openfabrics.org" />
 
 
-	<securecookie host="^(www\.)?openfabrics\.org$" name=".*" />
+	<securecookie host="^(?:www\.)?openfabrics\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?openfabrics\.org/"
-		to="https://$1openfabrice.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/OpenGL.xml b/src/chrome/content/rules/OpenGL.xml
index 4d40cf9d5670..f7bae68c5b06 100644
--- a/src/chrome/content/rules/OpenGL.xml
+++ b/src/chrome/content/rules/OpenGL.xml
@@ -1,13 +1,26 @@
-<ruleset name="OpenGL">
+<!--
+	Insecure cookies are set for these hosts:
 
+		 - opengl.org
+		 - www.opengl.org
+
+-->
+<ruleset name="OpenGL.org">
+
+	<!--	Direct rewrites:
+				-->
 	<target host="opengl.org" />
 	<target host="www.opengl.org" />
 
 
-	<securecookie host="^www\.opengl\.org$" name=".*" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?opengl\.org$" name="^(bb_sessionhash|opengl_last_activity|opengl_last_visit|opengl_tracker|PHPSESSID)$" /-->
+
+	<securecookie host="^(?:www\.)?opengl\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?opengl\.org/"
-		to="https://$1opengl.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/OpenGroup.org.xml b/src/chrome/content/rules/OpenGroup.org.xml
new file mode 100644
index 000000000000..949336b119f5
--- /dev/null
+++ b/src/chrome/content/rules/OpenGroup.org.xml
@@ -0,0 +1,104 @@
+<!--
+	Incomplete certificate chain:
+		- personal
+		- pluto
+		- pluto.rdg
+		- store2
+		- wiki2
+
+	HTTP =/= HTTPS:
+		- newsletter
+		- ns1
+		- salesforce
+
+	Mismatched:
+		- www.db
+		- vm1.face
+		- img
+		- test.proto
+		- www.rdg
+		- xoneweb.rdg
+		- soa-standards
+
+	No route to host:
+		- new
+		- old
+		- oldweb
+		- webproxy
+		- www5
+
+	Self-signed certificate:
+		- cloud
+		- www4
+
+	Connection timed out:
+		- api
+		- pictures
+		- tracking
+-->
+<ruleset name="OpenGroup.org">
+	<target host="opengroup.org" />
+	<target host="www.opengroup.org" />
+	<target host="adl.opengroup.org" />
+	<target host="archimate-cert.opengroup.org" />
+	<target host="archive.opengroup.org" />
+	<target host="blog.opengroup.org" />
+	<target host="bridge.opengroup.org" />
+	<target host="certification.opengroup.org" />
+	<target host="collaboration.opengroup.org" />
+	<target host="cvs.opengroup.org" />
+	<target host="d1.opengroup.org" />
+	<target host="d7.opengroup.org" />
+	<target host="events.opengroup.org" />
+	<target host="gitlab.opengroup.org" />
+	<target host="help.opengroup.org" />
+	<target host="info.opengroup.org" />
+	<target host="it4it-cert.opengroup.org" />
+	<target host="jserver.opengroup.org" />
+	<target host="m1.opengroup.org" />
+	<target host="m2.opengroup.org" />
+	<target host="miniweb.opengroup.org" />
+	<target host="mmforum.opengroup.org" />
+	<target host="naspl-cert.opengroup.org" />
+	<target host="ns0.opengroup.org" />
+	<target host="omi.opengroup.org" />
+	<target host="openca-cert.opengroup.org" />
+	<target host="openfair-cert.opengroup.org" />
+	<target host="openmotif.opengroup.org" />
+	<target host="ottps-accred.opengroup.org" />
+	<target host="ottps-cert.opengroup.org" />
+	<target host="pay.opengroup.org" />
+	<target host="paystaging.opengroup.org" />
+	<target host="www.pictures.opengroup.org" />
+	<target host="plato.opengroup.org" />
+	<target host="plato-test.opengroup.org" />
+	<target host="posix.opengroup.org" />
+	<target host="prod.opengroup.org" />
+	<target host="profile.opengroup.org" />
+	<target host="projects.opengroup.org" />
+	<target host="prometheus.opengroup.org" />
+	<target host="proto.opengroup.org" />
+	<target host="publications.opengroup.org" />
+	<target host="publicationsstaging.opengroup.org" />
+	<target host="pubs.opengroup.org" />
+	<target host="reports.opengroup.org" />
+	<target host="s1.opengroup.org" />
+	<target host="search.opengroup.org" />
+	<target host="shop.opengroup.org" />
+	<target host="shopstaging.opengroup.org" />
+	<target host="sso.opengroup.org" />
+	<target host="store.opengroup.org" />
+	<target host="svn.opengroup.org" />
+	<target host="tetware.opengroup.org" />
+	<target host="tetworks.opengroup.org" />
+	<target host="togaf-cert.opengroup.org" />
+	<target host="togaf9-cert.opengroup.org" />
+	<target host="ts-help.opengroup.org" />
+	<target host="w1.opengroup.org" />
+	<target host="web.opengroup.org" />
+	<target host="wiki.opengroup.org" />
+	<target host="www2.opengroup.org" />
+	<target host="www6.opengroup.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/OpenHPI.xml b/src/chrome/content/rules/OpenHPI.xml
index 683e4fc0f76b..820c0437e3b9 100644
--- a/src/chrome/content/rules/OpenHPI.xml
+++ b/src/chrome/content/rules/OpenHPI.xml
@@ -1,13 +1,35 @@
-<ruleset name="openHPI">
+<!--
+	For other Hasso Plattner Institute coverage, see HPI.de.xml.
 
+
+	Fully covered hosts in *openhpi.de:
+
+		- (www.)?
+		- blog
+
+
+	Insecure cookies are set for these hosts:
+
+		- blog.openhpi.de
+
+-->
+<ruleset name="openHPI.de">
+
+	<!--	Direct rewrites:
+				-->
 	<target host="openhpi.de" />
+	<target host="blog.openhpi.de" />
 	<target host="www.openhpi.de" />
 
 
-	<securecookie host="^(?:www\.)?openhpi\.de$" name=".+" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^blog\.openhpi\.de$" name="^pll_language$" /-->
+
+	<securecookie host="^(?:blog\.|www\.)?openhpi\.de$" name=".+" />
 
 
-	<rule from="^http://(www\.)?openhpi\.de(:8443)?/"
-		to="https://$1openhpi.de$2/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/OpenHatch.org-problematic.xml b/src/chrome/content/rules/OpenHatch.org-problematic.xml
index 488620d74560..165ecd1a4b61 100644
--- a/src/chrome/content/rules/OpenHatch.org-problematic.xml
+++ b/src/chrome/content/rules/OpenHatch.org-problematic.xml
@@ -4,6 +4,8 @@
 -->
 <ruleset name="OpenHatch.org (problematic)" default_off="mismatched">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="forum.openhatch.org" />
 	<target host="lists.openhatch.org" />
 
@@ -11,7 +13,7 @@
 	<securecookie host="^forum\.openhatch\.org$" name=".+" />
 
 
-	<rule from="^http://(forum|lists)\.openhatch\.org/"
-		to="https://$1.openhatch.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/OpenHatch.org.xml b/src/chrome/content/rules/OpenHatch.org.xml
index a56174c42657..0769dd2666b7 100644
--- a/src/chrome/content/rules/OpenHatch.org.xml
+++ b/src/chrome/content/rules/OpenHatch.org.xml
@@ -1,12 +1,19 @@
 <!--
+
 	For problematic rules, see OpenHatch.org-problematic.xml.
 
 
+	Nonfunctional subdomains:
+
+		- campus *
+
+	* Dropped
+
+
 	Problematic subdomains:
 
 		- forum *
 		- lists *
-		- www *
 
 	* Cert only matches ^openhatch.org
 
@@ -23,14 +30,16 @@
 -->
 <ruleset name="OpenHatch.org (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="openhatch.org" />
-	<target host="*.openhatch.org" />
+	<target host="www.openhatch.org" />
 
 
 	<securecookie host="^\.?openhatch\.org$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?openhatch\.org/"
-		to="https://openhatch.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/OpenHub.net.xml b/src/chrome/content/rules/OpenHub.net.xml
new file mode 100644
index 000000000000..627c44e9213c
--- /dev/null
+++ b/src/chrome/content/rules/OpenHub.net.xml
@@ -0,0 +1,18 @@
+<!--
+	Invalid certificate:
+		security.openhub.net
+
+-->
+<ruleset name="Open Hub.net">
+
+	<target host="openhub.net" />
+	<target host="www.openhub.net" />
+	<target host="blog.openhub.net" />
+	<target host="code.openhub.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OpenID.xml b/src/chrome/content/rules/OpenID.xml
index 051defd8cb50..74a947c0b4ce 100644
--- a/src/chrome/content/rules/OpenID.xml
+++ b/src/chrome/content/rules/OpenID.xml
@@ -1,19 +1,42 @@
 <!--
-	Problematic subdomains:
-
-		 - www	(cert only matches ^openid.net)
+	Invalid certificate:
+		demand.openid.net
+		hg.openid.net
+		ideas.openid.net
+		planet.openid.net
+		schemas.openid.net
+		specs.openid.net
+		wiki.openid.net
+
+	No working URL known:
+		staging.openid.net
+
+	Secure connection failed:
+		ac.openid.net
+		svn.openid.net
 
 -->
-<ruleset name="OpenID" platform="mixedcontent">
+<ruleset name="OpenID.net">
 
 	<target host="openid.net" />
 	<target host="www.openid.net" />
-
-
-	<securecookie host="^openid\.net$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?openid\.net/"
-		to="https://openid.net/" />
-
-</ruleset>
\ No newline at end of file
+	<target host="new-op.certification.openid.net" />
+	<target host="new-rp.certification.openid.net" />
+	<target host="old-op.certification.openid.net" />
+	<target host="old-rp.certification.openid.net" />
+	<target host="op.certification.openid.net" />
+	<target host="rp.certification.openid.net" />
+	<target host="lists.openid.net" />
+	<!--
+		signin.openid.net has different HTTP/HTTPS content, but the HTTP
+		content encourages users to use HTTPS instead, so including it as a
+		target is okay.
+	-->
+	<target host="signin.openid.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OpenIDEO.com.xml b/src/chrome/content/rules/OpenIDEO.com.xml
index e1e7d72b4782..bfa3625b9255 100644
--- a/src/chrome/content/rules/OpenIDEO.com.xml
+++ b/src/chrome/content/rules/OpenIDEO.com.xml
@@ -9,6 +9,8 @@
 -->
 <ruleset name="OpenIDEO.com (partial)" default_off="mismatched">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="openideo.com" />
 	<target host="www.openideo.com" />
 
@@ -16,7 +18,7 @@
 	<securecookie host="^www\.openideo\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?openideo\.com/"
-		to="https://$1openideo.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/OpenIT.xml b/src/chrome/content/rules/OpenIT.xml
index 54dd8749e36e..593399287f47 100644
--- a/src/chrome/content/rules/OpenIT.xml
+++ b/src/chrome/content/rules/OpenIT.xml
@@ -1,8 +1,13 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://openit.de/ => https://www.openit.de/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.openit.de/ => https://www.openit.de/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
 	Cert only matches www.
 
 -->
-<ruleset name="OpenIT">
+<ruleset name="OpenIT" default_off="failed ruleset test">
 
 	<target host="openit.de" />
 	<target host="www.openit.de" />
@@ -11,7 +16,7 @@
 	<securecookie host="^www\.openit\.de$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?openit\.de/"
+	<rule from="^http://(?:www\.)?openit\.de/"
 		to="https://www.openit.de/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/OpenITC.co.uk.xml b/src/chrome/content/rules/OpenITC.co.uk.xml
new file mode 100644
index 000000000000..55907b5c0877
--- /dev/null
+++ b/src/chrome/content/rules/OpenITC.co.uk.xml
@@ -0,0 +1,32 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://forums.openitc.co.uk/ => https://forums.openitc.co.uk/: (7, 'Failed to connect to forums.openitc.co.uk port 443: No route to host')
+
+	(www.)?openitc.co.uk: Refused
+
+
+	Insecure cookies are set for these hosts:
+
+		- forums.openitc.co.uk
+
+-->
+<ruleset name="OpenITC.co.uk (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="clients.openitc.co.uk" />
+	<target host="forums.openitc.co.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^forums\.openitc\.co\.uk$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^forums\.openitc\.co\.uk$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OpenITP.org.xml b/src/chrome/content/rules/OpenITP.org.xml
index 70467d692b45..7a5b37c794b5 100644
--- a/src/chrome/content/rules/OpenITP.org.xml
+++ b/src/chrome/content/rules/OpenITP.org.xml
@@ -1,30 +1,50 @@
+
 <!--
-	Fully covered subdomains:
+Disabled by https-everywhere-checker because:
+Fetch error: http://openitp.org/ => https://openitp.org/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://lists.openitp.org/ => https://lists.openitp.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://tracker.openitp.org/ => https://tracker.openitp.org/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://wiki.openitp.org/ => https://wiki.openitp.org/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.openitp.org/ => https://www.openitp.org/: (28, 'Connection timed out after 20000 milliseconds')
+
+	Nonfunctional hosts in *openitp.org:
+
+		- docs ᵈ
+
+	ᵈ Dropped
+
+
+	Problematic hosts in *openitp.org:
+
+		- prb ᵉ
+		- projects ᵐ
+
+	ᵉ Expired 2015
+	ᵐ Mismatched
 
-		- (www.)
-		- docs
-		- projects
-		- tracker
-		- wiki
 
+	Mixed content:
 
-	Observed cookie domains:
+		- css on (www.)?, prb from fonts.googleapis.com ˢ
 
-		- ^
-		- wiki
-		- www
+	ˢ Secured by us
 
 -->
-<ruleset name="OpenITP.org">
+<ruleset name="OpenITP.org (partial)" default_off="failed ruleset test">
 
 	<target host="openitp.org" />
-	<target host="*.openitp.org" />
+	<target host="lists.openitp.org" />
+	<!--target host="prb.openitp.org" /-->
+	<!--target host="projects.openitp.org" /-->
+	<target host="tracker.openitp.org" />
+	<target host="wiki.openitp.org" />
+	<target host="www.openitp.org" />
 
 
-	<securecookie host="^(?:.+\.)?openitp\.org$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://((?:docs|projects|tracker|wiki|www)\.)?openitp\.org/"
-		to="https://$1openitp.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/OpenLDAP.org.xml b/src/chrome/content/rules/OpenLDAP.org.xml
index 36cc0124e078..446b43c30d57 100644
--- a/src/chrome/content/rules/OpenLDAP.org.xml
+++ b/src/chrome/content/rules/OpenLDAP.org.xml
@@ -1,19 +1,30 @@
 <!--
-	Problematic subdomains:
-
-		- ^	(cert only matches *.openldap.org)
-
-
-	Expired 2012-09-02.
+	Invalid certificate:
+		- gauss.openldap.org
+		- root.openldap.org
 
+	Timeout:
+		- euler.openldap.org
 -->
-<ruleset name="OpenLDAP.org" default_off="expired, self-signed">
+<ruleset name="OpenLDAP.org">
 
 	<target host="openldap.org" />
 	<target host="www.openldap.org" />
-
-
-	<rule from="^http://(?:www\.)?openldap\.org/"
-		to="https://www.openldap.org/" />
-
-</ruleset>
\ No newline at end of file
+	<target host="cvs.openldap.org" />
+	<target host="cvsup.openldap.org" />
+	<target host="devel.openldap.org" />
+	<target host="directory.openldap.org" />
+	<target host="ftp.openldap.org" />
+	<target host="git.openldap.org" />
+	<target host="ldap.openldap.org" />
+	<target host="mail.openldap.org" />
+	<target host="mx.openldap.org" />
+	<target host="project.openldap.org" />
+	<target host="public.openldap.org" />
+	<target host="wwwtmp.openldap.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OpenLayers.org.xml b/src/chrome/content/rules/OpenLayers.org.xml
new file mode 100644
index 000000000000..90d31d98ca5b
--- /dev/null
+++ b/src/chrome/content/rules/OpenLayers.org.xml
@@ -0,0 +1,20 @@
+<!--
+	Invalid certificate:
+		dev.openlayers.org
+		docs.openlayers.org
+
+	Timeout:
+		svn.openlayers.org
+		trac.openlayers.org
+-->
+<ruleset name="OpenLayers.org">
+
+	<target host="openlayers.org" />
+	<target host="www.openlayers.org" />
+	<target host="blog.openlayers.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OpenLeaks.xml b/src/chrome/content/rules/OpenLeaks.xml
index cfe0fecc0833..b4c5c50c2e70 100644
--- a/src/chrome/content/rules/OpenLeaks.xml
+++ b/src/chrome/content/rules/OpenLeaks.xml
@@ -1,6 +1,14 @@
-<ruleset name="OpenLeaks">
+<!--
+	"Nothing here"
+
+-->
+<ruleset name="OpenLeaks" default_off="shows default page">
+
+	<!--	Direct rewrites:
+				-->
   <target host="openleaks.org" />
   <target host="www.openleaks.org" />
 
-  <rule from="^http://(www\.)?openleaks\.org/" to="https://$1openleaks.org/"/>
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/OpenLinksys.info.xml b/src/chrome/content/rules/OpenLinksys.info.xml
new file mode 100644
index 000000000000..a1f29803e475
--- /dev/null
+++ b/src/chrome/content/rules/OpenLinksys.info.xml
@@ -0,0 +1,12 @@
+<ruleset name="OpenLinksys.info">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="openlinksys.info" />
+	<target host="www.openlinksys.info" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OpenMPT.xml b/src/chrome/content/rules/OpenMPT.xml
new file mode 100644
index 000000000000..83cda6d56103
--- /dev/null
+++ b/src/chrome/content/rules/OpenMPT.xml
@@ -0,0 +1,21 @@
+<ruleset name="OpenMPT">
+	<target host="openmpt.org" />
+	<target host="www.openmpt.org" />
+	<target host="bugs.openmpt.org" />
+	<target host="buildbot.openmpt.org" />
+	<target host="download.openmpt.org" />
+	<target host="forum.openmpt.org" />
+	<target host="lib.openmpt.org" />
+	<target host="resources.openmpt.org" />
+	<target host="source.openmpt.org" />
+	<target host="wiki.openmpt.org" />
+	<target host="wikide.openmpt.org" />
+	<target host="update.openmpt.org" />
+
+	<rule from="^http://(www\.)?openmpt\.org/"
+		to="https://openmpt.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OpenMRS.org-problematic.xml b/src/chrome/content/rules/OpenMRS.org-problematic.xml
new file mode 100644
index 000000000000..0a870fc25df1
--- /dev/null
+++ b/src/chrome/content/rules/OpenMRS.org-problematic.xml
@@ -0,0 +1,26 @@
+<!--
+	For rules that are on by default, see OpenMRS.xml.
+
+-->
+<ruleset name="OpenMRS.org (mismatched)" default_off="mismatched">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="openmrs.org" />
+	<target host="events.openmrs.org" />
+
+	<!--	Complications:
+				-->
+	<target host="www.openmrs.org" />
+
+
+	<securecookie host="^(?:events\.)?openmrs\.org$" name=".+" />
+
+
+	<rule from="^http://www\.openmrs\.org/"
+		to="https://openmrs.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OpenMRS.xml b/src/chrome/content/rules/OpenMRS.xml
index 55e70d9aea1d..63abb186dbea 100644
--- a/src/chrome/content/rules/OpenMRS.xml
+++ b/src/chrome/content/rules/OpenMRS.xml
@@ -1,13 +1,111 @@
-<ruleset name="OpenMRS">
+<!--
+	For problematic rules, see OpenMRS.org-problematic.xml.
 
-	<target host="openmrs.org" />
-	<target host="www.openmrs.org" />
 
+	Nonfunctional hosts in *openmrs.org:
 
-	<securecookie host="^openmrs\.org$" name=".+" />
+		- go *
 
+	* Handshake fails
 
-	<rule from="^https?://(?:www\.)?openmrs\.org/"
-		to="https://openmrs.org/" />
 
-</ruleset>
\ No newline at end of file
+	Problematic hosts in *openmrs.org:
+
+		- ^ ¹
+		- answers ²
+		- ask ³
+		- events ¹
+		- www ³
+
+	¹ Mismatched
+	² Plaintext reply
+	³ Refused
+
+
+	Fully covered hosts in *openmrs.org:
+
+		- answers	(→ wiki.openmrs.org)
+		- ask		(→ wiki.openmrs.org)
+		- id
+		- issues
+		- modules
+		- talk
+		- tickets
+
+
+	source: Dropped over http & https
+
+
+	Insecure cookies are set for these hosts:
+
+		- openmrs.org
+		- ci.openmrs.org
+		- events.openmrs.org
+		- id.openmrs.org
+		- talk.openmrs.org
+		- wiki.openmrs.org
+
+
+	Mixed content:
+
+		- Font on ^, events from themes.googleusercontent.com *
+		- Images on ^, events from $self
+
+	* Secured by us
+-->
+<ruleset name="OpenMRS.org (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<!--target host="openmrs.org" /-->
+	<target host="ci.openmrs.org" />
+	<!--target host="events.openmrs.org" /-->
+	<target host="id.openmrs.org" />
+	<target host="issues.openmrs.org" />
+	<target host="modules.openmrs.org" />
+	<target host="talk.openmrs.org" />
+	<target host="tickets.openmrs.org" />
+	<target host="wiki.openmrs.org" />
+
+	<!--	Complications:
+				-->
+	<target host="answers.openmrs.org" />
+	<target host="ask.openmrs.org" />
+	<!--target host="www.openmrs.org" /-->
+
+
+	<!--securecookie host="^(events\.)?openmrs\.org$" name="^newvisitor$" /-->
+	<!--securecookie host="^ci\.openmrs\.org$" name="^JSESSIONID$" /-->
+	<!--securecookie host="^id\.openmrs\.org$" name="^connect\.sid$" /-->
+	<!--securecookie host="^talk\.openmrs\.org$" name="^(_forum_session|destination_url)$" /-->
+	<!--securecookie host="^wiki\.openmrs\.org$" name="^wit-announce-token$" /-->
+
+	<!--securecookie host="^(?:(?:ci|events|id|talk|wiki)\.)?openmrs\.org$" name=".+" /-->
+	<securecookie host="^(?:ci|id|talk|wiki)\.openmrs\.org$" name=".+" />
+
+
+	<!--	Redirect drops path and forward
+		slash, but not args:
+					-->
+	<rule from="^http://answers\.openmrs\.org/[^?]*"
+		to="https://wiki.openmrs.org/display/ask/Home" />
+
+		<test url="http://answers.openmrs.org/?f" />
+		<test url="http://answers.openmrs.org//?o" />
+
+	<!--	Redirect keeps path and forward
+		slash, but not args:
+					-->
+	<rule from="^http://ask\.openmrs\.org/([^?]*)(?:\?.*)?"
+		to="https://wiki.openmrs.org/display/ask$1" />
+
+		<test url="http://ask.openmrs.org/?f" />
+		<test url="http://ask.openmrs.org/?o" />
+		<test url="http://ask.openmrs.org//?o" />
+		<test url="http://ask.openmrs.org/?b" />
+		<test url="http://ask.openmrs.org/?a" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OpenMW.xml b/src/chrome/content/rules/OpenMW.xml
index 816a8d470e0b..3e374bd06ca0 100644
--- a/src/chrome/content/rules/OpenMW.xml
+++ b/src/chrome/content/rules/OpenMW.xml
@@ -1,18 +1,37 @@
 <!--
-	www doesn't work.
+	Fully covered hosts in *openmw.org:
+
+		- (www.)?
+		- bugs
+		- forum
+		- wiki
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .openmw.org
+		- bugs.openmw.org
 
 -->
-<ruleset name="OpenMW">
+<ruleset name="OpenMW.org">
 
 	<target host="openmw.org" />
-	<target host="*.openmw.org" />
+	<target host="bugs.openmw.org" />
+	<target host="forum.openmw.org" />
+	<target host="wiki.openmw.org" />
+	<target host="www.openmw.org" />
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.openmw\.org$" name="^phpbb3_\w+_(k|sid|u)$" /-->
+	<!--securecookie host="^bugs\.openmw\.org$" name="^_redmine_session$" /-->
 
-	<securecookie host="^.*\.openmw\.org$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^https?://(?:(bugs\.|forum\.|wiki\.)|www\.)?openmw\.org/"
-		to="https://$1openmw.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/OpenMailBox.org.xml b/src/chrome/content/rules/OpenMailBox.org.xml
deleted file mode 100644
index 2e949b868a40..000000000000
--- a/src/chrome/content/rules/OpenMailBox.org.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="OpenMailBox.org">
-
-	<target host="openmailbox.org" />
-	<target host="www.openmailbox.org" />
-
-
-	<securecookie host="^www\.openmailbox\.org$" name=".+" />
-
-
-	<rule from="^http://(www\.)?openmailbox\.org/"
-		to="https://$1openmailbox.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/OpenMandriva.org.xml b/src/chrome/content/rules/OpenMandriva.org.xml
new file mode 100644
index 000000000000..d015929f3db2
--- /dev/null
+++ b/src/chrome/content/rules/OpenMandriva.org.xml
@@ -0,0 +1,58 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://archives.forums.openmandriva.org/ => https://archives.forums.openmandriva.org/: (51, "SSL: no alternative certificate subject name matches target host name 'archives.forums.openmandriva.org'")
+
+	Invalid certificate:
+		archive.openmandriva.org
+		blog2.openmandriva.org
+		downloads.openmandriva.org
+		ftp.openmandriva.org
+		garnet.openmandriva.org
+		ml.openmandriva.org
+		repoclosure.openmandriva.org
+
+	No working URL known:
+		email.openmandriva.org
+		jasper.openmandriva.org
+		listen.openmandriva.org
+		project.openmandriva.org (502)
+		torrents.openmandriva.org
+
+	Secure connection failed:
+		hcl.openmandriva.org
+
+	Different content http/https:
+		www-static.openmandriva.org
+
+-->
+<ruleset name="OpenMandriva.org" default_off="failed ruleset test">
+
+	<target host="openmandriva.org" />
+	<target host="www.openmandriva.org" />
+	<target host="abf.openmandriva.org" />
+	<target host="ask.openmandriva.org" />
+	<target host="auth.openmandriva.org" />
+	<target host="blog.openmandriva.org" />
+	<target host="chwido.openmandriva.org" />
+	<target host="discourse.openmandriva.org" />
+	<target host="discourse-static.openmandriva.org" />
+	<target host="doc.openmandriva.org" />
+	<target host="forum.openmandriva.org" />
+	<target host="forums.openmandriva.org" />
+	<target host="archives.forums.openmandriva.org" />
+	<target host="gallery.openmandriva.org" />
+	<target host="issues.openmandriva.org" />
+	<target host="media.openmandriva.org" />
+	<target host="pad.openmandriva.org" />
+	<target host="sitedev.openmandriva.org" />
+	<target host="static.openmandriva.org" />
+	<target host="stats.openmandriva.org" />
+	<target host="wiki.openmandriva.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OpenMandriva.xml b/src/chrome/content/rules/OpenMandriva.xml
deleted file mode 100644
index 2eaa338873b2..000000000000
--- a/src/chrome/content/rules/OpenMandriva.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	Fully covered subdomains:
-
-		- (www.)
-		- doc
-		- forums
-		- ftp
-		- garnet
-		- issues
-		- wiki
-
--->
-<ruleset name="OpenMandriva" platform="cacert">
-
-	<target host="openmandriva.org" />
-	<target host="*.openmandriva.org" />
-
-
-	<securecookie host="^(?:doc|\.ftp|issues|\.?wiki|\.www)?\.openmandriva\.org$" name=".+" />
-
-
-	<rule from="^http://((?:doc|forums|ftp|garnet|issues|wiki|www)\.)?openmandriva\.org/"
-		to="https://$1openmandriva.org/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/OpenMarket.org.xml b/src/chrome/content/rules/OpenMarket.org.xml
index dfd88da9bc4a..e2912c29916f 100644
--- a/src/chrome/content/rules/OpenMarket.org.xml
+++ b/src/chrome/content/rules/OpenMarket.org.xml
@@ -1,5 +1,11 @@
+<!--
+	CN: globalwarming.org
+
+-->
 <ruleset name="OpenMarket.org" default_off="expired, mismatched, self-signed">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="openmarket.org" />
 	<target host="www.openmarket.org" />
 
@@ -7,10 +13,7 @@
 	<securecookie host="^www\.openmarket\.org$" name=".+" />
 
 
-	<!--	- CN: globalwarming.org
-		- !www 301s to www
-					-->
-	<rule from="^https?://(?:www\.)?openmarket\.org/"
-		to="https://www.openmarket.org/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/OpenMedia.ca.xml b/src/chrome/content/rules/OpenMedia.ca.xml
index 24e8f73877e5..df37d2cc01d9 100644
--- a/src/chrome/content/rules/OpenMedia.ca.xml
+++ b/src/chrome/content/rules/OpenMedia.ca.xml
@@ -1,19 +1,12 @@
-<!--
-	Problematic subdomains:
-
-		- www	(cert only matches ^openmedia.ca)
-
-
-	Some pages redirect to http.
-
--->
-<ruleset name="OpenMedia.ca (partial)">
+<ruleset name="OpenMedia.ca">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="openmedia.ca" />
 	<target host="www.openmedia.ca" />
 
 
-	<rule from="^http://(?:www\.)?openmedia\.ca/(donate(?:$|[?/])|favicon\.ico|sites/)"
-		to="https://openmedia.ca/$1" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/OpenMedia.org.xml b/src/chrome/content/rules/OpenMedia.org.xml
index 33108475375f..62ff80421c13 100644
--- a/src/chrome/content/rules/OpenMedia.org.xml
+++ b/src/chrome/content/rules/OpenMedia.org.xml
@@ -1,32 +1,18 @@
 <!--
-	Problematic subdomains:
+	Other OpenMedia rulesets:
 
-		- www.openmedia.org *
-		- www.openmedianow.net *
-
-	* Works, cert only matches ^foo
-
-
-	Partially covered domains:
-
-		- (www.)openmedia.org	(www → ^, some pages redirect to http)
-
-
-	Fully covered domains:
-
-		- (www.)openmedianow.net	(www → ^)
+		- OpenMedia_now.net.xml
 
 -->
-<ruleset name="OpenMedia.org (partial)">
+<ruleset name="OpenMedia.org">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="openmedia.org" />
 	<target host="www.openmedia.org" />
-		<exclusion pattern="^http://(?:www\.)?openmedia\.org/(?!donate(?:$|[?/])|sites/|tppconsole/)" />
-	<target host="openmedianow.net" />
-	<target host="www.openmedianow.net" />
 
 
-	<rule from="^http://(?:www\.)?openmedia(\.org|now\.net)/"
-		to="https://openmedia$1/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/OpenMedia_now.net.xml b/src/chrome/content/rules/OpenMedia_now.net.xml
new file mode 100644
index 000000000000..3c24435d2f13
--- /dev/null
+++ b/src/chrome/content/rules/OpenMedia_now.net.xml
@@ -0,0 +1,29 @@
+<!--
+	For other OpenMedia coverage, see OpenMedia.org.xml.
+
+
+	(www.)?: Expired
+
+
+	Fully covered domains:
+
+		- (www.)openmedianow.net	(→ openmedia.org)
+
+-->
+<ruleset name="OpenMedia now.net">
+
+	<!--	Complications:
+				-->
+	<target host="openmedianow.net" />
+	<target host="www.openmedianow.net" />
+
+
+	<!--	Redirect keeps path and args,
+		but not forward slash:
+					-->
+	<rule from="^http://(?:www\.)?openmedianow\.net/+"
+		to="https://openmedia.org/" />
+
+		<test url="http://www.openmedianow.net//Declaration" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OpenNET.ru.xml b/src/chrome/content/rules/OpenNET.ru.xml
new file mode 100644
index 000000000000..bb7c902a0b9e
--- /dev/null
+++ b/src/chrome/content/rules/OpenNET.ru.xml
@@ -0,0 +1,31 @@
+<!--
+	Nonfunctional hosts in *opennet.ru:
+
+		- wiki *
+
+	* Shows www.opennet.ru
+
+
+	Mixed content:
+
+		- Ads, on:
+
+			- (www.)? from top.list.ru *
+			- (www.)? from top-fwz1.list.ru *
+			- (www.)? from counter.rambler.ru *
+
+	* Secured by us
+
+-->
+<ruleset name="OpenNET.ru (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="opennet.ru" />
+	<target host="www.opennet.ru" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OpenNIC.org.xml b/src/chrome/content/rules/OpenNIC.org.xml
new file mode 100644
index 000000000000..e83e4f271d0c
--- /dev/null
+++ b/src/chrome/content/rules/OpenNIC.org.xml
@@ -0,0 +1,34 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- members.opennicproject.org
+		- proxy.opennicproject.org
+		- www.uat.opennicproject.org
+		- web-01.opennicproject.org
+		- web-02.opennicproject.org
+
+		Peer certificate cannot be authenticated with given CA certificates:
+		- wiki.opennicproject.org
+-->
+<ruleset name="OpenNIC.org">
+	<target host="opennic.org" />
+	<target host="www.opennic.org" />
+	<target host="api.opennic.org" />
+	<target host="servers.opennic.org" />
+	<target host="wiki.opennic.org" />
+
+	<target host="opennicproject.org" />
+	<target host="www.opennicproject.org" />
+	<target host="api.opennicproject.org" />
+	<target host="lists.opennicproject.org" />
+	<target host="servers.opennicproject.org" />
+	<target host="wiki.opennicproject.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://wiki\.opennicproject\.org/"
+			to="https://wiki.opennic.org/" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/OpenNet.net.xml b/src/chrome/content/rules/OpenNet.net.xml
index 9c953214b486..5ce3cf99de7b 100644
--- a/src/chrome/content/rules/OpenNet.net.xml
+++ b/src/chrome/content/rules/OpenNet.net.xml
@@ -4,8 +4,14 @@
 		- map	(shows adam; mismatched, CN: adam.law.harvard.edu)
 
 
+	Insecure cookies are set for these domains:
+
+		- .opennet.net
+
+
 	Mixed content:
 
+		- Images on ^ from $self *
 		- Images on ^ from creativecommons.org *
 
 	* Secured by us
@@ -13,14 +19,20 @@
 -->
 <ruleset name="OpenNet.net (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="opennet.net" />
-	<target host="*.opennet.net" />
+	<target host="www.opennet.net" />
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.opennet\.net$" name="^SESS[\da-f]{32}$" /-->
 
 	<securecookie host="^\.opennet\.net$" name=".+" />
 
 
-	<rule from="^http://(www\.)?opennet\.net/"
-		to="https://$1opennet.net/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/OpenNews.org.xml b/src/chrome/content/rules/OpenNews.org.xml
new file mode 100644
index 000000000000..f1ffe18ad719
--- /dev/null
+++ b/src/chrome/content/rules/OpenNews.org.xml
@@ -0,0 +1,13 @@
+<!--
+	(www.): refused
+
+-->
+<ruleset name="OpenNews.org (partial)">
+
+	<target host="source.opennews.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OpenPGP-in-Russia.xml b/src/chrome/content/rules/OpenPGP-in-Russia.xml
index cb40a5918868..494e1c7e0615 100644
--- a/src/chrome/content/rules/OpenPGP-in-Russia.xml
+++ b/src/chrome/content/rules/OpenPGP-in-Russia.xml
@@ -1,8 +1,15 @@
-<ruleset name="openPGP in Russia">
+<!--
+	openPGP in Russia
+
+-->
+<ruleset name="PGP RU.com">
+
+	<!--	Direct rewrites:
+				-->
   <target host="pgpru.com" />
   <target host="www.pgpru.com" />
 
-  <securecookie host="^www\.pgpru\.com$" name=".*" />
-  <rule from="^http://(www\.)?pgpru\.com/" to="https://www.pgpru.com/" />
+  <securecookie host="^(?:www\.)?pgpru\.com$" name=".+" />
+  <rule from="^http:" to="https:" />
 </ruleset>
 
diff --git a/src/chrome/content/rules/OpenPGPjs.org.xml b/src/chrome/content/rules/OpenPGPjs.org.xml
new file mode 100644
index 000000000000..6748714edc73
--- /dev/null
+++ b/src/chrome/content/rules/OpenPGPjs.org.xml
@@ -0,0 +1,7 @@
+<ruleset name="OpenPGPjs.org">
+
+	<target host="openpgpjs.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OpenPetition.de.xml b/src/chrome/content/rules/OpenPetition.de.xml
new file mode 100644
index 000000000000..715bf63d2289
--- /dev/null
+++ b/src/chrome/content/rules/OpenPetition.de.xml
@@ -0,0 +1,8 @@
+<ruleset name="Openpetition.de">
+	<target host="openpetition.de"/>
+	<target host="www.openpetition.de"/>
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/OpenRCE.xml b/src/chrome/content/rules/OpenRCE.xml
index 2102e62ac257..1c07bb0d2745 100644
--- a/src/chrome/content/rules/OpenRCE.xml
+++ b/src/chrome/content/rules/OpenRCE.xml
@@ -1,13 +1,30 @@
-<ruleset name="OpenRCE">
+<!--
+	Server sends no certificate chain *
 
+	* See https://whatsmychaincert.com
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.openrce.org
+
+-->
+<ruleset name="OpenRCE.org" default_off="expired, missing certificate chain">
+
+	<!--	Direct rewrites:
+				-->
 	<target host="openrce.org" />
 	<target host="www.openrce.org" />
 
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.openrce\.org$" name="^OPENRCESESSIONID$" /-->
+
 	<securecookie host="^www\.openrce\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?openrce\.org/"
-		to="https://$1openrce.org/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/OpenSC-Project.xml b/src/chrome/content/rules/OpenSC-Project.xml
index adfd9e5ec9c3..dad05979a6c6 100644
--- a/src/chrome/content/rules/OpenSC-Project.xml
+++ b/src/chrome/content/rules/OpenSC-Project.xml
@@ -1,13 +1,31 @@
-<ruleset name="OpenSC Project">
+<!--
+	Server sends no certificate chain *
 
+	* See https://whatsmychaincert.com
+
+
+	Insecure cookies are set for these hosts:
+
+		 - opensc-project.org
+		 - www.opensc-project.org
+
+-->
+<ruleset name="OpenSC-Project.org" default_off="cert-chain">
+
+	<!--	Direct rewrites:
+				-->
 	<target host="opensc-project.org"/>
 	<target host="www.opensc-project.org"/>
 
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?opensc-project\.org$" name="^(trac_form_token|rac_session)$" /-->
+
 	<securecookie host="^(?:www\.)?opensc-project\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?opensc-project\.org/"
-		to="https://$1opensc-project.org/"/>
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/OpenSLR.org.xml b/src/chrome/content/rules/OpenSLR.org.xml
new file mode 100644
index 000000000000..17d6b5768fda
--- /dev/null
+++ b/src/chrome/content/rules/OpenSLR.org.xml
@@ -0,0 +1,10 @@
+<!--
+	Nonfunctional hosts in *.openslr.org:
+		- cn-mirror
+-->
+<ruleset name="OpenSLR.org">
+	<target host="openslr.org" />
+	<target host="www.openslr.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/OpenSMTPD.org.xml b/src/chrome/content/rules/OpenSMTPD.org.xml
new file mode 100644
index 000000000000..2fef7b2fe06f
--- /dev/null
+++ b/src/chrome/content/rules/OpenSMTPD.org.xml
@@ -0,0 +1,10 @@
+<ruleset name="OpenSMTPD.org">
+
+	<target host="opensmtpd.org" />
+	<target host="www.opensmtpd.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OpenSRS.com.xml b/src/chrome/content/rules/OpenSRS.com.xml
index 552ab6a3a339..6953c006ce00 100644
--- a/src/chrome/content/rules/OpenSRS.com.xml
+++ b/src/chrome/content/rules/OpenSRS.com.xml
@@ -7,13 +7,16 @@
 <ruleset name="OpenSRS.com (partial)">
 
 	<target host="opensrs.com" />
-	<target host="*.opensrs.com" />
+	<target host="signup.opensrs.com" />
+	<target host="www.opensrs.com" />
 		<!--
 			blog posts redirect to /www., for which the cert is invalid.
 											-->
 		<exclusion pattern="^http://www\.opensrs\.com/blog[\w/-]*/$"/>
 	<target host="opensrs.net" />
-	<target host="*.opensrs.net" />
+	<target host="signup.opensrs.net" />
+	<target host="www.opensrs.net" />
+	<target host="rr-n1-tor.opensrs.net" />
 
 
 	<securecookie host="^(?:signup\.)?opensrs\.com$" name=".+" />
@@ -22,7 +25,6 @@
 	<rule from="^http://(?:(signup\.)|www\.)?opensrs\.(?:com|net)/"
 		to="https://$1opensrs.com/" />
 
-	<rule from="^http://rr-n1-tor\.opensrs\.net/"
-		to="https://rr-n1-tor.opensrs.net/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/OpenSSH.com.xml b/src/chrome/content/rules/OpenSSH.com.xml
new file mode 100644
index 000000000000..b4ee7ea002ff
--- /dev/null
+++ b/src/chrome/content/rules/OpenSSH.com.xml
@@ -0,0 +1,19 @@
+<!--
+	Problematic subdomains:
+
+		- ftp *
+
+	* Mismatched
+-->
+<ruleset name="OpenSSH.com">
+	<target host="openssh.com" />
+	<target host="ftp.openssh.com" />
+	<target host="www.openssh.com" />
+
+	<rule from="^http://ftp\.openssh\.com/"
+		to="https://ftp.openbsd.org/" />
+
+		<test url="http://ftp.openssh.com/papers/anoncvs-paper.pdf" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/OpenSSL.xml b/src/chrome/content/rules/OpenSSL.xml
deleted file mode 100644
index f36a679a42ca..000000000000
--- a/src/chrome/content/rules/OpenSSL.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	Mixed content:
-
-		- Images on cvs from www *
-
-	* Secured by us
-
--->
-<ruleset name="OpenSSL (partial)">
-
-	<target host="openssl.org" />
-	<target host="*.openssl.org" />
-		<exclusion pattern="^http://(?:www\.)?openssl\.org/(?:news/changelog|support/faq)\.html$" />
-
-
-	<securecookie host="^rt\.openssl\.org$" name=".+" />
-
-
-	<rule from="^http://((?:cvs|rt|www)\.)?openssl\.org/"
-		to="https://$1openssl.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/OpenSUSE.xml b/src/chrome/content/rules/OpenSUSE.xml
index 3ca4cb00f384..cabb6afb4964 100644
--- a/src/chrome/content/rules/OpenSUSE.xml
+++ b/src/chrome/content/rules/OpenSUSE.xml
@@ -1,59 +1,49 @@
 <!--
-	For other Attachmate Group coverage, see Attachmate-Group.xml.
+	For other Micro Focus coverage, see Micro_Focus.com.xml.
 
+	Nonfunctional hosts in *opensuse.org:
+		- ^ ²
+		- download ¹
+		- lists	²
+		- tube ¹
 
-	Nonfunctional subdomains:
-
-		- download *
-		- lists		(times out)
-		- news
-
-	* Dropped
-
-
-	Problematic subdomains:
-
-		- ^		(refused)
-
-
-	Fully covered subdomains:
-
-		- (www.)	(^ → www)
-		- \w\w		(locales)
-		- beans
-		- build
-		- connect
-		- countdown
-		- counter
-		- doc
-		- features
-		- forums
-		- news
-		- shop
-		- software
-		- static
-		- wiki
-
-
-	Fully covered subdomains:
-
-		- bugs
+	¹ Dropped
+	² Refused
 
+	Problematic hosts in *opensuse.org:
+		- paste (mismatched, cacert)
 -->
-<ruleset name="openSUSE (partial)">
 
+<ruleset name="openSUSE.org (partial)">
 	<target host="opensuse.org" />
 	<target host="*.opensuse.org" />
 
-
-	<!--securecookie host="^\.opensuse\.org$" name="^(?:lb_opensuse|opensuse_\w\w_session|ZNPCQ003-\d{8})$" /-->
-	<securecookie host="^\w+\.opensuse\.org$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?opensuse\.org/"
-		to="https://www.opensuse.org/" />
-
-	<rule from="^http://(\w\w|beans|bugs|build|connect|count(?:down|er)|doc|features|forums|news|shop|software|static|wiki)\.opensuse\.org/"
-		to="https://$1.opensuse.org/" />
-
-</ruleset>
\ No newline at end of file
+	<securecookie host="^\w" name=".+" />
+
+	<rule from="^http://opensuse\.org/"	to="https://www.opensuse.org/" />
+
+	<rule from="^http://(\w\w|activedoc|beans|bugs|bugzilla|build|connect|count(?:down|er)|doc|features|forums|keyserver|lizards|news|openqa|shop|software|static|wiki|www)\.opensuse\.org/" to="https://$1.opensuse.org/" />
+
+	<test url="http://www.opensuse.org/" />
+	<test url="http://activedoc.opensuse.org/" />
+	<test url="http://beans.opensuse.org/" />
+	<test url="http://bugs.opensuse.org/" />
+	<test url="http://bugzilla.opensuse.org/" />
+	<test url="http://build.opensuse.org/" />
+	<test url="http://connect.opensuse.org/" />
+	<test url="http://countdown.opensuse.org/" />
+	<test url="http://counter.opensuse.org/" />
+	<test url="http://doc.opensuse.org/" />
+	<test url="http://en.opensuse.org/" />
+	<test url="http://features.opensuse.org/" />
+	<test url="http://forums.opensuse.org/" />
+	<test url="http://keyserver.opensuse.org/" />
+	<test url="http://lizards.opensuse.org/" />
+	<test url="http://news.opensuse.org/" />
+	<test url="http://openqa.opensuse.org/" />
+	<test url="http://shop.opensuse.org/" />
+	<test url="http://software.opensuse.org/" />
+	<test url="http://static.opensuse.org/" />
+	<test url="http://wiki.opensuse.org/" />
+	<test url="http://zh.opensuse.org/" />
+</ruleset>
diff --git a/src/chrome/content/rules/OpenSVC.xml b/src/chrome/content/rules/OpenSVC.xml
index 36f040a215d9..1ad973e2033d 100644
--- a/src/chrome/content/rules/OpenSVC.xml
+++ b/src/chrome/content/rules/OpenSVC.xml
@@ -3,24 +3,41 @@
 
 		- git	(shows collector's data)
 		- repo	(ditto)
+		- lists ²
+
+	² Shows another domain
+
+
+	Fully covered hosts in *opensvc.com:
+
+		- (www.)?	(^ → www)
+		- collector
+		- docs
 
 -->
-<ruleset name="OpenSVC (partial)">
+<ruleset name="OpenSVC.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="collector.opensvc.com" />
+	<target host="docs.opensvc.com" />
+	<target host="www.opensvc.com" />
 
+	<!--	Complications:
+				-->
 	<target host="opensvc.com" />
-	<target host="*.opensvc.com" />
 
 
-	<securecookie host="^\w+\.opensvc\.com$" name=".*" />
+	<securecookie host="^\w+\.opensvc\.com$" name=".+" />
 
 
 	<!--	- !www doesn't work over https
 		- !www redirects to www over http
 					-->
-	<rule from="^https?://(?:www\.)?opensvc\.com/"
+	<rule from="^http://opensvc\.com/"
 		to="https://www.opensvc.com/" />
 
-	<rule from="^http://(collector|docs|lists)\.opensvc\.com/"
-		to="https://$1.opensvc.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/OpenSecrets.org.xml b/src/chrome/content/rules/OpenSecrets.org.xml
new file mode 100644
index 000000000000..a4f078a44299
--- /dev/null
+++ b/src/chrome/content/rules/OpenSecrets.org.xml
@@ -0,0 +1,26 @@
+<!--
+	Non-functional hosts
+		Timeout was reached:
+		- staging.opensecrets.org
+		- staging2.opensecrets.org
+
+		SSL peer certificate was not OK:
+		- assets.opensecrets.org
+-->
+<ruleset name="OpenSecrets.org">
+	<target host="opensecrets.org" />
+	<target host="www.opensecrets.org" />
+	<target host="cdn1.opensecrets.org" />
+		<test url="http://cdn1.opensecrets.org/news/wp-content/uploads/2008/06/01160309/WatchdogLettertoMcCain6.25.08.pdf" />
+		<test url="http://cdn1.opensecrets.org/news/wp-content/uploads/2019/05/10113955/Bernie-Sanders-and-Alexandria-Ocasio-Cortez.jpg" />
+	<target host="ftp.opensecrets.org" />
+	<target host="images.opensecrets.org" />
+	<target host="m.opensecrets.org" />
+	<target host="pfds.opensecrets.org" />
+		<test url="http://pfds.opensecrets.org/N00000019_2011.pdf" />
+	<target host="www2.opensecrets.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/OpenShift.xml b/src/chrome/content/rules/OpenShift.xml
index 01a71e0f4c30..676f748d630e 100644
--- a/src/chrome/content/rules/OpenShift.xml
+++ b/src/chrome/content/rules/OpenShift.xml
@@ -2,16 +2,16 @@
 	For other RedHat coverage, see RedHat.xml.
 
 -->
-<ruleset name="OpenShift">
+<ruleset name="OpenShift.com">
 
 	<target host="openshift.com" />
-	<target host="*.openshift.com" />
+	<target host="www.openshift.com" />
 
 
-	<securecookie host="^\.openshift\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(www\.)?openshift\.com/"
-		to="https://$1openshift.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/OpenSignal.com.xml b/src/chrome/content/rules/OpenSignal.com.xml
new file mode 100644
index 000000000000..87763f112a9b
--- /dev/null
+++ b/src/chrome/content/rules/OpenSignal.com.xml
@@ -0,0 +1,27 @@
+<!--
+	Mismatch:
+		support.opensignal.com
+	Working URL not found:
+		data-api.opensignal.com
+		data-api-prod.opensignal.com
+		data-api-stag.opensignal.com
+		opensignal-api.opensignal.com
+	Timeout:
+		upload.opensignal.com
+-->
+<ruleset name="OpenSignal.com">
+	<target host="opensignal.com" />
+	<target host="www.opensignal.com" />
+	<target host="assets.opensignal.com" />
+	<target host="engineering.opensignal.com" />
+	<target host="meteor.opensignal.com" />
+	<target host="meteor-stag.opensignal.com" />
+	<target host="opensignal-web-prod.opensignal.com" />
+	<target host="solutions.opensignal.com" />
+	<target host="solutions-stag.opensignal.com" />
+	<target host="tiles.opensignal.com" />
+	<target host="tiles-prod.opensignal.com" />
+	<target host="tiles-stag.opensignal.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/OpenSnowMap.org.xml b/src/chrome/content/rules/OpenSnowMap.org.xml
new file mode 100644
index 000000000000..0901fc80b3d9
--- /dev/null
+++ b/src/chrome/content/rules/OpenSnowMap.org.xml
@@ -0,0 +1,23 @@
+<!--
+	Invalid certificate:
+		www6.opensnowmap.org
+-->
+<ruleset name="OpenSnowMap.org">
+
+	<target host="opensnowmap.org" />
+	<target host="www.opensnowmap.org" />
+	<target host="beta.opensnowmap.org" />
+	<target host="blog.opensnowmap.org" />
+	<target host="tiles.opensnowmap.org" />
+	<target host="tiles7.opensnowmap.org" />
+	<target host="www7.opensnowmap.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<!-- Invalid certificate on https://opensnowmap.org/. -->
+	<rule from="^http://opensnowmap\.org/"
+			to="https://www.opensnowmap.org/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OpenSocietyFoundations.org.xml b/src/chrome/content/rules/OpenSocietyFoundations.org.xml
new file mode 100644
index 000000000000..201f40b904fd
--- /dev/null
+++ b/src/chrome/content/rules/OpenSocietyFoundations.org.xml
@@ -0,0 +1,51 @@
+<!--
+	For related onion service rules, see osf22p3lmweopgho.onion.xml
+
+	Could not resolve host:
+		- _autodiscover._tcp
+		- auth
+		- eupestexch1
+		- eupestexch2
+		- mail.gslb
+		- sendgrid
+		- o1.sendgrid
+
+	Timeout:
+		- autheu
+		- authus
+		- eulondexch1
+		- eulondexch2
+		- eulondras
+		- eupestras
+		- auth.gslb
+		- usargoexch1
+		- usargoexch2
+		- usargoras
+		- uscoloexch1
+		- uscoloexch2
+
+	Network is unreachable:
+		- eucoloexch1
+		- eucoloexch2
+
+	Mismatched:
+		- ttf.visualizingdata
+		- webmail.gslbpub
+-->
+<ruleset name="OpenSocietyFoundations.org">
+	<target host="opensocietyfoundations.org" />
+	<target host="www.opensocietyfoundations.org" />
+	<target host="apps.opensocietyfoundations.org" />
+	<target host="authmfaeu.opensocietyfoundations.org" />
+	<target host="authmfaus.opensocietyfoundations.org" />
+	<target host="autodiscover.opensocietyfoundations.org" />
+	<target host="eumail.opensocietyfoundations.org" />
+	<target host="mail.opensocietyfoundations.org" />
+	<target host="maileu.opensocietyfoundations.org" />
+	<target host="mailus.opensocietyfoundations.org" />
+	<target host="static.opensocietyfoundations.org" />
+	<target host="usmail.opensocietyfoundations.org" />
+	<target host="webmail.opensocietyfoundations.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/OpenStack.xml b/src/chrome/content/rules/OpenStack.xml
index 3ccdb60bc02f..99d1c7dcc391 100644
--- a/src/chrome/content/rules/OpenStack.xml
+++ b/src/chrome/content/rules/OpenStack.xml
@@ -6,17 +6,43 @@
 
 	* No https
 
+
+	These altnames don't exist:
+
+		- www.ask.openstack.org
+		- www.wiki.openstack.org
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- www from $self ¹
+			- www from openstackreactions.enovance.com ²
+
+	¹ Secured by us
+	² Unsecurable <= dropped
+
 -->
-<ruleset name="OpenStack (partial)">
+<ruleset name="OpenStack.org (partial)">
 
 	<target host="openstack.org" />
-	<target host="*.openstack.org" />
+	<target host="ask.openstack.org" />
+	<target host="review.openstack.org" />
+	<target host="wiki.openstack.org" />
+	<target host="www.openstack.org" />
+	<target host="git.openstack.org" />
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^ask\.openstack\.org$" name="^(_csrf|sessionid)$" /-->
+	<!--securecookie host="^wiki\.openstack\.org$" name="^uls-previous-languages$" /-->
 
 	<securecookie host="^(?:(?:ask|wiki|www)\.)?openstack\.org$" name=".+" />
 
 
-	<rule from="^http://((?:ask|wiki|www)\.)?openstack\.org/"
-		to="https://$1openstack.org/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/OpenStat.net.xml b/src/chrome/content/rules/OpenStat.net.xml
index e2bdfd65f496..a02de15244a8 100644
--- a/src/chrome/content/rules/OpenStat.net.xml
+++ b/src/chrome/content/rules/OpenStat.net.xml
@@ -7,13 +7,15 @@
 -->
 <ruleset name="OpenStat.net">
 
-	<target host="*.openstat.net" />
+	<!--	Direct rewrites:
+				-->
+	<target host="openstat.net" />
 
 
 	<securecookie host="^\.openstat\.net$" name=".+" />
 
 
-	<rule from="^http://openstat\.net/"
-		to="https://openstat.net/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/OpenStat.ru.xml b/src/chrome/content/rules/OpenStat.ru.xml
index 38c30e4ad866..2a6fc24947e2 100644
--- a/src/chrome/content/rules/OpenStat.ru.xml
+++ b/src/chrome/content/rules/OpenStat.ru.xml
@@ -22,14 +22,22 @@
 -->
 <ruleset name="OpenStat.ru (partial)">
 
+	<!--	Direct rewrites:
+				-->
+	<target host="www.openstat.ru" />
+
+	<!--	Complications:
+				-->
 	<target host="openstat.ru" />
-	<target host="*.openstat.ru" />
 
 
 	<securecookie host="^\.openstat\.ru$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?openstat\.ru/"
+	<rule from="^http://openstat\.ru/"
 		to="https://www.openstat.ru/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OpenStreetMap.de.xml b/src/chrome/content/rules/OpenStreetMap.de.xml
new file mode 100644
index 000000000000..4b184a523f7a
--- /dev/null
+++ b/src/chrome/content/rules/OpenStreetMap.de.xml
@@ -0,0 +1,40 @@
+<!--
+	For OpenStreetMap.de
+		Doesn't Work:
+			- dev (not reachable)
+			- osmoscope (mixed content)
+-->
+<ruleset name="OpenStreetMap.de">
+	<target host="openstreetmap.de" />
+	<target host="www.openstreetmap.de" />
+	<target host="bessel.openstreetmap.de" />
+	<target host="blog.openstreetmap.de" />
+	<target host="brewmap.openstreetmap.de" />
+	<target host="brewpubs.openstreetmap.de" />
+	<target host="camping.openstreetmap.de" />
+	<target host="gauss.openstreetmap.de" />
+	<target host="humboldt.openstreetmap.de" />
+	<target host="josm.openstreetmap.de" />
+	<target host="lists.openstreetmap.de" />
+	<target host="luftbilder.openstreetmap.de" />
+	<target host="mattermost.openstreetmap.de" />
+	<target host="openingh.openstreetmap.de" />
+	<target host="osmbc.openstreetmap.de" />
+	<target host="osmdata.openstreetmap.de" />
+	<target host="podcast.openstreetmap.de" />
+	<target host="audio.podcast.openstreetmap.de" />
+	<target host="ptna.openstreetmap.de" />
+	<target host="routing.openstreetmap.de" />
+	<target host="routing1.openstreetmap.de" />
+	<target host="routing2.openstreetmap.de" />
+	<target host="tile.openstreetmap.de" />
+	<target host="a.tile.openstreetmap.de" />
+	<target host="b.tile.openstreetmap.de" />
+	<target host="c.tile.openstreetmap.de" />
+	<target host="d.tile.openstreetmap.de" />
+	<target host="umap.openstreetmap.de" />
+	<target host="wms.openstreetmap.de" />
+	<target host="xn--hausbru-bxa.openstreetmap.de" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/OpenStreetMap.xml b/src/chrome/content/rules/OpenStreetMap.xml
deleted file mode 100644
index ad52fec3aa99..000000000000
--- a/src/chrome/content/rules/OpenStreetMap.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<ruleset name="OpenStreetMap Wiki (buggy)" default_off="https://eff.org/r.1bSg">
-
-	<target host="openstreetmap.org"/>
-	<target host="*.openstreetmap.org"/>
-
-	<rule from="^http://openstreetmap\.org/"
-		to="https://www.openstreetmap.org/"/>
-
-	<rule from="^http://www\.openstreetmap\.org/(assets/|login|user/new)"
-		to="https://www.openstreetmap.org/$1"/>
-
-	<rule from="^http://(piwik|wiki)\.openstreetmap\.org/"
-		to="https://$1.openstreetmap.org/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/OpenTTD-expired.xml b/src/chrome/content/rules/OpenTTD-expired.xml
deleted file mode 100644
index 3828786788ba..000000000000
--- a/src/chrome/content/rules/OpenTTD-expired.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="OpenTTD (expired)" default_off="expired">
-
-	<target host="wiki.openttdcoop.org"/>
-
-	<securecookie host="^wiki\.openttdcoop\.org$" name=".*"/>
-
-	<rule from="^http://wiki\.openttdcoop\.org/"
-		to="https://wiki.openttdcoop.org/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/OpenTTD.xml b/src/chrome/content/rules/OpenTTD.xml
index 8a25ab8cb38f..ab5876333eef 100644
--- a/src/chrome/content/rules/OpenTTD.xml
+++ b/src/chrome/content/rules/OpenTTD.xml
@@ -1,35 +1,45 @@
-<ruleset name="OpenTTD (partial)" platform="mixedcontent">
-
-	<target host="openttd.org" />
-	<target host="*.openttd.org" />
-		<!--
-			Website has been broken by moving media to //media.openttd.org,
-			and making s://media.../.* 301 to itself.
-				Fix this by excluding media.
-					-->
-		<exclusion pattern="^http://(devs|media)\.openttd\.org/" />
-	<target host="openttdcoop.org" />
-	<target host="blog.openttdcoop.org" />
-	<target host="dev.openttdcoop.org" />
-	<target host="paste.openttdcoop.org" />
-	<target host="www.openttdcoop.org" />
-
-
-	<securecookie host="^secure\.openttd\.org$" name=".*" />
-	<securecookie host="^(.*\.)?openttdcoop\.org$" name=".*" />
-
-
-	<rule from="^http://(\w+\.)?openttd\.org/"
-		to="https://$1openttd.org/" />
 <!--
-Rules for binaries are disabled after an IRC request from the site's admins:
-
-	<target host="*.binaries.openttd.org"/>
-	<rule from="^http://\w+\.binaries\.openttd\.org/"
-		to="https://secure.openttd.org/binaries/"/>
+	Other OpenTTD rulesets:
+		- Openttdcoop.org.xml
+
+	Nonfunctional hosts in *.openttd.org:
+		- *.binaries.openttd.org (m, for each language code)
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+
+	Rules for binaries are disabled after an IRC request from the site's admins:
+		<target host="*.binaries.openttd.org" />
+		<rule from="^http://\w+\.binaries\.openttd\.org/"
+			to="https://secure.openttd.org/binaries/" />
 -->
+<ruleset name="OpenTTD">
 
-	<rule from="^http://((?:blog|dev|paste|www)\.)?openttdcoop\.org/"
-		to="https://$1openttdcoop.org/" />
+	<target host="openttd.org" />
+	<target host="www.openttd.org" />
+	<target host="account.openttd.org" />
+	<target host="bananas.openttd.org" />
+	<target host="binaries.openttd.org" />
+	<target host="bugs.openttd.org" />
+	<target host="devs.openttd.org" />
+	<target host="docs.openttd.org" />
+	<target host="farm.openttd.org" />
+	<target host="forum.openttd.org" />
+	<target host="grfsearch.openttd.org" />
+	<target host="hg.openttd.org" />
+	<target host="media.openttd.org" />
+		<test url="http://media.openttd.org/images/screens/1.0/20091018_panswat_tongvorarat.png" />
+	<target host="noai.openttd.org" />
+	<target host="nogo.openttd.org" />
+	<target host="servers.openttd.org" />
+	<target host="translator.openttd.org" />
+	<target host="wiki.openttd.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/OpenTable.lgbt.xml b/src/chrome/content/rules/OpenTable.lgbt.xml
new file mode 100644
index 000000000000..bc49533aed74
--- /dev/null
+++ b/src/chrome/content/rules/OpenTable.lgbt.xml
@@ -0,0 +1,8 @@
+<ruleset name="OpenTable.lgbt">
+	<target host="opentable.lgbt" />
+	<target host="www.opentable.lgbt" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/OpenTechFund.xml b/src/chrome/content/rules/OpenTechFund.xml
index aed08091a5ab..4518518bf94a 100644
--- a/src/chrome/content/rules/OpenTechFund.xml
+++ b/src/chrome/content/rules/OpenTechFund.xml
@@ -1,13 +1,33 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .opentechfund.org
+
+-->
 <ruleset name="OpenTechFund">
 
+	<!--	Direct rewrites:
+				-->
+	<target host="opentechfund.org" />
+	<target host="www.opentechfund.org" />
+
+	<!--	Complications:
+				-->
 	<target host="opentechfund.com" />
-	<target host="*.opentechfund.com" />
+	<target host="www.opentechfund.com" />
+
+
+	<!--	Cloudflare cookies:
+					-->
+	<!--securecookie host="^\.opentechfund\.org$" name="^(__cfduid|cf_clearance)$" /-->
 
+	<securecookie host="^\.opentechfund\.org$" name=".+" />
 
-	<securecookie host="^\.opentechfund\.com$" name=".+" />
 
+	<rule from="^http://(?:www\.)?opentechfund\.com/"
+		to="https://www.opentechfund.org/" />
 
-	<rule from="^http://(www\.)?opentechfund\.com/"
-		to="https://$1opentechfund.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/OpenTelecoms.org.xml b/src/chrome/content/rules/OpenTelecoms.org.xml
new file mode 100644
index 000000000000..08a3092bb2a6
--- /dev/null
+++ b/src/chrome/content/rules/OpenTelecoms.org.xml
@@ -0,0 +1,22 @@
+<!--
+	Nonfunctional hosts in *.opentelecoms.org:
+
+	certificate mismatch:
+	- planet.opentelecoms.org
+	connection refused:
+	- polycom.opentelecoms.org
+	- www.polycom.opentelecoms.org
+
+	https://www.opentelecoms.org has certificate mismatch, but
+	http://www.opentelecoms.org redirects to http://opentelecoms.org
+	https://opentelecoms.org has correct certificate
+-->
+<ruleset name="OpenTelecoms.org">
+	<target host="opentelecoms.org" />
+	<target host="www.opentelecoms.org" />
+
+	<rule from="^http://www\.opentelecoms\.org/"
+		to="https://opentelecoms.org/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/OpenText.xml b/src/chrome/content/rules/OpenText.xml
index d93676e5c780..68e001abc4ed 100644
--- a/src/chrome/content/rules/OpenText.xml
+++ b/src/chrome/content/rules/OpenText.xml
@@ -31,7 +31,8 @@
 <ruleset name="OpenText (partial)">
 
 	<target host="opentext.com" />
-	<target host="*.opentext.com" />
+	<target host="communities.opentext.com" />
+	<target host="www.opentext.com" />
 		<!--
 			Breaks resource paths:
 						-->
@@ -41,10 +42,7 @@
 	<securecookie host="^www\.opentext\.com$" name=".+" />
 
 
-	<rule from="^http://(communities\.|www\.)?opentext\.com/"
-		to="https://$1opentext.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-	<rule from="^http://mimage\.opentext\.com/"
-		to="https://a248.e.akamai.net/f/248/9057/1d/mimage.opentext.com/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/OpenTok.com.xml b/src/chrome/content/rules/OpenTok.com.xml
new file mode 100644
index 000000000000..6666024c5e67
--- /dev/null
+++ b/src/chrome/content/rules/OpenTok.com.xml
@@ -0,0 +1,32 @@
+<!--
+	For other TokBox coverage, see TokBox.xml.
+
+
+	CDN buckets:
+
+		- static.opentok.com.edgesuite.net
+
+
+	Nonfunctional hosts in *opentok.com:
+
+		- status.opentok.com
+
+
+	Problematic hosts in *opentok.com:
+
+		- labs.opentok.com *
+
+	* Mismatched
+
+-->
+<ruleset name="OpenTok.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="static.opentok.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OpenTopoMap.org.xml b/src/chrome/content/rules/OpenTopoMap.org.xml
new file mode 100644
index 000000000000..745428fbc31a
--- /dev/null
+++ b/src/chrome/content/rules/OpenTopoMap.org.xml
@@ -0,0 +1,21 @@
+<!--
+	This domain contains a wildcard DNS record.
+
+	Expired:
+		garmin.opentopomap.org
+-->
+<ruleset name="OpenTopoMap.org">
+
+	<target host="opentopomap.org" />
+	<target host="www.opentopomap.org" />
+	<target host="garmin2.opentopomap.org" />
+	<target host="tile.opentopomap.org" />
+	<target host="a.tile.opentopomap.org" />
+	<target host="b.tile.opentopomap.org" />
+	<target host="c.tile.opentopomap.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OpenUniversity.xml b/src/chrome/content/rules/OpenUniversity.xml
deleted file mode 100644
index 41935e797840..000000000000
--- a/src/chrome/content/rules/OpenUniversity.xml
+++ /dev/null
@@ -1,49 +0,0 @@
-<ruleset name="The Open University (buggy)" default_off="https://eff.org/r.5E5">
-<!--
-        The OU has myriads of domains, most of which do not support https.
-        Specifically, it appears that all department and faculty websites
-        do not support it.
-
-        However this ruleset does cover the general website, the prospectuses
-        (undergraduate, graduate and research), StudentHome, TutorHome,
-        OpenLearn/LearningSpace, LabSpace, and the OU Alumni website.
-
-        Notable exceptions: www2.open.ac.uk, www8.open.ac.uk, library.open.ac.uk,
-                            voyager.open.ac.uk, discuss2.open.ac.uk, www.open2.net
-
-        Unknown: intranet.open.ac.uk, intranet-gw.open.ac.uk
-
-        This ruleset does not include mail.google.com as that is already covered
-        by the GoogleServices ruleset.
--->
-  <target host="css2.open.ac.uk" />
-  <target host="labspace.open.ac.uk" />
-  <target host="learn.open.ac.uk" />
-  <target host="msds.open.ac.uk" />
-  <target host="openlearn.open.ac.uk" />
-  <target host="www.open.ac.uk" />
-  <target host="www3.open.ac.uk" />
-
-<!--	The OU forwards www.openuniversity.ac.uk to www.open.ac.uk,
-        but www.openuniversity.ac.uk does not support https. So we rewrite
-        http://www.openuniversity.ac.uk directly to https://www.open.ac.uk
--->
-  <target host="www.openuniversity.ac.uk" />
-
-<!--
-        The OU Worldwide offers lots of OU module materials
--->
-  <target host="www.ouw.co.uk" />
-
-<!--
-        The OU Students Association, and their webshop
--->
-  <target host="www.ousa.org.uk" />
-  <target host="rsm2.rsmsecure.com" />
-
-  <rule from="^http://([^@:/]+)\.open\.ac\.uk/" to="https://$1.open.ac.uk/"/>
-  <rule from="^http://www\.openuniversity\.ac\.uk/" to="https://www.open.ac.uk/"/>
-  <rule from="^http://www\.ouw\.co\.uk/" to="https://www.ouw.co.uk/"/>
-  <rule from="^http://rsm2\.rsmsecure\.com/ousacart/webstore/" to="https://rsm2.rsmsecure.com/ousacart/webstore/"/>
-  <rule from="^http://www\.ousa\.org\.uk/" to="https://www.ousa.org.uk/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/OpenUserJS.org.xml b/src/chrome/content/rules/OpenUserJS.org.xml
new file mode 100644
index 000000000000..88a7348eae95
--- /dev/null
+++ b/src/chrome/content/rules/OpenUserJS.org.xml
@@ -0,0 +1,29 @@
+<!--
+	www.openuserjs.org: Refused
+
+-->
+<ruleset name="OpenUserJS.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="openuserjs.org" />
+
+	<!--	Complications:
+				-->
+	<target host="www.openuserjs.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^openuserjs\.org$" name="^connect\.sid$" /-->
+
+	<securecookie host="^openuserjs\.org$" name=".+" />
+
+
+	<rule from="^http://www\.openuserjs\.org/"
+		to="https://openuserjs.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OpenVPN.xml b/src/chrome/content/rules/OpenVPN.xml
index 66f603925c11..c5a92a4f5098 100644
--- a/src/chrome/content/rules/OpenVPN.xml
+++ b/src/chrome/content/rules/OpenVPN.xml
@@ -1,13 +1,139 @@
-<ruleset name="OpenVPN">
+<!--
+	Disabled by https-everywhere-checker because:
+Fetch error: http://forum.openvpn.net/ => https://forum.openvpn.net/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://kyivvpn01.openvpn.net/ => https://kyivvpn01.openvpn.net/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://newstaging.openvpn.net/ => https://newstaging.openvpn.net/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 
-	<target host="openvpn.net" />
-	<target host="*.openvpn.net" />
+	Invalid certificate:
+		as-marketing-demo.openvpn.net
+		click.openvpn.net
+		click.email.openvpn.net
+		lviv-gw-2.openvpn.net  
+		newstaging-2.openvpn.net
+		pgmt-debug1.openvpn.net
+		pgmt-debug2.openvpn.net
+		apple.qa.openvpn.net
+		webmail.openvpn.net
+
+	Non-2xx HTTP code:
+		awspc3.openvpn.net
+		awspc4.openvpn.net
 
+	Refused:
+		autodiscover.openvpn.net
+		do-pgmt.cloud.openvpn.net
+		localhost.openvpn.net
+		pgmt-client-tests.openvpn.net
+		pgmt-client-tests2.openvpn.net
+		ssltest.openvpn.net
 
-	<securecookie host="^(www\.)?openvpn\.net$" name=".*" />
+	Time out:
+		apitest.openvpn.net
+		archive.openvpn.net
+		asirc.openvpn.net
+		asn3.openvpn.net
+		awsc.openvpn.net
+		backup.openvpn.net
+		beta.openvpn.net
+		billing.openvpn.net
+		billing-staging.openvpn.net
+		cftest.openvpn.net
+		connect.openvpn.net
+		crm.openvpn.net
+		dag.openvpn.net
+		dalweb.openvpn.net
+		dev.openvpn.net
+		dev1.openvpn.net
+		dev4.openvpn.net
+		dev8.openvpn.net
+		o1.email.openvpn.net 
+		files.openvpn.net
+		hp.openvpn.net
+		hp-demo.openvpn.net
+		internal.openvpn.net
+		jenkins-test.openvpn.net
+		lists.openvpn.net
+		magnetar.openvpn.net
+		mail.openvpn.net
+		meet.openvpn.net
+		mon.openvpn.net
+		nokia.openvpn.net
+		pgmt-client-tests3.openvpn.net
+		planet.openvpn.net
+		pr.openvpn.net
+		ptdev.openvpn.net
+		o87.ptr9077.openvpn.net
+		puppet.openvpn.net
+		puppet-test.openvpn.net
+		puppet4.openvpn.net
+		qatesting.openvpn.net
+		seafailover.openvpn.net
+		seaweb.openvpn.net
+		seaweb1.openvpn.net
+		secure.openvpn.net
+		sp.openvpn.net
+		status.openvpn.net
+		support-staging-instance.openvpn.net
+		svn.openvpn.net
+		test.openvpn.net
+		testing.openvpn.net
+		testweb.openvpn.net
+		webdev.openvpn.net
+		wiki.openvpn.net
+		wp.openvpn.net
+		wpd.openvpn.net
+		zstatus.openvpn.net
 
+	Too many redirects:
+		as-dev-ua1.openvpn.net
+		as-dev-ua2.openvpn.net
+		as-dev-ua3.openvpn.net
+		internalvpn.openvpn.net
 
-	<rule from="^http://(community\.|www\.)?openvpn\.net/"
-		to="https://$1openvpn.net/" />
+	Unreachable:
+		community6.openvpn.net
+		forums6.openvpn.net
+-->
+<ruleset name="openvpn.net">
+	<target host="openvpn.net" />
+	<target host="www.openvpn.net" />
+	<target host="as-billing.openvpn.net" />
+	<target host="as-billing-demo.openvpn.net" />
+	<target host="as-repo.openvpn.net" />
+	<target host="as-repository.openvpn.net" />
+	<target host="billing-backend.openvpn.net" />
+	<target host="billing-demo.openvpn.net" />
+	<target host="billing-stable.openvpn.net" />
+	<target host="blue-sso-backend.openvpn.net" />
+	<target host="build.openvpn.net" />
+	<target host="careers.openvpn.net" />
+	<target host="cloud.openvpn.net" />
+	<target host="cloud-backend.openvpn.net" />
+	<target host="cloud-billing.openvpn.net" />
+	<target host="cloud-billing-demo.openvpn.net" />
+	<target host="cloudops.openvpn.net" />
+	<target host="cloudops-backend.openvpn.net" />
+	<target host="cloudvpn-demo.openvpn.net" />
+	<target host="cloudvpn-stable.openvpn.net" />
+	<target host="community.openvpn.net" />
+	<target host="docs.openvpn.net" />
+	<target host="forums.openvpn.net" />
+	<target host="go.openvpn.net" />
+	<target host="green-sso-backend.openvpn.net" />
+	<target host="ipv6.openvpn.net" />
+	<target host="myaccount.openvpn.net" />
+	<target host="nc.openvpn.net" />
+	<target host="openvpn-ecs-cluster.openvpn.net" />
+	<target host="patchwork.openvpn.net" />
+	<target host="pay.openvpn.net" />
+	<target host="sso.openvpn.net" />
+	<target host="sso-backend.openvpn.net" />
+	<target host="sso-demo.openvpn.net" />
+	<target host="sso-stable.openvpn.net" />
+	<target host="stats.openvpn.net" />
+	<target host="support.openvpn.net" />
+	<target host="swupdate.openvpn.net" />
+	<target host="www-staging-2.openvpn.net" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/OpenVZ.org.xml b/src/chrome/content/rules/OpenVZ.org.xml
deleted file mode 100644
index 241da34c9a6f..000000000000
--- a/src/chrome/content/rules/OpenVZ.org.xml
+++ /dev/null
@@ -1,35 +0,0 @@
-<!--
-		- openvz.livejournal.com
-
-			- blog
-
-
-	Nonfunctional subdomains:
-
-		- blog		(redirects to www.livejournal.com; mismatched, CN: *.livejournal.com)
-		- download *
-		- git *
-
-	* Refused
-
-
-	Fully covered subdomains:
-
-		- (www.)
-		- bugzilla
-		- forum
-
--->
-<ruleset name="OpenVZ.org (partial)">
-
-	<target host="openvz.org" />
-	<target host="*.openvz.org" />
-
-
-	<securecookie host="^(?:bugzilla|\.forum|www\.)?openvz\.org$" name=".+" />
-
-
-	<rule from="^http://((?:bugzilla|forum|www)\.)?openvz\.org/"
-		to="https://$1openvz.org/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/OpenVim.com.xml b/src/chrome/content/rules/OpenVim.com.xml
new file mode 100644
index 000000000000..900eed74248f
--- /dev/null
+++ b/src/chrome/content/rules/OpenVim.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="OpenVim.com">
+	<target host="openvim.com" />
+	<target host="www.openvim.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/OpenWRT-mismatches.xml b/src/chrome/content/rules/OpenWRT-mismatches.xml
deleted file mode 100644
index 9e85b86f8d19..000000000000
--- a/src/chrome/content/rules/OpenWRT-mismatches.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	For rules that are on by default, see OpenWRT.xml.
-
--->
-<ruleset name="OpenWRT (mismatches)" default_off="mismatch">
-
-	<target host="wiki.openwrt.org" />
-		<!--	Handled in the main ruleset.	-->
-		<exclusion pattern="^http://wiki\.openwrt\.org/lib/tpl/ameoto/images/(bg(-2)?|footer|openwrt-logo)\.png$" />
-
-
-	<!--	Cookies are handled in the main ruleset.	-->
-
-
-	<rule from="^http://wiki\.openwrt\.org/"
-		to="https://wiki.openwrt.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/OpenWRT.xml b/src/chrome/content/rules/OpenWRT.xml
index f4c1d1b757e9..3cc002659093 100644
--- a/src/chrome/content/rules/OpenWRT.xml
+++ b/src/chrome/content/rules/OpenWRT.xml
@@ -1,46 +1,46 @@
 <!--
-	For problematic rules, see OpenWRT-mismatches.xml.
+	Nonfunctional hosts in *openwrt.org:
 
+		- kamikaze ¹
+		- buildbot.openwrt.org:8010 ²
 
-	Nonfunctional subdomains:
+	¹ Shows www.openwrt.org
+	² Only using http
 
-		- downloads *
-		- git		(refused)
-		- kamikaze *
+	Insecure cookies are set for these hosts:
 
-	* Shows www; mismatched, CN: www.openwrt.org
-
-
-	Problematic subdomains:
-
-		- wiki	(works; mismatched, CN: subsignal.org)
-
-
-	Fully covered subdomains:
-
-		- (www.)
-		- dev
-		- forum
-		- lists
+		- openwrt.org
+		- forum.openwrt.org
+		- wiki.openwrt.org
 
 -->
-<ruleset name="OpenWRT (partial)">
+<ruleset name="OpenWRT.org">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="openwrt.org" />
-	<target host="*.openwrt.org" />
-
+	<target host="www.openwrt.org" />
+	<target host="archive.openwrt.org" />
+	<target host="dev.archive.openwrt.org" />
+	<target host="dev.openwrt.org" />
+	<target host="downloads.openwrt.org" />
+	<target host="forum.openwrt.org" />
+	<target host="git.openwrt.org" />
+	<target host="lists.openwrt.org" />
+	<target host="mirror2.openwrt.org" />
+	<target host="wiki.openwrt.org" />
 
-	<securecookie host="^(?:.*\.)?openwrt\.org$" name=".*" />
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(forum\.)?openwrt\.org$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^wiki\.openwrt\.org$" name="^bb2_screener_$$" /-->
 
-	<rule from="^http://openwrt\.org/"
-		to="https://openwrt.org/" />
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(dev|forum|lists|www)\.openwrt\.org/"
-		to="https://$1.openwrt.org/" />
 
-	<rule from="^https?://wiki\.openwrt\.org/lib/tpl/ameoto/images/(bg(?:-2)?|footer|openwrt-logo)\.png$"
-		to="https://openwrt.org/.styles/img/$1.png" />
+	<rule from="^http:"
+		to="https:" />
 
 
 </ruleset>
diff --git a/src/chrome/content/rules/OpenWall.com.xml b/src/chrome/content/rules/OpenWall.com.xml
new file mode 100644
index 000000000000..d8ffdcabd4f4
--- /dev/null
+++ b/src/chrome/content/rules/OpenWall.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="OpenWall.com">
+	<target host="openwall.com" />
+	<target host="www.openwall.com" />
+	<target host="cvsweb.openwall.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/OpenWall.org.xml b/src/chrome/content/rules/OpenWall.org.xml
new file mode 100644
index 000000000000..b87342aec9c6
--- /dev/null
+++ b/src/chrome/content/rules/OpenWall.org.xml
@@ -0,0 +1,9 @@
+<ruleset name="OpenWall.org">
+	<target host="openwall.org" />
+	<target host="www.openwall.org" />
+	<target host="oss-security.openwall.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/OpenWeatherMap.org.xml b/src/chrome/content/rules/OpenWeatherMap.org.xml
new file mode 100644
index 000000000000..fef7becc925f
--- /dev/null
+++ b/src/chrome/content/rules/OpenWeatherMap.org.xml
@@ -0,0 +1,31 @@
+<!--
+	Refused:
+		- bulk
+
+	Timeout:
+		- snow
+
+	Mismatched:
+		- wind
+-->
+<ruleset name="OpenWeatherMap.org">
+	<target host="openweathermap.org" />
+	<target host="www.openweathermap.org" />
+	<target host="api.openweathermap.org" />
+	<target host="ru.api.openweathermap.org" />
+	<target host="home.openweathermap.org" />
+	<target host="m.openweathermap.org" />
+	<target host="pro.openweathermap.org" />
+	<target host="samples.openweathermap.org" />
+	<target host="tile.openweathermap.org" />
+	<target host="a.tile.openweathermap.org" />
+	<target host="b.tile.openweathermap.org" />
+	<target host="c.tile.openweathermap.org" />
+	<target host="d.tile.openweathermap.org" />
+	<target host="e.tile.openweathermap.org" />
+	<target host="f.tile.openweathermap.org" />
+	<target host="g.tile.openweathermap.org" />
+	<target host="h.tile.openweathermap.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/OpenX.net.xml b/src/chrome/content/rules/OpenX.net.xml
new file mode 100644
index 000000000000..866c3564a675
--- /dev/null
+++ b/src/chrome/content/rules/OpenX.net.xml
@@ -0,0 +1,41 @@
+<!--
+	For other OpenX coverage, see OpenX.xml.
+
+
+	Nonfunctional hosts in *openx.net:
+
+		- (www.) -  self-signed & expired & mismatched, CN: *.openx.com
+
+
+	Insecure cookies are set for these domains: ᶜ
+
+		- .openx.net
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+	OpenX runs a subdomain for every customer, for maintenance reasons we use a wildcard here.
+-->
+<ruleset name="OpenX.net (partial)">
+
+	<target host="*.openx.net" />
+
+		<!--	Set cookies without Secure:
+							-->
+		<test url="http://u.openx.net/w/1.0/sc?r=http%3A%2F%2Fox-d.openxadexchange.com%2Fw%2F1.0%2Frs%3Fcc%3D1%26as%3D1%26cb%3D1" />
+		<test url="http://us-u.openx.net/w/1.0/pd?plm=1&amp;ph=00000000-0000-0000-0000-000000000000" />
+		<test url="http://us-ads.openx.net/" />
+		<test url="http://bid.openx.net/" />
+		<test url="http://www.openx.net/" />
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.openx\.net$" name="^(?:i|pd)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+	<exclusion pattern="^http://www\.openx\.net/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OpenX.xml b/src/chrome/content/rules/OpenX.xml
index a52b507f5d7b..62763e7840cd 100644
--- a/src/chrome/content/rules/OpenX.xml
+++ b/src/chrome/content/rules/OpenX.xml
@@ -1,181 +1,89 @@
-<!--
-	Other OpenX rulesets:
-
-		- Advertisers-OpenX.com.xml
-		- JumpTime.com.xml
-		- Liftdna.com.xml
-
-
-	CDN buckets:
-
-		- i.fhserve.com.cdn.cloudflare.net
-
-		- i.cdn.openx.com.edgesuite.net
-
-			- a1621.g.akamai.net
-
-		- i.xx.openx.com.edgesuite.net
-
-			- a1773.g.akamai.net
-
-		- i-cdn.servedbyopenx.com.edgesuite.net
-
-			- a1856.g.akamai.net
-
-		- akamai.openx.org
-
-			- a1051.w7.akamai.net
-			- blog.openx.org
-			- support.openx.org
-
-
-	Nonfunctional domains:
-
-		- i.fhserve.com		(521; mismatched, CN: ssl3985.cloudflare.com)
-		- forum.openx.org *
-		- (www.)openx.net *
-
-	* Shows blog.openx.org; self-signed, CN: *.openx.com
-
-
-	Problematic domains:
-
-		- fhserve.com		(shows contact form)
-
-		- openx.com subdomains:
-
-			- i.cdn *
-			- support	(shows blog.openx.org, self-signed)
-			- i.xx *
-
-		- openx.org subdomains:
-
-			- ^ **		(works, self-signed)
-			- blog *
-			- edit-blog **
-			- support	(shows blog.openx.org, akamai)
-
-		- (www.)servedbyopenx.com	(shows blog.openx.org; self-signed, CN: openx.com)
-		- i-cdn.servedbyopenx.com *
-
-	* Works, akamai
-	** Works; self-signed, CN: *.openx.com
-
-
-	Partially covered domains:
-
-		- blog.openx.org *
-		- edit-blog.openx.org *
-
-	* → akamai, avoiding user-visible paths
-
-
-	Fully covered domains:
-
-		- www.fhserve.com	(^ → www)
-
-		- openx.com subdomains:
-
-			- (www.)
-			- ac
-			- ssl-i.cdn
-			- i-cdn
-			- lift
-			- pc
-			- sso
-			- d.tradex
-			- uk-ac
-			- ssl-i.xx
-
-		- openx.net subdomains:
-
-			- bid
-			- r
-			- u
-			- us-ads
-
-		- openx.org subdomains:
-
-			- (www.)	(^ → www)
-			- adserver
-			- d1
-			- developer
-			- svn
-
-		- *-d.openxenterprise.com
-		- (www.)servedbyopenx.com	(→ www.openx.org)
-		- i-cdn.servedbyopenx.com	(→ i-cdn.openx.com)
-
-
-	(www.)openxenterprise.com doesn't exist.
-
-
-	Mixed content:
-
-		- Web bugs, on www.openx.com from:
-
-			- marketing.liftdna.com *
-			- d3.advertisers-openx.com *
-			- u.openx.net *
-			- mediaservices-d.openxenterprise.com *
-			- t3.trackalyzer.com *
-
-	* Secured buy us
 
+<!--
+The following targets have been disabled at 2020-09-25 16:20:22:
 
-	We don't care about web bugs, so don't
-	mark this ruleset as mixedcontent.
+Fetch error: http://ssl-i.xx.openx.com/ => https://ssl-i.xx.openx.com/: (6, 'Could not resolve host: ssl-i.xx.openx.com')
 
 -->
-<ruleset name="OpenX (partial)">
 
+<!--
+The following targets have been disabled at 2020-04-17 18:38:06:
+
+Fetch error: http://cci-graphs.openx.com/ => https://cci-graphs.openx.com/: (6, 'Could not resolve host: cci-graphs.openx.com')
+Fetch error: http://i-cdn.openx.com/ => https://i-cdn.openx.com/: (51, "SSL: no alternative certificate subject name matches target host name 'i-cdn.openx.com'")
+Fetch error: http://origin-cdn.openx.com/ => https://origin-cdn.openx.com/: (51, "SSL: no alternative certificate subject name matches target host name 'origin-cdn.openx.com'")
+Fetch error: http://selfservice.openx.com/ => https://selfservice.openx.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+	Other OpenX.com related rulesets:
+		+ Advertisers-OpenX.com.xml
+		+ Fhserve.com.xml
+		+ JumpTime.com.xml
+		+ Liftdna.com.xml
+		+ OpenX.net.xml
+		+ OpenX_ad_exchange.com.xml
+		+ Served_by_OpenX.com.xml
+
+	Non-functional hosts
+		Couldn't connect to server:
+		- de.openx.com
+		- go.openx.com
+		- uk.openx.com
+
+		Timeout was reached:
+		- openx.com
+		- uk-ac.openx.com
+
+		SSL peer certificate was not OK:
+		- i.cdn.openx.com
+		- optimizedby.openx.com
+		- prod-d.openx.com
+		- i.psa-ads.openx.com
+		- psa-d.openx.com
+		- psa-i.openx.com
+		- tracking.openx.com
+		- uk-market.openx.com
+		- us-market.openx.com
+		- welcome.openx.com
+		- i.xx.openx.com
+
+		Peer certificate cannot be authenticated with given CA certificates:
+		- stats.openx.com
+		- support.openx.com
+
+		Incomplete certificate chain error:
+		- community.openx.com
+		- www.community.openx.com
+		- orange-ac.openx.com
+		- peeps.openx.com
+		- staging.openx.com
+		- xfer.openx.com
+
+		Self-signed certificate chain error:
+		- currency-service.openx.com
+
+		Status code mismatch:
+		- cdn.platform.dev.openx.com
+		- cdn.platform.qa.openx.com
+-->
+<ruleset name="OpenX.com">
 	<target host="openx.com" />
-	<target host="*.openx.com" />
-	<target host="*.openx.net" />
-	<target host="*.openx.org" />
-		<!--
-			Avoid user-visible paths:
-							-->
-		<exclusion pattern="^http://(?:edit-)?blog\.openx\.org/(?!wp-content/)" />
-	<target host="*.openxenterprise.com" />
-	<target host="servedbyopenx.com" />
-	<target host="*.servedbyopenx.com" />
-
-
-	<!--securecookie host="^\.openx\.com$" name="^(_mkto_trk|__utm\w)$" /-->
-	<securecookie host="^(?:ac|i-cdn|lift|sso|d\.tradex|uk-ac|www)?\.openx\.com$" name=".+" />
-	<securecookie host="^(?:us-ads)?\.openx\.net$" name=".+" />
-	<securecookie host="^(?:adserver|d1|developer)\.openx\.org$" name=".+" />
-	<securecookie host="^\w+-d\.openxenterprise\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?fhserve\.com/"
-		to="https://www.fhserve.com/" />
-
-	<rule from="^http://((?:ac|ssl-i\.cdn|lift|pc|sso|d\.tradex|uk-ac|www|ssl-i\.xx)\.)?openx\.com/"
-		to="https://$1openx.com/" />
-
-	<rule from="^http://i-cdn\.(?:servedby)?openx\.com/"
-		to="https://i-cdn.openx.com/" />
-
-	<!--	r & u: tracking beacons
-					-->
-	<rule from="^http://(bid|[ru]|us-ads)\.openx\.net/"
-		to="https://$1.openx.net/" />
-
-	<rule from="^http://(?:www\.)?(?:openx\.org|servedbyopenx\.com)/"
-		to="https://www.openx.org/" />
-
-	<rule from="^http://(adserver|d1|developer|svn)\.openx\.org/"
-		to="https://$1.openx.org/" />
-
-	<rule from="^http://(?:edit-)?blog\.openx\.org/"
-		to="https://a248.e.akamai.net/=/1051/7326/7m/blog.openx.org/" />
-
-	<!--	- Tracking beacon
-		- Seems edentical to u.openx.net
-						-->
-	<rule from="^http://(\w+)-d\.openxenterprise\.com/"
-		to="https://$1-d.openxenterprise.com/" />
-
+	<target host="www.openx.com" />
+	<!-- target host="cci-graphs.openx.com" /-->
+	<target host="ssl-i.cdn.openx.com" />
+	<target host="docs.openx.com" />
+	<!-- target host="i-cdn.openx.com" /-->
+	<target host="m-sso.openx.com" />
+	<!-- target host="origin-cdn.openx.com" /-->
+	<target host="cdn.platform.openx.com" />
+	<!-- target host="selfservice.openx.com" /-->
+	<target host="sso.openx.com" />
+	<target host="post.update.openx.com" />
+	<target host="s.update.openx.com" />
+	<!-- target host="ssl-i.xx.openx.com" /-->
+
+	<rule from="^http://openx\.com/"
+			to="https://www.openx.com/" />
+
+	<rule from="^http:"
+			to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/OpenXMPP.com.xml b/src/chrome/content/rules/OpenXMPP.com.xml
new file mode 100644
index 000000000000..c5c62fcb0869
--- /dev/null
+++ b/src/chrome/content/rules/OpenXMPP.com.xml
@@ -0,0 +1,21 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://openxmpp.com/ => https://openxmpp.com/: (7, 'Failed to connect to openxmpp.com port 443: Connection refused')
+
+	These altnames don't exist:
+
+		- www.openxmpp.com
+
+-->
+<ruleset name="OpenXMPP.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="openxmpp.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OpenX_ad_exchange.com.xml b/src/chrome/content/rules/OpenX_ad_exchange.com.xml
new file mode 100644
index 000000000000..e26028b2f86d
--- /dev/null
+++ b/src/chrome/content/rules/OpenX_ad_exchange.com.xml
@@ -0,0 +1,31 @@
+<!--
+	For other OpenX coverage, see OpenX.xml.
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- ox-d.openxadexchange.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="OpenX ad exchange.com">
+
+	<target host="ox-d.openxadexchange.com" />
+
+		<!--	Sets cookie without Secure:
+							-->
+		<!--test url="http://ox-d.openxadexchange.com/w/1.0/rs?as=1&amp;cb=1" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^ox-d\.openxadexchange\.com$" name="^OX_u$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Open_Archives.org.xml b/src/chrome/content/rules/Open_Archives.org.xml
new file mode 100644
index 000000000000..5acfcf967386
--- /dev/null
+++ b/src/chrome/content/rules/Open_Archives.org.xml
@@ -0,0 +1,20 @@
+<!--
+	Mixed content:
+
+		- favicon on (www.)? from www *
+
+	* Secured by us
+
+-->
+<ruleset name="Open Archives.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="openarchives.org" />
+	<target host="www.openarchives.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Open_Badges.xml b/src/chrome/content/rules/Open_Badges.xml
index 38d578250634..d68aa37d51ad 100644
--- a/src/chrome/content/rules/Open_Badges.xml
+++ b/src/chrome/content/rules/Open_Badges.xml
@@ -1,17 +1,52 @@
 <!--
 	For other Mozilla coverage, see Mozilla.xml.
 
+
+	Nonfunctional hosts in *openbadges.org:
+
+		- ^ *
+		- community *
+
+	* Redirects to http
+
+
+	www : Mismatched
+
+
+	Fully covered hosts in *openbadges.org:
+
+		- backpack
+		- beta
+
+
+	These altnames don't exist:
+
+		- api.openbadges.org
+		- staging.openbadges.org
+
+
+	Insecure cookies are set for these hosts:
+
+		- backpack.openbadges.org
+		- beta.openbadges.org
+
 -->
-<ruleset name="Open Badges">
+<ruleset name="Open Badges.org (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="backpack.openbadges.org" />
+	<target host="beta.openbadges.org" />
 
-	<target host="openbadges.org" />
-	<target host="*.openbadges.org" />
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="(backpack|beta)\.openbadges\.org$" name="^(AWSELB|openbadges_state)$" /-->
 
-	<securecookie host="^.+\.openbadges\.org$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(backpack\.|beta\.|www\.)?openbadges\.org/"
-		to="https://$1openbadges.org/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Open_Book_Publishers.com.xml b/src/chrome/content/rules/Open_Book_Publishers.com.xml
new file mode 100644
index 000000000000..5740c4aa91e1
--- /dev/null
+++ b/src/chrome/content/rules/Open_Book_Publishers.com.xml
@@ -0,0 +1,40 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- www.openbookpublishers.com
+
+
+	Mixed content:
+
+		- css from $self ¹
+		- Images from $self ¹
+
+		- Ads, from:
+
+			- www.doabooks.org ²
+			- www.inasp.info ²
+			- cdn.worldreader.org ¹
+
+	¹ Secured by us
+	² Unsecurable <= refused
+
+-->
+<ruleset name="Open Book Publishers.com (false MCB)" platform="mixedcontent">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="openbookpublishers.com" />
+	<target host="www.openbookpublishers.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.openbookpublishers\.com$" name="^(jssHash|jssCart)$" /-->
+
+	<securecookie host="^www\.openbookpublishers\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Open_Containers.org.xml b/src/chrome/content/rules/Open_Containers.org.xml
new file mode 100644
index 000000000000..dd7213b89cb9
--- /dev/null
+++ b/src/chrome/content/rules/Open_Containers.org.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .opencontainers.org
+		- .www.opencontainers.org
+
+-->
+<ruleset name="Open Containers.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="opencontainers.org" />
+	<target host="www.opencontainers.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.(?:www\.)?opencontainers\.org$" name="^ARRAffinity$" /-->
+
+	<securecookie host="^\.(?:www\.)?opencontainers\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Open_Crypto_Audit.org.xml b/src/chrome/content/rules/Open_Crypto_Audit.org.xml
new file mode 100644
index 000000000000..92d9c9368983
--- /dev/null
+++ b/src/chrome/content/rules/Open_Crypto_Audit.org.xml
@@ -0,0 +1,15 @@
+<ruleset name="Open Crypto Audit.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="opencryptoaudit.org" />
+	<target host="www.opencryptoaudit.org" />
+
+
+	<securecookie host="^\.opencryptoaudit\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Open_Culture.com-problematic.xml b/src/chrome/content/rules/Open_Culture.com-problematic.xml
new file mode 100644
index 000000000000..1c6831b72fc1
--- /dev/null
+++ b/src/chrome/content/rules/Open_Culture.com-problematic.xml
@@ -0,0 +1,18 @@
+<!--
+	For rules that are on by default, see Open_Culture.com.xml.
+
+-->
+<ruleset name="Open Culture.com (missing certificate chain)" default_off="cert-chain">
+
+	<target host="openculture.com" />
+	<target host="www.openculture.com" />
+
+
+	<securecookie host="^\." name="^__qca$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Open_Culture.com.xml b/src/chrome/content/rules/Open_Culture.com.xml
new file mode 100644
index 000000000000..649d8187bb25
--- /dev/null
+++ b/src/chrome/content/rules/Open_Culture.com.xml
@@ -0,0 +1,53 @@
+<!--
+	For problematic rules, see Open_Culture.com-problematic.xml.
+
+
+	CDN buckets:
+
+		- d1ayzv28eu3kt6.cloudfront.net
+		- d2dd5oq2irx77.cloudfront.net
+
+
+	(www.)?openculture.com: Server sends no certificate chain, see https://whatsmychaincert.com
+
+
+	Mixed content:
+
+		- iframes, on www from:
+
+			- www.bbc.co.uk
+			- w.soundcloud.com
+			- player.vimeo.com
+
+		- Images on www from cdn\d?.openculture.com *
+		- Web bugs on www www.facebook.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Open Culture.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<!--target host="openculture.com" /-->
+	<target host="cdn.openculture.com" />
+	<target host="cdn2.openculture.com" />
+	<target host="cdn3.openculture.com" />
+	<target host="cdn4.openculture.com" />
+	<target host="cdn5.openculture.com" />
+	<target host="cdn6.openculture.com" />
+	<target host="cdn7.openculture.com" />
+	<target host="cdn8.openculture.com" />
+	<!--target host="www.openculture.com" /-->
+
+
+	<!--	Tracking cookies:
+					-->
+	<securecookie host="^\." name="^__qca$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Open_Directory.xml b/src/chrome/content/rules/Open_Directory.xml
index 3cc00a8ab119..57193087793d 100644
--- a/src/chrome/content/rules/Open_Directory.xml
+++ b/src/chrome/content/rules/Open_Directory.xml
@@ -1,13 +1,22 @@
-<ruleset name="Open Directory">
+<!--
+	Open Directory
 
+
+	(www.)?: Plaintext reply
+
+-->
+<ruleset name="ODir.org" default_off="plaintext reply">
+
+	<!--	Direct rewrites:
+				-->
 	<target host="odir.org" />
-	<target host="*.odir.org" />
+	<target host="www.odir.org" />
 
 
 	<securecookie host="^\.odir\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?odir\.org/"
-		to="https://$1odir.org/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Open_Door.com.xml b/src/chrome/content/rules/Open_Door.com.xml
new file mode 100644
index 000000000000..ce7443cfa817
--- /dev/null
+++ b/src/chrome/content/rules/Open_Door.com.xml
@@ -0,0 +1,31 @@
+<!--
+	Insecure cookies are set for these domains and hosts:
+
+		- .opendoor.com
+		- faq.opendoor.com
+		- www.opendoor.com
+
+-->
+<ruleset name="Open Door.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="opendoor.com" />
+	<target host="faq.opendoor.com" />
+	<target host="labs.opendoor.com" />
+	<target host="www.opendoor.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.opendoor\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+	<!--securecookie host="^faq\.opendoor\.com$" name="^PLAY_SESSION$" /-->
+	<!--securecookie host="^www\.opendoor\.com$" name="^(?:XSRF-TOKEN|_web_session)$" /-->
+
+	<securecookie host=".*\.opendoor\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Open_Doors.org.xml b/src/chrome/content/rules/Open_Doors.org.xml
new file mode 100644
index 000000000000..9e93d00abace
--- /dev/null
+++ b/src/chrome/content/rules/Open_Doors.org.xml
@@ -0,0 +1,29 @@
+<!--
+	Other Open Door rulesets:
+
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.opendoors.org
+
+-->
+<ruleset name="Open Doors.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="opendoors.org" />
+	<target host="www.opendoors.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.opendoors\.org$" name="^\.ASPXANONYMOUS$" /-->
+
+	<securecookie host="^www\.opendoors\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Open_Farm_Game.xml b/src/chrome/content/rules/Open_Farm_Game.xml
deleted file mode 100644
index 7d377e905545..000000000000
--- a/src/chrome/content/rules/Open_Farm_Game.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	For other E14N coverage, see E14N.xml.
-
-
-	Problematic subdomains:
-
-		 - www		(http redirects to https://www, cert only matches ^openfarmgame.com)
-
--->
-<ruleset name="Open Farm Game">
-
-	<target host="openfarmgame.com" />
-	<target host="www.openfarmgame.com" />
-
-
-	<securecookie host="^openfarmgame\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?openfarmgame\.com/"
-		to="https://openfarmgame.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Open_Garden.com-problematic.xml b/src/chrome/content/rules/Open_Garden.com-problematic.xml
new file mode 100644
index 000000000000..676df601d474
--- /dev/null
+++ b/src/chrome/content/rules/Open_Garden.com-problematic.xml
@@ -0,0 +1,15 @@
+<!--
+	For rules on by default, see Opengarden.com.xml.
+
+-->
+<ruleset name="Open Garden.com (mismatched)" default_off="mismatched">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="forum.opengarden.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Open_Hunt.co.xml b/src/chrome/content/rules/Open_Hunt.co.xml
new file mode 100644
index 000000000000..f2a5d66edff5
--- /dev/null
+++ b/src/chrome/content/rules/Open_Hunt.co.xml
@@ -0,0 +1,21 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://openhunt.co/ => https://openhunt.co/: (7, 'Failed to connect to openhunt.co port 443: Connection refused')
+Fetch error: http://www.openhunt.co/ => https://www.openhunt.co/: (51, "SSL: no alternative certificate subject name matches target host name 'www.openhunt.co'")
+
+-->
+<ruleset name="Open Hunt.co" default_off="failed ruleset test">
+
+	<target host="openhunt.co" />
+	<target host="www.openhunt.co" />
+
+
+	<securecookie host="^\w" name=".+" />
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Open_InfoSec_Foundation.org-problematic.xml b/src/chrome/content/rules/Open_InfoSec_Foundation.org-problematic.xml
new file mode 100644
index 000000000000..ebadc3247b57
--- /dev/null
+++ b/src/chrome/content/rules/Open_InfoSec_Foundation.org-problematic.xml
@@ -0,0 +1,25 @@
+<!--
+	For rules that are on by default, see Open_InfoSec_Foundation.org.xml.
+
+
+	Server sends no certificate chain *
+
+	* See https://whatsmychaincert.com
+
+-->
+<ruleset name="Open InfoSec Foundation.org (missing certificate chain)" default_off="cert-chain">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="openinfosecfoundation.org" />
+	<target host="lists.openinfosecfoundation.org" />
+	<target host="www.openinfosecfoundation.org" />
+
+
+	<securecookie host="^(?:www\.)?openinfosecfoundation\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Open_InfoSec_Foundation.org.xml b/src/chrome/content/rules/Open_InfoSec_Foundation.org.xml
new file mode 100644
index 000000000000..ea74cbce403a
--- /dev/null
+++ b/src/chrome/content/rules/Open_InfoSec_Foundation.org.xml
@@ -0,0 +1,49 @@
+<!--
+	For problematic coverage, see Open_InfoSec_Foundation.org-problematic.xml.
+
+
+	Problematic hosts in *openinfosecfoundation.org:
+
+		- (www.)? *
+		- lists *
+
+	* Server sends no certificate chain, see https://whatsmychaincert.com
+
+
+	Fully covered hosts in *openinfosecfoundation.org:
+
+		- doxygen
+		- redmine
+
+
+	Insecure cookies are set for these hosts:
+
+		- openinfosecfoundation.org
+		- redmine.openinfosecfoundation.org
+		- www.openinfosecfoundation.org
+
+-->
+<ruleset name="Open InfoSec Foundation.org (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<!--target host="openinfosecfoundation.org" /-->
+	<target host="doxygen.openinfosecfoundation.org" />
+	<!--target host="lists.openinfosecfoundation.org" /-->
+	<target host="redmine.openinfosecfoundation.org" />
+	<!--target host="www.openinfosecfoundation.org" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?openinfosecfoundation\.org$" name="^[0-9a-f]{32}$" /-->
+	<!--securecookie host="^redmine\.openinfosecfoundation\.org$" name="^_redmine_session$" /-->
+
+	<!--securecookie host="^(?:redmine\.|www\.)?openinfosecfoundation\.org$" name=".+" /-->
+	<securecookie host="^redmine\.openinfosecfoundation\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Open_Knowledge_Foundation.xml b/src/chrome/content/rules/Open_Knowledge_Foundation.xml
index 636cafb12957..270106e558c0 100644
--- a/src/chrome/content/rules/Open_Knowledge_Foundation.xml
+++ b/src/chrome/content/rules/Open_Knowledge_Foundation.xml
@@ -1,14 +1,79 @@
 <!--
-	CN: page.ly
+	Open Knowledge Foundation
+
+	For rules causing false/broken MCB, see okfn.org-falsemixed.xml.
+
+
+	Problematic hosts in *okfn.org:
+
+		- blog ˣ
+		- www ᵗ
+
+	ᵗ Reset, preemptable redirect
+	ˣ Mixed css, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- okfn.org
+		- .okfn.org
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css, on:
+
+			- blog from a.okfn.org ˢ
+			- blog from assets.okfn.org ˢ
+			- blog from $self ˢ
+			- blog from blog.core.okfn.org ˢ
+
+		- Images, on:
+
+			- blog from $self ˢ
+			- blog from blog.core.okfn.org ˢ
+			- blog from i\d.wp.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="Open Knowledge Foundation (partial)" default_off="mismatched">
+<ruleset name="OKFn.org (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="okfn.org" />
+	<!--target host="a.okfn.org" /-->
+	<target host="assets.okfn.org" />
+	<!--target host="blog.okfn.org" /-->
+	<!--target host="blog.core.okfn.org" /-->
+	<target host="pad.okfn.org" />
+
+		<!--
+		<test url="http://a.okfn.org/html/oki/panel/panel.html" />
+		-->
+		<test url="http://assets.okfn.org/themes/okfn/okf-footer/okf-footer.css" />
+
+	<!--	Complications:
+				-->
 	<target host="www.okfn.org" />
 
 
-	<rule from="^https?://(?:www\.)?okfn\.org/"
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^okfn\.org$" name="django_language$" /-->
+	<!--securecookie host="^\.okfn\.org$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<!--	Redirect keeps all:
+					-->
+	<rule from="^http://www\.okfn\.org/"
 		to="https://okfn.org/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Open_Library.org.xml b/src/chrome/content/rules/Open_Library.org.xml
new file mode 100644
index 000000000000..9625a44dcab6
--- /dev/null
+++ b/src/chrome/content/rules/Open_Library.org.xml
@@ -0,0 +1,24 @@
+<!--
+	For other Internet Archive coverage, see Internet-Archive.xml.
+
+
+	Mixed content:
+
+		- Images on blog from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Open Library.org">
+
+	<target host="openlibrary.org" />
+	<target host="blog.openlibrary.org" />
+	<target host="www.openlibrary.org" />
+	<target host="code.openlibrary.org" />
+	<target host="covers.openlibrary.org" />
+	<target host="dev.openlibrary.org" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Open_Mesh.xml b/src/chrome/content/rules/Open_Mesh.xml
deleted file mode 100644
index 86b5a749d089..000000000000
--- a/src/chrome/content/rules/Open_Mesh.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	Cert only matches *.open-mesh.org
-
--->
-<ruleset name="Open Mesh" platform="cacert">
-
-	<target host="open-mesh.org" />
-	<target host="www.open-mesh.org" />
-
-
-	<securecookie host="^www\.open-mesh\.org$" name=".+" />
-
-
-	<rule from="^https?://(?:www\.)?open-mesh\.org/"
-		to="https://www.open-mesh.org/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Open_Microscopy.org.xml b/src/chrome/content/rules/Open_Microscopy.org.xml
new file mode 100644
index 000000000000..bba514c95fdc
--- /dev/null
+++ b/src/chrome/content/rules/Open_Microscopy.org.xml
@@ -0,0 +1,39 @@
+<!--
+	Nonfunctional subdomains:
+
+		- blog ¹
+		- help ¹
+		- qa ²
+
+	¹ GitHub
+	² Shows www
+
+
+	^: Cert only matches www
+
+
+	Fully covered subdomains:
+
+		- (www.)?	(^ → www)
+		- downloads
+
+-->
+<ruleset name="Open Microscopy.org (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="downloads.openmicroscopy.org" />
+	<target host="www.openmicroscopy.org" />
+
+	<!--	Complications:
+				-->
+	<target host="openmicroscopy.org" />
+
+
+	<rule from="^http://openmicroscopy\.org/"
+		to="https://www.openmicroscopy.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Open_Objects.com.xml b/src/chrome/content/rules/Open_Objects.com.xml
new file mode 100644
index 000000000000..da985c329d83
--- /dev/null
+++ b/src/chrome/content/rules/Open_Objects.com.xml
@@ -0,0 +1,41 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://apps.openobjects.com/ => https://apps.openobjects.com/: (52, 'Empty reply from server')
+
+	(www.)?obenobjects.com: refused
+
+-->
+<ruleset name="Open Objects.com (partial)" default_off="failed ruleset test">
+
+	<target host="apps.openobjects.com" />
+	<target host="search3.openobjects.com" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://search3\.openobjects\.com/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://search3\.openobjects\.com/+(?!cdn/|kb5/\d+/directory/assets/|mediamanager/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://search3.openobjects.com/kb5/gloucs/yourcircle/addentry.page" />
+			<test url="http://search3.openobjects.com/kb5/rutland/directory/results.action" />
+			<test url="http://search3.openobjects.com/kb5/towerhamlets/cd/accessibility.page" />
+
+			<!--	-ve:
+					-->
+			<test url="http://search3.openobjects.com/cdn/font-awesome/4.4.0/fonts/fontawesome-webfont.eot" />
+			<test url="http://search3.openobjects.com/kb5/rutland/directory/assets/css/print.min.css" />
+			<test url="http://search3.openobjects.com/kb5/rutland/directory/assets/images/presence/govuk.png" />
+			<test url="http://search3.openobjects.com/mediamanager/merton/fsd/carousel/free-childcare_jpg/free-childcare_display.jpg" />
+
+		<test url="http://apps.openobjects.com/authentication/v1/css/app.css" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Open_Rights_Group.xml b/src/chrome/content/rules/Open_Rights_Group.xml
index 8b262226e5a1..916065517474 100644
--- a/src/chrome/content/rules/Open_Rights_Group.xml
+++ b/src/chrome/content/rules/Open_Rights_Group.xml
@@ -1,24 +1,27 @@
 <!--
 	Other Open Rights Group rulesets:
 
-		- 451_Unavailable.org.xml
+		- Blocked.org.uk.xml
 
-
-	Fully covered subdomains:
-
-		- wiki
+	Widcard matching cannot be used since some subdomains point at third-party services
+	(without matching https certificates) such as news.openrightsgroup.org or gowers.openrightsgroup.org
 
 -->
-<ruleset name="Open Rights Group">
+<ruleset name="Open Rights Group.org">
 
 	<target host="openrightsgroup.org" />
-	<target host="*.openrightsgroup.org" />
-
-
-	<securecookie host="^w(?:iki|ww)\.openrightsgroup\.org$" name=".+" />
-
-
-	<rule from="^http://((?:bug|wiki|www|zine)\.)?openrightsgroup\.org/"
-		to="https://$1openrightsgroup.org/" />
-
-</ruleset>
\ No newline at end of file
+	<target host="bug.openrightsgroup.org" />
+	<target host="cardiff.openrightsgroup.org" />
+	<target host="lists.openrightsgroup.org" />
+	<target host="northeast.openrightsgroup.org" />
+	<target host="scotland.openrightsgroup.org" />
+	<target host="sheffield.openrightsgroup.org" />
+	<target host="widgets.openrightsgroup.org" />
+	<target host="wiki.openrightsgroup.org" />
+	<target host="www.openrightsgroup.org" />
+	<target host="zine.openrightsgroup.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Open_Source.org.xml b/src/chrome/content/rules/Open_Source.org.xml
new file mode 100644
index 000000000000..fc51c4603f99
--- /dev/null
+++ b/src/chrome/content/rules/Open_Source.org.xml
@@ -0,0 +1,10 @@
+<ruleset name="Open Source.org (partial)">
+
+	<target host="opensource.org" />
+	<target host="lists.opensource.org" />
+	<target host="www.opensource.org" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Open_Walls.xml b/src/chrome/content/rules/Open_Walls.xml
deleted file mode 100644
index fce4b56ff2bd..000000000000
--- a/src/chrome/content/rules/Open_Walls.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Open Walls">
-
-	<target host="openwalls.com" />
-	<target host="www.openwalls.com" />
-
-
-	<securecookie host="^openwalls\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?openwalls\.com/"
-		to="https://$1openwalls.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Open_WebMail.org.xml b/src/chrome/content/rules/Open_WebMail.org.xml
new file mode 100644
index 000000000000..f2668932fc59
--- /dev/null
+++ b/src/chrome/content/rules/Open_WebMail.org.xml
@@ -0,0 +1,15 @@
+<!--
+	Non-functional hosts
+		Peer certificate cannot be authenticated with given CA certificates:
+			 - ftp.openwebmail.org
+			 - mail.openwebmail.org
+			 - server6.openwebmail.org
+-->
+<ruleset name="Open WebMail.org">
+	<target host="openwebmail.org" />
+	<target host="www.openwebmail.org" />
+
+	<securecookie host="^(www\.)?openwebmail\.org$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Open_Wireless_Movement.xml b/src/chrome/content/rules/Open_Wireless_Movement.xml
deleted file mode 100644
index 56fc4d766fa4..000000000000
--- a/src/chrome/content/rules/Open_Wireless_Movement.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	For other EFF coverage, see EFF.xml.
-
--->
-<ruleset name="Open Wireless Movement">
-
-	<target host="openwireless.org" />
-	<target host="www.openwireless.org" />
-
-
-	<rule from="^http://(www\.)?openwireless\.org/"
-		to="https://$1openwireless.org/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Openbaar_Ministerie.xml b/src/chrome/content/rules/Openbaar_Ministerie.xml
index db01d16917e0..3589b08024f1 100644
--- a/src/chrome/content/rules/Openbaar_Ministerie.xml
+++ b/src/chrome/content/rules/Openbaar_Ministerie.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(www\.)?om\.nl/(\?xdl=|publish|views)/"
 		to="https://$1om.nl/$2/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Opendemocracy.net.xml b/src/chrome/content/rules/Opendemocracy.net.xml
new file mode 100644
index 000000000000..05d07777f364
--- /dev/null
+++ b/src/chrome/content/rules/Opendemocracy.net.xml
@@ -0,0 +1,31 @@
+<!--
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- opendemocracy.net
+		- .opendemocracy.net
+		- www.opendemocracy.net
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="openDemocracy.net">
+
+	<target host="opendemocracy.net" />
+	<target host="cdn.opendemocracy.net" />
+	<target host="www.opendemocracy.net" />
+
+		<test url="http://cdn.opendemocracy.net/sites/all/themes/od960/styles/donate.css" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?opendemocracy\.net$" name="^poppester$" /-->
+	<!--securecookie host="^\.opendemocracy\.net$" name="^SESS[\da-f]{32}$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OpenfMRI.xml b/src/chrome/content/rules/OpenfMRI.xml
index bb37ca9a1745..1bdc4fb1fe5e 100644
--- a/src/chrome/content/rules/OpenfMRI.xml
+++ b/src/chrome/content/rules/OpenfMRI.xml
@@ -1,10 +1,18 @@
-<ruleset name="OpenfMRI">
 
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.openfmri.org/ => https://www.openfmri.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.openfmri.org'")
+
+-->
+<ruleset name="OpenfMRI.org" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
 	<target host="openfmri.org" />
 	<target host="www.openfmri.org" />
 
 
-	<rule from="^http://(www\.)?openfmri\.org/"
-		to="https://$1openfmri.org/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Openfiler.xml b/src/chrome/content/rules/Openfiler.xml
index 4b98ce5f23fd..ca2b3e3333fe 100644
--- a/src/chrome/content/rules/Openfiler.xml
+++ b/src/chrome/content/rules/Openfiler.xml
@@ -1,13 +1,40 @@
-<ruleset name="openfiler">
 
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://forums.openfiler.com/ => https://forums.openfiler.com/: (7, 'Failed to connect to forums.openfiler.com port 443: Connection refused')
+Fetch error: http://forums2.openfiler.com/ => https://forums2.openfiler.com/: (6, 'Could not resolve host: forums2.openfiler.com')
+Fetch error: http://store.openfiler.com/ => https://store.openfiler.com/: (7, 'Failed to connect to store.openfiler.com port 443: Connection refused')
+
+-->
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://forums2.openfiler.com/ => https://forums2.openfiler.com/: (6, 'Could not resolve host: forums2.openfiler.com')
+Fetch error: http://store.openfiler.com/ => https://store.openfiler.com/: (7, 'Failed to connect to store.openfiler.com port 443: Connection refused')
+
+	Fully covered hosts in *openfiler.com:
+
+		- (www.)?
+		- forums
+		- forums2
+		- store
+
+-->
+<ruleset name="openfiler.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
 	<target host="openfiler.com" />
-	<target host="*.openfiler.com" />
+	<target host="forums.openfiler.com" />
+	<target host="forums2.openfiler.com" />
+	<target host="store.openfiler.com" />
+	<target host="www.openfiler.com" />
 
 
 	<securecookie host="^.*\.openfiler\.com$" name=".+" />
 
 
-	<rule from="^http://(forums2?\.|store\.|www\.)?openfiler\.com/"
-		to="https://$1openfiler.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Opengarden.com.xml b/src/chrome/content/rules/Opengarden.com.xml
index e0d9413337c0..177a47f14520 100644
--- a/src/chrome/content/rules/Opengarden.com.xml
+++ b/src/chrome/content/rules/Opengarden.com.xml
@@ -1,6 +1,33 @@
-<ruleset name="Opengarden.com">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://opengarden.com/ => https://opengarden.com/: (51, "SSL: no alternative certificate subject name matches target host name 'opengarden.com'")
+Fetch error: http://www.opengarden.com/ => https://opengarden.com/: (51, "SSL: no alternative certificate subject name matches target host name 'opengarden.com'")
+
+	For problematic rules, see Open_Garden.com-problematic.xml.
+
+
+	Problematic subdomains:
+
+		- forum *
+		- www *
+
+	* Works, cert only matches ^opengarden.com
+
+-->
+<ruleset name="Open Garden.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
   <target host="opengarden.com" />
+
+	<!--	Complications:
+				-->
   <target host="www.opengarden.com" />
 
-  <rule from="^http://(www\.)?opengarden\.com/" to="https://opengarden.com/" />
+	<rule from="^http://www\.opengarden\.com/"
+		to="https://opengarden.com/" />
+
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Openhost-mismatches.xml b/src/chrome/content/rules/Openhost-mismatches.xml
deleted file mode 100644
index 1473dbe4c49b..000000000000
--- a/src/chrome/content/rules/Openhost-mismatches.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<ruleset name="Openhost (mismatches)" default_off="mismatch">
-
-	<!--	openhost.net.nz	-->
-	<target host="openhost.co.nz"/>
-	<target host="www.openhost.co.nz"/>
-		<!--	(only) homepage doesn't redirect to co.nz	-->
-		<exclusion pattern="^http://(www\.)?openhost\.co\.nz/$"/>
-
-	<securecookie host="^(www\.)?openhost\.co\.nz$" name=".*"/>
-
-	<rule from="^http://(?:www\.)?openhost\.co\.nz/"
-		to="https://www.openhost.co.nz/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Openhost.xml b/src/chrome/content/rules/Openhost.xml
index f158daeca4aa..834cb81cccdc 100644
--- a/src/chrome/content/rules/Openhost.xml
+++ b/src/chrome/content/rules/Openhost.xml
@@ -1,31 +1,44 @@
-<ruleset name="Openhost (partial)" platform="mixedcontent">
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://mycp.co.nz/ (200) => https://hspc.openhost.net.nz/sign_in.php (404)
+Non-2xx HTTP code: http://www.mycp.co.nz/ (200) => https://hspc.openhost.net.nz/sign_in.php (404)
+
+	Mixed content:
+
+		- css on openhost.net.nz from fonts.googleapis.com *
+
+		- Ads on openhost.net.nz from www.googleadservices.com *
+
+	* Secured by us
+-->
+<ruleset name="Openhost" default_off="failed ruleset test">
 
 	<!--	mismatch	-->
 	<target host="mycp.co.nz"/>
 	<target host="www.mycp.co.nz"/>
 	<target host="openhost.co.nz"/>
-	<target host="*.openhost.co.nz"/>
+	<target host="www.openhost.co.nz"/>
 	<target host="openhost.net.nz"/>
-	<target host="*.openhost.net.nz"/>
+	<target host="www.openhost.net.nz"/>
+	<target host="hspc.openhost.net.nz"/>
+	<target host="store.openhost.net.nz"/>
+	<target host="support.webhost.co.nz"/>
 
 
 	<!--	is cross-domain hspc cookie used on non-secure pages?	-->
-	<securecookie host="^hspc\.openhost\.net\.nz$" name=".*"/>
-	<securecookie host="^support\.openhost\.co\.nz$" name=".*"/>
-	<securecookie host="^store\.openhost\.net\.nz$" name=".*"/>
+	<securecookie host="^hspc\.openhost\.net\.nz$" name=".+" />
+	<securecookie host="^support\.openhost\.co\.nz$" name=".+" />
+	<securecookie host="^store\.openhost\.net\.nz$" name=".+" />
 
 
 	<rule from="^http://(?:www\.)?mycp\.co\.nz/"
 		to="https://hspc.openhost.net.nz/sign_in.php"/>
 
-	<!--	everything on www but homepage redirects to .co.net homepage...	-->
-	<rule from="^http://(www\.)?openhost\.(?:co|net)\.nz/$"
-		to="https://$1openhost.net.nz/"/>
-
 	<rule from="^http://support\.webhost\.co\.nz/"
 		to="https://support.webhost.co.nz/"/>
 
-	<rule from="^http://(hspc|store)\.openhost\.net\.nz/"
-		to="https://$1.openhost.net.nz/"/>
+	<rule from="^http:"
+		to="https:"/>
 
 </ruleset>
diff --git a/src/chrome/content/rules/Openid.org.cn.xml b/src/chrome/content/rules/Openid.org.cn.xml
new file mode 100644
index 000000000000..b531cc7e3800
--- /dev/null
+++ b/src/chrome/content/rules/Openid.org.cn.xml
@@ -0,0 +1,8 @@
+<ruleset name="Openid.org.cn">
+	<target host="openid.org.cn" />
+	<target host="www.openid.org.cn" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>  
diff --git a/src/chrome/content/rules/Openindiana.org.xml b/src/chrome/content/rules/Openindiana.org.xml
new file mode 100644
index 000000000000..7c343854f617
--- /dev/null
+++ b/src/chrome/content/rules/Openindiana.org.xml
@@ -0,0 +1,23 @@
+<!--
+	Nonfunctional hosts in *.openindiana.org:
+		- docs.openindiana.org (m)
+		- dlc-1.dk.openindiana.org (t)
+		- hg.openindiana.org (incomplete cert chain)
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Openindiana.org">
+	<target host="openindiana.org" />
+	<target host="www.openindiana.org" />
+	<target host="bugs.openindiana.org" />
+	<target host="hipster.openindiana.org" />
+	<target host="pkg.openindiana.org" />
+	<target host="status.openindiana.org" />
+	<target host="wiki.openindiana.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Openingscience.org.xml b/src/chrome/content/rules/Openingscience.org.xml
new file mode 100644
index 000000000000..9459141b6d72
--- /dev/null
+++ b/src/chrome/content/rules/Openingscience.org.xml
@@ -0,0 +1,21 @@
+<!--
+	Mixed content:
+
+		- Images, from:
+
+			- os.hiig.de
+			- www.openingscience.org
+
+-->
+<ruleset name="openingscience.org" default_off="mismatched, self-signed">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="openingscience.org" />
+	<target host="www.openingscience.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Openjpeg.org.xml b/src/chrome/content/rules/Openjpeg.org.xml
new file mode 100644
index 000000000000..b2a47934ce7a
--- /dev/null
+++ b/src/chrome/content/rules/Openjpeg.org.xml
@@ -0,0 +1,7 @@
+<ruleset name="Openjpeg.org" platform="mixedcontent">
+	<target host="www.openjpeg.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Openkeychain.org.xml b/src/chrome/content/rules/Openkeychain.org.xml
new file mode 100644
index 000000000000..d015d5c4898b
--- /dev/null
+++ b/src/chrome/content/rules/Openkeychain.org.xml
@@ -0,0 +1,12 @@
+<!--
+Cloudflare SSL
+-->
+<ruleset name="Openkeychain.org">
+    <target host="openkeychain.org" />
+    <target host="www.openkeychain.org" />
+
+    <securecookie host="^(www\.)?openkeychain\.org" name=".+" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Openload.xml b/src/chrome/content/rules/Openload.xml
new file mode 100644
index 000000000000..86a8edbd2907
--- /dev/null
+++ b/src/chrome/content/rules/Openload.xml
@@ -0,0 +1,50 @@
+<!--
+	Non-functional hosts
+		No working 200/3XX URL(s):
+			 - adanalytics.openload.co
+			 - log.openload.co
+			 - stats.openload.co
+
+		Couldn't resolve host name:
+			 - logdev.openload.co
+			 - zeus.openload.co
+
+		Couldn't connect to server:
+			 - dev.openload.co
+
+		Timeout was reached:
+			 - analytics.openload.co
+
+		SSL peer certificate or SSH remote key was not OK:
+			 - ftp.openload.co
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- openload.co
+		- www.openload.co
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Openload.co">
+	<target host="oloadcdn.net" />
+	<target host="*.oloadcdn.net" />
+		<test url="http://thumb.oloadcdn.net/" />
+		<test url="http://ph2dwq.oloadcdn.net/" />
+		<test url="http://v4speed.oloadcdn.net/" />
+
+	<target host="openload.co" />
+	<target host="www.openload.co" />
+	<target host="api.openload.co" />
+	<target host="support.openload.co" />
+	<target host="t1.openload.co" />
+		<test url="http://t1.openload.co/log" />
+	<target host="t2.openload.co" />
+		<test url="http://t2.openload.co/log" />
+	<target host="test.openload.co" />
+	<target host="thumb.openload.co" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Openmoko.xml b/src/chrome/content/rules/Openmoko.xml
index f5f9181dbd02..0c08c30b529a 100644
--- a/src/chrome/content/rules/Openmoko.xml
+++ b/src/chrome/content/rules/Openmoko.xml
@@ -1,20 +1,36 @@
 <!--
 	Expired 2010-01-16
 
+
+	Fully covered hosts in *openmoko.org:
+
+		- (www.)?	(→ wiki.openmoko.org)
+		- lists
+		- people
+		- wiki
+
 -->
-<ruleset name="Openmoko" default_off="expired">
+<ruleset name="Openmoko.org" default_off="expired">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="lists.openmoko.org" />
+	<target host="people.openmoko.org" />
+	<target host="wiki.openmoko.org" />
 
+	<!--	Complications:
+				-->
 	<target host="openmoko.org" />
-	<target host="*.openmoko.org" />
+	<target host="www.openmoko.org" />
 
 
-	<securecookie host="^wiki\.openmoko\.org$" name=".*" />
+	<securecookie host="^wiki\.openmoko\.org$" name=".+" />
 
 
-	<rule from="^http://(wiki\.|www\.)?openmoko\.org/"
+	<rule from="^http://(?:www\.)?openmoko\.org/"
 		to="https://wiki.openmoko.org/" />
 
-	<rule from="^http://(lists|people)\.openmoko\.org/"
-		to="https://$1.openmoko.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Openpgpkey.info.xml b/src/chrome/content/rules/Openpgpkey.info.xml
new file mode 100644
index 000000000000..368f6a873bf6
--- /dev/null
+++ b/src/chrome/content/rules/Openpgpkey.info.xml
@@ -0,0 +1,16 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.openpgpkey.info/ => https://www.openpgpkey.info/: (51, "SSL: no alternative certificate subject name matches target host name 'www.openpgpkey.info'")
+
+
+-->
+<ruleset name="Openpgpkey.info" default_off="failed ruleset test">
+    <target host="openpgpkey.info" />
+    <target host="www.openpgpkey.info" />
+
+    <securecookie host="^(www\.)?openpgpkey\.info" name=".+" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Openprinting.xml b/src/chrome/content/rules/Openprinting.xml
index 97c8caa4d96a..3dfb29be92d4 100644
--- a/src/chrome/content/rules/Openprinting.xml
+++ b/src/chrome/content/rules/Openprinting.xml
@@ -1,6 +1,39 @@
-<ruleset name="Openprinting">
+<!--
+	For other Linux Foundation coverage, see LinuxFoundation.xml.
+
+
+	Problematic hosts in *openprinting.org:
+
+		- forums ¹ ²
+
+	¹ Mismatched
+	² Mixed css
+
+
+	Insecure cookies are set for these hosts:
+
+		- forums.openprinting.org
+
+
+	Mixed content:
+
+		- css on forums from $self
+		- Images on forums from $self
+
+-->
+<ruleset name="OpenPrinting.org (partial)">
+
+	<!--	Direct rewrites:
+				-->
   <target host="www.openprinting.org"/>
   <target host="openprinting.org"/>
 
-  <rule from="^http://(www\.)?openprinting\.org/" to="https://www.openprinting.org/"/>
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^forums\.openprinting\.org$" name="^(phorum_session_st|phorum_session_v5)$" /-->
+
+
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Openprovider.ru.xml b/src/chrome/content/rules/Openprovider.ru.xml
new file mode 100644
index 000000000000..b00f1109a7ff
--- /dev/null
+++ b/src/chrome/content/rules/Openprovider.ru.xml
@@ -0,0 +1,8 @@
+<ruleset name="Openprovider.ru">
+	<target host="openprovider.ru" />
+	<target host="www.openprovider.ru" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Openquantumsafe.org.xml b/src/chrome/content/rules/Openquantumsafe.org.xml
new file mode 100644
index 000000000000..910215ddefbe
--- /dev/null
+++ b/src/chrome/content/rules/Openquantumsafe.org.xml
@@ -0,0 +1,6 @@
+<ruleset name="Openquantumsafe.org">
+	<target host="openquantumsafe.org" />
+	<target host="www.openquantumsafe.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Openreach.co.uk.xml b/src/chrome/content/rules/Openreach.co.uk.xml
new file mode 100644
index 000000000000..4f945ced4739
--- /dev/null
+++ b/src/chrome/content/rules/Openreach.co.uk.xml
@@ -0,0 +1,29 @@
+<!--
+	For other BT Group coverage, see BT-Group.xml.
+
+
+	^openreach.co.uk: Mismatched
+
+-->
+<ruleset name="Openreach.co.uk">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="visit.openreach.co.uk" />
+	<target host="www.openreach.co.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="openreach.co.uk" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://openreach\.co\.uk/"
+		to="https://www.openreach.co.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Openresty.org.xml b/src/chrome/content/rules/Openresty.org.xml
new file mode 100644
index 000000000000..e8d373f2e4a7
--- /dev/null
+++ b/src/chrome/content/rules/Openresty.org.xml
@@ -0,0 +1,15 @@
+<ruleset name="Openresty.org">
+
+	<target host="openresty.org" />
+	<target host="qa.openresty.org" />
+	<target host="www.openresty.org" />
+
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Openrussia.org.xml b/src/chrome/content/rules/Openrussia.org.xml
new file mode 100644
index 000000000000..6e4c6073e754
--- /dev/null
+++ b/src/chrome/content/rules/Openrussia.org.xml
@@ -0,0 +1,9 @@
+<ruleset name="Openrussia.org">
+	<target host="openrussia.org" />
+	<target host="www.openrussia.org" />
+	<target host="s2.openrussia.org" />
+	<target host="vybory.openrussia.org" />
+	<target host="pravo.openrussia.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Openshot.org.xml b/src/chrome/content/rules/Openshot.org.xml
new file mode 100644
index 000000000000..91bb70ef2d3b
--- /dev/null
+++ b/src/chrome/content/rules/Openshot.org.xml
@@ -0,0 +1,9 @@
+<!--
+	Wildcard DNS record, but no wildcard cert.
+-->
+<ruleset name="Openshot.org">
+	<target host="openshot.org" />
+	<target host="www.openshot.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Opensource.com.xml b/src/chrome/content/rules/Opensource.com.xml
index d2f98a64a1a1..557b35662a0d 100644
--- a/src/chrome/content/rules/Opensource.com.xml
+++ b/src/chrome/content/rules/Opensource.com.xml
@@ -1,22 +1,31 @@
 <!--
-	For other RedHat coverage, see RedHat.xml.
+	For other Red Hat coverage, see Red_Hat.xml.
 
 
-	Problematic subdomains:
+	Mixed content:
 
-		- www	(cert only matches ^opensource.com)
+		- Images from $self *
+
+		- Web bugs from:
+
+			- reddit.com *
+			- www.stumbleupon.com *
+
+	* Secured by us
 
 -->
-<ruleset name="opensource.com" platform="mixedcontent">
+<ruleset name="opensource.com">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="opensource.com" />
-	<target host="*.opensource.com" />
+	<target host="www.opensource.com" />
 
 
 	<securecookie host="^\.opensource\.com$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?opensource\.com/"
-		to="https://opensource.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Openstreetmap.fr.xml b/src/chrome/content/rules/Openstreetmap.fr.xml
new file mode 100644
index 000000000000..b6ad6c7cac20
--- /dev/null
+++ b/src/chrome/content/rules/Openstreetmap.fr.xml
@@ -0,0 +1,111 @@
+<!--
+	Related OpenStretMap rulesets:
+		- OpenStreetMap.de.xml
+		- OSM_Foundation.xml
+
+	Invalid certificate:
+		- analyser
+		- cluster-ovh
+		- comcommaker
+		- garmin
+		- osm103
+		- osm23
+		- owncloud
+		- planet
+		- polygons
+		- proxy108
+		- proxy117
+		- rawedit
+		- status
+		- tiles
+		- wms
+
+	HTTP != HTTPS:
+		- live
+		- buildbot.osmose
+
+	Connection refused:
+		- nantes
+		- nomino
+		- normandie
+		- osm102
+		- osm134
+		- dev.www
+
+	Timeout:
+		- export
+		- osm16
+		- opendata.osmose
+		- suivi
+		- backup.umap
+-->
+<ruleset name="Openstreetmap.fr">
+
+    <target host="openstreetmap.fr" />
+    <target host="www.openstreetmap.fr" />
+    <target host="adherents.openstreetmap.fr" />
+    <target host="ae.openstreetmap.fr" />
+    <target host="dev.analyser.openstreetmap.fr" />
+    <target host="api.openstreetmap.fr" />
+    <target host="api-pic4carto.openstreetmap.fr" />
+    <target host="bano.openstreetmap.fr" />
+    <target host="dev.bano.openstreetmap.fr" />
+    <target host="bato.openstreetmap.fr" />
+    <target host="cachelyon.openstreetmap.fr" />
+    <target host="cadastre.openstreetmap.fr" />
+    <target host="tms.cadastre.openstreetmap.fr" />
+    <target host="dev.comcommaker.openstreetmap.fr" />
+    <target host="docs.openstreetmap.fr" />
+    <target host="download.openstreetmap.fr" />
+    <target host="forum.openstreetmap.fr" />
+    <target host="dev.forum.openstreetmap.fr" />
+    <target host="imagery.openstreetmap.fr" />
+    <target host="josm-dev.openstreetmap.fr" />
+    <target host="layers.openstreetmap.fr" />
+    <target host="a.layers.openstreetmap.fr" />
+    <target host="b.layers.openstreetmap.fr" />
+    <target host="c.layers.openstreetmap.fr" />
+    <target host="listes.openstreetmap.fr" />
+    <target host="dev.listes.openstreetmap.fr" />
+    <target host="maposmatic.openstreetmap.fr" />
+    <target host="monitor.openstreetmap.fr" />
+    <target host="munin.openstreetmap.fr" />
+    <target host="next.openstreetmap.fr" />
+    <target host="nextcloud.openstreetmap.fr" />
+    <target host="osm101.openstreetmap.fr" />
+    <target host="osm104.openstreetmap.fr" />
+    <target host="osm105.openstreetmap.fr" />
+    <target host="osm110.openstreetmap.fr" />
+    <target host="osm13.openstreetmap.fr" />
+    <target host="osm138.openstreetmap.fr" />
+    <target host="osm2pgsql-monde.openstreetmap.fr" />
+    <target host="osmma.openstreetmap.fr" />
+    <target host="osmose.openstreetmap.fr" />
+    <target host="beta.osmose.openstreetmap.fr" />
+    <target host="dev.osmose.openstreetmap.fr" />
+    <target host="overpass.openstreetmap.fr" />
+    <target host="peertube.openstreetmap.fr" />
+    <target host="petitereine.openstreetmap.fr" />
+    <target host="prev.openstreetmap.fr" />
+    <target host="proxy-ign.openstreetmap.fr" />
+    <target host="sotm2018.openstreetmap.fr" />
+    <target host="sotm2019.openstreetmap.fr" />
+    <target host="taginfo.openstreetmap.fr" />
+    <target host="dev.taginfo.openstreetmap.fr" />
+    <target host="tile.openstreetmap.fr" />
+    <target host="a.tile.openstreetmap.fr" />
+    <target host="b.tile.openstreetmap.fr" />
+    <target host="c.tile.openstreetmap.fr" />
+    <target host="tile-a.openstreetmap.fr" />
+    <target host="tile-b.openstreetmap.fr" />
+    <target host="tile-c.openstreetmap.fr" />
+    <target host="tilecache.openstreetmap.fr" />
+    <target host="trac.openstreetmap.fr" />
+    <target host="umap.openstreetmap.fr" />
+    <target host="dev.umap.openstreetmap.fr" />
+
+    <securecookie host=".+" name=".+" />
+
+    <rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Openswan.xml b/src/chrome/content/rules/Openswan.xml
index a7e00ae3327a..b2786546b4ae 100644
--- a/src/chrome/content/rules/Openswan.xml
+++ b/src/chrome/content/rules/Openswan.xml
@@ -1,11 +1,32 @@
-<ruleset name="Openswan" default_off="self-signed">
+<!--
+	^: shows xelerance.com; mismatched, CN: *.xelerance.com
 
-	<target host="openswan.org"/>
-	<target host="www.openswan.org"/>
 
-	<rule from="^http://(www\.)?openswan\.org/"
-		to="https://openswan.org/"/>
+	Fully covered hosts in *openswan.org:
 
-	<securecookie host="^(www\.)?openswan\.org$" name=".*"/>
+		- (www.)?	(^ → www)
+		- lists
+
+-->
+<ruleset name="Openswan.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="lists.openswan.org" />
+	<target host="www.openswan.org" />
+
+	<!--	Complications:
+				-->
+	<target host="openswan.org" />
+
+
+	<securecookie host="^www\.openswan\.org$" name=".+" />
+
+
+	<rule from="^http://openswan\.org/"
+		to="https://www.openswan.org/" />
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Opentabs.net.xml b/src/chrome/content/rules/Opentabs.net.xml
index a4dec5de8676..02c822f991fb 100644
--- a/src/chrome/content/rules/Opentabs.net.xml
+++ b/src/chrome/content/rules/Opentabs.net.xml
@@ -1,4 +1,4 @@
-<ruleset name="Opentabs.net" default_off="mismatch">
+<ruleset name="Opentabs.net" default_off="mismatched">
 
 	<target host="opentabs.net"/>
 	<target host="www.opentabs.net"/>
diff --git a/src/chrome/content/rules/Opentrackers.org.xml b/src/chrome/content/rules/Opentrackers.org.xml
new file mode 100644
index 000000000000..d5765c22ab06
--- /dev/null
+++ b/src/chrome/content/rules/Opentrackers.org.xml
@@ -0,0 +1,23 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .opentrackers.org
+
+-->
+<ruleset name="Opentrackers.org">
+
+	<target host="opentrackers.org" />
+	<target host="www.opentrackers.org" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.opentrackers\.org$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.opentrackers\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Opentransfer.com.xml b/src/chrome/content/rules/Opentransfer.com.xml
new file mode 100644
index 000000000000..612618a8485b
--- /dev/null
+++ b/src/chrome/content/rules/Opentransfer.com.xml
@@ -0,0 +1,40 @@
+<!--
+	For other Ecommerce coverage, see Ecommerce.xml.
+
+
+	(www.)?: Mismatched
+
+
+	Fully covered hosts in *opentransfer.com:
+
+		- (www.)?	(→ www.ecommerce.com)
+		- webmail
+
+-->
+<ruleset name="opentransfer.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="webmail.opentransfer.com" />
+
+	<!--	Complications:
+				-->
+	<target host="opentransfer.com" />
+	<target host="www.opentransfer.com" />
+
+
+	<securecookie host="^\.webmail\.opentransfer\.com$" name=".+" />
+
+
+	<!--	Redirect keeps path and args,
+		but not forward slash:
+					-->
+	<rule from="^http://(?:www\.)?opentransfer\.com/+"
+		to="https://www.ecommerce.com/" />
+
+		<test url="http://www.opentransfer.com//" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Openttdcoop.org.xml b/src/chrome/content/rules/Openttdcoop.org.xml
new file mode 100644
index 000000000000..b974acef3308
--- /dev/null
+++ b/src/chrome/content/rules/Openttdcoop.org.xml
@@ -0,0 +1,36 @@
+<!--
+	Other OpenTTD rulesets:
+		- OpenTTD.xml
+
+	Nonfunctional hosts in *.openttdcoop.org:
+		- openttdcoop.org (e)
+
+	e: expired
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Openttdcoop.org">
+
+	<target host="openttdcoop.org" />
+	<target host="www.openttdcoop.org" />
+	<target host="blog.openttdcoop.org" />
+	<target host="bundles.openttdcoop.org" />
+	<target host="dev.openttdcoop.org" />
+	<target host="games.openttdcoop.org" />
+	<target host="hg.openttdcoop.org" />
+	<target host="jenkins.openttdcoop.org" />
+	<target host="kallithea.openttdcoop.org" />
+	<target host="paste.openttdcoop.org" />
+	<target host="rhodecode.openttdcoop.org" />
+	<target host="translator.openttdcoop.org" />
+	<target host="webster.openttdcoop.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://openttdcoop\.org/" to="https://www.openttdcoop.org/" />
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Openuni.io.xml b/src/chrome/content/rules/Openuni.io.xml
new file mode 100644
index 000000000000..eca027cb338e
--- /dev/null
+++ b/src/chrome/content/rules/Openuni.io.xml
@@ -0,0 +1,7 @@
+<ruleset name="Openuni.io">
+	<target host="openuni.io" />
+	<target host="www.openuni.io" />
+	<target host="cdn.openuni.io" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Openwpm.com.xml b/src/chrome/content/rules/Openwpm.com.xml
new file mode 100644
index 000000000000..0e1362f4f486
--- /dev/null
+++ b/src/chrome/content/rules/Openwpm.com.xml
@@ -0,0 +1,11 @@
+<!--
+	Don't exist:
+	(www.)openwpm.com
+	www.audiofingerprint.openwpm.com
+-->
+
+<ruleset name="Audiofingerprint.openwpm.com">
+	<target host="audiofingerprint.openwpm.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Opera.com.xml b/src/chrome/content/rules/Opera.com.xml
new file mode 100644
index 000000000000..6abcd7207be6
--- /dev/null
+++ b/src/chrome/content/rules/Opera.com.xml
@@ -0,0 +1,281 @@
+<!--
+
+	Other Opera rulesets:
+
+		- AdMarvel.com.xml
+		- Operacdn.com.xml
+		- Operamediaworks.com.xml
+		- Operasoftware.com.xml
+
+
+	CDN buckets:
+
+		- d1ui9i2jp8fkao.cloudfront.net
+
+			- img.appstatic.opera.com
+			- img\d+.appstatic.opera.com
+
+		- d2jc9zwbrclgz3.cloudfront.net
+
+		- opera.globalsportsmedia.com.edgesuite.net
+
+			- sports.opera.com
+
+
+	Nonfunctional domains:
+
+		- devfiles.myopera.com *
+		- thumbs.myopera.com
+
+		- opera.com subdomains:
+
+			- blackberry.apps **
+			- html5.apps **
+			- iphone.apps **
+			- java.apps **
+			- html5.oms.apps *
+			- windows-mobile.apps **
+			- arc ᵃ
+			- my.cn		Rufused
+			- dev-beta **
+			- forums ʰ
+			- get.geo	(refused)
+			- get\d
+			- get-ice-1
+			- get-tsw-1
+			- help ᵈ
+			- mail ᵈ
+			- media *
+			- my ᵈ
+			- my-beta		(redirects to http)
+			- my-next		(reset, expired 2013-03-06)
+			- redir
+			- snapshot *
+
+		- (www.)operamini.com
+
+	ᵃ Shows another domain
+	* Times out
+	ᵈ Dropped
+	** Redirects to http
+	ʰ Redirects to http
+
+
+	Problematic hosts in *opera.com:
+
+		- img.appstatic *
+		- img\d+.appstatic *
+		- ar ʳ
+		- business ᵐ
+		- cn ʳ
+		- de ʳ
+		- fr ʳ
+		- in ʳ
+		- jp ʳ
+		- m ʳ
+		- mini ʳ
+		- mobilestore		(redirects to apps, mismatched, CN: apps.opera.com)
+		- portal ᵐ
+		- ru ʳ
+		- tw ʳ
+		- sports ᴬ
+		- www-static *
+
+	* Fastly
+	ᴬ Akamai / mismatched
+	ᵐ Mismatched
+	ʳ Refused, preemptable redirect
+
+
+	Partially covered hosts in *opera.com:
+
+		- apps *
+
+	* Some paths redirect to http
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- bugs.opera.com
+		- .micropage.opera.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css on sports from ajax.googleapis.com ˢ
+		- css on sports from static.core.optasports.com
+		- Images on sports from cache.images.core.optasports.com
+		- Images on sports from static.core.optasports.com
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Opera.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="opera.com" />
+	<target host="addons.opera.com" />
+	<target host="apps.opera.com" />
+	<target host="auth.opera.com" />
+	<target host="blogs.opera.com" />
+	<target host="bugs.opera.com" />
+		<target host="mini.bugs.opera.com" />
+	<target host="deb.opera.com" />
+	<target host="dev.opera.com" />
+	<target host="echo.opera.com" />
+	<target host="ftp.opera.com" />
+	<target host="get.geo.opera.com" />
+	<target host="net.geo.opera.com" />
+	<target host="get.opera.com" />
+	<target host="labs.opera.com" />
+	<target host="micropage.opera.com" />
+	<target host="people.opera.com" />
+	<target host="redir.opera.com" />
+	<target host="unite.opera.com" />
+	<target host="widgets.opera.com" />
+	<target host="www.opera.com" />
+
+
+	<!--	Complications:
+				-->
+	<target host="ar.opera.com" />
+	<target host="cn.opera.com" />
+	<target host="de.opera.com" />
+	<target host="fr.opera.com" />
+	<target host="jp.opera.com" />
+	<target host="m.opera.com" />
+	<target host="mini.opera.com" />
+	<target host="portal.opera.com" />
+	<target host="ru.opera.com" />
+	<target host="tw.opera.com" />
+
+		<!--	These redirect to http.
+							-->
+		<!--exclusion pattern="^http://apps\.opera\.com/(?:\w\w(?:_\w\w)?/(?:$|\?|.+\.htm)|(?:cs|script)s/opt/|index\.php)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://apps\.opera\.com/(?!/*(?:$|\?))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://apps.opera.com/download_tap_tap_tap_and_reach_local_buyers_sell_your_unwanted_good_for_cash_now.html" />
+			<test url="http://apps.opera.com/en_us/download_touch_4kids_free.html" />
+			<test url="http://apps.opera.com//en_us/download_touch_4kids_free.html" />
+			<test url="http://apps.opera.com/index.php" />
+			<test url="http://apps.opera.com//index.php" />
+
+		<!--	These don't seem to work over https.
+								-->
+		<!--exclusion pattern="^http://(?:arc|.+\.apps|.+\.appstatic|dev-beta|forums|get\.geo|get\d|get-[\w-]+|help|mobilestore|my-beta|my-next|redir|snapshot|www-static)\.opera\.com/" /-->
+
+			<!--	+ve:
+					-->
+			<!--test url="http://html5.oms.apps.opera.com/" /-->
+			<!--test url="http://img9.f.appstatic.opera.com/public/img/opera_logo_new.png" /-->
+			<!--test url="http://dev-beta.opera.com/" /-->
+			<!--test url="http://forums.opera.com/" /-->
+			<!--test url="http://forums.opera.com/themes/opera/design/static/css/img/opera-icon-header.png" /-->
+			<!--test url="http://www-static.opera.com/" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^bugs\.opera\.com$" name="^(?:JSESSIONID|atlassian\.xsrf\.token)$" /-->
+	<!--securecookie host="^\.micropage\.opera\.com$" name="^mppers$" /-->
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^(?:addons|bugs|\.micropage)\.opera\.com$" name=".+" />
+
+
+	<!--	Redirect keeps path, but not
+		? nor forward slash:
+					-->
+	<rule from="^http://(ar|de|fr|ru|tw)\.opera\.com/+([^?]*)\??$"
+		to="https://www.opera.com/$1/$2" />
+
+		<test url="http://ar.opera.com/mobile/" />
+		<test url="http://de.opera.com/mobile/" />
+		<test url="http://fr.opera.com/mobile/" />
+		<test url="http://ru.opera.com/mobile/" />
+		<test url="http://tw.opera.com/mobile/" />
+
+	<!--	Redirect keeps path and args, but not
+		forward slash; and duplicates args:
+							-->
+	<rule from="^http://(ar|de|fr|ru|tw)\.opera\.com/+([^?]*)(.*)"
+		to="https://www.opera.com/$1/$2$3$3" />
+
+		<test url="http://ar.opera.com/index.htm?foo" />
+		<test url="http://ar.opera.com/index.htm?bar" />
+		<test url="http://de.opera.com/index.htm?foo" />
+		<test url="http://de.opera.com/index.htm?bar" />
+		<test url="http://fr.opera.com/index.htm?foo" />
+		<test url="http://fr.opera.com/index.htm?bar" />
+		<test url="http://ru.opera.com/index.htm?foo" />
+		<test url="http://ru.opera.com/index.htm?bar" />
+		<test url="http://tw.opera.com/index.htm?foo" />
+		<test url="http://tw.opera.com/index.htm?bar" />
+
+	<!--	Redirect keeps path, but not
+		? nor forward slash:
+					-->
+	<rule from="^http://cn\.opera\.com/+([^?]*)\??$"
+		to="https://www.opera.com/zh-cn/$1" />
+
+		<test url="http://cn.opera.com/index.htm" />
+		<test url="http://cn.opera.com/mobile/" />
+
+	<!--	Redirect keeps path and args, but not
+		forward slash; and duplicates args:
+							-->
+	<rule from="^http://cn\.opera\.com/+([^?]*)(.*)"
+		to="https://www.opera.com/zh-cn/$1$2$2" />
+
+		<test url="http://cn.opera.com/index.htm?foo" />
+		<test url="http://cn.opera.com/index.htm?bar" />
+		<test url="http://cn.opera.com/index.htm?rab" />
+		<test url="http://cn.opera.com/index.htm?oof" />
+
+	<!--	Redirect keeps path, but not
+		? nor forward slash:
+					-->
+	<rule from="^http://jp\.opera\.com/+([^?]*)\??$"
+		to="https://www.opera.com/ja/$1" />
+
+		<test url="http://jp.opera.com/index.htm" />
+		<test url="http://jp.opera.com/mobile/" />
+
+	<!--	Redirect keeps path and args, but not
+		forward slash; and duplicates args:
+							-->
+	<rule from="^http://jp\.opera\.com/+([^?]*)(.*)"
+		to="https://www.opera.com/ja/$1$2$2" />
+
+		<test url="http://jp.opera.com/index.htm?foo" />
+		<test url="http://jp.opera.com/index.htm?bar" />
+		<test url="http://jp.opera.com/index.htm?rab" />
+		<test url="http://jp.opera.com/index.htm?oof" />
+
+	<!--	Redirect drops all:
+					-->
+	<rule from="^http://m(?:ini)?\.opera\.com/.*"
+		to="https://www.opera.com/mobile" />
+
+		<test url="http://m.opera.com/index.htm" />
+		<test url="http://mini.opera.com/index.html" />
+
+	<!--	Redirect drops all:
+					-->
+	<rule from="^http://portal\.opera\.com/.*"
+		to="https://www.opera.com/o/news-portal" />
+
+		<test url="http://portal.opera.com/index.htm" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Opera.xml b/src/chrome/content/rules/Opera.xml
deleted file mode 100644
index fe074c1f8db5..000000000000
--- a/src/chrome/content/rules/Opera.xml
+++ /dev/null
@@ -1,151 +0,0 @@
-<!--
-	CDN buckets:
-
-		- d1ui9i2jp8fkao.cloudfront.net
-
-			- img.appstatic.opera.com
-			- img\d+.appstatic.opera.com
-
-		- d2jc9zwbrclgz3.cloudfront.net
-
-		- opera.globalsportsmedia.com.edgesuite.net
-
-			- sports.opera.com
-
-
-	Nonfunctional domains:
-
-		- devfiles.myopera.com *
-		- thumbs.myopera.com
-
-		- opera.com subdomains:
-
-			- (www.)
-			- blackberry.apps **
-			- html5.apps **
-			- iphone.apps **
-			- java.apps **
-			- windows-mobile.apps **
-			- ar
-			- arc
-			- business
-			- cn
-			- de
-			- deb *
-			- fr
-			- ftp
-			- get.geo	(refused)
-			- get
-			- get\d
-			- get-ice-1
-			- get-tsw-1
-			- help
-			- in
-			- jp
-			- labs
-			- media
-			- mini
-			- my-beta		(redirects to http)
-			- my-next		(reset, expired 2013-03-06)
-			- redir
-			- ru
-			- snapshot *
-			- sports		(503, akamai)
-			- tw
-
-		- (www.)operamini.com
-
-	* Times out
-	* Redirects to http, mismatched, CN: apps.opera.com
-
-
-	Problematic opera.com subdomains:
-
-		- img.appstatic *
-		- img\d+.appstatic *
-		- mobilestore		(redirects to apps, mismatched, CN: apps.opera.com)
-
-	* Cloudfront
-
-
-	Partially covered opera.com subdomains:
-
-		- apps *
-		- my.cn *
-		- dev *
-		- (www.)my *
-		- portal *
-		- widgets *
-
-	* Some paths redirect to http
-
-
-	Fully covered domains:
-
-		- files.myopera.com
-		- mail.myopera.com
-		- static.myopera.com
-
-		- opera.com subdomains:
-
-			- addons
-			- dev-beta
-			- idp
-			- mail
-			- micropage
-			- upload.my
-			- ssl
-			- static-portal
-			- unite
-
-		- btsfiles.operasoft.com
-		- bugfiles.operasoft.com
-
--->
-<ruleset name="Opera" default_off="needs testing">
-
-	<target host="*.opera.com" />
-		<!--
-			These redirect to http.
-							-->
-		<exclusion pattern="^http://apps\.opera\.com/(?:\w\w(?:_\w\w)?/(?:$|\?|.+\.htm)|(?:cs|script)s/opt/|index\.php)" />
-		<!--
-			user/avatar.pl redirects to static.myopera.com/avatars/
-			in an unpredictable fashion.
-							-->
-		<exclusion pattern="^http://dev\.opera\.com/(?:$|articles|author/|labs$|user/avatar\.pl|sdk/|(?!login|signup)\w+(?:$|\?))" />
-		<exclusion pattern="^http://(?:my\.cn|(?:www\.)?my)\.opera\.com/(?:$|\w+/blog/|community/(?:$|api/|blogs/|campaign/|customize/|explore/|forums/|groups/|help/|members$|opera/|photos$|terms-of-service/|users/avatar\.pl)|(?!login|signup)\w+/?(?:$|\?)|\w+/tags/show\.pl)" />
-		<exclusion pattern="^http://portal\.opera\.com/(?!accounts/login)" />
-		<exclusion pattern="^http://widgets\.opera\.com/(?:$|\?|author/|category/|general/|new/|popular/|rated/|user/(?:avatar|picture)/|users/|widget/(?:\d+|download)/)" />
-		<!--
-			These don't seem to work over https.
-								-->
-		<exclusion pattern="^http://(?:arc?|business|cn|deb?|fr|get\.geo|get\d?|get-[\w-]+|help|in|jp|labs|mobilestore|my-beta|my-next|redir|ru|snapshot|sports|tw|www)\.opera\.com/" />
-		<exclusion pattern="^http://(?:devfile|thumb)s\.myopera\.com/" />
-	<target host="myopera.com" />
-	<target host="*.myopera.com" />
-	<target host="*.operasoft.com" />
-
-
-	<securecookie host="^(?:addons|bugs|idp|\.mail|ssl)\.opera\.com$" name=".+" />
-	<securecookie host="^btsfiles\.operasoft\.com$" name=".+" />
-
-
-	<rule from="^https?://img\.appstatic\.opera\.com/"
-		to="https://d1ui9i2jp8fkao.cloudfront.net/" />
-
-	<!--	Redirects to http first.
-						-->
-	<rule from="^http://my(\.cn)?\.opera\.com/(login|signup)"
-		to="https://my$1.opera.com/community/$2" />
-
-	<rule from="^http://portal\.opera\.com/accounts/login$"
-		to="https://portal.opera.com/accounts/login/" />
-
-	<rule from="^http://([^/:@]+\.)?(my)?opera\.com/"
-		to="https://$1$2opera.com/" />
-
-	<rule from="^http://b(ts|ug)files\.operasoft\.com/"
-		to="https://b$1files.operasoft.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Operacdn.com.xml b/src/chrome/content/rules/Operacdn.com.xml
new file mode 100644
index 000000000000..dac3605a31ef
--- /dev/null
+++ b/src/chrome/content/rules/Operacdn.com.xml
@@ -0,0 +1,32 @@
+<!--
+	For other Opera coverage, see Opera.com.xml.
+
+	Incomplete cert chain:
+		- download2.operacdn.com
+-->
+<ruleset name="Operacdn.com">
+
+	<target host="download1.operacdn.com" />
+	<target host="download2.operacdn.com" />
+	<target host="download3.operacdn.com" />
+	<target host="download4.operacdn.com" />
+	<target host="www-static.operacdn.com" />
+	<target host="www-static-blogs.operacdn.com" />
+
+	<test url="http://www-static.operacdn.com/extension/opera/design/opera/static/css/hf-images/hf-spritesheet.png" />
+	<test url="http://www-static-blogs.operacdn.com/multi/wp-content/themes/opera-2014/shared/static/css/img/opera-icon-header.png" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://download2\.operacdn\.com/"
+		to="https://download3.operacdn.com/" />
+
+	<test url="http://download2.operacdn.com/pub/opera/ping/ping.txt" />
+	<test url="http://download3.operacdn.com/pub/opera/ping/ping.txt" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Operamediaworks.com.xml b/src/chrome/content/rules/Operamediaworks.com.xml
new file mode 100644
index 000000000000..1260bc8220ea
--- /dev/null
+++ b/src/chrome/content/rules/Operamediaworks.com.xml
@@ -0,0 +1,14 @@
+<!--
+	For other Opera coverage, see Opera.com.xml.
+
+	Timeout:
+		- blog.operamediaworks.com
+-->
+<ruleset name="Operamediaworks.com">
+	<target host="operamediaworks.com" />
+	<target host="www.operamediaworks.com" />
+	<target host="performance.operamediaworks.com" />
+	<target host="wiki.operamediaworks.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Operasoftware.com.xml b/src/chrome/content/rules/Operasoftware.com.xml
new file mode 100644
index 000000000000..97dc59c6bb9a
--- /dev/null
+++ b/src/chrome/content/rules/Operasoftware.com.xml
@@ -0,0 +1,9 @@
+<!--
+	For other Opera coverage, see Opera.com.xml.
+-->
+<ruleset name="Operasoftware.com">
+	<target host="operasoftware.com" />
+	<target host="www.operasoftware.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Operating_Systems.io.xml b/src/chrome/content/rules/Operating_Systems.io.xml
new file mode 100644
index 000000000000..765ce0d0f34b
--- /dev/null
+++ b/src/chrome/content/rules/Operating_Systems.io.xml
@@ -0,0 +1,13 @@
+<ruleset name="Operating Systems.io" default_off="refused">
+
+	<target host="operatingsystems.io" />
+	<target host="www.operatingsystems.io" />
+
+
+	<securecookie host="^\.operatingsystems\.io$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Operation-Fabulous.xml b/src/chrome/content/rules/Operation-Fabulous.xml
index a2e4a5384c16..d1bca4ce579d 100644
--- a/src/chrome/content/rules/Operation-Fabulous.xml
+++ b/src/chrome/content/rules/Operation-Fabulous.xml
@@ -1,9 +1,18 @@
-<ruleset name="Operation Fabulous">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://operationfabulous.com/ => https://operationfabulous.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.operationfabulous.com/ => https://www.operationfabulous.com/: (28, 'Connection timed out after 20000 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://operationfabulous.com/ => https://operationfabulous.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.operationfabulous.com/ => https://www.operationfabulous.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+-->
+<ruleset name="Operation Fabulous" default_off="failed ruleset test">
 
 	<target host="operationfabulous.com" />
 	<target host="www.operationfabulous.com" />
 
-	<rule from="^http://(www\.)?operationfabulous\.com/"
-		to="https://$1operationfabulous.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Opg.tv.xml b/src/chrome/content/rules/Opg.tv.xml
new file mode 100644
index 000000000000..dc208a2cf31b
--- /dev/null
+++ b/src/chrome/content/rules/Opg.tv.xml
@@ -0,0 +1,6 @@
+<ruleset name="Opg.tv" platform="mixedcontent">
+	<target host="opg.tv" />
+	<target host="www.opg.tv" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ophan.co.uk.xml b/src/chrome/content/rules/Ophan.co.uk.xml
index 86b62ac014ae..2e63c8c28726 100644
--- a/src/chrome/content/rules/Ophan.co.uk.xml
+++ b/src/chrome/content/rules/Ophan.co.uk.xml
@@ -1,18 +1,44 @@
 <!--
-	Nonfunctional subdomains:
+	For other Guardian coverage, see The_Guardian.com.xml.
 
-		- dashboard	(refused)
 
+	CDN buckets:
 
-	(www.) does not exist.
+		- d2n6o0n31iqeta.cloudfront.net ← s
+
+
+	(www.)?ophan.co.uk does not exist.
+
+
+	Insecure cookies are set for these hosts:
+
+		- dashboard.ophan.co.uk
 
 -->
-<ruleset name="ophan.co.uk (partial)">
+<ruleset name="Ophan.co.uk (partial)">
 
+	<!--	Direct rewrites:
+				-->
+	<target host="dashboard.ophan.co.uk" />
+	<target host="j.ophan.co.uk" />
+
+	<!--	Complications:
+				-->
 	<target host="s.ophan.co.uk" />
 
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^dashboard\.ophan\.co\.uk$" name="^PLAY_SESSION$" /-->
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
 	<rule from="^http://s\.ophan\.co\.uk/"
 		to="https://d2n6o0n31iqeta.cloudfront.net/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OpinionLab-expired.xml b/src/chrome/content/rules/OpinionLab-expired.xml
deleted file mode 100644
index c0c100dd9c5a..000000000000
--- a/src/chrome/content/rules/OpinionLab-expired.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	See OpinionLab.xml for rules that are on by default.
-
--->
-<ruleset name="OpinionLab (expired)" default_off="expired">
-
-	<target host="opinionlab.com" />
-	<target host="www.opinionlab.com" />
-
-
-	<rule from="^http://(?:www\.)?opinionlab\.com/"
-		to="https://www.opinionlab.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/OpinionLab.xml b/src/chrome/content/rules/OpinionLab.xml
index c082d6bef44c..064b5258d2b5 100644
--- a/src/chrome/content/rules/OpinionLab.xml
+++ b/src/chrome/content/rules/OpinionLab.xml
@@ -1,17 +1,38 @@
-<!--
-	See OpinionLab-expired.xml for problematic rules.
+<ruleset name="OpinionLab.com (partial)">
 
--->
-<ruleset name="OpinionLab (partial)">
+	<!--	Direct rewrites:
+				-->
+	<target host="opinionlab.com" />
+	<target host="cdn.opinionlab.com" />
+	<target host="oo.opinionlab.com" />
+	<target host="secure.opinionlab.com" />
+	<target host="www.opinionlab.com" />
 
-	<!--	* for cross-domain cookie.	-->
-	<target host="*.opinionlab.com" />
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.opinionlab\.com/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.opinionlab\.com/+(?!images/|wp-content/)" />
 
+			<!--	+ve:
+					-->
+			<test url="http://www.opinionlab.com/category/careers/ "/>
+			<test url="http://www.opinionlab.com/company/where-to-find-us/" />
+			<test url="http://www.opinionlab.com/news/press-releases/" />
+			<test url="http://www.opinionlab.com/solutions/product-feedback/" />
 
-	<securecookie host="^.*\.opinionlab\.com$" name=".*" />
+			<!--	-ve:
+					-->
+			<test url="http://www.opinionlab.com/wp-content/themes/opinionLab/images/white-fade.png" />
+			<test url="http://www.opinionlab.com/images/footer_nav_bg.gif" />
 
 
-	<rule from="^http://(oo|secure)\.opinionlab\.com/"
-		to="https://$1.opinionlab.com/" />
+	<!--securecookie host=".*\.opinionlab\.com$" name=".*" /-->
+
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Opinionmeter.xml b/src/chrome/content/rules/Opinionmeter.xml
deleted file mode 100644
index 592f2c0e4b41..000000000000
--- a/src/chrome/content/rules/Opinionmeter.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	- At least some pages redirect to http
-	- ^ & www data differ
-
--->
-<ruleset name="Opinionmeter (partial)">
-
-	<target host="opinionmeter.com" />
-	<target host="www.opinionmeter.com" />
-
-
-	<rule from="^http://opinionmeter\.com/(cdn-cgi|wp-content)/"
-		to="https://opinionmeter.com/$1/" />
-
-	<rule from="^http://www\.opinionmeter\.com/OVM2($|\?|/)"
-		to="https://www.opinionmeter.com/OVM2$1" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Opintoluotsi.xml b/src/chrome/content/rules/Opintoluotsi.xml
index fdd0eb3b7fa1..15f39ca87d3a 100644
--- a/src/chrome/content/rules/Opintoluotsi.xml
+++ b/src/chrome/content/rules/Opintoluotsi.xml
@@ -1,9 +1,18 @@
-<ruleset name="Opintoluotsi">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://opintoluotsi.fi/ => https://opintoluotsi.fi/: (51, "SSL: no alternative certificate subject name matches target host name 'opintoluotsi.fi'")
+Fetch error: http://www.opintoluotsi.fi/ => https://www.opintoluotsi.fi/: (51, "SSL: no alternative certificate subject name matches target host name 'www.opintoluotsi.fi'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://opintoluotsi.fi/ => https://opintoluotsi.fi/: (51, "SSL: no alternative certificate subject name matches target host name 'opintoluotsi.fi'")
+Fetch error: http://www.opintoluotsi.fi/ => https://www.opintoluotsi.fi/: (51, "SSL: no alternative certificate subject name matches target host name 'www.opintoluotsi.fi'")
+-->
+<ruleset name="Opintoluotsi" default_off="failed ruleset test">
 	<target host="opintoluotsi.fi"/>
 	<target host="www.opintoluotsi.fi"/>
 
 	<securecookie host="^(?:www\.)?opintoluotsi\.fi$" name=".+" />
 
-	<rule from="^http://(www\.)?opintoluotsi\.fi/"
-		to="https://$1opintoluotsi.fi/"/>
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Opkode.com.xml b/src/chrome/content/rules/Opkode.com.xml
new file mode 100644
index 000000000000..6940b2b320a1
--- /dev/null
+++ b/src/chrome/content/rules/Opkode.com.xml
@@ -0,0 +1,16 @@
+<!--
+	www.opkode.com: Differs from http
+
+-->
+<ruleset name="opkode.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="opkode.com" />
+	<target host="stats.opkode.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Oplata.info.xml b/src/chrome/content/rules/Oplata.info.xml
index 77c2c6428189..53d7cf7c2e27 100644
--- a/src/chrome/content/rules/Oplata.info.xml
+++ b/src/chrome/content/rules/Oplata.info.xml
@@ -11,7 +11,6 @@
 	<securecookie host="^www\.oplata\.info$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?oplata\.info/"
-		to="https://www.oplata.info/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Oppelt.com.xml b/src/chrome/content/rules/Oppelt.com.xml
index eb0bcc416528..feab762ca5c0 100644
--- a/src/chrome/content/rules/Oppelt.com.xml
+++ b/src/chrome/content/rules/Oppelt.com.xml
@@ -1,4 +1,10 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://oppelt.com/ => https://oppelt.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://piwik.oppelt.com/ => https://piwik.oppelt.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.oppelt.com/ => https://www.oppelt.com/: (60, 'SSL certificate problem: certificate has expired')
+
 	Mixed content:
 
 		- Web bug on (www.) from piwik *
@@ -6,16 +12,16 @@
 	* Secured by us
 
 -->
-<ruleset name="Oppelt.com">
+<ruleset name="Oppelt.com" default_off="failed ruleset test">
 
 	<target host="oppelt.com" />
-	<target host="*.oppelt.com" />
+	<target host="piwik.oppelt.com" />
+	<target host="www.oppelt.com" />
 
 
 	<securecookie host="^piwik\.oppelt\.com$" name=".+" />
 
 
-	<rule from="^http://(piwik\.|www\.)?oppelt\.com/"
-		to="https://$1oppelt.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Oppo.com.xml b/src/chrome/content/rules/Oppo.com.xml
new file mode 100644
index 000000000000..0a290a3ef1fd
--- /dev/null
+++ b/src/chrome/content/rules/Oppo.com.xml
@@ -0,0 +1,98 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+			 - designer.oppo.com
+			 - cloudpic.exapi.oppo.com
+			 - i.theme.exapi.oppo.com
+			 - findphone.oppo.com
+			 - ftp.oppo.com
+			 - movie.oppo.com
+			 - oim.oppo.com
+			 - oldtq.oppo.com
+			 - t.shop.oppo.com
+			 - si.oppo.com
+			 - uc.oppo.com
+			 - i.video.oppo.com
+			 - wxhd.oppo.com
+			 - pan.yun.oppo.com
+
+		Timeout was reached:
+			 - after-sales.address.oppo.com
+			 - drm.oppo.com
+			 - dtheme.exapi.oppo.com
+			 - itheme.exapi.oppo.com
+			 - expe1.oppo.com
+			 - mx.oppo.com
+			 - otrans.oppo.com
+			 - ua.prof.oppo.com
+			 - px.oppo.com
+			 - service.oppo.com
+			 - service1.oppo.com
+			 - warranty.oppo.com
+			 - i.warranty.oppo.com
+
+		SSL connect error:
+			 - recruit.oppo.com
+			 - si.oppo.com:808
+			 - warranty.oppo.com:8080
+			 - service.oppo.com:8088
+			 - service1.oppo.com:8088
+			 - px.oppo.com:8099
+			 - fuwu.oppo.com:8899
+
+		SSL peer certificate was not OK:
+			 - community.oppo.com
+			 - dl.oppo.com
+			 - assorted.downloads.oppo.com
+			 - d.theme.exapi.oppo.com
+			 - fs.oppo.com
+			 - global.oppo.com
+			 - newds.oppo.com
+			 - newsletter.oppo.com
+			 - t.old.oppo.com
+			 - open.oppo.com
+			 - ds.tj.oppo.com
+			 - m.find.yun.oppo.com
+
+		Peer certificate cannot be authenticated with given CA certificates:
+			 - dz.oppo.com
+			 - eg.oppo.com
+			 - sslvpn.oppo.com
+
+		Incomplete certificate chain error:
+			 - career.oppo.com
+			 - account.community.oppo.com
+			 - fuwu.oppo.com
+			 - market.oppo.com
+			 - meeting.oppo.com
+
+		Status code mismatch:
+			 - wx.oppo.com
+
+		Secure connection redirects to plaintext:
+			 - www.oppo.com
+
+		Different content:
+			 - oppo.com
+			 - m.oppo.com
+			 - points.oppo.com
+-->
+<ruleset name="Oppo.com (partial)">
+	<target host="en.oppo.com" />
+	<target host="events.oppo.com" />
+	<target host="hd.oppo.com" />
+	<target host="id.oppo.com" />
+	<target host="my.oppo.com" />
+	<target host="o-doctor.oppo.com" />
+	<target host="owa.oppo.com" />
+	<target host="partners.oppo.com" />
+	<target host="static.oppo.com" />
+	<target host="store.oppo.com" />
+	<target host="yun.oppo.com" />
+	<target host="find.yun.oppo.com" />
+	<target host="note.yun.oppo.com" />
+	<target host="sync.yun.oppo.com" />
+	<target host="yunv2.oppo.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Opportunity.org.uk.xml b/src/chrome/content/rules/Opportunity.org.uk.xml
new file mode 100644
index 000000000000..f6a588ec216c
--- /dev/null
+++ b/src/chrome/content/rules/Opportunity.org.uk.xml
@@ -0,0 +1,8 @@
+<ruleset name="Opportunity International">
+
+	<target host="opportunity.org.uk" />
+	<target host="www.opportunity.org.uk" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Oprah.com.xml b/src/chrome/content/rules/Oprah.com.xml
new file mode 100644
index 000000000000..65b52abc50a1
--- /dev/null
+++ b/src/chrome/content/rules/Oprah.com.xml
@@ -0,0 +1,9 @@
+<!--
+    Nonfunctional hosts in *.oprah.com:
+        oprah.com (r)
+-->
+
+<ruleset name="Oprah.com">
+	<target host="www.oprah.com" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Opscode.com.xml b/src/chrome/content/rules/Opscode.com.xml
new file mode 100644
index 000000000000..b2f45815ee83
--- /dev/null
+++ b/src/chrome/content/rules/Opscode.com.xml
@@ -0,0 +1,32 @@
+<!--
+	For other Chef Softwarecoverage, see Get_Chef.com.xml.
+
+
+	Nonfunctional subdomains:
+
+		- docs *
+
+	* Dropped
+
+
+	Mixed content:
+
+		- Image on wiki from getchef.com *
+
+	* Unsecurable
+
+-->
+<ruleset name="Opscode.com (partial)">
+
+	<target host="opscode.com" />
+	<target host="manage.opscode.com" />
+	<target host="learnchef.opscode.com" />
+	<target host="tickets.opscode.com" />
+	<target host="wiki.opscode.com" />
+	<target host="www.opscode.com" />
+		<!--exclusion pattern="^http://docs\.opscode\.com/" /-->
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Opsmate.xml b/src/chrome/content/rules/Opsmate.xml
new file mode 100644
index 000000000000..2d413c5d3a25
--- /dev/null
+++ b/src/chrome/content/rules/Opsmate.xml
@@ -0,0 +1,6 @@
+<ruleset name="Opsmate">
+	<target host="opsmate.com" />
+	<target host="www.opsmate.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/OptMD.com.xml b/src/chrome/content/rules/OptMD.com.xml
new file mode 100644
index 000000000000..f73bd10de59c
--- /dev/null
+++ b/src/chrome/content/rules/OptMD.com.xml
@@ -0,0 +1,12 @@
+<!--
+	(www.): refused
+
+-->
+<ruleset name="OptMD.com (partial)">
+
+	<target host="cdn-sec.optmd.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OptOutPrescreen.com.xml b/src/chrome/content/rules/OptOutPrescreen.com.xml
index 0927fdf1195c..ba667f3c523f 100644
--- a/src/chrome/content/rules/OptOutPrescreen.com.xml
+++ b/src/chrome/content/rules/OptOutPrescreen.com.xml
@@ -1,10 +1,28 @@
+<!--
+	Note that the OptOutPrescreen.com site appears to use geolocation
+	in order to disallow access to the site from outside the US.
+
+
+	^optoutprescreen.com: Mismatched
+
+-->
 <ruleset name="OptOutPrescreen.com">
-	<target host="optoutprescreen.com" />
+
+	<!--	Direct rewrites:
+				-->
 	<target host="www.optoutprescreen.com" />
 
-	<securecookie host="^www\.optoutprescreen\.com$"
-			name=".+" />
+	<!--	Complications:
+				-->
+	<target host="optoutprescreen.com" />
+
+
+	<securecookie host="^www\.optoutprescreen\.com$" name=".+" />
 
-	<rule from="^(http://(www\.)?|https://)optoutprescreen\.com/"
+
+	<rule from="^http://optoutprescreen\.com/"
 		to="https://www.optoutprescreen.com/" />
-</ruleset>
\ No newline at end of file
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Optagelse.dk.xml b/src/chrome/content/rules/Optagelse.dk.xml
new file mode 100644
index 000000000000..3d5a5df4ff18
--- /dev/null
+++ b/src/chrome/content/rules/Optagelse.dk.xml
@@ -0,0 +1,17 @@
+<!--
+	Timeout:
+		karakterkoe.optagelse.dk
+-->
+<ruleset name="Optagelse.dk">
+	<target host="optagelse.dk" />
+	<target host="www.optagelse.dk" />
+	<target host="backup.optagelse.dk" />
+	<target host="backuptest.optagelse.dk" />
+	<target host="pp.optagelse.dk" />
+	<target host="reg.optagelse.dk" />
+	<target host="test.optagelse.dk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"	to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Optical-Society-of-America.xml b/src/chrome/content/rules/Optical-Society-of-America.xml
index cd9f5fa5fd59..d076cee20ad1 100644
--- a/src/chrome/content/rules/Optical-Society-of-America.xml
+++ b/src/chrome/content/rules/Optical-Society-of-America.xml
@@ -1,30 +1,41 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://opticsinfobase.org/ => https://www.opticsinfobase.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.opticsinfobase.org/ => https://www.opticsinfobase.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+-->
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://opticsinfobase.org/ => https://www.opticsinfobase.org/: (28, 'Resolving timed out after 10518 milliseconds')
+Fetch error: http://www.opticsinfobase.org/ => https://www.opticsinfobase.org/: (28, 'Resolving timed out after 10520 milliseconds')
+
 	!functional:
 		- (www.)osa-opn.org	(www: interrupted; doesn't translate directly to osa.org)
 -->
-<ruleset name="Optical Society of America (partial)">
+<ruleset name="Optical Society of America (partial)" default_off="failed ruleset test">
 
 	<target host="opticsinfobase.org"/>
 	<target host="www.opticsinfobase.org"/>
 	<target host="osa.org"/>
-	<target host="*.osa.org"/>
+	<target host="account.osa.org" />
+	<target host="eweb2.osa.org" />
+	<target host="www.osa.org" />
 		<!--	redirects to http	-->
 		<exclusion pattern="^http://www\.osa\.org/(?:en-us|video_library)/"/>
 
-	<securecookie host="^www\.opticsinfobase\.org$" name=".*"/>
+	<securecookie host="^www\.opticsinfobase\.org$" name=".+" />
 	<!--	observed osa.org cookies:
 			- ^account
 			- ^eweb2	-->
-	<securecookie host="^.*\.osa\.org$" name=".*"/>
+	<securecookie host="^.*\.osa\.org$" name=".+" />
 
 	<!--	certs don't match !www		-->
 	<rule from="^http://o(pticsinfobase|sa)\.org/"
 		to="https://www.o$1.org/"/>
 
-	<rule from="^http://www\.opticsinfobase\.org/"
-		to="https://www.opticsinfobase.org/"/>
 
-	<rule from="^http://(account|eweb2|www)\.osa\.org/"
-		to="https://$1.osa.org/"/>
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Opticallimits.com.xml b/src/chrome/content/rules/Opticallimits.com.xml
new file mode 100644
index 000000000000..7931d1120176
--- /dev/null
+++ b/src/chrome/content/rules/Opticallimits.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Opticallimits.com">
+	<target host="opticallimits.com" />
+	<target host="www.opticallimits.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Optify.xml b/src/chrome/content/rules/Optify.xml
deleted file mode 100644
index aa9f6e4d9d9c..000000000000
--- a/src/chrome/content/rules/Optify.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	Service sets the following wildcard cookies on whichever domain it is loaded from:
-
-		- _opt_vi_\w{8}
-		- _opt_vs_\w{8}
-		- _opt_vt_\w{8}
-
--->
-<ruleset name="Optify">
-
-	<target host="optify.net" />
-	<target host="*.optify.net" />
-
-
-	<securecookie host="^service\.optify\.net$" name=".+" />
-
-
-	<rule from="^http://(dashboard\.|service\.|www\.)?optify\.net/"
-		to="https://$1optify.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Optimal-Payments.xml b/src/chrome/content/rules/Optimal-Payments.xml
index fb3471fcb01f..c0d0e3932ac5 100644
--- a/src/chrome/content/rules/Optimal-Payments.xml
+++ b/src/chrome/content/rules/Optimal-Payments.xml
@@ -1,16 +1,30 @@
-<!--	!functional:
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://neteller-group.com/ => https://www.optimalpayments.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.optimalpayments.com'")
+Fetch error: http://www.neteller-group.com/ => https://www.optimalpayments.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.optimalpayments.com'")
+Fetch error: http://optimalpayments.com/ => https://www.optimalpayments.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.optimalpayments.com'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://neteller.com/ => https://neteller.com/: Cycle detected - URL already encountered: http://www.neteller.com/404/
+Fetch error: http://neteller-group.com/ => https://www.optimalpayments.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.optimalpayments.com'")
+Fetch error: http://www.neteller-group.com/ => https://www.optimalpayments.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.optimalpayments.com'")
+Fetch error: http://optimalpayments.com/ => https://www.optimalpayments.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.optimalpayments.com'")	!functional:
 		www1.netbanx.com
 -->
-<ruleset name="Optimal Payments (partial)" platform="mixedcontent">
+<ruleset name="Optimal Payments (partial)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="neteller.com"/>
-	<target host="*.neteller.com"/>
+	<target host="help.neteller.com" />
+	<target host="member.neteller.com" />
+	<target host="merchant.neteller.com" />
+	<target host="www.neteller.com" />
 	<target host="neteller-group.com"/>
 	<target host="www.neteller-group.com"/>
 	<target host="optimalpayments.com"/>
 	<target host="www.optimalpayments.com"/>
 
-	<securecookie host="^(.*\.)?neteller\.com$" name=".*"/>
+	<securecookie host="^(?:.*\.)?neteller\.com$" name=".+" />
 
 	<rule from="^http://(help\.|member\.|merchant\.|www\.)?neteller\.com/"
 		to="https://$1neteller.com/"/>
diff --git a/src/chrome/content/rules/Optimise.com.br.xml b/src/chrome/content/rules/Optimise.com.br.xml
new file mode 100644
index 000000000000..5a1192ef63cc
--- /dev/null
+++ b/src/chrome/content/rules/Optimise.com.br.xml
@@ -0,0 +1,28 @@
+<!--
+	For other Optimise Media Group coverage, see Optimise_Media.com.xml.
+
+
+	^optimise.com.br: Mismatched
+
+-->
+<ruleset name="Optimise.com.br">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.optimise.com.br" />
+
+	<!--	Complications:
+				-->
+	<target host="optimise.com.br" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://optimise\.com\.br/"
+		to="https://www.optimise.com.br/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Optimise_Media.com.xml b/src/chrome/content/rules/Optimise_Media.com.xml
new file mode 100644
index 000000000000..220474bd1837
--- /dev/null
+++ b/src/chrome/content/rules/Optimise_Media.com.xml
@@ -0,0 +1,20 @@
+<!--
+	Other Optimise Media Group rulesets:
+
+		- Optimise.com.br.xml
+
+-->
+<ruleset name="Optimise Media.com">
+
+	<target host="optimisemedia.com" />
+	<target host="kb.optimisemedia.com" />
+	<target host="www.optimisemedia.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Optimize-it.xml b/src/chrome/content/rules/Optimize-it.xml
deleted file mode 100644
index 4eba5d5ed91c..000000000000
--- a/src/chrome/content/rules/Optimize-it.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	Nonfunctional domains:
-
-		- (www.)optimize-it.biz	(ssl_error_rx_record_too_long)
-
--->
-<ruleset name="optimize-it (partial)">
-
-	<target host="realperson300.net" />
-
-
-	<!--	- Tracking beacon
-		- www doesn't exist
-				-->
-	<rule from="^http://realperson300\.net/"
-		to="https://realperson300.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/OptimizeGoogle.xml b/src/chrome/content/rules/OptimizeGoogle.xml
deleted file mode 100644
index 24f74c4521fe..000000000000
--- a/src/chrome/content/rules/OptimizeGoogle.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="OptimizeGoogle" default_off="Certificate mismatch">
-
-	<target host="optimizegoogle.com" />
-	<target host="www.optimizegoogle.com" />
-
-	<rule from="^http://(www\.)?optimizegoogle\.com/"
-		to="https://www.optimizegoogle.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Optimizely.xml b/src/chrome/content/rules/Optimizely.xml
index b52da3e4cbd4..414247dfa135 100644
--- a/src/chrome/content/rules/Optimizely.xml
+++ b/src/chrome/content/rules/Optimizely.xml
@@ -1,21 +1,33 @@
 <!--
+	For rules covering resources which do not secure
+	mixed content, see optimizely.com-resources.xml.
+
+
 	CDN buckets:
 
-		- cdn.optimizely.com.edgekey.net/.../
-			- e5048.g.akamaiedge.net/.../
+		- d1qmdf3vop2l07.cloudfront.net
+		- cdn.optimizely.com.edgekey.net	← cdn3
+
 
-			- cdn3
+	Problematic hosts in *optimizely.com:
 
-	cdn.iptimizely.com/$ shows AWS "AccessDenied".
+		- cdn4 ᴬ
+		- log3 ᵐ
+		- pages ᵐ
 
+	ᴬ Akamai / mismatched
+	ᵐ Mismatched
 
-	Fully covered subdomains:
 
-		- cdn3
-		- *.log		(web bugs)
+	Insecure cookies are set for these hosts: ᶜ
 
+		- community.optimizely.com
+		- learn.optimizely.com
 
-	cdn sets the following wildcard cookies
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	cdn sets the following insecure wildcard cookies
 	on whichever domain it is loaded from:
 
 		- optimizelyBuckets
@@ -24,22 +36,44 @@
 		- optimizelySegments
 
 -->
-<ruleset name="Optimizely">
+<ruleset name="Optimizely (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="optimizely.com" />
-	<target host="*.optimizely.com" />
-
-
-	<securecookie host="^(.*\.)?optimizely\.com$" name=".*" />
-
-
-	<rule from="^http://optimizely\.com/"
-		to="https://www.optimizely.com/" />
-
-	<rule from="^http://(cdn\d?|\d+\.log|log3|www)\.optimizely\.com/"
-		to="https://$1.optimizely.com/" />
-
-	<rule from="^http://support\.optimizely\.com/(help|pkg|stylesheets)/"
-		to="https://asset-2.tenderapp.com/$1/"/>
+	<target host="app.optimizely.com" />
+	<target host="blog.optimizely.com" />
+	<target host="cdn.optimizely.com" />
+	<target host="cdn2.optimizely.com" />
+	<target host="cdn3.optimizely.com" />
+	<target host="community.optimizely.com" />
+	<target host="developers.optimizely.com" />
+	<target host="help.optimizely.com" />
+	<target host="learn.optimizely.com" />
+	<target host="log.optimizely.com" />
+	<target host="*.log.optimizely.com" />
+	<target host="support.optimizely.com" />
+	<target host="www.optimizely.com" />
+
+		<exclusion pattern="^http://(?:[^./]+\.){2,}log\.optimizely\.com/" />
+
+			<!--	+ve:
+					-->
+			<test url="http://this.host.log.optimizely.com/" />
+			<test url="http://exists.not.log.optimizely.com/" />
+
+		<test url="http://cdn.optimizely.com/js/geo2.js" />
+		<test url="http://cdn2.optimizely.com/js/geo2.js" />
+		<test url="http://cdn3.optimizely.com/js/geo2.js" />
+
+	<!--	Complications:
+				-->
+	<target host="log3.optimizely.com" />
+
+	<rule from="^http://log3\.optimizely\.com/"
+		to="https://3.log.optimizely.com/" />
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Optimost.xml b/src/chrome/content/rules/Optimost.xml
index 9b5dca114754..774f6bdfdaa7 100644
--- a/src/chrome/content/rules/Optimost.xml
+++ b/src/chrome/content/rules/Optimost.xml
@@ -13,10 +13,11 @@
 -->
 <ruleset name="Optimost (partial) ">
 
-	<target host="*.optimost.com" />
+	<target host="es.optimost.com" />
+	<target host="by.essl.optimost.com" />
 
 
-	<rule from="^https?://(?:es|by\.essl)\.optimost\.com/"
+	<rule from="^http://(?:es|by\.essl)\.optimost\.com/"
 		to="https://by.essl.optimost.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/OptionBit.xml b/src/chrome/content/rules/OptionBit.xml
index cf120ee8e9d3..d97ee1b0bcb4 100644
--- a/src/chrome/content/rules/OptionBit.xml
+++ b/src/chrome/content/rules/OptionBit.xml
@@ -1,13 +1,12 @@
 <ruleset name="OptionBit">
 
 	<target host="optionbit.com" />
-	<target host="*.optionbit.com" />
+	<target host="www.optionbit.com" />
 
 
 	<securecookie host="^(?:w*\.)?optionbit\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?optionbit\.com/"
-		to="https://$1optionbit.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/OptionsAnimal.com.xml b/src/chrome/content/rules/OptionsAnimal.com.xml
new file mode 100644
index 000000000000..eccd5c868206
--- /dev/null
+++ b/src/chrome/content/rules/OptionsAnimal.com.xml
@@ -0,0 +1,39 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://optionsanimal.com/ (200) => https://optionsanimal.com/ (526)
+
+	CDN buckets:
+
+		- optionsanimal.optionsanimal.netdna-cdn.com
+
+			- -ssl doesn't exist
+			- fast
+
+
+	Mixed content:
+
+		- Images, from:
+
+			- ^ *
+			- fast *
+
+	* Secured by us
+
+-->
+<ruleset name="OptionsAnimal.com" default_off="failed ruleset test">
+
+	<target host="optionsanimal.com" />
+	<target host="fast.optionsanimal.com" />
+	<target host="www.optionsanimal.com" />
+
+
+	<securecookie host="^\.optionsanimal\.com$" name=".+" />
+
+
+
+	<rule from="^http://(?:fast|www)\.optionsanimal\.com/"
+		to="https://www.optionsanimal.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Optorb.com.xml b/src/chrome/content/rules/Optorb.com.xml
deleted file mode 100644
index 0a9f5fe95e7c..000000000000
--- a/src/chrome/content/rules/Optorb.com.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	(www.) do not exist.
-
-
-	Web bugs.
-
--->
-<ruleset name="optorb.com">
-
-	<target host="*.optorb.com" />
-
-
-	<!--	name="^(d|r|xa)$"
-					-->
-	<securecookie host="^\.optorb\.com$" name=".+" />
-
-
-	<rule from="^http://u\.optorb\.com/"
-		to="https://u.optorb.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Opus-codec.org.xml b/src/chrome/content/rules/Opus-codec.org.xml
new file mode 100644
index 000000000000..8c99d940028d
--- /dev/null
+++ b/src/chrome/content/rules/Opus-codec.org.xml
@@ -0,0 +1,10 @@
+<!--
+cert is not valid for https://git.opus-codec.org/
+-->
+
+<ruleset name="Opus-codec.org">
+  <target host="opus-codec.org" />
+  <target host="www.opus-codec.org" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/OrWall.org.xml b/src/chrome/content/rules/OrWall.org.xml
new file mode 100644
index 000000000000..5e7b5318fb41
--- /dev/null
+++ b/src/chrome/content/rules/OrWall.org.xml
@@ -0,0 +1,12 @@
+<!--
+	Invalid Certificate:
+		w.orwall.org
+-->
+<ruleset name="orWall.org">
+	<target host="orwall.org" />
+	<target host="www.orwall.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Oracle-Base.com.xml b/src/chrome/content/rules/Oracle-Base.com.xml
new file mode 100644
index 000000000000..06c1b52a3e2f
--- /dev/null
+++ b/src/chrome/content/rules/Oracle-Base.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="Oracle-Base.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="oracle-base.com" />
+	<target host="www.oracle-base.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Oracle-mismatches.xml b/src/chrome/content/rules/Oracle-mismatches.xml
deleted file mode 100644
index db18f7cda36a..000000000000
--- a/src/chrome/content/rules/Oracle-mismatches.xml
+++ /dev/null
@@ -1,45 +0,0 @@
-<!--
-	For rules that are on by default, see Oracle.xml.
-
--->
-<ruleset name="Oracle (mismatches)" default_off="mismatch">
-
-	<!--	cert: *.oracle.com	-->
-	<target host="kenai.com" />
-	<target host="www.kenai.com" />
-	<!--	Cert: www.mysql.com	-->
-	<target host="bugs.mysql.com" />
-	<target host="downloads.mysql.com" />
-	<target host="forge.mysql.com" />
-	<target host="forums.mysql.com" />
-	<target host="labs.mysql.com" />
-	<target host="lists.mysql.com" />
-	<target host="planet.mysql.com" />
-	<!--	Akamai	-->
-	<target host="events.oracle.com" />
-	<target host="docs.oracle.com" />
-		<!--
-			Handled in Oracle.xml:
-						-->
-		<exclusion pattern="^http://docs\.oracle\.com/(?:.+/css/|favicon\.ico|.+/graphics/)" />
-	<!--	cert: forums.netbeans.org	-->
-	<target host="planetnetbeans.org" />
-	<target host="www.planetnetbeans.com" />
-
-
-	<securecookie host="^\.forge\.mysql\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?kenai\.com/"
-		to="https://kenai.com/" />
-
-	<rule from="^http://(\w+)\.mysql\.com/"
-		to="https://$1.mysql.com/" />
-
-	<rule from="^http://(doc|event)s\.oracle\.com/"
-		to="https://$1s.oracle.com/" />
-
-	<rule from="^http://(?:www\.)?planetnetbeans\.org/"
-		to="https://planetnetbeans.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Oracle.xml b/src/chrome/content/rules/Oracle.xml
index 471e28fe984f..e02b661e3c4d 100644
--- a/src/chrome/content/rules/Oracle.xml
+++ b/src/chrome/content/rules/Oracle.xml
@@ -1,317 +1,277 @@
+
 <!--
-	See Oracle-mismatches.xml for problematic rules.
+The following targets have been disabled at 2020-10-14 19:04:33:
 
+Fetch error: http://login.oracle.com/ => https://login.oracle.com/: (56, 'OpenSSL SSL_read: SSL_ERROR_SYSCALL, errno 104')
 
-	Other Oracle rulesets:
+-->
 
+<!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Fetch error: http://blogs.oracle.com/ => https://blogs.oracle.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://java.cloud.oracle.com/ => https://java.cloud.oracle.com/: (7, 'Failed to connect to java.cloud.oracle.com port 443: Connection refused')
+Fetch error: http://data.us0.cloud.oracle.com/ => https://data.us0.cloud.oracle.com/: (7, 'Failed to connect to data.us0.cloud.oracle.com port 443: Connection refused')
+Fetch error: http://idmconsolepre.us0.cloud.oracle.com/ => https://idmconsolepre.us0.cloud.oracle.com/: (7, 'Failed to connect to idmconsolepre.us0.cloud.oracle.com port 443: Connection refused')
+Fetch error: http://loginpre.us0.cloud.oracle.com/ => https://loginpre.us0.cloud.oracle.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://oamadminpre.us0.cloud.oracle.com/ => https://oamadminpre.us0.cloud.oracle.com/: (7, 'Failed to connect to oamadminpre.us0.cloud.oracle.com port 443: Connection refused')
+Fetch error: http://oimadminpre.us0.cloud.oracle.com/ => https://oimadminpre.us0.cloud.oracle.com/: (7, 'Failed to connect to oimadminpre.us0.cloud.oracle.com port 443: Connection refused')
+Fetch error: http://isdportal.oracle.com/ => https://isdportal.oracle.com/: (56, 'OpenSSL SSL_read: SSL_ERROR_SYSCALL, errno 104')
+
+	Other Oracle rulesets:
 		- Atgsvcs.com.xml
-		- ATG_Web_Commerce.xml
+		- Compendium.com.xml
+		- Custhelp.com.xml
 		- Eloqua.xml
-		- Estara.com.xml
 		- Java.net.xml
+		- JCP.org.xml
+		- Kenai.com.xml
+		- Ksplice.xml
 		- Linksys.xml
 		- MySQL.xml
-		- NetBeans.zml
+		- NetBeans.xml
+		- Oracle_outsourcing.com.xml
+		- Responsys.com.xml
+		- Responsys.xml
 		- RightNow.xml
-		- VirtualBox.xml
-
-
-	CDN buckets:
-
-		- oracle.112.2o7.net
-
-		- sun.edgeboss.net
-
-			- a147.g.akamai.net
-
-		- pressroom.oracle.com.edgekey.net
-		- www.oracleimg.com.edgekey.net
-
-		- docs.oracle.com.edgesuite.net
-
-			- a1049.d.akamai.net
-
-		- oraclejapan.presscentre.com
-
-			- japanmediacentre
-
-
-	Nonfunctional subdomains:
-
-		- isdportal *
-		- jdevadf	(dropped)
-		- oukc *
-		- pressroom	(503, akamai with valid cert)
-		- tahiti *
-
-	* Refused
-
-
-	Problematic domains:
-
-		- oracle.com subdomains:
-
-			- ^			(refused)
-			- crmondemand *
-			- docs			(works, akamai)
-			- japanmediacentre **	(works; mismatched, CN: *.presscentre.com)
-
-		- oracleimg.com *
-
-	* Redirects to http; mismatched, CN: java.sun.com
-
+		- RNengage.com.xml
+
+	Connection refused:
+		- apexea.oracle.com
+		- oukc.oracle.com
+		- tahiti.oracle.com
+
+	Connection reset:
+		- medianetwork.oracle.com
+
+	Invalid certificate:
+		- investor.oracle.com
+		- oracleimg.com
+
+	Redirects to HTTP:
+		- developer.cloud.oracle.com
+		- crmondemand.oracle.com
+		- ilearning.oracle.com
+		- japanmediacentre.oracle.com
+
+	Timed out:
+		- blogs-stage.oracle.com
+		- emeajobs.oracle.com
+		- forums-stage.oracle.com
+		- cn.forums-stage.oracle.com
+		- jdevadf.oracle.com
+		- wikis-stage.oracle.com
 
 	Partially covered domains:
-
-		- (www.)oracle.com *
-		- docs.oracle.com **
-		- (www.)oracleimg.com *
-
-	* ^ → www, some paths redirect to http
-	** → akamai, avoiding user-visible paths, rest handled in Oracle-mismatches.xml
-
+		- (www.)oracle.com ¹
+		- (www.)oracleimg.com ¹
+	¹ Some paths redirect to http
 
 	There are probably some data identical across shop and www that could be grabbed for www.
 
-
-	Fully covered domains:
-
-		- oracle.com subdomains:
-
-			- academy
-			- acsportal
-			- advancedsupport
-			- amr
-			- amr-stage
-			- apex
-			- apexea
-			- asktom
-			- bi-fusioncrm
-			- blogs
-			- blogs-stage
-			- campus
-			- cloud subdomains:
-
-				- ^
-
-				- *.em1:
-
-					- console
-					- javaservices
-					- login
-					- myservices
-
-				- *.us0:
-
-					- data
-					- loginpre
-					- messaging
-					- storage
-
-				- *.us1
-
-					- console
-					- javaservices
-					- login
-					- myservices
-
-			- communities
-			- competencycentre
-			- conference
-			- crm-fusioncrm
-			- crmondemand		(→ www)
-			- digitalmedia
-			- dne
-			- download
-			- edelivery
-			- edelivery-hqdc-test
-			- education
-			- education-stage
-			- emeajobs
-			- emeapressoffice
-			- etrm
-			- fin-fusioncrm
-
-			- forums subdomains:
-
-				- ^
-				- cn
-				- kr
-
-			- forums-stage subdomains:
-
-				- ^
-				- cn
-				- kr
-
-			- fusioncrm
-			- fusionhelp
-			- fusionhelp-stage
-			- gcmprm
-			- hcm-fusioncrm
-			- hs-ws1
-			- iacademy
-			- ic-fusioncrm
-			- ilearning
-			- ilearningcontent
-			- irecruitment
-			- itsp
-			- itsp-stage
-			- linux
-			- login
-			- login-stage
-			- m
-			- medianetwork
-			- my
-			- myprofile
-			- myprofile-mktas
-			- oai
-			- oss
-			- otn
-			- partners
-			- plmap
-			- prc-fusioncrm
-			- prj-fusioncrm
-			- public-yum
-			- scm-fusioncrm
-			- search
-			- shop
-			- solutions
-			- stbeehive
-			- strtc
-			- suppliers
-			- support
-			- supporthtml
-			- updates
-			- wfs
-			- wikis
-			- wikis-stage
-			- workforce
-			- www-portal-stage
-			- www-stage
-
-		- oracleoutsourcing.com subdomains:
-
-			- bi-*
-			- crm-*
-			- fin-*
-			- fs-*
-			- hcm-*
-			- scm-*
-			- ic-*
-			- prc-*
-			- prj-*
-
-
-	Observed cookie subdomains:
-
-		- blogs
-
-		- cloud subdomains:
-
-			- ^
-
-			- em1 subdomains:
-
-				- console
-				- javaservices
-				- login
-				- myservices
-
-			- data.us0
-			- loginpre.us0
-
-			- us1 subdomains:
-
-				- console
-				- login
-				- myservices
-
-		- competencycenter
-		- crm-fusioncrm
-		- .edelivery
-		- education
-		- fin-fusioncrm
-		- fusioncrm
-		- hcm-fusioncrm
-		- ic-fusioncrm
-		- login
-		- medianetwork
-		- scm-fusioncrm
-		- shop
-		- solutions
-		- wikis
-		- www
-
-
 	Mixed content:
-
-		- Script on medianetwork from www.oracleimg.com *
-
+		- Script on medianetwork from www.oracleimg.com ¹
 		- Images, on:
-
+			- blog from www.eloqua.com
 			- medianetwork from sun.edgeboss.net
-			- medianetwork from www.oracleimg.com *
-			- medianetwork from www.oracleimg.com **
-
+			- medianetwork from www.oracleimg.com ¹
+			- medianetwork from www.oracleimg.com ²
+			- www from $self ¹
 		- Web bugs, on:
-
-			- events from dnn506yrbagrg.cloudfront.net *
-			- events from consent.truste.com *
-			- medianetwork from www.oracleimg.com *
-
-	* Secured by us
-	** Unsecurable, doesn't trip MCB
-
+			- events from dnn506yrbagrg.cloudfront.net ¹
+			- events from consent.truste.com ¹
+			- medianetwork from www.oracleimg.com ¹
+	¹ Secured by us
+	² Unsecurable, doesn't trip MCB
 -->
+
 <ruleset name="Oracle (partial)">
 
+	<!-- Direct rewrites -->
+	<target host="academy.oracle.com" />
+	<target host="acsportal.oracle.com" />
+	<target host="advancedsupport.oracle.com" />
+	<target host="amr.oracle.com" />
+	<target host="amr-stage.oracle.com" />
+	<target host="apex.oracle.com" />
+	<target host="apexapps.oracle.com" />
+	<target host="appsconnect.oracle.com" />
+	<target host="asktom.oracle.com" />
+	<!-- target host="blogs.oracle.com" /-->
+	<target host="campus.oracle.com" />
+
+	<target host="cloud.oracle.com" />
+
+	<target host="cldadmininternal.ap1.cloud.oracle.com" />
+	<target host="javaservices.ap1.cloud.oracle.com" />
+	<target host="myservices.ap1.cloud.oracle.com" />
+	<target host="cldadmininternal.ap2.cloud.oracle.com" />
+	<target host="myservices.ap2.cloud.oracle.com" />
+
+	<target host="docs.cloud.oracle.com" />
+
+	<target host="console.em1.cloud.oracle.com" />
+	<target host="javaservices.em1.cloud.oracle.com" />
+	<target host="login.em1.cloud.oracle.com" />
+	<target host="myservices.em1.cloud.oracle.com" />
+	<target host="console.em2.cloud.oracle.com" />
+	<target host="javaservices.em2.cloud.oracle.com" />
+	<target host="myservices.em2.cloud.oracle.com" />
+
+	<!-- target host="java.cloud.oracle.com" /-->
+	<target host="myaccount.cloud.oracle.com" />
+	<target host="servicestatus.cloud.oracle.com" />
+	<target host="stg-myaccount.cloud.oracle.com" />
+
+	<!-- target host="data.us0.cloud.oracle.com" /-->
+	<!-- target host="idmconsolepre.us0.cloud.oracle.com" /-->
+	<!-- target host="loginpre.us0.cloud.oracle.com" /-->
+	<!-- target host="oamadminpre.us0.cloud.oracle.com" /-->
+	<!-- target host="oimadminpre.us0.cloud.oracle.com" /-->
+	<target host="console.us1.cloud.oracle.com" />
+	<target host="javaservices.us1.cloud.oracle.com" />
+	<target host="login.us1.cloud.oracle.com" />
+	<target host="myservices.us1.cloud.oracle.com" />
+	<target host="stg-cldadmininternal.us1.cloud.oracle.com" />
+	<target host="stg-javaservices.us1.cloud.oracle.com" />
+	<target host="stg-myservices.us1.cloud.oracle.com" />
+	<target host="console.us2.cloud.oracle.com" />
+	<target host="idmconsole.us2.cloud.oracle.com" />
+	<target host="javaservices.us2.cloud.oracle.com" />
+	<target host="login.us2.cloud.oracle.com" />
+	<target host="myservices.us2.cloud.oracle.com" />
+
+	<target host="cloudcustomerconnect.oracle.com" />
+	<target host="communities.oracle.com" />
+	<target host="community.oracle.com" />
+	<target host="competencycenter.oracle.com" />
+	<target host="conference.oracle.com" />
+	<target host="developer.oracle.com" />
+	<target host="digitalmedia.oracle.com" />
+	<target host="dne.oracle.com" />
+	<target host="docs.oracle.com" />
+	<target host="download.oracle.com" />
+	<target host="edelivery.oracle.com" />
+	<target host="edelivery-hqdc-test.oracle.com" />
+	<target host="education.oracle.com" />
+	<target host="education-stage.oracle.com" />
+	<target host="emeapressoffice.oracle.com" />
+	<target host="etrm.oracle.com" />
+	<target host="events.oracle.com" />
+
+	<target host="forums.oracle.com" />
+	<target host="cn.forums.oracle.com" />
+	<target host="kr.forums.oracle.com" />
+
+	<target host="kr.forums-stage.oracle.com" />
+
+	<target host="fusioncrm.oracle.com" />
+
+	<target host="bi-fusioncrm.oracle.com" />
+	<target host="crm-fusioncrm.oracle.com" />
+	<target host="fin-fusioncrm.oracle.com" />
+	<target host="hcm-fusioncrm.oracle.com" />
+	<target host="ic-fusioncrm.oracle.com" />
+	<target host="scm-fusioncrm.oracle.com" />
+
+	<target host="fusionhelp.oracle.com" />
+	<target host="gcmprm.oracle.com" />
+	<target host="go.oracle.com" />
+	<target host="hs-ws1.oracle.com" />
+	<target host="iacademy.oracle.com" />
+	<target host="internetintel.oracle.com" />
+	<target host="ilearningcontent.oracle.com" />
+	<target host="irecruitment.oracle.com" />
+	<!-- target host="isdportal.oracle.com" /-->
+	<target host="ksplice.oracle.com" />
+	<target host="jbs.oracle.com" />
+	<target host="labs.oracle.com" />
+	<target host="learn.oracle.com" />
+	<target host="linux.oracle.com" />
+	<!-- target host="login.oracle.com" /-->
+	<target host="login-stage.oracle.com" />
+	<target host="m.oracle.com" />
+	<target host="my.oracle.com" />
+	<target host="myprofile.oracle.com" />
+	<target host="oai.oracle.com" />
+	<target host="oss.oracle.com" />
+	<target host="plmap.oracle.com" />
+	<target host="pressroom.oracle.com" />
+	<target host="profile.oracle.com" />
+	<target host="search.oracle.com" />
+	<target host="shop.oracle.com" />
+	<target host="solutions.oracle.com" />
+	<target host="status-ksplice.oracle.com" />
+	<target host="stbeehive.oracle.com" />
+	<target host="strtc.oracle.com" />
+	<target host="suppliers.oracle.com" />
+	<target host="support.oracle.com" />
+	<target host="supporthtml.oracle.com" />
+	<target host="updates.oracle.com" />
+	<target host="video.oracle.com" />
+	<target host="videohub.oracle.com" />
+	<target host="wfs.oracle.com" />
+	<target host="wikis.oracle.com" />
+	<target host="workforce.oracle.com" />
+	<target host="www-portal-stage.oracle.com" />
+	<target host="www-stage.oracle.com" />
+	<target host="yum.oracle.com" />
+
+	<!-- Special cases -->
 	<target host="oracle.com" />
-	<target host="*.oracle.com" />
-		<!--exclusion pattern="^http://(docs|isdportal|jdevadf|oukc|pressroom|tahiti)\.oracle\.com/" /-->
-		<!--
-			Very stingy https support
-			most paths redirect to http
-							-->
-		<exclusion pattern="^http://www\.oracle(?:img)?\.com/(?!(?:\w+/)?assets/|\w+/[^/]+\.(?:css|gif|jpg|js|png)$)"/>
-		<!--
-			Avoid user-visible paths:
-							-->
-		<!--exclusion pattern="^http://docs\.oracle\.com/(?!.+/css/|favicon\.ico|.+/graphics/)" /-->
+	<target host="www.oracle.com" />
 	<target host="oracleimg.com" />
 	<target host="www.oracleimg.com" />
-	<target host="*.oracleoutsourcing.com" />
 
-
-	<securecookie host="^(?:\w+|\.edelivery)\.oracle\.com$" name=".+" />
-	<!--
-		Could we secure any of these safely?
-							-->
+		<exclusion pattern="^http://www\.oracle(img)?\.com/(?!(\w+/)?assets/|\w+/[^/]+\.(css|gif|jpg|js|png)$|(communities|corporate/careers|javaone|marketingcloud|rightnow)($|[?/]))"/>
+			<!-- +ve -->
+			<test url="http://www.oracle.com/ee/" />
+			<test url="http://www.oracle.com/gr/" />
+			<test url="http://www.oracle.com/index.html" />
+			<test url="http://www.oracle.com/partners/index.html" />
+			<test url="http://www.oracle.com/sk/" />
+			<test url="http://www.oracle.com/technetwork/index.html" />
+			<test url="http://www.oracle.com/technetwork/systems/index.html" />
+			<test url="http://www.oracle.com/us/" />
+			<test url="http://www.oracle.com/us/corporate/analystrelations/index.html" />
+			<test url="http://www.oracle.com/us/corporate/region/index.html" />
+			<test url="http://www.oracle.com/us/downloads/index.html" />
+			<test url="http://www.oracle.com/us/products/index.html" />
+			<test url="http://www.oracle.com/us/sitemaps/index.html" />
+			<test url="http://www.oracle.com/us/solutions/index.html" />
+			<test url="http://www.oracle.com/us/solutions/midsize/overview/index.html" />
+			<test url="http://www.oracle.com/us/support/index.html" />
+			<test url="http://www.oracle.com/us/syndication/subscribe/index.html" />
+
+			<!-- -ve -->
+			<test url="http://www.oracle.com/communities" />
+			<test url="http://www.oracle.com/corporate/careers" />
+			<test url="http://www.oracle.com/marketingcloud/products/cross-channel/marketing-to-consumers.html" />
+			<test url="http://www.oracle.com/rightnow/" />
+			<test url="http://www.oracle.com/us/assets/compass-homestyle.css" />
+			<test url="http://www.oracleimg.com/us/assets/compass-hp-sprite.png" />
+			<test url="http://www.oracleimg.com/us/assets/sidebox-background-top.gif" />
+
+	<securecookie host="^(\w+|\.edelivery)\.oracle\.com$" name=".+" />
+	<!-- Could we secure any of these safely? -->
 	<!--securecookie host="^\.oracle\.com$" name="^(ORA_FND_SESSION_CRMAP\.US\.ORACLE\.COM|ORA_FUSION_PREFS|s_eVar21)$" /-->
-	<!--
-		Tracking cookies
-					-->
-	<securecookie host="^\.oracle\.com$" name="^(?:gpw_e24|s_(?:cc|nr|sq))$" />
-
-
-	<rule from="^http://(?:www\.)?oracle(img)?\.com/us/([^/]+)\.(css|gif|jpg|js|png)$"
-		to="https://www.oracle$1.com/us/assets/$2.$3" />
-
-	<rule from="^https?://(?:www\.)?oracle(img)?\.com/"
-		to="https://www.oracle$1.com/" />
-
-	<!--	Server doesn't drop path:
-						-->
-	<rule from="^http://crmondemand\.oracle\.com/"
-		to="https://www.oracle.com/us/products/applications/crmondemand/index.html" />
-
-	<rule from="^http://(i?academy|acsportal|advancedsupport|amr|amr-stage|apex|apexea|asktom|blogs(?:-stage)?|campus|cloud|\w+\.(?:em1|us0|us1)\.cloud|communities|competencycentre|conference|digitalmedia|dne|download|edelivery(?:-hqdc-test)?|education(?:-stage)?|emeajobs|emeapressoffice|etrm|(?:cn\.|kr\.)?forums(?:-stage)?|(?:bi-|crm-|fin-|[hs]cm-|ic-|pr[cj]-)?fusioncrm|fusionhelp(?:-stage)?|gcmprm|hs-ws1|ilearning(?:content)?|irecruitment|itsp|itsp-stage|linux|login(?:-stage)?|medianetwork|my?|myprofile(?:-mktas)?|oai|oss|otn|partners|plmap|public-yum|search|shop|solutions|stbeehive|strtc|suppliers|support(?:html)?|updates|wfs|wikis(?:-stage)?|workforce|www(?:-portal)?-stage)\.oracle\.com/"
-		to="https://$1.oracle.com/" />
-
-	<rule from="^http://docs\.oracle\.com/(?=favicon\.ico|.+/(?:cs|graphic)s/)"
-		to="https://a248.e.akamai.net/f/1049/1606/6m/docs.oracle.com/" />
-
-	<rule from="^http://(bi|crm|fin|fs|[hs]cm|ic|pr[cj])-(\w+)\.oracleoutsourcing\.com/"
-		to="https://$1-$2.oracleoutsourcing.com/" />
-
+	<!-- Tracking cookies -->
+	<securecookie host="^\." name="^(Order_Marketing(CampaignSuccess|Trigger)|gpw_e24|s_(cc|nr|sq))$" />
+
+	<rule from="^http://(www\.)?oracle(img)?\.com/us/(?=[^/]+\.(css|gif|jpg|js|png)$)"
+		to="https://www.oracle$2.com/us/assets/" />
+			<test url="http://oracle.com/us/compass-hp-sprite.png" />
+			<test url="http://www.oracle.com/us/compass-hp-sprite.png" />
+			<test url="http://www.oracle.com/us/master-mosaic.css" />
+			<test url="http://www.oracle.com/us/ocom-base-styles.css" />
+			<test url="http://oracleimg.com/us/compass-hp-sprite.png" />
+			<test url="http://www.oracleimg.com/us/compass-hp-sprite.png" />
+			<test url="http://www.oracleimg.com/us/f01-bgstrip.png" />
+			<test url="http://www.oracleimg.com/us/list-icons.png" />
+			<test url="http://www.oracleimg.com/us/obttn-bg.png" />
+
+	<rule from="^http://oracleimg\.com/"
+		to="https://www.oracleimg.com/" />
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Oracle_outsourcing.com.xml b/src/chrome/content/rules/Oracle_outsourcing.com.xml
new file mode 100644
index 000000000000..da2d2e039973
--- /dev/null
+++ b/src/chrome/content/rules/Oracle_outsourcing.com.xml
@@ -0,0 +1,30 @@
+<!--
+	For other Oracle coverage, see Oracle.xml.
+
+
+	Fully covered domains:
+
+		- oracleoutsourcing.com subdomains:
+
+			- bi-*
+			- crm-*
+			- fin-*
+			- fs-*
+			- hcm-*
+			- scm-*
+			- ic-*
+			- prc-*
+			- prj-*
+
+-->
+<ruleset name="Oracle outsourcing.com (partial)">
+
+	<!--	Direct rewrites:
+					-->
+	<target host="*.oracleoutsourcing.com" />
+
+
+	<rule from="^http://(bi|crm|fin|fs|[hs]cm|ic|pr[cj])-(\w+)\.oracleoutsourcing\.com/"
+		to="https://$1-$2.oracleoutsourcing.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Oralb-blendamed.de.xml b/src/chrome/content/rules/Oralb-blendamed.de.xml
new file mode 100644
index 000000000000..38702555efc7
--- /dev/null
+++ b/src/chrome/content/rules/Oralb-blendamed.de.xml
@@ -0,0 +1,6 @@
+<ruleset name="Oralb-blendamed.de">
+  <target host="oralb-blendamed.de" />
+  <target host="www.oralb-blendamed.de" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Orange.Jobs.xml b/src/chrome/content/rules/Orange.Jobs.xml
new file mode 100644
index 000000000000..5e7bf51645a7
--- /dev/null
+++ b/src/chrome/content/rules/Orange.Jobs.xml
@@ -0,0 +1,19 @@
+<!--
+	Invalid certificate:
+		www.orange.jobs
+
+-->
+<ruleset name="Orange.Jobs">
+
+	<target host="orange.jobs" />
+	<target host="www.orange.jobs" />
+	<target host="jobsmap.orange.jobs" />
+	<target host="recruiter.orange.jobs" />
+
+	<rule from="^http://www\.orange\.jobs/"
+		to="https://orange.jobs/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Orange.sk.xml b/src/chrome/content/rules/Orange.sk.xml
new file mode 100644
index 000000000000..9b9936a8d940
--- /dev/null
+++ b/src/chrome/content/rules/Orange.sk.xml
@@ -0,0 +1,6 @@
+<ruleset name="Orange.sk">
+  <target host="orange.sk" />
+  <target host="www.orange.sk" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Orange.xml b/src/chrome/content/rules/Orange.xml
index 8d026442cbf9..abf60fa5dfb9 100644
--- a/src/chrome/content/rules/Orange.xml
+++ b/src/chrome/content/rules/Orange.xml
@@ -1,4 +1,10 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://orange.co.il/ => https://www.orange.co.il/: (51, "SSL: no alternative certificate subject name matches target host name 'www.orange.co.il'")
+Fetch error: http://www.orange.co.il/ => https://www.orange.co.il/: (51, "SSL: no alternative certificate subject name matches target host name 'www.orange.co.il'")
+Fetch error: http://orange.ch/ => https://www.orange.ch/: (7, 'Failed to connect to www.orange.ch port 443: Connection timed out')
+
 	Although shop.orange.co.uk supports ssl, on
 	some pages it keeps falling back to http.
 
@@ -18,25 +24,50 @@
 
 		- www2.orange.co.uk
 
-			- cert: www.orange.co.uk)
+			- cert: www.orange.co.uk
 			- Redirects to www
 			- 404s on www
 
+		- devicehelp-*.orange.ch,
+		  www.blackberry.orange.ch,
+		  www2.orange.ch
+			- mismatch
+
+		- dsl.orange.ch,
+		  img.orange.ch,
+		  mba.fixed.orange.ch
+			- connection failed
+
 -->
-<ruleset name="Orange">
+<ruleset name="Orange" default_off="failed ruleset test">
 
 	<target host="orange.co.il" />
 	<target host="www.orange.co.il" />
-	<target host="*.orange.co.uk" />
+	<target host="kareena.orange.co.uk" />
+	<target host="services.orange.co.uk" />
+	<target host="shop.orange.co.uk" />
+	<target host="wassup.orange.co.uk" />
+	<target host="web.orange.co.uk" />
+	<target host="orange.ch"/>
+	<target host="www.orange.ch" />
+	<target host="apps.orange.ch" />
+	<target host="community.orange.ch" />
+	<target host="mobilesettings.orange.ch" />
+	<target host="my.orange.ch" />
+	<target host="rbt.orange.ch" />
+	<target host="shop.orange.ch" />
 
 
-	<securecookie host="^(kareena|shop)\.orange\.co\.uk$" name=".*" />
+	<securecookie host="^(?:kareena|shop)\.orange\.co\.uk$" name=".+" />
 
 
 	<rule from="^http://(?:www\.)?orange\.co\.il/"
 		to="https://www.orange.co.il/" />
 
-	<rule from="^http://(kareena|services|shop|wassup|web)\.orange\.co\.uk/"
-		to="https://$1.orange.co.uk/" />
 
+	<rule from="^http://(?:www\.)?orange\.ch/"
+		to="https://www.orange.ch/"/>
+
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/OrangeNaturals.com.xml b/src/chrome/content/rules/OrangeNaturals.com.xml
new file mode 100644
index 000000000000..69376b766bfd
--- /dev/null
+++ b/src/chrome/content/rules/OrangeNaturals.com.xml
@@ -0,0 +1,11 @@
+<!--
+	Active mixed content:
+		- orangenaturals.com, e.g. http://orangenaturals.com/blog/bone-building-strong-bodies-smoothie-recipe/
+-->
+
+<ruleset name="OrangeNaturals.com" platform="mixedcontent">
+	<target host="orangenaturals.com" />
+	<target host="www.orangenaturals.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/OrangeWebsite.com.xml b/src/chrome/content/rules/OrangeWebsite.com.xml
index 88c4443f8141..29e7bf9cc75f 100644
--- a/src/chrome/content/rules/OrangeWebsite.com.xml
+++ b/src/chrome/content/rules/OrangeWebsite.com.xml
@@ -12,13 +12,13 @@
 -->
 <ruleset name="OrangeWebsite.com (partial)">
 
-	<target host="*.orangewebsite.com" />
+	<target host="jolnir.orangewebsite.com" />
+	<target host="secure.orangewebsite.com" />
 
 
 	<securecookie host="^secure\.orangewebsite\.com$" name=".+" />
 
 
-	<rule from="^http://(jolnir|secure)\.orangewebsite\.com/"
-		to="https://$1.orangewebsite.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Orange_Geek.xml b/src/chrome/content/rules/Orange_Geek.xml
index 7a1818ff4bdb..53e4f00e93e8 100644
--- a/src/chrome/content/rules/Orange_Geek.xml
+++ b/src/chrome/content/rules/Orange_Geek.xml
@@ -1,13 +1,12 @@
 <ruleset name="Orange Geek">
 
 	<target host="orangegeek.com" />
-	<target host="*.orangegeek.com" />
+	<target host="www.orangegeek.com" />
 
 
 	<securecookie host="^\.orangegeek\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?orangegeek\.com/"
-		to="https://$1orangegeek.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Orange_Static.com.xml b/src/chrome/content/rules/Orange_Static.com.xml
new file mode 100644
index 000000000000..119c3906d660
--- /dev/null
+++ b/src/chrome/content/rules/Orange_Static.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="Orange Static.com">
+
+	<target host="orangestatic.com" />
+	<target host="www.orangestatic.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OrangeandWhite.com.xml b/src/chrome/content/rules/OrangeandWhite.com.xml
deleted file mode 100644
index 9204f92433f6..000000000000
--- a/src/chrome/content/rules/OrangeandWhite.com.xml
+++ /dev/null
@@ -1,36 +0,0 @@
-<!--
-	CDN buckets:
-
-		- media.orangeandwhite.com.edgesuite.net
-
-			- a1017.g.akamai.net
-
-
-	Problematic subdomains:
-
-		- ^		(works; mismatched, CN: push.scrippsing.com)
-		- media		(works, akamai)
-
-
-	Fully covered subdomains:
-
-		- (www.)	(^ → www)
-		- media		(→ akamai)
-
-
-	web does not exist.
-
--->
-<ruleset name="OrangeandWhite.com">
-
-	<target host="orangeandwhite.com" />
-	<target host="*.orangeandwhite.com" />
-
-
-	<rule from="^http://(?:www\.)?orangeandwhite\.com/"
-		to="https://www.orangeandwhite.com/" />
-
-	<rule from="^http://media\.orangeandwhite\.com/"
-		to="https://a248.e.akamai.net/f/1017/7389/3m/media.orangeandwhite.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Orbital-apps.com.xml b/src/chrome/content/rules/Orbital-apps.com.xml
new file mode 100644
index 000000000000..7b5435de443e
--- /dev/null
+++ b/src/chrome/content/rules/Orbital-apps.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Orbital-apps.com">
+	<target host="orbital-apps.com" />
+	<target host="www.orbital-apps.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Orbital_ATK.com.xml b/src/chrome/content/rules/Orbital_ATK.com.xml
new file mode 100644
index 000000000000..3311299da78b
--- /dev/null
+++ b/src/chrome/content/rules/Orbital_ATK.com.xml
@@ -0,0 +1,15 @@
+<ruleset name="Orbital ATK.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="orbitalatk.com" />
+	<target host="www.orbitalatk.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Orbital_Sciences.xml b/src/chrome/content/rules/Orbital_Sciences.xml
index fd27022223e4..03aaca78a6be 100644
--- a/src/chrome/content/rules/Orbital_Sciences.xml
+++ b/src/chrome/content/rules/Orbital_Sciences.xml
@@ -1,4 +1,18 @@
-<ruleset name="Orbital Sciences">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://orbital.com/ => https://orbital.com/: (51, "SSL: no alternative certificate subject name matches target host name 'orbital.com'")
+Fetch error: http://www.orbital.com/ => https://www.orbital.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.orbital.com'")
+
+-->
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://orbital.com/ => https://orbital.com/: (51, "SSL: no alternative certificate subject name matches target host name 'orbital.com'")
+Fetch error: http://www.orbital.com/ => https://www.orbital.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.orbital.com'")
+
+-->
+<ruleset name="Orbital Sciences" default_off="failed ruleset test">
 
 	<target host="orbital.com" />
 	<target host="www.orbital.com" />
@@ -7,7 +21,6 @@
 	<securecookie host="^(?:www\.)?orbital\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?orbital\.com/"
-		to="https://$1orbital.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Orchid_Diva.xml b/src/chrome/content/rules/Orchid_Diva.xml
index f8cde64b09cb..6a695af3a747 100644
--- a/src/chrome/content/rules/Orchid_Diva.xml
+++ b/src/chrome/content/rules/Orchid_Diva.xml
@@ -1,13 +1,12 @@
 <ruleset name="Orchid Diva">
 
 	<target host="orchiddiva.com" />
-	<target host="*.orchiddiva.com" />
+	<target host="www.orchiddiva.com" />
 
 
 	<securecookie host="^\.(?:www\.)?orchiddiva\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?orchiddiva\.com/"
-		to="https://$1orchiddiva.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Ordbogen.com.xml b/src/chrome/content/rules/Ordbogen.com.xml
index 798f88a38cfe..32435947ad31 100644
--- a/src/chrome/content/rules/Ordbogen.com.xml
+++ b/src/chrome/content/rules/Ordbogen.com.xml
@@ -2,5 +2,5 @@
   <target host="ordbogen.com" />
   <target host="www.ordbogen.com" />
 
-  <rule from="^http://(www\.)?ordbogen\.com/" to="https://www.ordbogen.com/" />
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/OrderBook.net.xml b/src/chrome/content/rules/OrderBook.net.xml
new file mode 100644
index 000000000000..dc5aa052a065
--- /dev/null
+++ b/src/chrome/content/rules/OrderBook.net.xml
@@ -0,0 +1,19 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://orderbook.net/ => https://orderbook.net/: (7, 'Failed to connect to orderbook.net port 443: Connection refused')
+Fetch error: http://www.orderbook.net/ => https://www.orderbook.net/: (7, 'Failed to connect to www.orderbook.net port 443: Connection refused')
+
+-->
+<ruleset name="OrderBook.net" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="orderbook.net" />
+	<target host="www.orderbook.net" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ordnance_Survey.xml b/src/chrome/content/rules/Ordnance_Survey.xml
index eb6da9a2e524..d13ec8037f92 100644
--- a/src/chrome/content/rules/Ordnance_Survey.xml
+++ b/src/chrome/content/rules/Ordnance_Survey.xml
@@ -1,9 +1,25 @@
-<ruleset name="Ordnance Survey">
-    <target host="ordnancesurvey.co.uk" />
-    <target host="*.ordnancesurvey.co.uk" />
-
-    <rule from="^https?://ordnancesurvey\.co\.uk/"
-        to="https://www.ordnancesurvey.co.uk/"/>
-    <rule from="^http://([^/:@]+)?\.ordnancesurvey\.co\.uk/"
-        to="https://$1.ordnancesurvey.co.uk/" />
+<!--
+	Other Ordnance Survey rulesets:
+
+		- Geovation.uk.xml
+		- OS.uk.xml
+
+-->
+<ruleset name="Ordnance Survey.co.uk">
+
+	<target host="ordnancesurvey.co.uk" />
+	<target host="*.ordnancesurvey.co.uk" />
+
+		<test url="http://insight.ordnancesurvey.co.uk/" />
+		<test url="http://orders.ordnancesurvey.co.uk/" />
+		<test url="http://www.ordnancesurvey.co.uk/" />
+
+
+	<securecookie host="^\." name="^_gat?$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/Oregon-State-University-mismatches.xml b/src/chrome/content/rules/Oregon-State-University-mismatches.xml
index d51577cf8167..4bbaa8afc4fb 100644
--- a/src/chrome/content/rules/Oregon-State-University-mismatches.xml
+++ b/src/chrome/content/rules/Oregon-State-University-mismatches.xml
@@ -1,4 +1,4 @@
-<ruleset name="Oregon State University (mismatches)" default_off="mismatch">
+<ruleset name="Oregon State University (mismatches)" default_off="mismatched">
 
 	<target host="campaignforosu.org"/>
 
diff --git a/src/chrome/content/rules/Oregon-State-University.xml b/src/chrome/content/rules/Oregon-State-University.xml
index c9abd6b8bb7e..fdc2ebae34d4 100644
--- a/src/chrome/content/rules/Oregon-State-University.xml
+++ b/src/chrome/content/rules/Oregon-State-University.xml
@@ -1,33 +1,37 @@
+
 <!--
-	Nonfunctional domains:
+	Other Oregon State University rulesets:
 
-		- ftp-nyc.osuosl.org*
-		- rsync.osuosl.org *
+		- osufoundation.org.xml
+		- osuosl.org.xml
 
-	* Refused
 
--->
-<ruleset name="Oregon State University (partial)" platform="mixedcontent">
+	Nonfunctional hosts in *oregonstate.edu:
 
-	<target host="oregonstate.edu"/>
-	<target host="*.oregonstate.edu"/>
-	<target host="osufoundation.org"/>
-	<target host="www.osufoundation.org"/>
-	<target host="osuosl.org"/>
-	<target host="*.osuosl.org"/>
+	www.oregonstate.edu: mismatched
+
+-->
+<ruleset name="Oregon State.edu (partial)">
 
-	<securecookie host="^\.osuosl\.org$" name=".*"/>
+	<!--	Direct rewrites:
+				-->
+	<target host="oregonstate.edu" />
+	<target host="drupalweb.forestry.oregonstate.edu" />
+	<target host="osulibrary.oregonstate.edu" />
+	<target host="library.oregonstate.edu" />
+	<target host="ecampus.oregonstate.edu" />
+	<target host="web.engr.oregonstate.edu" />
+	<target host="secure.oregonstate.edu" />
 
-	<rule from="^http://(?:www\.)?oregonstate\.edu/(favicon\.ico$|u_central/images/)"
-		to="https://secure.oregonstate.edu/$1"/>
+	<!--	Complications:
+				-->
+	<target host="www.oregonstate.edu" />
 
-	<rule from="^http://(drupalweb\.forestry|osulibrary|secure)\.oregonstate\.edu/"
-		to="https://$1.oregonstate.edu/" />
 
-	<rule from="^http://(?:www\.)?osufoundation\.org/"
-		to="https://osufoundation.org/"/>
+	<rule from="^http://www\.oregonstate\.edu/"
+		to="https://oregonstate.edu/" />
 
-	<rule from="^http://(www\.)?osuosl\.org/"
-		to="https://$1osuosl.org/"/>
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Oregon_Live.com.xml b/src/chrome/content/rules/Oregon_Live.com.xml
new file mode 100644
index 000000000000..8ed11d47fac1
--- /dev/null
+++ b/src/chrome/content/rules/Oregon_Live.com.xml
@@ -0,0 +1,116 @@
+<!--
+	CDN buckets:
+
+		- 801-morris-prod.advance.net
+
+			- rpt-transit
+
+		- hssn-prod.advance.net.edgesuite.net
+
+			- highschoolsports
+
+		- imgick-prod.advance.net.edgesuite.net
+
+			- imgick
+
+		- mdw-prod.advance.net.edgesuite.net
+
+			- autos
+			- realestate
+
+		- mt4-prod.advance.net.edgesuite.net
+
+			- a68.b.akamai.net
+			- connect
+			- media
+			- topics
+
+		- www-prod.advance.net.edgesuite.net
+
+			- www
+
+		- oregonlive.findnsave.com
+
+			- findnsave
+
+		- oregonlive.advance.ypbot.net
+
+			- businessfinder
+
+
+	Nonfunctional subdomains:
+
+		- ^ ¹
+		- autos ¹
+		- businessfinder ²
+		- connect ³
+		- highschoolsports ³
+		- imgick ³
+		- realestate ³
+		- rpt-transit ¹
+		- topics ³
+		- www ³
+
+	¹ Refused
+	² Redirects to http, valid cert
+	³ 503, akamai
+
+
+	Problematic subdomains:
+
+		- findnsave ¹
+		- media ²
+
+	¹ Mismatched, CN: *.findnsave.com
+	² Akamai
+
+
+	Partially covered subdomains:
+
+		- findnsave ¹
+		- media ²
+
+	¹ Some paths redirect to http
+	² css references resources relative to root
+
+
+	Mixed content:
+
+		- css on member from fonts.googleapis.com ¹
+
+		- Images on findnsave from imagecdn-\d.findnsave.com ²
+
+	¹ Secured by us
+	² Unsecurable <= 403
+
+-->
+<ruleset name="Oregon Live.com (partial)">
+
+	<target host="member.oregonlive.com" />
+	<target host="findnsave.oregonlive.com" />
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="^http://findnsave\.oregonlive\.com/+($|\?|forgot_password($|[?/])|favicon\.ico)" /-->
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="^http://findnsave\.oregonlive\.com/+((join|login)($|[?/]))" /-->
+		<!--
+			Reference resources relative to root:
+								-->
+		<!--exclusion pattern="^http://media\.oregonlive\.com/+(design/alpha/css/adv-ziplist|static/(css/adv_footer|css/adv_toprail|olive/static/css/affiliate))\.css" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<securecookie host="^member\.oregonlive\.com$" name=".+" />
+
+
+	<rule from="^http://member\.oregonlive\.com/"
+		to="https://member.oregonlive.com/" />
+
+	<rule from="^http://findnsave\.oregonlive\.com/(?=(?:join|login)(?:$|[?/])|static/)"
+		to="https://oregonlive.findnsave.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Orez_Praw.com.xml b/src/chrome/content/rules/Orez_Praw.com.xml
new file mode 100644
index 000000000000..04307084c490
--- /dev/null
+++ b/src/chrome/content/rules/Orez_Praw.com.xml
@@ -0,0 +1,17 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+			 - www.orezpraw.com
+			 - a.mx.orezpraw.com
+			 - b.mx.orezpraw.com
+			 - a.ns.orezpraw.com
+			 - b.ns.orezpraw.com
+			 - portfolio.orezpraw.com
+-->
+<ruleset name="Orez Praw.com (partial)">
+	<target host="orezpraw.com" />
+
+	<securecookie host="^orezpraw\.com$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/OrgSync.com.xml b/src/chrome/content/rules/OrgSync.com.xml
new file mode 100644
index 000000000000..bf5709c12c11
--- /dev/null
+++ b/src/chrome/content/rules/OrgSync.com.xml
@@ -0,0 +1,16 @@
+<!--
+	www.orgsync.com: 503
+
+-->
+<ruleset name="OrgSync.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="orgsync.com" />
+	<target host="api.orgsync.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Organic_Consumers.org.xml b/src/chrome/content/rules/Organic_Consumers.org.xml
new file mode 100644
index 000000000000..e9617b53aeb4
--- /dev/null
+++ b/src/chrome/content/rules/Organic_Consumers.org.xml
@@ -0,0 +1,22 @@
+<!--
+	^organicconsumers.org: Refused
+
+-->
+<ruleset name="Organic Consumers.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.organicconsumers.org" />
+
+	<!--	Complications:
+				-->
+	<target host="organicconsumers.org" />
+
+
+	<rule from="^http://organicconsumers\.org/"
+		to="https://www.organicconsumers.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Organization_of_American_States.xml b/src/chrome/content/rules/Organization_of_American_States.xml
deleted file mode 100644
index 9033fa0dec2c..000000000000
--- a/src/chrome/content/rules/Organization_of_American_States.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	Problematic subdomains:
-
-		- cidh	(cert only matches www.cidh)
-		- ^	(cert only matches www)
-
--->
-<ruleset name="Organization of American States">
-
-	<target host="oas.org" />
-	<target host="*.oas.org" />
-
-
-	<securecookie host="^www\.(?:cidh\.)?oas\.org$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?(cidh\.)?oas\.org/"
-		to="https://www.$1oas.org/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Orgmode.org.xml b/src/chrome/content/rules/Orgmode.org.xml
new file mode 100644
index 000000000000..3176dea99a11
--- /dev/null
+++ b/src/chrome/content/rules/Orgmode.org.xml
@@ -0,0 +1,18 @@
+<!--
+	Nonfunctional hosts in *.orgmode.org:
+		- ask.orgmode.org (m)
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Orgmode.org">
+	<target host="orgmode.org" />
+	<target host="www.orgmode.org" />
+	<target host="beta.orgmode.org" />
+	<target host="code.orgmode.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Orgreen_Optics.com.xml b/src/chrome/content/rules/Orgreen_Optics.com.xml
new file mode 100644
index 000000000000..60945b3da64a
--- /dev/null
+++ b/src/chrome/content/rules/Orgreen_Optics.com.xml
@@ -0,0 +1,19 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://orgreenoptics.com/ => https://orgreenoptics.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.orgreenoptics.com/ => https://orgreenoptics.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	www: cert only matches ^orgreenoptics.com.
+
+-->
+<ruleset name="Orgreen Optics.com" default_off="failed ruleset test">
+
+	<target host="orgreenoptics.com" />
+	<target host="www.orgreenoptics.com" />
+
+
+	<rule from="^http://(?:www\.)?orgreenoptics\.com/"
+		to="https://orgreenoptics.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Origin.com.xml b/src/chrome/content/rules/Origin.com.xml
new file mode 100644
index 000000000000..2ccdfcd3e335
--- /dev/null
+++ b/src/chrome/content/rules/Origin.com.xml
@@ -0,0 +1,36 @@
+<!--
+	For other Electronic Arts coverage, see Electronic-Arts.xml.
+
+
+	^origin.com: Mismatched
+
+-->
+<ruleset name="Origin.com (partial)" default_off="Needs ruleset tests">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="activate.origin.com"/>
+	<target host="sso.origin.com"/>
+	<target host="store.origin.com"/>
+	<target host="www.origin.com"/>
+
+	<!--	Complications:
+				-->
+	<target host="origin.com"/>
+
+		<exclusion pattern="^http://store\.origin\.com/(?!DRHM/Storefront/Site/)" />
+		<exclusion pattern="^http://www\.origin\.com/(?!favicon\.ico)" />
+
+			<test url="http://www.origin.com/favicon.ico" />
+
+
+	<securecookie host="^sso\.origin\.com$" name=".+" />
+
+
+	<rule from="^http://origin\.com/"
+		to="https://www.origin.com/"/>
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Originar.io.xml b/src/chrome/content/rules/Originar.io.xml
new file mode 100644
index 000000000000..4c07c004a334
--- /dev/null
+++ b/src/chrome/content/rules/Originar.io.xml
@@ -0,0 +1,9 @@
+<ruleset name="Originar.io">
+	<target host="originar.io" />
+	<target host="www.originar.io" />
+	<target host="foodagency.originar.io" />
+	<target host="press.originar.io" />
+	<target host="shop.originar.io" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Orion.xml b/src/chrome/content/rules/Orion.xml
deleted file mode 100644
index 06a38aeefd60..000000000000
--- a/src/chrome/content/rules/Orion.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	www: 404
-
--->
-<ruleset name="Orion">
-
-	<target host="orionhub.org" />
-	<target host="www.orionhub.org" />
-
-
-	<rule from="^http://(?:www\.)?orionhub\.org/"
-		to="https://orionhub.org/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Orion_Magazine.org.xml b/src/chrome/content/rules/Orion_Magazine.org.xml
new file mode 100644
index 000000000000..f38bde1db6df
--- /dev/null
+++ b/src/chrome/content/rules/Orion_Magazine.org.xml
@@ -0,0 +1,10 @@
+<ruleset name="Orion Magazine.com">
+
+	<target host="orionmagazine.org" />
+	<target host="www.orionmagazine.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Orion_Systems_Integrators.xml b/src/chrome/content/rules/Orion_Systems_Integrators.xml
index 6b020e071706..4b50ae0ccebc 100644
--- a/src/chrome/content/rules/Orion_Systems_Integrators.xml
+++ b/src/chrome/content/rules/Orion_Systems_Integrators.xml
@@ -1,13 +1,20 @@
-<ruleset name="Orion Systems Integrators">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://orioninc.com/ => https://orioninc.com/: (51, "SSL: no alternative certificate subject name matches target host name 'orioninc.com'")
+Fetch error: http://time.orioninc.com/ => https://time.orioninc.com/: (6, 'Could not resolve host: time.orioninc.com')
+
+-->
+<ruleset name="Orion Systems Integrators" default_off="failed ruleset test">
 
 	<target host="orioninc.com" />
-	<target host="*.orioninc.com" />
+	<target host="time.orioninc.com" />
+	<target host="www.orioninc.com" />
 
 
 	<securecookie host="^(?:time)?\.orioninc\.com$" name=".+" />
 
 
-	<rule from="^http://(time\.|www\.)?orioninc\.com/"
-		to="https://$1orioninc.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Orkut.xml b/src/chrome/content/rules/Orkut.xml
index f25a82edabdd..ae2ab06f71c2 100644
--- a/src/chrome/content/rules/Orkut.xml
+++ b/src/chrome/content/rules/Orkut.xml
@@ -1,8 +1,17 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://a.orkut.gmodules.com/ => https://a.orkut.gmodules.com/: (51, "SSL: no alternative certificate subject name matches target host name 'a.orkut.gmodules.com'")
+Fetch error: http://orkut.co.in/ => https://orkut.co.in/: (6, 'Could not resolve host: orkut.co.in')
+Fetch error: http://www.orkut.co.in/ => https://www.orkut.co.in/: (6, 'Could not resolve host: www.orkut.co.in')
+Fetch error: http://orkut.com/ => https://orkut.com/: (35, 'Unknown SSL protocol error in connection to orkut.com:443 ')
+Fetch error: http://orkut.com.br/ => https://orkut.com.br/: (6, 'Could not resolve host: orkut.com.br')
+Fetch error: http://www.orkut.com.br/ => https://www.orkut.com.br/: (6, 'Could not resolve host: www.orkut.com.br')
+
 	For other Google coverage, see GoogleServices.xml.
 
 -->
-<ruleset name="Orkut (partial)">
+<ruleset name="Orkut (partial)" default_off="failed ruleset test">
 
 	<target host="a.orkut.gmodules.com" />
 	<target host="orkut.co.in" />
@@ -22,4 +31,4 @@
 	<rule from="^http://((?:demo|img\d|staging|www)\.)?orkut\.co(\.in|m|m\.br)/"
 		to="https://$1orkut.co$2/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Orkz.net.xml b/src/chrome/content/rules/Orkz.net.xml
new file mode 100644
index 000000000000..3df382677ca4
--- /dev/null
+++ b/src/chrome/content/rules/Orkz.net.xml
@@ -0,0 +1,39 @@
+<!--
+	Nonfunctional hosts in *orkz.net:
+
+		- (www.)? *
+		- portal *
+
+	* Dropped
+
+
+	Problematic hosts in *orkz.net:
+
+		- webmail *
+
+	* Handshake fails
+
+-->
+<ruleset name="Orkz.net (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="pod.orkz.net" />
+
+	<!--	Complications:
+				-->
+	<target host="webmail.orkz.net" />
+
+
+	<!--	Redirect drops path, args,
+		and forward slash:
+					-->
+	<rule from="^http://webmail\.orkz\.net/.*"
+		to="https://mail.google.com/a/orkz.net" />
+
+		<test url="http://webmail.orkz.net//index.php" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OrlandoCriminalDefenseAttorneyBlog.com.xml b/src/chrome/content/rules/OrlandoCriminalDefenseAttorneyBlog.com.xml
new file mode 100644
index 000000000000..e0167895854c
--- /dev/null
+++ b/src/chrome/content/rules/OrlandoCriminalDefenseAttorneyBlog.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="OrlandoCriminalDefenseAttorneyBlog.com">
+	<target host="orlandocriminaldefenseattorneyblog.com" />
+	<target host="www.orlandocriminaldefenseattorneyblog.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Oron.xml b/src/chrome/content/rules/Oron.xml
index fa9b1b4d29bc..689d22bf0ad5 100644
--- a/src/chrome/content/rules/Oron.xml
+++ b/src/chrome/content/rules/Oron.xml
@@ -1,4 +1,12 @@
-<ruleset name="Oron (partial)">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://secure.oron.com/ => https://secure.oron.com/: (7, 'Failed to connect to secure.oron.com port 443: Connection refused')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://secure.oron.com/ => https://secure.oron.com/: (7, 'Failed to connect to secure.oron.com port 443: Connection refused')
+-->
+<ruleset name="Oron (partial)" default_off="failed ruleset test">
 
 	<target host="oron.com"/>
 	<target host="secure.oron.com"/>
diff --git a/src/chrome/content/rules/OrthogonalPublishing.com.xml b/src/chrome/content/rules/OrthogonalPublishing.com.xml
new file mode 100644
index 000000000000..e3be8780997e
--- /dev/null
+++ b/src/chrome/content/rules/OrthogonalPublishing.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="OrthogonalPublishing.com">
+	<target host="orthogonalpublishing.com" />
+	<target host="www.orthogonalpublishing.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ortolo.eu.xml b/src/chrome/content/rules/Ortolo.eu.xml
index 42077121e94a..76628fd49f40 100644
--- a/src/chrome/content/rules/Ortolo.eu.xml
+++ b/src/chrome/content/rules/Ortolo.eu.xml
@@ -1,26 +1,29 @@
 <!--
-	^ortolo.eu doesn't exist.
-
-
-	Mixed content:
-
-		- css on tanguy from tanguy *
-
-		- Image on tanguy from tanguy *
-
-	* Secured by us
-
+	Invalid certificate:
+		ortolo.eu
+		files.ortolo.eu
+		herbert.ortolo.eu
+		photos.ortolo.eu
+		photos2.ortolo.eu
+		planet-catho.ortolo.eu
+		wells.ortolo.eu
 
 -->
-<ruleset name="Ortolo.eu (false MCB)" platform="cacert mixedcontent">
-
-	<target host="*.ortolo.eu" />
+<ruleset name="Ortolo.eu">
 
+	<target host="ortolo.eu" />
+	<target host="www.ortolo.eu" />
+	<target host="git.ortolo.eu" />
+	<target host="keys.ortolo.eu" />
+	<target host="listes.ortolo.eu" />
+	<target host="tanguy.ortolo.eu" />
 
 	<securecookie host="^tanguy\.ortolo\.eu$" name=".+" />
 
+	<rule from="^http://ortolo\.eu/"
+		to="https://www.ortolo.eu/" />
 
-	<rule from="^http://(tanguy|www)\.ortolo\.eu/"
-		to="https://$1.ortolo.eu/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Orxrdr.com.xml b/src/chrome/content/rules/Orxrdr.com.xml
index c454d92b7553..79e1c16c0cac 100644
--- a/src/chrome/content/rules/Orxrdr.com.xml
+++ b/src/chrome/content/rules/Orxrdr.com.xml
@@ -7,7 +7,6 @@
 	<target host="www.orxrdr.com" />
 
 
-	<rule from="^http://www\.orxrdr\.com/"
-		to="https://www.orxrdr.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Os-cillation-mismatches.xml b/src/chrome/content/rules/Os-cillation-mismatches.xml
index f1ac446b7af7..5944dc245ada 100644
--- a/src/chrome/content/rules/Os-cillation-mismatches.xml
+++ b/src/chrome/content/rules/Os-cillation-mismatches.xml
@@ -1,13 +1,35 @@
-<ruleset name="os-cillation.de (mismatches)" default_off="mismatch">
+<!--
+	Problematic hosts in *os-cillation.de:
+
+		- (www.)? ᶜ
+		- anfrage ᶜ
+		- mail ᵐ ˢ
+
+	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
+	ᵐ Mismatched
+	ˢ Self-signed
+
+
+	Insecure cookies are set for these hosts:
+
+		- anfrage.os-cillation.de
+
+-->
+<ruleset name="os-cillation.de (partial)" default_off="cert-chain">
 
-	<!--	cert: schweissgut.net	-->
 	<target host="os-cillation.de"/>
+	<target host="anfrage.os-cillation.de"/>
 	<target host="www.os-cillation.de"/>
 
-	<securecookie host="^www\.os-cilliation\.de$" name=".*"/>
 
-	<!--	!www redirects to www	-->
-	<rule from="^http://(?:www\.)?os-cillation\.de/"
-		to="https://www.os-cillation.de/"/>
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^anfrage\.os-cilliation\.de$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:"/>
 
 </ruleset>
diff --git a/src/chrome/content/rules/Os-cillation.xml b/src/chrome/content/rules/Os-cillation.xml
index f8ab3c953148..4d7536513b33 100644
--- a/src/chrome/content/rules/Os-cillation.xml
+++ b/src/chrome/content/rules/Os-cillation.xml
@@ -1,7 +1,15 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://schweissgut.net/ => https://schweissgut.net/: (51, "SSL: no alternative certificate subject name matches target host name 'schweissgut.net'")
+Fetch error: http://www.schweissgut.net/ => https://schweissgut.net/: (51, "SSL: no alternative certificate subject name matches target host name 'schweissgut.net'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://schweissgut.net/ => https://schweissgut.net/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.schweissgut.net/ => https://schweissgut.net/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 	See Os-cillation-mismatches.xml for problematic rules.
 -->
-<ruleset name="os-cillation (partial)">
+<ruleset name="os-cillation (partial)" default_off="failed ruleset test">
 
 	<target host="schweissgut.net"/>
 	<target host="www.schweissgut.net"/>
diff --git a/src/chrome/content/rules/Os3sec.org.xml b/src/chrome/content/rules/Os3sec.org.xml
deleted file mode 100644
index d840ddf58ed5..000000000000
--- a/src/chrome/content/rules/Os3sec.org.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="os3sec.org">
-
-	<target host="os3sec.org" />
-	<target host="www.os3sec.org" />
-
-
-	<rule from="^http://(www\.)?os3sec\.org/"
-		to="https://$1os3sec.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/OsCommerce.com.xml b/src/chrome/content/rules/OsCommerce.com.xml
new file mode 100644
index 000000000000..c0071d08204c
--- /dev/null
+++ b/src/chrome/content/rules/OsCommerce.com.xml
@@ -0,0 +1,27 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+			 - s7.oscommerce.com
+
+		SSL peer certificate was not OK:
+			 - addons.oscommerce.com
+			 - blogs.oscommerce.com
+			 - s6.oscommerce.com
+			 - shops.oscommerce.com
+			 - sig.oscommerce.com
+			 - translate.oscommerce.com
+-->
+<ruleset name="OsCommerce.com">
+	<target host="oscommerce.com" />
+	<target host="www.oscommerce.com" />
+	<target host="apps.oscommerce.com" />
+	<target host="demo.oscommerce.com" />
+	<target host="forums.oscommerce.com" />
+	<target host="library.oscommerce.com" />
+	<target host="sites.oscommerce.com" />
+	<target host="ssl.oscommerce.com" />
+
+	<securecookie host="^(www\.)?oscommerce\.com$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/OsCommerce.xml b/src/chrome/content/rules/OsCommerce.xml
deleted file mode 100644
index 7accc5ef72ee..000000000000
--- a/src/chrome/content/rules/OsCommerce.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<ruleset name="osCommerce" default_off="expired, mismatch, self-signed">
-
-	<target host="oscommerce.com"/>
-	<target host="*.oscommerce.com"/>
-		<exclusion pattern="^http://forums\."/>
-
-	<securecookie host="^(.*\.)?oscommerce\.com$" name=".*"/>
-
-	<rule from="^http://(?:www\.)oscommerce\.com/"
-		to="https://www.oscommerce.com/"/>
-
-	<!--	mismatches	-->
-	<rule from="^http://(addon|shop)s\.oscommerce\.com/"
-		to="https://$1.oscommerce.com/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Oschina.xml b/src/chrome/content/rules/Oschina.xml
deleted file mode 100644
index e53656d70ac1..000000000000
--- a/src/chrome/content/rules/Oschina.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- static	(shows www, CN: www.oschina.net)
-
--->
-<ruleset name="oschina (partial)" platform="mixedcontent">
-
-	<target host="oschina.net" />
-	<target host="*.oschina.net" />
-
-
-	<securecookie host="^\.oschina\.net$" name=".+" />
-
-
-	<rule from="^http://(www\.)?oschina\.net/"
-		to="https://$1oschina.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Oscigen.xml b/src/chrome/content/rules/Oscigen.xml
deleted file mode 100644
index cfe6f73be11c..000000000000
--- a/src/chrome/content/rules/Oscigen.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<ruleset name="Oscigen (CAcert)" platform="cacert">
-
-	<target host="oscigen.org"/>
-	<target host="www.oscigen.org"/>
-
-	<rule from="^http://(www\.)?oscigen\.org/"
-		to="https://oscigen.org/"/>
-
-	<securecookie host="^oscigen\.org$" name=".*"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Osdimg.com.xml b/src/chrome/content/rules/Osdimg.com.xml
new file mode 100644
index 000000000000..e0232cc04e52
--- /dev/null
+++ b/src/chrome/content/rules/Osdimg.com.xml
@@ -0,0 +1,11 @@
+<ruleset name="osdimg.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="l1.osdimg.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Oseems.com.xml b/src/chrome/content/rules/Oseems.com.xml
new file mode 100644
index 000000000000..af02b17952f6
--- /dev/null
+++ b/src/chrome/content/rules/Oseems.com.xml
@@ -0,0 +1,22 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://oseems.com/ => https://oseems.com/: Too many redirects while fetching 'https://oseems.com/'
+Fetch error: http://apps.oseems.com/ => https://apps.oseems.com/: Too many redirects while fetching 'https://apps.oseems.com/'
+
+-->
+<ruleset name="Oseems.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="oseems.com" />
+	<target host="apps.oseems.com" />
+	<target host="cdn.oseems.com" />
+	<target host="docs.oseems.com" />
+	<target host="www.oseems.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OshKosh.com.xml b/src/chrome/content/rules/OshKosh.com.xml
new file mode 100644
index 000000000000..91cd0dbe8f88
--- /dev/null
+++ b/src/chrome/content/rules/OshKosh.com.xml
@@ -0,0 +1,40 @@
+<!--
+	For other William Carter Company coverage, see Carters.com.xml.
+
+
+	Fully covered hosts in *oshkosh.com:
+
+		- (www.)?
+
+
+	These altnames don't exist:
+
+		- cdn.oshkosh.com
+
+
+	Insecure cookies are set for these hosts:
+
+		- oshkosh.com
+		- www.oshkosh.com
+
+-->
+<ruleset name="OshKosh.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="oshkosh.com" />
+	<target host="www.oshkosh.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?oshkosh\.com$" name="^dwsid$" /-->
+	<!--securecookie host="^www\.oshkosh\.com$" name="^(currentSite|dwac_[a-9a-zA-Z]{32}|dwanonymous_[\da-f]{32}|dwpersonalization_[\da-f]{32}|sid)$" /-->
+
+	<securecookie host="^www\.oshkosh\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OshkoshAirport.com.xml b/src/chrome/content/rules/OshkoshAirport.com.xml
new file mode 100644
index 000000000000..5fda2c0c9744
--- /dev/null
+++ b/src/chrome/content/rules/OshkoshAirport.com.xml
@@ -0,0 +1,14 @@
+<!--
+	Timed out:
+		- oshkoshairport.com, equivalent to www.oshkoshairport.com
+-->
+
+<ruleset name="OshkoshAirport.com">
+	<target host="oshkoshairport.com" />
+	<target host="www.oshkoshairport.com" />
+
+	<rule from="^http://oshkoshairport\.com/"
+		to="https://www.oshkoshairport.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/OsmAnd.CZ.xml b/src/chrome/content/rules/OsmAnd.CZ.xml
new file mode 100644
index 000000000000..f3856f63df39
--- /dev/null
+++ b/src/chrome/content/rules/OsmAnd.CZ.xml
@@ -0,0 +1,34 @@
+<!--
+	For other OsmAnd coverage, see OsmAnd.net.xml.
+
+
+	www: Mismatched
+
+
+	These altnames don't exist:
+
+		- forum.osmand.cz
+
+
+	Insecure cookies are set for these hosts:
+
+		- osmand.cz
+
+-->
+<ruleset name="OsmAnd.CZ">
+
+	<target host="osmand.cz" />
+	<target host="www.osmand.cz" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^osmand\.cz$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^osmand\.cz$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?osmand\.cz/"
+		to="https://osmand.cz/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OsmAnd.net.xml b/src/chrome/content/rules/OsmAnd.net.xml
new file mode 100644
index 000000000000..cdfebe58f0b7
--- /dev/null
+++ b/src/chrome/content/rules/OsmAnd.net.xml
@@ -0,0 +1,34 @@
+<!--
+	Other OsmAnd rulesets:
+		- OsmAnd.CZ.xml
+
+	Invalid certificate:
+		blog.osmand.net
+		dvr.osmand.net
+		jenkins.osmand.net
+		translate.osmand.net
+
+	Refused:
+		builder.osmand.net
+		dl2.osmand.net
+		dl3.osmand.net
+		mapnik.osmand.net
+		tile.osmand.net
+
+	Mixed content:
+		download.osmand.net
+
+-->
+<ruleset name="OsmAnd.net">
+
+	<target host="osmand.net" />
+	<target host="www.osmand.net" />
+	<target host="blog.osmand.net" />
+	<target host="dvr.osmand.net" />
+
+	<rule from="^http://(blog|dvr)\.osmand\.net/"
+		to="https://osmand.net/$1" />
+
+	<rule from="^http:"	to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Osmo.xml b/src/chrome/content/rules/Osmo.xml
new file mode 100644
index 000000000000..d7bdc8695d49
--- /dev/null
+++ b/src/chrome/content/rules/Osmo.xml
@@ -0,0 +1,15 @@
+<!--
+	Non-functional subdomain:
+		- blog		(connection refused)
+-->
+<ruleset name="Osmo (partial)">
+	<target host=      "playosmo.com" />
+	<target host=   "my.playosmo.com" />
+	<target host="store.playosmo.com" />
+	<target host=  "www.playosmo.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Osmocom.org-problematic.xml b/src/chrome/content/rules/Osmocom.org-problematic.xml
deleted file mode 100644
index d893db85c006..000000000000
--- a/src/chrome/content/rules/Osmocom.org-problematic.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	For rules that are on by default, see Osmocom.org.xml.
-
--->
-<ruleset name="Osmocom.org (mismatched)" default_off="mismatched">
-
-	<target host="openbsc.osmocom.org" />
-	<target host="tetra.osmocom.org" />
-
-
-	<securecookie host=".+\.osmocom\.org$" name=".+" />
-
-
-	<rule from="^http://(openbsc|tetra)\.osmocom\.org/"
-		to="https://$1.osmocom.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Osmocom.org.xml b/src/chrome/content/rules/Osmocom.org.xml
index 566ac2fed0f4..5ed7b601fa86 100644
--- a/src/chrome/content/rules/Osmocom.org.xml
+++ b/src/chrome/content/rules/Osmocom.org.xml
@@ -1,74 +1,42 @@
 <!--
-	For problematic rules, see Osmocom.org-problematic.xml.
+	Time out:
+		dect.osmocom.org
 
+	Refused:
+		op25.osmocom.org
+		people.osmocom.org
 
-	Nonfunctional subdomains:
-
-		- (www.) *
-		- cgit *
-		- git *
-		- live *
-		- op25		(refused)
-		- planet	(redirects to admin-trac.openmoko.org; expired 2010-01-16, mismatched, CN: daksha.openmoko.org)
-
-	* Shows bb; mismatched, CN: bs11-abis.gnumonks.org
-
-
-	Problematic subdomains:
-
-		- openbsc *
-		- qc		(data differ)
-		- tetra *
-
-	* Works; mismatched, CN: bs11-abis.gnumonks.org
-
-
-	Fully covered subdomains:
-
-		- bb
-		- gmr
-		- lists
-		- sdr
-		- security
-		- simtrace
-
-
-	Observed cookie domains:
-
-		- bb
-		- gmr
-		- openbsc
-		- sdr
-		- security
-		- tetra
-
-
-	Mixed content:
-
-		- css, on:
-
-			- gmr from ^ *
-
-		- Images, on:
-
-			- gmr from bb *
-			- gmr from i.creativecommons.org *
-
-	* Secured by us
-
-
-	css from ^ has negligible effect.
+	Invalid certificate:
+		live.osmocom.org
+		planet.osmocom.org
+		qc.osmocom.org
+		simtrace.osmocom.org
+		tacdb.osmocom.org
+		umtrx.osmocom.org
 
 -->
-<ruleset name="Osmocom.org (partial)" platform="cacert">
-
-	<target host="*.osmocom.org" />
-
-
-	<securecookie host="^(?:bb|gmr|sdr)\.osmocom\.org$" name=".+" />
-
-
-	<rule from="^http://(bb|gmr|lists|sdr|security|simtrace)\.osmocom\.org/"
-		to="https://$1.osmocom.org/" />
+<ruleset name="Osmocom.org">
+
+	<target host="osmocom.org" />
+	<target host="www.osmocom.org" />
+	<target host="bb.osmocom.org" />
+	<target host="cgit.osmocom.org" />
+	<target host="gerrit.osmocom.org" />
+	<target host="git.osmocom.org" />
+	<target host="gmr.osmocom.org" />
+	<target host="jenkins.osmocom.org" />
+	<target host="lists.osmocom.org" />
+	<target host="openbsc.osmocom.org" />
+	<target host="patchwork.osmocom.org" />
+	<target host="projects.osmocom.org" />
+	<target host="sdr.osmocom.org" />
+	<target host="security.osmocom.org" />
+	<target host="terminal-profile.osmocom.org" />
+	<target host="tetra.osmocom.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Ossec.net.xml b/src/chrome/content/rules/Ossec.net.xml
new file mode 100644
index 000000000000..6d2f10bd3370
--- /dev/null
+++ b/src/chrome/content/rules/Ossec.net.xml
@@ -0,0 +1,19 @@
+<!--
+	Nonfunctional hosts in *.ossec.net:
+		- ossec.net (m)
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Ossec.net">
+	<target host="ossec.net" />
+	<target host="www.ossec.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://ossec\.net/" to="https://www.ossec.net/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ostagram.ru.xml b/src/chrome/content/rules/Ostagram.ru.xml
new file mode 100644
index 000000000000..c2eb1fb17675
--- /dev/null
+++ b/src/chrome/content/rules/Ostagram.ru.xml
@@ -0,0 +1,9 @@
+<ruleset name="Ostagram.ru">
+
+	<target host="ostagram.ru" />
+	<target host="www.ostagram.ru" />
+	<target host="files2.ostagram.ru" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Otaku_Mode.com.xml b/src/chrome/content/rules/Otaku_Mode.com.xml
new file mode 100644
index 000000000000..0dd857d91976
--- /dev/null
+++ b/src/chrome/content/rules/Otaku_Mode.com.xml
@@ -0,0 +1,39 @@
+<ruleset name="Otaku Mode.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="otakumode.com" />
+	<target host="www.otakumode.com" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://otakumode\.com/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://otakumode\.com/+(?!css/|favicon\.ico|images/|(?:login|signup)(?:$|[?/]))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://otakumode.com/about" />
+			<test url="http://otakumode.com/gallery" />
+			<test url="http://otakumode.com/letter" />
+			<test url="http://otakumode.com/news" />
+			<test url="http://otakumode.com/release" />
+			<test url="http://otakumode.com/shop/new_items" />
+			<test url="http://otakumode.com/sp/visit_japan" />
+			<test url="http://otakumode.com/wishlist" />
+
+			<!--	-ve:
+					-->
+			<test url="http://otakumode.com/css/shop.min.css" />
+			<test url="http://otakumode.com/favicon.ico" />
+			<test url="http://otakumode.com/images/common/bg.png" />
+			<test url="http://otakumode.com/login" />
+			<test url="http://otakumode.com/signup" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Otavamedia.xml b/src/chrome/content/rules/Otavamedia.xml
index 957a19185a16..763cfa427bde 100644
--- a/src/chrome/content/rules/Otavamedia.xml
+++ b/src/chrome/content/rules/Otavamedia.xml
@@ -1,4 +1,16 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://aulis.plaza.fi/ => https://aulis.plaza.fi/: (6, 'Could not resolve host: aulis.plaza.fi')
+Fetch error: http://www.plazakauppa.fi/ => https://www.plazakauppa.fi/: (7, 'Failed to connect to www.plazakauppa.fi port 443: Connection refused')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://kuvalehdet.fi/ => https://www.otavamedia.fi/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.kuvalehdet.fi/ => https://www.otavamedia.fi/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://otavamedia.fi/ => https://www.otavamedia.fi/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.otavamedia.fi/ => https://www.otavamedia.fi/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://aulis.plaza.fi/ => https://aulis.plaza.fi/: Cycle detected - URL already encountered: https://aulis.plaza.fi/
+Fetch error: http://www.plazakauppa.fi/ => https://www.plazakauppa.fi/: (28, 'Connection timed out after 10001 milliseconds')
 	!functional:
 		- (www.)dome.fi			(cert: aulis.plaza.fi)
 		- (www.)kirjakerho.fi
@@ -15,7 +27,7 @@
 		- (www.)plaza.fi		(ditto)
 
 -->
-<ruleset name="Otavamedia (partial)" platform="mixedcontent">
+<ruleset name="Otavamedia (partial)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="kuvalehdet.fi"/>
 	<target host="www.kuvalehdet.fi"/>
@@ -25,7 +37,7 @@
 	<target host="plazakauppa.fi"/>
 	<target host="www.plazakauppa.fi"/>
 
-	<securecookie host="^www\.plazakauppa\.fi$" name=".*"/>
+	<securecookie host="^www\.plazakauppa\.fi$" name=".+" />
 
 	<!--	(www.)kuv... redirects to www.oct...
 		cert is not valid for !www.oct...	-->
diff --git a/src/chrome/content/rules/Ote.xml b/src/chrome/content/rules/Ote.xml
new file mode 100644
index 000000000000..ee5500e10286
--- /dev/null
+++ b/src/chrome/content/rules/Ote.xml
@@ -0,0 +1,26 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://adman.otenet.gr/ => https://adman.otenet.gr/: (28, 'Connection timed out after 20004 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://adman.otenet.gr/ => https://adman.otenet.gr/: (7, 'Failed to connect to adman.otenet.gr port 443: No route to host')
+Fetch error: http://ote.gr/ => https://ote.gr/: (51, "SSL: no alternative certificate subject name matches target host name 'ote.gr'") This ruleset is experimental. If you experience problems please
+	 open an issue at https://github.com/kargig/https-everywhere-greek-rules -->
+
+<ruleset name="OTE" default_off="failed ruleset test">
+  <target host="adman.otenet.gr" />
+  <target host="corpmail.otenet.gr" />
+  <target host="domainmanager.otenet.gr" />
+  <target host="managedservices.otenet.gr" />
+  <target host="my.otenet.gr" />
+  <target host="ps.otenet.gr" />
+  <target host="tools.otenet.gr" />
+  <target host="ote.gr" />
+  <target host="11888.ote.gr" />
+  <target host="www.ote.gr" />
+	<securecookie host=".+" name=".+"/>
+
+  <rule from="^http://((adman|corpmail|ps|domainmanager|managedservices|tools|my)\.)?otenet\.gr/" to="https://$1otenet.gr/"/>
+  <rule from="^http://((www|11888)\.)?ote\.gr/" to="https://$1ote.gr/"/>
+</ruleset>
diff --git a/src/chrome/content/rules/Otpbank.ru.xml b/src/chrome/content/rules/Otpbank.ru.xml
new file mode 100644
index 000000000000..2cd25fe58424
--- /dev/null
+++ b/src/chrome/content/rules/Otpbank.ru.xml
@@ -0,0 +1,71 @@
+<!--
+credbroker.otpbank.ru ²
+credbrokertst.otpbank.ru ⁴
+credit.otpbank.ru ¹
+da.otpbank.ru ¹
+direct.otpbank.ru ¹
+www.direkt.otpbank.ru ¹
+dpk1.otpbank.ru ¹
+ibank.dvf.otpbank.ru ³
+en.otpbank.ru ¹
+iline.otpbank.ru ²
+info.otpbank.ru ¹
+jira.otpbank.ru ²
+mailpost.otpbank.ru ²
+mg1.otpbank.ru ³
+mg2.otpbank.ru ³
+my.otpbank.ru ³
+ibank.nvrsk.otpbank.ru ³
+old.otpbank.ru ⁶
+omsk.otpbank.ru ⁷
+dove.omsk.otpbank.ru ³
+pk8-test.otpbank.ru ⁴
+risks.otpbank.ru ⁴
+siebel-activex.otpbank.ru ⁴
+smg1.otpbank.ru ³
+smg2.otpbank.ru ³
+sprint8.otpbank.ru ⁴
+stime.otpbank.ru ²
+test-anketa.otpbank.ru ¹
+testdirekt.otpbank.ru ¹
+testdirekt2.otpbank.ru ³
+tst.otpbank.ru ⁴
+webtutor.otpbank.ru ³
+jira.otpbank.ru:8080 ⁷
+tallyman-web.otpbank.ru:8443 ³
+otptrader.otpbank.ru different content
+
+
+¹ mismatch
+² refused
+³ timed out
+⁴ self signed
+⁶ redirect
+⁷ protocol error
+-->
+<ruleset name="otpbank.ru">
+	<target host="otpbank.ru" />
+	<target host="www.otpbank.ru" />
+	<target host="3ds.otpbank.ru" />
+	<target host="afraud.otpbank.ru" />
+	<target host="anketa.otpbank.ru" />
+	<target host="bpm.otpbank.ru" />
+	<target host="direkt.otpbank.ru" />
+	<target host="domino.otpbank.ru" />
+	<target host="dpk.otpbank.ru" />
+	<target host="ibank.otpbank.ru" />
+	<target host="informer.otpbank.ru" />
+	<target host="inotes.otpbank.ru" />
+	<target host="kss.otpbank.ru" />
+	<target host="ma.otpbank.ru" />
+	<target host="mailbox.otpbank.ru" />
+	<target host="mobile.otpbank.ru" />
+	<target host="mpi.otpbank.ru" />
+	<target host="pk8.otpbank.ru" />
+	<target host="pk9.otpbank.ru" />
+	<target host="pretenzii.otpbank.ru" />
+	<target host="sc.otpbank.ru" />
+	<target host="ts-gw.otpbank.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Otpdirekt.sk.xml b/src/chrome/content/rules/Otpdirekt.sk.xml
new file mode 100644
index 000000000000..eeb0ecc0a9a1
--- /dev/null
+++ b/src/chrome/content/rules/Otpdirekt.sk.xml
@@ -0,0 +1,16 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://otpdirekt.sk/ => https://www.otpdirekt.sk/: (51, "SSL: no alternative certificate subject name matches target host name 'www.otpdirekt.sk'")
+Fetch error: http://www.otpdirekt.sk/ => https://www.otpdirekt.sk/: (51, "SSL: no alternative certificate subject name matches target host name 'www.otpdirekt.sk'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://otpdirekt.sk/ => https://www.otpdirekt.sk/: (6, 'Could not resolve host: otpdirekt.sk')
+Fetch error: http://www.otpdirekt.sk/ => https://www.otpdirekt.sk/: (51, "SSL: no alternative certificate subject name matches target host name 'www.otpdirekt.sk'")
+-->
+<ruleset name="Otpdirekt.sk" default_off="failed ruleset test">
+  <target host="otpdirekt.sk" />
+  <target host="www.otpdirekt.sk" />
+
+  <rule from="^http://(?:www\.)?otpdirekt\.sk/" to="https://www.otpdirekt.sk/" />
+</ruleset>
diff --git a/src/chrome/content/rules/Otrojah.org.xml b/src/chrome/content/rules/Otrojah.org.xml
new file mode 100644
index 000000000000..889671072f18
--- /dev/null
+++ b/src/chrome/content/rules/Otrojah.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="Otrojah.org">
+	<target host="otrojah.org" />
+	<target host="www.otrojah.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Otrs.com.xml b/src/chrome/content/rules/Otrs.com.xml
new file mode 100644
index 000000000000..8d524e3106a8
--- /dev/null
+++ b/src/chrome/content/rules/Otrs.com.xml
@@ -0,0 +1,32 @@
+<!--
+	Other Otrs rulesets:
+		- Otrs.org.xml
+
+	Nonfunctional hosts in *.otrs.com:
+		- www.otrs.com (m)
+		- enzian.otrs.com (m)
+		- *.virtual.otrs.com (m, wildcard DNS record)
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Otrs.com">
+	<target host="otrs.com" />
+	<target host="www.otrs.com" />
+	<target host="blog.otrs.com" />
+	<target host="cloud.otrs.com" />
+	<target host="community.otrs.com" />
+	<target host="corporate.otrs.com" />
+	<target host="doc.otrs.com" />
+	<target host="nussberg.otrs.com" />
+	<target host="portal.otrs.com" />
+	<target host="virtual.otrs.com" />
+	<target host="wiki.otrs.com" />
+	<target host="zimbra.otrs.com" />
+
+	<rule from="^http://www\.otrs\.com/" to="https://otrs.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Otrs.org.xml b/src/chrome/content/rules/Otrs.org.xml
new file mode 100644
index 000000000000..1a48d8d39c56
--- /dev/null
+++ b/src/chrome/content/rules/Otrs.org.xml
@@ -0,0 +1,24 @@
+<!--
+	Other Otrs rulesets:
+		- Otrs.com.xml
+
+	Nonfunctional hosts in *.otrs.org:
+		- doc.otrs.org (404)
+		- dev.otrs.org (404)
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Otrs.org">
+	<target host="otrs.org" />
+	<target host="www.otrs.org" />
+	<target host="blog.otrs.org" />
+	<target host="bugs.otrs.org" />
+	<target host="lists.otrs.org" />
+
+	<rule from="^http://www\.otrs\.org/" to="https://otrs.org/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Otsuka-shokai.co.jp.xml b/src/chrome/content/rules/Otsuka-shokai.co.jp.xml
new file mode 100644
index 000000000000..72d0ea7eb858
--- /dev/null
+++ b/src/chrome/content/rules/Otsuka-shokai.co.jp.xml
@@ -0,0 +1,35 @@
+<!--
+	Other Otsuka Corporation rulesets:
+
+		- P-tano.com.xml
+		- Tanomail.com.xml
+
+
+	^: cert only matches www
+
+
+	Mixed content:
+
+		- Images on www from $self *
+
+		- favicon on campaign from www *
+
+		- Bugs on www from sdc *
+
+	* Secured by us
+
+-->
+<ruleset name="Otsuka-shokai.co.jp">
+
+	<target host="otsuka-shokai.co.jp" />
+	<target host="www.otsuka-shokai.co.jp" />
+	<target host="campaign.otsuka-shokai.co.jp" />
+	<target host="sdc.otsuka-shokai.co.jp" />
+
+
+	<rule from="^http://(?:www\.)?otsuka-shokai\.co\.jp/"
+		to="https://www.otsuka-shokai.co.jp/" />
+
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Otto.de.xml b/src/chrome/content/rules/Otto.de.xml
new file mode 100644
index 000000000000..bd4b30c2cbff
--- /dev/null
+++ b/src/chrome/content/rules/Otto.de.xml
@@ -0,0 +1,22 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://pxc.otto.de/ => https://pxc.otto.de/: Pycurl fetch failed for 'https://pxc.otto.de/'
+
+	Mismatch:
+		- affiliate.otto.de
+		- rot4.otto.de
+-->
+<ruleset name="Otto.de" default_off="failed ruleset test">
+	<target host="otto.de" />
+	<target host="www.otto.de" />
+	<target host="ats.otto.de" />
+	<target host="dev.otto.de" />
+	<target host="images.otto.de" />
+	<target host="job.otto.de" />
+	<target host="pxc.otto.de" />
+	<target host="assets.cdn-otto.de" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ottospora.nl.xml b/src/chrome/content/rules/Ottospora.nl.xml
deleted file mode 100644
index be8a37728f6d..000000000000
--- a/src/chrome/content/rules/Ottospora.nl.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!-- This rule was automatically generated based on an HSTS
-     preload rule in the Chromium browser.  See 
-     https://src.chromium.org/viewvc/chrome/trunk/src/net/base/transport_security_state.cc
-     for the list of preloads.  Sites are added to the Chromium HSTS
-     preload list on request from their administrators, so HTTPS should
-     work properly everywhere on this site.
- 
-     Because Chromium and derived browsers automatically force HTTPS for
-     every access to this site, this rule applies only to Firefox. -->
-<ruleset name="Ottospora.nl" platform="firefox">
-  <target host="ottospora.nl" />
-  <target host="www.ottospora.nl" />
-
-  <securecookie host="^ottospora\.nl$" name=".+" />
-  <securecookie host="^www\.ottospora\.nl$" name=".+" />
-
-  <rule from="^http://ottospora\.nl/" to="https://ottospora.nl/" />
-  <rule from="^http://www\.ottospora\.nl/" to="https://www.ottospora.nl/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Otumm.com.xml b/src/chrome/content/rules/Otumm.com.xml
new file mode 100644
index 000000000000..c47e01a96aa8
--- /dev/null
+++ b/src/chrome/content/rules/Otumm.com.xml
@@ -0,0 +1,46 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://otumm.com/ => https://otumm.com/: (60, 'SSL certificate problem: self signed certificate')
+Fetch error: http://www.otumm.com/ => https://otumm.com/: (60, 'SSL certificate problem: self signed certificate')
+
+	www.otumm.com: Mismatched
+
+
+	Insecure cookies are set for these otumm.com:
+
+		- otumm.com
+
+
+	Mixed content:
+
+		- css from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Otumm.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="otumm.com" />
+
+	<!--	Complications:
+				-->
+	<target host="www.otumm.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^otumm\.com$" name="^addis_es$" /-->
+
+	<securecookie host="^otumm\.com$" name=".+" />
+
+
+	<rule from="^http://www\.otumm\.com/"
+		to="https://otumm.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ouaza.com.xml b/src/chrome/content/rules/Ouaza.com.xml
new file mode 100644
index 000000000000..0d379e6dadc9
--- /dev/null
+++ b/src/chrome/content/rules/Ouaza.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="Ouaza.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ouaza.com" />
+	<target host="www.ouaza.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Oui-FM.xml b/src/chrome/content/rules/Oui-FM.xml
deleted file mode 100644
index 8bf2b4039037..000000000000
--- a/src/chrome/content/rules/Oui-FM.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- bringthenoise
-		- laradiodelamer
-		- rock
-
--->
-<ruleset name="Ouï FM (partial)">
-
-	<target host="ouifm.fr" />
-	<target host="www.ouifm.fr" />
-
-
-	<securecookie host="^www\.ouifm\.fr$" name=".+" />
-
-
-	<!--	!www cert: *.nfadmin.net
-					-->
-	<rule from="^https?://(?:www\.)?ouifm\.fr/"
-		to="https://www.ouifm.fr/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/OuiFM.fr.xml b/src/chrome/content/rules/OuiFM.fr.xml
new file mode 100644
index 000000000000..cd69fea166f8
--- /dev/null
+++ b/src/chrome/content/rules/OuiFM.fr.xml
@@ -0,0 +1,27 @@
+<!--
+	Refused:
+		bringthenoise.ouifm.fr
+		emploi.ouifm.fr
+		festival.ouifm.fr
+		laradiodelamer.ouifm.fr
+		podcast.ouifm.fr
+		presse.ouifm.fr
+
+	Tim out:
+		player.ouifm.fr
+		rock.ouifm.fr
+
+	Invalid certificate:
+		l.ouifm.fr
+
+-->
+<ruleset name="OÜI FM">
+
+	<target host="ouifm.fr" />
+	<target host="www.ouifm.fr" />
+
+	<securecookie host="^www\.ouifm\.fr$" name=".+" />
+
+	<rule from="^http:"	to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Oumedicine.com.xml b/src/chrome/content/rules/Oumedicine.com.xml
new file mode 100644
index 000000000000..8a06f21ceb21
--- /dev/null
+++ b/src/chrome/content/rules/Oumedicine.com.xml
@@ -0,0 +1,22 @@
+<!--
+	Invalid certificate:
+		childrenslibrary.oumedicine.com
+		definingmedicine.oumedicine.com
+		library.oumedicine.com
+		secure.oumedicine.com
+
+-->
+<ruleset name="OU Medicine" default_off="cert-chain">
+
+	<target host="oumedicine.com" />
+	<target host="www.oumedicine.com" />
+	<target host="aliveandwell.oumedicine.com" />
+	<target host="careers.oumedicine.com" />
+	<target host="findadoc.oumedicine.com" />
+
+	<securecookie host="^www\.oumedicine\.com$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Oumedicine.staywellsolutionsonline.com.xml b/src/chrome/content/rules/Oumedicine.staywellsolutionsonline.com.xml
new file mode 100644
index 000000000000..305a0a478465
--- /dev/null
+++ b/src/chrome/content/rules/Oumedicine.staywellsolutionsonline.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="Oumedicine.staywellsolutionsonline.com">
+	<target host=    "oumedicine.staywellsolutionsonline.com"/>
+	<target host="www.oumedicine.staywellsolutionsonline.com"/>
+	<rule from="^http://www\.oumedicine\.staywellsolutionsonline\.com/"
+		to="https://oumedicine.staywellsolutionsonline.com/"/>
+	<rule from="^http:"
+		to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/Oumma.com.xml b/src/chrome/content/rules/Oumma.com.xml
new file mode 100644
index 000000000000..54d83492083a
--- /dev/null
+++ b/src/chrome/content/rules/Oumma.com.xml
@@ -0,0 +1,11 @@
+<ruleset name="Oumma.com">
+	<target host="oumma.com" />
+	<target host="www.oumma.com" />
+	<target host="annuaire.oumma.com" />
+	<target host="coran.oumma.com" />
+	<target host="priere.oumma.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ouo.xml b/src/chrome/content/rules/Ouo.xml
new file mode 100644
index 000000000000..01c56987bf6d
--- /dev/null
+++ b/src/chrome/content/rules/Ouo.xml
@@ -0,0 +1,12 @@
+<ruleset name="Ouo">
+	<target host="ouo.io" />
+	<target host="cdn.ouo.io" />
+	<target host="www.ouo.io" />
+	<target host="ouo.press" />
+	<target host="cdn.ouo.press" />
+	<target host="www.ouo.press" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Our-Hometown.xml b/src/chrome/content/rules/Our-Hometown.xml
index 2e9603f33092..a19c18483981 100644
--- a/src/chrome/content/rules/Our-Hometown.xml
+++ b/src/chrome/content/rules/Our-Hometown.xml
@@ -1,15 +1,23 @@
-<ruleset name="Our Hometown">
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://our-hometown.com/ (200) => https://www.our-hometown.com/ (403)
+
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://our-hometown.com/ (200) => https://www.our-hometown.com/ (401)
+-->
+<ruleset name="Our Hometown" default_off="failed ruleset test">
 
 	<target host="our-hometown.com" />
-	<target host="*.our-hometown.com" />
+	<target host="www.our-hometown.com" />
 
 
-	<securecookie host="^\.our-hometown\.com$" name=".*" />
+	<securecookie host="^\.our-hometown\.com$" name=".+" />
 
 
 	<!--	Cert only matches *.our-hometown.com.
 							-->
-	<rule from="^https?://(?:www\.)?our-hometown\.com/"
+	<rule from="^http://(?:www\.)?our-hometown\.com/"
 		to="https://www.our-hometown.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/OurCommonPlace.xml b/src/chrome/content/rules/OurCommonPlace.xml
index 94063f1a01cb..ddf47fdb1c66 100644
--- a/src/chrome/content/rules/OurCommonPlace.xml
+++ b/src/chrome/content/rules/OurCommonPlace.xml
@@ -1,13 +1,23 @@
-<ruleset name="OurCommonPlace">
 
-	<target host="ourcommonplace.com" />
-	<target host="*.ourcommonplace.com" />
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.ourcommonplace.com/ => https://www.ourcommonplace.com/: (28, 'Connection timed out after 20008 milliseconds')
+
+	^ourcommonplace.com: 522 over http & https
+
+-->
+<ruleset name="OurCommonPlace.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<!--target host="ourcommonplace.com" /-->
+	<target host="www.ourcommonplace.com" />
 
 
 	<securecookie host="^\.ourcommonplace.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?ourcommonplace\.com/"
-		to="https://$1ourcommonplace.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/OurCommons.ca.xml b/src/chrome/content/rules/OurCommons.ca.xml
new file mode 100644
index 000000000000..8b6746a4f174
--- /dev/null
+++ b/src/chrome/content/rules/OurCommons.ca.xml
@@ -0,0 +1,14 @@
+<!--
+	Related ruleset: NosCommunes.ca.xml
+-->
+<ruleset name="OurCommons.ca">
+	<target host="ourcommons.ca" />
+	<target host="www.ourcommons.ca" />
+	<target host="apps.ourcommons.ca" />
+	<target host="petitions.ourcommons.ca" />
+	<target host="subscription.ourcommons.ca" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/OurWorldOfText.com.xml b/src/chrome/content/rules/OurWorldOfText.com.xml
new file mode 100644
index 000000000000..e1c7e611945d
--- /dev/null
+++ b/src/chrome/content/rules/OurWorldOfText.com.xml
@@ -0,0 +1,15 @@
+<!--
+	Expired:
+		- mail
+		- mta-sts.mail
+		- test
+		- server
+-->
+<ruleset name="OurWorldOfText.com">
+	<target host="ourworldoftext.com" />
+	<target host="www.ourworldoftext.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Our_Tesco.com.xml b/src/chrome/content/rules/Our_Tesco.com.xml
new file mode 100644
index 000000000000..b4d65d34fe78
--- /dev/null
+++ b/src/chrome/content/rules/Our_Tesco.com.xml
@@ -0,0 +1,17 @@
+<!--
+	For other Tesco coverage, see Tesco.xml.
+
+
+	^: cert only matches www
+
+-->
+<ruleset name="Our Tesco.com">
+
+	<target host="ourtesco.com" />
+	<target host="www.ourtesco.com" />
+
+
+	<rule from="^http://(?:www\.)?ourtesco\.com/"
+		to="https://www.ourtesco.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ourlocality.org.xml b/src/chrome/content/rules/Ourlocality.org.xml
index f7e4d49aebb9..c6ddab4c2936 100644
--- a/src/chrome/content/rules/Ourlocality.org.xml
+++ b/src/chrome/content/rules/Ourlocality.org.xml
@@ -1,10 +1,33 @@
-<ruleset name="ourlocality.org" default_off="Certificate mismatch">
+<!--
+	Invalid certificate:
+		archive.ourlocality.org
+		www.archive.ourlocality.org
+		whatson.in.ourlocality.org
+		www.whatson.in.ourlocality.org
+		leftblank.ourlocality.org
+		www.leftblank.ourlocality.org
+		letsimprove.ourlocality.org
+		www.letsimprove.ourlocality.org
+		network.ourlocality.org
+		www.network.ourlocality.org
+		plugins.ourlocality.org
+		www.plugins.ourlocality.org
+		search.ourlocality.org
+		www.search.ourlocality.org
+
+-->
+<ruleset name="ourlocality.org">
 
 	<target host="ourlocality.org" />
-	<target host="support.ourlocality.org" />
 	<target host="www.ourlocality.org" />
+	<target host="news.ourlocality.org" />
+	<target host="www.news.ourlocality.org" />
+	<target host="support.ourlocality.org" />
+	<target host="www.support.ourlocality.org" />
+	<target host="new.to.ourlocality.org" />
+	<target host="www.new.to.ourlocality.org" />
 
-	<rule from="^http://(www\.)?(support\.)?ourlocality\.org/"
-		to="https://$2ourlocality.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Ourneighborhoodmilf.com.xml b/src/chrome/content/rules/Ourneighborhoodmilf.com.xml
new file mode 100644
index 000000000000..cab6eba31b91
--- /dev/null
+++ b/src/chrome/content/rules/Ourneighborhoodmilf.com.xml
@@ -0,0 +1,20 @@
+<!--
+	Mixed content:
+
+		- Images on secure from s1.cdncontents.com
+
+-->
+<ruleset name="ourneighborhoodmilf.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="secure.ourneighborhoodmilf.com" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Out-Law.com.xml b/src/chrome/content/rules/Out-Law.com.xml
new file mode 100644
index 000000000000..9c317322bbeb
--- /dev/null
+++ b/src/chrome/content/rules/Out-Law.com.xml
@@ -0,0 +1,30 @@
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://out-law.com/ => https://www.out-law.com/: Cycle detected - URL already encountered: https://www.out-law.com/en/
+Fetch error: http://www.out-law.com/ => https://www.out-law.com/: Cycle detected - URL already encountered: https://www.out-law.com/en/
+	^: 404
+
+
+	Mixed content:
+
+		- css from f.fontdeck.com *
+
+		- Ads from www.pinsentmasons.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Out-Law.com">
+
+	<target host="out-law.com" />
+	<target host="www.out-law.com" />
+	<target host="www.pinsentmasons.com" />
+
+
+	<rule from="^http://(?:www\.)?out-law\.com/"
+		to="https://www.out-law.com/" />
+
+	<rule from="^http://www\.pinsentmasons\.com/(?=mediafiles/)"
+		to="https://www.out-law.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Out-of-Control.xml b/src/chrome/content/rules/Out-of-Control.xml
index a5fe0d6c7e97..58d8d47d2a32 100644
--- a/src/chrome/content/rules/Out-of-Control.xml
+++ b/src/chrome/content/rules/Out-of-Control.xml
@@ -4,11 +4,10 @@
 	<target host="www.outofcontrol.ca" />
 
 
-	<securecookie host="^outofcontrol\.ca$" name=".*" />
+	<securecookie host="^outofcontrol\.ca$" name=".+" />
 
 
 	<!--	Cert only matches //outofcontrol.ca	-->
-	<rule from="^https?://(?:www\.)?outofcontrol\.ca/"
-		to="https://outofcontrol.ca/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/OutWit.com.xml b/src/chrome/content/rules/OutWit.com.xml
new file mode 100644
index 000000000000..2532e7c6897f
--- /dev/null
+++ b/src/chrome/content/rules/OutWit.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Nonfunctional subdomains:
+
+		- blog *
+
+	* Shows www
+
+
+	^: http reply
+
+-->
+<ruleset name="OutWit.com (partial)">
+
+	<target host="outwit.com" />
+	<target host="www.outwit.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<securecookie host="^\.outwit\.com$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?outwit\.com/"
+		to="https://www.outwit.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Out_Campaign.org.xml b/src/chrome/content/rules/Out_Campaign.org.xml
deleted file mode 100644
index d3902a683887..000000000000
--- a/src/chrome/content/rules/Out_Campaign.org.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<!--
-	For other Richard Dawkins Foundation coverage, see Richard-Dawkins-Foundation.xml.
-
-
-	Problematic domains:
-
-		- (www.)outcampaign.org *
-
-	* Mismatched, CN: *.heroku.com
-
--->
-<ruleset name="Out Campaign.org" default_off="mismatched">
-
-	<target host="outcampaign.org" />
-	<target host="www.outcampaign.org" />
-
-
-	<securecookie host="^outcampaign\.org$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?outcampaign\.org/"
-		to="https://outcampaign.org/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Outbrain-mismatches.xml b/src/chrome/content/rules/Outbrain-mismatches.xml
deleted file mode 100644
index 114b7ab4b159..000000000000
--- a/src/chrome/content/rules/Outbrain-mismatches.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	For rules that are on by default, see Outbrain.xml.
-
--->
-<ruleset name="Outbrain (mismatches)" default_off="mismatch">
-
-	<!--	Cert: *.bluehost.com	-->
-	<target host="blog.outbrain.com" />
-	<!--	Cert: *.unbounce.com	-->
-	<target host="selfserve.outbrain.com" />
-
-
-	<!--	- At least some pages 404
-		- At least some redirect recursively
-		- Some blog data is handled in Outbrain.xml
-				-->
-	<rule from="^http://blog\.outbrain\.com/wp-content/uploads/"
-		to="https://blog.outbrain.com/~outbrain/blog.outbrain.com/wp-content/uploads/" />
-
-	<rule from="^http://selfserve\.outbrain\.com/"
-		to="https://selfserve.outbrain.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Outbrain.com.xml b/src/chrome/content/rules/Outbrain.com.xml
new file mode 100644
index 000000000000..1c3f785dae1b
--- /dev/null
+++ b/src/chrome/content/rules/Outbrain.com.xml
@@ -0,0 +1,129 @@
+<!--
+	CDN buckets:
+
+		- www.outbrain.com.edgesuite.net
+
+			- wp
+
+
+	Nonfunctional subdomains:
+
+		- help *
+
+	* Desk.com / redirects to http
+
+
+	Problematic subdomains:
+
+		- ^ ¹
+		- wp ⁴
+
+	¹ Cert only matches *.outbrain.com
+	⁴ Akamai / mismatched
+
+
+	Partially covered hosts in *outbrain.com:
+
+		- www
+
+
+	These altnames don't exist:
+
+		- www.lp.outbrain.com
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- .outbrain.com
+		- lp.outbrain.com
+		- my.outbrain.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css, on:
+
+			- selfserve from unbouncepages-com.s3.amazonaws.com *
+			- selfserve from dl.dropbox.com *
+
+		- Images on selfserve from dl.dropbox.com *
+		- favicon on lp from www.outbrain.com *
+
+	* Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Outbrain.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="amplify.outbrain.com" />
+	<target host="amplifypixel.outbrain.com" />
+	<target host="blog.outbrain.com" />
+	<target host="editorial.outbrain.com" />
+	<target host="images.outbrain.com" />
+	<target host="log.outbrain.com" />
+	<target host="lp.outbrain.com" />
+	<target host="my.outbrain.com" />
+	<target host="odb.outbrain.com" />
+	<target host="paid.outbrain.com" />
+	<target host="selfserve.outbrain.com" />
+	<target host="storage.outbrain.com" />
+	<target host="traffic.outbrain.com" />
+	<target host="u.outbrain.com" />
+	<target host="u2.outbrain.com" />
+	<target host="vra.outbrain.com" />
+	<target host="vrp.outbrain.com" />
+	<target host="vrt.outbrain.com" />
+	<target host="widgets.outbrain.com" />
+	<target host="www.outbrain.com" />
+
+	<!--	Complications:
+				-->
+	<target host="outbrain.com" />
+	<target host="wp.outbrain.com" />
+
+		<!--exclusion pattern="^http://(help|selfserve)\.outbrain\.com/" /-->
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.outbrain\.com/($|blog$)" /-->
+
+		<exclusion pattern="^http://www\.outbrain\.com/(?!/*(?:assets/|favicon\.ico|images/|wp-content/|wp-includes/))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.outbrain.com/about/company" />
+			<test url="http://www.outbrain.com/blog" />
+			<test url="http://www.outbrain.com/contact" />
+			<test url="http://www.outbrain.com/de/contact" />
+			<test url="http://www.outbrain.com/engage" />
+			<test url="http://www.outbrain.com/es/amplify" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.outbrain.com/favicon.ico" />
+			<test url="http://www.outbrain.com/images/logo.png" />
+			<test url="http://www.outbrain.com/wp-content/themes/outbrain_2014/images/global/logo.png" />
+
+
+			<test url="http://vra.outbrain.com/vrs.js" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.outbrain\.com$" name="^(?:obuid|ubvt)$" /-->
+	<!--securecookie host="^editorial\.outbrain\.com$" name="^obroute$" /-->
+	<!--securecookie host="^lp\.outbrain\.com$" name="^(ubpv|ubvs)$" /-->
+	<!--securecookie host="^my\.outbrain\.com$" name="^(JSESSIONID|obroute2)$" /-->
+
+	<securecookie host="^\." name="^ubvt$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://(?:wp\.)?outbrain\.com/"
+		to="https://www.outbrain.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Outbrain.xml b/src/chrome/content/rules/Outbrain.xml
deleted file mode 100644
index c4095d0ad6ca..000000000000
--- a/src/chrome/content/rules/Outbrain.xml
+++ /dev/null
@@ -1,28 +0,0 @@
-<!--
-	For problematic rules, see Outbrain-mismatches.xml.
-
--->
-<ruleset name="Outbrain (partial)">
-
-	<target host="outbrain.com" />
-	<target host="*.outbrain.com" />
-
-
-	<securecookie host="^\w+\.outbrain\.com$" name=".*" />
-
-
-	<!--	Cert only matches *.outbrain.com	-->
-	<rule from="^https?://(?:www\.)?outbrain\.com/"
-		to="https://www.outbrain.com/" />
-
-	<!--	NB: secure.bluehoust.com throws 200 TOO FAT for large files.
-		wp-content/uploads/ is thus handled in Outbrain-mismatches.xml.
-			-->
-	<rule from="^https?://blog\.outbrain\.com/wp-(content/(?:plugin|theme)|include)s/"
-		to="https://secure.bluehost.com/~outbrain/blog.outbrain.com/wp-$1s/" />
-
-	<!--	widgets: included on 3rd-party websites.	-->
-	<rule from="^http://(u|widgets|images|paid|traffic)\.outbrain\.com/"
-		to="https://$1.outbrain.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Outernet.is.xml b/src/chrome/content/rules/Outernet.is.xml
new file mode 100644
index 000000000000..5fd940adb375
--- /dev/null
+++ b/src/chrome/content/rules/Outernet.is.xml
@@ -0,0 +1,17 @@
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://outernet.is/ => https://www.outernet.is/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+	^: Reset
+
+-->
+<ruleset name="Outernet">
+    <target host="outernet.is" />
+    <target host="*.outernet.is" />
+
+    <securecookie host=".+" name=".+"/>
+
+    <rule from="^http://outernet\.is/"
+        to="https://www.outernet.is/" />
+    <rule from="^http://([^/:@]+)?\.outernet\.is/"
+        to="https://$1.outernet.is/" />
+</ruleset>
diff --git a/src/chrome/content/rules/Outflux.net.xml b/src/chrome/content/rules/Outflux.net.xml
index 6042a73292d6..3b64f20a0e5b 100644
--- a/src/chrome/content/rules/Outflux.net.xml
+++ b/src/chrome/content/rules/Outflux.net.xml
@@ -1,14 +1,8 @@
-<!--
-	Cert only matches www.
-
--->
-<ruleset name="outflux.net" platform="cacert">
-
+<ruleset name="outflux.net">
 	<target host="outflux.net" />
 	<target host="www.outflux.net" />
 
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(?:www\.)?outflux\.net/"
-		to="https://www.outflux.net/" />
-
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"	to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Outlook_Live.xml b/src/chrome/content/rules/Outlook_Live.xml
deleted file mode 100644
index 230b779ea56b..000000000000
--- a/src/chrome/content/rules/Outlook_Live.xml
+++ /dev/null
@@ -1,34 +0,0 @@
-<!--
-	For other Microsoft coverage, see Microsoft.xml.
-
-
-	Fully covered subdomains:
-
-		- ^
-		- autodiscover-s
-		- m
-		- r3.res
-		- www
-
--->
-<ruleset name="Outlook Live">
-
-	<target host="outlook.com" />
-	<target host="*.outlook.com" />
-
-
-	<!--	Observed cookie subdomains:
-
-			- ^
-			- .
-			- autodiscover-s
-			- m
-			- www
-					-->
-	<securecookie host="^(?:.*\.)?outlook\.com$" name=".+" />
-
-
-	<rule from="^http://((?:autodiscover-s|m|r3\.res|www)\.)?outlook\.com/"
-		to="https://$1outlook.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Outreachy.org.xml b/src/chrome/content/rules/Outreachy.org.xml
new file mode 100644
index 000000000000..4406bb252cca
--- /dev/null
+++ b/src/chrome/content/rules/Outreachy.org.xml
@@ -0,0 +1,9 @@
+<ruleset name="Outreachy.org">
+	<target host="outreachy.org" />
+	<target host="www.outreachy.org" />
+	<target host="lists.outreachy.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Outspark.xml b/src/chrome/content/rules/Outspark.xml
index a7028b0ecd98..2c574e7d018e 100644
--- a/src/chrome/content/rules/Outspark.xml
+++ b/src/chrome/content/rules/Outspark.xml
@@ -1,19 +1,27 @@
 <!--
-	Nonfunctiona subdomains:
+	Nonfunctional subdomains:
 
 		- register	(times out)
 
 -->
-<ruleset name="Outspark (partial)">
+<ruleset name="Outspark.com (partial)" default_off="refused">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="outspark.com" />
-	<target host="*.outspark.com" />
+	<target host="cdn2.outspark.com" />
+	<target host="cdn3.outspark.com" />
+	<target host="cdnstatic.outspark.com" />
+	<target host="login.outspark.com" />
+	<target host="payment.outspark.com" />
+	<target host="static.outspark.com" />
+	<target host="www.outspark.com" />
 
 
-	<securecookie host="^(.*\.)?outspark\.com$" name=".*" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://((?:cdn[23]|(?:cdn)?static|login|payment|www)\.)?outspark\.com/"
-		to="https://$1outspark.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Ouvaton.xml b/src/chrome/content/rules/Ouvaton.xml
new file mode 100644
index 000000000000..8ed5fd4424c1
--- /dev/null
+++ b/src/chrome/content/rules/Ouvaton.xml
@@ -0,0 +1,15 @@
+<ruleset name="Ouvaton">
+  <target host="ouvaton.coop" />
+  <target host="www.ouvaton.coop" />
+  <target host="ouvadmin.ouvaton.coop" />
+  <target host="squirrelmail.ouvaton.coop" />
+  <target host="sq.ouvaton.coop" />
+  <target host="roundcube.ouvaton.coop" />
+  <target host="rc.ouvaton.coop" />
+  <target host="phpmyadmin.ouvaton.coop" />
+  <target host="forums.ouvaton.org" />
+  <target host="ag.ouvaton.coop" />
+  <target host="assistance.ouvaton.org" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Over-blog.com.xml b/src/chrome/content/rules/Over-blog.com.xml
new file mode 100644
index 000000000000..4770c1f12a12
--- /dev/null
+++ b/src/chrome/content/rules/Over-blog.com.xml
@@ -0,0 +1,53 @@
+<!--
+	Nonfunctional hosts in *over-blog.com:
+
+		- fdata *
+		- pay *
+		- resize *
+
+	* Refused
+
+
+	Fully covered hosts in *over-blog.com:
+
+		- (www.)?
+		- admin
+		- assets
+		- connect
+		- developers
+		- en
+		- my
+		- resizes
+
+
+	Insecure cookies are set for these hosts:
+
+		- connect.over-blog.com
+
+-->
+<ruleset name="Over-blog.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="over-blog.com" />
+	<target host="admin.over-blog.com" />
+	<target host="assets.over-blog.com" />
+	<target host="connect.over-blog.com" />
+	<target host="developers.over-blog.com" />
+	<target host="en.over-blog.com" />
+	<target host="my.over-blog.com" />
+	<target host="resizes.over-blog.com" />
+	<target host="www.over-blog.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^connect\.over-blog\.com$" name="^OVERBLOG$" /-->
+
+	<securecookie host="^connect\.over-blog\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Over-yonder.net.xml b/src/chrome/content/rules/Over-yonder.net.xml
new file mode 100644
index 000000000000..04cabfc90b73
--- /dev/null
+++ b/src/chrome/content/rules/Over-yonder.net.xml
@@ -0,0 +1,12 @@
+<!--
+	^over-yonder.net doesn't exist.
+
+-->
+<ruleset name="over-yonder.net">
+
+	<target host="www.over-yonder.net" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OverClockers.xml b/src/chrome/content/rules/OverClockers.xml
index 50f1b2ced08a..4b00f3b327d4 100644
--- a/src/chrome/content/rules/OverClockers.xml
+++ b/src/chrome/content/rules/OverClockers.xml
@@ -1,9 +1,25 @@
-<ruleset name="OverClockers.co.uk" platform="mixedcontent">
-  <target host="overclockers.co.uk" />
-	<!--	* for cross-domain cookies.	-->
-  <target host="*.overclockers.co.uk" />
+<!--
+	Nonfunctional subdomains:
 
-  <rule from="^http://(?:www\.)?overclockers\.co\.uk/" to="https://www.overclockers.co.uk/"/>
+		- forums *
+
+	* Dropped
+
+-->
+<ruleset name="OverClockers.co.uk (partial)">
+
+	<target host="overclockers.co.uk" />
+	<target host="www.overclockers.co.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.overclockers\.co\.uk$" name="^(PHPSESSID|safeshoppingtest)$" /-->
+
+	<securecookie host=".*\.overclockers\.co\.uk" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
-  <securecookie host="^.*\.overclockers\.co\.uk" name=".*"/>
 </ruleset>
diff --git a/src/chrome/content/rules/OverDrive.com-falsemixed.xml b/src/chrome/content/rules/OverDrive.com-falsemixed.xml
new file mode 100644
index 000000000000..6790841995f5
--- /dev/null
+++ b/src/chrome/content/rules/OverDrive.com-falsemixed.xml
@@ -0,0 +1,18 @@
+<!--
+	For rules not causing false/broken MCB, see OverDrive.com.xml.
+
+-->
+<ruleset name="OverDrive.com (false MCB)" platform="mixedcontent">
+
+	<target host="company.overdrive.com" />
+	<target host="partners.overdrive.com" />
+
+
+	<securecookie host="^\." name="^(?:_gat?$|s_v)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OverDrive.com.xml b/src/chrome/content/rules/OverDrive.com.xml
new file mode 100644
index 000000000000..7da9e0d68e16
--- /dev/null
+++ b/src/chrome/content/rules/OverDrive.com.xml
@@ -0,0 +1,93 @@
+<!--
+	For rules causing false/broken MCB, see OverDrive.com-falsemixed.xml.
+
+	Other OverDrive rulesets:
+
+		- contentreserve.com.xml
+		- libraryreserve.com.xml
+
+
+	Nonfunctional hosts in *overdrive.com:
+
+		- blogs ᵈ
+		- help ʰ
+		- devon.lib ʰ
+		- eastsussexlibrary.lib ʰ
+
+	ᵈ Dropped
+	ʰ Redirects to http
+
+
+	Problematic hosts in *overdrive.com:
+
+		- company ˣ
+		- ox-i ᴬ
+		- partners ˣ
+
+	ᴬ Akamai/mismatched
+	ˣ Mixed css, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+
+	Insecure cookies are set for these hosts:
+
+		- (account_vhost).overdrive.com
+		- ox-d.overdrive.com
+
+
+	Mixed content:
+
+		- css on company, partners from $self ˢ
+		- Images on company, partners from $self ˢ
+		- Bug on partners from ox-d.overdrive.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="OverDrive.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="overdrive.com" />
+	<target host="app.overdrive.com" />
+
+	<target host="libraryreserve.cdn.overdrive.com" />
+	<target host="lightning.cdn.overdrive.com" />
+	<target host="thunder.cdn.overdrive.com" />
+
+	<!--target host="company.overdrive.com" /-->
+	<target host="omc.overdrive.com" />
+	<target host="ox-d.overdrive.com" />
+	<!--target host="partners.overdrive.com" /-->
+	<target host="www.overdrive.com" />
+
+	<!--	(Accounts:)
+				-->
+	<target host="norfolk.overdrive.com" />
+
+	<!--	Complications:
+				-->
+	<target host="ox-i.overdrive.com" />
+
+		<test url="http://libraryreserve.cdn.overdrive.com/100429/50/1.40/spacer.gif" />
+
+		<!--	Sets cookie without Secure:
+							-->
+		<!--test url="http://ox-d.overdrive.com/w/1.0/afr?auid=&amp;cb=" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(account_vhost)\.overdrive\.com$" name="^(?:_csrf|eu-notify-setting)$" /-->
+	<!--securecookie host="^ox-d\.overdrive\.com$" name="^OX_u$" /-->
+
+	<securecookie host="^\." name="^(?:_gat?$|_gat_|s_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://ox-i\.overdrive\.com/"
+		to="https://ssl-i.cdn.openx.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OvercastFM.xml b/src/chrome/content/rules/OvercastFM.xml
new file mode 100644
index 000000000000..d94981b11ac1
--- /dev/null
+++ b/src/chrome/content/rules/OvercastFM.xml
@@ -0,0 +1,7 @@
+<ruleset name="Overcast">
+	<target host="overcast.fm" />
+	<target host="www.overcast.fm" />
+
+	<rule from="^http://(?:www\.)?overcast\.fm/"
+		to="https://overcast.fm/" />
+</ruleset>
diff --git a/src/chrome/content/rules/Overclock.net.xml b/src/chrome/content/rules/Overclock.net.xml
index 37fe973b6e20..c25a7296b356 100644
--- a/src/chrome/content/rules/Overclock.net.xml
+++ b/src/chrome/content/rules/Overclock.net.xml
@@ -1,21 +1,12 @@
 <!--
-	CDN buckets:
-
-		- d1rktuf34l9h2g.cloudfront.net
-
-
-	Nonfunctional subdomains:
-
-		- (www.)	(cert: www.mothering.com, expired; redirects to http)
-		- files		(cert: ditto; 404)
-
+	Timeout:
+		- folding
+		- foldingstats
 -->
-<ruleset name="overclock.net (partial)">
-
+<ruleset name="Overclock.net">
+	<target host="overclock.net" />
+	<target host="www.overclock.net" />
 	<target host="cdn.overclock.net" />
 
-
-	<rule from="^http://cdn\.overclock\.net/"
-		to="https://d1rktuf34l9h2g.cloudfront.net/" />
-
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Overclockers.at.xml b/src/chrome/content/rules/Overclockers.at.xml
new file mode 100644
index 000000000000..cd048515e095
--- /dev/null
+++ b/src/chrome/content/rules/Overclockers.at.xml
@@ -0,0 +1,17 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://bitte.overclockers.at/ => https://bitte.overclockers.at/: (6, 'Could not resolve host: bitte.overclockers.at')
+
+-->
+<ruleset name="overclockers.at" default_off="failed ruleset test">
+  <target host="overclockers.at" />
+  <target host="www.overclockers.at" />
+  <target host="bitte.overclockers.at" />
+  <target host="shop.overclockers.at" />
+  <target host="clockers.at" />
+  <target host="www.clockers.at" />
+
+  <rule from="^http:"
+    to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Overclockers.com.xml b/src/chrome/content/rules/Overclockers.com.xml
index 1ec9d546aa33..3be70950dd71 100644
--- a/src/chrome/content/rules/Overclockers.com.xml
+++ b/src/chrome/content/rules/Overclockers.com.xml
@@ -4,38 +4,15 @@
 		- INet-Interactive.xml
 
 -->
-<ruleset name="Overclockers.com (partial)" platform="mixedcontent">
+<ruleset name="Overclockers.com (partial)">
 
-	<target host="ocforums.com"/>
-	<target host="www.ocforums.com"/>
-	<target host="overclockers.com"/>
-	<!--	* for cross-domain cookies.	-->
-	<target host="*.overclockers.com"/>
+	<target host="ocforums.com" />
+	<target host="www.ocforums.com" />
+	<target host="overclockers.com" />
+	<target host="www.overclockers.com" />
 
+	<securecookie host=".+" name=".+" />
 
-	<!--	Covers:
-
-			- bbforum_view
-			- bblastactivity
-			- bblastvisit
-			- bbsessionhash
-
-	Blanket coverage not included in case there
-	are some cookies needed for article pages.
-							-->
-	<securecookie host="^\.overclockers\.com$" name="^bb\w+$"/>
-
-
-	<!--	Cert isn't valid for ocforums.com.
-		Server redirects as so.
-					-->
-	<rule from="^http://(?:www\.)ocforums\.com/"
-		to="https://www.overclockers.com/forums/"/>
-
-	<!--	\w+$ redirects to \w+/, so we
-		can't secure articles. =(
-						-->
-	<rule from="^http://(www\.)?overclockers\.com/($|\w+/)"
-		to="https://$1overclockers.com/$2"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Overlake-Hospital.xml b/src/chrome/content/rules/Overlake-Hospital.xml
index c90bc1f35e5b..ba39f3b9d7ae 100644
--- a/src/chrome/content/rules/Overlake-Hospital.xml
+++ b/src/chrome/content/rules/Overlake-Hospital.xml
@@ -1,13 +1,13 @@
 <ruleset name="Overlake Hospital Medical Center" platform="mixedcontent">
 
 	<target host="overlakehospital.org" />
-	<target host="*.overlakehospital.org" />
+	<target host="www.overlakehospital.org" />
 
 
-	<securecookie host="^(.*\.)?overlakehospital\.org" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
 
-	<rule from="^https?://(?:www\.)?overlakehospital\.org/"
+	<rule from="^http://(?:www\.)?overlakehospital\.org/"
 		to="https://www.overlakehospital.org/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Overleaf.com.xml b/src/chrome/content/rules/Overleaf.com.xml
new file mode 100644
index 000000000000..79358f3fd1f4
--- /dev/null
+++ b/src/chrome/content/rules/Overleaf.com.xml
@@ -0,0 +1,22 @@
+<!--
+	Invalid certificate:
+		email-link.overleaf.com
+
+-->
+<ruleset name="Overleaf.com">
+
+	<target host="overleaf.com" />
+	<target host="www.overleaf.com" />
+	<target host="git.overleaf.com" />
+		<!-- see https://www.overleaf.com/help/230-how-do-i-push-a-new-project-to-overleaf-via-git -->
+	<target host="preview.overleaf.com" />
+		<!-- used for live preview in the online LaTeX editor -->
+	<target host="staging-preview.overleaf.com" />
+	<target host="support.overleaf.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Overpass-api.de.xml b/src/chrome/content/rules/Overpass-api.de.xml
new file mode 100644
index 000000000000..1e60ad83e9dd
--- /dev/null
+++ b/src/chrome/content/rules/Overpass-api.de.xml
@@ -0,0 +1,9 @@
+<ruleset name="Overpass-api.de">
+	<target host="overpass-api.de" />
+	<target host="www.overpass-api.de" />
+	<target host="dev.overpass-api.de" />
+	<target host="lz4.overpass-api.de" />
+	<target host="z.overpass-api.de" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Oversee.xml b/src/chrome/content/rules/Oversee.xml
index 1e15ea18fe1f..5c9e54591b20 100644
--- a/src/chrome/content/rules/Oversee.xml
+++ b/src/chrome/content/rules/Oversee.xml
@@ -1,38 +1,22 @@
 <!--
 	Other Oversee.net rulesets:
+		+ Cdncomputer.com.xml
+		+ ShopWiki.com.xml
+		+ Webfest_Global.xml
 
-		- Cdncomputer.com.xml
-		- DomainSponsor.xml
-		- ShopWiki.xml
-		- Webfest_Global.xml
 
--->
-<ruleset name="Oversee.net (partial)" platform="mixedcontent">
+	Non-functional hosts
+		Couldn't connect to server:
+		- domainfest.com
+		- www.domainfest.com
 
+		SSL peer certificate was not OK:
+		- oversee.net
+		- www.oversee.net
+-->
+<ruleset name="Oversee.net (partial)">
 	<target host="aboutairportparking.com" />
 	<target host="www.aboutairportparking.com" />
-	<target host="static.couponfinder.com" />
-	<target host="domainfest.com" />
-	<target host="www.domainfest.com" />
-	<target host="oversee.net" />
-	<target host="*.oversee.net" />
-
-
-	<securecookie host=".*\.aboutairportparking\.com$" name=".+" />
-	<securecookie host="^(?:.*\.)?domainfest\.com$" name=".+" />
-	<securecookie host="^(?:.*\.)?oversee\.net$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?aboutairportparking\.com/"
-		to="https://www.aboutairportparking.com/" />
-
-	<rule from="^http://static\.couponfinder\.com/"
-		to="https://d2q7dxlbtbvkph.cloudfront.net/" />
-
-	<rule from="^http://(www\.)?domainfest\.com/"
-		to="https://$1domainfest.com/" />
-
-	<rule from="^http://(support\.|www\.)?oversee\.net/"
-		to="https://$1oversee.net/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/OvershootDay.org.xml b/src/chrome/content/rules/OvershootDay.org.xml
new file mode 100644
index 000000000000..1a1d2a57ad8f
--- /dev/null
+++ b/src/chrome/content/rules/OvershootDay.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="OvershootDay.org">
+
+	<target host="overshootday.org" />
+	<target host="www.overshootday.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Overstock.com.xml b/src/chrome/content/rules/Overstock.com.xml
new file mode 100644
index 000000000000..291305fcfe01
--- /dev/null
+++ b/src/chrome/content/rules/Overstock.com.xml
@@ -0,0 +1,86 @@
+<!--
+	CDN buckets:
+
+		- cdn.overstock.com.edgesuite.net
+
+			- a1696.g.akamai.net
+			- ak[12].ostkcdn.com
+
+
+	Nonfunctional domains:
+
+		- cars.overstock.com ¹
+
+	¹ Refused
+
+
+	Problematic domains:
+
+		- ak[12].ostkcdn.com ¹
+		- overstock.com ²
+		- newcars.overstock.com ³
+		- usedcars.overstock.com *
+
+	¹ Works, akamai
+	² Cert only matches www
+	³ 404, valid cert
+	* Works; mismatched, CN: *.vast.com
+
+
+	Fully covered domains:
+
+		- newcars.overstock.com		(→ secure.newcars)
+		- secure.newcars.overstock.com
+
+
+	Some pages redirect to http.
+
+
+	These altnames don't exist:
+
+		- secure.cars.overstock.com
+
+
+	Observed cookie domains:
+
+		- .newcars.overstock.com *
+
+	* Secured by us <= not secured by server
+
+-->
+<ruleset name="Overstock.com (partial)">
+
+	<target host="ak1.ostkcdn.com" />
+	<target host="ak2.ostkcdn.com" />
+	<target host="ak-s.ostkcdn.com" />
+	<target host="overstock.com" />
+	<target host="www.overstock.com" />
+	<target host="help.overstock.com" />
+	<target host="newcars.overstock.com" />
+	<target host="secure.newcars.overstock.com" />
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="^http://(www\.)?overstock.com/+($|\?|Clothing-Shoes/7/store\.html|Coupons$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="^http://(www\.)?overstock.com/+(?!css/|(dlp|intlcheckout)($|[?/])|favicon\.ico|img/)" /-->
+
+
+	<securecookie host="^\.newcars\.overstock\.com$" name=".+" />
+
+
+	<rule from="^http://ak(?:1|2|-s)\.ostkcdn\.com/"
+		to="https://ak-s.ostkcdn.com/" />
+
+	<rule from="^http://(?:www\.)?overstock\.com/(?=css/|(?:dlp|intlcheckout)(?:$|[?/])|favicon\.ico|img/)"
+		to="https://www.overstock.com/" />
+
+	<rule from="^http://help\.overstock\.com/"
+		to="https://help.overstock.com/" />
+
+	<rule from="^http://(?:secure\.)?newcars\.overstock\.com/"
+		to="https://secure.newcars.overstock.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Overview_Project.org.xml b/src/chrome/content/rules/Overview_Project.org.xml
new file mode 100644
index 000000000000..66463de010eb
--- /dev/null
+++ b/src/chrome/content/rules/Overview_Project.org.xml
@@ -0,0 +1,16 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://overviewproject.org/ => https://overviewproject.org/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.overviewproject.org/ => https://www.overviewproject.org/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="Overview Project.org" default_off="failed ruleset test">
+
+	<target host="overviewproject.org" />
+	<target host="www.overviewproject.org" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ovh.xml b/src/chrome/content/rules/Ovh.xml
index 0311d8d318d3..5b2ddee20c6a 100644
--- a/src/chrome/content/rules/Ovh.xml
+++ b/src/chrome/content/rules/Ovh.xml
@@ -1,64 +1,112 @@
 <!--
-	Problematic domains:
+	Other OVH Group rulesets:
+		- Hubic.com.xml
+		- Kimsufi.com.xml
+		- OVH.biz.xml
+		- OVH.us.xml
+		- OVH_Telecom.fr.xml
+		- RunAbove.xml
+		- So_you_Start.com.xml
+
+	Nonfunctional domains:
+		- guides.ovh.com ¹
+		- prirucky.ovh.cz ¹
+		- status.ovh.net ²
+		- travaux.ovh.net ²
 
-		- imp.ovh.net	(mismatched, CN: ssl0.ovh.net)
+	¹ Refused
+	² 401
 
+	Problematic domains:
+		- cluster016.ovh.net (expired)
+		- imp.ovh.net (mismatched, ssl0.ovh.net)
+		- ssl\d+.ovh.net
+			- 4 (self-signed)
+			- 8 (dropped)
+			- 9 (mismatched, ssl7.ovh.net)
+			- 16 (refused)
 -->
-<ruleset name="OVH">
 
-	<!-- global site -->
-	<target host="*.ovh.net" />
+<ruleset name="OVH (partial)">
+	<target host="ovh.com" />
+	<target host="www.ovh.com" />
+	<target host="eu.api.ovh.com" />
+	<target host="ca.ovh.com" />
+	<target host="forum.ovh.com" />
+	<target host="imp.ovh.net" />
+	<target host="ex.mail.ovh.net" />
+	<target host="mailconfig.ovh.net" />
+	<target host="ssl0.ovh.net" />
+	<target host="ssl2.ovh.net" />
+	<target host="ssl3.ovh.net" />
+	<target host="ssl4.ovh.net" />
+	<target host="ssl5.ovh.net" />
+	<target host="ssl6.ovh.net" />
+	<target host="ssl7.ovh.net" />
+	<target host="ssl9.ovh.net" />
+	<target host="ssl11.ovh.net" />
+	<target host="ssl12.ovh.net" />
+	<target host="ssl13.ovh.net" />
+	<target host="ssl14.ovh.net" />
+	<target host="ssl15.ovh.net" />
+	<target host="ssl17.ovh.net" />
+	<target host="webanalytics2.ovh.net" />
+	<target host="webmail.ovh.net" />
 
-	<!-- regional sites -->
 	<target host="ovh.co.uk" />
 	<target host="www.ovh.co.uk" />
-	<target host="ovh.com" />
-	<target host="www.ovh.com" />
+	<target host="forum.ovh.co.uk" />
+
 	<target host="ovh.cz" />
 	<target host="www.ovh.cz" />
+	<target host="forum.ovh.cz" />
+
 	<target host="ovh.de" />
 	<target host="www.ovh.de" />
+	<target host="forum.ovh.de" />
+
 	<target host="ovh.es" />
 	<target host="www.ovh.es" />
-	<target host="ovh.lt" />
-	<target host="www.ovh.lt" />
-	<target host="ovh.nl" />
-	<target host="www.ovh.nl" />
+	<target host="forum.ovh.es" />
+
 	<target host="ovh.ie" />
 	<target host="www.ovh.ie" />
+	<target host="forum.ovh.ie" />
+
 	<target host="ovh.it" />
 	<target host="www.ovh.it" />
+	<target host="forum.ovh.it" />
+
+	<target host="ovh.lt" />
+	<target host="www.ovh.lt" />
+	<target host="forum.ovh.lt" />
+
+	<target host="ovh.nl" />
+	<target host="www.ovh.nl" />
+	<target host="forum.ovh.nl" />
+
 	<target host="ovh.pl" />
 	<target host="www.ovh.pl" />
+	<target host="forum.ovh.pl" />
+
 	<target host="ovh.pt" />
 	<target host="www.ovh.pt" />
+	<target host="forum.ovh.pt" />
+
 	<target host="ovh.sn" />
 	<target host="www.ovh.sn" />
+	<target host="forum.ovh.sn" />
+
 	<target host="ovh-hosting.fi" />
 	<target host="www.ovh-hosting.fi" />
+	<target host="foorumi.ovh-hosting.fi" />
+	<target host="forum.ovh-hosting.fi" />
 
+	<securecookie host=".+" name=".+" />
 
-	<securecookie host="^(?:.*\.)?ovh(?:-hosting)?\.(?:net|co\.uk|com|cz|de|es|fi|lt|nl|ie|it|pl|pt|sn)$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?ovh(-hosting)?\.(co\.uk|com|cz|de|es|fi|lt|nl|ie|it|pl|pt|sn)/"
-		to="https://www.ovh$1.$2/" />
-
-	<rule from="^http://imp\.ovh\.net/"
-		to="https://ssl0.ovh.net/" />
-
-	<!--	- 1: doesn't exist
-		- 4: self-signed
-		- 8: times out
-		- 9: 7's cert
-		- 16: reset
-					-->
-	<rule from="^http://ssl([023567]|1[0-5])\.ovh\.net/"
-		to="https://ssl$1.ovh.net/" />
+	<rule from="^http://(imp|webmail)\.ovh\.net/" to="https://ssl0.ovh.net/" />
 
-	<!--	302s like so.
-				-->
-	<rule from="^https?://webmail\.ovh\.net/"
-		to="https://ssl0.ovh.net/" />
+	<rule from="^http:" to="https:" />
 
+	<test url="http://webanalytics2.ovh.net/piwik.php" />
 </ruleset>
diff --git a/src/chrome/content/rules/Ovid.xml b/src/chrome/content/rules/Ovid.xml
index 5582bba7144f..a0b1a4871f04 100644
--- a/src/chrome/content/rules/Ovid.xml
+++ b/src/chrome/content/rules/Ovid.xml
@@ -7,11 +7,13 @@
 -->
 <ruleset name="Ovid (partial)">
 
-	<target host="*.ovid.com" />
+	<target host="e-bea.ovid.com" />
+	<target host="gateway.ovid.com" />
+	<target host="ovidsp.ovid.com" />
 	<target host="ovidsp.tx.ovid.com" />
+	<target host="shibboleth.ovid.com" />
 
 
-	<rule from="^http://(e-bea|gateway|ovidsp(?:\.tx)?|shibboleth)\.ovid\.com/"
-		to="https://$1.ovid.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Ovscruise.com.xml b/src/chrome/content/rules/Ovscruise.com.xml
new file mode 100644
index 000000000000..625f472eebbe
--- /dev/null
+++ b/src/chrome/content/rules/Ovscruise.com.xml
@@ -0,0 +1,26 @@
+<!--
+	For other Wyndham related rulesets, see WyndhamHotels.com.xml
+
+	Non-functional hosts
+		Timeout was reached:
+		- agentbook.ovscruise.com
+		- emailreceipt.ovscruise.com
+		- emailreceipt2.ovscruise.com
+		- wcthotels.ovscruise.com
+-->
+<ruleset name="Ovscruise.com">
+	<target host="ovscruise.com" />
+	<target host="www.ovscruise.com" />
+	<target host="agent.ovscruise.com" />
+	<target host="cruise.ovscruise.com" />
+	<target host="diamond.ovscruise.com" />
+	<target host="marriott.ovscruise.com" />
+	<target host="mvcvacationredemptioncenter.ovscruise.com" />
+	<target host="shop.ovscruise.com" />
+	<target host="staging-cruise.ovscruise.com" />
+	<target host="test-cruise.ovscruise.com" />
+	<target host="test-www.ovscruise.com" />
+	<target host="uat-hicv.ovscruise.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ow.ly.xml b/src/chrome/content/rules/Ow.ly.xml
new file mode 100644
index 000000000000..ba9b121bab95
--- /dev/null
+++ b/src/chrome/content/rules/Ow.ly.xml
@@ -0,0 +1,16 @@
+<!--
+	For other HootSuite coverage, see HootSuite.xml.
+
+	Non-functional hosts:
+		Refused:
+		- ow.ly
+		- www.ow.ly
+
+-->
+<ruleset name="Ow.ly (partial)">
+
+	<target host="static.ow.ly" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Owen_Services.com.xml b/src/chrome/content/rules/Owen_Services.com.xml
index d817012e11b9..52a7e0d430b0 100644
--- a/src/chrome/content/rules/Owen_Services.com.xml
+++ b/src/chrome/content/rules/Owen_Services.com.xml
@@ -1,13 +1,12 @@
 <ruleset name="Owen Services.com">
 
 	<target host="owenservices.com" />
-	<target host="*.owenservices.com" />
+	<target host="www.owenservices.com" />
 
 
 	<securecookie host="^\.?owenservices\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?owenservices\.com/"
-		to="https://$1owenservices.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Owl.English.Purdue.edu.xml b/src/chrome/content/rules/Owl.English.Purdue.edu.xml
deleted file mode 100644
index 7b53dc764517..000000000000
--- a/src/chrome/content/rules/Owl.English.Purdue.edu.xml
+++ /dev/null
@@ -1,4 +0,0 @@
-<ruleset name="Purdue OWL">
-  <target host="owl.english.purdue.edu"/>
-  <rule from="^http://(www\.)?owl\.english\.purdue\.edu/" to="https://owl.english.purdue.edu/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/Owlfolio.org.xml b/src/chrome/content/rules/Owlfolio.org.xml
new file mode 100644
index 000000000000..63e55b70433c
--- /dev/null
+++ b/src/chrome/content/rules/Owlfolio.org.xml
@@ -0,0 +1,22 @@
+<!--
+	Fully covered hosts *owlfolio.org:
+:
+		- (www.)?
+		- hacks
+		- readings
+
+-->
+<ruleset name="Owlfolio.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="owlfolio.org" />
+	<target host="hacks.owlfolio.org" />
+	<target host="readings.owlfolio.org" />
+	<target host="www.owlfolio.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Owlverkehr.de.xml b/src/chrome/content/rules/Owlverkehr.de.xml
new file mode 100644
index 000000000000..55db50a8c4ac
--- /dev/null
+++ b/src/chrome/content/rules/Owlverkehr.de.xml
@@ -0,0 +1,6 @@
+<ruleset name="Owlverkehr.de">
+	<target host="owlverkehr.de" />
+	<target host="www.owlverkehr.de" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Own-Mailbox.com.xml b/src/chrome/content/rules/Own-Mailbox.com.xml
new file mode 100644
index 000000000000..206051276eec
--- /dev/null
+++ b/src/chrome/content/rules/Own-Mailbox.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="Own-Mailbox.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="own-mailbox.com" />
+	<target host="www.own-mailbox.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Own.ag.xml b/src/chrome/content/rules/Own.ag.xml
new file mode 100644
index 000000000000..960a88ecc5b9
--- /dev/null
+++ b/src/chrome/content/rules/Own.ag.xml
@@ -0,0 +1,6 @@
+<ruleset name="Own.ag">
+	<target host="own.ag" />
+	<target host="www.own.ag" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/OwnCloud.com.xml b/src/chrome/content/rules/OwnCloud.com.xml
index 8171718b2c18..45d6480507e0 100644
--- a/src/chrome/content/rules/OwnCloud.com.xml
+++ b/src/chrome/content/rules/OwnCloud.com.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://static.owncloud.com/ => https://opendesktop.org/: Too many redirects while fetching 'https://opendesktop.org/'
+
 	CDN buckets:
 
 		- mainstatic.hive01.com
@@ -6,30 +10,52 @@
 			- static
 
 
-	Problematic subdomains:
+	Problematic hosts in *owncloud.com:
+
+		- static *
+
+	* 401; self-signed, CN: s1.hive01.com
+
 
-		- static	(401; self-signed, CN: s1.hive01.com)
+	Insecure cookies are set for these hosts:
 
+		- owncloud.com
+		- apps.owncloud.com
 
-	Fully covered subdomains:
 
-		- (www.)
-		- static	(→ opendesktop.org)
+	Mixed content:
+
+		- Image on apps from gnome-look.org *
+
+	Not secured by us <= mismatched
 
 -->
-<ruleset name="ownCloud.com">
+<ruleset name="ownCloud.com" default_off="failed ruleset test">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="owncloud.com" />
-	<target host="*.owncloud.com" />
+	<target host="apps.owncloud.com" />
+	<target host="doc.owncloud.com" />
+	<target host="www.owncloud.com" />
 
+	<!--	Complications:
+				-->
+	<target host="static.owncloud.com" />
 
-	<securecookie host="^\.(?:www\.)?owncloud\.com$" name=".+" />
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^owncloud\.com$" name="^_icl_current_language$" /-->
+	<!--securecookie host="^apps\.owncloud\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\w" name=".+" />
 
-	<rule from="^http://(www\.)?owncloud\.com/"
-		to="https://$1owncloud.com/" />
 
 	<rule from="^http://static\.owncloud\.com/"
 		to="https://opendesktop.org/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OwnCloud.xml b/src/chrome/content/rules/OwnCloud.xml
deleted file mode 100644
index a77c06f2c4fd..000000000000
--- a/src/chrome/content/rules/OwnCloud.xml
+++ /dev/null
@@ -1,28 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- demo		(refused)
-		- doc		(blank page; mismatched, CN: www.owncloud.org)
-
-
-	Problematic subdomains:
-
-		- stats		(works; self-signed, CN: owncloud.com)
-
-
-	Mixed web bug on www from stats
-
--->
-<ruleset name="ownCloud (partial)">
-
-	<target host="owncloud.org" />
-	<target host="*.owncloud.org" />
-
-
-	<securecookie host="^\.forum\.owncloud\.org$" name=".+" />
-
-
-	<rule from="^http://(download\.|forum\.|www\.)?owncloud\.org/"
-		to="https://$1owncloud.org/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/OwnCube.xml b/src/chrome/content/rules/OwnCube.xml
index ad816d7bcacc..60844d645e18 100644
--- a/src/chrome/content/rules/OwnCube.xml
+++ b/src/chrome/content/rules/OwnCube.xml
@@ -1,11 +1,26 @@
+<!--
+	Mixed content:
+
+		- css on (www.) from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
 <ruleset name="OwnCube">
 
-	<target host="owncube.com"/>
-	<target host="www.owncube.com"/>
+	<target host="owncube.com" />
+	<target host="billing.owncube.com" />
+	<target host="www.owncube.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?owncube\.com$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^billing\.owncube\.com$" name="^WHMCS\w+$" /-->
+
+	<securecookie host="^(?:billing\.|www\.)?owncube\.com$" name=".+" />
 
-	<securecookie host="^owncube\.com$" name=".*"/>
 
-	<rule from="^http://(?:www\.)?owncube\.com/"
-		to="https://owncube.com/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/OwnedCore.com.xml b/src/chrome/content/rules/OwnedCore.com.xml
index b8e8423fba26..757862483914 100644
--- a/src/chrome/content/rules/OwnedCore.com.xml
+++ b/src/chrome/content/rules/OwnedCore.com.xml
@@ -1,4 +1,9 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ownedcore.com/ => https://ownedcore.com/: Too many redirects while fetching 'https://ownedcore.com/'
+Fetch error: http://www.ownedcore.com/ => https://www.ownedcore.com/: Too many redirects while fetching 'https://www.ownedcore.com/'
+
 	Mixed content:
 
 		- Images on www from www *
@@ -6,7 +11,7 @@
 	* Secured by us
 
 -->
-<ruleset name="OwnedCore.com (mixed content)" default_off="mixed content">
+<ruleset name="OwnedCore.com (mixed content)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="ownedcore.com" />
 	<target host="www.ownedcore.com" />
@@ -15,7 +20,7 @@
 	<securecookie host="^www\.ownedcore\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?ownedcore\.com/"
-		to="https://$1ownedcore.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Owner.io.xml b/src/chrome/content/rules/Owner.io.xml
new file mode 100644
index 000000000000..56d96acabac2
--- /dev/null
+++ b/src/chrome/content/rules/Owner.io.xml
@@ -0,0 +1,35 @@
+<!--
+	www.owner.io: 400
+
+
+	Insecure cookies are set for these hosts:
+
+		- owner.io
+		- www.owner.io
+
+-->
+<ruleset name="Owner.io">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="owner.io" />
+
+	<!--	Complications:
+				-->
+	<target host="www.owner.io" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?owner\.io$" name="^[\da-f]+$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://www\.owner\.io/"
+		to="https://owner.io/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OwnerIQ.xml b/src/chrome/content/rules/OwnerIQ.xml
index 93637d6cbaea..fd68a995b7e0 100644
--- a/src/chrome/content/rules/OwnerIQ.xml
+++ b/src/chrome/content/rules/OwnerIQ.xml
@@ -10,17 +10,29 @@
 
 	px serves web bugs.
 
+
+	Insecure cookies are set for these domains:
+
+		- .owneriq.net
+
 -->
-<ruleset name="OwnerIQ (partial)">
+<ruleset name="OwnerIQ.net (partial)">
+
+	<target host="px.owneriq.net" />
+
+		<!--	Sets cookies without Secure:
+							-->
+		<!--test url="http://px.owneriq.net/ep?sid(?:%[\dA-F][\dA-F]){2}=&amp;pt=" /-->
 
-	<target host="*.owneriq.net" />
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.owneriq\.net$" name="^(apq|gguuid|p1|rpq|si|ss|tpq)$" /-->
 
-	<!--	name="^(apq|p1|rpq|si|ss)$"	/-->
-	<securecookie host="^\.owneriq\.net$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://px\.owneriq\.net/"
-		to="https://px.owneriq.net/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Ox.ac.uk-falsemixed.xml b/src/chrome/content/rules/Ox.ac.uk-falsemixed.xml
new file mode 100644
index 000000000000..664dd2b0c153
--- /dev/null
+++ b/src/chrome/content/rules/Ox.ac.uk-falsemixed.xml
@@ -0,0 +1,31 @@
+<!--
+	For rules not causing false/broken MCB, see University-of-Oxford.xml.
+
+-->
+<ruleset name="Ox.ac.uk (false MCB)" platform="mixedcontent">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.cardioscience.ox.ac.uk" />
+	<target host="www.ccouc.ox.ac.uk" />
+	<target host="www.history.ox.ac.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="medieval.history.ox.ac.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<!--	Redirect drops path and forward slash, but not args:
+								-->
+	<rule from="^http://medieval\.history\.ox\.ac\.uk/[^?]*"
+		to="https://www.history.ox.ac.uk/research/centre/medieval-history.html" />
+
+		<test url="http://medieval.history.ox.ac.uk//home.html"/>
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Oxfam.org.uk.xml b/src/chrome/content/rules/Oxfam.org.uk.xml
new file mode 100644
index 000000000000..e73ea62b441d
--- /dev/null
+++ b/src/chrome/content/rules/Oxfam.org.uk.xml
@@ -0,0 +1,73 @@
+<!--
+	Nonfunctional hosts in *oxfam.org.uk:
+
+		- fundraising ʳ
+		- policy-practice ʰ
+		- shelflife ᵈ
+
+	ᵈ Dropped
+	ʰ Redirects to http
+	ʳ Refused
+
+
+	Problematic hosts in *oxfam.org.uk:
+
+		- ict4d ᵐ
+
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- .oxfam.org.uk
+		- community.oxfam.org.uk
+		- donate.oxfam.org.uk
+		- ict4d.oxfam.org.uk
+		- karl.oxfam.org.uk
+		- .karl.oxfam.org.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Bugs, on:
+
+			- community donate, stand from oxfamgb.122.2o7.net ˢ
+			- community from www.facebook.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Oxfam.org.uk (partial)">
+
+	<target host="oxfam.org.uk" />
+	<target host="community.oxfam.org.uk" />
+	<target host="donate.oxfam.org.uk" />
+	<target host="jobs.oxfam.org.uk" />
+	<target host="karl.oxfam.org.uk" />
+	<target host="media.oxfam.org.uk" />
+	<target host="merlin.oxfam.org.uk" />
+	<target host="stand.oxfam.org.uk" />
+	<target host="www.oxfam.org.uk" />
+
+		<test url="http://media.oxfam.org.uk/images/products/HighStDonated/Carousel/HD_100535985_01.jpg" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.oxfam\.org\.uk$" name="^o_cs_referrer$" /-->
+	<!--securecookie host="^community\.oxfam\.org\.uk$" name="^(?:AuthorizationCookie|Telligent\.Evolution-UI)$" /-->
+	<!--securecookie host="^donate\.oxfam\.org\.uk$" name="^__RequestVerificationToken$" /-->
+	<!--securecookie host="^ict4d\.oxfam\.org\.uk$" name="^DYNSRV$" /-->
+	<!--securecookie host="^karl\.oxfam\.org\.uk$" name="^(?:oatmeal|repoze\.browserid|session)$" /-->
+	<!--securecookie host="^\.karl\.oxfam\.org\.uk$" name="^oatmeal$" /-->
+
+	<securecookie host="^\." name="^(?:_gat?$|_gat_|o_cs_referrer|s_v)" />
+	<securecookie host="^(?!\.oxfam\.org\.uk$)." name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OxfamAmerica.org.xml b/src/chrome/content/rules/OxfamAmerica.org.xml
new file mode 100644
index 000000000000..9d7741d10f90
--- /dev/null
+++ b/src/chrome/content/rules/OxfamAmerica.org.xml
@@ -0,0 +1,22 @@
+<!--
+		Remark: *.oxfamamerica.org have a wildcard DNS Record.
+
+	Invalid Security Certificate:
+		secure.oxfamamerica.org
+-->
+<ruleset name="OxfamAmerica.org">
+	<target host="oxfamamerica.org" />
+	<target host="www.oxfamamerica.org" />
+	<target host="change.oxfamamerica.org" />
+	<target host="closeup.oxfamamerica.org" />
+	<target host="firstperson.oxfamamerica.org" />
+	<target host="mars.oxfamamerica.org" />
+	<target host="policy-practice.oxfamamerica.org" />
+	<target host="politicsofpoverty.oxfamamerica.org" />
+	<target host="secure2.oxfamamerica.org" />
+	<target host="secure3.oxfamamerica.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/OxfamIrelandUnwrapped.xml b/src/chrome/content/rules/OxfamIrelandUnwrapped.xml
deleted file mode 100644
index 244787be71c6..000000000000
--- a/src/chrome/content/rules/OxfamIrelandUnwrapped.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="Oxfam Unwrapped">
-  <target host="oxfamirelandunwrapped.com" />
-  <target host="www.oxfamirelandunwrapped.com" />
-  <target host="netbel.oxfamireland.org" />
-
-  <!-- Republic Of Ireland -->
-  <rule from="^http://(?:www\.)?oxfamirelandunwrapped\.com/" to="https://www.oxfamirelandunwrapped.com/"/>
-  <!-- Northern Ireland -->
-  <rule from="^http://netbel\.oxfamireland\.org/" to="https://netbel.oxfamireland.org/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/Oxford-Journals.xml b/src/chrome/content/rules/Oxford-Journals.xml
deleted file mode 100644
index a2e0e9ece76c..000000000000
--- a/src/chrome/content/rules/Oxford-Journals.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)		(cert: secure.oxfordjournals.org; redirects to http)
-
--->
-<ruleset name="Oxford Journals (partial)">
-
-	<target host="*.oxfordjournals.org" />
-
-
-	<securecookie host="^\w+\.oxfordjournals\.org$" name=".*" />
-
-
-	<!--	resource/css/ differs.	-->
-	<rule from="^https?://(?:www\.)?oxfordjournals\.org/resource/image/"
-		to="https://secure.oxfordjournals.org/resource/image/" />
-
-	<rule from="^http://(access|secure|services)\.oxfordjournals\.org/"
-		to="https://$1.oxfordjournals.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/OxfordJournals.org.xml b/src/chrome/content/rules/OxfordJournals.org.xml
new file mode 100644
index 000000000000..10626a2023d1
--- /dev/null
+++ b/src/chrome/content/rules/OxfordJournals.org.xml
@@ -0,0 +1,32 @@
+<!--
+	Invalid certificate:
+		globaljobs-careernetwork.oxfordjournals.org
+		m.*.oxfordjournals.org
+		test.oxfordjournals.org
+
+	Refused:
+		bfgp.oxfordjournals.org
+		cep.oxfordjournals.org
+		cme.oxfordjournals.org
+		cq.oxfordjournals.org
+		cr.oxfordjournals.org
+		economics.oxfordjournals.org
+		intimmabs.oxfordjournals.org
+		www.jid.oxfordjournals.org
+		services.oxfordjournals.org
+		submit-jxb.oxfordjournals.org
+
+	Time out:
+		mmcts.oxfordjournals.org
+
+-->
+<ruleset name="Oxford Journals">
+
+	<target host="oxfordjournals.org" />
+	<target host="www.oxfordjournals.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Oxford_Dictionaries.xml b/src/chrome/content/rules/Oxford_Dictionaries.xml
new file mode 100644
index 000000000000..389a850f9ddc
--- /dev/null
+++ b/src/chrome/content/rules/Oxford_Dictionaries.xml
@@ -0,0 +1,43 @@
+<!--
+	Problematic subdomains:
+
+	Invalid cert:
+		- audio.oxforddictionaries.com
+		- gls.oxforddictionaries.com
+-->
+<ruleset name="Oxford Dictionaries">
+
+	<target host="oxforddictionaries.com" />
+	<target host="api.oxforddictionaries.com" />
+	<target host="blog.oxforddictionaries.com" />
+	<target host="community.oxforddictionaries.com" />
+	<target host="www.community.oxforddictionaries.com" />
+	<target host="developer.oxforddictionaries.com" />
+	<target host="en.oxforddictionaries.com" />
+	<target host="en-staging.oxforddictionaries.com" />
+	<target host="es.oxforddictionaries.com" />
+	<target host="forum.oxforddictionaries.com" />
+	<target host="hi.oxforddictionaries.com" />
+	<target host="id.oxforddictionaries.com" />
+	<target host="lv.oxforddictionaries.com" />
+	<target host="ms.oxforddictionaries.com" />
+	<target host="nso.oxforddictionaries.com" />
+	<target host="od-api.oxforddictionaries.com" />
+	<target host="premium.oxforddictionaries.com" />
+	<target host="ro.oxforddictionaries.com" />
+	<target host="sso.oxforddictionaries.com" />
+	<target host="sw.oxforddictionaries.com" />
+	<target host="tn.oxforddictionaries.com" />
+	<target host="ur.oxforddictionaries.com" />
+	<target host="www.oxforddictionaries.com" />
+	<target host="zu.oxforddictionaries.com" />
+
+	<target host="oxfordlearnersdictionaries.com" />
+	<target host="www.oxfordlearnersdictionaries.com" />
+
+<!-- Redirects for subdomains without secured content -->
+	<rule from="^http://oxforddictionaries\.com/" to="https://www.oxforddictionaries.com/" />
+ 	<rule from="^http://oxfordlearnersdictionaries\.com/" to="https://www.oxfordlearnersdictionaries.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Oxford_University_Press.xml b/src/chrome/content/rules/Oxford_University_Press.xml
index 2369f4179f78..6a4e7d880e00 100644
--- a/src/chrome/content/rules/Oxford_University_Press.xml
+++ b/src/chrome/content/rules/Oxford_University_Press.xml
@@ -1,17 +1,61 @@
 <!--
+	Oxford University Press
+
+
 	CDN buckets:
 
 		- d3hc5ng33pisks.cloudfront.net
 
 			- gab.cookie.oup.com
 
+
+	Nonfunctional hosts in *oup.com:
+
+		- (www.)? ¹
+		- ukcatalogue ²
+		- www.us ¹
+
+	¹ Dropped
+	² Plaintext reply
+
+
+	These altnames don't exist:
+
+		- www.global.oup.com
+
+
+	Insecure cookies are set for these hosts:
+
+		- elt.oup.com
+		- global.oup.com
+
+
+	Mixed content:
+
+		- favicon on global from www.oup.com
+		- Bug on global from pub.cookie.oup.com *
+
+	* Secured by us
+
 -->
-<ruleset name="Oxford University Press (partial)">
+<ruleset name="OUP.com (partial)">
 
+	<!--	Direct rewrites:
+				-->
+	<target host="elt.oup.com" />
+	<target host="global.oup.com" />
 	<target host="gab.cookie.oup.com" />
+	<target host="pub.cookie.oup.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:elt|global)\.oup\.com$" name="^JSESSIONID$" /-->
+
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^http://gab\.cookie\.oup\.com/"
-		to="https://d3hc5ng33pisks.cloudfront.net/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Oyunhizmetleri.com.xml b/src/chrome/content/rules/Oyunhizmetleri.com.xml
new file mode 100644
index 000000000000..3b14fff2415c
--- /dev/null
+++ b/src/chrome/content/rules/Oyunhizmetleri.com.xml
@@ -0,0 +1,17 @@
+<!--
+	Expired 2013-12-01
+
+-->
+<ruleset name="oyunhizmetleri.com" default_off="expired">
+
+	<target host="oyunhizmetleri.com" />
+	<target host="www.oyunhizmetleri.com" />
+
+
+	<securecookie host="^www\.oyunhizmetleri\.com$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?oyunhizmetleri\.com/"
+		to="https://www.oyunhizmetleri.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Oz-affiliate.com.xml b/src/chrome/content/rules/Oz-affiliate.com.xml
new file mode 100644
index 000000000000..6dbba7faffe3
--- /dev/null
+++ b/src/chrome/content/rules/Oz-affiliate.com.xml
@@ -0,0 +1,31 @@
+<!--
+	Problematic hosts in *oz-affiliate.com:
+
+		- www *
+
+	* Mismatched
+
+
+	Fully covered hosts in *oz-affiliate.com:
+
+		- (www.)?	(www → ^)
+
+-->
+<ruleset name="Oz-affiliate.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="oz-affiliate.com" />
+
+	<!--	Complications:
+				-->
+	<target host="www.oz-affiliate.com" />
+
+
+	<rule from="^http://www\.oz-affiliate\.com/"
+		to="https://oz-affiliate.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OzBargain.com.au.xml b/src/chrome/content/rules/OzBargain.com.au.xml
new file mode 100644
index 000000000000..d913935c7f56
--- /dev/null
+++ b/src/chrome/content/rules/OzBargain.com.au.xml
@@ -0,0 +1,24 @@
+<!--
+	Other related rulesets:
+		- cheapies.nz.xml
+		- CheapCheapLah.com.xml
+		- Couponese.com.xml
+
+	Mixed content:
+		- Images on blog.ozbargain.com.au from $self ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+-->
+<ruleset name="OzBargain">
+
+	<target host="ozbargain.com.au" />
+	<target host="www.ozbargain.com.au" />
+	<target host="blog.ozbargain.com.au" />
+	<target host="files.ozbargain.com.au" />
+	<target host="cdn.ozb.me" />
+
+	<securecookie host="^www\.ozbargain\.com\.au$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/OzBargain.xml b/src/chrome/content/rules/OzBargain.xml
deleted file mode 100644
index 2f9a97476e8f..000000000000
--- a/src/chrome/content/rules/OzBargain.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="OzBargain">
-  <target host="ozbargain.com.au" />
-  <target host="www.ozbargain.com.au" />
-
-  <rule from="^https?://(?:www\.)?ozbargain\.com\.au/" to="https://www.ozbargain.com.au/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/OzLabs.org.xml b/src/chrome/content/rules/OzLabs.org.xml
new file mode 100644
index 000000000000..81803c2f7249
--- /dev/null
+++ b/src/chrome/content/rules/OzLabs.org.xml
@@ -0,0 +1,61 @@
+<!--
+	Remark: some of the following hosts are omitted (regex)
+		- virt\d+.ozlabs.org
+		- vpn\d+.ozlabs.org
+
+	Non-functional hosts
+		Couldn't connect to server:
+			 - bje.ozlabs.org
+			 - frodo.ozlabs.org
+			 - libhugetlbfs.ozlabs.org
+			 - ns4.ozlabs.org
+			 - tip.ozlabs.org
+
+		Timeout was reached:
+			 - magni.dyn.ozlabs.org
+			 - irc.ozlabs.org
+			 - matrix.ozlabs.org
+			 - mx0.ozlabs.org
+			 - ns3.ozlabs.org
+			 - test.ozlabs.org
+
+		SSL peer certificate was not OK:
+			 - bilbo-qemu.ozlabs.org
+			 - ccontrol.ozlabs.org
+			 - farr92.ozlabs.org
+			 - jk.ozlabs.org
+			 - lguest.ozlabs.org
+			 - librtas.ozlabs.org
+			 - libtopology.ozlabs.org
+			 - ns.ozlabs.org
+			 - ns2.ozlabs.org
+			 - powerpc-utils.ozlabs.org
+			 - sourcefrog.ozlabs.org
+			 - valen.ozlabs.org
+			 - vpn193.ozlabs.org
+			 - yaboot.ozlabs.org
+
+		Incomplete certificate chain error:
+			 - bilbo-bmc.ozlabs.org
+
+		5xx server error:
+			 - anton.ozlabs.org
+-->
+<ruleset name="OzLabs.org (partial)">
+	<target host="ozlabs.org" />
+	<target host="www.ozlabs.org" />
+	<target host="anton.ozlabs.org" />
+		<test url="http://anton.ozlabs.org/blog/" />
+	<target host="bilbo.ozlabs.org" />
+	<target host="git.ozlabs.org" />
+	<target host="ian.ozlabs.org" />
+	<target host="lists.ozlabs.org" />
+	<target host="mx.ozlabs.org" />
+	<target host="nemo.ozlabs.org" />
+	<target host="patchwork.ozlabs.org" />
+	<target host="rusty.ozlabs.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/OzLabs.xml b/src/chrome/content/rules/OzLabs.xml
deleted file mode 100644
index d1e3a1b2c1c0..000000000000
--- a/src/chrome/content/rules/OzLabs.xml
+++ /dev/null
@@ -1,28 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- jk *
-		- librtas *
-		- powerpc-utils *
-		- yaboot *
-
-	* Shows www
-
-
-	Fully covered subdomains:
-
-		- git
-		- patchwork
-
--->
-<ruleset name="OzLabs (CAcert)" platform="cacert">
-
-	<target host="ozlabs.org" />
-	<target host="*.ozlabs.org" />
-		<exclusion pattern="^http://(?:jk|librtas|powerpc-utils|yaboot)\." />
-
-
-	<rule from="^http://([\w\.-]+\.)?ozlabs\.org/"
-		to="https://$1ozlabs.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Ozi-ru.org.xml b/src/chrome/content/rules/Ozi-ru.org.xml
new file mode 100644
index 000000000000..82079085452a
--- /dev/null
+++ b/src/chrome/content/rules/Ozi-ru.org.xml
@@ -0,0 +1,6 @@
+<ruleset name="Ozi-ru.org">
+	<target host="ozi-ru.org" />
+	<target host="www.ozi-ru.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ozon.Travel.xml b/src/chrome/content/rules/Ozon.Travel.xml
index 431827c63669..235506da6422 100644
--- a/src/chrome/content/rules/Ozon.Travel.xml
+++ b/src/chrome/content/rules/Ozon.Travel.xml
@@ -1,13 +1,24 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.ozon.travel
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
 <ruleset name="Ozon.Travel">
 
 	<target host="ozon.travel" />
 	<target host="www.ozon.travel" />
 
 
-	<securecookie host="^www\.ozon\.travel$" name=".*" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.ozon\.travel$" name="^(?:AB_FastBack|RotorSessionGroup|RotorSessionId|RotorTrackingId)$" /-->
+
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^http://(www\.)?ozon\.travel/"
-		to="https://$1ozon.travel/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/P-tano.com.xml b/src/chrome/content/rules/P-tano.com.xml
new file mode 100644
index 000000000000..cdc127cbde44
--- /dev/null
+++ b/src/chrome/content/rules/P-tano.com.xml
@@ -0,0 +1,24 @@
+<!--
+	For other Otsaku Corporation coverage, see Otsuka-shokai.co.jp.xml.
+
+
+	^: cert only matches www
+
+
+	Mixed content:
+
+		- Images from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="P-tano.com">
+
+	<target host="p-tano.com" />
+	<target host="www.p-tano.com" />
+
+
+	<rule from="^http://(?:www\.)?p-tano\.com/"
+		to="https://www.p-tano.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/P2P_Foundation.net.xml b/src/chrome/content/rules/P2P_Foundation.net.xml
new file mode 100644
index 000000000000..71c52ca592d0
--- /dev/null
+++ b/src/chrome/content/rules/P2P_Foundation.net.xml
@@ -0,0 +1,25 @@
+<!--
+	(www.): shows blog
+
+
+	Mixed content:
+
+		- css on blog from fonts.googleapis.com ¹
+
+		- Images, on:
+
+			- blog from $self ¹
+			- blog from steigan.no ²
+
+	¹ Secured by us
+	² Unsecurable <= 404
+
+-->
+<ruleset name="P2P Foundation.net (partial)">
+
+	<target host="blog.p2pfoundation.net" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/P6R.com.xml b/src/chrome/content/rules/P6R.com.xml
new file mode 100644
index 000000000000..76448a580c5a
--- /dev/null
+++ b/src/chrome/content/rules/P6R.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="P6R.com">
+	<target host="p6r.com" />
+	<target host="www.p6r.com" />
+	<target host="support.p6r.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PAETEC.xml b/src/chrome/content/rules/PAETEC.xml
index 98c621860816..f5322553fd88 100644
--- a/src/chrome/content/rules/PAETEC.xml
+++ b/src/chrome/content/rules/PAETEC.xml
@@ -6,13 +6,8 @@
 
 		- sync		(interrupted)
 
-
-	Problematic subdomains:
-
-		- ^	(cert only matches www)
-
 -->
-<ruleset name="PAETEC (partial)">
+<ruleset name="PAETEC.com (partial)" default_off="mismatched">
 
 	<target host="paetec.com" />
 	<target host="www.paetec.com" />
@@ -21,4 +16,4 @@
 	<rule from="^http://(?:www\.)?paetec\.com/"
 		to="https://www.paetec.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/PAPPP.net.xml b/src/chrome/content/rules/PAPPP.net.xml
new file mode 100644
index 000000000000..51ed786b31e7
--- /dev/null
+++ b/src/chrome/content/rules/PAPPP.net.xml
@@ -0,0 +1,16 @@
+<!--
+	Refused:
+		www.pappp.net
+
+-->
+<ruleset name="PAPPP.net">
+
+	<target host="pappp.net" />
+	<target host="www.pappp.net" />
+
+	<rule from="^http://www\.pappp\.net/"
+		to="https://pappp.net/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PBAGalleries.xml b/src/chrome/content/rules/PBAGalleries.xml
index bba3988aeb68..0dd91a1c04c8 100644
--- a/src/chrome/content/rules/PBAGalleries.xml
+++ b/src/chrome/content/rules/PBAGalleries.xml
@@ -1,4 +1,4 @@
-<ruleset name="PBA Galleries (mismatches)" default_off="mismatch">
+<ruleset name="PBA Galleries (mismatches)" default_off="mismatched">
   <target host="pbagalleries.com" />
   <target host="www.pbagalleries.com" />
 
diff --git a/src/chrome/content/rules/PBHS.xml b/src/chrome/content/rules/PBHS.xml
index 9276a95e77bd..fefa606ea24a 100644
--- a/src/chrome/content/rules/PBHS.xml
+++ b/src/chrome/content/rules/PBHS.xml
@@ -13,7 +13,6 @@
 	<securecookie host="^www\.pbhs\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?pbhs\.com/"
-		to="https://$1pbhs.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/PBS.org.xml b/src/chrome/content/rules/PBS.org.xml
new file mode 100644
index 000000000000..0af714155691
--- /dev/null
+++ b/src/chrome/content/rules/PBS.org.xml
@@ -0,0 +1,19 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- chrome.pbs.org
+		- newshour-tc.pbs.org
+
+		4xx client error:
+		- gchrome.cdn.pbs.org
+		- urs.pbs.org
+-->
+<ruleset name="PBS.org">
+	<target host="pbs.org" />
+	<target host="www.pbs.org" />
+	<target host="www-tc.pbs.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PBS.xml b/src/chrome/content/rules/PBS.xml
deleted file mode 100644
index cffeea8174cd..000000000000
--- a/src/chrome/content/rules/PBS.xml
+++ /dev/null
@@ -1,59 +0,0 @@
-<!--
-	CDN buckets:
-
-		- s3.amazonaws.com/newshour/photos/yyyy/mm/dd/
-		- s3.amazonaws.com/pbs.merlin.cdn.prod/
-
-		- d2nu96cf2r9spk.cloudfront.net
-
-			- gchrome.cdn.pbs.org
-
-		- d2rb2ymyzshpad.cloudfront.net
-
-			- www-tc.pbs.org
-
-		- dnn506yrbagrg.cloudfront.net
-
-
-	Nonfunctional domains:
-
-		- pbs.org *
-		- chrome.pbs.org
-		- urs.pbs.org
-		- www.pbs.org					(homepage redirects to http, other paths 403)
-		- www-tc.pbs.org(/cove-media|/images|/video)	(400, mismatched, CN: *.hs.llnwd.net)
-		- (www.)pbskids.org *
-
-	* Times out
-
--->
-<ruleset name="Public Broadcasting Service (partial)" platform="mixedcontent">
-
-	<target host="video.pbs.org" />
-	<target host="www-tc.pbs.org" />
-	<target host="shoppbs.org" />
-	<target host="www.shoppbs.org" />
-
-
-	<securecookie host="^www\.shoppbs\.org$" name=".+" />
-
-
-	<!--	This broke Washington Week videos, like http://www.pbs.org/weta/washingtonweek/watch/watch%20the%20show/34039
-
-		Presumably caused by livepassdl.conviva.com/crossdomain.xml forbidding https. (FUU!)
-
-		https://trac.torproject.org/projects/tor/ticket/7180 
-
-	<rule from="^http://video\.pbs\.org/"
-		to="https://video.pbs.org/" /-->
-
-	<rule from="^http://www-tc\.pbs\.org/s3/pbs\.(merlin\.cdn\.prod|pbsorg-prod\.mediafiles)/"
-		to="https://s3.amazonaws.com/pbs.$1/" />
-
-	<rule from="^https?://gchrome\.cdn\.pbs\.org/"
-		to="https://d2nu96cf2r9spk.cloudfront.net/" />
-
-	<rule from="^http://(www\.)?shoppbs\.org/"
-		to="https://$1shoppbs.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/PBSKids.org.xml b/src/chrome/content/rules/PBSKids.org.xml
new file mode 100644
index 000000000000..21dea9a13bda
--- /dev/null
+++ b/src/chrome/content/rules/PBSKids.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="PBSKids.org">
+	<target host="pbskids.org" />
+	<target host="www.pbskids.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PBase.xml b/src/chrome/content/rules/PBase.xml
index cb59188f330e..897dbe7a2cb9 100644
--- a/src/chrome/content/rules/PBase.xml
+++ b/src/chrome/content/rules/PBase.xml
@@ -18,13 +18,14 @@
 <ruleset name="PBase (partial)">
 
 	<target host="pbase.com" />
-	<target host="*.pbase.com" />
+	<target host="secure2.pbase.com" />
+	<target host="www.pbase.com" />
+	<target host="ap1.pbase.com" />
 
 
-	<rule from="^https?://(?:secure2\.|www\.)?pbase\.com/"
+	<rule from="^http://(?:secure2\.|www\.)?pbase\.com/"
 		to="https://secure2.pbase.com/" />
 
-	<rule from="^https?://ap1\.pbase\.com/"
-		to="https://d1lvd91299t0s2.cloudfront.net/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/PBwiki.xml b/src/chrome/content/rules/PBwiki.xml
deleted file mode 100644
index 0c2180ca235e..000000000000
--- a/src/chrome/content/rules/PBwiki.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="PBwiki (partial)">
-
-	<!--	/pbwiki.com redirects to http	-->
-	<target host="*.pbwiki.com"/>
-
-	<rule from="^http://(files|my|(pb-api)?docs|secure|vs1|www)\.pbworks\.com/"
-		to="https://$1.pbworks.com/"/>
-
-	<rule from="^http://usermanual\.pbworks\.com/([fw]/|theme_image\.php)"
-		to="https://usermanual.pbworks.com/$1"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/PBworks.com.xml b/src/chrome/content/rules/PBworks.com.xml
new file mode 100644
index 000000000000..1ad92195861f
--- /dev/null
+++ b/src/chrome/content/rules/PBworks.com.xml
@@ -0,0 +1,10 @@
+<!--
+	Note: *.pbworks.com has a wildcard DNS record and certificate.
+-->
+<ruleset name="PBworks.com (partial)">
+	<target host="pbworks.com"/>
+	<target host="www.pbworks.com"/>
+	<target host="secure.pbworks.com" />
+	
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PBworks.xml b/src/chrome/content/rules/PBworks.xml
index 67a4d960fd7f..72742ef0d361 100644
--- a/src/chrome/content/rules/PBworks.xml
+++ b/src/chrome/content/rules/PBworks.xml
@@ -3,7 +3,7 @@
 	<target host="*.pbworks.com" />
 
 
-	<securecookie host="^(.*\.)?pbworks\.com$" name=".*" />
+	<securecookie host=".+" name=".+"/>
 
 
 	<!--	Example:
diff --git a/src/chrome/content/rules/PC-BSD.xml b/src/chrome/content/rules/PC-BSD.xml
index d62edcdeafad..e51c4438f442 100644
--- a/src/chrome/content/rules/PC-BSD.xml
+++ b/src/chrome/content/rules/PC-BSD.xml
@@ -1,26 +1,65 @@
+
 <!--
-	Nonfunctional subdomains:
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.pcbsd.org/favicon.ico => https://www.pcbsd.org/favicon.ico: (6, 'Could not resolve host: www.pcbsd.org')
+Fetch error: http://www.pcbsd.org/wp-content/uploads/2015/12/PCBSD.png => https://www.pcbsd.org/wp-content/uploads/2015/12/PCBSD.png: (6, 'Could not resolve host: www.pcbsd.org')
+Fetch error: http://www.pcbsd.org/wp-includes/js/jquery/jquery.js => https://www.pcbsd.org/wp-includes/js/jquery/jquery.js: (6, 'Could not resolve host: www.pcbsd.org')
+Fetch error: http://bugs.pcbsd.org/ => https://bugs.pcbsd.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	Mismatch:
+		- builds
+		- iso.cdn
+		- pkg.cdn
+		- download
+		- ftp
+		- pbibuild
+		- pbibuild64
+		- pootle
+		- pootle2
+		- wiki
+
+
+	Timeout:
+		- lists
+		- translate
+
 
-		- ^ *
-		- forums *
-		- lists		(shows mail.ixsystems.com; mismatched, CN: *.ixsystems.com)
-		- pootle *
-		- pootle2 *
-		- wiki *
-		- www		(times out)
+	Incomplete cert chain:
+		- ^
 
-	* Refused
 
+	Insecure cookies are set for these hosts:
+
+		- bugs.pcbsd.org
+		- forums.pcbsd.org
+
+
+	Mixed content on ^ and www.
 -->
-<ruleset name="PC-BSD (partial)">
+<ruleset name="PC BSD.org (partial)" default_off="failed ruleset test">
+
+	<target host="www.pcbsd.org" />
+	<target host="api.pcbsd.org" />
+	<target host="area51.pcbsd.org" />
+	<target host="blog.pcbsd.org" />
+	<target host="bugs.pcbsd.org" />
+	<target host="forums.pcbsd.org" />
+	<target host="web.pcbsd.org" />
+
 
-	<target host="trac.pcbsd.org" />
+	<exclusion pattern="^http://www\.pcbsd\.org/(?!favicon\.ico|wp-content/|wp-includes/)" />
+	<test url="http://www.pcbsd.org/favicon.ico" />
+	<test url="http://www.pcbsd.org/wp-content/uploads/2015/12/PCBSD.png" />
+	<test url="http://www.pcbsd.org/wp-includes/js/jquery/jquery.js" />
+	<test url="http://www.pcbsd.org/community/" />
+	<test url="http://www.pcbsd.org/download/" />
+	<test url="http://www.pcbsd.org/docs/" />
 
 
-	<securecookie host="^trac\.pcbsd\.org$" name=".+" />
+	<securecookie host="^(bugs|forums)\.pcbsd\.org$" name=".+" />
 
 
-	<rule from="^http://trac\.pcbsd\.org/"
-		to="https://trac.pcbsd.org/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/PC-Ostschweiz.ch.xml b/src/chrome/content/rules/PC-Ostschweiz.ch.xml
new file mode 100644
index 000000000000..664765fa3ae5
--- /dev/null
+++ b/src/chrome/content/rules/PC-Ostschweiz.ch.xml
@@ -0,0 +1,32 @@
+<!--
+	For other PCP coverage, see PCP.com.xml.
+
+
+	^pc-ostschweiz.ch: Mismatched
+
+-->
+<ruleset name="PC-Ostschweiz.ch">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.pc-ostschweiz.ch"/>
+
+	<!--	Complications:
+				-->
+	<target host="pc-ostschweiz.ch"/>
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.pc-ostschweiz\.ch$" name="^(ASP\.NET_SessionId|SC)$" /-->
+
+	<securecookie host="^www\.pc-ostschweiz\.ch$" name=".+" />
+
+
+	<rule from="^http://pc-ostschweiz\.ch/"
+		to="https://www.pc-ostschweiz.ch/"/>
+
+	<rule from="^http:"
+		to="https:"/>
+
+</ruleset>
diff --git a/src/chrome/content/rules/PC-Users-Group-ACT.xml b/src/chrome/content/rules/PC-Users-Group-ACT.xml
deleted file mode 100644
index e072eb64c0d3..000000000000
--- a/src/chrome/content/rules/PC-Users-Group-ACT.xml
+++ /dev/null
@@ -1,26 +0,0 @@
-<!--
-	Nonfunctional domains:
-
-		- (www.)canb.auug.org.au	(cert: members.tip.net.au; shows members' data)
-		- hosting.tip.net.au		(ditto)
-		- irc.tip.net.au		(ditto)
-
--->
-<ruleset name="PC Users Group (ACT) (partial)" platform="cacert mixedcontent">
-
-	<target host="pcug.org.au" />
-	<target host="www.pcug.org.au" />
-	<target host="members.tip.net.au" />
-
-
-	<securecookie host="^members\.tip\.net\.au$" name=".*" />
-
-
-	<rule from="^http://(www\.)?pcug\.org\.au/"
-		to="https://$1pcug.org.au/" />
-
-	<!--	www: https data differs from http data.	-->
-	<rule from="^http://members\.tip\.net\.au/"
-		to="https://members.tip.net.au/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/PCC-CIC.org.uk.xml b/src/chrome/content/rules/PCC-CIC.org.uk.xml
new file mode 100644
index 000000000000..de3aa537e3c0
--- /dev/null
+++ b/src/chrome/content/rules/PCC-CIC.org.uk.xml
@@ -0,0 +1,22 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- helpdesk.pcc-cic.org.uk
+
+-->
+<ruleset name="PCC-CIC.org.uk">
+
+	<target host="helpdesk.pcc-cic.org.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^helpdesk\.pcc-cic\.org\.uk$" name="^SWIFT_(?:client|sessionid40)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PCCArx.ca.xml b/src/chrome/content/rules/PCCArx.ca.xml
new file mode 100644
index 000000000000..1b5bfa852f89
--- /dev/null
+++ b/src/chrome/content/rules/PCCArx.ca.xml
@@ -0,0 +1,6 @@
+<ruleset name="PCCArx.ca">
+	<target host="pccarx.ca" />
+	<target host="www.pccarx.ca" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PCCU.edu.tw.xml b/src/chrome/content/rules/PCCU.edu.tw.xml
new file mode 100644
index 000000000000..6684f5780792
--- /dev/null
+++ b/src/chrome/content/rules/PCCU.edu.tw.xml
@@ -0,0 +1,68 @@
+<!--
+	Chinese Culture University
+
+
+	Nonfunctional hosts in *pccu.edu.tw:
+
+		- activity ᵈ
+		- alumnus ᵈ
+		- ap6 ᶠ
+		- ccusa ᵈ
+		- cloud ᵈ
+		- counseling ᵈ
+		- cuau ᵈ
+		- epaper ᶠ
+		- files ʳ
+		- guidance ᵈ
+		- house ᵈ
+		- hygiene ᵈ
+		- hkm ʳ
+		- webmail ʳ
+		- www2 ᵈ
+
+	ᵈ Dropped
+	ᶠ Handshake fails
+	ʳ Refused
+
+
+	Problematic hosts in *pccu.edu.tw:
+
+		- ^ ʳ
+		- webcat.lib ᵐ
+
+	ᵐ Mismatched
+	ʳ Refused
+
+
+	Mixed content:
+
+		- Image on www from epaper.pccu.edu.tw ᶠ
+
+	ᶠ Unsecurable <= handshake fails
+
+-->
+<ruleset name="PCCU.edu.tw (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ap1.pccu.edu.tw" />
+	<target host="ap2.pccu.edu.tw" />
+	<target host="mobi.pccu.edu.tw" />
+	<target host="ulive.pccu.edu.tw" />
+	<target host="www.pccu.edu.tw" />
+
+	<!--	Complications:
+				-->
+	<target host="pccu.edu.tw" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://pccu\.edu\.tw/"
+		to="https://www.pccu.edu.tw/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PCCaseGear.xml b/src/chrome/content/rules/PCCaseGear.xml
index 1568d248331c..3f01c9073dcf 100644
--- a/src/chrome/content/rules/PCCaseGear.xml
+++ b/src/chrome/content/rules/PCCaseGear.xml
@@ -1,8 +1,24 @@
-<ruleset name="PCCaseGear" platform="mixedcontent">
-  <target host="pccasegear.com" />
-  <target host="www.pccasegear.com" />
-  <target host="pccasegear.com.au" />
-  <target host="www.pccasegear.com.au" />
+<!--
+	(www.)?pccasegear.com.au: Mismatched
+
+-->
+<ruleset name="PC Case Gear">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="pccasegear.com" />
+	<target host="www.pccasegear.com" />
+
+	<!--	Complications:
+				-->
+	<target host="pccasegear.com.au" />
+	<target host="www.pccasegear.com.au" />
+
+
+	<rule from="^http://(?:www\.)?pccasegear\.com\.au/"
+		to="https://www.pccasegear.com/" />
+
+	<rule from="^http:"
+		to="https:" />
 
-  <rule from="^https?://(?:www\.)?pccasegear\.com(?:\.au)?/" to="https://www.pccasegear.com/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/PCEL.xml b/src/chrome/content/rules/PCEL.xml
deleted file mode 100644
index 279cd5288d8b..000000000000
--- a/src/chrome/content/rules/PCEL.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="PCEL">
-
-	<target host="pcel.com" />
-	<target host="*.pcel.com" />
-
-
-	<securecookie host="^(?:w*\.)?pcel\.com$" name=".+" />
-
-
-	<rule from="^http://(images\.|www\.)?pcel\.com/"
-		to="https://$1pcel.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/PCGamer.com.xml b/src/chrome/content/rules/PCGamer.com.xml
new file mode 100644
index 000000000000..beb0457a33ce
--- /dev/null
+++ b/src/chrome/content/rules/PCGamer.com.xml
@@ -0,0 +1,20 @@
+<!--
+	Nonfunctional hosts in *.pcgamer.com:
+
+	r: connection refused
+	    dl.pcgamer.com (Timeout)
+
+	HTTPS connection refused:
+       	email.pcgamer.com (mismatch)
+	    media.pcgamer.com (Timeout)
+	    weekender.pcgamer.com (mismatch)
+		sl.pcgamer.com (Expired cert)
+-->
+<ruleset name="PCGamer.com">
+
+	<target host="pcgamer.com" />
+	<target host="www.pcgamer.com" />
+	<target host="club.pcgamer.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PCGamesHardware.de.xml b/src/chrome/content/rules/PCGamesHardware.de.xml
new file mode 100644
index 000000000000..2a26ec7c7c3e
--- /dev/null
+++ b/src/chrome/content/rules/PCGamesHardware.de.xml
@@ -0,0 +1,39 @@
+<!--
+	SSL: no alternative certificate subject name matches target host name:
+		- *.damoh.pcgameshardware.de
+		- forumredir.pcgameshardware.de
+-->
+<ruleset name="PCGamesHardware.de">
+
+	<target host="pcgameshardware.de" />
+	<target host="www.pcgameshardware.de" />
+	<target host="abo.pcgameshardware.de" />
+	<target host="babel2.pcgameshardware.de" />
+	<target host="cast.pcgameshardware.de" />
+	<target host="chat.pcgameshardware.de" />
+	<target host="ssl.1.damoh.pcgameshardware.de" />
+	<target host="ssl.2.damoh.pcgameshardware.de" />
+	<target host="ssl.3.damoh.pcgameshardware.de" />
+	<target host="download.pcgameshardware.de" />
+	<target host="epaper.pcgameshardware.de" />
+	<target host="extreme.pcgameshardware.de" />
+	<target host="extremebeta.pcgameshardware.de" />
+	<target host="extremedev.pcgameshardware.de" />
+	<target host="jdgtgb.pcgameshardware.de" />
+	<target host="login.pcgameshardware.de" />
+	<target host="logindev.pcgameshardware.de" />
+	<target host="m.pcgameshardware.de" />
+	<target host="mobile.pcgameshardware.de" />
+	<target host="player.pcgameshardware.de" />
+	<target host="playerdev.pcgameshardware.de" />
+	<target host="preisvergleich.pcgameshardware.de" />
+	<target host="ratgeber.pcgameshardware.de" />
+	<target host="dev.ratgeber.pcgameshardware.de" />
+	<target host="test.ratgeber.pcgameshardware.de" />
+	<target host="videos.pcgameshardware.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PCI-ID-Repository.xml b/src/chrome/content/rules/PCI-ID-Repository.xml
index 325c37714cc5..b497e821ef48 100644
--- a/src/chrome/content/rules/PCI-ID-Repository.xml
+++ b/src/chrome/content/rules/PCI-ID-Repository.xml
@@ -1,8 +1,6 @@
-<ruleset name="PCI ID Repository" default_off="self-signed">
-
-	<target host="pci-ids.ucw.cz"/>
-
-	<rule from="^http://pci-ids\.ucw\.cz/"
-		to="https://pci-ids.ucw.cz/"/>
+<ruleset name="PCI ID Repository">
+    <target host="pci-ids.ucw.cz" />
 
+    <rule from="^http:"
+            to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/PCI-Security-Standards-Council.xml b/src/chrome/content/rules/PCI-Security-Standards-Council.xml
deleted file mode 100644
index b04f15e64799..000000000000
--- a/src/chrome/content/rules/PCI-Security-Standards-Council.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<ruleset name="PCI Security Standards Council">
-
-	<target host="pcisecuritystandards.org" />
-	<target host="*.pcisecuritystandards.org" />
-
-
-	<!--	Cert only matches www.	-->
-	<rule from="^https?://(?:www\.)?pcisecuritystandards\.org/"
-		to="https://www.pcisecuritystandards.org/" />
-
-	<rule from="^http://(de|es|fr|frca|ja|pt|zh)\.pcisecuritystandards\.org/"
-		to="https://$1.pcisecuritystandards.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/PCINpact.com.xml b/src/chrome/content/rules/PCINpact.com.xml
deleted file mode 100644
index 244a9899df32..000000000000
--- a/src/chrome/content/rules/PCINpact.com.xml
+++ /dev/null
@@ -1,46 +0,0 @@
-<!--
-	For other EDI7 Media coverage, see EDI7.lu.xml.
-
-
-	Nonfunctional subdomains:
-
-		- static	(refused)
-
-
-	Problematic subdomains:
-
-		- ^	(dropped)
-
-
-	Mixed content:
-
-		- Images, on www from:
-
-			- static *
-			- nebula.prixdunet.com *
-
-		- css on www from fonts.googleapis.com **
-
-		- Ads/web bugs, on www from:
-
-			- www2.edi7.lu **
-			- ads.horyzon-media.com **
-			- logv10.xiti.com
-
-	* Unsecurable, doesn't trip MCB
-	** Secured by us
-
--->
-<ruleset name="PCINpact (partial)">
-
-	<target host="pcinpact.com" />
-	<target host="*.pcinpact.com" />
-
-
-	<securecookie host="^(?:www)?\.pcinpact\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?pcinpact\.com/"
-		to="https://www.pcinpact.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/PCI_Compliance_Guide.org.xml b/src/chrome/content/rules/PCI_Compliance_Guide.org.xml
new file mode 100644
index 000000000000..5f10e9b5d98d
--- /dev/null
+++ b/src/chrome/content/rules/PCI_Compliance_Guide.org.xml
@@ -0,0 +1,12 @@
+<ruleset name="PCI Compliance Guide.org">
+
+	<target host="pcicomplianceguide.org" />
+	<target host="www.pcicomplianceguide.org" />
+
+
+	<securecookie host="^(?:www)?\.pcicomplianceguide\.org$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PCP.com.xml b/src/chrome/content/rules/PCP.com.xml
new file mode 100644
index 000000000000..7d566b948654
--- /dev/null
+++ b/src/chrome/content/rules/PCP.com.xml
@@ -0,0 +1,30 @@
+<!--
+	Other PCP rulesets:
+
+		- Beck_PC.ch.xml
+		- ComStern.at.xml
+		- ComStern.de.xml
+		- PC-Ostschweiz.ch.xml
+		- Pcp.ch.xml
+
+
+	^pcp.com: Mismatched
+
+-->
+<ruleset name="PCP.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.pcp.com"/>
+
+	<!--	Complications:
+				-->
+	<target host="pcp.com"/>
+
+
+	<rule from="^http://pcp\.com/"
+		to="https://www.pcp.com/"/>
+
+	<rule from="^http:"
+		to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/PCPD.org.hk.xml b/src/chrome/content/rules/PCPD.org.hk.xml
new file mode 100644
index 000000000000..efbbf4a3aa3e
--- /dev/null
+++ b/src/chrome/content/rules/PCPD.org.hk.xml
@@ -0,0 +1,19 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+			 - mail.pcpd.org.hk
+			 - webmail2.pcpd.org.hk
+			 - www1.pcpd.org.hk
+
+		4xx client error:
+			 - webmail.pcpd.org.hk
+-->
+<ruleset name="Privacy Commissioner for Personal Data, Hong Kong (partial)">
+	<target host="pcpd.org.hk" />
+	<target host="www.pcpd.org.hk" />
+	<target host="remote.pcpd.org.hk" />
+
+	<securecookie host="^(www\.)?pcpd\.org\.hk$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PCPro.co.uk.xml b/src/chrome/content/rules/PCPro.co.uk.xml
index db49d61b944b..620a6300d6a9 100644
--- a/src/chrome/content/rules/PCPro.co.uk.xml
+++ b/src/chrome/content/rules/PCPro.co.uk.xml
@@ -1,14 +1,22 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://photos.pcpro.co.uk/ => https://desawk404a9v3.cloudfront.net/: (6, 'Could not resolve host: desawk404a9v3.cloudfront.net')
+Fetch error: http://sprites.pcpro.co.uk/ => https://desawk404a9v3.cloudfront.net/: (6, 'Could not resolve host: desawk404a9v3.cloudfront.net')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://photos.pcpro.co.uk/ => https://desawk404a9v3.cloudfront.net/: (6, 'Could not resolve host: photos.pcpro.co.uk')
+Fetch error: http://sprites.pcpro.co.uk/ => https://desawk404a9v3.cloudfront.net/: (6, 'Could not resolve host: sprites.pcpro.co.uk')
 	pcpro.s3.amazonaws.com
 
 -->
-<ruleset name="PCPro.co.uk (partial)">
+<ruleset name="PCPro.co.uk (partial)" default_off="failed ruleset test">
 
 	<target host="photos.pcpro.co.uk" />
 	<target host="sprites.pcpro.co.uk" />
 
 
-	<rule from="^https?://(?:photo|sprite)s\.pcpro\.co\.uk/"
+	<rule from="^http://(?:photo|sprite)s\.pcpro\.co\.uk/"
 		to="https://desawk404a9v3.cloudfront.net/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/PCRE.org.xml b/src/chrome/content/rules/PCRE.org.xml
new file mode 100644
index 000000000000..d4789f9b67eb
--- /dev/null
+++ b/src/chrome/content/rules/PCRE.org.xml
@@ -0,0 +1,15 @@
+<!--
+	(www.)?: Shows zeuscat.com
+	vcs: Shows bugs.exim.org
+
+-->
+<ruleset name="PCRE.org" default_off="broken">
+
+	<target host="pcre.org" />
+	<target host="www.pcre.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PCS.com.xml b/src/chrome/content/rules/PCS.com.xml
index 5a8898d0038d..ec1e79b21db2 100644
--- a/src/chrome/content/rules/PCS.com.xml
+++ b/src/chrome/content/rules/PCS.com.xml
@@ -1,41 +1,20 @@
 <!--
-	CN: webserver.ispgateway.de
 
+	Problematic hosts in pcs.com:
 
-	Mixed content:
-
-		- css, on:
-
-			- partner-support from partner-support *
-			- partner-support from fast.fonts.com *
-			- www from www *
-
-		- Images, on:
-
-			- partner-support from partner-support *
-			- www from www *
-
-		- Web bugs, on:
-
-			- partner-support from wm.wiredminds.de *
-			- www from wm.wiredminds.de *
-
-	* Secured by us
+		- download (timeout)
+		- webmail (self-signed)
 
 -->
-<ruleset name="PCS.com (false MCB)" default_off="self-signed" platform="mixedcontent">
+<ruleset name="PCS.com">
 
 	<target host="pcs.com" />
-	<target host="*.pcs.com" />
-
-
-	<securecookie host="^(?:partner-support|www)\.pcs\.com$" name=".+" />
-
+	<target host="www.pcs.com" />
+	<target host="partner-support.pcs.com" />
 
-	<rule from="^http://(?:www\.)?pcs\.com/"
-		to="https://www.pcs.com/" />
+	<securecookie host="^\w" name=".+" />
 
-	<rule from="^http://partner-support\.pcs\.com/"
-		to="https://partner-support.pcs.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/PCSpublink.com.xml b/src/chrome/content/rules/PCSpublink.com.xml
new file mode 100644
index 000000000000..877cf7309f5c
--- /dev/null
+++ b/src/chrome/content/rules/PCSpublink.com.xml
@@ -0,0 +1,27 @@
+<!--
+	(www.)?: dropped
+
+
+	Insecure cookies are set for these hosts:
+
+		- subscribe.pcspublink.com
+
+-->
+<ruleset name="PCSpublink.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="subscribe.pcspublink.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^subscribe\.pcspublink\.com$" name="^(ASP\.NET_SessionId|User)$" /-->
+
+	<securecookie host="^subscribe\.pcspublink\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PCUG.org.au.xml b/src/chrome/content/rules/PCUG.org.au.xml
new file mode 100644
index 000000000000..d1f6d23c341a
--- /dev/null
+++ b/src/chrome/content/rules/PCUG.org.au.xml
@@ -0,0 +1,53 @@
+<!--
+	Other PCUG.org.au related rulesets:
+		- TIP.net.au.xml
+
+	Non-functional hosts
+		Couldn't connect to server:
+			 - irc.ipv6.pcug.org.au
+
+		SSL peer certificate was not OK:
+			 - akabaila.pcug.org.au
+			 - amikkels.pcug.org.au
+			 - bblink.pcug.org.au
+			 - cmalot.pcug.org.au
+			 - collins.pcug.org.au
+			 - eugen.pcug.org.au
+			 - hosting.ipv4.pcug.org.au
+			 - irc.ipv4.pcug.org.au
+			 - irc.pcug.org.au
+			 - jevans.pcug.org.au
+			 - ldap.pcug.org.au
+			 - nab.pcug.org.au
+			 - newshost.pcug.org.au
+			 - pfoster.pcug.org.au
+			 - phooper.pcug.org.au
+			 - pmyers.pcug.org.au
+			 - smtps.pcug.org.au
+			 - terryg.pcug.org.au
+			 - willcock.pcug.org.au
+
+		Status code mismatch:
+			 - ftp.pcug.org.au
+			 - mailhost.pcug.org.au
+			 - smtp.pcug.org.au
+
+		Different content:
+			 - pcug.org.au
+			 - www.pcug.org.au
+			 - calendar.pcug.org.au
+			 - ipv4.pcug.org.au
+			 - www.ipv4.pcug.org.au
+			 - members.ipv4.pcug.org.au
+			 - pide.ipv4.pcug.org.au
+			 - members.pcug.org.au
+			 - pide.pcug.org.au
+			 - webmail.pcug.org.au
+-->
+<ruleset name="PCUG.org.au (partial)">
+	<target host="hosting.pcug.org.au" />
+	<target host="lists.ipv4.pcug.org.au" />
+	<target host="lists.pcug.org.au" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PCWorld.xml b/src/chrome/content/rules/PCWorld.xml
index 6fece3b3bae0..aa3b2da88745 100644
--- a/src/chrome/content/rules/PCWorld.xml
+++ b/src/chrome/content/rules/PCWorld.xml
@@ -1,33 +1,36 @@
 <!--
 	For other IDG coverage, see IDG.se.xml.
 
-
-	CDN buckets:
-
-		- pcworld.https.internapcdn.net
-
-
-	Nonfunctional domains:
-
-		- apache0.pcworld.com	(times out)
-		- forums.pcworld.com	(times out)
-		- images.pcworld.com	(cert: *.https.internapcdn.net; 404)
-		- marketing.pcworld.com	(times out
-		- static.pcworld.com	(ditto)
-
+	Internal server error:
+		- find.pcworld.com
+
+	Invalid certificate:
+		- vpn2.pcworld.com
+		- www.find.pcworld.com
+
+	Timeout was reached:
+		- apache0.pcworld.com
+		- dev-api.pcworld.com
+		- ftp.pcworld.com
+		- lm.pcworld.com
+		- lm3.pcworld.com
+		- lm4.pcworld.com
+		- mta1.pcworld.com
+		- mta2.pcworld.com
+		- nl.pcworld.com
+		- ns.pcworld.com
+		- ns0.pcworld.com
+		- ns1.pcworld.com
+		- thing1.pcworld.com
 -->
-<ruleset name="PC World">
-
+<ruleset name="PCWorld">
 	<target host="pcworld.com" />
-	<target host="*.pcworld.com" />
-
-
-	<rule from="^http://(www\.)?pcworld\.com/"
-		to="https://$1pcworld.com/" />
+	<target host="www.pcworld.com" />
+	<target host="images.pcworld.com" />
+	<target host="shop.pcworld.com" />
+	<target host="socialize.pcworld.com" />
 
-	<!--	The rest of jobs is handled in Simply-Hired-clients.
-				-->
-	<rule from="^http://jobs\.pcworld\.com/c/"
-		to="https://jobs.pcworld.com/c/" />
+	<securecookie host=".+" name=".+" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/PC_Booster.xml b/src/chrome/content/rules/PC_Booster.xml
index da2ee9718e79..75419906b130 100644
--- a/src/chrome/content/rules/PC_Booster.xml
+++ b/src/chrome/content/rules/PC_Booster.xml
@@ -9,16 +9,13 @@
 <ruleset name="PC Booster">
 
 	<target host="pcbooster.com" />
-	<target host="*.pcbooster.com" />
+	<target host="www.pcbooster.com" />
+	<target host="files.pcbooster.com" />
 
 
 	<securecookie host="^\.?pcbooster\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?pcbooster\.com/"
-		to="https://$1pcbooster.com/" />
+	<rule from="^http:" to="https:" />
 
-	<rule from="^https?://files\.pcbooster\.com/"
-		to="https://d1xmanv2p9uj30.cloudfront.net/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/PConline.xml b/src/chrome/content/rules/PConline.xml
new file mode 100644
index 000000000000..fadda50725a5
--- /dev/null
+++ b/src/chrome/content/rules/PConline.xml
@@ -0,0 +1,42 @@
+<!--
+	403:
+		img0-arch.pconline.com.cn/$
+-->
+<ruleset name="PConline (partial)">
+	<target host="pconline.com.cn" />
+	<target host="www.pconline.com.cn" />
+	<target host="arch.pconline.com.cn" />
+	<target host="captcha.pconline.com.cn" />
+	<target host="cmt.pconline.com.cn" />
+	<target host="count5.pconline.com.cn" />
+	<target host="count6.pconline.com.cn" />
+	<target host="dl.pconline.com.cn" />
+	<target host="dlc2.pconline.com.cn" />
+	<target host="g.pconline.com.cn" />
+	<target host="img.pconline.com.cn" />
+		<test url="http://img.pconline.com.cn/images/upload/upc/tx/itbbs/1111/21/c4/9690749_1321875352873_1024x1024.jpg" />
+	<target host="img0.pconline.com.cn" />
+		<test url="http://img0.pconline.com.cn/pconline/1408/11/5250899_IMG_9970.jpg" />
+	<target host="img1.pconline.com.cn" />
+		<test url="http://img1.pconline.com.cn/pconline/0807/25/1364488_IMG_94072.jpg" />
+	<target host="img2.pconline.com.cn" />
+		<test url="http://img2.pconline.com.cn/pconline/0908/17/1742090_090817_hero_001s.jpg" />
+	<target host="img3.pconline.com.cn" />
+		<test url="http://img3.pconline.com.cn/pconline/0611/20/908527_20061120samsung931bw_1s.jpg" />
+	<target host="img-arch.pconline.com.cn" />
+	<target host="img0-arch.pconline.com.cn" />
+	<exclusion pattern="^http://img0-arch\.pconline\.com\.cn/$" />
+		<test url="http://img0-arch.pconline.com.cn/pcauto/1107/21/1575352_pic.png" />
+	<target host="img1-arch.pconline.com.cn" />
+	<target host="img2-arch.pconline.com.cn" />
+	<target host="img3-arch.pconline.com.cn" />
+	<target host="imgad0.pconline.com.cn" />
+	<target host="itbbs.pconline.com.cn" />
+	<target host="ivy.pconline.com.cn" />
+	<target host="mgcdn2.pconline.com.cn" />
+	<target host="pcedu.pconline.com.cn" />
+	<target host="pdlib.pconline.com.cn" />
+	<target host="www1.pconline.com.cn" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PCtipp.ch.xml b/src/chrome/content/rules/PCtipp.ch.xml
new file mode 100644
index 000000000000..d17ec651e5cd
--- /dev/null
+++ b/src/chrome/content/rules/PCtipp.ch.xml
@@ -0,0 +1,37 @@
+<!--
+	Nonfunctional hosts in *.pctipp.ch:
+		- www.pctipp.ch (h)
+		- go.pctipp.ch (m)
+		- m.pctipp.ch (m)
+		- redi.pctipp.ch (m)
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="PCtipp.ch (partial)">
+	<target host="pctipp.ch"/>
+	<target host="www.pctipp.ch"/>
+
+	<!-- HTTP redirect -->
+	<exclusion pattern="http://www\.pctipp\.ch/$"/>
+
+	<test url="http://www.pctipp.ch/fileadmin/templates/images/sprite.png"/>
+	<test url="http://www.pctipp.ch/forum/clientscript/vbulletin-core.js"/>
+	<test url="http://www.pctipp.ch/forum/images/statusicon/thread_lock-16.png"/>
+	<test url="http://www.pctipp.ch/mein-pctipp/aktivierung/"/>
+	<test url="http://www.pctipp.ch/mein-pctipp/benutzerdaten/"/>
+	<test url="http://www.pctipp.ch/mein-pctipp/login/"/>
+	<test url="http://www.pctipp.ch/typo3/clear.gif"/>
+	<test url="http://www.pctipp.ch/typo3_src/typo3/clear.gif"/>
+	<test url="http://www.pctipp.ch/typo3conf/ext/realurl/ext_icon.gif"/>
+	<test url="http://www.pctipp.ch/typo3temp/pics/91c3b45592.jpg"/>
+	<test url="http://www.pctipp.ch/uploads/media/index.html"/>
+
+	<rule from="^http://pctipp\.ch/"
+		to="https://pctipp.ch/"/>
+	<rule from="^http://www\.pctipp\.ch/(fileadmin|forum/(clientscript|images)|mein-pctipp/(aktivierung|benutzerdaten|login)|typo3|typo3_src|typo3conf|typo3temp|uploads)/"
+		to="https://www.pctipp.ch/$1/"/>
+</ruleset>
diff --git a/src/chrome/content/rules/PDDOC.com.xml b/src/chrome/content/rules/PDDOC.com.xml
index e85248643b60..2af846b39895 100644
--- a/src/chrome/content/rules/PDDOC.com.xml
+++ b/src/chrome/content/rules/PDDOC.com.xml
@@ -1,11 +1,11 @@
-<ruleset name="PDDOC.com" default_off="mismatch">
+<ruleset name="PDDOC.com" default_off="mismatched">
 
 	<!--	Cert: *.globat.com	-->
 	<target host="pddoc.com" />
 	<target host="www.pddoc.com" />
 
 
-	<rule from="^https?://(?:www\.)?pddoc\.com/"
+	<rule from="^http://(?:www\.)?pddoc\.com/"
 		to="https://pddoc.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/PDE.cc.xml b/src/chrome/content/rules/PDE.cc.xml
new file mode 100644
index 000000000000..2f0fffbdb380
--- /dev/null
+++ b/src/chrome/content/rules/PDE.cc.xml
@@ -0,0 +1,9 @@
+<ruleset name="PDE.cc">
+
+	<target host="pde.cc" />
+	<target host="www.pde.cc" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PDFMerge.com.xml b/src/chrome/content/rules/PDFMerge.com.xml
new file mode 100644
index 000000000000..a3aff571b0e3
--- /dev/null
+++ b/src/chrome/content/rules/PDFMerge.com.xml
@@ -0,0 +1,10 @@
+<!--
+	Remark: *.pdfmerge.com have a wildcard DNS Record.
+-->
+<ruleset name="PDFMerge.com">
+	<target host="pdfmerge.com" />
+	<target host="www.pdfmerge.com" />
+
+	<rule from="^http:"
+		  	to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PDF_Labs.com.xml b/src/chrome/content/rules/PDF_Labs.com.xml
new file mode 100644
index 000000000000..f0c9d45d415a
--- /dev/null
+++ b/src/chrome/content/rules/PDF_Labs.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="PDF Labs.com">
+
+	<target host="pdflabs.com" />
+	<target host="www.pdflabs.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PDF_to_Word.com.xml b/src/chrome/content/rules/PDF_to_Word.com.xml
new file mode 100644
index 000000000000..b98c32b08fac
--- /dev/null
+++ b/src/chrome/content/rules/PDF_to_Word.com.xml
@@ -0,0 +1,23 @@
+<!--
+	For other Nitro Software coverage, see Nitro_Cloud.com.xml.
+
+
+	^: mismatched, CN: *.heroku.com
+
+-->
+<ruleset name="PDF to Word.com">
+
+	<target host="pdftoword.com" />
+	<target host="www.pdftoword.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.pdftoword\.com$" name="^PLAY_LANG$" /-->
+
+	<securecookie host="^www\.pdftoword\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PEBS-EU.de.xml b/src/chrome/content/rules/PEBS-EU.de.xml
new file mode 100644
index 000000000000..a4aa9451b9dd
--- /dev/null
+++ b/src/chrome/content/rules/PEBS-EU.de.xml
@@ -0,0 +1,7 @@
+<ruleset name="PEBS-EU.de">
+
+	<target host="www.pebs-eu.de" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PEN.org.xml b/src/chrome/content/rules/PEN.org.xml
new file mode 100644
index 000000000000..6f3b9688e080
--- /dev/null
+++ b/src/chrome/content/rules/PEN.org.xml
@@ -0,0 +1,13 @@
+<!--
+	Mismatched:
+	- worldvoices.pen.org
+	- pentributes.pen.org
+	- staging.pen.org
+	- www2.pen.org
+-->
+<ruleset name="PEN.org">
+	<target host="pen.org" />
+	<target host="www.pen.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PEP-project.org.xml b/src/chrome/content/rules/PEP-project.org.xml
new file mode 100644
index 000000000000..8bbee5a12c53
--- /dev/null
+++ b/src/chrome/content/rules/PEP-project.org.xml
@@ -0,0 +1,20 @@
+<!--
+	Related rulesets:
+		PrettyEasyPrivacy.com.xml
+		pep.foundation.xml
+
+	Invalid certificate:
+		cacert.pep-project.org (CAcert, expired, deprecated algorithm)
+		go.pep-project.org
+
+-->
+<ruleset name="PEP-project">
+
+	<target host="pep-project.org" />
+	<target host="www.pep-project.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PERFORM-Group.xml b/src/chrome/content/rules/PERFORM-Group.xml
index 9ea5aaeef1cf..e42e508907ac 100644
--- a/src/chrome/content/rules/PERFORM-Group.xml
+++ b/src/chrome/content/rules/PERFORM-Group.xml
@@ -1,4 +1,4 @@
-<ruleset name="PERFORM Group (partial)" default_off="mismatch">
+<ruleset name="PERFORM Group (partial)" default_off="mismatched">
 
 	<target host="origin.eplayer.performgroup.com"/>
 	<target host="www.eplayer.performgroup.com"/>
diff --git a/src/chrome/content/rules/PET-Portal.eu.xml b/src/chrome/content/rules/PET-Portal.eu.xml
index 82be897cac4f..2cea38249c1b 100644
--- a/src/chrome/content/rules/PET-Portal.eu.xml
+++ b/src/chrome/content/rules/PET-Portal.eu.xml
@@ -19,4 +19,4 @@
 	<rule from="^http://(?:www\.)?pet-portal\.eu/"
 		to="https://pet-portal.eu/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/PETA_Kills_Animals.com.xml b/src/chrome/content/rules/PETA_Kills_Animals.com.xml
new file mode 100644
index 000000000000..3a2f16bd3fb5
--- /dev/null
+++ b/src/chrome/content/rules/PETA_Kills_Animals.com.xml
@@ -0,0 +1,28 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- petakillsanimals.com
+		- .petakillsanimals.com
+		- www.petakillsanimals.com
+
+-->
+<ruleset name="PETA Kills Animals.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="petakillsanimals.com" />
+	<target host="www.petakillsanimals.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?petakillsanimals\.com$" name="^AWSELB$" /-->
+	<!--securecookie host="^\.petakillsanimals\.com$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^(?:\.|www\.)?petakillsanimals\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PET_Symposium.org.xml b/src/chrome/content/rules/PET_Symposium.org.xml
new file mode 100644
index 000000000000..29a02d11aa99
--- /dev/null
+++ b/src/chrome/content/rules/PET_Symposium.org.xml
@@ -0,0 +1,9 @@
+<ruleset name="PET Symposium.org">
+	<target host="petsymposium.org" />
+	<target host="www.petsymposium.org" />
+	<target host="submit.petsymposium.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"	to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PFLAG.org.xml b/src/chrome/content/rules/PFLAG.org.xml
new file mode 100644
index 000000000000..108daa59f0b1
--- /dev/null
+++ b/src/chrome/content/rules/PFLAG.org.xml
@@ -0,0 +1,20 @@
+<!--
+	Invalid certificate:
+		home.pflag.org
+
+-->
+<ruleset name="PFLAG.org">
+
+	<target host="pflag.org" />
+	<target host="www.pflag.org" />
+	<target host="archive.pflag.org" />
+	<target host="www.archive.pflag.org" />
+	<target host="bolt3.pflag.org" />
+	<target host="www.bolt3.pflag.org" />
+	<target host="community.pflag.org" />
+	<target host="www.community.pflag.org" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PFLAG.xml b/src/chrome/content/rules/PFLAG.xml
deleted file mode 100644
index 7ff422551418..000000000000
--- a/src/chrome/content/rules/PFLAG.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="PFLAG-Parents, Families, &amp; Friends of Lesbians and Gays (partial)">
-
-	<target host="pflag.org" />
-	<target host="*.pflag.org" />
-
-
-	<rule from="^http://((?:community|www)\.)?pflag\.org/"
-		to="https://$1pflag.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/PGCon.xml b/src/chrome/content/rules/PGCon.xml
index a43cd0ac9eb4..4f2806a8569d 100644
--- a/src/chrome/content/rules/PGCon.xml
+++ b/src/chrome/content/rules/PGCon.xml
@@ -1,10 +1,15 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://pgcon.org/ => https://pgcon.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.pgcon.org/ => https://www.pgcon.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
 	Nonfunctional subdomains:
 
 		- lists		(http reply)
 
 -->
-<ruleset name="PGCon (partial)">
+<ruleset name="PGCon.org (partial)" default_off="failed ruleset test">
 
 	<target host="pgcon.org" />
 	<target host="www.pgcon.org" />
@@ -13,7 +18,7 @@
 	<securecookie host="^(?:www\.)?pgcon\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?pgcon\.org/"
-		to="https://$1pgcon.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/PGP.com.xml b/src/chrome/content/rules/PGP.com.xml
new file mode 100644
index 000000000000..13c491f3f616
--- /dev/null
+++ b/src/chrome/content/rules/PGP.com.xml
@@ -0,0 +1,35 @@
+<!--
+	Invalid certificate:
+		pgp.com
+		authorize1.pgp.com
+		authorize2.pgp.com
+		download.pgp.com
+		linux-update.pgp.com
+		prm.pgp.com
+		support.pgp.com
+		supportimg.pgp.com
+
+	Secure connection failed:
+		beta.pgp.com
+		learn.pgp.com
+		poms.pgp.com
+
+-->
+<ruleset name="PGP.com">
+
+	<target host="pgp.com" />
+	<target host="www.pgp.com" />
+	<target host="keyserver.pgp.com" />
+	<target host="keyserver1.pgp.com" />
+	<target host="keyserver2.pgp.com" />
+	<target host="store.pgp.com" />
+	<target host="eu.store.pgp.com" />
+	<target host="na.store.pgp.com" />
+	<target host="row.store.pgp.com" />
+	<target host="uk.store.pgp.com" />
+
+	<rule from="^http://pgp\.com/" to="https://www.pgp.com/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PGP.xml b/src/chrome/content/rules/PGP.xml
deleted file mode 100644
index 6ef18550d203..000000000000
--- a/src/chrome/content/rules/PGP.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="PGP">
-  <target host="pgp.com" />
-  <target host="*.pgp.com" />
-  <target host="*.store.pgp.com" />
-
-  <rule from="^http://(?:www\.)?pgp\.com/" to="https://www.pgp.com/"/>
-  <rule from="^http://(keyserver|sstats)\.pgp\.com/" to="https://$1.pgp.com/"/>
-  <rule from="^http://([^/:@\.]+)\.store\.pgp\.com/" to="https://$1.store.pgp.com/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/PGi-problematic.xml b/src/chrome/content/rules/PGi-problematic.xml
index 5f6a815b0db4..ef83e4825164 100644
--- a/src/chrome/content/rules/PGi-problematic.xml
+++ b/src/chrome/content/rules/PGi-problematic.xml
@@ -4,13 +4,14 @@
 -->
 <ruleset name="PGi (problematic)" default_off="expired, mismatched">
 
-	<target host="*.pgi.com" />
+	<target host="blog.pgi.com" />
+	<target host="experts.pgi.com" />
+	<target host="admin.support.pgi.com" />
 
 
 	<securecookie host="^experts\.pgi\.com$" name=".+" />
 
 
-	<rule from="^http://(blog|experts|admin\.support)\.pgi\.com/"
-		to="https://$1.pgi.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/PGi.xml b/src/chrome/content/rules/PGi.xml
index a0f4cd7d2a77..1d4c02e6aace 100644
--- a/src/chrome/content/rules/PGi.xml
+++ b/src/chrome/content/rules/PGi.xml
@@ -24,10 +24,10 @@
 	<securecookie host="^webmail\.pgi\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?pgi\.com/"
+	<rule from="^http://(?:www\.)?pgi\.com/"
 		to="https://www.pgi.com/" />
 
 	<rule from="^http://(legacy|webmail)\.pgi\.com/"
 		to="https://$1.pgi.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/PHP-Fusion.co.uk.xml b/src/chrome/content/rules/PHP-Fusion.co.uk.xml
new file mode 100644
index 000000000000..f4b5f258e229
--- /dev/null
+++ b/src/chrome/content/rules/PHP-Fusion.co.uk.xml
@@ -0,0 +1,14 @@
+<!--
+	demos: shows default cPanel page
+
+-->
+<ruleset name="PHP-Fusion.co.uk (partial)">
+
+	<target host="php-fusion.co.uk" />
+	<target host="www.php-fusion.co.uk" />
+		<!--exclusion pattern="^http://demos\.php-fusion\.co\.uk/" /-->
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PHP.xml b/src/chrome/content/rules/PHP.xml
index dc2a01d78847..b16fbcce5828 100644
--- a/src/chrome/content/rules/PHP.xml
+++ b/src/chrome/content/rules/PHP.xml
@@ -1,39 +1,63 @@
 <!--
-	Nonfunctional subdomains:
 
-		- (www.)	(no https)
-		- gtk		(shows viewvc interface, valid cert
-		- windows *
+	Nonfunctional hosts in *php.net:
 
-	* Refused
+		- doc ¹
+		- gcov ²
+		- gtk ³
+		- lxr ¹
+		- news ¹
+		- snaps ¹
+		- talks ³
+		- www ⁴
 
+	¹ Refused
+	³ Shows viewvc interface, valid cert
+	⁴ Depends on the mirror, but the "best case" is an invalid certificate
 
-	Problematic subdomains:
 
-		- pecl	(works, expired 2013-01-08)
-		- snaps	($ works, some pages 404; expired 2013-06-05)
+	Insecure cookies are set for these domains: ᶜ
 
+		- php.net
+		- .php.net
+		- bugs.php.net
+		- edit.php.net
+		- master.php.net
+		- pear.php.net
+		- wiki.php.net
+		- www.php.net
 
-	Fully covered subdomains:
+	ᶜ See https://owasp.org/index.php/SecureFlag
 
-		- bugs
-		- downloads
-		- git
-		- pear
-		- static
-		- wiki
-
--->
-<ruleset name="PHP (partial)">
-
-	<target host="*.php.net" />
 
+	Mixed content:
 
-	<!--securecookie host="^\.php\.net$" name="^COUNTRY$" /-->
-	<securecookie host="^(?:bugs|wiki)\.php\.net$" name=".+" />
+		- css on (www.)? from fonts.googleapis.com ˢ
 
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
-	<rule from="^http://(bugs|downloads|git|pear|static|wiki)\.php\.net/"
-		to="https://$1.php.net/" />
-
+-->
+<ruleset name="PHP.net (partial)">
+	<target host="php.net" />
+	<target host="bugs.php.net" />
+	<target host="downloads.php.net" />
+	<target host="edit.php.net" />
+	<target host="git.php.net" />
+	<target host="master.php.net" />
+	<target host="museum.php.net" />
+	<target host="pear.php.net" />
+	<target host="pear2.php.net" />
+	<target host="pecl.php.net" />
+	<target host="people.php.net" />
+	<target host="qa.php.net" />
+	<target host="secure.php.net" />
+	<target host="shared.php.net" />
+	<target host="static.php.net" />
+	<target host="svn.php.net" />
+	<target host="wiki.php.net" />
+	<target host="windows.php.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"	to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/PHPNET.xml b/src/chrome/content/rules/PHPNET.xml
index 0821f310ab72..a55bbbc6ab8a 100644
--- a/src/chrome/content/rules/PHPNET.xml
+++ b/src/chrome/content/rules/PHPNET.xml
@@ -1,21 +1,29 @@
 <!--
-	Nonfunctional subdomains:
+	Nonfunctional hosts in *phpnet.org:
 
-		- (www.)	(shows another domain; self-signed, CN: phpnet-bureaux)
-		- forum		(shows p1174; self-signed, CN: p1174.phpnet.org)
+		- forum ¹
+		- wiki ²
 
+	¹ Shows p1174; self-signed, CN: p1174.phpnet.org
+	² Refused
 
-	Problematic subdomains:
+-->
+<ruleset name="PHPNET.org (partial)">
 
-		- webmail	(works; self-signed, mixed css & images from www)
+	<!--	Direct rewrites:
+				-->
+	<target host="phpnet.org" />
+	<target host="panel.phpnet.org" />
+	<target host="piwikphpnet.phpnet.org" />
+	<target host="ssl.phpnet.org" />
+	<target host="webmail.phpnet.org" />
+	<target host="www.phpnet.org" />
 
--->
-<ruleset name="PHPNET (partial)">
 
-	<target host="*.phpnet.org" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^http://(panel|ssl)\.phpnet\.org/"
-		to="https://$1.phpnet.org/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/PHP_magazin.xml b/src/chrome/content/rules/PHP_magazin.xml
index 8cd77957333b..e9f8d03dde9c 100644
--- a/src/chrome/content/rules/PHP_magazin.xml
+++ b/src/chrome/content/rules/PHP_magazin.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(www\.)?phpmagazin\.de/((?:cart|user)(?:$|\?|/)|modules/|sites/)"
 		to="https://$1phpmagazin.de/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/PH_Cheats.xml b/src/chrome/content/rules/PH_Cheats.xml
index 2b840f806328..5d3b2145ed9b 100644
--- a/src/chrome/content/rules/PH_Cheats.xml
+++ b/src/chrome/content/rules/PH_Cheats.xml
@@ -1,17 +1,23 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://phcheats.com/ => https://phcheats.com/: (7, 'Failed to connect to phcheats.com port 443: Connection refused')
+Fetch error: http://www.phcheats.com/ => https://www.phcheats.com/: (7, 'Failed to connect to www.phcheats.com port 443: Connection refused')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://phcheats.com/ => https://phcheats.com/: Cycle detected - URL already encountered: http://phcheats.com/
 	Mixed image from levelrapido.com
 
 -->
-<ruleset name="PH Cheats">
+<ruleset name="PH Cheats" default_off="failed ruleset test">
 
 	<target host="phcheats.com" />
-	<target host="*.phcheats.com" />
+	<target host="www.phcheats.com" />
 
 
 	<securecookie host="^(?:w*\.)?phcheats\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?phcheats\.com/"
-		to="https://$1phcheats.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/PICMET.org.xml b/src/chrome/content/rules/PICMET.org.xml
new file mode 100644
index 000000000000..c1b02a56227d
--- /dev/null
+++ b/src/chrome/content/rules/PICMET.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="PICMET.org">
+	<target host="picmet.org" />
+	<target host="www.picmet.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PIERS.xml b/src/chrome/content/rules/PIERS.xml
index 89abdc9784c0..2f33c09d5189 100644
--- a/src/chrome/content/rules/PIERS.xml
+++ b/src/chrome/content/rules/PIERS.xml
@@ -7,7 +7,7 @@
 	<target host="directories.piers.com"/>
 
 
-	<securecookie host="^directories\.piers\.com$" name=".*"/>
+	<securecookie host="^directories\.piers\.com$" name=".+" />
 
 
 	<rule from="^http://directories\.piers\.com/Portals/"
diff --git a/src/chrome/content/rules/PIPNI.cz.xml b/src/chrome/content/rules/PIPNI.cz.xml
new file mode 100644
index 000000000000..9511bdb44532
--- /dev/null
+++ b/src/chrome/content/rules/PIPNI.cz.xml
@@ -0,0 +1,94 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://secure16.pipni.cz/ => https://secure16.pipni.cz/: Too many redirects while fetching 'https://secure16.pipni.cz/'
+Fetch error: http://secure19.pipni.cz/ => https://secure19.pipni.cz/: (28, 'Connection timed out after 20004 milliseconds')
+Fetch error: http://www17.pipni.cz/ => https://www17.pipni.cz/: (28, 'Connection timed out after 20010 milliseconds')
+Fetch error: http://www19.pipni.cz/ => https://www19.pipni.cz/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www20.pipni.cz/ => https://www20.pipni.cz/: (28, 'Connection timed out after 20000 milliseconds')
+
+	Active Mixed-content:
+		- stats.pipni.cz
+	Nonfunctional subdomains:
+		- fbsql.pipni.cz
+		- secure11.pipni.cz
+		- secure12.pipni.cz
+		- secure15.pipni.cz
+		- secure18.pipni.cz
+		- secure21.pipni.cz
+		- secure23.pipni.cz
+		- secure24.pipni.cz
+		- secure5.pipni.cz
+		- secure9.pipni.cz
+		- www18.pipni.cz
+	Mismatched:
+		- easyweb.pipni.cz
+		- k2.pipni.cz
+		- secure2.pipni.cz
+		- secure3.pipni.cz
+		- www11.pipni.cz
+		- www12.pipni.cz
+		- www15.pipni.cz
+		- www2.pipni.cz
+		- www21.pipni.cz
+		- www23.pipni.cz
+		- www24.pipni.cz
+		- www3.pipni.cz
+		- www5.pipni.cz
+		- www9.pipni.cz
+-->
+<ruleset name="PIPNI.cz" default_off="failed ruleset test">
+	<target host="pipni.cz" />
+	<target host="admin.pipni.cz" />
+	<target host="adminer.pipni.cz" />
+	<target host="forum.pipni.cz" />
+	<target host="mail.pipni.cz" />
+	<target host="mail2.pipni.cz" />
+	<target host="mail4.pipni.cz" />
+	<target host="manual.pipni.cz" />
+	<target host="monitoring.pipni.cz" />
+	<target host="mysql.pipni.cz" />
+	<target host="ns.pipni.cz" />
+	<target host="pgsql.pipni.cz" />
+	<target host="secure10.pipni.cz" />
+	<target host="secure13.pipni.cz" />
+	<target host="secure14.pipni.cz" />
+	<target host="secure16.pipni.cz" />
+	<target host="secure17.pipni.cz" />
+	<target host="secure19.pipni.cz" />
+	<target host="secure20.pipni.cz" />
+	<target host="secure22.pipni.cz" />
+	<target host="secure4.pipni.cz" />
+	<target host="secure6.pipni.cz" />
+	<target host="secure7.pipni.cz" />
+	<target host="secure8.pipni.cz" />
+	<target host="support.pipni.cz" />
+	<target host="vserver.pipni.cz" />
+	<target host="web.pipni.cz" />
+	<target host="webftp.pipni.cz" />
+	<target host="webmail.pipni.cz" />
+	<target host="www.pipni.cz" />
+	<target host="www10.pipni.cz" />
+	<target host="www13.pipni.cz" />
+	<target host="www14.pipni.cz" />
+	<target host="www16.pipni.cz" />
+	<target host="www17.pipni.cz" />
+	<target host="www19.pipni.cz" />
+	<target host="www20.pipni.cz" />
+	<target host="www22.pipni.cz" />
+	<target host="www4.pipni.cz" />
+	<target host="www6.pipni.cz" />
+	<target host="www7.pipni.cz" />
+	<target host="www8.pipni.cz" />
+
+	<securecookie host="^pipni\.cz$" name=".+" />
+	<securecookie host="^\.pipni\.cz$" name=".+" />
+	<securecookie host="^fbsql\.pipni\.cz$" name=".+" />
+	<securecookie host="^manual\.pipni\.cz$" name="^PHPSESSID$" />
+	<securecookie host="^pgsql\.pipni\.cz$" name=".+" />
+	<securecookie host="^support\.pipni\.cz$" name="^PHPSESSID$" />
+	<securecookie host="^vserver\.pipni\.cz$" name="^sid$" />
+	<securecookie host="^webftp\.pipni\.cz$" name="^PHPSESSID$" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PIXinsight.com.tw.xml b/src/chrome/content/rules/PIXinsight.com.tw.xml
new file mode 100644
index 000000000000..b2cb3e17316a
--- /dev/null
+++ b/src/chrome/content/rules/PIXinsight.com.tw.xml
@@ -0,0 +1,23 @@
+<!--
+	For other Pixnet coverage, see Pixnet.net.xml.
+
+
+	^: refused
+
+
+	^ differs from www.
+
+-->
+<ruleset name="PIXinsight.com.tw (partial)">
+
+	<target host="www.pixinsight.com.tw" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.pixinsight\.com\.tw$" name="^pixinsight-adm$" /-->
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PI_CERT.it.xml b/src/chrome/content/rules/PI_CERT.it.xml
new file mode 100644
index 000000000000..af792c5f6107
--- /dev/null
+++ b/src/chrome/content/rules/PI_CERT.it.xml
@@ -0,0 +1,21 @@
+<!--
+	For other Poste Italiane coverage, see Poste.it.xml.
+
+
+	^picert.it doesn't exist.
+
+-->
+<ruleset name="PI CERT.it">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.picert.it" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PJM.com.xml b/src/chrome/content/rules/PJM.com.xml
new file mode 100644
index 000000000000..970cb0bc400a
--- /dev/null
+++ b/src/chrome/content/rules/PJM.com.xml
@@ -0,0 +1,22 @@
+<!--
+	(www.): some pages redirect to http.
+
+-->
+<ruleset name="PJM.com (partial)">
+
+	<target host="pjm.com" />
+	<target host="esuite.pjm.com" />
+	<target host="www.pjm.com" />
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="^http://(www\.)?pjm\.com/+($\?|about-pjm/learning-center/markets-and-operations/etools\.aspx|Calendar\.aspx|Default\.aspx)" /-->
+		<exclusion pattern="^http://(?:www\.)?pjm\.com/+(?!assets/|(?:[\w/-]+/)?~/media/|(?:Script|Web)Resource\.axd)" />
+
+
+	<securecookie host="^esuite.pjm.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PJRC.com.xml b/src/chrome/content/rules/PJRC.com.xml
new file mode 100644
index 000000000000..ef3b6492a18e
--- /dev/null
+++ b/src/chrome/content/rules/PJRC.com.xml
@@ -0,0 +1,31 @@
+<!--
+	These altnames don't exist:
+
+		- www.forum.pjrc.com
+
+
+	Insecure cookies are set for these domains:
+
+		- .pjrc.com
+
+-->
+<ruleset name="PJRC.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="pjrc.com" />
+	<target host="forum.pjrc.com" />
+	<target host="www.pjrc.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.pjrc\.com$" name="^bb_sessionhash$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PJTV.com.xml b/src/chrome/content/rules/PJTV.com.xml
deleted file mode 100644
index 30d3d4eb0318..000000000000
--- a/src/chrome/content/rules/PJTV.com.xml
+++ /dev/null
@@ -1,38 +0,0 @@
-<!--
-	For other PJ Media coverage, see PJ_Media.xml.
-
-
-	CDN buckets:
-
-		- pajamasmed.vo.llnwd.net
-
-			- .hs. does exist
-			- Doesn't map directly
-			- cdn
-			- cdn[1-4]
-
-
-	Problematic subdomains:
-
-		- ^		(cert only matches www)
-		- cdn[1-4]	(400; mismatched, CN: *.hs.llnwd.net)
-
--->
-<ruleset name="PJTV.com">
-
-	<target host="pjtv.com" />
-	<target host="*.pjtv.com" />
-
-
-	<securecookie host="^(?:www)?\.pjtv\.com$" name=".+" />
-
-
-	<!--	What the server does:
-					-->
-	<rule from="^http://pjtv\.com/([^?]*)(?:\?.*)?$"
-		to="https://www.pjtv.com/$1" />
-
-	<rule from="^http://(?:cdn[1-3]|www)\.pjtv\.com/"
-		to="https://www.pjtv.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/PJ_Media.xml b/src/chrome/content/rules/PJ_Media.xml
index 93250828bd82..5c6bd70d8c03 100644
--- a/src/chrome/content/rules/PJ_Media.xml
+++ b/src/chrome/content/rules/PJ_Media.xml
@@ -1,7 +1,6 @@
 <!--
 	Other PJ Media rulesets:
 
-		- PJTV.com.xml
 
 
 	Problematic subdomains:
@@ -10,16 +9,22 @@
 		- cdn	(404, CN: *.netdna-ssl.com)
 
 -->
-<ruleset name="PJ Media">
+<ruleset name="PJ Media" default_off="Webmaster request">
 
 	<target host="pjmedia.com" />
-	<target host="*.pjmedia.com" />
+	<target host="cdn.pjmedia.com" />
+	<target host="www.pjmedia.com" />
 
+	<!-- Causes mixed content issues -->
+	<exclusion pattern="^http://pjmedia\.com/instapundit/" />
+		<test url="http://pjmedia.com/instapundit/" />
 
 	<securecookie host="^\.?pjmedia\.com$" name=".+" />
 
+	<test url="http://www.pjmedia.com/" />
+	<test url="http://cdn.pjmedia.com/" />
 
 	<rule from="^http://(?:cdn\.|www\.)?pjmedia\.com/"
 		to="https://pjmedia.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/PKC_Security.com.xml b/src/chrome/content/rules/PKC_Security.com.xml
new file mode 100644
index 000000000000..39c451b34de7
--- /dev/null
+++ b/src/chrome/content/rules/PKC_Security.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="PKC Security.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="pkcsecurity.com" />
+	<target host="www.pkcsecurity.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PKWARE.com.xml b/src/chrome/content/rules/PKWARE.com.xml
index 4560bb3e6e9c..be4266660bff 100644
--- a/src/chrome/content/rules/PKWARE.com.xml
+++ b/src/chrome/content/rules/PKWARE.com.xml
@@ -1,4 +1,6 @@
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://pkware.com/ => https://pkware.com/: (35, 'error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure')
 	Problematic subdomains:
 
 		- comm	($ redirects to app-k.marketo.com)
@@ -7,7 +9,8 @@
 <ruleset name="PKWARE.com (partial)">
 
 	<target host="pkware.com" />
-	<target host="*.pkware.com" />
+	<target host="www.pkware.com" />
+	<target host="comm.pkware.com" />
 
 
 	<securecookie host="^(?:www)?\.pkware\.com$" name=".+" />
@@ -19,4 +22,4 @@
 	<rule from="^http://comm\.pkware\.com/(cs|image|j|r)s/"
 		to="https://na-k.marketo.com/$1s/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/PKimber.net.xml b/src/chrome/content/rules/PKimber.net.xml
new file mode 100644
index 000000000000..22342823942d
--- /dev/null
+++ b/src/chrome/content/rules/PKimber.net.xml
@@ -0,0 +1,14 @@
+<!--
+	https://pkimber.net may be broken depending on the user SSL
+	library.
+
+-->
+<ruleset name="PKimber.net">
+
+	<target host="pkimber.net" />
+	<target host="www.pkimber.net" />
+
+	<rule from="^http://(www\.)?pkimber\.net/"
+		to="https://www.pkimber.net/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PL-Casual-Dating.xml b/src/chrome/content/rules/PL-Casual-Dating.xml
deleted file mode 100644
index f798d1695105..000000000000
--- a/src/chrome/content/rules/PL-Casual-Dating.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<ruleset name="PL Casual Dating (partial)" default_off="self-signed">
-
-	<target host="fckme.org"/>
-	<target host="*.fckme.org"/>
-	<target host="pullingladies.com"/>
-	<target host="www.pullingladies.com"/>
-	<target host="xhamsterinfo.com"/>
-	<target host="www.xhamsterinfo.com"/>
-
-	<securecookie host="^(.*\.)?fckme\.org$" name=".*"/>
-	<securecookie host="^(.*\.)?pullingladies\.com$" name=".*"/>
-	<securecookie host="^(.*\.)?xhamsterinfo\.com$" name=".*"/>
-
-	<rule from="^http://(?:www\.)?fckme\.org/"
-		to="https://fckme.org/"/>
-
-	<rule from="^http://(?:www\.)?pullingladies\.com/"
-		to="https://pullingladies.com/"/>
-
-	<rule from="^http://(?:www\.)?xhamsterinfo\.com/"
-		to="https://xhamsterinfo.com/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/PLD-Linux.org-problematic.xml b/src/chrome/content/rules/PLD-Linux.org-problematic.xml
index d2a27160eccc..8c3d89cc19c9 100644
--- a/src/chrome/content/rules/PLD-Linux.org-problematic.xml
+++ b/src/chrome/content/rules/PLD-Linux.org-problematic.xml
@@ -7,11 +7,10 @@
 	<target host="src.ac.pld-linux.org" />
 	<target host="cri.pld-linux.org" />
 	<target host="ep09.pld-linux.org" />
-	<target host="docs.pld-linux.org" />
 	<target host="lists.pld-linux.org" />
 
 
-	<rule from="^http://(src\.ac|cri|ep09|docs|lists)\.pld-linux\.org/"
-		to="https://$1.pld-linux.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/PLD-Linux.org.xml b/src/chrome/content/rules/PLD-Linux.org.xml
index 84b6bc2e3f4c..72d86ae312fc 100644
--- a/src/chrome/content/rules/PLD-Linux.org.xml
+++ b/src/chrome/content/rules/PLD-Linux.org.xml
@@ -34,44 +34,31 @@
 
 	* Works; expired 2002-04-09, CN: localhost
 
-
-	Fully covered subdomains:
-
-		- (www.)	(^ → www)
-		- cvs
-		- docs		(→ www)
-		- git
-		- svn
-
-
-	Mixed content:
-
-		- Images on git from www *
-
-	* Secured by us
-
 -->
 <ruleset name="PLD-Linux.org (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="pld-linux.org" />
-	<target host="*.pld-linux.org" />
+	<target host="cvs.pld-linux.org" />
+	<target host="git.pld-linux.org" />
+	<target host="svn.pld-linux.org" />
+	<target host="www.pld-linux.org" />
 
+	<!--	Complications:
+				-->
+	<target host="docs.pld-linux.org" />
 
-	<securecookie host="^www\.pld-linux\.org$" name=".+" />
 
+	<securecookie host="^\w" name=".+" />
 
-	<!--	^ redirects to www over http,
-		so copy that behavior:
-					-->
-	<rule from="^http://(?:www\.)?pld-linux\.org/"
-		to="https://www.pld-linux.org/" />
-
-	<rule from="^http://(cvs|git|svn)\.pld-linux\.org/"
-		to="https://$1.pld-linux.org/" />
 
 	<!--	Server doesn't drop path:
 						-->
 	<rule from="^http://docs\.pld-linux\.org/"
 		to="https://www.pld-linux.org/Docs/man" />
 
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/PLE.com.au.xml b/src/chrome/content/rules/PLE.com.au.xml
new file mode 100644
index 000000000000..d0b87913103b
--- /dev/null
+++ b/src/chrome/content/rules/PLE.com.au.xml
@@ -0,0 +1,17 @@
+<!--
+	Mixed content:
+
+		- Images from www *
+
+	* Secured by us
+
+-->
+<ruleset name="PLE.com.au">
+
+	<target host="ple.com.au" />
+	<target host="www.ple.com.au" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PMC.xml b/src/chrome/content/rules/PMC.xml
deleted file mode 100644
index 5b78096421de..000000000000
--- a/src/chrome/content/rules/PMC.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	CDN buckets:
-
-		- www.bgr.com.edgesuite.net/...
-			- a1213.g.akamai.net/...
-
-	ToDo: Find Akamai bucket
-
--->
-<ruleset name="PMC (partial)" default_off="Akamai certificate">
-
-	<target host="*.vimg.net" />
-		<exclusion pattern="^http://www\." />
-
-
-	<rule from="^http://([\w\-]+)\.vimg\.net/"
-		to="https://$1.vimg.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/PNAS_First_Look.xml b/src/chrome/content/rules/PNAS_First_Look.xml
deleted file mode 100644
index 6d91a24d578d..000000000000
--- a/src/chrome/content/rules/PNAS_First_Look.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	CN: *.bluehost.com
-
--->
-<ruleset name="PNAS First Look (partial)">
-
-	<target host="firstlook.pnas.org" />
-	<target host="pnasfirstlook.org" />
-	<target host="www.pnasfirstlook.org" />
-
-
-	<rule from="^http://(?:firstlook\.pnas|(?:www\.)?pnasfirstlook)\.org/wp-(admin|content)/"
-		to="https://secure.bluehost.com/~pnasfirs/wp-$1/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/PNC.xml b/src/chrome/content/rules/PNC.xml
deleted file mode 100644
index a0a57300649d..000000000000
--- a/src/chrome/content/rules/PNC.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="PNC">
-  <target host="pnc.com" />
-  <target host="*.pnc.com" />
-
-  <rule from="^http://pnc\.com/"
-          to="https://www.pnc.com/" />
-  <rule from="^http://(ra|www|www\.ilink|www\.recognition)\.pnc\.com/"
-          to="https://$1.pnc.com/" />
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/PNP4Nagios.org.xml b/src/chrome/content/rules/PNP4Nagios.org.xml
new file mode 100644
index 000000000000..478a6416b05d
--- /dev/null
+++ b/src/chrome/content/rules/PNP4Nagios.org.xml
@@ -0,0 +1,14 @@
+<ruleset name="PNP4Nagios.org">
+
+	<target host="pnp4nagios.org" />
+	<target host="docs.pnp4nagios.org" />
+	<target host="www.pnp4nagios.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/POLi-Payments.xml b/src/chrome/content/rules/POLi-Payments.xml
new file mode 100644
index 000000000000..69e6fe808e5a
--- /dev/null
+++ b/src/chrome/content/rules/POLi-Payments.xml
@@ -0,0 +1,84 @@
+<!--
+
+	Non-functional subdomains:
+
+		- polipaymentdeveloper.com	(m)
+
+		- paywithpoli.com	(t)
+			- www	(t)
+			- polihealth-ext.a2	(t)
+			- express.apac	(m)
+			- apac-test	(r)
+			- nz10100.apac-test	(r)
+			- nz10101.apac-test	(r)
+			- au	(t)
+			- commonapi-int.dev1	(t)
+			- multibankapi.dev1	(t)
+			- www.tst1	(s)
+			- au00710.tst1	(s)
+			- consoleapi-ext.tst1	(s)
+			- txn.tst1	(s)
+			- wiki.tst1	(s)
+
+		- polipay.co.nz	(m)
+			- blog	(m)
+			- merchants	(i)
+			- www.merchants	(i)
+			- transact	(i)
+			- www.transact	(i)
+
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+
+
+	polipayments.com has wildcard dns, but not cert. The cert only matches www.
+-->
+<ruleset name="POLi Payments">
+
+	<target host="polipayments.com" />
+	<target host="www.polipayments.com" />
+
+	<target host="polipaymentdeveloper.com" />
+	<target host="www.polipaymentdeveloper.com" />
+
+	<target host="apac.paywithpoli.com" />
+	<target host="ads.apac.paywithpoli.com" />
+	<target host="api.apac.paywithpoli.com" />
+	<target host="consoles.apac.paywithpoli.com" />
+	<target host="consoleapi-ext.apac.paywithpoli.com" />
+		<test url="http://consoleapi-ext.apac.paywithpoli.com/Help/Api/POST-api-Entities-Edit-Customer" />
+	<target host="facebook.apac.paywithpoli.com" />
+	<target host="merchantapi.apac.paywithpoli.com" />
+		<test url="http://merchantapi.apac.paywithpoli.com/MerchantAPIService.svc/XML/" />
+	<target host="news.apac.paywithpoli.com" />
+	<target host="paymentapi.apac.paywithpoli.com" />
+		<test url="http://paymentapi.apac.paywithpoli.com/paymentrouterservice.svc" />
+	<target host="reportapi-ext.apac.paywithpoli.com" />
+	<target host="status.apac.paywithpoli.com" />
+	<target host="signup.apac.paywithpoli.com" />
+	<target host="transaction.apac.paywithpoli.com" />
+	<target host="txn.apac.paywithpoli.com" />
+
+	<target host="polipay.co.nz" />
+	<target host="www.polipay.co.nz" />
+
+	<securecookie host="^(www\.)?polipayments\.com$" name=".+" />
+	<securecookie host="^www\.polipaymentdeveloper\.com$" name=".+" />
+	<securecookie host="^.*\.apac\.paywithpoli\.com$" name=".+" />
+	<securecookie host="^www\.polipay\.co\.nz$" name=".+" />
+
+	<!-- certificate mismatch-->
+	<rule from="^http://polipaymentdeveloper\.com/"
+		to="https://www.polipaymentdeveloper.com/" />
+
+	<!-- certificate mismatch-->
+	<rule from="^http://polipay\.co\.nz/"
+		to="https://www.polipay.co.nz/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/POODLE.io.xml b/src/chrome/content/rules/POODLE.io.xml
new file mode 100644
index 000000000000..aeebe7ff1340
--- /dev/null
+++ b/src/chrome/content/rules/POODLE.io.xml
@@ -0,0 +1,8 @@
+<ruleset name="POODLE.io">
+	<target host="poodle.io" />
+	<target host="www.poodle.io" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"	to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/POODLE_Test.com.xml b/src/chrome/content/rules/POODLE_Test.com.xml
new file mode 100644
index 000000000000..de2463332e45
--- /dev/null
+++ b/src/chrome/content/rules/POODLE_Test.com.xml
@@ -0,0 +1,17 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://poodletest.com/ => https://poodletest.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.poodletest.com/ => https://www.poodletest.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+-->
+<ruleset name="POODLE Test.com" default_off="failed ruleset test">
+
+	<target host="poodletest.com" />
+	<target host="www.poodletest.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/POP.xml b/src/chrome/content/rules/POP.xml
deleted file mode 100644
index 9951a3726abd..000000000000
--- a/src/chrome/content/rules/POP.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<ruleset name="POP (partial)">
-
-	<target host="pop.com.br"/>
-	<target host="www.pop.com.br"/>
-
-	<rule from="^http://pop\.com\.br/"
-		to="https://pop.com.br/"/>
-
-	<!--	the same directories within an area directory redirect to http
-		e.g.:
-			- home/_css/
-			- header/_fonts/		-->
-	<rule from="^http://www\.pop\.com\.br/_(css|fonts|imagens|swf)/"
-		to="https://www.pop.com.br/_$1/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/PORTAL_Masq.com.xml b/src/chrome/content/rules/PORTAL_Masq.com.xml
new file mode 100644
index 000000000000..0e158bc278fd
--- /dev/null
+++ b/src/chrome/content/rules/PORTAL_Masq.com.xml
@@ -0,0 +1,45 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://portalmasq.com/ => https://portalmasq.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://www.portalmasq.com/ => https://www.portalmasq.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+
+	NB: Tor users cannot view* this website due to CloudFlare settings.
+
+	See:
+
+		- https://blog.torproject.org/blog/call-arms-helping-internet-services-accept-anonymous-users
+		- https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block-Tor-
+		- https://support.cloudflare.com/hc/en-us/articles/200170206-How-do-I-turn-I-m-Under-Attack-mode-on-
+
+	* without enabling javascript, for security and privacy implications see e.g.:
+
+		- https://www.mozilla.org/security/known-vulnerabilities/firefox.html
+		- https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-fingerprinting
+		- https://panopticlick.eff.org
+
+
+	Insecure cookies are set for these domains:
+
+		- .portalmasq.com
+
+-->
+<ruleset name="PORTAL Masq.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="portalmasq.com" />
+	<target host="www.portalmasq.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.portalmasq\.com$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.portalmasq\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/POS_Portal.com.xml b/src/chrome/content/rules/POS_Portal.com.xml
index 0d86abc0f38a..9a4a98b36ca8 100644
--- a/src/chrome/content/rules/POS_Portal.com.xml
+++ b/src/chrome/content/rules/POS_Portal.com.xml
@@ -17,13 +17,14 @@
 <ruleset name="POS Portal.com (partial)">
 
 	<target host="posportal.com" />
-	<target host="*.posportal.com" />
+	<target host="www.posportal.com" />
+	<target host="buy.posportal.com" />
 
 
 	<securecookie host="^\.buy\.posportal\.com$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?posportal\.com/(cam|mmc|omc)(?=$|[?/])/"
+	<rule from="^http://(?:www\.)?posportal\.com/(cam|mmc|omc)(?=$|[?/])"
 		to="https://www.posportal.com/$1" />
 
 	<rule from="^http://buy\.posportal\.com/"
diff --git a/src/chrome/content/rules/PPCoin.xml b/src/chrome/content/rules/PPCoin.xml
index c6af04cbd91a..013e0514f9ae 100644
--- a/src/chrome/content/rules/PPCoin.xml
+++ b/src/chrome/content/rules/PPCoin.xml
@@ -20,4 +20,4 @@
 	<rule from="^http://(?:www\.)?ppcoin\.org/"
 		to="https://electric-day-4087.herokuapp.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/PPL.cz.xml b/src/chrome/content/rules/PPL.cz.xml
new file mode 100644
index 000000000000..282c6362bca5
--- /dev/null
+++ b/src/chrome/content/rules/PPL.cz.xml
@@ -0,0 +1,10 @@
+<ruleset name="PPL CZ s.r.o.">
+    <target host="ppl.cz" />
+    <target host="www.ppl.cz" />
+    <target host="adminklient.ppl.cz" />
+    <target host="klient.ppl.cz" />
+    <target host="ktm.ppl.cz" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PPS.xml b/src/chrome/content/rules/PPS.xml
new file mode 100644
index 000000000000..948decc90e20
--- /dev/null
+++ b/src/chrome/content/rules/PPS.xml
@@ -0,0 +1,168 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://tg.partipirate.ch/ => https://tg.partipirate.ch/: (51, "SSL: no alternative certificate subject name matches target host name 'tg.partipirate.ch'")
+Fetch error: http://www.partiopirata.ch/ => https://www.partiopirata.ch/: (6, 'Could not resolve host: www.partiopirata.ch')
+Fetch error: http://tg.piratenpartei.ch/ => https://tg.piratenpartei.ch/: (51, "SSL: no alternative certificate subject name matches target host name 'tg.piratenpartei.ch'")
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- partipirate.ch
+		- ge.partipirate.ch
+		- sg.partipirate.ch
+		- tg.partipirate.ch
+		- vd.partipirate.ch
+		- www.partipirate.ch
+
+		- partitopirata.ch
+		- www.partitopirata.ch
+
+		- piratenpartei.ch
+		- be.piratenpartei.ch
+		- chat.piratenpartei.ch
+		- forum.piratenpartei.ch
+		- lu.piratenpartei.ch
+		- my.piratenpartei.ch
+		- projects.piratenpartei.ch
+		- registration.piratenpartei.ch
+		- service.piratenpartei.ch
+		- sg.piratenpartei.ch
+		- tg.piratenpartei.ch
+		- vs.piratenpartei.ch
+		- www.piratenpartei.ch
+		- zg.piratenpartei.ch
+		- zh.piratenpartei.ch
+		- stadt.zh.piratenpartei.ch
+		- zs.piratenpartei.ch
+
+		- pirateparty.ch
+		- www.pirateparty.ch
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Images, on;
+
+			- ge.partipirate.ch from $self ˢ
+			- www.partitopirata.ch from www.cdt.ch ʳ
+			- www.partitopirata.ch from icons.iconarchive.com ʰ
+			- vs.piratenpartei.ch from $self ˢ
+			- stadt.zh.piratenpartei.ch from zh.piratenpartei.ch ˢ
+			- stadt.zh.piratenpartei.ch from $self ˢ
+
+	ʰ Unsecurable <= redirects to http
+	ʰ Unsecurable <= refused
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="PPS" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="partipirate.ch" />
+	<target host="*.partipirate.ch" />
+	<target host="partitopirata.ch" />
+	<target host="*.partitopirata.ch" />
+	<target host="piratenpartei.ch" />
+	<target host="*.piratenpartei.ch" />
+	<target host="pirateparty.ch" />
+	<target host="*.pirateparty.ch" />
+
+		<exclusion pattern="^http://(?:info|projects)\.p(?:artipirate|artitopirata|irateparty)\.ch/" />
+
+			<!--	+ve:
+					-->
+			<test url="http://info.partipirate.ch/" />
+			<test url="http://info.partitopirata.ch/" />
+			<test url="http://info.pirateparty.ch/" />
+
+			<test url="http://projects.partipirate.ch/" />
+			<test url="http://projects.partitopirata.ch/" />
+			<test url="http://projects.pirateparty.ch/" />
+
+		<test url="http://ge.partipirate.ch/" />
+		<test url="http://sg.partipirate.ch/" />
+		<test url="http://tg.partipirate.ch/" />
+		<test url="http://vd.partipirate.ch/" />
+		<test url="http://www.partipirate.ch/" />
+
+		<test url="http://www.partiopirata.ch/" />
+		<test url="http://www.pirateparty.ch/" />
+
+		<test url="http://be.piratenpartei.ch/" />
+		<test url="http://chat.piratenpartei.ch/" />
+		<test url="http://forum.piratenpartei.ch/" />
+		<test url="http://lu.piratenpartei.ch/" />
+		<test url="http://my.piratenpartei.ch/" />
+		<test url="http://projects.piratenpartei.ch/" />
+		<test url="http://registration.piratenpartei.ch/" />
+		<test url="http://service.piratenpartei.ch/" />
+		<test url="http://sg.piratenpartei.ch/" />
+		<test url="http://tg.piratenpartei.ch/" />
+		<test url="http://vs.piratenpartei.ch/" />
+		<test url="http://zg.piratenpartei.ch/" />
+		<test url="http://zh.piratenpartei.ch/" />
+		<test url="http://stadt.zh.piratenpartei.ch/" />
+		<test url="http://winterthur.zh.piratenpartei.ch/" />
+		<test url="http://zs.piratenpartei.ch/" />
+
+	<!--	Complications:
+				-->
+	<target host="parti-pirate.ch" />
+	<target host="*.parti-pirate.ch" />
+	<target host="partito-pirata.ch" />
+	<target host="*.partito-pirata.ch" />
+	<target host="pirate-party.ch" />
+	<target host="*.pirate-party.ch" />
+	<target host="piraten-partei.ch" />
+	<target host="*.piraten-partei.ch" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:(?:ge|sg|tg|www)\.)?partipirate\.ch$" name="^uid$" /-->
+	<!--securecookie host="^vd\.partipirate\.ch$" name="^(?:PHPSESSID|uid)$" /-->
+
+	<!--securecookie host="^(?:www\.)?partitopirata\.ch$" name="^uid$" /-->
+
+	<!--securecookie host="^(?:(?:be|chat|lu|my|projects|sg|tg|www|zg|stadt\.zh|zs)\.)?piratenpartei\.ch$" name="^uid$" /-->
+	<!--securecookie host="^(?:forum|zh)\.piratenpartei\.ch$" name="^(?:PHPSESSID|uid)$" /-->
+	<!--securecookie host="^(?:registration|service)\.piratenpartei\.ch$" name="^(?:ASP\.NET_SessionId|uid)$" /-->
+	<!--securecookie host="^(?:vs)\.piratenpartei\.ch$" name="^(?:pll_language|uid)$" /-->
+
+	<!--securecookie host="^(?:www\.)?pirateparty\.ch$" name="^uid$" /-->
+
+
+	<rule from="^http://([^/]+\.)?parti-pirate\.ch/"
+		to="https://$1partipirate.ch/" />
+
+		<test url="http://www.parti-pirate.ch/" />
+
+	<rule from="^http://winterthur\.zh\.p(?:artipirate|artitopirata|irateparty)\.ch/"
+		to="https://winterthur.zh.piratenpartei.ch/" />
+
+		<test url="http://winterthur.zh.partipirate.ch/" />
+		<test url="http://winterthur.zh.partitopirata.ch/" />
+		<test url="http://winterthur.zh.pirateparty.ch/" />
+
+	<rule from="^http://([^/]+\.)?partito-pirata\.ch/"
+		to="https://$1partitopirata.ch/" />
+
+		<test url="http://www.partito-pirata.ch/" />
+
+	<rule from="^http://([^/]+\.)?pirate-party\.ch/"
+		to="https://$1pirateparty.ch/" />
+
+		<test url="http://www.pirate-party.ch/" />
+
+	<rule from="^http://([^/]+\.)?piraten-partei\.ch/"
+		to="https://$1piratenpartei.ch/" />
+
+		<test url="http://www.piraten-partei.ch/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PPSSPP.org.xml b/src/chrome/content/rules/PPSSPP.org.xml
new file mode 100644
index 000000000000..5be4ffac4e4d
--- /dev/null
+++ b/src/chrome/content/rules/PPSSPP.org.xml
@@ -0,0 +1,16 @@
+<!--
+	Connection refused:
+		- store.ppsspp.org
+-->
+
+<ruleset name="PPSSPP.org">
+	<target host="ppsspp.org" />
+	<target host="www.ppsspp.org" />
+	<target host="build.ppsspp.org" />
+	<target host="central.ppsspp.org" />
+	<target host="cydia.ppsspp.org" />
+	<target host="forums.ppsspp.org" />
+	<target host="report.ppsspp.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PQCrypto.org.xml b/src/chrome/content/rules/PQCrypto.org.xml
new file mode 100644
index 000000000000..3fa64d15a1e3
--- /dev/null
+++ b/src/chrome/content/rules/PQCrypto.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="PQCrypto.org">
+	<target host="pqcrypto.org" />
+	<target host="www.pqcrypto.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PR-Newswire.xml b/src/chrome/content/rules/PR-Newswire.xml
index 0c681a0e36bb..1c29a9029679 100644
--- a/src/chrome/content/rules/PR-Newswire.xml
+++ b/src/chrome/content/rules/PR-Newswire.xml
@@ -1,41 +1,21 @@
 <!--
 	For other UBM coverage, see UBM-mismatches.xml.
 
-
-	Nonfunctional:
-
-
-		- (www.)causeroom.com	(times out)
-		- \w+.causeroom.com	(ditto; unique subdomains for clients)
-		- (www.)drivetheweb.com	(times out)
-
-		- prnewswire.com:
-
-			- content	(cert: *.hs.llnwd.net; blank page)
-			- www		(ditto)
-
-		- (www.)smallbusinesspr.com
-		- (www.)thefuelteam.com	(times out)
+	Non-functional hosts
+		SSL connect error:
+		- prnewswire.com
 
 -->
 <ruleset name="PR Newswire (partial)">
 
-	<target host="filecache.drivetheweb.com" />
-	<target host="content.prnewswire.com"/>
+	<target host="www.prnewswire.com" />
+	<target host="content.prnewswire.com" />
 	<target host="photos.prnewswire.com" />
 	<target host="portal.prnewswire.com"/>
 
 
-	<securecookie host="^p\w+\.prnewswire\.com$" name=".*"/>
-
-
-	<rule from="^https?://filecache\.drivetheweb\.com/"
-		to="https://s3.amazonaws.com/filecache.drivetheweb.com/" />
-
-	<rule from="^https?://content\.prnewswire\.com/designimages/l(ine-horz|ogo-prn)-01_PRN\.gif"
-		to="https://portal.prnewswire.com/images/l$1-01.gif"/>
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://p(hotos|ortal)\.prnewswire\.com/"
-		to="https://p$1.prnewswire.com/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/PRISM-Break.org.xml b/src/chrome/content/rules/PRISM-Break.org.xml
new file mode 100644
index 000000000000..1e12a68f6352
--- /dev/null
+++ b/src/chrome/content/rules/PRISM-Break.org.xml
@@ -0,0 +1,16 @@
+<!--
+	Invalid certificate:
+		www.prism-break.org
+
+-->
+<ruleset name="PRISM Break.org">
+
+	<target host="prism-break.org" />
+	<target host="www.prism-break.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://(www\.)?prism-break\.org/"
+		to="https://prism-break.org/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PRISM_Break.org.xml b/src/chrome/content/rules/PRISM_Break.org.xml
deleted file mode 100644
index beb1aab11611..000000000000
--- a/src/chrome/content/rules/PRISM_Break.org.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="PRISM Break.org">
-
-	<target host="prism-break.org" />
-	<target host="www.prism-break.org" />
-
-
-	<securecookie host="^(?:www\.)?prism-break\.org$" name=".+" />
-
-
-	<rule from="^http://(www\.)?prism-break\.org/"
-		to="https://$1prism-break.org/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/PRO_ISP.no.xml b/src/chrome/content/rules/PRO_ISP.no.xml
new file mode 100644
index 000000000000..839157f2c0af
--- /dev/null
+++ b/src/chrome/content/rules/PRO_ISP.no.xml
@@ -0,0 +1,24 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- www.proisp.no
+		- .www.proisp.no
+
+-->
+<ruleset name="PRO ISP.no">
+
+	<target host="proisp.no" />
+	<target host="www.proisp.no" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.proisp\.no$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^\.www\.proisp\.no$" name="^pageuser$" /-->
+
+	<securecookie host="^\.?www\.proisp\.no$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PRQ.se.xml b/src/chrome/content/rules/PRQ.se.xml
index e20e7f76e6d2..ade95bd8a77b 100644
--- a/src/chrome/content/rules/PRQ.se.xml
+++ b/src/chrome/content/rules/PRQ.se.xml
@@ -1,7 +1,27 @@
-<ruleset name="prq.se">
-	<target host="webmail.prq.se" />
-	<target host="kundcenter.prq.se" />
-	<rule from="^http://webmail\.prq\.se/" to="https://webmail.prq.se/"/>
-	<rule from="^http://kundcenter\.prq\.se/" to="https://kundcenter.prq.se/"/>
-</ruleset>
-
+<!--
+	Couldn't connect to server:
+		- forum
+		- ftp
+		- sql01
+		- web01
+		- webstats
+
+	Timeout was reached:
+		- admin
+
+	HTTP authentication required:
+		- mgmt
+
+	Customer subdomains:
+		- host-*.cust.prq.se
+-->
+<ruleset name="PRQ.se">
+	<target host="prq.se" />
+	<target host="www.prq.se" />
+	<target host="ip.prq.se" />
+	<target host="ipv6.prq.se" />
+	<target host="kundcenter.prq.se" />
+	<target host="webmail.prq.se" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PRV.se.xml b/src/chrome/content/rules/PRV.se.xml
index 8a27ebc9b34f..5130e0f47f50 100644
--- a/src/chrome/content/rules/PRV.se.xml
+++ b/src/chrome/content/rules/PRV.se.xml
@@ -1,7 +1,13 @@
-<ruleset name="PRV.se" platform="mixedcontent">
+<ruleset name="PRV.se" >
 	<target host="prv.se" />
 	<target host="www.prv.se" />
-	<rule from="^http://www\.prv\.se/" to="https://www.prv.se/"/>
-	<rule from="^http://prv\.se/" to="https://www.prv.se/"/>
-</ruleset>
+	<target host="cfo.prv.se" />
+	<target host="synpunkt.prv.se" />
+	<target host="was.prv.se" />
+		<test url="http://was.prv.se/DesignDb/searchMain.jsp" />
+	<target host="wwwtest.prv.se" />
+
+	<securecookie host=".+" name=".+" />
 
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PRWeb.xml b/src/chrome/content/rules/PRWeb.xml
index 7431324ab62d..dc8ef5c52ac7 100644
--- a/src/chrome/content/rules/PRWeb.xml
+++ b/src/chrome/content/rules/PRWeb.xml
@@ -28,39 +28,39 @@
 
 	<!--	images/common	→	images/
 				-->
-	<rule from="^https?://service\.prweb\.com/_res/images/common/(carousel-(?:next|prev)\.png|logo\.gif|rss\.gif)"
+	<rule from="^http://service\.prweb\.com/_res/images/common/(carousel-(?:next|prev)\.png|logo\.gif|rss\.gif)"
 		to="https://app.prweb.com/prweb/images/$1" />
 
 	<!--	images/awards/	→	images/
 				-->
-	<rule from="^https?://service\.prweb\.com/_res/images/awards/(best-search|codie|upshot-50)\.gif"
+	<rule from="^http://service\.prweb\.com/_res/images/awards/(best-search|codie|upshot-50)\.gif"
 		to="https://app.prweb.com/images/$1.gif" />
 
 	<!--	images/bg/	→	images/
 				-->
-	<rule from="^https?://service\.prweb\.com/_res/images/bg/(counter-(?:left|right)|header-main|image-frame-big|main-content|section-bottom|shadow-lighter|usernav-on)\.gif"
+	<rule from="^http://service\.prweb\.com/_res/images/bg/(counter-(?:left|right)|header-main|image-frame-big|main-content|section-bottom|shadow-lighter|usernav-on)\.gif"
 		to="https://app.prweb.com/prweb/images/$1.gif" />
 
 	<!--	images/bg/	→	images/bg/	-->
-	<rule from="^https?://service\.prweb\.com/_res/images/bg/(create-account\.jpg|(?:dotted-divider|footer-divided|mainnav|navigation|usernav)\.gif)"
+	<rule from="^http://service\.prweb\.com/_res/images/bg/(create-account\.jpg|(?:dotted-divider|footer-divided|mainnav|navigation|usernav)\.gif)"
 		to="https://app.prweb.com/prweb/images/bg/$1" />
 
-	<rule from="^https?://service\.prweb\.com/_res/images/common/us-flag\.gif"
+	<rule from="^http://service\.prweb\.com/_res/images/common/us-flag\.gif"
 		to="https://app.prweb.com/prweb/images/bg/us-flag.gif" />
 
-	<rule from="^https?://service\.prweb\.com/_res/images/bullets/breadcrumb-arrow\.gif"
+	<rule from="^http://service\.prweb\.com/_res/images/bullets/breadcrumb-arrow\.gif"
 		to="https://app.prweb.com/prweb/images/bullets/breadcrumb-arrow.gif" />
 
 	<!--	images/common/	→	images/common/
 				-->
-	<rule from="^https?://service\.prweb\.com/_res/images/common/((?:facebook|linkedin|twitter)-icon\|medallion|search-go-smaller|vocus-logo)\.gif"
+	<rule from="^http://service\.prweb\.com/_res/images/common/((?:facebook|linkedin|twitter)-icon\|medallion|search-go-smaller|vocus-logo)\.gif"
 		to="https://app.prweb.com/prweb/images/common/$1.gif" />
 
 	<!--	images/headers	→	images/headers/	-->
-	<rule from="^https?://service\.prweb\.com/_res/images/headers/(call|here-to-help)\.gif"
+	<rule from="^http://service\.prweb\.com/_res/images/headers/(call|here-to-help)\.gif"
 		to="https://app.prweb.com/prweb/images/headers/$1.gif" />
 
-	<rule from="^https?://service\.prweb\.com/_res/images/bullets/more\.gif"
+	<rule from="^http://service\.prweb\.com/_res/images/bullets/more\.gif"
 		to="https://app.prweb.com/prweb/images/more.gif" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/PRX.xml b/src/chrome/content/rules/PRX.xml
index 67e878d12f93..6ce69a5046f9 100644
--- a/src/chrome/content/rules/PRX.xml
+++ b/src/chrome/content/rules/PRX.xml
@@ -18,16 +18,13 @@
 <ruleset name="PRX (partial)">
 
 	<target host="prx.org" />
-	<target host="*.prx.org" />
+	<target host="www.prx.org" />
+	<target host="assets1.prx.org" />
 
 
 	<securecookie host="^\.prx\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?prx\.org/"
-		to="https://$1prx.org/" />
+	<rule from="^http:" to="https:" />
 
-	<rule from="^https?://assets1\.prx\.org/"
-		to="https://d11pcyef3meeu9.cloudfront.net/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/PR_SA.pl.xml b/src/chrome/content/rules/PR_SA.pl.xml
new file mode 100644
index 000000000000..7f3e2be5720e
--- /dev/null
+++ b/src/chrome/content/rules/PR_SA.pl.xml
@@ -0,0 +1,19 @@
+<!--
+	For other Polskie Radio coverage, see Polskie_Radio.pl.xml.
+
+
+	(www.)?prsa.pl: Redirects to http
+
+-->
+<ruleset name="PR SA.pl (partial)">
+
+	<target host="static.prsa.pl" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PRstatics.com.xml b/src/chrome/content/rules/PRstatics.com.xml
new file mode 100644
index 000000000000..4ebe510c2d21
--- /dev/null
+++ b/src/chrome/content/rules/PRstatics.com.xml
@@ -0,0 +1,28 @@
+<!--
+	For other PlugRush coverage, see PlugRush.com.xml.
+
+
+	www.prstatics.com: Dropped over http
+
+
+	Insecure cookies are set for these domains:
+
+		- .prstatics.com
+
+-->
+<ruleset name="PRstatics.com">
+
+	<target host="prstatics.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.prstatics\.com$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PS-Webhosting-Webmail.xml b/src/chrome/content/rules/PS-Webhosting-Webmail.xml
deleted file mode 100644
index cd6f0c85afd2..000000000000
--- a/src/chrome/content/rules/PS-Webhosting-Webmail.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="PS-Webhosting Webmail">
-  <target host="webmail.planet-school.de" />
-  <securecookie host="^webmail\.planet-school\.de$" name=".*" />
-
-  <rule from="^http://webmail\.planet-school\.de/" to="https://webmail.planet-school.de/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/PS3Crunch.xml b/src/chrome/content/rules/PS3Crunch.xml
index 85a91ab1e259..84757c948325 100644
--- a/src/chrome/content/rules/PS3Crunch.xml
+++ b/src/chrome/content/rules/PS3Crunch.xml
@@ -12,4 +12,4 @@
 	<rule from="^http://(?:www\.)?ps3crunch\.net/"
 		to="https://ps3crunch.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/PSC.edu.xml b/src/chrome/content/rules/PSC.edu.xml
index 040e1b5f4af2..3f26dda2aa77 100644
--- a/src/chrome/content/rules/PSC.edu.xml
+++ b/src/chrome/content/rules/PSC.edu.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://delicate.psc.edu/ => https://delicate.psc.edu/: (28, 'Connection timed out after 20001 milliseconds')
+
 	Pittsburgh Supercomputing Center
 
 
@@ -15,16 +19,16 @@
 		- www
 
 -->
-<ruleset name="PSC.edu">
+<ruleset name="PSC.edu" default_off="failed ruleset test">
 
 	<target host="psc.edu" />
-	<target host="*.psc.edu" />
+	<target host="delicate.psc.edu" />
+	<target host="www.psc.edu" />
 
 
-	<securecookie host="^(?:.+\.)?psc\.edu$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(delicate\.|www\.)?psc\.edu/"
-		to="https://$1psc.edu/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/PSI-Network.de.xml b/src/chrome/content/rules/PSI-Network.de.xml
new file mode 100644
index 000000000000..3ece57ae3f17
--- /dev/null
+++ b/src/chrome/content/rules/PSI-Network.de.xml
@@ -0,0 +1,13 @@
+<!--
+	Invalid Certificate:
+		connect.psi-network.de
+		glossar.psi-network.de
+		m.psi-network.de
+-->
+<ruleset name="PSI-Network.de">
+	<target host="psi-network.de" />
+	<target host="www.psi-network.de" />
+	<target host="supplierfinder.psi-network.de" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PSSL.com.xml b/src/chrome/content/rules/PSSL.com.xml
index 1779ab5c9f7c..81417f5fcbfb 100644
--- a/src/chrome/content/rules/PSSL.com.xml
+++ b/src/chrome/content/rules/PSSL.com.xml
@@ -1,22 +1,22 @@
 <!--
-	Problematic subdomains:
+	Invalid certificate:
+		espanol.pssl.com
+		shop.pssl.com
 
-		- ^	(mismatched)
+	No working URL known:
+		cdn.pssl.com
+		livechat2.pssl.com
 
 -->
 <ruleset name="PSSL.com">
 
 	<target host="pssl.com" />
-	<target host="*.pssl.com" />
+	<target host="www.pssl.com" />
+	<target host="m.pssl.com" />
 
+	<securecookie host=".+" name=".+" />
 
-	<securecookie host=".+\.pssl\.com$" name=".+" />
+	<rule from="^http:"
+		to="https:" />
 
-
-	<rule from="^http://(?:www\.)?pssl\.com/"
-		to="https://www.pssl.com/" />
-
-	<rule from="^http://espanol\.pssl\.com/"
-		to="https://espanol.pssl.com/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/PSX-Extreme.xml b/src/chrome/content/rules/PSX-Extreme.xml
index 8bc464cc8b54..68c7e2923cf2 100644
--- a/src/chrome/content/rules/PSX-Extreme.xml
+++ b/src/chrome/content/rules/PSX-Extreme.xml
@@ -10,7 +10,6 @@
 	<target host="images.psxextreme.com" />
 
 
-	<rule from="^https?://images\.psxextreme\.com/"
-		to="https://dhtxsuc4vsorr.cloudfront.net/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/PTE.xml b/src/chrome/content/rules/PTE.xml
index bebde9d5dea2..11df7a04d821 100644
--- a/src/chrome/content/rules/PTE.xml
+++ b/src/chrome/content/rules/PTE.xml
@@ -1,5 +1,5 @@
 <ruleset name="P&#233;csi Tudom&#225;nyegyetem">
 	<target host="www.pte.hu" />
-	
-	<rule from="^http://www\.pte\.hu/" to="https://www.pte.hu/" />
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/PTT.br.xml b/src/chrome/content/rules/PTT.br.xml
new file mode 100644
index 000000000000..f03aa5fa7380
--- /dev/null
+++ b/src/chrome/content/rules/PTT.br.xml
@@ -0,0 +1,33 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ptt.br/ => https://ptt.br/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.ptt.br/ => https://www.ptt.br/: (51, "SSL: no alternative certificate subject name matches target host name 'www.ptt.br'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://ptt.br/ => https://ptt.br/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+	Mixed content:
+
+		- css from fonts.googleapis.com *
+
+		- Images from ^ *
+
+	* Secured by us
+
+-->
+<ruleset name="PTT.br" default_off="failed ruleset test">
+
+	<target host="ptt.br" />
+	<target host="www.ptt.br" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.ptt\.br$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\.ptt\.br$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PULP.xml b/src/chrome/content/rules/PULP.xml
index 8141398a7b05..d9f1be45dcc2 100644
--- a/src/chrome/content/rules/PULP.xml
+++ b/src/chrome/content/rules/PULP.xml
@@ -4,17 +4,19 @@
 		- pulp-covers.s3.amazonaws.com
 		- d29uljlw7gispl.cloudfront.net
 
+
+	(www.)?: refused
+
 -->
-<ruleset name="PULP">
+<ruleset name="PULP" default_off="refused">
 
 	<target host="pulpcentral.com" />
-	<target host="*.pulpcentral.com" />
+	<target host="www.pulpcentral.com" />
 
 
 	<securecookie host="^ssl\.pulpcentral\.com$" name=".+" />
 
 
-	<rule from="^http://(ssl\.|www\.)?pulpcentral\.com/"
-		to="https://$1pulpcentral.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/PZN.lgbt.xml b/src/chrome/content/rules/PZN.lgbt.xml
new file mode 100644
index 000000000000..ae97ddaf6c4d
--- /dev/null
+++ b/src/chrome/content/rules/PZN.lgbt.xml
@@ -0,0 +1,14 @@
+<!--
+	www doesn't exist.
+-->
+
+<ruleset name="PZN.lgbt">
+	<target host="pzn.lgbt" />
+	<target host="forum.pzn.lgbt" />
+	<target host="journal.pzn.lgbt" />
+	<target host="social.pzn.lgbt" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Pabo.xml b/src/chrome/content/rules/Pabo.xml
index 25d57d5094b1..9c02296b03e6 100644
--- a/src/chrome/content/rules/Pabo.xml
+++ b/src/chrome/content/rules/Pabo.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(www\.)?pabo\.nl/(/?assets_bu-hard/|data/|product/images/|selfhelp/(?:login|password_recover/))"
 		to="https://$1pabo.nl/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/PacBSD.org.xml b/src/chrome/content/rules/PacBSD.org.xml
new file mode 100644
index 000000000000..0179dd977333
--- /dev/null
+++ b/src/chrome/content/rules/PacBSD.org.xml
@@ -0,0 +1,24 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://aur.pacbsd.org/ => https://aur.pacbsd.org/: (6, 'Could not resolve host: aur.pacbsd.org')
+
+-->
+<ruleset name="PacBSD.org" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="pacbsd.org" />
+	<target host="aur.pacbsd.org" />
+	<target host="bbs.pacbsd.org" />
+	<target host="wiki.pacbsd.org" />
+	<target host="www.pacbsd.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PacSec.jp.xml b/src/chrome/content/rules/PacSec.jp.xml
new file mode 100644
index 000000000000..41ed403fae55
--- /dev/null
+++ b/src/chrome/content/rules/PacSec.jp.xml
@@ -0,0 +1,13 @@
+<!--
+	www: cert only matches ^pacsec.jp
+
+-->
+<ruleset name="PacSec.jp" default_off="cert-invalid">
+
+	<target host="pacsec.jp" />
+	<target host="www.pacsec.jp" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Pace2Race.xml b/src/chrome/content/rules/Pace2Race.xml
index 1d13ae8175d9..5e2c9c59b2aa 100644
--- a/src/chrome/content/rules/Pace2Race.xml
+++ b/src/chrome/content/rules/Pace2Race.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(www\.)?pace2race\.com/(wp-content/|wp-includes/|online-store(?:$|\?|/))"
 		to="https://$1pace2race.com/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Package_Control.io.xml b/src/chrome/content/rules/Package_Control.io.xml
new file mode 100644
index 000000000000..bf96abe2fd8a
--- /dev/null
+++ b/src/chrome/content/rules/Package_Control.io.xml
@@ -0,0 +1,13 @@
+<!--
+	www.packagecontrol.io does not exist.
+
+-->
+<ruleset name="Package Control.io">
+
+	<target host="packagecontrol.io" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Package_Lab.com.xml b/src/chrome/content/rules/Package_Lab.com.xml
new file mode 100644
index 000000000000..742bbd4e888a
--- /dev/null
+++ b/src/chrome/content/rules/Package_Lab.com.xml
@@ -0,0 +1,25 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://packagelab.com/ => https://packagelab.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://static.packagelab.com/ => https://static.packagelab.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.packagelab.com/ => https://www.packagelab.com/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="Package Lab.com" default_off="failed ruleset test">
+
+	<target host="packagelab.com" />
+	<target host="static.packagelab.com" />
+	<target host="www.packagelab.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.packagelab\.com$" name="^_xsrf$" /-->
+
+	<securecookie host="^www\.packagelab\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Packagist.org.xml b/src/chrome/content/rules/Packagist.org.xml
deleted file mode 100644
index 86dbcd5bea3f..000000000000
--- a/src/chrome/content/rules/Packagist.org.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!-- This rule was automatically generated based on an HSTS
-     preload rule in the Chromium browser.  See
-     https://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.h
-     for the list of preloads.  Sites are added to the Chromium HSTS
-     preload list on request from their administrators, so HTTPS should
-     work properly everywhere on this site.
-
-     Because Chromium and derived browsers automatically force HTTPS for
-     every access to this site, this rule applies only to Firefox. -->
-<ruleset name="Packagist.org" platform="firefox">
-<target host="packagist.org" />
-
-<securecookie host="^packagist\.org$" name=".+" />
-
-<rule from="^http://packagist\.org/" to="https://packagist.org/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Packet.net.xml b/src/chrome/content/rules/Packet.net.xml
new file mode 100644
index 000000000000..c6a857ef6b26
--- /dev/null
+++ b/src/chrome/content/rules/Packet.net.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these domains: ᶜ
+
+		- .packet.net
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Packet.net">
+
+	<target host="packet.net" />
+	<target host="www.packet.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.packet\.net$" name="^(?:__cfduid|cf_clearance|laravel_session)$" /-->
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Packet_Storm_Security.com.xml b/src/chrome/content/rules/Packet_Storm_Security.com.xml
index 6f81418e6b30..c2883cf3be8a 100644
--- a/src/chrome/content/rules/Packet_Storm_Security.com.xml
+++ b/src/chrome/content/rules/Packet_Storm_Security.com.xml
@@ -1,24 +1,30 @@
-<!--
-	Problematic domains:
-
-		- packetstatic.com	(mismatched, CN: packetstormsecurity.com)
 
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://packetstatic.com/ => https://packetstatic.com/: (51, "SSL: no alternative certificate subject name matches target host name 'packetstormsecurity.org'")
 
-	Some paths redirect to http.
+	www.packetstatic.com: Mismatched
 
 -->
-<ruleset name="Packet Storm Security.com (partial)">
+<ruleset name="Packet Storm Security.com" default_off="failed ruleset test">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="packetstatic.com" />
-	<target host="www.packetstatic.com" />
+
 	<target host="packetstormsecurity.com" />
+	<target host="rss.packetstormsecurity.com" />
 	<target host="www.packetstormsecurity.com" />
 
+	<!--	Complications:
+				-->
+	<target host="www.packetstatic.com" />
+
 
-	<rule from="^http://(?:www\.)?packetstatic\.com/(?=art/|(?:css|img|js)\d*/)"
+	<rule from="^http://www\.packetstatic\.com/"
 		to="https://packetstormsecurity.com/" />
 
-	<rule from="^http://(www\.)?packetstormsecurity\.com/(?=(?:account|forgot|register)(?:$|[?/])|art/|(?:css|img|js)\d*/|favicon\.ico)"
-		to="https://$1packetstormsecurity.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Packetwerk.com.xml b/src/chrome/content/rules/Packetwerk.com.xml
new file mode 100644
index 000000000000..b3ab4be6f31b
--- /dev/null
+++ b/src/chrome/content/rules/Packetwerk.com.xml
@@ -0,0 +1,23 @@
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://packetwerk.com/ => https://packetwerk.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.packetwerk.com/ => https://packetwerk.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+	www: cert only matches ^packetwerk.com
+
+-->
+<ruleset name="Packetwerk.com">
+
+	<target host="packetwerk.com" />
+	<target host="www.packetwerk.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^packetwerk\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^packetwerk\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Packt_Publishing-problematic.xml b/src/chrome/content/rules/Packt_Publishing-problematic.xml
index 031485d9456d..06abc9f3a780 100644
--- a/src/chrome/content/rules/Packt_Publishing-problematic.xml
+++ b/src/chrome/content/rules/Packt_Publishing-problematic.xml
@@ -7,7 +7,6 @@
 	<target host="link.packtpub.com" />
 
 
-	<rule from="^http://link\.packtpub\.com/"
-		to="https://link.packtpub.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Packt_Publishing.xml b/src/chrome/content/rules/Packt_Publishing.xml
index a27652943561..5e18f02f6005 100644
--- a/src/chrome/content/rules/Packt_Publishing.xml
+++ b/src/chrome/content/rules/Packt_Publishing.xml
@@ -9,19 +9,31 @@
 
 	Problematic subdomains:
 
-		- link		(works; mismatched, CN: salesdb.packtpub.com)
+		- link *
+
+	* Works; mismatched, CN: salesdb.packtpub.com
+
+
+	Observed cookie domains:
+
+		- . *
+		- careers *
+
+	* Secured by us <= not secured by server
 
 -->
 <ruleset name="Packt Publishing (partial)">
 
 	<target host="packtpub.com" />
-	<target host="*.packtpub.com" />
+	<target host="careers.packtpub.com" />
+	<target host="packtlib.packtpub.com" />
+	<target host="salesdb.packtpub.com" />
+	<target host="www.packtpub.com" />
 
 
-	<securecookie host="^.*\.packtpub\.com$" name=".+" />
+	<securecookie host=".*\.packtpub\.com$" name=".+" />
 
 
-	<rule from="^http://((?:careers|packtlib|salesdb|www)\.)?packtpub\.com/"
-		to="https://$1packtpub.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Pacnet.xml b/src/chrome/content/rules/Pacnet.xml
deleted file mode 100644
index 5e9a7f3ce81c..000000000000
--- a/src/chrome/content/rules/Pacnet.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="Pacnet (partial)">
-
-	<target host="wm4.pacific.net.au" />
-
-
-	<securecookie host="^wm4\.pacific\.net\.au$" name=".+" />
-
-
-	<rule from="^http://wm4\.pacific\.net\.au/"
-		to="https://wm4.pacific.net.au/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/PadLister.com.xml b/src/chrome/content/rules/PadLister.com.xml
new file mode 100644
index 000000000000..0a0b7e5c98e1
--- /dev/null
+++ b/src/chrome/content/rules/PadLister.com.xml
@@ -0,0 +1,40 @@
+<!--
+	For other PadMapper cverage, see PadMapper.xml.
+
+-->
+<ruleset name="PadLister.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="padlister.com" />
+	<target host="www.padlister.com" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.padlister\.com/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.padlister\.com/+(?!assets/|images/|users/login(?:$|\?))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.padlister.com/about" />
+			<test url="http://www.padlister.com/browse/US" />
+			<test url="http://www.padlister.com/faq" />
+			<test url="http://www.padlister.com/listings/11529202" />
+			<test url="http://www.padlister.com/listings/11537240" />
+			<test url="http://www.padlister.com/listings/new" />
+			<test url="http://www.padlister.com/manage/listings" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.padlister.com/assets/listings_layout.css" />
+			<test url="http://www.padlister.com/images/PadLister-LogoSmall-White.png" />
+			<test url="http://www.padlister.com/users/login" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PadMapper.xml b/src/chrome/content/rules/PadMapper.xml
index 0e5c2f4acd20..457f2c2389ca 100644
--- a/src/chrome/content/rules/PadMapper.xml
+++ b/src/chrome/content/rules/PadMapper.xml
@@ -1,20 +1,51 @@
-<ruleset name="PadMapper (partial)">
+<!--
+	Other PadMapper rulesets:
 
-	<target host="padlister.com" />
-	<target host="www.padlister.com" />
+		- PadLister.com.xml
+
+
+	Nonfunctional hosts in *padmapper.com:
+
+		- blog *
+
+	* Refused
+
+-->
+<ruleset name="PadMapper.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
 	<target host="padmapper.com" />
 	<target host="www.padmapper.com" />
 
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.padmapper\.com/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.padmapper\.com/+(?!favicon\.ico|images/|pad(?:$|[?/])|static/)" />
 
-	<securecookie host="^www\.padmapper\.com$" name=".+" />
+			<!--	+ve:
+					-->
+			<test url="http://www.padmapper.com/listings/6126244" />
+			<test url="http://www.padmapper.com/post" />
+			<test url="http://www.padmapper.com/search/apartments/Alaska/alaska/" />
+			<test url="http://www.padmapper.com/search/apartments/Hawaii/hawaii/" />
+			<test url="http://www.padmapper.com/search/apartments/Massachusetts/" />
+			<test url="http://www.padmapper.com/search/apartments/New-Mexico/albuquerque/" />
+			<test url="http://www.padmapper.com/search/apartments/New-York/" />
+			<test url="http://www.padmapper.com/search/apartments/Quebec/Grenville/" />
+			<test url="http://www.padmapper.com/search/apartments/Wisconsin/" />
 
+			<!--	-ve:
+					-->
+			<test url="http://www.padmapper.com/favicon.ico" />
+			<test url="http://www.padmapper.com/images/PadLogoSmallV2.png" />
+			<test url="http://www.padmapper.com/static/css/ui.stripped.css" />
 
-	<rule from="^http://(www\.)?padmapper\.com/"
-		to="https://$1padmapper.com/" />
 
-	<!--	At least some pages 302 to http.
-							-->
-	<rule from="^http://(www\.)?padlister\.com/(assets/|images/|users/login(?:$|\?))"
-		to="https://$1padlister.com/$2" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Paddle.com.xml b/src/chrome/content/rules/Paddle.com.xml
index cb1a08a63554..504bc239ca2f 100644
--- a/src/chrome/content/rules/Paddle.com.xml
+++ b/src/chrome/content/rules/Paddle.com.xml
@@ -3,19 +3,34 @@
 
 		- paddle-static.s3.amazonaws.com
 
+
+	Insecure cookies are set for these domains:
+
+		- .paddle.com
+
 -->
 <ruleset name="Paddle.com">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="paddle.com" />
-	<target host="*.paddle.com" />
+	<target host="checkout.paddle.com" />
+	<target host="pay.paddle.com" />
+	<target host="vendors.paddle.com" />
+	<target host="www.paddle.com" />
+
 	<target host="paddleapi.com" />
-	<target host="*.paddleapi.com" />
+	<target host="www.paddleapi.com" />
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.paddle\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
 
 	<securecookie host="^(?:www)?\.paddle(?:api)?\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?paddle(api)?\.com/"
-		to="https://$1paddle$2.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Padlet.com.xml b/src/chrome/content/rules/Padlet.com.xml
new file mode 100644
index 000000000000..58a71c33ddf1
--- /dev/null
+++ b/src/chrome/content/rules/Padlet.com.xml
@@ -0,0 +1,37 @@
+<!--
+	CDN buckets:
+
+		- d2s8n7nv9yizdf.cloudfront.net
+
+
+	Nonfunctional subdomains:
+
+		- blog *
+		- sl *
+
+	* google pages
+
+
+	jn: works; mismatched, CN: *.helpscoutdocs.com
+
+-->
+<ruleset name="Padlet.com (partial)">
+
+	<target host="padlet.com" />
+	<target host="www.padlet.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.padlet\.com$" name="^ww_[dps]$" /-->
+	<!--securecookie host="^jn\.padlet\.com$" name="^PLAY_SESSION$" /-->
+
+	<securecookie host="^\.padlet\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+	<!--rule from="^http://jn\.padlet\.com/"
+		to="https://helpscout.helpscoutdocs.com/" /-->
+
+</ruleset>
diff --git a/src/chrome/content/rules/Padsdel.com.xml b/src/chrome/content/rules/Padsdel.com.xml
new file mode 100644
index 000000000000..790b6e6ecb80
--- /dev/null
+++ b/src/chrome/content/rules/Padsdel.com.xml
@@ -0,0 +1,24 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- go.padsdel.com
+
+-->
+<ruleset name="padsdel.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="go.padsdel.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^go\.padsdel\.com$" name="^(OAGEO[\da-f]+|OAID)$" /-->
+
+	<securecookie host="^go\.padsdel\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Padstm.com.xml b/src/chrome/content/rules/Padstm.com.xml
new file mode 100644
index 000000000000..0ae8151c9df4
--- /dev/null
+++ b/src/chrome/content/rules/Padstm.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="padstm.com">
+
+	<target host="go.padstm.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PagPop.xml b/src/chrome/content/rules/PagPop.xml
index 2f3029bfb598..52c14af8389f 100644
--- a/src/chrome/content/rules/PagPop.xml
+++ b/src/chrome/content/rules/PagPop.xml
@@ -1,15 +1,22 @@
-<ruleset name="PagPop">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://vitalcred.com.br/ => https://vitalcred.com.br/: (6, 'Could not resolve host: vitalcred.com.br')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://pagpop.com.br/ => https://pagpop.com.br/: (60, 'SSL certificate problem: certificate has expired')
+-->
+<ruleset name="PagPop" default_off="failed ruleset test">
 
 	<target host="pagpop.com.br" />
-	<target host="*.pagpop.com.br" />
 	<target host="vitalcred.com.br" />
-	<target host="*.vitalcred.com.br" />
+	<target host="www.pagpop.com.br" />
+	<target host="www.vitalcred.com.br" />
 
 
-	<securecookie host="^(?:.*\.)?(?:pagpop|vitalcred)\.com\.br$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(www\.)?(pagpop|vitalcred)\.com\.br/"
-		to="https://$1$2.com.br/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/PageAbode.com.xml b/src/chrome/content/rules/PageAbode.com.xml
new file mode 100644
index 000000000000..134c2c24956f
--- /dev/null
+++ b/src/chrome/content/rules/PageAbode.com.xml
@@ -0,0 +1,23 @@
+<!--
+	Mismatched:
+		- ftp.pageabode.com
+-->
+<ruleset name="PageAbode.com">
+	<target host="pageabode.com" />
+	<target host="www.pageabode.com" />
+	<target host="anarchism.pageabode.com" />
+	<target host="www.anarchism.pageabode.com" />
+	<target host="classics.pageabode.com" />
+	<target host="www.classics.pageabode.com" />
+	<target host="flood.pageabode.com" />
+	<target host="www.flood.pageabode.com" />
+	<target host="grassroots.pageabode.com" />
+	<target host="www.grassroots.pageabode.com" />
+	<target host="surveys.pageabode.com" />
+	<target host="www.surveys.pageabode.com" />
+	<target host="whowewere.pageabode.com" />
+	<target host="www.whowewere.pageabode.com" />
+	<target host="mail.pageabode.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PageFair.com.xml b/src/chrome/content/rules/PageFair.com.xml
new file mode 100644
index 000000000000..cb1ff139b786
--- /dev/null
+++ b/src/chrome/content/rules/PageFair.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- pagefair.com
+		- www.pagefair.com
+
+-->
+<ruleset name="PageFair.com">
+
+	<target host="pagefair.com" />
+	<target host="blog.pagefair.com" />
+	<target host="www.pagefair.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?pagefair\.com$" name="^(?:csrftoken|sessionid)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PageKite.xml b/src/chrome/content/rules/PageKite.xml
index 5bdad456b00b..b0dcb1e866dd 100644
--- a/src/chrome/content/rules/PageKite.xml
+++ b/src/chrome/content/rules/PageKite.xml
@@ -1,7 +1,22 @@
-<ruleset name="PageKite">
-  <target host="www.pagekite.net" />
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://g1-bre.pagekite.net/ => https://g1-bre.pagekite.net/: (6, 'Could not resolve host: g1-bre.pagekite.net')
+
+-->
+<ruleset name="PageKite.net" default_off="failed ruleset test">
   <target host="pagekite.net" />
+	<target host="g1-bre.pagekite.net" />
+	<target host="www.pagekite.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^pagekite\.net$" name="^(csrftoken|ra)$" /-->
+
+	<securecookie host="^pagekite\.net$" name=".+" />
+
 
-  <rule from="^http://(?:www\.)?pagekite\.net/" to="https://pagekite.net/"/>
+  <rule from="^http:" to="https:" />
 </ruleset>
 
diff --git a/src/chrome/content/rules/Pagely.xml b/src/chrome/content/rules/Pagely.xml
index 7762500ff355..cdd7f535c3a8 100644
--- a/src/chrome/content/rules/Pagely.xml
+++ b/src/chrome/content/rules/Pagely.xml
@@ -1,22 +1,16 @@
-<!--	!functional:
-		- *.presscdn.com	(cert: edgecastcdn.net; 404)
-		- blog.page.ly		(cert: plesk; shows 108-hero.com data)
--->
-<ruleset name="Pagely (partial)">
-
-	<target host="page.ly"/>
-	<target host="www.page.ly"/>
+<!--
+	Invalid certificate:
+		blog.page.ly
+		cdn.page.ly
+		www.cdn.page.ly
 
-	<!--	pagely.com shows 108-hero.com data
-		page.ly pages redirect infinitely
-	<rule from="^http://page(\.ly|ly\.com)/"
-		to="https://www.page.ly/"-->
+-->
+<ruleset name="Pagely">
 
-	<rule from="^http://(www\.)?page\.ly/(favicon\.ico|public/|signup/|wp-content/)"
-		to="https://$1page.ly/$2"/>
+	<target host="page.ly" />
+	<target host="www.page.ly" />
 
-	<!--	404	-->
-	<rule from="^http://pagely\.presscdn\.com/wp-content/"
-		to="https://page.ly/wp-content/"/>
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Pages05.net.xml b/src/chrome/content/rules/Pages05.net.xml
index 1b3ad956ef8e..1e81b9b81fd5 100644
--- a/src/chrome/content/rules/Pages05.net.xml
+++ b/src/chrome/content/rules/Pages05.net.xml
@@ -4,10 +4,14 @@
 -->
 <ruleset name="pages05.net">
 
+	<target host="pages05.net" />
 	<target host="www.sc.pages05.net" />
+	<target host="www.pages05.net" />
 
+		<test url="http://www.sc.pages05.net/lp/static/js/iMAWebCookie.js" />
 
-	<rule from="^http://www\.sc\.pages05\.net/"
-		to="https://www.sc.pages05.net/" />
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Pagina_Zero.xml b/src/chrome/content/rules/Pagina_Zero.xml
index a43e707cd6b6..6ff30b89f3d0 100644
--- a/src/chrome/content/rules/Pagina_Zero.xml
+++ b/src/chrome/content/rules/Pagina_Zero.xml
@@ -1,13 +1,21 @@
-<ruleset name="Página Zero">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://paginazero.com.br/ => https://paginazero.com.br/: (51, "SSL: no alternative certificate subject name matches target host name 'paginazero.com.br'")
+Fetch error: http://www.paginazero.com.br/ => https://www.paginazero.com.br/: (51, "SSL: no alternative certificate subject name matches target host name 'www.paginazero.com.br'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://paginazero.com.br/ => https://paginazero.com.br/: (51, "SSL: no alternative certificate subject name matches target host name 'paginazero.com.br'")
+-->
+<ruleset name="Página Zero" default_off="failed ruleset test">
 
 	<target host="paginazero.com.br" />
-	<target host="*.paginazero.com.br" />
+	<target host="www.paginazero.com.br" />
 
 
 	<securecookie host="^(?:w*\.)?paginazero\.com\.br$" name=".+" />
 
 
-	<rule from="^http://(www\.)?paginazero\.com\.br/"
-		to="https://$1paginazero.com.br/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Paglen.com.xml b/src/chrome/content/rules/Paglen.com.xml
new file mode 100644
index 000000000000..03530fe35dc8
--- /dev/null
+++ b/src/chrome/content/rules/Paglen.com.xml
@@ -0,0 +1,13 @@
+<!--
+	Mismatched:
+		- ir1.paglen.com
+-->
+<ruleset name="Paglen.com">
+	<target host="paglen.com" />
+	<target host="www.paglen.com" />
+	<target host="imagenet-roulette.paglen.com" />
+	<target host="roulette.paglen.com" />
+	<target host="trevor.paglen.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Pagoda_Box.xml b/src/chrome/content/rules/Pagoda_Box.xml
index 32da1513fd16..6d985e7f7c32 100644
--- a/src/chrome/content/rules/Pagoda_Box.xml
+++ b/src/chrome/content/rules/Pagoda_Box.xml
@@ -1,36 +1,43 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://pagodabox.com/ => https://pagodabox.com/: (60, 'SSL certificate problem: certificate has expired')
+
 	CDN buckets:
 
 		- pagodabox-assets.s3.amazonaws.com
 		- pagoda.desk.com
 
 
-	Nonfunctional subdomains:
+	Nonfunctional domains:
 
-		- help		(redirects to http; mismatched, CN: *.assistly.com)
+		- (www.)?godl.co *
 
+	* Refused
 
-	Problematic domains:
+	Nonfunctional subdomains:
 
-		- godl.co	(mismatched, CN: *.pagodabox.com)
+		- help		(redirects to http; mismatched, CN: *.assistly.com)
 
 -->
-<ruleset name="Pagoda Box">
+<ruleset name="Pagoda Box" default_off="failed ruleset test">
 
-	<target host="godl.co" />
-	<target host="*.godl.co" />
+	<!--target host="godl.co" /-->
+	<!--target host="*.godl.co" /-->
 	<target host="pagodabox.com" />
-	<target host="*.pagodabox.com" />
+	<target host="assistly-assets.pagodabox.com" />
+	<target host="blog.pagodabox.com" />
+	<target host="dashboard.pagodabox.com" />
+	<target host="www.pagodabox.com" />
 
 
-	<securecookie host="^\.godl.co$" name=".+" />
+	<!--securecookie host="^\.godl.co$" name=".+" /-->
 	<securecookie host="^(?:dashboard\.)?pagodabox\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?godl.co/"
-		to="https://www.godl.co/" />
+	<!--rule from="^http://(?:www\.)?godl\.co/"
+		to="https://www.godl.co/" /-->
 
-	<rule from="^http://((?:assistly-assets|blog|dashboard|www)\.)?pagodabox\.com/"
-		to="https://$1pagodabox.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Pair-Networks.xml b/src/chrome/content/rules/Pair-Networks.xml
index 8b4ab9133dbe..8494d5420bce 100644
--- a/src/chrome/content/rules/Pair-Networks.xml
+++ b/src/chrome/content/rules/Pair-Networks.xml
@@ -7,46 +7,25 @@
 		- blog.pairnic.com		(cert: *.pair.com; redirects there)
 		- (www.)pairvps.com
 		- (www.)quickserve.com		(ditto)
-
 -->
 <ruleset name="pair Networks (partial)">
 
-	<target host="eliminatejunkemail.com" />
-	<target host="www.eliminatejunkemail.com" />
 	<target host="pair.com" />
 	<target host="*.pair.com" />
-	<target host="*.webmail.pair.com" />
+		<test url="http://webmail.pair.com/" />
+		<test url="http://waitak.pair.com/" />
+		<test url="http://vondu.pair.com/" />
 	<target host="pairlite.com" />
-	<target host="*.pairlite.com" />
 	<target host="pairnic.com" />
 	<target host="*.pairnic.com" />
-		<exclusion pattern="http://(cpan|whois)\.pairnic\." />
-
-
-	<securecookie host="^(.*\.)?pairnic\.com$" name=".*" />
-
-
-	<!--	- Cert mismatch
-		- Redirects like so over http.
-					-->
-	<rule from="^https://(?:www\.)?eliminatejunkemail\.com/"
-		to="https://www.pairnic.com/" />
-
-	<!--	Pages differ between http & https.
-							-->
-	<rule from="^http://(www\.)?pair\.com/(assets|static)/"
-		to="https://$1pair.com/$2/" />
-
-	<rule from="^http://(my|promote|static|(?:(?:[as]m|my|rc|sm)\.)?webmail)\.pair\.com/"
-		to="https://$1.pair.com/" />
-
-	<rule from="^http://(www\.)?pairlite\.com/(images/|signup/|styles01\.css)"
-		to="https://$1pairlite.com/$2" />
-
-	<rule from="^http://(my|webmail)\.pairlite\.com/"
-		to="https://$1.pairlite.com/" />
+		<test url="http://gift.pairnic.com/" />
+		<test url="http://dynamic.pairnic.com/" />
+		<test url="http://comingsoon.pairnic.com/" />
+	<!-- 2018: New Domain for service-->
+	<target host="pairdomains.com" />
 
-	<rule from="^http://(www\.)?pairnic\.com/"
-		to="https://$1pairnic.com/" />
+	<securecookie host="^(?:.*\.)?pairnic\.com$" name=".+" />
 
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Paket_de.xml b/src/chrome/content/rules/Paket_de.xml
new file mode 100644
index 000000000000..bd23783a8fa8
--- /dev/null
+++ b/src/chrome/content/rules/Paket_de.xml
@@ -0,0 +1,6 @@
+<ruleset name="Paket.de">
+    <target host="paket.de" />
+    <target host="www.paket.de" />
+
+    <rule from="^http://(?:www\.)?paket\.de/" to="https://www.paket.de/" />
+</ruleset>
diff --git a/src/chrome/content/rules/PalSolidarity.org.xml b/src/chrome/content/rules/PalSolidarity.org.xml
new file mode 100644
index 000000000000..7ce7815e0e33
--- /dev/null
+++ b/src/chrome/content/rules/PalSolidarity.org.xml
@@ -0,0 +1,33 @@
+<!--
+	Mixed content:
+
+		- iframe from www.youtube.com *
+		- css on ^, spain from $self *
+
+		- Images, on:
+
+			- ^, spain from $self *
+			- ^ from i\d.wp.com *
+			- spain from i.imgur.com *
+
+		- Bugs from www.facebook.com *
+
+	* Secured by us
+
+-->
+<ruleset name="PalSolidarity.org" platform="mixedcontent">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="palsolidarity.org" />
+	<target host="spain.palsolidarity.org" />
+	<target host="www.palsolidarity.org" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Palantir.com.xml b/src/chrome/content/rules/Palantir.com.xml
new file mode 100644
index 000000000000..78e3435d6f25
--- /dev/null
+++ b/src/chrome/content/rules/Palantir.com.xml
@@ -0,0 +1,12 @@
+<!--
+	^palantir.com doesn't exist.
+
+-->
+<ruleset name="Palantir.com">
+
+	<target host="www.palantir.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Palbin.com.xml b/src/chrome/content/rules/Palbin.com.xml
index 2040540d64bf..307ec3afaa5e 100644
--- a/src/chrome/content/rules/Palbin.com.xml
+++ b/src/chrome/content/rules/Palbin.com.xml
@@ -9,7 +9,8 @@
 <ruleset name="Palbin.com">
 
 	<target host="palbin.com" />
-	<target host="*.palbin.com" />
+	<target host="www.palbin.com" />
+	<target host="cdn.palbin.com" />
 
 
 	<securecookie host="^(?:www)?\.palbin\.com$" name=".+" />
@@ -21,4 +22,6 @@
 	<rule from="^http://(?:www\.)?palbin\.com/"
 		to="https://www.palbin.com/" />
 
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Pale_Moon.org.xml b/src/chrome/content/rules/Pale_Moon.org.xml
new file mode 100644
index 000000000000..7530c3674212
--- /dev/null
+++ b/src/chrome/content/rules/Pale_Moon.org.xml
@@ -0,0 +1,18 @@
+<!--
+	HTTP 502:
+		- relmirror
+-->
+
+<ruleset name="Pale Moon.org (partial)">
+	<target host="palemoon.org" />
+	<target host="www.palemoon.org" />
+	<target host="addons.palemoon.org" />
+	<target host="developer.palemoon.org" />
+	<target host="forum.palemoon.org" />
+	<target host="linux.palemoon.org" />
+	<target host="start.palemoon.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Palfrader.org.xml b/src/chrome/content/rules/Palfrader.org.xml
new file mode 100644
index 000000000000..d776a79d06ab
--- /dev/null
+++ b/src/chrome/content/rules/Palfrader.org.xml
@@ -0,0 +1,13 @@
+<ruleset name="palfrader.org">
+
+	<target host="palfrader.org" />
+	<target host="www.palfrader.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Palgrave.com.xml b/src/chrome/content/rules/Palgrave.com.xml
new file mode 100644
index 000000000000..c818ab53c519
--- /dev/null
+++ b/src/chrome/content/rules/Palgrave.com.xml
@@ -0,0 +1,35 @@
+<!--
+	^: mismatched, CN: www.macmillandictionary.com
+
+
+	Mixed content:
+
+		- Bugs, from:
+
+			- nexus.ensighten.com *
+			- contentz.mkt941.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Palgrave.com">
+
+	<target host="palgrave.com" />
+	<target host="www.palgrave.com" />
+
+
+	<!--	Secured by server:
+					-->
+	<!--securecookie host="^www\.palgrave\.com$" name="^ASPSESSIONID\w{8}$" /-->
+	<!--
+		Not secured by server:
+					-->
+	<!--securecookie host="^www\.palgrave\.com$" name="^(\w{8}|PHPSESSID|macmillan_loc|pvt|testmacmillan\w)$" /-->
+
+	<securecookie host="^www\.palgrave\.com$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?palgrave\.com/"
+		to="https://www.palgrave.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Palm-Coast-Data.xml b/src/chrome/content/rules/Palm-Coast-Data.xml
deleted file mode 100644
index fc4143126edc..000000000000
--- a/src/chrome/content/rules/Palm-Coast-Data.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--	!functional subdomains:
-		- www		(cert: secure.palmcoastd.com; redirects to http)
-		- biportal	(timeout)
-
--->
-<ruleset name="Palm Coast Data">
-
-	<target host="secure.palmcoastd.com"/>
-	<target host="ssl.palmcoastd.com"/>
-
-	<!--	encountered cookies:
-			- ^\.
-			- ^ssl		-->
-	<securecookie host="^(.*\.)?palmcoastd\.com$" name=".*"/>
-
-	<rule from="^http://s(ecure|sl)\.palmcoastd\.com/"
-		to="https://s$1.palmcoastd.com/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Palm.com.xml b/src/chrome/content/rules/Palm.com.xml
new file mode 100644
index 000000000000..4d7e418843c5
--- /dev/null
+++ b/src/chrome/content/rules/Palm.com.xml
@@ -0,0 +1,25 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://developer.palm.com/ => https://developer.palm.com/: (28, 'Connection timed out after 20000 milliseconds')
+
+-->
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://developer.palm.com/ => https://developer.palm.com/: (28, 'Connection timed out after 10000 milliseconds')
+
+	For other Hewlett Packard coverage, see Hewlett-Packard.xml.
+
+-->
+<ruleset name="Palm.com (partial)" default_off="failed ruleset test">
+
+	<target host="developer.palm.com" />
+
+
+	<securecookie host="^developer\.palm\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Palm_Coast_Data-problematic.xml b/src/chrome/content/rules/Palm_Coast_Data-problematic.xml
deleted file mode 100644
index 2decf2062db5..000000000000
--- a/src/chrome/content/rules/Palm_Coast_Data-problematic.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	For rules that are on by default, see Palm_Coast_Data.xml.
-
-
-	^palmcoastdata.com doesn't exist.
-
--->
-<ruleset name="Palm Coast Data (problematic)" default_off="self-signed">
-
-	<target host="*.palmcoastdata.com" />
-
-
-	<securecookie host="^\.palmcoastdata\.com$" name=".+" />
-
-
-	<rule from="^http://www\.palmcoastdata\.com/"
-		to="https://www.palmcoastdata.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Palm_Coast_Data.xml b/src/chrome/content/rules/Palm_Coast_Data.xml
index 25760b03b00f..29b9b4544946 100644
--- a/src/chrome/content/rules/Palm_Coast_Data.xml
+++ b/src/chrome/content/rules/Palm_Coast_Data.xml
@@ -1,26 +1,28 @@
-<!--
-	For problematic rules, see Palm_Coast_Data-problematic.xml.
-
-
-	Nonfunctional domains:
-
-		- biportal.palmcoastd.com	(times out)
 
+<!--
 
-	Problematic domains:
+	Nonfunctional hosts in *palmcoastd.com:
 
-		- www.palmcoastdata.com		(works, self-signed, CN: pcd-webserver)
+		- ^ (does not exist)
+		- biportal (timeout)
+		- ssologin (ssl error)
 
 -->
-<ruleset name="Palm Coast Data (partial)">
+<ruleset name="Palm Coast Data">
 
-	<target host="*.palmcoastd.com" />
+	<target host="www.palmcoastd.com" />
+	<target host="internal.palmcoastd.com" />
+	<target host="pcdtest.palmcoastd.com" />
+	<target host="remedy.palmcoastd.com" />
+	<target host="secure.palmcoastd.com" />
+	<target host="ssl.palmcoastd.com" />
+	<target host="ssltest.palmcoastd.com" />
 
 
 	<securecookie host="^\.palmcoastd\.com$" name="^:xCOOKIEx:$" />
 
 
-	<rule from="^http://s(ecure|sologin)\.palmcoastd\.com/"
-		to="https://s$1.palmcoastd.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Palmetto.com.xml b/src/chrome/content/rules/Palmetto.com.xml
index 6aa6a87dc3ec..0a2325ee825b 100644
--- a/src/chrome/content/rules/Palmetto.com.xml
+++ b/src/chrome/content/rules/Palmetto.com.xml
@@ -11,7 +11,6 @@
 	<securecookie host="^www\.palmetto\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?palmetto\.com/"
-		to="https://$1palmetto.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Palms_Casino_Resort.xml b/src/chrome/content/rules/Palms_Casino_Resort.xml
index f4afe2f4f45b..ad4839edd308 100644
--- a/src/chrome/content/rules/Palms_Casino_Resort.xml
+++ b/src/chrome/content/rules/Palms_Casino_Resort.xml
@@ -1,20 +1,20 @@
 <!--
-	 subdomains:
+	Palms Casino Resort
 
-		- (www.)	(cert only matches res2)
 
-
-	Some pages redirect back to www
+	(www.)?palms.com: 522
 
 -->
-<ruleset name="Palms Casino Resort (partial)">
+<ruleset name="Palms.com (partial)">
+
+	<target host="reservations.palms.com" />
+
 
-	<target host="palms.com" />
-	<target host="*.palms.com" />
-		<exclusion pattern="^http://(?:www\.)?palms\.com/(?!$|\?|casino-resort\.html|content/|etc/|libs/)" />
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^http://(?:res2\.|www\.)?palms\.com/"
-		to="https://res2.palms.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Palo_Alto_Networks.com.xml b/src/chrome/content/rules/Palo_Alto_Networks.com.xml
new file mode 100644
index 000000000000..1f42a80acf43
--- /dev/null
+++ b/src/chrome/content/rules/Palo_Alto_Networks.com.xml
@@ -0,0 +1,62 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://portal3.wildfire.paloaltonetworks.com/ => https://portal3.wildfire.paloaltonetworks.com/: (60, 'SSL certificate problem: certificate has expired')
+
+	Nonfunctional hosts in *paloaltonetworks.com:
+
+		- researchcenter *
+
+	* Dropped
+
+
+	These altnames don't exist:
+
+		- www.identity.paloaltonetworks.com
+		- www.live.paloaltonetworks.com
+		- www.login.paloaltonetworks.com
+		- www.support.paloaltonetworks.com
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .paloaltonetworks.com
+		- live.paloaltonetworks.com
+		- securityadvisories.paloaltonetworks.com
+		- urlfiltering.paloaltonetworks.com
+		- portal3.wildfire.paloaltonetworks.com
+
+-->
+<ruleset name="Palo Alto Networks.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="paloaltonetworks.com" />
+	<target host="applipedia.paloaltonetworks.com" />
+	<target host="identity.paloaltonetworks.com" />
+	<target host="live.paloaltonetworks.com" />
+	<target host="login.paloaltonetworks.com" />
+	<target host="securityadvisories.paloaltonetworks.com" />
+	<target host="support.paloaltonetworks.com" />
+	<target host="threatvault.paloaltonetworks.com" />
+	<target host="urlfiltering.paloaltonetworks.com" />
+	<target host="wildfire.paloaltonetworks.com" />
+	<target host="portal3.wildfire.paloaltonetworks.com" />
+	<target host="www.paloaltonetworks.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.paloaltonetworks\.com$" name="^pan-lang-cookie$" /-->
+	<!--securecookie host="^live\.paloaltonetworks\.com$" name="^(?:BIGipServer[\w-]+|JSESSIONID|jive\.security\.context)$" /-->
+	<!--securecookie host="^securityadvisories\.paloaltonetworks\.com$" name="^AspxAutoDetectCookieSupport$" /-->
+	<securecookie host="^urlfiltering\.paloaltonetworks\.com$" name="^ASP\.NET_SessionId$" />
+	<securecookie host="^portal3\.wildfire\.paloaltonetworks\.com$" name="^PHPSESSID$" />
+
+	<securecookie host="^(?:live|securityadvisories|urlfiltering|portal3\.wildfire)?\.paloaltonetworks\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Palo_Alto_Research_Center.xml b/src/chrome/content/rules/Palo_Alto_Research_Center.xml
index f971b2f6a6db..6a689ce3e437 100644
--- a/src/chrome/content/rules/Palo_Alto_Research_Center.xml
+++ b/src/chrome/content/rules/Palo_Alto_Research_Center.xml
@@ -1,6 +1,7 @@
 <ruleset name="Palo Alto Research Center">
 
-	<target host="*.parc.com" />
+	<target host="blogs.parc.com" />
+	<target host="www.parc.com" />
 
 
 	<securecookie host="^blogs\.parc\.com$" name=".+" />
@@ -8,7 +9,6 @@
 
 	<!--	^parc.com doesn't exist.
 					-->
-	<rule from="^http://(blogs|www)\.parc\.com/"
-		to="https://$1.parc.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Pan-Islamic_Malaysian_Party.xml b/src/chrome/content/rules/Pan-Islamic_Malaysian_Party.xml
index db281d750178..8ec290f6dd9a 100644
--- a/src/chrome/content/rules/Pan-Islamic_Malaysian_Party.xml
+++ b/src/chrome/content/rules/Pan-Islamic_Malaysian_Party.xml
@@ -1,13 +1,18 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://pas.org.my/ => https://pas.org.my/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
 <ruleset name="Pan-Islamic Malaysian Party">
 
 	<target host="pas.org.my" />
-	<target host="*.pas.org.my" />
+	<target host="www.pas.org.my" />
 
 
 	<securecookie host="^\.pas.org.my$" name=".+" />
 
 
-	<rule from="^http://(www\.)?pas\.org\.my/"
-		to="https://$1pas.org.my/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Panasonic.com.xml b/src/chrome/content/rules/Panasonic.com.xml
index 3c1acb14dcde..8058b5b37468 100644
--- a/src/chrome/content/rules/Panasonic.com.xml
+++ b/src/chrome/content/rules/Panasonic.com.xml
@@ -1,38 +1,57 @@
 <!--
-	CDN buckets:
-
-		- wpc.377F.edgecastcdn.net/??377F/
-
-			- news.panasonic.net
-
-
-	Nonfunctional domains:
-
-		- (www.)panasonic.net	(dropped)
-		- news.panasonic.net	(404; mismatched, CN: edgecastcdn.net)
-
-
-	Problematic domains:
-
-		- (www.)panasonic.com		($ redirects to www.panasonic.net)
-		- www-images.panasonic.com	(akamai)
-
+	Invalid certificate:
+		eu.automotive.panasonic.com
+		business.panasonic.com
+		estr.panasonic.com
+		metrics.panasonic.com
+		airconditioner.my.panasonic.com
+		cooking.my.panasonic.com
+		fan.my.panasonic.com
+		lifestyle.my.panasonic.com
+		av.jpn.support.panasonic.com
+		viko.panasonic.com
+		www-images.panasonic.com
+
+	Mixed content:
+		news.panasonic.com
+		eng.faq.panasonic.com
+		jcms.panasonic.com
+
+	Time out:
+		cycle.panasonic.com
+
+	Secure connection failed:
+		gccatapult.panasonic.com
+
+	Refused:
+		pewg.panasonic.com
+
+	Redirect to HTTP:
+		info.panasonic.com
 -->
 <ruleset name="Panasonic.com (partial)">
 
-	<target host="*.panasonic.com" />
-
-
-	<securecookie host=".*\.panasonic\.com$" name=".+" />
-
+	<target host="panasonic.com" />
+	<target host="www.panasonic.com" />
+	<target host="aircon.panasonic.com" />
+	<target host="training.eu.panasonic.com" />
+	<target host="ftp.panasonic.com" />
+	<target host="industrial.panasonic.com" />
+	<target host="na.industrial.panasonic.com" />
+	<target host="ps-hp.jpn.panasonic.com" />
+	<target host="metrics.panasonic.com" />
+	<target host="na.panasonic.com" />
+	<target host="security.panasonic.com" />
+	<target host="shop.panasonic.com" />
+	<target host="jp.store.panasonic.com" />
+	<target host="www.security.us.panasonic.com" />
+
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http://metrics\.panasonic\.com/"
 		to="https://merpanasonicprod.122.2o7.net/" />
 
-	<rule from="^http://www2\.panasonic\.com/"
-		to="https://www2.panasonic.com/" />
-
-	<rule from="^http://www-images\.panasonic\.com/"
-		to="https://www.panasonic.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Panax.xml b/src/chrome/content/rules/Panax.xml
index df9d233bd8b0..9bc36949d220 100644
--- a/src/chrome/content/rules/Panax.xml
+++ b/src/chrome/content/rules/Panax.xml
@@ -1,13 +1,12 @@
 <ruleset name="Panax">
 
 	<target host="panax.net" />
-	<target host="*.panax.net" />
+	<target host="www.panax.net" />
 
 
 	<securecookie host="^\.panax\.net$" name=".+" />
 
 
-	<rule from="^http://(www\.)?panax\.net/"
-		to="https://$1panax.net/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Panda-Express.xml b/src/chrome/content/rules/Panda-Express.xml
new file mode 100644
index 000000000000..9063d3c78fae
--- /dev/null
+++ b/src/chrome/content/rules/Panda-Express.xml
@@ -0,0 +1,35 @@
+<!--
+
+	Unsupported domains:
+
+	- celebratecny.com*
+	- www.celebratecny.com*
+	- ^pandaexpress.com**
+	- click.pandaexpress.com**
+	- m.pandaexpress.com*
+	- pages.pandaexpress.com**
+	- view.pandaexpress.com**
+
+	* Cert name mismatch
+	** Times out
+
+-->
+<ruleset name="Panda Express (partial)">
+
+	<target host="orangechickenlove.com" />
+	<target host="shop.orangechickenlove.com" />
+	<target host="www.orangechickenlove.com" />
+	<target host="pandaexpress.com" />
+	<target host="orders.pandaexpress.com" />
+	<target host="shop.pandaexpress.com" />
+	<target host="www.pandaexpress.com" />
+
+	<securecookie host="(^|\.)(shop|www)\.orangechickenlove\.com$" name=".+" />
+	<securecookie host="(^|\.)(orders|shop|www)\.pandaexpress\.com$" name=".+" />
+
+	<rule from="^http://pandaexpress\.com/"
+		to="https://www.pandaexpress.com/" />
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PandaWhale.xml b/src/chrome/content/rules/PandaWhale.xml
index 3a29d2e4e613..73232d1b76d9 100644
--- a/src/chrome/content/rules/PandaWhale.xml
+++ b/src/chrome/content/rules/PandaWhale.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://pandawhale.com/ => https://pandawhale.com/: (35, 'error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol')
+
 	CDN buckets:
 
 		- d22zlbw5ff7yk5.cloudfront.net
@@ -7,16 +11,16 @@
 	Cert only matches ^.
 
 -->
-<ruleset name="PandaWhale">
+<ruleset name="PandaWhale" default_off="failed ruleset test">
 
 	<target host="pandawhale.com" />
-	<target host="*.pandawhale.com" />
+	<target host="www.pandawhale.com" />
 
 
 	<securecookie host="^\.pandawhale\.com$" name=".+" />
 
 
-	<rule from="^https://(?:www\.)?pandawhale\.com/"
+	<rule from="^http://(?:www\.)?pandawhale\.com/"
 		to="https://pandawhale.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Pando.xml b/src/chrome/content/rules/Pando.xml
index 8cf5d7bbc47d..fc5e6db3be66 100644
--- a/src/chrome/content/rules/Pando.xml
+++ b/src/chrome/content/rules/Pando.xml
@@ -1,27 +1,23 @@
 <!--
-	Nonfunctional domains:
+	Insecure cookies are set for these domains:
 
-		- developers.pando.com		(cert: www.pando.com; shows that domain's data)
-		- developers.pandonetworks.com	(ditto)
+		- .pando.com
 
 -->
-<ruleset name="Pando">
+<ruleset name="Pando.com">
 
 	<target host="pando.com" />
-	<!--	* for cross-domain cookies.	-->
-	<target host="*.pando.com" />
-	<target host="pandoblog.com" />
-	<target host="www.pandoblog.com" />
+	<target host="www.pando.com" />
 
 
-	<securecookie host="^(.*\.)?pando\.com$" name=".*" />
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.pando\.com$" name="^cf_clearance$" /-->
 
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(www\.)?pando\.com/"
-		to="https://$1pando.com/" />
 
-	<!--	Cert: *.justhost.com	-->
-	<rule from="^https?://(?:www\.)?pandoblog\.com/wp-content/"
-		to="https://secure.justhost.com/~pandobl1/wp-content/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Pandora.xml b/src/chrome/content/rules/Pandora.xml
index 2cab8d226b35..053e413dec13 100644
--- a/src/chrome/content/rules/Pandora.xml
+++ b/src/chrome/content/rules/Pandora.xml
@@ -1,14 +1,10 @@
-<!--
-	Nonfunctional subdomains:
-
-		- blog
-
--->
-<ruleset name="Pandora (broken)" default_off="https://trac.torproject.org/projects/tor/ticket/5804">
-  <!-- disabled because SSL to the webserver messed up Pandora's ability to
-  geoblock non-US users! -->
-  <target host="pandora.com" />
-  <target host="www.pandora.com" />
-
-  <rule from="^http://(?:www\.)?pandora\.com/" to="https://www.pandora.com/"/>
+<ruleset name="Pandora">
+	<target host="pandora.com"/>
+	<target host="www.pandora.com"/>
+	<target host="amp.pandora.com"/>
+	<target host="help.pandora.com"/>
+	<target host="stats.pandora.com"/>
+	<target host="submit.pandora.com"/>
+	<securecookie host=".+" name=".+" />
+	<rule from="^http:" to="https:"/>
 </ruleset>
diff --git a/src/chrome/content/rules/Pangora.xml b/src/chrome/content/rules/Pangora.xml
deleted file mode 100644
index 7675a98ca5c8..000000000000
--- a/src/chrome/content/rules/Pangora.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="Pangora (partial)">
-
-	<target host="images.pangora.com" />
-
-
-	<rule from="^http://images\.pangora\.com/"
-		to="https://images.pangora.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Panic.xml b/src/chrome/content/rules/Panic.xml
index f9b746bfa771..d3d501673464 100644
--- a/src/chrome/content/rules/Panic.xml
+++ b/src/chrome/content/rules/Panic.xml
@@ -1,9 +1,14 @@
 <ruleset name="Panic.com">
-  <target host="panic.com" />
-  <target host="www.panic.com" />
 
-  <securecookie host="^(.+\.)?panic\.com$" name=".*"/>
+	<target host="panic.com" />
+	<target host="www.panic.com" />
+
+
+	<securecookie host="^\.www\." name=".+" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
-  <rule from="^http://(www\.)?panic\.com/"
-	  to="https://$1panic.com/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/Panli.com.xml b/src/chrome/content/rules/Panli.com.xml
new file mode 100644
index 000000000000..9f443e35c270
--- /dev/null
+++ b/src/chrome/content/rules/Panli.com.xml
@@ -0,0 +1,40 @@
+<!--
+	Timeout:
+		- h5.panli.com
+		- hr.panli.com
+		- service.panli.com
+		- tech.panli.com
+		- tuan.panli.com
+
+	SSL protocol error:
+		- a.panli.com
+		- b.panli.com
+		- c.panli.com
+		- houtai.panli.com
+		- mailc.panli.com
+		- s2.panli.com
+
+	Self-signed:
+		- mail.panli.com
+		- mail2.panli.com
+
+	Mismatched:
+		- mobile.api.panli.com
+
+	HTTP != HTTPS:
+		- test.panli.com
+-->
+<ruleset name="Panli.com">
+	<target host="panli.com" />
+	<target host="www.panli.com" />
+	<target host="api.panli.com" />
+	<target host="app.api.panli.com" />
+	<target host="ats1.panli.com" />
+	<target host="img.panli.com" />
+	<target host="passport.panli.com" />
+	<target host="pay.panli.com" />
+	<target host="s1.panli.com" />
+	<target host="sf.panli.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Panopticlick.com.xml b/src/chrome/content/rules/Panopticlick.com.xml
new file mode 100644
index 000000000000..446759515cfa
--- /dev/null
+++ b/src/chrome/content/rules/Panopticlick.com.xml
@@ -0,0 +1,14 @@
+<!--
+
+	For other Electronic Frontier Foundation coverage, see EFF.xml.
+
+-->
+
+<ruleset name="Panopticlick.com">
+	<target host="panopticlick.com" />
+	<target host="www.panopticlick.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Panopto.com.xml b/src/chrome/content/rules/Panopto.com.xml
new file mode 100644
index 000000000000..81c03582aa19
--- /dev/null
+++ b/src/chrome/content/rules/Panopto.com.xml
@@ -0,0 +1,67 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://get.panopto.com/css/mktLPSupportCompat.css (200) => https://na-ab15.marketo.com/css/mktLPSupportCompat.css (403)
+Non-2xx HTTP code: http://get.panopto.com/rs/panopto/images/logo.svg (200) => https://na-ab15.marketo.com/rs/panopto/images/logo.svg (403)
+Fetch error: http://helpdesk.panopto.com/ => https://helpdesk.panopto.com/: (6, 'Could not resolve host: helpdesk.panopto.com')
+
+	Nonfunctional hosts in *panopto.com:
+
+		- (www.)? ᵃ
+		- get ᴹ
+
+	ᴹ Marketo
+	ᵃ Shows support.panopto.com
+
+
+	These altnames don't exist:
+
+		- www.helpdesk.panopto.com
+		- www.hostedservices.panopto.com
+		- www.support.panopto.com
+
+
+	Mixed content:
+
+		- Images on support from $self ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="Panopto.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="helpdesk.panopto.com" />
+	<target host="hostedservices.panopto.com" />
+	<target host="support.panopto.com" />
+
+	<!--	Complications:
+				-->
+	<target host="get.panopto.com" />
+
+		<exclusion pattern="^http://get\.panopto\.com/+(?!css/|images/|rs/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://get.panopto.com/?" />
+			<test url="http://get.panopto.com/gartner-2015.html" />
+			<test url="http://get.panopto.com//gartner-2015.html" />
+			<test url="http://get.panopto.com//gartner-2015.html?" />
+
+			<!--	-ve:
+					-->
+			<test url="http://get.panopto.com/css/mktLPSupportCompat.css" />
+			<test url="http://get.panopto.com/rs/panopto/images/logo.svg" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://get\.panopto\.com/"
+		to="https://na-ab15.marketo.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Panoptykon.org.xml b/src/chrome/content/rules/Panoptykon.org.xml
new file mode 100644
index 000000000000..7947fb6fcb6a
--- /dev/null
+++ b/src/chrome/content/rules/Panoptykon.org.xml
@@ -0,0 +1,33 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://memopol.panoptykon.org/ => https://memopol.panoptykon.org/: (6, 'Could not resolve host: memopol.panoptykon.org')
+
+-->
+<ruleset name="Panoptykon.org" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="panoptykon.org" />
+	<target host="bip.panoptykon.org" />
+	<target host="crm.panoptykon.org" />
+	<target host="en.panoptykon.org" />
+	<target host="filmy.panoptykon.org" />
+	<target host="memopol.panoptykon.org" />
+	<target host="przewodniki.panoptykon.org" />
+	<target host="perypetie-informacji.panoptykon.org" />
+	<target host="telefoniczna-kopalnia.panoptykon.org" />
+	<target host="zycie-wsrod-kamer.panoptykon.org" />
+
+	<!--	Complications:
+				-->
+	<target host="www.panoptykon.org" />
+
+
+	<rule from="^http://www\.panoptykon\.org/"
+		to="https://panoptykon.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Panoramio-problematic.xml b/src/chrome/content/rules/Panoramio-problematic.xml
deleted file mode 100644
index 409a6d23181f..000000000000
--- a/src/chrome/content/rules/Panoramio-problematic.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	For rules that are on by default, see Panoramio.xml.
-
--->
-<ruleset name="Panoramio (problematic)" default_off="mismatched">
-
-	<target host="panoramio.com" />
-	<target host="www.panoramio.com" />
-
-
-	<rule from="^https?://(?:www\.)?panoramio\.com/"
-		to="https://www.panoramio.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Panoramio.com.xml b/src/chrome/content/rules/Panoramio.com.xml
new file mode 100644
index 000000000000..b30fd173296b
--- /dev/null
+++ b/src/chrome/content/rules/Panoramio.com.xml
@@ -0,0 +1,20 @@
+<!--
+	Non-functional hosts
+		SSL connect error:
+			 - blog.panoramio.com
+
+		SSL peer certificate was not OK:
+			 - panoramio.com
+			 - static.panoramio.com
+-->
+<ruleset name="Panoramio.com (partial)">
+	<target host="panoramio.com" />
+	<target host="www.panoramio.com" />
+	<target host="ssl.panoramio.com" />
+
+	<rule from="^http://panoramio\.com/"
+			to="https://www.panoramio.com/" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Panoramio.xml b/src/chrome/content/rules/Panoramio.xml
deleted file mode 100644
index 9ab3f5434683..000000000000
--- a/src/chrome/content/rules/Panoramio.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	For problematic rules, see Panoramio-problematic.xml.
-
-
-	static.panoramio.com.storage.googleapis.com
-
-
-	CN: *.appspot.com
-
-	^panoramio.com 503s.
-
--->
-<ruleset name="Panoramio (partial)">
-
-	<target host="ssl.panoramio.com" />
-
-
-	<rule from="^http://ssl\.panoramio\.com/"
-		to="https://ssl.panoramio.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Panovski.me.xml b/src/chrome/content/rules/Panovski.me.xml
new file mode 100644
index 000000000000..97541c91089b
--- /dev/null
+++ b/src/chrome/content/rules/Panovski.me.xml
@@ -0,0 +1,12 @@
+<ruleset name="Panovski.me">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="panovski.me" />
+	<target host="www.panovski.me" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Panstwomiasto.xml b/src/chrome/content/rules/Panstwomiasto.xml
new file mode 100644
index 000000000000..158b39c96daa
--- /dev/null
+++ b/src/chrome/content/rules/Panstwomiasto.xml
@@ -0,0 +1,21 @@
+<!--
+	CN: *.nazwa.pl
+
+
+	Mixed content:
+
+		- Web bug from i.creativecommons.org *
+
+	* Secured by us
+
+-->
+<ruleset name="panstwomiasto.pl" default_off="mismatched">
+
+	<target host="panstwomiasto.pl" />
+	<target host="www.panstwomiasto.pl" />
+
+
+	<rule from="^http://(?:www\.)?panstwomiasto\.pl/"
+		to="https://panstwomiasto.pl/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Pantarhei.sk.xml b/src/chrome/content/rules/Pantarhei.sk.xml
new file mode 100644
index 000000000000..f597dcce02f2
--- /dev/null
+++ b/src/chrome/content/rules/Pantarhei.sk.xml
@@ -0,0 +1,6 @@
+<ruleset name="Pantarhei.sk" platform="mixedcontent">
+  <target host="pantarhei.sk" />
+  <target host="www.pantarhei.sk" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Pantelligent.com.xml b/src/chrome/content/rules/Pantelligent.com.xml
new file mode 100644
index 000000000000..f8d9c5139f19
--- /dev/null
+++ b/src/chrome/content/rules/Pantelligent.com.xml
@@ -0,0 +1,34 @@
+<!--
+	^pantelligent.com: Refused
+
+
+	Insecure cookies are set for these domains:
+
+		- .pantelligent.com
+
+-->
+<ruleset name="Pantelligent.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.pantelligent.com" />
+
+	<!--	Complications:
+				-->
+	<target host="pantelligent.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.pantelligent\.com$" name="^__qca$" /-->
+
+	<securecookie host="^\.pantelligent\.com$" name=".+" />
+
+
+	<rule from="^http://pantelligent\.com/"
+		to="https://www.pantelligent.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Panthema.net.xml b/src/chrome/content/rules/Panthema.net.xml
new file mode 100644
index 000000000000..bad85424a9de
--- /dev/null
+++ b/src/chrome/content/rules/Panthema.net.xml
@@ -0,0 +1,13 @@
+<!--
+	Invalid certificate:
+		- www.panthema.net
+-->
+
+<ruleset name="Panthema.net">
+	<target host="panthema.net" />
+	<target host="www.panthema.net" />
+
+	<rule from="^http://www\.panthema\.net/"
+		  to="https://panthema.net/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Pantheon.io.xml b/src/chrome/content/rules/Pantheon.io.xml
new file mode 100644
index 000000000000..c3e50675e8d1
--- /dev/null
+++ b/src/chrome/content/rules/Pantheon.io.xml
@@ -0,0 +1,17 @@
+<!--
+	Other Pantheon rulesets:
+
+		- Pantheon.xml
+
+-->
+<ruleset name="Pantheon.io">
+
+	<target host="pantheon.io" />
+	<target host="dashboard.pantheon.io" />
+	<target host="www.pantheon.io" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Pantheon.xml b/src/chrome/content/rules/Pantheon.xml
index 7ab2cd14878b..2d5b107a0617 100644
--- a/src/chrome/content/rules/Pantheon.xml
+++ b/src/chrome/content/rules/Pantheon.xml
@@ -1,35 +1,46 @@
 <!--
-		- pantheon-systems.assistly.com
+	For other Pantheon coverage, see Pantheon.io.xml.
 
-			- dashboard.gotpantheon.com
 
+	^gotpantheon.com: Refused
 
-	Nonfunctional subdomains:
 
-		- helpdesk	(assistly)
+	Mixed content:
 
+		- css on live-osuonline from $self * ˢ
 
-	Problematic subdomains:
-
-		- ^		(self-signed, mismatched, CN: redirector.zerigo.net)
+	* Just fonts
+	ˢ Secured by us
 
 -->
-<ruleset name="Pantheon (partial)">
+<ruleset name="got Pantheon.com (partial)">
 
-	<target host="gotpantheon.com" />
+	<!--	Direct rewrites:
+				-->
 	<target host="*.gotpantheon.com" />
 
+	<!--	Complications:
+				-->
+	<target host="gotpantheon.com" />
 
-	<securecookie host="^dashboard\.gotpantheon\.com$" name=".+" />
+		<test url="http://www.gotpantheon.com/" />
 
+		<!--	Accounts:
+					-->
+		<test url="http://live-osuonline.gotpantheon.com/" />
 
-	<rule from="^http://(?:www\.)?gotpantheon\.com/"
-		to="https://www.gotpantheon.com/" />
 
-	<rule from="^http://dashboard\.gotpantheon\.com/"
-		to="https://dashboard.gotpantheon.com/" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^live-osuonline\.gotpantheon\.com$" name="^SimpleSAMLSessionID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://gotpantheon\.com/"
+		to="https://www.gotpantheon.com/" />
 
-	<rule from="^http://helpdesk\.gotpantheon\.com/(favicon\.ico|images/)"
-		to="https://d3jyn100am7dxp.cloudfront.net/$1" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Pantheos.xml b/src/chrome/content/rules/Pantheos.xml
index 4fff91369049..10e24bdb554e 100644
--- a/src/chrome/content/rules/Pantheos.xml
+++ b/src/chrome/content/rules/Pantheos.xml
@@ -1,15 +1,15 @@
-<ruleset name="Pantheos (partial)">
+<!--
+	(www.)?: refused
+
+	css, media, wp: gone
+
+-->
+<ruleset name="Pantheos (partial)" default_off="refused">
 
 	<target host="pantheos.com"/>
-	<target host="css.pantheos.com"/>
-	<target host="media.pantheos.com"/>
-	<target host="wp.patheos.com"/>
 	<target host="www.pantheos.com"/>
 
-	<rule from="^http://(www\.)?pantheos\.com/images/"
+	<rule from="^http://(?:www\.)?pantheos\.com/images/"
 		to="https://www.pantheos.com/images/"/>
 
-	<rule from="^http://(css|media|wp)\.pantheos\.com/"
-		to="https://s3.amazonaws.com/$1.pantheos.com/"/>
-
 </ruleset>
diff --git a/src/chrome/content/rules/Pantz.org.xml b/src/chrome/content/rules/Pantz.org.xml
new file mode 100644
index 000000000000..5bcb92899960
--- /dev/null
+++ b/src/chrome/content/rules/Pantz.org.xml
@@ -0,0 +1,10 @@
+<ruleset name="Pantz.org">
+
+	<target host="pantz.org" />
+	<target host="www.pantz.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Pao-pao.net.xml b/src/chrome/content/rules/Pao-pao.net.xml
new file mode 100644
index 000000000000..a8b9c0ba3c14
--- /dev/null
+++ b/src/chrome/content/rules/Pao-pao.net.xml
@@ -0,0 +1,12 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.pao-pao.net/ => https://www.pao-pao.net/: (7, 'Failed to connect to www.pao-pao.net port 443: Connection refused')
+
+-->
+<ruleset name="Pao-pao.net" platform="mixedcontent" default_off="failed ruleset test">
+  <target host="pao-pao.net" />
+  <target host="www.pao-pao.net" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PaoDelicia.com.xml b/src/chrome/content/rules/PaoDelicia.com.xml
index 8b8462c29533..cf95e6313237 100644
--- a/src/chrome/content/rules/PaoDelicia.com.xml
+++ b/src/chrome/content/rules/PaoDelicia.com.xml
@@ -1,13 +1,19 @@
-<ruleset name="PãoDelícia.com">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://paodelicia.com/ => https://paodelicia.com/: (51, "SSL: no alternative certificate subject name matches target host name 'paodelicia.com'")
+Fetch error: http://www.paodelicia.com/ => https://www.paodelicia.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.paodelicia.com'")
+
+-->
+<ruleset name="PãoDelícia.com" default_off="failed ruleset test">
 
 	<target host="paodelicia.com" />
-	<target host="*.paodelicia.com" />
+	<target host="www.paodelicia.com" />
 
 
 	<securecookie host="^(?:w*\.)?paodelicia\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?paodelicia\.com/"
-		to="https://$1paodelicia.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Papakaya.com.xml b/src/chrome/content/rules/Papakaya.com.xml
index 1e4e3ed5f132..ac2e25e59005 100644
--- a/src/chrome/content/rules/Papakaya.com.xml
+++ b/src/chrome/content/rules/Papakaya.com.xml
@@ -1,9 +1,4 @@
-<!--
-	- Expired 2013-04-18
-	- Cert only matches ^papakaya.com
-
--->
-<ruleset name="Papakaya.com" default_off="expired">
+<ruleset name="Papakaya.com">
 
 	<target host="papakaya.com" />
 	<target host="www.papakaya.com" />
@@ -12,7 +7,7 @@
 	<securecookie host="^papakaya\.com$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?papakaya\.com/"
-		to="https://papakaya.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Paper.li.xml b/src/chrome/content/rules/Paper.li.xml
index b8752d60097c..9ff4adc56813 100644
--- a/src/chrome/content/rules/Paper.li.xml
+++ b/src/chrome/content/rules/Paper.li.xml
@@ -1,5 +1,22 @@
-<ruleset name="Paper.li (Default off)" default_off="Breaks site if enabled">
-  <target host="paper.li"/>
-  <target host="www.paper.li"/>
-  <rule from="^http://(www\.)?paper\.li/" to="https://paper.li/"/>
+<!--
+	Nonfunctional hosts in *paper.li
+
+		- blog *
+
+	* Shows ads
+
+-->
+<ruleset name="Paper.li (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="paper.li" />
+	<target host="ads.paper.li" />
+	<target host="support.paper.li" />
+	<target host="www.paper.li" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/Paperspace.io.xml b/src/chrome/content/rules/Paperspace.io.xml
new file mode 100644
index 000000000000..8ee91fd5df79
--- /dev/null
+++ b/src/chrome/content/rules/Paperspace.io.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- paperspace.io
+		- www.paperspace.io
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Paperspace.io (partial)">
+
+	<target host="paperspace.io" />
+	<target host="www.paperspace.io" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?paperspace\.io$" name="^AWSELB$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ParaPoupar.com.xml b/src/chrome/content/rules/ParaPoupar.com.xml
new file mode 100644
index 000000000000..6eb91cb75def
--- /dev/null
+++ b/src/chrome/content/rules/ParaPoupar.com.xml
@@ -0,0 +1,21 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://parapoupar.com/ => https://parapoupar.com/: (51, "SSL: no alternative certificate subject name matches target host name 'parapoupar.com'")
+Fetch error: http://www.parapoupar.com/ => https://www.parapoupar.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.parapoupar.com'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://parapoupar.com/ => https://parapoupar.com/: (51, "SSL: no alternative certificate subject name matches target host name 'parapoupar.com'")
+-->
+<ruleset name="ParaPoupar.com" default_off="failed ruleset test">
+
+	<target host="parapoupar.com" />
+	<target host="www.parapoupar.com" />
+
+
+	<securecookie host="^(?:www)?\.parapoupar\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Parabola.nu.xml b/src/chrome/content/rules/Parabola.nu.xml
new file mode 100644
index 000000000000..05abee485474
--- /dev/null
+++ b/src/chrome/content/rules/Parabola.nu.xml
@@ -0,0 +1,26 @@
+<!--
+	For other Parabola coverage, see Parabola_GNULinux.org.xml
+
+	Non-functional hosts
+		SSL peer certificate was not OK:
+			 - pur.parabola.nu
+-->
+<ruleset name="Parabola.nu">
+	<target host="parabola.nu" />
+	<target host="www.parabola.nu" />
+	<target host="config.parabola.nu" />
+	<target host="git.parabola.nu" />
+	<target host="labs.parabola.nu" />
+	<target host="lists.parabola.nu" />
+	<target host="projects.parabola.nu" />
+	<target host="proton.parabola.nu" />
+	<target host="redirector.parabola.nu" />
+	<target host="repo.parabola.nu" />
+	<target host="repomirror.parabola.nu" />
+	<target host="wiki.parabola.nu" />
+	<target host="winston.parabola.nu" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Parabola_GNULinux.org.xml b/src/chrome/content/rules/Parabola_GNULinux.org.xml
new file mode 100644
index 000000000000..e84f641eadec
--- /dev/null
+++ b/src/chrome/content/rules/Parabola_GNULinux.org.xml
@@ -0,0 +1,26 @@
+<!--
+	Other Parabola rulesets:
+
+		- Parabola.nu.xml
+
+	Non-functional hosts
+		SSL peer certificate was not OK:
+			 - pur.parabolagnulinux.org
+-->
+<ruleset name="Parabola GNULinux.org">
+	<target host="parabolagnulinux.org" />
+	<target host="www.parabolagnulinux.org" />
+	<target host="config.parabolagnulinux.org" />
+	<target host="git.parabolagnulinux.org" />
+	<target host="labs.parabolagnulinux.org" />
+	<target host="lists.parabolagnulinux.org" />
+	<target host="projects.parabolagnulinux.org" />
+	<target host="redirector.parabolagnulinux.org" />
+	<target host="repo.parabolagnulinux.org" />
+	<target host="repomirror.parabolagnulinux.org" />
+	<target host="wiki.parabolagnulinux.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Paradox-Interactive.xml b/src/chrome/content/rules/Paradox-Interactive.xml
index 0a89deae6ddd..96300554ad59 100644
--- a/src/chrome/content/rules/Paradox-Interactive.xml
+++ b/src/chrome/content/rules/Paradox-Interactive.xml
@@ -1,8 +1,25 @@
-<ruleset name="Paradox Interactive (partial)">
+<!--
+Invalid certificate:
+	career.paradoxplaza.com
+	humanresources.paradoxplaza.com
 
-	<target host="connect.paradoxplaza.com"/>
-
-	<rule from="^http://connect\.paradoxplaza\.com/"
-		to="https://connect.paradoxplaza.com/"/>
+Refused connection:
+	connect.paradoxplaza.com
+	holiday.paradoxplaza.com
+	old.paradoxplaza.com
+	oldforum.paradoxplaza.com
+	wiki.paradoxplaza.com
+	wikis.paradoxplaza.com
+-->
+<ruleset name="Paradox Plaza.com">
+	<target host="paradoxplaza.com"/>
+	<target host="www.paradoxplaza.com"/>
+	<target host="accounts.paradoxplaza.com"/>
+	<target host="api.paradoxplaza.com"/>
+	<target host="beta.paradoxplaza.com"/>
+	<target host="forum.paradoxplaza.com"/>
+	<target host="forumcontent.paradoxplaza.com"/>
+	<target host="support.paradoxplaza.com"/>
 
+	<rule from="^http:" to="https:"/>
 </ruleset>
diff --git a/src/chrome/content/rules/Paradux_Media.com.xml b/src/chrome/content/rules/Paradux_Media.com.xml
new file mode 100644
index 000000000000..15cb1666c356
--- /dev/null
+++ b/src/chrome/content/rules/Paradux_Media.com.xml
@@ -0,0 +1,17 @@
+<ruleset name="Paradux Media.com">
+
+	<target host="paraduxmedia.com" />
+	<target host="www.paraduxmedia.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^paraduxmedia\.com$" name="^w3tc_referrer$" /-->
+
+	<securecookie host="^paraduxmedia\.com$" name=".+" />
+
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Paradysz.xml b/src/chrome/content/rules/Paradysz.xml
index 0bc3d8fb7725..13f19a206570 100644
--- a/src/chrome/content/rules/Paradysz.xml
+++ b/src/chrome/content/rules/Paradysz.xml
@@ -11,13 +11,13 @@
 <ruleset name="Paradysz">
 
 	<target host="offeredby.net" />
-	<target host="*.offeredby.net" />
+	<target host="ssl.analytics.offeredby.net" />
+	<target host="www.offeredby.net" />
 
 
-	<securecookie host="^(?:.*\.)?offeredby\.net" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
 
-	<rule from="^http://(ssl\.analytics\.|www\.)?offeredby\.net/"
-		to="https://$1offeredby.net/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Paragon_IE.com.xml b/src/chrome/content/rules/Paragon_IE.com.xml
new file mode 100644
index 000000000000..d89458b375ab
--- /dev/null
+++ b/src/chrome/content/rules/Paragon_IE.com.xml
@@ -0,0 +1,38 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://asgard.paragonie.com/ => https://asgard.paragonie.com/: (6, 'Could not resolve host: asgard.paragonie.com')
+
+	Other Paragon Initiave Enterprise rulesets:
+
+		- Get_ASGard.com.xml
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- paragonie.com
+		- asgard.paragonie.com
+		- .paragonie.com
+
+-->
+<ruleset name="Paragon IE.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="paragonie.com" />
+	<target host="asgard.paragonie.com" />
+	<target host="www.paragonie.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:asgard\.)?paragonie\.com$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^\.paragonie\.com$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Parallax.com.xml b/src/chrome/content/rules/Parallax.com.xml
new file mode 100644
index 000000000000..066d3ca7be24
--- /dev/null
+++ b/src/chrome/content/rules/Parallax.com.xml
@@ -0,0 +1,28 @@
+<!--
+	Nonfunctional subdomains:
+
+		- forums *
+		- learn *
+		- obex *
+
+	* Refused
+
+-->
+<ruleset name="Parallax.com (partial)">
+
+	<target host="parallax.com" />
+	<target host="www.parallax.com" />
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="http://(www\.)?parallax\.com/($|events$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="http://(www\.)?parallax\.com/(?!favicon\.ico|files/|sites/)" /-->
+
+
+	<rule from="^http://(www\.)?parallax\.com/(?=favicon\.ico|files/|sites/)"
+		to="https://$1parallax.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Parallella.org.xml b/src/chrome/content/rules/Parallella.org.xml
new file mode 100644
index 000000000000..baf1e33dad6e
--- /dev/null
+++ b/src/chrome/content/rules/Parallella.org.xml
@@ -0,0 +1,12 @@
+<ruleset name="Parallella.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="parallella.org" />
+	<target host="www.parallella.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Parallels.xml b/src/chrome/content/rules/Parallels.xml
index 9626ee43ce12..46558c0bc39f 100644
--- a/src/chrome/content/rules/Parallels.xml
+++ b/src/chrome/content/rules/Parallels.xml
@@ -6,50 +6,61 @@
 
 	Nonfunctional subdomains:
 
+		- blog ³
 		- chat
-		- download	(cert: edgecastcdn.net; 504)
-		- forum
+		- download *
+		- i3 ¹
 		- kb
+		- sp ³
+		- store ³
+		- forum.sp ³
+		- kb.sp ³
+		- www.sp ²
+
+	* 504; mismatched, CN: edgecastcdn.net
+	¹ Mismatch
+	² Expired
+	³ Refused
+
+
+	Problematic hosts in *parallels.com:
+
+		- blogs ¹
+		- spblog ³
+
+	¹ Refused
+	³ Squarespace
+
+
+	Insecure cookies are set for these domains:
+
+		- .parallels.com
+		- spblog.parallels.com
 
 -->
-<ruleset name="Parallels (partial)">
+<ruleset name="Parallels.com (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="parallels.com" />
-	<target host="*.parallels.com" />
-	<target host="psoft.net" />
-	<target host="*.psoft.net" />
+	<target host="forum.parallels.com" />
+	<target host="www.parallels.com" />
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.parallels\.com$" name="^SS_MID$" /-->
+	<!--securecookie host="^spblog\.parallels\.com$" name="^(JSESSIONID|crumb)$" /-->
 
 	<!--	Tracking cookies:
 					-->
 	<securecookie host="^\.parallels\.com$" name="^s_\w+$" />
-	<securecookie host="^store\.parallels\.com$" name=".*" />
-	<securecookie host="^\w+\.psoft\.com$" name=".*" />
-
-
-	<rule from="^http://(www\.)?parallels\.com/(favicon\.ico|file(?:admin|s)/|r/|typo3(?:conf|temp)/)"
-		to="https://$1parallels.com/$2" />
-
-	<rule from="^http://blogs\.parallels\.com/"
-		to="https://parallelsblog.squarespace.com/" />
-
-	<!--	EdgeCast	-->
-	<rule from="^http://i3\.parallels\.com/"
-		to="https://www.parallels.com/" />
+	<securecookie host="^store\.parallels\.com$" name=".+" />
 
-	<!--	hosted by Digital River		-->
-	<rule from="^http://store\.parallels\.com/"
-		to="https://store.parallels.com/" />
 
-	<!--	- Cert: license.psoft.com
-		- Expired
-		- Shows license's data over https
-		- Redirects like so over http
-			-->
-	<rule from="^http://(?:www\.)?psoft\.com/"
-		to="https://www.parallels.com/psoft" />
+	<!--rule from="^http://blogs\.parallels\.com/"
+		to="https://parallelsblog.squarespace.com/" /-->
 
-	<rule from="^http://my\.psoft\.com/"
-		to="https://my.psoft.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Parama.ca.xml b/src/chrome/content/rules/Parama.ca.xml
new file mode 100644
index 000000000000..531d86c355d9
--- /dev/null
+++ b/src/chrome/content/rules/Parama.ca.xml
@@ -0,0 +1,6 @@
+<ruleset name="Parama.ca">
+	<target host="parama.ca" />
+	<target host="www.parama.ca" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Parameter_Security.com.xml b/src/chrome/content/rules/Parameter_Security.com.xml
new file mode 100644
index 000000000000..1c75b2ec9a5a
--- /dev/null
+++ b/src/chrome/content/rules/Parameter_Security.com.xml
@@ -0,0 +1,39 @@
+<!--
+	Other Parameter Security rulesets:
+
+		- ShowMeCon.com.xml
+
+
+	Problematic subdomains:
+
+		- ^ ¹
+		- showmecon ²
+
+	¹ CloudFlare error (Invalid SSL certificate)
+	² Mismatched, CN: www.showmecon.com
+
+-->
+<ruleset name="Parameter Security.com">
+
+	<target host="parametersecurity.com" />
+	<target host="showmecon.parametersecurity.com" />
+	<target host="www.parametersecurity.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.parametersecurity\.com$" name="PHPSESSID" /-->
+
+	<securecookie host="^(?:www)?\.parametersecurity\.com$" name=".+" />
+
+
+	<rule from="^http://parametersecurity\.com/"
+		to="https://www.parametersecurity.com/" />
+
+	<rule from="^http://showmecon\.parametersecurity\.com/"
+		to="https://showmecon.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Paramount-Pictures.xml b/src/chrome/content/rules/Paramount-Pictures.xml
index 1748967c220d..3dbe9a23ed01 100644
--- a/src/chrome/content/rules/Paramount-Pictures.xml
+++ b/src/chrome/content/rules/Paramount-Pictures.xml
@@ -15,22 +15,22 @@
 	<target host="vod.transformersmovie.com" />
 
 
-	<securecookie host="^www\.paramountmovies\.com$" name=".*" />
+	<securecookie host="^www\.paramountmovies\.com$" name=".+" />
 
 
 	<!--	!www cert: *.paramountpictures.com
 							-->
-	<rule from="^https?://(?:www\.)?paramountmovies\.com/"
+	<rule from="^http://(?:www\.)?paramountmovies\.com/"
 		to="https://www.paramountmovies.com/" />
 
 	<!--	301s like so.
 					-->
-	<rule from="^https?://vod\.super8-movie\.com/(?:.*)"
+	<rule from="^http://vod\.super8-movie\.com/(?:.*)"
 		to="https://www.paramountmovies.com/productdetail.html?productId=11506" />
 
 	<!--	Ditto.
 			-->
-	<rule from="^https?://vod\.transformersmovie\.com/(?:.*)"
+	<rule from="^http://vod\.transformersmovie\.com/(?:.*)"
 		to="https://www.paramountmovies.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Parastorage.com.xml b/src/chrome/content/rules/Parastorage.com.xml
new file mode 100644
index 000000000000..c07041c50a1b
--- /dev/null
+++ b/src/chrome/content/rules/Parastorage.com.xml
@@ -0,0 +1,15 @@
+<!--
+	For other Wix coverage, see Wix.xml.
+
+-->
+<ruleset name="parastorage.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="static.parastorage.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Parature.com.xml b/src/chrome/content/rules/Parature.com.xml
index 0359d158e521..8722fac0907f 100644
--- a/src/chrome/content/rules/Parature.com.xml
+++ b/src/chrome/content/rules/Parature.com.xml
@@ -1,18 +1,49 @@
-<ruleset name="Parature.com" platform="mixedcontent">
 
-	<target host="parature.com" />
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://shareideas.parature.com/ => https://shareideas.parature.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+	(www.)?: Mismatched
+
+
+	Mixed content:
+
+		- css on www from $self
+
+		- Images, on:
+
+			- success from parature.adguys.com
+			- www from paratureprod.blob.core.windows.net
+
+		- favicon on shareideas from www.parature.com
+
+-->
+<ruleset name="Parature.com (partial)" default_off="failed ruleset test">
+
+	<!--target host="parature.com" /-->
+	<target host="d1.parature.com" />
 	<target host="s3.parature.com" />
+	<target host="shareideas.parature.com" />
+	<target host="success.parature.com" />
 	<target host="support.parature.com" />
-	<target host="www.parature.com" />
+	<!--target host="www.parature.com" /-->
+
+	<!--	(clients:)
+				-->
+	<target host="ssaportal.parature.com" />
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^ssaportal\.parature\\.com$" name="^FM_PORTAL$" /-->
 
-	<securecookie host="^(?:s3|success|www)\.parature\.com$" name=".+" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^http://(www\.)?parature\.com/"
-		to="https://www.parature.com/" />
+	<!--rule from="^http://parature\.com/"
+		to="https://www.parature.com/" /-->
 
-	<rule from="^http://(d1|s3|success|support)\.parature\.com/"
-		to="https://$1.parature.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/ParcelPoint.com.au.xml b/src/chrome/content/rules/ParcelPoint.com.au.xml
new file mode 100644
index 000000000000..c7657ed13948
--- /dev/null
+++ b/src/chrome/content/rules/ParcelPoint.com.au.xml
@@ -0,0 +1,48 @@
+<!--
+	Non-functional subdomains:
+		- blog	(m)
+		- wow-agent.staging	(m)
+		- store-portal	(m)
+		- support	(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="ParcelPoint.com.au">
+
+	<target host="parcelpoint.com.au" />
+	<target host="www.parcelpoint.com.au" />
+	<target host="amazon.parcelpoint.com.au" />
+	<target host="amazon-au.parcelpoint.com.au" />
+	<target host="amazontest.parcelpoint.com.au" />
+	<target host="api.parcelpoint.com.au" />
+	<target host="api-pp.parcelpoint.com.au" />
+	<target host="apitest.parcelpoint.com.au" />
+	<target host="business.parcelpoint.com.au" />
+	<target host="connect.parcelpoint.com.au" />
+	<target host="partner.parcelpoint.com.au" />
+	<target host="staging.parcelpoint.com.au" />
+	<target host="amazon.staging.parcelpoint.com.au" />
+	<target host="api.staging.parcelpoint.com.au" />
+	<target host="apicfd.staging.parcelpoint.com.au" />
+	<target host="business.staging.parcelpoint.com.au" />
+	<target host="connect.staging.parcelpoint.com.au" />
+	<target host="store-portal.staging.parcelpoint.com.au" />
+	<target host="test.parcelpoint.com.au" />
+	<target host="amazon.test.parcelpoint.com.au" />
+	<target host="api.test.parcelpoint.com.au" />
+	<target host="connect.test.parcelpoint.com.au" />
+	<target host="store-portal.test.parcelpoint.com.au" />
+	<target host="partner.wow.parcelpoint.com.au" />
+	<target host="wow-agent.parcelpoint.com.au" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Parcelforce.xml b/src/chrome/content/rules/Parcelforce.xml
deleted file mode 100644
index 9e967943f9bb..000000000000
--- a/src/chrome/content/rules/Parcelforce.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	For other Royal Mail coverage, see Royal_Mail_Group.xml.
-
--->
-<ruleset name="Parcelforce (partial)" platform="mixedcontent">
-
-	<target host="parcelforce.com" />
-	<target host="www.parcelforce.com" />
-
-
-	<!--	- Cert only matches *.parcelforce.com
-		- Unsupported pages 301 to http
-						-->
-	<rule from="^https?://parcelforce\.com/"
-		to="https://www.parcelforce.com/" />
-
-	<rule from="^http://www\.parcelforce\.com/((?:become-account-customer-today|user)(?:/?$|\?)|sites/)"
-		to="https://www.parcelforce.com/$1" />
-
-	<!--	Redirects like so, sans-https.
-						-->
-	<rule from="^http://www\.parcelforce\.com/my-account/?$"
-		to="https://www.parcelforce.com/user" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Pardot-mismatches.xml b/src/chrome/content/rules/Pardot-mismatches.xml
index 6130173ce1f6..fd5dc50b6500 100644
--- a/src/chrome/content/rules/Pardot-mismatches.xml
+++ b/src/chrome/content/rules/Pardot-mismatches.xml
@@ -7,7 +7,6 @@
 	<target host="ideas.pardot.com" />
 
 
-	<rule from="^http://ideas\.pardot\.com/"
-		to="https://ideas.pardot.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Pardot.xml b/src/chrome/content/rules/Pardot.xml
index 05491e94f03f..7bc562ed9436 100644
--- a/src/chrome/content/rules/Pardot.xml
+++ b/src/chrome/content/rules/Pardot.xml
@@ -1,4 +1,12 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://pardot.com/ => https://pardot.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://blog.pardot.com/ => https://blog.pardot.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://help.pardot.com/ => https://help.pardot.com/: (51, "SSL: no alternative certificate subject name matches target host name 'help.pardot.com'")
+
+	For other Salesforce.com coverage, see Salesforce.com.xml.
+
 	For problematic rules, see Pardot-mismatches.xml.
 
 
@@ -38,46 +46,50 @@
 	* 404; mismatched, CN: *.netdna-ssl.com
 
 
-	Fully covered subdomains:
-
-		- (www.)
-		- blog
-		- cdn		(→ pi)
-		- form-cdn	(→ pi)
-		- go
-		- help
-		- pi
-		- storage	(→ s3.amazonaws.com)
-		- www-cdn	(→ www)
-		- www-cdn[1-3]	(→ www)
-
-
 	pi sets a visitor_id\d{4} tracking cookie on whichever domain it is
 	loaded from.
 
 -->
-<ruleset name="Pardot">
+<ruleset name="Pardot.com" default_off="failed ruleset test">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="pardot.com" />
-	<target host="*.pardot.com" />
-
+	<target host="blog.pardot.com" />
+	<target host="go.pardot.com" />
+	<target host="help.pardot.com" />
+	<target host="pi.pardot.com" />
+	<target host="www.pardot.com" />
+
+	<!--	Complications:
+				-->
+	<target host="cdn.pardot.com" />
+	<target host="form-cdn.pardot.com" />
+	<target host="storage.pardot.com" />
+	<target host="www-cdn.pardot.com" />
+	<target host="www-cdn1.pardot.com" />
+	<target host="www-cdn2.pardot.com" />
+	<target host="www-cdn3.pardot.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.pardot\.com$" name="^(?:visitor_id\d+|__utm\w)$" /-->
+	<!--securecookie host="^go\.pardot\.com$" name="^pardot$" /-->
 
 	<!--	Tracking cookies:
 					-->
-	<securecookie host="^\.pardot\.com$" name="^(?:visitor_id\d+|__utm\w)$" />
+	<securecookie host="^\." name="^(?:visitor_id\d+|__utm\w)$" />
 	<securecookie host="^(?:go|pi|www)\.pardot\.com$" name=".+" />
 
 
-	<rule from="^http://((?:blog|go|help|pi|www)\.)?pardot\.com/"
-		to="https://$1pardot.com/" />
-
 	<rule from="^http://(?:form-)?cdn\.pardot\.com/"
 		to="https://pi.pardot.com/" />
 
-	<rule from="^http://storage\.pardot\.com/"
-		to="https://s3.amazonaws.com/storage.pardot.com/" />
-
 	<rule from="^http://www-cdn\d?\.pardot\.com/"
 		to="https://www.pardot.com/" />
 
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/Paris-luttes.info.xml b/src/chrome/content/rules/Paris-luttes.info.xml
new file mode 100644
index 000000000000..80a5d0452fa4
--- /dev/null
+++ b/src/chrome/content/rules/Paris-luttes.info.xml
@@ -0,0 +1,8 @@
+<ruleset name="Paris-luttes.info">
+
+	<target host="paris-luttes.info" />
+	<target host="www.paris-luttes.info" />
+
+	<rule from="^http:"	to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ParisSchoolOfEconomics.xml b/src/chrome/content/rules/ParisSchoolOfEconomics.xml
new file mode 100644
index 000000000000..992241bde1a6
--- /dev/null
+++ b/src/chrome/content/rules/ParisSchoolOfEconomics.xml
@@ -0,0 +1,27 @@
+<!--
+	Invalid certificate:
+		e-perso.parisschoolofeconomics.eu
+
+	Login required:
+		extranet.parisschoolofeconomics.eu
+		teaching.parisschoolofeconomics.eu
+
+		parisschoolofeconomics.net
+		www.parisschoolofeconomics.net
+
+	Time out:
+		microsimula.parisschoolofeconomics.eu
+		topincomes.parisschoolofeconomics.eu
+
+-->
+<ruleset name="Paris School of Economics.eu">
+
+	<target host="parisschoolofeconomics.eu" />
+	<target host="www.parisschoolofeconomics.eu" />
+
+	<securecookie host="^www\.parisschoolofeconomics\.eu$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Paris_Diderot_University.xml b/src/chrome/content/rules/Paris_Diderot_University.xml
index f6174af764a7..38985c932d53 100644
--- a/src/chrome/content/rules/Paris_Diderot_University.xml
+++ b/src/chrome/content/rules/Paris_Diderot_University.xml
@@ -18,7 +18,6 @@
 	<securecookie host="^auth\.univ-paris-diderot\.fr$" name=".+" />
 
 
-	<rule from="^http://auth\.univ-paris-diderot\.fr/"
-		to="https://auth.univ-paris-diderot.fr/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Park_Models_Direct.xml b/src/chrome/content/rules/Park_Models_Direct.xml
index 715108be5d8b..18032e726abb 100644
--- a/src/chrome/content/rules/Park_Models_Direct.xml
+++ b/src/chrome/content/rules/Park_Models_Direct.xml
@@ -5,13 +5,12 @@
 <ruleset name="Park Models Direct">
 
 	<target host="parkmodelsdirect.com" />
-	<target host="*.parkmodelsdirect.com" />
+	<target host="www.parkmodelsdirect.com" />
 
 
-	<securecookie host="^(?:.*\.)?parkmodelsdirect\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(www\.)?parkmodelsdirect\.com/"
-		to="https://$1parkmodelsdirect.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ParkerLab.com.xml b/src/chrome/content/rules/ParkerLab.com.xml
new file mode 100644
index 000000000000..d2ab8dc17a26
--- /dev/null
+++ b/src/chrome/content/rules/ParkerLab.com.xml
@@ -0,0 +1,11 @@
+<!--
+	Invalid certificate:
+		- app.parkerlab.com
+-->
+
+<ruleset name="ParkerLab.com">
+	<target host="parkerlab.com" />
+	<target host="www.parkerlab.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ParkerLabs.com.xml b/src/chrome/content/rules/ParkerLabs.com.xml
new file mode 100644
index 000000000000..3e49764bb396
--- /dev/null
+++ b/src/chrome/content/rules/ParkerLabs.com.xml
@@ -0,0 +1,16 @@
+<!--
+	Active mixed content:
+		- www.parkerlabs.com
+
+	Invalid certificate:
+		- de.parkerlabs.com
+		- es.parkerlabs.com
+		- fr.parkerlabs.com
+-->
+
+<ruleset name="ParkerLabs.com" platform="mixedcontent">
+	<target host="parkerlabs.com" />
+	<target host="www.parkerlabs.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Parker_Soft.co.uk.xml b/src/chrome/content/rules/Parker_Soft.co.uk.xml
new file mode 100644
index 000000000000..3c5327b0aa70
--- /dev/null
+++ b/src/chrome/content/rules/Parker_Soft.co.uk.xml
@@ -0,0 +1,33 @@
+<!--
+	Other Parker Software rulesets:
+
+		- WhosOn.com.xml
+
+
+	Fully covered subdomains:
+
+		- gateway
+		- gateway2
+		- www
+
+
+	^parkersoft.co.uk doesn't exist.
+
+
+	Mixed content:
+
+		- fonts on www from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Parker Soft.co.uk">
+
+	<target host="gateway.parkersoft.co.uk" />
+	<target host="gateway2.parkersoft.co.uk" />
+	<target host="www.parkersoft.co.uk" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Parkerpen.com.xml b/src/chrome/content/rules/Parkerpen.com.xml
new file mode 100644
index 000000000000..f389cdc16c3f
--- /dev/null
+++ b/src/chrome/content/rules/Parkerpen.com.xml
@@ -0,0 +1,23 @@
+<!--
+	Unsupported subdomains:
+
+		* origin.parkerpen.com (mismatch)
+		* parkerpen.com (mismatch)
+
+	Mixed content from fonts.googleapis.com
+
+-->
+<ruleset name="parkerpen.com">
+
+	<target host="parkerpen.com" />
+	<target host="www.parkerpen.com" />
+	<target host="assets.parkerpen.com" />
+	<target host="mgmt.parkerpen.com" />
+
+	<rule from="^http://parkerpen\.com/"
+		to="https://www.parkerpen.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ParkingCrew.com.xml b/src/chrome/content/rules/ParkingCrew.com.xml
new file mode 100644
index 000000000000..6583a0ad54b8
--- /dev/null
+++ b/src/chrome/content/rules/ParkingCrew.com.xml
@@ -0,0 +1,13 @@
+<!--
+	^: cert only matches www
+
+-->
+<ruleset name="ParkingCrew.com">
+
+	<target host="parkingcrew.com" />
+	<target host="www.parkingcrew.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ParkingEye.co.uk.xml b/src/chrome/content/rules/ParkingEye.co.uk.xml
new file mode 100644
index 000000000000..d2237fa5c634
--- /dev/null
+++ b/src/chrome/content/rules/ParkingEye.co.uk.xml
@@ -0,0 +1,13 @@
+<ruleset name="ParkingEye.co.uk">
+
+	<target host="parkingeye.co.uk" />
+	<target host="payments.parkingeye.co.uk" />
+	<target host="www.parkingeye.co.uk" />
+
+
+	<securecookie host="^(?:\w*\.)?parkingeye.co.uk$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Parkrun.com.xml b/src/chrome/content/rules/Parkrun.com.xml
new file mode 100644
index 000000000000..82dcc6aa7595
--- /dev/null
+++ b/src/chrome/content/rules/Parkrun.com.xml
@@ -0,0 +1,15 @@
+<ruleset name="parkrun.com">
+
+    <target host="parkrun.com" />
+    <target host="developer.parkrun.com" />
+    <target host="images.parkrun.com" />
+    <target host="poster.parkrun.com" />
+    <!-- status.parkrun.com doesn't respond to HTTPS connections -->
+    <target host="tools.parkrun.com" />
+    <target host="webmail.parkrun.com" />
+    <target host="www.parkrun.com" />
+
+    <rule from="^http:"
+        to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Parkrun.org.uk.xml b/src/chrome/content/rules/Parkrun.org.uk.xml
new file mode 100644
index 000000000000..6b834b42f0b1
--- /dev/null
+++ b/src/chrome/content/rules/Parkrun.org.uk.xml
@@ -0,0 +1,13 @@
+<ruleset name="parkrun.org.uk">
+
+	<target host="parkrun.org.uk" />
+	<target host="www.parkrun.org.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Parl.ca.xml b/src/chrome/content/rules/Parl.ca.xml
new file mode 100644
index 000000000000..0554ba5b36de
--- /dev/null
+++ b/src/chrome/content/rules/Parl.ca.xml
@@ -0,0 +1,19 @@
+<!--
+	Invalid certificate:
+		jobs-emplois.parl.ca
+
+-->
+<ruleset name="Parl.ca">
+	<target host="parl.ca" />
+	<target host="www.parl.ca" />
+	<target host="bdp.parl.ca" />
+	<target host="decouvrez.parl.ca" />
+	<target host="learn.parl.ca" />
+	<target host="lop.parl.ca" />
+	<target host="res.parl.ca" />
+		<test url="http://res.parl.ca/prs/" />
+	<target host="visit.parl.ca" />
+	<target host="visitez.parl.ca" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Parnasparty.ru.xml b/src/chrome/content/rules/Parnasparty.ru.xml
new file mode 100644
index 000000000000..9eda2b8e32c1
--- /dev/null
+++ b/src/chrome/content/rules/Parnasparty.ru.xml
@@ -0,0 +1,6 @@
+<ruleset name="Parnasparty.ru">
+	<target host="parnasparty.ru" />
+	<target host="www.parnasparty.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Parrable.com.xml b/src/chrome/content/rules/Parrable.com.xml
new file mode 100644
index 000000000000..a0a789834740
--- /dev/null
+++ b/src/chrome/content/rules/Parrable.com.xml
@@ -0,0 +1,17 @@
+<!--
+	^: expired, mismatched
+
+-->
+<ruleset name="Parrable.com">
+
+	<target host="parrable.com" />
+	<target host="www.parrable.com" />
+	<target host="cdn.parrable.com" />
+
+
+	<rule from="^http://(?:www\.)?parrable\.com/"
+		to="https://www.parrable.com/" />
+
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Parrot.com-problematic.xml b/src/chrome/content/rules/Parrot.com-problematic.xml
new file mode 100644
index 000000000000..7b3a0d376411
--- /dev/null
+++ b/src/chrome/content/rules/Parrot.com-problematic.xml
@@ -0,0 +1,17 @@
+<!--
+	For rules that are on by default, see Parrot.com.xml.
+
+-->
+<ruleset name="Parrot.com (mismatched)" default_off="mismatched" platform="mixedcontent">
+
+	<target host="parrot.com" />
+	<target host="www.parrot.com" />
+
+
+	<securecookie host="^www\.parrot\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Parrot.com.xml b/src/chrome/content/rules/Parrot.com.xml
new file mode 100644
index 000000000000..ddaa99c0888c
--- /dev/null
+++ b/src/chrome/content/rules/Parrot.com.xml
@@ -0,0 +1,61 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.recrute.parrot.com/ => https://www.recrute.parrot.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.recrute.parrot.com'")
+
+	For problematic rules, see Parrot.com-problematic.xml.
+
+
+	Nonfunctional subdomains:
+
+		- blog *
+		- certified *
+
+	* Shows recrute
+
+
+	(www.)?: Mismatched
+
+
+	Fully covered subdomains:
+
+		- download
+		- (www.)?recrute
+
+
+	These altnames don't exist:
+
+		- www.download.parrot.com
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.parrot.com
+
+
+	Mixed content:
+
+		- Fonts on recrute from themes.googleusercontent.com ¹
+		- css on www from $self ²
+		- iframe on www from $self ²
+
+	¹ Secured by us
+	² Not secured by us <= mismatched
+
+-->
+<ruleset name="Parrot.com (partial)" default_off="failed ruleset test">
+
+	<target host="download.parrot.com" />
+	<target host="recrute.parrot.com" />
+	<target host="www.recrute.parrot.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.parrot\.com$" name="^(csrftoken|django_language)$" /-->
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Parrot.xml b/src/chrome/content/rules/Parrot.xml
index c1a924ce5e51..c7655d3b9e24 100644
--- a/src/chrome/content/rules/Parrot.xml
+++ b/src/chrome/content/rules/Parrot.xml
@@ -17,4 +17,4 @@
 	<rule from="^http://(?:www\.)?parrot\.org/"
 		to="https://www.parrot.org/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Parse.com.xml b/src/chrome/content/rules/Parse.com.xml
new file mode 100644
index 000000000000..1d5126fdca39
--- /dev/null
+++ b/src/chrome/content/rules/Parse.com.xml
@@ -0,0 +1,35 @@
+<!--
+	Problematic subdomains:
+
+		- blog ¹
+		- status ²
+
+	¹ Pagely
+	² StatusPage
+
+
+	Mixed content:
+
+		- Image on blog from i.imgur.com
+
+-->
+<ruleset name="Parse.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="parse.com" />
+	<target host="www.parse.com" />
+
+	<!--	Complications:
+				-->
+	<target host="status.parse.com" />
+
+
+	<rule from="^http://status\.parse\.com/"
+		to="https://parse.statuspage.io/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+
+</ruleset>
diff --git a/src/chrome/content/rules/Parse.ly-mismatches.xml b/src/chrome/content/rules/Parse.ly-mismatches.xml
index 736b634a64a7..c718942c1525 100644
--- a/src/chrome/content/rules/Parse.ly-mismatches.xml
+++ b/src/chrome/content/rules/Parse.ly-mismatches.xml
@@ -2,7 +2,7 @@
 	For rules that are on by default, see Parse.ly.xml.
 
 -->
-<ruleset name="Parse.ly (mismatches)" default_off="mismatch">
+<ruleset name="Parse.ly (mismatches)" default_off="mismatched">
 
 	<!--	Cert: *.totemapp.com	-->
 	<target host="press.parsely.com" />
@@ -10,7 +10,6 @@
 	<target host="status.parsely.com" />
 
 
-	<rule from="^http://(press|status)\.parsely\.com/"
-		to="https://$1.parsely.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Parse.ly.xml b/src/chrome/content/rules/Parse.ly.xml
index 631d154c6aa3..27109ac28669 100644
--- a/src/chrome/content/rules/Parse.ly.xml
+++ b/src/chrome/content/rules/Parse.ly.xml
@@ -18,6 +18,17 @@
 		- blog.parse.ly		(works; mismatched, CN: *.parsely.com)
 
 
+	Fully covered domains:
+
+		- [\w-]+.config.parsely.com:
+
+			- srv-\d{4}(-\d\d){3}
+
+		- [\w-]+.pixel.parsely.com:
+
+			- srv-\d{4}(-\d\d){3}
+
+
 	config sets parsely_uuid wildcard cookie
 	on whichever domain it is loaded from.
 
@@ -34,7 +45,7 @@
 	<rule from="^http://(?:www\.)?parse\.ly/"
 		to="https://www.parsely.com/" />
 
-	<rule from="^http://((?:api|config|dash|pixel|www)\.)?parsely\.com/"
+	<rule from="^http://((?:api|config|[\w-]+\.config|dash|pixel|[\w-]+\.pixel|www)\.)?parsely\.com/"
 		to="https://$1parsely.com/" />
 
 	<rule from="^http://static\.parsely\.com/"
diff --git a/src/chrome/content/rules/ParseCDN.com.xml b/src/chrome/content/rules/ParseCDN.com.xml
new file mode 100644
index 000000000000..b34a8ac411b8
--- /dev/null
+++ b/src/chrome/content/rules/ParseCDN.com.xml
@@ -0,0 +1,29 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.parsecdn.com/js/parse-1.2.19.min.js => https://www.parsecdn.com/js/parse-1.2.19.min.js: (28, 'Connection timed out after 20001 milliseconds')
+
+	For other Parse coverage, see Parse.xml.
+
+
+	Fully covered domains:
+
+		- *.parsecdn.com:
+
+			- www
+
+
+	^parsecdn.com doesn't exist.
+
+-->
+<ruleset name="ParseCDN.com" default_off="failed ruleset test">
+
+	<target host="*.parsecdn.com" />
+
+		<test url="http://www.parsecdn.com/js/parse-1.2.19.min.js" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Parship.nl.xml b/src/chrome/content/rules/Parship.nl.xml
index e284df740ed0..3678e0a962d4 100644
--- a/src/chrome/content/rules/Parship.nl.xml
+++ b/src/chrome/content/rules/Parship.nl.xml
@@ -1,5 +1,14 @@
+<!--
+	Invalid Certificate:
+		blog.parship.nl
+-->
 <ruleset name="Parship.nl">
-  <target host="www.parship.nl" />
+	<target host="parship.nl" />
+	<target host="www.parship.nl" />
+	<target host="leeuwardercourant.parship.nl" />
+	<target host="msn.parship.nl" />
 
-  <rule from="^http://www\.parship\.nl/" to="https://www.parship.nl/"/>
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Part_Spider.com.xml b/src/chrome/content/rules/Part_Spider.com.xml
new file mode 100644
index 000000000000..6ab483092a06
--- /dev/null
+++ b/src/chrome/content/rules/Part_Spider.com.xml
@@ -0,0 +1,42 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://partspider.com/Account/Login => https://partspider.com/Account/Login: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://partspider.com/ => https://partspider.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.partspider.com/ => https://partspider.com/: (28, 'Connection timed out after 20003 milliseconds')
+
+	www.partspider.com: 404
+
+
+	Insecure cookies are set for these hosts:
+
+		- partspider.com
+
+-->
+<ruleset name="Part Spider.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="partspider.com" />
+
+	<!--	Complications:
+				-->
+	<target host="www.partspider.com" />
+
+		<test url="http://partspider.com/Account/Login" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^partspider\.com$" name="^__RequestVerificationToken$" /-->
+
+	<securecookie host="^partspider\.com$" name=".+" />
+
+
+	<rule from="^http://www\.partspider\.com/"
+		to="https://partspider.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Parter.ru.xml b/src/chrome/content/rules/Parter.ru.xml
new file mode 100644
index 000000000000..d1533038b972
--- /dev/null
+++ b/src/chrome/content/rules/Parter.ru.xml
@@ -0,0 +1,21 @@
+<!--
+	For other Eventim coverage, see Eventim.com.xml.
+
+	Nonfunctional hosts in *.parter.ru:
+		- ^parter.ru (m)
+		- bolshoiteatr.parter.ru (t)
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Parter.ru">
+	<target host="parter.ru" />
+	<target host="www.parter.ru" />
+	<target host="secure.parter.ru" />
+
+	<rule from="^http://parter\.ru/" to="https://www.parter.ru/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Particle.io.xml b/src/chrome/content/rules/Particle.io.xml
new file mode 100644
index 000000000000..7aff563b4bab
--- /dev/null
+++ b/src/chrome/content/rules/Particle.io.xml
@@ -0,0 +1,20 @@
+<!--
+
+	Problematic domains:
+
+		- blog.particle.io	(mismatched)
+		- status.particle.io	(mismatched)
+
+-->
+<ruleset name="Particle.io">
+	<target host="particle.io" />
+	<target host="www.particle.io" />
+
+	<target host="build.particle.io" />
+	<target host="community.particle.io" />
+	<target host="docs.particle.io" />
+	<target host="projects.particle.io" />
+	<target host="store.particle.io" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ParticlesForJustice.org.xml b/src/chrome/content/rules/ParticlesForJustice.org.xml
new file mode 100644
index 000000000000..9a9822c962c3
--- /dev/null
+++ b/src/chrome/content/rules/ParticlesForJustice.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="ParticlesForJustice.org">
+	<target host="particlesforjustice.org" />
+	<target host="www.particlesforjustice.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PartitionWizard.com.xml b/src/chrome/content/rules/PartitionWizard.com.xml
new file mode 100644
index 000000000000..51db84b17528
--- /dev/null
+++ b/src/chrome/content/rules/PartitionWizard.com.xml
@@ -0,0 +1,13 @@
+<!--
+	Mismatched:
+		- pas2 (www.partitionwizard.com)
+-->
+
+<ruleset name="PartitionWizard.com">
+	<target host="partitionwizard.com" />
+	<target host="www.partitionwizard.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PartnerNet_program.com.xml b/src/chrome/content/rules/PartnerNet_program.com.xml
new file mode 100644
index 000000000000..9d5ef92e968a
--- /dev/null
+++ b/src/chrome/content/rules/PartnerNet_program.com.xml
@@ -0,0 +1,39 @@
+<!--
+	For other Micro Focus coverage, see Micro_Focus.com.xml.
+
+
+	Insecure cookies are set for these domains:
+
+		- .partnernetprogram.com
+
+-->
+<ruleset name="PartnerNet program.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.partnernetprogram.com" />
+
+	<!--	Complications:
+				-->
+	<target host="partnernetprogram.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.partnernetprogram\.com$" name="^(ZNPCQ\d{3}-\d{8}|lb_partnernetprogram)$" /-->
+
+	<securecookie host="^\.partnernetprogram\.com$" name=".+" />
+
+
+	<!--	Redirect drops forward slash and path, but not args:
+						-->
+	<rule from="^http://partnernetprogram\.com/[^?]*"
+		to="https://www.partnernetprogram.com/" />
+
+		<test url="http://partnernetprogram.com/helpdesk.html" />
+		<test url="http://partnernetprogram.com/partnerlocator/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Partnernaurovni.sk.xml b/src/chrome/content/rules/Partnernaurovni.sk.xml
new file mode 100644
index 000000000000..47e3bb3a38eb
--- /dev/null
+++ b/src/chrome/content/rules/Partnernaurovni.sk.xml
@@ -0,0 +1,6 @@
+<ruleset name="Partnernaurovni.sk">
+  <target host="partnernaurovni.sk" />
+  <target host="www.partnernaurovni.sk" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Partypoker.com.xml b/src/chrome/content/rules/Partypoker.com.xml
index 797a4460728d..2a1a89320189 100644
--- a/src/chrome/content/rules/Partypoker.com.xml
+++ b/src/chrome/content/rules/Partypoker.com.xml
@@ -1,9 +1,8 @@
 <ruleset name="partypoker" platform="mixedcontent">
 	<target host="partypoker.com" />
-	<target host="*.partypoker.com" />
+	<target host="www.partypoker.com" />
 	<target host="p.iivt.com" />
 	<rule from="^http://partypoker\.com/" to="https://www.partypoker.com/"/>
-	<rule from="^http://www\.partypoker\.com/" to="https://www.partypoker.com/"/>
-	<rule from="^http://p\.iivt\.com/" to="https://p.iivt.com/"/>
+	<rule from="^http:" to="https:" />
 </ruleset>
 
diff --git a/src/chrome/content/rules/Partyprogress.org.xml b/src/chrome/content/rules/Partyprogress.org.xml
new file mode 100644
index 000000000000..56a2fcd301e4
--- /dev/null
+++ b/src/chrome/content/rules/Partyprogress.org.xml
@@ -0,0 +1,6 @@
+<ruleset name="Partyprogress.org">
+	<target host="partyprogress.org" />
+	<target host="www.partyprogress.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Pashm.com.xml b/src/chrome/content/rules/Pashm.com.xml
new file mode 100644
index 000000000000..fdd851d716d0
--- /dev/null
+++ b/src/chrome/content/rules/Pashm.com.xml
@@ -0,0 +1,38 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://pashm.com/ => https://pashm.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.pashm.com/ => https://pashm.com/: (28, 'Connection timed out after 20000 milliseconds')
+
+	Insecure cookies are set for these hosts:
+
+		- pashm.com
+		- www.pashm.com
+
+	Problematic subdomains:
+
+		- www (redirects to http)
+
+-->
+<ruleset name="Pashm.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="pashm.com" />
+	<target host="www.pashm.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?pashm\.com$" name="^X-Mapping-[a-z]}$" /-->
+
+	<securecookie host="^(?:www\.)?pashm\.com$" name=".+" />
+
+
+	<rule from="^http://www\.pashm\.com/"
+		to="https://pashm.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PassMark.com.xml b/src/chrome/content/rules/PassMark.com.xml
index 07f651eefe84..397484167261 100644
--- a/src/chrome/content/rules/PassMark.com.xml
+++ b/src/chrome/content/rules/PassMark.com.xml
@@ -1,13 +1,20 @@
+<!--
+	Other PassMark rulesets:
+		- CPU_Benchmark.net.xml
+
+	Invalid certificate:
+		salesmanager.passmark.com
+
+-->
 <ruleset name="PassMark.com">
 
 	<target host="passmark.com" />
 	<target host="www.passmark.com" />
+	<target host="downloads.passmark.com" />
 
+	<securecookie host="^www\.passmark\.com$" name=".+" />
 
-	<securecookie host="^(?:www\.)?passmark\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?passmark\.com/"
-		to="https://$1passmark.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/PassSource.xml b/src/chrome/content/rules/PassSource.xml
index b349b714c626..40b27d33ce36 100644
--- a/src/chrome/content/rules/PassSource.xml
+++ b/src/chrome/content/rules/PassSource.xml
@@ -7,7 +7,6 @@
 	<securecookie host="^(?:www\.)?passsource\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?passsource\.com/"
-		to="https://$1passsource.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/PassThePopcorn.xml b/src/chrome/content/rules/PassThePopcorn.xml
deleted file mode 100644
index 4096f34fc416..000000000000
--- a/src/chrome/content/rules/PassThePopcorn.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="PassThePopcorn">
-
-	<target host="passthepopcorn.me" />
-	<target host="*.passthepopcorn.me" />
-
-
-	<rule from="^https?://(?:tls\.|www\.)?passthepopcorn\.me/"
-		to="https://tls.passthepopcorn.me/" />
-
-	<rule from="^http://static\.passthepopcorn\.me/"
-		to="https://static.passthepopcorn.me/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/PassageBank.xml b/src/chrome/content/rules/PassageBank.xml
index 134dde8daadc..338537302da5 100644
--- a/src/chrome/content/rules/PassageBank.xml
+++ b/src/chrome/content/rules/PassageBank.xml
@@ -17,4 +17,4 @@
 	<rule from="^http://(www\.)?passagebank\.com/img/"
 		to="https://$1passagebank.com/img/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Passed.cc.xml b/src/chrome/content/rules/Passed.cc.xml
index 54757f949843..0185b566239c 100644
--- a/src/chrome/content/rules/Passed.cc.xml
+++ b/src/chrome/content/rules/Passed.cc.xml
@@ -1,13 +1,19 @@
-<ruleset name="Passed.cc">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://passed.cc/ => https://passed.cc/: (35, 'Unknown SSL protocol error in connection to passed.cc:443 ')
+Fetch error: http://www.passed.cc/ => https://www.passed.cc/: (35, 'Unknown SSL protocol error in connection to www.passed.cc:443 ')
+
+-->
+<ruleset name="Passed.cc" default_off="failed ruleset test">
 
 	<target host="passed.cc" />
-	<target host="*.passed.cc" />
+	<target host="www.passed.cc" />
 
 
 	<securecookie host="^(?:w*\.)?passed\.cc$" name=".+" />
 
 
-	<rule from="^http://(www\.)?passed\.cc/"
-		to="https://$1passed.cc/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Passion-Radio.com.xml b/src/chrome/content/rules/Passion-Radio.com.xml
new file mode 100644
index 000000000000..e71e45627cc9
--- /dev/null
+++ b/src/chrome/content/rules/Passion-Radio.com.xml
@@ -0,0 +1,24 @@
+<!--
+	At least some pages redirect to http.
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- uk from $self *
+			- uk and www from www *
+
+	* Secured by us
+
+-->
+<ruleset name="Passion-Radio.com (partial)">
+
+	<target host="passion-radio.com" />
+	<target host="*.passion-radio.com" />
+
+
+	<rule from="^http://(uk\.|www\.)?passion-radio\.com/(?=\d+-(?:home|medium)_default/|(?:fr/authentification|fr/mon-compte|gb/authentification|gb/contact-us)(?:$|[?/])|img/|js/|modules/|themes/)"
+		to="https://$1passion-radio.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Passionfruit_Ads.com.xml b/src/chrome/content/rules/Passionfruit_Ads.com.xml
index 4400add1105b..8429536681f3 100644
--- a/src/chrome/content/rules/Passionfruit_Ads.com.xml
+++ b/src/chrome/content/rules/Passionfruit_Ads.com.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://passionfruitads.com/ => https://app.passionfruitads.com/: (7, 'Failed to connect to app.passionfruitads.com port 443: Connection refused')
+
 	CDN buckets:
 
 
@@ -29,10 +33,12 @@
 		- load		(→ passionfruit.herokuapp.com)
 
 -->
-<ruleset name="Passionfruit Ads.com (partial)">
+<ruleset name="Passionfruit Ads.com (partial)" default_off="failed ruleset test">
 
 	<target host="passionfruitads.com" />
-	<target host="*.passionfruitads.com" />
+	<target host="app.passionfruitads.com" />
+	<target host="www.passionfruitads.com" />
+	<target host="load.passionfruitads.com" />
 
 
 	<securecookie host="^app\.passionfruitads\.com$" name=".+" />
@@ -46,4 +52,4 @@
 	<rule from="^http://load\.passionfruitads\.com/"
 		to="https://passionfruit.herokuapp.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Passkey.com.xml b/src/chrome/content/rules/Passkey.com.xml
new file mode 100644
index 000000000000..057e1418ecd1
--- /dev/null
+++ b/src/chrome/content/rules/Passkey.com.xml
@@ -0,0 +1,42 @@
+<!--
+	(www.)?: dropped
+
+
+	Problematic subdomains:
+
+		- aws *
+		- manage *
+		- resweb *
+
+	* Insecure renegotiation
+
+
+	Insecure cookies are set for these hosts:
+
+		- aws.passkey.com
+		- manage.passkey.com
+		- resweb.passkey.com
+
+-->
+<ruleset name="Passkey.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="aws.passkey.com" />
+	<target host="manage.passkey.com" />
+	<target host="resweb.passkey.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^aws\.passkey\.com$" name="^(?:BIGipServer[\w-]+|JSESSIONID)$" /-->
+	<!--securecookie host="^manage\.passkey\.com$" name="^(?:BIGipServer[\w-]+|ServerID|TS[\da-f]{8})$" /-->
+	<!--securecookie host="^resweb\.passkey\.com$" name="^(?:BIGipServer[\w-]+|JSESSIONID|TS[\da-f]{8})$" /-->
+
+	<securecookie host="^(?:aws|manage|resweb)\.passkey\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Passwd.hu.xml b/src/chrome/content/rules/Passwd.hu.xml
index e4208c93e66c..8bc91b926e5d 100644
--- a/src/chrome/content/rules/Passwd.hu.xml
+++ b/src/chrome/content/rules/Passwd.hu.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(?:www\.)?passwd\.hu/"
 		to="https://www.passwd.hu/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Passwd.io.xml b/src/chrome/content/rules/Passwd.io.xml
deleted file mode 100644
index 3b682fb133da..000000000000
--- a/src/chrome/content/rules/Passwd.io.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!-- This rule was automatically generated based on an HSTS
-     preload rule in the Chromium browser.  See
-     https://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.h
-     for the list of preloads.  Sites are added to the Chromium HSTS
-     preload list on request from their administrators, so HTTPS should
-     work properly everywhere on this site.
-
-     Because Chromium and derived browsers automatically force HTTPS for
-     every access to this site, this rule applies only to Firefox. -->
-<ruleset name="Passwd.io" platform="firefox">
-<target host="passwd.io" />
-
-<securecookie host="^passwd\.io$" name=".+" />
-
-<rule from="^http://passwd\.io/" to="https://passwd.io/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Password-Hashing.net.xml b/src/chrome/content/rules/Password-Hashing.net.xml
new file mode 100644
index 000000000000..7a456bd6cb66
--- /dev/null
+++ b/src/chrome/content/rules/Password-Hashing.net.xml
@@ -0,0 +1,9 @@
+<ruleset name="Password-Hashing.net">
+
+	<target host="password-hashing.net" />
+	<target host="www.password-hashing.net" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Password-Safe.xml b/src/chrome/content/rules/Password-Safe.xml
new file mode 100644
index 000000000000..92596a975693
--- /dev/null
+++ b/src/chrome/content/rules/Password-Safe.xml
@@ -0,0 +1,11 @@
+<ruleset name="Password Safe">
+
+	<target host="pwsafe.org" />
+	<target host="www.pwsafe.org" />
+
+	<securecookie host="^www\.pwsafe\.org$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PasswordBox.com.xml b/src/chrome/content/rules/PasswordBox.com.xml
index c5c69254ae49..6d80787421b5 100644
--- a/src/chrome/content/rules/PasswordBox.com.xml
+++ b/src/chrome/content/rules/PasswordBox.com.xml
@@ -1,4 +1,10 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://psswrdbx.com/ => https://psswrdbx.com/: (28, 'Operation timed out after 30006 milliseconds with 0 bytes received')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://psswrdbx.com/ => https://psswrdbx.com/: (28, 'Operation timed out after 15001 milliseconds with 0 bytes received')
 	Fully covered domains:
 
 		- (www.)passwordbox.com
@@ -11,22 +17,22 @@
 			- extensions
 
 -->
-<ruleset name="PasswordBox.com">
+<ruleset name="PasswordBox.com" default_off="failed ruleset test">
 
 	<target host="passwordbox.com" />
-	<target host="*.passwordbox.com" />
+	<target host="blog.passwordbox.com" />
+	<target host="www.passwordbox.com" />
 	<target host="psswrdbx.com" />
-	<target host="*.psswrdbx.com" />
+	<target host="assets-production.psswrdbx.com" />
+	<target host="extensions.psswrdbx.com" />
+	<target host="www.psswrdbx.com" />
 
 
 	<securecookie host="^\.passwordbox.com$" name=".+" />
 	<securecookie host="^\.psswrdbx\.com$" name=".+" />
 
 
-	<rule from="^http://(blog\.|www\.)?passwordbox\.com/"
-		to="https://$1passwordbox.com/" />
 
-	<rule from="^http://((?:assets-production|extensions|www)\.)?psswrdbx\.com/"
-		to="https://$1psswrdbx.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Passwordcard.org.xml b/src/chrome/content/rules/Passwordcard.org.xml
new file mode 100644
index 000000000000..2b0a4a8f8e91
--- /dev/null
+++ b/src/chrome/content/rules/Passwordcard.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="PasswordCard">
+
+	<target host="passwordcard.org" />
+	<target host="www.passwordcard.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Passwordcard.xml b/src/chrome/content/rules/Passwordcard.xml
deleted file mode 100644
index 8366fc4b9a31..000000000000
--- a/src/chrome/content/rules/Passwordcard.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="PasswordCard">
-  <target host="passwordcard.org" />
-  <target host="www.passwordcard.org" />
-
-  <rule from="^http://(?:www\.)?passwordcard\.org/" to="https://www.passwordcard.org/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/Passwort-generator.com.xml b/src/chrome/content/rules/Passwort-generator.com.xml
new file mode 100644
index 000000000000..a0da482c2f1d
--- /dev/null
+++ b/src/chrome/content/rules/Passwort-generator.com.xml
@@ -0,0 +1,12 @@
+<!--
+
+-->
+<ruleset name="Passwort-generator.com">
+    <target host="passwort-generator.com" />
+    <target host="www.passwort-generator.com" />
+
+    <securecookie host="^(www\.)?passwort-generator\.com$" name=".+" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Paste.ee.xml b/src/chrome/content/rules/Paste.ee.xml
new file mode 100644
index 000000000000..c11803388e6e
--- /dev/null
+++ b/src/chrome/content/rules/Paste.ee.xml
@@ -0,0 +1,37 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://www.paste.ee/ (200) => https://www.paste.ee/ (404)
+
+	Fully covered hosts in *paste.ee:
+
+		- (www.)?
+		- analytics
+
+
+	Insecure cookies are set for these hosts:
+
+		- paste.ee
+		- www.paste.ee
+
+-->
+<ruleset name="Paste.ee" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="paste.ee" />
+	<target host="analytics.paste.ee" />
+	<target host="www.paste.ee" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?paste\.ee$" name="^session$" /-->
+
+	<securecookie host="^(?:www\.)?paste\.ee$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Paste.sh.xml b/src/chrome/content/rules/Paste.sh.xml
new file mode 100644
index 000000000000..46564977e8f0
--- /dev/null
+++ b/src/chrome/content/rules/Paste.sh.xml
@@ -0,0 +1,13 @@
+<!--
+	www: cert only matches ^paste.sh
+
+-->
+<ruleset name="paste.sh">
+
+	<target host="paste.sh" />
+	<target host="www.paste.sh" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Paste2.org.xml b/src/chrome/content/rules/Paste2.org.xml
new file mode 100644
index 000000000000..4eef59eb7768
--- /dev/null
+++ b/src/chrome/content/rules/Paste2.org.xml
@@ -0,0 +1,12 @@
+<ruleset name="Paste2.org">
+
+	<target host="paste2.org" />
+	<target host="static.paste2.org" />
+	<target host="www.paste2.org" />
+
+	<securecookie host="^\.paste2\.org$" name="^(__cfduid|__qca|cf_clearance)$" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PasteMonitor.com.xml b/src/chrome/content/rules/PasteMonitor.com.xml
new file mode 100644
index 000000000000..2fbb5fda46ad
--- /dev/null
+++ b/src/chrome/content/rules/PasteMonitor.com.xml
@@ -0,0 +1,41 @@
+<!--
+	^pastemonitor.com: Mismatched
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- www.pastemonitor.com
+		- .www.pastemonitor.com
+
+-->
+<ruleset name="PasteMonitor.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.pastemonitor.com" />
+
+	<!--	Complications:
+				-->
+	<target host="pastemonitor.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.pastemonitor\.com$" name="^__RequestVerificationToken$" /-->
+	<!--securecookie host="^\.www\.pastemonitor\.com$" name="^ARRAffinity$" /-->
+
+	<securecookie host="^\.?www\.pastemonitor\.com$" name=".+" />
+
+
+	<!--	Redirect keeps path and args,
+		but not forward slash:
+					-->
+	<rule from="^http://pastemonitor\.com/+"
+		to="https://www.pastemonitor.com/" />
+
+		<test url="http://pastemonitor.com//account/login" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Pastebin.ca.xml b/src/chrome/content/rules/Pastebin.ca.xml
index 7a400fb6b266..197317effefd 100644
--- a/src/chrome/content/rules/Pastebin.ca.xml
+++ b/src/chrome/content/rules/Pastebin.ca.xml
@@ -1,8 +1,27 @@
-<!-- Site may be down entirely now. -->
-<ruleset name="Pastebin.ca" default_off="No HTTPS support anymore">
-  <target host="pastebin.ca" />
-  <target host="www.pastebin.ca" />
+<!--
+	No working URL known:
+		w.pastebin.ca
 
-  <rule from="^http://(?:www\.)?pastebin\.ca/" to="https://pastebin.ca/"/>
-</ruleset>
+-->
+<ruleset name="Pastebin.ca">
+
+	<target host="pastebin.ca" />
+	<target host="www.pastebin.ca" />
+	<target host="apache.pastebin.ca" />
+	<target host="code.pastebin.ca" />
+	<target host="help.pastebin.ca" />
+	<target host="img.pastebin.ca" />
+	<target host="mysql.pastebin.ca" />
+	<target host="php.pastebin.ca" />
+	<target host="root.pastebin.ca" />
+	<target host="stats.pastebin.ca" />
+	<target host="wordpress.pastebin.ca" />
+
+	<target host="de.pastebin.ca" />
+	<target host="en.pastebin.ca" />
+	<target host="fr.pastebin.ca" />
+	<target host="ja.pastebin.ca" />
 
+	<rule from="^http:" to="https:"/>
+
+</ruleset>
diff --git a/src/chrome/content/rules/Pastebin.com.xml b/src/chrome/content/rules/Pastebin.com.xml
index 07320bbd00e7..7deff03dc736 100644
--- a/src/chrome/content/rules/Pastebin.com.xml
+++ b/src/chrome/content/rules/Pastebin.com.xml
@@ -1,10 +1,10 @@
-<ruleset name="Pastebin.com (buggy)" default_off="breaks CSS on pastes">
+<ruleset name="Pastebin.com">
 
 	<target host="pastebin.com" />
 	<target host="www.pastebin.com" />
+	<target host="deals.pastebin.com" />
 
-
-	<rule from="^http://(www\.)?pastebin\.com/(?=adserver/|cache/|etc/|favicon\.ico|i/|raw\.php)"
-		to="https://$1pastebin.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Pastee.org.xml b/src/chrome/content/rules/Pastee.org.xml
index 966b84046720..af8d06032825 100644
--- a/src/chrome/content/rules/Pastee.org.xml
+++ b/src/chrome/content/rules/Pastee.org.xml
@@ -1,6 +1,16 @@
+<!--
+	www: Mismatched
+
+-->
 <ruleset name="Pastee.org">
+
+	<!--	Direct rewrites:
+				-->
   <target host="pastee.org" />
+
+	<!--	Complications:
+				-->
   <target host="www.pastee.org" />
 
-  <rule from="^http://(?:www\.)?pastee\.org/" to="https://pastee.org/" />
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Pasteur.fr.xml b/src/chrome/content/rules/Pasteur.fr.xml
index 84d97d4d9084..773d83d081c7 100644
--- a/src/chrome/content/rules/Pasteur.fr.xml
+++ b/src/chrome/content/rules/Pasteur.fr.xml
@@ -2,16 +2,22 @@
 	Pasteur Institute
 
 
-	Nonfunctional subdomains:
+	CDN buckets:
+
+		- researchpullzone-yhello.netdna-ssl.com
+
+
+	Nonfunctional hosts in *pasteur.fr:
 
 		- aria		(redirects to www; mismatched, CN: www.pasteur.fr, expired 2012-01-06)
 		- phototheque	(dropped)
 
 
-	Fully covered subdomains:
+	Problematic hosts in *pasteur.fr:
+
+		- research ᴿ
 
-		- don
-		- www
+	ᴿ Configured for RC4 only
 
 
 	^pasteur.fr doesn't exist.
@@ -29,13 +35,15 @@
 -->
 <ruleset name="Pasteur.fr (partial)">
 
-	<target host="*.pasteur.fr" />
+	<target host="don.pasteur.fr" />
+	<!--target host="research.pasteur.fr" /-->
+	<target host="www.pasteur.fr" />
 
 
-	<securecookie host="^don\.pasteur\.fr$" name=".+" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^http://(don|www)\.pasteur\.fr/"
-		to="https://$1.pasteur.fr/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Patch_of_Land.com.xml b/src/chrome/content/rules/Patch_of_Land.com.xml
index 3c98eddf44c2..317d124e30f0 100644
--- a/src/chrome/content/rules/Patch_of_Land.com.xml
+++ b/src/chrome/content/rules/Patch_of_Land.com.xml
@@ -16,7 +16,6 @@
 	<securecookie host="^patchofland\.com$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?patchofland\.com/"
-		to="https://patchofland.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Patches-Scrolls.com.xml b/src/chrome/content/rules/Patches-Scrolls.com.xml
new file mode 100644
index 000000000000..27eb0c21b2d1
--- /dev/null
+++ b/src/chrome/content/rules/Patches-Scrolls.com.xml
@@ -0,0 +1,10 @@
+<!--
+	Mismatched:
+		- mail
+-->
+<ruleset name="Patches-Scrolls.com">
+	<target host="patches-scrolls.com" />
+	<target host="www.patches-scrolls.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Patches-Scrolls.de.xml b/src/chrome/content/rules/Patches-Scrolls.de.xml
new file mode 100644
index 000000000000..ab7137003643
--- /dev/null
+++ b/src/chrome/content/rules/Patches-Scrolls.de.xml
@@ -0,0 +1,12 @@
+<!--
+	Mismatched:
+		- old
+		- psychodad
+-->
+<ruleset name="Patches-Scrolls.de">
+	<target host="patches-scrolls.de" />
+	<target host="www.patches-scrolls.de" />
+	<target host="mail.patches-scrolls.de" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Patent-Baristas.xml b/src/chrome/content/rules/Patent-Baristas.xml
index e0976e56bad8..3d272e899e27 100644
--- a/src/chrome/content/rules/Patent-Baristas.xml
+++ b/src/chrome/content/rules/Patent-Baristas.xml
@@ -1,16 +1,16 @@
-<ruleset name="Patent Baristas" default_off="mismatch">
+<ruleset name="Patent Baristas" default_off="mismatched">
 
 	<!--	Cert: *.ipower.com	-->
 	<target host="patentbaristas.com" />
 	<target host="www.patentbaristas.com" />
 
 
-	<securecookie host="^www\.patentbaristas\.com$" name=".*" />
+	<securecookie host="^www\.patentbaristas\.com$" name=".+" />
 
 
 	<!--	!www 301s to www.
 					-->
-	<rule from="^https?://(?:www\.)?patentbaristas\.com/"
+	<rule from="^http://(?:www\.)?patentbaristas\.com/"
 		to="https://www.patentbaristas.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Path-follower.com.xml b/src/chrome/content/rules/Path-follower.com.xml
new file mode 100644
index 000000000000..c0c2af76369b
--- /dev/null
+++ b/src/chrome/content/rules/Path-follower.com.xml
@@ -0,0 +1,23 @@
+<!--
+	For other Lead Forensics coverage, see Lead_Forensics.com.xml.
+
+
+	Problematic hosts in *path-follower.com:
+
+		- (www.)? *
+
+	* Dropped
+
+-->
+<ruleset name="Path-follower.com">
+
+	<!--	Complications:
+				-->
+	<target host="path-follower.com" />
+	<target host="www.path-follower.com" />
+
+
+	<rule from="^http://(?:www\.)?path-follower\.com/"
+		to="https://secure.leadforensics.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Path.com.xml b/src/chrome/content/rules/Path.com.xml
new file mode 100644
index 000000000000..2a24b9dfedec
--- /dev/null
+++ b/src/chrome/content/rules/Path.com.xml
@@ -0,0 +1,29 @@
+<!--
+	CDN buckets:
+
+		- pathakacdn-a.akamaihd.net
+
+
+	Nonfunctional hosts in *path.com:
+
+		- blog ¹
+		- service ²
+
+	¹ Tumblr
+	² Desk.com
+
+-->
+<ruleset name="Path.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="path.com" />
+	<target host="images.path.com" />
+	<target host="partner.path.com" />
+	<target host="www.path.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Path_of_Exile.com.xml b/src/chrome/content/rules/Path_of_Exile.com.xml
index 75711a7f3eb5..05160eef75cb 100644
--- a/src/chrome/content/rules/Path_of_Exile.com.xml
+++ b/src/chrome/content/rules/Path_of_Exile.com.xml
@@ -1,7 +1,7 @@
 <!--
 	CDN buckets:
 
-		- web-grindinggear.netdna-ssl.com
+		- p7p4m6s5.ssl.hwcdn.net
 
 			- webcdn.pathofexile.com
 
@@ -16,16 +16,18 @@
 <ruleset name="Path of Exile.com">
 
 	<target host="pathofexile.com" />
-	<target host="*.pathofexile.com" />
+	<target host="www.pathofexile.com" />
+	<target host="webcdn.pathofexile.com" />
 
 
 	<securecookie host="^www\.pathofexile\.com$" name=".+" />
 
+	<test url="http://webcdn.pathofexile.com/public/chris/1303challenges.png" />
+
 
-	<rule from="^http://(www\.)?pathofexile\.com/"
-		to="https://$1pathofexile.com/" />
 
 	<rule from="^http://webcdn\.pathofexile\.com/"
-		to="https://web-grindinggear.netdna-ssl.com/" />
+		to="https://p7p4m6s5.ssl.hwcdn.net/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Pathways2gsfa.org.xml b/src/chrome/content/rules/Pathways2gsfa.org.xml
new file mode 100644
index 000000000000..280c7e5d632b
--- /dev/null
+++ b/src/chrome/content/rules/Pathways2gsfa.org.xml
@@ -0,0 +1,19 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://pathways2gsfa.org/ => https://www.pathways2gsfa.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.pathways2gsfa.org/ => https://www.pathways2gsfa.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	^: cert only matches www
+
+-->
+<ruleset name="pathways2gsfa.org" default_off="failed ruleset test">
+
+	<target host="pathways2gsfa.org" />
+	<target host="www.pathways2gsfa.org" />
+
+
+	<rule from="^http://(?:www\.)?pathways2gsfa\.org/"
+		to="https://www.pathways2gsfa.org/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PatientsLikeMe.com.xml b/src/chrome/content/rules/PatientsLikeMe.com.xml
new file mode 100644
index 000000000000..f3857d6fd12a
--- /dev/null
+++ b/src/chrome/content/rules/PatientsLikeMe.com.xml
@@ -0,0 +1,65 @@
+<!--
+	CDN buckets:
+
+		- patientslikeme_mkting.s3.amazonaws.com
+
+		- patientslikeme.newshq.businesswire.com
+
+			- news
+
+
+	Problematic subdomains:
+
+		- blog ¹
+		- news ²
+
+	¹ Self-signed
+	² Mismatched, CN: *.newshq.businesswire.com
+
+
+	Fully covered subdomains:
+
+		- (www.)?
+		- support
+
+
+	Mixed content:
+
+		- iframe on blog from www.podbean.com *
+		- css on blog from $self *
+
+		- Images, on blog from:
+
+			- patientslikeme_mkting.s3.amazonaws.com *
+			- companionsforheroes.org
+			- healveterans.com
+			- www.seeingms.com.au
+
+		- Ad on blog from www.lungcanceralliance.org
+
+	* Secured by us
+
+-->
+<ruleset name="PatientsLikeMe.com (partial)">
+
+	<target host="patientslikeme.com" />
+	<target host="news.patientslikeme.com" />
+	<target host="support.patientslikeme.com" />
+	<target host="www.patientslikeme.com" />
+		<!--
+			Redirects to http:
+						-->
+		<!--exclusion pattern="http://news\.patientslikeme\.com/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="http://news\.patientslikeme\.com/(?!sites/)" /-->
+
+
+	<rule from="^http://news\.patientslikeme\.com/(?=sites/)"
+		to="https://patientslikeme.newshq.businesswire.com/" />
+
+	<rule from="^http://(support\.|www\.)?patientslikeme\.com/"
+		to="https://$1patientslikeme.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Patreon.com.xml b/src/chrome/content/rules/Patreon.com.xml
new file mode 100644
index 000000000000..54078db8ce92
--- /dev/null
+++ b/src/chrome/content/rules/Patreon.com.xml
@@ -0,0 +1,37 @@
+<!--
+	Nonfunctional subdomains:
+
+		- search *
+
+	* Refused
+
+
+	^: broken redirect to www
+
+
+	Some (most?) pages redirect to http.
+
+
+	These altnames don't exist:
+
+		- m.patreon.com
+
+-->
+<ruleset name="Patreon.com (partial)">
+
+	<target host="patreon.com" />
+	<target host="www.patreon.com" />
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="^http://www\.patreon\.com/($|bePatron\?|creation\?|discover($|\?)|faq\?)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.patreon\.com/+(?!_generated/|bePatronConfirm\?|css/|favicon\.ico|images/|scripts/)" />
+
+
+	<rule from="^http://(?:www\.)?patreon\.com/"
+		to="https://www.patreon.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Patrickbateman.biz.xml b/src/chrome/content/rules/Patrickbateman.biz.xml
deleted file mode 100644
index 1ea700fc21fd..000000000000
--- a/src/chrome/content/rules/Patrickbateman.biz.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="patrickbateman.biz">
-
-	<target host="patrickbateman.biz" />
-	<target host="www.patrickbateman.biz" />
-
-
-	<rule from="^http://(www\.)?patrickbateman\.biz/"
-		to="https://$1patrickbateman.biz/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/PatriotPost.com.xml b/src/chrome/content/rules/PatriotPost.com.xml
new file mode 100644
index 000000000000..7eeafb8d2d84
--- /dev/null
+++ b/src/chrome/content/rules/PatriotPost.com.xml
@@ -0,0 +1,9 @@
+<!--
+	For other PatriotPost.us related rulesets, see PatriotPost.us.xml
+-->
+<ruleset name="PatriotPost.com (partial)">
+	<target host="patriotpost.com" />
+	<target host="www.patriotpost.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PatriotPost.us.xml b/src/chrome/content/rules/PatriotPost.us.xml
new file mode 100644
index 000000000000..f693dfa80e73
--- /dev/null
+++ b/src/chrome/content/rules/PatriotPost.us.xml
@@ -0,0 +1,17 @@
+<!--
+	Other PatriotPost.us related ruleset:
+		+ PatriotPost.com.xml
+-->
+<ruleset name="PatriotPost.us">
+	<target host="patriotpost.us" />
+	<target host="www.patriotpost.us" />
+	<target host="cached-assets.patriotpost.us" />
+	<test url="http://cached-assets.patriotpost.us/layout/sidebar_shop_2nd_v2.jpg" />
+	<target host="media.patriotpost.us" />
+	<test url="http://media.patriotpost.us/humor/2011/08-23.html" />
+	<test url="http://media.patriotpost.us/pdf/ref/500scientists.pdf" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Patriotgaming.com.xml b/src/chrome/content/rules/Patriotgaming.com.xml
new file mode 100644
index 000000000000..91322e76dc2e
--- /dev/null
+++ b/src/chrome/content/rules/Patriotgaming.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Patriotgaming.com">
+	<target host="patriotgaming.com" />
+	<target host="www.patriotgaming.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Patriotsuperbowl.us.xml b/src/chrome/content/rules/Patriotsuperbowl.us.xml
deleted file mode 100644
index 916377000573..000000000000
--- a/src/chrome/content/rules/Patriotsuperbowl.us.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	- CN: *.lxlabs.com
-	- ^ redirects to www
-
--->
-<ruleset name="patriotssuperbowl.us" default_off="expired, mismatched">
-
-	<target host="boxus.com" />
-	<target host="www.boxus.com" />
-	<target host="patriotssuperbowl.us" />
-	<target host="www.patriotssuperbowl.us" />
-	<target host="*.www.patriotssuperbowl.us" />
-	
-
-	<securecookie host="^\.www\.patriotssuperbowl\.us$" name=".+" />
-
-
-	<rule from="^https?://(?:www\.)?(?:boxus\.com|patriotssuperbowl\.us)/"
-		to="https://www.patriotssuperbowl.us/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/PatternsInTheVoid.net.xml b/src/chrome/content/rules/PatternsInTheVoid.net.xml
new file mode 100644
index 000000000000..d94cf21bc5b5
--- /dev/null
+++ b/src/chrome/content/rules/PatternsInTheVoid.net.xml
@@ -0,0 +1,24 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+			 - abulafia.patternsinthevoid.net
+
+		Timeout was reached:
+			 - nih.patternsinthevoid.net
+
+		SSL peer certificate was not OK:
+			 - greyarea.patternsinthevoid.net
+
+		4xx client error:
+			 - image.patternsinthevoid.net
+-->
+<ruleset name="PatternsInTheVoid.net">
+	<target host="patternsinthevoid.net" />
+	<target host="www.patternsinthevoid.net" />
+	<target host="blog.patternsinthevoid.net" />
+	<target host="fyb.patternsinthevoid.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PaulDotCom.com.xml b/src/chrome/content/rules/PaulDotCom.com.xml
index 425d7a6c76f4..7e48ad07db64 100644
--- a/src/chrome/content/rules/PaulDotCom.com.xml
+++ b/src/chrome/content/rules/PaulDotCom.com.xml
@@ -1,4 +1,12 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://pauldotcom.com/ => https://pauldotcom.com/: (51, "SSL: no alternative certificate subject name matches target host name 'pauldotcom.com'")
+Fetch error: http://www.pauldotcom.com/ => https://www.pauldotcom.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.pauldotcom.com'")
+
+Automatically by https-everywhere-checker because:
+Fetch error: http://pauldotcom.com/ => https://pauldotcom.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.pauldotcom.com/ => https://www.pauldotcom.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 	Nonfunctional subdomains:
 
 		- mail	(refused)
@@ -15,7 +23,7 @@
 	* Secured by us
 
 -->
-<ruleset name="PaulDotCom.com (partial, false MCB)" platform="mixedcontent">
+<ruleset name="PaulDotCom.com (partial, false MCB)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="pauldotcom.com" />
 	<target host="www.pauldotcom.com" />
@@ -24,7 +32,6 @@
 	<securecookie host="^(?:www\.)?pauldotcom\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?pauldotcom\.com/"
-		to="https://$1pauldotcom.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/PaulDreik.se.xml b/src/chrome/content/rules/PaulDreik.se.xml
new file mode 100644
index 000000000000..52c3a0670d1d
--- /dev/null
+++ b/src/chrome/content/rules/PaulDreik.se.xml
@@ -0,0 +1,9 @@
+<ruleset name="PaulDreik.se">
+
+	<target host="www.pauldreik.se" />
+	<target host="rdfind.pauldreik.se" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PaulTan.org.xml b/src/chrome/content/rules/PaulTan.org.xml
new file mode 100644
index 000000000000..e9ba4cc9825b
--- /dev/null
+++ b/src/chrome/content/rules/PaulTan.org.xml
@@ -0,0 +1,15 @@
+<ruleset name="PaulTan.org">
+	<target host="paultan.org" />
+	<target host="www.paultan.org" />
+	<target host="cdn.paultan.org" />
+	<target host="cdn2.paultan.org" />
+	<target host="s1.paultan.org" />
+	<target host="s2.paultan.org" />
+	<target host="s3.paultan.org" />
+	<target host="s4.paultan.org" />
+
+  	<securecookie host="^paultan\.org$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PavonisInteractive.xml b/src/chrome/content/rules/PavonisInteractive.xml
new file mode 100644
index 000000000000..38eff8ad266b
--- /dev/null
+++ b/src/chrome/content/rules/PavonisInteractive.xml
@@ -0,0 +1,17 @@
+<!--
+	Connection refused:
+		- autodiscover
+
+	TLS error:
+		- ftp
+-->
+<ruleset name="PavonisInteractive">
+
+	<target host="pavonisinteractive.com"/>
+	<target host="www.pavonisinteractive.com"/>
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Pavpan_Chekha.com.xml b/src/chrome/content/rules/Pavpan_Chekha.com.xml
new file mode 100644
index 000000000000..165d549a3068
--- /dev/null
+++ b/src/chrome/content/rules/Pavpan_Chekha.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="Pavpan Chekha.com">
+
+	<target host="pavpanchekha.com" />
+	<target host="www.pavpanchekha.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Pawoo.net.xml b/src/chrome/content/rules/Pawoo.net.xml
new file mode 100644
index 000000000000..4d6814aee125
--- /dev/null
+++ b/src/chrome/content/rules/Pawoo.net.xml
@@ -0,0 +1,9 @@
+<ruleset name="Pawoo.net">
+	<target host="pawoo.net" />
+	<target host="www.pawoo.net" />
+	<target host="img.pawoo.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Paxton_Record.xml b/src/chrome/content/rules/Paxton_Record.xml
index 776013ab18d0..74c3a73bb0af 100644
--- a/src/chrome/content/rules/Paxton_Record.xml
+++ b/src/chrome/content/rules/Paxton_Record.xml
@@ -15,4 +15,4 @@
 	<rule from="^http://(?:www\.)?paxtonrecord\.net/(misc/|sites/|user(?:$|\?|/))"
 		to="https://www.paxtonrecord.net/$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Pay.gov.xml b/src/chrome/content/rules/Pay.gov.xml
deleted file mode 100644
index 096c2d8b6a3d..000000000000
--- a/src/chrome/content/rules/Pay.gov.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	For other US government coverage, see US-government.xml.
-
--->
-<ruleset name="Pay.gov">
-
-	<target host="pay.gov" />
-	<target host="*.pay.gov" />
-
-
-	<securecookie host="^\.?pay\.gov$" name=".+" />
-
-
-	<rule from="^http://([\w\-]+\.)?pay\.gov/"
-		to="https://$1pay.gov/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Pay4Bugs.com.xml b/src/chrome/content/rules/Pay4Bugs.com.xml
new file mode 100644
index 000000000000..d2eb12b51cb2
--- /dev/null
+++ b/src/chrome/content/rules/Pay4Bugs.com.xml
@@ -0,0 +1,27 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .pay4bugs.com
+
+-->
+<ruleset name="Pay4Bugs.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="pay4bugs.com" />
+	<target host="blog.pay4bugs.com" />
+	<target host="support.pay4bugs.com" />
+	<target host="www.pay4bugs.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.pay4bugs\.com$" name="^(?:__cfduid|_groove_session_2|cf_clearance)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PayGarden.com.xml b/src/chrome/content/rules/PayGarden.com.xml
new file mode 100644
index 000000000000..2c493e90140d
--- /dev/null
+++ b/src/chrome/content/rules/PayGarden.com.xml
@@ -0,0 +1,14 @@
+<ruleset name="Pay Garden">
+
+	<target host="paygarden.com" />
+	<target host="www.paygarden.com" />
+	<target host="manage.paygarden.com" />
+	<target host="secure.paygarden.com" />
+	<target host="twitch.paygarden.com" />
+
+  	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PayMaster.ru.xml b/src/chrome/content/rules/PayMaster.ru.xml
new file mode 100644
index 000000000000..2bdba9e974af
--- /dev/null
+++ b/src/chrome/content/rules/PayMaster.ru.xml
@@ -0,0 +1,18 @@
+<!--
+	Mismatched:
+		- p1 (paymaster.ru)
+
+	Refused:
+		- info
+-->
+
+<ruleset name="PayMaster.ru">
+	<target host="paymaster.ru" />
+	<target host="www.paymaster.ru" />
+	<target host="psv.paymaster.ru" />
+	<target host="start.paymaster.ru" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PayPal-Gifts.com.xml b/src/chrome/content/rules/PayPal-Gifts.com.xml
new file mode 100644
index 000000000000..54e2b8f32715
--- /dev/null
+++ b/src/chrome/content/rules/PayPal-Gifts.com.xml
@@ -0,0 +1,28 @@
+<!--
+	For other PayPal coverage, see PayPal.xml.
+
+
+	Non-functional subdomains:
+		- $host		(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="PayPal-Gifts.com">
+
+	<target host="paypal-gifts.com" />
+	<target host="www.paypal-gifts.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://paypal-gifts\.com/"
+		to="https://www.paypal-gifts.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PayPal.co.uk.xml b/src/chrome/content/rules/PayPal.co.uk.xml
new file mode 100644
index 000000000000..9b758ffadbf0
--- /dev/null
+++ b/src/chrome/content/rules/PayPal.co.uk.xml
@@ -0,0 +1,27 @@
+<!--
+	For other PayPal coverage, see PayPal.xml.
+
+
+	Non-functional subdomains:
+		- business		(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="PayPal.co.uk">
+
+	<target host="paypal.co.uk" />
+	<target host="www.paypal.co.uk" />
+	<target host="information.paypal.co.uk" />
+	<target host="m.paypal.co.uk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PayPal.me.xml b/src/chrome/content/rules/PayPal.me.xml
new file mode 100644
index 000000000000..6d3f6b61bc4f
--- /dev/null
+++ b/src/chrome/content/rules/PayPal.me.xml
@@ -0,0 +1,27 @@
+<!--
+	For other PayPal coverage, see PayPal.xml.
+
+
+	Non-functional subdomains:
+		- donate	(t)
+		- s			(t)
+		- vote		(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="PayPal.me">
+
+	<target host="paypal.me" />
+	<target host="www.paypal.me" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PayPal.xml b/src/chrome/content/rules/PayPal.xml
index cdcadbb94092..3f675e1a3cb0 100644
--- a/src/chrome/content/rules/PayPal.xml
+++ b/src/chrome/content/rules/PayPal.xml
@@ -3,56 +3,25 @@
 
 		- PayPal_Forward.xml
 		- Where.com.xml
-
+		- PayPal.co.uk.xml
 
 	CDN buckets:
 
 		- paypal.112.2o7.net
 		- where-spotlight.s3.amazonaws.com
-
-
-	Fully covered domains:
-
-		- (www.)paypal.co.uk
-
-		- paypal.com subdomains:
-
-			- (www.)
-			- advertising
-			- campaigns
-			- coupons
-			- pics
-			- pilot-coupons
-			- qa-advertising
-			- qa-coupons
-			- stg-campaigns
-			- stg-coupons
-
-		- www.paypalobjects.com
-
 -->
 <ruleset name="PayPal">
-
-	<target host="paypal.co.uk" />
-	<target host="www.paypal.co.uk" />
-	<target host="paypal.com" />
-	<target host="*.paypal.com" />
-	<target host="www.paypalobjects.com" />
-
-
-	<!--	Tracking cookies:
-					-->
-	<securecookie host="^\.paypal\.com$" name="^s_\w+$" />
-	<securecookie host="^(?:(?:qa-|stg-)?coupons|www)\.paypal\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?paypal\.co(\.uk|m)/"
-		to="https://$1paypal.co$2/" />
-
-	<rule from="^http://((?:qa-)?advertising|(?:stg-)?campaigns|cms|(?:pilot-|qa-|stg-)?coupons|images|pics)\.paypal\.com/"
-		to="https://$1.paypal.com/" />
-
-	<rule from="^http://www\.paypalobjects\.com/"
-		to="https://www.paypalobjects.com/" />
-
+	<target host="advertising.paypal.com" />
+	<target host="cms.paypal.com" />
+	<target host="coupons.paypal.com" />
+	<target host="pilot-coupons.paypal.com" />
+	<target host="qa-coupons.paypal.com" />
+	<target host="stg-coupons.paypal.com" />
+	<target host="fpdbs.paypal.com" />
+	<target host="images.paypal.com" />
+	<target host="pics.paypal.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/PayPal_Forward.xml b/src/chrome/content/rules/PayPal_Forward.xml
index 45f2abdded96..1006ddc0b04c 100644
--- a/src/chrome/content/rules/PayPal_Forward.xml
+++ b/src/chrome/content/rules/PayPal_Forward.xml
@@ -1,14 +1,18 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://paypal-forward.com/ => https://paypal-forward.com/: (7, 'Failed to connect to paypal-forward.com port 443: Connection refused')
+Fetch error: http://www.paypal-forward.com/ => https://www.paypal-forward.com/: (7, 'Failed to connect to www.paypal-forward.com port 443: Connection refused')
+
 	For other PayPal coverage, see PayPal.xml.
 
 -->
-<ruleset name="PayPal | Forward">
+<ruleset name="PayPal | Forward" default_off="failed ruleset test">
 
 	<target host="paypal-forward.com" />
 	<target host="www.paypal-forward.com" />
 
 
-	<rule from="^http://(www\.)?paypal-forward\.com/"
-		to="https://$1paypal-forward.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/PayPalobjects.com.xml b/src/chrome/content/rules/PayPalobjects.com.xml
new file mode 100644
index 000000000000..bf700e0957c9
--- /dev/null
+++ b/src/chrome/content/rules/PayPalobjects.com.xml
@@ -0,0 +1,25 @@
+<!--
+	For other PayPal coverage, see PayPal.xml.
+
+
+	Non-functional subdomains:
+		- content	(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="PayPal objects.com">
+
+	<target host="paypalobjects.com" />
+	<target host="www.paypalobjects.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PayPerPost.com.xml b/src/chrome/content/rules/PayPerPost.com.xml
index 21e5ff976293..c7f3176b791d 100644
--- a/src/chrome/content/rules/PayPerPost.com.xml
+++ b/src/chrome/content/rules/PayPerPost.com.xml
@@ -1,4 +1,8 @@
-<ruleset name="PayPerHost.com">
+<!--
+	For other IZEA coverage, see IZEA.com.xml
+
+-->
+<ruleset name="PayPerPost.com">
 
 	<target host="payperpost.com" />
 	<target host="www.payperpost.com" />
@@ -7,7 +11,6 @@
 	<securecookie host="^(?:www\.)?payperpost\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?payperpost\.com/"
-		to="https://$1payperpost.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/PayQuake.xml b/src/chrome/content/rules/PayQuake.xml
deleted file mode 100644
index bebe3c699e71..000000000000
--- a/src/chrome/content/rules/PayQuake.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	Nonfunctional:
-
-		- (www.)freecreditcardprocessing.com	(interrupted)
-		- (www.)payquake.com			(ditto)
-
--->
-<ruleset name="payQuake (partial)">
-
-	<target host="mypayquake.com" />
-	<target host="*.mypayquake.com" />
-
-
-	<securecookie host="^www\.mypayquake\.com$" name=".*" />
-
-	<!--	Cert doesn't match !www.	-->
-	<rule from="^http://(?:www\.)?mypayquake\.com/"
-		to="https://www.mypayquake.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/PaySmart.com.au.xml b/src/chrome/content/rules/PaySmart.com.au.xml
new file mode 100644
index 000000000000..cb58ceb7a53c
--- /dev/null
+++ b/src/chrome/content/rules/PaySmart.com.au.xml
@@ -0,0 +1,32 @@
+<!--
+	Non-functional subdomains:
+
+		- (www.)paysmart.com.au		(i)
+
+		- ffapaysmart.com.au
+			- crm		(m)
+			- mail1		(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="PaySmart.com.au">
+
+	<target host="autodiscover.paysmart.com.au" />
+	<target host="mail.paysmart.com.au" />
+
+	<target host="autodiscover.ffapaysmart.com.au" />
+	<target host="express.ffapaysmart.com.au" />
+	<target host="interlink.ffapaysmart.com.au" />
+	<target host="mail.ffapaysmart.com.au" />
+	<target host="psdn.ffapaysmart.com.au" />
+	<target host="webexpress-sample.ffapaysmart.com.au" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PayTrust.com.xml b/src/chrome/content/rules/PayTrust.com.xml
new file mode 100644
index 000000000000..ed13141ec2e4
--- /dev/null
+++ b/src/chrome/content/rules/PayTrust.com.xml
@@ -0,0 +1,11 @@
+<!--
+	Non-functional hosts
+		Timeout was reached:
+		- paytrust.com
+		- www.paytrust.com
+-->
+<ruleset name="PayTrust.com">
+	<target host="billscenter.paytrust.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Pay_Dirt_Gold.com.xml b/src/chrome/content/rules/Pay_Dirt_Gold.com.xml
index 4ed43f25e184..2e3034cb777e 100644
--- a/src/chrome/content/rules/Pay_Dirt_Gold.com.xml
+++ b/src/chrome/content/rules/Pay_Dirt_Gold.com.xml
@@ -1,13 +1,19 @@
-<ruleset name="Pay Dirt Gold.com">
+<!--
+	(www.)?: Shopify
 
+-->
+<ruleset name="Pay Dirt Gold.com" default_off="mismatched">
+
+	<!--	Direct rewrites:
+				-->
 	<target host="paydirtgold.com" />
-	<target host="*.paydirtgold.com" />
+	<target host="www.paydirtgold.com" />
 
 
-	<securecookie host="^(?:\.|store\.)?paydirtgold\.com$" name=".+" />
+	<securecookie host="^\.?paydirtgold\.com$" name=".+" />
 
 
-	<rule from="^http://(store\.|www\.)?paydirtgold\.com/"
-		to="https://$1paydirtgold.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Paycheckrecords.com.xml b/src/chrome/content/rules/Paycheckrecords.com.xml
index d189b891b301..b07047ca6974 100644
--- a/src/chrome/content/rules/Paycheckrecords.com.xml
+++ b/src/chrome/content/rules/Paycheckrecords.com.xml
@@ -1,17 +1,12 @@
-<!-- This rule was automatically generated based on an HSTS
-     preload rule in the Chromium browser.  See 
-     https://src.chromium.org/viewvc/chrome/trunk/src/net/base/transport_security_state.cc
-     for the list of preloads.  Sites are added to the Chromium HSTS
-     preload list on request from their administrators, so HTTPS should
-     work properly everywhere on this site.
- 
-     Because Chromium and derived browsers automatically force HTTPS for
-     every access to this site, this rule applies only to Firefox. -->
-<ruleset name="Paycheckrecords.com" platform="firefox">
-  <target host="www.paycheckrecords.com" />
-  <target host="paycheckrecords.com" />
+<ruleset name="Paycheckrecords.com">
+	<target host="paycheckrecords.com" />
+	<target host="www.paycheckrecords.com" />
+	<target host="time.paycheckrecords.com" />
 
-  <securecookie host="^www\.paycheckrecords\.com$" name=".+" />
+	<securecookie host="^www\.paycheckrecords\.com$" name=".+" />
 
-  <rule from="^http://(www\.)?paycheckrecords\.com/" to="https://www.paycheckrecords.com/" />
+	<rule from="^http://paycheckrecords\.com/"
+		to="https://www.paycheckrecords.com/" />
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Paydirekt.de.xml b/src/chrome/content/rules/Paydirekt.de.xml
new file mode 100644
index 000000000000..dbf032512204
--- /dev/null
+++ b/src/chrome/content/rules/Paydirekt.de.xml
@@ -0,0 +1,9 @@
+<ruleset name="Paydirekt.de">
+  <target host=    "paydirekt.de"/>
+  <target host="api.paydirekt.de"/>
+  <target host=  "j.paydirekt.de"/>
+  <target host="www.paydirekt.de"/>
+
+  <rule from="^http:"
+          to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/Payeer.com.xml b/src/chrome/content/rules/Payeer.com.xml
new file mode 100644
index 000000000000..3de4bc6c573f
--- /dev/null
+++ b/src/chrome/content/rules/Payeer.com.xml
@@ -0,0 +1,34 @@
+<!--
+	www.payeer.com: Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- payeer.com
+
+-->
+<ruleset name="Payeer.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="payeer.com" />
+
+	<!--	Complications:
+				-->
+	<target host="www.payeer.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^payeer\.com$" name="^(?:BITRIX_SM_SALE_AFFILIATE|PHPSESSID)$" /-->
+
+	<securecookie host="^payeer\.com$" name=".+" />
+
+
+	<rule from="^http://www\.payeer\.com/"
+		to="https://payeer.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Payhip.com.xml b/src/chrome/content/rules/Payhip.com.xml
new file mode 100644
index 000000000000..b6ad864cc41f
--- /dev/null
+++ b/src/chrome/content/rules/Payhip.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="Payhip.com">
+
+	<target host="payhip.com" />
+	<target host="www.payhip.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Paymentech.com.xml b/src/chrome/content/rules/Paymentech.com.xml
new file mode 100644
index 000000000000..f456527c9e44
--- /dev/null
+++ b/src/chrome/content/rules/Paymentech.com.xml
@@ -0,0 +1,25 @@
+<!--
+	For other Chase Paymentech coverage, see Chase_Paymentech.com.xml.
+
+
+	(www.): shows www.paymentech.net, [?/]+ doesn't redirect
+
+-->
+<ruleset name="Paymentech.com (partial)">
+
+	<target host="paymentech.com" />
+	<target host="*.paymentech.com" />
+
+
+	<securecookie host="^secure\.paymentech\.com$" name=".+" />
+
+
+	<!--	Redirects drops args
+					-->
+	<rule from="^http://(?:www\.)?paymentech\.com/(?:$|\?.*)"
+		to="https://www.chasepaymentech.com/" />
+
+	<rule from="^http://secure\.paymentech\.com/"
+		to="https://secure.paymentech.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PaymentsSource.com.xml b/src/chrome/content/rules/PaymentsSource.com.xml
index 3ab6f84f99df..c138ed7ce3c3 100644
--- a/src/chrome/content/rules/PaymentsSource.com.xml
+++ b/src/chrome/content/rules/PaymentsSource.com.xml
@@ -8,10 +8,11 @@
 <ruleset name="PaymentsSource.com" default_off="mismatched">
 
 	<target host="paymentssource.com" />
-	<target host="*.paymentssource.com" />
+	<target host="cdn.paymentssource.com" />
+	<target host="www.paymentssource.com" />
 
 
 	<rule from="^http://(?:cdn\.|www\.)?paymentssource\.com/"
 		to="https://www.paymentssource.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Paymentwall.com.xml b/src/chrome/content/rules/Paymentwall.com.xml
new file mode 100644
index 000000000000..5fc836f35480
--- /dev/null
+++ b/src/chrome/content/rules/Paymentwall.com.xml
@@ -0,0 +1,29 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- paymentwall.com
+		- api.paymentwall.com
+		- www.paymentwall.com
+
+-->
+<ruleset name="Paymentwall.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="paymentwall.com" />
+	<target host="api.paymentwall.com" />
+	<target host="www.paymentwall.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?paymentwall\.com$" name="^(?:PHPSESSID|lang)$" /-->
+	<!--securecookie host="^api\.paymentwall\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^(?:\w*\.)?paymentwall\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Paymill.com.xml b/src/chrome/content/rules/Paymill.com.xml
deleted file mode 100644
index 6888afbf822d..000000000000
--- a/src/chrome/content/rules/Paymill.com.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!-- This rule was automatically generated based on an HSTS
-     preload rule in the Chromium browser.  See
-     https://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.h
-     for the list of preloads.  Sites are added to the Chromium HSTS
-     preload list on request from their administrators, so HTTPS should
-     work properly everywhere on this site.
-
-     Because Chromium and derived browsers automatically force HTTPS for
-     every access to this site, this rule applies only to Firefox. -->
-<ruleset name="Paymill.com" platform="firefox">
-<target host="paymill.com" />
-
-<securecookie host="^paymill\.com$" name=".+" />
-
-<rule from="^http://paymill\.com/" to="https://paymill.com/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Paymill.de.xml b/src/chrome/content/rules/Paymill.de.xml
deleted file mode 100644
index 135e7b8d8e37..000000000000
--- a/src/chrome/content/rules/Paymill.de.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!-- This rule was automatically generated based on an HSTS
-     preload rule in the Chromium browser.  See
-     https://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.h
-     for the list of preloads.  Sites are added to the Chromium HSTS
-     preload list on request from their administrators, so HTTPS should
-     work properly everywhere on this site.
-
-     Because Chromium and derived browsers automatically force HTTPS for
-     every access to this site, this rule applies only to Firefox. -->
-<ruleset name="Paymill.de" platform="firefox">
-<target host="paymill.de" />
-
-<securecookie host="^paymill\.de$" name=".+" />
-
-<rule from="^http://paymill\.de/" to="https://paymill.de/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Paymium.com.xml b/src/chrome/content/rules/Paymium.com.xml
new file mode 100644
index 000000000000..734bd1d16a39
--- /dev/null
+++ b/src/chrome/content/rules/Paymium.com.xml
@@ -0,0 +1,19 @@
+<!--
+	These altnames don't exist:
+
+		- admin.paymium.com
+		- kyc.paymium.com
+
+-->
+<ruleset name="Paymium.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="paymium.com" />
+	<target host="www.paymium.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Paymo.xml b/src/chrome/content/rules/Paymo.xml
index 2a7e9c83f8bd..b072d68f078c 100644
--- a/src/chrome/content/rules/Paymo.xml
+++ b/src/chrome/content/rules/Paymo.xml
@@ -1,13 +1,20 @@
-<ruleset name="Paymo">
+<!--
+	app: Refused
 
-	<target host="paymo.biz" />
-	<target host="*.paymo.biz" />
+-->
+<ruleset name="Paymo.biz">
 
+	<!--	Complications:
+				-->
+	<target host="app.paymo.biz" />
 
-	<securecookie host="^app\.paymo\.biz$" name=".+" />
 
+	<!--	Redirect keeps path and args,
+		but not forward slash:
+					-->
+	<rule from="^http://app\.paymo\.biz/+"
+		to="https://app.paymoapp.com/" />
 
-	<rule from="^http://(app\.|www\.)?paymo\.biz/"
-		to="https://$1paymo.biz/" />
+		<test url="http://app.paymo.biz//" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Paymo_App.com.xml b/src/chrome/content/rules/Paymo_App.com.xml
new file mode 100644
index 000000000000..ebc9fb2212c7
--- /dev/null
+++ b/src/chrome/content/rules/Paymo_App.com.xml
@@ -0,0 +1,27 @@
+<!--
+	Other Paymo rulesets:
+
+		- Paymo.xml
+
+
+	Fully covered hosts in *paymoapp.com:
+
+		- (www.)?
+		- app
+		- wpecdn
+
+-->
+<ruleset name="Paymo App.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="paymoapp.com" />
+	<target host="app.paymoapp.com" />
+	<target host="wpecdn.paymoapp.com" />
+	<target host="www.paymoapp.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Payoneer.com.xml b/src/chrome/content/rules/Payoneer.com.xml
new file mode 100644
index 000000000000..6e01494527ae
--- /dev/null
+++ b/src/chrome/content/rules/Payoneer.com.xml
@@ -0,0 +1,29 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- go.payoneer.com
+-->
+<ruleset name="Payoneer.com">
+	<target host="payoneer.com" />
+	<target host="www.payoneer.com" />
+	<target host="blog.payoneer.com" />
+	<target host="community.payoneer.com" />
+	<target host="explore.payoneer.com" />
+	<target host="it.payoneer.com" />
+	<target host="login.payoneer.com" />
+	<target host="myaccount.payoneer.com" />
+	<target host="partners.payoneer.com" />
+	<target host="paynow.payoneer.com" />
+	<target host="payouts.payoneer.com" />
+	<target host="register.payoneer.com" />
+	<target host="myaccount.sandbox.payoneer.com" />
+	<target host="partners.sandbox.payoneer.com" />
+	<target host="share.payoneer.com" />
+	<target host="taxforms.payoneer.com" />
+	<target host="user.payoneer.com" />
+	<target host="www-stg.payoneer.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Payonline.ru.xml b/src/chrome/content/rules/Payonline.ru.xml
new file mode 100644
index 000000000000..847255a3add9
--- /dev/null
+++ b/src/chrome/content/rules/Payonline.ru.xml
@@ -0,0 +1,13 @@
+<!--www. 404
+(www.)?payonlinesystem.com mismatch
+smasol. mismatch-->
+<ruleset name="Payonline.ru">
+	<target host="payonline.ru" />
+	<target host="www.payonline.ru" />
+	<target host="secure.payonlinesystem.com" />
+
+	<rule from="^http://www\.payonline\.ru/"
+		to="https://payonline.ru/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Paypal_Giving_Fund.org.xml b/src/chrome/content/rules/Paypal_Giving_Fund.org.xml
new file mode 100644
index 000000000000..041c3314d9c8
--- /dev/null
+++ b/src/chrome/content/rules/Paypal_Giving_Fund.org.xml
@@ -0,0 +1,50 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://paypalgivingfund.org/ => https://paypalgivingfund.org/: (51, "SSL: no alternative certificate subject name matches target host name 'paypalgivingfund.org'")
+
+	For other PayPal coverage, see PayPal.xml.
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.paypalgivingfund.org
+
+
+	Mixed content:
+
+		- css from include.ebaystatic.com
+
+		- Images, from:
+
+			- donationsstatic.ebay.com
+			- heritagehaven.com
+			- i\d.ebayimg.com
+			- img.auctiva.com
+			- pics.ebaystatic.com
+			- www.yscfw.com
+
+		- Bug from www.facebook.com
+
+-->
+<ruleset name="Paypal Giving Fund.org (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="paypalgivingfund.org" />
+	<target host="www.paypalgivingfund.org" />
+
+		<test url="http://www.paypalgivingfund.org/charity/charity.jsp?NP_ID=" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.paypalgivingfund\.org$" name="^JSESSIONID$" /-->
+
+	<securecookie host="^www\.paypalgivingfund\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Payrollapp.com.xml b/src/chrome/content/rules/Payrollapp.com.xml
deleted file mode 100644
index 47b13024e9f0..000000000000
--- a/src/chrome/content/rules/Payrollapp.com.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	For other Automatic Data Processing coverage, see Automatic_Data_Processing.xml.
-
-
-	Cert only matches ^payrollapp.com
-
--->
-<ruleset name="payrollapp.com">
-
-	<target host="payrollapp.com" />
-	<target host="www.payrollapp.com" />
-
-
-	<securecookie host="^payrollapp\.com$" name=".+" />
-
-
-	<rule from="^https?://(?:www\.)?payrollapp\.com/"
-		to="https://payrollapp.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Paysafecard.com.xml b/src/chrome/content/rules/Paysafecard.com.xml
index 036a23afdbc9..1dfe1154ee13 100644
--- a/src/chrome/content/rules/Paysafecard.com.xml
+++ b/src/chrome/content/rules/Paysafecard.com.xml
@@ -14,7 +14,9 @@
 <ruleset name="paysafecard.com">
 
 	<target host="paysafecard.com" />
-	<target host="*.paysafecard.com" />
+	<target host="www.paysafecard.com" />
+	<target host="mypins.paysafecard.com" />
+	<target host="static.paysafecard.com" />
 
 
 	<securecookie host="^(?:mypins|static|www)?\.paysafecard\.com$" name=".+" />
@@ -23,7 +25,6 @@
 	<rule from="^http://(?:www\.)?paysafecard\.com/"
 		to="https://www.paysafecard.com/" />
 
-	<rule from="^http://(mypins|static)\.paysafecard\.com/"
-		to="https://$1.paysafecard.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Paysol.se.xml b/src/chrome/content/rules/Paysol.se.xml
index 36b9dfe1e42b..675070fbbadd 100644
--- a/src/chrome/content/rules/Paysol.se.xml
+++ b/src/chrome/content/rules/Paysol.se.xml
@@ -1,8 +1,16 @@
-<ruleset name="Paysol.se">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://secure.paysol.se/ => https://secure.paysol.se/: (60, 'SSL certificate problem: certificate has expired')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://secure.paysol.se/ => https://secure.paysol.se/: (60, 'SSL certificate problem: certificate has expired')
+-->
+<ruleset name="Paysol.se" default_off="failed ruleset test">
   <target host="secure.paysol.se" />
 
   <!-- Subdomain www and secure hosts different pages. Cert is for secure.paysol.se. -->
-  <rule from="^http://secure\.paysol\.se/" to="https://secure.paysol.se/" />
+  <rule from="^http:" to="https:" />
 
-  <securecookie host="^secure\.paysol\.se$" name=".*"/>
+  <securecookie host="^secure\.paysol\.se$" name=".+" />
 </ruleset>
diff --git a/src/chrome/content/rules/Payson.xml b/src/chrome/content/rules/Payson.xml
index 059f3d09683f..29f7c29f5867 100644
--- a/src/chrome/content/rules/Payson.xml
+++ b/src/chrome/content/rules/Payson.xml
@@ -1,14 +1,29 @@
-<ruleset name="Payson">
+<!--
+	Invalid certificate:
 
-	<target host="payson.se" />
-	<target host="*.payson.se" />
+		- autodiscover.payson.se   (CN mismatch)
 
+	404 on HTTPS:
 
-	<securecookie host="^(?:www)?\.payson\.se$" name=".+" />
+		- test-mobileapi.payson.se
+-->
+<ruleset name="Payson">
 
+	<target host="payson.se" />
+	<target host="www.payson.se" />
+	<target host="account.payson.se" />
+	<target host="admin.payson.se" />
+	<target host="api.payson.se" />
+	<target host="apigateway.payson.se" />
+	<target host="card.payson.se" />
+	<target host="checkout.payson.se" />
+	<target host="demoshop.payson.se" />
+	<target host="embedded.payson.se" />
+	<target host="tech.payson.se" />
+	<target host="test-api.payson.se" />
+	<target host="test-checkout.payson.se" />
+	<target host="test-www.payson.se" />
 
-	<!--	Cert only matches www.	-->
-	<rule from="^http://(?:www\.)?payson\.se/"
-		to="https://www.payson.se/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Paytoll.xml b/src/chrome/content/rules/Paytoll.xml
index ba4bcf0b750e..654e83835de6 100644
--- a/src/chrome/content/rules/Paytoll.xml
+++ b/src/chrome/content/rules/Paytoll.xml
@@ -1,8 +1,12 @@
+
 <!--
-	For other Eventim coverage, see Eventim.xml.
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://secure.paytoll.eu/ (200) => https://secure.paytoll.eu/ (403)
+
+	For other Eventim coverage, see Eventim.com.xml.
 
 -->
-<ruleset name="Paytoll">
+<ruleset name="Paytoll" default_off="failed ruleset test">
 
 	<target host="secure.paytoll.eu" />
 
@@ -10,7 +14,6 @@
 	<securecookie host="^secure\.paytoll\.eu$" name=".+" />
 
 
-	<rule from="^http://secure\.paytoll\.eu/"
-		to="https://secure.paytoll.eu/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Payu.ru.xml b/src/chrome/content/rules/Payu.ru.xml
new file mode 100644
index 000000000000..f6f308fa13f8
--- /dev/null
+++ b/src/chrome/content/rules/Payu.ru.xml
@@ -0,0 +1,13 @@
+<!--
+Mismatch on:
+(www.)bpp.payu.ru
+^payu.ru
+-->
+<ruleset name="Payu.ru">
+	<target host="www.payu.ru" />
+	<target host="payu.ru" />
+	<rule from="^http://payu\.ru/"
+	to="https://www.payu.ru/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Payza.xml b/src/chrome/content/rules/Payza.xml
deleted file mode 100644
index d85025533fea..000000000000
--- a/src/chrome/content/rules/Payza.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	Problematic subdomains:
-
-		- ^	(cert only matches www)
-
--->
-<ruleset name="Payza">
-
-	<target host="payza.com" />
-	<target host="*.payza.com" />
-
-
-	<securecookie host=".+\.payza\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?payza\.com/"
-		to="https://www.payza.com/" />
-
-	<rule from="^http://secure\.payza\.com/"
-		to="https://secure.payza.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Pazaruvaj.com.xml b/src/chrome/content/rules/Pazaruvaj.com.xml
new file mode 100644
index 000000000000..2b00d94dfb82
--- /dev/null
+++ b/src/chrome/content/rules/Pazaruvaj.com.xml
@@ -0,0 +1,45 @@
+<!--
+	For other Arukereso coverage, see Arukereso.xml.
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .com
+		- .arukereso.com
+		- blenderi.pazaruvaj.com
+		- elektricheska-chetka-za-zybi.pazaruvaj.com
+		- elektronna-cigara.pazaruvaj.com
+		- mishki.pazaruvaj.com
+		- . . .
+		- www.arukereso.com
+
+-->
+<ruleset name="Pazaruvaj.com">
+
+	<target host="pazaruvaj.com" />
+	<target host="*.pazaruvaj.com" />
+
+		<test url="http://affiliation.pazaruvaj.com/" />
+		<test url="http://akumulator-za-prenosimi-kompjutri.pazaruvaj.com/" />
+		<test url="http://blenderi.pazaruvaj.com/" />
+		<test url="http://elektricheska-chetka-za-zybi.pazaruvaj.com/" />
+		<test url="http://elektronna-cigara.pazaruvaj.com/" />
+		<test url="http://image.pazaruvaj.com/" />
+		<test url="http://mishki.pazaruvaj.com/" />
+		<test url="http://p1-ssl.pazaruvaj.com/" />
+		<test url="http://static.pazaruvaj.com/" />
+		<test url="http://www.pazaruvaj.com/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.com$" name="^LongExpireUserId$" /-->
+	<!--securecookie host="^\.pazaruvaj\.com$" name="^(?:ARUKERESO_SESSION|LongExpireUserId)$" /-->
+	<!--securecookie host="^(?:blenderi|elektricheska-chetka-za-zybi|elektronna-cigara|mishki|www)\.pazaruvaj\.com$" name="^UniqueUserId$" /-->
+
+	<securecookie host=".*\.pazaruvaj\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Pbgrd.com.xml b/src/chrome/content/rules/Pbgrd.com.xml
new file mode 100644
index 000000000000..720ecc33d1a1
--- /dev/null
+++ b/src/chrome/content/rules/Pbgrd.com.xml
@@ -0,0 +1,19 @@
+<!--
+	Web bugs.
+
+
+	(www.): cert only matches delivery
+
+-->
+<ruleset name="PbGrd.com (partial)">
+
+	<target host="delivery.pbgrd.com" />
+
+
+	<securecookie host="^delivery\.pbgrd\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Pbs-erhverv.dk.xml b/src/chrome/content/rules/Pbs-erhverv.dk.xml
new file mode 100644
index 000000000000..95b62fcd5d5e
--- /dev/null
+++ b/src/chrome/content/rules/Pbs-erhverv.dk.xml
@@ -0,0 +1,25 @@
+<!--
+	For other NemID coverage, see NemID.xml.
+
+
+	www.pbs-erhverv.dk: Mismatched
+
+-->
+<ruleset name="pbs-erhverv.dk">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="pbs-erhverv.dk" />
+
+	<!--	Complications:
+				-->
+	<target host="www.pbs-erhverv.dk" />
+
+
+	<rule from="^http://www\.pbs-erhverv\.dk/"
+		to="https://pbs-erhverv.dk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Pbsrc.com.xml b/src/chrome/content/rules/Pbsrc.com.xml
new file mode 100644
index 000000000000..f48e4d024c69
--- /dev/null
+++ b/src/chrome/content/rules/Pbsrc.com.xml
@@ -0,0 +1,93 @@
+<!--
+	For other Photobucket coverage, see Photobucket.xml.
+
+
+	CDN buckets:
+
+		- crtl.aimatch.com
+
+			- b.photobucket.com
+
+		- wpc.38F2.edgecastcdn.net
+
+		- wpc.3901.edgecastcdn.net
+
+			- i000[1-9].photobucket.com
+
+		- wac.3B2E.edgecastcdn.net
+
+			- pic.pbsrc.com
+			- pic.photobucket.com
+
+		- cdn.photobucket.com.c.footprint.net
+
+			- img.photobucket.com
+			- i120\d.photobucket.com
+
+
+	Nonfunctional domains:
+
+		- static.pbsrc.com	(404, CN: gp1.wac.edgecastcdn.net)
+
+
+	Problematic hosts in *pbsrc.com:
+
+		- pic *
+		- pic2 *
+		- static2 *
+
+	* CN: gp1.wac.edgecastcdn.net; 404
+
+
+	Fully covered hosts in *pbsrc.com:
+
+		- (www.)
+		- opic2
+		- ostatic2
+		- pic			(→ pbsrc.com)
+		- pic2			(→ opic2.pbsrc.com)
+		- rs\d+
+		- static2		(→ ostatic2.pbsrc.com)
+
+-->
+<ruleset name="Pbsrc.com (partial)">
+
+	<!-- https://github.com/EFForg/https-everywhere/issues/3527 -->
+	<exclusion pattern="^http://pic2\.pbsrc\.com/flash/ZeroClipboardFV3\.swf" />
+	<exclusion pattern="^http://static2\.pbsrc\.com/$" />
+	<target host="pbsrc.com" />
+	<target host="*.pbsrc.com" />
+
+		<!--	Direct rewrites:
+					-->
+			<test url="http://opic2.pbsrc.com/common/hero-slider-v2.png" />
+			<test url="http://opic2.pbsrc.com/footer/footer-facebook.png" />
+			<test url="http://opic2.pbsrc.com/footer/footer-logo.png" />
+			<test url="http://opic2.pbsrc.com/print/calendars/SimplyModern_PreviewIcon_Web_Gray.jpg" />
+			<test url="http://pic2.pbsrc.com/flash/ZeroClipboardFV3.swf" />
+
+		<test url="http://ostatic2.pbsrc.com/" />
+		<test url="http://www.pbsrc.com/" />
+
+		<!--	Complications:
+					-->
+		<test url="http://pic.pbsrc.com/" />
+
+			<test url="http://pic2.pbsrc.com/common/hero-slider-v2.png" />
+			<test url="http://pic2.pbsrc.com/footer/footer-facebook.png" />
+			<test url="http://pic2.pbsrc.com/footer/footer-logo.png" />
+			<test url="http://pic2.pbsrc.com/print/calendars/SimplyModern_PreviewIcon_Web_Gray.jpg" />
+
+		<test url="http://static2.pbsrc.com/" />
+
+
+	<rule from="^http://pic\.pbsrc\.com/"
+		to="https://pbsrc.com/" />
+
+	<rule from="^http://(pic|static)2\.pbsrc\.com/"
+		to="https://o$12.pbsrc.com/" />
+
+	<rule from="^http://((?:opic2|ostatic2|rs\d+|www)\.)?pbsrc\.com/"
+		to="https://$1pbsrc.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Pcengines.ch.xml b/src/chrome/content/rules/Pcengines.ch.xml
new file mode 100644
index 000000000000..d16c2602653f
--- /dev/null
+++ b/src/chrome/content/rules/Pcengines.ch.xml
@@ -0,0 +1,11 @@
+<!--
+	Mismatched:
+		- julien
+		- mail
+-->
+<ruleset name="Pcengines.ch">
+	<target host="pcengines.ch" />
+	<target host="www.pcengines.ch" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Pcp.ch.xml b/src/chrome/content/rules/Pcp.ch.xml
index e946051bc452..706d460f6cbf 100644
--- a/src/chrome/content/rules/Pcp.ch.xml
+++ b/src/chrome/content/rules/Pcp.ch.xml
@@ -1,7 +1,29 @@
-<ruleset name="Pcp.ch">
-  <target host="pcp.ch" />
-  <target host="www.pcp.ch" />
+<!--
+	For other PCP coverage, see PCP.com.xml.
 
-  <securecookie host="^www\.pcp\.ch$" name=".*" />
-  <rule from="^http://(www\.)?pcp\.ch/" to="https://www.pcp.ch/" />
+
+	Insecure cookies are set for these hosts:
+
+		- www.pcp.ch
+
+-->
+<ruleset name="PCP.ch">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="pcp.ch"/>
+	<target host="www.pcp.ch"/>
+
+	<!--	Complications:
+				-->
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.pcp\.ch$" name="^(ASP\.NET_SessionId|SC)$" /-->
+
+	<securecookie host="^www\.pcp\.ch$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:"/>
 </ruleset>
diff --git a/src/chrome/content/rules/Pcpartpicker.com.xml b/src/chrome/content/rules/Pcpartpicker.com.xml
new file mode 100644
index 000000000000..d04a3aab1001
--- /dev/null
+++ b/src/chrome/content/rules/Pcpartpicker.com.xml
@@ -0,0 +1,20 @@
+<ruleset name="Pcpartpicker.com">
+	<target host="pcpartpicker.com" />
+	<target host="www.pcpartpicker.com" />
+	<target host="au.pcpartpicker.com" />
+	<target host="be.pcpartpicker.com" />
+	<target host="ca.pcpartpicker.com" />
+	<target host="cdn.pcpartpicker.com" />
+	<target host="de.pcpartpicker.com" />
+	<target host="es.pcpartpicker.com" />
+	<target host="fr.pcpartpicker.com" />
+	<target host="in.pcpartpicker.com" />
+	<target host="it.pcpartpicker.com" />
+	<target host="nz.pcpartpicker.com" />
+	<target host="uk.pcpartpicker.com" />
+	<target host="us.pcpartpicker.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Pcwelt.de.xml b/src/chrome/content/rules/Pcwelt.de.xml
new file mode 100644
index 000000000000..755d30d788c7
--- /dev/null
+++ b/src/chrome/content/rules/Pcwelt.de.xml
@@ -0,0 +1,59 @@
+<!--
+	403:
+		- custom.pcwelt.de
+
+	Cert mismatch:
+		- apps.pcwelt.de
+		- (www.)browsercheck.pcwelt.de
+		- download.pcwelt.de
+		- forum.pcwelt.de
+		- go.pcwelt.de
+		- (www.)gutscheine.pcwelt.de
+		- images.pcwelt.de
+		- insider-portal.pcwelt.de
+		- beta.insider-portal.pcwelt.de
+		- jobs.pcwelt.de
+		- (www.)leseraktion.pcwelt.de
+		- liwww.pcwelt.de
+		- m.pcwelt.de
+		- markt.pcwelt.de
+		- newsletter.pcwelt.de
+		- p.pcwelt.de
+		- premium.pcwelt.de
+		- r1.pcwelt.de
+		- r2.pcwelt.de
+		- www.shirtshop.pcwelt.de
+		- (www.)software.pcwelt.de
+		- start-dsl.pcwelt.de
+		- tarife.pcwelt.de
+		- wallpaper.pcwelt.de
+		- wiki.pcwelt.de
+		- ww.pcwelt.de
+		- w3.pcwelt.de
+
+	Connection refused:
+		- videos.pcwelt.de
+-->
+
+<ruleset name="Pcwelt.de" >
+
+	<target host="pcwelt.de" />
+	<target host="www.pcwelt.de" />
+	<target host="amp.pcwelt.de" />
+	<target host="api.pcwelt.de" />
+	<target host="beta.pcwelt.de" />
+	<target host="bilder.pcwelt.de" />
+	<target host="fbia.pcwelt.de" />
+	<target host="fia.pcwelt.de" />
+	<target host="magazin.pcwelt.de" />
+	<target host="mobil.pcwelt.de" />
+	<target host="shirtshop.pcwelt.de" />
+	<target host="shop.pcwelt.de" />
+	<target host="specials.pcwelt.de" />
+	<target host="whitepaper.pcwelt.de" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Pdfcrowd.com.xml b/src/chrome/content/rules/Pdfcrowd.com.xml
new file mode 100644
index 000000000000..4f1574763cac
--- /dev/null
+++ b/src/chrome/content/rules/Pdfcrowd.com.xml
@@ -0,0 +1,16 @@
+<!--
+	Invalid certificate:
+		status.pdfcrowd.com
+
+-->
+<ruleset name="pdfcrowd.com">
+
+	<target host="pdfcrowd.com" />
+	<target host="www.pdfcrowd.com" />
+	<target host="crowd.pdfcrowd.com" />
+	<target host="mgiles.pdfcrowd.com" />
+	<target host="sysomos.pdfcrowd.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Pdfreaders.org.xml b/src/chrome/content/rules/Pdfreaders.org.xml
new file mode 100644
index 000000000000..a566358c9891
--- /dev/null
+++ b/src/chrome/content/rules/Pdfreaders.org.xml
@@ -0,0 +1,10 @@
+<ruleset name="Pdfreaders.org">
+
+	<target host="pdfreaders.org" />
+	<target host="www.pdfreaders.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Peace_Center_for_the_Performing_Arts.xml b/src/chrome/content/rules/Peace_Center_for_the_Performing_Arts.xml
index d3ad0e458883..69ce2e49efa9 100644
--- a/src/chrome/content/rules/Peace_Center_for_the_Performing_Arts.xml
+++ b/src/chrome/content/rules/Peace_Center_for_the_Performing_Arts.xml
@@ -9,7 +9,6 @@
 		<exclusion pattern="^http://(?:www\.)?peacecenter\.org/(?:index\.php)?(?:\?.*)?$" />
 
 
-	<rule from="^http://(www\.)?peacecenter\.org/"
-		to="https://$1peacecenter.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Peacefire.org.xml b/src/chrome/content/rules/Peacefire.org.xml
index 0a9f19d0f5ab..88f6ab061e55 100644
--- a/src/chrome/content/rules/Peacefire.org.xml
+++ b/src/chrome/content/rules/Peacefire.org.xml
@@ -6,7 +6,7 @@
 
 	<!--	Cert only matches ^peacefire.org.
 							-->
-	<rule from="^https?://(?:www\.)?peacefire\.org/"
+	<rule from="^http://(?:www\.)?peacefire\.org/"
 		to="https://peacefire.org/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Pearson-mismatches.xml b/src/chrome/content/rules/Pearson-mismatches.xml
index 8585309fb059..a3b613e63264 100644
--- a/src/chrome/content/rules/Pearson-mismatches.xml
+++ b/src/chrome/content/rules/Pearson-mismatches.xml
@@ -1,9 +1,8 @@
-<ruleset name="Pearson (mismatches)" default_off="mismatch">
+<ruleset name="Pearson (mismatches)" default_off="mismatched">
 
 	<!--	Akamai	-->
 	<target host="ptgmedia.pearsoncmg.com"/>
 
-	<rule from="^http://ptgmedia\.pearsoncmg\.com/"
-		to="https://ptgmedia.pearsoncmg.com/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Pearson.xml b/src/chrome/content/rules/Pearson.xml
index c34af41a8514..a0cf4097a0c8 100644
--- a/src/chrome/content/rules/Pearson.xml
+++ b/src/chrome/content/rules/Pearson.xml
@@ -1,57 +1,42 @@
 <!--
 	Other Pearson rulesets:
+		- InformIT.com.xml
 
-		- InformIT.xml
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- thelearningcurve.pearson.com
+		- pearsoncmg.com
+		- www.pearsoncmg.com
+		- vue.com
+		- www.vue.com
+		- www8.vue.com
 
+		Incomplete certificate chain error:
+		- pearson.com
 
-	Nonfunctional domains:
-
-		- pearson.com subdomains:
-
-			- (www.) *
-			- blog *
-			- cr2012		(dropped)
-			- thelearningcurve	(refused)
-
-	* http reply
-
-
-	Fully covered domains:
-
+		Redirects to HTTP:
 		- developer.pearson.com
-		- neo.pearson.com
-		- register.pearsoncmg.com
-		- (www.)pearsonvue.com *
-		- www8.pearsonvue.com
-		- (www.)vue.com *
-
-	* → www8.pearsonvue.com
-
 -->
-<ruleset name="Pearson (partial)" platform="mixedcontent">
-
-	<target host="*.pearson.com" />
+<ruleset name="Pearson (partial)">
+	<!-- *.pearson.com -->
+	<target host="pearson.com" />
+	<target host="www.pearson.com" />
+	<target host="cr2012.pearson.com" />
+	<target host="neo.pearson.com" />
+
+	<!-- *.pearsoncmg.com -->
 	<target host="register.pearsoncmg.com" />
-	<target host="pearsonvue.com" />
-	<target host="*.pearsonvue.com" />
-	<target host="vue.com" />
-	<target host="www.vue.com" />
-
+		<test url="http://register.pearsoncmg.com/userprofile" />
 
-	<securecookie host="^\.?(?:developer|neo)\.pearson\.com$" name=".+" />
-	<securecookie host="^register\.pearsoncmg\.com$" name=".+" />
-	<securecookie host="^www8\.pearsonvue\.com$" name=".+" />
-
-
-	<rule from="^http://(developer|neo)\.pearson\.com/"
-		to="https://$1.pearson.com/" />
+	<!-- *.pearsonvue.com -->
+	<target host="pearsonvue.com" />
+	<target host="www.pearsonvue.com" />
+	<target host="www8.pearsonvue.com" />
 
-	<rule from="^http://register\.pearsoncmg\.com/"
-		to="https://register.pearsoncmg.com/" />
+	<securecookie host=".+" name=".+" />
 
-	<!--	Should this always go to www8?  Some other numbers work too.
-										-->
-	<rule from="^http://(?:www8?\.)?(?:pearson)?vue\.com/"
-		to="https://www8.pearsonvue.com/" />
+	<rule from="^http://pearson\.com/"
+		to="https://www.pearson.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Pearson_Computing.net.xml b/src/chrome/content/rules/Pearson_Computing.net.xml
new file mode 100644
index 000000000000..aaac0b4869ea
--- /dev/null
+++ b/src/chrome/content/rules/Pearson_Computing.net.xml
@@ -0,0 +1,20 @@
+<!--
+	^: cert only matches www
+
+-->
+<ruleset name="Pearson Computing.net" default_off="self-signed">
+
+	<target host="pearsoncomputing.net" />
+	<target host="www.pearsoncomputing.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?pearsoncomputing\.net$" name="^PHPSESSID$" /-->
+	<securecookie host="^(?:www\.)?pearsoncomputing\.net$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?pearsoncomputing\.net/"
+		to="https://www.pearsoncomputing.net/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Pebble.xml b/src/chrome/content/rules/Pebble.xml
index c256bb2d7fee..3fc0ea27d093 100644
--- a/src/chrome/content/rules/Pebble.xml
+++ b/src/chrome/content/rules/Pebble.xml
@@ -9,19 +9,22 @@
 <ruleset name="Pebble (partial)">
 
 	<target host="getpebble.com" />
-	<target host="*.getpebble.com" />
+	<target host="www.getpebble.com" />
+	<target host="account.getpebble.com" />
+	<target host="developer.getpebble.com" />
+	<target host="forums.getpebble.com" />
 
 
 	<securecookie host="^account\.getpebble\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?getpebble\.com/global/"
+	<rule from="^http://(?:www\.)?getpebble\.com/global/"
 		to="https://pebble.myshopify.com/global/" />
 
 	<rule from="^http://(account|developer)\.getpebble\.com/"
 		to="https://$1.getpebble.com/" />
 
-	<rule from="^https?://forums\.getpebble\.com/"
+	<rule from="^http://forums\.getpebble\.com/"
 		to="https://pebble.vanillaforums.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/PebblePad.co.uk.xml b/src/chrome/content/rules/PebblePad.co.uk.xml
new file mode 100644
index 000000000000..2a70e1b3cebb
--- /dev/null
+++ b/src/chrome/content/rules/PebblePad.co.uk.xml
@@ -0,0 +1,27 @@
+<!--
+	Mixed content:
+
+		- css on (www.)? from fonts.googleapis.com *
+		- Images on community from www.pebblepad.co.uk *
+		- favicon on (www.)? from www.pebblepad.co.uk *
+
+	* Secured by us
+
+-->
+<ruleset name="PebblePad.co.uk">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="pebblepad.co.uk" />
+	<target host="community.pebblepad.co.uk" />
+	<target host="v3.pebblepad.co.uk" />
+	<target host="www.pebblepad.co.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Peel-Region-of-Canada.xml b/src/chrome/content/rules/Peel-Region-of-Canada.xml
index 5c19ed7e4edb..ce17686e189a 100644
--- a/src/chrome/content/rules/Peel-Region-of-Canada.xml
+++ b/src/chrome/content/rules/Peel-Region-of-Canada.xml
@@ -2,9 +2,6 @@
 	<target host="peelregion.ca" />
 	<target host="www.peelregion.ca" />
 
-	<rule from="^http://(?:www\.)?peelregion\.ca/" to="https://www.peelregion.ca/" />
+	<rule from="^http:" to="https:" />
 
-	<!-- Invoking https://peelregion.ca/ produces a certificate error, so redirect
-	https://peelregion.ca/ to https://www.peelregion.ca/ -->
-	<rule from="^https://peelregion\.ca/" to="https://www.peelregion.ca/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Peepd.xml b/src/chrome/content/rules/Peepd.xml
index 6251bd49a429..0f232681631b 100644
--- a/src/chrome/content/rules/Peepd.xml
+++ b/src/chrome/content/rules/Peepd.xml
@@ -1,3 +1,7 @@
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.peepd.com/ => https://peepd.com/: (60, 'SSL certificate problem: certificate has expired')
+-->
 <ruleset name="Peepd.com (partial)">
 
 	<target host="peepd.com"/>
diff --git a/src/chrome/content/rules/Peer1.ca.xml b/src/chrome/content/rules/Peer1.ca.xml
deleted file mode 100644
index 0e750238709b..000000000000
--- a/src/chrome/content/rules/Peer1.ca.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- ^	(refused)
-		- www	(redirects to http, valid cert)
-
--->
-<ruleset name="Peer1.ca (partial)">
-
-	<target host="*.peer1.com" />
-
-
-	<securecookie host="^(?:www\.)?partners\.peer1\.ca$" name=".+" />
-
-
-	<rule from="^http://(www\.)?partners\.peer1\.ca/"
-		to="https://$1partners.peer1.ca/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Peer39.xml b/src/chrome/content/rules/Peer39.xml
index e7153cb1d402..bda730956fb6 100644
--- a/src/chrome/content/rules/Peer39.xml
+++ b/src/chrome/content/rules/Peer39.xml
@@ -9,13 +9,13 @@
 		- (www.)semanticizeme.com	(ssl_error_rx_record_too_long)
 
 -->
-<ruleset name="Peer39" default_off="mismatch">
+<ruleset name="Peer39" default_off="mismatched">
 
-	<target host="*.peer39.net" />
+	<target host="catrg.peer39.net" />
+	<target host="stags.peer39.net" />
 
 
 	<!--	Akamai	-->
-	<rule from="^http://(catrg|stags)\.peer39\.net/"
-		to="https://$1.peer39.net/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Peer5.com.xml b/src/chrome/content/rules/Peer5.com.xml
new file mode 100644
index 000000000000..5eda082c3032
--- /dev/null
+++ b/src/chrome/content/rules/Peer5.com.xml
@@ -0,0 +1,27 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .peer5.com
+
+-->
+<ruleset name="Peer5.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="peer5.com" />
+	<target host="app.peer5.com" />
+	<target host="blog.peer5.com" />
+	<target host="www.peer5.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.peer5\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.peer5\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PeerJ.com.xml b/src/chrome/content/rules/PeerJ.com.xml
new file mode 100644
index 000000000000..279fd5832e9d
--- /dev/null
+++ b/src/chrome/content/rules/PeerJ.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Problematic hosts in *peerj.com:
+
+		- blog.peerj.com *
+		- static.peerj.com *
+
+	* Mismatched
+
+-->
+<ruleset name="PeerJ.com">
+
+	<target host="peerj.com" />
+	<target host="www.peerj.com" />
+	<target host="blog.peerj.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://blog\.peerj\.com/"
+		to="https://peerj.com/blog/" />
+
+		<test url="http://blog.peerj.com/post/115284880081/peerj-section-editors/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PeerJ.xml b/src/chrome/content/rules/PeerJ.xml
deleted file mode 100644
index af2a4fd99eb8..000000000000
--- a/src/chrome/content/rules/PeerJ.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- blog	(hosted on Tumblr)
-
--->
-<ruleset name="PeerJ (partial)">
-
-	<target host="peerj.com" />
-	<target host="www.peerj.com" />
-
-
-	<securecookie host="^(?:www\.)?peerj\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?peerj\.com/"
-		to="https://$1peerj.com/$2" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/PeerLibrary.org.xml b/src/chrome/content/rules/PeerLibrary.org.xml
new file mode 100644
index 000000000000..841b06c988f0
--- /dev/null
+++ b/src/chrome/content/rules/PeerLibrary.org.xml
@@ -0,0 +1,21 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.peerlibrary.org/ => https://www.peerlibrary.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.peerlibrary.org'")
+
+	Nonfunctional subdomains:
+
+		- blog *
+
+	* Tumblr
+
+-->
+<ruleset name="PeerLibrary.org (partial)" default_off="failed ruleset test">
+
+	<target host="peerlibrary.org" />
+	<target host="www.peerlibrary.org" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PeerReach.com.xml b/src/chrome/content/rules/PeerReach.com.xml
new file mode 100644
index 000000000000..0d52924c8b74
--- /dev/null
+++ b/src/chrome/content/rules/PeerReach.com.xml
@@ -0,0 +1,33 @@
+<!--
+	Nonfunctional hosts in *peerreach.com:
+
+		- blog *
+		- dev *
+
+	* Shows www.
+
+
+	Insecure cookies are set for these hosts:
+
+		- peerreach.com
+
+-->
+<ruleset name="PeerReach.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="peerreach.com" />
+	<target host="www.peerreach.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^peerreach\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^peerreach\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PeerTransfer.com.xml b/src/chrome/content/rules/PeerTransfer.com.xml
new file mode 100644
index 000000000000..5c1ef2822ad9
--- /dev/null
+++ b/src/chrome/content/rules/PeerTransfer.com.xml
@@ -0,0 +1,65 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://info.peertransfer.com/css/mktLPSupport.css (200) => https://na-abm.marketo.com/css/mktLPSupport.css (403)
+Non-2xx HTTP code: http://info.peertransfer.com/rs/857-SYJ-051/images/ptflywirelogo.png (200) => https://na-abm.marketo.com/rs/857-SYJ-051/images/ptflywirelogo.png (403)
+
+	Nonfunctional hosts in *peertransfer.com:
+
+		- info *
+
+	* Marketo
+
+
+	Problematic hosts in *peertransfer.com:
+
+		- blog *
+		- engineering *
+
+	* Mismatched
+
+
+	Mixed content:
+
+		- css on engineering from fonts.googleapis.com *
+		- favicon on engineering from $self
+
+	* Secured by us
+
+-->
+<ruleset name="peerTransfer.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="peertransfer.com" />
+	<target host="www.peertransfer.com" />
+
+	<!--	Complications:
+				-->
+	<target host="info.peertransfer.com" />
+
+		<exclusion pattern="^http://info\.peertransfer\.com/+(?!css/|images/|rs/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://info.peertransfer.com/Case-Studies.html" />
+			<test url="http://info.peertransfer.com/Clients.html" />
+			<test url="http://info.peertransfer.com/b2b-Videos.html" />
+			<test url="http://info.peertransfer.com/student_videos.html" />
+
+			<!--	-ve:
+					-->
+			<test url="http://info.peertransfer.com/css/mktLPSupport.css" />
+			<test url="http://info.peertransfer.com/rs/857-SYJ-051/images/ptflywirelogo.png" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://info\.peertransfer\.com/"
+		to="https://na-abm.marketo.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Peercraft.xml b/src/chrome/content/rules/Peercraft.xml
deleted file mode 100644
index 73a2e19bd18a..000000000000
--- a/src/chrome/content/rules/Peercraft.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	Other Peercraft rulesets:
-
-		- Net-Safe.xml
-		- Ntacdn1.net.xml
-
--->
-<ruleset name="Peercraft">
-
-	<target host="peercraft.com" />
-	<target host="www.peercraft.com" />
-
-
-	<rule from="^http://(www\.)?peercraft\.com/"
-		to="https://$1peercraft.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Peere.org.xml b/src/chrome/content/rules/Peere.org.xml
new file mode 100644
index 000000000000..22262fc523bc
--- /dev/null
+++ b/src/chrome/content/rules/Peere.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="Peere.org" platform="mixedcontent">
+
+	<target host="peere.org" />
+	<target host="www.peere.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PeeringDB.xml b/src/chrome/content/rules/PeeringDB.xml
index e0679f7a3ba1..82be888db9c3 100644
--- a/src/chrome/content/rules/PeeringDB.xml
+++ b/src/chrome/content/rules/PeeringDB.xml
@@ -1,13 +1,13 @@
-<ruleset name="PeeringDB">
+<ruleset name="PeeringDB.com">
 
 	<target host="peeringdb.com" />
 	<target host="www.peeringdb.com" />
 
 
-	<securecookie host="^(www\.)?peeringdb\.com$" name=".*" />
+	<securecookie host="^(?:www\.)?peeringdb\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?peeringdb\.com/"
-		to="https://$1peeringdb.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Peerius.com-problematic.xml b/src/chrome/content/rules/Peerius.com-problematic.xml
index 67f274da85d2..3fa7d15ba4be 100644
--- a/src/chrome/content/rules/Peerius.com-problematic.xml
+++ b/src/chrome/content/rules/Peerius.com-problematic.xml
@@ -14,4 +14,4 @@
 	<rule from="^http://(?:www\.)?deutsch\.peerius\.com/"
 		to="https://www.deutsch.peerius.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Peerius.com.xml b/src/chrome/content/rules/Peerius.com.xml
index a5509eab24dc..d8a587747584 100644
--- a/src/chrome/content/rules/Peerius.com.xml
+++ b/src/chrome/content/rules/Peerius.com.xml
@@ -9,7 +9,7 @@
 		- (www.)	(shows another domain; expired 2013-03-30, CN: localhost.localdomain)
 
 
-	Problemaic subdomains:
+	Problematic subdomains:
 
 		- (www.)deutsch	(works; expired 2013-03-30, CN: localhost.localdomain)
 
@@ -32,4 +32,4 @@
 	<rule from="^http://(?!deutsch\.|www\.)([\w-]+)\.peerius\.com/"
 		to="https://$1.peerius.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Peersm.com.xml b/src/chrome/content/rules/Peersm.com.xml
index f91f79bd7395..c08b427966c6 100644
--- a/src/chrome/content/rules/Peersm.com.xml
+++ b/src/chrome/content/rules/Peersm.com.xml
@@ -1,18 +1,35 @@
 <!--
-	- ^: blank page, valid cert
-	- www: mismatched, CN: ssl6.ovh.net
+	- ^peersm.com: Dropped
+	- www.peersm.com: mismatched, CN: ssl6.ovh.net
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.peersm.com
 
 -->
 <ruleset name="Peersm.com" default_off="mismatched">
 
-	<target host="peersm.com" />
+	<!--	Direct rewrites:
+				-->
 	<target host="www.peersm.com" />
 
+	<!--	Complications:
+				-->
+	<target host="peersm.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.peersm\.com$" name="^mediaplan(?:BAK)?$" /-->
 
 	<securecookie host="^www\.peersm\.com$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?peersm\.com/"
+	<rule from="^http://peersm\.com/"
 		to="https://www.peersm.com/" />
 
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/Peerstudio.org.xml b/src/chrome/content/rules/Peerstudio.org.xml
new file mode 100644
index 000000000000..db43a0a20a5a
--- /dev/null
+++ b/src/chrome/content/rules/Peerstudio.org.xml
@@ -0,0 +1,11 @@
+<!--
+	Mismatched: blog.peerstudio.org [uses mixed content (CSS and JS)]
+	Refused: research.peerstudio.org
+-->
+
+<ruleset name="Peerstudio.org">
+	<target host="peerstudio.org" />
+	<target host="www.peerstudio.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Peertech.org.xml b/src/chrome/content/rules/Peertech.org.xml
new file mode 100644
index 000000000000..6f1e9f61b5ae
--- /dev/null
+++ b/src/chrome/content/rules/Peertech.org.xml
@@ -0,0 +1,14 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://peertech.org/ => https://peertech.org/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.peertech.org/ => https://www.peertech.org/: (28, 'Connection timed out after 20001 milliseconds')
+
+-->
+<ruleset name="peertech.org" default_off="failed ruleset test">
+	<target host="peertech.org" />
+	<target host="www.peertech.org" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Peff.net.xml b/src/chrome/content/rules/Peff.net.xml
new file mode 100644
index 000000000000..5edb28d58d18
--- /dev/null
+++ b/src/chrome/content/rules/Peff.net.xml
@@ -0,0 +1,16 @@
+<!--
+	Invalid certificate:
+		- www.peff.net, equivalent to peff.net
+		- a.mx.peff.net
+		- a.ns.peff.net
+-->
+
+<ruleset name="Peff.net">
+	<target host="peff.net" />
+	<target host="www.peff.net" />
+
+	<rule from="^http://www\.peff\.net/"
+		  to="https://peff.net/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Pega.xml b/src/chrome/content/rules/Pega.xml
index e30d9d7ab1ea..942ba7dda9ec 100644
--- a/src/chrome/content/rules/Pega.xml
+++ b/src/chrome/content/rules/Pega.xml
@@ -1,4 +1,9 @@
+
 <!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Fetch error: http://staging.pega.com/ => https://staging.pega.com/: (6, 'Could not resolve host: staging.pega.com')
+
 	Problematic subdomains:
 
 		- ^	(times out)
@@ -11,14 +16,8 @@
 <ruleset name="Pega (partial)">
 
 	<target host="pega.com" />
-	<target host="*.pega.com" />
-
-
-	<rule from="^https?://(?:www\.)?pega\.com/(misc/|sites/|user(?:$|\?|/))"
-		to="https://www.pega.com/$1" />
-
-	<rule from="^http://staging\.pega\.com/(sites/|user(?:$|\?|/))"
-		to="https://staging.pega.com/$1" />
-
+	<target host="www.pega.com" />
+	<!-- target host="staging.pega.com" /-->
 
-</ruleset>
\ No newline at end of file
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Pegaz_Hosting.com.xml b/src/chrome/content/rules/Pegaz_Hosting.com.xml
index 1ff8bcb9b128..51ff94745e56 100644
--- a/src/chrome/content/rules/Pegaz_Hosting.com.xml
+++ b/src/chrome/content/rules/Pegaz_Hosting.com.xml
@@ -12,7 +12,6 @@
 	<securecookie host="^secure\.pegazhosting\.com$" name=".+" />
 
 
-	<rule from="^http://secure\.pegazhosting\.com/"
-		to="https://secure.pegazhosting.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Pegelf.de.xml b/src/chrome/content/rules/Pegelf.de.xml
new file mode 100644
index 000000000000..1d247050d668
--- /dev/null
+++ b/src/chrome/content/rules/Pegelf.de.xml
@@ -0,0 +1,7 @@
+<ruleset name="Pegelf.de">
+  <target host="www.pegelf.de" />
+  <target host="pegelf.de" />
+
+  <exclusion pattern="^http://blog\.pegelf\.de/"/>
+  <rule from="^http://(?:www\.)?pegelf\.de/" to="https://pegelf.de/"/>
+</ruleset>
diff --git a/src/chrome/content/rules/Pekwm.org.xml b/src/chrome/content/rules/Pekwm.org.xml
deleted file mode 100644
index b1e765a051f9..000000000000
--- a/src/chrome/content/rules/Pekwm.org.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	Problematic subdomains:
-
-		- ^	(cert only matches *.pekwm.org)
-
--->
-<ruleset name="pekwm.org" platform="cacert">
-
-	<target host="pekwm.org" />
-	<target host="www.pekwm.org" />
-
-
-	<securecookie host="^www\.pekwm\.org$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?pekwm\.org/"
-		to="https://www.pekwm.org/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Pen_Test_Partners.com.xml b/src/chrome/content/rules/Pen_Test_Partners.com.xml
new file mode 100644
index 000000000000..3ec16d1d5d3c
--- /dev/null
+++ b/src/chrome/content/rules/Pen_Test_Partners.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="Pen Test Partners.com">
+
+	<target host="pentestpartners.com" />
+	<target host="www.pentestpartners.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Penango.xml b/src/chrome/content/rules/Penango.xml
deleted file mode 100644
index 0461386a2c6e..000000000000
--- a/src/chrome/content/rules/Penango.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<!--
-	CDN buckets
-
-		- s3.amazonaws.com/penango-website/
-
-
-	Nonfunctional subdomains:
-
-		- m
-
--->
-<ruleset name="Penango (partial)">
-
-	<target host="penango.com" />
-	<target host="*.penango.com" />
-
-
-	<securecookie host="^.+\.penango\.com$" name=".+" />
-
-
-	<rule from="^http://(bugzilla\.|www\.)?penango\.com/"
-		to="https://$1penango.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Pendle.gov.uk.xml b/src/chrome/content/rules/Pendle.gov.uk.xml
new file mode 100644
index 000000000000..ee21c255a077
--- /dev/null
+++ b/src/chrome/content/rules/Pendle.gov.uk.xml
@@ -0,0 +1,50 @@
+<!--
+	Pendle Borough Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *pendle.gov.uk:
+
+		- planning ᵈ
+
+	ᵈ Dropped
+
+
+	^pendle.gov.uk: Mismatched
+	www.pendle.gov.uk: Server sends no certificate chain, see https://whatsmychaincert.com
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- www.pendle.gov.uk
+		- .www.pendle.gov.uk
+
+-->
+<ruleset name="Pendle.gov.uk" default_off="cert-chain">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.pendle.gov.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="pendle.gov.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.pendle\.gov\.uk$" name="^\w{16}$" /-->
+	<!--securecookie host="^\.www\.pendle\.gov\.uk$" name="^TestCookie$" /-->
+
+	<securecookie host="^\w" name=".+" />
+	<securecookie host="^\.www\." name=".+" />
+
+
+	<rule from="^http://pendle\.gov\.uk/"
+		to="https://www.pendle.gov.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Penfold_Golf.xml b/src/chrome/content/rules/Penfold_Golf.xml
index c1077d452ac0..a45fa1b77455 100644
--- a/src/chrome/content/rules/Penfold_Golf.xml
+++ b/src/chrome/content/rules/Penfold_Golf.xml
@@ -1,13 +1,12 @@
 <ruleset name="Penfold Golf">
 
 	<target host="penfoldgolf.com" />
-	<target host="*.penfoldgolf.com" />
+	<target host="www.penfoldgolf.com" />
 
 
 	<securecookie host="^(?:\.?www)?\.penfoldgolf\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?penfoldgolf\.com/"
-		to="https://$1penfoldgolf.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/PengPod.com.xml b/src/chrome/content/rules/PengPod.com.xml
index 35c3da5de189..f0964c952ed4 100644
--- a/src/chrome/content/rules/PengPod.com.xml
+++ b/src/chrome/content/rules/PengPod.com.xml
@@ -1,13 +1,16 @@
-<ruleset name="PengPod.com">
+<!--
+	(www.)?: Refused
+
+-->
+<ruleset name="PengPod.com" default_off="refused">
 
 	<target host="pengpod.com" />
-	<target host="*.pengpod.com" />
+	<target host="www.pengpod.com" />
 
 
-	<securecookie host="^(?:.*\.)?pengpod\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(www\.)?pengpod\.com/"
-		to="https://$1pengpod.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/PenguinWebHosting.xml b/src/chrome/content/rules/PenguinWebHosting.xml
index e01c9fb1311a..9923b619633e 100644
--- a/src/chrome/content/rules/PenguinWebHosting.xml
+++ b/src/chrome/content/rules/PenguinWebHosting.xml
@@ -1,25 +1,28 @@
-<ruleset name="PenguinWebHosting (partial)" platform="mixedcontent">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://pcicomplianthosting.com/ => https://pcicomplianthosting.com/: (51, "SSL: no alternative certificate subject name matches target host name 'pcicomplianthosting.com'")
+Fetch error: http://penguinwebhosting.com/ => https://www.pcicomplianthosting.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.pcicomplianthosting.com'")
+
+-->
+<ruleset name="PenguinWebHosting (partial)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="pcicomplianthosting.com" />
-	<target host="*.pcicomplianthosting.com" />
+	<target host="www.pcicomplianthosting.com" />
 	<target host="ssl134.penguinhost.net" />
 	<target host="penguinwebhosting.com" />
-	<target host="*.penguinwebhosting.com" />
+	<target host="www.penguinwebhosting.com" />
+	<target host="secure.penguinwebhosting.com" />
 
 
-	<rule from="^http://(www\.)?pcicomplianthosting\.com/"
-		to="https://$1pcicomplianthosting.com/" />
 
-	<rule from="^http://ssl134\.penguinhost\.net/"
-		to="https://ssl134.penguinhost.net/" />
 
 	<!--	- Cert only mathes pcicomplianthosting.com
 		- Redirects like so
 					-->
-	<rule from="^https?://(?:www\.)?penguinwebhosting\.com/"
+	<rule from="^http://(?:www\.)?penguinwebhosting\.com/"
 		to="https://www.pcicomplianthosting.com/" />
 
-	<rule from="^http://secure\.penguinwebhosting\.com/"
-		to="https://secure.penguinwebhosting.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Peninsula-College-of-Medicine-and-Dentistry.xml b/src/chrome/content/rules/Peninsula-College-of-Medicine-and-Dentistry.xml
index 5caf941cfedc..09636c5035aa 100644
--- a/src/chrome/content/rules/Peninsula-College-of-Medicine-and-Dentistry.xml
+++ b/src/chrome/content/rules/Peninsula-College-of-Medicine-and-Dentistry.xml
@@ -1,8 +1,15 @@
 <!--
 	A joint college of both Exeter and Plymouth Universities.
 
+	Nonfunctional subdomains:
+
+		- (www.)? *
+		- hr *
+
+	* Refused
+
 -->
-<ruleset name="Peninsula College of Medicine &amp; Dentistry (partial)">
+<ruleset name="Peninsula College of Medicine &amp; Dentistry (partial)" default_off="refused">
 
 	<target host="pcmd.ac.uk" />
 	<target host="*.pcmd.ac.uk" />
@@ -10,7 +17,7 @@
 		<exclusion pattern="^http://pdsdef\." />
 
 
-	<securecookie host="^(.*\.)?pcmd\.ac\.uk$" name=".*" />
+	<securecookie host=".+" name=".+" />
 
 
 	<!--	Encountered subdomains:
diff --git a/src/chrome/content/rules/Peninsula-Lib-Sys.xml b/src/chrome/content/rules/Peninsula-Lib-Sys.xml
index c553980adf11..5e27674ea02c 100644
--- a/src/chrome/content/rules/Peninsula-Lib-Sys.xml
+++ b/src/chrome/content/rules/Peninsula-Lib-Sys.xml
@@ -3,8 +3,8 @@
 	<target host="ezproxy.plsinfo.org" />
 	<target host="plsiii.plsinfo.org" />
 
-	<securecookie host="^(catalog|ezproxy)\.plsinfo\.org$" name=".+" />
+	<securecookie host="^(?:catalog|ezproxy)\.plsinfo\.org$" name=".+" />
 
 	<rule from="^http://(catalog|ezproxy)\.plsinfo\.org/" to="https://$1.plsinfo.org/" />
 	<rule from="^http://plsiii\.plsinfo\.org/" to="https://catalog.plsinfo.org/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Pennsylvania-State-University.xml b/src/chrome/content/rules/Pennsylvania-State-University.xml
index bf803d2f0bdd..67581d52f247 100644
--- a/src/chrome/content/rules/Pennsylvania-State-University.xml
+++ b/src/chrome/content/rules/Pennsylvania-State-University.xml
@@ -1,4 +1,7 @@
 <!--
+	Pennsylvania State University
+
+
 	d39tyngrchxzcn.cloudfront.net
 		- Equivalent to www.worldcampus.psu.edu
 
@@ -45,40 +48,61 @@
 
 		- blogs		(http & https data differ)
 		- www.cse	(personal spaces 404)
+		- e-education ³
 
--->
-<ruleset name="Pennsylvania State University (partial)">
+	³ Cert only matches www.e-education
 
-	<target host="*.psu.edu" />
-		<exclusion pattern="^http://blogs\.psu\.edu/(?!mt4/)" />
-		<exclusion pattern="^http://www\.cse\.psu\.edu/~" />
-	<target host="www.*.psu.edu" />
+-->
+<ruleset name="PSU.edu (partial)">
+
+	<target host="e-education.psu.edu" />
+	<target host="libraries.psu.edu" />
+	<target host="worldcampus.psu.edu" />
+	<target host="www.e-education.psu.edu" />
+	<target host="www.libraries.psu.edu" />
+	<target host="www.worldcampus.psu.edu" />
+	<target host="apps.libraries.psu.edu" />
+	<target host="secureapps.libraries.psu.edu" />
+	<target host="alumni.psu.edu" />
+	<target host="blogs.psu.edu" />
+	<target host="cms.psu.edu" />
+	<target host="www.cse.psu.edu" />
+	<target host="elion.psu.edu" />
 	<target host="citeseerx.ist.psu.edu" />
-	<target host="*.libraries.psu.edu" />
+	<target host="cat.libraries.psu.edu" />
+	<target host="ill.libraries.psu.edu" />
 	<target host="elionfacadv.oas.psu.edu" />
+	<target host="outreach.psu.edu" />
 	<target host="appnew.outreach.psu.edu" />
+	<target host="www.outreach.psu.edu" />
+	<target host="portal.psu.edu" />
+	<target host="webaccess.psu.edu" />
+	<target host="webmail.psu.edu" />
+		<exclusion pattern="^http://blogs\.psu\.edu/(?!mt4/)" />
+		<exclusion pattern="^http://www\.cse\.psu\.edu/~" />
+	<!--	At least some paths redirect to http.	-->
+		<exclusion pattern="^http://citeseerx\.ist\.psu\.edu/(?!mcsutils/newAccount|myciteseer/login)" />
 
 
-	<securecookie host="^(?:cms|elion(?:facadv\.oas)?|secureapps\.libraries|appnew\.outreach|webaccess)\.psu\.edu$" name=".*" />
-
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.e-education\.psu\.edu$" name="^SESS[\da-f]{32}$" /-->
 
-	<rule from="^http://(alumni|blogs|cms|www\.cse|elion|(?:cat|ill)\.libraries|elionfacadv\.oas|(?:(?:appnew|www)\.)?outreach|portal|webaccess|webmail)\.psu\.edu/"
-		to="https://$1.psu.edu/" />
+	<securecookie host="^(?:cms|\.e-education|elion(?:facadv\.oas)?|secureapps\.libraries|appnew\.outreach|webaccess)\.psu\.edu$" name=".+" />
 
-	<!--	At least some paths redirect to http.	-->
-	<rule from="^http://citeseerx\.ist\.psu\.edu/m(csutils/newAccount|yciteseer/login)"
-		to="https://citeseerx.ist.psu.edu/m$1" />
 
 	<!--	- Certs don't match !www.
 		- //libraries redirects to www.libraries
 					-->
-	<rule from="^https?://(?:www\.)?(libraries|worldcampus)\.psu\.edu/"
+	<rule from="^http://(?:www\.)?(e-education|libraries|worldcampus)\.psu\.edu/"
 		to="https://www.$1.psu.edu/" />
 
 	<!--	- Cert only matches secureapps
 		- apps redirects to secureapps
 					-->
-	<rule from="^https://(?:secure)?apps\.libraries\.psu\.edu/"
+	<rule from="^http://(?:secure)?apps\.libraries\.psu\.edu/"
 		to="https://secureapps.libraries.psu/" />
 
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Pennsylvania_Association_for_Justice.xml b/src/chrome/content/rules/Pennsylvania_Association_for_Justice.xml
index 48dbb64f751f..d7a9bc60bbf3 100644
--- a/src/chrome/content/rules/Pennsylvania_Association_for_Justice.xml
+++ b/src/chrome/content/rules/Pennsylvania_Association_for_Justice.xml
@@ -1,13 +1,12 @@
-<ruleset name="Pennsylvania Association for Justice">
+<ruleset name="Pennsylvania Association for Justice" default_off="mismatched">
 
 	<target host="pajustice.org" />
-	<target host="*.pajustice.org" />
-
+	<target host="eseries.pajustice.org" />
+	<target host="www.pajustice.org" />
 
 	<securecookie host="^.+\.pajustice\.org$" name=".+" />
 
 
-	<rule from="^http://(eseries\.|www\.)?pajustice\.org/"
-		to="https://$1pajustice.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Pentabarf.xml b/src/chrome/content/rules/Pentabarf.xml
deleted file mode 100644
index e5d2774db42b..000000000000
--- a/src/chrome/content/rules/Pentabarf.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	- Expired 2012-01-14
-	- www: cert only matches ^pentabarf.org
-
--->
-<ruleset name="Pentabarf" default_off="expired" platform="cacert">
-
-	<target host="pentabarf.org" />
-	<target host="www.pentabarf.org" />
-
-
-	<securecookie host="^pentabarf\.org$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?pentabarf\.org/"
-		to="https://pentabarf.org/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Pentest_Geek.com.xml b/src/chrome/content/rules/Pentest_Geek.com.xml
new file mode 100644
index 000000000000..4da345a5d816
--- /dev/null
+++ b/src/chrome/content/rules/Pentest_Geek.com.xml
@@ -0,0 +1,31 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://pentestgeek.com/ => https://pentestgeek.com/: (51, "SSL: no alternative certificate subject name matches target host name 'pentestgeek.com'")
+
+	Mixed content:
+
+		- css from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Pentest Geek.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="pentestgeek.com" />
+	<target host="www.pentestgeek.com" />
+
+		<!--	Mixed stylesheet:
+						-->
+		<test url="http://www.pentestgeek.com/ptgforums/" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Pentestit.ru.xml b/src/chrome/content/rules/Pentestit.ru.xml
new file mode 100644
index 000000000000..4148365c6de3
--- /dev/null
+++ b/src/chrome/content/rules/Pentestit.ru.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- www.pentestit.ru
+
+-->
+<ruleset name="Pentestit.ru">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="pentestit.ru" />
+	<target host="lab.pentestit.ru" />
+	<target host="www.pentestit.ru" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.pentestit\.ru$" name="^(?:XSRF-TOKEN|laravel_session)$" /-->
+
+	<securecookie host="^www\.pentestit\.ru$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Pentestmag.com.xml b/src/chrome/content/rules/Pentestmag.com.xml
new file mode 100644
index 000000000000..43002392edf0
--- /dev/null
+++ b/src/chrome/content/rules/Pentestmag.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .pentestmag.com
+
+-->
+<ruleset name="pentestmag.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="pentestmag.com" />
+	<target host="www.pentestmag.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.pentestmag\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.pentestmag\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Penton_Media.xml b/src/chrome/content/rules/Penton_Media.xml
index 0a39f70ea013..1244e2f8a984 100644
--- a/src/chrome/content/rules/Penton_Media.xml
+++ b/src/chrome/content/rules/Penton_Media.xml
@@ -1,7 +1,6 @@
 <!--
 	Other Penton Media rulesets:
 
-		- Windows_IT_Pro.xml
 
 
 	Nonfunctional domains:
@@ -18,7 +17,7 @@
 <ruleset name="Penton Media (partial)">
 
 	<target host="metrics.penton.com" />
-	<target host="*.pentontech.com" />
+	<target host="images.tech.pentontech.com" />
 		<exclusion pattern="^http://tech\.pentontech\.com/(?!eloquaimages/)" />
 	<target host="metrics.pisces-penton.com" />
 
@@ -28,10 +27,10 @@
 	<securecookie host="^\.penton\.com$" name="^s_vi$" />
 
 
-	<rule from="^https?://metrics\.(?:pisces-)?penton\.com/"
+	<rule from="^http://metrics\.(?:pisces-)?penton\.com/"
 		to="https://pentonmedia.122.2o7.net/" />
 
-	<rule from="^https?://(?:images\.)?tech\.pentontech\.com/"
+	<rule from="^http://(?:images\.)?tech\.pentontech\.com/"
 		to="https://secure.eloqua.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/People.com.xml b/src/chrome/content/rules/People.com.xml
new file mode 100644
index 000000000000..445234e205c0
--- /dev/null
+++ b/src/chrome/content/rules/People.com.xml
@@ -0,0 +1,14 @@
+<!--
+	For other Time Inc coverage, see Time_Inc.xml.
+
+	Redirects to HTTP:
+		- celebritybabies
+-->
+<ruleset name="People.com (partial)">
+	<target host="people.com" />
+	<target host="www.people.com" />
+	<target host="backissues.people.com" />
+	<target host="subscription.people.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PeopleFluent.com.xml b/src/chrome/content/rules/PeopleFluent.com.xml
new file mode 100644
index 000000000000..4c0f22f9fc3d
--- /dev/null
+++ b/src/chrome/content/rules/PeopleFluent.com.xml
@@ -0,0 +1,49 @@
+<!--
+	Other PeopleFluent rulesets:
+
+		- Peopleclick.com.xml
+
+
+	Nonfunctional subdomains:
+
+		- network *
+
+	* wpengine
+
+
+	(www.)?: Mismatched
+
+
+	Fully covered subdomains:
+
+		- customers
+		- idp
+
+
+	These altnames don't exist:
+
+		- www.customers.peoplefluent.com
+		- www.idp.peoplefluent.com
+
+-->
+<ruleset name="PeopleFluent.com (partial)">
+
+	<!--target host="peoplefluent.com" /-->
+	<target host="customers.peoplefluent.com" />
+	<target host="idp.peoplefluent.com" />
+	<!--target host="www.peoplefluent.com" /-->
+
+		<!--exclusion pattern="^http://network\.peoplefluent\.com/" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.peoplefluent\.com$" name="^SESS[0-9a-f]{32}$" /-->
+
+	<!--securecookie host="^\.peoplefluent\.com$" name=".+" /-->
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PeopleStrategy.com.xml b/src/chrome/content/rules/PeopleStrategy.com.xml
new file mode 100644
index 000000000000..f08138334da9
--- /dev/null
+++ b/src/chrome/content/rules/PeopleStrategy.com.xml
@@ -0,0 +1,17 @@
+<!--
+	(www.)?peoplestrategy.com: Refused
+
+-->
+<ruleset name="PeopleStrategy.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="pstprod.peoplestrategy.com" />
+	<target host="inquirehire.pstprod.peoplestrategy.com" />
+	<target host="pscorp.pstprod.peoplestrategy.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Peopleclick.com-falsemixed.xml b/src/chrome/content/rules/Peopleclick.com-falsemixed.xml
new file mode 100644
index 000000000000..3d47262143c6
--- /dev/null
+++ b/src/chrome/content/rules/Peopleclick.com-falsemixed.xml
@@ -0,0 +1,15 @@
+<!--
+	For rules not causing false/broken MCB, see Peopleclick.com.xml.
+
+-->
+<ruleset name="Peopleclick.com (false MCB)" platform="mixedcontent">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="careers.peopleclick.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Peopleclick.com.xml b/src/chrome/content/rules/Peopleclick.com.xml
new file mode 100644
index 000000000000..e2f010330353
--- /dev/null
+++ b/src/chrome/content/rules/Peopleclick.com.xml
@@ -0,0 +1,58 @@
+<!--
+	For rules causing false/broken MCB, see Peopleclick.com-falsemixed.xml.
+
+	For other PeopleFluent coverage, see PeopleFluent.com.xml.
+
+
+	Problematic subdomains:
+
+		- careers *
+
+	* Mixed css from $self
+
+
+	These altnames don't exist:
+
+		- www.saml.peopleclick.com
+
+
+	Mixed content:
+
+		- css on careers from $self *
+
+		- Images on careers from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Peopleclick.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="peopleclick.com" />
+	<target host="careers.peopleclick.com" />
+	<target host="saml.peopleclick.com" />
+	<target host="www.peopleclick.com" />
+
+		<!--	Avoid false/broken MCB:
+						-->
+		<exclusion pattern="^http://careers\.peopleclick\.com/+(?!content/)" />
+
+			<test url="http://careers.peopleclick.com/careerscp/client_dowcorning/external/search.do" />
+			<test url="http://careers.peopleclick.com/careerscp/client_nxp/external/search.do" />
+
+			<!--	-ve:
+					-->
+			<test url="http://careers.peopleclick.com/content/live/default/images/nav_gradient.gif" />
+
+
+	<!--	Secured by server:
+					-->
+	<!--securecookie host="^careers\.peopleclick\.com$" name="^JSESSIONID$" /-->
+	<!--securecookie host="^saml\.peopleclick\.com$" name="^PF$" /-->
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PeoplesChoiceCU.com.au.xml b/src/chrome/content/rules/PeoplesChoiceCU.com.au.xml
new file mode 100644
index 000000000000..62724e60035d
--- /dev/null
+++ b/src/chrome/content/rules/PeoplesChoiceCU.com.au.xml
@@ -0,0 +1,8 @@
+<ruleset name="People's Choice Credit Union">
+	<target host="www.peopleschoicecu.com.au" />
+	<target host="peopleschoicecu.com.au" />
+	<target host="www2.peopleschoicecu.com.au" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Peoples_Choice_Awards.xml b/src/chrome/content/rules/Peoples_Choice_Awards.xml
index 2c27106edae1..a3751970a902 100644
--- a/src/chrome/content/rules/Peoples_Choice_Awards.xml
+++ b/src/chrome/content/rules/Peoples_Choice_Awards.xml
@@ -15,11 +15,12 @@
 <ruleset name="People's Choice Awards">
 
 	<target host="peopleschoice.com" />
-	<target host="*.peopleschoice.com" />
+	<target host="cdn.peopleschoice.com" />
+	<target host="www.peopleschoice.com" />
 		<exclusion pattern="^http://(?:cdn\.|www\.)?peopleschoice\.com/(?!pca/(?:css/|img/|login\.jsp|register\.jsp))" />
 
 
-	<rule from="^https?://(?:cdn\.|(www\.))?peopleschoice\.com/"
+	<rule from="^http://(?:cdn\.|(www\.))?peopleschoice\.com/"
 		to="https://$1peopleschoice.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/PepperJam_Exchange.xml b/src/chrome/content/rules/PepperJam_Exchange.xml
index 56704bdcf90b..dbe04d8f3e6c 100644
--- a/src/chrome/content/rules/PepperJam_Exchange.xml
+++ b/src/chrome/content/rules/PepperJam_Exchange.xml
@@ -15,16 +15,13 @@
 <ruleset name="PepperJam Exchange (partial)">
 
 	<target host="pepperjamnetwork.com" />
-	<target host="*.pepperjamnetwork.com" />
+	<target host="www.pepperjamnetwork.com" />
+	<target host="media.pepperjamnetwork.com" />
 
 
 	<securecookie host="^www\.pepperjamnetwork\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?pepperjamnetwork\.com/"
-		to="https://$1pepperjamnetwork.com/" />
-
-	<rule from="^https?://media\.pepperjamnetwork\.com/"
-		to="https://s3.amazonaws.com/media.pepperjamnetwork.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Pepperfish.xml b/src/chrome/content/rules/Pepperfish.xml
index 01036b820db5..6f0e321a5f36 100644
--- a/src/chrome/content/rules/Pepperfish.xml
+++ b/src/chrome/content/rules/Pepperfish.xml
@@ -1,15 +1,24 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://secure.pepperfish.net/ => https://secure.pepperfish.net/: (7, 'Failed to connect to secure.pepperfish.net port 443: Connection refused')
+
+-->
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://secure.pepperfish.net/ => https://secure.pepperfish.net/: (28, 'Connection timed out after 10000 milliseconds')
+
 	Nonfunctional subdomains:
 
 		- (www.)	(400; mismatched, CN: secure.pepperfish.net)
 
 -->
-<ruleset name="Pepperfish (partial)">
+<ruleset name="Pepperfish (partial)" default_off="failed ruleset test">
 
 	<target host="secure.pepperfish.net" />
 
 
-	<rule from="^http://secure\.pepperfish\.net/"
-		to="https://secure.pepperfish.net/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Perceptive-Pixel.xml b/src/chrome/content/rules/Perceptive-Pixel.xml
index ca408d138362..cb99921b190d 100644
--- a/src/chrome/content/rules/Perceptive-Pixel.xml
+++ b/src/chrome/content/rules/Perceptive-Pixel.xml
@@ -1,17 +1,17 @@
-<ruleset name="Perceptive Pixel" default_off="mismatch">
+<ruleset name="Perceptive Pixel" default_off="mismatched">
 
 	<!--	Cert: *.worldsecuresystems.com	-->
 	<target host="perceptivepixel.com" />
 	<!--	* for cross-domain cookies.	-->
-	<target host="*.perceptivepixel.com" />
+	<target host="www.perceptivepixel.com" />
 
 
-	<securecookie host="^.*\.perceptivepixel\.com$" name=".*" />
+	<securecookie host="^.*\.perceptivepixel\.com$" name=".+" />
 
 
 	<!--	!www 301s to www.
 					-->
-	<rule from="^https?://(?:www\.)?perceptivepixel\.com/"
+	<rule from="^http://(?:www\.)?perceptivepixel\.com/"
 		to="https://www.perceptivepixel.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Percona.xml b/src/chrome/content/rules/Percona.xml
index a467073fd754..a991b949bd00 100644
--- a/src/chrome/content/rules/Percona.xml
+++ b/src/chrome/content/rules/Percona.xml
@@ -1,39 +1,61 @@
-<!--
-	Nonfunctional subdomains:
 
-		- forum		(shows www)
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://customers.percona.com/ => https://customers.percona.com/: Too many redirects while fetching 'https://customers.percona.com/'
 
+	Problematic hosts in *percona.com:
 
-	Problematic subdomains:
+		- forum ¹
+		- mysql101 ²
 
-		- form		(mismatched, CN: *.marketo.com)
+	¹ Refused
+	² Mismatched
 
 
-	Partially covered subdomains:
+	Insecure cookies are set for these hosts:
 
-		- form		(→ na-n.marketo.com)
+		- customers.percona.com
+		- form.percona.com
+		- www.percona.com
 
+-->
+<ruleset name="Percona.com (partial)" default_off="failed ruleset test">
 
-	Fully covered subdomains:
+	<!--	Direct rewrites:
+				-->
+	<target host="percona.com" />
+	<target host="customers.percona.com" />
+	<target host="form.percona.com" />
+	<target host="s0.percona.com" />
+	<target host="s1.percona.com" />
+	<target host="s2.percona.com" />
+	<target host="s3.percona.com" />
+	<target host="tools.percona.com" />
+	<target host="www.percona.com" />
 
-		- (www.)
-		- customers
-		- s[0-3]
+	<!--	Complications:
+				-->
+	<target host="forum.percona.com" />
 
--->
-<ruleset name="Percona (partial)">
 
-	<target host="percona.com" />
-	<target host="*.percona.com" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^customers\.percona\.com$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^form\.percona\.com$" name="^BIGipServer" /-->
+	<!--securecookie host="^www\.percona\.com$" name="^bb(?:lastactivity|lastvisit|sessionhash)$" /-->
 
+	<securecookie host="^\w" name=".+" />
 
-	<securecookie host="^customers\.percona\.com$" name=".+" />
 
+	<!--	Redirect drops path and forward
+		slash, but not args:
+					-->
+	<rule from="^http://forum\.percona\.com/[^?]*"
+		to="https://www.percona.com/forums/" />
 
-	<rule from="^https?://form\.percona\.com/(cs|image|r)s/"
-		to="https://na-n.marketo.com/$1s/" />
+		<test url="http://forum.percona.com//index.php?foo" />
 
-	<rule from="^http://(customers\.|s\d\.|www\.)?percona\.com/"
-		to="https://$1percona.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/PerfectPixel.de.xml b/src/chrome/content/rules/PerfectPixel.de.xml
new file mode 100644
index 000000000000..b3d5368cc236
--- /dev/null
+++ b/src/chrome/content/rules/PerfectPixel.de.xml
@@ -0,0 +1,12 @@
+<!--
+	Invalid Certificate:
+		voice.perfectpixel.de
+-->
+<ruleset name="PerfectPixel.de">
+	<target host="perfectpixel.de" />
+	<target host="www.perfectpixel.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Perfect_Audience.xml b/src/chrome/content/rules/Perfect_Audience.xml
index ec2c8e89817d..03c9d17e7fa0 100644
--- a/src/chrome/content/rules/Perfect_Audience.xml
+++ b/src/chrome/content/rules/Perfect_Audience.xml
@@ -14,33 +14,39 @@
 
 	Problematic subdomains:
 
+		- ads ¹
 		- blog		(redirects to http, mismatched)
-		- support	(uservoice)
+		- support ¹
+
+	¹ Mismatched
 
 
 	Fully covered subdomains:
 
 		- (www.)
+		- ads		(→ ib.adnxs.com)
 		- app
 		- tag
 
 -->
-<ruleset name="Perfect Audience">
+<ruleset name="Perfect Audience.com">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="perfectaudience.com" />
-	<target host="*.perfectaudience.com" />
+	<target host="app.perfectaudience.com" />
+	<target host="tag.perfectaudience.com" />
+	<target host="www.perfectaudience.com" />
 
+	<!--	Complications:
+				-->
+	<target host="ads.perfectaudience.com" />
 
 	<securecookie host="^www\.perfectaudience\.com$" name=".+" />
 
+	<rule from="^http://ads\.perfectaudience\.com/"
+		to="https://ib.adnxs.com/" />
 
-	<rule from="^http://((?:app|tag|www)\.)?perfectaudience\.com/"
-		to="https://$1perfectaudience.com/" />
-
-	<!--	Protocol-relative links to blog
-		exist on perfectaudienc:
-						-->
-	<rule from="^https?://blog\.perfectaudience\.com/"
-		to="https://perfectaudienc.wpengine.com/" />
-
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Perfect_Market.com-problematic.xml b/src/chrome/content/rules/Perfect_Market.com-problematic.xml
index 9bc8c288b92a..7a655f9c4e6f 100644
--- a/src/chrome/content/rules/Perfect_Market.com-problematic.xml
+++ b/src/chrome/content/rules/Perfect_Market.com-problematic.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(?:www\.)?perfectmarket\.com/"
 		to="https://perfectmarket.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Perfect_Market.com.xml b/src/chrome/content/rules/Perfect_Market.com.xml
index ab2ea3256bf3..fd9f304fef60 100644
--- a/src/chrome/content/rules/Perfect_Market.com.xml
+++ b/src/chrome/content/rules/Perfect_Market.com.xml
@@ -15,10 +15,10 @@
 -->
 <ruleset name="Perfect Market.com (partial)">
 
-	<target host="*.perfectmarket.com" />
+	<target host="vault.perfectmarket.com" />
+	<target host="widget.perfectmarket.com" />
 
 
-	<rule from="^http://(vault|widget)\.perfectmarket\.com/"
-		to="https://$1.perfectmarket.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Perfect_Money.is.xml b/src/chrome/content/rules/Perfect_Money.is.xml
new file mode 100644
index 000000000000..e8e0a85298bf
--- /dev/null
+++ b/src/chrome/content/rules/Perfect_Money.is.xml
@@ -0,0 +1,29 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- perfectmoney.is
+		- www.perfectmoney.is
+
+-->
+<ruleset name="Perfect Money.is">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="perfectmoney.is" />
+	<target host="www.perfectmoney.is" />
+
+		<test url="http://perfectmoney.is/img/rates/21.graph?" />
+		<test url="http://www.perfectmoney.is/img/rates/21.graph?" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?perfectmoney\.is$" name="^pmc$" /-->
+
+	<securecookie host="^(?:www\.)?perfectmoney\.is$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Perfect_Money.xml b/src/chrome/content/rules/Perfect_Money.xml
index ca5b9a87e8c8..54aa1da94ce3 100644
--- a/src/chrome/content/rules/Perfect_Money.xml
+++ b/src/chrome/content/rules/Perfect_Money.xml
@@ -7,7 +7,6 @@
 	<securecookie host="^(?:www\.)?perfectmoney\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?perfectmoney\.com/"
-		to="https://$1perfectmoney.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Perfect_Sense_Digital.xml b/src/chrome/content/rules/Perfect_Sense_Digital.xml
index 48b1bda9c3b9..8fe7ebd2e71c 100644
--- a/src/chrome/content/rules/Perfect_Sense_Digital.xml
+++ b/src/chrome/content/rules/Perfect_Sense_Digital.xml
@@ -19,4 +19,4 @@
 	<rule from="^http://cdn\.psddev\.com/"
 		to="https://d1xlwtusml8gh6.cloudfront.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Perform.xml b/src/chrome/content/rules/Perform.xml
deleted file mode 100644
index 8a804e53397f..000000000000
--- a/src/chrome/content/rules/Perform.xml
+++ /dev/null
@@ -1,29 +0,0 @@
-<!--
-
-	Nonfunctional domains:
-
-		- www.performgroup.co.uk		(502, akamai)
-
-		- performgroup.com subdomains:
-
-			- eplayer
-			- images.eplayer	(503, akamai)
-			- graduates
-			- investors
-			- www
-
-
-	Problematic domains:
-
-		email.performgroup.com		(mismatched, CN: *.communicatoremail.com)
-
--->
-<ruleset name="Perform (partial)">
-
-	<target host="*.performgroup.com" />
-
-
-	<rule from="^http://(autodiscover|cms|legacy|webmail)\.performgroup\.com/"
-		to="https://$1.performgroup.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/PerformGroup.com.xml b/src/chrome/content/rules/PerformGroup.com.xml
new file mode 100644
index 000000000000..90c4dff6a321
--- /dev/null
+++ b/src/chrome/content/rules/PerformGroup.com.xml
@@ -0,0 +1,19 @@
+<!--
+	Non-functional hosts
+		Timeout was reached:
+		- graduates.performgroup.com
+		- legacy.performgroup.com
+
+		SSL peer certificate was not OK:
+		- performgroup.com
+		- www.performgroup.com
+		- eplayer.performgroup.com
+		- images.eplayer.performgroup.com
+-->
+<ruleset name="PerformGroup.com (partial)">
+	<target host="autodiscover.performgroup.com" />
+	<target host="cms.performgroup.com" />
+	<target host="webmail.performgroup.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Performable.com.xml b/src/chrome/content/rules/Performable.com.xml
index 7cec3f300b52..bd8dd0418c4f 100644
--- a/src/chrome/content/rules/Performable.com.xml
+++ b/src/chrome/content/rules/Performable.com.xml
@@ -1,4 +1,10 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://analytics.performable.com/ => https://analytics.performable.com/: (6, 'Could not resolve host: analytics.performable.com')
+
+Automatically by https-everywhere-checker because:
+Fetch error: http://analytics.performable.com/ => https://analytics.performable.com/: (60, 'SSL certificate problem: certificate has expired')
 	CDN buckets:
 
 		- d2f7h8c8hc0u7y.cloudfront.net
@@ -7,12 +13,11 @@
 	Web bugs.
 
 -->
-<ruleset name="Performable.com">
+<ruleset name="Performable.com" default_off="failed ruleset test">
 
 	<target host="analytics.performable.com" />
 
 
-	<rule from="^http://analytics\.performable\.com/"
-		to="https://analytics.performable.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Performance-Horizon-Group.xml b/src/chrome/content/rules/Performance-Horizon-Group.xml
index 6bb3f329eec3..494ef2335ed7 100644
--- a/src/chrome/content/rules/Performance-Horizon-Group.xml
+++ b/src/chrome/content/rules/Performance-Horizon-Group.xml
@@ -4,18 +4,17 @@
 	<target host="www.performancehorizon.com" />
 	<target host="prf.hn" />
 	<!--	* for cross-domain cookie.	-->
-	<target host="*.prf.hn" />
+	<target host="www.prf.hn" />
 
 
-	<securecookie host="^\.prf\.hn$" name=".*" />
+	<securecookie host="^\.prf\.hn$" name=".+" />
 
 
-	<rule from="^http://(www\.)?performancehorizon\.com/"
-		to="https://$1performancehorizon.com/" />
 
 	<!--	Cert doesn't match www.
 		Included on 3rd-party websites.	-->
-	<rule from="^https?://(?:www\.)?prf\.hn/"
+	<rule from="^http://(?:www\.)?prf\.hn/"
 		to="https://prf.hn/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Performance-PCs.com.xml b/src/chrome/content/rules/Performance-PCs.com.xml
new file mode 100644
index 000000000000..6f6f2fb0b579
--- /dev/null
+++ b/src/chrome/content/rules/Performance-PCs.com.xml
@@ -0,0 +1,18 @@
+<!--
+	Mismatched:
+		- mail (CN: www.performance-pcs.com)
+		- postal (CN: mandrillapp.com)
+		- smtp (CN: www.performance-pcs.com)
+
+	SHA-1 certificate:
+		- remote
+-->
+
+<ruleset name="Performance-PCs.com">
+	<target host="performance-pcs.com" />
+	<target host="www.performance-pcs.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Performance.gov.xml b/src/chrome/content/rules/Performance.gov.xml
new file mode 100644
index 000000000000..d09852c0865e
--- /dev/null
+++ b/src/chrome/content/rules/Performance.gov.xml
@@ -0,0 +1,64 @@
+<!--
+
+
+	Nonfunctional hosts in *performance.gov:
+
+		- acquisition ¹
+		- archive ¹
+		- archive-acquisition ¹
+		- archive-customerservice ¹
+		- archive-finance ¹
+		- archive-hr ¹
+		- archive-opengov ¹
+		- archive-sustainability ¹
+		- archive-technology ¹
+		- customerservice ¹
+		- finance ¹
+		- goals ¹
+		- staging.goals ²
+		- opengov ¹
+		- sustainability ¹
+		- technology ¹
+		- www ¹
+
+	¹ Redirects to http
+	² 401
+
+
+	Problematic hosts in *performance.gov:
+
+		- permits ¹ ²
+		- staging ³
+
+	¹ Expired
+	² Mismatched
+	³ Akamai/mismatched
+
+
+	These altnames don't exist:
+
+		- www.learn.performance.gov
+
+-->
+<ruleset name="Performance.gov (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="cms.permits.performance.gov" />
+	<target host="www.permits.performance.gov" />
+
+	<!--	Complications:
+				-->
+	<target host="permits.performance.gov" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://permits\.performance\.gov/"
+		to="https://www.permits.performance.gov/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Performance_Alley_Racing.xml b/src/chrome/content/rules/Performance_Alley_Racing.xml
deleted file mode 100644
index b9d302f016c2..000000000000
--- a/src/chrome/content/rules/Performance_Alley_Racing.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- blog
-
--->
-<ruleset name="Performance Alley Racing (partial)">
-
-	<target host="performancealley.com" />
-	<target host="*.performancealley.com" />
-
-
-	<securecookie host="^(?:.*\.)?performancealley\.com$" name=".+" />
-
-
-	<rule from="^http://(shop\.|www\.)?performancealley\.com/"
-		to="https://$1performancealley.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Performance_Wheel_and_Tire_Warehouse.xml b/src/chrome/content/rules/Performance_Wheel_and_Tire_Warehouse.xml
index 505fffa5d631..e1a050973976 100644
--- a/src/chrome/content/rules/Performance_Wheel_and_Tire_Warehouse.xml
+++ b/src/chrome/content/rules/Performance_Wheel_and_Tire_Warehouse.xml
@@ -1,10 +1,19 @@
-<ruleset name="Performance Wheel &amp; Tire Warehouse">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://performancewheel.com/ => https://performancewheel.com/: (28, 'Connection timed out after 20002 milliseconds')
+Fetch error: http://www.performancewheel.com/ => https://www.performancewheel.com/: (28, 'Connection timed out after 20000 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://performancewheel.com/ => https://performancewheel.com/: (51, "SSL: no alternative certificate subject name matches target host name 'performancewheel.com'")
+Fetch error: http://www.performancewheel.com/ => https://www.performancewheel.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.performancewheel.com'")
+-->
+<ruleset name="Performance Wheel &amp; Tire Warehouse" default_off="failed ruleset test">
 
 	<target host="performancewheel.com" />
 	<target host="www.performancewheel.com" />
 
 
-	<rule from="^http://(www\.)?performancewheel\.com/"
-		to="https://$1performancewheel.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Performancing.xml b/src/chrome/content/rules/Performancing.xml
index 8f8c0cb2de4e..f500bbe5cf65 100644
--- a/src/chrome/content/rules/Performancing.xml
+++ b/src/chrome/content/rules/Performancing.xml
@@ -10,8 +10,7 @@
 	<!--	tracking beacon		-->
 	<target host="pmetrics.performancing.com"/>
 
-	<rule from="^http://pmetrics\.performancing\.com/"
-		to="https://pmetrics.performancing.com/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
 
diff --git a/src/chrome/content/rules/Periscope.io.xml b/src/chrome/content/rules/Periscope.io.xml
new file mode 100644
index 000000000000..4dfe53716fd8
--- /dev/null
+++ b/src/chrome/content/rules/Periscope.io.xml
@@ -0,0 +1,18 @@
+<!--
+	Fully covered hosts in *periscope.io:
+
+		- (www.)?
+
+-->
+<ruleset name="Periscope.io">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="periscope.io" />
+	<target host="www.periscope.io" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Perl-Foundation.xml b/src/chrome/content/rules/Perl-Foundation.xml
index 65605543f356..31bf003f3623 100644
--- a/src/chrome/content/rules/Perl-Foundation.xml
+++ b/src/chrome/content/rules/Perl-Foundation.xml
@@ -2,9 +2,8 @@
 
 	<target host="donate.perlfoundation.org"/>
 
-	<securecookie host="^donate\.perlfoundation\.org$" name=".*"/>
+	<securecookie host="^donate\.perlfoundation\.org$" name=".+" />
 
-	<rule from="^http://donate\.perlfoundation\.org/"
-		to="https://donate.perlfoundation.org/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Perl.org.xml b/src/chrome/content/rules/Perl.org.xml
index 72174bcf255d..3dc42b2b7b39 100644
--- a/src/chrome/content/rules/Perl.org.xml
+++ b/src/chrome/content/rules/Perl.org.xml
@@ -6,34 +6,15 @@
 			- st.pimg.net
 
 
-	Problematic domains:
-
-		- perldoc		(works; mismatched, CN: *.a.ssl.fastly.net)
-		- svn.perl.org		(works, self-signed)
-		- st.pimg.net		(404; mismatched, CN: *.netdna-ssl.com)
-
-
 	Nonfunctional perl.org subdomains:
 
-		- (www.) *
-		- blob *
 		- blogs *
-		- books *
-		- cpan *
-		- cpanratings *
 		- cpansearch	(times out)
-		- dbi *
-		- dev *
 		- history *
 		- irc		(http reply)
-		- www.irc *
-		- jobs *
-		- learn *
-		- lists *
-		- log		(blogspot)
-		- noc *
 		- pdl *
 		- use *
+		- svn		(times out)
 
 	* Refused
 
@@ -41,22 +22,29 @@
 	Mixed image from www on rt
 
 -->
-<ruleset name="Perl.org (partial)">
-
-	<target host="*.perl.org" />
-	<target host="st.pimg.net" />
-
+<ruleset name="Perl.org">
+
+	<target host="perl.org" />
+	<target host="www.perl.org" />
+	<target host="blob.perl.org" />
+	<target host="books.perl.org" />
+	<target host="cpan.perl.org" />
+	<target host="cpanratings.perl.org" />
+	<target host="dbi.perl.org" />
+	<target host="dev.perl.org" />
+	<target host="perl5.git.perl.org" />
+	<target host="www.irc.perl.org" />
+	<target host="jobs.perl.org" />
+	<target host="learn.perl.org" />
+	<target host="lists.perl.org" />
+	<target host="log.perl.org" />
+	<target host="noc.perl.org" />
+	<target host="pause.perl.org" />
+	<target host="perldoc.perl.org" />
+	<target host="rt.perl.org" />
 
 	<securecookie host="^rt\.perl\.org$" name=".+" />
 
+	<rule from="^http:" to="https:" />
 
-	<rule from="^http://log\.perl\.org/favicon\.ico"
-		to="https://www.blogger.com/favicon.ico" />
-
-	<rule from="^http://(pause|rt)\.perl\.org/"
-		to="https://$1.perl.org/" />
-
-	<rule from="^http://st\.pimg\.net/"
-		to="https://st.pimg.net/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Perle.com.xml b/src/chrome/content/rules/Perle.com.xml
new file mode 100644
index 000000000000..95f2e9c2bbde
--- /dev/null
+++ b/src/chrome/content/rules/Perle.com.xml
@@ -0,0 +1,62 @@
+<!--
+	Problematic hosts in *perle.com:
+
+		- estoreeu *
+		- estoreuk *
+
+	* Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- estoreeu.perle.com
+		- estoreuk.perle.com
+
+-->
+<ruleset name="Perle.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="perle.com" />
+	<target host="estore.perle.com" />
+	<!--target host="estoreeu.perle.com" /-->
+	<!--target host="estoreuk.perle.com" /-->
+	<target host="help.perle.com" />
+	<target host="www.help.perle.com" />
+	<target host="www.perle.com" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://estore\.perle\.com/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://estore\.perle\.com/+(?!images/|scripts/|styles/|themes/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://estore.perle.com/dba0021.aspx" />
+			<test url="http://estore.perle.com/electricutility.aspx" />
+			<test url="http://estore.perle.com/iolants2.aspx" />
+			<test url="http://estore.perle.com/mcsm.aspx" />
+			<test url="http://estore.perle.com/page-not-found.aspx" />
+
+			<!--	-ve:
+					-->
+			<test url="http://estore.perle.com/images/down-icon.png" />
+			<test url="http://estore.perle.com/scripts/jQueryUiStyles/jquery-ui-1.10.3.custom.css" />
+			<test url="http://estore.perle.com/styles/main-menu.css" />
+			<test url="http://estore.perle.com/themes/migration-1-1/css/y4x_custom.css" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^estore(?:eu|uk)\.perle\.com$" name="^(?:ASPSESSIONID[A-Z]{8}|ekm_mo_perlesystem\w\w|ekm_perlesystem\w\w)$" /-->
+
+	<!--securecookie host="^estore\w\w\.perle\.com$" name=".+" /-->
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Perlentaucher.de.xml b/src/chrome/content/rules/Perlentaucher.de.xml
new file mode 100644
index 000000000000..933739058023
--- /dev/null
+++ b/src/chrome/content/rules/Perlentaucher.de.xml
@@ -0,0 +1,32 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .perlentaucher.de
+
+
+	Mixed content:
+
+		- Bugs from cdn6?.adspirit.de *
+
+	* Secured by us
+
+-->
+<ruleset name="Perlentaucher.de">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="perlentaucher.de" />
+	<target host="www.perlentaucher.de" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.perlentaucher\.de$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\.perlentaucher\.de$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Perry_Ellis.com.xml b/src/chrome/content/rules/Perry_Ellis.com.xml
new file mode 100644
index 000000000000..d0acbd629030
--- /dev/null
+++ b/src/chrome/content/rules/Perry_Ellis.com.xml
@@ -0,0 +1,89 @@
+<!--
+
+	Problematic hosts in *perryellis.com::
+
+		- ^ *
+
+	* Mismatched
+
+
+	Partially covered hosts in *perryellis.com:
+
+		- en-us *
+
+	* Some pages redirect to http
+
+
+	Fully covered hosts in *perryellis.com:
+
+		- (www.)?	(^ → www)
+
+
+	Insecure cookies are set for these hosts:
+
+		- es-us.perryellis.com
+		- www.perryellis.com
+
+
+	Mixed content:
+
+		- Bug on www from ib.adnxs.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Perry Ellis.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="es-us.perryellis.com" />
+	<target host="www.perryellis.com" />
+
+	<!--	Complications:
+				-->
+	<target host="perryellis.com" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://es-us\.perryellis\.com/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://es-us\.perryellis\.com/+(?!_onelink_/|(?:account|orderhistory)(?:$|[?/])|favicon\.ico|on/|pAckAgEs/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://es-us.perryellis.com/apparel/" />
+			<test url="http://es-us.perryellis.com/big-tall/" />
+			<test url="http://es-us.perryellis.com/blog" />
+			<test url="http://es-us.perryellis.com/et-form.html" />
+			<test url="http://es-us.perryellis.com/features/" />
+			<test url="http://es-us.perryellis.com/gift-certificate" />
+			<test url="http://es-us.perryellis.com/returns.html" />
+			<test url="http://es-us.perryellis.com/sale/" />
+			<test url="http://es-us.perryellis.com/underwear/" />
+
+			<!--	-ve:
+					-->
+			<test url="http://es-us.perryellis.com/_onelink_/perryellis/en2es/images/on/demandware.static/Sites-perryellis-Site/Sites-perryellis-Library/default/home-main/2014/sep/home-main-20140917x.jpg" />
+			<test url="http://es-us.perryellis.com/account" />
+			<test url="http://es-us.perryellis.com/favicon.ico" />
+			<test url="http://es-us.perryellis.com/on/demandware.static/Sites-perryellis-Site/-/default/css/product-1x4.css" />
+			<test url="http://es-us.perryellis.com/orderhistory" />
+			<test url="http://es-us.perryellis.com/pAckAgEs/onelink/skin-gl/img/poweredby-trans.png" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(es-us|www)\.perryellis\.com$" name="^(dwac_[\da-zA-Z]+|dwanonymous_[\da-f]{32}|dwpersonalization_[\da-f]{32}|dwsid|sid)$" /-->
+
+	<securecookie host="^www\.perryellis\.com$" name=".+" />
+
+
+	<rule from="^http://perryellis\.com/"
+		to="https://www.perryellis.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PersecutionOfAhmadis.org.xml b/src/chrome/content/rules/PersecutionOfAhmadis.org.xml
new file mode 100644
index 000000000000..b84489cd8a5d
--- /dev/null
+++ b/src/chrome/content/rules/PersecutionOfAhmadis.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="PersecutionOfAhmadis.org">
+	<target host="persecutionofahmadis.org" />
+	<target host="www.persecutionofahmadis.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Personal_Data_Ecosystem_Consortium.xml b/src/chrome/content/rules/Personal_Data_Ecosystem_Consortium.xml
deleted file mode 100644
index a6ec77010bc7..000000000000
--- a/src/chrome/content/rules/Personal_Data_Ecosystem_Consortium.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	CN: *.bluehost.com
-
--->
-<ruleset name="Personal Data Ecosystem Consortium (partial)">
-
-	<target host="pde.cc" />
-	<target host="www.pde.cc" />
-	<target host="personaldataecosystem.org" />
-	<target host="www.personaldataecosystem.org" />
-
-
-	<rule from="^http://(?:www\.)?p(?:de\.cc|ersonaldataecosystem\.org)/(\?custom-css=|favicon\.ico|wp-content/)"
-		to="https://secure.bluehost.com/~pdecc/$1" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Personal_Democracy_Forum.xml b/src/chrome/content/rules/Personal_Democracy_Forum.xml
index ec376dc9493b..e1a9d58d652a 100644
--- a/src/chrome/content/rules/Personal_Democracy_Forum.xml
+++ b/src/chrome/content/rules/Personal_Democracy_Forum.xml
@@ -1,13 +1,12 @@
 <ruleset name="Personal Democracy Forum">
 
 	<target host="personaldemocracy.com" />
-	<target host="*.personaldemocracy.com" />
+	<target host="www.personaldemocracy.com" />
 
 
 	<securecookie host="^\.personaldemocracy\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?personaldemocracy\.com/"
-		to="https://$1personaldemocracy.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Personalausweisportal.de.xml b/src/chrome/content/rules/Personalausweisportal.de.xml
new file mode 100644
index 000000000000..622ef2da77b8
--- /dev/null
+++ b/src/chrome/content/rules/Personalausweisportal.de.xml
@@ -0,0 +1,8 @@
+<ruleset name="Personalausweisportal.de">
+  <target host="personalausweisportal.de" />
+  <target host="www.personalausweisportal.de" />
+
+  <securecookie host="^(www\.)?personalausweisportal\.de$" name=".+" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PersonalityPage.com.xml b/src/chrome/content/rules/PersonalityPage.com.xml
new file mode 100644
index 000000000000..e8b32ba6fdfb
--- /dev/null
+++ b/src/chrome/content/rules/PersonalityPage.com.xml
@@ -0,0 +1,11 @@
+<ruleset name="Personality Page" default_off="cert-chain">
+
+	<target host="personalitypage.com" />
+	<target host="www.personalitypage.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Personforce-clients.xml b/src/chrome/content/rules/Personforce-clients.xml
deleted file mode 100644
index f5c14d8e3844..000000000000
--- a/src/chrome/content/rules/Personforce-clients.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<ruleset name="Personforce clients" default_off="mismatch">
-
-	<!--	Cert: secure.personforce.com	-->
-	<target host="crunchboard.com" />
-	<target host="*.crunchboard.com" />
-		<!--	Handled in AOL.xml.	-->
-		<exclusion pattern="^https?://(?:www\.)?crunchboard\.com/(build|images3?|include)/" />
-
-
-	<securecookie host="^www\.crunchboard\.com$" name=".*" />
-
-
-	<!--	!www doesn't work.	-->
-	<rule from="^https?://(?:www\.)?crunchboard\.com/"
-		to="https://www.crunchboard.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Personforce.xml b/src/chrome/content/rules/Personforce.xml
index d220ab7254d0..dc10e46a62b6 100644
--- a/src/chrome/content/rules/Personforce.xml
+++ b/src/chrome/content/rules/Personforce.xml
@@ -1,10 +1,11 @@
 <ruleset name="Personforce (partial)" platform="mixedcontent">
 
 	<target host="personforce.com" />
-	<target host="*.personforce.com" />
+	<target host="www.personforce.com" />
+	<target host="secure.personforce.com" />
 
 
-	<rule from="^https?://(?:www\.)?personforce\.com/images/pencil_(add|go)\.png$"
+	<rule from="^http://(?:www\.)?personforce\.com/images/pencil_(add|go)\.png$"
 		to="https://secure.personforce.com/images/pencil_$1.png" />
 
 	<rule from="^http://secure\.personforce\.com/"
diff --git a/src/chrome/content/rules/PerspectiveAPI.com.xml b/src/chrome/content/rules/PerspectiveAPI.com.xml
new file mode 100644
index 000000000000..0c9d4cc964d4
--- /dev/null
+++ b/src/chrome/content/rules/PerspectiveAPI.com.xml
@@ -0,0 +1,13 @@
+<!--
+	Broken chain cert:
+		support.perspectiveapi.com
+
+-->
+<ruleset name="PerspectiveAPI.com">
+
+	<target host="perspectiveapi.com" />
+	<target host="www.perspectiveapi.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Perspectives-Project.org.xml b/src/chrome/content/rules/Perspectives-Project.org.xml
new file mode 100644
index 000000000000..53184fac8edf
--- /dev/null
+++ b/src/chrome/content/rules/Perspectives-Project.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="Perspectives Project">
+
+	<target host="perspectives-project.org" />
+	<target host="www.perspectives-project.org" />
+
+	<rule from="^http:"	to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PetTravel.com.xml b/src/chrome/content/rules/PetTravel.com.xml
new file mode 100644
index 000000000000..92a170e3a630
--- /dev/null
+++ b/src/chrome/content/rules/PetTravel.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="PetTravel.com">
+	<target host="pettravel.com" />
+	<target host="www.pettravel.com" />
+
+	<rule from="^http://pettravel\.com/" to="https://www.pettravel.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Pet_Nanny.xml b/src/chrome/content/rules/Pet_Nanny.xml
index d188847fc2e5..d3df98c6e0b6 100644
--- a/src/chrome/content/rules/Pet_Nanny.xml
+++ b/src/chrome/content/rules/Pet_Nanny.xml
@@ -7,7 +7,6 @@
 	<securecookie host="^(?:www\.)?pet-nanny\.net$" name=".+" />
 
 
-	<rule from="^http://(www\.)?pet-nanny\.net/"
-		to="https://$1pet-nanny.net/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Petapixel.com.xml b/src/chrome/content/rules/Petapixel.com.xml
new file mode 100644
index 000000000000..d18972b436b4
--- /dev/null
+++ b/src/chrome/content/rules/Petapixel.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Petapixel.com">
+	<target host="petapixel.com" />
+	<target host="www.petapixel.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Pete_Keen.net.xml b/src/chrome/content/rules/Pete_Keen.net.xml
new file mode 100644
index 000000000000..fd357d5c5b91
--- /dev/null
+++ b/src/chrome/content/rules/Pete_Keen.net.xml
@@ -0,0 +1,12 @@
+<ruleset name="Pete Keen.net">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="petekeen.net" />
+	<target host="www.petekeen.net" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Peter-Broderick.xml b/src/chrome/content/rules/Peter-Broderick.xml
index eb92a43c0dfb..e4a6eee99d1e 100644
--- a/src/chrome/content/rules/Peter-Broderick.xml
+++ b/src/chrome/content/rules/Peter-Broderick.xml
@@ -1,4 +1,4 @@
-<ruleset name="Peter Broderick" default_off="mismatch">
+<ruleset name="Peter Broderick" default_off="mismatched">
 
 	<!--	Cert: *.bluehost.com	-->
 	<target host="peterbroderick.com" />
diff --git a/src/chrome/content/rules/Peter-Caprioli.xml b/src/chrome/content/rules/Peter-Caprioli.xml
index 9583eb0a6a3e..4fcec786ab22 100644
--- a/src/chrome/content/rules/Peter-Caprioli.xml
+++ b/src/chrome/content/rules/Peter-Caprioli.xml
@@ -4,10 +4,9 @@
 	<target host="www.caprioli.se" />
 
 
-	<securecookie host="^(www\.)?caprioli\.se$" name=".*" />
+	<securecookie host="^(?:www\.)?caprioli\.se$" name=".+" />
 
 
-	<rule from="^http://(www\.)?caprioli\.se/"
-		to="https://$1caprioli.se/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Peter_Aba.com.xml b/src/chrome/content/rules/Peter_Aba.com.xml
new file mode 100644
index 000000000000..d139e9016f29
--- /dev/null
+++ b/src/chrome/content/rules/Peter_Aba.com.xml
@@ -0,0 +1,27 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://dimebag.peteraba.com/ => https://dimebag.peteraba.com/: (51, "SSL: no alternative certificate subject name matches target host name 'dimebag.peteraba.com'")
+
+	www.peteraba.com: Mismatched
+
+-->
+<ruleset name="Peter Aba.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="peteraba.com" />
+	<target host="dimebag.peteraba.com" />
+
+	<!--	Complications:
+				-->
+	<target host="www.peteraba.com" />
+
+
+	<rule from="^http://www\.peteraba\.com/"
+		to="https://peteraba.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Peter_Molnar.eu.xml b/src/chrome/content/rules/Peter_Molnar.eu.xml
new file mode 100644
index 000000000000..842e36c56892
--- /dev/null
+++ b/src/chrome/content/rules/Peter_Molnar.eu.xml
@@ -0,0 +1,12 @@
+<ruleset name="Peter Molnar.eu">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="petermolnar.eu" />
+	<target host="www.petermolnar.eu" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Peter_Odding.com.xml b/src/chrome/content/rules/Peter_Odding.com.xml
index 7b14f5073f17..9a7dc33a5f38 100644
--- a/src/chrome/content/rules/Peter_Odding.com.xml
+++ b/src/chrome/content/rules/Peter_Odding.com.xml
@@ -12,7 +12,6 @@
 	<target host="www.peterodding.com" />
 
 
-	<rule from="^http://(www\.)?peterodding\.com/"
-		to="https://$1peterodding.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Peterborough.gov.uk.xml b/src/chrome/content/rules/Peterborough.gov.uk.xml
new file mode 100644
index 000000000000..7dbbc5d28c83
--- /dev/null
+++ b/src/chrome/content/rules/Peterborough.gov.uk.xml
@@ -0,0 +1,107 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://consult.peterborough.gov.uk/? => https://peterborough.objective.gov.uk/portal: (6, 'Could not resolve host: peterborough.objective.gov.uk')
+Fetch error: http://consult.peterborough.gov.uk/portal/pscss => https://peterborough.objective.gov.uk/portal/pscss: (6, 'Could not resolve host: peterborough.objective.gov.uk')
+Fetch error: http://peterborough.gov.uk/ => https://peterborough.gov.uk/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://consult.peterborough.gov.uk/ => https://peterborough.objective.gov.uk/portal: (6, 'Could not resolve host: peterborough.objective.gov.uk')
+
+	Peterborough City Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	NB: Tor users cannot view* this website due to CloudFlare settings.
+
+	See:
+
+		- https://blog.torproject.org/blog/call-arms-helping-internet-services-accept-anonymous-users
+		- https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block-Tor-
+		- https://support.cloudflare.com/hc/en-us/articles/200170206-How-do-I-turn-I-m-Under-Attack-mode-on-
+
+	* without enabling javascript, for security and privacy implications see e.g.:
+
+		- https://www.mozilla.org/security/known-vulnerabilities/firefox.html
+		- https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-fingerprinting
+		- https://panopticlick.eff.org
+
+
+	Nonfunctional hosts in *peterborough.gov.uk:
+
+		- booking ᵈ
+		- data ⁴
+		- fis *
+		- hawkeye ʳ
+		- her ᵃ
+		- jobs ᵈ
+		- netloan ᵈ
+		- travelchoicemap ʳ
+
+	ᵃ Shows apps.peterborough.gov.uk
+	* Redirects to search3.openobjects.com
+	⁴ 404
+	ᵈ Dropped
+	ʳ Refused
+
+
+	Problematic hosts in *peterborough.gov.uk:
+
+		- (www.)? *
+		- ask ᵐ
+		- consult ᵐ
+		- www2 ᵐ
+
+	* Tor users blocked by CloudFlare settings
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- .peterborough.gov.uk
+		- ask.peterborough.gov.uk
+		- consult.peterborough.gov.uk
+
+-->
+<ruleset name="Peterborough.gov.uk (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="peterborough.gov.uk" />
+	<target host="admissions.peterborough.gov.uk" />
+	<target host="apps.peterborough.gov.uk" />
+	<target host="ecaf.peterborough.gov.uk" />
+	<target host="planpa.peterborough.gov.uk" />
+	<target host="selfservice.peterborough.gov.uk" />
+	<target host="www.peterborough.gov.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="consult.peterborough.gov.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.peterborough\.gov\.uk$" name="^(?:__cfduid|cf_clearance)$" /-->
+	<!--securecookie host="^ask\.peterborough\.gov\.uk$" name="^identitytoken$" /-->
+	<!--securecookie host="^consult\.peterborough\.gov\.uk$" name="^(?:JSESSION|Server)ID$" /-->
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<!--	Redirect drops forward slash and args;
+							-->
+	<rule from="^http://consult\.peterborough\.gov\.uk/+(?:\?.*)?$"
+		to="https://peterborough.objective.gov.uk/portal" />
+
+		<test url="http://consult.peterborough.gov.uk/?" />
+
+	<rule from="^http://consult\.peterborough\.gov\.uk/"
+		to="https://peterborough.objective.gov.uk/" />
+
+		<test url="http://consult.peterborough.gov.uk/portal/pscss" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Petfinder.com.xml b/src/chrome/content/rules/Petfinder.com.xml
new file mode 100644
index 000000000000..d331c295463e
--- /dev/null
+++ b/src/chrome/content/rules/Petfinder.com.xml
@@ -0,0 +1,13 @@
+<!--
+	For other Nestlé coverage, see Nestle.xml.
+-->
+<ruleset name="PetFinder.com (partial)">
+	<target host="petfinder.com" />
+	<target host="www.petfinder.com" />
+	<target host="profiles.petfinder.com" />
+	<target host="video.petfinder.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Petri.com.xml b/src/chrome/content/rules/Petri.com.xml
new file mode 100644
index 000000000000..7ae8630cb36d
--- /dev/null
+++ b/src/chrome/content/rules/Petri.com.xml
@@ -0,0 +1,28 @@
+<!--
+	Insecure cookies are set for these domains and hosts:
+
+		- .petri.com
+		- www.petri.com
+
+-->
+<ruleset name="Petri.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="petri.com" />
+	<target host="cdn.petri.com" />
+	<target host="www.petri.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.petri\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+	<!--securecookie host="^www\.petri\.com$" name="^bblastactivity$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Petridish-mismatches.xml b/src/chrome/content/rules/Petridish-mismatches.xml
deleted file mode 100644
index 52a71daebf0a..000000000000
--- a/src/chrome/content/rules/Petridish-mismatches.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="Petridish (mismatches)" default_off="mismatch">
-
-	<target host="petridish.org"/>
-	<target host="www.petridish.org"/>
-
-	<rule from="^http://(?:www\.)?petridish\.org/"
-		to="https://www.petridish.org/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Petridish.org.xml b/src/chrome/content/rules/Petridish.org.xml
new file mode 100644
index 000000000000..3e083bbdfa61
--- /dev/null
+++ b/src/chrome/content/rules/Petridish.org.xml
@@ -0,0 +1,14 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+		- blog.petridish.org
+
+		SSL peer certificate was not OK:
+		- www.petridish.org
+		- media.petridish.org
+-->
+<ruleset name="Petridish.org">
+	<target host="petridish.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Petridish.xml b/src/chrome/content/rules/Petridish.xml
deleted file mode 100644
index 5cf2f8750ab0..000000000000
--- a/src/chrome/content/rules/Petridish.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="Petridish (partial)">
-
-	<target host="media.petridish.org"/>
-
-	<rule from="^http://media\.petridish\.org/"
-		to="https://s3.amazonaws.com/media.petridish.org/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Petrogen.com.xml b/src/chrome/content/rules/Petrogen.com.xml
index 139ff45e7c31..76d8198153f7 100644
--- a/src/chrome/content/rules/Petrogen.com.xml
+++ b/src/chrome/content/rules/Petrogen.com.xml
@@ -1,4 +1,4 @@
-<ruleset name="Petrogen.com">
+<ruleset name="Petrogen.com" default_off="plaintext reply">
 
 	<target host="petrogen.com" />
 	<target host="www.petrogen.com" />
@@ -7,10 +7,7 @@
 	<securecookie host="^www\.petrogen\.com$" name=".+" />
 
 
-	<!--	^ redirects to www over http,
-		so copy that behavior:
-					-->
-	<rule from="^http://(?:www\.)?petrogen\.com/"
-		to="https://www.petrogen.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/PetsatHome.com.xml b/src/chrome/content/rules/PetsatHome.com.xml
index 636b0ba9eaa9..48a3312fdda0 100644
--- a/src/chrome/content/rules/PetsatHome.com.xml
+++ b/src/chrome/content/rules/PetsatHome.com.xml
@@ -3,7 +3,6 @@
 	<target host="petsathome.com" />
 	<target host="www.petsathome.com" />
 
-	<rule from="^http://(www\.)?petsathome\.com/"
-		to="https://www.petsathome.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Petstore.com.xml b/src/chrome/content/rules/Petstore.com.xml
new file mode 100644
index 000000000000..7c5105ed5944
--- /dev/null
+++ b/src/chrome/content/rules/Petstore.com.xml
@@ -0,0 +1,22 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://petstore.com/ => https://www.petstore.com/: Too many redirects while fetching 'https://www.petstore.com/'
+Fetch error: http://www.petstore.com/ => https://www.petstore.com/: Too many redirects while fetching 'https://www.petstore.com/'
+
+	^: expired 2013-12-02
+
+-->
+<ruleset name="Petstore.com" default_off="failed ruleset test">
+
+	<target host="petstore.com" />
+	<target host="www.petstore.com" />
+
+
+	<securecookie host="^\.petstore\.com$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?petstore\.com/"
+		to="https://www.petstore.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Petteri-Raty-mismatches.xml b/src/chrome/content/rules/Petteri-Raty-mismatches.xml
index a58140636f2f..777a97b1e183 100644
--- a/src/chrome/content/rules/Petteri-Raty-mismatches.xml
+++ b/src/chrome/content/rules/Petteri-Raty-mismatches.xml
@@ -2,12 +2,11 @@
 	For rules that are on by default, see Petteri-Raty.xml.
 
 -->
-<ruleset name="Petteri Räty (mismatches)" default_off="mismatch">
+<ruleset name="Petteri Räty (mismatches)" default_off="mismatched">
 
 	<target host="gentoo.petteriraty.eu" />
 
 
-	<rule from="^http://gentoo\.petteriraty\.eu/"
-		to="https://gentoo.petteriraty.eu/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Petteri-Raty.xml b/src/chrome/content/rules/Petteri-Raty.xml
index 686962a5b6c1..fc743fceec88 100644
--- a/src/chrome/content/rules/Petteri-Raty.xml
+++ b/src/chrome/content/rules/Petteri-Raty.xml
@@ -5,7 +5,8 @@
 <ruleset name="Petteri Räty (partial)">
 
 	<target host="petteriraty.eu" />
-	<target host="*.petteriraty.eu" />
+	<target host="mail.petteriraty.eu" />
+	<target host="www.petteriraty.eu" />
 
 
 	<!--	Cert doesn't match www.	-->
diff --git a/src/chrome/content/rules/PewDiePie.net.xml b/src/chrome/content/rules/PewDiePie.net.xml
deleted file mode 100644
index ff4ad24de673..000000000000
--- a/src/chrome/content/rules/PewDiePie.net.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="PewDiePie.net">
-
-	<target host="pewdiepie.net" />
-	<target host="*.pewdiepie.net" />
-
-
-	<securecookie host="^(?:w*\.)?pewdiepie\.net$" name=".+" />
-
-
-	<rule from="^http://(www\.)?pewdiepie\.net/"
-		to="https://$1pewdiepie.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Peytz.dk.xml b/src/chrome/content/rules/Peytz.dk.xml
new file mode 100644
index 000000000000..9eb9361959c4
--- /dev/null
+++ b/src/chrome/content/rules/Peytz.dk.xml
@@ -0,0 +1,18 @@
+<!--
+	Not covered:
+
+		- ^ ¹
+		- www ¹
+
+	¹: Refused
+-->
+<ruleset name="Peytz.dk">
+
+	<target host="opinion.peytz.dk" />
+
+	<test url="http://opinion.peytz.dk/decide2.js" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PfSense.org.xml b/src/chrome/content/rules/PfSense.org.xml
index f8703cf39f9e..784fefb8e98e 100644
--- a/src/chrome/content/rules/PfSense.org.xml
+++ b/src/chrome/content/rules/PfSense.org.xml
@@ -1,39 +1,68 @@
+
 <!--
-	Nonfunctional subdomains:
+Disabled by https-everywhere-checker because:
+Fetch error: http://devwiki.pfsense.org/ => https://devwiki.pfsense.org/: (60, 'SSL certificate problem: certificate has expired')
 
-		- (www.) *
-		- blog *
+	Nonfunctional subdomains:
 
-	* Refused
+		- various downloads URLs not listed below
 
 
 	Fully covered subdomains:
 
+		- (www.)?
+		- blog
 		- devwiki
 		- doc
+		- files
 		- forum
+		- lists
 		- portal
 		- redmine
+		- snapshots
 
 
-	Observed cookie domains:
+	Insecure cookies are set for these domains and hosts:
 
-		- .
-		- devwiki
-		- doc
-		- forum
-		- redmine
+		- forum.pfsense.org
+		- redmine.pfsense.org
+
+
+	Mixed content:
+
+		- css on blog from fonts.googleapis.com *
+
+		- Images on (www.) from www *
+
+	* Secured by us
 
 -->
-<ruleset name="pfSense.org (partial)">
+<ruleset name="pfSense.org (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="pfsense.org" />
+	<target host="blog.pfsense.org" />
+	<target host="devwiki.pfsense.org" />
+	<target host="doc.pfsense.org" />
+	<target host="files.pfsense.org" />
+	<target host="forum.pfsense.org" />
+	<target host="lists.pfsense.org" />
+	<target host="portal.pfsense.org" />
+	<target host="redmine.pfsense.org" />
+	<target host="snapshots.pfsense.org" />
+	<target host="www.pfsense.org" />
 
-	<target host="*.pfsense.org" />
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^forum\.pfsense\.org$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^redmine\.pfsense\.org$" name="^_redmine_session$" /-->
 
 	<securecookie host=".+\.pfsense\.org$" name=".+" />
 
 
-	<rule from="^http://(devwiki|doc|forum|portal|redmine)\.pfsense\.org/"
-		to="https://$1.pfsense.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Pfefferkoerner.de.xml b/src/chrome/content/rules/Pfefferkoerner.de.xml
new file mode 100644
index 000000000000..5c0ce27f3366
--- /dev/null
+++ b/src/chrome/content/rules/Pfefferkoerner.de.xml
@@ -0,0 +1,17 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://pfefferkoerner.de/ => https://pfefferkoerner.de/: (51, "SSL: no alternative certificate subject name matches target host name 'pfefferkoerner.de'")
+Fetch error: http://www.pfefferkoerner.de/ => https://www.pfefferkoerner.de/: (51, "SSL: no alternative certificate subject name matches target host name 'www.pfefferkoerner.de'")
+
+	redirects to https://www.ndr.de/fernsehen/sendungen/pfefferkoerner/
+-->
+<ruleset name="pfefferkoerner.de" default_off="failed ruleset test">
+    <target host="pfefferkoerner.de" />
+    <target host="www.pfefferkoerner.de" />
+
+    <securecookie host="^(www\.)?pfefferkoerner\.de$" name=".+" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Pfennigparade.de.xml b/src/chrome/content/rules/Pfennigparade.de.xml
new file mode 100644
index 000000000000..676f8634b6cf
--- /dev/null
+++ b/src/chrome/content/rules/Pfennigparade.de.xml
@@ -0,0 +1,8 @@
+<ruleset name="Pfennigparade.de">
+
+	<target host="pfennigparade.de"/>
+	<target host="www.pfennigparade.de"/>
+
+	<rule from="^http:" to="https:"/>
+
+</ruleset>
diff --git a/src/chrome/content/rules/Pfizer.xml b/src/chrome/content/rules/Pfizer.xml
index c47c9bd605e8..6e6176ad4579 100644
--- a/src/chrome/content/rules/Pfizer.xml
+++ b/src/chrome/content/rules/Pfizer.xml
@@ -1,21 +1,66 @@
-<ruleset name="Pfizer (partial)" platform="mixedcontent">
+<!--
+	Other Pfizer rulesets:
 
+		- Pfizer_helpful_answers.com.xml
+		- Pfizer_pro.com.xml
+
+
+	Problematic hosts in *pfizer.com:
+
+		- animalhealth *
+
+	* Expired
+
+
+	These altnames don't exist:
+
+		- ssl.pfizer.com
+
+
+	Mixed content:
+
+		- Bugs, on:
+
+			- accountcenter from fls.doubleclick.net *
+			- accountcenter from \d+.fls.doubleclick.net *
+
+	* Ruleset disabled by default
+
+-->
+<ruleset name="Pfizer.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
 	<target host="pfizer.com"/>
-	<target host="*.pfizer.com"/>
-	<target host="pfizerpro.com"/>
-	<target host="*.pfizerpro.com"/>
-	<target host="pfizerhelpfulanswers.com"/>
-	<target host="*.pfizerhelpfulanswers.com"/>
+	<target host="accountcenter.pfizer.com"/>
+	<!--target host="animalhealth.pfizer.com"/-->
+	<target host="esamplesweb.pfizer.com"/>
+	<target host="prodfederate.pfizer.com"/>
+	<target host="www.pfizer.com"/>
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.pfizer\.com/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.pfizer\.com/+(?!misc/|sites/)" />
 
-	<securecookie host="^(.*\.)?pfizer(helpfulanswers|pro)?\.com$" name=".*"/>
+			<!--	+ve:
+					-->
+			<test url="http://www.pfizer.com/about" />
+			<test url="http://www.pfizer.com/contact/contact_us_support" />
+			<test url="http://www.pfizer.com/news" />
+			<test url="http://www.pfizer.com/partnering" />
+			<test url="http://www.pfizer.com/products" />
 
-	<rule from="^http://(?:www\.)?pfizer(helpfulanswers)?\.com/"
-		to="https://www.pfizer$1.com/"/>
+			<!--	-ve:
+					-->
+			<test url="http://www.pfizer.com/misc/menu-collapsed.png" />
+			<test url="http://www.pfizer.com/sites/default/files/images/common/pfizer.png" />
 
-	<rule from="^http://animalhealth\.pfizer\.com/"
-		to="https://animalhealth.pfizer.com/"/>
 
-	<rule from="^http://(www\.)?pfizerpro\.com/"
-		to="https://$1pfizerpro.com/"/>
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Pfizer_helpful_answers.com.xml b/src/chrome/content/rules/Pfizer_helpful_answers.com.xml
new file mode 100644
index 000000000000..40927dc95454
--- /dev/null
+++ b/src/chrome/content/rules/Pfizer_helpful_answers.com.xml
@@ -0,0 +1,16 @@
+<!--
+	For other Pfizer coverage, see Pfizer.xml.
+
+-->
+<ruleset name="Pfizer helpful answers.com" default_off="mismatched">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="pfizerhelpfulanswers.com"/>
+	<target host="www.pfizerhelpfulanswers.com"/>
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Pfizer_pro.com.xml b/src/chrome/content/rules/Pfizer_pro.com.xml
new file mode 100644
index 000000000000..7d4b95307307
--- /dev/null
+++ b/src/chrome/content/rules/Pfizer_pro.com.xml
@@ -0,0 +1,53 @@
+<!--
+	For other Pfizer coverage, see Pfizer.xml.
+
+
+	CDN buckets:
+
+		- s3.amazonaws.com/pfizerpro.com/
+
+
+	^pfizerpro.com: Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- legacy.pfizerpro.com
+		- www.pfizerpro.com
+
+
+	Mixed content:
+
+		- Bugs on legacy, www from pfizer.112.2o7.net *
+
+	* Secured by us
+
+-->
+<ruleset name="PfizerPro.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="legacy.pfizerpro.com"/>
+	<target host="legacydev.pfizerpro.com"/>
+	<target host="www.pfizerpro.com"/>
+	<target host="www1.pfizerpro.com"/>
+
+	<!--	Complications:
+				-->
+	<target host="pfizerpro.com"/>
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:legacy|www)\.pfizerpro\.com$" name="^SimpleSAMLSessionID$" /-->
+
+	<securecookie host=".+" name=".+"/>
+
+
+	<rule from="^http://pfizerpro\.com/"
+		to="https://www.pfizerpro.com/"/>
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Pform.net.xml b/src/chrome/content/rules/Pform.net.xml
new file mode 100644
index 000000000000..abcd1e4908d7
--- /dev/null
+++ b/src/chrome/content/rules/Pform.net.xml
@@ -0,0 +1,14 @@
+<!--
+	These altnames don't exist:
+
+		- www.pform.net
+
+-->
+<ruleset name="pform.net">
+
+	<target host="pform.net" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Pgpool.net.xml b/src/chrome/content/rules/Pgpool.net.xml
new file mode 100644
index 000000000000..51895f4c0ef4
--- /dev/null
+++ b/src/chrome/content/rules/Pgpool.net.xml
@@ -0,0 +1,6 @@
+<ruleset name="Pgpool.net">
+	<target host="pgpool.net" />
+	<target host="www.pgpool.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PhDelirium.com.xml b/src/chrome/content/rules/PhDelirium.com.xml
new file mode 100644
index 000000000000..4bc50d90d8b1
--- /dev/null
+++ b/src/chrome/content/rules/PhDelirium.com.xml
@@ -0,0 +1,12 @@
+<!--
+	Mixed content from fonts.googleapis.com and ad servers
+
+-->
+<ruleset name="PhDelirium.com">
+
+	<target host="phdelirium.com" />
+	<target host="www.phdelirium.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Phabricator.com.xml b/src/chrome/content/rules/Phabricator.com.xml
index bea1a20bc077..91d5f571392e 100644
--- a/src/chrome/content/rules/Phabricator.com.xml
+++ b/src/chrome/content/rules/Phabricator.com.xml
@@ -6,13 +6,15 @@
 -->
 <ruleset name="Phabricator.com (partial)">
 
-	<target host="*.phabricator.com" />
+	<!--	Direct rewrites:
+				-->
+	<target host="secure.phabricator.com" />
 
 
 	<securecookie host="^\.secure\.phabricator\.com$" name=".+" />
 
 
-	<rule from="^http://secure\.phabricator\.com/"
-		to="https://secure.phabricator.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/PhantaFriends.de.xml b/src/chrome/content/rules/PhantaFriends.de.xml
new file mode 100644
index 000000000000..96344ec02dcb
--- /dev/null
+++ b/src/chrome/content/rules/PhantaFriends.de.xml
@@ -0,0 +1,29 @@
+<!--
+	This domain contains a wildcard DNS record.
+
+	Invalid certificate:
+		dokument.phantafriends.de
+		host.phantafriends.de
+		www.host.phantafriends.de
+		ipb4.phantafriends.de
+		www.ipb4.phantafriends.de
+		login.phantafriends.de
+		office.phantafriends.de
+		password.phantafriends.de
+		podcast.phantafriends.de
+		projekt.phantafriends.de
+		teamspeak.phantafriends.de
+		tracking.phantafriends.de
+-->
+<ruleset name="PhantaFriends.de">
+
+	<target host="phantafriends.de" />
+	<target host="www.phantafriends.de" />
+	<target host="cloud.phantafriends.de" />
+	<target host="news.phantafriends.de" />
+	<target host="test.phantafriends.de" />
+	<target host="webmail.phantafriends.de" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PhantomPeer.com.xml b/src/chrome/content/rules/PhantomPeer.com.xml
new file mode 100644
index 000000000000..716db956ae88
--- /dev/null
+++ b/src/chrome/content/rules/PhantomPeer.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="PhantomPeer.com">
+
+	<target host="phantompeer.com" />
+	<target host="www.phantompeer.com" />
+
+
+	<securecookie host="^(?:www\.)?phantompeer\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Phaser.io.xml b/src/chrome/content/rules/Phaser.io.xml
new file mode 100644
index 000000000000..4dcf95f540be
--- /dev/null
+++ b/src/chrome/content/rules/Phaser.io.xml
@@ -0,0 +1,8 @@
+<ruleset name="Phaser.io">
+	<target host="phaser.io" />
+	<target host="www.phaser.io" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Pheedcontent.com.xml b/src/chrome/content/rules/Pheedcontent.com.xml
index 38a1749bd8a3..9b15fad6f5bf 100644
--- a/src/chrome/content/rules/Pheedcontent.com.xml
+++ b/src/chrome/content/rules/Pheedcontent.com.xml
@@ -25,4 +25,4 @@
 	<rule from="^http://www\.pheedcontent\.com/"
 		to="https://www.pheedo.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Pheedo.com.xml b/src/chrome/content/rules/Pheedo.com.xml
index 80b91b62054a..71414666d6c6 100644
--- a/src/chrome/content/rules/Pheedo.com.xml
+++ b/src/chrome/content/rules/Pheedo.com.xml
@@ -38,7 +38,11 @@
 <ruleset name="Pheedo.com (partial)">
 
 	<target host="pheedo.com" />
-	<target host="*.pheedo.com" />
+	<target host="www.pheedo.com" />
+	<target host="ads.pheedo.com" />
+	<target host="images.pheedo.com" />
+	<target host="feeds.pheedo.com" />
+	<target host="cforigin.feeds.pheedo.com" />
 
 
 	<!--	name="^phdo$"
@@ -46,8 +50,6 @@
 	<securecookie host="^\.pheedo\.com$" name="^phdo$" />
 
 
-	<rule from="^http://(www\.)?pheedo\.com/"
-		to="https://$1pheedo.com/" />
 
 	<rule from="^http://(?:ad|image)s\.pheedo\.com/"
 		to="https://www.pheedo.com/" />
@@ -55,4 +57,5 @@
 	<rule from="^http://(?:cforigin\.)?feeds\.pheedo\.com/"
 		to="https://d2m3yj20rqnr65.cloudfront.net/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PhiHOLD.be.xml b/src/chrome/content/rules/PhiHOLD.be.xml
new file mode 100644
index 000000000000..34e995b73d07
--- /dev/null
+++ b/src/chrome/content/rules/PhiHOLD.be.xml
@@ -0,0 +1,13 @@
+<!--
+	Expired 2014.
+
+-->
+<ruleset name="PhiHOLD.be" default_off="expired">
+
+	<target host="phihold.be" />
+	<target host="www.phihold.be" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Phil_Zimmermann.com.xml b/src/chrome/content/rules/Phil_Zimmermann.com.xml
new file mode 100644
index 000000000000..320268f04be9
--- /dev/null
+++ b/src/chrome/content/rules/Phil_Zimmermann.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="Phil Zimmermann.com">
+
+	<target host="philzimmermann.com" />
+	<target host="www.philzimmermann.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Philadelphia_Bar_Association.xml b/src/chrome/content/rules/Philadelphia_Bar_Association.xml
index 25a2aa69fe6d..b5e8295b4fc0 100644
--- a/src/chrome/content/rules/Philadelphia_Bar_Association.xml
+++ b/src/chrome/content/rules/Philadelphia_Bar_Association.xml
@@ -7,7 +7,6 @@
 	<securecookie host="^(?:www\.)?philadelphiabar\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?philadelphiabar\.org/"
-		to="https://$1philadelphiabar.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Philanthropedia.xml b/src/chrome/content/rules/Philanthropedia.xml
index 0ac3138060ff..ba375c41267f 100644
--- a/src/chrome/content/rules/Philanthropedia.xml
+++ b/src/chrome/content/rules/Philanthropedia.xml
@@ -1,14 +1,32 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://myphilanthropedia.org/ => https://myphilanthropedia.org/: (51, "SSL: no alternative certificate subject name matches target host name 'myphilanthropedia.org'")
+
 	For other GuideStar coverage, see GuideStar.xml.
 
+
+	Mixed content:
+
+		- css from $self *
+		- favicon from $self *
+
+	* Secured by us
+
 -->
-<ruleset name="Philanthropedia">
+<ruleset name="my Philanthropedia.org (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="myphilanthropedia.org" />
 	<target host="www.myphilanthropedia.org" />
 
+		<!--	Mixed css:
+					-->
+		<test url="http://www.myphilanthropedia.org/blog/" />
+
 
-	<rule from="^http://(www\.)?myphilanthropedia\.org/"
-		to="https://$1myphilanthropedia.org/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Phillips_Academy_Andover.xml b/src/chrome/content/rules/Phillips_Academy_Andover.xml
new file mode 100644
index 000000000000..bd6944241faf
--- /dev/null
+++ b/src/chrome/content/rules/Phillips_Academy_Andover.xml
@@ -0,0 +1,47 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://colwizlive.andover.edu/ => https://colwizlive.andover.edu/: (28, 'Connection timed out after 20001 milliseconds')
+
+-->
+<ruleset name="Phillips Academy" default_off="failed ruleset test">
+
+	<target host="www.andover.edu" />
+	<target host="panet.andover.edu" />
+	<target host="canvas.andover.edu" />
+	<target host="colwizlive.andover.edu" />
+	<target host="sso.andover.edu" />
+	<target host="studentreports.andover.edu" />
+	<target host="mypassword.andover.edu" />
+
+
+	<!-- andover.edu does not respond, but should be redirected to https://www.andover.edu to prevent MitM. -->
+	<target host="andover.edu" />
+
+	<!-- mail.andover.edu returns an error, but should be included to protect mail.andover.edu/owa -->
+	<!-- commented out until 'no-test' attribute is available
+	<target host="mail.andover.edu" />
+		-->
+
+	<test url="http://andover.edu/" />
+
+	<securecookie host=".+" name=".+" />
+
+	<!-- redirects andover.edu to https://www.andover.edu -->
+	<rule from="^http://andover\.edu/"
+		to="https://www.andover.edu/" />
+
+
+	<!-- redirects http://mail.andover.edu/ (with or without "/") to https://mail.andover.edu/owa -->
+	<!-- commented out until 'no-test' attribute is available
+	<rule from="^http://mail\.andover\.edu/*$"
+		to="https://mail.andover.edu/owa" />
+
+	<test url="http://mail.andover.edu" />
+	<test url="http://mail.andover.edu/" />
+		-->
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Philosophers_Guild.com.xml b/src/chrome/content/rules/Philosophers_Guild.com.xml
new file mode 100644
index 000000000000..4d3ba22f59cf
--- /dev/null
+++ b/src/chrome/content/rules/Philosophers_Guild.com.xml
@@ -0,0 +1,31 @@
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://philosophersguild.com/ => https://www.philosophersguild.com/: Cycle detected - URL already encountered: http://www.philosophersguild.com/?xid_27780=a050def38808ecd332bd2d5c86ad6d1c
+	Problematic domains:
+
+		- philosophersguild.com ¹
+		- new.philosophersguild.com ²
+		- www.new.philosophersguild.com ²
+
+	¹ Mismatched
+	² Data differs from http
+
+-->
+<ruleset name="Philosophers Guild.com (partial)">
+
+	<target host="philosophersguild.com" />
+	<target host="www.philosophersguild.com" />
+		<!--
+			Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.philosophersguild\.com/(cart|home)\.php\?xid_\d+[\da-f]{32}$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.philosophersguild\.com/+(?!blank\.gif|favicon\.ico|image\.php|images/|login\.php|register\.php|skin/|var/)" />
+
+
+	<rule from="^http://(?:www\.)?philosophersguild\.com/"
+		to="https://www.philosophersguild.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Philosophy-Documentation-Center-problematic.xml b/src/chrome/content/rules/Philosophy-Documentation-Center-problematic.xml
index 027d50bb1f5c..dbf1478494e8 100644
--- a/src/chrome/content/rules/Philosophy-Documentation-Center-problematic.xml
+++ b/src/chrome/content/rules/Philosophy-Documentation-Center-problematic.xml
@@ -2,18 +2,12 @@
 	For rules that are on by default, see Philosophy-Documentation-Center.xml.
 
 -->
-<ruleset name="Philosophy Documentation Center (mismatches)" default_off="mismatch">
+<ruleset name="PDCnet.org (expired)" default_off="expired">
 
-	<target host="pdcnet.org" />
-	<target host="www.pdcnet.org" />
+	<target host="cas.pdcnet.org" />
 
 
-	<!--	Cookies are handled in Philosophy-Documentation-Center.xml.
-
-
-		Cert: www.cas.pdcnet.org
-						-->
-	<rule from="^https?://(?:www\.)?pdcnet\.org/"
-		to="https://www.pdcnet.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Philosophy-Documentation-Center.xml b/src/chrome/content/rules/Philosophy-Documentation-Center.xml
index 6c18134a3f46..dec0104e7ccc 100644
--- a/src/chrome/content/rules/Philosophy-Documentation-Center.xml
+++ b/src/chrome/content/rules/Philosophy-Documentation-Center.xml
@@ -1,17 +1,42 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://secure.pdcnet.org/ => https://secure.pdcnet.org/: (60, 'SSL certificate problem: self signed certificate')
+
+	Philosophy Documentation Center
+
 	For problematic rules, see Philosophy-Documentation-Center-problematic.xml.
 
+
+	Problematic hosts in *pdcnet.org:
+
+		- cas *
+
+	* Expired
+
+
+	These altnames don't exist:
+
+		- www.cas.pdcnet.org
+		- www.secure.pdcnet.org
+
 -->
-<ruleset name="Philosophy Documentation Center (partial)">
+<ruleset name="PDCnet.org (partial)" default_off="failed ruleset test">
+
+	<target host="pdcnet.org" />
+	<!--target host="cas.pdcnet.org" /-->
+	<target host="secure.pdcnet.org" />
+	<target host="www.pdcnet.org" />
 
-	<target host="*.pdcnet.org" />
-	<target host="www.secure.pdcnet.org" />
 
+	<!-- CloudFlare cookies:
+				-->
+	<!--securecookie host="^\.pdcnet\.org$" name="^(?:__cfduid|cf_clearance)$" /-->
 
-	<securecookie host="^.+\.pdcnet\.org$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(cas|(?:www\.)?secure)\.pdcnet\.org/"
-		to="https://$1.pdcnet.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Philosophy_Now.org.xml b/src/chrome/content/rules/Philosophy_Now.org.xml
new file mode 100644
index 000000000000..425f32d542af
--- /dev/null
+++ b/src/chrome/content/rules/Philosophy_Now.org.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- philosophynow.org
+
+-->
+<ruleset name="Philosophy Now.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="philosophynow.org" />
+	<target host="www.philosophynow.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^philosophynow\.org$" name="^(PNCookies|PNShop)$" /-->
+
+	<securecookie host="^philosophynow\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Phils_Hobby_Shop.xml b/src/chrome/content/rules/Phils_Hobby_Shop.xml
index 849b6ef8dabe..7d8d01ac9bfe 100644
--- a/src/chrome/content/rules/Phils_Hobby_Shop.xml
+++ b/src/chrome/content/rules/Phils_Hobby_Shop.xml
@@ -13,7 +13,6 @@
 	<target host="www.philshobbyshop.com" />
 
 
-	<rule from="^http://(?:www\.)?philshobbyshop\.com/"
-		to="https://www.philshobbyshop.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/PhishTank.xml b/src/chrome/content/rules/PhishTank.xml
index 815902b21837..d52488665c24 100644
--- a/src/chrome/content/rules/PhishTank.xml
+++ b/src/chrome/content/rules/PhishTank.xml
@@ -1,9 +1,9 @@
-<ruleset name="PhishTank">
-
-<target host="phishtank.com" />
-<target host="www.phishtank.com" />
-<target host="data.phishtank.com" />
-   
-<rule from="^http://(?:www\.)?phishtank\.com/" to="https://www.phishtank.com/"/>
-<rule from="^http://(?:www\.)?data\.phishtank\.com/" to="https://data.phishtank.com/"/>
-</ruleset>
\ No newline at end of file
+<ruleset name="PhishTank">
+
+<target host="phishtank.com" />
+<target host="www.phishtank.com" />
+<target host="data.phishtank.com" />
+
+<rule from="^http://(?:www\.)?phishtank\.com/" to="https://www.phishtank.com/"/>
+<rule from="^http://(?:www\.)?data\.phishtank\.com/" to="https://data.phishtank.com/"/>
+</ruleset>
diff --git a/src/chrome/content/rules/Phishd.com.xml b/src/chrome/content/rules/Phishd.com.xml
new file mode 100644
index 000000000000..a4e194d9420f
--- /dev/null
+++ b/src/chrome/content/rules/Phishd.com.xml
@@ -0,0 +1,42 @@
+<!--
+	For other MWR InfoSecurity coverage, see MWR_InfoSecurity.com.xml.
+
+
+	Fully covered hosts in *phishd.com:
+
+		- (www.)?
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.phishd.com
+
+
+	Mixed content:
+
+		- css from fonts.googleapis.com ¹
+		- Bugs from pto-slb-09.com ²
+
+	¹ Secured by us
+	² Unsecurable <= refused
+
+-->
+<ruleset name="phishd.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="phishd.com" />
+	<target host="www.phishd.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.phishd\.com$" name="^SID$" /-->
+
+	<securecookie host="^www\.phishd\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Phncdn.com.xml b/src/chrome/content/rules/Phncdn.com.xml
new file mode 100644
index 000000000000..23951c0402bb
--- /dev/null
+++ b/src/chrome/content/rules/Phncdn.com.xml
@@ -0,0 +1,130 @@
+<!--
+	For other PornHub coverage, see PornHub.com.xml.
+
+Invalid certificate:
+	im.18b87774.22e52e0.public.a4cdn.extremetube.phncdn.com
+	im.894aa760.2f1709d.public.a4cdn.extremetube.phncdn.com
+	im.7126b2da.471d28a.public.a4cdn.extremetube.phncdn.com
+	im.0288a07d.5d6896f.public.a4cdn.extremetube.phncdn.com
+	im.47b30b1e.9588e39.public.a4cdn.extremetube.phncdn.com
+	im.894aa760.b681617.public.a4cdn.extremetube.phncdn.com
+	im.894aa760.de4450e.public.a4cdn.extremetube.phncdn.com
+	im.51f74856.13c3ff1.public.a4cdn.keezmovies.phncdn.com
+	ci1.pornhub.phncdn.com
+	ci2.pornhub.phncdn.com
+	cl.pornhub.phncdn.com
+	i0.cdn2a.image.pornhub.phncdn.com
+	i1.cdn2a.image.pornhub.phncdn.com
+	i0.cdn2b.image.pornhub.phncdn.com
+	i1.cdn2b.image.pornhub.phncdn.com
+	cdn1b.static.pornhub.phncdn.com
+	cdn2b.video.pornhub.phncdn.com
+	cdn2b.download.spankwire.phncdn.com
+	cdn2b.public.spankwire.phncdn.com
+	ssb.phncdn.com
+	im.6ab88512.203716c.embed.a4cdn.tube8.phncdn.com
+	im.7c23b3fa.2bbf736.embed.a4cdn.tube8.phncdn.com
+	im.d2fe50da.c0aa9f8.embed.a4cdn.tube8.phncdn.com
+	im.3a9e0e7a.0c6008c.public.a4cdn.tube8.phncdn.com
+	im.76eef993.324b305.public.a4cdn.tube8.phncdn.com
+	im.d2ad5f32.34673e1.public.a4cdn.tube8.phncdn.com
+	im.3c3dd4be.617f9d0.public.a4cdn.tube8.phncdn.com
+	im.7122f172.8efe6ce.public.a4cdn.tube8.phncdn.com
+	im.d2a8bd8a.999a51f.public.a4cdn.tube8.phncdn.com
+	im.1b8a27cb.a86361e.public.a4cdn.tube8.phncdn.com
+	im.71258fda.be36313.public.a4cdn.tube8.phncdn.com
+	im.3c3dd4be.d3c658d.public.a4cdn.tube8.phncdn.com
+	im.3c3dd4be.dcc9151.public.a4cdn.tube8.phncdn.com
+	im.d301492a.e4cd084.public.a4cdn.tube8.phncdn.com
+	im.3c3dd4be.f15c795.public.a4cdn.tube8.phncdn.com
+	im.b00a68f0.f9a23d0.public.a4cdn.tube8.phncdn.com
+	im.3a9e3612.fc138d2.public.a4cdn.tube8.phncdn.com
+	cdn7f.download.tube8.phncdn.com
+	cdn7f.embed.tube8.phncdn.com
+	cdn1.image.tube8.phncdn.com
+	cdn1b.image.tube8.phncdn.com
+	cdn1e.image.tube8.phncdn.com
+	cdn2e.image.tube8.phncdn.com
+	cdn7f.public.tube8.phncdn.com
+	cdn1.static.tube8.phncdn.com
+	cdn1b.static.tube8.phncdn.com
+	cdn1e.static.tube8.phncdn.com
+	cdn2b.download.youporn.phncdn.com
+	cdn1.image.youporn.phncdn.com
+	cdn2b.image.youporn.phncdn.com
+	cdn4.image.youporn.phncdn.com
+	cdn4b.image.youporn.phncdn.com
+	cdn4f.image.youporn.phncdn.com
+	cdn5.image.youporn.phncdn.com
+	cdn5b.image.youporn.phncdn.com
+	cdn5f.image.youporn.phncdn.com
+	cdn1a.limg.pornhub.phncdn.com
+	cdn2b.mobile.youporn.phncdn.com
+	cdn2b.public.youporn.phncdn.com
+	cdn1b.static.youporn.phncdn.com
+	cdn1f.static.youporn.phncdn.com
+
+No working URL known:
+	bd.phncdn.com
+	be.phncdn.com
+	bm.phncdn.com
+	bm2.phncdn.com
+	bv.phncdn.com
+	cd.phncdn.com
+	ce.phncdn.com
+	cm.phncdn.com
+	cv.phncdn.com
+	de.phncdn.com
+	dm.phncdn.com
+	dv.phncdn.com
+
+Timeout:
+	cdn1.image.extremetube.phncdn.com
+	1.cdn1.image.extremetube.phncdn.com
+	cdn1.public.extremetube.phncdn.com
+	cdn1.static.extremetube.phncdn.com
+	cdn2.image.keezmovies.phncdn.com
+	cdn3.image.keezmovies.phncdn.com
+	cdn4.image.keezmovies.phncdn.com
+	cdn1.static.keezmovies.phncdn.com
+	cdn2.embed.mofosex.phncdn.com
+	cdn1.image.mofosex.phncdn.com
+	cdn2.public.mofosex.phncdn.com
+	cdn1.static.mofosex.phncdn.com
+	cdn2.image.pornhub.phncdn.com
+	cdn3.image.pornhub.phncdn.com
+	cdn1.static.pornmd.phncdn.com
+	cdn1.download.spankwire.phncdn.com
+	cdn1.image.spankwire.phncdn.com
+	cdn3.image.spankwire.phncdn.com
+	cdn1.public.spankwire.phncdn.com
+	cdn1.static.spankwire.phncdn.com
+	cdn1.download.youporn.phncdn.com
+	cdn1.static.youporn.phncdn.com
+-->
+<ruleset name="phncdn.com">
+	<target host="bi.phncdn.com"/>
+		<test url="http://bi.phncdn.com/pics/users/002/541/261/cover1481232543/1323x270.jpg"/>
+	<target host="bl.phncdn.com"/>
+		<test url="http://bl.phncdn.com/gif/10696011.gif"/>
+	<target host="bs.phncdn.com"/>
+		<test url="http://bs.phncdn.com/misc/pdf/pornhub_AdultColoringBook_sample.pdf"/>
+	<target host="cdn1-smallimg.phncdn.com"/>
+		<test url="http://cdn1-smallimg.phncdn.com/n172nWs1UEcnquuObA5x52osw51230gH/rta-1.gif"/>
+	<target host="cdn1d-static-shared.phncdn.com"/>
+		<test url="http://cdn1d-static-shared.phncdn.com/mg_utils-1.0.0.js"/>
+	<target host="ci.phncdn.com"/>
+		<test url="http://ci.phncdn.com/videos/201010/27/70119/original/12.jpg"/>
+	<target host="cl.phncdn.com"/>
+		<test url="http://cl.phncdn.com/gif/10718681.gif"/>
+	<target host="cs.phncdn.com"/>
+		<test url="http://cs.phncdn.com/www-static/images/pornhub_logo_straight.png"/>
+	<target host="dl.phncdn.com"/>
+		<test url="http://dl.phncdn.com/gif/1771.gif"/>
+	<target host="ss.phncdn.com"/>
+		<test url="http://ss.phncdn.com/html5player/videoPlayer/oldFlash/stable/xtube/player.swf"/>
+	<target host="ssc.phncdn.com"/>
+		<test url="http://ssc.phncdn.com/testimages2/100.png"/>
+
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/Phoenix-Media-Group.xml b/src/chrome/content/rules/Phoenix-Media-Group.xml
index f6b252ce8db2..ddb93c17ff55 100644
--- a/src/chrome/content/rules/Phoenix-Media-Group.xml
+++ b/src/chrome/content/rules/Phoenix-Media-Group.xml
@@ -3,9 +3,8 @@
 	<target host="dealchicken.com"/>
 	<target host="www.dealchicken.com"/>
 
-	<securecookie host="^www\.dealchicken\.com$" name=".*"/>
+	<securecookie host="^www\.dealchicken\.com$" name=".+" />
 
-	<rule from="^http://(www\.)?dealchicken\.com/"
-		to="https://$1dealchicken.com/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Phoenix.edu.xml b/src/chrome/content/rules/Phoenix.edu.xml
new file mode 100644
index 000000000000..295ba4e94b2f
--- /dev/null
+++ b/src/chrome/content/rules/Phoenix.edu.xml
@@ -0,0 +1,57 @@
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://phoenix.edu/ => https://phoenix.edu/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+	Nonfunctional subdomains:
+
+		- kb *
+		- store *
+
+	* Refused
+
+
+	Problematic subdomains:
+
+		- metrics *
+
+	* Omniture
+
+
+	Mixed content:
+
+		- Image on ecampus from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Phoenix.edu (partial)">
+
+	<target host="cdn.assets-phoenix.net" />
+	<target host="phoenix.edu" />
+	<target host="alumni.phoenix.edu" />
+	<target host="assets.phoenix.edu" />
+	<target host="content.phoenix.edu" />
+	<target host="ecampus.phoenix.edu" />
+	<target host="portal.phoenix.edu" />
+	<target host="sso.phoenix.edu" />
+	<target host="www.phoenix.edu" />
+	<target host="metrics.phoenix.edu" />
+	<target host="assetscdn.students.uophx.edu" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.phoenix\.edu$" name="^__sitemap__$" /-->
+	<!--securecookie host="^assets\.phoenix\.edu$" name="^assets-lb$" /-->
+	<!--securecookie host="^ecampus\.phoenix\.edu$" name="^(ASP\.NET_SessionId|ASPSESSIONID\w{8})$" /-->
+
+	<securecookie host="^(?:assets|ecampus)\.phoenix\.edu$" name=".+" />
+
+
+
+
+	<rule from="^http://metrics\.phoenix\.edu/"
+		to="https://phoenix-edu.d1.sc.omtrdc.net/" />
+
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Phone-analytics.com.xml b/src/chrome/content/rules/Phone-analytics.com.xml
index 61002211b87c..3cf28ee5a319 100644
--- a/src/chrome/content/rules/Phone-analytics.com.xml
+++ b/src/chrome/content/rules/Phone-analytics.com.xml
@@ -1,19 +1,26 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://phone-analytics.com/ => https://ssl.phone-analytics.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://phone-analytics.com/ => https://ssl.phone-analytics.com/: (28, 'Connection timed out after 10000 milliseconds')
 	Problematic subdomains:
 
 		- (www.)	(cert only matches ssl)
 
 -->
-<ruleset name="phone-analytics.com">
+<ruleset name="phone-analytics.com" default_off="failed ruleset test">
 
 	<target host="phone-analytics.com" />
-	<target host="*.phone-analytics.com" />
+	<target host="ssl.phone-analytics.com" />
+	<target host="www.phone-analytics.com" />
+	<target host="cdn.phone-analytics.com" />
 
 
-	<rule from="^https?://(?:ssl\.|www\.)?phone-analytics\.com/"
+	<rule from="^http://(?:ssl\.|www\.)?phone-analytics\.com/"
 		to="https://ssl.phone-analytics.com/" />
 
-	<rule from="^http://cdn\.phone-analytics\.com/"
-		to="https://cdn.phone-analytics.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Phone.coop.xml b/src/chrome/content/rules/Phone.coop.xml
new file mode 100644
index 000000000000..9ecd711eecda
--- /dev/null
+++ b/src/chrome/content/rules/Phone.coop.xml
@@ -0,0 +1,46 @@
+<!--
+	For other phone co-operative coverage, see Thephone.coop.xml.
+
+
+	(www.)?phone.coop: Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- my.phone.coop
+
+-->
+<ruleset name="phone.coop">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="my.phone.coop" />
+
+	<!--	Complications:
+				-->
+	<target host="phone.coop" />
+	<target host="www.phone.coop" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^my\.phone\.coop$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^my\.phone\.coop$" name=".+" />
+
+
+	<!--	Redirect keeps path, but not
+		args nor forward slash:
+					-->
+	<rule from="^http://(?:www\.)?phone\.coop/+([^?]*).*"
+		to="https://www.thephone.coop/$1" />
+
+		<test url="http://phone.coop/index?drop" />
+		<test url="http://phone.coop/index?me" />
+		<test url="http://www.phone.coop/index?drop" />
+		<test url="http://www.phone.coop/index?me" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Phoronix-Media.xml b/src/chrome/content/rules/Phoronix-Media.xml
index b99bc8402358..a199de1f6472 100644
--- a/src/chrome/content/rules/Phoronix-Media.xml
+++ b/src/chrome/content/rules/Phoronix-Media.xml
@@ -1,27 +1,45 @@
 <!--
-	Nonfunctional:
-
-		- (www.)phoronix.com	(ssl_error_rx_record_too_long)
-
+	Other Phoronix Media rulesets:
+		+ OpenBenchmarking.org.xml
+
+	Mismatched:
+		- ftp.phoronix.com
+		- haswell.phoronix.com
+		- mail.phoronix.com
+		- ns.phoronix.com
+		- ns1.phoronix.com
+		- ns2.phoronix.com
+		- phx1.phoronix.com
+		- sky.phoronix.com
+		- www.sky.phoronix.com
 -->
-<ruleset name="Phoronix Media (partial)" platform="mixedcontent">
 
-	<target host="openbenchmarking.org" />
-	<target host="www.openbenchmarking.org" />
-	<target host="phoromatic.com" />
-	<target host="www.phoromatic.com" />
+<ruleset name="Phoronix">
+	<target host="phoronix.com" />
+	<target host="www.phoronix.com" />
+	<target host="forums.phoronix.com" />
+	<target host="www.forums.phoronix.com" />
+	<target host="global.phoronix.com" />
 
+	<target host="phoronix.net"/>
+	<target host="www.phoronix.net" />
+	<target host="mail.phoronix.net" />
 
-	<securecookie host="^openbenchmarking\.org$" name=".*" />
-	<securecookie host="^phoromatic\.com$" name=".*" />
+	<target host="phoronix-media.com" />
+	<target host="www.phoronix-media.com" />
+	<target host="mail.phoronix-media.com" />
 
+	<target host="phoromatic.com" />
+	<target host="www.phoromatic.com" />
+	<target host="kernel-tracker.phoromatic.com" />
+	<target host="mail.phoromatic.com" />
+	<target host="ubuntu-tracker.phoromatic.com" />
 
-	<!--	Michael has noticed our shenanigans and disabled https for pages (unless you pay up).
-		https://trac.torproject.org/projects/tor/ticket/5728	-->
-	<rule from="^http://(www\.)?openbenchmarking\.org/(ads/|(?:create/comment/|result/)?css/|embed\.php|favicon\.ico|s/css/)"
-		to="https://$1openbenchmarking.org/$2" />
+	<target host="phoronix-test-suite.com" />
+	<target host="www.phoronix-test-suite.com" />
+	<target host="mail.phoronix-test-suite.com" />
 
-	<rule from="^http://(?:www\.)?phoromatic\.com/"
-		to="https://phoromatic.com/" />
+	<securecookie host=".+" name=".+" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Photo-Montier.org.xml b/src/chrome/content/rules/Photo-Montier.org.xml
new file mode 100644
index 000000000000..b7b64fc28145
--- /dev/null
+++ b/src/chrome/content/rules/Photo-Montier.org.xml
@@ -0,0 +1,11 @@
+<ruleset name="Montier Festival Photo">
+
+	<target host="photo-montier.org" />
+	<target host="www.photo-montier.org" />
+	<target host="concours.photo-montier.org" />
+	<target host="exposants.photo-montier.org" />
+	<target host="prod.photo-montier.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PhotoBlab.xml b/src/chrome/content/rules/PhotoBlab.xml
index a6ae533cd4d3..aa1158a9668d 100644
--- a/src/chrome/content/rules/PhotoBlab.xml
+++ b/src/chrome/content/rules/PhotoBlab.xml
@@ -1,4 +1,11 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://photoblab.com/ (200) => https://photoblab.herokuapp.com/ (404)
+Non-2xx HTTP code: http://www.photoblab.com/ (200) => https://photoblab.herokuapp.com/ (404)
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://photoblab.com/ => https://photoblab.herokuapp.com/: (6, 'Could not resolve host: photoblab.com')
 	CDN buckets:
 
 		- photoblab.s3-eu-west-1.amazonaws.com
@@ -10,13 +17,13 @@
 		- (www.)photoblab.com	(mismatched, CN: *.herokuapp.com)
 
 -->
-<ruleset name="PhotoBlab">
+<ruleset name="PhotoBlab" default_off="failed ruleset test">
 
 	<target host="photoblab.com" />
 	<target host="www.photoblab.com" />
 
 
-	<rule from="^https?://(?:www\.)?photoblab\.com/"
+	<rule from="^http://(?:www\.)?photoblab\.com/"
 		to="https://photoblab.herokuapp.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/PhotoMath.net.xml b/src/chrome/content/rules/PhotoMath.net.xml
new file mode 100644
index 000000000000..9242d51ca999
--- /dev/null
+++ b/src/chrome/content/rules/PhotoMath.net.xml
@@ -0,0 +1,16 @@
+<!--
+	For other microblink coverage, see Microblink.com.xml.
+
+-->
+<ruleset name="PhotoMath.net">
+
+	<target host="photomath.net" />
+	<target host="www.photomath.net" />
+
+
+	<securecookie host="^\.photomath\.net$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PhotoPay.net.xml b/src/chrome/content/rules/PhotoPay.net.xml
new file mode 100644
index 000000000000..31593866263d
--- /dev/null
+++ b/src/chrome/content/rules/PhotoPay.net.xml
@@ -0,0 +1,16 @@
+<!--
+	For other microblink coverage, see Microblink.com.xml.
+
+-->
+<ruleset name="PhotoPay.net">
+
+	<target host="photopay.net" />
+	<target host="www.photopay.net" />
+
+
+	<securecookie host="^\.photopay\.net$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PhotoPea.com.xml b/src/chrome/content/rules/PhotoPea.com.xml
new file mode 100644
index 000000000000..3a9fbc82ef15
--- /dev/null
+++ b/src/chrome/content/rules/PhotoPea.com.xml
@@ -0,0 +1,17 @@
+<!--
+	Mismatched:
+		- ftp.photopea.com
+		- imap.photopea.com
+		- mail.photopea.com
+		- png.photopea.com
+		- smtp.photopea.com
+		- upng.photopea.com
+-->
+<ruleset name="PhotoPea.com">
+	<target host="photopea.com" />
+	<target host="www.photopea.com" />
+	<target host="blog.photopea.com" />
+	<target host="webmail.photopea.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PhotoShelter.xml b/src/chrome/content/rules/PhotoShelter.xml
index 75da1ab061eb..d9e662b95e5b 100644
--- a/src/chrome/content/rules/PhotoShelter.xml
+++ b/src/chrome/content/rules/PhotoShelter.xml
@@ -1,43 +1,33 @@
 <!--
-	Nonfunctional subdomains:
-
-		- blog
-
-
-	Problematic subdomains:
-
-		- cdn.c		(works, CN: gp1.wac.edgecastcdn.net)
-		- css.c		(CN: gp1.wac.edgecastcdn.net; 404)
-
-
-	Partially covered subdomains:
-
-		- (www.)	(some pages redirect to http)
+	Active mixed content:
+		- nipponnews.photoshelter.com
 
+	Invalid certificate:
+		- cdn.c, equivalent to c
+		- css.c, equivalent to c
 
 	Fully covered subdomains:
-
+		- blog
 		- c
-		- cdn.c	(→ c.photoshelter.com)
-		- css.c
-		- \w+	(unique subdomain per client)
-
+		- www
+		- [\w-]+ (unique subdomain per client)
 -->
-<ruleset name="PhotoShelter (partial)">
 
+<ruleset name="PhotoShelter (partial)">
 	<target host="photoshelter.com" />
 	<target host="*.photoshelter.com" />
-		<exclusion pattern="^http://blog\." />
-		<exclusion pattern="^http://(?:www\.)?photoshelter\.com/(?:about/|mkt/research/)?index(?:$|\?)" />
-
+		<exclusion pattern="^http://nipponnews\.photoshelter.com/" />
+			<test url="http://nipponnews.photoshelter.com/image/" />
 
-	<!--rule from="^http://www\.photoshelter\.com/(about|benefit|css|help|img|signup|support|tour|website-examples)($|\?|/)"
-		to="https://www.photoshelter.com/$1$2" /-->
-
-	<rule from="^https?://c(?:dn|ss)\.c\.photoshelter\.com/"
+	<rule from="^http://(cdn|css)\.c\.photoshelter\.com/"
 		to="https://c.photoshelter.com/" />
+		<test url="http://cdn.c.photoshelter.com/" />
+		<test url="http://css.c.photoshelter.com/" />
 
-	<rule from="^http://(\w+\.)?photoshelter\.com/"
+	<rule from="^http://([\w-]+\.)?photoshelter\.com/"
 		to="https://$1photoshelter.com/" />
-
-</ruleset>
\ No newline at end of file
+		<test url="http://www.photoshelter.com/" />
+		<test url="http://agriphoto.photoshelter.com/" />
+		<test url="http://blog.photoshelter.com/" />
+		<test url="http://dafjones.photoshelter.com/" />
+</ruleset>
diff --git a/src/chrome/content/rules/PhotoSugar.com.xml b/src/chrome/content/rules/PhotoSugar.com.xml
deleted file mode 100644
index 2c5b70642534..000000000000
--- a/src/chrome/content/rules/PhotoSugar.com.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	CDN buckets:
-
-		- d1bcrgpvrd4eqj.cloudfront.net
-
-			- assets
-			- assets[0-3]
-
--->
-<ruleset name="PhotoSugar.com">
-
-	<target host="photosugar.com" />
-	<target host="*.photosugar.com" />
-
-
-	<securecookie host="^(?:www)?\.photosugar\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?photosugar\.com/"
-		to="https://$1photosugar.com/" />
-
-	<rule from="^http://assets\d?\.photosugar\.com/"
-		to="https://d1bcrgpvrd4eqj.cloudfront.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Photobucket.xml b/src/chrome/content/rules/Photobucket.xml
index 3db51193fefc..1a3412963d24 100644
--- a/src/chrome/content/rules/Photobucket.xml
+++ b/src/chrome/content/rules/Photobucket.xml
@@ -1,4 +1,9 @@
 <!--
+	Other Photobucket rulesets:
+
+		- Pbsrc.com.xml
+
+
 	CDN buckets:
 
 		- crtl.aimatch.com
@@ -6,11 +11,7 @@
 			- b.photobucket.com
 
 		- wpc.38F2.edgecastcdn.net
-
 		- wpc.3901.edgecastcdn.net
-
-			- i000[1-9].photobucket.com
-
 		- wac.3B2E.edgecastcdn.net
 
 			- pic.pbsrc.com
@@ -18,105 +19,97 @@
 
 		- wac.3B49.edgecastcdn.net
 
-			- static.pbsrc.com	
+			- static.pbsrc.com
 
 		- cdn.photobucket.com.c.footprint.net
 
 			- img.photobucket.com
-			- i120\d.photobucket.com
-
 
-	Nonfunctional domains:
 
-		- static.pbsrc.com	(404, CN: gp1.wac.edgecastcdn.net)
+	Nonfunctional hosts in *photobucket.com:
 
-		- photobucket.com subdomains:
-
-			- ^ *
-			- s11.beta *
-			- smg.beta *
-			- i0006 **
-			- i1205 **
-			- i1218 *
-			- i1272 *
-			- i619
-			- img *
-			- s11 *
-			- s515 *
-			- s1218 *
-			- simg *
+		- ^ *
+		- s11.beta *
+		- smg.beta *
+		- img *
+		- s11 *
+		- s515 *
+		- s1218 *
+		- simg *
+		- support ³
 
 	* Times out
 	** 404, CN: edgecastcdn.net
+	³ Zendesk
 
 
-	Problematic domains:
+	Problematic hosts in *photobucket.com:
 
-		- pbsrc.com subdomains:
+		- beta **
+		- s619.beta **
+		- ox-d		(Mismatched
+		- pic
 
-			- pic *
-			- pic2 *
-			- static2 *
+	* CN: gp1.wac.edgecastcdn.net; 404
+	** Times out
 
-		- photobucket.com subdomains:
 
-			- b		(mismatched, CN: *.aimatch.com)
-			- beta **
-			- s619.beta **
-			- pic
+	Partially covered  hosts in *photobucket.com:
 
-	* CN: gp1.wac.edgecastcdn.net; 404
-	** Times out
+		- s619.beta	(some paths redirect back)
 
 
-	Partially covered domains:
+	Fully covered hosts in *photobucket.com:
 
-		- s619.beta.photobucket.com	(some paths redirect back)
+		- b
+		- beta			(→ secure-beta.photobucket.com)
+		- i\d+
+		- pic			(→ pbsrc.com)
+		- secure-beta
 
 
-	Fully covered domains:
+	These altnames don't exist:
 
-		pbsrc.com subdomains:
+		- www.b.photobucket.com
 
-			- (www.)
-			- opic2
-			- ostatic2
-			- pic			(→ pbsrc.com)
-			- pic2			(→ opic2.pbsrc.com)
-			- static2		(→ ostatic2.pbsrc.com)
 
-		- photobucket.com subdomains:
+	Insecure cookies are set for these domains:
 
-			- b			(→ crtl.aimatch.com)
-			- beta			(→ secure-beta.photobucket.com)
-			- pic			(→ pbsrc.com)
-			- secure-beta
+		- .photobucket.com
 
 -->
-<ruleset name="Photobucket (partial)">
+<ruleset name="Photobucket.com (partial)">
 
-	<target host="pbsrc.com" />
-	<target host="*.pbsrc.com" />
 	<target host="*.photobucket.com" />
-		<exclusion pattern="^http://s619\.beta\.photobucket\.com/(?!action/|component/)" />
-		
 
-	<rule from="^http://(www\.)?pbsrc\.com/"
-		to="https://$1pbsrc.com/" />
+		<exclusion pattern="^http://s\d+\.beta\.photobucket\.com/(?!action/|component/)" />
+		<exclusion pattern="^http://s\d+\.photobucket\.com/+(?!albums/w\d+/\w+/pbprofilepics/)" />
 
-	<rule from="^http://pic\.p(?:bsrc|hotobucket)\.com/"
-		to="https://pbsrc.com/" />
+			<!--	+ve:
+					-->
+			<test url="http://s176.photobucket.com/user/Lianne-photo/library/Antwerpen%202008" />
+
+		<test url="http://b.photobucket.com/" />
+		<test url="http://i1382.photobucket.com/albums/ah245/PhotobucketMKTG/WebSliders/SpringSavingsLanding.jpg~original" />
+		<test url="http://secure.photobucket.com/login" />
+		<test url="http://secure.photobucket.com/register" />
 
-	<rule from="^http://o?(pic|static)2\.pbsrc\.com/"
-		to="https://o$12.pbsrc.com/" />
 
-	<rule from="^http://b\.photobucket\.com/"
-		to="https://crtl.aimatch.com/" />
+	<!--	Not secured by server:
+					-->
+	<securecookie host="^\.photobucket\.com$" name="^(External|Hint|puid)$" />
 
-	<rule from="^http://(?:s619\.|secure-)?beta\.photobucket\.com/"
+
+	<rule from="^http://s\d+\.beta\.photobucket\.com/"
 		to="https://secure-beta.photobucket.com/" />
 
-	<rule from="^http://secure\.photobucket\.com/"
+	<rule from="^http://pic\.photobucket\.com/"
+		to="https://pbsrc.com/" />
+
+	<rule from="^http://s\d+\.photobucket\.com/"
 		to="https://secure.photobucket.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http://(b|i\d+|secure|secure-beta)\.photobucket\.com/"
+		to="https://$1.photobucket.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Photographer.io.xml b/src/chrome/content/rules/Photographer.io.xml
index 4c9498b3fb97..e304a4a4ad71 100644
--- a/src/chrome/content/rules/Photographer.io.xml
+++ b/src/chrome/content/rules/Photographer.io.xml
@@ -1,19 +1,25 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://photographer.io/ => https://photographer.io/: (60, 'SSL certificate problem: self signed certificate')
+Fetch error: http://www.photographer.io/ => https://www.photographer.io/: (60, 'SSL certificate problem: self signed certificate')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://photographer.io/ => https://photographer.io/: (7, 'Failed to connect to photographer.io port 443: Connection refused')
 	Nonfunctional subdomains:
 
 		- blog	(503, valid cert)
 
 -->
-<ruleset name="Photographer.io (partial)">
+<ruleset name="Photographer.io (partial)" default_off="failed ruleset test">
 
 	<target host="photographer.io" />
-	<target host="*.photographer.io" />
+	<target host="www.photographer.io" />
 
 
 	<securecookie host="^(?:www)?\.photographer\.io$" name=".+" />
 
 
-	<rule from="^http://(www\.)?photographer\.io/"
-		to="https://$1photographer.io/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/PhotographyTalk.com.xml b/src/chrome/content/rules/PhotographyTalk.com.xml
index 1de0f1cb4e4a..e7fc259b6642 100644
--- a/src/chrome/content/rules/PhotographyTalk.com.xml
+++ b/src/chrome/content/rules/PhotographyTalk.com.xml
@@ -1,13 +1,12 @@
 <ruleset name="PhotographyTalk.com">
 
 	<target host="photographytalk.com" />
-	<target host="*.photographytalk.com" />
+	<target host="www.photographytalk.com" />
 
 
 	<securecookie host="^(?:www)?\.photographytalk\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?photographytalk\.com/"
-		to="https://$1photographytalk.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Photographylife.com.xml b/src/chrome/content/rules/Photographylife.com.xml
new file mode 100644
index 000000000000..e85e8f7b7cad
--- /dev/null
+++ b/src/chrome/content/rules/Photographylife.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Photographylife.com">
+	<target host="photographylife.com" />
+	<target host="www.photographylife.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PhotonConsulting.xml b/src/chrome/content/rules/PhotonConsulting.xml
deleted file mode 100644
index 47c25c1fd058..000000000000
--- a/src/chrome/content/rules/PhotonConsulting.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="Photonconsulting.com">
-  <target host="photonconsulting.com" />
-  <target host="www.photonconsulting.com" />
-
-  <rule from="^http://(www\.)?photonconsulting\.com/" to="https://www.photonconsulting.com/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Photoprintit.com.xml b/src/chrome/content/rules/Photoprintit.com.xml
index 8edd8b72e369..5d4b5a522256 100644
--- a/src/chrome/content/rules/Photoprintit.com.xml
+++ b/src/chrome/content/rules/Photoprintit.com.xml
@@ -1,15 +1,13 @@
 <ruleset name="photoprintit.com">
 
-	<target host="*.photoprintit.com" />
+	<target host="as.photoprintit.com" />
+	<target host="cs.photoprintit.com" />
 
 
 	<!--	Tracking cookies:
-					-->
-	<securecookie host="^\.photoprintit\.com$" name="^s_\w+$" />
-	<securecookie host="^as\.photoprintit\.com$" name=".+" />
+					-->	<securecookie host="^as\.photoprintit\.com$" name=".+" />
 
 
-	<rule from="^http://(a|c)s\.photoprintit\.com/"
-		to="https://$1s.photoprintit.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Photosynth.xml b/src/chrome/content/rules/Photosynth.xml
index 3d9514ac44b6..da47218da5ee 100644
--- a/src/chrome/content/rules/Photosynth.xml
+++ b/src/chrome/content/rules/Photosynth.xml
@@ -1,23 +1,21 @@
-<!--
-	For other Microsoft coverage, see Microsoft.xml.
 
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://photosynth.net/ => https://photosynth.net/: (7, 'Failed to connect to photosynth.net port 443: Connection timed out')
+Fetch error: http://www.photosynth.net/ => https://www.photosynth.net/: (7, 'Failed to connect to www.photosynth.net port 443: Connection timed out')
+Fetch error: http://cdn.photosynth.net/ => https://cdn.photosynth.net/: (6, 'Could not resolve host: cdn.photosynth.net')
 
+	For other Microsoft coverage, see Microsoft.xml.
 -->
-<ruleset name="Photosynth" platform="mixedcontent">
+<ruleset name="Photosynth.net" default_off="failed ruleset test">
 
 	<target host="photosynth.net" />
-	<target host="*.photosynth.net" />
-
-
-	<securecookie host="^(www\.)?photosynth\.net$" name=".*" />
+	<target host="www.photosynth.net" />
+	<target host="cdn.photosynth.net" />
 
+	<securecookie host="^(?:www\.)?photosynth\.net$" name=".+" />
 
-	<!--	cdn:
-			- Cert: *.sharepointonline.com
-			- Shows blank page over https
-				-LimeLight CDN?
-					-->
-	<rule from="^https?://(?:cdn\.|(www\.))?photosynth\.net/"
-		to="https://$1photosynth.net/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/PhpBB.xml b/src/chrome/content/rules/PhpBB.xml
index 8386c327515a..a1f35c90d98e 100644
--- a/src/chrome/content/rules/PhpBB.xml
+++ b/src/chrome/content/rules/PhpBB.xml
@@ -1,7 +1,9 @@
 <!--
 	Nonfunctional subdomains:
 
-		- lists
+		- lists *
+
+	* Refused
 
 
 	Partially covered subdomains:
@@ -24,6 +26,7 @@
 	Fully covered subdomains:
 
 		- (www.)
+		- area51
 		- bamboo
 		- blog
 		- camo
@@ -35,14 +38,20 @@
 <ruleset name="phpBB (partial)">
 
 	<target host="phpbb.com" />
-	<target host="*.phpbb.com" />
+	<target host="area51.phpbb.com" />
+	<target host="bamboo.phpbb.com" />
+	<target host="blog.phpbb.com" />
+	<target host="camo.phpbb.com" />
+	<target host="download.phpbb.com" />
+	<target host="tracker.phpbb.com" />
+	<target host="wiki.phpbb.com" />
+	<target host="www.phpbb.com" />
 		<exclusion pattern="^http://tracker\.phpbb\.com/plugins/servlet/gadgets/dashboard-diagnostics" />
 
 
 	<securecookie host="^(?:bamboo|wiki)?\.phpbb\.com$" name=".+" />
 
 
-	<rule from="^http://((?:area51|bamboo|blog|camo|download|tracker|wiki|www)\.)?phpbb\.com/"
-		to="https://$1phpbb.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/PhpMyAdmin.net.xml b/src/chrome/content/rules/PhpMyAdmin.net.xml
deleted file mode 100644
index c4d6656b4250..000000000000
--- a/src/chrome/content/rules/PhpMyAdmin.net.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)	(refused)
-		- demo		(404, valid cert)
-
--->
-<ruleset name="phpMyAdmin.net (partial)">
-
-	<target host="wiki.phpmyadmin.net" />
-
-
-	<securecookie host="^wiki\.phpmyadmin\.net$" name=".+" />
-
-
-	<rule from="^http://wiki\.phpmyadmin\.net/"
-		to="https://wiki.phpmyadmin.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Phparchitect.xml b/src/chrome/content/rules/Phparchitect.xml
index 354beb75c909..9f447711f0ed 100644
--- a/src/chrome/content/rules/Phparchitect.xml
+++ b/src/chrome/content/rules/Phparchitect.xml
@@ -5,7 +5,11 @@
 <ruleset name="php[architect] (partial)">
 
 	<target host="phparch.com" />
-	<target host="*.phparch.com" />
+	<target host="codeworks.phparch.com" />
+	<target host="summits.phparch.com" />
+	<target host="tek13.phparch.com" />
+	<target host="www.phparch.com" />
+	<target host="tek.phparch.com" />
 		<exclusion pattern="^http://(?:codeworks\.|www\.)?phparch\.com/(?!favicon\.ico|wp-content/)" />
 
 
@@ -18,4 +22,4 @@
 	<rule from="^http://tek\.phparch\.com/wp-content/"
 		to="https://tek13.phparch.com/wp-content/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Phpclasses.org.xml b/src/chrome/content/rules/Phpclasses.org.xml
new file mode 100644
index 000000000000..5841140342a2
--- /dev/null
+++ b/src/chrome/content/rules/Phpclasses.org.xml
@@ -0,0 +1,15 @@
+<!--files. refused
+(www.)?phpclasses.net mismatch
+safe.phpclasses.net mismatch
+ww.phpclasses.net mismatch-->
+<ruleset name="Phpclasses.org" platform="mixedcontent">
+	<target host="phpclasses.org" />
+	<target host="www.phpclasses.org" />
+	<target host="phpclasses.net" />
+	<target host="www.phpclasses.net" />
+
+	<rule from="^http://(www\.)?phpclasses\.net/"
+		to="https://$1phpclasses.org/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Phpdoc.org.xml b/src/chrome/content/rules/Phpdoc.org.xml
new file mode 100644
index 000000000000..48450dc15c42
--- /dev/null
+++ b/src/chrome/content/rules/Phpdoc.org.xml
@@ -0,0 +1,20 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://qa.phpdoc.org/ => https://qa.phpdoc.org/: (6, 'Could not resolve host: qa.phpdoc.org')
+
+
+-->
+<ruleset name="PhpDocumentor" default_off="failed ruleset test">
+    <target host="phpdoc.org" />
+    <target host="www.phpdoc.org" />
+    <target host="demo.phpdoc.org" />
+    <target host="manual.phpdoc.org" />
+    <target host="pear.phpdoc.org" />
+    <target host="qa.phpdoc.org" />
+
+    <securecookie host="^(www\.|demo\.|manual\.|pear\.|qa\.)?phpdoc\.org" name=".+" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Phusion_Passenger.com.xml b/src/chrome/content/rules/Phusion_Passenger.com.xml
index 047050ac74dc..de3f5ee936f1 100644
--- a/src/chrome/content/rules/Phusion_Passenger.com.xml
+++ b/src/chrome/content/rules/Phusion_Passenger.com.xml
@@ -1,13 +1,22 @@
+<!--
+	These altnames don't exist:
+
+		- www.oss-binaries.phusionpassenger.com
+
+-->
 <ruleset name="Phusion Passenger.com">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="phusionpassenger.com" />
+	<target host="oss-binaries.phusionpassenger.com" />
 	<target host="www.phusionpassenger.com" />
 
 
-	<securecookie host="^www\.phusionpassenger\.com$" name=".+" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^http://(www\.)?phusionpassenger\.com/"
-		to="https://$1phusionpassenger.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/PhysicsOverflow.org.xml b/src/chrome/content/rules/PhysicsOverflow.org.xml
new file mode 100644
index 000000000000..9965abffb4b3
--- /dev/null
+++ b/src/chrome/content/rules/PhysicsOverflow.org.xml
@@ -0,0 +1,6 @@
+<ruleset name="Physicsoverflow.org">
+	<target host="physicsoverflow.org" />
+	<target host="www.physicsoverflow.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PhysicsTravelGuide.com.xml b/src/chrome/content/rules/PhysicsTravelGuide.com.xml
new file mode 100644
index 000000000000..f6f6ee777349
--- /dev/null
+++ b/src/chrome/content/rules/PhysicsTravelGuide.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="PhysicsTravelGuide.com">
+	<target host="physicstravelguide.com" />
+	<target host="www.physicstravelguide.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Physics_Forums.com.xml b/src/chrome/content/rules/Physics_Forums.com.xml
new file mode 100644
index 000000000000..1d5ced7a58d1
--- /dev/null
+++ b/src/chrome/content/rules/Physics_Forums.com.xml
@@ -0,0 +1,15 @@
+<ruleset name="Physics Forums.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="physicsforums.com" />
+	<target host="www.physicsforums.com" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PiStar.uk.xml b/src/chrome/content/rules/PiStar.uk.xml
new file mode 100644
index 000000000000..9f476471384b
--- /dev/null
+++ b/src/chrome/content/rules/PiStar.uk.xml
@@ -0,0 +1,10 @@
+<ruleset name="PiStar.uk">
+	<target host="pistar.uk" />
+	<target host="www.pistar.uk" />
+	<target host="download.pistar.uk" />
+	<target host="forum.pistar.uk" />
+	<target host="multi-reflector.pistar.uk" />
+	<target host="wiki.pistar.uk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PiaoHua.com.xml b/src/chrome/content/rules/PiaoHua.com.xml
new file mode 100644
index 000000000000..68371977ddc7
--- /dev/null
+++ b/src/chrome/content/rules/PiaoHua.com.xml
@@ -0,0 +1,30 @@
+<!--
+	Non-functional subdomains:
+
+		- dy125		(t)
+		- dy126		(t)
+		- dy195		(t)
+		- dy44		(t)
+		- img		(t)
+		- pic		(t)
+		- so		(t)
+		- xs		(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="PiaoHua.com">
+
+	<target host="www.piaohua.com" />
+	<target host="admin2.piaohua.com" />
+
+	<target host="img.piaowu99.com" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Piatnik.de.xml b/src/chrome/content/rules/Piatnik.de.xml
deleted file mode 100644
index 4757dd336301..000000000000
--- a/src/chrome/content/rules/Piatnik.de.xml
+++ /dev/null
@@ -1,5 +0,0 @@
-<ruleset name="Piatnik Deutschland">
-	<target host="piatnik.de" />
-
-	<rule from="^http://piatnik\.de/" to="https://piatnik.de/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Piatt_County_Journal-Republican.xml b/src/chrome/content/rules/Piatt_County_Journal-Republican.xml
index d34fee81ef56..5492b09eb124 100644
--- a/src/chrome/content/rules/Piatt_County_Journal-Republican.xml
+++ b/src/chrome/content/rules/Piatt_County_Journal-Republican.xml
@@ -15,4 +15,4 @@
 	<rule from="^http://(?:www\.)?journal-republican\.com/(misc/|sites/|user(?:$|\?|/))"
 		to="https://www.journal-republican.com/$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Piazza.com.xml b/src/chrome/content/rules/Piazza.com.xml
new file mode 100644
index 000000000000..32dc23bdde0c
--- /dev/null
+++ b/src/chrome/content/rules/Piazza.com.xml
@@ -0,0 +1,20 @@
+<ruleset name="Piazza.com">
+
+	<target host="piazza.com" />
+	<target host="recruiting.piazza.com" />
+	<target host="www.piazza.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?piazza\.com$" name="^piazza_session$" /-->
+	<!--securecookie host="^recruiting\.piazza\.com$" name="^piazza_recruiting$" /-->
+
+	<securecookie host="^\w" name=".+" />
+	<securecookie host="^\." name="^_gat?$" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Picatcha.xml b/src/chrome/content/rules/Picatcha.xml
index 871044d44b00..3a782f55e15c 100644
--- a/src/chrome/content/rules/Picatcha.xml
+++ b/src/chrome/content/rules/Picatcha.xml
@@ -1,4 +1,9 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://api.picatcha.com/ => https://api.picatcha.com/: (60, 'SSL certificate problem: self signed certificate')
+Fetch error: http://www.api.picatcha.com/ => https://www.api.picatcha.com/: (60, 'SSL certificate problem: self signed certificate')
+
 	Nonfunctional subdomains:
 
 		- (www.)	($ redirects to http, other paths 404; mismatched, CN: api.picatcha.com)
@@ -7,12 +12,12 @@
 	(www.)api serves captchas on 3rd-party websites.
 
 -->
-<ruleset name="Picatcha (partial)">
+<ruleset name="Picatcha (partial)" default_off="failed ruleset test">
 
-	<target host="*.picatcha.com" />
+	<target host="api.picatcha.com" />
+	<target host="www.api.picatcha.com" />
 
 
-	<rule from="^http://(www\.)?api\.picatcha\.com/"
-		to="https://$1api.picatcha.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Pickaweb.xml b/src/chrome/content/rules/Pickaweb.xml
index adf6b5e115ef..f434de87f798 100644
--- a/src/chrome/content/rules/Pickaweb.xml
+++ b/src/chrome/content/rules/Pickaweb.xml
@@ -27,4 +27,4 @@
 	<rule from="^http://support\.pickaweb\.co\.uk/(assets/)"
 		to="https://app.sirportly.com/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Picload.org.xml b/src/chrome/content/rules/Picload.org.xml
new file mode 100644
index 000000000000..d92ecfd6a8aa
--- /dev/null
+++ b/src/chrome/content/rules/Picload.org.xml
@@ -0,0 +1,24 @@
+<!--
+	For other toFOUR coverage, see ToFOUR.net.xml.
+
+-->
+<ruleset name="picload.org">
+
+	<target host="picload.org" />
+	<target host="img1.picload.org" />
+	<target host="img2.picload.org" />
+	<target host="img3.picload.org" />
+	<target host="img4.picload.org" />
+	<target host="img5.picload.org" />
+	<target host="static.picload.org" />
+	<target host="upload.picload.org" />
+	<target host="www.picload.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PicnicHealth.com.xml b/src/chrome/content/rules/PicnicHealth.com.xml
new file mode 100644
index 000000000000..f7a83cb9e07d
--- /dev/null
+++ b/src/chrome/content/rules/PicnicHealth.com.xml
@@ -0,0 +1,38 @@
+<!--
+	Fully covered hosts in *picnichealth.com:
+
+		- (www.)?
+		- app
+		- blog
+		- demo
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- picnichealth.com
+		- .picnichealth.com
+
+-->
+<ruleset name="PicnicHealth.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="picnichealth.com" />
+	<target host="app.picnichealth.com" />
+	<target host="blog.picnichealth.com" />
+	<target host="demo.picnichealth.com" />
+	<target host="www.picnichealth.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^picnichealth\.com$" name="^sdata$" /-->
+	<!--securecookie host="^\.?picnichealth\.com$" name="^sid$" /-->
+
+	<securecookie host="^\.?picnichealth\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PicoMoney.xml b/src/chrome/content/rules/PicoMoney.xml
index 680a8c9aa95f..4bbbc4d06a24 100644
--- a/src/chrome/content/rules/PicoMoney.xml
+++ b/src/chrome/content/rules/PicoMoney.xml
@@ -1,13 +1,21 @@
-<ruleset name="PicoMoney">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://picomoney.com/ => https://picomoney.com/: (7, 'Failed to connect to picomoney.com port 443: Connection refused')
+Fetch error: http://www.picomoney.com/ => https://www.picomoney.com/: (7, 'Failed to connect to www.picomoney.com port 443: Connection refused')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://picomoney.com/ => https://picomoney.com/: Cycle detected - URL already encountered: http://www.picomoney.com/
+-->
+<ruleset name="PicoMoney" default_off="failed ruleset test">
 
 	<target host="picomoney.com" />
-	<target host="*.picomoney.com" />
+	<target host="www.picomoney.com" />
 
 
 	<securecookie host="^\.?picomoney\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?picomoney\.com/"
-		to="https://$1picomoney.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/PicoStocks.com.xml b/src/chrome/content/rules/PicoStocks.com.xml
new file mode 100644
index 000000000000..68c00dd0ffca
--- /dev/null
+++ b/src/chrome/content/rules/PicoStocks.com.xml
@@ -0,0 +1,19 @@
+<!--
+	For more BioInfoBank.com related ruleset, see BioInfoBank.com.xml
+
+	Non-functional hosts
+		Timeout was reached:
+			 - dns2.picostocks.com
+
+		SSL peer certificate was not OK:
+			 - dns1.picostocks.com
+			 - dns3.picostocks.com
+-->
+<ruleset name="PicoStocks.com (partial)">
+	<target host="picostocks.com" />
+	<target host="www.picostocks.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Picosong.com.xml b/src/chrome/content/rules/Picosong.com.xml
new file mode 100644
index 000000000000..3ca54d78ab17
--- /dev/null
+++ b/src/chrome/content/rules/Picosong.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="Picosong">
+
+	<target host="picosong.com" />
+	<target host="www.picosong.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Picoville.com.xml b/src/chrome/content/rules/Picoville.com.xml
new file mode 100644
index 000000000000..77b7eaa22376
--- /dev/null
+++ b/src/chrome/content/rules/Picoville.com.xml
@@ -0,0 +1,17 @@
+<ruleset name="Picoville.com">
+
+	<target host="picoville.com" />
+	<target host="assets.picoville.com" />
+	<target host="www.picoville.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^picoville\.com$" name="^(cfid|cftoken)$" /-->
+
+	<securecookie host="^\.?picoville\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Picplz.xml b/src/chrome/content/rules/Picplz.xml
deleted file mode 100644
index 14dfa285a533..000000000000
--- a/src/chrome/content/rules/Picplz.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="Picplz" platform="mixedcontent">
-	<target host="picplz.com" />
-	<target host="www.picplz.com" />
-	
-	<securecookie host="^(.+\.)?picplz\.com$" name=".*"/>
-	
-	<rule from="^http://(?:www\.)?picplz\.com/" to="https://picplz.com/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/Picsity.com.xml b/src/chrome/content/rules/Picsity.com.xml
deleted file mode 100644
index ff1d46776898..000000000000
--- a/src/chrome/content/rules/Picsity.com.xml
+++ /dev/null
@@ -1,41 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- smsquare *
-		- thumbs[012] *
-		- users *
-
-	* Redirects to ^picsity.com; mismatched, CN: picsity.com
-
-
-	Problematic subdomains:
-
-		- ps-assets	(works; mismatched, CN: picsity.com)
-
-
-	Fully covered subdomains:
-
-		- (www.)
-		- ps-assets	(→ ^)
-
-
-	Mixed images on ^ from smsquare, thumbs[012], and
-	users, not a problem for mixed content blocking.
-
-	All active resources are loaded from ps-assets.
-
--->
-<ruleset name="Picsity.com (partial)">
-
-	<target host="picsity.com" />
-	<target host="*.picsity.com" />
-
-
-	<securecookie host="^picsity\.com$" name=".+" />
-	<securecookie host="^\.picsity\.com$" name="^_ga$" />
-
-
-	<rule from="^http://(?:ps-assets\.|(www\.))?picsity\.com/"
-		to="https://$1picsity.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Pictomania.xml b/src/chrome/content/rules/Pictomania.xml
index e61ce68b4ed7..191f504f3aa1 100644
--- a/src/chrome/content/rules/Pictomania.xml
+++ b/src/chrome/content/rules/Pictomania.xml
@@ -11,13 +11,13 @@
 		<!--
 			404
 				-->
-		<exclusion pattern="^https?://(?:www\.)?pic(?:shareunit|tomania)\.com/env/.+\.(?:gif|jpe?g|png)(?:$|\?)" />
+		<exclusion pattern="^http://(?:www\.)?pic(?:shareunit|tomania)\.com/env/.+\.(?:gif|jpe?g|png)(?:$|\?)" />
 
 
 	<securecookie host="^pic(?:shareunit|tomania)\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?pic(shareunit|tomania)\.com/"
+	<rule from="^http://(?:www\.)?pic(shareunit|tomania)\.com/"
 		to="https://pic$1.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Pictos.xml b/src/chrome/content/rules/Pictos.xml
index c866626f6216..c6760280ea12 100644
--- a/src/chrome/content/rules/Pictos.xml
+++ b/src/chrome/content/rules/Pictos.xml
@@ -4,21 +4,31 @@
 		- pictos.s3.amazonaws.com
 
 
-	Nonfunctional subdomains:
+	Nonfunctional hosts in *pictos.cc:
 
-		- (www.)	(mismatch, redirects to http)
+		- (www.)? ʰ
+		- www.get ᵃ
+
+	ᵃ Shows another domain
+	ʰ Redirects to http
+
+
+	Problematic hosts in *pictos.cc:
+
+		- my ᵉ
+
+	ᵉ Expired
 
 -->
-<ruleset name="Pictos (partial)">
+<ruleset name="Pictos.cc (partial)">
 
-	<target host="*.pictos.cc" />
-	<target host="www.get.pictos.cc" />
+	<target host="get.pictos.cc" />
 
 
-	<securecookie host="^my\.pictos\.cc$" name=".+" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^http://(get|www\.get|my)\.pictos\.cc/"
-		to="https://$1.pictos.cc/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Pictshare.net.xml b/src/chrome/content/rules/Pictshare.net.xml
new file mode 100644
index 000000000000..f002ea6355a8
--- /dev/null
+++ b/src/chrome/content/rules/Pictshare.net.xml
@@ -0,0 +1,9 @@
+<ruleset name="Pictshare.net">
+
+	<target host="pictshare.net" />
+	<target host="www.pictshare.net" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Pidg.in.xml b/src/chrome/content/rules/Pidg.in.xml
new file mode 100644
index 000000000000..be13516f4d40
--- /dev/null
+++ b/src/chrome/content/rules/Pidg.in.xml
@@ -0,0 +1,19 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://pidg.in/ => https://pidg.in/: (51, "SSL: no alternative certificate subject name matches target host name 'pidg.in'")
+Fetch error: http://www.pidg.in/ => https://www.pidg.in/: (51, "SSL: no alternative certificate subject name matches target host name 'www.pidg.in'")
+
+	For other Pidgin coverage, see Pidgin.xml.
+
+-->
+<ruleset name="Pidg.in" default_off="failed ruleset test">
+
+	<target host="pidg.in" />
+	<target host="www.pidg.in" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Pidgin.xml b/src/chrome/content/rules/Pidgin.xml
index 614f8bc69480..91fc43bebaab 100644
--- a/src/chrome/content/rules/Pidgin.xml
+++ b/src/chrome/content/rules/Pidgin.xml
@@ -1,28 +1,36 @@
-<ruleset name="Pidgin">
-
-	<target host="pidg.in" />
-	<target host="www.pidg.in" />
-	<target host="pidgin.im" />
-	<target host="*.pidgin.im" />
+<!--
+	Other Pidgin rulesets:
+		- Pidg.in.xml
 
 
-	<securecookie host="^developer\.pidgin\.im$" name=".*" />
+	Invalid certificate:
+		- hg.pidgin.im
+		- rpm.pidgin.im
+		- stats.pidgin.im
+		- test.developer.pidgin.im
+		- mtn.pidgin.im
+		- nicobar.pidgin.im
 
+	Refused:
+		- imperial.pidgin.im
 
-	<rule from="^http://(www\.)?pidg\.in/"
-		to="https://$1pidg.in/" />
+	Timeout:
+		- plugin-pack.pidgin.im
+-->
+<ruleset name="Pidgin.im">
 
-	<!--	Known subdomains:
-
-			- developer
-			- hg
-			- planet
-			- rock
-			- rpm
-			- stats
-			- www
-				-->
-	<rule from="^http://(\w+\.)?pidgin\.im/"
-		to="https://$1pidgin.im/" />
+	<target host="pidgin.im" />
+	<target host="www.pidgin.im" />
+	<target host="bamboo.pidgin.im" />
+	<target host="conference.pidgin.im" />
+	<target host="d.pidgin.im" />
+	<target host="developer.pidgin.im" />
+	<target host="planet.pidgin.im" />
+	<target host="rock.pidgin.im" />
+	<target host="status.pidgin.im" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Pietsmiet.de.xml b/src/chrome/content/rules/Pietsmiet.de.xml
new file mode 100644
index 000000000000..532a2320ef04
--- /dev/null
+++ b/src/chrome/content/rules/Pietsmiet.de.xml
@@ -0,0 +1,7 @@
+<ruleset name="Pietsmiet.de">
+	<target host="pietsmiet.de" />
+	<target host="www.pietsmiet.de" />
+	<target host="cdn.pietsmiet.de" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PikPok.com.xml b/src/chrome/content/rules/PikPok.com.xml
index 2c57b7e3587d..b3e5fcffbe4d 100644
--- a/src/chrome/content/rules/PikPok.com.xml
+++ b/src/chrome/content/rules/PikPok.com.xml
@@ -12,7 +12,6 @@
 	<target host="www.pikpok.com" />
 
 
-	<rule from="^http://(www\.)?pikpok\.com/"
-		to="https://$1pikpok.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Pikabu.ru.xml b/src/chrome/content/rules/Pikabu.ru.xml
new file mode 100644
index 000000000000..4d37249fe997
--- /dev/null
+++ b/src/chrome/content/rules/Pikabu.ru.xml
@@ -0,0 +1,59 @@
+<!--
+	Invalid certificate:
+		tickets.pikabu.ru
+
+	Non-2xx HTTP code:
+		new.pikabu.ru
+		m.pikabu.ru
+		ws.pikabu.ru
+
+	Time out:
+		bastion.pikabu.ru
+		bastion1.pikabu.ru
+		bastion2.pikabu.ru
+-->
+<ruleset name="pikabu.ru">
+	<target host="pikabu.ru" />
+	<target host="www.pikabu.ru" />
+	<target host="a.pikabu.ru" />
+	<target host="api.pikabu.ru" />
+	<target host="beta.pikabu.ru" />
+	<target host="cs.pikabu.ru" />
+	<target host="cs10.pikabu.ru" />
+	<target host="cs11.pikabu.ru" />
+	<target host="cs12.pikabu.ru" />
+	<target host="cs13.pikabu.ru" />
+	<target host="cs2.pikabu.ru" />
+	<target host="cs3.pikabu.ru" />
+	<target host="cs4.pikabu.ru" />
+	<target host="cs5.pikabu.ru" />
+	<target host="cs6.pikabu.ru" />
+	<target host="cs7.pikabu.ru" />
+	<target host="cs8.pikabu.ru" />
+	<target host="cs9.pikabu.ru" />
+	<target host="i.pikabu.ru" />
+	<target host="old.pikabu.ru" />
+	<target host="specials.pikabu.ru" />
+	<target host="test.specials.pikabu.ru" />
+	<target host="status.pikabu.ru" />
+	<target host="s.pikabu.ru" />
+	<target host="s10.pikabu.ru" />
+	<target host="s11.pikabu.ru" />
+	<target host="s12.pikabu.ru" />
+	<target host="s13.pikabu.ru" />
+	<target host="s2.pikabu.ru" />
+	<target host="s3.pikabu.ru" />
+	<target host="s4.pikabu.ru" />
+	<target host="s5.pikabu.ru" />
+	<target host="s6.pikabu.ru" />
+	<target host="s7.pikabu.ru" />
+	<target host="s8.pikabu.ru" />
+	<target host="s9.pikabu.ru" />
+	<target host="stand1.pikabu.ru" />
+	<target host="u.pikabu.ru" />
+	<target host="v.pikabu.ru" />
+	<target host="v1.pikabu.ru" />
+
+	<rule from="^http://www\.pikabu\.ru/" to="https://pikabu.ru/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PikminWiki.com.xml b/src/chrome/content/rules/PikminWiki.com.xml
new file mode 100644
index 000000000000..175913752e0d
--- /dev/null
+++ b/src/chrome/content/rules/PikminWiki.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="PikminWiki.com">
+	<target host="pikminwiki.com" />
+	<target host="www.pikminwiki.com" />
+	<target host="cpanel.pikminwiki.com" />
+	<target host="mail.pikminwiki.com" />
+	<target host="webdisk.pikminwiki.com" />
+	<target host="webmail.pikminwiki.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Pilgrimage_Software.com.xml b/src/chrome/content/rules/Pilgrimage_Software.com.xml
new file mode 100644
index 000000000000..407a43b0cbbe
--- /dev/null
+++ b/src/chrome/content/rules/Pilgrimage_Software.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="Pilgrimage Software.com">
+
+	<target host="pilgrimagesoftware.com" />
+	<target host="www.pilgrimagesoftware.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Piliapp.com.xml b/src/chrome/content/rules/Piliapp.com.xml
new file mode 100644
index 000000000000..ecc67adde03b
--- /dev/null
+++ b/src/chrome/content/rules/Piliapp.com.xml
@@ -0,0 +1,39 @@
+<!--
+
+	Nonfunctional domains:
+
+		- blog (ERR_CONNECTION_CLOSED)
+
+-->
+
+<ruleset name="Piliapp.com">
+	<target host="piliapp.com" />
+	<target host="ar.piliapp.com" />
+	<target host="cn.piliapp.com" />
+	<target host="comic.piliapp.com" />
+	<target host="cs.piliapp.com" />
+	<target host="de.piliapp.com" />
+	<target host="el.piliapp.com" />
+	<target host="es.piliapp.com" />
+	<target host="fashion.piliapp.com" />
+	<target host="food.piliapp.com" />
+	<target host="fr.piliapp.com" />
+	<target host="hu.piliapp.com" />
+	<target host="it.piliapp.com" />
+	<target host="iw.piliapp.com" />
+	<target host="jp.piliapp.com" />
+	<target host="kr.piliapp.com" />
+	<target host="nl.piliapp.com" />
+	<target host="no.piliapp.com" />
+	<target host="pl.piliapp.com" />
+	<target host="pt.piliapp.com" />
+	<target host="recipe.piliapp.com" />
+	<target host="ru.piliapp.com" />
+	<target host="sv.piliapp.com" />
+	<target host="th.piliapp.com" />
+	<target host="travel.piliapp.com" />
+	<target host="tw.piliapp.com" />
+	<target host="www.piliapp.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Pillow.xml b/src/chrome/content/rules/Pillow.xml
new file mode 100644
index 000000000000..a74d21bd5227
--- /dev/null
+++ b/src/chrome/content/rules/Pillow.xml
@@ -0,0 +1,8 @@
+<ruleset name="Pillow">
+
+		<target host="python-pillow.org" />
+		<target host="www.python-pillow.org" />
+
+		<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Pimg.net.xml b/src/chrome/content/rules/Pimg.net.xml
new file mode 100644
index 000000000000..5a9157574d6b
--- /dev/null
+++ b/src/chrome/content/rules/Pimg.net.xml
@@ -0,0 +1,20 @@
+<!--
+	Fully covered domains:
+
+		- [\w-]+.pimg.net *
+
+	* Client subdomains
+
+
+	(www.) doesn't exist.
+
+-->
+<ruleset name="pimg.net">
+
+	<target host="*.pimg.net" />
+
+
+	<rule from="^http://([\w-]+)\.pimg\.net/"
+		to="https://$1.pimg.net/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Pimg.tw.xml b/src/chrome/content/rules/Pimg.tw.xml
new file mode 100644
index 000000000000..35383031249a
--- /dev/null
+++ b/src/chrome/content/rules/Pimg.tw.xml
@@ -0,0 +1,27 @@
+<!--
+	For other Pixnet coverage, see Pixnet.net.xml.
+
+-->
+<ruleset name="pimg.tw">
+
+	<target host="imageproxy.pimg.tw" />
+	<target host="pic.pimg.tw" />
+	<target host="s.pimg.tw" />
+	<target host="s0.pimg.tw" />
+	<target host="s1.pimg.tw" />
+	<target host="s2.pimg.tw" />
+	<target host="s3.pimg.tw" />
+	<target host="s4.pimg.tw" />
+	<target host="s5.pimg.tw" />
+	<target host="s6.pimg.tw" />
+	<target host="s7.pimg.tw" />
+	<target host="s8.pimg.tw" />
+	<target host="s9.pimg.tw" />
+
+		<test url="http://imageproxy.pimg.tw/zoomcrop?width=30&amp;height=30&amp;url=https%3A%2F%2Fstatic-7headlines.pixfs.net%2Fimages%2Fchannel-icons%2FTechnology-3C.png" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Pimienta.org.xml b/src/chrome/content/rules/Pimienta.org.xml
new file mode 100644
index 000000000000..9562e40f9126
--- /dev/null
+++ b/src/chrome/content/rules/Pimienta.org.xml
@@ -0,0 +1,20 @@
+<ruleset name="Pimienta.org">
+
+	<target host="pimienta.org" />
+	<target host="www.pimienta.org" />
+	<target host="alcachofa.pimienta.org" />
+	<target host="assembleasocialpoblenou.pimienta.org" />
+	<target host="bibliotecadelaevasion.pimienta.org" />
+	<target host="coati.pimienta.org" />
+	<target host="degenree.pimienta.org" />
+	<target host="fia.pimienta.org" />
+	<target host="frustros.pimienta.org"/>
+	<target host="gofistfoundation.pimienta.org" /><!-- NSFW -->
+	<target host="mambo.pimienta.org" />
+	<target host="oreja.pimienta.org" />
+	<target host="quematumovil.pimienta.org" />
+	<target host="terracremada.pimienta.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Pinboard.in.xml b/src/chrome/content/rules/Pinboard.in.xml
new file mode 100644
index 000000000000..1349656d03c0
--- /dev/null
+++ b/src/chrome/content/rules/Pinboard.in.xml
@@ -0,0 +1,34 @@
+<ruleset name="Pinboard.in">
+	<target host="pinboard.in" />
+	<target host="www.pinboard.in" />
+	<target host="adelie.pinboard.in" />
+	<target host="api.pinboard.in" />
+	<target host="blog.pinboard.in" />
+	<target host="boris.pinboard.in" />
+	<target host="cache0.pinboard.in" />
+	<target host="cache1.pinboard.in" />
+	<target host="cache10.pinboard.in" />
+	<target host="cache11.pinboard.in" />
+	<target host="cache13.pinboard.in" />
+	<target host="cache14.pinboard.in" />
+	<target host="cache3.pinboard.in" />
+	<target host="cache4.pinboard.in" />
+	<target host="cache5.pinboard.in" />
+	<target host="cache6.pinboard.in" />
+	<target host="cache7.pinboard.in" />
+	<target host="cache8.pinboard.in" />
+	<target host="cache9.pinboard.in" />
+	<target host="feeds.pinboard.in" />
+	<target host="goatfish.pinboard.in" />
+	<target host="honeybadger.pinboard.in" />
+	<target host="m.pinboard.in" />
+	<target host="mail.pinboard.in" />
+	<target host="marmot.pinboard.in" />
+	<target host="notes.pinboard.in" />
+	<target host="otter.pinboard.in" />
+	<target host="skua.pinboard.in" />
+	<target host="static.pinboard.in" />
+	<target host="taco.pinboard.in" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Pinboard.xml b/src/chrome/content/rules/Pinboard.xml
deleted file mode 100644
index 202307512319..000000000000
--- a/src/chrome/content/rules/Pinboard.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="Pinboard.in">
-  <target host="www.pinboard.in" />
-  <target host="pinboard.in" />
-
-  <rule from="^http://(www\.)?pinboard\.in/" to="https://pinboard.in/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/PinchOfNom.com.xml b/src/chrome/content/rules/PinchOfNom.com.xml
new file mode 100644
index 000000000000..57ba60506b50
--- /dev/null
+++ b/src/chrome/content/rules/PinchOfNom.com.xml
@@ -0,0 +1,11 @@
+<ruleset name="PinchOfNom.com">
+	<target host="pinchofnom.com" />
+	<target host="www.pinchofnom.com" />
+	<target host="cpanel.pinchofnom.com" />
+	<target host="dev.pinchofnom.com" />
+	<target host="mail.pinchofnom.com" />
+	<target host="webdisk.pinchofnom.com" />
+	<target host="webmail.pinchofnom.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Pine64.com.xml b/src/chrome/content/rules/Pine64.com.xml
new file mode 100644
index 000000000000..5889cb019653
--- /dev/null
+++ b/src/chrome/content/rules/Pine64.com.xml
@@ -0,0 +1,17 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://pine64.com/ => https://pine64.com/: (51, "SSL: no alternative certificate subject name matches target host name 'pine64.com'")
+Fetch error: http://www.pine64.com/ => https://www.pine64.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.pine64.com'")
+
+	Mismatch on:
+	launch.pine64.com
+	holiday.pine64.com
+-->
+
+<ruleset name="Pine64.com" default_off="failed ruleset test">
+	<target host="pine64.com" />
+	<target host="www.pine64.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Pinescharter.net.xml b/src/chrome/content/rules/Pinescharter.net.xml
index 441fcffb376a..79bfcd0c9c93 100644
--- a/src/chrome/content/rules/Pinescharter.net.xml
+++ b/src/chrome/content/rules/Pinescharter.net.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(www\.)?pinescharter\.net/(DesktopModules/|favicon\.ico|images/|js/|[pP]ortals/|Resources/|SiteLogin(?:$|\?|/)|(?:Telerik\.Web\.UI\.)?WebResource\.axd)"
 		to="https://$1pinescharter.net/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Ping.fm.xml b/src/chrome/content/rules/Ping.fm.xml
deleted file mode 100644
index 974ea7eb7fbb..000000000000
--- a/src/chrome/content/rules/Ping.fm.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="Ping.fm (expired)" default_off="cert expired">
-  <target host="ping.fm" />
-  <target host="www.ping.fm" />
-
-    <rule from="^http://(?:www\.)?ping\.fm/" to="https://ping.fm/"/>
-</ruleset>
-
diff --git a/src/chrome/content/rules/Ping.gg.xml b/src/chrome/content/rules/Ping.gg.xml
new file mode 100644
index 000000000000..d757021fdd01
--- /dev/null
+++ b/src/chrome/content/rules/Ping.gg.xml
@@ -0,0 +1,12 @@
+<!--
+	www doesn't exist.
+
+-->
+<ruleset name="ping.gg">
+
+	<target host="ping.gg" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ping.pe.xml b/src/chrome/content/rules/Ping.pe.xml
new file mode 100644
index 000000000000..2de5389f0d21
--- /dev/null
+++ b/src/chrome/content/rules/Ping.pe.xml
@@ -0,0 +1,21 @@
+<ruleset name="Ping.pe">
+	<target host="ping.pe" />
+	<target host="www.ping.pe" />
+		<test url="http://www.ping.pe/cloudflare.com" />
+
+	<target host="port.ping.pe" />
+		<test url="http://port.ping.pe/1.2.3.4:22" />
+
+	<target host="dig.ping.pe" />
+		<test url="http://dig.ping.pe/dns.google:A:1.0.0.1" />
+
+	<target host="mrtg.ping.pe" />
+		<test url="http://mrtg.ping.pe/load.html" />
+
+	<target host="i.ping.pe" />
+		<test url="http://i.ping.pe/n/Y/img_nYlIKgrb.png" />
+		<test url="http://i.ping.pe/y/1/img_y1WLfjiE.png" />
+		<test url="http://i.ping.pe/8/O/img_8Oi1R3Vr.png" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PingOne.xml b/src/chrome/content/rules/PingOne.xml
index 8336d24d98f9..a2dc2c45a1e4 100644
--- a/src/chrome/content/rules/PingOne.xml
+++ b/src/chrome/content/rules/PingOne.xml
@@ -11,13 +11,13 @@
 <ruleset name="PingOne.com">
 
 	<target host="pingone.com" />
-	<target host="*.pingone.com" />
+	<target host="admin.pingone.com" />
+	<target host="www.pingone.com" />
 
 
 	<securecookie host="^(?:admin|www)\.pingone\.com$" name=".+" />
 
 
-	<rule from="^http://(admin\.|www\.)?pingone\.com/"
-		to="https://$1pingone.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Ping_Identity.xml b/src/chrome/content/rules/Ping_Identity.xml
index bd352bbd7462..8db498d9fcd2 100644
--- a/src/chrome/content/rules/Ping_Identity.xml
+++ b/src/chrome/content/rules/Ping_Identity.xml
@@ -1,9 +1,4 @@
 <!--
-	Other Ping Identity rulesets:
-
-		- PingOne.com.xml
-
-
 	Problematic subdomains:
 
 		- ^	(times out)
@@ -18,7 +13,8 @@
 <ruleset name="Ping Identity">
 
 	<target host="pingidentity.com" />
-	<target host="*.pingidentity.com" />
+	<target host="www.pingidentity.com" />
+	<target host="connect.pingidentity.com" />
 
 
 	<securecookie host="^(?:connect|www)\.pingidentity\.com$" name=".+" />
@@ -27,7 +23,6 @@
 	<rule from="^http://(?:www\.)?pingidentity\.com/"
 		to="https://www.pingidentity.com/" />
 
-	<rule from="^http://connect\.pingidentity\.com/"
-		to="https://connect.pingidentity.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Pingability.com.xml b/src/chrome/content/rules/Pingability.com.xml
new file mode 100644
index 000000000000..eec11ec61c4d
--- /dev/null
+++ b/src/chrome/content/rules/Pingability.com.xml
@@ -0,0 +1,20 @@
+<!--
+	Invalid certificate:
+		www.pingability.com
+
+-->
+<ruleset name="Pingability.com">
+
+	<target host="pingability.com" />
+	<target host="www.pingability.com" />
+	<target host="matrix.pingability.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://www\.pingability\.com/"
+		to="https://pingability.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Pingdom.net.xml b/src/chrome/content/rules/Pingdom.net.xml
new file mode 100644
index 000000000000..6d1efa8f7d39
--- /dev/null
+++ b/src/chrome/content/rules/Pingdom.net.xml
@@ -0,0 +1,19 @@
+<!--
+	For other Pingdom coverage, see Pingdom.xml.
+
+
+	Fully covered domains:
+
+		- rum-collector.pingdom.net
+
+-->
+<ruleset name="Pingdom.net">
+
+	<target host="rum-collector.pingdom.net" />
+	<target host="rum-static.pingdom.net" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Pingdom.xml b/src/chrome/content/rules/Pingdom.xml
index 43034c547390..75c68fdbb884 100644
--- a/src/chrome/content/rules/Pingdom.xml
+++ b/src/chrome/content/rules/Pingdom.xml
@@ -1,28 +1,40 @@
 <!--
-	Fully covered domains:
+	Other Pingdom rulesets:
 
-		- rum-collector.pingdom.net
+		- Pingdom.net.xml
 
--->
-<ruleset name="Pingdom (partial)">
 
-	<target host="pingdom.com" />
-	<target host="*.pingdom.com" />
-		<!--
-			404:
-				-->
-		<exclusion pattern="^http://stats\." />
-		<exclusion pattern="^http://www\.pingdom\.com/(?!_css/|_img/|signup)" />
-	<target host="*.pingdom.net" />
+	Nonfunctional subdomains:
 
+		- blog ¹
+		- dnscheck ¹
+		- fpt
+		- royal ²
+		- stats ³
 
-	<securecookie host="^\.pingdom\.net$" name=".+" />
+	¹ 521
+	² Redirects to http
+	³ Refused
 
+	Invalid certificate:
+		borntohack.pingdom.com
+		videos.pingdom.com
 
-	<rule from="^http://((?:my|pp|www)\.)?pingdom\.com/"
-		to="https://$1pingdom.com/"/>
+-->
+<ruleset name="Pingdom.com">
 
-	<rule from="^http://rum-(collector|static)\.pingdom\.net/"
-		to="https://rum-$1.pingdom.net/" />
+	<target host="pingdom.com" />
+	<target host="www.pingdom.com" />
+	<target host="my.pingdom.com" />
+	<target host="share.pingdom.com" />
+	<target host="support.pingdom.com" />
+	<target host="status.pingdom.com" />
+	<target host="tool.pingdom.com" />
+	<target host="tools.pingdom.com" />
+
+	<securecookie host="^(?:support)?\.pingdom\.com$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Pingless.xml b/src/chrome/content/rules/Pingless.xml
index 748ae6f0b513..d9cffd2b8379 100644
--- a/src/chrome/content/rules/Pingless.xml
+++ b/src/chrome/content/rules/Pingless.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(www\.)?pingless\.co\.il/(agent_login|css/|default\.php\?(?:agent_login|make_money|order|support)|epanel2|favicon\.ico|framestats|images/|make_money|\?order|support)"
 		to="https://$1pingless.co.uk/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Pingupod.de.xml b/src/chrome/content/rules/Pingupod.de.xml
new file mode 100644
index 000000000000..eca2f572b368
--- /dev/null
+++ b/src/chrome/content/rules/Pingupod.de.xml
@@ -0,0 +1,16 @@
+<ruleset name="pingupod.de">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="pingupod.de" />
+	<target host="diaspora.pingupod.de" />
+	<target host="www.pingupod.de" />
+	<!-- <target host="mgp.pingupod.de" /> missmatch certificate -->
+
+	<rule from="^http://www\.pingupod\.de/"
+		to="https://pingupod.de/" /> <!-- invalid certificate -->
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Pingvinbolt.hu.xml b/src/chrome/content/rules/Pingvinbolt.hu.xml
new file mode 100644
index 000000000000..00e9e4b115e6
--- /dev/null
+++ b/src/chrome/content/rules/Pingvinbolt.hu.xml
@@ -0,0 +1,8 @@
+<ruleset name="Pingvinbolt.hu">
+	<target host="pingvinbolt.hu" />
+	<target host="www.pingvinbolt.hu" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Pingxx.com.xml b/src/chrome/content/rules/Pingxx.com.xml
new file mode 100644
index 000000000000..2b6a1ec0ead9
--- /dev/null
+++ b/src/chrome/content/rules/Pingxx.com.xml
@@ -0,0 +1,40 @@
+<!--
+	Nonfunctional hosts in *pingxx.com:
+
+		- blog *
+		- status *
+
+	* Dropped
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- pingxx.com
+		- .pingxx.com
+		- dashboard.pingxx.com
+		- www.pingxx.com
+		- .www.pingxx.com
+
+-->
+<ruleset name="Pingxx.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="pingxx.com" />
+	<target host="dashboard.pingxx.com" />
+	<target host="www.pingxx.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:dashboard\.|www\.)?pingxx\.com$" name="^SERVERID$" /-->
+	<!--securecookie host="^\.pingxx\.com$" name="^session$" /-->
+	<!--securecookie host="^\.www\.pingxx\.com$" name="__PINGXX_T$" /-->
+
+	<securecookie host="^(?:^|\.)pingxx\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PinkNews.co.uk.xml b/src/chrome/content/rules/PinkNews.co.uk.xml
new file mode 100644
index 000000000000..f2de26e43da6
--- /dev/null
+++ b/src/chrome/content/rules/PinkNews.co.uk.xml
@@ -0,0 +1,27 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://pinknews.co.uk/ => https://pinknews.co.uk/: Too many redirects while fetching 'https://pinknews.co.uk/'
+Fetch error: http://www.pinknews.co.uk/ => https://www.pinknews.co.uk/: Too many redirects while fetching 'https://www.pinknews.co.uk/'
+
+	CDN buckets:
+
+		- 6682-presscdn-26-26-pagely.netdna-ssl.com
+
+
+	Mixed content:
+
+		- Images from 6682-presscdn-26-26-pagely.netdna-ssl.com *
+
+	* Secured by us
+
+-->
+<ruleset name="PinkNews.co.uk" default_off="failed ruleset test">
+
+	<target host="pinknews.co.uk" />
+	<target host="www.pinknews.co.uk" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Pink_Paislee.xml b/src/chrome/content/rules/Pink_Paislee.xml
index 1c1fd7b37059..ac6889a4c7fd 100644
--- a/src/chrome/content/rules/Pink_Paislee.xml
+++ b/src/chrome/content/rules/Pink_Paislee.xml
@@ -1,13 +1,35 @@
-<ruleset name="Pink Paislee">
+<!--
+	www.pinkpaislee.com: Mismatched
+	^pinkpaislee.com redirects to www.pinkpaislee.com
 
+
+	Mixed content:
+
+		- css from fonts.googleapis.com
+
+		- Images, from:
+
+			- pinkpaislee.com
+			- www.pinkpaislee.com
+
+-->
+<ruleset name="Pink Paislee.com" default_off="mismatched">
+
+	<!--	Direct rewrites:
+				-->
 	<target host="pinkpaislee.com" />
-	<target host="*.pinkpaislee.com" />
+	<target host="www.pinkpaislee.com" />
+
 
+	<!--	Direct rewrites:
+				-->
+	<!--securecookie host="^(?:www\.)?pinkpaislee\.com$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^\.pinkpaislee\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
 
-	<securecookie host="^\.pinkpaislee\.com$" name=".+" />
+	<securecookie host="^(?:\.|www\.)?pinkpaislee\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?pinkpaislee\.com/"
-		to="https://$1pinkpaislee.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Pinkbike.xml b/src/chrome/content/rules/Pinkbike.xml
deleted file mode 100644
index f92a11a1529b..000000000000
--- a/src/chrome/content/rules/Pinkbike.xml
+++ /dev/null
@@ -1,27 +0,0 @@
-<!--
-	Problematic domains:
-
-		- (www.)pinkbike.org
-		- gp[123].pinkbike.org *
-		- gs1.pinkbike.org *
-		- lp[12].pinkbike.org
-
-	* 400, mismatched, CN: *.hs.llnwd.net
-
-
-	gs\d serves css.
-
--->
-<ruleset name="Pinkbike (partial)" platform="mixedcontent">
-
-	<target host="pinkbike.com" />
-	<target host="*.pinkbike.com" />
-
-
-	<securecookie host="^\.pinkbike\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?pinkbike\.com/"
-		to="https://$1pinkbike.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Pinme.ru.xml b/src/chrome/content/rules/Pinme.ru.xml
index eae8bd6f7374..8c28eb7bb18f 100644
--- a/src/chrome/content/rules/Pinme.ru.xml
+++ b/src/chrome/content/rules/Pinme.ru.xml
@@ -15,7 +15,7 @@
 	<target host="*.pinme.ru" />
 
 
-	<rule from="^https?://cdn-pus-\d\.pinme\.ru/"
+	<rule from="^http://cdn-pus-\d\.pinme\.ru/"
 		to="https://d2jjq1r8l0rsro.cloudfront.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Pinocc.io.xml b/src/chrome/content/rules/Pinocc.io.xml
new file mode 100644
index 000000000000..9a2e87020962
--- /dev/null
+++ b/src/chrome/content/rules/Pinocc.io.xml
@@ -0,0 +1,51 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://pinocc.io/ => https://pinocc.io/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.pinocc.io/ => https://pinocc.io/: (60, 'SSL certificate problem: certificate has expired')
+
+	Nonfunctional hosts in *pinocc.io:
+
+		- discuss ¹
+		- support ²
+
+	¹ Refused
+	² Zendesk
+
+
+	www.pinocc.io: Redirects to filament.com
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- pinocc.io
+		- .pinocc.io
+		- www.pinocc.io
+
+-->
+<ruleset name="Pinocc.io (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="pinocc.io" />
+
+	<!--	Complications:
+				-->
+	<target host="www.pinocc.io" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?pinocc\.io$" name="NB_SRVID$" /-->
+	<!--securecookie host="^\.pinocc\.io$" name="^pinoccio_id$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://www\.pinocc\.io/"
+		to="https://pinocc.io/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Pinsent_Masons.xml b/src/chrome/content/rules/Pinsent_Masons.xml
index 93bff6ed3fef..882ca090c288 100644
--- a/src/chrome/content/rules/Pinsent_Masons.xml
+++ b/src/chrome/content/rules/Pinsent_Masons.xml
@@ -1,9 +1,14 @@
-<ruleset name="Pinsent Masons (partial)">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://extranets.pinsentmasons.com/ => https://extranets.pinsentmasons.com/: (7, 'Failed to connect to extranets.pinsentmasons.com port 443: Connection refused')
+
+-->
+<ruleset name="Pinsent Masons (partial)" default_off="failed ruleset test">
 
 	<target host="extranets.pinsentmasons.com" />
 
 
-	<rule from="^http://extranets\.pinsentmasons\.com/"
-		to="https://extranets.pinsentmasons.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Pinta-Outlet.fi.xml b/src/chrome/content/rules/Pinta-Outlet.fi.xml
index d266464422fa..942f594f166d 100644
--- a/src/chrome/content/rules/Pinta-Outlet.fi.xml
+++ b/src/chrome/content/rules/Pinta-Outlet.fi.xml
@@ -1,10 +1,15 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://pinta-outlet.fi/ => https://pinta-outlet.fi/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.pinta-outlet.fi/ => https://pinta-outlet.fi/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
 	Problematic subdomains:
 
 		- www	(cert only matches ^pinta-outlet.fi)
 
 -->
-<ruleset name="Pinta-Outlet.fi">
+<ruleset name="Pinta-Outlet.fi" default_off="failed ruleset test">
 
 	<target host="pinta-outlet.fi" />
 	<target host="www.pinta-outlet.fi" />
diff --git a/src/chrome/content/rules/Pinterest.xml b/src/chrome/content/rules/Pinterest.xml
deleted file mode 100644
index 0e6780049679..000000000000
--- a/src/chrome/content/rules/Pinterest.xml
+++ /dev/null
@@ -1,170 +0,0 @@
-<!--
-	Yo Dawg:
-
-		- a248.e.akamai.net/media.pinterest.com.s3.amazonaws.com/
-		- a248.e.akamai.net/passets.pinterest.com.s3.amazonaws.com/ | d3io1k5o0zdpqr.cloudfront.net
-
-		- d5eppwnwxs8d9.cloudfront.net
-
-			- blog-assets.pinterest.com
-
-		- wac.7a97.edgecastcdn.net/...
-
-			- media-cache-is0.pinimg.com
-			- media-cache-ec0.pinterest.com
-			- passets-ec.pinterest.com
-
-		- cs89.wac.edgecastcdn.net/...
-
-			- s-passets-ec.pinimg.com
-			- s-media-cache-ec\d.pinimg.com
-
-		- cs30\d.wac.edgecastcdn.net/...
-
-			- media-cache-ec\d.pinterest.com
-
-		- media-cache\d.pinterest.com.edgesuite.net
-
-			- media-cache\d.pinterest.com
-
-		- media-cdn.pinterest.com.edgesuite.net
-
-			- passets-cdn.pinterest.com
-
-		- passets-ak.pinterest.com.edgesuite.net
-
-		- pinit-cdn.pinterest.com.edgesuite.net
-
-			- pinit-cdn.pinterest.com
-
-		- assets.cdn.pinterest.com.c.footprint.net
-
-			- passets-lt.pinterest.com
-
-		- cdn.pinterest.com.c.footprint.net/...
-
-			- media-cache-lt\d.pinterest.com
-
-		- pinterest.zendesk.com
-
-			- help.pinterest.com
-
-
-	Nonfunctional domains:
-
-		- blog.pinterest.com		(tumblr)
-		- business.pinterest.com
-
-
-	Problematic domains:
-
-		- media-cache-is0.pinimg.com *
-
-		- pinterest.com subdomains:
-
-			- blog-assets	(cloudfront)
-			- passets-ak **
-			- passets-cdn **
-			- passets-ec *
-			- passets-lt	(times out)
-			- pinit-cdn **
-
-	* CN: gp1.wac.edgecastcdn.net
-	** akamai
-
-
-	Partially covered domains:
-
-		- (www.)pinterest.com
-
-			-  At least the homepage started redirecting to http:
-
-				https://mail1.eff.org/pipermail/https-everywhere-rules/2012-October/001339.html
-
-			- pin/ started redirecting to http
-
-			- as did:
-
-				- ${user}/
-				- ${user}/${gallery}/
-
-
-	Fully covered domains:
-
-		- pinimg.com subdomains:
-
-			- media-cache-is\d	(→ a248.e.akamai.net/media.pinterest.com.s3.amazonaws.com/)
-			- s-media-cache-ec\d
-			- s-passets-ec
-
-		- pinterest.com subdomains:
-
-			- about
-			- api
-			- assets
-			- blog-assets
-			- help
-
-			- *.help:
-
-				- en
-
-			- log
-			- m
-			- media-cache
-			- media-cache\d
-			- media-cache-ec\d
-			- media-cache-lt\d
-			- partners-api
-			- passets-ak
-			- passets-cdn
-			- passets-ec
-			- passets-lt	(→ akamai)
-			- pinit-cdn
-			- support
-			- widgets
-
--->
-<ruleset name="Pinterest (partial)">
-
-	<target host="*.pinimg.com" />
-	<target host="pinterest.com" />
-	<target host="*.pinterest.com" />
-		<!--exclusion pattern="^http://(www\.)?pinterest\.com/($|\?|favicon\.ico|_/_/about/)" /-->
-		<exclusion pattern="^http://(?:www\.)?pinterest\.com/(?:board/|pin/|(?:\w+/)?\w+/*(?:$|\?))" />
-
-
-	<!--securecookie host="^\.pinterest\.com$" name="^(csrftoken|_pinterest_sess|__utm\w|_zendesk_session|_zendesk_shared_session)$" /-->
-	<securecookie host="^\.pinterest\.com$" name="^(?:__utm\w|_zendesk_session|_zendesk_shared_session)$" />
-	<securecookie host="^(?:\w\w\.)?help\.pinterest\.com$" name=".+" />
-
-
-	<!--	Handles s-media-cache-ec\d & s-passets-ec.
-								-->
-	<rule from="^http://s-([\w-]+)-ec(\d)?\.pinimg\.com/"
-		to="https://s-$1-ec$2.pinimg.com/" />
-
-	<rule from="^http://((?:about|api|assets|help|\w\w\.help|log|m|partners-api|support|widgets|www)\.)?pinterest\.com/"
-		to="https://$1pinterest.com/" />
-
-	<rule from="^http://blog-assets\.pinterest\.com/"
-		to="https://d5eppwnwxs8d9.cloudfront.net/" />
-
-	<rule from="^http://media-cache(?:\d|-\w\w\d)?\.pin(?:img|terest)\.com/"
-		to="https://a248.e.akamai.net/media.pinterest.com.s3.amazonaws.com/" />
-
-	<!--	We can't rewrite this stylesheet to akamai,
-		as it links resources relative to /
-
-			https://mail1.eff.org/pipermail/https-everywhere-rules/2013-August/001663.html
-													-->
-	<rule from="^http://passets-\w\w\.pinterest\.com/webapp/app/desktop/bundle\.(\w{8})\.css"
-		to="https://s-passets-ec.pinimg.com/webapp/app/desktop/bundle.$1.css" />
-
-	<rule from="^http://passets-ak\.pinterest\.com/"
-		to="https://a248.e.akamai.net/f/1586/2045/10m/passets-ak.pinterest.com/" />
-
-	<rule from="^http://p(?:assets-(?:cdn|ec|lt)|init-cdn)\.pinterest\.com/"
-		to="https://a248.e.akamai.net/passets.pinterest.com.s3.amazonaws.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Pipedot.org.xml b/src/chrome/content/rules/Pipedot.org.xml
new file mode 100644
index 000000000000..41f5f64250fb
--- /dev/null
+++ b/src/chrome/content/rules/Pipedot.org.xml
@@ -0,0 +1,42 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://bugs.pipedot.org/ => https://bugs.pipedot.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	Fully covered hosts:
+
+		- (www.)?
+		- bugs
+		- \w+ *
+
+	* Per-account vhosts
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- pipedot.org
+		- .pipedot.org
+
+-->
+<ruleset name="pipedot.org" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="pipedot.org" />
+	<target host="*.pipedot.org" />
+
+		<test url="http://bugs.pipedot.org/" />
+		<test url="http://www.pipedot.org/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.?pipedot\.org$" name="^auth$" /-->
+
+	<securecookie host="^\.?pipedot\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Pipl.xml b/src/chrome/content/rules/Pipl.xml
index a6bdd9a98fdf..3b499df92744 100644
--- a/src/chrome/content/rules/Pipl.xml
+++ b/src/chrome/content/rules/Pipl.xml
@@ -1,24 +1,20 @@
 <!--
 	Nonfunctional subdomains:
 
-		- dev		(cert: *.mashery.com; 301s to http)
+		- dev
 		- t1.thumb
 		- t13.thumb
 
-
-	Some of dev.pipl.com is handled in Mashery-clients.xml.
-
 -->
 <ruleset name="Pipl (partial)">
 
 	<target host="pipl.com" />
-	<target host="*.pipl.com" />
+	<target host="www.pipl.com" />
 
 
-	<securecookie host="^\.pipl\.com$" name=".*" />
+	<securecookie host="^\.pipl\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?pipl\.com/"
-		to="https://$1pipl.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Pipping.org.xml b/src/chrome/content/rules/Pipping.org.xml
index 84ceedc81c59..6eafc0db5bd7 100644
--- a/src/chrome/content/rules/Pipping.org.xml
+++ b/src/chrome/content/rules/Pipping.org.xml
@@ -5,7 +5,7 @@
 	<target host="www.pipping.org" />
 
 
-	<rule from="^https?://(?:www\.)?pipping\.org/"
+	<rule from="^http://(?:www\.)?pipping\.org/"
 		to="https://pipping.org/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Piquadro.xml b/src/chrome/content/rules/Piquadro.xml
new file mode 100644
index 000000000000..174507b21fdc
--- /dev/null
+++ b/src/chrome/content/rules/Piquadro.xml
@@ -0,0 +1,15 @@
+<!--
+	Unsupported subdomains:
+
+	* corporategift.piquadro.com - mismatch
+	* cdnlevel3.piquadro.com - timeout
+
+-->
+
+<ruleset name="Piquadro" default_off="breaks images">
+	<target host="piquadro.com" />
+	<target host="www.piquadro.com" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Pirata.cat.xml b/src/chrome/content/rules/Pirata.cat.xml
new file mode 100644
index 000000000000..caddbd5dc166
--- /dev/null
+++ b/src/chrome/content/rules/Pirata.cat.xml
@@ -0,0 +1,36 @@
+<!--
+	(www.)?pirata.cat: 404
+
+
+	NB: server sends no certificate chain, see https://whatsmychaincert.com
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- xifrat.pirata.cat
+		- .xifrat.pirata.cat
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="pirata.cat (partial)" >
+
+	<target host="xifrat.pirata.cat" />
+
+		<!--	Sets cookies without Secure:
+							-->
+		<!--test url="http://xifrat.pirata.cat/forum/" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^xifrat\.pirata\.cat$" name="^(?:Vanilla|Vanilla-Volatile|vanilla_locale)$" /-->
+	<!--securecookie host="^\.xifrat\.pirata\.cat$" name="^SESS[\da-f]{32}$" /-->
+
+	<securecookie host="^(?!\.pirata\.cat$)." name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Pirate-party.ru.xml b/src/chrome/content/rules/Pirate-party.ru.xml
new file mode 100644
index 000000000000..5ab43a6a912c
--- /dev/null
+++ b/src/chrome/content/rules/Pirate-party.ru.xml
@@ -0,0 +1,17 @@
+<!-- mo. SEC_E_WRONG_PRINCIPAL -->
+<ruleset name="Pirate-party.ru">
+
+	<target host="pirate-party.ru" />
+	<target host="chat.pirate-party.ru" />
+	<target host="cif.pirate-party.ru" />
+	<target host="forum.pirate-party.ru" />
+	<target host="lk.pirate-party.ru" />
+	<target host="mail.pirate-party.ru" />
+	<target host="wiki.pirate-party.ru" />
+	<target host="www.pirate-party.ru" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PirateHD.com.xml b/src/chrome/content/rules/PirateHD.com.xml
new file mode 100644
index 000000000000..07376d142220
--- /dev/null
+++ b/src/chrome/content/rules/PirateHD.com.xml
@@ -0,0 +1,33 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://piratehd.com/ => https://piratehd.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+	www.piratehd.com doesn't exist
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- piratehd.com
+		- .piratehd.com
+
+-->
+<ruleset name="PirateHD.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="piratehd.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^piratehd\.com$" name="^xbtit$" /-->
+	<!--securecookie host="^\.piratehd\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.?piratehd\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PirateLeaks.xml b/src/chrome/content/rules/PirateLeaks.xml
index c22b1346a3fc..fe0657953381 100644
--- a/src/chrome/content/rules/PirateLeaks.xml
+++ b/src/chrome/content/rules/PirateLeaks.xml
@@ -1,10 +1,38 @@
-<ruleset name="PirateLeaks">
+<!--
+	For other Pirate Party coverage, see PirateParty.xml.
 
-	<target host="pirateleaks.cz" />
-	<target host="*.pirateleaks.cz" />
 
+	(www.)?, web: Dropped
 
-	<rule from="^http://(?:web\.|(www\.))?pirateleaks\.cz/"
-		to="https://$1pirateleaks.cz/" />
+-->
+<ruleset name="PirateLeaks.cz (partial)">
 
-</ruleset>
\ No newline at end of file
+	<!--	Complications:
+				-->
+	<target host="web.pirateleaks.cz" />
+
+		<!--	(?!/*($|\?)) 404s:
+						-->
+		<exclusion pattern="^http://web\.pirateleaks\.cz/+(?!$|\?)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://web.pirateleaks.cz/?" />
+			<test url="http://web.pirateleaks.cz//" />
+
+			<!--	-ve:
+					-->
+			<test url="http://web.pirateleaks.cz/index.php" />
+			<test url="http://web.pirateleaks.cz/index.php?f" />
+			<test url="http://web.pirateleaks.cz/index.php?o" />
+			<test url="http://web.pirateleaks.cz/index.php?b" />
+			<test url="http://web.pirateleaks.cz/index.php?a" />
+			<test url="http://web.pirateleaks.cz/index.php?r" />
+
+
+	<!--	Redirect drops args and forward slash:
+							-->
+	<rule from="^http://web\.pirateleaks\.cz/.*"
+		to="https://pirati.cz/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PiratePad.ca.xml b/src/chrome/content/rules/PiratePad.ca.xml
new file mode 100644
index 000000000000..ee402b40a684
--- /dev/null
+++ b/src/chrome/content/rules/PiratePad.ca.xml
@@ -0,0 +1,27 @@
+<!--
+	For other Pirate Party coverage, see PirateParty.xml.
+
+
+	Insecure cookies are set for these hosts:
+
+		- piratepad.ca
+		- www.piratepad.ca
+
+-->
+<ruleset name="PiratePad.ca" default_off="expired">
+
+	<target host="piratepad.ca" />
+	<target host="www.piratepad.ca" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?piratepad\.ca$" name="^express_sid$" /-->
+
+	<securecookie host="^(?:www\.)?piratepad\.ca$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PirateParty-mismatches.xml b/src/chrome/content/rules/PirateParty-mismatches.xml
index 472da60d6883..f98fb71d876e 100644
--- a/src/chrome/content/rules/PirateParty-mismatches.xml
+++ b/src/chrome/content/rules/PirateParty-mismatches.xml
@@ -3,40 +3,14 @@
 	<!--	cert: *.piratenpartei-bayern.de	-->
 	<target host="piraten-mfr.de"/>
 	<target host="www.piraten-mfr.de"/>
-	<!--	cert: *.piratenpartei-bayern.de	-->
-	<target host="flaschenpost.piratenpartei.de"/>
-	<!--	ditto	-->
-	<target host="oberbayern.piratenpartei.de"/>
 	<!--	self-signed	-->
 	<target host="oberpfalz.piratenpartei.de"/>
-	<!--	self-signed	-->
-	<target host="proxy.piratenpartij.nl"/>
-	<!--	cert: webserver.ispgateway.de	-->
-	<target host="piraten-schwaben.de"/>
-	<target host="*.piraten-schwaben.de"/>
 	<!--	cert: *.piratenpartei-bayern.de	-->
 	<target host="testobb.ppby.de"/>
 
 
-	<securecookie host=".*\.piratenpartei\.de$" name=".*"/>
-	<securecookie host="^(.*\.)?piraten-schwaben\.de$" name=".*"/>
-
-
 	<!--	www redirects to !www	-->
 	<rule from="^http://(?:www\.)?piraten-mfr\.de/"
 		to="https://piraten-mfr.de/"/>
 
-	<rule from="^http://(flaschenpost|oberpfalz)\.piratenpartei\.de/"
-		to="https://$1.piratenpartei.de/"/>
-
-	<rule from="^http://proxy\.piratenpartij\.nl/"
-		to="https://proxy.piratenpartij.nl/"/>
-
-	<!--	!www redirects to www	-->
-	<rule from="^http://piraten-schwaben\.de/"
-		to="https://www.piraten-schwaben.de/"/>
-
-	<rule from="^http://(piwik|www)\.piraten-schwaben\.de/"
-		to="https://$1.piraten-schwaben.de/"/>
-
 </ruleset>
diff --git a/src/chrome/content/rules/PirateParty.xml b/src/chrome/content/rules/PirateParty.xml
index 0ea6bae61833..aa962bb9701d 100644
--- a/src/chrome/content/rules/PirateParty.xml
+++ b/src/chrome/content/rules/PirateParty.xml
@@ -1,140 +1,67 @@
-<!--
-	See PirateParty-mismatches for problematic rules.
-
-
-	Nonfunctional domains:
-
-		- (www.)geenstijl.nl			(cert: registratie.powned.tv; shows that domain's data)
-		- (www.)piraten-media.de		(cert: cws-server14.de; "nicht über https verfügbar")
-		- (www.)piraten-mond.de			(cert: *.piratenpartei-bayern.de; 404)
-		- (www.)piraten-oberfranken.de		(cert: piratenpartei-bayern.de; shows blank page)
-		- events.piratenpartei-bayern.de	(cert valid; 404)
-		- (www.)piraten-ufr.de			(cert: argon.cws-server.de; "nicht über https verfügbar")
-		- (www.)pirateparty.is			(times out)
-		- (www.)pirateparty.org.au
-		- lists.pirateparty.org.au		(times out)
-		- shop.pirati.cz			(CN: *.bohemiasoft.com; 403)
-
 
-	Fully covered domains:
-
-		- (www.)pirati.cz
-		- forum.pirati.cz
-		- (www.)uspirates.org
-
-
-	Targets solely for wildcard cookies:
+<!--
+The following targets have been disabled at 2020-10-14 19:04:33:
 
-		- *.forum.pirati.cz
+Fetch error: http://proxy.piratenpartij.nl/ => https://proxy.piratenpartij.nl/: (7, 'Failed to connect to proxy.piratenpartij.nl port 443: Connection timed out')
+Fetch error: http://tpb.piratenpartij.nl/ => https://tpb.piratenpartij.nl/: (7, 'Failed to connect to tpb.piratenpartij.nl port 443: Connection timed out')
 
 -->
-<ruleset name="Pirate Party" platform="mixedcontent">
-
-	<target host="junge-piraten.de" />
-	<target host="*.junge-piraten.de" />
-	<target host="partidopirata.es" />
-	<target host="www.partidopirata.es" />
-	<target host="piratenpartei.de" />
-	<target host="*.piratenpartei.de" />
-		<!--	handled in -mismatches	-->
-		<exclusion pattern="^http://(flaschenpost|ober(bayern|pfalz))\.piratenpartei\.de/" />
-	<target host="piratenpartei-bayern.de" />
-		<!--	homepage redirects to http	-->
-		<exclusion pattern="^http://piratenpartei-bayern\.de/$" />
-	<!--	* for cross-domain cookie	-->
-	<target host="*.piratenpartei-bayern.de" />
-	<target host="piratenpartij.nl" />
-	<target host="*.piratenpartij.nl" />
-	<target host="pirateparty.ca" />
-	<target host="www.pirateparty.ca" />
-	<target host="pirateparty.org.uk" />
-	<target host="*.pirateparty.org.uk" />
-		<!--	Many pages started redirecting to http =(	-->
-		<exclusion pattern="^http://www\.pirateparty\.org\.uk/(blog/|party/($|[a-ln-z]|membership/nidisclaimer/)|policies/|press/)" />
-	<target host="pirati.cz" />
-	<target host="*.pirati.cz" />
-	<target host="*.forum.pirati.cz" />
-	<target host="uspirates.org" />
-	<target host="*.uspirates.org" />
-	<target host="remixdepolitiek.nl" />
-	<target host="www.remixdepolitiek.nl" />
 
+<!--
+The following targets have been disabled at 2020-10-14 19:04:33:
 
-	<securecookie host="^(.*\.)?junge-piraten\.de$" name=".*" />
-	<securecookie host="^(.*\.)?piratenpartei\.de$" name=".*" />
-	<!--	Cookies not needed for homepage.	-->
-	<securecookie host="^(.*\.)?piratenpartei-bayern\.de$" name=".*" />
-	<securecookie host="^www\.pirateparty\.ca$" name=".+" />
-	<securecookie host="^(.*\.)?pirateparty\.org\.uk$" name="^(phpbb|wiki).*$" />
-	<securecookie host="^(?:edinburgh|glasgow|manchester)\.pirateparty\.org\.uk$" name=".*" />
-	<securecookie host="^.+\.pirati\.cz$" name=".+" />
-	<securecookie host="^.+\.uspirates\.org$" name=".+" />
-
-
-	<!--	encountered:
-			- forum
-			- lists
-			- static
-			- stats
-			- wiki
-			- www		-->
-	<rule from="^http://(\w+\.)?junge-piraten\.de/"
-		to="https://$1junge-piraten.de/" />
-
-	<rule from="^https?://(?:www\.)?partidopirata\.es/"
-		to="https://www.partidopirata.es/" />
-
-	<rule from="^http://((?:forum|live|news|planet|wiki|www)\.)?piratenpartei\.de/"
-		to="https://$1piratenpartei.de/" />
+Fetch error: http://proxy.piratenpartij.nl/ => https://proxy.piratenpartij.nl/: (7, 'Failed to connect to proxy.piratenpartij.nl port 443: Connection timed out')
+Fetch error: http://tpb.piratenpartij.nl/ => https://tpb.piratenpartij.nl/: (7, 'Failed to connect to tpb.piratenpartij.nl port 443: Connection timed out')
 
-	<rule from="^http://(www\.)?piratenpartei-bayern\.de/"
-		to="https://$1piratenpartei-bayern.de/" />
+	See PirateParty-mismatches.xml for problematic rules.
 
-	<rule from="^https?://(?:www\.)?(?:piratenpartij|remixdepolitiek)\.nl/"
-		to="https://www.piratenpartij.nl/"/>
 
-	<rule from="^http://tpb\.piratenpartij\.nl/"
-		to="https://tpb.piratenpartij.nl/" />
+	Other rulesets:
 
-	<!--	Insists on redirecting to http before redirecting to Spreadshirt.	-->
-	<rule from="^https?://(?:www\.)?pirateparty\.org\.uk/shop/"
-		to="https://ppuk.spreadshirt.co.uk/shop/" />
+		- Junge-Piraten.de.xml
+		- Pirate_IRC.net.xml
+		- Pirate_Party.org.au.xml
+		- PiratePad.ca.xml
+		- Piraten-Oberpfalz.de.xml
+		- Piraten-Ufr.de.xml
+		- Piratenpartei.at.xml
+		- Piratenpartei.de.xml
+		- Piratenpartei-bayern.de.xml
+		- Pirati.cz.xml
+		- Piratpartiet.se.xml
+		- PPS.xml
+		- US_Pirates.org.xml
+		- Young-Pirates.Eu.xml
 
-	<!--
-		For .org.uk,
 
-			Works:
+	Nonfunctional domains:
 
-				- $
-				- \w+
-				- accounts/register
-				- forum/
-				- images/
-				- media/
-				- party/how-we-work/constitution/$
-				- party/membership/$
-				- wiki/
+		- (www.)geenstijl.nl			(mixed content)
+		- (www.)piraten-media.de		(times out)
+		- (www.)piraten-mond.de			(cert: *.piratenpartei-bayern.de; 404)
+		- (www.)piraten-oberfranken.de	(cert: piratenpartei-bayern.de; shows blank page)
+		- (www.)pirateparty.is			(times out)
 
+-->
+<ruleset name="Pirate Party">
 
-			Doesn't work:
+	<!--	Direct rewrites:
+				-->
+	<target host="piratenpartij.nl" />
+	<!-- target host="proxy.piratenpartij.nl" /-->
+	<!-- target host="tpb.piratenpartij.nl" /-->
+	<target host="www.piratenpartij.nl" />
 
-				- blog/$
-				- membership/nidisclaimer/$
-				- party/$
-				- party/people/
-				- policies/
-				- press/$
-						-->
-	<rule from="^https?://(?:www\.)?pirateparty\.(ca|org\.uk)/"
-		to="https://www.pirateparty.$1/" />
+	<!--	Complications:
+				-->
+	<target host="remixdepolitiek.nl" />
+	<target host="www.remixdepolitiek.nl" />
 
-	<rule from="^http://(edinburgh|glasgow|manchester|tpb)\.pirateparty\.org\.uk/"
-		to="https://$1.pirateparty.org.uk/" />
 
-	<rule from="^http://(forum\.|www\.)?pirati\.cz/"
-		to="https://$1pirati.cz/" />
+	<rule from="^http://(?:www\.)?remixdepolitiek\.nl/"
+		to="https://www.piratenpartij.nl/"/>
 
-	<rule from="^http://(?:www\.)?uspirates\.org/"
-		to="https://uspirates.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/PirateReverse.xml b/src/chrome/content/rules/PirateReverse.xml
deleted file mode 100644
index f4510836743d..000000000000
--- a/src/chrome/content/rules/PirateReverse.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- about		(cert: piratereverse.info; shows that domain's data)
-
--->
-<ruleset name="PirateReverse.info (partial)" platform="mixedcontent">
-
-	<target host="piratereverse.info" />
-	<target host="www.piratereverse.info" />
-
-	<rule from="^http://(www\.)?piratereverse\.info/"
-		to="https://$1piratereverse.info/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/PirateTimes.xml b/src/chrome/content/rules/PirateTimes.xml
index a555ecac6c10..019411e5d836 100644
--- a/src/chrome/content/rules/PirateTimes.xml
+++ b/src/chrome/content/rules/PirateTimes.xml
@@ -1,14 +1,40 @@
 <!--
 	CN: cetus.uberspace.de
 
+
+	Insecure cookies are set for these hosts:
+
+		- piratetimes.net
+		- www.piratetimes.net
+
+
+	Mixed content:
+
+		- iframe from calendar.pp-international.net
+
+		- css, from:
+
+			- fonts.googleapis.com
+			- $self
+
+		- Images from $self
+		- Ad/bug from www.kimonolabs.com
+
 -->
-<ruleset name="PirateTimes" default_off="mismatched">
+<ruleset name="PirateTimes.net" default_off="mismatched">
 
 	<target host="piratetimes.net" />
 	<target host="www.piratetimes.net" />
 
 
-	<rule from="^http://(?:www\.)?piratetimes\.net/"
-		to="https://piratetimes.net/" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?piratetimes\.net$" name="^(?:_icl_current_language|nf_wp_session)$" /-->
+
+	<securecookie host="^(?:www\.)?piratetimes\.net$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Pirate_IRC.net.xml b/src/chrome/content/rules/Pirate_IRC.net.xml
new file mode 100644
index 000000000000..b8ff1a48f167
--- /dev/null
+++ b/src/chrome/content/rules/Pirate_IRC.net.xml
@@ -0,0 +1,16 @@
+<!--
+	For other Pirate Party coverage, see PirateParty.xml.
+
+
+	(www.)?pirateirc.net: Tumblr
+
+-->
+<ruleset name="Pirate IRC.net (partial)">
+
+	<target host="webchat.pirateirc.net" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Pirate_Linux.org.xml b/src/chrome/content/rules/Pirate_Linux.org.xml
index 4f08e1015c8a..4c393d43fc21 100644
--- a/src/chrome/content/rules/Pirate_Linux.org.xml
+++ b/src/chrome/content/rules/Pirate_Linux.org.xml
@@ -1,13 +1,22 @@
-<ruleset name="Pirate Linux.org">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://piratelinux.org/ => https://piratelinux.org/: (51, "SSL: no alternative certificate subject name matches target host name 'piratelinux.org'")
+Fetch error: http://www.piratelinux.org/ => https://www.piratelinux.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.piratelinux.org'")
+
+	expired:
+		- lists
+-->
+<ruleset name="PirateLinux.org" default_off="failed ruleset test">
 
 	<target host="piratelinux.org" />
 	<target host="www.piratelinux.org" />
 
 
-	<securecookie host="^(?:www\.)?piratelinux\.org$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(www\.)?piratelinux\.org/"
-		to="https://$1piratelinux.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Pirate_Party.org.au.xml b/src/chrome/content/rules/Pirate_Party.org.au.xml
new file mode 100644
index 000000000000..8a749efe227f
--- /dev/null
+++ b/src/chrome/content/rules/Pirate_Party.org.au.xml
@@ -0,0 +1,38 @@
+<!--
+	For other Pirate Party coverage, see PirateParty.xml.
+
+
+	Nonfunctional hosts in *pirateparty.org.au:
+
+		- lists *
+
+	* Dropped
+
+
+	Insecure cookies are set for these domains:
+
+		- .pirateparty.org.au
+
+-->
+<ruleset name="Pirate Party.org.au (partial)">
+
+	<target host="pirateparty.org.au" />
+	<target host="analytics.pirateparty.org.au" />
+	<target host="discuss.pirateparty.org.au" />
+	<target host="join.pirateparty.org.au" />
+	<target host="payments.pirateparty.org.au" />
+	<target host="voting.pirateparty.org.au" />
+	<target host="www.pirateparty.org.au" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.pirateparty\.org\.au$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Piratemedia.net.xml b/src/chrome/content/rules/Piratemedia.net.xml
new file mode 100644
index 000000000000..07f88f671c69
--- /dev/null
+++ b/src/chrome/content/rules/Piratemedia.net.xml
@@ -0,0 +1,6 @@
+<ruleset name="Piratemedia.net">
+	<target host="piratemedia.net" />
+	<target host="www.piratemedia.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Piraten-Oberpfalz.de.xml b/src/chrome/content/rules/Piraten-Oberpfalz.de.xml
new file mode 100644
index 000000000000..4a46557e568e
--- /dev/null
+++ b/src/chrome/content/rules/Piraten-Oberpfalz.de.xml
@@ -0,0 +1,16 @@
+<!--
+	For other Pirate Party coverage, see PirateParty.xml.
+
+-->
+<ruleset name="Piraten-Oberpfalz.de" default_off="mismatched">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="piraten-oberpfalz.de" />
+	<target host="www.piraten-oberpfalz.de" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Piraten-Schwaben.de.xml b/src/chrome/content/rules/Piraten-Schwaben.de.xml
new file mode 100644
index 000000000000..5b24c66b5009
--- /dev/null
+++ b/src/chrome/content/rules/Piraten-Schwaben.de.xml
@@ -0,0 +1,29 @@
+<!--
+	For other Pirate Party coverage, see PirateParty.xml.
+
+
+	CN: *.piratenpartei-bayern.de
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- ^ from kollien-glaser.de
+			- ^ from www.piraten-schwaben.de
+
+-->
+<ruleset name="Piraten-Schwaben.de" default_off="mismatched">
+
+	<target host="piraten-schwaben.de"/>
+	<target host="piwik.piraten-schwaben.de"/>
+	<target host="www.piraten-schwaben.de"/>
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Piraten-Ufr.de.xml b/src/chrome/content/rules/Piraten-Ufr.de.xml
new file mode 100644
index 000000000000..398fee28b246
--- /dev/null
+++ b/src/chrome/content/rules/Piraten-Ufr.de.xml
@@ -0,0 +1,30 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://piraten-ufr.de/ => https://piraten-ufr.de/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://mail.piraten-ufr.de/ => https://mail.piraten-ufr.de/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.piraten-ufr.de/ => https://www.piraten-ufr.de/: (60, 'SSL certificate problem: certificate has expired')
+
+	For other Pirate Party coverage, see PirateParty.xml.
+
+
+	Mixed content:
+
+		- Image on www from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Piraten-Ufr.de" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="piraten-ufr.de" />
+	<target host="mail.piraten-ufr.de" />
+	<target host="www.piraten-ufr.de" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Piratenkleider.de.xml b/src/chrome/content/rules/Piratenkleider.de.xml
new file mode 100644
index 000000000000..5e631f143ba8
--- /dev/null
+++ b/src/chrome/content/rules/Piratenkleider.de.xml
@@ -0,0 +1,16 @@
+<!--
+	Nonfunctional hosts in *.piratenkleider.de:
+		- laderaum.piratenkleider.de (m)
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Piratenkleider.de">
+	<target host="piratenkleider.de" />
+	<target host="www.piratenkleider.de" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Piratenlogin.de.xml b/src/chrome/content/rules/Piratenlogin.de.xml
deleted file mode 100644
index 2c9abcba72b4..000000000000
--- a/src/chrome/content/rules/Piratenlogin.de.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!-- This rule was automatically generated based on an HSTS
-     preload rule in the Chromium browser.  See
-     https://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.h
-     for the list of preloads.  Sites are added to the Chromium HSTS
-     preload list on request from their administrators, so HTTPS should
-     work properly everywhere on this site.
-
-     Because Chromium and derived browsers automatically force HTTPS for
-     every access to this site, this rule applies only to Firefox. -->
-<ruleset name="Piratenlogin.de" platform="firefox">
-<target host="piratenlogin.de" />
-
-<securecookie host="^piratenlogin\.de$" name=".+" />
-
-<rule from="^http://piratenlogin\.de/" to="https://piratenlogin.de/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Piratenpartei-bayern.de.xml b/src/chrome/content/rules/Piratenpartei-bayern.de.xml
new file mode 100644
index 000000000000..4eb46665d5fd
--- /dev/null
+++ b/src/chrome/content/rules/Piratenpartei-bayern.de.xml
@@ -0,0 +1,29 @@
+<!--
+	For other Pirate Party coverage, see PirateParty.xml.
+
+
+	Problematic hosts in *piratenpartei-bayern.de:
+
+		- niederbayern
+
+	* Redirect destination mismatched
+
+-->
+<ruleset name="Piratenpartei-bayern.de (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="piratenpartei-bayern.de" />
+	<target host="events.piratenpartei-bayern.de" />
+	<target host="oberbayern.piratenpartei-bayern.de" />
+	<target host="stuke2.piratenpartei-bayern.de" />
+	<target host="www.piratenpartei-bayern.de" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Piratenpartei.at.xml b/src/chrome/content/rules/Piratenpartei.at.xml
new file mode 100644
index 000000000000..6882706a97af
--- /dev/null
+++ b/src/chrome/content/rules/Piratenpartei.at.xml
@@ -0,0 +1,23 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://w.piratenpartei.at/ => https://w.piratenpartei.at/: (51, "SSL: no alternative certificate subject name matches target host name 'w.piratenpartei.at'")
+
+	For other Pirate Party coverage, see PirateParty.xml.
+
+-->
+<ruleset name="Piratenpartei.at" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="piratenpartei.at" />
+	<target host="liquid.piratenpartei.at" />
+	<target host="w.piratenpartei.at" />
+	<target host="wiki.piratenpartei.at" />
+	<target host="www.piratenpartei.at" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Piratenpartei.de.xml b/src/chrome/content/rules/Piratenpartei.de.xml
new file mode 100644
index 000000000000..644db7cb03a7
--- /dev/null
+++ b/src/chrome/content/rules/Piratenpartei.de.xml
@@ -0,0 +1,81 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://beo.piratenpartei.de/ => https://beo.piratenpartei.de/: (7, 'Failed to connect to beo.piratenpartei.de port 443: No route to host')
+Fetch error: http://lqfb.piratenpartei.de/ => https://lqfb.piratenpartei.de/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://live.piratenpartei.de/ => https://live.piratenpartei.de/: (7, 'Failed to connect to live.piratenpartei.de port 443: Connection refused')
+Fetch error: http://pshop.piratenpartei.de/ => https://pshop.piratenpartei.de/: (28, 'Connection timed out after 20000 milliseconds')
+
+	For other Pirate Party coverage, see PirateParty.xml.
+
+
+	Nonfunctional hosts in *piratenpartei.de:
+
+		- planet *
+
+	* Reset
+
+
+	Problematic hosts in *piratenpartei.de:
+
+		- oberbayern *
+		- oberpfalz *
+
+	* Mismatched
+
+
+	forum: 502 over http & https
+
+
+	These altnames don't exist:
+
+		- www.lqfb.piratenpartei.de
+		- nntp.piratenpartei.de
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- beo.piratenpartei.de
+		- .news.piratenpartei.de
+		- .shop.piratenpartei.de
+
+-->
+<ruleset name="Piratenpartei.de (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="piratenpartei.de" />
+	<target host="beo.piratenpartei.de" />
+	<target host="flaschenpost.piratenpartei.de" />
+	<!--target host="forum.piratenpartei.de" /-->
+	<target host="lqfb.piratenpartei.de" />
+	<target host="live.piratenpartei.de" />
+	<target host="news.piratenpartei.de" />
+	<target host="pshop.piratenpartei.de" />
+	<target host="service.piratenpartei.de" />
+	<target host="shop.piratenpartei.de" />
+	<target host="vorstand.piratenpartei.de" />
+	<target host="wiki.piratenpartei.de" />
+	<target host="www.piratenpartei.de" />
+
+	<!--	Complications:
+				-->
+	<target host="oberbayern.piratenpartei.de" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^beo\.piratenpartei\.de$" name="^wikiargument_session$" /-->
+	<!--securecookie host="^\.news\.piratenpartei\.de$" name="^mybb\[(?:announcements|lastactive|lastvisit)\]$" /-->
+	<!--securecookie host="^\.shop\.piratenpartei\.de$" name="^sid_customer_\d+$" /-->
+
+	<securecookie host=".+" name=".+"/>
+
+
+	<rule from="^http://oberbayern\.piratenpartei\.de/"
+		to="https://oberbayern.piratenpartei-bayern.de/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Pirati.cz.xml b/src/chrome/content/rules/Pirati.cz.xml
new file mode 100644
index 000000000000..c4d12d79b8dd
--- /dev/null
+++ b/src/chrome/content/rules/Pirati.cz.xml
@@ -0,0 +1,71 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.irc.pirati.cz/ => https://www.irc.pirati.cz/: (51, "SSL: no alternative certificate subject name matches target host name 'www.irc.pirati.cz'")
+Fetch error: http://www.piwik.pirati.cz/ => https://www.piwik.pirati.cz/: (51, "SSL: no alternative certificate subject name matches target host name 'www.piwik.pirati.cz'")
+Fetch error: http://www.redmine.pirati.cz/ => https://www.redmine.pirati.cz/: (51, "SSL: no alternative certificate subject name matches target host name 'www.redmine.pirati.cz'")
+Fetch error: http://www.shop.pirati.cz/ => https://www.shop.pirati.cz/: (51, "SSL: no alternative certificate subject name matches target host name 'www.shop.pirati.cz'")
+Fetch error: http://www.www.pirati.cz/ => https://www.www.pirati.cz/: (6, 'Could not resolve host: www.www.pirati.cz')
+
+	For other Pirate Party coverage, see PirateParty.xml.
+
+
+	STS header includes includeSubdomains for ^, irc, kalendar, piwik, redmine, shop, www
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.pirati.cz
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Pirati.cz" default_off="failed ruleset test">
+
+	<target host="pirati.cz" />
+	<target host="*.pirati.cz" />
+
+		<exclusion pattern="^http://(?:(?![^.]+\.(?:irc|piwik|redmine|shop|www)\.pirati\.cz/)(?:[^./]+\.){2,}|(?:[^./]+\.){3,})pirati\.cz/" />
+
+			<!--	+ve:
+					-->
+			<test url="http://this.host.pirati.cz/" />
+			<test url="http://exists.not.pirati.cz/" />
+			<test url="http://www.forum.pirati.cz/" />
+			<test url="http://this.host.irc.pirati.cz/" />
+			<test url="http://exists.not.irc.pirati.cz/" />
+			<test url="http://this.host.piwik.pirati.cz/" />
+			<test url="http://exists.not.piwik.pirati.cz/" />
+			<test url="http://this.host.redmine.pirati.cz/" />
+			<test url="http://exists.not.redmine.pirati.cz/" />
+			<test url="http://this.host.shop.pirati.cz/" />
+			<test url="http://exists.not.shop.pirati.cz/" />
+			<test url="http://this.host.www.pirati.cz/" />
+			<test url="http://exists.not.www.pirati.cz/" />
+
+		<test url="http://forum.pirati.cz/" />
+		<test url="http://irc.pirati.cz/" />
+		<test url="http://www.irc.pirati.cz/" />
+		<test url="http://kalendar.pirati.cz/" />
+		<test url="http://www.kalendar.pirati.cz/" />
+		<test url="http://piwik.pirati.cz/" />
+		<test url="http://www.piwik.pirati.cz/" />
+		<test url="http://redmine.pirati.cz/" />
+		<test url="http://www.redmine.pirati.cz/" />
+		<test url="http://shop.pirati.cz/" />
+		<test url="http://www.shop.pirati.cz/" />
+		<test url="http://www.pirati.cz/" />
+		<test url="http://www.www.pirati.cz/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.pirati\.cz$" name="^(?:DW[\da-f]{32}|Piznam)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Piratpartiet.se.xml b/src/chrome/content/rules/Piratpartiet.se.xml
new file mode 100644
index 000000000000..d10cb78d9b8b
--- /dev/null
+++ b/src/chrome/content/rules/Piratpartiet.se.xml
@@ -0,0 +1,21 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://piratpartiet.se/ => https://piratpartiet.se/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.piratpartiet.se/ => https://www.piratpartiet.se/: (60, 'SSL certificate problem: certificate has expired')
+
+	For other Pirate Party coverage, see PirateParty.xml.
+
+-->
+<ruleset name="Piratpartiet.se (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="piratpartiet.se" />
+	<target host="www.piratpartiet.se" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Piratpartiet.xml b/src/chrome/content/rules/Piratpartiet.xml
new file mode 100644
index 000000000000..04bcceb8457b
--- /dev/null
+++ b/src/chrome/content/rules/Piratpartiet.xml
@@ -0,0 +1,18 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://arbeidskontoret.piratpartiet.no/ => https://arbeidskontoret.piratpartiet.no/: (6, 'Could not resolve host: arbeidskontoret.piratpartiet.no')
+
+	Non-functional domain:
+		- piratpartiet.no	(hostname mismatch, CN: *.piratpartiet.no)
+-->
+<ruleset name="Piratpartiet" default_off="failed ruleset test">
+	<target host="arbeidskontoret.piratpartiet.no" />
+	<target host="wiki.piratpartiet.no" />
+	<target host="www.piratpartiet.no" />
+
+  	<securecookie host="^(arbeidskontoret|wiki|www)\.piratpartiet\.no$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Piriform.xml b/src/chrome/content/rules/Piriform.xml
index 955853470f3e..eb7ed0b38fc8 100644
--- a/src/chrome/content/rules/Piriform.xml
+++ b/src/chrome/content/rules/Piriform.xml
@@ -1,30 +1,97 @@
 <!--
 	CDN buckets:
 
+		- s3.amazonaws.com/static.piriform.com/
+
 		- d1k4dgg08m176h.cloudfront.net
 
 			- download
 
+		- d3sg17i8imdw59.cloudfront.net
+
+			- static
+
+		- d3sg17i8imdw59.cloudfront.net
+
+			- s1.pir.fm
+
+
+	Nonfunctional domains:
+
+		- forum.piriform.com	(http reply)
+
+
+	Problematic domains:
+
+		- s1.pir.fm ¹
+
+		- piriform.com subdomains:
+
+			- ^		(cert only matches www)
+			- download ¹
+			- support	(zendesk)
+			- static ¹
+
+	¹ cloudfront
+
+
+	Partially covered domains:
+
+		- support.piriform.com	(→ piriform.zendesk.com)
+
+
+	Fully covered domains:
+
+		- s1.pir.fm	( → d3sg17i8imdw59.cloudfront.net)
+
+		- piriform.com subdomains:
+
+			- (www.)	(^ → www)
+			- download	(→ d1k4dgg08m176h.cloudfront.net)
+			- secure
+			- static	(→ d3sg17i8imdw59.cloudfront.net)
+
+
+	Mixed content:
+
+		- Images on www, from:
+
+			- static *
+			- s1.pir.fm *
+
+	* Secured by us
+
 -->
-<ruleset name="Piriform (partial)" platform="mixedcontent">
+<ruleset name="Piriform (partial)">
 
+	<target host="s1.pir.fm" />
 	<target host="piriform.com" />
-	<target host="*.piriform.com" />
+	<target host="www.piriform.com" />
+	<target host="download.piriform.com" />
+	<target host="secure.piriform.com" />
+	<target host="static.piriform.com" />
+	<target host="support.piriform.com" />
 
 
 	<securecookie host="^\.secure\.piriform\.com$" name=".+" />
 
 
+	<rule from="^http://s1\.pir\.fm/"
+		to="https://s1.pir.fm/" />
+
 	<rule from="^http://(?:www\.)?piriform\.com/"
 		to="https://www.piriform.com/" />
 
 	<rule from="^http://download\.piriform\.com/"
-		to="https://d1k4dgg08m176h.cloudfront.net/" />
+		to="https://download.piriform.com/" />
 
 	<rule from="^http://secure\.piriform\.com/"
 		to="https://secure.piriform.com/" />
 
-	<rule from="^https?://static\.piriform\.com/"
-		to="https://s3.amazonaws.com/static.piriform.com/" />
+	<rule from="^http://static\.piriform\.com/"
+		to="https://d3sg17i8imdw59.cloudfront.net/" />
+
+	<rule from="^http://support\.piriform\.com/(?=generated/|images/|system/)"
+		to="https://piriform.zendesk.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Piscatus.se.xml b/src/chrome/content/rules/Piscatus.se.xml
index 0c827a435eaa..21025962ecec 100644
--- a/src/chrome/content/rules/Piscatus.se.xml
+++ b/src/chrome/content/rules/Piscatus.se.xml
@@ -1,7 +1,16 @@
-<ruleset name="Piscatus.se">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://piscatus.se/ => https://piscatus.se/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.piscatus.se/ => https://www.piscatus.se/: (28, 'Connection timed out after 20001 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://piscatus.se/ => https://piscatus.se/: (7, 'Failed to connect to piscatus.se port 443: Connection refused')
+Fetch error: http://www.piscatus.se/ => https://www.piscatus.se/: (7, 'Failed to connect to www.piscatus.se port 443: Connection refused')
+-->
+<ruleset name="Piscatus.se" default_off="failed ruleset test">
 	<target host="piscatus.se" />
 	<target host="www.piscatus.se" />
-	<rule from="^http://www\.piscatus\.se/" to="https://www.piscatus.se/"/>
-	<rule from="^http://piscatus\.se/" to="https://piscatus.se/"/>
+	<rule from="^http:" to="https:" />
 </ruleset>
 
diff --git a/src/chrome/content/rules/Piston_Cloud_Computing.xml b/src/chrome/content/rules/Piston_Cloud_Computing.xml
index 1e7dcab04b23..a91a42904095 100644
--- a/src/chrome/content/rules/Piston_Cloud_Computing.xml
+++ b/src/chrome/content/rules/Piston_Cloud_Computing.xml
@@ -1,14 +1,22 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://pistoncloud.com/ => https://www.pistoncloud.com/: (28, 'Connection timed out after 20004 milliseconds')
+Fetch error: http://www.pistoncloud.com/ => https://www.pistoncloud.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://pistoncloud.com/ => https://www.pistoncloud.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.pistoncloud.com'")
+Fetch error: http://www.pistoncloud.com/ => https://www.pistoncloud.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.pistoncloud.com'")
 	Cert only matches www.
 
 -->
-<ruleset name="Piston Cloud Computing">
+<ruleset name="Piston Cloud Computing" default_off="failed ruleset test">
 
 	<target host="pistoncloud.com" />
 	<target host="www.pistoncloud.com" />
 
 
-	<rule from="^https?://(?:www\.)?pistoncloud\.com/"
+	<rule from="^http://(?:www\.)?pistoncloud\.com/"
 		to="https://www.pistoncloud.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Pittsburgh-Post-Gazette.xml b/src/chrome/content/rules/Pittsburgh-Post-Gazette.xml
index 0fa20fd2b0f7..043abf194b45 100644
--- a/src/chrome/content/rules/Pittsburgh-Post-Gazette.xml
+++ b/src/chrome/content/rules/Pittsburgh-Post-Gazette.xml
@@ -1,22 +1,107 @@
 <!--
-	c4241337.r37.cf2.rackcdn.com
-	c4241337.ssl.cf2.rackcdn.com
+	Pittsburgh Post-Gazette
 
+	For rules causing false/broken MCB, see Post-Gazette.com-falsemixed.xml.
 
-	Nonfunctional subdomains:
 
-		- cinesport	(cert: gp1.wac.edgecastcdn.net; 404)
-		- classified	(cert: ssl.post-gazette.com; shows that domain's data)
-		- old
-		- (www.)
+	CDN buckets:
+
+		- c4241337.r37.cf2.rackcdn.com
+		- c4241337.ssl.cf2.rackcdn.com
+
+
+	Nonfunctional hosts in *post-gazette.com:
+
+		- blogs ¹
+		- cinesport ²
+		- classified ³
+		- communityvoices ¹
+		- earlyreturns ¹
+		- newsinteractive ¹
+		- old ³
+		- projects ¹
+		- sportstown ¹
+		- store ⁴
+
+	¹ Refused
+	² 404, CN: gp1.wac.edgecastcdn.net
+	³ Dropped
+	⁴ Shows another domain
+
+
+	Problematic hosts in *post-gazette.com:
+
+		- ^ *
+		- oascentral *
+		- plus.sites *
+		- weddings *
+		- widget *
+
+	* Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- my.post-gazette.com
+
+
+	Mixed content:
+
+		- css, on:
+
+			- pge, press, www from my.post-gazette.com *
+			- powersource from $self *
+			- www from widget.post-gazette.com
+
+		- Images,
+
+			- on powersource from $self *
+			- on powersource, www from www.post-gazette.com *
+
+		- Bugs, on:
+
+			- pge from imagec17.247realmedia.com *
+			- pge from oascentral.post-gazette.com *
+			- powersource, www from b.scorecardresearch.com *
+			- www from bcp.crwdcntrl.net *
+
+	* Secured by us
 
 -->
-<ruleset name="Pittsburgh Post-Gazette (partial)">
+<ruleset name="Post-Gazette.com (partial)">
 
+	<!--	Direct rewrites:
+				-->
+	<target host="my.post-gazette.com" />
+	<!--target host="pge.post-gazette.com" /-->
+	<!--target host="powersource.post-gazette.com" /-->
+	<!--target host="press.post-gazette.com" /-->
+	<target host="sportsblogs.post-gazette.com" />
 	<target host="ssl.post-gazette.com" />
+	<!--target host="www.post-gazette.com" /-->
+
+	<!--	Complications:
+				-->
+	<!--target host="post-gazette.com" /-->
+	<target host="oascentral.post-gazette.com" />
+
+		<test url="http://oascentral.post-gazette.com/RealMedia/ads/adstream_nx.ads/pge.post-gazette.com/@BottomRight" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^my\.post-gazette\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<!--rule from="^http://post-gazette\.com/"
+		to="https://www.post-gazette.com/" /-->
 
+	<rule from="^http://oascentral\.post-gazette\.com/"
+		to="https://oasc17.247realmedia.com/" />
 
-	<rule from="^http://ssl\.post-gazette\.com/"
-		to="https://ssl.post-gazette.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/PittsburghZoo.org.xml b/src/chrome/content/rules/PittsburghZoo.org.xml
new file mode 100644
index 000000000000..cc51d1aa3323
--- /dev/null
+++ b/src/chrome/content/rules/PittsburghZoo.org.xml
@@ -0,0 +1,17 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://pittsburghzoo.org/ => https://pittsburghzoo.org/: (35, 'Unknown SSL protocol error in connection to pittsburghzoo.org:443 ')
+Fetch error: http://www.pittsburghzoo.org/ => https://www.pittsburghzoo.org/: (35, 'Unknown SSL protocol error in connection to www.pittsburghzoo.org:443 ')
+
+	Invalid certificate:
+		staging.pittsburghzoo.org
+-->
+<ruleset name="Pittsburgh Zoo" default_off="failed ruleset test">
+	<target host="pittsburghzoo.org" />
+	<target host="www.pittsburghzoo.org" />
+
+	<securecookie host="^(www\.)?pittsburgzoo\.org$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Pivotal.xml b/src/chrome/content/rules/Pivotal.xml
index 39eefff4103f..4339d714f78d 100644
--- a/src/chrome/content/rules/Pivotal.xml
+++ b/src/chrome/content/rules/Pivotal.xml
@@ -2,18 +2,42 @@
 	Other Pivotal rulesets:
 
 		- Cloud_Foundry.xml
+		- Cloud_Foundry.org.xml
 		- RabbitMQ.xml
+		- Spring.io.xml
 
 -->
-<ruleset name="Pivotal">
-
-	<target host="*.run.pivotal.io" />
-
-
-	<securecookie host="^(?:console|login)\.run\.pivotal\.io$" name=".+" />
-
-
-	<rule from="^http://(console|login)\.run\.pivotal\.io/"
-		to="https://$1.run.pivotal.io/" />
-
-</ruleset>
\ No newline at end of file
+<ruleset name="Pivotal.io (partial)">
+	<target host="pivotal.io" />
+	<target host="www.pivotal.io" />
+
+	<target host="blog.pivotal.io" />
+	<target host="network.pivotal.io" />
+	<target host="run.pivotal.io" />
+
+	<target host="console.run.pivotal.io" />
+	<target host="login.run.pivotal.io" />
+	<target host="status.run.pivotal.io" />
+
+	<target host="support.pivotal.io" />
+	<target host="support.run.pivotal.io" />
+
+	<target host="docs.pivotal.io" />
+	<target host="docs.run.pivotal.io" />
+	<target host="gemfire-native.docs.pivotal.io" />
+	<target host="gemfire.docs.pivotal.io" />
+	<target host="gemfirexd.docs.pivotal.io" />
+	<target host="ggc.docs.pivotal.io" />
+	<target host="gpcc.docs.pivotal.io" />
+	<target host="gpdb.docs.pivotal.io" />
+	<target host="gptext.docs.pivotal.io" />
+	<target host="hdb.docs.pivotal.io" />
+	<target host="pivotalhd.docs.pivotal.io" />
+	<target host="rabbitmq.docs.pivotal.io" />
+	<target host="redis.docs.pivotal.io" />
+	<target host="tcserver.docs.pivotal.io" />
+	<target host="webserver.docs.pivotal.io" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Pivotal_Labs.xml b/src/chrome/content/rules/Pivotal_Labs.xml
deleted file mode 100644
index b87ab410bd6f..000000000000
--- a/src/chrome/content/rules/Pivotal_Labs.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	At least some pages redirect to http.
-
-
-	Nonfunctional subdomains:
-
-		- feed		(interrupted)
-
--->
-<ruleset name="Pivotal Labs (partial)">
-
-	<target host="pivotallabs.com" />
-	<target host="*.pivotallabs.com" />
-
-
-	<rule from="^http://(www\.)?pivotallabs\.com/(image|stylesheet)s/"
-		to="https://$1pivotallabs.com/$2s/" />
-
-	<rule from="^https?://assets\.pivotallabs\.com/"
-		to="https://s3.amazonaws.com/assets.pivotallabs.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Pivotaltracker.xml b/src/chrome/content/rules/Pivotaltracker.xml
deleted file mode 100644
index e74c5058aa33..000000000000
--- a/src/chrome/content/rules/Pivotaltracker.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="Pivotal Tracker">
-  <target host="pivotaltracker.com" />
-  <target host="www.pivotaltracker.com" />
-
-  <rule from="^http://(?:www\.)?pivotaltracker\.com/" to="https://www.pivotaltracker.com/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Piwigo.com.xml b/src/chrome/content/rules/Piwigo.com.xml
new file mode 100644
index 000000000000..c6ddfb782f1f
--- /dev/null
+++ b/src/chrome/content/rules/Piwigo.com.xml
@@ -0,0 +1,17 @@
+<!--
+	For other Piwigo coverage, see Piwigo.org.xml.
+
+	This host uses a wildcard DNS record.
+	Customers get their own subdomain.
+-->
+<ruleset name="Piwigo.com">
+	<target host="piwigo.com" />
+	<target host="*.piwigo.com" />
+
+	<test url="http://demo.piwigo.com/" />
+	<test url="http://es.piwigo.com/" />
+	<test url="http://fr.piwigo.com/" />
+	<test url="http://www.piwigo.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Piwigo.org.xml b/src/chrome/content/rules/Piwigo.org.xml
new file mode 100644
index 000000000000..9acf770ccf4d
--- /dev/null
+++ b/src/chrome/content/rules/Piwigo.org.xml
@@ -0,0 +1,22 @@
+<!--
+	Other Piwigo rulesets:
+		- Piwigo.com.xml
+-->
+<ruleset name="Piwigo.org">
+	<target host="piwigo.org" />
+	<target host="www.piwigo.org" />
+	<target host="br.piwigo.org" />
+	<target host="cn.piwigo.org" />
+	<target host="da.piwigo.org" />
+	<target host="de.piwigo.org" />
+	<target host="es.piwigo.org" />
+	<target host="fr.piwigo.org" />
+	<target host="hu.piwigo.org" />
+	<target host="it.piwigo.org" />
+	<target host="nl.piwigo.org" />
+	<target host="pl.piwigo.org" />
+	<target host="ru.piwigo.org" />
+	<target host="tr.piwigo.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Piwik.org.xml b/src/chrome/content/rules/Piwik.org.xml
index 87a44801c306..49c93b333460 100644
--- a/src/chrome/content/rules/Piwik.org.xml
+++ b/src/chrome/content/rules/Piwik.org.xml
@@ -1,33 +1,44 @@
 <!--
-	Nonfunctional subdomains:
+	Nonfunctional hosts in *piwik.org:
 
-		- de *
 		- forum	(401, CN: superadmin.mysnip.de)
-		- el *
-		- fr *
-		- pl *
+		- lists (no response)
 
-	* Shows www
 
+	Mixed content:
 
-	Fully covered subdomains:
+		- Bug on ^ from demo.piwik.org *
 
-		- (www.)
-		- demo
-		- dev
+	* Secured by us
 
 -->
 <ruleset name="piwik.org (partial)">
 
 	<target host="piwik.org" />
-	<target host="*.piwik.org" />
+	<target host="api.piwik.org" />
+	<target host="builds.piwik.org" />
+	<target host="crowdfunding.piwik.org" />
+	<target host="debian.piwik.org" />
+	<target host="demo.piwik.org" />
+	<target host="demo-anonymous.piwik.org" />
+	<target host="dev.piwik.org" />
+	<target host="developer.piwik.org" />
+	<target host="fr.piwik.org" />
+	<target host="issues.piwik.org" />
+	<target host="pl.piwik.org" />
+	<target host="plugins.piwik.org" />
+	<target host="staging.piwik.org" />
+	<target host="survey.piwik.org" />
+	<target host="themes.piwik.org" />
+	<target host="www.piwik.org" />
 
 
 	<!--securecookie host="^\.piwik\.org$" name="^(?:_icl_current_language|_pk_cvar\.1\.a819|_pk_id\.1\.a819|_pk_ses\.1\.a819)$" /-->
-	<securecookie host="^(?:.+\.)?piwik\.org$" name=".+" />
 
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://((?:demo|dev|www)\.)?piwik\.org/"
-		to="https://$1piwik.org/" />
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/PixFuture.xml b/src/chrome/content/rules/PixFuture.xml
index 325137f40cf8..46ac0fb91b9e 100644
--- a/src/chrome/content/rules/PixFuture.xml
+++ b/src/chrome/content/rules/PixFuture.xml
@@ -6,13 +6,14 @@
 -->
 <ruleset name="PixFuture (partial)">
 
-	<target host="*.pixfuture.net" />
+	<target host="ax-d.pixfuture.net" />
+	<target host="portal.pixfuture.net" />
 
 
-	<rule from="^https?://ax-d\.pixfuture\.net/"
+	<rule from="^http://ax-d\.pixfuture\.net/"
 		to="https://pixfuture-d3.openxenterprise.com/" />
 
-	<rule from="^https?://portal\.pixfuture\.net/"
+	<rule from="^http://portal\.pixfuture\.net/"
 		to="https://pixfuture-ui3.openxenterprise.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Pixcept.de.xml b/src/chrome/content/rules/Pixcept.de.xml
new file mode 100644
index 000000000000..57c982005e53
--- /dev/null
+++ b/src/chrome/content/rules/Pixcept.de.xml
@@ -0,0 +1,22 @@
+<!--
+	Mixed content:
+
+		- Bug from piwik.pixcept.de *
+
+	* Secured by us
+
+-->
+<ruleset name="pixcept.de">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="pixcept.de" />
+	<target host="piwik.pixcept.de" />
+	<target host="visit.pixcept.de" />
+	<target host="www.pixcept.de" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PixelX.de.xml b/src/chrome/content/rules/PixelX.de.xml
new file mode 100644
index 000000000000..8af91994b863
--- /dev/null
+++ b/src/chrome/content/rules/PixelX.de.xml
@@ -0,0 +1,49 @@
+<!--
+	Nonfunctional hosts in *pixelx.de:
+
+		- blog *
+		- piwik *
+
+	* Redirects to www.pixelx.de
+
+
+	STS header includes includeSubdomains
+
+
+	Insecure cookies are set for these hosts:
+
+		- domain.pixelx.de
+
+
+	Mixed content:
+
+		- Bug on www from piwik.pixelx.de
+
+-->
+<ruleset name="PixelX.de (partial)">
+
+	<target host="pixelx.de" />
+	<target host="*.pixelx.de" />
+
+		<exclusion pattern="^http://(?:blog|piwik)\.pixelx\.de/" />
+
+			<!--	+ve:
+					-->
+			<test url="http://blog.pixelx.de/" />
+			<test url="http://piwik.pixelx.de/" />
+
+		<test url="http://domain.pixelx.de/" />
+		<test url="http://www.pixelx.de/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^domain\.pixelx\.de$" name="^PHPSESSID$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Pixel_Exit.com.xml b/src/chrome/content/rules/Pixel_Exit.com.xml
new file mode 100644
index 000000000000..e6a15ff81ec7
--- /dev/null
+++ b/src/chrome/content/rules/Pixel_Exit.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="Pixel Exit.com">
+
+	<target host="pixelexit.com" />
+	<target host="www.pixelexit.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Pixelated-Project.org.xml b/src/chrome/content/rules/Pixelated-Project.org.xml
new file mode 100644
index 000000000000..34c0a0e5ffb0
--- /dev/null
+++ b/src/chrome/content/rules/Pixelated-Project.org.xml
@@ -0,0 +1,17 @@
+<!--
+	Problematic subdomains:
+
+		- try...:8080 *
+
+	* Mismatched, self-signed
+
+-->
+<ruleset name="Pixelated-Project.org (partial)">
+
+	<target host="pixelated-project.org" />
+	<target host="www.pixelated-project.org" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Pixelbeat.org.xml b/src/chrome/content/rules/Pixelbeat.org.xml
new file mode 100644
index 000000000000..01983abb3de3
--- /dev/null
+++ b/src/chrome/content/rules/Pixelbeat.org.xml
@@ -0,0 +1,13 @@
+<!--
+
+	Refused hosts in *pixelbeat.org:
+
+		- comments
+
+-->
+<ruleset name="Pixelbeat.org">
+	<target host="pixelbeat.org" />
+	<target host="www.pixelbeat.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Pixelh8.xml b/src/chrome/content/rules/Pixelh8.xml
index 7026f359da57..b7c09699ce84 100644
--- a/src/chrome/content/rules/Pixelh8.xml
+++ b/src/chrome/content/rules/Pixelh8.xml
@@ -1,10 +1,19 @@
-<ruleset name="Pixelh8">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://pixelh8.co.uk/ => https://pixelh8.co.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'pixelh8.co.uk'")
+Fetch error: http://www.pixelh8.co.uk/ => https://www.pixelh8.co.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'www.pixelh8.co.uk'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://pixelh8.co.uk/ => https://pixelh8.co.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'pixelh8.co.uk'")
+Fetch error: http://www.pixelh8.co.uk/ => https://www.pixelh8.co.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'www.pixelh8.co.uk'")
+-->
+<ruleset name="Pixelh8" default_off="failed ruleset test">
 
 	<target host="pixelh8.co.uk" />
 	<target host="www.pixelh8.co.uk" />
 
 
-	<rule from="^http://(www\.)?pixelh8\.co\.uk/"
-		to="https://$1pixelh8.co.uk/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Pixeline.be.xml b/src/chrome/content/rules/Pixeline.be.xml
new file mode 100644
index 000000000000..4966d35f7e18
--- /dev/null
+++ b/src/chrome/content/rules/Pixeline.be.xml
@@ -0,0 +1,10 @@
+<ruleset name="pixeline.be">
+
+	<target host="pixeline.be" />
+	<target host="www.pixeline.be" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Pixfs.net.xml b/src/chrome/content/rules/Pixfs.net.xml
new file mode 100644
index 000000000000..9252e1959eaa
--- /dev/null
+++ b/src/chrome/content/rules/Pixfs.net.xml
@@ -0,0 +1,19 @@
+<!--
+	For other Pixnet coverage, see Pixnet.net.xml.
+
+-->
+<ruleset name="pixfs.net">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="asset-7headlines.pixfs.net" />
+	<target host="mainpage.pixfs.net" />
+	<target host="panel.pixfs.net" />
+	<target host="s.pixfs.net" />
+	<target host="static-7headlines.pixfs.net" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Pixi.me.xml b/src/chrome/content/rules/Pixi.me.xml
deleted file mode 100644
index 4bdbbc0d21d3..000000000000
--- a/src/chrome/content/rules/Pixi.me.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!-- This rule was automatically generated based on an HSTS
-     preload rule in the Chromium browser.  See 
-     https://src.chromium.org/viewvc/chrome/trunk/src/net/base/transport_security_state.cc
-     for the list of preloads.  Sites are added to the Chromium HSTS
-     preload list on request from their administrators, so HTTPS should
-     work properly everywhere on this site.
- 
-     Because Chromium and derived browsers automatically force HTTPS for
-     every access to this site, this rule applies only to Firefox. -->
-<ruleset name="Pixi.me" platform="firefox">
-  <target host="pixi.me" />
-  <target host="www.pixi.me" />
-
-  <securecookie host="^pixi\.me$" name=".+" />
-  <securecookie host="^www\.pixi\.me$" name=".+" />
-
-  <rule from="^http://pixi\.me/" to="https://pixi.me/" />
-  <rule from="^http://www\.pixi\.me/" to="https://www.pixi.me/" />
-  <!-- TODO: all subdomains of pixi.me appear to be available in HTTPS too -->
-</ruleset>
diff --git a/src/chrome/content/rules/Pixiq.xml b/src/chrome/content/rules/Pixiq.xml
deleted file mode 100644
index b083ac7a0b76..000000000000
--- a/src/chrome/content/rules/Pixiq.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	CDN buckets:
-
-		- d1xlgqsil28g2u.cloudfront.net
-			- woofie[1-4].pixiq.com
-
-
-	Nonfunctional subdomains:
-
-		- (www.)
-
--->
-<ruleset name="Pixiq (partial)">
-
-	<target host="*.pixiq.com" />
-
-
-	<rule from="^https?://woofie[1-4]\.pixiq\.com/"
-		to="https://d1xlgqsil28g2u.cloudfront.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Pixiv.xml b/src/chrome/content/rules/Pixiv.xml
new file mode 100644
index 000000000000..951886c14fcd
--- /dev/null
+++ b/src/chrome/content/rules/Pixiv.xml
@@ -0,0 +1,59 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+		- inside.pixiv.net
+
+		Timeout was reached:
+		- dev.pixiv.net
+		- help.pixiv.net
+		- mx.pixiv.net
+
+		SSL peer certificate was not OK:
+		- iracon.pixiv.net
+		- genepixiv.pr.pixiv.net
+		- kurofune.pr.pixiv.net
+		- pool.pr.pixiv.net
+		- times.pixiv.net
+
+		Different content:
+		- m.pixiv.net
+-->
+<ruleset name="Pixiv (partial)">
+	<target host="pixiv.co.jp" />
+	<target host="www.pixiv.co.jp" />
+
+	<target host="pixiv.net" />
+	<target host="www.pixiv.net" />
+	<target host="accounts.pixiv.net" />
+	<target host="chat.pixiv.net" />
+	<target host="comic.pixiv.net" />
+	<target host="dic.pixiv.net" />
+	<target host="embed.pixiv.net" />
+	<target host="factory.pixiv.net" />
+	<target host="i1.pixiv.net" />
+	<target host="i2.pixiv.net" />
+	<target host="i3.pixiv.net" />
+	<target host="i4.pixiv.net" />
+	<target host="img-comic.pixiv.net" />
+	<target host="img-novel.pixiv.net" />
+	<target host="imgaz.pixiv.net" />
+	<target host="m.pixiv.net" />
+	<target host="novel.pixiv.net" />
+	<target host="recruit.pixiv.net" />
+	<target host="sensei.pixiv.net" />
+	<target host="sketch.pixiv.net" />
+	<target host="source.pixiv.net" />
+	<target host="touch.pixiv.net" />
+
+	<target host="pximg.net" />
+	<target host="www.pximg.net" />
+	<target host="i.pximg.net" />
+
+	<target host="d.pixiv.org" />
+
+	<rule from="^http://m\.pixiv\.net/"
+			to="https://www.pixiv.net/" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Pixlr.com.xml b/src/chrome/content/rules/Pixlr.com.xml
new file mode 100644
index 000000000000..b6a5d51b88ee
--- /dev/null
+++ b/src/chrome/content/rules/Pixlr.com.xml
@@ -0,0 +1,11 @@
+<ruleset name="Pixlr (partial)">
+	<target host="pixlr.com" />
+	<target host="blog.pixlr.com" />
+	<target host="cdn.pixlr.com" />
+	<target host="support.pixlr.com" />
+	<target host="www.pixlr.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Pixlr.xml b/src/chrome/content/rules/Pixlr.xml
deleted file mode 100644
index 24b6a9f25d8e..000000000000
--- a/src/chrome/content/rules/Pixlr.xml
+++ /dev/null
@@ -1,35 +0,0 @@
-<!--
-	Nonfunctional:
-
-		- (www.)imm.io		(times out)
-		- blog.pixlr.com	(ditto)
-
-
-	There's a bucket at s3.amazonaws.com/i.pixlr.com/
-
--->
-<ruleset name="Pixlr (partial)" platform="mixedcontent">
-
-	<target host="i.imm.io" />
-	<target host="pixlr.com" />
-	<target host="*.pixlr.com" />
-
-
-	<securecookie host="^(.*\.)?pixlr\.com$" name=".*" />
-
-
-	<rule from="^http://i\.imm\.io/"
-		to="https://s3.amazonaws.com/i.imm.io/" />
-
-	<!--	cdn: CloudFront.	-->
-	<rule from="^http://(?:cdn\.|(www\.))?pixlr\.com/"
-		to="https://$1pixlr.com/" />
-
-	<rule from="^http://blog\.pixlr\.com/favicon\.ico"
-		to="https://www.blogger.com/favicon.ico" />
-
-	<!--	At least some pages redirect back.	-->
-	<rule from="^http://support\.pixlr\.com/(assets/|favicon\.png)"
-		to="https://getsatisfaction.com/$1" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Pixnet.cc.xml b/src/chrome/content/rules/Pixnet.cc.xml
new file mode 100644
index 000000000000..274ae8229f07
--- /dev/null
+++ b/src/chrome/content/rules/Pixnet.cc.xml
@@ -0,0 +1,27 @@
+<!--
+	For other Pixnet coverage, see Pixnet.net.xml.
+
+
+	Mixed content:
+
+		- Image on panel from api.recaptcha.net *
+
+	* Secured by us
+
+-->
+<ruleset name="pixnet.cc">
+
+	<target host="panel.pixnet.cc" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.pixnet\.cc$" name="^PIXSID$" /-->
+	<!--securecookie host="^\.panel\.pixnet\.cc$" name="^lang$" /-->
+
+	<securecookie host="^\.panel\.pixnet\.cc$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Pixnet.net.xml b/src/chrome/content/rules/Pixnet.net.xml
new file mode 100644
index 000000000000..1616a387bd4d
--- /dev/null
+++ b/src/chrome/content/rules/Pixnet.net.xml
@@ -0,0 +1,59 @@
+<!--
+	Other Pixnet rulesets:
+
+		- Pimg.tw.xml
+		- Pixfs.net.xml
+		- PIXinsight.com.tw.xml
+		- Pixnet.cc.xml
+
+
+	Nonfunctional subdomains:
+
+		- admin *
+		- emkt *
+		- inpo *
+		- lovelybloggers *
+		- market *
+		- pixname *
+
+	* Refused
+
+
+	^: refused
+
+
+	Mixed content:
+
+		- Ad on channel from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Pixnet.net (partial)">
+
+	<target host="*.pixnet.net" />
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="^http://www\.pixnet\.net/($|\?)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.pixnet\.net/(?!favicon\.ico)" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.channel\.pixnet\.net$" name="^channel$" /-->
+	<!--securecookie host="^\.seven-in-one-elections\.events\.pixnet\.net$" name="^PIXMAINPAGE2$" /-->
+
+
+	<!--	Redirect drops path and args:
+						-->
+	<rule from="^http://pixnet\.net/.*"
+		to="https://www.pixnet.net/" />
+
+	<rule from="^http://(channel|seven-in-one-elections\.events|www)\.pixnet\.net/"
+		to="https://$1.pixnet.net/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Pixoto.xml b/src/chrome/content/rules/Pixoto.xml
index 0b09435eb0c7..cdeeee5fa81b 100644
--- a/src/chrome/content/rules/Pixoto.xml
+++ b/src/chrome/content/rules/Pixoto.xml
@@ -6,7 +6,7 @@
 
 	Problematic subdomains:
 
-		- ^	(times out; → www)
+		- ^	(refused; → www)
 
 -->
 <ruleset name="Pixoto">
@@ -18,7 +18,9 @@
 	<securecookie host="^www\.pixoto\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?pixoto\.com/"
+	<rule from="^http://pixoto\.com/"
 		to="https://www.pixoto.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Pizza.de.xml b/src/chrome/content/rules/Pizza.de.xml
index 9d16ec049151..0f541b265d0d 100644
--- a/src/chrome/content/rules/Pizza.de.xml
+++ b/src/chrome/content/rules/Pizza.de.xml
@@ -1,13 +1,13 @@
 <ruleset name="pizza.de">
 
 	<target host="pizza.de" />
-	<target host="*.pizza.de" />
+	<target host="m.pizza.de" />
+	<target host="www.pizza.de" />
 
 
 	<securecookie host="^\.pizza\.de$" name=".+" />
 
 
-	<rule from="^http://(m\.|www\.)?pizza\.de/"
-		to="https://$1pizza.de/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Pizza.fr.xml b/src/chrome/content/rules/Pizza.fr.xml
index 63589327c5ae..a063e396a322 100644
--- a/src/chrome/content/rules/Pizza.fr.xml
+++ b/src/chrome/content/rules/Pizza.fr.xml
@@ -5,13 +5,12 @@
 <ruleset name="Pizza.fr">
 
 	<target host="pizza.fr" />
-	<target host="*.pizza.fr" />
+	<target host="www.pizza.fr" />
 
 
 	<securecookie host="^(?:w*\.)?pizza\.fr$" name=".+" />
 
 
-	<rule from="^http://(www\.)?pizza\.fr/"
-		to="https://$1pizza.fr/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Pizza_Charts.com.xml b/src/chrome/content/rules/Pizza_Charts.com.xml
new file mode 100644
index 000000000000..16f67ef2e5f1
--- /dev/null
+++ b/src/chrome/content/rules/Pizza_Charts.com.xml
@@ -0,0 +1,31 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.pizzacharts.com/ => https://www.pizzacharts.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+
+	Insecure cookies are set for these domains and hosts:
+
+		- pizzacharts.com
+		- .pizzacharts.com
+
+-->
+<ruleset name="Pizza Charts.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="pizzacharts.com" />
+	<target host="www.pizzacharts.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^pizzacharts\.com$" name="^(csrftoken|sessionid)$" /-->
+	<!--securecookie host="^\.pizzacharts\.com$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.?pizzacharts\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Pizzahut.xml b/src/chrome/content/rules/Pizzahut.xml
index 566e8a342b0b..466733c3bf33 100644
--- a/src/chrome/content/rules/Pizzahut.xml
+++ b/src/chrome/content/rules/Pizzahut.xml
@@ -1,4 +1,10 @@
-<ruleset name="Pizzahut UK" platform="mixedcontent">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://delivery.pizzahut.co.uk/ => https://delivery.pizzahut.co.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'delivery.pizzahut.co.uk'")
+
+-->
+<ruleset name="Pizzahut UK" platform="mixedcontent" default_off="failed ruleset test">
   <target host="pizzahut.co.uk" />
   <target host="www.pizzahut.co.uk" />
   <target host="delivery.pizzahut.co.uk" />
diff --git a/src/chrome/content/rules/Pjak.eu.xml b/src/chrome/content/rules/Pjak.eu.xml
new file mode 100644
index 000000000000..ae47c632f1aa
--- /dev/null
+++ b/src/chrome/content/rules/Pjak.eu.xml
@@ -0,0 +1,6 @@
+<ruleset name="Pjak.eu" platform="mixedcontent">
+	<target host="pjak.eu" />
+	<target host="www.pjak.eu" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Pkcell.com.xml b/src/chrome/content/rules/Pkcell.com.xml
new file mode 100644
index 000000000000..a26b9dee4107
--- /dev/null
+++ b/src/chrome/content/rules/Pkcell.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Pkcell.com">
+	<target host="pkcell.com" />
+	<target host="www.pkcell.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Pkgs.org.xml b/src/chrome/content/rules/Pkgs.org.xml
new file mode 100644
index 000000000000..8c1ac6977b18
--- /dev/null
+++ b/src/chrome/content/rules/Pkgs.org.xml
@@ -0,0 +1,34 @@
+<!--
+
+	Problematic hosts in *pkgs.org:
+
+		- www ᵐ
+		- ns ᵐ
+
+	ᵐ Mismatched
+
+-->
+<ruleset name="Pkgs.org">
+
+	<target host="pkgs.org" />
+	<target host="altlinux.pkgs.org" />
+	<target host="archlinux.pkgs.org" />
+	<target host="bee.pkgs.org" />
+	<target host="centos.pkgs.org" />
+	<target host="deb.pkgs.org" />
+	<target host="debian.pkgs.org" />
+	<target host="fedora.pkgs.org" />
+	<target host="mageia.pkgs.org" />
+	<target host="mint.pkgs.org" />
+	<target host="openmandriva.pkgs.org" />
+	<target host="opensuse.pkgs.org" />
+	<target host="pclinuxos.pkgs.org" />
+	<target host="rosa.pkgs.org" />
+	<target host="rpm.pkgs.org" />
+	<target host="slackware.pkgs.org" />
+	<target host="ubuntu.pkgs.org" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Pkr.com.xml b/src/chrome/content/rules/Pkr.com.xml
new file mode 100644
index 000000000000..0f140681c875
--- /dev/null
+++ b/src/chrome/content/rules/Pkr.com.xml
@@ -0,0 +1,13 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://pkr.com/ => https://pkr.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.pkr.com/ => https://www.pkr.com/: (7, 'Failed to connect to www.pkr.com port 443: Connection refused')
+
+-->
+<ruleset name="Pkr.com" default_off="failed ruleset test">
+  <target host="pkr.com" />
+  <target host="www.pkr.com" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PlaceIMG.com.xml b/src/chrome/content/rules/PlaceIMG.com.xml
new file mode 100644
index 000000000000..d83b35083cd0
--- /dev/null
+++ b/src/chrome/content/rules/PlaceIMG.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="PlaceIMG.com">
+
+	<target host="placeimg.com" />
+	<target host="www.placeimg.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PlacesOnline.com.xml b/src/chrome/content/rules/PlacesOnline.com.xml
new file mode 100644
index 000000000000..0facdf7c697f
--- /dev/null
+++ b/src/chrome/content/rules/PlacesOnline.com.xml
@@ -0,0 +1,43 @@
+<!--
+	^placesonline.com: Handshake fails
+
+-->
+<ruleset name="PlacesOnline.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="images.placesonline.com" />
+	<target host="www.placesonline.com" />
+
+	<!--	Complications:
+				-->
+	<target host="placesonline.com" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.placesonline\.com/(?:$|community/users\.asp|log_in/|rate_add\.asp)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.placesonline\.com/+(?!favicon\.ico|images/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.placesonline.com/community/users.asp" />
+			<test url="http://www.placesonline.com/log_in/" />
+			<test url="http://www.placesonline.com/log_in/index.asp" />
+			<test url="http://www.placesonline.com/rate_add.asp" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.placesonline.com/favicon.ico" />
+			<test url="http://www.placesonline.com/images/sf_top_breadcumbsbar.jpg" />
+
+
+	<rule from="^http://placesonline\.com/"
+		to="https://www.placesonline.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Planboard_app.com.xml b/src/chrome/content/rules/Planboard_app.com.xml
new file mode 100644
index 000000000000..cfe8fca5bc3a
--- /dev/null
+++ b/src/chrome/content/rules/Planboard_app.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="Planboard app.com">
+
+	<target host="planboardapp.com" />
+	<target host="www.planboardapp.com" />
+
+
+	<securecookie host="^\.planboardapp\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Planet-Work.xml b/src/chrome/content/rules/Planet-Work.xml
index adfa85e077b1..1ace38a0b0f1 100644
--- a/src/chrome/content/rules/Planet-Work.xml
+++ b/src/chrome/content/rules/Planet-Work.xml
@@ -1,30 +1,40 @@
 <!--
 	Other Planet-Work rulesets:
+		+ On-web.fr.xml
 
-		- On-web.fr.xml
 
+	Non-functional hosts in *planet-work.be
+		Peer certificate cannot be authenticated with given CA certificates:
+		- planet-work.be
+		- www.planet-work.be
 
-	Problematic domains:
 
-		- planet-work.com		(mismatched, CN: www.planet-work.fr)
-		- support.planet-work.com	(works; mismatched, CN: *.on-web.fr)
-		- (www.)planet-work.fr		(expired 2013-05-22)
+	Non-functional hosts in *planet-work.com
+		Couldn't connect to server:
+		- mirrors.planet-work.com
 
 -->
-<ruleset name="Planet-Work">
-
-	<target host="planet-work.*" />
-	<target host="*.planet-work.com" />
+<ruleset name="Planet-Work (partial)">
+	<!-- *planet-work.com -->
+	<target host="planet-work.com" />
+	<target host="www.planet-work.com" />
+	<target host="clients.planet-work.com" />
+	<target host="css.planet-work.com" />
+	<target host="ezadmin.planet-work.com" />
+	<target host="lists.planet-work.com" />
+	<target host="status.planet-work.com" />
+	<target host="support.planet-work.com" />
+	<target host="web.planet-work.com" />
+	<target host="webftp.planet-work.com" />
+	<target host="webmail.planet-work.com" />
+	<target host="www3.planet-work.com" />
+
+
+	<!-- *planet-work.fr -->
+	<target host="planet-work.fr" />
 	<target host="www.planet-work.fr" />
 
-
 	<securecookie host="^webmail\.planet-work\.com$" name=".+" />
 
-
-	<rule from="^http://(?:www\.)?planet-work\.(?:com|fr)/"
-		to="https://www.planet-work.com/" />
-
-	<rule from="^http://(clients|css|webmail|www3)\.planet-work\.com/"
-		to="https://$1.planet-work.com/" />
-
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Planet-energy.de.xml b/src/chrome/content/rules/Planet-energy.de.xml
new file mode 100644
index 000000000000..047919def29c
--- /dev/null
+++ b/src/chrome/content/rules/Planet-energy.de.xml
@@ -0,0 +1,16 @@
+<!--
+	For other Greenpeace coverage, see Greenpeace.org.xml.
+
+-->
+<ruleset name="Planet-energy.de">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="planet-energy.de" />
+	<target host="www.planet-energy.de" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Planet.com.xml b/src/chrome/content/rules/Planet.com.xml
new file mode 100644
index 000000000000..d261e6f637ac
--- /dev/null
+++ b/src/chrome/content/rules/Planet.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="Planet.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="planet.com" />
+	<target host="www.planet.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Planet3dnow.de.xml b/src/chrome/content/rules/Planet3dnow.de.xml
new file mode 100644
index 000000000000..ffbade1e9647
--- /dev/null
+++ b/src/chrome/content/rules/Planet3dnow.de.xml
@@ -0,0 +1,5 @@
+<ruleset name="Planet3dnow.">
+<target host="www.planet3dnow.de" />
+
+<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PlanetLab-mismatches.org.xml b/src/chrome/content/rules/PlanetLab-mismatches.org.xml
index 25a4353df1f6..756377a9d4e7 100644
--- a/src/chrome/content/rules/PlanetLab-mismatches.org.xml
+++ b/src/chrome/content/rules/PlanetLab-mismatches.org.xml
@@ -1,8 +1,7 @@
-<ruleset name="PlanetLab (mismatches)" default_off="mismatch">
+<ruleset name="PlanetLab (mismatches)" default_off="mismatched">
 
 	<target host="monitor.planet-lab.org"/>
 
-	<rule from="^http://monitor\.planet-lab\.org/"
-		to="https://monitor.planet-lab.org/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/PlanetLab.org.xml b/src/chrome/content/rules/PlanetLab.org.xml
index 248d44cb68d0..f51e889416fa 100644
--- a/src/chrome/content/rules/PlanetLab.org.xml
+++ b/src/chrome/content/rules/PlanetLab.org.xml
@@ -1,11 +1,17 @@
-<ruleset name="PlanetLab (partial)">
 
-	<target host="planet-lab.org"/>
-	<target host="*.planet-lab.org"/>
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://svn.planet-lab.org/ => https://svn.planet-lab.org/: (60, 'SSL certificate problem: certificate has expired')
 
-	<securecookie host="^.*\.planet-lab\.org$" name=".*"/>
+-->
+<ruleset name="PlanetLab (partial)" default_off="failed ruleset test">
 
-	<rule from="^http://(svn\.|www\.)?planet-lab\.org/"
-		to="https://$1planet-lab.org/"/>
+	<target host="planet-lab.org" />
+	<target host="svn.planet-lab.org" />
+	<target host="www.planet-lab.org" />
+
+	<securecookie host="^.*\.planet-lab\.org$" name=".+" />
+
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/PlanetRomeo.xml b/src/chrome/content/rules/PlanetRomeo.xml
deleted file mode 100644
index 9d9a7a53351b..000000000000
--- a/src/chrome/content/rules/PlanetRomeo.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="PlanetRomeo">
-  <target host="www.planetromeo.com" />
-  <target host="planetromeo.com" />
-  <target host="www.gayromeo.com" />
-  <target host="gayromeo.com" />
-
-  <rule from="^http://(?:www\.)?planetromeo\.com/" to="https://www.planetromeo.com/"/>
-  <rule from="^http://(?:www\.)?gayromeo\.com/" to="https://www.gayromeo.com/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/Planet_Discover.xml b/src/chrome/content/rules/Planet_Discover.xml
deleted file mode 100644
index 283ed5748da4..000000000000
--- a/src/chrome/content/rules/Planet_Discover.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<ruleset name="Planet Discover">
-
-	<target host="planetdiscover.com" />
-	<target host="*.planetdiscover.com" />
-
-
-	<securecookie host="^(?:.*\.)?planetdiscover\.com$" name=".+" />
-
-
-	<!--	Clients have unique subdomains.
-						-->
-	<rule from="^http://([\w\-]\.)?planetdiscover\.com/"
-		to="https://$1planetdiscover.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Planet_Emu.net.xml b/src/chrome/content/rules/Planet_Emu.net.xml
new file mode 100644
index 000000000000..53de27588c52
--- /dev/null
+++ b/src/chrome/content/rules/Planet_Emu.net.xml
@@ -0,0 +1,28 @@
+<!--
+	Mixed content:
+
+		- Bug on www from media.fastclick.net *
+
+	* Secured by us
+
+-->
+<ruleset name="Planet Emu.net" default_off="expired, mismatched, self-signed">
+
+	<target host="planetemu.net" />
+	<target host="www.planetemu.net" />
+	<target host="forums.planetemu.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^forums\.planetemu\.net$" name="^bbsessionhash$" /-->
+
+	<securecookie host="^forums\.planetemu\.net$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?planetemu\.net/"
+		to="https://www.planetemu.net/" />
+
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Planet_Gnuheter.xml b/src/chrome/content/rules/Planet_Gnuheter.xml
index 4de58ab0cf49..5577591ac5a0 100644
--- a/src/chrome/content/rules/Planet_Gnuheter.xml
+++ b/src/chrome/content/rules/Planet_Gnuheter.xml
@@ -1,10 +1,14 @@
-<ruleset name="Planet Gnuheter">
+<!--
+	Planet Gnuheter
+
+-->
+<ruleset name="Gnuheter.com">
 
 	<target host="gnuheter.com" />
 	<target host="www.gnuheter.com" />
 
 
-	<rule from="^http://(www\.)?gnuheter\.com/"
-		to="https://$1gnuheter.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Planet_KDE.org.xml b/src/chrome/content/rules/Planet_KDE.org.xml
new file mode 100644
index 000000000000..e87fbfadc754
--- /dev/null
+++ b/src/chrome/content/rules/Planet_KDE.org.xml
@@ -0,0 +1,34 @@
+<!--
+	For other KDE coverage, see KDE.xml.
+
+
+	Mixed content:
+
+		- css from fonts.googleapis.com *
+
+		- Images, from:
+
+			- \d.bp.blogspot.com *
+			- bhush9.github.io *
+			- jriddell.org
+			- www.kdab.com *
+			- timotheegiet.com
+			- www.vandenoever.info
+			- feeds.wordpress.com *
+			- i\d.wp.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Planet KDE.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="planetkde.org" />
+	<target host="www.planetkde.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Planet_Minecraft.com-problematic.xml b/src/chrome/content/rules/Planet_Minecraft.com-problematic.xml
new file mode 100644
index 000000000000..8ccb5e6d9ce0
--- /dev/null
+++ b/src/chrome/content/rules/Planet_Minecraft.com-problematic.xml
@@ -0,0 +1,14 @@
+<!--
+	For rules that are on by default, see Planet_Minecraft.com.xml.
+
+-->
+<ruleset name="Planet Minecraft.com (mismatched)" default_off="mismatched">
+
+	<target host="cdn.planetminecraft.com" />
+	<target host="cdn2.planetminecraft.com" />
+
+
+	<rule from="^http://cdn2?\.planetminecraft\.com/"
+		to="https://834783812.r.cdn77.net/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Planet_Minecraft.com.xml b/src/chrome/content/rules/Planet_Minecraft.com.xml
index 91f66d93d48a..515b4cb0c460 100644
--- a/src/chrome/content/rules/Planet_Minecraft.com.xml
+++ b/src/chrome/content/rules/Planet_Minecraft.com.xml
@@ -1,4 +1,7 @@
 <!--
+	For problematic rules, see Planet_Minecraft.com-problematic.xml.
+
+
 	CDN buckets:
 
 		- 834783812.r.cdn77.net
@@ -12,7 +15,7 @@
 
 	Nonfunctional subdomains:
 
-		- (www.)	(502)
+		- (www.)	(503)
 
 
 	Problematic subdomains:
@@ -21,12 +24,11 @@
 		- cdn2		(works; mismatched, CN: *.r.worldssl.net)
 
 -->
-<ruleset name="Planet Minecraft.com (partial)" default_off="mismatched">
+<ruleset name="Planet Minecraft.com (partial)">
 
-	<target host="*.planetminecraft.com" />
+	<target host="static.planetminecraft.com" />
 
 
-	<rule from="^http://cdn2?\.planetminecraft\.com/"
-		to="https://834783812.r.cdn77.net/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Planetlan.com.xml b/src/chrome/content/rules/Planetlan.com.xml
new file mode 100644
index 000000000000..a49296316fbb
--- /dev/null
+++ b/src/chrome/content/rules/Planetlan.com.xml
@@ -0,0 +1,15 @@
+<!--
+	(www.)?planetlan.com: Plaintext reply
+
+-->
+<ruleset name="planetlan.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="a.planetlan.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Planned-Parenthood.xml b/src/chrome/content/rules/Planned-Parenthood.xml
index e9e6d5c47814..718d371446eb 100644
--- a/src/chrome/content/rules/Planned-Parenthood.xml
+++ b/src/chrome/content/rules/Planned-Parenthood.xml
@@ -1,10 +1,41 @@
-<ruleset name="Planned Parenthood" platform="mixedcontent">
+<!--
+	Other Planned Parenthood rulesets:
+
+		- plannedparenthoodaction.org.xml
+
+
+	Insecure cookies are set for these domains: ᶜ
+
+		- .marketplace.plannedparenthood.org
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Images on asktheexperts from www.plannedparenthood.org ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Planned Parenthood.org">
 
 	<target host="plannedparenthood.org" />
+	<target host="asktheexperts.plannedparenthood.org" />
+	<target host="marketplace.plannedparenthood.org" />
+	<target host="videos.plannedparenthood.org" />
 	<target host="www.plannedparenthood.org" />
 
 
-	<rule from="^https?://(?:www\.)?plannedparenthood\.org/"
-		to="https://www.plannedparenthood.org/" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.marketplace\.plannedparenthood\.org$" name="^frontend$" /-->
+
+	<securecookie host="^\." name="^(?:_gat?$|_gat_|optimizely)" />
+	<securecookie host="^(?!\.plannedparenthood\.org$)." name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/PlannedGiving.com.xml b/src/chrome/content/rules/PlannedGiving.com.xml
new file mode 100644
index 000000000000..c22577cd5a8b
--- /dev/null
+++ b/src/chrome/content/rules/PlannedGiving.com.xml
@@ -0,0 +1,39 @@
+<!--
+	Other PlannedGiving rulesets:
+
+		- Legacy.vg.xml
+
+
+	^plannedgiving.com: Mismatched
+
+
+	Insecure cookies are set for these domains:
+
+		- .www.plannedgiving.com
+
+-->
+<ruleset name="PlannedGiving.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.plannedgiving.com" />
+
+	<!--	Complications:
+				-->
+	<target host="plannedgiving.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.www\.plannedgiving\.com$" name="^frontend$" /-->
+
+	<securecookie host="^\.www\.plannedgiving\.com$" name=".+" />
+
+
+	<rule from="^http://plannedgiving\.com/"
+		to="https://www.plannedgiving.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Plant-World-Seeds.com.xml b/src/chrome/content/rules/Plant-World-Seeds.com.xml
new file mode 100644
index 000000000000..7e2a41a98d2c
--- /dev/null
+++ b/src/chrome/content/rules/Plant-World-Seeds.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="Plant-World-Seeds.com">
+
+	<target host="plant-world-seeds.com" />
+	<target host="www.plant-world-seeds.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PlantCommunity.de.xml b/src/chrome/content/rules/PlantCommunity.de.xml
new file mode 100644
index 000000000000..f3d05ed4ec16
--- /dev/null
+++ b/src/chrome/content/rules/PlantCommunity.de.xml
@@ -0,0 +1,35 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://plantcommunity.de/ => https://plantcommunity.de/: (35, 'error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error')
+Fetch error: http://www.plantcommunity.de/ => https://www.plantcommunity.de/: (35, 'error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://plantcommunity.de/ => https://plantcommunity.de/: (51, "SSL: no alternative certificate subject name matches target host name 'plantcommunity.de'")
+Fetch error: http://www.plantcommunity.de/ => https://www.plantcommunity.de/: (51, "SSL: no alternative certificate subject name matches target host name 'www.plantcommunity.de'")
+	Mixed content:
+
+		- Images, from:
+
+			- $self *
+			- images.vogel.de
+
+		- Web bugs from www.teamviewer.com *
+
+	* Secured by us
+
+-->
+<ruleset name="PlantCommunity.de" default_off="failed ruleset test">
+
+	<target host="plantcommunity.de" />
+	<target host="www.plantcommunity.de" />
+
+
+	<!--	Not secured by server:
+					-->
+	<securecookie host="^(?:www\.)?plantcommunity\.de$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PlantOGram.com.xml b/src/chrome/content/rules/PlantOGram.com.xml
new file mode 100644
index 000000000000..f5593ced285e
--- /dev/null
+++ b/src/chrome/content/rules/PlantOGram.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="PlantOGram.com">
+	<target host="plantogram.com" />
+	<target host="www.plantogram.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PlantSolution.de-falsemixed.xml b/src/chrome/content/rules/PlantSolution.de-falsemixed.xml
new file mode 100644
index 000000000000..fbfe786ac96d
--- /dev/null
+++ b/src/chrome/content/rules/PlantSolution.de-falsemixed.xml
@@ -0,0 +1,17 @@
+<!--
+	For rules not causing false/broken MCB, see PlantSolution.de.xml.
+
+-->
+<ruleset name="PlantSolution.de (false MCB)" platform="mixedcontent" default_off="plaintext reply">
+
+	<target host="plantsolution.de" />
+	<target host="www.plantsolution.de" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Plantronics.xml b/src/chrome/content/rules/Plantronics.xml
index 963514c339ba..c4422354c831 100644
--- a/src/chrome/content/rules/Plantronics.xml
+++ b/src/chrome/content/rules/Plantronics.xml
@@ -2,7 +2,7 @@
   <target host="plantronics.com" />
   <target host="www.plantronics.com" />
 
-  <securecookie host="^(www)?\.plantronics\.com$" name=".*" />
+  <securecookie host="^(?:www)?\.plantronics\.com$" name=".+" />
 
   <rule from="^http://(?:www\.)?plantronics\.com/" to="https://www.plantronics.com/"/>
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Plastc.com.xml b/src/chrome/content/rules/Plastc.com.xml
new file mode 100644
index 000000000000..673e2cac72b5
--- /dev/null
+++ b/src/chrome/content/rules/Plastc.com.xml
@@ -0,0 +1,16 @@
+<ruleset name="Plastc.com">
+
+	<target host="plastc.com" />
+	<target host="www.plastc.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.plastc\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^(?:www)?\.plastc\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Plastic-Bin.com.xml b/src/chrome/content/rules/Plastic-Bin.com.xml
deleted file mode 100644
index b6b8eae64132..000000000000
--- a/src/chrome/content/rules/Plastic-Bin.com.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Plastic-Bin.com">
-
-	<target host="plastic-bin.com" />
-	<target host="*.plastic-bin.com" />
-
-
-	<securecookie host="^\.plastic-bin\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?(secure\.)?plastic-bin\.com/"
-		to="https://$1$2plastic-bin.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Platform.sh.xml b/src/chrome/content/rules/Platform.sh.xml
new file mode 100644
index 000000000000..9c8bf8378530
--- /dev/null
+++ b/src/chrome/content/rules/Platform.sh.xml
@@ -0,0 +1,9 @@
+<ruleset name="Platform.sh">
+
+	<target host="platform.sh" />
+	<target host="www.platform.sh" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Plati.ru.xml b/src/chrome/content/rules/Plati.ru.xml
index 24ed9b7ba346..09311a16500f 100644
--- a/src/chrome/content/rules/Plati.ru.xml
+++ b/src/chrome/content/rules/Plati.ru.xml
@@ -19,4 +19,4 @@
 	<rule from="^http://(?:www\.)?(?:exaccess|plati)\.ru/"
 		to="https://www.plati.ru/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Platina.ru.xml b/src/chrome/content/rules/Platina.ru.xml
new file mode 100644
index 000000000000..21caa2d70141
--- /dev/null
+++ b/src/chrome/content/rules/Platina.ru.xml
@@ -0,0 +1,6 @@
+<ruleset name="Platina.ru">
+	<target host="platina.ru" />
+	<target host="www.platina.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Platinum_Performance.com.xml b/src/chrome/content/rules/Platinum_Performance.com.xml
new file mode 100644
index 000000000000..db92441e461c
--- /dev/null
+++ b/src/chrome/content/rules/Platinum_Performance.com.xml
@@ -0,0 +1,41 @@
+<!--
+	^platinumperformance.com: Mismatched
+
+
+	Mixed content:
+
+		- Images on www.platinumperformance.com from $self ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="Platinum Performance.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="myplatinumpak.com" />
+	<target host="www.myplatinumpak.com" />
+	<target host="www.platinumperformance.com" />
+
+	<!--	Complications:
+				-->
+	<target host="platinumperformance.com" />
+
+
+	<!--	Server doesn't secure:
+					-->
+	<!--securecookie host="^\.myplatinumpak\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+	<!--securecookie host="^www\.platinumperformance\.com$" name=".+" /-->
+	<!--securecookie host="^\.www\.platinumperformance\.com$" name="^(?:CUSTOMER_SEGMENT_IDS|frontend|global|site_section|site_section_categories)$" /-->
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://platinumperformance\.com/"
+		to="https://www.platinumperformance.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Platinum_Skin_Care.com.xml b/src/chrome/content/rules/Platinum_Skin_Care.com.xml
new file mode 100644
index 000000000000..c5ce7ccee679
--- /dev/null
+++ b/src/chrome/content/rules/Platinum_Skin_Care.com.xml
@@ -0,0 +1,22 @@
+<!--
+	Some pages redirect to http.
+
+-->
+<ruleset name="Platinum Skin Care.com (partial)">
+
+	<target host="platinumskincare.com" />
+	<target host="www.platinumskincare.com" />
+		<!--
+			Redirects to http:
+						-->
+		<!--exclusion pattern="^http://(www\.)?platinumskincare\.com/+($|\?)" /-->
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="^http://(www\.)?platinumskincare\.com/+(?!(account|checkout|custom\.css|login|register|send-password)\.aspx|downlds/|favicon\.ico|img/|mts/|scripts/|themes/)" /-->
+
+
+	<rule from="^http://(www\.)?platinumskincare\.com/(?=(?:account|checkout|custom\.css|login|register|send-password)\.aspx|downlds/|favicon\.ico|img/|mts/|scripts/|themes/)"
+		to="https://$1platinumskincare.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Platt.com.xml b/src/chrome/content/rules/Platt.com.xml
new file mode 100644
index 000000000000..294147e3e438
--- /dev/null
+++ b/src/chrome/content/rules/Platt.com.xml
@@ -0,0 +1,15 @@
+<!--
+	Other Platt rulesets:
+
+		- Platt_static.com.xml
+
+-->
+<ruleset name="Platt.com">
+
+	<target host="platt.com" />
+	<target host="www.platt.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Platt_static.com.xml b/src/chrome/content/rules/Platt_static.com.xml
new file mode 100644
index 000000000000..f41d766b6334
--- /dev/null
+++ b/src/chrome/content/rules/Platt_static.com.xml
@@ -0,0 +1,12 @@
+<!--
+	For other Platt coverage, see Platt.com.xml.
+
+-->
+<ruleset name="Platt static.com">
+
+	<target host="images.plattstatic.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Plausible.coop.xml b/src/chrome/content/rules/Plausible.coop.xml
new file mode 100644
index 000000000000..1d1ceda32475
--- /dev/null
+++ b/src/chrome/content/rules/Plausible.coop.xml
@@ -0,0 +1,17 @@
+<ruleset name="Plausible.coop">
+
+	<target host="plausible.coop" />
+	<target host="forums.plausible.coop" />
+	<target host="www.plausible.coop" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?plausible\.coop$" name="^PLAY_SESSION$" /-->
+
+	<securecookie host="^(?:www\.)?plausible\.coop$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Play-asia.com.xml b/src/chrome/content/rules/Play-asia.com.xml
new file mode 100644
index 000000000000..d9af8c91793e
--- /dev/null
+++ b/src/chrome/content/rules/Play-asia.com.xml
@@ -0,0 +1,328 @@
+<!--
+	Non-functional hosts:
+		Certificate mismatch:
+			- 9.00.play-asia.com
+			- admin1a.play-asia.com
+			- admin2a.play-asia.com
+			- www.aesop.play-asia.com
+			- cn.bypas.play-asia.com
+			- www.chopin.play-asia.com
+			- www.de.play-asia.com
+			- www.forum.play-asia.com
+			- www.hardy.play-asia.com
+			- www.homer.play-asia.com
+			- www.is.play-asia.com
+			- mail1new.play-asia.com
+			- www.marx.play-asia.com
+			- www.meri.play-asia.com
+			- pop.play-asia.com
+			- en.shopto.play-asia.com
+			- www.si.play-asia.com
+			- www.sw-box.play-asia.com
+			- 01.tuesday.play-asia.com
+
+		Self-signed certificate
+			- hk2.office.play-asia.com
+
+		Refused:
+			- ccsrv.play-asia.com
+			- www.hk2.office.play-asia.com
+			- web1.play-asia.com
+			- web2.play-asia.com
+			- web3.play-asia.com
+			- web4.play-asia.com
+			- web5.play-asia.com
+			- web6.play-asia.com
+			- web7.play-asia.com
+			- web8.play-asia.com
+			- web9.play-asia.com
+			- web10.play-asia.com
+
+		Timeout:
+			- ap1.play-asia.com
+			- banner.play-asia.com
+			- nds.play-asia.com
+			- ps3.play-asia.com
+
+		No working 200/3XX URL:
+			- webdev1.play-asia.com
+
+-->
+<ruleset name="Play-asia.com">
+	<target host="www.play-asia.com" />
+	<target host="1.play-asia.com" />
+	<target host="116profile.play-asia.com" />
+	<target host="14.play-asia.com" />
+	<target host="187.play-asia.com" />
+	<target host="1www.play-asia.com" />
+	<target host="2.play-asia.com" />
+	<target host="20.play-asia.com" />
+	<target host="2013www.play-asia.com" />
+	<target host="28th.play-asia.com" />
+	<target host="2fimage1.play-asia.com" />
+	<target host="2fwww.play-asia.com" />
+	<target host="333.play-asia.com" />
+	<target host="360.play-asia.com" />
+	<target host="38www.play-asia.com" />
+	<target host="3m.play-asia.com" />
+	<target host="3ww.play-asia.com" />
+	<target host="4www.play-asia.com" />
+	<target host="5.play-asia.com" />
+	<target host="53970da1.play-asia.com" />
+	<target host="5dwww.play-asia.com" />
+	<target host="5www.play-asia.com" />
+	<target host="64700.play-asia.com" />
+	<target host="7.play-asia.com" />
+	<target host="8.play-asia.com" />
+	<target host="8www.play-asia.com" />
+	<target host="9.play-asia.com" />
+	<target host="aaa.play-asia.com" />
+	<target host="acs.play-asia.com" />
+	<target host="ad1.play-asia.com" />
+	<target host="adclient.play-asia.com" />
+	<target host="adlog.play-asia.com" />
+	<target host="admin1.play-asia.com" />
+	<target host="admin2.play-asia.com" />
+	<target host="ads.play-asia.com" />
+	<target host="adventures.play-asia.com" />
+	<target host="aesop.play-asia.com" />
+	<target host="america.play-asia.com" />
+	<target host="amil1.play-asia.com" />
+	<target host="answers.play-asia.com" />
+	<target host="anymore.play-asia.com" />
+	<target host="app.play-asia.com" />
+	<target host="app11.play-asia.com" />
+	<target host="ar-904g.play-asia.com" />
+	<target host="asia-www.play-asia.com" />
+	<target host="asw.play-asia.com" />
+	<target host="au.play-asia.com" />
+	<target host="audrey.play-asia.com" />
+	<target host="australia.play-asia.com" />
+	<target host="auth-ns1.play-asia.com" />
+	<target host="b2.play-asia.com" />
+	<target host="battlewww.play-asia.com" />
+	<target host="bbs3.play-asia.com" />
+	<target host="bbs4.play-asia.com" />
+	<target host="bddm.play-asia.com" />
+	<target host="bekliyorum.play-asia.com" />
+	<target host="beta.play-asia.com" />
+	<target host="between.play-asia.com" />
+	<target host="bizwww.play-asia.com" />
+	<target host="bo3.play-asia.com" />
+	<target host="board.play-asia.com" />
+	<target host="bugado.play-asia.com" />
+	<target host="cabling.play-asia.com" />
+	<target host="categories.play-asia.com" />
+	<target host="cdn.play-asia.com" />
+	<target host="chopin.play-asia.com" />
+	<target host="cns2.play-asia.com" />
+	<target host="co-in-f210.play-asia.com" />
+	<target host="commentwww.play-asia.com" />
+	<target host="compare.play-asia.com" />
+	<target host="computer.play-asia.com" />
+	<target host="cooper.play-asia.com" />
+	<target host="cowww.play-asia.com" />
+	<target host="culture.play-asia.com" />
+	<target host="czwww.play-asia.com" />
+	<target host="d2b.play-asia.com" />
+	<target host="db.play-asia.com" />
+	<target host="db1.play-asia.com" />
+	<target host="db2.play-asia.com" />
+	<target host="db22.play-asia.com" />
+	<target host="db3.play-asia.com" />
+	<target host="db4.play-asia.com" />
+	<target host="ddb2.play-asia.com" />
+	<target host="ddns2.play-asia.com" />
+	<target host="de.play-asia.com" />
+	<target host="detail.play-asia.com" />
+	<target host="difference.play-asia.com" />
+	<target host="directly.play-asia.com" />
+	<target host="disney.play-asia.com" />
+	<target host="dn2.play-asia.com" />
+	<target host="dn2s.play-asia.com" />
+	<target host="dnevnik.play-asia.com" />
+	<target host="dnns2.play-asia.com" />
+	<target host="dnss2.play-asia.com" />
+	<target host="domains.play-asia.com" />
+	<target host="dsn2.play-asia.com" />
+	<target host="due.play-asia.com" />
+	<target host="dwww.play-asia.com" />
+	<target host="earth.play-asia.com" />
+	<target host="east.play-asia.com" />
+	<target host="eb13.play-asia.com" />
+	<target host="ebay.play-asia.com" />
+	<target host="eee.play-asia.com" />
+	<target host="email.play-asia.com" />
+	<target host="encounters.play-asia.com" />
+	<target host="episodewww.play-asia.com" />
+	<target host="euro.play-asia.com" />
+	<target host="euwww.play-asia.com" />
+	<target host="ewww.play-asia.com" />
+	<target host="expectwww.play-asia.com" />
+	<target host="experience.play-asia.com" />
+	<target host="failure.play-asia.com" />
+	<target host="fanatik.play-asia.com" />
+	<target host="features.play-asia.com" />
+	<target host="files.play-asia.com" />
+	<target host="finance.play-asia.com" />
+	<target host="forums.play-asia.com" />
+	<target host="franchise.play-asia.com" />
+	<target host="fromwww.play-asia.com" />
+	<target host="g-5600.play-asia.com" />
+	<target host="galleries.play-asia.com" />
+	<target host="games.play-asia.com" />
+	<target host="gator880.play-asia.com" />
+	<target host="getwww.play-asia.com" />
+	<target host="globonews.play-asia.com" />
+	<target host="gundamwww.play-asia.com" />
+	<target host="hardy.play-asia.com" />
+	<target host="have.play-asia.com" />
+	<target host="hhotmail.play-asia.com" />
+	<target host="homail.play-asia.com" />
+	<target host="homer.play-asia.com" />
+	<target host="homtail.play-asia.com" />
+	<target host="hotail.play-asia.com" />
+	<target host="hotmai.play-asia.com" />
+	<target host="hotmail.play-asia.com" />
+	<target host="hotmali.play-asia.com" />
+	<target host="hoto.play-asia.com" />
+	<target host="hpoto.play-asia.com" />
+	<target host="htmail.play-asia.com" />
+	<target host="image.play-asia.com" />
+	<target host="image1.play-asia.com" />
+	<target host="image3.play-asia.com" />
+	<target host="image4.play-asia.com" />
+	<target host="images.play-asia.com" />
+	<target host="is.play-asia.com" />
+	<target host="iswww.play-asia.com" />
+	<target host="it.play-asia.com" />
+	<target host="k.play-asia.com" />
+	<target host="kerrbywww.play-asia.com" />
+	<target host="kong.play-asia.com" />
+	<target host="korea.play-asia.com" />
+	<target host="kwww.play-asia.com" />
+	<target host="link-www.play-asia.com" />
+	<target host="lovers.play-asia.com" />
+	<target host="ltd.play-asia.com" />
+	<target host="m.play-asia.com" />
+	<target host="mail1.play-asia.com" />
+	<target host="maskido.play-asia.com" />
+	<target host="montgomery.play-asia.com" />
+	<target host="morango.play-asia.com" />
+	<target host="mostwww.play-asia.com" />
+	<target host="musouwww.play-asia.com" />
+	<target host="mww.play-asia.com" />
+	<target host="mx.play-asia.com" />
+	<target host="mx1.play-asia.com" />
+	<target host="mxx1.play-asia.com" />
+	<target host="my.play-asia.com" />
+	<target host="n1.play-asia.com" />
+	<target host="nbspwww.play-asia.com" />
+	<target host="nds2.play-asia.com" />
+	<target host="neweast.play-asia.com" />
+	<target host="nns1.play-asia.com" />
+	<target host="now.play-asia.com" />
+	<target host="ns.play-asia.com" />
+	<target host="ns11.play-asia.com" />
+	<target host="ns2.play-asia.com" />
+	<target host="nwww.play-asia.com" />
+	<target host="offers.play-asia.com" />
+	<target host="ohtmail.play-asia.com" />
+	<target host="online.play-asia.com" />
+	<target host="onlywww.play-asia.com" />
+	<target host="pc.play-asia.com" />
+	<target host="phhoto.play-asia.com" />
+	<target host="phobos.play-asia.com" />
+	<target host="phoo.play-asia.com" />
+	<target host="phoot.play-asia.com" />
+	<target host="phooto.play-asia.com" />
+	<target host="photo.play-asia.com" />
+	<target host="photoo.play-asia.com" />
+	<target host="phto.play-asia.com" />
+	<target host="platform.play-asia.com" />
+	<target host="portable.play-asia.com" />
+	<target host="post.play-asia.com" />
+	<target host="poto.play-asia.com" />
+	<target host="pphoto.play-asia.com" />
+	<target host="prosper.play-asia.com" />
+	<target host="psnwww.play-asia.com" />
+	<target host="qqq.play-asia.com" />
+	<target host="qww.play-asia.com" />
+	<target host="recordwww.play-asia.com" />
+	<target host="reverse.play-asia.com" />
+	<target host="reviews.play-asia.com" />
+	<target host="ru.play-asia.com" />
+	<target host="scale.play-asia.com" />
+	<target host="sega.play-asia.com" />
+	<target host="sethgodin.play-asia.com" />
+	<target host="si.play-asia.com" />
+	<target host="sitewww.play-asia.com" />
+	<target host="smtp.play-asia.com" />
+	<target host="sn1.play-asia.com" />
+	<target host="source.play-asia.com" />
+	<target host="speeds.play-asia.com" />
+	<target host="sss.play-asia.com" />
+	<target host="steps.play-asia.com" />
+	<target host="stickwww.play-asia.com" />
+	<target host="store.play-asia.com" />
+	<target host="support.play-asia.com" />
+	<target host="swww.play-asia.com" />
+	<target host="ter.play-asia.com" />
+	<target host="terrain.play-asia.com" />
+	<target host="today.play-asia.com" />
+	<target host="towww.play-asia.com" />
+	<target host="toys.play-asia.com" />
+	<target host="tune.play-asia.com" />
+	<target host="usa.play-asia.com" />
+	<target host="vepmail.play-asia.com" />
+	<target host="videos.play-asia.com" />
+	<target host="views.play-asia.com" />
+	<target host="vipcams.play-asia.com" />
+	<target host="vitamin.play-asia.com" />
+	<target host="vvv.play-asia.com" />
+	<target host="vwww.play-asia.com" />
+	<target host="w2ww.play-asia.com" />
+	<target host="w3w.play-asia.com" />
+	<target host="w3ww.play-asia.com" />
+	<target host="wdw.play-asia.com" />
+	<target host="we1b3.play-asia.com" />
+	<target host="web13.play-asia.com" />
+	<target host="web133.play-asia.com" />
+	<target host="web20.play-asia.com" />
+	<target host="web31.play-asia.com" />
+	<target host="webb13.play-asia.com" />
+	<target host="weeb13.play-asia.com" />
+	<target host="wemail.play-asia.com" />
+	<target host="wepmail.play-asia.com" />
+	<target host="werden.play-asia.com" />
+	<target host="west.play-asia.com" />
+	<target host="wip3.play-asia.com" />
+	<target host="wmw.play-asia.com" />
+	<target host="wqww.play-asia.com" />
+	<target host="wsw.play-asia.com" />
+	<target host="wsww.play-asia.com" />
+	<target host="ww.play-asia.com" />
+	<target host="ww2.play-asia.com" />
+	<target host="ww3.play-asia.com" />
+	<target host="ww3w.play-asia.com" />
+	<target host="wwd.play-asia.com" />
+	<target host="wweb13.play-asia.com" />
+	<target host="wwm.play-asia.com" />
+	<target host="wwq.play-asia.com" />
+	<target host="wws.play-asia.com" />
+	<target host="wwv.play-asia.com" />
+	<target host="www3.play-asia.com" />
+	<target host="wwwa.play-asia.com" />
+	<target host="wwwe.play-asia.com" />
+	<target host="wwwww.play-asia.com" />
+	<target host="x1.play-asia.com" />
+	<target host="xlwww.play-asia.com" />
+	<target host="xm1.play-asia.com" />
+	<target host="xxx.play-asia.com" />
+	<target host="yungwww.play-asia.com" />
+	<target host="z.play-asia.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Play0ad.com.xml b/src/chrome/content/rules/Play0ad.com.xml
new file mode 100644
index 000000000000..6127c0fb7964
--- /dev/null
+++ b/src/chrome/content/rules/Play0ad.com.xml
@@ -0,0 +1,13 @@
+<!--
+    Other rulesets for related sites:
+	    - Wildfiregames.com.xml
+-->
+<ruleset name="Play0ad.com">
+    <target host="play0ad.com" />
+    <target host="www.play0ad.com" />
+
+    <securecookie host="^(www\.)?play0ad\.com" name=".+" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PlayOnLinux.com.xml b/src/chrome/content/rules/PlayOnLinux.com.xml
new file mode 100644
index 000000000000..5f2d389dbbb8
--- /dev/null
+++ b/src/chrome/content/rules/PlayOnLinux.com.xml
@@ -0,0 +1,35 @@
+<!--
+	Mismatched:
+		beta.playonlinux.com
+		bugs.playonlinux.com
+		www.luneo.playonlinux.com
+		mulx.playonlinux.com
+		newyork.playonlinux.com
+		server.playonlinux.com
+
+	Different content http/https
+		deb.playonlinux.com
+		repository.playonlinux.com
+		rpm.playonlinux.com
+		wiki.playonlinux.com
+		wine.playonlinux.com
+
+	No working URL known:
+		files.playonlinux.com
+
+-->
+<ruleset name="PlayOnLinux.com">
+
+	<target host="playonlinux.com" />
+	<target host="www.playonlinux.com" />
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?playonlinux\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^(www\.)?playonlinux\.com$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PlayStation.net.xml b/src/chrome/content/rules/PlayStation.net.xml
new file mode 100644
index 000000000000..de743bf0e854
--- /dev/null
+++ b/src/chrome/content/rules/PlayStation.net.xml
@@ -0,0 +1,21 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://en-support.psm.playstation.net/ => https://en-support.psm.playstation.net/: (6, 'Could not resolve host: en-support.psm.playstation.net')
+
+	For other Sony coverage, see Sony.xml.
+
+-->
+<ruleset name="PlayStation.net" default_off="failed ruleset test">
+
+	<target host="static-resource.np.community.playstation.net" />
+	<target host="en-support.psm.playstation.net" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PlayStation.xml b/src/chrome/content/rules/PlayStation.xml
index 05d25112a25a..d13721ab0e61 100644
--- a/src/chrome/content/rules/PlayStation.xml
+++ b/src/chrome/content/rules/PlayStation.xml
@@ -2,122 +2,121 @@
 	For other Sony coverage, see Sony.xml.
 
 
+	CDN buckets:
+
+		- a248.e.akamai.net/=/4111/272091/1d/sceastorage.download.akamai.com/263133/
+
+			- cdn.us.playstation.com
+
 		- playstation.custhelp.com
 		- playstationna.i.lithium.com
 
 
-	Nonfunctional playstation.com subdomains:
+	Nonfunctional hosts in *playstation.com:
+
+		- blog.eu ᵈ
+		- community.us (refused)
+		- mypsn.eu ᵈ
+		- on.us (timeout)
+		- fp.profiles.us ᵈ
+
+	ᵈ Dropped
 
-		- (www.) *
-		- blog.eu *
-		- mypsn.eu *
-		- fp.profiles.us *
 
-	* Dropped
+	Problematic hosts in *playstation.com:
 
+		- ^ (mismatched)
+		- metrics.aem ᵐ
+		- uk ᵐ
+		- cdn.us ³
+		- service1.us ᵉ
+		- www.us ᵐ
 
-	Problematic domains:
+	ᵐ Mismatched
+	ᴬ Akamai
+	³ 403
+	ᵉ Expired
 
-		- uk.playstation.com		(works; mismatched, CN: secure.eu.playstation.com)
-		- www.us.playstation.com	(mismatched)
 
+	These altnames don't exist:
 
-	Partially covered domains:
+		- www.hardware.support.eu.playstation.com
 
-		- (www.)us.playstation.com	(www → ^, many paths redirect to http)
 
+	Insecure cookies are set for these domains and hosts:
 
-	Fully covered domains:
+		- .playstation.com
+		- io.playstation.com
 
-		- playstation.com subdomains:
 
-			- eu subdomains:
+	Mixed content:
 
-				- secure
-				- software
-				- webtrends
+		- css, on:
 
-			- store
+			- community.us from fonts.googleapis.com *
 
-			- us subdomains:
+		- Images, on:
 
-				- blog
-				- community
-				- service1
-				- support
+			- community.us from playstationna.i.lithium.com *
+			- community.us from cdn.us.playstation.com *
+			- community.us from $self *
+			- support.us.playstation.com from us.playstation.com
 
-		- static-resource.np.community.playstation.net
-		- en-support.psm.playstation.net
+		- Bugs, on:
 
+			- community.us from sonycomputerentertainmentofamerica.122.2o7.net *
+			- www from metrics.aem.playstation.com *
 
-	Mixed images on support.us.playstation.com from us.playstation.com
+	* Secured by us
 
 -->
-<ruleset name="PlayStation (partial)">
-
-	<target host="*.playstation.com" />
-		<!--
-			Many paths now redirect to http:
-
-				- https://mail1.eff.org/pipermail/https-everywhere-rules/2012-September/001284.html
-				- https://mail1.eff.org/pipermail/https-everywhere-rules/2013-July/001641.html
-
-				Including:
-
-					- $
-					- adaptor/?$
-					- adaptor/verify/?$
-					- community/?$
-					- community/liveevents/?$
-					- csimg/
-					- favicon.ico
-					- games/?$
-					- games/.*.html
-					- games-and-media$
-					- games-and-media/franchise/.*.html
-					- grid$
-					- grid/games_events/?$
-					- myprofile$
-					- news/consumeralerts/$
-					- omniture/blogs/s_code.js
-					- ps3/?$
-					- ps3/games-and-media/$
-					- psn/playstation-home/?$
-					- psn/shows-and-tv-series/$
-					- wtb/?$
-					- support/warranties/index.htm
-					- support/warranties/.*/index.htm
-
-				But not including:
-
-					- pscomauth/groups/public/documents/webasset/transparent.gif
-					- psnevent/EventsController.action
-					- uwps/PSNTicketRetrievalGenericServlet
-
-
-				support/?$ does too, but then redirects to a secure url.
-													-->
-		<!--exclusion pattern="^http://us\.playstation\.com/($|\?|(adaptor|community|games|grid|games-and-media|myprofile|news|ps[3n]|wtb)($|[?/])|csimg/|omniture/|support/?[^?])" /-->
-		<exclusion pattern="^http://us\.playstation\.com/(?!pscomauth/|psnevent/|uwps/)" />
-	<target host="*.playstation.net" />
-
-
-	<securecookie host=".*\.playstation\.com$" name=".+" />
-	<securecookie host="^en-support\.psm\.playstation\.net$" name=".+" />
-
-
-	<rule from="^http://((?:secure|software|webtrends)\.eu|store|(?:blog|community|service1|support)\.us)\.playstation\.com/"
-		to="https://$1.playstation.com/" />
-
-	<!--	Redirects to http first:
-					-->
-	<rule from="^http://(?:www\.)?us\.playstation\.com/support/?(\?.*)?$"
-		to="https://support.us.playstation.com/$1" />
-
-	<rule from="^http://(?:www\.)?us\.playstation\.com/"
-		to="https://us.playstation.com/" />
-
-	<rule from="^http://(static-resource\.np\.community|en-support\.psm)\.playstation\.net/"
-		to="https://$1.playstation.net/" />
+<ruleset name="PlayStation.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="playstation.com" />
+	<target host="smetrics.aem.playstation.com" />
+	<target host="asia.playstation.com" />
+	<target host="static.blog.playstation.com" />
+	<target host="docs.playstation.com" />
+
+	<target host="secure.eu.playstation.com" />
+	<target host="assets.software.eu.playstation.com" />
+	<target host="hardware.support.eu.playstation.com" />
+
+	<target host="io.playstation.com" />
+	<target host="www.jp.playstation.com" />
+	<target host="media.playstation.com" />
+	<target host="psmedia.playstation.com" />
+	<target host="status.playstation.com" />
+	<target host="store.playstation.com" />
+
+	<target host="us.playstation.com" />
+	<target host="blog.us.playstation.com" />
+	<target host="secure.cdn.us.playstation.com" />
+	<target host="secure.us.playstation.com" />
+	<!--target host="service1.us.playstation.com" /-->
+	<target host="support.us.playstation.com" />
+
+	<target host="www.playstation.com" />
+
+	<!--	Complications:
+				-->
+	<target host="metrics.aem.playstation.com" />
+	<target host="cdn.us.playstation.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://playstation\.com/"
+		to="https://www.playstation.com/" />
+
+	<rule from="^http://metrics\.aem\.playstation\.com/"
+		to="https://smetrics.aem.playstation.com/" />
+
+	<rule from="^http://cdn\.us\.playstation\.com/"
+		to="https://secure.cdn.us.playstation.com/" />
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/PlayStation_Network.com.xml b/src/chrome/content/rules/PlayStation_Network.com.xml
new file mode 100644
index 000000000000..4f240e4c5645
--- /dev/null
+++ b/src/chrome/content/rules/PlayStation_Network.com.xml
@@ -0,0 +1,25 @@
+<!--
+	For other Sony coverage, see Sony.xml.
+
+
+	Mixed content:
+
+		- Image on www from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="PlayStation Network.com">
+
+	<target host="playstationnetwork.com" />
+	<target host="cdn.playstationnetwork.com" />
+	<target host="www.playstationnetwork.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PlayVid.com.xml b/src/chrome/content/rules/PlayVid.com.xml
new file mode 100644
index 000000000000..8de44784b082
--- /dev/null
+++ b/src/chrome/content/rules/PlayVid.com.xml
@@ -0,0 +1,33 @@
+<ruleset name="PlayVid.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="playvid.com" />
+	<target host="www.playvid.com" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.playvid\.com/(?:$|add\.css)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.playvid\.com/+(?!css/|images/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.playvid.com/add.css" />
+			<test url="http://www.playvid.com/advertise" />
+			<test url="http://www.playvid.com/channels" />
+			<test url="http://www.playvid.com/contact-us" />
+			<test url="http://www.playvid.com/watch/fXhzLHsES2B" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.playvid.com/css/all.css" />
+			<test url="http://www.playvid.com/images/logo.png" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Play_Framework.com.xml b/src/chrome/content/rules/Play_Framework.com.xml
new file mode 100644
index 000000000000..ea5c7dd8d57b
--- /dev/null
+++ b/src/chrome/content/rules/Play_Framework.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="Play Framework.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="playframework.com" />
+	<target host="www.playframework.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Playboy.com.xml b/src/chrome/content/rules/Playboy.com.xml
new file mode 100644
index 000000000000..6bbc6f8482e9
--- /dev/null
+++ b/src/chrome/content/rules/Playboy.com.xml
@@ -0,0 +1,51 @@
+<!--
+	Other Playboy rulesets:
+
+		- Playboy_Store.com.xml
+		- Playmates.com.xml
+
+
+	Nonfunctional hosts in *playboy.com:
+
+		- plus ¹
+		- www ²
+
+	¹ Refused
+	² Redirects to http
+
+
+	^playboy.com: Dropped
+
+
+	Insecure cookies are set for these domains:
+
+		- .playboy.com
+
+-->
+<ruleset name="Playboy.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="cdn.playboy.com" />
+	<target host="images.playboy.com" />
+	<!--target host="www.playboy.com" /-->
+
+	<!--	Complications:
+				-->
+	<!--target host="playboy.com" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.playboy\.com$" name="^__qca$" /-->
+
+	<securecookie host="^\.playboy\.com$" name="^__qca$" />
+
+
+	<!--rule from="^http://playboy\.com/"
+		to="https://www.playboy.com/" /-->
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Playboy_Store.com.xml b/src/chrome/content/rules/Playboy_Store.com.xml
new file mode 100644
index 000000000000..2e7100bbb5d1
--- /dev/null
+++ b/src/chrome/content/rules/Playboy_Store.com.xml
@@ -0,0 +1,31 @@
+<!--
+	For other Playboy coverage, see Playboy.com.xml.
+
+
+	NB: Server sends no certificate chain, see https://whatsmychaincert.com
+
+
+	Insecure cookies are set for these domains:
+
+		- .www.playboystore.com
+
+-->
+<ruleset name="Playboy Store.com" default_off="cert-chain">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="playboystore.com" />
+	<target host="www.playboystore.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.www\.playboystore\.com$" name="^frontend$" /-->
+
+	<securecookie host="^\.www\.playboystore\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Player-Attack.xml b/src/chrome/content/rules/Player-Attack.xml
deleted file mode 100644
index 5258fc1e507c..000000000000
--- a/src/chrome/content/rules/Player-Attack.xml
+++ /dev/null
@@ -1,27 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- cloud		(times out)
-		- images	(ditto)
-		- imagery	(ditto)
-
--->
-<ruleset name="Player Attack (partial)">
-
-	<target host="playerattack.com" />
-	<target host="www.playerattack.com" />
-
-
-	<!--	At least some pages 302 to http.
-
-
-		These paths also do:
-
-
-			- imagery/
-			- media/
-							-->
-	<rule from="^http://(www\.)?playerattack\.com/(wp-content/)"
-		to="https://$1playerattack.com/$2" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Player.FM.xml b/src/chrome/content/rules/Player.FM.xml
new file mode 100644
index 000000000000..e1566f7ef631
--- /dev/null
+++ b/src/chrome/content/rules/Player.FM.xml
@@ -0,0 +1,45 @@
+<!--
+	NB: Tor users cannot view* this website due to CloudFlare settings.
+
+	See:
+
+		- https://blog.torproject.org/blog/call-arms-helping-internet-services-accept-anonymous-users
+		- https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block-Tor-
+		- https://support.cloudflare.com/hc/en-us/articles/200170206-How-do-I-turn-I-m-Under-Attack-mode-on-
+
+	* without enabling javascript, for security and privacy implications see e.g.:
+
+		- https://www.mozilla.org/security/known-vulnerabilities/firefox.html
+		- https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-fingerprinting
+		- https://panopticlick.eff.org
+
+
+	www: mismatched
+
+
+	Mixed content:
+
+		- iframe on blog from imgur.com *
+		- css on blog from $self *
+		- Images on blog from i.imgur.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Player.FM (partial)">
+
+	<target host="player.fm" />
+	<target host="*.player.fm" />
+		<!--
+			Avoid false/broken MCB:
+						-->
+		<exclusion pattern="^http://blog\.player\.fm/+(?!favicon\.ico|wp-content/|wp-includes/)" />
+
+
+	<securecookie host="^\.player\.fm$" name=".+" />
+
+
+	<rule from="^http://((?:a\d|blog|suggest)\.)?player\.fm/"
+		to="https://$1player.fm/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PlayerAttack.com.xml b/src/chrome/content/rules/PlayerAttack.com.xml
new file mode 100644
index 000000000000..6cfa88a41f3f
--- /dev/null
+++ b/src/chrome/content/rules/PlayerAttack.com.xml
@@ -0,0 +1,16 @@
+<!--
+	Invalid certificate:
+		forums.playerattack.com
+
+-->
+<ruleset name="Player Attack.com">
+
+	<target host="playerattack.com" />
+	<target host="www.playerattack.com" />
+	<target host="imagery.playerattack.com" />
+		<test url="http://imagery.playerattack.com/2015/10/patreon01.png" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PlayerAuctions.com.xml b/src/chrome/content/rules/PlayerAuctions.com.xml
index 03307e68e509..93fd909aee81 100644
--- a/src/chrome/content/rules/PlayerAuctions.com.xml
+++ b/src/chrome/content/rules/PlayerAuctions.com.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://kimage.playerauctions.com/ => https://kimage.playerauctions.com/: (6, 'Could not resolve host: kimage.playerauctions.com')
+
 	CDN buckets:
 
 		- wpc.8f34.edgecastcdn.net/??8F34/
@@ -10,35 +14,21 @@
 			- scdn01
 
 
-	Problematic subdoamins:
-
-		- ^		(refused)
-		- cdn01		(works; mismatched, CN: edgecastcdn.net)
-
-
-	Fully covered subdomains:
-
-		- (www.) *	(^ → www)
-		- cdn01		(→ scdn01)
-		- kimage *	(→ scdn01)
-		- scdn01
-
-	* Note: server is configured for rc4 only
+	Problematic subdomains:
 
+		- (s)cdn01		(works; mismatched, CN: edgecastcdn.net)
 -->
-<ruleset name="PlayerAuctions.com">
+<ruleset name="PlayerAuctions.com" default_off="failed ruleset test">
 
 	<target host="playerauctions.com" />
-	<target host="*.playerauctions.com" />
+	<target host="www.playerauctions.com" />
+	<target host="kimage.playerauctions.com" />
 
 
 	<securecookie host="^www\.playerauctions\.com$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?playerauctions\.com/"
-		to="https://www.playerauctions.com/" />
-
-	<rule from="^http://(?:kimage|s?cdn01)\.playerauctions\.com/"
-		to="https://scdn01.playerauctions.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/PlayerIO.com.xml b/src/chrome/content/rules/PlayerIO.com.xml
new file mode 100644
index 000000000000..1a60c671604a
--- /dev/null
+++ b/src/chrome/content/rules/PlayerIO.com.xml
@@ -0,0 +1,33 @@
+<!--
+	CDN buckets:
+
+		- playerio-a.akamaihd.net
+
+
+	Problematic domains:
+
+		- (www.)player.io *
+
+	* Works; mismatched, CN: *.playerio.com
+
+-->
+<ruleset name="PlayerIO.com">
+
+	<target host="player.io" />
+	<target host="www.player.io" />
+	<target host="playerio.com" />
+	<target host="www.playerio.com" />
+
+
+	<securecookie host="^(?:www\.)?playerio\.com$" name=".+" />
+
+
+	<!--	Redirect drops args but not path:
+							-->
+	<rule from="^http://(?:www\.)?player\.io/([^?]*)(?:\?.*)?"
+		to="https://playerio.com/$1" />
+
+	<rule from="^http://(www\.)?playerio\.com/"
+		to="https://$1playerio.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Playfire.com.xml b/src/chrome/content/rules/Playfire.com.xml
new file mode 100644
index 000000000000..e6c3bcd44a3f
--- /dev/null
+++ b/src/chrome/content/rules/Playfire.com.xml
@@ -0,0 +1,19 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://forums.playfire.com/ => https://www.forums.playfire.com/: (6, 'Could not resolve host: www.forums.playfire.com')
+Fetch error: http://www.forums.playfire.com/ => https://www.forums.playfire.com/: (6, 'Could not resolve host: www.forums.playfire.com')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://forums.playfire.com/ => https://www.forums.playfire.com/: (6, 'Could not resolve host: www.forums.playfire.com')
+Fetch error: http://www.forums.playfire.com/ => https://www.forums.playfire.com/: (6, 'Could not resolve host: www.forums.playfire.com')
+-->
+<ruleset name="Playfire (partial)" default_off="failed ruleset test">
+  <target host="forums.playfire.com" />
+  <target host="playfire.com" />
+  <target host="www.forums.playfire.com" />
+  <target host="www.playfire.com" />
+
+  <rule from="^http://(?:www\.)?forums\.playfire\.com/" to="https://www.forums.playfire.com/" />
+  <rule from="^http://(?:www\.)?playfire\.com/" to="https://www.playfire.com/" />
+</ruleset>
diff --git a/src/chrome/content/rules/Playkey.net.xml b/src/chrome/content/rules/Playkey.net.xml
new file mode 100644
index 000000000000..427776f256d9
--- /dev/null
+++ b/src/chrome/content/rules/Playkey.net.xml
@@ -0,0 +1,9 @@
+<!--^ mismatch
+blog. mismatch
+www. refused-->
+<ruleset name="Playkey.net">
+	<target host="api.playkey.net" />
+	<target host="support.playkey.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Playlists.net.xml b/src/chrome/content/rules/Playlists.net.xml
new file mode 100644
index 000000000000..edb85db5ba6f
--- /dev/null
+++ b/src/chrome/content/rules/Playlists.net.xml
@@ -0,0 +1,17 @@
+<!--
+	CN: www.sharemyplaylists.com
+
+-->
+<ruleset name="Playlists.net" default_off="expired, mismatched">
+
+	<target host="playlists.net" />
+	<target host="www.playlists.net" />
+
+
+	<securecookie host="^(?:www\.)?playlists\.net$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?playlists\.net/"
+		to="https://playlists.net/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Playmates.com.xml b/src/chrome/content/rules/Playmates.com.xml
new file mode 100644
index 000000000000..51ba6eed70c6
--- /dev/null
+++ b/src/chrome/content/rules/Playmates.com.xml
@@ -0,0 +1,49 @@
+<!--
+	For other Playboy coverage, see Playboy.com.xml.
+
+
+	Problematic hosts in *playmates.com:
+
+		- ^ ¹
+		- images ²
+		- static ²
+		- www ²
+
+	¹ Dropped
+	² Mismatched
+
+
+	Mixed content:
+
+		- css from images.playmates.com
+
+		- Images, on:
+
+			- www from res.cloudinary.com ²
+			- www from images.playmates.com
+
+		- Bug on www from b.scorecardresearch.com ²
+
+	² Secured by us
+
+-->
+<ruleset name="Playmates.com" default_off="mismatched" platform="mixedcontent">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="images.playmates.com" />
+	<target host="static.playmates.com" />
+	<target host="www.playmates.com" />
+
+	<!--	Complications:
+				-->
+	<target host="playmates.com" />
+
+
+	<rule from="^http://playmates\.com/"
+		to="https://www.playmates.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Plays.tv.xml b/src/chrome/content/rules/Plays.tv.xml
new file mode 100644
index 000000000000..04938ebbc08c
--- /dev/null
+++ b/src/chrome/content/rules/Plays.tv.xml
@@ -0,0 +1,44 @@
+<!--
+	Plays-TV
+
+
+	CDN buckets:
+
+		- m0playscdntv-a.akamaihd.net
+		- m1playscdntv-a.akamaihd.net
+
+
+	Insecure cookies are set for these domains:
+
+		- .plays.tv
+
+
+	Mixed content:
+
+		- Images on ^ from ddragon.leagueoflegends.com ˢ
+		- Bugs on ^ from b.scorecardresearch.com ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="Plays.TV">
+
+	<target host="plays.tv" />
+	<target host="s0.plays.tv" />
+	<target host="s1.plays.tv" />
+	<target host="s0.playscdn.tv" />
+	<target host="s1.playscdn.tv" />
+	<target host="www.plays.tv" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="\.plays\.tv" name="^(?:PHPSESSID|cohorttrack|xb)$" /-->
+
+	<securecookie host="^\." name="^(?:__qca|cohorttrack)$" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Playwire.xml b/src/chrome/content/rules/Playwire.xml
index 23ca9a2c7c72..7acbdd98773d 100644
--- a/src/chrome/content/rules/Playwire.xml
+++ b/src/chrome/content/rules/Playwire.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://support.playwire.com/ => https://www.playwiresupport.com/: (60, 'SSL certificate problem: certificate has expired')
+
 	For other Intergi coverage, see Intergi.xml.
 
 
@@ -13,20 +17,44 @@
 
 	Nonfunctional subdomains:
 
+		- (www.)? ¹
 		- blog		(redirects to www)
+		- phoenix ²
 
--->
-<ruleset name="Playwire (partial)">
+	¹ WP Engine
+	² Redirects to http
+
+
+	Problematic hosts in *playwire.com:
 
-	<target host="playwire.com" />
-	<target host="*.playwire.com" />
+		- support *
+
+	* Mismatched
+
+-->
+<ruleset name="Playwire.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<!--target host="playwire.com" /-->
+	<target host="cdn.playwire.com" />
+	<target host="support.playwire.com" />
+	<!--target host="www.playwire.com" /-->
 		<!--
 			At least some pages redirect to http.
 								-->
-		<exclusion pattern="^http://(?:www\.)?playwire\.com/(?!images/|javascripts/|stylesheets/)" />
+		<!--exclusion pattern="^http://(?:www\.)?playwire\.com/(?!images/|javascripts/|stylesheets/)" /-->
+		<!--exclusion pattern="^http://phoenix\.playwire\.com/en/(login|signup|signup/premium)$" /-->
+
+			<!--test url="http://phoenix.playwire.com/en/login" /-->
+			<!--test url="http://phoenix.playwire.com/en/signup" /-->
+			<!--test url="http://phoenix.playwire.com/en/signup/premium" /-->
+
 
+	<rule from="^http://support\.playwire\.com/"
+		to="https://www.playwiresupport.com/" />
 
-	<rule from="^http://(cdn\.|www\.)?playwire\.com/"
-		to="https://$1playwire.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Please_Ignore.com.xml b/src/chrome/content/rules/Please_Ignore.com.xml
new file mode 100644
index 000000000000..099e2a0a234c
--- /dev/null
+++ b/src/chrome/content/rules/Please_Ignore.com.xml
@@ -0,0 +1,25 @@
+<ruleset name="Please Ignore.com">
+
+	<target host="pleaseignore.com" />
+	<target host="auth.pleaseignore.com" />
+	<target host="wiki.pleaseignore.com" />
+	<target host="www.pleaseignore.com" />
+	<target host="zkb.pleaseignore.com" />
+
+
+	<!--	Secured by server:
+					-->
+	<!--securecookie host="^wiki\.pleaseignore\.com$" name="^pub_wiki_session$" /-->
+	<!--
+		Not secured by server:
+					-->
+	<!--securecookie host="^\.pleaseignore\.com$" name="^pleaseignore_xsession_id$" /-->
+	<!--securecookie host="^auth\.pleaseignore\.com$" name="^(csrftoken|sessionid)$" /-->
+	<!--securecookie host="^zkb\.pleaseignore\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\w*\.pleaseignore\.com$" name=".+" />
+
+
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Pleasuredome.xml b/src/chrome/content/rules/Pleasuredome.xml
new file mode 100644
index 000000000000..983dc01f761b
--- /dev/null
+++ b/src/chrome/content/rules/Pleasuredome.xml
@@ -0,0 +1,20 @@
+<ruleset name="Pleasuredome" default_off="self-signed">
+	<target host="pleasuredome.org.uk" />
+	<target host="www.pleasuredome.org.uk" />
+	<target host="forum.pleasuredome.org.uk" />
+
+	<test url="http://pleasuredome.org.uk/" />
+	<test url="http://www.pleasuredome.org.uk/" />
+	<test url="http://forums.pleasuredome.org.uk/" />
+
+	<securecookie host=".+" name=".+" />
+
+	<!-- http://pleasuredome.org.uk/ yields an empty HTML document.
+		 This appears to be intended as a response to spurious tracker
+		 requests. It's not helpful in this context, so let's perform www
+		 redirection here, in order to reach the 'real' index page. -->
+	<rule from="^http://pleasuredome\.org\.uk/$"
+		  to="https://www.pleasuredome.org.uk/" />
+	<rule from="^http:"
+	      to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Pledgie.xml b/src/chrome/content/rules/Pledgie.xml
index 7e0bacefc97a..685d022ef153 100644
--- a/src/chrome/content/rules/Pledgie.xml
+++ b/src/chrome/content/rules/Pledgie.xml
@@ -1,10 +1,38 @@
-<ruleset name="Pledgie" platform="mixedcontent">
+<!--
+	Problematic subdomains:
+
+		- help ¹
+		- www ²
+
+	¹ Tenderapp
+	² Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- help.pledgie.com
+
+
+	Mixed content:
+
+		- Images on ^ from a0.twimg.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Pledgie.com (partial)">
   <target host="pledgie.com" />
   <target host="www.pledgie.com" />
 
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^help\.pledgie\.com$" name="^(_tender_session|anon_token)$" /-->
+
+
   <rule from="^http://(?:www\.)?pledgie\.com/"
           to="https://pledgie.com/"/>
 
-  <securecookie host="^pledgie\.com$" name=".*"/>
+  <securecookie host="^pledgie\.com$" name=".+" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/PlentyOfFish.xml b/src/chrome/content/rules/PlentyOfFish.xml
index a8b1521e5dfa..bffb7bbbeee5 100644
--- a/src/chrome/content/rules/PlentyOfFish.xml
+++ b/src/chrome/content/rules/PlentyOfFish.xml
@@ -12,13 +12,13 @@
 
 			https://trac.torproject.org/projects/tor/ticket/6279
 					-->
-		<exclusion pattern="^http://(pics\d?|www)\.pof\.com/($|.*\.aspx($|\?)|thumbnails/)" />
+		<exclusion pattern="^http://(?:pics\d?|www)\.pof\.com/(?:$|.*\.aspx(?:$|\?)|thumbnails/)" />
 
 
 	<!--	- pics\d?: Akamai
 		- Cert doesn't match ^pof.com
 						-->
-	<rule from="^https?://(?:pics\d?\.|www\.)?pof\.com/"
+	<rule from="^http://(?:pics\d?\.|www\.)?pof\.com/"
 		to="https://www.pof.com/" />
 
 	<rule from="^http://secure\.pof\.com/"
diff --git a/src/chrome/content/rules/Plex.tv.xml b/src/chrome/content/rules/Plex.tv.xml
new file mode 100644
index 000000000000..1a0b148d1e2d
--- /dev/null
+++ b/src/chrome/content/rules/Plex.tv.xml
@@ -0,0 +1,34 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://md01.plex.tv/ => https://md01.plex.tv/: (6, 'Could not resolve host: md01.plex.tv')
+Fetch error: http://md02.plex.tv/ => https://md02.plex.tv/: (6, 'Could not resolve host: md02.plex.tv')
+Fetch error: http://md03.plex.tv/ => https://md03.plex.tv/: (6, 'Could not resolve host: md03.plex.tv')
+
+	Other Plex rulesets:
+
+		- Plexapp.com.xml
+-->
+<ruleset name="Plex.tv" default_off="failed ruleset test">
+
+	<target host="plex.tv" />
+	<target host="blog.plex.tv" />
+	<target host="forums.plex.tv" />
+	<target host="www.plex.tv" />
+	<target host="downloads.plex.tv" />
+	<target host="support.plex.tv" />
+	<target host="md01.plex.tv" />
+	<target host="md02.plex.tv" />
+	<target host="md03.plex.tv" />
+
+	<!--	Server sets Secure for:
+					-->
+	<!--securecookie host="^plex\.tv$" name=".+" /-->
+	<!--
+		But not for:
+					-->
+	<securecookie host="^\.plex\.tv$" name=".+" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Plexapp.com.xml b/src/chrome/content/rules/Plexapp.com.xml
new file mode 100644
index 000000000000..baa37cd57339
--- /dev/null
+++ b/src/chrome/content/rules/Plexapp.com.xml
@@ -0,0 +1,30 @@
+<!--
+	For other Plex coverage, see Plex.tv.xml.
+
+
+	Problematic subdomains:
+
+		- wiki *
+
+	* Mismatched
+
+
+	Mixed content:
+
+		- Images on elan from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Plexapp.com (partial)">
+	<target host="plexapp.com" />
+	<target host="dev.plexapp.com" />
+	<target host="elan.plexapp.com" />
+	<target host="lastfm-z.plexapp.com" />
+	<target host="my.plexapp.com" />
+	<!--target host="wiki.plexapp.com" /-->
+	<target host="www.plexapp.com" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Pliktverket.se.xml b/src/chrome/content/rules/Pliktverket.se.xml
index 0c1acf210190..e551b1b15134 100644
--- a/src/chrome/content/rules/Pliktverket.se.xml
+++ b/src/chrome/content/rules/Pliktverket.se.xml
@@ -1,7 +1,16 @@
-<ruleset name="Pliktverket.se">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://pliktverket.se/ => https://pliktverket.se/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.pliktverket.se/ => https://www.pliktverket.se/: (28, 'Connection timed out after 20001 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://pliktverket.se/ => https://pliktverket.se/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.pliktverket.se/ => https://www.pliktverket.se/: (60, 'SSL certificate problem: certificate has expired')
+-->
+<ruleset name="Pliktverket.se" default_off="failed ruleset test">
 	<target host="pliktverket.se" />
 	<target host="www.pliktverket.se" />
-	<rule from="^http://www\.pliktverket\.se/" to="https://www.pliktverket.se/"/>
-	<rule from="^http://pliktverket\.se/" to="https://pliktverket.se/"/>
+	<rule from="^http:" to="https:" />
 </ruleset>
 
diff --git a/src/chrome/content/rules/Plimus.com.xml b/src/chrome/content/rules/Plimus.com.xml
deleted file mode 100644
index 9b55c1ada2aa..000000000000
--- a/src/chrome/content/rules/Plimus.com.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	For other BlueSnap coverage, see BlueSnap.com.xml.
-
-
-	Cert only matches *.plimus.com.
-
--->
-<ruleset name="Plimus.com">
-
-	<target host="plimus.com" />
-	<target host="*.plimus.com" />
-
-
-	<securecookie host="^(?:www)?\.plimus\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?plimus\.com/"
-		to="https://www.plimus.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Plista.xml b/src/chrome/content/rules/Plista.xml
index 69613c791d4a..e2713fd49812 100644
--- a/src/chrome/content/rules/Plista.xml
+++ b/src/chrome/content/rules/Plista.xml
@@ -1,18 +1,145 @@
-<ruleset name="plista (partial)">
+<!--
+	Chain issues:
+		- grafana.plista.com
+		- graphite.plista.com
+		- plista573.plista.com
+		- plista87.plista.com
+		- projects.plista.com
 
-	<target host="plista.com" />
-	<target host="*.plista.com" />
+	Cert mismatch:
+		- mx0.plista.com
 
+	Self-signed:
+		- beta.plista.com
+		- satellite.plista.com
+		- visit.plista.com
+		- vpn.plista.com
 
-	<!--	- !www times out
-		- Some (most?) pages 302 to http
-						-->
-	<rule from="^https?://(?:www\.)?plista\.com/((?:\w\w/)?a(?:ccount/(?:login|forgot_pw)|dvertiser/registrations)(?:$|\?)|ccss/|img/)"
-		to="https://www.plista.com/$1" />
+	TLS error:
+		- plista125.plista.com
 
-	<!--	Ads included on 3rd-party websites.
-							-->
-	<rule from="^http://static\.plista\.com/"
-		to="https://static.plista.com/" />
+-->
+<ruleset name="plista">
+
+	<target host="plista.com"/>
+	<target host="www.plista.com"/>
+
+	<target host="admin.plista.com"/>
+	<target host="api.plista.com"/>
+	<target host="api-test.plista.com"/>
+	<target host="arp.plista.com"/>
+	<target host="awstats.plista.com"/>
+	<target host="blog.plista.com"/>
+	<target host="blog-hetzner-rz10-0001.plista.com"/>
+	<target host="click.plista.com"/>
+	<target host="click-at.plista.com"/>
+	<target host="click-ch.plista.com"/>
+	<target host="click-de.plista.com"/>
+	<target host="click-au.plista.com"/>
+	<target host="click-dk.plista.com"/>
+	<target host="click-cn.plista.com"/>
+	<target host="click-fi.plista.com"/>
+	<target host="click-hetzner.plista.com"/>
+	<target host="click-nl.plista.com"/>
+	<target host="click-no.plista.com"/>
+	<target host="click-origin.plista.com"/>
+	<target host="click-my.plista.com"/>
+	<target host="click-pl.plista.com"/>
+	<target host="click-ru.plista.com"/>
+	<target host="click-se.plista.com"/>
+	<target host="click-tr.plista.com"/>
+	<target host="click-sg.plista.com"/>
+	<target host="click-uk.plista.com"/>
+	<target host="click-th.plista.com"/>
+	<target host="confluence.plista.com"/>
+	<target host="click-tw.plista.com"/>
+	<target host="contest.plista.com"/>
+	<target host="crm.plista.com"/>
+	<target host="dashboard.plista.com"/>
+	<target host="docker-registry.plista.com"/>
+	<target host="elements.plista.com"/>
+	<target host="farm.plista.com"/>
+	<target host="farm-at.plista.com"/>
+	<target host="farm-ch.plista.com"/>
+	<target host="farm-au.plista.com"/>
+	<target host="farm-de.plista.com"/>
+	<target host="farm-cn.plista.com"/>
+	<target host="farm-dk.plista.com"/>
+	<target host="farm-fi.plista.com"/>
+	<target host="farm-hetzner.plista.com"/>
+	<target host="farm-nl.plista.com"/>
+	<target host="farm-no.plista.com"/>
+	<target host="farm-hk.plista.com"/>
+	<target host="farm-origin.plista.com"/>
+	<target host="farm-my.plista.com"/>
+	<target host="farm-pl.plista.com"/>
+	<target host="farm-ru.plista.com"/>
+	<target host="farm-se.plista.com"/>
+	<target host="farm-tr.plista.com"/>
+	<target host="farm-sg.plista.com"/>
+	<target host="farm-softlayer.plista.com"/>
+	<target host="farm-uk.plista.com"/>
+	<target host="farm-th.plista.com"/>
+	<target host="gitlab.plista.com"/>
+	<target host="farm-tw.plista.com"/>
+	<target host="graylog.plista.com"/>
+	<target host="icinga.plista.com"/>
+	<target host="icinga2.plista.com"/>
+	<target host="jenkins.plista.com"/>
+	<target host="jenkinsmaster-hetzner-rz19-0001.plista.com"/>
+	<target host="jira.plista.com"/>
+	<target host="mail.plista.com"/>
+	<target host="media.plista.com"/>
+	<target host="munin.plista.com"/>
+	<target host="orp.plista.com"/>
+	<target host="partner.plista.com"/>
+	<target host="piwik.plista.com"/>
+	<target host="planet.plista.com"/>
+	<target host="playground.plista.com"/>
+	<target host="plista252.plista.com"/>
+	<target host="plista329.plista.com"/>
+	<target host="plista382.plista.com"/>
+	<target host="plista61.plista.com"/>
+	<target host="plista683.plista.com"/>
+	<target host="plista777.plista.com"/>
+	<target host="plista998.plista.com"/>
+	<target host="plugin.plista.com"/>
+	<target host="portal.plista.com"/>
+	<target host="plistahk012.plista.com"/>
+	<target host="plistahk013.plista.com"/>
+	<target host="portal-softlayer.plista.com"/>
+	<target host="satis.plista.com"/>
+	<target host="showroom.plista.com"/>
+	<target host="static.plista.com"/>
+	<target host="static-at.plista.com"/>
+	<target host="static-au.plista.com"/>
+	<target host="static-ch.plista.com"/>
+	<target host="static-de.plista.com"/>
+	<target host="static-dk.plista.com"/>
+	<target host="static-cn.plista.com"/>
+	<target host="static-fi.plista.com"/>
+	<target host="static-nl.plista.com"/>
+	<target host="static-no.plista.com"/>
+	<target host="static-origin.plista.com"/>
+	<target host="static-my.plista.com"/>
+	<target host="static-pl.plista.com"/>
+	<target host="static-ru.plista.com"/>
+	<target host="static-se.plista.com"/>
+	<target host="static-sg.plista.com"/>
+	<target host="static-tr.plista.com"/>
+	<target host="static-th.plista.com"/>
+	<target host="static-uk.plista.com"/>
+	<target host="static-tw.plista.com"/>
+	<target host="tech.plista.com"/>
+	<target host="wiki.plista.com"/>
+	<target host="www-admin.plista.com"/>
+	<target host="www-test.plista.com"/>
+
+	<!--	- !www times out -->
+	<rule from="^http://plista\.com/"
+		to="https://www.plista.com/" />
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Plone.org.xml b/src/chrome/content/rules/Plone.org.xml
index 8ee2638123cc..1ca6b6d78c97 100644
--- a/src/chrome/content/rules/Plone.org.xml
+++ b/src/chrome/content/rules/Plone.org.xml
@@ -1,22 +1,43 @@
 <!--
 	Nonfunctional subdomains:
 
-		- planet	(403, valid cert)
+		- planet *
 
+	* 403, expired
 
-	Mixed image from planet on dev
+
+	Problematic subdomains:
+
+		- lists *
+
+	* Works; mismatched, CN: *.osuosl.org
+
+
+	Mixed content:
+
+		- Image on dev from planet ¹
+
+		- favicon on dev from ^ ²
+
+	¹ Unsecurable <= 403
+	² Secured by us
 
 -->
-<ruleset name="Plone.org">
+<ruleset name="Plone.org (partial)">
 
 	<target host="plone.org" />
-	<target host="*.plone.org" />
+	<target host="dev.plone.org" />
+	<target host="svn.plone.org" />
+	<target host="www.plone.org" />
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^plone\.org$" name="^zinstance$" /-->
 
-	<securecookie host="^(?:dev)?\.plone\.org$" name=".+" />
+	<securecookie host="^(?:dev\.|\.)?plone\.org$" name=".+" />
 
 
-	<rule from="^http://((?:dev|staging|svn|www)\.)?plone\.org/"
-		to="https://$1plone.org/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Ploum.net.xml b/src/chrome/content/rules/Ploum.net.xml
new file mode 100644
index 000000000000..d55629a9f6c3
--- /dev/null
+++ b/src/chrome/content/rules/Ploum.net.xml
@@ -0,0 +1,9 @@
+<ruleset name="ploum.net">
+
+	<target host="ploum.net" />
+	<target host="www.ploum.net" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Plug.dj.xml b/src/chrome/content/rules/Plug.dj.xml
new file mode 100644
index 000000000000..fa52aa463b2b
--- /dev/null
+++ b/src/chrome/content/rules/Plug.dj.xml
@@ -0,0 +1,32 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://tech.plug.dj/ => https://tech.plug.dj/: (51, "SSL: no alternative certificate subject name matches target host name 'tech.plug.dj'")
+
+	Nonfunctional subdomains:
+
+		- support *
+
+	* Zendesk
+
+
+	Mixed content:
+
+		- Bug on blog from iconosquare.com *
+
+	* Unsecureable <= refused
+
+-->
+<ruleset name="plug.dj (partial)" default_off="failed ruleset test">
+
+	<target host="plug.dj" />
+	<target host="www.plug.dj" />
+
+	<target host="blog.plug.dj" />
+	<target host="cdn.plug.dj" />
+	<target host="tech.plug.dj" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PlugRush.com-problematic.xml b/src/chrome/content/rules/PlugRush.com-problematic.xml
index f5aa3400ea7c..fc68339ab26c 100644
--- a/src/chrome/content/rules/PlugRush.com-problematic.xml
+++ b/src/chrome/content/rules/PlugRush.com-problematic.xml
@@ -6,15 +6,15 @@
 -->
 <ruleset name="PlugRush.com (problematic)" default_off="mismatched">
 
-	<target host="*.plugrush.com" />
+	<target host="mobile.plugrush.com" />
 
 
 	<!--	Set by mobile: name="^PHPSESSID$"
 							-->
-	<securecookie host="^\.plugrush\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://mobile\.plugrush\.com/"
-		to="https://mobile.plugrush.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/PlugRush.com.xml b/src/chrome/content/rules/PlugRush.com.xml
index 42bfadb12b8f..e8f4ea5e5661 100644
--- a/src/chrome/content/rules/PlugRush.com.xml
+++ b/src/chrome/content/rules/PlugRush.com.xml
@@ -1,24 +1,42 @@
 <!--
 	For problematic rules, see PlugRush.com-problematic.xml.
 
-
 	Other PlugRush rulesets:
 
-		- Twiant.com.xml
+		- PRstatics.com.xml
+
+
+	Problematic hosts in *plugrush.com:
+
+		- mobile *
 
+	* Mismatched, CN: www.twiant.com
 
-	Problematic subdomains:
 
-		- mobile	(works; mismatched, CN: www.twiant.com)
+	Insecure cookies are set for these domains and hosts:
+
+		- .plugrush.com
+		- widget.plugrush.com
 
 -->
 <ruleset name="PlugRush.com (partial)">
 
 	<target host="plugrush.com" />
+	<target host="static.plugrush.com" />
+	<target host="w1.plugrush.com" />
+	<target host="widget.plugrush.com" />
 	<target host="www.plugrush.com" />
 
 
-	<rule from="^http://(www\.)?plugrush\.com/"
-		to="https://$1plugrush.com/" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.plugrush\.com$" name="^(__cfduid|cf_clearance|prVi)$" /-->
+	<!--securecookie host="^widget\.plugrush\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Plug_Unplug.net.xml b/src/chrome/content/rules/Plug_Unplug.net.xml
new file mode 100644
index 000000000000..32685aba591c
--- /dev/null
+++ b/src/chrome/content/rules/Plug_Unplug.net.xml
@@ -0,0 +1,9 @@
+<ruleset name="Plug Unplug.net">
+
+	<target host="plugunplug.net" />
+	<target host="www.plugunplug.net" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Plumbr.eu.xml b/src/chrome/content/rules/Plumbr.eu.xml
new file mode 100644
index 000000000000..91d0c2a1791f
--- /dev/null
+++ b/src/chrome/content/rules/Plumbr.eu.xml
@@ -0,0 +1,13 @@
+<ruleset name="Plumbr.eu">
+
+	<target host="plumbr.eu" />
+	<target host="www.plumbr.eu" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Plurk.xml b/src/chrome/content/rules/Plurk.xml
index 8ade3faa998d..65f0af7ab6d1 100644
--- a/src/chrome/content/rules/Plurk.xml
+++ b/src/chrome/content/rules/Plurk.xml
@@ -1,22 +1,17 @@
-<!--
-	Nonfunctional subdomains:
-
-		- statics	(redirects to http; mismatched, CN: ssl4013.cloudflare.com)
-
-
-	Insecure css from statics.
-
--->
-<ruleset name="plurk (partial)" platform="mixedcontent">
+<ruleset name="plurk (partial)">
 
 	<target host="plurk.com" />
-	<target host="*.plurk.com" />
+	<target host="statics.plurk.com" />
+	<target host="www.plurk.com" />
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.plurk\.com$" name="^plurkcookiea$" /-->
 
 	<securecookie host="^\.plurk\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?plurk\.com/"
-		to="https://$1plurk.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Plus.xml b/src/chrome/content/rules/Plus.xml
index 62ec4462a7e4..4e1ad29ac3a0 100644
--- a/src/chrome/content/rules/Plus.xml
+++ b/src/chrome/content/rules/Plus.xml
@@ -1,4 +1,6 @@
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://plus.net/ => https://www.plus.net/: Redirect for 'http://www.plus.net/' missing Location
 	Fully covered subdomains:
 
 		- (www.)	(^ → www)
@@ -32,7 +34,11 @@
 <ruleset name="Plus.net">
 
 	<target host="plus.net" />
-	<target host="*.plus.net" />
+	<target host="www.plus.net" />
+	<target host="portal.plus.net" />
+	<target host="webmail.plus.net" />
+	<target host="community.plus.net" />
+	<target host="webstats.plus.net" />
 
 
 	<securecookie host="^(?:.+\.)?plus\.net$" name=".+" />
@@ -44,7 +50,6 @@
 	<rule from="^http://(?:www\.)?plus\.net/"
 		to="https://www.plus.net/" />
 
-	<rule from="^http://(portal|webmail|community|webstats)\.plus\.net/"
-		to="https://$1.plus.net/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Plusgirot.se.xml b/src/chrome/content/rules/Plusgirot.se.xml
index 4b2dfd207d02..3c23c875266b 100644
--- a/src/chrome/content/rules/Plusgirot.se.xml
+++ b/src/chrome/content/rules/Plusgirot.se.xml
@@ -1,4 +1,11 @@
-<ruleset name="Plusgirot.se">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://plusgirot.se/ => https://www.plusgirot.se/: (35, 'error:14077458:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 unrecognized name')
+Fetch error: http://www.plusgirot.se/ => https://www.plusgirot.se/: (35, 'error:14077458:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 unrecognized name')
+
+-->
+<ruleset name="Plusgirot.se" default_off="failed ruleset test">
 	<target host="plusgirot.se" />
 	<target host="www.plusgirot.se" />
 	<rule from="^http://www\.plusgirot\.se/" to="https://www.plusgirot.se/"/>
diff --git a/src/chrome/content/rules/Pluska.sk.xml b/src/chrome/content/rules/Pluska.sk.xml
new file mode 100644
index 000000000000..e2f4c6fd6d59
--- /dev/null
+++ b/src/chrome/content/rules/Pluska.sk.xml
@@ -0,0 +1,65 @@
+<!--
+	Nonfunctional hosts in *.pluska.sk:
+
+	certificate mismatch:
+	- top1000.pluska.sk
+	- vyhodnelieky.pluska.sk
+
+	connection refused:
+	- cms.pluska.sk
+	- izdravie.sk
+	- www.izdravie.sk
+
+	self-signed certificate:
+	- oto.pluska.sk
+	- poistenie.pluska.sk
+
+	timeout on https:
+	- living.pluska.sk
+	- kultura.pluska.sk
+	- mamina.pluska.sk
+	- mobil.pluska.sk
+	- media.pluska.sk
+	- tabletcms.pluska.sk
+
+	mixed content:
+	- modnetipy.pluska.sk
+
+	Error 404:
+	- dobrejedlo.pluska.sk
+
+pluska.sk returns certificate for www.pluska.sk
+
+-->
+<ruleset name="Pluska.sk">
+	<target host="pluska.sk" />
+	<target host="www.pluska.sk" />
+	<target host="halo.pluska.sk" />
+	<target host="lekar.pluska.sk" />
+	<target host="viralne.pluska.sk" />
+	<target host="emma.pluska.sk" />
+	<target host="byvanie.pluska.sk" />
+	<target host="tv.pluska.sk" />
+	<target host="polovnictvo.pluska.sk" />
+	<target host="zdravie.pluska.sk" />
+
+	<rule from="^http://pluska\.sk/"
+		to="https://www.pluska.sk/" />
+
+	<rule from="^http://polovnictvo\.pluska\.sk/"
+		to="https://www.pluska.sk/polovnictvo-rybarstvo/" />
+
+	<rule from="^http://tv\.pluska\.sk/"
+		to="https://www.pluska.sk/port/tv/" />
+
+	<rule from="^http://byvanie\.pluska\.sk/"
+		to="https://www.pluska.sk/ipeknebyvanie/" />
+
+	<rule from="^http://emma\.pluska\.sk/"
+		to="https://www.pluska.sk/emma/" />
+
+	<rule from="^http://zdravie\.pluska\.sk/"
+		to="https://www.pluska.sk/izdravie/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Plymouth-University.xml b/src/chrome/content/rules/Plymouth-University.xml
deleted file mode 100644
index e73d6d2a6c7f..000000000000
--- a/src/chrome/content/rules/Plymouth-University.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<ruleset name="Plymouth University" platform="mixedcontent">
-
-	<target host="plymouth.ac.uk" />
-	<target host="*.plymouth.ac.uk" />
-
-
-	<securecookie host="^(.*\.)?plymouth\.ac\.uk$" name=".*" />
-
-
-	<!--
-		Encountered subdomains:
-
-			- intranet
-			- student
-			- www
-
-				-->
-	<rule from="^http://(\w+\.)?plymouth\.ac\.uk/"
-		to="https://$1plymouth.ac.uk/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Po.st.xml b/src/chrome/content/rules/Po.st.xml
deleted file mode 100644
index 587fac0a0600..000000000000
--- a/src/chrome/content/rules/Po.st.xml
+++ /dev/null
@@ -1,38 +0,0 @@
-<!--
-	For other RadiumOne coverage, see RadiumOne.xml.
-
-
-	Nonfunctional subdomains:
-
-		- support	(zendesk)
-
-
-	Problematic subdomains:
-
-		- i	(dropped)
-
-
-	Fully covered subdomains:
-
-		- (www.)
-		- i	(→ s)
-		- p
-		- s
-
--->
-<ruleset name="Po.st (partial)">
-
-	<target host="po.st" />
-	<target host="*.po.st" />
-
-
-	<securecookie host="^(?:www)?\.po\.st$" name=".+" />
-
-
-	<rule from="^http://(p\.|www\.)?po\.st/"
-		to="https://$1po.st/" />
-
-	<rule from="^http://[is]\.po\.st/"
-		to="https://s.po.st/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Poal.me.xml b/src/chrome/content/rules/Poal.me.xml
new file mode 100644
index 000000000000..c09b82df572a
--- /dev/null
+++ b/src/chrome/content/rules/Poal.me.xml
@@ -0,0 +1,15 @@
+<!--
+	Nonfunctional hosts in *.poal.me:
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Poal.me">
+	<target host="poal.me" />
+	<target host="www.poal.me" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Pobox.xml b/src/chrome/content/rules/Pobox.xml
index 404da414672a..cf2d68875680 100644
--- a/src/chrome/content/rules/Pobox.xml
+++ b/src/chrome/content/rules/Pobox.xml
@@ -1,19 +1,24 @@
 <!--
-	Nonfunctional subdomains:
+	For other Fastmail coverage, see Fastmail.xml
 
-		- blog	(reset)
+	Nonfunctional subdomains:
 
+		- helpspot.pobox.com  		certificate for *.helpspot.com
+		- spf.pobox.com			certificate for www.pobox.com
 -->
+
 <ruleset name="Pobox">
 
 	<target host="pobox.com" />
-	<target host="*.pobox.com" />
-
-
-	<securecookie host="^\.pobox\.com$" name=".*" />
+	<target host="www.pobox.com" />
 
+	<target host="blog.pobox.com" />
+	<target host="support.pobox.com" />
+	<target host="sysadmins.pobox.com" />
+	<target host="webmail.pobox.com" />
 
-	<rule from="^http://(www\.)?pobox\.com/"
-		to="https://$1pobox.com/" />
+	<securecookie host="^\.pobox\.com$" name=".+" />
 
+	<rule from="^http:" to="https:" />
+	
 </ruleset>
diff --git a/src/chrome/content/rules/Pochtabank.ru.xml b/src/chrome/content/rules/Pochtabank.ru.xml
new file mode 100644
index 000000000000..18a1b1f5fa9a
--- /dev/null
+++ b/src/chrome/content/rules/Pochtabank.ru.xml
@@ -0,0 +1,43 @@
+<!--
+br.pochtabank.ru ¹
+happy2017.pochtabank.ru ¹
+ishopper.pochtabank.ru ⁷
+rabota.pochtabank.ru ⁷
+newstud.pochtabank.ru mixed content
+sales.pochtabank.ru mixed content
+
+
+¹ mismatch
+⁷ protocol error
+-->
+<ruleset name="pochtabank.ru">
+	<target host="pochtabank.ru" />
+	<target host="www.pochtabank.ru" />
+	<target host="acquiring.pochtabank.ru" />
+	<target host="anketa.pochtabank.ru" />
+	<target host="anketa-mobile.pochtabank.ru" />
+	<target host="auth.pochtabank.ru" />
+	<target host="cards.pochtabank.ru" />
+	<target host="cards-mobile.pochtabank.ru" />
+	<target host="ch.pochtabank.ru" />
+	<target host="corp.pochtabank.ru" />
+	<target host="credit.pochtabank.ru" />
+	<target host="eco.pochtabank.ru" />
+	<target host="front.pochtabank.ru" />
+	<target host="ishopper1.pochtabank.ru" />
+	<target host="it.pochtabank.ru" />
+	<target host="lk.pochtabank.ru" />
+	<target host="login.pochtabank.ru" />
+	<target host="mobile.pochtabank.ru" />
+	<target host="my.pochtabank.ru" />
+	<target host="mytest.pochtabank.ru" />
+	<target host="online.pochtabank.ru" />
+	<target host="pf.pochtabank.ru" />
+	<target host="pfr.pochtabank.ru" />
+	<target host="plugin.pochtabank.ru" />
+	<target host="portal.pochtabank.ru" />
+	<target host="post.pochtabank.ru" />
+	<target host="web.pochtabank.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PocketMatrix.com.xml b/src/chrome/content/rules/PocketMatrix.com.xml
new file mode 100644
index 000000000000..98f5e5ea1cae
--- /dev/null
+++ b/src/chrome/content/rules/PocketMatrix.com.xml
@@ -0,0 +1,15 @@
+<!--
+	Invalid certificate:
+		ipv4.pocketmatrix.com
+		mail.pocketmatrix.com
+
+	Unreachable:
+		ipv6.pocketmatrix.com
+-->
+<ruleset name="pocketmatrix.com">
+	<target host="pocketmatrix.com" />
+	<target host="www.pocketmatrix.com" />
+
+	<rule from="^http://www\.pocketmatrix\.com/" to="https://pocketmatrix.com/" /> <!-- SSL: no alternative certificate subject name matches target host name 'www.pocketmatrix.com -->
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Pocket_Casts.com.xml b/src/chrome/content/rules/Pocket_Casts.com.xml
new file mode 100644
index 000000000000..e37e518b4e0b
--- /dev/null
+++ b/src/chrome/content/rules/Pocket_Casts.com.xml
@@ -0,0 +1,19 @@
+<!--
+	(www.)?: shows podcasts.shiftjelly.com.au
+
+
+	Fully covered subdomains:
+
+		- play
+		- social
+
+-->
+<ruleset name="Pocket Casts.com (partial)">
+
+	<target host="play.pocketcasts.com" />
+	<target host="social.pocketcasts.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Pocketgamer.biz.xml b/src/chrome/content/rules/Pocketgamer.biz.xml
new file mode 100644
index 000000000000..a9756e2b4afb
--- /dev/null
+++ b/src/chrome/content/rules/Pocketgamer.biz.xml
@@ -0,0 +1,20 @@
+<!--
+	Nonfunctional hosts in *.pocketgamer.biz:
+
+	HTTPS Connection refused:
+	    www2.pocketgamer.biz
+
+	Too many redirects to HTTPS:
+	    pocketgamer.biz
+	    www.pocketgamer.biz
+-->
+<ruleset name="Pocketgamer.biz">
+
+	<target host="css.pocketgamer.biz" />
+	<target host="imgs.pocketgamer.biz" />
+	<target host="js.pocketgamer.biz" />
+	<target host="media.pocketgamer.biz" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PodOmatic.com.xml b/src/chrome/content/rules/PodOmatic.com.xml
index c1988aa8c7d3..a5488cd76a26 100644
--- a/src/chrome/content/rules/PodOmatic.com.xml
+++ b/src/chrome/content/rules/PodOmatic.com.xml
@@ -1,6 +1,6 @@
-<!-- only enterprice.podomatic.com seems to have ssl :( -->
+<!-- only enterprise.podomatic.com seems to have ssl :( -->
 <ruleset name="PodOmatic.com" platform="mixedcontent">
 	<target host="enterprise.podomatic.com" />
-	<rule from="^http://enterprise\.podomatic\.com/" to="https://enterprise.podomatic.com/"/>
+	<rule from="^http:" to="https:" />
 </ruleset>
 
diff --git a/src/chrome/content/rules/PodVertise.xml b/src/chrome/content/rules/PodVertise.xml
index 6ca8c59f39de..5f4cd7553c0a 100644
--- a/src/chrome/content/rules/PodVertise.xml
+++ b/src/chrome/content/rules/PodVertise.xml
@@ -1,16 +1,13 @@
-<ruleset name="PodVertise" default_off="mismatch, self-signed">
+<ruleset name="PodVertise online.com" default_off="mismatch, self-signed">
 
 	<target host="podvertiseonline.com" />
 	<target host="www.podvertiseonline.com" />
 
 
-	<securecookie host="^www\.podvertiseonline\.com$" name=".+" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<!--	- !www 301s to www
-		- Cert: twelve.awardspace.com
-					-->
-	<rule from="^https?://(?:www\.)?podvertiseonline\.com/"
-		to="https://www.podvertiseonline.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Pod_Upti.me.xml b/src/chrome/content/rules/Pod_Upti.me.xml
new file mode 100644
index 000000000000..5455c3f60f1e
--- /dev/null
+++ b/src/chrome/content/rules/Pod_Upti.me.xml
@@ -0,0 +1,30 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .podupti.me
+
+
+	Mixed content:
+
+		- css from c807316.r16.cf2.rackcdn.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Pod Upti.me">
+
+	<target host="podupti.me" />
+	<target host="www.podupti.me" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.podupti\.me$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Podbean.com.xml b/src/chrome/content/rules/Podbean.com.xml
index 15be29de7c0f..eb1edd2087cf 100644
--- a/src/chrome/content/rules/Podbean.com.xml
+++ b/src/chrome/content/rules/Podbean.com.xml
@@ -1,19 +1,217 @@
+<!--
+	CDN buckets:
+
+		- s3.amazonaws.com/user-css.podbean.com/
+		- d8g345wuhgd7e.cloudfront.net
+		- deow9bq0xqvbj.cloudfront.net
+
+
+	Nonfunctional hosts in *podbean.com:
+
+		- support ʰ
+
+	ʰ Desk.com / redirects to http
+
+
+	Problematic hosts in *podbean.com:
+
+		- fs1 ᵐ
+		- img ᵐ
+		- imglogo ᵐ
+
+	ᵐ Cloudfront / mismatched
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- podbean.com
+		- .podbean.com
+		- patron.podbean.com
+		- sponsorship.podbean.com
+		- www.podbean.com
+		- (account_vhost).podbean.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css, on:
+
+			- brothersquarrel, catholicplaylist, comedynerdinterviewscomedians, daghewardmillsvideo, dccsouth, dutcher, dynastyplaybook, fateofheroes, friendsatthetable, gdjb, imsradio, jayscottoutdoors, leaguecast, lastwordfc, philhulettandfriends, popcultureninja, techteachers, thecigarauthority, truecrimegarage from fonts.googleapis.com ˢ
+			- catholicplaylist, comedynerdinterviewscomedians, dutcher, dynastyplaybook, fateofheroes, friendsatthetable, gdjb, imsradio, jayscottoutdoors, leaguecast, philhulettandfriends, popcultureninja, techteachers, thecigarauthority, truecrimegarage from www.podbean.com * ˢ
+
+		- Images, on:
+
+			- apqcpodcasts, blackagendaradio, brothersquarrel, catholicplaylist, everythingwentblack, infectiousmyth, insidethebrainof, jesusfilms, leaguecast, playerplaza, scrambledeggs, starwarskidscast, thefreudmuseum, timeshighered, vepodcast from www.podbean.com ˢ
+			- friendsatthetable from i.imgur.com ˢ
+			- catholicplaylist, comedynerdinterviewscomedians, fateofheroes, gdjb, leaguecast, playerplaza, popcultureninja, techteachers, thecigarauthority from deow9bq0xqvbj.cloudfront.net ˢ
+			- catholicplaylist, comedynerdinterviewscomedians, deepinscripture, fateofheroes, gdjb, jesusfilms, leaguecast, marylindow, philhulettandfriends, popcultureninja, ufcgymradio from $self ˢ
+			- catholicplaylist, comedynerdinterviewscomedians, fateofheroes, gdjb, leaguecast, marylindow, popcultureninja, ufcgymradio from s\d+.podbean.com ˢ
+			- deepinscripture from www.chnetwork.org
+			- imsradio from fs1.podbean.com ˢ
+			- jesusfilms from www.openheaven.org ᵐ
+			- jesusfilms from i\d+.photobucket.com ˢ
+			- marylindow from image01.netatlantic.com
+			- strongwoman from paleoparents.com ⁴
+
+		- favicon on friendsatthetable, njdep, philhulettandfriends, thefreudmuseum, wsfi from $self ˢ
+
+		- Bugs, on:
+
+			- apqcpodcasts from linkmaker.itunes.apple.com ˢ
+			- philhulettandfriends from www.tqlkg.com ˢ
+
+	* Only fonts
+	⁴ Unsecurable <= 404
+	ᵐ Not secured by us <= mismatched
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
 <ruleset name="Podbean.com (partial)">
 
 	<target host="podbean.com" />
 	<target host="*.podbean.com" />
+
+		<exclusion pattern="^http://(?:[^./]+\.){2,}podbean\.com/" />
+
+			<!--	+ve:
+					-->
+			<test url="http://this.host.podbean.com/" />
+			<test url="http://exists.not.podbean.com/" />
+
+		<exclusion pattern="^http://(?:img|imglogo|support)\.podbean\.com/" />
+
+			<!--	+ve:
+					-->
+			<test url="http://img.podbean.com/" />
+			<test url="http://imglogo.podbean.com/" />
+			<test url="http://support.podbean.com/" />
+
+		<!--	Direct rewrites:
+					-->
+		<test url="http://patron.podbean.com/" />
+		<test url="http://s101.podbean.com/pb/8895c7da9fcc31bd27d2a898711a837e/57dda7aa/data4/fs154/1158931/uploads/2016Reunion_MarshallPruett_821__737.jpg" />
+		<test url="http://s102.podbean.com/pb/0e4cc81221a407458fd12c83206d0b66/57ddee7a/data2/fs60/703131/uploads/GrahamStuart.jpg" />
+		<test url="http://s103.podbean.com/pb/d7722cd7b167cd66ab3d61f88f59b116/57ddb3ec/data2/fs73/725826/uploads/National_Hockey_League.jpg" />
+		<test url="http://s35.podbean.com/pb/98a9b2a2d9c977e18b16f8f03885a43a/57dddc90/data1/blogs1/627412/uploads/mm-coffee.png" />
+		<test url="http://s36.podbean.com/pb/53a7ac7e1cef228dd21c852d4015ec4b/57dda6c0/data2/fs174/873187/uploads/monique_inspires.jpg" />
+		<test url="http://s51.podbean.com/pb/3b79d642380171ca46f4d0f26eff49ee/57ddba56/data2/fs24/977910/uploads/youtube.jpg" />
+		<test url="http://s56.podbean.com/pb/3f13035dfe4a8e885bc1c7bde004cb5d/57dddd1f/data1/fs4/737498/uploads/Podbean-background.jpg" />
+		<test url="http://s58.podbean.com/pb/4ddd7d3a0bbb7bb50b901417754d6525/57ddb3e9/data1/fs73/725826/uploads/Ella_Mae_Wiggins.jpg" />
+		<test url="http://s59.podbean.com/pb/e73c4dfde6f42696ca9631106a5be27e/57ddb3e9/data2/fs73/725826/uploads/union_square.jpg" />
+		<test url="http://s61.podbean.com/pb/370f390621168c3fd163eddfd88a86d3/57ddb9b2/data1/fs94/116310/uploads/10665742_10152460822062218_4721846116973856477_n.jpg" />
+		<test url="http://s62.podbean.com/pb/3dc403e0200ca75f939b817fa1e7862f/57ddabf8/data2/fs105/703570/uploads/backgroundfornow.jpg" />
+		<test url="http://s63.podbean.com/pb/035e734148dbfc01699fc8fce254d71a/57ddb269/data1/fs17/766167/uploads/Booth_MR90_Square_Logo_.jpg" />
+		<test url="http://s65.podbean.com/pb/bb4faa7b06437696c2f3cad7bffff077/57dda6c0/data1/fs174/873187/uploads/omar_camp_2.jpg" />
+		<test url="http://s66.podbean.com/pb/a1203dfc9b9b4aa3d5fe294285ef8dcc/57dde970/data2/blogs60/797780/uploads/BadReviews4.jpg" />
+		<test url="http://s67.podbean.com/pb/ca31b0978154407c94a98a15e0b7a29e/57ddba56/data1/fs24/977910/uploads/website.jpg" />
+		<test url="http://s68.podbean.com/pb/8e1f90cb31fd890ea3a456319f324b7e/57ddb9b1/data2/fs94/116310/uploads/sg.jpg" />
+		<test url="http://s69.podbean.com/pb/4e25a8ccc123e50d7e443b07b3c73cfd/57ddb3e9/data2/fs73/725826/uploads/typo.jpg" />
+		<test url="http://s70.podbean.com/pb/c12f41b22c383f47d619a9c1825900f5/57ddb784/data4/fs104/1153110/uploads/Star_Trek_movie_logo_2009.jpg" />
+		<test url="http://s71.podbean.com/pb/affbc5046fc40043f8c7bc8d0a754fbd/57ddee7a/data2/fs60/703131/uploads/take_127.jpg" />
+		<test url="http://s72.podbean.com/pb/01bcc9f85fe3d2ee65258983a8f99eac/57ddb3e9/data2/fs73/725826/uploads/rolf.jpg" />
+		<test url="http://s73.podbean.com/pb/a755b1c3ea74c2e73670f88036f0aca8/57ddee79/data2/fs64/703131/uploads/caad_logo.png" />
+		<test url="http://s75.podbean.com/pb/aa8e175d0b95e6f960d8617bb4a75d66/57ddb2ff/data4/fs60/717321/uploads/IMG_7735.jpg" />
+		<test url="http://sponsorship.podbean.com/" />
+		<test url="http://www.podbean.com/" />
+
+		<!--	(accounts:)	-->
+		<test url="http://apqcpodcasts.podbean.com/" />
+		<test url="http://artandinspiration.podbean.com/" />
+		<test url="http://blackagendaradio.podbean.com/" />
+		<test url="http://brothersquarrel.podbean.com/" />
+		<test url="http://canvasonfbi.podbean.com/" />
+		<test url="http://catholicplaylist.podbean.com/" />
+		<test url="http://comedynerdinterviewscomedians.podbean.com/" />
+		<test url="http://daghewardmillsvideo.podbean.com/" />
+		<test url="http://dccsouth.podbean.com/" />
+		<test url="http://deepinscripture.podbean.com/" />
+		<test url="http://digitaldrift.podbean.com/" />
+		<test url="http://dutcher.podbean.com/" />
+		<test url="http://dynastyplaybook.podbean.com/" />
+		<test url="http://enagicxl.podbean.com/" />
+		<test url="http://everythingwentblack.podbean.com/" />
+		<test url="http://fantasyfootballinsiders.podbean.com/" />
+		<test url="http://fateofheroes.podbean.com/" />
+		<test url="http://floridagovcon.podbean.com/" />
+		<test url="http://friendsatthetable.podbean.com/" />
+		<test url="http://gamersunscripted.podbean.com/" />
+		<test url="http://gdjb.podbean.com/" />
+		<test url="http://genclix.podbean.com/" />
+		<test url="http://groovypodcast.podbean.com/" />
+		<test url="http://hiphoproundtable.podbean.com/" />
+		<test url="http://icology.podbean.com/" />
+		<test url="http://imsradio.podbean.com/" />
+		<test url="http://infectiousmyth.podbean.com/" />
+		<test url="http://insidethebrainof.podbean.com/" />
+		<test url="http://jayscottoutdoors.podbean.com/" />
+		<test url="http://jesuschristthatsfunny.podbean.com/" />
+		<test url="http://jesusfilms.podbean.com/" />
+		<test url="http://kalimandir.podbean.com/" />
+		<test url="http://ktic.podbean.com/" />
+		<test url="http://kvjshow.podbean.com/" />
+		<test url="http://laborhistoryin2.podbean.com/" />
+		<test url="http://lastwordfc.podbean.com/" />
+		<test url="http://leadlikejesus.podbean.com/" />
+		<test url="http://leaguecast.podbean.com/" />
+		<test url="http://leftyshow.podbean.com/" />
+		<test url="http://marshallpruett.podbean.com/" />
+		<test url="http://marylindow.podbean.com/" />
+		<test url="http://momentsofmagic.podbean.com/" />
+		<test url="http://multimediaweek.podbean.com/" />
+		<test url="http://nationalffa.podbean.com/" />
+		<test url="http://njdep.podbean.com/" />
+		<test url="http://philhulettandfriends.podbean.com/" />
+		<test url="http://playerplaza.podbean.com/" />
+		<test url="http://popcultureninja.podbean.com/" />
+		<test url="http://ptbnpop.podbean.com/" />
+		<test url="http://schoolofmovies.podbean.com/" />
+		<test url="http://scrambledeggs.podbean.com/" />
+		<test url="http://sfob.podbean.com/" />
+		<test url="http://sportsfeld.podbean.com/" />
+		<test url="http://squaredcirclegazette.podbean.com/" />
+		<test url="http://starwarskidscast.podbean.com/" />
+		<test url="http://stevegruber.podbean.com/" />
+		<test url="http://strongwoman.podbean.com/" />
+		<test url="http://techteachers.podbean.com/" />
+		<test url="http://thecigarauthority.podbean.com/" />
+		<test url="http://thefreudmuseum.podbean.com/" />
+		<test url="http://thehitmaker.podbean.com/" />
+		<test url="http://theroadbacktoyou.podbean.com/" />
+		<test url="http://timeshighered.podbean.com/" />
+		<test url="http://truecrimegarage.podbean.com/" />
+		<test url="http://ufcgymradio.podbean.com/" />
+		<test url="http://vepodcast.podbean.com/" />
+		<test url="http://wsfi.podbean.com/" />
+
+		<!--	Complications:
+					-->
+		<test url="http://fs1.podbean.com/themes/classic/images/bg-dark.png" />
 		<!--
-			At least media57 504s
+		<test url="http://img.podbean.com/itunes-logo/379300/IMG_3552.jpg" />
+		-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:(?:patron|sponsorship|www)\.)?podbean\.com$" name="^AWSELB$" /-->
+	<!--securecookie host="^\.podbean\.com$" name="^(?:__cfduid|__utm\w+|PHPSESSID|cf_clearance)$" /-->
+	<!--securecookie host="^(account_vhost)\.podbean\.com$" name="^(?:AWSELB|PHPSESSID)$" /-->
+
+	<securecookie host=".+" name=".+" />
 
-			Only hosts images & audio files
-							-->
-		<exclusion pattern="^http://media\d+\." />
 
+	<rule from="^http://fs1\.podbean\.com/"
+		to="https://d8g345wuhgd7e.cloudfront.net/" />
 
-	<securecookie host="^(?:.*\.)?podbean\.com$" name=".+" />
+	<!--rule from="^http://img\.podbean\.com/"
+		to="https://???.cloudfront.net/" /-->
 
+	<!--rule from="^http://imglogo\.podbean\.com/"
+		to="https://???.cloudfront.net/" /-->
 
-	<rule from="^http://(\w+\.)?podbean\.com/"
-		to="https://$1podbean.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Podcast.at.xml b/src/chrome/content/rules/Podcast.at.xml
index 6c3f71c3f284..8f8052898d05 100644
--- a/src/chrome/content/rules/Podcast.at.xml
+++ b/src/chrome/content/rules/Podcast.at.xml
@@ -1,21 +1,4 @@
-<!--
-	Nonfunctional domains:
-
-		- cdn.webstatics.net	(redirects to http; mismatched, CN: www.podcast.at)
-
-
-	Problematic domains:
-
-		- (www.)feedarea.de *
-		- podcast.at *
-
-	* Mismatched, CN: www.podcast.at
-
-
-	$ redirects to http.
-
--->
-<ruleset name="podcast.at (partial)">
+<ruleset name="podcast.at (partial)" default_off="plaintext reply">
 
 	<target host="feedarea.de" />
 	<target host="www.feedarea.de" />
diff --git a/src/chrome/content/rules/Poddery.xml b/src/chrome/content/rules/Poddery.xml
index c756e4678c54..400f8ba963a5 100644
--- a/src/chrome/content/rules/Poddery.xml
+++ b/src/chrome/content/rules/Poddery.xml
@@ -1,6 +1,17 @@
-<ruleset name="Poddery">
+<!--
+	Nonfunctional hosts in *poddery.com:
+
+		- save *
+
+	* Dropped
+
+-->
+<ruleset name="Poddery.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
   <target host="poddery.com" />
   <target host="www.poddery.com" />
 
-  <rule from="^http://(www\.)?poddery\.com/" to="https://poddery.com/" />
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/PoderPDA.xml b/src/chrome/content/rules/PoderPDA.xml
index 4c0d79c265c6..b5b6856236e6 100644
--- a/src/chrome/content/rules/PoderPDA.xml
+++ b/src/chrome/content/rules/PoderPDA.xml
@@ -1,13 +1,20 @@
-<ruleset name="PoderPDA">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://poderpda.com/ => https://poderpda.com/: Too many redirects while fetching 'https://poderpda.com/'
+Fetch error: http://www.poderpda.com/ => https://www.poderpda.com/: Too many redirects while fetching 'https://www.poderpda.com/'
+
+-->
+<ruleset name="PoderPDA" default_off="failed ruleset test">
 
 	<target host="poderpda.com" />
-	<target host="*.poderpda.com" />
+	<target host="accesorios.poderpda.com" />
+	<target host="www.poderpda.com" />
 
 
 	<securecookie host="^.*\.poderpda\.com$" name=".+" />
 
 
-	<rule from="^http://(accesorios\.|www\.)?poderpda\.com/"
-		to="https://$1poderpda.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Podhurl.com.xml b/src/chrome/content/rules/Podhurl.com.xml
new file mode 100644
index 000000000000..13184fa32433
--- /dev/null
+++ b/src/chrome/content/rules/Podhurl.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="Podhurl.com">
+	<target host="podhurl.com" />
+	<target host="www.podhurl.com" />
+	<target host="cdn.podhurl.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Podio.com.xml b/src/chrome/content/rules/Podio.com.xml
new file mode 100644
index 000000000000..5ffe3d7f9cc8
--- /dev/null
+++ b/src/chrome/content/rules/Podio.com.xml
@@ -0,0 +1,65 @@
+<!--
+	For other Citrix coverage, see Citrix.xml.
+
+
+	CDN buckets:
+
+		- d29j36x8cgfa9r.cloudfront.net
+		- dgyqr055mfays.cloudfront.net
+
+
+	Nonfunctional hosts in *podio.com:
+
+		- engineering *
+
+	* Refused
+
+
+	Problematic hosts in *podio.com:
+
+		- status *
+
+	* StatusPage.io/mismatched
+
+-->
+<ruleset name="Podio.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="podio.com" />
+	<target host="blog.podio.com" />
+	<target host="company.podio.com" />
+	<target host="developers.podio.com" />
+	<target host="help.podio.com" />
+	<target host="www.podio.com" />
+
+	<!--	Complications:
+				-->
+	<target host="status.podio.com" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://blog\.podio\.com/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://blog\.podio\.com/+(?!wp-content/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://blog.podio.com/2012/02/27/zendesk/" />
+			<test url="http://blog.podio.com/author/sharif/" />
+			<test url="http://blog.podio.com/de/" />
+
+			<!--	-ve:
+					-->
+			<test url="http://blog.podio.com/wp-content/themes/podionew/common/modules/icons/png/podio.png" />
+
+
+	<rule from="^http://status\.podio\.com/"
+		to="https://podio.statuspage.io/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Podnapisi.xml b/src/chrome/content/rules/Podnapisi.xml
new file mode 100644
index 000000000000..a52acbedc87d
--- /dev/null
+++ b/src/chrome/content/rules/Podnapisi.xml
@@ -0,0 +1,30 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- podnapisi.net
+		- www.podnapisi.net
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Podnapisi.NET">
+
+	<target host="podnapisi.net" />
+	<target host="www.podnapisi.net" />
+
+		<!--	Sets cookies without Secure:
+							-->
+		<!--test url="http://podnapisi.net/forum/ucp.php?mode=register" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?podnapisi\.net$" name="^phpbb3_\w+_(?:k|sid|u)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Podseed.org.xml b/src/chrome/content/rules/Podseed.org.xml
new file mode 100644
index 000000000000..a4ea83a87e67
--- /dev/null
+++ b/src/chrome/content/rules/Podseed.org.xml
@@ -0,0 +1,17 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://podseed.org/ => https://podseed.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.podseed.org/ => https://www.podseed.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://cache.podseed.org/ => https://cache.podseed.org/: (7, 'Failed to connect to cache.podseed.org port 443: No route to host')
+
+-->
+<ruleset name="Podseed.org" default_off="failed ruleset test">
+	<target host="podseed.org" />
+	<target host="www.podseed.org" />
+	<target host="master.podseed.org" />
+	<target host="cdn.podseed.org" />
+	<target host="cache.podseed.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Poesie-Francaise.fr.xml b/src/chrome/content/rules/Poesie-Francaise.fr.xml
new file mode 100644
index 000000000000..112fea8a5aa2
--- /dev/null
+++ b/src/chrome/content/rules/Poesie-Francaise.fr.xml
@@ -0,0 +1,8 @@
+<ruleset name="Poésie-Française.fr">
+	<target host="poesie-francaise.fr" />
+	<target host="www.poesie-francaise.fr" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Poets.org.xml b/src/chrome/content/rules/Poets.org.xml
index 704f7fe08baa..ce664f86c5ee 100644
--- a/src/chrome/content/rules/Poets.org.xml
+++ b/src/chrome/content/rules/Poets.org.xml
@@ -1,8 +1,10 @@
 <ruleset name="poets.org">
-  <target host="poets.org" />
-  <target host="www.poets.org" />
 
-  <rule from="^https?://poets\.org/"
-    to="https://www.poets.org/" />
-  <rule from="^http://www\.poets\.org/" to="https://www.poets.org/"/>
+	<target host="poets.org" />
+	<target host="www.poets.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/Pogo.xml b/src/chrome/content/rules/Pogo.xml
index 2f0ab41d8818..8c10e64fb84e 100644
--- a/src/chrome/content/rules/Pogo.xml
+++ b/src/chrome/content/rules/Pogo.xml
@@ -1,13 +1,15 @@
 <ruleset name="Pogo" platform="mixedcontent">
   <target host="pogo.com" />
-  <target host="*.pogo.com" />
+  <target host="www.pogo.com" />
+  <target host="help.pogo.com" />
+  <target host="cdn.pogo.com" />
 
   <exclusion pattern="http://www.pogo.com/avatar/edit.do" />
 
   <rule from="^http://(?:www\.)?pogo\.com/" to="https://www.pogo.com/"/>
-  <rule from="^http://help\.pogo\.com/" to="https://help.pogo.com/"/>
 
 	<rule from="^http://cdn\.pogo\.com/"
 		to="https://www.pogo.com/"/>
 
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Pogoplug.com.xml b/src/chrome/content/rules/Pogoplug.com.xml
deleted file mode 100644
index ee5293485ae6..000000000000
--- a/src/chrome/content/rules/Pogoplug.com.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- blog		(refused)
-		- support	(zendesk)
-
--->
-<ruleset name="Pogoplug.com (partial)">
-
-	<target host="pogoplug.com" />
-	<target host="*.pogoplug.com" />
-
-
-	<rule from="^http://(www\.)?pogoplug\.com/"
-		to="https://$1pogoplug.com/" />
-
-	<rule from="^http://support\.pogoplug\.com/(?=favicon\.ico|generated/|images/|static/)"
-		to="https://pogoplug.zendesk.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Point.im.xml b/src/chrome/content/rules/Point.im.xml
new file mode 100644
index 000000000000..f9d8baba4c09
--- /dev/null
+++ b/src/chrome/content/rules/Point.im.xml
@@ -0,0 +1,12 @@
+<ruleset name="Point.im">
+	<target host="point.im" />
+	<target host="*.point.im" />
+
+	<test url="http://point.im/" />
+	<test url="http://arts.point.im/" />
+	<test url="http://welcome.point.im/" />
+
+	<rule from="^http:"
+			to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Pointroll.xml b/src/chrome/content/rules/Pointroll.xml
index 9bdc4ac75cb0..5c6611fe46a2 100644
--- a/src/chrome/content/rules/Pointroll.xml
+++ b/src/chrome/content/rules/Pointroll.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://pointroll.com/ => https://pointroll.com/: (7, 'Failed to connect to pointroll.com port 443: Network is unreachable')
+
 	For other Gannett Company coverage, see Gannett-Company.xml.
 
 
@@ -8,10 +12,16 @@
 		- t
 
 -->
-<ruleset name="Pointroll">
+<ruleset name="Pointroll" default_off="failed ruleset test">
 
 	<target host="pointroll.com" />
-	<target host="*.pointroll.com" />
+	<target host="adportal.pointroll.com" />
+	<target host="ads.pointroll.com" />
+	<target host="blogs.pointroll.com" />
+	<target host="onpoint.pointroll.com" />
+	<target host="spd-s.pointroll.com" />
+	<target host="t.pointroll.com" />
+	<target host="www.pointroll.com" />
 
 
 	<!--	Set by ads:
@@ -20,7 +30,6 @@
 	<securecookie host="^(?:adportal|\.ads)\.pointroll\.com$" name=".+" />
 
 
-	<rule from="^http://((?:adportal|ads|blogs|onpoint|spd-s|t|www)\.)?pointroll\.com/"
-		to="https://$1pointroll.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/PointsHound.xml b/src/chrome/content/rules/PointsHound.xml
index bdeaaf6e46d2..d348ae77735b 100644
--- a/src/chrome/content/rules/PointsHound.xml
+++ b/src/chrome/content/rules/PointsHound.xml
@@ -1,13 +1,12 @@
 <ruleset name="PointsHound (partial)">
 
 	<target host="pointshound.com" />
-	<target host="*.pointshound.com" />
+	<target host="www.pointshound.com" />
 
 
 	<securecookie host="^(?:w*\.)?pointshound\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?pointshound\.com/"
-		to="https://$1pointshound.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Poivron.org.xml b/src/chrome/content/rules/Poivron.org.xml
new file mode 100644
index 000000000000..e9ff00813212
--- /dev/null
+++ b/src/chrome/content/rules/Poivron.org.xml
@@ -0,0 +1,29 @@
+<!--
+	Invalid certificate:
+		radiodragon.poivron.org
+		stop-masculinisme.poivron.org
+
+-->
+<ruleset name="Poivron.org">
+
+	<target host="poivron.org" />
+	<target host="www.poivron.org" />
+	<target host="baygonvert.poivron.org" />
+	<target host="bouh.poivron.org" />
+	<target host="cas-libres.poivron.org" />
+	<target host="dl.poivron.org" />
+	<target host="eizada.poivron.org" />
+	<target host="enfance-buissonniere.poivron.org" />
+	<target host="icarus.poivron.org" />
+	<target host="listes.poivron.org" />
+	<target host="pinkusaido.poivron.org" />
+	<target host="robotnicka.poivron.org" />
+	<target host="timult.poivron.org" />
+	<target host="ttf.poivron.org" />
+	<target host="typonpatate.poivron.org" />
+	<target host="remuernotremerde.poivron.org" />
+	<target host="sundancekids.poivron.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Poivy.com.xml b/src/chrome/content/rules/Poivy.com.xml
index e61f91978323..428bbc0c2aa5 100644
--- a/src/chrome/content/rules/Poivy.com.xml
+++ b/src/chrome/content/rules/Poivy.com.xml
@@ -1,6 +1,13 @@
+<!--
+	Refused:
+		versions.poivy.com
+
+-->
 <ruleset name="Poivy.com">
-  <target host="poivy.com" />
-  <target host="www.poivy.com" />
 
-  <rule from="^http://(?:www\.)?poivy\.com/" to="https://www.poivy.com/" />
+	<target host="poivy.com" />
+	<target host="www.poivy.com" />
+
+	<rule from="^http:" to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/Pokaa.fr.xml b/src/chrome/content/rules/Pokaa.fr.xml
new file mode 100644
index 000000000000..25029bcc8ddb
--- /dev/null
+++ b/src/chrome/content/rules/Pokaa.fr.xml
@@ -0,0 +1,13 @@
+<!--
+	Invalid certificate:
+		flaks.pokaa.fr
+
+-->
+<ruleset name="Pokaa.fr">
+
+	<target host="pokaa.fr" />
+	<target host="www.pokaa.fr" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PokeCommunity.com.xml b/src/chrome/content/rules/PokeCommunity.com.xml
new file mode 100644
index 000000000000..71a73fdc04e2
--- /dev/null
+++ b/src/chrome/content/rules/PokeCommunity.com.xml
@@ -0,0 +1,42 @@
+<!--
+	Mismatched:
+		- autoconfig
+		- autodiscover
+		- autodiscover.daily
+		- autodiscover.development
+		- ftp
+		- go
+		- ns2
+		- server
+		- whm
+
+	Self-signed:
+		- cbc
+		- mail.cbc
+		- ns1
+-->
+<ruleset name="PokeCommunity.com">
+	<target host="pokecommunity.com" />
+	<target host="www.pokecommunity.com" />
+	<target host="cpanel.pokecommunity.com" />
+	<target host="daily.pokecommunity.com" />
+	<target host="www.daily.pokecommunity.com" />
+	<target host="cpanel.daily.pokecommunity.com" />
+	<target host="mail.daily.pokecommunity.com" />
+	<target host="webdisk.daily.pokecommunity.com" />
+	<target host="webmail.daily.pokecommunity.com" />
+	<target host="development.pokecommunity.com" />
+	<target host="cpanel.development.pokecommunity.com" />
+	<target host="dl.development.pokecommunity.com" />
+	<target host="www.dl.development.pokecommunity.com" />
+	<target host="mail.development.pokecommunity.com" />
+	<target host="webdisk.development.pokecommunity.com" />
+	<target host="webmail.development.pokecommunity.com" />
+	<target host="mail.pokecommunity.com" />
+	<target host="staff.pokecommunity.com" />
+	<target host="www.staff.pokecommunity.com" />
+	<target host="webdisk.pokecommunity.com" />
+	<target host="webmail.pokecommunity.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Pokemon_World_Online.xml b/src/chrome/content/rules/Pokemon_World_Online.xml
index c3805bd8cc7d..a321c4fe0017 100644
--- a/src/chrome/content/rules/Pokemon_World_Online.xml
+++ b/src/chrome/content/rules/Pokemon_World_Online.xml
@@ -1,13 +1,23 @@
-<ruleset name="Pokémon World Online">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://pokemon-world-online.net/ => https://pokemon-world-online.net/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://forum.pokemon-world-online.net/ => https://forum.pokemon-world-online.net/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.pokemon-world-online.net/ => https://www.pokemon-world-online.net/: (28, 'Connection timed out after 20001 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://pokemon-world-online.net/ => https://pokemon-world-online.net/: (28, 'Connection timed out after 10001 milliseconds')
+-->
+<ruleset name="Pokémon World Online" default_off="failed ruleset test">
 
 	<target host="pokemon-world-online.net" />
-	<target host="*.pokemon-world-online.net" />
+	<target host="forum.pokemon-world-online.net" />
+	<target host="www.pokemon-world-online.net" />
 
 
 	<securecookie host="^\.(?:forum\.)?pokemon-world-online\.net$" name=".+" />
 
 
-	<rule from="^http://(forum\.|www\.)?pokemon-world-online\.net/"
-		to="https://$1pokemon-world-online.net/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Pokemonshowdown.com.xml b/src/chrome/content/rules/Pokemonshowdown.com.xml
new file mode 100644
index 000000000000..2a2928c9931a
--- /dev/null
+++ b/src/chrome/content/rules/Pokemonshowdown.com.xml
@@ -0,0 +1,11 @@
+<!--
+	Nonfunctional subdomains:
+
+		- (www.)	(redirects to http, valid cert)
+-->
+<ruleset name="Pokémon Showdown (partial)">
+	<target host="play.pokemonshowdown.com" />
+	<target host="replay.pokemonshowdown.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Poky.xml b/src/chrome/content/rules/Poky.xml
index 7d9f3001e1f4..0a73e979a97e 100644
--- a/src/chrome/content/rules/Poky.xml
+++ b/src/chrome/content/rules/Poky.xml
@@ -1,14 +1,23 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://pokylinux.org/ => https://pokylinux.org/: (51, "SSL: no alternative certificate subject name matches target host name 'pokylinux.org'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://pokylinux.org/ => https://pokylinux.org/: (51, "SSL: no alternative certificate subject name matches target host name 'pokylinux.org'")
 	For other Linux Foundation coverage, see LinuxFoundation.xml.
 
 -->
-<ruleset name="Poky">
+<ruleset name="Poky" default_off="failed ruleset test">
 
 	<target host="pokylinux.org" />
-	<target host="*.pokylinux.org" />
+	<target host="bugzilla.pokylinux.org" />
+	<target host="git.pokylinux.org" />
+	<target host="lists.pokylinux.org" />
+	<target host="wiki.pokylinux.org" />
+	<target host="www.pokylinux.org" />
 
 
-	<rule from="^http://((?:bugzilla|git|lists|wiki|www)\.)?pokylinux\.org/"
-		to="https://$1pokylinux.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Pol.dk.xml b/src/chrome/content/rules/Pol.dk.xml
new file mode 100644
index 000000000000..a7d32244ec5d
--- /dev/null
+++ b/src/chrome/content/rules/Pol.dk.xml
@@ -0,0 +1,15 @@
+<!--
+	For other Politiken coverage, see Politiken.dk.xml.
+
+	Note: A valid certificate exists and used to be used
+	on multimedia.pol.dk, which currently refuses connections.
+
+-->
+<ruleset name="Pol.dk (broken)" default_off="refused">
+
+	<target host="multimedia.pol.dk" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Polar.me.xml b/src/chrome/content/rules/Polar.me.xml
new file mode 100644
index 000000000000..25b2174fb8af
--- /dev/null
+++ b/src/chrome/content/rules/Polar.me.xml
@@ -0,0 +1,18 @@
+<ruleset name="Polar Mobile">
+
+	<!-- polar.me serves an untrusted cert -->
+	<target host="mediavoice.com" />
+	<target host="cdn.mediavoice.com" />
+	<target host="plugin.mediavoice.com" />
+
+		<!--	$ 403s, so:
+					-->
+		<test url="http://cdn.mediavoice.com/nativeads/script/digitalmediaservicesdubai/KoooraMobileSiteMediavoice.js" />
+
+		<test url="http://plugin.mediavoice.com/plugin.js" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PolarSSL.xml b/src/chrome/content/rules/PolarSSL.xml
index 90bb54a37e2e..66f4a182c03c 100644
--- a/src/chrome/content/rules/PolarSSL.xml
+++ b/src/chrome/content/rules/PolarSSL.xml
@@ -1,13 +1,12 @@
+<!--
+	Expired:
+		- www
+-->
 <ruleset name="PolarSSL">
-
 	<target host="polarssl.org" />
-	<target host="www.polarssl.org" />
-
 
 	<securecookie host="^polarssl\.org$" name=".+" />
 
-
-	<rule from="^http://(?:www\.)?polarssl\.org/"
-		to="https://polarssl.org/" />
-
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PolarnoPyret.se.xml b/src/chrome/content/rules/PolarnoPyret.se.xml
index ff586c8d5ea1..476ba5385487 100644
--- a/src/chrome/content/rules/PolarnoPyret.se.xml
+++ b/src/chrome/content/rules/PolarnoPyret.se.xml
@@ -1,4 +1,3 @@
-<!-- polarnopyret.se sells clothes for small children. -->
 <ruleset name="PolarnoPyret.se">
 	<target host="polarnopyret.se" />
 	<target host="www.polarnopyret.se" />
diff --git a/src/chrome/content/rules/PoliceUK.xml b/src/chrome/content/rules/PoliceUK.xml
new file mode 100644
index 000000000000..32c7dafee3f4
--- /dev/null
+++ b/src/chrome/content/rules/PoliceUK.xml
@@ -0,0 +1,35 @@
+<!--
+  For Police.uk
+
+    Works:
+
+      - www
+
+    Timeout:
+
+      - $
+
+    Individual rulesets can be found for:
+
+      - AvonandSomersetConstabulary.xml
+      - CambridgeshireConstabulary.xml
+      - CityofLondonPolice.xml
+      - ClevelandPolice.xml
+      - CumbriaConstabulary.xml
+      - DevonandCornwallPolice.xml
+      - DurhamConstabulary.xml
+      - EssexPolice.xml
+      - GloucestershireConstabulary.xml
+      - HertfordshireConstabulary.xml
+      - LeicestershirePolice.xml
+      - StaffordshirePolice.xml
+      - WarwickshirePolice.xml
+      - WestMerciaPolice.xml
+      - WestMidlandsPolice.xml
+-->
+<ruleset name="Police UK">
+	<target host="police.uk" />
+	<target host="www.police.uk" />
+
+  <rule from="^http://(www\.)?police\.uk/" to="https://www.police.uk/" />
+</ruleset>
diff --git a/src/chrome/content/rules/Police_Mutual.xml b/src/chrome/content/rules/Police_Mutual.xml
index a7d7efaa8c94..fbddbba64d79 100644
--- a/src/chrome/content/rules/Police_Mutual.xml
+++ b/src/chrome/content/rules/Police_Mutual.xml
@@ -6,7 +6,8 @@
 <ruleset name="Police Mutual (partial)">
 
 	<target host="policemutual.co.uk" />
-	<target host="*.policemutual.co.uk" />
+	<target host="www.policemutual.co.uk" />
+	<target host="survey.policemutual.co.uk" />
 
 
 	<securecookie host="^survey\.policemutual\.co\.uk$" name=".+" />
@@ -18,4 +19,4 @@
 	<rule from="^http://survey\.policemutual\.co\.uk/"
 		to="https://survey.policemutual.co.uk/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Policia.es.xml b/src/chrome/content/rules/Policia.es.xml
index 4ba709dda4ec..463d9d259c4d 100644
--- a/src/chrome/content/rules/Policia.es.xml
+++ b/src/chrome/content/rules/Policia.es.xml
@@ -1,6 +1,20 @@
-<ruleset name="Policia.es" default_off="Cert warning">
-  <target host="policia.es" />
-  <target host="www.policia.es" />
+<!--
 
-  <rule from="^http://(?:www\.)?policia\.es/" to="https://www.policia.es/" />
+	Problematic hosts in *policia.es:
+
+		- ocsp (no https)
+		- pki (no https)
+		- prensa (no https)
+		- servicioselectronicos (mismatched)
+		- correocnp (self-signed)
+		- w6 (self-signed)
+		- webpol (self-signed)
+
+-->
+<ruleset name="Policia.es">
+	<target host="policia.es" />
+	<target host="www.policia.es" />
+	<target host="denuncias.policia.es" />
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/PolicyMic.xml b/src/chrome/content/rules/PolicyMic.xml
index 9b93d48a4f73..8acf7f4322d5 100644
--- a/src/chrome/content/rules/PolicyMic.xml
+++ b/src/chrome/content/rules/PolicyMic.xml
@@ -1,4 +1,10 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://policymic.com/ => https://policymic.com/: (51, "SSL: no alternative certificate subject name matches target host name 'policymic.com'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://policymic.com/ => https://policymic.com/: (7, 'Failed to connect to mic.com port 443: Connection timed out')
 	CDN buckets:
 
 		- d12x6n4r5ixux3.cloudfront.net
@@ -9,18 +15,29 @@
 
 			- media2.policymic.com
 
+
+	Mixed content:
+
+		- Images, from:
+
+			- thumbs *
+
+	* Secured by us
+
 -->
-<ruleset name="PolicyMic">
+<ruleset name="PolicyMic" default_off="failed ruleset test">
 
 	<target host="policymic.com" />
-	<target host="*.policymic.com" />
+	<target host="static.policymic.com" />
+	<target host="thumbs.policymic.com" />
+	<target host="www.policymic.com" />
+	<target host="media1.policymic.com" />
+	<target host="media2.policymic.com" />
 
 
 	<securecookie host="^\.policymic\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?policymic\.com/"
-		to="https://$1policymic.com/" />
 
 	<rule from="^http://media1\.policymic\.com/"
 		to="https://d12x6n4r5ixux3.cloudfront.net/" />
@@ -28,4 +45,5 @@
 	<rule from="^http://media2\.policymic\.com/"
 		to="https://d3hpe7wwfhob7t.cloudfront.net/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Policy_Review.info.xml b/src/chrome/content/rules/Policy_Review.info.xml
new file mode 100644
index 000000000000..bba77d719cdf
--- /dev/null
+++ b/src/chrome/content/rules/Policy_Review.info.xml
@@ -0,0 +1,20 @@
+<!--
+	Mixed content:
+
+		- css from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Policy Review.info">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="policyreview.info" />
+	<target host="www.policyreview.info" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Poliisi.fi.xml b/src/chrome/content/rules/Poliisi.fi.xml
index 3e2a6d498065..72d315e06e7c 100644
--- a/src/chrome/content/rules/Poliisi.fi.xml
+++ b/src/chrome/content/rules/Poliisi.fi.xml
@@ -1,6 +1,6 @@
-<ruleset name="Poliisi.fi">
+<ruleset name="Poliisi.fi" platform="mixedcontent">
   <target host="poliisi.fi" />
   <target host="www.poliisi.fi" />
 
-  <rule from="^http://(?:www\.)?poliisi\.fi/" to="https://poliisi.fi/"/>
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Polisen.se.xml b/src/chrome/content/rules/Polisen.se.xml
new file mode 100644
index 000000000000..d7ca648c65c8
--- /dev/null
+++ b/src/chrome/content/rules/Polisen.se.xml
@@ -0,0 +1,17 @@
+<!--
+	Incomplete certificate chain:
+		- anmalan
+
+	Travis issues, target itself works:
+		- etjanster
+-->
+<ruleset name="Polisen.se">
+	<target host="polisen.se" />
+	<target host="www.polisen.se" />
+	<target host="cert.polisen.se" />
+	<target host="nfc.polisen.se" />
+	<target host="reserv.polisen.se" />
+	<target host="upphandling.polisen.se" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Polit.ru.xml b/src/chrome/content/rules/Polit.ru.xml
new file mode 100644
index 000000000000..39c51dab8e1c
--- /dev/null
+++ b/src/chrome/content/rules/Polit.ru.xml
@@ -0,0 +1,16 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://polit.ru/ => https://polit.ru/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.polit.ru/ => https://polit.ru/: (60, 'SSL certificate problem: certificate has expired')
+www. mismatch
+admin. mismatch-->
+<ruleset name="Polit.ru" default_off="failed ruleset test">
+	<target host="polit.ru" />
+	<target host="www.polit.ru" />
+
+	<rule from="^http://www\.polit\.ru/"
+		to="https://polit.ru/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PolitiFact.xml b/src/chrome/content/rules/PolitiFact.xml
index 108bbbdb6621..a04d11d5c6bf 100644
--- a/src/chrome/content/rules/PolitiFact.xml
+++ b/src/chrome/content/rules/PolitiFact.xml
@@ -1,27 +1,10 @@
-<!--
-	CDN buckets:
-
-		- s3.amazonaws.com/static.politifact.com/
-
-
-	Nonfunctional subdomains:
-
-		- (www.)
-
--->
 <ruleset name="PolitiFact (partial)">
 
-	<target host="*.politifact.com" />
-
-
-
-	<securecookie host="^\.politifact\.com$" name="^s_vi$" />
-
-
-	<rule from="^https?://metric\.politifact\.com/"
-		to="https://stpetersburgtimes.122.2o7.net/" />
+	<target host="politifact.com" />
+	<target host="www.politifact.com" />
+	<target host="metric.politifact.com" />
+	<target host="static.politifact.com" />
 
-	<rule from="^https?://static\.politifact\.com/"
-		to="https://s3.amazonaws.com/static.politifact.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Political-TV-Ad-Archive.xml b/src/chrome/content/rules/Political-TV-Ad-Archive.xml
new file mode 100644
index 000000000000..9070a7af56fb
--- /dev/null
+++ b/src/chrome/content/rules/Political-TV-Ad-Archive.xml
@@ -0,0 +1,20 @@
+<!--
+
+	For other Internet Archive coverage, see Internet-Archive.xml
+
+
+	Problematic domains:
+
+	- beta.politicaladarchive.org (invalid certificate)
+
+-->
+<ruleset name="Political TV Ad Archive">
+
+	<target host="politicaladarchive.org" />
+	<target host="www.politicaladarchive.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Political_Compass.org.xml b/src/chrome/content/rules/Political_Compass.org.xml
new file mode 100644
index 000000000000..53906c875de9
--- /dev/null
+++ b/src/chrome/content/rules/Political_Compass.org.xml
@@ -0,0 +1,21 @@
+<!--
+	Mixed content:
+
+		- css from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Political Compass.org">
+
+	<target host="politicalcompass.org" />
+	<target host="www.politicalcompass.org" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Political_Wire.com.xml b/src/chrome/content/rules/Political_Wire.com.xml
index ec152c6243e6..013375a9e358 100644
--- a/src/chrome/content/rules/Political_Wire.com.xml
+++ b/src/chrome/content/rules/Political_Wire.com.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(?:www\.)?politicalwire\.com/"
 		to="https://politicalwire.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Politico.xml b/src/chrome/content/rules/Politico.xml
index 3a6af8d04926..93cc3dff1cb1 100644
--- a/src/chrome/content/rules/Politico.xml
+++ b/src/chrome/content/rules/Politico.xml
@@ -1,41 +1,34 @@
 <!--
-	!functional subdomains:
-		- avatar	(data not on images nor www)
-		- find		(timeout)
-
-	matches:	(www.)politicopro.com
+	Other Politico rulesets:
+		+ Politico_Pro.com.xml
+
+	Non-functional hosts
+		Timeout was reached:
+		- login.politico.com
+		- origin-www.politico.com
+
+		SSL peer certificate was not OK:
+		- focus.politico.com
+		- tk.politico.com
+
+		4xx client error:
+		- images.politico.com
+		- rss.politico.com
+		- static3.politico.com
 -->
-<ruleset name="Politico (partial)" default_off="mismatch">
-
-	<!--	cert: Akamai	-->
-	<target host="politico.com"/>
-	<target host="*.politico.com"/>
-		<!--	avatar: 404; data not on images nor www.
-			dyn: timeout
-			find: ditto
-			www2: ditto		-->
-		<exclusion pattern="^http://(avatar|dyn|find|www2)\."/>
-
-
-	<!--	encountered cookies:
-			- ^.
-			- dyn
-			- find
-			- jobs	-->
-	<securecookie host="^(jobs)?\.politico\.com$" name=".*"/>
-
-
-	<rule from="^http://politico\.com/"
-		to="https://www.politico.com/"/>
-
-	<rule from="^http://(images|www)\.politico\.com/"
-		to="https://$1.politico.com/"/>
-
-	<!--	cert: *.jobtarget.com
-		Not at:
-			- politico.jobtarget.com
-			- www.jobtarget.com/politico/	-->
-	<rule from="^http://jobs\.politico\.com/"
-		to="https://jobs.politico.com/"/>
-
+<ruleset name="Politico.com (partial)">
+	<target host="politico.com" />
+	<target host="www.politico.com" />
+	<target host="design.politico.com" />
+	<target host="go.politico.com" />
+	<target host="qablue.ops.politico.com" />
+	<target host="secure.politico.com" />
+	<target host="static.politico.com" />
+	<test url="http://static.politico.com/ac/aa/9226248b44f0846616bfac182b22/logo-politicopro-200x2.png" />
+	<test url="http://static.politico.com/ba/ac/b50c1f104e1bbf185e73058bb8fb/secureicons4.png" />
+	<target host="vpn.politico.com" />
+	
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Politico_Pro.com.xml b/src/chrome/content/rules/Politico_Pro.com.xml
new file mode 100644
index 000000000000..83c2674e4e19
--- /dev/null
+++ b/src/chrome/content/rules/Politico_Pro.com.xml
@@ -0,0 +1,33 @@
+<!--
+	For other Politico coverage, see Politico.xml.
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- .politicopro.com
+		- www.politicopro.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Politico Pro.com"
+	default_off="webmaster request">
+
+	<target host="politicopro.com" />
+	<target host="images.politicopro.com" />
+	<target host="info.politicopro.com" />
+	<target host="www.politicopro.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.politicopro\.com$" name="^(CFGLOBALS|CFID|CFTOKEN)$" /-->
+	<!--securecookie host="^www\.politicopro\.com$" name="^REDIRECT_URL$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PoliticsHome.com.xml b/src/chrome/content/rules/PoliticsHome.com.xml
new file mode 100644
index 000000000000..c9bc86dbbca7
--- /dev/null
+++ b/src/chrome/content/rules/PoliticsHome.com.xml
@@ -0,0 +1,21 @@
+<!--
+	Mixed content:
+
+		- Images from res.cloudinary.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="PoliticsHome.com">
+
+	<target host="politicshome.com" />
+	<target host="www.politicshome.com" />
+
+
+	<securecookie host="^\." name="^_ga" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Politiken.dk.xml b/src/chrome/content/rules/Politiken.dk.xml
index a748514f0e65..a0ea3405adac 100644
--- a/src/chrome/content/rules/Politiken.dk.xml
+++ b/src/chrome/content/rules/Politiken.dk.xml
@@ -1,14 +1,35 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://politiken.dk/ => https://politiken.dk/: Too many redirects while fetching 'https://politiken.dk/'
+Fetch error: http://www.politiken.dk/ => https://www.politiken.dk/: Too many redirects while fetching 'https://www.politiken.dk/'
+
+	Other Politiken rulesets:
+
+		- Pol.dk.xml
+
+
 	Nonfunctional subdomains:
 
-		- eavis *
+		- eavis ¹
 		- kundecenter *
 		- kundecentertest *
+		- labs *
+		- soejle3cache *
 		- subtest *
 		- tildoeren *
-		- web		(refused)
+		- web *
+		- weekly *
 
-	* Times out
+	* Connection timed out
+
+	Problematic subdomains:
+
+		- boligmarked ¹
+		- nyhedsbreve ²
+
+	¹ No content; mismatched, CN: *.boligsiden.dk
+	² Works; mismatched, CN: *.peytz.dk
 
 
 	Partially covered subdomains:
@@ -18,19 +39,61 @@
 
 	* Some pages redirect to http
 
+
+	Insecure cookies are set for these hosts:
+
+		- plus.politiken.dk
+		- shop.politiken.dk
+
+
+	Mixed content:
+
+		- Images on nyhedsbreve from $self ¹
+
+		- Ads on ^ from ads.creative-serving.com *
+
+	¹ Not secured by us <= mismatched
+	* Secured by us
+
 -->
-<ruleset name="Politiken.dk (partial)">
+<ruleset name="Politiken.dk (mixed content)" default_off="failed ruleset test">
 
-	<target host="multimedia.pol.dk" />
+	<!--	Direct rewrites:
+				-->
 	<target host="politiken.dk" />
-	<target host="*.politiken.dk" />
-		<exclusion pattern="^http://(?:plus|shop)\.politiken\.dk/(?!Css/|[iI]mages/|Uploaded/)" />
+	<target host="plus.politiken.dk" />
+	<target host="shop.politiken.dk" />
+	<target host="www.politiken.dk" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://(plus|shop)\.politiken\.dk/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://(?:plus|shop)\.politiken\.dk/(?!Css/|[iI]mages/|Uploaded/|favicon\.ico)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://plus.politiken.dk/arrangementer" />
+			<test url="http://plus.politiken.dk/galleri" />
+			<test url="http://shop.politiken.dk/Abonnement_i_udlandet/" />
+			<test url="http://shop.politiken.dk/Eavis/" />
+
+			<!--	-ve:
+					-->
+			<test url="http://plus.politiken.dk/Css/reset.css" />
+			<test url="http://plus.politiken.dk/Images/bg_linkArrows.gif" />
+			<test url="http://plus.politiken.dk/favicon.ico" />
+			<test url="http://shop.politiken.dk/favicon.ico" />
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(plus|shop)\.politiken\.dk$" name="^(ASP.NET_SessionId|Commerce_TestPersistentCookie|Commerce_TestSessionCookie|PolCurrentURL)$" /-->
 
-	<rule from="^http://multimedia\.pol\.dk/"
-		to="https://multimedia.pol.dk/" />
 
-	<rule from="^http://((?:plus|shop|www)\.)?politiken\.dk/"
-		to="https://$1politiken.dk/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Politisktinkorrekt.info.xml b/src/chrome/content/rules/Politisktinkorrekt.info.xml
deleted file mode 100644
index 9ae5c7a24078..000000000000
--- a/src/chrome/content/rules/Politisktinkorrekt.info.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="politisktinkorrekt.info">
-  <target host="politisktinkorrekt.info" />
-  <rule from="^http://politisktinkorrekt\.info/" to="https://politisktinkorrekt.info/"/>
-  <rule from="^http://www\.politisktinkorrekt\.info/" to="https://politisktinkorrekt.info/"/>
-</ruleset>
-
diff --git a/src/chrome/content/rules/Polity.co.uk.xml b/src/chrome/content/rules/Polity.co.uk.xml
new file mode 100644
index 000000000000..dd8c7fa1ae61
--- /dev/null
+++ b/src/chrome/content/rules/Polity.co.uk.xml
@@ -0,0 +1,28 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.polity.co.uk/ => https://www.polity.co.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'www.polity.co.uk'")
+
+	Insecure cookies are set for these hosts:
+
+		- www.polity.co.uk
+
+-->
+<ruleset name="Polity.co.uk" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.polity.co.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.polity\.co\.uk$" name="^(?:ASPSESSIONID[A-Z]{8}$|BIGipServer)" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Polk.xml b/src/chrome/content/rules/Polk.xml
index ec8b0dca32f6..6f21575f5f2c 100644
--- a/src/chrome/content/rules/Polk.xml
+++ b/src/chrome/content/rules/Polk.xml
@@ -1,9 +1,19 @@
-<ruleset name="Polk">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://polk.com/ => https://www.polk.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.polk.com/ => https://www.polk.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://polk.com/ => https://www.polk.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.polk.com/ => https://www.polk.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+-->
+<ruleset name="Polk" default_off="failed ruleset test">
 
 	<target host="polk.com"/>
 	<target host="www.polk.com"/>
 
-	<securecookie host="^(.*\.)?polk\.com$" name=".*"/>
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http://(?:www\.)?polk\.com/"
 		to="https://www.polk.com/"/>
diff --git a/src/chrome/content/rules/Pollen.cl.xml b/src/chrome/content/rules/Pollen.cl.xml
new file mode 100644
index 000000000000..b4d52d18f49d
--- /dev/null
+++ b/src/chrome/content/rules/Pollen.cl.xml
@@ -0,0 +1,12 @@
+<!--
+	Invalid certificate:
+		www.pollen.cl
+
+-->
+<ruleset name="Pollen.cl">
+
+	<target host="pollen.cl" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Pollen_Diary.com.xml b/src/chrome/content/rules/Pollen_Diary.com.xml
new file mode 100644
index 000000000000..122799f09e87
--- /dev/null
+++ b/src/chrome/content/rules/Pollen_Diary.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="Pollen Diary.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="pollendiary.com" />
+	<target host="www.pollendiary.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Polleninfo.org.xml b/src/chrome/content/rules/Polleninfo.org.xml
new file mode 100644
index 000000000000..7e2664d06bb9
--- /dev/null
+++ b/src/chrome/content/rules/Polleninfo.org.xml
@@ -0,0 +1,32 @@
+<!--
+	Nonfunctional hosts in *polleninfo.org:
+
+		- eas *
+
+	* Redirects to www.eas
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.polleninfo.org
+
+-->
+<ruleset name="polleninfo.org (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="polleninfo.org" />
+	<target host="www.polleninfo.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.polleninfo\.org$" name="^(PHPSESSID|fe_typo_user)$" /-->
+
+	<securecookie host="^www\.polleninfo\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Pollenwarndienst.at.xml b/src/chrome/content/rules/Pollenwarndienst.at.xml
new file mode 100644
index 000000000000..0b2a786df934
--- /dev/null
+++ b/src/chrome/content/rules/Pollenwarndienst.at.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- www.pollenwarndienst.at
+
+-->
+<ruleset name="Pollenwarndienst.at">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="pollenwarndienst.at" />
+	<target host="www.pollenwarndienst.at" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.pollenwarndienst\.at$" name="^(PHPSESSID|fe_typo_user)$" /-->
+
+	<securecookie host="^www\.pollenwarndienst\.at$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Poloniex.com.xml b/src/chrome/content/rules/Poloniex.com.xml
new file mode 100644
index 000000000000..7bd64be0a600
--- /dev/null
+++ b/src/chrome/content/rules/Poloniex.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .poloniex.com
+
+-->
+<ruleset name="Poloniex.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="poloniex.com" />
+	<target host="www.poloniex.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.poloniex\.com$" name="^(?:__cfduid|cf_clearance)$$" /-->
+
+	<securecookie host="^\.poloniex\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Polskie_Radio.pl-mixedcontent.xml b/src/chrome/content/rules/Polskie_Radio.pl-mixedcontent.xml
new file mode 100644
index 000000000000..d01153676db4
--- /dev/null
+++ b/src/chrome/content/rules/Polskie_Radio.pl-mixedcontent.xml
@@ -0,0 +1,16 @@
+<!--
+	For rules not causing MCB, see Polskie_Radio.pl.xml.
+
+-->
+<ruleset name="Polskie Radio.pl (mixed content)" platform="mixedcontent">
+
+	<target host="redaktorext.polskieradio.pl" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Polskie_Radio.pl.xml b/src/chrome/content/rules/Polskie_Radio.pl.xml
new file mode 100644
index 000000000000..21deba8923ce
--- /dev/null
+++ b/src/chrome/content/rules/Polskie_Radio.pl.xml
@@ -0,0 +1,68 @@
+<!--
+	For rules causing MCB, see Polskie_Radio.pl-mixedcontent.xml.
+
+	Other Polskie Radio rulesets:
+
+		- PR_SA.pl.xml
+
+
+	Nonfunctional hosts in *polskieradio.pl:
+
+		- (www.)? ʰ
+		- bilety ʰ
+		- external ʰ
+		- forum ʰ
+		- moje ʰ
+		- reklama ʰ
+		- reportaz ʰ
+		- studia ʰ
+		- szkolenia ʰ
+		- teatr ʰ
+
+	ʰ Redirects to http
+
+
+	Problematic hosts in *polskieradio.pl:
+
+		- redaktorext ˣ
+
+	ˣ Mixed content
+
+
+	Mixed content:
+
+		- css, on:
+
+			- redaktorext from external.polskieradio.pl ʰ
+			- redaktorext from $self ˢ
+
+		- Images, on:
+
+			- redaktorext from moje.polskieradio.pl ʰ
+			- redaktorext, sklep from $self ˢ
+
+		- Bugs, on:
+
+			- redaktorext from www.facebook.com ˢ
+			- redaktorext from diff3.smartadserver.com ˢ
+
+	ˢ Secured by us
+	ʰ Unsecurable <= redirects to http
+
+-->
+<ruleset name="Polskie Radio.pl (partial)">
+
+	<target host="embed.polskieradio.pl" />
+	<!--target host="redaktorext.polskieradio.pl" /-->
+	<target host="sklep.polskieradio.pl" />
+	<target host="static.polskieradio.pl" />
+	<target host="www2.polskieradio.pl" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Poly.edu.xml b/src/chrome/content/rules/Poly.edu.xml
index a3bfd3b480f5..0b666509c43c 100644
--- a/src/chrome/content/rules/Poly.edu.xml
+++ b/src/chrome/content/rules/Poly.edu.xml
@@ -1,16 +1,72 @@
-<!-- This rule was automatically generated based on an HSTS
-     preload rule in the Chromium browser.  See
-     https://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.h
-     for the list of preloads.  Sites are added to the Chromium HSTS
-     preload list on request from their administrators, so HTTPS should
-     work properly everywhere on this site.
-
-     Because Chromium and derived browsers automatically force HTTPS for
-     every access to this site, this rule applies only to Firefox. -->
-<ruleset name="Poly.edu" platform="firefox">
-<target host="csawctf.poly.edu" />
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://crissp.poly.edu/ => https://crissp.poly.edu/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://csawctf.poly.edu/ => https://csawctf.poly.edu/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://cybersymposium.isis.poly.edu/ => https://cybersymposium.isis.poly.edu/: (28, 'Connection timed out after 10000 milliseconds')
+Fetch error: http://csaw.isis.poly.edu/ => https://csaw.isis.poly.edu/: (28, 'Connection timed out after 10000 milliseconds')
+Fetch error: http://esc.isis.poly.edu/ => https://esc.isis.poly.edu/: (28, 'Connection timed out after 10000 milliseconds')
+Fetch error: http://hsf.isis.poly.edu/ => https://hsf.isis.poly.edu/: (28, 'Connection timed out after 10000 milliseconds')
+Fetch error: http://policy.isis.poly.edu/ => https://policy.isis.poly.edu/: (28, 'Connection timed out after 10000 milliseconds')
+Fetch error: http://quiz.isis.poly.edu/ => https://quiz.isis.poly.edu/: (28, 'Connection timed out after 10000 milliseconds')
+Fetch error: http://research.isis.poly.edu/ => https://research.isis.poly.edu/: (28, 'Connection timed out after 10000 milliseconds')
+Fetch error: http://isisblogs.poly.edu/ => https://isisblogs.poly.edu/: (28, 'Connection timed out after 10000 milliseconds')
+
+
+	Nonfunctional subdomains:
+
+		- cyfor.isis ¹
+		- www.isis ²
+
+	¹ Refused
+	² Reset
+
+
+	Fully covered subdomains:
+
+		- crissp
+		- csawctf
+
+		- isis
+		- ctf.isis
+		- csaw.isis
+		- cybersymposium.isis
+		- esc.isis
+		- hsf.isis
+		- policy.isis
+		- quiz.isis
+		- research.isis
+
+		- isisblogs
+
+
+	These altnames don't exist:
+
+		- www.crissp.poly.edu
+		- www.isisblogs.poly.edu
+
+
+	Mixed content:
+
+		- favicon on csaw.isis, esc.isis, hsf.isis, quiz.isis, research.isis from localhost:5000 *
+
+	* False alarm for our purposes, obviously
+
+-->
+<ruleset name="Poly.edu (partial)" default_off="broken">
+	<target host="crissp.poly.edu" />
+	<target host="csawctf.poly.edu" />
+	<target host="isis.poly.edu" />
+	<target host="ctf.isis.poly.edu" />
+	<target host="cybersymposium.isis.poly.edu" />
+	<target host="csaw.isis.poly.edu" />
+	<target host="esc.isis.poly.edu" />
+	<target host="hsf.isis.poly.edu" />
+	<target host="policy.isis.poly.edu" />
+	<target host="quiz.isis.poly.edu" />
+	<target host="research.isis.poly.edu" />
+	<target host="isisblogs.poly.edu" />
 
 <securecookie host="^csawctf\.poly\.edu$" name=".+" />
 
-<rule from="^http://csawctf\.poly\.edu/" to="https://csawctf.poly.edu/" />
+<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/PolyBrowser.com.xml b/src/chrome/content/rules/PolyBrowser.com.xml
new file mode 100644
index 000000000000..46443fd84a6c
--- /dev/null
+++ b/src/chrome/content/rules/PolyBrowser.com.xml
@@ -0,0 +1,22 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://polybrowser.com/ => https://polybrowser.com/: (28, 'Connection timed out after 20006 milliseconds')
+Fetch error: http://www.polybrowser.com/ => https://www.polybrowser.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+	Mixed content:
+
+		- css from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="PolyBrowser.com" default_off="failed ruleset test">
+
+	<target host="polybrowser.com" />
+	<target host="www.polybrowser.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PolyGrant.com.xml b/src/chrome/content/rules/PolyGrant.com.xml
new file mode 100644
index 000000000000..6ae08576d798
--- /dev/null
+++ b/src/chrome/content/rules/PolyGrant.com.xml
@@ -0,0 +1,29 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://polygrant.com/ => https://polygrant.com/: (7, 'Failed to connect to polygrant.com port 443: No route to host')
+Fetch error: http://www.polygrant.com/ => https://www.polygrant.com/: (7, 'Failed to connect to www.polygrant.com port 443: No route to host')
+
+	Insecure cookies are set for these hosts:
+
+		- polygrant.com
+		- www.polygrant.com
+
+-->
+<ruleset name="PolyGrant.com" default_off="failed ruleset test">
+
+	<target host="polygrant.com" />
+	<target host="www.polygrant.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?polygrant\.com$" name="^connect\.sid$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PolyU.edu.hk.xml b/src/chrome/content/rules/PolyU.edu.hk.xml
new file mode 100644
index 000000000000..1ad8e3946716
--- /dev/null
+++ b/src/chrome/content/rules/PolyU.edu.hk.xml
@@ -0,0 +1,27 @@
+<!--
+	Non-functional hosts:
+		Certificate Expired:
+		- library.polyu.edu.hk
+-->
+<ruleset name="PolyU HK">
+    <target host="www.polyu.edu.hk" />
+    <target host="www38.polyu.edu.hk" />
+    <target host="www40.polyu.edu.hk" />
+
+    <target host="portal.polyu.edu.hk" />
+    <target host="my.polyu.edu.hk" />
+    <target host="learn.polyu.edu.hk" />
+    <target host="lib.polyu.edu.hk" />
+    <target host="www.lib.polyu.edu.hk" />
+    <target host="idportal.polyu.edu.hk" />
+    <target host="itsm.polyu.edu.hk" />
+
+    <target host="www.comp.polyu.edu.hk" />
+
+    <rule from="^http://lib\.polyu\.edu\.hk/"
+        to="https://www.lib.polyu.edu.hk/" />
+
+        <test url="http://lib.polyu.edu.hk/orientation/" />
+
+    <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Polygon.com.xml b/src/chrome/content/rules/Polygon.com.xml
new file mode 100644
index 000000000000..8b6e399d3614
--- /dev/null
+++ b/src/chrome/content/rules/Polygon.com.xml
@@ -0,0 +1,12 @@
+<!--
+	For other Vox Media coverage, see Vox.com.xml.
+-->
+<ruleset name="Polygon.com">
+
+	<target host="polygon.com" />
+	<target host="www.polygon.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Polygon.xml b/src/chrome/content/rules/Polygon.xml
deleted file mode 100644
index a875aa411d28..000000000000
--- a/src/chrome/content/rules/Polygon.xml
+++ /dev/null
@@ -1,30 +0,0 @@
-<!--
-	Mixed content:
-
-		- css, on www from:
-
-			- cdn\d.sbnation.com *
-			- cloud.typography.com *
-
-		- Images on www from cdn\d.sbnation.com *
-
-		- Web bugs, on www from :
-
-			- aperture.displaymarketplace.com *
-			- pixel.quantserve.com *
-			- ox-d.sbnation.com *
-			- b.scorecardresearch.com *
-
-	* Secured by us
-
--->
-<ruleset name="Polygon (false MCB)" platform="mixedcontent">
-
-	<target host="polygon.com" />
-	<target host="www.polygon.com" />
-
-
-	<rule from="^http://(www\.)?polygon\.com/"
-		to="https://$1polygon.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/PolymathProjects.org.xml b/src/chrome/content/rules/PolymathProjects.org.xml
new file mode 100644
index 000000000000..9afc4bcc1460
--- /dev/null
+++ b/src/chrome/content/rules/PolymathProjects.org.xml
@@ -0,0 +1,7 @@
+<ruleset name="PolymathProjects.org">
+	<target host="polymathprojects.org" />
+	<target host="www.polymathprojects.org" />
+
+	<securecookie host=".+" name=".+" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Polymer-Project.org.xml b/src/chrome/content/rules/Polymer-Project.org.xml
new file mode 100644
index 000000000000..e9ab3f8c8f3f
--- /dev/null
+++ b/src/chrome/content/rules/Polymer-Project.org.xml
@@ -0,0 +1,32 @@
+<!--
+	For other Google coverage, see GoogleServices.xml.
+
+	Connection closed:
+		polymer-project.org
+
+	Invalid certificate:
+		designer.polymer-project.org
+		topeka.polymer-project.org
+
+-->
+<ruleset name="Polymer-Project.org">
+
+	<target host="polymer-project.org" />
+	<target host="www.polymer-project.org" />
+	<target host="blog.polymer-project.org" />
+	<target host="cheese.polymer-project.org" />
+	<target host="elements.polymer-project.org" />
+	<target host="news.polymer-project.org" />
+	<target host="news-docs.polymer-project.org" />
+	<target host="polymon.polymer-project.org" />
+	<target host="shop.polymer-project.org" />
+	<target host="shop-demo.polymer-project.org" />
+	<target host="summit.polymer-project.org" />
+
+	<rule from="^http://polymer-project\.org/"
+		to="https://www.polymer-project.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Polytechnic-University-of-Catalonia-mismatches.xml b/src/chrome/content/rules/Polytechnic-University-of-Catalonia-mismatches.xml
deleted file mode 100644
index c962a6da4dfd..000000000000
--- a/src/chrome/content/rules/Polytechnic-University-of-Catalonia-mismatches.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="Polytechnic University of Catalonia (mismatches)" default_off="mismatch">
-
-	<target host="gentoo-euetib.upc.es"/>
-
-	<rule from="^http://gentoo-euetib\.upc\.es/"
-		to="https://gentoo-euetib.upc.es/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Polytechnic-University-of-Catalonia.xml b/src/chrome/content/rules/Polytechnic-University-of-Catalonia.xml
deleted file mode 100644
index 7f75104c232d..000000000000
--- a/src/chrome/content/rules/Polytechnic-University-of-Catalonia.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<ruleset name="Polytechnic University of Catalonia (partial)">
-
-	<target host="upc.edu"/>
-	<target host="*.upc.edu"/>
-	<target host="*.blog.upc.edu"/>
-	<target host="upc.es"/>
-	<target host="*.upc.es"/>
-
-	<securecookie host="^(.*\.)upc\.edu$" name=".*"/>
-
-	<rule from="^http://(?:www\.)?upc\.(?:es|edu)/"
-		to="https://www.upc.edu/"/>
-
-	<rule from="^http://australis\.upc\.es/"
-		to="https://australis.upc.es/"/>
-
-	<rule from="^http://(\w+\.blog|peguera|tv)\.upc\.edu/"
-		to="https://$1.upc.edu/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/PonderingIslam.com.xml b/src/chrome/content/rules/PonderingIslam.com.xml
new file mode 100644
index 000000000000..ca04f10166d3
--- /dev/null
+++ b/src/chrome/content/rules/PonderingIslam.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="PonderingIslam.com">
+	<target host="ponderingislam.com" />
+	<target host="www.ponderingislam.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ponderwall.com.xml b/src/chrome/content/rules/Ponderwall.com.xml
new file mode 100644
index 000000000000..7047e71317fe
--- /dev/null
+++ b/src/chrome/content/rules/Ponderwall.com.xml
@@ -0,0 +1,12 @@
+<!--
+	Mixed content from fonts.googleapis.com and ad server
+
+-->
+<ruleset name="Ponderwall">
+
+	<target host="ponderwall.com" />
+	<target host="www.ponderwall.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ponemon.xml b/src/chrome/content/rules/Ponemon.xml
index 81524df13d59..fca9df128ad2 100644
--- a/src/chrome/content/rules/Ponemon.xml
+++ b/src/chrome/content/rules/Ponemon.xml
@@ -1,10 +1,14 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://rim.ponemon.org/ => https://rim.ponemon.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
 	Nonfunctional subdomains:
 
 		- (www.)	(redirects to rim, CN: rim.ponemon.org)
 
 -->
-<ruleset name="Ponemon (partial)">
+<ruleset name="Ponemon (partial)" default_off="failed ruleset test">
 
 	<target host="rim.ponemon.org" />
 
@@ -12,7 +16,6 @@
 	<securecookie host="^rim\.ponemon\.org$" name=".+" />
 
 
-	<rule from="^http://rim\.ponemon\.org/"
-		to="https://rim.ponemon.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Pony.fm.xml b/src/chrome/content/rules/Pony.fm.xml
index f037fdaef3cf..28ee4ee384fa 100644
--- a/src/chrome/content/rules/Pony.fm.xml
+++ b/src/chrome/content/rules/Pony.fm.xml
@@ -1,13 +1,19 @@
-<ruleset name="Pony.fm">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://s.pony.fm/ => https://s.pony.fm/: (51, "SSL: no alternative certificate subject name matches target host name 's.pony.fm'")
+
+-->
+<ruleset name="Pony.fm" default_off="failed ruleset test">
 
 	<target host="pony.fm" />
-	<target host="*.pony.fm" />
+	<target host="s.pony.fm" />
+	<target host="www.pony.fm" />
 
 
 	<securecookie host="^\.pony\.fm$" name=".+" />
 
 
-	<rule from="^http://(s\.|www\.)?pony\.fm/"
-		to="https://$1pony.fm/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Poolp.org.xml b/src/chrome/content/rules/Poolp.org.xml
index 1841c9e839ff..f64668dbbfd8 100644
--- a/src/chrome/content/rules/Poolp.org.xml
+++ b/src/chrome/content/rules/Poolp.org.xml
@@ -1,13 +1,12 @@
 <ruleset name="poopl.org">
 
 	<target host="poolp.org" />
-	<target host="*.poolp.org" />
+	<target host="www.poolp.org" />
 
 
 	<securecookie host="^\.poolp\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?poolp\.org/"
-		to="https://$1poolp.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Poor_Man_Motorsports.xml b/src/chrome/content/rules/Poor_Man_Motorsports.xml
index 64d4ea6c30d6..3b089bf2fc32 100644
--- a/src/chrome/content/rules/Poor_Man_Motorsports.xml
+++ b/src/chrome/content/rules/Poor_Man_Motorsports.xml
@@ -1,13 +1,12 @@
 <ruleset name="Poor Man Motorsports">
 
 	<target host="poormanmotorsports.com" />
-	<target host="*.poormanmotorsports.com" />
+	<target host="www.poormanmotorsports.com" />
 
 
-	<securecookie host="^(?:.*\.)?poormanmotorsports\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(www\.)?poormanmotorsports\.com/"
-		to="https://$1poormanmotorsports.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Pop2imap.com.xml b/src/chrome/content/rules/Pop2imap.com.xml
new file mode 100644
index 000000000000..4db03846d0e9
--- /dev/null
+++ b/src/chrome/content/rules/Pop2imap.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Pop2imap.com">
+	<target host="pop2imap.com" />
+	<target host="www.pop2imap.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Pop6.com.xml b/src/chrome/content/rules/Pop6.com.xml
new file mode 100644
index 000000000000..1a1dd77c9088
--- /dev/null
+++ b/src/chrome/content/rules/Pop6.com.xml
@@ -0,0 +1,47 @@
+<!--
+	For other FriendFinder coverage, see FriendFinder.xml.
+
+
+	CDN buckets:
+
+		 - cs77.wac.edgecastcdn.net
+
+			- graphics.pop6.com
+
+
+	Problematic hosts in pop6.com:
+
+		- (www.)?	(works, mismatched, CN: secure.adultfriendfinder.com)
+		- graphics *
+
+	* Works, mismatched, CN: *.securedataimages.com
+
+
+	These altnames don't exist:
+
+		- www.glean.pop6.com
+
+-->
+<ruleset name="pop6.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="glean.pop6.com" />
+
+	<!--	Complications:
+				-->
+	<target host="pop6.com" />
+	<target host="graphics.pop6.com" />
+	<target host="www.pop6.com" />
+
+
+	<rule from="^http://(?:www\.)?pop6\.com/"
+		to="https://secure.friendfinder.com/" />
+
+	<rule from="^http://graphics\.pop6\.com/"
+		to="https://secureimage.securedataimages.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PopAds.xml b/src/chrome/content/rules/PopAds.xml
index 68143c3ccd4d..56506504e827 100644
--- a/src/chrome/content/rules/PopAds.xml
+++ b/src/chrome/content/rules/PopAds.xml
@@ -1,4 +1,9 @@
 <!--
+	Other PopAds rulesets:
+
+		- PopAds_CDN.net.xml
+
+
 	CDN buckets:
 
 		- 487998493.r.cdn77.net
@@ -14,44 +19,45 @@
 			- c2.popads.net
 
 
-	Problematic domains:
-
-		- c1.popads.net		(works, CN: *.r.worldssl.net)
-		- c2.popads.net		(404, CN: *.netdna-ssl.com)
-		- world.popadscdn.net	(400, CN: *.r.worldssl.net)
+	Problematic hosts in *popads.net:
 
+		- c2		(incomplete cert chain)
 
-	Fully covered domains:
 
-		- popads.net subdomains:
+	Fully covered hosts in *popads.net:
 
-			- (www.)
-			- blog
-			- c[12]		(→ static)
-			- serve
-			- static
-			- world
-
-		- world.popadscdn.net	(→ www.popads.net)
+		- (www.)?
+		- blog
+		- c1
+		- c2		(→ static)
+		- serve
+		- static
+		- world
 
 -->
-<ruleset name="PopAds">
+<ruleset name="PopAds.net">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="popads.net" />
-	<target host="*.popads.net" />
-	<target host="world.popadscdn.net" />
+	<target host="blog.popads.net" />
+	<target host="serve.popads.net" />
+	<target host="static.popads.net" />
+	<target host="www.popads.net" />
 
+	<!--	Complications:
+				-->
+	<target host="c1.popads.net" />
+	<target host="c2.popads.net" />
 
-	<securecookie host=".*\.popads\.net$" name=".+" />
 
+	<securecookie host=".*\.popads\.net$" name=".+" />
 
-	<rule from="^http://((?:blog|serve|static|world|www)\.)?popads\.net/"
-		to="https://$1popads.net/" />
 
-	<rule from="^http://c[12]\.popads\.net/"
+	<rule from="^http://c2\.popads\.net/"
 		to="https://static.popads.net/" />
 
-	<rule from="^http://world\.popadscdn\.net/"
-		to="https://www.popads.net/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/PopAds_CDN.net.xml b/src/chrome/content/rules/PopAds_CDN.net.xml
new file mode 100644
index 000000000000..dc929e24054e
--- /dev/null
+++ b/src/chrome/content/rules/PopAds_CDN.net.xml
@@ -0,0 +1,29 @@
+<!--
+	For other PopAds coverage, see PopAds.xml.
+
+
+	CDN buckets:
+
+		- 780499803.r.cdn77.net
+
+			- world.popadscdn.net
+
+
+	Problematic hosts in *popadscdn.net:
+
+		- world *
+
+	* 400, CN: *.r.worldssl.net
+
+-->
+<ruleset name="PopAds CDN.net">
+
+	<!--	Complications:
+				-->
+	<target host="world.popadscdn.net" />
+
+
+	<rule from="^http://world\.popadscdn\.net/"
+		to="https://www.popads.net/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PopAtomic.xml b/src/chrome/content/rules/PopAtomic.xml
deleted file mode 100644
index 62683149c877..000000000000
--- a/src/chrome/content/rules/PopAtomic.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="PopAtomic">
-
-	<target host="popatomic.org" />
-	<target host="www.popatomic.org" />
-
-
-	<securecookie host="^(www\.)?popatomic\.org$" name=".*" />
-
-
-	<rule from="^http://(www\.)?popatomic\.org/"
-		to="https://$1popatomic.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/PopCash.net.xml b/src/chrome/content/rules/PopCash.net.xml
new file mode 100644
index 000000000000..c9017e3bac5c
--- /dev/null
+++ b/src/chrome/content/rules/PopCash.net.xml
@@ -0,0 +1,9 @@
+<ruleset name="PopCash.net">
+	<target host="popcash.net" />
+	<target host="www.popcash.net" />
+	<target host="static.popcash.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PopCrunch.com.xml b/src/chrome/content/rules/PopCrunch.com.xml
deleted file mode 100644
index fd31742af3fa..000000000000
--- a/src/chrome/content/rules/PopCrunch.com.xml
+++ /dev/null
@@ -1,28 +0,0 @@
-<!--
-	CDN buckets:
-
-		- pc-uploads.s3.amazonaws.com
-
-
-	Nonfunctional subdomains:
-
-		- (www.)	(503)
-		- ox-d		(404)
-
-
-	Fully covered subdomains:
-
-		- assets
-		- pc[123]
-		- social
-
--->
-<ruleset name="PopCrunch.com (partial)">
-
-	<target host="*.popcrunch.com" />
-
-
-	<rule from="^http://(assets|pc[123]|social)\.popcrunch\.com/"
-		to="https://$1.popcrunch.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/PopIn.cc.xml b/src/chrome/content/rules/PopIn.cc.xml
index 061ffb09ee07..1ac72a905b78 100644
--- a/src/chrome/content/rules/PopIn.cc.xml
+++ b/src/chrome/content/rules/PopIn.cc.xml
@@ -1,36 +1,54 @@
 <!--
-	CDN buckets:
-
-		- wac.4867.edgecastcdn.net/??4867/
-
-			- cdn
-
-
-	Nonfunctional subdomains:
-
-		- cdn	(404; mismatched, CN: gp1.wac.edgecastcdn.net)
-		- www	(refused)
-
-
-	Problematic subdomains:
-
-		- r	(mismatched, CN: sync.popin.cc)
-
-
-	^popin.cc does not exist.
-
+	Related:
+		PopInCDN.com.xml
+
+	Refused:
+		demo.popin.cc
+		ping.popin.cc
+
+	InvalidCert:
+		47news.popin.cc
+		sp.api.popin.cc
+		cdn.popin.cc
+		checkurl.popin.cc
+		tw.discovery.popin.cc
+		e.popin.cc
+		images.popin.cc
+		jsv.popin.cc
+		keywords.popin.cc
+		l.popin.cc
+		47news.search.popin.cc
+		new.search.popin.cc
+		service.popin.cc
+		share.popin.cc
+		static.popin.cc
+
+	Not exist:
+		^popin.cc
 -->
-<ruleset name="popIn.cc (partial)">
-
-	<target host="*.popin.cc" />
-
-
-	<rule from="^http://(api|js|search)\.popin\.cc/"
-		to="https://$1.popin.cc/" />
-
-	<!--	Appear to be identical:
-					-->
-	<rule from="^http://(?:r|sync)\.popin\.cc/"
-		to="https://sync.popin.cc/" />
 
-</ruleset>
\ No newline at end of file
+<ruleset name="PopIn.cc (partial)">
+	<target host="www.popin.cc" />
+	<target host="a.popin.cc" />
+	<target host="action.popin.cc" />
+	<target host="api.popin.cc" />
+	<target host="d.popin.cc" />
+	<target host="discoveryplus.popin.cc" />
+	<target host="id.popin.cc" />
+	<target host="inrecsys.popin.cc" />
+	<target host="jp.popin.cc" />
+	<target host="kr.popin.cc" />
+	<target host="partner.popin.cc" />
+	<target host="r.popin.cc" />
+	<target host="recom.popin.cc" />
+	<target host="related.popin.cc" />
+	<target host="rlog.popin.cc" />
+	<target host="s.popin.cc" />
+	<target host="search.popin.cc" />
+	<target host="smartphone.popin.cc" />
+	<target host="sync.popin.cc" />
+	<target host="traffic.popin.cc" />
+	<target host="tw.popin.cc" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PopInCDN.com.xml b/src/chrome/content/rules/PopInCDN.com.xml
new file mode 100644
index 000000000000..c37a18e00bc1
--- /dev/null
+++ b/src/chrome/content/rules/PopInCDN.com.xml
@@ -0,0 +1,14 @@
+<!--
+	Related:
+		PopIn.cc.xml
+-->
+
+<ruleset name="PopInCDN.com">
+	<target host="i.popincdn.com" />
+		<test url="http://i.popincdn.com/hp/news20150325/01.png" />
+		<test url="http://i.popincdn.com/videos/index.html" />
+	<target host="v.popincdn.com" />
+		<test url="http://v.popincdn.com/demo/video_demo.mp4" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PopSci.com-falsemixed.xml b/src/chrome/content/rules/PopSci.com-falsemixed.xml
deleted file mode 100644
index 0aafa6b2e812..000000000000
--- a/src/chrome/content/rules/PopSci.com-falsemixed.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	For rules not causing false/broken MCB, see PopSci.com.xml.
-
--->
-<ruleset name="PopSci.com (false MCB)" platform="mixedcontent">
-
-	<target host="popsci.com" />
-	<target host="*.popsci.com" />
-		<!--
-			Handled in PopSci.com.xml:
-							-->
-		<!--exclusion pattern="^http://(www\.)?popsci\.com/sites/" /-->
-
-
-	<rule from="^http://(?:www\.)?popsci\.com/(?!sites/)"
-		to="https://www.popsci.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/PopSci.com.xml b/src/chrome/content/rules/PopSci.com.xml
index abb30767e1d7..2f87d2c98eac 100644
--- a/src/chrome/content/rules/PopSci.com.xml
+++ b/src/chrome/content/rules/PopSci.com.xml
@@ -1,32 +1,20 @@
 <!--
 	Popular Science
 
-	For rules causing false/broken MCB, see PopSci.com-falsemixed.xml.
+	Remark: This website blocks Tor users.
 
+	Non-functional host in *.popsci.com:
+		SSL peer certificate was not OK:
+			 - bestofwhatsnew.popsci.com
 
-	Mixed content:
-
-		- Images on www from www *
-
-		- Ads/web bugs, on www from:
-
-			- bonniercorp.122.2o7.net *
-			- b.comcardresearch.com *
-			- i.po.st
-			- a.postrelease.com *
-			- pixel.quantserve.com *
-			- bs.serving-sys.com *
-
-	* Secured by us
-
+		Mixed content blocking (MCB) tiggered:
+			 - www.popsci.com
 -->
-<ruleset name="PopSci.com (partial)">
-
+<ruleset name="PopSci.com (partial)" platform="mixedcontent">
 	<target host="popsci.com" />
 	<target host="www.popsci.com" />
+	<target host="shop.popsci.com" />
+	<target host="subscribe.popsci.com" />
 
-
-	<rule from="^http://(?:www\.)?popsci\.com/sites/"
-		to="https://www.popsci.com/sites/" />
-
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/PopSugar-assets.com.xml b/src/chrome/content/rules/PopSugar-assets.com.xml
new file mode 100644
index 000000000000..3918a17714d2
--- /dev/null
+++ b/src/chrome/content/rules/PopSugar-assets.com.xml
@@ -0,0 +1,18 @@
+<!--
+	For other PopSugar coverage, see PopSugar.com.xml.
+
+
+	CDN buckets:
+
+		- sugarinc-a.akamaihd.net
+
+-->
+<ruleset name="PopSugar-assets.com">
+
+	<target host="*.popsugar-assets.com" />
+
+
+	<rule from="^http://media\d\.popsugar-assets\.com/(?=/*v\d+/)"
+		to="https://sugarinc-a.akamaihd.net/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PopSugar.com.xml b/src/chrome/content/rules/PopSugar.com.xml
new file mode 100644
index 000000000000..b2a8d8e91ba9
--- /dev/null
+++ b/src/chrome/content/rules/PopSugar.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Other PopSugar rulesets:
+
+		- PopSugar-assets.com.xml
+
+
+	CDN buckets:
+
+		- sugarinc-a.akamaihd.net
+
+-->
+<ruleset name="PopSugar.com (partial)">
+
+	<target host="popsugar.com" />
+	<target host="www.popsugar.com" />
+		<!--
+			Avoid user-visible paths:
+							-->
+		<!--exclusion pattern="http://(www\.)?popsugar\.com/+(?!v\d+/static/)" /-->
+
+
+	<rule from="^http://(?:www\.)?popsugar\.com/(?=v\d+/static/)"
+		to="https://sugarinc-a.akamaihd.net/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PopVote.hk.xml b/src/chrome/content/rules/PopVote.hk.xml
index 6cf38d8febc1..24c3b16622f0 100644
--- a/src/chrome/content/rules/PopVote.hk.xml
+++ b/src/chrome/content/rules/PopVote.hk.xml
@@ -1,13 +1,12 @@
 <ruleset name="PopVote.hk">
 
 	<target host="popvote.hk" />
-	<target host="*.popvote.hk" />
+	<target host="www.popvote.hk" />
 
 
 	<securecookie host="^(?:w*\.)?popvote\.hk$" name=".+" />
 
 
-	<rule from="^http://(www\.)?popvote\.hk/"
-		to="https://$1popvote.hk/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Pop_Goes_the_Week.xml b/src/chrome/content/rules/Pop_Goes_the_Week.xml
index 82f8ed026fa6..b3afe3fa9277 100644
--- a/src/chrome/content/rules/Pop_Goes_the_Week.xml
+++ b/src/chrome/content/rules/Pop_Goes_the_Week.xml
@@ -7,7 +7,6 @@
 	<securecookie host="^(?:www\.)?popgoestheweek\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?popgoestheweek\.com/"
-		to="https://$1popgoestheweek.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Popcorn-Time.se.xml b/src/chrome/content/rules/Popcorn-Time.se.xml
new file mode 100644
index 000000000000..b8ef68e2c0d6
--- /dev/null
+++ b/src/chrome/content/rules/Popcorn-Time.se.xml
@@ -0,0 +1,66 @@
+<!--
+	Fully covered hosts in *popcorn-time.se:
+
+		- (www.)?
+		- forum
+
+
+	Insecure cookies are set for these domains:
+
+		- .popcorn-time.se
+		- .forum.popcorn-time.se
+
+
+	Mixed content:
+
+		- css on blog from $self *
+
+		- Images, on:
+
+			- blog from $self *
+			- blog from ^ *
+
+		- Bug on ^ from www.facebook.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Popcorn-Time.se (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="popcorn-time.se" />
+	<target host="blog.popcorn-time.se" />
+	<target host="forum.popcorn-time.se" />
+	<target host="www.popcorn-time.se" />
+
+		<!--	Avoid broken MCB:
+						-->
+		<exclusion pattern="^http://blog\.popcorn-time\.se/+(?!favicon\.ico|wp-content/|wp-includes/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://blog.popcorn-time.se/2015/03/" />
+			<test url="http://blog.popcorn-time.se/category/uncategorized/" />
+			<test url="http://blog.popcorn-time.se/ios/" />
+			<test url="http://blog.popcorn-time.se/page/2/" />
+
+			<!--	-ve:
+					-->
+			<test url="http://blog.popcorn-time.se/favicon.ico" />
+			<test url="http://blog.popcorn-time.se/wp-content/themes/big-city/style.css" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.popcorn-time\.se$" name="^(__cfduid|cf_clearance)$" /-->
+	<!--securecookie host="^\.forum\.popcorn-time\.se$" name="^phpbb3_\w+_(k|sid|u)$" /-->
+
+	<securecookie host="^\.popcorn-time\.se$" name="^__cfduid$" />
+	<securecookie host="^\.forum\.popcorn-time\.se$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Popehat.com.xml b/src/chrome/content/rules/Popehat.com.xml
new file mode 100644
index 000000000000..7356deb7d528
--- /dev/null
+++ b/src/chrome/content/rules/Popehat.com.xml
@@ -0,0 +1,21 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cpanel.popehat.com/ => https://cpanel.popehat.com/: (51, "SSL: no alternative certificate subject name matches target host name 'cpanel.popehat.com'")
+Fetch error: http://webdisk.popehat.com/ => https://webdisk.popehat.com/: (51, "SSL: no alternative certificate subject name matches target host name 'webdisk.popehat.com'")
+Fetch error: http://webmail.popehat.com/ => https://webmail.popehat.com/: (51, "SSL: no alternative certificate subject name matches target host name 'webmail.popehat.com'")
+
+-->
+<ruleset name="Popehat.com" default_off="failed ruleset test">
+
+	<target host="popehat.com" />
+	<target host="www.popehat.com" />
+	<target host="cpanel.popehat.com" />
+	<target host="mail.popehat.com" />
+	<target host="webdisk.popehat.com" />
+	<target host="webmail.popehat.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Poppy-Sports.xml b/src/chrome/content/rules/Poppy-Sports.xml
index 05b90d7590dd..69c3d004e359 100644
--- a/src/chrome/content/rules/Poppy-Sports.xml
+++ b/src/chrome/content/rules/Poppy-Sports.xml
@@ -1,12 +1,17 @@
-<ruleset name="Poppy Sports" platform="mixedcontent">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://poppysports.com/ => https://www.poppysports.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.poppysports.com'")
+
+-->
+<ruleset name="Poppy Sports" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="poppysports.com" />
-	<target host="*.poppysports.com" />
-	<target host="*.www.poppysports.com" />
+	<target host="www.poppysports.com" />
 
 	<rule from="^http://(?:www\.)?poppysports\.com/"
 		to="https://www.poppysports.com/" />
 
-	<securecookie host="^\.www\.poppysports\.com$" name=".*"/>
+	<securecookie host="^\.www\.poppysports\.com$" name=".+" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Poppy_UK.xml b/src/chrome/content/rules/Poppy_UK.xml
deleted file mode 100644
index d20c58fbb34e..000000000000
--- a/src/chrome/content/rules/Poppy_UK.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	Expired 2013-04-06
-
--->
-<ruleset name="Poppy UK" default_off="expired">
-
-	<target host="poppyuk.com" />
-	<target host="*.poppyuk.com" />
-
-
-	<securecookie host="^\.poppyuk\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?poppyuk\.com/"
-		to="https://poppyuk.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Pops.co.xml b/src/chrome/content/rules/Pops.co.xml
new file mode 100644
index 000000000000..b816f48cb79c
--- /dev/null
+++ b/src/chrome/content/rules/Pops.co.xml
@@ -0,0 +1,11 @@
+<!--
+	Invalid certificate:
+		www.pops.co
+
+-->
+<ruleset name="Pops.co">
+	<target host="pops.co" />
+	<target host="app.pops.co" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Popular-Mechanics.xml b/src/chrome/content/rules/Popular-Mechanics.xml
deleted file mode 100644
index 92e25ec154ae..000000000000
--- a/src/chrome/content/rules/Popular-Mechanics.xml
+++ /dev/null
@@ -1,48 +0,0 @@
-<!--
-	For problematic rules, see Popular_Mechanics.com-problematic.xml.
-
-	For other Hearst Corporation coverage, see Hearst-Corporation.xml.
-
-
-	CDN buckets:
-
-		- www.popularmechanics.com.edgesuite.net
-
-			- a1303.g.akamai.net
-
-
-	Nonfunctional subdomains:
-
-		- services	(dropped)
-
-
-	Problematic subdomains:
-
-		- ^	(redirects to http; mismatched, CN: subscribe.hearstmags.com)
-		- www	(works, akamai)
-
--->
-<ruleset name="Popular Mechanics (partial)">
-
-	<target host="popularmechanics.com" />
-	<target host="*.popularmechanics.com" />
-		<!--
-			Avoid user-visible paths:
-							-->
-		<!--exclusion pattern="^http://(www\.)?popularmechanics\.com/(?!ams/|api_static/|cm/|favicon\.ico)" /-->
-		<!--
-			Paths are given relative to /, thereby breaking images:
-										-->
-		<!--exclusion pattern="^http://(www\.)?popularmechanics\.com/cm/popularmechanics/styles/(article|comments|flipbook3|global|promo_player)\.css" /-->
-
-
-	<!--	Tracking cookies:
-					-->
-	<securecookie host="^\.popularmechanics\.com$" name="^(?:s_\w+|__utm)\w$" />
-	<securecookie host="^\.www\.popularmechanics\.com$" name="^icxid$" />
-
-
-	<rule from="^http://(?:www\.)?popularmechanics\.com/(?=ams/|api_static/|cm/(?!popularmechanics/styles/(?:article|comments|flipbook3|global|promo_player)\.css)|favicon\.ico)"
-		to="https://a248.e.akamai.net/f/1303/5377/4m/www.popularmechanics.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/PopularResistance.org.xml b/src/chrome/content/rules/PopularResistance.org.xml
new file mode 100644
index 000000000000..916b5c8bfd0b
--- /dev/null
+++ b/src/chrome/content/rules/PopularResistance.org.xml
@@ -0,0 +1,12 @@
+<ruleset name="PopularResistance.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="popularresistance.org" />
+	<target host="www.popularresistance.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Popular_Photography.xml b/src/chrome/content/rules/Popular_Photography.xml
index 67e2b197d568..62ed432387ed 100644
--- a/src/chrome/content/rules/Popular_Photography.xml
+++ b/src/chrome/content/rules/Popular_Photography.xml
@@ -1,4 +1,6 @@
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://popphoto.com/ => https://www.popphoto.com/: Cycle detected - URL already encountered: https://www.popphoto.com/
 	Nonfunctional subdomains:
 
 		- forums	(times out)
@@ -17,7 +19,8 @@
 <ruleset name="Popular Photography">
 
 	<target host="popphoto.com" />
-	<target host="*.popphoto.com" />
+	<target host="www.popphoto.com" />
+	<target host="videostore.popphoto.com" />
 
 
 	<rule from="^http://(?:www\.)?popphoto\.com/"
diff --git a/src/chrome/content/rules/Populis_Engage.com.xml b/src/chrome/content/rules/Populis_Engage.com.xml
deleted file mode 100644
index 543e6684f903..000000000000
--- a/src/chrome/content/rules/Populis_Engage.com.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	Web bugs.
-
--->
-<ruleset name="Populis Engage.com">
-
-	<target host="*.populisengage.com" />
-
-
-	<securecookie host="^\.populisengage\.com$" name="^OAX$" />
-	<securecookie host="^oas\.populisengage\.com$" name=".+" />
-
-
-	<rule from="^http://oas\.populisengage\.com/"
-		to="https://oas.populisengage.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/PopupCheck.com.xml b/src/chrome/content/rules/PopupCheck.com.xml
new file mode 100644
index 000000000000..20a574c6ff20
--- /dev/null
+++ b/src/chrome/content/rules/PopupCheck.com.xml
@@ -0,0 +1,11 @@
+<!--
+	Active mixed content:
+		- www.popupcheck.com
+-->
+
+<ruleset name="PopupCheck.com" platform="mixedcontent">
+	<target host="popupcheck.com" />
+	<target host="www.popupcheck.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Porlaputa.com.xml b/src/chrome/content/rules/Porlaputa.com.xml
index 4329d3970370..58ecf9a18a85 100644
--- a/src/chrome/content/rules/Porlaputa.com.xml
+++ b/src/chrome/content/rules/Porlaputa.com.xml
@@ -16,7 +16,7 @@
 <ruleset name="Porlaputa.com (partial)" default_off="mismatched">
 
 	<target host="porlaputa.com" />
-	<target host="*.porlaputa.com" />
+	<target host="www.porlaputa.com" />
 
 
 	<securecookie host="^\.porlaputa\.com$" name=".+" />
@@ -25,4 +25,4 @@
 	<rule from="^http://(?:www\.)?porlaputa\.com/"
 		to="https://porlaputa.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Porn-W.xml b/src/chrome/content/rules/Porn-W.xml
index d7a368750aac..3c554e1fe207 100644
--- a/src/chrome/content/rules/Porn-W.xml
+++ b/src/chrome/content/rules/Porn-W.xml
@@ -1,11 +1,11 @@
-<ruleset name="porn-W" default_off="mismatch">
+<ruleset name="porn-W" default_off="mismatched">
 
 	<!--	cert: astria.warezman.info	-->
 	<target host="porn-w.org"/>
 	<!--	* for cross-domain cookies	-->
-	<target host="*.porn-w.org"/>
+	<target host="www.porn-w.org" />
 
-	<securecookie host="^\.porn-w\.org$" name=".*"/>
+	<securecookie host="^\.porn-w\.org$" name=".+" />
 
 	<rule from="^http://(?:www\.)?porn-w\.org/"
 		to="https://porn-w.org/"/>
diff --git a/src/chrome/content/rules/PornBB.org.xml b/src/chrome/content/rules/PornBB.org.xml
new file mode 100644
index 000000000000..2f9823a7adef
--- /dev/null
+++ b/src/chrome/content/rules/PornBB.org.xml
@@ -0,0 +1,11 @@
+<ruleset name="PornBB.org">
+	<target host="pornbb.org" />
+	<target host="www.pornbb.org" />
+	<target host="fetish.pornbb.org" />
+	<target host="gay.pornbb.org" />
+	<target host="hentai.pornbb.org" />
+	<target host="img.pornbb.org" />
+		<test url="http://img.pornbb.org/images/logo/jan18.png" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PornHub.xml b/src/chrome/content/rules/PornHub.xml
index d9a8a8a3cc33..85e019e4aa1a 100644
--- a/src/chrome/content/rules/PornHub.xml
+++ b/src/chrome/content/rules/PornHub.xml
@@ -1,26 +1,57 @@
 <!--
-	CDN buckets:
-
-		- cdn1a.image.pornhub.phncdn.com.swiftcdn1.com
-			- thumb4.cdn1a.image.pornhub.phncdn.com
-
-		- cdn2.image.pornhub.phncdn.com.swiftcdn1.com
-			- cdn2.image.pornhub.phncdn.com
-
-		- cdn3.image.pornhub.phncdn.com.swiftcdn1.com
-			- cdn3.image.pornhub.phncdn.com
-
+Other PornHub rulesets:
+		Phncdn.com.xml
+
+Invalid certificate:
+	blog.pornhub.com
+	feedback.pornhub.com
+	help.pornhub.com
+	lifestyle.pornhub.com
+	store.pornhub.com
+
+No working URL known:
+	services.pornhub.com
+	stage.pornhub.com
+
+Redirect to HTTP:
+	cms.pornhub.com
+
+Refused connection:
+	origin.pornhub.com
+	rtsp.pornhub.com
 -->
-<ruleset name="PornHub (partial)">
-
-	<target host="pornhub.com" />
-	<target host="www.pornhub.com" />
-
-
-	<securecookie host="^(?:www\.)?pornhub\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?pornhub\.com/"
-		to="https://$1pornhub.com/" />
-
+<ruleset name="PornHub.com">
+	<target host="pornhub.com"/>
+	<target host="www.pornhub.com"/>
+	<target host="bar.pornhub.com"/>
+	<target host="cdn-d-img.pornhub.com"/>
+	<target host="cdn-d-limg.pornhub.com"/>
+	<target host="cdn-d-ss.pornhub.com"/>
+	<target host="cdn-d-ss2.pornhub.com"/>
+	<target host="cdn-d-static.pornhub.com"/>
+	<target host="cdn-d-vid-embed.pornhub.com"/>
+	<target host="cdn-d-vid-mobile.pornhub.com"/>
+	<target host="cdn-d-vid-public.pornhub.com"/>
+	<target host="contest.pornhub.com"/>
+	<target host="cz.pornhub.com"/>
+	<target host="de.pornhub.com"/>
+	<target host="es.pornhub.com"/>
+	<target host="fr.pornhub.com"/>
+	<target host="ht.pornhub.com"/>
+	<target host="hubt.pornhub.com"/>
+	<target host="img.pornhub.com"/>
+		<test url="http://img.pornhub.com/gif/268502.gif"/>
+	<target host="it.pornhub.com"/>
+	<target host="jp.pornhub.com"/>
+	<target host="m.pornhub.com"/>
+	<target host="mobile.pornhub.com"/>
+	<target host="nl.pornhub.com"/>
+	<target host="partners.pornhub.com"/>
+	<target host="pl.pornhub.com"/>
+	<target host="pt.pornhub.com"/>
+	<target host="rt.pornhub.com"/>
+	<target host="ru.pornhub.com"/>
+	<target host="ww.pornhub.com"/>
+
+	<rule from="^http:" to="https:"/>
 </ruleset>
diff --git a/src/chrome/content/rules/PornHubLive.com.xml b/src/chrome/content/rules/PornHubLive.com.xml
new file mode 100644
index 000000000000..0be088197f16
--- /dev/null
+++ b/src/chrome/content/rules/PornHubLive.com.xml
@@ -0,0 +1,50 @@
+<!--
+	Problematic hosts in *pornhublive.com:
+
+		- (www.)? *
+
+	* Refused
+
+
+	Fully covered hosts in *pornhublive.com:
+
+		- (www.)?	(→ secure.pornhublive.com)
+		- secure
+
+
+	These altnames don't exist:
+
+		- www.secure.pornhublive.com
+
+
+	Insecure cookies are set for these domains:
+
+		- .pornhublive.com
+
+-->
+<ruleset name="PornHubLive.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="secure.pornhublive.com" />
+
+	<!--	Complications:
+				-->
+	<target host="pornhublive.com" />
+	<target host="www.pornhublive.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.pornhublive\.com$" name="^(SMpref|nsui)$" /-->
+
+	<securecookie host="^\.pornhublive\.com$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?pornhublive\.com/"
+		to="https://secure.pornhublive.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Porn_Worms.com-falsemixed.xml b/src/chrome/content/rules/Porn_Worms.com-falsemixed.xml
new file mode 100644
index 000000000000..2668f42e9d64
--- /dev/null
+++ b/src/chrome/content/rules/Porn_Worms.com-falsemixed.xml
@@ -0,0 +1,51 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://de.pornworms.com/ => https://de.pornworms.com/: (60, 'SSL certificate problem: self signed certificate')
+Fetch error: http://es.pornworms.com/ => https://es.pornworms.com/: (60, 'SSL certificate problem: self signed certificate')
+Fetch error: http://fr.pornworms.com/ => https://fr.pornworms.com/: (60, 'SSL certificate problem: self signed certificate')
+Fetch error: http://it.pornworms.com/ => https://it.pornworms.com/: (60, 'SSL certificate problem: self signed certificate')
+Fetch error: http://jp.pornworms.com/ => https://jp.pornworms.com/: (60, 'SSL certificate problem: self signed certificate')
+Fetch error: http://nl.pornworms.com/ => https://nl.pornworms.com/: (60, 'SSL certificate problem: self signed certificate')
+Fetch error: http://pt.pornworms.com/ => https://pt.pornworms.com/: (60, 'SSL certificate problem: self signed certificate')
+Fetch error: http://ru.pornworms.com/ => https://ru.pornworms.com/: (60, 'SSL certificate problem: self signed certificate')
+Fetch error: http://www.pornworms.com/ => https://www.pornworms.com/: (60, 'SSL certificate problem: self signed certificate')
+
+	For rules not causing false/broken MCB, see Porn_Worms.com.xml.
+
+
+	Fully covered hosts in *pornworms.com:
+
+		- de
+		- es
+		- fr
+		- it
+		- jp
+		- nl
+		- pt
+		- ru
+		- www
+
+-->
+<ruleset name="Porn Worms.com (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="de.pornworms.com" />
+	<target host="es.pornworms.com" />
+	<target host="fr.pornworms.com" />
+	<target host="it.pornworms.com" />
+	<target host="jp.pornworms.com" />
+	<target host="nl.pornworms.com" />
+	<target host="pt.pornworms.com" />
+	<target host="ru.pornworms.com" />
+	<target host="www.pornworms.com" />
+
+
+	<securecookie host="^(?:de|es|fr|it|jp|nl|pt|ru|www)?\.pornworms\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Porn_Worms.com.xml b/src/chrome/content/rules/Porn_Worms.com.xml
new file mode 100644
index 000000000000..b994c82c83b0
--- /dev/null
+++ b/src/chrome/content/rules/Porn_Worms.com.xml
@@ -0,0 +1,96 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://pornworms.com/ => https://pornworms.com/: (60, 'SSL certificate problem: self signed certificate')
+
+	For rules causing false/broken MCB, see Porn_Worms.com-falsemixed.xml.
+
+
+	Problematic hosts in *pornworms.com:
+
+		- de *
+		- es *
+		- fr *
+		- it *
+		- jp *
+		- nl *
+		- pt *
+		- ru *
+		- www *
+
+	* Mixed css
+
+
+	Fully covered hosts in *pornworms.com
+
+		- ^
+		- cams
+		- images
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .pornworms.com
+		- de.pornworms.com
+		- es.pornworms.com
+		- fr.pornworms.com
+		- it.pornworms.com
+		- jp.pornworms.com
+		- nl.pornworms.com
+		- pt.pornworms.com
+		- ru.pornworms.com
+		- www.pornworms.com
+
+
+	Mixed content:
+
+		- css, from:
+
+			- $self
+			- code.jquery.com
+
+		- Images, from:
+
+			- $self
+			- images.pornworms.com
+
+		- favicon from $self
+
+		- Ads/bugs, from:
+
+			- banners.adultfriendfinder.com
+			- adserver.juicyads.com
+
+-->
+<ruleset name="Porn Worms.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="pornworms.com" />
+	<target host="cams.pornworms.com" />
+	<!--target host="de.pornworms.com" /-->
+	<!--target host="es.pornworms.com" /-->
+	<!--target host="fr.pornworms.com" /-->
+	<target host="images.pornworms.com" />
+	<!--target host="it.pornworms.com" /-->
+	<!--target host="jp.pornworms.com" /-->
+	<!--target host="nl.pornworms.com" /-->
+	<!--target host="pt.pornworms.com" /-->
+	<!--target host="ru.pornworms.com" /-->
+	<!--target host="www.pornworms.com" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.pornworms\.com$" name="^(__cfduid|cf_clearance)$" /-->
+	<!--securecookie host="^cams\.pornworms\.com$" name="^(affkey|csrftoken|whitelabels_hc)$" /-->
+	<!--securecookie host="^(de|es|fr|it|jp|nl|pt|ru|www)\.pornworms\.com$" name="^PHPSESSID$" /-->
+
+	<!--securecookie host="^(?:cams|de|es|fr|it|jp|nl|pt|ru|www)?\.pornworms\.com$" name=".+" /-->
+	<securecookie host="^cams\.pornworms\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Pornel.net.xml b/src/chrome/content/rules/Pornel.net.xml
new file mode 100644
index 000000000000..367cc4c55294
--- /dev/null
+++ b/src/chrome/content/rules/Pornel.net.xml
@@ -0,0 +1,9 @@
+<ruleset name="Pornel.net">
+
+	<target host="pornel.net" />
+	<target host="www.pornel.net" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Pornwikileaks.com.xml b/src/chrome/content/rules/Pornwikileaks.com.xml
new file mode 100644
index 000000000000..a837539cac19
--- /dev/null
+++ b/src/chrome/content/rules/Pornwikileaks.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="Pornwikileaks.com">
+    <target host="pornwikileaks.com" />
+    <target host="www.pornwikileaks.com" />
+    <target host="mail.pornwikileaks.com" />
+    <target host="ftp.pornwikileaks.com" />
+
+    <securecookie host=".+" name=".+" />
+
+    <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PortForward.com.xml b/src/chrome/content/rules/PortForward.com.xml
index c080f5cdbe63..d2e5ce38cdb6 100644
--- a/src/chrome/content/rules/PortForward.com.xml
+++ b/src/chrome/content/rules/PortForward.com.xml
@@ -1,22 +1,26 @@
 <!--
-	Nonfunctional subdomains:
+	HTTP != HTTPS:
+		- admin
 
-		- boards	(cert: www.jasonbauer.net; shows that domain's data)
+	Mismatched:
+		- auth
+		- images
+		- img
+		- new
+		- search
 
--->
-<ruleset name="PortForward.com (partial)">
+	Timeout:
+		- forum
+		- mail
 
+	Expired:
+		- screenshots
+-->
+<ruleset name="PortForward.com">
 	<target host="portforward.com" />
-	<target host="*.portforward.com" />
-
-
-	<!--	- At least some pages present a link back to http
-		- https://(www.) redirecwts back to http
-					-->
-	<rule from="^http://(?:www\.)?portforward\.com/build/"
-		to="https://secure.portforward.com/build/" />
-
-	<rule from="^http://secure\.portforward\.com/"
-		to="https://secure.portforward.com/" />
+	<target host="www.portforward.com" />
+	<target host="portchecker.portforward.com" />
+	<target host="secure.portforward.com" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/PortMorgan.com.xml b/src/chrome/content/rules/PortMorgan.com.xml
new file mode 100644
index 000000000000..a2f8709bd3a3
--- /dev/null
+++ b/src/chrome/content/rules/PortMorgan.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="PortMorgan.com">
+
+	<target host="portmorgan.com" />
+	<target host="www.portmorgan.com" />
+
+
+	<!--	Redirect adds a forward slash:
+						-->
+	<rule from="^http://(www\.)?portmorgan\.com/"
+		to="https://$1portmorgan.com//" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Porta.codes.xml b/src/chrome/content/rules/Porta.codes.xml
new file mode 100644
index 000000000000..d443b7ae35eb
--- /dev/null
+++ b/src/chrome/content/rules/Porta.codes.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .porta.codes
+
+-->
+<ruleset name="Porta.codes">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="porta.codes" />
+	<target host="jonathan.porta.codes" />
+	<target host="www.porta.codes" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.porta\.codes$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.porta\.codes$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PortableApps.com.xml b/src/chrome/content/rules/PortableApps.com.xml
new file mode 100644
index 000000000000..af71b8eb529e
--- /dev/null
+++ b/src/chrome/content/rules/PortableApps.com.xml
@@ -0,0 +1,16 @@
+<!--
+	Invalid certificate:
+		- download2.portableapps.com
+
+	SSL error:
+		- download.portableapps.com
+-->
+
+<ruleset name="PortableApps.com">
+	<target host="portableapps.com" />
+	<target host="www.portableapps.com" />
+	<target host="cdn.portableapps.com" />
+	<target host="download3.portableapps.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Porter.io.xml b/src/chrome/content/rules/Porter.io.xml
new file mode 100644
index 000000000000..e0c286da3b89
--- /dev/null
+++ b/src/chrome/content/rules/Porter.io.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .porter.io
+
+-->
+<ruleset name="Porter.io">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="porter.io" />
+	<target host="www.porter.io" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.porter\.io$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.porter\.io$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Porteus-Kiosk.org.xml b/src/chrome/content/rules/Porteus-Kiosk.org.xml
new file mode 100644
index 000000000000..b6c66a229fed
--- /dev/null
+++ b/src/chrome/content/rules/Porteus-Kiosk.org.xml
@@ -0,0 +1,18 @@
+<!--
+	Mixed content:
+
+		- css from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Porteus-Kiosk.org" default_off="self-signed">
+
+	<target host="porteus-kiosk.org" />
+	<target host="www.porteus-kiosk.org" />
+
+
+	<rule from="^http://(?:www\.)?porteus-kiosk\.org/"
+		to="https://porteus-kiosk.org/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Porteus.xml b/src/chrome/content/rules/Porteus.xml
index ee285b1a7938..73ac22ea8fb7 100644
--- a/src/chrome/content/rules/Porteus.xml
+++ b/src/chrome/content/rules/Porteus.xml
@@ -1,18 +1,30 @@
 <!--
+	Porteus Linux
+
+
 	Nonfunctional subdomains:
 
-		- (www.)	(http reply)
+		- (www.) *
+		- build *
+		- dl
+
+	* Refused
+
+
+	These altnames don't exist:
+
+		- www.forum.porteus.org
 
 -->
-<ruleset name="Porteus Linux (partial)">
+<ruleset name="Porteus.org (partial)">
 
-	<target host="*.porteus.org" />
+	<target host="forum.porteus.org" />
 
 
 	<securecookie host="^\.forum\.porteus\.org$" name=".+" />
 
 
-	<rule from="^http://forum\.porteus\.org/"
-		to="https://forum.porteus.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Portland_Mercury.com.xml b/src/chrome/content/rules/Portland_Mercury.com.xml
new file mode 100644
index 000000000000..80fa471221e2
--- /dev/null
+++ b/src/chrome/content/rules/Portland_Mercury.com.xml
@@ -0,0 +1,34 @@
+
+<!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Fetch error: http://classifieds.portlandmercury.com/ => https://classifieds.portlandmercury.com/: (6, 'Could not resolve host: classifieds.portlandmercury.com')
+Fetch error: http://m.portlandmercury.com/ => https://m.portlandmercury.com/: (6, 'Could not resolve host: m.portlandmercury.com')
+
+  Nonfunctional hosts:
+  301:
+    - post
+  Unresolved hosts:
+    - m
+    - blog
+
+	Mixed content:
+
+		- Image from thestranger.com *
+
+		- favicon from thestranger.com *
+
+	* Secured by us
+-->
+<ruleset name="Portland Mercury.com (partial)">
+
+	<target host="portlandmercury.com" />
+  <target host="www.portlandmercury.com" />
+	<target host="blogtown.portlandmercury.com" />
+	<!-- target host="classifieds.portlandmercury.com" /-->
+	<!-- target host="m.portlandmercury.com" /-->
+	<target host="post.portlandmercury.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Portland_State_University-falsemixed.xml b/src/chrome/content/rules/Portland_State_University-falsemixed.xml
deleted file mode 100644
index fe93a311d3ca..000000000000
--- a/src/chrome/content/rules/Portland_State_University-falsemixed.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<!--
-	For rules not causing false/mixed MCB, see Portland_State_University.xml.
-
--->
-<ruleset name="Portland State University (false MCB)" platform="mixedcontent">
-
-	<target host="pdu.edu" />
-	<target host="webdev.pdu.edu" />
-	<target host="www.pdu.edu" />
-		<!--
-			Covered in Portland_State_University.xml.
-									-->
-		<!--exclusion pattern="^http://(www\.)?pdu\.edu/(favicon\.ico|(\w+/)?(misc|sites)/|syndication/)" /-->
- 		<!--exclusion pattern="^http://webdev\.pdu\.edu/(?!css/|favicon\.ico|images/|js/)" /-->
-		<exclusion pattern="^http://(?:webdev\.|www\.)?pdu\.edu/(?:css/|favicon\.ico|images/|js/|(?:\w+/)?(?:misc|sites)/|syndication/)" />
-
-
-	<securecookie host="^www\.pdu\.edu$" name=".+" />
-
-
-	<rule from="^http://(webdev\.|www\.)?pdu\.edu/"
-		to="https://$1pdu.edu/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Portland_State_University.xml b/src/chrome/content/rules/Portland_State_University.xml
index db0dadfcd841..c3272b0abb62 100644
--- a/src/chrome/content/rules/Portland_State_University.xml
+++ b/src/chrome/content/rules/Portland_State_University.xml
@@ -1,143 +1,51 @@
 <!--
-	For rules causing false/mixed MCB, see Portland_State_University-falsemixed.xml.
+	Non-functional hosts:
+		Timeout:
+		- research.pdx.edu
 
+		SSL error:
+		- mail.pdx.edu
 
-	CDN buckets:
+		Incomplete certificate chain:
+		- banweb.banner.pdx.edu
+		- banweb.pdx.edu
 
-		- pdx.libguides.com
-
-
-	Nonfunctional subdomains:
-
-		- www.experts *
-		- psu-eres.lib		(dropped)
-		- exhibits.library	(refused)
-		- my			(redirects to http)
-		- (www.)rsp *
-
-	* 404; expired 2011-04-23, self-signed, CN: eurystheus.oit.pdx.edu
-
-
-	Problematic subdomains:
-
-		- cal *
-		- www.fap		(works, expired 2013-04-20)
-		- guides.library	(libguides.com)
-		- www.library		(cert only matches ^library)
-		- mail *
-		- sa			(works, expired 2012-12-07)
-		- (www.)summer		(404; expired 2011-08-12, self-signed, CN: sisyphus.oit.pdx.edu)
-
-	* Interrupted
-
-
-	Partially covered subdomains:
-
-		- guides.library	(→ libguides.com)
-		- webdev *
-		- (www.) *
-
-	* Avoiding false/broken MCB, rest covered in Portland_State_University-falsemixed.xml
-
-
-	Fully covered subdomains:
-
-		- banweb
-		- cal		(→ www.google.com)
-		- d2l
-		- (www.)library	(www → ^)
-		- mail		(→ mail.google.com)
-		- (www.)sa	(^ → www)
-		- sso
-		- (www.)summer	(→ ^)
-		- vikat
-		- webdev
-
-
-	Observed cookie domains:
-
-		- banweb
-		- .library
-		- guides.library
-		- my
-		- sso
-		- www
-
-
-	Mixed  content:
-
-		- Scripts on webdev from webdev *
-
-		- css, on:
-
-			- webdev from webdev *
-			- www from www *
-			- www from fonts.gentooapis.com *
-
-		- Images, from:
-
-			- vikat from library *
-			- webdev from webdev *
-			- www from www *
-
-		- favicons, on:
-
-			- www.sa from www *
-			- webdev from webdev *
-
-	* Secured by us
-
-
-	webdev and www are in a separate falsemixed ruleset
-	due to mixed scripts and css from webdev and www.
-
-	NB: We secure all resources, and thus
-	falsemixed should be merged for Ffx 24.
+		Certificate mismatched:
+		- print.pdx.edu
 
+		Different content:
+		- www.library.pdx.edu
 -->
 <ruleset name="Portland State University (partial)">
-
-	<target host="pdu.edu" />
-	<target host="*.pdu.edu" />
-		<!--
-			Avoid false/broken MCB:
-						-->
-		<!--exclusion pattern="^http://(www\.)?pdu\.edu/(?!favicon\.ico|(\w+/)?(misc|sites)/|syndication/)" /-->
-		<!--<exclusion pattern="^http://webdev\.pdu\.edu/(?!css/|favicon\.ico|images/|js/)" /-->
-		<exclusion pattern="^http://(?:webdev\.|www\.)?pdu\.edu/(?!css/|favicon\.ico|images/|js/|(?:\w+/)?(?:misc|sites)/|syndication/)" />
-		<!--exclusion pattern="^http://(www\.fap|my)\.pdu\.edu/" /-->
-		<!--exclusion pattern="^http://guides\.library\.pdx\.edu/(?!css\d*/|favicon\.ico|include/|js\d*/)" /-->
-		<!--exclusion pattern="^http://my\.pdu\.edu/($|\?|favicon\.ico|sites/)" /-->
-
-
-	<!--securecookie host="^(?!www\.)?.+\.pdu\.edu$" name=".+" /-->
-	<securecookie host="^(?:banweb|sso|vikat)\.pdu\.edu$" name=".+" />
-	<!--
-		Could we secure any of these safely?
-							-->
-	<!--securecookie host="^\.pdu\.edu$" name="^(III_EXPT_FILE|III_SESSION_ID|SESSION_LANGUAGE)$" /-->
-	<!--securecookie host="^\.library\.pdu\.edu$" name=".+" /-->
-
-
-	<rule from="^http://((?:banweb|d2l|sso|vikat|webdev|www)\.)?pdu\.edu/"
-		to="https://$1pdu.edu/" />
-
-	<rule from="^http://cal\.pdu\.edu/.*"
-		to="https://www.google.com/calendar/hosted/pdx.edu" />
-
-	<rule from="^http://(?:www\.)?library\.pdu\.edu/"
-		to="https://library.pdu.edu/" />
-
-	<rule from="^http://guides\.library\.pdx\.edu/(?=css\d*/|favicon\.ico|include/|js\d*/)"
-		to="https://libguides.com/" />
-
-	<rule from="^http://mail\.pdu\.edu/.*"
-		to="https://mail.google.com/a/pdu.edu" />
-
-	<rule from="^http://(?:www\.)?sa\.pdu\.edu/"
-		to="https://www.sa.pdu.edu/" />
-
-	<rule from="^http://(?:www\.)?summer\.pdu\.edu/.*"
-		to="https://pdu.edu/summer" />
-
-</ruleset>
\ No newline at end of file
+	<target host="pdx.edu" />
+	<target host="www.pdx.edu" />
+	
+	<target host="alba.pdx.edu" />
+
+	<target host="cat.pdx.edu" />
+	
+	<target host="d2l.pdx.edu" />
+	
+	<target host="library.pdx.edu" />
+	<target host="www.library.pdx.edu" />
+	<target host="guides.library.pdx.edu" />
+	<target host="pdxscholar.library.pdx.edu" />
+	<target host="search.library.pdx.edu" />
+	
+	<target host="oaiplus.pdx.edu" />
+	
+	<target host="publishing.pdx.edu" />
+	
+	<target host="climatecope.research.pdx.edu" />
+	<target host="wpsa.research.pdx.edu" />
+	
+	<target host="my.pdx.edu" />
+	
+	<target host="sso.pdx.edu" />
+		<test url="http://sso.pdx.edu/idp/profile/SAML2/POST/SSO" />
+
+	<rule from="^http://www\.library\.pdx\.edu/"
+		  	to="https://library.pdx.edu/" />
+	
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Portner_Press.com.au.xml b/src/chrome/content/rules/Portner_Press.com.au.xml
new file mode 100644
index 000000000000..2fa3ddfbf163
--- /dev/null
+++ b/src/chrome/content/rules/Portner_Press.com.au.xml
@@ -0,0 +1,22 @@
+<!--
+	- CN: Parallels Panel
+	- Expired 2013-08-08
+
+
+	Mixed content:
+
+		- Images from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Portner Press.com.au" default_off="expired, self-signed">
+
+	<target host="portnerpress.com.au" />
+	<target host="www.portnerpress.com.au" />
+
+
+	<rule from="^http://(?:www\.)?portnerpress\.com\.au/"
+		to="https://www.portnerpress.com.au/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Porton_CV.gov.cv.xml b/src/chrome/content/rules/Porton_CV.gov.cv.xml
new file mode 100644
index 000000000000..ff2ea72a5675
--- /dev/null
+++ b/src/chrome/content/rules/Porton_CV.gov.cv.xml
@@ -0,0 +1,16 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://portoncv.gov.cv/ => https://portoncv.gov.cv/: (28, 'Connection timed out after 20001 milliseconds')
+
+	www doesn't exist.
+
+-->
+<ruleset name="Porton CV.gov.cv" default_off="failed ruleset test">
+
+	<target host="portoncv.gov.cv" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Portsmouth.gov.uk.xml b/src/chrome/content/rules/Portsmouth.gov.uk.xml
new file mode 100644
index 000000000000..e33666500893
--- /dev/null
+++ b/src/chrome/content/rules/Portsmouth.gov.uk.xml
@@ -0,0 +1,58 @@
+
+<!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Fetch error: http://airquality.portsmouth.gov.uk/ => https://airquality.portsmouth.gov.uk/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://bigrecycle.portsmouth.gov.uk/ => https://bigrecycle.portsmouth.gov.uk/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://brightfutures.portsmouth.gov.uk/ => https://brightfutures.portsmouth.gov.uk/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.forms.portsmouth.gov.uk/ => https://www.forms.portsmouth.gov.uk/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.mediastore.portsmouth.gov.uk/ => https://www.mediastore.portsmouth.gov.uk/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://scip.portsmouth.gov.uk/ => https://scip.portsmouth.gov.uk/: (28, 'Connection timed out after 20000 milliseconds')
+
+	For other UK government coverage, see GOV.UK.xml.
+
+	Non-functional hosts
+		Couldn't connect to server:
+		- parkandride.portsmouth.gov.uk
+		- publicaccess.portsmouth.gov.uk
+		- spocc.portsmouth.gov.uk
+
+		SSL connect error:
+		- www.las.portsmouth.gov.uk
+
+		SSL peer certificate was not OK:
+		- www.ataleofonecity.portsmouth.gov.uk
+		- democracy.portsmouth.gov.uk
+		- www.emas.portsmouth.gov.uk
+		- www.jsna.portsmouth.gov.uk
+		- www.mediastore.portsmouth.gov.uk
+		- servicesnetwork.portsmouth.gov.uk
+
+		Incomplete certificate chain error:
+		- portsmouth.gov.uk
+		- adoption.portsmouth.gov.uk
+		- foster.portsmouth.gov.uk
+		- jsna.portsmouth.gov.uk
+		- www.portsmouth.gov.uk
+
+    Timeout:
+      emas.portsmouth.gov.uk
+      mediastore.portsmouth.gov.uk
+-->
+<ruleset name="Portsmouth.gov.uk">
+	<target host="admissions.portsmouth.gov.uk" />
+	<target host="adultdp.portsmouth.gov.uk" />
+	<target host="www.adultdp.portsmouth.gov.uk" />
+	<!-- target host="airquality.portsmouth.gov.uk" /-->
+	<!-- target host="bigrecycle.portsmouth.gov.uk" /-->
+	<!-- target host="brightfutures.portsmouth.gov.uk" /-->
+	<!-- target host="www.forms.portsmouth.gov.uk" /-->
+	<!-- target host="www.mediastore.portsmouth.gov.uk" /-->
+	<target host="parkingtickets.portsmouth.gov.uk" />
+	<!-- target host="scip.portsmouth.gov.uk" /-->
+	<target host="securetransfer.portsmouth.gov.uk" />
+	<target host="volunteer.portsmouth.gov.uk" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Portugal.gov.pt.xml b/src/chrome/content/rules/Portugal.gov.pt.xml
new file mode 100644
index 000000000000..afb163b1bf99
--- /dev/null
+++ b/src/chrome/content/rules/Portugal.gov.pt.xml
@@ -0,0 +1,12 @@
+<!--
+	Other Governo Português rulesets:
+	+ GovernoPortugues-mismatches.xml
+-->
+<ruleset name="Portugal.gov.pt">
+	<target host="portugal.gov.pt" />
+	<target host="www.portugal.gov.pt" />
+	<target host="historico.portugal.gov.pt" />
+	<target host="www.historico.portugal.gov.pt" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PoshLiving.xml b/src/chrome/content/rules/PoshLiving.xml
deleted file mode 100644
index 4a94dc4da4c3..000000000000
--- a/src/chrome/content/rules/PoshLiving.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="PoshLiving">
-
-	<target host="poshliving.com" />
-	<target host="*.poshliving.com" />
-
-
-	<securecookie host="^(?:www)?\.poshliving\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?poshliving\.com/"
-		to="https://$1poshliving.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Positive-Software.xml b/src/chrome/content/rules/Positive-Software.xml
index fa5369862ab0..c568decbcba1 100644
--- a/src/chrome/content/rules/Positive-Software.xml
+++ b/src/chrome/content/rules/Positive-Software.xml
@@ -1,16 +1,34 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://license.psoft.net/ => https://license.psoft.net/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	Positive Software
+
 	For other Parallels coverage, see Parallels.xml.
 
 
-	(www.) & my are in Parallels.xml.
+	(www.)?psoft.net: Refused
 
 -->
-<ruleset name="Positive Software" default_off="expired">
+<ruleset name="PSoft.net (partial)" default_off="failed ruleset test">
 
 	<target host="license.psoft.net" />
 
+	<!--	Complications:
+				-->
+	<target host="my.psoft.net" />
+
+
+	<!--	Redirect drops path, args,
+		and forward slash:
+					-->
+	<rule from="^http://my\.psoft\.net/.*"
+		to="https://www.odin.com/" />
+
+		<test url="http://my.psoft.net/index" />
 
-	<rule from="^http://license\.psoft\.net/"
-		to="https://license.psoft.net/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/PositiveSSL.xml b/src/chrome/content/rules/PositiveSSL.xml
index 4d4174c618f7..915656e38a98 100644
--- a/src/chrome/content/rules/PositiveSSL.xml
+++ b/src/chrome/content/rules/PositiveSSL.xml
@@ -1,6 +1,14 @@
-<ruleset name="PositiveSSL">
- <target host="www.positivessl.com" />
+<!--
+	For other Comodo coverage, see Comodo.xml.
+
+-->
+<ruleset name="PositiveSSL.com">
+
+	<!--	Direct rewrites:
+				-->
  <target host="positivessl.com" />
- 
- <rule from="^http://(?:www\.)?positivessl\.com/" to="https://www.positivessl.com/" />
+ <target host="www.positivessl.com" />
+
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Post-Click-Marketing.xml b/src/chrome/content/rules/Post-Click-Marketing.xml
index e170c6089c07..007fc3e73b87 100644
--- a/src/chrome/content/rules/Post-Click-Marketing.xml
+++ b/src/chrome/content/rules/Post-Click-Marketing.xml
@@ -1,8 +1,12 @@
-<ruleset name="Post-Click Marketing (partial)">
+<!--
+	For other Ion Interactive coverage, see ioninteractive.com.xml.
+
+-->
+<ruleset name="Post Click Marketing.com (partial)">
 
 	<target host="ion.postclickmarketing.com"/>
 
-	<rule from="^http://ion\.postclickmarketing\.com/"
-		to="https://ion.postclickmarketing.com/"/>
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Post-Gazette.com-falsemixed.xml b/src/chrome/content/rules/Post-Gazette.com-falsemixed.xml
new file mode 100644
index 000000000000..c21d6488ad98
--- /dev/null
+++ b/src/chrome/content/rules/Post-Gazette.com-falsemixed.xml
@@ -0,0 +1,28 @@
+<!--
+	For rules not causing false/broken MCB, see Pittsburgh-Post-Gazette.xml.
+
+-->
+<ruleset name="Post-Gazette.com (false MCB)" platform="mixedcontent">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="pge.post-gazette.com" />
+	<target host="powersource.post-gazette.com" />
+	<target host="press.post-gazette.com" />
+	<target host="www.post-gazette.com" />
+
+	<!--	Complications:
+				-->
+	<target host="post-gazette.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://post-gazette\.com/"
+		to="https://www.post-gazette.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Post.at.xml b/src/chrome/content/rules/Post.at.xml
new file mode 100644
index 000000000000..689a8113d290
--- /dev/null
+++ b/src/chrome/content/rules/Post.at.xml
@@ -0,0 +1,25 @@
+<!--
+	Die Österreichische Post AG
+
+	Any postcode is a subdomain. Any invalid subdomain supports https
+	and redirects to home.
+-->
+<ruleset name="Post.at">
+	<target host="post.at" />
+	<target host="*.post.at" />
+
+	<test url="http://www.post.at/" />
+	<test url="http://1337.post.at/" />
+	<test url="http://bc.post.at/" />
+	<test url="http://ideenwettbewerb.post.at/" />
+	<test url="http://intranet.post.at/" />
+	<test url="http://karriere.post.at/" />
+	<test url="http://nachschau.post.at/" />
+	<test url="http://onlineshop.post.at/" />
+	<test url="http://paolapanel.post.at/" />
+	<test url="http://philawiki.post.at/" />
+	<test url="http://secure.post.at/" />
+	<test url="http://versandmanager.post.at/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Post.ch.xml b/src/chrome/content/rules/Post.ch.xml
index c677bde0dca7..712b7b815b8f 100644
--- a/src/chrome/content/rules/Post.ch.xml
+++ b/src/chrome/content/rules/Post.ch.xml
@@ -1,4 +1,18 @@
-<ruleset name="Post.ch">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://secure.swisspostbox.com/ => https://secure.swisspostbox.com/: (6, 'Could not resolve host: secure.swisspostbox.com')
+Fetch error: http://mypostbusiness.ch/ => https://www.mypostbusiness.ch/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.mypostbusiness.ch/ => https://www.mypostbusiness.ch/: (60, 'SSL certificate problem: certificate has expired')
+
+	Nonfunctional domains:
+
+		- (www.)?swisspost-gls.ch *
+
+	* Refused
+
+-->
+<ruleset name="Post.ch" default_off="failed ruleset test">
     <target host="post.ch" />
     <target host="www.post.ch" />
     <target host="posta.ch" />
@@ -7,102 +21,62 @@
     <target host="www.poste.ch" />
     <target host="swisspost.com" />
     <target host="www.swisspost.com" />
-    <target host="tntswisspost.com" />
-    <target host="www.tntswisspost.com" />
     <target host="swisspost.ch" />
     <target host="www.swisspost.ch" />
-    <target host="swisspost-gls.ch" />
-    <target host="www.swisspost-gls.ch" />
     <target host="secure.swisspostbox.com" />
-    <target host="incamail.ch" />
-    <target host="www.incamail.ch" />
     <target host="im.post.ch" />
     <target host="postauto.ch" />
     <target host="www.postauto.ch" />
     <target host="postbus.ch" />
     <target host="mypostbusiness.ch" />
     <target host="www.mypostbusiness.ch" />
-    <target host="postfinance.ch"/>
-    <target host="www.postfinance.ch"/>
     <target host="postsuisseid.ch" />
     <target host="www.postsuisseid.ch" />
     <target host="swisssign.com" />
     <target host="www.swisssign.com" />
-    <target host="press-shop.ch" />
-    <target host="www.press-shop.ch" />
-    <target host="press-shop-deutschland.de" />
-    <target host="www.press-shop-deutschland.de" />
-    <target host="press-shop-france.fr" />
-    <target host="www.press-shop-france.fr" />
-    <target host="press-shop-oesterreich.at" />
-    <target host="www.press-shop-oesterreich.at" />
-    <target host="press-shop-international.com" />
-    <target host="www.press-shop-international.com" />
-    <target host="mds-media.ch" />
-    <target host="www.mds-media.ch" />
     <target host="admin.omgpm.com" />
 
-    <securecookie host="^(.*\.)?post(.*)\.ch$" name=".+" />
-    <securecookie host="^(.*\.)?swisspost\.ch$" name=".+" />
-    <securecookie host="^(.*\.)?swisspost\.com$" name=".+" />
-    <securecookie host="^(.*\.)?postfinance\.ch$" name=".+" />
-    <securecookie host="^(.*\.)?postsuisseid\.ch$" name=".+" />
-    <securecookie host="^(.*\.)?swisssign\.com$" name=".+" />
+    <securecookie host="^(?:.*\.)?post.*\.ch$" name=".+" />
+    <securecookie host="^(?:.*\.)?swisspost\.ch$" name=".+" />
+    <securecookie host="^(?:.*\.)?swisspost\.com$" name=".+" />
+    <securecookie host="^(?:.*\.)?postsuisseid\.ch$" name=".+" />
+    <securecookie host="^(?:.*\.)?swisssign\.com$" name=".+" />
 
-    <rule from="^https?://(?:www\.)?post\.ch/"
+    <rule from="^http://(?:www\.)?post\.ch/"
         to="https://www.post.ch/"/>
-    <rule from="^https?://(?:www\.)?posta\.ch/"
+    <rule from="^http://(?:www\.)?posta\.ch/"
         to="https://www.posta.ch/"/>
-    <rule from="^https?://(?:www\.)?poste\.ch/"
+    <rule from="^http://(?:www\.)?poste\.ch/"
         to="https://www.poste.ch/"/>
-    <rule from="^https?://(?:www\.)?swisspost\.com/"
+    <rule from="^http://(?:www\.)?swisspost\.com/"
         to="https://www.swisspost.com/"/>
-    <rule from="^https?://(?:www\.)?tntswisspost\.com/"
-        to="https://www.tntswisspost.com/"/>
-    <rule from="^https?://(?:www\.)?swisspost\.ch/"
+    <rule from="^http://(?:www\.)?swisspost\.ch/"
         to="https://www.swisspost.ch/"/>
 
-    <rule from="^https?://(?:www\.)?swisspost-gls\.ch/"
-        to="https://www.swisspost-gls.ch/"/>
-
-    <rule from="^https?://(?:secure\.)?swisspostbox\.com/"
+    <rule from="^http://secure\.swisspostbox\.com/"
         to="https://secure.swisspostbox.com/"/>
 
-    <rule from="^https?://(?:www\.)?incamail\.ch/"
-        to="https://im.post.ch/"/>
-    <rule from="^https?://im\.post\.ch/"
+    <rule from="^http://im\.post\.ch/"
         to="https://im.post.ch/"/>
 
-    <rule from="^https?://(?:www\.)?postauto\.ch/"
+    <rule from="^http://(?:www\.)?postauto\.ch/"
         to="https://www.postauto.ch/"/>
-    <rule from="^https?://(?:www\.)?postbus\.ch/"
+
+    <rule from="^http://postbus\.ch/"
         to="https://www.postbus.ch/"/>
 
-    <rule from="^https?://(?:www\.)?mypostbusiness\.ch/"
+    <rule from="^http://(?:www\.)?mypostbusiness\.ch/"
         to="https://www.mypostbusiness.ch/"/>
 
-    <rule from="^https?://(?:www\.)?postfinance\.ch/"
+    <rule from="^http://(?:www\.)?postfinance\.ch/"
         to="https://www.postfinance.ch/"/>
 
-    <rule from="^https?://(?:www\.)?postsuisseid\.ch/"
+    <rule from="^http://(?:www\.)?postsuisseid\.ch/"
         to="https://postsuisseid.ch/"/>
 
-    <rule from="^https?://(?:www\.)?swisssign\.com/"
+    <rule from="^http://(?:www\.)?swisssign\.com/"
         to="https://swisssign.com/"/>
 
-    <rule from="^https?://(?:www\.)?press-shop\.ch/"
-        to="https://www.press-shop.ch/"/>
-    <rule from="^https?://(?:www\.)?press-shop-deutschland\.de/"
-        to="https://www.press-shop-deutschland.de/"/>
-    <rule from="^https?://(?:www\.)?press-shop-france\.fr/"
-        to="https://www.press-shop-france.fr/"/>
-    <rule from="^https?://(?:www\.)?press-shop-oesterreich\.at/"
-        to="https://www.press-shop-oesterreich.at/"/>
-    <rule from="^https?://(?:www\.)?press-shop-international\.com/"
-        to="https://www.press-shop-international.com/"/>
-
-    <rule from="^https?://(?:www\.)?mds-media\.ch/"
-        to="https://www.mds-media.ch/"/>
-    <rule from="^https?://(?:admin\.)?omgpm\.com/"
+    <rule from="^http://admin\.omgpm\.com/"
         to="https://admin.omgpm.com/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/Post852.com.xml b/src/chrome/content/rules/Post852.com.xml
new file mode 100644
index 000000000000..78d93d0c7295
--- /dev/null
+++ b/src/chrome/content/rules/Post852.com.xml
@@ -0,0 +1,20 @@
+<!--
+	Non-functional hosts
+		Couldn't resolve host name:
+			 - cdn.post852.com
+
+		Timeout was reached:
+			 - dev1.post852.com
+
+		Mixed content blocking (MCB) tiggered:
+			 - www.post852.com
+-->
+<ruleset name="Post852.com (partial)">
+	<target host="post852.com" />
+	<target host="assets.post852.com" />
+	<test url="http://assets.post852.com/wp-content/uploads/2015/06/hsbc_logo.png" />
+	<test url="http://assets.post852.com/wp-content/uploads/2017/03/03121032/148851423118637-300x168.jpg" />
+	<test url="http://assets.post852.com/wp-content/uploads/2017/03/02174000/svsad-200x113.jpg" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PostImage.xml b/src/chrome/content/rules/PostImage.xml
new file mode 100644
index 000000000000..725b2e1580c4
--- /dev/null
+++ b/src/chrome/content/rules/PostImage.xml
@@ -0,0 +1,90 @@
+<ruleset name="PostImage">
+	<!-- postimg.io -->
+	<target host="postimg.io" />
+	<target host="www.postimg.io" />
+	<target host="s1.postimg.io" />
+	<target host="s2.postimg.io" />
+	<target host="s3.postimg.io" />
+	<target host="s4.postimg.io" />
+	<target host="s5.postimg.io" />
+	<target host="s6.postimg.io" />
+	<target host="s7.postimg.io" />
+	<target host="s8.postimg.io" />
+	<target host="s9.postimg.io" />
+	<target host="s10.postimg.io" />
+	<target host="s11.postimg.io" />
+	<target host="s12.postimg.io" />
+	<target host="s13.postimg.io" />
+	<target host="s14.postimg.io" />
+	<target host="s15.postimg.io" />
+	<target host="s16.postimg.io" />
+	<target host="s17.postimg.io" />
+	<target host="s18.postimg.io" />
+	<target host="s19.postimg.io" />
+	<target host="s20.postimg.io" />
+	<target host="s21.postimg.io" />
+	<target host="s22.postimg.io" />
+	<target host="s23.postimg.io" />
+	<target host="s24.postimg.io" />
+	<target host="s25.postimg.io" />
+	<target host="s26.postimg.io" />
+	<target host="s27.postimg.io" />
+	<target host="s28.postimg.io" />
+	<target host="s29.postimg.io" />
+	<target host="s30.postimg.io" />
+	<target host="s31.postimg.io" />
+	<target host="s32.postimg.io" />
+	<target host="s33.postimg.io" />
+
+	<!-- postimage.io -->
+	<target host="postimage.io" />
+	<target host="www.postimage.io" />
+
+	<!-- postimage.org -->
+	<target host="postimage.org" />
+	<target host="www.postimage.org" />
+	<target host="beta.postimage.org" />
+	<target host="mod.postimage.org" />
+	<target host="old.postimage.org" />
+	<target host="s1.postimage.org" />
+	<target host="s2.postimage.org" />
+	<target host="s3.postimage.org" />
+	<target host="s4.postimage.org" />
+	<target host="s5.postimage.org" />
+	<target host="s6.postimage.org" />
+	<target host="s7.postimage.org" />
+	<target host="s8.postimage.org" />
+	<target host="s9.postimage.org" />
+	<target host="s10.postimage.org" />
+	<target host="s11.postimage.org" />
+	<target host="s12.postimage.org" />
+	<target host="s13.postimage.org" />
+	<target host="s14.postimage.org" />
+	<target host="s15.postimage.org" />
+	<target host="s16.postimage.org" />
+	<target host="s17.postimage.org" />
+	<target host="s18.postimage.org" />
+	<target host="s19.postimage.org" />
+	<target host="s20.postimage.org" />
+	<target host="s21.postimage.org" />
+	<target host="s22.postimage.org" />
+	<target host="s23.postimage.org" />
+	<target host="s24.postimage.org" />
+	<target host="s25.postimage.org" />
+	<target host="s26.postimage.org" />
+	<target host="s27.postimage.org" />
+	<target host="s28.postimage.org" />
+	<target host="s29.postimage.org" />
+	<target host="s30.postimage.org" />
+	<target host="s31.postimage.org" />
+	<target host="s32.postimage.org" />
+	<target host="s33.postimage.org" />
+
+	<!-- postimgs.org -->
+	<target host="postimgs.org" />
+	<target host="www.postimgs.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PostNord.se.xml b/src/chrome/content/rules/PostNord.se.xml
new file mode 100644
index 000000000000..1ae9c07b7097
--- /dev/null
+++ b/src/chrome/content/rules/PostNord.se.xml
@@ -0,0 +1,33 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+		- vykortsmotiv.postnord.se
+
+		SSL connect error:
+		- services3.postnord.se
+
+		SSL peer certificate was not OK:
+		- appfeedback.postnord.se
+		- dm.postnord.se
+		- pages.postnord.se
+		- pnlyssnar.postnord.se
+
+		Status code mismatch:
+		- ebutik.postnord.se
+
+		Secure connection redirects to plaintext:
+		- www.postnord.se
+-->
+<ruleset name="PostNord.se (partial)">
+	<target host="postnord.se" />
+	<target host="ebutik.postnord.se" />
+	<test url="http://ebutik.postnord.se/local/pics/pn_white_rgb.png" />
+	<target host="pnf.postnord.se" />
+	<target host="rv.postnord.se" />
+	<target host="rv2.postnord.se" />
+	<target host="rv3.postnord.se" />
+	<target host="rv4.postnord.se" />
+	<target host="starpayment.postnord.se" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Post_Affiliate_Network.com.xml b/src/chrome/content/rules/Post_Affiliate_Network.com.xml
new file mode 100644
index 000000000000..3fa4848199b0
--- /dev/null
+++ b/src/chrome/content/rules/Post_Affiliate_Network.com.xml
@@ -0,0 +1,29 @@
+<!--
+	For other QualityUnit coverage, see QualityUnit.xml.
+
+
+	Insecure cookies are set for these hosts:
+
+		- postaffiliatenetwork.com
+		- www.postaffiliatenetwork.com
+
+-->
+<ruleset name="Post Affiliate Network.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="postaffiliatenetwork.com" />
+	<target host="www.postaffiliatenetwork.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?postaffiliatenetwork\.com$" name="^STICKYSESSION$" /-->
+
+	<securecookie host="^(?:www\.)?postaffiliatenetwork\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Post_Affiliate_Pro.com.xml b/src/chrome/content/rules/Post_Affiliate_Pro.com.xml
new file mode 100644
index 000000000000..21082012fe31
--- /dev/null
+++ b/src/chrome/content/rules/Post_Affiliate_Pro.com.xml
@@ -0,0 +1,29 @@
+<!--
+	For other QualityUnit coverage, see QualityUnit.xml.
+
+
+	Insecure cookies are set for these hosts:
+
+		- postaffiliatepro.com
+		- www.postaffiliatepro.com
+
+-->
+<ruleset name="Post Affiliate Pro.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="postaffiliatepro.com" />
+	<target host="www.postaffiliatepro.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?postaffiliatepro\.com$" name="^STICKYSESSION$" /-->
+
+	<securecookie host="^(?:www\.)?postaffiliatepro\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Post_Office.xml b/src/chrome/content/rules/Post_Office.xml
index 7365d52f4f15..e104f319c8f1 100644
--- a/src/chrome/content/rules/Post_Office.xml
+++ b/src/chrome/content/rules/Post_Office.xml
@@ -1,4 +1,7 @@
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.pofssavecredit.co.uk/ => https://www.pofssavecredit.co.uk/: (28, 'Connection timed out after 10000 milliseconds')
+Fetch error: http://www.postoffice.travelmoneycard.co.uk/ => https://www.postoffice.travelmoneycard.co.uk/: (28, 'Resolving timed out after 10517 milliseconds')
 	For other Royal Mail coverage, see Royal_Mail_Group.xml.
 
 
@@ -37,10 +40,10 @@
 	<rule from="^http://www\.pofssavecredit\.co\.uk/"
 		to="https://www.pofssavecredit.co.uk/" />
 
-	<rule from="^https?://(?:www\.)?postoffice\.co.uk/(sites/|user(?:$|\?|/))"
+	<rule from="^http://(?:www\.)?postoffice\.co\.uk/(sites/|user(?:$|\?|/))"
 		to="https://www.postoffice.co.uk/$1" />
 
 	<rule from="^http://www\.postoffice\.travelmoneycard\.co\.uk/"
 		to="https://www.postoffice.travelmoneycard.co.uk/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Post_Office_Shop.xml b/src/chrome/content/rules/Post_Office_Shop.xml
index d4c809d6371d..daec5bc7d9fa 100644
--- a/src/chrome/content/rules/Post_Office_Shop.xml
+++ b/src/chrome/content/rules/Post_Office_Shop.xml
@@ -14,7 +14,6 @@
 	<securecookie host="^www\.postofficeshop\.co\.uk$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?postofficeshop\.co.uk/"
-		to="https://www.postofficeshop.co.uk/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Post_to.Me.xml b/src/chrome/content/rules/Post_to.Me.xml
index 41d0a25a5d58..f03a613d17c7 100644
--- a/src/chrome/content/rules/Post_to.Me.xml
+++ b/src/chrome/content/rules/Post_to.Me.xml
@@ -1,19 +1,37 @@
 <!--
-	Problematic subdomains:
+	Problematic hosts in *postto.me:
 
 		- cat	(503)
 
+
+	Insecure cookies are set for these domains:
+
+		- .postto.me
+
 -->
 <ruleset name="Post to.Me">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="postto.me" />
-	<target host="*.postto.me" />
+	<target host="www.postto.me" />
+
+	<!--	Complications:
+				-->
+	<target host="cat.postto.me" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.postto\.me$" name="^(__cfduid|cf_clearance)$" /-->
 
+	<securecookie host=".+" name=".+" />
 
-	<securecookie host="^\.postto\.me$" name=".+" />
 
+	<rule from="^http://cat\.postto\.me/"
+		to="https://postto.me/" />
 
-	<rule from="^http://(?:cat\.|(www\.))?postto\.me/"
-		to="https://$1postto.me/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Posta-Online.it.xml b/src/chrome/content/rules/Posta-Online.it.xml
new file mode 100644
index 000000000000..465ff582b066
--- /dev/null
+++ b/src/chrome/content/rules/Posta-Online.it.xml
@@ -0,0 +1,21 @@
+<!--
+	For other Poste Italiane coverage, see Poste.it.xml.
+
+
+	^posta-online.it doesn't exist.
+
+-->
+<ruleset name="Posta-Online.it">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.posta-online.it" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Posta.sk.xml b/src/chrome/content/rules/Posta.sk.xml
new file mode 100644
index 000000000000..9a9062587c5b
--- /dev/null
+++ b/src/chrome/content/rules/Posta.sk.xml
@@ -0,0 +1,30 @@
+<!--
+	Nonfunctional hosts in *.posta.sk:
+
+	certificate mismatch:
+		- edokumenty.posta.sk
+	connection refused:
+		- ekpt.posta.sk
+-->
+<ruleset name="Posta.sk">
+	<target host="posta.sk" />
+	<target host="www.posta.sk" />
+	<target host="admin.posta.sk" />
+	<target host="api.posta.sk" />
+	<target host="bugzero.posta.sk" />
+	<target host="cennik.posta.sk" />
+	<target host="ekp.posta.sk" />
+	<target host="enews.posta.sk" />
+	<target host="eph.posta.sk" />
+	<target host="esipo.posta.sk" />
+	<target host="esluzby.posta.sk" />
+	<target host="evzdelavanie.posta.sk" />
+	<target host="kariera.posta.sk" />
+	<target host="mojezasielky.posta.sk" />
+	<target host="otvaraciehodiny.posta.sk" />
+	<target host="pohladnica.posta.sk" />
+	<target host="psc.posta.sk" />
+	<target host="tandt.posta.sk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Postal_Heritage.org.uk.xml b/src/chrome/content/rules/Postal_Heritage.org.uk.xml
new file mode 100644
index 000000000000..1b2bc046f062
--- /dev/null
+++ b/src/chrome/content/rules/Postal_Heritage.org.uk.xml
@@ -0,0 +1,26 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://assets1.postalheritage.org.uk/ => https://assets1.postalheritage.org.uk/: (6, 'Could not resolve host: assets1.postalheritage.org.uk')
+
+	At least some pages redirect to http.
+
+-->
+<ruleset name="Postal Heritage.org.uk (partial)" default_off="failed ruleset test">
+
+	<target host="postalheritage.org.uk" />
+	<target host="assets1.postalheritage.org.uk" />
+	<target host="www.postalheritage.org.uk" />
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="^http://(www\.)?postalheritage\.org\.uk/+page/(1|mailing)($|\?)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://(?:www\.)?postalheritage\.org\.uk/+(?!imgs/|lib/|uploads/)" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Postbank.xml b/src/chrome/content/rules/Postbank.xml
index 34f6dd9a7aee..3d49c730199d 100644
--- a/src/chrome/content/rules/Postbank.xml
+++ b/src/chrome/content/rules/Postbank.xml
@@ -1,25 +1,15 @@
 <!--
 	Other Postbank rulesets:
-
-		- BHW.de.xml
-
-
-	Fully covered subdomains:
-
-		- broking
-		- direkt
-
+	- BHW.de.xml
 -->
-<ruleset name="Postbank">
-
+<ruleset name="Postbank.de">
 	<target host="postbank.de" />
-	<target host="*.postbank.de" />
-
-
-	<securecookie host="^(?:.*\.)?postbank\.de$" name=".+" />
-
+	<target host="www.postbank.de" />
+	<target host="banking.postbank.de" />
+	<target host="broking.postbank.de" />
+	<target host="tp.postbank.de" />
 
-	<rule from="^http://((?:banking|broking|direkt|tp|www)\.)?postbank\.de/"
-		to="https://$1postbank.de/" />
+	<securecookie host=".+" name=".+" />
 
+	<rule from="^http:"	to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Postbox-Inc.com.xml b/src/chrome/content/rules/Postbox-Inc.com.xml
new file mode 100644
index 000000000000..9ee4a5300ec6
--- /dev/null
+++ b/src/chrome/content/rules/Postbox-Inc.com.xml
@@ -0,0 +1,23 @@
+<!--
+	Nonfunctional hosts in *postbox-inc.com:
+
+		- support *
+
+	* Zendesk
+
+-->
+<ruleset name="Postbox-Inc.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="postbox-inc.com" />
+	<target host="www.postbox-inc.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PostbyDNX.com.xml b/src/chrome/content/rules/PostbyDNX.com.xml
new file mode 100644
index 000000000000..ef669a5b5d3f
--- /dev/null
+++ b/src/chrome/content/rules/PostbyDNX.com.xml
@@ -0,0 +1,31 @@
+<!--
+	Insecure cookies are set for these domains and hosts:
+
+		- postbydnx.com
+		- .postbydnx.com
+		- www.postbydnx.com
+
+
+	Mixed css, images, and ads from various domains.
+
+-->
+<ruleset name="PostbyDNX.com" platform="mixedcontent">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="postbydnx.com" />
+	<target host="www.postbydnx.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?postbydnx\.com$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^\.postbydnx\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^(?:\.|www\.)?postbydnx\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Postdanmark.dk.xml b/src/chrome/content/rules/Postdanmark.dk.xml
index 98d88fe84610..2deeff096e1c 100644
--- a/src/chrome/content/rules/Postdanmark.dk.xml
+++ b/src/chrome/content/rules/Postdanmark.dk.xml
@@ -1,6 +1,28 @@
-<ruleset name="Postdanmark.dk">
-  <target host="postdanmark.dk" />
-  <target host="www.postdanmark.dk" />
+<!--
+	(www.)?postdanmark.dk: Handshake fails
+
+
+	Insecure cookies are set for these hosts:
+
+		- www2.postdanmark.dk
+
+-->
+<ruleset name="Postdanmark.dk (partial)">
+
+	<target host="www2.postdanmark.dk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www2\.postdanmark\.dk$" name="^(?:DMS-TIM-TAM-COOKIE|EKM_COOKIE|EKOM-TIM-TAM-COOKIE|JSESSIONID|POSTNORD-SESSION-ID)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+        <!-- Mixed content from maps.google.com: -->
+        <exclusion pattern="http://www2\.postdanmark\.dk/iis2-findos2/" />
+        <test url="http://www2.postdanmark.dk/iis2-findos2/default.aspx" />
+
+	<rule from="^http:"
+		to="https:" />
 
-  <rule from="^http://(www\.)?postdanmark\.dk/" to="https://www.postdanmark.dk/" />
 </ruleset>
diff --git a/src/chrome/content/rules/Poste.io.xml b/src/chrome/content/rules/Poste.io.xml
new file mode 100644
index 000000000000..6ef5d1bef255
--- /dev/null
+++ b/src/chrome/content/rules/Poste.io.xml
@@ -0,0 +1,17 @@
+<!--
+	These altnames don't exist:
+
+		- www.poste.io
+
+-->
+<ruleset name="Poste.io">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="poste.io" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Poste.it.xml b/src/chrome/content/rules/Poste.it.xml
index f5fe64a3c5d6..b000f8a3ddef 100644
--- a/src/chrome/content/rules/Poste.it.xml
+++ b/src/chrome/content/rules/Poste.it.xml
@@ -1,6 +1,75 @@
-<ruleset name="Poste.it (broken)" default_off="https://eff.org/r.1bF6">
-  <target host="poste.it" />
-  <target host="www.poste.it" />
 
-  <rule from="^http://(?:www\.)?poste\.it/" to="https://www.poste.it/" />
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://poste.it/ => https://poste.it/: (51, "SSL: no alternative certificate subject name matches target host name 'poste.it'")
+Fetch error: http://myposte.poste.it/ => https://myposte.poste.it/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://myposteimpresa.poste.it/ => https://myposteimpresa.poste.it/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	Poste Italiane
+
+	Other Poste Italiane rulesets:
+
+		- Kipoint.it.xml
+		- PI_CERT.it.xml
+		- Posta-Online.it.xml
+		- PosteShop.it.xml
+		- Postel.it.xml
+		- SDA.it.xml
+
+
+	Nonfunctional hosts in *poste.it:
+
+		- www.cartaroma *
+		- risposte *
+
+	* Dropped
+
+
+	Problematic hosts in *poste.it:
+
+		- antiphishing *
+
+	* Mismatched
+
+
+	Mixed content:
+
+		- css on risparmiopostaleonline, www from fonts.googleapis.com *
+		- Bug on bancopostaclick, postecert, postepay from statse.webtrendslive.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Poste.it (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="poste.it" />
+	<target host="bancopostaclick.poste.it" />
+	<target host="bancopostaonline.poste.it" />
+	<target host="securelogin.bp.poste.it" />
+	<target host="bollettino.poste.it" />
+	<target host="e-filatelia.poste.it" />
+	<target host="myposte.poste.it" />
+	<target host="myposteimpresa.poste.it" />
+	<target host="paccoweb.poste.it" />
+	<target host="posta-online.poste.it" />
+	<target host="postecert.poste.it" />
+	<target host="updates.postecert.poste.it" />
+	<target host="postepay.poste.it" />
+	<target host="profilocommercialeprivati.poste.it" />
+	<target host="risparmiopostaleonline.poste.it" />
+	<target host="securelogin.poste.it" />
+	<target host="www.poste.it" />
+
+		<test url="http://www.poste.it/online/cercacap/" />
+		<test url="http://www.poste.it/online/dovequando/" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/PosteShop.it.xml b/src/chrome/content/rules/PosteShop.it.xml
new file mode 100644
index 000000000000..0ae2070eaa55
--- /dev/null
+++ b/src/chrome/content/rules/PosteShop.it.xml
@@ -0,0 +1,33 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.posteshop.it/ => https://www.posteshop.it/: (6, 'Could not resolve host: www.posteshop.it')
+Fetch error: http://posteshop.it/ => https://www.posteshop.it/: (6, 'Could not resolve host: www.posteshop.it')
+
+	For other Poste Italiane coverage, see Poste.it.xml.
+
+
+	^posteshop.it: Mismatched
+
+-->
+<ruleset name="PosteShop.it" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.posteshop.it" />
+
+	<!--	Complications:
+				-->
+	<target host="posteshop.it" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://posteshop\.it/"
+		to="https://www.posteshop.it/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Postel.it.xml b/src/chrome/content/rules/Postel.it.xml
new file mode 100644
index 000000000000..e844421262da
--- /dev/null
+++ b/src/chrome/content/rules/Postel.it.xml
@@ -0,0 +1,28 @@
+<!--
+	For other Poste Italiane coverage, see Poste.it.xml.
+
+
+	^postel.it: Mismatched
+
+-->
+<ruleset name="Postel.it">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.postel.it" />
+
+	<!--	Complications:
+				-->
+	<target host="postel.it" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://postel\.it/"
+		to="https://www.postel.it/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Posten.se.xml b/src/chrome/content/rules/Posten.se.xml
deleted file mode 100644
index c6bba457c4b2..000000000000
--- a/src/chrome/content/rules/Posten.se.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="Posten.se">
-  <target host="posten.se" />
-  <target host="www.posten.se" />
-  <rule from="^http://posten\.se/" to="https://www.posten.se/"/>
-  <rule from="^http://www\.posten\.se/" to="https://www.posten.se/"/>
-</ruleset>
-
diff --git a/src/chrome/content/rules/Posteo.xml b/src/chrome/content/rules/Posteo.xml
deleted file mode 100644
index 7968126055b3..000000000000
--- a/src/chrome/content/rules/Posteo.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="Posteo">
-  <target host="posteo.de" />
-  <target host="lists.posteo.de" />
-  <target host="m.posteo.de" />
-  <target host="www.posteo.de" />
-
-  <rule from="^http://(?:www\.|m\.)?posteo\.de/" to="https://posteo.de/" />
-  <rule from="^http://lists\.posteo\.de/" to="https://lists.posteo.de/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Poster_Store_UK.xml b/src/chrome/content/rules/Poster_Store_UK.xml
deleted file mode 100644
index 39021fe9db7b..000000000000
--- a/src/chrome/content/rules/Poster_Store_UK.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	www.../.+ redirects to $
-
--->
-<ruleset name="Poster Store UK">
-
-	<target host="posterstoreuk.com" />
-	<target host="*.posterstoreuk.com" />
-
-
-	<securecookie host="^\.(?:www\.)?posterstoreuk\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?posterstoreuk\.com/"
-		to="https://posterstoreuk.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Posterous-clients.xml b/src/chrome/content/rules/Posterous-clients.xml
deleted file mode 100644
index 79ae764847ce..000000000000
--- a/src/chrome/content/rules/Posterous-clients.xml
+++ /dev/null
@@ -1,27 +0,0 @@
-<!--
-	This is a ruleset for Posterous clients that:
-
-		- Redirect back from https://$client.posterous.com; and
-		- Have no other mismatched rules.
-
--->
-<ruleset name="Posterous clients" default_off="mismatch">
-
-	<!--	cert: *.posterous.com	-->
-	<target host="blog.bethcodes.com" />
-	<target host="codebutler.com" />
-	<target host="www.codebutler.com" />
-	<target host="blog.usenetstorm.com" />
-	<target host="blog.vidyard.com" />
-
-
-	<rule from="^http://blog\.(bethcodes|vidyard)\.com/"
-		to="https://blog.$1.com/" />
-
-	<rule from="^http://(?:www\.)?codebutler\.com/"
-		to="https://codebutler.com/" />
-
-	<rule from="^http://blog\.usenetstorm\.com/"
-		to="https://blog.usenetstorm.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Posterous.xml b/src/chrome/content/rules/Posterous.xml
deleted file mode 100644
index 746493f11497..000000000000
--- a/src/chrome/content/rules/Posterous.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	For client rules, see Posterous-clients.xml.
-
--->
-<ruleset name="Posterous">
-
-	<target host="posterous.com" />
-	<target host="*.posterous.com" />
-
-
-	<securecookie host="^(.*\.)?posterous\.com$" name=".*" />
-
-
-	<rule from="^https?://files\.posterous\.com/"
-		to="https://s3.amazonaws.com/files.posterous.com/" />
-
-	<rule from="^http://(?:www\.)?posterous\.com/"
-		to="https://posterous.com/" />
-
-	<rule from="^http://([^@:\./]+)\.posterous\.com/"
-		to="https://$1.posterous.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/PostgreSQL-self-signed.xml b/src/chrome/content/rules/PostgreSQL-self-signed.xml
deleted file mode 100644
index 3c540596ac63..000000000000
--- a/src/chrome/content/rules/PostgreSQL-self-signed.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<!--
-	For rules that are on by default, see PostgreSQL.xml.
-
--->
-<ruleset name="PostgreSQL (self-signed)" default_off="self-signed">
-
-	<target host="svn.postgresqlfr.org" />
-
-
-	<rule from="^http://svn\.postgresqlfr\.org/"
-		to="https://svn.postgresqlfr.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/PostgreSQL.xml b/src/chrome/content/rules/PostgreSQL.xml
deleted file mode 100644
index 9ca7a3da94e7..000000000000
--- a/src/chrome/content/rules/PostgreSQL.xml
+++ /dev/null
@@ -1,68 +0,0 @@
-<!--
-	For problematic rules, see PostgreSQL-self-signed.xml.
-
-
-	As of 2012-02-09, known unprotected .org subdomains are:
-
-		- archives
-		- babel
-		- buildfarm
-		- doxygen
-		- ftp
-		- git
-		- jdbc
-		- media
-		- *.projects
-		- webmail
-		- www
-		- yum
-
-
-	Other nonfunctional domains:
-
-		- (www.)pgfoundry.org
-		- (www.)pgsql.ru
-		- images.pgsql.ru
-		- docs.postgresql.fr *
-		- www.postgresql.fr *
-
-	* Shows login; mismatched, CN: svn.postgresqlfr.org
-
-
-	Problematic domains:
-
-		- postgresql.eu
-		- svn.postgresqlfr.org	(self-signed)
-		- postresql.org		(404)
-
--->
-<ruleset name="PostgreSQL">
-
-	<target host="postgresql.eu" />
-	<target host="www.postgresql.eu" />
-	<target host="postgresql.org" />
-	<target host="*.postgresql.org" />
-	<target host="postgresql.us" />
-	<target host="*.postgresql.us" />
-
-
-	<!--	Tracking cookies:
-					-->
-	<securecookie host="^\.postgresql\.org$" name="^__utm\w$" />
-	<securecookie host="^wiki\.postgresql\.org$" name=".+" />
-	<securecookie host="^\.postgresql.us$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?postgresql\.eu/"
-		to="https://www.postgresql.eu/" />
-
-	<rule from="^http://(?:www\.)?postgresql\.org/(account|media)/"
-		to="https://www.postgresql.org/$1/" />
-
-	<rule from="^http://(commitfest|nagios|planet|redmine|wiki)\.postgresql\.org/"
-		to="https://$1.postgresql.org/" />
-
-	<rule from="^http://(www\.)?postgresql\.us/"
-		to="https://$1postgresql.us/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Postgresql.eu.xml b/src/chrome/content/rules/Postgresql.eu.xml
new file mode 100644
index 000000000000..7ba6685c29f2
--- /dev/null
+++ b/src/chrome/content/rules/Postgresql.eu.xml
@@ -0,0 +1,9 @@
+<!--
+	For other PostgreSQL coverage, see Postgresql.org.xml.
+-->
+<ruleset name="Postgresql.eu">
+	<target host="postgresql.eu" />
+	<target host="www.postgresql.eu" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Postgresql.fr.xml b/src/chrome/content/rules/Postgresql.fr.xml
new file mode 100644
index 000000000000..f78230527fbd
--- /dev/null
+++ b/src/chrome/content/rules/Postgresql.fr.xml
@@ -0,0 +1,23 @@
+<!--
+	For other PostgreSQL coverage, see Postgresql.org.xml.
+
+	Nonfunctional hosts in *.postgresql.fr:
+		- postgresql.fr (m)
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Postgresql.fr">
+	<target host="postgresql.fr" />
+	<target host="www.postgresql.fr" />
+	<target host="archives.postgresql.fr" />
+	<target host="docs.postgresql.fr" />
+	<target host="listes.postgresql.fr" />
+	<target host="planete.postgresql.fr" />
+
+	<rule from="^http://postgresql\.fr/" to="https://www.postgresql.fr/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Postgresql.org.xml b/src/chrome/content/rules/Postgresql.org.xml
new file mode 100644
index 000000000000..e9380378d289
--- /dev/null
+++ b/src/chrome/content/rules/Postgresql.org.xml
@@ -0,0 +1,52 @@
+<!--
+	Other PostgreSQL rulesets:
+		- Postgresql.eu.xml
+		- Postgresql.fr.xml
+		- Postgresql.us.xml
+
+	As of 2018-06-23, known unprotected .org subdomains are:
+
+		- *.projects
+		- nagios.postgresql.org (mismatch)
+
+
+	Other nonfunctional domains:
+
+		- (www.)pgfoundry.org
+		- (www.)pgsql.ru
+		- images.pgsql.ru
+-->
+<ruleset name="PostgreSQL">
+
+	<target host="postgresql.org" />
+	<target host="www.postgresql.org" />
+	<target host="archives.postgresql.org" />
+	<target host="babel.postgresql.org" />
+	<target host="buildfarm.postgresql.org" />
+	<target host="commitfest.postgresql.org" />
+	<target host="doxygen.postgresql.org" />
+	<target host="ftp.postgresql.org" />
+	<target host="git.postgresql.org" />
+	<target host="jdbc.postgresql.org" />
+	<target host="lists.postgresql.org" />
+	<target host="media.postgresql.org" />
+		<test url="http://media.postgresql.org/sfpug/instagram_sfpug.pdf" />
+	<target host="odbc.postgresql.org" />
+	<target host="planet.postgresql.org" />
+	<target host="redmine.postgresql.org" />
+	<target host="webmail.postgresql.org" />
+	<target host="wiki.postgresql.org" />
+	<target host="yum.postgresql.org" />
+	<target host="zypp.postgresql.org" />
+
+
+	<!--	Tracking cookies:
+					-->
+	<securecookie host="^\.postgresql\.org$" name="^__utm\w$" />
+	<securecookie host="^wiki\.postgresql\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Postgresql.us.xml b/src/chrome/content/rules/Postgresql.us.xml
new file mode 100644
index 000000000000..d64d40b119e9
--- /dev/null
+++ b/src/chrome/content/rules/Postgresql.us.xml
@@ -0,0 +1,20 @@
+<!--
+	For other PostgreSQL coverage, see Postgresql.org.xml.
+
+	Nonfunctional hosts in *.postgresql.us:
+		- lists.postgresql.us (m)
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Postgresql.us">
+	<target host="postgresql.us" />
+	<target host="www.postgresql.us" />
+	<target host="pdx.postgresql.us" />
+	<target host="pgdayaustin2017.postgresql.us" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Posthaven.com-problematic.xml b/src/chrome/content/rules/Posthaven.com-problematic.xml
deleted file mode 100644
index a4bd396ed943..000000000000
--- a/src/chrome/content/rules/Posthaven.com-problematic.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	For rules that are on by default, see Posthaven.com.xml.
-
--->
-<ruleset name="Posthaven.com (problematic)" default_off="mismatched">
-
-	<target host="*.posthaven.com" />
-		<!--
-			Handled in Posthaven.com.xml
-							-->
-		<!--exclusion pattern="^http://www\." /-->
-
-
-	<securecookie host="^(?!www\.).+\.posthaven\.com$" name=".+" />
-
-
-	<rule from="^http://(?!www\.)(\w+)\.posthaven\.com/"
-		to="https://$1.posthaven.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Posthaven.com.xml b/src/chrome/content/rules/Posthaven.com.xml
index a76490b553db..0b1ad7e68502 100644
--- a/src/chrome/content/rules/Posthaven.com.xml
+++ b/src/chrome/content/rules/Posthaven.com.xml
@@ -1,31 +1,20 @@
 <!--
-	For problematic rules, see Posthaven.com-problematic.xml.
-
-
-	CDN buckets:
-
-		- phaven-prod.s3.amazonaws.com
-		- posthaven-assets.s3.amazonaws.com
-
-
-	Problematic subdomains:
-
-		- blog *
-		- \w+ *	(per-account subdomains)
-
-	* Works; mismatched, CN: posthaven.com
-
+	Wildcard certificate and DNS records:
+ 		- posthaven.com
 -->
-<ruleset name="Posthaven.com (partial)">
 
+<ruleset name="Posthaven.com">
 	<target host="posthaven.com" />
-	<target host="www.posthaven.com" />
-
+	<target host="*.posthaven.com" />
+		<test url="http://www.posthaven.com/" />
+		<test url="http://alex.posthaven.com/" />
+		<test url="http://blog.posthaven.com/" />
+		<test url="http://geekomotion.posthaven.com/" />
 
 	<securecookie host="^posthaven\.com$" name=".+" />
 
-
-	<rule from="^http://(www\.)?posthaven\.com/"
+	<!-- posthaven.com -->
+	<!-- *.posthaven.com -->
+	<rule from="^http://([\w-]+\.)?posthaven\.com/"
 		to="https://$1posthaven.com/" />
-
 </ruleset>
diff --git a/src/chrome/content/rules/Postimg.org.xml b/src/chrome/content/rules/Postimg.org.xml
deleted file mode 100644
index 3fbf3e39a212..000000000000
--- a/src/chrome/content/rules/Postimg.org.xml
+++ /dev/null
@@ -1,27 +0,0 @@
-<!--
-	Nonfunctional domains:
-
-		- (www.)postimage.org *
-		- (www.)postimg.org *
-
-	* Refused
-
-
-	Fully covered domains:
-
-		- s\d+.postimg.org:
-
-			- 5
-			- 1[4-8]
-			- 2[12378]
-
--->
-<ruleset name="postimg.org (partial)" default_off="mismatched">
-
-	<target host="*.postimg.org" />
-
-
-	<rule from="^http://s(\d+)\.postimg\.org/"
-		to="https://s$1.postimg.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Postini.xml b/src/chrome/content/rules/Postini.xml
deleted file mode 100644
index 6cf9ce3081c7..000000000000
--- a/src/chrome/content/rules/Postini.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	For other Google coverage, see GoogleServices.xml.
-
--->
-<ruleset name="Postini" platform="mixedcontent">
-
-	<target host="postini.com" />
-	<target host="*.postini.com" />
-
-
-	<!--	Cert only matches www.
-					-->
-	<rule from="^https?://(?:www\.)?postini\.com/"
-		to="https://www.postini.com/" />
-
-	<rule from="^http://login\.postini\.com/"
-		to="https://login.postini.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Postlapsaria.xml b/src/chrome/content/rules/Postlapsaria.xml
index d23cfd0b698e..6b42d7148e45 100644
--- a/src/chrome/content/rules/Postlapsaria.xml
+++ b/src/chrome/content/rules/Postlapsaria.xml
@@ -15,4 +15,4 @@
 	<rule from="^http://(?:www\.)?postlapsaria\.com/"
 		to="https://secure.hostmonster.com/~postlaps/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Postnewsads.com.xml b/src/chrome/content/rules/Postnewsads.com.xml
new file mode 100644
index 000000000000..2f2da0375b84
--- /dev/null
+++ b/src/chrome/content/rules/Postnewsads.com.xml
@@ -0,0 +1,30 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://postnewsads.com/legacy/archive.html => https://postnewsads.com/legacy/archive.html: (35, 'Unknown SSL protocol error in connection to postnewsads.com:443 ')
+Fetch error: http://postnewsads.com/ => https://postnewsads.com/: (35, 'Unknown SSL protocol error in connection to postnewsads.com:443 ')
+Fetch error: http://www.postnewsads.com/ => https://postnewsads.com/: (35, 'Unknown SSL protocol error in connection to postnewsads.com:443 ')
+
+	www.postnewsads.com: 404
+
+-->
+<ruleset name="postnewsads.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="postnewsads.com" />
+
+	<!--	Complications:
+				-->
+	<target host="www.postnewsads.com" />
+
+		<test url="http://postnewsads.com/legacy/archive.html" />
+
+
+	<rule from="^http://www\.postnewsads\.com/"
+		to="https://postnewsads.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Postovabanka.sk.xml b/src/chrome/content/rules/Postovabanka.sk.xml
new file mode 100644
index 000000000000..1775cbacddb9
--- /dev/null
+++ b/src/chrome/content/rules/Postovabanka.sk.xml
@@ -0,0 +1,20 @@
+<!--
+	^postovabanka.sk: Mismatched
+
+-->
+<ruleset name="Postovabanka.sk">
+
+	<!--	Direct rewrites:
+				-->
+  <target host="www.postovabanka.sk" />
+  <target host="moja.postovabanka.sk" />
+
+	<!--	Complications:
+				-->
+  <target host="postovabanka.sk" />
+
+  <rule from="^http://postovabanka\.sk/" to="https://www.postovabanka.sk/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Postrelease.com.xml b/src/chrome/content/rules/Postrelease.com.xml
deleted file mode 100644
index a2466699195d..000000000000
--- a/src/chrome/content/rules/Postrelease.com.xml
+++ /dev/null
@@ -1,35 +0,0 @@
-<!--
-	Ads.
-
-	For other Nativo coverage, see Nativo.net.xml.
-
-
-	CDN buckets:
-
-		- a.postrelease.com.s3.amazonaws.com
-
-		- a.postrelease.com.edgesuite.net
-
-			- a1123.g.akamai.net
-
-
-	Problematic subdomains:
-
-		- (www.)		(redirects to http; mismatched, CN: *.nativo.net)
-		- a.postrelease.com	(works, akamai)
-
--->
-<ruleset name="postrelease.com (partial)">
-
-	<target host="a.postrelease.com" />
-
-
-	<!--	Destination redirects to http:
-						-->
-	<!--rule from="^http://(?:www\.)?postrelease\.com/"
-		to="https://www.nativo.net/" /-->
-
-	<rule from="^http://a\.postrelease\.com/"
-		to="https://a248.e.akamai.net/f/1123/4688/5/a.postrelease.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Postscapes.com.xml b/src/chrome/content/rules/Postscapes.com.xml
new file mode 100644
index 000000000000..8197e998c6de
--- /dev/null
+++ b/src/chrome/content/rules/Postscapes.com.xml
@@ -0,0 +1,28 @@
+<!--
+	CDN buckets:
+
+		- s3.amazonaws.com/postscapes/
+		- d3uifzcxlzuvqz.cloudfront.net
+
+	Time out:
+		about.postscapes.com
+
+	No working URL known:
+		clips.postscapes.com
+		iotawards.postscapes.com
+		pulse.postscapes.com
+		tools.postscapes.com
+
+-->
+<ruleset name="Postscapes.com">
+
+	<target host="postscapes.com" />
+	<target host="www.postscapes.com" />
+	<target host="index.postscapes.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Postscapes.xml b/src/chrome/content/rules/Postscapes.xml
deleted file mode 100644
index 2cb2b1653549..000000000000
--- a/src/chrome/content/rules/Postscapes.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	CDN buckets:
-
-		- s3.amazonaws.com/postscapes/
-		- d3uifzcxlzuvqz.cloudfront.net
-
--->
-<ruleset name="Postscapes">
-
-	<target host="postscapes.com" />
-	<target host="*.postscapes.com" />
-
-
-	<securecookie host="^\.?postscapes\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?postscapes\.com/"
-		to="https://$1postscapes.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Postwire.com.xml b/src/chrome/content/rules/Postwire.com.xml
index 03cd3afda9fe..206c524d57be 100644
--- a/src/chrome/content/rules/Postwire.com.xml
+++ b/src/chrome/content/rules/Postwire.com.xml
@@ -17,10 +17,10 @@
 	<target host="www.postwire.com" />
 
 
-	<securecookie host="^www\.postwire\.com$" name=".+" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^http://(www\.)?postwire\.com/"
-		to="https://$1postwire.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Potager.org.xml b/src/chrome/content/rules/Potager.org.xml
index 0a25dc1cbeb6..a45711e0b72c 100644
--- a/src/chrome/content/rules/Potager.org.xml
+++ b/src/chrome/content/rules/Potager.org.xml
@@ -1,44 +1,28 @@
 <!--
-	Fully covered domains:
-
-		- (www.)pimienta.org
-		- (www.)poivron.org
-		- potager.org
-
-		- *.potager.org:
-
-			- community
-			- mail
-			- www
-
-		(www.)sweetpepper.org
+	Invalid certificate:
+		- kigbg
+		- policespiesoutoflives
 
+	Expired:
+		- lagrandeourse
 -->
-<ruleset name="potager.org">
-
-	<target host="pimienta.org" />
-	<target host="*.pimienta.org" />
-	<target host="poivron.org" />
-	<target host="*.poivron.org" />
+<ruleset name="Potager.org">
 	<target host="potager.org" />
-	<target host="*.potager.org" />
-	<target host="sweetpepper.org" />
-	<target host="*.sweetpepper.org" />
-
-
-	<securecookie host="^mail\.potager\.org$" name=".+" />
-
-
-	<rule from="^http://([^/:@\.]+\.)?pimienta\.org/"
-		to="https://$1pimienta.org/" />
-
-	<rule from="^http://([^/:@\.]+\.)?poivron\.org/"
-		to="https://$1poivron.org/" />
-
-	<rule from="^http://([^/:@\.]+\.)?potager\.org/"
-		to="https://$1potager.org/" />
-
-	<rule from="^http://([^/:@\.]+\.)?sweetpepper\.org/"
-		to="https://$1sweetpepper.org/" />
-
+	<target host="www.potager.org" />
+	<target host="awasmifee.potager.org" />
+	<target host="bla.potager.org" />
+	<target host="community.potager.org" />
+	<target host="coquelicot.potager.org" />
+	<target host="help.potager.org" />
+	<target host="jardindesmaraichers.potager.org" />
+	<target host="lentilleres.potager.org" />
+	<target host="leschouxlents.potager.org" />
+	<target host="mail.potager.org" />
+	<target host="mire.potager.org" />
+	<target host="pad.potager.org" />
+
+	<rule from="^http://www\.potager\.org/"
+		to="https://potager.org/" />
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/PowNed.xml b/src/chrome/content/rules/PowNed.xml
index 62e6b24a527c..a3e32ed12063 100644
--- a/src/chrome/content/rules/PowNed.xml
+++ b/src/chrome/content/rules/PowNed.xml
@@ -1,12 +1,15 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://registratie.powned.tv/ => https://registratie.powned.tv/: (28, 'Connection timed out after 20000 milliseconds')
+
 	!functional:
 		- (www.)powned.tv
 -->
-<ruleset name="PowNed (partial)">
+<ruleset name="PowNed (partial)" default_off="failed ruleset test">
 
 	<target host="registratie.powned.tv"/>
 
-	<rule from="^http://registratie\.powned\.tv/"
-		to="https://registratie.powned.tv/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/PowWeb.xml b/src/chrome/content/rules/PowWeb.xml
index a9039d6ee712..5be795d29092 100644
--- a/src/chrome/content/rules/PowWeb.xml
+++ b/src/chrome/content/rules/PowWeb.xml
@@ -1,13 +1,16 @@
 <ruleset name="PowWeb">
 
 	<target host="powweb.com" />
-	<target host="*.powweb.com" />
+	<target host="blog.powweb.com" />
+	<!--target host="forums.powweb.com" /-->
+	<target host="partners.powweb.com" />
+	<target host="secure.powweb.com" />
+	<target host="www.powweb.com" />
 
 
 	<securecookie host="^\.powweb\.com$" name=".+" />
 
 
-	<rule from="^http://((?:blog|forums|partners|secure|www)\.)?powweb\.com/"
-		to="https://$1powweb.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Powells.com.xml b/src/chrome/content/rules/Powells.com.xml
index 11c349df9e4e..3e9c07c0a4cb 100644
--- a/src/chrome/content/rules/Powells.com.xml
+++ b/src/chrome/content/rules/Powells.com.xml
@@ -1,4 +1,10 @@
-<ruleset name="Powells.com">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://powells.com/ => https://www.powells.com/: Too many redirects while fetching 'https://www.powells.com/'
+
+-->
+<ruleset name="Powells.com" default_off="failed ruleset test">
 
 	<target host="powells.com" />
 	<target host="*.powells.com" />
diff --git a/src/chrome/content/rules/Power.org.xml b/src/chrome/content/rules/Power.org.xml
deleted file mode 100644
index d7e9e0366050..000000000000
--- a/src/chrome/content/rules/Power.org.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	Cert only matches www.
-
--->
-<ruleset name="Power.org">
-
-	<target host="power.org" />
-	<target host="www.power.org" />
-
-
-	<securecookie host="^www\.power\.org$" name=".+" />
-
-
-	<rule from="^https?://(?:www\.)?power\.org/"
-		to="https://www.power.org/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/PowerDNS.com.xml b/src/chrome/content/rules/PowerDNS.com.xml
index d8ac63cc85b5..36d9bf0f1f47 100644
--- a/src/chrome/content/rules/PowerDNS.com.xml
+++ b/src/chrome/content/rules/PowerDNS.com.xml
@@ -1,13 +1,31 @@
+<!--
+	Expired:
+		- rt.powerdns.com
+		- xs.powerdns.com
+
+	Secure connection failed:
+		- pdnsdev.powerdns.com
+-->
 <ruleset name="PowerDNS.com">
 
 	<target host="powerdns.com" />
-	<target host="*.powerdns.com" />
+	<target host="www.powerdns.com" />
+	<target host="blog.powerdns.com" />
+	<target host="builder.powerdns.com" />
+	<target host="doc.powerdns.com" />
+	<target host="docs.powerdns.com" />
+	<target host="downloads.powerdns.com" />
+	<target host="mailman.powerdns.com" />
+	<target host="metronome1.powerdns.com" />
+	<target host="repo.powerdns.com" />
+	<target host="rtfm.powerdns.com" />
+	<target host="wiki.powerdns.com" />
 
 
-	<securecookie host="^rt\.powerdns\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(rt\.|www\.)?powerdns\.com/"
-		to="https://$1powerdns.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/PowerDNS.net.xml b/src/chrome/content/rules/PowerDNS.net.xml
new file mode 100644
index 000000000000..f0a4b108b1c6
--- /dev/null
+++ b/src/chrome/content/rules/PowerDNS.net.xml
@@ -0,0 +1,14 @@
+<!--
+	^: 404
+
+-->
+<ruleset name="PowerDNS.net">
+
+	<target host="powerdns.net" />
+	<target host="www.powerdns.net" />
+
+
+	<rule from="^http://(?:www\.)?powerdns\.net/"
+		to="https://www.powerdns.net/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PowerPay.biz.xml b/src/chrome/content/rules/PowerPay.biz.xml
new file mode 100644
index 000000000000..0eff19dc5bd0
--- /dev/null
+++ b/src/chrome/content/rules/PowerPay.biz.xml
@@ -0,0 +1,24 @@
+
+<!--
+The following targets have been disabled at 2020-04-17 18:38:06:
+
+Fetch error: http://app.powerpay.biz/ => https://app.powerpay.biz/: (56, 'OpenSSL SSL_read: SSL_ERROR_SYSCALL, errno 104')
+Fetch error: http://merchantcenter.powerpay.biz/ => https://merchantcenter.powerpay.biz/: (56, 'OpenSSL SSL_read: SSL_ERROR_SYSCALL, errno 104')
+
+	Other PowerPay rulesets:
+
+
+
+	(www.): 404; mismatched, CN: www.e-onlinedata.com
+
+-->
+<ruleset name="PowerPay.biz (partial)">
+
+	<!-- target host="app.powerpay.biz" /-->
+	<!-- target host="merchantcenter.powerpay.biz" /-->
+	<target host="secure.powerpay.biz" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PowerReviews.xml b/src/chrome/content/rules/PowerReviews.xml
deleted file mode 100644
index d81c283685fc..000000000000
--- a/src/chrome/content/rules/PowerReviews.xml
+++ /dev/null
@@ -1,38 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- go		(redirects to app-sjf; mismatched, CN: *.marketo.com)
-		- www		(no https)
-
-
-	Problematic subdomains:
-
-		^		(.+ redirects to www.../$)
-		- dashboard	(mismatched, CN: dashboard.bazaarvoice.com)
-
-
-	Fully covered subdomains:
-
-		- services
-
--->
-<ruleset name="PowerReviews (partial)">
-
-	<target host="*.powerreviews.com" />
-
-
-	<!--	Could we secure this safely?
-						-->
-	<!--securecookie host="^\.powerreviews\.com$" name="^SESS\w{32}$" /-->
-
-
-	<rule from="^https?://dashboard\.powerreviews\.com/"
-		to="https://dashboard.bazaarvoice.com/" />
-
-	<rule from="^https?://go\.powerreviews\.com/(cs|image|r)s/"
-		to="https://na-sjf.marketo.com/$1s/" />
-
-	<rule from="^http://(services|t)\.powerreviews\.com/"
-		to="https://$1.powerreviews.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/PowerShell_Gallery.com.xml b/src/chrome/content/rules/PowerShell_Gallery.com.xml
new file mode 100644
index 000000000000..0ad6e4517f88
--- /dev/null
+++ b/src/chrome/content/rules/PowerShell_Gallery.com.xml
@@ -0,0 +1,22 @@
+<!--
+	For other Microsoft coverage, see Microsoft.xml.
+
+
+	STS header includes includeSubdomains
+
+-->
+<ruleset name="PowerShell Gallery.com">
+
+	<target host="powershellgallery.com" />
+	<target host="*.powershellgallery.com" />
+
+		<test url="http://www.powershellgallery.com/" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PowerTech.no-problematic.xml b/src/chrome/content/rules/PowerTech.no-problematic.xml
new file mode 100644
index 000000000000..66ded7654e63
--- /dev/null
+++ b/src/chrome/content/rules/PowerTech.no-problematic.xml
@@ -0,0 +1,18 @@
+<!--
+	For rules that are on by default, see PowerTech.no.xml.
+
+-->
+<ruleset name="PowerTech.no (missing certificate chain)" default_off="cert-chain">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="secure.powertech.no" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Power_Speaking.com.xml b/src/chrome/content/rules/Power_Speaking.com.xml
deleted file mode 100644
index 67709f9cd006..000000000000
--- a/src/chrome/content/rules/Power_Speaking.com.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	Problematic subdomains:
-
-		- ^	(shows goldmember.fordela.com Drupal)
-
--->
-<ruleset name="Power Speaking.com">
-
-	<target host="powerspeaking.com" />
-	<target host="*.powerspeaking.com" />
-
-
-	<securecookie host="^\.powerspeaking\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?powerspeaking\.com/"
-		to="https://www.powerspeaking.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Power_to_the_Pooch.xml b/src/chrome/content/rules/Power_to_the_Pooch.xml
index c17af44e38ae..6fb0ac8c8179 100644
--- a/src/chrome/content/rules/Power_to_the_Pooch.xml
+++ b/src/chrome/content/rules/Power_to_the_Pooch.xml
@@ -1,13 +1,21 @@
-<ruleset name="Power to the Pooch">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://powertothepooch.com/ => https://powertothepooch.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.powertothepooch.com/ => https://www.powertothepooch.com/: (28, 'Connection timed out after 20000 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://powertothepooch.com/ => https://powertothepooch.com/: (28, 'Connection timed out after 10001 milliseconds')
+-->
+<ruleset name="Power to the Pooch" default_off="failed ruleset test">
 
 	<target host="powertothepooch.com" />
-	<target host="*.powertothepooch.com" />
+	<target host="www.powertothepooch.com" />
 
 
 	<securecookie host="^(?:w*\.)?powertothepooch\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?powertothepooch\.com/"
-		to="https://$1powertothepooch.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Powerbuy.co.th.xml b/src/chrome/content/rules/Powerbuy.co.th.xml
index 13b6e3f58109..ed2e12c9f1bb 100644
--- a/src/chrome/content/rules/Powerbuy.co.th.xml
+++ b/src/chrome/content/rules/Powerbuy.co.th.xml
@@ -2,5 +2,5 @@
   <target host="powerbuy.co.th" />
   <target host="www.powerbuy.co.th" />
 
-  <rule from="^http://(www\.)?powerbuy\.co\.th/" to="https://www.powerbuy.co.th/" />
+  <rule from="^http://(?:www\.)?powerbuy\.co\.th/" to="https://www.powerbuy.co.th/" />
 </ruleset>
diff --git a/src/chrome/content/rules/Powered_by_Paquin.xml b/src/chrome/content/rules/Powered_by_Paquin.xml
index 027cf6190caa..71e18aa349ed 100644
--- a/src/chrome/content/rules/Powered_by_Paquin.xml
+++ b/src/chrome/content/rules/Powered_by_Paquin.xml
@@ -1,13 +1,21 @@
-<ruleset name="Powered by Paquin">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://poweredbypaquin.com/ => https://poweredbypaquin.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.poweredbypaquin.com/ => https://www.poweredbypaquin.com/: (28, 'Connection timed out after 20004 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://poweredbypaquin.com/ => https://poweredbypaquin.com/: (28, 'Connection timed out after 10000 milliseconds')
+-->
+<ruleset name="Powered by Paquin" default_off="failed ruleset test">
 
 	<target host="poweredbypaquin.com" />
-	<target host="*.poweredbypaquin.com" />
+	<target host="www.poweredbypaquin.com" />
 
 
 	<securecookie host="^\.poweredbypaquin\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?poweredbypaquin\.com/"
-		to="https://$1poweredbypaquin.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Powerhosting.dk.xml b/src/chrome/content/rules/Powerhosting.dk.xml
new file mode 100644
index 000000000000..5b69b2c57957
--- /dev/null
+++ b/src/chrome/content/rules/Powerhosting.dk.xml
@@ -0,0 +1,34 @@
+<!--
+	Nonfunctional subdomains:
+
+		- services	(refused)
+
+
+	Problematic subdomains:
+
+		- blog	(works; mismatched, CN: www.zeromix.dk)
+		- www	(cert only matches powerhosting.dk)
+
+
+	Fully covered subdomains:
+
+		- (www.)	(www → ^)
+		- blog		(→ ^)
+		- webadmin
+
+-->
+<ruleset name="Powerhosting.dk (partial)">
+
+	<target host="powerhosting.dk" />
+	<target host="webadmin.powerhosting.dk" />
+	<target host="www.powerhosting.dk" />
+	<target host="blog.powerhosting.dk" />
+
+
+	<rule from="^http://(?:(webadmin\.)|www\.)?powerhosting\.dk/"
+		to="https://$1powerhosting.dk/" />
+
+	<rule from="^http://blog\.powerhosting\.dk/"
+		to="https://powerhosting.dk/blog/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Powerhouse_Museum.com.xml b/src/chrome/content/rules/Powerhouse_Museum.com.xml
new file mode 100644
index 000000000000..677afec356e3
--- /dev/null
+++ b/src/chrome/content/rules/Powerhouse_Museum.com.xml
@@ -0,0 +1,35 @@
+<!--
+	Nonfunctional subdomains:
+
+		- castlehill *
+		- play *
+
+	* Shows www
+
+
+	Problematic subdomains:
+
+		- newsletters	(mismatched, CN: ecm74.com)
+
+
+	$ and index.php redirect to http.
+
+-->
+<ruleset name="Powerhouse Museum.com (partial)">
+
+	<target host="powerhousemuseum.com" />
+	<target host="*.powerhousemuseum.com" />
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="^http://(www\.)?powerhousemuseum\.com/+(index\.php)?($|\?)" /-->
+		<!--exclusion pattern="^http://newsletters\.powerhousemuseum\.com/+rp/1115/ContestForm\.clsp" /-->
+
+
+	<rule from="^http://(www\.)?powerhousemuseum\.com/(?!/*(?:index\.php)?(?:$|\?))"
+		to="https://$1powerhousemuseum.com/" />
+
+	<rule from="^http://newsletters\.powerhousemuseum\.com/(?=contenteditor/formValidate\.js|LiveAssets/|rp/Content/)"
+		to="https://ecm74.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Powerlineman.com.xml b/src/chrome/content/rules/Powerlineman.com.xml
index 41b9a29e5ff8..32366547224a 100644
--- a/src/chrome/content/rules/Powerlineman.com.xml
+++ b/src/chrome/content/rules/Powerlineman.com.xml
@@ -1,13 +1,12 @@
 <ruleset name="Powerlineman.com">
 
 	<target host="powerlineman.com" />
-	<target host="*.powerlineman.com" />
+	<target host="www.powerlineman.com" />
 
 
-	<securecookie host="^(?:w*\.)?powerlineman\.com/$" name=".+" />
+    <securecookie host="^(?:w*\.)?powerlineman\.com" name=".+" />
 
 
-	<rule from="^http://(www\.)?powerlineman\.com/"
-		to="https://$1powerlineman.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Powerlineman_Magazine.xml b/src/chrome/content/rules/Powerlineman_Magazine.xml
index 3b772ff380dd..8d04b8853ef7 100644
--- a/src/chrome/content/rules/Powerlineman_Magazine.xml
+++ b/src/chrome/content/rules/Powerlineman_Magazine.xml
@@ -7,7 +7,6 @@
 	<securecookie host="^(?:www\.)?powerlinemanmag\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?powerlinemanmag\.com/"
-		to="https://$1powerlinemanmag.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Powernotebooks.com.xml b/src/chrome/content/rules/Powernotebooks.com.xml
index 81908d645893..103a2482d52d 100644
--- a/src/chrome/content/rules/Powernotebooks.com.xml
+++ b/src/chrome/content/rules/Powernotebooks.com.xml
@@ -1,6 +1,14 @@
-<ruleset name="Powernotebooks.com">
-  <target host="powernotebooks.com" />
-  <target host="www.powernotebooks.com" />
 
-  <rule from="^http://(?:www\.)?powernotebooks\.com/" to="https://www.powernotebooks.com/" />
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://powernotebooks.com/ => https://powernotebooks.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.powernotebooks.com/ => https://www.powernotebooks.com/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="Powernotebooks.com" default_off="failed ruleset test">
+	<target host="powernotebooks.com" />
+	<target host="www.powernotebooks.com" />
+
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Powertraveller.com.xml b/src/chrome/content/rules/Powertraveller.com.xml
new file mode 100644
index 000000000000..342a6d067f67
--- /dev/null
+++ b/src/chrome/content/rules/Powertraveller.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .powertraveller.com
+
+-->
+<ruleset name="Powertraveller.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="powertraveller.com" />
+	<target host="www.powertraveller.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.powertraveller\.com$" name="^session_id$" /-->
+
+	<securecookie host="^\.powertraveller\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Powervoip.com.xml b/src/chrome/content/rules/Powervoip.com.xml
new file mode 100644
index 000000000000..b80c5b1c9a8b
--- /dev/null
+++ b/src/chrome/content/rules/Powervoip.com.xml
@@ -0,0 +1,17 @@
+<!--
+	Nonfunctional hosts in *.powervoip.com:
+
+	ftp.powervoip.com refused
+	dns.powervoip.com timeout
+	client.powervoip.com refused
+	sip.powervoip.com timeout
+	download.powervoip.com refused
+	versions.powervoip.com refused
+
+	-->
+<ruleset name="Powervoip.com">
+	<target host="powervoip.com" />
+	<target host="www.powervoip.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Poynton.ca.xml b/src/chrome/content/rules/Poynton.ca.xml
new file mode 100644
index 000000000000..c0f224f5049c
--- /dev/null
+++ b/src/chrome/content/rules/Poynton.ca.xml
@@ -0,0 +1,6 @@
+<ruleset name="Poynton.ca">
+	<target host="poynton.ca" />
+	<target host="www.poynton.ca" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Pr.co.xml b/src/chrome/content/rules/Pr.co.xml
new file mode 100644
index 000000000000..8913927c2913
--- /dev/null
+++ b/src/chrome/content/rules/Pr.co.xml
@@ -0,0 +1,45 @@
+<!--
+	Nonfunctional hosts:
+
+		- blog ¹
+		- status ²
+
+	¹ Refused
+	² Dropped
+
+
+	Fully covered hosts:
+
+		- (www.)?
+		- press
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- pr.co
+		- .pr.co
+		- www.pr.co
+
+-->
+<ruleset name="pr.co (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="pr.co" />
+	<target host="press.pr.co" />
+	<target host="www.pr.co" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?pr\.co$" name="^user_locale$" /-->
+	<!--securecookie host="^\.pr\.co$" name="^(affiliate_code|prcosession)$" /-->
+	<!--securecookie host="^www\.pr\.co$" name=".+" /-->
+
+	<securecookie host="^(?:\.|www\.)?pr\.co$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Prace.cz.xml b/src/chrome/content/rules/Prace.cz.xml
new file mode 100644
index 000000000000..17da1aaf07f6
--- /dev/null
+++ b/src/chrome/content/rules/Prace.cz.xml
@@ -0,0 +1,9 @@
+<ruleset name="Prace.cz">
+    <target host="prace.cz" />
+    <target host="www.prace.cz" />
+    <target host="m.prace.cz" />
+    <target host="firmy.prace.cz" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PracticeBusiness.co.uk.xml b/src/chrome/content/rules/PracticeBusiness.co.uk.xml
new file mode 100644
index 000000000000..e32e3ee2d57a
--- /dev/null
+++ b/src/chrome/content/rules/PracticeBusiness.co.uk.xml
@@ -0,0 +1,11 @@
+<!--
+	Wildcard DNS records:
+		- *.practicebusiness.co.uk
+-->
+
+<ruleset name="PracticeBusiness.co.uk">
+	<target host="practicebusiness.co.uk" />
+	<target host="www.practicebusiness.co.uk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Praegnanz.de.xml b/src/chrome/content/rules/Praegnanz.de.xml
index d9897d7d5857..54f31c0ba81f 100644
--- a/src/chrome/content/rules/Praegnanz.de.xml
+++ b/src/chrome/content/rules/Praegnanz.de.xml
@@ -1,4 +1,4 @@
-<ruleset name="praegnanz.de" default_off="self-signed">
+<ruleset name="Praegnanz.de">
 
 	<target host="praegnanz.de" />
 	<target host="www.praegnanz.de" />
@@ -7,7 +7,7 @@
 	<securecookie host="^praegnanz\.de$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?praegnanz\.de/"
-		to="https://praegnanz.de/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Praetorian.com.xml b/src/chrome/content/rules/Praetorian.com.xml
new file mode 100644
index 000000000000..448c7c4199e4
--- /dev/null
+++ b/src/chrome/content/rules/Praetorian.com.xml
@@ -0,0 +1,27 @@
+<!--
+	Mixed content:
+
+		- Images from $self *
+
+		- Ads/web bugs, from:
+
+			- www.googleadservices.com *
+			- platform.twitter.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Praetorian.com">
+
+	<target host="praetorian.com" />
+	<target host="www.praetorian.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<securecookie host="^www\.praetorian\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PragProg.com.xml b/src/chrome/content/rules/PragProg.com.xml
index db3ddc161491..27fec636e0c7 100644
--- a/src/chrome/content/rules/PragProg.com.xml
+++ b/src/chrome/content/rules/PragProg.com.xml
@@ -1,23 +1,23 @@
 <!--
+	For other Pragmatic Studio coverage, see Pragmatic_Studio.com.xml.
+
+
 	Fully covered subdomains:
 
+		- (www.)?
 		- forums
 		- imagery
 
-
-	Partially covered subdomains:
-
-		- (www.)	(some pages redirect to http)
-
 -->
-<ruleset name="PragProg.com (partial)">
+<ruleset name="PragProg.com">
 
 	<target host="pragprog.com" />
-	<target host="*.pragprog.com" />
-		<exclusion pattern="^http://(?:www\.)?pragprog\.com/(?!assets/|favicon\.ico|(?:login|signup)/*(?:$|\?))" />
+	<target host="forums.pragprog.com" />
+	<target host="imagery.pragprog.com" />
+	<target host="www.pragprog.com" />
 
 
-	<rule from="^http://((?:forums|imagery|www)\.)?pragprog\.com/"
-		to="https://$1pragprog.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/PragmaticMarketing.com.xml b/src/chrome/content/rules/PragmaticMarketing.com.xml
new file mode 100644
index 000000000000..4cccd8f55ec8
--- /dev/null
+++ b/src/chrome/content/rules/PragmaticMarketing.com.xml
@@ -0,0 +1,14 @@
+<!--
+	Non-functional hosts:
+		Timeout:
+		- buy.pragmaticmarketing.com
+-->
+<ruleset name="PragmaticMarketing.com (partial)">
+
+	<target host="pragmaticmarketing.com" />
+	<target host="www.pragmaticmarketing.com" />
+	<target host="mediafiles.pragmaticmarketing.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
+
diff --git a/src/chrome/content/rules/Pragmatic_Marketing.com.xml b/src/chrome/content/rules/Pragmatic_Marketing.com.xml
deleted file mode 100644
index 94133f72923b..000000000000
--- a/src/chrome/content/rules/Pragmatic_Marketing.com.xml
+++ /dev/null
@@ -1,36 +0,0 @@
-<!--
-	CDN buckets:
-
-		- pragmatic-marketing-469ad240.s3.amazonaws.com
-
-		- d1qrnovf1k6d8a.cloudfront.net
-
-			- mediafiles
-
-
-	Partially covered subdomains:
-
-		- (www.)	(some pages redirect to http)
-
-
-	Fully covered subdomains:
-
-		- buy
-		- mediafiles	(→ d1qrnovf1k6d8a.cloudfront.net)
-
--->
-<ruleset name="Pragmatic Marketing.com (partial)">
-
-	<target host="pragmaticmarketing.com" />
-	<target host="*.pragmaticmarketing.com" />
-		<!--exclusion pattern="^http://(www\.)?pragmaticmarketing\.com/+($|\?|favicon\.ico|my-account/|resources/[\w-]+$)" /-->
-		<exclusion pattern="^http://(?:www\.)?pragmaticmarketing\.com/(?![cC]ontent/|Scripts/)" />
-
-
-	<rule from="^http://(buy\.|www\.)?pragmaticmarketing\.com/"
-		to="https://$1pragmaticmarketing.com/" />
-
-	<rule from="^http://mediafiles\.pragmaticmarketing\.com/"
-		to="https://d1qrnovf1k6d8a.cloudfront.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Pragmatic_Studio.com.xml b/src/chrome/content/rules/Pragmatic_Studio.com.xml
new file mode 100644
index 000000000000..0e5d9122bcbf
--- /dev/null
+++ b/src/chrome/content/rules/Pragmatic_Studio.com.xml
@@ -0,0 +1,31 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://alumni.pragmaticstudio.com/ => https://alumni.pragmaticstudio.com/: (51, "SSL: no alternative certificate subject name matches target host name 'alumni.pragmaticstudio.com'")
+
+	Other Pragmatic Studio rulesets:
+
+		- PragProg.com.xml
+
+
+	Fully covered subdomains:
+
+		- (www.)?
+		- alumni
+		- backstage
+		- online
+
+-->
+<ruleset name="Pragmatic Studio.com" default_off="failed ruleset test">
+
+	<target host="pragmaticstudio.com" />
+	<target host="alumni.pragmaticstudio.com" />
+	<target host="backstage.pragmaticstudio.com" />
+	<target host="online.pragmaticstudio.com" />
+	<target host="www.pragmaticstudio.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Pravda.sk.xml b/src/chrome/content/rules/Pravda.sk.xml
new file mode 100644
index 000000000000..05f37a2184b7
--- /dev/null
+++ b/src/chrome/content/rules/Pravda.sk.xml
@@ -0,0 +1,75 @@
+<!--
+	http redirect:
+		- blog.pravda.sk
+		- debata.pravda.sk
+	certificate mismatch:
+		- *.blog.pravda.sk
+		- kvety.pravda.sk
+	connection refused:
+		- zlato.pravda.sk
+-->
+<ruleset name="Pravda.sk">
+	<target host="pravda.sk" />
+	<target host="www.pravda.sk" />
+	<target host="aplikacie.pravda.sk" />
+	<target host="auto.pravda.sk" />
+	<target host="autobazar.pravda.sk" />
+	<target host="byvanie.pravda.sk" />
+	<target host="cestovanie.pravda.sk" />
+	<target host="citajmedetom.pravda.sk" />
+	<target host="data.pravda.sk" />
+	<target host="e.pravda.sk" />
+	<target host="europa.pravda.sk" />
+	<target host="flog.pravda.sk" />
+	<target host="fotogalerie.pravda.sk" />
+	<target host="futbal.pravda.sk" />
+	<target host="g.pravda.sk" />
+	<target host="hokej.pravda.sk" />
+	<target host="hry.pravda.sk" />
+	<target host="ilekaren.pravda.sk" />
+	<target host="infografiky.pravda.sk" />
+	<target host="kinomania.pravda.sk" />
+	<target host="klub.pravda.sk" />
+	<target host="koktail.pravda.sk" />
+	<target host="komercnespravy.pravda.sk" />
+	<target host="kultura.pravda.sk" />
+	<target host="lekaren.pravda.sk" />
+	<target host="m.pravda.sk" />
+	<target host="menu.pravda.sk" />
+	<target host="www.menu.pravda.sk" />
+	<target host="mozgovna.pravda.sk" />
+	<target host="napady.pravda.sk" />
+	<target host="nazory.pravda.sk" />
+	<target host="noviny.pravda.sk" />
+	<target host="oserialoch.pravda.sk" />
+	<target host="peniaze.pravda.sk" />
+	<target host="pivnicka.pravda.sk" />
+	<target host="pocasie.pravda.sk" />
+	<target host="predplatne.pravda.sk" />
+	<target host="profesia.pravda.sk" />
+	<target host="programy.pravda.sk" />
+	<target host="reality.pravda.sk" />
+	<target host="seniori.pravda.sk" />
+	<target host="servis.pravda.sk" />
+	<target host="shop.pravda.sk" />
+	<target host="skola.pravda.sk" />
+	<target host="sport.pravda.sk" />
+	<target host="spravy.pravda.sk" />
+	<target host="sutaz.pravda.sk" />
+	<target host="tema.pravda.sk" />
+	<target host="tv.pravda.sk" />
+	<target host="tvojepeniaze.pravda.sk" />
+	<target host="varecha.pravda.sk" />
+	<target host="vat.pravda.sk" />
+	<target host="velkanoc.pravda.sk" />
+	<target host="vianoce.pravda.sk" />
+	<target host="volby.pravda.sk" />
+	<target host="volnemiesta.pravda.sk" />
+	<target host="zdravie.pravda.sk" />
+	<target host="zena.pravda.sk" />
+	<target host="zlavy.pravda.sk" />
+	<target host="zurnal.pravda.sk" />
+	<target host="zvieratka.pravda.sk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Pravduh.com.xml b/src/chrome/content/rules/Pravduh.com.xml
new file mode 100644
index 000000000000..8dc0872091fa
--- /dev/null
+++ b/src/chrome/content/rules/Pravduh.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="Pravduh.com">
+	<target host="pravduh.com" />
+	<target host="www.pravduh.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PravyDiplom.cz.xml b/src/chrome/content/rules/PravyDiplom.cz.xml
new file mode 100644
index 000000000000..544c09ea99bb
--- /dev/null
+++ b/src/chrome/content/rules/PravyDiplom.cz.xml
@@ -0,0 +1,17 @@
+<!--
+	For other Masaryk University coverage, see Muni.cz.xml.
+
+	www: cert only matches ^pravydiplom.cz
+-->
+<ruleset name="PravyDiplom.cz">
+	<target host="pravydiplom.cz" />
+	<target host="www.pravydiplom.cz" />
+
+	<!--   Not secured by server:  -->
+	<!--securecookie host="^pravydiplom\.cz$" name="^issession$" /-->
+	<securecookie host="^pravydiplom\.cz$" name=".+" />
+
+
+	<rule from="^http://www\.pravydiplom\.cz/" to="https://pravydiplom.cz/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PrayerTimes.date.xml b/src/chrome/content/rules/PrayerTimes.date.xml
new file mode 100644
index 000000000000..5d04051b9438
--- /dev/null
+++ b/src/chrome/content/rules/PrayerTimes.date.xml
@@ -0,0 +1,8 @@
+<ruleset name="PrayerTimes.date">
+	<target host="prayertimes.date" />
+	<target host="www.prayertimes.date" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PreCharge.net.xml b/src/chrome/content/rules/PreCharge.net.xml
new file mode 100644
index 000000000000..0149b52efdf2
--- /dev/null
+++ b/src/chrome/content/rules/PreCharge.net.xml
@@ -0,0 +1,55 @@
+<!--
+	For other preCharge coverage, see PreCharge.com.xml.
+
+
+	Nonfunctional subdomains:
+
+		- www *
+
+	* Dropped, redirect destination doesn't exist
+
+
+	Problematic subdomains:
+
+		- affiliates *
+
+	* Dropped
+
+
+	Fully covered subdomains:
+
+		- affiliates *
+		- secure
+
+	* → affiliaes.precharge.com
+
+
+	^precharge.net doesn't exist.
+
+
+	Observed cookie domains:
+
+		- secure *
+
+	* Secured by us <= not secured by server
+
+-->
+<ruleset name="preCharge.net (partial)">
+
+	<target host="affiliates.precharge.net" />
+	<target host="secure.precharge.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<securecookie host="^secure\.precharge\.net$" name=".+" />
+
+
+	<!--	Server keeps path and args:
+						-->
+	<rule from="^http://affiliates\.precharge\.net/"
+		to="https://affiliates.precharge.com/" />
+
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PrecisionPros.com-mismatches.xml b/src/chrome/content/rules/PrecisionPros.com-mismatches.xml
index 29debb932a03..7f8808ce27e7 100644
--- a/src/chrome/content/rules/PrecisionPros.com-mismatches.xml
+++ b/src/chrome/content/rules/PrecisionPros.com-mismatches.xml
@@ -1,28 +1,25 @@
-<ruleset name="PrecisionPros.com (mismatches)" default_off="mismatch">
+<!--
+	Mixed content:
+
+		- Bug on (www.)?connectpros.com, (www.)?serverpros.com from www.teamviewer.com *
+
+	* Secured by us
+
+-->
+<ruleset name="PrecisionPros.com (mismatches)" default_off="mismatched">
 
 	<!--	cert: *.secureservers.net	-->
 	<target host="connectpros.com"/>
 	<target host="www.connectpros.com"/>
 	<!--	ditto	-->
-	<target host="dynamicpros.com"/>
-	<target host="www.dynamicpros.com"/>
-	<!--	ditto	-->
 	<target host="providertalk.com"/>
 	<target host="www.providertalk.com"/>
 	<!--	cert: *.precisionpros.com	-->
 	<target host="serverpros.com"/>
-	<target host="*.serverpros.com"/>
-
-	<rule from="^http://(?:www\.)?(connect|dynamic)pros\.com/"
-		to="https://www.$1pros.com/"/>
-
-	<rule from="^http://(?:www\.)?providertalk\.com/"
-		to="https://www.providertalk.com/"/>
+	<target host="www.serverpros.com"/>
 
-	<rule from="^http://serverpros\.com/"
-		to="https://www.serverpros.com/"/>
 
-	<rule from="^http://(vmcorp1|www)\.serverpros\.com/"
-		to="https://$1.serverpros.com/"/>
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/PrecisionPros.com.xml b/src/chrome/content/rules/PrecisionPros.com.xml
index 15662a62d6cb..28428d3a5bcd 100644
--- a/src/chrome/content/rules/PrecisionPros.com.xml
+++ b/src/chrome/content/rules/PrecisionPros.com.xml
@@ -1,11 +1,38 @@
-<!--	See PrecisionPros.com-mismatches.xml for problematic rules.
+<!--
+	Nonfunctional hosts:
+
+		- (www.)?dynamicpros.com *
+
+	* Shows default page
+
+
+	Problematic hosts in *precisionpros.com:
+
+		- ssl *
+
+	* Expired
+
+
+	These altnames don't exist:
+
+		- owa.precisionpros.com
+
+
+	Mixed content:
+
+		- Bug on ssl from www.teamviewer.com *
+
+	* Secured by us
+
 -->
 <ruleset name="PrecisionPros.com (partial)">
 
 	<target host="precisionpros.com"/>
+	<!--target host="ssl.precisionpros.com"/-->
 	<target host="www.precisionpros.com"/>
 
-	<rule from="^http://(ssl\.|www\.)?precisionpros\.com/"
-		to="https://$1precisionpros.com/"/>
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Precision_Marine_Tools.xml b/src/chrome/content/rules/Precision_Marine_Tools.xml
index b16dae3d63bb..710f6d412d52 100644
--- a/src/chrome/content/rules/Precision_Marine_Tools.xml
+++ b/src/chrome/content/rules/Precision_Marine_Tools.xml
@@ -1,13 +1,18 @@
-<ruleset name="Precision Marine Tools">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://precisionmarinetools.com/ => https://precisionmarinetools.com/: (51, "SSL: no alternative certificate subject name matches target host name 'precisionmarinetools.com'")
+
+-->
+<ruleset name="Precision Marine Tools" default_off="failed ruleset test">
 
 	<target host="precisionmarinetools.com" />
-	<target host="*.precisionmarinetools.com" />
+	<target host="www.precisionmarinetools.com" />
 
 
-	<securecookie host="^(?:.*\.)?precisionmarinetools\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(www\.)?precisionmarinetools\.com/"
-		to="https://$1precisionmarinetools.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Precursor_app.com.xml b/src/chrome/content/rules/Precursor_app.com.xml
new file mode 100644
index 000000000000..b9f43381afa1
--- /dev/null
+++ b/src/chrome/content/rules/Precursor_app.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="Precursor app.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="precursorapp.com" />
+	<target host="www.precursorapp.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Prediction.IO.xml b/src/chrome/content/rules/Prediction.IO.xml
new file mode 100644
index 000000000000..8fd11abd9f7c
--- /dev/null
+++ b/src/chrome/content/rules/Prediction.IO.xml
@@ -0,0 +1,73 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://blog.prediction.io/ => https://blog.prediction.io/: (28, 'Connection timed out after 20006 milliseconds')
+Fetch error: http://prev.prediction.io/ => https://prev.prediction.io/: (6, 'Could not resolve host: prev.prediction.io')
+Fetch error: http://static.prediction.io/ => https://static.prediction.io/: (6, 'Could not resolve host: static.prediction.io')
+
+	NB: Tor users cannot view* this website due to CloudFlare settings.
+
+	See:
+
+		- https://blog.torproject.org/blog/call-arms-helping-internet-services-accept-anonymous-users
+		- https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block-Tor-
+		- https://support.cloudflare.com/hc/en-us/articles/200170206-How-do-I-turn-I-m-Under-Attack-mode-on-
+
+	* without enabling javascript, for security and privacy implications see e.g.:
+
+		- https://www.mozilla.org/security/known-vulnerabilities/firefox.html
+		- https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-fingerprinting
+		- https://panopticlick.eff.org
+
+
+	Fully covered hosts in *prediction.io:
+
+		- (www.)?
+		- blog
+		- docs
+		- prev
+		- static
+		- templates
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .prediction.io
+		- templates.prediction.io
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- blog from $self *
+			- blog from static.prediction.io *
+
+	* Secured by us
+
+-->
+<ruleset name="Prediction.IO" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="prediction.io" />
+	<target host="blog.prediction.io" />
+	<target host="docs.prediction.io" />
+	<target host="prev.prediction.io" />
+	<target host="static.prediction.io" />
+	<target host="templates.prediction.io" />
+	<target host="www.prediction.io" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.prediction\.io$" name="^(__cfduid|cf_clearance)$" /-->
+	<!--securecookie host="^templates\.prediction\.io$" name="^_template_gallery_session$" /-->
+
+	<securecookie host="^(?:templates)?\.prediction\.io$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Preferred_Reservations.xml b/src/chrome/content/rules/Preferred_Reservations.xml
index 5e2b4d7dc35f..419a974ca6dd 100644
--- a/src/chrome/content/rules/Preferred_Reservations.xml
+++ b/src/chrome/content/rules/Preferred_Reservations.xml
@@ -1,10 +1,14 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://vr.preferred-reservations.com/ => https://vr.preferred-reservations.com/: (28, 'Connection timed out after 20008 milliseconds')
+
 	Problematic subdomains:
 
 		- www		(works; mismatched, CN: vr.preferred-reservations.com)
 
 -->
-<ruleset name="Preferred Reservations (partial)">
+<ruleset name="Preferred Reservations (partial)" default_off="failed ruleset test">
 
 	<target host="vr.preferred-reservations.com" />
 
@@ -12,7 +16,6 @@
 	<securecookie host="^vr\.preferred-reservations\.com$" name=".+" />
 
 
-	<rule from="^http://vr\.preferred-reservations\.com/"
-		to="https://vr.preferred-reservations.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Preisvergleich-Internet-Services-mismatches.xml b/src/chrome/content/rules/Preisvergleich-Internet-Services-mismatches.xml
index 98e1074cd1ac..0f1d2ec46617 100644
--- a/src/chrome/content/rules/Preisvergleich-Internet-Services-mismatches.xml
+++ b/src/chrome/content/rules/Preisvergleich-Internet-Services-mismatches.xml
@@ -2,14 +2,14 @@
 	For rules that are on by default, see Preisvergleich-Internet-Services.xml.
 
 -->
-<ruleset name="Preisvergleich Internet Services (mismatches)" default_off="mismatch">
+<ruleset name="Preisvergleich Internet Services (mismatches)" default_off="mismatched">
 
 	<!--	Cert: gzhls.at	-->
 	<target host="s.gzhls.at" />
 
 
 	<!--	Data aren't on //.	-->
-	<rule from="^http://s\.gzhls\.at/"
-		to="https://s.gzhls.at/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Preisvergleich-Internet-Services.xml b/src/chrome/content/rules/Preisvergleich-Internet-Services.xml
index aad8974757b4..a841175274d0 100644
--- a/src/chrome/content/rules/Preisvergleich-Internet-Services.xml
+++ b/src/chrome/content/rules/Preisvergleich-Internet-Services.xml
@@ -1,40 +1,43 @@
 <!--
-	For problematic rules, see
+	For problematic rules, see Preisvergleich-Internet-Services-mismatches.xml.
 
 
 	Other Preisvergleich Internet Services rulesets:
 
+		- bepixelung.org.xml
+		- Cenowarka.pl.xml
+		- Geizhals.at.xml
+		- Geizhals.de.xml
+		- Geizhals.eu.xml
 		- Skinflint.xml
 
 
 	Nonfunctional:
 
 		- (www.)666k.com	(cert: www.3dw6vge6tly5rdezb4m.net; reset)
-		- (www.)bepixelung.org
-		- (www.)cenowarka.pl
-		- (www.)geizhals.de
 
 -->
 <ruleset name="Preisvergleich Internet Services (partial)">
 
-	<target host="geizhals.at" />
-	<target host="www.geizhals.at" />
+	<!--	Direct rewrites:
+				-->
 	<target host="gzhls.at" />
-	<target host="b.gzhls.at" />
 	<target host="metashop.at" />
 	<target host="www.metashop.at" />
 
+		<test url="http://gzhls.at/b/at_s.gif" />
+
+	<!--	Complications:
+				-->
+	<target host="b.gzhls.at" />
 
-	<!--	Redirects to !www over http, doesn't over https.	-->
-	<rule from="^https?://(?:www\.)?geizhals\.at/"
-		to="https://geizhals.at/" />
 
 	<!--	Cert only matches //.
 		s doesn't exist on //.	-->
-	<rule from="^https?://(?:b\.)?gzhls\.at/"
+	<rule from="^http://b\.gzhls\.at/"
 		to="https://gzhls.at/" />
 
-	<rule from="^http://(www\.)?metashop\.at/"
-		to="https://$1metashop.at/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/PremierLiga.ru.xml b/src/chrome/content/rules/PremierLiga.ru.xml
new file mode 100644
index 000000000000..4d7e8efec328
--- /dev/null
+++ b/src/chrome/content/rules/PremierLiga.ru.xml
@@ -0,0 +1,20 @@
+<!--
+	Mismatched:
+		- www.app
+		- www.eng
+		- www.m
+		- www.premium
+-->
+<ruleset name="PremierLiga.ru">
+	<target host="premierliga.ru" />
+	<target host="www.premierliga.ru" />
+	<target host="app.premierliga.ru" />
+	<target host="autodiscover.premierliga.ru" />
+	<target host="eng.premierliga.ru" />
+	<target host="m.premierliga.ru" />
+	<target host="mail.premierliga.ru" />
+	<target host="premium.premierliga.ru" />
+	<target host="test.premierliga.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Premier_Tax_Free.xml b/src/chrome/content/rules/Premier_Tax_Free.xml
index 265db1e38031..1bd42f6a33e4 100644
--- a/src/chrome/content/rules/Premier_Tax_Free.xml
+++ b/src/chrome/content/rules/Premier_Tax_Free.xml
@@ -1,8 +1,4 @@
-<!--
-	CN: Parallels Panel
-
--->
-<ruleset name="Premier Tax Free" default_off="self-signed">
+<ruleset name="Premier Tax Free">
 
 	<target host="premiertaxfree.com" />
 	<target host="www.premiertaxfree.com" />
@@ -11,7 +7,7 @@
 	<securecookie host="^premiertaxfree\.com$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?premiertaxfree\.com/"
-		to="https://premiertaxfree.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Premiumize.xml b/src/chrome/content/rules/Premiumize.xml
index 642d7f5e1d96..de656bf9da03 100644
--- a/src/chrome/content/rules/Premiumize.xml
+++ b/src/chrome/content/rules/Premiumize.xml
@@ -1,14 +1,28 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- help.premiumize.me
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
 <ruleset name="Premiumize.me">
 
 	<target host="premiumize.me" />
-	<target host="*.premiumize.me" />
+	<target host="help.premiumize.me" />
+	<target host="secure.premiumize.me" />
+	<target host="www.premiumize.me" />
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^help\.premiumize\.me$" name="^SWIFT_(?:client|sessionid40)$" /-->
 
-	<securecookie host="^secure\.premiumize\.me$" name=".*" />
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<!--	Server redirects as so.		-->
-	<rule from="^http://(secure\.|www\.)?premiumize\.me/"
-		to="https://secure.premiumize.me/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Preney.ca.xml b/src/chrome/content/rules/Preney.ca.xml
new file mode 100644
index 000000000000..3b75a94a1c0f
--- /dev/null
+++ b/src/chrome/content/rules/Preney.ca.xml
@@ -0,0 +1,10 @@
+<ruleset name="Preney.ca">
+
+	<target host="preney.ca" />
+	<target host="www.preney.ca" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PressCoders.xml b/src/chrome/content/rules/PressCoders.xml
index decefd53148a..bdabd4c0341c 100644
--- a/src/chrome/content/rules/PressCoders.xml
+++ b/src/chrome/content/rules/PressCoders.xml
@@ -4,7 +4,6 @@
 	<target host="www.presscoders.com" />
 
 
-	<rule from="^http://(www\.)?presscoders\.com/"
-		to="https://$1presscoders.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/PressDisplay.com.xml b/src/chrome/content/rules/PressDisplay.com.xml
new file mode 100644
index 000000000000..1f79552296b6
--- /dev/null
+++ b/src/chrome/content/rules/PressDisplay.com.xml
@@ -0,0 +1,26 @@
+<!--
+	For other NewspaperDirect.com related rulesets, see NewspaperDirect.xml
+
+	Non-functional hosts
+		SSL connect error:
+		- pressdisplay.com
+		- processing.pressdisplay.com
+
+		SSL peer certificate was not OK:
+		- cache-styles.pressdisplay.com
+		- images2.pressdisplay.com
+
+		4xx client error:
+		- cache3-img1.pressdisplay.com
+		- reports.pressdisplay.com
+
+		Different content:
+		- www.pressdisplay.com
+		- library.pressdisplay.com
+-->
+<ruleset name="PressDisplay.com" default_off="ssl-error">
+	<target host="pressdisplay.com" />
+	<target host="processing.pressdisplay.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PressFreedomFoundation.org.xml b/src/chrome/content/rules/PressFreedomFoundation.org.xml
new file mode 100644
index 000000000000..e259c9baa14c
--- /dev/null
+++ b/src/chrome/content/rules/PressFreedomFoundation.org.xml
@@ -0,0 +1,17 @@
+<!--
+	Freedom of the Press Foundation
+
+	Redirects to freedom.press (preloaded)
+
+-->
+<ruleset name="Press Freedom Foundation.org" >
+
+	<target host="pressfreedomfoundation.org" />
+	<target host="www.pressfreedomfoundation.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PressLabs.com.xml b/src/chrome/content/rules/PressLabs.com.xml
new file mode 100644
index 000000000000..546427583305
--- /dev/null
+++ b/src/chrome/content/rules/PressLabs.com.xml
@@ -0,0 +1,32 @@
+<!--
+	Other Press Labs rulesets:
+
+		- PressLabs_SSL.xml
+
+	Login required:
+
+	Invalid certificate:
+		my.presslabs.com
+		status.presslabs.com
+
+-->
+<ruleset name="PressLabs.com">
+
+	<target host="presslabs.com" />
+	<target host="www.presslabs.com" />
+	<target host="api.presslabs.com" />
+		<test url="http://api.presslabs.com/login/?next=/" />
+	<target host="cdn.presslabs.com" />
+		<test url="http://cdn.presslabs.com/wp-content/themes/presslabs/images/screenshots/dashboard.png" />
+	<target host="billing.presslabs.com" />
+	<target host="dev.presslabs.com" />
+	<target host="cdn.dev.presslabs.com" />
+	<target host="docs.presslabs.com" />
+	<target host="o.presslabs.com" />
+
+	<securecookie host="^o\.presslabs\.com$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PressLabs.xml b/src/chrome/content/rules/PressLabs.xml
deleted file mode 100644
index 4a7a8dbec619..000000000000
--- a/src/chrome/content/rules/PressLabs.xml
+++ /dev/null
@@ -1,31 +0,0 @@
-<!--
-	Other Press Labs rulesets:
-
-		- PressLabs_SSL.xml
-
-
-	Nonfunctional subdomains:
-
-		- (www.)	(redirects to http; mismatched, CN: *.plssl.com)
-
-
-	Problematic subdomains:
-
-		- cdn	(times out)
-
--->
-<ruleset name="PressLabs (partial)">
-
-	<target host="*.presslabs.com" />
-
-
-	<securecookie host="^o\.presslabs\.com$" name=".+" />
-
-
-	<rule from="^http://cdn\.presslabs\.com/"
-		to="https://presslabs.plssl.com/" />
-
-	<rule from="^http://o(-assets)?\.presslabs\.com/"
-		to="https://o$1.presslabs.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/PressLabs_SSL.xml b/src/chrome/content/rules/PressLabs_SSL.xml
index 667d84c241e3..5a49ab6782c7 100644
--- a/src/chrome/content/rules/PressLabs_SSL.xml
+++ b/src/chrome/content/rules/PressLabs_SSL.xml
@@ -1,11 +1,15 @@
+
 <!--
-	For other Press Labs coverage, see PressLabs.xml.
+Disabled by https-everywhere-checker because:
+Fetch error: http://plssl.com/ => https://plssl.com/: (7, 'Failed to connect to plssl.com port 443: Connection refused')
+
+	For other Press Labs coverage, see PressLabs.com.xml.
 
 
 	Clients have unique subdomains.
 
 -->
-<ruleset name="PressLabs SSL">
+<ruleset name="PressLabs SSL" default_off="failed ruleset test">
 
 	<target host="plssl.com" />
 	<target host="*.plssl.com" />
@@ -14,4 +18,4 @@
 	<rule from="^http://([\w-]+\.)?plssl\.com/"
 		to="https://$1plssl.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/PressPage.com.xml b/src/chrome/content/rules/PressPage.com.xml
new file mode 100644
index 000000000000..ac036246ed2e
--- /dev/null
+++ b/src/chrome/content/rules/PressPage.com.xml
@@ -0,0 +1,42 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://client.presspage.com/ => https://client.presspage.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	(www.)?presspage.com: Shows default page
+
+
+	CDN buckets:
+
+		- presspage-production-content.s3.amazonaws.com
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- client.presspage.com
+		- manager.presspage.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="PressPage.com (partial)" default_off="failed ruleset test">
+
+	<target host="client.presspage.com" />
+	<target host="content.presspage.com" />
+	<target host="manager.presspage.com" />
+
+		<test url="http://content.presspage.com/uploads/751/500_houseimagenr.jpg?10000" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^client\.presspage\.com$" name="^PPSESSION$" /-->
+	<!--securecookie host="^manager\.presspage\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PressPlay.co.xml b/src/chrome/content/rules/PressPlay.co.xml
new file mode 100644
index 000000000000..3978cce52733
--- /dev/null
+++ b/src/chrome/content/rules/PressPlay.co.xml
@@ -0,0 +1,6 @@
+<ruleset name="PressPlay.co">
+	<target host="pressplay.co" />
+	<target host="www.pressplay.co" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PressPlus.xml b/src/chrome/content/rules/PressPlus.xml
index 4696ac55365d..b9abcb52ae72 100644
--- a/src/chrome/content/rules/PressPlus.xml
+++ b/src/chrome/content/rules/PressPlus.xml
@@ -1,15 +1,12 @@
 <!--
-	CDN buckets:
-
-		- s3.amazonaws.com/s.ppjol.net/ | dsgvj67ifn3r0.cloudfront.net
-
-			- s.ppjol.net
-
-
 	Nonfunctional domains:
 
-		- (www.)mypressplus.com
+	Self-signed certificates:
+		- mypressplus.com
+		- www.mypressplus.com
 
+	Redirect to HTTP:
+		- s.ppjol.net
 
 	ppjol sets the following wildcard cookies
 	on whichever domain it is loaded from:
@@ -18,28 +15,13 @@
 		- ppThirdPartyCookieFound
 
 -->
-<ruleset name="Press+ (partial)">
+<ruleset name="Press+ (partial)" default_off="cert-invalid">
 
 	<target host="mypressplus.com" />
-	<target host="*.mypressplus.com" />
-	<target host="*.ppjol.com" />
+	<target host="www.mypressplus.com" />
 	<target host="s.ppjol.net" />
 
-
-	<securecookie host="^h?\.ppjol\.com$" name=".+" />
-	<securecookie host="^accounts\.mypressplus\.com$" name=".*" />
-
-
-	<rule from="^http://(?:www\.)?mypressplus\.com/themes/press_plus/img/header/(bg_green|bg_tan|logo)\.png"
-		to="https://accounts.mypressplus.com/images/header/$1.png" />
-
-	<rule from="^http://accounts\.mypressplus\.com/"
-		to="https://accounts.mypressplus.com/" />
-
-	<rule from="^http://(h|ui)\.ppjol\.com/"
-		to="https://$1.ppjol.com/" />
-
-	<rule from="^http://s\.ppjol\.net/"
-		to="https://dsgvj67ifn3r0.cloudfront.net/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/PressReader.com.xml b/src/chrome/content/rules/PressReader.com.xml
new file mode 100644
index 000000000000..6bf655417fe5
--- /dev/null
+++ b/src/chrome/content/rules/PressReader.com.xml
@@ -0,0 +1,58 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cache3-res.pressreader.com/ => https://cache3-res.pressreader.com/: (60, 'SSL certificate problem: certificate has expired')
+
+	Other PressReader rulesets:
+
+		- NewspaperDirect.xml
+
+
+	Nonfunctional hosts in *pressreader.com:
+
+		- about ᵈ
+		- www.about ʰ
+		- cache-res ⁴
+
+	⁴ 404
+	ᵈ Dropped
+	ʰ Redirects to http
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- secure.pressreader.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css on secure from fonts.googleapis.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="PressReader.com (partial)" default_off="failed ruleset test">
+
+	<target host="pressreader.com" />
+	<target host="cache3-res.pressreader.com" />
+	<target host="cdn-res.pressreader.com" />
+	<target host="secure.pressreader.com" />
+	<target host="services.pressreader.com" />
+	<target host="www.pressreader.com" />
+
+		<test url="http://cdn-res.pressreader.com/res/en-us/g1722/t220133984/images/se_nytimes_gfx_body.gif" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^secure\.pressreader\.com$" name="^AProfile$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Pressable.com.xml b/src/chrome/content/rules/Pressable.com.xml
new file mode 100644
index 000000000000..aa146713efb6
--- /dev/null
+++ b/src/chrome/content/rules/Pressable.com.xml
@@ -0,0 +1,39 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://static.pressable.com/ => https://static.pressable.com/: (6, 'Could not resolve host: static.pressable.com')
+
+	Problematic hosts in *pressable.com:
+
+		- status *
+
+	* Wordpress
+
+
+	Insecure cookies are set for these hosts:
+
+		- help.pressable.com
+
+-->
+<ruleset name="Pressable.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="pressable.com" />
+	<target host="help.pressable.com" />
+	<target host="static.pressable.com" />
+	<!--target host="status.pressable.com" /-->
+	<target host="www.pressable.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^help\.pressable\.com$" name="^_helpkit_session$" /-->
+
+	<securecookie host="^help\.pressable\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Presseportal.de.xml b/src/chrome/content/rules/Presseportal.de.xml
new file mode 100644
index 000000000000..9bd2bbc7ca97
--- /dev/null
+++ b/src/chrome/content/rules/Presseportal.de.xml
@@ -0,0 +1,30 @@
+<!--
+	Invalid certificate:
+		www.finanz.presseportal.de
+		footage.presseportal.de
+		www.it.presseportal.de
+		otsvideo.presseportal.de
+
+	Non-2xx HTTP code:
+		mobil.presseportal.de
+
+	Timeout:
+		leka.presseportal.de
+-->
+<ruleset name="Presseportal.de">
+
+	<target host="presseportal.de" />
+	<target host="www.presseportal.de" />
+	<target host="amp.presseportal.de" />
+	<target host="api.presseportal.de" />
+	<target host="embed.presseportal.de" />
+	<target host="fbia.presseportal.de" />
+	<target host="finanz.presseportal.de" />
+	<target host="it.presseportal.de" />
+	<target host="text.presseportal.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Pressflex-mismatches.xml b/src/chrome/content/rules/Pressflex-mismatches.xml
index f0ddb6dfac0c..9b0953dfea3e 100644
--- a/src/chrome/content/rules/Pressflex-mismatches.xml
+++ b/src/chrome/content/rules/Pressflex-mismatches.xml
@@ -8,7 +8,7 @@
 	<target host="www.pressflex.com" />
 
 
-	<rule from="^https?://(?:www\.)?pressflex\.com/"
+	<rule from="^http://(?:www\.)?pressflex\.com/"
 		to="https://pressflex.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Pressflex.xml b/src/chrome/content/rules/Pressflex.xml
index 7650873fba4d..f11ec7727bc8 100644
--- a/src/chrome/content/rules/Pressflex.xml
+++ b/src/chrome/content/rules/Pressflex.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://blogads.com/ => https://web.blogads.com/: (60, 'SSL certificate problem: certificate has expired')
+
 	For problematic rules, see Pressflex-self-signed.xml.
 
 
@@ -14,16 +18,17 @@
 		- adserver.pressflex.com	(self-signed; 404)
 
 -->
-<ruleset name="Pressflex (partial)">
+<ruleset name="Pressflex (partial)" default_off="failed ruleset test">
 
 	<target host="blogads.com" />
-	<target host="*.blogads.com" />
+	<target host="web.blogads.com" />
+	<target host="www.blogads.com" />
 
 
 	<!--	- Cert only matches web
 		- // & www 301 to web
 						-->
-	<rule from="^https?://(?:web\.|www\.)?blogads\.com/"
+	<rule from="^http://(?:web\.|www\.)?blogads\.com/"
 		to="https://web.blogads.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Prestashop.com.xml b/src/chrome/content/rules/Prestashop.com.xml
new file mode 100644
index 000000000000..dc2cbcac7708
--- /dev/null
+++ b/src/chrome/content/rules/Prestashop.com.xml
@@ -0,0 +1,74 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://medias1.prestashop.com/ => https://medias1.prestashop.com/: (6, 'Could not resolve host: medias1.prestashop.com')
+Fetch error: http://medias2.prestashop.com/ => https://medias2.prestashop.com/: (6, 'Could not resolve host: medias2.prestashop.com')
+Fetch error: http://medias3.prestashop.com/ => https://medias3.prestashop.com/: (6, 'Could not resolve host: medias3.prestashop.com')
+
+	Refused:
+	doc.prestashop.com
+	scm.prestashop.com
+	themes.prestashop.com
+	forge.prestashop.com
+	nora.prestashop.com
+
+	Mismatch:
+	status.prestashop.com
+	build.prestashop.com
+
+	Timeout:
+	fo.demo.prestashop.com
+	demo.prestashop.com
+	barcamp.prestashop.com
+	newsletter.prestashop.com
+
+	Forbidden:
+	weare1million.prestashop.com
+
+
+	Insecure cookies are set for these domains: ᶜ
+
+		- .prestashop.com
+		- .addons.prestashop.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="PrestaShop.com" default_off="failed ruleset test">
+
+	<target host="prestashop.com" />
+	<target host="addons.prestashop.com" />
+	<target host="ambassadors.prestashop.com" />
+	<target host="img-cdn.prestashop.com" />
+	<target host="medias1.prestashop.com" />
+	<target host="medias2.prestashop.com" />
+	<target host="medias3.prestashop.com" />
+	<target host="validator.prestashop.com" />
+	<target host="www.prestashop.com" />
+
+		<test url="http://img-cdn.prestashop.com/separator-mobile-menu.png" />
+		<test url="http://medias1.prestastore.com/themes/prestastore/img/front/menu/menu-great-deals.png" />
+		<test url="http://medias2.prestastore.com/img//pico/22267.jpg" />
+		<test url="http://medias3.prestastore.com/modules/addons_freeblock/img/en/conversions_en.png" />
+
+	<!--	Complications:
+				-->
+	<target host="status.prestashop.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.prestashop\.com$" name="^PSDOTCOM42$" /-->
+	<!--securecookie host="^\.addons\.prestashop\.com$" name="^[\da-f]{32}$" /-->
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^(?!\.prestashop\.com$)." name=".+" />
+
+
+	<rule from="^http://status\.prestashop\.com/"
+		to="https://prestashop.statuspage.io/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Pretty-in-Cash-mismatches.xml b/src/chrome/content/rules/Pretty-in-Cash-mismatches.xml
index 0538c957077f..b99cecde6053 100644
--- a/src/chrome/content/rules/Pretty-in-Cash-mismatches.xml
+++ b/src/chrome/content/rules/Pretty-in-Cash-mismatches.xml
@@ -1,4 +1,4 @@
-<ruleset name="Pretty in Cash (mismatches)" default_off="mismatch">
+<ruleset name="Pretty in Cash (mismatches)" default_off="mismatched">
 
 	<!--	exgf.teenbff.com	-->
 	<target host="join.boozedgfs.com"/>
diff --git a/src/chrome/content/rules/Pretty-in-Cash.xml b/src/chrome/content/rules/Pretty-in-Cash.xml
index f98066458502..e8117056dbce 100644
--- a/src/chrome/content/rules/Pretty-in-Cash.xml
+++ b/src/chrome/content/rules/Pretty-in-Cash.xml
@@ -1,8 +1,13 @@
-<ruleset name="Pretty in Cash (partial)">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://exgf.teenbff.com/ => https://exgf.teenbff.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+-->
+<ruleset name="Pretty in Cash (partial)" default_off="failed ruleset test">
 
 	<target host="exgf.teenbff.com"/>
 
-	<rule from="^http://exgf\.teenbff\.com/"
-		to="https://exgf.teenbff.com/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/PrettyEasyPrivacy.com.xml b/src/chrome/content/rules/PrettyEasyPrivacy.com.xml
new file mode 100644
index 000000000000..341e006db4f6
--- /dev/null
+++ b/src/chrome/content/rules/PrettyEasyPrivacy.com.xml
@@ -0,0 +1,14 @@
+<!--
+	For related rulesets, see PEP-project.org.xml
+
+-->
+<ruleset name="pretty Easy privacy.com">
+
+	<target host="prettyeasyprivacy.com" />
+	<target host="www.prettyeasyprivacy.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PrettyLightsMusic.com.xml b/src/chrome/content/rules/PrettyLightsMusic.com.xml
new file mode 100644
index 000000000000..9fa051f528f9
--- /dev/null
+++ b/src/chrome/content/rules/PrettyLightsMusic.com.xml
@@ -0,0 +1,17 @@
+<!--
+	Invalid certificate:
+		cdn.prettylightsmusic.com
+		en.prettylightsmusic.com
+		mcdn.prettylightsmusic.com
+		welcome.prettylightsmusic.com
+
+-->
+<ruleset name="Pretty Lights Music.com">
+
+	<target host="prettylightsmusic.com"/>
+	<target host="www.prettylightsmusic.com"/>
+	<target host="store.prettylightsmusic.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PrettyLightsMusic.xml b/src/chrome/content/rules/PrettyLightsMusic.xml
deleted file mode 100644
index 0c1256d025c9..000000000000
--- a/src/chrome/content/rules/PrettyLightsMusic.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="Pretty Lights Music" platform="mixedcontent">
-
-	<target host="prettylightsmusic.com"/>
-	<target host="www.prettylightsmusic.com"/>
-
-	<rule from="^http://(www\.)?prettylightsmusic\.com/"
-		to="https://prettylightsmusic.com/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/PrettyLittleThing.com.xml b/src/chrome/content/rules/PrettyLittleThing.com.xml
index e1c86907d3ea..f4e1bd49d35d 100644
--- a/src/chrome/content/rules/PrettyLittleThing.com.xml
+++ b/src/chrome/content/rules/PrettyLittleThing.com.xml
@@ -1,13 +1,12 @@
 <ruleset name="PrettyLittleThing.com">
 
 	<target host="prettylittlething.com" />
-	<target host="*.prettylittlething.com" />
+	<target host="www.prettylittlething.com" />
 
 
 	<securecookie host="\.(?:www\.)?prettylittlething\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?prettylittlething\.com/"
-		to="https://$1prettylittlething.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Previa.se.xml b/src/chrome/content/rules/Previa.se.xml
index 4747f214c3f8..d68d1cb70796 100644
--- a/src/chrome/content/rules/Previa.se.xml
+++ b/src/chrome/content/rules/Previa.se.xml
@@ -2,5 +2,5 @@
   <target host="previa.se" />
   <target host="www.previa.se" />
 
-  <rule from="^http://(?:www\.)?previa\.se/" to="https://www.previa.se/" />
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Prey.xml b/src/chrome/content/rules/Prey.xml
deleted file mode 100644
index afcaa9d6ca35..000000000000
--- a/src/chrome/content/rules/Prey.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	support.preyproject.com is handled mostly in ENTP-clients.xml.
-
--->
-<ruleset name="Prey (partial)">
-
-	<target host="preyproject.com" />
-	<target host="*.preyproject.com" />
-
-
-	<securecookie host="^.+\.preyproject\.com$" name=".+" />
-
-
-	<!--	www: cert only matches ^preyproject.com.
-							-->
-	<rule from="^https?://(?:(panel\.)|www\.)?preyproject\.com/"
-		to="https://$1preyproject.com/" />
-
-	<rule from="^https?://support\.preyproject\.com/(help|pkg|stylesheets)/"
-		to="https://asset-1.tenderapp.com/$1/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/PreyProject.com.xml b/src/chrome/content/rules/PreyProject.com.xml
new file mode 100644
index 000000000000..7217742f8589
--- /dev/null
+++ b/src/chrome/content/rules/PreyProject.com.xml
@@ -0,0 +1,31 @@
+<!--
+	Invalid certificate:
+		answers.preyproject.com
+		ayuda.preyproject.com
+		help.preyproject.com
+		static.preyproject.com
+		support.preyproject.com
+
+	No working URL known:
+		control.preyproject.com
+
+	Refused:
+		mx2.preyproject.com
+
+-->
+<ruleset name="PreyProject.com">
+
+	<target host="preyproject.com" />
+	<target host="www.preyproject.com" />
+	<target host="missile.preyproject.com" />
+	<target host="panel.preyproject.com" />
+	<target host="solid.preyproject.com" />
+		<test url="http://solid.preyproject.com/test" />
+	<target host="toshiba.preyproject.com" />
+
+	<securecookie host="^.+\.preyproject\.com$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PreyProject.xml b/src/chrome/content/rules/PreyProject.xml
deleted file mode 100644
index 837d7e0a56ff..000000000000
--- a/src/chrome/content/rules/PreyProject.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="PreyProject">
-  <target host="control.preyproject.com" />
-  <target host="panel.preyproject.com" />
-
-  <securecookie host="^(control|panel)\.preyproject\.com$" name=".*"/>
-
-  <rule from="^http://(control|panel)\.preyproject\.com/" to="https://$1.preyproject.com/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/Prezi.com.xml b/src/chrome/content/rules/Prezi.com.xml
new file mode 100644
index 000000000000..ef693582eb46
--- /dev/null
+++ b/src/chrome/content/rules/Prezi.com.xml
@@ -0,0 +1,27 @@
+<!--
+	CDN buckets:
+
+		- prezi-a.akamaihd.net
+		- d3ahn172ndlj85.cloudfront.net
+
+-->
+<ruleset name="Prezi.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="prezi.com" />
+	<target host="www.prezi.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^prezi\.com$" name="^(_ptref|__pld|__putma)$" /-->
+	<!--securecookie host="^\.prezi\.com$" name="^(csrftoken|prezi-auth)$" /-->
+
+	<securecookie host="^\.?prezi\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Prgmr.com.xml b/src/chrome/content/rules/Prgmr.com.xml
new file mode 100644
index 000000000000..14af28204504
--- /dev/null
+++ b/src/chrome/content/rules/Prgmr.com.xml
@@ -0,0 +1,33 @@
+<!--
+	Nonfunctional hosts in *prgmr.com:
+
+		- wiki ʳ
+
+	ʳ Refused
+
+
+	www.prgmr.com: Mismatched
+
+-->
+<ruleset name="prgmr.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="prgmr.com" />
+	<target host="billing.prgmr.com" />
+
+	<!--	Complications:
+				-->
+	<target host="www.prgmr.com" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://www\.prgmr\.com/"
+		to="https://prgmr.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Priberam.pt.xml b/src/chrome/content/rules/Priberam.pt.xml
index cce5fd524496..7763360def66 100644
--- a/src/chrome/content/rules/Priberam.pt.xml
+++ b/src/chrome/content/rules/Priberam.pt.xml
@@ -2,5 +2,5 @@
   <target host="priberam.pt" />
   <target host="www.priberam.pt" />
 
-  <rule from="^http://(?:www\.)?priberam\.pt/" to="https://www.priberam.pt/" />
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Price.com.hk.xml b/src/chrome/content/rules/Price.com.hk.xml
new file mode 100644
index 000000000000..3a3264f02e35
--- /dev/null
+++ b/src/chrome/content/rules/Price.com.hk.xml
@@ -0,0 +1,49 @@
+<!--
+	Non-functional hosts
+		Couldn't resolve host name:
+			 - 11.price.com.hk
+			 - 5320www.price.com.hk
+			 - price.com.price.com.hk
+			 - dwww.price.com.hk
+			 - hackertrace1.internal.nsa.gov.price.com.hk
+			 - hackertrace2.internal.nsa.gov.price.com.hk
+			 - hackertrace3.internal.nsa.gov.price.com.hk
+			 - hackertrace4.internal.nsa.gov.price.com.hk
+			 - www.hkwallet.price.com.hk
+			 - www.hkwallet-fe.price.com.hk
+			 - www.kjg.price.com.hk
+			 - ns1.price.com.hk
+			 - ns2.price.com.hk
+			 - programs.price.com.hk
+
+		Timeout was reached:
+			 - kjg.price.com.hk
+			 - staging.price.com.hk
+			 - staging2.price.com.hk
+
+		SSL peer certificate or SSH remote key was not OK:
+			 - hotel.price.com.hk
+			 - link.price.com.hk
+			 - l.link.price.com.hk
+			 - r.mailer.price.com.hk
+
+		Status code mismatch:
+			 - i.price.com.hk
+
+		4xx client error:
+			 - tr.price.com.hk
+			 - yahoo.price.com.hk
+
+		Secure connection redirects to plaintext:
+			 - www.price.com.hk
+			 - api.price.com.hk
+			 - m.price.com.hk (on mobile)
+-->
+<ruleset name="Price.com.hk (partial)">
+	<target host="price.com.hk" />
+	<target host="hkwallet.price.com.hk" />
+	<target host="hkwallet-fe.price.com.hk" />
+	<target host="im.price.com.hk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Price.ua-problematic.xml b/src/chrome/content/rules/Price.ua-problematic.xml
new file mode 100644
index 000000000000..182cc59e14bb
--- /dev/null
+++ b/src/chrome/content/rules/Price.ua-problematic.xml
@@ -0,0 +1,16 @@
+<!--
+	For rules that are on by default, see Price.ua.xml.
+
+-->
+<ruleset name="Price.ua (mismatched)" default_off="mismatched">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="price.ua" />
+	<target host="www.price.ua" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Price.ua.xml b/src/chrome/content/rules/Price.ua.xml
new file mode 100644
index 000000000000..dd13e6f0ec7b
--- /dev/null
+++ b/src/chrome/content/rules/Price.ua.xml
@@ -0,0 +1,41 @@
+<!--
+	For problematic rules, see Price.ua-problematic.xml.
+
+
+	Nonfunctional subdomains:
+
+		- blog ¹
+		- company ¹
+		- i[1-4] ²
+		- ssl ³
+
+	¹ Shows www
+	² Refused
+	³ Reset
+
+
+	(www.)?: Cert only matches ssl
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- ^ from blog ¹
+			- ^ from i[1-4] ²
+
+	¹ Unsecurable <= shows www
+	² Unsecurable <= refused
+
+-->
+<ruleset name="Price.ua (partial)" default_off="connection reset">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ssl.price.ua" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PriceGrabber-clients.xml b/src/chrome/content/rules/PriceGrabber-clients.xml
index a7662200f8ff..d060ec604bf5 100644
--- a/src/chrome/content/rules/PriceGrabber-clients.xml
+++ b/src/chrome/content/rules/PriceGrabber-clients.xml
@@ -1,20 +1,25 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://hothardware.pricegrabber.com/ => https://hothardware.pricegrabber.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://hothardware.pricegrabber.com/ => https://hothardware.pricegrabber.com/: (51, "SSL: no alternative certificate subject name matches target host name 'hothardware.pricegrabber.com'")
 	This ruleset is for PriceGrabber clients who
 	otherwise have no rules off by default.
 
 -->
-<ruleset name="PriceGrabber clients">
+<ruleset name="PriceGrabber clients" default_off="failed ruleset test">
 
 	<target host="hothardware.pricegrabber.com" />
 
 
-	<securecookie host="^hothardware\.pricegrabber\.com$" name=".*" />
+	<securecookie host="^hothardware\.pricegrabber\.com$" name=".+" />
 
 
 	<!--	- Clients have unique subdomains
 		- Cert only matches www
 				-->
-	<rule from="^http://hothardware\.pricegrabber\.com/"
-		to="https://hothardware.pricegrabber.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/PriceGrabber.xml b/src/chrome/content/rules/PriceGrabber.xml
index d51e9600cbb6..77f80f7bbfae 100644
--- a/src/chrome/content/rules/PriceGrabber.xml
+++ b/src/chrome/content/rules/PriceGrabber.xml
@@ -1,45 +1,89 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://partner.pricegrabber.com/ => https://partner.pricegrabber.com/: (6, 'Could not resolve host: partner.pricegrabber.com')
+Fetch error: http://www.pricegrabber.com/ => https://www.pricegrabber.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://pricegrabber.com/ => https://www.pricegrabber.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://ah.pricegrabber.com/ => https://d2xu6t5g41jmzy.cloudfront.net/: (6, 'Could not resolve host: d2xu6t5g41jmzy.cloudfront.net')
+Fetch error: http://ai.pricegrabber.com/ => https://www.pricegrabber.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://partners.pricegrabber.com/ => https://partner.pricegrabber.com/: (6, 'Could not resolve host: partner.pricegrabber.com')
+
 	Clients are handled in PriceGrabber-clients.xml.
 
 
-	Problematic domains:
+	CDN buckets:
+
+		- d2iz0h6pqiasve.cloudfront.net
+
+		- d2xu6t5g41jmzy.cloudfront.net
 
-		- i.pgcdn.com *
+			- ah.pricegrabber.com
+
+
+	Problematic domains:
 
 		- *.pgpartner.com	(works; mismatched, CN: www.pricegrabber.com)
 
 		- pricegrabber.com subdomains:
 
 			- ^	(cert only matches www)
-			- ah *
+			- ah ³
 			- ai *
+			- partners ²
 
+	² Mismatched
+	³ Cloudfront
 	* Akamai
 
+
+	images.pricegrabber.com: Dropped over http & https
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .pricegrabber.com
+		- www.pricegrabber.com
+
+
+	Mixed content:
+
+		- Images on www from cfsi.pgcdn.com
+		- Ads on www from $self
+
 -->
-<ruleset name="PriceGrabber" platform="mixedcontent">
+<ruleset name="PriceGrabber.com" default_off="failed ruleset test">
 
-	<target host="i.pgcdn.com" />
-	<target host="pricegrabber.com" />
-	<target host="*.pricegrabber.com" />
+	<!--	Direct rewrites:
+				-->
+	<target host="partner.pricegrabber.com" />
+	<target host="www.pricegrabber.com" />
 
+	<!--	Complications:
+				-->
+	<target host="pricegrabber.com" />
+	<target host="ah.pricegrabber.com" />
+	<target host="ai.pricegrabber.com" />
+	<target host="partners.pricegrabber.com" />
 
-	<!--	Observed cookie domains:
 
-			- .
-			- images
-			- www
+	<!--	Not secured by server:
 					-->
+	<!--securecookie host="\.pricegrabber\.com$" name="^(dw_expire|dw_s_epoch_time|dw_s_id|dw_s_not_log|traffic|ut_cookie|ut_timestamp)$" /-->
+	<!--securecookie host="www\.pricegrabber\.com$" name="^(Apache|PGLB|PHPSESSID)$" /-->
+
 	<securecookie host=".*\.pricegrabber\.com$" name=".+" />
 
 
-	<rule from="^http://i\.pgcdn\.com/"
-		to="https://images.pricegrabber.com/" />
+	<rule from="^http://ah\.pricegrabber\.com/"
+		to="https://d2xu6t5g41jmzy.cloudfront.net/" />
 
-	<rule from="^http://(?:a[hi]\.|www\.)?pricegrabber\.com/"
+	<rule from="^http://(?:ai\.)?pricegrabber\.com/"
 		to="https://www.pricegrabber.com/"/>
 
-	<rule from="^http://(images|partner)\.pricegrabber\.com/"
-		to="https://$1.pricegrabber.com/" />
+	<rule from="^http://partners\.pricegrabber\.com/"
+		to="https://partner.pricegrabber.com/"/>
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/PriceRunner.xml b/src/chrome/content/rules/PriceRunner.xml
index f54d32c6c63a..1710fa4d1475 100644
--- a/src/chrome/content/rules/PriceRunner.xml
+++ b/src/chrome/content/rules/PriceRunner.xml
@@ -14,9 +14,11 @@
 <ruleset name="PriceRunner (partial)" platform="mixedcontent">
 
 	<target host="pricerunner.com" />
-	<target host="*.pricerunner.com" />
+	<target host="www.pricerunner.com" />
+	<target host="partner.pricerunner.com" />
+	<target host="secure.pricerunner.com" />
 	<target host="pricerunner.co.uk" />
-	<target host="*.pricerunner.co.uk" />
+	<target host="www.pricerunner.co.uk" />
 
 
 	<securecookie host="^(?:partner|secure)\.pricerunner\.com$" name=".+" />
@@ -28,4 +30,4 @@
 	<rule from="^http://(partner|secure)\.pricerunner\.com/"
 		to="https://$1.pricerunner.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Priceonomics.com.xml b/src/chrome/content/rules/Priceonomics.com.xml
new file mode 100644
index 000000000000..9f9766f91da4
--- /dev/null
+++ b/src/chrome/content/rules/Priceonomics.com.xml
@@ -0,0 +1,18 @@
+<ruleset name="Priceonomics.com (partial)">
+
+	<target host="priceonomics.com" />
+	<target host="www.priceonomics.com" />
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="http://priceonomics\.com/($|favicon\.ico)" /-->
+		<!--
+			Exclusions:
+					-->
+		<!--exclusion pattern="http://priceonomics\.com/+(?!static/)" /-->
+
+
+	<rule from="^http://(www\.)?priceonomics\.com/static/"
+		to="https://$1priceonomics.com/static/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Priceza.com.xml b/src/chrome/content/rules/Priceza.com.xml
index 93a49eb40aef..e98e0526fb2b 100644
--- a/src/chrome/content/rules/Priceza.com.xml
+++ b/src/chrome/content/rules/Priceza.com.xml
@@ -2,5 +2,5 @@
   <target host="priceza.com" />
   <target host="www.priceza.com" />
 
-  <rule from="^http://(www\.)?priceza\.com/" to="https://www.priceza.com/" />
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Pridewatch.tw.xml b/src/chrome/content/rules/Pridewatch.tw.xml
new file mode 100644
index 000000000000..9b6c9d846550
--- /dev/null
+++ b/src/chrome/content/rules/Pridewatch.tw.xml
@@ -0,0 +1,12 @@
+<!--
+	HTTP 525:
+		- pridewatch.tw
+		- www.pridewatch.tw
+
+-->
+<ruleset name="Pridewatch.tw (partial)">
+	<target host="lightup.pridewatch.tw" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Primabanka.sk.xml b/src/chrome/content/rules/Primabanka.sk.xml
new file mode 100644
index 000000000000..d1a1edaed20e
--- /dev/null
+++ b/src/chrome/content/rules/Primabanka.sk.xml
@@ -0,0 +1,8 @@
+<ruleset name="Primabanka.sk">
+  <target host="primabanka.sk" />
+  <target host="www.primabanka.sk" />
+  <target host="ib.primabanka.sk" />
+
+  <rule from="^http://(?:www\.)?primabanka\.sk/" to="https://www.primabanka.sk/" />
+  <rule from="^http://ib\.primabanka\.sk/" to="https://ib.primabanka.sk/" />
+</ruleset>
diff --git a/src/chrome/content/rules/Primal_Blueprint.com.xml b/src/chrome/content/rules/Primal_Blueprint.com.xml
new file mode 100644
index 000000000000..ff478e9a327e
--- /dev/null
+++ b/src/chrome/content/rules/Primal_Blueprint.com.xml
@@ -0,0 +1,32 @@
+<!--
+	Nonfunctional hosts in *primalblueprint.com:
+
+		- blog *
+
+	* Refused
+
+
+	Insecure cookies are set for these domains:
+
+		- .www.primalblueprint.com
+
+-->
+<ruleset name="Primal Blueprint.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="primalblueprint.com" />
+	<target host="www.primalblueprint.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.www\.primalblueprint\.com$" name="^frontend$" /-->
+
+	<securecookie host="^\.www\.primalblueprint\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Primbank.ru.xml b/src/chrome/content/rules/Primbank.ru.xml
new file mode 100644
index 000000000000..25a66a2e84bf
--- /dev/null
+++ b/src/chrome/content/rules/Primbank.ru.xml
@@ -0,0 +1,13 @@
+<!--webqueue. timed out
+prazdnik. refused-->
+<ruleset name="Primbank.ru">
+	<target host="primbank.ru" />
+	<target host="www.primbank.ru" />
+	<target host="eks.primbank.ru" />
+	<target host="free.primbank.ru" />
+	<target host="client.primbank.ru" />
+	<target host="twecv.primbank.ru" />
+	<target host="mybank.primbank.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PrimeCaster.net.xml b/src/chrome/content/rules/PrimeCaster.net.xml
new file mode 100644
index 000000000000..d4b885e241b2
--- /dev/null
+++ b/src/chrome/content/rules/PrimeCaster.net.xml
@@ -0,0 +1,10 @@
+<ruleset name="PrimeCaster.net">
+
+	<target host="www.primecaster.net" />
+
+	<target host="api.primecaster.net" />
+	<target host="stg.primecaster.net" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PrimeGrid.com.xml b/src/chrome/content/rules/PrimeGrid.com.xml
new file mode 100644
index 000000000000..bffaea52e68e
--- /dev/null
+++ b/src/chrome/content/rules/PrimeGrid.com.xml
@@ -0,0 +1,13 @@
+<!--
+	Refused:
+		- prpnet.primegrid.com
+		- dev.primegrid.com
+-->
+<ruleset name="PrimeGrid.com">
+	<target host="primegrid.com" />
+	<target host="www.primegrid.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PrimeHost.ca.xml b/src/chrome/content/rules/PrimeHost.ca.xml
new file mode 100644
index 000000000000..993d9d2d3433
--- /dev/null
+++ b/src/chrome/content/rules/PrimeHost.ca.xml
@@ -0,0 +1,11 @@
+<!--
+	Invalid certificate:
+		- webmail.primehost.ca
+-->
+
+<ruleset name="PrimeHost.ca">
+	<target host="primehost.ca" />
+	<target host="www.primehost.ca" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Primedice.com.xml b/src/chrome/content/rules/Primedice.com.xml
new file mode 100644
index 000000000000..1ca11515130d
--- /dev/null
+++ b/src/chrome/content/rules/Primedice.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .primedice.com
+
+-->
+<ruleset name="Primedice.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="primedice.com" />
+	<target host="www.primedice.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.primedice\.com$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.primedice\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Primes_Eco_Energie.com.xml b/src/chrome/content/rules/Primes_Eco_Energie.com.xml
deleted file mode 100644
index 9b5af7a3444f..000000000000
--- a/src/chrome/content/rules/Primes_Eco_Energie.com.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Primes Eco Energie.com">
-
-	<target host="primesecoenergie.com" />
-	<target host="*.primesecoenergie.com" />
-
-
-	<securecookie host="^(?:w*\.)?primesecoenergie\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?primesecoenergie\.com/"
-		to="https://$1primesecoenergie.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Primus.com.xml b/src/chrome/content/rules/Primus.com.xml
index 1f96e16ac4ee..974fe19a2db6 100644
--- a/src/chrome/content/rules/Primus.com.xml
+++ b/src/chrome/content/rules/Primus.com.xml
@@ -1,14 +1,24 @@
-<ruleset name="Primus.com" platform="mixedcontent">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://primus.com/ => https://www.primus.com/: (60, 'SSL certificate problem: self signed certificate')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://primus.com/ => https://www.primus.com/: (6, 'Could not resolve host: primus.com')
+-->
+<ruleset name="Primus.com" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="primus.com"/>
-	<target host="*.primus.com"/>
+	<target host="home.primus.com" />
+	<target host="ru.primus.com" />
+	<target host="secure.primus.com" />
+	<target host="www.primus.com" />
 
-	<securecookie host="^(.*\.)?primus\.com$" name=".*"/>
+	<securecookie host=".+" name=".+"/>
 
 	<rule from="^http://primus\.com/"
 		to="https://www.primus.com/"/>
 
-	<rule from="^http://(home|ru|secure|www)\.primus\.com/"
-		to="https://$1.primus.com/"/>
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Primus_Canada.xml b/src/chrome/content/rules/Primus_Canada.xml
index 4c2a14661b11..4327bffaf6dc 100644
--- a/src/chrome/content/rules/Primus_Canada.xml
+++ b/src/chrome/content/rules/Primus_Canada.xml
@@ -1,15 +1,100 @@
+
 <!--
-	Nonfunctional subdomains:
+Disabled by https-everywhere-checker because:
+Fetch error: http://monotelephone.primus.ca/ => https://monotelephone.primus.ca/: (6, 'Could not resolve host: monotelephone.primus.ca')
+
+	Nonfunctional hosts in *primus.ca:
+
+		- businesssupport ⁴
+		- cloudserver ᵗ
+		- home ʳ
+		- resisupport ᵃ
+		- sansfil ᵈ
+		- speedtest ʳ
+		- support ᵃ
+		- voiptest ʳ
+		- wireless ᵈ
+
+	⁴ 400
+	ᵃ Shows vws2.magma.ca
+	ᵈ Dropped
+	ʳ Refused
+	ᵗ Reset
+
+
+	Problematic hosts in *primus.ca:
+
+		- myaccount ʳ
+		- ssd ᵐ ˢ
+
+	ᵐ Mismatched
+	ʳ Refused, preemptable redirect
+	ˢ Self-signed
+
 
-		- (www.)	(400, valid cert)
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- primus.ca
+		- .primus.ca
+		- monotelephone.primus.ca
+		- monphv.primus.ca
+		- myhomephone.primus.ca
+		- mypbx.primus.ca
+		- myphone.primus.ca
+		- mytbb.primus.ca
+		- pbxapps.primus.ca
+		- moncompte.sansfil.primus.ca
+		- myaccount.wireless.primus.ca
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="Primus Canada (partial)">
+<ruleset name="Primus Canada (partial)" default_off="failed ruleset test">
 
+	<!--	Direct rewrites:
+				-->
+	<target host="primus.ca" />
+	<target host="monotelephone.primus.ca" />
+	<target host="monphv.primus.ca" />
+	<target host="myhomephone.primus.ca" />
+	<target host="mypbx.primus.ca" />
+	<target host="myphone.primus.ca" />
+	<target host="mytbb.primus.ca" />
+	<target host="pbxapps.primus.ca" />
+	<target host="moncompte.sansfil.primus.ca" />
+	<target host="spamcontrol.primus.ca" />
 	<target host="vws3.primus.ca" />
+	<target host="webmail.primus.ca" />
+	<target host="myaccount.wireless.primus.ca" />
+	<target host="www.primus.ca" />
+
+		<!--	$ 404s, so:
+					-->
+		<test url="http://pbxapps.primus.ca/callcentre/" />
+
+	<!--	Complications:
+				-->
+	<target host="myaccount.primus.ca" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^primus\.ca$" name="^(?:frontend|geolocation)$" /-->
+	<!--securecookie host="^\.primus\.ca$" name="^Cookie$" /-->
+	<!--securecookie host="^(?:monotelephone|monphv|mypbx|myphone|mytbb)\.primus\.ca$" name="(?:^PHPSESSID|\.sid)$" /-->
+	<!--securecookie host="^myhomephone\.primus\.ca$" name="\.sid$" /-->
+	<!--securecookie host="^pbxapps\.primus\.ca$" name="(?:^JSESSIONID|\.sid)$" /-->
+	<!--securecookie host="^(?:moncompte\.sansfil|myaccount\.wireless)\.primus\.ca$" name="(?:PHPSESSID|exp_csrf_token|exp_language|exp_language_code|exp_last_activity|exp_last_visit|exp_tracker)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
 
+	<!--	Redirect keeps all:
+					-->
+	<rule from="^http://myaccount\.primus\.ca/"
+		to="https://myaccount.primustel.ca/" />
 
-	<rule from="^http://vws3\.primus\.ca/"
-		to="https://vws3.primus.ca/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Princeton.edu.xml b/src/chrome/content/rules/Princeton.edu.xml
index ca28a76c2e82..15154e5855ec 100644
--- a/src/chrome/content/rules/Princeton.edu.xml
+++ b/src/chrome/content/rules/Princeton.edu.xml
@@ -1,39 +1,37 @@
 <!--
 	Nonfunctional subdomains:
-
 		- arks *
-		- crcw *
-		- digilab **
-		- findingaids **
 		- pudl **
 
 	* Refused
 	** Dropped
-
-
-	Fully covered subdomains:
-
-		- (www.)	(^ → www)
-		- blogs
-		- citp
-		- fed
-		- lists
-
 -->
-<ruleset name="Princeton.edu">
+<ruleset name="Princeton.edu (partial)">
 
 	<target host="princeton.edu" />
-	<target host="*.princeton.edu" />
-
-
-	<securecookie host="^(?:blogs|fed)\.princeton\.edu$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?princeton\.edu/"
-		to="https://www.princeton.edu/"/>
-
-	<rule from="^http://(blogs|citp|fed|lists)\.princeton\.edu/"
-		to="https://$1.princeton.edu/" />
+	<target host="www.princeton.edu" />
+	<target host="acee.princeton.edu" />
+	<target host="alumni.princeton.edu" />
+	<target host="alumnicas.princeton.edu" />
+	<target host="blogs.princeton.edu" />
+	<target host="citp.princeton.edu" />
+	<target host="www.citp.princeton.edu" />
+	<target host="crcw.princeton.edu" />
+	<target host="cs.princeton.edu" />
+	<target host="www.cs.princeton.edu" />
+	<target host="codeen.cs.princeton.edu" />
+	<target host="engineering.princeton.edu" />
+	<target host="fed.princeton.edu" />
+	<target host="findingaids.princeton.edu" />
+	<target host="lists.princeton.edu" />
+	<target host="materials.princeton.edu" />
+	<target host="paw.princeton.edu" />
+	<target host="press.princeton.edu" />
+	<target host="tigernet.princeton.edu" />
+	<target host="secure.tigernet.princeton.edu" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
 
 </ruleset>
-
diff --git a/src/chrome/content/rules/Print.io.xml b/src/chrome/content/rules/Print.io.xml
new file mode 100644
index 000000000000..6b76f4c8544f
--- /dev/null
+++ b/src/chrome/content/rules/Print.io.xml
@@ -0,0 +1,29 @@
+<!--
+	CDN buckets:
+
+		- az412349.vo.msecnd.net
+
+
+	Problematic hosts in *print.io:
+
+		- cdn *
+
+	* Mismatched
+
+
+	Fully covered hosts in *print.io:
+
+		- cdn	(→ az412349.vo.msecnd.net)
+
+-->
+<ruleset name="print.io">
+
+	<!--	Complications:
+				-->
+	<target host="cdn.print.io" />
+
+
+	<rule from="^http://cdn\.print\.io/"
+		to="https://az412349.vo.msecnd.net/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PrintFriendly.xml b/src/chrome/content/rules/PrintFriendly.xml
index badc51746af1..5f1ad3fd2912 100644
--- a/src/chrome/content/rules/PrintFriendly.xml
+++ b/src/chrome/content/rules/PrintFriendly.xml
@@ -1,13 +1,30 @@
-<ruleset name="PrintFriendly (partial)">
+<!--
+	Refused:
+		blog.printfriendly.com
 
-	<target host="cdn.printfriendly.com" />
-	<target host="cdn.printfriendly.org" />
+	Invalid certificate:
+		cf-cdn.printfriendly.com
+
+	No working URL known:
+		key-cdn.printfriendly.com
 
+-->
+<ruleset name="PrintFriendly.com">
 
-	<rule from="^https?://cdn\.printfriendly\.com/"
-		to="https://s3.amazonaws.com/cdn.printfriendly.com/" />
+	<target host="printfriendly.com" />
+	<target host="www.printfriendly.com" />
+	<target host="app.printfriendly.com" />
+	<target host="cdn.printfriendly.com" />
+		<test url="http://cdn.printfriendly.com/printfriendly.js" />
+	<target host="cs.printfriendly.com" />
+	<target host="ds.printfriendly.com" />
+	<target host="pdf.printfriendly.com" />
+	<target host="pf-cdn.printfriendly.com" />
+		<test url="http://pf-cdn.printfriendly.com/images/pf-print-icon.gif" />
+	<target host="pro.printfriendly.com" />
+	<target host="support.printfriendly.com" />
 
-	<rule from="^https?://cdn\.printfriendly\.org/"
-		to="https://s3.amazonaws.com/printnicer/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/PrintMojo.xml b/src/chrome/content/rules/PrintMojo.xml
deleted file mode 100644
index f56641ac0a49..000000000000
--- a/src/chrome/content/rules/PrintMojo.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="PrintMojo">
-
-	<target host="printmojo.com" />
-	<target host="www.printmojo.com" />
-
-
-	<securecookie host="^www\.printmojo\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?printmojo\.com/"
-		to="https://$1printmojo.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Print_M3D.com.xml b/src/chrome/content/rules/Print_M3D.com.xml
new file mode 100644
index 000000000000..3938b26a58ca
--- /dev/null
+++ b/src/chrome/content/rules/Print_M3D.com.xml
@@ -0,0 +1,41 @@
+<!--
+	Problematic hosts in *printm3d.com:
+
+		- store *
+
+	* Shopify
+
+
+	Insecure cookies are set for these hosts:
+
+		- printm3d.com
+
+
+	Mixed content:
+
+		- css on store from fonts.googleapis.com *
+		- Image on store from printm3d.com *
+		- Bug on ^, store from c.statcounter.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Print M3D.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="printm3d.com" />
+	<target host="www.printm3d.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^printm3d\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^printm3d\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Printchomp.com.xml b/src/chrome/content/rules/Printchomp.com.xml
index 3802c578aad1..69a58a3ba24b 100644
--- a/src/chrome/content/rules/Printchomp.com.xml
+++ b/src/chrome/content/rules/Printchomp.com.xml
@@ -1,13 +1,12 @@
 <ruleset name="Printchomp.com">
 
 	<target host="printchomp.com" />
-	<target host="*.printchomp.com" />
+	<target host="www.printchomp.com" />
 
 
 	<securecookie host="^(?:www)?\.printchomp\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?printchomp\.com/"
-		to="https://$1printchomp.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Printfection.com.xml b/src/chrome/content/rules/Printfection.com.xml
index 52c994b0bbf4..f4ab7489df95 100644
--- a/src/chrome/content/rules/Printfection.com.xml
+++ b/src/chrome/content/rules/Printfection.com.xml
@@ -1,14 +1,76 @@
+<!--
+	Nonfunctional hosts in *printfection.com:
+
+		- blog ¹
+		- go ¹
+		- help ²
+
+	¹ WP Engine
+	² Zendesk
+
+
+	Problematic hosts in *printfection.com:
+
+		- img *
+
+	* Insecure renegotiation (CVE-2009-3555)
+
+
+	Partially covered hosts in *printfection.com:
+
+		- (www.)? *
+
+	* Some paths redirect to http
+
+
+	Fully covered hosts in *printfection.com:
+
+		- img
+
+-->
 <ruleset name="Printfection.com (partial)">
 
 	<target host="printfection.com" />
-	<target host="*.printfection.com" />
+	<target host="img.printfection.com" />
+	<target host="software.topcoder.com" />
+	<target host="www.printfection.com" />
+
+		<!--	Redirects to customer/store_error.php
+				-->
+		<!--exclusion pattern="^http://(www\.)?printfection\.com/wp-content/themes/" /-->
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://(www\.)?printfection\.com/(help/contact/?$)" /-->
+
+		<!--	Exceptions:
+					-->
+		<exclusion pattern="^http://(?:www\.)?printfection\.com/(?!(?:account|css|images)(?:$|[?/])|assets/|css\.php|skin1/|.+\?store_page=cart$)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.printfection.com/about/" />
+			<test url="http://www.printfection.com/about/jobs/" />
+			<test url="http://www.printfection.com/features/" />
+			<test url="http://www.printfection.com/features/compare/" />
+			<test url="http://www.printfection.com/help/contact/" />
+			<test url="http://www.printfection.com/merchandise/product-list/" />
+			<test url="http://www.printfection.com/naughtees" />
+			<test url="http://www.printfection.com/pricing/" />
+			<test url="http://www.printfection.com/resources/customer-experience/" />
+			<test url="http://www.printfection.com/resources/example/" />
+			<test url="http://www.printfection.com/solutions/" />
 
+			<!--	-ve:
+					-->
+			<test url="http://www.printfection.com/account/reset_password.php" />
+			<test url="http://www.printfection.com/account/secure_login.php" />
+			<test url="http://www.printfection.com/assets/images/application/layout/global/logo.png" />
+			<test url="http://www.printfection.com/css.php" />
+			<test url="http://www.printfection.com/skin1/images/simple/layout/footer/logo-alt-small.png" />
 
-	<!--	At least some pages redirect to http.	-->
-	<rule from="^http://(www\.)?printfection\.com/((?:account|css|images)(?:$|[\?/])|skin1/|.+\?store_page=cart$)"
-		to="https://$1printfection.com/$2" />
 
-	<rule from="^http://img\.printfection\.com/"
-		to="https://img.printfection.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Printink.si.xml b/src/chrome/content/rules/Printink.si.xml
index 7f9e601e2894..0fe748ecb629 100644
--- a/src/chrome/content/rules/Printink.si.xml
+++ b/src/chrome/content/rules/Printink.si.xml
@@ -1,13 +1,20 @@
-<ruleset name="printink.si">
+<ruleset name="printink.si" default_off="redirects to http">
 
 	<target host="printink.si" />
-	<target host="*.printink.si" />
+	<target host="www.printink.si" />
+
+		<!--	Redirects to http:
+						-->
+		<exclusion pattern="^http://(?:www\.)?printink\.si/(?:$|[Cc]ontent/|Themes/)" />
+
+			<test url="http://www.printink.si/Content/Images/uploaded/badge-2014.png" />
+			<test url="http://www.printink.si/Themes/PrintInk/Content/styles-all-min-1.0.0.css" />
 
 
 	<securecookie host="^(?:www)?\.printint\.si$" name=".+" />
 
 
-	<rule from="^http://(www\.)?printink\.si/"
-		to="https://$1printink.si/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Printrbot.com.xml b/src/chrome/content/rules/Printrbot.com.xml
new file mode 100644
index 000000000000..da80f3ed21f1
--- /dev/null
+++ b/src/chrome/content/rules/Printrbot.com.xml
@@ -0,0 +1,16 @@
+<!--
+	Invalid certificate:
+		help.printrbot.com
+		learn.printrbot.com
+		support.printrbot.com
+
+-->
+<ruleset name="Printrbot.com">
+
+	<target host="printrbot.com" />
+	<target host="www.printrbot.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Printrbot.xml b/src/chrome/content/rules/Printrbot.xml
deleted file mode 100644
index a95c70803f8f..000000000000
--- a/src/chrome/content/rules/Printrbot.xml
+++ /dev/null
@@ -1,27 +0,0 @@
-<!--
-	Problematic subdomains:
-
-		- help	(mismatched, CN: *.dozuki.com)
-
-
-	Partially covered subdomains:
-
-		- help	($ redirects to http)
-
--->
-<ruleset name="printrbot (partial)">
-
-	<target host="printrbot.com" />
-	<target host="*.printrbot.com" />
-
-
-	<securecookie host="^(?:www\.)?printrbot\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?printrbot\.com/"
-		to="https://$1printrbot.com/" />
-
-	<rule from="^http://help\.printrbot\.com/favicon\.ico"
-		to="https://printrbot.dozuki.com/favicon.ico" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/PrioritySubmit.com.xml b/src/chrome/content/rules/PrioritySubmit.com.xml
index fccaeca638da..6b6d0eb85698 100644
--- a/src/chrome/content/rules/PrioritySubmit.com.xml
+++ b/src/chrome/content/rules/PrioritySubmit.com.xml
@@ -4,17 +4,28 @@
 
 	CN: *.vendercom.com
 
+
+	Insecure cookies are set for these hosts:
+
+		- www.prioritysubmit.com
+
 -->
 <ruleset name="PrioritySubmit.com" default_off="mismatched">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="prioritysubmit.com" />
 	<target host="www.prioritysubmit.com" />
 
 
-	<securecookie host="^prioritysubmit\.com$" name=".+" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.prioritysubmit\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^www\.prioritysubmit\.com$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?prioritysubmit\.com/"
-		to="https://prioritysubmit.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Priory_Group.com.xml b/src/chrome/content/rules/Priory_Group.com.xml
new file mode 100644
index 000000000000..78dc3eafa72c
--- /dev/null
+++ b/src/chrome/content/rules/Priory_Group.com.xml
@@ -0,0 +1,41 @@
+<!--
+	www: at least some pages redirect to http.
+
+-->
+<ruleset name="Priory Group.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="priorygroup.com" />
+	<target host="jobs.priorygroup.com" />
+	<target host="www.priorygroup.com" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="http://www\.priorygroup\.com/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="http://www\.priorygroup\.com/+(?!favicon\.ico|images/|Sitefinity/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.priorygroup.com/about-the-priory-group" />
+			<test url="http://www.priorygroup.com/blog" />
+			<test url="http://www.priorygroup.com/contact-us" />
+			<test url="http://www.priorygroup.com/events" />
+			<test url="http://www.priorygroup.com/investors" />
+			<test url="http://www.priorygroup.com/make-an-enquiry" />
+			<test url="http://www.priorygroup.com/press-media" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.priorygroup.com/Sitefinity/WebSiteTemplates/ThePrioryGroup/App_Themes/ThePrioryGroup/Images/unspriteable/dummy_banner_item.gif" />
+			<test url="http://www.priorygroup.com/favicon.ico" />
+			<test url="http://www.priorygroup.com/images/default-source/homepage-banners/treatment-tailored-to-suit-individuals-new.jpg?sfvrsn=0" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Prisma-IT.com.xml b/src/chrome/content/rules/Prisma-IT.com.xml
new file mode 100644
index 000000000000..88128da1bcb1
--- /dev/null
+++ b/src/chrome/content/rules/Prisma-IT.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Mixed content:
+
+		- Bug on www from shared.piwik.prisma-it.com ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="Prisma-IT.com">
+
+	<target host="prisma-it.com" />
+	<target host="*.piwik.prisma-it.com" />
+	<target host="www.prisma-it.com" />
+
+		<test url="http://shared.piwik.prisma-it.com/piwik.php?idsite=" />
+		<test url="http://sscict.piwik.prisma-it.com/piwik.php?idsite=" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Prison_Legal_News.org.xml b/src/chrome/content/rules/Prison_Legal_News.org.xml
new file mode 100644
index 000000000000..f2ee33a66d19
--- /dev/null
+++ b/src/chrome/content/rules/Prison_Legal_News.org.xml
@@ -0,0 +1,20 @@
+<!--
+	For other Human Rights Defense Center coverage, see Human_Rights_Defense_Center.org.xml.
+
+-->
+<ruleset name="Prison Legal News.org">
+
+	<target host="prisonlegalnews.org" />
+	<target host="www.prisonlegalnews.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.prisonlegalnews\.org$" name="^csrftoken$" /-->
+
+	<securecookie host="^www\.prisonlegalnews\.org$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Prison_Phone_Justice.org.xml b/src/chrome/content/rules/Prison_Phone_Justice.org.xml
new file mode 100644
index 000000000000..86251acbf3a4
--- /dev/null
+++ b/src/chrome/content/rules/Prison_Phone_Justice.org.xml
@@ -0,0 +1,20 @@
+<!--
+	For other Human Rights Defense Center coverage, see Human_Rights_Defense_Center.org.xml.
+
+-->
+<ruleset name="Prison Phone Justice.org">
+
+	<target host="prisonphonejustice.org" />
+	<target host="www.prisonphonejustice.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.prisonphonejustice\.org$" name="^csrftoken$" /-->
+
+	<securecookie host="^www\.prisonphonejustice\.org$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Pritunl.com.xml b/src/chrome/content/rules/Pritunl.com.xml
new file mode 100644
index 000000000000..1d38fce06b09
--- /dev/null
+++ b/src/chrome/content/rules/Pritunl.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="Pritunl.com">
+
+	<target host="pritunl.com" />
+	<target host="client.pritunl.com" />
+	<target host="demo.pritunl.com" />
+	<target host="www.pritunl.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Priv.at.xml b/src/chrome/content/rules/Priv.at.xml
deleted file mode 100644
index 126155228860..000000000000
--- a/src/chrome/content/rules/Priv.at.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="priv.at (CAcert)" platform="cacert">
-
-	<target host="www.tahina.priv.at"/>
-
-	<rule from="^http://www\.tahina\.priv\.at/"
-		to="https://www.tahina.priv.at/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Privacy-Handbuch.de.xml b/src/chrome/content/rules/Privacy-Handbuch.de.xml
new file mode 100644
index 000000000000..d6695fbbf23b
--- /dev/null
+++ b/src/chrome/content/rules/Privacy-Handbuch.de.xml
@@ -0,0 +1,9 @@
+<ruleset name="Privacy-Handbuch.de">
+
+	<target host="privacy-handbuch.de" />
+	<target host="www.privacy-handbuch.de" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Privacy-IO.xml b/src/chrome/content/rules/Privacy-IO.xml
deleted file mode 100644
index aebd080e938c..000000000000
--- a/src/chrome/content/rules/Privacy-IO.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="Privacy IO">
-
-	<target host="privacy.io" />
-	<target host="www.privacy.io" />
-
-
-	<rule from="^http://(www\.)?privacy\.io/"
-		to="https://$1privacy.io/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Privacy-International.xml b/src/chrome/content/rules/Privacy-International.xml
deleted file mode 100644
index aa69f91d024a..000000000000
--- a/src/chrome/content/rules/Privacy-International.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<!--	!functional
-		- www.bigbrotherinc.org	(shows Drupal installation wizard)
--->
-<ruleset name="Privacy International">
-
-	<target host="privacyinternational.org"/>
-	<target host="www.privacyinternational.org"/>
-
-	<rule from="^http://(www\.)?privacyinternational\.org/"
-		to="https://$1privacyinternational.org/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Privacy-SOS.xml b/src/chrome/content/rules/Privacy-SOS.xml
index 2375d4945f2a..a701dce8ab76 100644
--- a/src/chrome/content/rules/Privacy-SOS.xml
+++ b/src/chrome/content/rules/Privacy-SOS.xml
@@ -1,10 +1,23 @@
-<ruleset name="Privacy SOS">
+<!--
+	For other ACLU coverage, see ACLU.xml.
+
+
+	Mixed content:
+
+		- Images from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Privacy SOS.org">
+
 	<target host="privacysos.org" />
 	<target host="www.privacysos.org" />
 
-	<securecookie host="(^|\.)privacysos\.org$"
-			name=".+" />
 
-	<rule from="^http://(www\.)?privacysos\.org/"
-		to="https://www.privacysos.org/" />
-</ruleset>
\ No newline at end of file
+	<securecookie host="^\.?privacysos\.org$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Privacy-cd.org.xml b/src/chrome/content/rules/Privacy-cd.org.xml
new file mode 100644
index 000000000000..5005603cb877
--- /dev/null
+++ b/src/chrome/content/rules/Privacy-cd.org.xml
@@ -0,0 +1,14 @@
+<ruleset name="privacy-cd.org">
+
+	<target host="privacy-cd.org" />
+	<target host="www.privacy-cd.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<securecookie host="^www\.privacy-cd\.org$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Privacy.org.au.xml b/src/chrome/content/rules/Privacy.org.au.xml
new file mode 100644
index 000000000000..52ca25b78f1b
--- /dev/null
+++ b/src/chrome/content/rules/Privacy.org.au.xml
@@ -0,0 +1,7 @@
+<ruleset name="Australian Privacy Foundation">
+	<target host="privacy.org.au" />
+	<target host="www.privacy.org.au" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PrivacyChoice.xml b/src/chrome/content/rules/PrivacyChoice.xml
index f60010c3ebbc..b97eaed3a2c8 100644
--- a/src/chrome/content/rules/PrivacyChoice.xml
+++ b/src/chrome/content/rules/PrivacyChoice.xml
@@ -1,31 +1,55 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://privacychoice.org/ => https://www.privacychoice.org/: (7, 'Failed to connect to www.privacychoice.org port 443: Connection refused')
+Fetch error: http://www.privacychoice.org/ => https://www.privacychoice.org/: (7, 'Failed to connect to www.privacychoice.org port 443: Connection refused')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://privacychoice.org/ => https://www.privacychoice.org/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.privacychoice.org/ => https://www.privacychoice.org/: (60, 'SSL certificate problem: certificate has expired')
 	Other PrivacyChoice rulesets:
 
 		- Privacyfix.xml
 		- Privacyscore.com.xml
 
 
-	Nonfunctional subdomains:
+	CDN buckets:
 
-		- blog		(shows www; mismatched, CN: www.privacychoice.org)
+		- images.privacychoice.org.s3.amazonaws.com
 
 
 	Problematic subdomains:
 
-		- ^	(cert only matches www)
+		- ^		(cert only matches www)
+		- blog		(works; mismatched, CN: www.privacychoice.org)
+		- images	(amazonws)
+
+
+	Mixed content:
+
+		- video on blog from www.washingtonpost.com
+
+		- css, on:
+
+			- blog from blog
+			- www from fonts.googleapis.com *
+
+		- Images, on blog from:
 
+			- blog
+			- www *
+			- thumbnails.visually.netdna-cdn.com
 
-	- $ redirects to http
-	- Some pages 404
+	* Secured by us
 
 -->
-<ruleset name="PrivacyChoice (partial)">
+<ruleset name="PrivacyChoice (partial)" default_off="failed ruleset test">
 
 	<target host="privacychoice.org" />
 	<target host="www.privacychoice.org" />
 
 
-	<rule from="^http://(?:www\.)?privacychoice\.org/(css|images|js|scrollbar)/"
-		to="https://www.privacychoice.org/$1/" />
+	<rule from="^http://(?:www\.)?privacychoice\.org/"
+		to="https://www.privacychoice.org/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Privacy_Enforcement.net.xml b/src/chrome/content/rules/Privacy_Enforcement.net.xml
new file mode 100644
index 000000000000..9f78b75f3b73
--- /dev/null
+++ b/src/chrome/content/rules/Privacy_Enforcement.net.xml
@@ -0,0 +1,15 @@
+<!--
+	^: cert only matches www
+-->
+<ruleset name="Privacy Enforcement.net">
+
+	<target host="privacyenforcement.net" />
+	<target host="www.privacyenforcement.net" />
+
+
+	<rule from="^http://privacyenforcement\.net/"
+		to="https://www.privacyenforcement.net/" />
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Privacy_Solutions.no.xml b/src/chrome/content/rules/Privacy_Solutions.no.xml
new file mode 100644
index 000000000000..15f10061c7fe
--- /dev/null
+++ b/src/chrome/content/rules/Privacy_Solutions.no.xml
@@ -0,0 +1,37 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://privacysolutions.no/ => https://privacysolutions.no/: (60, 'SSL certificate problem: certificate has expired')
+
+	Fully covered subdomains:
+
+		- (www.)
+		- blog
+		- track
+
+
+	Mixed content:
+
+		css on (www.), blog, and track from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Privacy Solutions.no" default_off="failed ruleset test">
+
+	<target host="privacysolutions.no" />
+	<target host="blog.privacysolutions.no" />
+	<target host="track.privacysolutions.no" />
+	<target host="www.privacysolutions.no" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^track\.privacysolutions\.no$" name="^_redmine_session$" /-->
+
+	<securecookie host="^track\.privacysolutions\.no$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Privacy_Tool.org.xml b/src/chrome/content/rules/Privacy_Tool.org.xml
index 68d3751d27d0..de495acdfc49 100644
--- a/src/chrome/content/rules/Privacy_Tool.org.xml
+++ b/src/chrome/content/rules/Privacy_Tool.org.xml
@@ -7,7 +7,6 @@
 	<securecookie host="^(?:www\.)?privacytool\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?privacytool\.org/"
-		to="https://$1privacytool.org/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Privacybox.de.xml b/src/chrome/content/rules/Privacybox.de.xml
deleted file mode 100644
index 4e2b58ed5b29..000000000000
--- a/src/chrome/content/rules/Privacybox.de.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="PrivacyBox">
-  <target host="privacybox.de" />
-  <target host="www.privacybox.de" />
-
-  <rule from="^http://(www\.)?privacybox\.de/" to="https://$1privacybox.de/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/Privacyfix.xml b/src/chrome/content/rules/Privacyfix.xml
index 799cbf2e9b05..98d5eee47a04 100644
--- a/src/chrome/content/rules/Privacyfix.xml
+++ b/src/chrome/content/rules/Privacyfix.xml
@@ -1,19 +1,20 @@
-<!--
-	For other PrivacyChoice coverage, see PrivacyChoice.xml.
-
 
-	Nonfunctional subdomains:
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://privacyfix.com/ => https://privacyfix.com/: (7, 'Failed to connect to privacyfix.com port 443: Connection timed out')
+Fetch error: http://addons.privacyfix.com/ => https://addons.privacyfix.com/: (6, 'Could not resolve host: addons.privacyfix.com')
+Fetch error: http://www.privacyfix.com/ => https://www.privacyfix.com/: (28, 'Connection timed out after 20001 milliseconds')
 
-		- addons	(dropped)
+	For other PrivacyChoice coverage, see PrivacyChoice.xml.
 
 -->
-<ruleset name="Privacyfix (partial)">
+<ruleset name="Privacyfix" default_off="failed ruleset test">
 
 	<target host="privacyfix.com" />
+	<target host="addons.privacyfix.com" />
 	<target host="www.privacyfix.com" />
 
 
-	<rule from="^http://(www\.)?privacyfix\.com/"
-		to="https://$1privacyfix.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Privacyrights.org.xml b/src/chrome/content/rules/Privacyrights.org.xml
index b664a58ff5dd..00bd051f28e3 100644
--- a/src/chrome/content/rules/Privacyrights.org.xml
+++ b/src/chrome/content/rules/Privacyrights.org.xml
@@ -2,5 +2,5 @@
   <target host="privacyrights.org" />
   <target host="www.privacyrights.org" />
 
-  <rule from="^http://(?:www\.)?privacyrights\.org/" to="https://www.privacyrights.org/" />
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Privacyscore.com.xml b/src/chrome/content/rules/Privacyscore.com.xml
index c7e8abd11b85..93b56bc88e90 100644
--- a/src/chrome/content/rules/Privacyscore.com.xml
+++ b/src/chrome/content/rules/Privacyscore.com.xml
@@ -4,6 +4,11 @@
 
 	CN: www.privacyfix.com
 
+
+	Mixed content:
+
+		- Images from images.privacychoice.com
+
 -->
 <ruleset name="Privacyscore" default_off="mismatched">
 
@@ -17,4 +22,4 @@
 	<rule from="^http://(?:www\.)?privacyscore\.com/"
 		to="https://privacyscore.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/PrivatVPN.xml b/src/chrome/content/rules/PrivatVPN.xml
index 7c859fafdcba..534663d45c4d 100644
--- a/src/chrome/content/rules/PrivatVPN.xml
+++ b/src/chrome/content/rules/PrivatVPN.xml
@@ -2,6 +2,5 @@
   <target host="privatevpn.com" />
   <target host="www.privatevpn.com" />
 
-  <rule from="^http://(?:www\.)privatevpn\.com/"
-          to="https://www.privatevpn.com/" />
-</ruleset>
\ No newline at end of file
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Privatbanka.sk.xml b/src/chrome/content/rules/Privatbanka.sk.xml
new file mode 100644
index 000000000000..aac4f1eb8ff4
--- /dev/null
+++ b/src/chrome/content/rules/Privatbanka.sk.xml
@@ -0,0 +1,10 @@
+<ruleset name="Privatbanka.sk">
+
+	<target host="privatbanka.sk" />
+	<target host="ibank.privatbanka.sk" />
+	<target host="www.privatbanka.sk" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Private-Internet-Access.xml b/src/chrome/content/rules/Private-Internet-Access.xml
index ce014f7c126b..6d141f97d47e 100644
--- a/src/chrome/content/rules/Private-Internet-Access.xml
+++ b/src/chrome/content/rules/Private-Internet-Access.xml
@@ -1,13 +1,15 @@
-<ruleset name="Private Internet Access">
+<ruleset name="Private Internet Access.com">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="privateinternetaccess.com" />
 	<target host="www.privateinternetaccess.com" />
 
 
-	<securecookie host="^www\.privateinternetaccess\.com$" name=".*" />
+	<securecookie host="^www\.privateinternetaccess\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?privateinternetaccess\.com/"
-		to="https://$1privateinternetaccess.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Private-Layer.xml b/src/chrome/content/rules/Private-Layer.xml
new file mode 100644
index 000000000000..69eade919fa0
--- /dev/null
+++ b/src/chrome/content/rules/Private-Layer.xml
@@ -0,0 +1,17 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://privatelayer.com/ => https://privatelayer.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.privatelayer.com/ => https://www.privatelayer.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+-->
+<ruleset name="Private Layer" default_off="failed ruleset test">
+	<target host=        "privatelayer.com" />
+	<target host=    "www.privatelayer.com" />
+	<target host="support.privatelayer.com" />
+
+  	<securecookie host="^.*\.privatelayer\.com$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Private-Tunnel.xml b/src/chrome/content/rules/Private-Tunnel.xml
index f3a83a0ffbc5..128b248d977c 100644
--- a/src/chrome/content/rules/Private-Tunnel.xml
+++ b/src/chrome/content/rules/Private-Tunnel.xml
@@ -1,13 +1,13 @@
-<ruleset name="Private Tunnel">
+<ruleset name="Private Tunnel.com">
 
 	<target host="privatetunnel.com" />
 	<target host="www.privatetunnel.com" />
 
 
-	<securecookie host="^www\.privatetunnel\.com$" name=".*" />
+	<securecookie host="^www\.privatetunnel\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?privatetunnel\.com/"
-		to="https://$1privatetunnel.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Private-names.ru.xml b/src/chrome/content/rules/Private-names.ru.xml
new file mode 100644
index 000000000000..4a0373e811ee
--- /dev/null
+++ b/src/chrome/content/rules/Private-names.ru.xml
@@ -0,0 +1,6 @@
+<ruleset name="Private-names.ru">
+	<target host="private-names.ru" />
+	<target host="www.private-names.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PrivateCore.com.xml b/src/chrome/content/rules/PrivateCore.com.xml
new file mode 100644
index 000000000000..ec9e47e26dab
--- /dev/null
+++ b/src/chrome/content/rules/PrivateCore.com.xml
@@ -0,0 +1,19 @@
+<!--
+	For other Facebook coverage, see Facebook.xml.
+
+-->
+<ruleset name="PrivateCore.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="privatecore.com" />
+	<target host="www.privatecore.com" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PrivatePaste.xml b/src/chrome/content/rules/PrivatePaste.xml
index d7cd311475c3..2b70d2e7698a 100644
--- a/src/chrome/content/rules/PrivatePaste.xml
+++ b/src/chrome/content/rules/PrivatePaste.xml
@@ -1,6 +1,18 @@
-<ruleset name="PrivatePaste">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://privatepaste.com/ => https://privatepaste.com/: (28, 'Connection timed out after 20000 milliseconds')
+
+-->
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://privatepaste.com/ => https://privatepaste.com/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="PrivatePaste.com" default_off="failed ruleset test">
   <target host="privatepaste.com" />
   <target host="*.privatepaste.com" />
 
-  <rule from="^http://([a-zA-Z0-9-]+\.)?privatepaste\.com/" to="https://$1privatepaste.com/"/>
+  <rule from="^http://([\w-]+\.)?privatepaste\.com/" to="https://$1privatepaste.com/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/PrivateWifi.xml b/src/chrome/content/rules/PrivateWifi.xml
index d7f521efa940..c78a4694c1af 100644
--- a/src/chrome/content/rules/PrivateWifi.xml
+++ b/src/chrome/content/rules/PrivateWifi.xml
@@ -1,8 +1,39 @@
-<ruleset name="PrivateWifi" platform="mixedcontent">
-  <target host="privatewifi.com" />
-  <target host="www.privatewifi.com" />
+<!--
+	Mixed content:
 
-  <securecookie host="^(.+\.)?privatewifi\.com$" name=".*"/>
+		- Script from $self *
+
+		- css from $self *
+
+		- Images, from:
+
+			- ^ *
+			- $self *
+
+		- Web bugs, from:
+
+			- $self *
+			- s7.addthis.com *
+			- seal-ct.bbb.org *
+
+	* Secured by us
+
+-->
+<ruleset name="PrivateWifi.com" platform="mixedcontent">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="privatewifi.com" />
+	<target host="www.privatewifi.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.privatewifi\.com$" name="^(PHPSESSID|PW_ENTRY_PAGE|w3tc_referrer)$" /-->
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
-  <rule from="^http://(?:www\.)?privatewifi\.com/" to="https://www.privatewifi.com/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/Privatelee.com.xml b/src/chrome/content/rules/Privatelee.com.xml
deleted file mode 100644
index 14ecf7030fb2..000000000000
--- a/src/chrome/content/rules/Privatelee.com.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<!--
-	Mixed content:
-
-		- Images, on ^ from:
-
-			- ^ *
-			- [a-f].thumbs.redditmedia.com *
-
-	* Secured by us, doesn't trip MCB
-
--->
-<ruleset name="Privatelee.com">
-
-	<target host="privatelee.com" />
-	<target host="*.privatelee.com" />
-
-
-	<securecookie host="^\.privatelee\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?privatelee\.com/"
-		to="https://$1privatelee.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Privatesearch.io.xml b/src/chrome/content/rules/Privatesearch.io.xml
new file mode 100644
index 000000000000..b5c038f30964
--- /dev/null
+++ b/src/chrome/content/rules/Privatesearch.io.xml
@@ -0,0 +1,30 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://privatesearch.io/ => https://privatesearch.io/: (35, 'Unknown SSL protocol error in connection to privatesearch.io:443 ')
+Fetch error: http://www.privatesearch.io/ => https://www.privatesearch.io/: (6, 'Could not resolve host: www.privatesearch.io')
+
+	Insecure cookies are set for these domains:
+
+		- .privatesearch.io
+
+-->
+<ruleset name="privatesearch.io" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="privatesearch.io" />
+	<target host="www.privatesearch.io" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.privatesearch\.io$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.privatesearch\.io$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Privnote.com.xml b/src/chrome/content/rules/Privnote.com.xml
new file mode 100644
index 000000000000..4083342d0d02
--- /dev/null
+++ b/src/chrome/content/rules/Privnote.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="Privnote.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="privnote.com" />
+	<target host="www.privnote.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Privoxy.org.xml b/src/chrome/content/rules/Privoxy.org.xml
new file mode 100644
index 000000000000..42d17ebe4969
--- /dev/null
+++ b/src/chrome/content/rules/Privoxy.org.xml
@@ -0,0 +1,17 @@
+<!--
+	Nonfunctional hosts in *.privoxy.org:
+		- config.privoxy.org (m)
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Privoxy.org">
+	<target host="privoxy.org" />
+	<target host="www.privoxy.org" />
+	<target host="lists.privoxy.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Pro-Linux.de.xml b/src/chrome/content/rules/Pro-Linux.de.xml
new file mode 100644
index 000000000000..c10da306cde5
--- /dev/null
+++ b/src/chrome/content/rules/Pro-Linux.de.xml
@@ -0,0 +1,43 @@
+<!--
+	Non-functional hosts
+
+		4XX:
+			- ca.pro-linux.de
+			- dns.pro-linux.de
+
+		Cert mismatch:
+			- new.pro-linux.de
+			- test.pro-linux.de
+
+		Connection refused:
+			- localhost.pro-linux.de
+			- loopback.pro-linux.de
+
+		Incomplete certificate chain error:
+			 - mail.pro-linux.de
+			 - samael.pro-linux.de
+
+		Mixed content blocking (MCB) tiggered:
+			 - pro-linux.de
+			 - www.pro-linux.de
+
+		Timeout:
+		-	 demon.pro-linux.de
+
+-->
+<ruleset name="Pro-Linux.de" >
+	<target host="pro-linux.de" />
+	<target host="www.pro-linux.de" />
+
+	<target host="admin.pro-linux.de" />
+	<target host="alpha.pro-linux.de" />
+	<target host="beta.pro-linux.de" />
+	<target host="dev.pro-linux.de" />
+	<target host="tools.pro-linux.de" />
+	<target host="users.pro-linux.de" />
+	<target host="webmail.pro-linux.de" />
+
+	<securecookie host="^(www\.)?pro-linux\.de$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Pro-Managed.xml b/src/chrome/content/rules/Pro-Managed.xml
index 27b9ad6330d0..0bcc2a9b00f2 100644
--- a/src/chrome/content/rules/Pro-Managed.xml
+++ b/src/chrome/content/rules/Pro-Managed.xml
@@ -8,7 +8,6 @@
 	<target host="www.pro-managed.com" />
 
 
-	<rule from="^http://(?:www\.)?pro-managed\.com/"
-		to="https://pro-managed.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Pro-market.net.xml b/src/chrome/content/rules/Pro-market.net.xml
index 12039d915d2c..44669281debf 100644
--- a/src/chrome/content/rules/Pro-market.net.xml
+++ b/src/chrome/content/rules/Pro-market.net.xml
@@ -1,15 +1,18 @@
 <!--
+	Timeout:
+		- manage.pro-market.net
 	CDN buckets:
-
 		- ads.pro-market.net.edgesuite.net
-
 -->
-<ruleset name="pro-market.net" default_off="mismatched">
-
+<ruleset name="Pro-market.net" >
 	<target host="ads.pro-market.net" />
+	<target host="fei.pro-market.net" />
+	<target host="ha.pro-market.net" />
+	<target host="ifx.pro-market.net" />
+	<target host="pbid.pro-market.net" />
+	<target host="report.pro-market.net" />
 
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://ads\.pro-market\.net/"
-		to="https://ads.pro-market.net/" />
-
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Pro186.com.xml b/src/chrome/content/rules/Pro186.com.xml
deleted file mode 100644
index 1bc941c076cd..000000000000
--- a/src/chrome/content/rules/Pro186.com.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	CDN buckets:
-
-		- d31p8cbsm4vlum.cloudfront.net
-
-			- cdn.pro186.com
-
-
-	Nonfunctional domains:
-
-		- static.dudoan168.com	(times out)
-		- (www.)pro186.com	(redirects to http)
-
--->
-<ruleset name="pro186.com (partial)">
-
-	<target host="cdn.pro186.com" />
-
-
-	<rule from="^http://cdn\.pro186\.com/"
-		to="https://d31p8cbsm4vlum.cloudfront.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/ProBoards.xml b/src/chrome/content/rules/ProBoards.xml
index dcf7362d066d..31bfaaf00faa 100644
--- a/src/chrome/content/rules/ProBoards.xml
+++ b/src/chrome/content/rules/ProBoards.xml
@@ -1,49 +1,95 @@
 <!--
-	Some (most?) pages redirect to $
-
-
 	Nonfunctional domains:
 
 		- s0.d45.net
 		- s1.prbrds.com
 		- s15524.prbrds.com
-		- ads.proboards.com *
-		- images.proboards.com *
-		- www.login.proboards.com *
+		- ads.proboards.com ¹
+		- www.login.proboards.com ¹
+		- s1.storage.proboards.com ²
 
-	* 502
+	¹ 502
+	² 403
 
 
 	Problematic domains:
 
-		- 4d5.net *
-		- d.prbrds.com *
+		- 4d5.net ¹
+		- d.prbrds.com ¹
+		- help.proboards.com ²
 
-	* Works; mismatched, CN; ss.prbrds.com
+	¹ Works; mismatched, CN; ss.prbrds.com
+	² Redirect differs
 
 
-	Fully covered domains:
+	Insecure cookies are set for these domains:
 
-		- 4d5.net		(→ ss.prbrds.com)
-		- d.prbrds.com		(→ ss)
-		- s.prbrds.com
-		- login.proboards.com
+		- .proboards.com
 
 -->
 <ruleset name="ProBoards (partial)">
 
-	<target host="*.prbrds.com" />
+	<!--	Direct rewrites:
+				-->
+	<target host="ss.prbrds.com" />
+	<target host="www.ss.prbrds.com" />
+
 	<target host="proboards.com" />
-	<target host="*.proboards.com" />
+	<target host="images.proboards.com" />
+	<target host="login.proboards.com" />
+	<target host="storage.proboards.com" />
+	<target host="www.proboards.com" />
+
+	<!--	Wildcard required for user-generated subdomains:
+				-->
+	<target host="freeforums.net" />
+	<target host="*.freeforums.net" />
+
+	<!--	Complications:
+				-->
+	<target host="d.prbrds.com" />
+
+	<target host="help.proboards.com" />
+
+		<!--	/*(?!$|\?) 404s:
+					-->
+		<exclusion pattern="http://help\.proboards\.com/+(?!$|\?)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://help.proboards.com/home.htm" />
+			<test url="http://help.proboards.com/index.asp" />
+			<test url="http://help.proboards.com/index.aspx" />
+			<test url="http://help.proboards.com/index.php" />
+
+			<!--	-ve:
+					-->
+			<test url="http://help.proboards.com//" />
+			<test url="http://help.proboards.com/?" />
+
+		<test url="http://images.proboards.com/v5/icons/board-new-post.png" />
+
+		<test url="http://demisexuality.freeforums.net/" />
+		<test url="http://techviewhd.freeforums.net/" />
+		<test url="http://americasmostwanted.freeforums.net/" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.proboards\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
 
 
-	<rule from="^http://(?:4d5\.net|(?:d|ss)\.prbrds\.com)/"
+	<rule from="^http://d\.prbrds\.com/"
 		to="https://ss.prbrds.com/" />
 
-	<rule from="^http://(www\.)?proboards\.com/n/images/"
-		to="https://$1proboards.com/n/images/" />
+	<!--	Redirect drops args and forward slash:
+							-->
+	<rule from="^http://help\.proboards\.com/.*"
+		to="https://www.proboards.com/forum-help-guide" />
 
-	<rule from="^http://login\.proboards\.com/"
-		to="https://login.proboards.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ProCare.sk.xml b/src/chrome/content/rules/ProCare.sk.xml
new file mode 100644
index 000000000000..8bc87e60fa8c
--- /dev/null
+++ b/src/chrome/content/rules/ProCare.sk.xml
@@ -0,0 +1,26 @@
+<!--
+	Nonfunctional hosts in *.procare.sk:
+
+	connection refused:
+		- workflow.in.procare.sk
+		- mx1.procare.sk
+	timeout on https:
+		- zimbra.in.procare.sk
+
+https://moj.procare.sk uses missmatched certicate (www.moj.procare.sk)
+But http://moj.procare.sk redirects to https://www.moj.procare.sk.
+https://www.moj.procare.sk uses correct cetificate.
+
+-->
+<ruleset name="ProCare.sk">
+	<target host="procare.sk" />
+	<target host="www.procare.sk" />
+	<target host="www.moj.procare.sk" />
+	<target host="moj.procare.sk" />
+	<target host="pex.procare.sk" />
+
+	<rule from="^http://moj\.procare\.sk/"
+		to="https://www.moj.procare.sk/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ProPublica.org.xml b/src/chrome/content/rules/ProPublica.org.xml
index 8eb1df2e1f3e..761358391778 100644
--- a/src/chrome/content/rules/ProPublica.org.xml
+++ b/src/chrome/content/rules/ProPublica.org.xml
@@ -1,20 +1,36 @@
-<ruleset name="ProPublica.org" platform="mixedcontent">
+<!--
+	For related onion service rules, see propub3r6espa33w.onion.xml
 
-	<target host="propublica.net"/>
-	<target host="*.propublica.net"/>
-	<target host="propublica.org"/>
-	<target host="*.propublica.org"/>
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- mail.propublica.org
+		- tiles-a.propublica.org
+		- tiles-b.propublica.org
+		- tiles-c.propublica.org
+		- tiles-d.propublica.org
 
-	<securecookie host="^(.*\.)?propublica\.org$" name=".*"/>
+		Incomplete certificate chain error:
+		- propublica.org
 
-	<rule from="^http://(?:www\.)?propublica\.(:?net|org)/"
-		to="https://www.propublica.org/"/>
+-->
+<ruleset name="ProPublica.org">
+	<target host="propublica.org" />
+	<target host="www.propublica.org" />
+	<target host="assets.propublica.org" />
+	<exclusion pattern="^http://assets\.propublica\.org/$" /><!-- 403 -->
+	<test url="http://assets.propublica.org/prod/v3/images/electionland-sprites.png" />
+	<test url="http://assets.propublica.org/prod/v3/images/logo-propublica.svg" />
+	<test url="http://assets.propublica.org/images/articles/_oneOne300w/20181106-ny-rain-1x1.jpg" />
+	<target host="donate.propublica.org" />
+	<target host="projects.propublica.org" />
+	<target host="securedrop.propublica.org" />
+	<target host="static.propublica.org" />
 
-	<rule from="^http://projects\.propublica\.org/"
-		to="https://projects.propublica.org/"/>
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://cdn\.propublica\.net/"
-		to="https://s3.amazonaws.com/cdn.propublica.net/"/>
+	<rule from="^http://propublica\.org/"
+		to="https://www.propublica.org/" />
 
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
-
diff --git a/src/chrome/content/rules/ProQuest.xml b/src/chrome/content/rules/ProQuest.xml
index 80be9dafc808..0c8700566b77 100644
--- a/src/chrome/content/rules/ProQuest.xml
+++ b/src/chrome/content/rules/ProQuest.xml
@@ -1,29 +1,34 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://pqshibboleth.proquest.com/ => https://pqshibboleth.proquest.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+	Other ProQuest rulesets:
+
+		- LibraryAnywhere.xml
+		- SyndeticS.com.xml
+
+
 	CDN buckets:
 
 		- pqwebimages.s3.amazonaws.com
 
 
-	Nonfunctional subdomains:
+	Nonfunctional hosts in *proquest.com:
 
 		- media *
 		- search *
 
 	* 504, akamai
 
-
-	Fully covered subdomains:
-
-		- pqshibboleth
-		- wt
-
 -->
-<ruleset name="ProQuest (partial)">
+<ruleset name="ProQuest.com (partial)" default_off="failed ruleset test">
 
-	<target host="*.proquest.com" />
+	<target host="pqshibboleth.proquest.com" />
+	<target host="wt.proquest.com" />
 
 
-	<rule from="^http://(pqshibboleth|wt)\.proquest\.com/"
-		to="https://$1.proquest.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ProVenue.net.xml b/src/chrome/content/rules/ProVenue.net.xml
deleted file mode 100644
index 1867bf72d7ed..000000000000
--- a/src/chrome/content/rules/ProVenue.net.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	For other Tickets.com coverage, see Tickets.com.xml.
-
-
-	^provenue.net works over neither http nor https.
-
--->
-<ruleset name="ProVenue.net">
-
-	<target host="*.provenue.net" />
-
-
-	<securecookie host="^\.provenue\.net$" name=".+" />
-
-
-	<rule from="^http://www\.provenue\.net/"
-		to="https://www.provenue.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/ProWebSector.gr.xml b/src/chrome/content/rules/ProWebSector.gr.xml
new file mode 100644
index 000000000000..9565f5bd74f1
--- /dev/null
+++ b/src/chrome/content/rules/ProWebSector.gr.xml
@@ -0,0 +1,45 @@
+<!--
+	Nonfunctional hosts in *prowebsector.gr:
+
+		- dev ᵃ
+		- secure ʰ
+
+	ᵃ Shows another domain
+	ʰ Redirects to http
+
+
+	Insecure cookies are set for these hosts:
+
+		- prowebsector.gr
+		- www.prowebsector.gr
+
+
+	Mixed content:
+
+		- css, on:
+
+			- ^ from $self ˢ
+			- ^ from fonts.googleapis.com ˢ
+
+		- Images on ^ from dev.prowebsector.gr
+
+	ˢ Secured by us
+
+-->
+<ruleset name="ProWebSector.gr (partial)" platform="mixedcontent">
+
+	<target host="prowebsector.gr" />
+	<target host="www.prowebsector.gr" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?prowebsector\.gr$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ProZeny.cz.xml b/src/chrome/content/rules/ProZeny.cz.xml
new file mode 100644
index 000000000000..6752b25cbb16
--- /dev/null
+++ b/src/chrome/content/rules/ProZeny.cz.xml
@@ -0,0 +1,10 @@
+<!--
+    For other Seznam.cz coverage, see Seznam.cz.xml.
+-->
+<ruleset name="ProŽeny.cz">
+    <target host="prozeny.cz" />
+    <target host="www.prozeny.cz" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Pro_Bike_Kit.xml b/src/chrome/content/rules/Pro_Bike_Kit.xml
index 4d6c01197fbe..15998e07de78 100644
--- a/src/chrome/content/rules/Pro_Bike_Kit.xml
+++ b/src/chrome/content/rules/Pro_Bike_Kit.xml
@@ -11,7 +11,7 @@
 	<target host="www.probikekit.co.uk" />
 
 
-	<rule from="^https?://(?:www\.)?probikekit.co.uk/([\w-]+\.(?:info|secure)|c-images/|common/|c-scripts/|css/|probikekit/)"
+	<rule from="^http://(?:www\.)?probikekit\.co\.uk/([\w-]+\.(?:info|secure)|c-images/|common/|c-scripts/|css/|probikekit/)"
 		to="https://www.probikekit.co.uk/$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Pro_Ultra_Trim.xml b/src/chrome/content/rules/Pro_Ultra_Trim.xml
deleted file mode 100644
index 230ec48d5840..000000000000
--- a/src/chrome/content/rules/Pro_Ultra_Trim.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Pro Ultra Trim">
-
-	<target host="proultratrim.com" />
-	<target host="*.proultratrim.com" />
-
-
-	<securecookie host="^(?:w*\.)?proultratrim\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?proultratrim\.com/"
-		to="https://$1proultratrim.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Prob_Mods.org.xml b/src/chrome/content/rules/Prob_Mods.org.xml
new file mode 100644
index 000000000000..76c3d6b4ebd2
--- /dev/null
+++ b/src/chrome/content/rules/Prob_Mods.org.xml
@@ -0,0 +1,9 @@
+<ruleset name="Prob Mods.org">
+
+	<target host="probmods.org" />
+	<target host="www.probmods.org" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Probios.sk.xml b/src/chrome/content/rules/Probios.sk.xml
new file mode 100644
index 000000000000..1018a5944f9b
--- /dev/null
+++ b/src/chrome/content/rules/Probios.sk.xml
@@ -0,0 +1,10 @@
+<ruleset name="Probios.sk">
+	<target host="probios.sk" />
+	<target host="www.probios.sk" />
+	<target host="mail.probios.sk" />
+	<target host="omega.probios.sk" />
+	<target host="portal.probios.sk" />
+	<target host="rezervacie.probios.sk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Proceedings1974.org.xml b/src/chrome/content/rules/Proceedings1974.org.xml
new file mode 100644
index 000000000000..763348bdbfaa
--- /dev/null
+++ b/src/chrome/content/rules/Proceedings1974.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="Proceedings1974.org">
+	<target host="proceedings1974.org" />
+	<target host="www.proceedings1974.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Process-One.net.xml b/src/chrome/content/rules/Process-One.net.xml
new file mode 100644
index 000000000000..1ef41695b6bd
--- /dev/null
+++ b/src/chrome/content/rules/Process-One.net.xml
@@ -0,0 +1,46 @@
+<!--
+	Other ProcessOne rulesets:
+
+		- Boxcar.io.xml
+
+
+	Problematic subdomains:
+
+		- ^ ¹
+		- feedback ²
+
+
+	¹ Shows maintenance notice
+	² uservoice
+
+
+	Fully covered subdomains:
+
+		- (www.)?	(^ → www)
+		- blog
+		- static
+		- support
+
+-->
+<ruleset name="Process-One.net (partial)">
+
+	<target host="process-one.net" />
+	<target host="www.process-one.net" />
+	<target host="blog.process-one.net" />
+	<target host="static.process-one.net" />
+	<target host="support.process-one.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.process-one\.net$" name="^exp_(last_activity|last_visit|tracker)$" /-->
+
+	<securecookie host="^www\.process-one\.net$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?process-one\.net/"
+		to="https://www.process-one.net/" />
+
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Processing.org.xml b/src/chrome/content/rules/Processing.org.xml
index 106bbb8450ff..a64222e4d92e 100644
--- a/src/chrome/content/rules/Processing.org.xml
+++ b/src/chrome/content/rules/Processing.org.xml
@@ -7,13 +7,13 @@
 <ruleset name="Processing.org (partial)">
 
 	<target host="processing.org" />
-	<target host="*.processing.org" />
+	<target host="forum.processing.org" />
+	<target host="www.processing.org" />
 
 
 	<securecookie host="^(?:forum)?\.processing\.org$" name=".+" />
 
 
-	<rule from="^http://(forum\.|www\.)?processing\.org/"
-		to="https://$1processing.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Procter-and-Gamble.xml b/src/chrome/content/rules/Procter-and-Gamble.xml
index cae30238a3a3..00f5b9f107ae 100644
--- a/src/chrome/content/rules/Procter-and-Gamble.xml
+++ b/src/chrome/content/rules/Procter-and-Gamble.xml
@@ -1,23 +1,35 @@
-<!--	news.pg.com hosted at pg.newshq.businesswire.com, but redirects
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://brandsaver.ca/ => https://brandsaver.ca/: (51, "SSL: no alternative certificate subject name matches target host name 'brandsaver.ca'")
+Fetch error: http://www.brandsaver.ca/ => https://www.brandsaver.ca/: (51, "SSL: no alternative certificate subject name matches target host name 'www.brandsaver.ca'")
+Fetch error: http://pgeverydaysolutions.com/ => https://www.pgeverydaysolutions.com/: (60, 'SSL certificate problem: self signed certificate')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://brandsaver.ca/ => https://brandsaver.ca/: (51, "SSL: no alternative certificate subject name matches target host name 'brandsaver.ca'")
+Fetch error: http://www.brandsaver.ca/ => https://www.brandsaver.ca/: (51, "SSL: no alternative certificate subject name matches target host name 'www.brandsaver.ca'")	news.pg.com hosted at pg.newshq.businesswire.com, but redirects
 -->
-<ruleset name="Procter &amp; Gamble (partial)" platform="mixedcontent">
+<ruleset name="Procter &amp; Gamble (partial)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="brandsaver.ca"/>
 	<target host="www.brandsaver.ca"/>
 	<target host="oralb.com"/>
 	<target host="www.oralb.com"/>
 	<target host="pg.com"/>
-	<target host="*.pg.com"/>
+	<target host="www.pg.com" />
+	<target host="news.pg.com" />
 	<target host="pgbrandsampler.ca"/>
 	<target host="www.pgbrandsampler.ca"/>
 	<target host="pgeveryday.ca"/>
-	<target host="*.pgeveryday.ca"/>
+	<target host="media.pgeveryday.ca" />
+	<target host="www.pgeveryday.ca" />
 	<target host="pgeverydaysolutions.com"/>
-	<target host="*.pgeverydaysolutions.com"/>
+	<target host="media.pgeverydaysolutions.com" />
+	<target host="www.pgeverydaysolutions.com" />
 
 
-	<securecookie host="^(.*\.)?pg\.com$" name=".*"/>
-	<securecookie host="^(.*\.)?pgbrandsampler\.ca$" name=".*"/>
+	<securecookie host="^(?:.*\.)?pg\.com$" name=".+" />
+	<securecookie host="^(?:.*\.)?pgbrandsampler\.ca$" name=".+" />
 
 
 	<rule from="^http://(www\.)?brandsaver\.ca/"
diff --git a/src/chrome/content/rules/ProductHunt.xml b/src/chrome/content/rules/ProductHunt.xml
new file mode 100644
index 000000000000..f6b79cdbe771
--- /dev/null
+++ b/src/chrome/content/rules/ProductHunt.xml
@@ -0,0 +1,29 @@
+<!--
+	Insecure cookies are set for these domains and hosts:
+
+		- .producthunt.com
+		- www.producthunt.com
+
+-->
+<ruleset name="Product Hunt.com">
+
+	<target host="producthunt.com" />
+	<target host="*.producthunt.com" />
+
+		<test url="http://assets.producthunt.com/" />
+		<test url="http://s3.producthunt.com/static/category-tech/kitty.png" />
+		<test url="http://www.producthunt.com/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.producthunt\.com$" name="^(?:__cfduid|_producthunt_session_production|cf_clearance)$" /-->
+	<!--securecookie host="^www\.producthunt\.com$" name="^track_code$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ProductSafetyRecallsAustralia.xml b/src/chrome/content/rules/ProductSafetyRecallsAustralia.xml
new file mode 100644
index 000000000000..2a114dc889bd
--- /dev/null
+++ b/src/chrome/content/rules/ProductSafetyRecallsAustralia.xml
@@ -0,0 +1,7 @@
+<ruleset name="Product Safety Recalls Australia">
+	<target host="recalls.gov.au" />
+	<target host="www.recalls.gov.au" />
+
+	<rule from="^http://(?:www\.)?recalls\.gov\.au/"
+		to="https://www.recalls.gov.au/" />
+</ruleset>
diff --git a/src/chrome/content/rules/Product_Safety.gov.au.xml b/src/chrome/content/rules/Product_Safety.gov.au.xml
new file mode 100644
index 000000000000..22b6cdb74bf6
--- /dev/null
+++ b/src/chrome/content/rules/Product_Safety.gov.au.xml
@@ -0,0 +1,24 @@
+<!--
+	For other AU government coverage, see GovSpace.xml.
+
+-->
+<ruleset name="Product Safety.gov.au">
+
+	<target host="productsafety.gov.au" />
+	<target host="www.productsafety.gov.au" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.www\.productsafety\.gov\.au$" name="^(NoAuto|managingContentMode)$" /-->
+
+	<securecookie host="^\.www\.productsafety\.gov\.au$" name=".+" />
+
+
+	<!--	!www redirects to www over http,
+		so copy that behavior:
+						-->
+	<rule from="^http://(?:www\.)?productsafety\.gov\.au/"
+		to="https://www.productsafety.gov.au/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Productvisio.xml b/src/chrome/content/rules/Productvisio.xml
deleted file mode 100644
index f33477e5a0e3..000000000000
--- a/src/chrome/content/rules/Productvisio.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	www: 503
-
--->
-<ruleset name="Productvisio">
-
-	<target host="productvisio.com" />
-	<target host="*.productvisio.com" />
-
-
-	<securecookie host="^\.?productvisio\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?productvisio\.com/"
-		to="https://$1productvisio.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/ProfessorMesser.com.xml b/src/chrome/content/rules/ProfessorMesser.com.xml
new file mode 100644
index 000000000000..40fa37aed7f4
--- /dev/null
+++ b/src/chrome/content/rules/ProfessorMesser.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="ProfessorMesser.com">
+	<target host="professormesser.com" />
+	<target host="www.professormesser.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ProfitBricks.co.uk.xml b/src/chrome/content/rules/ProfitBricks.co.uk.xml
new file mode 100644
index 000000000000..bbaca7471218
--- /dev/null
+++ b/src/chrome/content/rules/ProfitBricks.co.uk.xml
@@ -0,0 +1,28 @@
+<!--
+	For other ProfitBricks coverage, see ProfitBricks.xml.
+
+
+	Insecure cookies are set for these domains:
+
+		- .profitbricks.co.uk
+
+-->
+<ruleset name="ProfitBricks.co.uk">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="profitbricks.co.uk" />
+	<target host="www.profitbricks.co.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.profitbricks\.co\.uk$" name="^pb_tracking_request_uri$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ProfitBricks.de.xml b/src/chrome/content/rules/ProfitBricks.de.xml
new file mode 100644
index 000000000000..22c1b10cc42c
--- /dev/null
+++ b/src/chrome/content/rules/ProfitBricks.de.xml
@@ -0,0 +1,28 @@
+<!--
+	For other ProfitBricks coverage, see ProfitBricks.xml.
+
+
+	Insecure cookies are set for these domains:
+
+		- .profitbricks.de
+
+-->
+<ruleset name="ProfitBricks.de">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="profitbricks.de" />
+	<target host="www.profitbricks.de" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.profitbricks\.de$" name="^pb_tracking_request_uri$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ProfitBricks.xml b/src/chrome/content/rules/ProfitBricks.xml
index 518b5c71915e..8a2f67a0677f 100644
--- a/src/chrome/content/rules/ProfitBricks.xml
+++ b/src/chrome/content/rules/ProfitBricks.xml
@@ -1,21 +1,62 @@
 <!--
-	Nonfunctional subdomains:
+	Other ProfitBricks rulesets:
+
+		- ProfitBricks.co.uk.xml
+		- ProfitBricks.de.xml
+
+
+	Nonfunctional hosts in *profitbricks.com:
 
 		- blog-us
+		- info *
+
+	* Marketo
+
+
+	Mixed content:
+
+		- Images on blog from $self *
+		- favicon on blog from www *
+
+	* Secured by us
 
 -->
-<ruleset name="ProfitBricks (partial)">
+<ruleset name="ProfitBricks.com (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="profitbricks.com" />
+	<target host="analytics.profitbricks.com" />
+	<target host="blog.profitbricks.com" />
+	<target host="devops.profitbricks.com" />
+	<target host="my.profitbricks.com" />
 	<target host="www.profitbricks.com" />
 
+	<!--	Complications:
+				-->
+	<target host="info.profitbricks.com" />
+
+		<exclusion pattern="^http://info\.profitbricks\.com/(?!css/|images/|js/|rs/)" />
+
+			<test url="http://info.profitbricks.com/Cloud-Computing-Demo.html" />
+			<test url="http://info.profitbricks.com/Cloud-Computing-Performance-Comparison.html" />
+			<test url="http://info.profitbricks.com/SasS-ISV-whitepaper.html" />
+			<test url="http://info.profitbricks.com/meet-the-new-cloud.html" />
+
+			<!--	-ve:
+					-->
+			<test url="http://info.profitbricks.com/css/mktLPSupport.css" />
+
+		<test url="http://analytics.profitbricks.com/piwik.php?idsite=2" />
+
+
+	<securecookie host="^\w" name=".+" />
 
-	<securecookie host="^www\.profitbricks\.com$" name=".+" />
 
+	<rule from="^http://info\.profitbricks\.com/"
+		to="https://na-sj02.marketo.com/" />
 
-	<!--	Cert only matches *.profitbricks.com.
-							-->
-	<rule from="^https?://(?:www\.)?profitbricks\.com/"
-		to="https://www.profitbricks.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/ProfitUnion.org.xml b/src/chrome/content/rules/ProfitUnion.org.xml
deleted file mode 100644
index bd3c916e71a8..000000000000
--- a/src/chrome/content/rules/ProfitUnion.org.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="ProfitUnion.org">
-
-	<target host="profitunion.org" />
-	<target host="*.profitunion.org" />
-
-
-	<securecookie host="^(?:w*\.)?profitunion\.org$" name=".+" />
-
-
-	<rule from="^http://(www\.)?profitunion\.org/"
-		to="https://$1profitunion.org/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/ProgramaJaponesOnline.com.br.xml b/src/chrome/content/rules/ProgramaJaponesOnline.com.br.xml
new file mode 100644
index 000000000000..66f15c7721c7
--- /dev/null
+++ b/src/chrome/content/rules/ProgramaJaponesOnline.com.br.xml
@@ -0,0 +1,23 @@
+<!--
+	Mismatched:
+		- autoconfig
+		- autodiscover
+		- cpanel
+		- ftp
+		- webdisk
+		- webmail
+		- whm
+-->
+<ruleset name="ProgramaJaponesOnline.com.br">
+	<target host="programajaponesonline.com.br" />
+	<target host="www.programajaponesonline.com.br" />
+	<target host="beta.programajaponesonline.com.br" />
+	<target host="japonesexpresso.programajaponesonline.com.br" />
+	<target host="www.japonesexpresso.programajaponesonline.com.br" />
+	<target host="mail.programajaponesonline.com.br" />
+	<target host="portal.programajaponesonline.com.br" />
+	<target host="www.portal.programajaponesonline.com.br" />
+	<target host="server.programajaponesonline.com.br" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ProgrammableWeb.xml b/src/chrome/content/rules/ProgrammableWeb.xml
index 0dfa751183c4..c2451c19951d 100644
--- a/src/chrome/content/rules/ProgrammableWeb.xml
+++ b/src/chrome/content/rules/ProgrammableWeb.xml
@@ -1,14 +1,15 @@
-<ruleset name="ProgrammableWeb">
+<ruleset name="ProgrammableWeb.com" platform="mixedcontent">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="programmableweb.com" />
-	<!--	* for cross-domain cookies.	-->
-	<target host="*.programmableweb.com" />
+	<target host="www.programmableweb.com" />
 
 
-	<securecookie host="^.*\.programmableweb\.com$" name=".*" />
+	<securecookie host=".*\.programmableweb\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?programmableweb\.com/"
-		to="https://$1programmableweb.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Programvareverkstedet.xml b/src/chrome/content/rules/Programvareverkstedet.xml
new file mode 100644
index 000000000000..474185c02e29
--- /dev/null
+++ b/src/chrome/content/rules/Programvareverkstedet.xml
@@ -0,0 +1,37 @@
+<ruleset name="Programvareverkstedet">
+	<!--
+		Certificates contain pvv.ntnu.no names but not pvv.org names.
+	-->
+
+	<target host="pvv.org" />
+	<target host="www.pvv.org" />
+	<target host="bokhylle.pvv.org" />
+	<target host="brzeczyszczykiewicz.pvv.org" />
+	<target host="dev.pvv.org" />
+	<target host="idp.pvv.org" />
+	<target host="knakelibrak.pvv.org" />
+	<target host="list.pvv.org" />
+	<target host="mail.pvv.org" />
+	<target host="microbel.pvv.org" />
+	<target host="skrotnisse.pvv.org" />
+	<target host="spikkjeposche.pvv.org" />
+	<target host="webmail.pvv.org" />
+	<target host="pvv.ntnu.no" />
+	<target host="www.pvv.ntnu.no" />
+	<target host="bokhylle.pvv.ntnu.no" />
+	<target host="brzeczyszczykiewicz.pvv.ntnu.no" />
+	<target host="dev.pvv.ntnu.no" />
+	<target host="idp.pvv.ntnu.no" />
+	<target host="knakelibrak.pvv.ntnu.no" />
+	<target host="list.pvv.ntnu.no" />
+	<target host="mail.pvv.ntnu.no" />
+	<target host="microbel.pvv.ntnu.no" />
+	<target host="skrotnisse.pvv.ntnu.no" />
+	<target host="spikkjeposche.pvv.ntnu.no" />
+	<target host="webmail.pvv.ntnu.no" />
+
+	<rule from="^http://(\w+\.)?pvv\.org/" to="https://$1pvv.ntnu.no/" />
+	<rule from="^http:" to="https:" />
+
+	<securecookie host=".+" name=".+" />
+</ruleset>
diff --git a/src/chrome/content/rules/Progreso_Webhosting.xml b/src/chrome/content/rules/Progreso_Webhosting.xml
deleted file mode 100644
index af3952e7c927..000000000000
--- a/src/chrome/content/rules/Progreso_Webhosting.xml
+++ /dev/null
@@ -1,27 +0,0 @@
-<ruleset name="Progreso Webhosting (partial)">
-
-	<target host="progreso.pl" />
-	<target host="*.progreso.pl" />
-		<!--
-			- Expired wildcard certificate
-			- 302s to www
-						-->
-		<exclusion pattern="^http://webmail\." />
-
-
-	<securecookie host="^(?:.*\.)?progreso\.pl$" name=".+" />
-
-
-	<!--	Observed subdomains:
-
-			- extranet
-			- login
-			- mail
-			- poczta
-			- pomoc
-			- www
-				-->
-	<rule from="^http://(\w+\.)?progreso\.pl/"
-		to="https://$1progreso.pl/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Progress.com.xml b/src/chrome/content/rules/Progress.com.xml
new file mode 100644
index 000000000000..fa298871bebe
--- /dev/null
+++ b/src/chrome/content/rules/Progress.com.xml
@@ -0,0 +1,99 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://origin-www.progress.com/ => https://origin-www.progress.com/: (6, 'Could not resolve host: origin-www.progress.com')
+
+	Other Progress Software rulesets:
+
+		- DataDirect.com.xml
+
+
+	CDN buckets:
+
+		- s1325.t.eloqua.com
+
+
+	Nonfunctional hosts:
+
+		- ux *
+
+	* Plaintext reply
+
+
+	Problematic hosts:
+
+		- forms *
+
+	* Mismatched
+
+
+	Fully covered hosts:
+
+		- (www.)?
+		- bizappstoday
+		- blogs
+		- community
+		- corporateblog
+		- media
+		- origin-www
+		- poweredbyprogress
+		- secure
+		- viewfromtheedge
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- progress.com
+		- .progress.com
+		- bizappstoday.progress.com
+		- blogs.progress.com
+		- community.progress.com
+		- corporateblog.progress.com
+		- .forms.progress.com
+		- origin-www.progress.com
+		- poweredbyprogress.progress.com
+		- viewfromtheedge.progress.com
+		- www.progress.com
+
+
+	Mixed content:
+
+		- csss on forms from app.businessmaking.progress.net ¹
+		- Image on forms from www.progress.com ²
+		- favicon on forms from img.en25.com ²
+
+	¹ Mpt secured by us <= mismatched
+	² Secured by us
+
+-->
+<ruleset name="Progress.com (partial)" default_off="failed ruleset test">
+
+	<target host="progress.com" />
+	<target host="bizappstoday.progress.com" />
+	<target host="blogs.progress.com" />
+	<target host="community.progress.com" />
+	<target host="corporateblog.progress.com" />
+	<target host="media.progress.com" />
+	<target host="origin-www.progress.com" />
+	<target host="poweredbyprogress.progress.com" />
+	<target host="secure.progress.com" />
+	<target host="viewfromtheedge.progress.com" />
+	<target host="www.progress.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(origin-www\.|www\.)?progress\.com$" name="^NAVIGATIONARTS-COOKIE$" /-->
+	<!--securecookie host="^\.progress\.com$" name="^(AMAuthCookie|smTargetUrl)$" /-->
+	<!--securecookie host="^(bizappstoday|blogs|corporateblog|poweredbyprogress|viewfromtheedge)\.progress\.com$" name="^(PHPSESSID|wfvt_\d{10})$" /-->
+	<!--securecookie host="^community\.progress\.com$" name="^(AuthorizationCookie|CSExtendedAnalytics|CSExtendedAnalyticsSession|ReturnUrl)$" /-->
+	<!--securecookie host="^\.forms\.progress\.com$" name="^ELOQUA$" /-->
+	<!--securecookie host="^www\.progress\.com$" name="^Apache$" /-->
+
+	<securecookie host="^(?:(?:bizappstoday|blogs|community|corporateblog|origin-www|poweredbyprogress|viewfromtheedge|www)\.)?progress\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Progressive.hu.xml b/src/chrome/content/rules/Progressive.hu.xml
deleted file mode 100644
index 7b51945451c8..000000000000
--- a/src/chrome/content/rules/Progressive.hu.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<!-- Nonfunctional subdomains:
-	 - jumbo.progressive.hu (ssl_error_bad_cert_domain)
--->
-<ruleset name="::progressive:: (partial)">
-	<target host="www.progressive.hu" />
-
-	<securecookie host="^www\.progressive\.hu$" name=".+" />
-	<rule from="^http://www\.progressive\.hu/" to="https://www.progressive.hu/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Project-diva-ac.net.xml b/src/chrome/content/rules/Project-diva-ac.net.xml
new file mode 100644
index 000000000000..743d3e183ada
--- /dev/null
+++ b/src/chrome/content/rules/Project-diva-ac.net.xml
@@ -0,0 +1,7 @@
+<ruleset name="project-diva-ac.net">
+	<target host="project-diva-ac.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ProjectEuler.xml b/src/chrome/content/rules/ProjectEuler.xml
index 5d342d408bd6..d7191ae9adfd 100644
--- a/src/chrome/content/rules/ProjectEuler.xml
+++ b/src/chrome/content/rules/ProjectEuler.xml
@@ -1,8 +1,25 @@
-<ruleset name="Project Euler">
-  <target host="www.projecteuler.net" />
-  <target host="projecteuler.net" />
+<!--
+	www.projecteuler.net: Mismatched
 
-  <securecookie host="^projecteuler\.net/$" name=".*" />
+-->
+<ruleset name="Project Euler.net">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="projecteuler.net" />
+
+	<!--	Complications:
+				-->
+	<target host="www.projecteuler.net" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://www\.projecteuler\.net/"
+		to="https://projecteuler.net/" />
+
+	<rule from="^http:"
+		to="https:" />
 
-  <rule from="^http://(www\.)?projecteuler\.net/" to="https://projecteuler.net/" />
 </ruleset>
diff --git a/src/chrome/content/rules/ProjectHoneypot.xml b/src/chrome/content/rules/ProjectHoneypot.xml
index fedc97cdd3ac..5151a92aa1d6 100644
--- a/src/chrome/content/rules/ProjectHoneypot.xml
+++ b/src/chrome/content/rules/ProjectHoneypot.xml
@@ -2,7 +2,7 @@
   <target host="projecthoneypot.org" />
   <target host="www.projecthoneypot.org" />
 
-  <securecookie host="^(www\.)?projecthoneypot\.org$" name=".*"/>
+  <securecookie host="^(?:www\.)?projecthoneypot\.org$" name=".+" />
 
-  <rule from="^http://(?:www\.)?projecthoneypot\.org/" to="https://www.projecthoneypot.org/" />
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/ProjectSeahorse.org.xml b/src/chrome/content/rules/ProjectSeahorse.org.xml
new file mode 100644
index 000000000000..2748f5021042
--- /dev/null
+++ b/src/chrome/content/rules/ProjectSeahorse.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="ProjectSeahorse.org">
+
+	<target host="projectseahorse.org" />
+	<target host="www.projectseahorse.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ProjectSyndicate.xml b/src/chrome/content/rules/ProjectSyndicate.xml
index 0ac375c206e1..001feddd4229 100644
--- a/src/chrome/content/rules/ProjectSyndicate.xml
+++ b/src/chrome/content/rules/ProjectSyndicate.xml
@@ -1,6 +1,26 @@
-<ruleset name="Project Syndicate (broken)" default_off="broken">
-  <target host="www.project-syndicate.org"/>
+<!--
+	Insecure cookies are set for these domains and hosts:
+
+		- .project-syndicate.org
+		- www.project-syndicate.org
+
+-->
+<ruleset name="Project-Syndicate.org">
+
+<!--	Direct rewrites:
+			-->
   <target host="project-syndicate.org"/>
+  <target host="www.project-syndicate.org"/>
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.project-syndicate\.org$" name="^__qca$" /-->
+	<!--securecookie host="^www\.project-syndicate\.org$" name="ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^(?:www)?\.project-syndicate\.org$" name=".+" />
+
 
-  <rule from="^http://(www\.)?project-syndicate\.org/" to="https://www.project-syndicate.org/"/>
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Project_Dent.com.xml b/src/chrome/content/rules/Project_Dent.com.xml
new file mode 100644
index 000000000000..ef5932030055
--- /dev/null
+++ b/src/chrome/content/rules/Project_Dent.com.xml
@@ -0,0 +1,12 @@
+<!--
+	Mismatch
+		-www
+-->
+<ruleset name="Project Dent.com">
+	<target host="projectdent.com" />
+	<target host="www.projectdent.com" />
+
+	<securecookie host="^\w" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Project_Euclid.org.xml b/src/chrome/content/rules/Project_Euclid.org.xml
new file mode 100644
index 000000000000..d78a6bf33e74
--- /dev/null
+++ b/src/chrome/content/rules/Project_Euclid.org.xml
@@ -0,0 +1,15 @@
+<ruleset name="Project Euclid.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="projecteuclid.org" />
+	<target host="www.projecteuclid.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Project_Meshnet.xml b/src/chrome/content/rules/Project_Meshnet.xml
index b48093daee14..c1b38290ffe7 100644
--- a/src/chrome/content/rules/Project_Meshnet.xml
+++ b/src/chrome/content/rules/Project_Meshnet.xml
@@ -1,19 +1,24 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://wiki.projectmeshnet.org/ => https://wiki.projectmeshnet.org/: (6, 'Could not resolve host: wiki.projectmeshnet.org')
+
 	Nonfunctional subdomains:
 
 		- map
 
 -->
-<ruleset name="Project Meshnet (partial)">
+<ruleset name="Project Meshnet.org (partial)" default_off="failed ruleset test">
 
 	<target host="projectmeshnet.org" />
-	<target host="*.projectmeshnet.org" />
+	<target host="wiki.projectmeshnet.org" />
+	<target host="www.projectmeshnet.org" />
 
 
-	<securecookie host="^wiki\.projectmeshnet\.org$" name=".+" />
+	<securecookie host="^(?:wiki)?\.projectmeshnet\.org$" name=".+" />
 
 
-	<rule from="^http://(forums\.|wiki\.|www\.)?projectmeshnet\.org/"
-		to="https://$1projectmeshnet.org/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Project_Vote_Smart.xml b/src/chrome/content/rules/Project_Vote_Smart.xml
index 4e0cc3348635..c8517e51d818 100644
--- a/src/chrome/content/rules/Project_Vote_Smart.xml
+++ b/src/chrome/content/rules/Project_Vote_Smart.xml
@@ -7,7 +7,6 @@
 	<securecookie host="^votesmart\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?votesmart\.org/"
-		to="https://$1votesmart.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Project_Wonderful.xml b/src/chrome/content/rules/Project_Wonderful.xml
deleted file mode 100644
index 12df2263c1ac..000000000000
--- a/src/chrome/content/rules/Project_Wonderful.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Project Wonderful">
-
-	<target host="projectwonderful.com" />
-	<target host="www.projectwonderful.com" />
-
-
-	<securecookie host="^(?:www\.)?projectwonderful\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?projectwonderful\.com/"
-		to="https://$1projectwonderful.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Projectplace.com-problematic.xml b/src/chrome/content/rules/Projectplace.com-problematic.xml
deleted file mode 100644
index f768f34cc2cf..000000000000
--- a/src/chrome/content/rules/Projectplace.com-problematic.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	For rules that are on by default, see Projectplace.com.xml.
-
--->
-<ruleset name="Projectplace.com (problematic)" default_off="expired, self-signed">
-
-	<target host="intranet.projectplace.com" />
-
-
-	<securecookie host="^intranet\.projectplace\.com$" name=".+" />
-
-
-	<rule from="^http://intranet\.projectplace\.com/"
-		to="https://intranet.projectplace.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Projectplace.com.xml b/src/chrome/content/rules/Projectplace.com.xml
index e9bd6aadfed2..8bfa7da06f11 100644
--- a/src/chrome/content/rules/Projectplace.com.xml
+++ b/src/chrome/content/rules/Projectplace.com.xml
@@ -1,84 +1,38 @@
 <!--
-	Projectplace International
+	Refused:
+		challenge.projectplace.com
 
-	For problematic domains, see Projectplace.com-problematic.xml.
+	Different content http/https:
+		clients.projectplace.com
+		feeds.projectplace.com
+		service.projectplacedocs.com
 
+	Invalid certificate:
+		follow-up.projectplace.com
+		ideas.projectplace.com
+		styleguide.projectplace.com
 
-	CDN buckets:
-
-		- projectplace.ideas.dimelo.com
-
-			- ideas.projectplace.com
-
-		- projectplace.users.dimelo.com
-
-
-	Nonfunctional domains:
-
-		- blog.projectplace.com		(redirects to internet; expired 2013-08-09, self-signed)
-
-
-	Problematic domains:
-
-		- ideas.projectplace.com	(mismatched, CN: *.ideas.dimelo.com)
-		- intranet.projectplace.com	(works; expired 2013-08-09, self-signed)
-
-
-	Fully covered domains:
-
-		- projectplace.com subdomains:
-
-			- (www.)
-			- help
-			- ideas		(→ projectplace.ideas.dimelo.com)
-			- service
-			- test-service
-
-		- service.projectplacedocs.com
-
-
-	Observed cookie domains:
-
-		- projectplace.ideas.dimelo.com
-		- projectplace.users.dimelo.com
-
-		- projectplace.com subdomains:
-
-			- . *
-			- .help *
-			- intranet
-			- support
-			- www
-
-	* Only tracking cookies
+	Login required:
+		service.projectplace.com
 
 -->
-<ruleset name="Projectplace.com (partial)">
+<ruleset name="Projectplace.com">
 
-	<target host="projectplace.*.dimelo.com" />
 	<target host="projectplace.com" />
-	<target host="*.projectplace.com" />
-	<target host="service.projectplacedocs.com" />
-
-
-	<!--	ToDo: Move to a dedicated dimelo ruleset
-								-->
-	<securecookie host="^projectplace\.(?:idea|user)s\.dimelo\.com$" name=".+" />
-	<!--securecookie host="^(\.help|support|www)\.projectplace\.com$" name=".+" /-->
-	<!--
-		There aren't any partially covered subdomains,
-		so blanked coverage shouldn't cause problems:
-								-->
-	<securecookie host=".*\.projectplace\.com$" name=".+" />
-
-
-	<rule from="^http://((?:help|(?:test-)?service|help|support|www)\.)?projectplace\.com/"
-		to="https://$1projectplace.com/" />
-
-	<rule from="^http://ideas\.projectplace\.com/"
-		to="https://projectplace.ideas.dimelo.com/" />
-
-	<rule from="^http://service\.projectplacedocs\.com/"
-		to="https://service.projectplacedocs.com/" />
-
-</ruleset>
\ No newline at end of file
+	<target host="www.projectplace.com" />
+	<target host="api.projectplace.com" />
+	<target host="blog.projectplace.com" />
+	<target host="customercare.projectplace.com" />
+	<target host="edu.projectplace.com" />
+	<target host="get.projectplace.com" />
+	<target host="help.projectplace.com" />
+	<target host="m.projectplace.com" />
+	<target host="newsletter.projectplace.com" />
+	<target host="support.projectplace.com" />
+	<target host="todo.projectplace.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"	to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Projet-PLUME.org.xml b/src/chrome/content/rules/Projet-PLUME.org.xml
new file mode 100644
index 000000000000..90a44ffa488d
--- /dev/null
+++ b/src/chrome/content/rules/Projet-PLUME.org.xml
@@ -0,0 +1,16 @@
+<ruleset name="Projet-PLUME.org">
+
+	<target host="projet-plume.org" />
+	<target host="www.projet-plume.org" />
+
+
+	<!--	Not secured by server
+					-->
+	<!--securecookie host="^\.projet-plume\.org$" name="^SESS[0-9a-f]{32}$" /-->
+
+	<securecookie host="^\.projet-plume\.org$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Prolaika.sk.xml b/src/chrome/content/rules/Prolaika.sk.xml
new file mode 100644
index 000000000000..3f11f8fffb3c
--- /dev/null
+++ b/src/chrome/content/rules/Prolaika.sk.xml
@@ -0,0 +1,11 @@
+<!--
+	prolaika.sk
+	Camera shop
+
+-->
+<ruleset name="Prolaika.sk">
+	<target host="prolaika.sk" />
+	<target host="www.prolaika.sk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Prolexic.xml b/src/chrome/content/rules/Prolexic.xml
index 89bd7eb62526..16c9efeb4118 100644
--- a/src/chrome/content/rules/Prolexic.xml
+++ b/src/chrome/content/rules/Prolexic.xml
@@ -10,16 +10,16 @@
 	<target host="*.prolexic.com" />
 
 
-	<securecookie host="^(?:.*\.)?prolexic\.com$" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
 
 	<rule from="^http://(?!ww\.)(\w+\.)?prolexic\.com/"
 		to="https://$1prolexic.com/" />
 
-	<rule from="^https?://ww\.prolexic\.com/l/(\w+/\d{4}-\d\d-\d\d/\w+)"
+	<rule from="^http://ww\.prolexic\.com/l/(\w+/\d{4}-\d\d-\d\d/\w+)"
 		to="https://go.pardot.com/l/$1" />
 
-	<rule from="^https?://ww\.prolexic\.com/(?:l/)?(\?.*)?$"
+	<rule from="^http://ww\.prolexic\.com/(?:l/)?(\?.*)?$"
 		to="https://www.prolexic.com/$1" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Prometeus.net.xml b/src/chrome/content/rules/Prometeus.net.xml
new file mode 100644
index 000000000000..516ce18ee151
--- /dev/null
+++ b/src/chrome/content/rules/Prometeus.net.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- prometeus.net
+		- www.prometeus.net
+
+-->
+<ruleset name="Prometeus.net">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="prometeus.net" />
+	<target host="www.prometeus.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?prometeus\.net$" name="^(?:WHMCS\d+|WHMCSAffiliateID)$" /-->
+
+	<securecookie host="^(?:www\.)?prometeus\.net$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Prometheus-leirin-tuki-ry.xml b/src/chrome/content/rules/Prometheus-leirin-tuki-ry.xml
index ebb273d5683a..d87d52ab0a68 100644
--- a/src/chrome/content/rules/Prometheus-leirin-tuki-ry.xml
+++ b/src/chrome/content/rules/Prometheus-leirin-tuki-ry.xml
@@ -1,9 +1,8 @@
 <ruleset name="Prometheus-leirin tuki ry">
-	<target host="protu.fi"/>
-	<target host="*.protu.fi"/>
+	<target host="protu.fi" />
+	<target host="www.protu.fi" />
 
 	<securecookie host="^\.protu\.fi$" name=".+" />
 
-	<rule from="^http://(www\.)?protu\.fi/"
-		to="https://$1protu.fi/"/>
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Prometheus_Global-problematic.xml b/src/chrome/content/rules/Prometheus_Global-problematic.xml
index fa59f4dd2148..43a1dcffb62f 100644
--- a/src/chrome/content/rules/Prometheus_Global-problematic.xml
+++ b/src/chrome/content/rules/Prometheus_Global-problematic.xml
@@ -16,4 +16,4 @@
 	<rule from="^http://(?:www\.)?prometheus-?group\.com/"
 		to="https://prometheus-group.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Prometheus_Global.xml b/src/chrome/content/rules/Prometheus_Global.xml
deleted file mode 100644
index 9e90b135853a..000000000000
--- a/src/chrome/content/rules/Prometheus_Global.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	For problematic rules, see Prometheus_Global-problematic.xml.
-
-
-	Problematic domains:
-
-		- progllc.com			(shows default plesk page, valid cert)
-		- prometheusgroup.com		(works; expired 2013-03-21, CN: Parallels Panel)
-		- (www.)prometheus-group.com	(works; mismatched, CN: www.progllc.com)
-
--->
-<ruleset name="Prometheus Global (partial)">
-
-	<target host="progllc.com" />
-	<target host="www.progllc.com" />
-
-
-	<rule from="^http://(?:www\.)?progllc\.com/"
-		to="https://www.progllc.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Prometric.xml b/src/chrome/content/rules/Prometric.xml
index e80e4fdf56ca..923fc5eda923 100644
--- a/src/chrome/content/rules/Prometric.xml
+++ b/src/chrome/content/rules/Prometric.xml
@@ -2,7 +2,7 @@
   <target host="prometric.com" />
   <target host="www.prometric.com" />
 
-  <securecookie host="^(.*\.)?prometric.com$" name=".*" />
+  <securecookie host=".+" name=".+" />
 
   <rule from="^http://(?:www\.)?prometric\.com/" to="https://www.prometric.com/"/>
 
diff --git a/src/chrome/content/rules/Pronoun.com.xml b/src/chrome/content/rules/Pronoun.com.xml
new file mode 100644
index 000000000000..66dbc098c67f
--- /dev/null
+++ b/src/chrome/content/rules/Pronoun.com.xml
@@ -0,0 +1,24 @@
+<!--
+
+	Problematic hosts in *pronoun.com:
+
+		- blog (expired)
+		- buy ᵐ
+		- support ᵐ
+
+	ᵐ Mismatched
+
+-->
+<ruleset name="Pronoun.com">
+
+	<target host="pronoun.com" />
+	<target host="www.pronoun.com" />
+	<target host="app.pronoun.com" />
+	<target host="books.pronoun.com" />
+	<target host="theverbs.pronoun.com" />
+	<target host="try.pronoun.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Proofpoint.xml b/src/chrome/content/rules/Proofpoint.xml
index b811bc631224..331d76fdfece 100644
--- a/src/chrome/content/rules/Proofpoint.xml
+++ b/src/chrome/content/rules/Proofpoint.xml
@@ -1,37 +1,41 @@
 <!--
-	Nonfunctional:
+	Nonfunctional subdomains:
 
-		- blog.proofpoint.com		(times out; hosted on Typepad)
-		- investors.proofpoint.com	(cert: *.shareholder.com; 403)
+		- blog ¹
+		- investors ²
+
+	¹ Typepad
+	² Shareholder
 
 -->
 <ruleset name="Proofpoint (partial)">
 
 	<target host="proofpoint.com" />
-	<target host="*.proofpoint.com" />
-
-
-	<rule from="^http://proofpoint\.com/"
-		to="https://proofpoint.com/" />
+	<target host="support.proofpoint.com" />
+	<target host="urldefense.proofpoint.com" />
+	<target host="www.proofpoint.com" />
+	<target host="go.proofpoint.com" />
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="^http://www\.proofpoint\.com/($|favicon\.ico|id/gartner-email-security-magic-quadrant/index\.php)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.proofpoint\.com/(?!(?:asset|cs|image|partner)s/)" />
 
-	<!--	At least these paths redirect to http:
 
-			- $
-			- favicon.ico$
-			- id/gartner-email-security-magic-quadrant/index.php
-						-->
-	<rule from="^http://www\.proofpoint\.com/(asset|cs|image|partner)s/"
-		to="https://www.proofpoint.com/$1s/" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^urldefense\.proofpoint\.com$" name="^_redirector_session$" /-->
 
-	<!--	These paths 404:
+	<securecookie host="^urldefense\.proofpoint\.com$" name=".+" />
 
-			- formstandard-2column.html
 
-				-->
-	<rule from="^https?://go\.proofpoint\.com/(css|images)/"
-		to="https://na-n.marketo.com/$1/" />
+	<rule from="^http://((?:support|urldefense|www)\.)?proofpoint\.com/"
+		to="https://$1proofpoint.com/" />
 
-	<rule from="^http://support\.proofpoint\.com/"
-		to="https://support.proofpoint.com/" />
+	<rule from="^http://go\.proofpoint\.com/(?=css/|images/|js/|rs/)"
+		to="https://na-n.marketo.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Proofpositivemedia.com.xml b/src/chrome/content/rules/Proofpositivemedia.com.xml
new file mode 100644
index 000000000000..9966bd4ee77b
--- /dev/null
+++ b/src/chrome/content/rules/Proofpositivemedia.com.xml
@@ -0,0 +1,24 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- api.proofpositivemedia.com
+
+-->
+<ruleset name="proofpositivemedia.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="api.proofpositivemedia.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^api\.proofpositivemedia\.com$" name="^v$" /-->
+
+	<securecookie host="^api\.proofpositivemedia\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PropellerAds.xml b/src/chrome/content/rules/PropellerAds.xml
index 5046c9553907..7f3798a2753d 100644
--- a/src/chrome/content/rules/PropellerAds.xml
+++ b/src/chrome/content/rules/PropellerAds.xml
@@ -1,7 +1,11 @@
 <!--
 	Other Propeller Ads Media rulesets:
 
-		- Oneclickads.net.xml
+		- Oclaserver.com.xml
+		- oclasrv.com.xml
+		- onclasrv.com.xml
+		- Onclickads.net.xml
+		- onclkds.com.xml
 		- Propellerpops.com.xml
 
 
@@ -10,17 +14,17 @@
 		- (www.)propellerads.com	(rx_record_too_long)
 
 -->
-<ruleset name="PropellerAds (partial)">
+<ruleset name="PropellerAds.com (partial)">
 
-	<target host="*.propellerads.com" />
+	<!--	Direct rewrites:
+				-->
+	<target host="ad.propellerads.com" />
 
 
-	<securecookie host="^ad\.propellerads\.com$" name=".+" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<!--	Cert only matches ad.
-					-->
-	<rule from="^https?://(?:ad|img)\.propellerads\.com/"
-		to="https://ad.propellerads.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Propellerpops.com.xml b/src/chrome/content/rules/Propellerpops.com.xml
index 6aba958ec936..a6a41e62befb 100644
--- a/src/chrome/content/rules/Propellerpops.com.xml
+++ b/src/chrome/content/rules/Propellerpops.com.xml
@@ -2,18 +2,15 @@
 	For other Propeller Ads Media cverage, see PropellerAds.xml.
 
 
-	Problematic subdomains:
-
-		- www	(http reply)
+	www.propellerpops.com: Redirects to http, differs from ^propellerpops.com
 
 -->
-<ruleset name="Propellerpops.com">
+<ruleset name="Propellerpops.com (partial)">
 
 	<target host="propellerpops.com" />
-	<target host="www.propellerpops.com" />
 
 
-	<rule from="^http://(?:www\.)?propellerpops\.com/"
-		to="https://propellerpops.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ProperPet.com.xml b/src/chrome/content/rules/ProperPet.com.xml
new file mode 100644
index 000000000000..af619c6260ec
--- /dev/null
+++ b/src/chrome/content/rules/ProperPet.com.xml
@@ -0,0 +1,14 @@
+<ruleset name="ProperPet.com">
+
+	<target host="properpet.com" />
+	<target host="www.properpet.com" />
+
+
+	<!--	Server doesn't set Secure for:
+						-->
+	<securecookie host="^\.(?:www\.)?properpet\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Prosidy.im.xml b/src/chrome/content/rules/Prosidy.im.xml
deleted file mode 100644
index 05362aa2ab53..000000000000
--- a/src/chrome/content/rules/Prosidy.im.xml
+++ /dev/null
@@ -1,27 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- blog	(shows hg)
-
-
-	Problematic subdomains:
-
-		- www	(shows hg)
-
-
-	Fully covered subdomains:
-
-		- (www.)	(www → ^)
-		- hg
-
--->
-<ruleset name="Prosidy.im">
-
-	<target host="prosody.im" />
-	<target host="*.prosody.im" />
-
-
-	<rule from="^http://(?:(hg\.)|www\.)?prosody\.im/"
-		to="https://$1prosody.im/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Prosody.im.xml b/src/chrome/content/rules/Prosody.im.xml
new file mode 100644
index 000000000000..59ab3488037b
--- /dev/null
+++ b/src/chrome/content/rules/Prosody.im.xml
@@ -0,0 +1,12 @@
+<ruleset name="Prosody.im">
+
+	<target host="prosody.im" />
+	<target host="www.prosody.im" />
+	<target host="issues.prosody.im" />
+	<target host="blog.prosody.im" />
+	<target host="hg.prosody.im" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Prospect-Magazine.xml b/src/chrome/content/rules/Prospect-Magazine.xml
deleted file mode 100644
index 148106709831..000000000000
--- a/src/chrome/content/rules/Prospect-Magazine.xml
+++ /dev/null
@@ -1,27 +0,0 @@
-<!--
-	CDN buckets:
-
-		- prospect.prospectpublishi.netdna-cdn.com
-
-			- -ssl doesn't exist
-
-
-	Nonfunctional domains:
-
-		- flyprospect.com	(cert: *.xssl.net; 404)
-
--->
-<ruleset name="Prospect Magazine (partial)">
-
-	<target host="prospect.prospectpublishi.netdna-cdn.com" />
-	<target host="prospectmagazine.co.uk" />
-	<target host="www.prospectmagazine.co.uk" />
-
-
-	<securecookie host="^(www\.)?prospectmagazine\.co\.uk$" name=".*" />
-
-
-	<rule from="^https?://(?:prospect\.prospectpublishi\.netdna-cdn\.com|(www\.)?prospectmagazine\.co\.uk)/"
-		to="https://$1prospectmagazine.co.uk/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/ProspectEye.com.xml b/src/chrome/content/rules/ProspectEye.com.xml
new file mode 100644
index 000000000000..812e3a64cc6a
--- /dev/null
+++ b/src/chrome/content/rules/ProspectEye.com.xml
@@ -0,0 +1,57 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://app.prospecteye.com/ => https://app.prospecteye.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://prospecteye.com/ => https://prospecteye.com/: (51, "SSL: no alternative certificate subject name matches target host name 'prospecteye.com'")
+
+	For other Apsis coverage, see Apsis_Lead.com.xml.
+
+
+	^prospecteye.com: Mismatched
+
+
+	Fully covered hosts in *prospecteye.com:
+
+		- (www.)?	(^ → www)
+		- api
+		- app
+		- tr
+
+
+	Insecure cookies are set for these hosts:
+
+		- tr.prospecteye.com
+
+
+	Mixed content:
+
+		- Bug on www from tr.apsislead.com *
+
+	* Secured by us
+
+-->
+<ruleset name="ProspectEye.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="api.prospecteye.com" />
+	<target host="app.prospecteye.com" />
+	<target host="tr.prospecteye.com" />
+	<target host="www.prospecteye.com" />
+
+	<!--	Complications:
+				-->
+	<target host="prospecteye.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^tr\.prospecteye\.com$" name="^[\da-f]{32}$" /-->
+
+	<securecookie host="^tr\.prospecteye\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ProspectMagazine.co.uk.xml b/src/chrome/content/rules/ProspectMagazine.co.uk.xml
new file mode 100644
index 000000000000..210c87ffb6a2
--- /dev/null
+++ b/src/chrome/content/rules/ProspectMagazine.co.uk.xml
@@ -0,0 +1,14 @@
+<ruleset name="ProspectMagazine.co.uk">
+
+	<target host="prospectmagazine.co.uk" />
+	<target host="www.prospectmagazine.co.uk" />
+	<target host="myaccount.prospectmagazine.co.uk" />
+	<target host="subscribe.prospectmagazine.co.uk" />
+	<target host="subscription.prospectmagazine.co.uk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Prospectparkzoo.com.xml b/src/chrome/content/rules/Prospectparkzoo.com.xml
new file mode 100644
index 000000000000..f8967a60ec26
--- /dev/null
+++ b/src/chrome/content/rules/Prospectparkzoo.com.xml
@@ -0,0 +1,12 @@
+<!--
+	Invalid Server Name:
+		www.prospectparkzoo.com
+-->
+
+<ruleset name="Prospectparkzoo.com">
+	<target host="prospectparkzoo.com" />
+
+	<securecookie host="prospectparkzoo\.com$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Prospera-Credit-Union.xml b/src/chrome/content/rules/Prospera-Credit-Union.xml
new file mode 100644
index 000000000000..7090a65b7c40
--- /dev/null
+++ b/src/chrome/content/rules/Prospera-Credit-Union.xml
@@ -0,0 +1,17 @@
+<!--
+	Invalid certificates:
+		- dontjustbankprosper.ca
+
+	Timeout:
+		- mail.prospera.ca
+-->
+
+<ruleset name="Prospera Credit Union">
+	<target host="prospera.ca" />
+	<target host="www.prospera.ca" />
+	<target host="mdws.prospera.ca" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ProstoVPN.org.xml b/src/chrome/content/rules/ProstoVPN.org.xml
new file mode 100644
index 000000000000..366f6814f1a6
--- /dev/null
+++ b/src/chrome/content/rules/ProstoVPN.org.xml
@@ -0,0 +1,18 @@
+<!--
+	Different content HTTP/HTTPS:
+		www.prostovpn.org
+
+	Invalid certificate:
+		blockcheck.antizapret.prostovpn.org
+		repo.prostovpn.org
+
+-->
+<ruleset name="ProstoVPN.org">
+
+	<target host="prostovpn.org" />
+	<target host="antizapret.prostovpn.org" />
+	<target host="stat.prostovpn.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Prosystemfx.com.xml b/src/chrome/content/rules/Prosystemfx.com.xml
index e099c555195c..b5e9d22d67a5 100644
--- a/src/chrome/content/rules/Prosystemfx.com.xml
+++ b/src/chrome/content/rules/Prosystemfx.com.xml
@@ -1,4 +1,6 @@
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://prosystemfx.com/ => https://www.prosystemfx.com/: (56, 'SSL read: error:00000000:lib(0):func(0):reason(0), errno 104')
 	For other CCH coverage, see CCH.xml.
 
 
@@ -8,16 +10,17 @@
 <ruleset name="prosystemfx.com">
 
 	<target host="prosystemfx.com" />
-	<target host="*.prosystemfx.com" />
+	<target host="www.prosystemfx.com" />
+	<target host="stagewww.prosystemfx.com" />
+	<target host="cchknowledgecenter.prosystemfx.com" />
 
 
-	<securecookie host="^(?:.*\.)?prosystemfx\.com$" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
 
 	<rule from="^http://(?:(stage)?www\.)?prosystemfx\.com/"
 		to="https://$1www.prosystemfx.com/" />
 
-	<rule from="^http://cchknowledgecenter\.prosystemfx\.com/"
-		to="https://cchknowledgecenter.prosystemfx.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ProteanSec.com.xml b/src/chrome/content/rules/ProteanSec.com.xml
new file mode 100644
index 000000000000..a7c25af3c10b
--- /dev/null
+++ b/src/chrome/content/rules/ProteanSec.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .proteansec.com
+
+-->
+<ruleset name="ProteanSec.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="proteansec.com" />
+	<target host="www.proteansec.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.proteansec\.com$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.proteansec\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Protect_Network.xml b/src/chrome/content/rules/Protect_Network.xml
index 65c37336aa1f..886c6d212d5e 100644
--- a/src/chrome/content/rules/Protect_Network.xml
+++ b/src/chrome/content/rules/Protect_Network.xml
@@ -1,13 +1,19 @@
-<ruleset name="Protect Network">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://protectnetwork.org/ => https://protectnetwork.org/: (6, 'Could not resolve host: protectnetwork.org')
+
+-->
+<ruleset name="Protect Network" default_off="failed ruleset test">
 
 	<target host="protectnetwork.org" />
-	<target host="*.protectnetwork.org" />
+	<target host="app.protectnetwork.org" />
+	<target host="www.protectnetwork.org" />
 
 
 	<securecookie host="^app\.protectnetwork\.org$" name=".+" />
 
 
-	<rule from="^http://(app\.|www\.)?protectnetwork\.org/"
-		to="https://$1protectnetwork.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ProtectedText.com.xml b/src/chrome/content/rules/ProtectedText.com.xml
new file mode 100644
index 000000000000..80b543c12fe0
--- /dev/null
+++ b/src/chrome/content/rules/ProtectedText.com.xml
@@ -0,0 +1,22 @@
+<!--
+	^protectedtext.com: Refused
+
+-->
+<ruleset name="ProtectedText.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.protectedtext.com" />
+
+	<!--	Complications:
+				-->
+	<target host="protectedtext.com" />
+
+
+	<rule from="^http://protectedtext\.com/"
+		to="https://www.protectedtext.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Protonirockerxow.onion.xml b/src/chrome/content/rules/Protonirockerxow.onion.xml
new file mode 100644
index 000000000000..bd46642578c8
--- /dev/null
+++ b/src/chrome/content/rules/Protonirockerxow.onion.xml
@@ -0,0 +1,13 @@
+<!--
+	Invalid certificates:
+		- *.protonirockerxow.onion
+
+	This ruleset covers ProtonMail onion services on Tor.
+-->
+<ruleset name="ProtonMail Onion Service">
+	<target host="protonirockerxow.onion" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Provantage.xml b/src/chrome/content/rules/Provantage.xml
index d6368c9a2a3e..472cbd9c9b1e 100644
--- a/src/chrome/content/rules/Provantage.xml
+++ b/src/chrome/content/rules/Provantage.xml
@@ -1,9 +1,9 @@
 <ruleset name="Provantage" platform="mixedcontent">
 
 	<target host="provantage.com"/>
-	<target host="*.provantage.com"/>
+	<target host="www.provantage.com" />
 
-	<securecookie host="^(.*\.)?provantage\.com$" name=".*"/>
+	<securecookie host=".+" name=".+" />
 
 	<!--	cert !valid for !www	-->
 	<rule from="^http://(?:www\.)?provantage\.com/"
diff --git a/src/chrome/content/rules/Proven_Credible.xml b/src/chrome/content/rules/Proven_Credible.xml
index a3f9af4ec86a..60a6d3481f3f 100644
--- a/src/chrome/content/rules/Proven_Credible.xml
+++ b/src/chrome/content/rules/Proven_Credible.xml
@@ -15,4 +15,4 @@
 	<rule from="^http://(?:www\.)?provencredible\.com/"
 		to="https://www.provencredible.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Provenance.org.xml b/src/chrome/content/rules/Provenance.org.xml
new file mode 100644
index 000000000000..6aa2b6399379
--- /dev/null
+++ b/src/chrome/content/rules/Provenance.org.xml
@@ -0,0 +1,34 @@
+<!--
+	^provenance.org: Refused
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.provenance.org
+
+-->
+<ruleset name="Provenance.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.provenance.org" />
+
+	<!--	Complications:
+				-->
+	<target host="provenance.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.provenance\.org$" name="^_provenance_session$" /-->
+
+	<securecookie host="^www\.provenance\.org$" name=".+" />
+
+
+	<rule from="^http://provenance\.org/"
+		to="https://www.provenance.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Provide-Support-mismatches.xml b/src/chrome/content/rules/Provide-Support-mismatches.xml
index daf33f0cfe3b..b2ecbc68f2d5 100644
--- a/src/chrome/content/rules/Provide-Support-mismatches.xml
+++ b/src/chrome/content/rules/Provide-Support-mismatches.xml
@@ -2,7 +2,7 @@
 	For rules that are on by default, see Provide-Support.xml.
 
 -->
-<ruleset name="Provide Support (mismatches)" default_off="mismatch">
+<ruleset name="Provide Support (mismatches)" default_off="mismatched">
 
 	<target host="providesupport.cn" />
 	<target host="www.providesupport.cn" />
@@ -12,7 +12,7 @@
 	<target host="www.providesupport.ru" />
 
 
-	<rule from="^https?://(?:www\.)?providesupport\.(\w\w)/s/"
+	<rule from="^http://(?:www\.)?providesupport\.(\w\w)/s/"
 		to="https://providesupport.$1/s/"/>
 
 </ruleset>
diff --git a/src/chrome/content/rules/Provide-Support.xml b/src/chrome/content/rules/Provide-Support.xml
index 9826c382f63b..dc299e758204 100644
--- a/src/chrome/content/rules/Provide-Support.xml
+++ b/src/chrome/content/rules/Provide-Support.xml
@@ -2,24 +2,62 @@
 	For problematic rules, see Provide-Support-mismatches.xml.
 
 
-	Nonfunctional subdomains:
+	Insecure cookies are set for these domains: ᶜ
 
-		- messenger	(redirects to http, valid cert)
+		- .providesupport.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="Provide Support (partial)">
+<ruleset name="Provide Support.com (partial)">
 
 	<target host="providesupport.com" />
-	<target host="*.providesupport.com" />
-
-
-	<securecookie host="^image\.providesupport\.com$" name=".*" />
-
-
-	<rule from="^http://((?:admin2|image|messenger\d)\.)?providesupport\.com/"
-		to="https://$1providesupport.com/" />
-
-	<rule from="^http://www\.providesupport\.com/s/"
-		to="https://www.providesupport.com/s/" />
+	<target host="admin1.providesupport.com" />
+	<target host="admin2.providesupport.com" />
+	<target host="admin3.providesupport.com" />
+	<target host="admin4.providesupport.com" />
+	<target host="image.providesupport.com" />
+	<target host="messenger.providesupport.com" />
+	<target host="messenger1.providesupport.com" />
+	<target host="messenger2.providesupport.com" />
+	<target host="messenger3.providesupport.com" />
+	<target host="messenger4.providesupport.com" />
+	<target host="www.providesupport.com" />
+
+		<!--	Redirect to http:
+						-->
+		<!--exclusion pattern="^http://www\.providesupport\.com/(?:$|password-recovery-form\.html|signup/index\.html)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.providesupport\.com/(?!s/|view/my-account/affiliate/referrals(?:$|\?))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.providesupport.com/downloads/index.html" />
+			<test url="http://www.providesupport.com/manual/index.html" />
+			<test url="http://www.providesupport.com/password-recovery-form.html" />
+			<test url="http://www.providesupport.com/signup/index.html" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.providesupport.com/s/9co5z1/root/images/flags/default-flag.png" />
+			<test url="http://www.providesupport.com/view/my-account/affiliate/referrals" />
+
+		<test url="http://messenger.providesupport.com/messenger/djoser.html" />
+		<test url="http://messenger3.providesupport.com/view/module/network/check-frame.html" />
+		<test url="http://messenger3.providesupport.com/view/module/network/send-frame.html" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.providesupport\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^image\." name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/ProxFree.com.xml b/src/chrome/content/rules/ProxFree.com.xml
new file mode 100644
index 000000000000..1984d0d7d1e6
--- /dev/null
+++ b/src/chrome/content/rules/ProxFree.com.xml
@@ -0,0 +1,35 @@
+<!--
+	Fully covered hosts in *proxfree.com:
+
+		- (www.)?
+		- m
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .proxfree.com
+		- m.proxfree.com
+		- www.proxfree.com
+
+-->
+<ruleset name="ProxFree.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="proxfree.com" />
+	<target host="m.proxfree.com" />
+	<target host="www.proxfree.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.proxfree\.com$" name="^token$" /-->
+	<!--securecookie host="^(m|www)\.proxfree\.com$" name="^s$" /-->
+
+	<securecookie host="^(?:m|www)?\.proxfree\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Proxer.me.xml b/src/chrome/content/rules/Proxer.me.xml
new file mode 100644
index 000000000000..e3403a12248d
--- /dev/null
+++ b/src/chrome/content/rules/Proxer.me.xml
@@ -0,0 +1,22 @@
+<!--	non-functional domains
+	 - stream.proxer.me (selfsigned)
+	 - s*.stream.proxer.me (refused)
+-->
+
+<ruleset name="Proxer.me">
+	<target host="proxer.me" />
+	<target host="www.proxer.me" />
+ 	<target host="analytics.proxer.me" />
+	<target host="cdn.proxer.me" />
+	<target host="upload.proxer.me" />
+<!--
+	Amazon shop integration broken by mixed content blocking
+									-->
+	<exclusion pattern="^http://proxer\.me/ashop" />
+
+	<securecookie host="^(.*\.)?proxer\.me$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+	<test url="http://proxer.me/ashop" />
+</ruleset>
diff --git a/src/chrome/content/rules/Proxifier.com.xml b/src/chrome/content/rules/Proxifier.com.xml
new file mode 100644
index 000000000000..bdce853f5bc1
--- /dev/null
+++ b/src/chrome/content/rules/Proxifier.com.xml
@@ -0,0 +1,12 @@
+<!--
+	Mismatched:
+		- ipv6
+		- new
+-->
+<ruleset name="Proxifier.com">
+	<target host="proxifier.com" />
+	<target host="www.proxifier.com" />
+	<target host="support.proxifier.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Proxify.xml b/src/chrome/content/rules/Proxify.xml
index 9cef845692c0..954795fbd1bc 100644
--- a/src/chrome/content/rules/Proxify.xml
+++ b/src/chrome/content/rules/Proxify.xml
@@ -3,9 +3,8 @@
 	<target host="proxify.com"/>
 	<target host="www.proxify.com"/>
 
-	<securecookie host="^(.*\.)?proxify\.com$" name=".*"/>
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(www\.)?proxify\.com/"
-		to="https://$1proxify.com/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Proxmox.com.xml b/src/chrome/content/rules/Proxmox.com.xml
new file mode 100644
index 000000000000..dd08d2b2d631
--- /dev/null
+++ b/src/chrome/content/rules/Proxmox.com.xml
@@ -0,0 +1,25 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://proxmox.com/ => https://proxmox.com/: (51, "SSL: no alternative certificate subject name matches target host name 'proxmox.com'")
+
+-->
+<ruleset name="Proxmox.com" default_off="failed ruleset test">
+
+	<target host="proxmox.com" />
+	<target host="forum.proxmox.com" />
+	<target host="pve.proxmox.com" />
+	<target host="www.proxmox.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^forum\.proxmox\.com$" name="^(PHPSESSID|bb_sessionhash)$" /-->
+	<!--securecookie host="^(www\.)?proxmox\.com$" name="^[\da-f]{32}$" /-->
+
+	<securecookie host="^(?:forum\.|www\.)?proxmox\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Proxy.org.xml b/src/chrome/content/rules/Proxy.org.xml
index 3fab70ab1508..3ec3c3d4bfae 100644
--- a/src/chrome/content/rules/Proxy.org.xml
+++ b/src/chrome/content/rules/Proxy.org.xml
@@ -1,28 +1,14 @@
-<!--
-	Fully covered subdomains:
-
-		- (www.)
-		- helpdesk
-
-
-	Mixed content:
-
-		- Images from ^proxy.org *
-
-	* Secured by us, doesn't trip MCB anyway
-
--->
-<ruleset name="Proxy.org">
-
-	<target host="proxy.org"/>
-	<target host="*.proxy.org"/>
-
-	<!--	encountered:
-			- proxy.org
-			- .proxy.org		-->
-	<securecookie host="^(.*\.)?proxy\.org$" name=".*"/>
-
-	<rule from="^http://(helpdesk\.|www\.)?proxy\.org/"
-		to="https://$1proxy.org/"/>
-
-</ruleset>
+<ruleset name="Proxy.org">
+
+	<target host="proxy.org" />
+	<target host="helpdesk.proxy.org" />
+	<target host="www.proxy.org" />
+
+	<!--	encountered:
+			- proxy.org
+			- .proxy.org		-->
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Proxy.sh.xml b/src/chrome/content/rules/Proxy.sh.xml
index 86f18c60e482..13d84e9b5e00 100644
--- a/src/chrome/content/rules/Proxy.sh.xml
+++ b/src/chrome/content/rules/Proxy.sh.xml
@@ -1,16 +1,15 @@
 <ruleset name="Proxy.sh">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="proxy.sh" />
 	<target host="www.proxy.sh" />
-
+	<target host="paste.proxy.sh" />
 
 	<securecookie host="^proxy\.sh$" name=".+" />
 
 
-	<!--	www redirects to ^ over http,
-		so copy that behavior:
-					-->
-	<rule from="^http://(?:www\.)?proxy\.sh/"
-		to="https://proxy.sh/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/ProxySite.com.xml b/src/chrome/content/rules/ProxySite.com.xml
new file mode 100644
index 000000000000..98b800743280
--- /dev/null
+++ b/src/chrome/content/rules/ProxySite.com.xml
@@ -0,0 +1,54 @@
+
+<!--
+	Invalid Certificate:
+		- proxysite.com
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .proxysite.com
+		- www.proxysite.com
+
+-->
+<ruleset name="ProxySite.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="proxysite.com" />
+	<target host="www.proxysite.com" />
+	<target host="eu0.proxysite.com" />
+	<target host="eu1.proxysite.com" />
+	<target host="eu2.proxysite.com" />
+	<target host="eu3.proxysite.com" />
+	<target host="eu4.proxysite.com" />
+	<target host="eu5.proxysite.com" />
+	<target host="eu6.proxysite.com" />
+	<target host="us1.proxysite.com" />
+	<target host="us2.proxysite.com" />
+	<target host="us3.proxysite.com" />
+	<target host="us4.proxysite.com" />
+	<target host="us5.proxysite.com" />
+	<target host="us6.proxysite.com" />
+	<target host="us7.proxysite.com" />
+	<target host="us8.proxysite.com" />
+	<target host="us9.proxysite.com" />
+	<target host="us10.proxysite.com" />
+	<target host="us11.proxysite.com" />
+	<target host="us12.proxysite.com" />
+	<target host="us13.proxysite.com" />
+	<target host="us14.proxysite.com" />
+	<target host="us15.proxysite.com" />
+	<target host="us16.proxysite.com" />
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.proxysite\.com$" name="^(__cfduid|cf_clearance)$" /-->
+	<!--securecookie host="^www\.proxysite\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^(?:www)?\.proxysite\.com$" name=".+" />
+
+	<rule from="^http://proxysite\.com/" to="https://www.proxysite.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Proxy_Solutions.xml b/src/chrome/content/rules/Proxy_Solutions.xml
index f9b649cb4365..65aeaa414c93 100644
--- a/src/chrome/content/rules/Proxy_Solutions.xml
+++ b/src/chrome/content/rules/Proxy_Solutions.xml
@@ -1,14 +1,52 @@
 <!--
 	Some pages redirect to http.
 
+
+	Insecure cookies are set for these hosts:
+
+		- www.proxysolutions.net
+
 -->
-<ruleset name="Proxy Solutions (partial)">
+<ruleset name="Proxy Solutions.net (partial)">
 
 	<target host="proxysolutions.net" />
 	<target host="www.proxysolutions.net" />
+		<!--
+			Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.proxysolutions\.net/($|support-center/)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.proxysolutions\.net/+(?!(?:affiliates|proxy-services|support|your-proxy-account)(?:$|[?/])|favicon\.ico|images/|ref/|wp-content/|wp-content/)" />
+
+			<test url="http://www.proxysolutions.net/contact/" />
+			<test url="http://www.proxysolutions.net/proxy-news/" />
+			<test url="http://www.proxysolutions.net/proxy-news/technology-news/cisco-announces-intentions-to-purchase-neophasis/" />
+			<test url="http://www.proxysolutions.net/proxy-news/technology-news/the-best-form-of-web-application-security-scans/" />
+			<test url="http://www.proxysolutions.net/sitemap" />
+			<test url="http://www.proxysolutions.net/support-center/" />
+			<test url="http://www.proxysolutions.net/support-center/configuration-guides/" />
+			<test url="http://www.proxysolutions.net/support-center/faq/" />
+			<test url="http://www.proxysolutions.net/support-center/knowledge-base/subscription-management/cancel/" />
+			<test url="http://www.proxysolutions.net/support-center/vpn-client/" />
+			<test url="http://www.proxysolutions.net/support-center/vpn-configuration-guides/" />
+			<test url="http://www.proxysolutions.net/support-center/vpn-configuration-guides/macos-vpn/" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.proxysolutions.net/affiliates/scripts/click.php" />
+			<test url="http://www.proxysolutions.net/wp-content/themes/proxy/style.css" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.proxysolutions\.net$" name="^PAPVisitorId$" /-->
+
+	<securecookie host="^www\.proxysolutions\.net$" name="^PAPVisitorId$" />
 
 
-	<rule from="^http://(www\.)?proxysolutions\.com/((?:affiliates|proxy-services|support|your-proxy-account)(?:$|\?|/)|images/|wp-content/)"
-		to="https://$1proxysolutions.com/$2" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/PrudentBear.xml b/src/chrome/content/rules/PrudentBear.xml
index f7ffc7d0df9a..691a2a8ca119 100644
--- a/src/chrome/content/rules/PrudentBear.xml
+++ b/src/chrome/content/rules/PrudentBear.xml
@@ -1,14 +1,18 @@
-<ruleset name="PrudentBear" default_off="expired">
+<!--
+	(www.)?: Reset
+
+-->
+<ruleset name="PrudentBear" default_off="connection reset">
 
 	<target host="prudentbear.com" />
 	<target host="www.prudentbear.com" />
 
 
-	<securecookie host="^www\.prudentbear\.com$" name=".*" />
+	<securecookie host="^www\.prudentbear\.com$" name=".+" />
 
 
 	<!--	Cert only matches www.	-->
-	<rule from="^https?://(?:www\.)?prudentbear\.com/"
+	<rule from="^http://(?:www\.)?prudentbear\.com/"
 		to="https://www.prudentbear.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/PrxBx.com.xml b/src/chrome/content/rules/PrxBx.com.xml
new file mode 100644
index 000000000000..ce43077b6eb6
--- /dev/null
+++ b/src/chrome/content/rules/PrxBx.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="PrxBx.com">
+	<target host="prxbx.com" />
+	<target host="www.prxbx.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Prxy.com.xml b/src/chrome/content/rules/Prxy.com.xml
new file mode 100644
index 000000000000..20cf9ad43ae9
--- /dev/null
+++ b/src/chrome/content/rules/Prxy.com.xml
@@ -0,0 +1,33 @@
+<!--
+	Other prxy rulesets:
+
+		- Srvv.net.xml
+
+
+	^: Dropped
+	www: Provides no cert chain
+
+
+	Insecure cookies are set for these domains:
+
+		- .prxy.com
+
+-->
+<ruleset name="prxy.com" default_off="cert-chain">
+
+	<target host="prxy.com" />
+
+	<target host="www.prxy.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.prxy\.com$" name="^(PHPSESSID|cartId|uip)$" /-->
+
+	<securecookie host="^\.prxy\.com$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?prxy\.com/"
+		to="https://www.prxy.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Psbank.ru.xml b/src/chrome/content/rules/Psbank.ru.xml
new file mode 100644
index 000000000000..812d580ac768
--- /dev/null
+++ b/src/chrome/content/rules/Psbank.ru.xml
@@ -0,0 +1,172 @@
+<!--
+abakanmx.psbank.ru ²
+am.psbank.ru ³
+asa-vpn-smir.psbank.ru ⁴
+asa-vpn-test.psbank.ru ³
+barnaulmx.psbank.ru ³
+belgorodmx.psbank.ru ²
+bryanskmx.psbank.ru ²
+www.cards.psbank.ru ¹
+carrier.psbank.ru ³
+chelyabinskmx.psbank.ru ³
+chitamx.psbank.ru ²
+corporate.psbank.ru ³
+www.credit.psbank.ru ¹
+dbocb-test.psbank.ru ³
+www.discount.psbank.ru ¹
+ftp.psbank.ru ³
+fw.psbank.ru ³
+geo-test.psbank.ru ³
+gold.psbank.ru ⁴
+gw.psbank.ru ³
+info.psbank.ru ³
+www.info.psbank.ru ¹
+interweb.psbank.ru ³
+irkutskmx.psbank.ru ³
+ivanovomx.psbank.ru ³
+izhevskmx.psbank.ru ³
+kaliningradmx.psbank.ru ³
+kemerovomx.psbank.ru ³
+khabarovskmx.psbank.ru ²
+kirovmx.psbank.ru ³
+krasnodarmx.psbank.ru ²
+krasnoyarskmx.psbank.ru ³
+monoapp-test.psbank.ru ³
+mx.psbank.ru ³
+mx1.psbank.ru ³
+mx2.psbank.ru ³
+mycard.psbank.ru ¹
+www.mycard.psbank.ru ¹
+nnovgorodmx.psbank.ru ³
+ns1.psbank.ru ³
+ns2.psbank.ru ³
+nskmx.psbank.ru ³
+omskmx.psbank.ru ²
+orangenewyear.psbank.ru ¹
+penzamx.psbank.ru ²
+permmx.psbank.ru ³
+pinguin.psbank.ru ³
+pskovmx.psbank.ru ³
+quik.psbank.ru ²
+relay.psbank.ru ³
+relay-lotus.psbank.ru ³
+rostovmx.psbank.ru ³
+rs.psbank.ru ³
+ryazanmx.psbank.ru ³
+samaramx.psbank.ru ²
+samegate.psbank.ru ³
+sapdisp.psbank.ru ³
+saprouter.psbank.ru ³
+saratovmx.psbank.ru ³
+shoppingcard.psbank.ru ¹
+smolenskmx.psbank.ru ³
+maxwell.spb.psbank.ru ³
+spbmx.spb.psbank.ru ³
+spbmx.psbank.ru ³
+spbmx2.psbank.ru ³
+srelay.psbank.ru ³
+stavropolmx.psbank.ru ³
+store.psbank.ru ³
+tambovmx.psbank.ru ³
+terran.psbank.ru ³
+tomskgw.psbank.ru ³
+tomskmx.psbank.ru ³
+tulamx.psbank.ru ²
+tvermx.psbank.ru ²
+tyumenmx.psbank.ru ²
+ufamx.psbank.ru ²
+ulanudemx.psbank.ru ²
+www.visachampions.psbank.ru ¹
+www.vklad.psbank.ru ¹
+vladikmx.psbank.ru ³
+vladimir.psbank.ru ³
+gw.vladimir.psbank.ru ⁴
+kb.vladimir.psbank.ru ⁴
+ns1.vladimir.psbank.ru ⁴
+vnovgorodmx.psbank.ru ²
+volgogradmx.psbank.ru ³
+vologdamx.psbank.ru ³
+voronezhmx.psbank.ru ²
+wizard.psbank.ru ³
+clbnk.yaroslavl.psbank.ru ²
+yaroslavlmx.psbank.ru ²
+zerg.psbank.ru ³
+cert.psbank.ru different content
+nnov.psbank.ru different content
+novgorod.psbank.ru different content
+omsk.psbank.ru different content
+perm.psbank.ru different content
+ryazan.psbank.ru different content
+samara.psbank.ru different content
+
+
+¹ mismatch
+² refused
+³ timed out
+⁴ self signed
+-->
+<ruleset name="psbank.ru">
+	<target host="psbank.ru" />
+	<target host="www.psbank.ru" />
+	<target host="1.psbank.ru" />
+	<target host="abakan.psbank.ru" />
+	<target host="astrakhan.psbank.ru" />
+	<target host="barnaul.psbank.ru" />
+	<target host="belgorod.psbank.ru" />
+	<target host="blg.psbank.ru" />
+	<target host="business.psbank.ru" />
+	<target host="cards.psbank.ru" />
+	<target host="cheboksary.psbank.ru" />
+	<target host="chelyabinsk.psbank.ru" />
+	<target host="chita.psbank.ru" />
+	<target host="credit.psbank.ru" />
+	<target host="cyprus.psbank.ru" />
+	<target host="discount.psbank.ru" />
+	<target host="f1.psbank.ru" />
+	<target host="fc.psbank.ru" />
+	<target host="geo.psbank.ru" />
+	<target host="habarovsk.psbank.ru" />
+	<target host="ib.psbank.ru" />
+	<target host="irkutsk.psbank.ru" />
+	<target host="ivanovo.psbank.ru" />
+	<target host="izhevsk.psbank.ru" />
+	<target host="kaliningrad.psbank.ru" />
+	<target host="kazan.psbank.ru" />
+	<target host="kemerovo.psbank.ru" />
+	<target host="khmao.psbank.ru" />
+	<target host="kirov.psbank.ru" />
+	<target host="kostroma.psbank.ru" />
+	<target host="krasnodar.psbank.ru" />
+	<target host="krasnoyarsk.psbank.ru" />
+	<target host="lipetsk.psbank.ru" />
+	<target host="maykop.psbank.ru" />
+	<target host="mir-skidok.psbank.ru" />
+	<target host="www.mir-skidok.psbank.ru" />
+	<target host="mm.psbank.ru" />
+	<target host="mmail.psbank.ru" />
+	<target host="monoapp.psbank.ru" />
+	<target host="msb.psbank.ru" />
+	<target host="murmansk.psbank.ru" />
+	<target host="newbusiness.psbank.ru" />
+	<target host="pfm.psbank.ru" />
+	<target host="pskov.psbank.ru" />
+	<target host="pyatigorsk.psbank.ru" />
+	<target host="quality.psbank.ru" />
+	<target host="saratov.psbank.ru" />
+	<target host="skipass.psbank.ru" />
+	<target host="spb.psbank.ru" />
+	<target host="syktyvkar.psbank.ru" />
+	<target host="tambov.psbank.ru" />
+	<target host="tomsk.psbank.ru" />
+	<target host="tyumen.psbank.ru" />
+	<target host="ufa.psbank.ru" />
+	<target host="uude.psbank.ru" />
+	<target host="visachampions.psbank.ru" />
+	<target host="volgograd.psbank.ru" />
+	<target host="voronezh.psbank.ru" />
+	<target host="yanao.psbank.ru" />
+	<target host="yaroslavl.psbank.ru" />
+	<target host="yola.psbank.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Pseudo-flaw.net.xml b/src/chrome/content/rules/Pseudo-flaw.net.xml
deleted file mode 100644
index 4ec98b447995..000000000000
--- a/src/chrome/content/rules/Pseudo-flaw.net.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<ruleset name="pseudo-flaw.net" default_off="mismatch">
-
-	<!--	Cert: *.netfirms.com	-->
-	<target host="pseudo-flaw.net" />
-	<target host="www.pseudo-flaw.net" />
-
-
-	<rule from="^https?://(?:www\.)?pseudo-flaw\.net/"
-		to="https://pseudo-flaw.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Pso-vertrieb.de.xml b/src/chrome/content/rules/Pso-vertrieb.de.xml
new file mode 100644
index 000000000000..a17e87d71572
--- /dev/null
+++ b/src/chrome/content/rules/Pso-vertrieb.de.xml
@@ -0,0 +1,20 @@
+<!--
+	(www.)?pso-vertrieb.de: Refused
+
+
+	These altnames don't exist:
+
+		- www.piwik.pso-vertrieb.de
+
+-->
+<ruleset name="pso-vertrieb.de (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="piwik.pso-vertrieb.de" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Pss.sk.xml b/src/chrome/content/rules/Pss.sk.xml
new file mode 100644
index 000000000000..06a722419bab
--- /dev/null
+++ b/src/chrome/content/rules/Pss.sk.xml
@@ -0,0 +1,8 @@
+<ruleset name="Pss.sk">
+  <target host="pss.sk" />
+  <target host="www.pss.sk" />
+  <target host="moja.pss.sk" />
+
+  <rule from="^http://(?:www\.)?pss\.sk/" to="https://www.pss.sk/" />
+  <rule from="^http://moja\.pss\.sk/" to="https://moja.pss.sk/" />
+</ruleset>
diff --git a/src/chrome/content/rules/Pstatic.net.xml b/src/chrome/content/rules/Pstatic.net.xml
new file mode 100644
index 000000000000..e4bd008b7866
--- /dev/null
+++ b/src/chrome/content/rules/Pstatic.net.xml
@@ -0,0 +1,15 @@
+<!--
+	For other Naver Corporation coverage, see Naver_Corp.com.xml.
+
+-->
+<ruleset name="pstatic.net" platform="mixedcontent">
+
+	<target host="ssl.pstatic.net" />
+
+		<test url="http://ssl.pstatic.net/static/common/footer/bu_bar.gif" /><!--	44 -->
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PsychologicalScience.org.xml b/src/chrome/content/rules/PsychologicalScience.org.xml
new file mode 100644
index 000000000000..81232ddc9eb9
--- /dev/null
+++ b/src/chrome/content/rules/PsychologicalScience.org.xml
@@ -0,0 +1,19 @@
+<!--
+	No working URL known:
+		dev.psychologicalscience.org
+
+-->
+<ruleset name="PsychologicalScience.org">
+
+	<target host="psychologicalscience.org" />
+	<target host="www.psychologicalscience.org" />
+	<target host="aps.psychologicalscience.org" />
+	<target host="exchange.psychologicalscience.org" />
+	<target host="icps.psychologicalscience.org" />
+
+	<securecookie host="^.+\.psychologicalscience\.org$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Psychology-Tools.com.xml b/src/chrome/content/rules/Psychology-Tools.com.xml
new file mode 100644
index 000000000000..f311ee1268fd
--- /dev/null
+++ b/src/chrome/content/rules/Psychology-Tools.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="Psychology-Tools.com">
+	<target host="psychology-tools.com" />
+	<target host="www.psychology-tools.com" />
+	<target host="amp.psychology-tools.com" />
+	<target host="beta.psychology-tools.com" />
+	<target host="lamp.psychology-tools.com" />
+	<target host="lamp-sf02.psychology-tools.com" />
+	<target host="sf02-beta.psychology-tools.com" />
+	<target host="sf02-floating.psychology-tools.com" />
+	<target host="tumblr.psychology-tools.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Psychology_Today.xml b/src/chrome/content/rules/Psychology_Today.xml
index 4ab227796597..45903f1679b9 100644
--- a/src/chrome/content/rules/Psychology_Today.xml
+++ b/src/chrome/content/rules/Psychology_Today.xml
@@ -1,37 +1,19 @@
-<!--
-	Partially covered subdomains:
-
-		- (www.)
-
-			- redirects to my
-			- pages then redirect back to http
-
-
-	Fully covered subdomains:
-
-		- rsrc *
-		- rsrc2 *
-
-	* Same as for (www.), but serves no pages
-
-
-
--->
-<ruleset name="Psychology Today (partial)">
+<ruleset name="Psychology Today.com">
 
 	<target host="psychologytoday.com" />
-	<target host="*.psychologytoday.com" />
-
+	<target host="cdn.psychologytoday.com" />
+	<target host="my.psychologytoday.com" />
+	<target host="rsrc.psychologytoday.com" />
+	<target host="rsrc2.psychologytoday.com" />
+	<target host="therapists.psychologytoday.com" />
+	<target host="www.psychologytoday.com" />
 
-	<!--	Tracking cookies:
-					-->
-	<securecookie host="^\.psychologytoday\.com$" name="^__utm\w$" />
 
+	<securecookie host="^\." name="^__utm" />
+	<securecookie host="^\w" name=".+" />
 
-	<rule from="^http://(?:rsrc2?\.|www\.)?psychologytoday\.com/(fil|imag|sit)es/"
-		to="https://my.psychologytoday.com/$1es/" />
 
-	<rule from="^http://(my|trak)\.psychologytoday\.com/"
-		to="https://$1.psychologytoday.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Pt_engine.jp.xml b/src/chrome/content/rules/Pt_engine.jp.xml
index 5a0777b040aa..a6260b6cd46b 100644
--- a/src/chrome/content/rules/Pt_engine.jp.xml
+++ b/src/chrome/content/rules/Pt_engine.jp.xml
@@ -9,7 +9,6 @@
 	<target host="js.ptengine.jp" />
 
 
-	<rule from="^http://js\.ptengine\.jp/"
-		to="https://js.ptengine.jp/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Pthree.org.xml b/src/chrome/content/rules/Pthree.org.xml
new file mode 100644
index 000000000000..0dd82cf953e3
--- /dev/null
+++ b/src/chrome/content/rules/Pthree.org.xml
@@ -0,0 +1,16 @@
+<!--
+	Invalid certificate:
+		www.pthree.org
+
+-->
+<ruleset name="pthree.org">
+
+	<target host="pthree.org" />
+	<target host="www.pthree.org" />
+
+	<securecookie host="^pthree\.org$" name=".+" />
+
+	<rule from="^http://(www\.)?pthree\.org/"
+		to="https://pthree.org/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ptpimg.me.xml b/src/chrome/content/rules/Ptpimg.me.xml
index 6cf39d04aedc..233311ae1497 100644
--- a/src/chrome/content/rules/Ptpimg.me.xml
+++ b/src/chrome/content/rules/Ptpimg.me.xml
@@ -1,7 +1,7 @@
 <ruleset name="Ptpimg.me">
-    <target host="*.ptpimg.me" />
+    <target host="www.ptpimg.me" />
     <target host="ptpimg.me" />
 
-    <rule from="^http://(www\.)?ptpimg\.me/" to="https://ptpimg.me/" />
+    <rule from="^http://(?:www\.)?ptpimg\.me/" to="https://ptpimg.me/" />
 </ruleset>
 
diff --git a/src/chrome/content/rules/Ptt.cc.xml b/src/chrome/content/rules/Ptt.cc.xml
new file mode 100644
index 000000000000..1d1db0ee2a74
--- /dev/null
+++ b/src/chrome/content/rules/Ptt.cc.xml
@@ -0,0 +1,20 @@
+<!--
+	Invalid certificate:
+		news.ptt.cc
+		pcman.ptt.cc
+
+	Secure connection failed:
+		ptt.cc
+
+-->
+<ruleset name="Ptt.cc">
+	<target host="www.ptt.cc" />
+	<target host="images.ptt.cc" />
+		<test url="http://images.ptt.cc/bg6.gif" />
+	<target host="mrtg.ptt.cc" />
+	<target host="ptt20.ptt.cc" />
+	<target host="term.ptt.cc" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PubGears.com.xml b/src/chrome/content/rules/PubGears.com.xml
deleted file mode 100644
index 576a3b24bbeb..000000000000
--- a/src/chrome/content/rules/PubGears.com.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.) *
-		- tags *
-
-	* Refused
-
--->
-<ruleset name="PubGears.com (partial)">
-
-	<target host="ox-d.pubgears.com" />
-
-
-	<securecookie host="^ox-d\.pubgears\.com$" name=".+" />
-
-
-	<rule from="^http://ox-d\.pubgears\.com/"
-		to="https://ox-d.pubgears.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/PubMatic.xml b/src/chrome/content/rules/PubMatic.xml
index 262fbe28bb47..d8da7ffbe549 100644
--- a/src/chrome/content/rules/PubMatic.xml
+++ b/src/chrome/content/rules/PubMatic.xml
@@ -11,23 +11,48 @@
 
 	Fully covered subdomains:
 
+		- ads
+		- aktrack
+		- apps
 		- image[24]	(→ simage[24])
+		- origin
 		- simage[24]
 
+
+	Insecure cookies are set for these domains:
+
+		- .pubmatic.com
+
 -->
-<ruleset name="PubMatic (partial)">
+<ruleset name="PubMatic.com (partial)">
 
-	<target host="*.pubmatic.com" />
+	<!--	Direct rewrites:
+				-->
+	<target host="ads.pubmatic.com" />
+	<target host="aktrack.pubmatic.com" />
+	<target host="apps.pubmatic.com" />
+	<target host="origin.pubmatic.com" />
+	<target host="simage2.pubmatic.com" />
+	<target host="simage4.pubmatic.com" />
 
+	<!--	Complications:
+				-->
+	<target host="image2.pubmatic.com" />
+	<target host="image4.pubmatic.com" />
 
-	<securecookie host="^.*\.pubmatic\.com$" name=".+" />
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.pubmatic\.com$" name="^(KRTBCOOKIE_\d+|PUBMDCID|PUBRETARGET)$" /-->
+
+	<securecookie host=".+" name=".+"/>
 
-	<!--	ads & simage4: included on 3rd-party websites.	-->
-	<rule from="^http://(ads|apps|origin|simage[24])\.pubmatic\.com/"
-		to="https://$1.pubmatic.com/" />
 
 	<rule from="^http://image(2|4)\.pubmatic\.com/"
 		to="https://simage$1.pubmatic.com/" />
 
+	<!--	ads & simage4: included on 3rd-party websites.	-->
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/PubMed.gov.xml b/src/chrome/content/rules/PubMed.gov.xml
new file mode 100644
index 000000000000..07b53c07ac3c
--- /dev/null
+++ b/src/chrome/content/rules/PubMed.gov.xml
@@ -0,0 +1,16 @@
+<!--
+
+-->
+<ruleset name="PubMed.gov">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="pubmed.gov" />
+	<target host="static.pubmed.gov" />
+	<target host="www.pubmed.gov" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PubNub.xml b/src/chrome/content/rules/PubNub.xml
index 9c774270d1d5..9e6767ba3446 100644
--- a/src/chrome/content/rules/PubNub.xml
+++ b/src/chrome/content/rules/PubNub.xml
@@ -45,4 +45,4 @@
 	<rule from="^http://(?:www\.)?help\.pubnub\.com/"
 		to="https://help.pubnub.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/PubPeer.com.xml b/src/chrome/content/rules/PubPeer.com.xml
new file mode 100644
index 000000000000..237de48d765d
--- /dev/null
+++ b/src/chrome/content/rules/PubPeer.com.xml
@@ -0,0 +1,27 @@
+<!--
+	Invalid certificate:
+		blog.pubpeer.com
+
+	No working URL known:
+		dev.pubpeer.com (401)
+
+	Insecure cookies are set for these hosts:
+		pubpeer.com
+		www.pubpeer.com
+
+-->
+<ruleset name="PubPeer.com">
+
+	<target host="pubpeer.com" />
+	<target host="www.pubpeer.com" />
+	<target host="beta.pubpeer.com" />
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?pubpeer\.com$" name="^(PHPSESSID|rgisanonymous|rguserid|rguuid)$" /-->
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PubSoft.org.xml b/src/chrome/content/rules/PubSoft.org.xml
index 4cc57ab2d2f0..ae064ac2fe49 100644
--- a/src/chrome/content/rules/PubSoft.org.xml
+++ b/src/chrome/content/rules/PubSoft.org.xml
@@ -1,9 +1,7 @@
-<ruleset name="PubSoft.org">
-
+<ruleset name="PubSoft.org" default_off="missing certificate chain">
 	<target host="pubsoft.org" />
 	<target host="www.pubsoft.org" />
 
-	<rule from="^http://(www\.)?pubsoft\.org/"
-		to="https://www.pubsoft.org/" />
-
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Pubdirecte.com.xml b/src/chrome/content/rules/Pubdirecte.com.xml
deleted file mode 100644
index 901583a54000..000000000000
--- a/src/chrome/content/rules/Pubdirecte.com.xml
+++ /dev/null
@@ -1,27 +0,0 @@
-<!--
-	 subdomains:
-
-		- (www.)	(mismatched, CN: secure.pubdirecte.com)
-		- static	(refused)
-
-
-	Mixed content:
-
-		- Images on secure from static *
-
-	* Secured by us
-
--->
-<ruleset name="Pubdirecte.com">
-
-	<target host="pubdirecte.com" />
-	<target host="*.pubdirecte.com" />
-
-
-	<securecookie host="^secure\.pubdirecte\.com$" name=".+" />
-
-
-	<rule from="^http://(?:(?:secure|static|www)\.)?pubdirecte\.com/"
-		to="https://secure.pubdirecte.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Publeaks.nl.xml b/src/chrome/content/rules/Publeaks.nl.xml
new file mode 100644
index 000000000000..d877a0aa3d38
--- /dev/null
+++ b/src/chrome/content/rules/Publeaks.nl.xml
@@ -0,0 +1,9 @@
+<ruleset name="Publeaks.nl">
+
+	<target host="publeaks.nl" />
+	<target host="www.publeaks.nl" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Public-Idees.xml b/src/chrome/content/rules/Public-Idees.xml
index a6f89509de73..315bbe90272c 100644
--- a/src/chrome/content/rules/Public-Idees.xml
+++ b/src/chrome/content/rules/Public-Idees.xml
@@ -10,7 +10,6 @@
 	<target host="www.publicidees.com" />
 
 
-	<rule from="^http://(www\.)?publicidees\.com/"
-		to="https://$1publicidees.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Public-Knowledge.xml b/src/chrome/content/rules/Public-Knowledge.xml
new file mode 100644
index 000000000000..62baadefd773
--- /dev/null
+++ b/src/chrome/content/rules/Public-Knowledge.xml
@@ -0,0 +1,9 @@
+<ruleset name="Public Knowledge">
+	<target host="publicknowledge.org" />
+	<target host="www.publicknowledge.org" />
+
+	<securecookie host="(?:^|\.)publicknowledge\.org$" name=".+" />
+
+	<rule from="^http://(?:www\.)?publicknowledge\.org/"
+		to="https://www.publicknowledge.org/" />
+</ruleset>
diff --git a/src/chrome/content/rules/Public-Library-of-Science-mismatches.xml b/src/chrome/content/rules/Public-Library-of-Science-mismatches.xml
deleted file mode 100644
index 0e508c45f939..000000000000
--- a/src/chrome/content/rules/Public-Library-of-Science-mismatches.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	For rules that are on by default, see Public-Library-of-Science.xml
-
--->
-<ruleset name="Public Library of Science (mismatches)" default_off="mismatch">
-
-	<!--	Cert: www.plos.org	-->
-	<target host="blogs.plos.org" />
-
-
-	<!--	Cookies are handled in main ruleset.	-->
-
-
-	<rule from="^http://blogs\.plos\.org/"
-		to="https://blogs.plos.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Public-Library-of-Science.xml b/src/chrome/content/rules/Public-Library-of-Science.xml
index 2dde69bdc161..603928436ca1 100644
--- a/src/chrome/content/rules/Public-Library-of-Science.xml
+++ b/src/chrome/content/rules/Public-Library-of-Science.xml
@@ -1,11 +1,8 @@
 <!--
-	For problematic rules, see Public-Library-of-Science-mismatches.xml
-
+	Public Library of Science
 
 	Nonfunctional:
 
-		- dx.plos.org
-		- hubs.plos.org
 		- (www.)plosbiology.org
 		- (www.)ploscollections.org
 		- (www.)ploscompbiol.org
@@ -17,17 +14,40 @@
 		- (www.)plospathogens.org
 		- (www.)plusone.org
 
+  Refused:
+		alm.plos.org
+		almreports.plos.org
+		api.plos.org
+		asap.plos.org
+		blogs.plos.org
+		collections.plos.org
+		currents.plos.org
+		dx.plos.org (<test url="http://dx.plos.org/10.1371/journal.pbio.0020350" />)
+		journals.plos.org
+		researchnews.plos.org
+
+	Secure connection failed:
+		ecologyfieldreports.plos.org
+		feeds.plos.org
+
+	Private subdomain:
+		vpn.plos.org
+
 -->
-<ruleset name="Public Library of Science (partial)" platform="mixedcontent">
+<ruleset name="PLoS.org (partial)">
 
 	<target host="plos.org" />
-	<target host="*.plos.org" />
-
+	<target host="www.plos.org" />
+	<target host="community.plos.org" />
+	<target host="register.plos.org" />
 
-	<securecookie host="^(.*\.)?plos\.org$" name=".*" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^blogs\.plos\.org$" name="^kpg_stop_spammers_time$" /-->
 
+	<securecookie host="^\." name="^_ga" />
+	<securecookie host="^\w" name=".+" />
 
-	<rule from="^http://(currents\.|register\.|www\.)?plos\.org/"
-		to="https://$1plos.org/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Public.Resource.Org.xml b/src/chrome/content/rules/Public.Resource.Org.xml
index 47812d2bfe27..a25b6f9905e6 100644
--- a/src/chrome/content/rules/Public.Resource.Org.xml
+++ b/src/chrome/content/rules/Public.Resource.Org.xml
@@ -1,39 +1,41 @@
-<!--
-	Problematic domains:
-
-		- fax.org	(dropped)
-
--->
-<ruleset name="Public.Resource.Org">
-
-	<target host="fax.org" />
-	<target host="resource.org"/>
-	<target host="*.resource.org"/>
-	<target host="house.resource.org"/>
-	<target host="www.house.resource.org"/>
-	<target host="law.resource.org"/>
-	<target host="www.law.resource.org"/>
-	<target host="patent.resource.org"/>
-	<target host="www.patent.resource.org"/>
-	<target host="public.resource.org"/>
-	<target host="www.public.resource.org"/>
-	<target host="yeswescan.org"/>
-	<target host="www.yeswescan.org"/>
 
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://bulk.resource.org/ => https://bulk.resource.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://house.resource.org/ => https://house.resource.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://wwlbd.org/ => https://wwlbd.org/: (28, 'Connection timed out after 20000 milliseconds')
 
-	<rule from="^http://fax\.org/"
-		to="https://bit.ly/" />
 
-	<rule from="^http://(www\.)?(public\.)?resource\.org/"
-		to="https://public.resource.org/"/>
+	Unsupported domains:
 
-	<rule from="^http://bulk\.resource\.org/"
-		to="https://bulk.resource.org/" />
+	- resource.org *
+	- patent.resource.org *
+	- www.public.resource.org *
+	- web.resource.org		(cert expired & cert name mismatch)
+	- xml.resource.org *
+	- www.wwlbd.org *
+	- www.yeswescan.org *
+	- yourhonor.org *
+	- www.yourhonor.org *
 
-	<rule from="^http://(www\.)?(house|law|patent)\.resource\.org/"
-		to="https://$2.resource.org/"/>
+	* Cert name mismatch
 
-	<rule from="^http://(www\.)?yeswecan\.org/"
-		to="https://yeswecan.org/"/>
+-->
+<ruleset name="Public.Resource.Org" default_off="failed ruleset test">
+
+	<target host="bulk.resource.org" />
+	<target host="house.resource.org" />
+	<target host="law.resource.org" />
+	<target host="public.resource.org" />
+	<target host="wwlbd.org" />
+	<target host="yeswescan.org" />
+	<target host="www.yeswescan.org" />
+	<target host="yo.yourhonor.org" />
+
+	<rule from="^http://www\.yeswescan\.org/"
+		to="https://yeswescan.org/" />
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/PublicBank.com.hk.xml b/src/chrome/content/rules/PublicBank.com.hk.xml
new file mode 100644
index 000000000000..2b504da043ba
--- /dev/null
+++ b/src/chrome/content/rules/PublicBank.com.hk.xml
@@ -0,0 +1,29 @@
+<!--
+	For other Public Bank coverage, see PBeBank.com.xml
+
+
+	Non-functional subdomains:
+		- $self	(m)
+		- esecurities	(HTTP 404 error)
+		- trace	(HTTP 404 error)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Public Bank Hong Kong">
+
+	<target host="ebank.publicbank.com.hk" />
+	<target host="einsurance.publicbank.com.hk" />
+	<target host="emarketer.publicbank.com.hk" />
+
+  	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PublicCitizen.xml b/src/chrome/content/rules/PublicCitizen.xml
index f9e89a946515..4b9793b3dc3d 100644
--- a/src/chrome/content/rules/PublicCitizen.xml
+++ b/src/chrome/content/rules/PublicCitizen.xml
@@ -3,20 +3,35 @@
 
 		- ^	(cert only matches *.citizen.org)
 
+
+	Observed cookie domains:
+
+		- action *
+
+	* Secured by us <= not secured by server
+
+
+	Mixed content:
+
+		- Web bugs on www from s7.addthis.com *
+
+	* Secured by us
+
 -->
 <ruleset name="Public Citizen">
 
 	<target host="citizen.org" />
-	<target host="*.citizen.org" />
+	<target host="www.citizen.org" />
+	<target host="action.citizen.org" />
+	<target host="secure.citizen.org" />
 
 
-	<securecookie host="^(?:secure|www)\.citizen\.org$" name=".+" />
+	<securecookie host="^(?:action|secure|www)\.citizen\.org$" name=".+" />
 
 
 	<rule from="^http://(?:www\.)?citizen\.org/"
 		to="https://www.citizen.org/" />
 
-	<rule from="^http://(action|secure)\.citizen\.org/"
-		to="https://$1.citizen.org/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PublicDomainReview.org.xml b/src/chrome/content/rules/PublicDomainReview.org.xml
new file mode 100644
index 000000000000..d6ba6cb17b56
--- /dev/null
+++ b/src/chrome/content/rules/PublicDomainReview.org.xml
@@ -0,0 +1,13 @@
+<!--
+	Login required:
+		sendy.publicdomainreview.org
+
+-->
+<ruleset name="PublicDomainReview.org">
+
+	<target host="publicdomainreview.org" />
+	<target host="www.publicdomainreview.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PublicInsightNetwork.org.xml b/src/chrome/content/rules/PublicInsightNetwork.org.xml
index 5f337a62f79f..df15806922b3 100644
--- a/src/chrome/content/rules/PublicInsightNetwork.org.xml
+++ b/src/chrome/content/rules/PublicInsightNetwork.org.xml
@@ -1,4 +1,12 @@
-<ruleset name="PublicInsightNetwork.org">
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://publicinsightnetwork.org/ (200) => https://publicinsightnetwork.org/ (403)
+
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://publicinsightnetwork.org/ (200) => https://publicinsightnetwork.org/ (403)
+-->
+<ruleset name="PublicInsightNetwork.org" default_off="failed ruleset test">
 
 	<target host="publicinsightnetwork.org" />
 	<target host="www.publicinsightnetwork.org" />
@@ -7,7 +15,6 @@
 	<securecookie host="^(?:www\.)?publicinsightnetwork\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?publicinsightnetwork\.org/"
-		to="https://$1publicinsightnetwork.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/PublicIntelligence.net.xml b/src/chrome/content/rules/PublicIntelligence.net.xml
deleted file mode 100644
index edf50da5860f..000000000000
--- a/src/chrome/content/rules/PublicIntelligence.net.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	www: cert only matches ^publicintelligence.net
-
--->
-<ruleset name="Publicintelligence" platform="mixedcontent">
-
-	<target host="publicintelligence.net" />
-	<target host="www.publicintelligence.net" />
-
-
-	<rule from="^http://(?:www\.)?publicintelligence\.net/"
-		to="https://publicintelligence.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/PublicMobile.xml b/src/chrome/content/rules/PublicMobile.xml
new file mode 100644
index 000000000000..44b97006f15c
--- /dev/null
+++ b/src/chrome/content/rules/PublicMobile.xml
@@ -0,0 +1,25 @@
+<!--
+	Unable to get local issuer certificate:
+		activate.publicmobile.ca
+		activer.publicmobile.ca
+		libreservice.publicmobile.ca
+		selfserve.publicmobile.ca
+-->
+
+<ruleset name="Public Mobile">
+	<target host="publicmobile.ca" />
+	<target host="www.publicmobile.ca" />
+	<target host="communaute.publicmobile.ca" />
+	<target host="community.publicmobile.ca" />
+	<target host="magasin.publicmobile.ca" />
+	<target host="productioncommunity.publicmobile.ca" />
+	<target host="store.publicmobile.ca" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://(communaute|community)\.publicmobile\.ca/"
+		to="https://productioncommunity.publicmobile.ca/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PublicMutual.xml b/src/chrome/content/rules/PublicMutual.xml
new file mode 100644
index 000000000000..400c33c1fe77
--- /dev/null
+++ b/src/chrome/content/rules/PublicMutual.xml
@@ -0,0 +1,33 @@
+<!--
+	For other Public Bank coverage, see PBeBank.com.xml
+
+
+	Non-functional subdomains:
+		- publicmutual.com.my	(t)
+		- publicmutualonline.com.my		(HTTP 404 error)
+			- www.lp	(m)
+			- www.pmouat	(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Public Mutual Berhad">
+
+	<target host="publicmutualonline.com.my" />
+	<target host="www.publicmutualonline.com.my" />
+
+  	<securecookie host=".+" name=".+" />
+
+	<!-- HTTP 404 error -->
+	<rule from="^http://publicmutualonline\.com\.my/"
+		to="https://www.publicmutualonline.com.my/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PublicSectorManagementProgram.xml b/src/chrome/content/rules/PublicSectorManagementProgram.xml
new file mode 100644
index 000000000000..fc5a18c5842c
--- /dev/null
+++ b/src/chrome/content/rules/PublicSectorManagementProgram.xml
@@ -0,0 +1,19 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://psmprogram.gov.au/ => https://www.psmprogram.gov.au/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+-->
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://psmprogram.gov.au/ => https://www.psmprogram.gov.au/: Too many redirects while fetching 'https://www.psmprogram.gov.au/'
+
+-->
+<ruleset name="Public Sector Management Program" default_off="failed ruleset test">
+	<target host="psmprogram.gov.au" />
+	<target host="www.psmprogram.gov.au" />
+
+	<rule from="^http://(?:www\.)?psmprogram\.gov\.au/"
+		to="https://www.psmprogram.gov.au/" />
+</ruleset>
diff --git a/src/chrome/content/rules/PublicSectorSuperannuationAccumulationPlan.xml b/src/chrome/content/rules/PublicSectorSuperannuationAccumulationPlan.xml
new file mode 100644
index 000000000000..ac50267921a9
--- /dev/null
+++ b/src/chrome/content/rules/PublicSectorSuperannuationAccumulationPlan.xml
@@ -0,0 +1,7 @@
+<ruleset name="Public Sector Superannuation Accumulation Plan">
+	<target host="pssap.gov.au" />
+	<target host="www.pssap.gov.au" />
+
+	<rule from="^http://(?:www\.)?pssap\.gov\.au/"
+		to="https://www.pssap.gov.au/" />
+</ruleset>
diff --git a/src/chrome/content/rules/PublicSectorSuperannuationScheme.xml b/src/chrome/content/rules/PublicSectorSuperannuationScheme.xml
new file mode 100644
index 000000000000..ec273014aa47
--- /dev/null
+++ b/src/chrome/content/rules/PublicSectorSuperannuationScheme.xml
@@ -0,0 +1,7 @@
+<ruleset name="Public Sector Superannuation Scheme">
+	<target host="pss.gov.au" />
+	<target host="www.pss.gov.au" />
+
+	<rule from="^http://(?:www\.)?pss\.gov\.au/"
+		to="https://www.pss.gov.au/" />
+</ruleset>
diff --git a/src/chrome/content/rules/PublicWWW.com.xml b/src/chrome/content/rules/PublicWWW.com.xml
new file mode 100644
index 000000000000..a84e45b78ba9
--- /dev/null
+++ b/src/chrome/content/rules/PublicWWW.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="PublicWWW.com">
+	<target host="publicwww.com" />
+	<target host="www.publicwww.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Public_Object.com.xml b/src/chrome/content/rules/Public_Object.com.xml
new file mode 100644
index 000000000000..848b5354db8c
--- /dev/null
+++ b/src/chrome/content/rules/Public_Object.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="Public Object.com">
+
+	<target host="publicobject.com" />
+	<target host="www.publicobject.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Public_Whip.xml b/src/chrome/content/rules/Public_Whip.xml
index 12e70b5297c3..866a648febd2 100644
--- a/src/chrome/content/rules/Public_Whip.xml
+++ b/src/chrome/content/rules/Public_Whip.xml
@@ -1,17 +1,23 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://publicwhip.org.uk/ => https://www.publicwhip.org.uk/: (35, 'error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://publicwhip.org.uk/ => https://www.publicwhip.org.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'www.publicwhip.org.uk'")
 	!www doesn't work.
 
 -->
-<ruleset name="The Public Whip">
+<ruleset name="The Public Whip" default_off="failed ruleset test">
 
 	<target host="publicwhip.org.uk" />
-	<target host="*.publicwhip.org.uk" />
+	<target host="www.publicwhip.org.uk" />
 
 
 	<securecookie host="^\.publicwhip\.org\.uk$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?publicwhip\.org\.uk/"
+	<rule from="^http://(?:www\.)?publicwhip\.org\.uk/"
 		to="https://www.publicwhip.org.uk/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Publiekeomroep.nl.xml b/src/chrome/content/rules/Publiekeomroep.nl.xml
new file mode 100644
index 000000000000..d2fe2aed754f
--- /dev/null
+++ b/src/chrome/content/rules/Publiekeomroep.nl.xml
@@ -0,0 +1,35 @@
+<!--
+	(www.): refused
+
+
+	These altnames don't exist:
+
+		- www.cookiesv2.publiekeomroep.nl
+
+-->
+<ruleset name="publiekeomroep.nl (partial)">
+
+	<target host="cookiesv2.publiekeomroep.nl" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^cookiesv2\.publiekeomroep\.nl$" name="^(PHPSESSID|balancer://\w+cluster)$" /-->
+	<!--
+		Note that redirection behavior appears to involve setting
+		npo_cc_version, so be cautious about securing it...:
+									-->
+	<!--securecookie host="^\.cookiesv2\.publiekeomroep\.nl$" name="^(\w+balanceid|npo_cc_version)" /-->
+
+	<securecookie host="^cookiesv2\.publiekeomroep\.nl$" name=".+" />
+	<securecookie host="^\.cookiesv2\.publiekeomroep\.nl$" name="^\w+balanceid$" />
+
+
+	<!--	Redirect keeps path and args:
+						-->
+	<!--rule from="^http://(?:www\.)?publiekeomroep\.nl/+"
+		to="https://www.publiekeomroep.nl/" /-->
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PublikDemand.xml b/src/chrome/content/rules/PublikDemand.xml
index df965df08d73..300370d9f6d5 100644
--- a/src/chrome/content/rules/PublikDemand.xml
+++ b/src/chrome/content/rules/PublikDemand.xml
@@ -1,4 +1,14 @@
-<ruleset name="PublicDemand">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://publikdemand.com/ => https://publikdemand.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.publikdemand.com/ => https://www.publikdemand.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://publikdemand.com/ => https://publikdemand.com/: (6, 'Could not resolve host: publikdemand.com')
+Fetch error: http://www.publikdemand.com/ => https://www.publikdemand.com/: (6, 'Could not resolve host: www.publikdemand.com')
+-->
+<ruleset name="PublicDemand" default_off="failed ruleset test">
 
 	<target host="publikdemand.com" />
 	<target host="www.publikdemand.com" />
@@ -7,7 +17,6 @@
 	<securecookie host="^www\.publikdemand\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?publikdemand\.com/"
-		to="https://$1publikdemand.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Pubservice.com.xml b/src/chrome/content/rules/Pubservice.com.xml
index 366be9a7af69..9bccabb25f16 100644
--- a/src/chrome/content/rules/Pubservice.com.xml
+++ b/src/chrome/content/rules/Pubservice.com.xml
@@ -1,13 +1,26 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- pubservice.com
+		- www.pubservice.com
+
+-->
 <ruleset name="pubservice.com">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="pubservice.com" />
 	<target host="www.pubservice.com" />
 
 
-	<securecookie host="^www\.pubservice\.com$" name=".+" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?pubservice\.com$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^(?:www\.)?pubservice\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?pubservice\.com/"
-		to="https://$1pubservice.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Puhkaeestis.ee.xml b/src/chrome/content/rules/Puhkaeestis.ee.xml
new file mode 100644
index 000000000000..1309e09b9f61
--- /dev/null
+++ b/src/chrome/content/rules/Puhkaeestis.ee.xml
@@ -0,0 +1,28 @@
+<!--
+	^: mismatched
+
+
+	Mixed content:
+
+		- Ads, on www from:
+
+			- camp.visitestonia.com ¹
+			- campaign.visitestonia.com ²
+
+	¹ Not secured by us <= mismatched
+	² Unsecurable <= refused
+
+-->
+<ruleset name="Puhkaeestis.ee">
+
+	<target host="puhkaeestis.ee" />
+	<target host="www.puhkaeestis.ee" />
+	<target host="prelive.puhkaeestis.ee" />
+
+
+	<rule from="^http://(?:www\.)?puhkaeestis\.ee/"
+		to="https://www.puhkaeestis.ee/" />
+
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Pulpix.co.xml b/src/chrome/content/rules/Pulpix.co.xml
new file mode 100644
index 000000000000..30f2f6de614d
--- /dev/null
+++ b/src/chrome/content/rules/Pulpix.co.xml
@@ -0,0 +1,54 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://player.pulpix.co/ => https://player.pulpix.co/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.pulpix.co/ => https://www.pulpix.co/: (7, 'Failed to connect to www.pulpix.co port 443: Connection refused')
+Fetch error: http://pulpix.co/ => https://www.pulpix.co/: (7, 'Failed to connect to www.pulpix.co port 443: Connection refused')
+
+	Problematic hosts in *pulpix.co:
+
+		- ^ *
+
+	* Refused
+
+
+	Fully covered hosts in *pulpix.co:
+
+		- (www.)?	(^ → www)
+		- cdn
+		- player
+
+
+	Insecure cookies are set for these hosts:
+
+		- player.pulpix.co
+		- www.pulpix.co
+
+-->
+<ruleset name="Pulpix.co" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="cdn.pulpix.co" />
+	<target host="player.pulpix.co" />
+	<target host="www.pulpix.co" />
+
+	<!--	Complications:
+				-->
+	<target host="pulpix.co" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(player|www)\.pulpix\.co$" name="^csrftoken$" /-->
+
+	<securecookie host="^(?:player|www)\.pulpix\.co$" name=".+" />
+
+
+	<rule from="^http://pulpix\.co/"
+		to="https://www.pulpix.co/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Pulse.me.xml b/src/chrome/content/rules/Pulse.me.xml
index c296b01973d7..6b33a30ae1c5 100644
--- a/src/chrome/content/rules/Pulse.me.xml
+++ b/src/chrome/content/rules/Pulse.me.xml
@@ -1,6 +1,13 @@
-<ruleset name="Pulse.me">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.pulse.me/ => https://www.pulse.me/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://pulse.me/ => https://www.pulse.me/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="Pulse.me" default_off="failed ruleset test">
   <target host="www.pulse.me" />
   <target host="pulse.me" />
 
-  <rule from="^http://(www\.)?pulse\.me/" to="https://www.pulse.me/"/>
+  <rule from="^http://(?:www\.)?pulse\.me/" to="https://www.pulse.me/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/PulsePoint-mismatches.xml b/src/chrome/content/rules/PulsePoint-mismatches.xml
index eda2e8864d1f..ffda342e9f1c 100644
--- a/src/chrome/content/rules/PulsePoint-mismatches.xml
+++ b/src/chrome/content/rules/PulsePoint-mismatches.xml
@@ -8,14 +8,13 @@
 			- a936.g.akamai.net/...
 
 -->
-<ruleset name="PulsePoint (mismatches)" default_off="mismatch">
+<ruleset name="PulsePoint (mismatches)" default_off="mismatched">
 
 	<!--	Akamai.
 				-->
 	<target host="aperture.displaymarketplace.com" />
 
 
-	<rule from="^http://aperture\.displaymarketplace\.com/"
-		to="https://aperture.displaymarketplace.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/PulsePoint.xml b/src/chrome/content/rules/PulsePoint.xml
index 6ad70cea5c90..5f13c0b16c1a 100644
--- a/src/chrome/content/rules/PulsePoint.xml
+++ b/src/chrome/content/rules/PulsePoint.xml
@@ -1,60 +1,67 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://apertureinsight.com/ => https://apertureinsight.com/: (6, 'Could not resolve host: apertureinsight.com')
+Fetch error: http://www.apertureinsight.com/ => https://www.apertureinsight.com/: (6, 'Could not resolve host: www.apertureinsight.com')
+Fetch error: http://login.stormpost.datranmedia.com/ => https://login.stormpost.datranmedia.com/: (60, 'SSL certificate problem: certificate has expired')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://apertureinsight.com/ => https://apertureinsight.com/: (28, 'Connection timed out after 10000 milliseconds')
+Fetch error: http://www.apertureinsight.com/ => https://www.apertureinsight.com/: (28, 'Connection timed out after 10000 milliseconds')
+
 	Other PulsePoint rulesets:
 
-		- Displaymarketplace.com.xml
+		- Contextweb.com.xml
 
 
 	Nonfunctional domains:
 
-		- (www.)pulsepoint.com
+		- (www.)?nmargin.com ¹
 
--->
-<ruleset name="PulsePoint (partial)">
+	¹ Refused
 
-	<target host="apertureinsight.com" />
-	<target host="www.apertureinsight.com" />
-	<target host="contextweb.com" />
-	<target host="*.contextweb.com" />
-	<target host="login.stormpost.datranmedia.com" />
-	<target host="nmargin.com" />
-	<target host="www.nmargin.com" />
-	<target host="bh.pulsepoint.com" />
 
+	Problematic hosts in *pulsepoint.com:
+
+		- bh ²
+		- insights ᵐ
+
+	² Mismatched
+	ᵐ Mismatched
 
-	<securecookie host="^www\.apertureinsight\.com$" name=".*" />
-	<!--
-		name="^(pb_rtb_ev|V)$"
-					-->
-	<securecookie host="^\.contextweb\.com$" name=".+" />
-	<securecookie host="^login\.stormpost\.datranmedia\.com$" name=".*" />
-	<securecookie host="^nmargin\.com$" name=".*" />
 
+	Insecure cookies are set for these hosts: ᶜ
 
-	<rule from="^http://(www\.)?apertureinsight\.com/"
-		to="https://$1apertureinsight.com/" />
+		- exchange.pulsepoint.com
 
-	<!--	Cert is only valid for *.contextweb.com.	-->
-	<rule from="^http://(?:www\.)?contextweb\.com/"
-		to="https://www.contextweb.com/" />
+	ᶜ See https://owasp.org/index.php/SecureFlag
 
-	<!--	- Cert: *.hubspot.com
-		- Redirects like so.
+-->
+<ruleset name="PulsePoint (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
 				-->
-	<rule from="^http://blog\.contextweb\.com/sellingdesk$"
-		to="https://getsatisfaction.com/contextweb" />
+	<target host="apertureinsight.com" />
+	<target host="www.apertureinsight.com" />
+	<target host="login.stormpost.datranmedia.com" />
+
+	<target host="pulsepoint.com" />
+	<target host="exchange.pulsepoint.com" />
+	<target host="www.pulsepoint.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^exchange\.pulsepoint\.com$" name="^(?:ASP\.NET_SessionId|AspxAutoDetectCookieSupport|[a-z]{10})$" /-->
 
-	<!--	bh & tag: included on 3rd-party websites.	-->
-	<rule from="^http://(bh|exchange|tag)\.contextweb\.com/"
-		to="https://$1.contextweb.com/" />
+	<securecookie host="^www\.apertureinsight\.com$" name=".+" />
+	<securecookie host="^login\.stormpost\.datranmedia\.com$" name=".+" />
 
-	<rule from="^http://login\.stormpost\.datranmedia\.com/"
-		to="https://login.stormpost.datranmedia.com/" />
+	<securecookie host="^\." name="^_ga" />
+	<securecookie host="^exchange\.pulsepoint\.com$" name=".+" />
 
-	<!--	Cert only matches www.	-->
-	<rule from="^http://(?:www\.)?nmargin\.com/"
-		to="https://nmargin.com/" />
 
-	<rule from="^http://bh\.pulsepoint\.com/"
-		to="https://bh.pulsepoint.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Puma.com.xml b/src/chrome/content/rules/Puma.com.xml
index f2285ffdae87..4d5b723ea8ae 100644
--- a/src/chrome/content/rules/Puma.com.xml
+++ b/src/chrome/content/rules/Puma.com.xml
@@ -1,4 +1,16 @@
-<ruleset name="Puma.com" platform="mixedcontent">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.puma.com/ => https://www.puma.com/: (51, "SSL: no alternative certificate subject name matches target host name 'puma.com'")
+Fetch error: http://assets.puma.com/ => https://assets.puma.com/: (6, 'Could not resolve host: assets.puma.com')
+Fetch error: http://is.puma.com/ => https://is.puma.com/: (6, 'Could not resolve host: is.puma.com')
+Fetch error: http://puma.com/ => https://www.puma.com/: (51, "SSL: no alternative certificate subject name matches target host name 'puma.com'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.puma.com/ => https://www.puma.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://puma.com/ => https://www.puma.com/: (60, 'SSL certificate problem: certificate has expired')
+-->
+<ruleset name="Puma.com" platform="mixedcontent" default_off="failed ruleset test">
   <target host="www.puma.com" />
   <target host="assets.puma.com" />
   <target host="is.puma.com" />
diff --git a/src/chrome/content/rules/Pumo.com.tw-falsemixed.xml b/src/chrome/content/rules/Pumo.com.tw-falsemixed.xml
new file mode 100644
index 000000000000..83d522a8a63a
--- /dev/null
+++ b/src/chrome/content/rules/Pumo.com.tw-falsemixed.xml
@@ -0,0 +1,15 @@
+<!--
+	For rules not causing false/broken MCB, see Pumo.com.tw.xml.
+
+-->
+<ruleset name="Pumo.com.tw (false MCB)" platform="mixedcontent">
+
+	<target host="www.pumo.com.tw" />
+
+
+	<securecookie host="^www\.pumo\.com\.tw$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Pumo.com.tw.xml b/src/chrome/content/rules/Pumo.com.tw.xml
new file mode 100644
index 000000000000..7c04c1ef16ff
--- /dev/null
+++ b/src/chrome/content/rules/Pumo.com.tw.xml
@@ -0,0 +1,46 @@
+<!--
+	For rules causing false/broken MCB, see Pumo.com.tw-falsemixed.xml.
+
+
+	Problematic subdomains:
+
+		- webmail *
+
+	* Works; expired, self-signed
+
+
+	^: expired, self-signed, CN: webmail.pumo.com.tw
+
+
+	!www differs from www
+
+
+	Mixed content:
+
+		- css from $self *
+
+		- Images from $self *
+
+		- favicon from $self *
+
+	Secured by us
+
+-->
+<ruleset name="Pumo.com.tw (partial)">
+
+	<target host="www.pumo.com.tw" />
+		<!--
+			Avoid false/broken MCB:
+						-->
+		<!--exclusion pattern="^http://(www\.)?pumo\.com\.tw/+(?!www/+([\w-]+/+)?(css/|favicon\.ico|images/|inc/|top/))" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.pumo\.com\.tw$" name="^JSESSIONID$" /-->
+
+
+	<rule from="^http://www\.pumo\.com\.tw/(?=/*www/+(?:[\w-]+/+)?(?:css/|favicon\.ico|images/|inc/|top/))"
+		to="https://www.pumo.com.tw/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Punterlink.xml b/src/chrome/content/rules/Punterlink.xml
index 1650eab82d7e..cce2d7e7739a 100644
--- a/src/chrome/content/rules/Punterlink.xml
+++ b/src/chrome/content/rules/Punterlink.xml
@@ -1,4 +1,10 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cdn.punterlink.co.uk/ => https://3026-iamnoonesolution.netdna-ssl.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://cdn.punterlink.co.uk/ => https://3026-iamnoonesolution.netdna-ssl.com/: (28, 'Connection timed out after 10000 milliseconds')
 	CDN buckets:
 
 		- 3026.iamnoonesolution.netdna-cdn.com
@@ -15,7 +21,7 @@
 			- Mismatched, CN: *.trappedinsidethecomputer.net
 
 -->
-<ruleset name="Punterlink (partial)">
+<ruleset name="Punterlink (partial)" default_off="failed ruleset test">
 
 	<target host="cdn.punterlink.co.uk" />
 
@@ -23,4 +29,4 @@
 	<rule from="^http://cdn\.punterlink\.co\.uk/"
 		to="https://3026-iamnoonesolution.netdna-ssl.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Puntu.ar.xml b/src/chrome/content/rules/Puntu.ar.xml
new file mode 100644
index 000000000000..62e4eaee2fbc
--- /dev/null
+++ b/src/chrome/content/rules/Puntu.ar.xml
@@ -0,0 +1,37 @@
+<!--
+	For other NIC Argentina coverage, see NIC.Ar.xml.
+
+
+	www: Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- punto.ar
+
+-->
+<ruleset name="Punto.ar">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="punto.ar" />
+
+	<!--	Special cases:
+				-->
+	<target host="www.punto.ar" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^punto\.ar$" name="^(NIC|PHPSESSID)$" /-->
+
+	<securecookie host="^punto\.ar$" name=".+" />
+
+
+	<rule from="^http://www\.punto\.ar/"
+		to="https://punto.ar/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Punycoder.com.xml b/src/chrome/content/rules/Punycoder.com.xml
new file mode 100644
index 000000000000..452084dfe6f8
--- /dev/null
+++ b/src/chrome/content/rules/Punycoder.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="Punycoder.com">
+	<target host="punycoder.com" />
+	<target host="www.punycoder.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Puppet_Labs.xml b/src/chrome/content/rules/Puppet_Labs.xml
index e2386bf76162..ce5920f331b7 100644
--- a/src/chrome/content/rules/Puppet_Labs.xml
+++ b/src/chrome/content/rules/Puppet_Labs.xml
@@ -1,19 +1,60 @@
+
 <!--
-	Nonfunctional subdomains:
+Disabled by https-everywhere-checker because:
+Fetch error: http://forgestaging.puppetlabs.com/ => https://forgestaging.puppetlabs.com/: (6, 'Could not resolve host: forgestaging.puppetlabs.com')
+Fetch error: http://forgestagingapi.puppetlabs.com/ => https://forgestagingapi.puppetlabs.com/: (6, 'Could not resolve host: forgestagingapi.puppetlabs.com')
+
+	Nonfunctional hosts in *puppetlabs.com:
+
+		- info *
 
-		- info	(redirects to app-h.marketo.com; mismatched, CN: *.marketo.com)
+	* Marketo
 
 -->
-<ruleset name="Puppet Labs">
+<ruleset name="Puppet Labs.com" default_off="failed ruleset test">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="puppetlabs.com" />
-	<target host="*.puppetlabs.com" />
+	<target host="ask.puppetlabs.com" />
+	<target host="docs.puppetlabs.com" />
+	<target host="forge.puppetlabs.com" />
+	<target host="forgeapi.puppetlabs.com" />
+	<target host="forgestaging.puppetlabs.com" />
+	<target host="forgestagingapi.puppetlabs.com" />
+	<target host="projects.puppetlabs.com" />
+	<target host="tickets.puppetlabs.com" />
+	<target host="www.puppetlabs.com" />
+
+	<!--	Special cases:
+				-->
+	<target host="info.puppetlabs.com" />
+
+		<exclusion pattern="^http://info\.puppetlabs\.com/(?!css/|images/|js/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://info.puppetlabs.com/download-puppet-open-source.html" />
+			<test url="http://info.puppetlabs.com/vmware-integration-notification.html" />
+			<test url="http://info.puppetlabs.com/webinars.html" />
+
+			<!--	-ve:
+					-->
+			<test url="http://info.puppetlabs.com/css/mktLPSupport.css" />
+			<test url="http://info.puppetlabs.com/rs/puppetlabs/images/logo_lg.png" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^tickets\.puppetlabs\.com$" name="^(JSESSIONID|atlassian\.xsrf\.token)$" /-->
+
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^http://((?:docs|forge|projects|www)\.)?puppetlabs\.com/"
-		to="https://$1puppetlabs.com/" />
+	<rule from="^http://info\.puppetlabs\.com/"
+		to="https://na-h.marketo.com/" />
 
-	<rule from="^http://info\.puppetlabs\.com/(cs|image|r)s/"
-		to="https://na-h.puppetlabs.com/$1s/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Purdue_Alumni_Association.xml b/src/chrome/content/rules/Purdue_Alumni_Association.xml
index 43d48967c8f4..5af5cc3d422a 100644
--- a/src/chrome/content/rules/Purdue_Alumni_Association.xml
+++ b/src/chrome/content/rules/Purdue_Alumni_Association.xml
@@ -1,11 +1,23 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://purduealum.org/ => https://www.purduealum.org/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://purduealumni.org/ => https://www.purduealumni.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.purduealum.org/ => https://www.purduealum.org/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.purduealumni.org/ => https://www.purduealumni.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://purduealum.org/ => https://www.purduealum.org/: (28, 'Connection timed out after 10000 milliseconds')
+Fetch error: http://purduealumni.org/ => https://www.purduealumni.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.purduealum.org/ => https://www.purduealum.org/: (28, 'Connection timed out after 10001 milliseconds')
+Fetch error: http://www.purduealumni.org/ => https://www.purduealumni.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 	For other Purdue University coverage, see Purdue_University.xml.
 
 
 	Certs only match www.
 
 -->
-<ruleset name="Purdue University Association">
+<ruleset name="Purdue University Association" default_off="failed ruleset test">
 
 	<target host="purduealum.org" />
 	<target host="purduealumni.org" />
@@ -16,7 +28,7 @@
 	<securecookie host="^www\.purduealumni\.org$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?purduealum(ni)?\.org/"
+	<rule from="^http://(?:www\.)?purduealum(ni)?\.org/"
 		to="https://www.purduealum$1.org/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Purdue_Plant_Doctor.xml b/src/chrome/content/rules/Purdue_Plant_Doctor.xml
index b3a99d9be136..7566651f9a05 100644
--- a/src/chrome/content/rules/Purdue_Plant_Doctor.xml
+++ b/src/chrome/content/rules/Purdue_Plant_Doctor.xml
@@ -11,7 +11,6 @@
 	<securecookie host="^(?:www\.)?purdueplantdoctor\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?purdueplantdoctor\.com/"
-		to="https://$1purdueplantdoctor.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Purdue_University.xml b/src/chrome/content/rules/Purdue_University.xml
index 9d0b7ab16a38..8a5d9b13ae0b 100644
--- a/src/chrome/content/rules/Purdue_University.xml
+++ b/src/chrome/content/rules/Purdue_University.xml
@@ -25,7 +25,6 @@
 
 		- tell.cla		(prints "SSL succeeds!")
 		- www.conf
-		- (www.)cs
 		- (www.)cyto ¹
 		- (www.)eaps		(shows www.eas; mismatched, CN: www.eas.purdue.edu)
 		- www.edci ¹
@@ -80,7 +79,7 @@
 	² Redirects to gweb; mismatched, CN: gweb.genomics.purdue.edu
 	³ Shows www.pharmacy; mismatched, CN: www.pharmacy.purdue.edu
 	⁴ Shows web02p.lib; mismatched, CN: web02p.lib.purdue.edu
-	⁵ Shows api01p.lib; expired 2012-03-31, self-signed, CN: api01p.lib.purdue.edu	
+	⁵ Shows api01p.lib; expired 2012-03-31, self-signed, CN: api01p.lib.purdue.edu
 	⁶ Shows www.math; mismatched, CN: www.math.purdue.edu
 
 
@@ -94,6 +93,7 @@
 		- cerias ¹
 		- www.cfs
 		- cla ¹
+		- cs ¹
 		- calendar.cs
 		- eas ¹
 		- epics.ecn
@@ -184,6 +184,7 @@
 		- (www.)cla		(^ → www)
 		- www.courses
 		- www.cri
+		- (www.)cs		(^ → www)
 		- portals.cs
 		- (www.)cyber
 		- directory
@@ -352,7 +353,7 @@
 
 	<target host="purdue.edu" />
 	<target host="*.purdue.edu" />
-		<exclusion pattern="^https?://(?:www\.)?science\.purdue\.edu/.+\.html" />
+		<exclusion pattern="^http://(?:www\.)?science\.purdue\.edu/.+\.html" />
 
 
 	<securecookie host="^.+\.purdue\.edu$" name=".+" />
@@ -361,55 +362,55 @@
 	<rule from="^http://((?:(?:www\.)?(?:admissions?|ag|agriculture|cancerresearch|ces|cyber|discoverypark|diversity|donate|dro|extension|nano|pathwaytopurdue|proed|support|tedx|vet)|www\.acsl|qa\.admission|intranet2?\.ag|www[23]\.ag|www\.ag(?:con|ry)|autodiscover|(?:aragorn|printers)\.bio|(?:qa|www)\.(?:bioinformatics|hhs|irb|onepurdue|police)|blackboard|calendar|www\.cco|www\.cec|cassandra\.cerias|www\.cie|www\.cri|(?:caid|editcourses|jafci(?:dev)?|testwww1|www)\.chem|www\.courses|portals\.cs|www\.distance|directory|qa\.diversity|(?:myepoint|sharepoint)\.ecn|(?:collaborate|discover)\.education|(?:prod\.|qa\.)?owl\.english|www\.eventreg|(?:autodiscover\.|legacy\.)?exchange|www\.four-h|giving|www\.gradschool|www\.hort|web\.ics|www\.ippu|www\.is(?:co|s)|(?:erp-portal-prd|esa-oas-prod|goremote|help|ias|mdc|wiki|www2)\.itap|(?:risque|www)\.itns|(?:intra|webapps)\.krannert|legacy|(?:apps|catalog|login\.ezproxy|www1)\.lib|(?:gmig|www)\.math|www\.mgmt|mycourses|mymail|(?:selfservice|wl)\.mypurdue|owa|legacy\.owa|qa\.pathwaytopurdue|www\.pec|www\.pharmacy|(?:fixmyhome|trackpad)\.physfac|www\.physics|purr|web\.rcac|(?:help|kb|lpvwebresnet01|my|stats|trams)\.resnet|gar2\.science|search|www\.stud(?:ent-orgs|yabroad)|www\.tech|(?:news|qa|www)\.uns|qa\.vet|www|qa\.www)\.)?purdue\.edu/"
 		to="https://$1purdue.edu/" />
 
-	<rule from="^https?://(?:www\.)?(addl|bio|cerias|cla|eas|gbe|getinvolved|housing|itap|krannert|lib|ezproxy\.lib|rcac|science|union)\.purdue\.edu/"
+	<rule from="^http://(?:www\.)?(addl|bio|cerias|cla|cs|eas|gbe|getinvolved|housing|itap|krannert|lib|ezproxy\.lib|rcac|science|union)\.purdue\.edu/"
 		to="https://www.$1.purdue.edu/" />
 
-	<rule from="^https?://www\.ansc\.purdue\.edu/(?:\?.*)?$"
+	<rule from="^http://www\.ansc\.purdue\.edu/(?:\?.*)?$"
 		to="https://www.ag.purdue.edu/ansc" />
 
-	<rule from="^https?://btny\.purdue\.edu/(\?.*)?$"
+	<rule from="^http://btny\.purdue\.edu/(\?.*)?$"
 		to="https://www.ag.purdue.edu/btny$1" />
 
-	<rule from="^https?://(?:www\.)?cancer\.purdue\.edu/(?:[^\?]*)(\?.*)?$"
+	<rule from="^http://(?:www\.)?cancer\.purdue\.edu/(?:[^\?]*)(\?.*)?$"
 		to="https://www.cancerresearch.purdue.edu/$1" />
 
-	<rule from="^https?://www\.cfs\.purdue\.edu/(?:\?.*)?$"
+	<rule from="^http://www\.cfs\.purdue\.edu/(?:\?.*)?$"
 		to="https://www.purdue.edu/hhs/" />
 
-	<rule from="^https?://www\.cfs\.purdue\.edu/extension(?:[/\?].*)?$"
+	<rule from="^http://www\.cfs\.purdue\.edu/extension(?:[/\?].*)?$"
 		to="https://www.purdue.edu/hhs/extension/" />
 
-	<rule from="^https?://epics\.ecn\.purdue\.edu/"
+	<rule from="^http://epics\.ecn\.purdue\.edu/"
 		to="https://engineering.purdue.edu/EPICS" />
 
-	<rule from="^https?://(?:www\.)?(engineering|gateway|marketing|mypurdue)\.purdue\.edu/"
+	<rule from="^http://(?:www\.)?(engineering|gateway|marketing|mypurdue)\.purdue\.edu/"
 		to="https://$1.purdue.edu/" />
 
-	<rule from="^https?://www\.entm\.purdue\.edu/(?:\?.*)?$"
+	<rule from="^http://www\.entm\.purdue\.edu/(?:\?.*)?$"
 		to="https://www.ag.purdue.edu/entm/Pages/default.aspx" />
 
-	<rule from="^https?://india\.fll\.purdue\.edu/(?:\?.*)?$"
+	<rule from="^http://india\.fll\.purdue\.edu/(?:\?.*)?$"
 		to="https://www.cla.purdue.edu/fll/" />
 
-	<rule from="^https?://flowers\.hort\.purdue\.edu/(?:\?.*)?$"
+	<rule from="^http://flowers\.hort\.purdue\.edu/(?:\?.*)?$"
 		to="https://ag.purdue.edu/hla/lopezlab/Pages/default.aspx" />
 
-	<rule from="^https?://a(?:pi01|sc02)p\.lib\.purdue\.edu/"
+	<rule from="^http://a(?:pi01|sc02)p\.lib\.purdue\.edu/"
 		to="https://www.lib.purdue.edu/" />
 
-	<rule from="^https?://docs\.lib\.purdue\.edu/assets/"
+	<rule from="^http://docs\.lib\.purdue\.edu/assets/"
 		to="https://dlpurdue.bepress.com/assets/" />
 
-	<rule from="^https?://guides\.lib\.purdue\.edu/(css\d*|data|js)/"
+	<rule from="^http://guides\.lib\.purdue\.edu/(css\d*|data|js)/"
 		to="https://libguides.com/$1/" />
 
-	<rule from="^https?://scholarly\.lib\.purdue\.edu/"
+	<rule from="^http://scholarly\.lib\.purdue\.edu/"
 		to="https://www.lib.purdue.edu/scholarly" />
 
-	<rule from="^https?://(?:www1?\.)?psych\.purdue\.edu/"
+	<rule from="^http://(?:www1?\.)?psych\.purdue\.edu/"
 		to="https://www1.psych.purdue.edu/" />
 
-	<rule from="^https?://c89\.science\.purdue\.edu/$"
+	<rule from="^http://c89\.science\.purdue\.edu/$"
 		to="https://www.science.purdue.edu/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Pure-Auto.xml b/src/chrome/content/rules/Pure-Auto.xml
index 32404752e8af..5bb1b2d9b3f9 100644
--- a/src/chrome/content/rules/Pure-Auto.xml
+++ b/src/chrome/content/rules/Pure-Auto.xml
@@ -4,9 +4,8 @@
 	<target host="www.purecars.com"/>
 
 	<!--	encountered: purecars.com. www.purecars.com	-->
-	<securecookie host="^(.*\.)?purecars\.com$" name=".*"/>
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(www\.)?purecars\.com/"
-		to="https://$1purecars.com/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Pure-privacy.org.xml b/src/chrome/content/rules/Pure-privacy.org.xml
new file mode 100644
index 000000000000..2f963b8ef1a7
--- /dev/null
+++ b/src/chrome/content/rules/Pure-privacy.org.xml
@@ -0,0 +1,19 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://pure-privacy.org/ => https://pure-privacy.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.pure-privacy.org/ => https://pure-privacy.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	www: mismatched, CN: download.truecrypt.ch
+
+-->
+<ruleset name="pure-privacy.org" default_off="failed ruleset test">
+
+	<target host="pure-privacy.org" />
+	<target host="www.pure-privacy.org" />
+
+
+	<rule from="^http://(?:www\.)?pure-privacy\.org/"
+		to="https://pure-privacy.org/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PureFTPd.org.xml b/src/chrome/content/rules/PureFTPd.org.xml
new file mode 100644
index 000000000000..1a223f8adcf2
--- /dev/null
+++ b/src/chrome/content/rules/PureFTPd.org.xml
@@ -0,0 +1,36 @@
+<!--
+	The domain ucarp.org redirects to
+	https://www.pureftpd.org/project/ucarp, see ucarp.org.xml
+
+	Time out:
+		archives.pureftpd.org
+
+	Invalid certificate:
+		blogbench.pureftpd.org
+		geocaching.pureftpd.org
+		libpuzzle.pureftpd.org
+		mysql-udf-global-user-variables.pureftpd.org
+		pincaster.pureftpd.org
+		php-webdav.pureftpd.org
+		sharedance.pureftpd.org
+		skycache.pureftpd.org
+
+-->
+<ruleset name="PureFTPd.org">
+	<target host="pureftpd.org" />
+	<target host="www.pureftpd.org" />
+	<target host="blogbench.pureftpd.org" />
+	<target host="download.pureftpd.org" />
+	<target host="downloads.pureftpd.org" />
+	<target host="libpuzzle.pureftpd.org" />
+	<target host="mysql-udf-global-user-variables.pureftpd.org" />
+	<target host="pincaster.pureftpd.org" />
+	<target host="php-webdav.pureftpd.org" />
+	<target host="sharedance.pureftpd.org" />
+	<target host="skycache.pureftpd.org" />
+
+	<rule from="^http://(blogbench|libpuzzle|pincaster|sharedance|skycache|php-webdav|mysql-udf-global-user-variables)\.pureftpd\.org/"
+		to="https://www.pureftpd.org/project/$1" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PureHacking.xml b/src/chrome/content/rules/PureHacking.xml
deleted file mode 100644
index 028907f65730..000000000000
--- a/src/chrome/content/rules/PureHacking.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="PureHacking">
- <target host="www.purehacking.com" />
- <target host="purehacking.com" />
-
- <rule from="^http://(?:www\.)?purehacking\.com/" to="https://www.purehacking.com/" />
-</ruleset>
diff --git a/src/chrome/content/rules/PureInfo.xml b/src/chrome/content/rules/PureInfo.xml
index e5a6bf2eaf0b..2a7842725a92 100644
--- a/src/chrome/content/rules/PureInfo.xml
+++ b/src/chrome/content/rules/PureInfo.xml
@@ -1,13 +1,12 @@
 <ruleset name="PureInfo">
 
 	<target host="pureinfo.com" />
-	<target host="*.pureinfo.com" />
+	<target host="www.pureinfo.com" />
 
 
 	<securecookie host="^\.pureinfo\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?pureinfo\.com/"
-		to="https://$1pureinfo.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/PureVPN.xml b/src/chrome/content/rules/PureVPN.xml
index fcdbf7e7dd5d..72834eafebe9 100644
--- a/src/chrome/content/rules/PureVPN.xml
+++ b/src/chrome/content/rules/PureVPN.xml
@@ -4,22 +4,58 @@
 		- forum		(http reply)
 
 
-	Partially covered subdomains:
+	Problematic hosts in *purevpn.com:
 
-		- billing	(some pages redirect to http)
+		- support ¹ ²
+
+	¹ Mismatched
+	² Self-signed
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .purevpn.com
+		- billing.purevpn.com
+		- www.purevpn.com
 
 -->
-<ruleset name="PureVPN (partial)">
+<ruleset name="PureVPN.com (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="purevpn.com" />
-	<target host="*.purevpn.com" />
+	<target host="billing.purevpn.com" />
+	<target host="www.purevpn.com" />
+
+		<!--	Redirects to http:
+						-->
 		<exclusion pattern="^http://billing\.purevpn\.com/(?:announcements|downloads|index|knowledgebase)\.php" />
 
+			<!--	+ve:
+					-->
+			<test url="http://billing.purevpn.com/announcements.php" />
+			<test url="http://billing.purevpn.com/downloads.php" />
+			<test url="http://billing.purevpn.com/index.php" />
+			<test url="http://billing.purevpn.com/knowledgebase.php" />
+
+			<!--	-ve:
+					-->
+			<test url="http://billing.purevpn.com/clientarea.php" />
+			<test url="http://billing.purevpn.com/register.php" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.purevpn\.com$" name="^(?:first_visit|incap_ses_\d+_\d+|nlbi_\d+|visid_incap_\d+|visits)$" /-->
+	<!--securecookie host="^billing\.purevpn\.com$" name="^(?:___utm[abm]\w+|WHMCS\w+)$" /-->
+	<!--securecookie host="^www\.purevpn\.com$" name="^(?:___utm[abm]\w+|PHPSESSID|laravel_session)$" /-->
 
+	<securecookie host="^\.purevpn\.com$" name="^(?:first_visit|incap_ses_\d+_\d+|nlbi_\d+|visid_incap_\d+|visits)$" />
+	<securecookie host="^billing\.purevpn\.com$" name="^___utm\w+$" />
 	<securecookie host="^www\.purevpn\.com$" name=".+" />
 
 
-	<rule from="^http://(billing\.|www\.)?purevpn\.com/"
-		to="https://$1purevpn.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Pure_Cambogia.com.xml b/src/chrome/content/rules/Pure_Cambogia.com.xml
deleted file mode 100644
index 0051f1d06426..000000000000
--- a/src/chrome/content/rules/Pure_Cambogia.com.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	Mixed content:
-
-		- css on (www.) from fonts.googleapis.com *
-
-	* Secured by us
-
--->
-<ruleset name="Pure Cambogia.com">
-
-	<target host="purecambogia.com" />
-	<target host="*.purecambogia.com" />
-
-
-	<securecookie host="^\.purecambogia\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?purecambogia\.com/"
-		to="https://$1purecambogia.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Pure_Chat.com.xml b/src/chrome/content/rules/Pure_Chat.com.xml
index 75c900a8e53f..8582c1baf202 100644
--- a/src/chrome/content/rules/Pure_Chat.com.xml
+++ b/src/chrome/content/rules/Pure_Chat.com.xml
@@ -13,7 +13,6 @@
 	<target host="www.purechat.com" />
 
 
-	<rule from="^http://(www\.)?purechat\.com/"
-		to="https://$1purechat.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Pure_Ultra_Cleanse.xml b/src/chrome/content/rules/Pure_Ultra_Cleanse.xml
deleted file mode 100644
index afde0ee44738..000000000000
--- a/src/chrome/content/rules/Pure_Ultra_Cleanse.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Pure Ultra Cleanse">
-
-	<target host="pureultracleanse.com" />
-	<target host="*.pureultracleanse.com" />
-
-
-	<securecookie host="^(?:w*\.)?pureultracleanse\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?pureultracleanse\.com/"
-		to="https://$1pureultracleanse.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Purina.com.xml b/src/chrome/content/rules/Purina.com.xml
new file mode 100644
index 000000000000..b7059b1216a5
--- /dev/null
+++ b/src/chrome/content/rules/Purina.com.xml
@@ -0,0 +1,44 @@
+<!--
+	For other Nestlé coverage, see Nestle.xml.
+
+
+	Nonfunctional hosts in *purina.com:
+
+		- newscenter *
+
+	* Dropped
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .purina.com
+		- www.purina.com
+
+
+	Mixed content:
+
+		- Image from pbs.twimg.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Purina.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="purina.com" />
+	<target host="www.purina.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.purina\.com$" name="^(incap_ses_\d+_\d+|visid_incap_\d+)$" /-->
+	<!--securecookie host="^www\.purina\.com$" name="^___utmv[abm]\w+$" /-->
+
+	<securecookie host="^(?:www)?\.purina\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Purina_Store.com.xml b/src/chrome/content/rules/Purina_Store.com.xml
new file mode 100644
index 000000000000..70e5d989b17f
--- /dev/null
+++ b/src/chrome/content/rules/Purina_Store.com.xml
@@ -0,0 +1,37 @@
+<!--
+	For other Nestlé coverage, see Nestle.xml.
+
+
+	Problematic hosts in *purinastore.com:
+
+		- signin *
+
+	* OCSP request fails
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .purinastore.com
+		- www.purinastore.com
+
+-->
+<ruleset name="Purina Store.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="purinastore.com" />
+	<target host="www.purinastore.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.purinastore\.com$" name="^(incap_ses_\d+_\d+|visid_incap_\d+)$" /-->
+	<!--securecookie host="^www\.purinastore\.com$" name="^___utmv[abm]\w+$" /-->
+
+	<securecookie host="^(?:www)?\.purinastore\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Puritan.com.xml b/src/chrome/content/rules/Puritan.com.xml
index c304c3fb0d7b..2fa89bc9d515 100644
--- a/src/chrome/content/rules/Puritan.com.xml
+++ b/src/chrome/content/rules/Puritan.com.xml
@@ -2,5 +2,5 @@
   <target host="puritan.com" />
   <target host="www.puritan.com" />
 
-  <rule from="^http://(?:www\.)?puritan\.com/" to="https://www.puritan.com/" />
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Pururin.io.xml b/src/chrome/content/rules/Pururin.io.xml
new file mode 100644
index 000000000000..5e1b6022991d
--- /dev/null
+++ b/src/chrome/content/rules/Pururin.io.xml
@@ -0,0 +1,13 @@
+<!--
+	Timeout:
+		- email
+-->
+<ruleset name="Pururin.io">
+	<target host="pururin.io" />
+	<target host="www.pururin.io" />
+	<target host="cdn.pururin.io" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Push.IO.xml b/src/chrome/content/rules/Push.IO.xml
deleted file mode 100644
index d47371fb90ec..000000000000
--- a/src/chrome/content/rules/Push.IO.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)	(520)
-
--->
-<ruleset name="Push.IO (partial)">
-
-	<target host="*.push.io" />
-
-
-	<securecookie host="^manage\.push\.io$" name=".+" />
-
-
-	<rule from="^http://(manage|status)\.push\.io/"
-		to="https://$1.push.io/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/PushPlay.xml b/src/chrome/content/rules/PushPlay.xml
index 58ff3aa8bf6b..422fcdeb7ec8 100644
--- a/src/chrome/content/rules/PushPlay.xml
+++ b/src/chrome/content/rules/PushPlay.xml
@@ -18,7 +18,6 @@
 	<securecookie host="^(?:www\.)?pushplay\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?pushplay\.com/"
-		to="https://$1pushplay.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Push_Popcorn.xml b/src/chrome/content/rules/Push_Popcorn.xml
deleted file mode 100644
index 183d213acddf..000000000000
--- a/src/chrome/content/rules/Push_Popcorn.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Push Popcorn">
-
-	<target host="pushpopcorn.com" />
-	<target host="*.pushpopcorn.com" />
-
-
-	<securecookie host="^(?:w*\.)?pushpopcorn\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?pushpopcorn\.com/"
-		to="https://$1pushpopcorn.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Pushbullet.com.xml b/src/chrome/content/rules/Pushbullet.com.xml
new file mode 100644
index 000000000000..ae4745cc3925
--- /dev/null
+++ b/src/chrome/content/rules/Pushbullet.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Fully covered subdomains:
+
+		- (www.)?
+		- blog
+		- docs
+		- help
+
+-->
+<ruleset name="Pushbullet.com">
+
+	<target host="pushbullet.com" />
+	<target host="blog.pushbullet.com" />
+	<target host="docs.pushbullet.com" />
+	<target host="help.pushbullet.com" />
+	<target host="www.pushbullet.com" />
+
+
+	<securecookie host="^\.pushbullet\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Pusher-problematic.xml b/src/chrome/content/rules/Pusher-problematic.xml
deleted file mode 100644
index 3c4acc6eef8a..000000000000
--- a/src/chrome/content/rules/Pusher-problematic.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	For rules that are on by default, see Pusher.xml.
-
--->
-<ruleset name="Pusher (problematic)" default_off="mismatched">
-
-	<target host="pusher.com" />
-	<target host="www.pusher.com" />
-	<target host="pusherapp.com" />
-	<target host="www.pusherapp.com" />
-
-
-	<rule from="^https?://(?:www\.)?pusher(?:app)?\.com/"
-		to="https://pusher.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Pusher.com.xml b/src/chrome/content/rules/Pusher.com.xml
new file mode 100644
index 000000000000..6de43d03a166
--- /dev/null
+++ b/src/chrome/content/rules/Pusher.com.xml
@@ -0,0 +1,31 @@
+<!--
+	Other Pusher rulesets:
+
+		- PusherApp.com.xml
+
+
+	Nonfunctional subdomains:
+
+		- blog *
+
+	* wpengine
+
+-->
+<ruleset name="Pusher.com (partial)">
+
+	<target host="pusher.com" />
+	<target host="app.pusher.com" />
+	<target host="js.pusher.com" />
+	<target host="sockjs.pusher.com" />
+	<target host="www.pusher.com" />
+		<!--exclusion pattern="^http://blog\.pusher\.com/" /-->
+
+
+	<!--	Secured by server:
+					-->
+	<!--securecookie host="^app\.pusher\.com$" name="^_site_session2$" /-->
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Pusher.xml b/src/chrome/content/rules/Pusher.xml
deleted file mode 100644
index ca2d2362b703..000000000000
--- a/src/chrome/content/rules/Pusher.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<!--
-	For problematic rules, see Pusher-problematic.xml.
-
-
-	pusher.herokuapp.com: 503
-
-
-	Problematic domains:
-
-		- (www.)pusher.com	(works, mismatched, CN: *.heroku.com)
-
--->
-<ruleset name="Pusher (partial)">
-
-	<target host="*.pusherapp.com" />
-
-
-	<securecookie host="^app\.pusherapp\.com$" name=".+" />
-
-
-	<rule from="^http://(app|ws)\.pusherapp\.com/"
-		to="https://$1.pusherapp.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/PusherApp.com.xml b/src/chrome/content/rules/PusherApp.com.xml
new file mode 100644
index 000000000000..8673bc0f6113
--- /dev/null
+++ b/src/chrome/content/rules/PusherApp.com.xml
@@ -0,0 +1,21 @@
+<!--
+	For other Pusher coverage, see Pusher.com.xml.
+
+	Invalid certificate:
+		blog.pusherapp.com
+		js.pusherapp.com
+
+-->
+<ruleset name="PusherApp.com">
+
+	<target host="pusherapp.com" />
+	<target host="www.pusherapp.com" />
+	<target host="api.pusherapp.com" />
+	<target host="app.pusherapp.com" />
+
+	<securecookie host="^app\.pusherapp\.com$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Pushover.net.xml b/src/chrome/content/rules/Pushover.net.xml
new file mode 100644
index 000000000000..925afea87370
--- /dev/null
+++ b/src/chrome/content/rules/Pushover.net.xml
@@ -0,0 +1,27 @@
+<!--
+	For other Superblock coverage, see Superblock.net.xml.
+
+
+	Nonfunctional subdomains:
+
+		- updates *
+
+	* Tumblr
+
+
+	Fully covered subdomains:
+
+		- (www.)?
+		- api
+
+-->
+<ruleset name="Pushover.net (partial)">
+
+	<target host="pushover.net" />
+	<target host="api.pushover.net" />
+	<target host="www.pushover.net" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Pushsquare.com.xml b/src/chrome/content/rules/Pushsquare.com.xml
new file mode 100644
index 000000000000..bc28b44010ee
--- /dev/null
+++ b/src/chrome/content/rules/Pushsquare.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="Pushsquare.com">
+	<target host="pushsquare.com" />
+	<target host="www.pushsquare.com" />
+	<target host="fs.pushsquare.com" />
+	<target host="images.pushsquare.com" />
+	<target host="sp.pushsquare.com" />
+	<target host="static.pushsquare.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Put.as.xml b/src/chrome/content/rules/Put.as.xml
new file mode 100644
index 000000000000..16ae8619afb9
--- /dev/null
+++ b/src/chrome/content/rules/Put.as.xml
@@ -0,0 +1,17 @@
+<!--
+	Fully covered hosts in *put.as:
+
+		- reverse
+
+-->
+<ruleset name="put.as">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="reverse.put.as" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Put.io.xml b/src/chrome/content/rules/Put.io.xml
new file mode 100644
index 000000000000..25ddb2266189
--- /dev/null
+++ b/src/chrome/content/rules/Put.io.xml
@@ -0,0 +1,9 @@
+<ruleset name="put.io">
+
+	<target host="put.io" />
+	<target host="www.put.io" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PutLocker.xml b/src/chrome/content/rules/PutLocker.xml
index 8cc6d1154080..ccee0e5ece64 100644
--- a/src/chrome/content/rules/PutLocker.xml
+++ b/src/chrome/content/rules/PutLocker.xml
@@ -23,7 +23,9 @@
 
 	<target host="wac.51d5.edgecastcdn.net" />
 	<target host="putlocker.com" />
-	<target host="*.putlocker.com" />
+	<target host="images.putlocker.com" />
+	<target host="static.putlocker.com" />
+	<target host="www.putlocker.com" />
 
 
 	<rule from="^http://wac\.51d5\.edgecastcdn\.net/8051D5/"
diff --git a/src/chrome/content/rules/Puu.sh.xml b/src/chrome/content/rules/Puu.sh.xml
index af0087c980de..44cfd4ab6e1b 100644
--- a/src/chrome/content/rules/Puu.sh.xml
+++ b/src/chrome/content/rules/Puu.sh.xml
@@ -1,17 +1,11 @@
 <!--
 	For other puush coverage, see Puush.me.xml.
-
 -->
 <ruleset name="puu.sh">
-
 	<target host="puu.sh" />
-	<target host="*.puu.sh" />
-
+	<target host="www.puu.sh" />
 
 	<securecookie host="^\.puu\.sh$" name=".+" />
 
-
-	<rule from="^http://(www\.)?puu\.sh/"
-		to="https://$1puu.sh/" />
-
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Puush.me.xml b/src/chrome/content/rules/Puush.me.xml
index af1354bc2520..d630f2c7fd3f 100644
--- a/src/chrome/content/rules/Puush.me.xml
+++ b/src/chrome/content/rules/Puush.me.xml
@@ -1,9 +1,4 @@
 <!--
-	Other puush rulesets:
-
-		- Push.sh.xml
-
-
 	Problematic subdomains:
 
 		- www	(drops path)
@@ -12,13 +7,12 @@
 <ruleset name="puush.me">
 
 	<target host="puush.me" />
-	<target host="*.puush.me" />
+	<target host="www.puush.me" />
 
 
 	<securecookie host="^\.puush\.me$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?puush\.me/"
-		to="https://puush.me/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/PwdHash.com.xml b/src/chrome/content/rules/PwdHash.com.xml
index 9db7c0033318..3a7aa2092ff6 100644
--- a/src/chrome/content/rules/PwdHash.com.xml
+++ b/src/chrome/content/rules/PwdHash.com.xml
@@ -4,7 +4,6 @@
 	<target host="www.pwdhash.com" />
 
 
-	<rule from="^http://(www\.)?pwdhash\.com/"
-		to="https://$1pwdhash.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Pwmt.org.xml b/src/chrome/content/rules/Pwmt.org.xml
index 054c90746140..874d1eaaf393 100644
--- a/src/chrome/content/rules/Pwmt.org.xml
+++ b/src/chrome/content/rules/Pwmt.org.xml
@@ -1,18 +1,14 @@
-<!--
-	Fully covered subdomains:
-
-		- (www.)
-		- bugs
-		- git
-		- lists
-
--->
 <ruleset name="pwmt.org">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="pwmt.org"/>
-	<target host="*.pwmt.org"/>
+	<target host="bugs.pwmt.org"/>
+	<target host="git.pwmt.org"/>
+	<target host="lists.pwmt.org"/>
+	<target host="www.pwmt.org"/>
 
-	<rule from="^http://((?:bugs|git|lists|www)\.)?pwmt\.org/"
-		to="https://$1pwmt.org/"/>
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/PyCon.org.xml b/src/chrome/content/rules/PyCon.org.xml
new file mode 100644
index 000000000000..06dada7a4c66
--- /dev/null
+++ b/src/chrome/content/rules/PyCon.org.xml
@@ -0,0 +1,56 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://2012.de.pycon.org/ => https://2012.de.pycon.org/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://2013.de.pycon.org/ => https://2013.de.pycon.org/: (60, 'SSL certificate problem: certificate has expired')
+
+	Nonfunctional hosts in *pycon.org:
+
+		- apac ¹
+		- ar ²
+		- au ³
+		- cn ²
+		- 2014.es ²
+		- www.es ¹
+		- fi ¹
+		- www ⁴
+
+	¹ Refused
+	² Dropped
+	³ 400
+	⁴ Redirects to http
+
+
+	Problematic hosts in *pycon.org:
+
+		- ^ *
+		- nz *
+
+	* Mismatched
+
+
+	Mixed content:
+
+		- css on nz from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="PyCon.org (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="de.pycon.org" />
+	<target host="2012.de.pycon.org" />
+	<target host="2013.de.pycon.org" />
+	<target host="us.pycon.org" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://2011\.de\.pycon\.org/($|2011/home/)" /-->
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PyCon.sg.xml b/src/chrome/content/rules/PyCon.sg.xml
new file mode 100644
index 000000000000..9577643cbd37
--- /dev/null
+++ b/src/chrome/content/rules/PyCon.sg.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- pycon.sg
+
+-->
+<ruleset name="PyCon.sg">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="pycon.sg" />
+	<target host="www.pycon.sg" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^pycon\.sg$" name="^(csrftoken|django_language)$" /-->
+
+	<securecookie host="^pycon\.sg$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PyData.org.xml b/src/chrome/content/rules/PyData.org.xml
new file mode 100644
index 000000000000..03c5730e0bf1
--- /dev/null
+++ b/src/chrome/content/rules/PyData.org.xml
@@ -0,0 +1,36 @@
+<!--
+	Invalid certificate:
+		llvmlite.pydata.org
+		odo.pydata.org
+
+	No working URL known:
+		cdn.pydata.org
+
+	Refused:
+		conda-test.pydata.org
+
+-->
+<ruleset name="Python Data">
+
+	<target host="pydata.org" />
+	<target host="www.pydata.org" />
+	<target host="berlin.pydata.org" />
+	<target host="blaze.pydata.org" />
+	<target host="blz.pydata.org" />
+	<target host="bokeh.pydata.org" />
+	<target host="chicago.pydata.org" />
+	<target host="compilers.pydata.org" />
+	<target host="conda.pydata.org" />
+	<target host="dask.pydata.org" />
+	<target host="datashape.pydata.org" />
+	<target host="london.pydata.org" />
+	<target host="numba.pydata.org" />
+	<target host="pandas.pydata.org" />
+	<target host="seaborn.pydata.org" />
+	<target host="xarray.pydata.org" />
+	
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PyPIP.in.xml b/src/chrome/content/rules/PyPIP.in.xml
new file mode 100644
index 000000000000..455e6496d890
--- /dev/null
+++ b/src/chrome/content/rules/PyPIP.in.xml
@@ -0,0 +1,27 @@
+<!--
+	Problematic hosts in *pypip.in:
+
+		- status *
+
+	* Mismatched
+
+-->
+<ruleset name="PyPIP.in (partial)" default_off="refused">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="pypip.in" />
+	<target host="www.pypip.in" />
+
+	<!--	Complications:
+				-->
+	<!--target host="status.pypip.in" /-->
+
+
+	<!--rule from="^http://status\.pypip\.in/"
+		to="https://???.statuspage.io/" /-->
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PyPy.xml b/src/chrome/content/rules/PyPy.xml
new file mode 100644
index 000000000000..d4896cd8dad8
--- /dev/null
+++ b/src/chrome/content/rules/PyPy.xml
@@ -0,0 +1,20 @@
+<!--
+	Connection refused:
+		- speed.pypy.org
+
+	Invalid certificate:
+		- bugs.pypy.org
+		- buildbot.pypy.org
+		- doc.pypy.org: equivalent to pypy.readthedocs.io
+		- packages.pypy.org
+-->
+
+<ruleset name="PyPy">
+	<target host="pypy.org" />
+	<target host="www.pypy.org" />
+	<target host="doc.pypy.org" />
+
+	<rule from="^http://doc\.pypy\.org/"
+		  to="https://pypy.readthedocs.io/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PyWeek.org.xml b/src/chrome/content/rules/PyWeek.org.xml
new file mode 100644
index 000000000000..f97a6c925ade
--- /dev/null
+++ b/src/chrome/content/rules/PyWeek.org.xml
@@ -0,0 +1,20 @@
+<!--
+	Invalid certificate:
+		pyweek.org
+		media.pyweek.org
+		pyggy.pyweek.org
+		media.pyggy.pyweek.org
+
+-->
+<ruleset name="PyWeek.org">
+
+	<target host="pyweek.org" />
+	<target host="www.pyweek.org" />
+
+	<rule from="^http://www\.pyweek\.org/"
+		to="https://pyweek.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Pyd.io.xml b/src/chrome/content/rules/Pyd.io.xml
new file mode 100644
index 000000000000..50693fe2cf66
--- /dev/null
+++ b/src/chrome/content/rules/Pyd.io.xml
@@ -0,0 +1,30 @@
+<!--
+	For other Pydio coverage, see Pydio.com.xml.
+
+
+	Insecure cookies are set for these hosts:
+
+		- pyd.io
+		- www.pyd.io
+
+-->
+<ruleset name="Pyd.io">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="pyd.io" />
+	<target host="www.pyd.io" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^pyd\.io$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^(www\.)?pyd\.io$" name="^wfvt_$" /-->
+
+	<securecookie host="^(?:www\.)?pyd\.io$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Pydio.com.xml b/src/chrome/content/rules/Pydio.com.xml
new file mode 100644
index 000000000000..5c7bd883e7be
--- /dev/null
+++ b/src/chrome/content/rules/Pydio.com.xml
@@ -0,0 +1,27 @@
+<!--
+	Other Pydio rulesets:
+
+		- Pyd.io.xml
+
+
+	www: Prints "Pydio Apis"
+
+-->
+<ruleset name="Pydio.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="pydio.com" />
+
+	<!--	Complications:
+				-->
+	<target host="www.pydio.com" />
+
+
+	<rule from="^http://www\.pydio\.com/"
+		to="https://pydio.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Pyneo.org.xml b/src/chrome/content/rules/Pyneo.org.xml
new file mode 100644
index 000000000000..934cc2a39c64
--- /dev/null
+++ b/src/chrome/content/rules/Pyneo.org.xml
@@ -0,0 +1,11 @@
+<ruleset name="pyneo.org" default_off="mismatched">
+
+	<target host="pyneo.org" />
+	<target host="www.pyneo.org" />
+
+	<securecookie host="^pyneo\.org$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Pypi.xml b/src/chrome/content/rules/Pypi.xml
deleted file mode 100644
index ecc85a98898d..000000000000
--- a/src/chrome/content/rules/Pypi.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<ruleset name="Pypi">
-  <target host="pypi.python.org"/>
-
-  <securecookie host="^pypi.python.org$" name=".*" />
-
-  <!-- Because /css and /images are under the main domain yet can
-       not respond to SSL these will cause 'Network Errors'. It does
-       not seem to actually impact functionality though. These rules
-       left for documentation reasons. -->
-  <!--<exclusion pattern="^http://pypi\.python\.org/css/.*" />-->
-  <!--<exclusion pattern="^http://pypi\.python\.org/images/.*" />-->
-
-  <rule from="^http://pypi\.python\.org/(pypi|static/)"
-	  to="https://pypi.python.org/$1"/>
-</ruleset>
diff --git a/src/chrome/content/rules/Python-RQ.org.xml b/src/chrome/content/rules/Python-RQ.org.xml
new file mode 100644
index 000000000000..e5666f74baee
--- /dev/null
+++ b/src/chrome/content/rules/Python-RQ.org.xml
@@ -0,0 +1,5 @@
+<ruleset name="Python-RQ.org">
+	<target host="python-rq.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Python.org.xml b/src/chrome/content/rules/Python.org.xml
index 82ac69db2bbb..6b6025aaa444 100644
--- a/src/chrome/content/rules/Python.org.xml
+++ b/src/chrome/content/rules/Python.org.xml
@@ -1,29 +1,74 @@
 <!--
-	Nonfunctional subdomains:
+	HSTS preloaded:
+		- ^
+		- docs
+		- doc
+		- hg
+		- www
 
-		- (www.) *
-		- docs *
-		- hg *
-
-	* Refused
-
-
-	Fully covered subdomains:
-
-		- mail
-		- packages
-		- wiki
+	Mismatched:
+		- calendario.es
+		- documentos-asociacion.es
+		- empleo.es
+		- www.pl
+		- forum.pl
+		- ns1.pl
+		- uk
 
+	TLS protocol errors:
+		- blog-cn
+		- blog-de
+		- blog-es
+		- blog-fr
+		- blog-ja
+		- blog-ko
+		- blog-pt
+		- blog-ro
+		- blog-ru
+		- blog-tw
+		- dinsdale
 -->
-<ruleset name="Python.org (partial)">
-
-	<target host="*.python.org" />
 
+<ruleset name="Python.org">
+	<target host="africa.python.org" />
+	<target host="blog.python.org" />
+	<target host="bugs.python.org" />
+	<target host="buildbot.python.org" />
+	<target host="cheeseshop.python.org" />
+	<target host="devguide.python.org" />
+	<target host="console.python.org" />
+	<target host="discuss.python.org" />
+	<target host="es.python.org" />
+	<target host="hg.es.python.org" />
+	<target host="lists.es.python.org" />
+	<target host="www.es.python.org" />
+	<target host="openbadges.es.python.org" />
+	<target host="socios.es.python.org" />
+	<target host="front.python.org" />
+	<target host="jobs.python.org" />
+	<target host="legacy.python.org" />
+	<target host="mail.python.org" />
+	<target host="packaging.python.org" />
+	<target host="packages.python.org" />
+	<target host="pl.python.org" />
+	<target host="planet.python.org" />
+	<target host="speed.python.org" />
+	<target host="staging.python.org" />
+	<target host="staging-pycon.python.org" />
+	<target host="staging2.python.org" />
+	<target host="status.python.org" />
+	<target host="svn.python.org" />
+	<target host="testpypi.python.org" />
+	<target host="warehouse.python.org" />
+	<target host="warehouse-staging.python.org" />
+	<target host="wiki.python.org" />
 
-	<securecookie host="^wiki\.python\.org$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
+	<rule from="^http:" to="https:" />
 
-	<rule from="^http://(mail|packages|wiki)\.python\.org/"
-		to="https://$1.python.org/" />
+	<!-- HTTP 403 at / -->
+	<exclusion pattern="^http://svn\.python\.org/$" />
 
-</ruleset>
\ No newline at end of file
+	<test url="http://svn.python.org/projects/python/trunk/" />
+</ruleset>
diff --git a/src/chrome/content/rules/PythonAnywhere.com.xml b/src/chrome/content/rules/PythonAnywhere.com.xml
new file mode 100644
index 000000000000..d012d11b3892
--- /dev/null
+++ b/src/chrome/content/rules/PythonAnywhere.com.xml
@@ -0,0 +1,35 @@
+<!--
+	^pythonanywhere.com: Dropped
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.pythonanywhere.com
+
+-->
+<ruleset name="PythonAnywhere.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="blog.pythonanywhere.com" />
+	<target host="www.pythonanywhere.com" />
+
+	<!--	Complications:
+				-->
+	<target host="pythonanywhere.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.pythonanywhere\.com$" name="^csrftoken$" /-->
+
+	<securecookie host="^www\.pythonanywhere\.com$" name=".+" />
+
+
+	<rule from="^http://pythonanywhere\.com/"
+		to="https://www.pythonanywhere.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PythonTutor.ru.xml b/src/chrome/content/rules/PythonTutor.ru.xml
new file mode 100644
index 000000000000..405e187ab26b
--- /dev/null
+++ b/src/chrome/content/rules/PythonTutor.ru.xml
@@ -0,0 +1,6 @@
+<ruleset name="PythonTutor.ru">
+	<target host="pythontutor.ru" />
+	<target host="www.pythontutor.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Pythonclock.org.xml b/src/chrome/content/rules/Pythonclock.org.xml
new file mode 100644
index 000000000000..7e70bd4a8c13
--- /dev/null
+++ b/src/chrome/content/rules/Pythonclock.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="Pythonclock.org">
+
+	<target host="pythonclock.org" />
+	<target host="www.pythonclock.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Pythonhosted.org.xml b/src/chrome/content/rules/Pythonhosted.org.xml
deleted file mode 100644
index 0718cb60e8e1..000000000000
--- a/src/chrome/content/rules/Pythonhosted.org.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="pythonhosted.org">
-
-	<target host="pythonhosted.org" />
-	<target host="www.pythonhosted.org" />
-
-
-	<rule from="^http://(www\.)?pythonhosted\.org/"
-		to="https://$1pythonhosted.org/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Q1Media.com.xml b/src/chrome/content/rules/Q1Media.com.xml
index e27ac44a59c4..5b35635268f2 100644
--- a/src/chrome/content/rules/Q1Media.com.xml
+++ b/src/chrome/content/rules/Q1Media.com.xml
@@ -1,32 +1,48 @@
 <!--
-	Nonfunctional subdomains:
+	(www.)?q1media.com: Refused
 
-		- (www.)	(shows hydra; mismatched, CN: hydra.q1media.com)
 
+	Problematic hosts in *q1media.com:
 
-	Problematic subdomains:
+		- ads *
 
-		- ads		(mismatched, CN: *.adnxs.com)
+	* Mismatched, CN: *.adnxs.com
 
 
-	Fully covered subdomains:
+	Mixed content:
 
-		- ads	(→ ib.adnxs.com)
-		- hydra
+		- css on pubdash from fonts.googleapis.com *
+		- Image on pubdash from admin.q1media.com *
+
+	* Secured by us
 
 -->
 <ruleset name="Q1Media.com (partial)">
 
-	<target host="*.q1media.com" />
+	<!--	Direct rewrites:
+				-->
+	<target host="admin.q1media.com" />
+	<target host="hydra.q1media.com" />
+	<target host="pubdash.q1media.com" />
+
+	<!--	 Complications:
+				-->
+	<target host="ads.q1media.com" />
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.q1media\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+	<!--securecookie host="^admin\.q1media\.com$" name="^PHPSESSID$" /-->
 
-	<securecookie host="^hydra\.q1media\.com$" name=".+" />
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
 
 
 	<rule from="^http://ads\.q1media\.com/"
 		to="https://ib.adnxs.com/" />
 
-	<rule from="^http://hydra\.q1media\.com/"
-		to="https://hydra.q1media.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Q3df.org.xml b/src/chrome/content/rules/Q3df.org.xml
new file mode 100644
index 000000000000..67a4229d0955
--- /dev/null
+++ b/src/chrome/content/rules/Q3df.org.xml
@@ -0,0 +1,32 @@
+<!--
+	Invalid certificate:
+		ts.dfwc.org
+		sv.ws.q3df.org
+
+	Redirects:
+		gitlab.dfwc.org → gitlab.q3df.org/users/sign_in
+-->
+<ruleset name="q3df.org">
+	<target host="q3df.org" />
+	<target host="www.q3df.org" />
+	<target host="ci.q3df.org" />
+	<target host="dfwc.q3df.org" />
+	<target host="gitlab.q3df.org" />
+	<target host="ws.q3df.org" />
+	<target host="cs.ws.q3df.org" />
+	<target host="de.ws.q3df.org" />
+	<target host="ee.ws.q3df.org" />
+	<target host="en.ws.q3df.org" />
+	<target host="es.ws.q3df.org" />
+	<target host="fi.ws.q3df.org" />
+	<target host="fr.ws.q3df.org" />
+	<target host="it.ws.q3df.org" />
+	<target host="lt.ws.q3df.org" />
+	<target host="nl.ws.q3df.org" />
+	<target host="pl.ws.q3df.org" />
+	<target host="ru.ws.q3df.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Q3k.org.xml b/src/chrome/content/rules/Q3k.org.xml
new file mode 100644
index 000000000000..b4741345a5f3
--- /dev/null
+++ b/src/chrome/content/rules/Q3k.org.xml
@@ -0,0 +1,13 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.q3k.org/ => https://www.q3k.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.q3k.org'")
+
+-->
+<ruleset name="q3k.org" default_off="failed ruleset test">
+	<target host="q3k.org" />
+	<target host="www.q3k.org" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Q7-Enterprises.xml b/src/chrome/content/rules/Q7-Enterprises.xml
index 39f033926bd8..76c38ccea84c 100644
--- a/src/chrome/content/rules/Q7-Enterprises.xml
+++ b/src/chrome/content/rules/Q7-Enterprises.xml
@@ -1,10 +1,14 @@
-<ruleset name="Q7 Enterprises">
+<!--
+	Q7 Enterprises
+
+-->
+<ruleset name="Q7.com">
 
 	<target host="q7.com" />
 	<target host="www.q7.com" />
 
 
-	<rule from="^http://(www\.)?q7\.com/"
-		to="https://$1q7.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Q8Car.xml b/src/chrome/content/rules/Q8Car.xml
index 0f9f7eb17370..697ae0032054 100644
--- a/src/chrome/content/rules/Q8Car.xml
+++ b/src/chrome/content/rules/Q8Car.xml
@@ -1,19 +1,38 @@
+
 <!--
-	Problematic subdomains:
+Disabled by https-everywhere-checker because:
+Fetch error: http://images1.q8car.com/ => https://images1.q8car.com/: (6, 'Could not resolve host: images1.q8car.com')
+Fetch error: http://images2.q8car.com/ => https://images2.q8car.com/: (6, 'Could not resolve host: images2.q8car.com')
+Fetch error: http://images3.q8car.com/ => https://images3.q8car.com/: (6, 'Could not resolve host: images3.q8car.com')
+
+	Mixed content:
+
+		- Images, on:
 
-		- kuwait	(works; mismatched, CN: www.q8car.com)
+			- kuwait from images[23].q8car.com *
+			- kuwait from www.q8car.com *
+
+	* Secured by us
 
 -->
-<ruleset name="Q8Car (partial)">
+<ruleset name="Q8Car.com (partial)" default_off="failed ruleset test">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="q8car.com" />
-	<target host="*.q8car.com" />
+	<target host="images1.q8car.com" />
+	<target host="images2.q8car.com" />
+	<target host="images3.q8car.com" />
+	<target host="kuwait.q8car.com" />
+	<target host="www.q8car.com" />
+
+		<test url="http://kuwait.q8car.com/ar/cars/registration/registration.aspx" />
+
 
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(www\.)?q8car\.com/"
-		to="https://$1q8car.com/" />
 
-	<rule from="^http://kuwait\.q8car\.com/(ClientCallbacksHandler\.asmx|images/|JavaScript/|ResourceHandler\.ashx|(?:Script|Web)Resource\.axd|themes/)"
-		to="https://www.q8car.com/$1" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/QB50.xml b/src/chrome/content/rules/QB50.xml
index 7e0bff70e94d..23b336029db5 100644
--- a/src/chrome/content/rules/QB50.xml
+++ b/src/chrome/content/rules/QB50.xml
@@ -1,13 +1,13 @@
-<ruleset name="QB50">
+<ruleset name="QB50.eu">
 
 	<target host="qb50.eu" />
 	<target host="www.qb50.eu" />
 
 
-	<securecookie host="^(?:www\.)?qb50\.eu$" name=".+" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^http://(www\.)?qb50\.eu/"
-		to="https://$1qb50.eu/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/QBE-Europe.com.xml b/src/chrome/content/rules/QBE-Europe.com.xml
new file mode 100644
index 000000000000..6e11b9fa318c
--- /dev/null
+++ b/src/chrome/content/rules/QBE-Europe.com.xml
@@ -0,0 +1,63 @@
+<!--
+	For other QBE coverage, see QBE.com.xml
+
+
+	Non-functional subdomains:
+		- allenkey	(ssl connection error)
+		- careers	(m)
+		- czech	(m)
+		- deutschland	(t)
+		- email	(m)
+		- espana	(t)
+		- france	(t)
+		- hungary	(m)
+		- img	(m)
+		- italia	(t)
+		- mailexpress-dev	(ssl connection error)
+		- ns1	(t)
+		- qriskrep	(t)
+		- schweiz	(m)
+		- slovakia	(m)
+		- sverige	(m)
+		- tpaccess-test	(t)
+		- tradecredit	(m)
+		- traveler	(t)
+		- umg	(t)
+		- video	(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="QBE Europe.com">
+
+	<target host="qbeeurope.com" />
+	<target host="www.qbeeurope.com" />
+	<target host="brand.qbeeurope.com" />
+	<target host="confluence.qbeeurope.com" />
+	<target host="eopdremoteaccess.qbeeurope.com" />
+	<target host="grs.qbeeurope.com" />
+	<target host="jira.qbeeurope.com" />
+	<target host="mailexpress.qbeeurope.com" />
+	<target host="qbord.qbeeurope.com" />
+	<target host="qbord-pp.qbeeurope.com" />
+	<target host="qrisk.qbeeurope.com" />
+	<target host="qriskdist.qbeeurope.com" />
+	<target host="qriskint.qbeeurope.com" />
+	<target host="remoteaccess.qbeeurope.com" />
+	<target host="sftp.qbeeurope.com" />
+	<target host="sftp-dev.qbeeurope.com" />
+	<target host="stats.qbeeurope.com" />
+	<target host="tpaccess.qbeeurope.com" />
+	<target host="uc.qbeeurope.com" />
+	<target host="vpnaccess.qbeeurope.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/QBE-Re.com.xml b/src/chrome/content/rules/QBE-Re.com.xml
new file mode 100644
index 000000000000..64dbab06a805
--- /dev/null
+++ b/src/chrome/content/rules/QBE-Re.com.xml
@@ -0,0 +1,26 @@
+<!--
+	For other QBE coverage, see QBE.com.xml
+
+
+	Non-functional subdomains:
+		- lyncdiscover	(m)
+		- sip	(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="QBE Re.com">
+
+	<target host="qbere.com" />
+	<target host="www.qbere.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/QBE.com.au.xml b/src/chrome/content/rules/QBE.com.au.xml
new file mode 100644
index 000000000000..6c435e1ecea5
--- /dev/null
+++ b/src/chrome/content/rules/QBE.com.au.xml
@@ -0,0 +1,46 @@
+<!--
+	For other QBE coverage, see QBE.com.xml
+
+
+	Non-functional subdomains:
+		- ctpfleet	(m)
+		- affinity.ebiz	(HTTP 406 error)
+		- training.ebiz	(m)
+		- uat.ebiz	(ssl handshake failure)
+		- uat-cargo.ebiz	(i)
+		- foundation	(t)
+		- graduate	(m)
+		- www.graduate	(m)
+		- www.greenslip	(m)
+		- (www.)intermediary	(m)
+		- www.pulse	(m)
+		- search	(m)
+		- sop-vex	(t)
+		- switch	(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="QBE.com.au">
+
+	<target host="qbe.com.au" />
+	<target host="www.qbe.com.au" />
+	<target host="billpay.qbe.com.au" />
+	<target host="comms.qbe.com.au" />
+	<target host="ctp.qbe.com.au" />
+	<target host="uat.ctp.qbe.com.au" />
+	<target host="ebiz.qbe.com.au" />
+	<target host="cargo.ebiz.qbe.com.au" />
+	<target host="insurance.qbe.com.au" />
+	<target host="sc.qbe.com.au" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/QCon_New_York.com.xml b/src/chrome/content/rules/QCon_New_York.com.xml
new file mode 100644
index 000000000000..ca1307464103
--- /dev/null
+++ b/src/chrome/content/rules/QCon_New_York.com.xml
@@ -0,0 +1,15 @@
+<ruleset name="QCon New York.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="qconnewyork.com" />
+	<target host="www.qconnewyork.com" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/QCon_SF.com.xml b/src/chrome/content/rules/QCon_SF.com.xml
new file mode 100644
index 000000000000..ddc01ad44eee
--- /dev/null
+++ b/src/chrome/content/rules/QCon_SF.com.xml
@@ -0,0 +1,21 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.qconsf.com/ => https://www.qconsf.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.qconsf.com'")
+
+-->
+<ruleset name="QCon SF.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="qconsf.com" />
+	<target host="www.qconsf.com" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/QFX_Software.xml b/src/chrome/content/rules/QFX_Software.xml
new file mode 100644
index 000000000000..26b9e52a66bb
--- /dev/null
+++ b/src/chrome/content/rules/QFX_Software.xml
@@ -0,0 +1,28 @@
+<!--
+	Problematic hosts in qfxsoftware.com:
+
+		- download *
+
+	* Expired 2012-07-16; mismatched, CN: secure.qnxsoftware.com
+
+-->
+<ruleset name="QFX Software.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="qfxsoftware.com" />
+	<target host="secure.qfxsoftware.com" />
+	<target host="www.qfxsoftware.com" />
+
+	<!--	Complications:
+				-->
+	<target host="download.qfxsoftware.com" />
+
+
+	<rule from="^http://download\.qfxsoftware\.com/"
+		to="https://secure.qfxsoftware.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/QIP.xml b/src/chrome/content/rules/QIP.xml
index 78586a950a64..edd2f3c13ac4 100644
--- a/src/chrome/content/rules/QIP.xml
+++ b/src/chrome/content/rules/QIP.xml
@@ -1,12 +1,101 @@
-<!--	!functional:
-		- ziza.qip.ru	(redirects back to http)
+<!--
+	Nonfunctional subdomains:
+
+		- search.photo ¹
+		- search.video ¹
+		- ziza ²
+
+	¹ Redirects to search
+	² Dropped
+
+
+	Problematic subdomains:
+
+		- mblogi *
+
+	* Redirect differs
+
+
+	Fully covered subdomains:
+
+		- (www.)
+		- api
+		- download
+		- help
+		- kards
+		- maps
+		- mail
+		- mblogi	(→ ^)
+		- memori
+		- news
+		- partner
+		- pass
+		- photo
+		- pip
+		- s
+		- search
+		- shot
+		- welcome
+
+
+	Mixed content:
+
+		- css, on:
+
+			- ^, news, and search from fonts.googleapis.com ¹
+
+		- Bugs, on:
+
+			- ^, help, kards, mail, news, shot, and welcome from lstats ¹
+			- ^ from ad.adriver.ru ¹
+			- ^ from engine.mediamir.medialand.ru ²
+			- ^ and photo from count.rbc.ru ³
+			- ^ and photo from www.tns-counter.ru ¹
+			- kards from userapi.com ⁴
+			- search from snext.ru ⁵
+			- shot from welcome ¹
+
+		- Images, on:
+
+			- memori from $self ¹
+			- memory from open.thumbshots.org ⁶
+			- news from fs\d{3}.jpe.ru ⁴
+
+		- favicon, on:
+
+			- kards from $self ¹
+			- partner from ^ ¹
+
+	¹ Secured by us
+	² Unsecurable <= 404
+	³ Unsecurable <= refused
+	⁴ Not secured by us <= mismatched
+	⁵ Unsecurable <= dropped
+	⁶ Unsecurable <= 503
+
 -->
 <ruleset name="QIP">
-  <target host="qip.ru" />
-	<!--	* for cross-domain cookie	-->
-  <target host="*.qip.ru" />
 
-	<securecookie host="^.qip.ru$" name=".*"/>
+	<target host="qip.ru" />
+	<target host="*.qip.ru" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.qip\.ru$" name="^(PHPSESSID|qip_uid|sqip_weather_code|startqip_uniq)$" /-->
+
+	<securecookie host="^\.qip\.ru$" name=".+" />
+
+
+	<rule from="^http://((?:api|download|help|kards|lstats|maps|mail|memori|news|partner|pass|photo|pip|s|shot|search|welcome|www)\.)?qip\.ru/"
+		to="https://$1qip.ru/" />
+
+	<!--	Redirect drop path but not args:
+						-->
+	<rule from="^http://mblogi\.qip\.ru/+\??$"
+		to="https://qip.ru/?mblogi" />
+
+	<rule from="^http://mblogi\.qip\.ru/+[^?]*\?"
+		to="https://qip.ru/?mblogi&amp;" />
 
-  <rule from="^http://(?:www\.)?qip\.ru/" to="https://qip.ru/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/QLCrew.com.xml b/src/chrome/content/rules/QLCrew.com.xml
new file mode 100644
index 000000000000..d673d4204d52
--- /dev/null
+++ b/src/chrome/content/rules/QLCrew.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="QLCrew">
+
+	<target host="qlcrew.com" />
+	<target host="www.qlcrew.com" />
+	<target host="login.qlcrew.com" />
+
+	<securecookie host="^qlcrew\.com$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/QQ.com-mixedcontent.xml b/src/chrome/content/rules/QQ.com-mixedcontent.xml
new file mode 100644
index 000000000000..b73d0c41523f
--- /dev/null
+++ b/src/chrome/content/rules/QQ.com-mixedcontent.xml
@@ -0,0 +1,13 @@
+<!--
+	For rules not causing MCB, see QQ.xml.
+-->
+<ruleset name="QQ.com (mixed content)" platform="mixedcontent">
+	<target host="1.qq.com" />
+		<test url="http://1.qq.com/mall/lottery.shtml" />
+	<target host="cache.tv.qq.com" />
+		<test url="http://cache.tv.qq.com/zhuanti/premiership/web/premiership_0_1.htm" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/QQ.xml b/src/chrome/content/rules/QQ.xml
index 4c5288cf5712..dc88cba15a5e 100644
--- a/src/chrome/content/rules/QQ.xml
+++ b/src/chrome/content/rules/QQ.xml
@@ -1,51 +1,322 @@
 <!--
-	Nonfunctional domains:
+	For rules causing MCB: QQ.com-mixedcontent.xml.
 
+	503：
+		https://tpai.qq.com				https://tpai.qq.com/race
 
-		- pub.idqqimg.com
+	Expired:
+		https://qzs.mail.qq.com
+		https://t.qq.com
+		https://c.t.qq.com
+		https://e.t.qq.com
+		https://k.t.qq.com
+		https://open.t.qq.com
+		https://p.t.qq.com
+		https://reg.t.qq.com
+		https://search.t.qq.com
+		https://vip.t.qq.com
 
-		- qq.com subdomains:
+	Mismatched:
+		https://y.3g.qq.com
+		https://adsfile.qq.com			https://adsfile.qq.com/web/default0.swf
+		https://adver.qq.com
+		https://buy.qq.com
+		https://chuangshi.qq.com
+		https://img1.chuangshi.qq.com
+		https://sta1.chuangshi.qq.com
+		https://gaauth.qq.com
+		https://gameweb-img.qq.com
+		https://img1.qq.com/			https://travis-ci.org/EFForg/https-everywhere/jobs/508812521#L753
+		https://live.qq.com
+		https://bbs.m.qq.com
+		https://open.mail.qq.com
+		https://mat1.qq.com
+		https://wiki.mg.open.qq.com
+		https://os.qzs.qq.com
+		https://soft.qq.com				https://travis-ci.org/EFForg/https-everywhere/jobs/471284912#L759
 
-			- ^ *
-			- stockweb.mail		(503)
-			- wpa			(shows api.pay.qplus.com; mismatched, CN: api.pay.qplus.com)
-			- www **
+	Times out:
+		https://byod.qq.com
+		https://cb.qq.com
+		https://developer.qq.com
+		https://discuz.qq.com
+		https://cp.discuz.qq.com
+		https://dp3.qq.com				https://travis-ci.org/EFForg/https-everywhere/jobs/576119484#L615
+		https://appupdate.elife.qq.com
+		https://gad.qq.com
+		https://ptlogin2.mail.qq.com
+		https://bbs.g.qq.com			https://travis-ci.org/EFForg/https-everywhere/jobs/576140695#L827
+		https://bbs.map.qq.com
+		https://radio.cloud.music.qq.com
+		https://mx.qq.com
+		https://mxv.qq.com
+		https://roll.news.qq.com
+		https://open.qq.com
+		https://bbs.open.qq.com
+		https://wiki.open.qq.com
+		https://zc.open.qq.com
+		https://bbs.vip.qq.com
+		https://yanchu.qq.com
+		https://cgi.yanchu.qq.com
 
-		- i.gtimg.cn		(504, akamai)
-		- img1.gtimg.com *
-		- mat1.gtimg.com **
-
-	* Times out
-	** 503, akamai
-
-
-	Problematic domains:
-
-		- api.pay.qplus.com	(expired 2012-08-27)
-
-
-	Fully covered subdomains:
-
-		- exmail
-		- cnc.exmail
-
-		- mail subdomains:
-
-			- ^
-			- en
-			- ptlogin2
-			- res
-			- rl
-			- wp
-			- ws
+	Redirect:
+		qq.com							equal to www.qq.com
 
+	Redirect to http:
+		https://qqgameplatcdn.qq.com	https://qqgameplatcdn.qq.com/social_hall/js/jquery.js
 -->
-<ruleset name="QQ (partial)">
-
-	<target host="*.qq.com" />
+<ruleset name="QQ.com (partial)">
+	<target host="qq.com" />
+	<target host="www.qq.com" />
+	<target host="misc.3g.qq.com" />
+	<target host="softfile.3g.qq.com" />
+	<target host="3gimg.qq.com" />
+	<target host="3gqq.qq.com" />
+	<target host="888.qq.com" />
+	<target host="ac.qq.com" />
+	<target host="m.ac.qq.com" />
+	<target host="aq.qq.com" />
+	<target host="js.aq.qq.com" />
+	<target host="combo.b.qq.com" />
+		<test url="http://combo.b.qq.com/da/id.html" />
+	<target host="wpa.b.qq.com" />
+		<test url="http://wpa.b.qq.com/cgi/wpa.php" />
+	<target host="baobao.qq.com" />
+	<target host="browser.qq.com" />
+	<target host="btrace.qq.com" />
+	<target host="buluo.qq.com" />
+	<target host="city.qq.com" />
+	<target host="connect.qq.com" />
+	<target host="crm2.qq.com" />
+	<target host="cul.qq.com" />
+	<target host="dajia.qq.com" />
+	<target host="daju.qq.com" />
+	<target host="act.daoju.qq.com" />
+		<test url="http://act.daoju.qq.com/act/a20180629traders/index.htm" />
+	<target host="js01.daoju.qq.com" />
+	<target host="js02.daoju.qq.com" />
+	<target host="data.qq.com" />
+	<target host="daxue.qq.com" />
+	<target host="pcbrowser.dd.qq.com" />
+	<target host="dldir1.qq.com" />
+	<target host="dldir2.qq.com" />
+	<target host="dldir3.qq.com" />
+	<target host="dlied6.qq.com" />
+		<!--test url="http://dlied6.qq.com/invc/xfspeed/qqpcmgr/versetup/portal/PCMgr_Setup_10_3_15519_204.exe" /-->
+	<target host="exmail.qq.com" />
+	<target host="edu.exmail.qq.com" />
+	<target host="cnc.exmail.qq.com" />
+		<test url="http://edu.exmail.qq.com/cgi-bin/sellonlinestatic" />
+	<target host="en.exmail.qq.com" />
+	<target host="m.exmail.qq.com" />
+	<target host="open.exmail.qq.com" />
+	<target host="service.exmail.qq.com" />
+	<target host="tel.exmail.qq.com" />
+	<target host="film.qq.com" />
+	<target host="finance.qq.com" />
+	<target host="fm.qq.com" />
+	<target host="game.qq.com" />
+	<target host="games.qq.com" />
+		<test url="http://games.qq.com/mobile/" />
+	<target host="gamevip.qq.com" />
+	<target host="gongyi.qq.com" />
+	<target host="guanjia.qq.com" />
+	<target host="bbs.guanjia.qq.com" />
+	<target host="hao.qq.com" />
+	<target host="heat.qq.com" />
+	<target host="hp.qq.com" />
+		<test url="http://hp.qq.com/bz.gif" />
+	<target host="i.qq.com" />
+	<target host="igame.qq.com" />
+		<test url="http://igame.qq.com/login.php?u1=http://igame.qq.com/center/index.php" />
+	<target host="im.qq.com" />
+	<target host="imgcache.qq.com" />
+	<target host="isdspeed.qq.com" />
+		<test url="http://isdspeed.qq.com/cgi-bin/r.cgi" />
+	<target host="iwan.qq.com" />
+		<test url="http://iwan.qq.com/pcwebsite/game" />
+	<target host="jq.qq.com" />
+	<target host="jqmt.qq.com" />
+	<target host="jsqmt.qq.com" />
+		<test url="http://jsqmt.qq.com/cdn_djl.js" />
+	<target host="ke.qq.com" />
+	<target host="kf.qq.com" />
+		<!-- Redirect to http -->
+		<rule from="^http://kf\.qq\.com/$"
+			to="https://kf.qq.com/index.html" />
+		<test url="http://kf.qq.com/product/aq.html" />
+		<test url="http://kf.qq.com/product/QQ.html" />
+	<target host="kg.qq.com" />
+	<target host="kuaibao.qq.com" />
+	<target host="livew.l.qq.com" />
+		<test url="http://livew.l.qq.com/livemsg?ad_type=WL&#x26;url=https%3A%2F%2Fv.qq.com%2Fx%2Fcover%2Fzf2z0xpqcculhcz.html%3Fvid%3Dy0016wfrzsc" />
+	<target host="lbs.qq.com" />
+	<target host="lmbsy.qq.com" />
+	<target host="m.qq.com" />
+	<target host="yun.m.qq.com" />
+	<target host="mail.qq.com" />
+	<target host="en.mail.qq.com" />
+	<target host="i.mail.qq.com" />
+	<target host="res.mail.qq.com" />
+	<target host="rl.mail.qq.com" />
+	<target host="service.mail.qq.com" />
+	<target host="stockweb.mail.qq.com" />
+	<target host="wp.mail.qq.com" />
+	<target host="ws.mail.qq.com" />
+	<target host="i.match.qq.com" />
+	<target host="map.qq.com" />
+	<target host="apis.map.qq.com" />
+	<target host="open.map.qq.com" />
+	<target host="pr.map.qq.com" />
+	<target host="s.map.qq.com" />
+	<target host="shangjia.map.qq.com" />
+	<target host="sv.map.qq.com" />
+	<target host="mil.qq.com" />
+	<target host="minigame.qq.com" />
+		<test url="http://minigame.qq.com/common_manage/381/big_image_2c247d2261206b6ae81ef1ccc7108582.jpg" />
+	<target host="music.qq.com" />
+	<target host="cp.music.qq.com" />
+	<target host="mxm.qq.com" />
+	<target host="news.qq.com" />
+	<target host="view.news.qq.com" />
+	<target host="nr.qq.com" />
+	<target host="office.qq.com" />
+	<target host="om.qq.com" />
+	<target host="iot.open.qq.com" />
+	<target host="op.open.qq.com" />
+	<target host="ossweb-img.qq.com" />
+		<test url="http://ossweb-img.qq.com/images/js/share/share.shtml" />
+	<target host="pay.qq.com" />
+	<target host="my.pay.qq.com" />
+	<target host="s.pc.qq.com" />
+		<test url="http://s.pc.qq.com/discuz/css/style.css" />
+	<target host="pingfore.qq.com" />
+		<!-- https://travis-ci.org/EFForg/https-everywhere/jobs/471282290#L759 -->
+		<exclusion pattern="^http://pingfore\.qq\.com/$" />
+		<test url="http://pingfore.qq.com/pingd?dm=ent.qq.com&#x26;url=/a/20070713/000109.htm" />
+	<target host="pingjs.qq.com" />
+	<target host="player.qq.com" />
+	<target host="ssl.ptlogin2.qq.com" />
+	<target host="ui.ptlogin2.qq.com" />
+	<target host="xui.ptlogin2.qq.com" />
+	<target host="ssl.xui.ptlogin2.qq.com" />
+	<target host="cgi.pub.qq.com" />
+	<target host="pushdata.qq.com" />
+	<target host="qian.qq.com" />
+	<target host="wp.qiye.qq.com" />
+	<target host="qqgame.qq.com" />
+	<target host="open.qqgame.qq.com" />
+	<target host="dl.stream.qqmusic.qq.com" />
+	<target host="admin.qun.qq.com" />
+	<target host="user.qzone.qq.com" />
+	<target host="qzs.qq.com" />
+		<test url="http://qzs.qq.com/syzs/overSeaLogin/index.html" />
+		<test url="http://qzs.qq.com/open/baymax/8/10358_6af2d18906a25c07311b1c34cfe90ae0_0.html" />
+	<target host="r.qq.com" />
+	<target host="reader.qq.com" />
+	<target host="file.service.qq.com" />
+	<target host="shang.qq.com" />
+	<target host="img1.sj.qq.com" />
+		<test url="http://img1.sj.qq.com/api/styles/sjqqapi.css" />
+	<target host="img2.sj.qq.com" />
+		<test url="http://img2.sj.qq.com/api/scripts/sjqqapi.js" />
+	<target host="img3.sj.qq.com" />
+	<target host="img4.sj.qq.com" />
+	<target host="img5.sj.qq.com" />
+	<target host="img6.sj.qq.com" />
+	<target host="sqimg.qq.com" />
+	<target host="photo.store.qq.com" />
+	<target host="*.photo.store.qq.com" />
+	<target host="qlogo1.store.qq.com" />
+		<test url="http://qlogo1.store.qq.com/qzone/11111111/11111111/100" />
+	<target host="qlogo2.store.qq.com" />
+	<target host="qlogo3.store.qq.com" />
+	<target host="qlogo4.store.qq.com" />
+	<target host="support.qq.com" />
+	<target host="tajs.qq.com" />
+	<target host="cdn.tencentgroup.qq.com" />
+		<test url="http://cdn.tencentgroup.qq.com/join_static/ext/20170905/" />
+	<target host="trace.qq.com" />
+	<target host="ugcbsy.qq.com" />
+	<target host="v.qq.com" />
+		<test url="http://v.qq.com/vplus/colorsofchina" />
+	<target host="m.v.qq.com" />
+	<target host="c.v.qq.com" />
+		<test url="http://c.v.qq.com/vuserinfo" />
+	<target host="video.qq.com" />
+		<test url="http://video.qq.com/foo.bar" />
+		<test url="http://video.qq.com/fcgi-bin/get_cookie" />
+	<target host="btrace.video.qq.com" />
+		<test url="http://btrace.video.qq.com/kvcollect" />
+	<target host="data.video.qq.com" />
+		<test url="http://data.video.qq.com/fcgi-bin/data" />
+	<target host="growth.video.qq.com" />
+	<target host="like.video.qq.com" />
+		<test url="http://like.video.qq.com/fcgi-bin/like" />
+	<target host="ncgi.video.qq.com" />
+	<target host="node.video.qq.com" />
+	<target host="pay.video.qq.com" />
+		<test url="http://pay.video.qq.com/fcgi-bin/autopay" />
+	<target host="routertips.video.qq.com" />
+	<target host="sec.video.qq.com" />
+	<target host="tj.video.qq.com" />
+		<test url="http://tj.video.qq.com/fcgi-bin/set_cookie?otype=json" />
+	<target host="vhotlx.video.qq.com" />
+	<target host="vpic.video.qq.com" />
+	<target host="vpdata.video.qq.com" />
+	<target host="vv.video.qq.com" />
+		<test url="http://vv.video.qq.com/getinfo?otype=json" />
+	<target host="vip.qq.com" />
+	<target host="web.qq.com" />
+	<target host="web2.qq.com" />
+	<target host="weixin.qq.com" />
+	<target host="api.weixin.qq.com" />
+	<target host="login.weixin.qq.com" />
+	<target host="mp.weixin.qq.com" />
+	<target host="open.weixin.qq.com" />
+	<target host="support.weixin.qq.com" />
+	<target host="web.weixin.qq.com" />
+	<target host="webpush.weixin.qq.com" />
+	<target host="weixin110.qq.com" />
+	<target host="weread.qq.com" />
+	<target host="wetest.qq.com" />
+	<target host="cdn.wetest.qq.com" />
+	<target host="f.wetest.qq.com" />
+	<target host="weixiao.qq.com" />
+	<target host="wj.qq.com" />
+	<target host="wpa.qq.com" />
+	<target host="img1.write.qq.com" />
+		<test url="http://img1.write.qq.com/upload/cover/2016-09-26/cs_57e8da4a552c6.jpg" />
+	<target host="wspeed.qq.com" />
+	<target host="wx.qq.com" />
+	<target host="file.wx.qq.com" />
+		<test url="http://file.wx.qq.com/cgi-bin/mmwebwx-bin/webwxuploadmedia?f=json" />
+	<target host="login.wx.qq.com" />
+	<target host="res.wx.qq.com" />
+	<target host="wx1.qq.com" />
+	<target host="wx2.qq.com" />
+	<target host="file.wx2.qq.com" />
+	<target host="login.wx2.qq.com" />
+	<target host="xg.qq.com" />
+	<target host="xw.qq.com" />
+	<target host="xx.qq.com" />
+	<target host="y.qq.com" />
+	<target host="c.y.qq.com" />
+	<target host="i.y.qq.com" />
+	<target host="m.y.qq.com" />
+	<target host="p.y.qq.com" />
+	<target host="zc.qq.com" />
 
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://((?:cnc\.)?exmail\.|mail\.|(?:en|res|rl|ptlogin2|wp|ws)\.mail)\.qq\.com/"
-		to="https://$1.qq.com/" />
+	<rule from="^http://qq\.com/" to="https://www.qq.com/" />
+	
+	<rule from="^http://(\w+)\.photo\.store\.qq\.com/" to="https://$1.photo.store.qq.com/" />
+		<test url="http://b2.photo.store.qq.com/psb?/V10hQJkd3SDBzD/KIMVhn3MHz8amum0nnr*lNoK9Z2YF9vqftH7TKwbNRw!/r/dG8BAAAAAAAA" />
+		<test url="http://b99.photo.store.qq.com/psb?/V10hQJkd3SDBzD/KIMVhn3MHz8amum0nnr*lNoK9Z2YF9vqftH7TKwbNRw!/r/dG8BAAAAAAAA" />
+		<test url="http://b400.photo.store.qq.com/psb?/V10hQJkd3SDBzD/KIMVhn3MHz8amum0nnr*lNoK9Z2YF9vqftH7TKwbNRw!/r/dG8BAAAAAAAA" />
+		<test url="http://r.photo.store.qq.com/psu?/41e942eb-6e91-4b94-a736-196e663f1666/kForrvREu9pdwmv1F5WZwS4SnfKREXjL970lewz92Cc!/b/YeOjTRG3YAAAYpT39Q7*qQAA" />
+		<test url="http://s25.photo.store.qq.com/psu?/41e942eb-6e91-4b94-a736-196e663f1666/kForrvREu9pdwmv1F5WZwS4SnfKREXjL970lewz92Cc!/b/YeOjTRG3YAAAYpT39Q7*qQAA" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/QR_Server.com.xml b/src/chrome/content/rules/QR_Server.com.xml
new file mode 100644
index 000000000000..d671da9c575b
--- /dev/null
+++ b/src/chrome/content/rules/QR_Server.com.xml
@@ -0,0 +1,15 @@
+<!--
+	(www.)?qrserver.com: Plaintext reply
+
+-->
+<ruleset name="QR Server.com (partial)">
+
+	<target host="api.qrserver.com" />
+
+		<test url="http://api.qrserver.com/v1/create-qr-code/?data=&amp;size=&amp;margin=&amp;bgcolor=" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/QR_Solutions.xml b/src/chrome/content/rules/QR_Solutions.xml
index 48d5ad097dd5..213a602a9422 100644
--- a/src/chrome/content/rules/QR_Solutions.xml
+++ b/src/chrome/content/rules/QR_Solutions.xml
@@ -1,21 +1,17 @@
-<!--
-	Fully covered subdomains:
-
-		- (www.)
-		- api
-		- my
-
--->
-<ruleset name="QR Solutions">
+<ruleset name="QR Solutions.com">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="qrsolutions.com" />
-	<target host="*.qrsolutions.com" />
+	<target host="api.qrsolutions.com" />
+	<target host="my.qrsolutions.com" />
+	<target host="www.qrsolutions.com" />
 
 
-	<securecookie host="^\.qrsolutions.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://((?:api|my|www)\.)?qrsolutions\.com/"
-		to="https://$1qrsolutions.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/QS_LI.com.xml b/src/chrome/content/rules/QS_LI.com.xml
index 1b5725e0b26b..126e8aea6cb3 100644
--- a/src/chrome/content/rules/QS_LI.com.xml
+++ b/src/chrome/content/rules/QS_LI.com.xml
@@ -1,14 +1,10 @@
-<!--
-	^: http reply
-
--->
-<ruleset name="QS LI.com">
+<ruleset name="QS LI.com" default_off="plaintext reply">
 
 	<target host="qsli.com" />
-	<target host="*.qsli.com" />
+	<target host="www.qsli.com" />
 
 
-	<securecookie host="^(?:www)?\.qsli\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http://(?:www\.)?qsli\.com/"
diff --git a/src/chrome/content/rules/QSpace.lgbt.xml b/src/chrome/content/rules/QSpace.lgbt.xml
new file mode 100644
index 000000000000..ffaf5adae61b
--- /dev/null
+++ b/src/chrome/content/rules/QSpace.lgbt.xml
@@ -0,0 +1,11 @@
+<ruleset name="QSpace.lgbt">
+	<target host="qspace.lgbt" />
+	<target host="www.qspace.lgbt" />
+
+	<target host="qspacearch.com" />
+	<target host="www.qspacearch.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/QSstats.com.xml b/src/chrome/content/rules/QSstats.com.xml
index 2d741281c806..efdd9d8d6d0a 100644
--- a/src/chrome/content/rules/QSstats.com.xml
+++ b/src/chrome/content/rules/QSstats.com.xml
@@ -2,21 +2,27 @@
 	For other QuinStreet coverage, see QuinStreet.xml.
 
 
-	Problematic domains:
-
-		- qsstats.com		(cert only matches www)
+	^qsstats.com: Mismatched
 
 -->
 <ruleset name="QSstats.com">
 
-	<target host="qsstats.com" />
+	<!--	Direct rewrites:
+				-->
 	<target host="www.qsstats.com" />
 
+	<!--	Complications:
+				-->
+	<target host="qsstats.com" />
 
-	<securecookie host="^www\.qsstats\.com$" name=".+" />
 
+	<securecookie host="^\w" name=".+" />
 
-	<rule from="^http://(?:www\.)?qsstats\.com/"
+
+	<rule from="^http://qsstats\.com/"
 		to="https://www.qsstats.com/" />
 
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/QT-apps.org.xml b/src/chrome/content/rules/QT-apps.org.xml
new file mode 100644
index 000000000000..58abfcb7f290
--- /dev/null
+++ b/src/chrome/content/rules/QT-apps.org.xml
@@ -0,0 +1,12 @@
+<!--
+	For other openDesktop rules, see openDesktop.org.xml
+
+-->
+<ruleset name="QT-apps.org">
+
+	<target host="qt-apps.org" />
+	<target host="www.qt-apps.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/QTH.com.xml b/src/chrome/content/rules/QTH.com.xml
new file mode 100644
index 000000000000..0809dc787715
--- /dev/null
+++ b/src/chrome/content/rules/QTH.com.xml
@@ -0,0 +1,48 @@
+<!--
+	Nonfunctional hosts in *qth.com:
+
+		- (www.)? *
+		- banners *
+		- chat *
+		- domains *
+		- hosting *
+		- swap *
+
+	* Shows www12.qth.com
+
+
+	Problematic hosts in *qth.com:
+
+		- ssl *
+
+	* Mismatched
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .billing.qth.com
+		- ssl.qth.com
+
+-->
+<ruleset name="QTH.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="billing.qth.com" />
+	<!--target host="ssl.qth.com" /-->
+	<target host="www10.qth.com" />
+	<target host="www12.qth.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.billing\.qth\.com$" name="^uip$" /-->
+	<!--securecookie host="^ssl\.qth\.com$" name="^\.ASPXANONYMOUS$" /-->
+
+	<securecookie host="^\.billing\.qth\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/QTafsir.com.xml b/src/chrome/content/rules/QTafsir.com.xml
new file mode 100644
index 000000000000..9dcd3d990ed0
--- /dev/null
+++ b/src/chrome/content/rules/QTafsir.com.xml
@@ -0,0 +1,12 @@
+<!--
+	Invalid Certificate:
+		m.qtafsir.com
+-->
+<ruleset name="QTafsir.com" platform="mixedcontent">
+	<target host="qtafsir.com" />
+	<target host="www.qtafsir.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/QUADAtYork.ca.xml b/src/chrome/content/rules/QUADAtYork.ca.xml
new file mode 100644
index 000000000000..f2d093ee832a
--- /dev/null
+++ b/src/chrome/content/rules/QUADAtYork.ca.xml
@@ -0,0 +1,11 @@
+<!--
+	Redirects to HTTP:
+		- wechat.quadatyork.ca
+-->
+
+<ruleset name="QUADAtYork.ca">
+	<target host="quadatyork.ca" />
+	<target host="www.quadatyork.ca" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/QUnit_JS.com.xml b/src/chrome/content/rules/QUnit_JS.com.xml
new file mode 100644
index 000000000000..c2879ec64231
--- /dev/null
+++ b/src/chrome/content/rules/QUnit_JS.com.xml
@@ -0,0 +1,22 @@
+<!--
+	For other jQuery Foundation coverage, see JQuery.org.xml.
+
+
+	www.qunitjs.com doesn't exist.
+
+-->
+<ruleset name="QUnit JS.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="qunitjs.com" />
+	<target host="api.qunitjs.com" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/QWKnet_LLC.com.xml b/src/chrome/content/rules/QWKnet_LLC.com.xml
new file mode 100644
index 000000000000..c0d61b4fad31
--- /dev/null
+++ b/src/chrome/content/rules/QWKnet_LLC.com.xml
@@ -0,0 +1,37 @@
+<!--
+	For other QWK.net coverage, see QWK.net.xml.
+
+
+	^qwknetllc.com: Shows test page
+	www.qwknetllc.com: Plaintext reply
+
+
+	Problematic hosts in *qwknetllc.com:
+
+		- cp *
+
+	* Missing certificate chain
+
+-->
+<ruleset name="QWKnet LLC.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<!--target host="cp.qwknetllc.com" /-->
+	<target host="mail.qwknetllc.com" />
+	<target host="shared.qwknetllc.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^qwknetllc\.com$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^mail\.qwknetllc\.com$" name="^SQMSESSID$" /-->
+	<!--securecookie host="^\.shared\.qwknetllc\.com$" name="^(auth_key|imp_key)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/QXL.dk.xml b/src/chrome/content/rules/QXL.dk.xml
new file mode 100644
index 000000000000..29e19eba54a1
--- /dev/null
+++ b/src/chrome/content/rules/QXL.dk.xml
@@ -0,0 +1,30 @@
+<!--
+	For other QXL coverage, see Qxl.xml.
+
+
+	Nonfunctional hosts in qxl.dk:
+
+		- hjaelp *
+
+	* Handshake fails
+
+-->
+<ruleset name="QXL.dk">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="qxl.dk" />
+	<target host="www.qxl.dk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--ssecurecookie host="^\.qxl\.dk$" name="^NbResult$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:"/>
+</ruleset>
+
diff --git a/src/chrome/content/rules/QXL_static.dk.xml b/src/chrome/content/rules/QXL_static.dk.xml
new file mode 100644
index 000000000000..67b5a9cda8fc
--- /dev/null
+++ b/src/chrome/content/rules/QXL_static.dk.xml
@@ -0,0 +1,15 @@
+<!--
+	For other QXL coverage, see Qxl.xml.
+
+-->
+<ruleset name="QXL static.dk">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="pics.qxlstatic.dk" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/QXL_static.no.xml b/src/chrome/content/rules/QXL_static.no.xml
new file mode 100644
index 000000000000..f4eda5fc30b4
--- /dev/null
+++ b/src/chrome/content/rules/QXL_static.no.xml
@@ -0,0 +1,15 @@
+<!--
+	For other QXL coverage, see Qxl.xml.
+
+-->
+<ruleset name="QXL static.no">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="pics.qxlstatic.no" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Qantara.de.xml b/src/chrome/content/rules/Qantara.de.xml
new file mode 100644
index 000000000000..beab26b7abe0
--- /dev/null
+++ b/src/chrome/content/rules/Qantara.de.xml
@@ -0,0 +1,21 @@
+<!--
+	Different HTTP/HTTPS behavior:
+	- id.qantara.de (redirects with HTTP but not HTTPS)
+	- old.qantara.de (different content)
+
+-->
+<ruleset name="Qantara.de">
+	<target host="qantara.de" />
+	<target host="www.qantara.de" />
+	<target host="ar.qantara.de" />
+	<!--
+		`de.` has some active mixed content blocking, for example at
+		https://de.qantara.de/content/arte-gottlich-islam-fur-kinder
+	-->
+	<target host="de.qantara.de" />
+	<target host="en.qantara.de" />
+
+	<securecookie host="^(www|ar|de|en)\.qantara\.de$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Qari.one.xml b/src/chrome/content/rules/Qari.one.xml
new file mode 100644
index 000000000000..10c2b2abdeb7
--- /dev/null
+++ b/src/chrome/content/rules/Qari.one.xml
@@ -0,0 +1,8 @@
+<ruleset name="Qari.one">
+	<target host="qari.one" />
+	<target host="www.qari.one" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Qbox.me.xml b/src/chrome/content/rules/Qbox.me.xml
new file mode 100644
index 000000000000..8b7b4f5ebddd
--- /dev/null
+++ b/src/chrome/content/rules/Qbox.me.xml
@@ -0,0 +1,39 @@
+<!--
+	dn-staticdown.qbox.me :
+		Break geetest. Test by Firefox in:
+		http://bbs.kafan.cn/member.php?mod=logging&action=login
+		http://www.libreofficechina.org/member.php?mod=lor
+-->
+
+<ruleset name="qbox.me">
+
+<!--
+	Related : GeekPark.xml
+	MCB:
+		-->
+	<target host="dn-geekpark-new.qbox.me" />
+	<exclusion pattern="^http://dn-geekpark-new\.qbox\.me/(topics|users|videos)/" />
+	<rule from="^http:" to="https:" />
+		<test url="http://dn-geekpark-new.qbox.me/topics/210313" />
+		<test url="http://dn-geekpark-new.qbox.me/users/215004" />
+		<test url="http://dn-geekpark-new.qbox.me/videos/210537" />
+
+		<test url="http://dn-geekpark-new.qbox.me/collections/app" />
+		<test url="http://dn-geekpark-new.qbox.me/assets/application-b04af2c365b49d6e338ba2700db81ad5.css" />
+		<test url="http://dn-geekpark-new.qbox.me/uploads/user/avatar/000/122/009/medium_ceb3dffd8a47da894a7eaa668d77b54e.jpeg" />
+
+	<!--	Directly redirect:	-->
+	<target host="dn-b5jibpwe.qbox.me" />
+	<target host="dn-bterimg.qbox.me" />
+	<target host="dn-coding-net-production-file.qbox.me" />
+	<target host="dn-dji-videos.qbox.me" />
+		<!-- Loaded by https://we.dji.com -->
+		<test url="http://dn-dji-videos.qbox.me/cloud/0a2370e7e2e3e65aac7006322918eaaa/720.mp4" />
+	<target host="dn-firweb.qbox.me" />
+	<target host="dn-img3appinn.qbox.me" />
+	<target host="dn-iyz-file.qbox.me" />
+	<target host="dn-sdkcnssl.qbox.me" />
+	<target host="dn-walletla.qbox.me" />
+
+
+</ruleset>
diff --git a/src/chrome/content/rules/Qbrick.com.xml b/src/chrome/content/rules/Qbrick.com.xml
index 63aa43200895..4044c2aa49de 100644
--- a/src/chrome/content/rules/Qbrick.com.xml
+++ b/src/chrome/content/rules/Qbrick.com.xml
@@ -1,42 +1,35 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)	(refused)
-
-
-	Fully covered subdomains:
-
-		- vms.admin
 
-		- api subdomains:
-
-			- assetmanager
-			- assets
-			- authorization
-			- delivery
-			- presenter
-			- vms
-
-		- ovp
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://vms.admin.qbrick.com/ => https://vms.admin.qbrick.com/: (6, 'Could not resolve host: vms.admin.qbrick.com')
 
-		- player subdomains:
+	(www.)?qbrick.com: Blank page
 
-			- ^
-			- presenter
-			- professional
+-->
+<ruleset name="Qbrick.com (partial)" default_off="failed ruleset test">
 
-		- publisher
+	<!--	Direct rewrites:
+				-->
+	<target host="vms.admin.qbrick.com" />
 
--->
-<ruleset name="Qbrick.com (partial)">
+	<target host="assetmanager.api.qbrick.com" />
+	<target host="assets.api.qbrick.com" />
+	<target host="authorization.api.qbrick.com" />
+	<target host="delivery.api.qbrick.com" />
+	<target host="presenter.api.qbrick.com" />
+	<target host="vms.api.qbrick.com" />
 
-	<target host="*.qbrick.com" />
+	<target host="ovp.qbrick.com" />
+	<target host="player.qbrick.com" />
+	<target host="presenter.player.qbrick.com" />
+	<target host="professional.player.qbrick.com" />
+	<target host="publisher.qbrick.com" />
 
 
-	<securecookie host="^presenter\.player\.qbrick\.com$" name=".+" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^http://(vms\.admin|(?:assetmanager|assets|authorization|delivery|presenter|vms)\.api|ovp|(?:presenter\.|professional\.)?player|publisher)\.qbrick\.com/"
-		to="https://$1.qbrick.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Qcloud.com.xml b/src/chrome/content/rules/Qcloud.com.xml
new file mode 100644
index 000000000000..e1baa493ccc0
--- /dev/null
+++ b/src/chrome/content/rules/Qcloud.com.xml
@@ -0,0 +1,67 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://jiagu.qcloud.com/ => https://jiagu.qcloud.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://wiki.qcloud.com/ => https://wiki.qcloud.com/: (28, 'Connection timed out after 20000 milliseconds')
+
+	Different than http:
+		- market.qcloud.com
+
+	Incomplete certificate chain:
+		- svn.o.qcloud.com
+
+	Invalid certificate:
+		- m.qcloud.com
+		- app.o.qcloud.com
+		- cc.o.qcloud.com
+
+	Redirect to http:
+		- o.qcloud.com
+
+	Timeout:
+		- app.qcloud.com
+		- bbs.qcloud.com
+		- legu.qcloud.com
+		- yun.weixin.qcloud.com
+-->
+<ruleset name="Qcloud.com (partial)" default_off="failed ruleset test">
+	<target host="qcloud.com" />
+	<target host="www.qcloud.com" />
+	<target host="act.qcloud.com" />
+	<target host="avc.qcloud.com" />
+	<target host="beian.qcloud.com" />
+	<target host="buy.qcloud.com" />
+	<target host="cdb.qcloud.com" />
+	<target host="cdn.qcloud.com" />
+	<target host="console.qcloud.com" />
+	<target host="dcdb.qcloud.com" />
+	<target host="dnspod.qcloud.com" />
+	<target host="domains.qcloud.com" />
+	<target host="face.finance.qcloud.com" />
+	<target host="jiagu.qcloud.com" />
+	<target host="manage.qcloud.com" />
+	<target host="mccdn.qcloud.com" />
+	<target host="monitor.qcloud.com" />
+	<target host="api.o.qcloud.com" />
+	<target host="job.o.qcloud.com" />
+	<target host="login.o.qcloud.com" />
+	<target host="partners.qcloud.com" />
+	<target host="passport.qcloud.com" />
+	<target host="pgsql.qcloud.com" />
+	<target host="ssl.xui.ptlogin2.qcloud.com" />
+		<exclusion pattern="^http://ssl\.xui\.ptlogin2\.qcloud\.com/$" />
+		<test url="http://ssl.xui.ptlogin2.qcloud.com/ptui_ver.js" />
+	<target host="redis.qcloud.com" />
+	<target host="report.qcloud.com" />
+	<target host="sqlserver.qcloud.com" />
+	<target host="tdsql.qcloud.com" />
+	<target host="video.qcloud.com" />
+	<target host="wiki.qcloud.com" />
+
+	<target host="facerecognisedemo-10012194.file.myqcloud.com" />
+		<test url="http://facerecognisedemo-10012194.file.myqcloud.com/10000/user_01.png?sign=W+Z6s9oZKMHxQYVE0m3rn4V/Xl5hPTEwMDEyMTk0Jms9QUtJRFlCc2xtT3ZCTXp0aU40dmpwTm1YdDc1akZLb21FQ0w3JmU9MCZ0PTE0NTAxODg3NDAmcj0xMzQ1NTgyNjc0JmY9JmI9ZmFjZXJlY29nbmlzZWRlbW8=" />
+
+	<securecookie host="^\w" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Qemu.org.xml b/src/chrome/content/rules/Qemu.org.xml
new file mode 100644
index 000000000000..ad3b81f8db2b
--- /dev/null
+++ b/src/chrome/content/rules/Qemu.org.xml
@@ -0,0 +1,9 @@
+<ruleset name="Qemu.org">
+	<target host="qemu.org" />
+	<target host="www.qemu.org" />
+	<target host="download.qemu.org" />
+	<target host="git.qemu.org" />
+	<target host="wiki.qemu.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Qhimg.com.xml b/src/chrome/content/rules/Qhimg.com.xml
new file mode 100644
index 000000000000..826115eed7f0
--- /dev/null
+++ b/src/chrome/content/rules/Qhimg.com.xml
@@ -0,0 +1,92 @@
+<!--
+	For other Qihoo 360 Technology coverage, see 360.cn.xml.
+
+	Problematic hosts in *qhimg.com:
+		- p[0-25] ᵐ
+		- s[0-20] ᵐ
+	ᵐ Cloudfront/mismatched
+-->
+
+<ruleset name="Qhimg.com">
+
+	<!--	Direct rewrites:	-->
+	<target host="p.ssl.qhimg.com" />
+		<test url="http://p.ssl.qhimg.com/t01d7a0f7ad1686fd15.png" />
+	<target host="p0.ssl.qhimg.com" />
+	<target host="p1.ssl.qhimg.com" />
+	<target host="p2.ssl.qhimg.com" />
+	<target host="p3.ssl.qhimg.com" />
+	<target host="p4.ssl.qhimg.com" />
+	<target host="p5.ssl.qhimg.com" />
+	<target host="ps.ssl.qhimg.com" />
+		<test url="http://ps.ssl.qhimg.com/dr/_110_100/t01ccab96eb996185a5.gif" />
+
+	<target host="s.ssl.qhimg.com" />
+		<test url="http://s.ssl.qhimg.com/static/ae3930b4f8e9da71.pdf" />
+	<target host="s0.ssl.qhimg.com" />
+	<target host="s1.ssl.qhimg.com" />
+	<target host="s2.ssl.qhimg.com" />
+	<target host="s3.ssl.qhimg.com" />
+	<target host="s4.ssl.qhimg.com" />
+	<target host="s5.ssl.qhimg.com" />
+
+	<target host="weather.ssl.qhimg.com" />
+		<test url="http://weather.ssl.qhimg.com/sed_api_weather_info.php" />
+	<target host="qweather.ssl.qhimg.com" />
+		<test url="http://qweather.ssl.qhimg.com/sed_api_weather_info.php" />
+
+	<!--	Complications:	-->
+	<target host="p0.qhimg.com" />
+	<target host="p1.qhimg.com" />
+	<target host="p2.qhimg.com" />
+	<target host="p3.qhimg.com" />
+	<target host="p4.qhimg.com" />
+	<target host="p5.qhimg.com" />
+	<target host="p6.qhimg.com" />
+	<target host="p7.qhimg.com" />
+	<target host="p8.qhimg.com" />
+	<target host="p9.qhimg.com" />
+	<target host="p15.qhimg.com" />
+	<target host="p16.qhimg.com" />
+	<target host="p17.qhimg.com" />
+	<target host="p18.qhimg.com" />
+	<target host="p19.qhimg.com" />
+	<target host="p20.qhimg.com" />
+	<target host="p21.qhimg.com" />
+	<target host="p22.qhimg.com" />
+	<target host="p23.qhimg.com" />
+	<target host="p24.qhimg.com" />
+	<target host="p25.qhimg.com" />
+		<test url="http://p25.qhimg.com/d/inn/cd9dbb41/d/p25.png" />
+
+	<target host="s0.qhimg.com" />
+	<target host="s1.qhimg.com" />
+	<target host="s2.qhimg.com" />
+	<target host="s3.qhimg.com" />
+	<target host="s4.qhimg.com" />
+	<target host="s5.qhimg.com" />
+	<target host="s6.qhimg.com" />
+	<target host="s7.qhimg.com" />
+	<target host="s8.qhimg.com" />
+	<target host="s9.qhimg.com" />
+	<target host="s15.qhimg.com" />
+	<target host="s16.qhimg.com" />
+	<target host="s17.qhimg.com" />
+	<target host="s18.qhimg.com" />
+	<target host="s19.qhimg.com" />
+	<target host="s20.qhimg.com" />
+		<test url="http://s20.qhimg.com/static/ae3930b4f8e9da71.pdf" />
+
+	<securecookie host="^\w" name=".+" />
+
+	<rule from="^http://(p|s)(0|1|2|3|4|5)\.qhimg\.com/"
+		to="https://$1$2.ssl.qhimg.com/" />
+
+	<rule from="^http://p\d+\.qhimg\.com/"
+		to="https://p.ssl.qhimg.com/" />
+
+	<rule from="^http://s\d+\.qhimg\.com/"
+		to="https://s.ssl.qhimg.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/QiDian.com.tw.xml b/src/chrome/content/rules/QiDian.com.tw.xml
new file mode 100644
index 000000000000..1ee5f1b94744
--- /dev/null
+++ b/src/chrome/content/rules/QiDian.com.tw.xml
@@ -0,0 +1,12 @@
+<!--
+	Related:
+		QiDian.com.xml
+-->
+<ruleset name="QiDian.com.tw">
+	<target host="qidian.com.tw" />
+	<target host="www.qidian.com.tw" />
+	<target host="m.qidian.com.tw" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
+
diff --git a/src/chrome/content/rules/QiDian.com.xml b/src/chrome/content/rules/QiDian.com.xml
new file mode 100644
index 000000000000..4d11063d2474
--- /dev/null
+++ b/src/chrome/content/rules/QiDian.com.xml
@@ -0,0 +1,108 @@
+<!--
+	Other ruleset:
+		QiDian.com.tw.xml
+
+	MCB:
+		activity.qidian.com	http://activity.qidian.com/barrage
+
+	Redirected to http:
+		2cy.qidian.com
+		a.qidian.com
+		dushi.qidian.com
+		f.qidian.com
+		fin.qidian.com
+		junshi.qidian.com
+		kehuan.qidian.com
+		lingyi.qidian.com
+		lishi.qidian.com
+		qihuan.qidian.com
+		r.qidian.com
+		se.qidian.com
+		tiyu.qidian.com
+		wuxia.qidian.com
+		xianxia.qidian.com
+		xuanhuan.qidian.com
+		youxi.qidian.com
+		zhichang.qidian.com
+
+	Invalid certificate:
+		^qidian.com
+		anquan.qidian.com
+		avd.qidian.com
+		bbs.qidian.com
+		c.qidian.com
+		files.qidian.com
+		forump.qidian.com
+		free.qidian.com
+		game.qidian.com
+		a.game.qidian.com
+		api.game.qidian.com
+		1.if.qidian.com	( equal to www.qidian.com )
+		3.if.qidian.com
+		3g.if.qidian.com
+		4.if.qidian.com
+		abc.if.qidian.com
+		afav.if.qidian.com
+		ap.if.qidian.com
+		iosm.if.qidian.com
+		o.if.qidian.com
+		s.if.qidian.com
+		v.if.qidian.com
+		image.qidian.com
+		image1.qidian.com
+		img3.qidian.com
+		l.qidian.com
+		wap.m.qidian.com
+		pingba.qidian.com
+		c.pingba.qidian.com
+		reg.qidian.com
+		shop.qidian.com
+		sosu.qidian.com
+		sta.qidian.com
+		tongji.qidian.com
+		vip.qidian.com
+		wwwploy.qidian.com
+		xs.qidian.com
+
+		^(www.)?qdmm.com
+		big5.qdmm.com
+		big5ploy.dqmm.com
+		me.qdmm.com
+		mebig5.qdmm.com
+		top.qdmm.com
+		*.qdmm.com	( Too much to list them all. )
+-->
+<ruleset name="QiDian.com (partial)">
+	<target host="ac.qidian.com" />
+		<test url="http://ac.qidian.com/login/index" />
+	<target host="acts.qidian.com" />
+	<target host="book.qidian.com" />
+	<target host="cj.qidian.com" />
+	<target host="download.qidian.com" />
+	<target host="facepic.qidian.com" />
+	<target host="file1.qidian.com" />
+	<target host="file2.qidian.com" />
+	<target host="forum.qidian.com" />
+	<target host="grey.qidian.com" />
+		<target host="4g.if.qidian.com" />
+		<target host="qrcode.if.qidian.com" />
+		<target host="vn.if.qidian.com" />
+	<target host="img.qidian.com" />
+		<test url="http://img.qidian.com/webgame/game/lzlz16x16.gif" />
+	<target host="img0.qidian.com" />
+	<target host="img1.qidian.com" />
+	<target host="img2.qidian.com" />
+	<target host="isdspeed.qidian.com" />
+	<target host="login.qidian.com" />
+	<target host="m.qidian.com" />
+	<target host="me.qidian.com" />
+	<target host="passport.qidian.com" />
+	<target host="qdp.qidian.com" />
+	<target host="quanben.qidian.com" />
+	<target host="read.qidian.com" />
+	<target host="t.qidian.com" />
+	<target host="uedas.qidian.com" />
+	<target host="vipreader.qidian.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Qibla.com.xml b/src/chrome/content/rules/Qibla.com.xml
new file mode 100644
index 000000000000..a085c02004d7
--- /dev/null
+++ b/src/chrome/content/rules/Qibla.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="Qibla.com">
+	<target host="qibla.com" />
+	<target host="www.qibla.com" />
+	<target host="support.qibla.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Qihu_CDN.com.xml b/src/chrome/content/rules/Qihu_CDN.com.xml
new file mode 100644
index 000000000000..effd20ea65d3
--- /dev/null
+++ b/src/chrome/content/rules/Qihu_CDN.com.xml
@@ -0,0 +1,22 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://shouji.ssl.qihucdn.com/ (200) => https://shouji.ssl.qihucdn.com/ (403)
+
+	For other Qihoo 360 Technology coverage, see 360.cn.xml.
+
+-->
+<ruleset name="Qihu CDN.com" default_off="failed ruleset test">
+
+	<target host="*.ssl.qihucdn.com" />
+
+		<test url="http://shouji.ssl.qihucdn.com/" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Qiwi.com.xml b/src/chrome/content/rules/Qiwi.com.xml
new file mode 100644
index 000000000000..2893c0fa91b5
--- /dev/null
+++ b/src/chrome/content/rules/Qiwi.com.xml
@@ -0,0 +1,29 @@
+<!-- universe. timeout
+portal.int. mismatch
+portal. handshake error
+agent. handshake error
+universe.qiwi.ru timed out -->
+<ruleset name="Qiwi.com">
+	<target host="qiwi.com" />
+	<target host="www.qiwi.com" />
+	<target host="corp.qiwi.com" />
+	<target host="investor.qiwi.com" />
+	<target host="static.qiwi.com" />
+	<target host="idea.qiwi.com" />
+	<target host="ishop.qiwi.com" />
+	<target host="w.qiwi.com" />
+	<target host="visa.qiwi.com" />
+	<target host="m.qiwi.com" />
+	<target host="ab.qiwi.com" />
+	<target host="new.qiwi.com" />
+	<target host="wap.qiwi.com" />
+	<target host="bonus.qiwi.com" />
+	<target host="qiwi.ru" />
+	<target host="www.qiwi.ru" />
+	<target host="sms.qiwi.ru" />
+	<target host="w.qiwi.ru" />
+	<target host="ishopnew.qiwi.ru" />
+	<target host="visa.qiwi.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Qiyi.com.xml b/src/chrome/content/rules/Qiyi.com.xml
new file mode 100644
index 000000000000..6662c1ffff1e
--- /dev/null
+++ b/src/chrome/content/rules/Qiyi.com.xml
@@ -0,0 +1,21 @@
+<!--
+	Other rulesets:
+		iQiyi.com.xml
+		reference: https://github.com/EFForg/https-everywhere/pull/4801#issuecomment-219402538
+-->
+<ruleset name="Qiyi.com (partial)">
+	<target host="www.qiyi.com" />
+		<test url="http://www.qiyi.com/player/20110218183154/qiyi_player.swf" />
+	<target host="2012.qiyi.com" />
+	<target host="henan.qiyi.com" />
+		<test url="http://henan.qiyi.com/dongman/xyyyhtl.html" />
+	<target host="list.qiyi.com" />
+	<target host="static.qiyi.com" />
+		<test url="http://static.qiyi.com/css/common/register_css/register_new.css" />
+	<target host="vip.qiyi.com" />
+	<target host="yule.qiyi.com" />
+
+	<securecookie host="^\w" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Qiyipic.com.xml b/src/chrome/content/rules/Qiyipic.com.xml
new file mode 100644
index 000000000000..2a82a3a2b4f0
--- /dev/null
+++ b/src/chrome/content/rules/Qiyipic.com.xml
@@ -0,0 +1,36 @@
+<!--
+	Other rulesets:
+		iQiyi.com.xml
+-->
+<ruleset name="Qiyipic.com" default_off="sometimes SSL_ERROR_INTERNAL_ERROR_ALERT in China">
+	<target host="www.qiyipic.com" />
+	<target host="img4.qiyipic.com" />
+	<target host="img5.qiyipic.com" />
+	<target host="img6.qiyipic.com" />
+	<target host="img7.qiyipic.com" />
+	<target host="img8.qiyipic.com" />
+	<target host="pic0.qiyipic.com" />
+	<target host="pic1.qiyipic.com" />
+	<target host="pic2.qiyipic.com" />
+	<target host="pic3.qiyipic.com" />
+	<target host="pic4.qiyipic.com" />
+	<target host="pic5.qiyipic.com" />
+	<target host="pic6.qiyipic.com" />
+	<target host="pic7.qiyipic.com" />
+	<target host="pic8.qiyipic.com" />
+	<target host="pic9.qiyipic.com" />
+	<target host="u0.qiyipic.com" />
+	<target host="u1.qiyipic.com" />
+	<target host="u2.qiyipic.com" />
+	<target host="u3.qiyipic.com" />
+	<target host="u4.qiyipic.com" />
+	<target host="u5.qiyipic.com" />
+	<target host="u6.qiyipic.com" />
+	<target host="u7.qiyipic.com" />
+	<target host="u8.qiyipic.com" />
+	<target host="u9.qiyipic.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Qlogo.cn.xml b/src/chrome/content/rules/Qlogo.cn.xml
new file mode 100644
index 000000000000..4d655dba781b
--- /dev/null
+++ b/src/chrome/content/rules/Qlogo.cn.xml
@@ -0,0 +1,30 @@
+<!--
+	Expired:
+		app.qlogo.cn	https://app.qlogo.cn/mbloghead/cf94ae144b3ee0d1a98c/0
+
+	Invalid certificate:
+		t[0-9]?.qlogo.cn	https://t.qlogo.cn/mbloghead/4db4ec3d66191208f0b6/0
+-->
+<ruleset name="Qlogo.cn">
+	<target host="mmbiz.qlogo.cn" />
+		<test url="http://mmbiz.qlogo.cn/mmbiz/1RfIgR0icEjL1cAj1gDApcbEIEhfpZeibJicvavITf9UcpHCicd1uGY4WHvDaAszXBKgEFWRyKicAtT0DxI2yqh5RdA/" />
+	<target host="shp.qlogo.cn" />
+		<test url="http://shp.qlogo.cn/cforumsh/614478/bbshn_614478_virtual/120" />
+
+	<target host="q.qlogo.cn" />
+	<target host="q1.qlogo.cn" />
+	<target host="q2.qlogo.cn" />
+	<target host="q3.qlogo.cn" />
+	<target host="q4.qlogo.cn" />
+		<test url="http://q.qlogo.cn/g?b=qq&#x26;k=Osib95YbszciblkflbYwNQgw&#x26;s=140" />
+
+	<target host="qzapp.qlogo.cn" />
+		<test url="http://qzapp.qlogo.cn/qzapp/221326/99BD8F025CF73F24E2D738DBA11EFA79/50" />
+
+	<target host="wx.qlogo.cn" />
+		<test url="http://wx.qlogo.cn/mmopen/g3MonUZtNHkdmzicIlibx6iaFqAc56vxLSUfpb6n5WKSYVY0ChQKkiaJSgQ1dZuTOgvLLrhJbERQQ4eMsv84eavHiaiceqxibJxCfHe/0" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Qnetp.net.xml b/src/chrome/content/rules/Qnetp.net.xml
new file mode 100644
index 000000000000..900a533abaa1
--- /dev/null
+++ b/src/chrome/content/rules/Qnetp.net.xml
@@ -0,0 +1,29 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://qnetp.net/ => https://qnetp.net/: (51, "SSL: no alternative certificate subject name matches target host name 'qnetp.net'")
+Fetch error: http://booster.qnetp.net/ => https://booster.qnetp.net/: (51, "SSL: no alternative certificate subject name matches target host name 'booster.qnetp.net'")
+
+	www.qnetp.net: shows default page, valid cert
+
+-->
+<ruleset name="qnetp.net (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="qnetp.net" />
+	<target host="booster.qnetp.net" />
+	<target host="mail.qnetp.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.mail\.qnetp\.net$" name="^IMAIL_TEST_COOKIE$" /-->
+
+	<securecookie host="^\.mail\.qnetp\.net$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Qnsr.com.xml b/src/chrome/content/rules/Qnsr.com.xml
index 81533794b7de..9630070a964a 100644
--- a/src/chrome/content/rules/Qnsr.com.xml
+++ b/src/chrome/content/rules/Qnsr.com.xml
@@ -9,23 +9,28 @@
 			- e1.cdn.qnsr.com
 
 
-	Problematic subdomains:
+	Problematic hosts in *qnsr.com:
 
-		- e1.cdn	(akamai)
+		- e1.cdn *
 
-
-	Fully covered subdomains:
-
-		- e1.cdn	(→ o1)
-		- o1
+	* Akamai/mismatched
 
 -->
 <ruleset name="Qnsr.com">
 
-	<target host="*.qnsr.com" />
+	<!--	Direct rewrites:
+				-->
+	<target host="o1.qnsr.com" />
 
+	<!--	Complications:
+				-->
+	<target host="e1.cdn.qnsr.com" />
 
-	<rule from="^http://(?:e1\.cdn|o1)\.qnsr\.com/"
+
+	<rule from="^http://e1\.cdn\.qnsr\.com/"
 		to="https://o1.qnsr.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Qontext.xml b/src/chrome/content/rules/Qontext.xml
deleted file mode 100644
index cdd1a011afd0..000000000000
--- a/src/chrome/content/rules/Qontext.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Qontext">
-
-	<target host="qontext.com" />
-	<target host="www.qontext.com" />
-
-
-	<securecookie host="^www\.qontext\.com$" name=".*" />
-
-
-	<rule from="^http://(www\.)?qontext\.com/"
-		to="https://$1qontext.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Qoo10.cn.xml b/src/chrome/content/rules/Qoo10.cn.xml
index 0c836539f8ae..5c1102461781 100644
--- a/src/chrome/content/rules/Qoo10.cn.xml
+++ b/src/chrome/content/rules/Qoo10.cn.xml
@@ -41,8 +41,12 @@
 -->
 <ruleset name="Qoo10.cn (partial)">
 
-	<target host="*.image-qoo10.cn" />
-	<target host="*.qoo10.cn" />
+	<target host="gd.image-qoo10.cn" />
+	<target host="gdssl.image-qoo10.cn" />
+	<target host="static.image-qoo10.cn" />
+	<target host="staticssl.image-qoo10.cn" />
+	<target host="my.qoo10.cn" />
+	<target host="qsm.qoo10.cn" />
 
 
 	<securecookie host="^(?:my|qsm)\.qoo10\.cn$" name=".+" />
@@ -51,7 +55,6 @@
 	<rule from="^http://(gd|static)(?:ssl)?\.image-qoo10\.cn/"
 		to="https://$1ssl.image-qoo10.cn/" />
 
-	<rule from="^http://(my|qsm)\.qoo10\.cn/"
-		to="https://$1.qoo10.cn/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Qoo10.com.xml b/src/chrome/content/rules/Qoo10.com.xml
index 82206dea9711..739670a05225 100644
--- a/src/chrome/content/rules/Qoo10.com.xml
+++ b/src/chrome/content/rules/Qoo10.com.xml
@@ -43,8 +43,14 @@
 -->
 <ruleset name="Qoo10.com (partial)">
 
-	<target host="*.image-gmkt.com" />
-	<target host="*.qoo10.com" />
+	<target host="dp.image-gmkt.com" />
+	<target host="gd.image-gmkt.com" />
+	<target host="gdssl.image-gmkt.com" />
+	<target host="static.image-gmkt.com" />
+	<target host="staticssl.image-gmkt.com" />
+	<target host="kwave.qoo10.com" />
+	<target host="my.qoo10.com" />
+	<target host="pg.qoo10.com" />
 
 
 	<securecookie host="^(?:kwave|my)\.qoo10\.com$" name=".+" />
@@ -56,7 +62,6 @@
 	<rule from="^http://(gd|static)(?:ssl)?\.image-gmkt\.com/"
 		to="https://$1ssl.image-gmkt.com/" />
 
-	<rule from="^http://(kwave|my|pg)\.qoo10\.com/"
-		to="https://$1.qoo10.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Qpic.cn.xml b/src/chrome/content/rules/Qpic.cn.xml
new file mode 100644
index 000000000000..2ec55d5024fb
--- /dev/null
+++ b/src/chrome/content/rules/Qpic.cn.xml
@@ -0,0 +1,29 @@
+<ruleset name="Qpic.cn">
+	<target host="a1.qpic.cn" />
+	<target host="a2.qpic.cn" />
+	<target host="a3.qpic.cn" />
+	<target host="a4.qpic.cn" />
+		<test url="http://a4.qpic.cn/psb?/V13CngkM01AN78/A9psbTv8js.REPB8DA77SqXP0jSyWfeHYz4AZ4FPL94!/b/dFp76Ez3DQAA" />
+	<target host="c2cpicdw.qpic.cn" />
+		<test url="http://c2cpicdw.qpic.cn/offpic_new/22399312/9651b2d9-c8a9-4732-a7eb-aa2f7f2e33df/0" />
+	<target host="mmbiz.qpic.cn" />
+		<test url="http://mmbiz.qpic.cn/mmbiz_jpg/tp6GaCh2ZTRyY2HibMibpnpmTX7ayyib80e3b4rW0CSwD3muIsdQtkIFoULn2OeRpvQYQsGjXwIB7j2KGQPPtazBQ/0" />
+	<target host="p.qpic.cn" />
+		<test url="http://p.qpic.cn/ww_head/0/520264b11ea51/0" />
+	<target host="puui.qpic.cn" />
+		<test url="http://puui.qpic.cn/qqvideo/0/s03192gh149/0" />
+	<target host="qidian.qpic.cn" />
+		<test url="http://qidian.qpic.cn/qidian_common/349573/8b1d07b55b016ff8d191af33d6545d3c/" />
+	<target host="shp.qpic.cn" />
+		<test url="http://shp.qpic.cn/txdiscuz_pic/0/cfbbs_discuz_bbs_cf_qq_com_forum_201502_16_092046bk0cpyypctn8k05w.gif/" />
+	<target host="t1.qpic.cn" />
+		<test url="http://t1.qpic.cn/mblogpic/919e25a7a9e5b7645c7a/" />
+	<target host="t2.qpic.cn" />
+	<target host="t3.qpic.cn" />
+	<target host="ugc.qpic.cn" />
+		<test url="http://ugc.qpic.cn/gbar_pic/FOpLJ7PFFMqqydEK4tic0VKuC5PDIiaXawb1ZTI0HXLoIGxk0OPIwyqA/" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Qrobe.it.xml b/src/chrome/content/rules/Qrobe.it.xml
deleted file mode 100644
index 0a0b69624b0a..000000000000
--- a/src/chrome/content/rules/Qrobe.it.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!-- Suggested by Christopher Liu
-     https://mail1.eff.org/pipermail/https-everywhere-rules/2012-April/001096.html
-     -->
-<ruleset name="Qrobe.it">
-    <target host="qrobe.it" />
-    <target host="*.qrobe.it" />
-
-    <rule from="^http://(www\.)?qrobe\.it/"
-        to="https://qrobe.it/" />
-    <rule from="^http://([^/@:\.]+)\.qrobe\.it/"
-        to="https://$1.qrobe.it/" />
-
-    <securecookie host="^(www)?\.qrobe\.it" name=".*" />
-</ruleset>
diff --git a/src/chrome/content/rules/Qrq.de.xml b/src/chrome/content/rules/Qrq.de.xml
new file mode 100644
index 000000000000..f5a34d5e4ec7
--- /dev/null
+++ b/src/chrome/content/rules/Qrq.de.xml
@@ -0,0 +1,13 @@
+<!--
+	(www.)?qrq.de: redirects to frog
+
+-->
+<ruleset name="qrq.de (partial)" default_off="self-signed">
+
+	<target host="frog.qrq.de" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Qrz.com.xml b/src/chrome/content/rules/Qrz.com.xml
new file mode 100644
index 000000000000..e3df650affc5
--- /dev/null
+++ b/src/chrome/content/rules/Qrz.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="Qrz.com">
+	<target host="qrz.com" />
+	<target host="www.qrz.com" />
+	<target host="forums.qrz.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Qt-project.org.xml b/src/chrome/content/rules/Qt-project.org.xml
new file mode 100644
index 000000000000..ac81e4e6eb28
--- /dev/null
+++ b/src/chrome/content/rules/Qt-project.org.xml
@@ -0,0 +1,58 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://download.qt-project.org/ => https://download.qt-project.org/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://releases.qt-project.org/ => https://releases.qt-project.org/: (60, 'SSL certificate problem: certificate has expired')
+
+	For other Digia coverage, see Digia.xml.
+
+
+	Nonfunctional hosts in *qt-project.org:
+
+		- ^ ¹
+		- lists ²
+		- planet ¹
+
+	¹ IPv6 connection refused; IPv4 1024-bit, MD5, self-signed, CN: server
+	² Dropped
+
+
+	Problematic hosts in *qt-project.org:
+
+		- bugreports *
+		- www.qt-project.org (refused on ^)
+	* Expired
+
+-->
+<ruleset name="Qt-project.org" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="codereview.qt-project.org" />
+	<target host="download.qt-project.org" />
+	<target host="releases.qt-project.org" />
+	<target host="www.qt-project.org" />
+
+	<!--	Complications:
+				-->
+	<target host="qt-project.org" />
+	<target host="bugreports.qt-project.org" />
+	<target host="planet.qt-project.org" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://qt-project\.org/"
+		to="https://www.qt-project.org/" />
+
+	<rule from="^http://bugreports\.qt-project\.org/"
+		to="https://bugreports.qt.io/" />
+
+	<rule from="^http://planet\.qt-project\.org/"
+		to="https://planet.qt.io/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Qt.io.xml b/src/chrome/content/rules/Qt.io.xml
new file mode 100644
index 000000000000..36bbdb01b004
--- /dev/null
+++ b/src/chrome/content/rules/Qt.io.xml
@@ -0,0 +1,30 @@
+<!--
+	For other Digia coverage, see Digia.xml.
+
+	Nonfunctional subdomains:
+
+		- ^ (times out)
+-->
+<ruleset name="Qt.io">
+
+	<target host="qt.io" />
+	<target host="download.qt.io" />
+	<target host="bugreports.qt.io" />
+	<target host="planet.qt.io" />
+	<target host="doc.qt.io" />
+	<target host="forum.qt.io" />
+	<target host="wiki.qt.io" />
+	<target host="www.qt.io" />
+	<target host="blog.qt.io" />
+	<target host="account.qt.io" />
+	<target host="code.qt.io" />
+	<target host="login.qt.io" />
+	<target host="showroom.qt.io" />
+
+	<rule from="^http://qt\.io/"
+		to="https://www.qt.io/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Qt.xml b/src/chrome/content/rules/Qt.xml
deleted file mode 100644
index 92f0daef323e..000000000000
--- a/src/chrome/content/rules/Qt.xml
+++ /dev/null
@@ -1,29 +0,0 @@
-<!--
-	For other Digia coverage, see Digia.xml.
-
--->
-<ruleset name="Qt" platform="mixedcontent">
-
-	<target host="qt-project.org" />
-	<target host="*.qt-project.org" />
-
-
-	<securecookie host="^(.*\.)?qt-project\.org$" name=".*" />
-
-
-	<rule from="^http://releases\.qt-project\.org/"
-		to="https://qtproject.cachefly.net/" />
-
-	<!--
-		Observed subdomains:
-
-			- bugreports
-			- codereview
-			- planet
-			- www
-				-->
-  <exclusion pattern="lists\.qt-project\.org" />
-	<rule from="^http://(\w+\.)?qt-project\.org/"
-		to="https://$1qt-project.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Qt_Cloud_Services.com.xml b/src/chrome/content/rules/Qt_Cloud_Services.com.xml
new file mode 100644
index 000000000000..6c428b3680c3
--- /dev/null
+++ b/src/chrome/content/rules/Qt_Cloud_Services.com.xml
@@ -0,0 +1,47 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://qtcloudservices.com/ => https://qtcloudservices.com/: (6, 'Could not resolve host: qtcloudservices.com')
+Fetch error: http://console.qtcloudservices.com/ => https://console.qtcloudservices.com/: (6, 'Could not resolve host: console.qtcloudservices.com')
+Fetch error: http://developer.qtcloudservices.com/ => https://developer.qtcloudservices.com/: (7, 'Failed to connect to developer.qtcloudservices.com port 443: Connection refused')
+Fetch error: http://www.qtcloudservices.com/ => https://www.qtcloudservices.com/: (6, 'Could not resolve host: www.qtcloudservices.com')
+
+	For other Digia coverage, see Digia.xml.
+
+
+	Problematic hosts in qtcloudservices.com:
+
+		- status *
+
+	*StatusPage.io
+
+-->
+<ruleset name="Qt Cloud Services.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="qtcloudservices.com" />
+	<target host="console.qtcloudservices.com" />
+	<target host="developer.qtcloudservices.com" />
+	<target host="www.qtcloudservices.com" />
+
+	<!--	Complications:
+				-->
+	<target host="status.qtcloudservices.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^console\.qtcloudservices\.com$" name="^_qtc-platform-dash-session$" /-->
+	<!--securecookie host="^developer\.qtcloudservices\.com$" name="^_qtc-developer-documentation_session$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://status\.qtcloudservices\.com/"
+		to="https://qtcloudservices.statuspage.io/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Qt_Developer_Days.com.xml b/src/chrome/content/rules/Qt_Developer_Days.com.xml
new file mode 100644
index 000000000000..c1c2114c42af
--- /dev/null
+++ b/src/chrome/content/rules/Qt_Developer_Days.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="Qt Developer Days.com">
+
+	<target host="qtdeveloperdays.com" />
+	<target host="www.qtdeveloperdays.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Qtastatic.com.xml b/src/chrome/content/rules/Qtastatic.com.xml
new file mode 100644
index 000000000000..df39ee95edf3
--- /dev/null
+++ b/src/chrome/content/rules/Qtastatic.com.xml
@@ -0,0 +1,16 @@
+<!--
+	For other Questia coverage, see Questia.com.xml.
+
+-->
+<ruleset name="Qtastatic.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="qtastatic.com" />
+	<target host="www.qtastatic.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Quackquackgo.nl.xml b/src/chrome/content/rules/Quackquackgo.nl.xml
new file mode 100644
index 000000000000..d8841cc7ec06
--- /dev/null
+++ b/src/chrome/content/rules/Quackquackgo.nl.xml
@@ -0,0 +1,17 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://quackquackgo.nl/ => https://quackquackgo.nl/: (51, "SSL: no alternative certificate subject name matches target host name 'quackquackgo.nl'")
+Fetch error: http://www.quackquackgo.nl/ => https://www.quackquackgo.nl/: (51, "SSL: no alternative certificate subject name matches target host name 'www.quackquackgo.nl'")
+
+-->
+<ruleset name="quackquackgo.nl" default_off="failed ruleset test">
+
+	<target host="quackquackgo.nl" />
+	<target host="www.quackquackgo.nl" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/QuadPoint.org.xml b/src/chrome/content/rules/QuadPoint.org.xml
new file mode 100644
index 000000000000..fb06d40d9401
--- /dev/null
+++ b/src/chrome/content/rules/QuadPoint.org.xml
@@ -0,0 +1,47 @@
+<!--
+	NB: Tor users cannot view* this website due to CloudFlare settings.
+
+	See:
+
+		- https://blog.torproject.org/blog/call-arms-helping-internet-services-accept-anonymous-users
+		- https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block-Tor-
+		- https://support.cloudflare.com/hc/en-us/articles/200170206-How-do-I-turn-I-m-Under-Attack-mode-on-
+
+	* without enabling javascript, for security and privacy implications see e.g.:
+
+		- https://www.mozilla.org/security/known-vulnerabilities/firefox.html
+		- https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-fingerprinting
+		- https://panopticlick.eff.org
+
+
+	Insecure cookies are set for these domains:
+
+		- .quadpoint.org
+
+
+	Mixed content:
+
+		- css from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="QuadPoint.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="quadpoint.org" />
+	<target host="www.quadpoint.org" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.quadpoint\.org$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Quadrant.org.au.xml b/src/chrome/content/rules/Quadrant.org.au.xml
new file mode 100644
index 000000000000..1bc7151c035d
--- /dev/null
+++ b/src/chrome/content/rules/Quadrant.org.au.xml
@@ -0,0 +1,28 @@
+<!--
+	Insecure cookies are set for these domains and hosts:
+
+		- quadrant.org.au
+		- .quadrant.org.au
+		- www.quadrant.org.au
+
+-->
+<ruleset name="Quadrant.org.au">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="quadrant.org.au" />
+	<target host="www.quadrant.org.au" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?quadrant\.org\.au$" name="^(?:PHPSESSID|wc_session_cookie_[\da-f]{32}|woocommerce_cart_hash|woocommerce_items_in_cart)$" /-->
+	<!--securecookie host="^\.quadrant\.org\.au$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Quadrantsec.com.xml b/src/chrome/content/rules/Quadrantsec.com.xml
new file mode 100644
index 000000000000..2575577b0790
--- /dev/null
+++ b/src/chrome/content/rules/Quadrantsec.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- quadrantsec.com
+
+-->
+<ruleset name="Quadrantsec.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="quadrantsec.com" />
+	<target host="www.quadrantsec.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^quadrantsec\.com$" name="^(?:exp_last_activity|exp_last_visit|exp_tracker)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Quadriga_CX.com.xml b/src/chrome/content/rules/Quadriga_CX.com.xml
new file mode 100644
index 000000000000..87b26c6e0c1b
--- /dev/null
+++ b/src/chrome/content/rules/Quadriga_CX.com.xml
@@ -0,0 +1,31 @@
+<!--
+	Insecure cookies are set for these domains and hosts:
+
+		- quadrigacx.com
+		- .quadrigacx.com
+		- www.quadrigacx.com
+
+-->
+<ruleset name="Quadriga CX.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="quadrigacx.com" />
+	<target host="www.quadrigacx.com" />
+
+		<test url="http://quadrigacx.com/?ref=" />
+		<test url="http://www.quadrigacx.com/?ref=" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?quadrigacx\.com$" name="^(?:ci_session|referrer)$" /-->
+	<!--securecookie host="^\.quadrigacx\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Quagga.xml b/src/chrome/content/rules/Quagga.xml
index a29493c1dd25..958c28d75e52 100644
--- a/src/chrome/content/rules/Quagga.xml
+++ b/src/chrome/content/rules/Quagga.xml
@@ -1,8 +1,15 @@
-<ruleset name="Quagga">
-  <target host="bugzilla.quagga.net" />
-  <target host="lists.quagga.net" />
+<ruleset name="Quagga.net">
 
-  <securecookie host="^(?:bugzilla|lists)\.quagga\.net$" name=".+" />
+	<!--	Direct rewrites:
+				-->
+	<target host="bugzilla.quagga.net" />
+	<target host="lists.quagga.net" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
-  <rule from="^http://(?:bugzilla|lists)\.quagga\.net/" to="https://bugzilla.quagga.net/" />
 </ruleset>
diff --git a/src/chrome/content/rules/QuakeNet.xml b/src/chrome/content/rules/QuakeNet.xml
index 3b77979d0ee8..fadca4adb730 100644
--- a/src/chrome/content/rules/QuakeNet.xml
+++ b/src/chrome/content/rules/QuakeNet.xml
@@ -1,18 +1,28 @@
 <!--
-	Nonfunctional domains:
-
-		- (www.)	(no https)
+	^quakenet.org: Dropped
 
 -->
-<ruleset name="QuakeNet (partial)">
+<ruleset name="QuakeNet.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="auth.quakenet.org" />
+	<target host="hg.quakenet.org" />
+	<target host="webchat.quakenet.org" />
+	<target host="www.quakenet.org" />
+
+	<!--	Complications:
+				-->
+	<target host="quakenet.org" />
 
-	<target host="*.quakenet.org" />
 
+	<securecookie host=".+" name=".+" />
 
-	<securecookie host="^auth\.quakenet\.org$" name=".*" />
 
+	<rule from="^http://quakenet\.org/"
+		to="https://www.quakenet.org/" />
 
-	<rule from="^http://(auth|hg|webchat)\.quakenet\.org/"
-		to="https://$1.quakenet.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Qualaris.com-falsemixed.xml b/src/chrome/content/rules/Qualaris.com-falsemixed.xml
deleted file mode 100644
index 88b0ef72870d..000000000000
--- a/src/chrome/content/rules/Qualaris.com-falsemixed.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	For rules not causing false/broken MCB, see Qualaris.com.xml.
-
--->
-<ruleset name="Qualaris.com (false MCB)" platform="mixedcontent">
-
-	<target host="qualaris.com" />
-	<target host="*.qualaris.com" />
-		<!--
-			Handled in Qualaris.com.xml:
-							-->
-		<!--exclusion pattern="^http://(www\.)?qualaris\.com/+(favicon\.ico|wp-content/|wp-includes/)" /-->
-
-
-	<securecookie host="^(?:www)?\.qualaris\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?qualaris\.com/(?=favicon\.ico|wp-content/|wp-includes/)"
-		to="https://www.qualaris.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Qualaris.com.xml b/src/chrome/content/rules/Qualaris.com.xml
index e2b84aae22d4..8fd8b218a146 100644
--- a/src/chrome/content/rules/Qualaris.com.xml
+++ b/src/chrome/content/rules/Qualaris.com.xml
@@ -1,30 +1,27 @@
 <!--
-	For rules causing false/broken MCB, see Qualaris.com-falsemixed.xml.
+	www.qualaris.com: 404
 
+-->
+<ruleset name="Qualaris.com">
 
-	^: self-signed
-
-
-	Mixed content:
-
-		- css on www from www *
+	<!--	Direct rewrites:
+				-->
+	<target host="qualaris.com" />
+	<target host="app.qualaris.com" />
+	<target host="legacy.qualaris.com" />
 
-		- Images on www from www *
+	<!--	Complications:
+				-->
+	<target host="www.qualaris.com" />
 
-	* Secured by us
 
--->
-<ruleset name="Qualaris.com (partial)">
+	<securecookie host=".+" name=".+" />
 
-	<target host="qualaris.com" />
-	<target host="www.qualaris.com" />
-		<!--
-			False/broken MCB:
-						-->
-		<!--exclusion pattern="^http://(www\.)?qualaris\.com/+(?!favicon\.ico|wp-content/|wp-includes/)" /-->
 
+	<rule from="^http://www\.qualaris\.com/"
+		to="https://qualaris.com/" />
 
-	<rule from="^http://(?:www\.)?qualaris\.com/(?=favicon\.ico|wp-content/|wp-includes/)"
-		to="https://www.qualaris.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Qualcomm-mismatches.xml b/src/chrome/content/rules/Qualcomm-mismatches.xml
deleted file mode 100644
index 0f1af02a16f0..000000000000
--- a/src/chrome/content/rules/Qualcomm-mismatches.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	For rules that are on by default, see Qualcomm.xml.
-
--->
-<ruleset name="Qualcomm (mismatches)" default_off="mismatch">
-
-	<!--	Akamai, nothing at origin	-->
-	<target host="qualcomm.com"/>
-	<target host="latam.qualcomm.com"/>
-	<target host="www.qualcomm.com"/>
-
-	<rule from="^http://(?:www\.)?qualcomm\.com/"
-		to="https://www.qualcomm.com/"/>
-
-	<rule from="^http://latam\.qualcomm\.com/"
-		to="https://latam.qualcomm.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Qualcomm.xml b/src/chrome/content/rules/Qualcomm.xml
index 7de066cd9b37..3c084af7c0d3 100644
--- a/src/chrome/content/rules/Qualcomm.xml
+++ b/src/chrome/content/rules/Qualcomm.xml
@@ -1,29 +1,53 @@
-<!--
-	For problematic rules, see Qualcomm-mismatches.xml.
 
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://pages.qualcomm.com/ => https://pages.qualcomm.com/: (6, 'Could not resolve host: pages.qualcomm.com')
 
 	Other Qualcomm rulesets:
 
-		- AllJoyn.org.xml
 
 
-	Problematic subdomains:
+	Nonfunctional hosts in *qualcomm.com:
+
+		- latam ¹
+		- (www.)?qca ²
+
+	¹ Redirects to http
+	² Dropped
+
+
+	^qualcomm.com: Dropped
 
-		- ^	(refused)
-		- latam *
-		- www *
 
-	* Works, akamai
+	Mixed content:
+
+		- Bug on pages from examplecom.112.2o7.net *
+
+	* Secured by us
 
 -->
-<ruleset name="Qualcomm (partial)">
+<ruleset name="Qualcomm.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="developer.qualcomm.com"/>
+	<target host="pages.qualcomm.com"/>
+	<target host="qrd.qualcomm.com"/>
+	<target host="toq.qualcomm.com"/>
+	<target host="www.qualcomm.com"/>
+
+	<!--	Complications:
+				-->
+	<target host="qualcomm.com"/>
+
+
+	<securecookie host="^\w" name=".+" />
 
-	<target host="qca.qualcomm.com"/>
-	<target host="www.qca.qualcomm.com"/>
 
-	<securecookie host="^.*\.qca\.qualcomm\.com$" name=".*"/>
+	<rule from="^http://qualcomm\.com/"
+		to="https://www.qualcomm.com/" />
 
-	<rule from="^http://(www\.)?qca\.qualcomm\.com/"
-		to="https://$1qca.qualcomm.com/"/>
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Quality-ABO.de.xml b/src/chrome/content/rules/Quality-ABO.de.xml
new file mode 100644
index 000000000000..0c32738a93e7
--- /dev/null
+++ b/src/chrome/content/rules/Quality-ABO.de.xml
@@ -0,0 +1,41 @@
+<!--
+	^quality-abo.de: Refused
+
+-->
+<ruleset name="Quality-ABO.de (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.quality-abo.de" />
+
+	<!--	Complications:
+				-->
+	<target host="quality-abo.de" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.quality-abo\.de/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.quality-abo\.de/(?!QA/|mlb_public/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.quality-abo.de/Service/Aboservice-und-Kontakt/" />
+			<test url="http://www.quality-abo.de/Service/Impressum/" />
+			<test url="http://www.quality-abo.de/Zeitschriften/Rubrik/fitness-und-sport/?categ=66" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.quality-abo.de/mlb_public/images/cover/magazine/der-spiegel-1650-4.jpg" />
+			<test url="http://www.quality-abo.de/QA/images/ci/logo.gif" />
+
+
+	<rule from="^http://quality-abo\.de/"
+		to="https://www.quality-abo.de/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/QualityAgent.xml b/src/chrome/content/rules/QualityAgent.xml
index 8de760ad43ea..629a94cee5f7 100644
--- a/src/chrome/content/rules/QualityAgent.xml
+++ b/src/chrome/content/rules/QualityAgent.xml
@@ -6,30 +6,25 @@
 
 	Nonfunctional subdomains:
 
+		- (www.)? ¹
 		- blog		(hosted on Tumblr)
 		- bugs		(prints "test")
 		- demo *
 		- members *
 
+	¹ Refused
 	* rx_record_too_long
 
-
-	Fully covered subdomains:
-
-		- (www.)
-		- support
-
 -->
-<ruleset name="QualityAgent (partial)">
+<ruleset name="QualityAgent (partial)" default_off="refused">
 
 	<target host="qualityagent.com" />
-	<target host="*.qualityagent.com" />
+	<target host="www.qualityagent.com" />
 
 
-	<securecookie host="^.+\.qualityunit\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(support\.|www\.)?qualityagent\.com/"
-		to="https://$1qualityagent.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/QualityUnit.xml b/src/chrome/content/rules/QualityUnit.xml
index 675c3f11a5df..4d5dc53bfe65 100644
--- a/src/chrome/content/rules/QualityUnit.xml
+++ b/src/chrome/content/rules/QualityUnit.xml
@@ -1,19 +1,32 @@
 <!--
 	Other QualityUnit rulesets:
 
-		- Cashback4you.xml
+		- Post_Affiliate_Network.com.xml
+		- Post_Affiliate_Pro.com.xml
+
+
+	Insecure cookies are set for these hosts:
+
+		- qualityunit.com
+		- www.qualityunit.com
 
 -->
-<ruleset name="QualityUnit">
+<ruleset name="QualityUnit.com">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="qualityunit.com" />
 	<target host="www.qualityunit.com" />
 
 
-	<securecookie host="^www\.qualityunit\.com$" name=".+" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?qualityunit\.com$" name="^STICKYSESSION$" /-->
+
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^http://(www\.)?qualityunit\.com/"
-		to="https://$1qualityunit.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Qualtrics.xml b/src/chrome/content/rules/Qualtrics.xml
deleted file mode 100644
index 14f336588881..000000000000
--- a/src/chrome/content/rules/Qualtrics.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	Bucket at a248.e.akamai.net/img.qualtrics.com/
-
--->
-<ruleset name="Qualtrics (surveys)">
-
-	<target host="*.qualtrics.com" />
-		<exclusion pattern="^http://(www\.)?qualtrics\.com/" />
-	<target host="*.us2.qualtrics.com" />
-	<target host="*.asia.qualtrics.com" />
-
-
-	<securecookie host="^(.*\.)?qualtrics\.com$" name=".*" />
-
-
-	<rule from="^http://([\w\-]+)\.((?:us2|asia)\.)?qualtrics\.com/"
-		to="https://$1.$2qualtrics.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Qualys.xml b/src/chrome/content/rules/Qualys.xml
index 31874cde23d4..b5f8cef4d1b4 100644
--- a/src/chrome/content/rules/Qualys.xml
+++ b/src/chrome/content/rules/Qualys.xml
@@ -1,33 +1,77 @@
 <!--
+	NB: If any tested domains cease to exist, just remove the test.
+
+
 	s3.amazonaws.com/qualys/ | d1dejaj6dcqv24.cloudfront.net
 
--->
-<ruleset name="Qualys (partial)">
 
-	<target host="qualys.com" />
-	<target host="*.qualys.com" />
-		<!--	Doesn't work.	-->
-		<exclusion pattern="^http://news\."/>
+	Problematic subdomains:
 
-	<!--	Observed cookies:
+		- laws *
+		- news *
 
-			- \.
-			- browsercheck
-			- community
-					-->
-	<securecookie host="^.*\.qualys\.com$" name=".*"/>
+	* Works; mismatched, CN: www.qualys.com
 
 
-	<!--	Observed working subdomains:
+	Fully covered subdomains:
 
+		- (?!laws\.|news\.)[\w.]+:
+
+			- qualysguard.qg2.apps
 			- browsercheck
 			- community
+			- qg2
 			- pci
 			- qualysguard
 			- seal
 			- www
-				-->
-	<rule from="^http://(\w+\.)?qualys\.com/"
-		to="https://$1qualys.com/"/>
+
+		- laws	(→ community)
+		- news	(→ community)
+
+
+	Insecure cookies are set for these domains:
+
+		- community.qualys.com
+
+-->
+<ruleset name="Qualys.com">
+
+	<target host="qualys.com" />
+	<target host="*.qualys.com" />
+
+		<test url="http://community.qualys.com/" />
+		<test url="http://browsercheck.qualys.com/" />
+		<test url="http://seal.qualys.com/" />
+		<test url="http://www.qualys.com/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="community\.qualys\.com$" name="^(BIGipServerpool_qualys-inc6\.hosted\.jivesoftware\.com|JSESSIONID)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<!--	Redirect keeps path and args,
+		but not forward slash:
+						-->
+	<rule from="^http://laws\.qualys\.com/+"
+		to="https://community.qualys.com/blogs/laws-of-vulnerabilities/" />
+
+		<test url="http://laws.qualys.com/" />
+		<test url="http://laws.qualys.com//" />
+
+	<!--	Redirect keeps path and args,
+		but not forward slash:
+						-->
+	<rule from="^http://news\.qualys\.com/+"
+		to="https://community.qualys.com/blogs/news/" />
+
+		<test url="http://news.qualys.com/" />
+		<test url="http://news.qualys.com//" />
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Quamnet.com.xml b/src/chrome/content/rules/Quamnet.com.xml
new file mode 100644
index 000000000000..3f6722d46988
--- /dev/null
+++ b/src/chrome/content/rules/Quamnet.com.xml
@@ -0,0 +1,52 @@
+<!--
+	Nonfunctional hosts in *quamnet.com:
+
+		- adserver ¹
+		- bannerserver ²
+
+	¹ Refused
+	² Dropped
+
+
+	Problematic hosts in *quamnet.com:
+
+		- web2 *
+
+	* Mismatched
+
+
+	Insecure cookies are set for these domains:
+
+		- .quamnet.com
+
+
+	Mixed content:
+
+		- Ads/bugs, on:
+
+			- (www.)? from adserver.quamnet.com
+			- (www.)? from bannerserver.quamnet.com
+			- (www.)? from www.quamnet.com
+			- (www.)? from www2.quamnet.com
+
+-->
+<ruleset name="Quamnet.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="quamnet.com" />
+	<target host="www.quamnet.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.quamnet\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.quamnet\.com$" name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Quandl.com.xml b/src/chrome/content/rules/Quandl.com.xml
new file mode 100644
index 000000000000..dd3cedccc149
--- /dev/null
+++ b/src/chrome/content/rules/Quandl.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- www.quandl.com
+
+-->
+<ruleset name="Quandl.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="quandl.com" />
+	<target host="www.quandl.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.quandl\.com$" name="^(_wikiposit_session_v6_\w+|user_uuid)" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/QuantCount.xml b/src/chrome/content/rules/QuantCount.xml
new file mode 100644
index 000000000000..34bc3ec6699f
--- /dev/null
+++ b/src/chrome/content/rules/QuantCount.xml
@@ -0,0 +1,34 @@
+<!--
+	Other Quantcast rulesets:
+
+		- Quantserve.com.xml
+		- Quantcast.xml
+
+-->
+<ruleset name="Quantcast.com">
+	<target host="quantcount.com" />
+	<target host="www.quantcount.com" />
+
+	<target host="cms.quantcount.com" />
+	<target host="ads.quantcount.com" />
+	<target host="flash.quantcount.com" />
+	<target host="geo.quantcount.com" />
+	<target host="exch.quantcount.com" />
+	<target host="ede.quantcount.com" />
+	<target host="m.quantcount.com" />
+	<target host="map.quantcount.com" />
+	<target host="pixel.quantcount.com" />
+	<target host="secure.quantcount.com" />
+	<target host="ssl.quantcount.com" />
+	<target host="c.quantcount.com" />
+	<target host="content.quantcount.com" />
+	<target host="edge.quantcount.com" />
+	<target host="rules.quantcount.com" />
+	<target host="static.quantcount.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Quanta_Magazine.org.xml b/src/chrome/content/rules/Quanta_Magazine.org.xml
new file mode 100644
index 000000000000..6be55e41c38f
--- /dev/null
+++ b/src/chrome/content/rules/Quanta_Magazine.org.xml
@@ -0,0 +1,13 @@
+<ruleset name="Quanta Magazine.org">
+
+	<target host="quantamagazine.org" />
+	<target host="www.quantamagazine.org" />
+
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Quantcast.xml b/src/chrome/content/rules/Quantcast.xml
index e0adb3670171..70d696a6f5cd 100644
--- a/src/chrome/content/rules/Quantcast.xml
+++ b/src/chrome/content/rules/Quantcast.xml
@@ -2,36 +2,66 @@
 	Other Quantcast rulesets:
 
 		- Quantserve.com.xml
-
-
-	Fully covered subdomains:
-
-		- (www.)
-		- ak
-		- widget
-
-
-	Observed cookie subdomains:
-
-		- ak
-		- www
-
-
-	Mixed content:
-
-		- Videos on www from player.vimeo.com
-
+		- QuantCount.xml
+
+	Redirect to plain:
+		- edirect.qapi.quantcast.com
+		- onedrive.redirect.qapi.quantcast.com
+		- outlook-calendar.redirect.qapi.quantcast.com
+		- outlook-mail.redirect.qapi.quantcast.com
+		- outlook-people.redirect.qapi.quantcast.com
+		- outlook-tasks.redirect.qapi.quantcast.com
+		- test.redirect.qapi.quantcast.com
+
+	Connection refused:
+		- adtest-raw.quantcast.com
+		- adtest.quantcast.com
+		- autodiscover.quantcast.com
+
+	Cert mismatch:
+		- branding.quantcast.com
+		- developer.quantcast.com
+		- em.quantcast.com
+		- go.quantcast.com
+		- help.quantcast.com
+
+	Timeout:
+		- obm.quantcast.com
 -->
-<ruleset name="Quantcast" platform="mixedcontent">
+<ruleset name="Quantcast.com">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="quantcast.com" />
-	<target host="*.quantcast.com" />
-
-
-	<securecookie host=".*\.quantcast\.com$" name=".*" />
-
-
-	<rule from="^http://((?:ak|widget|www)\.)?quantcast\.com/"
-		to="https://$1quantcast.com/" />
+	<target host="www.quantcast.com" />
+
+	<target host="aboutads.quantcast.com" />
+	<target host="ak.quantcast.com" />
+	<target host="blog.quantcast.com" />
+	<target host="info.quantcast.com" />
+	<target host="marketing2017.quantcast.com" />
+	<target host="measure.api.quantcast.com" />
+	<target host="origin-www.quantcast.com" />
+	<target host="present.quantcast.com" />
+	<target host="production-us-east-1.quantcast.com" />
+	<target host="qapi.quantcast.com" />
+	<target host="remote.quantcast.com" />
+	<target host="secure.quantcast.com" />
+	<target host="staging-us-east-1.quantcast.com" />
+	<target host="staging.quantcast.com" />
+	<target host="static.quantcast.com" />
+	<target host="thumbnail.quantcast.com" />
+	<target host="vpn-cisco.quantcast.com" />
+	<target host="w.quantcast.com" />
+	<target host="widget.quantcast.com" />
+	<target host="wst.quantcast.com" />
+	<target host="ww.quantcast.com" />
+	<target host="zelmina.quantcast.com" />
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Quantifiedself.com.xml b/src/chrome/content/rules/Quantifiedself.com.xml
deleted file mode 100644
index a3cee5631368..000000000000
--- a/src/chrome/content/rules/Quantifiedself.com.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!-- This rule was automatically generated based on an HSTS
-     preload rule in the Chromium browser.  See
-     https://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.h
-     for the list of preloads.  Sites are added to the Chromium HSTS
-     preload list on request from their administrators, so HTTPS should
-     work properly everywhere on this site.
-
-     Because Chromium and derived browsers automatically force HTTPS for
-     every access to this site, this rule applies only to Firefox. -->
-<ruleset name="Quantifiedself.com" platform="firefox">
-<target host="forum.quantifiedself.com" />
-
-<securecookie host="^forum\.quantifiedself\.com$" name=".+" />
-
-<rule from="^http://forum\.quantifiedself\.com/" to="https://forum.quantifiedself.com/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Quantlib.org.xml b/src/chrome/content/rules/Quantlib.org.xml
new file mode 100644
index 000000000000..5e62d7988492
--- /dev/null
+++ b/src/chrome/content/rules/Quantlib.org.xml
@@ -0,0 +1,17 @@
+<!--
+	Invalid certificate:
+		quantlib.org
+
+-->
+<ruleset name="Quantlib.org">
+
+	<target host="quantlib.org" />
+	<target host="www.quantlib.org" />
+
+	<rule from="^http://quantlib\.org/"
+		to="https://www.quantlib.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Quantopian.com.xml b/src/chrome/content/rules/Quantopian.com.xml
new file mode 100644
index 000000000000..29742c3ba47c
--- /dev/null
+++ b/src/chrome/content/rules/Quantopian.com.xml
@@ -0,0 +1,64 @@
+<!--
+	NB: Tor users cannot view* this website due to CloudFlare settings.
+
+	See:
+
+		- https://blog.torproject.org/blog/call-arms-helping-internet-services-accept-anonymous-users
+		- https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block-Tor-
+		- https://support.cloudflare.com/hc/en-us/articles/200170206-How-do-I-turn-I-m-Under-Attack-mode-on-
+
+	* without enabling javascript, for security and privacy implications see e.g.:
+
+		- https://www.mozilla.org/security/known-vulnerabilities/firefox.html
+		- https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-fingerprinting
+		- https://panopticlick.eff.org
+
+
+	Insecure cookies are set for these domains:
+
+		- .quantopian.com
+
+
+	Mixed content:
+
+		- Font on blog from themes.googleusercontent.com *
+
+		- Images, on:
+
+			- blog from twiecki.github.io *
+			- blog from $self *
+			- blog from media.quantopian.com *
+
+		- Bug on blog from cdn-images.mailchimp.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Quantopian.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="quantopian.com" />
+	<target host="blog.quantopian.com" />
+	<target host="media.quantopian.com" />
+	<target host="www.quantopian.com" />
+
+	<!--	Complications:
+				-->
+	<target host="status.quantopian.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.quantopian\.com$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.quantopian\.com$" name=".+" />
+
+
+	<rule from="^http://status\.quantopian\.com/"
+		to="https://quantopian.statuspage.io/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Quantserve.com.xml b/src/chrome/content/rules/Quantserve.com.xml
index b762412ae19d..4677a9714d4b 100644
--- a/src/chrome/content/rules/Quantserve.com.xml
+++ b/src/chrome/content/rules/Quantserve.com.xml
@@ -1,26 +1,56 @@
 <!--
-	For other Quantcast coverage, see Quantcast.xml.
+	For other Quantcast coverage, see Quantcast.xml & QuantCount.xml.
 
 
 	CDN buckets:
 
 		- map-js.quantserve.com.akadns.net
 
+			- edge
+
+
+	edge.quantserve.com sets mc wildcard cookie
+	on whichever domain it is loaded from.
 
 	secure.quantserve.com sets __qca wildcard cookie
 	on whichever domain it is loaded from.
 
+
+	Fully covered subdomains:
+
+		- ^
+		- edge		(→ www)
+
+		- [^/:@\.]+:
+
+			- pixel
+			- secure
+			- www
+
+
+	Insecure cookies are set for these domains:
+
+		- .quantserve.com
+
 -->
 <ruleset name="Quantserve.com">
 
 	<target host="quantserve.com" />
 	<target host="*.quantserve.com" />
 
+		<test url="http://pixel.quantserve.com/" />
+		<test url="http://secure.quantserve.com/" />
+		<test url="http://www.quantserve.com/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.quantserve\.com$" name="^(d|mc)$" /-->
 
 	<!--
-  Experiment: disable securecookies to see if it fixes 
+  Experiment: disable securecookies to see if it fixes
   https://trac.torproject.org/projects/tor/ticket/8406
-	<securecookie host="^\.quantserve\.com$" name=".*" />
+	<securecookie host="^\.quantserve\.com$" name=".+" />
   -->
 	<!--securecookie host="^\.quantserve\.com$" name="^mc$" /-->
 
@@ -29,7 +59,9 @@
 	<rule from="^http://edge\.quantserve\.com/"
 		to="https://www.quantserve.com/" />
 
-	<rule from="^http://([^/:@\.]+\.)?quantserve\.com/"
-		to="https://$1quantserve.com/" />
+		<test url="http://edge.quantserve.com/" />
+
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/QuantumComputingReport.com.xml b/src/chrome/content/rules/QuantumComputingReport.com.xml
new file mode 100644
index 000000000000..aa79d9b67770
--- /dev/null
+++ b/src/chrome/content/rules/QuantumComputingReport.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="QuantumComputingReport.com">
+	<target host="quantumcomputingreport.com" />
+	<target host="www.quantumcomputingreport.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/QuantumMAN.xml b/src/chrome/content/rules/QuantumMAN.xml
deleted file mode 100644
index 33ce2abbd19c..000000000000
--- a/src/chrome/content/rules/QuantumMAN.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="QuantumMAN">
-
-	<target host="quantummansite.com" />
-	<target host="*.quantummansite.com" />
-
-
-	<securecookie host="^\.quantummansite\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?quantummansite\.com/"
-		to="https://$1quantummansite.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Quassel-irc.org.xml b/src/chrome/content/rules/Quassel-irc.org.xml
new file mode 100644
index 000000000000..d45141eddcf2
--- /dev/null
+++ b/src/chrome/content/rules/Quassel-irc.org.xml
@@ -0,0 +1,19 @@
+<!--
+	Nonfunctional hosts in *.quassel-irc.org:
+		- lists.quassel-irc.org (r)
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Quassel-irc.org">
+	<target host="quassel-irc.org" />
+	<target host="www.quassel-irc.org" />
+	<target host="bugs.quassel-irc.org" />
+	<target host="git.quassel-irc.org" />
+	<target host="wiki.quassel-irc.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Quattroplay.com.xml b/src/chrome/content/rules/Quattroplay.com.xml
index 8040a000ab26..1a6e5d23a874 100644
--- a/src/chrome/content/rules/Quattroplay.com.xml
+++ b/src/chrome/content/rules/Quattroplay.com.xml
@@ -4,10 +4,10 @@
 	<target host="*.quattroplay.com" />
 
 
-	<securecookie host="^(?:.*\.)?quattroplay\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http://([\w-]+\.)?quattroplay\.com/"
 		to="https://$1quattroplay.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Qubes-OS.org.xml b/src/chrome/content/rules/Qubes-OS.org.xml
deleted file mode 100644
index df99c91927af..000000000000
--- a/src/chrome/content/rules/Qubes-OS.org.xml
+++ /dev/null
@@ -1,36 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- files		(shows keys)
-		- git		(refused)
-
-
-	Problematic subdomains:
-
-		- ^	(cert only matches www)
-
-
-	Expired 2011-04-06
-
-
-	Mixed content:
-
-		- Images on www from files
-
--->
-<ruleset name="Qubes-OS.org" default_off="expired, self-signed">
-
-	<target host="qubes-os.org" />
-	<target host="*.qubes-os.org" />
-
-
-	<securecookie host="^www\.qubes-os\.org$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?qubes-os\.org/"
-		to="https://www.qubes-os.org/" />
-
-	<rule from="^http://keys\.qubes-os\.org/"
-		to="https://keys.qubes-os.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Qubes.xml b/src/chrome/content/rules/Qubes.xml
deleted file mode 100644
index 7768073ceecd..000000000000
--- a/src/chrome/content/rules/Qubes.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)
-
--->
-<ruleset name="Qubes (partial)" default_off="expired, mismatch">
-
-	<target host="wiki.qubes-os.org" />
-
-
-	<securecookie host="^wiki\.qubes-os\.org$" name=".*" />
-
-
-	<!--	Cert: www.qubes-os.org	-->
-	<rule from="^http://wiki\.qubes-os\.org/"
-		to="https://wiki.qubes-os.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Qubit_products.com.xml b/src/chrome/content/rules/Qubit_products.com.xml
index cfe55068df85..78de135bb5be 100644
--- a/src/chrome/content/rules/Qubit_products.com.xml
+++ b/src/chrome/content/rules/Qubit_products.com.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://pong.qubitproducts.com/ => https://pong.qubitproducts.com/: (6, 'Could not resolve host: pong.qubitproducts.com')
+
 	CDN buckets:
 
 		- d3c3cq33003psk.cloudfront.net
@@ -6,24 +10,32 @@
 		- qubitopentag.tenderapp.com
 
 
-	Fully covered subdomains:
+	Nonfunctional hosts in *qubitproducts.com:
+
+		- (www.)? ¹
+		- docs ²
+		- support ³
 
-		- (www.)
-		- dashboard
-		- opentag
-		- pong
+	¹ Refused
+	² Shows tools.qubitproducts.com
+	³ Desk.com
 
 -->
-<ruleset name="Qubit products.com">
+<ruleset name="Qubit products.com (partial)" default_off="failed ruleset test">
 
-	<target host="qubitproducts.com" />
-	<target host="*.qubitproducts.com" />
+	<!--	Direct rewrites:
+				-->
+	<target host="account.qubitproducts.com" />
+	<target host="dashboard.qubitproducts.com" />
+	<target host="opentag.qubitproducts.com" />
+	<target host="pong.qubitproducts.com" />
+	<target host="tools.qubitproducts.com" />
 
 
-	<securecookie host="^(?:www)?\.qubitproducts\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://((?:dashboard|opentag|pong|www)\.)?qubitproducts\.com/"
-		to="https://$1qubitproducts.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Quch.io.xml b/src/chrome/content/rules/Quch.io.xml
new file mode 100644
index 000000000000..a4c534cfee1f
--- /dev/null
+++ b/src/chrome/content/rules/Quch.io.xml
@@ -0,0 +1,13 @@
+<ruleset name="Quch.io">
+
+	<target host="quch.io" />
+	<target host="www.quch.io" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Queens-Gazette.xml b/src/chrome/content/rules/Queens-Gazette.xml
index 66cc10a8f84b..53fd8aac82ca 100644
--- a/src/chrome/content/rules/Queens-Gazette.xml
+++ b/src/chrome/content/rules/Queens-Gazette.xml
@@ -1,16 +1,20 @@
-<ruleset name="Queens Gazette" default_off="mismatch">
+<!--
+	Queens Gazette
+
+
+	CN: *.our-hometown.com
+
+-->
+<ruleset name="QGazette.com" default_off="mismatched">
 
-	<!--	Cert: *.our-hometown.com	-->
 	<target host="qgazette.com" />
-	<target host="*.qgazette.com" />
+	<target host="www.qgazette.com" />
 
 
-	<securecookie host="^\.qgazette\.com$" name=".*" />
+	<securecookie host=".+" name=".+" />
 
 
-	<!--	!www 301s to www.
-					-->
-	<rule from="^https?://(?:www\.)?qgazette\.com/"
-		to="https://www.qgazette.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Queens_University_Belfast.xml b/src/chrome/content/rules/Queens_University_Belfast.xml
index f07077063c97..03ae904e164f 100644
--- a/src/chrome/content/rules/Queens_University_Belfast.xml
+++ b/src/chrome/content/rules/Queens_University_Belfast.xml
@@ -27,10 +27,10 @@
 	<target host="*.qub.ac.uk" />
 
 
-	<rule from="^https?://(?:www\.)?qub\.ac\.uk/"
+	<rule from="^http://(?:www\.)?qub\.ac\.uk/"
 		to="https://www.qub.ac.uk/" />
 
-	<rule from="^https?://(?:www\.)?daro\.qub\.ac\.uk/"
+	<rule from="^http://(?:www\.)?daro\.qub\.ac\.uk/"
 		to="https://daro.qub.ac.uk/" />
 
 	<rule from="^http://knock\.qub\.ac\.uk/(?:\?.*)?$"
@@ -42,4 +42,4 @@
 	<rule from="^http://(home|login)\.qol\.qub\.ac\.uk/"
 		to="https://$1.qol.qub.ac.uk/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Queenszoo.com.xml b/src/chrome/content/rules/Queenszoo.com.xml
new file mode 100644
index 000000000000..ba83d41c14b2
--- /dev/null
+++ b/src/chrome/content/rules/Queenszoo.com.xml
@@ -0,0 +1,12 @@
+<!--
+	Invalid Server Name:
+		www.queenszoo.com
+-->
+
+<ruleset name="Queenszoo.com">
+	<target host="queenszoo.com" />
+
+	<securecookie host="queenszoo\.com$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Queer.de.xml b/src/chrome/content/rules/Queer.de.xml
new file mode 100644
index 000000000000..e8fab5363a29
--- /dev/null
+++ b/src/chrome/content/rules/Queer.de.xml
@@ -0,0 +1,23 @@
+<!--
+	Invalid certificate:
+		- ad.queer.de
+		- ads.queer.de
+		- en.queer.de
+		- mobil.queer.de
+		- wap.queer.de
+		- mail.queercom.de
+
+	Redirect to http:
+		- (www\.)?queer.de/$
+-->
+<ruleset name="Queer.de">
+
+	<target host="queer.de" />
+	<target host="www.queer.de" />
+	<target host="queercom.de" />
+	<target host="www.queercom.de" />
+
+	<rule from="^http:" to="https:"/>
+		<exclusion pattern="^http://(www\.)?queer\.de/$" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/QueerVids.xml b/src/chrome/content/rules/QueerVids.xml
deleted file mode 100644
index 3a7591927e58..000000000000
--- a/src/chrome/content/rules/QueerVids.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="QueerVids">
-
-	<target host="queervids.com" />
-	<target host="*.queervids.com" />
-
-
-	<securecookie host="^\.queervids\.com$" name=".+" />
-
-
-	<rule from="^http://(join\.|www\.)?queervids\.com/"
-		to="https://$1queervids.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Querna.org.xml b/src/chrome/content/rules/Querna.org.xml
new file mode 100644
index 000000000000..5496449e258f
--- /dev/null
+++ b/src/chrome/content/rules/Querna.org.xml
@@ -0,0 +1,16 @@
+<!--
+	www.paul.querna.org: Google
+
+
+	^querna.org doesn't exist.
+
+-->
+<ruleset name="Querna.org (partial)">
+
+	<target host="journal.paul.querna.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Quest.com.xml b/src/chrome/content/rules/Quest.com.xml
index 46b3be7a4f2f..44a52f12fa09 100644
--- a/src/chrome/content/rules/Quest.com.xml
+++ b/src/chrome/content/rules/Quest.com.xml
@@ -1,16 +1,36 @@
 <!--
-	Problematic subdomains:
+	For other Dell coverage, see Dell.xml.
 
-		- ^	(cert only matches *.quest.com)
+
+	^quest.com: Mismatched
+
+
+	Mixed content:
+
+		- css on www from software.dell.com *
+		- Images on www from software.dell.com *
+
+	* Secured by us
 
 -->
-<ruleset name="Quest.com (partial)">
+<ruleset name="Quest.com" platform="mixedcontent">
 
-	<target host="quest.com" />
+	<!--	Direct rewrites:
+				-->
 	<target host="www.quest.com" />
 
+	<!--	Complications:
+				-->
+	<target host="quest.com" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://quest\.com/"
+		to="https://www.quest.com/" />
 
-	<rule from="^http://(?:www\.)?quest\.com/(common/|css/|documents/|js/|(?:Script|Web)Resource\.axd|shared/)"
-		to="https://www.quest.com/$1" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/QuestComp.com.xml b/src/chrome/content/rules/QuestComp.com.xml
new file mode 100644
index 000000000000..76b1bd66e0c0
--- /dev/null
+++ b/src/chrome/content/rules/QuestComp.com.xml
@@ -0,0 +1,34 @@
+<!--
+	^questcomp.com: 404
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.questcomp.com
+
+-->
+<ruleset name="QuestComp.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.questcomp.com" />
+
+	<!--	Complications:
+				-->
+	<target host="questcomp.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.questcomp\.com$" name="^(?:ASP\.NET_SessionId|dg)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://questcomp\.com/"
+		to="https://www.questcomp.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Questacon.xml b/src/chrome/content/rules/Questacon.xml
new file mode 100644
index 000000000000..475522193ff6
--- /dev/null
+++ b/src/chrome/content/rules/Questacon.xml
@@ -0,0 +1,10 @@
+<ruleset name="Questacon.edu.au">
+
+	<target host="questacon.edu.au" />
+	<target host="www.questacon.edu.au" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Questia.com.xml b/src/chrome/content/rules/Questia.com.xml
new file mode 100644
index 000000000000..dae7534465f8
--- /dev/null
+++ b/src/chrome/content/rules/Questia.com.xml
@@ -0,0 +1,32 @@
+<!--
+	Other Questia rulesets:
+
+		- Qtastatic.com.xml
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .questia.com
+		- www.questia.com
+
+-->
+<ruleset name="Questia.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="questia.com" />
+	<target host="www.questia.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.questia\.com$" name="^(?:QTA_REFID_COOKIE|QTA_Tracker)$" /-->
+	<!--securecookie host="^www\.questia\.com$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Question-Defense.com.xml b/src/chrome/content/rules/Question-Defense.com.xml
new file mode 100644
index 000000000000..0d794cb7877f
--- /dev/null
+++ b/src/chrome/content/rules/Question-Defense.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Mixed content:
+
+		- css, from:
+
+			- fonts.googleapis.com ˢ
+			- $self ˢ
+
+		- Images from $self ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="Question-Defense.com" platform="mixedcontent">
+
+	<target host="question-defense.com" />
+	<target host="www.question-defense.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/QuestionCopyright.org.xml b/src/chrome/content/rules/QuestionCopyright.org.xml
index c23a3796a9b1..9a92e08e2805 100644
--- a/src/chrome/content/rules/QuestionCopyright.org.xml
+++ b/src/chrome/content/rules/QuestionCopyright.org.xml
@@ -1,13 +1,13 @@
-<ruleset name="QuestionCopyright.org" default_off="self-signed">
+<ruleset name="QuestionCopyright.org" default_off="plaintext reply">
 
 	<target host="questioncopyright.org" />
-	<target host="*.questioncopyright.org" />
+	<target host="www.questioncopyright.org" />
 
 
-	<securecookie host="^\.questioncopyright\.org$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?questioncopyright\.org/"
-		to="https://questioncopyright.org/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Questionablecontent.net.xml b/src/chrome/content/rules/Questionablecontent.net.xml
new file mode 100644
index 000000000000..8f6cdda0449e
--- /dev/null
+++ b/src/chrome/content/rules/Questionablecontent.net.xml
@@ -0,0 +1,10 @@
+<!--
+	No nonfunctional hosts in *.questionablecontent.net:
+-->
+<ruleset name="Questionablecontent.net">
+	<target host="questionablecontent.net" />
+	<target host="www.questionablecontent.net" />
+    <target host="forums.questionablecontent.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Questionmarket.com.xml b/src/chrome/content/rules/Questionmarket.com.xml
index 0e966de0cb61..9f9a76e0a2c2 100644
--- a/src/chrome/content/rules/Questionmarket.com.xml
+++ b/src/chrome/content/rules/Questionmarket.com.xml
@@ -1,19 +1,24 @@
+
 <!--
-	For other Safenet coverage, see Safenet.xml.
+Disabled by https-everywhere-checker because:
+Fetch error: http://amch.questionmarket.com/ => https://amch.questionmarket.com/: (6, 'Could not resolve host: amch.questionmarket.com')
+Fetch error: http://www.questionmarket.com/ => https://www.questionmarket.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.questionmarket.com'")
 
+	For other Safenet coverage, see Safenet.xml.
 
-	Nonfunctional domains:
 
-		- (www.)
+	^questionmarket.com doesn't exist.
 
 -->
-<ruleset name="Questionmarket.com (partial)">
+<ruleset name="Questionmarket.com" default_off="failed ruleset test">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="amch.questionmarket.com" />
+	<target host="www.questionmarket.com" />
 
 
-	<!--	Included on 3rd-party websites.	-->
-	<rule from="^http://amch\.questionmarket\.com/"
-		to="https://amch.questionmarket.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/QuickBase.com.xml b/src/chrome/content/rules/QuickBase.com.xml
new file mode 100644
index 000000000000..c8c8b7d9efe4
--- /dev/null
+++ b/src/chrome/content/rules/QuickBase.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="QuickBase.com">
+	<target host="quickbase.com" />
+	<target host="www.quickbase.com" />
+	<target host="intuitcorp.quickbase.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/QuickHash.com.xml b/src/chrome/content/rules/QuickHash.com.xml
new file mode 100644
index 000000000000..482588dda8be
--- /dev/null
+++ b/src/chrome/content/rules/QuickHash.com.xml
@@ -0,0 +1,18 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.quickhash.com/ => https://www.quickhash.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.quickhash.com'")
+
+-->
+<ruleset name="QuickHash.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="quickhash.com" />
+	<target host="www.quickhash.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/QuickSFV.org.xml b/src/chrome/content/rules/QuickSFV.org.xml
new file mode 100644
index 000000000000..af9bd7e39937
--- /dev/null
+++ b/src/chrome/content/rules/QuickSFV.org.xml
@@ -0,0 +1,7 @@
+<ruleset name="QuickSFV.org">
+	<target host="quicksfv.org"/>
+	<target host="www.quicksfv.org"/>
+	<target host="mail.quicksfv.org"/>
+
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/QuickSilverMail.net.xml b/src/chrome/content/rules/QuickSilverMail.net.xml
new file mode 100644
index 000000000000..7f0e8444e132
--- /dev/null
+++ b/src/chrome/content/rules/QuickSilverMail.net.xml
@@ -0,0 +1,12 @@
+<!--
+	Mismatched:
+		- mail
+		- pop
+		- smtp
+-->
+<ruleset name="QuickSilverMail.net">
+	<target host="quicksilvermail.net" />
+	<target host="www.quicksilvermail.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Quick_Shopping_Cart.xml b/src/chrome/content/rules/Quick_Shopping_Cart.xml
index a2a58e17c5fd..8de97bf3b27b 100644
--- a/src/chrome/content/rules/Quick_Shopping_Cart.xml
+++ b/src/chrome/content/rules/Quick_Shopping_Cart.xml
@@ -1,20 +1,33 @@
+
 <!--
-	^ redirects to app over http
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.fastshoppingcart.com/ => https://www.fastshoppingcart.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+	Quick Shopping Cart
+
+
+	^fastshoppingcart.com: Redirects to app over http
 
 -->
-<ruleset name="Quick Shopping Cart">
+<ruleset name="Fast Shopping Cart.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="app.fastshoppingcart.com" />
+	<target host="www.fastshoppingcart.com" />
 
+	<!--	Complications:
+				-->
 	<target host="fastshoppingcart.com" />
-	<target host="*.fastshoppingcart.com" />
 
 
-	<securecookie host="^(?:.+\.)?fastshoppingcart\.com$" name=".+" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^http://(?:app\.)?fastshoppingcart\.com/"
+	<rule from="^http://fastshoppingcart\.com/"
 		to="https://app.fastshoppingcart.com/" />
 
-	<rule from="^http://www\.fastshoppingcart\.com/"
-		to="https://www.fastshoppingcart.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Quick_bitcoin.co.uk.xml b/src/chrome/content/rules/Quick_bitcoin.co.uk.xml
new file mode 100644
index 000000000000..c0527bd19bf1
--- /dev/null
+++ b/src/chrome/content/rules/Quick_bitcoin.co.uk.xml
@@ -0,0 +1,12 @@
+<ruleset name="quickbitcoin.co.uk (partial)">
+
+	<target host="serve.quickbitcoin.co.uk" />
+
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Quicktranslate.com.xml b/src/chrome/content/rules/Quicktranslate.com.xml
new file mode 100644
index 000000000000..f01f349a421c
--- /dev/null
+++ b/src/chrome/content/rules/Quicktranslate.com.xml
@@ -0,0 +1,24 @@
+<!--
+	For other GMO coverage, see GMO_Internet.xml.
+
+-->
+<ruleset name="quicktranslate.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="quicktranslate.com" />
+	<target host="www.quicktranslate.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?quicktranslate\.com$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^\.quicktranslate\.com$" name="^QTR_AP$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Quidco.com.xml b/src/chrome/content/rules/Quidco.com.xml
new file mode 100644
index 000000000000..8128096488d6
--- /dev/null
+++ b/src/chrome/content/rules/Quidco.com.xml
@@ -0,0 +1,51 @@
+<!--
+	Some (most?) pages redirect to http.
+
+-->
+<ruleset name="Quidco.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="quidco.com" />
+	<target host="static.quidco.com" />
+	<target host="www.quidco.com" />
+
+		<!--	Redirect to http:
+						-->
+		<!--exclusion pattern="^http://www\.quidco\.com/+remind($|\?)" /-->
+		<!--
+			Mixed css:
+					-->
+		<!--exclusion pattern="^http://www\.quidco\.com/blog/" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.quidco\.com/+(?!$|\?|blog/wp-content/|(?:join-quidco|sign-in)(?:$|[?/])|static/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.quidco.com/app/" />
+			<test url="http://www.quidco.com/blog/" />
+			<test url="http://www.quidco.com/browse/" />
+			<test url="http://www.quidco.com/business/about/" />
+			<test url="http://www.quidco.com/careers/" />
+			<test url="http://www.quidco.com/christmas/" />
+			<test url="http://www.quidco.com/garden/" />
+			<test url="http://www.quidco.com/help/" />
+			<test url="http://www.quidco.com/motorola/" />
+			<test url="http://www.quidco.com/privacy-policy" />
+			<test url="http://www.quidco.com/remind/" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.quidco.com/?" />
+			<test url="http://www.quidco.com/blog/wp-content/plugins/comment-validation/comment-validation.css" />
+			<test url="http://www.quidco.com/join-quidco/" />
+			<test url="http://www.quidco.com/sign-in/" />
+			<test url="http://www.quidco.com/static/img/about/Quidco_London_Office.png" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/QuikPAY_asp.com.xml b/src/chrome/content/rules/QuikPAY_asp.com.xml
new file mode 100644
index 000000000000..06fd2d8ab69d
--- /dev/null
+++ b/src/chrome/content/rules/QuikPAY_asp.com.xml
@@ -0,0 +1,29 @@
+<!--
+	www: cert only matches ^quikpayasp.com
+
+-->
+<ruleset name="QuikPAY asp.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="quikpayasp.com" />
+
+	<!--	Complications:
+				-->
+	<target host="www.quikpayasp.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^quikpayasp\.com$" name="^(BNES_JSESSIONID|BNES_qpdomain|JSESSIONID|qpdomain)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://www\.quikpayasp\.com/"
+		to="https://quikpayasp.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Quik_Callus.com.xml b/src/chrome/content/rules/Quik_Callus.com.xml
new file mode 100644
index 000000000000..87f0f5051b77
--- /dev/null
+++ b/src/chrome/content/rules/Quik_Callus.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="Quik Callus.com">
+
+	<target host="quikcallus.com" />
+	<target host="www.quikcallus.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/QuinStreet-mismatches.xml b/src/chrome/content/rules/QuinStreet-mismatches.xml
index 6d5e66323654..443c44f27128 100644
--- a/src/chrome/content/rules/QuinStreet-mismatches.xml
+++ b/src/chrome/content/rules/QuinStreet-mismatches.xml
@@ -1,19 +1,16 @@
 <!--
-	For rules that are on by default, see QuinStreet.xml.
+	For rules not causing false/broken MCB, see QuinStreet.xml.
 
 -->
-<ruleset name="QuinStreet (mismatches)" default_off="mismatch">
+<ruleset name="QuinStreet.com (false MCB)" platform="mixedcontent">
 
 	<target host="quinstreet.com" />
 
 
-	<securecookie host="^quinstreet\.com$" name=".+" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<!--	- At least some paths redirect from www to !www
-		- www is handled in QuinStreet.xml
-							-->
-	<rule from="^http://quinstreet\.com/"
-		to="https://quinstreet.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/QuinStreet.xml b/src/chrome/content/rules/QuinStreet.xml
index 0ebd22dc53b1..0cc2c4f6456d 100644
--- a/src/chrome/content/rules/QuinStreet.xml
+++ b/src/chrome/content/rules/QuinStreet.xml
@@ -1,5 +1,5 @@
 <!--
-	For problematic rules, see QuinStreet-mismatches.xml.
+	For rules causing false/broken MCB, see QuinStreet-mismatches.xml.
 
 
 	Other QuinStreet rulesets:
@@ -36,20 +36,29 @@
 	*** 504, akamai
 
 
-	Problematic domains:
+	Mixed content:
 
-		- quinstreet.com	(cert only matches *.quinstreet.com)
+		- css on ^ from $self *
+		- Images on ^ from $self *
+
+	* Secured by us
 
 -->
-<ruleset name="QuinStreet">
+<ruleset name="QuinStreet.com">
 
-	<target host="*.quinstreet.com" />
+	<!--	Direct rewrites:
+				-->
+	<target host="blog.quinstreet.com" />
+	<target host="clientservices.quinstreet.com" />
+	<target host="publishers.quinstreet.com" />
+	<target host="sitegenie-external.quinstreet.com" />
+	<target host="www.quinstreet.com" />
 
 
-	<securecookie host="^.*\.quinstreet\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(blog|clientservices|publishers|sitegenie-external|www)\.quinstreet\.com/"
-		to="https://$1.quinstreet.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Quirks.com.xml b/src/chrome/content/rules/Quirks.com.xml
index c918937bd84a..254e19ab985b 100644
--- a/src/chrome/content/rules/Quirks.com.xml
+++ b/src/chrome/content/rules/Quirks.com.xml
@@ -4,13 +4,10 @@
 	<target host="www.quirks.com" />
 
 
-	<securecookie host="^www\.quirks\.com$" name=".+" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<!--	^ redirects to www over http,
-		so copy that behavior:
-					-->
-	<rule from="^http://(?:www\.)?quirks\.com/"
-		to="https://www.quirks.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/QuiteRSS.org.xml b/src/chrome/content/rules/QuiteRSS.org.xml
new file mode 100644
index 000000000000..b16ce804c9e7
--- /dev/null
+++ b/src/chrome/content/rules/QuiteRSS.org.xml
@@ -0,0 +1,22 @@
+<!--
+	www.quiterss.org: Mismatched
+
+-->
+<ruleset name="QuiteRSS.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="quiterss.org" />
+
+	<!--	Complications:
+				-->
+	<target host="www.quiterss.org" />
+
+
+	<rule from="^http://www\.quiterss\.org/"
+		to="https://quiterss.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Quitter.is.xml b/src/chrome/content/rules/Quitter.is.xml
new file mode 100644
index 000000000000..44b375b4b43d
--- /dev/null
+++ b/src/chrome/content/rules/Quitter.is.xml
@@ -0,0 +1,34 @@
+<!--
+	www.quitter.is: Self-signed
+
+
+	Insecure cookies are set for these hosts:
+
+		- quitter.is
+
+-->
+<ruleset name="Quitter.is">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="quitter.is" />
+
+	<!--	Complications:
+				-->
+	<target host="www.quitter.is" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^quitter\.is$" name="^PHPSESSID$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://www\.quitter\.is/"
+		to="https://quitter.is/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Quitter.no.xml b/src/chrome/content/rules/Quitter.no.xml
new file mode 100644
index 000000000000..3ec9029a7736
--- /dev/null
+++ b/src/chrome/content/rules/Quitter.no.xml
@@ -0,0 +1,34 @@
+<!--
+	www.quitter.no: Mismatches (CN=www.gnusocial.no), redirects (gnusocial.no)
+
+
+	Insecure cookies are set for these hosts:
+
+		- quitter.no
+
+-->
+<ruleset name="Quitter.no">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="quitter.no" />
+
+	<!--	Complications:
+				-->
+	<target host="www.quitter.no" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^quitter\.no$" name="^PHPSESSID$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://www\.quitter\.no/"
+		to="https://quitter.no/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Quitter.se.xml b/src/chrome/content/rules/Quitter.se.xml
new file mode 100644
index 000000000000..29ba85c1e48e
--- /dev/null
+++ b/src/chrome/content/rules/Quitter.se.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- quitter.se
+
+-->
+<ruleset name="Quitter.se">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="quitter.se" />
+	<target host="www.quitter.se" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^quitter\.se$" name="^PHPSESSID$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/QuizAction.de.xml b/src/chrome/content/rules/QuizAction.de.xml
new file mode 100644
index 000000000000..a459c09bca01
--- /dev/null
+++ b/src/chrome/content/rules/QuizAction.de.xml
@@ -0,0 +1,24 @@
+<!--
+	Some pages redirect to http.
+
+-->
+<ruleset name="QuizAction.de (partial)">
+
+	<target host="quizaction.de" />
+	<target host="yahoo.quizaction.de" />
+	<target host="www.quizaction.de" />
+	<target host="www.yahoo.quizaction.de" />
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="^http://(www\.)?(yahoo\.)?quizaction.de/+($|\?)" /-->
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="^http://(www\.)?(yahoo\.)?quizaction.de/+(?!favicon\.ico|img/|pics/|w/)" /-->
+
+
+	<rule from="^http://(www\.)?(yahoo\.)?quizaction\.de/(?=favicon\.ico|img/|pics/|w/)"
+		to="https://$1$2quizaction.de/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Quizly.co.xml b/src/chrome/content/rules/Quizly.co.xml
new file mode 100644
index 000000000000..09b0dd08c432
--- /dev/null
+++ b/src/chrome/content/rules/Quizly.co.xml
@@ -0,0 +1,16 @@
+<!--
+	Invalid certificate:
+		- cdn.quizly.co
+		- cdn2.quizly.co
+		- cdn3.quizly.co
+		- cdn4.quizly.co
+		- css.quizly.co
+		- js.quizly.co
+		- mx.quizly.co
+-->
+<ruleset name="Quizly.co" platform="mixedcontent">
+	<target host="quizly.co" />
+	<target host="www.quizly.co" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Quizsnack.com.xml b/src/chrome/content/rules/Quizsnack.com.xml
deleted file mode 100644
index 4aec6cf840c7..000000000000
--- a/src/chrome/content/rules/Quizsnack.com.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	For other SnackTools coverage, see SnackTools.com.xml.
-
-
-	CDN buckets:
-
-		- files.quizsnack.com.s3.amazonaws.com
-
-
-	Nonfunctional subdomains:
-
-		- (www.)	(http reply)
-
--->
-<ruleset name="quizsnack.com (partial)">
-
-	<target host="files.quizsnack.com" />
-
-
-	<rule from="^http://files\.quizsnack\.com/"
-		to="https://s3.amazonaws.com/files.quizsnack.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Qune.kuluttajavirasto.fi.xml b/src/chrome/content/rules/Qune.kuluttajavirasto.fi.xml
index 57afde558091..0c50a7b77b8e 100644
--- a/src/chrome/content/rules/Qune.kuluttajavirasto.fi.xml
+++ b/src/chrome/content/rules/Qune.kuluttajavirasto.fi.xml
@@ -1,5 +1,13 @@
-<ruleset name="Qune.kuluttajavirasto.fi">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://qune.kuluttajavirasto.fi/ => https://qune.kuluttajavirasto.fi/: (6, 'Could not resolve host: qune.kuluttajavirasto.fi')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://qune.kuluttajavirasto.fi/ => https://qune.kuluttajavirasto.fi/: (6, 'Could not resolve host: qune.kuluttajavirasto.fi')
+-->
+<ruleset name="Qune.kuluttajavirasto.fi" default_off="failed ruleset test">
   <target host="qune.kuluttajavirasto.fi"/>
-  <rule from="^http://qune\.kuluttajavirasto\.fi/" to="https://qune.kuluttajavirasto.fi/"/>
+  <rule from="^http:" to="https:" />
 </ruleset>
-<!-- Rule generated by HTTPS Finder 0.85 -->
\ No newline at end of file
+<!-- Rule generated by HTTPS Finder 0.85 -->
diff --git a/src/chrome/content/rules/Quora.xml b/src/chrome/content/rules/Quora.xml
deleted file mode 100644
index b9b3289c2207..000000000000
--- a/src/chrome/content/rules/Quora.xml
+++ /dev/null
@@ -1,47 +0,0 @@
-<!--
-	CDN buckets:
-
-		- d2o7bfz2il9cb7.cloudfront.net
-
-			- qph.cf.quoracdn.net
-
-
-	Fully covered domains:
-
-		- *.tch.quora.com:
-
-			- tch\d{6}
-
-		- *.cf.quoracdn.net:
-
-			- qph	(→ d2o7bfz2il9cb7.cloudfront.net)
-
-		- *.is.quoracdn.net:
-
-			- qph
-			- qs[cf]
-
--->
-<ruleset name="Quora">
-
-	<target host="quora.com" />
-	<target host="*.quora.com" />
-	<target host="*.quoracdn.net" />
-
-
-	<securecookie host="^\.quora\.com$" name=".*" />
-
-
-	<rule from="^http://(\w+\.tch\.|www\.)?quora\.com/"
-		to="https://$1quora.com/" />
-
-	<rule from="^http://qph\.cf\.quoracdn\.net/"
-		to="https://d2o7bfz2il9cb7.cloudfront.net/" />
-
-	<rule from="^http://(\w+)\.cf\.quoracdn\.net/"
-		to="https://$1.s3.amazonaws.com/" />
-
-	<rule from="^http://(\w+)\.is\.quoracdn\.net/"
-		to="https://$1.is.quoracdn.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Quorks.xml b/src/chrome/content/rules/Quorks.xml
deleted file mode 100644
index f94509320b33..000000000000
--- a/src/chrome/content/rules/Quorks.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="Quorks" default_off="Cert warning">
-  <target host="quorks.ath.cx" />
-
-  <rule from="^http://quorks\.ath\.cx/login\.php$"
-          to="https://quorks.ath.cx/login.php"/>
-</ruleset>
diff --git a/src/chrome/content/rules/QuoteMedia.xml b/src/chrome/content/rules/QuoteMedia.xml
index 5e0a1b1df324..e2fafcc89964 100644
--- a/src/chrome/content/rules/QuoteMedia.xml
+++ b/src/chrome/content/rules/QuoteMedia.xml
@@ -8,16 +8,19 @@
 	Only a visitor counter.
 
 -->
-<ruleset name="QuoteMedia">
+<ruleset name="QuoteMedia.com">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="quotemedia.com" />
-	<target host="*.quotemedia.com" />
+	<target host="app.quotemedia.com" />
+	<target host="www.quotemedia.com" />
 
 
-	<securecookie host="^app\.quotemedia\.com$" name=".+" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^http://(app\.|www\.)?quotemedia\.com/"
-		to="https://$1quotemedia.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Quotes_and_Sayings.com.xml b/src/chrome/content/rules/Quotes_and_Sayings.com.xml
deleted file mode 100644
index a0352ed9a0c7..000000000000
--- a/src/chrome/content/rules/Quotes_and_Sayings.com.xml
+++ /dev/null
@@ -1,28 +0,0 @@
-<!--
-	Mixed content:
-
-		- css on www from www *
-
-		- Images on www from www *
-
-		- Web bug on www from www.facebook.com *
-
-	* Secured by us
-
-
-	mixedcontent due to css on www from www.
-
-	NB: We secure all resources, and thus
-	platform should be removed with Ffx 24.
-
--->
-<ruleset name="Quotes and Sayings.com (false MCB)" platform="mixedcontent">
-
-	<target host="quotesnsayings.com" />
-	<target host="www.quotesnsayings.com" />
-
-
-	<rule from="^http://(www\.)?quotesnsayings\.com/"
-		to="https://$1quotesnsayings.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Quotestream.xml b/src/chrome/content/rules/Quotestream.xml
index 6e8edafee51e..3a8cac282829 100644
--- a/src/chrome/content/rules/Quotestream.xml
+++ b/src/chrome/content/rules/Quotestream.xml
@@ -2,20 +2,18 @@
 	For other QuoteMedia coverage, see QuoteMedia.xml.
 
 
-	Problematic subdomains:
-
-		- (www.)	(works; mismatched, CN: *.quotemedia.com)
+	(www.)?quotestream.com: Mismatched
 
 -->
-<ruleset name="Quotestream (partial)">
+<ruleset name="Quotestream.com (partial)">
 
 	<target host="secure.quotestream.com" />
 
 
-	<securecookie host="^secure\.quotestream\.com$" name=".+" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^http://secure\.quotestream\.com/"
-		to="https://secure.quotestream.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/QupZilla.xml b/src/chrome/content/rules/QupZilla.xml
deleted file mode 100644
index 1fbebbd4f1e9..000000000000
--- a/src/chrome/content/rules/QupZilla.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<ruleset name="QupZilla" default_off="self-signed">
-
-	<target host="qupzilla.com" />
-	<target host="www.qupzilla.com" />
-
-
-	<securecookie host="^www\.qupzilla\.com$" name=".*" />
-
-
-	<!--	!www redirects to www.	-->
-	<rule from="^https?://(?:www\.)?qupzilla\.com/"
-		to="https://www.qupzilla.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Quran.com.xml b/src/chrome/content/rules/Quran.com.xml
new file mode 100644
index 000000000000..19d53a5ce86d
--- /dev/null
+++ b/src/chrome/content/rules/Quran.com.xml
@@ -0,0 +1,28 @@
+<!--
+	See also:
+	- QuranicAudio.com.xml
+	- Sunnah.com.xml
+
+	Invalid certificate:
+	- android.quran.com
+	- api.quran.com
+	- corpus.quran.com
+	- legacy.quran.com
+
+	No working URL known:
+	- static.quran.com
+
+	Time out:
+	- sunnah.quran.com
+
+-->
+<ruleset name="Quran.com">
+	<target host="quran.com" />
+	<target host="www.quran.com" />
+	<target host="staging.quran.com" />
+	<target host="verses.quran.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Quran411.com.xml b/src/chrome/content/rules/Quran411.com.xml
new file mode 100644
index 000000000000..10bd53e546d2
--- /dev/null
+++ b/src/chrome/content/rules/Quran411.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="Quran411.com">
+	<target host="quran411.com" />
+	<target host="www.quran411.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/QuranAcademy.io.xml b/src/chrome/content/rules/QuranAcademy.io.xml
new file mode 100644
index 000000000000..931ce87267f6
--- /dev/null
+++ b/src/chrome/content/rules/QuranAcademy.io.xml
@@ -0,0 +1,16 @@
+<!--
+	Invalid certificate:
+	- www.quranacademy.io
+	- courses.quranacademy.io
+
+-->
+<ruleset name="QuranAcademy.io">
+	<target host="quranacademy.io" />
+	<target host="www.quranacademy.io" />
+	<target host="reader.quranacademy.io" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://www\.quranacademy\.io/" to="https://quranacademy.io/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/QuranCentral.com.xml b/src/chrome/content/rules/QuranCentral.com.xml
new file mode 100644
index 000000000000..693938ec6c61
--- /dev/null
+++ b/src/chrome/content/rules/QuranCentral.com.xml
@@ -0,0 +1,13 @@
+<!--
+	Related ruleset:
+		MuslimCentral.com.xml
+-->
+<ruleset name="QuranCentral.com">
+	<target host="qurancentral.com" />
+	<target host="www.qurancentral.com" />
+	<target host="cdn.qurancentral.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/QuranCore.com.xml b/src/chrome/content/rules/QuranCore.com.xml
new file mode 100644
index 000000000000..759579981409
--- /dev/null
+++ b/src/chrome/content/rules/QuranCore.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="QuranCore.com">
+	<target host="qurancore.com" />
+	<target host="www.qurancore.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/QuranFlash.com.xml b/src/chrome/content/rules/QuranFlash.com.xml
new file mode 100644
index 000000000000..16c938014e70
--- /dev/null
+++ b/src/chrome/content/rules/QuranFlash.com.xml
@@ -0,0 +1,16 @@
+<!--
+		Remark: *.quranflash.com have a wildcard DNS Record.
+
+	Invalid Certificate:
+		v1.quranflash.com
+		v2.quranflash.com
+		v3.quranflash.com
+-->
+<ruleset name="QuranFlash.com" platform="mixedcontent">
+	<target host="quranflash.com" />
+	<target host="www.quranflash.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/QuranMss.com.xml b/src/chrome/content/rules/QuranMss.com.xml
new file mode 100644
index 000000000000..9b2ad9aa9bac
--- /dev/null
+++ b/src/chrome/content/rules/QuranMss.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="QuranMss.com">
+	<target host="quranmss.com" />
+	<target host="www.quranmss.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/QuranProject.org.xml b/src/chrome/content/rules/QuranProject.org.xml
new file mode 100644
index 000000000000..fc29ff596481
--- /dev/null
+++ b/src/chrome/content/rules/QuranProject.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="QuranProject.org">
+	<target host="quranproject.org" />
+	<target host="www.quranproject.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Quran_wa_Hadith.com.xml b/src/chrome/content/rules/Quran_wa_Hadith.com.xml
new file mode 100644
index 000000000000..abbce4aa775d
--- /dev/null
+++ b/src/chrome/content/rules/Quran_wa_Hadith.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="Quran wa Hadith.com">
+	<target host="quranwahadith.com" />
+	<target host="www.quranwahadith.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/QuranicAudio.com.xml b/src/chrome/content/rules/QuranicAudio.com.xml
new file mode 100644
index 000000000000..958980dcd1f0
--- /dev/null
+++ b/src/chrome/content/rules/QuranicAudio.com.xml
@@ -0,0 +1,22 @@
+<!--
+	See also:
+	- Quran.com.xml
+	- Sunnah.com.xml
+
+	Invalid certificate:
+	- download2.quranicaudio.com
+	- madinah.quranicaudio.com
+	- makkah.quranicaudio.com
+	- stream.quranicaudio.com
+
+-->
+<ruleset name="QuranicAudio.com (partial)">
+	<target host="quranicaudio.com" />
+	<target host="www.quranicaudio.com" />
+	<target host="download.quranicaudio.com" />
+	<target host="mirrors.quranicaudio.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Qurank.net.xml b/src/chrome/content/rules/Qurank.net.xml
new file mode 100644
index 000000000000..dfd539cb11a1
--- /dev/null
+++ b/src/chrome/content/rules/Qurank.net.xml
@@ -0,0 +1,14 @@
+<!--
+	Invalid certificate:
+	- stats.qurank.net
+
+-->
+<ruleset name="Qurank.net">
+	<target host="qurank.net" />
+	<target host="www.qurank.net" />
+	<target host="read.qurank.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Qutebrowser.org.xml b/src/chrome/content/rules/Qutebrowser.org.xml
new file mode 100644
index 000000000000..0c628c4c73db
--- /dev/null
+++ b/src/chrome/content/rules/Qutebrowser.org.xml
@@ -0,0 +1,11 @@
+<!--
+	Nonfunctional hosts:
+		* https://buildbot.qutebrowser.org redirects to http://qutebrowser.org:8010/
+-->
+<ruleset name="qutebrowser.org (partial)">
+	<target host="qutebrowser.org" />
+	<target host="www.qutebrowser.org" />
+	<target host="blog.qutebrowser.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Quto.ru.xml b/src/chrome/content/rules/Quto.ru.xml
new file mode 100644
index 000000000000..5e243957ad84
--- /dev/null
+++ b/src/chrome/content/rules/Quto.ru.xml
@@ -0,0 +1,22 @@
+<!--
+	(www.)?quto.ru: 403
+
+
+	Problematic hosts in *quto.ru:
+
+		- static *
+
+	* Server sends no certificate chain, see https://whatsmychaincert.com
+
+-->
+<ruleset name="Quto.ru (partial)" default_off="cert-chain">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="static.quto.ru" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Quup.com.xml b/src/chrome/content/rules/Quup.com.xml
index db2152fe7a64..51917a1e1a2f 100644
--- a/src/chrome/content/rules/Quup.com.xml
+++ b/src/chrome/content/rules/Quup.com.xml
@@ -1,19 +1,30 @@
+
 <!--
-	Problematic subdomains:
+Disabled by https-everywhere-checker because:
+Fetch error: http://quup.com/ => https://quup.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.quup.com/ => https://quup.com/: (60, 'SSL certificate problem: certificate has expired')
 
-		- www	(cert only matches ^quup.com)
+	www.quup.com: Cert only matches ^quup.com
 
 -->
-<ruleset name="quup.com">
+<ruleset name="quup.com" default_off="failed ruleset test">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="quup.com" />
-	<target host="*.quup.com" />
+
+	<!--	Complications:
+				-->
+	<target host="www.quup.com" />
 
 
-	<securecookie host="^\.?quup\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?quup\.com/"
+	<rule from="^http://www\.quup\.com/"
 		to="https://quup.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Qweery.xml b/src/chrome/content/rules/Qweery.xml
index 34cfff849bff..946e22ad88f7 100644
--- a/src/chrome/content/rules/Qweery.xml
+++ b/src/chrome/content/rules/Qweery.xml
@@ -1,11 +1,16 @@
-<!--	!functional:
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://box.qweery.nl/ => https://box.qweery.nl/: (6, 'Could not resolve host: box.qweery.nl')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://box.qweery.nl/ => https://box.qweery.nl/: (6, 'Could not resolve host: box.qweery.nl')	!functional:
 		- (www.)qweery.nl
 -->
-<ruleset name="Qweery (partial)">
+<ruleset name="Qweery (partial)" default_off="failed ruleset test">
 
 	<target host="box.qweery.nl"/>
 
-	<rule from="^http://box\.qweery\.nl/"
-		to="https://box.qweery.nl/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Qxl.xml b/src/chrome/content/rules/Qxl.xml
index 1ad73ae03822..58e7255ff1ac 100644
--- a/src/chrome/content/rules/Qxl.xml
+++ b/src/chrome/content/rules/Qxl.xml
@@ -1,10 +1,50 @@
-<ruleset name="Qxl" platform="mixedcontent">
-  <target host="qxl.no" />
-  <target host="www.qxl.no" />
-  <target host="qxl.dk" />
-  <target host="www.qxl.dk" />
-
-  <rule from="^http://(?:www\.)?qxl\.no/" to="https://www.qxl.no/"/>
-  <rule from="^http://(?:www\.)?qxl\.dk/" to="https://www.qxl.dk/"/>
+<!--
+	Other QXL rulesets:
+
+		- QXL.dk.xml
+		- QXL_static.dk.xml
+		- QXL_static.no.xml
+
+
+	Nonfunctional hosts in qxl.no:
+
+		- hjelp *
+
+	* Handshake fails
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- auksjon.qxl.no, www.qxl.no from www.qxl.no *
+			- auksjon.qxl.no, www.qxl.no from pics.qxlstatic.no
+			- auksjon.qxl.no from www.ricardo.ch *
+
+	* Secured by us
+
+-->
+<ruleset name="QXL.no (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="qxl.no" />
+	<target host="auksjon.qxl.no" />
+	<target host="www.qxl.no" />
+
+		<!--	Mixed images:
+					-->
+		<test url="http://www.qxl.no/pris/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.qxl\.no$" name="^NbResult$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:"/>
 </ruleset>
 
diff --git a/src/chrome/content/rules/Qz.com.xml b/src/chrome/content/rules/Qz.com.xml
new file mode 100644
index 000000000000..e4fdb730de46
--- /dev/null
+++ b/src/chrome/content/rules/Qz.com.xml
@@ -0,0 +1,46 @@
+<!--
+	CDN buckets:
+
+		- wac.35fb.edgecastcdn.net/??35FB/
+
+
+	Nonfunctional hosts in *qz.com:
+
+		- app *
+
+	* 404
+
+
+	Mixed content:
+
+		- css, on ^ from:
+
+			- app.qz.com ¹
+			- fonts.googleapis.com ²
+
+		- favicon, on ^ from app.qz.com ²
+		- Bug on ^ from b.scorecardresearch.com ²
+
+	¹ Unsecurable <= 404
+	² Secured by us
+
+-->
+<ruleset name="Qz.com (partial)" default_off="mismatched" platform="mixedcontent">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="qz.com" />
+	<target host="www.qz.com" />
+
+	<!--	Complications:
+				-->
+	<target host="img.qz.com" />
+
+
+	<rule from="^http://img\.qz\.com/"
+		to="https://qzprod.files.wordpress.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/R-HPC.xml b/src/chrome/content/rules/R-HPC.xml
index ad5f6d353662..c13d173cf13c 100644
--- a/src/chrome/content/rules/R-HPC.xml
+++ b/src/chrome/content/rules/R-HPC.xml
@@ -1,9 +1,15 @@
-<ruleset name="R-HPC">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://r-hpc.com/ => https://r-hpc.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.r-hpc.com/ => https://www.r-hpc.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+-->
+<ruleset name="R-HPC" default_off="failed ruleset test">
 
 	<target host="r-hpc.com" />
 	<target host="www.r-hpc.com" />
 
-	<rule from="^http://(www\.)?r-hpc\.com/"
-		to="https://$1r-hpc.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/R-kom.xml b/src/chrome/content/rules/R-kom.xml
new file mode 100644
index 000000000000..919efe1aa0a8
--- /dev/null
+++ b/src/chrome/content/rules/R-kom.xml
@@ -0,0 +1,9 @@
+<ruleset name="R-kom.de">
+<target host="kundenportal.r-kom.de" />
+<target host="www.r-kom.de" />
+
+<rule from="^http:" to="https:" />
+<!-- tls cert isn't valid for the main page www.glasfaser-ostbayern.de -->
+
+
+</ruleset>
diff --git a/src/chrome/content/rules/R-phylo.org.xml b/src/chrome/content/rules/R-phylo.org.xml
new file mode 100644
index 000000000000..f6056cd89e18
--- /dev/null
+++ b/src/chrome/content/rules/R-phylo.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="R-phylo.org">
+
+	<target host="r-phylo.org" />
+	<target host="www.r-phylo.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/R-posts.com.xml b/src/chrome/content/rules/R-posts.com.xml
new file mode 100644
index 000000000000..a7ed371b3f72
--- /dev/null
+++ b/src/chrome/content/rules/R-posts.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="R-posts.com">
+
+	<target host="r-posts.com" />
+	<target host="www.r-posts.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/R-project.org.xml b/src/chrome/content/rules/R-project.org.xml
new file mode 100644
index 000000000000..20504cf7362a
--- /dev/null
+++ b/src/chrome/content/rules/R-project.org.xml
@@ -0,0 +1,42 @@
+<!--
+	Different content http/https:
+		beta.r-project.org
+
+	Invalid certificate:
+		cran.us.r-project.org
+		*.r-forge.r-project.org
+		search.r-project.org
+		www.cran.r-project.org
+
+	Refused:
+		translation.r-project.org
+
+-->
+<ruleset name="R-Project.org">
+
+	<target host="r-project.org" />
+	<target host="www.r-project.org" />
+	<target host="bugs.r-project.org" />
+	<target host="cloud.r-project.org" />
+	<target host="cran-archive.r-project.org" />
+	<target host="cran.r-project.org" />
+	<target host="developer.r-project.org" />
+	<target host="ess.r-project.org" />
+	<target host="journal.r-project.org" />
+	<target host="r-forge.r-project.org" />
+	<target host="svn.r-project.org" />
+	<target host="cran.us.r-project.org" />
+	<target host="wiki.r-project.org" />
+	<target host="win-builder.r-project.org" />
+
+	<rule from="^http://cran\.us\.r-project\.org/"
+		to="https://cran.r-project.org/" />
+
+		<test url="http://cran.us.r-project.org/bin/macosx/tools/" />
+		<test url="http://cran.us.r-project.org/bin/windows/base/" />
+		<test url="http://cran.us.r-project.org/doc/contrib/usingR.pdf" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/R00tshell.lighthouseapp.com.xml b/src/chrome/content/rules/R00tshell.lighthouseapp.com.xml
deleted file mode 100644
index 5f7eda08705e..000000000000
--- a/src/chrome/content/rules/R00tshell.lighthouseapp.com.xml
+++ /dev/null
@@ -1,5 +0,0 @@
-<ruleset name="R00tshell.lighthouseapp.com" default_off="Cert wildcard depth mismatch">
-  <target host="r00tshell.lighthouseapp.com" />
-
-  <rule from="^http://r00tshell\.lighthouseapp\.com/" to="https://www.r00tshell.lighthouseapp.com/" />
-</ruleset>
diff --git a/src/chrome/content/rules/R00tz.org.xml b/src/chrome/content/rules/R00tz.org.xml
index 0f6cacda8afc..9ecec037ad5a 100644
--- a/src/chrome/content/rules/R00tz.org.xml
+++ b/src/chrome/content/rules/R00tz.org.xml
@@ -1,19 +1,9 @@
-<!--
-	r00tz Asylum
+<ruleset name="r00tz.org">
 
-
-	secure.bluehost.com/~theiden1/r00tz/
-
--->
-<ruleset name="r00tz.org (partial)">
-
-	<target host="r00tz-org.theidentityproject.com" />
-	<target host="www.r00tz-org.theidentityproject.com" />
 	<target host="r00tz.org" />
 	<target host="www.r00tz.org" />
 
+	<rule from="^http:"
+		to="https:" />
 
-	<rule from="^http://(?:www\.)?r00tz(?:-org\.theidentityproject\.com|\.org)/wp-content/"
-		to="https://secure.bluehost.com/~theiden1/r00tz/wp-content/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/R01.xml b/src/chrome/content/rules/R01.xml
index c2ce92216bed..e0e643dca5d1 100644
--- a/src/chrome/content/rules/R01.xml
+++ b/src/chrome/content/rules/R01.xml
@@ -10,13 +10,12 @@
 -->
 <ruleset name="R01 (partial)">
 
-	<target host="*.r01.ru" />
+	<target host="partner.r01.ru" />
 
 
 	<securecookie host="^\.?partner\.r01\.ru$" name=".+" />
 
 
-	<rule from="^http://partner\.r01\.ru/"
-		to="https://partner.r01.ru/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/R66T.xml b/src/chrome/content/rules/R66T.xml
index 0fb4691d856a..8890155bb802 100644
--- a/src/chrome/content/rules/R66T.xml
+++ b/src/chrome/content/rules/R66T.xml
@@ -1,10 +1,22 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://onsiteconcierge.com/ => https://onsiteconcierge.com/: (60, 'SSL certificate problem: self signed certificate')
+Fetch error: http://www.onsiteconcierge.com/ => https://www.onsiteconcierge.com/: (60, 'SSL certificate problem: self signed certificate')
+Fetch error: http://r66t.com/ => https://onsiteconcierge.com/: (60, 'SSL certificate problem: self signed certificate')
+Fetch error: http://www.r66t.com/ => https://www.onsiteconcierge.com/: (60, 'SSL certificate problem: self signed certificate')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://onsiteconcierge.com/ => https://onsiteconcierge.com/: (51, "SSL: no alternative certificate subject name matches target host name 'onsiteconcierge.com'")
+Fetch error: http://www.onsiteconcierge.com/ => https://www.onsiteconcierge.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.onsiteconcierge.com'")
+Fetch error: http://r66t.com/ => https://onsiteconcierge.com/: (51, "SSL: no alternative certificate subject name matches target host name 'onsiteconcierge.com'")
+Fetch error: http://www.r66t.com/ => https://www.onsiteconcierge.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.onsiteconcierge.com'")
 	Problematic domains:
 
 		- (www.)r66t.com	(mismatched, CN: *.onsiteconcierge.com)
 
 -->
-<ruleset name="R66T">
+<ruleset name="R66T" default_off="failed ruleset test">
 
 	<target host="onsiteconcierge.com" />
 	<target host="www.onsiteconcierge.com" />
@@ -18,4 +30,4 @@
 	<rule from="^http://(www\.)?(?:onsiteconcierge|r66t)\.com/"
 		to="https://$1onsiteconcierge.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/R7.com.xml b/src/chrome/content/rules/R7.com.xml
new file mode 100644
index 000000000000..54099733f1f7
--- /dev/null
+++ b/src/chrome/content/rules/R7.com.xml
@@ -0,0 +1,37 @@
+<!--
+	Nonfunctional subdomains:
+
+		- ^ ¹
+		- assets ²
+		- assets-zura-1 ³
+		- assets-zura-2 ³
+		- entretenimento ²
+		- esportes ²
+		- i1 ²
+		- img ²
+
+		- \w+.log: ³
+
+			- home
+			- parceiro
+
+		- noticias ²
+		- sc ²
+		- shopping ⁴
+		- videos ²
+		- www ²
+
+	¹ Redirects to www. akamai
+	² 503, akamai
+	³ Refused
+	⁴ Dropped
+
+-->
+<ruleset name="R7.com (partial)">
+
+	<target host="barra.r7.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/R7ls.net.xml b/src/chrome/content/rules/R7ls.net.xml
new file mode 100644
index 000000000000..6f7795e0a0f4
--- /dev/null
+++ b/src/chrome/content/rules/R7ls.net.xml
@@ -0,0 +1,31 @@
+<!--
+	For other Impact Radius coverage, see Impact-Radius.xml.
+
+
+	Insecure cookies are set for these domains: ᶜ
+
+		- .r7ls.net
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="r7ls.net">
+
+	<target host="tl.r7ls.net" />
+
+		<!--	Sets cookie without Secure:
+							-->
+		<test url="http://tl.r7ls.net/unscripted/1?brwsr=&amp;brwsrsig=" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.r7ls\.net$" name="^brwsr$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/RAC.xml b/src/chrome/content/rules/RAC.xml
index 6443a4c460bd..fef0c20c7e62 100644
--- a/src/chrome/content/rules/RAC.xml
+++ b/src/chrome/content/rules/RAC.xml
@@ -2,7 +2,7 @@
   <target host="rac.co.uk" />
   <target host="www.rac.co.uk" />
 
-  <securecookie host="^(.+\.)?rac\.co\.uk$" name=".*"/>
+  <securecookie host=".+" name=".+" />
 
-  <rule from="^http://(?:www\.)?rac\.co\.uk/" to="https://www.rac.co.uk/"/>
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/RAINN.org.xml b/src/chrome/content/rules/RAINN.org.xml
new file mode 100644
index 000000000000..0f484c96153d
--- /dev/null
+++ b/src/chrome/content/rules/RAINN.org.xml
@@ -0,0 +1,48 @@
+<!--
+	Nonfunctional subdomains:
+
+		- centers *
+		- rainnmakers *
+		- volopps *
+
+	* 403
+
+
+	Fully covered subdomains:
+
+		- (www.)
+		- apps
+		- donate
+		- hotline
+		- ohl
+
+
+	Insecure cookies are set for these domains:
+
+		- ^
+		- .
+		- apps
+		- donate
+		- www
+
+-->
+<ruleset name="RAINN.org (partial)">
+
+	<target host="rainn.org" />
+	<target host="apps.rainn.org" />
+	<target host="donate.rainn.org" />
+	<target host="hotline.rainn.org" />
+	<target host="ohl.rainn.org" />
+	<target host="www.rainn.org" />
+
+
+	<!--securecookie host="^(www\.)?rainn\.org$" name="^AWSELB$" /-->
+	<!--securecookie host="^\.rainn\.org$" name="^SESS[\da-f]{32}$" /-->
+	<!--securecookie host="^(apps|donate)\.rainn\.org$" name="^(CFID|CFTOKEN$)" /-->
+
+	<securecookie host="^(?:\.|apps\.|donate\.|www\.)?rainn\.org$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/RAM_Host.us.xml b/src/chrome/content/rules/RAM_Host.us.xml
new file mode 100644
index 000000000000..a3b1276d327f
--- /dev/null
+++ b/src/chrome/content/rules/RAM_Host.us.xml
@@ -0,0 +1,23 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://forum.ramhost.us/ => https://forum.ramhost.us/: Too many redirects while fetching 'https://forum.ramhost.us/'
+
+-->
+<ruleset name="RAM Host.us (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ramhost.us" />
+	<target host="forum.ramhost.us" />
+	<target host="i.ramhost.us" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.ramhost\.us/$" /-->
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/RAND.xml b/src/chrome/content/rules/RAND.xml
index 46c63fd82873..59ad4e41f8ba 100644
--- a/src/chrome/content/rules/RAND.xml
+++ b/src/chrome/content/rules/RAND.xml
@@ -15,7 +15,7 @@
 <ruleset name="RAND (partial)">
 
 	<target host="rand.org" />
-	<target host="*.rand.org" />
+	<target host="www.rand.org" />
 
 
 	<!--	Tracking cookies:
@@ -26,4 +26,4 @@
 	<rule from="^http://(?:www\.)?rand\.org/(cart(?:$|\?|/)|content/|etc/|favicon\.ico|profile(?:$|\?|\.html))"
 		to="https://www.rand.org/$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/RANZCP.xml b/src/chrome/content/rules/RANZCP.xml
new file mode 100644
index 000000000000..64fc411a34d4
--- /dev/null
+++ b/src/chrome/content/rules/RANZCP.xml
@@ -0,0 +1,17 @@
+<!--
+	For ranzcp.org
+	(Royal Australian and New Zealand College of Psychiatrists)
+
+		Works:
+			- www
+
+		Doesn't Work:
+			- $ (mismatch)
+
+-->
+<ruleset name="RANZCP">
+  <target host="ranzcp.org" />
+  <target host="www.ranzcp.org" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/RBCommons.com.xml b/src/chrome/content/rules/RBCommons.com.xml
new file mode 100644
index 000000000000..b908d56d88cd
--- /dev/null
+++ b/src/chrome/content/rules/RBCommons.com.xml
@@ -0,0 +1,30 @@
+<!--
+	For other Beanbag, Inc coverage, see Beanbag_Inc.com.xml.
+
+
+	CDN buckets:
+
+		- d35a4lql8gzmqi.cloudfront.net
+
+
+	Nonfunctional subdomains:
+
+		- blog *
+
+	* Refused
+
+-->
+<ruleset name="RBCommons.com (partial)">
+
+	<target host="rbcommons.com" />
+	<target host="www.rbcommons.com" />
+
+
+	<!--	Server doesn't secure:
+					-->
+	<securecookie host="^(?:www\.)?rbcommons\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/RB_Invest_WDC.eu.xml b/src/chrome/content/rules/RB_Invest_WDC.eu.xml
new file mode 100644
index 000000000000..6029bbf8f5ef
--- /dev/null
+++ b/src/chrome/content/rules/RB_Invest_WDC.eu.xml
@@ -0,0 +1,12 @@
+<ruleset name="RB Invest WDC.eu (partial)" default_off="refused">
+
+	<target host="rbinvestwdc.eu" />
+
+
+	<securecookie host="^rbinvestwdc\.eu$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/RC24.xyz.xml b/src/chrome/content/rules/RC24.xyz.xml
new file mode 100644
index 000000000000..6d32411cc7ec
--- /dev/null
+++ b/src/chrome/content/rules/RC24.xyz.xml
@@ -0,0 +1,38 @@
+<!--
+	SSL protocol error:
+		- ms.wii.rc24.xyz
+
+	Mismatched:
+		- en.wikipedia.praxy.rc24.xyz
+		- cfh.wii.rc24.xyz
+		- news.wii.rc24.xyz
+		- rs.wii.rc24.xyz
+		- rss.wii.rc24.xyz
+		- weather.wii.rc24.xyz
+
+	Self-signed:
+		- mc.rc24.xyz
+
+	HTTP != HTTPS:
+		- admin.rc24.xyz
+-->
+<ruleset name="RC24.xyz">
+	<target host="rc24.xyz" />
+	<target host="www.rc24.xyz" />
+	<target host="announce.rc24.xyz" />
+	<target host="banner.rc24.xyz" />
+	<target host="blog.rc24.xyz" />
+	<target host="bookmark.rc24.xyz" />
+	<target host="bot.rc24.xyz" />
+	<target host="chat.rc24.xyz" />
+	<target host="interviews.rc24.xyz" />
+	<target host="mtw.rc24.xyz" />
+	<target host="status.rc24.xyz" />
+	<target host="syscheck.rc24.xyz" />
+	<target host="tag.rc24.xyz" />
+	<target host="theme.rc24.xyz" />
+	<target host="miicontest.wii.rc24.xyz" />
+	<target host="vt.wii.rc24.xyz" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/RCFP.org.xml b/src/chrome/content/rules/RCFP.org.xml
index 7c3dcd872f13..e90395d0f895 100644
--- a/src/chrome/content/rules/RCFP.org.xml
+++ b/src/chrome/content/rules/RCFP.org.xml
@@ -2,20 +2,39 @@
 	Reporters Committee for Freedom of the Press
 
 
-	- Expired 2012-09-06
-	- Cert only matches ^rcfp.org
+	Other RCFP rulesets:
+
+		- Sunshine_Week.org.xml
+
+
+	Nonfunctional subdomains:
+
+		- sunshineweek *
+
+	* Shows www; mismatched, CN: www.rcfp.org
+
+
+	Mixed content:
+
+		- Web bug from w.sharethis.com *
+
+	* Secured by us
 
 -->
-<ruleset name="RCFP.org" default_off="expired, self-signed">
+<ruleset name="RCFP.org (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="rcfp.org" />
-	<target host="*.rcfp.org" />
+	<target host="www.rcfp.org" />
 
 
+	<!--	Not secured by server:
+					-->
 	<securecookie host="^\.rcfp\.org$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?rcfp\.org/"
-		to="https://rcfp.org/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/RCI.com.xml b/src/chrome/content/rules/RCI.com.xml
new file mode 100644
index 000000000000..cce2efef0af8
--- /dev/null
+++ b/src/chrome/content/rules/RCI.com.xml
@@ -0,0 +1,36 @@
+<!--
+	Non-functional hosts
+		Timeout was reached:
+		- vtrends.rci.com
+
+		SSL peer certificate was not OK:
+		- tktermal.rci.com
+
+		Peer certificate cannot be authenticated with given CA certificates:
+		- pgs.rci.com
+
+		Incomplete certificate chain error:
+		- rcieliterewards.rci.com
+
+		Different content:
+		- m.rci.com on $
+-->
+<ruleset name="RCI.com (partial)">
+	<target host="rci.com" />
+	<target host="www.rci.com" />
+	<target host="ai.rci.com" />
+	<target host="api.rci.com" />
+	<target host="arrivalguides.rci.com" />
+	<target host="b2b.rci.com" />
+	<target host="discover.rci.com" />
+	<target host="m.rci.com" />
+		<test url="http://m.rci.com/rcimobile/" />
+	<target host="prep.rci.com" />
+	<target host="secureftp.rci.com" />
+
+	<rule from="^http://m\.rci\.com/$"
+		  	to="https://m.rci.com/rcimobile/" />
+
+	<rule from="^http:"
+		  	to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/RCKing.xml b/src/chrome/content/rules/RCKing.xml
index 965ff7e287e6..52aa17b2488c 100644
--- a/src/chrome/content/rules/RCKing.xml
+++ b/src/chrome/content/rules/RCKing.xml
@@ -1,13 +1,44 @@
-<ruleset name="RCKing">
+<!--
+	^rcking.eu: 503
 
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .rcking.eu
+		- www.rcking.eu
+
+
+	Mixed content:
+
+		- Images from $self *
+		- Ad from www.googleadservices.com *
+
+	* Secured by us
+
+-->
+<ruleset name="RCKing.eu">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.rcking.eu" />
+
+	<!--	Complications:
+				-->
 	<target host="rcking.eu" />
-	<target host="*.rcking.eu" />
 
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.rcking\.eu$" name="^(?:__cfduid|[\da-f]{32}|cf_clearance)$" /-->
+	<!--securecookie host="^www\.rcking\.eu$" name="^lgc$" /-->
+
 	<securecookie host="^(?:w*\.)?rcking\.eu$" name=".+" />
 
 
-	<rule from="^http://(www\.)?rcking\.eu/"
-		to="https://$1rcking.eu/" />
+	<rule from="^http://rcking\.eu/"
+		to="https://www.rcking.eu/" />
+
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/RCPmag.com.xml b/src/chrome/content/rules/RCPmag.com.xml
new file mode 100644
index 000000000000..6e91a5ddbe6e
--- /dev/null
+++ b/src/chrome/content/rules/RCPmag.com.xml
@@ -0,0 +1,28 @@
+<!--
+	For other 1105 Media coverage, see 1105_Media.com.xml.
+
+
+	Insecure cookies are set for these hosts:
+
+		- rcpmag.com
+
+-->
+<ruleset name="RCPmag.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="rcpmag.com" />
+	<target host="www.rcpmag.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^rcpmag\.com$" name="^(ASP\.NET_SessionId|BIGipServerPool[\w-]+)$" /-->
+
+	<securecookie host="^rcpmag\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/RCUK.ac.uk.xml b/src/chrome/content/rules/RCUK.ac.uk.xml
new file mode 100644
index 000000000000..cda38a59e01d
--- /dev/null
+++ b/src/chrome/content/rules/RCUK.ac.uk.xml
@@ -0,0 +1,20 @@
+<!--
+
+	Nonfunctional subdomains:
+
+		- ^ ²
+		- gtr ¹
+		- www ¹
+
+	¹ Refused
+	² Dropped
+
+-->
+<ruleset name="RCUK.ac.uk (partial)">
+
+	<target host="blogs.rcuk.ac.uk" />
+	<target host="je-s.rcuk.ac.uk" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/RDO_project.org.xml b/src/chrome/content/rules/RDO_project.org.xml
new file mode 100644
index 000000000000..f2795f20a447
--- /dev/null
+++ b/src/chrome/content/rules/RDO_project.org.xml
@@ -0,0 +1,55 @@
+<!--
+	For other Red Hat coverage, see Red_Hat.xml.
+
+
+	Problematic hosts in *rdoproject.org:
+
+		- ask ᵐ
+
+	ᵐ Mismatched
+
+
+	STS header includes includeSubdomains
+	for ^, ask, www
+
+-->
+<ruleset name="RDO project.org">
+
+	<target host="rdoproject.org" />
+	<target host="*.rdoproject.org" />
+
+		<!--	includeSubdomains applies to one level only, so:
+									-->
+		<exclusion pattern="^http://(?:(?![^./]+\.(?:ask|www)\.rdoproject\.org/)(?:[^./]+\.){2,}|(?:[^./]+\.){2,}(?:ask|www)\.)rdoproject\.org/" />
+
+			<!--	+ve:
+					-->
+			<test url="http://this.host.rdoproject.org/" />
+			<test url="http://exists.not.rdoproject.org/" />
+			<test url="http://this.host.ask.rdoproject.org/" />
+			<test url="http://exists.not.ask.rdoproject.org/" />
+			<test url="http://this.host.www.rdoproject.org/" />
+			<test url="http://exists.not.www.rdoproject.org/" />
+			<test url="http://really.and.www.rdoproject.org/" />
+			<test url="http://honestly.not.www.rdoproject.org/" />
+
+		<test url="http://trunk.rdoproject.org/" />
+		<test url="http://www.rdoproject.org/" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<!--	Redirect keeps path and args,
+		but not forward slash:
+					-->
+	<rule from="^http://ask\.rdoproject\.org/+"
+		to="https://ask.openstack.org/en/questions/scope:unanswered/sort:age-desc/page:1/query:rdo/" />
+
+		<test url="http://ask.rdoproject.org/" />
+		<test url="http://ask.rdoproject.org/default.aspx" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/RDot.org.xml b/src/chrome/content/rules/RDot.org.xml
new file mode 100644
index 000000000000..9d4893d0b3ba
--- /dev/null
+++ b/src/chrome/content/rules/RDot.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="RDot.org">
+	<target host="rdot.org" />
+	<target host="www.rdot.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/RE.is.xml b/src/chrome/content/rules/RE.is.xml
index ffb453975f75..218d48df8426 100644
--- a/src/chrome/content/rules/RE.is.xml
+++ b/src/chrome/content/rules/RE.is.xml
@@ -15,7 +15,8 @@
 <ruleset name="RE.is (partial)">
 
 	<target host="re.is" />
-	<target host="*.re.is" />
+	<target host="www.re.is" />
+	<target host="agent.re.is" />
 		<!--exclusion pattern="http://(www\.)?re\.is/(?!da/CartService/|media/|skin/)" /-->
 
 
diff --git a/src/chrome/content/rules/RECRegistry.xml b/src/chrome/content/rules/RECRegistry.xml
new file mode 100644
index 000000000000..8bae0b6bbca9
--- /dev/null
+++ b/src/chrome/content/rules/RECRegistry.xml
@@ -0,0 +1,7 @@
+<ruleset name="REC Registry">
+	<target host="rec-registry.gov.au" />
+	<target host="www.rec-registry.gov.au" />
+
+	<rule from="^http://(?:www\.)?rec-registry\.gov\.au/"
+		to="https://www.rec-registry.gov.au/" />
+</ruleset>
diff --git a/src/chrome/content/rules/REFEDD.org.xml b/src/chrome/content/rules/REFEDD.org.xml
new file mode 100644
index 000000000000..5cdabe6b658d
--- /dev/null
+++ b/src/chrome/content/rules/REFEDD.org.xml
@@ -0,0 +1,15 @@
+<ruleset name="REFEDD.org">
+
+	<target host="refedd.org" />
+	<target host="www.refedd.org" />
+	<target host="anciensite.refedd.org" />
+	<target host="www.anciensite.refedd.org" />
+	<target host="donnetonavis.refedd.org" />
+	<target host="nouveausite.refedd.org" />
+	<target host="www.nouveausite.refedd.org" />
+	<target host="pdc.refedd.org" />
+	<target host="www.pdc.refedd.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/REFEDS.org.xml b/src/chrome/content/rules/REFEDS.org.xml
new file mode 100644
index 000000000000..dc51dc9be188
--- /dev/null
+++ b/src/chrome/content/rules/REFEDS.org.xml
@@ -0,0 +1,27 @@
+<!--
+	For other GÉANT Association coverage, see GEANT.org.xml.
+
+
+	Fully covered subdomains:
+
+		- (www.)?
+		- blog
+		- discovery
+		- reep
+		- wiki
+
+-->
+<ruleset name="REFEDS.org">
+
+	<target host="refeds.org" />
+	<target host="blog.refeds.org" />
+	<target host="discovery.refeds.org" />
+	<target host="reep.refeds.org" />
+	<target host="wiki.refeds.org" />
+	<target host="www.refeds.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/REMnux.org.xml b/src/chrome/content/rules/REMnux.org.xml
new file mode 100644
index 000000000000..c44c4adb0e99
--- /dev/null
+++ b/src/chrome/content/rules/REMnux.org.xml
@@ -0,0 +1,40 @@
+<!--
+	NB: Tor users cannot view* this website due to CloudFlare settings.
+
+	See:
+
+		- https://blog.torproject.org/blog/call-arms-helping-internet-services-accept-anonymous-users
+		- https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block-Tor-
+		- https://support.cloudflare.com/hc/en-us/articles/200170206-How-do-I-turn-I-m-Under-Attack-mode-on-
+
+	* without enabling javascript, for security and privacy implications see e.g.:
+
+		- https://www.mozilla.org/security/known-vulnerabilities/firefox.html
+		- https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-fingerprinting
+		- https://panopticlick.eff.org
+
+
+	Insecure cookies are set for these domains:
+
+		- .remnux.org
+
+-->
+<ruleset name="REMnux.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="remnux.org" />
+	<target host="www.remnux.org" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.remnux\.org$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/RESOLV.xml b/src/chrome/content/rules/RESOLV.xml
index 0f28cad60f24..f51b410a92bb 100644
--- a/src/chrome/content/rules/RESOLV.xml
+++ b/src/chrome/content/rules/RESOLV.xml
@@ -1,15 +1,15 @@
-<ruleset name="RESOLV" default_off="mismatch">
+<ruleset name="RESOLV" default_off="mismatched">
 
 	<!--	Cert: *.gridserver.com	-->
 	<target host="resolv.org" />
 	<target host="www.resolv.org" />
 
 
-	<securecookie host="^www\.resolv\.org$" name=".*" />
+	<securecookie host="^www\.resolv\.org$" name=".+" />
 
 
 	<!--	!www redirects to www.	-->
-	<rule from="^https?://(?:www\.)?resolv\.org/"
+	<rule from="^http://(?:www\.)?resolv\.org/"
 		to="https://www.resolv.org/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/REWAG.xml b/src/chrome/content/rules/REWAG.xml
new file mode 100644
index 000000000000..37790c9bbff2
--- /dev/null
+++ b/src/chrome/content/rules/REWAG.xml
@@ -0,0 +1,20 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://karriere.rewag.de/ => https://karriere.rewag.de/: Too many redirects while fetching 'https://karriere.rewag.de/'
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://karriere.rewag.de/ => https://karriere.rewag.de/: Too many redirects while fetching 'https://karriere.rewag.de/'
+Fetch error: http://www.rewag.de/ => https://www.rewag.de/: (60, 'SSL certificate problem: certificate has expired')
+
+	Regensburger Energie- und Wasserversorgung AG
+
+-->
+<ruleset name="REWAG.de" default_off="failed ruleset test">
+	<target host="karriere.rewag.de"/>
+	<target host="www.rewag.de"/>
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/REcon.cx.xml b/src/chrome/content/rules/REcon.cx.xml
new file mode 100644
index 000000000000..19cb5dbcb002
--- /dev/null
+++ b/src/chrome/content/rules/REcon.cx.xml
@@ -0,0 +1,10 @@
+<ruleset name="REcon.cx">
+
+	<target host="recon.cx" />
+	<target host="www.recon.cx" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/RFC-Editor.xml b/src/chrome/content/rules/RFC-Editor.xml
index 51f6e4930c85..42ebf73359c5 100644
--- a/src/chrome/content/rules/RFC-Editor.xml
+++ b/src/chrome/content/rules/RFC-Editor.xml
@@ -1,12 +1,7 @@
 <ruleset name="RFC-Editor">
-  <target host="rfc-editor.org" />
-  <target host="www.rfc-editor.org" />
-		<!--
-			Search redirects to http.
+	<target host="rfc-editor.org" />
+	<target host="www.rfc-editor.org" />
+	<target host="ftp.rfc-editor.org" />
 
-			https://mail1.eff.org/pipermail/https-everywhere-rules/2012-July/001241.html
-													-->
-		<exclusion pattern="^http://(www\.)?rfc-editor\.org/errata(_search)?\.php(?:$|\?)" />
-
-  <rule from="^http://(?:www\.)?rfc-editor\.org/" to="https://www.rfc-editor.org/"/>
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/RFC_Express.xml b/src/chrome/content/rules/RFC_Express.xml
index 3e826c8e6556..a3c651a432f2 100644
--- a/src/chrome/content/rules/RFC_Express.xml
+++ b/src/chrome/content/rules/RFC_Express.xml
@@ -1,4 +1,11 @@
-<ruleset name="RFC Express">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://rfcexpress.com/ => https://rfcexpress.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.rfcexpress.com/ => https://www.rfcexpress.com/: (28, 'Connection timed out after 20002 milliseconds')
+
+-->
+<ruleset name="RFC Express" default_off="failed ruleset test">
 
 	<target host="rfcexpress.com" />
 	<target host="www.rfcexpress.com" />
@@ -7,7 +14,6 @@
 	<securecookie host="^(?:www\.)?rfcexpress\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?rfcexpress\.com/"
-		to="https://$1rfcexpress.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/RF_Parts.com.xml b/src/chrome/content/rules/RF_Parts.com.xml
new file mode 100644
index 000000000000..41096c19598b
--- /dev/null
+++ b/src/chrome/content/rules/RF_Parts.com.xml
@@ -0,0 +1,28 @@
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://rfparts.com/ => https://www.rfparts.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+	^: cert only matches www
+
+-->
+<ruleset name="RF Parts.com">
+
+	<target host="rfparts.com" />
+	<target host="*.rfparts.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.www\.rfparts\.com$" name="^frontend$" /-->
+
+	<securecookie host="^\.www\.rfparts\.com$" name=".+" />
+
+
+	<!--	Redirect drops path and args:
+						-->
+	<rule from="^http://rfparts\.com/.*"
+		to="https://www.rfparts.com/" />
+
+	<rule from="^http://www\.rfparts\.com/"
+		to="https://www.rfparts.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/RF_SUNY.org.xml b/src/chrome/content/rules/RF_SUNY.org.xml
new file mode 100644
index 000000000000..f8cc512eec22
--- /dev/null
+++ b/src/chrome/content/rules/RF_SUNY.org.xml
@@ -0,0 +1,18 @@
+<!--
+	Research Foundation of State University of New York
+
+
+	(www.)?rfsuny.org: Refused
+
+-->
+<ruleset name="RF SUNY.org (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="portal.rfsuny.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/RG_static.net.xml b/src/chrome/content/rules/RG_static.net.xml
new file mode 100644
index 000000000000..36b7b4b53113
--- /dev/null
+++ b/src/chrome/content/rules/RG_static.net.xml
@@ -0,0 +1,52 @@
+<!--
+	For other ResearchGate coverage, see ResearchGate.net.xml.
+
+
+	CDN buckets:
+
+		- cdn.researchgate.net.c.footprint.net
+
+		- ssl.rgstatic.net.c.footprint.net
+
+			- sc[1-4]
+			- si[1-4]
+
+
+-->
+<ruleset name="RG static.net">
+
+	<target host="c.rgstatic.net" />
+	<target host="c0.rgstatic.net" />
+	<target host="c1.rgstatic.net" />
+	<target host="c2.rgstatic.net" />
+	<target host="c3.rgstatic.net" />
+	<target host="c4.rgstatic.net" />
+	<target host="c5.rgstatic.net" />
+
+	<target host="i.rgstatic.net" />
+	<target host="i0.rgstatic.net" />
+	<target host="i1.rgstatic.net" />
+	<target host="i2.rgstatic.net" />
+	<target host="i3.rgstatic.net" />
+	<target host="i4.rgstatic.net" />
+
+	<target host="sc.rgstatic.net" />
+	<target host="sc0.rgstatic.net" />
+	<target host="sc1.rgstatic.net" />
+	<target host="sc2.rgstatic.net" />
+	<target host="sc3.rgstatic.net" />
+	<target host="sc4.rgstatic.net" />
+	<target host="sc5.rgstatic.net" />
+
+	<target host="si.rgstatic.net" />
+	<target host="si0.rgstatic.net" />
+	<target host="si1.rgstatic.net" />
+	<target host="si2.rgstatic.net" />
+	<target host="si3.rgstatic.net" />
+	<target host="si4.rgstatic.net" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/RHUL.ac.uk.xml b/src/chrome/content/rules/RHUL.ac.uk.xml
index 0d5faf685399..1b41c7806d90 100644
--- a/src/chrome/content/rules/RHUL.ac.uk.xml
+++ b/src/chrome/content/rules/RHUL.ac.uk.xml
@@ -40,8 +40,12 @@
 <ruleset name="RHUL.ac.uk (partial)">
 
 	<target host="rhul.ac.uk" />
-	<target host="*.rhul.ac.uk" />
-		<exclusion pattern="^http://(?:www\.)?isg\.rhul\.ac\.uk/+tls(?:$|[?/])" />
+	<target host="www.rhul.ac.uk" />
+	<target host="cimhelpdesk.rhul.ac.uk" />
+	<target host="helpdesk.ma.rhul.ac.uk" />
+	<target host="isg.rhul.ac.uk" />
+	<target host="www.isg.rhul.ac.uk" />
+		<exclusion pattern="^http://(?:www\.)?isg\.rhul\.ac\.uk/+(?:~|tls(?:$|[?/]))" />
 		<!--exclusion pattern="^http://(www\.)?isg\.rhul\.ac\.uk/+(?!$|\?|bin($|[?/])|static/)" /-->
 
 
@@ -57,7 +61,6 @@
 	<rule from="^http://(?:cimhelpdesk|helpdesk\.ma)\.rhul\.ac\.uk/"
 		to="https://helpdesk.ma.rhul.ac.uk/" />
 
-	<rule from="^http://(www\.)?isg\.rhul\.ac\.uk/"
-		to="https://$1isg.rhul.ac.uk/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/RH_Cloud.com.xml b/src/chrome/content/rules/RH_Cloud.com.xml
new file mode 100644
index 000000000000..b80b9e269d9f
--- /dev/null
+++ b/src/chrome/content/rules/RH_Cloud.com.xml
@@ -0,0 +1,29 @@
+<!--
+	For other Red Hat coverage, see Red_Hat.xml.
+
+
+	(www.): mismatched
+
+-->
+<ruleset name="RH Cloud.com">
+
+	<target host="rhcloud.com" />
+	<target host="*.rhcloud.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^uddi(console)?-jbossoverlord\.rhcloud\.com$" name="^JSESSIONID$" /-->
+
+	<securecookie host="^[\w-]+\.rhcloud\.com$" name=".+" />
+
+
+	<!--	Redirects like so:
+					-->
+	<rule from="^http://(?:www\.)?rhcloud\.com/+"
+		to="https://openshift.com/" />
+
+	<rule from="^http://([\w-]+)\.rhcloud\.com/"
+		to="https://$1.rhcloud.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/RIA.com.xml b/src/chrome/content/rules/RIA.com.xml
new file mode 100644
index 000000000000..e3ab3e703493
--- /dev/null
+++ b/src/chrome/content/rules/RIA.com.xml
@@ -0,0 +1,210 @@
+<!--
+	Other RIA rulesets:
+
+		- RIA_static.com.xml
+
+
+	Nonfunctional hosts in *ria.com:
+
+		- avia ¹
+		- avia2 ²
+		- bezpeka ³
+		- cobrand ³
+		- help ⁴
+		- job.partners ⁵
+
+	¹ Redirects to http
+	² 503
+	³ 404
+	⁴ Shows default page
+	⁵ Shows css.ria.com
+
+
+	Problematic hosts in *ria.com:
+
+		- gimnasst.dom *
+
+	* Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- bryanka.ria.com
+		- dom.ria.com
+		- kharcizk.ria.com
+		- market.ria.com
+		- mogilevpodolskiy.ria.com
+		- rabota.ria.com
+		- sverdlovsk.ria.com
+		- vw-audi.ria.com
+		- www.ria.com
+		- . . .
+
+
+	Mixed content:
+
+		- Image on market from static.siteheart.com
+
+-->
+<ruleset name="RIA.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ria.com" />
+	<target host="*.ria.com" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://avia\.ria\.com/(?:$|ria/css/|ria/img/)" /-->
+
+		<!--exclusion pattern="^http://(?:avia2?|bezpeka|cobrand|gimnasst\.dom|help|job\.partners)\.ria\.com/" /-->
+		<exclusion pattern="^http://(?:avia2?|bezpeka|cobrand|help)\.ria\.com/" />
+
+			<!--	+ve:
+					-->
+			<test url="http://avia.ria.com/" />
+			<test url="http://avia2.ria.com/" />
+			<test url="http://bezpeka.ria.com/" />
+			<test url="http://cobrand.ria.com/" />
+			<!--test url="http://gimnasst.dom.ria.com/" /-->
+			<test url="http://help.ria.com/" />
+			<!--test url="http://job.partners.ria.com/" /-->
+
+		<test url="http://ahtyrka.ria.com/" />
+		<test url="http://alupka.ria.com/" />
+		<test url="http://alushta.ria.com/" />
+		<test url="http://andrushovka.ria.com/" />
+		<test url="http://artemovsk.ria.com/" />
+		<test url="http://auto.ria.com/" />
+		<test url="http://auto-stok.ria.com/" />
+		<test url="http://img.auto.ria.com/" />
+		<test url="http://avdeevka.ria.com/" />
+		<test url="http://baranovka.ria.com/" />
+		<test url="http://belgorod-dnestrovskiy.ria.com/" />
+		<test url="http://berdichev.ria.com/" />
+		<test url="http://berdyansk.ria.com/" />
+		<test url="http://beregovo.ria.com/" />
+		<test url="http://berislav.ria.com/" />
+		<test url="http://bryanka.ria.com/" />
+		<test url="http://buchach.ria.com/" />
+		<test url="http://cherkassy.ria.com/" />
+		<test url="http://chernigov.ria.com/" />
+		<test url="http://chervonograd.ria.com/" />
+		<test url="http://css.ria.com/" />
+		<test url="http://debaltsevo.ria.com/" />
+		<test url="http://dnepropetrovsk.ria.com/" />
+		<test url="http://dnieprodzierzhinsk.ria.com/" />
+		<test url="http://dolinskaya.ria.com/" />
+		<test url="http://doneck.ria.com/" />
+		<test url="http://dom.ria.com/" />
+		<test url="http://druzhkovka.ria.com/" />
+		<test url="http://dubno.ria.com/" />
+		<test url="http://energodar.ria.com/" />
+		<test url="http://engine.ria.com/" />
+		<test url="http://evpatoriya.ria.com/" />
+		<test url="http://fastiv.ria.com/" />
+		<test url="http://feodosiya.ria.com/" />
+		<test url="http://gayvoron.ria.com/" />
+		<test url="http://gurzuf.ria.com/" />
+		<test url="http://herson.ria.com/" />
+		<test url="http://hust.ria.com/" />
+		<test url="http://illichivsk.ria.com/" />
+		<test url="http://jet-auto.ria.com/" />
+		<test url="http://kahovka.ria.com/" />
+		<test url="http://kalush.ria.com/" />
+		<test url="http://kazatin.ria.com/" />
+		<test url="http://kelmency.ria.com/" />
+		<test url="http://kharcizk.ria.com/" />
+		<test url="http://kirovograd.ria.com/" />
+		<test url="http://koktebel.ria.com/" />
+		<test url="http://komsomolsk.ria.com/" />
+		<test url="http://konotop.ria.com/" />
+		<test url="http://korostyshev.ria.com/" />
+		<test url="http://kotovsk.ria.com/" />
+		<test url="http://kovel.ria.com/" />
+		<test url="http://krasnoarmeysk.ria.com/" />
+		<test url="http://kremenets.ria.com/" />
+		<test url="http://kuznecovsk.ria.com/" />
+		<test url="http://kyiv.ria.com/" />
+		<test url="http://lozovaja.ria.com/" />
+		<test url="http://lubny.ria.com/" />
+		<test url="http://lubotin.ria.com/" />
+		<test url="http://lugansk.ria.com/" />
+		<test url="http://lutsk.ria.com/" />
+		<test url="http://lviv.ria.com/" />
+		<test url="http://malin.ria.com/" />
+		<test url="http://marganec.ria.com/" />
+		<test url="http://mariupol.ria.com/" />
+		<test url="http://market.ria.com/" />
+		<test url="http://mishor.ria.com/" />
+		<test url="http://mogilevpodolskiy.ria.com/" />
+		<test url="http://mukachevo.ria.com/" />
+		<test url="http://nikolaev.ria.com/" />
+		<test url="http://nikopol.ria.com/" />
+		<test url="http://nosovka.ria.com/" />
+		<!--test url="http://novaya_kahovka.ria.com/" /-->
+		<test url="http://novomirgorod.ria.com/" />
+		<test url="http://novomoskovsk.ria.com/" />
+		<test url="http://novovolynsk.ria.com/" />
+		<test url="http://obuhov.ria.com/" />
+		<test url="http://ochakov.ria.com/" />
+		<test url="http://odessa.ria.com/" />
+		<test url="http://ordzhonikidze.ria.com/" />
+		<test url="http://ostrog.ria.com/" />
+		<test url="http://pavlograd.ria.com/" />
+		<test url="http://poltava.ria.com/" />
+		<test url="http://priluki.ria.com/" />
+		<test url="http://rabota.ria.com/" />
+		<test url="http://rovenki.ria.com/" />
+		<test url="http://rubezhnoe.ria.com/" />
+		<test url="http://selidovo.ria.com/" />
+		<test url="http://sevastopol.ria.com/" />
+		<test url="http://severodonetsk.ria.com/" />
+		<test url="http://shepetivka.ria.com/" />
+		<test url="http://shostka.ria.com/" />
+		<test url="http://simeiz.ria.com/" />
+		<test url="http://simferopol.ria.com/" />
+		<test url="http://sinelnikovo.ria.com/" />
+		<test url="http://skadovsk.ria.com/" />
+		<test url="http://slavuta.ria.com/" />
+		<test url="http://slavutich.ria.com/" />
+		<test url="http://slavyansk.ria.com/" />
+		<test url="http://snezhnoe.ria.com/" />
+		<test url="http://stahanov.ria.com/" />
+		<test url="http://sudak.ria.com/" />
+		<test url="http://sumy.ria.com/" />
+		<test url="http://sverdlovsk.ria.com/" />
+		<test url="http://teplodar.ria.com/" />
+		<test url="http://ternivka.ria.com/" />
+		<test url="http://tokmak.ria.com/" />
+		<test url="http://tjachev.ria.com/" />
+		<test url="http://varva.ria.com/" />
+		<test url="http://vasilkov.ria.com/" />
+		<test url="http://vinnica.ria.com/" />
+		<test url="http://volnogorsk.ria.com/" />
+		<test url="http://voznesensk.ria.com/" />
+		<test url="http://vw-audi.ria.com/" />
+		<test url="http://www.ria.com/" />
+		<test url="http://yalta.ria.com/" />
+		<test url="http://yasinovataya.ria.com/" />
+		<test url="http://yuzhnoukrainsk.ria.com/" />
+		<test url="http://zapchasti.ria.com/" />
+		<test url="http://zaporozhye.ria.com/" />
+		<test url="http://zhmerinka.ria.com/" />
+		<test url="http://znamenka.ria.com/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^dom\.ria\.com$" name="^dom_sess$" /-->
+	<!--securecookie host="^market\.ria\.com$" name="^connect\.sid$" /-->
+	<!--securecookie host="^(?:engine|jet-auto|rabota|vw-audi)\.ria\.com$" name="^(?:PHPSESSID|lang_code)$" /-->
+	<!--securecookie host="^(?:ahtyrka|andrushovka|artemovsk|avdeevka|baranovka|beregovo|berislav|bryanka|buchach|chernigov|dolinskaya|druzhkovka|dubno|energodar|hust|kalush|kelmency|kharcizk|konotop|korostyshev|kovel|kremenets|kuznecovsk|lozovaja|malin|mariupol|mogilevpodolskiy|mukachevo|nosovka|ostrog|rovenki|severodonetsk|simeiz|skadovsk|slavutich|slavyansk|snezhnoe|stahanov|sumy|sverdlovsk|tokmak|vasilkov|yalta|yasinovataya|yuzhnoukrainsk|zaporozhye|znamenka)\.ria\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\w.*\.ria\.com$" name=".+" />
+
+
+	<rule from="^http://([\w-]+\.|img\.auto\.)?ria\.com/"
+		to="https://$1ria.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/RIAA.com.xml b/src/chrome/content/rules/RIAA.com.xml
new file mode 100644
index 000000000000..a904746e1002
--- /dev/null
+++ b/src/chrome/content/rules/RIAA.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="RIAA.com" >
+	<target host="riaa.com" />
+	<target host="www.riaa.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/RIAA.xml b/src/chrome/content/rules/RIAA.xml
deleted file mode 100644
index 039dc6272cd1..000000000000
--- a/src/chrome/content/rules/RIAA.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="RIAA" platform="mixedcontent">
-  <target host="riaa.com" />
-  <target host="www.riaa.com" />
-
-  <rule from="^http://(www\.)?riaa\.com/" to="https://$1riaa.com/" />
-</ruleset>
diff --git a/src/chrome/content/rules/RIA_static.com.xml b/src/chrome/content/rules/RIA_static.com.xml
new file mode 100644
index 000000000000..3ba43133e831
--- /dev/null
+++ b/src/chrome/content/rules/RIA_static.com.xml
@@ -0,0 +1,17 @@
+<!--
+	For other RIA coverage, see RIA.com.xml.
+
+-->
+<ruleset name="RIA static.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="cdn.riastatic.com" />
+	<target host="css.riastatic.com" />
+	<target host="dom.riastatic.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/RIC.org.xml b/src/chrome/content/rules/RIC.org.xml
index a947bc31c29b..f12266be54e6 100644
--- a/src/chrome/content/rules/RIC.org.xml
+++ b/src/chrome/content/rules/RIC.org.xml
@@ -11,7 +11,6 @@
 	<securecookie host="^(?:www\.)?ric\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?ric\.org/"
-		to="https://$1ric.org/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/RIKEN.jp.xml b/src/chrome/content/rules/RIKEN.jp.xml
index bc104badf287..d8d3fd944586 100644
--- a/src/chrome/content/rules/RIKEN.jp.xml
+++ b/src/chrome/content/rules/RIKEN.jp.xml
@@ -1,18 +1,82 @@
 <!--
 	Nonfunctional subdomains:
 
-		- www	(refused)
+		- (www.)? ¹
+		- 100th ¹
+		- hpci-tech.aics (timeout)
+
+		- brainatlas.brain ¹
+		- bsi-ni.brain ¹
+		- celloc3d.brain ¹
+		- www.dei.brain ¹
+		- www.brain ²
+
+		- aleaves.cdb ¹
+		- ecomics ¹
+		- ftp ²
+		- metadb ¹
+		- www.nishina ³
+		- www.yokohama ¹
+
+	¹ Dropped
+	² Refused
+	³ Shows default page
+
+
+	Problematic hosts in *riken.jp:
+
+		- indico2 *
+
+	* Self-signed
+
+
+	Insecure cookies are set for these hosts:
+
+		- bsi-ni.brain.riken.jp
+		- nijc.brain.riken.jp
+		- choutatsu.riken.jp
 
 -->
 <ruleset name="RIKEN.jp (partial)">
 
-	<target host="www.rikenresearch.riken.jp" />
+	<!--	Direct rewrites:
+				-->
+	<target host="www.aics.riken.jp" />
+	<target host="bioconductor.riken.jp" />
+	<target host="bsi-ni.brain.riken.jp" />
+	<target host="nijc.brain.riken.jp" />
+	<target host="choutatsu.riken.jp" />
+	<!--target host="indico2.riken.jp" /-->
+	<target host="ribf.riken.jp" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.aics\.riken\.jp/library/topics/hpci-portal\.html$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.aics\.riken\.jp/+(?!aicssite/wp-content/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.aics.riken.jp/jp/outreach/library/" />
+			<test url="http://www.aics.riken.jp/library/topics/hpci-portal.html" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.aics.riken.jp/aicssite/wp-content/themes/aics_ja/images/share/aicslogo.gif" />
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^bsi-ni\.brain\.riken\.jp$" name="^(?:PHPSESSID|ml_lang|ml_langname)$" /-->
+	<!--securecookie host="^nijc\.brain\.riken\.jp$" name="^(?:PHPSESSID|autologin_pass|autologin_uname|ml_lang|ml_langname)$" /-->
+	<!--securecookie host="^choutatsu\.riken\.jp$" name="^PHPSESSID$" /-->
 
-	<securecookie host="^www\.rikenresearch\.riken\.jp$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://www\.rikenresearch\.riken\.jp/"
-		to="https://www.rikenresearch.riken.jp/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/RIS.BKA.gv.at.xml b/src/chrome/content/rules/RIS.BKA.gv.at.xml
index 77f3506e626c..5ebc7c1b7a93 100644
--- a/src/chrome/content/rules/RIS.BKA.gv.at.xml
+++ b/src/chrome/content/rules/RIS.BKA.gv.at.xml
@@ -2,5 +2,5 @@
   <target host="www.ris.bka.gv.at" />
   <target host="ris.bka.gv.at" />
 
-  <rule from="^http://(www\.)?ris\.bka\.gv\.at/" to="https://www.ris.bka.gv.at/"/>
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/RISI.xml b/src/chrome/content/rules/RISI.xml
index 7a7c01462fd2..be65a36835f2 100644
--- a/src/chrome/content/rules/RISI.xml
+++ b/src/chrome/content/rules/RISI.xml
@@ -6,16 +6,10 @@
 
 	<target host="risi.com"/>
 	<target host="www.risi.com"/>
-	<target host="risiinfo.com"/>
-	<target host="www.risiinfo.com"/>
-
-
-	<securecookie host="^www\.risiinfo\.com$" name=".*"/>
-
 
 	<!--	Cert doesn't match risi.com,
 		which redirects to risiinfo.com anyway.		-->
-	<rule from="^http://(www\.)?risi(?:info)?\.com/"
-		to="https://$1risiinfo.com/"/>
+	<rule from="^http://(www\.)?risi\.com/"
+		to="https://www.risiinfo.com/"/>
 
 </ruleset>
diff --git a/src/chrome/content/rules/RIT.edu.xml b/src/chrome/content/rules/RIT.edu.xml
new file mode 100644
index 000000000000..5777799b8cdf
--- /dev/null
+++ b/src/chrome/content/rules/RIT.edu.xml
@@ -0,0 +1,217 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cis.rit.edu/ => https://cis.rit.edu/: (51, "SSL: no alternative certificate subject name matches target host name 'cis.rit.edu'")
+Fetch error: http://ntid.rit.edu/ => https://ntid.rit.edu/: (51, "SSL: no alternative certificate subject name matches target host name 'ntid.rit.edu'")
+
+	Rochester Institute of Technology
+
+
+	Nonfunctional hosts in *rit.edu:
+
+		- campuslife ¹
+		- cias-helpdesk ¹
+		- computing.cis ²
+		- trouble.cis ²
+		- events ¹
+		- infoguides ¹
+		- magic ¹
+		- wally ¹
+		- whatsinaname ¹
+
+	¹ Refused
+	² Shows ^cis.rit.edu
+
+
+	Problematic hosts in *rit.edu:
+
+		- ^ ¹
+		- www.cias ²
+		- dirs.cis ³
+		- entrepreneurship ⁴
+		- thewallacecenter ¹
+
+	¹ Refused
+	² 404
+	³ Shows ^cis.rit.edu
+	⁴ Redirects to www.rit.edu
+
+
+	Fully covered hosts in *rit.edu:
+
+		- (www.)?		(^ → www)
+		- footprints02.main.ad
+		- shibboleth.main.ad
+		- albert
+		- artoncampus
+
+		- cias
+		- checkout.cias
+		- inside.cias
+		- request.cias
+
+		- (www.)?cis
+		- dirs.cis		(→ www.cis.rit.edu)
+		- greek
+		- ill
+		- library
+		- my
+		- ntid
+		- apps.ntid
+		- portal
+		- resnet
+		- start
+		- studyabroad
+		- thelink
+		- thewallacecenter	(→ wallacecenter.rit.edu)
+		- wallacecenter
+		- wiki
+
+
+	These altnames don't exist:
+
+		- www.albert.rit.edu
+		- www.ill.rit.edu
+		- www.start.rit.edu
+		- www.wiki.rit.edu
+
+
+	Insecure cookies are set for these hosts and domains:
+
+		- .rit.edu
+		- footprints02.main.ad.rit.edu
+		- albert.rit.edu
+		- artoncampus.rit.edu
+		- cias.rit.edu
+		- checkout.cias.rit.edu
+		- start.rit.edu
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- artoncampus from $self
+			- library, www from www.rit.edu
+			- wallacecenter from $self
+
+		- favicon on artoncampus from $self
+
+-->
+<ruleset name="RIT.edu (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="footprints02.main.ad.rit.edu" />
+	<target host="shibboleth.main.ad.rit.edu" />
+	<target host="albert.rit.edu" />
+
+	<target host="cias.rit.edu" />
+	<target host="checkout.cias.rit.edu" />
+	<target host="inside.cias.rit.edu" />
+	<target host="request.cias.rit.edu" />
+
+	<target host="cis.rit.edu" />
+	<target host="artoncampus.rit.edu" />
+	<target host="www.cis.rit.edu" />
+
+	<target host="greek.rit.edu" />
+	<target host="ill.rit.edu" />
+	<target host="library.rit.edu" />
+	<target host="my.rit.edu" />
+	<target host="mirrors.rit.edu" />
+	<target host="ntid.rit.edu" />
+	<target host="apps.ntid.rit.edu" />
+	<target host="www.ntid.rit.edu" />
+	<target host="portal.rit.edu" />
+	<target host="resnet.rit.edu" />
+	<target host="ritpress.rit.edu" />
+	<target host="start.rit.edu" />
+	<target host="studyabroad.rit.edu" />
+	<target host="thelink.rit.edu" />
+	<target host="wallacecenter.rit.edu" />
+	<target host="wiki.rit.edu" />
+	<target host="www.rit.edu" />
+
+	<!--	Complications:
+				-->
+	<target host="rit.edu" />
+	<target host="dirs.cis.rit.edu" />
+	<target host="thewallacecenter.rit.edu" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.ntid\.rit\.edu/nce/$" /-->
+		<!--exclusion pattern="^http://ritpress\.rit\.edu/$" /-->
+		<!--exclusion pattern="^http://saunders\.rit\.edu/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.ntid\.rit\.edu/(?!$|sites/)" />
+		<exclusion pattern="^http://ritpress\.rit\.edu/+(?!misc/|modules/|sites/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.ntid.rit.edu/about" />
+			<test url="http://www.ntid.rit.edu/contact" />
+			<test url="http://www.ntid.rit.edu/giving" />
+			<test url="http://www.ntid.rit.edu/nce" />
+			<test url="http://www.ntid.rit.edu/studentlife/activities" />
+
+			<test url="http://ritpress.rit.edu/about-us.html" />
+			<test url="http://ritpress.rit.edu/contact" />
+			<test url="http://ritpress.rit.edu/ordering.html" />
+			<test url="http://ritpress.rit.edu/publications" />
+			<test url="http://ritpress.rit.edu/subject/rit" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.ntid.rit.edu/sites/default/files/css_injector_10.css" />
+
+			<test url="http://ritpress.rit.edu/misc/feed.png" />
+			<test url="http://ritpress.rit.edu/modules/node/node.css" />
+			<test url="http://ritpress.rit.edu/sites/all/modules/cck/modules/fieldgroup/fieldgroup.css" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.rit\.edu$" name="^(III_EXPT_FILE|III_SESSION_ID|RITApache|SESSION_LANGUAGE)$" /-->
+	<!--securecookie host="^footprints02\.main\.ad\.rit\.edu$" name="^_shibstate_\d+_[\da-f]+$" /-->
+	<!--securecookie host="^albert\.rit\.edu$" name="^SESSION_SCOPE$" /-->
+	<!--securecookie host="^artoncampus\.rit\.edu$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^cias\.rit\.edu$" name="^csrftoken$" /-->
+	<!--securecookie host="^checkout\.cias\.rit\.edu$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^start\.rit\.edu$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\.rit\.edu$" name="^RITApache$" />
+	<securecookie host="^(?:footprints02\.main\.ad|albert|artoncampus|cias|checkout\.cias|start)\.rit\.edu$" name=".+" />
+
+
+	<!--	Redirect keeps path and args,
+		but not forward slash:
+					-->
+	<rule from="^http://rit\.edu/+"
+		to="https://www.rit.edu/" />
+
+		<test url="http://rit.edu//favicon.ico" />
+
+	<!--	Redirect keeps path and args,
+		but not forward slash:
+					-->
+	<rule from="^http://dirs\.cis\.rit\.edu/+"
+		to="https://www.cis.rit.edu/remote-sensing/" />
+
+		<test url="http://dirs.cis.rit.edu//" />
+
+	<!--	Redirect keeps path and args,
+		but not forward slash:
+					-->
+	<rule from="^http://thewallacecenter\.rit\.edu/+"
+		to="https://wallacecenter.rit.edu/" />
+
+		<test url="http://thewallacecenter.rit.edu//" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/RL_CDN.com.xml b/src/chrome/content/rules/RL_CDN.com.xml
new file mode 100644
index 000000000000..6d2c3bf68a3e
--- /dev/null
+++ b/src/chrome/content/rules/RL_CDN.com.xml
@@ -0,0 +1,14 @@
+<!--
+	For other TowerData coverage, see TowerData.com.xml.
+-->
+<ruleset name="RL CDN.com" >
+	<target host="rlcdn.com" />
+	<target host="www.rlcdn.com" />
+	<target host="ei.rlcdn.com" />
+	<target host="idsync.rlcdn.com" />
+	<target host="rc.rlcdn.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/RL_Rose.xml b/src/chrome/content/rules/RL_Rose.xml
index 1d3739a54446..2f621868c4b5 100644
--- a/src/chrome/content/rules/RL_Rose.xml
+++ b/src/chrome/content/rules/RL_Rose.xml
@@ -1,13 +1,12 @@
 <ruleset name="RL Rose">
 
 	<target host="rlrose.co.uk" />
-	<target host="*.rlrose.co.uk" />
+	<target host="www.rlrose.co.uk" />
 
 
 	<securecookie host="^(?:www)?\.rlrose\.co\.uk$" name=".+" />
 
 
-	<rule from="^http://(www\.)?rlrose\.co\.uk/"
-		to="https://$1rlrose.co.uk/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/RMF.pl.xml b/src/chrome/content/rules/RMF.pl.xml
new file mode 100644
index 000000000000..e8cf5a793ad5
--- /dev/null
+++ b/src/chrome/content/rules/RMF.pl.xml
@@ -0,0 +1,76 @@
+<!--
+	Cert mismatch:
+		- (www.)rmf.pl
+		- kiosk.rmf.pl
+		- life.rmf.pl
+		- live.rmf.pl
+		- m.rmf.pl
+		 -mike.rmf.pl
+		- (www.)poplista.rmf.pl
+		- radio.rmf.pl
+		- rss.rmf.pl
+		- stream.rmf.pl
+		- sulley.rmf.pl
+		- (www.)classic.rmf.fm
+		- (www.)fakty.rmf.fm
+		- live.rmf.fm
+		- m.rmf.fm
+		- radio.rmf.fm
+		- muzyka.rmf.fm
+		- m.rmfclassic.pl
+		- panel.rmfclassic.pl
+		- forum.rmfon.pl
+		- (www.)games.rmfmaxxx.pl
+		- (www.)dedykacje.rmfmaxxx.pl
+
+	Chain issues:
+		- ftp.rmf.pl
+		- gruul.rmf.pl
+		- marauder.rmf.pl
+		- pliki.rmf.pl
+		- evio.rmfon.pl
+
+	Timeout:
+		- goauld.rmf.pl
+		- hamster.rmf.pl
+		- mxc.rmf.pl
+		- push.rmf.pl
+		- rmc.rmf.pl
+		- studio.rmf.pl
+
+	TLS not supported:
+		- (www.)20lat.rmf.fm
+		- 25lat.rmf.fm
+		- mxc.rmfmaxxx.pl
+		- mxcav.rmfmaxxx.pl
+-->
+<ruleset name="Radio Muzyka Fakty FM (partial)" >
+
+
+
+	<target host="doc.rmf.pl" />
+	<target host="gk.rmf.pl" />
+	<target host="mail.rmf.pl" />
+	<target host="partner.rmf.pl" />
+	<target host="secure.rmf.pl" />
+	<target host="skipper.rmf.pl" />
+	<target host="sopot.rmf.pl" />
+	<target host="static.rmf.pl" />
+	<target host="i.static.rmf.pl" />
+	<target host="txt.rmf.pl" />
+	<target host="vpn.rmf.pl" />
+	<target host="zol.rmf.pl" />
+
+	<target host="rmf.fm" />
+	<target host="www.rmf.fm" />
+
+	<target host="rmfclassic.pl" />
+	<target host="www.rmfclassic.pl" />
+
+	<target host="rmfmaxxx.pl" />
+	<target host="www.rmfmaxxx.pl" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/RMIT.edu.au.xml b/src/chrome/content/rules/RMIT.edu.au.xml
new file mode 100644
index 000000000000..1e764973b44f
--- /dev/null
+++ b/src/chrome/content/rules/RMIT.edu.au.xml
@@ -0,0 +1,88 @@
+<!--
+	Royal Melbourne Institute of Technology
+
+
+	Nonfunctional hosts in *:
+
+		- mams ʳ
+
+	ʳ Refused
+
+
+	Problematic hosts in *rmit.edu.au:
+
+		- ^ ᵈ
+		- sspr ᶜ
+
+	ᶜ Missing certificate chain
+	ᵈ Dropped
+
+
+	These altnames don't exist:
+
+		- www.alumnimagazine.rmit.edu.au
+
+
+	Insecure cookies are set for these hosts:
+
+		- alumni.rmit.edu.au
+		- www.alumni.rmit.edu.au
+		- alumnimagazine.rmit.edu.au
+		- my.rmit.edu.au
+		- sso-cas.rmit.edu.au
+		- sspr.rmit.edu.au
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- (www.)?alumni from $self ˢ
+			- alumni from www.alumni.rmit.edu.au ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="RMIT.edu.au (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="alumni.rmit.edu.au" />
+	<target host="www.alumni.rmit.edu.au" />
+	<target host="alumnimagazine.rmit.edu.au" />
+	<target host="bookit.rmit.edu.au" />
+	<target host="login.ezproxy.lib.rmit.edu.au" />
+	<target host="my.rmit.edu.au" />
+	<target host="sso-cas.rmit.edu.au" />
+	<!--target host="sspr.rmit.edu.au" /-->
+	<target host="www.rmit.edu.au" />
+
+	<!--	Complications:
+				-->
+	<target host="rmit.edu.au" />
+
+		<!--	404:
+				-->
+		<!--test url="http://www1.rmit.edu.au/library" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?alumni\.rmit\.edu\.au$" name="^(?:BIGipServer$|ASP\.NET_SessionId$|CSRF_TOKEN)$" /-->
+	<!--securecookie host="^alumnimagazine\.rmit\.edu\.au$" name="^user$" /-->
+	<!--securecookie host="^bookit\.rmit\.edu\.au$" name="^(?:ASP\.NET_SessionId|bookit)$" /-->
+	<!--securecookie host="^my\.rmit\.edu\.au$" name="^(?:AWSELB|JSESSIONID)$" /-->
+	<!--securecookie host="^sso-cas\.rmit\.edu\.au$" name="^cas-prd-web_cookie$" /-->
+	<!--securecookie host="^sspr\.rmit\.edu\.au$" name="^sspr-pr_cookie$" /-->
+
+	<securecookie host="^\." name="^_gat?$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://rmit\.edu\.au/"
+		to="https://www.rmit.edu.au/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/RNR_Wheels_and_Tires.xml b/src/chrome/content/rules/RNR_Wheels_and_Tires.xml
index c2865eca7745..d92b1b87d2c7 100644
--- a/src/chrome/content/rules/RNR_Wheels_and_Tires.xml
+++ b/src/chrome/content/rules/RNR_Wheels_and_Tires.xml
@@ -1,23 +1,30 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://rnrwheels.com/ => https://www.rnrwheels.com/: (60, 'SSL certificate problem: self signed certificate')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://rnrwheels.com/ => https://www.rnrwheels.com/: (35, 'error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol')
 	At least some shop pages redirect to http.
 
 
 	mixedcontent due to css served from static.ning.com
 
 -->
-<ruleset name="RNR Wheels &amp; Tires (partial)" platform="mixedcontent">
+<ruleset name="RNR Wheels &amp; Tires (partial)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="rnrwheels.com" />
-	<target host="*.rnrwheels.com" />
+	<target host="www.rnrwheels.com" />
+	<target host="shop.rnrwheels.com" />
 
 
 	<securecookie host="^\.rnrwheels\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?rnrwheels\.com/"
+	<rule from="^http://(?:www\.)?rnrwheels\.com/"
 		to="https://www.rnrwheels.com/" />
 
 	<rule from="^http://shop\.rnrwheels\.com/(Portals/|scripts/|show(?:Category|Product)Image\.aspx)"
 		to="https://shop.rnrwheels.com/$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/RNW.nl.xml b/src/chrome/content/rules/RNW.nl.xml
index 76f0ce5eb5b1..1ef5f9868686 100644
--- a/src/chrome/content/rules/RNW.nl.xml
+++ b/src/chrome/content/rules/RNW.nl.xml
@@ -10,18 +10,6 @@
 
 	* Refused
 
-
-	Fully covered subdomains:
-
-		- intranet
-		- ocs
-		- rvt-docs
-		- sites
-		- vpn
-		- webmail
-		- webtier
-
-
 	Observed cookie domains:
 
 		- .
@@ -37,16 +25,14 @@
 		- .www
 
 -->
-<ruleset name="RNW.nl (partial)">
+<ruleset name="RNW.nl (partial)" default_off="timeout">
 
-	<target host="*.rnw.nl" />
-		<!--exclusion pattern="^http://(corporate|www)\." /-->
+	<target host="intranet.rnw.nl" />
 
 
-	<securecookie host=".+\.rnw\.nl$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(intranet|ocs|rvt-docs|sites|vpn|webmail|webtier)\.rnw\.nl/"
-		to="https://$1.rnw.nl/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/RNZ.de.xml b/src/chrome/content/rules/RNZ.de.xml
new file mode 100644
index 000000000000..9a790316d929
--- /dev/null
+++ b/src/chrome/content/rules/RNZ.de.xml
@@ -0,0 +1,21 @@
+<!--
+	Invalid Certificate:
+		www.epaper.rnz.de
+		sportwahl.rnz.de
+		www.sportwahl.rnz.de
+		seniorenportal.rnz.de
+
+	Time-Out:
+		adcept.rnz.de
+		osc.rnz.de
+-->
+<ruleset name="RNZ.de">
+	<target host="rnz.de" />
+	<target host="www.rnz.de" />
+	<target host="epaper.rnz.de" />
+	<target host="immobilien.rnz.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/RNengage.com.xml b/src/chrome/content/rules/RNengage.com.xml
new file mode 100644
index 000000000000..6751f350a368
--- /dev/null
+++ b/src/chrome/content/rules/RNengage.com.xml
@@ -0,0 +1,16 @@
+<!--
+	For other Oracle coverage, see Oracle.xml.
+
+-->
+<ruleset name="RNengage.com">
+
+	<target host="www.rnengage.com" />
+
+
+	<securecookie host="^\.www\.rnengage\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/RNpdigital.com.xml b/src/chrome/content/rules/RNpdigital.com.xml
new file mode 100644
index 000000000000..db754bb2d644
--- /dev/null
+++ b/src/chrome/content/rules/RNpdigital.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="RNpdigital.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="rnpdigital.com" />
+	<target host="www.rnpdigital.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ROBEHA.de.xml b/src/chrome/content/rules/ROBEHA.de.xml
new file mode 100644
index 000000000000..fd796845df43
--- /dev/null
+++ b/src/chrome/content/rules/ROBEHA.de.xml
@@ -0,0 +1,13 @@
+<ruleset name="ROBEHA.de">
+
+	<target host="robeha.de" />
+	<target host="www.robeha.de" />
+
+	<!-- Invalid certificate on https://robeha.de/,
+	http://robeha.de/ redirects to http://www.robeha.de/ -->
+	<rule from="^http://robeha\.de/"
+		to="https://www.robeha.de/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ROBOXchange.xml b/src/chrome/content/rules/ROBOXchange.xml
deleted file mode 100644
index c6cdb227e428..000000000000
--- a/src/chrome/content/rules/ROBOXchange.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="ROBOXchange">
-  <target host="roboxchange.com" />
-  <target host="www.roboxchange.com" />
-
-  <rule from="^http://(?:www\.)?roboxchange\.com/" to="https://roboxchange.com/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/ROCKZi.com.xml b/src/chrome/content/rules/ROCKZi.com.xml
new file mode 100644
index 000000000000..f19fadd05c92
--- /dev/null
+++ b/src/chrome/content/rules/ROCKZi.com.xml
@@ -0,0 +1,33 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://rockzi.com/ => https://rockzi.com/: (7, 'Failed to connect to rockzi.com port 443: Connection timed out')
+Fetch error: http://cloud.rockzi.com/ => https://cloud.rockzi.com/: (7, 'Failed to connect to cloud.rockzi.com port 443: Connection timed out')
+Fetch error: http://www.rockzi.com/ => https://www.rockzi.com/: (7, 'Failed to connect to www.rockzi.com port 443: Connection timed out')
+
+-->
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://rockzi.com/ => https://rockzi.com/: Too many redirects while fetching 'https://rockzi.com/'
+
+	Mixed content:
+
+		- Images on ^ from cloud *
+
+	* Secured by us
+
+-->
+<ruleset name="ROCKZi.com" default_off="failed ruleset test">
+
+	<target host="rockzi.com" />
+	<target host="cloud.rockzi.com" />
+	<target host="www.rockzi.com" />
+
+
+	<securecookie host="^\.?rockzi\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ROHC-lib.org.xml b/src/chrome/content/rules/ROHC-lib.org.xml
new file mode 100644
index 000000000000..32c6909c27c2
--- /dev/null
+++ b/src/chrome/content/rules/ROHC-lib.org.xml
@@ -0,0 +1,24 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.rohc-lib.org/ => https://www.rohc-lib.org/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.rohc-lib.org/ => https://www.rohc-lib.org/: (60, 'SSL certificate problem: self signed certificate in certificate chain')
+
+	www: Mismatched
+
+-->
+<ruleset name="ROHC-lib.org" default_off="failed ruleset test">
+
+	<target host="rohc-lib.org" />
+	<target host="www.rohc-lib.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ROI.ru.xml b/src/chrome/content/rules/ROI.ru.xml
index cbbd2fdcbee2..8732ee6065e3 100644
--- a/src/chrome/content/rules/ROI.ru.xml
+++ b/src/chrome/content/rules/ROI.ru.xml
@@ -12,13 +12,14 @@
 <ruleset name="ROI.ru">
 
 	<target host="roi.ru" />
-	<target host="*.roi.ru" />
+	<target host="css.roi.ru" />
+	<target host="js.roi.ru" />
+	<target host="www.roi.ru" />
 
 
 	<securecookie host="^\.roi\.ru$" name=".+" />
 
 
-	<rule from="^http://((?:css|js|www)\.)?roi\.ru/"
-		to="https://$1roi.ru/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ROI_Solutions.xml b/src/chrome/content/rules/ROI_Solutions.xml
index 49b839b6a433..44e5d6ceda3d 100644
--- a/src/chrome/content/rules/ROI_Solutions.xml
+++ b/src/chrome/content/rules/ROI_Solutions.xml
@@ -6,7 +6,6 @@
 	<securecookie host="^secure2\.roisolutions\.net$" name=".+" />
 
 
-	<rule from="^http://secure2\.roisolutions\.net/"
-		to="https://secure2.roisolutions.net/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ROMDashboard.xml b/src/chrome/content/rules/ROMDashboard.xml
index 7d6ba80d7fcf..57acfafddb23 100644
--- a/src/chrome/content/rules/ROMDashboard.xml
+++ b/src/chrome/content/rules/ROMDashboard.xml
@@ -1,13 +1,13 @@
-<ruleset name="ROMDashboard">
+<ruleset name="ROMDashboard.com">
 
 	<target host="romdashboard.com" />
-	<target host="*.romdashboard.com" />
+	<target host="www.romdashboard.com" />
 
 
 	<securecookie host="^(?:w*\.)?romdashboard\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?romdashboard\.com/"
-		to="https://$1romdashboard.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/RPGGeek.com.xml b/src/chrome/content/rules/RPGGeek.com.xml
new file mode 100644
index 000000000000..19912980791f
--- /dev/null
+++ b/src/chrome/content/rules/RPGGeek.com.xml
@@ -0,0 +1,12 @@
+<!--
+	For other BoardGameGeek coverage, see BoardGameGeek.com.xml.
+-->
+<ruleset name="RPGGeek.com">
+	<target host="rpggeek.com" />
+	<target host="www.rpggeek.com" />
+
+	<securecookie host="^(\.|www\.)?rpggeek\.com$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/RPGRussia.com.xml b/src/chrome/content/rules/RPGRussia.com.xml
new file mode 100644
index 000000000000..63f84bfb6d37
--- /dev/null
+++ b/src/chrome/content/rules/RPGRussia.com.xml
@@ -0,0 +1,15 @@
+<!--
+	Wildcard DNS record, all other subdomains are mismatched
+-->
+<ruleset name="RPGRussia.com">
+	<target host="rpgrussia.com" />
+	<target host="www.rpgrussia.com" />
+	<target host="chat.rpgrussia.com" />
+	<target host="www.chat.rpgrussia.com" />
+	<target host="old.rpgrussia.com" />
+	<target host="www.old.rpgrussia.com" />
+	<target host="xenforo.rpgrussia.com" />
+	<target host="www.xenforo.rpgrussia.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/RPI.edu-mixedcontent.xml b/src/chrome/content/rules/RPI.edu-mixedcontent.xml
new file mode 100644
index 000000000000..3f1cdf0ec5f8
--- /dev/null
+++ b/src/chrome/content/rules/RPI.edu-mixedcontent.xml
@@ -0,0 +1,13 @@
+<!--
+	For other RPI.edu related rulesets:
+		+ RPI.edu.xml
+-->
+<ruleset name="RPI.edu (mixed)" platform="mixedcontent">
+	<target host="rpi.edu" />
+	<target host="www.rpi.edu" />
+	<target host="admissions.rpi.edu" />
+	<target host="events.rpi.edu" />
+	<target host="workorders.union.rpi.edu" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/RPI.edu.xml b/src/chrome/content/rules/RPI.edu.xml
new file mode 100644
index 000000000000..aa108e7d77bb
--- /dev/null
+++ b/src/chrome/content/rules/RPI.edu.xml
@@ -0,0 +1,35 @@
+<!--
+	mixedcontent rulesets:
+		+ RPI.edu-mixedcontent.xml
+
+	Non-functional hosts
+		Timeout was reached:
+			 - concerto.rpi.edu
+			 - rpinfo.rpi.edu
+
+		SSL peer certificate was not OK:
+			 - bookstore.rpi.edu
+			 - documents.studentsenate.rpi.edu
+
+		Peer certificate cannot be authenticated with given CA certificates:
+			 - finance.rpi.edu
+			 - hr.rpi.edu
+			 - srfs.rpi.edu
+
+		Secure connection redirects to plaintext:
+			 - events.rpi.edu
+
+		Mixed content blocking (MCB) triggered:
+			 - rpi.edu
+			 - www.rpi.edu
+			 - admissions.rpi.edu
+			 - workorders.union.rpi.edu
+-->
+<ruleset name="RPI.edu (partial)">
+	<target host="archer.union.rpi.edu" />
+	<target host="clubs.union.rpi.edu" />
+	<target host="home.union.rpi.edu" />
+	<target host="sysadmin.union.rpi.edu" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/RPXCorp.com.xml b/src/chrome/content/rules/RPXCorp.com.xml
new file mode 100644
index 000000000000..f8db44b0e6aa
--- /dev/null
+++ b/src/chrome/content/rules/RPXCorp.com.xml
@@ -0,0 +1,36 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+			 - rpxcorp.com
+
+		Timeout was reached:
+			 - ir.rpxcorp.com
+			 - o1.sendgrid.rpxcorp.com
+
+		SSL peer certificate was not OK:
+			 - info.rpxcorp.com
+			 - sendgrid.rpxcorp.com
+
+		Status code mismatch:
+			 - docs.rpxcorp.com
+
+		4xx client error:
+			 - st-pp.rpxcorp.com
+-->
+<ruleset name="RPXCorp.com (partial)">
+	<target host="rpxcorp.com" />
+	<target host="www.rpxcorp.com" />
+	<target host="files.rpxcorp.com" />
+	<target host="insight.rpxcorp.com" />
+	<target host="litdocs.rpxcorp.com" />
+	<target host="portal.rpxcorp.com" />
+	<target host="rpxsso.rpxcorp.com" />
+	<target host="search.rpxcorp.com" />
+	<target host="sso.rpxcorp.com" />
+
+	<rule from="^http://rpxcorp\.com/"
+			to="https://www.rpxcorp.com/" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/RPXNow.com.xml b/src/chrome/content/rules/RPXNow.com.xml
new file mode 100644
index 000000000000..2dd66d8cee2e
--- /dev/null
+++ b/src/chrome/content/rules/RPXNow.com.xml
@@ -0,0 +1,16 @@
+<!--
+	For other JanRain coverage, see JanRain.xml.
+
+	Mismatched:
+		- static.rpxnow.com
+-->
+<ruleset name="RPXNow.com">
+	<target host="rpxnow.com" />
+	<target host="www.rpxnow.com" />
+	<target host="cdn.rpxnow.com" />
+	<target host="ssl-widget-cdn.rpxnow.com" />
+	<target host="widget-cdn.rpxnow.com" />
+	<target host="widgets-cdn.rpxnow.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/RPackages.io.xml b/src/chrome/content/rules/RPackages.io.xml
new file mode 100644
index 000000000000..81db76e18e0a
--- /dev/null
+++ b/src/chrome/content/rules/RPackages.io.xml
@@ -0,0 +1,10 @@
+<ruleset name="RPackages">
+
+	<target host="rpackages.io" />
+	<target host="www.rpackages.io" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/RPubs.com.xml b/src/chrome/content/rules/RPubs.com.xml
new file mode 100644
index 000000000000..4d053b2896fc
--- /dev/null
+++ b/src/chrome/content/rules/RPubs.com.xml
@@ -0,0 +1,18 @@
+<!--
+	Invalid certificate:
+		www.rpubs.com
+
+-->
+<ruleset name="RPubs">
+
+	<target host="rpubs.com" />
+	<target host="www.rpubs.com" />
+	<target host="api.rpubs.com" />
+
+	<rule from="^http://www\.rpubs\.com/"
+		to="https://rpubs.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/RRTS.com.xml b/src/chrome/content/rules/RRTS.com.xml
new file mode 100644
index 000000000000..26af6c7da70a
--- /dev/null
+++ b/src/chrome/content/rules/RRTS.com.xml
@@ -0,0 +1,42 @@
+<!--
+	^: mismatched
+
+
+	Fully covered subdomains:
+
+		- (www.)	(^ → www)
+		- beta
+		- webservices
+		- webservicesbeta
+
+
+	Observed cookie domains:
+
+		- beta *
+		- www *
+
+	* Secured by us <= not secured by server
+
+-->
+<ruleset name="RRTS.com">
+
+	<target host="rrts.com" />
+	<target host="www.rrts.com" />
+	<target host="beta.rrts.com" />
+	<target host="webservices.rrts.com" />
+	<target host="webservicesbeta.rrts.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(beta|www)\.rrts\.com$" name="^rrts-cookie$" /-->
+
+	<securecookie host="^(?:beta|www)\.rrts\.com$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?rrts\.com/"
+		to="https://www.rrts.com/" />
+
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/RS-linkz.info.xml b/src/chrome/content/rules/RS-linkz.info.xml
deleted file mode 100644
index 66dde44f4d8f..000000000000
--- a/src/chrome/content/rules/RS-linkz.info.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<ruleset name="RS-links.info" default_off="expired, mismatch, self-signed">
-
-	<target host="rs-linkz.info" />
-	<target host="www.rs-linkz.info" />
-
-
-	<securecookie host="^www\.rs-linkz\.info$" name=".*" />
-
-
-	<!--	Some pages redirect to www.	-->
-	<rule from="^http://(?:www\.)?rs-linkz\.info/"
-		to="https://www.rs-linkz.info/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/RSA-Security.xml b/src/chrome/content/rules/RSA-Security.xml
deleted file mode 100644
index 08702ddc7e60..000000000000
--- a/src/chrome/content/rules/RSA-Security.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<ruleset name="RSA Security (partial)">
-
-	<target host="www.securesuite.co.uk" />
-
-
-	<!--	Seems to break payment verification :(
-	
-	<securecookie host="^www\.securesuite\.co\.uk$" name=".+" /-->
-
-
-	<rule from="^http://www\.securesuite\.co\.uk/"
-		to="https://www.securesuite.co.uk/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/RSA.xml b/src/chrome/content/rules/RSA.xml
index 26fdd61be37c..b2c416046b36 100644
--- a/src/chrome/content/rules/RSA.xml
+++ b/src/chrome/content/rules/RSA.xml
@@ -19,7 +19,8 @@
 -->
 <ruleset name="RSA">
   <target host="rsa.com" />
-  <target host="*.rsa.com" />
+  <target host="www.rsa.com" />
+  <target host="blogs.rsa.com" />
 
 
 	<securecookie host="^\.rsa\.com$" name="^__(?:qca|utm\w)$" />
@@ -28,7 +29,6 @@
 
   <rule from="^http://(?:www\.)?rsa\.com/" to="https://www.rsa.com/" />
 
-	<rule from="^http://blogs\.rsa\.com/"
-		to="https://blogs.rsa.com/" />
 
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/RSA_Conference.xml b/src/chrome/content/rules/RSA_Conference.xml
index e29d7f056a71..ef013691c8c5 100644
--- a/src/chrome/content/rules/RSA_Conference.xml
+++ b/src/chrome/content/rules/RSA_Conference.xml
@@ -1,13 +1,35 @@
-<ruleset name="RSA Conference (partial)">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://365.rsaconference.com/ => https://365.rsaconference.com/: (7, 'Failed to connect to 365.rsaconference.com port 443: No route to host')
+Fetch error: http://dev.rsaconference.com/ => https://dev.rsaconference.com/: (6, 'Could not resolve host: dev.rsaconference.com')
+
+	CDN buckets:
+
+		- rsa.edgeboss.net
+
+			- a127.g.akamai.net
+
+-->
+<ruleset name="RSA Conference (partial)" default_off="failed ruleset test">
 
 	<target host="rsaconference.com" />
-	<target host="*.rsaconference.com" />
+	<target host="365.rsaconference.com" />
+	<target host="beta.rsaconference.com" />
+	<target host="dev.rsaconference.com" />
+	<target host="uat.rsaconference.com" />
+	<target host="www.rsaconference.com" />
+
+		<!--
+			Redirect to http:
+						-->
+		<exclusion pattern="^http://www\.rsaconference\.com/+(?:podcasts|videos)(?:$|[?/])" />
 
 
 	<securecookie host="^(?:365|beta)\.rsaconference\.com$" name=".+" />
 
 
-	<rule from="^http://((?:365|beta|dev|uat|www)\.)?rsaconference\.com/"
-		to="https://$1rsaconference.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/RSBAC-mismatches.xml b/src/chrome/content/rules/RSBAC-mismatches.xml
index 9f852a5b4647..2a0cdfbca56d 100644
--- a/src/chrome/content/rules/RSBAC-mismatches.xml
+++ b/src/chrome/content/rules/RSBAC-mismatches.xml
@@ -1,18 +1,19 @@
 <!--
-	See RSBAC.xml for rules that are on by default.
+	For rules that are on by default, see RSBAC.xml.
 
 -->
-<ruleset name="RSBAC (mismatches)" default_off="mismatch">
+<ruleset name="RSBAC.org (mismatches)" default_off="mismatched">
 
-	<!--	Cert: www.rsbac.org	-->
+	<!--	Direct rewrites:
+				-->
 	<target host="bugtracker.rsbac.org" />
 	<target host="enhanced.rsbac.org" />
 
 
-	<securecookie host="^bugtracker.rsbac.org$" name=".*" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(bugtracker|enhanced)\.rsbac\.org/"
-		to="https://$1.rsbac.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/RSBAC.xml b/src/chrome/content/rules/RSBAC.xml
index 7505c0f23a88..a77a2fe49969 100644
--- a/src/chrome/content/rules/RSBAC.xml
+++ b/src/chrome/content/rules/RSBAC.xml
@@ -1,22 +1,26 @@
 <!--
-	Nonfunctional subdomains:
+	For problematic rules, see RSBAC-mismatches.xml.
 
-		- git	(cert: www.rsbac.org; 401)
 
+	Problematic hosts in *rsbac.org:
 
-	See RSBAC-mismatches.xml for problematic rules.
+		- bugtracker *
+		- enhanced *
+		- git *
+
+	* Mismatched
 
 -->
-<ruleset name="RSBAC (partial)">
+<ruleset name="RSBAC.org (partial)">
 
 	<target host="rsbac.org" />
 	<target host="www.rsbac.org" />
 
 
-	<securecookie host="^www\.rsbac\.org$" name=".*" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(www\.)?rsbac\.org/"
-		to="https://$1rsbac.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/RSC.org.uk.xml b/src/chrome/content/rules/RSC.org.uk.xml
new file mode 100644
index 000000000000..1478df58b0f0
--- /dev/null
+++ b/src/chrome/content/rules/RSC.org.uk.xml
@@ -0,0 +1,74 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://mail.rsc.org.uk/ (200) => https://mail.rsc.org.uk/ (404)
+
+	Problematic hosts in *rsc.org.uk:
+
+		- autodiscover ʳ
+
+	ʳ Refused
+
+
+	These altnames don't exist:
+
+		- rsc.org.uk
+		- autodi.rsc.org.uk
+		- owa.rsc.org.uk
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.rsc.org.uk
+
+-->
+<ruleset name="RSC.org.uk" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="cdn2.rsc.org.uk" />
+	<target host="mail.rsc.org.uk" />
+	<target host="www.rsc.org.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="autodiscover.rsc.org.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.rsc\.org\.uk$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^\." name="^_gat?$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<!--	Redirect drops forward slash:
+						-->
+	<rule from="^http://autodiscover\.rsc\.org\.uk/+$"
+		to="https://outlook.office365.com/owa/?realm=rsc.org.uk&amp;vd=autodiscover" />
+
+		<test url="http://autodiscover.rsc.org.uk//" />
+
+	<!--	Redirect prepends path:
+					-->
+	<rule from="^http://autodiscover\.rsc\.org\.uk/+([^?]+)$"
+		to="https://outlook.office365.com/$1?realm=rsc.org.uk&amp;vd=autodiscover" />
+
+		<test url="http://autodiscover.rsc.org.uk/index.php" />
+		<test url="http://autodiscover.rsc.org.uk/index.asp" />
+		<test url="http://autodiscover.rsc.org.uk/index.aspx" />
+
+	<!--	Redirect prepends path and args:
+						-->
+	<rule from="^http://autodiscover\.rsc\.org\.uk/+(.+)"
+		to="https://outlook.office365.com/$1&amp;realm=rsc.org.uk&amp;vd=autodiscover" />
+
+		<test url="http://autodiscover.rsc.org.uk/index.php?fill" />
+		<test url="http://autodiscover.rsc.org.uk/index.asp?test" />
+		<test url="http://autodiscover.rsc.org.uk/index.aspx?quota" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/RSI.ch.xml b/src/chrome/content/rules/RSI.ch.xml
new file mode 100644
index 000000000000..062bf6c343ae
--- /dev/null
+++ b/src/chrome/content/rules/RSI.ch.xml
@@ -0,0 +1,22 @@
+<!--
+	For other SRG SSR coverage, see SRGSSR.ch.xml.
+
+	Tmp down:
+		- mmuseo.rsi.ch
+
+	Wrong content:
+		- portalemedia.rsi.ch
+-->
+<ruleset name="RSI.ch">
+	<target host="rsi.ch"/>
+	<target host="www.rsi.ch"/>
+	<target host="cdn.rsi.ch"/>
+	<target host="giochi.rsi.ch"/>
+	<target host="live.rsi.ch"/>
+	<target host="mediaww.rsi.ch"/>
+	<target host="shop.rsi.ch"/>
+	<target host="webseries.rsi.ch"/>
+
+	<rule from="^http:"
+		to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/RSM_secure.com.xml b/src/chrome/content/rules/RSM_secure.com.xml
new file mode 100644
index 000000000000..cda914522b13
--- /dev/null
+++ b/src/chrome/content/rules/RSM_secure.com.xml
@@ -0,0 +1,16 @@
+<!--
+	Payment service.
+
+
+	(www.) doesn't exist.
+
+-->
+<ruleset name="RSM secure.com">
+
+	<target host="*.rsmsecure.com" />
+
+
+	<rule from="^http://rsm(\d)\.rsmsecure\.com/"
+		to="https://rsm$1.rsmsecure.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/RSOLConference.org.xml b/src/chrome/content/rules/RSOLConference.org.xml
new file mode 100644
index 000000000000..d662d0bf9d3a
--- /dev/null
+++ b/src/chrome/content/rules/RSOLConference.org.xml
@@ -0,0 +1,10 @@
+<!--
+	See also NARSOL.org.xml, NationalRSOL.org.xml
+-->
+<ruleset name="RSOLConference.org">
+	<target host="rsolconference.org" />
+	<target host="www.rsolconference.org" />
+	<target host="mail.rsolconference.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/RSPB.xml b/src/chrome/content/rules/RSPB.xml
index a9beb7dc60ac..c0ece1805e54 100644
--- a/src/chrome/content/rules/RSPB.xml
+++ b/src/chrome/content/rules/RSPB.xml
@@ -1,14 +1,16 @@
+<!--
+	Shopping cart functionality is broken on shopping.rspb.org.uk because it makes XHR which are hard-coded to http://
+-->
+
 <ruleset name="RSPB">
 
 	<target host="rspb.org.uk" />
-	<target host="*.rspb.org.uk" />
-	<target host="*.shopping.rspb.org.uk" />
+	<target host="www.rspb.org.uk" />
 
 
 	<securecookie host="^\.shopping\.rspb\.org\.uk$" name=".+" />
 
 
-	<rule from="^http://(shopping\.|www\.)?rspb\.org\.uk/"
-		to="https://$1rspb.org.uk/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/RSPCA.xml b/src/chrome/content/rules/RSPCA.xml
index 4c7bcc709e35..86980ac8fbe6 100644
--- a/src/chrome/content/rules/RSPCA.xml
+++ b/src/chrome/content/rules/RSPCA.xml
@@ -21,14 +21,6 @@
 		- (www.)rspca.org.uk	(home pages redirects to http)
 
 
-	Fully covered domains:
-
-		- donations.rspca.org.uk *
-		- content.www.rspca.org.uk	(→ www)
-
-	* Server is configured for rc4 only
-
-
 	Mixed content:
 
 		- Images, on www from:
@@ -48,11 +40,9 @@
 <ruleset name="RSPCA (partial)">
 
 	<target host="rspca.org.uk" />
-	<target host="*.rspca.org.uk" />
-		<!--
-			Homepage redirects to http
-							-->
-		<exclusion pattern="^http://www\.rspca\.org\.uk/+(?:home)?(?:\?.*)?$" />
+	<target host="www.rspca.org.uk" />
+	<target host="content.www.rspca.org.uk" />
+	<target host="donations.rspca.org.uk" />
 
 
 	<securecookie host="^donations\.rspca\.org\.uk$" name=".+" />
@@ -62,10 +52,17 @@
 	<securecookie host="^www\.rspca\.org\.uk$" name="^CMS_PRD_SESSIONID$" />
 
 
-	<rule from="^http://(?:(?:content\.)?www\.)?rspca\.org\.uk/"
+	<test url="http://www.rspca.org.uk/home" />
+	<test url="http://www.rspca.org.uk/home?foo" />
+
+
+	<rule from="^http://www\.rspca\.org\.uk/home"
+		to="https://www.rspca.org.uk/home/" />
+
+	<rule from="^http://content\.www\.rspca\.org\.uk/"
 		to="https://www.rspca.org.uk/" />
 
-	<rule from="^http://donations\.rspca\.org\.uk/"
-		to="https://donations.rspca.org.uk/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/RSPCA_shop.co.uk.xml b/src/chrome/content/rules/RSPCA_shop.co.uk.xml
index d66d0e558ac2..0b273630731f 100644
--- a/src/chrome/content/rules/RSPCA_shop.co.uk.xml
+++ b/src/chrome/content/rules/RSPCA_shop.co.uk.xml
@@ -1,17 +1,27 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://rspcashop.co.uk/ => https://rspcashop.co.uk/: (35, 'error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol')
+Fetch error: http://www.rspcashop.co.uk/ => https://www.rspcashop.co.uk/: (35, 'error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol')
+
+-->
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://rspcashop.co.uk/ => https://rspcashop.co.uk/: (7, 'Failed to connect to rspcashop.co.uk port 443: Connection refused')
+
 	For other RSPCA coverage, see RSPCA.xml.
 
 -->
-<ruleset name="RSPCA shop.co.uk">
+<ruleset name="RSPCA shop.co.uk" default_off="failed ruleset test">
 
 	<target host="rspcashop.co.uk" />
-	<target host="*.rspcashop.co.uk" />
+	<target host="www.rspcashop.co.uk" />
 
 
-	<securecookie host="^(?:.*\.)?rspcashop\.co\.uk$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(www\.)?rspcashop\.co\.uk/"
-		to="https://$1rspcashop.co.uk/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/RSSinclude.xml b/src/chrome/content/rules/RSSinclude.xml
index 15acb82ade81..afdb785d118b 100644
--- a/src/chrome/content/rules/RSSinclude.xml
+++ b/src/chrome/content/rules/RSSinclude.xml
@@ -1,10 +1,10 @@
 <ruleset name="RSSinclude">
 
 	<target host="rssinclude.com" />
-	<target host="*.rssinclude.com" />
+	<target host="output1s.rssinclude.com" />
+	<target host="www.rssinclude.com" />
 
 
-	<rule from="^http://(output1s\.|www\.)?rssinclude\.com/"
-		to="https://$1rssinclude.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/RSSing.com.xml b/src/chrome/content/rules/RSSing.com.xml
index b7c964ba3f4b..45766bb8326b 100644
--- a/src/chrome/content/rules/RSSing.com.xml
+++ b/src/chrome/content/rules/RSSing.com.xml
@@ -11,13 +11,13 @@
 <ruleset name="RSSing.com" default_off="expired, self-signed">
 
 	<target host="rssing.com" />
-	<target host="*.rssing.com" />
+	<target host="www.rssing.com" />
 
 
 	<securecookie host="^\.rssing\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?rssing\.com/"
+	<rule from="^http://(?:www\.)?rssing\.com/"
 		to="https://www.rssing.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/RST_forums.com.xml b/src/chrome/content/rules/RST_forums.com.xml
new file mode 100644
index 000000000000..47da661bddf8
--- /dev/null
+++ b/src/chrome/content/rules/RST_forums.com.xml
@@ -0,0 +1,29 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.rstforums.com/ => https://www.rstforums.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.rstforums.com'")
+
+	Insecure cookies are set for these domains:
+
+		- .rstforums.com
+
+-->
+<ruleset name="RST forums.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="rstforums.com" />
+	<target host="www.rstforums.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.rstforums\.com$" name="^bbsession_hash$" /-->
+
+	<securecookie host="^\.rstforums\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/RSVP.xml b/src/chrome/content/rules/RSVP.xml
index 1eb5ab869bca..21369c9282ee 100644
--- a/src/chrome/content/rules/RSVP.xml
+++ b/src/chrome/content/rules/RSVP.xml
@@ -9,11 +9,13 @@
 <ruleset name="RSVP" platform="mixedcontent">
 
 	<target host="rsvp.com.au"/>
-	<target host="*.rsvp.com.au"/>
+	<target host="images.rsvp.com.au" />
+	<target host="resources.rsvp.com.au" />
+	<target host="www.rsvp.com.au" />
 
 	<!--	images & resources: Akamai
 		Cert doesn't match !www		-->
-	<rule from="^https?://(?:images\.|resources\.)?rsvp\.com\.au/"
+	<rule from="^http://(?:images\.|resources\.)?rsvp\.com\.au/"
 		to="https://www.rsvp.com.au/"/>
 
 	<rule from="^http://www\.rsvp\.com\.au/((?:cms-|member)media/|css/|favicon\.ico|images/|login\.action|registration/)"
diff --git a/src/chrome/content/rules/RStudio.com.xml b/src/chrome/content/rules/RStudio.com.xml
index a63af2275088..e32e843a1e94 100644
--- a/src/chrome/content/rules/RStudio.com.xml
+++ b/src/chrome/content/rules/RStudio.com.xml
@@ -1,15 +1,30 @@
 <!--
-	^: refused
-	blog: wordpress
+	Timeout:
+		colorado.rstudio.com
+		docs.rstudio.com
+		www.spark.rstudio.com
 
 -->
-<ruleset name="RStudio.com (partial)">
+<ruleset name="RStudio.com">
 
 	<target host="rstudio.com" />
 	<target host="www.rstudio.com" />
+	<target host="blog.rstudio.org" />
+	<target host="cran.rstudio.com" />
+	<target host="dailies.rstudio.com" />
+	<target host="ggvis.rstudio.com" />
+	<target host="rmarkdown.rstudio.com" />
+	<target host="shiny.rstudio.com" />
+	<target host="spark.rstudio.com" />
+	<target host="www.spark.rstudio.com" />
+	<target host="support.rstudio.com" />
 
+	<target host="rstd.io" />
 
-	<rule from="^http://(?:www\.)?rstudio\.com/"
-		to="https://www.rstudio.com/" />
+	<rule from="^http://www\.spark\.rstudio\.com/"
+		to="https://spark.rstudio.com/" />
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/RT.com.xml b/src/chrome/content/rules/RT.com.xml
index cdd20c2d7e6a..0762e7ce3a82 100644
--- a/src/chrome/content/rules/RT.com.xml
+++ b/src/chrome/content/rules/RT.com.xml
@@ -1,34 +1,41 @@
 <!--
-	Nonfunctional subdomains:
-
-		- arabic
-		- freevideo
-		- inotv
-		- learnrussian
-		- mariinsky	(times out)
-		- on
-		- partners
-		- rtd
-		- russiapedia
-		- victory1945
+	Non-functional hosts
+		Timeout was reached:
+		- freevideo.rt.com
 
+		Server returned nothing (no headers, no data):
+		- catalog.rt.com
+		- learnrussian.rt.com
 -->
-<ruleset name="RT.com">
-
+<ruleset name="RT.com (partial)">
 	<target host="rt.com" />
-	<target host="*.rt.com" />
-		<!--exclusion pattern="^http://(arabic|freevideo|inotv|learnrussian|mariinsky|on|partners|rtd|russiapedia|victory1945)\.rt\.com/" /-->
-
-
-	<securecookie host="^.*\.rt\.com$" name=".*" />
-
-	<!-- 
-    https://trac.torproject.org/projects/tor/ticket/8630
-  <rule from="^https?://(?:www\.)?rt\.com/"
-		to="https://rt.com/" /> 
-    -->
-
-	<rule from="^http://(actualidad|assange|meetfriends)\.rt\.com/"
-		to="https://$1.rt.com/" />
-
+	<target host="actualidad.rt.com" />
+	<target host="arabic.rt.com" />
+	<target host="arb.rt.com" />
+	<target host="assange.rt.com" />
+	<target host="cdn.rt.com" />
+	<target host="cdni.rt.com" />
+	<target host="clubdoc.rt.com" />
+	<target host="de.rt.com" />
+	<target host="deutsch.rt.com" />
+	<target host="doc.rt.com" />
+	<target host="esp.rt.com" />
+	<test url="http://esp.rt.com/actualidad/public_images/2016.11/article/582a64d1c36188391c8b4649.jpg" />
+	<target host="fr.rt.com" />
+	<target host="francais.rt.com" />
+	<target host="img.rt.com" />
+	<target host="inotv.rt.com" />
+	<target host="on.rt.com" />
+	<target host="partners.rt.com" />
+	<target host="rtd.rt.com" />
+	<target host="rtdru.rt.com" />
+	<target host="russian.rt.com" />
+	<target host="russiapedia.rt.com" />
+	<target host="warwitness.rt.com" />
+	<target host="www.rt.com" />
+	<target host="zakupki.rt.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/RT.ru.xml b/src/chrome/content/rules/RT.ru.xml
index de7f99f866a3..0ebcf50da9fe 100644
--- a/src/chrome/content/rules/RT.ru.xml
+++ b/src/chrome/content/rules/RT.ru.xml
@@ -1,7 +1,89 @@
 <ruleset name="RT.ru">
 	<target host="rt.ru" />
 	<target host="www.rt.ru" />
-	<rule from="^http://rt\.ru/" to="https://rt.ru/"/>
-	<rule from="^http://www\.rt\.ru/" to="https://www.rt.ru/"/>
-</ruleset>
+	<target host="altai.rt.ru" />
+	<target host="amur.rt.ru" />
+	<target host="archangelsk.rt.ru" />
+	<target host="astrakhan.rt.ru" />
+	<target host="belgorod.rt.ru" />
+	<target host="bryansk.rt.ru" />
+	<target host="buryatiya.rt.ru" />
+	<target host="chelyabinsk.rt.ru" />
+	<target host="cherkessk.rt.ru" />
+	<target host="chita.rt.ru" />
+	<target host="chukotka.rt.ru" />
+	<target host="chuvashiya.rt.ru" />
+	<target host="eao.rt.ru" />
+	<target host="ekt.rt.ru" />
+	<target host="elista.rt.ru" />
+	<target host="hakasiya.rt.ru" />
+	<target host="hanty.rt.ru" />
+	<target host="ingushetia.rt.ru" />
+	<target host="irkutsk.rt.ru" />
+	<target host="ivanovo.rt.ru" />
+	<target host="kaliningrad.rt.ru" />
+	<target host="kaluga.rt.ru" />
+	<target host="kamchatka.rt.ru" />
+	<target host="karelia.rt.ru" />
+	<target host="kazan.rt.ru" />
+	<target host="kemerovo.rt.ru" />
+	<target host="khabarovsk.rt.ru" />
+	<target host="kirov.rt.ru" />
+	<target host="komi.rt.ru" />
+	<target host="kostroma.rt.ru" />
+	<target host="krasnodar.rt.ru" />
+	<target host="krasnoyarsk.rt.ru" />
+	<target host="kurgan.rt.ru" />
+	<target host="kursk.rt.ru" />
+	<target host="lenoblast.rt.ru" />
+	<target host="lipetsk.rt.ru" />
+	<target host="magadan.rt.ru" />
+	<target host="mahachkala.rt.ru" />
+	<target host="maryel.rt.ru" />
+	<target host="maykop.rt.ru" />
+	<target host="mordoviya.rt.ru" />
+	<target host="moscow.rt.ru" />
+	<target host="mosoblast.rt.ru" />
+	<target host="murmansk.rt.ru" />
+	<target host="nalchik.rt.ru" />
+	<target host="nnovgorod.rt.ru" />
+	<target host="novgorod.rt.ru" />
+	<target host="novosibirsk.rt.ru" />
+	<target host="omsk.rt.ru" />
+	<target host="orel.rt.ru" />
+	<target host="orenburg.rt.ru" />
+	<target host="penza.rt.ru" />
+	<target host="perm.rt.ru" />
+	<target host="primorye.rt.ru" />
+	<target host="pskov.rt.ru" />
+	<target host="raltay.rt.ru" />
+	<target host="rostov.rt.ru" />
+	<target host="russian.rt.ru" />
+	<target host="ryazan.rt.ru" />
+	<target host="sakha.rt.ru" />
+	<target host="sakhalin.rt.ru" />
+	<target host="samara.rt.ru" />
+	<target host="saratov.rt.ru" />
+	<target host="smolensk.rt.ru" />
+	<target host="spb.rt.ru" />
+	<target host="stavropol.rt.ru" />
+	<target host="tambov.rt.ru" />
+	<target host="tomsk.rt.ru" />
+	<target host="tula.rt.ru" />
+	<target host="tumen.rt.ru" />
+	<target host="tuva.rt.ru" />
+	<target host="tver.rt.ru" />
+	<target host="udmurtiya.rt.ru" />
+	<target host="ufa.rt.ru" />
+	<target host="ulyanovsk.rt.ru" />
+	<target host="vladikavkaz.rt.ru" />
+	<target host="vladimir.rt.ru" />
+	<target host="volgograd.rt.ru" />
+	<target host="vologda.rt.ru" />
+	<target host="voronezh.rt.ru" />
+	<target host="yamal.rt.ru" />
+	<target host="yaroslavl.rt.ru" />
 
+	<rule from="^http:"
+		to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/RTCQuickStart.org.xml b/src/chrome/content/rules/RTCQuickStart.org.xml
new file mode 100644
index 000000000000..86fe6f57fed7
--- /dev/null
+++ b/src/chrome/content/rules/RTCQuickStart.org.xml
@@ -0,0 +1,14 @@
+<!--
++	https://www.rtcquickstart.org has certificate mismatch, but
++	http://www.rtcquickstart.org redirects to http://rtcquickstart.org
++	https://rtcquickstart.org has correct certificate
+-->
+<ruleset name="RTCQuickStart.org">
+	<target host="rtcquickstart.org" />
+	<target host="www.rtcquickstart.org" />
+
+	<rule from="^http://www\.rtcquickstart\.org/"
+		to="https://rtcquickstart.org/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/RTE.xml b/src/chrome/content/rules/RTE.xml
index a62b82b07f5f..e56a6c373df7 100644
--- a/src/chrome/content/rules/RTE.xml
+++ b/src/chrome/content/rules/RTE.xml
@@ -1,32 +1,35 @@
 <!--
-	Nonfunctional domains:
+	Nonfunctional hosts in *rte.ie:
 
-		- (www.)saorview.ie
+		- rtejr *
 
--->
-<ruleset name="RTÉ">
+	* WP Engine
 
-	<target host="*.rasset.ie" />
-	<target host="rte.ie" />
-	<target host="www.rte.ie" />
-	<target host="rtenl.ie" />
-	<target host="www.rtenl.ie" />
 
+	Mixed content:
+
+		- css on m from fonts.googleapis.com *
+
+		- Images, on:
 
-	<securecookie host="^(www\.)?rtenl\.ie$" name=".*" />
+			- m, www from img.rasset.ie *
+			- www from static.rasset.ie *
 
+		- Bugs on m, www.rte.ie from b.scorecardresearch.com *
 
-	<rule from="^http://(img|static)\.rasset\.ie/"
-		to="https://$1.rasset.ie/" />
+	* Secured by us
+
+-->
+<ruleset name="RTE.ie (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="rte.ie" />
+	<target host="m.rte.ie" />
+	<target host="www.rte.ie" />
 
-	<!--	- !www cert: *.rasset.ie
-		- !www 405s over https
-		- !www redirects to www over http
-			-->
-	<rule from="^https?://(?:www\.)?rte\.ie/"
-		to="https://www.rte.ie/" />
 
-	<rule from="^http://(www\.)?rtenl\.ie/"
-		to="https://$1rtenl.ie/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/RTEK_2000.com.xml b/src/chrome/content/rules/RTEK_2000.com.xml
new file mode 100644
index 000000000000..10f14defdaba
--- /dev/null
+++ b/src/chrome/content/rules/RTEK_2000.com.xml
@@ -0,0 +1,35 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .rtek2000.com
+
+
+	Mixed content:
+
+		- favicon on (www.)? from www.rtek2000.com *
+		- Bugs on (www.)? from www.facebook.com *
+
+	* Secured by us
+
+-->
+<ruleset name="RTEK 2000.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="rtek2000.com" />
+	<target host="www.rtek2000.com" />
+
+		<test url="http://rtek2000.com/bb/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.rtek2000\.com$" name="^phpbb3_\w+_(?:k|sid|u)$" /-->
+
+	<securecookie host="^\.rtek2000\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/RTEMS.xml b/src/chrome/content/rules/RTEMS.xml
deleted file mode 100644
index ddd99220c2f2..000000000000
--- a/src/chrome/content/rules/RTEMS.xml
+++ /dev/null
@@ -1,38 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- git	(shows CentOS test page)
-
-
-	Problematic subdomains:
-
-		- ^ *
-		- support	(expired 2012-05-24)
-		- wiki *
-		- www		(self-signed)
-
-	* Cert only matches www
-
--->
-<ruleset name="RTEMS (partial)" default_off="expired, self-signed">
-
-	<target host="rtems.org" />
-	<target host="*.rtems.org" />
-
-
-	<securecookie host="^(?:\.support|www)\.rtems\.org$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?rtems\.org/"
-		to="https://www.rtems.org/" />
-
-	<rule from="^http://support\.rtems\.org/"
-		to="https://support.rtems.org/" />
-
-	<rule from="^http://wiki\.rtems\.org/(?:\?.*)?$"
-		to="https://www.rtems.org/wiki/index.php/Main_Page" />
-
-	<rule from="^http://wiki\.rtems\.org/wiki/"
-		to="https://www.rtems.org/wiki/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/RTHK.hk.xml b/src/chrome/content/rules/RTHK.hk.xml
new file mode 100644
index 000000000000..2da74c285fc4
--- /dev/null
+++ b/src/chrome/content/rules/RTHK.hk.xml
@@ -0,0 +1,56 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+		- stm.rthk.hk
+		- stm1.rthk.hk
+		- stm2.rthk.hk
+		- teenpower.rthk.hk
+		- www.teenpower.rthk.hk
+		- m.teenpower.rthk.hk
+		- teenpower1.rthk.hk
+
+		Timeout was reached:
+		- newsuat.rthk.hk
+		- rthkcms3.rthk.hk
+		- rthkwcms1.rthk.hk
+
+		SSL connect error:
+		- archive.rthk.hk
+		- rthk9.rthk.hk
+
+		Incomplete certificate chain error:
+		- cibs.rthk.hk
+		- t.rthk.hk
+-->
+<ruleset name="RTHK.hk">
+	<target host="rthk.hk" />
+	<target host="www.rthk.hk" />
+	<target host="apiw01.rthk.hk" />
+	<target host="app1.rthk.hk" />
+	<target host="app3.rthk.hk" />
+	<target host="app4.rthk.hk" />
+	<target host="app7.rthk.hk" />
+	<target host="dab33.rthk.hk" />
+	<target host="dab35.rthk.hk" />
+	<target host="gbcode.rthk.hk" />
+		<test url="http://gbcode.rthk.hk/TuniS/news.rthk.hk/rthk/ch/latest-news.htm" />
+	<target host="m.rthk.hk" />
+	<target host="news.rthk.hk" />
+	<target host="newsprd.rthk.hk" />
+	<target host="newsstatic.rthk.hk" />
+	<target host="podcast.rthk.hk" />
+		<test url="http://podcast.rthk.hk/podcast/" />
+	<target host="podcasts.rthk.hk" />
+	<target host="programme.rthk.hk" />
+		<test url="http://programme.rthk.hk/assets/timetable/channel/tv/rthk_dtt32_timetable.pdf" />
+		<test url="http://programme.rthk.hk/channel/broadcaster/index.php?c=radio5" />
+		<test url="http://programme.rthk.hk/channel/radio/trafficnews/index.php" />
+	<target host="radio2.rthk.hk" />
+	<target host="radio5.rthk.hk" />
+	<target host="stmw.rthk.hk" />
+	<target host="stmw1.rthk.hk" />
+	<target host="stmw2.rthk.hk" />
+	<target host="webplus.rthk.hk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/RTHK.org.hk.xml b/src/chrome/content/rules/RTHK.org.hk.xml
new file mode 100644
index 000000000000..ddbbc30f6c53
--- /dev/null
+++ b/src/chrome/content/rules/RTHK.org.hk.xml
@@ -0,0 +1,28 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+		- teenpower.rthk.org.hk
+		- www.teenpower.rthk.org.hk
+
+		SSL peer certificate was not OK:
+		- rthk.org.hk
+		- www.rthk.org.hk
+		- app1.rthk.org.hk
+		- app3.rthk.org.hk
+		- gbcode.rthk.org.hk
+		- hkfilex.rthk.org.hk
+		- www.hkfilex.rthk.org.hk
+		- news.rthk.org.hk
+		- podcast.rthk.org.hk
+		- programme.rthk.org.hk
+
+		Incomplete certificate chain error:
+		- pop.rthk.org.hk
+-->
+<ruleset name="RTHK.org.hk">
+	<target host="rthk.org.hk" />
+	<target host="www.rthk.org.hk" />
+	
+	<rule from="^http://(www\.)?rthk\.org\.hk/"
+		to="https://$1rthk.hk/" />
+</ruleset>
diff --git a/src/chrome/content/rules/RTK.xml b/src/chrome/content/rules/RTK.xml
index a50b37ea8e70..b49556a9a4f5 100644
--- a/src/chrome/content/rules/RTK.xml
+++ b/src/chrome/content/rules/RTK.xml
@@ -16,7 +16,7 @@
 	<rule from="^http://(?:www\.)?rtklive\.com/(\?.*)?$"
 		to="https://rtklive.com/new/index.php$1" />
 
-	<rule from="^https?://(?:www\.)?rtklive\.com/"
+	<rule from="^http://(?:www\.)?rtklive\.com/"
 		to="https://rtklive.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/RTP.vc.xml b/src/chrome/content/rules/RTP.vc.xml
new file mode 100644
index 000000000000..fe131b0b06ee
--- /dev/null
+++ b/src/chrome/content/rules/RTP.vc.xml
@@ -0,0 +1,18 @@
+<!--
+
+	^: 50x
+
+-->
+<ruleset name="RTP.vc">
+
+	<target host="rtp.vc" />
+	<target host="www.rtp.vc" />
+
+
+	<securecookie host="^\.rtp\.vc$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?rtp\.vc/"
+		to="https://www.rtp.vc/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/RTR.ch.xml b/src/chrome/content/rules/RTR.ch.xml
new file mode 100644
index 000000000000..33d42cb55fd1
--- /dev/null
+++ b/src/chrome/content/rules/RTR.ch.xml
@@ -0,0 +1,17 @@
+<!--
+	For other SRG SSR coverage, see SRGSSR.ch.xml.
+
+	Timeout:
+		- media.rtr.ch
+		- songinfo.rtr.ch
+-->
+<ruleset name="RTR.ch">
+	<target host="rtr.ch"/>
+	<target host="www.rtr.ch"/>
+	<target host="form.gratulaziuns.rtr.ch"/>
+	<target host="m.rtr.ch"/>
+	<target host="play.rtr.ch"/>
+
+	<rule from="^http:"
+		to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/RTS-Planeta.xml b/src/chrome/content/rules/RTS-Planeta.xml
new file mode 100644
index 000000000000..126a2415338f
--- /dev/null
+++ b/src/chrome/content/rules/RTS-Planeta.xml
@@ -0,0 +1,9 @@
+<ruleset name="RTS Planeta">
+
+	<target host="rtsplaneta.rs" />
+	<target host="www.rtsplaneta.rs" />
+	<target host="static.rtsplaneta.rs" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/RTS.ch.xml b/src/chrome/content/rules/RTS.ch.xml
new file mode 100644
index 000000000000..04fcc561572e
--- /dev/null
+++ b/src/chrome/content/rules/RTS.ch.xml
@@ -0,0 +1,39 @@
+<!--
+	For other SRG SSR coverage, see SRGSSR.ch.xml.
+
+	Mismatch:
+		- agendac3.rts.ch
+		- blog.rts.ch
+
+	Mixed content:
+		- interactif.rts.ch (https://interactif.rts.ch/conso/)
+
+	No working URL found:
+		- blogs.rts.ch
+-->
+<ruleset name="RTS.ch">
+	<target host="rts.ch"/>
+	<target host="www.rts.ch"/>
+	<target host="boutique.rts.ch"/>
+	<target host="datak.rts.ch"/>
+		<test url="http://datak.rts.ch/ecoles/" />
+	<target host="details.rts.ch"/>
+	<target host="info.rts.ch"/>
+	<target host="kids.rts.ch"/>
+	<target host="m.rts.ch"/>
+	<target host="ma.rts.ch"/>
+	<target host="pages.rts.ch"/>
+	<target host="programmes.rts.ch"/>
+	<target host="programmesradio.rts.ch"/>
+	<target host="sso.rts.ch"/>
+	<target host="vap.rts.ch"/>
+
+	<target host="rtsr.ch"/>
+	<target host="www.rtsr.ch"/>
+
+	<target host="rtsentreprise.ch"/>
+	<target host="www.rtsentreprise.ch"/>
+
+	<rule from="^http:"
+		to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/RTVS.sk.xml b/src/chrome/content/rules/RTVS.sk.xml
new file mode 100644
index 000000000000..da3853730a9a
--- /dev/null
+++ b/src/chrome/content/rules/RTVS.sk.xml
@@ -0,0 +1,67 @@
+<!--
+	Nonfunctional hosts in *.rtvs.sk:
+
+	certificate mismatch:
+		- mobile.rtvs.sk
+		- cloud.rtvs.sk
+	connection refused:
+		- externalmail.rtvs.sk
+		- go.rtvs.sk
+		- autodiscover.intra.rtvs.sk
+		- baexhc01.intra.rtvs.sk
+		- baexhc02.intra.rtvs.sk
+		- casmytna.intra.rtvs.sk
+		- mail.rtvs.sk
+		- cdn.srv.rtvs.sk
+		- www.uhrady2.rtvs.sk
+	timeout on https:
+		- vaclavmika.rtvs.sk
+		- www.vaclavmika.rtvs.sk
+	mixed content:
+		- hokej.rtvs.sk
+		- sales.rtvs.sk
+		- skpres2016.rtvs.sk
+		- tdf.rtvs.sk
+-->
+<ruleset name="RTVS.sk">
+	<target host="rtvs.sk" />
+	<target host="www.rtvs.sk" />
+	<target host="akonaladit.rtvs.sk" />
+	<target host="api.rtvs.sk" />
+	<target host="aplikacie.rtvs.sk" />
+	<target host="cojaviem.rtvs.sk" />
+	<target host="cyrilametod.rtvs.sk" />
+	<target host="dersi.rtvs.sk" />
+	<target host="devin.rtvs.sk" />
+	<target host="enrsi.rtvs.sk" />
+	<target host="esrsi.rtvs.sk" />
+	<target host="fm.rtvs.sk" />
+	<target host="futbal.rtvs.sk" />
+	<target host="www.futbal.rtvs.sk" />
+	<target host="junior.rtvs.sk" />
+	<target host="klasika.rtvs.sk" />
+	<target host="litera.rtvs.sk" />
+	<target host="patria.rtvs.sk" />
+	<target host="pyramida.rtvs.sk" />
+	<target host="regina.rtvs.sk" />
+	<target host="reginastred.rtvs.sk" />
+	<target host="reginavychod.rtvs.sk" />
+	<target host="reginazapad.rtvs.sk" />
+	<target host="rsi.rtvs.sk" />
+	<target host="rursi.rtvs.sk" />
+	<target host="skrsi.rtvs.sk" />
+	<target host="slovensko.rtvs.sk" />
+	<target host="sosr.rtvs.sk" />
+	<target host="tajomstvo.rtvs.sk" />
+	<target host="trpaslici.rtvs.sk" />
+	<target host="uhd.rtvs.sk" />
+	<target host="uhrady.rtvs.sk" />
+	<target host="www.uhrady.rtvs.sk" />
+	<target host="vyzva.rtvs.sk" />
+	<target host="zelenavlna.rtvs.sk" />
+
+	<rule from="^http://www\.futbal\.rtvs\.sk/"
+		to="https://futbal.rtvs.sk/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/RT_Tire.xml b/src/chrome/content/rules/RT_Tire.xml
index 4fb136bea84a..4a21c6607bdd 100644
--- a/src/chrome/content/rules/RT_Tire.xml
+++ b/src/chrome/content/rules/RT_Tire.xml
@@ -1,10 +1,16 @@
-<ruleset name="RT Tire">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://rttire.com/ => https://rttire.com/: (51, "SSL: no alternative certificate subject name matches target host name 'rttire.com'")
+Fetch error: http://www.rttire.com/ => https://www.rttire.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.rttire.com'")
+
+-->
+<ruleset name="RT Tire" default_off="failed ruleset test">
 
 	<target host="rttire.com" />
 	<target host="www.rttire.com" />
 
 
-	<rule from="^http://(www\.)?rttire\.com/"
-		to="https://$1rttire.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/RU-Golos.xml b/src/chrome/content/rules/RU-Golos.xml
index 28492db510bf..5892ea98da73 100644
--- a/src/chrome/content/rules/RU-Golos.xml
+++ b/src/chrome/content/rules/RU-Golos.xml
@@ -10,4 +10,4 @@
 	<rule from="^http://(?:www\.)?ru-golos\.ru/"
 		to="https://ru-golos.ru/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/RUB.de.xml b/src/chrome/content/rules/RUB.de.xml
new file mode 100644
index 000000000000..6e952f05f1b9
--- /dev/null
+++ b/src/chrome/content/rules/RUB.de.xml
@@ -0,0 +1,49 @@
+<!--
+	For other Ruhr-Universitaet Bochum coverage, see Ruhr-Uni-Bochum.de.xml.
+
+
+	Problematic hosts in *rub.de:
+
+		- ^ ¹
+		- www.cits ¹ ²
+
+	¹ Mismatched
+	² Mixed css in rewrite destination
+
+
+	Mixed content:
+
+		- Images on www from aktuell.rub.de
+		- Bug on www from vmrz\d+.vm.rub.de
+
+-->
+<ruleset name="RUB.de (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="piwik.ei.rub.de" />
+	<target host="www.piwik.ei.rub.de" />
+	<target host="hgi.rub.de" />
+	<target host="www.hgi.rub.de" />
+	<target host="res.mobsec.rub.de" />
+	<target host="nds.rub.de" />
+	<target host="www.nds.rub.de" />
+	<target host="www.rub.de" />
+	<target host="www.flexnow.rub.de" />
+
+	<!--	Complications:
+				-->
+	<target host="rub.de" />
+	<!--target host="www.cits.rub.de" /-->
+
+
+	<rule from="^http://rub\.de/"
+		to="https://www.rub.de/" />
+
+	<!--rule from="^http://www\.cits\.rub\.de/"
+		to="https://www.cits.ruhr-uni-bochum.de/" /-->
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/RUDI.net.xml b/src/chrome/content/rules/RUDI.net.xml
index 8c5415c5fcc5..6db8a360446b 100644
--- a/src/chrome/content/rules/RUDI.net.xml
+++ b/src/chrome/content/rules/RUDI.net.xml
@@ -15,7 +15,7 @@
 <ruleset name="RUDI.net">
 
 	<target host="rudi.net" />
-	<target host="*.rudi.net" />
+	<target host="www.rudi.net" />
 
 
 	<securecookie host="^\.rudi\.net$" name=".+" />
@@ -24,4 +24,4 @@
 	<rule from="^http://(?:www\.)?rudi\.net/"
 		to="https://www.rudi.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/RUSI.org.xml b/src/chrome/content/rules/RUSI.org.xml
new file mode 100644
index 000000000000..2640d51c3815
--- /dev/null
+++ b/src/chrome/content/rules/RUSI.org.xml
@@ -0,0 +1,29 @@
+<!--
+	Royal United Services Institute for Defence and Security Studies
+
+
+	Fully covered subdomains:
+
+		- (www.)?	(^ → www)
+		- my
+
+-->
+<ruleset name="RUSI.org (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="my.rusi.org" />
+	<target host="www.rusi.org" />
+
+	<!--	Complications:
+				-->
+	<target host="rusi.org" />
+
+
+	<rule from="^http://rusi\.org/"
+		to="https://www.rusi.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/RVLution.xml b/src/chrome/content/rules/RVLution.xml
index 41cab014e1bc..687ab991cfdb 100644
--- a/src/chrome/content/rules/RVLution.xml
+++ b/src/chrome/content/rules/RVLution.xml
@@ -1,9 +1,11 @@
-<ruleset name="RVLution" default_off="self-signed">
+<ruleset name="RVLution.net" default_off="expired, mismatched">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="rvlution.net" />
 	<target host="www.rvlution.net" />
 
-	<rule from="^http://(www\.)?rvlution\.net/"
-		to="https://rvlution.net/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/RVM.io.xml b/src/chrome/content/rules/RVM.io.xml
new file mode 100644
index 000000000000..c59a1c33f7de
--- /dev/null
+++ b/src/chrome/content/rules/RVM.io.xml
@@ -0,0 +1,9 @@
+<ruleset name="RVM.io">
+
+	<target host="rvm.io" />
+	<target host="www.rvm.io" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/RYLWarfare.net.xml b/src/chrome/content/rules/RYLWarfare.net.xml
new file mode 100644
index 000000000000..f29e3bfecbca
--- /dev/null
+++ b/src/chrome/content/rules/RYLWarfare.net.xml
@@ -0,0 +1,12 @@
+<ruleset name="RYL Warfare" >
+
+	<target host="rylwarfare.net" />
+	<target host="www.rylwarfare.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
+
diff --git a/src/chrome/content/rules/RYL_Warfare.xml b/src/chrome/content/rules/RYL_Warfare.xml
deleted file mode 100644
index a6c70f280762..000000000000
--- a/src/chrome/content/rules/RYL_Warfare.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="RYL Warfare">
-
-	<target host="rylwarfare.net" />
-	<target host="*.rylwarfare.net" />
-
-
-	<securecookie host="^(?:w*\.)?rylwarfare\.net$" name=".+" />
-
-
-	<rule from="^http://(www\.)?rylwarfare\.net/"
-		to="https://$1rylwarefare.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/RYOT.xml b/src/chrome/content/rules/RYOT.xml
index cb1c936e9b4e..4ae7eafd9a07 100644
--- a/src/chrome/content/rules/RYOT.xml
+++ b/src/chrome/content/rules/RYOT.xml
@@ -6,14 +6,19 @@
 
 	At least some pages redirect to http.
 
+
+	Server sends no certificate chain *
+
+	* See https://whatsmychaincert.com
+
 -->
-<ruleset name="RYOT (partial)">
+<ruleset name="RYOT (partial)" default_off="cert-chain">
 
 	<target host="ryot.org" />
 	<target host="www.ryot.org" />
 
 
-	<rule from="^http://(www\.)?ryot\.org/wp-content/"
-		to="https://$1ryot.org/wp-content/" />
+	<rule from="^http://(?:www\.)?ryot\.org/(?=wp-content/)"
+		to="https://ryot.org/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/RaKdigital.xml b/src/chrome/content/rules/RaKdigital.xml
index 90e86b06f453..918b1077ae22 100644
--- a/src/chrome/content/rules/RaKdigital.xml
+++ b/src/chrome/content/rules/RaKdigital.xml
@@ -7,13 +7,13 @@
 -->
 <ruleset name="raKditigal (partial)">
 
-	<target host="*.rakdigital.co.uk" />
+	<target host="clients.rakdigital.co.uk" />
+	<target host="managewp.rakdigital.co.uk" />
 
 
 	<securecookie host="^(?:(?:www\.)?clients|managewp)\.rakdigital\.co\.uk$" name=".+" />
 
 
-	<rule from="^http://((?:www\.)?clients|managewp)\.rakdigital\.co\.uk/"
-		to="https://$1.rakdigital.co.uk/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Raam.org.xml b/src/chrome/content/rules/Raam.org.xml
new file mode 100644
index 000000000000..69eb2494faeb
--- /dev/null
+++ b/src/chrome/content/rules/Raam.org.xml
@@ -0,0 +1,27 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://raam.org/ => https://raam.org/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.raam.org/ => https://raam.org/: (60, 'SSL certificate problem: certificate has expired')
+
+	www.raam.org: Mismatched
+
+-->
+<ruleset name="Raam.org" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="raam.org" />
+
+	<!--	Complications:
+				-->
+	<target host="www.raam.org" />
+
+
+	<rule from="^http://www\.raam\.org/"
+		to="https://raam.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/RabbitMQ.xml b/src/chrome/content/rules/RabbitMQ.xml
index 9a9a652490bf..af2a8863b8dc 100644
--- a/src/chrome/content/rules/RabbitMQ.xml
+++ b/src/chrome/content/rules/RabbitMQ.xml
@@ -1,14 +1,14 @@
 <!--
 	For other Pivotal coverage, see Pivotal.xml.
 
+	https version of {lists,next}.rabbitmq.com serves content from homepage,
+	not same content as http version
+
 -->
 <ruleset name="RabbitMQ">
-
 	<target host="rabbitmq.com" />
-	<target host="*.rabbitmq.com" />
-
-
-	<rule from="^http://((?:lists|next|www)\.)?rabbitmq\.com/"
-		to="https://$1rabbitmq.com/" />
+	<target host="www.rabbitmq.com" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Rabbit_Porno.com.xml b/src/chrome/content/rules/Rabbit_Porno.com.xml
new file mode 100644
index 000000000000..bdeb492d871d
--- /dev/null
+++ b/src/chrome/content/rules/Rabbit_Porno.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .rabbitporno.com
+
+-->
+<ruleset name="Rabbit Porno.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="rabbitporno.com" />
+	<target host="www.rabbitporno.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.rabbitporno\.com$" name="^\d+$" /-->
+
+	<securecookie host="^\.rabbitporno\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Rabobank.xml b/src/chrome/content/rules/Rabobank.xml
index df75d479e269..7e902a2ea7bf 100644
--- a/src/chrome/content/rules/Rabobank.xml
+++ b/src/chrome/content/rules/Rabobank.xml
@@ -1,10 +1,23 @@
+<!--
+	Rule created by Jeroen van der Gun.
+
+ -->
 <ruleset name="Rabobank">
-  <!-- Rule created by Jeroen van der Gun -->
 
-  <target host="www.rabobank.nl" />
-  <target host="rabobank.nl" />
-  <target host="bankieren.rabobank.nl" />
+	<target host="rabobank.nl" />
+	<target host="bankieren.rabobank.nl" />
+	<target host="www.rabobank.nl" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.rabobank\.nl$" name="^RABOBANK_SESSIE$" /-->
+	<!--securecookie host="^bankieren\.rabobank\.nl$" name="^(TS[\da-f]{6}|BIGipServer~\w+~pl_bankieren-\d+|BIGipServer~\w+~pl_bankieren-pifstatic-\d+)$" /-->
+	<!--securecookie host="^www\.rabobank\.nl$" name="^(BIGipServer~\w+~pl_anoniem_ave-\d+|BIGipServer~\w+~pl_anoniem_content-\d+|RaboTS)$" /-->
+
+	<securecookie host="^(?:bankieren|www)?\.rabobank\.nl$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
 
-  <rule from="^http://(?:www\.)?rabobank\.nl/" to="https://www.rabobank.nl/"/>
-  <rule from="^http://bankieren\.rabobank\.nl/" to="https://bankieren.rabobank.nl/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/Rabotilnica.com.mk.xml b/src/chrome/content/rules/Rabotilnica.com.mk.xml
deleted file mode 100644
index 0b48a650877c..000000000000
--- a/src/chrome/content/rules/Rabotilnica.com.mk.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	CN: pro1030.server4you.net
-
--->
-<ruleset name="Rabotilnica.com.mk" default_off="mismatched, self-signed, some pages 404">
-
-	<target host="rabotilnica.com.mk" />
-	<target host="www.rabotilnica.com.mk" />
-
-
-	<rule from="^http://(?:www\.)?rabotilnica\.com\.mk/"
-		to="https://rabotilnica.com.mk/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/RaceForward.org.xml b/src/chrome/content/rules/RaceForward.org.xml
new file mode 100644
index 000000000000..8d23405768d4
--- /dev/null
+++ b/src/chrome/content/rules/RaceForward.org.xml
@@ -0,0 +1,21 @@
+<!--
+	Invalid certificate:
+		- arc.raceforward.org
+		- clockingin-dev.raceforward.org
+		- documentation.raceforward.org
+		- lin1.raceforward.org
+		- piwik.raceforward.org
+		- redirect.raceforward.org
+		- vendors.raceforward.org
+-->
+
+<ruleset name="RaceForward.org">
+	<target host="raceforward.org" />
+	<target host="www.raceforward.org" />
+	<target host="assets.raceforward.org" />
+	<target host="clockingin.raceforward.org" />
+	<target host="do1.raceforward.org" />
+	<target host="facingrace.raceforward.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Race_to_Health.co.uk.xml b/src/chrome/content/rules/Race_to_Health.co.uk.xml
new file mode 100644
index 000000000000..64acff0be94c
--- /dev/null
+++ b/src/chrome/content/rules/Race_to_Health.co.uk.xml
@@ -0,0 +1,17 @@
+<!--
+	For other UK government coverage, see GOV.UK.xml.
+
+-->
+<ruleset name="Race to Health.co.uk">
+
+	<target host="racetohealth.co.uk" />
+	<target host="www.racetohealth.co.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Rachelbythebay.com.xml b/src/chrome/content/rules/Rachelbythebay.com.xml
index d5b19f48ef04..289850efd030 100644
--- a/src/chrome/content/rules/Rachelbythebay.com.xml
+++ b/src/chrome/content/rules/Rachelbythebay.com.xml
@@ -2,5 +2,5 @@
   <target host="rachelbythebay.com" />
   <target host="www.rachelbythebay.com" />
 
-  <rule from="^http://(www\.)?rachelbythebay\.com/" to="https://www.rachelbythebay.com/" />
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Racjonalista.pl.xml b/src/chrome/content/rules/Racjonalista.pl.xml
index de91e46e3e9d..11b58635a453 100644
--- a/src/chrome/content/rules/Racjonalista.pl.xml
+++ b/src/chrome/content/rules/Racjonalista.pl.xml
@@ -1,19 +1,31 @@
 <!--
-	Problematic subdomains:
-
-		- ^	(cert only matches www)
-
+	Non-functional hosts
+		Timeout was reached:
+			 - a.racjonalista.pl
+			 - i.racjonalista.pl
+
+		SSL connect error:
+			 - bracia.racjonalista.pl
+			 - fsm.racjonalista.pl
+			 - synopsa.racjonalista.pl
+
+		SSL peer certificate was not OK:
+			 - galeria.racjonalista.pl
+			 - lista.racjonalista.pl
+			 - mobile.racjonalista.pl
+			 - moralne-zwierze.racjonalista.pl
+			 - neutrum.racjonalista.pl
+			 - psr.racjonalista.pl
+			 - reshumana.racjonalista.pl
+			 - wydawnictwo.racjonalista.pl
+
+		Different content:
+			 - ceremonie.racjonalista.pl
 -->
-<ruleset name="racjonalista.pl" default_off="self-signed">
-
+<ruleset name="Racjonalista.pl">
 	<target host="racjonalista.pl" />
-	<target host="*.racjonalista.pl" />
-
-
-	<securecookie host="^\.racjonalista\.pl$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?racjonalista\.pl/"
-		to="https://www.racjonalista.pl/" />
+	<target host="www.racjonalista.pl" />
+	<target host="ksiegarnia.racjonalista.pl" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Rack911.xml b/src/chrome/content/rules/Rack911.xml
index 2f809bc45db5..907a97c2570e 100644
--- a/src/chrome/content/rules/Rack911.xml
+++ b/src/chrome/content/rules/Rack911.xml
@@ -1,13 +1,12 @@
 <ruleset name="Rack911">
 
 	<target host="rack911.com" />
-	<target host="*.rack911.com" />
+	<target host="www.rack911.com" />
 
 
 	<securecookie host="^\.rack911\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?rack911\.com/"
-		to="https://$1rack911.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/RackCDN.com.xml b/src/chrome/content/rules/RackCDN.com.xml
new file mode 100644
index 000000000000..a8be2f6d7f5d
--- /dev/null
+++ b/src/chrome/content/rules/RackCDN.com.xml
@@ -0,0 +1,18 @@
+<!--
+	For other Rackspace coverage, see Rackspace.xml.
+
+
+	Fully covered domains:
+
+		- (*).r\d+.cf[0-35].rackcdn.com		(→ (*).ssl.cf[0-35].rackcdn.com)
+
+-->
+<ruleset name="RackCDN.com">
+
+	<target host="*.rackcdn.com" />
+
+
+	<rule from="^http://([\w-]+)\.(?:r\d+|ssl)\.cf(\d)\.rackcdn\.com/"
+		to="https://$1.ssl.cf$2.rackcdn.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Racked.com.xml b/src/chrome/content/rules/Racked.com.xml
new file mode 100644
index 000000000000..5098cc73c6d3
--- /dev/null
+++ b/src/chrome/content/rules/Racked.com.xml
@@ -0,0 +1,46 @@
+<!--
+	For other Vox Media coverage, see Vox.com.xml.
+
+	Refused hosts in *racked.com:
+
+		- comments
+		- comments.boston
+		- www.chicago
+		- comments.chicago
+		- m.chicago
+		- comments.dc
+		- comments.la
+		- m.la
+		- m
+		- comments.miami
+		- comments.ny
+		- www.ny
+		- m.ny
+		- www.philly
+		- comments.philly
+		- comments.sf
+		- m.sf
+		- comments.vegas
+
+-->
+<ruleset name="Racked.com">
+
+	<target host="racked.com" />
+	<target host="www.racked.com" />
+	<target host="boston.racked.com" />
+	<target host="la.racked.com" />
+	<target host="dc.racked.com" />
+	<target host="ny.racked.com" />
+	<target host="live.racked.com" />
+	<target host="chicago.racked.com" />
+	<target host="newsletters.racked.com" />
+	<target host="dallas.racked.com" />
+	<target host="philly.racked.com" />
+	<target host="miami.racked.com" />
+	<target host="sf.racked.com" />
+	<target host="vegas.racked.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/RackerHacker.xml b/src/chrome/content/rules/RackerHacker.xml
deleted file mode 100644
index b95c8e8d8f29..000000000000
--- a/src/chrome/content/rules/RackerHacker.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="Rackerhacker">
-
-	<target host="rackerhacker.com" />
-	<target host="*.rackerhacker.com" />
-
-
-	<!--	cdn cert: static1.robohash.org
-						-->
-	<rule from="^https?://(?:cdn\.|(www\.))?rackerhacker\.com/"
-		to="https://$1rackerhacker.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Racket-lang.org.xml b/src/chrome/content/rules/Racket-lang.org.xml
index 73eb1a6cf7d0..6bcf4ab09da3 100644
--- a/src/chrome/content/rules/Racket-lang.org.xml
+++ b/src/chrome/content/rules/Racket-lang.org.xml
@@ -1,28 +1,36 @@
 <!--
-	Nonfunctional subdomains:
 
-		- (www.) *
-		- blog		(interrupted)
-		- docs *
-		- planet	(shows tree, CN: localhost)
-		- pre		(refused)
+	Problematic hosts in *racket-lang.org:
 
-	* Redirects to http
-
-
-	Fully covered subdomains:
-
-		- bugs
-		- git
-		- lists
+		- * (self-signed)
+		- git (certificate chain)
+		- icfpc (mismatched)
+		- planet (certificate chain)
+		- svn (self-signed)
 
 -->
-<ruleset name="Racket-lang.org (partial)" default_off="self-signed">
-
-	<target host="*.racket-lang.org" />
-
-
-	<rule from="^http://(bugs|git|lists)\.racket-lang\.org/"
-		to="https://$1.racket-lang.org/" />
-
-</ruleset>
\ No newline at end of file
+<ruleset name="Racket-lang.org">
+
+	<target host="racket-lang.org" />
+	<target host="www.racket-lang.org" />
+	<target host="blog.racket-lang.org" />
+	<target host="bugs.racket-lang.org" />
+	<target host="build-plot.racket-lang.org" />
+	<target host="con.racket-lang.org" />
+	<target host="docs.racket-lang.org" />
+	<target host="download.racket-lang.org" />
+	<target host="lists.racket-lang.org" />
+	<target host="mirror.racket-lang.org" />
+	<target host="pkg-build.racket-lang.org" />
+	<target host="pkgo.racket-lang.org" />
+	<target host="pkgs.racket-lang.org" />
+	<target host="planet-compats.racket-lang.org" />
+	<target host="pre-release.racket-lang.org" />
+	<target host="pre.racket-lang.org" />
+	<target host="redex.racket-lang.org" />
+	<target host="summer-school.racket-lang.org" />
+	<target host="try.racket-lang.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Racketboy.com.xml b/src/chrome/content/rules/Racketboy.com.xml
new file mode 100644
index 000000000000..9f235d49cceb
--- /dev/null
+++ b/src/chrome/content/rules/Racketboy.com.xml
@@ -0,0 +1,19 @@
+<!--
+	Mismatched:
+		- ftp
+		- server
+
+	TLS protocol error:
+		- ns2
+-->
+<ruleset name="Racketboy.com">
+	<target host="racketboy.com" />
+	<target host="www.racketboy.com" />
+	<target host="cpanel.racketboy.com" />
+	<target host="mail.racketboy.com" />
+	<target host="webdisk.racketboy.com" />
+	<target host="webmail.racketboy.com" />
+	<target host="whm.racketboy.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Rackspace.co.uk.xml b/src/chrome/content/rules/Rackspace.co.uk.xml
new file mode 100644
index 000000000000..c8e8351237d2
--- /dev/null
+++ b/src/chrome/content/rules/Rackspace.co.uk.xml
@@ -0,0 +1,66 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://buyonline.rackspace.co.uk/ => https://buyonline.rackspace.co.uk/: (60, 'SSL certificate problem: certificate has expired')
+
+	For other Rackspace coverage, see Rackspace.xml.
+
+
+	Problematic hosts in *rackspace.co.uk:
+
+		- blog ¹ ²
+
+	¹ Mismatched
+	² Mixed css
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .rackspace.co.uk
+		- blog.rackspace.co.uk
+		- .blog.rackspace.co.uk
+		- buyonline.rackspace.co.uk
+		- mycloud.rackspace.co.uk
+		- www.rackspace.co.uk
+
+
+	Mixed content:
+
+		- css, on:
+
+			- blog from $self
+			- www from fonts.googleapis.com *
+
+		- Images, on:
+
+			- blog from $self
+			- www from *.r\d+.cf\d.rackcdn.com *
+			- www from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Rackspace.co.uk (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="rackspace.co.uk" />
+	<target host="buyonline.rackspace.co.uk" />
+	<target host="mycloud.rackspace.co.uk" />
+	<target host="www.rackspace.co.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.(?:blog\.)?rackspace\.co\.uk$" name="^rackuid$" /-->
+	<!--securecookie host="^(?:blog|www)\.rackspace\.co\.uk$" name="^ServerID$" /-->
+	<!--securecookie host="^buyonline\.rackspace\.co\.uk$" name="^(?:BIGip|currency)$" /-->
+	<!--securecookie host="^mycloud\.rackspace\.co\.uk$" name="^csrftoken$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Rackspace.co.za.xml b/src/chrome/content/rules/Rackspace.co.za.xml
new file mode 100644
index 000000000000..6b51c731cc3d
--- /dev/null
+++ b/src/chrome/content/rules/Rackspace.co.za.xml
@@ -0,0 +1,21 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://rackspace.co.za/ => https://rackspace.co.za/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.rackspace.co.za/ => https://www.rackspace.co.za/: (60, 'SSL certificate problem: certificate has expired')
+
+	For other Rackspace coverage, see Rackspace.xml.
+
+-->
+<ruleset name="Rackspace.co.nz" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="rackspace.co.za" />
+	<target host="www.rackspace.co.za" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Rackspace.com-falsemixed.xml b/src/chrome/content/rules/Rackspace.com-falsemixed.xml
new file mode 100644
index 000000000000..114a63a929c1
--- /dev/null
+++ b/src/chrome/content/rules/Rackspace.com-falsemixed.xml
@@ -0,0 +1,13 @@
+<!--
+	For rules not causing false/broken MCB, see Rackspace.xml.
+
+-->
+<ruleset name="Rackspace.com (false MCB)" platform="mixedcontent">
+
+	<target host="www.rackspace.com" />
+
+
+	<rule from="^http://www\.rackspace\.com/talent"
+		to="https://www.rackspace.com/talent" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Rackspace.com.hk.xml b/src/chrome/content/rules/Rackspace.com.hk.xml
new file mode 100644
index 000000000000..63c790ca9846
--- /dev/null
+++ b/src/chrome/content/rules/Rackspace.com.hk.xml
@@ -0,0 +1,28 @@
+<!--
+	For other Rackspace coverage, see Rackspace.xml.
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.rackspace.com.hk
+
+-->
+<ruleset name="Rackspace.com.uk">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="rackspace.com.hk" />
+	<target host="www.rackspace.com.hk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.rackspace\.com\.hk$" name="^ServerID$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Rackspace.dk.xml b/src/chrome/content/rules/Rackspace.dk.xml
new file mode 100644
index 000000000000..b4abf73fa915
--- /dev/null
+++ b/src/chrome/content/rules/Rackspace.dk.xml
@@ -0,0 +1,21 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://rackspace.dk/ => https://rackspace.dk/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.rackspace.dk/ => https://www.rackspace.dk/: (60, 'SSL certificate problem: certificate has expired')
+
+	For other Rackspace coverage, see Rackspace.xml.
+
+-->
+<ruleset name="Rackspace.dk" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="rackspace.dk" />
+	<target host="www.rackspace.dk" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Rackspace.hk.xml b/src/chrome/content/rules/Rackspace.hk.xml
new file mode 100644
index 000000000000..2f0c9a32d776
--- /dev/null
+++ b/src/chrome/content/rules/Rackspace.hk.xml
@@ -0,0 +1,21 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://rackspace.hk/ => https://rackspace.hk/: (51, "SSL: no alternative certificate subject name matches target host name 'rackspace.hk'")
+Fetch error: http://www.rackspace.hk/ => https://www.rackspace.hk/: (51, "SSL: no alternative certificate subject name matches target host name 'www.rackspace.hk'")
+
+	For other Rackspace coverage, see Rackspace.xml.
+
+-->
+<ruleset name="Rackspace.hk" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="rackspace.hk" />
+	<target host="www.rackspace.hk" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Rackspace.nl.xml b/src/chrome/content/rules/Rackspace.nl.xml
new file mode 100644
index 000000000000..771990fa9618
--- /dev/null
+++ b/src/chrome/content/rules/Rackspace.nl.xml
@@ -0,0 +1,23 @@
+<!--
+	For other Rackspace coverage, see Rackspace.xml.
+
+
+	Mixed content:
+
+		- css on on (www.)? from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Rackspace.nl (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="rackspace.nl" />
+	<target host="www.rackspace.nl" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Rackspace.xml b/src/chrome/content/rules/Rackspace.xml
index 01a253df60e4..8a6fb1b611b0 100644
--- a/src/chrome/content/rules/Rackspace.xml
+++ b/src/chrome/content/rules/Rackspace.xml
@@ -1,99 +1,169 @@
+
 <!--
-	Nonfunctional domains:
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.rackspace.com/talent/wp-content/plugins/revslider/images/dummy.png => https://www.rackspace.com/talent/wp-content/plugins/revslider/images/dummy.png: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.rackspace.com/talent/wp-content/themes/jumpstart/framework/assets/plugins/bootstrap/css/bootstrap.min.css => https://www.rackspace.com/talent/wp-content/themes/jumpstart/framework/assets/plugins/bootstrap/css/bootstrap.min.css: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://cloudtools.rackspace.com/ => https://cloudtools.rackspace.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://feedback.rackspace.com/ => https://feedback.rackspace.com/: (51, "SSL: no alternative certificate subject name matches target host name 'feedback.rackspace.com'")
+Fetch error: http://stories.rackspace.com/ => https://stories.rackspace.com/: (51, "SSL: no alternative certificate subject name matches target host name 'stories.rackspace.com'")
 
-		- status.apps.rackspace.com
-		- (www.)rackspacestartups.com
+	For rules causing false/broken MCB, see Rackspace.com-falsemixed.xml.
 
 
-	Problematic domains:
+	Other Rackspace rulesets:
 
-		- mosso.com				(redirects to www.rackspace.com/cloud/; mismatched, CN: *.rackspacecloud.com)
-		- cdn.cloudfiles.mosso.com		(401, akamai)
-		- www.rackspace.com.hk			(mismatched)
-		- (*).cdn.cloudfiles.rackspacecdn.com	(akamai)
-		- (*).cdn1.cloudfiles.rackspacecdn.com	(akamai)
+		- Mailgun.net.xml
+		- Mosso.com.xml
+		- RackCDN.com.xml
+		- Rackspace.co.uk.xml
+		- Rackspace.co.za.xml
+		- Rackspace.com.hk.xml
+		- Rackspace.dk.xml
+		- Rackspace.hk.xml
+		- Rackspace.nl.xml
+		- Rackspace_Cloud.com.xml
 
 
-	Partially covered domains:
+	Nonfunctional domains:
 
-		- (www.)rackspace.com			(cloud/ & knowledge_center/ don't work [NB: elaborate, in what way?])
+		- www.rackertalent.com ¹
 
+		- status.apps.rackspace.com ²
+		- sharepoint.rackspace.com ²
+		- solve.rackspace.com ²
 
-	Fully covered domains:
+		- (www.)rackspacestartups.com
 
-		- cdn.cloudfiles.mosso.com/(*)/		(→ (*).ssl.cf0.rackcdn.com)
-		- (*).r\d+.cf[0-3].rackcdn.com		(→ (*).ssl.cf[0-3].rackcdn.com)
+	¹ Dropped
+	² Refused
 
-		- rackspace.com subdomains:
 
-			- apps
-			- cart
-			- cp
-			- my
+	Problematic hosts in *rackspace.com:
 
-		- (*).cdn.cloudfiles.rackspace.com	(→ (*).ssl.cf0.rackcdn.com)
-		- (*).cdn1.cloudfiles.rackspace.com	(→ (*).ssl.cf1.rackcdn.com)
+		- broadcast ¹
+		- docs ¹
+		- ir ²
+		- jobs ³
+		- support ¹
+		- talent ³
 
-		- (www.)rackspace.com.hk		(→ www.rackspace.hk)
-		- (www.)rackspace.co.uk			(^ → www)
-		- (www.)rackspace.co.za			(^ → www)
-		- (www.)rackspace.dk			(^ → www)
-		- (www.)rackspace.hk			(^ → www)
-		- (www.)rackspace.nl			(^ → www)
-		- (www.)rackspace.no			(^ → www)
-		- (www.)rackspace.se			(^ → www)
-		- (www.)rackspacecloud.com		(^ → www)
-		- manage.rackspacecloud.com
-		- lon.manage.rackspacecloud.com
+	¹ Server sends no certificate chain, see https://whatsmychaincert.com
+	² Akamai
+	³ Mismatched
 
--->
-<ruleset name="Rackspace (partial)" platform="mixedcontent">
 
-	<target host="cdn.cloudfiles.mosso.com" />
-	<target host="*.rackcdn.com" />
-	<target host="rackspace.*" />
-	<target host="*.rackspace.com" />
-	<target host="rackspace.com.hk" />
-	<target host="www.rackspace.com.hk" />
-	<target host="rackspace.co.*" />
-	<target host="*.rackspace.co.uk" />
-	<target host="*.rackspace.co.za" />
-	<target host="*.rackspace.dk" />
-	<target host="*.rackspace.hk" />
-	<target host="*.rackspace.nl" />
-	<target host="*.rackspace.no" />
-	<target host="*.rackspace.se" />
-	<target host="rackspacecloud.com" />
-	<target host="*.rackspacecloud.com" />
+	Insecure cookies are set for these domains and hosts:
 
+		- .rackspace.com
+		- blog.rackspace.com
+		- broadcast.rackspace.com
+		- cart.rackspace.com
+		- community.rackspace.com
+		- feedback.rackspace.com
+		- ir.rackspace.com
+		- manage.rackspace.com
+		- mycloud.rackspace.com
+		- status.rackspace.com
+		- stories.rackspace.com
+		- www.rackspace.com
 
-	<securecookie host="^(?:www)?\.rackspace\.(?:com|co\.uk|co\.za|dk|nl|no|se)$" name=".+" />
-	<securecookie host="^(?:apps|cart|community|my)\.rackspace\.com$" name=".+" />
-	<securecookie host="^manage\.rackspacecloud\.com$" name=".+" />
 
+	Mixed content:
 
-	<rule from="^https?://cdn\.cloudfiles\.mosso\.com/(\w+)/"
-		to="https://$1.ssl.cf0.rackcdn.com/" />
+		- css, on:
 
-	<rule from="^https?://([\w-]+)\.(?:r\d+|ssl)\.cf(\d)\.rackcdn\.com/"
-		to="https://$1.ssl.cf$2.rackcdn.com/" />
+			- docs from cdn.jsdelivr.net *
+			- ir from phx.corporate-ir.net *
+			- stories, www from fonts.googleapis.com *
+			- www from $self *
 
-	<rule from="^https?://(?:www\.)?rackspace(cloud)?\.(com|co\.uk|co\.za|dk|nl|no|se)/"
-		to="https://www.rackspace$1.$2/" />
+		- Images, on:
 
-	<rule from="^http://(apps|cart|community|cp|my)\.rackspace\.com/"
-		to="https://$1.rackspace.com/" />
+			- blog, www from *.r\d+.cf\d.rackcdn.com *
+			- blog, cp, www from images.cdn.rackspace.com *
+			- ir from media.corporate-ir.net *
+			- partners, www from broadcast.rackspace.com
 
-	<rule from="^https?://(?:www\.)?rackspace(?:\.com)?\.hk/"
-		to="https://www.rackspace.hk/" />
+		- favicon, on:
 
-	<rule from="^http://(lon\.)?manage\.rackspacecloud\.com/"
-		to="https://$1manage.rackspacecloud.com/" />
+			- community, stories from www.rackspace.com *
+			- docs from images.cdn.rackspace.com *
 
-	<rule from="^https?://(\w+)\.cdn\.cloudfiles\.rackspacecloud\.com/"
-		to="https://$1.ssl.cf0.rackcdn.com/" />
+	* Secured by us
 
-	<rule from="^https?://(\w+)\.cdn(1|2)\.cloudfiles\.rackspacecloud\.com/"
-		to="https://$1.ssl.cf$2.rackcdn.com/" />
+-->
+<ruleset name="Rackspace.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="rackspace.com" />
+	<target host="apps.rackspace.com" />
+	<target host="blog.rackspace.com" />
+	<!--target host="broadcast.rackspace.com" /-->
+	<target host="cart.rackspace.com" />
+	<target host="cloudtools.rackspace.com" />
+	<target host="community.rackspace.com" />
+	<target host="data.rackspace.com" />
+	<target host="developer.rackspace.com" />
+	<target host="cp.rackspace.com" />
+	<!--target host="docs.rackspace.com" /-->
+	<target host="feedback.rackspace.com" />
+	<target host="marketplace.rackspace.com" />
+	<target host="my.rackspace.com" />
+	<target host="mycloud.rackspace.com" />
+	<target host="partners.rackspace.com" />
+	<target host="status.rackspace.com" />
+	<target host="stories.rackspace.com" />
+	<!--target host="support.rackspace.com" /-->
+	<target host="www.rackspace.com" />
+
+	<!--	Complications:
+				-->
+	<target host="images.cdn.rackspace.com" />
+	<!--target host="talent.rackspace.com" /-->
+
+		<!--	Avoid false/broken MCB:
+						-->
+		<exclusion pattern="^http://www\.rackspace\.com/+talent(?!/wp-content/|/wp-includes/)" />
+
+			<!--	ve:
+					-->
+			<test url="http://www.rackspace.com/talent/" />
+			<test url="http://www.rackspace.com/talent/culture/" />
+			<test url="http://www.rackspace.com/talent/san-antonio-tx-usa/" />
+			<test url="http://www.rackspace.com/talent/support/" />
+
+			<!--	ve:
+					-->
+			<test url="http://www.rackspace.com/talent/wp-content/plugins/revslider/images/dummy.png" />
+			<test url="http://www.rackspace.com/talent/wp-content/themes/jumpstart/framework/assets/plugins/bootstrap/css/bootstrap.min.css" />
+
+		<!--	Formerly redirected to http:
+							-->
+		<test url="http://www.rackspace.com/knowledge_center/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.rackspace\.com$" name="^(IS_UASrackuid|RackSID|US[0-9a-f]{32}_pagecount|cloud_signup_reminder|keyword|tech_chat)$" /-->
+	<!--securecookie host="^(?:blog|broadcast|manage|stories)\.rackspace\.com$" name="^X-Mapping-\w+$" /-->
+	<!--securecookie host="^cart\.rackspace\.com$" name="^BIGip$" /-->
+	<!--securecookie host="^feedback\.rackspace\.com$" name="^_rf$" /-->
+	<!--securecookie host="^mycloud\.rackspace\.com$" name="^csrftoken$" /-->
+	<!--securecookie host="^(?:status|www)\.rackspace\.com$" name="^BigIP_Cookie$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://images\.cdn\.rackspace\.com/"
+		to="https://034d24a88b3e71fd72a6-f083e9a6295a3f0714fa019ffdca65c3.ssl.cf1.rackcdn.com/" />
+
+	<!--	Redirect preserves path and args:
+							-->
+	<!--rule from="^http://talent\.rackspace\.com/"
+		to="https://www.rackspace.com/talent/" /-->
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Rackspace_Cloud.com.xml b/src/chrome/content/rules/Rackspace_Cloud.com.xml
new file mode 100644
index 000000000000..101a1403f2ee
--- /dev/null
+++ b/src/chrome/content/rules/Rackspace_Cloud.com.xml
@@ -0,0 +1,63 @@
+<!--
+	For other Rackspace coverage, see Rackspace.xml.
+
+
+	Problematic hosts in *rackspacecloud.com:
+
+		- cdn.cloudfiles ¹
+		- cdn[12].cloudfiles ¹
+		- www ²
+
+	¹ Akamai
+	² Refused
+
+
+	Insecure cookies are set for these hosts:
+
+		- manage.rackspacecloud.com
+
+-->
+<ruleset name="Rackspace Cloud.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="rackspacecloud.com" />
+	<target host="manage.rackspacecloud.com" />
+
+	<!--	Complications:
+				-->
+	<target host="*.cdn.cloudfiles.rackspacecloud.com" />
+	<target host="*.cdn1.cloudfiles.rackspacecloud.com" />
+	<target host="*.cdn2.cloudfiles.rackspacecloud.com" />
+
+	<target host="www.rackspacecloud.com" />
+
+		<test url="http://c0001113.cdn2.cloudfiles.rackspacecloud.com/sheer-linen-gallery-5.jpg" />
+		<test url="http://c0006681.cdn.cloudfiles.rackspacecloud.com/mosso_logo.png" />
+		<test url="http://c0021744.cdn1.cloudfiles.rackspacecloud.com/sites/tvnewscheck/images/global/bullet-round-small.png" />
+		<test url="http://c0021744.cdn1.cloudfiles.rackspacecloud.com/sites/tvnewscheck/images/global/bullet-round-small.png" />
+		<test url="http://c1775272.cdn.cloudfiles.rackspacecloud.com/regular/f103334_1275423063.jpg" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^manage\.rackspacecloud\.com$" name="^X-Mapping-php\w+$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://www\.rackspacecloud\.com/"
+		to="https://rackspacecloud.com/" />
+
+	<rule from="^http://(\w+)\.cdn\.cloudfiles\.rackspacecloud\.com/"
+		to="https://$1.ssl.cf0.rackcdn.com/" />
+
+	<!--	Needs more tests:
+					-->
+	<rule from="^http://(\w+)\.cdn(1|2)\.cloudfiles\.rackspacecloud\.com/"
+		to="https://$1.ssl.cf$2.rackcdn.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/RadSec.org.xml b/src/chrome/content/rules/RadSec.org.xml
new file mode 100644
index 000000000000..387074fd8d29
--- /dev/null
+++ b/src/chrome/content/rules/RadSec.org.xml
@@ -0,0 +1,9 @@
+<ruleset name="RadSec.org">
+
+	<target host="radsec.org" />
+	<target host="www.radsec.org" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Radare.org.xml b/src/chrome/content/rules/Radare.org.xml
new file mode 100644
index 000000000000..7ae5fbc321cd
--- /dev/null
+++ b/src/chrome/content/rules/Radare.org.xml
@@ -0,0 +1,16 @@
+<!--
+	Connection refused:
+		- cloud.radare.org
+
+	Wrong server:
+		- cydia.radare.org
+-->
+
+<ruleset name="Radare.org">
+	<target host="radare.org" />
+	<target host="www.radare.org" />
+
+	<securecookie host="^(www)\.radare\.org$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Radartv.nl.xml b/src/chrome/content/rules/Radartv.nl.xml
new file mode 100644
index 000000000000..795b20c662cb
--- /dev/null
+++ b/src/chrome/content/rules/Radartv.nl.xml
@@ -0,0 +1,51 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .forum.www.radartv.nl
+
+
+	These altnames don't exist:
+
+		- www.forum.www.radartv.nl
+
+-->
+<ruleset name="Radartv.nl (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="radartv.nl" />
+	<target host="www.radartv.nl" />
+	<target host="forum.www.radartv.nl" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.radartv\.nl/(?:$|\?npo_cc=na|\?npo_cc_skip_wall=1)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.radartv\.nl/+(?!favicon\.ico|fileadmin/|typo3temp/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.radartv.nl/?npo_cc=na" />
+			<test url="http://www.radartv.nl/?npo_cc_skip_wall=1" />
+			<test url="http://www.radartv.nl/sites/radar/" />
+			<test url="http://www.radartv.nl/testpanel/" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.radartv.nl/favicon.ico" />
+			<test url="http://www.radartv.nl/fileadmin/GFX/radar_logo.png" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.forum\.www\.radartv\.nl$" name="^npo_cc$" /-->
+
+	<securecookie host="^\.forum\.www\.radartv\.nl$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Radboud-University-Nijmegen.xml b/src/chrome/content/rules/Radboud-University-Nijmegen.xml
index feee343818f4..de86948d19c5 100644
--- a/src/chrome/content/rules/Radboud-University-Nijmegen.xml
+++ b/src/chrome/content/rules/Radboud-University-Nijmegen.xml
@@ -1,34 +1,56 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ru.nl/ => https://www.ru.nl/: Too many redirects while fetching 'https://www.ru.nl/'
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://ru.nl/ => https://www.ru.nl/: Cycle detected - URL already encountered: https://www.ru.nl/
 
 	Nonfunctional domains:
 
 		- www2.cmbi.ru.nl	(cert: www.cmbi.ru.nl; redirects to http)
 
 -->
-<ruleset name="Radboud University Nijmegen">
+<ruleset name="Radboud University Nijmegen" default_off="failed ruleset test">
 
-	<target host="*.radboudnet.nl" />
+	<target host="www.radboudnet.nl" />
+	<target host="www-acc.radboudnet.nl" />
 	<target host="ru.nl" />
-	<target host="*.ru.nl" />
-	<target host="*.cmbi.ru.nl" />
-	<target host="*.hosting.ru.nl" />
+	<target host="www.ru.nl" />
+	<target host="ldap2.cmbi.ru.nl" />
+	<target host="mr.cmbi.ru.nl" />
+	<target host="nmr.cmbi.ru.nl" />
+	<target host="mrms.cmbi.ru.nl" />
+	<target host="svn.cmbi.ru.nl" />
+	<target host="webmail.cmbi.ru.nl" />
+	<target host="www.cmbi.ru.nl" />
+	<target host="cms.ru.nl" />
+	<target host="cms-acc.ru.nl" />
+	<target host="bangalore.hosting.ru.nl" />
+	<target host="bombay.hosting.ru.nl" />
+	<target host="delhi.hosting.ru.nl" />
+	<target host="hubli.hosting.ru.nl" />
+	<target host="jaipur.hosting.ru.nl" />
+	<target host="kota.hosting.ru.nl" />
+	<target host="mangalore.hosting.ru.nl" />
+	<target host="portalhelp.hosting.ru.nl" />
+	<target host="pune.hosting.ru.nl" />
+	<target host="idm.ru.nl" />
+	<target host="student.ru.nl" />
+	<target host="www-acc.ru.nl" />
 	<!--	* for cross-domain cookie.	-->
-	<target host="*.portalhelp.hosting.ru.nl" />
 
 
-	<securecookie host="^www(-acc)?\.radboudnet\.nl$" name=".*" />
-	<securecookie host="^.*\.ru\.nl$" name=".*" />
+	<securecookie host="^www(?:-acc)?\.radboudnet\.nl$" name=".+" />
+	<securecookie host="^.*\.ru\.nl$" name=".+" />
 
 
-	<rule from="^http://www(-acc)?\.radboudnet\.nl/"
-		to="https://www$1.radboudnet.nl/" />
 
 	<!--	Cert doesn't match //ru.nl.
 						-->
-	<rule from="^https?://(?:www\.)?ru\.nl/"
+	<rule from="^http://(?:www\.)?ru\.nl/"
 		to="https://www.ru.nl/" />
 
-	<rule from="^http://((?:ldap2|n?mr|mrms|svn|webmail|www)\.cmbi|cms|cms-acc|(?:bangalore|bombay|delhi|hubli|jaipur|kota|mangalore|portalhelp|pune)\.hosting|idm|student|www-acc)\.ru\.nl/"
-		to="https://$1.ru.nl/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Raddle.me.xml b/src/chrome/content/rules/Raddle.me.xml
new file mode 100644
index 000000000000..ef5bd387ffe8
--- /dev/null
+++ b/src/chrome/content/rules/Raddle.me.xml
@@ -0,0 +1,9 @@
+<ruleset name="Raddle.me">
+
+	<target host="raddit.me" />
+	<target host="www.raddit.me" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Radentscheid-frankfurt.de.xml b/src/chrome/content/rules/Radentscheid-frankfurt.de.xml
new file mode 100644
index 000000000000..8cb7cc10f080
--- /dev/null
+++ b/src/chrome/content/rules/Radentscheid-frankfurt.de.xml
@@ -0,0 +1,14 @@
+<ruleset name="Radentscheid-frankfurt.de">
+	<target host="radentscheid-frankfurt.de" />
+	<target host="www.radentscheid-frankfurt.de" />
+	<target host="dev.radentscheid-frankfurt.de" />
+	<target host="www.dev.radentscheid-frankfurt.de" />
+	<target host="ghostbike.radentscheid-frankfurt.de" />
+	<target host="www.ghostbike.radentscheid-frankfurt.de" />
+	<target host="statistic.radentscheid-frankfurt.de" />
+	<target host="www.statistic.radentscheid-frankfurt.de" />
+	<target host="stats.radentscheid-frankfurt.de" />
+	<target host="www.stats.radentscheid-frankfurt.de" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Radford.edu.xml b/src/chrome/content/rules/Radford.edu.xml
new file mode 100644
index 000000000000..9885f3723bf3
--- /dev/null
+++ b/src/chrome/content/rules/Radford.edu.xml
@@ -0,0 +1,14 @@
+<!--
+	Fully covered subdomains:
+
+		- php
+
+-->
+<ruleset name="Radford.edu (partial)">
+
+	<target host="php.radford.edu" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Radian.org.xml b/src/chrome/content/rules/Radian.org.xml
deleted file mode 100644
index 792d70bb960e..000000000000
--- a/src/chrome/content/rules/Radian.org.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="radian.org">
-
-	<target host="radian.org"/>
-
-	<rule from="^http://(www\.)?radian\.org/"
-		to="https://radian.org/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Radical_Designs.xml b/src/chrome/content/rules/Radical_Designs.xml
deleted file mode 100644
index 802eced92d1a..000000000000
--- a/src/chrome/content/rules/Radical_Designs.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	Nonfunctional domains:
-
-		- (www.)radicaldesigns.org	(prints "This site is currently not available"; mismatched, CN: *.rdsecure.org)
-
--->
-<ruleset name="Radical Designs">
-
-	<target host="rdsecure.org" />
-	<target host="*.rdsecure.org" />
-
-
-	<securecookie host="^.+\.rdsecure\.org$" name=".+" />
-
-
-	<rule from="^http://([\w-]+\.)?rdsecure\.org/"
-		to="https://$1rdsecure.org/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Radikale.dk.xml b/src/chrome/content/rules/Radikale.dk.xml
new file mode 100644
index 000000000000..334497aa3d5a
--- /dev/null
+++ b/src/chrome/content/rules/Radikale.dk.xml
@@ -0,0 +1,12 @@
+<!--
+	Currently gets a few pictures from Twitter over
+	forced HTTP; otherwise works perfectly well.
+-->
+<ruleset name="Radikale.dk">
+	<target host="radikale.dk" />
+	<target host="www.radikale.dk" />
+	<target host="fleresomdig.radikale.dk" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/RadioShack.xml b/src/chrome/content/rules/RadioShack.xml
index a235c18015ee..65317dce5f29 100644
--- a/src/chrome/content/rules/RadioShack.xml
+++ b/src/chrome/content/rules/RadioShack.xml
@@ -1,4 +1,18 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://franchiseradioshack.cloudapp.net/ => https://www.franchiseradioshack.com/: (7, 'Failed to connect to www.franchiseradioshack.com port 443: Connection refused')
+Fetch error: http://franchiseradioshack.com/ => https://www.franchiseradioshack.com/: (7, 'Failed to connect to www.franchiseradioshack.com port 443: Connection refused')
+Fetch error: http://www.franchiseradioshack.com/ => https://www.franchiseradioshack.com/: (7, 'Failed to connect to www.franchiseradioshack.com port 443: Connection refused')
+Fetch error: http://radioshackwireless.com/ => https://radioshackwireless.com/: (51, "SSL: no alternative certificate subject name matches target host name 'radioshackwireless.com'")
+Fetch error: http://www.radioshackwireless.com/ => https://radioshackwireless.com/: (51, "SSL: no alternative certificate subject name matches target host name 'radioshackwireless.com'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://franchiseradioshack.cloudapp.net/ => https://www.franchiseradioshack.com/: (6, 'Could not resolve host: franchiseradioshack.cloudapp.net')
+Fetch error: http://franchiseradioshack.com/ => https://www.franchiseradioshack.com/: (7, 'Failed to connect to www.franchiseradioshack.com port 443: Connection refused')
+Fetch error: http://www.franchiseradioshack.com/ => https://www.franchiseradioshack.com/: (7, 'Failed to connect to www.franchiseradioshack.com port 443: Connection refused')
+Fetch error: http://radioshackwireless.com/ => https://radioshackwireless.com/: (7, 'Failed to connect to radioshackwireless.com port 443: Connection timed out')
+Fetch error: http://www.radioshackwireless.com/ => https://radioshackwireless.com/: (6, 'Could not resolve host: www.radioshackwireless.com')
 	Most requests sent back to HTTP.
 
 
@@ -16,27 +30,28 @@
 		- www.radioshackcorporation.com	(self-signed; shows blank page)
 
 -->
-<ruleset name="RadioShack (partial)">
+<ruleset name="RadioShack (partial)" default_off="failed ruleset test">
 
 	<target host="franchiseradioshack.cloudapp.net" />
 	<target host="franchiseradioshack.com" />
 	<target host="www.franchiseradioshack.com" />
 	<target host="radioshack.com" />
-	<target host="*.radioshack.com" />
-		<exclusion pattern="^http://www\.radioshack\.com/($|category/|family/|home/|shop/)" />
+	<target host="www.radioshack.com" />
+	<target host="blog.radioshack.com" />
+		<exclusion pattern="^http://www\.radioshack\.com/(?:$|category/|family/|home/|shop/)" />
 	<target host="radioshackwireless.com" />
 	<target host="www.radioshackwireless.com" />
 
 
-	<securecookie host="^radioshackwireless\.com$" name=".*" />
+	<securecookie host="^radioshackwireless\.com$" name=".+" />
 
 
 	<!--	Cert mismatch.	-->
-	<rule from="^https?://franchiseradioshack\.cloudapp\.net/"
+	<rule from="^http://franchiseradioshack\.cloudapp\.net/"
 		to="https://www.franchiseradioshack.com/" />
 
 	<!--	Cert only matches www.	-->
-	<rule from="^https?://(?:www\.)?franchiseradioshack\.com/"
+	<rule from="^http://(?:www\.)?franchiseradioshack\.com/"
 		to="https://www.franchiseradioshack.com/" />
 
 	<!--
@@ -70,18 +85,17 @@
 
 
 		Cert only matches www.
-					
-	<rule from="^https?://(?:www\.)?radioshack\.com/($|(?:affiliate|checkout|cms_widgets|coreg|corp|emailAProduct|graphics|helpdesk|images|include|min-cat|product|search|sitemap|storeLocator3|uc)(?:$|/|\?))"
+
+	<rule from="^http://(?:www\.)?radioshack\.com/($|(?:affiliate|checkout|cms_widgets|coreg|corp|emailAProduct|graphics|helpdesk|images|include|min-cat|product|search|sitemap|storeLocator3|uc)(?:$|/|\?))"
 		to="https://www.radioshack.com/$1" /-->
 
-	<rule from="^https?://(?:www\.)?radioshack\.com/"
+	<rule from="^http://(?:www\.)?radioshack\.com/"
 		to="https://www.radioshack.com/" />
 
-	<rule from="^http://blog\.radioshack\.com/"
-		to="https://blog.radioshack.com/" />
 
 	<!--	Cert doesn't match www.	-->
-	<rule from="^https?://(?:www\.)?radioshackwireless\.com/"
+	<rule from="^http://(?:www\.)?radioshackwireless\.com/"
 		to="https://radioshackwireless.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/RadioTamazuj.xml b/src/chrome/content/rules/RadioTamazuj.xml
new file mode 100644
index 000000000000..21eefde36e95
--- /dev/null
+++ b/src/chrome/content/rules/RadioTamazuj.xml
@@ -0,0 +1,16 @@
+<!--
+	Domain uses wildcard dns
+
+	Connection refused:
+		- autoconfig.radiotamazuj.org
+		- autodiscover.radiotamazuj.org
+-->
+<ruleset name="Radio Tamazuj">
+
+	<target host="radiotamazuj.org" />
+	<target host="www.radiotamazuj.org" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/RadioX.ch.xml b/src/chrome/content/rules/RadioX.ch.xml
new file mode 100644
index 000000000000..d7792b991d03
--- /dev/null
+++ b/src/chrome/content/rules/RadioX.ch.xml
@@ -0,0 +1,17 @@
+<!--
+	Streams are only available over Port 8000, http:
+		- mp3.radiox.ch:8000
+		- ogg.radiox.ch:8000
+
+	Site contains mixed passive content.
+-->
+<ruleset name="RadioX.ch">
+	<target host="radiox.ch" />
+	<target host="www.radiox.ch" />
+	<target host="mainstream.radiox.ch" />
+	<target host="stream.radiox.ch" />
+	<target host="tagx.radiox.ch" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Radio_Free_Asia.xml b/src/chrome/content/rules/Radio_Free_Asia.xml
deleted file mode 100644
index 00fe8662cc56..000000000000
--- a/src/chrome/content/rules/Radio_Free_Asia.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<!--
-	Can we do this for all in *.download.akamai?
-
--->
-<ruleset name="Radio Free Asia (partial)">
-
-	<target host="a9.g.akamai.net" />
-
-
-	<rule from="^https?://a9\.g\.akamai\.net/f/9/9391/6h/rfa\.download\.akamai\.com/"
-		to="https://a248.e.akamai.net/f/9/9391/6h/rfa.download.akamai.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Radioeins.de.xml b/src/chrome/content/rules/Radioeins.de.xml
new file mode 100644
index 000000000000..3c4dc5fce396
--- /dev/null
+++ b/src/chrome/content/rules/Radioeins.de.xml
@@ -0,0 +1,40 @@
+<!--
+	For other Rundfunk Berlin-Brandenburg coverage, see Rbb-online.de.xml.
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- radioeins.de
+		- mein.radioeins.de
+		- www.radioeins.de
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Images on mein from www.radioeins.de ˢ
+		- Ad on mein from static2.funtip.de ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="radioeins.de">
+
+	<target host="radioeins.de" />
+	<target host="mein.radioeins.de" />
+	<target host="www.radioeins.de" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?radioeins\.de$" name="^wc$" /-->
+	<!--securecookie host="^mein\.radioeins.de$" name="^JSESSIONID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Radioleaks.xml b/src/chrome/content/rules/Radioleaks.xml
index 0ca6642dff8c..6e4a943d6f3b 100644
--- a/src/chrome/content/rules/Radioleaks.xml
+++ b/src/chrome/content/rules/Radioleaks.xml
@@ -4,19 +4,21 @@
 
 	Problematic subdomains:
 
-		- (www.)	(mismatched, CN: sverigesradio.se)
+		- (www.)? *
+
+	* Mismatched, CN: sverigesradio.se
 
 -->
-<ruleset name="Radioleaks">
+<ruleset name="Radioleaks.se">
 
 	<target host="radioleaks.se" />
 	<target host="*.radioleaks.se" />
 
 
-	<rule from="^https?://(?:www\.)?radioleaks\.se/(?:.*)"
+	<rule from="^http://(?:www\.)?radioleaks\.se/.*"
 		to="https://sverigesradio.se/sida/default.aspx?programid=4069" />
 
 	<rule from="^http://upload\.radioleaks\.se/"
 		to="https://upload.radioleaks.se/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Radiological_Society_of_North_America.xml b/src/chrome/content/rules/Radiological_Society_of_North_America.xml
index 0b89e5e9b84d..2922c083c5fb 100644
--- a/src/chrome/content/rules/Radiological_Society_of_North_America.xml
+++ b/src/chrome/content/rules/Radiological_Society_of_North_America.xml
@@ -9,13 +9,14 @@
 <ruleset name="Radiological Society of North America (partial)">
 
 	<target host="rsna.org" />
-	<target host="*.rsna.org" />
+	<target host="careers.rsna.org" />
+	<target host="www.rsna.org" />
+	<target host="www2.rsna.org" />
 
 
 	<securecookie host="^(?:careers\.|www\.)?rsna\.org$" name=".+" />
 
 
-	<rule from="^http://(careers\.|www2?\.)?rsna\.org/"
-		to="https://$1rsna.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Radioplayer.co.uk.xml b/src/chrome/content/rules/Radioplayer.co.uk.xml
index 49a2b877e849..cb8064e6e8bb 100644
--- a/src/chrome/content/rules/Radioplayer.co.uk.xml
+++ b/src/chrome/content/rules/Radioplayer.co.uk.xml
@@ -1,17 +1,47 @@
-<!--
-	^: 404, cert only matches www.
+<!--	4xx:
+			- stats.admin.radioplayer.co.uk
 
+		Cert mismatch:
+			- console.labs.radioplayer.co.uk
+			- mail.labs.radioplayer.co.uk
+			- measurement.labs.radioplayer.co.uk
+			- support.radioplayer.co.uk
+			- newsletter.radioplayer.co.uk
+
+		Timeout:
+			- dev01.radioplayer.co.uk
+			- facebook.radioplayer.co.uk
+			- newwww.radioplayer.co.uk/
+			- pw.radioplayer.co.uk
 -->
+
+
 <ruleset name="Radioplayer.co.uk">
 
 	<target host="radioplayer.co.uk" />
 	<target host="www.radioplayer.co.uk" />
 
+	<target host="admin.radioplayer.co.uk" />
+	<target host="api.radioplayer.co.uk" />
+	<target host="assets.radioplayer.co.uk" />
+	<target host="cookie.radioplayer.co.uk" />
+	<target host="dev02.radioplayer.co.uk" />
+	<target host="ingest.radioplayer.co.uk" />
+	<target host="labs.radioplayer.co.uk" />
+	<target host="www.labs.radioplayer.co.uk" />
+	<target host="metrics-log.radioplayer.co.uk" />
+	<target host="np.radioplayer.co.uk" />
+	<target host="rdns.radioplayer.co.uk" />
+	<target host="search.radioplayer.co.uk" />
+	<target host="static.radioplayer.co.uk" />
+	<target host="stats.radioplayer.co.uk" />
+	<target host="webviews-dev.radioplayer.co.uk" />
+	<target host="wp.radioplayer.co.uk" />
 
-	<securecookie host="^www\.radioplayer\.co\.uk$" name=".+" />
 
+	<securecookie host="^www\.radioplayer\.co\.uk$" name=".+" />
 
-	<rule from="^http://(?:www\.)?radioplayer\.co\.uk/"
-		to="https://www.radioplayer.co.uk/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Radioreference.com.xml b/src/chrome/content/rules/Radioreference.com.xml
new file mode 100644
index 000000000000..caea01993746
--- /dev/null
+++ b/src/chrome/content/rules/Radioreference.com.xml
@@ -0,0 +1,14 @@
+<ruleset name="Radioreference.com">
+	<!-- root domain times out on HTTP and HTTPS, so we are leaving it out -->
+	<target host="www.radioreference.com" />
+	<target host="api.radioreference.com" />
+	<target host="forums.radioreference.com" />
+	<target host="m.radioreference.com" />
+	<target host="register.radioreference.com" />
+	<target host="u.radioreference.com" />
+	<target host="wiki.radioreference.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/RadiumOne.xml b/src/chrome/content/rules/RadiumOne.xml
index 73380894a003..c3d49b0be7ec 100644
--- a/src/chrome/content/rules/RadiumOne.xml
+++ b/src/chrome/content/rules/RadiumOne.xml
@@ -1,26 +1,154 @@
+
+<!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Fetch error: http://analytics.radiumone.com/ => https://analytics.radiumone.com/: (7, 'Failed to connect to analytics.radiumone.com port 443: No route to host')
+Fetch error: http://support.radiumone.com/ => https://support.radiumone.com/: (6, 'Could not resolve host: support.radiumone.com')
+Fetch error: http://mc.gwallet.com/ => https://mc.gwallet.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://optout.gwallet.com/ => https://optout.gwallet.com/: (51, "SSL: no alternative certificate subject name matches target host name 'optout.gwallet.com'")
+Fetch error: http://panel.gwallet.com/ => https://panel.gwallet.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://rp.gwallet.com/ => https://rp.gwallet.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://ru.gwallet.com/ => https://ru.gwallet.com/: (7, 'Failed to connect to ru.gwallet.com port 443: No route to host')
+Fetch error: http://rp2.gwallet.com/ => https://rp2.gwallet.com/: (7, 'Failed to connect to rp2.gwallet.com port 443: No route to host')
+Fetch error: http://rstatic.gwallet.com/ => https://rstatic.gwallet.com/: (7, 'Failed to connect to rstatic.gwallet.com port 443: No route to host')
+Fetch error: http://sdk-log.gwallet.com/ => https://sdk-log.gwallet.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://rui.gwallet.com/ => https://rui.gwallet.com/: (7, 'Failed to connect to rui.gwallet.com port 443: No route to host')
+Fetch error: http://static.gwallet.com/ => https://static.gwallet.com/: (7, 'Failed to connect to static.gwallet.com port 443: No route to host')
+
+-->
+
 <!--
+The following targets have been disabled at 2020-04-17 18:38:06:
+
+Fetch error: http://radiumone.com/ => https://radiumone.com/: (7, 'Failed to connect to radiumone.com port 443: Connection refused')
+Fetch error: http://www.radiumone.com/ => https://www.radiumone.com/: (7, 'Failed to connect to www.radiumone.com port 443: Connection refused')
+Fetch error: http://api.radiumone.com/ => https://api.radiumone.com/: (56, 'OpenSSL SSL_read: SSL_ERROR_SYSCALL, errno 104')
+Fetch error: http://console.radiumone.com/ => https://console.radiumone.com/: (6, 'Could not resolve host: console.radiumone.com')
+Fetch error: http://dmp.radiumone.com/ => https://dmp.radiumone.com/: (6, 'Could not resolve host: dmp.radiumone.com')
+Fetch error: http://gwallet.com/ => https://gwallet.com/: (7, 'Failed to connect to gwallet.com port 443: Connection refused')
+Fetch error: http://www.gwallet.com/ => https://www.gwallet.com/: (7, 'Failed to connect to www.gwallet.com port 443: Connection refused')
+Fetch error: http://2frtb-us-east.gwallet.com/ => https://2frtb-us-east.gwallet.com/: (7, 'Failed to connect to 2frtb-us-east.gwallet.com port 443: Connection refused')
+Fetch error: http://demo.gwallet.com/ => https://demo.gwallet.com/: (7, 'Failed to connect to demo.gwallet.com port 443: Connection refused')
+Fetch error: http://frs.gwallet.com/ => https://frs.gwallet.com/: (7, 'Failed to connect to frs.gwallet.com port 443: Connection refused')
+Fetch error: http://mate.gwallet.com/ => https://mate.gwallet.com/: (56, 'OpenSSL SSL_read: SSL_ERROR_SYSCALL, errno 104')
+Fetch error: http://ip.gwallet.com/ => https://ip.gwallet.com/: (7, 'Failed to connect to ip.gwallet.com port 443: Connection refused')
+Fetch error: http://ha.gwallet.com/ => https://ha.gwallet.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://mx.gwallet.com/ => https://mx.gwallet.com/: (7, 'Failed to connect to mx.gwallet.com port 443: Connection refused')
+Fetch error: http://mgt2wh.gwallet.com/ => https://mgt2wh.gwallet.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://mgt1wh.gwallet.com/ => https://mgt1wh.gwallet.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://ns4.gwallet.com/ => https://ns4.gwallet.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://post-cm.gwallet.com/ => https://post-cm.gwallet.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://observium.gwallet.com/ => https://observium.gwallet.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://p.gwallet.com/ => https://p.gwallet.com/: (7, 'Failed to connect to p.gwallet.com port 443: Connection refused')
+Fetch error: http://pr.gwallet.com/ => https://pr.gwallet.com/: (7, 'Failed to connect to pr.gwallet.com port 443: Connection refused')
+Fetch error: http://report-rs.gwallet.com/ => https://report-rs.gwallet.com/: (7, 'Failed to connect to report-rs.gwallet.com port 443: Connection refused')
+Fetch error: http://rtb-us-east.gwallet.com/ => https://rtb-us-east.gwallet.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://rtb-eu.gwallet.com/ => https://rtb-eu.gwallet.com/: (7, 'Failed to connect to rtb-eu.gwallet.com port 443: Connection refused')
+Fetch error: http://rtb-apac.gwallet.com/ => https://rtb-apac.gwallet.com/: (7, 'Failed to connect to rtb-apac.gwallet.com port 443: Connection refused')
+Fetch error: http://staging.gwallet.com/ => https://staging.gwallet.com/: (7, 'Failed to connect to staging.gwallet.com port 443: Connection refused')
+Fetch error: http://test1.gwallet.com/ => https://test1.gwallet.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://ssltest.gwallet.com/ => https://ssltest.gwallet.com/: (7, 'Failed to connect to ssltest.gwallet.com port 443: Connection refused')
+Fetch error: http://temp.gwallet.com/ => https://temp.gwallet.com/: (7, 'Failed to connect to temp.gwallet.com port 443: Connection refused')
+Fetch error: http://webhost01.gwallet.com/ => https://webhost01.gwallet.com/: (7, 'Failed to connect to webhost01.gwallet.com port 443: Connection refused')
+Fetch error: http://zabbix.gwallet.com/ => https://zabbix.gwallet.com/: (28, 'Connection timed out after 20001 milliseconds')
+
 	Other RadiumOne rulesets:
 
-		- Po.st.xml
 
 
 	Nonfunctional domains:
 
 		- www.radiumone.com	(expired, self-signed; shows default Media Temple page)
 
+	Connection refused:
+		- repo.gwallet.com
+
+	TLS error:
+		- ad.gwallet.com
+		- cal.gwallet.com
+		- docs.gwallet.com
+		- groups.gwallet.com
+		- log.gwallet.com
+		- mail.gwallet.com
+		- sites.gwallet.com
+		- video.gwallet.com
+
+	Cert mismatch:
+		- control.radiumone.com
+		- go.radiumone.com
+		- optout.radiumone.com
+
+		- www.cnn.corp.gwallet.com
+		- img1.gwallet.com
+		- img2.gwallet.com
+		- img3.gwallet.com
+		- globalgw.gwallet.com
+		- post.gwallet.com
+		- racdn.gwallet.com
+		- rcdna.gwallet.com
+		- pypi.dev.dw.sc.gwallet.com
+		- git.dev.dw.sc.gwallet.com
+		- lucy.dw.sc.gwallet.com
+		- tableau01.staging.dw.sc.gwallet.com
+		- webhost-01.gwallet.com
 -->
 <ruleset name="RadiumOne (partial)">
 
-	<target host="*.gwallet.com" />
+	<!-- target host="radiumone.com" /-->
+	<!-- target host="www.radiumone.com" /-->
+
+	<!-- target host="analytics.radiumone.com" /-->
+	<!-- target host="api.radiumone.com" /-->
+	<!-- target host="console.radiumone.com" /-->
+	<!-- target host="dmp.radiumone.com" /-->
+	<target host="sso.radiumone.com" />
+	<!-- target host="support.radiumone.com" /-->
 
+	<!-- target host="gwallet.com" /-->
+	<!-- target host="www.gwallet.com" /-->
 
-	<securecookie host="^.*\.gwallet\.com$" name=".*" />
+	<!-- target host="2frtb-us-east.gwallet.com" /-->
+	<!-- target host="demo.gwallet.com" /-->
+	<!-- target host="frs.gwallet.com" /-->
+	<!-- target host="mate.gwallet.com" /-->
+	<!-- target host="ip.gwallet.com" /-->
+	<!-- target host="ha.gwallet.com" /-->
+	<!-- target host="mc.gwallet.com" /-->
+	<!-- target host="mx.gwallet.com" /-->
+	<!-- target host="mgt2wh.gwallet.com" /-->
+	<!-- target host="mgt1wh.gwallet.com" /-->
+	<!-- target host="ns4.gwallet.com" /-->
+	<!-- target host="post-cm.gwallet.com" /-->
+	<!-- target host="observium.gwallet.com" /-->
+	<!-- target host="optout.gwallet.com" /-->
+	<!-- target host="panel.gwallet.com" /-->
+	<!-- target host="p.gwallet.com" /-->
+	<!-- target host="pr.gwallet.com" /-->
+	<!-- target host="rp.gwallet.com" /-->
+	<!-- target host="report-rs.gwallet.com" /-->
+	<!-- target host="ru.gwallet.com" /-->
+	<!-- target host="rp2.gwallet.com" /-->
+	<target host="rs.gwallet.com" />
+	<!-- target host="rstatic.gwallet.com" /-->
+	<!-- target host="rtb-us-east.gwallet.com" /-->
+	<!-- target host="rtb-eu.gwallet.com" /-->
+	<!-- target host="rtb-apac.gwallet.com" /-->
+	<!-- target host="sdk-log.gwallet.com" /-->
+	<!-- target host="rui.gwallet.com" /-->
+	<!-- target host="staging.gwallet.com" /-->
+	<!-- target host="test1.gwallet.com" /-->
+	<!-- target host="static.gwallet.com" /-->
+	<!-- target host="ssltest.gwallet.com" /-->
+	<!-- target host="temp.gwallet.com" /-->
+	<!-- target host="webhost01.gwallet.com" /-->
+	<!-- target host="zabbix.gwallet.com" /-->
 
+	<securecookie host=".+" name=".+" />
 
 	<!--	- rs: Included on 3rd-party websites
 		- rui: client login/administration
 						-->
-	<rule from="^http://r(s|ui)\.gwallet\.com/"
-		to="https://r$1.gwallet.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Radius_Networks.com.xml b/src/chrome/content/rules/Radius_Networks.com.xml
new file mode 100644
index 000000000000..37f364f3307b
--- /dev/null
+++ b/src/chrome/content/rules/Radius_Networks.com.xml
@@ -0,0 +1,15 @@
+<ruleset name="Radius Networks.com (partial)">
+
+	<target host="account.radiusnetworks.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^account\.radiusnetworks\.com$" name="^_oauth-provider-demo_session$" /-->
+
+	<securecookie host="^account\.radiusnetworks\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/RadixDance.com.xml b/src/chrome/content/rules/RadixDance.com.xml
new file mode 100644
index 000000000000..55728f844064
--- /dev/null
+++ b/src/chrome/content/rules/RadixDance.com.xml
@@ -0,0 +1,15 @@
+<!--
+	Invalid certificate:
+		- radixdance.com, equivalent to www.radixdance.com
+-->
+
+<ruleset name="RadixDance.com">
+	<target host="radixdance.com" />
+	<target host="www.radixdance.com" />
+	<target host="stats.radixdance.com" />
+
+	<rule from="^http://radixdance\.com/"
+		to="https://www.radixdance.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Radware.com.xml b/src/chrome/content/rules/Radware.com.xml
new file mode 100644
index 000000000000..a5294b444546
--- /dev/null
+++ b/src/chrome/content/rules/Radware.com.xml
@@ -0,0 +1,19 @@
+<!--
+    Nonfunctional subdomains:
+        - $      -> times out
+-->
+<ruleset name="Radware.com">
+	<target host="radware.com" />
+	<target host="www.radware.com" />
+	<target host="blog.radware.com" />
+	<target host="kb.radware.com" />
+	<target host="portals.radware.com" />
+
+	<securecookie host="^(www\.|blog\.|kb\.|portals\.|)?radware\.com$" name=".+" />
+
+	<rule from="^http://radware\.com/"
+		to="https://www.radware.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Rafflecopter.com.xml b/src/chrome/content/rules/Rafflecopter.com.xml
new file mode 100644
index 000000000000..ff1cb1eeda03
--- /dev/null
+++ b/src/chrome/content/rules/Rafflecopter.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Rafflecopter.com">
+  <target host="rafflecopter.com" />
+  <target host="www.rafflecopter.com" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Rage3D.com.xml b/src/chrome/content/rules/Rage3D.com.xml
index cf3f78609ef1..edf1bfbbd43c 100644
--- a/src/chrome/content/rules/Rage3D.com.xml
+++ b/src/chrome/content/rules/Rage3D.com.xml
@@ -1,18 +1,21 @@
 <!--
-	- CN: R3DSRV1
-	- Expired 2013-08-27
+	Expired 2013-08-27
 
 -->
-<ruleset name="Rage3D.org" default_off="expired, self-signed">
+<ruleset name="Rage3D.com" default_off="expired, self-signed">
 
-	<target host="rage3d.org" />
-	<target host="www.rage3d.org" />
+	<target host="rage3d.com" />
+	<target host="www.rage3d.com" />
 
 
-	<securecookie host="^www\.rage3d\.com$" name=".+" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?rage3d\.com$" name="^r3dsessionhash$" /-->
 
+	<securecookie host="^(?:www\.)?rage3d\.com$" name=".+" />
 
-	<rule from="^http://(?:www\.)?rage3d\.com/"
-		to="https://www.rage3d.com/" />
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Raiffeisen.at.xml b/src/chrome/content/rules/Raiffeisen.at.xml
new file mode 100644
index 000000000000..e6a65e931a90
--- /dev/null
+++ b/src/chrome/content/rules/Raiffeisen.at.xml
@@ -0,0 +1,29 @@
+<!--
+	Nonfunctional hosts in *.raiffeisen.at:
+
+		- www.raiffeisen.at (h)
+		- [region].raiffeisen.at (f)
+		- www.[region].raiffeisen.at (f)
+			- e.g. salzburg.raiffeisen.at
+			  more examples on http://www.raiffeisen.at/oesterreich/1006622610903_359752870146184405-359752870146184405-NA-30-NA.html
+		- filialen.raiffeisenbank.at (f)
+		- finanzieren.raiffeisen.at (t)
+		- www.finanzieren.raiffeisen.at (t)
+		- meinbanking.raiffeisen.at (t)
+		- www.meinbanking.raiffeisen.at (t)
+		- vorsorgen.raiffeisen.at (t)
+		- www.vorsorgen.raiffeisen.at (t)
+		- wohnen.raiffeisen.at (m)
+		- www.wohnen.raiffeisen.at (m)
+
+	f: secure connection failed
+	h: http redirect
+	m: certificate mismatch
+-->
+<ruleset name="Raiffeisen.at (partial)">
+	<target host="raiffeisen.at" />
+	<target host="banking.raiffeisen.at" />
+	<target host="pooling.raiffeisen.at" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Raiffeisen.ch.xml b/src/chrome/content/rules/Raiffeisen.ch.xml
new file mode 100644
index 000000000000..ddf3b3864c73
--- /dev/null
+++ b/src/chrome/content/rules/Raiffeisen.ch.xml
@@ -0,0 +1,37 @@
+<!--
+	Mismatch:
+		- newslettermedia.raiffeisen.ch
+
+	Timeout:
+		- raiffeisendirect.ch
+		- www.raiffeisendirect.ch
+-->
+<ruleset name="Raiffeisen.ch">
+	<target host="raiffeisen.ch" />
+	<target host="www.raiffeisen.ch" />
+	<target host="boerse.raiffeisen.ch" />
+	<target host="browsercheck.raiffeisen.ch" />
+		<test url="http://browsercheck.raiffeisen.ch/de/" />
+	<target host="cardfinder.raiffeisen.ch" />
+	<target host="casa.raiffeisen.ch" />
+	<target host="ebanking.raiffeisen.ch" />
+	<target host="ebankingdemo.raiffeisen.ch" />
+	<target host="isotestbank.raiffeisen.ch" />
+	<target host="memberplus.raiffeisen.ch" />
+	<target host="microsites.raiffeisen.ch" />
+		<test url="http://microsites.raiffeisen.ch/energiesparen/" />
+	<target host="newsletter.raiffeisen.ch" />
+	<target host="registrierung.raiffeisen.ch" />
+	<target host="report.raiffeisen.ch" />
+	<target host="structuredproducts.raiffeisen.ch" />
+	<target host="welovefootball.video.raiffeisen.ch" />
+	<target host="welovefootball.raiffeisen.ch" />
+	<target host="welovesnow.raiffeisen.ch" />
+
+	<target host="tb.raiffeisendirect.ch" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Raiffeisen.ru.xml b/src/chrome/content/rules/Raiffeisen.ru.xml
new file mode 100644
index 000000000000..c6c7f8a763bf
--- /dev/null
+++ b/src/chrome/content/rules/Raiffeisen.ru.xml
@@ -0,0 +1,146 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://lyncdiscover.raiffeisen.ru/ => https://lyncdiscover.raiffeisen.ru/: (6, 'Could not resolve host: lyncdiscover.raiffeisen.ru')
+
+raiffeisen.ru ⁶
+anapa.raiffeisen.ru ¹
+ar2013.raiffeisen.ru ¹
+autodiscover.raiffeisen.ru ³
+balashiha.raiffeisen.ru ¹
+belgorod.raiffeisen.ru ¹
+berdsk.raiffeisen.ru ¹
+bmsgw01.raiffeisen.ru ³
+bryansk.raiffeisen.ru ¹
+chel.raiffeisen.ru ¹
+cherepovets.raiffeisen.ru ¹
+cp.cloud.raiffeisen.ru ³
+www.connect.raiffeisen.ru ¹
+data-channel.raiffeisen.ru ³
+demoelbrus.raiffeisen.ru ²
+domodedovo.raiffeisen.ru ¹
+mpi1.ecom.raiffeisen.ru ³
+mpi2.ecom.raiffeisen.ru ³
+edge.raiffeisen.ru ³
+ekb.raiffeisen.ru ¹
+elba.raiffeisen.ru ¹
+emm.raiffeisen.ru ³
+ext.raiffeisen.ru ³
+fw.raiffeisen.ru ¹
+i-elba.raiffeisen.ru/: (35, 'error:14092105:SSL routines:ssl3_get_server_hello:wrong cipher returned')
+ielba2.raiffeisen.ru ³
+irkutsk.raiffeisen.ru ¹
+is1.raiffeisen.ru ³
+izhevsk.raiffeisen.ru ¹
+kaluga.raiffeisen.ru ¹
+kazan.raiffeisen.ru ¹
+kemerovo.raiffeisen.ru ¹
+khb.raiffeisen.ru ¹
+kirov.raiffeisen.ru ¹
+klgd.raiffeisen.ru ¹
+korolev.raiffeisen.ru ¹
+krd.raiffeisen.ru ¹
+krsk.raiffeisen.ru ¹
+kursk.raiffeisen.ru ¹
+lipetsk.raiffeisen.ru ¹
+mail.raiffeisen.ru ³
+mail1.raiffeisen.ru ³
+mail2.raiffeisen.ru ³
+mail91.raiffeisen.ru ³
+mail96.raiffeisen.ru ³
+mail97.raiffeisen.ru ³
+mail98.raiffeisen.ru ³
+mail99.raiffeisen.ru ³
+meg.raiffeisen.ru ³
+miass.raiffeisen.ru ¹
+mobile.raiffeisen.ru ¹
+mx1.raiffeisen.ru ³
+mx2.raiffeisen.ru ³
+mytishchi.raiffeisen.ru ¹
+nnov.raiffeisen.ru ¹
+novorossiysk.raiffeisen.ru ¹
+ns1.raiffeisen.ru ³
+ns2.raiffeisen.ru ³
+nsk.raiffeisen.ru ¹
+odintsovo.raiffeisen.ru ¹
+omsk.raiffeisen.ru ¹
+orel.raiffeisen.ru ¹
+owa.raiffeisen.ru ³
+perm.raiffeisen.ru ¹
+peterburg.raiffeisen.ru ¹
+petrozavodsk.raiffeisen.ru ¹
+pgm.raiffeisen.ru ⁴
+pgv.raiffeisen.ru/: (35, 'error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown')
+pki.raiffeisen.ru ³
+podolsk.raiffeisen.ru ¹
+portal.raiffeisen.ru ⁴
+promo.raiffeisen.ru ¹
+pyatigorsk.raiffeisen.ru ¹
+rbo.raiffeisen.ru ⁴
+www.rbo.raiffeisen.ru ⁴
+rconnect.raiffeisen.ru ¹
+relay02.raiffeisen.ru ³
+rmobile.raiffeisen.ru ¹
+rostov.raiffeisen.ru ¹
+s4b.raiffeisen.ru ⁷
+samara.raiffeisen.ru ¹
+saransk.raiffeisen.ru ¹
+saratov.raiffeisen.ru ¹
+sbin.raiffeisen.ru ⁴
+skidki.raiffeisen.ru ¹
+www.skidki.raiffeisen.ru ¹
+smolensk.raiffeisen.ru ¹
+sochi.raiffeisen.ru ¹
+surgut.raiffeisen.ru ¹
+syktyvkar.raiffeisen.ru ¹
+tmn.raiffeisen.ru ¹
+tomsk.raiffeisen.ru ¹
+traveler.raiffeisen.ru ⁴
+tula.raiffeisen.ru ¹
+ufa.raiffeisen.ru ¹
+vcse1.raiffeisen.ru ³
+vladivostok.raiffeisen.ru ¹
+volgograd.raiffeisen.ru ¹
+voronezh.raiffeisen.ru ¹
+vsesrazu.raiffeisen.ru ¹
+wbx.raiffeisen.ru ⁴
+ws.raiffeisen.ru ³
+yar.raiffeisen.ru ¹
+zelenograd.raiffeisen.ru ¹
+zheleznogorsk.raiffeisen.ru ¹
+ielba.raiffeisen.ru different content
+
+
+¹ mismatch
+² refused
+³ timed out
+⁴ self signed
+⁶ redirect
+⁷ protocol error
+-->
+<ruleset name="raiffeisen.ru" default_off="failed ruleset test">
+	<target host="www.raiffeisen.ru" />
+	<target host="acs.raiffeisen.ru" />
+	<target host="chat.raiffeisen.ru" />
+	<target host="connect.raiffeisen.ru" />
+	<target host="dialin.raiffeisen.ru" />
+	<target host="e-commerce.raiffeisen.ru" />
+	<target host="xpay.ecom.raiffeisen.ru" />
+	<target host="elbrus.raiffeisen.ru" />
+	<target host="int.raiffeisen.ru" />
+	<target host="lyncdiscover.raiffeisen.ru" />
+	<target host="meet.raiffeisen.ru" />
+	<target host="mobilemail.raiffeisen.ru" />
+	<target host="navigator.raiffeisen.ru" />
+	<target host="online.raiffeisen.ru" />
+	<target host="auth.rbo.raiffeisen.ru" />
+	<target host="s4bout.raiffeisen.ru" />
+	<target host="s4bweb.raiffeisen.ru" />
+
+	<target host="raiffeisen.ru" />
+
+	<rule from="^http://raiffeisen\.ru/"
+		to="https://www.raiffeisen.ru/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Raiffeisen.xml b/src/chrome/content/rules/Raiffeisen.xml
deleted file mode 100644
index 4b16e1357544..000000000000
--- a/src/chrome/content/rules/Raiffeisen.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<ruleset name="Raiffeisen.ch" platform="mixedcontent">
-        <target host="raiffeisen.ch" />
-        <target host="www.raiffeisen.ch" />
-        <target host="tb.raiffeisendirect.ch" />
-
-        <securecookie host="^(.*\.)?raiffeisen\.ch$" name=".*" />
-        <securecookie host="^(.*\.)?raiffeisendirect\.ch$" name=".*" />
-
-        <rule from="^http://(?:www\.)?raiffeisen\.ch/" to="https://www.raiffeisen.ch/"/>
-        <rule from="^http://(?:tb\.)?raiffeisendirect\.ch/" to="https://tb.raiffeisendirect.ch/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/RailsConf.com.xml b/src/chrome/content/rules/RailsConf.com.xml
new file mode 100644
index 000000000000..c80d1283d18c
--- /dev/null
+++ b/src/chrome/content/rules/RailsConf.com.xml
@@ -0,0 +1,29 @@
+<!--
+	- ^ CN: *.heruko.com
+	- www CN: *.herokuapp.com
+
+
+	Mixed content:
+
+		- fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="RailsConf.com" default_off="mismatched">
+
+	<target host="railsconf.com" />
+	<target host="www.railsconf.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^railsconf\.com$" name="^_railsconf_session$" /-->
+
+	<securecookie host="^railsconf\.com$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?railsconf\.com/"
+		to="https://railsconf.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Railsschool.org.xml b/src/chrome/content/rules/Railsschool.org.xml
new file mode 100644
index 000000000000..85715428887a
--- /dev/null
+++ b/src/chrome/content/rules/Railsschool.org.xml
@@ -0,0 +1,6 @@
+<ruleset name="Railsschool.org">
+  <target host="railsschool.org" />
+  <target host="www.railsschool.org" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Rainforest_QA.com.xml b/src/chrome/content/rules/Rainforest_QA.com.xml
new file mode 100644
index 000000000000..89783335baf8
--- /dev/null
+++ b/src/chrome/content/rules/Rainforest_QA.com.xml
@@ -0,0 +1,40 @@
+<!--
+	NB: Tor users cannot view* this website due to CloudFlare settings.
+
+	See:
+
+		- https://blog.torproject.org/blog/call-arms-helping-internet-services-accept-anonymous-users
+		- https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block-Tor-
+		- https://support.cloudflare.com/hc/en-us/articles/200170206-How-do-I-turn-I-m-Under-Attack-mode-on-
+
+	* without enabling javascript, for security and privacy implications see e.g.:
+
+		- https://www.mozilla.org/security/known-vulnerabilities/firefox.html
+		- https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-fingerprinting
+		- https://panopticlick.eff.org
+
+
+	Insecure cookies are set for these domains:
+
+		- .rainforestqa.com
+
+-->
+<ruleset name="Rainforest QA.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="rainforestqa.com" />
+	<target host="www.rainforestqa.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.rainforestqa\.com$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.rainforestqa\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Rakuten.co.jp-mixed.xml b/src/chrome/content/rules/Rakuten.co.jp-mixed.xml
new file mode 100644
index 000000000000..5c4aa02da6f1
--- /dev/null
+++ b/src/chrome/content/rules/Rakuten.co.jp-mixed.xml
@@ -0,0 +1,49 @@
+<!--
+	For rules not causing mixed content, see Rakuten.co.jp.xml.
+
+	Non-functinoal hosts:
+		# Secure connection redirects to HTTP:
+		- event.rakuten.co.jp
+		- item.rakuten.co.jp
+
+-->
+<ruleset name="Rakuten.co.jp (mixed content)" platform="mixedcontent">
+
+	<target host="affiliate.rakuten.co.jp" />
+	<target host="auto.rakuten.co.jp" />
+	<target host="b2b.rakuten.co.jp" />
+	<target host="books.rakuten.co.jp" />
+	<target host="buyback.rakuten.co.jp" />
+	<target host="calendar.rakuten.co.jp" />
+	<target host="card.rakuten.co.jp" />
+	<target host="checkout.rakuten.co.jp" />
+	<target host="corp.rakuten.co.jp" />
+	<target host="delivery.rakuten.co.jp" />
+	<target host="dl.rakuten.co.jp" />
+	<target host="dream.rakuten.co.jp" />
+	<target host="edy.rakuten.co.jp" />
+	<target host="energy.rakuten.co.jp" />
+	<target host="entertainment.rakuten.co.jp" />
+	<!-- target host="event.rakuten.co.jp" /-->
+	<target host="gora.golf.rakuten.co.jp" />
+	<target host="insurance.rakuten.co.jp" />
+	<!-- target host="item.rakuten.co.jp" /-->
+	<target host="jobs.rakuten.co.jp" />
+	<target host="keiba.rakuten.co.jp" />
+	<target host="kidona.rakuten.co.jp" />
+	<target host="mart.rakuten.co.jp" />
+	<target host="plaza.rakuten.co.jp" />
+	<target host="point.rakuten.co.jp" />
+	<target host="realestate.rakuten.co.jp" />
+	<target host="research.rakuten.co.jp" />
+	<target host="shashinkan.rakuten.co.jp" />
+	<target host="ticket.rakuten.co.jp" />
+	<target host="video.rakuten.co.jp" />
+	<target host="wedding.rakuten.co.jp" />
+
+	<test url="http://auto.rakuten.co.jp/kaitori/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Rakuten.co.jp.xml b/src/chrome/content/rules/Rakuten.co.jp.xml
new file mode 100644
index 000000000000..3262dfe1898d
--- /dev/null
+++ b/src/chrome/content/rules/Rakuten.co.jp.xml
@@ -0,0 +1,255 @@
+<!--
+	For rules that cause mixed content, see Rakuten.co.jp-mixed.xml.
+
+	Other Rakuten rulesets:
+
+		- rakuten-static.com.xml
+		- Rakuten.co.jp-mixed.xml
+
+	Nonfunctional domains:
+
+		- rakuten.co.jp subdomains:
+
+			- 24 *
+			- auction *
+			- broadband *
+			- cafe *
+			- check *
+			- denwa *
+			- gift *
+			- logistics *
+			- mobile *
+			- point-g *
+			- ranking *
+			- reward *
+			- rmobile *
+			- toolbar *
+			- uranai *
+
+			- beauty ²
+			- coupon ²
+			- dining ²
+			- hoken ²
+			- kuji ²
+			- netsuper ²
+			- onet ²
+			- p-store ²
+			- profile ²
+			- recipe ²
+			- shaken ²
+			- webservice ²
+			- www ²
+
+			- ebates **
+			- esearch **
+			- search **
+			- travel **
+
+			- ashiato subdomains:
+
+				- grp02 *
+				- mall *
+
+				- trc subdomains:
+
+					- grp02 *
+
+			- auction subdomains:
+
+				- ref subdomains:
+
+					- api *
+
+			- bookmark subdomains:
+
+				- api subdomains:
+
+					- g01 *
+
+			- dl subdomains:
+
+				- image *
+
+			- golf subdomains:
+
+				- gora subdomains:
+
+					- search *
+
+			- ias subdomains:
+
+				- api subdomains:
+
+					- grp101 *
+
+			- notifier subdomains:
+
+				- offer *
+
+			- ppf subdomains:
+
+				- api *
+
+			- recipe subdomains:
+
+				- image *
+
+			- search subdomains:
+
+				- dict subdomains:
+
+					- api *
+
+			- shashinkan subdomains:
+
+				- page *
+
+	* Times out
+	² Redirects to http
+	** Refused
+	*** 404, valid cert
+
+	Problematic subdomains:
+
+		- edy	(The TLS connection was non-properly terminated)
+		- toto	(The TLS connection was non-properly terminated)
+
+		- brandavenue *
+		- image.cms	*
+		- image.event	*
+		- image.gora.golf	*
+		- image.realestate	*
+		- image.www	*
+		- product	*
+		- www *
+		- mtwidget04.affiliate	(invalid; rpaas.net)
+		- solor	(invalid cert; expired)
+
+	* invalid cert; akamai
+
+-->
+<ruleset name="Rakuten.co.jp">
+
+	<!--	Top level sites:
+					-->
+	<target host="adsales.rakuten.co.jp" />
+	<target host="apps.rakuten.co.jp" />
+	<target host="career.rakuten.co.jp" />
+	<target host="emagazine.rakuten.co.jp" />
+	<target host="grp02.id.rakuten.co.jp" />
+	<target host="grp03.id.rakuten.co.jp" />
+	<target host="monitor.research.rakuten.co.jp" />
+	<target host="my.rakuten.co.jp" />
+	<target host="privacy.rakuten.co.jp" />
+	<target host="racare.rakuten.co.jp" />
+	<target host="rakuma.rakuten.co.jp" />
+	<target host="research.faq.rakuten.co.jp" />
+	<target host="room.rakuten.co.jp" />
+	<target host="smartpay.rakuten.co.jp" />
+	<target host="socialnews.rakuten.co.jp" />
+	<target host="takarakuji.rakuten.co.jp" />
+
+	<test url="http://ashiato.rakuten.co.jp/rms/sd/ashiato/vc?act=6" />
+	<test url="http://grp02.id.rakuten.co.jp/rms/nid/login" />
+	<test url="http://grp03.id.rakuten.co.jp/rms/nid/login" />
+
+
+	<!-- 	Resource sites:
+				-->
+	<target host="anz.rd.rakuten.co.jp" />
+	<target host="api.auction.rakuten.co.jp" />
+	<target host="api.coupon.rakuten.co.jp" />
+	<target host="api.oubo.rakuten.co.jp" />
+	<target host="api.plaza.rakuten.co.jp" />
+	<target host="api.ranking.rakuten.co.jp" />
+	<target host="api.suggest.search.rakuten.co.jp" />
+	<target host="api.video.rakuten.co.jp" />
+	<target host="ashiato.rakuten.co.jp" />
+	<target host="ashiato.travel.rakuten.co.jp" />
+	<target host="cart-api.step.rakuten.co.jp" />
+	<target host="event.notifier.rakuten.co.jp" />
+	<target host="grp01.api.rp.rakuten.co.jp" />
+	<target host="grp03.api.rp.rakuten.co.jp" />
+	<target host="grp07.ias.rakuten.co.jp" />
+	<target host="grp09.ias.rakuten.co.jp" />
+	<target host="grp10.ias.rakuten.co.jp" />
+	<target host="grp11.ias.rakuten.co.jp" />
+	<target host="grp15.ias.rakuten.co.jp" />
+	<target host="image.apps.rakuten.co.jp" />
+	<target host="image.auction.rakuten.co.jp" />
+	<target host="image.books.rakuten.co.jp" />
+	<target host="image.ias.rakuten.co.jp" />
+	<target host="image.infoseek.rakuten.co.jp" />
+	<target host="image.rakuten.co.jp" />
+	<target host="image.space.rakuten.co.jp" />
+	<target host="img.delivery.rakuten.co.jp" />
+	<target host="img.travel.rakuten.co.jp" />
+	<target host="log.affiliate.rakuten.co.jp" />
+	<target host="mtwidget03.affiliate.ashiato.rakuten.co.jp" />
+	<target host="pbox.travel.rakuten.co.jp" />
+	<target host="prod.akimg.video.rakuten.co.jp" />
+	<target host="pzd.rakuten.co.jp" />
+	<target host="rat.rakuten.co.jp" />
+	<target host="rd.rakuten.co.jp" />
+	<target host="rt.rakuten.co.jp" />
+	<target host="shopapi.ranking.rakuten.co.jp" />
+	<target host="static.affiliate.rakuten.co.jp" />
+	<target host="static.dining.rakuten.co.jp" />
+	<target host="static.event.notifier.rakuten.co.jp" />
+	<target host="stream.cms.rakuten.co.jp" />
+	<target host="t.recommend.rakuten.co.jp" />
+	<target host="thumbnail.image.rakuten.co.jp" />
+	<target host="thumbnail.image.shashinkan.rakuten.co.jp" />
+	<target host="thumbnail.image.space.rakuten.co.jp" />
+	<target host="xml.affiliate.rakuten.co.jp" />
+
+	<test url="http://anz.rd.rakuten.co.jp/p/?i=" />
+	<test url="http://api.auction.rakuten.co.jp/seller-rank-web-api/progress/this-month" />
+	<test url="http://api.coupon.rakuten.co.jp/getCouponList" />
+	<test url="http://api.oubo.rakuten.co.jp/1.0/entry/check" />
+	<test url="http://api.plaza.rakuten.co.jp/bundles/Common/api/HttpConnect.php" />
+	<test url="http://api.ranking.rakuten.co.jp/q?qt=" />
+	<test url="http://api.suggest.search.rakuten.co.jp/conf" />
+	<test url="http://api.video.rakuten.co.jp/content/play.json?device_id=9" />
+	<test url="http://ashiato.travel.rakuten.co.jp/ashiato/domesticHotelBrowse/take?callback=" />
+	<test url="http://cart-api.step.rakuten.co.jp/rms/mall/cart/count/all/jsonp/" />
+	<test url="http://event.notifier.rakuten.co.jp/3.0/notification/get?last_id=" />
+	<test url="http://grp01.api.rp.rakuten.co.jp/js/plugin/00/00/002/version.js" />
+	<test url="http://grp03.api.rp.rakuten.co.jp/geap/v1/ichiba/rcmd/recommend_ichiba.json" />
+	<test url="http://grp07.ias.rakuten.co.jp/swad/?to=" />
+	<test url="http://grp09.ias.rakuten.co.jp/ctrl/" />
+	<test url="http://grp10.ias.rakuten.co.jp/noScriptAdv/" />
+	<test url="http://grp11.ias.rakuten.co.jp/bta-api/" />
+	<test url="http://grp15.ias.rakuten.co.jp/gw.js" />
+	<test url="http://image.apps.rakuten.co.jp/img/assets/img/pointgetbnr.png" />
+	<test url="http://image.auction.rakuten.co.jp/acom/img/event/1yen/renew_120824/200x200.jpg" />
+	<test url="http://image.books.rakuten.co.jp/books/img/bnr/event/book/lifestyle/valentine/img/20140107-300x250.jpg" />
+	<test url="http://image.ias.rakuten.co.jp/js/radvertise.js" />
+	<test url="http://image.infoseek.rakuten.co.jp/content/news/sn/icon/ic_blog.gif" />
+	<test url="http://image.rakuten.co.jp/papaya/cabinet/g315/7/jr09801.jpg" />
+	<test url="http://image.space.rakuten.co.jp/lg01/30/0000271630/66/img3256df2azik2zj.jpeg" />
+	<test url="http://img.delivery.rakuten.co.jp/data/static/delivery/normal/genre/pizza/flash/delivery_437x208.jpg" />
+	<test url="http://img.travel.rakuten.co.jp/share/themes/top/images/n/icon_ana.gif" />
+	<test url="http://log.affiliate.rakuten.co.jp/mw/imp/a.gif" />
+	<test url="http://mtwidget03.affiliate.ashiato.rakuten.co.jp/?rakuten_design=" />
+	<test url="http://pbox.travel.rakuten.co.jp/userInfo/json/" />
+	<test url="http://prod.akimg.video.rakuten.co.jp/content/31/82/131328/main.jpg" />
+	<test url="http://pzd.rakuten.co.jp/?menu=RgCookie" />
+	<test url="http://rat.rakuten.co.jp/?cpkg_none=" />
+	<test url="http://rd.rakuten.co.jp/js/p_code.js" />
+	<test url="http://rt.rakuten.co.jp/rms/?service_id=" />
+	<test url="http://shopapi.ranking.rakuten.co.jp/q?qt=" />
+	<test url="http://static.affiliate.rakuten.co.jp/widget/html/pc_pcview_all.html" />
+	<test url="http://static.dining.rakuten.co.jp/p-store/event/top/img/point_90x53.gif" />
+	<test url="http://static.event.notifier.rakuten.co.jp/ntf.gif" />
+	<test url="http://stream.cms.rakuten.co.jp/gate/play_ichibatop/index.js" />
+	<test url="http://t.recommend.rakuten.co.jp/srecommend/tr.do" />
+	<test url="http://thumbnail.image.rakuten.co.jp/@0_mall/ease-space/cabinet/04737669/04841215/imgrc0065611085.jpg" />
+	<test url="http://thumbnail.image.shashinkan.rakuten.co.jp/shashinkan-core/showPhoto/?pkey=" />
+	<test url="http://thumbnail.image.space.rakuten.co.jp/lg01/18/0000874818/94/img2ebd91e5zik5zj.jpeg" />
+	<test url="http://xml.affiliate.rakuten.co.jp/widget/js/rakuten_widget.js" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Rakuten_LinkShare.xml b/src/chrome/content/rules/Rakuten_LinkShare.xml
index a7d95fee2750..078f322207a9 100644
--- a/src/chrome/content/rules/Rakuten_LinkShare.xml
+++ b/src/chrome/content/rules/Rakuten_LinkShare.xml
@@ -1,17 +1,12 @@
 <!--
-	CDN buckets:
+	Rakuten LinkShare
 
-		- wrpx.service.mirror-image.net
-
-			- mproxy.banner.linksynergy.com
+	For other Rakuten coverage, see Rakuten.co.jp.xml.
 
 
 	Nonfunctional domains:
 
 		- blog.linkshare.com		(times out)
-		- ad.linksynergy.com *
-		- banner.linksynergy.com *
-		- mproxy.banner.linksynergy.com	(404; mismatched, CN: *.service.mirror-image.net)
 
 	* Times out
 
@@ -19,25 +14,19 @@
 	Problematic subdomains:
 
 		- linkshare.com			(mismatched, only matches www)
-		- m.www.linksynergy.com		(404, mismatched, CN: *.service.mirror-image.net)
 
 -->
-<ruleset name="Rakuten LinkShare (partial)">
+<ruleset name="LinkShare.com (partial)">
 
 	<target host="linkshare.com" />
+	<target host="signup.linkshare.com" />
 	<target host="www.linkshare.com" />
-	<target host="*.linksynergy.com" />
-	<target host="*.cli.linksynergy.com" />
-	<target host="m.www.linksynergy.com" />
-
-
-	<securecookie host="^\.?cli\.linksynergy\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:(?:www\.)?linkshare|m\.www\.linksynergy)\.com/"
+	<rule from="^http://linkshare\.com/"
 		to="https://www.linkshare.com/" />
 
-	<rule from="^http://(cli|merchant|ssl)\.linksynergy\.com/"
-		to="https://$1.linksynergy.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Rally.org.xml b/src/chrome/content/rules/Rally.org.xml
index a4a1f8a648af..81dacb88fd1c 100644
--- a/src/chrome/content/rules/Rally.org.xml
+++ b/src/chrome/content/rules/Rally.org.xml
@@ -11,13 +11,16 @@
 	<target host="www.rally.org" />
 
 
-	<securecookie host="^rally\.org$" name=".+" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?rally\.org$" name="^(CSRF|_rally_session)$" /-->
+
+	<securecookie host="^(?:www\.)?rally\.org$" name=".+" />
 
 
 	<!--	www redirects to ^ over http,
 		so copy that behavior:
 					-->
-	<rule from="^http://(?:www\.)?rally\.org/"
-		to="https://rally.org/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Rally_Congress.xml b/src/chrome/content/rules/Rally_Congress.xml
index ea62b3b8d4d4..5da180e08f76 100644
--- a/src/chrome/content/rules/Rally_Congress.xml
+++ b/src/chrome/content/rules/Rally_Congress.xml
@@ -1,15 +1,18 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://secure.rallycongress.com/ => https://secure.rallycongress.com/: (60, 'SSL certificate problem: self signed certificate')
+
 	Nonfunctional subdomains:
 
 		- (www.)	(shows secure; mismatched, CN: secure.rallycongress.com)
 
 -->
-<ruleset name="Rally Congress (partial)">
+<ruleset name="Rally Congress (partial)" default_off="failed ruleset test">
 
 	<target host="secure.rallycongress.com" />
 
 
-	<rule from="^http://secure\.rallycongress\.com/"
-		to="https://secure.rallycongress.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Rally_Dev.com.xml b/src/chrome/content/rules/Rally_Dev.com.xml
new file mode 100644
index 000000000000..8d57f28a0829
--- /dev/null
+++ b/src/chrome/content/rules/Rally_Dev.com.xml
@@ -0,0 +1,42 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://community.rallydev.com/ => https://community.rallydev.com/: (6, 'Could not resolve host: community.rallydev.com')
+
+	Other Rally rulesets:
+
+		- AgileU.com.xml
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .rallydev.com
+		- community.rallydev.com
+		- rally1.rallydev.com
+		- us1.rallydev.com
+
+-->
+<ruleset name="Rally Dev.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="rallydev.com" />
+	<target host="community.rallydev.com" />
+	<target host="help.rallydev.com" />
+	<target host="rally1.rallydev.com" />
+	<target host="us1.rallydev.com" />
+	<target host="www.rallydev.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.rallydev\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+	<!--securecookie host="^(?:community|rally1|us1)\.rallydev\.com$" name="^(?:JSESSIONID|SERVERID)$" /-->
+
+	<securecookie host=".*\.rallydev\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/RamNode.com.xml b/src/chrome/content/rules/RamNode.com.xml
new file mode 100644
index 000000000000..4f7e9f663e6e
--- /dev/null
+++ b/src/chrome/content/rules/RamNode.com.xml
@@ -0,0 +1,48 @@
+<!--
+	Nonfunctional subdomains:
+
+		- status *
+
+	* Dropped
+
+
+	Problematic subdomains:
+
+		- www *
+
+	* Tor blocked by CloudFlare
+
+
+	Fully covered subdomains:
+
+		- (www.)
+		- clientarea
+		- vpscp
+
+
+	Insecure cookies are set for these domains:
+
+		- .
+		- clientarea
+		- vpscp
+
+-->
+<ruleset name="RamNode.com (partial)">
+
+	<target host="ramnode.com" />
+	<target host="clientarea.ramnode.com" />
+	<target host="vpscp.ramnode.com" />
+	<target host="www.ramnode.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(vpscp\.)?ramnode\.com$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^clientarea\.ramnode\.com$" name="^WHMCS\w+$" /-->
+
+	<securecookie host="^(?:(?:clientarea|vpscp)?\.)?ramnode\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/RamanujanMachine.com.xml b/src/chrome/content/rules/RamanujanMachine.com.xml
new file mode 100644
index 000000000000..f6eedc58ac12
--- /dev/null
+++ b/src/chrome/content/rules/RamanujanMachine.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="RamanujanMachine.com">
+	<target host="ramanujanmachine.com" />
+	<target host="www.ramanujanmachine.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Rambler.ru.xml b/src/chrome/content/rules/Rambler.ru.xml
new file mode 100644
index 000000000000..04dbb576c018
--- /dev/null
+++ b/src/chrome/content/rules/Rambler.ru.xml
@@ -0,0 +1,74 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+		- dn.rambler.ru
+
+		Timeout was reached:
+		- booking.rambler.ru
+
+		SSL connect error:
+		- moana.rambler.ru
+
+		SSL peer certificate was not OK:
+		- gamesclub.rambler.ru
+		- www.kassa.rambler.ru
+		- pgc.rambler.ru
+		- www.tv.rambler.ru
+
+		4xx client error:
+		- c-champ.rambler.ru
+		- cnt.rambler.ru
+		- counter.rambler.ru
+		- api.news.rambler.ru
+		- tools.rambler.ru
+
+		Mixed content blocking (MCB) triggered:
+		- kinobot.rambler.ru
+-->
+<ruleset name="Rambler.ru">
+	<target host="rambler.ru" />
+	<target host="audio.rambler.ru" />
+	<target host="brain.rambler.ru" />
+	<target host="c.rambler.ru" />
+	<target host="dating.rambler.ru" />
+	<target host="m.dating.rambler.ru" />
+	<target host="developers.rambler.ru" />
+	<target host="finance.rambler.ru" />
+	<target host="m.finance.rambler.ru" />
+	<target host="fun.rambler.ru" />
+	<target host="games.rambler.ru" />
+	<target host="horoscopes.rambler.ru" />
+	<target host="m.horoscopes.rambler.ru" />
+	<target host="id.rambler.ru" />
+	<target host="dyn.ig.rambler.ru" />
+	<target host="images.rambler.ru" />
+	<target host="kassa.rambler.ru" />
+	<target host="m.kassa.rambler.ru" />
+	<target host="widget.kassa.rambler.ru" />
+	<target host="m.rambler.ru" />
+	<target host="mail.rambler.ru" />
+	<target host="mail-pda.rambler.ru" />
+	<target host="nerve.rambler.ru" />
+	<target host="news.rambler.ru" />
+	<target host="nova.rambler.ru" />
+	<target host="org.rambler.ru" />
+	<target host="rcounter.rambler.ru" />
+	<target host="realty.rambler.ru" />
+	<target host="reklama.rambler.ru" />
+	<target host="scounter.rambler.ru" />
+	<target host="soft.rambler.ru" />
+	<target host="sport.rambler.ru" />
+	<target host="sync.rambler.ru" />
+	<target host="top100.rambler.ru" />
+	<target host="topline.rambler.ru" />
+	<target host="travel.rambler.ru" />
+	<target host="tv.rambler.ru" />
+	<target host="update.rambler.ru" />
+	<target host="video.rambler.ru" />
+	<target host="weather.rambler.ru" />
+	<target host="weekend.rambler.ru" />
+	<target host="www.rambler.ru" />
+	<target host="yourside.rambler.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Rambler.su.xml b/src/chrome/content/rules/Rambler.su.xml
new file mode 100644
index 000000000000..fd29700d737c
--- /dev/null
+++ b/src/chrome/content/rules/Rambler.su.xml
@@ -0,0 +1,13 @@
+<!--
+	For other Rambler coverage, see Rambler.xml.
+
+-->
+<ruleset name="Rambler.su">
+
+	<target host="mail.rambler.su" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Rambler.xml b/src/chrome/content/rules/Rambler.xml
deleted file mode 100644
index e320eebb0367..000000000000
--- a/src/chrome/content/rules/Rambler.xml
+++ /dev/null
@@ -1,31 +0,0 @@
-<!--
-	Nonfunctional domains:
-
-		- top100-images.rambler.ru	(redirects to www.rambler.ru, valid cert)
-		- i.rl0.ru	(cert: *.rambler.ru; 403)
-
--->
-<ruleset name="Rambler (partial)">
-
-	<target host="*.rambler.ru" />
-		<exclusion pattern="^http://www\." />
-
-
-	<!--	Observed cookies:
-
-			- ^\.
-				- ruid
-				- top100rb
-
-			Both set by scounter.		-->
-	<securecookie host="^\.rambler\.com$" name=".*" />
-
-
-	<!--	This is another of those 1px tracking services.	-->
-	<rule from="^http://s?counter\.rambler\.ru/"
-		to="https://scounter.rambler.ru/" />
-
-	<rule from="^http://(cnt|id?|images|kassa|mail)\.rambler\.ru/"
-		to="https://$1.rambler.ru/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/RamonHarvey.com.xml b/src/chrome/content/rules/RamonHarvey.com.xml
new file mode 100644
index 000000000000..421eb5316217
--- /dev/null
+++ b/src/chrome/content/rules/RamonHarvey.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="RamonHarvey.com">
+	<target host="ramonharvey.com" />
+	<target host="www.ramonharvey.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/RanalloLawOffice.com.xml b/src/chrome/content/rules/RanalloLawOffice.com.xml
new file mode 100644
index 000000000000..99b104245539
--- /dev/null
+++ b/src/chrome/content/rules/RanalloLawOffice.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="RanalloLawOffice.com">
+
+	<target host="ranallolawoffice.com" />
+	<target host="www.ranallolawoffice.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Randaris-Anime.net.xml b/src/chrome/content/rules/Randaris-Anime.net.xml
new file mode 100644
index 000000000000..6046bcba9c78
--- /dev/null
+++ b/src/chrome/content/rules/Randaris-Anime.net.xml
@@ -0,0 +1,6 @@
+<ruleset name="Randaris-Anime.net">
+	<target host="randaris-anime.net" />
+	<target host="www.randaris-anime.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Randischumann.dk.xml b/src/chrome/content/rules/Randischumann.dk.xml
new file mode 100644
index 000000000000..7b7fa280e743
--- /dev/null
+++ b/src/chrome/content/rules/Randischumann.dk.xml
@@ -0,0 +1,15 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://psykologteam.dk/ => https://psykologteam.dk/: (6, 'Could not resolve host: psykologteam.dk')
+Fetch error: http://www.psykologteam.dk/ => https://www.psykologteam.dk/: (6, 'Could not resolve host: www.psykologteam.dk')
+
+-->
+<ruleset name="Randischumann" default_off="failed ruleset test">
+	<target host="randischumann.dk" />
+	<target host="www.randischumann.dk" />
+	<target host="psykologteam.dk" />
+	<target host="www.psykologteam.dk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Random-House-mismatches.xml b/src/chrome/content/rules/Random-House-mismatches.xml
index 3f5f2fdb1d03..456b7fc4199d 100644
--- a/src/chrome/content/rules/Random-House-mismatches.xml
+++ b/src/chrome/content/rules/Random-House-mismatches.xml
@@ -2,21 +2,14 @@
 	For rules that are on by default, see Random-House.xml.
 
 -->
-<ruleset name="Random House (mismatches)" default_off="expired, mismatch">
+<ruleset name="Random House.biz" default_off="expired, mismatch">
 
 	<!--	Cert: *.randomhouse.com	-->
 	<target host="randomhouse.biz" />
 	<target host="www.randomhouse.biz" />
-	<!--	Cert: createyourowncareer.com; expired	-->
-	<target host="careers.randomhouse.com" />
 
 
-	<!--	!www redirects to www.	-->
-	<rule from="^https?://(?:www\.)?randomhouse\.biz/"
-		to="https://www.randomhouse.biz/" />
-
-	<!--	careers cookies are handled in Random-House.xml.	-->
-	<rule from="^http://careers\.randomhouse\.com/"
-		to="https://careers.randomhouse.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Random-House.xml b/src/chrome/content/rules/Random-House.xml
index a6099fb6ac36..caab8bd21159 100644
--- a/src/chrome/content/rules/Random-House.xml
+++ b/src/chrome/content/rules/Random-House.xml
@@ -2,24 +2,33 @@
 	For problematic rules, see Random-House-mismatches.xml.
 
 
-	code.randomhouse.com/b/ss/ranhrollup/
+	Nonfunctional hosts in *randomhouse.com:
+
+		- careers *
+
+	* Refused
 
 -->
-<ruleset name="Random House (partial)">
+<ruleset name="Random House.com (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="randomhouse.com" />
-	<target host="*.randomhouse.com" />
-		<!--	Redirects to 404.	-->
-		<exclusion pattern="^http://ecommerce\.randomhouse\.com/$" />
+	<target host="images.randomhouse.com" />
+	<target host="www.randomhouse.com" />
+
+	<!--	Complications:
+				-->
+	<target host="code.randomhouse.com" />
 
 
-	<securecookie host="^.*\.randomhouse\.com$" name=".*" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(ecommerce\.|www\.)?randomhouse\.com/"
-		to="https://$1randomhouse.com/" />
+	<rule from="^http://code\.randomhouse\.com/"
+		to="https://ranhrollup.122.2o7.net/" />
 
-	<rule from="^https?://code\.randomhouse\.com/b/ss/"
-		to="https://ranhrollup.122.2o7.net/b/ss/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Random-Intervals.xml b/src/chrome/content/rules/Random-Intervals.xml
index d3349b2822dc..2d4da5c2046a 100644
--- a/src/chrome/content/rules/Random-Intervals.xml
+++ b/src/chrome/content/rules/Random-Intervals.xml
@@ -1,35 +1,23 @@
 <!--
-	Nonfunctional:
-
-		- uns.randomintervals.com	(cert: api.vistumbler.net; shows that domain's data)
+	^vistumbler.net: Refused
 
 -->
-<ruleset name="Random Intervals (partial)" platform="mixedcontent">
+<ruleset name="Vistumbler.net">
 
-	<target host="randomintervals.com" />
-	<target host="www.randomintervals.com" />
-	<target host="vistumbler.net" />
-	<target host="*.vistumbler.net" />
-	<target host="wifidb.net" />
-	<target host="*.wifidb.net" />
+	<!--	Direct rewrites:
+				-->
+	<target host="api.vistumbler.net" />
+	<target host="www.vistumbler.net" />
 
+	<!--	Complications:
+				-->
+	<target host="vistumbler.net" />
 
-	<!--	!www doesn't work over https, redirects over http.	-->
-	<rule from="^http://(?:www\.)?randomintervals\.com/"
-		to="https://www.randomintervals.com/" />
 
-	<!--	!www times out over https, redirects over http.		-->
-	<rule from="^http://(?:www\.)?vistumbler\.net/"
+	<rule from="^http://vistumbler\.net/"
 		to="https://www.vistumbler.net/" />
 
-	<rule from="^http://api\.vistumbler\.net/"
-		to="https://api.vistumbler.net/" />
-
-	<!--	!www times out over https, redirects over http.		-->
-	<rule from="^http://(?:www\.)?wifidb\.net/"
-		to="https://www.wifidb.net/" />
-
-	<rule from="^http://live\.wifidb\.net/"
-		to="https://live.wifidb.net/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/RandomOrg.xml b/src/chrome/content/rules/RandomOrg.xml
deleted file mode 100644
index b47c958a1c31..000000000000
--- a/src/chrome/content/rules/RandomOrg.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="Random.org (broken)" default_off="Breaks random number generator">
-  <target host="www.random.org" />
-  <target host="random.org" />
-
-  <rule from="^http://(?:www\.)?random\.org/" to="https://www.random.org/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/Randombit.net.xml b/src/chrome/content/rules/Randombit.net.xml
deleted file mode 100644
index 0ffd0d561eb3..000000000000
--- a/src/chrome/content/rules/Randombit.net.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	Expired 2013-09-14
-
-
-	Fully covered subdomains:
-
-		- (www.)
-		- botan
-		- lists
-
--->
-<ruleset name="randombit.net" default_off="expired" platform="cacert">
-
-	<target host="randombit.net" />
-	<target host="*.randombit.net" />
-
-
-	<rule from="^http://((?:botan|lists|www)\.)?randombit\.net/"
-		to="https://$1randombit.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Rands-in-Repose.xml b/src/chrome/content/rules/Rands-in-Repose.xml
index 33e688dfef02..2fe62c067e34 100644
--- a/src/chrome/content/rules/Rands-in-Repose.xml
+++ b/src/chrome/content/rules/Rands-in-Repose.xml
@@ -1,4 +1,4 @@
-<ruleset name="Rands in Repose" default_off="mismatch">
+<ruleset name="Rands in Repose" default_off="mismatched">
 
 	<!--	Cert: *.gridserver.com	-->
 	<target host="randsinrepose.com"/>
diff --git a/src/chrome/content/rules/Range_Networks.com.xml b/src/chrome/content/rules/Range_Networks.com.xml
new file mode 100644
index 000000000000..e0cd1b0cf21b
--- /dev/null
+++ b/src/chrome/content/rules/Range_Networks.com.xml
@@ -0,0 +1,42 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://support.rangenetworks.com/ => https://support.rangenetworks.com/: (7, 'Failed to connect to support.rangenetworks.com port 443: Connection refused')
+
+	^rangenetworks.com: Shows support.rangenetworks.com
+
+
+	Mixed content:
+
+		- Images on support from www.rangenetworks.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Range Networks.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="support.rangenetworks.com" />
+	<target host="www.rangenetworks.com" />
+
+	<!--	Complications:
+				-->
+	<target host="rangenetworks.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(support\.)?rangenetworks\.com$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^www\.rangenetworks\.com$" name="^(exp_cartthrob_session_id|exp_last_activity|exp_last_visit|exp_last_visit)$" /-->
+
+	<securecookie host="^(?:support\.|www\.)?rangenetworks\.com$" name=".+" />
+
+
+	<rule from="^http://rangenetworks\.com/"
+		to="https://www.rangenetworks.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/RankWise.net.xml b/src/chrome/content/rules/RankWise.net.xml
new file mode 100644
index 000000000000..ee7bf431640e
--- /dev/null
+++ b/src/chrome/content/rules/RankWise.net.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- rankwise.net
+		- www.rankwise.net
+
+-->
+<ruleset name="RankWise.net">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="rankwise.net" />
+	<target host="www.rankwise.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?rankwise\.net$" name="^s$" /-->
+
+	<securecookie host="^(?:www\.)?rankwise\.net$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Rantoul_Press.xml b/src/chrome/content/rules/Rantoul_Press.xml
index ae43613a686e..3c9b959e5220 100644
--- a/src/chrome/content/rules/Rantoul_Press.xml
+++ b/src/chrome/content/rules/Rantoul_Press.xml
@@ -15,4 +15,4 @@
 	<rule from="^http://(?:www\.)?rantoulpress\.com/(misc/|sites/|user(?:$|\?|/))"
 		to="https://www.rantoulpress.com/$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Rantsports.com.xml b/src/chrome/content/rules/Rantsports.com.xml
new file mode 100644
index 000000000000..8eab6dd00d0e
--- /dev/null
+++ b/src/chrome/content/rules/Rantsports.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="Rantsports.com">
+
+    <target host="rantsports.com" />
+    <target host="www.rantsports.com" />
+    <target host="shop.rantsports.com" />
+
+    <securecookie host=".+" name=".+" />
+
+    <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/RapLeaf.xml b/src/chrome/content/rules/RapLeaf.xml
index 15a96b0019a5..3cd428077341 100644
--- a/src/chrome/content/rules/RapLeaf.xml
+++ b/src/chrome/content/rules/RapLeaf.xml
@@ -1,26 +1,34 @@
 <!--
-	Fully covered domains:
+	For other TowerData coverage, see TowerData.com.xml.
 
-		- rlcdn.com subdomains:
 
-			- ei
-			- idsync
+	Problematic hosts in *rapleaf.com:
+
+		- ^ ¹
+		- dashboard ¹
+		- www ²
+	¹ Dropped
+	² Akamai
 
--->
-<ruleset name="Rapleaf">
 
-	<target host="rapleaf.com" />
-	<target host="*.rapleaf.com" />
-	<target host="*.rlcdn.com" />
+	Fully covered hosts in *rapleaf.com:
 
+		- dashboard	(→ dashboard.towerdata.com)
+
+-->
+<ruleset name="Rapleaf.com (partial)">
 
-	<securecookie host="^\.rlcdn\.com$" name=".+" />
+	<!--	Complications:
+				-->
+	<target host="dashboard.rapleaf.com" />
 
 
-	<rule from="^http://(blog\.|dashboard\.|www\.)?rapleaf\.com/"
-		to="https://$1rapleaf.com/" />
+	<!--	Redirect drops path, args,
+		and forward slash:
+					-->
+	<rule from="^http://dashboard\.rapleaf\.com/.*"
+		to="https://dashboard.towerdata.com/" />
 
-	<rule from="^http://(d|ei|idsync|rc)\.rlcdn\.com/"
-		to="https://$1.rlcdn.com/" />
+		<test url="http://dashboard.rapleaf.com//" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Raphael-Hertzog.xml b/src/chrome/content/rules/Raphael-Hertzog.xml
index 818c381fbeeb..f81f8373e810 100644
--- a/src/chrome/content/rules/Raphael-Hertzog.xml
+++ b/src/chrome/content/rules/Raphael-Hertzog.xml
@@ -1,13 +1,21 @@
-<ruleset name="Raphaël Hertzog" default_off="self-signed">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.raphaelhertzog.com/ => https://www.raphaelhertzog.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.raphaelhertzog.com'")
+
+	Raphaël Hertzog
+
+-->
+<ruleset name="Raphael Hertzog.com" default_off="failed ruleset test">
 
 	<target host="raphaelhertzog.com" />
 	<target host="www.raphaelhertzog.com" />
 
 
-	<securecookie host="^raphaelhertzog\.com$" name=".*" />
+	<securecookie host="^raphaelhertzog\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?raphaelhertzog\.com/"
-		to="https://raphaelhertzog.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Rapid7.xml b/src/chrome/content/rules/Rapid7.xml
index 722c0b99a047..d0eea669762a 100644
--- a/src/chrome/content/rules/Rapid7.xml
+++ b/src/chrome/content/rules/Rapid7.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://browsercan.rapid7.com/ => https://browsercan.rapid7.com/: (6, 'Could not resolve host: browsercan.rapid7.com')
+
 	Other Rapid7 rulesets:
 
 		- Metasploit.xml
@@ -8,17 +12,28 @@
 
 		- downloads	(works, akamai)
 
+
+	These altnames don't exist:
+
+		- www.community.rapid7.com
+
 -->
-<ruleset name="Rapid7 (partial)" platform="mixedcontent">
+<ruleset name="Rapid7 (partial)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="rapid7.com" />
-	<target host="*.rapid7.com" />
+	<target host="browsercan.rapid7.com" />
+	<target host="community.rapid7.com" />
+	<target host="insight.rapid7.com" />
+	<target host="www.rapid7.com" />
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^community\.rapid7\.com$" name="^(BIGipServer\w+-1-pool|JSESSIONID)" /-->
 
-	<securecookie host="^(?:community|www)\.rapid7\.com$" name=".+" />
+	<securecookie host="^(?:community|insight|www)\.rapid7\.com$" name=".+" />
 
 
-	<rule from="^http://(browsercan\.|community\.|www\.)?rapid7\.com/"
-		to="https://$1rapid7.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/RapidBuyr-problematic.xml b/src/chrome/content/rules/RapidBuyr-problematic.xml
index f78c9cb1ee8e..f5f1b051ae6c 100644
--- a/src/chrome/content/rules/RapidBuyr-problematic.xml
+++ b/src/chrome/content/rules/RapidBuyr-problematic.xml
@@ -7,7 +7,6 @@
 	<target host="cart.rapidbuyr.com" />
 
 
-	<rule from="^http://cart\.rapidbuyr\.com/"
-		to="https://cart.rapidbuyr.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/RapidBuyr.xml b/src/chrome/content/rules/RapidBuyr.xml
index b80510792610..6393f96b267b 100644
--- a/src/chrome/content/rules/RapidBuyr.xml
+++ b/src/chrome/content/rules/RapidBuyr.xml
@@ -15,7 +15,8 @@
 
 	<target host="rapidbuyr.cachefly.net" />
 	<target host="rapidbuyr.com" />
-	<target host="*.rapidbuyr.com" />
+	<target host="www.rapidbuyr.com" />
+	<target host="svcart.rapidbuyr.com" />
 		<!--
 			These paths redirect to http:
 
@@ -48,17 +49,17 @@
 				- merchant/support.htm
 				- secure/createAccount.aspx
 								-->
-		<exclusion pattern="^https?://(?:www\.)?rapidbuyr\.com/(?:$|\?|(?!MemberLogin)[\w-]+\.aspx|(?!All-Products|merchant/)[\w/-]+\.htm)" />
+		<exclusion pattern="^http://(?:www\.)?rapidbuyr\.com/(?:$|\?|(?!MemberLogin)[\w-]+\.aspx|(?!All-Products|merchant/)[\w/-]+\.htm)" />
 
 
 	<securecookie host="^rapidbuyr\.cachefly\.net$" name=".+" />
 	<securecookie host="^svcart\.rapidbuyr\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?rapidbuyr\.com/"
+	<rule from="^http://(?:www\.)?rapidbuyr\.com/"
 		to="https://www.rapidbuyr.com/" />
 
 	<rule from="^http://svcart\.rapidbuyr\.com/"
 		to="https://svcart.rapidbuyr.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/RapidLeaf.xml b/src/chrome/content/rules/RapidLeaf.xml
index 1e9b837f6be4..a3848355264e 100644
--- a/src/chrome/content/rules/RapidLeaf.xml
+++ b/src/chrome/content/rules/RapidLeaf.xml
@@ -1,13 +1,23 @@
-<ruleset name="RapidLeaf">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://rapidleaf.com/ => https://rapidleaf.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://dashboard.rapidleaf.com/ => https://dashboard.rapidleaf.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.rapidleaf.com/ => https://www.rapidleaf.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://rapidleaf.com/ => https://rapidleaf.com/: (28, 'Connection timed out after 10001 milliseconds')
+-->
+<ruleset name="RapidLeaf" default_off="failed ruleset test">
 
 	<target host="rapidleaf.com" />
-	<target host="*.rapidleaf.com" />
+	<target host="dashboard.rapidleaf.com" />
+	<target host="www.rapidleaf.com" />
 
 
-	<securecookie host="^(?:.+\.)?rapidleaf\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(dashboard\.|www\.)?rapidleaf\.com/"
-		to="https://$1rapidleaf.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/RapidSSL.xml b/src/chrome/content/rules/RapidSSL.xml
index 26fa406d1253..a1b144976ca7 100644
--- a/src/chrome/content/rules/RapidSSL.xml
+++ b/src/chrome/content/rules/RapidSSL.xml
@@ -1,13 +1,26 @@
-<ruleset name="RapidSSL">
+<!--
+	Insecure cookies are set for these hosts:
 
+		- knowledge.rapidssl.com
+
+-->
+<ruleset name="RapidSSL.com">
+
+	<!--	Direct rewrites:
+				-->
 	<target host="rapidssl.com" />
-	<target host="*.rapidssl.com" />
+	<target host="knowledge.rapidssl.com" />
+	<target host="www.rapidssl.com" />
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^knowledge\.rapidssl\.com$" name="^(?:JSESSIONID|sessionpersist)$" /-->
 
-	<securecookie host="^\.rapidssl\.com$" name=".+" />
+	<securecookie host="^(?:knowledge)?\.rapidssl\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?rapidssl\.com/"
-		to="https://$1rapidssl.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/RapidShare.xml b/src/chrome/content/rules/RapidShare.xml
deleted file mode 100644
index 069cebb74d8b..000000000000
--- a/src/chrome/content/rules/RapidShare.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- images
-
--->
-<ruleset name="RapidShare (partial)">
-
-	<target host="rapidshare.com" />
-	<target host="*.rapidshare.com" />
-
-
-	<rule from="^http://(api\.|images3\.|www\.)?rapidshare\.com/"
-		to="https://$1rapidshare.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/RapidSite.jp.xml b/src/chrome/content/rules/RapidSite.jp.xml
new file mode 100644
index 000000000000..2f8ebc8da805
--- /dev/null
+++ b/src/chrome/content/rules/RapidSite.jp.xml
@@ -0,0 +1,25 @@
+<!--
+	For other GMO coverage, see GMO_Internet.xml.
+
+
+	Mixed content:
+
+		- Images from cache.img.gmo.jp
+
+		- Bugs from b\d+.yahoo.co.jp *
+
+	* Secured by us
+
+-->
+<ruleset name="RapidSite.jp">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="rapidsite.jp" />
+	<target host="www.rapidsite.jp" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Rapida.ru.xml b/src/chrome/content/rules/Rapida.ru.xml
new file mode 100644
index 000000000000..0009a94f795d
--- /dev/null
+++ b/src/chrome/content/rules/Rapida.ru.xml
@@ -0,0 +1,61 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://mp.rapida.ru/ => https://mp.rapida.ru/: (6, 'Could not resolve host: mp.rapida.ru')
+Fetch error: http://webm.rapida.ru/ => https://webm.rapida.ru/: (7, 'Failed to connect to webm.rapida.ru port 443: No route to host')
+
+agents.rapida.ru ²
+autodiscover.rapida.ru ⁴
+autopay.rapida.ru ³
+autopay-test.rapida.ru ³
+epay.rapida.ru ⁴
+www.id.rapida.ru ¹
+lk.rapida.ru ⁴
+ns.rapida.ru ³
+ns1.rapida.ru ³
+ns4.rapida.ru ²
+openbank-credit.rapida.ru ³
+pcard.rapida.ru ⁴
+post2.rapida.ru ³
+rt-mn.rapida.ru ³
+smtp.rapida.ru ²
+soft.rapida.ru ⁴
+tepay.rapida.ru ⁴
+terminal.rapida.ru ⁴
+test.rapida.ru ³
+trans.rapida.ru ⁵
+uc.rapida.ru ²
+vpn.rapida.ru ³
+webmail.rapida.ru ³
+
+
+¹ mismatch
+² refused
+³ timed out
+⁴ self signed
+⁵ expired
+-->
+<ruleset name="rapida.ru" default_off="failed ruleset test">
+	<target host="rapida.ru" />
+	<target host="www.rapida.ru" />
+	<target host="api.rapida.ru" />
+	<target host="contact.rapida.ru" />
+	<target host="europlat.rapida.ru" />
+	<target host="genblank.rapida.ru" />
+	<target host="id.rapida.ru" />
+	<target host="mfo.rapida.ru" />
+	<target host="mp.rapida.ru" />
+	<target host="otkritie.rapida.ru" />
+	<target host="pay.rapida.ru" />
+	<target host="paycard.rapida.ru" />
+	<target host="pps.rapida.ru" />
+	<target host="pskov.rapida.ru" />
+	<target host="service.rapida.ru" />
+	<target host="stat.rapida.ru" />
+	<target host="static.rapida.ru" />
+	<target host="support.rapida.ru" />
+	<target host="wallet.rapida.ru" />
+	<target host="webm.rapida.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Rapidgator.net.xml b/src/chrome/content/rules/Rapidgator.net.xml
deleted file mode 100644
index ddab6c3e4f9b..000000000000
--- a/src/chrome/content/rules/Rapidgator.net.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	Some pages redirect to http.
-
--->
-<ruleset name="Rapidgator.net (partial)">
-
-	<target host="rapidgator.net" />
-	<target host="www.rapidgator.net" />
-
-
-	<rule from="^http://(www\.)?rapidgator\.net/(article/premium|assets/|auth/(?:captcha|login)|account/registration|css/|images/)"
-		to="https://$1rapidgator.net/$2" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Rapidresearch.me.xml b/src/chrome/content/rules/Rapidresearch.me.xml
deleted file mode 100644
index e4754ddbf820..000000000000
--- a/src/chrome/content/rules/Rapidresearch.me.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!-- This rule was automatically generated based on an HSTS
-     preload rule in the Chromium browser.  See
-     https://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.h
-     for the list of preloads.  Sites are added to the Chromium HSTS
-     preload list on request from their administrators, so HTTPS should
-     work properly everywhere on this site.
-
-     Because Chromium and derived browsers automatically force HTTPS for
-     every access to this site, this rule applies only to Firefox. -->
-<ruleset name="Rapidresearch.me" platform="firefox">
-<target host="rapidresearch.me" />
-
-<securecookie host="^rapidresearch\.me$" name=".+" />
-
-<rule from="^http://rapidresearch\.me/" to="https://rapidresearch.me/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Rapimg.com.xml b/src/chrome/content/rules/Rapimg.com.xml
new file mode 100644
index 000000000000..a8e103aeea29
--- /dev/null
+++ b/src/chrome/content/rules/Rapimg.com.xml
@@ -0,0 +1,11 @@
+<ruleset name="rapimg.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="l.rapimg.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Raptr.com.xml b/src/chrome/content/rules/Raptr.com.xml
new file mode 100644
index 000000000000..f92a159e1162
--- /dev/null
+++ b/src/chrome/content/rules/Raptr.com.xml
@@ -0,0 +1,12 @@
+<!--
+	Raptr.com has a wildcard DNS record and SSL certificate.
+
+	Mismatched:
+		- dev.raptr.com
+-->
+<ruleset name="Raptr.com">
+	<target host="raptr.com" />
+	<target host="www.raptr.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Rapture_Ready.xml b/src/chrome/content/rules/Rapture_Ready.xml
index 37ea44b75306..11b1936876d9 100644
--- a/src/chrome/content/rules/Rapture_Ready.xml
+++ b/src/chrome/content/rules/Rapture_Ready.xml
@@ -4,7 +4,6 @@
 	<target host="www.raptureready.com" />
 
 
-	<rule from="^http://(www\.)?raptureready\.com/"
-		to="https://$1raptureready.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Rare.us.xml b/src/chrome/content/rules/Rare.us.xml
new file mode 100644
index 000000000000..e40d24a1f520
--- /dev/null
+++ b/src/chrome/content/rules/Rare.us.xml
@@ -0,0 +1,16 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://rare.us/ => https://rare.us/: Too many redirects while fetching 'https://rare.us/'
+Fetch error: http://www.rare.us/ => https://www.rare.us/: Too many redirects while fetching 'https://www.rare.us/'
+
+-->
+<ruleset name="Rare.us" default_off="failed ruleset test">
+
+	<target host="rare.us" />
+	<target host="www.rare.us" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/RareAviation.com.xml b/src/chrome/content/rules/RareAviation.com.xml
index 3cf3c627d3e3..659974531449 100644
--- a/src/chrome/content/rules/RareAviation.com.xml
+++ b/src/chrome/content/rules/RareAviation.com.xml
@@ -1,13 +1,32 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .rareaviation.com
+
+
+	Mixed content:
+
+		- Ad from wfncnews.com *
+
+	* Secured by us
+
+-->
 <ruleset name="RareAviation.com">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="rareaviation.com" />
-	<target host="*.rareaviation.com" />
+	<target host="www.rareaviation.com" />
+
 
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.rareaviation\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
 
 	<securecookie host="^\.rareaviation\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?rareaviation\.com/"
-		to="https://$1rareaviation.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/RareConnect.xml b/src/chrome/content/rules/RareConnect.xml
new file mode 100644
index 000000000000..4c72480ade5b
--- /dev/null
+++ b/src/chrome/content/rules/RareConnect.xml
@@ -0,0 +1,11 @@
+<ruleset name="RareConnect">
+	<target host="rareconnect.org" />
+	<target host="www.rareconnect.org" />
+
+	<securecookie host="(^|\.)rareconnect\.org$" name=".+" />
+
+	<rule from="^http://rareconnect\.org/"
+		to="https://www.rareconnect.org/" />
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Rare_Diseases.org.xml b/src/chrome/content/rules/Rare_Diseases.org.xml
new file mode 100644
index 000000000000..c06cfbfa615c
--- /dev/null
+++ b/src/chrome/content/rules/Rare_Diseases.org.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- www.rarediseases.org
+
+-->
+<ruleset name="Rare Diseases.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="rarediseases.org" />
+	<target host="www.rarediseases.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.rarediseases\.org$" name="^PHPSESSID$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Rasende.dk.xml b/src/chrome/content/rules/Rasende.dk.xml
new file mode 100644
index 000000000000..d2f8be1e441e
--- /dev/null
+++ b/src/chrome/content/rules/Rasende.dk.xml
@@ -0,0 +1,12 @@
+<!--
+     Problematic domains:
+        - www: unable to get local issuer certificate
+-->
+<ruleset name="Rasende.dk">
+
+    <target host="rasende.dk" />
+    <target host="www.rasende.dk" />
+
+    <rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Raspberry_Pi.xml b/src/chrome/content/rules/Raspberry_Pi.xml
index 4b3d3951b047..ffb0d6af90ed 100644
--- a/src/chrome/content/rules/Raspberry_Pi.xml
+++ b/src/chrome/content/rules/Raspberry_Pi.xml
@@ -1,17 +1,35 @@
 <!--
-	CN: 00-25-90-28-bc-aa
+	^raspberrypi.org: Refused
+
+
+	Insecure cookies are set for these domains:
+
+		- .raspberrypi.org
 
 -->
-<ruleset name="Raspberry Pi" default_off="self-signed">
+<ruleset name="Raspberry Pi.org">
 
-	<target host="raspberrypi.org" />
+	<!--	Direct rewrites:
+				-->
 	<target host="www.raspberrypi.org" />
+	<target host="downloads.raspberrypi.org" />
+
+	<!--	Complications:
+				-->
+	<target host="raspberrypi.org" />
 
 
-	<securecookie host="^www\.raspberrypi\.org$" name=".+" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.raspberrypi\.org$" name="^phpbb3_\w+_(k|sid|u)$" /-->
 
+	<securecookie host="^(?:www)?\.raspberrypi\.org$" name=".+" />
 
-	<rule from="^http://(?:www\.)?raspberrypi\.org/"
+
+	<rule from="^http://raspberrypi\.org/"
 		to="https://www.raspberrypi.org/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Raspbian.org.xml b/src/chrome/content/rules/Raspbian.org.xml
new file mode 100644
index 000000000000..bdfd39a3aa44
--- /dev/null
+++ b/src/chrome/content/rules/Raspbian.org.xml
@@ -0,0 +1,20 @@
+<!--
+	Refused:
+		mirrordirector.raspbian.org
+		mirrordirectortest.raspbian.org
+
+-->
+<ruleset name="Raspbian.org">
+
+	<target host="raspbian.org" />
+	<target host="www.raspbian.org" />
+	<target host="archive.raspbian.org" />
+	<target host="buildd.raspbian.org" />
+	<target host="cdimage.raspbian.org" />
+	<target host="debdiffs.raspbian.org" />
+	<target host="plugwash.raspbian.org" />
+	<target host="sourcearchive.raspbian.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ratanagiri.org.uk.xml b/src/chrome/content/rules/Ratanagiri.org.uk.xml
new file mode 100644
index 000000000000..d9bb2f3facee
--- /dev/null
+++ b/src/chrome/content/rules/Ratanagiri.org.uk.xml
@@ -0,0 +1,9 @@
+<ruleset name="Aruna Ratanagiri Buddhist Monastery">
+    <target host="ratanagiri.org.uk" />
+    <target host="ratanagiri-163c.kxcdn.com" />
+
+    <securecookie host="^ratanagiri\.org\.uk$" name=".+" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/RateMyProfessors.com.xml b/src/chrome/content/rules/RateMyProfessors.com.xml
new file mode 100644
index 000000000000..bf9f41acb358
--- /dev/null
+++ b/src/chrome/content/rules/RateMyProfessors.com.xml
@@ -0,0 +1,24 @@
+<!--
+	Time out:
+		ratemyprofessors.com
+		relaunch.ratemyprofessors.com
+		static.ratemyprofessors.com
+		submit.ratemyprofessors.com
+		toplists.ratemyprofessors.com
+
+	Invalid certificate:
+		blog.ratemyprofessors.com
+
+-->
+<ruleset name="RateMyProfessors.com">
+
+	<target host="ratemyprofessors.com" />
+	<target host="www.ratemyprofessors.com" />
+
+	<rule from="^http://ratemyprofessors\.com/"
+		to="https://www.ratemyprofessors.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/RatePoint.xml b/src/chrome/content/rules/RatePoint.xml
deleted file mode 100644
index 5a577b5de992..000000000000
--- a/src/chrome/content/rules/RatePoint.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<ruleset name="RatePoint (partial)">
-	<target host="ratepoint.com" />
-	<target host="my.ratepoint.com" />
-	<target host="reviews.ratepoint.com" />
-	<target host="sitetools.ratepoint.com" />
-	<target host="subscribe.ratepoint.com" />
-	<target host="www.ratepoint.com" />
-
-	<rule from="^http://(my|reviews|sitetools|subscribe)\.ratepoint\.com/" to="https://$1.ratepoint.com/" />
-	<rule from="^http://(www\.)?ratepoint\.com/(profile/|(login($|\?))|map/|seereviews/)" to="https://ratepoint.com/$2" />
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/RateYourMusic.com.xml b/src/chrome/content/rules/RateYourMusic.com.xml
new file mode 100644
index 000000000000..846f45d9d989
--- /dev/null
+++ b/src/chrome/content/rules/RateYourMusic.com.xml
@@ -0,0 +1,34 @@
+<!--
+	Supported Languages (from a combination of their Wikipedia page and this page: https://rateyourmusic.com/wiki/RYM:Languages):
+		Default:
+			English (no subdomain provided or needed)
+
+		Has a subdomain:
+			French: fr. (supports https)
+			German: de. (supports https)
+			Polish: pl. (supports https)
+			Russian: ru. (supports https)
+
+		Couldn't find a subdomain:
+			Dutch
+			Finnish
+			Italian
+			Japanese
+			Portuguese
+			Spanish
+			Turkish
+-->
+<ruleset name="RateYourMusic.com">
+	<target host="rateyourmusic.com" />
+	<target host="www.rateyourmusic.com" />
+	<!-- German -->
+	<target host="de.rateyourmusic.com" />
+	<!-- French -->
+	<target host="fr.rateyourmusic.com" />
+	<!-- Polish -->
+	<target host="pl.rateyourmusic.com" />
+	<!-- Russian -->
+	<target host="ru.rateyourmusic.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Rateip.com.xml b/src/chrome/content/rules/Rateip.com.xml
new file mode 100644
index 000000000000..4aee5dc8ef6d
--- /dev/null
+++ b/src/chrome/content/rules/Rateip.com.xml
@@ -0,0 +1,25 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://rateip.com/ => https://rateip.com/: (28, 'Connection timed out after 20003 milliseconds')
+Fetch error: http://www.rateip.com/ => https://www.rateip.com/: (28, 'Connection timed out after 20000 milliseconds')
+
+	Mixed content:
+
+		- css from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Rateip.com" default_off="failed ruleset test">
+
+	<target host="rateip.com" />
+	<target host="www.rateip.com" />
+
+
+	<securecookie host="^\.rateip\.com$" name="^__cfduid$" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/RatfishOil.com-falsemixed.xml b/src/chrome/content/rules/RatfishOil.com-falsemixed.xml
new file mode 100644
index 000000000000..49c5b4279ef7
--- /dev/null
+++ b/src/chrome/content/rules/RatfishOil.com-falsemixed.xml
@@ -0,0 +1,17 @@
+<!--
+	For rules not causing false/broken MCB, see RatfishOil.com.xml.
+
+-->
+<ruleset name="RatfishOil.com (false MCB)" platform="mixedcontent">
+
+	<target host="www.ratfishoil.com" />
+
+
+	<!--	Server doesn't set Secure for:
+						-->
+	<securecookie host="^(?:www)?\.ratfishoil\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/RatfishOil.com.xml b/src/chrome/content/rules/RatfishOil.com.xml
new file mode 100644
index 000000000000..1f6073d049d1
--- /dev/null
+++ b/src/chrome/content/rules/RatfishOil.com.xml
@@ -0,0 +1,31 @@
+<!--
+	For rules causing false/broken MCB, see RatfishOil.com-falsemixed.xml.
+
+
+	Mixed content:
+
+		- css from $self *
+
+		- Images from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="RatfishOil.com (partial)">
+
+	<!--	https://r... redirects to http://w...,
+		so we can avoid a duplicate target
+		warning by blanket rewriting !www here.
+							-->
+	<target host="ratfishoil.com" />
+	<target host="www.ratfishoil.com" />
+		<!--
+			Avoid false/broken MCB:
+						-->
+		<!--exclusion pattern="^http://www\.ratfishoil\.com/+(?!favicon\.ico|images/|templates/)" /-->
+
+
+	<rule from="^http://(www\.)?ratfishoil\.com/(?=favicon\.ico|images/|templates/)"
+		to="https://$1ratfishoil.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Rating-Widget.com.xml b/src/chrome/content/rules/Rating-Widget.com.xml
new file mode 100644
index 000000000000..09ffb2bfde2a
--- /dev/null
+++ b/src/chrome/content/rules/Rating-Widget.com.xml
@@ -0,0 +1,57 @@
+<!--
+	Problematic subdomains:
+
+		- ^ *
+		- img *
+		- js *
+		- www	(mismatched, CN: secure.rating-widget.com)
+
+	* Dropped
+
+
+	Mixed content:
+
+		- css from fonts.googleapis.com ˢ
+
+		- Images, from:
+
+			- ^ ˢ
+			- img ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Rating-Widget.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="css.rating-widget.com" />
+	<target host="secure.rating-widget.com" />
+
+		<test url="http://css.rating-widget.com/wordpress/toprated.css" />
+
+	<!--	Complications:
+				-->
+	<target host="rating-widget.com" />
+	<target host="img.rating-widget.com" />
+	<target host="js.rating-widget.com" />
+	<target host="www.rating-widget.com" />
+
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://rating-widget\.com/"
+		to="https://secure.rating-widget.com/" />
+
+	<rule from="^http://(img|js)\.rating-widget\.com/"
+		to="https://secure.rating-widget.com/$1/" />
+
+	<rule from="^http://www\.rating-widget\.com/"
+		to="https://secure.rating-widget.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/RationalWiki.org.xml b/src/chrome/content/rules/RationalWiki.org.xml
new file mode 100644
index 000000000000..515f442ebab8
--- /dev/null
+++ b/src/chrome/content/rules/RationalWiki.org.xml
@@ -0,0 +1,10 @@
+<ruleset name="RationalWiki.org">
+	<target host="rationalwiki.org" />
+	<target host="www.rationalwiki.org" />
+	<target host="ru.rationalwiki.org" />
+	<target host="www.ru.rationalwiki.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/RaumZeitLabor.de.xml b/src/chrome/content/rules/RaumZeitLabor.de.xml
index f1c7eb6e46dd..13b0c851cf2a 100644
--- a/src/chrome/content/rules/RaumZeitLabor.de.xml
+++ b/src/chrome/content/rules/RaumZeitLabor.de.xml
@@ -15,13 +15,14 @@
 <ruleset name="RaumZeitLabor.de (partial)">
 
 	<target host="raumzeitlabor.de" />
-	<target host="*.raumzeitlabor.de" />
+	<target host="lists.raumzeitlabor.de" />
+	<target host="wiki.raumzeitlabor.de" />
+	<target host="www.raumzeitlabor.de" />
 
 
 	<securecookie host="^wiki\.raumzeitlabor\.de$" name=".+" />
 
 
-	<rule from="^http://((?:lists|wiki|www)\.)?raumzeitlabor\.de/"
-		to="https://$1raumzeitlabor.de/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Rave7.com.xml b/src/chrome/content/rules/Rave7.com.xml
new file mode 100644
index 000000000000..ece94bb7104b
--- /dev/null
+++ b/src/chrome/content/rules/Rave7.com.xml
@@ -0,0 +1,11 @@
+<!--
+	Invalid certificate:
+		*.rave7.com: Wildcard DNS records, but no wildcard SSL certificate
+-->
+
+<ruleset name="Rave7.com">
+	<target host="rave7.com" />
+	<target host="www.rave7.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/RavenDB.net.xml b/src/chrome/content/rules/RavenDB.net.xml
new file mode 100644
index 000000000000..5ed1ce6c07e8
--- /dev/null
+++ b/src/chrome/content/rules/RavenDB.net.xml
@@ -0,0 +1,18 @@
+<!--
+
+	Mixed content:
+
+		- css from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="RavenDB.net">
+
+	<target host="ravendb.net" />
+	<target host="www.ravendb.net" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Raven_Software.xml b/src/chrome/content/rules/Raven_Software.xml
index 27c32754b06a..9876cfd92ff5 100644
--- a/src/chrome/content/rules/Raven_Software.xml
+++ b/src/chrome/content/rules/Raven_Software.xml
@@ -9,13 +9,14 @@
 <ruleset name="Raven Software" default_off="expired">
 
 	<target host="ravensoft.com" />
-	<target host="*.ravensoft.com" />
+	<target host="www.ravensoft.com" />
+	<target host="www2.ravensoft.com" />
 
 
 	<securecookie host="^www2\.ravensoft\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www2?\.)?ravensoft.com/"
+	<rule from="^http://(?:www2?\.)?ravensoft\.com/"
 		to="https://www2.ravensoft.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Ravenjs.com.xml b/src/chrome/content/rules/Ravenjs.com.xml
new file mode 100644
index 000000000000..6a3710f1c26b
--- /dev/null
+++ b/src/chrome/content/rules/Ravenjs.com.xml
@@ -0,0 +1,23 @@
+<!--
+	Invalid Certificate:
+		www.ravenjs.com
+-->
+<ruleset name="Ravenjs.com">
+
+	<target host="ravenjs.com" />
+	<target host="www.ravenjs.com" />
+	<target host="cdn.ravenjs.com" />
+		<test url="http://cdn.ravenjs.com/1.1.15/jquery,native/raven.min.js" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://www\.ravenjs\.com/" to="https://ravenjs.com/" />
+	<rule from="^http:"
+		to="https:" />
+
+	<!-- See https://github.com/EFForg/https-everywhere/pull/15463 -->
+	<exclusion pattern="^http://cdn\.ravenjs\.com/$" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ravnopravnost.lgbt.xml b/src/chrome/content/rules/Ravnopravnost.lgbt.xml
new file mode 100644
index 000000000000..127ad489765c
--- /dev/null
+++ b/src/chrome/content/rules/Ravnopravnost.lgbt.xml
@@ -0,0 +1,8 @@
+<ruleset name="Ravnopravnost.lgbt">
+	<target host="ravnopravnost.lgbt" />
+	<target host="www.ravnopravnost.lgbt" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/RawGit.xml b/src/chrome/content/rules/RawGit.xml
new file mode 100644
index 000000000000..2374305e30a5
--- /dev/null
+++ b/src/chrome/content/rules/RawGit.xml
@@ -0,0 +1,9 @@
+<ruleset name="RawGit.com">
+	<target host="rawgit.com" />
+	<target host="www.rawgit.com" />
+	<target host="cdn.rawgit.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"	to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/RawGit2.com.xml b/src/chrome/content/rules/RawGit2.com.xml
new file mode 100644
index 000000000000..3d9400de2cfb
--- /dev/null
+++ b/src/chrome/content/rules/RawGit2.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="RawGit2.com">
+	<target host="rawgit2.com" />
+	<target host="www.rawgit2.com" />
+	<target host="cdn.rawgit2.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Rawgithub.com.xml b/src/chrome/content/rules/Rawgithub.com.xml
new file mode 100644
index 000000000000..4cae823b8800
--- /dev/null
+++ b/src/chrome/content/rules/Rawgithub.com.xml
@@ -0,0 +1,13 @@
+<!--
+	www: cert only matches ^rawgithub.com
+
+-->
+<ruleset name="rawgithub.com">
+
+	<target host="rawgithub.com" />
+	<target host="www.rawgithub.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Rawnet.com.xml b/src/chrome/content/rules/Rawnet.com.xml
new file mode 100644
index 000000000000..c02998e750af
--- /dev/null
+++ b/src/chrome/content/rules/Rawnet.com.xml
@@ -0,0 +1,20 @@
+<!--
+	CDN buckets:
+
+		- d284e2efuy79d1.cloudfront.net
+
+			- cdn
+
+
+	(www.): refused
+
+-->
+<ruleset name="Rawnet.com (partial)">
+
+	<target host="cdn.rawnet.com" />
+
+
+	<rule from="^http://cdn\.rawnet\.com/"
+		to="https://d284e2efuy79d1.cloudfront.net/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Rawstudio.org.xml b/src/chrome/content/rules/Rawstudio.org.xml
index 3b23e6727323..65d32bcd3821 100644
--- a/src/chrome/content/rules/Rawstudio.org.xml
+++ b/src/chrome/content/rules/Rawstudio.org.xml
@@ -1,28 +1,24 @@
 <!--
-	Nonfunctional subdomains:
 
-		- bugzilla	(shows www; mismatched, CN: www.rawstudio.org)
+	Mismatched hosts in *rawstudio.org:
 
-
-	Mixed content:
-
-		- Images on ^ from ^ *
-
-	* Secured by us, doesn't trip MCB anyway
+		- www
+		- bugzilla (different content, redirects to gansoi.com over https)
 
 -->
 <ruleset name="Rawstudio.org (partial)">
 
 	<target host="rawstudio.org" />
-	<target host="*.rawstudio.org" />
+	<target host="www.rawstudio.org" />
 
 
-	<!--	name="^__utm\w$"
-					-->
 	<securecookie host="^\.rawstudio\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?rawstudio\.org/"
-		to="https://$1rawstudio.org/" />
+	<rule from="^http://www\.rawstudio\.org/"
+		to="https://rawstudio.org/" />
+
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Raymii.org.xml b/src/chrome/content/rules/Raymii.org.xml
deleted file mode 100644
index a42c54166a70..000000000000
--- a/src/chrome/content/rules/Raymii.org.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="Raymii.org">
-
-	<target host="raymii.org" />
-	<target host="www.raymii.org" />
-
-
-	<rule from="^http://(www\.)?raymii\.org/"
-		to="https://$1raymii.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Raymond.CC.xml b/src/chrome/content/rules/Raymond.CC.xml
index c319e44a9a0d..c01d85716d63 100644
--- a/src/chrome/content/rules/Raymond.CC.xml
+++ b/src/chrome/content/rules/Raymond.CC.xml
@@ -1,12 +1,12 @@
 <ruleset name="Raymond.CC" default_off="broken">
 
-	<target host="raymond.cc"/>
-	<target host="*.raymond.cc"/>
+	<target host="raymond.cc" />
+	<target host="cdn.raymond.cc" />
+	<target host="www.raymond.cc" />
 
-	<securecookie host="^(.*\.)?raymond\.cc$" name=".*"/>
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(cdn\.|www\.)?raymond\.cc/"
-		to="https://$1raymond.cc/"/>
+	<rule from="^http:" to="https:" />
 
 
 </ruleset>
diff --git a/src/chrome/content/rules/Rayner-Software.xml b/src/chrome/content/rules/Rayner-Software.xml
index a802bf8569d5..a24859f5ce39 100644
--- a/src/chrome/content/rules/Rayner-Software.xml
+++ b/src/chrome/content/rules/Rayner-Software.xml
@@ -5,11 +5,10 @@
 	<target host="secure.raynersw.com" />
 	<target host="www.raynersw.com" />
 
-	<securecookie host="(^|\.)secure\.raynersw\.com$"
-		name=".+" />
+	<securecookie host="(?:^|\.)secure\.raynersw\.com$" name=".+" />
 
-	<rule from="^https?://(www\.)?rayner(sw|software)\.com/"
+	<rule from="^http://(?:www\.)?rayner(?:sw|software)\.com/"
 		to="https://secure.raynersw.com/" />
 	<rule from="^http://secure\.raynersw\.com/"
 		to="https://secure.raynersw.com/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/RayyanInstitute.com.xml b/src/chrome/content/rules/RayyanInstitute.com.xml
new file mode 100644
index 000000000000..d9f44e39543a
--- /dev/null
+++ b/src/chrome/content/rules/RayyanInstitute.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="RayyanInstitute.com">
+	<target host="rayyaninstitute.com" />
+	<target host="www.rayyaninstitute.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Razer.xml b/src/chrome/content/rules/Razer.xml
index 954a285db242..be0c424f2130 100644
--- a/src/chrome/content/rules/Razer.xml
+++ b/src/chrome/content/rules/Razer.xml
@@ -1,34 +1,19 @@
 <!--
-	CDN buckets:
-
-		- s3.amazonaws.com/ecstatic.razerzone.com/
-
-		- d1gira0ohtrkhq.cloudfront.net
-			- assets.razerzone.com
-
-
-	Problematic subdomains:
-
-		- ^
-
+	Non-functional subdomains:
+		- careers			(connection refused)
+		- cn				(timeout)
+		- developer			(connection refused)
+		- insights			(connection refused)
+		- kr-store			(hostname mismatch, CN: www.godo.co.kr, *.godo.co.kr, *.godohosting.com)
+		- www				(redirect to http)
+		- razersupport.com		(hostname mismatch, CN: *.razerzone.com, razerzone.com)
 -->
-<ruleset name="Razer">
-
-	<target host="razerzone.com" />
-	<target host="*.razerzone.com" />
-
-
-	<securecookie host="^.*\.razerzone\.com$" name=".+" />
-
-
-	<rule from="^https?://(?:www\.)?razerzone\.com/"
-		to="https://www.razerzone.com/" />
-
-	<rule from="^http://ec\.razerzone\.com/"
-		to="https://ec.razerzone.com/" />
-
-	<rule from="^https?://assets.razerzone.com/"
-		to="https://d1gira0ohtrkhq.cloudfront.net/" />
-
-
-</ruleset>
\ No newline at end of file
+<ruleset name="Razer (partial)">
+	<target host="arena.razerzone.com" />
+	<target host="assets.razerzone.com" />
+	<target host="ec.razerzone.com" />
+	<target host="insider.razerzone.com" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Razoo-mismatches.xml b/src/chrome/content/rules/Razoo-mismatches.xml
index 8c3b1672c871..c1a9d2fa574f 100644
--- a/src/chrome/content/rules/Razoo-mismatches.xml
+++ b/src/chrome/content/rules/Razoo-mismatches.xml
@@ -2,7 +2,7 @@
 	For rules that are on by default, see Razoo.xml.
 
 -->
-<ruleset name="Razoo (mismatches)" default_off="mismatch">
+<ruleset name="Razoo (mismatches)" default_off="mismatched">
 
 	<target host="media.razoo.com" />
 
@@ -11,7 +11,6 @@
 		- media-secure doesn't exist
 		- Data not on assets nor www
 			-->
-	<rule from="^http://media\.razoo\.com/"
-		to="https://media.razoo.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Razoo.xml b/src/chrome/content/rules/Razoo.xml
index cb59320bba9c..e92016bd94b8 100644
--- a/src/chrome/content/rules/Razoo.xml
+++ b/src/chrome/content/rules/Razoo.xml
@@ -14,7 +14,7 @@
 
 
 	<!--	Cert only matches *.razoo.com	-->
-	<rule from="^https?://razoo\.com/"
+	<rule from="^http://razoo\.com/"
 		to="https://www.razoo.com/" />
 
 	<!--	- Some paths redirect to http
@@ -27,7 +27,7 @@
 	<!--	- assets[0-3]? cert: gp1.wac.edgecastcdn.net
 		- This is what the server does on secure pages
 			-->
-	<rule from="^https?://assets(?:\d|-secure)?\.razoo\.com/"
+	<rule from="^http://assets(?:\d|-secure)?\.razoo\.com/"
 		to="https://assets-secure.razoo.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Razor_Servers.xml b/src/chrome/content/rules/Razor_Servers.xml
index 8e795686a322..890b9d798af1 100644
--- a/src/chrome/content/rules/Razor_Servers.xml
+++ b/src/chrome/content/rules/Razor_Servers.xml
@@ -4,15 +4,15 @@
 		- (www.)	(times out)
 
 -->
-<ruleset name="Razor Servers (partial)">
+<ruleset name="Razor Servers (partial)" default_off="timeout">
 
-	<target host="*.razorservers.com" />
+	<target host="manage.razorservers.com" />
+	<target host="secure.razorservers.com" />
 
 
-	<securecookie host=".+\.razorservers\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(manag|secur)e\.razorservers\.com/"
-		to="https://$1e.razorservers.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Razzies.com.xml b/src/chrome/content/rules/Razzies.com.xml
new file mode 100644
index 000000000000..f9e5224edc46
--- /dev/null
+++ b/src/chrome/content/rules/Razzies.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="razzies.com">
+	<target host="razzies.com" />
+	<target host="www.razzies.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Rbb-online.de.xml b/src/chrome/content/rules/Rbb-online.de.xml
new file mode 100644
index 000000000000..262450c31c19
--- /dev/null
+++ b/src/chrome/content/rules/Rbb-online.de.xml
@@ -0,0 +1,27 @@
+<!--
+	Other Rundfunk Berlin-Brandenburg rulesets:
+
+		- Radioeins.de.xml
+
+
+	Nonfunctional hosts in *rbb-online.de:
+
+		- mediathek ¹
+		- presseservice ²
+
+	¹ 504, Akamai
+	² Refused
+
+-->
+<ruleset name="RBB-online.de (partial)">
+
+<target host="rbb-online.de"/>
+<target host="www.rbb-online.de"/>
+
+
+<!-- Cert served by www.antennebrandenburg.de , www.radioberlin.de , www.inforadio.de , www.kulturradio.de , www.fritz.de is only valid for rbb-online.de -->
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Rbl.Ms.xml b/src/chrome/content/rules/Rbl.Ms.xml
new file mode 100644
index 000000000000..e097a5dd5641
--- /dev/null
+++ b/src/chrome/content/rules/Rbl.Ms.xml
@@ -0,0 +1,30 @@
+<!--
+	(www.)?rbl.ms is handled in Bit.ly_vanity_domains.xml.
+
+	For other RebelMouse coverage, see RebelMouse.com.xml.
+
+
+	CDN buckets:
+
+		- s3.amazonaws.com/assets.rbl.ms/
+
+
+	(www.)?rbl.ms: Reset
+
+-->
+<ruleset name="Rbl.Ms (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="assets.rbl.ms" />
+	<target host="assets-auto.rbl.ms" />
+	<target host="assets-animated.rbl.ms" />
+	<target host="media.rbl.ms" />
+	<target host="static.rbl.ms" />
+	<target host="togo.rbl.ms" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Rbt.asia.xml b/src/chrome/content/rules/Rbt.asia.xml
new file mode 100644
index 000000000000..36742f7643b1
--- /dev/null
+++ b/src/chrome/content/rules/Rbt.asia.xml
@@ -0,0 +1,12 @@
+<ruleset name="rbt.asia">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="rbt.asia" />
+	<target host="www.rbt.asia" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Rbu.sh.xml b/src/chrome/content/rules/Rbu.sh.xml
index 930d1dc4827f..259da630e405 100644
--- a/src/chrome/content/rules/Rbu.sh.xml
+++ b/src/chrome/content/rules/Rbu.sh.xml
@@ -1,22 +1,15 @@
-<ruleset name="rbu.sh" platform="cacert">
-
-	<target host="goodpoint.de" />
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+			 - jabber.rbu.sh
+			 - conference.jabber.rbu.sh
+			 - sync.rbu.sh
+-->
+<ruleset name="Rbu.sh (partial)">
 	<target host="rbu.sh" />
 	<target host="www.rbu.sh" />
 
+	<securecookie host="^(www\.)?rbu\.sh$" name=".+" />
 
-	<securecookie host="^goodpoint\.de$" name=".*" />
-	<securecookie host="^(.*\.)?rbu\.sh$" name=".*" />
-
-
-	<!--	- www:
-			- displays blank page over http
-			- prompts for auth over https
-				-->
-	<rule from="^http://goodpoint\.de/"
-		to="https://goodpoint.de/" />
-
-	<rule from="^http://(www\.)?rbu\.sh/"
-		to="https://$1rbu.sh/" />
-
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Rdio.xml b/src/chrome/content/rules/Rdio.xml
deleted file mode 100644
index c4add757e1f6..000000000000
--- a/src/chrome/content/rules/Rdio.xml
+++ /dev/null
@@ -1,28 +0,0 @@
-<!--
-	CDN buckets:
-
-		- rdio-a.akamaihd.net
-		- rdio.assistly.com
-
-
-	Nonfunctional subdomains:
-
-		- blog
-		- help		(redirects to http; mismatched, CN: *.assistly.com)
-
--->
-<ruleset name="Rdio (partial)">
-
-	<target host="rd.io" />
-	<target host="www.rd.io" />
-	<target host="rdio.com" />
-	<target host="*.rdio.com" />
-
-
-	<securecookie host="^\.rdio\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?rd(\.io|io\.com)/"
-		to="https://$1rd$2/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Rdns.im.xml b/src/chrome/content/rules/Rdns.im.xml
index e644433f5d45..fe9a8daf0fb8 100644
--- a/src/chrome/content/rules/Rdns.im.xml
+++ b/src/chrome/content/rules/Rdns.im.xml
@@ -1,10 +1,12 @@
 <ruleset name="rdns.im">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="rdns.im" />
 	<target host="www.rdns.im" />
 
 
-	<rule from="^http://(www\.)?rdns\.im/"
-		to="https://$1rdns.im/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Re-publica.de.xml b/src/chrome/content/rules/Re-publica.de.xml
new file mode 100644
index 000000000000..e25c536a6803
--- /dev/null
+++ b/src/chrome/content/rules/Re-publica.de.xml
@@ -0,0 +1,43 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://mail.re-publica.de// (200) => https://ntmx.de/ (403)
+Non-2xx HTTP code: http://mail.re-publica.de/ (200) => https://ntmx.de/ (403)
+
+	Problematic hosts in *re-publica.de:
+
+		- mail *
+
+	* Mismatched
+
+
+	Fully covered hosts in *re-publica.de:
+
+		- (www.)?
+		- mail		(→ ntmx.de)
+
+-->
+<ruleset name="re-publica.de (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="re-publica.de" />
+	<target host="www.re-publica.de" />
+
+	<!--	Complications:
+					-->
+	<target host="mail.re-publica.de" />
+
+
+	<!--	Redirect preserves path and
+		args, but not forward slash:
+						-->
+	<rule from="^http://mail\.re-publica\.de/+"
+		to="https://ntmx.de/" />
+
+		<test url="http://mail.re-publica.de//" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ReSIProcate.org.xml b/src/chrome/content/rules/ReSIProcate.org.xml
new file mode 100644
index 000000000000..454f7a29922d
--- /dev/null
+++ b/src/chrome/content/rules/ReSIProcate.org.xml
@@ -0,0 +1,6 @@
+<ruleset name="ReSIProcate.org">
+  <target host="resiprocate.org" />
+  <target host="www.resiprocate.org" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ReSRC.it.xml b/src/chrome/content/rules/ReSRC.it.xml
new file mode 100644
index 000000000000..cfe22c7fcf15
--- /dev/null
+++ b/src/chrome/content/rules/ReSRC.it.xml
@@ -0,0 +1,36 @@
+<ruleset name="ReSRC">
+	<target host="resrc.it"/>
+	<target host="www.resrc.it"/>
+	<target host="app.resrc.it"/>
+	<target host="lbstatic.resrc.it"/>
+	<target host="my.resrc.it"/>
+	<target host="trial.resrc.it"/>
+	<target host="use.resrc.it"/>
+	<target host="app-de.resrc.it"/>
+	<target host="app-de1.resrc.it"/>
+	<target host="app-de2.resrc.it"/>
+	<target host="app-de3.resrc.it"/>
+	<target host="app-de4.resrc.it"/>
+	<target host="app-de5.resrc.it"/>
+	<target host="app-de6.resrc.it"/>
+	<target host="app-de7.resrc.it"/>
+	<target host="app-de8.resrc.it"/>
+	<target host="app-de-lb1.resrc.it"/>
+	<target host="app-de-lb2.resrc.it"/>
+	<target host="app-us.resrc.it"/>
+	<target host="app-us1.resrc.it"/>
+	<target host="app-us2.resrc.it"/>
+	<target host="app-us3.resrc.it"/>
+	<target host="app-us4.resrc.it"/>
+	<target host="app-us5.resrc.it"/>
+	<target host="app-us6.resrc.it"/>
+	<target host="app-us7.resrc.it"/>
+	<target host="app-us-lb1.resrc.it"/>
+	<target host="app-us-lb2.resrc.it"/>
+	<target host="app-uk.resrc.it"/>
+	<target host="app-uk1.resrc.it"/>
+	<target host="app-uk2.resrc.it"/>
+
+	<rule from="^http:"
+		to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/ReTargeter-mismatches.xml b/src/chrome/content/rules/ReTargeter-mismatches.xml
index 87bd035fb5ea..fad3039a1cf9 100644
--- a/src/chrome/content/rules/ReTargeter-mismatches.xml
+++ b/src/chrome/content/rules/ReTargeter-mismatches.xml
@@ -2,13 +2,12 @@
 	For rules that are on by default, see ReTargeter.xml.
 
 -->
-<ruleset name="ReTargeter (mismatches)" default_off="mismatch">
+<ruleset name="ReTargeter (mismatches)" default_off="mismatched">
 
 	<!--	Cert: *.unbounce.com	-->
 	<target host="ub.retargeter.com" />
 
 
-	<rule from="^http://ub\.retargeter\.com/"	
-		to="https://ub.retargeter.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/ReTargeter.xml b/src/chrome/content/rules/ReTargeter.xml
index b8a51edb260e..47a434b03d8f 100644
--- a/src/chrome/content/rules/ReTargeter.xml
+++ b/src/chrome/content/rules/ReTargeter.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://v2.retargeter.com/ => https://v2.retargeter.com/: (28, 'Connection timed out after 20000 milliseconds')
+
 	For problematic rules, see ReTargeter-mismatches.xml.
 
 
@@ -15,18 +19,24 @@
 		- cdn		(cert: *.netdna-ssl.com; 404)
 
 -->
-<ruleset name="ReTargeter (partial)">
+<ruleset name="ReTargeter.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="v2.retargeter.com" />
 
-	<target host="*.retargeter.com" />
+	<!--	Complications:
+				-->
+	<target host="ad.retargeter.com" />
 
 
-	<securecookie host="^.*\.retargeter\.com$" name=".*" />
+	<securecookie host=".+" name=".+"/>
 
 
 	<rule from="^http://ad\.retargeter\.com/"
 		to="https://ib.adnxs.com/" />
 
-	<rule from="^http://v2\.retargeter\.com/"
-		to="https://v2.retargeter.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/ReactJS_News.com.xml b/src/chrome/content/rules/ReactJS_News.com.xml
new file mode 100644
index 000000000000..7ff4c357c622
--- /dev/null
+++ b/src/chrome/content/rules/ReactJS_News.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="ReactJS News.com">
+
+	<target host="reactjsnews.com" />
+	<target host="www.reactjsnews.com" />
+
+
+	<securecookie host="^\.reactjsnews\.com$" name="^__cfduid$" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ReactOS.org.xml b/src/chrome/content/rules/ReactOS.org.xml
new file mode 100644
index 000000000000..f1c0bbf54202
--- /dev/null
+++ b/src/chrome/content/rules/ReactOS.org.xml
@@ -0,0 +1,62 @@
+<!--
+	Nonfunctional subdomains:
+
+		- community *
+		- doxygen *
+
+	* Refused
+
+
+	Problematic subdomains:
+
+		- old *
+
+	* Mixed css
+
+
+	Fully covered subdomains:
+
+		- (www.)
+		- jira
+		- svn
+
+
+	Insecure cookies are set for these domains:
+
+		- .reactos.org
+		- jira.reactos.org
+
+
+	Mixed content:
+
+		- css on old from $self *
+
+		- Images on (www.) from upload.wikimedia.org *
+
+	* Secured by us
+
+-->
+<ruleset name="ReactOS.org (partial)">
+
+	<target host="reactos.org" />
+	<target host="jira.reactos.org" />
+	<target host="old.reactos.org" />
+	<target host="svn.reactos.org" />
+	<target host="www.reactos.org" />
+		<!--
+			Avoid broken MCB:
+						-->
+		<exclusion pattern="^http://old\.reactos\.org/+(?!(?:\w+/)?(?:cs|image)s/|\w\w/dox\.css|favicon\.ico|mailman(?:$|[?/])|media/|style\.css)" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.reactos\.org$" name="^(LoggedOut|phpbb3_\w+_k|phpbb3_\w+_sid|phpbb3_\w+_u|roscms_usrset_lang|roscmslang)$" /-->
+	<!--securecookie host="^jira\.reactos\.org$" name="^(JSESSIONID|atlassian\.xsrf\.token)$" /-->
+
+	<securecookie host="^(?:jira)?\.reactos\.org$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Reactiongifs.com.xml b/src/chrome/content/rules/Reactiongifs.com.xml
new file mode 100644
index 000000000000..3664c81e1a9e
--- /dev/null
+++ b/src/chrome/content/rules/Reactiongifs.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Reactiongifs.com">
+	<target host="reactiongifs.com" />
+	<target host="www.reactiongifs.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Read-Comics-in-Public.xml b/src/chrome/content/rules/Read-Comics-in-Public.xml
deleted file mode 100644
index d5d33a2b2f94..000000000000
--- a/src/chrome/content/rules/Read-Comics-in-Public.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="Read Comics in Public" default_off="mismatch">
-
-	<target host="readcomicsinpublic.com"/>
-	<target host="www.readcomicsinpublic.com"/>
-
-	<rule from="^http://(?:www\.)?readcomicsinpublic\.com/"
-		to="https://readcomicsinpublic.com/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/ReadCube.com.xml b/src/chrome/content/rules/ReadCube.com.xml
new file mode 100644
index 000000000000..83a5095ee0ed
--- /dev/null
+++ b/src/chrome/content/rules/ReadCube.com.xml
@@ -0,0 +1,70 @@
+<!--
+	Insecure cookies are set for these domains:
+		- .readcube.com
+		- support.readcube.com
+
+	Secure connection failed:
+		ambassadors.readcube.com
+
+	No working URL known:
+		collections.readcube.com
+		content-assets.readcube.com
+		dashing.readcube.com
+		download.readcube.com
+		labs.readcube.com
+		legacy-content.readcube.com
+		push.readcube.com
+		reader.readcube.com
+		services.readcube.com
+		shared.readcube.com
+		sync.readcube.com
+		update.readcube.com
+
+		cache.readcube-cdn.com
+		deployment.readcube-cdn.com
+		images.readcube-cdn.com
+		objects.readcube-cdn.com
+		objects-restricted.readcube-cdn.com
+
+	Invalid certificate:
+		blog.readcube.com
+		logs.readcube.com
+		sync.objects.readcube.com
+		pages.readcube.com
+
+	Time out:
+		proxy.readcube.com
+
+-->
+<ruleset name="ReadCube.com">
+
+	<target host="readcube.com" />
+	<target host="www.readcube.com" />
+	<target host="analytics.readcube.com" />
+	<target host="api.readcube.com" />
+	<target host="api-gateway.readcube.com" />
+	<target host="app.readcube.com" />
+	<target host="content.readcube.com" />
+		<test url="http://content.readcube.com/wiley/epdf.js" />
+	<target host="dashboard.readcube.com" />
+	<target host="go.readcube.com" />
+	<target host="injections.readcube.com" />
+		<test url="http://injections.readcube.com/wiley/epdf_linker.1ef007ab.js" />
+	<target host="media.readcube.com" />
+	<target host="objects.readcube.com" />
+	<target host="support.readcube.com" />
+
+	<target host="green.readcube-cdn.com" />
+		<test url="http://green.readcube-cdn.com/assets/logo-41fb21ac6266ece9d2020c8752fa055c73dbcac7dfa6ec19ec909bd1f171a551.png" />
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.readcube\.com$" name="^_readcube_session$" /-->
+	<!--securecookie host="^support\.readcube\.com$" name="^(_rf|_session_id)$" /-->
+
+	<securecookie host="^(?:support)?\.readcube\.com$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ReadItLater.com.xml b/src/chrome/content/rules/ReadItLater.com.xml
index f443f8917625..a99c8906d068 100644
--- a/src/chrome/content/rules/ReadItLater.com.xml
+++ b/src/chrome/content/rules/ReadItLater.com.xml
@@ -2,5 +2,5 @@
   <target host="readitlaterlist.com" />
   <target host="www.readitlaterlist.com" />
 
-  <rule from="^http://(?:www\.)?readitlaterlist\.com/" to="https://readitlaterlist.com/" />
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/ReadMe.io.xml b/src/chrome/content/rules/ReadMe.io.xml
new file mode 100644
index 000000000000..92db15493e20
--- /dev/null
+++ b/src/chrome/content/rules/ReadMe.io.xml
@@ -0,0 +1,39 @@
+<!--
+	Fully covered subdomains:
+
+		- (www.)?
+		- dash
+		- sample-default
+		- sample-solid
+		- sample-threes
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .readme.io
+		- dash.readme.io
+
+-->
+<ruleset name="ReadMe.io">
+
+	<target host="readme.io" />
+	<target host="dash.readme.io" />
+	<target host="files.readme.io" />
+	<target host="sample-default.readme.io" />
+	<target host="sample-solid.readme.io" />
+	<target host="sample-threes.readme.io" />
+	<target host="www.readme.io" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.readme\.io$" name="^(__cfduid|cf_clearance)$" /-->
+	<!--securecookie host="^(?:dash|sample-threes|...)\.readme\.io$" name="^(XSRF-TOKEN|connect\.sid)" /-->
+
+	<securecookie host=".*\.readme\.io$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ReadSpeaker.xml b/src/chrome/content/rules/ReadSpeaker.xml
index 4a1736cff3a0..4fc5eca39733 100644
--- a/src/chrome/content/rules/ReadSpeaker.xml
+++ b/src/chrome/content/rules/ReadSpeaker.xml
@@ -1,15 +1,43 @@
-<ruleset name="ReadSpeaker" platform="mixedcontent">
-	<target host="readspeaker.com" />
-	<target host="www.readspeaker.com" />
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://asp.readspeaker.net/ => https://asp.readspeaker.net/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	www.readspeaker.com: Redirects to http
+
+
+	Problematic hosts in *readspeaker.com:
+
+		- app.eu ᵐ
+		- f1.eu ᵐ
+
+	ᵐ Mismatched
+
+-->
+<ruleset name="ReadSpeaker.com (partial)" default_off="failed ruleset test">
+
+	<!--target host="readspeaker.com" /-->
 	<target host="app.readspeaker.com" />
+	<target host="docreader.readspeaker.com" />
+	<target host="ivotts.readspeaker.com" />
+	<target host="lqttswr.readspeaker.com" />
 	<target host="media.readspeaker.com" />
 	<target host="vttts.readspeaker.com" />
-	<target host="lqttswr.readspeaker.com" />
-	<target host="docreader.readspeaker.com" />
+
 	<target host="asp.readspeaker.net" />
 
-	<rule from="^http://(?:www\.)?readspeaker\.com/" to="https://www.readspeaker.com/" />
-	<rule from="^http://(app|media|vttts|lqttswr|docreader)\.readspeaker\.com/" to="https://$1.readspeaker.com/" />
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.readspeaker\.com/(?:$|faq/$|support/$|wp-content/)" /-->
+
+			<!--	+ve:
+					-->
+			<!--test url="http://www.readspeaker.com/faq/" /-->
+			<!--test url="http://www.readspeaker.com/support/" /-->
+			<!--test url="http://www.readspeaker.com/wp-content/plugins/wp-post-series/assets/css/post-series.css" /-->
+
+
+	<rule from="^http:"
+		to="https:" />
 
-	<rule from="^http://asp\.readspeaker\.net/" to="https://asp.readspeaker.net/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ReadTheDocs.xml b/src/chrome/content/rules/ReadTheDocs.xml
new file mode 100644
index 000000000000..37229f1a3948
--- /dev/null
+++ b/src/chrome/content/rules/ReadTheDocs.xml
@@ -0,0 +1,39 @@
+<!--
+	*readthedocs.(com|io|org) work correctly.
+
+	*.rtfd.org uses the '*.readthedocs.org' certificate.
+-->
+<ruleset name="Read the Docs">
+	<target host="readthedocs.org" />
+	<target host="*.readthedocs.org" />
+
+	<target host="readthedocs.com" />
+	<target host="*.readthedocs.com" />
+
+	<target host="readthedocs.io" />
+	<target host="*.readthedocs.io" />
+
+	<target host="rtfd.org" />
+	<target host="*.rtfd.org" />
+
+	<test url="http://blog.readthedocs.com/" />
+	<test url="http://media.readthedocs.com/" />
+	<test url="http://www.readthedocs.com/" />
+
+	<test url="http://docs.readthedocs.io/" />
+	<test url="http://read-the-docs.readthedocs.io/" />
+	<test url="http://testing.readthedocs.io/" />
+	<test url="http://www.readthedocs.io/" />
+
+	<test url="http://media.readthedocs.org/" />
+	<test url="http://testing.readthedocs.org/" />
+	<test url="http://www.readthedocs.org/" />
+
+	<test url="http://testing.rtfd.org/" />
+	<test url="http://www.rtfd.org/" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://([\w-]+\.)?rtfd\.org/" to="https://$1readthedocs.io/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ReadThenBurn.xml b/src/chrome/content/rules/ReadThenBurn.xml
index 2f57fdd4aa0b..037c3b6d680f 100644
--- a/src/chrome/content/rules/ReadThenBurn.xml
+++ b/src/chrome/content/rules/ReadThenBurn.xml
@@ -1,13 +1,12 @@
-<ruleset name="ReadThenBurn.com">
+<ruleset name="ReadThenBurn.com" default_off="broken">
 
 	<target host="readthenburn.com" />
-	<target host="*.readthenburn.com" />
+	<target host="www.readthenburn.com" />
 
 
 	<securecookie host="^\.readthenburn\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)readthenburn\.com/"
-		to="https://$1readthenburn.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ReadWrite.xml b/src/chrome/content/rules/ReadWrite.xml
deleted file mode 100644
index 624d512729eb..000000000000
--- a/src/chrome/content/rules/ReadWrite.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	Note: server is configured for rc4 only.
-
-
-	Mixed content:
-
-		- Images on ^ from ^ *
-
-		- Web bug on b.comcardresearch. om *
-
-	* Secured by us
-
--->
-<ruleset name="ReadWrite">
-
-	<target host="readwrite.com" />
-	<target host="www.readwrite.com" />
-
-
-	<rule from="^http://(www\.)?readwrite\.com/"
-		to="https://$1readwrite.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/ReadWriteWeb.xml b/src/chrome/content/rules/ReadWriteWeb.xml
index 921bf5033a39..4f8fcf8c093a 100644
--- a/src/chrome/content/rules/ReadWriteWeb.xml
+++ b/src/chrome/content/rules/ReadWriteWeb.xml
@@ -1,6 +1,16 @@
-<ruleset name="ReadWriteWeb">
-  <target host="readwriteweb.com" />
-  <target host="www.readwriteweb.com" />
-
-  <rule from="^http://(?:www\.)?readwriteweb\.com/" to="https://www.readwriteweb.com/"/>
+<!--
+     Problematic subdomains:
+      - api ** (site breaks without it)
+      - www (no secure protocols supported)
+    Mixed content:
+      - Images on ^ from ^ *
+      - Web bug on b.comcardresearch. om *
+      * Secured by us
+      ** cert mismatch
+-->
+<ruleset name="ReadWrite" default_off="breaks site">
+  <target host="readwrite.com" />
+  <target host="www.readwrite.com" />
+  <rule from="^http://(?:www\.)?readwrite\.com/"
+        to="https://readwrite.com/" />
 </ruleset>
diff --git a/src/chrome/content/rules/Read_Plain_Text.com.xml b/src/chrome/content/rules/Read_Plain_Text.com.xml
new file mode 100644
index 000000000000..7d6ede349239
--- /dev/null
+++ b/src/chrome/content/rules/Read_Plain_Text.com.xml
@@ -0,0 +1,10 @@
+<!--
+	 Mismatch
+		- www
+-->
+<ruleset name="Read Plain Text.com">
+	<target host="readplaintext.com" />
+	<target host="www.readplaintext.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Read_the_Docs.org.xml b/src/chrome/content/rules/Read_the_Docs.org.xml
deleted file mode 100644
index fbc0c8741ab6..000000000000
--- a/src/chrome/content/rules/Read_the_Docs.org.xml
+++ /dev/null
@@ -1,30 +0,0 @@
-<!--
-	Fully covered subdomains:
-
-		- (www.)
-		- media
-		- *	(per-project subdomains)
-
-
-	Mixed content:
-
-		- css on * from fonts.googleapis.com ¹
-
-		- Images on * from s3.amazonaws.com ¹
-
-	¹ Secured by us
-
--->
-<ruleset name="Read the Docs.org">
-
-	<target host="readthedocs.org" />
-	<target host="*.readthedocs.org" />
-
-
-	<securecookie host="^readthedocs\.org$" name=".+" />
-
-
-	<rule from="^http://([\w-]+\.)?readthedocs\.org/"
-		to="https://$1readthedocs.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Readability.com.xml b/src/chrome/content/rules/Readability.com.xml
deleted file mode 100644
index 706709b17872..000000000000
--- a/src/chrome/content/rules/Readability.com.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	CDN buckets:
-
-		- du3itj18e4z0b.cloudfront.net
-
-
-	Some pages redirect to http
-
--->
-<ruleset name="Readability.com (partial)">
-
-	<target host="readability.com" />
-	<target host="www.readability.com" />
-
-
-	<rule from="^http://(www\.)?readability\.com/((?:account|login|register)(?:$|\?|/)|bookmarklet/\w|embed\.(?:html|js))"
-		to="https://$1readability.com/$2" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Readers_Digest.com.xml b/src/chrome/content/rules/Readers_Digest.com.xml
index 43382618a099..b0a84ac23e50 100644
--- a/src/chrome/content/rules/Readers_Digest.com.xml
+++ b/src/chrome/content/rules/Readers_Digest.com.xml
@@ -10,7 +10,7 @@
 	Nonfunctional domains:
 
 		- rd.com
-		- media.rd.com	(404; mismatched, CN: 
+		- media.rd.com	(404; mismatched, CN:
 		- www.rd.com	(redirects to http, valid cert)
 
 
@@ -24,20 +24,12 @@
 -->
 <ruleset name="Readers Digest.com (partial)">
 
-	<target host="*.rd.com" />
-	<target host="*.readersdigest.com" />
+	<target host="order.readersdigest.com" />
+	<target host="us.readersdigest.com" />
 
+	<securecookie host="^legacy\.rd\.com$" name=".+" />	<securecookie host="^(?:order|\.?us)\.readersdigest\.com$" name=".+" />
 
-	<securecookie host="^\.rd\.com$" name="^s_\w+$" />
-	<securecookie host="^legacy\.rd\.com$" name=".+" />
-	<securecookie host="^\.readersdigest\.com$" name="^(?:CLEQ_\w|mbox|s_\w+)$" />
-	<securecookie host="^(?:order|\.?us)\.readersdigest\.com$" name=".+" />
 
+	<rule from="^http:" to="https:" />
 
-	<rule from="^http://(legacy|somtrkpix)\.rd\.com/"
-		to="https://$1.rd.com/" />
-
-	<rule from="^http://(order|us)\.readersdigest\.com/"
-		to="https://$1.readersdigest.com/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ReadrBoard.com.xml b/src/chrome/content/rules/ReadrBoard.com.xml
new file mode 100644
index 000000000000..c9ef5e65e34a
--- /dev/null
+++ b/src/chrome/content/rules/ReadrBoard.com.xml
@@ -0,0 +1,19 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://readrboard.com/ => https://readrboard.com/: (51, "SSL: no alternative certificate subject name matches target host name 'readrboard.com'")
+Fetch error: http://www.readrboard.com/ => https://www.readrboard.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.readrboard.com'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://readrboard.com/ => https://readrboard.com/: (51, "SSL: no alternative certificate subject name matches target host name 'readrboard.com'")
+Fetch error: http://www.readrboard.com/ => https://www.readrboard.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.readrboard.com'")
+-->
+<ruleset name="ReadrBoard.com" default_off="failed ruleset test">
+
+	<target host="readrboard.com" />
+	<target host="www.readrboard.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ReadyHosting.com.xml b/src/chrome/content/rules/ReadyHosting.com.xml
new file mode 100644
index 000000000000..b3ddce4aad54
--- /dev/null
+++ b/src/chrome/content/rules/ReadyHosting.com.xml
@@ -0,0 +1,23 @@
+<ruleset name="ReadyHosting.com">
+
+	<target host="readyhosting.com" />
+	<target host="www.readyhosting.com" />
+	<target host="secure.readyhosting.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.readyhosting\.com$" name="^SESSION_ID$" /-->
+
+	<securecookie host="^\.readyhosting\.com$" name=".+" />
+
+
+	<!--	!www redirects to www over http,
+		so copy that behavior:
+					-->
+	<rule from="^http://(?:www\.)?readyhosting\.com/"
+		to="https://www.readyhosting.com/" />
+
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ready_Flowers.xml b/src/chrome/content/rules/Ready_Flowers.xml
index d915e66bec9f..9c9bee8909ce 100644
--- a/src/chrome/content/rules/Ready_Flowers.xml
+++ b/src/chrome/content/rules/Ready_Flowers.xml
@@ -1,22 +1,49 @@
 <!--
-	Problematic subdomains:
+	Nonfunctional hosts in *readyflowers.com:
 
-		- ^	(times out)
+		- blog ¹
+		- help ²
+
+	¹ 404
+	² Zendesk
+
+
+	^readyflowers.com: Mismatched
 
--->
-<ruleset name="Ready Flowers">
 
+	Insecure cookies are set for these hosts:
+
+		- www.readyflowers.com
+
+-->
+<ruleset name="Ready Flowers.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="static.readyflowers.com" />
+	<target host="static1.readyflowers.com" />
+	<target host="static2.readyflowers.com" />
+	<target host="static3.readyflowers.com" />
+	<target host="static4.readyflowers.com" />
+	<target host="static5.readyflowers.com" />
+	<target host="www.readyflowers.com" />
+
+	<!--	Complications:
+				-->
 	<target host="readyflowers.com" />
-	<target host="*.readyflowers.com" />
 
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.readyflowers\.com$" name="^_cf$" /-->
+
 	<securecookie host="^www\.readyflowers\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?readyflowers\.com/"
+	<rule from="^http://readyflowers\.com/"
 		to="https://www.readyflowers.com/" />
 
-	<rule from="^http://static\.readyflowers\.com/"
-		to="https://static.readyflowers.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Real-Debrid.com.xml b/src/chrome/content/rules/Real-Debrid.com.xml
new file mode 100644
index 000000000000..518c517e96df
--- /dev/null
+++ b/src/chrome/content/rules/Real-Debrid.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these domains: ᶜ
+
+		- .real-debrid.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Real-Debrid.com">
+
+	<target host="real-debrid.com" />
+	<target host="cdn.real-debrid.com" />
+	<target host="www.real-debrid.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.real-debrid\.com$" name="^https$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Real-Networks.xml b/src/chrome/content/rules/Real-Networks.xml
index df1efe8e3495..d8dd094ff442 100644
--- a/src/chrome/content/rules/Real-Networks.xml
+++ b/src/chrome/content/rules/Real-Networks.xml
@@ -1,4 +1,11 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.realone.com/ => https://www.real.com/: Too many redirects while fetching 'https://www.real.com/'
+
+Automatically by https-everywhere-checker because:
+Fetch error: http://fb-cdn.ghsrv.com/ => https://fb-cdn.ghsrv.com/: (28, 'Operation timed out after 15001 milliseconds with 0 bytes received')
+Fetch error: http://www.realone.com/ => https://www.real.com/: Cycle detected - URL already encountered: https://www.real.com/
 	real-uk.custhelp.com
 
 
@@ -12,28 +19,26 @@
 		- stats.rnhh.de
 
 -->
-<ruleset name="Real Networks (partial)">
+<ruleset name="Real Networks (partial)" default_off="failed ruleset test">
 
 	<target host="fb-cdn.ghsrv.com" />
-	<target host="*.real.com" />
+	<target host="www.real.com" />
+	<target host="images.real.com" />
 	<target host="www.realone.com" />
 
 
-	<securecookie host="^\.real\.com$" name=".*" />
+	<securecookie host="^\.real\.com$" name=".+" />
 
 
-	<rule from="^http://fb-cdn\.ghsrv\.com/"
-		to="https://fb-cdn.ghsrv.com/" />
 
-	<rule from="^http://www\.real\.com/"
-		to="https://www.real.com/" />
 
 	<!--	Doesn't work over https.	-->
-	<rule from="^https?://images\.real\.com/"
+	<rule from="^http://images\.real\.com/"
 		to="https://www.real.com/" />
 
 	<!--	Redirects like so over http.	-->
-	<rule from="^https?://www\.realone\.com/"
+	<rule from="^http://www\.realone\.com/"
 		to="https://www.real.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/RealClearPolitics.com.xml b/src/chrome/content/rules/RealClearPolitics.com.xml
index ed3b27380e11..afbd60d87ad6 100644
--- a/src/chrome/content/rules/RealClearPolitics.com.xml
+++ b/src/chrome/content/rules/RealClearPolitics.com.xml
@@ -1,22 +1,13 @@
 <!--
-	CDN buckets:
-
-		- assets.realclearpolitics.com.s3.amazonaws.com
-
-			- assets
-
-
-	Nonfunctional subdomains:
-
-		- (www.)	(refused)
-
+	Non-functional hosts:
+		Incomplete certificate chain:
+		- realclearpolitics.com
 -->
 <ruleset name="RealClearPolitics.com (partial)">
 
 	<target host="assets.realclearpolitics.com" />
+	<target host="www.realclearpolitics.com" />
 
+	<rule from="^http:" to="https:" />
 
-	<rule from="^http://assets\.realclearpolitics\.com/"
-		to="https://s3.amazonaws.com/assets.realclearpolitics.com/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/RealMatch.com.xml b/src/chrome/content/rules/RealMatch.com.xml
index 37cd1447f838..7a5d04aad54e 100644
--- a/src/chrome/content/rules/RealMatch.com.xml
+++ b/src/chrome/content/rules/RealMatch.com.xml
@@ -1,20 +1,25 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://realmatch.com/ => https://realmatch.com/: (51, "SSL: no alternative certificate subject name matches target host name 'realmatch.com'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://realmatch.com/ => https://realmatch.com/: (51, "SSL: no alternative certificate subject name matches target host name 'realmatch.com'")
 	Nonfunctional subdomains:
 
 		- blog	(http reply)
 
 -->
-<ruleset name="RealMatch.com (partial)">
+<ruleset name="RealMatch.com (partial)" default_off="failed ruleset test">
 
 	<target host="realmatch.com" />
-	<target host="*.realmatch.com" />
+	<target host="www.realmatch.com" />
 
 
 	<securecookie host="^\.realmatch\.com$" name="^__utm\w$" />
 	<securecookie host="^www\.realmatch\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?realmatch\.com/"
-		to="https://$1realmatch.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/RealTime.Email.xml b/src/chrome/content/rules/RealTime.Email.xml
new file mode 100644
index 000000000000..d418a2a221ff
--- /dev/null
+++ b/src/chrome/content/rules/RealTime.Email.xml
@@ -0,0 +1,42 @@
+<!--
+	For other Liveclicker coverage, see Liveclicker.com.xml.
+
+
+	Fully covered hosts in *realtime.email:
+
+		- (www.)?
+		- app
+
+
+	Insecure cookies are set for these hosts:
+
+		- app.realtime.email
+
+
+	Mixed content:
+
+		- Images on www from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="RealTime.Email">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="realtime.email" />
+	<target host="app.realtime.email" />
+	<target host="www.realtime.email" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^app\.realtime\.email$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^app\.realtime\.email$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/RealTimeStatistics.net.xml b/src/chrome/content/rules/RealTimeStatistics.net.xml
new file mode 100644
index 000000000000..37517b8f4276
--- /dev/null
+++ b/src/chrome/content/rules/RealTimeStatistics.net.xml
@@ -0,0 +1,6 @@
+<ruleset name="RealTimeStatistics.net">
+	<target host="realtimestatistics.net" />
+	<target host="www.realtimestatistics.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/RealTimeStats.com.xml b/src/chrome/content/rules/RealTimeStats.com.xml
new file mode 100644
index 000000000000..c55a02f354ae
--- /dev/null
+++ b/src/chrome/content/rules/RealTimeStats.com.xml
@@ -0,0 +1,14 @@
+<!--
+	For other Net Applications coverage, see Net-Applications.xml.
+
+-->
+<ruleset name="RealTimeStats.com" default_off="mismatched">
+
+	<target host="realtimestats.com" />
+	<target host="www.realtimestats.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/RealVNC.com.xml b/src/chrome/content/rules/RealVNC.com.xml
new file mode 100644
index 000000000000..2571bf5969d7
--- /dev/null
+++ b/src/chrome/content/rules/RealVNC.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- support.realvnc.com
+
+-->
+<ruleset name="RealVNC.com">
+
+	<target host="realvnc.com" />
+	<target host="developer.realvnc.com" />
+	<target host="support.realvnc.com" />
+	<target host="www.realvnc.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^support\.realvnc\.com$" name="^(?:SWIFT_client|SWIFT_sessionid40)$" /-->
+
+	<securecookie host="^support\.realvnc\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Real_Robot_High.xml b/src/chrome/content/rules/Real_Robot_High.xml
index fb953078a2e7..5580dbc25a04 100644
--- a/src/chrome/content/rules/Real_Robot_High.xml
+++ b/src/chrome/content/rules/Real_Robot_High.xml
@@ -1,20 +1,24 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://realrobothigh.com/ => https://realrobothigh.com/: (28, 'Connection timed out after 20001 milliseconds')
+
 	www: mismatched
 
 -->
-<ruleset name="Real Robot High">
+<ruleset name="Real Robot High" default_off="failed ruleset test">
 
 	<target host="realrobothigh.com" />
-	<target host="*.realrobothigh.com" />
+	<target host="stage.realrobothigh.com" />
+	<target host="www.realrobothigh.com" />
 
 
 	<securecookie host="^\.realrobothigh\.com$" name=".+" />
 
 
-	<rule from="^http://(stage\.)?realrobothigh\.com/"
-		to="https://$1realrobothigh.com/" />
 
-	<rule from="^https?://www\.realrobothigh\.com/"
+	<rule from="^http://www\.realrobothigh\.com/"
 		to="https://realrobothigh.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Real_World_OCaml.org.xml b/src/chrome/content/rules/Real_World_OCaml.org.xml
new file mode 100644
index 000000000000..784cbde09548
--- /dev/null
+++ b/src/chrome/content/rules/Real_World_OCaml.org.xml
@@ -0,0 +1,16 @@
+<!--
+	Invalid certificate:
+		www.realworldocaml.org
+-->
+
+<ruleset name="Real World OCaml.org">
+
+	<target host="realworldocaml.org" />
+	<target host="dev.realworldocaml.org" />
+	<target host="v1.realworldocaml.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Realschule-herrieden.de.xml b/src/chrome/content/rules/Realschule-herrieden.de.xml
new file mode 100644
index 000000000000..54f63f78b1f6
--- /dev/null
+++ b/src/chrome/content/rules/Realschule-herrieden.de.xml
@@ -0,0 +1,6 @@
+<ruleset name="Realschule-herrieden.de">
+	<target host="realschule-herrieden.de" />
+	<target host="www.realschule-herrieden.de" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Realtech_VR.xml b/src/chrome/content/rules/Realtech_VR.xml
index 24b259aacc39..ee27f1542e2e 100644
--- a/src/chrome/content/rules/Realtech_VR.xml
+++ b/src/chrome/content/rules/Realtech_VR.xml
@@ -13,7 +13,7 @@
 	<securecookie host="^realtech-vr\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?realtech-vr\.com/"
+	<rule from="^http://(?:www\.)?realtech-vr\.com/"
 		to="https://realtech-vr.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Realtidbits.xml b/src/chrome/content/rules/Realtidbits.xml
index be1e486bb548..8103313fe53e 100644
--- a/src/chrome/content/rules/Realtidbits.xml
+++ b/src/chrome/content/rules/Realtidbits.xml
@@ -7,19 +7,27 @@
 
 	Nonfunctional domains:
 
+		- (www.)? ¹
+		- api ¹
+		- cdn ¹
 		- documentation.realtidbits.com	(CN: *.mindtouch.us; redirects to http)
+		- ssl ¹
+
+	¹ Refused
 
 -->
-<ruleset name="Realtidbits (partial)">
+<ruleset name="Realtidbits (partial)" default_off="refused">
 
 	<target host="realtidbits.com" />
-	<target host="*.realtidbits.com" />
+	<target host="api.realtidbits.com" />
+	<target host="ssl.realtidbits.com" />
+	<target host="www.realtidbits.com" />
+	<target host="cdn.realtidbits.com" />
 
 
-	<rule from="^http://(api\.|ssl\.|www\.)?realtidbits\.com/"
-		to="https://$1realtidbits.com/" />
 
-	<rule from="^https?://cdn.realtidbits.com/"
+	<rule from="^http://cdn\.realtidbits\.com/"
 		to="https://c299782.ssl.cf1.rackcdn.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Realtime.co.xml b/src/chrome/content/rules/Realtime.co.xml
index baed945f04b6..d1d08804dc7a 100644
--- a/src/chrome/content/rules/Realtime.co.xml
+++ b/src/chrome/content/rules/Realtime.co.xml
@@ -1,4 +1,6 @@
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://realtime.co/ => https://realtime.co/: (7, 'Failed to connect to realtime.co port 443: Connection refused')
 	Problematic subdomains:
 
 		- www	(refused)
@@ -7,6 +9,7 @@
 	Fully covered subdomains:
 
 		- ^
+		- accounts
 		- app
 		- ortc-ws2
 		- ortc-ws2-useast1-s000[5-9]
@@ -20,13 +23,13 @@
 	<target host="*.realtime.co" />
 
 
-	<securecookie host="^app\.realtime\.co$" name=".+" />
+	<securecookie host="^a(?:ccounts|pp)\.realtime\.co$" name=".+" />
 
 
-	<rule from="^http://(ortc-ws2(?:-useast1-s\d+)?\.)?realtime\.co/"
+	<rule from="^http://(accounts\.|ortc-ws2(?:-useast1-s\d+)?\.)?realtime\.co/"
 		to="https://$1realtime.co/" />
 
 	<rule from="^http://www\.realtime\.co/"
 		to="https://app.realtime.co/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Realtimeregister.com.xml b/src/chrome/content/rules/Realtimeregister.com.xml
new file mode 100644
index 000000000000..219b73fb3706
--- /dev/null
+++ b/src/chrome/content/rules/Realtimeregister.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="Realtimeregister.com">
+	<target host="realtimeregister.com" />
+	<target host="www.realtimeregister.com" />
+	<target host="dm.realtimeregister.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Realview_Digital.com.xml b/src/chrome/content/rules/Realview_Digital.com.xml
new file mode 100644
index 000000000000..f43eefdc5471
--- /dev/null
+++ b/src/chrome/content/rules/Realview_Digital.com.xml
@@ -0,0 +1,61 @@
+<!--
+	Other Realview rulesets:
+
+		- Realview_Technologies.com.xml
+
+
+	Nonfunctional hosts in *realviewdigital.com:
+
+		- ^ ¹
+		- rvrapid ¹
+		- support ²
+		- www ³
+
+	¹ 500
+	² Freshdesk/redirects to http
+	³ Shows default page
+
+
+	Problematic hosts in *realviewdigital.com:
+
+		- blog ¹
+		- $client_vhosts ²
+
+	¹ Hubspot/mismatched
+	² Mixed css
+
+
+	Mixed content:
+
+		- css on $client_vhost from static.cdn.realviewdigital.com *
+
+		- Images, on:
+
+			- blog from static.cdn.realviewdigital.com *
+			- blog from www.realviewdigital.com
+
+	* Secured by us
+
+-->
+<ruleset name="Realview Digital.com (partial)">
+
+	<target host="static.cdn.realviewdigital.com" />
+	<target host="downloads.realviewdigital.com" />
+
+		<test url="http://static.cdn.realviewdigital.com/global/v3/css/site_styles.css" />
+		<test url="http://static.cdn.realviewdigital.com/static/RVW-wordpress/b_pricing.jpg" />
+		<test url="http://static.cdn.realviewdigital.com/static/RVW-wordpress/images/list-styles.png" />
+		<test url="http://downloads.realviewdigital.com/Realview/Realview%20Website/tile2.png" />
+
+		<!--	Mixed css:
+					-->
+		<!--test url="http://pac.realviewdigital.com/" /-->
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Realview_Technologies.com.xml b/src/chrome/content/rules/Realview_Technologies.com.xml
new file mode 100644
index 000000000000..27dc62bc423e
--- /dev/null
+++ b/src/chrome/content/rules/Realview_Technologies.com.xml
@@ -0,0 +1,27 @@
+<!--
+	For other Realview Digital coverage, see Realview_Digital.com.xml.
+
+
+	Problematic hosts in *realviewtechnologies.com:
+
+		- downloads *
+
+	* Mismatched
+
+-->
+<ruleset name="Realview Technologies.com (partial)">
+
+	<!--	Complications:
+				-->
+	<target host="downloads.realviewtechnologies.com" />
+
+		<test url="http://downloads.realviewtechnologies.com/1105Media/FCW/SpriteMap_fcw.png" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://downloads\.realviewtechnologies\.com/"
+		to="https://downloads.realviewdigital.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Reason.com.xml b/src/chrome/content/rules/Reason.com.xml
index 020693dca951..feccaebd27fa 100644
--- a/src/chrome/content/rules/Reason.com.xml
+++ b/src/chrome/content/rules/Reason.com.xml
@@ -5,18 +5,34 @@
 
 			- cloudfront-assets
 
+-->
+<ruleset name="Reason.com">
 
-	Nonfunctional subdomains:
+	<!--	Direct rewrites:
+				-->
+	<target host="reason.com" />
+	<target host="www.reason.com" />
 
-		- (www.)	(redirects to http, valid cert)
+	<!--	Complications:
+				-->
+	<target host="cloudfront-assets.reason.com" />
 
--->
-<ruleset name="Reason.com (partial)">
+		<test url="http://reason.com/blog" />
+		<test url="http://reason.com/subscribe" />
+		<test url="http://www.reason.com/widgets" />
 
-	<target host="cloudfront-assets.reason.com" />
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.reason\.com$" name="^(__qca|ng_session)$" /-->
+
+	<securecookie host="^\.reason\.com$" name=".+" />
 
 
 	<rule from="^http://cloudfront-assets\.reason\.com/"
 		to="https://d1ai9qtk9p41kl.cloudfront.net/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Reason_Core_Security.com.xml b/src/chrome/content/rules/Reason_Core_Security.com.xml
new file mode 100644
index 000000000000..8348e3c45092
--- /dev/null
+++ b/src/chrome/content/rules/Reason_Core_Security.com.xml
@@ -0,0 +1,42 @@
+<!--
+	Nonfunctional hosts in *reasoncoresecurity.com:
+
+		- forum *
+
+	* Refused
+
+
+	Problematic hosts in *reasoncoresecurity.com:
+
+		- blog *
+
+	* Mismatched
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .reasoncoresecurity.com
+		- www.reasoncoresecurity.com
+
+-->
+<ruleset name="Reason Core Security.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="reasoncoresecurity.com" />
+	<target host="www.reasoncoresecurity.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.reasoncoresecurity\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+	<!--securecookie host="^www\.reasoncoresecurity\.com$" name="^(?:ASP\.NET_SessionId|sid)$" /-->
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ReasonableFaith.org.xml b/src/chrome/content/rules/ReasonableFaith.org.xml
new file mode 100644
index 000000000000..78fd00792c41
--- /dev/null
+++ b/src/chrome/content/rules/ReasonableFaith.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="ReasonableFaith.org">
+	<target host="reasonablefaith.org" />
+	<target host="www.reasonablefaith.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Reasons.to.xml b/src/chrome/content/rules/Reasons.to.xml
new file mode 100644
index 000000000000..b11492957703
--- /dev/null
+++ b/src/chrome/content/rules/Reasons.to.xml
@@ -0,0 +1,10 @@
+<ruleset name="Reasons.to">
+
+	<target host="reasons.to" />
+	<target host="www.reasons.to" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Rebateaccess.com.xml b/src/chrome/content/rules/Rebateaccess.com.xml
new file mode 100644
index 000000000000..260629f5cbd7
--- /dev/null
+++ b/src/chrome/content/rules/Rebateaccess.com.xml
@@ -0,0 +1,64 @@
+<!--
+	Problematic domains:
+
+		- ^ ¹
+		- www ¹
+		- www.americanstandard ²
+		- www.jabrapartner ²
+		- www.pantone ²
+		- www.plantronics ²
+
+	¹: Refused
+	²: Mismatch
+
+	It seems like all first level subdomains work, but that
+	all others fail.
+
+-->
+<ruleset name="Rebateaccess.com">
+
+	<target host="*.rebateaccess.com" />
+
+	<test url="http://aac.rebateaccess.com/" />
+	<test url="http://americanstandard.rebateaccess.com/" />
+	<test url="http://barnesbullets.rebateaccess.com/" />
+	<test url="http://bushmaster.rebateaccess.com/" />
+	<test url="http://chat.rebateaccess.com/" />
+	<test url="http://coolermaster.rebateaccess.com/" />
+	<test url="http://enermax.rebateaccess.com/" />
+	<test url="http://goldeagle.rebateaccess.com/" />
+	<test url="http://hamiltonbeach.rebateaccess.com/" />
+	<test url="http://icom.rebateaccess.com/" />
+	<test url="http://jabrapartner.rebateaccess.com/" />
+	<test url="http://kaspersky.rebateaccess.com/" />
+	<test url="http://lasermax.rebateaccess.com/" />
+	<test url="http://lepa.rebateaccess.com/" />
+	<test url="http://manfrotto.rebateaccess.com/" />
+	<test url="http://marlinfirearms.rebateaccess.com/" />
+	<test url="http://newegg.rebateaccess.com/" />
+	<test url="http://olympus.rebateaccess.com/" />
+	<test url="http://paloalto.rebateaccess.com/" />
+	<test url="http://pantone.rebateaccess.com/" />
+	<test url="http://para.rebateaccess.com/" />
+	<test url="http://plantronics.rebateaccess.com/" />
+	<test url="http://remington.rebateaccess.com/" />
+	<test url="http://sportsmanswarehouse.rebateaccess.com/" />
+	<test url="http://zeissphoto.rebateaccess.com/" />
+	<test url="http://zeiss.rebateaccess.com/" />
+
+	<exclusion pattern="^http://www\.rebateaccess\.com/" />
+
+		<test url="http://www.rebateaccess.com/" />
+
+	<!-- Exclude lower level domains. -->
+	<exclusion pattern="^http://\w+\.\w+\.rebateaccess\.com/" />
+
+		<test url="http://www.americanstandard.rebateaccess.com/" />
+		<test url="http://www.jabrapartner.rebateaccess.com/" />
+		<test url="http://www.pantone.rebateaccess.com/" />
+		<test url="http://www.plantronics.rebateaccess.com/" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/RebelMouse.com.xml b/src/chrome/content/rules/RebelMouse.com.xml
new file mode 100644
index 000000000000..2efe45e1975e
--- /dev/null
+++ b/src/chrome/content/rules/RebelMouse.com.xml
@@ -0,0 +1,55 @@
+<!--
+	Other RebelMouse rulesets:
+
+		- Rbl.Ms.xml
+
+
+	CDN buckets:
+
+		- partners.rebelmouse.com.s3.amazonaws.com
+
+			- partners
+
+
+	Problematic subdomains:
+
+		- partners *
+
+	* Mismatched, CN: *.s3.amazonaws.com
+
+
+	Fully covered subdomains:
+
+		- (www.)
+		- about
+		- blog
+		- partners	(-> s3.amazonaws.com)
+
+
+	Insecure cookies are set for these domains:
+
+		- .rebelmouse.com
+
+
+	Mixed content:
+
+		- Add on www from partner *
+
+	* Secured by us
+
+-->
+<ruleset name="RebelMouse.com">
+
+	<target host="partners.rebelmouse.com" />
+	<target host="rebelmouse.com" />
+	<target host="about.rebelmouse.com" />
+	<target host="blog.rebelmouse.com" />
+	<target host="www.rebelmouse.com" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Rec-log.xml b/src/chrome/content/rules/Rec-log.xml
index 9e20ce252cbf..652306c369cd 100644
--- a/src/chrome/content/rules/Rec-log.xml
+++ b/src/chrome/content/rules/Rec-log.xml
@@ -26,7 +26,7 @@
 
 	<!--	Redirects like so.
 					-->
-	<rule from="^https?://www\.rec-log\.jp/"
+	<rule from="^http://www\.rec-log\.jp/"
 		to="https://www.reclog.jp/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Rec1.com.xml b/src/chrome/content/rules/Rec1.com.xml
new file mode 100644
index 000000000000..493a256fbfe0
--- /dev/null
+++ b/src/chrome/content/rules/Rec1.com.xml
@@ -0,0 +1,24 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- secure.rec1.com
+
+-->
+<ruleset name="rec1.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="secure.rec1.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^secure\.rec1\.com$" name="^(?:PHPSESSID|SERVERID)$" /-->
+
+	<securecookie host="^secure\.rec1\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Recalll.co.xml b/src/chrome/content/rules/Recalll.co.xml
new file mode 100644
index 000000000000..5a5498b3b901
--- /dev/null
+++ b/src/chrome/content/rules/Recalll.co.xml
@@ -0,0 +1,19 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.recalll.co/ => https://www.recalll.co/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="Recalll.co" default_off="failed ruleset test">
+
+	<target host="recalll.co" />
+	<target host="www.recalll.co" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Recap_the_Law.xml b/src/chrome/content/rules/Recap_the_Law.xml
deleted file mode 100644
index 8ae6a055142d..000000000000
--- a/src/chrome/content/rules/Recap_the_Law.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="Recap the Law">
-
-	<target host="recapthelaw.org" />
-	<target host="www.recapthelaw.org" />
-
-
-	<rule from="^http://(www\.)?recapthelaw\.org/"
-		to="https://$1recapthelaw.org/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Recipelab.org.xml b/src/chrome/content/rules/Recipelab.org.xml
new file mode 100644
index 000000000000..746dea973e1f
--- /dev/null
+++ b/src/chrome/content/rules/Recipelab.org.xml
@@ -0,0 +1,25 @@
+<!--
+	www.recipelab.org: 400
+
+-->
+<ruleset name="recipelab.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="recipelab.org" />
+
+	<!--	Complications:
+				-->
+	<target host="www.recipelab.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://www\.recipelab\.org/"
+		to="https://recipelab.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Reclam.de.xml b/src/chrome/content/rules/Reclam.de.xml
new file mode 100644
index 000000000000..d5d3dcae1796
--- /dev/null
+++ b/src/chrome/content/rules/Reclam.de.xml
@@ -0,0 +1,18 @@
+<!--
+	Nonfunctional hosts in *.reclam.de:
+		-  filebase.reclam.de (m)
+		-  mobile.reclam.de (m)
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Reclam.de">
+	<target host="reclam.de" />
+	<target host="www.reclam.de" />
+	<target host="newsletter.reclam.de" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Recode.net.xml b/src/chrome/content/rules/Recode.net.xml
new file mode 100644
index 000000000000..7f84ccfc9785
--- /dev/null
+++ b/src/chrome/content/rules/Recode.net.xml
@@ -0,0 +1,21 @@
+<!--
+	For other Vox Media coverage, see Vox.com.xml.
+
+	on.recode.net is covered in Bitly_branded_short_domains.xml
+
+	Mismatch:
+		- photos.recode.net
+-->
+<ruleset name="Recode.net">
+
+	<target host="recode.net" />
+	<target host="www.recode.net" />
+	<target host="events.recode.net" />
+	<target host="live.recode.net" />
+
+	<securecookie host="^www\.recode\.net$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Recombu.com.xml b/src/chrome/content/rules/Recombu.com.xml
index 1ad2fa121b23..a7709cb34008 100644
--- a/src/chrome/content/rules/Recombu.com.xml
+++ b/src/chrome/content/rules/Recombu.com.xml
@@ -3,24 +3,18 @@
 
 		- s3-eu-west-1.amazonaws.com/recombu/
 
-
-	Nonfunctional subdomains:
-
-		- (www.)	(redirects to http, valid cert)
-
-
-	Fully covered subdomains:
-
-		- cdn
-		- cdn[123]
-
 -->
-<ruleset name="Recombu.com (partial)">
+<ruleset name="Recombu.com">
 
-	<target host="*.recombu.com" />
+	<target host="recombu.com" />
+	<target host="cdn.recombu.com" />
+	<target host="cdn1.recombu.com" />
+	<target host="cdn2.recombu.com" />
+	<target host="cdn3.recombu.com" />
+	<target host="www.recombu.com" />
 
 
-	<rule from="^http://cdn(\d)?\.recombu\.com/"
-		to="https://cdn$1.recombu.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Record-Store-Day.xml b/src/chrome/content/rules/Record-Store-Day.xml
index 5dd9169f193e..907b83158714 100644
--- a/src/chrome/content/rules/Record-Store-Day.xml
+++ b/src/chrome/content/rules/Record-Store-Day.xml
@@ -4,7 +4,7 @@
 	<target host="www.recordstoreday.com"/>
 	<target host="recordstoreday.tuneportals.com"/>
 
-	<securecookie host="^recordstoreday\.tuneportals\.com$" name=".*"/>
+	<securecookie host="^recordstoreday\.tuneportals\.com$" name=".+" />
 
 	<rule from="^http://(?:www\.)?recordstoreday(?:\.tuneportals)\.com/"
 		to="https://recordstoreday.tuneportals.com/"/>
diff --git a/src/chrome/content/rules/Recorded_Future.org.xml b/src/chrome/content/rules/Recorded_Future.org.xml
new file mode 100644
index 000000000000..b62d0f1fa057
--- /dev/null
+++ b/src/chrome/content/rules/Recorded_Future.org.xml
@@ -0,0 +1,58 @@
+<!--
+	NB: Tor users cannot view* this website due to CloudFlare settings.
+
+	See:
+
+		- https://blog.torproject.org/blog/call-arms-helping-internet-services-accept-anonymous-users
+		- https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block-Tor-
+		- https://support.cloudflare.com/hc/en-us/articles/200170206-How-do-I-turn-I-m-Under-Attack-mode-on-
+
+	* without enabling javascript, for security and privacy implications see e.g.:
+
+		- https://www.mozilla.org/security/known-vulnerabilities/firefox.html
+		- https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-fingerprinting
+		- https://panopticlick.eff.org
+
+
+	Nonfunctional hosts in *recordedfuture.com:
+
+		- go *
+		- status *
+
+	* Refused
+
+
+	Fully covered hosts in *recordedfuture.com:
+
+		- (www.)?
+		- support
+
+
+	Insecure cookies are set for these hosts and domains:
+
+		- .recordedfuture.com
+		- support.recordedfuture.com
+
+-->
+<ruleset name="Recorded Future.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="recordedfuture.com" />
+	<target host="support.recordedfuture.com" />
+	<target host="www.recordedfuture.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.recordedfuture\.com$" name="^(__cfduid|cf_clearance)$" /-->
+	<!--securecookie host="^support\.recordedfuture\.com$" name="^(_rf|_session_id)$" /-->
+
+	<securecookie host="^\.recordedfuture\.com$" name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^support\.recordedfuture\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Recruitment_Platform.com.xml b/src/chrome/content/rules/Recruitment_Platform.com.xml
new file mode 100644
index 000000000000..435b572d58a3
--- /dev/null
+++ b/src/chrome/content/rules/Recruitment_Platform.com.xml
@@ -0,0 +1,20 @@
+<!--
+	For other Lumesse coverage, see Lumesse.com.xml.
+
+
+	Fully covered subdomains:
+
+		- (www.)?
+		- emea3
+
+-->
+<ruleset name="Recruitment Platform.com">
+
+	<target host="recruitmentplatform.com" />
+	<target host="emea3.recruitmentplatform.com" />
+	<target host="www.recruitmentplatform.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Recurly.com.xml b/src/chrome/content/rules/Recurly.com.xml
deleted file mode 100644
index 4471e7992d92..000000000000
--- a/src/chrome/content/rules/Recurly.com.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!-- This rule was automatically generated based on an HSTS
-     preload rule in the Chromium browser.  See 
-     https://src.chromium.org/viewvc/chrome/trunk/src/net/base/transport_security_state.cc
-     for the list of preloads.  Sites are added to the Chromium HSTS
-     preload list on request from their administrators, so HTTPS should
-     work properly everywhere on this site.
- 
-     Because Chromium and derived browsers automatically force HTTPS for
-     every access to this site, this rule applies only to Firefox. -->
-<ruleset name="Recurly.com" platform="firefox">
-  <target host="app.recurly.com" />
-  <target host="api.recurly.com" />
-
-  <securecookie host="^app\.recurly\.com$" name=".+" />
-  <securecookie host="^api\.recurly\.com$" name=".+" />
-
-  <rule from="^http://app\.recurly\.com/" to="https://app.recurly.com/" />
-  <rule from="^http://api\.recurly\.com/" to="https://api.recurly.com/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Recurly.xml b/src/chrome/content/rules/Recurly.xml
deleted file mode 100644
index 08347708faf5..000000000000
--- a/src/chrome/content/rules/Recurly.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="Recurly (partial)">
-
-	<target host="blog.recurly.com" />
-
-
-	<rule from="^http://blog\.recurly\.com/"
-		to="https://blog.recurly.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Recurse.com.xml b/src/chrome/content/rules/Recurse.com.xml
new file mode 100644
index 000000000000..d993d23914a5
--- /dev/null
+++ b/src/chrome/content/rules/Recurse.com.xml
@@ -0,0 +1,36 @@
+<!--
+	Problematic hosts:
+
+		- recurse.com *
+
+	* Refused
+
+
+	Fully covered hosts:
+
+		- (www.)?	(^ → www)
+		- codewords
+
+-->
+<ruleset name="Recurse.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="codewords.recurse.com" />
+	<target host="www.recurse.com" />
+
+	<!--	Complications:
+				-->
+	<target host="recurse.com" />
+
+
+	<!--	Redirect keeps forward
+		slash, path, and args:
+					-->
+	<rule from="^http://recurse\.com/"
+		to="https://www.recurse.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/RecycleNow.com.xml b/src/chrome/content/rules/RecycleNow.com.xml
new file mode 100644
index 000000000000..0cd510ca2faf
--- /dev/null
+++ b/src/chrome/content/rules/RecycleNow.com.xml
@@ -0,0 +1,16 @@
+<!--
+	Private subdomain:
+		rl.recyclenow.com
+
+-->
+<ruleset name="Recycle Now">
+
+	<target host="recyclenow.com"/>
+	<target host="www.recyclenow.com"/>
+
+	<securecookie host="^www\.recyclenow\.com$" name=".+" />
+
+	<rule from="^http:"
+		to="https:"/>
+
+</ruleset>
diff --git a/src/chrome/content/rules/RecycleNow.xml b/src/chrome/content/rules/RecycleNow.xml
deleted file mode 100644
index dfad104318fc..000000000000
--- a/src/chrome/content/rules/RecycleNow.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<ruleset name="Recycle Now">
-
-	<target host="recyclenow.com"/>
-	<target host="www.recyclenow.com"/>
-
-	<rule from="^http://(www\.)?recyclenow\.com/"
-		to="https://www.recyclenow.com/"/>
-
-	<securecookie host="^www\.recyclenow\.com$" name=".*"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Red-Aril.xml b/src/chrome/content/rules/Red-Aril.xml
index 1c592a7565ce..b1dd89176de8 100644
--- a/src/chrome/content/rules/Red-Aril.xml
+++ b/src/chrome/content/rules/Red-Aril.xml
@@ -1,20 +1,43 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://p.raasnet.com/ => https://p.raasnet.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://p0.raasnet.com/ => https://p0.raasnet.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://p1.raasnet.com/ => https://p1.raasnet.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://p2.raasnet.com/ => https://p2.raasnet.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://p3.raasnet.com/ => https://p3.raasnet.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://p4.raasnet.com/ => https://p4.raasnet.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://p5.raasnet.com/ => https://p5.raasnet.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://p6.raasnet.com/ => https://p6.raasnet.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://p7.raasnet.com/ => https://p7.raasnet.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://p8.raasnet.com/ => https://p8.raasnet.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://p9.raasnet.com/ => https://p9.raasnet.com/: (60, 'SSL certificate problem: certificate has expired')
+
 	Nonfunctional domains:
 
-		- (www.)redaril.com	(times out)
+		- (www.)?redaril.com	(times out)
+		- dmp.redaril.com	(times out)
 
--->
-<ruleset name="Red Aril (partial)">
 
-	<target host="*.raasnet.com" />
-	<target host="dmp.redaril.com" />
+	p\d?.raasnet.com: Included on 3rd-party websites.
+
+-->
+<ruleset name="RAasnet.com (partial)" default_off="failed ruleset test">
 
+	<target host="p.raasnet.com" />
+	<target host="p0.raasnet.com" />
+	<target host="p1.raasnet.com" />
+	<target host="p2.raasnet.com" />
+	<target host="p3.raasnet.com" />
+	<target host="p4.raasnet.com" />
+	<target host="p5.raasnet.com" />
+	<target host="p6.raasnet.com" />
+	<target host="p7.raasnet.com" />
+	<target host="p8.raasnet.com" />
+	<target host="p9.raasnet.com" />
 
-	<!--	Included on 3rd-party websites.	-->
-	<rule from="^http://p(\d)?\.raasnet\.com/"
-		to="https://p$1.raasnet.com/" />
 
-	<rule from="^http://dmp\.redaril\.com/"
-		to="https://dmp.redaril.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Red-Dove.com.xml b/src/chrome/content/rules/Red-Dove.com.xml
new file mode 100644
index 000000000000..0955dd7d1de5
--- /dev/null
+++ b/src/chrome/content/rules/Red-Dove.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="Red-Dove.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="red-dove.com" />
+	<target host="www.red-dove.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Red-Gate.com.xml b/src/chrome/content/rules/Red-Gate.com.xml
new file mode 100644
index 000000000000..0fd392fd3d34
--- /dev/null
+++ b/src/chrome/content/rules/Red-Gate.com.xml
@@ -0,0 +1,61 @@
+<!--
+	Nonfunctional hosts in *red-gate.com:
+
+		- redgatesupport ¹
+		- sqlinthecity ²
+		- ux ³
+
+	¹ Zendesk
+	² Refused
+	³ Handshake fails
+
+
+	^red-gate.com: Mismatched
+
+
+	These altnames don't exist:
+
+		- www.assets.red-gate.com
+
+
+	Insecure cookies are set for these hosts:
+
+		- documentation.red-gate.com
+
+
+	Mixed content:
+
+		- Image on documentation from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Red-Gate.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="assets.red-gate.com" />
+	<target host="documentation.red-gate.com" />
+	<target host="www.red-gate.com" />
+
+	<!--	Complications:
+				-->
+	<target host="red-gate.com" />
+
+		<!--exclusion pattern="^http://(redgatesupport|ux)\.red-gate\.com/" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^documentation\.red-gate\.com$" name="JSESSIONID$" /-->
+
+	<securecookie host="^documentation\.red-gate\.com$" name=".+" />
+
+
+	<rule from="^http://red-gate\.com/"
+		to="https://www.red-gate.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Red-Pill.eu.xml b/src/chrome/content/rules/Red-Pill.eu.xml
index 2a126632532e..20985e6514bd 100644
--- a/src/chrome/content/rules/Red-Pill.eu.xml
+++ b/src/chrome/content/rules/Red-Pill.eu.xml
@@ -3,7 +3,7 @@
 	<target host="red-pill.eu"/>
 	<target host="www.red-pill.eu"/>
 
-	<securecookie host="^(www\.)?red-pill\.eu$" name="^roundcube_.*"/>
+	<securecookie host="^(?:www\.)?red-pill\.eu$" name="^roundcube_.*"/>
 
 	<rule from="^http://(www\.)?red-pill\.eu/(admin|mail)/"
 		to="https://$1red-pill.eu/$1/"/>
diff --git a/src/chrome/content/rules/Red.es.xml b/src/chrome/content/rules/Red.es.xml
index 9843fd336f88..16acef7280b5 100644
--- a/src/chrome/content/rules/Red.es.xml
+++ b/src/chrome/content/rules/Red.es.xml
@@ -12,13 +12,13 @@
 <ruleset name="Red.es (partial)" default_off="self-signed">
 
 	<target host="ontsi.red.es" />
-	<target host="*.ontsi.red.es" />
+	<target host="www.ontsi.red.es" />
 
 
 	<securecookie host="^\.ontsi\.red\.es$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?ontsi\.red\.es/"
+	<rule from="^http://(?:www\.)?ontsi\.red\.es/"
 		to="https://www.ontsi.red.es/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/RedBubble.xml b/src/chrome/content/rules/RedBubble.xml
index c5dd79a3a090..3011580030fd 100644
--- a/src/chrome/content/rules/RedBubble.xml
+++ b/src/chrome/content/rules/RedBubble.xml
@@ -3,46 +3,59 @@
 
 		- wac.0b02.edgecastcdn.net
 
-			- blog.redbubble.com
 
+	Nonfunctional hosts in *redbubble.com:
 
-	Nonfunctional domains:
+		- blog *
+		- shareholders (Invalid name)
 
-		- blog.redbubble.com		(404; mismatched, CN: gp1.wac.edgecastcdn.net)
-		- support.redbubble.com		(redirects to http; mismatched, CN: *.tenderapp.com)
-
-
-	Problematic domains:
-
-		- feedback.redbubble.com	(mismatched, CN: *.uservoice.com)
-
-
-	Partially covered domains:
-
-		- (www.)redbubble.com	(most pages redirect to http)
-
-
-	Fully covered domains:
-
-		- support.redbubble.com		(→ redbubble.tenderapp.com)
-		- assets[01].redbubble.net
-		- ih[0-3].redbubble.net
+	* WP Engine
 
 -->
 <ruleset name="RedBubble (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="redbubble.com" />
-	<target host="*.redbubble.com" />
-	<target host="*.redbubble.net" />
-
-
-	<rule from="^http://(www\.)?redbubble\.com/(?:(auth/login|signup)(?:\?|/$)|favicon\.ico)"
-		to="https://$1redbubble.com/$2" />
-
-	<rule from="^http://support\.redbubble\.com/"
-		to="https://redbubble.tenderapp.com/" />
-
-	<rule from="^http://(assets\d|ih\d)\.redbubble\.net/"
-		to="https://$1.redbubble.net/" />
-
-</ruleset>
\ No newline at end of file
+	<target host="careers.redbubble.com" />
+	<target host="petmonsters.redbubble.com" />
+	<target host="help.redbubble.com" />
+	<target host="www.redbubble.com" />
+
+	<target host="assets0.redbubble.net" />
+	<target host="assets1.redbubble.net" />
+	<target host="ih0.redbubble.net" />
+	<target host="ih1.redbubble.net" />
+	<target host="ih2.redbubble.net" />
+	<target host="ih3.redbubble.net" />
+
+	<target host="support.redbubble.com" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.redbubble.com/about" />
+			<test url="http://www.redbubble.com/affiliates" />
+			<test url="http://www.redbubble.com/jobs" />
+			<test url="http://www.redbubble.com/orders" />
+			<test url="http://www.redbubble.com/pages/play-nice" />
+			<test url="http://www.redbubble.com/products/index" />
+			<test url="http://www.redbubble.com/shop/stickers?ref=" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.redbubble.com/favicon.ico" />
+			<test url="http://www.redbubble.com/auth/login" />
+
+		<test url="http://assets0.redbubble.net/website-content/homepage-banner/20151125152715/151119_holiday_himher_hp.jpg" />
+		<test url="http://assets1.redbubble.net/assets/icons/email-arrow_2x-6af449c230003a7da2fc5fa9af964165.png" />
+		<test url="http://ih0.redbubble.net/image.97554104.0925/fp,550x550,black,off_white,box20,s,ffffff.u5.jpg" />
+		<test url="http://ih1.redbubble.net/image.125508601.3776/flat,138x,075,f.u3.jpg" />
+
+		<test url="http://support.redbubble.com/home.php" />
+
+	<securecookie host="^((help|www|assets0|assets1|ih0|ih1|ih2|ih3|support)\.)?redbubble\.com$" name=".+"/>
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/RedFerret.net.xml b/src/chrome/content/rules/RedFerret.net.xml
new file mode 100644
index 000000000000..9683fb548119
--- /dev/null
+++ b/src/chrome/content/rules/RedFerret.net.xml
@@ -0,0 +1,10 @@
+<ruleset name="RedFerret.net">
+
+	<target host="redferret.net" />
+	<target host="www.redferret.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/RedIRIS.es.xml b/src/chrome/content/rules/RedIRIS.es.xml
index abe01a63180a..f6bc9551e844 100644
--- a/src/chrome/content/rules/RedIRIS.es.xml
+++ b/src/chrome/content/rules/RedIRIS.es.xml
@@ -27,10 +27,10 @@
 	<rule from="^http://pki\.irisgrid\.es/"
 		to="https://pki.irisgrid.es/" />
 
-	<rule from="^https?://(?:www\.)?rediris\.(es|net)/"
+	<rule from="^http://(?:www\.)?rediris\.(es|net)/"
 		to="https://www.rediris.$1/" />
 
 	<rule from="^http://(cmwebber|forja|eu|intranet|jo|ni|papi|sir|stats|wiki|yo)\.rediris\.es/"
 		to="https://$1.rediris.es/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/RedPlum.com.xml b/src/chrome/content/rules/RedPlum.com.xml
index a4cc8ed1c515..e2eba75ebcaf 100644
--- a/src/chrome/content/rules/RedPlum.com.xml
+++ b/src/chrome/content/rules/RedPlum.com.xml
@@ -1,13 +1,39 @@
-<ruleset name="RedPlum.com">
+<ruleset name="RedPlum.com (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="redplum.com" />
-	<target host="*.redplum.com" />
+	<target host="client.redplum.com" />
+	<target host="couponimages.redplum.com" />
+	<target host="vdrn.redplum.com" />
+	<target host="www.redplum.com" />
 
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.redplum\.com/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.redplum\.com/+(?!css/|fonts/|images/)" />
 
-	<securecookie host="^.*\.redplum\.com$" name=".*" />
+			<!--	+ve:
+					-->
+			<test url="http://www.redplum.com/blog/" />
+			<test url="http://www.redplum.com/coupons/top-ten-coupons.html" />
+			<test url="http://www.redplum.com/local-deals/top-deals" />
+			<test url="http://www.redplum.com/section/printable-coupons" />
 
+			<!--	-ve:
+					-->
+			<test url="http://www.redplum.com/css/redplum.css" />
+			<test url="http://www.redplum.com/images/ui/redplum-logo.png" />
+			<test url="http://www.redplum.com/fonts/Roboto-900/Roboto-900.eot" />
 
-	<rule from="^http://((?:client|couponimages|vdrn|www)\.)?redplum\.com/"
-		to="https://$1redplum.com/" />
+
+	<securecookie host="^(?!www\.redplum\.com$)\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/RedState.xml b/src/chrome/content/rules/RedState.xml
index bfc8ec08302c..cda121a5c23a 100644
--- a/src/chrome/content/rules/RedState.xml
+++ b/src/chrome/content/rules/RedState.xml
@@ -16,4 +16,4 @@
 	<rule from="^http://(www\.)?redstate\.com/(login|t/)"
 		to="https://$1redstate.com/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Red_Bean_Software.xml b/src/chrome/content/rules/Red_Bean_Software.xml
index dff09a55de50..bdaa0cc887cb 100644
--- a/src/chrome/content/rules/Red_Bean_Software.xml
+++ b/src/chrome/content/rules/Red_Bean_Software.xml
@@ -1,8 +1,16 @@
 <!--
+	Nonfunctional subdomains:
+
+		- sanpietro *
+		- svnbook *
+
+	* Shows www
+
+
 	!www: mismatched
 
 -->
-<ruleset name="Red Bean Software" default_off="self-signed">
+<ruleset name="Red Bean Software (partial)" default_off="self-signed">
 
 	<target host="red-bean.com" />
 	<target host="www.red-bean.com" />
@@ -11,4 +19,9 @@
 	<rule from="^http://(?:www\.)?red-bean\.com/"
 		to="https://www.red-bean.com/" />
 
-</ruleset>
\ No newline at end of file
+	<!--	Redirect keeps path and args:
+						-->
+	<!--rule from="^http://sanpietro\.red-bean\.com/+"
+		to="https://bookliberator.org/" /-->
+
+</ruleset>
diff --git a/src/chrome/content/rules/Red_Bull.xml b/src/chrome/content/rules/Red_Bull.xml
index b1695b4d290d..51a8f5fdfb28 100644
--- a/src/chrome/content/rules/Red_Bull.xml
+++ b/src/chrome/content/rules/Red_Bull.xml
@@ -1,211 +1,66 @@
 <!--
 	Other Red Bull rulesets:
-
-		- Red_Bull_Content_Pool.xml
-		- Red_Bull_Media_House.xml
-		- Red_Bull_Mobile.xml
-		- Red_Bull_TV.xml
-		- Kart_Fighter.com.xml
-		- Wiiings.com.xml
-
-
-	Nonfunctional domains:
-
-		- redbull.com subdomains:
-
-			- energydrink-fr *
-			- flugtagglasaj		(shows hmapps.net; mismatched, CN: hmapps.net)
-			- games **
-			- rbx00412.microsites *
-
-		- trabajaconnosotros.redbull.es *
-		- score.redbull.mobi		(times out)
-		- atwork.redbull.ua **
-		- forage.redbull.ua **
-
-	* Refused
-	** Reset
-
-
-	Problematic domains:
-
-		- redbull.co.uk *
-		- www.redbull.co.uk **
-		- soapbox.redbull.com **
-		- redbull.(de|es|fr|in|no|ru|se|ua) *
-		- www.redbull.(de|es|fr|in|no|ru|se|ua) **
-		- redbullusa.com *
-		- www.redbullusa.com **
-
-	* Mismatched
-	** Reset
-
-
-	Partially covered domains:
-
-		- (www.)redbull.co.uk	(→ www.redbull.com)
-		- soapbox.redbull.com				(→ www)
-		- (www.)redbull.(de|es|fr|in|no|ru|se|ua)	(→ www.redbull.com)
-		- (www.)redbullusa.com				(→ www.redbull.com)
-
-
-	Fully covered domains:
-
-		- redbull.co.uk subdomains:
-
-			- challengetravis
-			- enterdannysmind
-			- formembed
-			- admin.rbri2012
-
-		- redbull.com subdomains:
-
-			- (www.)
-			- api
-			- athletewidget
-			- balconyshot-game
-			- cache-workbench
-			- confluence
-			- connect
-			- create
-			- creativearchive
-			- creativearchive-staging
-			- creativearchive-test
-			- editorial
-			- energydrink
-			- energydrink-at
-			- energydrink-de
-			- energydrink-it
-			- energydrink-uk
-			- energydrink-us
-			- enterdannysmind
-			- eventwidget
-			- forage
-			- gigya
-			- gigya-tests
-			- image
-			- image[123]
-			- infonet
-			- infonet2
-			- rbx00185.microsites
-			- mobile-ads
-			- stage-api
-			- stage-connect
-			- stage-energydrink
-			- streetstyle-game
-			- tibbr
-			- tibbr-ext
-			- tools
-			- trickshot-game
-			- workbench
-
-		- kontakt.redbull.de
-		- sugarfree.redbull.de
-		- augmentedracing.redbull.es
-		- cricket.redbull.in
-		- forage.redbull.ru
-		- lab.redbulls.com
-		- training.redbulls.com
-		- launchpad.redbullusa.com
-		- twtvsl.redbullusa.com
-
-
-	Mixed content:
-
-		- Images on www.redbull.com from image\d.redbull.com *
-
-		- Web bugs, on www.redbull.com from:
-
-			- redbull01.webtrekk.net *
-			- statse.webtrendslive.com *
-
-	* Secured by us
-
+		+ Kart_Fighter.com.xml
+		+ Red_Bull_Content_Pool.xml
+		+ Red_Bull_Media_House.xml
+		+ Red_Bull_Mobile.xml
+		+ Red_Bull_TV.xml
+		+ Wiiings.com.xml
+
+	Non-functional hosts
+		Timeout was reached:
+		- flugtagglasaj.redbull.com
+
+		SSL peer certificate was not OK:
+		- creativearchive-staging.redbull.com
+		- energydrink-at.redbull.com
+		- energydrink-de.redbull.com
+		- energydrink-fr.redbull.com
+		- energydrink-it.redbull.com
+		- energydrink-uk.redbull.com
+		- energydrink-us.redbull.com
+		- enterdannysmind.redbull.com
+		- forage.redbull.com
+		- games.redbull.com
+		- soapbox.redbull.com
+		- stage-energydrink.redbull.com
+
+		4xx client error:
+		- create.redbull.com
+		- creativearchive-test.redbull.com
+
+		5xx server error:
+		- editorial.redbull.com
+
+		Mixed content blocking (MCB) triggered:
+		- balconyshot-game.redbull.com
+		- energydrink.redbull.com
+		- gigya.redbull.com
+		- rbx00185.microsites.redbull.com
+		- streetstyle-game.redbull.com
+		- trickshot-game.redbull.com
 -->
-<ruleset name="Red Bull (partial)">
-
-	<target host="redbull.*" />
-	<target host="www.redbull.*" />
-	<target host="redbull.co.uk" />
-	<target host="*.redbull.co.uk" />
-	<target host="*.redbull.com" />
-	<target host="*.redbull.de" />
-	<target host="augmentedracing.redbull.es" />
-	<target host="cricket.redbull.in" />
-	<target host="forage.redbull.ru" />
-	<target host="*.redbulls.com" />
-	<target host="redbullusa.com" />
-	<target host="*.redbullusa.com" />
-
-
-	<securecookie host="^(?:challengetravis|enterdannysmind|formembed|admin\.rbri2012)\.redbull\.co\.uk$" name=".+" />
-	<securecookie host="^(?:(?:api|athletewidget|balconyshot-game|cache-workbench|connect|create|creativearchive(?:-staging|-test)?|energydrink|energydrink-(?:at|de|it|uk|us)|enterdannysmind|eventwidget|forage|giga|gigya-tests|image\d?|infonet2?|rbx00185\.microsites|mobile-ads|stage-(?:api|connect|energydrink)|streetstyle-game|tibbr|tools|trickshot-game|workbench|www)\.)?redbull\.com$" name=".+" />
-	<securecookie host="^(?:kontakt|sugarfree)\.redbull\.de$" name=".+" />
-	<securecookie host="^augmentedracing\.redbull\.es$" name=".+" />
-	<securecookie host="^cricket\.redbull\.in$" name=".+" />
-	<securecookie host="^forage\.redbull\.ru$" name=".+" />
-	<securecookie host="^(?:lab|training)\.redbulls\.com$" name=".+" />
-	<securecookie host="^(?:launchpad|twtvsl)\.redbullusa\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?redbull\.co\.uk/(\?.*)?$"
-		to="https://www.redbull.com/uk/en$1" />
-
-	<rule from="^http://(?:www\.)?redbull\.(?:co\.uk|\w\w)/cs/"
-		to="https://www.redbull.com/cs/" />
-
-	<rule from="^http://(challengetravis|enterdannysmind|formembed|admin\.rbri2012)\.redbull\.co\.uk/"
-		to="https://$1.redbull.co.uk/" />
-
-	<rule from="^http://((?:api|athletewidget|balconyshot-game|confluence|connect|create|creativearchive(?:-staging|-test)?|editorial|energydrink|energydrink-(?:at|de|it|uk|us)|enterdannysmind|eventwidget|forage|gigya|gigya-tests|image\d?|infonet2?|rbx00185\.microsites|mobile-ads|stage-(?:api|connect|energydrink)|streetstyle-game|tibbr|tibbr-ext|tools|trickshot-game|workbench|www)\.)?redbull\.com/"
-		to="https://$1redbull.com/" />
-
-	<rule from="^http://soapbox\.redbull\.com/(?:\?.*)?$"
-		to="https://www.redbull.com/" />
-
-	<rule from="^http://(?:www\.)?redbull\.de/(\?.*)?$"
-		to="https://www.redbull.com/cs/Satellite/de_DE/RED-BULL-DE/001242746061488$1" />
-
-	<rule from="^http://(kontakt|sugarfree)\.redbull\.de/"
-		to="https://$1.redbull.de/" />
-
-	<rule from="^http://(?:www\.)?redbull\.es/(\?.*)?$"
-		to="https://www.redbull.com/cs/Satellite/es_ES/RED-BULL-ES/001242746062075$1" />
-
-	<rule from="^http://augmentedracing\.redbull\.es/"
-		to="https://augmentedracing.redbull.es/" />
-
-	<rule from="^http://(?:www\.)?redbull\.fr/(\?.*)?$"
-		to="https://www.redbull.com/cs/Satellite/fr_FR/RED-BULL-Home-page_FR/001242746062375$1" />
-
-	<rule from="^http://(?:www\.)?redbull\.in/(\?.*)?$"
-		to="https://www.redbull.com/cs/Satellite/en_IN/Red-Bull-Home/001242877412074$1" />
-
-	<rule from="^http://cricket\.redbull\.in/"
-		to="https://cricket.redbull.in/" />
-
-	<rule from="^http://(?:www\.)?redbull\.no/(\?.*)?$"
-		to="https://www.redbull.com/cs/Satellite/no_NO/RedBull/001242760618750$1" />
-
-	<rule from="^http://(?:www\.)?redbull\.ru/(\?.*)?$"
-		to="https://www.redbull.com/cs/Satellite/ru_RU/Red-Bull-Russia/001242758643321$1" />
-
-	<rule from="^http://forage\.redbull\.ru/"
-		to="https://forage.redbull.ru/" />
-
-	<rule from="^http://(?:www\.)?redbull\.se/(\?.*)?$"
-		to="https://www.redbull.com/cs/Satellite/sv_SE/REDBULL/001242760548154$1" />
-
-	<rule from="^http://(?:www\.)?redbull\.ua/(\?.*)?$"
-		to="https://www.redbull.com/cs/Satellite/ru_UA/Red-Bull/001242776437928$1" />
-
-	<rule from="^http://(lab|training)\.redbulls\.com/"
-		to="https://$1.redbulls.com/" />
-
-	<rule from="^http://(?:www\.)?redbullusa\.com/(?:\?.*)?$"
-		to="https://www.redbull.com/us/en" />
-
-	<rule from="^http://(?:launchpad|twtvsl)\.redbullusa\.com/"
-		to="https://$1.redbullusa.com/" />
-
+<ruleset name="Red Bull.com (partial)">
+	<target host="redbull.com" />
+	<target host="api.redbull.com" />
+	<target host="athletewidget.redbull.com" />
+	<target host="connect.redbull.com" />
+	<target host="creativearchive.redbull.com" />
+	<target host="eventwidget.redbull.com" />
+	<target host="gigya-tests.redbull.com" />
+	<target host="image.redbull.com" />
+	<target host="image1.redbull.com" />
+	<target host="image2.redbull.com" />
+	<target host="image3.redbull.com" />
+	<target host="infonet.redbull.com" />
+	<target host="infonet2.redbull.com" />
+	<target host="rbx00412.microsites.redbull.com" />
+	<target host="mobile-ads.redbull.com" />
+	<target host="stage-api.redbull.com" />
+	<target host="stage-connect.redbull.com" />
+	<target host="tools.redbull.com" />
+	<target host="workbench.redbull.com" />
+	<target host="www.redbull.com" />
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Red_Bull_Content_Pool.xml b/src/chrome/content/rules/Red_Bull_Content_Pool.xml
index e4db8653f05a..5064409be43a 100644
--- a/src/chrome/content/rules/Red_Bull_Content_Pool.xml
+++ b/src/chrome/content/rules/Red_Bull_Content_Pool.xml
@@ -1,4 +1,6 @@
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://redbullcontentpool.com/ => https://www.redbullcontentpool.com/: (28, 'Connection timed out after 10000 milliseconds')
 	For other Red Bull coverage, see Red_Bull.xml.
 
 
@@ -24,7 +26,16 @@
 <ruleset name="Red Bull Content Pool">
 
 	<target host="redbullcontentpool.com" />
-	<target host="*.redbullcontentpool.com" />
+	<target host="www.redbullcontentpool.com" />
+	<target host="cliffdiving.redbullcontentpool.com" />
+	<target host="crashedice.redbullcontentpool.com" />
+	<target host="images.redbullcontentpool.com" />
+	<target host="info.redbullcontentpool.com" />
+	<target host="internal.redbullcontentpool.com" />
+	<target host="musicacademy.redbullcontentpool.com" />
+	<target host="stratos.redbullcontentpool.com" />
+	<target host="www-staging.redbullcontentpool.com" />
+	<target host="xfighters.redbullcontentpool.com" />
 
 
 	<securecookie host="^(?:internal|www|www-staging)\.redbullcontentpool\.com$" name=".+" />
@@ -33,7 +44,6 @@
 	<rule from="^http://(?:www\.)?redbullcontentpool\.com/"
 		to="https://www.redbullcontentpool.com/" />
 
-	<rule from="^http://(cliffdiving|crashedice|images|info|internal|musicacademy|stratos|www-staging|xfighters)\.redbullcontentpool\.com/"
-		to="https://$1.redbullcontentpool.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Red_Bull_Media_House.xml b/src/chrome/content/rules/Red_Bull_Media_House.xml
index 1eadf93307e4..31a150146549 100644
--- a/src/chrome/content/rules/Red_Bull_Media_House.xml
+++ b/src/chrome/content/rules/Red_Bull_Media_House.xml
@@ -23,13 +23,19 @@
 -->
 <ruleset name="Red Bull Media House (partial)">
 
-	<target host="*.redbullmediahouse.com" />
+	<target host="analytics.redbullmediahouse.com" />
+	<target host="fonts.redbullmediahouse.com" />
+	<target host="me.redbullmediahouse.com" />
+	<target host="mediamanager.redbullmediahouse.com" />
+	<target host="mediamanager-staging.redbullmediahouse.com" />
+	<target host="sales.redbullmediahouse.com" />
+	<target host="stage-wiki.redbullmediahouse.com" />
+	<target host="wiki.redbullmediahouse.com" />
 
 
 	<securecookie host="^(?:content|me|mediamanager(?:-staging)?|sales|stage-wiki|wiki)\.redbullmediahouse\.com$" name=".+" />
 
 
-	<rule from="^http://(analytics|content|fonts|me|mediamanager(?:-staging)?|sales|stage-wiki|wiki)\.redbullmediahouse\.com/"
-		to="https://$1.redbullmediahouse.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Red_Bull_Mobile-falsemixed.xml b/src/chrome/content/rules/Red_Bull_Mobile-falsemixed.xml
index ab40591c3f23..701b7c03de69 100644
--- a/src/chrome/content/rules/Red_Bull_Mobile-falsemixed.xml
+++ b/src/chrome/content/rules/Red_Bull_Mobile-falsemixed.xml
@@ -5,7 +5,7 @@
 <ruleset name="Red Bull Mobile (false MCB)" platform="mixedcontent">
 
 	<target host="redbullmobile.at" />
-	<target host="*.redbullmobile.at" />
+	<target host="www.redbullmobile.at" />
 		<!--
 			Handled in Red_Bull_Mobile.xml
 							-->
diff --git a/src/chrome/content/rules/Red_Bull_Mobile.xml b/src/chrome/content/rules/Red_Bull_Mobile.xml
index a892708fe8ed..a541e8ae76f4 100644
--- a/src/chrome/content/rules/Red_Bull_Mobile.xml
+++ b/src/chrome/content/rules/Red_Bull_Mobile.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://redbullmobile.com.au/ => https://redbullmobile.com.au/: (51, "SSL: no alternative certificate subject name matches target host name 'redbullmobile.com.au'")
+
 	For rules causing false/broken MCB, see Red_Bull_Mobile-falsemixed.xml.
 
 	For other Red Bull coverage, see Red_Bull.xml.
@@ -76,7 +80,7 @@
 	-falsemixed should be merged for Ffx 24.
 
 -->
-<ruleset name="Red Bull Mobile (partial)">
+<ruleset name="Red Bull Mobile (partial)" default_off="failed ruleset test">
 
 	<target host="redbullmobile.at" />
 	<target host="www.redbullmobile.at" />
@@ -84,9 +88,15 @@
 			Avoid false/broken MCB:
 							-->
 		<!--exclusion pattern="^http://(www\.)?redbullmobile\.at/(?!fileadmin/|typo3conf/|typo3temp/|uploads/)" /-->
-	<target host="*.redbullmobile.com" />
+	<target host="fbck.redbullmobile.com" />
+	<target host="qr.redbullmobile.com" />
+	<target host="socialposter.redbullmobile.com" />
+	<target host="trackingtool.redbullmobile.com" />
+	<target host="worb.redbullmobile.com" />
 	<target host="redbullmobile.com.au" />
-	<target host="*.redbullmobile.com.au" />
+	<target host="www.redbullmobile.com.au" />
+	<target host="secure.redbullmobile.com.au" />
+	<target host="securea.redbullmobile.com.au" />
 
 
 	<securecookie host="^(?:fbck|qr|socialposter|trackingtool|worb)\.redbullmobile\.com$" name=".+" />
@@ -105,4 +115,4 @@
 	<rule from="^http://secure(a)?\.redbullmobile\.com\.au/"
 		to="https://secure$1.redbullmobile.com.au/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Red_Bull_TV.xml b/src/chrome/content/rules/Red_Bull_TV.xml
index b6103330300b..e41e99b718f8 100644
--- a/src/chrome/content/rules/Red_Bull_TV.xml
+++ b/src/chrome/content/rules/Red_Bull_TV.xml
@@ -13,13 +13,12 @@
 -->
 <ruleset name="Red Bull TV (partial)">
 
-	<target host="*.redbull.tv" />
+	<target host="live.redbull.tv" />
 
 
 	<securecookie host="^live\.redbull\.tv$" name=".+" />
 
 
-	<rule from="^http://live(2)?\.redbull\.tv/"
-		to="https://live$1.redbull.tv/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Red_Cross.org.xml b/src/chrome/content/rules/Red_Cross.org.xml
index 73f8e8143263..4b97b9eaa61d 100644
--- a/src/chrome/content/rules/Red_Cross.org.xml
+++ b/src/chrome/content/rules/Red_Cross.org.xml
@@ -1,7 +1,9 @@
 <!--
 	Problematic subdomains:
 
-		- ^	(cert only matches *.redcross.org)
+		- ^ *
+
+	* Cert only matches *.redcross.org
 
 
 	Some pages redirect to http.
@@ -13,7 +15,7 @@
 	<target host="www.redcross.org" />
 
 
-	<rule from="^http://(?:www\.)?redcross\.org/((?:accounthelp|modal)(?:$|[?/])|ajax/|css/|donate/\w|images/|js/)"
-		to="https://www.redcross.org/$1" />
+	<rule from="^http://(?:www\.)?redcross\.org/(?=(?:accounthelp|modal)(?:$|[?/])|ajax/|css/|donate/\w|images/|js/)"
+		to="https://www.redcross.org/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Red_Ferret.xml b/src/chrome/content/rules/Red_Ferret.xml
deleted file mode 100644
index 22c24e6ae42d..000000000000
--- a/src/chrome/content/rules/Red_Ferret.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="The Red Ferret">
-
-	<target host="redferret.net" />
-	<target host="*.redferret.net" />
-
-
-	<securecookie host="^(?:www)?\.redferret\.net$" name=".+" />
-
-
-	<rule from="^http://(www\.)?theferret\.net/"
-		to="https://$1theferret.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Red_Flush_Casino.xml b/src/chrome/content/rules/Red_Flush_Casino.xml
index be1676fa0842..3b3e2a34c931 100644
--- a/src/chrome/content/rules/Red_Flush_Casino.xml
+++ b/src/chrome/content/rules/Red_Flush_Casino.xml
@@ -1,16 +1,19 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://secure.redflush.com/ => https://secure.redflush.com/: (28, 'Connection timed out after 20001 milliseconds')
+
 	Nonfunctional domains:
 
 		- (www.)redflush.com		(shows secure; mismatched, CN: secure.redflush.com)
 		- (www.)redflushcasino.eu	(no https)
 
 -->
-<ruleset name="Red Flush Casino (partial)">
+<ruleset name="Red Flush Casino (partial)" default_off="failed ruleset test">
 
 	<target host="secure.redflush.com" />
 
 
-	<rule from="^http://secure\.redflush\.com/"
-		to="https://secure.redflush.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Red_Hat.xml b/src/chrome/content/rules/Red_Hat.xml
index e1935c3597b9..0e0a8ef89abf 100644
--- a/src/chrome/content/rules/Red_Hat.xml
+++ b/src/chrome/content/rules/Red_Hat.xml
@@ -1,118 +1,129 @@
 <!--
-	magazine & servicesblog.redhat.com are handled in WordPress-blogs.xml.
-
 
 	Other Red Hat rulesets:
 
+		- 3scale.net.xml
+		- Beaker-Project.org.xml
+		- Cygwin.com.xml
+		- Enterprisers_Project.com.xml
+		- Gluster.org.xml
 		- JBoss.xml
 		- Opensource.com.xml
 		- OpenShift.xml
+		- RDO_project.org.xml
+		- RH_Cloud.com.xml
+		- Spice-space.org.xml
 
 
-	rhat.client.shareholder.com
-
-			- investors
-
-
-	Nonfunctional subdomains:
-
-		- et		(refused)
-		- ftp *
-		- investors *
-		- spacewalk	(shows www)
-		- sources *
+	rhat.client.shareholder.com	← investors
 
-	* Times out
 
+	Nonfunctional hosts in *redhat.com:
 
-	Problematic subdomains:
-
-		- apac		(cert only matches www.apac)
-		- europe	(cert only matches www.europe)
-		- jobs		(mismatched, CN: *.sc.hodesdigital.com)
-		- magazine *
+		- cloudformsblog *
+		- et ʳ
+		- ftp ᵈ
+		- middlewareblog *
+		- mobileblog *
+		- redhatstackblog *
+		- redhatstorage *
+		- rhelblog *
 		- servicesblog *
+		- spacewalk *
+		- sources ᵈ
+		- verticalindustriesblog *
 
-	* Mismatched, CN: *.wordpress.com
-
-
-	Partially covered subdomains:
-
-		- investors	(→ investor.shareholder.com)
-
-
-	Fully covered subdomains:
-
-		- (www.)	(^ → www)
-		- academy
-		- access
-		- (www.)apac	(^ → www)
-		- ar
-		- archive
-		- at
-		- au
-		- be
-		- br
-		- bugzilla
-		- ca
-		- careers
-		- cn
-		- de
-		- docs
-		- engage
-		- es
-		- (www.)europe	(^ → www)
-		- fr
-		- gb
-		- hardware
-		- id
-		- in
-		- it
-		- jobs		(→ redhat.sc.hodesdigital.com)
-		- jp
-		- listman
-		- lk
-		- mx
-		- openshift
-		- people
-		- ph
-		- rhn
-		- ru
-		- sg
-		- smtrcs
-		- support
-		- webmail
-
-
-	Mixed content:
-
-		- Web bug on www from s7.addthis.com *
-
-	* Secured by us
+	* Redirects to http
+	ʳ Refused
+	ᵈ Dropped
 
--->
-<ruleset name="Red Hat">
 
-	<target host="redhat.com" />
-	<target host="*.redhat.com" />
+	Problematic hosts in *redhat.com:
 
+		- apac ᴵ
+		- www.apac ᴵ
+		- community ᴵ
+		- www.cz ᵐ
 
-	<securecookie host="^(?:.*\.)?redhat\.com$" name=".+" />
+	ᵐ Mismatched
+	ᴵ Incomplete certificate chain
 
+	careers: Dropped over http & https
 
-	<rule from="^http://(?:www\.)?redhat\.com/"
-		to="https://www.redhat.com/" />
 
-	<rule from="^http://(academy|access|a[rtu]|archive|be|br|bugzilla|ca|careers|cn|de|docs|engage|es|fr|gb|hardware|i[dnt]|jp|listman|lk|mx|openshift|people|ph|rhn|ru|sg|smtrcs|support|webmail)\.redhat\.com/"
-		to="https://$1.redhat.com/" />
+	Insecure cookies are set for these domains and hosts:
 
-	<rule from="^http://(?:www\.)?(apac|europe)\.redhat\.com/"
-		to="https://www.$1.redhat.com/" />
+		- .redhat.com
+		- .bugzilla.redhat.com
+		- .smtrcs.redhat.com
+		- www.redhat.com
+		- .www.redhat.com
 
-	<rule from="^http://investors\.redhat\.com/common/"
-		to="https://investor.shareholder.com/common/" />
+-->
+<ruleset name="Red Hat.com">
 
-	<rule from="^http://jobs\.redhat\.com/"
-		to="https://redhat.sc.hodesdigital.com/" />
+	<target host="redhat.com" />
+	<target host="www.redhat.com" />
+	<target host="academy.redhat.com" />
+	<target host="access.redhat.com" />
+	<target host="ar.redhat.com" />
+	<target host="archive.redhat.com" />
+	<target host="at.redhat.com" />
+	<target host="au.redhat.com" />
+	<target host="be.redhat.com" />
+	<target host="br.redhat.com" />
+	<target host="bugzilla.redhat.com" />
+	<target host="ca.redhat.com" />
+	<target host="cn.redhat.com" />
+	<target host="cz.redhat.com" />
+	<target host="www.cz.redhat.com" />
+	<target host="de.redhat.com" />
+	<target host="developerblog.redhat.com" />
+	<target host="docs.redhat.com" />
+	<target host="engage.redhat.com" />
+	<target host="es.redhat.com" />
+	<target host="europe.redhat.com" />
+	<target host="www.europe.redhat.com" />
+	<target host="fr.redhat.com" />
+	<target host="gb.redhat.com" />
+	<target host="hardware.redhat.com" />
+	<target host="id.redhat.com" />
+	<target host="in.redhat.com" />
+	<target host="investors.redhat.com" />
+	<target host="it.redhat.com" />
+	<target host="jobs.redhat.com" />
+	<target host="jp.redhat.com" />
+	<target host="listman.redhat.com" />
+	<target host="lk.redhat.com" />
+	<target host="magazine.redhat.com" />
+	<target host="mx.redhat.com" />
+	<target host="openshift.redhat.com" />
+	<target host="openstack.redhat.com" />
+	<target host="partner.redhat.com" />
+	<target host="people.redhat.com" />
+	<target host="ph.redhat.com" />
+	<target host="rhn.redhat.com" />
+	<target host="ru.redhat.com" />
+	<target host="securityblog.redhat.com" />
+	<target host="sg.redhat.com" />
+	<target host="smtrcs.redhat.com" />
+	<target host="support.redhat.com" />
+	<target host="webmail.redhat.com" />
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.redhat\.com$" name="^(JSESSIONIDSSO|become_user|rh_become|rh_shared_auth|rh_user|rh_user_detail|s_vi)$" /-->
+	<!--securecookie host="^\.bugzilla\.redhat\.com$" name="^(BROWSE_PRODUCT|Bugzilla_login_request_cookie|DEFAULTFORMAT)$" /-->
+	<!--securecookie host="^\.smtrcs\.redhat\.com$" name="^s_vi$" /-->
+	<!--securecookie host="^www\.redhat\.com$" name="^(AWSELB|JSESSIONID|WL_DCID|java-wapps-t1-sticky-sessions)$" /-->
+	<!--securecookie host="^\.www\.redhat\.com$" name="^DCID$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://www\.cz\.redhat\.com/"
+		to="https://cz.redhat.com/" />
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Red_Letter_Days.co.uk.xml b/src/chrome/content/rules/Red_Letter_Days.co.uk.xml
new file mode 100644
index 000000000000..22cea2a6b82d
--- /dev/null
+++ b/src/chrome/content/rules/Red_Letter_Days.co.uk.xml
@@ -0,0 +1,15 @@
+<ruleset name="Red Letter Days.co.uk">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="redletterdays.co.uk" />
+	<target host="www.redletterdays.co.uk" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Red_Team.net.xml b/src/chrome/content/rules/Red_Team.net.xml
new file mode 100644
index 000000000000..780fcf1735f7
--- /dev/null
+++ b/src/chrome/content/rules/Red_Team.net.xml
@@ -0,0 +1,9 @@
+<ruleset name="Red Team.net (partial)" default_off="refused">
+
+	<target host="encrypted.redteam.net" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Redblue.de.xml b/src/chrome/content/rules/Redblue.de.xml
new file mode 100644
index 000000000000..6d41b85764d1
--- /dev/null
+++ b/src/chrome/content/rules/Redblue.de.xml
@@ -0,0 +1,15 @@
+<!--
+	(www.)?: Plaintext reply
+
+-->
+<ruleset name="redblue.de (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="css.redblue.de" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Redbridge.gov.uk.xml b/src/chrome/content/rules/Redbridge.gov.uk.xml
new file mode 100644
index 000000000000..c307bc5c414a
--- /dev/null
+++ b/src/chrome/content/rules/Redbridge.gov.uk.xml
@@ -0,0 +1,114 @@
+<!--
+	London Borough of Redbridge
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *redbridge.gov.uk:
+
+		- contracts ᵃ
+		- data ⁴
+		- emissions ᵃ
+		- forums ⁴
+		- find ᵃ
+		- mylife ²
+		- planning ⁴
+
+	ᵃ Shows another domain
+	² 200 blank page
+	⁴ 404
+
+
+	Problematic hosts in *redbridge.gov.uk:
+
+		- moderngov ʰ
+
+	ʰ Some pages redirect to http
+
+
+	These altnames do not exist:
+
+		- www.benefits.redbridge.gov.uk
+		- www.payments.redbridge.gov.uk
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.redbridge.gov.uk ᶜ
+		- youchoose.redbridge.gov.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css on www2 from $self ˢ
+		- Images on www2 from www.redbridge.gov.uk ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Redbridge.gov.uk (partial)">
+
+	<target host="redbridge.gov.uk" />
+	<target host="benefits.redbridge.gov.uk" />
+	<target host="eforms.redbridge.gov.uk" />
+	<target host="moderngov.redbridge.gov.uk" />
+	<target host="payments.redbridge.gov.uk" />
+	<target host="www.redbridge.gov.uk" />
+	<target host="www2.redbridge.gov.uk" />
+	<!--target host="www2.redbridge.gov.uk" /-->
+	<target host="youchoose.redbridge.gov.uk" />
+
+		<!--	Mixed css:
+					-->
+		<!--test url="http://www2.redbridge.gov.uk/cms/the_council/about_the_council/budget_consultation_2015.aspx" /-->
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://moderngov\.redbridge\.gov\.uk/(?:mgUserInfo|mgePetitionListDisplay)\.aspx" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://moderngov\.redbridge\.gov\.uk/(?!/*(?:[Ss]iteSpecific/|TagDocs/|UserData/|(?:ieLogon|ieRegisterUser|mgEPetitionSubmit|mgPasswordReqst|mgRegisterKeywordInterest)\.aspx|jquery-ui/|mgimages/))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://moderngov.redbridge.gov.uk/ieDocHome.aspx" />
+			<test url="http://moderngov.redbridge.gov.uk/ieDocSearch.aspx" />
+			<test url="http://moderngov.redbridge.gov.uk/mgCalendarMonthView.aspx" />
+			<test url="http://moderngov.redbridge.gov.uk/mgDelegatedDecisions.aspx" />
+			<test url="http://moderngov.redbridge.gov.uk/mgGeneric.aspx" />
+			<test url="http://moderngov.redbridge.gov.uk/mgListCommittees.aspx" />
+			<test url="http://moderngov.redbridge.gov.uk/mgMemberIndex.aspx" />
+			<test url="http://moderngov.redbridge.gov.uk/mgPlansHome.aspx" />
+			<test url="http://moderngov.redbridge.gov.uk/mgUserInfo.aspx" />
+			<test url="http://moderngov.redbridge.gov.uk/mgWhatsNew.aspx" />
+			<test url="http://moderngov.redbridge.gov.uk/mgePetitionListDisplay.aspx" />
+
+			<!--	-ve:
+					-->
+			<test url="http://moderngov.redbridge.gov.uk/SiteSpecific/ssWordStyles.css" />
+			<test url="http://moderngov.redbridge.gov.uk/TagDocs/3/2/0/T00000023/logo.jpg" />
+			<test url="http://moderngov.redbridge.gov.uk/UserData/9/3/0/Info00000039/bigpic.jpg" />
+			<test url="http://moderngov.redbridge.gov.uk/ieLogon.aspx" />
+			<test url="http://moderngov.redbridge.gov.uk/ieRegisterUser.aspx" />
+			<test url="http://moderngov.redbridge.gov.uk/jquery-ui/css/Smoothness/jquery-ui-1.10.2.custom.min.css" />
+			<test url="http://moderngov.redbridge.gov.uk/mgEPetitionSubmit.aspx" />
+			<test url="http://moderngov.redbridge.gov.uk/mgPasswordReqst.aspx" />
+			<test url="http://moderngov.redbridge.gov.uk/mgRegisterKeywordInterest.aspx" />
+			<test url="http://moderngov.redbridge.gov.uk/mgimages/logo-pdf-1.gif" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.redbridge\.gov\.uk$" name="^Redbridge" /-->
+	<!--securecookie host="^youchoose\.redbridge\.gov\.uk$" name="^YouChooseCookie$" /-->
+
+	<securecookie host="^(?!moderngov\.)\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Redcats.xml b/src/chrome/content/rules/Redcats.xml
deleted file mode 100644
index a78c2d9d3d1e..000000000000
--- a/src/chrome/content/rules/Redcats.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="Redcats (partial)">
-
-	<target host="*.redcatsecom.com" />
-
-
-	<securecookie host="^media\.redcatsecom\.com$" name=".+" />
-
-
-	<rule from="^http://(images|media)\.redcatsecom\.com/"
-		to="https://$1.redcatsecom.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Redcdn.pl.xml b/src/chrome/content/rules/Redcdn.pl.xml
new file mode 100644
index 000000000000..3597f160fd0b
--- /dev/null
+++ b/src/chrome/content/rules/Redcdn.pl.xml
@@ -0,0 +1,14 @@
+<ruleset name="redcdn.pl">
+
+	<target host="n-4-2.dcs.redcdn.pl" />
+	<target host="r.dcs.redcdn.pl" />
+
+
+	<securecookie host="^\w" name=".+" />
+	<securecookie host="^\." name="^__utm" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Redcoon.pt.xml b/src/chrome/content/rules/Redcoon.pt.xml
new file mode 100644
index 000000000000..23271299cc5b
--- /dev/null
+++ b/src/chrome/content/rules/Redcoon.pt.xml
@@ -0,0 +1,34 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.redcoon.pt/ => https://www.redcoon.pt/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://redcoon.pt/ => https://www.redcoon.pt/: (60, 'SSL certificate problem: certificate has expired')
+
+	^redcoon.pt: Expired, mismatched
+
+
+	Mixed content:
+
+		- Images from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Redcoon.pt" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.redcoon.pt" />
+
+	<!--	Complications:
+				-->
+	<target host="redcoon.pt" />
+
+
+	<rule from="^http://redcoon\.pt/"
+		to="https://www.redcoon.pt/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Redd.it.xml b/src/chrome/content/rules/Redd.it.xml
deleted file mode 100644
index def122fc9b00..000000000000
--- a/src/chrome/content/rules/Redd.it.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	For rules that are on by default, see Reddit.xml.
-
--->
-<ruleset name="Redd.it" default_off="correctness uncertain">
-
-	<target host="redd.it" />
-
-
-        <!--	Not entirely sure that this rule is always correct.
-					-->
-	<rule from="^http://redd\.it/"
-		to="https://www.reddit.com/tb/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Redd_Pics.com-falsemixed.xml b/src/chrome/content/rules/Redd_Pics.com-falsemixed.xml
new file mode 100644
index 000000000000..9b3e5490f4a5
--- /dev/null
+++ b/src/chrome/content/rules/Redd_Pics.com-falsemixed.xml
@@ -0,0 +1,16 @@
+<!--
+	For rules not causing false/broken MCB, see Redd_Pics.com.xml.
+
+-->
+<ruleset name="Redd Pics.com (false MCB)" platform="mixedcontent">
+
+	<target host="reddpics.com" />
+
+
+	<securecookie host="^\.reddpics\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Redd_Pics.com.xml b/src/chrome/content/rules/Redd_Pics.com.xml
new file mode 100644
index 000000000000..a49a715833b1
--- /dev/null
+++ b/src/chrome/content/rules/Redd_Pics.com.xml
@@ -0,0 +1,58 @@
+<!--
+	For rules causing false/broken MCB, see Redd_Pics.com-falsemixed.xml.
+
+
+	Insecure cookies are set for these domains:
+
+		- .reddpics.com
+
+
+	Mixed content:
+
+		- Scripts from ajax.googleapis.com *
+		- css from ajax.googlapis.com *
+
+		- Images, from:
+
+			- www.reddit.com *
+			- [ab].thumbs.redditmedia.com *
+
+		- favicon from www.reddit.com *
+
+		- Bugs, from:
+
+			- reddit.com *
+			- s7.addthis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Redd Pics.com (partial)">
+
+	<target host="reddpics.com" />
+	<target host="www.reddpics.com" />
+		<!--
+			Avoid false/broken MCB:
+						-->
+		<exclusion pattern="^http://reddpics\.com/+(?!assets/|favicon\.ico)" />
+
+			<!--	-ve:
+					-->
+			<test url="http://reddpics.com/r/funny/" />
+			<test url="http://reddpics.com/r/pics/" />
+			<test url="http://reddpics.com/r/earthporn/" />
+
+			<!--	-ve:
+					-->
+			<test url="http://reddpics.com/favicon.ico" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.reddpics\.com$" name="^(__cfduid|cf_clearance)$" /-->
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Reddit.xml b/src/chrome/content/rules/Reddit.xml
index 29022dd4e0d1..5fe972105fa2 100644
--- a/src/chrome/content/rules/Reddit.xml
+++ b/src/chrome/content/rules/Reddit.xml
@@ -1,65 +1,100 @@
 <!--
-	For full coverage via pay.reddit.com, see Reddit_via_pay.xml.
+	For other Condé Nast coverage, see Conde-Nast.xml.
 
 
-	For other Condé Nast coverage, see Conde-Nast.xml.
+	Other Reddit rulesets:
+
+		- redditblog.com.xml
+		- Reddit_media.com.xml
+		- Reddit_static.com.xml
+		- Redditgifts.com.xml
+
+
+	As of Aug. 2014, Reddit supports lots more SSL!
+	We can probably prune some of the old static rules here.
 
 
 	CDN buckets:
 
+		- s3.amazonaws.com/as-production-assets/
+		- s3-us-west-2.amazonaws.com/as-user-assets/
 		- s3.amazonaws.com/reddit/
 		- s3.amazonaws.com/redditads/
 		- s3.amazonaws.com/redditstatic/
+		- s3.amazonaws.com/sp.reddit.com/
 		- s3.amazonaws.com/static.reddit.com/
 		- s3.amazonaws.com/(\w\.)?thumbs.redditmedia.com/
 		- buttons.reddit.com.edgesuite.net
 
 
-	Nonfunctional domains:
+	Problematic subdomains:
+
+		- www.np *
+
+	* Mismatched
 
-		- blog.reddit.com	(blogger)
-		- buttons.reddit.com	(503, akamai)
 
-		- pixel.redditmedia.com	(dropped)
+	Observed hosts:
 
-			Seems some sort of ad tracking, possibly can be sent to /dev/null; didn't find
-			anything broken when I blocked the domain.  Doesn't seem to be used anymore.
+		- (www.)
 
-		- www.redditmedia.com	(refused)
+		- [a-z]{1,2}:
 
-			Seems only/mostly to be used for ads
+			- dr
+			- fp
+			- gr
+			- i
+			- np
+			- pr
+			- rd
+			- sl
+			- sp
+			- sv
 
+		- [a-z]{2}-[a-z]{2}:
 
-	No pages are covered, therefore there
-	*CANNOT* be any mixed content!
+			- en-us
+
+		- blog
+		- m
+		- www.np	(→ np)
+		- pay
+		- pixel
+		- redditama
+		- ssl
+		- static
+		- thumbs	(→ s3.amazonaws.com)
+
+
+	Insecure cookies are set for these hosts:
+
+		- .reddit.com
 
 -->
-<ruleset name="Reddit (partial)">
+<ruleset name="Reddit.com">
 
 	<target host="reddit.com" />
-	<target host="ssl.reddit.com" />
-	<target host="static.reddit.com" />
-	<target host="thumbs.reddit.com" />
-	<target host="www.reddit.com" />
-		<!--
-			static/ contains social media widgets:
-								-->
-		<exclusion pattern="^http://(?:www\.)?reddit\.com/(?!static/)" />
-	<target host="*.redditmedia.com" />
-	<target host="redditstatic.com" />
-	<target host="www.redditstatic.com" />
+	<target host="*.reddit.com" />
+
+		<test url="http://i.reddit.com/" />
+		<test url="http://m.reddit.com/" />
+		<test url="http://np.reddit.com/" />
+		<test url="http://redditama.reddit.com/" />
+		<test url="http://www.reddit.com/" />
+
+
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(?:ssl\.|www\.)?reddit\.com/"
-		to="https://ssl.reddit.com/" />
+	<rule from="^http://www\.np\.reddit\.com/"
+		to="https://np.reddit.com/" />
 
-	<rule from="^http://(static|thumbs)\.reddit\.com/"
-		to="https://s3.amazonaws.com/$1.reddit.com/" />
+		<test url="http://www.np.reddit.com/" />
 
-	<rule from="^http://(\w+\.)?thumbs\.redditmedia\.com/"
-		to="https://s3.amazonaws.com/$1thumbs.redditmedia.com/" />
+	<!--rule from="^http://((?:[a-z]{1,2}|[a-z]{2}-[a-z]{2}|blog|pay|redditama|ssl|static|www)\.)?reddit\.com/"
+		to="https://$1reddit.com/" /-->
 
-	<rule from="^http://(?:www\.)?redditstatic\.com/"
-		to="https://redditstatic.s3.amazonaws.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/RedditCommentSearch.com.xml b/src/chrome/content/rules/RedditCommentSearch.com.xml
new file mode 100644
index 000000000000..1a90ce60596b
--- /dev/null
+++ b/src/chrome/content/rules/RedditCommentSearch.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="RedditCommentSearch.com">
+	<target host="redditcommentsearch.com" />
+	<target host="www.redditcommentsearch.com" />
+
+	<securecookie host=".+" name=".+" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/RedditSearch.io.xml b/src/chrome/content/rules/RedditSearch.io.xml
new file mode 100644
index 000000000000..bd993622bcad
--- /dev/null
+++ b/src/chrome/content/rules/RedditSearch.io.xml
@@ -0,0 +1,7 @@
+<ruleset name="RedditSearch.io">
+	<target host="redditsearch.io" />
+	<target host="www.redditsearch.io" />
+	<target host="dev.redditsearch.io" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Reddit_media.com.xml b/src/chrome/content/rules/Reddit_media.com.xml
new file mode 100644
index 000000000000..492f221c44bb
--- /dev/null
+++ b/src/chrome/content/rules/Reddit_media.com.xml
@@ -0,0 +1,29 @@
+<!--
+	For other Reddit coverage, see Reddit.xml.
+
+-->
+<ruleset name="Reddit media.com">
+
+	<target host="redditmedia.com" />
+	<target host="www.redditmedia.com" />
+	<target host="events.redditmedia.com" />
+	<target host="g.redditmedia.com" />
+		<test url="http://g.redditmedia.com/ZqERV0Z-L0TyJAxaLgS2YskO2guA--YrrdSJnvi1f7Y.gif?w=320&#x26;s=51ccb620a0210bff32239dd34a2228b9" />
+	<target host="i.redditmedia.com" />
+		<test url="http://i.redditmedia.com/jdw4flVxtSVrDHXyE1NZ2nV9t7Q5DsMDEtPUe0_6B5I.jpg?w=676&#x26;s=e325ebda6f54baf45cd8ba6bc3349d16" />
+	<target host="pixel.redditmedia.com" />
+	<target host="stats.redditmedia.com" />
+	<target host="*.thumbs.redditmedia.com" />
+		<test url="http://a.thumbs.redditmedia.com/pbdCjaLMmMnHpXvvATQyqTYxo0YxAWwdFy3S7TTtuv4.jpg" />
+		<test url="http://b.thumbs.redditmedia.com/k4pNSiDT1OA-DYeMm3ptBm950LXye21qFj7s6Qehx2A.png" />
+		<test url="http://c.thumbs.redditmedia.com/XW1ML8TIh_5y7DMP.png" />
+		<test url="http://d.thumbs.redditmedia.com/k8q0im6uy3CGEpUu.png" />
+		<test url="http://e.thumbs.redditmedia.com/is5tiAdGjmJh9jyj.png" />
+		<test url="http://f.thumbs.redditmedia.com/sBJfjQft_8pqDRBA.png" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Reddit_static.com.xml b/src/chrome/content/rules/Reddit_static.com.xml
new file mode 100644
index 000000000000..d64dd6dd3b2b
--- /dev/null
+++ b/src/chrome/content/rules/Reddit_static.com.xml
@@ -0,0 +1,25 @@
+<!--
+	For other Reddit coverage, see Reddit.xml.
+
+
+	Insecure cookies are set for these domains:
+
+		- .redditstatic.com
+
+-->
+<ruleset name="Reddit static.com">
+
+	<target host="www.redditstatic.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.redditstatic\.com$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Reddit_via_pay.xml b/src/chrome/content/rules/Reddit_via_pay.xml
deleted file mode 100644
index d9bea6249461..000000000000
--- a/src/chrome/content/rules/Reddit_via_pay.xml
+++ /dev/null
@@ -1,26 +0,0 @@
-<!--
-	For rules that are on by default, see Reddit.xml.
-
--->
-<ruleset name="Reddit (via pay.reddit.com)" default_off="not officially supported">
-
-	<target host="reddit.com" />
-	<target host="*.reddit.com" />
-		<exclusion pattern="^http://blog\." />
-		<!--
-			These domains are handled in Reddit.xml:
-									-->
-		<exclusion pattern="^http://(?:ssl|static|thumbs)\." />
-		<!--
-			As are social media widgets:
-							-->
-		<exclusion pattern="^http://(?:www\.)?reddit\.com/static/" />
-
-
-  	<securecookie host=".*\.reddit\.com$" name=".+" />
-
-
-	<rule from="^http://(?:\w+\.)?reddit\.com/"
-		to="https://pay.reddit.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Redditgifts.com.xml b/src/chrome/content/rules/Redditgifts.com.xml
new file mode 100644
index 000000000000..c834b91fd153
--- /dev/null
+++ b/src/chrome/content/rules/Redditgifts.com.xml
@@ -0,0 +1,28 @@
+<!--
+	For other Reddit coverage, see Reddit.xml.
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .redditgifts.com
+		- www.redditgifts.com
+
+-->
+<ruleset name="redditgifts.com">
+
+	<target host="redditgifts.com" />
+	<target host="www.redditgifts.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.redditgifts\.com$" name="^(__cfduid|cf_clearance|sessionid)$" /-->
+	<!--securecookie host="^www\.redditgifts\.com$" name="^(ause|ause)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Redfern.me.xml b/src/chrome/content/rules/Redfern.me.xml
new file mode 100644
index 000000000000..cc677e273c80
--- /dev/null
+++ b/src/chrome/content/rules/Redfern.me.xml
@@ -0,0 +1,12 @@
+<ruleset name="redfern.me">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="redfern.me" />
+	<target host="www.redfern.me" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Redfin.com.xml b/src/chrome/content/rules/Redfin.com.xml
new file mode 100644
index 000000000000..b831c0bb9145
--- /dev/null
+++ b/src/chrome/content/rules/Redfin.com.xml
@@ -0,0 +1,30 @@
+<!--
+	Other Redfin rulesets:
+
+		- CDN-Redfin.com.xml
+
+
+	Insecure cookies are set for these domains:
+
+		- .redfin.com
+
+-->
+<ruleset name="Redfin.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="redfin.com" />
+	<target host="www.redfin.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.redfin\.com$" name="^(FliptchaSessId|RF_UNBLOCK_ID)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Redflagdeals.com.xml b/src/chrome/content/rules/Redflagdeals.com.xml
new file mode 100644
index 000000000000..d640eb13bd11
--- /dev/null
+++ b/src/chrome/content/rules/Redflagdeals.com.xml
@@ -0,0 +1,22 @@
+<!--
+	Connection closed:
+	- feeds.redflagdeals.com
+-->
+
+<ruleset name="Redflagdeals.com">
+	<target host="redflagdeals.com" />
+	<target host="www.redflagdeals.com" />
+	<target host="backtoschool.redflagdeals.com" />
+	<target host="blackfriday.redflagdeals.com" />
+	<target host="boxingday.redflagdeals.com" />
+	<target host="creditcards.redflagdeals.com" />
+	<target host="forums.redflagdeals.com" />
+	<target host="assets.rfdcontent.com" />
+	<target host="dam-img.rfdcontent.com" />
+	<target host="*.dam-img.rfdcontent.com" />
+		<test url="http://a.dam-img.rfdcontent.com/" />
+		<test url="http://b.dam-img.rfdcontent.com/" />
+		<test url="http://c.dam-img.rfdcontent.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Redmine.org.xml b/src/chrome/content/rules/Redmine.org.xml
new file mode 100644
index 000000000000..258353c57374
--- /dev/null
+++ b/src/chrome/content/rules/Redmine.org.xml
@@ -0,0 +1,29 @@
+<!--
+	These altnames don't exist:
+
+		- www.svn.redmine.org
+
+
+	Insecure cookies are set for these hosts:
+
+		- redmine.org
+		- www.redmine.org
+
+-->
+<ruleset name="Redmine.org">
+
+	<target host="redmine.org" />
+	<target host="www.redmine.org" />
+	<target host="svn.redmine.org" />
+
+
+	<!--	Not secured by server_
+					-->
+	<!--securecookie host="^(www\.)?redmine\.org$" name="^_redmine_session$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Redmondmag.com.xml b/src/chrome/content/rules/Redmondmag.com.xml
new file mode 100644
index 000000000000..e348b73ea311
--- /dev/null
+++ b/src/chrome/content/rules/Redmondmag.com.xml
@@ -0,0 +1,28 @@
+<!--
+	For other 1105 Media coverage, see 1105_Media.com.xml.
+
+
+	Insecure cookies are set for these hosts:
+
+		- redmondmag.com
+
+-->
+<ruleset name="Redmondmag.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="redmondmag.com" />
+	<target host="www.redmondmag.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^redmondmag\.com$" name="^(ASP\.NET_SessionId|BIGipServerPool[\w-]+)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Redpill-Linpro.xml b/src/chrome/content/rules/Redpill-Linpro.xml
index 86b050390e3e..d6d45d5f9c28 100644
--- a/src/chrome/content/rules/Redpill-Linpro.xml
+++ b/src/chrome/content/rules/Redpill-Linpro.xml
@@ -6,12 +6,12 @@
 		- (www.)redpill-linpro.se
 
 -->
-<ruleset name="Redpill Linpro (partial)">
+<ruleset name="Redpill-Linpro.com (partial)" default_off="cert-chain">
 
 	<target host="portal.redpill-linpro.com" />
 
 
-	<rule from="^http://portal\.redpill-linpro\.com/"
-		to="https://portal.redpill-linpro.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Redports.org.xml b/src/chrome/content/rules/Redports.org.xml
new file mode 100644
index 000000000000..ce2454854b87
--- /dev/null
+++ b/src/chrome/content/rules/Redports.org.xml
@@ -0,0 +1,30 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.redports.org/ => https://www.redports.org/: (28, 'Connection timed out after 20004 milliseconds')
+Fetch error: http://redports.org/ => https://www.redports.org/: (28, 'Connection timed out after 20000 milliseconds')
+
+	^redports.org: Mismatched
+
+-->
+<ruleset name="redports.org" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.redports.org" />
+
+	<!--	Complications:
+				-->
+	<target host="redports.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://redports\.org/"
+		to="https://www.redports.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Redweb.xml b/src/chrome/content/rules/Redweb.xml
index cdcf4730e078..7c73b7819742 100644
--- a/src/chrome/content/rules/Redweb.xml
+++ b/src/chrome/content/rules/Redweb.xml
@@ -1,13 +1,13 @@
-<ruleset name="Redweb">
+<ruleset name="Redweb.com">
 
 	<target host="redweb.com" />
-	<target host="*.redweb.com" />
+	<target host="www.redweb.com" />
 
 
-	<securecookie host="^\.redweb\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(www\.)?redweb\.com/"
-		to="https://$1redweb.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Redwoodsinyosemite.com.xml b/src/chrome/content/rules/Redwoodsinyosemite.com.xml
new file mode 100644
index 000000000000..c28ac6d4cda4
--- /dev/null
+++ b/src/chrome/content/rules/Redwoodsinyosemite.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Redwoodsinyosemite.com" platform="mixedcontent">
+  <target host="redwoodsinyosemite.com" />
+  <target host="www.redwoodsinyosemite.com" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Reebok.ca.xml b/src/chrome/content/rules/Reebok.ca.xml
new file mode 100644
index 000000000000..6b76e2ae7f02
--- /dev/null
+++ b/src/chrome/content/rules/Reebok.ca.xml
@@ -0,0 +1,15 @@
+<!--
+	Invalid certificate:
+		- reviews.reebok.ca
+-->
+
+<ruleset name="Reebok.ca">
+	<target host="reebok.ca" />
+	<target host="www.reebok.ca" />
+	<target host="cp.reebok.ca" />
+		<test url="http://cp.reebok.ca/idp/startSSO.ping?PartnerSpId=sp:demandware" />
+		<test url="http://cp.reebok.ca/web/rbkeCom/en_CA/loadsignin" />
+	<target host="fitness.reebok.ca" />
+	<target host="m.reebok.ca" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Reed-Exhibitions.xml b/src/chrome/content/rules/Reed-Exhibitions.xml
index 6a4282936ee9..bfe0ce10b9a3 100644
--- a/src/chrome/content/rules/Reed-Exhibitions.xml
+++ b/src/chrome/content/rules/Reed-Exhibitions.xml
@@ -1,8 +1,21 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://infosecurity-magazine.com/ => https://www.infosecurity-magazine.com/: Too many redirects while fetching 'https://www.infosecurity-magazine.com/'
+Fetch error: http://www.infosecurity-magazine.com/ => https://www.infosecurity-magazine.com/: Too many redirects while fetching 'https://www.infosecurity-magazine.com/'
+
+	Problematic domains:
+
+		- ^infosecurity-magazine.com *
+
+	* Handshake fails
+
+-->
 <ruleset name="Reed Exhibitions (partial)" platform="mixedcontent">
 
 	<target host="infosecurity-magazine.com"/>
 	<target host="www.infosecurity-magazine.com"/>
-		<exclusion pattern="^http://(?:www\.)?infosecurity-magazine\.com/(.+/$|download/\d{1,5})"/>
+		<exclusion pattern="^http://(?:www\.)?infosecurity-magazine\.com/(?:.+/$|download/\d{1,5}|view/\d+/[\w-]$)"/>
 
 	<target host="lexisnexis.com"/>
 	<target host="www.lexisnexis.com"/>
diff --git a/src/chrome/content/rules/Reed_Business.net.xml b/src/chrome/content/rules/Reed_Business.net.xml
index c6cb0711770a..04f757cb4a22 100644
--- a/src/chrome/content/rules/Reed_Business.net.xml
+++ b/src/chrome/content/rules/Reed_Business.net.xml
@@ -16,4 +16,4 @@
 	<rule from="^http://metrics\.reedbusiness\.net/"
 		to="https://reedbusiness-net.d2.sc.omtrdc.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Reed_Business_Information.xml b/src/chrome/content/rules/Reed_Business_Information.xml
index 2d146dad8bcb..234433d94c37 100644
--- a/src/chrome/content/rules/Reed_Business_Information.xml
+++ b/src/chrome/content/rules/Reed_Business_Information.xml
@@ -16,7 +16,7 @@
 	<target host="cdn.reedbusiness.com" />
 
 
-	<rule from="^https?://cdn\.reedbusiness\.com/"
+	<rule from="^http://cdn\.reedbusiness\.com/"
 		to="https://d18n01l3jfu4kv.cloudfront.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Reed_Business_Information_Australia.xml b/src/chrome/content/rules/Reed_Business_Information_Australia.xml
deleted file mode 100644
index 4deea9503f81..000000000000
--- a/src/chrome/content/rules/Reed_Business_Information_Australia.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="Reed Business Information Australia">
-
-	<target host="*.rbi.com.au" />
-
-
-	<securecookie host="^\.rbi\.com\.au$" name=".+" />
-
-
-	<rule from="^http://(ccbnstatic|media)\.rbi\.com\.au/"
-		to="https://$1.rbi.com.au/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Reef_Builders.xml b/src/chrome/content/rules/Reef_Builders.xml
index 7214e278cae2..1f1e50f70d7c 100644
--- a/src/chrome/content/rules/Reef_Builders.xml
+++ b/src/chrome/content/rules/Reef_Builders.xml
@@ -13,7 +13,9 @@
 <ruleset name="Reef Builders">
 
 	<target host="reefbuilders.com" />
-	<target host="*.reefbuilders.com" />
+	<target host="www.reefbuilders.com" />
+	<target host="community.reefbuilders.com" />
+	<target host="jobs.reefbuilders.com" />
 
 
 	<securecookie host="^\.reefbuilders\.com$" name=".+" />
@@ -28,4 +30,4 @@
 	<rule from="^http://jobs\.reefbuilders\.com/c/"
 		to="https://reef.jobamatic.com/c/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Reef_LED_Lights.com.xml b/src/chrome/content/rules/Reef_LED_Lights.com.xml
new file mode 100644
index 000000000000..7494e785513f
--- /dev/null
+++ b/src/chrome/content/rules/Reef_LED_Lights.com.xml
@@ -0,0 +1,23 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- reefledlights.com
+
+-->
+<ruleset name="Reef LED Lights.com">
+
+	<target host="reefledlights.com" />
+	<target host="www.reefledlights.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^reefledlights\.com$" name="wfvt_\d+$" /-->
+
+	<securecookie host="^reefledlights\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ReelHD.com.xml b/src/chrome/content/rules/ReelHD.com.xml
index ac5d89d80985..cb2c5f15599e 100644
--- a/src/chrome/content/rules/ReelHD.com.xml
+++ b/src/chrome/content/rules/ReelHD.com.xml
@@ -1,20 +1,31 @@
 <!--
 	Nonfunctional domains:
 
-		- ads.affbuzzads.com 
+		- ads.affbuzzads.com
 		- tour.affbuzzads.com	(times out)
 
+
+	^reelhd.com: Mismatched
+
 -->
 <ruleset name="ReelHD.com">
 
+	<!--	Direct rewrites:
+				-->
+	<target host="www.reelhd.com" />
+
+	<!--	Complications:
+				-->
 	<target host="reelhd.com" />
-	<target host="*.reelhd.com" />
 
 
 	<securecookie host="^(?:w*\.)?reelhd\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?reelhd\.com/"
-		to="https://$1reelhd.com/" />
+	<rule from="^http://reelhd\.com/"
+		to="https://www.reelhd.com/" />
+
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ReelSEO.com.xml b/src/chrome/content/rules/ReelSEO.com.xml
index d8a41e4e0bbd..6a459faf06de 100644
--- a/src/chrome/content/rules/ReelSEO.com.xml
+++ b/src/chrome/content/rules/ReelSEO.com.xml
@@ -1,4 +1,6 @@
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://reelseo.com/ => https://reelseo.com/: (7, 'Failed to connect to reelseo.com port 443: Connection refused')
 	CDN buckets:
 
 		- cdn.reelseo.netdna-cdn.com
@@ -24,4 +26,4 @@
 	<rule from="^http://cdn\d?\.reelstatic\.com/"
 		to="https://www.reelseo.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ReelVidz.com.xml b/src/chrome/content/rules/ReelVidz.com.xml
index 0639ba720251..7ada7cb5f9f8 100644
--- a/src/chrome/content/rules/ReelVidz.com.xml
+++ b/src/chrome/content/rules/ReelVidz.com.xml
@@ -1,4 +1,6 @@
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://reelvidz.com/ => https://reelvidz.com/: (51, "SSL: no alternative certificate subject name matches target host name 'reelvidz.com'")
 	CDN buckets:
 
 		- d1pemiecpk0y8o.cloudfront.net
@@ -27,4 +29,4 @@
 	<rule from="^http://(www\.)?reelvidz\.com/"
 		to="https://$1reelvidz.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Reethi_Beach.com.xml b/src/chrome/content/rules/Reethi_Beach.com.xml
index 5c8fff510f27..1c40f4b225cf 100644
--- a/src/chrome/content/rules/Reethi_Beach.com.xml
+++ b/src/chrome/content/rules/Reethi_Beach.com.xml
@@ -5,7 +5,7 @@
 <ruleset name="Reethi Beach.com">
 
 	<target host="reethibeach.com" />
-	<target host="*.reethibeach.com" />
+	<target host="www.reethibeach.com" />
 
 
 	<securecookie host="^\.reethibeach\.com$" name=".+" />
diff --git a/src/chrome/content/rules/Reethus-adeline.de.xml b/src/chrome/content/rules/Reethus-adeline.de.xml
new file mode 100644
index 000000000000..d2f9ecace9f4
--- /dev/null
+++ b/src/chrome/content/rules/Reethus-adeline.de.xml
@@ -0,0 +1,8 @@
+<ruleset name="Reethus-adeline.de">
+	<target host="www.reethus-adeline.de" />
+	<target host="reethus-adeline.de" />
+
+	<securecookie host="^(www\.)?reethus-adeline\.de$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Reevoo.xml b/src/chrome/content/rules/Reevoo.xml
deleted file mode 100644
index 2f9ce291a1aa..000000000000
--- a/src/chrome/content/rules/Reevoo.xml
+++ /dev/null
@@ -1,53 +0,0 @@
-<!--
-	CDN buckets:
-
-		- d1jyr02lmd46xp.cloudfront.net
-
-			- cdn.images.reevoo.com
-
-
-	Nonfunctional domains:
-
-		- analytics.reevoo.com
-
-
-	Fully covered domains:
-
-		- reevoo.com subdomains:
-
-			- (www.)
-			- cdn.images	(→ d1jyr02lmd46xp.cloudfront.net)
-			- mark
-			- c.mark
-			- de.mark
-			- t.mark
-			- shopping
-
-		- mark.reevoo.es
-		- mark.reevoo.fr
-		- mark.reevoo.it
-		- mark.reevoo.nl
-
--->
-<ruleset name="Reevoo (partial)">
-
-	<target host="mark.reevoo.*" />
-	<target host="reevoo.com" />
-	<target host="*.reevoo.com" />
-	<target host="cdn.images.reevoo.com" />
-	<target host="*.mark.reevoo.com" />
-
-
-	<securecookie host="^\.reevoo\.com$" name=".+" />
-
-
-	<rule from="^http://((?:[ct]\.|de\.)?mark\.|shopping\.|www\.)?reevoo\.com/"
-		to="https://$1reevoo.com/" />
-
-	<rule from="^https?://cdn\.images\.reevoo\.com/"
-		to="https://d1jyr02lmd46xp.cloudfront.net/" />
-
-	<rule from="^http://mark\.reevoo\.(es|fr|it|nl)/"
-		to="https://mark.reevoo.$1/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Refaktor.hu.xml b/src/chrome/content/rules/Refaktor.hu.xml
new file mode 100644
index 000000000000..d0239c323a4f
--- /dev/null
+++ b/src/chrome/content/rules/Refaktor.hu.xml
@@ -0,0 +1,19 @@
+
+<!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Fetch error: http://demo.refaktor.hu/ => https://demo.refaktor.hu/: (6, 'Could not resolve host: demo.refaktor.hu')
+Fetch error: http://logo.refaktor.hu/ => https://logo.refaktor.hu/: (6, 'Could not resolve host: logo.refaktor.hu')
+
+	There are no nonfunctional hosts in *.refaktor.hu.
+-->
+<ruleset name="Refaktor.hu">
+	<target host="refactor.hu" />
+	<target host="www.refactor.hu" />
+	<target host="refaktor.hu" />
+	<target host="www.refaktor.hu" />
+	<!-- target host="demo.refaktor.hu" /-->
+	<!-- target host="logo.refaktor.hu" /-->
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ReferMe.to.xml b/src/chrome/content/rules/ReferMe.to.xml
new file mode 100644
index 000000000000..84f49f43f1ec
--- /dev/null
+++ b/src/chrome/content/rules/ReferMe.to.xml
@@ -0,0 +1,10 @@
+<!--
+	Invalid certificate:
+		- www.referme.to
+-->
+
+<ruleset name="ReferMe.to">
+	<target host="referme.to" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Referly.xml b/src/chrome/content/rules/Referly.xml
index 11a577202f7a..aa5eb0f42343 100644
--- a/src/chrome/content/rules/Referly.xml
+++ b/src/chrome/content/rules/Referly.xml
@@ -1,13 +1,10 @@
-<ruleset name="Referly (default off)" default_off="Cert warning">
+<ruleset name="Referly">
 
 	<target host="refer.ly" />
-	<target host="*.refer.ly" />
+	<target host="beta.refer.ly" />
 
+	<securecookie host=".+" name=".+" />
 
-	<securecookie host="^\.refer\.ly$" name=".*" />
-
-
-	<rule from="^http://(www\.)?refer\.ly/"
-		to="https://$1refer.ly/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/RefinedGuy.com.xml b/src/chrome/content/rules/RefinedGuy.com.xml
new file mode 100644
index 000000000000..8b5db3ed9818
--- /dev/null
+++ b/src/chrome/content/rules/RefinedGuy.com.xml
@@ -0,0 +1,11 @@
+<!--
+	Active mixed content:
+		- www.refinedguy.com
+-->
+
+<ruleset name="RefinedGuy.com" platform="mixedcontent">
+	<target host="refinedguy.com" />
+	<target host="www.refinedguy.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/RefinedLabs.xml b/src/chrome/content/rules/RefinedLabs.xml
new file mode 100644
index 000000000000..717caf4ec4d9
--- /dev/null
+++ b/src/chrome/content/rules/RefinedLabs.xml
@@ -0,0 +1,4 @@
+<ruleset name="Refined Labs">
+<target host="d.refinedads.com" />
+<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Refinitiv.com.xml b/src/chrome/content/rules/Refinitiv.com.xml
new file mode 100644
index 000000000000..d33e70794cea
--- /dev/null
+++ b/src/chrome/content/rules/Refinitiv.com.xml
@@ -0,0 +1,27 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+		- refinitiv.com
+
+		SSL peer certificate was not OK:
+		- online.refinitiv.com
+		- solutions.refinitiv.com
+-->
+<ruleset name="Refinitiv.com">
+	<target host="www.refinitiv.com" />
+	<target host="contribute.refinitiv.com" />
+	<target host="developers.refinitiv.com" />
+	<target host="community.developers.refinitiv.com" />
+	<target host="jobs.refinitiv.com" />
+	<target host="labs.refinitiv.com" />
+	<target host="lipperalpha.refinitiv.com" />
+	<target host="my.refinitiv.com" />
+	<target host="perspectives.refinitiv.com" />
+	<target host="resourcehub.refinitiv.com" />
+	<target host="thesource.refinitiv.com" />
+	<target host="training.refinitiv.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Reflected.net.xml b/src/chrome/content/rules/Reflected.net.xml
new file mode 100644
index 000000000000..3a780f9a8d6c
--- /dev/null
+++ b/src/chrome/content/rules/Reflected.net.xml
@@ -0,0 +1,27 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .reflected.net
+
+-->
+<ruleset name="Reflected.net">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="reflected.net" />
+	<target host="cdn-www.reflected.net" />
+	<target host="my.reflected.net" />
+	<target host="www.reflected.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^my\.reflected\.net$" name="^sid$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Reflex.cz.xml b/src/chrome/content/rules/Reflex.cz.xml
new file mode 100644
index 000000000000..7e220b07d58c
--- /dev/null
+++ b/src/chrome/content/rules/Reflex.cz.xml
@@ -0,0 +1,8 @@
+<ruleset name="Reflex.cz">
+  <target host="reflex.cz" />
+  <target host="img.reflex.cz" />
+  <target host="www.reflex.cz" />
+
+  <rule from="^http://(?:www\.)?reflex\.cz/" to="https://www.reflex.cz/" />
+  <rule from="^http://img\.reflex\.cz/" to="https://img.reflex.cz/" />
+</ruleset>
diff --git a/src/chrome/content/rules/ReflexPhoto.xml b/src/chrome/content/rules/ReflexPhoto.xml
new file mode 100644
index 000000000000..892e8266bcbc
--- /dev/null
+++ b/src/chrome/content/rules/ReflexPhoto.xml
@@ -0,0 +1,5 @@
+<ruleset name="ReflexPhoto">
+        <target host="reflexphoto.eu" />
+        <target host="www.reflexphoto.eu" />
+        <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Reform_Government_Surveillance.com.xml b/src/chrome/content/rules/Reform_Government_Surveillance.com.xml
new file mode 100644
index 000000000000..969ee059952f
--- /dev/null
+++ b/src/chrome/content/rules/Reform_Government_Surveillance.com.xml
@@ -0,0 +1,22 @@
+<!--
+	^reformgovernmentsurveillance.com: Handshake fails
+
+-->
+<ruleset name="Reform Government Surveillance.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.reformgovernmentsurveillance.com" />
+
+	<!--	Complications:
+				-->
+	<target host="reformgovernmentsurveillance.com" />
+
+
+	<rule from="^http://reformgovernmentsurveillance\.com/"
+		to="https://www.reformgovernmentsurveillance.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ReformaBTL.xml b/src/chrome/content/rules/ReformaBTL.xml
deleted file mode 100644
index 176986314c95..000000000000
--- a/src/chrome/content/rules/ReformaBTL.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	Problematic subdomains:
-
-		- ^	(rx_record_too_long)
-		- cdn	(CN: gp1.wac.edgecastcdn.net; 404)
-		- www	(CN: Parallels Panel)
-
-
--->
-<ruleset name="ReformaBTL" default_off="self-signed">
-
-	<target host="informabtl.com" />
-	<target host="*.informabtl.com" />
-
-
-	<securecookie host="^www\.informabtl\.com$" name=".+" />
-
-
-	<rule from="^https?://(?:cdn\.|www\.)?informabtl\.com/"
-		to="https://www.informabtl.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Reformal.xml b/src/chrome/content/rules/Reformal.xml
index 3cc42916e708..2c75a87c054c 100644
--- a/src/chrome/content/rules/Reformal.xml
+++ b/src/chrome/content/rules/Reformal.xml
@@ -1,4 +1,6 @@
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://reformal.ru/ => https://reformal.ru/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 	Nonfunctional subdomains:
 
 		- webinfo
@@ -17,4 +19,4 @@
 	<rule from="^http://([\w-]+\.)?reformal\.ru/"
 		to="https://$1reformal.ru/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Refresher.cz_sk.xml b/src/chrome/content/rules/Refresher.cz_sk.xml
new file mode 100644
index 000000000000..9bde436649d8
--- /dev/null
+++ b/src/chrome/content/rules/Refresher.cz_sk.xml
@@ -0,0 +1,48 @@
+<!--
+	Nonfunctional hosts in *.refresher.cz and refresher.sk
+
+	certificate mismatch:
+		- outfity.refresher.sk
+		- zona.refresher.cz
+	connection refused:
+		- minikiwi.refresher.cz
+		- minikiwi.refresher.sk
+		- www.outfity.refresher.sk
+
+	www.refresher.cz, www.refresher.sk have mismatched certificates.
+	http://www.refresher.cz, http://www.refresher.sk redirect to
+	http://refresher.cz, http://refresher.sk
+-->
+<ruleset name="Refresher.cz_sk">
+	<target host="refresher.cz" />
+	<target host="www.refresher.cz" />
+	<target host="refresher.sk" />
+	<target host="www.refresher.sk" />
+	<target host="filmkult.refresher.cz" />
+	<target host="fitcult.refresher.cz" />
+	<target host="freshfem.refresher.cz" />
+	<target host="newsletter.refresher.cz" />
+	<target host="newsound.refresher.cz" />
+	<target host="office.refresher.cz" />
+	<target host="filmkult.refresher.sk" />
+	<target host="fitcult.refresher.sk" />
+	<target host="freshfem.refresher.sk" />
+	<target host="i.refresher.sk" />
+	<target host="img.refresher.sk" />
+	<target host="img2.refresher.sk" />
+	<target host="img3.refresher.sk" />
+	<target host="img4.refresher.sk" />
+	<target host="img5.refresher.sk" />
+	<target host="img6.refresher.sk" />
+	<target host="newsletter.refresher.sk" />
+	<target host="newsound.refresher.sk" />
+	<target host="office.refresher.sk" />
+	<target host="shop.refresher.sk" />
+	<target host="sutaz.refresher.sk" />
+	<target host="zona.refresher.sk" />
+
+	<rule from="^http://www\.refresher\.(cz|sk)/"
+		to="https://refresher.$1/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Refrog.xml b/src/chrome/content/rules/Refrog.xml
index 94b20dfb5985..197d64877231 100644
--- a/src/chrome/content/rules/Refrog.xml
+++ b/src/chrome/content/rules/Refrog.xml
@@ -1,14 +1,13 @@
-<ruleset name="Refrog">
+<ruleset name="Refog.com">
 
 	<target host="refog.com" />
 	<target host="www.refog.com" />
 
 
-	<securecookie host="^www\.refrog\.com$" name=".*" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<!--	Cert doesn't match !www.	-->
-	<rule from="^http://(?:www\.)?refog\.com/"
-		to="https://www.refog.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Refunite.org.xml b/src/chrome/content/rules/Refunite.org.xml
new file mode 100644
index 000000000000..c15a557faaca
--- /dev/null
+++ b/src/chrome/content/rules/Refunite.org.xml
@@ -0,0 +1,15 @@
+<!--
+	Nonfunctional hosts in *.refunite.org:
+
+	- www: mismatch
+	- blog: mismatch
+-->
+<ruleset name="Refunite.org">
+	<target host="refunite.org" />
+	<target host="www.refunite.org" />
+	<target host="m.refunite.org" />
+	<target host="static.refunite.org" />
+
+	<rule from="^http://www\.refunite\.org/" to="https://refunite.org/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Reg.ru.xml b/src/chrome/content/rules/Reg.ru.xml
index e97f01967965..3ae4cad4c0bd 100644
--- a/src/chrome/content/rules/Reg.ru.xml
+++ b/src/chrome/content/rules/Reg.ru.xml
@@ -1,20 +1,24 @@
 <!--
 	Nonfunctional subdomains:
 
+		- shop ¹
 		- simaphone	(redirects to ru-golos.ru; self-signed, CN: ru-golos.ru)
 		- software	(shows default CentOS page; expired 2010-08-11, self-signed)
 
+	¹ Dropped
+
 -->
-<ruleset name="Reg.ru">
+<ruleset name="Reg.ru (partial)">
 
 	<target host="reg.ru" />
-	<target host="*.reg.ru" />
+	<target host="hosting.reg.ru" />
+	<target host="support.reg.ru" />
+	<target host="www.reg.ru" />
 
 
 	<securecookie host="^\.reg\.ru$" name=".+" />
 
 
-	<rule from="^http://((?:hosting|support|www)\.)?reg\.ru/"
-		to="https://$1reg.ru/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/RegOnline.com.xml b/src/chrome/content/rules/RegOnline.com.xml
new file mode 100644
index 000000000000..88ec8766cb51
--- /dev/null
+++ b/src/chrome/content/rules/RegOnline.com.xml
@@ -0,0 +1,20 @@
+<!--
+	For other Active Network coverage, see Active_Network.com.xml.
+
+-->
+<ruleset name="RegOnline.com">
+
+	<target host="regonline.com" />
+	<target host="www.regonline.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.regonline\.com$" name="^(ASP\.NET_SessionId|BIGipServer~SPORTS~acmpool5_http|CurrentROLSession|CurrentSiteID)$" /-->
+
+	<securecookie host="^www\.regonline\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Rega.xml b/src/chrome/content/rules/Rega.xml
index 2793ef13d96e..b367b3379895 100644
--- a/src/chrome/content/rules/Rega.xml
+++ b/src/chrome/content/rules/Rega.xml
@@ -2,7 +2,7 @@
     <target host="rega.ch" />
     <target host="*.rega.ch" />
 
-    <rule from="^https?://rega\.ch/"
+    <rule from="^http://rega\.ch/"
         to="https://www.rega.ch/"/>
     <rule from="^http://([^/:@]+)?\.rega\.ch/"
         to="https://$1.rega.ch/" />
diff --git a/src/chrome/content/rules/Regalii.com.xml b/src/chrome/content/rules/Regalii.com.xml
new file mode 100644
index 000000000000..8f1be1847aaf
--- /dev/null
+++ b/src/chrome/content/rules/Regalii.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="Regalii.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="regalii.com" />
+	<target host="m.regalii.com" />
+	<target host="www.regalii.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/RegardsCitoyens.fr.xml b/src/chrome/content/rules/RegardsCitoyens.fr.xml
new file mode 100644
index 000000000000..978df4edd9d2
--- /dev/null
+++ b/src/chrome/content/rules/RegardsCitoyens.fr.xml
@@ -0,0 +1,27 @@
+<!--
+	Invalid certificate:
+		cocolulu.regardscitoyens.org
+		cpc.regardscitoyens.org
+		elections.regardscitoyens.org
+		jupyterhub.regardscitoyens.org
+		mm.regardscitoyens.org
+		picri.regardscitoyens.org
+
+	Different content http/https:
+		komodo.regardscitoyens.org
+
+	Login required:
+		git.regardscitoyens.org
+
+-->
+<ruleset name="Regards Citoyens.fr">
+
+	<target host="regardscitoyens.org" />
+	<target host="www.regardscitoyens.org" />
+	<target host="irfm.regardscitoyens.org" />
+	<target host="pad.regardscitoyens.org" />
+	<target host="stats.regardscitoyens.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Regex101.xml b/src/chrome/content/rules/Regex101.xml
new file mode 100644
index 000000000000..0d220172924a
--- /dev/null
+++ b/src/chrome/content/rules/Regex101.xml
@@ -0,0 +1,17 @@
+<!--
+	For regex101.com
+
+		Works:
+
+			- www
+			- $
+
+		Doesn't Work:
+-->
+<ruleset name="Regex101">
+	<target host="regex101.com" />
+	<target host="www.regex101.com" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Reggi.ru.xml b/src/chrome/content/rules/Reggi.ru.xml
new file mode 100644
index 000000000000..dd7443528c32
--- /dev/null
+++ b/src/chrome/content/rules/Reggi.ru.xml
@@ -0,0 +1,8 @@
+<!--hostingpanel2. mismatch
+status. timeout-->
+<ruleset name="Reggi.ru">
+	<target host="reggi.ru" />
+	<target host="www.reggi.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/RegioBank.nl.xml b/src/chrome/content/rules/RegioBank.nl.xml
new file mode 100644
index 000000000000..c2bd52620ae3
--- /dev/null
+++ b/src/chrome/content/rules/RegioBank.nl.xml
@@ -0,0 +1,25 @@
+<!--
+	Other RegioBank rulesets:
+
+		- RegioBank Adviseurs.nl
+
+-->
+<ruleset name="RegioBank.nl">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="regiobank.nl" />
+	<target host="www.regiobank.nl" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.regiobank\.nl$" name="^(MfPers|MfTrack)" /-->
+
+	<securecookie host="^(?:www)?\.regiobank\.nl$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Register.BG.xml b/src/chrome/content/rules/Register.BG.xml
new file mode 100644
index 000000000000..61129814b71d
--- /dev/null
+++ b/src/chrome/content/rules/Register.BG.xml
@@ -0,0 +1,13 @@
+<!--
+	^: Cert only matches www
+
+-->
+<ruleset name="Register.BG">
+
+	<target host="register.bg" />
+	<target host="www.register.bg" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Register.com.xml b/src/chrome/content/rules/Register.com.xml
index b0c870eaaed9..c5e6a445b272 100644
--- a/src/chrome/content/rules/Register.com.xml
+++ b/src/chrome/content/rules/Register.com.xml
@@ -1,16 +1,28 @@
-<ruleset name="Register.com">
+<!--
+	Unsupported subdomains:
 
+		csr	(timeout)
+		help	(cert mismatch; cert only valid for *.web.com)
+		hosting	(cert mismatch; cert only valid for www.register.com)
+-->
+<ruleset name="Register.com (partial)">
 	<target host="register.com" />
-	<target host="*.register.com" />
+	<target host="partnerships.register.com" />
+	<target host="partnersignup.register.com" />
+	<target host="whoisaccuracy-portal.register.com" />
+	<target host="webmail01.register.com" />
+	<target host="webmail02.register.com" />
+	<target host="webmail04.register.com" />
+	<target host="webmail05.register.com" />
+	<target host="webmail06.register.com" />
+	<target host="webmail07.register.com" />
+	<target host="www.register.com" />
 
+	<securecookie host="^(partners(hips|ignup)|whoisaccuracy\-portal|webmail0[124567]|www)\.register\.com$" name=".+" />
 
-	<securecookie host="^(?:.*\.)?register\.com$" name=".+" />
-
-
-	<rule from="^https?://(?:www\.)?register\.com/"
+	<rule from="^http://register\.com/"
 		to="https://www.register.com/" />
 
-	<rule from="^http://((?:www\.)?help|partners(?:hips|ignup)|support|webmail0[12])\.register\.com/"
-		 to="https://$1.register.com/" />
-
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Register4Less.com.xml b/src/chrome/content/rules/Register4Less.com.xml
new file mode 100644
index 000000000000..d49133b1fd79
--- /dev/null
+++ b/src/chrome/content/rules/Register4Less.com.xml
@@ -0,0 +1,22 @@
+<!--
+	Mixed content:
+
+		- Image from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Register4Less.com">
+
+	<target host="register4less.com" />
+	<target host="www.register4less.com" />
+
+
+	<!--	Secured by server:
+					-->
+	<!--securecookie host="^register4less\.com$" name="^(R4L_COOKIE|wiki_session)$" /-->
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Registration123.com.xml b/src/chrome/content/rules/Registration123.com.xml
new file mode 100644
index 000000000000..acf176c3cf57
--- /dev/null
+++ b/src/chrome/content/rules/Registration123.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="Registration123.com">
+
+	<target host="registration123.com" />
+	<target host="www.registration123.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Registro.br.xml b/src/chrome/content/rules/Registro.br.xml
new file mode 100644
index 000000000000..b4727e45e4b7
--- /dev/null
+++ b/src/chrome/content/rules/Registro.br.xml
@@ -0,0 +1,18 @@
+<!--
+	Nonfunctional subdomains:
+
+		- cartilha *
+
+	* Refused
+
+-->
+<ruleset name="Registro.br (partial)">
+
+	<target host="registro.br" />
+	<target host="whois.registro.br" />
+	<target host="www.registro.br" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Registry.Asia.xml b/src/chrome/content/rules/Registry.Asia.xml
new file mode 100644
index 000000000000..75346215566c
--- /dev/null
+++ b/src/chrome/content/rules/Registry.Asia.xml
@@ -0,0 +1,27 @@
+<!--
+	(www.)?registry.asia: Plaintext reply
+
+
+	Insecure cookies are set for these domains:
+
+		- .registrars.registry.asia
+
+-->
+<ruleset name="Registry.Asia (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="registrars.registry.asia" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.registrars\.registry\.asia$" name="^SESS[\da-f]{32}$" /-->
+
+	<securecookie host="^\.registrars\.registry\.asia$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Registryrocket.com.xml b/src/chrome/content/rules/Registryrocket.com.xml
index 3af60766b7ac..c5285ea1f6fc 100644
--- a/src/chrome/content/rules/Registryrocket.com.xml
+++ b/src/chrome/content/rules/Registryrocket.com.xml
@@ -13,7 +13,6 @@
 
 	<!--	Cert only matches www.
 					-->
-	<rule from="^https?://(?:www\.)?registryrocket\.com/"
-		to="https://www.registryrocket.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Regit.org.xml b/src/chrome/content/rules/Regit.org.xml
index 91fbf6d0d992..2128f5764e94 100644
--- a/src/chrome/content/rules/Regit.org.xml
+++ b/src/chrome/content/rules/Regit.org.xml
@@ -12,7 +12,6 @@
 	<target host="home.regit.org" />
 
 
-	<rule from="^http://home\.regit\.org/"
-		to="https://home.regit.org/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Regjeringen.no.xml b/src/chrome/content/rules/Regjeringen.no.xml
new file mode 100644
index 000000000000..1100261a016a
--- /dev/null
+++ b/src/chrome/content/rules/Regjeringen.no.xml
@@ -0,0 +1,42 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ny.regjeringen.no/ => https://ny.regjeringen.no/: (6, 'Could not resolve host: ny.regjeringen.no')
+
+	Nonfunctional hosts in *regjeringen.no:
+
+		- eksternedit *
+
+	* Handshake fails
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- frieinntekter.regjeringen.no
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Regjeringen.no (partial)" default_off="failed ruleset test">
+
+	<target host="regjeringen.no" />
+	<target host="frieinntekter.regjeringen.no" />
+	<target host="media.regjeringen.no" />
+	<target host="ny.regjeringen.no" />
+	<target host="svar.regjeringen.no" />
+	<target host="video.regjeringen.no" />
+	<target host="www.regjeringen.no" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^frieinntekter\.regjeringen\.no$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Regmedia.co.uk.xml b/src/chrome/content/rules/Regmedia.co.uk.xml
new file mode 100644
index 000000000000..4c23d837e771
--- /dev/null
+++ b/src/chrome/content/rules/Regmedia.co.uk.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .regmedia.co.uk
+
+-->
+<ruleset name="regmedia.co.uk">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="regmedia.co.uk" />
+	<target host="www.regmedia.co.uk" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.regmedia\.co\.uk$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.regmedia\.co\.uk$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Regnum.ru.xml b/src/chrome/content/rules/Regnum.ru.xml
new file mode 100644
index 000000000000..04811123df8e
--- /dev/null
+++ b/src/chrome/content/rules/Regnum.ru.xml
@@ -0,0 +1,7 @@
+<!--common. mismatch-->
+<ruleset name="Regnum.ru">
+	<target host="regnum.ru" />
+	<target host="www.regnum.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Regruhosting.ru.xml b/src/chrome/content/rules/Regruhosting.ru.xml
new file mode 100644
index 000000000000..9ce28bdffa39
--- /dev/null
+++ b/src/chrome/content/rules/Regruhosting.ru.xml
@@ -0,0 +1,31 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://sync.security.pp.regruhosting.ru/ => https://sync.security.pp.regruhosting.ru/: (7, 'Failed to connect to sync.security.pp.regruhosting.ru port 443: Connection timed out')
+
+	(www.)?regruhosting.ru doesn't exist.
+
+
+	Insecure cookies are set for these domains:
+
+		- .security.pp.regruhosting.ru
+
+-->
+<ruleset name="regruhosting.ru" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="sync.security.pp.regruhosting.ru" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.security\.pp\.regruhosting\.ru$" name="^aureid$" /-->
+
+	<securecookie host="^\.security\.pp\.regruhosting\.ru$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Reichelt.de.xml b/src/chrome/content/rules/Reichelt.de.xml
index e27541a4a39f..4b2a436b7de2 100644
--- a/src/chrome/content/rules/Reichelt.de.xml
+++ b/src/chrome/content/rules/Reichelt.de.xml
@@ -1,11 +1,35 @@
 <ruleset name="Reichelt.de">
+	<target host="reichelt.de" />
+	<target host="www.reichelt.de" />
+	<target host="en.reichelt.de" />
+	<target host="m.reichelt.de" />
+	<target host="secure.reichelt.de" />
+	<target host="statistic.reichelt.de" />
+	<target host="statistic2.reichelt.de" />
+	<target host="such001.reichelt.de" />
+	<target host="versandkosten.reichelt.de" />
 
-  <!-- http://secure.reichelt.de does not redirect to https -->
+	<target host="reichelt.com" />
+	<target host="www.reichelt.com" />
+	<target host="m.reichelt.com" />
+	<target host="secure.reichelt.com" />
 
-  <target host="www.reichelt.de" />
-  <target host="reichelt.de" />
-  <target host="secure.reichelt.de" />
-  <target host="such001.reichelt.de" />
+	<target host="reichelt.at" />
+	<target host="www.reichelt.at" />
+	<target host="m.reichelt.at" />
+	<target host="secure.reichelt.at" />
 
-  <rule from="^http://(www\.|such001\.|secure\.)?reichelt\.de/" to="https://secure.reichelt.de/"/>
+	<target host="reichelt.nl" />
+	<target host="www.reichelt.nl" />
+	<target host="m.reichelt.nl" />
+	<target host="secure.reichelt.nl" />
+
+	<target host="cdn-reichelt.de" />
+	<target host="css.cdn-reichelt.de" />
+	<target host="js.cdn-reichelt.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Reifman.org.xml b/src/chrome/content/rules/Reifman.org.xml
deleted file mode 100644
index 82b02ea69e1b..000000000000
--- a/src/chrome/content/rules/Reifman.org.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	CDN buckets:
-
-		- d3iwh2gikt6957.cloudfront.net
-
-			- c3.reifman.org
-
-
-	Nonfunctional subdomains:
-
-		- (www.)	(dropped)
-
--->
-<ruleset name="Reifman.org (partial)">
-
-	<target host="c3.reifman.org" />
-
-
-	<rule from="^http://c3\.reifman\.org/"
-		to="https://d3iwh2gikt6957.cloudfront.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Reimanpub.com.xml b/src/chrome/content/rules/Reimanpub.com.xml
index 9b3d6b25ad41..51f4f901dafe 100644
--- a/src/chrome/content/rules/Reimanpub.com.xml
+++ b/src/chrome/content/rules/Reimanpub.com.xml
@@ -9,13 +9,14 @@
 <ruleset name="reimanpub.com">
 
 	<target host="reimanpub.com" />
-	<target host="*.reimanpub.com" />
+	<target host="hostedmedia.reimanpub.com" />
+	<target host="origin-hostedmedia.reimanpub.com" />
+	<target host="www.reimanpub.com" />
 
 
 	<securecookie host="^(?:(?:origin-)?hostedmedia\.|www\.)?reimanpub\.com$" name=".+" />
 
 
-	<rule from="^http://((?:origin-)?hostedmedia\.|www\.)?reimanpub\.com/"
-		to="https://$1reimanpub.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Reiner-SCT.com.xml b/src/chrome/content/rules/Reiner-SCT.com.xml
index 634b2a03aeeb..f6b637888771 100644
--- a/src/chrome/content/rules/Reiner-SCT.com.xml
+++ b/src/chrome/content/rules/Reiner-SCT.com.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://tracking.reiner-sct.com/ => https://tracking.reiner-sct.com/: (6, 'Could not resolve host: tracking.reiner-sct.com')
+
 	Fully covered subdomains:
 
 		- (www.)
@@ -12,16 +16,16 @@
 	* Secured by us
 
 -->
-<ruleset name="Reiner-SCT.com">
+<ruleset name="Reiner-SCT.com" default_off="failed ruleset test">
 
 	<target host="reiner-sct.com" />
-	<target host="*.reiner-sct.com" />
+	<target host="tracking.reiner-sct.com" />
+	<target host="www.reiner-sct.com" />
 
 
 	<securecookie host="^(?:www)?\.reiner-sct\.com$" name=".+" />
 
 
-	<rule from="^http://(tracking\.|www\.)?reiner-sct\.com/"
-		to="https://$1reiner-sct.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Reinvigorate.net.xml b/src/chrome/content/rules/Reinvigorate.net.xml
new file mode 100644
index 000000000000..e6900a3318d4
--- /dev/null
+++ b/src/chrome/content/rules/Reinvigorate.net.xml
@@ -0,0 +1,36 @@
+<!--
+	For other Webtrends coverage, see Webtrends.com.xml.
+
+
+	CDN buckets:
+
+		- denvua8xbp3vs.cloudfront.net
+
+
+	Nonfunctional hosts in *reinvigorate.net:
+
+		- (www.)? *
+		- report *
+		- track *
+
+	* Dropped
+
+
+	Fully covered hosts in *reinvigorate.net:
+
+		- include	(→ denvua8xbp3vs.cloudfront.net)
+
+-->
+<ruleset name="Reinvigorate.net (partial)">
+
+	<!--	Complications:
+				-->
+	<target host="include.reinvigorate.net" />
+
+
+	<!--	data are also on track.
+						-->
+	<rule from="^http://include\.reinvigorate\.net/"
+		to="https://denvua8xbp3vs.cloudfront.net/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Rejected.us.xml b/src/chrome/content/rules/Rejected.us.xml
new file mode 100644
index 000000000000..f5458609839f
--- /dev/null
+++ b/src/chrome/content/rules/Rejected.us.xml
@@ -0,0 +1,6 @@
+<ruleset name="Rejected.us">
+	<target host="rejected.us" />
+	<target host="www.rejected.us" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Rejseplanen.dk.xml b/src/chrome/content/rules/Rejseplanen.dk.xml
index 9c6b6d58c6a3..8480f98ac25d 100644
--- a/src/chrome/content/rules/Rejseplanen.dk.xml
+++ b/src/chrome/content/rules/Rejseplanen.dk.xml
@@ -1,7 +1,15 @@
-<ruleset name="Rejseplanen.dk (broken)" default_off="wrong host in certificates">
-  <target host="rejseplanen.dk" />
-  <target host="*.rejseplanen.dk" />
+<!--
+	Non-functional hosts
+		Timeout was reached:
+			 - ptt.rejseplanen.dk
 
-  <rule from="^http://rejseplanen\.dk/" to="https://www.rejseplanen.dk/" />
-  <rule from="^http://(www|info|xajax-prod|euspirit|ptt)\.rejseplanen\.dk/" to="https://$1.rejseplanen.dk/" />
+		Different content:
+			 - info.rejseplanen.dk
+-->
+<ruleset name="Rejseplanen.dk (partial)">
+	<target host="rejseplanen.dk" />
+	<target host="www.rejseplanen.dk" />
+	<target host="xajax-prod.rejseplanen.dk" />
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Relate.org.uk.xml b/src/chrome/content/rules/Relate.org.uk.xml
index c36c0f96a31f..21b7ebadc468 100644
--- a/src/chrome/content/rules/Relate.org.uk.xml
+++ b/src/chrome/content/rules/Relate.org.uk.xml
@@ -7,7 +7,6 @@
 	<securecookie host="^www\.relate\.org\.uk$" name=".+" />
 
 
-	<rule from="^http://(www\.)?relate\.org\.uk/"
-		to="https://$1relate.org.uk/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/RelayRides.com.xml b/src/chrome/content/rules/RelayRides.com.xml
new file mode 100644
index 000000000000..fcb5674200a1
--- /dev/null
+++ b/src/chrome/content/rules/RelayRides.com.xml
@@ -0,0 +1,21 @@
+<!--
+	CDN buckets:
+
+		- d1pryd867v4xab.cloudfront.net
+		- d59g647ccmdae.cloudfront.net
+
+-->
+<ruleset name="RelayRides.com">
+
+	<target host="relayrides.com" />
+	<target host="www.relayrides.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<securecookie host="^relayrides\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Relcom.host.xml b/src/chrome/content/rules/Relcom.host.xml
new file mode 100644
index 000000000000..6d107d9a3e46
--- /dev/null
+++ b/src/chrome/content/rules/Relcom.host.xml
@@ -0,0 +1,34 @@
+<!--
+relcomhost.ru mismatch
+www.relcomhost.ru mismatch
+-->
+<ruleset name="Relcom.host">
+	<target host="relcom.host" />
+	<target host="www.relcom.host" />
+	<target host="lk.relcomhost.ru" />
+
+	<exclusion pattern="^http://lk\.relcomhost\.ru/?$" />
+	<exclusion pattern="^http://lk\.relcomhost\.ru/?\?" />
+	<exclusion pattern="^http://lk\.relcomhost\.ru/index\.php$" />
+	<exclusion pattern="^http://lk\.relcomhost\.ru/index\.php\?" />
+	<exclusion pattern="^http://lk\.relcomhost\.ru/announcements\.php$" />
+	<exclusion pattern="^http://lk\.relcomhost\.ru/announcements\.php\?" />
+	<exclusion pattern="^http://lk\.relcomhost\.ru/knowledgebase\.php$" />
+	<exclusion pattern="^http://lk\.relcomhost\.ru/knowledgebase\.php\?" />
+
+	<test url="http://lk.relcomhost.ru?" />
+	<test url="http://lk.relcomhost.ru/" />
+	<test url="http://lk.relcomhost.ru/?" />
+	<test url="http://lk.relcomhost.ru/?q" />
+	<test url="http://lk.relcomhost.ru/index.php" />
+	<test url="http://lk.relcomhost.ru/index.php?" />
+	<test url="http://lk.relcomhost.ru/index.php?q" />
+	<test url="http://lk.relcomhost.ru/announcements.php" />
+	<test url="http://lk.relcomhost.ru/announcements.php?" />
+	<test url="http://lk.relcomhost.ru/announcements.php?q" />
+	<test url="http://lk.relcomhost.ru/knowledgebase.php" />
+	<test url="http://lk.relcomhost.ru/knowledgebase.php?" />
+	<test url="http://lk.relcomhost.ru/knowledgebase.php?q" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Relevate.ru.xml b/src/chrome/content/rules/Relevate.ru.xml
new file mode 100644
index 000000000000..7b517337a985
--- /dev/null
+++ b/src/chrome/content/rules/Relevate.ru.xml
@@ -0,0 +1,29 @@
+<!--
+	Insecure cookies are set for these domains and hosts:
+
+		- .relevate.ru
+		- help.relevate.ru
+
+-->
+<ruleset name="Relevate.ru">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="relevate.ru" />
+	<target host="bill.relevate.ru" />
+	<target host="help.relevate.ru" />
+	<target host="www.relevate.ru" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.relevate\.ru$" name="^uid$" /-->
+	<!--securecookie host="^help\.relevate\.ru$" name="^SWIFT_sessionid40$" /-->
+
+	<securecookie host="^(?:help)?\.relevate\.ru$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Reliable_ISP.net.xml b/src/chrome/content/rules/Reliable_ISP.net.xml
new file mode 100644
index 000000000000..3674bc49badc
--- /dev/null
+++ b/src/chrome/content/rules/Reliable_ISP.net.xml
@@ -0,0 +1,20 @@
+<!--
+	^: interrupted
+
+
+	Mixed content:
+
+		- css from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Reliable ISP.net">
+
+	<target host="reliableisp.net" />
+	<target host="www.reliableisp.net" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Religion_News.com.xml b/src/chrome/content/rules/Religion_News.com.xml
index be00869987ed..d928fe8c8cd6 100644
--- a/src/chrome/content/rules/Religion_News.com.xml
+++ b/src/chrome/content/rules/Religion_News.com.xml
@@ -1,4 +1,6 @@
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://religionnews.com/ => https://religionnews.com/: (60, 'SSL certificate problem: certificate has expired')
 	Partially covered subdomains:
 
 		- archives	($ redirects to http)
@@ -21,14 +23,23 @@
 <ruleset name="Religion News.com (partial)">
 
 	<target host="religionnews.com" />
-	<target host="*.religionnews.com" />
+	<target host="archives.religionnews.com" />
+	<target host="cathleenfalsani.religionnews.com" />
+	<target host="davidgibson.religionnews.com" />
+	<target host="janariess.religionnews.com" />
+	<target host="jonathanmerritt.religionnews.com" />
+	<target host="marksilk.religionnews.com" />
+	<target host="michaeloloughlin.religionnews.com" />
+	<target host="omarsacirbey.religionnews.com" />
+	<target host="omidsafi.religionnews.com" />
+	<target host="pressreleases.religionnews.com" />
+	<target host="www.religionnews.com" />
 		<exclusion pattern="^http://archives\.religionnews\.com/(?!\w+\.png|assets/|favicon\.ico|images/|sign-in(?:$|\?|/))" />
 
 
 	<securecookie host="^\.religionnews\.com$" name=".+" />
 
 
-	<rule from="^http://((?:archives|cathleenfalsani|davidgibson|janariess|jonathanmerritt|marksilk|michaeloloughlin|omarsacirbey|omidsafi|pressreleases|www)\.)?religionnews\.com/"
-		to="https://$1religionnews.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Rem.co.xml b/src/chrome/content/rules/Rem.co.xml
new file mode 100644
index 000000000000..4fe84e6bd52e
--- /dev/null
+++ b/src/chrome/content/rules/Rem.co.xml
@@ -0,0 +1,10 @@
+<ruleset name="Rem.co">
+
+	<target host="rem.co" />
+	<target host="www.rem.co" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Remedy_Entertainment.xml b/src/chrome/content/rules/Remedy_Entertainment.xml
index 264ed986b11f..5457df14c976 100644
--- a/src/chrome/content/rules/Remedy_Entertainment.xml
+++ b/src/chrome/content/rules/Remedy_Entertainment.xml
@@ -12,7 +12,6 @@
 	<securecookie host="^community\.remedygames\.com$" name=".+" />
 
 
-	<rule from="^http://community\.remedygames\.com/"
-		to="https://community.remedygames.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/RememberTheMilk.xml b/src/chrome/content/rules/RememberTheMilk.xml
index 0319e63e759f..f87e6bbdbfd2 100644
--- a/src/chrome/content/rules/RememberTheMilk.xml
+++ b/src/chrome/content/rules/RememberTheMilk.xml
@@ -1,5 +1,5 @@
 <!--
-	Nonfunctional: 
+	Nonfunctional:
 
 		- blog.rememberthemilk.com	(cert: *.medialayer.net; shows status message)
 		- status.rememberthemilk.com	(times out)
@@ -7,27 +7,17 @@
 
 -->
 <ruleset name="Remember the Milk">
-
 	<target host="rememberthemilk.com" />
-	<target host="*.rememberthemilk.com" />
+	<target host="api.rememberthemilk.com" />
 	<target host="rememberthemilk.jp" />
 	<target host="www.rememberthemilk.jp" />
-	<target host="*.rtmcdn.net" />
-
-
-	<securecookie host="^\.rememberthemilk\.com$" name=".*" />
-
-
-	<!--	Cert doesn't match !www.
-		.jp redirects to .com.	-->
-	<rule from="^https?://(?:www\.)?rememberthemilk\.(?:com|jp)/"
-		to="https://www.rememberthemilk.com/" />
-
-	<rule from="^http://api\.rememberthemilk\.com/"
-		to="https://api.rememberthemilk.com/" />
+	<target host="s1.rtmcdn.net" />
+	<target host="s2.rtmcdn.net" />
+	<target host="s3.rtmcdn.net" />
+	<target host="s4.rtmcdn.net" />
 
-	<rule from="^http://s([1-4])\.rtmcdn\.net/"
-		to="https://s$1.rtmcdn.net/" />
+	<securecookie host="^\.rememberthemilk\.com$" name=".+" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
 
diff --git a/src/chrome/content/rules/Remind.com.xml b/src/chrome/content/rules/Remind.com.xml
new file mode 100644
index 000000000000..549e64b48b99
--- /dev/null
+++ b/src/chrome/content/rules/Remind.com.xml
@@ -0,0 +1,36 @@
+<!--
+	Nonfunctional subdomains:
+
+		- blog *
+
+	* WP Engine
+
+
+	Problematic subdomains:
+
+		- help *
+
+	* Mismatched
+
+-->
+<ruleset name="Remind.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="remind.com" />
+	<target host="www.remind.com" />
+
+	<!--	Special cases:
+				-->
+	<target host="help.remind.com" />
+
+
+	<rule from="^http://help\.remind\.com/.*"
+		to="https://remind101.zendesk.com/hc" />
+
+		<test url="http://help.remind.com/foo" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Remmina.org.xml b/src/chrome/content/rules/Remmina.org.xml
new file mode 100644
index 000000000000..cb11b0b90f68
--- /dev/null
+++ b/src/chrome/content/rules/Remmina.org.xml
@@ -0,0 +1,6 @@
+<ruleset name="Remmina.org">
+	<target host="remmina.org" />
+	<target host="www.remmina.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/RemoteCoder.io.xml b/src/chrome/content/rules/RemoteCoder.io.xml
new file mode 100644
index 000000000000..99422c613ebb
--- /dev/null
+++ b/src/chrome/content/rules/RemoteCoder.io.xml
@@ -0,0 +1,15 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.remotecoder.io/ => https://www.remotecoder.io/: (51, "SSL: no alternative certificate subject name matches target host name 'www.remotecoder.io'")
+
+-->
+<ruleset name="RemoteCoder.io" default_off="failed ruleset test">
+
+	<target host="remotecoder.io" />
+	<target host="www.remotecoder.io" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/RemoteStorage.io.xml b/src/chrome/content/rules/RemoteStorage.io.xml
new file mode 100644
index 000000000000..9b11924eb04f
--- /dev/null
+++ b/src/chrome/content/rules/RemoteStorage.io.xml
@@ -0,0 +1,19 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.remotestorage.io/ => https://www.remotestorage.io/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="remoteStorage.io" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="remotestorage.io" />
+	<target host="community.remotestorage.io" />
+	<target host="www.remotestorage.io" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/RemotelyAnywhere.com.xml b/src/chrome/content/rules/RemotelyAnywhere.com.xml
new file mode 100644
index 000000000000..bf07f77b0267
--- /dev/null
+++ b/src/chrome/content/rules/RemotelyAnywhere.com.xml
@@ -0,0 +1,43 @@
+<!--
+	For other LogMeIn coverage, see LogMeIn_Inc.com.xml.
+
+
+	Problematic hosts in *remotelyanywhere.com:
+
+		- (www.)? *
+
+	* Mismatched
+
+
+	Fully covered hosts in *remotelyanywhere.com:
+
+		- (www.)?	(→ secure.remotelyanywhere.com)
+		- secure
+
+
+	Mixed content:
+
+		- Bug on secure from wt.logmein.com *
+
+	* Unsecurable <= refused
+
+-->
+<ruleset name="RemotelyAnywhere.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="secure.remotelyanywhere.com" />
+
+	<!--	Complications:
+				-->
+	<target host="remotelyanywhere.com" />
+	<target host="www.remotelyanywhere.com" />
+
+
+	<rule from="^http://(?:www\.)?remotelyanywhere\.com/"
+		to="https://secure.remotelyanywhere.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Removeddit.com.xml b/src/chrome/content/rules/Removeddit.com.xml
new file mode 100644
index 000000000000..449d612b7151
--- /dev/null
+++ b/src/chrome/content/rules/Removeddit.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="Removeddit.com">
+	<target host="removeddit.com" />
+	<target host="www.removeddit.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Renater.fr.xml b/src/chrome/content/rules/Renater.fr.xml
index 9021fd557ac8..30b1918fa552 100644
--- a/src/chrome/content/rules/Renater.fr.xml
+++ b/src/chrome/content/rules/Renater.fr.xml
@@ -1,19 +1,7 @@
 <!--
-	Nonfunctional subdomains:
+	These altnames don't exist:
 
-		- www	(refused)
-
-
-	Fully covered subdomains:
-
-		- federation
-		- fedregistry
-		- git
-		- groupes
-		- services
-		- services-federation
-		- sourcesup
-		- subversion
+		- prod-sourcesup.renater.fr
 
 
 	^renater.fr does not exist
@@ -21,13 +9,24 @@
 -->
 <ruleset name="Renater.fr (partial)">
 
-	<target host="*.renater.fr" />
+	<!--	Direct rewrites:
+				-->
+	<target host="federation.renater.fr" />
+	<target host="fedregistry.renater.fr" />
+	<target host="git.renater.fr" />
+	<target host="groupes.renater.fr" />
+	<target host="listes.renater.fr" />
+	<target host="services.renater.fr" />
+	<target host="services-federation.renater.fr" />
+	<target host="sourcesup.renater.fr" />
+	<target host="subversion.renater.fr" />
+	<target host="www.renater.fr" />
 
 
 	<securecookie host="^(?:groupes|services|sourcesup)\.renater\.fr$" name=".+" />
 
 
-	<rule from="^http://(federation|fedregistry|git|groupes|services|services-federation|sourcesup|subversion)\.renater\.fr/"
-		to="https://$1.renater.fr/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/RenderFarming.net.xml b/src/chrome/content/rules/RenderFarming.net.xml
new file mode 100644
index 000000000000..2d9a3449d048
--- /dev/null
+++ b/src/chrome/content/rules/RenderFarming.net.xml
@@ -0,0 +1,25 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://renderfarming.net/ => https://renderfarming.net/: (51, "SSL: no alternative certificate subject name matches target host name 'renderfarming.net'")
+
+
+	Domains covered by certificate:
+	- renderfarming.net
+	- burp.renderfarming.net
+
+	Invalid:
+	- www.renderfarming.net
+
+-->
+<ruleset name="RenderFarming.net" default_off="failed ruleset test">
+
+	<target host="burp.renderfarming.net" />
+	<target host="renderfarming.net" />
+
+	<securecookie host="^burp\.renderfarming\.net$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
+
diff --git a/src/chrome/content/rules/Reno_Gazette-Journal.xml b/src/chrome/content/rules/Reno_Gazette-Journal.xml
index 17402dd37290..7cd97fe58fee 100644
--- a/src/chrome/content/rules/Reno_Gazette-Journal.xml
+++ b/src/chrome/content/rules/Reno_Gazette-Journal.xml
@@ -1,4 +1,6 @@
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://rgj.com/ => https://www.rgj.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.rgj.com'")
 	For other Gannett Company coverage, see Gannett-Company.xml.
 
 
@@ -23,7 +25,9 @@
 <ruleset name="Reno Gazette-Journal (partial)">
 
 	<target host="rgj.com" />
-	<target host="*.rgj.com" />
+	<target host="cmsimg.rgj.com" />
+	<target host="www.rgj.com" />
+	<target host="deals.rgj.com" />
 
 
 	<securecookie host="^(?:www)?\.rgj\.com$" name=".+" />
@@ -35,4 +39,4 @@
 	<rule from="^http://deals\.rgj\.com/sf_(framework|module)s/"
 		to="https://reno.planetdiscover.com/sf_$1s/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Renovation_Experts.xml b/src/chrome/content/rules/Renovation_Experts.xml
deleted file mode 100644
index 08a8241a4d5c..000000000000
--- a/src/chrome/content/rules/Renovation_Experts.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	For other Web.com coverage, see Web.com.xml.
-
-
-	Nonfunctional subdomains:
-
-		- blog		(no https)
-
--->
-<ruleset name="Renovation Experts (partial)">
-
-	<target host="renovationexperts.com" />
-	<target host="www.renovationexperts.com" />
-
-
-	<securecookie host="^(?:www\.)?renovationexperts\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?renovationexperts\.com/"
-		to="https://$1renovationexperts.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Renren.com.xml b/src/chrome/content/rules/Renren.com.xml
new file mode 100644
index 000000000000..4b66e8100366
--- /dev/null
+++ b/src/chrome/content/rules/Renren.com.xml
@@ -0,0 +1,52 @@
+<!--
+	Nonfunctional hosts in *renren.com:
+
+		- 2014 ʳ
+		- app ³
+		- dev ³
+		- wiki.dev ʳ
+		- fenqi ᵈ
+		- bolt.jebe ʳ
+		- mobile ʳ
+		- page ³
+		- st ʳ
+		- public ʳ
+		- quxue ʳ
+		- support ᵈ
+		- widget ʳ
+		- wan ⁵
+		- www ³
+
+	³ 403
+	⁵ 503
+	ᵈ Dropped
+	ʳ Refused
+
+
+	Insecure cookies are set for these domains:
+
+		- .renren.com
+
+
+	Mixed content:
+
+		- Image on licai from fmn.rrfmn.com ³
+
+	³ Unsecurable <= 403
+
+-->
+<ruleset name="Renren.com (partial)">
+
+	<target host="graph.renren.com" />
+	<target host="licai.renren.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.renren\.com$" name="^XNESSESSIONID$" /-->
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Renrencaopan.com.xml b/src/chrome/content/rules/Renrencaopan.com.xml
new file mode 100644
index 000000000000..877b40645cd1
--- /dev/null
+++ b/src/chrome/content/rules/Renrencaopan.com.xml
@@ -0,0 +1,31 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://renrencaopan.com/ => https://renrencaopan.com/: (6, 'Could not resolve host: renrencaopan.com')
+Fetch error: http://www.renrencaopan.com/ => https://www.renrencaopan.com/: (6, 'Could not resolve host: www.renrencaopan.com')
+
+	Insecure cookies are set for these hosts:
+
+		- renrencaopan.com
+		- www.renrencaopan.com
+
+-->
+<ruleset name="renrencaopan.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="renrencaopan.com" />
+	<target host="www.renrencaopan.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?renrencaopan\.com$" name="^(?:SERVERID|koa:sess|koa:sess\.sig)$" /-->
+
+	<securecookie host="^(?:www\.)?renrencaopan\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Rensselaer_Polytechnic_Institute.xml b/src/chrome/content/rules/Rensselaer_Polytechnic_Institute.xml
deleted file mode 100644
index 44343402c575..000000000000
--- a/src/chrome/content/rules/Rensselaer_Polytechnic_Institute.xml
+++ /dev/null
@@ -1,38 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- admissions *
-		- bookstore **
-		- concerto
-		- rpinfo *
-		- documents.studentsenate
-		- archer.union **
-		- home.union **
-		- sysadmin.union **
-		- workorders.union **
-
-	* 403
-	** Redirects to clubs.union, CN: clubs.union.rpi.edu
-
-
-	Problematic subdomains:
-
-		- ^		(cert only matches www)
-		- finance *
-		- hr *
-		- srfs *
-
-	* Works, expired, mismatched, CN: prod3.web.server.rpi.edu
-
--->
-<ruleset name="Rensselaer Polytechnic Institute">
-
-	<target host="rpi.edu" />
-	<target host="*.rpi.edu" />
-	<target host="clubs.union.rpi.edu" />
-
-
-	<rule from="^http://(events\.|clubs\.union\.|www\.)?rpi\.edu/"
-		to="https://$1rpi.edu/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Rent_the_Runway.xml b/src/chrome/content/rules/Rent_the_Runway.xml
index 364375ab04d8..2f81359d88b1 100644
--- a/src/chrome/content/rules/Rent_the_Runway.xml
+++ b/src/chrome/content/rules/Rent_the_Runway.xml
@@ -30,8 +30,11 @@
 <ruleset name="Rent the Runway (partial)">
 
 	<target host="renttherunway.com" />
-	<target host="*.renttherunway.com" />
-	<target host="*.rtrcdn.com" />
+	<target host="www.renttherunway.com" />
+	<target host="cdn.renttherunway.com" />
+	<target host="cdn.rtrcdn.com" />
+	<target host="grid-p.rtrcdn.com" />
+	<target host="static-p.rtrcdn.com" />
 
 
 	<!--	Redirects to http as-is:
@@ -51,4 +54,4 @@
 	<rule from="^http://(?:grid|static)-p\.rtrcdn\.com/"
 		to="https://cdn.rtrcdn.com/grid/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Rentalcars.com.xml b/src/chrome/content/rules/Rentalcars.com.xml
new file mode 100644
index 000000000000..18f8602b6f47
--- /dev/null
+++ b/src/chrome/content/rules/Rentalcars.com.xml
@@ -0,0 +1,21 @@
+<!--
+	^: Dropped
+	www: Shows secure
+
+-->
+<ruleset name="rentalcars.com (partial)">
+
+	<target host="secure.rentalcars.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^secure\.rentalcars\.com$" name="^(CONNECTIONID|WRUID|tj_conf|tjex)$" /-->
+
+	<securecookie host="^secure\.rentalcars\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Rentalserver.jp.xml b/src/chrome/content/rules/Rentalserver.jp.xml
new file mode 100644
index 000000000000..7bde0ba020f6
--- /dev/null
+++ b/src/chrome/content/rules/Rentalserver.jp.xml
@@ -0,0 +1,39 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cp-vps.rentalserver.jp/ => https://cp-vps.rentalserver.jp/: (28, 'Connection timed out after 20000 milliseconds')
+
+	For other GMO coverage, see GMO_Internet.xml.
+
+
+	Fully covered subdomains:
+
+		- cp
+		- cp-d
+		- cp-vps
+		- sv
+
+-->
+<ruleset name="rentalserver.jp" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="cp.rentalserver.jp" />
+	<target host="cp-d.rentalserver.jp" />
+	<target host="cp-vps.rentalserver.jp" />
+	<target host="sv.rentalserver.jp" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(cp|cp-d|cp-vps)\.rentalserver\.jp$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^cp-d\.rentalserver\.jp$" name="^__RequestVerificationToken$" /-->
+	<!--securecookie host="^sv\.rentalserver\.jp$" name="^cpanel_sid$" /-->
+
+	<securecookie host="^(?:cp|cp-d|cp-vps|sv)\.rentalserver\.jp$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Rentex.xml b/src/chrome/content/rules/Rentex.xml
deleted file mode 100644
index 58712b120942..000000000000
--- a/src/chrome/content/rules/Rentex.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	!www: mismatched
-
--->
-<ruleset name="Rentex">
-
-	<target host="rentex.com" />
-	<target host="www.rentex.com" />
-
-
-	<securecookie host="^www\.rentex\.com$" name=".+" />
-
-
-	<rule from="^https?://(?:www\.)?rentex\.com/"
-		to="https://www.rentex.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Rentler.com.xml b/src/chrome/content/rules/Rentler.com.xml
new file mode 100644
index 000000000000..975b2496d02c
--- /dev/null
+++ b/src/chrome/content/rules/Rentler.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="Rentler.com">
+
+	<target host="rentler.com" />
+	<target host="www.rentler.com" />
+
+
+	<securecookie host="^\.rentler\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/RepeaterStore.com.xml b/src/chrome/content/rules/RepeaterStore.com.xml
new file mode 100644
index 000000000000..c14e87a81423
--- /dev/null
+++ b/src/chrome/content/rules/RepeaterStore.com.xml
@@ -0,0 +1,27 @@
+<!--
+	Insecure cookies are set for these domains and hosts:
+
+		- .repeaterstore.com
+		- www.repeaterstore.com
+
+-->
+<ruleset name="RepeaterStore.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="repeaterstore.com" />
+	<target host="www.repeaterstore.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.repeaterstore\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+	<!--securecookie host="^www\.repeaterstore\.com$" name="^_session_id$" /-->
+
+	<securecookie host="^(?:www)?\.repeaterstore\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Rephial.org.xml b/src/chrome/content/rules/Rephial.org.xml
new file mode 100644
index 000000000000..b713abe915c4
--- /dev/null
+++ b/src/chrome/content/rules/Rephial.org.xml
@@ -0,0 +1,14 @@
+<!--
+    Redirect to HTTP:
+    buildbot.rephial.org
+	www.rephial.org
+	www.trac.rephial.org
+
+-->
+<ruleset name="Rephial.org">
+	<target host="rephial.org" />
+	<target host="trac.rephial.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
+
diff --git a/src/chrome/content/rules/Replica_Perfection.xml b/src/chrome/content/rules/Replica_Perfection.xml
index 2dc0836d203f..8f247c6928f6 100644
--- a/src/chrome/content/rules/Replica_Perfection.xml
+++ b/src/chrome/content/rules/Replica_Perfection.xml
@@ -1,13 +1,12 @@
 <ruleset name="Replica Perfection">
 
 	<target host="replicaperfection.com" />
-	<target host="*.replicaperfection.com" />
+	<target host="www.replicaperfection.com" />
 
 
 	<securecookie host="^\.replicaperfection\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?replicaperfection\.com/"
-		to="https://$1replicaperfection.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Replicant.us.xml b/src/chrome/content/rules/Replicant.us.xml
new file mode 100644
index 000000000000..6e32f1ea25f9
--- /dev/null
+++ b/src/chrome/content/rules/Replicant.us.xml
@@ -0,0 +1,17 @@
+<ruleset name="Replicant.us">
+
+	<target host="replicant.us" />
+	<target host="www.replicant.us" />
+	<target host="blog.replicant.us" />
+	<target host="git.replicant.us" />
+	<target host="redmine.replicant.us" />
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^redmine\.replicant\.us$" name="^_redmine_session$" /-->
+	<securecookie host="^redmine\.replicant\.us$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Reporo.xml b/src/chrome/content/rules/Reporo.xml
index d3da565deb73..c0aeca02b39d 100644
--- a/src/chrome/content/rules/Reporo.xml
+++ b/src/chrome/content/rules/Reporo.xml
@@ -1,39 +1,56 @@
 <!--
-	CDN buckets:
+	Other Reporo rulesets:
 
-		- netdna-pull.reporo.netdna-cdn.com
+		- reporo.net.xml
 
-			- -ssl doesn't exist
-			- netdna.reporo.net
 
+	Nonfunctional hosts in *reporo.com:
 
-	Nonfunctional domains:
+		- blog ᵈ
 
-		- blog.reporo.com *
-		- netdna.reporo.net	(404; mismatched, CN: *.netdna-ssl.com)
-		- www.reporo.net *
+	ᵈ Dropped
 
-	* Times out
 
+	^reporo.com: Mismatched
 
-	Problematic domains:
 
-		- reporo.com	(cert only matches www.reporo.com)
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.reporo.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="Reporo (partial)">
+<ruleset name="Reporo.com (partial)">
+
+	<!--	Direct rewrites::
+				-->
+	<target host="static.reporo.com" />
+	<target host="support.reporo.com" />
+	<target host="www.reporo.com" />
 
+		<test url="http://static.reporo.com/images/list-style1.png" />
+
+		<!--	Sets cookie without Secure:
+							-->
+		<!--test url="http://www.reporo.com/analytics/" /-->
+
+	<!--	Complications:
+				-->
 	<target host="reporo.com" />
-	<target host="*.reporo.com" />
 
 
-	<securecookie host="^www\.reporo\.com$" name=".+" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.reporo\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?reporo\.com/"
+	<rule from="^http://reporo\.com/"
 		to="https://www.reporo.com/" />
 
-	<rule from="^http://static\.reporo\.com/"
-		to="https://static.reporo.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ReportLab.xml b/src/chrome/content/rules/ReportLab.xml
index 38884caf071c..f0d99606cdfe 100644
--- a/src/chrome/content/rules/ReportLab.xml
+++ b/src/chrome/content/rules/ReportLab.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://www\.reportlab\.com/(accounts/|favicon\.ico|media/|static)"
 		to="https://www.reportlab.com/$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Reporter-ohne-Grenzen.de.xml b/src/chrome/content/rules/Reporter-ohne-Grenzen.de.xml
new file mode 100644
index 000000000000..3c8192c3760f
--- /dev/null
+++ b/src/chrome/content/rules/Reporter-ohne-Grenzen.de.xml
@@ -0,0 +1,26 @@
+<!--
+	For other Reporters Without Borders coverage, see Reporters_Without_Borders.xml.
+
+
+	Mixed content:
+
+		- Bug on www from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Reporter-ohne-Grenzen.de">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="reporter-ohne-grenzen.de" />
+	<target host="www.reporter-ohne-grenzen.de" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Reporters_Without_Borders.xml b/src/chrome/content/rules/Reporters_Without_Borders.xml
index ea79001a2724..6049e7e1537d 100644
--- a/src/chrome/content/rules/Reporters_Without_Borders.xml
+++ b/src/chrome/content/rules/Reporters_Without_Borders.xml
@@ -1,19 +1,65 @@
 <!--
-	Problematic domains:
+	Reporters Without Borders
 
-		- agir.rsf.org		(mismatched, CN: slotmatching14.salesforce.com)
+	Other Reporters Without Borders rulesets:
 
+		- Reporter-ohne-Grenzen.de.xml
 
-	Mixed image from agir.rsf.org
+	Connection refused:
+		www.rsf.org
+		en.rsf.org
+		es.rsf.org
+		fr.rsf.org
+		index.rsf.org
 
+	Invalid certificate:
+		agir.rsf.org
+		campaign2014.rsf.org
+		deadtweet.rsf.org
+
+	Timeout:
+		12march.rsf.org
+		12mars.rsf.org
+		20juin.rsf.org
+		album.rsf.org
+		albums.rsf.org
+		ar.rsf.org
+		archives.rsf.org
+		blogs.rsf.org
+		campaign2015.rsf.org
+		dosh.rsf.org
+		freeaustintice.rsf.org
+		heroes.rsf.org
+		inscription.rsf.org
+		jamesfoley.rsf.org
+		journalmission.rsf.org
+		lankaenews.rsf.org
+		march12.rsf.org
+		membership.rsf.org
+		pacte2012.rsf.org
+		predators.rsf.org
+		questionaire.rsf.org
+		respublika-kz.rsf.org
+		rio2016.rsf.org
+		slides.rsf.org
+		surveillance.rsf.org
+		thejournalistsmemorial.rsf.org
+		vzglyad.rsf.org
+		wiki.rsf.org
+		wikileaks.rsf.org
+		zambiareports.rsf.org
 -->
-<ruleset name="Reporters Without Borders">
+<ruleset name="RSF.org (partial)">
 
 	<target host="rsf.org" />
-	<target host="*.rsf.org" />
+	<target host="boutique.rsf.org" />
+	<target host="charlie.rsf.org" />
+	<target host="donate.rsf.org" />
+	<target host="old-fr.rsf.org" />
 
+	<securecookie host="^\." name="^__utm" />
+	<securecookie host="^\w" name=".+" />
 
-	<rule from="^http://((?:donate|en|fr|surveillance|www)\.)?rsf\.org/"
-		to="https://$1rsf.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Reporting_Project.net.xml b/src/chrome/content/rules/Reporting_Project.net.xml
new file mode 100644
index 000000000000..197ddb0f98f3
--- /dev/null
+++ b/src/chrome/content/rules/Reporting_Project.net.xml
@@ -0,0 +1,20 @@
+<!--
+	Organized Crime and Corruption Reporting Project
+
+	Other Organized Crime and Corruption Reporting Project rulesets:
+
+		- OCCRP.org.xml
+
+-->
+<ruleset name="Reporting Project.net">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="reportingproject.net" />
+	<target host="www.reportingproject.net" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Repost.Us.xml b/src/chrome/content/rules/Repost.Us.xml
deleted file mode 100644
index 1ccbb8a264c1..000000000000
--- a/src/chrome/content/rules/Repost.Us.xml
+++ /dev/null
@@ -1,28 +0,0 @@
-<!--
-	CDN buckets:
-
-		- d2q1vna75dc892.cloudfront.net
-
-			- img.1
-
--->
-<ruleset name="Repost.Us">
-
-	<target host="repost.us" />
-	<target host="*.repost.us" />
-	<target host="*.rp-api.com" />
-
-
-	<securecookie host="^.*\.repost\.us$" name=".+" />
-
-
-	<rule from="^http://(secure\.|www\.)?repost\.us/"
-		to="https://$1repost.us/" />
-
-	<rule from="^http://1\.rp-api\.com/"
-		to="https://1.rp-api.com/" />
-
-	<rule from="^https?://(?:img|static)\.1\.rp-api\.com/"
-		to="https://d2q1vna75dc892.cloudfront.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Repozitar.cz.xml b/src/chrome/content/rules/Repozitar.cz.xml
new file mode 100644
index 000000000000..814eefa77de5
--- /dev/null
+++ b/src/chrome/content/rules/Repozitar.cz.xml
@@ -0,0 +1,24 @@
+<!--
+	For other Masaryk University coverage, see Muni.cz.xml.
+
+
+	www: cert only matches ^repozitar.cz
+
+-->
+<ruleset name="Repozitar.cz">
+
+	<target host="repozitar.cz" />
+	<target host="www.repozitar.cz" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^repozitar\.cz$" name="^issession$" /-->
+
+	<securecookie host="^repozitar\.cz$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?repozitar\.cz/"
+		to="https://repozitar.cz/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Represent.Us.xml b/src/chrome/content/rules/Represent.Us.xml
index 50ab333e3961..9881c264824a 100644
--- a/src/chrome/content/rules/Represent.Us.xml
+++ b/src/chrome/content/rules/Represent.Us.xml
@@ -24,4 +24,4 @@
 	<rule from="^http://cdn\d\.represent\.us/"
 		to="https://d16f95x138ho2a.cloudfront.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Reprieve.org.uk.xml b/src/chrome/content/rules/Reprieve.org.uk.xml
new file mode 100644
index 000000000000..2c7466b1b756
--- /dev/null
+++ b/src/chrome/content/rules/Reprieve.org.uk.xml
@@ -0,0 +1,22 @@
+<!--
+	Nonfunctional hosts in *.reprieve.org.uk:
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Reprieve">
+	<target host="reprieve.org.uk" />
+	<target host="www.reprieve.org.uk" />
+                <test url="http://www.reprieve.org.uk/about/" />
+                <test url="http://www.reprieve.org.uk/press-releases/" />
+                <test url="http://www.reprieve.org.uk/topic/death-penalty/" />
+
+	<target host="act.reprieve.org.uk" />
+                <test url="http://act.reprieve.org.uk/page/s/join" />
+                <test url="http://act.reprieve.org.uk/page/s/andy-tsege-official-register" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Reproducible-builds.org.xml b/src/chrome/content/rules/Reproducible-builds.org.xml
new file mode 100644
index 000000000000..49e1ee4337b1
--- /dev/null
+++ b/src/chrome/content/rules/Reproducible-builds.org.xml
@@ -0,0 +1,15 @@
+<!--
+	www.reproducible-builds.org doesn't exist.
+
+-->
+<ruleset name="reproducible-builds.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="reproducible-builds.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Republik.ch.xml b/src/chrome/content/rules/Republik.ch.xml
new file mode 100644
index 000000000000..064bad80c9d3
--- /dev/null
+++ b/src/chrome/content/rules/Republik.ch.xml
@@ -0,0 +1,40 @@
+<!--
+	Cert expired:
+		- nextcloud.project-r.construction
+
+	Connection refused:
+		- sandstorm.republik.ch
+		- runner-0.git.project-r.construction
+
+	Timeout:
+		- email.project-r.construction
+-->
+<ruleset name="Republik.ch">
+
+	<target host="republik.ch" />
+	<target host="www.republik.ch" />
+	<target host="admin.republik.ch" />
+	<target host="api.republik.ch" />
+	<target host="styleguide.republik.ch" />
+	<target host="ultradashboard.republik.ch" />
+	<target host="wiki.republik.ch" />
+	<target host="assets.republik.ch" />
+	<target host="assets.staging.republik.ch" />
+
+	<target host="project-r.construction" />
+	<target host="www.project-r.construction" />
+	<target host="git.project-r.construction" />
+	<target host="registry.git.project-r.construction" />
+	<target host="piwik.project-r.construction" />
+	<target host="publikator.project-r.construction" />
+	<target host="api.publikator.project-r.construction" />
+	<target host="staging.project-r.construction" />
+	<target host="publikator.staging.project-r.construction" />
+	<target host="api.publikator.staging.project-r.construction" />
+	<target host="assets.project-r.construction" />
+	<target host="assets.publikator.project-r.construction" />
+	<target host="assets.publikator.staging.project-r.construction" />
+	<target host="styleguide.project-r.construction" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Reputation.com.xml b/src/chrome/content/rules/Reputation.com.xml
index 6058d4fe765f..d73548d5d4d8 100644
--- a/src/chrome/content/rules/Reputation.com.xml
+++ b/src/chrome/content/rules/Reputation.com.xml
@@ -1,20 +1,42 @@
-<!--	d35wfru2rucjcz.cloudfront.net
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://reputation.com/ => https://www.reputation.com/: (35, 'Unknown SSL protocol error in connection to www.reputation.com:443 ')
+	CDN buckets:
+
+		- d35wfru2rucjcz.cloudfront.net
+
+
+	Partially covered subdomains:
+
+		- uk *
+
+	* Some pages redirect to http
+
 -->
-<ruleset name="Reputation.com">
+<ruleset name="Reputation.com (partial)">
+
+	<target host="reputation.com" />
+	<target host="*.reputation.com" />
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="^http://uk\.reputation\.com/+($|\?|(contact|pub/contact|pub/index)$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://uk\.reputation\.com/+(?!favicon\.ico|pub/assets/)" />
+
 
-	<target host="reputation.com"/>
-	<target host="t.reputation.com"/>
-	<target host="www.reputation.com"/>
+	<securecookie host="^t\.reputation\.com$" name=".+" />
 
-	<securecookie host="^t\.reputation\.com$" name=".*"/>
 
 	<rule from="^http://reputation\.com/"
-		to="https://www.reputation.com/"/>
+		to="https://www.reputation.com/" />
 
-	<rule from="^http://www\.reputation\.com/([\w\-/]*images|min|secure)/"
-		to="https://www.reputation.com/$1/"/>
+	<rule from="^http://(t|uk)\.reputation\.com/"
+		to="https://$1.reputation.com/" />
 
-	<rule from="^http://t\.reputation\.com/"
-		to="https://t.reputation.com/"/>
+	<rule from="^http://www\.reputation\.com/(?=[\w/-]*images/|min/|secure/)"
+		to="https://www.reputation.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/RequestPolicy.xml b/src/chrome/content/rules/RequestPolicy.xml
index 63425abf9d14..85fc91040a56 100644
--- a/src/chrome/content/rules/RequestPolicy.xml
+++ b/src/chrome/content/rules/RequestPolicy.xml
@@ -4,7 +4,6 @@
 	<target host="www.requestpolicy.com" />
 
 
-	<rule from="^http://(www\.)?requestpolicy\.com/"
-		to="https://$1requestpolicy.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/RequireJS.org.xml b/src/chrome/content/rules/RequireJS.org.xml
new file mode 100644
index 000000000000..0d86a958c245
--- /dev/null
+++ b/src/chrome/content/rules/RequireJS.org.xml
@@ -0,0 +1,23 @@
+<!--
+	This domain contains a wildcard DNS record.
+
+	Refused:
+		m
+		wap
+		wwww
+-->
+<ruleset name="RequireJS.org">
+
+	<target host="requirejs.org" />
+	<target host="www.requirejs.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<!-- Invalid certificate on https://www.requirejs.org/,
+	http://www.requirejs.org/ redirects to https://requirejs.org/.-->
+	<rule from="^http://www\.requirejs\.org/"
+		to="https://requirejs.org/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Requires.io.xml b/src/chrome/content/rules/Requires.io.xml
new file mode 100644
index 000000000000..a76bef230d7c
--- /dev/null
+++ b/src/chrome/content/rules/Requires.io.xml
@@ -0,0 +1,23 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- requires.io
+
+-->
+<ruleset name="requires.io">
+
+	<target host="requires.io" />
+	<target host="www.requires.io" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^requires\.io$" name="^csrftoken$" /-->
+
+	<securecookie host="^requires\.io$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Research-Blogging.xml b/src/chrome/content/rules/Research-Blogging.xml
index 00e2f02572cb..418440070e6b 100644
--- a/src/chrome/content/rules/Research-Blogging.xml
+++ b/src/chrome/content/rules/Research-Blogging.xml
@@ -6,7 +6,7 @@
 	<target host="www.researchblogging.org" />
 
 
-	<rule from="^https?://(?:www\.)?researchblogging\.org/"
+	<rule from="^http://(?:www\.)?researchblogging\.org/"
 		to="https://www.researchblogging.org/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Research-Media-and-Cybernetics.xml b/src/chrome/content/rules/Research-Media-and-Cybernetics.xml
index e91c8bc88ac2..23fe2935764f 100644
--- a/src/chrome/content/rules/Research-Media-and-Cybernetics.xml
+++ b/src/chrome/content/rules/Research-Media-and-Cybernetics.xml
@@ -1,17 +1,16 @@
 <ruleset name="Research Media &amp; Cybernetics">
 
 	<target host="rmcybernetics.com" />
+	<target host="www.rmcybernetics.com" />
 	<!--
 		*s for cross-domain cookies.
 						-->
-	<target host="*.rmcybernetics.com" />
-	<target host="*.www.rmcybernetics.com" />
 
 
-	<securecookie host="^.*\.rmcybernetics\.com$" name=".*" />
 
+	<securecookie host="^.*\.rmcybernetics\.com$" name=".+" />
 
-	<rule from="^http://(www\.)?rmcybernetics\.com/"
-		to="https://$1rmcybernetics.com/" />
+
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Research.gov.xml b/src/chrome/content/rules/Research.gov.xml
new file mode 100644
index 000000000000..f47ab679603e
--- /dev/null
+++ b/src/chrome/content/rules/Research.gov.xml
@@ -0,0 +1,33 @@
+<!--
+
+
+	Problematic hosts in *research.gov:
+
+		- wt *
+
+	* Server sends no certificate chain, see https://whatsmychaincert.com
+
+
+	Insecure cookies are set for these hosts:
+
+		- wt.research.gov
+
+-->
+<ruleset name="Research.gov">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="wt.research.gov" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^wt\.research\.gov$" name="^(ACOOKIE|BIGipServer[\.~-]+|WEBTRENDS_ID)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ResearchMatch.org.xml b/src/chrome/content/rules/ResearchMatch.org.xml
new file mode 100644
index 000000000000..6fb9cd2a3ff9
--- /dev/null
+++ b/src/chrome/content/rules/ResearchMatch.org.xml
@@ -0,0 +1,16 @@
+<ruleset name="ResearchMatch.org">
+
+	<target host="researchmatch.org" />
+	<target host="www.researchmatch.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.researchmatch\.org$" name="^(PHPSESSID|rmcampaign|rmcobrand|timeout)$" /-->
+
+	<securecookie host="^www\.researchmatch\.org$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Research_Now.com.xml b/src/chrome/content/rules/Research_Now.com.xml
new file mode 100644
index 000000000000..8ced8d4b4dc3
--- /dev/null
+++ b/src/chrome/content/rules/Research_Now.com.xml
@@ -0,0 +1,13 @@
+<!--
+	(www.)?researchnow.com: Refused
+
+-->
+<ruleset name="Research Now.com (partial)">
+
+	<target host="tag.researchnow.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Research_Results.com.xml b/src/chrome/content/rules/Research_Results.com.xml
index 8572b2cf0aaf..d50e63120ccb 100644
--- a/src/chrome/content/rules/Research_Results.com.xml
+++ b/src/chrome/content/rules/Research_Results.com.xml
@@ -1,32 +1,31 @@
-<!--
-	Nonfunctional subdomains:
 
-		- (www.)	(reset)
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://isurveys.researchresults.com/ => https://isurveys.researchresults.com/: (6, 'Could not resolve host: isurveys.researchresults.com')
+Fetch error: http://surveys.researchresults.com/ => https://surveys.researchresults.com/: (6, 'Could not resolve host: surveys.researchresults.com')
 
+	(www.)?researchresults.com: Refused
 
-	Fully covered domains:
 
-		- researchresults.com subdomains:
+	Problematic domains:
 
-			- isurveys
-			- surveys
+		- fe03.rresults.com ᶜ ᵉ
 
-		- fe03.rresults.com
+	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
+	ᵉ Expired
 
 -->
-<ruleset name="Research Results.com">
-
-	<target host="*.researchresults.com" />
-	<target host="fe03.rresults.com" />
+<ruleset name="Research Results.com (partial)" default_off="failed ruleset test">
 
+	<target host="isurveys.researchresults.com" />
+	<target host="surveys.researchresults.com" />
+	<!--target host="fe03.rresults.com" /-->
 
-	<securecookie host="^\.researchresults\.com$" name="^__utm\w$" />
 
+	<securecookie host="^\." name="^__utm" />
 
-	<rule from="^http://(i)?surveys\.researchresults\.com/"
-		to="https://$1surveys.researchresults.com/" />
 
-	<rule from="^http://fe03\.rresults\.com/"
-		to="https://fe03.rresults.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ResearcherID.com.xml b/src/chrome/content/rules/ResearcherID.com.xml
new file mode 100644
index 000000000000..6dfd64ad10f3
--- /dev/null
+++ b/src/chrome/content/rules/ResearcherID.com.xml
@@ -0,0 +1,29 @@
+<!--
+	Connection refused:
+		- dl.researcherid.com
+		- ul.researcherid.com
+
+	Connection reset:
+		- ridws.researcherid.com
+
+	Invalid certificate:
+		- origin-eagan-www.researcherid.com
+		- origin-plano-www.researcherid.com
+
+	Timed out:
+		- account-int.researcherid.com
+		- account-qa.researcherid.com
+		- labs-qa.researcherid.com
+		- rid-qa.researcherid.com
+-->
+
+<ruleset name="ResearcherID.com">
+	<target host="researcherid.com" />
+	<target host="www.researcherid.com" />
+	<target host="account.researcherid.com" />
+	<target host="labs.researcherid.com" />
+
+	<securecookie host="^(www|account|labs)\.researcherid\.com$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Researchmap.jp.xml b/src/chrome/content/rules/Researchmap.jp.xml
new file mode 100644
index 000000000000..9831a752d59e
--- /dev/null
+++ b/src/chrome/content/rules/Researchmap.jp.xml
@@ -0,0 +1,39 @@
+<!--
+	www.researchmap.jp doesn't exist.
+
+-->
+<ruleset name="researchmap.jp (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="researchmap.jp" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://researchmap\.jp/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://researchmap\.jp/+(?!favicon\.ico|images/|index\.php\?active_center=login_view_main_autoregist|themes/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://researchmap.jp/kanaso/" />
+			<test url="http://researchmap.jp/motonori/" />
+			<test url="http://researchmap.jp/sagayama/" />
+			<test url="http://researchmap.jp/sakashita/" />
+			<test url="http://researchmap.jp/swaka/" />
+			<test url="http://researchmap.jp/tackasy/" />
+
+			<!--	-ve:
+					-->
+			<test url="http://researchmap.jp/favicon.ico" />
+			<test url="http://researchmap.jp/images/pages/researchmap/public/logo.gif" />
+			<test url="http://researchmap.jp/index.php?active_center=login_view_main_autoregist" />
+			<test url="http://researchmap.jp/themes/system/images/setting_dot.gif" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ResellerRatings.xml b/src/chrome/content/rules/ResellerRatings.xml
index 28c9cc8e0f79..f7b132c80765 100644
--- a/src/chrome/content/rules/ResellerRatings.xml
+++ b/src/chrome/content/rules/ResellerRatings.xml
@@ -1,4 +1,6 @@
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://resellerratings.com/ => https://resellerratings.com/: (60, 'SSL certificate problem: certificate has expired')
 	CDN buckets:
 
 		- d2ebdb90bhptzn.cloudfront.net
@@ -42,10 +44,10 @@
 	<rule from="^http://(?:beta\.|(seals\.|www\.))?resellerratings\.com/"
 		to="https://$1resellerratings.com/" />
 
-	<rule from="^https?://cdn\d\.resellerratings\.com/"
+	<rule from="^http://cdn\d\.resellerratings\.com/"
 		to="https://d3cb52u6zfmv02.cloudfront.net/" />
 
-	<rule from="^https?://images\.resellerratings\.com/"
-		to="https://d2ebdb90bhptzn.cloudfront.net/" />
+	<rule from="^http://images\.resellerratings\.com/"
+		to="https://images.resellerratings.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Reservation-Desk.com.xml b/src/chrome/content/rules/Reservation-Desk.com.xml
deleted file mode 100644
index 2bdd2840f23f..000000000000
--- a/src/chrome/content/rules/Reservation-Desk.com.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	findanswers.custhelp.com
-
-
-	Some pages redirect to http.
-
--->
-<ruleset name="Reservation-Desk.com (partial)">
-
-	<target host="reservation-desk.com" />
-	<target host="*.reservation-desk.com" />
-		<exclusion pattern="^http://(?:www\.)?reservation-desk\.com/(?!application/themes/)" />
-
-
-	<rule from="^http://(callcenter\.|www\.)?reservation-desk\.com/"
-		to="https://$1reservation-desk.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Reservation_Counter.xml b/src/chrome/content/rules/Reservation_Counter.xml
index f456433283ee..d036a1f2afa0 100644
--- a/src/chrome/content/rules/Reservation_Counter.xml
+++ b/src/chrome/content/rules/Reservation_Counter.xml
@@ -5,7 +5,7 @@
 	Some pages redirect to http.
 
 -->
-<ruleset name="Reservation Counter (partial)">
+<ruleset name="Reservation Counter.com (partial)">
 
 	<target host="reservationcounter.com" />
 	<target host="*.reservationcounter.com" />
@@ -14,10 +14,10 @@
 	<securecookie host="^callcenter\.reservationcounter\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?reservationcounter\.com/(\w+/themes/|ga\.\d+\.js)"
-		to="https://www.reservationcounter.com/$1" />
+	<rule from="^http://(?:www\.)?reservationcounter\.com/(?=\w+/themes/|ga\.\d+\.js)"
+		to="https://www.reservationcounter.com/" />
 
 	<rule from="^http://callcenter\.reservationcounter\.com/"
 		to="https://callcenter.reservationcounter.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Reset_the_Net.org.xml b/src/chrome/content/rules/Reset_the_Net.org.xml
new file mode 100644
index 000000000000..60e95f6b447d
--- /dev/null
+++ b/src/chrome/content/rules/Reset_the_Net.org.xml
@@ -0,0 +1,16 @@
+<!--
+	For other Fight for the Future coverage, see Fight-for-the-Future.xml.
+
+-->
+<ruleset name="Reset the Net.org">
+
+	<target host="resetthenet.org" />
+	<target host="www.resetthenet.org" />
+	<target host="pack.resetthenet.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ResidueTheorem.com.xml b/src/chrome/content/rules/ResidueTheorem.com.xml
new file mode 100644
index 000000000000..31b8d6e3ec5b
--- /dev/null
+++ b/src/chrome/content/rules/ResidueTheorem.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="ResidueTheorem.com">
+	<target host="residuetheorem.com" />
+	<target host="www.residuetheorem.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Resilient_Systems.com.xml b/src/chrome/content/rules/Resilient_Systems.com.xml
new file mode 100644
index 000000000000..465ce3153b40
--- /dev/null
+++ b/src/chrome/content/rules/Resilient_Systems.com.xml
@@ -0,0 +1,34 @@
+<!--
+	Problematic hosts:
+
+		- ^ *
+		- info *
+
+	* Mismatched
+
+
+	Fully covered hosts:
+
+		- (www.)?	(^ → www)
+		- app
+
+-->
+<ruleset name="Resilient Systems.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="app.resilientsystems.com" />
+	<target host="www.resilientsystems.com" />
+
+	<!--	Complications:
+				-->
+	<target host="resilientsystems.com" />
+
+
+	<rule from="^http://resilientsystems\.com/"
+		to="https://www.resilientsystems.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Resin.io.xml b/src/chrome/content/rules/Resin.io.xml
new file mode 100644
index 000000000000..21bd86395fca
--- /dev/null
+++ b/src/chrome/content/rules/Resin.io.xml
@@ -0,0 +1,46 @@
+<!--
+	Nonfunctional hosts in *resin.io:
+
+		- talk *
+
+	* Refused
+
+
+	Problematic hosts in *resin.io:
+
+		- docs ¹
+		- www ²
+	¹ Github
+	² Refused
+
+
+	Fully covered hosts in *resin.io:
+
+		- (www.)?	(www → ^)
+		- dashboard
+
+
+	Mixed content:
+
+		- css on docs from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Resin.io (partial)">
+
+	<!--	Direct rewrites:
+				-->
+  <target host="resin.io" />
+	<target host="dashboard.resin.io" />
+
+	<!--	Complications:
+				-->
+  <target host="www.resin.io" />
+
+	<rule from="^http://www\.resin\.io/"
+		to="https://resin.io/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Resinfo.org.xml b/src/chrome/content/rules/Resinfo.org.xml
new file mode 100644
index 000000000000..5ac266667cdd
--- /dev/null
+++ b/src/chrome/content/rules/Resinfo.org.xml
@@ -0,0 +1,25 @@
+<!--
+	NB: Server sends no certificate chain, see https://whatsmychaincert.com
+
+
+	Mixed content:
+
+		- Images on ^ from www.resinfo.org *
+
+	* Secured by us
+
+-->
+<ruleset name="Resinfo.org" default_off="cert-chain">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="resinfo.org" />
+	<target host="argos.resinfo.org" />
+	<target host="cesar.resinfo.org" />
+	<target host="www.resinfo.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Resist_Surveillance.org.xml b/src/chrome/content/rules/Resist_Surveillance.org.xml
new file mode 100644
index 000000000000..1fd5934c5bde
--- /dev/null
+++ b/src/chrome/content/rules/Resist_Surveillance.org.xml
@@ -0,0 +1,16 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://resistsurveillance.org/ => https://resistsurveillance.org/: (7, 'Failed to connect to resistsurveillance.org port 443: Connection refused')
+Fetch error: http://www.resistsurveillance.org/ => https://www.resistsurveillance.org/: (7, 'Failed to connect to www.resistsurveillance.org port 443: Connection refused')
+
+-->
+<ruleset name="Resist Surveillance.org" default_off="failed ruleset test">
+
+	<target host="resistsurveillance.org" />
+	<target host="www.resistsurveillance.org" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Resonant.org.xml b/src/chrome/content/rules/Resonant.org.xml
deleted file mode 100644
index 87170915304f..000000000000
--- a/src/chrome/content/rules/Resonant.org.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Resonant.org" default_off="self-signed">
-
-	<target host="resonant.org" />
-	<target host="wikis.resonant.org" />
-	<target host="www.resonant.org" />
-
-	<rule from="^http://(www\.)?resonant\.org/"
-		to="https://www.resonant.org/" />
-
-	<rule from="^http://wikis\.resonant\.org/"
-		to="https://wikis.resonant.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Resortpro.net.xml b/src/chrome/content/rules/Resortpro.net.xml
new file mode 100644
index 000000000000..500fd096cda2
--- /dev/null
+++ b/src/chrome/content/rules/Resortpro.net.xml
@@ -0,0 +1,14 @@
+<ruleset name="Resortpro.net">
+
+    <target host="resortpro.net" />
+    <target host="www.resortpro.net" />
+
+    <securecookie host=".+" name=".+" />
+
+    <rule from="^http:"
+            to="https:" />
+
+    <!-- Example of URL which is not redirected without us: -->
+    <test url="http://www.resortpro.net/pmt_common/js/calendar/calendar.js" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Respawn_Security.xml b/src/chrome/content/rules/Respawn_Security.xml
deleted file mode 100644
index ad4541582007..000000000000
--- a/src/chrome/content/rules/Respawn_Security.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="Respawn Security">
-
-	<target host="cloudflareapp1.info" />
-	<target host="*.cloudflareapp1.info" />
-
-
-	<rule from="^http://(www\.)?cloudflareapp1\.info/"
-		to="https://$1cloudflareapp1.info/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Respect_our_privacy.com.xml b/src/chrome/content/rules/Respect_our_privacy.com.xml
new file mode 100644
index 000000000000..6ffe1c4132d4
--- /dev/null
+++ b/src/chrome/content/rules/Respect_our_privacy.com.xml
@@ -0,0 +1,32 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://respectourprivacy.com/ => https://respectourprivacy.com/: (7, 'Failed to connect to respectourprivacy.com port 443: Connection refused')
+Fetch error: http://www.respectourprivacy.com/ => https://www.respectourprivacy.com/: (7, 'Failed to connect to www.respectourprivacy.com port 443: Connection refused')
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .respectourprivacy.com
+		- www.respectourprivacy.com
+
+-->
+<ruleset name="Respect our privacy.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="respectourprivacy.com" />
+	<target host="www.respectourprivacy.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.respectourprivacy\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+	<!--securecookie host="^www\.respectourprivacy\.com$" name="^_respect-our-privacy_session$" /-->
+
+	<securecookie host="^(?:www)?\.respectourprivacy\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Responsive.io.xml b/src/chrome/content/rules/Responsive.io.xml
new file mode 100644
index 000000000000..8eff0b7bdd79
--- /dev/null
+++ b/src/chrome/content/rules/Responsive.io.xml
@@ -0,0 +1,32 @@
+<!--
+	Nonfunctional subdomains:
+
+		- blog ¹
+		- web1 ²
+
+	¹ tumblr
+	² Dropped
+
+
+	Mixed content:
+
+		- Image on (www.) from src *
+
+	* Secured by us
+
+-->
+<ruleset name="responsive.io (partial)">
+
+	<target host="responsive.io" />
+	<target host="src.responsive.io" />
+	<target host="www.responsive.io" />
+
+
+	<!--	Not secured by server:
+					-->
+	<securecookie host="^(?:w*\.)?responsive\.io$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Responsys.com.xml b/src/chrome/content/rules/Responsys.com.xml
new file mode 100644
index 000000000000..00094e16b1d9
--- /dev/null
+++ b/src/chrome/content/rules/Responsys.com.xml
@@ -0,0 +1,31 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://responsys.com/index.php => https://www.oracle.com/marketingcloud/products/cross-channel/marketing-to-consumers.html: Too many redirects while fetching 'https://www.oracle.com/marketingcloud/products/cross-channel/marketing-to-consumers.html'
+Fetch error: http://responsys.com/ => https://www.oracle.com/marketingcloud/products/cross-channel/marketing-to-consumers.html: Too many redirects while fetching 'https://www.oracle.com/marketingcloud/products/cross-channel/marketing-to-consumers.html'
+Fetch error: http://www.responsys.com/ => https://www.oracle.com/marketingcloud/products/cross-channel/marketing-to-consumers.html: Too many redirects while fetching 'https://www.oracle.com/marketingcloud/products/cross-channel/marketing-to-consumers.html'
+
+	For other Oracle coverage, see Oracle.xml.
+
+
+	^responsys.com: Mismatched
+	www.responsys.com: Redirects to http
+
+-->
+<ruleset name="Responsys.com" default_off="failed ruleset test">
+
+	<!--	Complications:
+				-->
+	<target host="responsys.com" />
+	<target host="www.responsys.com" />
+
+
+	<!--	Redirect drops path, args,
+		and forward slash:
+					-->
+	<rule from="^http://(?:www\.)?responsys\.com/.*"
+		to="https://www.oracle.com/marketingcloud/products/cross-channel/marketing-to-consumers.html" />
+
+		<test url="http://responsys.com/index.php" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Responsys.xml b/src/chrome/content/rules/Responsys.xml
index 45c2b49846d3..d42ff4a0372d 100644
--- a/src/chrome/content/rules/Responsys.xml
+++ b/src/chrome/content/rules/Responsys.xml
@@ -1,8 +1,22 @@
-<ruleset name="Responsys (partial)">
+<!--
+	For other Oracle coverage, see Oracle.xml.
+
+
+	www: mismatched, CN: www.responsys.com
+
+
+	^responsys.net doesn't exist
+
+-->
+<ruleset name="Responsys.net (partial)">
 
 	<target host="*.responsys.net" />
 
-	<rule from="^http://policy([23])\.responsys\.net/"
-		to="https://policy$1.responsys.net/" />
+		<test url="http://policy5.responsys.net/permission.htm" />
+		<test url="http://policy5.responsys.net/privacy.htm" />
+
+
+	<rule from="^http://(static\.cdn|policy\d)\.responsys\.net/"
+		to="https://$1.responsys.net/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Restcountries.eu.xml b/src/chrome/content/rules/Restcountries.eu.xml
new file mode 100644
index 000000000000..a9e240a6c3a9
--- /dev/null
+++ b/src/chrome/content/rules/Restcountries.eu.xml
@@ -0,0 +1,5 @@
+<ruleset name="REST Countries">
+	<target host="restcountries.eu" />
+	<target host="www.restcountries.eu" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Restore_the_Fourth.xml b/src/chrome/content/rules/Restore_the_Fourth.xml
index 0156301d39ab..3a96bb23f58c 100644
--- a/src/chrome/content/rules/Restore_the_Fourth.xml
+++ b/src/chrome/content/rules/Restore_the_Fourth.xml
@@ -1,19 +1,25 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://restorethefourth.net/ => https://restorethefourth.net/: (7, 'Failed to connect to restorethefourth.net port 443: Connection refused')
+Fetch error: http://www.restorethefourth.net/ => https://www.restorethefourth.net/: (7, 'Failed to connect to www.restorethefourth.net port 443: Connection refused')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://restorethefourth.net/ => https://restorethefourth.net/: (51, "SSL: no alternative certificate subject name matches target host name 'restorethefourth.net'")
 	CDN buckets:
 
 		- restorethefourth.s3.amazonaws.com
 
 -->
-<ruleset name="Restore the Fourth">
+<ruleset name="Restore the Fourth" default_off="failed ruleset test">
 
 	<target host="restorethefourth.net" />
-	<target host="*.restorethefourth.net" />
+	<target host="www.restorethefourth.net" />
 
 
 	<securecookie host="^(?:www)?\.restorethefourth\.net$" name=".+" />
 
 
-	<rule from="^http://(www\.)?restorethefourth\.net/"
-		to="https://$1restorethefourth.net/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Resultspage.com.xml b/src/chrome/content/rules/Resultspage.com.xml
index 0f48917e14de..431d8e2a93d0 100644
--- a/src/chrome/content/rules/Resultspage.com.xml
+++ b/src/chrome/content/rules/Resultspage.com.xml
@@ -1,30 +1,36 @@
 <!--
-	For other SLI Systems coverage, see SLI-Systems.xml.
+	For other SLI Systems coverage, see SLI-Systems.com.xml.
+	There are too much hosts to list them all.
 
+	Mismatched:
+		^resultspage.com
 
-	Nonfunctional domains:
+	Not exist:
+		www.resultspage.com
 
-		- (www.)resultsdemo.com		(redirects to http, valid cert)
-		- (www.)resultspage.com		(mismatched, CN: *.resultsdemo.com)
-		- sli-systems.resultspage.com	(redirects to site-search.sli-systems.com, with or without https)
+	Different http/https content:
+		boden.resultspage.com
+		cbs.resultspage.com
+		footwearetc.resultspage.com
 
+	MCB:
+		filtersfast.resultspage.com
 
-	Fully covered resultspage.com subdomains:
-
-		- assets
-		- \w+		(per-client subdomains)
-
+	Redirects to http:
+		lenovo-outlet.resultspage.com
 -->
-<ruleset name="resultspage.com (partial)">
-
-	<target host="*.resultspage.com" />
-		<exclusion pattern="^http://www\." />
-
-
-	<securecookie host="^.+\.resultspage\.com$" name=".+" />
-
-
-	<rule from="^http://([\w-]+)\.resultspage\.com/"
-		to="https://$1.resultspage.com/" />
-
+<ruleset name="Resultspage.com (partial)">
+	<target host="assets.resultspage.com" />
+		<test url="http://assets.resultspage.com/logos/sli_logo_2014.png" />
+	<target host="bocabearings.resultspage.com" />
+	<target host="discovery.resultspage.com" />
+	<target host="etundra.resultspage.com" />
+	<target host="itvsn.resultspage.com" />
+	<target host="poolandspawarehouse.resultspage.com" />
+	<target host="sli-systems.resultspage.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
 </ruleset>
+
diff --git a/src/chrome/content/rules/Resurs.se.xml b/src/chrome/content/rules/Resurs.se.xml
index 1fcbe4c82420..34900f9c267d 100644
--- a/src/chrome/content/rules/Resurs.se.xml
+++ b/src/chrome/content/rules/Resurs.se.xml
@@ -2,5 +2,5 @@
   <target host="resurs.se" />
   <target host="www.resurs.se" />
 
-  <rule from="^http://(?:www\.)?resurs\.se/" to="https://www.resurs.se/" />
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Resus.org.uk.xml b/src/chrome/content/rules/Resus.org.uk.xml
new file mode 100644
index 000000000000..cdf8ad756980
--- /dev/null
+++ b/src/chrome/content/rules/Resus.org.uk.xml
@@ -0,0 +1,35 @@
+<!--
+	^resus.org.uk: Loops
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.resus.org.uk
+
+-->
+<ruleset name="Resus.org.uk">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="lms.resus.org.uk" />
+	<target host="www.resus.org.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="resus.org.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.resus\.org\.uk$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^www\.resus\.org\.uk$" name=".+" />
+
+
+	<rule from="^http://resus\.org\.uk/"
+		to="https://www.resus.org.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Retail-Link.gr.xml b/src/chrome/content/rules/Retail-Link.gr.xml
new file mode 100644
index 000000000000..a45116386467
--- /dev/null
+++ b/src/chrome/content/rules/Retail-Link.gr.xml
@@ -0,0 +1,23 @@
+<!--
+	^: mismatched
+
+
+	Fully covered subdomains:
+
+		- (www.)?	(^ → www)
+		- e-invoicing
+
+-->
+<ruleset name="Retail-Link.gr">
+
+	<target host="retail-link.gr" />
+	<target host="www.retail-link.gr" />
+	<target host="e-invoicing.retail-link.gr" />
+
+
+	<rule from="^http://(?:www\.)?retail-link\.gr/"
+		to="https://www.retail-link.gr/" />
+
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/RetailMeNot.com.xml b/src/chrome/content/rules/RetailMeNot.com.xml
new file mode 100644
index 000000000000..040c9036b891
--- /dev/null
+++ b/src/chrome/content/rules/RetailMeNot.com.xml
@@ -0,0 +1,21 @@
+<!--
+	Note: This site blocks Tor users.
+
+	CDN buckets:
+	- rmncdn.com.edgesuite.net
+		- o.rmncdn.com
+
+	Problematic subdomains:
+	- help.retailmenot.com      mismatched
+	- investor.retailmenot.com  refused
+	- o                         valid HTTPS, Whitelabel Error Page.
+-->
+
+<ruleset name="RetailMeNot.com">
+	<target host="retailmenot.com" />
+	<target host="www.retailmenot.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"	to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Retail_Sails.xml b/src/chrome/content/rules/Retail_Sails.xml
index 88153e2baad1..9b7e0b8c6b23 100644
--- a/src/chrome/content/rules/Retail_Sails.xml
+++ b/src/chrome/content/rules/Retail_Sails.xml
@@ -1,14 +1,17 @@
-<ruleset name="Retail Sails (partial)">
 
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://retailsails.com/ => https://retailsails.com/: (7, 'Failed to connect to retailsails.com port 443: Connection refused')
+Fetch error: http://www.retailsails.com/ => https://retailsails.com/: (7, 'Failed to connect to retailsails.com port 443: Connection refused')
+
+	Mismatch:
+	- www.retailsails.com
+	- blog.retailsails.com
+-->
+<ruleset name="Retail Sails" default_off="failed ruleset test">
 	<target host="retailsails.com" />
 	<target host="www.retailsails.com" />
-		<!--
-			Redirects to http.
-						-->
-		<exclusion pattern="^https?://www\.retailsails\.com/index\.php(?:$|\?)" />
-
-
-	<rule from="^https?://(www\.)?retailsails.com/"
-		to="https://$1retailsails.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http://www\.retailsails\.com/" to="https://retailsails.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/RetractionWatch.com.xml b/src/chrome/content/rules/RetractionWatch.com.xml
new file mode 100644
index 000000000000..aa927890b933
--- /dev/null
+++ b/src/chrome/content/rules/RetractionWatch.com.xml
@@ -0,0 +1,19 @@
+<!--
+	Weak cipher:
+		www.retractionwatch.com
+
+-->
+<ruleset name="Retraction Watch">
+
+	<target host="retractionwatch.com" />
+	<target host="www.retractionwatch.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://www\.retractionwatch\.com/"
+		to="https://retractionwatch.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Retravision.com.au.xml b/src/chrome/content/rules/Retravision.com.au.xml
new file mode 100644
index 000000000000..0335c1421ebd
--- /dev/null
+++ b/src/chrome/content/rules/Retravision.com.au.xml
@@ -0,0 +1,24 @@
+<!--
+	Non-functional subdomains:
+		- catalogues	(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Retravision">
+
+	<target host="retravision.com.au" />
+	<target host="www.retravision.com.au" />
+	<target host="clearance.retravision.com.au" />
+	<target host="commercial.retravision.com.au" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Retriever-Info.com.xml b/src/chrome/content/rules/Retriever-Info.com.xml
new file mode 100644
index 000000000000..3bd8b1cf1422
--- /dev/null
+++ b/src/chrome/content/rules/Retriever-Info.com.xml
@@ -0,0 +1,20 @@
+<!--
+	No working URL known:
+		ret-tool.retriever-info.com
+
+	Invalid certificate:
+		error.retriever-info.com
+
+-->
+<ruleset name="Retriever-Info.com">
+
+	<target host="retriever-info.com" />
+	<target host="www.retriever-info.com" />
+	<target host="web.retriever-info.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/RetroFestive.ca.xml b/src/chrome/content/rules/RetroFestive.ca.xml
index d24d0554370e..aae042f85b2e 100644
--- a/src/chrome/content/rules/RetroFestive.ca.xml
+++ b/src/chrome/content/rules/RetroFestive.ca.xml
@@ -1,13 +1,12 @@
 <ruleset name="RetroFestive.ca">
 
 	<target host="retrofestive.ca" />
-	<target host="*.retrofestive.ca" />
+	<target host="www.retrofestive.ca" />
 
 
 	<securecookie host="^\.retrofestive\.ca$" name=".+" />
 
 
-	<rule from="^http://(www\.)?retrofestive\.ca/"
-		to="https://$1retrofestive.ca/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/RetroUSB.com.xml b/src/chrome/content/rules/RetroUSB.com.xml
new file mode 100644
index 000000000000..9af0b3bf4044
--- /dev/null
+++ b/src/chrome/content/rules/RetroUSB.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="RetroUSB.com">
+
+	<target host="retrousb.com" />
+	<target host="www.retrousb.com" />
+
+
+	<securecookie host="^\.retrousb\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Retronaut.com.xml b/src/chrome/content/rules/Retronaut.com.xml
index 01b04ce24a57..b00c3b1cd90f 100644
--- a/src/chrome/content/rules/Retronaut.com.xml
+++ b/src/chrome/content/rules/Retronaut.com.xml
@@ -2,16 +2,16 @@
 	Mixed web bug from yarpp.org.
 
 -->
-<ruleset name="Retronaut.com">
+<ruleset name="Retronaut.com" default_off="mismatched">
 
 	<target host="retronaut.com" />
-	<target host="*.retronaut.com" />
+	<target host="www.retronaut.com" />
 
 
-	<securecookie host="^\.retronaut\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(www\.)?retronaut\.com/"
-		to="https://$1retronaut.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Retsinformation.dk.xml b/src/chrome/content/rules/Retsinformation.dk.xml
new file mode 100644
index 000000000000..508808c173f3
--- /dev/null
+++ b/src/chrome/content/rules/Retsinformation.dk.xml
@@ -0,0 +1,43 @@
+<!--
+	^retsinformation.dk: Reset
+
+
+	Fully covered hosts in *retsinformation.dk:
+
+		- (www.)?	(^ → www)
+		- services
+		- mobile.services
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.retsinformation.dk
+
+-->
+<ruleset name="retsinformation.dk">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="services.retsinformation.dk" />
+	<target host="mobile.services.lovtidende.dk" />
+	<target host="www.retsinformation.dk" />
+
+	<!--	Complications:
+				-->
+	<target host="retsinformation.dk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.retsinformation\.dk$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^www\.retsinformation\.dk$" name=".+" />
+
+
+	<rule from="^http://retsinformation\.dk/"
+		to="https://www.retsinformation.dk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Rettighedsalliancen.dk.xml b/src/chrome/content/rules/Rettighedsalliancen.dk.xml
new file mode 100644
index 000000000000..24786aaddac5
--- /dev/null
+++ b/src/chrome/content/rules/Rettighedsalliancen.dk.xml
@@ -0,0 +1,9 @@
+<ruleset name="Rettighedsalliancen.dk">
+
+	<target host="rettighedsalliancen.dk" />
+	<target host="www.rettighedsalliancen.dk" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Return-to-the-Roots.xml b/src/chrome/content/rules/Return-to-the-Roots.xml
index ed191461594d..f77e82a5a9ce 100644
--- a/src/chrome/content/rules/Return-to-the-Roots.xml
+++ b/src/chrome/content/rules/Return-to-the-Roots.xml
@@ -1,14 +1,45 @@
-<ruleset name="Return to the Roots" default_off="self-signed">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://bugs.siedler25.org/ => https://bugs.siedler25.org/: (6, 'Could not resolve host: bugs.siedler25.org')
+Fetch error: http://packages.siedler25.org/ => https://packages.siedler25.org/: (6, 'Could not resolve host: packages.siedler25.org')
+
+	Insecure cookies are set for these hosts:
+
+		- siedler25.org
+		- debug.siedler25.org
+		- www.siedler25.org
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- (www.)?, debug from picload.org ˢ
+			- (www.)?, debug from img[12].picload.org ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="Siedler 25.org" default_off="failed ruleset test">
 
 	<target host="siedler25.org" />
+	<target host="bugs.siedler25.org" />
+	<target host="debug.siedler25.org" />
+	<target host="forum.siedler25.org" />
+	<target host="packages.siedler25.org" />
+	<target host="svn.siedler25.org" />
 	<target host="www.siedler25.org" />
 
 
-	<securecookie host="^www\.siedler25\.org$" name=".*" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:debug\.|www\.)?siedler25\.org$" name="^(?:PHPSESSID|lang)$" /-->
+
+	<securecookie host="^\w" name=".+" />
 
 
-	<!--	Cert doesn't match !www.	-->
-	<rule from="^http://(?:www\.)?siedler25\.org/"
-		to="https://www.siedler25.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Return_Path.net.xml b/src/chrome/content/rules/Return_Path.net.xml
new file mode 100644
index 000000000000..6d5410859a08
--- /dev/null
+++ b/src/chrome/content/rules/Return_Path.net.xml
@@ -0,0 +1,49 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.returnpath.net/ => https://www.returnpath.net/: (51, "SSL: no alternative certificate subject name matches target host name 'www.returnpath.net'")
+Fetch error: http://returnpath.net/ => https://www.returnpath.net/: (51, "SSL: no alternative certificate subject name matches target host name 'www.returnpath.net'")
+
+	For other Return Path coverage, see SenderScore.org.xml
+
+
+	^returnpath.net: Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- monitor.returnpath.net
+		- monitor1.returnpath.net
+		- monitor2.returnpath.net
+
+-->
+<ruleset name="Return Path.net" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="monitor.returnpath.net" />
+	<target host="monitor1.returnpath.net" />
+	<target host="monitor2.returnpath.net" />
+	<target host="static.returnpath.net" />
+	<target host="support.returnpath.net" />
+	<target host="www.returnpath.net" />
+
+	<!--	Complications:
+				-->
+	<target host="returnpath.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^monitor[12]?\.returnpath\.net$" name="^BIGipServer[\w-]+$" /-->
+
+	<securecookie host="^monitor[12]?\.returnpath\.net$" name=".+" />
+
+
+	<rule from="^http://returnpath\.net/"
+		to="https://www.returnpath.net/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Reussissonsensemble.fr.xml b/src/chrome/content/rules/Reussissonsensemble.fr.xml
deleted file mode 100644
index 27463342fb0a..000000000000
--- a/src/chrome/content/rules/Reussissonsensemble.fr.xml
+++ /dev/null
@@ -1,34 +0,0 @@
-<!--
-	Ads.
-
-	For other Sedo coverage, see Sedo.com.xml.
-
-
-	Problematic subdomains:
-
-		- (www.)	(works; mismatched, CN: *.affili.net)
-
-
-	Fully covered subdomains:
-
-		- banniere
-		- clic
-
--->
-<ruleset name="reussissonsensemble.fr (partial)">
-
-	<target host="*.reussissonsensemble.fr" />
-
-
-	<securecookie host="^clic\.reussissonsensemble\.fr$" name=".+" />
-
-
-	<!--	Destination redirects to http:
-						-->
-	<!--rule from="^http://(?:www\.)?reussissonsensemble\.fr/"
-		to="https://www.affili.net/de/desktopdefault.aspx" /-->
-
-	<rule from="^http://(banniere|clic)\.reussissonsensemble\.fr/"
-		to="https://$1.reussissonsensemble.fr/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Reuters.com.xml b/src/chrome/content/rules/Reuters.com.xml
index 88dcb20ec4d5..cb401b873a09 100644
--- a/src/chrome/content/rules/Reuters.com.xml
+++ b/src/chrome/content/rules/Reuters.com.xml
@@ -8,7 +8,6 @@
 
 		- static.reuters.com.edgesuite.net
 
-			- a1768.g.akamai.net
 			- s[1-4]
 
 		- g3.us.reuters.com.edgesuite.net
@@ -18,74 +17,93 @@
 		- yospace-cds1.reuters.com.edgesuite.net
 
 
-	Nonfunctional reuters.com subdomains:
+	Nonfunctional domains:
+
+		- reuters.com subdomains:
+
+			- @ *
+			- blogs *
+			- alerts.us **
+			- funds.us **
+			- portfolio.us **
+			- sales **
+			- static ⁴
+			- stockscreener.us **
+			- yospace-cds1 ³
+			- js.www *
+
 
-		- blogs *
-		- alerts.us **
-		- funds.us **
-		- portfolio.us **
-		- stockscreener.us **
-		- yospace-cds1		(503, akamai)
-		- js.www *
 
 	* Dropped
 	** Refused
 
+	² Redirects to http
+	³ 503, akamai
+	⁴ 504, akamai
 
-	Problematic domains:
 
-		- reuters.com			(redirects to http, CN: localhost.localdomain)
-		- mediacdn.reuters.com *
-		- static.reuters.com *
-		- www.reuters.com		(redirects to http, akamai)
-		- s[1-4].reutersmedia.net *
-		- reut.rs			(dropped)
+	Problematic hosts in *reuters.com:
 
-	* Works, akamai
+		- live ᵐ
+		- mobile.reuters.com ᵐ
+		- mediacdn
+		- mediaexpress ᵐ
 
+	ᵐ Mismatched
 
-	Partially covered domains:
 
-		- (www.)reuters.com		(→ akamai)
-		- static.reuters.com		(→ akamai)
-		- s[1-4].reutersmedia.net	(→ akamai)
+	Insecure cookies are set for these hosts: ᶜ
 
+		- customers.reuters.com
+		- pictures.reuters.com
 
-	Fully covered domains:
-
-		- mediacdn.reuters.com		(→ akamai)
-		- commerce.us.reuters.com
-		- reut.rs			(→ bit.ly)
+	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
 <ruleset name="Reuters.com (partial)">
 
 	<target host="reuters.com" />
-	<target host="*.reuters.com" />
-	<target host="*.reutersmedia.net" />
-		<!--
-			Causes resources to be fetched from akamai.net/$
-										-->
-		<exclusion pattern="^http://s(?:tatic\.reuters\.com|\d\.reutersmedia\.net)/resources_v2/css/" />
-	<target host="reut.rs" />
-
-
-	<rule from="^http://(?:www\.)?reuters\.com/favicon.ico"
-		to="https://a248.e.akamai.net/f/1768/1/g/s1.reutersmedia.net/resources/images/favicon.ico" />
-
-	<rule from="^http://(?:www\.)?reuters\.com/(resources/(?:images|media)|resources_v2/(?:images|js|media))/"
-		to="https://a248.e.akamai.net/f/1768/1/g/s1.reutersmedia.net/$1/" />
-
-	<rule from="^http://mediacdn\.reuters\.com/"
-		to="https://a248.e.akamai.net/f/1158/1/g/mediacdn.reuters.com/" />
-
-	<rule from="^http://commerce\.us\.reuters\.com/"
-		to="https://commerce.us.reuters.com/" />
-
-	<rule from="^http://s(tatic\.reuters\.com|\d\.reutersmedia\.net)/"
-		to="https://a248.e.akamai.net/f/1768/1/g/s$1/" />
-
-	<rule from="^http://reut\.rs/"
-		to="https://bit.ly/" />
-
-</ruleset>
\ No newline at end of file
+	<target host="www.reuters.com" />
+	<target host="af.reuters.com" />
+	<target host="agency.reuters.com" />
+	<target host="ar.reuters.com" />
+	<target host="ara.reuters.com" />
+	<target host="br.reuters.com" />
+	<target host="ca.reuters.com" />
+	<target host="cn.reuters.com" />
+	<target host="commerce.reuters.com" />
+	<target host="customers.reuters.com" />
+	<target host="de.reuters.com" />
+	<target host="es.reuters.com" />
+	<target host="fr.reuters.com" />
+	<target host="in.reuters.com" />
+	<target host="it.reuters.com" />
+	<target host="jp.reuters.com" />
+	<target host="lta.reuters.com" />
+	<target host="mx.reuters.com" />
+	<target host="pictures.reuters.com" />
+	<target host="ru.reuters.com" />
+	<target host="uk.reuters.com" />
+	<target host="widerimage.reuters.com" />
+	<target host="s1.reutersmedia.net" />
+	<target host="s2.reutersmedia.net" />
+	<target host="s3.reutersmedia.net" />
+	<target host="s4.reutersmedia.net" />
+
+		<!--	$ 404,s so:
+					-->
+		<test url="http://commerce.reuters.com/agencyaccess/signIn.do" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^customers\.reuters\.com$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^pictures\.reuters\.com$" name="^(?:ASP\.NET_SessionId|CorexLanguageRTR)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://reuters\.com/" to="https://www.reuters.com/" />
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Rev.com.xml b/src/chrome/content/rules/Rev.com.xml
new file mode 100644
index 000000000000..e368cfcc6e48
--- /dev/null
+++ b/src/chrome/content/rules/Rev.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- www.rev.com
+
+-->
+<ruleset name="Rev.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="rev.com" />
+	<target host="www.rev.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.rev\.com$" name="^AWSELB$" /-->
+
+	<securecookie host="^www\.rev\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Rev2pub.com.xml b/src/chrome/content/rules/Rev2pub.com.xml
deleted file mode 100644
index 350302f810b7..000000000000
--- a/src/chrome/content/rules/Rev2pub.com.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	For other Matomy coverage, see Matomy-Media.xml.
-
-
-	CDN buckets:
-
-		- d1col0l9yjljr0.cloudfront.net
-
-			- creative
-
--->
-<ruleset name="rev2pub.com">
-
-	<target host="creative.rev2pub.com" />
-
-
-	<rule from="^http://creative\.rev2pub\.com/"
-		to="https://d1col0l9yjljr0.cloudfront.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/RevResponse.com.xml b/src/chrome/content/rules/RevResponse.com.xml
index 9cac31df2c35..dae5a2d54737 100644
--- a/src/chrome/content/rules/RevResponse.com.xml
+++ b/src/chrome/content/rules/RevResponse.com.xml
@@ -2,7 +2,13 @@
 	For other NetLine coverage, see Netline.com.xml.
 
 
+	Problematic subdomains:
+
 	Cert only matches *.revresponse.com
+		- img ²
+
+	² Mismatched, CN: *.tradepub.com
+
 
 
 	Mixed content:
@@ -23,7 +29,6 @@
 	<target host="www.revresponse.com" />
 
 
-	<rule from="^http://(?:www\.)?revresponse\.com/"
-		to="https://www.revresponse.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Reveal_News.org.xml b/src/chrome/content/rules/Reveal_News.org.xml
new file mode 100644
index 000000000000..8b4d4523bb7b
--- /dev/null
+++ b/src/chrome/content/rules/Reveal_News.org.xml
@@ -0,0 +1,22 @@
+<!--
+	^revealnews.org: Refused
+
+-->
+<ruleset name="Reveal News.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.revealnews.org" />
+
+	<!--	Complications:
+				-->
+	<target host="revealnews.org" />
+
+
+	<rule from="^http://revealnews\.org/"
+		to="https://www.revealnews.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/RevenuQuebec.ca.xml b/src/chrome/content/rules/RevenuQuebec.ca.xml
new file mode 100644
index 000000000000..09f759fb0a4e
--- /dev/null
+++ b/src/chrome/content/rules/RevenuQuebec.ca.xml
@@ -0,0 +1,15 @@
+<!--
+	Subdomains other than ^ and www do not listen on port 80.
+
+	HTTP =/= HTTPS:
+		- ^
+-->
+<ruleset name="RevenuQuebec.ca">
+	<target host="revenuquebec.ca" />
+	<target host="www.revenuquebec.ca" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://revenuquebec\.ca/" to="https://www.revenuquebec.ca/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ReverbNation.com.xml b/src/chrome/content/rules/ReverbNation.com.xml
new file mode 100644
index 000000000000..7b17045cf49c
--- /dev/null
+++ b/src/chrome/content/rules/ReverbNation.com.xml
@@ -0,0 +1,35 @@
+<!--
+	Nonfunctional hosts in *reverbnation.com:
+
+		- blog ¹
+		- corporate ¹
+		- help ²
+
+	¹ WP Engine
+	² Zendesk
+
+
+	Insecure cookies are set for these domains:
+
+		- .reverbnation.com
+
+-->
+<ruleset name="ReverbNation.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="reverbnation.com" />
+	<target host="www.reverbnation.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.reverbnation\.com$" name="^_reverbnation_session$" /-->
+
+	<securecookie host="^\.reverbnation\.com$" name="^_reverbnation_session$" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Review_Board.org.xml b/src/chrome/content/rules/Review_Board.org.xml
new file mode 100644
index 000000000000..1d237a022aea
--- /dev/null
+++ b/src/chrome/content/rules/Review_Board.org.xml
@@ -0,0 +1,36 @@
+<!--
+	For other Beanbag, Inc coverage, see Beanbag_Inc.com.xml.
+
+
+	Nonfunctional subdomains:
+
+		- (www.) *
+
+	* Refused
+
+
+	Problematic subdomains:
+
+		- demo *
+
+	* Works; mismatched, CN: reviews.reviewboard.org
+
+
+	These altnames don't exist:
+
+		- www.reviews.reviewboard.org
+
+-->
+<ruleset name="Review Board.org (partial)">
+
+	<target host="reviews.reviewboard.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<securecookie host="^reviews\.reviewboard\.org$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Reviewing_Comics.xml b/src/chrome/content/rules/Reviewing_Comics.xml
index 835a8b0403f9..894ad1c4ecbd 100644
--- a/src/chrome/content/rules/Reviewing_Comics.xml
+++ b/src/chrome/content/rules/Reviewing_Comics.xml
@@ -1,13 +1,12 @@
 <ruleset name="Reviewing Comics">
 
 	<target host="reviewingcomics.com" />
-	<target host="*.reviewingcomics.com" />
+	<target host="www.reviewingcomics.com" />
 
 
 	<securecookie host="^(?:www)?\.reviewingcomics\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?reviewingcomics\.com/"
-		to="https://$1reviewingcomics.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Revision3.xml b/src/chrome/content/rules/Revision3.xml
deleted file mode 100644
index 13d6b0355c72..000000000000
--- a/src/chrome/content/rules/Revision3.xml
+++ /dev/null
@@ -1,32 +0,0 @@
-<!--
-	CDN buckets:
-
-		- revision3-pc-ssl.bitgravity.com
-
-
-	Problematic domains:
-
-		- statics.revision3.com
-
-
-	Nonfunctional domains:
-
-		- videos.revision3.com
-
--->
-<ruleset name="Revision3 (partial)">
-
-	<target host="revision3.com" />
-	<target host="*.revision3.com" />
-
-
-	<securecookie host="^\.revision3\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?revision3\.com/"
-		to="https://$1revision3.com/" />
-
-	<rule from="^https?://statics\.revision3\.com/"
-		to="https://revision3-pc-ssl.bitgravity.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Revisium.com.xml b/src/chrome/content/rules/Revisium.com.xml
new file mode 100644
index 000000000000..7793cec8ff92
--- /dev/null
+++ b/src/chrome/content/rules/Revisium.com.xml
@@ -0,0 +1,27 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- revisium.com
+		- www.revisium.com
+
+-->
+<ruleset name="Revisium.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="revisium.com" />
+	<target host="www.revisium.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^revisium\.com$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^(?:www\.)?revisium\.com$" name="^uid_\w+$" /-->
+
+	<securecookie host="^(?:www\.)?revisium\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Revolet.xml b/src/chrome/content/rules/Revolet.xml
index bdb8e85fb07e..cbe3a196e1ad 100644
--- a/src/chrome/content/rules/Revolet.xml
+++ b/src/chrome/content/rules/Revolet.xml
@@ -1,13 +1,15 @@
-<ruleset name="Revolet">
+<ruleset name="Revolet.com" default_off="521">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="revolet.com" />
-	<target host="*.revolet.com" />
+	<target host="www.revolet.com" />
 
 
-	<securecookie host="^(?:.*\.)?revolet\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(www\.)?revolet\.com/"
-		to="https://$1revolet.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Revolt_Games.xml b/src/chrome/content/rules/Revolt_Games.xml
index fe963fe8feff..9e83b00fdc69 100644
--- a/src/chrome/content/rules/Revolt_Games.xml
+++ b/src/chrome/content/rules/Revolt_Games.xml
@@ -1,4 +1,14 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://revoltgames.com/ => https://www.revoltgames.com/: (28, 'Connection timed out after 20006 milliseconds')
+
+-->
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://revoltgames.com/ => https://www.revoltgames.com/: Too many redirects while fetching 'https://www.revoltgames.com/'
+
 	Nonfunctional subdomains:
 
 		- blog	(shows blank page; mismatched, CN: *.secure-secure.co.uk)
@@ -9,10 +19,10 @@
 		- ^	(shows blank page)
 
 -->
-<ruleset name="Revolt Games (partial)">
+<ruleset name="Revolt Games (partial)" default_off="failed ruleset test">
 
 	<target host="revoltgames.com" />
-	<target host="*.revoltgames.com" />
+	<target host="www.revoltgames.com" />
 
 
 	<securecookie host="^\.revoltgames\.com$" name=".+" />
@@ -21,4 +31,4 @@
 	<rule from="^http://(?:www\.)?revoltgames\.com/"
 		to="https://www.revoltgames.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/RevolutionPermanente.fr.xml b/src/chrome/content/rules/RevolutionPermanente.fr.xml
new file mode 100644
index 000000000000..c86cf87c1c7e
--- /dev/null
+++ b/src/chrome/content/rules/RevolutionPermanente.fr.xml
@@ -0,0 +1,8 @@
+<ruleset name="Révolution Permanente">
+
+	<target host="revolutionpermanente.fr" />
+	<target host="www.revolutionpermanente.fr" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Revolutiontt.me.xml b/src/chrome/content/rules/Revolutiontt.me.xml
new file mode 100644
index 000000000000..461f8b83f1bd
--- /dev/null
+++ b/src/chrome/content/rules/Revolutiontt.me.xml
@@ -0,0 +1,8 @@
+<ruleset name="Revolutiontt.me">
+	<target host="revolutiontt.me" />
+	<target host="www.revolutiontt.me" />
+	<target host="m.revolutiontt.me" />
+	<target host="img.revolutiontt.me" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Revolutionwifi.net.xml b/src/chrome/content/rules/Revolutionwifi.net.xml
new file mode 100644
index 000000000000..60491aa95871
--- /dev/null
+++ b/src/chrome/content/rules/Revolutionwifi.net.xml
@@ -0,0 +1,6 @@
+<ruleset name="Revolutionwifi.net">
+	<target host="revolutionwifi.net" />
+	<target host="www.revolutionwifi.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Revosec.xml b/src/chrome/content/rules/Revosec.xml
deleted file mode 100644
index 687558a942d0..000000000000
--- a/src/chrome/content/rules/Revosec.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<ruleset name="revosec">
-
-	<target host="revosec.ch" />
-	<target host="www.revosec.ch" />
-
-
-	<securecookie host="^www\.revosec\.ch$" name=".*" />
-
-
-	<!--	Cert doesn't match !www.	-->
-	<rule from="^http://(?:www\.)?revosec\.ch/"
-		to="https://www.revosec.ch/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Revstr.com.xml b/src/chrome/content/rules/Revstr.com.xml
new file mode 100644
index 000000000000..0835e5b37ad9
--- /dev/null
+++ b/src/chrome/content/rules/Revstr.com.xml
@@ -0,0 +1,37 @@
+<!--
+	For other Envoy Media Group coverage, see Envoy_Media_Group.com.xml.
+
+
+	^revstr.com: Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.revstr.com
+
+-->
+<ruleset name="Revstr.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.revstr.com" />
+
+	<!--	Complications:
+				-->
+	<target host="revstr.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.revstr\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^www\.revstr\.com$" name=".+" />
+
+
+	<rule from="^http://revstr\.com/"
+		to="https://www.revstr.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Reynir.dk.xml b/src/chrome/content/rules/Reynir.dk.xml
new file mode 100644
index 000000000000..7b0fb24eaf83
--- /dev/null
+++ b/src/chrome/content/rules/Reynir.dk.xml
@@ -0,0 +1,13 @@
+<!--
+    Problematic domains:
+        - paste ¹
+    ¹: Mismatch
+-->
+<ruleset name="Reynir.dk">
+    <target host="reynir.dk" />
+    <target host="www.reynir.dk" />
+    <target host="reyn.ir" />
+    <target host="www.reyn.ir" />
+
+    <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/RezTrip.xml b/src/chrome/content/rules/RezTrip.xml
index ef6f8a026aba..de9e22daa744 100644
--- a/src/chrome/content/rules/RezTrip.xml
+++ b/src/chrome/content/rules/RezTrip.xml
@@ -4,11 +4,10 @@
 	<target host="www.reztrip.com"/>
 
 
-	<securecookie host="^www\.reztrip\.com$" name=".*"/>
+	<securecookie host="^www\.reztrip\.com$" name=".+" />
 
 
 	<!--	Cert doesn't match !www.	-->
-	<rule from="^http://(?:www\.)?reztrip\.com/"
-		to="https://www.reztrip.com/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Rfecom.com.xml b/src/chrome/content/rules/Rfecom.com.xml
new file mode 100644
index 000000000000..5b75a455fd39
--- /dev/null
+++ b/src/chrome/content/rules/Rfecom.com.xml
@@ -0,0 +1,21 @@
+<!--
+	^rfecom.com doesn't exist.
+
+
+	www: reset
+
+-->
+<ruleset name="rfecom.com (partial)">
+
+	<target host="*.rfecom.com" />
+
+
+	<rule from="^http://ch03\.rfecom\.com/"
+		to="https://ch03.rfecom.com/" />
+
+	<!--	First redirect keeps args, second drops:
+							-->
+	<rule from="^http://www\.rfecom\.com/+(?:$|\?.*)"
+		to="https://www.myoptimizerplus.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Rfihub.com.xml b/src/chrome/content/rules/Rfihub.com.xml
index d72a0bd1dbd3..04b1b28388e1 100644
--- a/src/chrome/content/rules/Rfihub.com.xml
+++ b/src/chrome/content/rules/Rfihub.com.xml
@@ -4,16 +4,27 @@
 		- a
 		- p
 
+
+	Insecure cookies are set for these domains:
+
+		- .rfihib.com
+
 -->
 <ruleset name="rfihub.com">
 
 	<target host="*.rfihub.com" />
 
+		<test url="http://p.rfihub.com/cm" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.rfihub\.com$" name="^(ac|b|cav|cmd|e|eud|euds|f|hl|rud|ruds|u)$" /-->
 
-	<securecookie host="^\.rfihub\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(\w+)\.rfihub\.com/"
-		to="https://$1.rfihub.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/RfxN.com.xml b/src/chrome/content/rules/RfxN.com.xml
new file mode 100644
index 000000000000..98a5b339cc71
--- /dev/null
+++ b/src/chrome/content/rules/RfxN.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="RfxN.com">
+
+	<target host="rfxn.com" />
+	<target host="www.rfxn.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/RhB.xml b/src/chrome/content/rules/RhB.xml
new file mode 100644
index 000000000000..14e95c930280
--- /dev/null
+++ b/src/chrome/content/rules/RhB.xml
@@ -0,0 +1,24 @@
+<!--
+	Redirect issues:
+		- beta.rhb.ch
+
+	Refused:
+		- apps.rhb.ch
+		- erben.rhb.ch
+
+	Invalid or untrusted cert:
+		- albulatunnel.rhb.ch
+		- contura.rhb.ch
+		- lernexpress.rhb.ch
+		- www.lernexpress.rhb.ch
+		- promo.rhb.ch
+-->
+<ruleset name="RhB.ch">
+	<target host="rhb.ch"/>
+	<target host="www.rhb.ch"/>
+	<target host="elearning.rhb.ch"/>
+	<target host="opendata.rhb.ch"/>
+
+	<rule from="^http:"
+		to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/Rhapsody.xml b/src/chrome/content/rules/Rhapsody.xml
index fc6f8da352d8..28457bf26a3a 100644
--- a/src/chrome/content/rules/Rhapsody.xml
+++ b/src/chrome/content/rules/Rhapsody.xml
@@ -1,10 +1,23 @@
-<ruleset name="Rhapsody" default_off="mismatch">
+<!--
+	Other Rhapsody International rulesets:
+
+		- napster.com.xml
+
+
+	Nonfunctional hosts in *rhapsody.com:
+
+		- news ⁴
+
+	⁴ 404
+
+-->
+<ruleset name="Rhapsody.com" default_off="mismatched">
 
 	<!--	Akamai	-->
 	<target host="rhapsody.com" />
 	<target host="www.rhapsody.com" />
 
-    
+
 	<rule from="^http://(?:www\.)?rhapsody\.com/"
 		to="https://www.rhapsody.com/" />
 
diff --git a/src/chrome/content/rules/Rhein-neckar-loewen.de.xml b/src/chrome/content/rules/Rhein-neckar-loewen.de.xml
new file mode 100644
index 000000000000..ed17677d5334
--- /dev/null
+++ b/src/chrome/content/rules/Rhein-neckar-loewen.de.xml
@@ -0,0 +1,6 @@
+<ruleset name="Rhein-neckar-loewen.de">
+  <target host="rhein-neckar-loewen.de" />
+  <target host="www.rhein-neckar-loewen.de" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Rheinland-Reporter.xml b/src/chrome/content/rules/Rheinland-Reporter.xml
deleted file mode 100644
index 61e15d5a2b20..000000000000
--- a/src/chrome/content/rules/Rheinland-Reporter.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="Rheinland Reporter" default_off="self-signed">
-
-	<!--	cert:	webserver.ispgateway.de	-->
-	<target host="rheinland24.info"/>
-	<target host="www.rheinland24.info"/>
-
-	<securecookie host="^rheinland24\.info$" name=".*"/>
-
-	<rule from="^http://(?:www\.)?rheinland24\.info/"
-		to="https://rheinland24.info/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Rheinpfalz.de.xml b/src/chrome/content/rules/Rheinpfalz.de.xml
new file mode 100644
index 000000000000..3d80582509ac
--- /dev/null
+++ b/src/chrome/content/rules/Rheinpfalz.de.xml
@@ -0,0 +1,23 @@
+<!--
+	Mixed content blocking:
+		epaper.rheinpfalz.de
+
+-->
+
+<ruleset name="Rheinpfalz.de (partial)">
+	<target host="rheinpfalz.de" />
+	<target host="www.rheinpfalz.de" />
+	<target host="bewegtebilder.rheinpfalz.de" />
+	<target host="gottesdienste.rheinpfalz.de" />
+	<target host="immo.rheinpfalz.de" />
+	<target host="kompass.rheinpfalz.de" />
+	<target host="service.rheinpfalz.de" />
+	<target host="shop.rheinpfalz.de" />
+	<target host="static.rheinpfalz.de" />
+	<target host="trauer.rheinpfalz.de" />
+	<target host="vk.rheinpfalz.de" />
+
+	<target host="rheinpfalzdocs.de" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Rhino-Software.xml b/src/chrome/content/rules/Rhino-Software.xml
index 942bcd12e416..1a1adfa7bedc 100644
--- a/src/chrome/content/rules/Rhino-Software.xml
+++ b/src/chrome/content/rules/Rhino-Software.xml
@@ -1,17 +1,21 @@
-<!--	!functional:
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://rhinosoft.com/ => https://rhinosoft.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.rhinosoft.com/ => https://www.rhinosoft.com/: (60, 'SSL certificate problem: certificate has expired')
+	!functional:
 		- download.rhinosoft.com	(self-signed; shows Serv-U login page)
 		- ftp.serv-u.com		(cert: download.rhinosoft.com; shows Serv-U login page)
 		- (www.)ftpvoyager.com		(cert: rhinosoft.com; shows that domain's data)
 		- (www.)serv-u.com		(ditto)
 -->
-<ruleset name="Rhino Software (partial)">
+<ruleset name="Rhino Software (partial)" default_off="failed ruleset test">
 
 	<target host="rhinosoft.com"/>
 	<target host="www.rhinosoft.com"/>
 
-	<securecookie host="^(www\.)?rhinosoft\.com$" name=".*"/>
+	<securecookie host="^(?:www\.)?rhinosoft\.com$" name=".+" />
 
-	<rule from="^http://(www\.)?rhinosoft\.com/"
-		to="https://$1rhinosoft.com/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Rhino_Support.com.xml b/src/chrome/content/rules/Rhino_Support.com.xml
new file mode 100644
index 000000000000..911b45bed4b0
--- /dev/null
+++ b/src/chrome/content/rules/Rhino_Support.com.xml
@@ -0,0 +1,46 @@
+<!--
+	For other Global Marketing Strategies coverage, see Global-Marketing-Strategies.xml.
+
+
+	Nonfunctional hosts in *rhinosupport.com:
+
+		- blog *
+
+	* 200 "Site Not Found"
+
+
+	^rhinosupport.com: Self-signed
+
+
+	Insecure cookies are set for these domains:
+
+		- .rhinosupport.com
+
+-->
+<ruleset name="Rhino Support.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="support.rhinosupport.com" />
+	<target host="fanpagegeneratorpro.rhinosupport.com" />
+	<target host="www.rhinosupport.com" />
+
+	<!--	Complications:
+				-->
+	<target host="rhinosupport.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.rhinesupport\.com$" name="^(?:Language|PHPSESSID)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://rhinosupport\.com/"
+		to="https://www.rhinosupport.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Rhizome.xml b/src/chrome/content/rules/Rhizome.xml
index c861147e6736..0f8187157883 100644
--- a/src/chrome/content/rules/Rhizome.xml
+++ b/src/chrome/content/rules/Rhizome.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(www\.)?rhizome\.org/static/"
 		to="https://$1rhizome.org/static/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Rhombus-Tech.xml b/src/chrome/content/rules/Rhombus-Tech.xml
index 82cf3f286026..4f4fa7b22fff 100644
--- a/src/chrome/content/rules/Rhombus-Tech.xml
+++ b/src/chrome/content/rules/Rhombus-Tech.xml
@@ -1,4 +1,4 @@
-<ruleset name="Rhombus Tech" default_off="mismatch">
+<ruleset name="Rhombus Tech" default_off="mismatched">
 
 	<!--	Cert: www.hands.com
 					-->
@@ -6,7 +6,7 @@
 	<target host="www.rhombus-tech.net" />
 
 
-	<rule from="^https?://(?:www\.)?rhombus-tech\.net/"
+	<rule from="^http://(?:www\.)?rhombus-tech\.net/"
 		to="https://rhombus-tech.net/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Ribble_Valley.gov.uk.xml b/src/chrome/content/rules/Ribble_Valley.gov.uk.xml
new file mode 100644
index 000000000000..d7e3ce5a6fd6
--- /dev/null
+++ b/src/chrome/content/rules/Ribble_Valley.gov.uk.xml
@@ -0,0 +1,33 @@
+<!--
+	Ribble Valley Borough Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	These altnames don't exist:
+
+		- ribblevalley.gov.uk
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.ribblevalley.gov.uk
+
+-->
+<ruleset name="Ribble Valley.gov.uk">
+
+	<target host="licensing.ribblevalley.gov.uk" />
+	<target host="www.ribblevalley.gov.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.ribblevalley\.gov\.uk$" name="^\w+$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ricardo.ch.xml b/src/chrome/content/rules/Ricardo.ch.xml
index df17bdb4d0df..a34b2fe5d816 100644
--- a/src/chrome/content/rules/Ricardo.ch.xml
+++ b/src/chrome/content/rules/Ricardo.ch.xml
@@ -1,8 +1,48 @@
-<ruleset name="Ricardo.ch">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ricardo.ch/ueber-uns/de-ch/onlinehilfe.aspx => https://ricardo.ch/ueber-uns/de-ch/onlinehilfe.aspx: (56, 'SSL read: error:00000000:lib(0):func(0):reason(0), errno 104')
+Fetch error: http://fr.ricardo.ch/ => https://fr.ricardo.ch/: (51, "SSL: no alternative certificate subject name matches target host name 'fr.ricardo.ch'")
+
+	Other ricardo rulesets:
+
+		- Ricardoshops.ch.xml
+
+
+	Problematic hosts in *ricardo.ch:
+
+		- winterreifen.auto *
+
+	* Mismatched
+
+
+	These altnames don't exist:
+
+		- www.schnellverkaufen.ricardo.ch
+
+-->
+<ruleset name="Ricardo.ch (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
         <target host="ricardo.ch" />
+        <target host="assistant.ricardo.ch" />
+        <target host="auto.ricardo.ch" />
+        <target host="fr.ricardo.ch" />
+        <target host="www.fr.ricardo.ch" />
+        <target host="schnellverkaufen.ricardo.ch" />
+        <target host="vendrevite.ricardo.ch" />
         <target host="www.ricardo.ch" />
-        <securecookie host="^(.*\.)?ricardo\.ch$" name=".*" />
 
-        <rule from="^http://(?:www\.)?ricardo\.ch/" to="https://www.ricardo.ch/"/>
-</ruleset>
+		<test url="http://ricardo.ch/ueber-uns/de-ch/onlinehilfe.aspx" />
+		<test url="http://www.ricardo.ch/kaufen/" />
+		<test url="http://www.ricardo.ch/ueber-uns/de-ch/onlinehilfe.aspx" />
+
 
+        <securecookie host=".+" name=".+" />
+
+
+        <rule from="^http:"
+                to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ricardoshops.ch.xml b/src/chrome/content/rules/Ricardoshops.ch.xml
new file mode 100644
index 000000000000..8674600a2ae6
--- /dev/null
+++ b/src/chrome/content/rules/Ricardoshops.ch.xml
@@ -0,0 +1,23 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ricardoshops.ch/ => https://ricardoshops.ch/: (51, "SSL: no alternative certificate subject name matches target host name 'ricardoshops.ch'")
+
+	For other ricardo coverage, see Ricardo.ch.xml.
+
+-->
+<ruleset name="ricardoshops.ch" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ricardoshops.ch" />
+	<target host="www.ricardoshops.ch" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Rice-University-mismatches.xml b/src/chrome/content/rules/Rice-University-mismatches.xml
index 7fa909fad80c..783132b83f91 100644
--- a/src/chrome/content/rules/Rice-University-mismatches.xml
+++ b/src/chrome/content/rules/Rice-University-mismatches.xml
@@ -2,13 +2,12 @@
 	For rules that are on by default, see Rice-University.xml.
 
 -->
-<ruleset name="Rice University (mismatches)" default_off="mismatch">
+<ruleset name="Rice University (mismatches)" default_off="mismatched">
 
 	<!--	Cert: *.rice.edu	-->
 	<target host="alumni.cgi.rice.edu" />
 
 
-	<rule from="^http://alumni\.cgi\.rice\.edu/"
-		to="https://alumni.cgi.rice.edu/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Rice-University.xml b/src/chrome/content/rules/Rice-University.xml
index 211f671042f8..d27c3d443077 100644
--- a/src/chrome/content/rules/Rice-University.xml
+++ b/src/chrome/content/rules/Rice-University.xml
@@ -21,10 +21,9 @@
 	<target host="staff.rice.edu" />
 
 
-	<securecookie host="^(online\.alumni|staff)\.rice\.edu$" name=".*" />
+	<securecookie host="^(?:online\.alumni|staff)\.rice\.edu$" name=".+" />
 
 
-	<rule from="^http://(online\.alumni|staff)\.rice\.edu/"
-		to="https://$1.rice.edu/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/RichRelevance.xml b/src/chrome/content/rules/RichRelevance.xml
index 545d5503f94c..7a975a04a5cf 100644
--- a/src/chrome/content/rules/RichRelevance.xml
+++ b/src/chrome/content/rules/RichRelevance.xml
@@ -1,23 +1,103 @@
+
 <!--
-	http://recs.../$ & https://recs.../$ differ.
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://eurm.recs.richrelevance.com/rrmail/rmclick?a=4ccda6fabc7e1e30&cpi=16_03_11_WoW_Sun&userId=7912334&seedProductIds=&seedCategoryIds=&zoneName=toplevel_6&strategySet=&date=20160313&ln=email_mobile&version=3&lid=3&cm_mmc=Email-_-TBP%20326-_-16_03_11_WoW_Sun-_-rr-horizontal-16_03_11_WoW_Sun-link3&istCompanyId=9E28718B-80EC-4C70-9F52-4431EC3FF1DE&istItemId=ilmaaxaw&utm_source=email&utm_medium=newsletter&utm_campaign=16_03_11_WoW_Sun (200) => https://recs.richrelevance.com/rrmail/rmclick?a=4ccda6fabc7e1e30&cpi=16_03_11_WoW_Sun&userId=7912334&seedProductIds=&seedCategoryIds=&zoneName=toplevel_6&strategySet=&date=20160313&ln=email_mobile&version=3&lid=3&cm_mmc=Email-_-TBP%20326-_-16_03_11_WoW_Sun-_-rr-horizontal-16_03_11_WoW_Sun-link3&istCompanyId=9E28718B-80EC-4C70-9F52-4431EC3FF1DE&istItemId=ilmaaxaw&utm_source=email&utm_medium=newsletter&utm_campaign=16_03_11_WoW_Sun (404)
+Non-2xx HTTP code: http://rm.recs.richrelevance.com/rrmail/rmclick?a=8791bbd765435838&cpi=RR1&userId=1237298170&seedProductIds=&seedCategoryIds=&zoneName=responsive&strategySet=&date=05182015&ln=email_mobile&version=3&lid=3 (200) => https://recs.richrelevance.com/rrmail/rmclick?a=8791bbd765435838&cpi=RR1&userId=1237298170&seedProductIds=&seedCategoryIds=&zoneName=responsive&strategySet=&date=05182015&ln=email_mobile&version=3&lid=3 (404)
+
+	http://media.../$ & https://media.../$ differ.
 
 
 	Nonfunctional subdomains:
 
-		- engineering	(shows www, valid cert)
 		- ics	(times out)
 
+
+	Problematic hosts in *richrelevance.com:
+
+		- eurm.recs ᵐ
+		- rm.recs ᵐ
+
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- cas.richrelevance.com
+		- integration.richrelevance.com
+		- portal.richrelevance.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- engineering, www from $self ˢ
+			- engineering from www.richrelevance.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
 -->
-<ruleset name="RichRelevance (partial)">
+<ruleset name="RichRelevance.com (partial)" default_off="failed ruleset test">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="richrelevance.com" />
-	<target host="*.richrelevance.com" />
+	<target host="cas.richrelevance.com" />
+	<target host="confluence.richrelevance.com" />
+	<target host="demo.richrelevance.com" />
+	<target host="developer.richrelevance.com" />
+	<target host="e4b-2.richrelevance.com" />
+	<target host="image.richrelevance.com" />
+	<target host="integration.richrelevance.com" />
+	<target host="jira.richrelevance.com" />
+	<target host="media.richrelevance.com" />
+	<target host="portal.richrelevance.com" />
+	<target host="recs.richrelevance.com" />
+	<target host="www.richrelevance.com" />
+
+		<!--	401 vs 200 blank page => fetch check would fail:
+									-->
+		<exclusion pattern="^http://media\.richrelevance\.com/$" />
+
+			<!--	-ve:
+					-->
+			<test url="http://media.richrelevance.com/rrserver/images/sampleimage.jpg" />
+			<test url="http://media.richrelevance.com/rrserver/js/1.1/p13n.js" />
+
+		<test url="http://cdn.richrelevance.com/dashboard/img/rr2.0/dashboard-rc-login-bg.jpg" />
+
+		<!--	$ 404s, so:
+					-->
+		<test url="http://image.richrelevance.com/rrmail/click/recs?apiKey=7acb638e84ceb389&amp;userId=1&amp;campaign=campaign01&amp;date=2016-06-15&amp;placement=r01&amp;layout=email&amp;slot=2" />
+		<test url="http://integration.richrelevance.com/rrserver/adclick?pcam=869057&amp;pcre=39979&amp;vg=d46006fc-3366-452f-343a-1e53bc618f0e&amp;propt=home_page.promo_1&amp;rp=true&amp;a=a43d5330e9172221&amp;sgs=&amp;ct=http%3A%2F%2Fwww.morphsuits.com%2Fbrands%2Fpower-rangers-costumes" />
+		<test url="http://recs.richrelevance.com/rrserver/apiclick?a=e8da9bb22c38c228&amp;cak=21280b5d95ea9121&amp;ct=http%3A%2F%2Fwww.americanmuscle.com%2Frelocoarstpe.html&amp;vg=5d400dac-edbc-4f13-35e0-6454bb7ff521&amp;stid=4&amp;pti=1&amp;pa=20040&amp;pos=3&amp;p=30000&amp;channelId=21280b5d95ea9121&amp;s=pmtmomnbntc10t3ypt14upm5" />
+
+	<!--	Complications:
+				-->
+	<target host="eurm.recs.richrelevance.com" />
+	<target host="rm.recs.richrelevance.com" />
+
+		<!--	$ 404s, so:
+					-->
+		<test url="http://eurm.recs.richrelevance.com/rrmail/rmclick?a=4ccda6fabc7e1e30&amp;cpi=16_03_11_WoW_Sun&amp;userId=7912334&amp;seedProductIds=&amp;seedCategoryIds=&amp;zoneName=toplevel_6&amp;strategySet=&amp;date=20160313&amp;ln=email_mobile&amp;version=3&amp;lid=3&amp;cm_mmc=Email-_-TBP%20326-_-16_03_11_WoW_Sun-_-rr-horizontal-16_03_11_WoW_Sun-link3&amp;istCompanyId=9E28718B-80EC-4C70-9F52-4431EC3FF1DE&amp;istItemId=ilmaaxaw&amp;utm_source=email&amp;utm_medium=newsletter&amp;utm_campaign=16_03_11_WoW_Sun" />
+		<test url="http://rm.recs.richrelevance.com/rrmail/rmclick?a=8791bbd765435838&amp;cpi=RR1&amp;userId=1237298170&amp;seedProductIds=&amp;seedCategoryIds=&amp;zoneName=responsive&amp;strategySet=&amp;date=05182015&amp;ln=email_mobile&amp;version=3&amp;lid=3" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^cas\.richrelevance\.com$" name="^JSESSIONID$" /-->
+	<!--securecookie host="^integration\.richrelevance\.com$" name="^(?:m|n|s|uc)$" /-->
+	<!--securecookie host="^portal\.richrelevance\.com$" name="^rememberMe$" /-->
 
+	<securecookie host="^\w" name=".+" />
 
-	<securecookie host="^www\.richrelevance\.com$" name=".+" />
 
+	<rule from="^http://(?:eu)?rm\.recs\.richrelevance\.com/"
+		to="https://recs.richrelevance.com/" />
 
-	<rule from="^http://((?:confluence|demo|e4b-2|jira|portal|www)\.)?richrelevance\.com/"
-		to="https://$1richrelevance.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Richard-Dawkins-Foundation.xml b/src/chrome/content/rules/Richard-Dawkins-Foundation.xml
index 0ccef347a1ac..b0c27c18f084 100644
--- a/src/chrome/content/rules/Richard-Dawkins-Foundation.xml
+++ b/src/chrome/content/rules/Richard-Dawkins-Foundation.xml
@@ -1,10 +1,7 @@
 <!--
-	For problematic rules, see Richard_Dawkins_Foundation-problematic.xml.
-
-
-	Other Richard Dawkins Foundation rulesets:
+	Richard Dawkins Foundation
 
-		- Out_Campaign.org.xml
+	For problematic rules, see Richard_Dawkins_Foundation-problematic.xml.
 
 
 	CDN buckets:
@@ -12,7 +9,15 @@
 		- s3.amazonaws.com/rdf_article_images/
 		- s3.amazonaws.com/rdf_files/
 		- s3.amazonaws.com/rdfnet_production/
+		- d2gticy66n56kj.cloudfront.net
+		- d2nr576vpavpga.cloudfront.net
+		- d2ttfyrfmig6p1.cloudfront.net
 		- ddeedjkumnzhr.cloudfront.net
+
+		- kagawa-2640.herokussl.com
+
+			- www.richarddawkins.com
+
 		- cdn.cloudfiles.mosso.com/c114612/
 		- cdn.cloudfiles.mosso.com/c116811/
 		- cdn.cloudfiles.mosso.com/c148211/
@@ -25,16 +30,18 @@
 
 		- richarddawkins.myshopify.com
 
-			- store.richarddawkins.net
-
 		- c177661.r61.cf0.rackcdn.com
+		- c114922.r22.cf0.rackcdn.com
+		- c914452.r52.cf0.rackcdn.com
 		- c1731762.r62.cf0.rackcdn.com
+		- c3012132.r32.cf0.rackcdn.com
 		- c3046032.r32.cf0.rackcdn.com
 		- c3412584.r84.cf0.rackcdn.com
 		- c3416406.r6.cf0.rackcdn.com
 		- c3420515.r15.cf0.rackcdn.com
-		- 797b0b606c1547a543b0-cdacc32b674205fe92b364b664c1d1d9.r9.cf1.rackcdn.com
 		- 43daeccf7cdf2dcbc363-c6a7188b9b9e0e225d3a26bef6d9deab.r19.cf1.rackcdn.com
+		- 4dc15765d632d28dc42a-5062e3e111b8536afbdba79c92c42b43.r55.cf1.rackcdn.com
+		- 797b0b606c1547a543b0-cdacc32b674205fe92b364b664c1d1d9.r9.cf1.rackcdn.com
 		- c0116801.cdn.cloudfiles.rackspacecloud.com
 		- c0589922.cdn.cloudfiles.rackspacecloud.com
 		- c0914452.cdn.cloudfiles.rackspacecloud.com
@@ -44,26 +51,108 @@
 
 	Problematic domains:
 
-		- (www.)rdfs.com **
-		- richarddawkins.net			(no https)
-		- comments.richarddawkins.net **
-		- www.richarddawkins.net **
-		- (www.)richarddawkinsfoundation.org *
+		- richarddawkins.net subdomains:
+
+			- comments ¹
+			- de ¹
+			- es ¹
+			- givingaid ¹
+			- old ¹
+
+		- (www.)richarddawkinsfoundation.org ²
+
+	¹ Works; mismatched, CN: *.herokuapp.com
+	² Works; mismatched, CN: *.heroku.com
+
+
+	These altnames don't exist:
+
+		- www.donate.richarddawkins.net
+
 
-	* Mismatched, CN: *.heroku.com
-	** Works, mismatched, CN: *.herokuapp.com
+	Mixed content:
+
+		- css, on:
+
+			- old.richarddawkins.net from www.google.com ¹
+
+		- Images, on:
+
+			- de.richarddawkins.net from d2nr576vpavpga.cloudfront.net ¹
+			- de.richarddawkins.net and www.richarddawkins.net from gravatar.com ¹
+
+			- old.richarddawkins.net, from:
+
+				- s3.amazonaws.com ¹
+				- im.media.ft.com ²
+				- www.gravatar.com ¹
+				- g-ecx.images-amazon.com ¹
+				- pictures.playboy.com ²
+				- c114922.r22.cf0.rackcdn.com ¹
+				- c914452.r52.cf0.rackcdn.com ¹
+				- c1731762.r62.cf0.rackcdn.com ¹
+				- c3012132.r32.cf0.rackcdn.com ¹
+				- c3412584.r84.cf0.rackcdn.com ¹
+				- c3416406.r6.cf0.rackcdn.com ¹
+				- 43daeccf7cdf2dcbc363-c6a7188b9b9e0e225d3a26bef6d9deab.r19.cf1.rackcdn.com ¹
+				- c0116801.cdn.cloudfiles.rackspacecloud.com ¹
+				- c0589922.cdn.cloudfiles.rackspacecloud.com ¹
+				- c0939582.cdn.cloudfiles.rackspacecloud.com ¹
+				- c1129422.cdn.cloudfiles.rackspacecloud.com ¹
+				- cdn.shopify.com ¹
+
+			- (www.)richarddawkinsfoundation.org, from:
+
+				- 4dc15765d632d28dc42a-5062e3e111b8536afbdba79c92c42b43.r55.cf1.rackcdn.com ¹
+				- c0116801.cdn.cloudfiles.rackspacecloud.com ¹
+				- c0914452.cdn.cloudfiles.rackspacecloud.com ¹
+				- c0939582.cdn.cloudfiles.rackspacecloud.com ¹
+
+		- Web, bugs on:
+
+			- de.richarddawkins.net and www.richarddawkins.net from s7.addthis.com ¹
+			- old.richarddawkins.net from pixel.quantserve.com ¹
+			- richarddawkinsfoundation.org from rcm-uk.amazon.co.uk
+
+	¹ Secured by us
+	² Unsecurable
 
 -->
-<ruleset name="Richard Dawkins Foundation (partial) ">
+<ruleset name="Richard Dawkins.net (partial) ">
 
+	<!--	Direct rewrites:
+				-->
+	<target host="richarddawkins.net" />
+	<target host="donate.richarddawkins.net" />
+	<target host="www.richarddawkins.net" />
+
+	<!--	Complications:
+				-->
 	<target host="comments.richarddawkins.net" />
 	<target host="store.richarddawkins.net" />
 
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^richarddawkins\.net$" name="^wordpress_test_cookie$" /-->
+	<!--securecookie host="^\.richarddawkins\.net$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^(?:www\.)?richarddawkins\.net$" name=".+" />
+	<securecookie host="^\.richarddawkins\.net$" name="^(?:__cfduid|cf_clearance)$" />
+
+
 	<rule from="^http://comments\.richarddawkins\.net/"
 		to="https://rdfnet-comments.herokuapp.com/" />
 
-	<rule from="^http://store\.richarddawkins\.net/"
+	<!--	Redirect keeps path and args,
+		but not forward slash:
+					-->
+	<rule from="^http://store\.richarddawkins\.net/+"
 		to="https://richarddawkins.myshopify.com/" />
 
+		<test url="http://store.richarddawkins.net//" />
+
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/Richard_Dawkins_Foundation-problematic.xml b/src/chrome/content/rules/Richard_Dawkins_Foundation-problematic.xml
index 0d507362e25a..b72c6a7c973c 100644
--- a/src/chrome/content/rules/Richard_Dawkins_Foundation-problematic.xml
+++ b/src/chrome/content/rules/Richard_Dawkins_Foundation-problematic.xml
@@ -4,28 +4,19 @@
 -->
 <ruleset name="Richard Dawkins Foundation (problematic)" default_off="mismatched">
 
-	<target host="rdfrs.com" />
-	<target host="www.rdfrs.com" />
-	<target host="richarddawkins.net" />
-	<target host="*.richarddawkins.net" />
+	<target host="de.richarddawkins.net" />
+	<target host="givingaid.richarddawkins.net" />
+	<target host="old.richarddawkins.net" />
 	<target host="richarddawkinsfoundation.org" />
 	<target host="www.richarddawkinsfoundation.org" />
 
 
-	<securecookie host="^rdfrs\.com$" name=".+" />
 	<securecookie host="^.*\.richarddawkins\.net$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?rdfrs\.com/"
-		to="https://rdfrs.com/" />
-
-	<rule from="^http://(?:www\.)?richarddawkins\.net/"
-		to="https://www.richarddawkins.net/" />
-
-	<rule from="^http://(donate|givingaid|old)\.richarddawkins\.net/"
-		to="https://$1.richarddawkins.net/" />
 
 	<rule from="^http://(?:www\.)?richarddawkinsfoundation\.org/"
 		to="https://richarddawkinsfoundation.org/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Richard_and_Judy_Book_Club.xml b/src/chrome/content/rules/Richard_and_Judy_Book_Club.xml
index d8392f4ead15..ca8b1cb725f0 100644
--- a/src/chrome/content/rules/Richard_and_Judy_Book_Club.xml
+++ b/src/chrome/content/rules/Richard_and_Judy_Book_Club.xml
@@ -7,7 +7,6 @@
 	<target host="www.richardandjudy.co.uk" />
 
 
-	<rule from="^http://www\.richardandjudy\.co\.uk/"
-		to="https://www.richardandjudy.co.uk/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Richmond.edu.xml b/src/chrome/content/rules/Richmond.edu.xml
new file mode 100644
index 000000000000..9e5a3ff7bb6f
--- /dev/null
+++ b/src/chrome/content/rules/Richmond.edu.xml
@@ -0,0 +1,104 @@
+<!--
+	University of Richmond
+
+
+	Nonfunctional subdomains:
+
+		- (www.) ¹
+		- alert ¹
+		- alumni ¹
+		- as ¹
+		- assets ¹
+		- blog ²
+		- business ¹
+		- calendar ¹
+		- communications ¹
+		- directory ³
+		- downtown ¹
+		- engage ¹
+		- foghorn ⁴
+		- giving ¹
+		- hr ¹
+		- international ¹
+		- is ¹
+		- jepson ¹
+		- law ¹
+		- library ¹
+		- livinglearning ¹
+		- modlin ¹
+		- multicultural ¹
+		- news ¹
+		- police ¹
+		- president ¹
+		- provost ¹
+		- robins ¹
+		- scs ¹
+		- search ⁵
+		- spcs ¹
+		- spiderdiaries ¹
+		- studentdevelopment ¹
+
+	¹ Shows webapps; mismatched, CN: webapps.richmond.edu
+	² Shows foghorn, mismatched, CN: foghorn.richmond.edu
+	³ Redirects to http, valid cert
+	⁴ Shows RHEL test page, self-signed
+	⁵ Redirects to http; mismatched, CN: foo.ent.google.com
+
+
+	Fully covered subdomains:
+
+		- autodiscover
+		- bannerweb
+		- blackboard
+		- dsl
+		- exchangemail
+		- facultystaff
+		- webapps
+		- webpass
+
+
+	Observed cookie domains:
+
+		- autodiscover ¹
+		- bannerweb ²
+		- blackboard ²
+		- exchangemail ¹
+		- webpass ²
+
+	¹ Secured by server
+	² Secured by us
+
+
+	Mixed content:
+
+		- css on dsl from fonts.googleapis.com *
+
+		- Images on dsl from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Richmond.edu (partial)">
+
+	<target host="autodiscover.richmond.edu" />
+	<target host="bannerweb.richmond.edu" />
+	<target host="blackboard.richmond.edu" />
+	<target host="dsl.richmond.edu" />
+	<target host="exchangemail.richmond.edu" />
+	<target host="facultystaff.richmond.edu" />
+	<target host="webapps.richmond.edu" />
+	<target host="webpass.richmond.edu" />
+
+
+	<!--	Server sets Secure for these:
+						-->
+	<!--securecookie host="^(autodiscover|exchangemail)\.richmond\.edu$" name=".+" /-->
+	<!--
+		But not for some of these:
+						-->
+	<securecookie host="^(?:bannerweb|blackboard|webpass)\.richmond\.edu$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Richmond_Tea_Party.xml b/src/chrome/content/rules/Richmond_Tea_Party.xml
index 6ad101258edd..22e2c4cd5ba5 100644
--- a/src/chrome/content/rules/Richmond_Tea_Party.xml
+++ b/src/chrome/content/rules/Richmond_Tea_Party.xml
@@ -1,13 +1,12 @@
 <ruleset name="Richmond Tea Party">
 
 	<target host="richmondteaparty.com" />
-	<target host="*.richmondteaparty.com" />
+	<target host="www.richmondteaparty.com" />
 
 
 	<securecookie host="^(?:w*\.)?richmondteaparty\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?richmondteaparty\.com/"
-		to="https://$1richmondteaparty.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Richmondshire.gov.uk.xml b/src/chrome/content/rules/Richmondshire.gov.uk.xml
new file mode 100644
index 000000000000..5308a4f3b2b0
--- /dev/null
+++ b/src/chrome/content/rules/Richmondshire.gov.uk.xml
@@ -0,0 +1,40 @@
+<!--
+	Richmondshire District Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *richmondshire.gov.uk:
+
+		- gis ᵈ
+		- planning ᵈ
+
+	ᵈ Dropped
+
+
+	(www.)?richmondshire.gov.uk: Expired, mismatched, self-signed
+
+
+	Insecure cookies are set for these hosts:
+
+		- richmondshire.gov.uk
+		- www.richmondshire.gov.uk
+
+-->
+<ruleset name="Richmondshire.gov.uk (partial)" default_off="expired, mismatched, self-signed">
+
+	<target host="richmondshire.gov.uk" />
+	<target host="www.richmondshire.gov.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?richmondshire\.gov\.uk$" name="^[\da-f]{32}$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/RickyGervais.com.xml b/src/chrome/content/rules/RickyGervais.com.xml
new file mode 100644
index 000000000000..dced26ed268c
--- /dev/null
+++ b/src/chrome/content/rules/RickyGervais.com.xml
@@ -0,0 +1,11 @@
+<!--
+	Chain issue (missing intermediate):
+		- podcast.rickygervais.com
+-->
+
+<ruleset name="RickyGervais.com" platform="mixedcontent">
+	<target host="rickygervais.com" />
+	<target host="www.rickygervais.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ricochet.com.xml b/src/chrome/content/rules/Ricochet.com.xml
new file mode 100644
index 000000000000..8832355aec8e
--- /dev/null
+++ b/src/chrome/content/rules/Ricochet.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="Ricochet.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ricochet.com" />
+	<target host="www.ricochet.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ricoh.xml b/src/chrome/content/rules/Ricoh.xml
index eb4ebf24dbb2..e0ab3e5b4e0c 100644
--- a/src/chrome/content/rules/Ricoh.xml
+++ b/src/chrome/content/rules/Ricoh.xml
@@ -1,30 +1,32 @@
+<!--
+	Could not resolve host:
+		ricoh.com.hk
+		ricoh.sg
+
+	Not found on https mode:
+		support.ricoh.com	http://support.ricoh.com/bb/html/dr_ut_e/rcn1/model/mpc4503/mpc4503.htm
+-->
 <ruleset name="Ricoh (partial)">
+	<target host="ricoh.com"/>
+	<target host="www.ricoh.com"/>
 
 	<target host="ricoh.co.in"/>
 	<target host="www.ricoh.co.in"/>
-	<target host="ricoh.com"/>
-	<target host="www.ricoh.com"/>
-	<target host="ricoh.com.hk"/>
-	<target host="www.ricoh.com.hk"/>
-	<target host="marketplace.ricoh.com.sg"/>
-	<target host="ricoh.sg"/>
-	<target host="www.ricoh.sg"/>
 
-	<securecookie host="^(.*\.)?ricoh\.co(\.in|m(\.sg)?)$" name=".*"/>
+	<target host="ricoh.com.cn"/>
+	<target host="www.ricoh.com.cn"/>
 
-	<rule from="^http://(?:www\.)?ricoh\.co\.in/"
-		to="https://ricoh.co.in/"/>
+	<target host="www.ricoh.com.hk"/>
 
-	<rule from="^http://(?:www\.)?ricoh\.com/"
-		to="https://www.ricoh.com/"/>
+	<target host="www.ricoh.sg"/>
+
+	<target host="marketplace.ricoh.com.sg"/>
 
-	<rule from="^http://(?:www\.)?ricoh\.com\.hk/co(mmon|tent)/"
-		to="https://www.ricoh.com.hk/co$1/"/>
+	<rule from="^http://ricoh\.com/" to="https://www.ricoh.com/"/>
 
-	<rule from="^http://marketplace\.ricoh\.com\.sg/"
-		to="https://marketplace.ricoh.com.sg/"/>
+	<rule from="^http://ricoh\.co\.in/" to="https://www.ricoh.co.in/"/>
 
-	<rule from="^http://(?:www\.)?ricoh\.sg/"
-		to="https://www.ricoh.sg/"/>
+	<rule from="^http://ricoh\.com\.cn/" to="https://www.ricoh.com.cn/"/>
 
+	<rule from="^http:" to="https:"/>
 </ruleset>
diff --git a/src/chrome/content/rules/Riga.xml b/src/chrome/content/rules/Riga.xml
index 2c185649f4c5..88da94ef5128 100644
--- a/src/chrome/content/rules/Riga.xml
+++ b/src/chrome/content/rules/Riga.xml
@@ -1,4 +1,12 @@
-<ruleset name="Riga">
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://eriga.lv/ (200) => https://eriga.lv/ (404)
+
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://eriga.lv/ (200) => https://eriga.lv/ (404)
+-->
+<ruleset name="Riga" default_off="failed ruleset test">
   <target host="riga.lv" />
   <target host="*.riga.lv" />
   <target host="eriga.lv" />
diff --git a/src/chrome/content/rules/Right-Media.xml b/src/chrome/content/rules/Right-Media.xml
index 54bf378f3e35..7133ee8a98b5 100644
--- a/src/chrome/content/rules/Right-Media.xml
+++ b/src/chrome/content/rules/Right-Media.xml
@@ -1,5 +1,11 @@
+
 <!--
-	For other Yahoo coverage, see YahooNew.xml.
+Disabled by https-everywhere-checker because:
+Fetch error: http://ui.ad.yieldmanager.com/ => https://ui.ad.yieldmanager.com/: (6, 'Could not resolve host: ui.ad.yieldmanager.com')
+Fetch error: http://community.yieldmanager.com/ => https://community.yieldmanager.com/: (7, 'Failed to connect to community.yieldmanager.com port 443: Connection refused')
+Fetch error: http://my.yieldmanager.com/ => https://my.yieldmanager.com/: (7, 'Failed to connect to my.yieldmanager.com port 443: Connection refused')
+
+	For other Yahoo coverage, see Yahoo.xml.
 
 
 	CDN buckets:
@@ -16,6 +22,7 @@
 
 	Problematic domains:
 
+		- ccpui.yieldmanager.com	(mixed content from yui.yahooapis.com)
 		- l.yieldmanager.net	(404; mismatched, CN: s.yimg.com)
 		- ads.yldmgrimg.net	(works, akamai)
 
@@ -33,47 +40,64 @@
 			- csc.beap.ad
 			- open.ad
 
+
+	Mixed content:
+
+		- css on ccpui.yieldmanager.com from yui.yahooapis.com *
+
+	* Secured by us
+
 -->
-<ruleset name="Right Media">
+<ruleset name="Right Media" default_off="failed ruleset test">
 
-	<target host="ad.adorika.com" />
+	<!--	Direct rewrites:
+				-->
 	<target host="ads.bluelithium.com" />
-	<target host="*.rmxads.com" />
-	<target host="*.yieldmanager.com" />
-	<target host="*.ad.yieldmanager.com" />
-	<target host="*.yieldmanager.net" />
+
+	<target host="ad.rmxads.com" />
+	<target host="optimizedby.rmxads.com" />
+
+	<target host="ad.yieldmanager.com" />
+	<target host="ui.ad.yieldmanager.com" />
+	<target host="ycpi.ad.yieldmanager.com" />
+
+	<target host="community.yieldmanager.com" />
+	<target host="content-ssl.yieldmanager.com" />
+	<target host="my.yieldmanager.com" />
+	<target host="rm.yieldmanager.com" />
+	<target host="yahoo.yieldmanager.com" />
+
+	<target host="ci.beap.ad.yieldmanager.net" />
+	<target host="clicks.beap.ad.yieldmanager.net" />
+	<target host="csc.beap.ad.yieldmanager.net" />
 	<target host="open.ad.yieldmanager.net" />
+
 	<target host="*.dp.yieldmanager.net" />
-	<target host="*.eu.dp.yieldmanager.net" />
-	<target host="tm.*.dp.yieldmanager.net" />
+	<!--target host="*.eu.dp.yieldmanager.net" /-->
+	<!--target host="tm.*.dp.yieldmanager.net" /-->
+
+	<!--	Complications:
+				-->
+	<target host="ad.adorika.com" />
+	<target host="content.yieldmanager.com" />
 
+		<test url="http://ad.yieldmanager.com/pixel?id=&amp;id=&amp;id=&amp;id=&amp;t=" />
 
-	<securecookie host="^(.*\.)?yieldmanager\.(com|net)$" name=".*" />
+
+	<securecookie host="^(?:.*\.)?yieldmanager\.(?:com|net)$" name=".+" />
 
 
 	<!--	Cert mismatch.
 				-->
-	<rule from="^https?://ad\.adorika\.com/"
+	<rule from="^http://ad\.adorika\.com/"
 		to="https://ad.rmxads.com/" />
 
-	<rule from="^http://ads\.bluelithium\.com/"
-		to="https://ads.bluelithium.com/" />
-
-	<rule from="^http://(ad|optimizedby)\.rmxads\.com/"
-		to="https://$1.rmxads.com/" />
-
 	<!--	content: Akamai
 						-->
-	<rule from="^https?://content(?:-ssl)?\.yieldmanager\.com/"
+	<rule from="^http://content\.yieldmanager\.com/"
 		to="https://content-ssl.yieldmanager.com/" />
 
-	<rule from="^http://(ad|ui\.ad|ycpi\.ad|community|my|rm|yahoo)\.yieldmanager\.com/"
-		to="https://$1.yieldmanager.com/" />
-
-	<rule from="^http://((?:ci|clicks)\.beap|csc\.beap|open)\.ad\.yieldmanager\.net/"
-		to="https://$1.ad.yieldmanager.net/" />
-
-	<rule from="^http://((?:\w+)(?:\.\w+)?)\.dp\.yieldmanager\.net/"
-		to="https://$1.dp.yieldmanager.net/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/RightNow-clients.xml b/src/chrome/content/rules/RightNow-clients.xml
deleted file mode 100644
index ee86947f2678..000000000000
--- a/src/chrome/content/rules/RightNow-clients.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<!--
-	For RightNow Technologies proper, see RightNow.xml
-
--->
-<ruleset name="RightNow Technologies clients" default_off="mismatch">
-
-	<target host="custhelp.consumerreports.org" />
-	<target host="en.support.guildwars2.com" />
-
-
-	<securecookie host="^en\.support\.guildwars2\.com$" name=".+" />
-
-
-	<!--	Cookies are handled in ConsumerReports.xml.
-								-->
-	<rule from="^http://custhelp\.consumerreports\.org/"
-		to="https://custhelp.consumerreports.org/" />
-
-	<!--	guildwars2.custhelp.com 301s back.
-							-->
-	<rule from="^http://en\.support\.guildwars2\.com/"
-		to="https://en.support.guildwars2.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/RightNow.xml b/src/chrome/content/rules/RightNow.xml
index 8a31c5237914..2d295e4aa8ef 100644
--- a/src/chrome/content/rules/RightNow.xml
+++ b/src/chrome/content/rules/RightNow.xml
@@ -1,41 +1,37 @@
 <!--
-	For other Oracle coverage, see Oracle.xml.
+	For other Oracle coverage, see Oracle.xml
 
+	Chain issue, missing intermediate:
+		- ovademos.rightnow.com
+		- ovaeu[01-15].rightnow.com
+		- ovaeu[18-25].rightnow.com
+		- ovaus[01-25].rightnow.com
 
-	For clients, see RightNow-clients.xml.
-
-
-	Targets solely for wildcard cookies:
-
-		- *.www.rnengage.com
+	Invalid certificate:
+		- labs.rightnow.com
+		- pr.rightnow.com
 
+	Redirects to HTTP:
+		- communities.rightnow.com
 -->
-<ruleset name="RightNow Technologies (partial)">
 
-	<target host="custhelp.com" />
-	<target host="*.custhelp.com" />
+<ruleset name="RightNow">
 	<target host="rightnow.com" />
 	<target host="www.rightnow.com" />
-	<target host="www.rnengage.com" />
-	<target host="*.www.rnengage.com" />
-
-
-	<securecookie host="^.*\.custhelp\.com$" name=".*" />
-	<securecookie host="^\.www\.rnengage\.com$" name=".+" />
-
-
-	<rule from="^https?://(?:www\.)?custhelp\.com/"
-		to="https://www.rightnow.com/" />
-
-	<!--	Unique subdomain for each client.
-							-->
-	<rule from="^http://([\w\-]+)\.custhelp\.com/"
-		to="https://$1.custhelp.com/" />
-
-	<rule from="^http://(www\.)?rightnow\.com/"
-		to="https://$1rightnow.com/" />
-
-	<rule from="^http://www\.rnengage\.com/"
-		to="https://www.rnengage.com/" />
-
+	<target host="community.rightnow.com" />
+	<target host="csp.rightnow.com" />
+	<target host="cx.rightnow.com" />
+	<target host="de.rightnow.com" />
+	<target host="developer.rightnow.com" />
+	<target host="forum.rightnow.com" />
+	<target host="installer.rightnow.com" />
+	<target host="investor.rightnow.com" />
+	<target host="jp.rightnow.com" />
+	<target host="opensource.rightnow.com" />
+	<target host="thegame.rightnow.com" />
+	<target host="widget.pr.rightnow.com" />
+	<target host="support.rightnow.com" />
+	<target host="vcio.rightnow.com" />
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/RightScale.com.xml b/src/chrome/content/rules/RightScale.com.xml
new file mode 100644
index 000000000000..89c07f96703b
--- /dev/null
+++ b/src/chrome/content/rules/RightScale.com.xml
@@ -0,0 +1,53 @@
+<!--
+	CDN buckets:
+
+		- duh6oa3w9hopv.cloudfront.net
+
+			- assets
+
+	Non-functional hosts:
+		Self-signed certificate:
+		- forums.rightscale.com
+		- www.forums.rightscale.com
+
+
+	Fully covered subdomains:
+
+		- ^
+		- analytics
+		- assets	(→ duh6oa3w9hopv.cloudfront.net)
+		- (www.)?forums
+		- my
+		- support
+		- us-3
+
+
+	These altnames don't exist:
+
+		- www.support.rightscale.com
+
+
+	Mixed content:
+
+		- Images on forums from client.newleaders.com *
+
+	* Not secured by us <= mismatched
+
+-->
+<ruleset name="RightScale.com (partial)">
+
+	<target host="assets.rightscale.com" />
+	<target host="rightscale.com" />
+	<target host="analytics.rightscale.com" />
+	<target host="my.rightscale.com" />
+	<target host="support.rightscale.com" />
+	<target host="us-3.rightscale.com" />
+		<!--
+			Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.rightscale\.com/$" /-->
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Righthaven.xml b/src/chrome/content/rules/Righthaven.xml
index d1dc112cf1a8..36895ff09ae8 100644
--- a/src/chrome/content/rules/Righthaven.xml
+++ b/src/chrome/content/rules/Righthaven.xml
@@ -1,12 +1,20 @@
-<ruleset name="Righthaven">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://righthaven.com/ => https://righthaven.com/: (7, 'Failed to connect to righthaven.com port 443: No route to host')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://righthaven.com/ => https://righthaven.com/: (28, 'Connection timed out after 10001 milliseconds')
+-->
+<ruleset name="Righthaven" default_off="failed ruleset test">
 
 	<target host="righthaven.com" />
 	<target host="*.righthaven.com" />
 		<!--	These redirect to http.		-->
-		<exclusion pattern="^http://plutus\.righthaven\.com/($|index\.php)" />
+		<exclusion pattern="^http://plutus\.righthaven\.com/(?:$|index\.php)" />
 
 
-	<securecookie host="^plutus\.righthaven\.com$" name=".*" />
+	<securecookie host="^plutus\.righthaven\.com$" name=".+" />
 
 
 	<!--	Observed subdomains:
diff --git a/src/chrome/content/rules/Rightmove.co.uk.xml b/src/chrome/content/rules/Rightmove.co.uk.xml
new file mode 100644
index 000000000000..e1502897820e
--- /dev/null
+++ b/src/chrome/content/rules/Rightmove.co.uk.xml
@@ -0,0 +1,62 @@
+<!--
+	Problematic hosts in *rightmove.co.uk:
+
+		- plc *
+
+	* Cloudfront/mismatched
+
+
+	Mixed content:
+
+		- Bug on www from \d+.fls.doubleclick.net *
+
+	* See https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Rightmove.co.uk (partial)">
+
+	<target host="rightmove.co.uk" />
+	<target host="media.rightmove.co.uk" />
+	<target host="www.rightmove.co.uk" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.rightmove\.co\.uk/(?:$|(?:commercial-property-to-let|estate-agents|feedback/feedback|house-prices|overseas-property|property-for-sale|property-to-rent|rightmoveplc/rightmove-contacts|user/saved-searches)\.html|rmplus/login/login\.action)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.rightmove\.co\.uk/(?!/*(?:favicon\.ico|forgottenPasswordForm\.html|(?:[\w-]+/)?login\.html|ps/|rmplus/login/login\.action))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.rightmove.co.uk/commercial-property-to-let.html" />
+			<test url="http://www.rightmove.co.uk/estate-agents.html" />
+			<test url="http://www.rightmove.co.uk/favicon.ico" />
+			<test url="http://www.rightmove.co.uk/feedback/feedback.html" />
+			<test url="http://www.rightmove.co.uk/house-prices.html" />
+			<test url="http://www.rightmove.co.uk/overseas-property.html" />
+			<test url="http://www.rightmove.co.uk/property-for-sale.html" />
+			<test url="http://www.rightmove.co.uk/property-to-rent.html" />
+			<test url="http://www.rightmove.co.uk/rightmoveplc/rightmove-contacts.html" />
+			<test url="http://www.rightmove.co.uk/user/saved-searches.html" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.rightmove.co.uk/forgottenPasswordForm.html" />
+			<test url="http://www.rightmove.co.uk/login.html" />
+			<test url="http://www.rightmove.co.uk/overseas-property/login.html/svr/1708?from=%2Foverseas-property.html&amp;hideFromParameterOnRegisterURI=true" />
+			<test url="http://www.rightmove.co.uk/ps/css15343/concat/css_fullsite/homepage.css" />
+			<test url="http://www.rightmove.co.uk/ps/images/fullsite/logos/site_logo_strapless.gif" />
+			<test url="http://www.rightmove.co.uk/rmplus/login/login.action" />
+
+
+	<!--	Tracking cookies:
+					-->
+	<securecookie host="^\." name="^__qca$" />
+	<securecookie host="^\w" name="^__utm" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/RightsCon.xml b/src/chrome/content/rules/RightsCon.xml
index 097a442b6535..cd1243960bc5 100644
--- a/src/chrome/content/rules/RightsCon.xml
+++ b/src/chrome/content/rules/RightsCon.xml
@@ -1,13 +1,21 @@
-<ruleset name="RightsCon">
+<!--
+	Mixed content:
+
+		- Web bug from piwik.accessnow.org
+
+	* Secured by us
+
+-->
+<ruleset name="RightsCon.org">
 
 	<target host="rightscon.org" />
 	<target host="www.rightscon.org" />
 
 
-	<securecookie host="^(www\.)?rightscon\.org$" name=".*" />
+	<securecookie host="^(?:www\.)?rightscon\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?rightscon\.org/"
-		to="https://$1rightscon.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Rigzone.xml b/src/chrome/content/rules/Rigzone.xml
index 6e5202d3c2ff..82183d70cc63 100644
--- a/src/chrome/content/rules/Rigzone.xml
+++ b/src/chrome/content/rules/Rigzone.xml
@@ -1,4 +1,14 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://rigzone.com/ => https://rigzone.com/: Too many redirects while fetching 'https://rigzone.com/'
+
+-->
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://rigzone.com/ => https://rigzone.com/: Too many redirects while fetching 'https://rigzone.com/'
+
 	For problematic rules, see Bishop_Interactive-mismatches.xml.
 
 
@@ -19,17 +29,17 @@
 		- www
 
 -->
-<ruleset name="Rigzone (partial)">
+<ruleset name="Rigzone (partial)" default_off="failed ruleset test">
 
 	<target host="rigzone.com" />
 	<target host="*.rigzone.com" />
 		<exclusion pattern="^http://(?:comptracker|noblewin)\." />
 
 
-	<securecookie host="^(?:.+\.)?rigzone\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http://(\w+\.)?rigzone\.com/"
 		to="https://$1rigzone.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Riigi_Teataja.ee.xml b/src/chrome/content/rules/Riigi_Teataja.ee.xml
new file mode 100644
index 000000000000..d1a2c416c0c3
--- /dev/null
+++ b/src/chrome/content/rules/Riigi_Teataja.ee.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- www.riigiteataja.ee
+
+-->
+<ruleset name="Riigi Teataja.ee">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="riigiteataja.ee" />
+	<target host="www.riigiteataja.ee" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.riigiteataja\.ee$" name="^(JSESSIONID_false|X-Mapping-\w+)" /-->
+
+	<securecookie host="^www\.riigiteataja\.ee$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Riksgalden.se.xml b/src/chrome/content/rules/Riksgalden.se.xml
index 26121972f206..3c2884e420c9 100644
--- a/src/chrome/content/rules/Riksgalden.se.xml
+++ b/src/chrome/content/rules/Riksgalden.se.xml
@@ -1,8 +1,26 @@
-<!-- already enforces https. adding to prevent sslstrips on port 80 -->
+<!--
+	Certificate errors:
+
+		- en.riksgalden.se
+		- gateway.riksgalden.se
+		- ndes.riksgalden.se
+		- premier.riksgalden.se
+		- remote.riksgalden.se
+		- riksgaldsspar.riksgalden.se
+		- se.riksgalden.se
+-->
 <ruleset name="Riksgalden.se">
 	<target host="riksgalden.se" />
 	<target host="www.riksgalden.se" />
-	<rule from="^http://riksgalden\.se/" to="https://www.riksgalden.se/"/>
-	<rule from="^http://www\.riksgalden\.se/" to="https://www.riksgalden.se/"/>
-</ruleset>
+	<target host="dialin.riksgalden.se" />
+	<target host="lyncdiscover.riksgalden.se" />
+	<target host="meet.riksgalden.se" />
+	<target host="ndesintune.riksgalden.se" />
+	<target host="rp.riksgalden.se" />
+	<target host="rgapp.riksgalden.se" />
+	<target host="securemail.riksgalden.se" />
+	<target host="sibs.riksgalden.se" />
+	<target host="sip.riksgalden.se" />
 
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/Ring.cx.xml b/src/chrome/content/rules/Ring.cx.xml
new file mode 100644
index 000000000000..f394655da06c
--- /dev/null
+++ b/src/chrome/content/rules/Ring.cx.xml
@@ -0,0 +1,20 @@
+<!--
+	Nonfunctional hosts in *.ring.cx:
+
+	certificate mismatch:
+		- nightly.apt.ring.cx
+		- testroger.ring.cx
+	connection refused:
+		- www.tuleap.ring.cx
+-->
+<ruleset name="Ring.cx">
+	<target host="ring.cx" />
+	<target host="www.ring.cx" />
+	<target host="apt.ring.cx" />
+	<target host="dl.ring.cx" />
+	<target host="docs.ring.cx" />
+	<target host="jenkins.ring.cx" />
+	<target host="tuleap.ring.cx" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/RingCentral.xml b/src/chrome/content/rules/RingCentral.xml
index 8747bf853d57..1a58caba5320 100644
--- a/src/chrome/content/rules/RingCentral.xml
+++ b/src/chrome/content/rules/RingCentral.xml
@@ -1,29 +1,72 @@
 <!--
-	Problematic subdomains:
+	Nonfunctional hosts in *ringcentral.com:
 
-		- marketo	(redirects to app-c.marketo.com, mismatched, CN: *.marketo.com)
+		- marketo
+		- success *
 
+	* Redirects to http
 
-	Partially covered subdomains:
 
-		- marketo	(→ na-c.marketo.com)
-		- (www.)	(some [most?] pages redirect to http)
+	^ringcentral.com: Dropped
+
+
+	Insecure cookies are set for these hosts:
+
+		- service.ringcentral.com
+		- www.ringcentral.com
+
+
+	Mixed content:
+
+		- Bugs on www from ringcentral.112.2o7.net *
+
+	* Secured by us
 
 -->
-<ruleset name="RingCentral">
+<ruleset name="RingCentral.com (partial)">
 
+	<!--	Direct rewrites:
+				-->
+	<target host="service.ringcentral.com" />
+	<target host="www.ringcentral.com" />
+
+	<!--	Complications:
+				-->
 	<target host="ringcentral.com" />
-	<target host="*.ringcentral.com" />
-		<exclusion pattern="^http://(?:www\.)?ringcentral\.com/(?!css/|demo/[\w-]+\.jpg$|images/|ringme/)" />
+	<target host="marketo.ringcentral.com" />
+
+		<exclusion pattern="^http://marketo\.ringcentral\.com/+(?!css/|images/|rs/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://marketo.ringcentral.com/contact-center-wp.html" />
+			<test url="http://marketo.ringcentral.com/healthcare_informatics.html" />
+			<test url="http://marketo.ringcentral.com/multi_site_businesses" />
+			<test url="http://marketo.ringcentral.com/rc_connect_platform.html" />
+
+			<!--	-ve:
+					-->
+			<test url="http://marketo.ringcentral.com/css/mktLPSupport.css" />
+			<test url="http://marketo.ringcentral.com/rs/ringcentral/images/separator-dotdot-hor.png" />
+
+		<test url="http://www.ringcentral.com/whyringcentral/contactus.html" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^service\.ringcentral\.com$" name="^(?:RCBRAND|RCRoutingInfo)$" /-->
+	<!--securecookie host="^www\.ringcentral\.com$" name="^rcakamai$" /-->
 
+	<securecookie host="^(?:service|www)\.ringcentral\.com$" name=".+" />
 
-	<securecookie host="^service\.ringcentral\.com$" name=".+" />
 
+	<rule from="^http://ringcentral\.com/"
+		to="https://www.ringcentral.com/" />
 
-	<rule from="^http://(service\.|www\.)?ringcentral\.com/"
-		to="https://$1ringcentral.com/" />
+	<rule from="^http://marketo\.ringcentral\.com/"
+		to="https://na-c.marketo.com/" />
 
-	<rule from="^https?://marketo\.ringcentral\.com/(cs|image|r)s/"
-		to="https://na-c.marketo.com/$1s/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/RingRevenue.com.xml b/src/chrome/content/rules/RingRevenue.com.xml
new file mode 100644
index 000000000000..3b122e4b8564
--- /dev/null
+++ b/src/chrome/content/rules/RingRevenue.com.xml
@@ -0,0 +1,25 @@
+<!--
+	For other Invoca coverage, see Invoca.com.xml.
+
+
+	Fully covered subdomains:
+
+		- (www.)
+		- js10
+		- json10
+
+-->
+<ruleset name="RingRevenue.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ringrevenue.com" />
+	<target host="js10.ringrevenue.com" />
+	<target host="json10.ringrevenue.com" />
+	<target host="www.ringrevenue.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/RingtoneMatcher.com.xml b/src/chrome/content/rules/RingtoneMatcher.com.xml
index 8aadfeb9b8c8..82658845c002 100644
--- a/src/chrome/content/rules/RingtoneMatcher.com.xml
+++ b/src/chrome/content/rules/RingtoneMatcher.com.xml
@@ -9,7 +9,6 @@
 	<target host="overlay.ringtonematcher.com" />
 
 
-	<rule from="^http://overlay\.ringtonematcher\.com/"
-		to="https://overlay.ringtonematcher.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Riotgames.com.xml b/src/chrome/content/rules/Riotgames.com.xml
new file mode 100644
index 000000000000..6a494b823e83
--- /dev/null
+++ b/src/chrome/content/rules/Riotgames.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="riotgames.com (partial)">
+    <target host="engineering.riotgames.com" />
+
+    <rule from="^http:" to="https:" />
+</ruleset>
+
diff --git a/src/chrome/content/rules/Ripe.net.xml b/src/chrome/content/rules/Ripe.net.xml
index b11aa0398671..f745bb56f1c2 100644
--- a/src/chrome/content/rules/Ripe.net.xml
+++ b/src/chrome/content/rules/Ripe.net.xml
@@ -1,15 +1,36 @@
-<ruleset name="ripe.net" platform="mixedcontent">
+<ruleset name="RIPE.net">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="ripe.net" />
-	<target host="*.ripe.net" />
+	<target host="access.ripe.net" />
+	<target host="atlas.ripe.net" />
 	<target host="apps.db.ripe.net" />
+	<target host="www.db.ripe.net" />
+	<target host="labs.ripe.net" />
+	<target host="lirportal.ripe.net" />
+	<target host="meetings.ripe.net" />
+	<target host="portal.ripe.net" />
+	<target host="ripe62.ripe.net" />
+	<target host="ripe63.ripe.net" />
+	<target host="ripe64.ripe.net" />
+	<target host="ripe65.ripe.net" />
+	<target host="ripe66.ripe.net" />
+	<target host="ripe67.ripe.net" />
+	<target host="ripe68.ripe.net" />
+	<target host="ripe69.ripe.net" />
+	<target host="ripe70.ripe.net" />
+	<target host="ripe71.ripe.net" />
+	<target host="ripe72.ripe.net" />
+	<target host="www.ripe.net" />
+	<target host="www-static.ripe.net" />
 
 
-	<securecookie host="^.*\.ripe\.net$" name=".*" />
+	<securecookie host=".*\.ripe\.net$" name=".+" />
 
 
-	<rule from="^http://((?:access|atlas|(?:apps|www)\.db|labs|(?:lir)?portal|meetings|ripe65|www)\.)?ripe\.net/"
-		to="https://$1ripe.net/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
 
diff --git a/src/chrome/content/rules/Ripoff_Report.xml b/src/chrome/content/rules/Ripoff_Report.xml
index f5ace991531b..0c84d11a24c4 100644
--- a/src/chrome/content/rules/Ripoff_Report.xml
+++ b/src/chrome/content/rules/Ripoff_Report.xml
@@ -1,24 +1,27 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ma.mesaazcorruptionreport.com/ => https://ma.mesaazcorruptionreport.com/: (6, 'Could not resolve host: ma.mesaazcorruptionreport.com')
+Fetch error: http://ripoffreport.com/ => https://www.ripoffreport.com/: Too many redirects while fetching 'https://www.ripoffreport.com/'
+
 	!www: mismatched
 
 -->
-<ruleset name="Ripoff Report">
+<ruleset name="Ripoff Report" default_off="failed ruleset test">
 
 	<target host="ma.mesaazcorruptionreport.com" />
 	<target host="ripoffreport.com" />
-	<target host="*.ripoffreport.com" />
+	<target host="verified.ripoffreport.com" />
+	<target host="www.ripoffreport.com" />
 
 
 	<securecookie host="^www\.ripoffreport\.com$" name=".+" />
 
 
-	<rule from="^http://ma\.mesaazcorruptionreport\.com/"
-		to="https://ma.mesaazcorruptionreport.com/" />
 
-	<rule from="^https?://ripoffreport\.com/"
+	<rule from="^http://ripoffreport\.com/"
 		to="https://www.ripoffreport.com/" />
 
-	<rule from="^http://(verified|www)\.ripoffreport\.com/"
-		to="https://$1.ripoffreport.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Risala.org.xml b/src/chrome/content/rules/Risala.org.xml
new file mode 100644
index 000000000000..6e5b4884dc81
--- /dev/null
+++ b/src/chrome/content/rules/Risala.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="Risala.org">
+	<target host="risala.org" />
+	<target host="www.risala.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Risc_OS_Open.xml b/src/chrome/content/rules/Risc_OS_Open.xml
index 00977af64348..2be6bd54b299 100644
--- a/src/chrome/content/rules/Risc_OS_Open.xml
+++ b/src/chrome/content/rules/Risc_OS_Open.xml
@@ -7,7 +7,6 @@
 	<securecookie host="^(?:www\.)?riscosopen\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?riscosopen\.org/"
-		to="https://$1riscosopen.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Riscon.cz.xml b/src/chrome/content/rules/Riscon.cz.xml
new file mode 100644
index 000000000000..e1d8ad71d18c
--- /dev/null
+++ b/src/chrome/content/rules/Riscon.cz.xml
@@ -0,0 +1,7 @@
+<ruleset name="RISCON s.r.o.">
+    <target host="riscon.cz" />
+    <target host="www.riscon.cz" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Riscure.com.xml b/src/chrome/content/rules/Riscure.com.xml
new file mode 100644
index 000000000000..9fac53ffa2f5
--- /dev/null
+++ b/src/chrome/content/rules/Riscure.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="Riscure.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="riscure.com" />
+	<target host="www.riscure.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/RiseOfTheVegan.com.xml b/src/chrome/content/rules/RiseOfTheVegan.com.xml
new file mode 100644
index 000000000000..04fd8b61e068
--- /dev/null
+++ b/src/chrome/content/rules/RiseOfTheVegan.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="RiseOfTheVegan.com">
+
+	<target host="riseofthevegan.com" />
+	<target host="www.riseofthevegan.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Riseup.xml b/src/chrome/content/rules/Riseup.xml
deleted file mode 100644
index 617509644d32..000000000000
--- a/src/chrome/content/rules/Riseup.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Riseup">
-
-	<target host="riseup.net" />
-	<target host="*.riseup.net" />
-
-
-	<securecookie host="^(?:.*\.)?riseup\.net$" name=".+" />
-
-
-	<rule from="^http://([^/:@\.]+\.)?riseup\.net/"
-		to="https://$1riseup.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Risk.io.xml b/src/chrome/content/rules/Risk.io.xml
deleted file mode 100644
index 32ffbacc7426..000000000000
--- a/src/chrome/content/rules/Risk.io.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- blog	(dropped)
-
-
-	Fully covered subdomains:
-
-		- (www.)
-		- db
-
--->
-<ruleset name="Risk.io (partial)">
-
-	<target host="risk.io" />
-	<target host="*.risk.io" />
-
-
-	<securecookie host=".*\.risk\.io$" name=".+" />
-
-
-	<rule from="^http://(db\.|www\.)?risk\.io/"
-		to="https://$1risk.io/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/RiskIQ.com.xml b/src/chrome/content/rules/RiskIQ.com.xml
new file mode 100644
index 000000000000..2be98686e5ac
--- /dev/null
+++ b/src/chrome/content/rules/RiskIQ.com.xml
@@ -0,0 +1,14 @@
+<ruleset name="RiskIQ.com">
+
+	<target host="riskiq.com" />
+	<target host="www.riskiq.com" />
+
+
+	<securecookie host="^\." name="^_gat?$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ritter.vg.xml b/src/chrome/content/rules/Ritter.vg.xml
new file mode 100644
index 000000000000..cd42c84d93a9
--- /dev/null
+++ b/src/chrome/content/rules/Ritter.vg.xml
@@ -0,0 +1,30 @@
+<!--
+	For related onion service rules, see tomritterbassljd.onion.xml
+
+	Timeout:
+		- cloud1
+		- cloud2
+
+	Refused:
+		- cloud9
+
+	Mismatched:
+		- www (fixed by this ruleset)
+		- ec2
+		- ipv4
+		- ipv6
+		- mail
+		- vconf
+
+	Self-signed:
+		- cloud8
+-->
+<ruleset name="Ritter.vg">
+	<target host="ritter.vg" />
+	<target host="www.ritter.vg" />
+	<target host="bwauth.ritter.vg" />
+	<target host="collector.ritter.vg" />
+
+	<rule from="^http://www\.ritter\.vg/" to="https://ritter.vg/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Rivalseek.com.xml b/src/chrome/content/rules/Rivalseek.com.xml
new file mode 100644
index 000000000000..0e80a78510d6
--- /dev/null
+++ b/src/chrome/content/rules/Rivalseek.com.xml
@@ -0,0 +1,36 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://rivalseek.com/dashboard/ => https://rivalseek.com/dashboard/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.rivalseek.com/dashboard/ => https://www.rivalseek.com/dashboard/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://rivalseek.com/ => https://rivalseek.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.rivalseek.com/ => https://www.rivalseek.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+	Insecure cookies are set for these hosts:
+
+		- rivalseek.com
+		- www.rivalseek.com
+
+-->
+<ruleset name="Rivalseek.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="rivalseek.com" />
+	<target host="www.rivalseek.com" />
+
+		<test url="http://rivalseek.com/dashboard/" />
+		<test url="http://www.rivalseek.com/dashboard/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?rivalseek\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^(?:www\.)?rivalseek\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/River_Island.xml b/src/chrome/content/rules/River_Island.xml
index bb3d51b5f34c..e1170100f43b 100644
--- a/src/chrome/content/rules/River_Island.xml
+++ b/src/chrome/content/rules/River_Island.xml
@@ -39,14 +39,22 @@
 <ruleset name="River Island (partial)">
 
 	<target host="riverisland.com" />
-	<target host="*.riverisland.com" />
+	<target host="au.riverisland.com" />
+	<target host="content1.riverisland.com" />
+	<target host="content1-us.riverisland.com" />
+	<target host="eu.riverisland.com" />
+	<target host="is.riverisland.com" />
+	<target host="my.riverisland.com" />
+	<target host="us.riverisland.com" />
+	<target host="www.riverisland.com" />
 		<exclusion pattern="^http://(?:(?:au|eu|us|www)\.)?riverisland\.(?:com|fr)/(?![aA]ssets/|favicon\.ico|myaccount)" />
 		<!--
 			$ 503s
 				-->
 		<exclusion pattern="^http://is\.riverisland\.com/(?!$|\?)" />
 	<target host="riverisland.fr" />
-	<target host="*.riverisland.fr" />
+	<target host="content1.riverisland.fr" />
+	<target host="www.riverisland.fr" />
 
 
 	<!--	Omniture tracking cookies:
@@ -57,10 +65,7 @@
 	<rule from="^http://riverisland\.(com|fr)/"
 		to="https://www.riverisland.$1/" />
 
-	<rule from="^http://(au|content1|content1-us|eu|is|my|us|www)\.riverisland\.com/"
-		to="https://$1.riverisland.com/" />
 
-	<rule from="^http://(content1|www)\.riverisland\.fr/"
-		to="https://$1.riverisland.fr/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Riverbed.xml b/src/chrome/content/rules/Riverbed.xml
index a84a176466c3..7e7fca746353 100644
--- a/src/chrome/content/rules/Riverbed.xml
+++ b/src/chrome/content/rules/Riverbed.xml
@@ -1,6 +1,8 @@
 <!--
 	CDN buckets:
 
+		- s1155.t.eloqua.com
+
 		- riverbed.vo.llnwd.net
 
 			- .hs. doesn't exist
@@ -21,10 +23,16 @@
 
 	Problematic subdomains:
 
+		- dr-cas ¹
+		- dr-webmail ¹
 		- dev.www	(works; mismatched, CN: *.clickability.com)
 		- forms		(works; mismatched, CN: secure.eloqua.com)
+		- images *
 		- ir		(works, akamai)
 
+	¹ Expired
+	* Mismatched
+
 
 	Partially covered subdomains:
 
@@ -37,9 +45,8 @@
 		- autodiscover
 		- community
 		- developer
-		- dr-cas
-		- dr-webmail
 		- global
+		- images	(→ secure.eloqua.com)
 
 		- splash subdomains:
 
@@ -49,22 +56,96 @@
 			- apps.uat
 
 		- support
+		- supportkb
 		- webmail
 
+
+	These altnames don't exist:
+
+		- www.supportkb.riverbed.com
+
+
+	Insecure cookies are set for these hosts:
+
+		- riverbed.com
+		- forms.riverbed.com
+		- splash.riverbed.com
+		- support.riverbed.com
+		- supportkb.riverbed.com
+
+
+	Mixed content:
+
+		- css on ir from www.riverbed.com *
+
+		- Images, on:
+
+			- go from img.en25.com ²
+			- go from images.riverbed.com ²
+			- ir from media-cms.riverbed.com *
+
+	* Unsecurable <= 400
+	² Secured by us
+
 -->
-<ruleset name="Riverbed (partial)">
+<ruleset name="Riverbed.com (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="riverbed.com" />
-	<target host="*.riverbed.com" />
+	<target host="autodiscover.riverbed.com" />
+	<target host="community.riverbed.com" />
+	<target host="developer.riverbed.com" />
+	<!--target host="dr-cas.riverbed.com" /-->
+	<!--target host="dr-webmail.riverbed.com" /-->
+	<target host="global.riverbed.com" />
+
+	<target host="splash.riverbed.com" />
+	<target host="apps.splash.riverbed.com" />
+	<target host="uat.splash.riverbed.com" />
+	<target host="apps.uat.splash.riverbed.com" />
+
+	<target host="support.riverbed.com" />
+	<target host="supportkb.riverbed.com" />
+	<target host="webmail.riverbed.com" />
+
+	<!--	Complications:
+				-->
+	<target host="images.riverbed.com" />
+	<target host="ir.riverbed.com" />
+
+		<exclusion pattern="^http://ir\.riverbed\.com/(?!client/|media_files/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://ir.riverbed.com/phoenix.zhtml?c=198235&amp;p=irol-newsArticle&amp;ID=2028428" />
+			<test url="http://ir.riverbed.com/phoenix.zhtml?c=198235&amp;p=irol-newsArticle&amp;ID=2028062" />
+			<test url="http://ir.riverbed.com/phoenix.zhtml?c=198235&amp;p=irol-newsArticle&amp;ID=2025208" />
+
+			<!--	-ve:
+					-->
+			<test url="http://ir.riverbed.com/client/19/198235/css/riverbed-full.css" />
+			<test url="http://ir.riverbed.com/media_files/IROL/19/198235/rb/css/img/bg-arrow-gray.gif" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(support\.)?riverbed\.com$" name="^X-Mapping-[a-z]{8}$" /-->
+	<!--securecookie host="^forms\.riverbed\.com$" name="^ELOQUA$" /-->
+	<!--ssecurecookie host="^(splash|supportkb)\.riverbed\.com$" name="^(BIGipServer\w+|JSESSIONID)$" /-->
+	<!--ssecurecookie host="^splash\.riverbed\.com$" name="^jive\.security\.context$" /-->
+	<!--ssecurecookie host="^supportkb\.riverbed\.com$" name="^(scav|scwysiwygparams)$" /-->
 
+	<securecookie host="^(?:(?:autodiscover|community|developer|global|(?:apps(?:\.uat)?\.|uat\.)?splash|support|supportkb|(?:dr-)?webmail)\.)?riverbed\.com$" name=".+" />
 
-	<securecookie host="^(?:(?:autodiscover|community|developer|global|(?:apps(?:\.uat)?\.|uat\.)?splash|support|(?:dr-)?webmail)\.)?riverbed\.com$" name=".+" />
 
+	<rule from="^http://images\.riverbed\.com/"
+		to="https://secure.eloqua.com/" />
 
-	<rule from="^http://((?:autodiscover|community|developer|dr-cas|global|(?:apps(?:\.uat)?\.|uat\.)?splash|support|(?:dr-)?webmail)\.)?riverbed\.com/"
-		to="https://$1riverbed.com/" />
+	<rule from="^http://ir\.riverbed\.com/"
+		to="https://origin-phoenix.corporate-ir.net/" />
 
-	<rule from="^http://ir\.riverbed\.com/(client|WebSideStory)/"
-		to="https://origin-phoenix.corporate-ir.net/$1/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/RiversideMajestic.com.xml b/src/chrome/content/rules/RiversideMajestic.com.xml
new file mode 100644
index 000000000000..38ea23ef7957
--- /dev/null
+++ b/src/chrome/content/rules/RiversideMajestic.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="Riverside Majestic Hotel">
+	<target host=    "riversidemajestic.com" />
+	<target host="www.riversidemajestic.com" />
+
+  	<securecookie host="^(www\.)?riversidemajestic\.com$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Riviera-Tours.xml b/src/chrome/content/rules/Riviera-Tours.xml
index 6c3411556c04..1853ebc07680 100644
--- a/src/chrome/content/rules/Riviera-Tours.xml
+++ b/src/chrome/content/rules/Riviera-Tours.xml
@@ -1,11 +1,20 @@
-<ruleset name="Riviera Tours">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://rivieratours.com/ => https://rivieratours.com/: (51, "SSL: no alternative certificate subject name matches target host name 'rivieratours.com'")
+Fetch error: http://www.rivieratours.com/ => https://www.rivieratours.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.rivieratours.com'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://rivieratours.com/ => https://rivieratours.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.rivieratours.com/ => https://www.rivieratours.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+-->
+<ruleset name="Riviera Tours" default_off="failed ruleset test">
 
 	<target host="rivieratours.com"/>
 	<target host="www.rivieratours.com"/>
 
-	<securecookie host="^(.*\.)?rivieratours\.com$" name=".*"/>
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(www\.)?rivieratours\.com/"
-		to="https://$1rivieratours.com/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Riyadonline.com.xml b/src/chrome/content/rules/Riyadonline.com.xml
index 52f8d2adf9c8..04f79491a13a 100644
--- a/src/chrome/content/rules/Riyadonline.com.xml
+++ b/src/chrome/content/rules/Riyadonline.com.xml
@@ -1,8 +1,14 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://corp.riyadonline.com/ => https://corp.riyadonline.com/: (35, 'error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://corp.riyadonline.com/ => https://corp.riyadonline.com/: Cycle detected - URL already encountered: http://corp.riyadonline.com/
 	Riyad Bank
 
 -->
-<ruleset name="Riyadonline.com">
+<ruleset name="Riyadonline.com" default_off="failed ruleset test">
 
 	<target host="corp.riyadonline.com" />
 
@@ -10,7 +16,6 @@
 	<securecookie host="^corp\.riyadonline\.com$" name=".+" />
 
 
-	<rule from="^http://corp\.riyadonline\.com/"
-		to="https://corp.riyadonline.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Rizon.net.xml b/src/chrome/content/rules/Rizon.net.xml
new file mode 100644
index 000000000000..e3a4043d8d3e
--- /dev/null
+++ b/src/chrome/content/rules/Rizon.net.xml
@@ -0,0 +1,21 @@
+<ruleset name="Rizon.net">
+
+	<target host="rizon.net" />
+	<target host="forum.rizon.net" />
+	<target host="www.rizon.net" />
+
+
+	<!--	Secured by server:
+					-->
+	<!--securecookie host="^\.rizon\.net$" name="^bb_(lastactivity|lastvisit)" /-->
+	<!--
+		Not secured by server:
+					-->
+	<!--securecookie host="^\.rizon\.net$" name="^bb_sessionhash$" /-->
+
+	<securecookie host="^\.rizon\.net$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Rjz.ch.xml b/src/chrome/content/rules/Rjz.ch.xml
new file mode 100644
index 000000000000..f183d050395f
--- /dev/null
+++ b/src/chrome/content/rules/Rjz.ch.xml
@@ -0,0 +1,6 @@
+<ruleset name="Rjz.ch" platform="mixedcontent">
+	<target host="rjz.ch" />
+	<target host="www.rjz.ch" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Rk37.ru.xml b/src/chrome/content/rules/Rk37.ru.xml
new file mode 100644
index 000000000000..616c7e67e76b
--- /dev/null
+++ b/src/chrome/content/rules/Rk37.ru.xml
@@ -0,0 +1,14 @@
+<!--
+	Connection reset:
+		www.rk37.ru
+
+-->
+<ruleset name="Rk37.ru">
+	<target host="rk37.ru" />
+	<target host="www.rk37.ru" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://www\.rk37\.ru/" to="https://rk37.ru/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Rki.de.xml b/src/chrome/content/rules/Rki.de.xml
new file mode 100644
index 000000000000..1d00843c0f69
--- /dev/null
+++ b/src/chrome/content/rules/Rki.de.xml
@@ -0,0 +1,6 @@
+<ruleset name="Rki.de">
+  <target host="rki.de" />
+  <target host="www.rki.de" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Rkn.gov.ru.xml b/src/chrome/content/rules/Rkn.gov.ru.xml
new file mode 100644
index 000000000000..f79df3503edf
--- /dev/null
+++ b/src/chrome/content/rules/Rkn.gov.ru.xml
@@ -0,0 +1,116 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://07.rkn.gov.ru/ => https://07.rkn.gov.ru/: (56, 'SSL read: error:00000000:lib(0):func(0):reason(0), errno 104')
+Fetch error: http://15.rkn.gov.ru/ => https://15.rkn.gov.ru/: (56, 'SSL read: error:00000000:lib(0):func(0):reason(0), errno 104')
+Fetch error: http://71.rkn.gov.ru/ => https://71.rkn.gov.ru/: (35, 'Unknown SSL protocol error in connection to 71.rkn.gov.ru:443 ')
+Fetch error: http://72.rkn.gov.ru/ => https://72.rkn.gov.ru/: (56, 'SSL read: error:00000000:lib(0):func(0):reason(0), errno 104')
+
+www.398-fz.rkn.gov.ru ¹
+97-fz.rkn.gov.ru ³
+www.97-fz.rkn.gov.ru ¹
+arm-97-fz.rkn.gov.ru ³
+blocklist.rkn.gov.ru ³
+eais.rkn.gov.ru ³
+ftp.rkn.gov.ru ³
+mx1.rkn.gov.ru ³
+mx2.rkn.gov.ru ³
+eng.pd.rkn.gov.ru ¹
+rzs.rkn.gov.ru ³
+test.rkn.gov.ru different content
+
+
+¹ mismatch
+³ timed out
+-->
+<ruleset name="rkn.gov.ru" default_off="failed ruleset test">
+	<target host="rkn.gov.ru" />
+	<target host="www.rkn.gov.ru" />
+	<target host="02.rkn.gov.ru" />
+	<target host="03.rkn.gov.ru" />
+	<target host="04.rkn.gov.ru" />
+	<target host="05.rkn.gov.ru" />
+	<target host="06.rkn.gov.ru" />
+	<target host="07.rkn.gov.ru" />
+	<target host="08.rkn.gov.ru" />
+	<target host="09.rkn.gov.ru" />
+	<target host="10.rkn.gov.ru" />
+	<target host="11.rkn.gov.ru" />
+	<target host="12.rkn.gov.ru" />
+	<target host="13.rkn.gov.ru" />
+	<target host="14.rkn.gov.ru" />
+	<target host="15.rkn.gov.ru" />
+	<target host="16.rkn.gov.ru" />
+	<target host="18.rkn.gov.ru" />
+	<target host="20.rkn.gov.ru" />
+	<target host="21.rkn.gov.ru" />
+	<target host="22.rkn.gov.ru" />
+	<target host="23.rkn.gov.ru" />
+	<target host="24.rkn.gov.ru" />
+	<target host="25.rkn.gov.ru" />
+	<target host="26.rkn.gov.ru" />
+	<target host="27.rkn.gov.ru" />
+	<target host="28.rkn.gov.ru" />
+	<target host="29.rkn.gov.ru" />
+	<target host="30.rkn.gov.ru" />
+	<target host="31.rkn.gov.ru" />
+	<target host="32.rkn.gov.ru" />
+	<target host="33.rkn.gov.ru" />
+	<target host="34.rkn.gov.ru" />
+	<target host="35.rkn.gov.ru" />
+	<target host="36.rkn.gov.ru" />
+	<target host="37.rkn.gov.ru" />
+	<target host="38.rkn.gov.ru" />
+	<target host="39.rkn.gov.ru" />
+	<target host="398-fz.rkn.gov.ru" />
+	<target host="40.rkn.gov.ru" />
+	<target host="41.rkn.gov.ru" />
+	<target host="42.rkn.gov.ru" />
+	<target host="43.rkn.gov.ru" />
+	<target host="44.rkn.gov.ru" />
+	<target host="45.rkn.gov.ru" />
+	<target host="46.rkn.gov.ru" />
+	<target host="48.rkn.gov.ru" />
+	<target host="49.rkn.gov.ru" />
+	<target host="51.rkn.gov.ru" />
+	<target host="52.rkn.gov.ru" />
+	<target host="53.rkn.gov.ru" />
+	<target host="54.rkn.gov.ru" />
+	<target host="55.rkn.gov.ru" />
+	<target host="56.rkn.gov.ru" />
+	<target host="57.rkn.gov.ru" />
+	<target host="58.rkn.gov.ru" />
+	<target host="59.rkn.gov.ru" />
+	<target host="60.rkn.gov.ru" />
+	<target host="61.rkn.gov.ru" />
+	<target host="62.rkn.gov.ru" />
+	<target host="63.rkn.gov.ru" />
+	<target host="64.rkn.gov.ru" />
+	<target host="66.rkn.gov.ru" />
+	<target host="67.rkn.gov.ru" />
+	<target host="68.rkn.gov.ru" />
+	<target host="69.rkn.gov.ru" />
+	<target host="70.rkn.gov.ru" />
+	<target host="71.rkn.gov.ru" />
+	<target host="72.rkn.gov.ru" />
+	<target host="73.rkn.gov.ru" />
+	<target host="74.rkn.gov.ru" />
+	<target host="75.rkn.gov.ru" />
+	<target host="76.rkn.gov.ru" />
+	<target host="77.rkn.gov.ru" />
+	<target host="78.rkn.gov.ru" />
+	<target host="82.rkn.gov.ru" />
+	<target host="admin.rkn.gov.ru" />
+	<target host="docs.rkn.gov.ru" />
+	<target host="eng.rkn.gov.ru" />
+	<target host="esia.rkn.gov.ru" />
+	<target host="mail.rkn.gov.ru" />
+	<target host="nap.rkn.gov.ru" />
+	<target host="pd.rkn.gov.ru" />
+	<target host="reestr-svyaz.rkn.gov.ru" />
+	<target host="reestrnp.rkn.gov.ru" />
+	<target host="vigruzki.rkn.gov.ru" />
+	<target host="wac.rkn.gov.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Rl0.ru.xml b/src/chrome/content/rules/Rl0.ru.xml
new file mode 100644
index 000000000000..6fd87bc3e73b
--- /dev/null
+++ b/src/chrome/content/rules/Rl0.ru.xml
@@ -0,0 +1,61 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://rimg01.rl0.ru/ => https://rimg01.rl0.ru/: (51, "SSL: no alternative certificate subject name matches target host name 'rimg01.rl0.ru'")
+Fetch error: http://rimg02.rl0.ru/ => https://rimg02.rl0.ru/: (51, "SSL: no alternative certificate subject name matches target host name 'rimg02.rl0.ru'")
+Fetch error: http://rimg03.rl0.ru/ => https://rimg03.rl0.ru/: (51, "SSL: no alternative certificate subject name matches target host name 'rimg03.rl0.ru'")
+Fetch error: http://rimg04.rl0.ru/ => https://rimg04.rl0.ru/: (51, "SSL: no alternative certificate subject name matches target host name 'rimg04.rl0.ru'")
+Fetch error: http://rimg05.rl0.ru/ => https://rimg05.rl0.ru/: (51, "SSL: no alternative certificate subject name matches target host name 'rimg05.rl0.ru'")
+Fetch error: http://rimg06.rl0.ru/ => https://rimg06.rl0.ru/: (51, "SSL: no alternative certificate subject name matches target host name 'rimg06.rl0.ru'")
+Fetch error: http://rimg07.rl0.ru/ => https://rimg07.rl0.ru/: (51, "SSL: no alternative certificate subject name matches target host name 'rimg07.rl0.ru'")
+Fetch error: http://rimg08.rl0.ru/ => https://rimg08.rl0.ru/: (51, "SSL: no alternative certificate subject name matches target host name 'rimg08.rl0.ru'")
+Fetch error: http://rimg09.rl0.ru/ => https://rimg09.rl0.ru/: (51, "SSL: no alternative certificate subject name matches target host name 'rimg09.rl0.ru'")
+
+	For other Rambler coverage, see Rambler.xml.
+
+
+	Nonfunctional hosts in *rl0.ru:
+
+		- (www.) ¹
+		- css ¹
+		- brain.h0[1-4] *
+		- h03 ²
+		- i ¹
+		- s[12].kassa ²
+		- news *
+
+	¹ 403; mismatched, CN: *.rambler.ru
+	* Shows another domain
+	² 404
+	² 504
+
+-->
+<ruleset name="Rl0.ru (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="img.rl0.ru" />
+	<target host="img01.rl0.ru" />
+	<target host="img02.rl0.ru" />
+	<target host="img03.rl0.ru" />
+	<target host="img04.rl0.ru" />
+	<target host="img05.rl0.ru" />
+	<target host="img06.rl0.ru" />
+	<target host="img07.rl0.ru" />
+	<target host="img08.rl0.ru" />
+	<target host="img09.rl0.ru" />
+	<target host="rimg01.rl0.ru" />
+	<target host="rimg02.rl0.ru" />
+	<target host="rimg03.rl0.ru" />
+	<target host="rimg04.rl0.ru" />
+	<target host="rimg05.rl0.ru" />
+	<target host="rimg06.rl0.ru" />
+	<target host="rimg07.rl0.ru" />
+	<target host="rimg08.rl0.ru" />
+	<target host="rimg09.rl0.ru" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/RoadRunner.xml b/src/chrome/content/rules/RoadRunner.xml
deleted file mode 100644
index 9803e0a67200..000000000000
--- a/src/chrome/content/rules/RoadRunner.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="RoadRunner" platform="mixedcontent">
-  <target host="rr.com" />
-  <target host="www.rr.com" />
-  <target host="hercules.rr.com" />
-
-  <rule from="^http://(?:www\.)?rr\.com/" to="https://www.rr.com/"/>
-  <rule from="^http://hercules\.rr\.com/" to="https://hercules.rr.com/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/Roadtrippers.xml b/src/chrome/content/rules/Roadtrippers.xml
index 2543bf374653..f62b879a3c24 100644
--- a/src/chrome/content/rules/Roadtrippers.xml
+++ b/src/chrome/content/rules/Roadtrippers.xml
@@ -1,13 +1,45 @@
-<ruleset name="Roadtrippers">
+<!--
+	For rules covering resources which do not secure
+	mixed content, see roadtrippers.com-resources.xml.
+
+
+	Nonfunctional hosts in *roadtrippers.com:
+
+		- log ᵈ
+
+	ᵈ Dropped
+
+-->
+<ruleset name="Roadtrippers.com (partial)">
 
 	<target host="roadtrippers.com" />
+	<!--target host="assets0.roadtrippers.com" /-->
+	<!--target host="assets1.roadtrippers.com" /-->
+	<!--target host="assets2.roadtrippers.com" /-->
+	<!--target host="assets3.roadtrippers.com" /-->
+	<!--target host="sa0.roadtrippers.com" /-->
+	<!--target host="sa1.roadtrippers.com" /-->
+	<!--target host="sa2.roadtrippers.com" /-->
+	<!--target host="sa3.roadtrippers.com" /-->
+	<target host="support.roadtrippers.com" />
 	<target host="www.roadtrippers.com" />
 
+		<!--
+		<test url="http://assets0.roadtrippers.com/uploads/user/image/2396013/-strip_-quality_60_-interlace_Plane_-resize_50x50_U__-gravity_center_-extent_50x50/user-image-68c8e27e-d070-4046-8a43-b141dbceb48c.jpg" />
+		<test url="http://assets1.roadtrippers.com/uploads/user/image/31354/-strip_-quality_60_-interlace_Plane_-resize_24x24_U__-gravity_center_-extent_24x24/roadtrippers-user-bea790a3-b3af-4edb-99c0-7e4cfdd7992e.png" />
+		<test url="http://assets2.roadtrippers.com/uploads/user/image/2345997/-strip_-quality_60_-interlace_Plane_-resize_24x24_U__-gravity_center_-extent_24x24/user-image-fc0db262-03e1-4b8b-8146-0e6a7135914a.jpg" />
+		<test url="http://assets3.roadtrippers.com/uploads/user/image/31354/-strip_-quality_60_-interlace_Plane_-resize_24x24_U__-gravity_center_-extent_24x24/roadtrippers-user-bea790a3-b3af-4edb-99c0-7e4cfdd7992e.png" />
+		<test url="http://sa0.roadtrippers.com/assets/pinterest-default-37b9d24d2e3dfb06e9d52e22c880d3a6.jpg" />
+		<test url="http://sa1.roadtrippers.com/assets/viator/logo_med-c1f01a2ed433c2967062d88b56f78644.png" />
+		<test url="http://sa2.roadtrippers.com/assets/ultimate_roadtrip/ultimate-roadtrip-cta-485a5f83677bcec82bfcb046d23a0114.jpg" />
+		<test url="http://sa3.roadtrippers.com/assets/app_store-baf6ffb0471cb4bdd6b1201e26baeae4.png" />
+		-->
+
 
-	<securecookie host="^(?:www\.)?roadtrippers\.com$" name=".+" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^http://(www\.)?roadtrippers\.com/"
-		to="https://$1roadtrippers.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Roam_Mobility.xml b/src/chrome/content/rules/Roam_Mobility.xml
index 96ca63947a46..9c7479fad6e0 100644
--- a/src/chrome/content/rules/Roam_Mobility.xml
+++ b/src/chrome/content/rules/Roam_Mobility.xml
@@ -1,13 +1,12 @@
 <ruleset name="Roam Mobility">
 
 	<target host="roammobility.com" />
-	<target host="*.roammobility.com" />
+	<target host="www.roammobility.com" />
 
 
 	<securecookie host="^\.www\.roammobility\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?roammobility\.com/"
-		to="https://$1roammobility.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Roaring_Penguin.com.xml b/src/chrome/content/rules/Roaring_Penguin.com.xml
new file mode 100644
index 000000000000..6c31b2c0fcda
--- /dev/null
+++ b/src/chrome/content/rules/Roaring_Penguin.com.xml
@@ -0,0 +1,28 @@
+<!--
+	Insecure cookies are set for these domains and hosts:
+
+		- roaringpenguin.com
+		- .roaringpenguin.com
+		- www.roaringpenguin.com
+
+-->
+<ruleset name="Roaring Penguin.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="roaringpenguin.com" />
+	<target host="www.roaringpenguin.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?roaringpenguin\.com$" name="^RPeng$" /-->
+	<!--securecookie host="^\.roaringpenguin\.com$" name="^SESS[\da-f]$" /-->
+
+	<securecookie host="^(?:\.|www\.)?roaringpenguin\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Rob.lgbt.xml b/src/chrome/content/rules/Rob.lgbt.xml
new file mode 100644
index 000000000000..e7f9eaf4ce1b
--- /dev/null
+++ b/src/chrome/content/rules/Rob.lgbt.xml
@@ -0,0 +1,8 @@
+<ruleset name="Rob.lgbt">
+	<target host="rob.lgbt" />
+	<target host="www.rob.lgbt" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/RobTex.xml b/src/chrome/content/rules/RobTex.xml
deleted file mode 100644
index 775495cf2e7a..000000000000
--- a/src/chrome/content/rules/RobTex.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="RobTex">
-    <target host="robtex.com" />
-    <target host="*.robtex.com" />
-
-    <rule from="^https?://robtex\.com/"
-        to="https://www.robtex.com/" />
-    <rule from="^http://([^/:@]+)?\.robtex\.com/"
-        to="https://$1.robtex.com/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Robeco.xml b/src/chrome/content/rules/Robeco.xml
index be6cd16ea934..f957c783e3da 100644
--- a/src/chrome/content/rules/Robeco.xml
+++ b/src/chrome/content/rules/Robeco.xml
@@ -4,5 +4,5 @@
   <target host="www.robeco.nl" />
   <target host="robeco.nl" />
 
-  <rule from="^http://(?:www\.)?robeco\.nl/" to="https://www.robeco.nl/"/>
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Robert.ca.xml b/src/chrome/content/rules/Robert.ca.xml
new file mode 100644
index 000000000000..ab1287b28477
--- /dev/null
+++ b/src/chrome/content/rules/Robert.ca.xml
@@ -0,0 +1,68 @@
+<!--
+	Mismatched:
+		- 70
+		- candidature
+		- web
+
+	Connection reset:
+		- av
+		- sapdev
+		- srv-qsap-gwpa
+		- srv-qsap-wdsp
+		- srv-sap-wdsp
+		- webcon
+
+	Timeout:
+		- cd
+		- cd-test
+		- lyncweb
+		- mail
+		- mail2
+		- mobilecast
+		- service
+		- srv-webservices01
+
+    Incomplete certificate chain:
+        - activesync
+        - auth
+        - autodiscover
+        - destination
+        - extranet
+        - extranetdev
+        - extranettest
+        - helpdesk
+        - legacy
+        - pnagent
+        - portal
+        - portal2
+        - portal65
+        - sinope
+        - storefront
+        - um
+        - webdriver
+        - webmail
+
+    Unsupported TLS version:
+        - jupiter
+        - manic
+        - services
+        - support
+        - tpm
+-->
+<ruleset name="Robert.ca">
+	<target host="robert.ca" />
+	<target host="www.robert.ca" />
+	<target host="access.robert.ca" />
+	<target host="callisto.robert.ca" />
+	<target host="dialin.robert.ca" />
+	<target host="duo.robert.ca" />
+	<target host="jocaste.robert.ca" />
+	<target host="lyncdiscover.robert.ca" />
+	<target host="meet.robert.ca" />
+	<target host="performance.robert.ca" />
+	<target host="sip.robert.ca" />
+	<target host="vpn.robert.ca" />
+	<target host="vpnprelogon.robert.ca" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/RobertJPrince.net.xml b/src/chrome/content/rules/RobertJPrince.net.xml
new file mode 100644
index 000000000000..73fbe2eb9a4d
--- /dev/null
+++ b/src/chrome/content/rules/RobertJPrince.net.xml
@@ -0,0 +1,8 @@
+<ruleset name="RobertJPrince.net">
+	<target host="robertjprince.net" />
+	<target host="www.robertjprince.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Roberts_Space_Industries.com.xml b/src/chrome/content/rules/Roberts_Space_Industries.com.xml
index 7d11625f29c2..088d1d401f03 100644
--- a/src/chrome/content/rules/Roberts_Space_Industries.com.xml
+++ b/src/chrome/content/rules/Roberts_Space_Industries.com.xml
@@ -1,20 +1,28 @@
+
 <!--
-	Fully covered subdomains:
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://forums.robertsspaceindustries.com/ (200) => https://forums.robertsspaceindustries.com/ (500)
+
+	Insecure cookies are set for these domains:
 
-		- (www.)
-		- forums
+		- .robertsspaceindustries.com
 
 -->
-<ruleset name="Roberts Space Industries.com">
+<ruleset name="Roberts Space Industries.com" default_off="failed ruleset test">
 
 	<target host="robertsspaceindustries.com" />
-	<target host="*.robertsspaceindustries.com" />
+	<target host="forums.robertsspaceindustries.com" />
+	<target host="www.robertsspaceindustries.com" />
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.robertsspaceindustries\.com$" name="^(?:Rsi-Token|rsi-vanilla|rsi-vanilla-Volatile)$" /-->
 
-	<securecookie host="^\.robertsspaceindustries\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(forums\.|www\.)?robertsspaceindustries\.com/"
-		to="https://$1robertsspaceindustries.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Robin_Rabard.xml b/src/chrome/content/rules/Robin_Rabard.xml
deleted file mode 100644
index d738db68f03c..000000000000
--- a/src/chrome/content/rules/Robin_Rabard.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	CN: *.justhost.com
-
--->
-<ruleset name="Robin Rabard (partial)">
-
-	<target host="robinbarnard.com" />
-	<target host="www.robinbarnard.com" />
-
-
-	<rule from="^http://(?:www\.)?robinbarnard\.com/(cms_style\.css|(?:\w+_)?images/)"
-		to="https://secure.justhost.com/~robinba2/$1" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Roblox.xml b/src/chrome/content/rules/Roblox.xml
new file mode 100644
index 000000000000..7df5e501e939
--- /dev/null
+++ b/src/chrome/content/rules/Roblox.xml
@@ -0,0 +1,134 @@
+<!--
+	Those subdomains do not support encryption:
+		- de.roblox.com
+		- es.roblox.com
+		- fr.roblox.com
+		- mail.roblox.com
+		- pt.roblox.com
+		- shop.roblox.com
+		- uk.roblox.com
+
+	Those subdomains have a certificate only valid for other domain names:
+		- careers.roblox.com
+		- community.roblox.com
+		- help.roblox.com
+		- js.roblox.com
+		- job.roblox.com
+		- polls.roblox.com
+		- setup.roblox.com
+		- social.roblox.com
+
+	These subdomains support encryption, but do not pass tests:
+		- web
+		- data
+		- ecsv2
+		- misc
+
+	IP address is from private address space:
+		algorithmgamesearch.api.roblox.com
+		billing.api.roblox.com
+		disscussions.api.roblox.com
+		files.api.roblox.com
+		groups.api.roblox.com
+		marketplace.api.roblox.com
+		search.api.roblox.com
+		sms.api.roblox.com
+		systemevents.api.roblox.com
+		user.api.roblox.com
+		voice.api.roblox.com
+
+	content.roblox.com supports encryption with a valid certificate, but
+	returns invalid responses with and without encryption.
+-->
+<ruleset name="Roblox">
+	<target host="roblox.com" />
+	<target host="www.roblox.com" />
+	<target host="abuse.roblox.com" />
+	<target host="accountsettings.roblox.com" />
+	<target host="affiliates.roblox.com" />
+	<target host="api.roblox.com" />
+	<target host="clientsettings.api.roblox.com" />
+	<target host="ephemeralcounters.api.roblox.com" />
+	<target host="games.api.roblox.com" />
+	<target host="versioncompatibility.api.roblox.com" />
+	<target host="assetgame.roblox.com" />
+	<target host="auth.roblox.com" />
+	<target host="avatar.roblox.com" />
+	<target host="billing.roblox.com" />
+	<target host="blog.roblox.com" />
+	<target host="bloxcon.roblox.com" />
+	<target host="chat.roblox.com" />
+	<target host="confluence.roblox.com" />
+	<target host="corp.roblox.com" />
+	<target host="data.roblox.com" />
+	<target host="develop.roblox.com" />
+	<target host="developer.roblox.com" />
+	<target host="devforum.roblox.com" />
+	<target host="ecsv2.roblox.com" />
+	<target host="en.help.roblox.com" />
+	<target host="friends.roblox.com" />
+	<target host="forum.roblox.com" />
+	<target host="gamepersistence.roblox.com" />
+	<target host="games.roblox.com" />
+	<target host="groups.roblox.com" />
+	<target host="inventory.roblox.com" />
+	<target host="jira.roblox.com" />
+	<target host="jobs.roblox.com" />
+	<target host="m.roblox.com" />
+	<target host="misc.roblox.com" />
+	<target host="news.roblox.com" />
+	<target host="nl.roblox.com" />
+	<target host="notifications.roblox.com" />
+	<target host="points.roblox.com" />
+	<target host="publish.roblox.com" />
+	<target host="realtime.roblox.com" />
+	<target host="sales.roblox.com" />
+	<target host="search.roblox.com" />
+	<target host="static.roblox.com" />
+	<target host="web.roblox.com" />
+	<target host="wiki.roblox.com" />
+
+	<target host="*.rbxcdn.com" />
+	<target host="*.robloxlabs.com" />
+
+	<test url="http://roblox.com/Catalog/" />
+	<test url="http://www.roblox.com/Catalog/" />
+	<test url="http://api.roblox.com/docs" />
+	<test url="http://assetgame.roblox.com/Asset/" />
+	<test url="http://confluence.roblox.com/login.action" />
+	<test url="http://forum.roblox.com/forum/" />
+	<test url="http://jira.roblox.com/secure/Dashboard.jspa" />
+	<test url="http://m.roblox.com/login" />
+	<test url="http://nl.roblox.com/Catalog" />
+
+	<test url="http://t0.rbxcdn.com/" />
+	<test url="http://t1.rbxcdn.com/" />
+	<test url="http://t2.rbxcdn.com/" />
+	<test url="http://t3.rbxcdn.com/" />
+	<test url="http://t4.rbxcdn.com/" />
+	<test url="http://t5.rbxcdn.com/" />
+	<test url="http://t6.rbxcdn.com/" />
+	<test url="http://t7.rbxcdn.com/" />
+	<test url="http://c0.rbxcdn.com/" />
+	<test url="http://c1.rbxcdn.com/" />
+	<test url="http://c2.rbxcdn.com/" />
+	<test url="http://c3.rbxcdn.com/" />
+	<test url="http://c4.rbxcdn.com/" />
+	<test url="http://c5.rbxcdn.com/" />
+	<test url="http://c6.rbxcdn.com/" />
+	<test url="http://c7.rbxcdn.com/" />
+	<test url="http://js.rbxcdn.com/" />
+	<test url="http://images.rbxcdn.com/" />
+	<test url="http://static.rbxcdn.com/" />
+
+	<test url="http://www.gametest1.robloxlabs.com/" />
+	<test url="http://www.gametest2.robloxlabs.com/" />
+	<test url="http://www.gametest3.robloxlabs.com/" />
+	<test url="http://www.gametest4.robloxlabs.com/" />
+	<test url="http://www.gametest5.robloxlabs.com/" />
+	<test url="http://www.sitetest1.robloxlabs.com/" />
+	<test url="http://www.sitetest2.robloxlabs.com/" />
+	<test url="http://www.sitetest3.robloxlabs.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/RoboForm.com.xml b/src/chrome/content/rules/RoboForm.com.xml
index 70bec05fa383..9b1d59ee41af 100644
--- a/src/chrome/content/rules/RoboForm.com.xml
+++ b/src/chrome/content/rules/RoboForm.com.xml
@@ -1,32 +1,29 @@
 <!--
-	Problematic subdomains:
-
-		- (www.)	(400; mismatched, CN: secure.roboform.com)
-
-
-	Partially covered subdomains:
-
-		- (www.)	(→ secure, pages redirect back)
-
-
-	Fully covered subdomains:
-
-		- secure
+	Invalid certificate:
+		activate.roboform.com
+		blog.roboform.com
+		buy.roboform.com
+		enterprise.roboform.com
+		support.roboform.com
+		upgrade.roboform.com
 
 -->
-<ruleset name="RoboForm.com (partial)">
+<ruleset name="RoboForm.com">
 
+	<target host="roboform.com" />
+	<target host="www.roboform.com" />
+	<target host="blog.roboform.com" />
+	<target host="help.roboform.com" />
+	<target host="online.roboform.com" />
 	<target host="secure.roboform.com" />
-		<!--
-			Securing object code is a Very Good Idea™
-									-->
-		<exclusion pattern="^http://(?:www\.)?roboform\.com/(?!dist/)" />
-
+	<target host="start.roboform.com" />
 
 	<securecookie host="^secure\.roboform\.com$" name=".+" />
 
+	<rule from="^http://blog\.roboform\.com/"
+		to="https://www.roboform.com/blog/" />
 
-	<rule from="^http://(?:secure\.|www\.)?roboform\.com/"
-		to="https://secure.roboform.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/RoboHash.xml b/src/chrome/content/rules/RoboHash.xml
deleted file mode 100644
index acb5a8097a6c..000000000000
--- a/src/chrome/content/rules/RoboHash.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<ruleset name="RoboHash">
-
-	<target host="robohash.org"/>
-	<target host="*.robohash.org"/>
-
-	<!--	Observed subdomains:
-
-			- static1
-			- www
-					-->
-	<rule from="^http://(\w+\.)?robohash\.org/"
-		to="https://$1robohash.org/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Robokassa.ru.xml b/src/chrome/content/rules/Robokassa.ru.xml
new file mode 100644
index 000000000000..47fec86ca701
--- /dev/null
+++ b/src/chrome/content/rules/Robokassa.ru.xml
@@ -0,0 +1,41 @@
+<!--
+	^robokassa.ru: Mismatched
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .robokassa.ru
+		- auth.robokassa.ru
+		- www.robokassa.ru
+
+-->
+<ruleset name="Robokassa.ru">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="auth.robokassa.ru" />
+	<target host="my.robokassa.ru" />
+	<target host="partner.robokassa.ru" />
+	<target host="www.robokassa.ru" />
+
+	<!--	Complications:
+				-->
+	<target host="robokassa.ru" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.robokassa\.ru$" name="^RoboxCulture$" /-->
+	<!--securecookie host="^auth\.robokassa\.ru$" name="^AspxAutoDetectCookieSupport$" /-->
+	<!--securecookie host="^www\.robokassa\.ru$" name="^(?:ASP\.NET_SessionId|RoboxCulture)$" /-->
+
+	<securecookie host=".*\.robokassa\.ru$" name=".+" />
+
+
+	<rule from="^http://robokassa\.ru/"
+		to="https://www.robokassa.ru/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/RobotShop.xml b/src/chrome/content/rules/RobotShop.xml
index 8c13b15aa7a4..e0e0a6815542 100644
--- a/src/chrome/content/rules/RobotShop.xml
+++ b/src/chrome/content/rules/RobotShop.xml
@@ -1,14 +1,14 @@
-<ruleset name="RobotShop (partial)">
+<ruleset name="RobotShop (partial)" platform="mixedcontent">
 
 	<target host="robotshop.com" />
-	<target host="*.robotshop.com" />
+	<target host="secure.robotshop.com" />
+	<target host="www.robotshop.com" />
 
 
-	<securecookie host="^(.*\.)?robotshop\.com$" name=".*" />
+	<securecookie host=".+" name=".+" />
 
 
-	<!--	Cert is only valid for secure.	-->
-	<rule from="^https?://(secure\.|www\.)?robotshop\.com/"
-		to="https://secure.robotshop.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Roc-noc.com.xml b/src/chrome/content/rules/Roc-noc.com.xml
new file mode 100644
index 000000000000..da2a5b661990
--- /dev/null
+++ b/src/chrome/content/rules/Roc-noc.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .www.roc-noc.com
+
+-->
+<ruleset name="roc-noc.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="roc-noc.com" />
+	<target host="www.roc-noc.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.www\.roc-noc\.com$" name="^(?:RefererCookie|store_language|xid)$" /-->
+
+	<securecookie host="^\.www\.roc-noc\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Roccat.org.xml b/src/chrome/content/rules/Roccat.org.xml
index e95acc59670f..4f6693efb129 100644
--- a/src/chrome/content/rules/Roccat.org.xml
+++ b/src/chrome/content/rules/Roccat.org.xml
@@ -1,4 +1,12 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://roccat.org/ => https://roccat.org/: Too many redirects while fetching 'https://roccat.org/'
+Fetch error: http://www.roccat.org/ => https://www.roccat.org/: Too many redirects while fetching 'https://www.roccat.org/'
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://roccat.org/ => https://roccat.org/: Redirect for 'https://www.roccat.org/' missing Location
+Fetch error: http://www.roccat.org/ => https://www.roccat.org/: Redirect for 'https://www.roccat.org/' missing Location
 	Mixed content:
 
 		- css on www from www *
@@ -8,7 +16,7 @@
 	mixedcontent due to css on www from www.
 
 -->
-<ruleset name="Roccat.org (false MCB)" platform="mixedcontent">
+<ruleset name="Roccat.org (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
   <target host="roccat.org" />
   <target host="www.roccat.org" />
 
@@ -16,5 +24,5 @@
 	<securecookie host="^www\.roccat\.org$" name=".+" />
 
 
-  <rule from="^http://(www\.)?roccat\.org/" to="https://$1roccat.org/" />
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Rochester.xml b/src/chrome/content/rules/Rochester.xml
index 875a78bf62f1..c00021b2ae13 100644
--- a/src/chrome/content/rules/Rochester.xml
+++ b/src/chrome/content/rules/Rochester.xml
@@ -4,7 +4,6 @@
 	<target host="www.rochester.edu" />
 
 
-	<rule from="^http://(www\.)?rochester\.edu/"
-		to="https://$1rochester.edu/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Rochesterhomepage.net.xml b/src/chrome/content/rules/Rochesterhomepage.net.xml
deleted file mode 100644
index b1c3a186d77b..000000000000
--- a/src/chrome/content/rules/Rochesterhomepage.net.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	Problematic domains:
-
-		- rochesterhomepage.biz		(mismatched, CN: www.arkansasmatters.biz)
-		- www.rochesterhomepage.net	(mismatched, CN: nexstardigital.com)
-
-
-	Some pages redirect to http
-
--->
-<ruleset name="rochesterhomepage.net (partial)">
-
-	<target host="rochesterhomepage.*" />
-	<target host="www.rochesterhomepage.*" />
-
-
-	<rule from="^http://(?:www\.)?rochesterhomepage\.biz/(area|banner\.amp|biz/|classifieds(?:$|\?|/)|css/|favicon\.ico|homepage/layout_image\.php|images?/|site\.css|tributes/)"
-		to="https://www.rochesterhomepage.biz/$1" />
-
-	<rule from="^http://(?:www\.)?rochesterhomepage\.net/(component|image|include|librarie|module|plugin|template)s/"
-		to="https://rochesterhomepage.net/$1s/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Rochford.gov.uk.xml b/src/chrome/content/rules/Rochford.gov.uk.xml
new file mode 100644
index 000000000000..7177fcd8719e
--- /dev/null
+++ b/src/chrome/content/rules/Rochford.gov.uk.xml
@@ -0,0 +1,74 @@
+<!--
+	Rochford District Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	CDN buckets:
+
+		- fs-drupal-rochford.s3.amazonaws.com
+
+
+	Nonfunctional hosts in *rochford.gov.uk:
+
+		- maps ʳ
+		- snap ʳ
+
+	ʳ Refused
+
+
+	Problematic hosts in *rochford.gov.uk:
+
+		- secure ˣ
+		- www ᵐ
+
+	ᵐ Mismatched
+	ˣ Mixed css
+
+
+	^rochford.gov.uk: Dropped over http & https
+
+
+	Insecure cookies are set for these hosts:
+
+		- secure.rochford.gov.uk
+
+
+	Mixed content:
+
+		- css, on:
+
+			- secure from yui.yahooapis.com ˢ
+			- secure from www.rochford.gov.uk ᵐ
+			- secure from fs-drupal-rochford.s3.amazonaws.com
+			- www from $self ᵐ
+
+		- Images, on:
+
+			- www from fs-drupal-rochford.s3.amazonaws.com
+			- www from $self ᵐ
+
+	ᵐ Mismatched
+	ˢ Secured by us
+
+-->
+<ruleset name="Rochford.gov.uk (partial)" platform="mixedcontent">
+
+	<target host="secure.rochford.gov.uk" />
+
+		<!--	Mixed css:
+					-->
+		<!--test url="http://secure.rochford.gov.uk/parking/" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^secure\.rochford\.gov\.uk$" name="^ASPSESSIONID[A-Z]{8}$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Rock_Creek_Outfitters.xml b/src/chrome/content/rules/Rock_Creek_Outfitters.xml
index 278c6f5bf584..5c4cbd8e1ac5 100644
--- a/src/chrome/content/rules/Rock_Creek_Outfitters.xml
+++ b/src/chrome/content/rules/Rock_Creek_Outfitters.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(www\.)?rockcreek\.com/(css/|favicon\.ico|img/|login\.rco|outdoor/images/)"
 		to="https://$1rockcreek.com/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Rock_Paper_Photo.com.xml b/src/chrome/content/rules/Rock_Paper_Photo.com.xml
new file mode 100644
index 000000000000..bd1cdcca33a6
--- /dev/null
+++ b/src/chrome/content/rules/Rock_Paper_Photo.com.xml
@@ -0,0 +1,22 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://rockpaperphoto.com/ => https://rockpaperphoto.com/: (7, 'Failed to connect to rockpaperphoto.com port 443: Connection refused')
+
+-->
+<ruleset name="Rock Paper Photo.com" default_off="failed ruleset test">
+
+	<target host="rockpaperphoto.com" />
+	<target host="www.rockpaperphoto.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.www\.rockpaperphoto\.com$" name="^(epc-initiated|frontend)$" /-->
+
+	<securecookie host="^\.www\.rockpaperphoto\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Rock_Paper_Shotgun.com.xml b/src/chrome/content/rules/Rock_Paper_Shotgun.com.xml
new file mode 100644
index 000000000000..84be15266f49
--- /dev/null
+++ b/src/chrome/content/rules/Rock_Paper_Shotgun.com.xml
@@ -0,0 +1,37 @@
+<!--
+	Insecure cookies are set for these domains and hosts:
+
+		- .rockpapershotgun.com
+		- www.rockpapershotgun.com
+
+
+	Mixed content:
+
+		- Image on www from $self ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="Rock Paper Shotgun.com">
+
+	<target host="rockpapershotgun.com" />
+	<target host="www.rockpapershotgun.com" />
+
+		<!--	Sets cookie without Secure:
+							-->
+		<!--test url="http://www.rockpapershotgun.com/page/2/" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.rockpapershotgun\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+	<!--securecookie host="^www\.rockpapershotgun\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Rock_Valley_College.edu.xml b/src/chrome/content/rules/Rock_Valley_College.edu.xml
new file mode 100644
index 000000000000..5dc743e15b16
--- /dev/null
+++ b/src/chrome/content/rules/Rock_Valley_College.edu.xml
@@ -0,0 +1,33 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- rockvalleycollege.edu
+		- www.rockvalleycollege.edu
+
+
+	Mixed content:
+
+		- Bug on (www.)? from tags.w55c.net *
+
+	* Secured by us
+
+-->
+<ruleset name="Rock Valley College.edu">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="rockvalleycollege.edu" />
+	<target host="www.rockvalleycollege.edu" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?rockvalleycollege\.edu$" name="^(CFID|CFTOKEN)$" /-->
+
+	<securecookie host="^(?:www\.)?rockvalleycollege\.edu$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/RockefellerFoundation.org.xml b/src/chrome/content/rules/RockefellerFoundation.org.xml
new file mode 100644
index 000000000000..af6feb1fdb6a
--- /dev/null
+++ b/src/chrome/content/rules/RockefellerFoundation.org.xml
@@ -0,0 +1,19 @@
+<!--
+	Invalid Certificate:
+		www.challenge.rockefellerfoundation.org
+		100resilientcities.rockefellerfoundation.org
+		annualreport2013.rockefellerfoundation.org
+		engage.rockefellerfoundation.org
+	Unable to Connect:
+		annualreport2012.rockefellerfoundation.org
+-->
+<ruleset name="RockefellerFoundation.org">
+	<target host="rockefellerfoundation.org" />
+	<target host="www.rockefellerfoundation.org" />
+	<target host="assets.rockefellerfoundation.org" />
+		<test url="http://assets.rockefellerfoundation.org/app/uploads/20170713132744/pollution-image-blog-640x640.jpeg/" />
+	<target host="bellagioapplication.rockefellerfoundation.org" />
+	<target host="innovationsurvey.rockefellerfoundation.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Rocket.Chat.xml b/src/chrome/content/rules/Rocket.Chat.xml
new file mode 100644
index 000000000000..6e1873699f31
--- /dev/null
+++ b/src/chrome/content/rules/Rocket.Chat.xml
@@ -0,0 +1,16 @@
+<!--
+	www.rocket.chat: Refused
+
+-->
+<ruleset name="Rocket.Chat">
+
+	<target host="rocket.chat" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Rocketbank.ru.xml b/src/chrome/content/rules/Rocketbank.ru.xml
new file mode 100644
index 000000000000..e4f2687e9842
--- /dev/null
+++ b/src/chrome/content/rules/Rocketbank.ru.xml
@@ -0,0 +1,46 @@
+<!--
+email.rocketbank.ru ¹
+o2.email.rocketbank.ru ³
+pages.rocketbank.ru ¹
+profit.rocketbank.ru ¹
+s3.rocketbank.ru ¹
+
+
+¹ mismatch
+³ timed out
+-->
+<ruleset name="rocketbank.ru">
+	<target host="rocketbank.ru" />
+	<target host="www.rocketbank.ru" />
+	<target host="all.rocketbank.ru" />
+	<target host="applepay.rocketbank.ru" />
+	<target host="arcada.rocketbank.ru" />
+	<target host="artbattle.rocketbank.ru" />
+	<target host="bivan.rocketbank.ru" />
+	<target host="bless.rocketbank.ru" />
+	<target host="boss.rocketbank.ru" />
+	<target host="cinema.rocketbank.ru" />
+	<target host="deposit.rocketbank.ru" />
+	<target host="designer.rocketbank.ru" />
+	<target host="dr.rocketbank.ru" />
+	<target host="eco.rocketbank.ru" />
+	<target host="estate.rocketbank.ru" />
+	<target host="gamer.rocketbank.ru" />
+	<target host="holy.rocketbank.ru" />
+	<target host="insurance.rocketbank.ru" />
+	<target host="kinohod.rocketbank.ru" />
+	<target host="liga.rocketbank.ru" />
+	<target host="live.rocketbank.ru" />
+	<target host="open.rocketbank.ru" />
+	<target host="payroll.rocketbank.ru" />
+	<target host="pled.rocketbank.ru" />
+	<target host="quest.rocketbank.ru" />
+	<target host="samsungpay.rocketbank.ru" />
+	<target host="snow.rocketbank.ru" />
+	<target host="starcon.rocketbank.ru" />
+	<target host="stopgame.rocketbank.ru" />
+	<target host="table.rocketbank.ru" />
+	<target host="wknd.rocketbank.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Rocketnet.jp.xml b/src/chrome/content/rules/Rocketnet.jp.xml
new file mode 100644
index 000000000000..ab22614195a2
--- /dev/null
+++ b/src/chrome/content/rules/Rocketnet.jp.xml
@@ -0,0 +1,38 @@
+<!--
+	For other GMO coverage, see GMO_Internet.xml.
+
+
+	^: expired
+
+
+	Mixed content:
+
+		- Images from cache.img.gmo.jp *
+
+	* Secured by us
+
+-->
+<ruleset name="Rocketnet.jp">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="secure.rocketnet.jp" />
+	<target host="www.rocketnet.jp" />
+
+	<!--	Complications:
+				-->
+	<target host="rocketnet.jp" />
+
+
+	<!--	Secured by server:
+					-->
+	<!--securecookie host="^secure\.rocketnet\.jp$" name="^(has_cookies|sid)$" /-->
+
+
+	<rule from="^http://rocketnet\.jp/"
+		to="https://www.rocketnet.jp/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Rockhurst_Hawks.com.xml b/src/chrome/content/rules/Rockhurst_Hawks.com.xml
new file mode 100644
index 000000000000..1198b7f392d8
--- /dev/null
+++ b/src/chrome/content/rules/Rockhurst_Hawks.com.xml
@@ -0,0 +1,21 @@
+<!--
+	Mixed content:
+
+		- Images from i1.ytimg.com *
+		- Ads from assets.sidearmsports.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Rockhurst Hawks.com">
+
+	<target host="rockhursthawks.com" />
+	<target host="www.rockhursthawks.com" />
+
+
+	<securecookie host="^(?:www\.)?rockhursthawks\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Rockman-Corner.com.xml b/src/chrome/content/rules/Rockman-Corner.com.xml
new file mode 100644
index 000000000000..82b3ca281bd6
--- /dev/null
+++ b/src/chrome/content/rules/Rockman-Corner.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Rockman-Corner.com">
+	<target host="rockman-corner.com" />
+	<target host="www.rockman-corner.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Rockstar-Games.xml b/src/chrome/content/rules/Rockstar-Games.xml
deleted file mode 100644
index 4950e322c7a1..000000000000
--- a/src/chrome/content/rules/Rockstar-Games.xml
+++ /dev/null
@@ -1,32 +0,0 @@
-<!--
-	Problematic subdomains:
-
-		- ^	(cert only matches *.rockstargames.com)
-
-
-	Partially covered subdomains:
-
-		- (www.)	(some paths started redirecting to http)
-		- socialclub	(at least the homepage & profile/$ redirect to http)
-
--->
-<ruleset name="Rockstar Games (partial)">
-
-	<target host="rockstargames.com" />
-	<target host="*.rockstargames.com" />
-		<exclusion pattern="^http://socialclub\.rockstargames\.com/(?!profile/support-signin-en\.html|registration/createaccount|signup)" />
-
-
-	<securecookie host="^cdn\.sc\.rockstargames\.com$" name=".+" />
-
-
-	<rule from="^https?://(?:www\.)?rockstargames\.com/(?!img/)(.+\.(?:css|gif|jpe?g|png))"
-		to="https://www.rockstargames.com/$1" />
-
-	<rule from="^http://(media|cdn\.sc|socialclub)\.rockstargames\.com/"
-		to="https://$1.rockstargames.com/" />
-
-	<rule from="^https?://support\.rockstargames\.com/generated/"
-		to="https://assets.zendesk.com/generated/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/RockstarGames.xml b/src/chrome/content/rules/RockstarGames.xml
new file mode 100644
index 000000000000..169636bff1f2
--- /dev/null
+++ b/src/chrome/content/rules/RockstarGames.xml
@@ -0,0 +1,29 @@
+<ruleset name="Rockstar Games">
+	<target host="rockstargames.com" />
+	<target host="www.rockstargames.com" />
+	<target host="activate.rockstargames.com" />
+	<target host="lyncdiscover.rockstargames.com" />
+	<target host="m.rockstargames.com" />
+	<target host="mail.rockstargames.com" />
+	<target host="media.rockstargames.com" />
+	<target host="mindlink.rockstargames.com" />
+	<target host="remote.rockstargames.com" />
+	<target host="rsgedi-vpn.rockstargames.com" />
+	<target host="cdn.sc.rockstargames.com" />
+	<target host="socialclub.rockstargames.com" />
+	<target host="de.socialclub.rockstargames.com" />
+	<target host="es.socialclub.rockstargames.com" />
+	<target host="es-mx.socialclub.rockstargames.com" />
+	<target host="fr.socialclub.rockstargames.com" />
+	<target host="it.socialclub.rockstargames.com" />
+	<target host="ja.socialclub.rockstargames.com" />
+	<target host="ko.socialclub.rockstargames.com" />
+	<target host="pl.socialclub.rockstargames.com" />
+	<target host="pt.socialclub.rockstargames.com" />
+	<target host="ru.socialclub.rockstargames.com" />
+	<target host="zh.socialclub.rockstargames.com" />
+	<target host="support.rockstargames.com" />
+	<target host="supportfiles.rockstargames.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Roe.ch.xml b/src/chrome/content/rules/Roe.ch.xml
new file mode 100644
index 000000000000..fda977c515ea
--- /dev/null
+++ b/src/chrome/content/rules/Roe.ch.xml
@@ -0,0 +1,18 @@
+<ruleset name="roe.ch">
+
+	<target host="roe.ch" />
+	<target host="daniel.roe.ch" />
+	<target host="mirror.roe.ch" />
+	<target host="www.roe.ch" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.roe\.ch$" name="^sid$" /-->
+
+	<securecookie host="^www\.roe\.ch$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Roeck-us.net.xml b/src/chrome/content/rules/Roeck-us.net.xml
index 49765bb21fae..f6a156395982 100644
--- a/src/chrome/content/rules/Roeck-us.net.xml
+++ b/src/chrome/content/rules/Roeck-us.net.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(?:www\.)?roeck-us\.net/"
 		to="https://roeck-us.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Roem.ru.xml b/src/chrome/content/rules/Roem.ru.xml
new file mode 100644
index 000000000000..70dff6ea3e07
--- /dev/null
+++ b/src/chrome/content/rules/Roem.ru.xml
@@ -0,0 +1,21 @@
+<!--
+	www: mismatched
+
+
+	Fully covered subdomains:
+
+		- (www.)?	(www → ^)
+		- m
+
+-->
+<ruleset name="Roem.ru">
+
+	<target host="roem.ru" />
+	<target host="m.roem.ru" />
+	<target host="www.roem.ru" />
+
+
+	<rule from="^http://(?:(m\.)|www\.)?roem\.ru/"
+		to="https://$1roem.ru/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/RogerFederer.xml b/src/chrome/content/rules/RogerFederer.xml
new file mode 100644
index 000000000000..e4f2d7813b54
--- /dev/null
+++ b/src/chrome/content/rules/RogerFederer.xml
@@ -0,0 +1,17 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://rogerfederershop.com/ => https://rogerfederershop.com/: (51, "SSL: no alternative certificate subject name matches target host name 'rogerfederershop.com'")
+
+	Mismatch:
+		- *.rogerfederer.ch
+		- *.rogerfederer.com
+		- *.rogerfedererfoundation.org
+-->
+<ruleset name="Roger Federer" default_off="failed ruleset test">
+	<target host="rogerfederershop.com"/>
+	<target host="www.rogerfederershop.com"/>
+
+	<rule from="^http:"
+		to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/Rogers-Bank.xml b/src/chrome/content/rules/Rogers-Bank.xml
new file mode 100644
index 000000000000..75d2f1a9b918
--- /dev/null
+++ b/src/chrome/content/rules/Rogers-Bank.xml
@@ -0,0 +1,18 @@
+<!--
+	Chain issue, missing intermediate:
+		- alerts.rogersbank.com
+
+	Invalid certificate:
+		- f.alerts.rogersbank.com
+-->
+
+<ruleset name="RogersBank.com">
+	<target host="rogersbank.com" />
+	<target host="www.rogersbank.com" />
+	<target host="creditapp.rogersbank.com" />
+	<target host="rbaccess.rogersbank.com" />
+	<target host="rbapp.rogersbank.com" />
+	<target host="staging.rogersbank.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Rogue_Amoeba.com.xml b/src/chrome/content/rules/Rogue_Amoeba.com.xml
new file mode 100644
index 000000000000..77e1929d5796
--- /dev/null
+++ b/src/chrome/content/rules/Rogue_Amoeba.com.xml
@@ -0,0 +1,20 @@
+<!--
+	Nonfunctional hosts in *rogueamoeba.com:
+
+		- blog *
+
+	* WP Engine
+
+-->
+<ruleset name="Rogue Amoeba.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="rogueamoeba.com" />
+	<target host="www.rogueamoeba.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Rohieb.name.xml b/src/chrome/content/rules/Rohieb.name.xml
index d4efc4ad7b2e..479bc08a72b1 100644
--- a/src/chrome/content/rules/Rohieb.name.xml
+++ b/src/chrome/content/rules/Rohieb.name.xml
@@ -1,10 +1,7 @@
 <ruleset name="rohieb.name">
-
 	<target host="rohieb.name" />
 	<target host="www.rohieb.name" />
 
-
-	<rule from="^http://(www\.)?rohieb\.name/"
-		to="https://$1rohieb.name/" />
-
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Roia.biz.xml b/src/chrome/content/rules/Roia.biz.xml
index 3adf84757b9f..b52082fb7273 100644
--- a/src/chrome/content/rules/Roia.biz.xml
+++ b/src/chrome/content/rules/Roia.biz.xml
@@ -1,22 +1,39 @@
 <!--
-	Problematc subdomains:
-
-		- www	(cert only matches ^roia.biz)
+	www.roia.biz: Mismatched
 
 
 	Web bugs.
 
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- roia.biz
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
 -->
 <ruleset name="roia.biz">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="roia.biz" />
+
+	<!--	Complications:
+				-->
 	<target host="www.roia.biz" />
 
 
-	<securecookie host="^roia\.biz$" name=".+" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^roia\.biz$" name="^roia_c$" /-->
 
+	<securecookie host="^\w" name=".+" />
 
-	<rule from="^http://(?:www\.)?roia\.biz/"
+
+	<rule from="^http://www\.roia\.biz/"
 		to="https://roia.biz/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Roiservice.com.xml b/src/chrome/content/rules/Roiservice.com.xml
index 01a3e90a0581..d7de13310571 100644
--- a/src/chrome/content/rules/Roiservice.com.xml
+++ b/src/chrome/content/rules/Roiservice.com.xml
@@ -1,5 +1,13 @@
-<ruleset name="Roiservice.com">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://track.roiservice.com/ => https://track.roiservice.com/: (6, 'Could not resolve host: track.roiservice.com')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://track.roiservice.com/ => https://track.roiservice.com/: (6, 'Could not resolve host: track.roiservice.com')
+-->
+<ruleset name="Roiservice.com" default_off="failed ruleset test">
 	<target host="track.roiservice.com" />
 
-	<rule from="^http://track\.roiservice\.com/" to="https://track.roiservice.com/" />
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Roku.com.xml b/src/chrome/content/rules/Roku.com.xml
new file mode 100644
index 000000000000..bcd34eab2dc5
--- /dev/null
+++ b/src/chrome/content/rules/Roku.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Nonfunctional subdomains:
+
+		- blog ¹
+		- support ²
+
+	¹ Blank page; mismatched, CN: *.accountservergroup.com
+	² Zendesk
+
+-->
+<ruleset name="Roku.com (partial)">
+
+	<target host="roku.com" />
+	<target host="owner.roku.com" />
+	<target host="www.roku.com" />
+	<target host="wwwimg.roku.com" />
+	<target host="support.roku.com" />
+
+
+	<rule from="^http://((?:owner|www|wwwimg)\.)?roku\.com/"
+		to="https://$1roku.com/" />
+
+	<rule from="^http://support\.roku\.com/(?=favicon\.ico|generated/|images/|system/)"
+		to="https://roku.zendesk.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/RolePlayChat.org.xml b/src/chrome/content/rules/RolePlayChat.org.xml
new file mode 100644
index 000000000000..128cb9dc3262
--- /dev/null
+++ b/src/chrome/content/rules/RolePlayChat.org.xml
@@ -0,0 +1,27 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://roleplaychat.org/ => https://roleplaychat.org/: (7, 'Failed to connect to roleplaychat.org port 443: Connection refused')
+Fetch error: http://talk.roleplaychat.org/ => https://talk.roleplaychat.org/: (7, 'Failed to connect to talk.roleplaychat.org port 443: Connection refused')
+Fetch error: http://www.roleplaychat.org/ => https://www.roleplaychat.org/: (7, 'Failed to connect to www.roleplaychat.org port 443: Connection refused')
+
+	Mixed content:
+
+		- Images on talk from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="RolePlayChat.org" default_off="failed ruleset test">
+
+	<target host="roleplaychat.org" />
+	<target host="talk.roleplaychat.org" />
+	<target host="www.roleplaychat.org" />
+
+
+	<securecookie host="^(?:w*\.)?roleplaychat\.org$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Rolex.com.xml b/src/chrome/content/rules/Rolex.com.xml
index 8590c913ec7f..d9f1049d24d0 100644
--- a/src/chrome/content/rules/Rolex.com.xml
+++ b/src/chrome/content/rules/Rolex.com.xml
@@ -2,24 +2,39 @@
 	CDN buckets:
 
 		- content.rolex.com.edgesuite.net
-
-			- a343.b.akamai.net
-
 		- www.rolex.com.edgesuite.net
 
 
-	Nonfunctional subdomains:
-
-		- ^	(dropped)
-		- www	(shows maintenance notice, akamai)
+	^rolex.com: Mismatched
 
 -->
 <ruleset name="Rolex.com (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="content.rolex.com" />
+	<target host="pressroom.rolex.com" />
+	<target host="www.rolex.com" />
+
+		<test url="http://content.rolex.com/is/image/Rolex/?src=is%7BRolex%2Fshadow_cellini_time_39%3Flayer%3D1%26src%3D50754%26layer%3D2%26src%3D50166_g_39%26layer%3D3%26src%3D50064%7D&amp;$rv55-watch-grid$" />
+
+	<!--	Complications:
+				-->
+	<target host="rolex.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www)?\.rolex\.com$" name="^rlx-language$" /-->
+
+	<securecookie host="^\." name="^s_v" />
+	<securecookie host="^\w" name=".+" />
+
 
+	<rule from="^http://rolex\.com/"
+		to="https://www.rolex.com/" />
 
-	<rule from="^http://content\.rolex\.com/"
-		to="https://a248.e.akamai.net/f/343/2577/59/content.rolex.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Roll_Call.com.xml b/src/chrome/content/rules/Roll_Call.com.xml
index 04a80e852f04..e035c4429456 100644
--- a/src/chrome/content/rules/Roll_Call.com.xml
+++ b/src/chrome/content/rules/Roll_Call.com.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://rollcall.com/ => https://secure.rollcall.com/: (6, 'Could not resolve host: secure.rollcall.com')
+
 	For other Economist Group coverage, see Economist.com.xml
 
 
@@ -44,10 +48,12 @@
 	platform should be removed with Ffx 24.
 
 -->
-<ruleset name="Roll Call.com (partial)" platform="mixedcontent">
+<ruleset name="Roll Call.com (partial)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="rollcall.com" />
-	<target host="*.rollcall.com" />
+	<target host="cdn.rollcall.com" />
+	<target host="secure.rollcall.com" />
+	<target host="www.rollcall.com" />
 
 
 	<securecookie host="^(?:\.?secure)?\.rollcall\.com$" name=".+" />
@@ -56,4 +62,4 @@
 	<rule from="^http://(?:(?:cdn|secure|www)\.)?rollcall\.com/"
 		to="https://secure.rollcall.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Rollapp.com.xml b/src/chrome/content/rules/Rollapp.com.xml
new file mode 100644
index 000000000000..50b802abc036
--- /dev/null
+++ b/src/chrome/content/rules/Rollapp.com.xml
@@ -0,0 +1,14 @@
+<!--
+	Nonfunctional subdomains:
+
+		- blog *
+
+	* Tumblr
+
+-->
+<ruleset name="rollApp.com (partial)">
+  <target host="rollapp.com" />
+  <target host="www.rollapp.com" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Rollbar.xml b/src/chrome/content/rules/Rollbar.xml
index a5516eaacf24..516a70a38af2 100644
--- a/src/chrome/content/rules/Rollbar.xml
+++ b/src/chrome/content/rules/Rollbar.xml
@@ -7,13 +7,13 @@
 <ruleset name="Rollbar">
 
 	<target host="rollbar.com" />
-	<target host="*.rollbar.com" />
+	<target host="api.rollbar.com" />
+	<target host="www.rollbar.com" />
 
 
 	<securecookie host="^(?:\.?www\.)?rollbar\.com$" name=".+" />
 
 
-	<rule from="^http://(api\.|www\.)?rollbar\.com/"
-		to="https://$1rollbar.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Roller_Net.us.xml b/src/chrome/content/rules/Roller_Net.us.xml
new file mode 100644
index 000000000000..834b07c0276d
--- /dev/null
+++ b/src/chrome/content/rules/Roller_Net.us.xml
@@ -0,0 +1,27 @@
+<!--
+	Nonfunctional subdomains:
+
+		- (www.) *
+		- forums *
+		- ipv6 *
+
+	* Refused
+
+
+	Fully covered subdomains:
+
+		- acc
+		- activesync
+		- webmail
+
+-->
+<ruleset name="Roller Net.us (partial)">
+
+	<target host="acc.rollernet.us" />
+	<target host="activesync.rollernet.us" />
+	<target host="webmail.rollernet.us" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Rolling_Stone.com.xml b/src/chrome/content/rules/Rolling_Stone.com.xml
index 24f151d7a376..5040c9fc8d20 100644
--- a/src/chrome/content/rules/Rolling_Stone.com.xml
+++ b/src/chrome/content/rules/Rolling_Stone.com.xml
@@ -1,4 +1,6 @@
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://rollingstone.com/ => https://rollingstone.com/: (7, 'Failed to connect to rollingstone.com port 443: Connection timed out')
 	Other Rolling Stone rulesets:
 
 		- Rolling_Stone_Subscriptions.com.xml
@@ -10,6 +12,8 @@
 
 			- a402.g.akamai.net
 
+		- assets-s3.rollingstone.com.edgesuite.net
+
 		- www.rollingstone.com.edgesuite.net
 
 			- a1317.g.akamai.net
@@ -17,69 +21,64 @@
 
 	Nonfunctional subdomains:
 
-		- archive	(dropped)
-
-
-	Problematic subdomains:
+		- archive *
 
-		- assets	(works, akamai)
-		- www		($ redirects to http, some paths work; akamai)
+	* Refused
 
 
-	Fully covered subdomains:
-
-		- sub
+	Partially covered subdomains:
 
--->
-<ruleset name="Rolling Stone.com (partial)">
+		- assets-s3 *
 
-	<target host="*.rollingstone.com" />
-		<!--
-			Avoid user-visible paths:
-							-->
-		<exclusion pattern="^http://www\.rollingstone\.com/(?!assets/|css/|images/|js/)" />
-		<!--
-			global-2 breaks images/fe/sprite/socialIcons.*
+	* At least some pages redirect to http
 
-			homepage breaks other image paths
 
-			rsplus breaks images/rsplus/
+	Fully covered subdomains:
 
-			taibbimodule breaks images/fe/h2-newTaibbi.png
+		- (www.)
+		- assets
+		- subscribe
 
-			videos breaks images/fe/videos/
 
-			Hint: pointing to http://www.rollingstone.com/.* would fix this
-											-->
-		<exclusion pattern="^http://www\.rollingstone\.com/css/fe/(?:(?:global-\d|homepage|taibbimodule|videos).\w{32}|rsplus)\.css" />
+	Mixed content:
 
+		- Images, on:
 
-	<!--	google-analytics.com tracking cookies:
-							-->
-	<securecookie host="^\.rollingstone\.com$" name="^__utm\w$" />
-	<securecookie host="^sub\.rollingstone\.com$" name=".+" />
+			- www from assets *
+			- www from www.thedailybeast.com *
 
+		- favicon on subscribe from www *
 
-	<rule from="^http://rollingstone\.com/"
-		to="https://rollingstone.com/" />
+	* Secured by us
 
-	<!--	assets/ redirects to http when rewritten to akamai.net/....www
+-->
+<ruleset name="Rolling Stone.com (partial)">
 
-		This rule must be above the catch-all www rule.
-								-->
-	<rule from="^http://www\.rollingstone\.com/assets/"
-		to="https://a248.e.akamai.net/f/402/78/9m/assets.rollingstone.com/assets/" />
+	<target host="rollingstone.com" />
+	<target host="assets.rollingstone.com" />
+	<target host="assets-s3.rollingstone.com" />
+	<target host="subscribe.rollingstone.com" />
+	<target host="www.rollingstone.com" />
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="^http://assets-s3\.rollingstone\.com/+($|\?|css/)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://assets-s3\.rollingstone\.com/+(?!assets/|favicon\.ico|images/)" />
 
-	<rule from="^http://www\.rollingstone\.com/sub-text-link-a(?:\?.*)?$"
-		to="https://www.rollingstonesubscriptions.com/storefront/link/1005317.html" />
 
-	<rule from="^http://www\.rollingstone\.com/"
-		to="https://a248.e.akamai.net/f/1317/1860/6m/www.rollingstone.com/" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^subscribe\.rollingstone\.com$" name="^(JSESSIONID|TI_SPLIT_RANDOM|customerSessionGuid)$" /-->
+	<!--
+		google-analytics.com tracking cookies:
+							-->
+	<securecookie host="^\.rollingstone\.com$" name="^__utm\w$" />
+	<securecookie host="^subscribe\.rollingstone\.com$" name=".+" />
 
-	<rule from="^http://assets\.rollingstone\.com/"
-		to="https://a248.e.akamai.net/f/402/78/9m/assets.rollingstone.com/" />
 
-	<rule from="^http://sub\.rollingstone\.com/"
-		to="https://sub.rollingstone.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Rolling_Stone_Subscriptions.com.xml b/src/chrome/content/rules/Rolling_Stone_Subscriptions.com.xml
index f3c778dbe3eb..d2710c78f145 100644
--- a/src/chrome/content/rules/Rolling_Stone_Subscriptions.com.xml
+++ b/src/chrome/content/rules/Rolling_Stone_Subscriptions.com.xml
@@ -10,7 +10,7 @@
 <ruleset name="Rolling Stone Subscriptions.com">
 
 	<target host="rollingstonesubscriptions.com" />
-	<target host="*.rollingstonesubscriptions.com" />
+	<target host="www.rollingstonesubscriptions.com" />
 
 
 	<securecookie host="^(?:www)?\.rollingstonesubscriptions\.com$" name=".+" />
@@ -19,4 +19,4 @@
 	<rule from="^http://(?:www\.)?rollingstonesubscriptions\.com/"
 		to="https://www.rollingstonesubscriptions.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Roloil.xml b/src/chrome/content/rules/Roloil.xml
index e06fbec590cf..da81f24f84a1 100644
--- a/src/chrome/content/rules/Roloil.xml
+++ b/src/chrome/content/rules/Roloil.xml
@@ -4,13 +4,10 @@
 -->
 <ruleset name="Roloil">
 
-	<target host="*.roloil.com" />
+	<target host="www.roloil.com" />
 
 
-	<securecookie host="^\.roloil\.com$" name=".+" />
 
+	<rule from="^http:" to="https:" />
 
-	<rule from="^http://www\.roloil\.com/"
-		to="https://www.roloil.com/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/RomStation.fr.xml b/src/chrome/content/rules/RomStation.fr.xml
new file mode 100644
index 000000000000..444901aeedd7
--- /dev/null
+++ b/src/chrome/content/rules/RomStation.fr.xml
@@ -0,0 +1,15 @@
+<!--
+	Mismatched:
+		- lapanui
+		- ouroboros
+-->
+<ruleset name="RomStation.fr">
+	<target host="romstation.fr" />
+	<target host="www.romstation.fr" />
+	<target host="chat.romstation.fr" />
+	<target host="oracle.romstation.fr" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Romab.com.xml b/src/chrome/content/rules/Romab.com.xml
deleted file mode 100644
index 3a110583576b..000000000000
--- a/src/chrome/content/rules/Romab.com.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<!-- romab.com is the developers of the ironsuite mac applications --> 
-<ruleset name="romab.com">
-	<target host="romab.com" />
-	<target host="romab.se" />
-	<target host="www.romab.com" />
-	<target host="www.romab.se" />
-	<rule from="^http://www\.romab\.com/" to="https://www.romab.com/"/>
-	<rule from="^http://www\.romab\.se/" to="https://www.romab.com/"/>
-	<rule from="^http://romab\.se/" to="https://romab.com/"/>
-	<rule from="^http://romab\.com/" to="https://romab.com/"/>
-</ruleset>
-
diff --git a/src/chrome/content/rules/Romab.se.xml b/src/chrome/content/rules/Romab.se.xml
new file mode 100644
index 000000000000..95a7a6eedc42
--- /dev/null
+++ b/src/chrome/content/rules/Romab.se.xml
@@ -0,0 +1,15 @@
+<!--
+	Mismatch
+		- ^
+		- www
+
+	romab.com is preloaded
+-->
+<ruleset name="romab.se">
+	<target host="romab.se" />
+	<target host="www.romab.se" />
+
+	<rule from="^http://(www\.)?romab\.se/"
+		to="https://romab.com/" />
+</ruleset>
+
diff --git a/src/chrome/content/rules/Romhacking.net.xml b/src/chrome/content/rules/Romhacking.net.xml
new file mode 100644
index 000000000000..1ceba9fc892d
--- /dev/null
+++ b/src/chrome/content/rules/Romhacking.net.xml
@@ -0,0 +1,10 @@
+<ruleset name="Romhacking.net">
+	<target host="romhacking.net" />
+	<target host="www.romhacking.net" />
+	<target host="server.romhacking.net" />
+	<target host="mail.romhacking.net" />
+	<target host="transcorp.romhacking.net" />
+	<target host="datacrystal.romhacking.net" />
+  
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Rondavu.xml b/src/chrome/content/rules/Rondavu.xml
deleted file mode 100644
index 2ef3ab39cad6..000000000000
--- a/src/chrome/content/rules/Rondavu.xml
+++ /dev/null
@@ -1,35 +0,0 @@
-<!--
-	CDN buckets:
-
-		- s3.amazonaws.com/static.rondavu.com/
-
-		- static.rondavu.com.edgesuite.net
-
-			- a1582.g.akamai.net
-
-
-	Problematic subdomains:
-
-		- static	(works, akamai)
-
-
-	(www.) times out over both http & https.
-
--->
-<ruleset name="Rondavu">
-
-	<target host="*.rondavu.com" />
-
-
-	<!--	name="^rdv_cookie$"
-					-->
-	<securecookie host="^\.rondavu\.com$" name=".+" />
-
-
-	<rule from="^http://static\.rondavu\.com/"
-		to="https://a248.e.akamai.net/f/1582/4759/2h/static.rondavu.com/" />
-
-	<rule from="^http://web\.rondavu\.com/"
-		to="https://web.rondavu.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Rooof.com-problematic.xml b/src/chrome/content/rules/Rooof.com-problematic.xml
new file mode 100644
index 000000000000..4c98a0817aeb
--- /dev/null
+++ b/src/chrome/content/rules/Rooof.com-problematic.xml
@@ -0,0 +1,19 @@
+<!--
+	For rules that are on by default, see Rooof.xml.
+
+-->
+<ruleset name="Rooof.com (mismatched)" default_off="mismatched">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="rooof.com" />
+	<target host="www.rooof.com" />
+
+
+	<securecookie host="(?:www)?\.roof\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Rooof.xml b/src/chrome/content/rules/Rooof.xml
index 071303e53d87..a47bcc879f38 100644
--- a/src/chrome/content/rules/Rooof.xml
+++ b/src/chrome/content/rules/Rooof.xml
@@ -1,22 +1,43 @@
 <!--
+	For problematic rules, see Rooof.com-problematic.xml.
+
+
 	CDN buckets:
 
 		- s3.amazonaws.com/cdn.rooof.com/ | d2fiu2vy3tuc3o.cloudfront.net
 
+
+	Problematic hosts in *rooof.com:
+
+		- (www.)? ¹
+		- cdn ²
+		- manage ³
+
+	¹ Mismatched
+	² Cloudfront
+	³ Blocks Tor users
+
 -->
-<ruleset name="Rooof">
+<ruleset name="Rooof.com (partial)">
 
-	<target host="rooof.com" />
-	<target host="*.rooof.com" />
+	<!--	Direct rewrites:
+				-->
+	<!--target host="rooof.com" /-->
+	<target host="manage.rooof.com" />
+	<!--target host="www.rooof.com" /-->
 
+	<!--	Complications:
+				-->
+	<target host="cdn.rooof.com" />
 
-	<securecookie host="^.+\.roof\.com$" name=".+" />
 
+	<!--securecookie host="^(?:www)?\.roof\.com$" name=".+" /-->
 
-	<rule from="^http://(adam\.|www\.)?rooof\.com/"
-		to="https://$1rooof.com/" />
 
-	<rule from="^https?://cdn\.roof\.com/"
+	<rule from="^http://cdn\.rooof\.com/"
 		to="https://d2fiu2vy3tuc3o.cloudfront.net/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/RoosterTeeth.com.xml b/src/chrome/content/rules/RoosterTeeth.com.xml
new file mode 100644
index 000000000000..4159b657ca81
--- /dev/null
+++ b/src/chrome/content/rules/RoosterTeeth.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="RoosterTeeth.com">
+
+	<target host="roosterteeth.com" />
+	<target host="www.roosterteeth.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/RootBSD.net.xml b/src/chrome/content/rules/RootBSD.net.xml
index 865e238e29c2..b5287654fc5b 100644
--- a/src/chrome/content/rules/RootBSD.net.xml
+++ b/src/chrome/content/rules/RootBSD.net.xml
@@ -1,13 +1,14 @@
 <ruleset name="RootBSD.net">
 
 	<target host="rootbsd.net" />
-	<target host="*.rootbsd.net" />
+	<target host="admin.rootbsd.net" />
+	<target host="manage.rootbsd.net" />
+	<target host="www.rootbsd.net" />
 
 
 	<securecookie host="^(?:admin|manage)\.rootbsd\.net$" name=".+" />
 
 
-	<rule from="^http://((?:admin|manage|www)\.)?rootbsd\.net/"
-		to="https://$1rootbsd.net/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/RoseHosting.com.xml b/src/chrome/content/rules/RoseHosting.com.xml
new file mode 100644
index 000000000000..4318f23b3f1a
--- /dev/null
+++ b/src/chrome/content/rules/RoseHosting.com.xml
@@ -0,0 +1,34 @@
+<!--
+	Other Rose Web Services rulesets:
+
+		- CoolWebScripts.com.xml
+		- KVM-VPS.com.xml
+		- Linux_Cloud_VPS.com.xml
+		- SolidAlert.com.xml
+
+
+	Insecure cookies are set for these hosts:
+
+		- secure.rosehosting.com
+
+-->
+<ruleset name="RoseHosting.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="rosehosting.com" />
+	<target host="secure.rosehosting.com" />
+	<target host="www.rosehosting.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^secure\.rosehosting\.com$" name="^SESSID[\da-f]{4}$" /-->
+
+	<securecookie host="^secure\.rosehosting\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/RosettaCode.org.xml b/src/chrome/content/rules/RosettaCode.org.xml
new file mode 100644
index 000000000000..a53ef618a78f
--- /dev/null
+++ b/src/chrome/content/rules/RosettaCode.org.xml
@@ -0,0 +1,14 @@
+<ruleset name="RosettaCode.org">
+
+	<target host="rosettacode.org" />
+	<target host="www.rosettacode.org" />
+	<target host="blog.rosettacode.org" />
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^rosettacode\.org$" name="^rosettacode_session$" /-->
+	<securecookie host="^www\.rosettacode\.org$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Rosevrobank.ru.xml b/src/chrome/content/rules/Rosevrobank.ru.xml
new file mode 100644
index 000000000000..d1a6b97f1a99
--- /dev/null
+++ b/src/chrome/content/rules/Rosevrobank.ru.xml
@@ -0,0 +1,49 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://blog.rosevrobank.ru/ => https://blog.rosevrobank.ru/: (7, 'Failed to connect to blog.rosevrobank.ru port 443: Connection refused')
+
+bnk.rosevrobank.ru ³
+mda-test.rosevrobank.ru ³
+msk0.rosevrobank.ru ³
+msk3.rosevrobank.ru ³
+mst.rosevrobank.ru ¹
+pharaoh.rosevrobank.ru ³
+qlxapp-test.rosevrobank.ru ³
+stms.rosevrobank.ru ³
+vcsext.rosevrobank.ru ³
+webquik.rosevrobank.ru ²
+
+
+¹ mismatch
+² refused
+³ timed out
+-->
+<ruleset name="rosevrobank.ru" default_off="failed ruleset test">
+	<target host="rosevrobank.ru" />
+	<target host="www.rosevrobank.ru" />
+	<target host="blog.rosevrobank.ru" />
+	<target host="chlb.rosevrobank.ru" />
+	<target host="chlb1.rosevrobank.ru" />
+	<target host="ekt.rosevrobank.ru" />
+	<target host="ekt1.rosevrobank.ru" />
+	<target host="ibanking.rosevrobank.ru" />
+	<target host="mbc.rosevrobank.ru" />
+	<target host="mbc1.rosevrobank.ru" />
+	<target host="mbext.rosevrobank.ru" />
+	<target host="mda.rosevrobank.ru" />
+	<target host="msk.rosevrobank.ru" />
+	<target host="msk1.rosevrobank.ru" />
+	<target host="msk2.rosevrobank.ru" />
+	<target host="nvsb.rosevrobank.ru" />
+	<target host="nvsb1.rosevrobank.ru" />
+	<target host="rst.rosevrobank.ru" />
+	<target host="rst1.rosevrobank.ru" />
+	<target host="smr.rosevrobank.ru" />
+	<target host="smr1.rosevrobank.ru" />
+	<target host="spb.rosevrobank.ru" />
+	<target host="spb1.rosevrobank.ru" />
+	<target host="vb.rosevrobank.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Roskilde_University.xml b/src/chrome/content/rules/Roskilde_University.xml
index 3a51c0a6a8bd..c4a937fb1402 100644
--- a/src/chrome/content/rules/Roskilde_University.xml
+++ b/src/chrome/content/rules/Roskilde_University.xml
@@ -1,10 +1,15 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ruc.dk/ => https://www.ruc.dk/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.ruc.dk/ => https://www.ruc.dk/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
 	Problematic subdomains:
 
 		- ^	(404, valid cert)
 
 -->
-<ruleset name="Roskilde University (partial)">
+<ruleset name="Roskilde University (partial)" default_off="failed ruleset test">
 
 	<target host="ruc.dk" />
 	<target host="www.ruc.dk" />
@@ -16,4 +21,4 @@
 	<rule from="^http://(?:www\.)?ruc\.dk/"
 		to="https://www.ruc.dk/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Ross_Ulbricht.org.xml b/src/chrome/content/rules/Ross_Ulbricht.org.xml
index a83ba0ab0b5a..9c32856ef0a2 100644
--- a/src/chrome/content/rules/Ross_Ulbricht.org.xml
+++ b/src/chrome/content/rules/Ross_Ulbricht.org.xml
@@ -1,13 +1,9 @@
-<ruleset name="Ross Ulbricht.org">
-
+<ruleset name="Ross Ulbricht.org" default_off="mismatch">
 	<target host="rossulbricht.org" />
-	<target host="*.rossulbricht.org" />
-
+	<target host="www.rossulbricht.org" />
 
 	<securecookie host="^\.rossulbricht\.org$" name=".+" />
 
-
-	<rule from="^http://(www\.)?rossulbricht\.org/"
-		to="https://$1rossulbricht.org/" />
-
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Rossendale.gov.uk.xml b/src/chrome/content/rules/Rossendale.gov.uk.xml
new file mode 100644
index 000000000000..853ecb83ed7c
--- /dev/null
+++ b/src/chrome/content/rules/Rossendale.gov.uk.xml
@@ -0,0 +1,44 @@
+<!--
+	Rossendale Borough Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	^rossendale.gov.uk: Mismatched
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- revenuesbenefits.rossendale.gov.uk
+		- www.rossendale.gov.uk
+		- .www.rossendale.gov.uk
+
+-->
+<ruleset name="Rossendale.gov.uk">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="revenuesbenefits.rossendale.gov.uk" />
+	<target host="www.rossendale.gov.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="rossendale.gov.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^revenuesbenefits\.rossendale\.gov\.uk$" name="^(?:\.ASPXAUTH|ASP\.NET_SessionId$)" /-->
+	<!--securecookie host="^www\.rossendale\.gov\.uk$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^\.www\.rossendale\.gov\.uk$" name="^TestCookie$" /-->
+
+	<securecookie host="^(?!\.rossendale\.gov\.uk$)." name=".+" />
+
+
+	<rule from="^http://rossendale\.gov\.uk/"
+		to="https://www.rossendale.gov.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Rossia.org.xml b/src/chrome/content/rules/Rossia.org.xml
new file mode 100644
index 000000000000..72f45f8355f7
--- /dev/null
+++ b/src/chrome/content/rules/Rossia.org.xml
@@ -0,0 +1,12 @@
+<!--
+	Time out:
+		rossia.org
+
+-->
+<ruleset name="Rossia.org">
+	<target host="lj.rossia.org" />
+	<target host="www.lj.rossia.org" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Roster-Teeth.xml b/src/chrome/content/rules/Roster-Teeth.xml
deleted file mode 100644
index fcd2d283996a..000000000000
--- a/src/chrome/content/rules/Roster-Teeth.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)	(valid cert; redirects to http, even *login* and *signup* pages[!])
-
--->
-<ruleset name="Roster Teeth (partial)">
-
-	<target host="s3.roosterteeth.com" />
-
-
-	<rule from="^https?://s3\.roosterteeth\.com/"
-		to="https://s3.amazonaws.com/s3.roosterteeth.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/RotaryView.com.xml b/src/chrome/content/rules/RotaryView.com.xml
index 49ab96a67f7b..a1fa011a8dfe 100644
--- a/src/chrome/content/rules/RotaryView.com.xml
+++ b/src/chrome/content/rules/RotaryView.com.xml
@@ -7,7 +7,6 @@
 	<securecookie host="^rotaryview\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?rotaryview\.com/"
-		to="https://$1rotaryview.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Rother.gov.uk.xml b/src/chrome/content/rules/Rother.gov.uk.xml
new file mode 100644
index 000000000000..47ab9d12754b
--- /dev/null
+++ b/src/chrome/content/rules/Rother.gov.uk.xml
@@ -0,0 +1,109 @@
+<!--
+	Rother District Council
+
+	For rules causing false/broken MCB, see Rother.gov.uk-falsemixed.xml.
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *rother.gov.uk:
+
+		- planweb01 ᵈ
+
+	ᵈ Dropped
+
+
+	Problematic hosts in *rother.gov.uk:
+
+		- icm ᵉ ᵐ
+		- hub ˣ
+
+	ᵉ Expired
+	ᵐ Mismatched
+	ˣ Mixed css
+
+
+	Insecure cookies are set for these hosts:
+
+		- rother.gov.uk
+		- hub.rother.gov.uk
+		- www.rother.gov.uk
+
+
+	Mixed content:
+
+		- css on hub from www.rother.gov.uk ˢ
+		- Images on hub from www.rother.gov.uk ˢ
+		- Bug on hub from d1.logo-net.co.uk ʳ
+
+	ʳ Refused
+	ˢ Secured by us
+
+-->
+<ruleset name="Rother.gov.uk (partial)">
+
+	<target host="rother.gov.uk" />
+	<target host="directdebit.rother.gov.uk" />
+	<!--target host="hub.rother.gov.uk" /-->
+	<target host="www.rother.gov.uk" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://(?:www\.)?rother\.gov\.uk/(?:News$|Procurement$|article/10062/Search$|business$|counciltax$|faq$|jobs$|listen$|residents$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://(?:www\.)?rother\.gov\.uk/+(?!\w+/(?:css/|images/|scripts/.+\.css|template/)|CHttpHandler\.ashx|(?:MyAlerts|MyAlertsEvents|article/10061/Login|contactus|unsubscribe)(?:$|[?/])|css/|images/|media/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.rother.gov.uk/News" />
+			<test url="http://www.rother.gov.uk/Procurement" />
+			<test url="http://www.rother.gov.uk/article/10062/Search" />
+			<test url="http://www.rother.gov.uk/buildingcontrol" />
+			<test url="http://www.rother.gov.uk/business" />
+			<test url="http://www.rother.gov.uk/counciltax" />
+			<test url="http://www.rother.gov.uk/counciltax" />
+			<test url="http://www.rother.gov.uk/eventsbooking" />
+			<test url="http://www.rother.gov.uk/faq" />
+			<test url="http://www.rother.gov.uk/jobs" />
+			<test url="http://www.rother.gov.uk/listen" />
+			<test url="http://www.rother.gov.uk/localplan" />
+			<test url="http://www.rother.gov.uk/maps" />
+			<test url="http://www.rother.gov.uk/residents" />
+			<test url="http://www.rother.gov.uk/reuse" />
+			<test url="http://www.rother.gov.uk/servicestandards/" />
+			<test url="http://www.rother.gov.uk/sportsbookings" />
+			<test url="http://www.rother.gov.uk/stats" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.rother.gov.uk/CHttpHandler.ashx?id=22060&amp;p=0" />
+			<test url="http://www.rother.gov.uk/MyAlerts" />
+			<test url="http://www.rother.gov.uk/MyAlertsEvents" />
+			<test url="http://www.rother.gov.uk/article/10061/Login" />
+			<test url="http://www.rother.gov.uk/contactus" />
+			<test url="http://www.rother.gov.uk/media/icon_link/b/r/rss-chicklet.png" />
+			<test url="http://www.rother.gov.uk/rotherdcnet/css/cookiecuttr.css" />
+			<test url="http://www.rother.gov.uk/rotherdcnet/template/home/images/border.png" />
+			<test url="http://www.rother.gov.uk/unsubscribe" />
+			<test url="http://www.rother.gov.uk/utilities/scripts/ext/resources/css/ext-all.css" />
+			<test url="http://www.rother.gov.uk/css/layout0/rotherdc/template/default.css" />
+
+		<!--	Mixed css:
+					-->
+		<test url="http://hub.rother.gov.uk/RotherPortal/ServiceForms/BrownBinForGardenWasteFrm.aspx" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?rother\.gov\.uk$" name="^(?:TextOnlyX|clientvars)$" /-->
+	<!--securecookie host="^hub\.rother\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^(?!(?:www\.)?rother\.gov\.uk$)\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Rotherham.gov.uk.xml b/src/chrome/content/rules/Rotherham.gov.uk.xml
new file mode 100644
index 000000000000..a1dcf77f8fd3
--- /dev/null
+++ b/src/chrome/content/rules/Rotherham.gov.uk.xml
@@ -0,0 +1,71 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://mail.rotherham.gov.uk/ => https://mail.rotherham.gov.uk/: (6, 'Could not resolve host: mail.rotherham.gov.uk')
+Fetch error: http://moderngov.rotherham.gov.uk/ => https://moderngov.rotherham.gov.uk/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://myaccount.rotherham.gov.uk/ => https://myaccount.rotherham.gov.uk/: (7, 'Failed to connect to myaccount.rotherham.gov.uk port 443: Connection refused')
+
+	Rotherham Metropolitan Borough Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *rotherham.gov.uk:
+
+		- roam ʳ
+		- www3 ʳ
+
+	ʳ Refused
+
+
+	Problematic hosts in *rotherham.gov.uk:
+
+		- community ᵐ
+
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- rotherham.gov.uk
+		- doncasterhrportal.rotherham.gov.uk
+		- mail.rotherham.gov.uk
+		- moderngov.rotherham.gov.uk
+		- myaccount.rotherham.gov.uk
+		- www.rotherham.gov.uk
+		- .www.rotherham.gov.uk
+
+
+	Mixed content:
+
+		- Images on (www.)? from www.rotherham.gov.uk ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="Rotherham.gov.uk (partial)" default_off="failed ruleset test">
+
+	<target host="rotherham.gov.uk" />
+	<target host="admissions.rotherham.gov.uk" />
+	<target host="doncasterhrportal.rotherham.gov.uk" />
+	<target host="mail.rotherham.gov.uk" />
+	<target host="moderngov.rotherham.gov.uk" />
+	<target host="myaccount.rotherham.gov.uk" />
+	<target host="www.rotherham.gov.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?rotherham\.gov\.uk$" name="^\w{16}$" /-->
+	<!--securecookie host="^(?:doncasterhrportal|moderngov)\.rotherham\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^mail\.rotherham\.gov\.uk$" name="^(?:cadata|sessionid)$" /-->
+	<!--securecookie host="^myaccount\.rotherham\.gov\.uk$" name="(?:JSESSIONID|cookietest)$" /-->
+	<!--securecookie host="^\.www\.rotherham\.gov\.uk$" name="^TestCookie$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/RottenTomatoes.com.xml b/src/chrome/content/rules/RottenTomatoes.com.xml
new file mode 100644
index 000000000000..8de8c3389618
--- /dev/null
+++ b/src/chrome/content/rules/RottenTomatoes.com.xml
@@ -0,0 +1,37 @@
+<!--
+	Invalid certificate:
+		api.rottentomatoes.com
+		i.rottentomatoes.com
+		images.rottentomatoes.com
+
+	Mixed content:
+		editorial.rottentomatoes.com (www.rottentomatoes.com links to https://editorial.rottentomatoes.com)
+
+	No working URL known:
+		preview.rottentomatoes.com
+
+-->
+<ruleset name="Rottentomatoes.com">
+
+	<target host="rottentomatoes.com" />
+	<target host="www.rottentomatoes.com" />
+	<target host="developer.rottentomatoes.com" />
+	<target host="forum.rottentomatoes.com" />
+	<target host="movies.rottentomatoes.com" />
+	<target host="static.rottentomatoes.com" />
+		<test url="http://static.rottentomatoes.com/static/images/icons/favicon.ico" />
+	<target host="staticv2.rottentomatoes.com" />
+		<test url="http://staticv2.rottentomatoes.com/static/images/icons/favicon.ico" />
+	<target host="staticv2-4.rottentomatoes.com" />
+		<test url="http://staticv2-4.rottentomatoes.com/static/images/icons/favicon.ico" />
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.rottentomatoes\.com$" name="^JSESSIONID$" /-->
+	<securecookie host="^\." name="^(?:__qca$|_gat?$|_gat_|optimizely)" />
+	<securecookie host="^(?!\.rottentomatoes\.com$)." name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/RottenTomatoes.xml b/src/chrome/content/rules/RottenTomatoes.xml
deleted file mode 100644
index 485d6af09c6f..000000000000
--- a/src/chrome/content/rules/RottenTomatoes.xml
+++ /dev/null
@@ -1,65 +0,0 @@
-<!--
-	CDN buckets:
-
-		- images.rottentomatoescdn.com.cdngc.net
-
-
-	Problematic domains:
-
-		- images.rottentomatoes.com	(dropped)
-
-
-	Fully covered domains:
-
-		- (www.)rottentomatoes.com
-		- images.rottentomatoes.com	(→ images.rottentomatoescdn.com)
-		- images.rottentomatoescdn.com
-
-
-	Mixed content, on www:
-
-		- Scripts, from:
-
-			- jsapi.netflix.com *
-
-		- Images, from:
-
-			- images **
-			- content.internetvideoarchive.com ***
-			- images.rottentomatoescdn.com **
-			- content[6-9].flixster.com **
-			- instart[0-3].flixster.com **
-
-		- Web bugs, from:
-
-			- warnerbros.112.2o7.net **
-			- segs.btrll.com **
-			- static.ak.fbcdn.net **
-			- www2.glam.com **
-			- edge.quantserve.com **
-			- pixel.quantserve.com **
-			- b.scorecardresearch.com **
-
-	* Secured by us, but not by default
-	** Secured by us
-	*** Unsecurable, doesn't trip MCB
-
--->
-<ruleset name="Rottentomatoes" platform="mixedcontent">
-
-	<target host="rottentomatoes.com" />
-	<target host="*.rottentomatoes.com" />
-	<target host="images.rottentomatoescdn.com" />
-
-
-	<securecookie host="^(www\.)?rottentomatoes\.com$" name=".*" />
-
-
-	<rule from="^http://(www\.)?rottentomatoes\.com/"
-		to="https://$1rottentomatoes.com/" />
-
-	<rule from="^http://images\.rottentomatoes(?:cdn)?\.com/"
-		to="https://images.rottentomatoescdn.com/" />
-
-</ruleset>
-<!-- Rule generated by HTTPS Finder 0.77 -->
diff --git a/src/chrome/content/rules/Rottenecards.xml b/src/chrome/content/rules/Rottenecards.xml
index 4f343d023334..5ffbf12b62e7 100644
--- a/src/chrome/content/rules/Rottenecards.xml
+++ b/src/chrome/content/rules/Rottenecards.xml
@@ -1,4 +1,14 @@
-<ruleset name="Rottenecards">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://rottenecards.com/ => https://rottenecards.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.rottenecards.com/ => https://www.rottenecards.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://rottenecards.com/ => https://rottenecards.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.rottenecards.com/ => https://www.rottenecards.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+-->
+<ruleset name="Rottenecards" default_off="failed ruleset test">
 
 	<target host="rottenecards.com" />
 	<target host="www.rottenecards.com" />
@@ -7,7 +17,6 @@
 	<securecookie host="^www\.rottenecards\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?rottenecards\.com/"
-		to="https://$1rottenecards.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Rottnest-Express.xml b/src/chrome/content/rules/Rottnest-Express.xml
new file mode 100644
index 000000000000..cba4fd53fbb3
--- /dev/null
+++ b/src/chrome/content/rules/Rottnest-Express.xml
@@ -0,0 +1,10 @@
+<ruleset name="Rottnest Express">
+	<target host=         "rottnestexpress.com.au" />
+	<target host=     "www.rottnestexpress.com.au" />
+	<target host="bookings.rottnestexpress.com.au" />
+
+  	<securecookie host="^(www|bookings)\.rottnestexpress\.com\.au$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Rottnest-Fast-Ferries.xml b/src/chrome/content/rules/Rottnest-Fast-Ferries.xml
new file mode 100644
index 000000000000..b90c34c94b3e
--- /dev/null
+++ b/src/chrome/content/rules/Rottnest-Fast-Ferries.xml
@@ -0,0 +1,13 @@
+<!--
+	Non-functional subdomain:
+		- hotels			(hostname mismatch, CN: *.booking.com, booking.com)
+-->
+<ruleset name="Rottnest Fast Ferries">
+	<target host=    "rottnestfastferries.com.au" />
+	<target host="www.rottnestfastferries.com.au" />
+
+  	<securecookie host="^www\.rottnestfastferries\.com\.au$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Rough_Trade_Gear.xml b/src/chrome/content/rules/Rough_Trade_Gear.xml
index 901ba39ec218..49d2727e6074 100644
--- a/src/chrome/content/rules/Rough_Trade_Gear.xml
+++ b/src/chrome/content/rules/Rough_Trade_Gear.xml
@@ -1,13 +1,20 @@
+<!--
+	Mixed content:
+
+		- css from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
 <ruleset name="Rough Trade Gear">
 
 	<target host="roughtradegear.com" />
-	<target host="*.roughtradegear.com" />
+	<target host="www.roughtradegear.com" />
 
 
-	<securecookie host="^(?:.*\.)?roughtradegear\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(www\.)?roughtradegear\.com/"
-		to="https://$1roughtradegear.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/RoundCube.net.xml b/src/chrome/content/rules/RoundCube.net.xml
new file mode 100644
index 000000000000..e570d3a7aae0
--- /dev/null
+++ b/src/chrome/content/rules/RoundCube.net.xml
@@ -0,0 +1,18 @@
+<!--
+	Invalid certificate:
+		lists.roundcube.net
+		trac.roundcube.net
+
+-->
+<ruleset name="RoundCube.net">
+
+	<target host="roundcube.net" />
+	<target host="www.roundcube.net" />
+	<target host="docs.roundcube.net" />
+	<target host="plugins.roundcube.net" />
+	<target host="spell.roundcube.net" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Roundhouse.org.uk.xml b/src/chrome/content/rules/Roundhouse.org.uk.xml
new file mode 100644
index 000000000000..73538a27981d
--- /dev/null
+++ b/src/chrome/content/rules/Roundhouse.org.uk.xml
@@ -0,0 +1,18 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+		- volunteers.roundhouse.org.uk
+
+		Timeout was reached:
+		- tickets.roundhouse.org.uk
+-->
+<ruleset name="Roundhouse.org.uk">
+	<target host="roundhouse.org.uk" />
+	<target host="www.roundhouse.org.uk" />
+	<target host="50.roundhouse.org.uk" />
+	<target host="careers.roundhouse.org.uk" />
+	
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Roundhouse.xml b/src/chrome/content/rules/Roundhouse.xml
deleted file mode 100644
index acf4abbff0cf..000000000000
--- a/src/chrome/content/rules/Roundhouse.xml
+++ /dev/null
@@ -1,66 +0,0 @@
-<ruleset name="Roundhouse" default_off="needs testing">
-
-	<target host="roundhouse.org.uk" />
-	<!--	* for cross-domain cookie.	-->
-	<target host="*.roundhouse.org.uk" />
-		<!--	Some pages in [\w\-]+/\w redirect to http.
-				Excluded here are:
-
-					- about
-					- about/cultural-camden
-					x about/history					(works)
-					- about/jobs$
-					- about/people
-					x about/press					(works)
-					- about/press/archive/
-					- about/roundhouse-people/ambassadors
-					x about/roundhouse-people/annual-reports	(works)
-					- about/roundhouse-people/associates
-					- about/roundhouse-people/biographies
-					- about/roundhouse-people/roundhouse-trust
-					- about/roundhouse-people/staff
-					- book-tickets
-					- call-to-create$
-					x contact/?$					(works)
-					- expore$
-					- explore/portfolios
-					- explore/profiles/all
-					- explore/radio/
-						- Some programs' pages don't.
-					x explore/what-was-on 				(works)
-					- hire/roundhouse-london-2012
-					- hire/spaces-for-hire
-					- round1$
-					- round1/about
-					- round1/blog
-					- round1/jointheteam
-					- round1/producers
-					- round1/projects
-					- takepart$
-					- take-part/creative-projects$
-					- take-part/creative-projects/creative-media/online-film-fund-2012
-					- take-part/creative-projects/music
-					- take-part/get-support$
-					- take-part/get-support/financial-support
-					- visit/buy-a-t-shirt
-					- whats-on/festivals
-					- whats-on/productions$
-					- whats-on/world-shakespeare-festival
-								-->
-	<exclusion 
-pattern="^http://(www\.)?roundhouse\.org\.uk/(about($|/cultural-camden|/jobs$|/people|press/archive/|/roundhouse-people/(ambassadors|associates|biographies|roundhouse-trust|staff))|book-tickets|call-to-create$|explore($|/portfolios|/profiles/all|/radio/)|hire/(roundhouse-london-2012|spaces-for-hire)|round1($|/about|/blog|/jointheteam|/producers|/projects)|take-part$|take-part/(creative-projects($|/creative-media/online-film-fund-2012|/performing-arts)|get-support($|financial-support))|visit/buy-a-t-shirt|whats-on/(festivals|productions$|world-shakespeare-festival))" 
-/>
-
-
-	<securecookie host="^(www)?\.roundhouse\.org\.uk$" name=".*" />
-
-
-	<!--	/$ redirects to $, but only after redirecting to http.
-		The same is the case for some other directories.	-->
-	<rule from="^http://(www\.)?roundhouse\.org\.uk/(contact|take-part)/$"
-		to="https://$1roundhouse.org.uk/$2" />
-
-	<rule from="^http://(www\.)?roundhouse\.org\.uk/"
-		to="https://$1roundhouse.org.uk/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Rovi.xml b/src/chrome/content/rules/Rovi.xml
index fe10901cd3d6..00dc4bc949c0 100644
--- a/src/chrome/content/rules/Rovi.xml
+++ b/src/chrome/content/rules/Rovi.xml
@@ -1,9 +1,4 @@
 <!--
-	Other Rovi rulesets:
-
-		- Nowtilus.tv.xml
-
-
 	Nonfunctional subdomains:
 
 		- (www.)
@@ -14,7 +9,6 @@
 	<target host="cps-static.rovicorp.com" />
 
 
-	<rule from="^http://cps-static\.rovicorp\.com/"
-		to="https://cps-static.rovicorp.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Rovio.com.xml b/src/chrome/content/rules/Rovio.com.xml
new file mode 100644
index 000000000000..a737aaf3aa47
--- /dev/null
+++ b/src/chrome/content/rules/Rovio.com.xml
@@ -0,0 +1,77 @@
+<!--
+	CDN buckets:
+
+		- d2onmsj2cximry.cloudfront.net	← assets
+		- d1umoivskfzt7s.cloudfront.net	← fonts
+		- ductl1gjw76cl.cloudfront.net	← assets-production
+
+
+	Nonfunctional hosts in *rovio.com:
+
+		- (www.)? ᵈ
+		- media ᵈ
+
+	ᵈ Dropped
+
+
+	Problematic hosts in *rovio.com:
+
+		- assets-production ᵐ
+		- competitions ᵐ
+		- fonts ᵐ
+		- freya ᵐ
+		- nibblers ᵐ
+		- stormsisters ᵐ
+
+	ᵐ Cloudfront / mismatched
+
+
+	Mixed content:
+
+		- css, on:
+
+			- competitions, freya, nibblers from fonts.googleapis.com ˢ
+			- stormsisters from fonts.rovio.com ˢ
+			- stormsisters from hello.myfonts.net ˢ
+
+		- Images from img.youtube.com ˢ
+		- favicon on competitions from assets.rovio.com ˢ
+		- Web bugs from www.facebook.com ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="Rovio.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="account.rovio.com" />
+	<target host="support.rovio.com" />
+
+	<!--	Complications:
+				-->
+	<target host="assets.rovio.com" />
+	<target host="assets-production.rovio.com" />
+	<target host="fonts.rovio.com" />
+
+
+	<securecookie host="^\." name="^_gat?$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://assets\.rovio\.com/"
+		to="https://d2onmsj2cximry.cloudfront.net/" />
+
+		<test url="http://assets.rovio.com/rovio/favicon.ico" />
+
+		<test url="http://assets-production.rovio.com/s3fs-public/privacypolicy_2.jpg" />
+
+	<rule from="^http://fonts\.rovio\.com/"
+		to="https://d1umoivskfzt7s.cloudfront.net/" />
+
+		<test url="http://fonts.rovio.com/books/brushup.css" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Rowetel.com.xml b/src/chrome/content/rules/Rowetel.com.xml
new file mode 100644
index 000000000000..b201a8de7aee
--- /dev/null
+++ b/src/chrome/content/rules/Rowetel.com.xml
@@ -0,0 +1,17 @@
+<!--
+	Mismatched:
+		- autoconfig.rowetel.com
+		- autodiscover.rowetel.com
+		- cpanel.rowetel.com
+		- ftp.rowetel.com
+		- mail.rowetel.com
+		- webdisk.rowetel.com
+		- webmail.rowetel.com
+		- whm.rowetel.com
+-->
+<ruleset name="Rowetel.com">
+	<target host="rowetel.com" />
+	<target host="www.rowetel.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Royal-Academy-of-Engineering.xml b/src/chrome/content/rules/Royal-Academy-of-Engineering.xml
index aa9ecf869473..b4dca747688d 100644
--- a/src/chrome/content/rules/Royal-Academy-of-Engineering.xml
+++ b/src/chrome/content/rules/Royal-Academy-of-Engineering.xml
@@ -1,18 +1,26 @@
-<ruleset name="Royal Academy of Engineering">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://raeng.org.uk/ => https://www.raeng.org.uk/: Too many redirects while fetching 'https://www.raeng.org.uk/'
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://raeng.org.uk/ => https://www.raeng.org.uk/: Cycle detected - URL already encountered: https://www.raeng.org.uk/
+-->
+<ruleset name="Royal Academy of Engineering" default_off="failed ruleset test">
 
 	<target host="raeng.org.uk" />
-	<target host="*.raeng.org.uk" />
+	<target host="www.raeng.org.uk" />
+	<target host="private.raeng.org.uk" />
 
 
-	<securecookie host="^.*\.raeng\.org\.uk$" name=".*" />
+	<securecookie host="^.*\.raeng\.org\.uk$" name=".+" />
 
 
 	<!--	Cert only matches *.raeng.org.uk.
 							-->
-	<rule from="^https?://(?:www\.)?raeng\.org\.uk/"
+	<rule from="^http://(?:www\.)?raeng\.org\.uk/"
 		to="https://www.raeng.org.uk/" />
 
-	<rule from="^http://private\.raeng\.org\.uk/"
-		to="https://private.raeng.org.uk/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Royal-Astronomical-Society.xml b/src/chrome/content/rules/Royal-Astronomical-Society.xml
index a7c1d5a313f1..7dda2ace9352 100644
--- a/src/chrome/content/rules/Royal-Astronomical-Society.xml
+++ b/src/chrome/content/rules/Royal-Astronomical-Society.xml
@@ -3,7 +3,11 @@
 	<target host="ras.org.uk"/>
 	<target host="www.ras.org.uk"/>
 
-	<securecookie host="^www\.ras\.org\.uk$" name=".*"/>
+	<!--	Not secured by server:
+						-->
+	<!--securecookie host="^www\.ras\.org\.uk$" name="^[0-9a-f]{32}$"/-->
+
+	<securecookie host="^www\.ras\.org\.uk$" name=".+" />
 
 	<!--	!www doesn't work	-->
 	<rule from="^http://(?:www\.)?ras\.org\.uk/"
diff --git a/src/chrome/content/rules/Royal-Institution-of-Great-Britain-mismatches.xml b/src/chrome/content/rules/Royal-Institution-of-Great-Britain-mismatches.xml
deleted file mode 100644
index fc05647d19cb..000000000000
--- a/src/chrome/content/rules/Royal-Institution-of-Great-Britain-mismatches.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="Royal Institution of Great Britain (mismatches)" default_off="mismatch">
-
-	<target host="richannel.org"/>
-	<target host="www.richannel.org"/>
-
-	<rule from="^http://(?:www\.)?richannel\.org/"
-		to="https://richannel.org/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Royal-Institution-of-Great-Britain.xml b/src/chrome/content/rules/Royal-Institution-of-Great-Britain.xml
deleted file mode 100644
index ebe92f959bef..000000000000
--- a/src/chrome/content/rules/Royal-Institution-of-Great-Britain.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<ruleset name="Royal Institution of Great Britain (partial)">
-
-	<target host="rigb.org"/>
-	<target host="www.rigb.org"/>
-
-	<securecookie host="^www\.rigb\.org$" name=".*"/>
-
-	<rule from="^http://(?:www\.)?rigb\.org/"
-		to="https://www.rigb.org/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Royal-Navy.xml b/src/chrome/content/rules/Royal-Navy.xml
deleted file mode 100644
index 1790a5c8896b..000000000000
--- a/src/chrome/content/rules/Royal-Navy.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	c69011.r11.cf3.rackcdn.com
-
--->
-<ruleset name="Royal Navy (partial)" platform="mixedcontent">
-
-	<target host="navynews.co.uk" />
-	<target host="www.navynews.co.uk" />
-	<target host="royalnavy.mod.uk" />
-	<target host="www.royalnavy.mod.uk" />
-
-
-	<securecookie host="^(www\.)?navynews\.co\.uk$" name=".*" />
-
-
-	<rule from="^http://(www\.)?navynews\.co\.uk/"
-		to="https://$1navynews.co.uk/" />
-
-	<!--	At least some pages redirect to www.	-->
-	<rule from="^http://(www\.)?royalnavy\.mod\.uk/(contact-us|images/|library/|login|[pP]rofile/|ScriptCombiner\.axd)"
-		to="https://$1royalnavy.mod.uk/$2" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Royal-Society-of-Chemistry-mismatches.xml b/src/chrome/content/rules/Royal-Society-of-Chemistry-mismatches.xml
deleted file mode 100644
index e9d6f8a130ad..000000000000
--- a/src/chrome/content/rules/Royal-Society-of-Chemistry-mismatches.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="Royal Society (mismatches)" default_off="mismatch, self-signed">
-
-	<!--	www.rscweb.org	-->
-	<target host="prospect.rsc.org"/>
-
-	<rule from="^http://prospect\.rsc\.org/"
-		to="https://prospect.rsc.org/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Royal-Society-of-Chemistry.xml b/src/chrome/content/rules/Royal-Society-of-Chemistry.xml
index 059e63cc551b..b58ac81978e7 100644
--- a/src/chrome/content/rules/Royal-Society-of-Chemistry.xml
+++ b/src/chrome/content/rules/Royal-Society-of-Chemistry.xml
@@ -1,31 +1,33 @@
-<!--	Problematic domains handled in Royal-Society-of-Chemistry-mismatches.xml
-
-	nonfunctional: blogs, pubs, www.
-
-	www redirects to http, even images, even the shop!
-
-	pubs and www: passwords, logins, details - all plain text.
-	There's a nice gif of a padlock though.  Must be secure plain text.
+<!--
+	Active mixed content:
+		- cds.rsc.org
+
+	Connection closed:
+		- feeds.rsc.org
+
+	Empty response:
+		- pubs.rsc.org
+
+	Invalid certificate:
+		- blogs.rsc.org
+		- ilab.cds.rsc.org
+		- jobs.rsc.org
+		- prospect.rsc.org
+
+	Redirects to HTTP:
+		- rsc.org
+		- www.rsc.org
+		- spectraschool.rsc.org
+
+	Timed out:
+		- ebook.rsc.org
+		- my.rsc.org
+		- xlink.rsc.org
 -->
-<ruleset name="Royal Society of Chemistry (partial)" platform="mixedcontent">
-
-	<target host="chemspider.com"/>
-	<target host="*.chemspider.com"/>
-	<target host="rsc.org"/>
-	<target host="carousel.rsc.org"/>
-	<target host="rscweb.org"/>
-	<target host="www.rscweb.org"/>
-
-	<securecookie host="^(.*\.)?chemspider\.com$" name=".*"/>
-	<securecookie host="^(carousel|members)\.rsc\.org$" name=".*"/>
-
-	<rule from="^http://([\w-]+\.)?chemspider\.com/"
-		to="https://$1chemspider.com/"/>
-
-	<rule from="^http://(?:rsc|(?:www\.)?rscweb)\.org/"
-		to="https://www.rsc.org/"/>
 
-	<rule from="^http://(carousel|members)\.rsc\.org/"
-		to="https://$1.rsc.org/"/>
+<ruleset name="Royal Society of Chemistry">
+	<target host="eic.rsc.org" />
+	<target host="members.rsc.org" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Royal.uk.xml b/src/chrome/content/rules/Royal.uk.xml
new file mode 100644
index 000000000000..cbd3ca491132
--- /dev/null
+++ b/src/chrome/content/rules/Royal.uk.xml
@@ -0,0 +1,10 @@
+<!--
+	Invalid certificate:
+		www.everydayexceptional.royal.uk
+-->
+<ruleset name="Royal.uk">
+	<target host="royal.uk" />
+	<target host="www.royal.uk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/RoyalAustralianNavy.xml b/src/chrome/content/rules/RoyalAustralianNavy.xml
new file mode 100644
index 000000000000..03d082a6f635
--- /dev/null
+++ b/src/chrome/content/rules/RoyalAustralianNavy.xml
@@ -0,0 +1,15 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://navy.gov.au/ => https://www.navy.gov.au/: (7, 'Failed to connect to www.navy.gov.au port 443: No route to host')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://navy.gov.au/ => https://www.navy.gov.au/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+-->
+<ruleset name="Royal Australian Navy" default_off="failed ruleset test">
+	<target host="navy.gov.au" />
+	<target host="www.navy.gov.au" />
+
+	<rule from="^http://(?:www\.)?navy\.gov\.au/"
+		to="https://www.navy.gov.au/" />
+</ruleset>
diff --git a/src/chrome/content/rules/RoyalGovUK.xml b/src/chrome/content/rules/RoyalGovUK.xml
index 81fe2789c6ae..c16dce724a8c 100644
--- a/src/chrome/content/rules/RoyalGovUK.xml
+++ b/src/chrome/content/rules/RoyalGovUK.xml
@@ -1,8 +1,15 @@
-<ruleset name="RoyalGovUK" platform="mixedcontent">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://royal.gov.uk/ => https://www.royal.gov.uk/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.royal.gov.uk/ => https://www.royal.gov.uk/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="RoyalGovUK" platform="mixedcontent" default_off="failed ruleset test">
   <target host="royal.gov.uk"/>
   <target host="www.royal.gov.uk"/>
 
-  <securecookie host="^(.+\.)?royal\.gov\.uk$" name=".*"/>
+  <securecookie host=".+" name=".+" />
 
   <rule from="^http://(?:www\.)?royal\.gov\.uk/" to="https://www.royal.gov.uk/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/RoyalLib.com.xml b/src/chrome/content/rules/RoyalLib.com.xml
new file mode 100644
index 000000000000..b9684ebb9614
--- /dev/null
+++ b/src/chrome/content/rules/RoyalLib.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="RoyalLib.com">
+	<target host="royallib.com" />
+	<target host="www.royallib.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/RoyalNavy.mod.uk.xml b/src/chrome/content/rules/RoyalNavy.mod.uk.xml
new file mode 100644
index 000000000000..cc355ade27d0
--- /dev/null
+++ b/src/chrome/content/rules/RoyalNavy.mod.uk.xml
@@ -0,0 +1,17 @@
+<!--
+	Other royalnavy.mod.uk related rulesets:
+		+ NavyNews.co.uk.xml
+
+	Non-functional hosts
+		SSL peer certificate was not OK:
+			 - careers.royalnavy.mod.uk
+			 - email.royalnavy.mod.uk
+			 - jackspeak.royalnavy.mod.uk
+-->
+<ruleset name="RoyalNavy.mod.uk">
+	<target host="royalnavy.mod.uk" />
+	<target host="www.royalnavy.mod.uk" />
+	<target host="authoring.royalnavy.mod.uk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/RoyalSociety.org.xml b/src/chrome/content/rules/RoyalSociety.org.xml
new file mode 100644
index 000000000000..096392118b26
--- /dev/null
+++ b/src/chrome/content/rules/RoyalSociety.org.xml
@@ -0,0 +1,41 @@
+<!--
+	Invalid certificate:
+		discuss.royalsociety.org
+		journals.royalsociety.org
+		prints.royalsociety.org
+		rss.royalsociety.org
+
+	Different content http/https:
+		commonwealthdelegates.royalsociety.org
+		proposals.royalsociety.org
+
+	Login required:
+		awards.royalsociety.org
+		e-gap.royalsociety.org
+		e-lect.royalsociety.org
+		eventregistration.royalsociety.org
+		fileshare.royalsociety.org
+		partnership.royalsociety.org
+		press.royalsociety.org
+		pressportal.royalsociety.org
+		sseapplications.royalsociety.org
+
+-->
+<ruleset name="Royal Society.org">
+
+	<target host="royalsociety.org" />
+	<target host="www.royalsociety.org" />
+	<target host="api.royalsociety.org" />
+	<target host="blogs.royalsociety.org" />
+		<test url="http://blogs.royalsociety.org/publishing/top-5-blog-posts-of-2017/" />
+	<target host="downloads.royalsociety.org" />
+	<target host="grants.royalsociety.org" />
+	<target host="invigorate.royalsociety.org" />
+	<target host="photocompetition.royalsociety.org" />
+	<target host="pictures.royalsociety.org" />
+	<target host="sse.royalsociety.org" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Royal_Mail.xml b/src/chrome/content/rules/Royal_Mail.xml
index 7dbc5d3c61f3..14cbed1c085f 100644
--- a/src/chrome/content/rules/Royal_Mail.xml
+++ b/src/chrome/content/rules/Royal_Mail.xml
@@ -9,17 +9,18 @@
 <ruleset name="Royal Mail (partial)">
 
 	<target host="royalmail.com" />
-	<target host="*.royalmail.com" />
-	<target host="*.shop.royalmail.com" />
+	<target host="www.royalmail.com" />
+	<target host="shop.royalmail.com" />
+	<target host="www2.royalmail.com" />
 
 
 	<securecookie host="^(?:\.?shop|www2)\.royalmail\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?royalmail\.com/(sites/|user(?:$|\?|/))"
+	<rule from="^http://(?:www\.)?royalmail\.com/(sites/|user(?:$|\?|/))"
 		to="https://www.royalmail.com/$1" />
 
 	<rule from="^http://(shop|www2)\.royalmail\.com/"
 		to="https://$1.royalmail.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Royal_Mail_Group.xml b/src/chrome/content/rules/Royal_Mail_Group.xml
deleted file mode 100644
index 4d42ab5cee39..000000000000
--- a/src/chrome/content/rules/Royal_Mail_Group.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	Other Royal Mail rulesets:
-
-		- Parcelforce.xml
-		- Post_Office.xml
-		- Post_Office_Shop.xml
-		- Royal_Mail.xml
-
-
-	- Cert only matches *.royalmailgroup.com
-	- Some (most?) pages redirect to http
-
--->
-<ruleset name="Royal Mail Group (partial)">
-
-	<target host="royalmailgroup.com" />
-	<target host="*.royalmailgroup.com" />
-
-
-	<rule from="^https?://(?:www\.)?royalmailgroup\.com/(sites/|user(?:$|\?|/))"
-		to="https://www.royalmailgroup.com/$1" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Rpgmakerweb.com.xml b/src/chrome/content/rules/Rpgmakerweb.com.xml
new file mode 100644
index 000000000000..d59d7836661b
--- /dev/null
+++ b/src/chrome/content/rules/Rpgmakerweb.com.xml
@@ -0,0 +1,34 @@
+<!--
+	Nonfunctional hosts in *rpgmakerweb.com:
+
+		- blog ᵃ
+		- forums ᵃ
+
+	ᵃ Shows kenny.rpgmakerweb.com
+
+
+	^rpgmakerweb.com: Mismatched
+
+-->
+<ruleset name="RPG Maker web.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="kenny.rpgmakerweb.com" />
+	<target host="www.rpgmakerweb.com" />
+
+	<!--	Complications:
+				-->
+	<target host="rpgmakerweb.com" />
+
+
+	<securecookie host=".+" name="^optimizely" />
+
+
+	<rule from="^http://rpgmakerweb\.com/"
+		to="https://www.rpgmakerweb.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Rpmfind.net.xml b/src/chrome/content/rules/Rpmfind.net.xml
new file mode 100644
index 000000000000..7c96e84bea3a
--- /dev/null
+++ b/src/chrome/content/rules/Rpmfind.net.xml
@@ -0,0 +1,15 @@
+<ruleset name="Rpmfind.net">
+
+	<target host="rpmfind.net" />
+	<target host="fr.rpmfind.net" />
+	<target host="fr2.rpmfind.net" />
+	<target host="www.rpmfind.net" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Rpmfusion.org.xml b/src/chrome/content/rules/Rpmfusion.org.xml
new file mode 100644
index 000000000000..1af3eee6421a
--- /dev/null
+++ b/src/chrome/content/rules/Rpmfusion.org.xml
@@ -0,0 +1,22 @@
+<!--
+	Invalid certificate:
+		koji.rpmfusion.org
+
+-->
+<ruleset name="RPM Fusion.org">
+
+	<target host="rpmfusion.org" />
+	<target host="www.rpmfusion.org" />
+	<target host="admin.rpmfusion.org" />
+	<target host="bugzilla.rpmfusion.org" />
+	<target host="download0.rpmfusion.org" />
+	<target host="download1.rpmfusion.org" />
+	<target host="id.rpmfusion.org" />
+	<target host="lists.rpmfusion.org" />
+	<target host="mirrors.rpmfusion.org" />
+	<target host="pkgs.rpmfusion.org" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Rpw.sh.xml b/src/chrome/content/rules/Rpw.sh.xml
new file mode 100644
index 000000000000..a8dce746ee9a
--- /dev/null
+++ b/src/chrome/content/rules/Rpw.sh.xml
@@ -0,0 +1,20 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://rpw.sh/ => https://rpw.sh/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.rpw.sh/ => https://www.rpw.sh/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="rpw.sh" default_off="failed ruleset test">
+
+	<target host="rpw.sh" />
+	<target host="www.rpw.sh" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Rsb.ru.xml b/src/chrome/content/rules/Rsb.ru.xml
new file mode 100644
index 000000000000..b76943f1b981
--- /dev/null
+++ b/src/chrome/content/rules/Rsb.ru.xml
@@ -0,0 +1,58 @@
+<!--
+amex-promo.rsb.ru ³
+corporate.rsb.ru ²
+demo.rsb.ru ²
+edge-a01.rsb.ru ³
+go.rsb.ru ²
+infobank.rsb.ru ²
+konturapp.rsb.ru ³
+mail01.rsb.ru ³
+mb.rsb.ru ¹
+mobapps.rsb.ru ²
+mobile.rsb.ru ²
+pos.rsb.ru ³
+s4b.rsb.ru ⁷
+sip.rsb.ru ²
+test-mb.rsb.ru ²
+securepay.rsb.ru:8443 ³
+dialin.rsb.ru different content
+lyncdiscover.rsb.ru different content
+meet.rsb.ru different content
+mob.rsb.ru different content
+web.rsb.ru different content
+
+
+¹ mismatch
+² refused
+³ timed out
+⁷ protocol error
+-->
+<ruleset name="rsb.ru">
+	<target host="rsb.ru" />
+	<target host="www.rsb.ru" />
+	<target host="aero.rsb.ru" />
+	<target host="anketa.rsb.ru" />
+	<target host="apps.rsb.ru" />
+	<target host="bonus.rsb.ru" />
+	<target host="cardlimit.rsb.ru" />
+	<target host="client-online.rsb.ru" />
+	<target host="consultant.rsb.ru" />
+	<target host="dinersaero.rsb.ru" />
+	<target host="dinerstravel.rsb.ru" />
+	<target host="discover.rsb.ru" />
+	<target host="kdkurator.rsb.ru" />
+	<target host="media.rsb.ru" />
+	<target host="oms.rsb.ru" />
+	<target host="online.rsb.ru" />
+	<target host="opros.rsb.ru" />
+	<target host="payusvisafee.rsb.ru" />
+	<target host="rsbplus.rsb.ru" />
+	<target host="securepay.rsb.ru" />
+	<target host="tariffolds.rsb.ru" />
+	<target host="testsecurepay.rsb.ru" />
+	<target host="travel.rsb.ru" />
+	<target host="vfsglobal.rsb.ru" />
+	<target host="wallet.rsb.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Rshb.ru.xml b/src/chrome/content/rules/Rshb.ru.xml
new file mode 100644
index 000000000000..e5019fc94ef7
--- /dev/null
+++ b/src/chrome/content/rules/Rshb.ru.xml
@@ -0,0 +1,47 @@
+<!--
+bc.altay.rshb.ru ²
+bc.rshb.ru ⁴
+bankclient.bur.rshb.ru ³
+bc.chechnya.rshb.ru ³
+bc.chukotka.rshb.ru ³
+crl.rshb.ru ³
+crl1.rshb.ru ³
+goz.rshb.ru ⁴
+bankclient.hab.rshb.ru ³
+bankclient.kamchatka.rshb.ru ³
+ic.kemerovo.rshb.ru ³
+bankclient.kirov.rshb.ru ³
+bankclient.mar.rshb.ru ³
+mm.rshb.ru ³
+mx1.rshb.ru ³
+mx2.rshb.ru ³
+new.rshb.ru ¹
+bc.nsk.rshb.ru ³
+bankclient.orn.rshb.ru ³
+bankclient.primor.rshb.ru ³
+bc.ryazan.rshb.ru ³
+bc.shl.rshb.ru ³
+bankclient.spb.rshb.ru ³
+goz.ssl.rshb.ru ⁴
+sverdlovsksrv.sverdlovsk.rshb.ru ³
+bankclient.tomsk.rshb.ru ³
+bankclient.tver.rshb.ru ³
+ibc.uln.rshb.ru ³
+
+
+¹ mismatch
+² refused
+³ timed out
+⁴ self signed
+-->
+<ruleset name="rshb.ru">
+	<target host="rshb.ru" />
+	<target host="www.rshb.ru" />
+	<target host="acs.rshb.ru" />
+	<target host="cabinet.rshb.ru" />
+	<target host="chat.rshb.ru" />
+	<target host="online.rshb.ru" />
+	<target host="urozhai.rshb.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Rspamd.com.xml b/src/chrome/content/rules/Rspamd.com.xml
new file mode 100644
index 000000000000..a35e3008e0a5
--- /dev/null
+++ b/src/chrome/content/rules/Rspamd.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="Rspamd.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="rspamd.com" />
+	<target host="www.rspamd.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Rsshog.xml b/src/chrome/content/rules/Rsshog.xml
deleted file mode 100644
index 80bd71e14eca..000000000000
--- a/src/chrome/content/rules/Rsshog.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="rsshog">
-
-	<target host="rsshog.com" />
-	<target host="*.rsshog.com" />
-
-
-	<securecookie host="^(?:\.?www)?\.rsshog\.com$" name=".+" />
-
-
-	<rule from="^http://(img\.|static\d\.|www\.)?rsshog\.com/"
-		to="https://$1rsshog.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Rsyslog.com.xml b/src/chrome/content/rules/Rsyslog.com.xml
new file mode 100644
index 000000000000..3385fa32af2e
--- /dev/null
+++ b/src/chrome/content/rules/Rsyslog.com.xml
@@ -0,0 +1,23 @@
+<!--
+	Nonfunctional hosts in *.rsyslog.com:
+		- rsyslog.com (m)
+		- alpine.rsyslog.com (t)
+		- cookbook.rsyslog.com (m)
+		- download.rsyslog.com (m)
+		- ubuntu16.rsyslog.com (t)
+		- wiki.rsyslog.com (m)
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Rsyslog.com">
+	<target host="rsyslog.com" />
+	<target host="www.rsyslog.com" />
+	<target host="build.rsyslog.com" />
+
+	<rule from="^http://rsyslog\.com/" to="https://www.rsyslog.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Rtbf.be.xml b/src/chrome/content/rules/Rtbf.be.xml
new file mode 100644
index 000000000000..e64b7a2b8cc6
--- /dev/null
+++ b/src/chrome/content/rules/Rtbf.be.xml
@@ -0,0 +1,74 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://boutique.rtbf.be/ => https://boutique.rtbf.be/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://podcasting.rtbf.be/ => https://podcasting.rtbf.be/: (6, 'Could not resolve host: podcasting.rtbf.be')
+Fetch error: http://ssl-ds.static.rtbf.be/ => https://ssl-ds.static.rtbf.be/: (51, "SSL: no alternative certificate subject name matches target host name 'ssl-ds.static.rtbf.be'")
+Fetch error: http://ssl-sgc.static.rtbf.be/ => https://ssl-sgc.static.rtbf.be/: (51, "SSL: no alternative certificate subject name matches target host name 'ssl-sgc.static.rtbf.be'")
+Fetch error: http://ssl-www.static.rtbf.be/ => https://ssl-www.static.rtbf.be/: (51, "SSL: no alternative certificate subject name matches target host name 'ssl-www.static.rtbf.be'")
+Fetch error: http://rss.rtbf.be/ => https://ssl-ds.static.rtbf.be/: (51, "SSL: no alternative certificate subject name matches target host name 'ssl-ds.static.rtbf.be'")
+Fetch error: http://ds1.static.rtbf.be/ => https://ssl-ds.static.rtbf.be/: (51, "SSL: no alternative certificate subject name matches target host name 'ssl-ds.static.rtbf.be'")
+Fetch error: http://ds2.static.rtbf.be/ => https://ssl-ds.static.rtbf.be/: (51, "SSL: no alternative certificate subject name matches target host name 'ssl-ds.static.rtbf.be'")
+Fetch error: http://ds3.static.rtbf.be/ => https://ssl-ds.static.rtbf.be/: (51, "SSL: no alternative certificate subject name matches target host name 'ssl-ds.static.rtbf.be'")
+Fetch error: http://ds4.static.rtbf.be/ => https://ssl-ds.static.rtbf.be/: (51, "SSL: no alternative certificate subject name matches target host name 'ssl-ds.static.rtbf.be'")
+Fetch error: http://ds5.static.rtbf.be/ => https://ssl-ds.static.rtbf.be/: (51, "SSL: no alternative certificate subject name matches target host name 'ssl-ds.static.rtbf.be'")
+Fetch error: http://sgc.static.rtbf.be/ => https://ssl-sgc.static.rtbf.be/: (51, "SSL: no alternative certificate subject name matches target host name 'ssl-sgc.static.rtbf.be'")
+Fetch error: http://www.static.rtbf.be/ => https://ssl-www.static.rtbf.be/: (51, "SSL: no alternative certificate subject name matches target host name 'ssl-www.static.rtbf.be'")
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .rtbf.br
+		- boutique.rtbf.be
+		- www.rtbf.be
+
+-->
+<ruleset name="Rtbf.be Belgian Television" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="rtbf.be" />
+	<target host="boutique.rtbf.be" />
+	<target host="podcasting.rtbf.be" />
+
+	<target host="ds.static.rtbf.be" />
+	<target host="ssl-ds.static.rtbf.be" />
+	<target host="ssl-sgc.static.rtbf.be" />
+	<target host="ssl-www.static.rtbf.be" />
+
+	<target host="www.rtbf.be" />
+
+	<!--	Complications:
+				-->
+	<target host="rss.rtbf.be" />
+
+	<target host="ds1.static.rtbf.be" />
+	<target host="ds2.static.rtbf.be" />
+	<target host="ds3.static.rtbf.be" />
+	<target host="ds4.static.rtbf.be" />
+	<target host="ds5.static.rtbf.be" />
+	<target host="sgc.static.rtbf.be" />
+	<target host="www.static.rtbf.be" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.rtbf\.br$" name="^rtbf_internal$" /-->
+	<!--securecookie host="^boutique\.rtbf\.be$" name="^symfony$" /-->
+	<!--securecookie host="^www\.rtbf\.br$" name="^(?:PHPSESSID|rtbfEmbedvolume)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://(?:rss|ds\d\.static)\.rtbf\.be/"
+		to="https://ssl-ds.static.rtbf.be/" />
+
+	<rule from="^http://sgc\.static\.rtbf\.be/"
+		to="https://ssl-sgc.static.rtbf.be/" />
+
+	<rule from="^http://www\.static\.rtbf\.be/"
+		to="https://ssl-www.static.rtbf.be/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Rtcquebec.ca.xml b/src/chrome/content/rules/Rtcquebec.ca.xml
new file mode 100644
index 000000000000..23feda82880d
--- /dev/null
+++ b/src/chrome/content/rules/Rtcquebec.ca.xml
@@ -0,0 +1,12 @@
+<!--
+	Invalid certificate:
+		- portail.rtcquebec.ca
+		- retraite.rtcquebec.ca
+-->
+
+<ruleset name="Rtcquebec.ca">
+	<target host="rtcquebec.ca" />
+	<target host="www.rtcquebec.ca" />
+	<target host="m.rtcquebec.ca" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Rubenerd.com.xml b/src/chrome/content/rules/Rubenerd.com.xml
new file mode 100644
index 000000000000..8524ce16d377
--- /dev/null
+++ b/src/chrome/content/rules/Rubenerd.com.xml
@@ -0,0 +1,15 @@
+<ruleset name="Rubenerd.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="rubenerd.com" />
+	<target host="www.rubenerd.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Rubicon-Project.xml b/src/chrome/content/rules/Rubicon-Project.xml
index 54a0bbd9ecb3..60d4f6740984 100644
--- a/src/chrome/content/rules/Rubicon-Project.xml
+++ b/src/chrome/content/rules/Rubicon-Project.xml
@@ -1,40 +1,156 @@
 <!--
+	Other Rubicon Project rulesets:
+
+		- Fimserve.com.xml
+
+
 	rubiconproject.net.akadns.net
 
 
-	Problematic domains:
+	Nonfunctional domains:
 
-		- tap-cdn.rubiconproject.com *
-		- tap2-cdn.rubiconproject.com *
-		- (www.)rubiconproject.net	(broken copy of .com, mismatched, CN: *.rubiconproject.com)
+		- (www.)?rubiconproject.com *
+		- (www.)?rubiconproject.net *
 
-	* Akamai
+	* Plaintext reply
 
--->
-<ruleset name="Rubicon Project">
 
-	<target host="*.opt.fimserve.com" />
-	<target host="rubiconproject.com" />
-	<target host="*.rubiconproject.com" />
+	Timeout:
+		- 204.rubiconproject.com
+		- arsenal.rubiconproject.com
+		- arws.rubiconproject.com
+		- bcbb-hfc2.rubiconproject.com
+		- bcbb-iad2.rubiconproject.com
+		- boxy-bea-iad2.rubiconproject.com
+		- content.rubiconproject.com
+		- pas-api.rubiconproject.com
+		- vpn-it.rubiconproject.com
 
+	Cert expired:
+		- gobuyersupport.rubiconproject.com
+		- sonic.rubiconproject.com
 
-	<securecookie host="^(?:\.pixel|\.?tap)?\.rubiconproject\.com$" name=".+" />
+	Chain issues:
+		- vpn-dc.rubiconproject.com
+		- vpn-eng.rubiconproject.com
+		- vpn-test.rubiconproject.com
+		- vpn.rubiconproject.com
 
+	Connection refused:
+		- rfm.rubiconproject.com
 
-	<rule from="^http://(\w+)\.opt\.fimserve\.com/"
-		to="https://$1.opt.fimserve.com/" />
+	Cert mismatch:
+		- awsm.rubiconproject.com
+		- dsp-token.aws.rubiconproject.com
+		- assets.rubiconproject.com
+		- assets2.rubiconproject.com
+		- cdn.rubiconproject.com
+		- email.rubiconproject.com
+		- garagestaging.rubiconproject.com
+		- go.rubiconproject.com
+		- investor.rubiconproject.com
+		- labs2.rubiconproject.com
+		- messages.rubiconproject.com
+		- assets.rfm.rubiconproject.com
+		- rubibid.rubiconproject.com
+		- stats.rubiconproject.com
+		- status.rubiconproject.com
+		- tap-cdn.rubiconproject.com
+
+	Non-200 status code:
+		- tap2-cdn.rubiconproject.com
+
+	TLS Error:
+		- ebsdrdmz.cs.rubiconproject.com
+-->
+<ruleset name="Rubicon Project.com">
+
+	<target host="rubiconproject.com" />
+	<target host="www.rubiconproject.com" />
 
-	<!--	Broken, but otherwise identical to .com.
-			I doubt that Rubicon would mind
-		us fixing things like so.
-						-->
-	<rule from="^http://(www\.)?rubiconproject\.net/"
-		to="https://$1rubiconproject.com/" />
+	<target host="49bc.rubiconproject.com" />
+	<target host="anvil.rubiconproject.com" />
+	<target host="ads.aws.rubiconproject.com" />
+	<target host="prebid.aws.rubiconproject.com" />
+	<target host="sneezy.aws.rubiconproject.com" />
+	<target host="stats.aws.rubiconproject.com" />
+	<target host="usync.aws.rubiconproject.com" />
+	<target host="yahoo.aws.rubiconproject.com" />
+	<target host="assets-rfm.rubiconproject.com" />
+	<target host="beacon.rubiconproject.com" />
+	<target host="beacon-eu-ams3.rubiconproject.com" />
+	<target host="beacon-eu2.rubiconproject.com" />
+	<target host="beacon-apac-nrt1.rubiconproject.com" />
+	<target host="beacon-apac-hkg1.rubiconproject.com" />
+	<target host="beacon-us-east.rubiconproject.com" />
+	<target host="beacon-nf.rubiconproject.com" />
+	<target host="beacon-us-iad2.rubiconproject.com" />
+	<target host="beacon-us-iad3.rubiconproject.com" />
+	<target host="beacon-us-sjc1.rubiconproject.com" />
+	<target host="beacon-us-west.rubiconproject.com" />
+	<target host="buyer.rubiconproject.com" />
+	<target host="chango.rubiconproject.com" />
+	<target host="connect.rubiconproject.com" />
+	<target host="connect-api.rubiconproject.com" />
+	<target host="ebsproddmz.cs.rubiconproject.com" />
+	<target host="demand.rubiconproject.com" />
+	<target host="dev.rubiconproject.com" />
+	<target host="dspdash.rubiconproject.com" />
+	<target host="eus.rubiconproject.com" />
+	<target host="exapi-apac.rubiconproject.com" />
+	<target host="exapi-eu.rubiconproject.com" />
+	<target host="exapi-us-east.rubiconproject.com" />
+	<target host="exapi-us-west.rubiconproject.com" />
+	<target host="fastlane.rubiconproject.com" />
+	<target host="finance.rubiconproject.com" />
+	<target host="flapi1.rubiconproject.com" />
+	<target host="flds.rubiconproject.com" />
+	<target host="idm.rubiconproject.com" />
+	<target host="integration.rubiconproject.com" />
+	<target host="kb.rubiconproject.com" />
+	<target host="labs1.rubiconproject.com" />
+	<target host="login.rubiconproject.com" />
+	<target host="mp.rubiconproject.com" />
+	<target host="mrp.rubiconproject.com" />
+	<target host="mrpdisplay.rubiconproject.com" />
+	<target host="mrpsandbox.rubiconproject.com" />
+	<target host="mrptrack-e.rubiconproject.com" />
+	<target host="mtrack-mrp.rubiconproject.com" />
+	<target host="optimization.rubiconproject.com" />
+	<target host="optimized-by.rubiconproject.com" />
+	<target host="optimized-by-adv.rubiconproject.com" />
+	<target host="optimized-rtp-us-west.rubiconproject.com" />
+	<target host="orders.rubiconproject.com" />
+	<target host="pixel.rubiconproject.com" />
+	<target host="pixel-apac.rubiconproject.com" />
+	<target host="pixel-eu.rubiconproject.com" />
+	<target host="pixel-us-east.rubiconproject.com" />
+	<target host="pixel-us-west.rubiconproject.com" />
+	<target host="platform-static.rubiconproject.com" />
+	<target host="platform.rubiconproject.com" />
+	<target host="post.update.rubiconproject.com" />
+	<target host="prebid-server.rubiconproject.com" />
+	<target host="revv.rubiconproject.com" />
+	<target host="revv-static.rubiconproject.com" />
+	<target host="s.update.rubiconproject.com" />
+	<target host="sas-api.rubiconproject.com" />
+	<target host="sdk.rubiconproject.com" />
+	<target host="secure-assets.rubiconproject.com" />
+	<target host="secured-by.rubiconproject.com" />
+	<target host="staged-by.rubiconproject.com" />
+	<target host="support.rubiconproject.com" />
+	<target host="tap.rubiconproject.com" />
+	<target host="tap-s.rubiconproject.com" />
+	<target host="tap-secure.rubiconproject.com" />
+	<target host="tap-t.rubiconproject.com" />
+	<target host="vantage.rubiconproject.com" />
+	<target host="video-ads-apex.rubiconproject.com" />
+	<target host="video-ads.rubiconproject.com" />
+	<target host="webcast.rubiconproject.com" />
 
-	<rule from="^http://((?:ads|anvil|arsenal|beacon(?:-us-east)?|demand|login|optimized-by|pixel|revv|revv-static|staged-by|tap|vantage|www)\.)?rubiconproject\.com/"
-		to="https://$1rubiconproject.com/" />
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^https?://tap2?-cdn\.rubiconproject\.com/"
-		to="https://tap.rubiconproject.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Rubicon_Development.xml b/src/chrome/content/rules/Rubicon_Development.xml
index 9b37c2becfd0..d242f99a493d 100644
--- a/src/chrome/content/rules/Rubicon_Development.xml
+++ b/src/chrome/content/rules/Rubicon_Development.xml
@@ -1,13 +1,17 @@
-<ruleset name="Rubicon Development">
+<!--
+	Rubicon Development
+
+-->
+<ruleset name="Rubicon Dev.com">
 
 	<target host="rubicondev.com" />
-	<target host="*.rubicondev.com" />
+	<target host="www.rubicondev.com" />
 
 
 	<securecookie host="^\.rubicondev\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?rubicondev\.com/"
-		to="https://$1rubicondev.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Ruby-China.org.xml b/src/chrome/content/rules/Ruby-China.org.xml
new file mode 100644
index 000000000000..4c5de44a95a6
--- /dev/null
+++ b/src/chrome/content/rules/Ruby-China.org.xml
@@ -0,0 +1,13 @@
+<!--
+	SSL_ERROR_NO_CYPHER_OVERLAP:
+		cache.ruby-china.org
+-->
+<ruleset name="Ruby-China.org">
+	<target host="ruby-china.org" />
+	<target host="www.ruby-china.org" />
+	<target host="gems.ruby-china.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ruby-Forum.com.xml b/src/chrome/content/rules/Ruby-Forum.com.xml
new file mode 100644
index 000000000000..8915fc91a102
--- /dev/null
+++ b/src/chrome/content/rules/Ruby-Forum.com.xml
@@ -0,0 +1,19 @@
+<ruleset name="Ruby-Forum.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ruby-forum.com" />
+	<target host="www.ruby-forum.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.ruby-forum\.com$" name="^(_forum_session|return_to)$" /-->
+
+	<securecookie host="^www\.ruby-forum\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ruby-Toolbox.com.xml b/src/chrome/content/rules/Ruby-Toolbox.com.xml
new file mode 100644
index 000000000000..27baadb2f319
--- /dev/null
+++ b/src/chrome/content/rules/Ruby-Toolbox.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- www.ruby-toolbox.com
+
+-->
+<ruleset name="Ruby-Toolbox.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ruby-toolbox.com" />
+	<target host="www.ruby-toolbox.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.ruby-toolbox\.com$" name="^_ruby_toolbox_session$" /-->
+
+	<securecookie host="^www\.ruby-toolbox\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ruby-doc.org.xml b/src/chrome/content/rules/Ruby-doc.org.xml
new file mode 100644
index 000000000000..75a6ec27d3e8
--- /dev/null
+++ b/src/chrome/content/rules/Ruby-doc.org.xml
@@ -0,0 +1,17 @@
+<!--
+	Nonfunctional hosts in *.ruby-doc.org:
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+
+	See also Ruby-lang.org.xml
+-->
+<ruleset name="Ruby-doc.org">
+	<target host="ruby-doc.org" />
+	<target host="www.ruby-doc.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ruby-lang.org.xml b/src/chrome/content/rules/Ruby-lang.org.xml
index f9d35867b0c6..2abf0d2f5353 100644
--- a/src/chrome/content/rules/Ruby-lang.org.xml
+++ b/src/chrome/content/rules/Ruby-lang.org.xml
@@ -1,21 +1,45 @@
 <!--
-	Nonfunctional subdomains:
+	Nonfunctional hosts in *.ruby-lang.org:
 
-		- (www.) *
-		- doc *
+		ᵐ doc (redirects to docs)
+		ᵐ redmine (mirrors bugs)
 
-	* Reset
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
 
+	See also Ruby-doc.org.xml
 -->
-<ruleset name="bugs.ruby-lang.org">
+<ruleset name="ruby-lang.org">
 
-	<target host="bugs.ruby-lang.org"/>
+	<target host="ruby-lang.org" />
+	<target host="*.ruby-lang.org" />
+
+	<test url="http://www.ruby-lang.org/"/>
+	<test url="http://bugs.ruby-lang.org/"/>
+	<test url="http://cache.ruby-lang.org/"/>
+	<test url="http://doc.ruby-lang.org/"/>
+	<test url="http://docs.ruby-lang.org/"/>
+	<test url="http://ftp.ruby-lang.org/"/>
+	<test url="http://lists.ruby-lang.org/"/>
+	<test url="http://redmine.ruby-lang.org/"/>
+	<test url="http://svn.ruby-lang.org/"/>
 
 
 	<securecookie host="^bugs\.ruby-lang\.org$" name=".+" />
 
 
-	<rule from="^http://bugs\.ruby-lang\.org/"
+	<rule from="^http://ruby-lang\.org/"
+		to="https://www.ruby-lang.org/" />
+
+	<rule from="^http://doc\.ruby-lang\.org/"
+		to="https://docs.ruby-lang.org/" />
+	<rule from="^http://redmine\.ruby-lang\.org/"
 		to="https://bugs.ruby-lang.org/" />
 
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/RubyForge.xml b/src/chrome/content/rules/RubyForge.xml
index 5fe17ea92882..23ff4ed1dee3 100644
--- a/src/chrome/content/rules/RubyForge.xml
+++ b/src/chrome/content/rules/RubyForge.xml
@@ -3,32 +3,15 @@
 
 		- $project	(redirects to rubyforge.org)
 
-
-	Fully covered domains:
-
-		- static.rubyforge.vm.bytemark.co.uk	(→ static.rubyforge.org)
-		- (www.)rubyforge.org
-		- static.rubyforge.org
-
-
-	Mixed content:
-
-		- Images on ^ from static.rubyforge.vm.bytemark.co.uk *
-
-	* Secured by us, doesn't trip MCB
-
 -->
-<ruleset name="RubyForge (partial)">
+<ruleset name="RubyForge.org (partial)" default_off="refused">
 
-	<target host="static.rubyforge.vm.bytemark.co.uk" />
 	<target host="rubyforge.org" />
-	<target host="*.rubyforge.org" />
-
+	<target host="static.rubyforge.org" />
+	<target host="www.rubyforge.org" />
 
-	<rule from="^http://static\.rubyforge\.vm\.bytemark\.co\.uk/"
-		to="https://static.rubyforge.org/" />
 
-	<rule from="^http://(static\.|www\.)?rubyforge\.org/"
-		to="https://$1rubyforge.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/RubyGems.org-problematic.xml b/src/chrome/content/rules/RubyGems.org-problematic.xml
index 74ac9304e2dd..26645d823cfe 100644
--- a/src/chrome/content/rules/RubyGems.org-problematic.xml
+++ b/src/chrome/content/rules/RubyGems.org-problematic.xml
@@ -6,17 +6,9 @@
 
 	<target host="help.rubygems.org" />
 	<target host="m.rubygems.org" />
-		<!--
-			Handled in RubyGems.org:
-						-->
-		<exclusion pattern="^http://m\.rubygems\.org/iui/" />
-	<target host="status.rubygems.org" />
 
+	<securecookie host=".+" name=".+" />
 
-	<securecookie host=".+\.rubygems\.org" name=".+" />
-
-
-	<rule from="^http://(help|m|status)\.rubygems\.org/"
-		to="https://$1.rubygems.org/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/RubyGems.xml b/src/chrome/content/rules/RubyGems.xml
index cb2a88d886b3..304a09d4095f 100644
--- a/src/chrome/content/rules/RubyGems.xml
+++ b/src/chrome/content/rules/RubyGems.xml
@@ -1,89 +1,34 @@
 <!--
 	For problematic rules, see RubyGems.org-problematic.xml.
 
+	For related rules, see GemCutter.org.xml
 
-	CDN buckets:
+	Invalid certificate:
+		aws-eu-cache01.rubygems.org
+		blog.rubygems.org
+		production.cf.rubygems.org
+		guides.rubygems.org
+		help.rubygems.org
+		index.rubygems.org
+		m.rubygems.org
 
-		- rubygems.github.com
-
-			- blog.rubygems.org
-			- guides.rubygems.org
-
-		- gem.heroku.com
-
-			- m.rubygems.org
-
-		- stats.pingdom.com
-
-			- uptime.rubygems.org
-
-
-	Nonfunctional subdomains:
-
-		- blog *
-		- guides *
-		- uptime	(refused)
-
-	* Prints "unknown domain: $foo.rubygems.org"; mismatched, CN: *.github.com)
-
-
-	Problematic domains:
-
-		- (www.)gemcutter.org	(works; mismatched, CN: *.rubygems.org)
-
-		- rubygems.org subdomains:
-
-			- help	(works; mismatched, CN: *.tenderapp.com)
-			- m *
-			- status *
-
-	* Works; mismatched, CN: *.heroku.com
-
-
-	Partially covered domains:
-
-		- m.rubygems.org	(→ gem.heroku.com, where $ 500s)
-
-
-	Fully covered domains:
-
-		- (www.)gemcutter.org	(→ rubygems.org)
-		- (www.)rubygems.org
-
-
-	Observed cookie domains:
-
-		- ^
-		- help
-		- status
-		- uptime
-		- www
+	Refused:
+		uptime.rubygems.org
 
 -->
 <ruleset name="RubyGems.org (partial)">
 
-	<target host="gemcutter.org" />
-	<target host="www.gemcutter.org" />
 	<target host="rubygems.org" />
-	<target host="*.rubygems.org" />
-		<!--
-			$ 500s when rewritten to gem.heroku.com
-								-->
-		<!--exclusion pattern="^http://m\.rubygems\.org/(?!iui/)" /-->
-
-
-	<securecookie host="^(?:www\.)?rubygems.org" name=".+" />
-
-
-	<!--	Server keeps path:
-					-->
-	<rule from="^http://(?:www\.)?gemcutter\.org/"
-		to="https://rubygems.org/" />
+	<target host="www.rubygems.org" />
+	<target host="api.rubygems.org" />
+	<target host="bundler.rubygems.org" />
+	<target host="monitoring.rubygems.org" />
+	<target host="staging.rubygems.org" />
+	<target host="status.rubygems.org" />
 
-	<rule from="^http://(www\.)?rubygems\.org/"
-		to="https://$1rubygems.org/" />
+	<securecookie host="^(www\.)?rubygems.org" name=".+" />
 
-	<rule from="^http://m\.rubygems\.org/(?=iui/)"
-		to="https://gem.heroku.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/RubyLang.xml b/src/chrome/content/rules/RubyLang.xml
deleted file mode 100644
index 73d676e0dd6e..000000000000
--- a/src/chrome/content/rules/RubyLang.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="redmine.ruby-lang.org">
-  <target host="redmine.ruby-lang.org" />
-
-  <rule from="^http://redmine\.ruby-lang\.org/"
-        to="https://redmine.ruby-lang.org/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Ruby_Together.org.xml b/src/chrome/content/rules/Ruby_Together.org.xml
new file mode 100644
index 000000000000..cd577f016b68
--- /dev/null
+++ b/src/chrome/content/rules/Ruby_Together.org.xml
@@ -0,0 +1,12 @@
+<ruleset name="Ruby Together.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="rubytogether.org" />
+	<target host="www.rubytogether.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ruderich.org.xml b/src/chrome/content/rules/Ruderich.org.xml
new file mode 100644
index 000000000000..17eef38b07c1
--- /dev/null
+++ b/src/chrome/content/rules/Ruderich.org.xml
@@ -0,0 +1,7 @@
+<ruleset name="Ruderich.org">
+	<target host="ruderich.org" />
+	<target host="www.ruderich.org" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Rudix.org.xml b/src/chrome/content/rules/Rudix.org.xml
new file mode 100644
index 000000000000..9bcd75d74d16
--- /dev/null
+++ b/src/chrome/content/rules/Rudix.org.xml
@@ -0,0 +1,13 @@
+<!--
+	Mismatch:
+		www.rudix.org
+-->
+<ruleset name="Rudix.org">
+	<target host="rudix.org" />
+	<target host="www.rudix.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://www\.rudix\.org/" to="https://rudix.org/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Rue_La_La.com.xml b/src/chrome/content/rules/Rue_La_La.com.xml
index 2be81ff47b87..697102018c08 100644
--- a/src/chrome/content/rules/Rue_La_La.com.xml
+++ b/src/chrome/content/rules/Rue_La_La.com.xml
@@ -16,4 +16,4 @@
 	<rule from="^http://(?:www\.)?ruelala\.com/"
 		to="https://www.ruelala.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Rufus.xml b/src/chrome/content/rules/Rufus.xml
new file mode 100644
index 000000000000..69fa7a71a6a7
--- /dev/null
+++ b/src/chrome/content/rules/Rufus.xml
@@ -0,0 +1,7 @@
+<ruleset name="rufus">
+
+	<target host="rufus.akeo.ie"/>
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/RugStudio.xml b/src/chrome/content/rules/RugStudio.xml
index 6df923ef3d2b..652e29886848 100644
--- a/src/chrome/content/rules/RugStudio.xml
+++ b/src/chrome/content/rules/RugStudio.xml
@@ -11,7 +11,8 @@
 <ruleset name="RugStudio (partial)">
 
 	<target host="rugstudio.com" />
-	<target host="*.rugstudio.com" />
+	<target host="www.rugstudio.com" />
+	<target host="rugs.rugstudio.com" />
 
 
 	<rule from="^http://(?:www\.)?rugstudio\.com/((?:cart|custom\.css|login|order-lookup|send-password)\.aspx|customfooter2\.css|favicon\.ico|images/|imago/|themes/)"
@@ -20,4 +21,4 @@
 	<rule from="^http://rugs\.rugstudio\.com/"
 		to="https://rugstudio.resultspage.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Rugby.gov.uk.xml b/src/chrome/content/rules/Rugby.gov.uk.xml
new file mode 100644
index 000000000000..a29acc5c0799
--- /dev/null
+++ b/src/chrome/content/rules/Rugby.gov.uk.xml
@@ -0,0 +1,62 @@
+<!--
+	Rugby Borough Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *rugby.gov.uk:
+
+		- www.bookings ⁵
+
+	⁵ 500
+
+
+	Problematic hosts in *rugby.gov.uk:
+
+		- www.planning ᵐ
+
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .rugby.gov.uk
+		- bennbookings.rugby.gov.uk
+		- www.planningportal.rugby.gov.uk
+		- .www.rugby.gov.uk
+
+
+	Mixed content:
+
+		- favicon on cms from www.rugby.gov.uk ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="Rugby.gov.uk (partial)">
+
+	<target host="rugby.gov.uk" />
+	<target host="bennbookings.rugby.gov.uk" />
+	<target host="cms.rugby.gov.uk" />
+	<target host="www.rugby.gov.uk" />
+
+		<!--	Mixed favicon, sets cookie without Secure:
+									-->
+		<!--test url="http://cms.rugby.gov.uk/enjoyrugby/directory_record/39/willow_wren_cruising_holidays" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.rugby\.gov\.uk$" name="^TestCookie$" /-->
+	<!--securecookie host="^bennbookings\.rugby\.gov\.uk$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^www\.planningportal\.rugby\.gov\.uk$" name="^ASPSESSIONID[A-Z]{8}$" /-->
+	<!--securecookie host="^\.www\.rugby\.gov\.uk$" name="^testwww\.rugby\.gov\.uk$" /-->
+
+	<securecookie host="^\." name="^TestCookie$" />
+	<securecookie host="^(?!\.rugby\.gov\.uk$)." name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Rugged-Software.xml b/src/chrome/content/rules/Rugged-Software.xml
index e5b9d77e1efe..ff1ef324d60d 100644
--- a/src/chrome/content/rules/Rugged-Software.xml
+++ b/src/chrome/content/rules/Rugged-Software.xml
@@ -4,7 +4,6 @@
 	<target host="www.ruggedsoftware.org" />
 
 
-	<rule from="^http://(www\.)?ruggedsoftware\.org/"
-		to="https://$1ruggedsoftware.org/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/RugsHD.com.xml b/src/chrome/content/rules/RugsHD.com.xml
deleted file mode 100644
index e672a42cf4f5..000000000000
--- a/src/chrome/content/rules/RugsHD.com.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="RugsHD.com">
-
-	<target host="rugshd.com" />
-	<target host="*.rugshd.com" />
-
-
-	<securecookie host="^\.?rugshd\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?rugshd\.com/"
-		to="https://$1rugshd.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Ruhr-Uni-Bochum.de-falsemixed.xml b/src/chrome/content/rules/Ruhr-Uni-Bochum.de-falsemixed.xml
new file mode 100644
index 000000000000..5ef37ed42372
--- /dev/null
+++ b/src/chrome/content/rules/Ruhr-Uni-Bochum.de-falsemixed.xml
@@ -0,0 +1,16 @@
+<!--
+	For rules not causing false/broken MCB, see Ruhr-Uni-Bochum.de.xml.
+
+-->
+<ruleset name="Ruhr-Uni-Bochum.de (false MCB)" platform="mixedcontent">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.cits.ruhr-uni-bochum.de" />
+	<target host="www.lps.ruhr-uni-bochum.de" />
+	<target host="www.ruhr-uni-bochum.de" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ruhr-Uni-Bochum.de.xml b/src/chrome/content/rules/Ruhr-Uni-Bochum.de.xml
new file mode 100644
index 000000000000..deda36ae8037
--- /dev/null
+++ b/src/chrome/content/rules/Ruhr-Uni-Bochum.de.xml
@@ -0,0 +1,100 @@
+<!--
+	Ruhr-Universitaet Bochum
+
+	For rules causing false/broken MCB, see Ruhr-Uni-Bochum.de-falsemixed.xml.
+
+	Other Ruhr-Universitaet Bochum rulesets:
+
+		- RUB.de.xml
+
+
+	^ruhr-uni-bochum.de: mismatched
+
+
+	Problematic domains:
+
+		- aktuell.ruhr-uni-bochum.de ¹
+		- ruhr-uni-bochum.de ²
+		- www.rz.ruhr-uni-bochum.de ³
+
+	¹ Mismatched, CN: www5.rz.ruhr-uni-bochum.de
+	² Mismatched
+	³ Incomplete certificate chain, fails fetch test
+
+
+	Partially covered subdomains:
+
+		- www.cits *
+
+	* Avoiding false/broken MCB
+
+
+	Mixed content:
+
+		- css, on:
+
+			- www.cits, www.lps, from www.rz ¹
+			- www5.rz from www.rz.ruhr-uni-bochum.de ¹
+
+		- Images, on:
+
+			- www.cits, www.lps from www.rz ¹
+			- www5.rz from www.rz ¹
+			- www5.rz from www ¹
+			- www from aktuell.rub.de ²
+			- www from aktuell.ruhr-uni-bochum.de ²
+
+	¹ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+	² Not secured by us <= mismatched
+
+-->
+<ruleset name="Ruhr-Uni-Bochum.de (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.cits.ruhr-uni-bochum.de" />
+	<target host="lists.ruhr-uni-bochum.de" />
+	<!--target host="www.lps.ruhr-uni-bochum.de" /-->
+	<target host="lists1.mail.ruhr-uni-bochum.de" />
+	<target host="res.mobsec.ruhr-uni-bochum.de" />
+	<target host="helpdesk.rz.ruhr-uni-bochum.de" />
+	<target host="linux.rz.ruhr-uni-bochum.de" />
+	<target host="www.ruhr-uni-bochum.de" />
+	<target host="fn2.flexnow.ruhr-uni-bochum.de" />
+	<target host="www.flexnow.ruhr-uni-bochum.de" />
+
+	<!--	Complications:
+				-->
+	<target host="ruhr-uni-bochum.de" />
+
+		<!-- 	Avoid false/broken MCB:
+						-->
+		<exclusion pattern="^http://www\.cits\.ruhr-uni-bochum\.de/(?!/*(?:imperia/md/(?:content|images)/))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.cits.ruhr-uni-bochum.de/conferences/index.html" />
+			<test url="http://www.cits.ruhr-uni-bochum.de/lehre/index.html" />
+			<test url="http://www.cits.ruhr-uni-bochum.de/mystery/mysterytwister.html" />
+			<test url="http://www.cits.ruhr-uni-bochum.de/partner/index.html" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.cits.ruhr-uni-bochum.de/imperia/md/images/logos/logocits.png" />
+
+		<exclusion pattern="^http://www\.ruhr-uni-bochum\.de/(?:a-z|anreise|kontakt|studierendensekretariat|suche|uebersicht)" />
+
+			<test url="http://www.ruhr-uni-bochum.de/a-z/" />
+			<test url="http://www.ruhr-uni-bochum.de/anreise/" />
+			<test url="http://www.ruhr-uni-bochum.de/kontakt/" />
+			<test url="http://www.ruhr-uni-bochum.de/studierendensekretariat/" />
+			<test url="http://www.ruhr-uni-bochum.de/suche/" />
+			<test url="http://www.ruhr-uni-bochum.de/uebersicht/" />
+
+	<rule from="^http://ruhr-uni-bochum\.de/"
+		to="https://www.ruhr-uni-bochum.de/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/RukometniTrener.com.xml b/src/chrome/content/rules/RukometniTrener.com.xml
new file mode 100644
index 000000000000..f40e31f2581f
--- /dev/null
+++ b/src/chrome/content/rules/RukometniTrener.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="RukometniTrener.com">
+	<target host="rukometnitrener.com" />
+	<target host="www.rukometnitrener.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Rule34.xxx.xml b/src/chrome/content/rules/Rule34.xxx.xml
new file mode 100644
index 000000000000..2f113b04cc35
--- /dev/null
+++ b/src/chrome/content/rules/Rule34.xxx.xml
@@ -0,0 +1,7 @@
+<ruleset name="Rule34.xxx">
+        <target host="rule34.xxx" />
+        <target host="www.rule34.xxx" />
+
+        <rule from="^http:"
+                to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ruliweb.com.xml b/src/chrome/content/rules/Ruliweb.com.xml
new file mode 100644
index 000000000000..b2ddf9655b9a
--- /dev/null
+++ b/src/chrome/content/rules/Ruliweb.com.xml
@@ -0,0 +1,17 @@
+<ruleset name="Ruliweb.com">
+	<target host="ruliweb.com" />
+	<target host="www.ruliweb.com" />
+	<target host="bbs.ruliweb.com" />
+	<target host="cmg.ruliweb.com" />
+	<target host="img.ruliweb.com" />
+	<target host="i1.ruliweb.com" />
+	<target host="i2.ruliweb.com" />
+	<target host="i3.ruliweb.com" />
+	<target host="m.ruliweb.com" />
+	<target host="market.ruliweb.com" />
+	<target host="mypi.ruliweb.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Rumors_City.com.xml b/src/chrome/content/rules/Rumors_City.com.xml
new file mode 100644
index 000000000000..d81f9c8a3e39
--- /dev/null
+++ b/src/chrome/content/rules/Rumors_City.com.xml
@@ -0,0 +1,40 @@
+<!--
+	NB: Tor users cannot view* this website due to CloudFlare settings.
+
+	See:
+
+		- https://blog.torproject.org/blog/call-arms-helping-internet-services-accept-anonymous-users
+		- https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block-Tor-
+		- https://support.cloudflare.com/hc/en-us/articles/200170206-How-do-I-turn-I-m-Under-Attack-mode-on-
+
+	* without enabling javascript, for security and privacy implications see e.g.:
+
+		- https://www.mozilla.org/security/known-vulnerabilities/firefox.html
+		- https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-fingerprinting
+		- https://panopticlick.eff.org
+
+
+	Insecure cookies are set for these domains:
+
+		- .rumorscity.com
+
+-->
+<ruleset name="Rumors City.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="rumorscity.com" />
+	<target host="www.rumorscity.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.rumorscity\.com$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Run-for-Your-Lives.xml b/src/chrome/content/rules/Run-for-Your-Lives.xml
index db1a13d91c9f..6a8349cedc34 100644
--- a/src/chrome/content/rules/Run-for-Your-Lives.xml
+++ b/src/chrome/content/rules/Run-for-Your-Lives.xml
@@ -1,16 +1,15 @@
 <!--
-	Problematic subdomains:
-
-		- ^	(self-signed, CN: localhost)
+	^runforyourlives.com: Self-signed
+	www.runforyourlives.com: Mismatched
 
 -->
-<ruleset name="Run for Your Lives">
+<ruleset name="Run for Your Lives.com" default_off="mismatched">
 
 	<target host="runforyourlives.com" />
 	<target host="www.runforyourlives.com" />
 
 
-	<securecookie host="^www\.runforyourlives\.com$" name=".*" />
+	<securecookie host="^www\.runforyourlives\.com$" name=".+" />
 
 
 	<rule from="^http://(?:www\.)?runforyourlives\.com/"
diff --git a/src/chrome/content/rules/RunAbove.xml b/src/chrome/content/rules/RunAbove.xml
new file mode 100644
index 000000000000..4cf304a8b4b4
--- /dev/null
+++ b/src/chrome/content/rules/RunAbove.xml
@@ -0,0 +1,32 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://status.runabove.com/ => https://status.runabove.com/: (6, 'Could not resolve host: status.runabove.com')
+
+	For other OVH Group coverage, see Ovh.xml.
+
+-->
+<ruleset name="RunAbove.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+    <target host="runabove.com" />
+	<target host="api.runabove.com" />
+	<target host="cloud.runabove.com" />
+	<target host="community.runabove.com" />
+	<target host="labs.runabove.com" />
+	<target host="status.runabove.com" />
+	<target host="www.runabove.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^((community|labs|www)\.)?runabove\.com$" name="^slb$" /-->
+
+	<securecookie host="^(?:(?:community|labs|www)\.)?runabove\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/RunKit.com.xml b/src/chrome/content/rules/RunKit.com.xml
new file mode 100644
index 000000000000..e28120778ea0
--- /dev/null
+++ b/src/chrome/content/rules/RunKit.com.xml
@@ -0,0 +1,16 @@
+<!--
+	Mismatched:
+	- blog (www.github.com)
+-->
+
+<ruleset name="RunKit.com">
+	<target host="runkit.com" />
+	<target host="www.runkit.com" />
+	<target host="discuss.runkit.com" />
+	<target host="embed.runkit.com" />
+	<target host="npm.runkit.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/RunRepeat.com.xml b/src/chrome/content/rules/RunRepeat.com.xml
new file mode 100644
index 000000000000..8787fb1c1294
--- /dev/null
+++ b/src/chrome/content/rules/RunRepeat.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="RunRepeat.com">
+
+	<target host="runrepeat.com" />
+	<target host="www.runrepeat.com" />
+	<target host="cdn.runrepeat.com" />
+	<target host="p.runrepeat.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/RunSafe.xml b/src/chrome/content/rules/RunSafe.xml
index 6b59bfeb054d..bfcfd0e4f36c 100644
--- a/src/chrome/content/rules/RunSafe.xml
+++ b/src/chrome/content/rules/RunSafe.xml
@@ -7,7 +7,6 @@
 	<securecookie host="^www\.irunsafe\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?irunsafe\.com/"
-		to="https://$1irunsafe.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Runbook.io.xml b/src/chrome/content/rules/Runbook.io.xml
new file mode 100644
index 000000000000..d12632e5a98c
--- /dev/null
+++ b/src/chrome/content/rules/Runbook.io.xml
@@ -0,0 +1,21 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://dash.runbook.io/ => https://dash.runbook.io/: (6, 'Could not resolve host: dash.runbook.io')
+
+	For other Assembly coverage, see Assembly.com.xml.
+
+-->
+<ruleset name="Runbook.io" default_off="failed ruleset test">
+
+	<target host="runbook.io" />
+	<target host="dash.runbook.io" />
+	<target host="www.runbook.io" />
+
+
+	<securecookie host="^\.runbook\.io$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Runbox.com.xml b/src/chrome/content/rules/Runbox.com.xml
new file mode 100644
index 000000000000..1f5c57fbb917
--- /dev/null
+++ b/src/chrome/content/rules/Runbox.com.xml
@@ -0,0 +1,46 @@
+<!--
+	Fully covered hosts in *runbox.com:
+
+		- (www.)?
+		- blog
+		- help
+		- support
+
+
+	Insecure cookies are set for these hosts:
+
+		- blog.runbox.com
+		- support.runbox.com
+
+
+	Mixed content:
+
+		- Images on blog from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Runbox.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="runbox.com" />
+	<target host="blog.runbox.com" />
+	<target host="help.runbox.com" />
+	<target host="secure.runbox.com" />
+	<target host="support.runbox.com" />
+	<target host="www.runbox.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^blog\.runbox\.com$" name="^bb2_screener_$" /-->
+	<!--securecookie host="^support\.runbox\.com$" name="^(SWIFT_client|SWIFT_sessionid40)$" /-->
+
+	<securecookie host="^(?:blog|support)\.runbox\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Runscope.com.xml b/src/chrome/content/rules/Runscope.com.xml
new file mode 100644
index 000000000000..27bcf4b7a8a3
--- /dev/null
+++ b/src/chrome/content/rules/Runscope.com.xml
@@ -0,0 +1,54 @@
+<!--
+	Problematic subdomains:
+
+		- blog ¹
+		- status ²
+
+	¹ Squarespace
+	² StatusPage
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.runscope.com
+
+
+	Mixed content:
+
+		- Images on blog from static1.squarespace.com *
+		- Bug on blog from ads.perfectaudience.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Runscope.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="runscope.com" />
+	<target host="www.runscope.com" />
+
+	<!--	Complications
+				-->
+	<target host="status.runscope.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.runscope\.com$" name="^SS_MID$" /-->
+	<!--securecookie host="^blog\.runscope\.com$" name="^(JSESSIONID|crumb)$" /-->
+	<!--securecookie host="^www\.runscope\.com$" name="^session$" /-->
+
+	<securecookie host="^www\.runscope\.com$" name=".+" />
+
+
+	<!--rule from="^http://blog\.runscope\.com/global/"
+		to="https://???.squarespace.com/global/" /-->
+
+	<rule from="^http://status\.runscope\.com/"
+		to="https://runscope.statuspage.io/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ruptly.tv.xml b/src/chrome/content/rules/Ruptly.tv.xml
new file mode 100644
index 000000000000..0b7c803e27e8
--- /dev/null
+++ b/src/chrome/content/rules/Ruptly.tv.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- ruptly.tv
+		- www.ruptly.tv
+
+-->
+<ruleset name="Ruptly.tv">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ruptly.tv" />
+	<target host="www.ruptly.tv" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?ruptly\.tv$" name="^PHPSESSID$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Rus.ovh.xml b/src/chrome/content/rules/Rus.ovh.xml
new file mode 100644
index 000000000000..8128615cdcbe
--- /dev/null
+++ b/src/chrome/content/rules/Rus.ovh.xml
@@ -0,0 +1,13 @@
+<!--
+	Mismatched:
+		- panel (panel.abcd.hosting)
+-->
+
+<ruleset name="Rus.ovh">
+	<target host="rus.ovh" />
+	<target host="www.rus.ovh" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/RushMyPassport.com.xml b/src/chrome/content/rules/RushMyPassport.com.xml
index 68fbd56bfae9..36e393b72ec6 100644
--- a/src/chrome/content/rules/RushMyPassport.com.xml
+++ b/src/chrome/content/rules/RushMyPassport.com.xml
@@ -13,6 +13,5 @@
 	<securecookie host="^www\.rushmypassport\.com$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?rushmypassport\.com/"
-		to="https://www.rushmypassport.com/" />
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ruskey_Biz.xml b/src/chrome/content/rules/Ruskey_Biz.xml
deleted file mode 100644
index 6527b08ed1a1..000000000000
--- a/src/chrome/content/rules/Ruskey_Biz.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	Some page redirect to http.
-
--->
-<ruleset name="Ruskey Biz (partial)">
-
-	<target host="ruskeybiz.ru" />
-	<target host="www.ruskeybiz.ru" />
-
-
-	<rule from="^http://(www\.)?ruskeybiz\.ru/(cometchat|wp-admin|wp-content)/"
-		to="https://$1ruskeybiz.ru/$2/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Russell_Group.ac.uk.xml b/src/chrome/content/rules/Russell_Group.ac.uk.xml
new file mode 100644
index 000000000000..8586ea4fafc1
--- /dev/null
+++ b/src/chrome/content/rules/Russell_Group.ac.uk.xml
@@ -0,0 +1,22 @@
+<!--
+	Mixed content:
+
+		- css from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Russell Group.ac.uk (false MCB)" platform="mixedcontent">
+
+	<target host="russellgroup.ac.uk" />
+	<target host="www.russellgroup.ac.uk" />
+
+
+	<securecookie host="^\." name="^_gat?$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Russia-Beyond-the-Headlines.xml b/src/chrome/content/rules/Russia-Beyond-the-Headlines.xml
index 617b936fb736..4905c2c3fb1d 100644
--- a/src/chrome/content/rules/Russia-Beyond-the-Headlines.xml
+++ b/src/chrome/content/rules/Russia-Beyond-the-Headlines.xml
@@ -1,13 +1,36 @@
-<ruleset name="Russia Beyond the Headlines" default_off="expired, self-signed">
+<!--
+	For other Russia Beyond the Headlines coverage, see rbth.com.xml.
 
+
+	CDN buckets:
+
+		- d227diz1d7fwfb.cloudfront.net	← nl.media
+
+
+	(www.)?rbth.ru: Mismatched
+
+-->
+<ruleset name="RBTH.ru">
+
+	<!--	Complications:
+				-->
 	<target host="rbth.ru" />
+	<target host="nl.media.rbth.ru" />
 	<target host="www.rbth.ru" />
 
 
-	<securecookie host="^rbth\.ru$" name=".*" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<!--	Redirect keeps path and args,
+		but not forward slash:
+					-->
+	<rule from="^http://(?:www\.)?rbth\.ru/+"
+		to="https://rbth.com/" />
 
+	<rule from="^http://nl\.media\.rbth\.ru/"
+		to="https://d227diz1d7fwfb.cloudfront.net/" />
 
-	<rule from="^https?://(?:www\.)?rbth\.ru/"
-		to="https://rbth.ru/" />
+		<test url="http://nl.media.rbth.ru/149x81/images/travel/arctic_rosturism/3_top.jpg" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Russia.ru.xml b/src/chrome/content/rules/Russia.ru.xml
deleted file mode 100644
index adc5c4695cfc..000000000000
--- a/src/chrome/content/rules/Russia.ru.xml
+++ /dev/null
@@ -1,27 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.) *
-		- tv *
-
-	* Shows login page
-
-
-	Fully covered subdomains:
-
-		- adv
-		- mail
-
--->
-<ruleset name="russia.ru (partial)">
-
-	<target host="*.russia.ru" />
-
-
-	<securecookie host="^adv\.russia\.ru$" name=".+" />
-
-
-	<rule from="^http://(adv|mail)\.russia\.ru/"
-		to="https://$1.russia.ru/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Russia2all.com.xml b/src/chrome/content/rules/Russia2all.com.xml
index 5574ff59031b..308f6d359c54 100644
--- a/src/chrome/content/rules/Russia2all.com.xml
+++ b/src/chrome/content/rules/Russia2all.com.xml
@@ -1,13 +1,12 @@
 <ruleset name="Russia2all.com">
 
 	<target host="russia2all.com" />
-	<target host="*.russia2all.com" />
+	<target host="www.russia2all.com" />
 
 
 	<securecookie host="^www\.russia2all\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?russia2all\.com/"
-		to="https://$1russia2all.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Russian_American_Company.xml b/src/chrome/content/rules/Russian_American_Company.xml
index d3a484fb3bde..397737343ff2 100644
--- a/src/chrome/content/rules/Russian_American_Company.xml
+++ b/src/chrome/content/rules/Russian_American_Company.xml
@@ -1,13 +1,12 @@
 <ruleset name="Russian American Company">
 
 	<target host="russianamericancompany.com" />
-	<target host="*.russianamericancompany.com" />
+	<target host="www.russianamericancompany.com" />
 
 
 	<securecookie host="^\.russianamericancompany\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?russianamericancompany\.com/"
-		to="https://$1russianamericancompany.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Rust-Lang.org.xml b/src/chrome/content/rules/Rust-Lang.org.xml
new file mode 100644
index 000000000000..aad60653dffb
--- /dev/null
+++ b/src/chrome/content/rules/Rust-Lang.org.xml
@@ -0,0 +1,17 @@
+<!--
+
+-->
+<ruleset name="Rust-Lang.org">
+	<target host="rust-lang.org" />
+	<target host="www.rust-lang.org" />
+	<target host="blog.rust-lang.org" />
+	<target host="doc.rust-lang.org" />
+	<target host="perf.rust-lang.org" />
+	<target host="play.rust-lang.org" />
+	<target host="static.rust-lang.org" />
+	<target host="users.rust-lang.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/RustFest.eu.xml b/src/chrome/content/rules/RustFest.eu.xml
new file mode 100644
index 000000000000..0d14eb45a508
--- /dev/null
+++ b/src/chrome/content/rules/RustFest.eu.xml
@@ -0,0 +1,21 @@
+<!--
+	Mismatched:
+		- tickets
+-->
+<ruleset name="RustFest.eu">
+	<target host="rustfest.eu" />
+	<target host="www.rustfest.eu" />
+	<target host="2016.rustfest.eu" />
+	<target host="2017.rustfest.eu" />
+	<target host="activities.rustfest.eu" />
+	<target host="barcelona.rustfest.eu" />
+	<target host="bcn.rustfest.eu" />
+	<target host="blog.rustfest.eu" />
+	<target host="cfp.rustfest.eu" />
+	<target host="paris.rustfest.eu" />
+	<target host="rome.rustfest.eu" />
+	<target host="scholarship.rustfest.eu" />
+	<target host="zurich.rustfest.eu" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Rutgers_University.xml b/src/chrome/content/rules/Rutgers_University.xml
index d9a6617734e2..2b6ca2e24e0b 100644
--- a/src/chrome/content/rules/Rutgers_University.xml
+++ b/src/chrome/content/rules/Rutgers_University.xml
@@ -472,16 +472,16 @@
 
 
 	<!--securecookie host="^\.rutgers\.edu$" name="^EssUserTrk$" /-->
-	<securecookie host="^(?:grad\.admissions|admissionservices|biology|\.cait|comminfo|(?:(?:www\.)?ems|service|storyquarterly|www)?\.camden|ce-catalog|directoryservices|dn|webmail\.eden|events|execdeanagriculture|finservices|food|ghcookcampus|gobble|hdrti|hpo|identityservices|idm|(?:www\.)?ipe|\.?lawjournal|my|netid|(?:blackboard|law|ncs|webmail|www)\.newark|neipmvwg|nj4h|njaes(?:intranet)?|broad\.nwk-campus|ocblogdev1|shib\.oirt|personalinfo|\.?www1\.recreation|rhshope|rias-gateway|ruoncampus|sakai|secure\.sas|sc-apps|search|sebs(?:intranet)?|securitysystems|sims|sis|software|studentabcweb|surveys|wiki\.td|transcripts|uhrapps|visitnjfarms|www)\.rutgers\.edu$" name=".+"  />
+	<securecookie host="^(?:grad\.admissions|admissionservices|biology|\.cait|comminfo|(?:(?:www\.)?ems|service|storyquarterly|www)?\.camden|ce-catalog|directoryservices|dn|webmail\.eden|events|execdeanagriculture|finservices|food|ghcookcampus|gobble|hdrti|hpo|identityservices|idm|(?:www\.)?ipe|\.?lawjournal|my|netid|(?:blackboard|law|ncs|webmail|www)\.newark|neipmvwg|nj4h|njaes(?:intranet)?|broad\.nwk-campus|ocblogdev1|shib\.oirt|personalinfo|\.?www1\.recreation|rhshope|rias-gateway|ruoncampus|sakai|secure\.sas|sc-apps|search|sebs(?:intranet)?|securitysystems|sims|sis|software|studentabcweb|surveys|wiki\.td|transcripts|uhrapps|visitnjfarms|www)\.rutgers\.edu$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?((?:camden|cs|eden|nbcs|newark|physics|rci|td)\.)?rutgers\.edu/"
+	<rule from="^http://(?:www\.)?((?:camden|cs|eden|nbcs|newark|physics|rci|td)\.)?rutgers\.edu/"
 		to="https://www.$1rutgers.edu/" />
 
-	<!--rule from="^https?://(?:www\.)?alumni\.rutgers\.edu/(\?.*)?$"
+	<!--rule from="^http://(?:www\.)?alumni\.rutgers\.edu/(\?.*)?$"
 		to="https://imodules.com/s/896/$1" /-->
 
-	<rule from="^https?://(?:www\.)?(?:alumni|support)\.rutgers\.edu/(admin/|calendar\.css$|images/|s/\d+/(?:appstyles\.css|images/|js/)|ScriptResource\.axd|scripts/)"
+	<rule from="^http://(?:www\.)?(?:alumni|support)\.rutgers\.edu/(admin/|calendar\.css$|images/|s/\d+/(?:appstyles\.css|images/|js/)|ScriptResource\.axd|scripts/)"
 		to="https://imodules.com/$1" />
 
 	<rule from="^http://(?:www\.)?(andromeda|antarcticquest|cait|(?:athletics|storyquarterly)\.camden|comminfo|events|execdeanagriculture|food|ghcookcampus|gobble|libraries|lifesci|math|mssg|(?:law|webmail)\.newark|nj4h|njaes(?:intranet)?|resnet|njaes|rads|rhshope|ruinfo|ruoffcampus|ruoncampus|sebs|sebs(?:intranet|njaesnews)|studentabc|uhr|visitnjfarms)\.rutgers\.edu/"
@@ -490,37 +490,37 @@
 	<rule from="^http://(www\.acs|grad\.admissions|admissionservices|apsmail|biology|(?:computing\.|mfa\.|service\.)?camden|(?:www\.)?(?:ems\.camden|camlaw|ipe|rulill)|cas|ce-catalog|(?:sirs\.|www\.)?ctaar|directoryservices|dn|webmail\.eden|email|mail\.envsci|ess|finservices|gradschoolalumni|halflife|hdrti|hpo|hpodrome|identityservices|idm|lawjournal|(?:facsub|mss3|(?:login|www-iris-rutgers-edu)\.proxy|www[24])\.libraries|my|nagios|neipmvwg|netid|(?:blackboard|ncs)\.newark|njog|broad\.nwk-campus|ocblog(?:dev1)?|octestblog|oirap|shib\.oirt|services\.oit|payrolluhr|personalinfo|plant(?:diagnosticlab|-pest-advisory)|ppa|rams|www1\.recreation|rhshope|rias-gateway|ruevents|rusecure|rutadmin|sakai|secure\.sas|sc-apps|scarletmail|search|secure|securitysystems|services|sims|sis|software|studentabcweb|surveys|voip\.td|wiki\.td|transcripts|turfblog|ua|uhrapps|webhost-x0[15])\.rutgers\.edu/"
 		to="https://$1.rutgers.edu/" />
 
-	<rule from="^https?://(?:www\.)?athletics\.rutgers\.edu/(?:\?.*)?$"
+	<rule from="^http://(?:www\.)?athletics\.rutgers\.edu/(?:\?.*)?$"
 		to="https://www.rutgers.edu/campus-life/athletics-rutgers" />
 
-	<rule from="^https?://edseries\.camden\.rutgers\.edu/(?:.+/)?([^\?]*)(\?.*)?"
+	<rule from="^http://edseries\.camden\.rutgers\.edu/(?:.+/)?([^\?]*)(\?.*)?"
 		to="https://computing.camden.rutgers.edu/help/training$1$2" />
 
-	<rule from="^https?://catalogs\.rutgers\.edu/(?:\?.*)$"
+	<rule from="^http://catalogs\.rutgers\.edu/(?:\?.*)$"
 		to="https://www.rutgers.edu/academics/catalogs" />
 
 	<rule from="^http://(?:www\.)?ideabank\.rutgers\.edu/(?:\?.*)?$"
 		to="https://camlaw.rutgers.edu/webapps/ideabank/" />
 
-	<rule from="^https?://libguides\.rutgers\.edu/(css\d*|data|include|js(?:\d+\w?)?)/"
+	<rule from="^http://libguides\.rutgers\.edu/(css\d*|data|include|js(?:\d+\w?)?)/"
 		to="https://libguides.com/$1/" />
 
-	<rule from="^https?://mailmain\.rutgers\.edu/"
+	<rule from="^http://mailmain\.rutgers\.edu/"
 		to="https://email.rutgers.edu/" />
 
 	<rule from="^http://(parktran|rudots)\.rutgers\.edu/"
 		to="https://gobble.rutgers.edu/" />
 
-	<rule from="^https?://www\.rce\.rutgers\.com/money/pdfs/"
+	<rule from="^http://www\.rce\.rutgers\.com/money/pdfs/"
 		to="https://njaes.rutgers.com/money/pdfs/" />
 
-	<rule from="^https?://mygraddate\.sas\.rutgers\.edu/"
+	<rule from="^http://mygraddate\.sas\.rutgers\.edu/"
 		to="https://secure.sas.rutgers.edu/apps/mymajor/" />
 
-	<rule from="^https?://mymajor\.sas\.rutgers\.edu/"
+	<rule from="^http://mymajor\.sas\.rutgers\.edu/"
 		to="https://secure.sas.rutgers.edu/apps/mymajor/" />
 
-	<rule from="^https?://webreg\.rutgers\.edu/"
+	<rule from="^http://webreg\.rutgers\.edu/"
 		to="https://sims.rutgers.edu/webreg/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Ruweb.ru.xml b/src/chrome/content/rules/Ruweb.ru.xml
new file mode 100644
index 000000000000..95ebe336ddc6
--- /dev/null
+++ b/src/chrome/content/rules/Ruweb.ru.xml
@@ -0,0 +1,6 @@
+<ruleset name="Ruweb.ru">
+	<target host="ruweb.ru" />
+	<target host="www.ruweb.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ruxcon.org.au.xml b/src/chrome/content/rules/Ruxcon.org.au.xml
new file mode 100644
index 000000000000..d0d8d3bc38ec
--- /dev/null
+++ b/src/chrome/content/rules/Ruxcon.org.au.xml
@@ -0,0 +1,12 @@
+<ruleset name="Ruxcon.org.au">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ruxcon.org.au" />
+	<target host="www.ruxcon.org.au" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ruxcon_Breakpoint.com.xml b/src/chrome/content/rules/Ruxcon_Breakpoint.com.xml
index 63535228d4b8..7dfe30c9d12b 100644
--- a/src/chrome/content/rules/Ruxcon_Breakpoint.com.xml
+++ b/src/chrome/content/rules/Ruxcon_Breakpoint.com.xml
@@ -1,10 +1,16 @@
-<ruleset name="Ruxcon Breakpoint.com">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ruxconbreakpoint.com/ => https://ruxconbreakpoint.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.ruxconbreakpoint.com/ => https://www.ruxconbreakpoint.com/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="Ruxcon Breakpoint.com" default_off="failed ruleset test">
 
 	<target host="ruxconbreakpoint.com" />
 	<target host="www.ruxconbreakpoint.com" />
 
 
-	<rule from="^http://(www\.)?ruxconbreakpoint\.com/"
-		to="https://$1ruxconbreakpoint.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Rvb.ru.xml b/src/chrome/content/rules/Rvb.ru.xml
new file mode 100644
index 000000000000..376563a3e11a
--- /dev/null
+++ b/src/chrome/content/rules/Rvb.ru.xml
@@ -0,0 +1,6 @@
+<ruleset name="Rvb.ru">
+	<target host="rvb.ru"/>
+	<target host="www.rvb.ru"/>
+
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/Rxpharmacyusa.com.xml b/src/chrome/content/rules/Rxpharmacyusa.com.xml
index 532a02b93f50..a27667704d9f 100644
--- a/src/chrome/content/rules/Rxpharmacyusa.com.xml
+++ b/src/chrome/content/rules/Rxpharmacyusa.com.xml
@@ -1,13 +1,19 @@
-<ruleset name="rxpharmacyusa.com">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://rxpharmacyusa.com/ => https://rxpharmacyusa.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.rxpharmacyusa.com/ => https://www.rxpharmacyusa.com/: (28, 'Connection timed out after 20000 milliseconds')
+
+-->
+<ruleset name="rxpharmacyusa.com" default_off="failed ruleset test">
 
 	<target host="rxpharmacyusa.com" />
-	<target host="*.rxpharmacyusa.com" />
+	<target host="www.rxpharmacyusa.com" />
 
 
 	<securecookie host="^\.?www\.rxpharmacyusa\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?rxpharmacyusa\.com/"
-		to="https://$1rxpharmacyusa.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Rxportalexpress.com.xml b/src/chrome/content/rules/Rxportalexpress.com.xml
new file mode 100644
index 000000000000..58a5f2973764
--- /dev/null
+++ b/src/chrome/content/rules/Rxportalexpress.com.xml
@@ -0,0 +1,37 @@
+<!--
+	For other Web.com Group coverage, see Web.com.xml.
+
+
+	^rxportalexpress.com: Refused
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.rxportalexpress.com
+
+-->
+<ruleset name="Rxportalexpress.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.rxportalexpress.com" />
+
+	<!--	Complications:
+				-->
+	<target host="rxportalexpress.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.rxportalexpress\.com$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://rxportalexpress\.com/"
+		to="https://www.rxportalexpress.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Rya.nc.xml b/src/chrome/content/rules/Rya.nc.xml
new file mode 100644
index 000000000000..7612357268a9
--- /dev/null
+++ b/src/chrome/content/rules/Rya.nc.xml
@@ -0,0 +1,12 @@
+<ruleset name="rya.nc">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="rya.nc" />
+	<target host="www.rya.nc" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ryanair.com.xml b/src/chrome/content/rules/Ryanair.com.xml
index 24939fb726af..8510d953b290 100644
--- a/src/chrome/content/rules/Ryanair.com.xml
+++ b/src/chrome/content/rules/Ryanair.com.xml
@@ -1,7 +1,17 @@
-<ruleset name="Ryanair.com" platform="mixedcontent">
+<ruleset name="Ryanair.com">
   <target host="www.ryanair.com" />
   <target host="ryanair.com" />
-  <rule from="^http://www\.ryanair\.com/" to="https://www.ryanair.com/"/>
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.ryanair\.com$" name="^(prevPage|s_cc|s_cm|s_cm_dl|s_ev\d+|s_sq)$" /-->
+	<!--securecookie host="^www\.ryanair\.com$" name="^(airport|booking_form_departure_airport|homepage_slider_airport|market|rynsid)$" /-->
+
+	<securecookie host="^(?:www)?\.ryanair\.com$" name=".+" />
+
+
   <rule from="^http://ryanair\.com/" to="https://www.ryanair.com/"/>
+  <rule from="^http:" to="https:" />
 </ruleset>
 
diff --git a/src/chrome/content/rules/Ryedale.gov.uk.xml b/src/chrome/content/rules/Ryedale.gov.uk.xml
new file mode 100644
index 000000000000..e08342d40b40
--- /dev/null
+++ b/src/chrome/content/rules/Ryedale.gov.uk.xml
@@ -0,0 +1,29 @@
+<!--
+	Ryedale District Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *ryedale.gov.uk:
+
+		- (www.)? *
+		- democracy ᵈ
+		- planningregister ʳ
+
+	ᵃ Shows another domain
+	ᵈ Dropped
+	ʳ Refused
+
+-->
+<ruleset name="Ryedale.gov.uk (partial)">
+
+	<target host="vforms.ryedale.gov.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/S-3.com.xml b/src/chrome/content/rules/S-3.com.xml
new file mode 100644
index 000000000000..e947e28d8c8f
--- /dev/null
+++ b/src/chrome/content/rules/S-3.com.xml
@@ -0,0 +1,16 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://s-3.com/ => https://s-3.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.s-3.com/ => https://www.s-3.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+-->
+<ruleset name="S-3.com" default_off="failed ruleset test">
+
+	<target host="s-3.com" />
+	<target host="www.s-3.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/S-Microsoft.com.xml b/src/chrome/content/rules/S-Microsoft.com.xml
new file mode 100644
index 000000000000..e84ff6eadbde
--- /dev/null
+++ b/src/chrome/content/rules/S-Microsoft.com.xml
@@ -0,0 +1,16 @@
+<!--
+	For other Microsoft coverage, see Microsoft.xml.
+
+-->
+<ruleset name="s-Microsoft.com">
+
+	<target host="c.s-microsoft.com" />
+	<target host="i.s-microsoft.com" />
+
+		<test url="http://c.s-microsoft.com/uk-ua/CMSImages/HPFeb15_social_Facebook.png?version=4ca8d27a-4867-1760-3746-c9a9e0cc9881" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/S-Msft.com.xml b/src/chrome/content/rules/S-Msft.com.xml
new file mode 100644
index 000000000000..a2f0dfbf3f30
--- /dev/null
+++ b/src/chrome/content/rules/S-Msft.com.xml
@@ -0,0 +1,115 @@
+<!--
+	For other Microsoft coverage, see Microsoft.xml.
+
+
+	CDN buckets:
+
+		- i.g.social.ms.akadns.net
+
+			- i1.social.s-msft.com
+
+
+	Problematic hosts in s-msft.com:
+
+		- i[1-4].services.social ¹
+		- i[2-4].social *
+		- i[2-4].code.msdn *
+		- i[2-4].gallery.technet *
+
+	¹ Akamai
+	* Mismatched
+
+
+	Fully hosts in *s-msft.com:
+
+		- widgets.membership
+		- i1.code.msdn
+		- i[2-4].code.msdn		(→ i1.code.msdn.s-msft.com)
+		- i1.visualstudiogallery.msdn
+
+		- *.sec:
+
+			- download-codeplex
+			- i-msdn
+			- i-technet
+			- i-vso
+			- i2-technet
+			- i3-vso
+
+		- i[1-4].services.social	(→ services.social.microsoft.com)
+		- i1.social
+		- i[2-4].social			(→ i1.social.s-msft.com)
+		- i1.gallery.technet
+		- i[2-4].gallery.technet	(→ i1.gallery.technet.s-msft.com)
+
+
+	Insecure cookies are set for these hosts:
+
+		- i1.code.msdn.s-msft.com
+
+-->
+<ruleset name="s-Msft.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="widgets.membership.s-msft.com" />
+	<target host="i1.code.msdn.s-msft.com" />
+	<target host="i1.visualstudiogallery.msdn.s-msft.com" />
+	<target host="*.sec.s-msft.com" />
+	<target host="i1.social.s-msft.com" />
+	<target host="i1.gallery.technet.s-msft.com" />
+
+	<!--	Complications:
+				-->
+	<target host="i2.code.msdn.s-msft.com" />
+	<target host="i3.code.msdn.s-msft.com" />
+	<target host="i4.code.msdn.s-msft.com" />
+	<target host="i2.social.s-msft.com" />
+	<target host="i3.social.s-msft.com" />
+	<target host="i4.social.s-msft.com" />
+	<target host="i1.services.social.s-msft.com" />
+	<target host="i2.services.social.s-msft.com" />
+	<target host="i3.services.social.s-msft.com" />
+	<target host="i4.services.social.s-msft.com" />
+	<target host="i2.gallery.technet.s-msft.com" />
+	<target host="i3.gallery.technet.s-msft.com" />
+	<target host="i4.gallery.technet.s-msft.com" />
+
+		<test url="http://widgets.membership.s-msft.com/v1/widgets.js" />
+		<test url="http://i1.code.msdn.s-msft.com/content/common/trans.gif" />
+		<test url="http://i1.code.msdn.s-msft.com/windowsapps/content/common/download.png" />
+		<test url="http://i1.visualstudiogallery.msdn.s-msft.com/content/common/trans.gif" />
+
+		<test url="http://i-msdn.sec.s-msft.com/Areas/Centers/Themes/StandardDevCenter/Content/HeaderFooterSprite.png" />
+		<test url="http://i-msdn.sec.s-msft.com/Areas/Epx/Themes/Office/Content/ImageSprite.png" />
+		<test url="http://i-msdn.sec.s-msft.com/dynimg/IC711386.png" />
+		<test url="http://i-vso.sec.s-msft.com/Areas/VisualStudio/Themes/VStudio/Content/ImageSprite.png" />
+		<test url="http://i-vso.sec.s-msft.com/Combined.css" />
+		<test url="http://i3-vso.sec.s-msft.com/dynimg/IC796831.png" />
+
+		<test url="http://i1.social.s-msft.com/globalresources/Images/trans.gif" />
+		<test url="http://i1.social.s-msft.com//globalresources/Images/trans.gif" />
+		<test url="http://i1.gallery.technet.s-msft.com/scriptcenter/content/common/sharethis/facebook.gif" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^i1\.code\.msdn\.s-msft.com$" name="^ssostate$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://i[2-4]\.(code\.msdn|social|gallery\.technet)\.s-msft\.com/"
+		to="https://i1.$1.s-msft.com/" />
+
+		<test url="http://i2.code.msdn.s-msft.com/windowsapps/content/common/download.png" />
+		<test url="http://i2.social.s-msft.com/globalresources/Images/trans.gif" />
+		<test url="http://i2.gallery.technet.s-msft.com/scriptcenter/content/common/sharethis/facebook.gif" />
+
+	<rule from="^http://i[1-4]\.services\.social\.s-msft\.com/"
+		to="https://services.social.microsoft.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/S-ajfan.com.xml b/src/chrome/content/rules/S-ajfan.com.xml
new file mode 100644
index 000000000000..731f4b083481
--- /dev/null
+++ b/src/chrome/content/rules/S-ajfan.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="S-ajfan.com" platform="mixedcontent">
+	<target host="s-ajfan.com" />
+	<target host="www.s-ajfan.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/S-msn.com.xml b/src/chrome/content/rules/S-msn.com.xml
index 105c7f3190ba..dd2b0944b9fc 100644
--- a/src/chrome/content/rules/S-msn.com.xml
+++ b/src/chrome/content/rules/S-msn.com.xml
@@ -1,4 +1,16 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://entcss.s-msn.com/ => https://entcss.s-msn.com/: (6, 'Could not resolve host: entcss.s-msn.com')
+Fetch error: http://entimg.s-msn.com/ => https://entimg.s-msn.com/: (6, 'Could not resolve host: entimg.s-msn.com')
+Fetch error: http://blu.stb.s-msn.com/ => https://blu.stb.s-msn.com/: (6, 'Could not resolve host: blu.stb.s-msn.com')
+Fetch error: http://blu.stc.s-msn.com/ => https://blu.stc.s-msn.com/: (6, 'Could not resolve host: blu.stc.s-msn.com')
+Fetch error: http://col.stb00.s-msn.com/ => https://col.stb00.s-msn.com/: (6, 'Could not resolve host: col.stb00.s-msn.com')
+Fetch error: http://col.stb01.s-msn.com/ => https://col.stb01.s-msn.com/: (6, 'Could not resolve host: col.stb01.s-msn.com')
+Fetch error: http://kaw.stb.s-msn.com/ => https://kaw.stb.s-msn.com/: (6, 'Could not resolve host: kaw.stb.s-msn.com')
+Fetch error: http://col.stc.s-msn.com/ => https://col.stc.s-msn.com/: (6, 'Could not resolve host: col.stc.s-msn.com')
+Fetch error: http://wst.s-msn.com/ => https://wst.s-msn.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+
 	For other Microsoft coverage, see Microsoft.xml.
 
 
@@ -16,26 +28,23 @@
 
 		- sgsts.msn.com.edgesuite.net | sgst.sin.cb3.glbdns.microsoft.com
 
-			- a38.g2.akamai.net
 			- sgst[cj].msn.com
 			- sin.st[cjs].s-msn.com
 
+		- legstatics.s-msn.com.edgesuite.net
+
+			- cpc.db3.s-msn.com
+
 		- sgstb0[01]-s.msn.com.edgesuite.net | sgstb.sin.cb3.glbdns.microsoft.com
 
-			- a1574.g2.akamai.net
 			- sin.stb0[01].s-msn.com
 
 		- img1.video.s-msn.com.edgesuite.net
-
 		- img2.video.s-msn.com.edgesuite.net
-
-			- a1189.g2.akamai.net
-
 		- img.widgets.video.s-msn.com.edgesuite.net
 
 		- colstb.co1.cb3.glbdns.microsoft.com
 
-			- a1910.g2.akamai.net
 			- col.stb00.s-msn.com
 
 		- msnvidprod.vo.msecnd.net
@@ -43,8 +52,9 @@
 			- img1.video.s-msn.com
 
 
-	Nonfunctional subdomains:
+	Nonfunctional hosts in *s-msn.com
 
+		- cpc.db3 *
 		- col.stc *
 		- hlc **
 		- hli **
@@ -52,18 +62,21 @@
 		- kaw.st[bc] **
 		- sin.st[cj]		(504, akamai)
 		- img[12].video *
-		- img.widgets.video *
 
 	* 503, akamai
 	** Times out
 
 
-	Problematic subdomains:
+	Problematic hosts in *s-msn.com:
 
 		- cpc.db3		(mismatched, CN: images.partner.windowsphone.com)
 
 		- *.st
 
+		- static *
+		- static-hp		504, Akamai
+		- static-finance-neu *
+
 		- *.stb
 
 			- col
@@ -73,13 +86,11 @@
 
 		- *.stb\d*
 
-			- col.stb00 *
 			- db2.stb0[01] **
 			- sin.stb00 *
 
 		- *.stc
 
-			- col
 			- db2
 			- db3
 			- kaw
@@ -89,51 +100,48 @@
 			- db2.stj
 
 		- img3.catalog.video *
-
+		- img.widgets.video *
 
 	* Works, akamai
 	** CN: *.sharepointonline.com; works
 
-
-	Fully covered subdomains:
-
-		- cpc.db3	(→ msn.vo.msecnd.net)
-		- entcss
-		- entimg
-		- media-social
-		- blu.st[bc]
-		- kaw.stb
-		- sin.stb *
-		- col.stb00 *
-		- sin.stb0[01] *
-		- st[cj]-now
-
-	* → akamai
-
 -->
-<ruleset name="s-msn.com (partial)">
-
-	<target host="*.s-msn.com" />
-
-
-	<rule from="^http://(entcss|entimg|media-social|blu\.st[bc]|kaw\.stb|st[cj]-now)\.s-msn\.com/"
-		to="https://$1.s-msn.com/" />
-
-	<rule from="^http://cpc\.db3\.s-msn\.com/"
-		to="https://msn.vo.msecnd.net/" />
-
-	<rule from="^http://sin\.stb\.s-msn\.com/"
-		to="https://a248.e.akamai.net/f/1574/354/10m/sin.stb.s-msn.com/" />
-
-	<rule from="^http://col\.stb00\.s-msn\.com/"
-		to="https://a248.e.akamai.net/f/1910/6648/3d/col.stb00.s-msn.com/" />
-
-	<rule from="^http://sin\.stb0(0|1)\.s-msn\.com/"
-		to="https://a248.e.akamai.net/f/1574/5119/5m/sin.stb0$1.s-msn.com/" />
+<ruleset name="s-msn.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="entcss.s-msn.com" />
+	<target host="entimg.s-msn.com" />
+	<target host="img.s-msn.com" />
+	<target host="media-social.s-msn.com" />
+	<target host="static-hp-eus.s-msn.com" />
+	<target host="blu.stb.s-msn.com" />
+	<target host="blu.stc.s-msn.com" />
+	<target host="col.stb00.s-msn.com" />
+	<target host="col.stb01.s-msn.com" />
+	<target host="kaw.stb.s-msn.com" />
+	<target host="col.stc.s-msn.com" />
+	<target host="stc-now.s-msn.com" />
+	<target host="stj-now.s-msn.com" />
+	<target host="wst.s-msn.com" />
+
+	<!--	Complications:
+				-->
+	<target host="static-hp.s-msn.com" />
+
+
+	<!--	Serves stylesheets, so we cannot
+		rewrite to akamai.
+					-->
+	<rule from="^http://static-hp\.s-msn\.com/"
+		to="https://preview.msn.com/" />
 
 	<!--	Moved to akamai and broke:
 
 	<rule from="^http://(\w+)\.st(b|c|j)?\d*\.s-msn\.com/"
 		to="https://$1.st$2.s-msn.com/" /-->
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/S-nbcnews.com.xml b/src/chrome/content/rules/S-nbcnews.com.xml
deleted file mode 100644
index 3a2d6f1c6cc6..000000000000
--- a/src/chrome/content/rules/S-nbcnews.com.xml
+++ /dev/null
@@ -1,30 +0,0 @@
-<!--
-	For other National Broadcasting Company coverage, see National-Broadcasting-Company.xml.
-
-
-	CDN buckets:
-
-		- www.msnbc.msn.com.c.footprint.net
-
-			- media[1-4].s-nbcnews.com
-
-
-	Problematic subdomains:
-
-		- media[1-4]	(dropped)
-
-
-	Fully covered subdomains:
-
-		- media[1-4]	(→ akamai)
-
--->
-<ruleset name="s-nbcnews.com" default_off="sometimes 403s">
-
-	<target host="*.s-nbcnews.com" />
-
-
-	<rule from="^http://media(\d)\.s-nbcnews\.com/"
-		to="https://a248.e.akamai.net/f/1127/793/9m/msnbcmedia$1.msn.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/S.to.xml b/src/chrome/content/rules/S.to.xml
new file mode 100644
index 000000000000..8d21909f7a3a
--- /dev/null
+++ b/src/chrome/content/rules/S.to.xml
@@ -0,0 +1,14 @@
+<ruleset name="S.to">
+	<target host="s.to" />
+	<target host="www.s.to" />
+	<target host="serien.vc" />
+	<target host="www.serien.vc" />
+	<target host="serien.sx" />
+	<target host="www.serien.sx" />
+	<target host="serienstream.sx" />
+	<target host="www.serienstream.sx" />
+	<target host="serienstream.to" />
+	<target host="www.serienstream.to" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/S2-Games-mismatches.xml b/src/chrome/content/rules/S2-Games-mismatches.xml
index 7c7c9e9a8553..1e5b16f78477 100644
--- a/src/chrome/content/rules/S2-Games-mismatches.xml
+++ b/src/chrome/content/rules/S2-Games-mismatches.xml
@@ -1,10 +1,9 @@
 <!--	ToDo: find edgecastcdn bucket
 -->
-<ruleset name="S2 Games (mismatches)" default_off="mismatch" platform="mixedcontent">
+<ruleset name="S2 Games (mismatches)" default_off="mismatched" platform="mixedcontent">
 
 	<target host="dl.heroesofnewerth.com"/>
 
-	<rule from="^http://dl\.heroesofnewerth\.com/"
-		to="https://dl.heroesofnewerth.com/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/S2-Games.xml b/src/chrome/content/rules/S2-Games.xml
index 71f211258950..d51493adf3d3 100644
--- a/src/chrome/content/rules/S2-Games.xml
+++ b/src/chrome/content/rules/S2-Games.xml
@@ -1,12 +1,22 @@
-<ruleset name="S2 Games (partial)">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://savage2.com/ => https://savage2.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.savage2.com/ => https://savage2.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://savage2.com/ => https://savage2.com/: Redirect for 'http://savage2.com/en/' missing Location
+Fetch error: http://www.savage2.com/ => https://savage2.com/: Redirect for 'http://www.savage2.com/en/' missing Location
+-->
+<ruleset name="S2 Games (partial)" default_off="failed ruleset test">
 
 	<target host="heroesofnewerth.com"/>
 	<target host="www.heroesofnewerth.com"/>
 	<target host="savage2.com"/>
 	<target host="www.savage2.com"/>
 
-	<securecookie host="^(.*\.)?heroesofnewerth\.com$" name=".*"/>
-	<securecookie host="^savage2\.com$" name=".*"/>
+	<securecookie host="^(?:.*\.)?heroesofnewerth\.com$" name=".+" />
+	<securecookie host="^savage2\.com$" name=".+" />
 
 	<rule from="^http://(www\.)?heroesofnewerth\.com/"
 		to="https://$1heroesofnewerth.com/"/>
diff --git a/src/chrome/content/rules/S2Media.xml b/src/chrome/content/rules/S2Media.xml
index a76f66172d38..aabe8a5041a3 100644
--- a/src/chrome/content/rules/S2Media.xml
+++ b/src/chrome/content/rules/S2Media.xml
@@ -1,16 +1,12 @@
-<ruleset name="S2Media (mismatches)" default_off="Certificate mismatch">
+<ruleset name="S2Media (mismatches)" default_off="mismatched">
 
-	<target host="layer-ads.de"/>
-	<target host="www.layer-ads.de"/>
 	<target host="s2media.be"/>
 	<target host="www.s2media.be"/>
 	<target host="s2mediadigital.com"/>
 	<target host="www.s2mediadigital.com"/>
 
-	<rule from="^http://(www\.)?layer-ads\.de/" to="https://layer-ads.de/"/>
-
 	<rule from="^http://(www\.)?s2media(\.be|digital\.com)/" to="https://www.s2media$2/"/>
 
-	<securecookie host="^(www\.)?s2media(\.be|digital\.com)$" name=".*"/>
+	<securecookie host="^(?:www\.)?s2media(?:\.be|digital\.com)$" name=".+" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/S2Member.com-falsemixed.xml b/src/chrome/content/rules/S2Member.com-falsemixed.xml
deleted file mode 100644
index bbb94d87fcbb..000000000000
--- a/src/chrome/content/rules/S2Member.com-falsemixed.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	For rules not causing false/broken MCB, see S2Member.com.xml.
-
--->
-<ruleset name="s2Member.com (false MCB)" platform="mixedcontent">
-
-	<target host="*.s2member.com" />
-		<!--
-			Handled in S2Member.com.xml:
-							-->
-		<!--exclusion pattern="^http://www\.s2member\.com/(affiliates/API/|favicon\.ico|s-badges/|wp-content/|wp-includes/)" /-->
-
-
-	<securecookie host="^\.s2member\.com$" name=".+" />
-
-
-	<rule from="^http://www\.s2member\.com/(?!affiliates/API/|favicon\.ico|s-badges/|wp-content/|wp-includes/)"
-		to="https://www.s2member.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/S2Member.com.xml b/src/chrome/content/rules/S2Member.com.xml
deleted file mode 100644
index b5565c55d199..000000000000
--- a/src/chrome/content/rules/S2Member.com.xml
+++ /dev/null
@@ -1,47 +0,0 @@
-<!--
-	For rules causing false/broken MCB, see S2Member.com-falsemixed.xml.
-
-
-	Problematic subdomains:
-
-		- ^	(mismatched, CN: www.websharks-inc.com)
-
-
-	Partially covered subdomains:
-
-		- (www.) *	(^ → www)
-
-	* Avoiding false/broken MCB, reset handled in S2Member.com-falsemixed.xml.
-
-
-	Mixed content:
-
-		- Video on www from www.youtube.com *
-		- Scripts on www from www *
-		- css on www from www *
-		- Images on www from www *
-
-	* Secured by us
-
-
-	Pages are in a separate falsemixed ruleset
-	due to mixed css and scripts from www.
-
--->
-<ruleset name="s2Member.com (partial)">
-
-	<target host="s2member.com" />
-	<target host="www.s2member.com" />
-		<!--
-			Avoid false MCB.
-
-			Blanket rewrite from !www in this ruleset
-			so as to avoid duplicate target warnings.
-									-->
-		<exclusion pattern="^http://www\.s2member\.com/(?!affiliates/API/|favicon\.ico|s-badges/|wp-content/|wp-includes/)" />
-
-
-	<rule from="^http://(?:www\.)?s2member\.com/"
-		to="https://www.s2member.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/SACNAS.xml b/src/chrome/content/rules/SACNAS.xml
index 9d58598a2660..526ec2beb0e2 100644
--- a/src/chrome/content/rules/SACNAS.xml
+++ b/src/chrome/content/rules/SACNAS.xml
@@ -1,4 +1,10 @@
-<ruleset name="SACNAS (partial)">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://sacnas.org/ => https://sacnas.org/: Too many redirects while fetching 'https://sacnas.org/'
+
+-->
+<ruleset name="SACNAS (partial)" default_off="failed ruleset test">
 
 	<target host="sacnas.org"/>
 	<target host="www.sacnas.org"/>
diff --git a/src/chrome/content/rules/SAIC.com.xml b/src/chrome/content/rules/SAIC.com.xml
new file mode 100644
index 000000000000..584468c51094
--- /dev/null
+++ b/src/chrome/content/rules/SAIC.com.xml
@@ -0,0 +1,18 @@
+<!--
+	investors: refused
+
+
+	^: refused
+
+-->
+<ruleset name="SAIC.com (partial)">
+
+	<target host="saic.com" />
+	<target host="www.saic.com" />
+		<!--exclusion pattern="^http://investors\.saic\.com/" /-->
+
+
+	<rule from="^http://(?:www\.)?saic\.com/"
+		to="https://www.saic.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SAKURA_Internet.xml b/src/chrome/content/rules/SAKURA_Internet.xml
index c375f7ab68cc..83f5a072394e 100644
--- a/src/chrome/content/rules/SAKURA_Internet.xml
+++ b/src/chrome/content/rules/SAKURA_Internet.xml
@@ -1,9 +1,77 @@
-<ruleset name="SAKURA Internet (partial)">
+<!--
+	For other SAKURA Internet coverage, see Sakura.ne.jp.xml.
 
+
+	Nonfunctional hosts in *sakura.ad.jp:
+
+		- case ᵃ
+		- cloud ᵈ
+		- cloud-news ʳ
+		- datacenter ᵈ
+		- enterprise ᵈ
+		- ishikari ᵈ
+		- knowledge ᵃ
+		- partner ᵈ
+		- research ʳ
+		- server ᵈ
+		- support ᵈ
+		- vps ᵈ
+
+	ᵃ Shows another domain
+	ᵈ Dropped
+	ʳ Research
+
+
+	Problematic hosts in *sakura.ad.jp:
+
+		- ^ ᵈ
+		- search ᵐ
+
+	ᵈ Dropped, preemptable redirect
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these domains:
+
+		- .secure.sakura.ad.jp
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- search from www.sakura.ad.jp ᵈ
+			- search from image.syncsearch.jp
+
+	ᵈ Unsecurable <= 404
+
+-->
+<ruleset name="SAKURA.ad.jp (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="help.sakura.ad.jp" />
 	<target host="secure.sakura.ad.jp" />
+	<target host="www.sakura.ad.jp" />
+
+	<!--	Complications:
+				-->
+	<target host="sakura.ad.jp" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.secure\.sakura\.ad\.jp$" name="^SAKURARSSIGNUP$" /-->
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+	<securecookie host="^\.secure\." name=".+" />
+
 
+	<rule from="^http://sakura\.ad\.jp/"
+		to="https://www.sakura.ad.jp/" />
 
-	<rule from="^http://secure\.sakura\.ad\.jp/"
-		to="https://secure.sakura.ad.jp/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SALESmanago.pl.xml b/src/chrome/content/rules/SALESmanago.pl.xml
new file mode 100644
index 000000000000..0c0a05d2dc44
--- /dev/null
+++ b/src/chrome/content/rules/SALESmanago.pl.xml
@@ -0,0 +1,13 @@
+<ruleset name="SALESmanago.pl">
+        <target host="salesmanago.pl" />
+        <target host="www.salesmanago.pl" />
+        <target host="app2.salesmanago.pl" />
+        <target host="app3.salesmanago.pl" />
+
+        <securecookie host=".+" name=".+" />
+
+        <rule from="^http:"
+                to="https:" />
+        <test url="http://salesmanago.pl/welcome.htm" />
+        <test url="http://app2.salesmanago.pl/welcome.htm" />
+</ruleset>
diff --git a/src/chrome/content/rules/SALESmango.pl.xml b/src/chrome/content/rules/SALESmango.pl.xml
deleted file mode 100644
index 183b874383e5..000000000000
--- a/src/chrome/content/rules/SALESmango.pl.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="SALESmango.pl">
-
-	<target host="salesmanago.pl" />
-	<target host="*.salesmanago.pl" />
-
-
-	<securecookie host="^(?:w*\.)?salesmango\.pl$" name=".+" />
-
-
-	<rule from="^http://(www\.)?salesmango\.pl/"
-		to="https://$1salesmango.pl/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/SAMBA.xml b/src/chrome/content/rules/SAMBA.xml
index 4e5f3e29d379..348eb770e2ec 100644
--- a/src/chrome/content/rules/SAMBA.xml
+++ b/src/chrome/content/rules/SAMBA.xml
@@ -1,9 +1,15 @@
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://samba.com/ => https://www.samba.com/: (35, 'Unknown SSL protocol error in connection to www.samba.com:443 ')
+-->
 <ruleset name="SAMBA">
   <target host="samba.com" />
-  <target host="*.samba.com" />
+  <target host="sambacapital.samba.com" />
+  <target host="sambatdwl.samba.com" />
+  <target host="sambaonline.samba.com" />
+  <target host="www.samba.com" />
 
   <rule from="^http://samba\.com/"
 	  to="https://www.samba.com/" />
-  <rule from="^http://(sambacapital|sambatdwl|sambaonline|www)\.samba\.com/"
-	  to="https://$1.samba.com/" />
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/SANS-Technology-Institute.xml b/src/chrome/content/rules/SANS-Technology-Institute.xml
deleted file mode 100644
index f4b5c5c0a5e9..000000000000
--- a/src/chrome/content/rules/SANS-Technology-Institute.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	www data differs between http & https.
-
--->
-<ruleset name="SANS Technology Institute (partial)">
-
-	<target host="*.sans.edu" />
-	<!--	* for cross-domain cookie.	-->
-	<target host="*.isc.sans.edu" />
-
-
-	<securecookie host="^\.isc\.sans\.edu$" name=".*" />
-
-
-	<rule from="^http://(isc|portal)\.sans\.edu/"
-		to="https://$1.sans.edu/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/SANS.edu.xml b/src/chrome/content/rules/SANS.edu.xml
new file mode 100644
index 000000000000..1317fa379bb8
--- /dev/null
+++ b/src/chrome/content/rules/SANS.edu.xml
@@ -0,0 +1,22 @@
+<!--
+	SANS Technology Institute
+
+	For other SANS Institute coverage, see SANS.org.xml.
+
+-->
+<ruleset name="SANS.edu">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="sans.edu" />
+	<target host="isc.sans.edu" />
+	<target host="www.sans.edu" />
+
+
+	<securecookie host="^\.isc\.sans\.edu$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SANS.org.xml b/src/chrome/content/rules/SANS.org.xml
new file mode 100644
index 000000000000..a469d9674392
--- /dev/null
+++ b/src/chrome/content/rules/SANS.org.xml
@@ -0,0 +1,59 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://archive.sans.org/ => https://archive.sans.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://isc1.sans.org/ => https://isc1.sans.org/: (7, 'Failed to connect to isc1.sans.org port 443: No route to host')
+Fetch error: http://isc2.sans.org/ => https://isc2.sans.org/: (7, 'Failed to connect to isc2.sans.org port 443: No route to host')
+Fetch error: http://portal.sans.org/ => https://portal.sans.org/: (6, 'Could not resolve host: portal.sans.org')
+Fetch error: http://spam.sans.org/ => https://spam.sans.org/: (7, 'Failed to connect to spam.sans.org port 443: Connection timed out')
+
+	Other SANS Institute rulesets:
+
+		- SANS.edu.xml
+		- Securing_the_Human.org.xml
+
+
+	Mixed content:
+
+		- Image on cyber-defense and digital-forensics from www *
+
+	* Secured by us
+
+-->
+<ruleset name="SANS.org" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="sans.org" />
+	<target host="admin.sans.org" />
+	<target host="archive.sans.org" />
+	<target host="blogs.sans.org" />
+	<target host="cyber-defense.sans.org" />
+	<target host="digital-forensics.sans.org" />
+	<target host="files.sans.org" />
+	<target host="forensics.sans.org" />
+	<target host="isc.sans.org" />
+	<target host="isc1.sans.org" />
+	<target host="isc2.sans.org" />
+	<target host="lists.sans.org" />
+	<target host="mail.sans.org" />
+	<target host="ondemand.sans.org" />
+	<target host="pen-testing.sans.org" />
+	<target host="portal.sans.org" />
+	<target host="pre-software-security.sans.org" />
+	<target host="sic.sans.org" />
+	<target host="software-security.sans.org" />
+	<target host="spam.sans.org" />
+	<target host="survey.sans.org" />
+	<target host="www.sans.org" />
+	<target host="www2.sans.org" />
+	<target host="www3.sans.org" />
+
+
+	<securecookie host="^\.sans\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SANS.xml b/src/chrome/content/rules/SANS.xml
deleted file mode 100644
index 8a41356f83e8..000000000000
--- a/src/chrome/content/rules/SANS.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<ruleset name="SANS">
-
-	<target host="isc.sans.edu" />
-	<target host="sans.org" />
-	<target host="*.sans.org" />
-
-
-	<securecookie host="^\.sans\.org$" name=".+" />
-
-
-	<rule from="^http://isc\.sans\.edu/"
-		to="https://isc.sans.edu/" />
-
-	<rule from="^http://(isc\.|www\.)?sans\.org/"
-		to="https://$1sans.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/SAP.xml b/src/chrome/content/rules/SAP.xml
index 15aa50f058b0..1166c63a64b3 100644
--- a/src/chrome/content/rules/SAP.xml
+++ b/src/chrome/content/rules/SAP.xml
@@ -1,4 +1,10 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cdn.blog-sap.com/ => https://blog.sap.com/: (6, 'Could not resolve host: blog.sap.com')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://cdn.blog-sap.com/ => https://blog.sap.com/: (6, 'Could not resolve host: blog.sap.com')
 	CDN buckets:
 
 		- sapblogs.wpengine.netdna-cdn.com
@@ -48,6 +54,7 @@
 			- sdn		(→ scn)
 			- store
 			- www54
+			- access
 
 
 	Mixed images on scn from www.sdn
@@ -56,7 +63,7 @@ DNS Name: autodiscovery.sap.com
 
 
 -->
-<ruleset name="SAP (partial)">
+<ruleset name="SAP (partial)" default_off="failed ruleset test">
 
 	<target host="cdn.blog-sap.com" />
 	<target host="sap.com" />
@@ -74,7 +81,7 @@ DNS Name: autodiscovery.sap.com
 	<rule from="^http://(?:www\.)?sap\.com/(favicon\.ico|global/(?:js|ui)/)"
 		to="https://www.sap.com/$1" />
 
-	<rule from="^http://(accounts|blogs|help|internalstore|mail|open|scn|www\.sdn|search|store|www54)\.sap\.com/"
+	<rule from="^http://(accounts|blogs|help|internalstore|mail|open|scn|www\.sdn|search|store|www54|access)\.sap\.com/"
 		to="https://$1.sap.com/" />
 
 	<!--	Server drops path:
@@ -82,4 +89,4 @@ DNS Name: autodiscovery.sap.com
 	<rule from="^http://(www\.sc|sd)n\.sap\.com/.*"
 		to="https://scn.sap.com/welcome?original_fqdn=$1n.sap.com" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SAPO.io.xml b/src/chrome/content/rules/SAPO.io.xml
new file mode 100644
index 000000000000..3691eeaf3db4
--- /dev/null
+++ b/src/chrome/content/rules/SAPO.io.xml
@@ -0,0 +1,82 @@
+<!--
+	For more SAPO.pt related rulesets, see SAPO.pt.xml
+
+	Non-functional hosts
+		Timeout was reached:
+			 - cdn-pic-dns01.ns.sapo.io
+			 - cdn-pic-dns02.ns.sapo.io
+
+		SSL peer certificate was not OK:
+			 - 0.fotos.web.sapo.io
+			 - 1.fotos.web.sapo.io
+			 - 2.fotos.web.sapo.io
+			 - 3.fotos.web.sapo.io
+			 - 4.fotos.web.sapo.io
+			 - 5.fotos.web.sapo.io
+			 - 6.fotos.web.sapo.io
+			 - 7.fotos.web.sapo.io
+			 - 8.fotos.web.sapo.io
+			 - 9.fotos.web.sapo.io
+
+		Peer certificate cannot be authenticated with given CA certificates:
+			 - cdn-stg-dns01.ns.staging.sapo.io
+			 - cdn-stg-dns02.ns.staging.sapo.io
+			 - calendarios.web.sapo.io
+			 - cdn-mpm-cache-s04.web.sapo.io
+			 - mail.web.sapo.io
+
+		4xx client error:
+			 - 0-c255036.cdn.sapo.io
+			 - 2-c255036.cdn.sapo.io
+			 - 3-c255036.cdn.sapo.io
+			 - 4-c255036.cdn.sapo.io
+			 - 5-c255036.cdn.sapo.io
+			 - 6-c255036.cdn.sapo.io
+			 - 8-c255036.cdn.sapo.io
+			 - 9-c255036.cdn.sapo.io
+			 - c016222.cdn.sapo.io
+			 - c026204.cdn.sapo.io
+			 - c192168.cdn.sapo.io
+			 - c253214.cdn.sapo.io
+			 - c255036.cdn.sapo.io
+			 - c368686.cdn.sapo.io
+			 - c448069.cdn.sapo.io
+			 - c459190.cdn.sapo.io
+			 - c549959.cdn.sapo.io
+			 - c559878.cdn.sapo.io
+			 - c767794.cdn.sapo.io
+			 - c881088.cdn.sapo.io
+			 - c929897.cdn.sapo.io
+			 - c974076.cdn.sapo.io
+			 - cdn-pic-cache-a02.web.sapo.io
+			 - cdn-pic-cache-a03.web.sapo.io
+			 - cdn-pic-cache-a04.web.sapo.io
+			 - cdn-pic-cache-a05.web.sapo.io
+			 - cdn-pic-cache-a06.web.sapo.io
+			 - cdn-pic-cache-b02.web.sapo.io
+			 - cdn-pic-cache-b03.web.sapo.io
+			 - cdn-pic-cache-b04.web.sapo.io
+			 - cdn-pic-cache-b05.web.sapo.io
+			 - cdn-pic-cache-b06.web.sapo.io
+			 - ink.web.sapo.io
+			 - mail-services.web.sapo.io
+			 - mb.web.sapo.io
+			 - pub.web.sapo.io
+
+		Mixed content blocking (MCB) tiggered:
+			 - fotos.web.sapo.io
+-->
+<ruleset name="SAPO.io (partial)">
+	<target host="sapo.io" />
+	<target host="www.sapo.io" />
+	<target host="*.cdn.sapo.io" />
+		<test url="http://c016222.cdn.sapo.io/1/c016222/imgs/v68/b923280c79373c2/lifestyle/font/merriweather-black-webfont.woff" />
+		<test url="http://c016222.cdn.sapo.io/1/c016222/imgs/v68/b923280c79373c2/lifestyle/img/fridge.png" />
+		<test url="http://c016222.cdn.sapo.io/1/c016222/imgs/v68/b923280c79373c2/lifestyle/js/lifestyle.js" />
+	<target host="1-thumbs.web.sapo.io" />
+	<target host="assets.web.sapo.io" />
+	<target host="makerfaire.web.sapo.io" />
+	<target host="thumbs.web.sapo.io" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SAPO.pt.xml b/src/chrome/content/rules/SAPO.pt.xml
new file mode 100644
index 000000000000..2c0c16e0dc99
--- /dev/null
+++ b/src/chrome/content/rules/SAPO.pt.xml
@@ -0,0 +1,75 @@
+<!--
+	Other SAPO.pt related rulesets:
+		- SAPO.io.xml
+
+	Non-functional hosts
+		Couldn't connect to server:
+			 - canalcop.sapo.pt
+			 - noticias.sapo.pt
+			 - tek.sapo.pt
+			 - viagens.sapo.pt
+
+		Timeout was reached:
+			 - ajuda.sapo.pt
+			 - blogs.sapo.pt
+			 - casalmisterio.blogs.sapo.pt
+			 - gonn1000.blogs.sapo.pt
+			 - henricartoon.blogs.sapo.pt
+			 - joaoferreiradias.blogs.sapo.pt
+			 - ogatonotelhado.blogs.sapo.pt
+			 - soentrenos.blogs.sapo.pt
+			 - desporto.sapo.pt
+			 - jornaleconomico.sapo.pt
+			 - www.jornaleconomico.sapo.pt
+			 - megahits.sapo.pt
+			 - rfm.sapo.pt
+			 - rr.sapo.pt
+
+		SSL peer certificate was not OK:
+			 - auto.sapo.pt
+			 - emprego.sapo.pt
+			 - expresso.sapo.pt
+			 - superstars.kids.sapo.pt
+			 - portocanal.sapo.pt
+			 - sicnoticias.sapo.pt
+
+		Secure connection redirects to plaintext:
+			 - estrelaseouricos.sapo.pt
+			 - sobre.sapo.pt
+
+		Different content:
+			 - revistacaesecia.sapo.pt
+			 - revistacarros.sapo.pt
+			 - revistamotos.sapo.pt
+
+		Mixed content blocking (MCB) tiggered:
+			 - farmacias.sapo.pt
+			 - greensavers.sapo.pt
+			 - pplware.sapo.pt
+			 - tempo.sapo.pt
+-->
+<ruleset name="SAPO.pt (partial)">
+	<target host="sapo.pt" />
+	<target host="www.sapo.pt" />
+	<target host="24.sapo.pt" />
+	<target host="casa.sapo.pt" />
+	<target host="elle.sapo.pt" />
+	<target host="ionline.sapo.pt" />
+	<target host="js.sapo.pt" />
+	<target host="kbb.sapo.pt" />
+	<target host="lifestyle.sapo.pt" />
+	<target host="mag.sapo.pt" />
+	<target host="mail.sapo.pt" />
+	<target host="mood.sapo.pt" />
+	<target host="nationalgeographic.sapo.pt" />
+	<target host="promos.sapo.pt" />
+	<target host="publicidade.sapo.pt" />
+	<target host="restaurantes.sapo.pt" />
+	<target host="sol.sapo.pt" />
+	<target host="ticketline.sapo.pt" />
+	<target host="transfer.sapo.pt" />
+	<target host="videos.sapo.pt" />
+	<target host="voucher.sapo.pt" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SAS_Institute.xml b/src/chrome/content/rules/SAS_Institute.xml
index 64a31c428dd2..5df0f2fbcf39 100644
--- a/src/chrome/content/rules/SAS_Institute.xml
+++ b/src/chrome/content/rules/SAS_Institute.xml
@@ -1,26 +1,54 @@
 <!--
+	SAS Institute
+
 	Other SAS Institute rulesets:
 
 		- Aimatch.com.xml
 
+
+	Insecure cookies are set for these hosts:
+
+		- sas.com
+		- communities.sas.com
+		- support.sas.com
+		- www.sas.com
+
+
+	Mixed content:
+
+		- css on support from $self ¹ ²
+		- Font on support from www.sas.com ¹
+
+	¹ Secured by us
+	² Only affects printing
+
 -->
-<ruleset name="SAS Institute">
+<ruleset name="SAS.com">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="sas.com" />
-	<target host="*.sas.com" />
+	<target host="communities.sas.com" />
+	<target host="login.sas.com" />
+	<target host="support.sas.com" />
+	<target host="www.sas.com" />
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(support\.|www\.)?sas\.com$" name="^BIGipServer[\w.-]+$" /-->
+	<!--securecookie host="^(communities|support)\.sas\.com$" name="^JSESSIONID$" /-->
+	<!--securecookie host="^communities\.sas\.com$" name="^jive\.server\.info" /-->
 
 	<!--	Observed cookie domains:
 
-			- ^
 			- .
 			- login
-			- www
 				-->
-	<securecookie host="^(?:.*\.)?sas\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(login\.|www\.)?sas\.com/"
-		to="https://$1sas.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SATA-IO.org.xml b/src/chrome/content/rules/SATA-IO.org.xml
index 81c2e8d3947e..37e5b3d8b566 100644
--- a/src/chrome/content/rules/SATA-IO.org.xml
+++ b/src/chrome/content/rules/SATA-IO.org.xml
@@ -1,4 +1,11 @@
-<ruleset name="SATA-IO.org">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://sata-io.org/ => https://www.sata-io.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.sata-io.org/ => https://www.sata-io.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+-->
+<ruleset name="SATA-IO.org" default_off="failed ruleset test">
 
 	<target host="sata-io.org" />
 	<target host="www.sata-io.org" />
diff --git a/src/chrome/content/rules/SAT_symposium.org.xml b/src/chrome/content/rules/SAT_symposium.org.xml
new file mode 100644
index 000000000000..da97b4fbc286
--- /dev/null
+++ b/src/chrome/content/rules/SAT_symposium.org.xml
@@ -0,0 +1,17 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://satsymposium.org/ => https://satsymposium.org/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.satsymposium.org/ => https://www.satsymposium.org/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="SAT symposium.org" default_off="failed ruleset test">
+
+	<target host="satsymposium.org" />
+	<target host="www.satsymposium.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SAnet.cd.xml b/src/chrome/content/rules/SAnet.cd.xml
new file mode 100644
index 000000000000..338ba409bd3f
--- /dev/null
+++ b/src/chrome/content/rules/SAnet.cd.xml
@@ -0,0 +1,14 @@
+<ruleset name="SAnet.cd">
+	<target host="sanet.cd"/>
+	<target host="www.sanet.cd"/>
+	<target host="filehosting.sanet.cd"/>
+	<target host="img.sanet.cd"/>
+		<test url="http://img.sanet.cd/i/js/all_cd51f8166c2c4653edaa972586284acd.js"/>
+	<target host="my.sanet.cd"/>
+	<target host="tags.sanet.cd"/>
+	<target host="users.sanet.cd"/>
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/SB-Innovation.de.xml b/src/chrome/content/rules/SB-Innovation.de.xml
index 24bf97d969a8..a007555f5c01 100644
--- a/src/chrome/content/rules/SB-Innovation.de.xml
+++ b/src/chrome/content/rules/SB-Innovation.de.xml
@@ -4,10 +4,10 @@
 	<target host="*.sb-innovation.de" />
 
 
-	<securecookie host="^(.*\.)?sb-innovation\.de$" name=".*" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://([\w\-]+\.)?sb-innovation\.de/"
+	<rule from="^http://(?:[\w\-]+\.)?sb-innovation\.de/"
 		to="https://www.sb-innovation.de/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/SB-Nation.xml b/src/chrome/content/rules/SB-Nation.xml
index cd6c1fdb7b62..f2fbbd1d8312 100644
--- a/src/chrome/content/rules/SB-Nation.xml
+++ b/src/chrome/content/rules/SB-Nation.xml
@@ -1,7 +1,5 @@
 <!--
-	Other Vox Media rulesets:
-
-		- The-Verge.xml
+	For other Vox Media coverage, see Vox.com.xml.
 
 
 	CDN buckets:
@@ -9,71 +7,44 @@
 	- s3.amazonaws.com/assets.sbnation.com/
 	- chalk-images.s3.amazonaws.com
 
-	- ddrgqsxlcy7wq.cloudfront.net
-
-		- cdn[0-3].sbnation.com
-
 	- 1876.voxcdn.com		(404s over https)
 	- 1876-fonts.voxcdn.com		(403 over http; 404 over -s)
 
-	- sbnation-d3.openxenterprise.com
 	- sbnation.theresumator.com
 
 
-	Nonfunctional domains:
+	Nonfunctional hosts in *sbnation.com:
 
-		- (www.)voxmedia.com		(ssl_error_rx_record_too_long)
-		- product.voxmedia.com		(hosted on Tumblr)
+		- blog *
+		- www *
+		- ^ *
+		* Redirect to plain
 
+	Problematic hosts in sbnation.com:
 
-	Fully covered domains:
+		- assets ²
 
-		- cdn[0-3].sbnation.com	(→ ddrgqsxlcy7wq.cloudfront.net)
-		- fonts.sbnation.com	(→ d1jcofl6pfjesh.cloudfront.net)
-
-
-	Data from cdn[0-3] all appear identical
+	² AmazonAWS
 
 -->
-<ruleset name="SB Nation (partial)" platform="mixedcontent">
+<ruleset name="SB Nation.com (partial)">
 
-	<target host="sbnation.com" />
-	<target host="*.sbnation.com" />
-	<target host="share.sbndev.net" />
-	<target host="jobs.voxmedia.com" />
+	<!--	Direct rewrites:
+				-->
+	<target host="cdn0.sbnation.com" />
+	<target host="cdn1.sbnation.com" />
+	<target host="cdn2.sbnation.com" />
+	<target host="cdn3.sbnation.com" />
 
+	<!--	Complications:
+				-->
+	<target host="assets.sbnation.com" />
 
 	<!--	Observed cookies:
 			- _session_id
 		-->
-	<securecookie host="^www\.sbnation\.com$" name=".*" />
-
-
-	<!--	When fetched via https, blog
-		points links to http://....:443.
-						-->
-	<rule from="^http://(blog\.|www\.)?sbnation\.com(?::443)?/"
-		to="https://$1sbnation.com/" />
-
-	<rule from="^https?://assets\.sbnation\.com/"
-		to="https://s3.amazonaws.com/assets.sbnation.com/" />
-
-	<rule from="^http://cdn\d\.sbnation\.com/"
-		to="https://ddrgqsxlcy7wq.cloudfront.net/" />
-
-	<rule from="^http://fonts\.sbnation\.com/"
-		to="https://d1jcofl6pfjesh.cloudfront.net/" />
-
-	<!--	cert: *.openxenterprise.com	-->
-	<rule from="^https?://ox-d\.sbnation\.com/"
-		to="https://sbnation-d3.openxenterprise.com/" />
-
-	<rule from="^https?://share\.sbndev\.net/"
-		to="https://s3.amazonaws.com/share.sbndev.net/" />
+	<securecookie host="^www\.sbnation\.com$" name=".+" />
 
-	<!--	At least some pages 302 to http.
-							-->
-	<rule from="^https?://jobs\.voxmedia\.com/(css/|favicon\.ico|img/)"
-		to="https://sbnation.theresumator.com/$1" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/SBA-Research.org.xml b/src/chrome/content/rules/SBA-Research.org.xml
new file mode 100644
index 000000000000..f97b6b4d85e2
--- /dev/null
+++ b/src/chrome/content/rules/SBA-Research.org.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- sba-research.org
+		- www.sba-research.org
+
+-->
+<ruleset name="SBA-Research.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="sba-research.org" />
+	<target host="www.sba-research.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?sba-research\.org$" name="^(?:PHPSESSID|wfvt_\d+)$" /-->
+
+	<securecookie host="^(?:www\.)?sba-research\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SBForge.org.xml b/src/chrome/content/rules/SBForge.org.xml
new file mode 100644
index 000000000000..d3342f9ee733
--- /dev/null
+++ b/src/chrome/content/rules/SBForge.org.xml
@@ -0,0 +1,12 @@
+<!--
+	Invalid certificate:
+		ml.sbforge.org
+
+-->
+<ruleset name="SBForge.org">
+
+	<target host="sbforge.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SBI.xml b/src/chrome/content/rules/SBI.xml
index 0f1917a517b8..bb462be14608 100644
--- a/src/chrome/content/rules/SBI.xml
+++ b/src/chrome/content/rules/SBI.xml
@@ -1,8 +1,59 @@
-<ruleset name="StateBankOfIndia">
-  <target host="sbi.co.in" />
-  <target host="www.sbi.co.in" />
 
-  <securecookie host="^(.+\.)?sbi\.co\.in$" name=".*"/>
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://sbiforsme.sbi.co.in/ => https://sbiforsme.sbi.co.in/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	Other SBI (State Bank of India) rulesets:
+
+		- OnlineSBI.com.xml
+
+
+	Problematic hosts:
+
+		- sbi.co.in ¹
+
+	¹ Mismatched
+
+
+	Fully covered hosts:
+
+		- (www.)?	(^ → www)
+		- aspirations
+		- ems
+		- mab
+		- msb
+		- mybanklearning
+		- sbiapp
+		- sbiforsme
+		- social
+		- vijaypath
+
+-->
+<ruleset name="StateBankOfIndia" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="aspirations.sbi.co.in" />
+	<target host="ems.sbi.co.in" />
+	<target host="mab.sbi.co.in" />
+	<target host="msb.sbi.co.in" />
+	<target host="mybanklearning.sbi.co.in" />
+	<target host="sbiapp.sbi.co.in" />
+	<target host="sbiforsme.sbi.co.in" />
+	<target host="social.sbi.co.in" />
+	<target host="vijaypath.sbi.co.in" />
+	<target host="www.sbi.co.in" />
+
+	<!--	Complications:
+				-->
+	<target host="sbi.co.in" />
+
+	<securecookie host="^(?:.+\.)?sbi\.co\.in$" name=".+" />
+
+	<rule from="^http://sbi\.co\.in/"
+		to="https://www.sbi.co.in/"/>
+
+	<rule from="^http:"
+		to="https:" />
 
-  <rule from="^http://(?:www\.)?sbi\.co\.in/" to="https://www.sbi.co.in/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/SBV_Improver.com.xml b/src/chrome/content/rules/SBV_Improver.com.xml
new file mode 100644
index 000000000000..895154180058
--- /dev/null
+++ b/src/chrome/content/rules/SBV_Improver.com.xml
@@ -0,0 +1,15 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://sbvimprover.com/ => https://sbvimprover.com/: (7, 'Failed to connect to sbvimprover.com port 443: Connection timed out')
+
+-->
+<ruleset name="SBV Improver.com" default_off="failed ruleset test">
+
+	<target host="sbvimprover.com" />
+	<target host="www.sbvimprover.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SC.edu.xml b/src/chrome/content/rules/SC.edu.xml
new file mode 100644
index 000000000000..1690024ce526
--- /dev/null
+++ b/src/chrome/content/rules/SC.edu.xml
@@ -0,0 +1,32 @@
+<!--
+	University of South Carolina
+
+
+	Nonfunctional subdomains:
+
+		- calendar
+		- registrar
+
+
+	Mixed content:
+
+		- css on (www.) from fonts.googleapis.com *
+		- css on artsandsciences from fonts.googleapis.com *
+
+		- Images on artsandsciences from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="SC.edu (partial)">
+
+	<target host="sc.edu" />
+	<target host="artsandsciences.sc.edu" />
+	<target host="giving.sc.edu" />
+	<target host="www.sc.edu" />
+		<!--exclusion pattern="^http://(calendar|registrar)\.sc\.edu/" /-->
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SCADACS.org.xml b/src/chrome/content/rules/SCADACS.org.xml
new file mode 100644
index 000000000000..59e9be301636
--- /dev/null
+++ b/src/chrome/content/rules/SCADACS.org.xml
@@ -0,0 +1,22 @@
+<!--
+	^scadacs.org: Mismatched
+
+-->
+<ruleset name="SCADACS.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.scadacs.org" />
+
+	<!--	Complications:
+				-->
+	<target host="scadacs.org" />
+
+
+	<rule from="^http://scadacs\.org/"
+		to="https://www.scadacs.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SCAMWATCH.gov.au.xml b/src/chrome/content/rules/SCAMWATCH.gov.au.xml
new file mode 100644
index 000000000000..653267e369a2
--- /dev/null
+++ b/src/chrome/content/rules/SCAMWATCH.gov.au.xml
@@ -0,0 +1,8 @@
+<ruleset name="SCAMWATCH.gov.au">
+	<target host="scamwatch.gov.au" />
+	<target host="www.scamwatch.gov.au" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SCAP_Sync.com.xml b/src/chrome/content/rules/SCAP_Sync.com.xml
new file mode 100644
index 000000000000..c542195aac49
--- /dev/null
+++ b/src/chrome/content/rules/SCAP_Sync.com.xml
@@ -0,0 +1,19 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://scapsync.com/ => https://scapsync.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.scapsync.com/ => https://www.scapsync.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+	For other Lunarline coverage, see Lunarline.com.xml.
+
+-->
+<ruleset name="SCAP Sync.com" default_off="failed ruleset test">
+
+	<target host="scapsync.com" />
+	<target host="www.scapsync.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SCDN.co.xml b/src/chrome/content/rules/SCDN.co.xml
new file mode 100644
index 000000000000..a17c8d81cbd3
--- /dev/null
+++ b/src/chrome/content/rules/SCDN.co.xml
@@ -0,0 +1,36 @@
+<!--
+	For other Spotify coverage, see Spotify.xml.
+
+
+	CDN buckets:
+
+		- s3.amazonaws.com/scdn/
+
+		- d2c87l0yth4zbw.cloudfront.net
+
+			- cf.scdn.co
+
+
+	Problematic hosts in *scdn.co:
+
+		- cf ¹
+		- origin ²
+
+	¹ Cloudfront/mismatched
+	² Mismatched, CN: *.spotify.com
+
+-->
+<ruleset name="SCDN.co (partial)">
+
+	<!--	Complications:
+				-->
+	<target host="cf.scdn.co" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://cf\.scdn\.co/"
+		to="https://d2c87l0yth4zbw.cloudfront.net/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SCEA.com.xml b/src/chrome/content/rules/SCEA.com.xml
new file mode 100644
index 000000000000..e52d58687a51
--- /dev/null
+++ b/src/chrome/content/rules/SCEA.com.xml
@@ -0,0 +1,57 @@
+<!--
+	For other Sony coverage, see Sony.xml.
+
+
+	CDN buckets:
+
+		- fp.scea.com.c.footprint.net
+			- fp.scea.com
+			- webassets[a-j]?.scea.com
+
+
+	Problematic hosts in *scea.com:
+
+		- (www.)? ᵐ
+		- webassets ᵐ
+		- webassets[a-j] ᵐ
+
+	ᵐ Mismatched
+
+-->
+<ruleset name="SCEA.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="rma.scea.com" />
+
+	<!--	Complications:
+				-->
+	<!--target host="scea.com" /-->
+	<target host="webassetsa.scea.com" />
+	<target host="webassetsb.scea.com" />
+	<target host="webassetsc.scea.com" />
+	<target host="webassetsd.scea.com" />
+	<target host="webassetse.scea.com" />
+	<target host="webassetsf.scea.com" />
+	<target host="webassetsg.scea.com" />
+	<target host="webassetsh.scea.com" />
+	<target host="webassetsi.scea.com" />
+	<target host="webassetsj.scea.com" />
+	<!--target host="www.scea.com" /-->
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<!--	Redirects as so:
+				-->
+	<!--rule from="^http://(?:www\.)?scea\.com/"
+		to="https://us.playstation.com/" /-->
+
+	<rule from="^http://webassets\w\.scea\.com/"
+		to="https://secure.cdn.us.playstation.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SCSK.jp.xml b/src/chrome/content/rules/SCSK.jp.xml
new file mode 100644
index 000000000000..ce16de8f9f76
--- /dev/null
+++ b/src/chrome/content/rules/SCSK.jp.xml
@@ -0,0 +1,14 @@
+<!--
+	^: dropped
+
+-->
+<ruleset name="SCSK.jp">
+
+	<target host="scsk.jp" />
+	<target host="www.scsk.jp" />
+
+
+	<rule from="^http://(?:www\.)?scsk\.jp/"
+		to="https://www.scsk.jp/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SCaron.info.xml b/src/chrome/content/rules/SCaron.info.xml
new file mode 100644
index 000000000000..e66e7b701cc1
--- /dev/null
+++ b/src/chrome/content/rules/SCaron.info.xml
@@ -0,0 +1,20 @@
+<!--
+	www.scaron.info: Mismatched
+
+-->
+<ruleset name="SCaron.info">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="scaron.info" />
+
+	<target host="www.scaron.info" />
+
+
+	<rule from="^http://www\.scaron\.info/"
+		to="https://scaron.info/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SDA.it.xml b/src/chrome/content/rules/SDA.it.xml
new file mode 100644
index 000000000000..7ca3d24fdf09
--- /dev/null
+++ b/src/chrome/content/rules/SDA.it.xml
@@ -0,0 +1,32 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.sda.it/ => https://www.sda.it/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	For other Poste Italiane coverage, see Poste.it.xml.
+
+
+	Nonfunctional hosts in *sda.it:
+
+		- m *
+
+	* Dropped
+
+
+	^sda.it doesn't exist.
+
+-->
+<ruleset name="SDA.it (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.sda.it" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SDI-Tool.org.xml b/src/chrome/content/rules/SDI-Tool.org.xml
new file mode 100644
index 000000000000..2866803b2d7d
--- /dev/null
+++ b/src/chrome/content/rules/SDI-Tool.org.xml
@@ -0,0 +1,13 @@
+<!--
+	Mismatched:
+		www.sdi-tool.org
+-->
+<ruleset name="SDI-Tool.org">
+	<target host="sdi-tool.org" />
+	<target host="www.sdi-tool.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://www\.sdi-tool\.org/" to="https://sdi-tool.org/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SDSC.edu.xml b/src/chrome/content/rules/SDSC.edu.xml
new file mode 100644
index 000000000000..ef297345822d
--- /dev/null
+++ b/src/chrome/content/rules/SDSC.edu.xml
@@ -0,0 +1,18 @@
+<!--
+	San Diego Supercomputer Center
+
+	For other UCSD coverage, see UCSD.edu.xml.
+
+
+	^sdsc.edu doesn't exist.
+
+-->
+<ruleset name="SDSC.edu">
+
+	<target host="lists.sdsc.edu" />
+	<target host="www.sdsc.edu" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SDSU.edu.xml b/src/chrome/content/rules/SDSU.edu.xml
new file mode 100644
index 000000000000..a4dc2ee7f7c3
--- /dev/null
+++ b/src/chrome/content/rules/SDSU.edu.xml
@@ -0,0 +1,322 @@
+<!--
+	San Diego State University
+
+
+	CDN buckets:
+
+		- sdsu.ezaxess.com
+
+			- m
+
+
+	Nonfunctional subdomains:
+
+		- advancement ¹
+		- affiliated ²
+		- anr ¹
+		- anthropology ³
+		- attila ⁴
+		- azteclink ²
+		- bfa ²
+		- cal ³
+		- www.dps ²
+		- eal ³
+		- engineering ⁴
+		- eon ²
+		- fa ³
+		- www.foundation ⁴
+		- geography ¹
+		- gammagamma ³
+		- helpdesk ²
+		- hobbit ⁵
+		- hr ²
+		- hpwren ¹
+		- infodome ¹
+		- infoguides ⁶
+		- www.ivcampus ¹
+		- jason ⁴
+		- lasso ³
+		- latinamericanstudies ³
+		- lauer ³
+		- library ¹
+		- m.library ¹
+		- libst ³
+		- mintaka ¹
+		- pacific ¹
+		- www.physics ⁷
+		- police ²
+		- sdsucard ²
+		- www.sci ⁸
+		- sustainability ³
+		- tns ²
+		- www.tto ¹
+		- university-stats ⁹
+		- volta ⁴
+		- wifire ¹
+		- (www.)writingcenter ³
+
+	¹ Dropped
+	² 403
+	³ Shows www-rohan
+	⁴ Refused
+	⁵ Data differ between http & https
+	⁶ Redirects to http
+	⁷ Shows www.sci
+	⁸ Prints text
+	⁹ Shows esit
+
+
+	Problematic subdomains:
+
+		- arweb ¹
+		- (www.)as ²
+		- aztecgrad ³
+		- campaign ⁴
+		- chhs ¹
+		- coe ⁵
+		- commonexperience ³
+		- crs ³
+		- csp ³
+		- ctl ⁶
+		- dus ³
+		- dusstudyabroad ³
+		- eap ³
+		- www.engineering ³
+		- ens ¹
+		- honorscouncil ³
+		- www.isc ⁷
+		- liberalstudiesengland ³
+		- m ⁸
+		- newcenter ¹
+		- oip ³
+		- onsf ³
+		- psfa ⁹
+		- www.sa ⁷
+		- sage ³
+		- servicelearning ³
+		- slhs ¹
+		- socialwork ¹
+		- starter ⁷
+		- status ³
+		- sustainablemap ³
+		- tcf ³
+		- undeclared ³
+		- universe ³
+
+	¹ Mixed active content
+	² Mismatched, CN: sharedcert.tierra.net
+	³ Mismatched, CN: newscenter.sdsu.edu
+	⁴ iModules
+	⁵ Refused
+	⁶ Shows www
+	⁷ Mismatched, CN: studentaffairs.sdsu.edu
+	⁸ Herokuapp, mixed css
+	⁹ Configured for <=ssl3 only
+
+
+	Partially covered subdomains:
+
+		- arweb ¹
+		- chhs ¹
+		- ctl ²		(→ go)
+		- ens ¹
+		- newscenter ³
+		- nursing ⁴
+		- phonebook ⁵
+		- slhs ¹
+		- socialwork ¹
+		- www-rohan ⁶
+
+	¹ Avoiding broken MCB
+	² [^?/]+ 404s
+	³ Avoiding valid MCB
+	⁴ $ redirects to http
+	⁵ $ redirects to ealert/
+	⁶ ~academic/, ~cbabroad/$, ~shanghai/ redirect to http
+
+
+	Fully covered subdomains:
+
+		- ali
+		- audhandbook
+		- azteclinkweb
+		- blackboard
+		- campaign		(→ securelb.imodules.com)
+		- www.ces
+		- circuit
+		- cmsweb.cms
+		- coe			(→ go)
+		- esit
+		- filex.foundation
+		- help.foundation
+		- selfservice.foundation
+		- giveonline
+		- go
+		- hhs
+		- infoed
+		- infoguides		(→ library
+		- www.isc		(→ studentaffairs)
+		- jobsfoundation
+		- libpac
+		- m.libpac
+		- piprofile...4443
+		- www.sa		(→ studentaffairs)
+		- scua2
+		- starter		(→ studentaffairs)
+		- studentaffairs
+		- sunspot
+
+
+	These altnames don't exist:
+
+		- uct.sdsu.edu
+
+
+	Insecure cookies are set for these domains:
+
+		- ali
+		- aztecgrad
+		- azteclinkweb
+		- blackboard
+		- www.ces
+		- circuit
+		- .cms
+		- commonexperience
+		- csp
+		- dus
+		- eap
+		- www.engineering
+		- filex.foundation
+		- selfservice.foundation
+		- go
+		- honorscouncil
+		- infoed
+		- libpac
+		- .libpac
+		- m.libpac
+		- newscenter
+		- oip
+		- onsf
+		- sage
+		- servicelearning
+		- status
+		- sunspot
+		- sustainablemap
+		- undeclared
+		- universe
+		- www-rohan
+
+
+	Mixed content:
+
+		- iframes, on:
+
+			- csp from www.surveygizmo.com ¹
+			- newscenter, universe from www.kpbs.org ²
+			- tcf, universe from www.youtube.com ¹
+
+		- css, on:
+
+			- arweb, chhs, ens, slhs, socialwork from $self ¹
+			- (www.)as from as ³
+			- m from files.ezaxess.com ⁴
+
+		- Bug on newscenter from www.facebook.com ¹
+
+	¹ Secured by us
+	² Unsecurable <= 404
+	³ Not secured by us <= mismatched
+	⁴ Not secured by us <= breaks images
+
+-->
+<ruleset name="SDSU.edu (partial)">
+
+	<target host="*.sdsu.edu" />
+		<!--
+			Avoid broken MCB:
+						-->
+		<exclusion pattern="^http://(?:arweb|newscenter)\.sdsu\.edu/(?!.+\.(?:css|gif|jpg|ico|pdf|png)|giving(?:$|[?/]))" />
+		<exclusion pattern="^http://(?:chhs|ens|slhs)\.sdsu\.edu/+(?!wp-content/|wp-includes/)" />
+		<exclusion pattern="^http://socialwork\.sdsu\.edu/+(?!(?:[\w-]+/+)?wp-(?:content|includes)/)" />
+		<!--
+			Redirects to http:
+						-->
+		<!--exclusion pattern="^http://nursing\.sdsu\.edu/$" /-->
+		<!--exclusion pattern="^http://www-rohan\.sdsu\.edu/~(?:academic/|cbabroad/(?!(?:\w+/)?images/)|shanghai/)" /-->
+		<!--
+			More conservatively:
+						-->
+		<exclusion pattern="^http://www-rohan\.sdsu\.edu/~(?!cbabroad/+(?:\w+/)?images/)" />
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://nursing\.sdsu\.edu/+(?!wp-content/|wp-includes/)" />
+		<exclusion pattern="^http://phonebook\.sdsu\.edu/+(?!ealert(?:$|[?/]))" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--ecurecookie host="^(\.|\.libpac)\.sdsu\.edu$" name="^SESSION_LANGUAGE$" /-->
+	<!--ecurecookie host="^azteclinkweb\.sdsu\.edu$" name="^WWV_CUSTOM-F_\d{16}_\d{3}$" /-->
+	<!--ecurecookie host="^blackboard\.sdsu\.edu$" name="^(NSC_\d+_\w+_(\d{1,3}\.){4}\w+|session_id)$" /-->
+	<!--ecurecookie host="^(circuit|libpac|m\.libpac)\.sdsu\.edu$" name="^SESSION_SCOPE$" /-->
+	<!--ecurecookie host="^\.cms\.sdsu\.edu$" name="^\w{12}-\d+$" /-->
+	<!--ecurecookie host="^filex\.foundation\.sdsu\.edu$" name="^[\da-f]{12}$" /-->
+	<!--ecurecookie host="^(ali|aztecgrad|www\.ces|commonexperience|csp|dus|eap|www\.engineering|selfservice\.foundation|giveonline|go|honorscouncil|newscenter|oip|onsf|sage|servicelearning|status|sustainablemap|undeclared|universe)\.sdsu\.edu$" name="^ASP\.NET_SessionId$" /-->
+	<!--ecurecookie host="^selfservice\.foundation\.sdsu\.edu$" name="^AspxAutoDetectCookieSupport$" /-->
+	<!--ecurecookie host="^infoed\.sdsu\.edu$" name="^ASPSESSIONID[A-Z]{8}$" /-->
+	<!--ecurecookie host="^sunspot\.sdsu\.edu$" name="^JSESSIONID$" /-->
+	<!--ecurecookie host="^www-rohan\.sdsu\.edu$" name="^SQMSESSID$" /-->
+
+	<securecookie host="^(?:ali|azteclinkweb|blackboard|www\.ces|circuit|(?:filex|selfservice)\.foundation|giveonline|go|infoed|\.?libpac|m\.libpac|sunspot|www-rohan)\.sdsu\.edu$" name=".+" />
+
+
+	<rule from="^http://campaign\.sdsu\.edu/+(?=$|\?)"
+		to="https://securelb.imodules.com/s/997/campaign13/start.aspx" />
+
+	<rule from="^http://campaign\.sdsu\.edu/"
+		to="https://securelb.imodules.com/" />
+
+	<!--	Redirect drops args:
+					-->
+	<rule from="^http://ctl\.sdsu\.edu/+(?:$|\?.*)"
+		to="https://go.sdsu.edu/dus/ctl/" />
+
+	<!--	Redirect keeps args:
+					-->
+	<rule from="^http://coe\.sdsu\.edu/+(?=$|\?)"
+		to="https://go.sdsu.edu/education/Default.aspx" />
+
+	<rule from="^http://coe\.sdsu\.edu/"
+		to="https://go.sdsu.edu/education/" />
+
+	<!--	Redirect drops path and args:
+						-->
+	<rule from="^http://hobbit\.sdsu\.edu/.*"
+		to="https://library.sdsu.edu/guides/" />
+
+	<!--	Redirect keeps path and args:
+						-->
+	<rule from="^http://www\.isc\.sdsu\.edu/+"
+		to="https://studentaffairs.sdsu.edu/ISC/" />
+
+	<!--	Redirect keeps args:
+					-->
+	<!--rule from="^http://infoguides\.sdsu\.edu/+(?=$|\?)"
+		to="https://library.sdsu.edu/guides/" /-->
+
+	<!--	Redirect drops path and args:
+						-->
+	<!--rule from="^http://infoguides\.sdsu\.edu/.*"
+		to="https://library.sdsu.edu/page-not-found" /-->
+
+	<rule from="^http://piprofile\.sdsu\.edu:4443/"
+		to="https://piprofile.sdsu.edu:4443/" />
+
+	<rule from="^http://(?:www\.sa|starter)\.sdsu\.edu/"
+		to="https://studentaffairs.sdsu.edu/" />
+
+	<rule from="^http://(ali|arweb|audhandbook|azteclinkweb|blackboard|www\.ces|chhs|circuit|cmsweb\.cms|ens|esit|(?:filex|help|selfservice)\.foundation|giveonline|go|hhs|infoed|jobsfoundation|libpac|m\.libpac|newscenter|phonebook|scua2|slhs|socialwork|studentaffairs|sunspot|www-rohan)\.sdsu\.edu/"
+		to="https://$1.sdsu.edu/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SEAGM.com-falsemixed.xml b/src/chrome/content/rules/SEAGM.com-falsemixed.xml
index 12cddbd1e83d..062416a93381 100644
--- a/src/chrome/content/rules/SEAGM.com-falsemixed.xml
+++ b/src/chrome/content/rules/SEAGM.com-falsemixed.xml
@@ -5,13 +5,12 @@
 <ruleset name="SEAGM.com (false MCB)" platform="mixedcontent">
 
 	<target host="seagm.com" />
-	<target host="*.seagm.com" />
+	<target host="www.seagm.com" />
 
 
 	<securecookie host="^\.(?:www\.)?seagm\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?seagm\.com/"
-		to="https://$1seagm.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/SEAGM.com.xml b/src/chrome/content/rules/SEAGM.com.xml
index 8324e9d59045..b547dd6f27fd 100644
--- a/src/chrome/content/rules/SEAGM.com.xml
+++ b/src/chrome/content/rules/SEAGM.com.xml
@@ -18,7 +18,6 @@
 	<target host="static.seagm.com" />
 
 
-	<rule from="^http://static\.seagm\.com/"
-		to="https://static.seagm.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/SEBLOD.com.xml b/src/chrome/content/rules/SEBLOD.com.xml
deleted file mode 100644
index 0fc76b3bf412..000000000000
--- a/src/chrome/content/rules/SEBLOD.com.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	For other Octopoos coverage, see Octopoos.com.xml.
-
--->
-<ruleset name="SEBLOD.com">
-
-	<target host="seblod.com" />
-	<target host="www.seblod.com" />
-
-
-	<securecookie host="^www\.seblod\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?seblod\.com/"
-		to="https://$1seblod.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/SEC-Consult.com.xml b/src/chrome/content/rules/SEC-Consult.com.xml
new file mode 100644
index 000000000000..ce3c85ef5e1f
--- /dev/null
+++ b/src/chrome/content/rules/SEC-Consult.com.xml
@@ -0,0 +1,19 @@
+<!--
+	Nonfunctional subdomains:
+
+		- blog *
+
+	* Blogspot
+
+
+	^sec-consult.com doesn't exist.
+
+-->
+<ruleset name="SEC-Consult.com (partial)">
+
+	<target host="www.sec-consult.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SEL_Inc.com.xml b/src/chrome/content/rules/SEL_Inc.com.xml
new file mode 100644
index 000000000000..d28f048b247c
--- /dev/null
+++ b/src/chrome/content/rules/SEL_Inc.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="SEL Inc.com">
+
+	<target host="selinc.com" />
+	<target host="www.selinc.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SELinux_Project.org.xml b/src/chrome/content/rules/SELinux_Project.org.xml
new file mode 100644
index 000000000000..6be30de6f8a6
--- /dev/null
+++ b/src/chrome/content/rules/SELinux_Project.org.xml
@@ -0,0 +1,40 @@
+<!--
+	www.selinuxproject.org: cert only matches ^selinuxproject.org
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- selinuxproject.org
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="SELinux Project.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="selinuxproject.org" />
+
+	<!--	Complications:
+				-->
+	<target host="www.selinuxproject.org" />
+
+		<!--	Sets cookie without Secure:
+							-->
+		<!--test url="http://selinuxproject.org/w/?title=Special:UserLogin&amp;returnto=Main+Page" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^selinuxproject\.org$" name="^wikidb_session$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://www\.selinuxproject\.org/"
+		to="https://selinuxproject.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SEMABUZZ.COM.xml b/src/chrome/content/rules/SEMABUZZ.COM.xml
index a8d3c54f1316..776755a611f0 100644
--- a/src/chrome/content/rules/SEMABUZZ.COM.xml
+++ b/src/chrome/content/rules/SEMABUZZ.COM.xml
@@ -1,10 +1,19 @@
-<ruleset name="SEMABUZZ.COM">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://semabuzz.com/ => https://semabuzz.com/: (51, "SSL: no alternative certificate subject name matches target host name 'semabuzz.com'")
+Fetch error: http://www.semabuzz.com/ => https://www.semabuzz.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.semabuzz.com'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://semabuzz.com/ => https://semabuzz.com/: (28, 'Operation timed out after 0 milliseconds with 0 out of 0 bytes received')
+Fetch error: http://www.semabuzz.com/ => https://www.semabuzz.com/: (28, 'Operation timed out after 0 milliseconds with 0 out of 0 bytes received')
+-->
+<ruleset name="SEMABUZZ.COM" default_off="failed ruleset test">
 
 	<target host="semabuzz.com" />
 	<target host="www.semabuzz.com" />
 
 
-	<rule from="^http://(www\.)?semabuzz\.com/"
-		to="https://$1semabuzz.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/SEMOR.cz.xml b/src/chrome/content/rules/SEMOR.cz.xml
new file mode 100644
index 000000000000..3e1a45bf824d
--- /dev/null
+++ b/src/chrome/content/rules/SEMOR.cz.xml
@@ -0,0 +1,7 @@
+<ruleset name="SEMOR.cz">
+    <target host="semor.cz" />
+    <target host="www.semor.cz" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SEO.com.xml b/src/chrome/content/rules/SEO.com.xml
index f263bde5e575..3bc35cbba52f 100644
--- a/src/chrome/content/rules/SEO.com.xml
+++ b/src/chrome/content/rules/SEO.com.xml
@@ -3,7 +3,6 @@
 	<target host="seo.com" />
 	<target host="www.seo.com" />
 
-	<rule from="^http://(www\.)?seo\.com/"
-		to="https://$1seo.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/SEO_Training_Toronto.xml b/src/chrome/content/rules/SEO_Training_Toronto.xml
index cb67e9ae727e..59aa1b712af5 100644
--- a/src/chrome/content/rules/SEO_Training_Toronto.xml
+++ b/src/chrome/content/rules/SEO_Training_Toronto.xml
@@ -1,13 +1,12 @@
 <ruleset name="SEO Training Toronto">
 
 	<target host="seotrainingtoronto.com" />
-	<target host="*.seotrainingtoronto.com" />
+	<target host="www.seotrainingtoronto.com" />
 
 
 	<securecookie host="(?:www)?\.seotrainingtoronto.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?seotrainingtoronto\.com/"
-		to="https://$1seotrainingtoronto.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SEScoops.xml b/src/chrome/content/rules/SEScoops.xml
index 046623a5715b..ae0815d7e8b3 100644
--- a/src/chrome/content/rules/SEScoops.xml
+++ b/src/chrome/content/rules/SEScoops.xml
@@ -24,4 +24,4 @@
 	<rule from="^http://(?:\d\.|(www\.))?sescoops\.com/"
 		to="https://$1sescoops.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SE_Round_Table.com.xml b/src/chrome/content/rules/SE_Round_Table.com.xml
new file mode 100644
index 000000000000..6aed963ba44b
--- /dev/null
+++ b/src/chrome/content/rules/SE_Round_Table.com.xml
@@ -0,0 +1,16 @@
+<ruleset name="SE Round Table.com">
+
+	<target host="seroundtable.com" />
+	<target host="www.seroundtable.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.seroundtable\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^www\.seroundtable\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SEstatic.fi.xml b/src/chrome/content/rules/SEstatic.fi.xml
deleted file mode 100644
index 3666c09c9eea..000000000000
--- a/src/chrome/content/rules/SEstatic.fi.xml
+++ /dev/null
@@ -1,27 +0,0 @@
-<!--
-	For other Sanoma Corporation coverage, see Sanoma.com.xml.
-
-
-	Sanoma Entertainment Finland
-
-
-	Nonfunctional subdomains:
-
-		- rb[23]	(dropped)
-
-
-	Fully covered subdomains:
-
-		- n
-		- nt
-
--->
-<ruleset name="SEstatic.fi (partial)">
-
-	<target host="*.sestatic.fi" />
-
-
-	<rule from="^http://n(t)?\.sestatic\.fi/"
-		to="https://n$1.sestatic.fi/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/SF-Mail.de.xml b/src/chrome/content/rules/SF-Mail.de.xml
index f8902a691196..36db14ff1f72 100644
--- a/src/chrome/content/rules/SF-Mail.de.xml
+++ b/src/chrome/content/rules/SF-Mail.de.xml
@@ -1,12 +1,20 @@
-<ruleset name="SF-Mail.de" platform="cacert">
 
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://webmail.sf-mail.de/ => https://webmail.sf-mail.de/: (60, 'SSL certificate problem: self signed certificate in certificate chain')
+
+-->
+<ruleset name="SF-Mail.de" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
 	<target host="webmail.sf-mail.de" />
 
 
 	<securecookie host="^webmail\.sf-mail\.de$" name=".+" />
 
 
-	<rule from="^http://webmail\.sf-mail\.de/"
-		to="https://webmail.sf-mail.de/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/SF.net.xml b/src/chrome/content/rules/SF.net.xml
new file mode 100644
index 000000000000..0ef3c740834d
--- /dev/null
+++ b/src/chrome/content/rules/SF.net.xml
@@ -0,0 +1,55 @@
+
+<!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Fetch error: http://apps.sf.net/ => https://apps.sf.net/: (6, 'Could not resolve host: apps.sf.net')
+Fetch error: http://goparallel.sf.net/ => https://goparallel.sf.net/: (7, 'Failed to connect to goparallel.sf.net port 443: Connection refused')
+
+	Related:
+		SourceForge.net.xml
+
+	Failed:
+		(projectname).sf.net
+		e.g. https://doublecmd.sf.net/
+
+	Mismatched:
+		*.cvs.sf.net
+		*.git.sf.net
+		*.svn.sf.net	( equal to *.svn.sourceforge.com )
+		svn.sf.net
+		apps.sf.net
+		goparallel.sf.net
+		images.sf.net
+		lists.sf.net
+-->
+
+<ruleset name="SF.net">
+	<!--	Directly:	-->
+	<target host="sf.net" />
+	<target host="www.sf.net" />
+	<target host="downloads.sf.net" />
+	<target host="p.sf.net" />
+	<target host="prdownloads.sf.net" />
+
+	<!--	Complications:	-->
+	<!-- target host="apps.sf.net" /-->
+	<!-- target host="goparallel.sf.net" /-->
+	<target host="images.sf.net" />
+	<target host="lists.sf.net" />
+
+	<target host="*.svn.sf.net" />
+	<target host="*.code.sf.net" />
+		<test url="http://svn.code.sf.net/p/codeblocks/code/trunk/" />
+		<test url="http://git.code.sf.net/p/udt/git" />
+		<test url="http://git.code.sf.net/p/pykdump/code" />
+		<test url="http://svn.code.sf.net/p/seabreeze/code/trunk/" />
+		<!--<test url="http://hg.code.sf.net/p/ruamel-yaml/code" /> - no anonymous access, see https://sourceforge.net/p/forge/feature-requests/727/ -->
+
+	<rule from="^http://(\w+)\.svn\.sf\.net/"
+			to="https://$1.svn.sourceforge.net/" />
+		<test url="http://docbook.svn.sf.net/svnroot/docbook/trunk/xsl" />
+		<test url="http://jmagick.svn.sf.net/svnroot/jmagick@17" />
+		<test url="http://yap.svn.sf.net/svnroot/yap/trunk@1565" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SFGate.com.xml b/src/chrome/content/rules/SFGate.com.xml
new file mode 100644
index 000000000000..01e7d27fdab8
--- /dev/null
+++ b/src/chrome/content/rules/SFGate.com.xml
@@ -0,0 +1,118 @@
+<!--
+	Non-functional hosts:
+		Certificate mismatch:
+			- a135.sfgate.com
+			- articles.sfgate.com
+			- auto.sfgate.com
+			- autos.sfgate.com
+			- www.autos.sfgate.com
+			- cars.sfgate.com
+			- customer.sfgate.com
+			- dogood.sfgate.com
+			- emails.sfgate.com
+			- events.sfgate.com
+			- www.extra.sfgate.com
+			- findnsave.sfgate.com
+			- healthyeating.sfgate.com
+			- homeguides.sfgate.com
+			- homeresearch.sfgate.com
+			- www.homes.sfgate.com
+			- horizon.sfgate.com
+			- juice-files-staging.sfgate.com
+			- link.sfgate.com
+			- links.sfgate.com
+			- live.sfgate.com
+			- local.sfgate.com
+			- looplink.sfgate.com
+			- www.marketplace.sfgate.com
+			- newhomes.sfgate.com
+			- oascentral.sfgate.com
+			- om.sfgate.com
+			- personalshopper.sfgate.com
+			- remodeling.sfgate.com
+			- sa135.sfgate.com
+			- sfevents.sfgate.com
+			- sports.sfgate.com
+			- stats.sfgate.com
+			- thepress.sfgate.com
+			- video.sfgate.com
+			- virtual2.sfgate.com
+			- wc.sfgate.com
+			- weather.sfgate.com
+		Connection refused:
+			- blog.sfgate.com
+			- dailydeals.sfgate.com
+			- fanshop.sfgate.com
+			- foodandwine.sfgate.com
+			- insidescoopsf.sfgate.com
+			- reviews.sfgate.com
+		Self-signed certificate:
+			- baylist.sfgate.com
+			- homes.sfgate.com
+			- marketplace.sfgate.com
+			- mobile.sfgate.com
+			- mynum.sfgate.com
+			- shopping.sfgate.com
+			- topics.sfgate.com
+		Timeout on https:
+			- bunga-2.sfgate.com
+			- preview.cmf.sfgate.com
+			- contribute.sfgate.com
+			- ed.sfgate.com
+			- finance.sfgate.com
+			- gatelistreporting.sfgate.com
+			- news.sfgate.com
+			- ns.sfgate.com
+			- prewcm.sfgate.com
+			- cmf.qa1.sfgate.com
+			- services.sfgate.com
+		Unexpected http status code:
+			- cdn.sfgate.com
+			- c-6rtwjumjzx7877x24bbbx2esfstanx78twx2ent.g00.sfgate.com
+			- c-7npsfqifvt34x24btx2edbtbmfnfejbx2edpn.g00.sfgate.com
+			- c-7npsfqifvt34x24dx2ebnbapo-betztufnx2edpn.g00.sfgate.com
+			- c-7npsfqifvt34x24hpphmfbetx2ehx2eepvcmfdmjdlx2eofu.g00.sfgate.com
+			- c-7npsfqifvt34x24ifbstuofx78tqbqfst-ex2epqfoyx2eofu.g00.sfgate.com
+			- c-7npsfqifvt34x24ofyvtx2efotjhiufox2edpn.g00.sfgate.com
+			- c-7npsfqifvt34x24qvcbetx2ehx2eepvcmfdmjdlx2eofu.g00.sfgate.com
+			- c-7npsfqifvt34x24uqdx2ehpphmftzoejdbujpox2edpn.g00.sfgate.com
+			- c-7npsfqifvt34x24usfhx2eifbstuoqx2edpn.g00.sfgate.com
+			- c-7npsfqifvt34x24x78jehfux2eqfsgfdunbslfux2edpn.g00.sfgate.com
+			- c-7npsfqifvt34x24x78x78x78x2eobopwjtpsx2ejp.g00.sfgate.com
+			- c-8oqtgrjgwu46x24iqqingcfux2eix2efqwdngenkemx2epgv.g00.sfgate.com
+			- c-8oqtgrjgwu46x24jgctuvx2ednwgeqpkex2epgv.g00.sfgate.com
+			- c-8oqtgrjgwu46x24kdx2ecfpzux2eeqo.g00.sfgate.com
+			- c-8oqtgrjgwu46x24kx2eavkoix2eeqo.g00.sfgate.com
+			- c-8oqtgrjgwu46x24rwdcfux2eix2efqwdngenkemx2epgv.g00.sfgate.com
+			- c-8oqtgrjgwu46x24uqfcx2euvctvcrrugtx78kegx2eeqo.g00.sfgate.com
+			- c-8oqtgrjgwu46x24utx78-4230-23-20-26x2erkzgnx2erctugnax2eeqo.g00.sfgate.com
+			- c-8oqtgrjgwu46x24yy3x2ejfpwzx2eeqo.g00.sfgate.com
+			- c-8oqtgrjgwu46x24yy4x2ejfpwzx2eeqo.g00.sfgate.com
+			- imgs.sfgate.com
+			- juice-files.sfgate.com
+		Expired:
+			- login.sfgate.com
+-->
+<ruleset name="SFGate.com">
+	<target host="www.sfgate.com" />
+	<target host="cmf.sfgate.com" />
+	<target host="code.sfgate.com" />
+	<target host="edb.sfgate.com" />
+	<target host="edb-staging.sfgate.com" />
+	<target host="extras.sfgate.com" />
+	<target host="games.sfgate.com" />
+	<target host="m.sfgate.com" />
+	<target host="cmf.m.sfgate.com" />
+	<target host="marketing.sfgate.com" />
+	<target host="notification.sfgate.com" />
+	<target host="origin-extras.sfgate.com" />
+	<target host="realestate.sfgate.com" />
+	<target host="s.sfgate.com" />
+	<target host="cmf.s.sfgate.com" />
+	<target host="shop.sfgate.com" />
+	<target host="som.sfgate.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SFM-Group.xml b/src/chrome/content/rules/SFM-Group.xml
index 182a602c3432..07d10c726c67 100644
--- a/src/chrome/content/rules/SFM-Group.xml
+++ b/src/chrome/content/rules/SFM-Group.xml
@@ -1,7 +1,15 @@
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://sfm-offshore.com/ => https://www.sfm-offshore.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+-->
 <ruleset name="SFM Group (partial)">
 
 	<target host="sfm-offshore.com"/>
-	<target host="*.sfm-offshore.com"/>
+	<target host="de.sfm-offshore.com" />
+	<target host="es.sfm-offshore.com" />
+	<target host="fr.sfm-offshore.com" />
+	<target host="it.sfm-offshore.com" />
+	<target host="www.sfm-offshore.com" />
 
 	<rule from="^http://sfm-offshore\.com/"
 		to="https://www.sfm-offshore.com/"/>
diff --git a/src/chrome/content/rules/SF_Site.com.xml b/src/chrome/content/rules/SF_Site.com.xml
new file mode 100644
index 000000000000..a8e1f53ab1fb
--- /dev/null
+++ b/src/chrome/content/rules/SF_Site.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="SF Site.com">
+
+	<target host="sfsite.com" />
+	<target host="www.sfsite.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SGI.com.xml b/src/chrome/content/rules/SGI.com.xml
index 7f23f92b0238..96f46a8cef23 100644
--- a/src/chrome/content/rules/SGI.com.xml
+++ b/src/chrome/content/rules/SGI.com.xml
@@ -10,7 +10,6 @@
 	<target host="www.sgi.com" />
 
 
-	<rule from="^http://(?:www\.)?sgi\.com/"
-		to="https://www.sgi.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SGNO.org.xml b/src/chrome/content/rules/SGNO.org.xml
new file mode 100644
index 000000000000..e8218e8f740a
--- /dev/null
+++ b/src/chrome/content/rules/SGNO.org.xml
@@ -0,0 +1,33 @@
+<!--
+	^: refused
+
+
+	At least some pages redirect to http.
+
+
+	Mixed content:
+
+		- Images from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="SGNO.org (partial)">
+
+	<target host="sgno.org" />
+	<target host="www.sgno.org" />
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="^http://(www\.)?sgno\.org/+($|\?)" /-->
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="^http://(www\.)?sgno\.org/+(?!about/donate|concrete/|donate|favicon\.ico|files/|packages/|themes/)" /-->
+
+
+
+	<rule from="^http://(?:www\.)?sgno\.org/(?=about(?:/donate)?(?:$|[?/])|concrete/|favicon\.ico|files/|packages/|themes/)"
+		to="https://www.sgno.org/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SGSStudentbostader.se.xml b/src/chrome/content/rules/SGSStudentbostader.se.xml
index 31f52149439c..f1e617ae611e 100644
--- a/src/chrome/content/rules/SGSStudentbostader.se.xml
+++ b/src/chrome/content/rules/SGSStudentbostader.se.xml
@@ -1,5 +1,5 @@
 <ruleset name="SGSStudentbostader.se" platform="mixedcontent">
 	<target host="sgsstudentbostader.se" />
 	<target host="www.sgsstudentbostader.se" />
-	<rule from="^http://(www\.)?sgsstudentbostader\.se/" to="https://www.sgsstudentbostader.se/"/>
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/SH.se.xml b/src/chrome/content/rules/SH.se.xml
index b237cd386a08..e324ee5607a6 100644
--- a/src/chrome/content/rules/SH.se.xml
+++ b/src/chrome/content/rules/SH.se.xml
@@ -1,7 +1,6 @@
 <ruleset name="SH.se" platform="mixedcontent">
 	<target host="webappl.web.sh.se" />
 	<target host="bibl.sh.se" />
-	<rule from="^http://bibl\.sh\.se/" to="https://bibl.sh.se/"/>
-	<rule from="^http://webappl\.web\.sh\.se/" to="https://webappl.web.sh.se/"/>
+	<rule from="^http:" to="https:" />
 </ruleset>
 
diff --git a/src/chrome/content/rules/SHA_2_SSL_Checker.com.xml b/src/chrome/content/rules/SHA_2_SSL_Checker.com.xml
new file mode 100644
index 000000000000..62ca79efcd30
--- /dev/null
+++ b/src/chrome/content/rules/SHA_2_SSL_Checker.com.xml
@@ -0,0 +1,20 @@
+<!--
+	Mixed content:
+
+		- Bug from c.statcounter.com *
+
+	* Secured by us
+
+-->
+<ruleset name="SHA 2 SSL Checker.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="sha2sslchecker.com" />
+	<target host="www.sha2sslchecker.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SHAttered.io.xml b/src/chrome/content/rules/SHAttered.io.xml
new file mode 100644
index 000000000000..ba6d6b1e3156
--- /dev/null
+++ b/src/chrome/content/rules/SHAttered.io.xml
@@ -0,0 +1,10 @@
+<!--
+	Secure connection failed:
+		www.shattered.io
+
+-->
+<ruleset name="SHAttered.io">
+	<target host="shattered.io" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SHKSPR.mobi.xml b/src/chrome/content/rules/SHKSPR.mobi.xml
index f8bd745896cb..35b66d1585b1 100644
--- a/src/chrome/content/rules/SHKSPR.mobi.xml
+++ b/src/chrome/content/rules/SHKSPR.mobi.xml
@@ -1,13 +1,23 @@
-<ruleset name="SHKSPR.mobi" default_off="expired">
+<!--
+	Insecure cookies are set for these hosts:
+
+		- .shkspr.mobi
+
+-->
+<ruleset name="SHKSPR.mobi">
 
 	<target host="shkspr.mobi" />
 	<target host="www.shkspr.mobi" />
 
 
-	<securecookie host="^shkspr\.mobi$" name=".*" />
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.shkspr\.mobi$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?shkspr\.mobi/"
-		to="https://shkspr.mobi/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/SHld.net.xml b/src/chrome/content/rules/SHld.net.xml
new file mode 100644
index 000000000000..b901873385c7
--- /dev/null
+++ b/src/chrome/content/rules/SHld.net.xml
@@ -0,0 +1,58 @@
+<!--
+	For other Sears Holdings coverage, see Sears.com.xml.
+
+
+	CDN buckets:
+
+		- nc.shld.net.edgesuite.net
+
+
+	Nonfunctional subdomains:
+
+		- e	(404)
+
+
+	Problematic subdomains:
+
+		- nc	(works, akamai)
+
+
+	Partially covered subdomains:
+
+		- c *
+		- nc *
+		- c2 *
+
+	* $ redirects to http
+
+
+	Fully covered subdomains:
+
+		- k
+		- k2
+		- s
+		- sso
+
+-->
+<ruleset name="SHld.net (partial)">
+
+	<target host="*.shld.net" />
+		<!--
+			Redirects to http:
+						-->
+		<!--exclusion pattern="^http://c2?\.shld\.net/+($|\?)" /-->
+
+
+	<securecookie host="^sso\.shld\.net$" name=".+" />
+
+
+	<rule from="^http://(c2|k2?|s|sso)\.shld\.net/"
+		to="https://$1.shld.net/" />
+
+	<!--	We can't point nc to akamai, as images are referenced
+		relative to /, rather than relative to stylesheets:
+								-->
+	<rule from="^http://n?c\.shld\.net/(?!$|\?)"
+		to="https://c.shld.net/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SIDN.xml b/src/chrome/content/rules/SIDN.xml
index dc72d23c3b91..46015fbd34f3 100644
--- a/src/chrome/content/rules/SIDN.xml
+++ b/src/chrome/content/rules/SIDN.xml
@@ -7,7 +7,6 @@
 	<securecookie host="^(?:www\.)?sidn\.nl$" name=".+" />
 
 
-	<rule from="^http://(www\.)?sidn\.nl/"
-		to="https://$1sidn.nl/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SIFF.xml b/src/chrome/content/rules/SIFF.xml
index 7921b3a7a9cf..665dfc24afd0 100644
--- a/src/chrome/content/rules/SIFF.xml
+++ b/src/chrome/content/rules/SIFF.xml
@@ -1,8 +1,12 @@
-<ruleset name="SIFF">
+<!--
+	(www.)?: reset
+
+-->
+<ruleset name="SIFF" default_off="connection reset">
   <target host="siff.net" />
   <target host="www.siff.net" />
 
-  <securecookie host="^(.*\.)?siff\.net$" name=".*" />
+  <securecookie host=".+" name=".+" />
 
   <rule from="^http://(?:www\.)?siff\.net/" to="https://www.siff.net/" />
-</ruleset> 
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SIL-International.xml b/src/chrome/content/rules/SIL-International.xml
index 3fb7948f8f61..86a3f3ee8da6 100644
--- a/src/chrome/content/rules/SIL-International.xml
+++ b/src/chrome/content/rules/SIL-International.xml
@@ -27,7 +27,6 @@
 		<exclusion pattern="^http://scripts\.sil\.org/cms/scripts/page\.php" />
 
 
-	<rule from="^http://scripts\.sil\.org/"
-		to="https://scripts.sil.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SIL_International-problematic.xml b/src/chrome/content/rules/SIL_International-problematic.xml
index f89f9a92d2ae..5000d691a20e 100644
--- a/src/chrome/content/rules/SIL_International-problematic.xml
+++ b/src/chrome/content/rules/SIL_International-problematic.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(?:www\.)?sil\.org/"
 		to="https://www.sil.org/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SIMILE-Widgets.org.xml b/src/chrome/content/rules/SIMILE-Widgets.org.xml
new file mode 100644
index 000000000000..6037a13221b2
--- /dev/null
+++ b/src/chrome/content/rules/SIMILE-Widgets.org.xml
@@ -0,0 +1,18 @@
+<!--
+	Different content HTTP/HTTPS:
+		static.simile-widgets.org
+
+	Secure connection failed:
+		trunk.simile-widgets.org
+
+-->
+<ruleset name="SIMILE-Widgets.org">
+
+	<target host="simile-widgets.org" />
+	<target host="www.simile-widgets.org" />
+	<target host="api.simile-widgets.org" />
+	<target host="service.simile-widgets.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SIP-Solutions.xml b/src/chrome/content/rules/SIP-Solutions.xml
deleted file mode 100644
index c3484cf50552..000000000000
--- a/src/chrome/content/rules/SIP-Solutions.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="SIP Solutions" platform="cacert">
-
-	<target host="sipsolutions.net" />
-	<target host="www.sipsolutions.net" />
-
-
-	<securecookie host="^www\.sipsolutions\.net$" name=".*" />
-
-
-	<rule from="^http://(www\.)?sipsolutions\.net/"
-		to="https://$1sipsolutions.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/SIP_Solutions.net.xml b/src/chrome/content/rules/SIP_Solutions.net.xml
new file mode 100644
index 000000000000..389784e2be92
--- /dev/null
+++ b/src/chrome/content/rules/SIP_Solutions.net.xml
@@ -0,0 +1,37 @@
+<!--
+	Non-functional hosts
+		SSL connect error:
+			 - host.sipsolutions.net
+
+		SSL peer certificate was not OK:
+			 - bcm.sipsolutions.net
+			 - crystal.sipsolutions.net
+			 - he.sipsolutions.net
+			 - linuxwireless.sipsolutions.net
+			 - radiotap.sipsolutions.net
+			 - s3.sipsolutions.net
+			 - sdaps.sipsolutions.net
+			 - softmac.sipsolutions.net
+-->
+<ruleset name="SIP Solutions.net (partial)">
+	<target host="sipsolutions.net" />
+	<target host="www.sipsolutions.net" />
+	<target host="bcm-specs.sipsolutions.net" />
+	<target host="bcm-v4.sipsolutions.net" />
+	<target host="bcm63xx.sipsolutions.net" />
+	<target host="benjamin.sipsolutions.net" />
+	<target host="cx3110x.sipsolutions.net" />
+	<target host="david.sipsolutions.net" />
+	<target host="dreithaler.sipsolutions.net" />
+	<target host="git.sipsolutions.net" />
+	<target host="johannes.sipsolutions.net" />
+	<target host="p.sipsolutions.net" />
+	<target host="pasdoc.sipsolutions.net" />
+	<target host="sebastian.sipsolutions.net" />
+	<target host="secure.sipsolutions.net" />
+	<target host="ulrike.sipsolutions.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SIRCorp.com.xml b/src/chrome/content/rules/SIRCorp.com.xml
new file mode 100644
index 000000000000..8907f5d06596
--- /dev/null
+++ b/src/chrome/content/rules/SIRCorp.com.xml
@@ -0,0 +1,11 @@
+<!--
+	Timed out:
+		- teamplace.sircorp.com
+-->
+
+<ruleset name="SIRCorp.com">
+	<target host="sircorp.com" />
+	<target host="www.sircorp.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SJ.se.xml b/src/chrome/content/rules/SJ.se.xml
index 603d53277667..80f2e45d0639 100644
--- a/src/chrome/content/rules/SJ.se.xml
+++ b/src/chrome/content/rules/SJ.se.xml
@@ -1,8 +1,18 @@
 <!-- SJ is a government operated railway company in sweden. -->
-<ruleset name="SJ.se">
-  <target host="sj.se" />
-  <target host="*.sj.se" />
-  <rule from="^http://sj\.se/" to="https://www.sj.se/"/>
-  <rule from="^http://www\.sj\.se/" to="https://www.sj.se/"/>
-</ruleset>
+<ruleset name="SJ.se (partial)">
+	<target host="sj.se" />
+	<target host="www.sj.se" />
+	<target host="www2.sj.se" />
+	<target host="a-mrapp.sj.se" />
+	<target host="acc-xpider.sj.se" />
+	<target host="jira.sj.se" />
+	<target host="minafakturor.sj.se" />
+	<target host="mittkonto.sj.se" />
+	<target host="qamobile.sj.se" />
+	<target host="revival.sj.se" />
+	<target host="xpider.sj.se" />
+
+	<target host="ssl.kampanj.sj.se" />
 
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SKNVibes.xml b/src/chrome/content/rules/SKNVibes.xml
deleted file mode 100644
index 0bd645eaf0b1..000000000000
--- a/src/chrome/content/rules/SKNVibes.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	Some pages redirect to http.
-
--->
-<ruleset name="SKNVibes (partial)">
-
-	<target host="sknvibes.com" />
-	<target host="*.sknvibes.com" />
-		<exclusion pattern="^http://(?:www\.)?sknvibes\.com/(?!(?:[\w-]+/)?(dmenu/|effects/|[iI](?:mage|tem)s/|js/|scripts/|themes/|zimg/)|general/(?:login_continue|send_pass)\.cfm|skngallery2/)" />
-
-
-	<securecookie host="^sms\.sknvibes\.com$" name=".+" />
-
-
-	<rule from="^http://(sms\.|www\.)?sknvibes\.com/"
-		to="https://$1sknvibes.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/SKS-Keyservers.xml b/src/chrome/content/rules/SKS-Keyservers.xml
index 5effb34a0a4d..988bc874e5c7 100644
--- a/src/chrome/content/rules/SKS-Keyservers.xml
+++ b/src/chrome/content/rules/SKS-Keyservers.xml
@@ -1,7 +1,10 @@
+<!--
+	www: mismatched, CN: www.kfwebs.net
+
+-->
 <ruleset name="SKS Keyservers (partial)">
 	<target host="sks-keyservers.net" />
 	<target host="www.sks-keyservers.net" />
 
-	<rule from="^(http://(www\.)?|https://www\.)sks-keyservers\.net/"
-		to="https://sks-keyservers.net/" />
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SKYCITY-Auckland.xml b/src/chrome/content/rules/SKYCITY-Auckland.xml
new file mode 100644
index 000000000000..e44edf1f56a8
--- /dev/null
+++ b/src/chrome/content/rules/SKYCITY-Auckland.xml
@@ -0,0 +1,9 @@
+<ruleset name="SKYCITY Auckland">
+	<target host=    "skycityauckland.co.nz" />
+	<target host="www.skycityauckland.co.nz" />
+
+  	<securecookie host="^www\.skycityauckland\.co\.nz$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SK_hynix.com.xml b/src/chrome/content/rules/SK_hynix.com.xml
index 8aa9e597712b..3bca17f52206 100644
--- a/src/chrome/content/rules/SK_hynix.com.xml
+++ b/src/chrome/content/rules/SK_hynix.com.xml
@@ -1,22 +1,37 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://skhynix.com/ => https://skhynix.com/: (35, 'error:140773E8:SSL routines:SSL23_GET_SERVER_HELLO:reason(1000)')
+
+-->
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://skhynix.com/ => https://skhynix.com/: (35, 'error:140773E8:SSL routines:SSL23_GET_SERVER_HELLO:reason(1000)')
+
 	SK hynix Inc.
 
 
-	Problematic subdomains:
+	Insecure cookies are set for these hosts:
 
-		- ^	(cert only matches www)
+		- skhynix.com
+		- www.skhynix.com
 
 -->
-<ruleset name="SK hynix.com">
+<ruleset name="SK hynix.com" default_off="failed ruleset test">
 
 	<target host="skhynix.com" />
 	<target host="www.skhynix.com" />
 
 
-	<securecookie host="^www\.skhynix\.com$" name=".+" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?skhynix\.com$" name="^JSESSIONID$" /-->
+
+	<securecookie host="^(?:www\.)?skhynix\.com$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?skhynix\.com/"
-		to="https://www.skhynix.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/SKortekaas.nl.xml b/src/chrome/content/rules/SKortekaas.nl.xml
new file mode 100644
index 000000000000..a8e154324131
--- /dev/null
+++ b/src/chrome/content/rules/SKortekaas.nl.xml
@@ -0,0 +1,7 @@
+<ruleset name="SKortekaas.nl">
+	<target host="skortekaas.nl" />
+	<target host="www.skortekaas.nl" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SL.se.xml b/src/chrome/content/rules/SL.se.xml
deleted file mode 100644
index 9ab7932298b4..000000000000
--- a/src/chrome/content/rules/SL.se.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="SL.se">
-	<target host="sl.se" />
-	<rule from="^http://sl\.se/" to="https://sl.se/"/>
-	<rule from="^http://www\.sl\.se/" to="https://sl.se/"/>
-</ruleset>
-
diff --git a/src/chrome/content/rules/SLF.se.xml b/src/chrome/content/rules/SLF.se.xml
index 47969ec048e5..53c772f1ddba 100644
--- a/src/chrome/content/rules/SLF.se.xml
+++ b/src/chrome/content/rules/SLF.se.xml
@@ -1,8 +1,9 @@
-<!-- slf is a swedish labour union -->
-<ruleset name="SLF.se" platform="mixedcontent">
+<ruleset name="SLF.se">
 	<target host="slf.se" />
 	<target host="www.slf.se" />
-	<rule from="^http://slf\.se/" to="https://www.slf.se/"/>
-	<rule from="^http://www\.slf\.se/" to="https://www.slf.se/"/>
-</ruleset>
 
+	<rule from="^http://slf\.se/"
+		to="https://www.slf.se/"/>
+	<rule from="^http:"
+		to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/SLI-Systems.com.xml b/src/chrome/content/rules/SLI-Systems.com.xml
new file mode 100644
index 000000000000..c2e0dd8e2ef8
--- /dev/null
+++ b/src/chrome/content/rules/SLI-Systems.com.xml
@@ -0,0 +1,35 @@
+<!--
+	Other SLI Systems rulesets:
+		- Resultspage.com.xml
+
+	Mismatched:
+		^(www.)?slisystems.com	( equal to sli-systems.com )
+		newsletter.sli-systems.com
+		site-search.sli-systems.com	( mismatched, CN: *.resultspage.com )
+
+	Redirect to http:
+		sitesearch.sli-systems.com
+
+	403 check error:
+		sitesearch.sli-systems.com
+		Non-2xx HTTP code: http://sitesearch.sli-systems.com/css/mktLPSupportCompat.css (200) => https://na-sj01.marketo.com/css/mktLPSupportCompat.css (403)
+		Non-2xx HTTP code: http://sitesearch.sli-systems.com/js/forms2/css/forms2.css (200) => https://na-sj01.marketo.com/js/forms2/css/forms2.css (403)
+		Non-2xx HTTP code: http://sitesearch.sli-systems.com/rs/634-GEO-282/images/usa.svg (200) => https://na-sj01.marketo.com/rs/634-GEO-282/images/usa.svg (403)
+-->
+<ruleset name="SLI-Systems.com (partial)">
+	<!--	Complications:	-->
+	<target host="slisystems.com" />
+	<target host="www.slisystems.com" />
+
+	<rule from="^http://(www\.)?slisystems\.com/" to="https://$1sli-systems.com/" />
+
+	<!--	Direct rewrites:	-->
+	<target host="sli-systems.com" />
+	<target host="www.sli-systems.com" />
+	<target host="tools.sli-systems.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
+
diff --git a/src/chrome/content/rules/SLI-Systems.xml b/src/chrome/content/rules/SLI-Systems.xml
deleted file mode 100644
index d9a61dc0046e..000000000000
--- a/src/chrome/content/rules/SLI-Systems.xml
+++ /dev/null
@@ -1,42 +0,0 @@
-<!--
-	Other SLI Systems rulesets:
-
-		- Resultspage.com.xml
-
-
-	sli-systems.resultspage.com
-
-
-	Nonfunctional domains:
-
-		- (www.)slisystems.com *
-
-		- sli-systems.com subdomains:
-
-			- (www.) *
-			- newsletter *
-			- sitesearch.sli-systems.com	(redirects to app-sj01.marketo.com; mismatched, CN: *.marketo.com)
-			- site-search.sli-systems.com	(redirects to http; mismatched, CN: *.resultspage.com)
-
-	* Times out
-
--->
-<ruleset name="SLI Systems (partial)">
-
-	<target host="assets.slisystems.com" />
-	<target host="*.sli-systems.com" />
-
-
-	<securecookie host="^tools\.sli-systems\.com$" name=".+" />
-
-
-	<rule from="^http://assets\.slisystems\.com/"
-		to="https://assets.slisystems.com/" />
-
-	<rule from="^http://sitesearch\.sli-systems\.com/(cs|r)s/"
-		to="https://na-sj01.marketo.com/$1s/" />
-
-	<rule from="^http://tools\.sli-systems\.com/"
-		to="https://tools.sli-systems.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/SLIP_Plate.com.xml b/src/chrome/content/rules/SLIP_Plate.com.xml
new file mode 100644
index 000000000000..13b6d1a67c1f
--- /dev/null
+++ b/src/chrome/content/rules/SLIP_Plate.com.xml
@@ -0,0 +1,27 @@
+<!--
+	Insecure cookies are set for these domains and hosts:
+
+		- .slipplate.com
+		- www.slipplate.com
+
+-->
+<ruleset name="SLIP Plate.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="slipplate.com" />
+	<target host="www.slipplate.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.slipplate\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+	<!--securecookie host="^www\.slipplate\.com$" name="^wpSGCacheBypass$" /-->
+
+	<securecookie host="^(?:www)?\.slipplate\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SLOOH.xml b/src/chrome/content/rules/SLOOH.xml
deleted file mode 100644
index 93f849b9348b..000000000000
--- a/src/chrome/content/rules/SLOOH.xml
+++ /dev/null
@@ -1,72 +0,0 @@
-<!--
-	CDN buckets:
-
-		- c576040.r40.cf2.rackcdn.com
-
-			- images-buttons.slooh.com
-
-		- c575441.r41.cf2.rackcdn.com
-
-			- images-home.slooh.com
-
-		- c576050.r50.cf2.rackcdn.com
-
-			- images-footer.slooh.com
-
-		- c580754.r54.cf2.rackcdn.com
-
-			- images-account.slooh.com
-
-		- c575991.r91.cf2.rackcdn.com
-
-			- images-background.slooh.com
-
-
-	Nonfunctional subdomains:
-
-		- events	(handshake fails)
-
-
-	Problematic subdomains:
-
-		- images-account *
-		- images-background *
-		- images-buttons *
-		- images-footer *
-		- images-home *
-
-	* Works, akamai
-
--->
-<ruleset name="SLOOH (partial)">
-
-	<target host="slooh.com" />
-	<target host="*.slooh.com" />
-		<!--
-			$ 403s
-				-->
-		<exclusion pattern="^http://(?:www\.)?slooh\.com/(?:\?.*)?$" />
-
-
-	<rule from="^http://(www\.)?slooh\.com/"
-		to="https://$1slooh.com/" />
-
-	<rule from="^http://images\.slooh\.com/"
-		to="https://s3.images.slooh.com/" />
-
-	<rule from="^http://images-account\.slooh\.com/"
-		to="https://c580754.ssl.cf2.rackcdn.com/" />
-
-	<rule from="^http://images-background\.slooh\.com/"
-		to="https://c575991.ssl.cf2.rackcdn.com/" />
-
-	<rule from="^http://images-buttons\.slooh\.com/"
-		to="https://c576040.ssl.cf2.rackcdn.com/" />
-
-	<rule from="^http://images-footer\.slooh\.com/"
-		to="https://c576050.ssl.cf2.rackcdn.com/" />
-
-	<rule from="^http://images-home\.slooh\.com/"
-		to="https://c575441.ssl.cf2.rackcdn.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/SLU.se.xml b/src/chrome/content/rules/SLU.se.xml
index 5acf5476a03d..75d10d532342 100644
--- a/src/chrome/content/rules/SLU.se.xml
+++ b/src/chrome/content/rules/SLU.se.xml
@@ -1,9 +1,217 @@
-<ruleset name="SLU.se">
+<!--
+	Different HTTP/HTTPS content:
+		- zeus.slu.se
+
+	Reset:
+		- innovativadrycker.slu.se
+		- microdrive.slu.se
+		- minna.slu.se
+		- www.movium.slu.se
+		- www.saco.slu.se
+		- soilsoc.slu.se
+		- vmf.slu.se
+		- www.st.slu.se
+		- www-greenways.slu.se
+		- www-markinfo.slu.se
+		- www-museum.slu.se
+		- www-vaxten.slu.se
+		- www-wurc.slu.se
+
+	Refused:
+		- dix.adm.slu.se
+		- aquarapport.slu.se
+		- slwgeo.artdata.slu.se
+			"secure connection failed" at port 8080
+			example: http://slwgeo.artdata.slu.se:8080/geoserver/web/
+		- tramas2-1.data.slu.se
+		- epsilon.slu.se
+		- pub.epsilon.slu.se
+		- stud.epsilon.slu.se
+		- ex-epsilon.slu.se
+		- pa.ltj.slu.se
+		- info1.ma.slu.se
+		- bionas1.mykopat.slu.se
+		- portfolio-pub.slu.se
+		- sgbc.slu.se
+		- skud.slu.se
+		- teleslu-cmg1.slu.se
+		- infogis.vatten.slu.se
+		- webstar.vatten.slu.se
+		- www-jordbruksmark.slu.se
+		- www-taxwebb.slu.se
+
+	No working URL known:
+		- arbetsplats.slu.se (401)
+
+	Timeout:
+		- portal2.ess.slu.se
+		- www2.ess.slu.se
+		- grodden.evp.slu.se
+		- hippocampus.slu.se
+		- allan.jbt.slu.se
+		- lbt.ltj.slu.se
+		- microbild2-1.slu.se
+		- shs.slu.se
+		- www-fiberskog.slu.se
+		- www-gran.slu.se
+
+	Other SSL error:
+		- epigenetics.vbsg.slu.se
+
+	Invalid Certificate:
+		- slu.se
+		- ean1.ad.slu.se
+		- huv-fagelnas.adm.slu.se
+		- info.adm.slu.se
+		- kronox-rapport.adm.slu.se
+		- qpc.adm.slu.se
+		- vhi-piggynas.adm.slu.se
+		- www.artdata.slu.se
+		- bilder.slu.se (incomplete certificate chain)
+		- www.bioenergi.slu.se
+		- www.biotron.slu.se
+		- www.bvf.slu.se
+		- www.cbm.slu.se
+		- data-vc-cs1.data.slu.se (incomplete certificate chain)
+		- data-vc-cs2.data.slu.se
+		- disa.slu.se
+		- ekohavtorn.slu.se
+		- www.ekol.slu.se
+		- vilt.ekol.slu.se
+		- www.ekon.slu.se
+		- asa.esf.slu.se
+		- vfp.esf.slu.se
+		- esf_klimatdata.slu.se
+		- www.ess.slu.se
+		- facepa.slu.se
+		- fagel.slu.se
+		- www.ffe.slu.se
+		- formastradgard.slu.se
+		- fortbildningalnarp.slu.se
+		- futurefaculty.slu.se
+		- heureka.slu.se
+		- www.hipp.slu.se
+		- www2.hipp.slu.se
+		- www.hmh.slu.se
+		- hunddna.slu.se
+		- www.huv.slu.se
+		- infra.slu.se
+		- www.kemi.slu.se
+		- kt-et.slu.se
+		- kummel.slu.se
+		- kurs.slu.se
+		- langtidsforsok.slu.se
+		- lantbruketsarbetsmiljo.slu.se
+		- www.lmv.slu.se
+		- kv.lmv.slu.se
+		- www.lpal.slu.se
+		- www.lt.slu.se
+		- www.ma.slu.se
+		- www.mark.slu.se
+		- mittslu.slu.se (incomplete certificate chain)
+		- bgf.mv.slu.se
+		- my-krakatau.mykopat.slu.se (incomplete certificate chain)
+		- www.mykopat.slu.se
+		- naturenskalenderiskolan.slu.se
+		- nils.slu.se
+		- www.njv.slu.se
+		- www.nlfak.slu.se
+		- nobanis.slu.se
+		- nova-university2.slu.se
+		- www.nvb.slu.se
+		- ograsradgivaren.slu.se
+		- oringracet.slu.se
+		- partnerskapalnarp.slu.se
+		- plantarum.slu.se
+		- pluto.slu.se (incomplete certificate chain)
+		- publikationer.slu.se (incomplete certificate chain)
+		- www.resgeom.slu.se
+		- resschool.slu.se
+		- www.sek.slu.se
+		- www.sfak.slu.se
+		- www.sfp.slu.se
+		- skogis.slu.se
+		- skogskarta.slu.se
+		- skoldkortelrubbninghoshund.slu.se
+		- slukarriar.slu.se
+		- slukurs.slu.se
+		- www.sml.slu.se
+		- www.smsk.slu.se
+		- www.sol.slu.se
+		- www.srh.slu.se
+		- www.ssko.slu.se
+		- superplot3d.slu.se
+		- www.svek.slu.se
+		- tillvaxtnotkott.slu.se
+		- tillvaxttradgard.slu.se
+		- pervenio.ucl.slu.se
+		- universitetsdjursjukhuset.slu.se
+		- utbildning.slu.se
+		- uwa.slu.se
+		- www.vabr.slu.se
+		- vbsg-bio1.vbsg.slu.se (incomplete certificate chain)
+		- vbsg-nas1.vbsg.slu.se (incomplete certificate chain)
+		- www.vfm.slu.se
+		- www2.vfm.slu.se
+		- www.vhfak.slu.se
+		- vpn-alnarp.slu.se (incomplete certificate chain)
+		- webmap1.slu.se
+		- whiis-desk.slu.se
+		- woodash.slu.se
+		- woodsupplygame.slu.se
+		- www-conference.slu.se
+		- www-cru.slu.se
+		- www-moosetrack.slu.se
+		- www-moosetrackbd.slu.se
+		- www-nfi.slu.se
+		- www-njv.slu.se
+		- www-sekon.slu.se
+		- www-skara.slu.se
+		- www-skogsskada.slu.se
+		- www-sml.slu.se
+		- www-umea.slu.se
+
+	404:
+		- epi-drift2-1.slu.se
+-->
+<ruleset name="slu.se">
 	<target host="www.slu.se" />
-	<target host="slu.se" />
+	<target host="akkonferens.slu.se" />
+	<target host="alumndb.slu.se" />
+	<target host="blogg.slu.se" />
+	<target host="printmgmt1.data.slu.se" />
+	<target host="dropoff.slu.se" />
+	<target host="epi-resurs.slu.se" />
+		<test url="http://epi-resurs.slu.se/Forskarutbildningsplatser/" />
+	<target host="epitest-ext.slu.se" />
+	<target host="exch2-1.slu.se" />
+	<target host="exch2-3.slu.se" />
+	<target host="idp2-1.slu.se" />
+	<target host="idportal.slu.se" />
+	<target host="infra2-1.slu.se" />
 	<target host="internt.slu.se" />
-	<rule from="^http://slu\.se/" to="https://www.slu.se/"/>
-	<rule from="^http://www\.slu\.se/" to="https://www.slu.se/"/>
-	<rule from="^http://internt\.slu\.se/" to="https://internet.slu.se/"/>
-</ruleset>
+	<target host="kronox.slu.se" />
+	<target host="kronox-rapport.slu.se" />
+	<target host="lobby.slu.se" />
+	<target host="lokalbokningwebb.slu.se" />
+	<target host="maps.slu.se" />
+	<target host="miljodata.slu.se" />
+	<target host="scata.mykopat.slu.se" />
+	<target host="palette.slu.se" />
+	<target host="personalkurser.slu.se" />
+	<target host="resurs.slu.se" />
+	<target host="slunik.slu.se" />
+	<target host="sluprint.slu.se" />
+	<target host="slupub.slu.se" />
+	<target host="smtp.slu.se" />
+	<target host="student.slu.se" />
+	<target host="taxwebb.slu.se" />
+	<target host="spectare.ucl.slu.se" />
+		<test url="http://spectare.ucl.slu.se/adm/cornell/Cornell_2015.html" />
+	<target host="plantbio.vbsg.slu.se" />
+	<target host="webmail.slu.se" />
+	<target host="webmap.slu.se" />
+		<test url="http://webmap.slu.se/website/vargwebb/text.asp" />
 
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SMACK_TLS.com.xml b/src/chrome/content/rules/SMACK_TLS.com.xml
new file mode 100644
index 000000000000..ee4e909e3e1f
--- /dev/null
+++ b/src/chrome/content/rules/SMACK_TLS.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="SMACK TLS.com">
+
+	<target host="smacktls.com" />
+	<target host="www.smacktls.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SMBC-Comics.com.xml b/src/chrome/content/rules/SMBC-Comics.com.xml
new file mode 100644
index 000000000000..92a9925e16a9
--- /dev/null
+++ b/src/chrome/content/rules/SMBC-Comics.com.xml
@@ -0,0 +1,17 @@
+<!--
+	Private subdomain:
+		cpanel.smbc-comics.com
+		webmail.smbc-comics.com
+
+	Different content http/https:
+		webdisk.smbc-comics.com
+
+-->
+<ruleset name="SMBC-Comics.com">
+
+	<target host="smbc-comics.com" />
+	<target host="www.smbc-comics.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SME.sk.xml b/src/chrome/content/rules/SME.sk.xml
new file mode 100644
index 000000000000..fef8a3a6fb4c
--- /dev/null
+++ b/src/chrome/content/rules/SME.sk.xml
@@ -0,0 +1,129 @@
+
+<!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Time: 2020-09-25 16:20:22
+ Fetch error: http://www.dolnyzemplin.korzar.sme.sk/ => https://dolnyzemplin.korzar.sme.sk/: (6, 'Could not resolve host: www.dolnyzemplin.korzar.sme.sk')
+Time: 2020-09-25 16:20:22
+ Fetch error: http://www.gemer.korzar.sme.sk/ => https://gemer.korzar.sme.sk/: (6, 'Could not resolve host: www.gemer.korzar.sme.sk')
+Time: 2020-09-25 16:20:22
+ Fetch error: http://www.hornyzemplin.korzar.sme.sk/ => https://hornyzemplin.korzar.sme.sk/: (6, 'Could not resolve host: www.hornyzemplin.korzar.sme.sk')
+Time: 2020-09-25 16:20:22
+ Fetch error: http://www.kosice.korzar.sme.sk/ => https://kosice.korzar.sme.sk/: (6, 'Could not resolve host: www.kosice.korzar.sme.sk')
+Time: 2020-09-25 16:20:22
+ Fetch error: http://www.presov.korzar.sme.sk/ => https://presov.korzar.sme.sk/: (6, 'Could not resolve host: www.presov.korzar.sme.sk')
+Time: 2020-09-25 16:20:22
+ Fetch error: http://www.spis.korzar.sme.sk/ => https://spis.korzar.sme.sk/: (6, 'Could not resolve host: www.spis.korzar.sme.sk')
+Fetch error: http://www.peniaze.sme.sk/ => https://www.peniaze.sme.sk/: (6, 'Could not resolve host: www.peniaze.sme.sk')
+
+	Nonfunctional hosts in *.sme.sk:
+
+	certificate mismatch:
+		- casopis.tortyodmamy.sme.sk
+		- parfemy.sme.sk
+		- praca.sme.sk
+		- www.prihlasenie.sme.sk
+		- skoly.sme.sk
+		- vino.sme.sk
+		- www.medovniky.artmama.sme.sk
+
+	connection refused:
+		- i.sme.sk
+		- www.post.sme.sk
+	mixed content:
+
+		- ahaho.sme.sk
+		- echo.sme.sk
+		- jazykovaporadna.sme.sk
+		- panoramy.sme.sk
+		- tlacovespravy.sme.sk
+
+-->
+<ruleset name="SME.sk">
+	<target host="sme.sk" />
+	<target host="www.sme.sk" />
+	<target host="artmama.sme.sk" />
+	<target host="medovniky.artmama.sme.sk" />
+	<target host="zahrada.artmama.sme.sk" />
+	<target host="www.zahrada.artmama.sme.sk" />
+	<target host="auto.sme.sk" />
+	<target host="blog.sme.sk" />
+	<target host="*.blog.sme.sk" />
+	<target host="bratislava.sme.sk" />
+	<target host="cestovanie.sme.sk" />
+	<target host="dakujeme.sme.sk" />
+	<target host="diplomovka.sme.sk" />
+	<target host="domov.sme.sk" />
+	<target host="dovolenka.sme.sk" />
+	<target host="dvaja.sme.sk" />
+	<target host="ekonomika.sme.sk" />
+	<target host="fici.sme.sk" />
+	<target host="fotky.sme.sk" />
+	<target host="gulas.sme.sk" />
+	<target host="*.gulas.sme.sk" />
+	<target host="inzeraty.sme.sk" />
+	<target host="komentare.sme.sk" />
+	<target host="kontakty.sme.sk" />
+	<target host="korzar.sme.sk" />
+	<target host="dolnyzemplin.korzar.sme.sk" />
+	<!-- target host="www.dolnyzemplin.korzar.sme.sk" /-->
+	<target host="gemer.korzar.sme.sk" />
+	<!-- target host="www.gemer.korzar.sme.sk" /-->
+	<target host="hornyzemplin.korzar.sme.sk" />
+	<!-- target host="www.hornyzemplin.korzar.sme.sk" /-->
+	<target host="kosice.korzar.sme.sk" />
+	<!-- target host="www.kosice.korzar.sme.sk" /-->
+	<target host="presov.korzar.sme.sk" />
+	<!-- target host="www.presov.korzar.sme.sk" /-->
+	<target host="spis.korzar.sme.sk" />
+	<!-- target host="www.spis.korzar.sme.sk" /-->
+	<target host="kultura.sme.sk" />
+	<target host="magazin-reality.sme.sk" />
+	<target host="nanicmama.sme.sk" />
+	<target host="nasazilina.sme.sk" />
+	<target host="nasenovezamky.sme.sk" />
+	<target host="nasmikulas.sme.sk" />
+	<target host="nasanitra.sme.sk" />
+	<target host="nasnovohrad.sme.sk" />
+	<target host="nastrencin.sme.sk" />
+	<target host="ockovanie.sme.sk" />
+	<target host="otvorenesudy.sme.sk" />
+	<target host="peniaze.sme.sk" />
+	<!-- target host="www.peniaze.sme.sk" /-->
+	<target host="plus.sme.sk" />
+	<target host="pocasie.sme.sk" />
+	<target host="post.sme.sk" />
+	<target host="post2.sme.sk" />
+	<target host="prihlasenie.sme.sk" />
+	<target host="primar.sme.sk" />
+	<target host="profil.sme.sk" />
+	<target host="profit.sme.sk" />
+	<target host="reality.sme.sk" />
+	<target host="recenzie.sme.sk" />
+	<target host="restauracie.sme.sk" />
+	<target host="rss.sme.sk" />
+	<target host="spectator.sme.sk" />
+	<target host="sport.sme.sk" />
+	<target host="svet.sme.sk" />
+	<target host="tahaj.sme.sk" />
+	<target host="tech.sme.sk" />
+	<target host="topolcanyinfo.sme.sk" />
+	<target host="tortyodmamy.sme.sk" />
+	<target host="tv.sme.sk" />
+	<target host="vysokeskoly.sme.sk" />
+	<target host="zena.sme.sk" />
+	<target host="zlatyfond.sme.sk" />
+	<target host="zlavy.sme.sk" />
+
+	<test url="http://miroslavdanis.blog.sme.sk/" />
+	<test url="http://paulenova.blog.sme.sk/" />
+	<test url="http://viliamnovotny.blog.sme.sk/" />
+	<test url="http://dzooky.gulas.sme.sk/" />
+	<test url="http://jangaso.gulas.sme.sk/" />
+	<test url="http://noha.gulas.sme.sk/" />
+
+	<rule from="^http://www\.zahrada\.artmama\.sme\.sk/"
+		to="https://zahrada.artmama.sme.sk/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SMFTA.com.xml b/src/chrome/content/rules/SMFTA.com.xml
index ea23a6d1222e..c7d504ecfbca 100644
--- a/src/chrome/content/rules/SMFTA.com.xml
+++ b/src/chrome/content/rules/SMFTA.com.xml
@@ -1,5 +1,12 @@
+
 <!--
-	For other U.S. government coverage, see US-government.xml.
+Disabled by https-everywhere-checker because:
+Fetch error: http://smfta.com/ => https://www.smfta.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.smfta.com/ => https://www.smfta.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://smfta.com/ => https://www.smfta.com/: (7, 'Failed to connect to www.smfta.com port 443: Connection refused')
+Fetch error: http://www.smfta.com/ => https://www.smfta.com/: (7, 'Failed to connect to www.smfta.com port 443: Connection refused')
 
 
 	Problematic subdomains:
@@ -8,7 +15,7 @@
 		- beta	(works; mismatched, CN: *.securesites.net)
 
 -->
-<ruleset name="SMFTA.com (partial)">
+<ruleset name="SMFTA.com (partial)" default_off="failed ruleset test">
 
 	<target host="smfta.com" />
 	<target host="www.smfta.com" />
@@ -17,4 +24,4 @@
 	<rule from="^http://(?:www\.)?smfta\.com/"
 		to="https://www.smfta.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SMF_for_Free.xml b/src/chrome/content/rules/SMF_for_Free.xml
index 4ba7178ee9c1..f01e3cbbf9da 100644
--- a/src/chrome/content/rules/SMF_for_Free.xml
+++ b/src/chrome/content/rules/SMF_for_Free.xml
@@ -16,13 +16,8 @@
 -->
 <ruleset name="SMF for Free (partial)">
 
-	<target host="*.smfboards.com" />
+	<target host="cdn.smfboards.com" />
+	<!-- <target host="images.smfboards.com" /> -->
 
-
-	<rule from="^http://cdn\.smfboards\.com/"
-		to="https://d2woastm347hjv.cloudfront.net/" />
-
-	<rule from="^http://images\.smfboards\.com/"
-		to="https://s3.amazonaws.com/images.smfboards.com/" />
-
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SMSSecure.org.xml b/src/chrome/content/rules/SMSSecure.org.xml
new file mode 100644
index 000000000000..67e72a806214
--- /dev/null
+++ b/src/chrome/content/rules/SMSSecure.org.xml
@@ -0,0 +1,19 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://smssecure.org/ => https://smssecure.org/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.smssecure.org/ => https://www.smssecure.org/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="SMSSecure.org" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="smssecure.org" />
+	<target host="www.smssecure.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SMU.edu.xml b/src/chrome/content/rules/SMU.edu.xml
new file mode 100644
index 000000000000..aa147772ee98
--- /dev/null
+++ b/src/chrome/content/rules/SMU.edu.xml
@@ -0,0 +1,19 @@
+<!--
+	Problematic hosts in *smu.edu:
+
+		- digitalrepository *
+
+	* Mismatched
+
+-->
+<ruleset name="SMU.edu (partial)" default_off="mismatched">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="digitalrepository.smu.edu" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SMWCentral.net.xml b/src/chrome/content/rules/SMWCentral.net.xml
new file mode 100644
index 000000000000..16b93b0e83e1
--- /dev/null
+++ b/src/chrome/content/rules/SMWCentral.net.xml
@@ -0,0 +1,19 @@
+<!--
+	Invalid certificate: dev.smwcentral.net
+-->
+
+<ruleset name="SMWCentral.net">
+	<target host="smwcentral.net" />
+	<target host="www.smwcentral.net" />
+	<target host="bin.smwcentral.net" />
+	<target host="dl.smwcentral.net" />
+	<target host="media.smwcentral.net" />
+	<target host="misc.smwcentral.net" />
+
+	<target host="smwc.me" />
+	<target host="www.smwc.me" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SMyl.es.xml b/src/chrome/content/rules/SMyl.es.xml
new file mode 100644
index 000000000000..b1cc22f40022
--- /dev/null
+++ b/src/chrome/content/rules/SMyl.es.xml
@@ -0,0 +1,10 @@
+<ruleset name="sMyl.es">
+
+	<target host="smyl.es" />
+	<target host="plugins.smyl.es" />
+	<target host="www.smyl.es" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SNCB.xml b/src/chrome/content/rules/SNCB.xml
index eaa804e6ab39..45899247ce59 100644
--- a/src/chrome/content/rules/SNCB.xml
+++ b/src/chrome/content/rules/SNCB.xml
@@ -2,9 +2,9 @@
     <target host="b-europe.com" />
     <target host="*.b-europe.com" />
 
-    <securecookie host="^(.*\.)?b-europe\.com$" name=".+" />
+    <securecookie host=".+" name=".+"/>
 
-    <rule from="^https?://b-europe\.com/"
+    <rule from="^http://b-europe\.com/"
         to="https://www.b-europe.com/" />
     <rule from="^http://([^/:@]+)?\.b-europe\.com/"
         to="https://$1.b-europe.com/" />
diff --git a/src/chrome/content/rules/SNL.com.xml b/src/chrome/content/rules/SNL.com.xml
index d9109998481c..3f465c4d798c 100644
--- a/src/chrome/content/rules/SNL.com.xml
+++ b/src/chrome/content/rules/SNL.com.xml
@@ -17,7 +17,6 @@
 	<securecookie host="^www\.snl\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?snl\.com/"
-		to="https://$1snl.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SNSBank.xml b/src/chrome/content/rules/SNSBank.xml
index b35986895230..efea165dfd8d 100644
--- a/src/chrome/content/rules/SNSBank.xml
+++ b/src/chrome/content/rules/SNSBank.xml
@@ -1,8 +1,54 @@
-<ruleset name="SNS Bank">
-  <!-- Rule created by Jeroen van der Gun -->
+<!--
+	Rule created by Jeroen van der Gun.
 
-  <target host="www.snsbank.nl" />
-  <target host="snsbank.nl" />
 
-  <rule from="^http://(?:www\.)?snsbank\.nl/" to="https://www.snsbank.nl/"/>
+	Nonfunctional subdomains:
+
+		- nieuws *
+
+	* PressPage
+
+
+	Fully covered subdomains:
+
+		- (www.)?
+		- community
+		- forum
+		- heelnormaal
+		- ideal
+		- intermediair
+		- lenen
+		- m
+		- mijnlenen
+		- servicepas
+
+
+	Insecure cookies are set for these hosts:
+
+		- servicepas.snsbank.nl
+
+-->
+<ruleset name="SNS Bank.nl">
+
+	<target host="snsbank.nl" />
+	<target host="community.snsbank.nl" />
+	<target host="forum.snsbank.nl" />
+	<target host="heelnormaal.snsbank.nl" />
+	<target host="ideal.snsbank.nl" />
+	<target host="intermediair.snsbank.nl" />
+	<target host="lenen.snsbank.nl" />
+	<target host="m.snsbank.nl" />
+	<target host="mijnlenen.snsbank.nl" />
+	<target host="servicepas.snsbank.nl" />
+	<target host="www.snsbank.nl" />
+
+	<!--	Secured by server:
+					-->
+	<!--securecookie host="^servicepas\.snsbank\.nl$" name="^TS[\da-f]{6}$" /-->
+
+	<securecookie host="^servicepas\.snsbank\.nl$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/SNstatic.fi.xml b/src/chrome/content/rules/SNstatic.fi.xml
index b489a544b37f..6b1e6c891450 100644
--- a/src/chrome/content/rules/SNstatic.fi.xml
+++ b/src/chrome/content/rules/SNstatic.fi.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://hs11.snstatic.fi/webkuva/oletus/60/1305620265306 => https://www.hs.fi/webkuva/oletus/60/1305620265306: Too many redirects while fetching 'https://www.hs.fi/webkuva/oletus/60/1305620265306'
+
 	For other Sanoma Corporation coverage, see Sanoma.com.xml.
 
 
@@ -7,29 +11,57 @@
 
 	Problematic subdomains:
 
-		- hs1[0-3]	(redirects to http; mismatched, CN: *.hs.fi)
-		- is12	(redirects to www.iltasanomat.fi; mismatched, CN: www.iltasanomat.fi)
+		- is12 (breaks static content on www.iltasanomat.fi)
+		- hs1[0-3] (redirects to http; mismatched, CN: *.hs.fi)
 
+-->
+<ruleset name="SNstatic.fi" default_off="failed ruleset test">
 
-	Fully covered subdomains:
+	<!--	Direct rewrites:
+				-->
+	<target host="files.snstatic.fi" />
+	<target host="ko.snstatic.fi" />
+	<target host="ot11.snstatic.fi" />
+	<target host="ot12.snstatic.fi" />
 
-		- files
-		- hs1[0-3]	(→ www.hs.fi)
-		- is12	(→ www.iltasanomat.fi)
+		<test url="http://files.snstatic.fi/hs/img/hsi-facebook.png" />
+		<test url="http://ko.snstatic.fi/hise-is-300/css/5679a2a4.css" />
+		<test url="http://ko.snstatic.fi/hise-is-300/image/e9b3738b.svg" />
+		<test url="http://ot11.snstatic.fi/sites/default/files/styles/some-sidebar-lift/public/imagecache/ext/ff/b6/a5/ffb6a55b3071b93f4d6926a0613e5b043980c32b.jpg" /><!--	407 -->
+		<test url="http://ot12.snstatic.fi/sites/default/files/styles/article_sidebar/public/imgs/article/keskittymisjuttu.jpeg" /><!--	7459 -->
 
--->
-<ruleset name="SNstatic.fi">
+	<!--	Complications:
+				-->
+	<target host="hs10.snstatic.fi" />
+	<target host="hs11.snstatic.fi" />
+	<target host="hs12.snstatic.fi" />
+	<target host="hs13.snstatic.fi" />
+	<target host="is20.snstatic.fi" />
 
-	<target host="*.snstatic.fi" />
+		<!--	Avoid potential XHR problems:
+							-->
+		<exclusion pattern="^http://.+\.snstatic\.fi/.+\.js(?:on)?(?:$|\?)" />
 
+			<!--	+ve:
+					-->
+			<test url="http://files.snstatic.fi/hs/js/common-functions.js" />
+			<test url="http://files.snstatic.fi/hs/js/hs-46-top-element-events.js" />
+			<test url="http://files.snstatic.fi/hs/favicons/hsfi/manifest.json" />
+			<test url="http://files.snstatic.fi/HS/js/jstorage.min.js" />
+			<test url="http://files.snstatic.fi/HS/js/jquery-ui-1.9.1.custom.min.js" />
+			<test url="http://files.snstatic.fi/HS/js/jquery-1.9.1.min.js" />
+			<test url="http://files.snstatic.fi/HS/js/head.min.js" />
 
-	<rule from="^http://files\.snstatic\.fi/"
-		to="https://files.snstatic.fi/" />
+
+	<rule from="^http://is20\.snstatic\.fi/"
+		to="https://www.iltasanomat.fi/" />
 
 	<rule from="^http://hs1[0-3]\.snstatic\.fi/"
 		to="https://www.hs.fi/" />
 
-	<rule from="^http://is12\.snstatic\.fi/"
-		to="https://www.iltasanomat.fi/" />
+		<test url="http://hs11.snstatic.fi/webkuva/oletus/60/1305620265306" />
+
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SNtech.xml b/src/chrome/content/rules/SNtech.xml
index 8806648890f7..738af7c83c53 100644
--- a/src/chrome/content/rules/SNtech.xml
+++ b/src/chrome/content/rules/SNtech.xml
@@ -1,4 +1,10 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ssl.sntech.de/ => https://ssl.sntech.de/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://ssl.sntech.de/ => https://ssl.sntech.de/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 	Nonfunctional subdomains:
 
 		- (www.) *
@@ -7,12 +13,11 @@
 	* Shows ssl; mismatched, CN: ssl.sntech.de
 
 -->
-<ruleset name="SNtech (partial)">
+<ruleset name="SNtech (partial)" default_off="failed ruleset test">
 
 	<target host="ssl.sntech.de" />
 
 
-	<rule from="^http://ssl\.sntech\.de/"
-		to="https://ssl.sntech.de/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SOA.org.xml b/src/chrome/content/rules/SOA.org.xml
new file mode 100644
index 000000000000..8548f5287da0
--- /dev/null
+++ b/src/chrome/content/rules/SOA.org.xml
@@ -0,0 +1,22 @@
+<!--
+	Nonfunctional hosts in *soa.org:
+
+		- jobs ʰ
+
+	ʰ Redirects to http
+
+-->
+<ruleset name="SOA.org (partial)">
+
+	<target host="soa.org" />
+	<target host="www.soa.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+	<securecookie host="^\." name="^(?:incap_ses_\d+|visid_incap)_\d+$" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SOGo.xml b/src/chrome/content/rules/SOGo.xml
index 779a799a3dae..bd90ca7c1e97 100644
--- a/src/chrome/content/rules/SOGo.xml
+++ b/src/chrome/content/rules/SOGo.xml
@@ -1,4 +1,4 @@
-<ruleset name="SOGo" default_off="mismatch">
+<ruleset name="SOGo" default_off="mismatched">
 
 	<target host="sogo.nu" />
 	<target host="www.sogo.nu" />
@@ -9,7 +9,7 @@
 
 	<!--	CN: inverse.ca
 				-->
-	<rule from="^https?://(?:www\.)?sogo\.nu/"
+	<rule from="^http://(?:www\.)?sogo\.nu/"
 		to="https://www.sogo.nu/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SOHH.com.xml b/src/chrome/content/rules/SOHH.com.xml
new file mode 100644
index 000000000000..0e14581dd18a
--- /dev/null
+++ b/src/chrome/content/rules/SOHH.com.xml
@@ -0,0 +1,51 @@
+<!--
+	NB: Tor users cannot view* this website due to CloudFlare settings.
+
+	See:
+
+		- https://blog.torproject.org/blog/call-arms-helping-internet-services-accept-anonymous-users
+		- https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block-Tor-
+		- https://support.cloudflare.com/hc/en-us/articles/200170206-How-do-I-turn-I-m-Under-Attack-mode-on-
+
+	* without enabling javascript, for security and privacy implications see e.g.:
+
+		- https://www.mozilla.org/security/known-vulnerabilities/firefox.html
+		- https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-fingerprinting
+		- https://panopticlick.eff.org
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- sohh.com
+		- .sohh.com
+		- www.sohh.com
+
+
+	Mixed content:
+
+		- css from fonts.googleapis.com *
+		- Bug from snapwidget.com *
+
+	* Secured by us
+
+-->
+<ruleset name="SOHH.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="sohh.com" />
+	<target host="www.sohh.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?sohh\.com$" name="^X-Mapping-fjhppofk$" /-->
+	<!--securecookie host="^\.sohh\.com$" name="^(__cfduid|__qca|cf_clearance)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SOHOpelessly_Broken.com.xml b/src/chrome/content/rules/SOHOpelessly_Broken.com.xml
new file mode 100644
index 000000000000..8e2902ec55e6
--- /dev/null
+++ b/src/chrome/content/rules/SOHOpelessly_Broken.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="SOHOPelessly Broken.com">
+
+	<target host="sohopelesslybroken.com" />
+	<target host="www.sohopelesslybroken.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SONGLYRICS.com.xml b/src/chrome/content/rules/SONGLYRICS.com.xml
new file mode 100644
index 000000000000..676a088c1906
--- /dev/null
+++ b/src/chrome/content/rules/SONGLYRICS.com.xml
@@ -0,0 +1,20 @@
+<!--
+	Refused:
+		calendar.songlyrics.com
+		mail.songlyrics.com
+		webmail.songlyrics.com
+
+	Time out:
+		db.songlyrics.com
+		ftp.songlyrics.com
+-->
+<ruleset name="songlyrics.com">
+	<target host="songlyrics.com" />
+	<target host="www.songlyrics.com" />
+	<target host="admin.songlyrics.com" />
+	<target host="dev.songlyrics.com" />
+	<target host="m.songlyrics.com" />
+	<target host="static.songlyrics.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SOS-addictions.org.xml b/src/chrome/content/rules/SOS-addictions.org.xml
new file mode 100644
index 000000000000..c0cf9b2ddfe6
--- /dev/null
+++ b/src/chrome/content/rules/SOS-addictions.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="SOS-addictions.org">
+
+	<target host="sos-addictions.org" />
+	<target host="www.sos-addictions.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SOS.wa.gov.xml b/src/chrome/content/rules/SOS.wa.gov.xml
new file mode 100644
index 000000000000..2eff06226f73
--- /dev/null
+++ b/src/chrome/content/rules/SOS.wa.gov.xml
@@ -0,0 +1,72 @@
+
+<!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Fetch error: http://autodiscover.sos.wa.gov/ => https://autodiscover.sos.wa.gov/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://cfdfiles.sos.wa.gov/ => https://cfdfiles.sos.wa.gov/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://corps.sos.wa.gov/ => https://corps.sos.wa.gov/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://weihelp.sos.wa.gov/ => https://weihelp.sos.wa.gov/: (28, 'Connection timed out after 20001 milliseconds')
+
+	Non-functional hosts
+		Couldn't connect to server:
+			 - share.sos.wa.gov
+       - corps2.sos.wa.gov
+       - newspapers.sos.wa.gov
+
+		Timeout was reached:
+			 - api.sos.wa.gov
+			 - applib.sos.wa.gov
+			 - archives.sos.wa.gov
+			 - beta.sos.wa.gov
+			 - mx2013a.sos.wa.gov
+			 - mx2013b.sos.wa.gov
+			 - owa-external.sos.wa.gov
+			 - wei.qa.sos.wa.gov
+			 - wei2.qa.sos.wa.gov
+			 - secstatemxlib01.sos.wa.gov
+			 - secstatemxlib03.sos.wa.gov
+       - weiadmin.sos.wa.gov
+
+		SSL peer certificate was not OK:
+			 - assets.www.sos.wa.gov
+			 - mobile.www.sos.wa.gov
+			 - stage.www.sos.wa.gov
+			 - teams.www.sos.wa.gov
+
+		Status code mismatch:
+			 - chat-corps.sos.wa.gov
+			 - m.sos.wa.gov
+			 - webstats.sos.wa.gov
+
+		4xx client error:
+			 - cfd.sos.wa.gov
+			 - forums.sos.wa.gov
+			 - owab.sos.wa.gov
+-->
+<ruleset name="Washington Secretary of State (partial)">
+	<target host="sos.wa.gov" />
+	<target host="www.sos.wa.gov" />
+	<!-- target host="autodiscover.sos.wa.gov" /-->
+	<target host="blogs.sos.wa.gov" />
+	<!-- target host="cfdfiles.sos.wa.gov" /-->
+	<!-- target host="corps.sos.wa.gov" /-->
+	<!-- <target host="corps2.sos.wa.gov" /> -->
+	<!-- <target host="newspapers.sos.wa.gov" /> -->
+	<target host="wei.sos.wa.gov" />
+	<!-- <target host="weiadmin.sos.wa.gov" /> -->
+	<target host="weiapplets.sos.wa.gov" />
+		<test url="http://weiapplets.sos.wa.gov/myvote/" />
+		<test url="http://weiapplets.sos.wa.gov/MyVoteOLVR/OnlineVotersGuide/MeasureDetail?measureId=113525" />
+		<test url="http://weiapplets.sos.wa.gov/elections/candidates/whofiled?countycode=sj" />
+	<!-- target host="weihelp.sos.wa.gov" /-->
+	<target host="wiki.sos.wa.gov" />
+		<test url="http://wiki.sos.wa.gov/trustees/" />
+		<test url="http://wiki.sos.wa.gov/trustees/Establishment-of-Public-Libraries.ashx?Discuss=1" />
+		<test url="http://wiki.sos.wa.gov/ils/" />
+	<target host="wsldocs.sos.wa.gov" />
+		<test url="http://wsldocs.sos.wa.gov/library/docs/wsu/extension/misc0048_2008_004500.pdf" />
+		<test url="http://wsldocs.sos.wa.gov/library/docs/wsu/extension/mstrgardener/vhb_draft1_2008_2008_003491.pdf" />
+		<test url="http://wsldocs.sos.wa.gov/library/docs/WHS/SL_WHS2004_000046.pdf" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SP.nl.xml b/src/chrome/content/rules/SP.nl.xml
new file mode 100644
index 000000000000..ac226e5288ad
--- /dev/null
+++ b/src/chrome/content/rules/SP.nl.xml
@@ -0,0 +1,49 @@
+<!--
+	Other Socialist Party rulesets:
+
+		- SPnet.nl.xml
+
+
+	Nonfunctional hosts in *sp.nl:
+
+		- international *
+		- planet *
+
+	* Redirects to http
+
+
+	^sp.nl: Mismatched
+
+
+	Mixed content:
+
+		- Images on rood from planet.sp.nl *
+
+	* Unsecurable <= redirects to http
+
+-->
+<ruleset name="SP.nl (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="rood.sp.nl" />
+	<target host="shop.sp.nl" />
+	<target host="www.sp.nl" />
+
+	<!--	Complications:
+				-->
+	<target host="sp.nl" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://international\.sp\.nl/(?:$|sites/)" /-->
+		<!--exclusion pattern="^http://planet\.sp\.nl/(?:listen_nl_nl_red\.gif|splogo141\.gif|tomaat\.ico)$" /-->
+
+
+	<rule from="^http://sp\.nl/"
+		to="https://www.sp.nl/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SPBAS.com.xml b/src/chrome/content/rules/SPBAS.com.xml
new file mode 100644
index 000000000000..406b5d5456d7
--- /dev/null
+++ b/src/chrome/content/rules/SPBAS.com.xml
@@ -0,0 +1,23 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://spbas.com/ => https://spbas.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.spbas.com/ => https://www.spbas.com/: (60, 'SSL certificate problem: certificate has expired')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://spbas.com/ => https://spbas.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.spbas.com/ => https://www.spbas.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+	Nonfunctional subdomains:
+
+		- blog
+
+-->
+<ruleset name="SPBAS.com (partial)" default_off="failed ruleset test">
+
+	<target host="spbas.com" />
+	<target host="www.spbas.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SPCA-Los-Angeles.xml b/src/chrome/content/rules/SPCA-Los-Angeles.xml
index cad863a235b1..bded7622d7c5 100644
--- a/src/chrome/content/rules/SPCA-Los-Angeles.xml
+++ b/src/chrome/content/rules/SPCA-Los-Angeles.xml
@@ -2,9 +2,6 @@
 	<target host="spcala.com" />
 	<target host="www.spcala.com" />
 
-	<rule from="^http://(?:www\.)?spcala\.com/" to="https://spcala.com/" />
+	<rule from="^http:" to="https:" />
 
-	<!-- Invoking https://www.spcala.com/ produces a certificate error,
-	so redirect https://www.spcala.com/ to https://spcala.com/ -->
-	<rule from="^https://www\.spcala\.com/" to="https://spcala.com/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SPCA.org.hk.xml b/src/chrome/content/rules/SPCA.org.hk.xml
new file mode 100644
index 000000000000..ea4fd2aef649
--- /dev/null
+++ b/src/chrome/content/rules/SPCA.org.hk.xml
@@ -0,0 +1,27 @@
+<!--
+	Non-functional hosts
+		Timeout was reached:
+			 - insp-test.spca.org.hk
+
+		SSL connect error:
+			 - insp-test.spca.org.hk:8080
+
+		SSL peer certificate was not OK:
+			 - china.spca.org.hk
+			 - www.main.spca.org.hk
+			 - static.spca.org.hk
+			 - test.spca.org.hk
+-->
+<ruleset name="SPCA.org.hk (partial)">
+	<target host="spca.org.hk" />
+	<target host="www.spca.org.hk" />
+	<target host="main.spca.org.hk" />
+		<test url="http://main.spca.org.hk/lostpet/index.asp?lang=tc" />
+		<test url="http://main.spca.org.hk/lostpet/list.asp?lang=en" />
+		<test url="http://main.spca.org.hk/lostpet/list.asp?lang=tc" />
+	<target host="vg.spca.org.hk" />
+
+	<securecookie host="^(www\.)?spca\.org\.hk$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SPDNS.de.xml b/src/chrome/content/rules/SPDNS.de.xml
new file mode 100644
index 000000000000..90f744891297
--- /dev/null
+++ b/src/chrome/content/rules/SPDNS.de.xml
@@ -0,0 +1,29 @@
+<!--
+	For other Securepoint coverage, see Securepoint.de.xml.
+
+
+	Insecure cookies are set for these hosts:
+
+		- spdns.de
+		- www.spdns.de
+
+-->
+<ruleset name="SPDNS.de">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="spdns.de" />
+	<target host="www.spdns.de" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?spdns\.de$" name="^PHPSESSID$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SPDX.org.xml b/src/chrome/content/rules/SPDX.org.xml
index 9ab46f82ff04..1e15e74e2b82 100644
--- a/src/chrome/content/rules/SPDX.org.xml
+++ b/src/chrome/content/rules/SPDX.org.xml
@@ -2,32 +2,30 @@
 	For other Linux Foundation coverage, see LinuxFoundation.xml.
 
 
-	Problematic domains:
+	Problematic hosts in *spdx.org:
 
-		- www.spdx.org	(mismatched)
+		- wiki *
+
+	* Mixed css
 
 -->
 <ruleset name="SPDX.org (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="spdx.org" />
-		<!--
-			wiki redirects to http
-						-->
-		<exclusion pattern="^http://spdx\.org/wiki/" />
-	<target host="*.spdx.org" />
+	<target host="lists.spdx.org" />
+	<!--target host="wiki.spdx.org" /-->
+	<target host="www.spdx.org" />
 
 
-	<!--
-		spdx.org wiki redirects to http, so
+	<!--	spdx.org wiki redirects to http, so
 		we don't want to match wiki cookies:
 							-->
-	<securecookie host="^\.spdx\.org$" name="^SESS.*" />	
-
+	<securecookie host="^\.spdx\.org$" name="^SESS.*" />
 
-	<rule from="^http://(?:www\.)?spdx\.org/"
-		to="https://spdx.org/" />
 
-	<rule from="^http://lists\.spdx\.org/"
-		to="https://lists.spdx.org/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SPEC.org.xml b/src/chrome/content/rules/SPEC.org.xml
new file mode 100644
index 000000000000..2d2cad01ec17
--- /dev/null
+++ b/src/chrome/content/rules/SPEC.org.xml
@@ -0,0 +1,19 @@
+<!--
+	STS header includes includeSubDomains
+
+-->
+<ruleset name="SPEC.org">
+
+	<target host="spec.org" />
+	<target host="*.spec.org" />
+
+		<test url="http://www.spec.org/" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SPL_Center.org.xml b/src/chrome/content/rules/SPL_Center.org.xml
new file mode 100644
index 000000000000..73e189bb55d4
--- /dev/null
+++ b/src/chrome/content/rules/SPL_Center.org.xml
@@ -0,0 +1,31 @@
+<!--
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .splcenter.org
+		- donate.splcenter.org
+
+	Mismatch:
+		- selma.splcenter.org
+
+-->
+<ruleset name="SPL Center.org">
+	<target host="splcenter.org" />
+	<target host="www.splcenter.org" />
+	<target host="donate.splcenter.org" />
+	<target host="edit.splcenter.org" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.splcenter\.org$" name="^(?:__cfduid|cf_clearance)$" /-->
+	<!--securecookie host="^donate\.splcenter\.org$" name="^(?:ASP\.NET_SessionId$|NSC_)" /-->
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SPORTISIMO.xml b/src/chrome/content/rules/SPORTISIMO.xml
new file mode 100644
index 000000000000..6a8170282377
--- /dev/null
+++ b/src/chrome/content/rules/SPORTISIMO.xml
@@ -0,0 +1,22 @@
+<ruleset name="SPORTISIMO s.r.o.">
+    <target host="sportisimo.cz" />
+    <target host="www.sportisimo.cz" />
+
+    <target host="sportisimo.de" />
+    <target host="www.sportisimo.de" />
+
+    <target host="sportisimo.pl" />
+    <target host="www.sportisimo.pl" />
+
+    <target host="sportisimo.ro" />
+    <target host="www.sportisimo.ro" />
+
+    <target host="sportisimo.com" />
+    <target host="www.sportisimo.com" />
+
+
+    <rule from="^http://sportisimo\.com/"
+            to="https://www.sportisimo.com/" />
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SPU.ac.th.xml b/src/chrome/content/rules/SPU.ac.th.xml
new file mode 100644
index 000000000000..bed0d639abda
--- /dev/null
+++ b/src/chrome/content/rules/SPU.ac.th.xml
@@ -0,0 +1,123 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+			 - apheit.spu.ac.th
+			 - applyjob.spu.ac.th
+			 - cheqa.spu.ac.th
+			 - cheqaspu.spu.ac.th
+			 - cheqaspu2555.spu.ac.th
+			 - cheqaspu3.spu.ac.th
+			 - cheqaspu55.spu.ac.th
+			 - cheqaspu58.spu.ac.th
+			 - cheqatraining.spu.ac.th
+			 - dspace.spu.ac.th
+			 - espuc.east.spu.ac.th
+			 - ebook.spu.ac.th
+			 - estaff.spu.ac.th
+			 - exam.spu.ac.th
+			 - horizon.spu.ac.th
+			 - hrm.spu.ac.th
+			 - khonkaen.spu.ac.th
+			 - www.khonkaen.spu.ac.th
+			 - libraryroom.spu.ac.th
+			 - mic99.spu.ac.th
+			 - quartet.spu.ac.th
+			 - radio.spu.ac.th
+			 - sap.spu.ac.th
+			 - scms.spu.ac.th
+			 - scmskk.spu.ac.th
+			 - scmsreq.spu.ac.th
+			 - userportal.spu.ac.th
+			 - webmic4.spu.ac.th
+
+		Timeout was reached:
+			 - academic.spu.ac.th
+			 - accounting-online.spu.ac.th
+			 - act.spu.ac.th
+			 - admission.spu.ac.th
+			 - aster.spu.ac.th
+			 - cisg.spu.ac.th
+			 - csits.spu.ac.th
+			 - digitalmedia.spu.ac.th
+			 - dllibrary.spu.ac.th
+			 - e-learning.spu.ac.th
+			 - www.east.spu.ac.th
+			 - accounting.east.spu.ac.th
+			 - buapan.east.spu.ac.th
+			 - business.east.spu.ac.th
+			 - comm.east.spu.ac.th
+			 - elearning.east.spu.ac.th
+			 - fim.east.spu.ac.th
+			 - it.east.spu.ac.th
+			 - law.east.spu.ac.th
+			 - liberal.east.spu.ac.th
+			 - sams.east.spu.ac.th
+			 - spuccourseware.east.spu.ac.th
+			 - spukkestaff.east.spu.ac.th
+			 - spukkmis.east.spu.ac.th
+			 - spusar.east.spu.ac.th
+			 - eecon31.spu.ac.th
+			 - elearning.spu.ac.th
+			 - www.elearning.spu.ac.th
+			 - eoffice.spu.ac.th
+			 - icec.spu.ac.th
+			 - iced2012.spu.ac.th
+			 - ictapp.spu.ac.th
+			 - ictcenter2.spu.ac.th
+			 - ienetwork2012.spu.ac.th
+			 - info.spu.ac.th
+			 - linuxweb17.spu.ac.th
+			 - mcivil.spu.ac.th
+			 - moodle.spu.ac.th
+			 - ncce13.spu.ac.th
+			 - newinfo.spu.ac.th
+			 - newsphoto.spu.ac.th
+			 - ns3.spu.ac.th
+			 - ns4.spu.ac.th
+			 - press.spu.ac.th
+			 - sci2.spu.ac.th
+			 - sec.spu.ac.th
+			 - spublog.spu.ac.th
+			 - spucon.spu.ac.th
+			 - spunews.spu.ac.th
+			 - spusociety.spu.ac.th
+			 - sripatum-review.spu.ac.th
+			 - ssi.spu.ac.th
+			 - student.spu.ac.th
+			 - tlc.spu.ac.th
+			 - dllibrary.spu.ac.th:8080
+			 - library.spu.ac.th:81
+
+		SSL peer certificate was not OK:
+			 - blog.spu.ac.th
+			 - web.spu.ac.th
+
+		Peer certificate cannot be authenticated with given CA certificates:
+			 - apheitconference.spu.ac.th
+			 - archcomm.spu.ac.th
+			 - kds2016.spu.ac.th
+			 - library.spu.ac.th
+			 - nbtc.spu.ac.th
+			 - sripatumsummit2015.spu.ac.th
+			 - sslvpn.spu.ac.th
+
+		Incomplete certificate chain error:
+			 - camtasia.spu.ac.th
+
+		Status code mismatch:
+			 - spu.ac.th (HTTP: 404, HTTPS 200)
+-->
+<ruleset name="SPU.ac.th (patial)">
+	<target host="spu.ac.th" />
+	<target host="www.spu.ac.th" />
+	<target host="eoffice.east.spu.ac.th" />
+	<target host="mis.east.spu.ac.th" />
+	<target host="search.library.spu.ac.th" />
+	<target host="staff.library.spu.ac.th" />
+
+	<rule from="^http://spu\.ac\.th/"
+			to="https://www.spu.ac.th/" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SPajIT.xml b/src/chrome/content/rules/SPajIT.xml
deleted file mode 100644
index 478d3b137bd1..000000000000
--- a/src/chrome/content/rules/SPajIT.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<ruleset name="SPajIT" default_off="expired, self-signed">
-
-	<target host="hypeshell.com"/>
-	<target host="www.hypeshell.com"/>
-	<target host="shellmix.com"/>
-	<target host="www.shellmix.com"/>
-
-	<securecookie host="^(hypeshell|shellmix)\.com$" name=".*"/>
-
-	<!--	cert !match www		-->
-	<rule from="^http://(?:www\.)?hypeshell\.com/"
-		to="https://hypeshell.com/"/>
-
-	<!--	cert !match !www	-->
-	<rule from="^http://(?:www\.)?shellmix\.com/"
-		to="https://www.shellmix.com/"/>
-
-	<!--	fix links	-->
-	<rule from="^https://shellmix\.com/"
-		to="https://www.shellmix.com/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/SPnet.nl.xml b/src/chrome/content/rules/SPnet.nl.xml
new file mode 100644
index 000000000000..109a17c85c04
--- /dev/null
+++ b/src/chrome/content/rules/SPnet.nl.xml
@@ -0,0 +1,16 @@
+<!--
+	For other Socialist Party coverage, see SP.nl.xml.
+
+-->
+<ruleset name="SPnet.nl">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="spnet.nl" />
+	<target host="www.spnet.nl" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SQL_Converter.xml b/src/chrome/content/rules/SQL_Converter.xml
index 6d7245daf9f5..672c5ad2ff82 100644
--- a/src/chrome/content/rules/SQL_Converter.xml
+++ b/src/chrome/content/rules/SQL_Converter.xml
@@ -1,13 +1,12 @@
 <ruleset name="SQL Converter">
 
 	<target host="sqlconverter.com" />
-	<target host="*.sqlconverter.com" />
+	<target host="www.sqlconverter.com" />
 
 
 	<securecookie host="^(?:w*\.)?sqlconverter\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?sqlconverter\.com/"
-		to="https://$1sqlconverter.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SQLite.xml b/src/chrome/content/rules/SQLite.xml
index de5653dca807..a325900ab5df 100644
--- a/src/chrome/content/rules/SQLite.xml
+++ b/src/chrome/content/rules/SQLite.xml
@@ -1,8 +1,27 @@
-<ruleset name="SQLite">
-  <target host="sqlite.org" />
-  <target host="www.sqlite.org" />
+<!--
+	Invalid certificate:
+		data.sqlite.org
+		lua.sqlite.org
+		mail.sqlite.org
+		mailinglists.sqlite.org
+		test1.sqlite.org
+		unql.sqlite.org
+-->
+<ruleset name="SQLite.org">
 
-  <securecookie host="^(.+\.)?sqlite\.org$" name=".*"/>
+	<target host="sqlite.org" />
+	<target host="www.sqlite.org" />
+	<target host="system.data.sqlite.org" />
+	<target host="www2.sqlite.org" />
+	<target host="www3.sqlite.org" />
+
+		<!--	https://github.com/EFForg/https-everywhere/issues/1461
+									-->
+		<exclusion pattern="^http://sqlite\.org:8080/" />
+			<test url="http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"	to="https:" />
 
-  <rule from="^http://((?:www\.)?sqlite\.org)/" to="https://$1/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/SQLiteBrowser.org.xml b/src/chrome/content/rules/SQLiteBrowser.org.xml
new file mode 100644
index 000000000000..b9979d9ecad6
--- /dev/null
+++ b/src/chrome/content/rules/SQLiteBrowser.org.xml
@@ -0,0 +1,17 @@
+<!--
+	Mismatched:
+		- www.sqlitebrowser.org
+
+	HTTP != HTTPS:
+		- stats.sqlitebrowser.org
+-->
+<ruleset name="SQLiteBrowser.org">
+	<target host="sqlitebrowser.org" />
+	<target host="www.sqlitebrowser.org" />
+	<target host="download.sqlitebrowser.org" />
+	<target host="nightlies.sqlitebrowser.org" />
+	<target host="redash.sqlitebrowser.org" />
+
+	<rule from="^http://www\.sqlitebrowser\.org/" to="https://sqlitebrowser.org/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SRA_OSS.xml b/src/chrome/content/rules/SRA_OSS.xml
index 7b9779a51dab..d6043f364022 100644
--- a/src/chrome/content/rules/SRA_OSS.xml
+++ b/src/chrome/content/rules/SRA_OSS.xml
@@ -1,16 +1,7 @@
-<!--
-	CN: localhost.localdomain
-
-
-	^sraoss.co.jp doesn't exist
-
--->
-<ruleset name="SRA OSS" default_off="self-signed">
+<ruleset name="SRA OSS">
 
 	<target host="www.sraoss.co.jp" />
 
+	<rule from="^http:" to="https:" />
 
-	<rule from="^http://www\.sraoss\.co\.jp/"
-		to="https://www.sraoss.co.jp/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SRB2.org.xml b/src/chrome/content/rules/SRB2.org.xml
index 965acc0d58fe..58778494f8f4 100644
--- a/src/chrome/content/rules/SRB2.org.xml
+++ b/src/chrome/content/rules/SRB2.org.xml
@@ -1,30 +1,40 @@
 <!--
-	Fully covered subdomains:
+	Problematic hosts in *srb2.org:
 
-		- (www.)
-		- files
-		- mb
-		- ms
-		- wiki
+		- ms ᶜ
+		- wiki ᵀ
 
+	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
+	ᵀ Blocks Tor users
 
-	Observed cookie domains:
 
-		- ^
-		- .mb
-		- wiki
+	Insecure cookies are set for these domains and hosts:
+
+		- .srb2.org
+		- .mb.srb2.org
+		- www.srb2.org
 
 -->
-<ruleset name="SRB2.org">
+<ruleset name="SRB2.org (partial)">
 
 	<target host="srb2.org" />
-	<target host="*.srb2.org" />
+	<target host="files.srb2.org" />
+	<target host="mb.srb2.org" />
+	<!--target host="ms.srb2.org" /-->
+	<target host="wiki.srb2.org" />
+	<target host="www.srb2.org" />
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.srb2\.org$" name="^(?:__cfduid|cf_clearance)$" /-->
+	<!--securecookie host="^\.mb\.srb2\.org$" name="^bb(?:lastactivity|lastvisit|sessionhash)$" /-->
+	<!--securecookie host="^www\.srb2\.org$" name="^w3tc_referrer$" /-->
 
-	<securecookie host="^(?:.+\.)?srb2\.org$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://((?:files|mb|ms|wiki|www)\.)?srb2\.org/"
-		to="https://$1srb2.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/SRB2Skybase.org.xml b/src/chrome/content/rules/SRB2Skybase.org.xml
new file mode 100644
index 000000000000..8546d33142e3
--- /dev/null
+++ b/src/chrome/content/rules/SRB2Skybase.org.xml
@@ -0,0 +1,19 @@
+<!--
+	Mismatched:
+		- ftp
+		- whm
+-->
+<ruleset name="SRB2Skybase.org">
+	<target host="srb2skybase.org" />
+	<target host="www.srb2skybase.org" />
+	<target host="cpanel.srb2skybase.org" />
+	<target host="files.srb2skybase.org" />
+	<target host="www.files.srb2skybase.org" />
+	<target host="mail.srb2skybase.org" />
+	<target host="webdisk.srb2skybase.org" />
+	<target host="webmail.srb2skybase.org" />
+	<target host="wind.srb2skybase.org" />
+	<target host="www.wind.srb2skybase.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SRDS.com.xml b/src/chrome/content/rules/SRDS.com.xml
new file mode 100644
index 000000000000..7ccd96d0e26f
--- /dev/null
+++ b/src/chrome/content/rules/SRDS.com.xml
@@ -0,0 +1,46 @@
+<!--
+	Nonfunctional subdomains:
+
+		- login *
+		- next *
+
+	* Refused
+
+
+	Problematic subdomains:
+
+		- ^ ¹
+		- blog ²
+
+	¹ Cert only matches www
+	² Works; mismatched, CN: *.compendiumblog.com
+
+
+	Mixed content:
+
+		- css on blog from fonts.googleapis.com ²
+
+		- favicons on blog and www from next ¹
+
+		- Bug on www from ^ ²
+
+	¹ Unsecurable <= refused
+	² Secured by us
+
+-->
+<ruleset name="SRDS.com (partial)">
+
+	<target host="srds.com" />
+	<target host="www.srds.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.srds\.com$" name="^(_srds_session|WEBTRENDS_ID)$" /-->
+
+	<securecookie host="^www\.srds\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SRF.ch.xml b/src/chrome/content/rules/SRF.ch.xml
new file mode 100644
index 000000000000..aa7c347d5279
--- /dev/null
+++ b/src/chrome/content/rules/SRF.ch.xml
@@ -0,0 +1,39 @@
+<!--
+	For other SRG SSR coverage, see SRGSSR.ch.xml.
+
+	Mismatch:
+		- esc.srf.ch
+		- skitippspiel.srf.ch
+		- www.srfcdn.ch
+
+	Secure connection failed:
+		- 360langstrasse.srf.ch
+		- donau.srf.ch
+		- seidenstrasse.srf.ch
+		- srgplayer-rts.stage.srf.ch
+
+	Self-signed:
+		- dgst.srf.ch
+
+	Timeout:
+		- thevoice.srf.ch
+		- tvprogramm.srf.ch
+		- videoarchiv.srf.ch
+-->
+<ruleset name="SRF.ch">
+	<target host="srf.ch"/>
+	<target host="www.srf.ch"/>
+	<target host="m.srf.ch"/>
+	<target host="podcasts.srf.ch"/>
+	<target host="s1.srf.ch"/>
+	<target host="s2.srf.ch"/>
+	<target host="s3.srf.ch"/>
+	<target host="s4.srf.ch"/>
+	<target host="s5.srf.ch"/>
+	<target host="s6.srf.ch"/>
+	<target host="ws.srf.ch"/>
+		<test url="http://ws.srf.ch/cr/BnWcYMQ"/>
+
+	<rule from="^http:"
+		to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/SRGSSR.ch-problematic.xml b/src/chrome/content/rules/SRGSSR.ch-problematic.xml
new file mode 100644
index 000000000000..5eaf20b06ba5
--- /dev/null
+++ b/src/chrome/content/rules/SRGSSR.ch-problematic.xml
@@ -0,0 +1,26 @@
+<!--
+	For other SRG SSR coverage, see SRGSSR.ch.xml.
+-->
+<ruleset name="SRGSSR.ch (problematic)">
+	<target host="srgssr.ch"/>
+	<target host="www.srgssr.ch"/>
+
+	<!-- HTTP redirect -->
+	<exclusion pattern="http://(www\.)?srgssr\.ch/$"/>
+
+	<test url="http://srgssr.ch/fileadmin/templates/images/SRGLogo.gif"/>
+	<test url="http://www.srgssr.ch/fileadmin/templates/images/SRGLogo.gif"/>
+	<test url="http://srgssr.ch/typo3/sysext/install/composer.json"/>
+	<test url="http://www.srgssr.ch/typo3/sysext/install/composer.json"/>
+	<test url="http://srgssr.ch/typo3_src/typo3/sysext/install/composer.json"/>
+	<test url="http://www.srgssr.ch/typo3_src/typo3/sysext/install/composer.json"/>
+	<test url="http://srgssr.ch/typo3conf/ext/realurl/ext_icon.gif"/>
+	<test url="http://www.srgssr.ch/typo3conf/ext/realurl/ext_icon.gif"/>
+	<test url="http://srgssr.ch/typo3temp/index.html"/>
+	<test url="http://www.srgssr.ch/typo3temp/index.html"/>
+	<test url="http://srgssr.ch/uploads/media/index.html"/>
+	<test url="http://www.srgssr.ch/uploads/media/index.html"/>
+
+	<rule from="^http://(www\.)?srgssr\.ch/(fileadmin|typo3|typo3_src|typo3conf|typo3temp|uploads)/"
+		to="https://$1srgssr.ch/$2/"/>
+</ruleset>
diff --git a/src/chrome/content/rules/SRGSSR.ch.xml b/src/chrome/content/rules/SRGSSR.ch.xml
new file mode 100644
index 000000000000..ddc17d95f962
--- /dev/null
+++ b/src/chrome/content/rules/SRGSSR.ch.xml
@@ -0,0 +1,41 @@
+<!--
+	Other SRG SSR rulesets:
+		- Broadcast.ch.xml
+		- DRS.ch.xml
+		- RSI.ch.xml
+		- RTR.ch.xml
+		- RTS.ch.xml
+		- SRF.ch.xml
+		- SRGSSR.ch-problematic.xml
+		- Swissinfo.ch.xml
+
+	Mismatch:
+		- gb.srgssr.ch
+		- rg.srgssr.ch
+
+	Wrong content:
+		- srfvodhd-vh.akamaihd.net
+
+	HTTP redirect:
+		- (www\.)?srgssr.ch
+
+-->
+<ruleset name="SRGSSR.ch">
+	<target host="api.srgssr.ch"/>
+	<target host="collab.srgssr.ch"/>
+	<target host="datapacte.srgssr.ch"/>
+	<target host="il.srgssr.ch"/>
+		<test url="http://il.srgssr.ch/integrationlayer/1.0/ue/rts/video/play/4727630.xml"/>
+	<target host="metro.srgssr.ch"/>
+	<target host="portal.srgssr.ch"/>
+		<target host="mdm.portal.srgssr.ch"/>
+		<target host="owa.portal.srgssr.ch"/>
+		<target host="siraweb.portal.srgssr.ch"/>
+	<target host="tp.srgssr.ch"/>
+		<test url="http://tp.srgssr.ch/robots.txt"/>
+	<target host="transfer.srgssr.ch"/>
+	<target host="vico.srgssr.ch"/>
+
+	<rule from="^http:"
+		to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/SRM.de.xml b/src/chrome/content/rules/SRM.de.xml
index ecb6f71f9665..e561bfcbf055 100644
--- a/src/chrome/content/rules/SRM.de.xml
+++ b/src/chrome/content/rules/SRM.de.xml
@@ -1,4 +1,12 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://srm.de/ => https://www.srm.de/: Too many redirects while fetching 'https://www.srm.de/'
+Fetch error: http://www.srm.de/ => https://www.srm.de/: Too many redirects while fetching 'https://www.srm.de/'
+
+Automatically by https-everywhere-checker because:
+Fetch error: http://srm.de/ => https://www.srm.de/: Cycle detected - URL already encountered: https://www.srm.de/
+Fetch error: http://www.srm.de/ => https://www.srm.de/: Cycle detected - URL already encountered: https://www.srm.de/
 	Problematic subdomains:
 
 		- ^	(shows 78.47.139.175; mismatched, CN: *.your-server.de)
@@ -12,7 +20,7 @@
 	platform should be removed with Ffx 24.
 
 -->
-<ruleset name="SRM.de" platform="mixedcontent">
+<ruleset name="SRM.de" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="srm.de" />
 	<target host="www.srm.de" />
diff --git a/src/chrome/content/rules/SRSPlus.com.xml b/src/chrome/content/rules/SRSPlus.com.xml
new file mode 100644
index 000000000000..07040859f648
--- /dev/null
+++ b/src/chrome/content/rules/SRSPlus.com.xml
@@ -0,0 +1,41 @@
+<!--
+	For other Web.com Group coverage, see Web.com.xml.
+
+
+	^srsplus.com: Refused
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .srsplus.com
+		- partnersignup.srsplus.com
+		- www.srsplus.com
+
+-->
+<ruleset name="SRSPlus.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="partnersignup.srsplus.com" />
+	<target host="www.srsplus.com" />
+
+	<!--	Complications:
+				-->
+	<target host="srsplus.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.srsplus\.com$" name="^s_\w+$" /-->
+	<!--securecookie host="^(?:partnersignup|www)\.srsplus\.com$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://srsplus\.com/"
+		to="https://www.srsplus.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SSAFA-mismatches.xml b/src/chrome/content/rules/SSAFA-mismatches.xml
index a556a1f46683..c143c1f33894 100644
--- a/src/chrome/content/rules/SSAFA-mismatches.xml
+++ b/src/chrome/content/rules/SSAFA-mismatches.xml
@@ -1,10 +1,9 @@
-<ruleset name="SSAFA (mismatches)" default_off="mismatch">
+<ruleset name="SSAFA (mismatches)" default_off="mismatched">
 
 	<target host="www.ssafa.org.uk"/>
 
-	<rule from="^http://www\.ssafa\.org\.uk/"
-		to="https://www.ssafa.org.uk/"/>
+	<rule from="^http:" to="https:" />
 
-	<securecookie host="^www\.ssafa\.org\.uk$" name=".*"/>
+	<securecookie host="^www\.ssafa\.org\.uk$" name=".+" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/SSAFA.xml b/src/chrome/content/rules/SSAFA.xml
deleted file mode 100644
index fd35e13afcab..000000000000
--- a/src/chrome/content/rules/SSAFA.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--	!functional:
-		- www.brandmerchandise.com	(cert: www.ssafastore.co.uk; shows that domain's data)
--->
-<ruleset name="SSAFA (partial)">
-
-	<target host="ssafastore.co.uk"/>
-	<target host="www.ssafastore.co.uk"/>
-
-	<rule from="^http://(www\.)?ssafastore\.co\.uk/"
-		to="https://$1ssafastore.co.uk/"/>
-
-	<securecookie host="^(www\.)?ssafastore\.co\.uk$" name=".*"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/SSB.no.xml b/src/chrome/content/rules/SSB.no.xml
new file mode 100644
index 000000000000..ed05c4eedfef
--- /dev/null
+++ b/src/chrome/content/rules/SSB.no.xml
@@ -0,0 +1,9 @@
+<ruleset name="SSB.no">
+
+	<target host="ssb.no" />
+	<target host="www.ssb.no" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SSBWiki.com.xml b/src/chrome/content/rules/SSBWiki.com.xml
new file mode 100644
index 000000000000..815bc4eca517
--- /dev/null
+++ b/src/chrome/content/rules/SSBWiki.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="SSBWiki.com">
+	<target host="ssbwiki.com" />
+	<target host="www.ssbwiki.com" />
+	<target host="cpanel.ssbwiki.com" />
+	<target host="mail.ssbwiki.com" />
+	<target host="webdisk.ssbwiki.com" />
+	<target host="webmail.ssbwiki.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SSDeV.org.xml b/src/chrome/content/rules/SSDeV.org.xml
new file mode 100644
index 000000000000..c4ffdca864f1
--- /dev/null
+++ b/src/chrome/content/rules/SSDeV.org.xml
@@ -0,0 +1,16 @@
+<ruleset name="SSDeV.org">
+
+	<target host="ssdev.org" />
+	<target host="www.ssdev.org" />
+	<target host="berlin-west.ssdev.org" />
+	<target host="blog.ssdev.org" />
+	<target host="frankfurt.ssdev.org" />
+	<target host="gallery.ssdev.org" />
+	<target host="hamburg.ssdev.org" />
+	<target host="karlsruhe.ssdev.org" />
+	<target host="shop.ssdev.org" />
+	<target host="wiki.ssdev.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SSE_Events_Group.com.xml b/src/chrome/content/rules/SSE_Events_Group.com.xml
index ea00352f9090..aaa370e164d7 100644
--- a/src/chrome/content/rules/SSE_Events_Group.com.xml
+++ b/src/chrome/content/rules/SSE_Events_Group.com.xml
@@ -1,22 +1,19 @@
 <!--
-		- secure.bluehost.com/~sseevent/
-
-
-	Problematic subdomains:
-
-		- ^	(mismatched, CN: *.bluehost.com)
+	- secure.bluehost.com/~sseevent/
 
 -->
 <ruleset name="SSE Events Group.com">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="sseeventsgroup.com" />
-	<target host="*.sseeventsgroup.com" />
+	<target host="www.sseeventsgroup.com" />
 
 
 	<securecookie host="^(?:www)?\.sseeventsgroup.com$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?sseeventsgroup\.com/"
-		to="https://www.sseeventsgroup.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SSL-Images-Amazon.com.xml b/src/chrome/content/rules/SSL-Images-Amazon.com.xml
new file mode 100644
index 000000000000..f65483cde500
--- /dev/null
+++ b/src/chrome/content/rules/SSL-Images-Amazon.com.xml
@@ -0,0 +1,24 @@
+<ruleset name="SSL-Images-Amazon.com">
+
+	<target host="images-eu.ssl-images-amazon.com" />
+	<target host="images-fe.ssl-images-amazon.com" />
+	<target host="images-na.ssl-images-amazon.com" />
+
+	<!--
+		Exclusions for Amazon's Zeitgeist MP3 Player:
+
+			https://trac.torproject.org/projects/tor/ticket/7000
+
+	note that this exclusion can't be scoped to
+	the ssl-images-amazon domain, though it could have
+	copied the crazy pattern from the rule above.
+								-->
+	<exclusion pattern="^http://images-(eu|fe|na).ssl-images-amazon.com/images/G/01/zeitgeist/mp3player" />
+		<test url="http://images-eu.ssl-images-amazon.com/images/G/01/zeitgeist/mp3player/swf/zgMp3Player-1.0._V212274098_.swf" />
+		<test url="http://images-fe.ssl-images-amazon.com/images/G/01/zeitgeist/mp3player/swf/zgMp3Player-1.0._V212274098_.swf" />
+		<test url="http://images-na.ssl-images-amazon.com/images/G/01/zeitgeist/mp3player/swf/zgMp3Player-1.0._V212274098_.swf" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SSL-Trust.com.xml b/src/chrome/content/rules/SSL-Trust.com.xml
new file mode 100644
index 000000000000..e8818fb3d8b2
--- /dev/null
+++ b/src/chrome/content/rules/SSL-Trust.com.xml
@@ -0,0 +1,15 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.ssl-trust.com/ => https://www.ssl-trust.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.ssl-trust.com'")
+
+-->
+<ruleset name="SSL-Trust" default_off="failed ruleset test">
+	<target host="ssl-trust.com" />
+	<target host="www.ssl-trust.com" />
+
+  	<securecookie host="^\.ssl-trust\.com$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SSL.com.xml b/src/chrome/content/rules/SSL.com.xml
new file mode 100644
index 000000000000..76a6cc74c826
--- /dev/null
+++ b/src/chrome/content/rules/SSL.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Mixed content:
+
+		- Ads/bugs, on:
+
+			- (www.)?, info from c.statcounter.com *
+			- answers from $self *
+			- info from www.commoncraft.com *
+
+	* Secured by us
+
+-->
+<ruleset name="SSL.com (partial)">
+
+	<target host="ssl.com" />
+	<target host="info.ssl.com" />
+	<target host="reseller.ssl.com" />
+	<target host="support.ssl.com" />
+	<target host="www.ssl.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SSL2Buy.com.xml b/src/chrome/content/rules/SSL2Buy.com.xml
new file mode 100644
index 000000000000..765818418d8d
--- /dev/null
+++ b/src/chrome/content/rules/SSL2Buy.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- store.ssl2buy.com
+
+-->
+<ruleset name="SSL2Buy.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ssl2buy.com" />
+	<target host="store.ssl2buy.com" />
+	<target host="www.ssl2buy.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^store\.ssl2buy\.com$" name="^(?:__RequestVerificationToken|ASP\.NET_SessionId)$" /-->
+
+	<securecookie host="^store\.ssl2buy\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SSLEnforcer.com.xml b/src/chrome/content/rules/SSLEnforcer.com.xml
new file mode 100644
index 000000000000..77aa7f2e133f
--- /dev/null
+++ b/src/chrome/content/rules/SSLEnforcer.com.xml
@@ -0,0 +1,10 @@
+<!--
+	Mismatched:
+		- ipv6
+-->
+<ruleset name="SSLEnforcer.com">
+	<target host="sslenforcer.com" />
+	<target host="www.sslenforcer.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SSL_Labs.xml b/src/chrome/content/rules/SSL_Labs.xml
new file mode 100644
index 000000000000..c0025aa18990
--- /dev/null
+++ b/src/chrome/content/rules/SSL_Labs.xml
@@ -0,0 +1,20 @@
+<!--
+	For other Qualys coverage, see Qualys.xml.
+-->
+<ruleset name="SSL Labs">
+	<target host="ssllabs.com" />
+	<target host="www.ssllabs.com" />
+	<target host="dev.ssllabs.com" />
+	<target host="m.ssllabs.com" />
+
+	<target host="casecurity.ssllabs.com" />
+	<target host="comodo.ssllabs.com" />
+	<target host="entrust.ssllabs.com" />
+	<target host="globalsign.ssllabs.com" />
+	<target host="ota.ssllabs.com" />
+	<target host="wosign.ssllabs.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SSLlabs.xml b/src/chrome/content/rules/SSLlabs.xml
deleted file mode 100644
index e3c5b43a4619..000000000000
--- a/src/chrome/content/rules/SSLlabs.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<!--
-	Other Qualys rulesets:
-		- Qualys.xml
-
--->
-<ruleset name="SSLlabs.com">
-  <target host="ssllabs.com" />
-  <target host="www.ssllabs.com" />
-
-	<securecookie host="^www.ssllabs.com$" name=".*"/>
-
-  <rule from="^http://(?:www\.)?ssllabs\.com/" to="https://www.ssllabs.com/" />
-</ruleset>
diff --git a/src/chrome/content/rules/SSLs.com.xml b/src/chrome/content/rules/SSLs.com.xml
new file mode 100644
index 000000000000..11080972b007
--- /dev/null
+++ b/src/chrome/content/rules/SSLs.com.xml
@@ -0,0 +1,35 @@
+<!--
+	For other Namecheap coverage, see NameCheap.xml.
+
+
+	These altnames don't exist:
+
+		- support.ssls.com
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .ssls.com
+		- www.ssls.com
+
+-->
+<ruleset name="SSLs.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ssls.com" />
+	<target host="www.ssls.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.ssls\.com$" name="^sid_customer$" /-->
+	<!--securecookie host="^www\.ssls\.com$" name="^stat_uniq_code$" /-->
+
+	<securecookie host="^(?:www)?\.ssls\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SSLshopper.xml b/src/chrome/content/rules/SSLshopper.xml
index 2aa1a9e12f5c..f2869c942a44 100644
--- a/src/chrome/content/rules/SSLshopper.xml
+++ b/src/chrome/content/rules/SSLshopper.xml
@@ -1,10 +1,13 @@
-<ruleset name="SSLshopper">
-<target host="www.sslshopper.com" />
-<target host="sslshopper.com" />
+<ruleset name="SSL Shopper.com">
 
+	<target host="sslshopper.com" />
+	<target host="www.sslshopper.com" />
 
-	<securecookie host="^www\.sslshopper\.com$" name=".+" />
 
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
-<rule from="^http://(?:www\.)?sslshopper\.com/" to="https://www.sslshopper.com/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/SSRN.com.xml b/src/chrome/content/rules/SSRN.com.xml
new file mode 100644
index 000000000000..a964098cbbff
--- /dev/null
+++ b/src/chrome/content/rules/SSRN.com.xml
@@ -0,0 +1,46 @@
+<!--
+	Related ruleset:
+		- SSRNblog.com.xml
+
+	Time out:
+		chicago.ssrn.com
+
+	Invalid certificate:
+		issuetracker.ssrn.com
+		support.ssrn.com
+
+	Different content http/https:
+		wiki.ssrn.com
+
+-->
+<ruleset name="SSRN.com">
+
+	<target host="ssrn.com"/>
+	<target host="www.ssrn.com"/>
+	<target host="a1papers.ssrn.com" />
+	<target host="a1static.ssrn.com" />
+	<target host="a3papers.ssrn.com" />
+	<target host="arn.ssrn.com" />
+	<target host="ern.ssrn.com" />
+	<target host="fen.ssrn.com" />
+	<target host="hq.ssrn.com" />
+	<target host="lan.ssrn.com" />
+	<target host="lsn.ssrn.com" />
+	<target host="maint.ssrn.com" />
+	<target host="mrn.ssrn.com" />
+	<target host="outathq.ssrn.com" />
+	<target host="outatpapers.ssrn.com" />
+	<target host="outatstatic.ssrn.com" />
+	<target host="outatwww.ssrn.com" />
+	<target host="papers.ssrn.com" />
+	<target host="piwik.ssrn.com" />
+	<target host="search.ssrn.com" />
+	<target host="secure.ssrn.com" />
+	<target host="static.ssrn.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SSRN.xml b/src/chrome/content/rules/SSRN.xml
deleted file mode 100644
index aa0f5203d8ff..000000000000
--- a/src/chrome/content/rules/SSRN.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<!--	!functional:
-		- (www.)ssrnblog.com	(cert: *.myhostcenter.com; presents default cPanel page)
--->
-<ruleset name="SSRN (partial)" platform="mixedcontent">
-
-	<target host="ssrn.com"/>
-	<target host="*.ssrn.com"/>
-
-  <exclusion pattern="http://poseidon[0-9]*\.ssrn\.com/" />
-
-	<securecookie host="^(.*\.)?ssrn\.com$" name=".*"/>
-
-	<!--	cert !valid for !www, "Bad Request"	-->
-	<rule from="^http://ssrn\.com/"
-		to="https://www.ssrn.com/"/>
-
-	<!--	encountered:
-			- hq
-			- papers
-			- static	-->
-	<rule from="^http://(\w+)\.ssrn\.com/"
-		to="https://$1.ssrn.com/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/SSRNblog.com.xml b/src/chrome/content/rules/SSRNblog.com.xml
new file mode 100644
index 000000000000..437d8106a450
--- /dev/null
+++ b/src/chrome/content/rules/SSRNblog.com.xml
@@ -0,0 +1,13 @@
+<!--
+	Related ruleset:
+		- SSRN.com.xml
+
+-->
+<ruleset name="SSRN blog" platform="mixedcontent">
+
+	<target host="ssrnblog.com" />
+	<target host="www.ssrnblog.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SSSup.it.xml b/src/chrome/content/rules/SSSup.it.xml
new file mode 100644
index 000000000000..8c26ece9aafd
--- /dev/null
+++ b/src/chrome/content/rules/SSSup.it.xml
@@ -0,0 +1,77 @@
+<!--
+	Nonfunctional subdomains:
+
+		- international *
+
+	* Redirects to http, tls unsupported by redirect destination
+
+
+	Partially covered subdomains:
+
+		- allievi ¹
+		- forms ²
+		- www ³
+
+	¹ Avoiding mixed css on techblog/
+	² Accounting for possible excluded paths wrt redirect
+	³ Some pages redirect to http
+
+
+	Fully covered subdomains:
+
+		- didactive
+		- pay
+
+
+	Observed cookie domains:
+
+		- allievi ¹
+		- didactive ²
+		- forms ¹
+		- pay ²
+		- www ³
+
+	¹ Not secured by us <= accounting for possible use on excluded paths
+	² Secured by us <= not secured by server & coverage complete
+	³ Not secured by us <= incomplete tls support
+
+
+	Mixed content:
+
+		- css on allievi from $self *
+
+		- Images on allievi from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="SSSup.it (partial)" default_off="needs ruleset tests">
+	<target host="www.sssup.it" />
+	<target host="didactive.sssup.it" />
+	<target host="allievi.sssup.it" />
+	<target host="forms.sssup.it" />
+	<target host="pay.sssup.it" />
+		<!--
+			Avoid false/broken MCB:
+						-->
+		<exclusion pattern="^http://allievi\.sssup\.it/+techblog(?!/wp-content/|wp-includes/)" />
+		<!--
+			No known matches, just being cautious:
+								-->
+		<exclusion pattern="^http://forms\.sssup\.it/+(?!$|\?|didactive(?:$|[?/]))" />
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="^http://www\.sssup\.it/+($|\?|context\.jsp|context_elenco\.jsp|default\.jsp)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.sssup\.it/+(?!(?:ammissione|ammissione-dottorati-perfezionamento|ateneo|concorso-ammissione|master|orientamento|ufficiostampa)(?:$|[?/])|customcss/|favicon\.ico|images/|images_new/|intranet_logon\.jsp|isipcss/|mappa\.jsp|search\.jsp|UploadDocs/|UploadImgs/)" />
+
+
+	<!--	Not secured by server:
+					-->
+	<securecookie host="^(?:didactive|pay)\.sssup\.it$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SSTIC.org.xml b/src/chrome/content/rules/SSTIC.org.xml
new file mode 100644
index 000000000000..1878d95c656b
--- /dev/null
+++ b/src/chrome/content/rules/SSTIC.org.xml
@@ -0,0 +1,9 @@
+<ruleset name="SSTIC.org">
+
+	<target host="sstic.org" />
+	<target host="www.sstic.org" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ST.com.xml b/src/chrome/content/rules/ST.com.xml
index 41d634a8a185..07dbcbff6bb2 100644
--- a/src/chrome/content/rules/ST.com.xml
+++ b/src/chrome/content/rules/ST.com.xml
@@ -15,7 +15,6 @@
 	<securecookie host="^my\.st\.com$" name=".+" />
 
 
-	<rule from="^http://my\.st\.com/"
-		to="https://my.st.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/ST.org.xml b/src/chrome/content/rules/ST.org.xml
index ace1024ea017..99c92ad291a5 100644
--- a/src/chrome/content/rules/ST.org.xml
+++ b/src/chrome/content/rules/ST.org.xml
@@ -1,8 +1,17 @@
-<!-- slf is a swedish labour union -->
+<!--
+	Invalid certificate:
+		blimedlem.st.org
+		eutbildning.st.org (broken chain)
+		wiki.st.org (broken chain)
+
+-->
 <ruleset name="ST.org">
+
 	<target host="st.org" />
 	<target host="www.st.org" />
-	<rule from="^http://st\.org/" to="https://www.st.org/"/>
-	<rule from="^http://www\.st\.org/" to="https://www.st.org/"/>
+	<target host="video.st.org" />
+
+	<rule from="^http:" to="https:" />
+
 </ruleset>
 
diff --git a/src/chrome/content/rules/STA-Travel.at.xml b/src/chrome/content/rules/STA-Travel.at.xml
new file mode 100644
index 000000000000..81e55ed017ac
--- /dev/null
+++ b/src/chrome/content/rules/STA-Travel.at.xml
@@ -0,0 +1,33 @@
+<!--
+	For other coverage, see STA-Travel.com.xml
+
+
+	Non-functional subdomains:
+		- forum		(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="STA Travel.at">
+
+	<target host="statravel.at" />
+	<target host="www.statravel.at" />
+	<target host="blog.statravel.at" />
+	<target host="book.statravel.at" />
+	<target host="forms.statravel.at" />
+	<target host="g.statravel.at" />
+	<target host="mietwagen.statravel.at" />
+	<target host="reise-buchen.statravel.at" />
+	<target host="versicherung.statravel.at" />
+	<target host="www3.statravel.at" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/STA-Travel.ch.xml b/src/chrome/content/rules/STA-Travel.ch.xml
new file mode 100644
index 000000000000..fc8611babd21
--- /dev/null
+++ b/src/chrome/content/rules/STA-Travel.ch.xml
@@ -0,0 +1,44 @@
+<!--
+	For other coverage, see STA-Travel.com.xml
+
+
+	Non-functional subdomains:
+		- $host	(t)
+		- bookfr	(i)
+		- forum	(t)
+		- reisen	(m)
+		- test	(ssl connection error)
+		- tours	(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="STA Travel.ch">
+
+	<target host="statravel.ch" />
+	<target host="www.statravel.ch" />
+	<target host="assurance.statravel.ch" />
+	<target host="blog.statravel.ch" />
+	<target host="book.statravel.ch" />
+	<target host="fluege.statravel.ch" />
+	<target host="forms.statravel.ch" />
+	<target host="fr.statravel.ch" />
+	<target host="g.statravel.ch" />
+	<target host="mietwagen.statravel.ch" />
+	<target host="reise-buchen.statravel.ch" />
+	<target host="versicherung.statravel.ch" />
+	<target host="www3.statravel.ch" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://statravel\.ch/"
+		to="https://www.statravel.ch/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/STA-Travel.co.jp.xml b/src/chrome/content/rules/STA-Travel.co.jp.xml
new file mode 100644
index 000000000000..2b46bd642bad
--- /dev/null
+++ b/src/chrome/content/rules/STA-Travel.co.jp.xml
@@ -0,0 +1,26 @@
+<!--
+	For other coverage, see STA-Travel.com.xml
+
+
+	Non-functional subdomains:
+		- $host	(t)
+		- www	(r)
+		- en	(r)
+		- pkg	(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="STA Travel.co.jp">
+
+	<target host="trip.statravel.co.jp" />
+	<target host="ww2.statravel.co.jp" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/STA-Travel.co.nz.xml b/src/chrome/content/rules/STA-Travel.co.nz.xml
new file mode 100644
index 000000000000..83ead9f632cb
--- /dev/null
+++ b/src/chrome/content/rules/STA-Travel.co.nz.xml
@@ -0,0 +1,48 @@
+<!--
+	For other coverage, see STA-Travel.com.xml
+
+
+	Non-functional subdomains:
+		- $host	(t)
+		- flight	(t)
+		- grouptravel	(m)
+		- insurance	(e)
+		- m	(m)
+		- vpn	(i)
+		- ww3	(ssl connection error)
+		- ww4	(e)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="STA Travel.co.nz">
+
+	<target host="statravel.co.nz" />
+	<target host="www.statravel.co.nz" />
+	<target host="book.statravel.co.nz" />
+	<target host="cheap-car-rental.statravel.co.nz" />
+	<target host="g.statravel.co.nz" />
+	<target host="locations.statravel.co.nz" />
+	<target host="rail.statravel.co.nz" />
+	<target host="tours.statravel.co.nz" />
+		<test url="http://tours.statravel.co.nz/content/images/icon-cal-small.png" />
+	<target host="win.statravel.co.nz" />
+	<target host="www.win.statravel.co.nz" />
+
+	<securecookie host=".+" name=".+" />
+
+	<!-- http redirect -->
+	<exclusion pattern="^http://www\.statravel\.co\.nz/tours" />
+		<test url="http://www.statravel.co.nz/tours.htm" />
+
+	<rule from="^http://statravel\.co\.nz/"
+		to="https://www.statravel.co.nz/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/STA-Travel.co.th.xml b/src/chrome/content/rules/STA-Travel.co.th.xml
new file mode 100644
index 000000000000..9094db564b32
--- /dev/null
+++ b/src/chrome/content/rules/STA-Travel.co.th.xml
@@ -0,0 +1,30 @@
+<!--
+	For other coverage, see STA-Travel.com.xml
+
+
+	Non-functional subdomains:
+		- $host	(t)
+		- tours	(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="STA Travel.co.th">
+
+	<target host="statravel.co.th" />
+	<target host="www.statravel.co.th" />
+	<target host="book.statravel.co.th" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://statravel\.co\.th/"
+		to="https://www.statravel.co.th/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/STA-Travel.co.za.xml b/src/chrome/content/rules/STA-Travel.co.za.xml
new file mode 100644
index 000000000000..fc63a93e6cf2
--- /dev/null
+++ b/src/chrome/content/rules/STA-Travel.co.za.xml
@@ -0,0 +1,30 @@
+<!--
+	For other coverage, see STA-Travel.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(t)
+		- grouptravel	(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="STA Travel.co.za">
+
+	<target host="statravel.co.za" />
+	<target host="www.statravel.co.za" />
+	<target host="book.statravel.co.za" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://statravel\.co\.za/"
+		to="https://www.statravel.co.za/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/STA-Travel.com.au.xml b/src/chrome/content/rules/STA-Travel.com.au.xml
new file mode 100644
index 000000000000..0b0a3803c626
--- /dev/null
+++ b/src/chrome/content/rules/STA-Travel.com.au.xml
@@ -0,0 +1,48 @@
+<!--
+	For other coverage, see STA-Travel.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(t)
+		- cache-rg	(m)
+		- flights	(m)
+		- g	(m)
+		- ibe	(no route to host)
+		- insurance	(e)
+		- m	(m)
+		- mail	(t)
+		- ww2	(ssl connection error)
+		- ww3	(ssl connection error)
+		- ww4	(e)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="STA Travel.com.au">
+
+	<target host="statravel.com.au" />
+	<target host="www.statravel.com.au" />
+	<target host="book.statravel.com.au" />
+	<target host="cheap-car-rental.statravel.com.au" />
+	<target host="locations.statravel.com.au" />
+	<target host="rail.statravel.com.au" />
+	<target host="tours.statravel.com.au" />
+		<test url="http://tours.statravel.com.au/content/images/icon-cal-small.png" />
+
+	<securecookie host=".+" name=".+" />
+
+	<!-- http redirect -->
+	<exclusion pattern="^http://www\.statravel\.com\.au/tours" />
+		<test url="http://www.statravel.com.au/tours.htm" />
+
+	<rule from="^http://statravel\.com\.au/"
+		to="https://www.statravel.com.au/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/STA-Travel.com.sg.xml b/src/chrome/content/rules/STA-Travel.com.sg.xml
new file mode 100644
index 000000000000..9fdc7d485666
--- /dev/null
+++ b/src/chrome/content/rules/STA-Travel.com.sg.xml
@@ -0,0 +1,25 @@
+<!--
+	For other coverage, see STA-Travel.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(t)
+		- www		(h)
+		- tours		(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="STA Travel.com.sg">
+
+	<target host="book.statravel.com.sg" />
+	<target host="rail.statravel.com.sg" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/STA-Travel.com.xml b/src/chrome/content/rules/STA-Travel.com.xml
new file mode 100644
index 000000000000..fcd0243cc351
--- /dev/null
+++ b/src/chrome/content/rules/STA-Travel.com.xml
@@ -0,0 +1,75 @@
+<!--
+	Other related rulesets:
+		- STA-Travel.at.xml
+		- STA-Travel.ch.xml
+		- STA-Travel.de.xml
+		- STA-Travel.co.jp.xml
+		- STA-Travel.co.nz.xml
+		- STA-Travel.co.th.xml
+		- STA-Travel.co.za.xml
+		- STA-Travel.com.au.xml
+		- STA-Travel.com.sg.xml
+
+
+	Non-functional subdomains:
+		- statravel.com		(t)
+			- articles	(t)
+			- links.edeals	(m)
+			- ibe	(t)
+			- owa	(no route to host)
+			- stacreativekit	(m)
+			- webchat	(t)
+			- webforms	(r)
+			- ww2	(no route to host)
+
+		- (www.)statravel.com.cn	(ssl connection error)
+			- en	(i)
+
+		- statravel.se		(t)
+			- www		(m)
+
+		- (www.)statravel.dk		(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="STA Travel.com">
+
+	<target host="statravel.com" />
+	<target host="www.statravel.com" />
+	<target host="blog.statravel.com" />
+	<target host="book.statravel.com" />
+	<target host="car-rental.statravel.com" />
+	<target host="customercare.statravel.com" />
+	<target host="g.statravel.com" />
+	<target host="helios.statravel.com" />
+	<target host="hotels.statravel.com" />
+	<target host="login.statravel.com" />
+	<target host="m.statravel.com" />
+	<target host="marketing.statravel.com" />
+	<target host="my.statravel.com" />
+	<target host="api.my.statravel.com" />
+	<target host="api.partners.my.statravel.com" />
+	<target host="rail.statravel.com" />
+	<target host="tours.statravel.com" />
+		<test url="http://tours.statravel.com/content/images/icon-cal-small.png" />
+	<target host="usvpn.statravel.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<!-- http redirect -->
+	<exclusion pattern="^http://www\.statravel\.com/(blog/|tours)" />
+		<test url="http://www.statravel.com/blog/" />
+		<test url="http://www.statravel.com/tours-worldwide.htm" />
+
+	<rule from="^http://statravel\.com/"
+		to="https://www.statravel.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/STA-Travel.de.xml b/src/chrome/content/rules/STA-Travel.de.xml
new file mode 100644
index 000000000000..0756444bf02c
--- /dev/null
+++ b/src/chrome/content/rules/STA-Travel.de.xml
@@ -0,0 +1,44 @@
+<!--
+	For other coverage, see STA-Travel.com.xml
+
+
+	Non-functional subdomains:
+		- $host	(t)
+		- www.bildungsreisen	(m)
+		- forum	(t)
+		- lastminute	(t)
+		- tracking	(t)
+		- www4	(r)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="STA Travel.de">
+
+	<target host="statravel.de" />
+	<target host="www.statravel.de" />
+	<target host="bildungsreisen.statravel.de" />
+	<target host="blog.statravel.de" />
+	<target host="book.statravel.de" />
+	<target host="forms.statravel.de" />
+	<target host="g.statravel.de" />
+	<target host="mietwagen.statravel.de" />
+	<target host="reise-buchen.statravel.de" />
+	<target host="reisen.statravel.de" />
+	<target host="tours.statravel.de" />
+	<target host="versicherung.statravel.de" />
+	<target host="www3.statravel.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://statravel\.de/"
+		to="https://www.statravel.de/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/STARTTLS.info.xml b/src/chrome/content/rules/STARTTLS.info.xml
new file mode 100644
index 000000000000..b6d8acbd319b
--- /dev/null
+++ b/src/chrome/content/rules/STARTTLS.info.xml
@@ -0,0 +1,17 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://starttls.info/ => https://starttls.info/: (51, "SSL: no alternative certificate subject name matches target host name 'starttls.info'")
+Fetch error: http://www.starttls.info/ => https://www.starttls.info/: (51, "SSL: no alternative certificate subject name matches target host name 'www.starttls.info'")
+
+-->
+<ruleset name="STARTTLS.info" default_off="failed ruleset test">
+
+	<target host="starttls.info" />
+	<target host="www.starttls.info" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/STEG.xml b/src/chrome/content/rules/STEG.xml
new file mode 100644
index 000000000000..2e391b690abe
--- /dev/null
+++ b/src/chrome/content/rules/STEG.xml
@@ -0,0 +1,6 @@
+<ruleset name="STEG">
+	<target host="steg-electronics.ch"/>
+	<target host="www.steg-electronics.ch"/>
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/STELLAService.xml b/src/chrome/content/rules/STELLAService.xml
index cd0588faaa8a..43d25e88ea19 100644
--- a/src/chrome/content/rules/STELLAService.xml
+++ b/src/chrome/content/rules/STELLAService.xml
@@ -1,18 +1,56 @@
 <!--
-	Nonfunctional subdomains:
+	Nonfunctional hosts in *stellaservice.com:
 
-		- (www.)
+		- bright ᵗ
 		- business
 		- happycustomer		(rx_record_too_long)
-		- media
+
+	ᵗ Redirects to ^stellaservice.com
+
+
+	Problematic hosts in *stellaservice.com:
+
+		- profile ᵐ
+
+	ᵐ Cloudfront/mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- stellaservice.com
+		- metrics.stellaservice.com
+
+
+	Mixed content:
+
+		- css on profile from fonts.googleapis.com ˢ
+
+		- Images, on:
+
+			- profile from media.stellaservice.com ᵗ
+			- www from bright.stellaservice.com ˢ
+
+	ᵗ Unsecurable <= redirects to ^stellaservice.com
 
 -->
-<ruleset name="STELLAService (partial)">
+<ruleset name="STELLAService.com (partial)">
 
+	<target host="stellaservice.com" />
+	<target host="media.stellaservice.com" />
+	<target host="metrics.stellaservice.com" />
 	<target host="seal.stellaservice.com" />
+	<target host="www.stellaservice.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^stellaservice\.com$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^metrics\.stellaservice\.com$" name="^csrftoken$" /-->
+
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^http://seal\.stellaservice\.com/"
-		to="https://seal.stellaservice.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/STM-assoc.org.xml b/src/chrome/content/rules/STM-assoc.org.xml
new file mode 100644
index 000000000000..8f553390f810
--- /dev/null
+++ b/src/chrome/content/rules/STM-assoc.org.xml
@@ -0,0 +1,9 @@
+<ruleset name="STM assoc">
+
+	<target host="stm-assoc.org" />
+	<target host="www.stm-assoc.org" />
+	<target host="connect.stm-assoc.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/STRATO.xml b/src/chrome/content/rules/STRATO.xml
index 4458904ec7fa..8cd922e895fd 100644
--- a/src/chrome/content/rules/STRATO.xml
+++ b/src/chrome/content/rules/STRATO.xml
@@ -1,48 +1,60 @@
 <!--
-	Other STRATO rulesets:
-
-		- STRATO_MailCenter.xml
-		- STRATO_Pro.xml
-
-
-	Nonfunctional domains:
-
-		- blog.strato.de	(no https)
-		- (www.)strato-ayuda.es *
-		- (www.)strato-faq.co.uk *
-		- (www.)strato-faq.de *
-		- (www.)strato-faq.fr *
-		- (www.)strato-faq.nl *
-
-	* Times out
-
-
-	Problematic domains:
-
-		- strato.com		(cert only matches *.strato.com)
-		- strato.de		(cert only matches *.strato.de)
-		- strato.es *
-		- strato.nl *
-		- strato-hebergement.fr *
-		- strato-hosting.co.uk *
-
-	* Cert only matches www
-
+	Other STRATO rulesets
+		+ STRATO_MailCenter.xml
+		+ STRATO_Pro.xml
+
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- strato-faq.de
+		- www.strato-faq.de
+		- strato-ayuda.es
+		- www.strato-ayuda.es
+		- strato-faq.fr
+		- www.strato-faq.fr
+		- strato-hebergement.fr
+		- www.strato-hebergement.fr
+		- strato-faq.nl
+		- www.strato-faq.nl
+		- strato-faq.co.uk
+		- www.strato-faq.co.uk
 -->
 <ruleset name="STRATO (partial)">
-
-	<target host="strato.*" />
-	<target host="www.strato.*" />
-	<target host="strato-hebergement.fr" />
-	<target host="www.strato-hebergement.fr" />
+	<!-- *strato.com -->
+	<target host="strato.com" />
+	<target host="www.strato.com" />
+	<target host="com4.strato.com" />
+	<target host="communicator.strato.com" />
+	<target host="dev.strato.com" />
+	<target host="dyndns.strato.com" />
+	<target host="hidrive.strato.com" />
+	<target host="www.hidrive.strato.com" />
+	<target host="sharegallery.strato.com" />
+	<target host="shop.strato.com" />
+	<target host="webmail.strato.com" />
+
+	<!-- *strato.de -->
+	<target host="strato.de" />
+	<target host="www.strato.de" />
+	<target host="blog.strato.de" />
+	<target host="com4.strato.de" />
+	<target host="communicator.strato.de" />
+	<target host="hidrive.strato.de" />
+	<target host="shop.strato.de" />
+
+	<!-- *strato.es -->
+	<target host="strato.es" />
+	<target host="www.strato.es" />
+	<target host="affiliate.strato.es" />
+
+	<!-- *strato.nl -->
+	<target host="strato.nl" />
+	<target host="www.strato.nl" />
+
+	<!-- *strato-hosting.co.uk -->
 	<target host="strato-hosting.co.uk" />
 	<target host="www.strato-hosting.co.uk" />
 
+	<securecookie host=".+" name=".+" />
 
-	<securecookie host="^www\.strato(?:\.de|\.es|\.nl|-hebergement\.fr|-hosting\.co\.uk)$" name=".+" />
-
-
-	<rule from="^https?://(?:www\.)?strato(\.com|\.de|\.es|\.nl|-hebergement\.fr|-hosting\.co\.uk)/"
-		to="https://www.strato$1/" />
-
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/STRATO_MailCenter.xml b/src/chrome/content/rules/STRATO_MailCenter.xml
index 8e94561aa5ea..4ff0ae05a608 100644
--- a/src/chrome/content/rules/STRATO_MailCenter.xml
+++ b/src/chrome/content/rules/STRATO_MailCenter.xml
@@ -1,11 +1,16 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://strato-mailcenter.com/ => https://www.strato-mailcenter.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.strato-mailcenter.com'")
+Fetch error: http://www.strato-mailcenter.com/ => https://www.strato-mailcenter.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.strato-mailcenter.com'")
+
 	For other STRATO coverage, see STRATO.xml.
 
 
 	Cert only matches www.
 
 -->
-<ruleset name="STRATO MailCenter">
+<ruleset name="STRATO MailCenter" default_off="failed ruleset test">
 
 	<target host="strato-mailcenter.com" />
 	<target host="www.strato-mailcenter.com" />
@@ -14,7 +19,7 @@
 	<securecookie host="^www\.strato-mailcenter\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?strato-mailcenter\.com/"
+	<rule from="^http://(?:www\.)?strato-mailcenter\.com/"
 		to="https://www.strato-mailcenter.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/STRATO_Pro.xml b/src/chrome/content/rules/STRATO_Pro.xml
index 1f2b834c643f..9ceb7e865483 100644
--- a/src/chrome/content/rules/STRATO_Pro.xml
+++ b/src/chrome/content/rules/STRATO_Pro.xml
@@ -1,11 +1,19 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://strato-pro.com/ => https://www.strato-pro.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.strato-pro.com/ => https://www.strato-pro.com/: (60, 'SSL certificate problem: certificate has expired')
+
+Automatically by https-everywhere-checker because:
+Fetch error: http://strato-pro.com/ => https://www.strato-pro.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.strato-pro.com/ => https://www.strato-pro.com/: (60, 'SSL certificate problem: certificate has expired')
 	For other STRATO coverage, see STRATO.xml.
 
 
 	Cert only matches www.
 
 -->
-<ruleset name="STRATO Pro">
+<ruleset name="STRATO Pro" default_off="failed ruleset test">
 
 	<target host="strato-pro.com" />
 	<target host="www.strato-pro.com" />
@@ -14,7 +22,7 @@
 	<securecookie host="^www\.strato-pro\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?strato-pro\.com/"
+	<rule from="^http://(?:www\.)?strato-pro\.com/"
 		to="https://www.strato-pro.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/STUBA.sk.xml b/src/chrome/content/rules/STUBA.sk.xml
new file mode 100644
index 000000000000..7917df9eedb5
--- /dev/null
+++ b/src/chrome/content/rules/STUBA.sk.xml
@@ -0,0 +1,38 @@
+<!--
+    Slovak University of Technology in Bratislava (STU)
+
+    certificate chain issues:
+	- icv.stuba.sk
+	- nadacia.stuba.sk
+	- sport.stuba.sk
+	- univerziada.stuba.sk
+	- www.ds.stuba.sk
+	- www.ects.stuba.sk
+	- www.fa.stuba.sk
+	- www.granty.stuba.sk
+	- www.ksp.stuba.sk
+	- www.nadacia.stuba.sk
+	- www.sport.stuba.sk
+	- www.stuscientific.sk
+
+-->
+
+<ruleset name="STUBA.sk">
+
+	<target host="is.stuba.sk" />
+	<target host="stuba.sk" />
+	<target host="www.stuba.sk" />
+	<target host="webmail.stuba.sk" />
+	<target host="www.absolventi.stuba.sk" />
+	<target host="www.fchpt.stuba.sk" />
+	<target host="www.fei.stuba.sk" />
+	<target host="www.fiit.stuba.sk" />
+	<target host="www.inqb.sk" />
+	<target host="www.mtf.stuba.sk" />
+	<target host="www.sjf.stuba.sk" />
+	<target host="www.svf.stuba.sk" />
+
+	<rule from="^http://stuba\.sk/" to="https://www.stuba.sk/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SUEDKURIER.de.xml b/src/chrome/content/rules/SUEDKURIER.de.xml
new file mode 100644
index 000000000000..3cd0511b42f9
--- /dev/null
+++ b/src/chrome/content/rules/SUEDKURIER.de.xml
@@ -0,0 +1,119 @@
+<!--
+	Connection closed:
+		sso-dev.suedkurier.de
+		static1.suedkurier.de
+		static3.suedkurier.de
+		vpc.suedkurier.de
+
+	Invalid certificate:
+		apps.suedkurier.de
+
+	SSL: no alternative certificate subject name matches target host name:
+		www.glueckslos.suedkurier.de
+		konstanz.suedkurier.de
+		letter.suedkurier.de
+		sbb.suedkurier.de
+
+	Timeout:
+		abo.suedkurier.de
+		abonnieren.suedkurier.de
+		aboshop.suedkurier.de
+		adventskalender.suedkurier.de
+		angebote.suedkurier.de
+		bestellen.suedkurier.de
+		blockchain.suedkurier.de
+		bofe-tool.suedkurier.de
+		branchenbuch-wiki.suedkurier.de
+		brbuch1.suedkurier.de
+		brbuch5.suedkurier.de
+		crm-rss.suedkurier.de
+		dcx-extern.suedkurier.de
+		digital.suedkurier.de
+		dkz-zustellerportal.suedkurier.de
+		epaper.suedkurier.de
+		erlebnisse.suedkurier.de
+		fcms.suedkurier.de
+		forum.suedkurier.de
+		glueckslos.suedkurier.de
+		gpg.suedkurier.de
+		gpt.suedkurier.de
+		himate1.suedkurier.de
+		kollektive.suedkurier.de
+		leo-sport.suedkurier.de
+		mail-a.suedkurier.de
+		mail11.suedkurier.de
+		mdmap.suedkurier.de
+		mdmgw.suedkurier.de
+		mobil.suedkurier.de
+		msk.suedkurier.de
+		newsletter.suedkurier.de
+		ns1.suedkurier.de
+		ns3.suedkurier.de
+		ns6.suedkurier.de
+		owa.suedkurier.de
+		ppiweb.suedkurier.de
+		ppiweb1.suedkurier.de
+		projekte.suedkurier.de
+		psg-zustellerportal.suedkurier.de
+		regiostars.suedkurier.de
+		admin.regiostars.suedkurier.de
+		xml.regiostars.suedkurier.de
+		regiostars-media.suedkurier.de
+		reisekataloge.suedkurier.de
+		reisen.suedkurier.de
+		report.suedkurier.de
+		rubbellos.suedkurier.de
+		www.schlaraffenland.suedkurier.de
+		service.suedkurier.de
+		shop.suedkurier.de
+		shop-test.suedkurier.de
+		www.shop-test.suedkurier.de
+		skshop2test.suedkurier.de
+		ssltest.suedkurier.de
+		sslweb.suedkurier.de
+		superreisen.suedkurier.de
+		termine.suedkurier.de
+		ticket.suedkurier.de
+		tk-expe1.suedkurier.de
+		tk-expe2.suedkurier.de
+		touren.suedkurier.de
+		umfragen.suedkurier.de
+		verteilgebietsplanung-dkz.suedkurier.de
+		verteilgebietsplanung-psg.suedkurier.de
+		vorfreude.suedkurier.de
+		wahl.suedkurier.de
+		www.wahl.suedkurier.de
+		m.wahl.suedkurier.de
+		webanzeigen.suedkurier.de
+		webdesk.suedkurier.de
+		www15.suedkurier.de
+		zeltfestival-vip.suedkurier.de
+		zustellerportal.suedkurier.de
+		zustellersms.suedkurier.de
+-->
+<ruleset name="SUEDKURIER.de">
+
+	<target host="suedkurier.de" />
+	<target host="www.suedkurier.de" />
+	<target host="admin.suedkurier.de" />
+	<target host="alpha.suedkurier.de" />
+	<target host="auktion.suedkurier.de" />
+	<target host="beta.suedkurier.de" />
+	<target host="cdn.suedkurier.de" />
+	<target host="einkaufsnetz.suedkurier.de" />
+	<target host="jdgtgb.suedkurier.de" />
+	<target host="json.suedkurier.de" />
+	<target host="m.suedkurier.de" />
+	<target host="magazin.suedkurier.de" />
+	<target host="mein.suedkurier.de" />
+	<target host="static4.suedkurier.de" />
+	<target host="static5.suedkurier.de" />
+	<target host="static6.suedkurier.de" />
+	<target host="tr.suedkurier.de" />
+	<target host="traueranzeigen.suedkurier.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SUPERVALU.xml b/src/chrome/content/rules/SUPERVALU.xml
index e752ec5685c4..7f95b821fb00 100644
--- a/src/chrome/content/rules/SUPERVALU.xml
+++ b/src/chrome/content/rules/SUPERVALU.xml
@@ -1,8 +1,16 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://supervalu.com/ => https://www.supervalu.com/: (35, 'Unknown SSL protocol error in connection to www.supervalu.com:443 ')
+Fetch error: http://www.supervalu.com/ => https://www.supervalu.com/: (35, 'Unknown SSL protocol error in connection to www.supervalu.com:443 ')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://supervalu.com/ => https://www.supervalu.com/: (28, 'Connection timed out after 10000 milliseconds')
+Fetch error: http://www.supervalu.com/ => https://www.supervalu.com/: (28, 'Connection timed out after 10000 milliseconds')
 	Cert only matches www.
 
 -->
-<ruleset name="SUPERVALU">
+<ruleset name="SUPERVALU" default_off="failed ruleset test">
 
 	<target host="supervalu.com" />
 	<target host="www.supervalu.com" />
@@ -14,4 +22,4 @@
 	<rule from="^http://(?:www\.)?supervalu\.com/"
 		to="https://www.supervalu.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SURF.nl.xml b/src/chrome/content/rules/SURF.nl.xml
new file mode 100644
index 000000000000..b19a844aa931
--- /dev/null
+++ b/src/chrome/content/rules/SURF.nl.xml
@@ -0,0 +1,19 @@
+<!--
+	Other SURF rulesets:
+
+		- SURFconext.nl.xml
+
+-->
+<ruleset name="SURF.nl">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="surf.nl" />
+	<target host="cms.surf.nl" />
+	<target host="www.surf.nl" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SURFconext.nl.xml b/src/chrome/content/rules/SURFconext.nl.xml
new file mode 100644
index 000000000000..70535ab5ad18
--- /dev/null
+++ b/src/chrome/content/rules/SURFconext.nl.xml
@@ -0,0 +1,37 @@
+<!--
+	For other SURF coverage, see SURF.nl.xml.
+
+
+	^surfconext.nl doesn't exist
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .surfconext.nl
+		- engine.surfconext.nl
+		- profile.surfconext.nl
+		- teams.surfconext.nl
+
+-->
+<ruleset name="SURFconext.nl">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="engine.surfconext.nl" />
+	<target host="profile.surfconext.nl" />
+	<target host="teams.surfconext.nl" />
+	<target host="www.surfconext.nl" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.surfconext\.nl$" name="^lang$" /-->
+	<!--securecookie host="^(?:engine|profile|teams)\.surfconext\.nl$" name="^HTTPSERVERID$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SUSE.xml b/src/chrome/content/rules/SUSE.xml
index 3942a277120b..8b94110ddd2f 100644
--- a/src/chrome/content/rules/SUSE.xml
+++ b/src/chrome/content/rules/SUSE.xml
@@ -1,5 +1,5 @@
 <!--
-	For other Attachmate Group coverage, see Attachmate-Group.xml.
+	For other Micro Focus coverage, see Micro_Focus.com.xml.
 
 
 	CDN buckets:
@@ -8,39 +8,46 @@
 		- suse-studio-users.1598176.n2.nabble.com
 
 
-	Nonfunctional domains:
+	Nonfunctional hosts in *suse.com:
 
-		- users.suse.com	(refused)
-		- blog.susestudio.com	(interrupted; hosted on google)
+		- users ʳ
 
+	ʳ Refused
 
-	Problematic domains:
 
-		- www.expandedsupport.com	(cert only matches ^expandedsupport.com)
-		^	(times out)
+	^suse.com: Refused
+
+
+	Insecure cookies are set for these domains:
+
+		- .suse.com
 
 -->
-<ruleset name="SUSE (partial)">
+<ruleset name="SUSE.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="bugzilla.suse.com" />
+	<target host="forums.suse.com" />
+	<target host="hackweek.suse.com" />
+	<target host="www.suse.com" />
 
-	<target host="expandedsupport.com" />
-	<target host="www.expandedsupport.com" />
+	<!--	Complications:
+				-->
 	<target host="suse.com" />
-	<target host="*.suse.com" />
-	<target host="susestudio.com" />
-	<target host="*.susestudio.com" />
 
 
-	<securecookie host="^expandedsupport\.com$" name=".+" />
-	<securecookie host="^\.?suse(?:studio)?\.com$" name=".+" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.suse\.com$" name="^(?:ZNPCQ003-\d+|bb_(?:lastactivity|lastvisit|session_hash)|lb_suse)$" /-->
 
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(?:www\.)?expandedsupport\.com/"
-		to="https://expandedsupport.com/" />
 
-	<rule from="^https?://(?:www\.)?suse\.com/"
+	<rule from="^http://suse\.com/"
 		to="https://www.suse.com/" />
 
-	<rule from="^http://(www\.)?susestudio\.com/"
-		to="https://$1susestudio.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/SUSE_Studio.com.xml b/src/chrome/content/rules/SUSE_Studio.com.xml
new file mode 100644
index 000000000000..71cd771a9887
--- /dev/null
+++ b/src/chrome/content/rules/SUSE_Studio.com.xml
@@ -0,0 +1,48 @@
+<!--
+	For other Micro Focus coverage, see Micro_Focus.com.xml.
+
+
+	Nonfunctional domains:
+
+		- blog.susestudio.com ²
+
+	² Google
+
+
+	Insecure cookies are set for these domains:
+
+		- .susestudio.com
+
+-->
+<ruleset name="SUSE Studio.com (partial)">
+
+	<target host="susestudio.com" />
+	<target host="www.susestudio.com" />
+
+		<!--	Redirects to http:
+						-->
+		<exclusion pattern="^http://susestudio\.com/forum" />
+
+			<!--	+ve:
+					-->
+			<test url="http://susestudio.com/forum" />
+
+			<!--	-ve:
+					-->
+			<test url="http://susestudio.com/artwork/" />
+			<test url="http://susestudio.com/assets/font-awesome-social.css" />
+			<test url="http://susestudio.com/browse/" />
+			<test url="http://susestudio.com/help" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.susestudio\.com$" name="^_frontend_session$" /-->
+
+	<securecookie host="^\.susestudio\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SV.no.xml b/src/chrome/content/rules/SV.no.xml
index b30f53912719..eb2b08733007 100644
--- a/src/chrome/content/rules/SV.no.xml
+++ b/src/chrome/content/rules/SV.no.xml
@@ -1,14 +1,27 @@
 <!--
-	Some pages redirect to http.
+	Sosialistisk Venstreparti
+
+
+	Insecure cookies are set for these hosts:
+
+		- forum.sv.no
 
 -->
-<ruleset name="SV.no (partial)">
+<ruleset name="SV.no">
 
 	<target host="sv.no" />
+	<target host="forum.sv.no" />
 	<target host="www.sv.no" />
 
 
-	<rule from="^http://(www\.)?sv\.no/(extension|var)/"
-		to="https://$1sv.no/$2/" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^forum\.sv\.no$" name="^ips4_IPSSessionFront$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SVGOpen.xml b/src/chrome/content/rules/SVGOpen.xml
index cb35d40f6b43..b2dd84dab757 100644
--- a/src/chrome/content/rules/SVGOpen.xml
+++ b/src/chrome/content/rules/SVGOpen.xml
@@ -1,4 +1,14 @@
-<ruleset name="SVGOpen" platform="mixedcontent">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://svgopen.org/ => https://www.svgopen.org/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.svgopen.org/ => https://www.svgopen.org/: (60, 'SSL certificate problem: certificate has expired')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://svgopen.org/ => https://www.svgopen.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.svgopen.org'")
+Fetch error: http://www.svgopen.org/ => https://www.svgopen.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.svgopen.org'")
+-->
+<ruleset name="SVGOpen" platform="mixedcontent" default_off="failed ruleset test">
   <target host="svgopen.org" />
   <target host="www.svgopen.org" />
 
diff --git a/src/chrome/content/rules/SVN.Python.org.xml b/src/chrome/content/rules/SVN.Python.org.xml
deleted file mode 100644
index cbe7f8a5e094..000000000000
--- a/src/chrome/content/rules/SVN.Python.org.xml
+++ /dev/null
@@ -1,4 +0,0 @@
-<ruleset name="Python.org SVN" platform="cacert">
-  <target host="svn.python.org"/>
-  <rule from="^http://svn\.python\.org/" to="https://svn.python.org/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/SVT.se.xml b/src/chrome/content/rules/SVT.se.xml
index 842e38630893..4182ad71078f 100644
--- a/src/chrome/content/rules/SVT.se.xml
+++ b/src/chrome/content/rules/SVT.se.xml
@@ -1,28 +1,19 @@
 <!--
 	CDN buckets:
-
 		- svtklipp-f.akamaihd.net
 		- www.svt.se.edgesuite.net
 		- www.svtplay.se.edgesuite.net
-
-
-	Nonfunctional domains:
-
-		- svt.se		(301s to www)
-		- www.svt.se		(Akamai; 301s to http)
-		- www.svtplay.se	(ditto)
-
 -->
-<ruleset name="SVT.se (partial)">
-
-	<target host="ld.svt.se" />
-
 
-	<securecookie host="^ld\.svt\.se$" name=".*" />
+<ruleset name="SVT.se (partial)">
+	<target host="svt.se" />
+	<target host="www.svt.se" />
+	<target host="api.svt.se" />
 
+	<target host="svtplay.se" />
+	<target host="www.svtplay.se" />
 
-	<rule from="^http://ld\.svt\.se/"
-		to="https://ld.svt.se/" />
+	<target host="www.svtstatic.se" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
-
diff --git a/src/chrome/content/rules/SWCA.org.xml b/src/chrome/content/rules/SWCA.org.xml
deleted file mode 100644
index f93619185d13..000000000000
--- a/src/chrome/content/rules/SWCA.org.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="SWCA.org">
-
-	<target host="swca.org" />
-	<target host="*.swca.org" />
-
-
-	<securecookie host="^\.swca\.org$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?swca\.org/"
-		to="https://www.swca.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/SWISS-Virtual.com.xml b/src/chrome/content/rules/SWISS-Virtual.com.xml
new file mode 100644
index 000000000000..259ee94a4ccd
--- /dev/null
+++ b/src/chrome/content/rules/SWISS-Virtual.com.xml
@@ -0,0 +1,14 @@
+<!--
+	Note: SWISS-Virtual.com is not affiliated to
+		Swiss International Air Lines Ltd.
+
+	Non-functional hosts
+		Couldn't connect to server:
+		- db1.swiss-virtual.com
+-->
+<ruleset name="SWISS-Virtual.com">
+	<target host="swiss-virtual.com" />
+	<target host="www.swiss-virtual.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SWM.de.xml b/src/chrome/content/rules/SWM.de.xml
new file mode 100644
index 000000000000..54a2cadfc59c
--- /dev/null
+++ b/src/chrome/content/rules/SWM.de.xml
@@ -0,0 +1,21 @@
+<ruleset name="Stadtwerke München">
+
+	<target host="www.swm.de"/>
+	<target host="planauskunft.swm.de"/>
+	<target host="issibn.swm.de"/>
+	<target host="www.swm-infrastruktur.de"/>
+	<target host="www.swm-infrastruktur-region.de"/>
+	<!--
+		Certificate mismatch:
+
+		portal.muenchen.swm.de
+		bg.muenchen.swm.de
+		lhm.muenchen.swm.de
+		branchenbuch.muenchen.swm.de
+		orte.muenchen.swm.de
+		s[0-4].muenchen.swm.de
+	-->
+
+	<rule from="^http:" to="https:"/>
+
+</ruleset>
diff --git a/src/chrome/content/rules/SWR.de.xml b/src/chrome/content/rules/SWR.de.xml
new file mode 100644
index 000000000000..e1bf5c0f1225
--- /dev/null
+++ b/src/chrome/content/rules/SWR.de.xml
@@ -0,0 +1,115 @@
+<!--
+	Connection closed:
+		bewerberportal.swr.de
+
+	Invalid certificate:
+		ard-buffet-app.swr.de
+		dataquery.swr.de
+		depot.swr.de
+		depot1.swr.de
+		enterpriseregistration.swr.de
+		geschichte-des-suedwestens.swr.de
+		hds-ondemand.swr.de
+		hls-ondemand.swr.de
+		ios-ondemand.swr.de
+		kaffee-oder-tee-app.swr.de
+		mp3-live.swr.de
+		newsletter.swr.de
+		www.presseportal.swr.de
+		regionale-genuesse.swr.de
+		s0003052.swr.de
+		wissen.swr.de
+		www.wissen.swr.de
+
+	Mismatch:
+		standby.swr.de
+
+	Refused:
+		onlinebot.swr.de
+
+	Timeout:
+		csg.swr.de
+		db.swr.de
+		fx.swr.de
+		gast.swr.de
+		itsp.swr.de
+		lists.swr.de
+		m.swr.de
+		mailin.swr.de
+		mdm.swr.de
+		migrationsblog.swr.de
+		mp3.swr.de
+		mp4.swr.de
+		mrx.swr.de
+		mrxcox.swr.de
+		mtzd-origin.swr.de
+		mx.swr.de
+		odpapp.swr.de
+		om.swr.de
+		otherweb.swr.de
+		radio.swr.de
+		regio.swr.de
+		sportclubcam1.swr.de
+		traveler1.swr.de
+-->
+<ruleset name="SWR.de">
+
+	<target host="swr.de" />
+	<target host="www.swr.de" />
+	<target host="adfs.swr.de" />
+	<target host="autodiscover.swr.de" />
+	<target host="besucherfuehrung.swr.de" />
+	<target host="citrix.swr.de" />
+	<target host="click.swr.de" />
+	<target host="cms-besucherfuehrung.swr.de" />
+	<target host="d.swr.de" />
+	<target host="data.swr.de" />
+	<target host="depot3.swr.de" />
+	<target host="digit.swr.de" />
+	<target host="docuware.swr.de" />
+	<target host="drittplattformen.swr.de" />
+	<target host="eva.swr.de" />
+	<target host="galerie.swr.de" />
+	<target host="hybrid.swr.de" />
+	<target host="kaffee-oder-tee.swr.de" />
+	<target host="lab.swr.de" />
+	<target host="live-origin.swr.de" />
+	<target host="mdms.swr.de" />
+	<target host="meeting.swr.de" />
+	<target host="mft.swr.de" />
+	<target host="mft-test.swr.de" />
+	<target host="mimo-extern.swr.de" />
+	<target host="multimedia.swr.de" />
+	<target host="multimedia-image.swr.de" />
+	<target host="multimedia-static.swr.de" />
+	<target host="multimedia-video.swr.de" />
+	<target host="onair.swr.de" />
+	<target host="onair-origin.swr.de" />
+	<target host="presseportal.swr.de" />
+	<target host="s0002983.swr.de" />
+	<target host="shiftjuggler.swr.de" />
+	<target host="sportergebnisse.swr.de" />
+	<target host="subtitles.swr.de" />
+	<target host="swr-aktuell-app.swr.de" />
+	<target host="swr-aktuell-appcms.swr.de" />
+	<target host="swr-jira.swr.de" />
+	<target host="vote.swr.de" />
+	<target host="wahl.swr.de" />
+	<target host="webcollaboration.swr.de" />
+	<target host="wraps.swr.de" />
+	<target host="wraps-origin.swr.de" />
+	<target host="wum.swr.de" />
+	<target host="www1.swr.de" />
+	<target host="www1-origin.swr.de" />
+	<target host="x.swr.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<!-- Timeout on https://swr.de/,
+	http://swr.de/ redirects to https://www.swr.de/.-->
+	<rule from="^http://swr\.de/"
+			to="https://www.swr.de/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SWREG.xml b/src/chrome/content/rules/SWREG.xml
deleted file mode 100644
index 18ca36d12c1e..000000000000
--- a/src/chrome/content/rules/SWREG.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	For other Digital River coverage, see Digital-River.xml.
-
--->
-<ruleset name="SWREG">
-
-	<target host="swreg.com" />
-	<target host="*.swreg.com" />
-
-
-	<securecookie host="^(?:.*\.)?swreg\.com$" name=".+" />
-
-
-	<rule from="^http://(\w+\.)?swreg\.com/"
-		to="https://$1swreg.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/SWT.com.xml b/src/chrome/content/rules/SWT.com.xml
new file mode 100644
index 000000000000..0b9ad8098f11
--- /dev/null
+++ b/src/chrome/content/rules/SWT.com.xml
@@ -0,0 +1,19 @@
+<!--
+	^: cert only matches www
+
+-->
+<ruleset name="SWT.com">
+
+	<target host="swt.com" />
+	<target host="www.swt.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.www\.swt\.com$" name="^zenid$" /-->
+
+
+	<rule from="^http://(?:www\.)?swt\.com/"
+		to="https://www.swt.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SYW_CDN.net.xml b/src/chrome/content/rules/SYW_CDN.net.xml
new file mode 100644
index 000000000000..5fefec910fec
--- /dev/null
+++ b/src/chrome/content/rules/SYW_CDN.net.xml
@@ -0,0 +1,23 @@
+<!--
+	For other Sears Holdings coverage, see Sears.com.xml.
+
+
+	Fully covered subdomains:
+
+		- apps
+
+		- s\d+:
+
+			- [1-9]
+			- 10
+
+-->
+<ruleset name="SYW CDN.net">
+
+	<target host="*.sywcdn.net" />
+
+
+	<rule from="^http://(apps|\d+)\.sywcdn\.net/"
+		to="https://$1.sywcdn.net/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SYX_Services.xml b/src/chrome/content/rules/SYX_Services.xml
index 688c88a0346d..b62fa9ebac51 100644
--- a/src/chrome/content/rules/SYX_Services.xml
+++ b/src/chrome/content/rules/SYX_Services.xml
@@ -3,7 +3,7 @@
 	<target host="images.highspeedbackbone.net" />
 
 
-	<rule from="^http://images\.highspeedbackbone\.net/"
-		to="https://images.highspeedbackbone.net/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/S_and_S_Media.com-falsemixed.xml b/src/chrome/content/rules/S_and_S_Media.com-falsemixed.xml
deleted file mode 100644
index 56efd909f34b..000000000000
--- a/src/chrome/content/rules/S_and_S_Media.com-falsemixed.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	For rules not causing false/broken MCB, see S_and_S_Media.com.xml.
-
--->
-<ruleset name="S and S Media.com (false MCB)" platform="mixedcontent">
-
-	<target host="sandsmedia.com" />
-	<target host="*.sandsmedia.com" />
-		<!--
-			Handled in S_and_S_Media.com.xml:
-							-->
-		<!--exclusion pattern="^http://(www\.)?sandsmedia\.com/+file/" /-->
-
-
-	<securecookie host="^\.?sandsmedia\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?sandsmedia\.com/(?!file/)"
-		to="https://sandsmedia.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/S_and_S_Media.com.xml b/src/chrome/content/rules/S_and_S_Media.com.xml
deleted file mode 100644
index e958c2b5857b..000000000000
--- a/src/chrome/content/rules/S_and_S_Media.com.xml
+++ /dev/null
@@ -1,34 +0,0 @@
-<!--
-	For rules causing false/broken MCB, see S_and_S_Media.com-falsemixed.xml.
-
-
-	www: shows webandphp.com; mismatched, CN: www.webmagazin.de
-
-
-	Mixed content:
-
-		- css on ^ from ^ *
-
-		- Images on ^ from ^ *
-
-	* Secured by us
-
--->
-<ruleset name="S and S Media.com (partial)">
-
-	<target host="sandsmedia.com" />
-	<target host="www.sandsmedia.com" />
-	<target host="shop.sandsmedia.com" />
-	<target host="*.shop.sandsmedia.com" />
-
-
-	<securecookie host="^\.shop\.sandsmedia\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?sandsmedia\.com/file/"
-		to="https://sandsmedia.com/file/" />
-
-	<rule from="^http://shop\.sandsmedia\.com/"
-		to="https://shop.sandsmedia.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Saaid.net.xml b/src/chrome/content/rules/Saaid.net.xml
new file mode 100644
index 000000000000..02bcd4a47a6c
--- /dev/null
+++ b/src/chrome/content/rules/Saaid.net.xml
@@ -0,0 +1,8 @@
+<ruleset name="Saaid.net" platform="mixedcontent">
+	<target host="saaid.net" />
+	<target host="www.saaid.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Sabayon.org.xml b/src/chrome/content/rules/Sabayon.org.xml
index ae041dd745bf..ea9f211c39e8 100644
--- a/src/chrome/content/rules/Sabayon.org.xml
+++ b/src/chrome/content/rules/Sabayon.org.xml
@@ -1,63 +1,41 @@
 <!--
-	Nonfunctional subdomains:
-
-		- eapi	(redirects to www; mismatched, CN: www.sabayon.org)
-
-
-	Fully covered subdomains:
-
-		- (www.)
-		- bugs
-		- community
-		- forum
-		- lists
-		- packages
-		- pastebin
-		- static
-		- wiki
-
-
-	Observed cookie domains:
-
-		- ^
-		- .
-		- bugs
-		- packages
-		- .packages *
-		- pastebin
-		- .pastebin *
-		- wiki
-		- www
-
-	* Tracking cookies only
-
-
-	Mixed content:
-
-		- Images, on www from:
-
-			- wolf911.us
-			- *.files.wordpress.com *
-			- s1.wp.com *
-
-		- Ads/web bugs. on www from:
-
-			- www.pledgie.com *
-			- stats.wordpress.com *
-
-	* Secured by us
+	Invalid certificate:
+		best.sabayon.org
+		lists.sabayon.org
+		tinderbox.sabayon.org
+
+	Secure connection failed:
+		mirror.de.sabayon.org
+		distfiles.sabayon.org
+		git.sabayon.org
+		gitweb.sabayon.org
+		mirror.it.sabayon.org
+		pkg.sabayon.org
+		pkgs.sabayon.org
+		torrents.sabayon.org
+		tracker.sabayon.org
+
+	Different content http/https:
+		dl.sabayon.org
+		eapi.sabayon.org
 
 -->
-<ruleset name="Sabayon.org (partial)">
+<ruleset name="Sabayon.org">
 
 	<target host="sabayon.org" />
-	<target host="*.sabayon.org" />
-
-
-	<securecookie host=".*\.sabayon\.org$" name=".+" />
-
-
-	<rule from="^http://((?:bugs|community|forum|lists|packages|pastebin|static|wiki|www)\.)?sabayon\.org/"
-		to="https://$1sabayon.org/" />
+	<target host="www.sabayon.org" />
+	<target host="bugs.sabayon.org" />
+	<target host="community.sabayon.org" />
+	<target host="forum.sabayon.org" />
+	<target host="next.sabayon.org" />
+	<target host="packages.sabayon.org" />
+	<target host="pastebin.sabayon.org" />
+	<target host="static.sabayon.org" />
+	<target host="wiki.sabayon.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Sabnzbd.xml b/src/chrome/content/rules/Sabnzbd.xml
index 0ea4c8cd8079..fc67ca333d11 100644
--- a/src/chrome/content/rules/Sabnzbd.xml
+++ b/src/chrome/content/rules/Sabnzbd.xml
@@ -9,13 +9,12 @@
 
 	<target host="forums.sabnzbd.org" />
 	<!--	* for cross-domain cookies.	-->
-	<target host="*.forums.sabnzbd.org" />
 
 
-	<securecookie host="^\.forums\.sabnzbd\.org$" name=".*" />
 
+	<securecookie host="^\.forums\.sabnzbd\.org$" name=".+" />
 
-	<rule from="^http://forums\.sabnzbd\.org/"
-		to="https://forums.sabnzbd.org/" />
+
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Sabq.org.xml b/src/chrome/content/rules/Sabq.org.xml
new file mode 100644
index 000000000000..b286059676ec
--- /dev/null
+++ b/src/chrome/content/rules/Sabq.org.xml
@@ -0,0 +1,21 @@
+<!--
+	Invalid Certificate:
+		stage2.sabq.org
+-->
+<ruleset name="Sabq.org">
+	<target host="sabq.org" />
+	<target host="www.sabq.org" />
+	<target host="api.sabq.org" />
+	<target host="backend.sabq.org" />
+	<target host="beta.sabq.org" />
+	<target host="cdn.sabq.org" />
+		<test url="http://cdn.sabq.org/favicon.ico" />
+	<target host="docs.sabq.org" />
+	<target host="misc.sabq.org" />
+	<target host="mobile.sabq.org" />
+	<target host="wap.sabq.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Sabre_Hospitality_Solutions.xml b/src/chrome/content/rules/Sabre_Hospitality_Solutions.xml
index cc1d062950fe..9701451842f1 100644
--- a/src/chrome/content/rules/Sabre_Hospitality_Solutions.xml
+++ b/src/chrome/content/rules/Sabre_Hospitality_Solutions.xml
@@ -7,13 +7,12 @@
 <ruleset name="Sabre Hospitality Solutions (partial)">
 
 	<target host="gatag.it" />
-	<target host="*.gatag.it" />
+	<target host="www.gatag.it" />
 
 
 	<securecookie host="^\.gatag\.it$" name=".+" />
 
 
-	<rule from="^http://(www\.)?gatag\.it/"
-		to="https://$1gatag.it/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Sachsen.de.xml b/src/chrome/content/rules/Sachsen.de.xml
new file mode 100644
index 000000000000..930b17762443
--- /dev/null
+++ b/src/chrome/content/rules/Sachsen.de.xml
@@ -0,0 +1,106 @@
+<!--
+	Nonfunctional subdomains:
+		- $								-> redirects to http
+		- arbeit						-> wrong domain
+		- egovernment					-> wrong domain
+		- finanzen						-> wrong domain
+		- foerderung					-> wrong domain
+		- medienservice					-> redirects to http
+		- naturgefahren					-> wrong domain
+		- newsletter					-> mixed content
+		- pflegenetz					-> redirects to http
+		- polizei2020					-> wrong domain
+		- rechnungshof					-> wrong domain
+		- regierung						-> wrong domain
+		- revosax						-> wrong domain
+		- secure						-> mixed content
+		- sid							-> wrong domain
+		- steuern						-> wrong domain
+		- themen						-> wrong domain
+		- verfassungsgerichtshof		-> wrong domain
+		- www							-> redirects to http
+		- www.archaeologie				-> wrong domain
+		- www.archiv					-> wrong domain
+		- www.bauen-wohnen				-> wrong domain
+		- www.campus					-> wrong domain
+		- www.demografie				-> wrong domain
+		- www.denkmalpflege				-> wrong domain
+		- www.ea						-> wrong domain
+		- www.egovernment				-> wrong domain
+		- www.europa					-> wrong domain
+		- www.exporeal					-> wrong domain
+		- www.familie					-> wrong domain
+		- www.finanzen					-> wrong domain
+		- www.foerderung				-> wrong domain
+		- www.forschung					-> wrong domain
+		- www.freistaat					-> wrong domain
+		- www.gesunde					-> wrong domain
+		- www.gleichstellung			-> wrong domain
+		- www.internationales			-> wrong domain
+		- www.kulturland				-> wrong domain
+		- www.landesentwicklung			-> wrong domain
+		- www.medien					-> wrong domain
+		- www.ministerpraesident		-> wrong domain
+		- www.moderneverwaltung			-> wrong domain
+		- www.naturgefahren				-> wrong domain
+		- www.newsletter				-> mixed content
+		- www.pflegenetz				-> redirects to http
+		- www.regionen					-> wrong domain
+		- www.revosax					-> wrong domain
+		- www.sid						-> wrong domain
+		- www.sk						-> wrong domain
+		- www.smf						-> wrong domain
+		- www.smi						-> wrong domain
+		- www.sms						-> wrong domain
+		- www.sms						-> wrong domain
+		- www.smwa						-> wrong domain
+		- www.smwk						-> wrong domain
+		- www.soziales					-> wrong domain
+		- www.sport						-> wrong domain
+		- www.stellenmarkt				-> wrong domain
+		- www.stellenmarkt				-> wrong domain
+		- www.steuern					-> wrong domain
+		- www.studieren					-> wrong domain
+		- www.tag-der-deutschen-einheit	-> wrong domain
+		- www.technologie				-> wrong domain
+		- www.themen					-> wrong domain
+		- www.tourismus					-> wrong domain
+		- www.verkehr					-> wrong domain
+		- www.willkommen				-> wrong domain
+		- www.wirtschaft				-> wrong domain
+
+-->
+<ruleset name="Sachsen.de">
+
+	<target host="amt24.sachsen.de" />
+	<target host="bildung.sachsen.de" />
+	<target host="buergerbeteiligung.sachsen.de" />
+	<target host="ehrenamt.sachsen.de" />
+	<target host="fs.egov.sachsen.de" />
+	<target host="lds.sachsen.de" />
+	<target host="publikationen.sachsen.de" />
+	<target host="schule.sachsen.de" />
+	<target host="search.sachsen.de" />
+	<target host="smk.sachsen.de" />
+	<target host="verbraucherschutz.sachsen.de" />
+	<target host="www.amt24.sachsen.de" />
+	<target host="www.buergerbeteiligung.sachsen.de" />
+	<target host="www.e-mail.sachsen.de" />
+	<target host="www.ehrenamt.sachsen.de" />
+	<target host="www.forsten.sachsen.de" />
+	<target host="www.justiz.sachsen.de" />
+	<target host="www.lds.sachsen.de" />
+	<target host="www.login.schule.sachsen.de" />
+	<target host="www.schule.sachsen.de" />
+	<target host="www.smk.sachsen.de" />
+	<target host="www.smul.sachsen.de" />
+	<target host="www.statistik.sachsen.de" />
+	<target host="www.umwelt.sachsen.de" />
+	<target host="www.verbraucherschutz.sachsen.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Sacramento-Bee.xml b/src/chrome/content/rules/Sacramento-Bee.xml
new file mode 100644
index 000000000000..3c05b1cf6477
--- /dev/null
+++ b/src/chrome/content/rules/Sacramento-Bee.xml
@@ -0,0 +1,29 @@
+<!--
+	Connection reset:
+		- events.sacbee.com
+
+	Invalid certificate:
+		- circulars.sacbee.com
+		- classifieds.sacbee.com
+		- findnsave.sacbee.com
+		- shopping.sacbee.com
+
+	Timed out:
+		- sacbee.com, equivalent to www.sacbee.com
+		- games.sacbee.com
+		- voterguide.sacbee.com
+-->
+
+<ruleset name="Sacramento Bee">
+	<target host="sacbee.com" />
+	<target host="www.sacbee.com" />
+	<target host="account.sacbee.com" />
+	<target host="checkout.sacbee.com" />
+	<target host="jobs.sacbee.com" />
+	<target host="media.sacbee.com" />
+
+	<rule from="^http://sacbee\.com/"
+		to="https://www.sacbee.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Sacramento_Bee.xml b/src/chrome/content/rules/Sacramento_Bee.xml
deleted file mode 100644
index 649b8c8ca280..000000000000
--- a/src/chrome/content/rules/Sacramento_Bee.xml
+++ /dev/null
@@ -1,30 +0,0 @@
-<!--
-	CDN buckets:
-
-		- mi.edgesuite.net
-
-			- media
-			- www
-
-
-	Nonfunctional subdomains:
-
-		- ^		(refused)
-		- media *
-		- www *
-
-	* 503, akamai
-
--->
-<ruleset name="The Sacramento Bee (partial)">
-
-	<target host="circulationportal.sacbee.com" />
-
-
-	<securecookie host="^circulationportal\.sacbee\.com$" name=".+" />
-
-
-	<rule from="^http://circulationportal\.sacbee\.com/"
-		to="https://circulationportal.sacbee.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Sade.com.xml b/src/chrome/content/rules/Sade.com.xml
new file mode 100644
index 000000000000..a5f616beeff5
--- /dev/null
+++ b/src/chrome/content/rules/Sade.com.xml
@@ -0,0 +1,16 @@
+<ruleset name="Sade.com">
+
+	<target host="sade.com" />
+	<target host="www.sade.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.sade\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^www\.sade\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SafariBooksOnline.xml b/src/chrome/content/rules/SafariBooksOnline.xml
index 7606acd8d77d..520eba4319d3 100644
--- a/src/chrome/content/rules/SafariBooksOnline.xml
+++ b/src/chrome/content/rules/SafariBooksOnline.xml
@@ -1,24 +1,64 @@
 <!--
-	Problematic subdomains:
+	CDN buckets:
 
-		- my	(akamai)
+		- my.safaribooksonline.com.global.prod.fastly.net
+		- techbus.safaribooksonline.com.global.prod.fastly.net
+
+		- safaribooksonline.force.com
+
+			- support
+
+
+	Nonfunctional hosts in *safaribooksonline.com:
+
+		- support *
+
+	* Force.com
+
+
+	Problematic hosts in *safaribooksonline.com:
+
+		- my ¹
+		- ssl ²
+		- techbus ¹
+
+	¹ Fastly
+	² Insecure renegotiation
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- my.safaribooksonline.com
+		- .my.safaribooksonline.com
+		- ssl.safaribooksonline.com
+		- .ssl.safaribooksonline.com
+		- techbus.safaribooksonline.com
+		- .techbus.safaribooksonline.com
+		- www.safaribooksonline.com
+		- .www.safaribooksonline.com
 
 -->
-<ruleset name="Safari Books Online">
-  <target host="my.safaribooksonline.com" />
-		<!--
-			Paths relative to / cause images to be fetched from akamai.net/$
-											-->
-		<exclusion pattern="^http://my\.safaribooksonline\.com/static/.+\.css" />
-  <target host="www.safaribooksonline.com" />
-
-	<!--	Avoid user-visible paths:
-						-->
-	<rule from="^http://my\.safaribooksonline\.com/(favicon\.ico|images/|static/)"
-		to="https://a248.e.akamai.net/f/1543/1/b/my.safaribooksonline.com/$1" />
-
-    <rule from="^http://my\.safaribooksonline\.com/login$"
-        to="https://ssl.safaribooksonline.com/securelogin"/>
-    <rule from="^http://www\.safaribooksonline\.com/Corporate/Index/logIn\.php$"
-        to="https://ssl.safaribooksonline.com/securelogin"/>
-</ruleset>
\ No newline at end of file
+<ruleset name="Safari Books Online.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="safaribooksonline.com" />
+	<target host="blog.safaribooksonline.com" />
+	<target host="ssl.safaribooksonline.com" />
+	<target host="www.safaribooksonline.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="(my|ssl|techbus)\.safaribooksonline\.com$" name="^cookie-monster$" /-->
+	<!--securecookie host="\.(my|ssl|techbus)\.safaribooksonline\.com$" name="^Safari$" /-->
+	<!--securecookie host="www\.safaribooksonline\.com$" name="^(BrowserCookie|csrftoken|original_referer)$" /-->
+	<!--securecookie host="\.www\.safaribooksonline\.com$" name="^(?:corp_sessionid|csrfsafari)$" /-->
+
+	<securecookie host="(?:ssl|\.?www)\.safaribooksonline\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Safari_Flow.com.xml b/src/chrome/content/rules/Safari_Flow.com.xml
index ffb262f33537..5a6b1c831ec6 100644
--- a/src/chrome/content/rules/Safari_Flow.com.xml
+++ b/src/chrome/content/rules/Safari_Flow.com.xml
@@ -1,19 +1,38 @@
 <!--
-	Problematic subdomains:
+	For other Safari Books coverage, see SafariBooksOnline.xml.
 
-		- ^	(reset)
+
+	Problematic hosts in *safariflow.com:
+
+		- (www.)? ¹
+		- blog ²
+
+	¹ Server sends no certificate chain, see https://whatsmychaincert.com
+	² Works, worpdress
+
+
+	Mixed content:
+
+		- Images on blog from www.safaribooksonline.com *
+
+	* Unsecurable <= http reply
 
 -->
-<ruleset name="Safari Flow.com">
+<ruleset name="Safari Flow.com (partial)" default_off="cert-chain">
 
 	<target host="safariflow.com" />
 	<target host="www.safariflow.com" />
 
 
-	<securecookie host="^www\.safariflow\.com$" name=".+" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.safariflow\.com$" name="^(X-Mapping-\w{8}|csrftoken)$" /-->
+	<!--securecookie host="^\.www\.safariflow\.com$" name="^sessionid$" /-->
+
+	<securecookie host="^\.?www\.safariflow\.com$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?safariflow\.com/"
-		to="https://www.safariflow.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Safe-In-Cloud.com.xml b/src/chrome/content/rules/Safe-In-Cloud.com.xml
new file mode 100644
index 000000000000..31195fcd01e6
--- /dev/null
+++ b/src/chrome/content/rules/Safe-In-Cloud.com.xml
@@ -0,0 +1,15 @@
+<ruleset name="Safe-In-Cloud.com">
+
+	<target host="safe-in-cloud.com" />
+	<target host="www.safe-in-cloud.com" />
+
+
+	<!--	Some, but not all, secured by server:
+							-->
+	<securecookie host="^(?:www\.)?safe-in-cloud\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Safe-mail.net.xml b/src/chrome/content/rules/Safe-mail.net.xml
index af258aec24ee..1a01a1619411 100644
--- a/src/chrome/content/rules/Safe-mail.net.xml
+++ b/src/chrome/content/rules/Safe-mail.net.xml
@@ -1,7 +1,16 @@
 <ruleset name="Safe-mail.net">
+
 	<target host="safe-mail.net" />
-	<target host="*.safe-mail.net" />
+	<target host="www.safe-mail.net" />
+	<target host="apple.safe-mail.net" />
+	<target host="dekel.safe-mail.net" />
+	<target host="mail.safe-mail.net" />
+	<target host="mango.safe-mail.net" />
+	<target host="orange.safe-mail.net" />
+	<target host="pitango.safe-mail.net" />
+	<target host="pop.safe-mail.net" />
+	<target host="tamar.safe-mail.net" />
+
+	<rule from="^http:" to="https:" />
 
-	<rule from="^http://safe-mail\.net/" to="https://www.safe-mail.net/" />
-	<rule from="^http://([a-zA-Z0-9\-]+)\.safe-mail\.net/" to="https://$1.safe-mail.net/" />
 </ruleset>
diff --git a/src/chrome/content/rules/SafeAssign.xml b/src/chrome/content/rules/SafeAssign.xml
deleted file mode 100644
index c261fe714c3b..000000000000
--- a/src/chrome/content/rules/SafeAssign.xml
+++ /dev/null
@@ -1,26 +0,0 @@
-<!--
-	For other Blackboard coverage, see Blackboard.xml.
-
-
-	Cert only matches www.
-
-
-	Nonfunctional subdomains:
-
-		- institutionhelp	(fails to redirect properly)
-		- wiki
-
--->
-<ruleset name="SafeAssign">
-
-	<target host="safeassign.com" />
-	<target host="www.safeassign.com" />
-
-
-	<securecookie host="^www\.safeassign\.com$" name=".+" />
-
-
-	<rule from="^https?://(?:www\.)?safeassign\.com/"
-		to="https://www.safeassign.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/SafeHouse.com.xml b/src/chrome/content/rules/SafeHouse.com.xml
new file mode 100644
index 000000000000..67b0da614f79
--- /dev/null
+++ b/src/chrome/content/rules/SafeHouse.com.xml
@@ -0,0 +1,18 @@
+<!--
+	Wildcard certificate and DNS records:
+		- *.safehouse.com
+-->
+
+<ruleset name="SafeHouse.com">
+	<target host="safehouse.com" />
+	<target host="*.safehouse.com" />
+		<test url="http://www.safehouse.com/" />
+		<test url="http://a.safehouse.com/" />
+		<test url="http://b.safehouse.com/" />
+
+	<rule from="^http://safehouse\.com/"
+		to="https://safehouse.com/" />
+
+	<rule from="^http://([\w-]+)\.safehouse\.com/"
+		to="https://$1.safehouse.com/" />
+</ruleset>
diff --git a/src/chrome/content/rules/SafeNet.xml b/src/chrome/content/rules/SafeNet.xml
index c72107857345..f8e60b3e5a6a 100644
--- a/src/chrome/content/rules/SafeNet.xml
+++ b/src/chrome/content/rules/SafeNet.xml
@@ -1,13 +1,44 @@
-<ruleset name="SafeNet (partial)">
 
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://sentineldiscussion.safenet-inc.com/ => https://sentineldiscussion.safenet-inc.com/: (51, "SSL: no alternative certificate subject name matches target host name 'sentineldiscussion.gemalto.com'")
+
+-->
+<ruleset name="SafeNet-Inc.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
 	<target host="safenet-inc.com" />
-	<target host="*.safenet-inc.com" />
+	<target host="kb.safenet-inc.com" />
+	<target host="sentineldiscussion.safenet-inc.com" />
+	<target host="www.safenet-inc.com" />
+
+		<!--	Redirects to http;
+						-->
+		<!--exclusion pattern="^http://(?:www\.)?safenet-inc\.com/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://(?:www\.)?safenet-inc\.com/+(?!favicon\.ico|uploadedFiles/|uploadedImages/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.safenet-inc.com/data-encryption/" />
+			<test url="http://www.safenet-inc.com/partners/" />
+			<test url="http://www.safenet-inc.com/safenet-connected/" />
+			<test url="http://www.safenet-inc.com/technical-support/" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.safenet-inc.com/favicon.ico" />
+			<test url="http://www.safenet-inc.com/uploadedFiles/InternalUse/server-files/css/share-this.css" />
+			<test url="http://www.safenet-inc.com/uploadedImages/images/Icons/SafeNet-logo-header-76px.png" />
 
 
-	<securecookie host="^(?:.+\.)?safenet-inc\.com$" name=".+" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^http://(sentineldiscussion\.|www\.)?safenet-inc\.com/"
-		to="https://$1safenet-inc.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SafePilots.org.xml b/src/chrome/content/rules/SafePilots.org.xml
new file mode 100644
index 000000000000..c5319e7c2a96
--- /dev/null
+++ b/src/chrome/content/rules/SafePilots.org.xml
@@ -0,0 +1,11 @@
+<!--
+	Connection refused:
+		- ww2.safepilots.org
+-->
+
+<ruleset name="SafePilots.org">
+	<target host="safepilots.org" />
+	<target host="www.safepilots.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Safecast.org.xml b/src/chrome/content/rules/Safecast.org.xml
new file mode 100644
index 000000000000..3dca4f5b8a8e
--- /dev/null
+++ b/src/chrome/content/rules/Safecast.org.xml
@@ -0,0 +1,25 @@
+<!--
+	Invalid certificate:
+		www.api.safecast.org
+
+	Refused:
+		pointcast.safecast.org
+		realtime.safecast.org
+		rt.safecast.org
+
+-->
+<ruleset name="Safecast.org">
+
+	<target host="safecast.org" />
+	<target host="www.safecast.org" />
+	<target host="api.safecast.org" />
+	<target host="blog.safecast.org" />
+	<target host="map.safecast.org" />
+	<target host="www.map.safecast.org" />
+	<target host="report.safecast.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Safecharge247.com.xml b/src/chrome/content/rules/Safecharge247.com.xml
deleted file mode 100644
index c5ae169dab5f..000000000000
--- a/src/chrome/content/rules/Safecharge247.com.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="safecharge247.com">
-
-	<target host="safecharge247.com" />
-	<target host="www.safecharge247.com" />
-
-
-	<rule from="^http://(www\.)?safecharge247\.com/"
-		to="https://$1safecharge247.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Safecount.xml b/src/chrome/content/rules/Safecount.xml
index 1f4c1c8e68e4..e83f1e858bcf 100644
--- a/src/chrome/content/rules/Safecount.xml
+++ b/src/chrome/content/rules/Safecount.xml
@@ -6,17 +6,19 @@
 
 	Nonfunctional domains:
 
+		- (www.)?safecount.net *
 		- (www.)safecountcommunity.com	(times out)
 
+	* Prints "Nothing to see here"
+
 -->
-<ruleset name="Safecount" default_off="mismatch">
+<ruleset name="Safecount.net" default_off="broken">
 
-	<!--	Cert: *.questionmarket.com	-->
 	<target host="safecount.net" />
 	<target host="www.safecount.net" />
 
 
-	<rule from="^https?://(?:www\.)?safecount\.net/"
+	<rule from="^http://(?:www\.)?safecount\.net/"
 		to="https://safecount.net/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Safeena.org.xml b/src/chrome/content/rules/Safeena.org.xml
new file mode 100644
index 000000000000..e26fa6a9d005
--- /dev/null
+++ b/src/chrome/content/rules/Safeena.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="Safeena.org">
+	<target host="safeena.org" />
+	<target host="www.safeena.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Safelinking.xml b/src/chrome/content/rules/Safelinking.xml
index b680bbdca333..242317ee5e99 100644
--- a/src/chrome/content/rules/Safelinking.xml
+++ b/src/chrome/content/rules/Safelinking.xml
@@ -1,10 +1,10 @@
-<ruleset name="Safelinking">
+<ruleset name="Safelinking.net">
 
 	<target host="safelinking.net" />
 	<target host="www.safelinking.net" />
 
 
-	<rule from="^http://(www\.)?safelinking\.net/"
-		to="https://$1safelinking.net/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Safello.com.xml b/src/chrome/content/rules/Safello.com.xml
new file mode 100644
index 000000000000..f5006dd0b93f
--- /dev/null
+++ b/src/chrome/content/rules/Safello.com.xml
@@ -0,0 +1,20 @@
+<ruleset name="Safello.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="safello.com" />
+	<target host="blog.safello.com" />
+	<target host="www.safello.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^blog\.safello\.com$" name="^_icl_current_language$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Safeshepherd.xml b/src/chrome/content/rules/Safeshepherd.xml
index 5f10a7373e2d..24e7fcb712f5 100644
--- a/src/chrome/content/rules/Safeshepherd.xml
+++ b/src/chrome/content/rules/Safeshepherd.xml
@@ -1,22 +1,30 @@
 <!--
-	Problematic subdomains;
+	Problematic hosts in *safeshepherd.com:
 
-		- blog		(redirects to http; mismatched, CN: *.wpengine.com)
+		- blog *
+
+	* WP Engine
 
 -->
 <ruleset name="Safeshepherd.com">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="safeshepherd.com" />
-	<target host="*.safeshepherd.com" />
+	<target host="www.safeshepherd.com" />
 
+	<!--	Complications:
+				-->
+	<target host="blog.safeshepherd.com" />
 
-	<securecookie host="^(?:www\.)?safeshepherd\.com$" name=".+" />
 
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(www\.)?safeshepherd\.com/"
-		to="https://$1safeshepherd.com/" />
 
-	<rule from="^https?://blog\.safeshepherd\.com/"
+	<rule from="^http://blog\.safeshepherd\.com/"
 		to="https://safeshepherd.wpengine.com/" />
 
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/SafinaSociety.org.xml b/src/chrome/content/rules/SafinaSociety.org.xml
new file mode 100644
index 000000000000..04f91eb9e015
--- /dev/null
+++ b/src/chrome/content/rules/SafinaSociety.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="SafinaSociety.org">
+	<target host="safinasociety.org" />
+	<target host="www.safinasociety.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Saga-Group.xml b/src/chrome/content/rules/Saga-Group.xml
index aaa6a8b59d99..280c0920e9cd 100644
--- a/src/chrome/content/rules/Saga-Group.xml
+++ b/src/chrome/content/rules/Saga-Group.xml
@@ -1,13 +1,14 @@
 <ruleset name="Saga Group">
 
 	<target host="saga.co.uk" />
-	<target host="*.saga.co.uk" />
+	<target host="www.saga.co.uk" />
+	<target host="travel.saga.co.uk" />
 
 
-	<securecookie host="^.*\.saga\.co\.uk$" name=".*" />
+	<securecookie host="^.*\.saga\.co\.uk$" name=".+" />
 
 
-	<rule from="^http://(www\.)?saga\.co\.uk/"
+	<rule from="^http://(?:www\.)?saga\.co\.uk/"
 		to="https://www.saga.co.uk/" />
 
 	<rule from="^http://travel\.saga\.co\.uk/(favicon\.ico|holidays/(medialibrary|[sS]tyles)/|images/firebird/)"
diff --git a/src/chrome/content/rules/Sage.xml b/src/chrome/content/rules/Sage.xml
index fd954a158758..6c2c8d54bf8c 100644
--- a/src/chrome/content/rules/Sage.xml
+++ b/src/chrome/content/rules/Sage.xml
@@ -1,9 +1,13 @@
 <ruleset name="Sage (partial)">
 
 	<target host="sagepay.com"/>
-	<target host="*.sagepay.com"/>
+	<target host="www.sagepay.com" />
+	<target host="customerservices.sagepay.com" />
+	<target host="live.sagepay.com" />
+	<target host="support.sagepay.com" />
+	<target host="test.sagepay.com" />
 
-	<securecookie host="^(customerservices|live)\.sagepay\.com$" name=".*"/>
+	<securecookie host="^(?:customerservices|live)\.sagepay\.com$" name=".+" />
 
 	<!--	cert !valid for !www	-->
 	<rule from="^http://(?:www\.)?sagepay\.com/(misc/|(modul|sit)es/)"
diff --git a/src/chrome/content/rules/SageMath.org.xml b/src/chrome/content/rules/SageMath.org.xml
new file mode 100644
index 000000000000..b8ceec1c8ada
--- /dev/null
+++ b/src/chrome/content/rules/SageMath.org.xml
@@ -0,0 +1,25 @@
+<!--
+	Invalid Certificate:
+		files.sagemath.org
+-->
+<ruleset name="SageMath.org">
+	<target host="sagemath.org" />
+	<target host="www.sagemath.org" />
+	<target host="ask.sagemath.org" />
+	<target host="cloud.sagemath.org" />
+	<target host="combinat.sagemath.org" />
+	<target host="doc.sagemath.org" />
+	<target host="documenta.sagemath.org" />
+	<target host="k8s.sagemath.org" />
+	<target host="git.sagemath.org" />
+	<target host="patchbot.sagemath.org" />
+	<target host="planet.sagemath.org" />
+	<target host="sagecell.sagemath.org" />
+	<target host="trac.sagemath.org" />
+	<target host="wiki.sagemath.org" />
+	<target host="zulip.sagemath.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Sagernotebook.com.xml b/src/chrome/content/rules/Sagernotebook.com.xml
index 614862177db1..9dd52328c8f7 100644
--- a/src/chrome/content/rules/Sagernotebook.com.xml
+++ b/src/chrome/content/rules/Sagernotebook.com.xml
@@ -2,5 +2,5 @@
   <target host="sagernotebook.com" />
   <target host="www.sagernotebook.com" />
 
-  <rule from="^http://(?:www\.)?sagernotebook\.com/" to="https://www.sagernotebook.com/" />
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Sah3.net.xml b/src/chrome/content/rules/Sah3.net.xml
deleted file mode 100644
index f5930dffd466..000000000000
--- a/src/chrome/content/rules/Sah3.net.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!-- This rule was automatically generated based on an HSTS
-     preload rule in the Chromium browser.  See
-     https://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.h
-     for the list of preloads.  Sites are added to the Chromium HSTS
-     preload list on request from their administrators, so HTTPS should
-     work properly everywhere on this site.
-
-     Because Chromium and derived browsers automatically force HTTPS for
-     every access to this site, this rule applies only to Firefox. -->
-<ruleset name="Sah3.net" platform="firefox">
-<target host="sah3.net" />
-
-<securecookie host="^sah3\.net$" name=".+" />
-
-<rule from="^http://sah3\.net/" to="https://sah3.net/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Sahih-Bukhari.com.xml b/src/chrome/content/rules/Sahih-Bukhari.com.xml
new file mode 100644
index 000000000000..d1266e2f205a
--- /dev/null
+++ b/src/chrome/content/rules/Sahih-Bukhari.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="Sahih-Bukhari.com">
+	<target host="sahih-bukhari.com" />
+	<target host="www.sahih-bukhari.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SailfishOS.org.xml b/src/chrome/content/rules/SailfishOS.org.xml
index 4de22f100efc..6d4ebe3ca682 100644
--- a/src/chrome/content/rules/SailfishOS.org.xml
+++ b/src/chrome/content/rules/SailfishOS.org.xml
@@ -21,7 +21,8 @@
 <ruleset name="SailfishOS.org">
 
 	<target host="sailfishos.org" />
-	<target host="*.sailfishos.org" />
+	<target host="lists.sailfishos.org" />
+	<target host="www.sailfishos.org" />
 
 
 	<!--	www redirects to ^ over http,
@@ -30,4 +31,4 @@
 	<rule from="^http://(?:(lists\.)|www\.)?sailfishos\.org/"
 		to="https://$1sailfishos.org/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Sailthru-Horizon.xml b/src/chrome/content/rules/Sailthru-Horizon.xml
index b1a5abcac4d3..fa743ead754d 100644
--- a/src/chrome/content/rules/Sailthru-Horizon.xml
+++ b/src/chrome/content/rules/Sailthru-Horizon.xml
@@ -9,13 +9,14 @@
 -->
 <ruleset name="Sailthru Horizon">
 
-	<target host="*.sail-horizon.com" />
+	<target host="ak.sail-horizon.com" />
+	<target host="ak2.sail-horizon.com" />
+	<target host="cdn.sail-horizon.com" />
 
 
-	<rule from="^http://ak(2)?\.sail-horizon\.com/"
-		to="https://ak$1.sail-horizon.com/" />
 
 	<rule from="^http://cdn\.sail-horizon\.com/"
 		to="https://d1gp8joe0evc8s.cloudfront.net/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Sailthru.xml b/src/chrome/content/rules/Sailthru.xml
index 39ceda70c799..25fc62281e8d 100644
--- a/src/chrome/content/rules/Sailthru.xml
+++ b/src/chrome/content/rules/Sailthru.xml
@@ -1,34 +1,117 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://me.sailthru.com/css/mktLPSupport.css (200) => https://na-sj08.marketo.com/css/mktLPSupport.css (403)
+Non-2xx HTTP code: http://me.sailthru.com/images/forms/backRequiredGray.gif (200) => https://na-sj08.marketo.com/images/forms/backRequiredGray.gif (403)
+Non-2xx HTTP code: http://me.sailthru.com/rs/sailthru/images/lp-logo-blue.png (200) => https://na-sj08.marketo.com/rs/sailthru/images/lp-logo-blue.png (403)
+Fetch error: http://me.sailthru.com/?f => https://www.sailthru.com/: Too many redirects while fetching 'https://www.sailthru.com/'
+Fetch error: http://me.sailthru.com/?o => https://www.sailthru.com/: Too many redirects while fetching 'https://www.sailthru.com/'
+Fetch error: http://me.sailthru.com/?b => https://www.sailthru.com/: Too many redirects while fetching 'https://www.sailthru.com/'
+Fetch error: http://me.sailthru.com/?a => https://www.sailthru.com/: Too many redirects while fetching 'https://www.sailthru.com/'
+Fetch error: http://www.sailthru.com/ => https://www.sailthru.com/: Too many redirects while fetching 'https://www.sailthru.com/'
+Fetch error: http://sailthru.com/ => https://www.sailthru.com/: Too many redirects while fetching 'https://www.sailthru.com/'
+Fetch error: http://me.sailthru.com/ => https://www.sailthru.com/: Too many redirects while fetching 'https://www.sailthru.com/'
+
 	CDN buckets:
 
+		- d1t6td7a2qcurl.cloudfront.net
+
+			- media.sailthru.com
+
 		- dyrkrau635c04.cloudfront.net
 
+
+	Nonfunctional hosts in *sailthru.com:
+
+		- ak ¹
+		- me ²
+
+	¹ 504, akamai
+	² Marketo
+
+
+	Problematic hosts in *sailthru.com:
+
+		- ^ ¹
+		- blog ²
+		- getstarted ²
+		- lift ¹
+		- media ³
+
+	¹ Mismatched
+	² Server sends no certificate chain, see https://whatsmychaincert.com
+	³ Cloudfront
+
+
+	Mixed content:
+
+		- css on www from fonts.googleapis.com *
+
+		- Images, on:
+
+			- cb from ^ *
+			- www from $self *
+
+		- favicon on cb from ak
+
+	* Secured by us
+
 -->
-<ruleset name="Sailthru">
+<ruleset name="Sailthru.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="api.sailthru.com" />
+	<!--target host="blog.sailthru.com" /-->
+	<target host="cb.sailthru.com" />
+	<!--target host="getstarted.sailthru.com" /-->
+	<target host="my.sailthru.com" />
+	<target host="www.sailthru.com" />
 
+	<!--	Complications:
+				-->
 	<target host="sailthru.com" />
-	<target host="*.sailthru.com" />
+	<target host="me.sailthru.com" />
+	<target host="media.sailthru.com" />
 
+		<exclusion pattern="^http://me\.sailthru\.com/+(?!$|\?|css/|images/|rs/)" />
 
-	<!--	Observed cookie domains:
+			<!--	+ve:
+					-->
+			<test url="http://me.sailthru.com/ForresterReport_Power-of-Context.html" />
+			<test url="http://me.sailthru.com/InternetRetailer_Forrester_Report.html" />
+			<test url="http://me.sailthru.com/Organic-Resource-Library_Mary_Meeker_Report.html" />
+			<test url="http://me.sailthru.com/Partner-Portal.html" />
+			<test url="http://me.sailthru.com/ResourceLibrary_ForresterReport_Advance_to_Next_Generation_Personalization.html" />
+			<test url="http://me.sailthru.com/ResourceLibrary_Holiday-Retail-Playbook.html" />
+			<test url="http://me.sailthru.com/ResourceLibrary_TEI_STUDY.html" />
+			<test url="http://me.sailthru.com/UKPersonalisationReport_DownloadNow.html" />
 
-			- .getstarted
-			- my
+			<!--	-ve:
 					-->
+			<test url="http://me.sailthru.com/css/mktLPSupport.css" />
+			<test url="http://me.sailthru.com/images/forms/backRequiredGray.gif" />
+			<test url="http://me.sailthru.com/rs/sailthru/images/lp-logo-blue.png" />
 
-	<securecookie host=".+\.sailthru\.com$" name=".+" />
 
+	<securecookie host=".+" name=".+" />
 
-	<!--	Observed subdomains:
 
-			- ak
-			- blog
-			- cb
-			- getstarted
-			- my
-			- www
-					-->
-	<rule from="^http://(\w+\.)?sailthru\.com/"
-		to="https://$1sailthru.com/" />
+	<rule from="^http://sailthru\.com/"
+		to="https://www.sailthru.com/" />
+
+	<rule from="^http://me\.sailthru\.com/+(?:\?.*)?$"
+		to="https://www.sailthru.com/" />
+
+		<test url="http://me.sailthru.com/?f" />
+		<test url="http://me.sailthru.com/?o" />
+		<test url="http://me.sailthru.com/?b" />
+		<test url="http://me.sailthru.com/?a" />
+
+	<rule from="^http://me\.sailthru\.com/"
+		to="https://na-sj08.marketo.com/" />
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Sainsburys.co.uk.xml b/src/chrome/content/rules/Sainsburys.co.uk.xml
new file mode 100644
index 000000000000..44b6149d8f7d
--- /dev/null
+++ b/src/chrome/content/rules/Sainsburys.co.uk.xml
@@ -0,0 +1,5 @@
+<ruleset name="Sainsburys.co.uk">
+  <target host="www.sainsburys.co.uk" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Sak.sk.xml b/src/chrome/content/rules/Sak.sk.xml
new file mode 100644
index 000000000000..94c5399e26f6
--- /dev/null
+++ b/src/chrome/content/rules/Sak.sk.xml
@@ -0,0 +1,6 @@
+<ruleset name="Sak.sk">
+	<target host="www.sak.sk" />
+	<target host="rk.sak.sk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Sakura.ne.jp.xml b/src/chrome/content/rules/Sakura.ne.jp.xml
new file mode 100644
index 000000000000..1fadabc5db44
--- /dev/null
+++ b/src/chrome/content/rules/Sakura.ne.jp.xml
@@ -0,0 +1,53 @@
+<!--
+	Other Sakura Internet rulesets:
+
+		- arukas.io.xml
+		SAKURA_Internet.xml
+
+
+	Nonfunctional hosts in *sakura.ne.jp:
+
+		- (www.)? ᵈ
+		- sakuraha-ai ᵈ
+
+	ᵈ Dropped
+
+
+	Problematic hosts in *sakura.ne.jp:
+
+		- ct-mkt ᵇ
+
+	ᵇ Breaks stylesheets <= protocol-relative embeds
+
+
+	Insecure cookies are set for these hosts:
+
+		- ct-mkt.sakura.ne.jp
+
+
+	Mixed content:
+
+		- Images on ct-mkt from knowledge.sakura.ad.jp ᵃ
+		- Bug on ct-mkt from b.st-hatena.com ˢ
+
+	ᵃ Unsecurable <= shows another domain
+	ˢ Secured by us
+
+-->
+<ruleset name="Sakura.ne.jp (partial)" default_off="breaks stylesheets">
+
+	<target host="ct-mkt.sakura.ne.jp" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^ct-mkt\.sakura\.ne\.jp$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\." name="^_gat?$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Salah.com.xml b/src/chrome/content/rules/Salah.com.xml
new file mode 100644
index 000000000000..2e49553627ae
--- /dev/null
+++ b/src/chrome/content/rules/Salah.com.xml
@@ -0,0 +1,14 @@
+<!--
+	Mismatch:
+		www.salah.com
+-->
+<ruleset name="Salah.com">
+	<target host="salah.com" />
+	<target host="www.salah.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://www\.salah\.com/" to="https://salah.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SaleCycle.xml b/src/chrome/content/rules/SaleCycle.xml
index ce67cec1f976..670c9835a9e6 100644
--- a/src/chrome/content/rules/SaleCycle.xml
+++ b/src/chrome/content/rules/SaleCycle.xml
@@ -16,13 +16,16 @@
 -->
 <ruleset name="SaleCycle (partial)">
 
-	<target host="*.salecycle.com" />
+	<target host="app.salecycle.com" />
+	<target host="app-staging.salecycle.com" />
+	<target host="platform.salecycle.com" />
+	<target host="platform-staging.salecycle.com" />
+	<target host="reports.salecycle.com" />
 
 
 	<securecookie host="^platform(?:-staging)?\.salecycle\.com$" name=".+" />
 
 
-	<rule from="^http://((?:app|platform)(?:-staging)?|reports)\.salecycle\.com/"
-		to="https://$1.salecycle.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Salenames.ru.xml b/src/chrome/content/rules/Salenames.ru.xml
new file mode 100644
index 000000000000..2e394905a330
--- /dev/null
+++ b/src/chrome/content/rules/Salenames.ru.xml
@@ -0,0 +1,13 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://partner.salenames.ru/ => https://partner.salenames.ru/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+-->
+<ruleset name="Salenames.ru" default_off="failed ruleset test">
+	<target host="salenames.ru" />
+	<target host="www.salenames.ru" />
+	<target host="partner.salenames.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Salesforce.com-clients.xml b/src/chrome/content/rules/Salesforce.com-clients.xml
deleted file mode 100644
index 4df3a034390f..000000000000
--- a/src/chrome/content/rules/Salesforce.com-clients.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	This ruleset is for Salesforce.com clients
-	which otherwise have no rules off by default.
-
--->
-<ruleset name="Salesforce.com clients" default_off="mismatch">
-
-	<target host="help.grooveshark.com" />
-
-
-	<!--	Redirects to s3.amazonaws.com/assistly-production/, but
-		requires authentication params to fetch.	-->
-	<rule from="^http://help\.grooveshark\.com/customer/portal/attachments/"
-		to="https://help.grooveshark.com/customer/portal/attachments/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Salesforce.com.xml b/src/chrome/content/rules/Salesforce.com.xml
index 4bfe409777aa..9736700871d1 100644
--- a/src/chrome/content/rules/Salesforce.com.xml
+++ b/src/chrome/content/rules/Salesforce.com.xml
@@ -6,13 +6,18 @@
 		- Data.com.xml
 		- Database.com.xml
 		- Desk.com.xml
+		- Salesforce_Live_Agent.com.xml
 
 
 	CDN buckets:
 
 		- s3.amazonaws.com/dfc-wiki/
 		- d3cpryevho78f5.cloudfront.net
+
 		- secure.sfdcstatic.com.edgekey.net
+
+			- www.sfdcstatic.com
+
 		- www2.sfdcstatic.com.edgesuite.net
 		- sforce.i.lithium.com
 		- c9649669.r69.cf2.rackcdn.com
@@ -40,7 +45,6 @@
 		- force.com *
 		- partners.salesforce.com	(works, mismatched, CN: www.salesforce.com)
 		- uesurveys.salesforce.com	(works; mismatched, CN: *.datstathost.com)
-		- www.sfdcstatic.com		(akamai)
 
 	* Times out
 
@@ -76,6 +80,7 @@
 			- ap
 			- appexchange
 			- appexchangejp
+			- developer
 			- emea
 			- help
 			- lct
@@ -101,11 +106,14 @@
 				- na1[0-5]-api
 				- tapp0-api
 
+			- omtr2.partners
 			- ssl
 			- store
 			- success
 			- trust
 
+		- www.sfdcstatic.com
+
 -->
 <ruleset name="Salesforce.com (partial)">
 
@@ -118,37 +126,35 @@
 	<target host="*.sfdcstatic.com" />
 
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.force\.com$" name="^BrowserId$" /-->
+
 	<securecookie host="^(?:.*\.)?(?:developer|sales)?force\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?(developer)?force\.com/"
+	<rule from="^http://(?:www\.)?(developer)?force\.com/"
 		to="https://www.$1force.com/" />
 
 	<rule from="^http://(blogs|events|wiki|workbench)\.developerforce\.com/"
 		to="https://$1.developerforce.com/" />
 
-	<rule from="^https?://boards\.developerforce\.com/"
+	<rule from="^http://boards\.developerforce\.com/"
 		to="https://sforce.i.lithium.com/" />
 
 	<rule from="^http://(cms-stg|c\.\w\w\d+\.content|[\w-]+\.secure|www2|www-blitz0\d)\.force\.com/"
 		to="https://$1.force.com/" />
 
-	<rule from="^https?://sites\.force\.com/appexchange/home$"
+	<rule from="^http://sites\.force\.com/appexchange/home$"
 		to="https://appexchange.salesforce.com/" />
 
-	<rule from="^http://((?:ap|appexchange(?:jp)?|emea|help|lct|login|\w{2,4}\d+(?:-api)?|[\w-]+\.my|ssl|store|success|trust|www)\.)?salesforce\.com/"
+	<rule from="^http://((?:ap|appexchange(?:jp)?|developer|emea|help|lct|login|\w{2,4}\d+(?:-api)?|[\w-]+\.my|omtr2\.partners|ssl|store|success|trust|www)\.)?salesforce\.com/"
 		to="https://$1salesforce.com/" />
 
-	<rule from="^https?://(?:www\.)?salesforce\.com/(assets|common)/"
-		to="https://secure2.sfdcstatic.com/$1/" />
-
-	<rule from="^https?://partners\.salesforce\.com/(?:[^\?]*)(\?.*)$"
+	<rule from="^http://partners\.salesforce\.com/(?:[^\?]*)(\?.*)$"
 		to="https://www.salesforce.com/partners/$1" />
 
-	<rule from="^http://secure\.sfdcstatic\.com/"
-		to="https://secure.sfdcstatic.com/" />
-
-	<rule from="^https?://(?:secure|www)2\.sfdcstatic\.com/"
-		to="https://secure2.sfdcstatic.com/"/>
+	<rule from="^http://(secure2?|www2?)\.sfdcstatic\.com/"
+		to="https://$1.sfdcstatic.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Salesforce_Live_Agent.com.xml b/src/chrome/content/rules/Salesforce_Live_Agent.com.xml
new file mode 100644
index 000000000000..1fcb6262d4c8
--- /dev/null
+++ b/src/chrome/content/rules/Salesforce_Live_Agent.com.xml
@@ -0,0 +1,28 @@
+<!--
+	For other Salesforce.com coverage, see Salesforce.com.xml.
+
+
+	Fully covered subdomains:
+
+
+		- (*.)?la\w{3}:
+
+			- la1w1
+			- c.la1w1:
+			- la5cs
+
+		- la5cs
+
+-->
+<ruleset name="Salesforce Live Agent.com">
+
+	<target host="*.salesforceliveagent.com" />
+
+
+	<securecookie host="^(?:\w+\.)?la\w{3}\.salesforceliveagent\.com$" name=".+" />
+
+
+	<rule from="^http://(\w+\.)?la(\w{3})\.salesforceliveagent\.com/"
+		to="https://$1la$2.salesforceliveagent.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Salk_Institute.xml b/src/chrome/content/rules/Salk_Institute.xml
index cde96ff7af98..ccbbb986c062 100644
--- a/src/chrome/content/rules/Salk_Institute.xml
+++ b/src/chrome/content/rules/Salk_Institute.xml
@@ -4,7 +4,6 @@
 	<target host="www.salk.edu" />
 
 
-	<rule from="^http://(www\.)?salk\.edu/"
-		to="https://$1salk.edu/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Salla.sa.xml b/src/chrome/content/rules/Salla.sa.xml
new file mode 100644
index 000000000000..581c6818f9e4
--- /dev/null
+++ b/src/chrome/content/rules/Salla.sa.xml
@@ -0,0 +1,9 @@
+<ruleset name="Salla.sa">
+	<target host="salla.sa" />
+	<target host="www.salla.sa" />
+	<target host="s.salla.sa" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Sally_Beauty.com.xml b/src/chrome/content/rules/Sally_Beauty.com.xml
new file mode 100644
index 000000000000..567bb7885098
--- /dev/null
+++ b/src/chrome/content/rules/Sally_Beauty.com.xml
@@ -0,0 +1,62 @@
+<!--
+	Nonfunctional hosts in *sallybeauty.com:
+
+		- jobs *
+		- prodirectory *
+		- stores *
+
+	* Dropped
+
+
+	Problematic hosts in *sallybeauty.com:
+
+		- ^ *
+
+	* Mismatched
+
+
+	Fully covered hosts in *sallybeauty.com:
+
+		- (www.)?	(^ → www)
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.sallybeauty.com
+
+
+	Mixed content:
+
+		- css from sallybeauty.ugc.bazaarvoice.com *
+		- Images from sallybeauty.ugc.bazaarvoice.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Sally Beauty.com (partial)" platform="mixedcontent">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="sallybeauty.ugc.bazaarvoice.com" />
+
+	<target host="www.sallybeauty.com" />
+
+	<!--	Complications:
+				-->
+	<target host="sallybeauty.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.sallybeauty\.com$" name="^(currentSite|dwac_[a-9a-zA-Z]{32}|dwanonymous_[\da-f]{32}|dwpersonalization_[\da-f]{32}|dwsid|sid)$" /-->
+
+	<securecookie host="^www\.sallybeauty\.com$" name=".+" />
+
+
+	<rule from="^http://sallybeauty\.com/"
+		to="https://www.sallybeauty.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Salon.xml b/src/chrome/content/rules/Salon.xml
index f79f144240c6..d5af9bd5b64a 100644
--- a/src/chrome/content/rules/Salon.xml
+++ b/src/chrome/content/rules/Salon.xml
@@ -1,24 +1,66 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://images.salon.com/ => https://images.salon.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.salon.com/ => https://www.salon.com/: Too many redirects while fetching 'https://www.salon.com/'
+Fetch error: http://salon.com/ => https://www.salon.com/: Too many redirects while fetching 'https://www.salon.com/'
+
 	CDN buckets:
 
 		- media.salon.com.edgesuite.net
-			- media.salon.com
-
 		- www.salon.com.edgesuite.net
+
+		- global.prod.fastly.net
+
 			- images.salon.com
+			- media.salon.com
 			- www.salon.com
 
+
+	^salon.com: Expired
+
+
+	Insecure cookies are set for these domains:
+
+		- .salon.com
+
+
+	Mixed content:
+
+		- Images on www from media *
+
+		- Ads/bugs, on www from:
+
+			- s3-ak.buzzfed.com *
+			- b.scorecardresearch.com *
+
+	* Secured by us
+
 -->
-<ruleset name="Salon" default_off="Akamai">
+<ruleset name="Salon.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="images.salon.com" />
+	<target host="media.salon.com" />
+	<target host="www.salon.com" />
 
+	<!--	Complications:
+				-->
 	<target host="salon.com" />
-	<target host="*.salon.com" />
 
 
-	<rule from="^https?://(?:images\.|www\.)?salon\.com/"
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.salon\.com$" name="^__qca$" /-->
+
+	<securecookie host="^\.salon\.com$" name=".+" />
+
+
+	<rule from="^http://salon\.com/"
 		to="https://www.salon.com/" />
 
-	<rule from="^http://media\.salon\.com/"
-		to="https://media.salon.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Salsa-Labs.xml b/src/chrome/content/rules/Salsa-Labs.xml
index c715fca72d44..1e52c119767c 100644
--- a/src/chrome/content/rules/Salsa-Labs.xml
+++ b/src/chrome/content/rules/Salsa-Labs.xml
@@ -1,24 +1,76 @@
-<ruleset name="Salsa Labs (buggy)" default_off="breaks the blog">
-	<target host="salsalabs.com" />
-	<target host="*.salsalabs.com" />
+<!--
+	CDN buckets:
+
+		- dp-prod-sli-01.s3.amazonaws.com
+
+
+	Problematic domains:
+
+		- (www.)salsacommons.org	(expired 2013-02-04)
+
+
+	Fully covered domains:
+
+		- (www.)salsacommons.org	(→ salsalabs.com)
+
+		- salsalabs.com
+
+		- \w-.salsalabs.com:
+
+			- action
+			- help
+			- hq
+			- org
+			- www
+
+		- wiredforchange.com
+
+		- \w-.wiredforchange.com:
+
+			- www
+
+
+	Observed cookie domains:
+
+		- www.salsacommons.org
+
+		- salsalabs.com subdomains:
+
+			- ^
+			- action
+			- help
+			- hq
+			- org
+			- www
+
+
+	Mixed content:
+
+		- Images on www.salsalabs.com from dp-prod-sli-01.s3.amazonaws.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Salsa Labs">
+
 	<target host="salsacommons.org" />
 	<target host="www.salsacommons.org" />
+	<target host="salsalabs.com" />
+	<target host="*.salsalabs.com" />
 	<target host="wiredforchange.com" />
 	<target host="*.wiredforchange.com" />
 
-	<securecookie host="(.+)\.(salsalabs|wiredforchange)\.com$"
-			name=".*" />
 
-	<rule from="^http://(?:www\.)?salsalabs\.com/"
-		to="https://www.salsalabs.com/" />
-	<rule from="^http://([a-zA-Z0-9\-]+)\.salsalabs\.com/"
-		to="https://$1.salsalabs.com/" />
+	<securecookie host="^(?:.*\.)?(?:salsalabs|wiredforchange)\.com$" name=".+" />
 
-	<rule from="^http://(?:www\.)?salsacommons\.org/"
-		to="https://www.salsacommons.org/" />
 
-	<rule from="^http://([a-zA-Z0-9\-]+)\.wiredforchange\.com/"
-		to="https://$1.wiredforchange.com/" />
-	<rule from="^http://(www\.)?wiredforchange\.com/"
-		to="https://www.wiredforchange.com/" />
+	<rule from="^http://([\w-]+\.)?(salsalabs|wiredforchange)\.com/"
+		to="https://$1$2.com/" />
+
+	<rule from="^http://(?:www\.)?salsacommons\.org/+(?=$|\?)"
+		to="https://www.salsalabs.com/commons" />
+
+	<rule from="^http://(?:www\.)?salsacommons\.org/+"
+		to="https://www.salsalabs.com/" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/SaltStack.com.xml b/src/chrome/content/rules/SaltStack.com.xml
new file mode 100644
index 000000000000..7fc6cbfe6179
--- /dev/null
+++ b/src/chrome/content/rules/SaltStack.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Connection refused port 443:
+		- debian.saltstack.com
+
+-->
+<ruleset name="SaltStack.com">
+	<target host="saltstack.com" />
+	<target host="www.saltstack.com" />
+	<target host="bootstrap.saltstack.com" />
+	<target host="docs.saltstack.com" />
+	<target host="enterprise.saltstack.com" />
+	<target host="get.saltstack.com" />
+	<target host="jenkinsci.saltstack.com" />
+	<target host="kitchen.saltstack.com" />
+	<target host="learn.saltstack.com" />
+	<target host="repo.saltstack.com" />
+	<target host="s.saltstack.com" />
+	<target host="ssc.saltstack.com" />
+	<target host="support.saltstack.com" />
+	<target host="train.saltstack.com" />
+	<target host="training.saltstack.com" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Salvation_Army_USA.org.xml b/src/chrome/content/rules/Salvation_Army_USA.org.xml
new file mode 100644
index 000000000000..8d7d8651b2bc
--- /dev/null
+++ b/src/chrome/content/rules/Salvation_Army_USA.org.xml
@@ -0,0 +1,20 @@
+<!--
+	CDN buckets:
+
+		- s3.amazonaws.com/usn-cache.salvationarmy.org
+
+
+	(www.): 503
+
+-->
+<ruleset name="Salvation Army USA.org (partial)">
+
+	<target host="donate.salvationarmyusa.org" />
+
+
+	<securecookie host="^donate\.salvationarmyusa\.org$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SamKnows.xml b/src/chrome/content/rules/SamKnows.xml
index 6c12a56af3ff..a93355375eed 100644
--- a/src/chrome/content/rules/SamKnows.xml
+++ b/src/chrome/content/rules/SamKnows.xml
@@ -1,22 +1,20 @@
-<!--
-	Problematic domains:
-
-		- samknows.com	(401)
-
--->
 <ruleset name="SamKnows (partial)">
-
-	<target host="samknows.*" />
-	<target host="www.samknows.*" />
-
-
-	<securecookie host="^www\.samknows\.(?:com|eu)$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?samknows\.com/"
-		to="https://www.samknows.com/" />
-
-	<rule from="^http://(www\.)?samknows\.eu/"
-		to="https://$1samknows.eu/" />
-
-</ruleset>
\ No newline at end of file
+	<!-- *samknows.com -->
+	<target host="samknows.com" />
+	<target host="www.samknows.com" />
+	<target host="assets.samknows.com" />
+	<target host="availability.samknows.com" />
+	<target host="blog.samknows.com" />
+	<target host="services.samknows.com" />
+	<target host="static.samknows.com" />
+	<target host="static-dev.samknows.com" />
+	<target host="support.samknows.com" />
+
+	<!-- *samknows.eu -->
+	<target host="samknows.eu" />
+	<target host="www.samknows.eu" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Sam_Gentle.com.xml b/src/chrome/content/rules/Sam_Gentle.com.xml
new file mode 100644
index 000000000000..c28967c161ac
--- /dev/null
+++ b/src/chrome/content/rules/Sam_Gentle.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .samgentle.com
+
+-->
+<ruleset name="Sam Gentle.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="samgentle.com" />
+	<target host="www.samgentle.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.samgentle\.com$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Sam_Harris.org.xml b/src/chrome/content/rules/Sam_Harris.org.xml
new file mode 100644
index 000000000000..d91e4cabcfa9
--- /dev/null
+++ b/src/chrome/content/rules/Sam_Harris.org.xml
@@ -0,0 +1,32 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .samharris.org
+
+-->
+<ruleset name="Sam Harris.org (partial)">
+
+	<target host="samharris.org" />
+	<target host="www.samharris.org" />
+		<!--
+			Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.samharris\.org/($|book_store$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.samharris\.org/+(?!\?css=site/|cache/|css/|favicon\.ico|fonts/|images/|store(?:$|[?/])|themes/)" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.samharris\.org$" name="^(exp_cartthrob_session_id|exp_last_activity|exp_tracker|mc)$" /-->
+	<!--
+		Trackers:
+				-->
+	<securecookie host="^\.samharris\.org$" name="^(?:__cfduid|exp_last_activity|exp_tracker|mc)$" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Sam_Whited.com.xml b/src/chrome/content/rules/Sam_Whited.com.xml
new file mode 100644
index 000000000000..d971e4b596c1
--- /dev/null
+++ b/src/chrome/content/rules/Sam_Whited.com.xml
@@ -0,0 +1,17 @@
+<!--
+Automatically by https-everywhere-checker because:
+Fetch error: http://samwhited.com/ => https://samwhited.com/: (52, 'Empty reply from server')
+	www: mismatched, CN: samwhited.com
+
+-->
+<ruleset name="Sam Whited.com">
+
+	<target host="samwhited.com" />
+	<target host="blog.samwhited.com" />
+	<target host="www.samwhited.com" />
+
+
+	<rule from="^http://(?:(blog\.)|www\.)?samwhited\.com/"
+		to="https://$1samwhited.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Samba.org.xml b/src/chrome/content/rules/Samba.org.xml
deleted file mode 100644
index 26b6b9b60c47..000000000000
--- a/src/chrome/content/rules/Samba.org.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<ruleset name="Samba.org">
-
-	<target host="samba.org"/>
-	<target host="*.samba.org"/>
-		<exclusion pattern="^http://jcifs\.samba\.org/"/>
-
-	<securecookie host="^(.*\.)?samba\.org$" name=".*"/>
-
-	<rule from="^http://samba\.org/"
-		to="https://samba.org/"/>
-
-	<rule from="^http://([^/:@\.]+)\.samba\.org/"
-		to="https://$1.samba.org/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Samoanic.ws.xml b/src/chrome/content/rules/Samoanic.ws.xml
new file mode 100644
index 000000000000..1fcb3567325b
--- /dev/null
+++ b/src/chrome/content/rules/Samoanic.ws.xml
@@ -0,0 +1,8 @@
+<ruleset name="Samoanic.ws">
+	<target host="samoanic.ws" />
+	<target host="www.samoanic.ws" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Sams_Software_and_Consulting.xml b/src/chrome/content/rules/Sams_Software_and_Consulting.xml
index 6118f2821ffa..9fa8d6801af0 100644
--- a/src/chrome/content/rules/Sams_Software_and_Consulting.xml
+++ b/src/chrome/content/rules/Sams_Software_and_Consulting.xml
@@ -1,15 +1,19 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cdn.samssoftware.com.au/ => https://cdn.samssoftware.com.au/: (51, "SSL: no alternative certificate subject name matches target host name 'cdn.samssoftware.com.au'")
+
 	Some pages redirect to http.
 
 -->
-<ruleset name="Sam's Software &amp; Consulting (partial)">
+<ruleset name="Sam's Software &amp; Consulting (partial)" default_off="failed ruleset test">
 
 	<target host="samssoftware.com.au" />
-	<target host="*.samssoftware.com.au" />
+	<target host="cdn.samssoftware.com.au" />
+	<target host="www.samssoftware.com.au" />
 		<exclusion pattern="^http://(?:www\.)?samssoftware.com.au/(?!contact-us\.html|images/|index\.php\?dispatch=(?:auth\.|checkout\.cart|profiles\.add)|skins/)" />
 
 
-	<rule from="^http://(cdn\.|www\.)?samssoftware\.com\.au/"
-		to="https://$1samssoftware.com.au/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Samsclass.info.xml b/src/chrome/content/rules/Samsclass.info.xml
new file mode 100644
index 000000000000..780886ffe869
--- /dev/null
+++ b/src/chrome/content/rules/Samsclass.info.xml
@@ -0,0 +1,47 @@
+<!--
+	Nonfunctional hosts in *samsclass.info:
+
+		- attack *
+
+	* Plaintext reply
+
+
+	Insecure cookies are set for these domains:
+
+		- .samsclass.info
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- ^ from stuff.mit.edu ¹
+			- ^ from web.mit.edu ²
+
+		- favicon on ^ from $self ¹
+		- Bug on ^ from www.mit.edu ²
+
+	¹ Secured by us
+	² Unsecurable <= 401
+
+-->
+<ruleset name="samsclass.info (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="samsclass.info" />
+	<target host="games.samsclass.info" />
+	<target host="www.samsclass.info" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.samsclass\.info$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Samsung-cn.xml b/src/chrome/content/rules/Samsung-cn.xml
new file mode 100644
index 000000000000..10d3556eade2
--- /dev/null
+++ b/src/chrome/content/rules/Samsung-cn.xml
@@ -0,0 +1,20 @@
+<!--
+	For other Samsung coverage, see Samsung.com.xml.
+
+	Mismatch:
+		- (www.)?samsung.cn
+		- content.samsung.cn
+
+	Strange check error:
+		(www.)?samsung.com.cn
+		ERROR src/chrome/content/rules/Samsung-cn.xml: Non-2xx HTTP code: http://samsung.com.cn/ (200) => https://www.samsung.com.cn/ (403)
+		ERROR src/chrome/content/rules/Samsung-cn.xml: Non-2xx HTTP code: http://www.samsung.com.cn/ (200) => https://www.samsung.com.cn/ (403)
+-->
+
+<ruleset name="Samsung-cn">
+	<target host="samsungshop.com.cn" />
+	<target host="www.samsungshop.com.cn" />
+	<target host="res.samsungshop.com.cn" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Samsung-falsemixed.xml b/src/chrome/content/rules/Samsung-falsemixed.xml
deleted file mode 100644
index 457bc4217df5..000000000000
--- a/src/chrome/content/rules/Samsung-falsemixed.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<!--
-	For rules not causing false/broken MCB, see Samsung.xml.
-
--->
-<ruleset name="Samsung.com (false MCB)" platform="mixedcontent">
-
-	<target host="link.samsung.com" />
-
-
-	<rule from="^http://link\.samsung\.com/"
-		to="https://link.samsung.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Samsung.xml b/src/chrome/content/rules/Samsung.xml
index 0ab09d0bdf22..34332a78366d 100644
--- a/src/chrome/content/rules/Samsung.xml
+++ b/src/chrome/content/rules/Samsung.xml
@@ -1,21 +1,25 @@
+
 <!--
-	For rules causing false/broken MCB, see Samsung-falsemixed.xml.
+The following targets have been disabled at 2020-09-25 16:20:22:
 
+Fetch error: http://secureus.samsung.com/us/mobile/galaxy-tab/SM-T810NZWEXAR => https://secureus.samsung.com/us/mobile/galaxy-tab/SM-T810NZWEXAR: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://shop.us.samsung.com/store?Action=DisplayDrcartSummary => https://shop.us.samsung.com/store?Action=DisplayDrcartSummary: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://secureus.samsung.com/ => https://secureus.samsung.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://shop.us.samsung.com/ => https://shop.us.samsung.com/: (60, 'SSL certificate problem: certificate has expired')
 
 	Other Samsung rulesets:
 
 		- AllShare_Play.xml
-		- ChatON.xml
 		- Samsung_Apps.xml
 		- Samsung_Direct.xml
-		- Samsung_LFD.xml
+		- Samsung_Indiaestore.xml
+		- Samsung_Fire.xml
+		- Samsung_Knox.xml
 		- Samsung_mySingle.xml
 		- Samsung_Techwin.xml
 
-
 	samsungbarbarian.appspot.com
 
-
 	Nonfunctional domains:
 
 		- samsung.com subdomains:
@@ -23,107 +27,113 @@
 			- help.content *
 			- m		(503, akamai)
 			- origin *
+      - us *
 
 		- (www.)samsungmobilepress.com *
 
 	* Times out
 
-
 	Problematic domains:
 
-		- (www.)samsung.cn	(cert only matches samsung.com.cn)
-
 		- samsung.com subdomains:
 
-			- ^		(times out)
+			- ^		(timeout)
 			- chaton	(akamai)
 			- nmetrics	(mismatched, CN: *.112.2o7.net)
 			- shop.us	(some paths redirect to http)
-
+			- smm	(mismatched)
+			- stg-account	(MCB at https://stg-account.samsung.com/membership/service/getServieInfoList.do and break the auto recirect for https://stg-account.samsung.com/membership/signUp.do and so on.)
 
 	Partially covered samsung.com subdomains:
-
+		- apps	(redirects to main page of sumsung by country)
 		- opensource	(at least some pages redirect to http)
 		- shop.us	(display cart requests redirect to http)
 
-
 	Fully covered domains:
 
-		- samsung.cn subdomains:
-
-			- (www.)	(→ samsung.com.cn)
-			- content
-			- img.content
-			- pub.content
-
 		- samsung.com subdomains:
 
 			- (www.)	(^ → www)
 			- account
 			- allshareplay
-			- apps
-			- chaton	(→ web.samsungchaton.com)
 			- content
-			- img.content
-			- pub.content
 			- findmymobile
-			- findmymobile2
 			- images
 			- nmetrics	(→ samsung-com.112.2o7.net)
 			- smetrics
 			- secureus
-			- smm
-			- stg-account
 			- support-cn
-			- us
-
-		- (www.)samsung.com.cn
 
+	Insecure cookies are set for these domains:
 
-	Mixed content:
-
-		- css on link.samsung.com from pub.content.samsung.com *
+		- .samsung.com
+		- apps.samsung.com
 
 	* Secured by us
-
-
-	NB: We secure all resources, and thus
-	-falsemixed should be merged for Ffx 24.
-
 -->
-<ruleset name="Samsung (partial)">
-
-	<target host="samsung.cn" />
-	<target host="*.samsung.cn" />
-	<target host="samsung.com" />
-	<target host="*.samsung.com" />
-		<!--exclusion pattern="^http://opensource\.samsung\.com/+($|\?|community/(ajax/|community/|community\.do|guest/|proj/)|iframeMain\.do|reception/receptionSub\.do|reception\.do)" /-->
-		<exclusion pattern="^http://opensource\.samsung\.com/(?!community/(?:css/|images/|img2?/|img_model/|js2?/|org\.ditchnet\.taglib/|repository/|scmShowFileRevision(?:$|\?)|stylesheet/|usageStatistics\.do|wikiTreeMessage(?:$|\?))|css/|img/|js/)" />
-		<exclusion pattern="^http://shop\.us\.samsung\.com/store\?[aA]ction=[dD]isplay[dD][rR][cC]art[sS]ummary" />
-	<target host="samsung.com.cn" />
-	<target host="www.samsung.com.cn" />
 
+<ruleset name="Samsung.com (partial)">
 
-	<securecookie host="^\.samsung\.cn$" name=".+" />
-	<securecookie host="^(?!shop\.us\.).*\.samsung\.com$" name=".+" />
-
-
-	<rule from="^http://(img\.|pub\.)?content\.samsumg\.cn/"
-		to="https://$1content.samsung.cn/" />
-
-	<rule from="^http://(?:www\.)?samsung\.com/"
-		to="https://www.samsung.com/" />
-
-	<rule from="^http://chaton\.samsung\.com/"
-		to="https://web.samsungchaton.com/" />
+	<target host="samsung.com" />
+	<target host="www.samsung.com" />
+	<target host="account.samsung.com" />
+		<test url="http://account.samsung.com/membership/service/getServieInfoList.do/" />
+	<target host="cdn.samsung.com" />
+		<test url="http://cdn.samsung.com/common/next/css/apps/mobile/barshade.css" />
+	<target host="displaysolutions.samsung.com" />
+		<test url="http://displaysolutions.samsung.com/static/css/base.css" />
+	<target host="help.content.samsung.com" />
+		<test url="http://help.content.samsung.com/csweb/main/main.do" />
+	<target host="findmymobile.samsung.com" />
+		<test url="http://findmymobile.samsung.com/img/favicon02.ico/" />
+	<target host="images.samsung.com" />
+	<!-- target host="secureus.samsung.com" /-->
+	<target host="smetrics.samsung.com" />
+	<target host="support-cn.samsung.com" />
+		<test url="http://support-cn.samsung.com/cn/common/css/local_global_common.css" />
+	<!-- <target host="us.samsung.com" /> -->
+	<!-- target host="shop.us.samsung.com" /-->
+
+	<target host="nmetrics.samsung.com" />
+		<test url="http://nmetrics.samsung.com/b/ss/sssamsung4in" />
+
+	<target host="opensource.samsung.com" />
+
+	<exclusion pattern="^http://opensource\.samsung\.com/(ajax|community\.do|images|org\.ditchnet\.taglib|popup|scmShowFileRevision|stylesheet|usageStatistics|wikiTreeMessage)?$" />
+		<test url="http://opensource.samsung.com/ajax" />
+		<test url="http://opensource.samsung.com/community.do" />
+		<test url="http://opensource.samsung.com/images" />
+		<test url="http://opensource.samsung.com/org.ditchnet.taglib" />
+		<test url="http://opensource.samsung.com/popup" />
+		<test url="http://opensource.samsung.com/scmShowFileRevision" />
+		<test url="http://opensource.samsung.com/stylesheet" />
+		<test url="http://opensource.samsung.com/usageStatistics" />
+		<test url="http://opensource.samsung.com/wikiTreeMessage" />
+
+	<exclusion pattern="^http://opensource\.samsung\.com/reception(\.do)?/$" />
+		<test url="http://opensource.samsung.com/reception/" />
+		<test url="http://opensource.samsung.com/reception.do/" />
+
+		<!--	To https	-->
+		<test url="http://opensource.samsung.com/community/" />
+		<test url="http://opensource.samsung.com/css/" />
+		<test url="http://opensource.samsung.com/css/genUsersDefault.css" />
+		<test url="http://opensource.samsung.com/img/favicon_ico02.ico" />
+		<test url="http://opensource.samsung.com/img/" />
+		<test url="http://opensource.samsung.com/img2/" />
+		<test url="http://opensource.samsung.com/img_model" />
+		<test url="http://opensource.samsung.com/js" />
+		<test url="http://opensource.samsung.com/js2" />
+		<test url="http://opensource.samsung.com/reception/receptionSub" />
+		<test url="http://opensource.samsung.com/reception/receptionSub.do" />
+		<test url="http://opensource.samsung.com/reception/receptionSub.do?method=search&amp;searchValue=SM-N9005" />
 
 	<rule from="^http://nmetrics\.samsung\.com/"
-		to="https://samsung-com.112.2o7.net/" />
-
-	<rule from="^http://((?:stg-)?account|allshareplay|apps|(?:img\.|pub\.)?content|findmymobile2?|images|opensource|secureus|smetrics|smm|support-cn|us|shop\.us)\.samsung\.com/"
-		to="https://$1.samsung.com/" />
+			to="https://samsung-com.112.2o7.net/" />
 
-	<rule from="^http://(www\.)?samsung\.(?:com\.)?cn/"
-		to="https://$1samsung.com.cn/" />
+	<rule from="^http://samsung\.com/"
+		  	to="https://www.samsung.com/" />
 
+	<rule from="^http:"
+		  	to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/SamsungPortal.com.xml b/src/chrome/content/rules/SamsungPortal.com.xml
new file mode 100644
index 000000000000..c28c4ff268c4
--- /dev/null
+++ b/src/chrome/content/rules/SamsungPortal.com.xml
@@ -0,0 +1,19 @@
+<!--
+	Connection refused:
+		- service.samsungportal.com, equivalent to https://support-us.samsung.com/cyber/recall/washer/e/m_step_1e.jsp
+
+	Invalid certificate:
+		- japan.samsungportal.com, equivalent to rma.samsung.co.jp
+		- narsp.samsungportal.com
+-->
+
+<ruleset name="SamsungPortal.com">
+	<target host="japan.samsungportal.com" />
+	<target host="service.samsungportal.com" />
+
+	<rule from="^http://service\.samsungportal\.com/$"
+		to="https://support-us.samsung.com/cyber/recall/washer/e/m_step_1e.jsp" />
+
+	<rule from="^http://japan\.samsungportal\.com/"
+		to="https://rma.samsung.co.jp/" />
+</ruleset>
diff --git a/src/chrome/content/rules/Samsung_Apps.xml b/src/chrome/content/rules/Samsung_Apps.xml
index a4b41d8c4e57..1a403f503abf 100644
--- a/src/chrome/content/rules/Samsung_Apps.xml
+++ b/src/chrome/content/rules/Samsung_Apps.xml
@@ -1,21 +1,8 @@
 <!--
-	For other Samsung coverage, see Samsung.xml.
-
-
-	Nonfunctional subdomains:
-
-		- img		(403; mismatched, CN: ssl2.cdngc.net)
-
-
-	Problematic subdomains:
-
-		- ^		(cert only matches *.samsungapps.com)
-
+	For other Samsung coverage, see Samsung.com.xml.
 
 	Fully covered subdomains:
 
-		- (www.)	(^ → www)
-
 		- *-odc:
 
 			- au-odc
@@ -40,22 +27,45 @@
 			- us-odc
 
 		- mkt-odc
-		- tv
-
--->
-<ruleset name="Samsung Apps (partial)">
-
-	<target host="samsungapps.com" />
-	<target host="*.samsungapps.com" />
 
+	502:
+		- tv
 
-	<securecookie host="^(?:.*\.)?samsungapps\.com$" name=".+" />
+	Mismatch:
+		m.\w+
 
+	These domains will redirect to new samsung appstore auto by apps.samsung.com/mercury/main/getMain.as :
+		- ^samsungapps.com
+		- www.samsungapps.com
 
-	<rule from="^https?://(?:www\.)?samsungapps\.com/"
-		to="https://www.samsungapps.com/" />
+-->
+<ruleset name="Samsung_Apps">
 
-	<rule from="^http://(\w\w-odc|mkt-odc|tv)\.samsungapps\.com/"
+	<target host="*.samsungapps.com" />
+	<rule from="^http://(\w\w-odc|mkt-odc)\.samsungapps\.com/"
 		to="https://$1.samsungapps.com/" />
-
-</ruleset>
\ No newline at end of file
+		<test url="http://us-odc.samsungapps.com/" />
+		<test url="http://mkt-odc.samsungapps.com/" />
+
+	<rule from="^http://img\.samsungapps\.com/(.+)\.(apk|gif|pdf|swf|xls|xml)$"
+		to="https://img.samsungapps.com/$1.$2" />
+		<test url="http://img.samsungapps.com/content/51pxbaybin/2015/1211/aso_GalaxyApps_phone_oldkey_release.apk" />
+		<test url="http://img.samsungapps.com/seller/en_US/images/btn/btn_lay_close.gif" />
+		<test url="http://img.samsungapps.com/seller/en_US/images/common/poplayer/btn_close.gif" />
+		<test url="http://img.samsungapps.com/marketing/guide/tr_TR/KiesUser_guidelines_for_samsung_Apps.pdf" />
+		<test url="http://img.samsungapps.com/support/Application_protection_guide.pdf" />
+		<test url="http://img.samsungapps.com/display/2012/0327/0610/uploadfile_20120327061003463.swf" />
+		<test url="http://img.samsungapps.com/news/1st_winnerlist.xls" />
+		<test url="http://img.samsungapps.com/common/countryList.xml" />
+
+	<exclusion pattern="^http://img\.samsungapps\.com/$" />
+		<test url="http://img.samsungapps.com/" />
+
+	<rule from="^http://seller\.samsungapps\.com/"
+		to="https://seller.samsungapps.com/" />
+		<test url="http://seller.samsungapps.com/en_US/css/layer.css" />
+	<!--	error	-->
+	<exclusion pattern="^http://seller\.samsungapps\.com/tv/" />
+		<test url="http://seller.samsungapps.com/tv/portal/main" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Samsung_Direct.xml b/src/chrome/content/rules/Samsung_Direct.xml
index 8d68e2f74651..2b860aa2cd9d 100644
--- a/src/chrome/content/rules/Samsung_Direct.xml
+++ b/src/chrome/content/rules/Samsung_Direct.xml
@@ -1,17 +1,13 @@
 <!--
-	For other Samsung coverage, see Samsung.xml.
-
-
-	- ^samsungdirect.com doesn't exist
-	- Some pages redirect to http
-
+	For other Samsung coverage, see Samsung.com.xml.
 -->
-<ruleset name="Samsung Direct (partial)">
 
-	<target host="www.samsungdirect.com" />
+<ruleset name="Samsung Direct.com">
 
+	<target host="samsungdirect.com" />
+	<target host="www.samsungdirect.com" />
 
-	<rule from="^http://www\.samsungdirect\.com/(\w\w/(?:cart|create_account|login)(?:$|\?|/)|css/|favicon\.ico|images/|js/|media/)"
-		to="https://www.samsungdirect.com/$1" />
+	<rule from="^http://(www\.)?samsungdirect\.com/"
+		to="https://direct.samsungfire.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Samsung_Fire.xml b/src/chrome/content/rules/Samsung_Fire.xml
new file mode 100644
index 000000000000..e6241e6c87d8
--- /dev/null
+++ b/src/chrome/content/rules/Samsung_Fire.xml
@@ -0,0 +1,40 @@
+<!--
+
+	For other Samsung coverage, see Samsung.com.xml.
+
+	Mismatch:
+		blog
+		gooddaddy
+		s
+		weather
+		yuseong
+
+	Refused:
+		brand
+		dmptprod
+		mdirect
+		rm
+		sts
+		volleyball
+
+	Redirect to http:
+		etps
+		find
+		globalportal
+		smarket
+		u
+		us
+		v3
+
+-->
+
+<ruleset name="Samsung_Fire">
+
+	<target host="samsungfire.com" />
+	<target host="direct.samsungfire.com" />
+	<target host="m.samsungfire.com" />
+	<target host="www.samsungfire.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Samsung_Indiaestore.xml b/src/chrome/content/rules/Samsung_Indiaestore.xml
new file mode 100644
index 000000000000..86747ef380f7
--- /dev/null
+++ b/src/chrome/content/rules/Samsung_Indiaestore.xml
@@ -0,0 +1,17 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://samsungindiaestore.com/ => https://samsungindiaestore.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.samsungindiaestore.com/ => https://www.samsungindiaestore.com/: (60, 'SSL certificate problem: certificate has expired')
+
+	For other Samsung coverage, see Samsung.com.xml.
+-->
+
+<ruleset name="Samsung_Indiaestore.com" default_off="failed ruleset test">
+
+	<target host="samsungindiaestore.com" />
+	<target host="www.samsungindiaestore.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Samsung_Knox.xml b/src/chrome/content/rules/Samsung_Knox.xml
new file mode 100644
index 000000000000..12648a2fa2fb
--- /dev/null
+++ b/src/chrome/content/rules/Samsung_Knox.xml
@@ -0,0 +1,21 @@
+<!--
+	For other Samsung coverage, see Samsung.com.xml.
+-->
+
+<ruleset name="Samsung_Knox">
+
+	<target host="samsungknox.com" />
+	<target host="cdn.samsungknox.com" />
+	<target host="custom.samsungknox.com" />
+	<target host="emm.samsungknox.com" />
+	<target host="emm1.samsungknox.com" />
+	<target host="enroll.samsungknox.com" />
+	<target host="me.samsungknox.com" />
+	<target host="my.samsungknox.com" />
+	<target host="support.samsungknox.com" />
+	<target host="www.samsungknox.com" />
+	<target host="www2.samsungknox.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Samsung_LFD.xml b/src/chrome/content/rules/Samsung_LFD.xml
deleted file mode 100644
index 05bfcd483b72..000000000000
--- a/src/chrome/content/rules/Samsung_LFD.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	For other Samsung coverage, see Samsung.xml.
-
-
-	!www: mismatched
-
--->
-<ruleset name="Samsung LFD">
-
-	<target host="samsunglfd.com" />
-	<target host="www.samsunglfd.com" />
-
-
-	<securecookie host="^www\.samsunglfd\.com$" name=".+" />
-
-
-	<rule from="^https?://(?:www\.)?samsunglfd\.com/"
-		to="https://www.samsunglfd.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Samsung_Techwin.xml b/src/chrome/content/rules/Samsung_Techwin.xml
index 8eb2911dcd09..80457cfd79f9 100644
--- a/src/chrome/content/rules/Samsung_Techwin.xml
+++ b/src/chrome/content/rules/Samsung_Techwin.xml
@@ -1,25 +1,26 @@
 <!--
-	For other Samsung coverage, see Samsung.xml.
-
+	For other Samsung coverage, see Samsung.com.xml.
 
 	Nonfunctional domains:
+		- (www.)samsungtechwin.com	(to http://www.hanwhatechwin.com/)
 
-		- (www.)samsungtechwin.com	(shows co.kr; mismatched, CN: www.samsungtechwin.co.kr)
-
-
-	Cert only matches www.
-
+	Mismatch:
+		blog.samsungtechwin.com
+		eco.samsungtechwin.com
 -->
-<ruleset name="Samsung Techwin">
+
+<ruleset name="Samsung_Techwin">
 
 	<target host="samsungtechwin.co.kr" />
 	<target host="www.samsungtechwin.co.kr" />
+	<!--	Redirect to new host by server.	-->
+	<rule from="^http://(www\.)?samsungtechwin\.co\.kr/"
+		to="https://www.hanwhatechwin.co.kr/" />
 
+	<target host="hanwhatechwin.co.kr" />
+	<target host="www.hanwhatechwin.co.kr" />
+	<!--	https://^ is equal to www, however, http://^ will show 404 error page.	-->
+	<rule from="^http://(www\.)?hanwhatechwin\.co\.kr/"
+		to="https://www.hanwhatechwin.co.kr/" />
 
-	<securecookie host="^www\.samsungtechwin\.co\.kr$" name=".+" />
-
-
-	<rule from="^https?://(?:www\.)?samsungtechwin\.co\.kr/"
-		to="https://www.samsungtechwin.co.kr/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Samsung_mySingle.xml b/src/chrome/content/rules/Samsung_mySingle.xml
index b4a2b17e2cb7..38f00fb8b579 100644
--- a/src/chrome/content/rules/Samsung_mySingle.xml
+++ b/src/chrome/content/rules/Samsung_mySingle.xml
@@ -1,23 +1,41 @@
-<!--
-	For other Samsung coverage, see Samsung.xml.
-
 
-	Certs only match www.
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://light.samsung.net/ => https://light.samsung.net/: (28, 'Connection timed out after 20001 milliseconds')
+
+	For other Samsung coverage, see Samsung.com.xml.
+
+	Mismatch:
+		test.cyber.*
+		drm.*
+		ext.*
+		images.*
+		insurance.*
+		mail.insurance.*
+		sec.*
+		cpc.sec.*
+		scms.sec.*
+		www.stage.*
+		value.*
+		w\d+.*
+
+	401:
+		^
+		m
+		www
 
 -->
-<ruleset name="Samsung mySingle">
-
-	<target host="samsung.net" />
-	<target host="*.samsung.net" />
-	<target host="scss.net" />
-	<target host="www.scss.net" />
 
+<ruleset name="Samsung_mySingle (partial)" default_off="failed ruleset test">
 
-	<securecookie host="^\.samsung\.net$" name=".+" />
-	<securecookie host="^www\.scss\.net$" name=".+" />
+	<target host="light.samsung.net" />
+	<target host="scsi.sec.samsung.net" />
+	<target host="tcs.sec.samsung.net" />
+	<target host="sfts.samsung.net" />
+	<target host="ssdrm.samsung.net" />
 
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^https?://(?:www\.)?s(amsung|css)\.net/"
-		to="https://www.s$1.net/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/San-Diego-Reader.xml b/src/chrome/content/rules/San-Diego-Reader.xml
index 084ecfe70526..0d62266f24d9 100644
--- a/src/chrome/content/rules/San-Diego-Reader.xml
+++ b/src/chrome/content/rules/San-Diego-Reader.xml
@@ -1,16 +1,21 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://hummingbird.sandiegoreader.com/ => https://hummingbird.sandiegoreader.com/: (6, 'Could not resolve host: hummingbird.sandiegoreader.com')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://hummingbird.sandiegoreader.com/ => https://hummingbird.sandiegoreader.com/: (6, 'Could not resolve host: hummingbird.sandiegoreader.com')
 	Nonfunctional domains:
 
 		- media.sdreader.com
 
 -->
-<ruleset name="San Diego Reader (partial)">
+<ruleset name="San Diego Reader (partial)" default_off="failed ruleset test">
 
 	<target host="hummingbird.sandiegoreader.com" />
 
 
 	<!--	Tracking beacon	-->
-	<rule from="^http://hummingbird\.sandiegoreader\.com/"
-		to="https://hummingbird.sandiegoreader.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/San_Francisco_Marathon.xml b/src/chrome/content/rules/San_Francisco_Marathon.xml
index a3bcc3a8f060..073d4ae0041f 100644
--- a/src/chrome/content/rules/San_Francisco_Marathon.xml
+++ b/src/chrome/content/rules/San_Francisco_Marathon.xml
@@ -6,13 +6,13 @@
 -->
 <ruleset name="The San Francisco Marathon (partial)">
 
-	<target host="*.thesfmarathon.com" />
+	<target host="registration.thesfmarathon.com" />
+	<target host="sync.thesfmarathon.com" />
 
 
 	<securecookie host="^registration\.thesfmarathon\.com$" name=".+" />
 
 
-	<rule from="^http://(registration|sync)\.thesfmarathon\.com/"
-		to="https://$1.thesfmarathon.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Sanalika.xml b/src/chrome/content/rules/Sanalika.xml
index 5d0f09555cd9..0eb8b3c3cd86 100644
--- a/src/chrome/content/rules/Sanalika.xml
+++ b/src/chrome/content/rules/Sanalika.xml
@@ -6,13 +6,14 @@
 -->
 <ruleset name="Sanalika (partial)">
 
-	<target host="*.sanalika.com" />
+	<target host="cdn4.sanalika.com" />
+	<target host="fb.sanalika.com" />
+	<target host="fs.sanalika.com" />
 
 
 	<securecookie host="^fb\.sanalika\.com$" name=".+" />
 
 
-	<rule from="^http://(cdn4|fb|fs)\.sanalika\.com/"
-		to="https://$1.sanalika.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Sanalmarket.xml b/src/chrome/content/rules/Sanalmarket.xml
index 092c2d1f8dee..a266db509670 100644
--- a/src/chrome/content/rules/Sanalmarket.xml
+++ b/src/chrome/content/rules/Sanalmarket.xml
@@ -1,8 +1,11 @@
-<ruleset name="Sanalmarket">
+<ruleset name="Sanalmarket.com.tr" platform="mixedcontent">
+  <target host="images1.sanalmarket.com.tr" />
+  <target host="images2.sanalmarket.com.tr" />
+  <target host="images3.sanalmarket.com.tr" />
   <target host="www.sanalmarket.com.tr" />
   <target host="sanalmarket.com.tr" />
 
-  <securecookie host="^www\.sanalmarket\.com\.tr$" name=".*" />
+  <securecookie host="^((www)?\.)?sanalmarket\.com\.tr$" name=".+" />
 
-  <rule from="^http://(www\.)?sanalmarket\.com\.tr/kweb/" to="https://www.sanalmarket.com.tr/kweb/" />
-</ruleset>
\ No newline at end of file
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SandSMedia.com.xml b/src/chrome/content/rules/SandSMedia.com.xml
new file mode 100644
index 000000000000..ef7b73996d03
--- /dev/null
+++ b/src/chrome/content/rules/SandSMedia.com.xml
@@ -0,0 +1,34 @@
+<!--
+	Refused:
+		cdn.sandsmedia.com
+		conftool.sandsmedia.com
+		static.sandsmedia.com
+
+	Invalid certificate:
+		iframe-wptickets.sandsmedia.com
+		popup-wptickets.sandsmedia.com
+		www.popup-wptickets.sandsmedia.com
+		red.sandsmedia.com
+		shop.sandsmedia.com
+		www.ticketshop.sandsmedia.com
+		www.wptickets.sandsmedia.com
+
+-->
+<ruleset name="S and S Media.com">
+
+	<target host="sandsmedia.com" />
+	<target host="www.sandsmedia.com" />
+	<target host="callforpapers.sandsmedia.com" />
+	<target host="embedshop.sandsmedia.com" />
+	<target host="iframe-wptickets.sandsmedia.com" />
+	<target host="iframe-wpticketsuk.sandsmedia.com" />
+	<target host="tickets.sandsmedia.com" />
+	<target host="ticketshop.sandsmedia.com" />
+	<target host="wptickets.sandsmedia.com" />
+
+	<securecookie host="^\.?sandsmedia\.com$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Sandbag.xml b/src/chrome/content/rules/Sandbag.xml
deleted file mode 100644
index 4afc4a54c007..000000000000
--- a/src/chrome/content/rules/Sandbag.xml
+++ /dev/null
@@ -1,34 +0,0 @@
-<!--
-	CDN buckets:
-
-		- s3.sandbaguk.com.s3.amazonaws.com
-
-		- cdn.virtek.com.c.footprint.net
-
-			- cdn.sandbag.uk.com
-
-
-	Nonfunctional sandbag.uk.com subdomains:
-
-		- (www.) *
-		- emailmarketer *
-		- shop
-
-	* Interrupted
-
--->
-<ruleset name="Sandbag (partial)">
-
-	<target host="s3.sandbaguk.com.s3.amazonaws.com" />
-	<target host="secured.sandbag.uk.com" />
-
-
-	<!--	Forced redirection, so...
-						-->
-	<rule from="^https?://s3\.sandbaguk\.com\.s3\.amazonaws\.com/"
-		to="https://s3-eu-west-1.amazonaws.com/s3.sandbaguk.com/" />
-
-	<rule from="^http://secured\.sandbag\.uk\.com/"
-		to="https://secured.sandbag.uk.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Sandeen.net.xml b/src/chrome/content/rules/Sandeen.net.xml
new file mode 100644
index 000000000000..8584f3caf70a
--- /dev/null
+++ b/src/chrome/content/rules/Sandeen.net.xml
@@ -0,0 +1,26 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://sandeen.net/ => https://sandeen.net/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://sandeen.net/ => https://sandeen.net/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+	Mixed content:
+
+		- Images from co2now.org *
+
+	* Unsecurable
+
+-->
+<ruleset name="Sandeen.net" default_off="failed ruleset test">
+
+	<target host="sandeen.net" />
+	<target host="calendar.sandeen.net" />
+	<target host="idisk.sandeen.net" />
+	<target host="mail.sandeen.net" />
+	<target host="www.sandeen.net" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Sandia-National-Laboratories.xml b/src/chrome/content/rules/Sandia-National-Laboratories.xml
index f02847817d3c..6a6e08e48fb5 100644
--- a/src/chrome/content/rules/Sandia-National-Laboratories.xml
+++ b/src/chrome/content/rules/Sandia-National-Laboratories.xml
@@ -1,23 +1,29 @@
 <!--
-	For other US government coverage, see US-government.xml.
+	Sandia National Laboratories
 
 
-	Nonfunctional subdomains:
 
-		- (www.)	(times out)
-		- energy	(ditto)
-		- p2		(ditto)
+	Nonfunctional hosts in *sandia.gov:
+
+		- (www.) *
+		- energy *
+		- lammps *
+		- p2 *
+
+	* Dropped
 
 -->
-<ruleset name="Sandia National Laboratories (partial)">
+<ruleset name="Sandia.gov (partial)">
 
-	<target host="*.sandia.gov" />
+	<target host="ip.sandia.gov" />
+	<target host="share.sandia.gov" />
+	<target host="supplierportal.sandia.gov" />
 
 
-	<securecookie host="^\w.*\.sandia\.gov$" name=".*" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^http://(ip|share|supplierportal)\.sandia\.gov/"
-		to="https://$1.sandia.gov/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Sandilands.info.xml b/src/chrome/content/rules/Sandilands.info.xml
new file mode 100644
index 000000000000..b87752aab8d7
--- /dev/null
+++ b/src/chrome/content/rules/Sandilands.info.xml
@@ -0,0 +1,12 @@
+<ruleset name="sandilands.info">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="sandilands.info" />
+	<target host="www.sandilands.info" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Sandofsky.com.xml b/src/chrome/content/rules/Sandofsky.com.xml
new file mode 100644
index 000000000000..73a58833adc3
--- /dev/null
+++ b/src/chrome/content/rules/Sandofsky.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="Sandofsky.com">
+
+	<target host="sandofsky.com" />
+	<target host="www.sandofsky.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Sandstorm-Media.de.xml b/src/chrome/content/rules/Sandstorm-Media.de.xml
new file mode 100644
index 000000000000..e7d4d1496b2c
--- /dev/null
+++ b/src/chrome/content/rules/Sandstorm-Media.de.xml
@@ -0,0 +1,29 @@
+<!--
+	For other Sandstorm Media coverage, see Sandstorm.de.xml.
+
+
+	www.sandstorm-media.de: Redirects to activecollab.sandstorm.de
+
+-->
+<ruleset name="Sandstorm-Media.de">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="sandstorm-media.de" />
+	<target host="stats.sandstorm-media.de" />
+
+	<!--	Complications:
+				-->
+	<target host="www.sandstorm-media.de" />
+
+
+	<!--	Redirect keeps path, args,
+		and forward slash:
+					-->
+	<rule from="^http://www\.sandstorm-media\.de/"
+		to="https://sandstorm-media.de/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Sandstorm.de.xml b/src/chrome/content/rules/Sandstorm.de.xml
new file mode 100644
index 000000000000..cf621d005fa7
--- /dev/null
+++ b/src/chrome/content/rules/Sandstorm.de.xml
@@ -0,0 +1,44 @@
+<!--
+	Other Sandstorm Media rulesets:
+
+		- Sandstorm-Media.de.xml
+
+		-
+	* www.sandstorm.de: Redirects to activecollab.sandstorm.de
+
+
+	Insecure cookies are set for these domains:
+
+		- .sandstorm.de
+
+-->
+<ruleset name="Sandstorm.de">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="sandstorm.de" />
+	<target host="activecollab.sandstorm.de" />
+	<target host="auth.sandstorm.de" />
+
+	<!--	Complications:
+				-->
+	<target host="www.sandstorm.de" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.sandstorm\.de$" name="^sso_session$" /-->
+
+	<securecookie host="^\.sandstorm\.de$" name=".+" />
+
+
+	<!--	Redirect keeps path, args,
+		and forward slash:
+					-->
+	<rule from="^http://www\.sandstorm\.de/"
+		to="https://sandstorm-media.de/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Sandstorm.io.xml b/src/chrome/content/rules/Sandstorm.io.xml
new file mode 100644
index 000000000000..6a09cc79d97e
--- /dev/null
+++ b/src/chrome/content/rules/Sandstorm.io.xml
@@ -0,0 +1,47 @@
+<!--
+	Other Sandstorm.io rulesets:
+
+		- Capn_Proto.org.xml
+
+
+	NB: Tor users cannot view* this website due to CloudFlare settings.
+
+	See:
+
+		- https://blog.torproject.org/blog/call-arms-helping-internet-services-accept-anonymous-users
+		- https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block-Tor-
+		- https://support.cloudflare.com/hc/en-us/articles/200170206-How-do-I-turn-I-m-Under-Attack-mode-on-
+
+	* without enabling javascript, for security and privacy implications see e.g.:
+
+		- https://www.mozilla.org/security/known-vulnerabilities/firefox.html
+		- https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-fingerprinting
+		- https://panopticlick.eff.org
+
+
+	Insecure cookies are set for these domains:
+
+		- .sandstorm.io
+
+-->
+<ruleset name="Sandstorm.io">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="sandstorm.io" />
+	<target host="blog.sandstorm.io" />
+	<target host="install.sandstorm.io" />
+	<target host="www.sandstorm.io" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.sandstorm\.io$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Sandvine.xml b/src/chrome/content/rules/Sandvine.xml
index f21ddcfc0b09..0ed4ec709d30 100644
--- a/src/chrome/content/rules/Sandvine.xml
+++ b/src/chrome/content/rules/Sandvine.xml
@@ -2,16 +2,30 @@
 	Nonfunctional subdomains
 
 		- (www.)betterbroadbandblog.com	(cert: *.sandsvine.com; shows IIS7 welcome page)
-		- sandsvine.com			(times out)
-		- www.sandsvine.com		(redirects to adfs.sandvine.com/adfs/ls/?wa=wsignin1.0)
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.sandvine.com
 
 -->
-<ruleset name="Sandvine (partial)">
+<ruleset name="Sandvine.com">
+
+	<target host="sandvine.com" />
+	<target host="sandbox.sandvine.com" />
+	<target host="support.sandvine.com" />
+	<target host="www.sandvine.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.sandvine\.com$" name="^PHPSESSID$" /-->
 
-	<target host="adfs.sandvine.com" />
+	<securecookie host="\." name="^_gat?$" />
+	<securecookie host="\w" name=".+" />
 
 
-	<rule from="^http://adfs\.sandvine\.com/"
-		to="https://adfs.sandvine.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Sanitarium.se.xml b/src/chrome/content/rules/Sanitarium.se.xml
index 1f1ea85e869f..fd42d2a4ef58 100644
--- a/src/chrome/content/rules/Sanitarium.se.xml
+++ b/src/chrome/content/rules/Sanitarium.se.xml
@@ -1,4 +1,14 @@
-<ruleset name="Sanitarium.se">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://sanitarium.se/ => https://sanitarium.se/: (7, 'Failed to connect to sanitarium.se port 443: No route to host')
+Fetch error: http://www.sanitarium.se/ => https://sanitarium.se/: (7, 'Failed to connect to sanitarium.se port 443: No route to host')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://sanitarium.se/ => https://sanitarium.se/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.sanitarium.se/ => https://sanitarium.se/: (60, 'SSL certificate problem: certificate has expired')
+-->
+<ruleset name="Sanitarium.se" default_off="failed ruleset test">
 	<target host="sanitarium.se" />
 	<target host="www.sanitarium.se" />
 	<rule from="^http://sanitarium\.se/" to="https://sanitarium.se/"/>
diff --git a/src/chrome/content/rules/Sankaty_Advisors.xml b/src/chrome/content/rules/Sankaty_Advisors.xml
index 7e1a0d78e1d6..729492c0b07b 100644
--- a/src/chrome/content/rules/Sankaty_Advisors.xml
+++ b/src/chrome/content/rules/Sankaty_Advisors.xml
@@ -1,7 +1,7 @@
 <ruleset name="Sankaty Advisors">
 
 	<target host="sankaty.com" />
-	<target host="*.sankaty.com" />
+	<target host="www.sankaty.com" />
 	<target host="sankatyadvisors.com" />
 	<target host="www.sankatyadvisors.com" />
 
@@ -9,8 +9,6 @@
 	<securecookie host="^(?:.*\.)?sankaty\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?sankaty\.com/"
-		to="https://$1sankaty.com/" />
 
 	<!--	Redirects to sankaty.com over
 		http, so copy that behavior:
@@ -18,4 +16,5 @@
 	<rule from="^http://(?:www\.)?sankatyadvisors\.com/"
 		to="https://www.sankaty.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Sanoma.com.xml b/src/chrome/content/rules/Sanoma.com.xml
index 2558cdf29819..d170aaa19ede 100644
--- a/src/chrome/content/rules/Sanoma.com.xml
+++ b/src/chrome/content/rules/Sanoma.com.xml
@@ -5,7 +5,7 @@
 	Other Sanoma Corporation rulesets:
 
 		- Sanoma.fi
-		- SEstatic.fi.xml
+		- sanomakauppa.fi.xml
 		- SNstatic.fi.xml
 
 
@@ -25,7 +25,6 @@
 	<securecookie host="^(?:w*\.)?sanoma\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?sanoma\.com/"
-		to="https://$1sanoma.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Sanoma.fi.xml b/src/chrome/content/rules/Sanoma.fi.xml
index 88435756648c..8781bde6c606 100644
--- a/src/chrome/content/rules/Sanoma.fi.xml
+++ b/src/chrome/content/rules/Sanoma.fi.xml
@@ -1,37 +1,56 @@
 <!--
+	Sanoma News
+
 	For other Sanoma Corporation coverage, see Sanoma.com.xml.
 
 
-	Sanoma News
+	Nonfunctional hosts in *sanoma.fi:
 
+		- (www.)? ᵈ
+		- media ʳ
 
-	Problematic subdomains:
+	ᵈ Dropped
+	ʳ Refused
 
-		- (www.)	(dropped)
 
+	Insecure cookies are set for these hosts: ᶜ
 
-	Fully covered subdomains:
+		- oma.sanoma.fi
 
-		- (www.)	(→ www.sanoma.com)
-		- admp-tc
-		- analytics
-		- cts
-		- sat
+	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="Sanoma.fi">
-
+<ruleset name="Sanoma.fi (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="analytics.sanoma.fi" />
+	<target host="cts.sanoma.fi" />
+	<target host="oma.sanoma.fi" />
+	<target host="ratas.sanoma.fi" />
+	<target host="sat.sanoma.fi" />
+	<target host="sn.sanoma.fi" />
+	<target host="tili.sanoma.fi" />
+
+		<test url="http://analytics.sanoma.fi/zag.gif?Log=1&amp;v_jd=1" />
+		<test url="http://tili.sanoma.fi/public/widget/css/widget.css?style=hs_blue" />
+
+	<!--	Complications:
+				-->
 	<target host="sanoma.fi" />
-	<target host="*.sanoma.fi" />
+	<target host="www.sanoma.fi" />
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^oma\.sanoma\.fi$" name="^_subs_csrf$" /-->
 
 	<!--	Tracking cookies:
 
-			- evid and evid-synced set by admp-tc
 			- v1st set by analytics
 						-->
-	<securecookie host="^\.sanoma\.fi$" name="^(?:evid|evid-synced|v1st)$" />
-	<securecookie host="^sat\.sanoma\.fi$" name=".+" />
+	<securecookie host="^\." name="^(?:evid|evid-synced|v1st)$" />
+	<securecookie host="^\w" name=".+" />
 
 
 	<!--	Server drops path:
@@ -39,7 +58,7 @@
 	<rule from="^http://(?:www\.)?sanoma\.fi/.*"
 		to="https://www.sanoma.com/fi" />
 
-	<rule from="^http://(admp-tc|analytics|cts|sat)\.sanoma\.fi/"
-		to="https://$1.sanoma.fi/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Santa_Clara_University-problematic.xml b/src/chrome/content/rules/Santa_Clara_University-problematic.xml
index 122d1d8b213b..26e2de8681c5 100644
--- a/src/chrome/content/rules/Santa_Clara_University-problematic.xml
+++ b/src/chrome/content/rules/Santa_Clara_University-problematic.xml
@@ -12,7 +12,6 @@
 		<exclusion pattern="^http://digitalcommons\.law\.scu\.edu/assets/" />
 
 
-	<rule from="^http://(astra|digitalcommons\.law)\.scu\.edu/"
-		to="https://$1.scu.edu/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Santa_Clara_University.xml b/src/chrome/content/rules/Santa_Clara_University.xml
index 745f61dea69c..18bccbcf9177 100644
--- a/src/chrome/content/rules/Santa_Clara_University.xml
+++ b/src/chrome/content/rules/Santa_Clara_University.xml
@@ -66,11 +66,11 @@
 	<rule from="^http://(www\.)?(alumnidirectory|sculib)\.scu\.edu/"
 		to="https://$1$2.scu.edu/" />
 
-	<rule from="^https?://digitalcommons\.law\.scu\.edu/assets/"
+	<rule from="^http://digitalcommons\.law\.scu\.edu/assets/"
 		to="https://dcsantaclara.bepress.com/assets/" />
 
 	<rule from="^http://l(?:aw|ib)guides\.scu\.edu/(css\d*|data|js)/"
 		to="https://libguides.com/$1/" />
 
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Santander.co.uk.xml b/src/chrome/content/rules/Santander.co.uk.xml
index b95773e1cb06..3c21351ac435 100644
--- a/src/chrome/content/rules/Santander.co.uk.xml
+++ b/src/chrome/content/rules/Santander.co.uk.xml
@@ -1,30 +1,87 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://santander.co.uk/ => https://www.santander.co.uk/: Too many redirects while fetching 'https://www.santander.co.uk/'
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://santander.co.uk/ => https://www.santander.co.uk/: Cycle detected - URL already encountered: https://www.santander.co.uk/
+	Other Santander rulesets:
+
+		- International_Payments.co.uk.xml
+
+
 	Nonfunctional subdomains:
 
-		- businesshelpcenter	(times out)
-		- helpcenter
-		- info		(404)
-		- products
+		- businesshelpcenter *
+		- corporatehelpcenter *
+		- helpcenter *
+
+	* Dropped
 
 
 	Problematic subdomains:
 
-		- ^	(cert only matches www)
+		- ^ ¹
+		- products ²
+
+	¹ Cert only matches www
+	² Refused
+
+
+	Fully covered subdomains:
+
+		- (www.)	(^ → www)
+		- apply
+		- applyonline
+		- bbsavings
+		- business
+		- desk.business
+		- onlinesalessavings
+		- products	(→ www)
+		- retail
+		- retail2
+
+
+	Observed cookie domains:
+
+		- apply ¹
+		- bbsavings ²
+		- business ¹
+		- retail ¹
+
+	¹ Secured by us <= complete support
+	² Secured by server
+
+
+	Mixed content:
+
+		- Web bugs on apply from www.sptag.com *
+
+	* Secured by us
 
 -->
-<ruleset name="Santander.co.uk (partial)">
+<ruleset name="Santander.co.uk (partial)" default_off="failed ruleset test">
 
 	<target host="santander.co.uk" />
 	<target host="*.santander.co.uk" />
 
 
-	<securecookie host="^retail\.santander\.co\.uk$" name=".+" />
+	<securecookie host="^(?:apply|business|retail)\.santander\.co\.uk$" name=".+" />
+	<!--
+		Server sets Secure for:
+					-->
+	<!--securecookie host="^bbsavings\.santander\.co\.uk$" name=".+" /-->
 
 
 	<rule from="^http://(?:www\.)?santander\.co\.uk/"
 		to="https://www.santander.co.uk/" />
 
-	<rule from="^http://(apply(?:online)?|bbsavings|onlinesalessavings|retail2?)\.santander\.co\.uk/"
+	<rule from="^http://(apply(?:online)?|bbsavings|(?:desk\.)?business|onlinesalessavings|retail2?)\.santander\.co\.uk/"
 		to="https://$1.santander.co.uk/" />
 
-</ruleset> 
+	<!--	Redirect drops path and args:
+						-->
+	<rule from="^http://products\.santander\.co\.uk/.*"
+		to="https://www.santander.co.uk/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Santoku-Linux.com.xml b/src/chrome/content/rules/Santoku-Linux.com.xml
new file mode 100644
index 000000000000..e6c9cc196e48
--- /dev/null
+++ b/src/chrome/content/rules/Santoku-Linux.com.xml
@@ -0,0 +1,15 @@
+<ruleset name="Santoku-Linux.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="santoku-linux.com" />
+	<target host="www.santoku-linux.com" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Sanworks.xml b/src/chrome/content/rules/Sanworks.xml
index c8eb3a7d8d6b..b500cda067ee 100644
--- a/src/chrome/content/rules/Sanworks.xml
+++ b/src/chrome/content/rules/Sanworks.xml
@@ -1,13 +1,16 @@
-<ruleset name="Sanworks">
+<!--
+	(www.)?: Reset
+
+-->
+<ruleset name="Sanworks" default_off="connection reset">
 
 	<target host="sanwork.com" />
-	<target host="*.sanwork.com" />
+	<target host="www.sanwork.com" />
 
 
 	<securecookie host="^\.sanwork\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?sanwork\.com/"
-		to="https://$1sanwork.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Sapato.xml b/src/chrome/content/rules/Sapato.xml
index 8552e300dacb..950cf7840770 100644
--- a/src/chrome/content/rules/Sapato.xml
+++ b/src/chrome/content/rules/Sapato.xml
@@ -8,7 +8,7 @@
 	<!--	- Cert only matches *.sapato.com
 		- Some (most?) pages 301 to http
 						-->
-	<rule from="^https?://(?:www\.)?sapato\.ru/(bitrix|css|images|personal|upload)/"
+	<rule from="^http://(?:www\.)?sapato\.ru/(bitrix|css|images|personal|upload)/"
 		to="https://www.sapato.ru/$1/" />
 
 	<!--	- Client stores have unique subdomains
@@ -19,7 +19,7 @@
 
 	<!--	Cert: *.sapato.ru
 					-->
-	<rule from="^https?://cssjs\.zapato\.ru/"
+	<rule from="^http://cssjs\.zapato\.ru/"
 		to="https://cssjs.sapato.ru/" />
 
 	<!--	- Does not support https
@@ -29,7 +29,7 @@
 		  without requires \d+ stripped, but
 		  stssl doesn't require the stripping.
 					-->
-	<rule from="^https?://st\.zapato\.ru/"
+	<rule from="^http://st\.zapato\.ru/"
 		to="https://stssl.sapato.ru/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Sape.xml b/src/chrome/content/rules/Sape.xml
index cacee4dc5123..674d7c32a568 100644
--- a/src/chrome/content/rules/Sape.xml
+++ b/src/chrome/content/rules/Sape.xml
@@ -1,31 +1,75 @@
 <!--
+	Other Sape rulesets:
+
+		- SeoWizard.ru.xml
+
+
 	Nonfunctional subdomains:
 
-		- blog
-		- forum
+		- blog *
+		- forum *
+
+	* Refused
+
+
+	Problematic subdomains:
+
+		- ^ ¹
+		- wizard ²
+
+	¹ Cert only matches *.sape.ru
+	² Mismatched, CN: *.seowizard.ru
+
+
+	Fully covered subdomains:
+
+		- (www.)?	(^ → www)
+		- action
+		- advisor
+		- articles
+		- auth
+		- help
+		- ideas
+		- passport
+		- pr
+		- static
+		- wizard	(→ www.seowizard.ru)
+
+
+	Insecure cookies are set for these domains:
+
+		- .sape.ru
+
+
+	Mixed content:
+
+		- Bug on ideas from www.facebook.com *
+
+	* Secured by us
 
 -->
-<ruleset name="Sape (partial)">
+<ruleset name="Sape.ru (partial)">
 
 	<target host="sape.ru" />
 	<target host="*.sape.ru" />
-	<!--
-		*s for cross-domain cookies.
-					-->
-	<target host="*.articles.sape.ru" />
-	<target host="*.help.sape.ru" />
-	<target host="*.pr.sape.ru" />
 
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.sape\.ru$" name="^SAPE$" /-->
+
 	<securecookie host="^.*\.sape\.ru$" name=".+" />
 
 
-	<!--	Cert only matches *.sape.ru.
-						-->
-	<rule from="^https?://(?:www\.)?sape.ru/"
+	<rule from="^http://(?:www\.)?sape\.ru/"
 		to="https://www.sape.ru/" />
 
-	<rule from="^http://(articles|help|passport|pr|static)\.sape\.ru/"
+	<!--	Redirect keeps path and args:
+						-->
+	<rule from="^http://wizard\.sape\.ru/+"
+		to="https://www.seowizard.ru/" />
+
+	<rule from="^http://(action|advisor|articles|auth|help|ideas|passport|pr|static)\.sape\.ru/"
 		to="https://$1.sape.ru/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Sapo.pt.xml b/src/chrome/content/rules/Sapo.pt.xml
deleted file mode 100644
index 61aba080707c..000000000000
--- a/src/chrome/content/rules/Sapo.pt.xml
+++ /dev/null
@@ -1,51 +0,0 @@
-<!--
-	This rule was automatically generated based on an
-	HSTS preload rule in the Chromium browser.  See
-	https://src.chromium.org/viewvc/chrome/trunk/src/net/base/transport_security_state.cc
-	for the list of preloads.  Sites are added to the Chromium
-	HSTS preload list on request from their administrators, so
-	HTTPS should work properly everywhere on this site.
- 
-	Because Chromium and derived browsers automatically force HTTPS for
-	every access to this site, this rule applies only to Firefox.
-
-
-	Mismatches:
-
-		- 404.s.sapo.pt	(CN: js.sapo.pt; works)
-		- h.s.sl.pt	(ditto)
-		- i.s.sl.pt	(ditto)
-
-
-	Nonfunctional domains:
-
-		- exameinformatica.sapo.pt
-
--->
-<ruleset name="Sapo.pt" platform="firefox">
-
-	<target host="sapo.pt" />
-	<target host="*.sapo.pt" />
-	<target host="h.s.sl.pt" />
-
-
-	<securecookie host="^(?:login|pub)\.sapo\.pt$" name=".+" />
-
-
-	<!--	- !www 403s over https
-		- !www 301s to www over http
-		- At least some pages 301 to http
-								-->
-	<rule from="^https?://(?:www\.)?sapo\.pt/(css/|imgs/|pub/|widgets/)"
-		to="https://www.sapo.pt/$1" />
-
-	<rule from="^http://(login|pub|pubimgs)\.sapo\.pt/"
-		to="https://$1.sapo.pt/" />
-
-	<rule from="^https?://h\.s\.sl\.pt/css-pt-2011/"
-		to="https://www.sapo.pt/css/" />
-
-	<rule from="^https?://h\.s\.sl\.pt/imgs/(?:v12/)?"
-		to="https://www.sapo.pt/imgs/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Sapphire.moe.xml b/src/chrome/content/rules/Sapphire.moe.xml
new file mode 100644
index 000000000000..170dc6a2b122
--- /dev/null
+++ b/src/chrome/content/rules/Sapphire.moe.xml
@@ -0,0 +1,19 @@
+<!--
+	Mismatched:
+		- status.sapphire.moe (*.statuscake.com)
+		- pomfstatus.sapph.io (*.statuscake.com)
+		- status.sapph.io (*.statuscake.com)
+-->
+
+<ruleset name="Sapphire.moe">
+	<target host="sapphire.moe" />
+	<target host="www.sapphire.moe" />
+	<target host="accounts.sapphire.moe" />
+	<target host="blog.sapphire.moe" />
+	<target host="sapph.io" />
+	<target host="www.sapph.io" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Sapphire_Forum.com.xml b/src/chrome/content/rules/Sapphire_Forum.com.xml
new file mode 100644
index 000000000000..75c97346d0bc
--- /dev/null
+++ b/src/chrome/content/rules/Sapphire_Forum.com.xml
@@ -0,0 +1,18 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://sapphireforum.com/ => https://sapphireforum.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+-->
+<ruleset name="Sapphire Forum.com" default_off="failed ruleset test">
+
+	<target host="sapphireforum.com" />
+	<target host="www.sapphireforum.com" />
+
+
+	<securecookie host="^www\.sapphireforum\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Sarava.org.xml b/src/chrome/content/rules/Sarava.org.xml
index 8644c807012c..7891dbc69cf5 100644
--- a/src/chrome/content/rules/Sarava.org.xml
+++ b/src/chrome/content/rules/Sarava.org.xml
@@ -1,15 +1,38 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://sarava.org/ => https://sarava.org/: (28, 'Connection timed out after 20001 milliseconds')
+
+	Nonfunctional subdomains:
+
+		- images *
+
+	* Refused
+
+
 	Fully covered subdomains:
 
 		- (www.)
 		- agendador
 		- anotador
+		- calendario
 		- colador
 		- e
 		- escritorio
+		- git
 		- irc
 		- keyringer
 		- lembrador
+		- manual
+		- padrao
+		- policy
+		- protocolos
+		- rectech
+		- rhatto
+		- rsp
+		- seguranca
+		- sit
+		- sit2012
 		- wiki
 
 
@@ -20,16 +43,41 @@
 		- anotador
 
 -->
-<ruleset name="Sarava.org">
+<ruleset name="Sarava.org (partial)" default_off="failed ruleset test">
 
 	<target host="sarava.org" />
-	<target host="*.sarava.org" />
+	<target host="agendador.sarava.org" />
+	<target host="anotador.sarava.org" />
+	<target host="calendario.sarava.org" />
+	<target host="colador.sarava.org" />
+	<target host="e.sarava.org" />
+	<target host="escritorio.sarava.org" />
+	<target host="git.sarava.org" />
+	<target host="irc.sarava.org" />
+	<target host="keyringer.sarava.org" />
+	<target host="lembrador.sarava.org" />
+	<target host="manual.sarava.org" />
+	<target host="padrao.sarava.org" />
+	<target host="policy.sarava.org" />
+	<target host="protocolos.sarava.org" />
+	<target host="rectech.sarava.org" />
+	<target host="rhatto.sarava.org" />
+	<target host="rsp.sarava.org" />
+	<target host="seguranca.sarava.org" />
+	<target host="sit.sarava.org" />
+	<target host="sit2012.sarava.org" />
+	<target host="wiki.sarava.org" />
+	<target host="www.sarava.org" />
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="(\.agendador|\.rectech)?\.sarava\.org$" name="^SESS[0-9a-f]{32}$" /-->
+	<!--securecookie host="anotador\.sarava\.org$" name="^express_sid$" /-->
 
 	<securecookie host=".*\.sarava\.org$" name=".+" />
 
 
-	<rule from="^http://((?:agendador|anotador|colador|e|escritorio|irc|keyringer|lembrador|wiki|www)\.)?sarava\.org/"
-		to="https://$1sarava.org/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Sarenza.xml b/src/chrome/content/rules/Sarenza.xml
index 1bafad93f39a..0a23e56f87a6 100644
--- a/src/chrome/content/rules/Sarenza.xml
+++ b/src/chrome/content/rules/Sarenza.xml
@@ -31,16 +31,16 @@
 <ruleset name="Sarenza (partial)">
 
 	<target host="eulerian.sarenza.com" />
-	<target host="*.sarenza.net" />
+	<target host="azure.sarenza.net" />
+	<target host="static1.sarenza.net" />
 
 
-	<rule from="^http://eulerian\.sarenza\.com/"
-		to="https://eulerian.sarenza.com/" />
 
-	<rule from="^https?://azure\.sarenza\.net/"
+	<rule from="^http://azure\.sarenza\.net/"
 		to="https://az104596.vo.msecnd.net/" />
 
-	<rule from="^https?://static1\.sarenza\.net/"
+	<rule from="^http://static1\.sarenza\.net/"
 		to="https://az104596.vo.msecnd.net/static/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Sashe.sk.xml b/src/chrome/content/rules/Sashe.sk.xml
new file mode 100644
index 000000000000..325e549ec1ad
--- /dev/null
+++ b/src/chrome/content/rules/Sashe.sk.xml
@@ -0,0 +1,6 @@
+<ruleset name="Sashe.sk">
+	<target host="sashe.sk" />
+	<target host="www.sashe.sk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Sass-lang.com.xml b/src/chrome/content/rules/Sass-lang.com.xml
new file mode 100644
index 000000000000..dbd9b90693f3
--- /dev/null
+++ b/src/chrome/content/rules/Sass-lang.com.xml
@@ -0,0 +1,13 @@
+<!--
+	SSL protocol error:
+		- staging.sass-lang.com
+
+	Mismatched:
+		- blog.sass-lang.com
+-->
+<ruleset name="Sass-lang.com">
+	<target host="sass-lang.com" />
+	<target host="www.sass-lang.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SatoshiDice.com.xml b/src/chrome/content/rules/SatoshiDice.com.xml
new file mode 100644
index 000000000000..620dde014494
--- /dev/null
+++ b/src/chrome/content/rules/SatoshiDice.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="SatoshiDice">
+
+	<target host="satoshidice.com" />
+	<target host="www.satoshidice.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SatoshiDice.xml b/src/chrome/content/rules/SatoshiDice.xml
deleted file mode 100644
index c7d302c3be7b..000000000000
--- a/src/chrome/content/rules/SatoshiDice.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	CDN buckets:
-
-		- s3-eu-west-1.amazonaws.com/satoshidice/
-		- d2r33zdvjxn4mg.cloudfront.net
-
--->
-<ruleset name="SatoshiDice">
-
-	<target host="satoshidice.com" />
-	<target host="www.satoshidice.com" />
-
-
-	<rule from="^https?://(?:www\.)?satoshidice\.com/"
-		to="https://d2r33zdvjxn4mg.cloudfront.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/SauceNAO.com.xml b/src/chrome/content/rules/SauceNAO.com.xml
new file mode 100644
index 000000000000..c42104ea3314
--- /dev/null
+++ b/src/chrome/content/rules/SauceNAO.com.xml
@@ -0,0 +1,14 @@
+<ruleset name="SauceNAO.com">
+
+	<target host="saucenao.com" />
+	<target host="www.saucenao.com" />
+
+
+	<!--	Server doesn't set Secure for:
+						-->
+	<securecookie host="^saucenao\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Sauce_Labs.xml b/src/chrome/content/rules/Sauce_Labs.xml
deleted file mode 100644
index e31aee731efa..000000000000
--- a/src/chrome/content/rules/Sauce_Labs.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Sauce Labs">
-
-	<target host="saucelabs.com" />
-	<target host="www.saucelabs.com" />
-
-
-	<securecookie host="^saucelabs\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?saucelabs\.com/"
-		to="https://$1saucelabs.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Saucony.com.au.xml b/src/chrome/content/rules/Saucony.com.au.xml
new file mode 100644
index 000000000000..d5b4de6d22a5
--- /dev/null
+++ b/src/chrome/content/rules/Saucony.com.au.xml
@@ -0,0 +1,12 @@
+<!--
+	Connection refused:
+		- autodiscover.saucony.com.au
+-->
+
+<ruleset name="Saucony.com.au">
+	<target host="saucony.com.au" />
+	<target host="www.saucony.com.au" />
+	<target host="help.saucony.com.au" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SaucyTime.com.xml b/src/chrome/content/rules/SaucyTime.com.xml
new file mode 100644
index 000000000000..9b5fc81a0f01
--- /dev/null
+++ b/src/chrome/content/rules/SaucyTime.com.xml
@@ -0,0 +1,44 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.saucytime.com/ => https://www.saucytime.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://saucytime.com/ => https://www.saucytime.com/: (60, 'SSL certificate problem: certificate has expired')
+
+	Problematic subdomains:
+
+		- ^ *
+		- staging *
+
+	* Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.saucytime.com
+
+-->
+<ruleset name="SaucyTime.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.saucytime.com" />
+
+	<!--	Complications:
+				-->
+	<target host="saucytime.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.saucytime\.com$" name="^(Currency|PHPSESSID)$" /-->
+
+	<securecookie host="^www\.saucytime\.com$" name=".+" />
+
+
+	<rule from="^http://saucytime\.com/"
+		to="https://www.saucytime.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SaudiAirlines.xml b/src/chrome/content/rules/SaudiAirlines.xml
new file mode 100644
index 000000000000..42c08e186cf1
--- /dev/null
+++ b/src/chrome/content/rules/SaudiAirlines.xml
@@ -0,0 +1,12 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://bookonline.saudiairlines.com/ => https://bookonline.saudiairlines.com/: (6, 'Could not resolve host: bookonline.saudiairlines.com')
+
+-->
+<ruleset name="Saudia Airlines (partial)" default_off="failed ruleset test">
+	<target host="bookonline.saudiairlines.com"/>
+	<target host="www.bookonline.saudiairlines.com"/>
+	<rule from="^http:"
+		to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/SaudiGovernment.xml b/src/chrome/content/rules/SaudiGovernment.xml
index 673a30889871..cc2f98e38974 100644
--- a/src/chrome/content/rules/SaudiGovernment.xml
+++ b/src/chrome/content/rules/SaudiGovernment.xml
@@ -1,4 +1,18 @@
-<ruleset name="Saudi Government">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://pv.gov.sa/ => https://www.pv.gov.sa/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.pv.gov.sa/ => https://www.pv.gov.sa/: (28, 'Connection timed out after 20005 milliseconds')
+Fetch error: http://mol.gov.sa/ => https://mol.gov.sa/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.mol.gov.sa/ => https://mol.gov.sa/: (7, 'Failed to connect to mol.gov.sa port 443: No route to host')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://pv.gov.sa/ => https://www.pv.gov.sa/: (28, 'Connection timed out after 10000 milliseconds')
+Fetch error: http://www.pv.gov.sa/ => https://www.pv.gov.sa/: (28, 'Connection timed out after 10000 milliseconds')
+Fetch error: http://mol.gov.sa/ => https://mol.gov.sa/: (28, 'Operation timed out after 0 milliseconds with 0 out of 0 bytes received')
+Fetch error: http://www.mol.gov.sa/ => https://mol.gov.sa/: (28, 'Operation timed out after 0 milliseconds with 0 out of 0 bytes received')
+-->
+<ruleset name="Saudi Government" default_off="failed ruleset test">
   <target host="pv.gov.sa" />
   <target host="www.pv.gov.sa" />
   <target host="saudi.gov.sa" />
diff --git a/src/chrome/content/rules/Saurik.xml b/src/chrome/content/rules/Saurik.xml
index b5945baf0fe7..4284a2a82c99 100644
--- a/src/chrome/content/rules/Saurik.xml
+++ b/src/chrome/content/rules/Saurik.xml
@@ -11,10 +11,10 @@
 -->
 <ruleset name="saurik (partial)">
 
-	<target host="*.saurik.com" />
+	<target host="cache.saurik.com" />
+	<target host="cydia.saurik.com" />
 
 
-	<rule from="^http://c(ache|ydia)\.saurik\.com/"
-		to="https://c$1.saurik.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Savana.cz.xml b/src/chrome/content/rules/Savana.cz.xml
new file mode 100644
index 000000000000..d00f982d0057
--- /dev/null
+++ b/src/chrome/content/rules/Savana.cz.xml
@@ -0,0 +1,29 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- webcontrol.savana.cz
+		- www.savana.cz
+
+-->
+<ruleset name="Savana.cz">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="savana.cz" />
+	<target host="icewarp.savana.cz" />
+	<target host="webcontrol.savana.cz" />
+	<target host="www.savana.cz" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^webcontrol\.savana\.cz$" name="^(?:PHPSESSID|SID)$" /-->
+	<!--securecookie host="^www\.savana\.cz$" name="^(?:PHPSESSID|hideCookieInfo|lang|nette-browser|savanaInfoBank|savanaRepeatedVisit)$" /-->
+
+	<securecookie host="^(?:webcontrol|www)\.savana\.cz$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Savannah-Fund.xml b/src/chrome/content/rules/Savannah-Fund.xml
index 16ceaa8e4600..5645f8c1bab6 100644
--- a/src/chrome/content/rules/Savannah-Fund.xml
+++ b/src/chrome/content/rules/Savannah-Fund.xml
@@ -1,15 +1,15 @@
-<ruleset name="Savannah Fund" default_off="mismatch">
+<ruleset name="Savannah Fund" default_off="mismatched">
 
 	<!--	Cert: *.ipower.com	-->
 	<target host="savannah.vc" />
 	<target host="www.savannah.vc" />
 
 
-	<securecookie host="^www\.savannah\.vc$" name=".*" />
+	<securecookie host="^www\.savannah\.vc$" name=".+" />
 
 
 	<!--	!www redirects to www.	-->
-	<rule from="^https?://(?:www\.)?savannah\.vc/"
+	<rule from="^http://(?:www\.)?savannah\.vc/"
 		to="https://www.savannah.vc/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/SaveDeo.com.xml b/src/chrome/content/rules/SaveDeo.com.xml
new file mode 100644
index 000000000000..3e248e1a7439
--- /dev/null
+++ b/src/chrome/content/rules/SaveDeo.com.xml
@@ -0,0 +1,37 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.savedeo.com/ => https://www.savedeo.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.savedeo.com'")
+
+	Fully covered hosts in *savedeo.com:
+
+		- (www.)?
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- savedeo.com
+		- .savedeo.com
+		- www.savedeo.com
+
+-->
+<ruleset name="SaveDeo.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="savedeo.com" />
+	<target host="www.savedeo.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?savedeo\.com$" name="^lang_code$" /-->
+	<!--securecookie host="^\.savedeo\.com$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^(?:\.|www\.)?savedeo\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SaveOurBank.coop.xml b/src/chrome/content/rules/SaveOurBank.coop.xml
new file mode 100644
index 000000000000..602fd0ba7635
--- /dev/null
+++ b/src/chrome/content/rules/SaveOurBank.coop.xml
@@ -0,0 +1,17 @@
+<!--
+	Nonfunctional hosts in *.saveourbank.coop:
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="saveourbank.coop">
+	<target host="saveourbank.coop" />
+	<target host="www.saveourbank.coop" />
+                <test url="http://saveourbank.coop/about" />
+                <test url="http://saveourbank.coop/contact" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SaveTheChildren.org.uk.xml b/src/chrome/content/rules/SaveTheChildren.org.uk.xml
new file mode 100644
index 000000000000..2f5dad15c842
--- /dev/null
+++ b/src/chrome/content/rules/SaveTheChildren.org.uk.xml
@@ -0,0 +1,24 @@
+<!--
+	Non-functional hosts
+		Timeout:
+		- savethechildren.org.uk
+
+		Peer certificate cannot be authenticated with given CA certificates:
+		- brand.savethechildren.org.uk
+-->
+<ruleset name="Save the Children.org.uk (partial)">
+	<target host="savethechildren.org.uk" />
+	<target host="www.savethechildren.org.uk" />
+	<target host="blogs.savethechildren.org.uk" />
+	<target host="secure.savethechildren.org.uk" />
+	<target host="shop.savethechildren.org.uk" />
+	<target host="stories.savethechildren.org.uk" />
+	<target host="thankyou.savethechildren.org.uk" />
+	<target host="volunteer.savethechildren.org.uk" />
+
+	<rule from="^http://savethechildren\.org\.uk/"
+		to="https://www.savethechildren.org.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Save_The_Link.org.xml b/src/chrome/content/rules/Save_The_Link.org.xml
new file mode 100644
index 000000000000..424478fe1cf4
--- /dev/null
+++ b/src/chrome/content/rules/Save_The_Link.org.xml
@@ -0,0 +1,12 @@
+<ruleset name="Save The Link.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="savethelink.org" />
+	<target host="www.savethelink.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Saveyourinternet.eu.xml b/src/chrome/content/rules/Saveyourinternet.eu.xml
new file mode 100644
index 000000000000..0fc6ac574b8f
--- /dev/null
+++ b/src/chrome/content/rules/Saveyourinternet.eu.xml
@@ -0,0 +1,35 @@
+<ruleset name="Saveyourinternet.eu">
+	<target host="saveyourinternet.eu" />
+	<target host="www.saveyourinternet.eu" />
+	<target host="at.saveyourinternet.eu" />
+	<target host="be.saveyourinternet.eu" />
+	<target host="bg.saveyourinternet.eu" />
+	<target host="cy.saveyourinternet.eu" />
+	<target host="cz.saveyourinternet.eu" />
+	<target host="de.saveyourinternet.eu" />
+	<target host="dk.saveyourinternet.eu" />
+	<target host="ee.saveyourinternet.eu" />
+	<target host="es.saveyourinternet.eu" />
+	<target host="fi.saveyourinternet.eu" />
+	<target host="fr.saveyourinternet.eu" />
+	<target host="gr.saveyourinternet.eu" />
+	<target host="hr.saveyourinternet.eu" />
+	<target host="hu.saveyourinternet.eu" />
+	<target host="ie.saveyourinternet.eu" />
+	<target host="it.saveyourinternet.eu" />
+	<target host="lt.saveyourinternet.eu" />
+	<target host="lu.saveyourinternet.eu" />
+	<target host="lv.saveyourinternet.eu" />
+	<target host="mt.saveyourinternet.eu" />
+	<target host="nl.saveyourinternet.eu" />
+	<target host="pl.saveyourinternet.eu" />
+	<target host="pt.saveyourinternet.eu" />
+	<target host="ro.saveyourinternet.eu" />
+	<target host="se.saveyourinternet.eu" />
+	<target host="si.saveyourinternet.eu" />
+	<target host="sk.saveyourinternet.eu" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SavvyHawk.com.xml b/src/chrome/content/rules/SavvyHawk.com.xml
new file mode 100644
index 000000000000..b7502063db5d
--- /dev/null
+++ b/src/chrome/content/rules/SavvyHawk.com.xml
@@ -0,0 +1,22 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://savvyhawk.com/ => https://savvyhawk.com/: (7, 'Failed to connect to savvyhawk.com port 443: Connection refused')
+Fetch error: http://www.savvyhawk.com/ => https://www.savvyhawk.com/: (7, 'Failed to connect to www.savvyhawk.com port 443: Connection refused')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://savvyhawk.com/ => https://savvyhawk.com/: (51, "SSL: no alternative certificate subject name matches target host name 'savvyhawk.com'")
+Fetch error: http://www.savvyhawk.com/ => https://www.savvyhawk.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.savvyhawk.com'")
+-->
+<ruleset name="SavvyHawk.com" default_off="failed ruleset test">
+
+	<target host="savvyhawk.com" />
+	<target host="www.savvyhawk.com" />
+
+
+	<securecookie host="^(?:www\.)?savvyhawk\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SavvySME.xml b/src/chrome/content/rules/SavvySME.xml
new file mode 100644
index 000000000000..30f0c08ef78d
--- /dev/null
+++ b/src/chrome/content/rules/SavvySME.xml
@@ -0,0 +1,7 @@
+<ruleset name="SavvySME">
+	<target host="savvysme.com.au" />
+	<target host="www.savvysme.com.au" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Say-Media-mismatches.xml b/src/chrome/content/rules/Say-Media-mismatches.xml
index c0b451353c32..0668d1875e2a 100644
--- a/src/chrome/content/rules/Say-Media-mismatches.xml
+++ b/src/chrome/content/rules/Say-Media-mismatches.xml
@@ -2,7 +2,7 @@
 	For rules that are on by default, see Say-Media.xml.
 
 -->
-<ruleset name="Say Media (mismatches)" default_off="mismatch">
+<ruleset name="Say Media (mismatches)" default_off="mismatched">
 
 	<!--	cert: *.sixapart.com	-->
 	<target host="blogs.com" />
diff --git a/src/chrome/content/rules/Say-Media.xml b/src/chrome/content/rules/Say-Media.xml
index 667aabe536ed..5e6482448292 100644
--- a/src/chrome/content/rules/Say-Media.xml
+++ b/src/chrome/content/rules/Say-Media.xml
@@ -21,7 +21,6 @@
 	<target host="www.saymedia.com" />
 
 
-	<rule from="^http://(www\.)?saymedia\.com/"
-		to="https://$1saymedia.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Sbarmen.no.xml b/src/chrome/content/rules/Sbarmen.no.xml
new file mode 100644
index 000000000000..c0fb2084f1ee
--- /dev/null
+++ b/src/chrome/content/rules/Sbarmen.no.xml
@@ -0,0 +1,34 @@
+<!--
+	^: Mismatched
+
+
+	collaboration: self-signed
+
+-->
+<ruleset name="sbarmen.no (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.sbarmen.no" />
+
+	<!--	Complications:
+				-->
+	<target host="sbarmen.no" />
+
+		<!--exclusion pattern="^http://collaboration\.sbarmen\.no/" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?sbarmen\.no$" name="^_icl_current_language$" /-->
+
+	<securecookie host="^(?:www\.)?sbarmen\.no$" name=".+" />
+
+
+	<rule from="^http://sbarmen\.no/"
+		to="https://www.sbarmen.no/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Sberbank_of_Russia.xml b/src/chrome/content/rules/Sberbank_of_Russia.xml
deleted file mode 100644
index a902cf064151..000000000000
--- a/src/chrome/content/rules/Sberbank_of_Russia.xml
+++ /dev/null
@@ -1,5 +0,0 @@
-<ruleset name="Sberbank of Russia">
-  <target host="sbrf.ru" />
-  <target host="www.sbrf.ru" />
-  <rule from="^http://(www\.)?sbrf\.ru/" to="https://www.sbrf.ru/" />
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Sberbankdirect.de.xml b/src/chrome/content/rules/Sberbankdirect.de.xml
new file mode 100644
index 000000000000..b1eba2f51b0c
--- /dev/null
+++ b/src/chrome/content/rules/Sberbankdirect.de.xml
@@ -0,0 +1,6 @@
+<ruleset name="Sberbankdirect.de">
+  <target host="sberbankdirect.de" />
+  <target host="www.sberbankdirect.de" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Sbucciami.xml b/src/chrome/content/rules/Sbucciami.xml
index 61b32de8e05c..388dbaa3c65d 100644
--- a/src/chrome/content/rules/Sbucciami.xml
+++ b/src/chrome/content/rules/Sbucciami.xml
@@ -1,13 +1,15 @@
-<ruleset name="Sbucciami">
+<ruleset name="Sbucciami.com" default_off="redirects to http">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="sbucciami.com" />
-	<target host="*.sbucciami.com" />
+	<target host="www.sbucciami.com" />
 
 
 	<securecookie host="^(?:\.?w*)?\.sbucciami\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?sbucciami\.com/"
-		to="https://$1sbucciami.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ScMagazineUS.com.xml b/src/chrome/content/rules/ScMagazineUS.com.xml
index 3cf36ec7c8bf..679c954053b6 100644
--- a/src/chrome/content/rules/ScMagazineUS.com.xml
+++ b/src/chrome/content/rules/ScMagazineUS.com.xml
@@ -1,4 +1,12 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://scmagazineus.com/ => https://scmagazineus.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.scmagazineus.com/ => https://www.scmagazineus.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.scmagazineus.com'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://scmagazineus.com/ => https://scmagazineus.com/: (28, 'Connection timed out after 10001 milliseconds')
+Fetch error: http://www.scmagazineus.com/ => https://www.scmagazineus.com/: (28, 'Connection timed out after 10001 milliseconds')
 	For other Haymarket coverage, see Haymarket.xml.
 
 
@@ -15,13 +23,12 @@
 	* CN: *.hs.llnwd.net, 400.
 
 -->
-<ruleset name="ScMagazineUS.com">
+<ruleset name="ScMagazineUS.com" default_off="failed ruleset test">
 
 	<target host="scmagazineus.com" />
 	<target host="www.scmagazineus.com" />
 
 
-	<rule from="^http://(www\.)?scmagazineus\.com/"
-		to="https://$1scmagazineus.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Scala-lang.org.xml b/src/chrome/content/rules/Scala-lang.org.xml
new file mode 100644
index 000000000000..84a8142cc304
--- /dev/null
+++ b/src/chrome/content/rules/Scala-lang.org.xml
@@ -0,0 +1,31 @@
+<!--
+	Nonfunctional hosts in *.scala-lang.org:
+		- codereview.scala-lang.org (d)
+		- days2010.scala-lang.org (i)
+		- days2011.scala-lang.org (i)
+		- days2012.scala-lang.org (i)
+
+	d: different content
+	h: http redirect
+	i: incomplete certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Scala-lang.org">
+	<target host="scala-lang.org" />
+	<target host="www.scala-lang.org" />
+	<target host="contributors.scala-lang.org" />
+	<target host="docs.scala-lang.org" />
+	<target host="index.scala-lang.org" />
+	<target host="issues.scala-lang.org" />
+	<target host="packages.scala-lang.org" />
+	<target host="platform.scala-lang.org" />
+	<target host="scaladex.scala-lang.org" />
+	<target host="scastie.scala-lang.org" />
+	<target host="users.scala-lang.org" />
+	<target host="wiki.scala-lang.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Scalability.org.xml b/src/chrome/content/rules/Scalability.org.xml
new file mode 100644
index 000000000000..afc513234583
--- /dev/null
+++ b/src/chrome/content/rules/Scalability.org.xml
@@ -0,0 +1,13 @@
+<ruleset name="Scalability.org">
+
+	<target host="scalability.org" />
+	<target host="www.scalability.org" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Scale-Engine.xml b/src/chrome/content/rules/Scale-Engine.xml
index 74608945d72c..af579a811c6f 100644
--- a/src/chrome/content/rules/Scale-Engine.xml
+++ b/src/chrome/content/rules/Scale-Engine.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://scaleengine.com/ => https://scaleengine.com/: (60, 'SSL certificate problem: certificate has expired')
+
 	Nonfunctional domains:
 
 		- [\w\-\.]+.anycastcdn.net	(CDN)
@@ -8,16 +12,15 @@
 		- \w+.cdn.scaleengine.net	(CDN; redirects to www.scaleengine.com, depth mismatched)
 
 -->
-<ruleset name="Scale Engine (partial)">
+<ruleset name="Scale Engine (partial)" default_off="failed ruleset test">
 
 	<target host="scaleengine.com" />
 	<target host="www.scaleengine.com" />
 
 
-	<securecookie host="^(www\.)?scaleengine\.com$" name=".*" />
+	<securecookie host="^(?:www\.)?scaleengine\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?scaleengine\.com/"
-		to="https://$1scaleengine.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Scaleway.com.xml b/src/chrome/content/rules/Scaleway.com.xml
new file mode 100644
index 000000000000..3e66dcc1fea3
--- /dev/null
+++ b/src/chrome/content/rules/Scaleway.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="Scaleway.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="scaleway.com" />
+	<target host="www.scaleway.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Scaling_Bitcoin.org.xml b/src/chrome/content/rules/Scaling_Bitcoin.org.xml
new file mode 100644
index 000000000000..a6c4249664cb
--- /dev/null
+++ b/src/chrome/content/rules/Scaling_Bitcoin.org.xml
@@ -0,0 +1,31 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://www.scalingbitcoin.org/ (200) => https://www.scalingbitcoin.org/ (502)
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .scalingbitcoin.org
+		- www.scalingbitcoin.org
+
+-->
+<ruleset name="Scaling Bitcoin.org" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="scalingbitcoin.org" />
+	<target host="www.scalingbitcoin.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.scalingbitcoin\.org$" name="^(?:__cfduid|__utm\w+|cf_clearance)$" /-->
+	<!--securecookie host="^www\.scalingbitcoin\.org$" name="^connect\.sid$" /-->
+
+	<securecookie host="^(?:www)?\.scalingbitcoin\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ScamFRAUDalert.xml b/src/chrome/content/rules/ScamFRAUDalert.xml
deleted file mode 100644
index 887de5c0f870..000000000000
--- a/src/chrome/content/rules/ScamFRAUDalert.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<ruleset name="scamFRAUDalert" default_off="self-signed">
-
-	<target host="scamfraudalert.com"/>
-	<target host="www.scamfraudalert.com"/>
-
-	<securecookie host="^www\.scamfraudalert\.com$" name=".*"/>
-
-	<rule from="^http://(?:www\.)?scamfraudalert\.com/"
-		to="https://www.scamfraudalert.com/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/ScanAlert.xml b/src/chrome/content/rules/ScanAlert.xml
index 3d94921a2ac0..068186fa75d0 100644
--- a/src/chrome/content/rules/ScanAlert.xml
+++ b/src/chrome/content/rules/ScanAlert.xml
@@ -2,7 +2,7 @@
 	For other Intel coverage, see Intel.xml.
 
 -->
-<ruleset name="ScanAlert (partial)">
+<ruleset name="ScanAlert.com (partial)">
 
 	<target host="images.scanalert.com" />
 
@@ -10,7 +10,7 @@
 	<securecookie host="^images\.scanalert\.com$" name=".+" />
 
 
-	<rule from="^http://images\.scanalert\.com/"
-		to="https://images.scanalert.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ScanMyServer.com.xml b/src/chrome/content/rules/ScanMyServer.com.xml
new file mode 100644
index 000000000000..0cb3d21e5e30
--- /dev/null
+++ b/src/chrome/content/rules/ScanMyServer.com.xml
@@ -0,0 +1,16 @@
+<!--
+	For other Beyond Security coverage, see Beyond-Security.xml.
+-->
+<ruleset name="ScanMyServer.com">
+
+	<target host="scanmyserver.com" />
+	<target host="www.scanmyserver.com" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Scanadu.com.xml b/src/chrome/content/rules/Scanadu.com.xml
index 0391075db942..723d26995fe5 100644
--- a/src/chrome/content/rules/Scanadu.com.xml
+++ b/src/chrome/content/rules/Scanadu.com.xml
@@ -35,4 +35,4 @@
 	<rule from="^http://indiegogo-artwork\.scanadu\.com/"
 		to="https://d229l50b5obo41.cloudfront.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Scandinavian_Photo.xml b/src/chrome/content/rules/Scandinavian_Photo.xml
index 77c9453afe98..15cc2cdfea61 100644
--- a/src/chrome/content/rules/Scandinavian_Photo.xml
+++ b/src/chrome/content/rules/Scandinavian_Photo.xml
@@ -1,11 +1,45 @@
+<!--
+	Problematic hosts:
+
+		- scandinavianphoto.fi *
+		- scandinavianphoto.no *
+		- scandinavianphoto.se *
+
+	* Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.scandinavianphoto.fi
+		- www.scandinavianphoto.no
+		- www.scandinavianphoto.se
+
+-->
 <ruleset name="Scandinavian Photo">
-	<target host="scandinavianphoto.fi"/>
+
+	<!--	Direct rewrites:
+				-->
 	<target host="www.scandinavianphoto.fi"/>
-	<target host="scandinavianphoto.se"/>
+	<target host="www.scandinavianphoto.no"/>
 	<target host="www.scandinavianphoto.se"/>
 
-	<securecookie host="^(?:www\.)?scandinavianphoto\.(?:fi|se)$" name=".+"/>
+	<!--	Complications:
+				-->
+	<target host="scandinavianphoto.fi"/>
+	<target host="scandinavianphoto.no"/>
+	<target host="scandinavianphoto.se"/>
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.scandinavianphoto\.(?:fi|se|se)$" name="^(?:\.ASPXAUTH|ASP\.NET_SessionId|lang|lb_persistence_id)$" /-->
+
+	<securecookie host="^(?:www\.)?scandinavianphoto\.(?:fi|se|se)$" name=".+" />
+
+
+	<rule from="^http://scandinavianphoto\.(fi|no|se)/"
+		to="https://www.scandinavianphoto.$1/" />
 
-	<rule from="^http://(www\.)?scandinavianphoto\.(fi|se)/"
-		to="https://$1scandinavianphoto.$2/"/>
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Scania.xml b/src/chrome/content/rules/Scania.xml
index 8426be2add5a..9e3a79e099ab 100644
--- a/src/chrome/content/rules/Scania.xml
+++ b/src/chrome/content/rules/Scania.xml
@@ -14,10 +14,10 @@
 	<target host="*.scania.com" />
 
 
-	<securecookie host="^.+\.scania\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http://(static|webapp\d+|www4)\.scania\.com/"
 		to="https://$1.scania.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Scanmarker.xml b/src/chrome/content/rules/Scanmarker.xml
index 68fb27e60976..ba79715343b6 100644
--- a/src/chrome/content/rules/Scanmarker.xml
+++ b/src/chrome/content/rules/Scanmarker.xml
@@ -1,13 +1,12 @@
 <ruleset name="Scanmarker">
 
 	<target host="scanmarker.com" />
-	<target host="*.scanmarker.com" />
+	<target host="www.scanmarker.com" />
 
 
 	<securecookie host="^(?:w*\.)?scanmarker\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?scanmarker\.com/"
-		to="https://$1scanmarker.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Scanning_Pens.co.uk.xml b/src/chrome/content/rules/Scanning_Pens.co.uk.xml
new file mode 100644
index 000000000000..05e57e4de9df
--- /dev/null
+++ b/src/chrome/content/rules/Scanning_Pens.co.uk.xml
@@ -0,0 +1,25 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://scanningpens.co.uk/ => https://scanningpens.co.uk/: (7, 'Failed to connect to www.scanningpens.co.uk port 443: Connection refused')
+Fetch error: http://www.scanningpens.co.uk/ => https://www.scanningpens.co.uk/: (7, 'Failed to connect to www.scanningpens.co.uk port 443: Connection refused')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://scanningpens.co.uk/ => https://scanningpens.co.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'scanningpens.co.uk'")
+-->
+<ruleset name="Scanning Pens.co.uk" default_off="failed ruleset test">
+
+	<target host="scanningpens.co.uk" />
+	<target host="www.scanningpens.co.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.www\.scanningpens.co.uk$" name="^frontend$" /-->
+
+	<securecookie host="^\.www\.scanningpens.co.uk$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Scans.io.xml b/src/chrome/content/rules/Scans.io.xml
new file mode 100644
index 000000000000..079a4a4544f4
--- /dev/null
+++ b/src/chrome/content/rules/Scans.io.xml
@@ -0,0 +1,12 @@
+<ruleset name="Scans.io">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="scans.io" />
+	<target host="www.scans.io" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Scanscout.com.xml b/src/chrome/content/rules/Scanscout.com.xml
index b4994fe3c493..22c72dd977bc 100644
--- a/src/chrome/content/rules/Scanscout.com.xml
+++ b/src/chrome/content/rules/Scanscout.com.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://dt.scanscout.com/ => https://dt.scanscout.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
 	For other Tremor Video coverage, see Tremor_Video.com.xml.
 
 
@@ -35,24 +39,29 @@
 	dt serves web bugs.
 
 -->
-<ruleset name="scanscout.com">
+<ruleset name="scanscout.com" default_off="failed ruleset test">
 
-	<target host="*.scanscout.com" />
+	<!--	Direct rewrites:
+				-->
+	<target host="dt.scanscout.com" />
+
+	<!--	Complications:
+				-->
+	<target host="portal.scanscout.com" />
 
 
 	<securecookie host="^\.scanscout\.com$" name="^(?:o?bsm|uid)" />
 	<securecookie host="^dt\.scanscout\.com$" name=".+" />
 
 
-	<rule from="^http://app\.scanscout\.com/"
-		to="https://a248.e.akamai.net/f/1682/6631/2d/app.scanscout.com/" />
-
-	<rule from="^http://dt\.scanscout\.com/"
-		to="https://dt.scanscout.com/" />
-
 	<!--	Server drops path:
 					-->
 	<rule from="^http://portal\.scanscout\.com/.*"
 		to="https://portal.videohub.tv/vhn" />
 
-</ruleset>
\ No newline at end of file
+		<test url="http://portal.scanscout.com//" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Sccassessor.org.xml b/src/chrome/content/rules/Sccassessor.org.xml
new file mode 100644
index 000000000000..e185197093bd
--- /dev/null
+++ b/src/chrome/content/rules/Sccassessor.org.xml
@@ -0,0 +1,27 @@
+<!--
+
+	Other County of Santa Clara rulesets:
+
+		- Sccgov.org.xml
+
+	Unsupported domains:
+
+		- rp.sccassessor.org (invalid certificate)
+
+-->
+<ruleset name="Sccassessor.org">
+
+	<target host="sccassessor.org" />
+	<target host="www.sccassessor.org" />
+	<target host="efile.sccassessor.org" />
+	<target host="rp.sccassessor.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://rp\.sccassessor\.org/"
+		to="https://www.sccassessor.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Sccgov.org.xml b/src/chrome/content/rules/Sccgov.org.xml
new file mode 100644
index 000000000000..0731af27bc59
--- /dev/null
+++ b/src/chrome/content/rules/Sccgov.org.xml
@@ -0,0 +1,69 @@
+<!--
+
+	Other County of Santa Clara rulesets:
+
+		- Sccassessor.org.xml
+
+	Unsupported domains:
+
+		- iveserver.sccgov.org (incomplete certificate chain)
+
+-->
+<ruleset name="Sccgov.org">
+
+	<target host="alertscc.com" />
+	<target host="www.alertscc.com" />
+	<target host="cepascc.org" />
+	<target host="www.cepascc.org" />
+	<target host="parkhere.org" />
+	<target host="www.parkhere.org" />
+	<target host="sccemsagency.org" />
+	<target host="www.sccemsagency.org" />
+	<target host="sccsheriff.org" />
+	<target host="www.sccsheriff.org" />
+	<target host="sherifflivescan.sccsheriff.org" />
+	<target host="sccvote.org" />
+	<target host="www.sccvote.org" />
+
+	<target host="sccgov.org" />
+	<target host="www.sccgov.org" />
+	<target host="archives.sccgov.org" />
+	<target host="dvc.sccgov.org" />
+	<target host="eservices.sccgov.org" />
+	<target host="frontcounter.sccgov.org" />
+	<target host="hhslink.sccgov.org" />
+	<target host="myhealthonline.sccgov.org" />
+	<target host="owp.sccgov.org" />
+	<target host="payments.sccgov.org" />
+	<target host="scvhhsauth.sccgov.org" />
+	<target host="scvhhsrap.sccgov.org" />
+	<target host="services.sccgov.org" />
+	<target host="sts.sccgov.org" />
+	<target host="volunteer.sccgov.org" />
+	<target host="webmail.sccgov.org" />
+	<target host="weights.sccgov.org" />
+
+	<securecookie host="^((eservices|frontcounter|hhslink|myhealthonline|payments|scvhhsauth|scvhhsrap|services|sts|volunteer|www)\.)?sccgov\.org$" name=".+" />
+
+	<rule from="^http://(www\.)?alertscc\.com/"
+		to="https://www.sccgov.org/sites/alertscc/" />
+	<rule from="^http://(www\.)?cepascc\.org/"
+		to="https://www.sccgov.org/sites/cepa/" />
+	<rule from="^http://(www\.)?parkhere\.org/grantpark$"
+		to="https://www.sccgov.org/sites/parks/parkfinder/Pages/JosephDGrant.aspx" />
+		<test url="http://www.parkhere.org/grantpark" />
+	<rule from="^http://(www\.)?parkhere\.org/"
+		to="https://www.sccgov.org/sites/parks/" />
+	<rule from="^http://(www\.)?sccemsagency\.org/"
+		to="https://www.sccgov.org/sites/ems/" />
+	<rule from="^http://(www\.)?sccsheriff\.org/"
+		to="https://www.sccgov.org/sites/sheriff/" />
+	<rule from="^http://sherifflivescan\.sccsheriff\.org/"
+		to="https://eservices.sccgov.org/sfp" />
+	<rule from="^http://(www\.)?sccvote\.org/"
+		to="https://www.sccgov.org/sites/rov/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Scene7.xml b/src/chrome/content/rules/Scene7.xml
index d767771a5322..eb5199b2f965 100644
--- a/src/chrome/content/rules/Scene7.xml
+++ b/src/chrome/content/rules/Scene7.xml
@@ -1,43 +1,659 @@
 <!--
 	For other Adobe coverage, see Adobe.xml.
 
-
 	CDN buckets:
+		- a248.e.akamai.net/f/248/9086/10h/[subdomain].scene7.com/
 
-		- a248.e.akamai.net/f/248/9086/10h/origin-g3.scene7.com/
+	Invalid certificate:
+		- www.scene7.com, equivalent to https://www.adobe.com/products/scene7.html
+		- aa.scene7.com
+		- alexandermcqueen.scene7.com
+		- anntaylor.scene7.com
+		- artigiano.scene7.com
+		- asics.scene7.com
+		- balenciaga.scene7.com
+		- benesse.scene7.com
+		- bleucerise.scene7.com
+		- castorama.scene7.com
+		- chm.scene7.com
+		- christies.scene7.com
+		- crc.scene7.com
+		- demo.scene7.com
+		- desigual.scene7.com
+		- elfa.scene7.com
+		- elkjop.scene7.com
+		- gtm-l1.emea.scene7.com
+		- origin-g3.emea.scene7.com
+		- origin-g4.emea.scene7.com
+		- origin-g8.emea.scene7.com
+		- s7fmisg.emea.scene7.com
+		- s7sps3.emea.scene7.com
+		- s7ugc3.emea.scene7.com
+		- findel.scene7.com
+		- gg.scene7.com
+		- ghdemo.scene7.com
+		- gtm-e1.scene7.com
+		- gtm-l1.scene7.com
+		- gtm-n1.scene7.com
+		- hanna.scene7.com
+		- henryschein.scene7.com
+		- hongkong.scene7.com
+		- kawala.scene7.com
+		- kentaur.scene7.com
+		- kipling.scene7.com
+		- lakeland.scene7.com
+		- lancaster.scene7.com
+		- lorealdpp.scene7.com
+		- maskworld.scene7.com
+		- macys-o.na.scene7.com
+		- origin-na1.na.scene7.com
+		- origin-na2.na.scene7.com
+		- origin-na3.na.scene7.com
+		- origin-na4.na.scene7.com
+		- origin-na5.na.scene7.com
+		- origin-na9.na.scene7.com
+		- provide-o.na.scene7.com
+		- philipsconsumer.scene7.com
+		- quickstep.scene7.com
+		- rollingrock.scene7.com
+		- s7adminui1.scene7.com
+		- s7d12.scene7.com
+		- s7d14.scene7.com
+		- s7d15.scene7.com
+		- s7d16.scene7.com
+		- s7e2a.scene7.com
+		- s7ftp2.scene7.com
+		- s7g11.scene7.com
+		- s7g12.scene7.com
+		- s7g13.scene7.com
+		- s7g14.scene7.com
+		- s7g15.scene7.com
+		- s7g16.scene7.com
+		- s7mailap1.scene7.com
+		- s7mailemea1.scene7.com
+		- s7mailemea3.scene7.com
+		- s7maillon6.scene7.com
+		- s7mailna1.scene7.com
+		- s7mds1.scene7.com
+		- s7ondemand2.scene7.com
+		- s7ondemand3.scene7.com
+		- s7report1.scene7.com
+		- s7sps1api.scene7.com
+		- s7sps1apissl-demo.scene7.com
+		- s7sps2.scene7.com
+		- s7sps2api.scene7.com
+		- s7sps3api.scene7.com
+		- s7ugc2.scene7.com
+		- s7ugc3.scene7.com
+		- s7v3.scene7.com
+		- sample.scene7.com
+		- samsungsecurepreview.scene7.com
+		- selfridgesretaillimited.scene7.com
+		- showroomprive.scene7.com
+		- spacenk.scene7.com
+		- sportthieme.scene7.com
+		- test-g4.scene7.com
+		- trigema.scene7.com
 
+	Timeout:
+		s7demo.scene7.com
+		s7sps1apissl1.scene7.com
+		s7sps7apissl.scene7.com
+		s7sps7ssl.scene7.com
+		trial.scene7.com
 
 	Problematic subdomains:
-
-		- ^	(mismatched, CN: www.adobe.com)
-		- www	(akamai)
-		- .+	(akamai)
-
-
-	Fully covered subdomains:
-
-		- (www.)	(→ www.adobe.com)
-		- www1
-		- .+		(→ akamai, per-client subdomains)
-
-
+		- s7mbrstream.scene7.com, breaks embedded video, see https://github.com/EFForg/https-everywhere/issues/2430
 -->
 <ruleset name="Scene7">
+	<target host="www.scene7.com" />
+	<target host="4m.scene7.com" />
+	<target host="actionenvelope.scene7.com" />
+	<target host="actionenvelope2.scene7.com" />
+	<target host="actionenvelope3.scene7.com" />
+	<target host="actionenvelopew2p.scene7.com" />
+	<target host="acushnet.scene7.com" />
+	<target host="adesa.scene7.com" />
+	<target host="adidasagw2p.scene7.com" />
+	<target host="aeo-o.scene7.com" />
+	<target host="albamoda.scene7.com" />
+	<target host="alinea.scene7.com" />
+	<target host="anf.scene7.com" />
+	<target host="anf-akamai.scene7.com" />
+	<target host="anf-assets1.scene7.com" />
+	<target host="anf-assets2.scene7.com" />
+	<target host="annieselke.scene7.com" />
+	<target host="argos.scene7.com" />
+	<target host="aritzia.scene7.com" />
+	<target host="armaniexchange.scene7.com" />
+	<target host="asda.scene7.com" />
+	<target host="asf.scene7.com" />
+	<target host="ashleyfurniture.scene7.com" />
+	<target host="asi.scene7.com" />
+	<target host="bank.scene7.com" />
+	<target host="basicinvite.scene7.com" />
+	<target host="basspro.scene7.com" />
+	<target host="baudville.scene7.com" />
+	<target host="baur.scene7.com" />
+	<target host="bcube.scene7.com" />
+	<target host="belk.scene7.com" />
+	<target host="bench.scene7.com" />
+	<target host="benchmarx-kitchens.scene7.com" />
+	<target host="bergdorfgoodman.scene7.com" />
+	<target host="berne.scene7.com" />
+	<target host="bevego.scene7.com" />
+	<target host="bf.scene7.com" />
+	<target host="bicgraphic.scene7.com" />
+	<target host="bigdotofhappiness.scene7.com" />
+	<target host="bjornborg.scene7.com" />
+	<target host="bkstr.scene7.com" />
+	<target host="bluetomato.scene7.com" />
+	<target host="bmdmedia.scene7.com" />
+	<target host="bmw.scene7.com" />
+	<target host="bonton.scene7.com" />
+	<target host="boombah.scene7.com" />
+	<target host="boots.scene7.com" />
+	<target host="bose.scene7.com" />
+	<target host="boulanger.scene7.com" />
+	<target host="brita.scene7.com" />
+	<target host="britachina.scene7.com" />
+	<target host="brooksbrothers.scene7.com" />
+	<target host="buffalo.scene7.com" />
+	<target host="burberry.scene7.com" />
+	<target host="burberryltd.scene7.com" />
+	<target host="buttinette.scene7.com" />
+	<target host="cabelas.scene7.com" />
+	<target host="calphalon.scene7.com" />
+	<target host="calvinklein.scene7.com" />
+	<target host="calvinklein-eu.scene7.com" />
+	<target host="canadiantire.scene7.com" />
+	<target host="cardinalhealth.scene7.com" />
+	<target host="caterpillar.scene7.com" />
+	<target host="catherines.scene7.com" />
+	<target host="cb2.scene7.com" />
+	<target host="ccf.scene7.com" />
+	<target host="celine.scene7.com" />
+	<target host="cenpac.scene7.com" />
+	<target host="certeo.scene7.com" />
+	<target host="chainreactioncycles.scene7.com" />
+	<target host="charlesvoegele.scene7.com" />
+	<target host="charming-o.scene7.com" />
+	<target host="christ.scene7.com" />
+	<target host="city-plumbing-supplies.scene7.com" />
+	<target host="cityfurniture.scene7.com" />
+	<target host="cityparfuemerie.scene7.com" />
+	<target host="coach.scene7.com" />
+	<target host="codsk.scene7.com" />
+	<target host="coeur.scene7.com" />
+	<target host="cofel.scene7.com" />
+	<target host="coin.scene7.com" />
+	<target host="companyc.scene7.com" />
+	<target host="cookielee.scene7.com" />
+	<target host="cornerstonerender.scene7.com" />
+	<target host="covidien.scene7.com" />
+	<target host="cpw-2.scene7.com" />
+	<target host="creditsuisse.scene7.com" />
+	<target host="crestbridge.scene7.com" />
+	<target host="crown.scene7.com" />
+	<target host="curvissa.scene7.com" />
+	<target host="cwonder.scene7.com" />
+	<target host="cyberport.scene7.com" />
+	<target host="daikyorealdo.scene7.com" />
+	<target host="dartagnan.scene7.com" />
+	<target host="debenhams.scene7.com" />
+	<target host="decor.scene7.com" />
+	<target host="deerberg.scene7.com" />
+	<target host="deichmann.scene7.com" />
+	<target host="dell-o.scene7.com" />
+	<target host="dfc.scene7.com" />
+	<target host="dim.scene7.com" />
+	<target host="disney-o.scene7.com" />
+	<target host="djbennett.scene7.com" />
+	<target host="dks.scene7.com" />
+	<target host="dm-shop.scene7.com" />
+	<target host="doryventures.scene7.com" />
+	<target host="dressbarn.scene7.com" />
+	<target host="dsm.scene7.com" />
+	<target host="dsm-dep.scene7.com" />
+	<target host="dsm-dnp.scene7.com" />
+	<target host="dsw.scene7.com" />
+	<target host="dune.scene7.com" />
+	<target host="e-leclerc.scene7.com" />
+	<target host="eastpak.scene7.com" />
+	<target host="easyar.scene7.com" />
+	<target host="echodesign.scene7.com" />
+	<target host="eddiebauer.scene7.com" />
+	<target host="eidupont.scene7.com" />
+	<target host="elkay.scene7.com" />
+	<target host="ellinee.scene7.com" />
+	<target host="empiriecom.scene7.com" />
+	<target host="epiroc.scene7.com" />
+	<target host="erwinmueller.scene7.com" />
+	<target host="esprit.scene7.com" />
+	<target host="eterna.scene7.com" />
+	<target host="fabrichouse.scene7.com" />
+	<target host="falabella.scene7.com" />
+	<target host="fci.scene7.com" />
+	<target host="felissimo.scene7.com" />
+	<target host="fgl.scene7.com" />
+	<target host="filausa.scene7.com" />
+	<target host="filippakab.scene7.com" />
+	<target host="fisheriessupply.scene7.com" />
+	<target host="fly.scene7.com" />
+	<target host="forte.scene7.com" />
+	<target host="fossil.scene7.com" />
+	<target host="freepeople-ugc.scene7.com" />
+	<target host="frontgate.scene7.com" />
+	<target host="fs.scene7.com" />
+	<target host="futurebazaar.scene7.com" />
+	<target host="galeton.scene7.com" />
+	<target host="garnethill.scene7.com" />
+	<target host="germancrystal.scene7.com" />
+	<target host="globerideinc.scene7.com" />
+	<target host="gorsuch.scene7.com" />
+	<target host="grandcircle.scene7.com" />
+	<target host="grandinroad.scene7.com" />
+	<target host="grattan.scene7.com" />
+	<target host="gresvig.scene7.com" />
+	<target host="griotsgarage.scene7.com" />
+	<target host="groupe-mb.scene7.com" />
+	<target host="grundfos.scene7.com" />
+	<target host="guesseu.scene7.com" />
+	<target host="guthyrenker.scene7.com" />
+	<target host="haladjian.scene7.com" />
+	<target host="halloweencity1.scene7.com" />
+	<target host="halloweencity2.scene7.com" />
+	<target host="halloweencity3.scene7.com" />
+	<target host="halloweencity4.scene7.com" />
+	<target host="halloweencity5.scene7.com" />
+	<target host="halloweencity6.scene7.com" />
+	<target host="harleydavidson.scene7.com" />
+	<target host="harryanddavid.scene7.com" />
+	<target host="havertys.scene7.com" />
+	<target host="heine.scene7.com" />
+	<target host="herroom.scene7.com" />
+	<target host="herroom0.scene7.com" />
+	<target host="herroom1.scene7.com" />
+	<target host="herroom2.scene7.com" />
+	<target host="herroom3.scene7.com" />
+	<target host="herroom4.scene7.com" />
+	<target host="herroom5.scene7.com" />
+	<target host="herroom6.scene7.com" />
+	<target host="herroom7.scene7.com" />
+	<target host="hfc.scene7.com" />
+	<target host="hhg.scene7.com" />
+	<target host="hhgregg.scene7.com" />
+	<target host="homebase.scene7.com" />
+	<target host="homecenterco.scene7.com" />
+	<target host="homemakersfurniture.scene7.com" />
+	<target host="hon.scene7.com" />
+	<target host="hottopic.scene7.com" />
+	<target host="houseoffraser.scene7.com" />
+	<target host="hsm.scene7.com" />
+	<target host="hugendubel.scene7.com" />
+	<target host="ib.scene7.com" />
+	<target host="ihg.scene7.com" />
+	<target host="iittala.scene7.com" />
+	<target host="improvements.scene7.com" />
+	<target host="imsdm.scene7.com" />
+	<target host="indigo.scene7.com" />
+	<target host="insulationgiant.scene7.com" />
+	<target host="interfaceinc.scene7.com" />
+	<target host="intersportfr.scene7.com" />
+	<target host="isetan.scene7.com" />
+	<target host="jamesavery.scene7.com" />
+	<target host="jjill-o.scene7.com" />
+	<target host="johnlewis.scene7.com" />
+	<target host="journelle.scene7.com" />
+	<target host="kaleidoscope.scene7.com" />
+	<target host="katespade.scene7.com" />
+	<target host="katespadesingapore.scene7.com" />
+	<target host="kela.scene7.com" />
+	<target host="kidoh.scene7.com" />
+	<target host="kingfisher.scene7.com" />
+	<target host="kke.scene7.com" />
+	<target host="kng.scene7.com" />
+	<target host="koffer24.scene7.com" />
+	<target host="kohler.scene7.com" />
+	<target host="kokon.scene7.com" />
+	<target host="l11.scene7.com" />
+	<target host="lacoste.scene7.com" />
+	<target host="lacosterender.scene7.com" />
+	<target host="lakelandcamel.scene7.com" />
+	<target host="lascana.scene7.com" />
+	<target host="lastcall.scene7.com" />
+	<target host="lenovo.scene7.com" />
+	<target host="lenox.scene7.com" />
+	<target host="lookagain.scene7.com" />
+	<target host="loomdecor.scene7.com" />
+	<target host="lsco.scene7.com" />
+	<target host="lsco1.scene7.com" />
+	<target host="lsco2.scene7.com" />
+	<target host="lsco3.scene7.com" />
+	<target host="lvprp.scene7.com" />
+	<target host="macys-o.scene7.com" />
+	<target host="madeleine.scene7.com" />
+	<target host="madeleine1.scene7.com" />
+	<target host="madeleine2.scene7.com" />
+	<target host="madeleine3.scene7.com" />
+	<target host="madeleine4.scene7.com" />
+	<target host="mamasandpapas.scene7.com" />
+	<target host="mandsintl.scene7.com" />
+	<target host="manufactum.scene7.com" />
+	<target host="maritz.scene7.com" />
+	<target host="matelsom.scene7.com" />
+	<target host="mauijim.scene7.com" />
+	<target host="mauricesprodatg.scene7.com" />
+	<target host="mdm.scene7.com" />
+	<target host="medion.scene7.com" />
+	<target host="menswearhouse.scene7.com" />
+	<target host="metro.scene7.com" />
+	<target host="metroua.scene7.com" />
+	<target host="mgm.scene7.com" />
+	<target host="michaelkors.scene7.com" />
+	<target host="midorianzen.scene7.com" />
+	<target host="mintedw2p.scene7.com" />
+	<target host="mirapodo.scene7.com" />
+	<target host="misumi.scene7.com" />
+	<target host="mizuno.scene7.com" />
+	<target host="mizunojp.scene7.com" />
+	<target host="mmo.scene7.com" />
+	<target host="moebelix.scene7.com" />
+	<target host="moebelmahler.scene7.com" />
+	<target host="moemax.scene7.com" />
+	<target host="mohawk.scene7.com" />
+	<target host="mooresclothing.scene7.com" />
+	<target host="morplan.scene7.com" />
+	<target host="mothercare.scene7.com" />
+	<target host="mrp.scene7.com" />
+	<target host="mrpg.scene7.com" />
+	<target host="mytoys.scene7.com" />
+	<target host="mytoysgroup.scene7.com" />
+	<target host="natpen.scene7.com" />
+	<target host="nautilus.scene7.com" />
+	<target host="nb.scene7.com" />
+	<target host="nbad.scene7.com" />
+	<target host="neebo.scene7.com" />
+	<target host="neimanmarcus.scene7.com" />
+	<target host="netrada2.scene7.com" />
+	<target host="newlook.scene7.com" />
+	<target host="newpig.scene7.com" />
+	<target host="newpigltd.scene7.com" />
+	<target host="niche.scene7.com" />
+	<target host="nissan.scene7.com" />
+	<target host="nissannorthamerica.scene7.com" />
+	<target host="nlyscandinavia.scene7.com" />
+	<target host="ochsnersport.scene7.com" />
+	<target host="odeu.scene7.com" />
+	<target host="officedepot.scene7.com" />
+	<target host="okl.scene7.com" />
+		<test url="http://okl.scene7.com/is/image/OKL/Product_SFM25142_Image_1" />
+	<target host="okl2.scene7.com" />
+		<test url="http://okl2.scene7.com/is/image/OKL/Product_SFM25130_Image_1" />
+	<target host="okl3.scene7.com" />
+	<target host="okl4.scene7.com" />
+	<target host="onlinecommerce.scene7.com" />
+	<target host="opsm.scene7.com" />
+	<target host="origin-ap1.scene7.com" />
+	<target host="origin-d3.scene7.com" />
+	<target host="origin-d4.scene7.com" />
+	<target host="origin-d5.scene7.com" />
+	<target host="orikomio.scene7.com" />
+	<target host="orion.scene7.com" />
+	<target host="otto.scene7.com" />
+	<target host="panabrasives.scene7.com" />
+	<target host="papersource.scene7.com" />
+	<target host="paris.scene7.com" />
+	<target host="partycity.scene7.com" />
+	<target host="partycity1.scene7.com" />
+	<target host="partycity2.scene7.com" />
+	<target host="partycity3.scene7.com" />
+	<target host="partycity4.scene7.com" />
+	<target host="partycity5.scene7.com" />
+	<target host="partycity6.scene7.com" />
+	<target host="peachjohn.scene7.com" />
+	<target host="peachsuite.scene7.com" />
+	<target host="pearsoneducation.scene7.com" />
+	<target host="peerless.scene7.com" />
+	<target host="petco.scene7.com" />
+	<target host="peterhahn.scene7.com" />
+	<target host="philipslighting.scene7.com" />
+	<target host="playmobil.scene7.com" />
+	<target host="postable.scene7.com" />
+	<target host="primetime.scene7.com" />
+	<target host="prucardsugc.scene7.com" />
+	<target host="puma.scene7.com" />
+	<target host="pumachina.scene7.com" />
+	<target host="pumaecom.scene7.com" />
+	<target host="purefishing.scene7.com" />
+	<target host="purefishingemea.scene7.com" />
+	<target host="purefishingffo.scene7.com" />
+	<target host="pvh.scene7.com" />
+	<target host="quill.scene7.com" />
+	<target host="qvc.scene7.com" />
+	<target host="qvc-o.scene7.com" />
+	<target host="raja.scene7.com" />
+	<target host="ralphlauren.scene7.com" />
+	<target host="ralphlauren1.scene7.com" />
+	<target host="ralphlauren2.scene7.com" />
+	<target host="ralphlauren3.scene7.com" />
+	<target host="ralphlauren4.scene7.com" />
+	<target host="ralphlauren5.scene7.com" />
+	<target host="ralphlauren6.scene7.com" />
+	<target host="ralphlauren7.scene7.com" />
+	<target host="ralphlauren8.scene7.com" />
+	<target host="ralphlaurenapac.scene7.com" />
+	<target host="raptor.scene7.com" />
+	<target host="raymourflanigan.scene7.com" />
+	<target host="redblue.scene7.com" />
+	<target host="redbullsalzburg.scene7.com" />
+	<target host="reef.scene7.com" />
+	<target host="rh-o.scene7.com" />
+	<target host="riverisland.scene7.com" />
+	<target host="rsn.scene7.com" />
+	<target host="rue21.scene7.com" />
+	<target host="ruelala.scene7.com" />
+	<target host="runnerspoint.scene7.com" />
+	<target host="s7alert1.scene7.com" />
+	<target host="s7d1.scene7.com" />
+	<target host="s7d10.scene7.com" />
+	<target host="s7d11.scene7.com" />
+	<target host="s7d13.scene7.com" />
+	<target host="s7d2.scene7.com" />
+	<target host="s7d3.scene7.com" />
+	<target host="s7d4.scene7.com" />
+	<target host="s7d5.scene7.com" />
+	<target host="s7d6.scene7.com" />
+	<target host="s7d7.scene7.com" />
+	<target host="s7d9.scene7.com" />
+	<target host="s7diod-isorigin.scene7.com" />
+	<target host="s7e1a.scene7.com" />
+	<target host="s7e3a.scene7.com" />
+	<target host="s7e5a.scene7.com" />
+		<test url="http://s7e5a.scene7.com/is/image/waitrose/TmgProductPodSingleBottle/050052_a_quinta-de-azevedo-vinho-verde" />
+	<target host="s7fmisg.scene7.com" />
+	<target host="s7ftp5.scene7.com" />
+	<target host="s7g1.scene7.com" />
+	<target host="s7g10.scene7.com" />
+		<test url="http://s7g10.scene7.com/is/image/waitrose/t-hp-bottles-range-icon" />
+	<target host="s7g2.scene7.com" />
+	<target host="s7g3.scene7.com" />
+	<target host="s7g4.scene7.com" />
+	<target host="s7g8.scene7.com" />
+	<target host="s7info1.scene7.com" />
+	<target host="s7info1-origin.scene7.com" />
+	<target host="s7info2.scene7.com" />
+	<target host="s7info2admin.scene7.com" />
+	<target host="s7infoadmin.scene7.com" />
+	<target host="s7ips3.scene7.com" />
+	<target host="s7ips5.scene7.com" />
+	<target host="s7is1-preview-staging.scene7.com" />
+	<target host="s7isorigin3.scene7.com" />
+	<target host="s7mbrstream-ap1.scene7.com" />
+	<target host="s7mbrstream-g1.scene7.com" />
+	<target host="s7mbrstream-g1-h2.scene7.com" />
+	<target host="s7mbrstreamdual-ap.scene7.com" />
+	<target host="s7mbrstreamdual-emea.scene7.com" />
+	<target host="s7mbrstreamdual-na.scene7.com" />
+	<target host="s7ondemand1.scene7.com" />
+	<target host="s7ondemand4.scene7.com" />
+	<target host="s7ondemand5.scene7.com" />
+	<target host="s7ondemand6.scene7.com" />
+	<target host="s7ondemand7.scene7.com" />
+	<target host="s7search5.scene7.com" />
+	<target host="s7sps1.scene7.com" />
+	<target host="s7sps1-staging.scene7.com" />
+	<target host="s7sps1agm.scene7.com" />
+	<target host="s7sps1apissl.scene7.com" />
+	<target host="s7sps1apissl-staging.scene7.com" />
+	<target host="s7sps1appssl-staging.scene7.com" />
+	<target host="s7sps1ssl.scene7.com" />
+	<target host="s7sps1ssl-staging.scene7.com" />
+	<target host="s7sps3.scene7.com" />
+	<target host="s7sps3-staging.scene7.com" />
+	<target host="s7sps3agm.scene7.com" />
+	<target host="s7sps3apissl.scene7.com" />
+	<target host="s7sps3apissl-staging.scene7.com" />
+	<target host="s7sps3ssl.scene7.com" />
+	<target host="s7sps5.scene7.com" />
+	<target host="s7sps5-staging.scene7.com" />
+	<target host="s7sps5agm.scene7.com" />
+	<target host="s7sps5api.scene7.com" />
+	<target host="s7sps5apissl.scene7.com" />
+	<target host="s7sps5apissl-staging.scene7.com" />
+	<target host="s7sps5ssl.scene7.com" />
+	<target host="s7sps7.scene7.com" />
+	<target host="s7sps7agm.scene7.com" />
+	<target host="s7sps7api.scene7.com" />
+	<target host="s7test1.scene7.com" />
+	<target host="s7test3.scene7.com" />
+	<target host="s7test5.scene7.com" />
+	<target host="s7ugc1.scene7.com" />
+	<target host="s7v1.scene7.com" />
+	<target host="s7w2p1.scene7.com" />
+	<target host="s7w2p3.scene7.com" />
+	<target host="s7w2p5.scene7.com" />
+	<target host="s7wsproxy1.scene7.com" />
+	<target host="safco.scene7.com" />
+	<target host="sandowmedia.scene7.com" />
+	<target host="sanyoshokai.scene7.com" />
+	<target host="sce.scene7.com" />
+	<target host="schaefershop.scene7.com" />
+	<target host="searsca.scene7.com" />
+	<target host="searsoptical.scene7.com" />
+	<target host="secure.scene7.com" />
+	<target host="sgdd.scene7.com" />
+	<target host="shawfloors.scene7.com" />
+	<target host="sherwin.scene7.com" />
+	<target host="shoecarnival.scene7.com" />
+	<target host="shopjustice.scene7.com" />
+	<target host="sidestep.scene7.com" />
+	<target host="smartfurniture.scene7.com" />
+	<target host="smartwool.scene7.com" />
+	<target host="smithnoble.scene7.com" />
+	<target host="smythson.scene7.com" />
+	<target host="soccerpro.scene7.com" />
+	<target host="sodimac.scene7.com" />
+	<target host="sodimacar.scene7.com" />
+	<target host="softbankbb.scene7.com" />
+	<target host="soliver.scene7.com" />
+	<target host="sonyglobal.scene7.com" />
+	<target host="sonyhelpguide.scene7.com" />
+	<target host="sonystore.scene7.com" />
+	<target host="sonystyle.scene7.com" />
+	<target host="sp24.scene7.com" />
+	<target host="specialized.scene7.com" />
+	<target host="speedo-usa.scene7.com" />
+	<target host="spencers.scene7.com" />
+	<target host="spirit.scene7.com" />
+	<target host="sportscheck.scene7.com" />
+	<target host="staging.scene7.com" />
+	<target host="stanleyfurniture.scene7.com" />
+	<target host="steinertractor.scene7.com" />
+	<target host="steinhoffukretailltd.scene7.com" />
+	<target host="straumann.scene7.com" />
+	<target host="stuller.scene7.com" />
+	<target host="sugartown.scene7.com" />
+	<target host="swimwear365.scene7.com" />
+	<target host="swisscom.scene7.com" />
+	<target host="swisscomvbc.scene7.com" />
+	<target host="talbots.scene7.com" />
+	<target host="target.scene7.com" />
+	<target host="tbc.scene7.com" />
+	<target host="tdg.scene7.com" />
+	<target host="teddysmithdigital.scene7.com" />
+	<target host="teleflora.scene7.com" />
+	<target host="tesco.scene7.com" />
+	<target host="test-e3.scene7.com" />
+	<target host="test-e5.scene7.com" />
+	<target host="test-e8.scene7.com" />
+	<target host="teststeinhoff.scene7.com" />
+	<target host="testvip1.scene7.com" />
+	<target host="testvipd1.scene7.com" />
+	<target host="testvipd2.scene7.com" />
+	<target host="testvipd3.scene7.com" />
+	<target host="testvipd4.scene7.com" />
+	<target host="testvipd5.scene7.com" />
+	<target host="testvipd9.scene7.com" />
+	<target host="textbookunderground.scene7.com" />
+	<target host="tfc.scene7.com" />
+	<target host="thecapitalgroup.scene7.com" />
+	<target host="themomgroup.scene7.com" />
+	<target host="theodorealexander.scene7.com" />
+	<target host="theshadestore.scene7.com" />
+	<target host="thingsremembered.scene7.com" />
+	<target host="tileshop.scene7.com" />
+	<target host="tnm.scene7.com" />
+	<target host="tommy-europe.scene7.com" />
+	<target host="tommybahama.scene7.com" />
+	<target host="top.scene7.com" />
+	<target host="travelsmith.scene7.com" />
+	<target host="travisperkins.scene7.com" />
+	<target host="trek.scene7.com" />
+	<target host="triumph.scene7.com" />
+	<target host="truevalue.scene7.com" />
+	<target host="tubby.scene7.com" />
+	<target host="tuesdaymorning.scene7.com" />
+	<target host="tumi.scene7.com" />
+	<target host="turn5.scene7.com" />
+	<target host="underarmour.scene7.com" />
+	<target host="uniqlo.scene7.com" />
+	<target host="unito.scene7.com" />
+	<target host="unleashedbypetco.scene7.com" />
+	<target host="up.scene7.com" />
+	<target host="usineadesign.scene7.com" />
+	<target host="verabradley.scene7.com" />
+	<target host="verizon-o.scene7.com" />
+	<target host="vermontcountrystore.scene7.com" />
+	<target host="versace.scene7.com" />
+	<target host="vfimagewear.scene7.com" />
+	<target host="victorpest.scene7.com" />
+	<target host="vitaminshoppe.scene7.com" />
+	<target host="vp-eu.scene7.com" />
+	<target host="vp-eu-pp.scene7.com" />
+	<target host="vp-eu-r7.scene7.com" />
+	<target host="vpusa.scene7.com" />
+	<target host="waltermosergmbh.scene7.com" />
+	<target host="washford.scene7.com" />
+	<target host="watscocom.scene7.com" />
+	<target host="wefashion.scene7.com" />
+	<target host="weltbild.scene7.com" />
+	<target host="whitecompany.scene7.com" />
+	<target host="wickes.scene7.com" />
+	<target host="windycitynovelties.scene7.com" />
+	<target host="witt-international.scene7.com" />
+	<target host="wittweiden.scene7.com" />
+	<target host="wolverineworldwide.scene7.com" />
+	<target host="woodstream.scene7.com" />
+	<target host="wooniorender.scene7.com" />
+	<target host="xxxlutz.scene7.com" />
+	<target host="yomonda.scene7.com" />
+	<target host="youngamerica.scene7.com" />
+	<target host="zorch.scene7.com" />
 
-	<target host="scene7.com" />
-	<target host="*.scene7.com" />
-
-
-	<securecookie host="^www1\.scene7\.com$" name=".+" />
-
-
-	<rule from="^https?://(?:www\.)?scene7\.com/[^\?]*(\?.*)?"
-		to="https://www.adobe.com/products/scene7.html$1" />
-
-	<rule from="^http://www1\.scene7\.com/"
-		to="https://www1.scene7.com/" />
-
-	<rule from="^http://([\w-]+)\.scene7\.com/"
-		to="https://a248.e.akamai.net/f/248/9086/10h/$1.scene7.com/" />
+	<rule from="^http://www\.scene7\.com/[^?]*"
+		to="https://www.adobe.com/products/scene7.html" />
+		<test url="http://www.scene7.com/removethis?keepthis" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SceneMusic.net.xml b/src/chrome/content/rules/SceneMusic.net.xml
deleted file mode 100644
index ac107007ec1a..000000000000
--- a/src/chrome/content/rules/SceneMusic.net.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="Nectarine Demoscene Music">
-  <target host="www.scenemusic.net" />
-  <target host="scenemusic.net" />
-
-  <rule from="^http://(www\.)?scenemusic\.net/" to="https://www.scenemusic.net/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/SceneTap.xml b/src/chrome/content/rules/SceneTap.xml
index 96a4e9aac7ed..36724b7e8cd3 100644
--- a/src/chrome/content/rules/SceneTap.xml
+++ b/src/chrome/content/rules/SceneTap.xml
@@ -1,14 +1,15 @@
-<ruleset name="SceneTap">
+<ruleset name="SceneTap.com" default_off="expired">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="scenetap.com" />
-	<!--	* for cross-domain cookie.	-->
-	<target host="*.scenetap.com" />
+	<target host="www.scenetap.com" />
 
 
-	<securecookie host="^(.*\.)?scenetap\.com$" name=".*" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(www\.)?scenetap\.com/"
-		to="https://$1scenetap.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Sceneaccess.eu.xml b/src/chrome/content/rules/Sceneaccess.eu.xml
new file mode 100644
index 000000000000..d187c51bab7c
--- /dev/null
+++ b/src/chrome/content/rules/Sceneaccess.eu.xml
@@ -0,0 +1,6 @@
+<ruleset name="Sceneaccess.eu">
+	<target host="sceneaccess.eu" />
+	<target host="www.sceneaccess.eu" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Sceper.xml b/src/chrome/content/rules/Sceper.xml
index 8773477ab3d5..cfb6cc95430d 100644
--- a/src/chrome/content/rules/Sceper.xml
+++ b/src/chrome/content/rules/Sceper.xml
@@ -19,7 +19,7 @@
 	<securecookie host="^sceper\.ws$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?sceper\.(?:eu|ws)/"
+	<rule from="^http://(?:www\.)?sceper\.(?:eu|ws)/"
 		to="https://sceper.ws/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Scepsis.xml b/src/chrome/content/rules/Scepsis.xml
index 0a9d3a7aa606..e99d952bc502 100644
--- a/src/chrome/content/rules/Scepsis.xml
+++ b/src/chrome/content/rules/Scepsis.xml
@@ -1,6 +1,16 @@
-<ruleset name="Scepsis">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.scepsis.ru/ => https://scepsis.ru/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://scepsis.ru/ => https://scepsis.ru/: (60, 'SSL certificate problem: certificate has expired')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.scepsis.ru/ => https://scepsis.ru/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://scepsis.ru/ => https://scepsis.ru/: (60, 'SSL certificate problem: certificate has expired')
+-->
+<ruleset name="Scepsis" default_off="failed ruleset test">
   <target host="www.scepsis.ru" />
   <target host="scepsis.ru" />
 
-  <rule from="^http://(www\.)?scepsis\.ru/" to="https://scepsis.ru/"/>
-</ruleset>
\ No newline at end of file
+  <rule from="^http://(?:www\.)?scepsis\.ru/" to="https://scepsis.ru/"/>
+</ruleset>
diff --git a/src/chrome/content/rules/Schaaf_PC.com.xml b/src/chrome/content/rules/Schaaf_PC.com.xml
new file mode 100644
index 000000000000..be83ca5ace3e
--- /dev/null
+++ b/src/chrome/content/rules/Schaaf_PC.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="Schaaf PC.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="schaafpc.com" />
+	<target host="www.schaafpc.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Schaffner.org.xml b/src/chrome/content/rules/Schaffner.org.xml
index 0639c103c695..be06f8adcd2b 100644
--- a/src/chrome/content/rules/Schaffner.org.xml
+++ b/src/chrome/content/rules/Schaffner.org.xml
@@ -1,10 +1,10 @@
-<ruleset name="Schaffner.org">
+<ruleset name="Schaffner.org" default_off="shows default page">
 
 	<target host="schaffner.org" />
 	<target host="www.schaffner.org" />
 
 
-	<rule from="^http://(www\.)?schaffner\.org/"
-		to="https://$1schaffner.org/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Schallert.com.xml b/src/chrome/content/rules/Schallert.com.xml
new file mode 100644
index 000000000000..5c327e2b7464
--- /dev/null
+++ b/src/chrome/content/rules/Schallert.com.xml
@@ -0,0 +1,20 @@
+<!--
+	Login required:
+		ccp.schallert.com
+		cloud.schallert.com
+		dev.schallert.com
+		otrs.schallert.com
+		webmail.schallert.com
+
+-->
+<ruleset name="Schallert.com">
+
+	<target host="schallert.com" />
+	<target host="www.schallert.com" />
+	<target host="cdn.schallert.com" />
+	<target host="mirror.schallert.com" />
+	<target host="c0036.web.schallert.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Sched.org.xml b/src/chrome/content/rules/Sched.org.xml
new file mode 100644
index 000000000000..221df2b27672
--- /dev/null
+++ b/src/chrome/content/rules/Sched.org.xml
@@ -0,0 +1,43 @@
+<!--
+	Nonfunctional domains:
+
+		- support.sched.org *
+
+	* Desk.com
+
+
+	Problematic domains:
+
+		- www.schd.ws *
+		- (www.)sched.co *
+
+	* Mismatched, CN: *.sched.org
+
+-->
+<ruleset name="Sched.org (partial)">
+
+	<target host="schd.ws" />
+	<target host="cdn.schd.ws" />
+	<target host="www.schd.ws" />
+	<target host="www.sched.co" />
+	<target host="sched.org" />
+	<target host="static.sched.org" />
+	<target host="www.sched.org" />
+	<target host="xenprojectdevelopersummit2014.sched.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^xenprojectdevelopersummit2014\.sched\.org$" name="^(SCHED|debug|locale|pageView)$" /-->
+
+	<securecookie host="^\.schd\.ws$" name=".+" />
+	<securecookie host="^(?:xenprojectdevelopersummit2014)?\.sched\.org$" name=".+" />
+
+
+
+	<rule from="^http://www\.sch(?:d\.ws|ed\.co)/"
+		to="https://sched.org/" />
+
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ScheduleOnce.com.xml b/src/chrome/content/rules/ScheduleOnce.com.xml
new file mode 100644
index 000000000000..a49297b6283f
--- /dev/null
+++ b/src/chrome/content/rules/ScheduleOnce.com.xml
@@ -0,0 +1,38 @@
+<!--
+	Nonfunctional subdomains:
+
+		- blog ¹
+		- help ²
+
+	¹ Interrupted
+	² desk.com
+
+
+	Mixed content:
+
+		- Images, from:
+
+			- 1-ps.googleusercontent.com ¹
+			- static.staticso.com ²
+
+	¹ Secured by us
+	² Unsecurable <= interrupted
+
+-->
+<ruleset name="ScheduleOnce.com (partial)">
+
+	<target host="scheduleonce.com" />
+	<target host="www.scheduleonce.com" />
+		<!--exclusion pattern="^http://(blog|help)\.scheduleonce\.com/" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.scheduleonce\.com$" name="^ScheduleOnce_SessionId$" /-->
+
+	<securecookie host="^www\.scheduleonce\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Schetu.net.xml b/src/chrome/content/rules/Schetu.net.xml
deleted file mode 100644
index 5b0ce148866f..000000000000
--- a/src/chrome/content/rules/Schetu.net.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	www.schetu.net doesn't exist.
-
--->
-<ruleset name="schetu.net">
-
-	<target host="schetu.net" />
-	<target host="*.schetu.net" />
-
-
-	<securecookie host="^\.?schetu\.net$" name=".+" />
-
-
-	<rule from="^http://schetu\.net/"
-		to="https://schetu.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Schibsted-IT.xml b/src/chrome/content/rules/Schibsted-IT.xml
new file mode 100644
index 000000000000..77fd00e66c77
--- /dev/null
+++ b/src/chrome/content/rules/Schibsted-IT.xml
@@ -0,0 +1,19 @@
+<!--	Cert mismatch:
+			- schibsted-it.no
+			- www.schibsted-it.no
+			- files.schibsted-it.no
+			- lyncdiscover.schibsted-it.no
+			- payment.schibsted-it.no
+			- pct.schibsted-it.no
+			- sip.schibsted-it.no
+-->
+<ruleset name="Schibsted-IT (partial)">
+
+	<target host="default.schibsted-it.no" />
+	<target host="hotellweb1.schibsted-it.no" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Schibsted.io.xml b/src/chrome/content/rules/Schibsted.io.xml
new file mode 100644
index 000000000000..a828e411aae5
--- /dev/null
+++ b/src/chrome/content/rules/Schibsted.io.xml
@@ -0,0 +1,233 @@
+<!--
+	Cert expired:
+		- content.data-pre
+
+	Cert mismatch:
+		- audience.ads
+		- loc-latelier-business.ads
+		- reporting.ads
+		- status.ads
+		- vantage.ads
+		- api
+		- mc.rkt-dev.ingress.cre-pro
+		- mc.rkt-pre.ingress.cre-pro
+		- mc.rkt-pro.ingress.cre-pro
+
+		- static.messaging
+		- artifacts.infra-dev
+		- travis.infra-pro
+		- presence.mp-pro
+		- images.messaging.pre
+		- hl-search.scm-pro
+		- hl-user.scm-pro
+		- sse.pro.sportsnext
+		- onetimesecret-test.spt-infrastructure-security-dev
+		- timemachine
+
+
+	Chain issues:
+		- ingress.cre-pro
+		- fdd-test.ingress.cre-pro
+		- heimdall-challenge.ingress.cre-pro
+		- monocular.ingress.cre-pro
+		- prometheus-local-observability-pre.ingress.cre-pro
+		- schip-spinnaker-webhook.ingress.cre-pro
+		- ingress.prod02.cre-pro
+		- docs.devrel-pro
+		- public
+		- sportradar-api.pre.sportsnext
+
+	Connection refused:
+		- codeload.github
+		- raw.github
+
+
+	Timeout:
+		- xmpp.messaging
+		- northstar
+		- announcer.privacy-dev
+		- announcer.privacy-pre
+		- checkversion.user-pro
+
+	TLS error:
+		- enetpulse-api.dev.sportsnext
+		- grafana.dev.sportsnext
+		- ice-hockey-bff.dev.sportsnext
+		- ice-hockey-web.dev.sportsnext
+		- jenkins.dev.sportsnext
+		- prometheus.dev.sportsnext
+		- vglive-admin.dev.sportsnext
+		- vglive-api.dev.sportsnext
+		- vglive-web.dev.sportsnext
+		- heimdall.heimdall-pro
+		- observatory.security-pro
+
+
+-->
+<ruleset name="Schibsted.io (partial)">
+
+	<target host="api.ads.schibsted.io" />
+	<target host="blender.ads.schibsted.io" />
+	<target host="moderation.ads.schibsted.io" />
+	<target host="selfserve.ads.schibsted.io" />
+
+	<target host="delivery-dash.ami-store.schibsted.io" />
+	<target host="audience.schibsted.io" />
+	<target host="collector.schibsted.io" />
+	<target host="confluence.schibsted.io" />
+	<target host="alerts.schibsted.io" />
+	<target host="alerts-dev.schibsted.io" />
+	<target host="alerts-pro.schibsted.io" />
+
+	<target host="artifactory-proxies.schibsted.io" />
+	<target host="artifacts.schibsted.io" />
+
+	<target host="abuseapi-dev.ingress.cre-pro.schibsted.io" />
+	<target host="abuseapi-pre.ingress.cre-pro.schibsted.io" />
+	<target host="abuseapi-pro.ingress.cre-pro.schibsted.io" />
+	<target host="amis-indexer-dev.ingress.cre-pro.schibsted.io" />
+	<target host="amis-indexer-pre.ingress.cre-pro.schibsted.io" />
+	<target host="amis-indexer-pro.ingress.cre-pro.schibsted.io" />
+	<target host="amisapi-dev.ingress.cre-pro.schibsted.io" />
+	<target host="amisapi-pre.ingress.cre-pro.schibsted.io" />
+	<target host="amisapi-pro.ingress.cre-pro.schibsted.io" />
+	<target host="delivery-prometheus-local.ingress.cre-pro.schibsted.io" />
+	<target host="dev-delivery-prometheus-local.ingress.cre-pro.schibsted.io" />
+
+	<target host="fiaas-deploy-daemon.ingress.cre-pro.schibsted.io" />
+	<target host="fiaas-mast.ingress.cre-pro.schibsted.io" />
+	<target host="fiaas-telltale.ingress.cre-pro.schibsted.io" />
+
+	<target host="auth.cre-pro.schibsted.io" />
+
+	<target host="nlp-messaging-dev.ingress.cre-pro.schibsted.io" />
+	<target host="nlp-messaging-pre.ingress.cre-pro.schibsted.io" />
+	<target host="nlp-messaging-pro.ingress.cre-pro.schibsted.io" />
+	<target host="nlp-messaging-v1-dev.ingress.cre-pro.schibsted.io" />
+	<target host="nlp-messaging-v1-pre.ingress.cre-pro.schibsted.io" />
+	<target host="nlp-messaging-v1-pro.ingress.cre-pro.schibsted.io" />
+	<target host="nlp-srec-dev.ingress.cre-pro.schibsted.io" />
+	<target host="nlp-srec-pre.ingress.cre-pro.schibsted.io" />
+	<target host="nlp-srec-pro.ingress.cre-pro.schibsted.io" />
+	<target host="nlp-tags-v1-dev.ingress.cre-pro.schibsted.io" />
+	<target host="nlp-tags-v1-pre.ingress.cre-pro.schibsted.io" />
+	<target host="nlp-tags-v1-pro.ingress.cre-pro.schibsted.io" />
+	<target host="pre-delivery-prometheus-local.ingress.cre-pro.schibsted.io" />
+
+	<target host="prometheus-observability-dev.ingress.cre-pro.schibsted.io" />
+	<target host="prometheus-observability-pre.ingress.cre-pro.schibsted.io" />
+
+	<target host="rktkufarpayments-dev.ingress.cre-pro.schibsted.io" />
+
+	<target host="spinnaker-k8s-helper.ingress.cre-pro.schibsted.io" />
+
+	<target host="image-classifier-tayara.schip-sandbox01.cre-pro.schibsted.io" />
+	<target host="object-detection.schip-sandbox01.cre-pro.schibsted.io" />
+	<target host="srec-demo.schip-sandbox01.cre-pro.schibsted.io" />
+	<target host="token.cre-pro.schibsted.io" />
+
+	<target host="rkt.dev.schibsted.io" />
+	<target host="developer.schibsted.io" />
+	<target host="docs.devrel-dev.schibsted.io" />
+
+	<target host="docs.schibsted.io" />
+	<target host="github.schibsted.io" />
+	<target host="assets.github.schibsted.io" />
+	<target host="avatars.github.schibsted.io" />
+	<target host="gist.github.schibsted.io" />
+	<target host="gist-assets.github.schibsted.io" />
+	<target host="gist-raw.github.schibsted.io" />
+	<target host="experiments.schibsted.io" />
+	<target host="media.github.schibsted.io" />
+	<target host="www.experiments.schibsted.io" />
+	<target host="pages.github.schibsted.io" />
+	<target host="gender-api.schibsted.io" />
+	<target host="www.gender-api.schibsted.io" />
+	<target host="faast.schibsted.io" />
+	<target host="render.github.schibsted.io" />
+	<target host="uploads.github.schibsted.io" />
+	<target host="heimdall.schibsted.io" />
+	<target host="jira.schibsted.io" />
+	<target host="ken.schibsted.io" />
+	<target host="loc.schibsted.io" />
+	<target host="messaging.schibsted.io" />
+	<target host="widget.messaging.schibsted.io" />
+	<target host="observatory.schibsted.io" />
+	<target host="onetimesecret.schibsted.io" />
+	<target host="onetimesecret-dev.schibsted.io" />
+	<target host="onetimesecret-pre.schibsted.io" />
+	<target host="presence.schibsted.io" />
+	<target host="validator.pulse.schibsted.io" />
+	<target host="announcer.privacy-pro.schibsted.io" />
+	<target host="privacy.rkt.schibsted.io" />
+	<target host="rkt.schibsted.io" />
+	<target host="web.rkt.schibsted.io" />
+	<target host="security-dashboard.schibsted.io" />
+	<target host="security-dashboard-dev.schibsted.io" />
+	<target host="security-dashboard-pre.schibsted.io" />
+	<target host="selfserve.schibsted.io" />
+	<target host="onetimesecret.security-dev.schibsted.io" />
+	<target host="servicecatalog-api.schibsted.io" />
+	<target host="bluejobs.spain.schibsted.io" />
+	<target host="ms-autocomplete.spain.schibsted.io" />
+	<target host="ms-fc--match-apigateway-v1.spain.schibsted.io" />
+	<target host="ms-ij--app-company-logos-gw.spain.schibsted.io" />
+	<target host="ms-ij--authenticator.spain.schibsted.io" />
+	<target host="ms-ij-api-monitor.spain.schibsted.io" />
+	<target host="ms-mt--api-web-coches.spain.schibsted.io" />
+	<target host="ms-vibbo--api-gateway.spain.schibsted.io" />
+	<target host="ms-vibbo--app-userapi.spain.schibsted.io" />
+	<target host="ptaadinsertion-classifiedads.spain.schibsted.io" />
+	<target host="ptaformbuilder-classifiedads.spain.schibsted.io" />
+	<target host="ptaphotouploader-classifiedads.spain.schibsted.io" />
+	<target host="coverage-api.pre.sportsnext.schibsted.io" />
+	<target host="alertmanager.pre.sportsnext.schibsted.io" />
+	<target host="coverage-web.pre.sportsnext.schibsted.io" />
+	<target host="fiaas.pre.sportsnext.schibsted.io" />
+	<target host="grafana.pre.sportsnext.schibsted.io" />
+	<target host="jenkins.pre.sportsnext.schibsted.io" />
+	<target host="prometheus.pre.sportsnext.schibsted.io" />
+	<target host="sportradar-api-com.pre.sportsnext.schibsted.io" />
+	<target host="sportradar-api-us.pre.sportsnext.schibsted.io" />
+	<target host="sportradar-polling.pre.sportsnext.schibsted.io" />
+	<target host="sports-admin.pre.sportsnext.schibsted.io" />
+	<target host="sports-api.pre.sportsnext.schibsted.io" />
+	<target host="sports-feed-api.pre.sportsnext.schibsted.io" />
+	<target host="sports-web.pre.sportsnext.schibsted.io" />
+	<target host="sports-web-bff.pre.sportsnext.schibsted.io" />
+	<target host="sse.pre.sportsnext.schibsted.io" />
+	<target host="textual-receiver.pre.sportsnext.schibsted.io" />
+	<target host="user-data-api.pre.sportsnext.schibsted.io" />
+	<target host="varnish.pre.sportsnext.schibsted.io" />
+	<target host="alertmanager.pro.sportsnext.schibsted.io" />
+	<target host="coverage-api.pro.sportsnext.schibsted.io" />
+	<target host="coverage-web.pro.sportsnext.schibsted.io" />
+	<target host="fiaas.pro.sportsnext.schibsted.io" />
+	<target host="grafana.pro.sportsnext.schibsted.io" />
+	<target host="prometheus.pro.sportsnext.schibsted.io" />
+	<target host="sportradar-api-com.pro.sportsnext.schibsted.io" />
+	<target host="sportradar-api-us.pro.sportsnext.schibsted.io" />
+	<target host="sportradar-polling.pro.sportsnext.schibsted.io" />
+	<target host="sports-admin.pro.sportsnext.schibsted.io" />
+	<target host="sports-api.pro.sportsnext.schibsted.io" />
+	<target host="sports-feed-api.pro.sportsnext.schibsted.io" />
+	<target host="sports-web.pro.sportsnext.schibsted.io" />
+	<target host="sports-web-bff.pro.sportsnext.schibsted.io" />
+	<target host="textual-receiver.pro.sportsnext.schibsted.io" />
+	<target host="user-data-api.pro.sportsnext.schibsted.io" />
+	<target host="varnish.pro.sportsnext.schibsted.io" />
+	<target host="tracker-gate.eu-west-1.spt-infra-sre-pro.schibsted.io" />
+	<target host="tracker-gate.spt-infra-sre-pro.schibsted.io" />
+	<target host="cdn.svp.schibsted.io" />
+	<target host="stage-cdn.svp.schibsted.io" />
+	<target host="vantage.schibsted.io" />
+	<target host="travis.schibsted.io" />
+	<target host="users.schibsted.io" />
+	<target host="app.vgnext.schibsted.io" />
+	<target host="app.dev.vgnext.schibsted.io" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Schibsted.no.xml b/src/chrome/content/rules/Schibsted.no.xml
new file mode 100644
index 000000000000..4a49d9f80b1a
--- /dev/null
+++ b/src/chrome/content/rules/Schibsted.no.xml
@@ -0,0 +1,34 @@
+<!--
+
+	^: Shows mail
+	www.: Dropped
+
+
+	Fully covered subdomains:
+
+		- mail
+		- payment
+
+
+	Insecure cookies are set for these hosts:
+
+		- mail.schibsted.no
+
+-->
+<ruleset name="Schibsted.no (partial)">
+
+	<target host="mail.schibsted.no" />
+	<target host="payment.schibsted.no" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^mail\.schibsted\.no$" name="^ClientId$" /-->
+
+	<securecookie host="^mail\.schibsted\.no$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Schibsted.xml b/src/chrome/content/rules/Schibsted.xml
deleted file mode 100644
index 44797000687c..000000000000
--- a/src/chrome/content/rules/Schibsted.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	Nonfunctional domains:
-
-		- (www.)schibsted.com *
-		- (www.)schibsted.se *
-
-	* Times out
-
--->
-<ruleset name="Schibsted (partial)">
-
-	<target host="*.schibsted.se" />
-
-
-	<securecookie host="^\.?payment\.schibsted\.se$" name=".+" />
-
-
-	<rule from="^http://payment\.schibsted\.se/"
-		to="https://payment.schibsted.se/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Schipol.xml b/src/chrome/content/rules/Schipol.xml
index 02e937648978..d2531f41b89f 100644
--- a/src/chrome/content/rules/Schipol.xml
+++ b/src/chrome/content/rules/Schipol.xml
@@ -9,7 +9,6 @@
 
 	<!--	Cert only matches www.
 					-->
-	<rule from="^https?://(?:www\.)?schiphol\.nl/"
-		to="https://www.schiphol.nl/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Schlitterbahn.com.xml b/src/chrome/content/rules/Schlitterbahn.com.xml
new file mode 100644
index 000000000000..146f494468ed
--- /dev/null
+++ b/src/chrome/content/rules/Schlitterbahn.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="Schlitterbahn.com">
+	<target host="schlitterbahn.com" />
+	<target host="www.schlitterbahn.com" />
+	<target host="autodiscover.schlitterbahn.com" />
+	<target host="mail.schlitterbahn.com" />
+	<target host="staging.schlitterbahn.com" />
+	<target host="tickets.schlitterbahn.com" />
+	<target host="vpn.schlitterbahn.com" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Schlossberg_Store.xml b/src/chrome/content/rules/Schlossberg_Store.xml
deleted file mode 100644
index 532226baec98..000000000000
--- a/src/chrome/content/rules/Schlossberg_Store.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	- !www redirects to a different domain
-	- Some pages redirect to http
-
--->
-<ruleset name="Schlossberg Store (partial)">
-
-	<target host="schlossbergstore.com" />
-	<target host="www.schlossbergstore.com" />
-
-
-	<rule from="^http://(?:www\.)?schlossbergstore\.com/(css/|(?:Member/Login|order-status)(?:$|\?|/)|Public/|registry|store_image/|Styles/)"
-		to="https://www.schlossbergstore.com/$2" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Schlumberger.xml b/src/chrome/content/rules/Schlumberger.xml
index d4ed6170d258..db8ba782948c 100644
--- a/src/chrome/content/rules/Schlumberger.xml
+++ b/src/chrome/content/rules/Schlumberger.xml
@@ -1,4 +1,14 @@
-<ruleset name="Schlumberger">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://slb.com/ => https://slb.com/: Too many redirects while fetching 'https://slb.com/'
+Fetch error: http://www.slb.com/ => https://www.slb.com/: Too many redirects while fetching 'https://www.slb.com/'
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://slb.com/ => https://slb.com/: Cycle detected - URL already encountered: https://slb.com/
+Fetch error: http://www.slb.com/ => https://www.slb.com/: Cycle detected - URL already encountered: https://www.slb.com/
+-->
+<ruleset name="Schlumberger" default_off="failed ruleset test">
 
 	<target host="slb.com" />
 	<target host="www.slb.com" />
@@ -7,7 +17,6 @@
 	<securecookie host="^(?:www\.)?slb\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?slb\.com/"
-		to="https://$1slb.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Schmidtcom.de.xml b/src/chrome/content/rules/Schmidtcom.de.xml
new file mode 100644
index 000000000000..00d96a5019ec
--- /dev/null
+++ b/src/chrome/content/rules/Schmidtcom.de.xml
@@ -0,0 +1,50 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+			 - delva.schmidtcom.de
+			 - eglim.schmidtcom.de
+			 - ns3.schmidtcom.de
+
+		Timeout was reached:
+			 - arden.schmidtcom.de
+			 - betor.schmidtcom.de
+			 - mx1.schmidtcom.de
+			 - mx2.schmidtcom.de
+			 - ns2.schmidtcom.de
+
+		SSL peer certificate was not OK:
+			 - ns1.schmidtcom.de
+-->
+<ruleset name="Schmidtcom.de">
+	<target host="schmidtcom.de" />
+	<target host="www.schmidtcom.de" />
+	<target host="certs.schmidtcom.de" />
+	<target host="cinto.schmidtcom.de" />
+	<target host="cloud.schmidtcom.de" />
+	<target host="config.schmidtcom.de" />
+	<target host="discourse.schmidtcom.de" />
+	<target host="feedme.schmidtcom.de" />
+	<target host="git.schmidtcom.de" />
+	<target host="gitlab.schmidtcom.de" />
+	<target host="imap.schmidtcom.de" />
+	<target host="imap2.schmidtcom.de" />
+	<target host="login.schmidtcom.de" />
+	<target host="mail.schmidtcom.de" />
+	<target host="mail2.schmidtcom.de" />
+	<target host="mumble.schmidtcom.de" />
+	<target host="oc.schmidtcom.de" />
+	<target host="owncloud.schmidtcom.de" />
+	<target host="pop.schmidtcom.de" />
+	<target host="pop2.schmidtcom.de" />
+	<target host="sieve.schmidtcom.de" />
+	<target host="sieve2.schmidtcom.de" />
+	<target host="smtp.schmidtcom.de" />
+	<target host="smtp2.schmidtcom.de" />
+	<target host="ssl.schmidtcom.de" />
+	<target host="1.ssl.schmidtcom.de" />
+	<target host="2.ssl.schmidtcom.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Schneider-Electric.com.xml b/src/chrome/content/rules/Schneider-Electric.com.xml
index 7a48540a970c..1b7a329bbf5f 100644
--- a/src/chrome/content/rules/Schneider-Electric.com.xml
+++ b/src/chrome/content/rules/Schneider-Electric.com.xml
@@ -9,59 +9,12 @@
 
 		- schneiderele.taleo.net
 
-
-	Nonfunctional subdomains:
-
-		- www2	(503, akamai)
-
-
-	Problematic subdomains:
-
-		- ^	(works, cert only matches www)
-
-
-	Partially covered subdomains:
-
-		- (www.)
-
-			- Some pages redirect to http
-
-			- These paths 503:
-
-				- css/
-				- documents/flash/en/shared/
-				- gc_1_0/	(xiti web bugs)
-				- images/
-				- js/
-				- sites/corporate/en/customers/satisfy-our-customers/electric-utilities.page
-				- templatedata/Configuration/Xiti/
-
-			- These don't 503:
-
-				- download/resource/scripts/
-				- navigation/images/
-				- navigation/scripts/
-				- products$
-				- resource/scripts/
-				- site/home/images/custom/
-				- site/home/images/structure/
-				- site/home/js/
-				- site/marketing_center/images/
-				- site/marketing_center/js/
-				- site/tasks/sites/marketing_center/assets/Image/Corporate/Teasers/
-				- stat/xtcore.js
-				- solutions$
-				- solutions/resource/css/
-				- solutions/resource/images/
-				- solutions/resource/js/
-				- solutions/ww/en/rme/\d+/image/
-
 -->
 <ruleset name="Schneider-Electric.com (partial)">
 
 	<target host="schneider-electric.com" />
-	<target host="*.schneider-electric.com" />
-		<!--exclusion pattern="^http://(www\.)?schneider-electric\.com/(css|documents|gc_1_0|images|js|sites|templatedata)/" /-->
+	<target host="www.schneider-electric.com" />
+	<target host="download.schneider-electric.com" />
 
 
 	<!--	Tracking cookies:
@@ -69,7 +22,6 @@
 	<securecookie host="^\.schneider-electric\.com$" name="^(?:__utm\w|xtvrn)$" />
 
 
-	<rule from="^http://(?:www\.)?schneider-electric\.com/(download/|navigation/|(?:product|solution)s(?:$|[?/])|resource/|site/(?:home|marketing_center)/(?:image|j)s/|site/tasks/sites/|stat/)"
-		to="https://www.schneider-electric.com/$1" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Schneider-Kreuznach-mismatches.xml b/src/chrome/content/rules/Schneider-Kreuznach-mismatches.xml
index 5d754fc6e9f8..c72fc08d2546 100644
--- a/src/chrome/content/rules/Schneider-Kreuznach-mismatches.xml
+++ b/src/chrome/content/rules/Schneider-Kreuznach-mismatches.xml
@@ -7,8 +7,8 @@
 	<target host="praktica.de"/>
 	<target host="www.praktica.de"/>
 
-	<securecookie host="^\w\.pentacon\.de$" name=".*"/>
-	<securecookie host="^praktica\.de$" name=".+"/>
+	<securecookie host="^\w\.pentacon\.de$" name=".+" />
+	<securecookie host="^praktica\.de$" name=".+" />
 
 	<rule from="^http://pentacon(?:-dresden)\.de/"
 		to="https://www.pentacon.de/"/>
diff --git a/src/chrome/content/rules/Schneider-Kreuznach.xml b/src/chrome/content/rules/Schneider-Kreuznach.xml
index 62ab4d54b8e6..cbdcd415f1a2 100644
--- a/src/chrome/content/rules/Schneider-Kreuznach.xml
+++ b/src/chrome/content/rules/Schneider-Kreuznach.xml
@@ -3,9 +3,8 @@
 	<target host="schneideroptics.com"/>
 	<target host="www.schneideroptics.com"/>
 
-	<securecookie host="^www\.schneideroptics\.com$" name=".*"/>
+	<securecookie host="^www\.schneideroptics\.com$" name=".+" />
 
-	<rule from="^http://(?:www\.)?schneideroptics\.com/"
-		to="https://www.schneideroptics.com/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Schneier-on-Security.xml b/src/chrome/content/rules/Schneier-on-Security.xml
index 9ffa38684dba..85470e5c4784 100644
--- a/src/chrome/content/rules/Schneier-on-Security.xml
+++ b/src/chrome/content/rules/Schneier-on-Security.xml
@@ -1,6 +1,7 @@
-<ruleset name="Schneier on Security">
+
+<ruleset name="Schneier.com">
   <target host="schneier.com" />
   <target host="www.schneier.com" />
 
-	<rule from="^http://(?:www\.)?schneier\.com/" to="https://www.schneier.com/"/>
+	<rule from="^http:" to="https:"/>
 </ruleset>
diff --git a/src/chrome/content/rules/ScholarOne.xml b/src/chrome/content/rules/ScholarOne.xml
index a1b0e564f8d6..eec8d372608e 100644
--- a/src/chrome/content/rules/ScholarOne.xml
+++ b/src/chrome/content/rules/ScholarOne.xml
@@ -1,26 +1,27 @@
+
 <!--
-	Other Thomson-Reuters rulesets:
+Disabled by https-everywhere-checker because:
+Fetch error: http://mc.manuscriptcentral.com/ => https://mc.manuscriptcentral.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 
-		- Thomson-Reuters.xml
-		- Thomson-Reuters-clients.xml
-		- Thomson-Reuters-mismatches.xml
+	For other Thomson Reuters coverage, see Thomson-Reuters.xml.
 
 
 	Nonfunctional:
 
-		- (www.)scholarone.com
+		- (www.)scholarone.com *
+
+	* Refused
 
 
 -->
-<ruleset name="ScholarOne (partial)">
+<ruleset name="ScholarOne (partial)" default_off="failed ruleset test">
 
 	<target host="mc.manuscriptcentral.com" />
 
 
-	<securecookie host="^mc\.manuscriptcentral\.com$" name=".*" />
+	<securecookie host="^mc\.manuscriptcentral\.com$" name=".+" />
 
 
-	<rule from="^http://mc\.manuscriptcentral\.com/"
-		to="https://mc.manuscriptcentral.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/SchoolForge.xml b/src/chrome/content/rules/SchoolForge.xml
new file mode 100644
index 000000000000..1810427205ed
--- /dev/null
+++ b/src/chrome/content/rules/SchoolForge.xml
@@ -0,0 +1,11 @@
+<ruleset name="SchoolForge">
+	<target host="schoolforge.net" />
+	<target host="www.schoolforge.net" />
+
+	<securecookie host="(^|\.)schoolforge\.net$" name=".+" />
+
+	<rule from="^http://www\.schoolforge\.net/"
+		to="https://schoolforge.net/" />
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SchoolLoop.xml b/src/chrome/content/rules/SchoolLoop.xml
index 32292b870c83..f82de10c5cd6 100644
--- a/src/chrome/content/rules/SchoolLoop.xml
+++ b/src/chrome/content/rules/SchoolLoop.xml
@@ -1,9 +1,12 @@
 <ruleset name="SchoolLoop (Partial)">
-  <target host="*.schoolloop.com"/>
+  <target host="lhs-sfusd-ca.schoolloop.com" />
+  <target host="carlsbadhs.schoolloop.com" />
+  <target host="rchs-cjuhsd-ca.schoolloop.com" />
+  <target host="cunha.schoolloop.com" />
+  <target host="phs-pusd-ca.schoolloop.com" />
+  <target host="homestead.schoolloop.com" />
   <!-- Secure connection failed message from Firefox on the below rule -->
   <!-- <rule from="^http://([^/:@]*)\.schooloop\.com/" to="https://$1.schoolloop.com/"/> -->
 
-  <rule
-      from="^http://(lhs-sfusd-ca|carlsbadhs|rchs-cjuhsd-ca|cunha|phs-pusd-ca|homestead)\.schoolloop\.com/"
-      to="https://$1.schoolloop.com/" />
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/SchooltoPrison.org.xml b/src/chrome/content/rules/SchooltoPrison.org.xml
index 46aa4766fd66..11029bffe431 100644
--- a/src/chrome/content/rules/SchooltoPrison.org.xml
+++ b/src/chrome/content/rules/SchooltoPrison.org.xml
@@ -1,6 +1,6 @@
-<ruleset name="SchooltoPrison.org">
+<ruleset name="SchooltoPrison.org" default_off="refused">
 	<target host="schooltoprison.org" />
 	<target host="www.schooltoprison.org" />
 
 	<rule from="^http://(?:www\.)?schooltoprison\.org/" to="https://www.schooltoprison.org/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Schottenland.xml b/src/chrome/content/rules/Schottenland.xml
deleted file mode 100644
index a815ee9166ca..000000000000
--- a/src/chrome/content/rules/Schottenland.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	Nonfunctional domains:
-
-		- schottlenland.de subdomains:
-
-			- (www.)
-			- media
-			- medikamente
-			- telefon
-			- user *
-
-		- [abc].stc-schottenland.de *
-
-	* Times out
-
--->
-<ruleset name="Schottenland (partial)">
-
-	<target host="na.schottenland.de" />
-
-
-	<rule from="^http://na\.schottenland\.de/"
-		to="https://na.schottenland.de/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/SchuelerVZ.xml b/src/chrome/content/rules/SchuelerVZ.xml
index 607d69e689b5..41d31dddf6fb 100644
--- a/src/chrome/content/rules/SchuelerVZ.xml
+++ b/src/chrome/content/rules/SchuelerVZ.xml
@@ -1,5 +1,13 @@
-<ruleset name="SchuelerVZ" default_off="Certificate mismatch">
-  <target host="www.schuelervz.net" />
+<!--
+	Invalid Certificate:
+	blog.schuelervz.net
+	static.pe.schuelervz.net
 
-  <rule from="^http://www\.schuelervz\.net/" to="https://www.schuelervz.net/"/>
+	Time Out:
+	schuelervz.net
+-->
+<ruleset name="SchuelerVZ.net">
+	<target host="www.schuelervz.net" />
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Schuilenburg.org.xml b/src/chrome/content/rules/Schuilenburg.org.xml
index b28f961fbd69..e7317c3f9d14 100644
--- a/src/chrome/content/rules/Schuilenburg.org.xml
+++ b/src/chrome/content/rules/Schuilenburg.org.xml
@@ -1,10 +1,18 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://schuilenburg.org/ => https://schuilenburg.org/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.schuilenburg.org/ => https://www.schuilenburg.org/: (28, 'Connection timed out after 20000 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://schuilenburg.org/ => https://schuilenburg.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.schuilenburg.org/ => https://www.schuilenburg.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 	Nonfunctional subdomains:
 
 		- gallery	(shows www.ecoscentric.com)
 
 -->
-<ruleset name="Schuilenburg.org (partial)">
+<ruleset name="Schuilenburg.org (partial)" default_off="failed ruleset test">
 
 	<target host="schuilenburg.org" />
 	<target host="www.schuilenburg.org" />
@@ -13,7 +21,6 @@
 	<securecookie host="^(?:www\.)?schuilenburg\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?schuilenburg\.org/"
-		to="https://$1schuilenburg.org/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Schulte.org.xml b/src/chrome/content/rules/Schulte.org.xml
new file mode 100644
index 000000000000..8e5bcebe4297
--- /dev/null
+++ b/src/chrome/content/rules/Schulte.org.xml
@@ -0,0 +1,14 @@
+<ruleset name="Schulte.org">
+
+	<target host="schulte.org" />
+	<target host="exchange.schulte.org" />
+	<target host="exchange2013.schulte.org" />
+	<target host="noc.schulte.org" />
+	<target host="webmail.schulte.org" />
+	<target host="windows2012r2.schulte.org" />
+	<target host="www.schulte.org" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Schwab.com.xml b/src/chrome/content/rules/Schwab.com.xml
new file mode 100644
index 000000000000..57be6f9611c0
--- /dev/null
+++ b/src/chrome/content/rules/Schwab.com.xml
@@ -0,0 +1,54 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://schwab.com/ => https://schwab.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	Other Schwab rulesets:
+
+		- Schwab_CDN.com.xml
+		- Schwab_Plan.com.xml
+
+
+	Fully covered subdomains:
+
+		- (www.)
+		- client
+		- content
+		- eac
+
+
+	Insecure cookies are set for these domains:
+
+		- .schwab.com
+		- client.schwab.com
+		- .eac.schwab.com
+
+
+	Mixed content:
+
+		- Images on www from content *
+
+	* Secured by us
+
+-->
+<ruleset name="Schwab.com" default_off="failed ruleset test">
+
+	<target host="schwab.com" />
+	<target host="client.schwab.com" />
+	<target host="content.schwab.com" />
+	<target host="eac.schwab.com" />
+	<target host="www.schwab.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.schwab\.com$" name="^(NP2|NS2|SchwabCookie|eacLogin|lang)$" /-->
+	<!--securecookie host="^client\.schwab\.com$" name="^\.ASPXANONYMOUS$" /-->
+	<!--securecookie host="^\.eac\.schwab\.com$" name="^hsteac$" /-->
+
+	<securecookie host="^(?:client|\.eac)?\.schwab\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Schwab_CDN.com.xml b/src/chrome/content/rules/Schwab_CDN.com.xml
new file mode 100644
index 000000000000..6843be8f612e
--- /dev/null
+++ b/src/chrome/content/rules/Schwab_CDN.com.xml
@@ -0,0 +1,23 @@
+<!--
+	For other Schwab coverage, see Schwab.com.xml.
+
+
+	^schwabcdn.com doesn't exist.
+
+-->
+<ruleset name="Schwab CDN.com">
+
+	<target host="client.schwabcdn.com" />
+	<target host="www.schwabcdn.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^client\.schwab\.com$" name="^\.ASPXANONYMOUS$" /-->
+
+	<securecookie host="^client\.schwab\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Schwab_Plan.com.xml b/src/chrome/content/rules/Schwab_Plan.com.xml
new file mode 100644
index 000000000000..60e2a339b10e
--- /dev/null
+++ b/src/chrome/content/rules/Schwab_Plan.com.xml
@@ -0,0 +1,17 @@
+<!--
+	For other Schwab coverage, see Schwab.com.xml.
+
+
+	^: cert only matches www
+
+-->
+<ruleset name="Schwab Plan.com">
+
+	<target host="schwabplan.com" />
+	<target host="www.schwabplan.com" />
+
+
+	<rule from="^http://(?:www\.)?schwabplan\.com/"
+		to="https://www.schwabplan.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Schwartz_Media.com.au.xml b/src/chrome/content/rules/Schwartz_Media.com.au.xml
new file mode 100644
index 000000000000..91f5bb87da92
--- /dev/null
+++ b/src/chrome/content/rules/Schwartz_Media.com.au.xml
@@ -0,0 +1,38 @@
+<!--
+	(www.)?schwartzmedia.com.au: Squarespace
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .schwartzmedia.com.au
+		- www.schwartzmedia.com.au
+
+
+	Mixed content:
+
+		- Images on ^ from static1.squarespace.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Schwartz Media.com.au (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<!--target host="schwartzmedia.com.au" /-->
+	<target host="account.schwartzmedia.com.au" />
+	<!--target host="www.schwartzmedia.com.au" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.schwartzmedia\.com\.au$" name="^(?:__cfduid|SS_MID|cf_clearance)$" /-->
+	<!--securecookie host="^www\.schwartzmedia\.com\.au$" name="^(?:JSESSIONID|crumb)$" /-->
+
+	<securecookie host="^\.schwartzmedia\.com\.au$" name="^(?:__cfduid|cf_clearance)$" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Schweikert.ch.xml b/src/chrome/content/rules/Schweikert.ch.xml
new file mode 100644
index 000000000000..120cfe41ec96
--- /dev/null
+++ b/src/chrome/content/rules/Schweikert.ch.xml
@@ -0,0 +1,16 @@
+<!--
+	SSL error:
+		- gore.schweikert.ch
+
+	Connection error:
+		- mail.schweikert.ch
+-->
+<ruleset name="Schweikert.ch">
+	<target host="schweikert.ch" />
+	<target host="www.schweikert.ch" />
+	<target host="david.schweikert.ch" />
+	<target host="mailgraph.schweikert.ch" />
+	<target host="postgrey.schweikert.ch" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Schwyzer_Kantonalbank.xml b/src/chrome/content/rules/Schwyzer_Kantonalbank.xml
deleted file mode 100644
index 16ca557128bb..000000000000
--- a/src/chrome/content/rules/Schwyzer_Kantonalbank.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<ruleset name="Schwyzer Kantonalbank">
-    <target host="szkb.ch" />
-    <target host="*.szkb.ch" />
-
-    <securecookie host="^(.*\.)?szkb\.ch$" name=".+" />
-
-    <rule from="^https?://szkb\.ch/"
-        to="https://www.szkb.ch/"/>
-    <rule from="^http://([^/:@]+)?\.szkb\.ch/"
-        to="https://$1.szkb.ch/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Sci-Hub.love.xml b/src/chrome/content/rules/Sci-Hub.love.xml
new file mode 100644
index 000000000000..801498e94c94
--- /dev/null
+++ b/src/chrome/content/rules/Sci-Hub.love.xml
@@ -0,0 +1,8 @@
+<ruleset name="Sci-Hub.love">
+	<target host="sci-hub.love" />
+	<target host="www.sci-hub.love" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Sci-Hub.xml b/src/chrome/content/rules/Sci-Hub.xml
new file mode 100644
index 000000000000..3b759ed97099
--- /dev/null
+++ b/src/chrome/content/rules/Sci-Hub.xml
@@ -0,0 +1,77 @@
+
+<!--
+Entire ruleset disabled at 2020-09-25 16:20:22
+
+Fetch error: http://sci-hub.la/ => https://sci-hub.la/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.sci-hub.la/ => https://www.sci-hub.la/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://cyber.sci-hub.la/ => https://cyber.sci-hub.la/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://dabamirror.sci-hub.la/ => https://dabamirror.sci-hub.la/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://dacemirror.sci-hub.la/ => https://dacemirror.sci-hub.la/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://ocean.sci-hub.la/ => https://ocean.sci-hub.la/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://tree.sci-hub.la/ => https://tree.sci-hub.la/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://twin.sci-hub.la/ => https://twin.sci-hub.la/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://zeze.sci-hub.la/ => https://zeze.sci-hub.la/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://sci-hub.tv/ => https://sci-hub.tv/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://cyber.sci-hub.tv/ => https://cyber.sci-hub.tv/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://dabamirror.sci-hub.tv/ => https://dabamirror.sci-hub.tv/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://dacemirror.sci-hub.tv/ => https://dacemirror.sci-hub.tv/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://ocean.sci-hub.tv/ => https://ocean.sci-hub.tv/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://tree.sci-hub.tv/ => https://tree.sci-hub.tv/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://twin.sci-hub.tv/ => https://twin.sci-hub.tv/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://zeze.sci-hub.tv/ => https://zeze.sci-hub.tv/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://sci-hub.tw/ => https://sci-hub.tw/: (6, 'Could not resolve host: sci-hub.tw')
+Fetch error: http://cyber.sci-hub.tw/ => https://cyber.sci-hub.tw/: (6, 'Could not resolve host: cyber.sci-hub.tw')
+Fetch error: http://dabamirror.sci-hub.tw/ => https://dabamirror.sci-hub.tw/: (6, 'Could not resolve host: dabamirror.sci-hub.tw')
+Fetch error: http://dacemirror.sci-hub.tw/ => https://dacemirror.sci-hub.tw/: (6, 'Could not resolve host: dacemirror.sci-hub.tw')
+Fetch error: http://ocean.sci-hub.tw/ => https://ocean.sci-hub.tw/: (6, 'Could not resolve host: ocean.sci-hub.tw')
+Fetch error: http://tree.sci-hub.tw/ => https://tree.sci-hub.tw/: (6, 'Could not resolve host: tree.sci-hub.tw')
+Fetch error: http://twin.sci-hub.tw/ => https://twin.sci-hub.tw/: (6, 'Could not resolve host: twin.sci-hub.tw')
+Fetch error: http://zeze.sci-hub.tw/ => https://zeze.sci-hub.tw/: (6, 'Could not resolve host: zeze.sci-hub.tw')
+
+  Domain does not match server's certificate
+
+	Broken chain:
+		sci-hub.name
+		*.sci-hub.name
+		sci-hub.hk
+		*.sci-hub.hk
+		sci-hub.mn
+		*.sci-hub.mn
+		www.sci-hub.tv
+		www.sci-hub.tw
+
+	2017.1.11: moscow.sci-hub.* times out over both http and https.
+
+-->
+<ruleset name="Sci-Hub"  default_off="failed ruleset test">
+
+	<target host="sci-hub.la" />
+	<target host="www.sci-hub.la" />
+	<target host="cyber.sci-hub.la" />
+	<target host="dabamirror.sci-hub.la" />
+	<target host="dacemirror.sci-hub.la" />
+	<target host="ocean.sci-hub.la" />
+	<target host="tree.sci-hub.la" />
+	<target host="twin.sci-hub.la" />
+	<target host="zeze.sci-hub.la" />
+	<target host="sci-hub.tv" />
+	<target host="cyber.sci-hub.tv" />
+	<target host="dabamirror.sci-hub.tv" />
+	<target host="dacemirror.sci-hub.tv" />
+	<target host="ocean.sci-hub.tv" />
+	<target host="tree.sci-hub.tv" />
+	<target host="twin.sci-hub.tv" />
+	<target host="zeze.sci-hub.tv" />
+
+	<target host="sci-hub.tw" />
+	<target host="cyber.sci-hub.tw" />
+	<target host="dabamirror.sci-hub.tw" />
+	<target host="dacemirror.sci-hub.tw" />
+	<target host="ocean.sci-hub.tw" />
+	<target host="tree.sci-hub.tw" />
+	<target host="twin.sci-hub.tw" />
+	<target host="zeze.sci-hub.tw" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SciPy.org.xml b/src/chrome/content/rules/SciPy.org.xml
index 7c40283a7bb7..a917c90aa184 100644
--- a/src/chrome/content/rules/SciPy.org.xml
+++ b/src/chrome/content/rules/SciPy.org.xml
@@ -1,18 +1,58 @@
 <!--
-	Nonfunctional subdomains:
-
-		- wiki	(403)
-
-
-	Expired 2013-08-09
+	Invalid certificate:
+		scipy.org (broken chain)
+		conference.scipy.org (broken chain)
+		www.docs.scipy.org
+		ipython.scipy.org (broken chain)
+		www.ipython.scipy.org
+		lists.ipython.scipy.org
+		mpi4py.scipy.org (broken chain)
+		www.mpi4py.scipy.org
+		neuroimaging.scipy.org (broken chain)
+		www.neuroimaging.scipy.org
+		lists.neuroimaging.scipy.org
+		numpy.scipy.org (broken chain)
+		www.numpy.scipy.org
+		planet.scipy.org (broken chain)
+		pyxg.scipy.org (broken chain)
+		scipy2015.scipy.org
+		www.scipy2015.scipy.org
+		www.swc.scipy.org
+		lists.swc.scipy.org
+		travis-dev-wheels.scipy.org
+		wheels.scipy.org
+		wiki.scipy.org (broken chain)
+
+	Different HTTP/HTTPS:
+		new.scipy.org
+		numeric.scipy.org
+		old.scipy.org
+		projects.scipy.org
+		sage.scipy.org
+		scipy.scipy.org
+		svn.scipy.org
+
+	Connection closed:
+		scikits.scipy.org
 
 -->
-<ruleset name="SciPy.org (partial)" default_off="expired">
-
-	<target host="conference.scipy.org" />
-
-
-	<rule from="^http://conference\.scipy\.org/"
-		to="https://conference.scipy.org/" />
+<ruleset name="SciPy.org">
+
+	<target host="scipy.org" />
+	<target host="www.scipy.org" />
+	<target host="bio.scipy.org" />
+	<target host="docs.scipy.org" />
+	<target host="mail.scipy.org" />
+	<target host="scipy2016.scipy.org" />
+	<target host="scipy2017.scipy.org" />
+	<target host="scipy2018.scipy.org" />
+	<target host="swc.scipy.org" />
+	<target host="wavelets.scipy.org" />
+
+	<rule from="^http://scipy\.org/"
+		to="https://www.scipy.org/" />
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/SciVerse.xml b/src/chrome/content/rules/SciVerse.xml
deleted file mode 100644
index 183ccb48b3dc..000000000000
--- a/src/chrome/content/rules/SciVerse.xml
+++ /dev/null
@@ -1,48 +0,0 @@
-<!--
-	For other Elsevier coverage, see Elsevier.xml.
-
-
-	mixedcontent due to gadgetservices/
-
--->
-<ruleset name="SciVerse (partial)" platform="mixedcontent">
-
-	<target host="sciencedirect.com" />
-	<!--	domains:
-			- binary-services
-			- pdn
-			- sdauth
-			- www		-->
-	<target host="*.sciencedirect.com" />
-		<!--	Homepage redirects to http, gagdetservices css throws 404	-->
-		<exclusion pattern="^http://(www\.)?sciencedirect\.com/($|gadgetservices/)" />
-	<target host="*.sciverse.com" />
-	<target host="www.applications.sciverse.com" />
-		<!--	exclusion below		-->
-	<target host="www.hub.sciverse.com" />
-		<exclusion pattern="^http://www\.(applications|hub)\.sciverse\.com/($|action|gadgetservices)" />
-
-
-	<!--	encountered cookies:
-			- ^\.
-			- ^pdn
-			- ^sdauth
-			- ^www		-->
-	<securecookie host="^.*\.sciencedirect\.com$" name=".*" />
-	<securecookie host="^\.sciverse\.com$" name=".*" />
-
-
-	<!--	Cert doesn't match !www.	-->
-	<rule from="^https?://sciencedirect\.com/"
-		to="https://www.sciencedirect.com/" />
-
-	<rule from="^http://(binary-services|pdn|sdauth|www)\.sciencedirect\.com/"
-		to="https://$1.sciencedirect.com/" />
-
-	<rule from="^http://acw\.sciverse\.com/"
-		to="https://acw.sciverse.com/" />
-
-	<rule from="^http://(?:www\.)?(applications|hub)\.sciverse\.com/"
-		to="https://www.$1.sciverse.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Science-Alliance.de.xml b/src/chrome/content/rules/Science-Alliance.de.xml
index 8727b55f7a02..d857688a9253 100644
--- a/src/chrome/content/rules/Science-Alliance.de.xml
+++ b/src/chrome/content/rules/Science-Alliance.de.xml
@@ -8,7 +8,6 @@
 	Mixed content:
 
 		- css on www from www *
-
 		- Images on www from www *
 
 	* Secured by us
@@ -19,10 +18,10 @@
 	<target host="www.science-alliance.de" />
 
 
-	<securecookie host="^www\.science-alliance\.de$" name=".+" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^http://www\.science-alliance\.de/"
-		to="https://www.science-alliance.de/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/ScienceDaily.com-problematic.xml b/src/chrome/content/rules/ScienceDaily.com-problematic.xml
deleted file mode 100644
index 3a20cd015f5a..000000000000
--- a/src/chrome/content/rules/ScienceDaily.com-problematic.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	For rules that are on by default, see ScienceDaily.com.xml.
-
--->
-<ruleset name="SciendeDaily.com (problematic)" default_off="mismatched, self-signed">
-
-	<target host="sciencedaily.com" />
-	<target host="www.sciencedaily.com" />
-
-
-	<rule from="^http://(?:www\.)?sciencedaily\.com/"
-		to="https://www.sciencedaily.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/ScienceDaily.com.xml b/src/chrome/content/rules/ScienceDaily.com.xml
index e96b5aaf314e..e39476482673 100644
--- a/src/chrome/content/rules/ScienceDaily.com.xml
+++ b/src/chrome/content/rules/ScienceDaily.com.xml
@@ -1,23 +1,27 @@
 <!--
-	For problematic rules, see ScienceDaily.com.xml.
-
-
-	Problematic subdomains:
+	CDN buckets:
 
-		- (www.)	(self-signed, cert only matches www)
+		- s3.amazonaws.com/sciencedaily/
+		- d18c4k1slw9ka5.cloudfront.net
 
 
-	CDN buckets:
+	Other ScienceDaily rulesets:
 
-		- s3.amazonaws.com/sciencedaily/
+		- NewsDaily.com.xml
 
 -->
-<ruleset name="ScienceDaily.com (partial)">
+<ruleset name="ScienceDaily.com">
 
+	<target host="sciencedaily.com" />
 	<target host="images.sciencedaily.com" />
+	<target host="www.sciencedaily.com" />
+
+
+	<securecookie host="^\." name="^(?:__qca$|incap_|nlbi_|visid_)" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^https?://images\.sciencedaily\.com/"
-		to="https://d18c4k1slw9ka5.cloudfront.net/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/ScienceForums.net.xml b/src/chrome/content/rules/ScienceForums.net.xml
new file mode 100644
index 000000000000..c5633215dfba
--- /dev/null
+++ b/src/chrome/content/rules/ScienceForums.net.xml
@@ -0,0 +1,12 @@
+<!--
+	Invalid Certificate:
+		blogs.scienceforums.net
+-->
+<ruleset name="ScienceForums.net">
+	<target host="scienceforums.net" />
+	<target host="www.scienceforums.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Science_Careers.org.xml b/src/chrome/content/rules/Science_Careers.org.xml
new file mode 100644
index 000000000000..7a65f732a773
--- /dev/null
+++ b/src/chrome/content/rules/Science_Careers.org.xml
@@ -0,0 +1,41 @@
+<!--
+	For other AAAS coverage, see AAAS.org.xml.
+
+
+	Nonfunctional hosts in *sciencecareers.org:
+
+		- (www.)? *
+		- community *
+		- images *
+		- scforum *
+
+	* Dropped
+
+
+	Insecure cookies are set for these hosts:
+
+		- employers.sciencecareers.org
+		- jobs.sciencecareers.org
+
+-->
+<ruleset name="Science Careers.org (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="employers.sciencecareers.org" />
+	<target host="jobs.sciencecareers.org" />
+	<target host="myidp.sciencecareers.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:employer|job)s\.sciencecareers\.org$" name="^(?:AnonymousUserId|BrowserSession)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
+
diff --git a/src/chrome/content/rules/Science_News.org.xml b/src/chrome/content/rules/Science_News.org.xml
new file mode 100644
index 000000000000..11b4d5e04173
--- /dev/null
+++ b/src/chrome/content/rules/Science_News.org.xml
@@ -0,0 +1,14 @@
+<!--
+	For other Society for Science coverage, see Societyforscience.org.xml.
+
+-->
+<ruleset name="Science News.org">
+
+	<target host="sciencenews.org" />
+	<target host="www.sciencenews.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Science_Node.org.xml b/src/chrome/content/rules/Science_Node.org.xml
new file mode 100644
index 000000000000..b526dac4a490
--- /dev/null
+++ b/src/chrome/content/rules/Science_Node.org.xml
@@ -0,0 +1,27 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- sciencenode.org
+		- test.sciencenode.org
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Science Node.org">
+
+	<target host="sciencenode.org" />
+	<target host="test.sciencenode.org" />
+	<target host="www.sciencenode.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:test\.)?sciencenode\.org$" name="^PHPSESSID$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Scienceathome.org.xml b/src/chrome/content/rules/Scienceathome.org.xml
new file mode 100644
index 000000000000..0ba1fdfadd69
--- /dev/null
+++ b/src/chrome/content/rules/Scienceathome.org.xml
@@ -0,0 +1,12 @@
+<!--
+	Note: All subdomains, other than the ones given as targets, appear
+              to redirect ^http://(.+)\.scienceathome\.org/ to
+                          https://$1.scienceathome.org/$1.
+-->
+<ruleset name="Scienceathome.org">
+	<target host="scienceathome.org" />
+	<target host="www.scienceathome.org" />
+	<target host="blog.scienceathome.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Sciencemag.org.xml b/src/chrome/content/rules/Sciencemag.org.xml
index 995dfae026b4..62f35f9f2206 100644
--- a/src/chrome/content/rules/Sciencemag.org.xml
+++ b/src/chrome/content/rules/Sciencemag.org.xml
@@ -1,44 +1,93 @@
 <!--
-	Nonfunctional domains:
+	Refused:
+		sciencemag.org
+		aaasmember.sciencemag.org
+		breakthroughs.sciencemag.org
+		hwmaint.advances.sciencemag.org
+		apps.sciencemag.org
+		blogs.sciencemag.org
+		comments.sciencemag.org
+		hwmaint.sciencemag.org
+		modencode.sciencemag.org
+		news.sciencemag.org
+			<test url="http://news.sciencemag.org/" />
+			<test url="http://news.sciencemag.org/node/92691/backlinks" />
+		newsquiz.sciencemag.org
+		nextwave.sciencemag.org
+		poster.sciencemag.org
+			<test url="http://poster.sciencemag.org/sem/" />
+			<test url="http://poster.sciencemag.org/" />
+		posters.sciencemag.org
+		sageke.sciencemag.org
+		science.sciencemag.org
+		sciencecareers.sciencemag.org
+			<test url="http://sciencecareers.sciencemag.org/meetings" />
+			<test url="http://sciencecareers.sciencemag.org/" />
+		sciencecareerst.sciencemag.org
+		sciencenow.sciencemag.org
+		signaling.sciencemag.org
+		spark.sciencemag.org
+		specialprojects.sciencemag.org
+		stke.sciencemag.org
+		classic.stke.sciencemag.org
+		video.sciencemag.org
+		webinar.sciencemag.org
+			<test url="http://webinar.sciencemag.org/webinar/archive/emergence-structured-illumination-microscopy-home-built-commercial-solutions" />
+			<test url="http://webinar.sciencemag.org/" />
+		webinars.sciencemag.org
+		xxfiles.sciencemag.org
 
-		- (www.)sciencecareers.org	(times out)
-		- images.sciencecareers.org	(ditto)
-		- jobs.sciencecareers.org	(404, valid cert)
+	Bad certificate:
+		advances.sciencemag.org
+		immunology.sciencemag.org
+		jobs.sciencemag.org
+		metric.sciencemag.org
+		publish.sciencemag.org
+		robotics.sciencemag.org
+		scjobs.sciencemag.org
+		stm.sciencemag.org
 
-		- sciencemag.org subdomains:
+	Secure connection failed:
+		beta.sciencemag.org
 
-			- blogs			(times out)
-			- comments		(times out)
-			- news			(ditto)
-			- sciencecareers	(ditto)
-			- stke
-			- stm
-			- talk			(times out)
-			- video			(ditto)
+	Different content http/https:
+		metrics.sciencemag.org
 
--->
-<ruleset name="Sciencemag.org (partial)" platform="mixedcontent">
+	Time out:
+		newsimages.sciencemag.org
+		news.sciencemag.org
+		recruit.sciencemag.org
 
-	<target host="community.sciencecareers.org" />
-	<target host="sciencemag.org" />
-	<target host="*.sciencemag.org" />
+	No working URL known:
+		oascentral.sciencemag.org
 
+	Private subdomain:
+		cts.sciencemag.org
+		survey.sciencemag.org
 
-	<securecookie host="^\.sciencemag\.org$" name="^OAX$" />
-	<securecookie host="^.+\.sciencemag\.org$" name=".*" />
+	Insecure cookies are set for these hosts:
+		- www.sciencemag.org
 
+	Mixed content:
+		- Images on www.sciencemag.org from $self *
+	* Secured by us
 
-	<rule from="^http://community\.sciencecareers\.org/"
-		to="https://community.sciencecareers.org/" />
+-->
+<ruleset name="Sciencemag.org">
 
-	<!--	- !www doesn't work over https
-		- !www redirects to www over http
+	<target host="sciencemag.org" />
+	<target host="www.sciencemag.org" />
+
+	<!--	Not secured by server:
 					-->
-	<rule from="^https?://(?:www\.)?sciencemag\.org/"
+	<!--securecookie host="^www\.sciencemag\.org$" name="^JSESSIONID$" /-->
+	<securecookie host="^\." name="^OAX$" />
+	<securecookie host=".+\.sciencemag\.org$" name=".+" />
+
+	<rule from="^http://sciencemag\.org/"
 		to="https://www.sciencemag.org/" />
 
-	<rule from="^http://(oascentral|scjobs)\.sciencemag\.org/"
-		to="https://$1.sciencemag.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
-
diff --git a/src/chrome/content/rules/Scieneo.de.xml b/src/chrome/content/rules/Scieneo.de.xml
new file mode 100644
index 000000000000..9e34923a9d1e
--- /dev/null
+++ b/src/chrome/content/rules/Scieneo.de.xml
@@ -0,0 +1,26 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://scieneo.de/ => https://www.scieneo.de/: (51, "SSL: no alternative certificate subject name matches target host name 'www.scieneo.de'")
+Fetch error: http://www.scieneo.de/ => https://www.scieneo.de/: (51, "SSL: no alternative certificate subject name matches target host name 'www.scieneo.de'")
+
+    Nonfunctional subdomains:
+	    - $
+
+    More rulesets for sites by Mirco Neubert:
+	    - Dynatech.de
+	    - Dynavision.de
+-->
+<ruleset name="Scieneo.de" default_off="failed ruleset test">
+    <target host="scieneo.de" />
+    <target host="www.scieneo.de" />
+
+    <securecookie host="^www\.scieneo\.de" name=".+" />
+
+    <!-- Redirect broken domain -->
+    <rule from="^http://scieneo\.de/"
+            to="https://www.scieneo.de/" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Scientific-American.xml b/src/chrome/content/rules/Scientific-American.xml
index 85f2dd7b27a7..670cb6750b6f 100644
--- a/src/chrome/content/rules/Scientific-American.xml
+++ b/src/chrome/content/rules/Scientific-American.xml
@@ -1,48 +1,92 @@
+
 <!--
-	Nonfunctional subdomains:
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.subscribe.scientificamerican.com/ => https://www.subscribe.scientificamerican.com/: (6, 'Could not resolve host: www.subscribe.scientificamerican.com')
+
+	Other Scientific American rulesets:
+
+		- sciamdigital.com.xml
+
+
+	Problematic hosts in *scientificamerican.com:
+
+		- ^ ᶜ
+		- books ᶜ
+		- links.email ᵐ
+
+	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
+	ᵐ Silverpop / mismatched
+
+
+	STS header includes includeSubdomains
+	for subscribe
+
 
-		- books		(revoked)
+	These altnames do not exist:
+
+		- www.subscribe.scientificamerican.com
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- .scientificamerican.com
+		- subscribe.scientificamerican.com
+		- www.scientificamerican.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="Scientific American (partial)" platform="mixedcontent">
+<ruleset name="Scientific American.com (partial)" default_off="failed ruleset test">
 
-	<target host="sciamdigital.com" />
-	<target host="www.sciamdigital.com" />
-	<target host="scientificamerican.com" />
-	<target host="*.scientificamerican.com" />
+	<!--	Direct rewrites:
+				-->
+	<target host="blogs.scientificamerican.com" />
+	<!--target host="books.scientificamerican.com" /-->
+	<target host="static.scientificamerican.com" />
+	<target host="subscribe.scientificamerican.com" />
+	<target host="*.subscribe.scientificamerican.com" />
+	<target host="www.scientificamerican.com" />
+
+		<!--	includeSubdomains applies to one level only, so:
+									-->
+		<exclusion pattern="^http://(?:[^./]+\.){2,}subscribe\.scientificamerican\.com/" />
 
+			<!--	+ve:
+					-->
+			<test url="http://this.host.subscribe.scientificamerican.com/" />
+			<test url="http://exists.not.subscribe.scientificamerican.com/" />
 
-	<!--	Observed cookies:
+		<test url="http://www.subscribe.scientificamerican.com/" />
 
-			- ^\.
-			- ^subscribe
-			- ^www
+		<!--	Sets cookies without Secure:
+							-->
+		<!--test url="http://www.scientificamerican.com/store/subscribe/scientific-american-magazine/" /-->
+
+	<!--	Complications:
 				-->
-	<securecookie host=".*\.scientificamerican.com$" name=".*" />
+	<target host="scientificamerican.com" />
+	<target host="links.email.scientificamerican.com" />
 
 
-	<!--	There may be more pages that
-		don't  redirect to http.	-->
-	<rule from="^http://(www\.)?sciamdigital\.com/(ax/|(cover)?images/|index\.cfm\?fa=Account\.ViewLogin)/"
-		to="https://$1sciamdigital.com/$2/" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.scientificamerican.com$" name="^(?:cfid|cftoken)$" /-->
+	<!--securecookie host="^subscribe\.scientificamerican.com$" name="^JSESSIONID$" /-->
+	<!--securecookie host="^www\.scientificamerican.com$" name="^(?:MOBILEFORMAT|ORIGINALURLTOKEN)$" /-->
 
-	<!--	https://mail1.eff.org/pipermail/https-everywhere-rules/2012-June/001189.html
+	<securecookie host="^\." name="^(?:__qca$|optimizely)" />
+	<securecookie host="^\w" name=".+" />
 
-		https://mail1.eff.org/pipermail/https-everywhere-rules/2012-July/001248.html
 
-	<rule from="^https?://www\.scientificamerican\.com/media/cover/current\.jpg"
-		to="https://www.scientificamerican.com/media/cover/current.cfm" /-->
+	<rule from="^http://scientificamerican\.com/"
+		to="https://www.scientificamerican.com/" />
 
-	<!--	https://trac.torproject.org/projects/tor/ticket/8077
-		https://mail1.eff.org/pipermail/https-everywhere-rules/2013-February/001487.html
-												-->
-	<rule from="^https?://www\.scientificamerican\.com/assets/css/screen/I\.([\w\-\.]+)\.css\.pagespeed\.cf\.\w+\.css$"
-		to="https://www.scientificamerican.com/assets/css/screen/$1.css" />
+	<rule from="^http://links\.email\.scientificamerican\.com/"
+		to="https://recp.links.mkt41.net/" />
 
-	<rule from="^https?://www\.scientificamerican\.com/(.+)\.pagespeed\..*$"
-		to="https://www.scientificamerican.com/$1" />
+		<test url="http://links.email.scientificamerican.com/ctt?kn=26&amp;ms=NDc5ODcyOTYS1" />
 
-	<rule from="^http://(subscribe\.|www\.)?scientificamerican\.com/"
-		to="https://$1scientificamerican.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Scientific.Net.xml b/src/chrome/content/rules/Scientific.Net.xml
index d77db7be19ac..7f7e840955cf 100644
--- a/src/chrome/content/rules/Scientific.Net.xml
+++ b/src/chrome/content/rules/Scientific.Net.xml
@@ -1,10 +1,10 @@
-<ruleset name="Scientific.Net" default_off="mismatch">
+<ruleset name="Scientific.Net" default_off="mismatched">
 
 	<!--	cert: *.stp.net		-->
 	<target host="scientific.net"/>
 	<target host="www.scientific.net"/>
 
-	<securecookie host="^www\.scientific\.net$" name=".*"/>
+	<securecookie host="^www\.scientific\.net$" name=".+" />
 
 	<!--	!www redirects to www	-->
 	<rule from="^http://(?:www\.)?scientific\.net/"
diff --git a/src/chrome/content/rules/Scientificlinux.org.xml b/src/chrome/content/rules/Scientificlinux.org.xml
index 3bfc07aa1c21..2e24e9fe3312 100644
--- a/src/chrome/content/rules/Scientificlinux.org.xml
+++ b/src/chrome/content/rules/Scientificlinux.org.xml
@@ -1,10 +1,22 @@
-<ruleset name="Scientificlinux.org">
+<!--
+	Handshake failure:
+		content.scientificlinux.org
+
+	Time out:
+		ftp.scientificlinux.org
+		ftp1.scientificlinux.org
+		ftp2.scientificlinux.org
+
+	Invalid certificate:
+		ww.scientificlinux.org
+
+-->
+<ruleset name="Scientific Linux.org">
 
 	<target host="scientificlinux.org" />
 	<target host="www.scientificlinux.org" />
 
-
-	<rule from="^http://(www\.)?scientificlinux\.org/"
-		to="https://$1scientificlinux.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Scintilla.utwente.xml b/src/chrome/content/rules/Scintilla.utwente.xml
deleted file mode 100644
index 65f2ed60b4de..000000000000
--- a/src/chrome/content/rules/Scintilla.utwente.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="Scintilla.utwente.nl">
-	<target host="www.scintilla.utwente.nl" />
-	<target host="scintilla.utwente.nl" />
-	<rule from="^http://www\.scintilla\.utwente\.nl/" to="https://www.scintilla.utwente.nl/"/>
-</ruleset>
-<!-- Rule generated by HTTPS Finder 0.69 -->
diff --git a/src/chrome/content/rules/Scoop.it.xml b/src/chrome/content/rules/Scoop.it.xml
index 42519c6a0c2c..565b4511ec43 100644
--- a/src/chrome/content/rules/Scoop.it.xml
+++ b/src/chrome/content/rules/Scoop.it.xml
@@ -19,7 +19,8 @@
 <ruleset name="Scoop.it (partial)">
 
 	<target host="scoop.it" />
-	<target host="*.scoop.it" />
+	<target host="www.scoop.it" />
+	<target host="img.scoop.it" />
 		<!--exclusion pattern="^http://www\.scoop\.it/($|\?|(lostpassword|t/cultivating-community/js)($|\?))" /-->
 
 
@@ -30,6 +31,6 @@
 		to="https://www.scoop.it/$1" />
 
 	<rule from="^http://img\.scoop\.it/"
-		to="https://d1lojpvs1j5ni5.cloudfront.net/" />
+		to="https://img.scoop.it/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Scooter-Attack.xml b/src/chrome/content/rules/Scooter-Attack.xml
index 09e79ea8d4fb..ed531bb85c47 100644
--- a/src/chrome/content/rules/Scooter-Attack.xml
+++ b/src/chrome/content/rules/Scooter-Attack.xml
@@ -1,20 +1,62 @@
+
 <!--
-	Nonfunctional subdomains:
+Disabled by https-everywhere-checker because:
+Fetch error: http://stats.scooter-attack.com/ => https://stats.scooter-attack.com/: (28, 'Connection timed out after 20001 milliseconds')
 
-		- b2b		(http & https data differ)
-		- forum		(no https)
+	Nonfunctional hosts in *scooter-attack.com:
 
--->
-<ruleset name="Scooter-Attack (partial)">
+		- b2b ¹
+		- forum ²
+
+	¹ Shows default page
+	² 522
+
+
+	^scooter-attack.com: 521
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .scooter-attack.com
+		- .rollerhaendler.scooter-attack.com
+		- shop.scooter-attack.com
 
+
+	Mixed content:
+
+		- Bug on www from stats.scooter-attack.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Scooter-Attack.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="rollerhaendler.scooter-attack.com" />
+	<target host="shop.scooter-attack.com" />
+	<target host="stats.scooter-attack.com" />
+	<target host="webshop.scooter-attack.com" />
+	<target host="www.scooter-attack.com" />
+
+	<!--	Complications:
+				-->
 	<target host="scooter-attack.com" />
-	<target host="*.scooter-attack.com" />
 
 
-	<securecookie host="^(?:\.rollerhaendler\.|shop)?\.scooter-attack\.com$" name=".+" />
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.scooter-attack\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+	<!--securecookie host="^\.rollerhaendler\.scooter-attack\.com$" name="^(?:cookie_test|rhlanguage)$" /-->
+	<!--securecookie host="^shop\.scooter-attack\.com$" name="^SASESSIONID$" /-->
+
+	<securecookie host=".+" name=".+" />
+
 
+	<rule from="^http://scooter-attack\.com/"
+		to="https://www.scooter-attack.com/" />
 
-	<rule from="^http://(rollerhaendler\.|(?:web)?shop\.|www\.)?scooter-attack\.com/"
-		to="https://$1scooter-attack.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ScopLePave.org.xml b/src/chrome/content/rules/ScopLePave.org.xml
new file mode 100644
index 000000000000..57054393cc45
--- /dev/null
+++ b/src/chrome/content/rules/ScopLePave.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="ScopLePave.org">
+
+	<target host="scoplepave.org" />
+	<target host="www.scoplepave.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Scopus.xml b/src/chrome/content/rules/Scopus.xml
index 02b606add1b0..8d53890c6918 100644
--- a/src/chrome/content/rules/Scopus.xml
+++ b/src/chrome/content/rules/Scopus.xml
@@ -1,21 +1,44 @@
 <!--
 	For other Elsevier coverage, see Elsevier.xml.
 
--->
-<ruleset name="Scopus" platform="mixedcontent">
+	Login required:
+		admintool.scopus.com
 
-	<target host="scopus.com" />
-	<target host="*.scopus.com" />
+	Refused:
+		cert-*.scopus.com
+		help.scopus.com
+		info.scopus.com
+		www.info.scopus.com
+		searchapidocs.scopus.com
 
+	No working URL known:
+		develop-www.scopus.com
+		searchapi.scopus.com
 
-	<securecookie host="^.*\.scopus\.com$" name=".*" />
+	Invalid certificate:
+		metrics.scopus.com
 
+	Connection reset:
+		admin.step.scopus.com
+		suggestor.step.scopus.com
 
-	<rule from="^https?://(?:www\.)?scopus\.com/"
-		to="https://www.scopus.com/" />
+-->
+<ruleset name="Scopus">
 
-	<!--	Involved in authentication.	-->
-	<rule from="^http://acw\.scopus\.com/"
-		to="https://acw.scopus.com/" />
+	<target host="scopus.com" />
+	<target host="www.scopus.com" />
+	<target host="10.scopus.com" />
+	<target host="acw.scopus.com" /><!-- Involved in authentication. -->
+	<target host="blog.scopus.com" />
+	<target host="develop-tutorials.scopus.com" />
+	<target host="journalmetrics.scopus.com" />
+	<target host="logger.scopus.com" />
+	<target host="pie-www.scopus.com" />
+	<target host="syndic8.scopus.com" />
+	<target host="tutorials.scopus.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"	to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Score_Restore.com.xml b/src/chrome/content/rules/Score_Restore.com.xml
index a4be1ccaadd2..fc74c9c2907b 100644
--- a/src/chrome/content/rules/Score_Restore.com.xml
+++ b/src/chrome/content/rules/Score_Restore.com.xml
@@ -1,13 +1,12 @@
 <ruleset name="Score Restore.com">
 
 	<target host="scorerestore.com" />
-	<target host="*.scorerestore.com" />
+	<target host="www.scorerestore.com" />
 
 
 	<securecookie host="^(?:w*\.)?scorerestore\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?scorerestore\.com/"
-		to="https://$1scorerestore.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/ScorecardResearch.com.xml b/src/chrome/content/rules/ScorecardResearch.com.xml
index cd122695f437..ea7e096249b3 100644
--- a/src/chrome/content/rules/ScorecardResearch.com.xml
+++ b/src/chrome/content/rules/ScorecardResearch.com.xml
@@ -1,39 +1,91 @@
 <!--
 	For other Full Circle Studies coverage, see Full-Circle-Studies.xml.
 
-
-	CDN buckets:
-
-		- sb.scorecardresearch.com.edgekey.net
-		- b.scorecardresearch.com.edgesuite.net
-
-
-	Problematic subdomains:
-
-		- b	(works, akamai)
-
-
-	Fully covered subdomains:
-
-		- (www.)
-		- b		(→ sb)
-		- s
-
+	Chain issues:
+		- g
+
+	TLS errors:
+		- stg
+
+	Cert mismatch:
+		- c.scorecardresearch.com
+		- download.scorecardresearch.com
+		- h.scorecardresearch.com
+		- sa.ia1.scorecardresearch.com
+		- udm.ia1.scorecardresearch.com
+		- sa.ia2.scorecardresearch.com
+		- udm.ia2.scorecardresearch.com
+		- sa.ia3.scorecardresearch.com
+		- udm.ia4.scorecardresearch.com
+		- udm.ia5.scorecardresearch.com
+		- udm.ia8.scorecardresearch.com
+		- udm.ia9.scorecardresearch.com
+		- sa.ia4.scorecardresearch.com
+		- sa.ia5.scorecardresearch.com
+		- sa.ia6.scorecardresearch.com
+		- udm.ia6.scorecardresearch.com
+		- sa.ia7.scorecardresearch.com
+		- udm.ia7.scorecardresearch.com
+		- sa.ia8.scorecardresearch.com
+		- sa.ia9.scorecardresearch.com
+		- sa.iaa.scorecardresearch.com
+		- udm.iaa.scorecardresearch.com
+		- rediff-w3.scorecardresearch.com
+		- udm.ri1.scorecardresearch.com
+		- udm.ri3.scorecardresearch.com
+		- udm.ri2.scorecardresearch.com
+		- udm.ri4.scorecardresearch.com
+		- sa.ri1.scorecardresearch.com
+		- sa.ri2.scorecardresearch.com
+		- sa.ri3.scorecardresearch.com
+		- sa.ri5.scorecardresearch.com
+		- sa.ri4.scorecardresearch.com
+		- udm.ri5.scorecardresearch.com
+		- udm.ri6.scorecardresearch.com
+		- sa.ri6.scorecardresearch.com
+		- udm.ri7.scorecardresearch.com
+		- udm.ri8.scorecardresearch.com
+		- udm.ri9.scorecardresearch.com
+		- udm.ria.scorecardresearch.com
+		- sa.ri8.scorecardresearch.com
+		- sa.ri9.scorecardresearch.com
+		- sa.ria.scorecardresearch.com
 -->
 <ruleset name="ScorecardResearch.com">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="scorecardresearch.com" />
-	<target host="*.scorecardresearch.com" />
-
-
+	<target host="www.scorecardresearch.com" />
+
+	<target host="beacon.scorecardresearch.com" />
+	<target host="d.scorecardresearch.com" />
+	<target host="panel.scorecardresearch.com" />
+	<target host="seb.scorecardresearch.com" />
+	<target host="sb.scorecardresearch.com" />
+	<target host="sb-stage.scorecardresearch.com" />
+	<target host="sb6.scorecardresearch.com" />
+	<target host="sc.scorecardresearch.com" />
+	<target host="test.scorecardresearch.com" />
+	<target host="udm.scorecardresearch.com" />
+	<target host="sa.scorecardresearch.com" />
+
+	<!--	Complications:
+				-->
+	<target host="b.scorecardresearch.com" />
+
+
+	<!--	Not secured by server:
+					-->
 	<!--securecookie host="^\.scorecardresearch\.com$" name="^(UID|UIDR)$" /-->
-	<securecookie host="^(?:.*\.)?scorecardresearch\.com$" name=".+" />
 
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(www\.)?scorecardresearch\.com/"
-		to="https://$1scorecardresearch.com/" />
 
-	<rule from="^http://s?b\.scorecardresearch\.com/"
+	<rule from="^http://b\.scorecardresearch\.com/"
 		to="https://sb.scorecardresearch.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Scot_Borders.gov.uk.xml b/src/chrome/content/rules/Scot_Borders.gov.uk.xml
new file mode 100644
index 000000000000..e56570815284
--- /dev/null
+++ b/src/chrome/content/rules/Scot_Borders.gov.uk.xml
@@ -0,0 +1,56 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://mapping.scotborders.gov.uk/ => https://mapping.scotborders.gov.uk/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.scotborders.gov.uk/ => https://www.scotborders.gov.uk/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	Scottish Borders Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *scotborders.gov.uk:
+
+		- councilpapers ⁴
+		- eplanning ᵈ
+		- maps ᵈ
+
+	⁴ 404
+	ᵈ Dropped
+
+
+	^scotborders.gov.uk doesn't exist.
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- www.scotborders.gov.uk
+		- .www.scotborders.gov.uk
+
+
+	Mixed content:
+
+		- Images on www from $self ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="Scot Borders.gov.uk" default_off="failed ruleset test">
+
+	<target host="mapping.scotborders.gov.uk" />
+	<target host="www.scotborders.gov.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.scotborders\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^\.www\.scotborders\.gov\.uk$" name="^TestCookie$" /-->
+
+	<securecookie host="^\w" name=".+" />
+	<securecookie host="^\.www\." name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Scotch.io.xml b/src/chrome/content/rules/Scotch.io.xml
new file mode 100644
index 000000000000..bcc41bc4ec1d
--- /dev/null
+++ b/src/chrome/content/rules/Scotch.io.xml
@@ -0,0 +1,42 @@
+<!--
+	Problematic hosts in *scotch.io:
+
+		- shop *
+
+	* Shopify
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .scotch.io
+		- shop.scotch.io
+
+-->
+<ruleset name="Scotch.io (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="scotch.io" />
+	<target host="cask.scotch.io" />
+	<target host="www.scotch.io" />
+
+	<!--	Complications:
+				-->
+	<!--target host="shop.scotch.io" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.scotch\.io$" name="^(__cfduid|cf_clearance)$" /-->
+	<!--securecookie host="^shop\.scotch\.io$" name="^cart$" /-->
+
+	<securecookie host="^\.scotch\.io$" name="^(?:__cfduid|cf_clearance)$" />
+
+
+	<!--rule from="^http://shop\.scotch\.io/"
+		to="https://???.myshopify.com/" /-->
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Scotland.gov.uk.xml b/src/chrome/content/rules/Scotland.gov.uk.xml
new file mode 100644
index 000000000000..c1a3a2fffc16
--- /dev/null
+++ b/src/chrome/content/rules/Scotland.gov.uk.xml
@@ -0,0 +1,33 @@
+<!--
+	For other UK government coverage, see GOV.UK.xml.
+
+	Non-functional hosts
+		Timeout was reached:
+		- scotland.gov.uk
+		- labs.data.scotland.gov.uk
+		- simd.scotland.gov.uk
+		- www.scotland.gov.uk
+
+		SSL peer certificate was not OK:
+		- aquaculture.scotland.gov.uk
+		- business.scotland.gov.uk
+		- dpea.scotland.gov.uk
+		- environment.scotland.gov.uk
+		- www.environment.scotland.gov.uk
+		- marine.scotland.gov.uk
+		- news.scotland.gov.uk
+		- news.scotland.gov.uk
+		- pirc.scotland.gov.uk
+
+		Peer certificate cannot be authenticated with given CA certificates:
+		- blogs.scotland.gov.uk
+-->
+<ruleset name="Scotland.gov.uk (partial)">
+	<target host="consult.scotland.gov.uk" />
+	<target host="www.dpea.scotland.gov.uk" />
+	<target host="housingcharter.scotland.gov.uk" />
+	<target host="www.marine.scotland.gov.uk" />
+	<target host="register.scotland.gov.uk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Scott-Hanselman.xml b/src/chrome/content/rules/Scott-Hanselman.xml
index de162c074632..7584296ac7d7 100644
--- a/src/chrome/content/rules/Scott-Hanselman.xml
+++ b/src/chrome/content/rules/Scott-Hanselman.xml
@@ -1,15 +1,18 @@
-<ruleset name="Scott Hanselman" default_off="expired">
+<!--
 
-	<target host="hanselman.com" />
-	<target host="*.hanselman.com" />
+	Problematic hosts in *hanselman.com:
+
+		- m (mismatched)
 
+-->
+<ruleset name="Scott Hanselman">
 
-	<securecookie host="^www\.hanselman\.com$" name=".*" />
+	<target host="hanselman.com" />
+	<target host="www.hanselman.com" />
 
+	<securecookie host="^www\.hanselman\.com$" name=".+" />
 
-	<!--	!www redirects to www.
-		Cert isn't valid for m.	-->
-	<rule from="^https?://(?:m\.|www\.)?hanselman\.com/"
-		to="https://www.hanselman.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Scottbrand.com.xml b/src/chrome/content/rules/Scottbrand.com.xml
index 5030dd155755..d2ba111e65b5 100644
--- a/src/chrome/content/rules/Scottbrand.com.xml
+++ b/src/chrome/content/rules/Scottbrand.com.xml
@@ -1,6 +1,27 @@
-<ruleset name="Scottbrand.com">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://scottbrand.com/ => https://scottbrand.com/: (51, "SSL: no alternative certificate subject name matches target host name 'scottbrand.com'")
+
+	Insecure cookies are set for these hosts:
+
+		- scottbrand.com
+		- www.scottbrand.com
+
+-->
+<ruleset name="Scottbrand.com" default_off="failed ruleset test">
   <target host="scottbrand.com" />
   <target host="www.scottbrand.com" />
 
-  <rule from="^http://(www\.)?scottbrand\.com/" to="https://www.scottbrand.com/" />
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^scottbrand\.com$" name="^BIGipServer[\w.]+$" /-->
+	<!--securecookie host="^www\.scottbrand\.com$" name="^(?:ASP\.NET_SessionId|BIGipServer[\w.]+)$" /-->
+
+	<securecookie host="^(?:www\.)?scottbrand\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Scottevest.xml b/src/chrome/content/rules/Scottevest.xml
index 0698b2669702..a9eec98b1ed1 100644
--- a/src/chrome/content/rules/Scottevest.xml
+++ b/src/chrome/content/rules/Scottevest.xml
@@ -2,8 +2,7 @@
   <target host="scottevest.com" />
   <target host="www.scottevest.com" />
 
-  <securecookie host="^(.+\.)?scottevest\.com$" name=".*"/>
+  <securecookie host=".+" name=".+" />
 
-  <rule from="^http://scottevest\.com/" to="https://scottevest.com/"/>
-  <rule from="^http://www\.scottevest\.com/" to="https://www.scottevest.com/"/>
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Scottish-Country-Cottages.co.uk.xml b/src/chrome/content/rules/Scottish-Country-Cottages.co.uk.xml
new file mode 100644
index 000000000000..92c2f51f9b2e
--- /dev/null
+++ b/src/chrome/content/rules/Scottish-Country-Cottages.co.uk.xml
@@ -0,0 +1,20 @@
+<!--
+	For other Wyndham related rulesets, see WyndhamHotels.com.xml
+
+	Non-functional hosts
+		Timeout was reached:
+		- scottish-country-cottages.co.uk
+
+		Mixed content blocking (MCB) triggered:
+		- www.scottish-country-cottages.co.uk
+-->
+<ruleset name="Scottish-Country-Cottages.co.uk" platform="mixedcontent">
+	<target host="scottish-country-cottages.co.uk" />
+	<target host="www.scottish-country-cottages.co.uk" />
+
+	<rule from="^http://scottish-country-cottages\.co\.uk/"
+		to="https://www.scottish-country-cottages.co.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Scottish_Power.xml b/src/chrome/content/rules/Scottish_Power.xml
index baf9256e0a02..27cddc985bb7 100644
--- a/src/chrome/content/rules/Scottish_Power.xml
+++ b/src/chrome/content/rules/Scottish_Power.xml
@@ -27,7 +27,6 @@
 	<securecookie host="^www\.scottishpower\.co\.uk$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?scottishpower\.co\.uk/"
-		to="https://www.scottishpower.co.uk/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Scottish_Power_Pipe_Band.xml b/src/chrome/content/rules/Scottish_Power_Pipe_Band.xml
index f2c3e371402c..3d17cfeea46c 100644
--- a/src/chrome/content/rules/Scottish_Power_Pipe_Band.xml
+++ b/src/chrome/content/rules/Scottish_Power_Pipe_Band.xml
@@ -16,7 +16,6 @@
 	<securecookie host="^www\.scottishpowerpipeband\.com$" name=".+" />
 
 
-	<rule from="^http://www\.scottishpowerpipeband\.com/"
-		to="https://www.scottishpowerpipeband.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Scottish_Windfest.xml b/src/chrome/content/rules/Scottish_Windfest.xml
deleted file mode 100644
index 39580ddab970..000000000000
--- a/src/chrome/content/rules/Scottish_Windfest.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Scottish Windfest">
-
-	<target host="scottishwindfest.com" />
-	<target host="*.scottishwindfest.com" />
-
-
-	<securecookie host="^(?:.*\.)?scottishwindfest\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?scottishwindfest\.com/"
-		to="https://$1scottishwindfest.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Scottlinux.com.xml b/src/chrome/content/rules/Scottlinux.com.xml
new file mode 100644
index 000000000000..1dac623531ce
--- /dev/null
+++ b/src/chrome/content/rules/Scottlinux.com.xml
@@ -0,0 +1,26 @@
+<!--
+	www: cert only matches ^scottlinux.com.
+
+
+	Mixed content:
+
+		- favicon from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="scottlinux.com">
+
+	<target host="scottlinux.com" />
+	<target host="www.scottlinux.com" />
+
+
+	<!--	Some, but not all, secured by server:
+							-->
+	<securecookie host="^scottlinux\.com$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?scottlinux\.com/"
+		to="https://scottlinux.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Scrambl3.com.xml b/src/chrome/content/rules/Scrambl3.com.xml
new file mode 100644
index 000000000000..42ab37dfe284
--- /dev/null
+++ b/src/chrome/content/rules/Scrambl3.com.xml
@@ -0,0 +1,15 @@
+<ruleset name="Scrambl3.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="scrambl3.com" />
+	<target host="www.scrambl3.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Scrap_Orchard.xml b/src/chrome/content/rules/Scrap_Orchard.xml
index bebe6a33f543..d6a2fce8a737 100644
--- a/src/chrome/content/rules/Scrap_Orchard.xml
+++ b/src/chrome/content/rules/Scrap_Orchard.xml
@@ -1,13 +1,19 @@
-<ruleset name="Scrap Orchard">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://scraporchard.com/ => https://scraporchard.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.scraporchard.com/ => https://www.scraporchard.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+-->
+<ruleset name="Scrap Orchard" default_off="failed ruleset test">
 
 	<target host="scraporchard.com" />
-	<target host="*.scraporchard.com" />
+	<target host="www.scraporchard.com" />
 
 
 	<securecookie host="^\.?scraporchard\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?scraporchard\.com/"
-		to="https://$1scraporchard.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ScraperWiki.com.xml b/src/chrome/content/rules/ScraperWiki.com.xml
new file mode 100644
index 000000000000..c2c710456e52
--- /dev/null
+++ b/src/chrome/content/rules/ScraperWiki.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="ScraperWiki.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="scraperwiki.com" />
+	<target host="blog.scraperwiki.com" />
+	<target host="www.scraperwiki.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Scrapy.org.xml b/src/chrome/content/rules/Scrapy.org.xml
new file mode 100644
index 000000000000..aedf5c18402f
--- /dev/null
+++ b/src/chrome/content/rules/Scrapy.org.xml
@@ -0,0 +1,16 @@
+<!--
+	Connection closed:
+		- mail
+
+	Timeout:
+		- snippets
+		- static
+-->
+<ruleset name="Scrapy.org">
+	<target host="scrapy.org" />
+	<target host="www.scrapy.org" />
+	<target host="doc.scrapy.org" />
+	<target host="docs.scrapy.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ScreenCraft.org.xml b/src/chrome/content/rules/ScreenCraft.org.xml
new file mode 100644
index 000000000000..84a46031a528
--- /dev/null
+++ b/src/chrome/content/rules/ScreenCraft.org.xml
@@ -0,0 +1,25 @@
+<!--
+	www.screencraft.org: WP Engine
+
+-->
+<ruleset name="ScreenCraft.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="screencraft.org" />
+
+	<!--	Complications:
+				-->
+	<target host="www.screencraft.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://www\.screencraft\.org/"
+		to="https://screencraft.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Screen_International.xml b/src/chrome/content/rules/Screen_International.xml
index ff79c00f89f7..a3c082b57e54 100644
--- a/src/chrome/content/rules/Screen_International.xml
+++ b/src/chrome/content/rules/Screen_International.xml
@@ -20,4 +20,4 @@
 	<rule from="^http://(?:www\.)?screendaily\.com/"
 		to="https://www.screendaily.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Screencast-o-Matic.com.xml b/src/chrome/content/rules/Screencast-o-Matic.com.xml
new file mode 100644
index 000000000000..2e3a7abfa191
--- /dev/null
+++ b/src/chrome/content/rules/Screencast-o-Matic.com.xml
@@ -0,0 +1,40 @@
+<!--
+	Cert expired:
+		- dev
+		- v1
+
+	Cert mismatch:
+		- cf
+		- data
+		- r.email2
+		- feedback
+		- files
+		- screenshots
+
+	Connection refused:
+		- email
+
+	Self-Signed cert
+		- sandbox
+
+	Timeout:
+		- db
+		- db2
+		- email2
+		- ws1
+		- www2
+-->
+<ruleset name="Screencast-o-Matic">
+
+	<target host="screencast-o-matic.com" />
+	<target host="www.screencast-o-matic.com" />
+	<target host="feed.screencast-o-matic.com" />
+	<target host="get-pro-screen-recorder.screencast-o-matic.com" />
+	<target host="help.screencast-o-matic.com" />
+	<target host="v2.screencast-o-matic.com" />
+	<target host="widget.screencast-o-matic.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Screenshot.ru.xml b/src/chrome/content/rules/Screenshot.ru.xml
deleted file mode 100644
index 392a4c79c7ce..000000000000
--- a/src/chrome/content/rules/Screenshot.ru.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	CN: secure-hosting.ru
-
-
-	Some pages don't work.
-
--->
-<ruleset name="Screenshot.ru (partial)" default_off="mismatched, self-signed">
-
-	<target host="screenshot.ru" />
-	<target host="www.screenshot.ru" />
-
-
-	<rule from="^http://(?:www\.)?screenshot\.ru/(?=favicon\.ico|images/|public/)"
-		to="https://screenshot.ru/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Screenshot_machine.xml b/src/chrome/content/rules/Screenshot_machine.xml
index 662bb5e8f930..17dc76efa95b 100644
--- a/src/chrome/content/rules/Screenshot_machine.xml
+++ b/src/chrome/content/rules/Screenshot_machine.xml
@@ -13,7 +13,6 @@
 	<securecookie host="^(?:www\.)?screenshotmachine\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?screenshotmachine\.com/"
-		to="https://$1screenshotmachine.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ScribbleLive.com-falsemixed.xml b/src/chrome/content/rules/ScribbleLive.com-falsemixed.xml
new file mode 100644
index 000000000000..b9694bb8c307
--- /dev/null
+++ b/src/chrome/content/rules/ScribbleLive.com-falsemixed.xml
@@ -0,0 +1,48 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www2.scribblelive.com/? => https://www.scribblelive.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.scribblelive.com'")
+Fetch error: http://www.scribblelive.com/ => https://www.scribblelive.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.scribblelive.com'")
+Fetch error: http://www2.scribblelive.com/ => https://www.scribblelive.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.scribblelive.com'")
+
+	For rules not causing false/broken MCB, see ScribbleLive.com.xml.
+
+-->
+<ruleset name="ScribbleLive.com (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.scribblelive.com" />
+
+	<!--	Complications:
+				-->
+	<target host="www2.scribblelive.com" />
+
+		<!--	Handled in ScribbleLive.com.xml:
+							-->
+		<exclusion pattern="^http://www2\.scribblelive\.com/+(?!$|\?)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www2.scribblelive.com//css/form.css?ver=20121030" />
+			<test url="http://www2.scribblelive.com/css/form.css?ver=20121030" />
+			<test url="http://www2.scribblelive.com/l/27242/2015-06-22/2gzglf" />
+			<test url="http://www2.scribblelive.com//l/27242/2015-06-22/2gzglf" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<!--	Redirect drops args and
+		forward slash:
+				-->
+	<rule from="^http://www2\.scribblelive\.com/.*"
+		to="https://www.scribblelive.com/" />
+
+		<test url="http://www2.scribblelive.com//" />
+		<test url="http://www2.scribblelive.com/?" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ScribbleLive.com.xml b/src/chrome/content/rules/ScribbleLive.com.xml
new file mode 100644
index 000000000000..f3feaff9a0c7
--- /dev/null
+++ b/src/chrome/content/rules/ScribbleLive.com.xml
@@ -0,0 +1,106 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://help.scribblelive.com/hc (200) => https://scribblelive.zendesk.com/hchc (404)
+Fetch error: http://scribblelive.com/ => https://scribblelive.com/: (51, "SSL: no alternative certificate subject name matches target host name 'scribblelive.com'")
+
+	For rules causing false/broken MCB, see ScribbleLive.com-falsemixed.xml.
+
+
+	CDN buckets:
+
+		- s3.amazonaws.com/images.scribblelive.com/
+		- dv4dx4g3w8ea8.cloudfront.net
+
+
+	Problematic hosts in *scribblelive.com:
+
+		- help ¹
+		- www ²
+		- www2 ¹
+
+	² Mixed css
+	¹ Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- client.scribblelive.com
+		- www.scribblelive.com
+		- www2.scribblelive.com
+
+
+	Mixed content:
+
+		- css on www from $self *
+
+		- IMages, on:
+
+			- www from cdn.scribblelive.com *
+			- www from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="ScribbleLive.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="scribblelive.com" />
+	<target host="cdn.scribblelive.com" />
+	<target host="client.scribblelive.com" />
+	<target host="images.scribblelive.com" />
+	<target host="market.scribblelive.com" />
+	<!--target host="www.scribblelive.com" /-->
+
+	<!--	Complications:
+				-->
+	<target host="help.scribblelive.com" />
+	<target host="www2.scribblelive.com" />
+
+		<!--	Mixed css at rewrite destination:
+							-->
+		<exclusion pattern="^http://www2\.scribblelive\.com/+(?:\?.*)?$" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www2.scribblelive.com//?" />
+			<test url="http://www2.scribblelive.com///" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^client\.scribblelive\.com$" name="^LoggedIn$" /-->
+	<!--securecookie host="^www\.scribblelive\.com$" name="^wfvt_\d+$" /-->
+	<!--securecookie host="^www2\.scribblelive\.com$" name="^(?:pardot|visitor_id\d+)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<!--	Redirect drops args and forward slash:
+							-->
+	<rule from="^http://help\.scribblelive\.com/+([^?]*)(?:\?.*)?"
+		to="https://scribblelive.zendesk.com/hc$1" />
+
+		<test url="http://help.scribblelive.com//" />
+		<test url="http://help.scribblelive.com/?" />
+		<test url="http://help.scribblelive.com/hc" />
+
+	<!--	Redirect drops args and forward slash:
+							-->
+	<!--rule from="^http://www2\.scribblelive\.com/+(?:\?.*)?$"
+		to="https://www.scribblelive.com/" /-->
+
+		<test url="http://www2.scribblelive.com//" />
+		<test url="http://www2.scribblelive.com/?" />
+
+	<rule from="^http://www2\.scribblelive\.com/"
+		to="https://go.pardot.com/" />
+
+		<test url="http://www2.scribblelive.com/css/form.css?ver=20121030" />
+		<test url="http://www2.scribblelive.com/l/27242/2015-06-22/2gzglf" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Scribd.com.xml b/src/chrome/content/rules/Scribd.com.xml
index c7cd480ccd12..560af2cef19a 100644
--- a/src/chrome/content/rules/Scribd.com.xml
+++ b/src/chrome/content/rules/Scribd.com.xml
@@ -1,15 +1,5 @@
 <!--
 	CDN buckets:
-
-		- s3.amazonaws.com/assets.scribd.com/
-		- s3.amazonaws.com/html.scribd.com/
-
-		- s3.amazonaws.com/reflow.scribd.com/...
-
-			- img.scribd.com
-
-		- s3.amazonaws.com/sprited-images.scribd.com/
-		- s3.amazonaws.com/s3.scribd.com/
 		- d.scribd.com.cdngc.net
 
 		- s.scribd.com.cdngc.net/...
@@ -43,97 +33,111 @@
 
 		- scribd.com subdomains:
 
-			- d *
-			- img				(AmazonWS: "NoSuchBucket")
-			- rat				(times out)
-			- rs[15]?			(times out, alias for rat)
-			- support			(redirects to http; mismatched, CN: *.zendesk.com)
+			- blog ¹
+			- d ²
+			- support ³
+      - html
 
-		- scribdassets.com subdomains:
-
-			- img **
-			- imgv2 *
-			- imgv2-[1-4] **
-
-	* 403, CN: ssl2.cdngc.net
-	** 403, CN: ssl.cdngc.net
+	¹ wpengine
+	² AmazonAWS 403; mismatched, CN: ssl2?.cdngc.net
+	³ Zendesk.com
 
 
 	Problematic domains:
 
 		- scribd.com subdomains:
 
-			- www
+			- img ¹
+			- s ²
 
-				- Many pages redirect to http
-				- docs don't, but login from docs does and so breaks
+		- img.scribdassets.com ²
+		- img[1-4].scribdassets.com ²
 
-			- html				(mismatched, CN: s3.amazonaws.com)
-			- s *
+	² 403; mismatched, CN: ssl2?.cdngc.net
 
-		- scribdassets.com subdomains:
 
-			- fonts[1-4] **
-			- html **
-			- html[1-4] **
-			- htmlimg **
-			- htmlimg[1-4] **
-			- s[1-4]			(works, akamai)
-			- s[56] **
-			- s[78] *
+	Partially covered domains:
 
+		- (www.)?scribd.com *
 
-	* 403, CN: ssl.cdngc.net
-	** 403, CN: ssl2.cdngc.net
+	* docs/ redirects to http
 
 
 	Fully covered domains:
 
 		- scribd.com subdomains:
 
+			- ^
 			- fonts
-			- html			(→ s3.amazonaws.com/html.scribd.com/)
 			- htmlcdn
+			- img		(-> s3.amazonaws.com)
 			- origin-s
-			- s			(→ origin-s)
-			- sprinted-images	(→ s3.amazonaws.com/sprinted-images.scribd.com/)
+			- rat
+			- rs
+
+			- rs\d:
+
+				- [1-8]
+
+			- s		(→ www)
 
 		- scribdassets.com subdomains:
 
-			- html			(→ s3.amazonaws.com/html.scribd.com/)
-			- html[1-4]		(→ s3.amazonaws.com/html.scribd.com/)
-			- htmlimg		(→ s3.amazonaws.com/html.scribd.com/)
-			- htmlimg[1-4]		(→ s3.amazonaws.com/html.scribd.com/)
-			- s[1-8]		(→ origin-s.scribd.com)
+			- fonts\d:
 
--->
-<ruleset name="Scribd.com (partial)">
+				- [1-4]
 
-	<target host="scribd.com" />
-	<target host="*.scribd.com" />
-		<exclusion pattern="^http://(?:www\.)?scribd\.com/(?!aggregated/|embeds/|images/|login(?:$|\?/)|options/|ssi/)" />
-	<target host="*.scribdassets.com" />
+			- htmlimg\d:
+
+				- [1-4]
+
+			- img\d:	(-> imgv2-\1)
+
+				- [1-4]
+
+			- imgv2
+
+			- imgv2-\d:
+
+				- [1-4]
+
+			- imgv2-\d-f:
 
+				-[12]
 
-	<rule from="^http://(?:www\.)?scribd\.com/"
-		to="https://www.scribd.com/" />
+			- s\d:
 
-	<rule from="^http://fonts\d?\.scribd(?:assets)?\.com/"
-		to="https://fonts.scribd.com/" />
+				- [5-8]
 
-	<rule from="^http://html(?:img)?\d?\.scribd(?:assets)?\.com/"
-		to="https://s3.amazonaws.com/html.scribd.com/" />
+			- s\d-f:
 
-	<rule from="^http://htmlcdn\.scribd\.com/"
-		to="https://htmlcdn.scribd.com/" />
+				- [12]
 
-	<rule from="^http://s\d?\.scribd(?:assets)?\.com/"
-		to="https://origin-s.scribd.com/" />
 
-	<rule from="^https?://sprited-images\.scribd\.com/"
-		to="https://s3.amazonaws.com/sprited-images.scribd.com/" />
+	Insecure cookies are set for these domains:
 
-	<rule from="^https?://support\.scribd\.com/(generated|system)/"
-		to="https://assets.zendesk.com/$1/" />
+		- .scribd.com
+		- .scribdassets.com
 
-</ruleset>
\ No newline at end of file
+-->
+<ruleset name="Scribd.com (partial)">
+
+	<target host="scribd.com" />
+	<target host="*.scribd.com" />
+    <test url="http://viewer.scribd.com/" />
+    <test url="http://sk.scribd.com/" />
+    <test url="http://sl.scribd.com/" />
+
+	<target host="*.scribdassets.com" />
+    <test url="http://support.scribdassets.com/" />
+    <test url="http://shop.scribdassets.com/" />
+    <test url="http://article-imgs.scribdassets.com/" />
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.scribd\.com$" name="^(_scribd_session|scribd_ubtc)$" /-->
+	<securecookie host="^\.scribdassets\.com$" name="^scribd_ubtc$" />
+
+  <rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Scribit.xml b/src/chrome/content/rules/Scribit.xml
index 5621fd5d1a7c..9ebde663badb 100644
--- a/src/chrome/content/rules/Scribit.xml
+++ b/src/chrome/content/rules/Scribit.xml
@@ -9,13 +9,13 @@
 
 
 	<!--	Fail!	-->
-	<rule from="^https?://(?:www\.)?scribit\.com/app$"
+	<rule from="^http://(?:www\.)?scribit\.com/app$"
 		to="https://www.scribit.com/app/" />
 
 	<!--	- !www times out
 		- Many paths 302 to http
 					-->
-	<rule from="^https?://(?:www\.)?scribit\.com/app/"
+	<rule from="^http://(?:www\.)?scribit\.com/app/"
 		to="https://www.scribit.com/app/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Scribol.xml b/src/chrome/content/rules/Scribol.xml
deleted file mode 100644
index 76b8e6167325..000000000000
--- a/src/chrome/content/rules/Scribol.xml
+++ /dev/null
@@ -1,32 +0,0 @@
-<!--
-	CDN buckets:
-
-		- d19zu6w56v1jx5.cloudfront.net
-
-		- d25h0msi7seflc.cloudfront.net
-
-			- static.scribol.com
-
-		- dmgyobx0feqxw.cloudfront.net
-
-			- images.scribol.com
-
-
-	Nonfunctional subdomains:
-
-		- (www.)
-		- u
-
--->
-<ruleset name="Scribol (partial)">
-
-	<target host="*.scribol.com" />
-
-
-	<rule from="^https?://images\.scribol\.com/"
-		to="https://dmgyobx0feqxw.cloudfront.net/" />
-
-	<rule from="^https?://static\.scribol\.com/"
-		to="https://d25h0msi7seflc.cloudfront.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Scribus.net.xml b/src/chrome/content/rules/Scribus.net.xml
new file mode 100644
index 000000000000..17996ddc5ae5
--- /dev/null
+++ b/src/chrome/content/rules/Scribus.net.xml
@@ -0,0 +1,40 @@
+<!--
+	Invalid certificate:
+		forums.scribus.net
+
+	Refused:
+		lists.scribus.net
+
+	Different content http/https:
+		debian.scribus.net
+		docs.scribus.net
+		lgm.scribus.net
+		upgrade.scribus.net
+
+-->
+<ruleset name="Scribus.net">
+
+	<target host="scribus.net" />
+	<target host="www.scribus.net" />
+	<target host="aqua.scribus.net" />
+	<target host="bugs.scribus.net" />
+	<target host="docs.scribus.net" />
+	<target host="documentation.scribus.net" />
+	<target host="rants.scribus.net" />
+	<target host="services.scribus.net" />
+	<target host="test.scribus.net" />
+	<target host="wiki.scribus.net" />
+	<target host="www1.scribus.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://docs\.scribus\.net/"
+		to="https://wiki.scribus.net/canvas/Help:TOC" />
+
+	<rule from="^http://documentation\.scribus\.net/"
+		to="https://wiki.scribus.net/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Scribus.xml b/src/chrome/content/rules/Scribus.xml
deleted file mode 100644
index d9f36ce06ab2..000000000000
--- a/src/chrome/content/rules/Scribus.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<ruleset name="Scribus" default_off="self-signed">
-
-	<target host="scribus.net" />
-	<target host="*.scribus.net" />
-		<exclusion pattern="^http://lists\."/>
-
-	<securecookie host=".*\.scribus\.net$" name=".*"/>
-
-	<rule from="^http://scribus\.net/"
-		to="https://www.scribus.net/" />
-
-	<rule from="^http://(\w+)\.scribus\.net/"
-		to="https://$1.scribus.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Scripps_Newspapers.com.xml b/src/chrome/content/rules/Scripps_Newspapers.com.xml
deleted file mode 100644
index 65671ab58581..000000000000
--- a/src/chrome/content/rules/Scripps_Newspapers.com.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	CDN buckets:
-
-		- media.scrippsnewspapers.com.edgesuite.net
-
-			- a702.g.akamai.net
-
--->
-<ruleset name="Scripps Newspapers.com">
-
-	<target host="media.scrippsnewspapers.com" />
-
-
-	<rule from="^http://media\.scrippsnewspapers\.com/"
-		to="https://a248.e.akamai.net/f/702/4449/8/media.scrippsnewspapers.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Scripps_Research_Institute.xml b/src/chrome/content/rules/Scripps_Research_Institute.xml
index e3e5b3e1bc59..7fc971b84976 100644
--- a/src/chrome/content/rules/Scripps_Research_Institute.xml
+++ b/src/chrome/content/rules/Scripps_Research_Institute.xml
@@ -1,10 +1,39 @@
+<!--
+
+	Problematic hosts in *scripps.edu:
+
+		- admissions (certificate chain)
+		- aging (redirects to http)
+		- arc (redirects to http)
+		- auditorium (redirects to http)
+		- autofill (faulty https)
+		- baldwin (mismatch)
+		- biobranch (mismatch)
+		- cmpd (self-signed)
+		- cmsdev (different content)
+		- education (certificate chain)
+		- genomics (certificate chain)
+		- glycomics (redirects to http)
+		- gpcr (self-signed)
+		- hr (redirects to http)
+		- iam (redirects to http)
+		- internships (certificate chain)
+
+-->
 <ruleset name="Scripps Research Institute">
 
 	<target host="scripps.edu" />
+	<target host="bigdaddy.scripps.edu" />
+	<target host="careers.scripps.edu" />
+	<target host="coi.scripps.edu" />
+	<target host="eo.scripps.edu" />
+	<target host="hive.scripps.edu" />
+	<target host="imetlin.scripps.edu" />
+	<target host="isometlin.scripps.edu" />
+	<target host="vpn.scripps.edu" />
 	<target host="www.scripps.edu" />
 
+	<rule from="^http:"
+		to="https:" />
 
-	<rule from="^http://(admissions\.|education\.|vpn\.|www\.)?scripps\.edu/"
-		to="https://$1scripps.edu/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Scrippsing.com.xml b/src/chrome/content/rules/Scrippsing.com.xml
deleted file mode 100644
index b4e6709ce4c2..000000000000
--- a/src/chrome/content/rules/Scrippsing.com.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<!--
-	For other E. W. Scripps Company coverage, see EW-Scripps-Company.xml.
-
--->
-<ruleset name="scrippsing.com (partial)">
-
-	<target host="push.scrippsing.com"/>
-
-
-	<rule from="^http://push\.scrippsing\.com/"
-		to="https://push.scrippsing.com/"/>
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/ScriptSource.xml b/src/chrome/content/rules/ScriptSource.xml
index 4a9459d67b6d..bf18d2e4d22d 100644
--- a/src/chrome/content/rules/ScriptSource.xml
+++ b/src/chrome/content/rules/ScriptSource.xml
@@ -13,4 +13,4 @@
 	<rule from="^http://(www\.)?scriptsource\.org/cms/(assets/|local/|scripts/(?:page\.php\?item_id=(?:login_page|registration_form)|render_graphic\.php)|sites/)"
 		to="https://$1scriptsource.org/cms/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Scriptfodder.com.xml b/src/chrome/content/rules/Scriptfodder.com.xml
new file mode 100644
index 000000000000..23710f7e831a
--- /dev/null
+++ b/src/chrome/content/rules/Scriptfodder.com.xml
@@ -0,0 +1,17 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://media.scriptfodder.com/ => https://media.scriptfodder.com/: (6, 'Could not resolve host: media.scriptfodder.com')
+
+-->
+<ruleset name="ScriptFodder" default_off="failed ruleset test">
+  <target host="scriptfodder.com" />
+  <target host="www.scriptfodder.com" />
+  <target host="cdn.scriptfodder.com" />
+  <target host="media.scriptfodder.com" />
+
+  <test url="http://cdn.scriptfodder.com/assets/favicon.ico" />
+
+  <rule from="^http://cdn\.scriptfodder\.com/" to="https://scriptfodder.com/" />
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Scripting-News.xml b/src/chrome/content/rules/Scripting-News.xml
deleted file mode 100644
index 2bf783be4ad6..000000000000
--- a/src/chrome/content/rules/Scripting-News.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)	(times out)
-
--->
-<ruleset name="Scripting News (partial)">
-
-	<target host="static.scripting.com" />
-
-
-	<rule from="^https?://static\.scripting\.com/"
-		to="https://s3.amazonaws.com/static.scripting.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Scriptlogic.xml b/src/chrome/content/rules/Scriptlogic.xml
index 8d4a6fd1c69d..8c1b1adce5fa 100644
--- a/src/chrome/content/rules/Scriptlogic.xml
+++ b/src/chrome/content/rules/Scriptlogic.xml
@@ -1,20 +1,16 @@
 <!--
-	scriptlogiccorp.d2.sc.omtrdc.net/b/ss/slcproduction/
+	For other Dell coverage, see Dell.xml.
 
--->
-<ruleset name="Scriptlogic">
 
-	<target host="scriptlogic.com" />
-	<target host="*.scriptlogic.com" />
-	<!--	* for cross-domain cookie.	-->
-	<target host="*.scriptlogiccorp.d2.sc.omtrdc.net" />
+	(www.)?scriptlogic.com: 404
 
+-->
+<ruleset name="Scriptlogic.com (partial)">
 
-	<securecookie host="^(.*\.)?scriptlogic\.com$" name=".*" />
-	<securecookie host="^\.scriptlogiccorp\.d2\.sc\.omtrdc\.net$" name=".*" />
+	<target host="cdn.scriptlogic.com" />
 
 
-	<rule from="^http://(cdn\.|www\.)?scriptlogic\.com/"
-		to="https://$1scriptlogic.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Scriptmp3.com.xml b/src/chrome/content/rules/Scriptmp3.com.xml
deleted file mode 100644
index 2203dde761b8..000000000000
--- a/src/chrome/content/rules/Scriptmp3.com.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	CN: Parallels Panel
-
--->
-<ruleset name="scriptmp3.com" default_off="self-signed">
-
-	<target host="scriptmp3.com" />
-	<target host="www.scriptmp3.com" />
-
-
-	<rule from="^http://(?:www\.)?scriptmp3\.com/"
-		to="https://scriptmp3.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Scriptura_Engage.com.xml b/src/chrome/content/rules/Scriptura_Engage.com.xml
new file mode 100644
index 000000000000..2fe1c684d92e
--- /dev/null
+++ b/src/chrome/content/rules/Scriptura_Engage.com.xml
@@ -0,0 +1,29 @@
+<!--
+	For other Inventive Designers coverage, see Inventive_Designers.com.
+
+
+	Insecure cookies are set for these hosts:
+
+		- scripturaengage.com
+		- www.scripturaengage.com
+
+-->
+<ruleset name="Scriptura Engage.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="scripturaengage.com" />
+	<target host="www.scripturaengage.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?scripturaengage\.com$" name="^AWSELB$" /-->
+
+	<securecookie host="^(?:www\.)?scripturaengage\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Scruss.com.xml b/src/chrome/content/rules/Scruss.com.xml
new file mode 100644
index 000000000000..04731078a623
--- /dev/null
+++ b/src/chrome/content/rules/Scruss.com.xml
@@ -0,0 +1,12 @@
+<!--
+	SSL protocol error:
+		- uncle.scruss.com
+		- wind.scruss.com
+-->
+
+<ruleset name="Scruss.com">
+	<target host="scruss.com" />
+	<target host="www.scruss.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Scsstatic.ch.xml b/src/chrome/content/rules/Scsstatic.ch.xml
deleted file mode 100644
index 2940f7a73e41..000000000000
--- a/src/chrome/content/rules/Scsstatic.ch.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	For other Swisscom coverage, see Swisscom.ch.xml.
-
-
-	^scsstatic.ch does not exist
-
-
-	Fully covered subdomains:
-
-		- www.res[12]
-		- www
-
--->
-<ruleset name="scsstatic.ch">
-
-	<target host="*.scsstatic.ch" />
-
-
-	<rule from="^http://www\.(res[12]\.)?scsstatic\.ch/"
-		to="https://www.$1scsstatic.ch/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Scubbly.xml b/src/chrome/content/rules/Scubbly.xml
index e646ebfe373b..3a9b2b396325 100644
--- a/src/chrome/content/rules/Scubbly.xml
+++ b/src/chrome/content/rules/Scubbly.xml
@@ -16,4 +16,4 @@
 	<rule from="^http://(www\.)?scubbly\.com/(bot-trap|css|images|js)/"
 		to="https://$1scubbly.com/$2/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Sculpteo.com.xml b/src/chrome/content/rules/Sculpteo.com.xml
index 891114dacf52..520bd3dd3eae 100644
--- a/src/chrome/content/rules/Sculpteo.com.xml
+++ b/src/chrome/content/rules/Sculpteo.com.xml
@@ -16,7 +16,9 @@
 <ruleset name="Sculpteo.com (partial)">
 
 	<target host="sculpteo.com" />
-	<target host="*.sculpteo.com" />
+	<target host="www.sculpteo.com" />
+	<target host="3dpcase.sculpteo.com" />
+	<target host="pro.sculpteo.com" />
 		<exclusion pattern="^http://(?:3dpcase\.|pro\.|www\.)?sculpteo\.com/(?!\w\w/(?:account|jsi18n|jsurl)/|favicon\.ico|media/|static/|terms_\w\w(?:$|[?/]))" />
 
 
@@ -26,7 +28,6 @@
 	<rule from="^http://(?:www\.)?sculpteo\.com/"
 		to="https://www.sculpteo.com/" />
 
-	<rule from="^http://(3dpcase|pro)\.sculpteo\.com/"
-		to="https://$1.sculpteo.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ScummVM.org.xml b/src/chrome/content/rules/ScummVM.org.xml
new file mode 100644
index 000000000000..95a84ad20268
--- /dev/null
+++ b/src/chrome/content/rules/ScummVM.org.xml
@@ -0,0 +1,17 @@
+<!--
+	Subdomains without HTTPS support:
+
+		- bugs
+		- buildbot
+		- doxygen
+		- forums
+		- logs
+		- planet
+		- wiki
+-->
+<ruleset name="ScummVM.org">
+	<target host="scummvm.org" />
+	<target host="www.scummvm.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Scuttlebot.io.xml b/src/chrome/content/rules/Scuttlebot.io.xml
new file mode 100644
index 000000000000..9ca0c8c44805
--- /dev/null
+++ b/src/chrome/content/rules/Scuttlebot.io.xml
@@ -0,0 +1,17 @@
+<!--
+	Invalid certificate:
+		www.scuttlebot.io
+		docs.scuttlebot.io
+
+	No working URL known:
+		viewer.scuttlebot.io (502)
+
+-->
+<ruleset name="Scuttlebot.io">
+
+	<target host="scuttlebot.io" />
+	<target host="git.scuttlebot.io" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Scutwork.com.xml b/src/chrome/content/rules/Scutwork.com.xml
new file mode 100644
index 000000000000..6c2e7905c406
--- /dev/null
+++ b/src/chrome/content/rules/Scutwork.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="Scutwork.com">
+	<target host="scutwork.com" />
+	<target host="www.scutwork.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Sdilej.cz.xml b/src/chrome/content/rules/Sdilej.cz.xml
new file mode 100644
index 000000000000..d1fde299835b
--- /dev/null
+++ b/src/chrome/content/rules/Sdilej.cz.xml
@@ -0,0 +1,7 @@
+<ruleset name="Sdilej.cz">
+    <target host="sdilej.cz" />
+    <target host="www.sdilej.cz" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Sdlcdn.com.xml b/src/chrome/content/rules/Sdlcdn.com.xml
new file mode 100644
index 000000000000..9935abbf0f42
--- /dev/null
+++ b/src/chrome/content/rules/Sdlcdn.com.xml
@@ -0,0 +1,15 @@
+<!--
+	For other Snapdeal coverage, see Snapdeal.com.xml.
+
+-->
+<ruleset name="Sdlcdn.com">
+
+	<target host="i1.sdlcdn.com" />
+	<target host="i2.sdlcdn.com" />
+	<target host="i3.sdlcdn.com" />
+	<target host="i4.sdlcdn.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Sdm.ru.xml b/src/chrome/content/rules/Sdm.ru.xml
new file mode 100644
index 000000000000..896949b980f3
--- /dev/null
+++ b/src/chrome/content/rules/Sdm.ru.xml
@@ -0,0 +1,20 @@
+<!--
+sdm.ru ⁷
+www.sdm.ru ⁷
+3dst.sdm.ru ⁴
+md.sdm.ru/: (35, 'error:14092105:SSL routines:ssl3_get_server_hello:wrong cipher returned')
+sgoldgwosn1.sdm.ru ⁴
+
+
+⁴ self signed
+⁷ protocol error
+-->
+<ruleset name="sdm.ru (partial)">
+	<target host="3ds.sdm.ru" />
+	<target host="3dsdemo.sdm.ru" />
+	<target host="bfm.sdm.ru" />
+	<target host="p2p.sdm.ru" />
+	<target host="retail.sdm.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SeL4.systems.xml b/src/chrome/content/rules/SeL4.systems.xml
new file mode 100644
index 000000000000..453ce38a7f5d
--- /dev/null
+++ b/src/chrome/content/rules/SeL4.systems.xml
@@ -0,0 +1,9 @@
+<ruleset name="seL4.systems">
+
+	<target host="sel4.systems" />
+	<target host="www.sel4.systems" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SeaShepherd.org.xml b/src/chrome/content/rules/SeaShepherd.org.xml
new file mode 100644
index 000000000000..d9274696a7c2
--- /dev/null
+++ b/src/chrome/content/rules/SeaShepherd.org.xml
@@ -0,0 +1,51 @@
+<!--
+	Invalid certificate:
+		help.seashepherd.org
+		media.seashepherd.org
+		team.seashepherd.org
+
+-->
+<ruleset name="Sea Shepherd (partial)">
+
+	<target host="seashepherd.org" />
+	<target host="www.seashepherd.org" />
+	<target host="shop.seashepherd.org" />
+
+		<!-- Some pages redirect to http -->
+		<exclusion pattern="^http://(www\.)?seashepherd.org/$" />
+
+		<!--
+		<test url="http://www.seashepherd.org/support-us/mobile-giving.html" />
+		<test url="http://www.seashepherd.org/chapters/chapters.html" />
+		-->
+
+		<!-- Mixed content from fonts.gstatic.com -->
+		<!--
+		<test url="http://www.seashepherd.org/galapagos/" />
+		-->
+
+		<!-- Resources can be secured -->
+		<test url="http://www.seashepherd.org/components/com_layer_slider/base/static/layerslider/skins/v5/skin.png" />
+		<test url="http://www.seashepherd.org/images/chapters/chapters-US-map-pin-black-01.png" />
+		<test url="http://www.seashepherd.org/images/footer/footer-background-01-1700x190.jpg" />
+		<test url="http://www.seashepherd.org/images/icons/icon-email-envelope-01-18x14.png" />
+		<test url="http://www.seashepherd.org/images/home-feature/home-feature-block-DAC-850x420.jpg" />
+		<test url="http://www.seashepherd.org/images/home-slider/2017-07-25-Operation-Virus-Hunter-launch-01-1700x700.jpg" />
+		<test url="http://www.seashepherd.org/images/logos/logo-Jolly-Roger-white-on-black-thick-300x.png" />
+		<test url="http://www.seashepherd.org/media/plg_jchoptimize/assets/gz/0/c3497033dd82d11c72520a32e0a06c70.js" />
+		<test url="http://www.seashepherd.org/modules/mod_universal_ajaxlivesearch/cache/133/7f95669ae644089e876efb94174bfb98.png" />
+		<test url="http://www.seashepherd.org/modules/mod_universal_ajaxlivesearch/themes/elegant/images/search_button/magnifier_strong_mid.png" />
+		<test url="http://www.seashepherd.org/modules/mod_yt_jlex/assets/js/script.js" />
+		<test url="http://www.seashepherd.org/modules/mod_yt_jlex/assets/js/script.js?v=4.2.1" />
+		<test url="http://www.seashepherd.org/plugins/system/equalheights/js/equalheights.js" />
+		<test url="http://www.seashepherd.org/plugins/system/maximenuckmobile/themes/default/arrow.jpg" />
+		<test url="http://www.seashepherd.org/templates/rt_cygnet/css/rt_cygnet-custom.css" />
+		<test url="http://www.seashepherd.org/templates/rt_cygnet/favicon.ico" />
+
+	<rule from="^http://(www\.)?seashepherd\.org/(components|images|media|modules|plugins|templates)/"
+		to="https://www.seashepherd.org/$2/" />
+
+	<rule from="^http://shop\.seashepherd\.org/"
+		to="https://shop.seashepherd.org/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Seacloud.xml b/src/chrome/content/rules/Seacloud.xml
deleted file mode 100644
index ba8d227f01ca..000000000000
--- a/src/chrome/content/rules/Seacloud.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="Seacloud">
-
-	<target host="seacloud.cc" />
-	<target host="www.seacloud.cc" />
-
-
-	<rule from="^http://(www\.)?seacloud\.cc/"
-		to="https://$1seacloud.cc/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Seafile-Server.de.xml b/src/chrome/content/rules/Seafile-Server.de.xml
new file mode 100644
index 000000000000..ca42d899759e
--- /dev/null
+++ b/src/chrome/content/rules/Seafile-Server.de.xml
@@ -0,0 +1,50 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://seafileserver.de/ => https://seafileserver.de/: (6, 'Could not resolve host: seafileserver.de')
+Fetch error: http://www.seafileserver.de/ => https://www.seafileserver.de/: (6, 'Could not resolve host: www.seafileserver.de')
+Fetch error: http://seafile-server.de/ => https://seafile-server.de/: (28, 'Connection timed out after 20000 milliseconds')
+
+-->
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://seafileserver.de/ => https://seafileserver.de/: (51, "SSL: no alternative certificate subject name matches target host name 'seafileserver.de'")
+Fetch error: http://www.seafileserver.de/ => https://www.seafileserver.de/: (51, "SSL: no alternative certificate subject name matches target host name 'www.seafileserver.de'")
+
+	For other Seafile coverage, see Seafile.xml.
+
+
+	Fully covered domains:
+
+		- (www.)seafileserver.de
+
+		- (www.)seafile-server.de
+		- demo.seafile-server.de
+		- shop.seafile-server.de
+		- wiki.seafile-server.de
+
+-->
+<ruleset name="Seafile-Server.de" default_off="failed ruleset test">
+
+	<target host="seafileserver.de" />
+	<target host="www.seafileserver.de" />
+	<target host="seafile-server.de" />
+	<target host="demo.seafile-server.de" />
+	<target host="shop.seafile-server.de" />
+	<target host="wiki.seafile-server.de" />
+	<target host="www.seafile-server.de" />
+
+
+	<!--securecookie host="^(www\.)?seafile-?server\.de$" name="^wfvt_\d+$" /-->
+	<!--securecookie host="^demo\.seafile-server\.de$" name="^(csrftoken|sessionid)$" /-->
+	<!--securecookie host="^shop\.seafile-server\.de$" name="^session-1$" /-->
+	<!--securecookie host="^wiki\.seafile-server\.de$" name="^DokuWiki$" /-->
+
+	<securecookie host="^(?:www\.)?seafileserver\.de$" name=".+" />
+	<securecookie host="^(?:(?:demo|shop|wiki|www)\.)?seafile-server\.de$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Seafile.xml b/src/chrome/content/rules/Seafile.xml
index 093ab2df1622..27e1972e1960 100644
--- a/src/chrome/content/rules/Seafile.xml
+++ b/src/chrome/content/rules/Seafile.xml
@@ -1,10 +1,19 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cloud.seafile.com/ => https://cloud.seafile.com/: (51, "SSL: no alternative certificate subject name matches target host name 'cloud.seafile.com'")
+
+	Other Seafile rulesets:
+
+		- Seafile-Server.de.xml
+
+
 	Nonfunctional subdomains:
 
 		- (www.)	(shows seacloud.cc; mismatched, CN: cloud.seafile.com)
 
 -->
-<ruleset name="Seafile (partial)">
+<ruleset name="Seafile (partial)" default_off="failed ruleset test">
 
 	<target host="cloud.seafile.com" />
 
@@ -12,7 +21,6 @@
 	<securecookie host="^cloud\.seafile\.com$" name=".+" />
 
 
-	<rule from="^http://cloud\.seafile\.com/"
-		to="https://cloud.seafile.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Seagate.com.xml b/src/chrome/content/rules/Seagate.com.xml
index 6cf719078e17..4b304d7d4cdd 100644
--- a/src/chrome/content/rules/Seagate.com.xml
+++ b/src/chrome/content/rules/Seagate.com.xml
@@ -1,4 +1,16 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://jobs.seagate.com/ => https://jobs.seagate.com/: Too many redirects while fetching 'https://jobs.seagate.com/'
+Fetch error: http://services.seagate.com/ => https://services.seagate.com/: (6, 'Could not resolve host: services.seagate.com')
+Fetch error: http://store.seagate.com/ => https://store.seagate.com/: (51, "SSL: no alternative certificate subject name matches target host name 'store.seagate.com'")
+Fetch error: http://wwwlacie.seagate.com/ => https://wwwlacie.seagate.com/: (6, 'Could not resolve host: wwwlacie.seagate.com')
+
+	Other Seagate rulesets:
+
+		- Xyratex.com.xml
+
+
 	CDN buckets:
 
 		- seagatewtb.force.com
@@ -8,17 +20,17 @@
 			- wheretobuy
 
 		- stx.lithium.com
-
-			- forums
-
 		- seagate.my.salesforce.com
 
 
 	Nonfunctional subdomains:
 
+		- annualreport ¹
+		- blog *
 		- freeagent *
 		- samsunghdd *
 
+	¹ Redirects to http
 	* Refused
 
 
@@ -26,7 +38,8 @@
 
 		- ^		(mismatched, CN: www.seagate.com)
 		- drive		(works; mismatched, CN: secure.eloqua.com)
-		- forums	(refused)
+		- community *
+		- forums	(redirects to http)
 		- knowledge *
 		- support2 *
 		- wheretobuy *
@@ -34,49 +47,162 @@
 	* Nismatched, CN: slotmatching4.salesforce.com
 
 
-	Partially covered subdomains:
+	These altnames don't exist:
 
-		- (www.) *	(^ → www)
-		- knowledge **
-		- shop *
-		- support2 **
-		- origin-www *
+		- login.okla.seagate.com
+		- www.okla.seagate.com
+		- wwwlacie1.okla.seagate.com
+		- wwwlacie2.okla.seagate.com
 
-	* Some pages redirect to http
-	** → seagatewtb.secure.force.com, $ differs from seagatewtb
 
+	Insecure cookies are set for these domains and hosts:
 
-	Fully covered subdomains:
-
-		- direct
-		- forums	(→ stx.i.lithium.com)
-		- services
-		- store
-		- wheretobuy	(→ seagatewtb.secure.force.com)
+		- .seagate.com
+		- partnerreg.seagate.com
+		- shop.seagate.com
+		- wwwlacie.seagate.com
 
 -->
-<ruleset name="Seagate.com (partial)">
-
+<ruleset name="Seagate.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="apps1.seagate.com" />
+	<target host="direct.seagate.com" />
+	<target host="gro.seagate.com" />
+	<target host="is.seagate.com" />
+	<target host="jobs.seagate.com" />
+	<target host="myportal.seagate.com" />
+	<target host="newstuff.seagate.com" />
+	<target host="origin-www.seagate.com" />
+	<target host="partnerreg.seagate.com" />
+	<target host="reliability.seagate.com" />
+	<target host="reseller.seagate.com" />
+	<target host="rss.seagate.com" />
+	<target host="sata.seagate.com" />
+	<target host="services.seagate.com" />
+	<target host="shop.seagate.com" />
+	<target host="spp.seagate.com" />
+	<target host="sso.seagate.com" />
+	<target host="store.seagate.com" />
+	<target host="www.seagate.com" />
+	<target host="wwwlacie.seagate.com" />
+
+	<!--	Complications:
+				-->
 	<target host="seagate.com" />
-	<target host="*.seagate.com" />
-		<exclusion pattern="^http://(?:origin-www\.|www\.)?seagate\.com/(?!files/|javascript/|ww/)" />
-		<exclusion pattern="^http://(?:knowledge|support2)\.seagate\.com/(?!faces/|jslibrary/|resource/|sCSS/|s\.gif|static/)" />
-		<exclusion pattern="^http://shop\.seagate\.com/(?!store/sgateus/DisplayPage/id\.DRCartSummaryJSONPage/output\.json/)" />
-
-
-	<securecookie host="^(?:apps1|partnerreg|services)\.seagate\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?seagate\.com/"
+	<!--target host="community.seagate.com" /-->
+	<!--target host="forums.seagate.com" /-->
+	<target host="knowledge.seagate.com" />
+	<target host="support2.seagate.com" />
+	<target host="wheretobuy.seagate.com" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://(?:gro|newstuff|origin-www|reliability|rss|sata|www)\.seagate\.com/(?:$|consumer-login/$)" /-->
+		<!--exclusion pattern="^http://annualreport\.seagate\.com/$" /-->
+		<!--exclusion pattern="^http://www\.seagate\.com/www-content/forms/(?:opt-in-xyratex|slide-out-opt-in)/_shared/" /-->
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="^http://(?:gro|newstuff|origin-www|reliability|rss|sata|www)\.seagate\.com/+(?!files/|javascript/|sites/|ww/)" /-->
+		<!--
+			https://github.com/EFForg/https-everywhere/issues/3860
+
+			Breaks scripted search:
+						-->
+		<!--exclusion pattern="^http://www\.seagate\.com/ww/universal/display-views/DV166-serial-number-transaction\.jsp" /-->
+		<!--
+			...more conservatively:
+						-->
+		<!--exclusion pattern="^http://www\.seagate\.com/ww/universal/(?!css/|images/)" /-->
+		<!--
+			In sum:
+				-->
+		<exclusion pattern="^http://(?:gro|newstuff|origin-www|reliability|rss|sata|www)\.seagate\.com/+(?!files/|javascript/|sites/|ww/+(?!universal/+(?!css/images/)))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://gro.seagate.com/consumer-login/" />
+			<test url="http://newstuff.seagate.com/consumer-login/" />
+			<test url="http://newstuff.seagate.com/support" />
+			<test url="http://newstuff.seagate.com/support/downloads" />
+			<test url="http://origin-www.seagate.com/consumer-login/" />
+			<test url="http://reliability.seagate.com/consumer-login/" />
+			<test url="http://rss.seagate.com/consumer-login/" />
+			<test url="http://sata.seagate.com/consumer-login/" />
+			<test url="http://www.seagate.com/articles/" />
+			<test url="http://www.seagate.com/consumer-login/" />
+			<test url="http://www.seagate.com/contacts/" />
+			<test url="http://www.seagate.com/investors/" />
+			<test url="http://www.seagate.com/store/" />
+			<test url="http://www.seagate.com/support/by-topic/downloads/" />
+			<test url="http://www.seagate.com/ww/universal/display-views/DV166-serial-number-transaction.jsp?sn=9VS2JACC&amp;langId=en_US&amp;callType=post" />
+			<test url="http://www.seagate.com/www-content/forms/opt-in-xyratex/_shared/xyratex_optin.css" />
+			<test url="http://www.seagate.com/www-content/forms/slide-out-opt-in/_shared/images/modal-btn-close.png" />
+
+			<!--	-ve:
+					-->
+			<test url="http://gro.seagate.com/files/www-content/homepage/homepage_2014/_shared/images/home-tile-4.jpg" />
+			<test url="http://gro.seagate.com/sites/styles/vgn-ext-templating-delivery.css" />
+			<test url="http://gro.seagate.com/ww/universal/images/stx-staticlogo-drk-nopad-150x36.png" />
+			<test url="http://newstuff.seagate.com/files/www-content/homepage/homepage_2014/_shared/images/home-tile-4.jpg" />
+			<test url="http://newstuff.seagate.com/sites/styles/vgn-ext-templating-delivery.css" />
+			<test url="http://newstuff.seagate.com/ww/universal/images/stx-staticlogo-drk-nopad-150x36.png" />
+			<test url="http://origin-www.seagate.com/ww/universal/css/stx-bootstrap-legacy-header-footer.css?v=" />
+			<test url="http://reliability.seagate.com/files/www-content/homepage/homepage_2014/_shared/images/home-tile-4.jpg" />
+			<test url="http://reliability.seagate.com/sites/styles/vgn-ext-templating-delivery.css" />
+			<test url="http://reliability.seagate.com/ww/universal/images/stx-staticlogo-drk-nopad-150x36.png" />
+			<test url="http://rss.seagate.com/files/www-content/homepage/homepage_2014/_shared/images/home-tile-4.jpg" />
+			<test url="http://rss.seagate.com/sites/styles/vgn-ext-templating-delivery.css" />
+			<test url="http://rss.seagate.com/ww/universal/images/stx-staticlogo-drk-nopad-150x36.png" />
+			<test url="http://sata.seagate.com/files/www-content/homepage/homepage_2014/_shared/images/home-tile-4.jpg" />
+			<test url="http://sata.seagate.com/sites/styles/vgn-ext-templating-delivery.css" />
+			<test url="http://sata.seagate.com/ww/universal/images/stx-staticlogo-drk-nopad-150x36.png" />
+			<test url="http://www.seagate.com/files/www-content/homepage/_shared/images/stx-shopTILE.jpg" />
+			<test url="http://www.seagate.com/ww/universal/images/stx-staticlogo-drk-nopad-150x36.png" />
+
+		<exclusion pattern="^http://(?:knowledge|support2)\.seagate\.com/+(?!faces/|jslibrary/|resource/|sCSS/|s\.gif|static/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://knowledge.seagate.com/articles/en_US/FAQ/196315en" />
+			<test url="http://knowledge.seagate.com/articles/en_US/FAQ/207691en" />
+			<test url="http://knowledge.seagate.com/consumer-login/" />
+			<test url="http://knowledge.seagate.com/partners/" />
+			<test url="http://support2.seagate.com/consumer-login/" />
+			<test url="http://support2.seagate.com/partners/" />
+
+			<!--	-ve:
+					-->
+			<test url="http://knowledge.seagate.com/s.gif" />
+			<test url="http://support2.seagate.com/img/bgButton.gif" />
+			<test url="http://support2.seagate.com/s.gif" />
+			<test url="http://support2.seagate.com/sCSS/34.0/sprites/1438195776000/Theme3/default/base/elements.css" />
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.seagate\.com$" name="^(?:CFTOKEN|ecommLocaleCookie|ecommSessionCookie|permanentLocaleCookie|stxEdgescape|userSelectedLocaleCookie)$" /-->
+	<!--securecookie host="^partnerreg\.seagate\.com$" name="^JSESSIONID$" /-->
+	<!--securecookie host="^shop\.seagate\.com$" name="^(?:JSESSIONID|VISITOR_ID|X-DR-CURRENCY|X-DR-LOCALE|X-DR-THEME)$" /-->
+	<!--securecookie host="^wwwlacie\.seagate\.com$" name="(?:CFID|CFTOKEN|ROUTEID|wwwlacie_prod)$" /-->
+
+	<securecookie host="^(?:apps1|partnerreg|services|shop|wwwlacie)\.seagate\.com$" name=".+" />
+
+
+	<rule from="^http://seagate\.com/"
 		to="https://www.seagate.com/" />
 
-	<rule from="^http://(apps1|direct|origin-www|partnerreg|reseller|services|shop|spp|sso|store)\.seagate\.com/"
-		to="https://$1.seagate.com/" />
+	<!--rule from="^http://community\.seagate\.com/"
+		to="https://???.secure.force.com/" /-->
 
-	<rule from="^http://forums\.seagate\.com/"
-		to="https://stx.i.lithium.com/" />
+	<!--rule from="^http://forums\.seagate\.com/"
+		to="https://???.secure.force.com/" /-->
 
 	<rule from="^http://(?:knowledge|support2|wheretobuy)\.seagate\.com/"
 		to="https://seagatewtb.secure.force.com/" />
 
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/Sealed_Abstract.com.xml b/src/chrome/content/rules/Sealed_Abstract.com.xml
index dccd2d7917df..4249a3510acb 100644
--- a/src/chrome/content/rules/Sealed_Abstract.com.xml
+++ b/src/chrome/content/rules/Sealed_Abstract.com.xml
@@ -10,4 +10,4 @@
 	<rule from="^http://www\.sealedabstract\.com/[^?]*(\?.*)?"
 		to="https://sealedabstract.com/index.php$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Seals-with-Clubs.xml b/src/chrome/content/rules/Seals-with-Clubs.xml
index afb5cd2b14a1..6be45dca05bf 100644
--- a/src/chrome/content/rules/Seals-with-Clubs.xml
+++ b/src/chrome/content/rules/Seals-with-Clubs.xml
@@ -1,13 +1,15 @@
-<ruleset name="Seals with Clubs">
+<ruleset name="Seals with Clubs.eu" default_off="refused">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="sealswithclubs.eu" />
-	<target host="*.sealswithclubs.eu" />
+	<target host="www.sealswithclubs.eu" />
 
 
 	<securecookie host="^\.?sealswithclubs\.eu$" name=".+" />
 
 
-	<rule from="^http://(www\.)?sealswithclubs\.eu/"
-		to="https://$1sealswithclubs.eu/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Seamonkey-project.org.xml b/src/chrome/content/rules/Seamonkey-project.org.xml
new file mode 100644
index 000000000000..8410566912e6
--- /dev/null
+++ b/src/chrome/content/rules/Seamonkey-project.org.xml
@@ -0,0 +1,9 @@
+<ruleset name="Seamonkey-project.org">
+	<target host="seamonkey-project.org" />
+	<target host="www.seamonkey-project.org" />
+	<target host="blog.seamonkey-project.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Sean_cassidy.me.xml b/src/chrome/content/rules/Sean_cassidy.me.xml
new file mode 100644
index 000000000000..a6968ed3666d
--- /dev/null
+++ b/src/chrome/content/rules/Sean_cassidy.me.xml
@@ -0,0 +1,22 @@
+<!--
+	^seancassidy.me: Refused
+
+-->
+<ruleset name="sean cassidy.me">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.seancassidy.me" />
+
+	<!--	Complications:
+				-->
+	<target host="seancassidy.me" />
+
+
+	<rule from="^http://seancassidy\.me/"
+		to="https://www.seancassidy.me/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Seanmckaybeck.com.xml b/src/chrome/content/rules/Seanmckaybeck.com.xml
new file mode 100644
index 000000000000..e7037a6997a5
--- /dev/null
+++ b/src/chrome/content/rules/Seanmckaybeck.com.xml
@@ -0,0 +1,11 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://seanmckaybeck.com/ => https://seanmckaybeck.com/: (7, 'Failed to connect to seanmckaybeck.com port 443: Connection refused')
+
+-->
+<ruleset name="Seanmckaybeck.com" default_off="failed ruleset test">
+  <target host="seanmckaybeck.com" />
+
+  <rule from="^http://(?:www\.)?seanmckaybeck\.com/" to="https://seanmckaybeck.com/" />
+</ruleset>
diff --git a/src/chrome/content/rules/Search.ch.xml b/src/chrome/content/rules/Search.ch.xml
new file mode 100644
index 000000000000..ce5ffd4d89cc
--- /dev/null
+++ b/src/chrome/content/rules/Search.ch.xml
@@ -0,0 +1,42 @@
+<!--
+	For other Localsearch coverage, see Localsearch.ch.xml.
+
+	Mismatch:
+		- admin.ad.search.ch
+
+	Protocol relative redirect to Localsearch.ch:
+		- werbung.search.ch (mismatch on werbung.localsearch.ch)
+-->
+<ruleset name="Search.ch">
+	<target host="search.ch" />
+	<target host="www.search.ch" />
+	<target host="about.search.ch" />
+	<target host="ad.search.ch" />
+	<target host="app.search.ch" />
+	<target host="assurancesauto.search.ch" />
+	<target host="autoversicherungen.search.ch" />
+	<target host="caissesmaladie.search.ch" />
+	<target host="cine.search.ch" />
+	<target host="fahrplan.search.ch" />
+	<target host="horaire.search.ch" />
+	<target host="immo.search.ch" />
+	<target host="kino.search.ch" />
+	<target host="krankenkassen.search.ch" />
+	<target host="lib.search.ch" />
+	<target host="login.search.ch" />
+	<target host="map.search.ch" />
+	<target host="meteo.search.ch" />
+	<target host="orario.search.ch" />
+	<target host="route.search.ch" />
+	<target host="sms.search.ch" />
+	<target host="snow.search.ch" />
+	<target host="tds.search.ch" />
+	<target host="tel.search.ch" />
+	<target host="timetable.search.ch" />
+	<target host="tv.search.ch" />
+	<target host="web.search.ch" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Search_Commander.xml b/src/chrome/content/rules/Search_Commander.xml
index 4a00c2e8493a..ca7d8d9f8737 100644
--- a/src/chrome/content/rules/Search_Commander.xml
+++ b/src/chrome/content/rules/Search_Commander.xml
@@ -1,13 +1,12 @@
 <ruleset name="Search Commander">
 
 	<target host="searchcommander.com" />
-	<target host="*.searchcommander.com" />
+	<target host="www.searchcommander.com" />
 
 
 	<securecookie host="^\.searchcommander.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?searchcommander\.com/"
-		to="https://$1searchcommander.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Searchcode.com.xml b/src/chrome/content/rules/Searchcode.com.xml
new file mode 100644
index 000000000000..222cb8d78f95
--- /dev/null
+++ b/src/chrome/content/rules/Searchcode.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="searchcode.com">
+
+	<target host="searchcode.com" />
+	<target host="www.searchcode.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Searchmarketing.com.xml b/src/chrome/content/rules/Searchmarketing.com.xml
deleted file mode 100644
index 70e174a37ed9..000000000000
--- a/src/chrome/content/rules/Searchmarketing.com.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="searchmarketing.com">
-
-	<target host="*.searchmarketing.com" />
-
-
-	<securecookie host="^(?:tracking)?\.searchmarketing\.com$" name=".+" />
-
-
-	<rule from="^http://tracking\.searchmarketing\.com/"
-		to="https://tracking.searchmarketing.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Sears.com.xml b/src/chrome/content/rules/Sears.com.xml
new file mode 100644
index 000000000000..ab46c9424edc
--- /dev/null
+++ b/src/chrome/content/rules/Sears.com.xml
@@ -0,0 +1,54 @@
+<!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Fetch error: http://shop.sears.com/ => https://shop.sears.com/: (28, 'Connection timed out after 20000 milliseconds')
+
+	Other Sears Holdings rulesets:
+		- FitStudio.com.xml
+		- Kmart.com.xml
+		- Sears_Commerce_Services.com.xml
+		- Sears_Ecommerce_Jobs.com.xml
+		- SHld.net.xml
+		- Shop_Your_Way.com.xml
+		- SYW_CDN.net.xml
+
+	sears.com.d1.sc.omtrdc.net
+		- om
+
+	Problematic subdomains:
+		- ^	(cert only matches www)
+		- om	(mismatched, CN: *.d1.sc.omtrdc.net)
+
+
+	Partially covered subdomains:
+		- (www.)	(^ → www, some pages redirect to login)
+
+	Fully covered subdomains:
+		- davidtuterajewelry
+		- handbooks
+		- seller.marketplace
+		- om	(→ sears-com.d1.sc.omtrdc.net)
+		- oascentral
+		- s7
+		- ux
+
+
+	Mixed content;
+
+		- images on handbooks from c2.shld.net *
+
+	* Secured by us
+
+-->
+<ruleset name="Sears.com (partial)">
+
+	<target host="*.sears.com" />
+    <test url="http://ux.sears.com/" />
+    <test url="http://z.sears.com/" />
+    <test url="http://local.sears.com/" />
+
+	<securecookie host="^(?:\.handbooks|seller\.marketplace|oascentral)\.sears\.com$" name=".+" />
+
+  <rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Sears_Commerce_Services.com.xml b/src/chrome/content/rules/Sears_Commerce_Services.com.xml
new file mode 100644
index 000000000000..e48634ff42d3
--- /dev/null
+++ b/src/chrome/content/rules/Sears_Commerce_Services.com.xml
@@ -0,0 +1,23 @@
+<!--
+	For other Sears Holdings coverage, see Sears.com.xml.
+
+
+	Mixed content:
+
+		- Images from www *
+
+	* Secured by us
+
+-->
+<ruleset name="Sears Commerce Services.com">
+
+	<target host="searscommerceservices.com" />
+	<target host="www.searscommerceservices.com" />
+
+
+	<securecookie host="^\.searscommerceservices\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Sears_Ecommerce_Jobs.com.xml b/src/chrome/content/rules/Sears_Ecommerce_Jobs.com.xml
new file mode 100644
index 000000000000..1fba6280c618
--- /dev/null
+++ b/src/chrome/content/rules/Sears_Ecommerce_Jobs.com.xml
@@ -0,0 +1,26 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://searsecommercejobs.com/ => https://searsecommercejobs.com/: (51, "SSL: no alternative certificate subject name matches target host name 'searsecommercejobs.com'")
+Fetch error: http://www.searsecommercejobs.com/ => https://www.searsecommercejobs.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.searsecommercejobs.com'")
+
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://searsecommercejobs.com/ (200) => https://searsecommercejobs.com/ (404)
+Non-2xx HTTP code: http://www.searsecommercejobs.com/ (200) => https://www.searsecommercejobs.com/ (404)
+	For other Sears Holdings coverage, see Sears.com.xml.
+
+
+	Mixed content:
+
+		- Images from www.searslabs.com
+
+-->
+<ruleset name="Sears Ecommerce Jobs.com" default_off="failed ruleset test">
+
+	<target host="searsecommercejobs.com" />
+	<target host="www.searsecommercejobs.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Sears_Labs.com.xml b/src/chrome/content/rules/Sears_Labs.com.xml
new file mode 100644
index 000000000000..f0f051099e19
--- /dev/null
+++ b/src/chrome/content/rules/Sears_Labs.com.xml
@@ -0,0 +1,13 @@
+<!--
+	For other Sears Holdings coverage, see Sears.com.xml.
+-->
+<ruleset name="Sears Labs.com">
+
+	<target host="searslabs.com" />
+	<target host="www.searslabs.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Seasonal.ly.xml b/src/chrome/content/rules/Seasonal.ly.xml
index c8034128d448..6aafd5e5d53a 100644
--- a/src/chrome/content/rules/Seasonal.ly.xml
+++ b/src/chrome/content/rules/Seasonal.ly.xml
@@ -1,13 +1,13 @@
 <ruleset name="Seasonal.ly">
 
 	<target host="seasonal.ly" />
-	<target host="*.seasonal.ly" />
+	<target host="eat.seasonal.ly" />
+	<target host="www.seasonal.ly" />
 
 
 	<securecookie host=".*\.seasonal\.ly$" name=".+" />
 
 
-	<rule from="^http://(eat\.|www\.)?seasonal\.ly/"
-		to="https://$1seasonal.ly/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SeatGeek.com.xml b/src/chrome/content/rules/SeatGeek.com.xml
new file mode 100644
index 000000000000..7fa3f646e647
--- /dev/null
+++ b/src/chrome/content/rules/SeatGeek.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="SeatGeek.com">
+
+	<target host="seatgeek.com" />
+	<target host="www.seatgeek.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SeattleAquarium.org.xml b/src/chrome/content/rules/SeattleAquarium.org.xml
new file mode 100644
index 000000000000..a31ba8e2a3ba
--- /dev/null
+++ b/src/chrome/content/rules/SeattleAquarium.org.xml
@@ -0,0 +1,21 @@
+<!--
+	Invalid certificate:
+		- seattleaquarium.org
+		- m.seattleaquarium.org
+		- www2.seattleaquarium.org
+
+	Active mixed content:
+		- blog.seattleaquarium.org
+-->
+
+<ruleset name="Seattle Aquarium">
+	<target host="seattleaquarium.org" />
+	<target host="www.seattleaquarium.org" />
+	<target host="tickets.seattleaquarium.org" />
+
+	<securecookie host="^(www|tickets)\.seattleaquarium\.org$" name=".+" />
+
+	<rule from="^http://seattleaquarium\.org/"
+		  to="https://www.seattleaquarium.org/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SeattleIX.net.xml b/src/chrome/content/rules/SeattleIX.net.xml
index dd8c623bfb62..8931c922089d 100644
--- a/src/chrome/content/rules/SeattleIX.net.xml
+++ b/src/chrome/content/rules/SeattleIX.net.xml
@@ -15,7 +15,6 @@
 	<target host="www.seattleix.net" />
 
 
-	<rule from="^http://(www\.)?seattleix\.net/"
-		to="https://$1seattleix.net/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Seattle_Technical_Books.com.xml b/src/chrome/content/rules/Seattle_Technical_Books.com.xml
new file mode 100644
index 000000000000..8708020b35e2
--- /dev/null
+++ b/src/chrome/content/rules/Seattle_Technical_Books.com.xml
@@ -0,0 +1,38 @@
+<!--
+	Nonfunctional subdomains:
+
+		- blog *
+
+	* Dreamhost
+
+
+	^: mismatched
+
+
+	Some pages redirect to http.
+
+
+	Mixed content:
+
+		- Images, from:
+
+			- images.bizjournals.com ¹
+			- www.geekgirlcon.com ²
+			- img.photobucket.com ²
+			- www.thestranger.com ³
+
+	¹ Unsecurable <= 404
+	² Unsecurable
+	³ Secured by us
+
+-->
+<ruleset name="Seattle Technical Books.com (partial)">
+
+	<target host="seattletechnicalbooks.com" />
+	<target host="www.seattletechnicalbooks.com" />
+
+
+	<rule from="^http://(?:www\.)?seattletechnicalbooks\.com/(?=(?:cart|content/store|news|reading-comics-public-day|search/advanced_search|user)(?:$|[?/])|favicon\.ico|files/|modules/|sites/|style\.css)"
+		to="https://www.seattletechnicalbooks.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Sebastian-Siebert.de.xml b/src/chrome/content/rules/Sebastian-Siebert.de.xml
new file mode 100644
index 000000000000..44ad1afff62e
--- /dev/null
+++ b/src/chrome/content/rules/Sebastian-Siebert.de.xml
@@ -0,0 +1,23 @@
+<!--
+	Mixed content:
+
+		- Bugs, from:
+
+			- track.blogtraffic.de *
+			- www.blogtraffic.de *
+
+	* Unsecurable <= refused
+
+-->
+<ruleset name="Sebastian-Siebert.de">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="sebastian-siebert.de" />
+	<target host="www.sebastian-siebert.de" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Sebastian_Wick.net.xml b/src/chrome/content/rules/Sebastian_Wick.net.xml
new file mode 100644
index 000000000000..4987972deea3
--- /dev/null
+++ b/src/chrome/content/rules/Sebastian_Wick.net.xml
@@ -0,0 +1,24 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+			 - www.sebastianwick.net
+
+		4xx client error:
+			 - odvwiki.sebastianwick.net
+-->
+<ruleset name="Sebastian Wick.net">
+	<target host="sebastianwick.net" />
+	<target host="www.sebastianwick.net" />
+	<target host="git.sebastianwick.net" />
+	<target host="mail.sebastianwick.net" />
+	<target host="ttrss.sebastianwick.net" />
+	<target host="upload.sebastianwick.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://www\.sebastianwick\.net/"
+			to="https://sebastianwick.net/" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SecDev.ca.xml b/src/chrome/content/rules/SecDev.ca.xml
new file mode 100644
index 000000000000..7a27c21eb9c2
--- /dev/null
+++ b/src/chrome/content/rules/SecDev.ca.xml
@@ -0,0 +1,23 @@
+<!--
+	For other SecDev coverage, see SecDev.com.xml.
+
+
+	Problematic hosts in *secdev.ca:
+
+		- (www.)? *
+
+	* Server sends no certificate chain, see https://whatsmychaincert.com
+
+-->
+<ruleset name="SecDev.ca" default_off="cert-chain">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="secdev.ca" />
+	<target host="www.secdev.ca" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SecDev.com.xml b/src/chrome/content/rules/SecDev.com.xml
index 54492c9a958a..9423d82048a6 100644
--- a/src/chrome/content/rules/SecDev.com.xml
+++ b/src/chrome/content/rules/SecDev.com.xml
@@ -1,10 +1,20 @@
+<!--
+
+	Other SecDev rulesets:
+
+		- SecDev.ca.xml
+
+	Problematic hosts in *secdev.com:
+
+		- status (expired)
+
+-->
 <ruleset name="SecDev.com">
 
 	<target host="secdev.com" />
 	<target host="www.secdev.com" />
 
-
-	<rule from="^http://(www\.)?secdev\.com/"
-		to="https://$1secdev.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/SecWiki.xml b/src/chrome/content/rules/SecWiki.xml
index f6beac8444a3..3c8c881e3770 100644
--- a/src/chrome/content/rules/SecWiki.xml
+++ b/src/chrome/content/rules/SecWiki.xml
@@ -1,14 +1,10 @@
-<ruleset name="SecWiki" platform="mixedcontent">
+<ruleset name="SecWiki.org">
 
 	<target host="secwiki.org" />
 	<target host="www.secwiki.org" />
 
 
-	<securecookie host="^secwiki\.org$" name=".*" />
-
-
-	<!--	Cert doesn't match www.	-->
-	<rule from="^http://(?:www\.)?secwiki\.org/"
-		to="https://secwiki.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Secgeek.net.xml b/src/chrome/content/rules/Secgeek.net.xml
new file mode 100644
index 000000000000..c148a8dcff57
--- /dev/null
+++ b/src/chrome/content/rules/Secgeek.net.xml
@@ -0,0 +1,8 @@
+<ruleset name="secgeek.net">
+	<target host="secgeek.net" />
+	<target host="www.secgeek.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Second-Street-Media.xml b/src/chrome/content/rules/Second-Street-Media.xml
index 878f44154d69..301222c76fc1 100644
--- a/src/chrome/content/rules/Second-Street-Media.xml
+++ b/src/chrome/content/rules/Second-Street-Media.xml
@@ -1,4 +1,11 @@
 <!--
+	Other Second Street rulesets:
+
+		- EBlastEngine.com.xml
+		- Second_Street_app.com.xml
+		- Upickem.net.xml
+
+
 	Nonfunctional:
 
 		- (www.)mycapture.com
@@ -7,45 +14,50 @@
 		- files.mycapture.com
 		- photographers.mycapture.com
 		- photos.mycapture.com		(refused)
-		- (www.)secondstreet.com	(ssl_error_rx_record_too_long)
-		- files.secondstreetmedia.com	(refused)
-		- share.upickem.com		(ssl_error_rx_record_too_long)
 
+		- (www.)secondstreet.com	(Shows another domain)
+		- devssm.secondstreet.com	(Shows webb100.secondstreet.com)
+		- solutions.secondstreet.com	(Marketo)
+		- summit.secondstreet.com	("404")
 
-	c.eblastengine.com sets BIGipServerUPICKEM-WEB
-	cookie on whichever domain it is loaded from.
+		- files.secondstreetmedia.com	(refused)
 
 -->
-<ruleset name="Second Street Media">
-
-	<target host="*.eblastengine.com" />
-	<target host="*.upickem.net" />
-
-
-	<!--	Observed cookie domains:
-
-			eblastengine.com:
-
-				- affiliates
-				- c
-
-			upickem.net:
-
-				- $
-				- affiliates
-				- eblastengine
-				- ssm
-				- www
-						-->
-	<securecookie host="^.*\.eblastengine\.com$" name=".*" />
-	<securecookie host="^.*\.upickem\.net$" name=".*" />
-
-
-	<!--	c: Included on 3rd-party websites.	-->
-	<rule from="^http://(affiliates|c)\.eblastengine\.com/"
-		to="https://$1.eblastengine.com/" />
-
-	<rule from="^http://((?:affiliates|eblastengine|ssm|www)\.)?upickem\.net/"
-		to="https://$1upickem.net/" />
+<ruleset name="Second Street.com (partial)">
+
+	<!--	Complications:
+				-->
+	<target host="solutions.secondstreet.com" />
+
+		<!--exclusion pattern="^http://solutions\.secondstreet\.com/+(?!$|\?|css/|images/|rs/)" /-->
+		<exclusion pattern="^http://solutions\.secondstreet\.com/+(?!css/|images/|rs/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://solutions.secondstreet.com/Planit365SignUpPage.html" />
+			<test url="http://solutions.secondstreet.com/ecommerce-promotions-for-the-holidays.html" />
+			<test url="http://solutions.secondstreet.com/how-to-sell-halloween-contest-registration.html" />
+			<test url="http://solutions.secondstreet.com/print-can-drive-revenue-with-ballots.html" />
+			<!--test url="http://solutions.secondstreet.com/request-demo.html" /-->
+			<!--test url="http://solutions.secondstreet.com/roi-calculator-download.html" /-->
+			<!--test url="http://solutions.secondstreet.com/voters-choice-playbook.html" /-->
+
+			<!--	-ve:
+					-->
+			<test url="http://solutions.secondstreet.com/css/mktLPSupport.css" />
+			<test url="http://solutions.secondstreet.com/rs/secondstreetmedia/images/FacebookBTN.png" />
+
+
+	<!--rule from="^http://solutions\.secondstreet\.com/+(?:\?.*)?$"
+		to="https://www.secondstreet.com/" /-->
+
+		<!--test url="http://solutions.secondstreet.com/?f" /-->
+		<!--test url="http://solutions.secondstreet.com/?o" /-->
+		<!--test url="http://solutions.secondstreet.com//?o" /-->
+		<!--test url="http://solutions.secondstreet.com/?b" /-->
+		<!--test url="http://solutions.secondstreet.com/?a" /-->
+
+	<rule from="^http://solutions\.secondstreet\.com/"
+		to="https://na-abd.marketo.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/SecondMarket.com.xml b/src/chrome/content/rules/SecondMarket.com.xml
index d41ec1ef0d29..915244da49a4 100644
--- a/src/chrome/content/rules/SecondMarket.com.xml
+++ b/src/chrome/content/rules/SecondMarket.com.xml
@@ -1,4 +1,9 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://secondmarket.com/ => https://www.secondmarket.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.secondmarket.com/ => https://www.secondmarket.com/: (28, 'Connection timed out after 20002 milliseconds')
+
 	CDN buckets:
 
 		- d1w70dc0osrykz.cloudfront.net
@@ -9,7 +14,7 @@
 		- ^	(cert only matches www)
 
 -->
-<ruleset name="SecondMarket.com">
+<ruleset name="SecondMarket.com" default_off="failed ruleset test">
 
 	<target host="secondmarket.com" />
 	<target host="www.secondmarket.com" />
diff --git a/src/chrome/content/rules/Second_Life.com.xml b/src/chrome/content/rules/Second_Life.com.xml
new file mode 100644
index 000000000000..1b3456c6d95b
--- /dev/null
+++ b/src/chrome/content/rules/Second_Life.com.xml
@@ -0,0 +1,141 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://lists.secondlife.com/ => https://lists.secondlife.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	CDN buckets:
+
+		- s3.amazonaws.com/images.wiki.secondlife.com/ | d1yjxggot69855.cloudfront.net
+		- static.search.secondlife.com.s3.amazonaws.com
+		- lecs-static-secondlife-com.s3.amazonaws.com
+
+		- d378iqxsyg0s3u.cloudfront.net
+
+			- download.cloud
+
+
+	Nonfunctional subdomains:
+
+		- maps ²
+
+	² Refused
+
+
+	Problematic hosts in *secondlife.com:
+
+		- download.cloud *
+
+	* Cloudfront
+
+
+	Partially covered subdomains:
+
+		- wiki *
+
+	* Some pages redirect to http
+
+
+	Fully covered subdomains:
+
+		- (www.)
+		- blogs
+		- download.cloud	(→ d378iqxsyg0s3u.cloudfront.net)
+		- community
+		- id
+		- jira
+		- join
+		- land
+		- lists
+		- marketplace
+		- search
+		- slm-assets[0-3]
+		- support
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .secondlife.com
+		- id.secondlife.com
+		- jira.secondlife.com
+		- search.secondlife.com
+		- support.secondlife.com
+		- wiki.secondlife.com
+
+
+	Mixed content:
+
+		- favicon on search from search from static.search.secondlife.com.s3.amazonaws.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Second Life.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="secondlife.com" />
+	<target host="blogs.secondlife.com" />
+	<target host="community.secondlife.com" />
+	<target host="id.secondlife.com" />
+	<target host="jira.secondlife.com" />
+	<target host="join.secondlife.com" />
+	<target host="land.secondlife.com" />
+	<target host="lists.secondlife.com" />
+	<target host="marketplace.secondlife.com" />
+	<target host="search.secondlife.com" />
+	<target host="slm-assets0.secondlife.com" />
+	<target host="slm-assets1.secondlife.com" />
+	<target host="slm-assets2.secondlife.com" />
+	<target host="slm-assets3.secondlife.com" />
+	<target host="support.secondlife.com" />
+	<target host="wiki.secondlife.com" />
+	<target host="www.secondlife.com" />
+
+	<!--	Complications:
+				-->
+	<target host="download.cloud.secondlife.com" />
+
+		<!--	Redirect to http:
+						-->
+		<!--exclusion pattern="^http://wiki\.secondlife\.com/+(wiki/Issue_tracker($|\?))" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://wiki\.secondlife\.com/+(?!favicon\.ico|static/|w/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://wiki.secondlife.com/wiki/Clothing_Tutorials" />
+			<test url="http://wiki.secondlife.com/wiki/Community_Resources_Portal" />
+			<test url="http://wiki.secondlife.com/wiki/Live_Data_Feeds" />
+			<test url="http://wiki.secondlife.com/wiki/Second_Life_Periodicals" />
+			<test url="http://wiki.secondlife.com/wiki/Second_Life_Work/FAQs" />
+
+			<!--	-ve:
+					-->
+			<test url="http://wiki.secondlife.com/favicon.ico" />
+			<test url="http://wiki.secondlife.com/static/2007/img/somerights20.png" />
+			<test url="http://wiki.secondlife.com/w/bullet.gif" />
+			<test url="http://wiki.secondlife.com/w/load.php?debug=false&amp;lang=en&amp;modules=site&amp;only=styles&amp;skin=monobook" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.secondlife\.com" name="^(VISITORID|locale)$" /-->
+	<!--securecookie host="^community\.secondlife\.com" name="^LithiumVisitor$" /-->
+	<!--securecookie host="^id\.secondlife\.com$" name="^agni_sl_session_id$" /-->
+	<!--securecookie host="^jira\.secondlife\.com$" name="^atlassian\.xsrf\.token$" /-->
+	<!--securecookie host="^search\.secondlife\.com$" name="^session$" /-->
+	<!--securecookie host="^support\.secondlife\.com$" name="^(hwlb-session-id|support_sessionid)$" /-->
+	<!--securecookie host="^wiki\.secondlife\.com$" name="^AWSELB$" /-->
+
+	<securecookie host="^(?:(?:community|id|jira|search|support|www)?\.)?secondlife\.com$" name=".+" />
+
+
+	<rule from="^http://download\.cloud\.secondlife\.com/"
+		to="https://d378iqxsyg0s3u.cloudfront.net/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Second_Look_Forensics.com.xml b/src/chrome/content/rules/Second_Look_Forensics.com.xml
new file mode 100644
index 000000000000..ec298e1dfa1e
--- /dev/null
+++ b/src/chrome/content/rules/Second_Look_Forensics.com.xml
@@ -0,0 +1,19 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://secondlookforensics.com/ => https://secondlookforensics.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.secondlookforensics.com/ => https://www.secondlookforensics.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+-->
+<ruleset name="Second Look Forensics.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="secondlookforensics.com" />
+	<target host="www.secondlookforensics.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Second_Street_app.com.xml b/src/chrome/content/rules/Second_Street_app.com.xml
new file mode 100644
index 000000000000..6590d7545588
--- /dev/null
+++ b/src/chrome/content/rules/Second_Street_app.com.xml
@@ -0,0 +1,20 @@
+<!--
+	For other Second Street Media coverage, see Second-Street-Media.xml.
+
+
+	Fully covered hosts in *secondstreetapp.com:
+
+		- media
+
+-->
+<ruleset name="Second Street app.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="media.secondstreetapp.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Secproject.com.xml b/src/chrome/content/rules/Secproject.com.xml
new file mode 100644
index 000000000000..1b0ebeca65ad
--- /dev/null
+++ b/src/chrome/content/rules/Secproject.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Problematic hosts in *secproject.com:
+
+		- www.soroush *
+
+	* Refused
+
+-->
+<ruleset name="secproject.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="soroush.secproject.com" />
+
+	<!--	Complications:
+				-->
+	<target host="www.soroush.secproject.com" />
+
+
+	<rule from="^http://www\.soroush\.secproject\.com/"
+		to="https://soroush.secproject.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Secret_Intelligence_Service.xml b/src/chrome/content/rules/Secret_Intelligence_Service.xml
index b5c40790a92d..ff7f7990b989 100644
--- a/src/chrome/content/rules/Secret_Intelligence_Service.xml
+++ b/src/chrome/content/rules/Secret_Intelligence_Service.xml
@@ -1,14 +1,17 @@
 <!--
+	Secret Intelligence Service (aka 'MI6')
+
 	For other UK government coverage, see GOV.UK.xml.
 
+
+	^sis.gov.uk doesn't exist.
+
 -->
-<ruleset name="Secret Intelligence Service">
+<ruleset name="SIS.gov.uk">
 
-	<target host="sis.gov.uk" />
 	<target host="www.sis.gov.uk" />
 
 
-	<rule from="^http://(?:www\.)?sis\.gov\.uk/"
-		to="https://www.sis.gov.uk/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Secretshare.xml b/src/chrome/content/rules/Secretshare.xml
deleted file mode 100644
index c182faec4a09..000000000000
--- a/src/chrome/content/rules/Secretshare.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Secretshare">
-
-	<target host="secretsha.re" />
-	<target host="*.secretsha.re" />
-
-
-	<securecookie host="^(?:w*\.)?secretsha\.re$" name=".+" />
-
-
-	<rule from="^http://(www\.)?secretsha\.re/"
-		to="https://$1secretsha.re/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Secular-Student-Alliance.xml b/src/chrome/content/rules/Secular-Student-Alliance.xml
index f8a5549836f2..44cc0e7368cf 100644
--- a/src/chrome/content/rules/Secular-Student-Alliance.xml
+++ b/src/chrome/content/rules/Secular-Student-Alliance.xml
@@ -1,14 +1,17 @@
-<ruleset name="Secular Student Alliance">
+<!--
+	Secular Student Alliance
+
+-->
+<ruleset name="Secular Students.org">
 
 	<target host="secularstudents.org" />
-	<!--	* for cross-domain cookies.	-->
-	<target host="*.secularstudents.org" />
+	<target host="www.secularstudents.org" />
 
 
-	<securecookie host="^.*\.secularstudents\.org$" name=".*" />
+	<securecookie host="^.*\.secularstudents\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?secularstudents\.org/"
-		to="https://$1secularstudents.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Secular.org.xml b/src/chrome/content/rules/Secular.org.xml
index 0ed27841315f..49d8aeba0ad9 100644
--- a/src/chrome/content/rules/Secular.org.xml
+++ b/src/chrome/content/rules/Secular.org.xml
@@ -1,8 +1,39 @@
-<ruleset name="Secular Coalition for America">
+<!--
+	Secular Coalition for America
+
+
+	Fully covered hosts in *secular.org:
+
+		- (www.)?
+		- states
+
+
+	Insecure cookies are set for these domains:
+
+		- .secular.org
+
+
+	Mixed content:
+
+		- Font on states from themes.googleusercontent.com *
+		- Image on states from secularcoalition.info
+
+	* Secured by us
+
+-->
+<ruleset name="Secular.org">
   <target host="www.secular.org" />
   <target host="secular.org" />
+	<target host="states.secular.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.secular\.org$" name="^SESS[\da-f]{32}$" /-->
+
+  <securecookie host=".+" name=".+" />
 
-  <securecookie host="^(.+\.)?secular\.org$" name=".*"/>
 
-  <rule from="^http://(www\.)?secular\.org/" to="https://secular.org/"/>
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Secular_Humanism.org.xml b/src/chrome/content/rules/Secular_Humanism.org.xml
new file mode 100644
index 000000000000..44d8ee7b0b03
--- /dev/null
+++ b/src/chrome/content/rules/Secular_Humanism.org.xml
@@ -0,0 +1,24 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- secularhumanism.org
+		- www.secularhumanism.org
+
+-->
+<ruleset name="Secular Humanism.org">
+
+	<target host="secularhumanism.org" />
+	<target host="www.secularhumanism.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?secularhumanism\.org$" name="^exp_(last_activity|last_visit|tracker)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Secunet.xml b/src/chrome/content/rules/Secunet.xml
index 4829fbe0d4ea..23e91e9edb60 100644
--- a/src/chrome/content/rules/Secunet.xml
+++ b/src/chrome/content/rules/Secunet.xml
@@ -1,15 +1,15 @@
 <ruleset name="secunet (partial)">
 
 	<target host="secunet.com" />
-	<target host="*.secunet.com" />
 	<target host="www.secunet.com" />
+	<target host="sinaportal.secunet.com" />
 
 
 	<!--	Tracking cookies:
 					-->
 	<securecookie host="^\.secunet\.com$" name="^__utm\w$" />
 	<securecookie host="^www\.secunet\.com$" name="^(?:ist|_vm_u)$" />
-	<securecookie host="^sinaportal\.secunet\.com$" name=".*" />
+	<securecookie host="^sinaportal\.secunet\.com$" name=".+" />
 
 
 	<!--	Cert doesn't match !www.	-->
diff --git a/src/chrome/content/rules/SecuraBit.com.xml b/src/chrome/content/rules/SecuraBit.com.xml
new file mode 100644
index 000000000000..9a0427702013
--- /dev/null
+++ b/src/chrome/content/rules/SecuraBit.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .securabit.com
+
+-->
+<ruleset name="SecuraBit.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="securabit.com" />
+	<target host="www.securabit.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.securabit\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Secure-Endpoints.com-problematic.xml b/src/chrome/content/rules/Secure-Endpoints.com-problematic.xml
index 3d1a5f4466c2..563710826b3f 100644
--- a/src/chrome/content/rules/Secure-Endpoints.com-problematic.xml
+++ b/src/chrome/content/rules/Secure-Endpoints.com-problematic.xml
@@ -4,10 +4,12 @@
 -->
 <ruleset name="Secure-Endpoints.com (mismatched)" default_off="mismatched">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="okst.secure-endpoints.com" />
 
 
-	<rule from="^http://okst\.secure-endpoints\.com/"
-		to="https://okst.secure-endpoints.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Secure-Endpoints.com.xml b/src/chrome/content/rules/Secure-Endpoints.com.xml
index 21a5210b89a9..c065ee9239c5 100644
--- a/src/chrome/content/rules/Secure-Endpoints.com.xml
+++ b/src/chrome/content/rules/Secure-Endpoints.com.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://secure-endpoints.com/ (200) => https://secure-endpoints.com/ (404)
+
 	For problematic rules, see Secure-Endpoints.com-problematic.xml.
 
 
@@ -15,13 +19,15 @@
 			- www.h5l.org
 
 -->
-<ruleset name="Secure-Endpoints.com (partial)">
+<ruleset name="Secure-Endpoints.com (partial)" default_off="failed ruleset test">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="secure-endpoints.com" />
 	<target host="www.secure-endpoints.com" />
 
 
-	<rule from="^http://(www\.)?secure-endpoints\.com/"
-		to="https://$1secure-endpoints.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Secure-donor.com.xml b/src/chrome/content/rules/Secure-donor.com.xml
new file mode 100644
index 000000000000..4b5fddc4befd
--- /dev/null
+++ b/src/chrome/content/rules/Secure-donor.com.xml
@@ -0,0 +1,19 @@
+<ruleset name="secure-donor.com">
+
+	<target host="secure-donor.com" />
+	<target host="*.secure-donor.com" />
+
+		<test url="http://marineheritage.secure-donor.com/bricks" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(client_domain\.)?secure-donor\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://([\w-]+\.)?secure-donor\.com/"
+		to="https://$1secure-donor.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Secure-mobiles.com.xml b/src/chrome/content/rules/Secure-mobiles.com.xml
index 82546f878a67..2f4439437909 100644
--- a/src/chrome/content/rules/Secure-mobiles.com.xml
+++ b/src/chrome/content/rules/Secure-mobiles.com.xml
@@ -4,13 +4,16 @@
 -->
 <ruleset name="secure-mobiles.com">
 
-	<target host="*.secure-mobiles.com" />
+	<!--	Direct rewrites:
+				-->
+	<target host="media.secure-mobiles.com" />
+	<target host="www.secure-mobiles.com" />
 
 
 	<securecookie host="^www\.secure-mobiles\.com$" name=".+" />
 
 
-	<rule from="^http://(media|www)\.secure-mobiles\.com/"
-		to="https://$1.secure-mobiles.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Secure-payment-processing.com.xml b/src/chrome/content/rules/Secure-payment-processing.com.xml
new file mode 100644
index 000000000000..2a7c4d0a1123
--- /dev/null
+++ b/src/chrome/content/rules/Secure-payment-processing.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="secure-payment-processing.com">
+
+	<target host="*.secure-payment-processing.com" />
+
+
+	<rule from="^http://([\w-]+)\.secure-payment-processing\.com/"
+		to="https://$1.secure-payment-processing.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Secure-resumption.com.xml b/src/chrome/content/rules/Secure-resumption.com.xml
new file mode 100644
index 000000000000..4467fbcff6e5
--- /dev/null
+++ b/src/chrome/content/rules/Secure-resumption.com.xml
@@ -0,0 +1,17 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://secure-resumption.com/ => https://secure-resumption.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.secure-resumption.com/ => https://www.secure-resumption.com/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="secure-resumption.com" default_off="failed ruleset test">
+
+	<target host="secure-resumption.com" />
+	<target host="www.secure-resumption.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Secure-secure.co.uk.xml b/src/chrome/content/rules/Secure-secure.co.uk.xml
index 458e21653e97..8268a68bf215 100644
--- a/src/chrome/content/rules/Secure-secure.co.uk.xml
+++ b/src/chrome/content/rules/Secure-secure.co.uk.xml
@@ -9,4 +9,4 @@
 	<rule from="^http://web(\d+)\.secure-secure\.co\.uk/"
 		to="https://web$1.secure-secure.co.uk/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Secure-u.de.xml b/src/chrome/content/rules/Secure-u.de.xml
deleted file mode 100644
index 27657c9a7b5b..000000000000
--- a/src/chrome/content/rules/Secure-u.de.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="secure-u e.V." platform="cacert">
-  <target host="www.secure-u.de"/>
-  <target host="secure-u.de"/>
-
-  <rule from="^http://(www\.)?secure-u\.de/" to="https://www.secure-u.de/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/Secure-zone.net.xml b/src/chrome/content/rules/Secure-zone.net.xml
index 897011645b5b..dfe4fd47d48b 100644
--- a/src/chrome/content/rules/Secure-zone.net.xml
+++ b/src/chrome/content/rules/Secure-zone.net.xml
@@ -9,4 +9,4 @@
 	<rule from="^http://asp-(\w\w)\.secure-zone\.net/"
 		to="https://asp-$1.secure-zone.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Secure.me.xml b/src/chrome/content/rules/Secure.me.xml
index ad19956cb539..e5be782272c1 100644
--- a/src/chrome/content/rules/Secure.me.xml
+++ b/src/chrome/content/rules/Secure.me.xml
@@ -1,13 +1,26 @@
-<ruleset name="secure.me">
 
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://secure.me/ => https://secure.me/: (51, "SSL: no alternative certificate subject name matches target host name 'secure.me'")
+Fetch error: http://apps.secure.me/ => https://apps.secure.me/: (28, 'Connection timed out after 20014 milliseconds')
+Fetch error: http://wp.secure.me/ => https://wp.secure.me/: (51, "SSL: no alternative certificate subject name matches target host name 'wp.secure.me'")
+Fetch error: http://www.secure.me/ => https://www.secure.me/: (51, "SSL: no alternative certificate subject name matches target host name 'www.secure.me'")
+
+-->
+<ruleset name="secure.me" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
 	<target host="secure.me" />
-	<target host="*.secure.me" />
+	<target host="apps.secure.me" />
+	<target host="wp.secure.me" />
+	<target host="www.secure.me" />
 
 
 	<securecookie host="^www\.secure\.me$" name=".+" />
 
 
-	<rule from="^http://(apps\.|wp\.|www\.)?secure\.me/"
-		to="https://$1secure.me/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SecureConnect.com.xml b/src/chrome/content/rules/SecureConnect.com.xml
deleted file mode 100644
index f249cb4f7202..000000000000
--- a/src/chrome/content/rules/SecureConnect.com.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	For other Trustwave coverage, see Trustwave.xml.
-
--->
-<ruleset name="SecureConnect">
-
-	<target host="secureconnect.com" />
-	<target host="www.secureconnect.com" />
-
-
-	<rule from="^http://(www\.)?secureconnect\.com/"
-		to="https://$1secureconnect.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/SecureList.xml b/src/chrome/content/rules/SecureList.xml
index 6333dce2ed04..32bf317d25c1 100644
--- a/src/chrome/content/rules/SecureList.xml
+++ b/src/chrome/content/rules/SecureList.xml
@@ -1,10 +1,28 @@
-<ruleset name="SecureList">
-  <target host="securelist.com" />
-  <target host="www.securelist.com" />
+<!--
+	Insecure cookie are set for these hosts: ᶜ
 
-  <securecookie host="^(.+\.)?securelist\.com$" name=".*"/>
+		- securelist.com
+		- www.securelist.com
 
-	<!--	Cert only matches www.
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="SecureList.com">
+
+	<target host="securelist.com" />
+	<target host="apt.securelist.com" />
+	<target host="cdn.securelist.com" />
+	<target host="www.securelist.com" />
+
+
+	<!--	Not secured by server:
 					-->
-  <rule from="^https?://(?:www\.)?securelist\.com/" to="https://www.securelist.com/"/>
+	<!--securecookie host="^(?:www\.)?securelist\.com$" name="^X-Mapping-" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/SecureNet.com.xml b/src/chrome/content/rules/SecureNet.com.xml
new file mode 100644
index 000000000000..46ef3d54aaac
--- /dev/null
+++ b/src/chrome/content/rules/SecureNet.com.xml
@@ -0,0 +1,42 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.securenet.com/ => https://www.securenet.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://securenet.com/ => https://www.securenet.com/: (60, 'SSL certificate problem: certificate has expired')
+
+	^securenet.com: works; mismatched, CN: acquia-sites.com
+
+
+	Mixed content:
+
+		- css on www from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="SecureNet.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="terminal.securenet.com" />
+	<target host="www.securenet.com" />
+
+	<!--	Complications:
+				-->
+	<target host="securenet.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^terminal\.securenet\.com$" name="^(ASP.NET_SessionId|TS[0-9a-f]{8}|TS[0-9a-f]{8)_\d+)$" /-->
+
+	<securecookie host="^terminal\.securenet\.com$" name=".+" />
+
+
+	<rule from="^http://securenet\.com/"
+		to="https://www.securenet.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SecurePro_Software.xml b/src/chrome/content/rules/SecurePro_Software.xml
index ccaf22f629e6..67b5ad5c1904 100644
--- a/src/chrome/content/rules/SecurePro_Software.xml
+++ b/src/chrome/content/rules/SecurePro_Software.xml
@@ -1,11 +1,28 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://secureprosoftware.com/ => https://secureprosoftware.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.secureprosoftware.com/ => https://secureprosoftware.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+-->
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://secureprosoftware.com/ (200) => https://secureprosoftware.com/ (521)
+Non-2xx HTTP code: http://www.secureprosoftware.com/ (200) => https://secureprosoftware.com/ (521)
+
 	www: mismatched, CN: *.websitewelcome.com
 
 -->
-<ruleset name="SecurePro Software">
+<ruleset name="SecurePro Software.com" default_off="failed ruleset test">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="secureprosoftware.com" />
-	<target host="*.secureprosoftware.com" />
+
+	<!--	Complications:
+				-->
+	<target host="www.secureprosoftware.com" />
 
 
 	<securecookie host="^\.?secureprosoftware\.com$" name=".+" />
@@ -14,4 +31,4 @@
 	<rule from="^http://(?:www\.)?secureprosoftware\.com/"
 		to="https://secureprosoftware.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SecureProxySite.com.xml b/src/chrome/content/rules/SecureProxySite.com.xml
new file mode 100644
index 000000000000..fbe8574d621c
--- /dev/null
+++ b/src/chrome/content/rules/SecureProxySite.com.xml
@@ -0,0 +1,12 @@
+<!--
+	Down (403):
+		blog.secureproxysite.com
+-->
+<ruleset name="SecureProxySite.com">
+	<target host="secureproxysite.com" />
+	<target host="www.secureproxysite.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SecureStudies.com.xml b/src/chrome/content/rules/SecureStudies.com.xml
index 77ef588fd0a8..4253061f29bf 100644
--- a/src/chrome/content/rules/SecureStudies.com.xml
+++ b/src/chrome/content/rules/SecureStudies.com.xml
@@ -11,10 +11,11 @@
 <ruleset name="SecureStudies.com (partial)">
 
 	<target host="securestudies.com" />
-	<target host="*.securestudies.com" />
+	<target host="beacon.securestudies.com" />
+	<target host="www.securestudies.com" />
 
 
-	<rule from="^http://(beacon\.|www\.)?securestudies\.com/"
-		to="https://$1securestudies.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Secure_Socket_Layer_Billing_Services.xml b/src/chrome/content/rules/Secure_Socket_Layer_Billing_Services.xml
index aa6be2e3da57..b71188a6830e 100644
--- a/src/chrome/content/rules/Secure_Socket_Layer_Billing_Services.xml
+++ b/src/chrome/content/rules/Secure_Socket_Layer_Billing_Services.xml
@@ -1,13 +1,19 @@
-<ruleset name="Secure Socket Layer Billing Services">
+<!--
+	Secure Socket Layer Billing Services
 
+-->
+<ruleset name="SSL7.net">
+
+	<!--	Direct rewrites:
+				-->
 	<target host="ssl7.net" />
-	<target host="*.ssl7.net" />
+	<target host="static.ssl7.net" />
 
 
 	<securecookie host="^ssl7\.net$" name=".+" />
 
 
-	<rule from="^http://(static\.)?ssl7\.net/"
-		to="https://$1ssl7.net/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Secure_Upload.eu.xml b/src/chrome/content/rules/Secure_Upload.eu.xml
new file mode 100644
index 000000000000..f33df7148e0f
--- /dev/null
+++ b/src/chrome/content/rules/Secure_Upload.eu.xml
@@ -0,0 +1,19 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://secureupload.eu/ => https://secureupload.eu/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.secureupload.eu/ => https://www.secureupload.eu/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="Secure Upload.eu" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="secureupload.eu" />
+	<target host="www.secureupload.eu" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Secure_in_the_Circle.xml b/src/chrome/content/rules/Secure_in_the_Circle.xml
index a63e52cfd04b..1a10555bc9a4 100644
--- a/src/chrome/content/rules/Secure_in_the_Circle.xml
+++ b/src/chrome/content/rules/Secure_in_the_Circle.xml
@@ -13,7 +13,7 @@
 	<target host="www.secureinthecircle.com" />
 
 
-	<rule from="^https?://(?:www\.)?secureinthecircle\.com/"
+	<rule from="^http://(?:www\.)?secureinthecircle\.com/"
 		to="https://secureinthecircle.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SecuredVisit.com.xml b/src/chrome/content/rules/SecuredVisit.com.xml
index 413068a34e4d..e4e3e2920e67 100644
--- a/src/chrome/content/rules/SecuredVisit.com.xml
+++ b/src/chrome/content/rules/SecuredVisit.com.xml
@@ -6,10 +6,19 @@
 -->
 <ruleset name="SecuredVisit.com (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="track.securedvisit.com" />
 
 
-	<rule from="^http://track\.securedvisit\.com/"
-		to="https://track.securedvisit.com/" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.securedvisit\.com$" name="^(sv_onid|sv_sid)$" /-->
 
-</ruleset>
\ No newline at end of file
+	<securecookie host="^\.securedvisit\.com$" name="^(?:sv_onid|sv_sid)$" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Securedataimages.com.xml b/src/chrome/content/rules/Securedataimages.com.xml
new file mode 100644
index 000000000000..88a6c043d5de
--- /dev/null
+++ b/src/chrome/content/rules/Securedataimages.com.xml
@@ -0,0 +1,18 @@
+<!--
+	For other FriendFinder, see FriendFinder.xml.
+
+
+	Fully covered domains:
+
+		- secureimage.securedataimages.com
+
+-->
+<ruleset name="securedataimages.com">
+
+	<target host="secureimage.securedataimages.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Securedcontent.net.xml b/src/chrome/content/rules/Securedcontent.net.xml
new file mode 100644
index 000000000000..260a7fa296f0
--- /dev/null
+++ b/src/chrome/content/rules/Securedcontent.net.xml
@@ -0,0 +1,12 @@
+<ruleset name="securedcontent.net">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="securedcontent.net" />
+	<target host="www.securedcontent.net" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Securejoinsite.com.xml b/src/chrome/content/rules/Securejoinsite.com.xml
new file mode 100644
index 000000000000..52588b1f26ea
--- /dev/null
+++ b/src/chrome/content/rules/Securejoinsite.com.xml
@@ -0,0 +1,30 @@
+<!--
+	www.securejoinsite.com: Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- securejoinsite.com
+
+-->
+<ruleset name="securejoinsite.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="securejoinsite.com" />
+
+	<!--	Complications:
+				-->
+	<target host="www.securejoinsite.com" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://www\.securejoinsite\.com/"
+		to="https://securejoinsite.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Securelime.xml b/src/chrome/content/rules/Securelime.xml
index d6ced1dd3795..913c2e323634 100644
--- a/src/chrome/content/rules/Securelime.xml
+++ b/src/chrome/content/rules/Securelime.xml
@@ -1,13 +1,15 @@
-<ruleset name="Securelime">
+<ruleset name="Securelime.com">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="securelime.com" />
-	<target host="*.securelime.com" />
+	<target host="www.securelime.com" />
 
 
 	<securecookie host="^.*\.securelime\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?securelime\.com/"
-		to="https://$1securelime.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Securelist.ru.xml b/src/chrome/content/rules/Securelist.ru.xml
new file mode 100644
index 000000000000..3b7c4f6aae40
--- /dev/null
+++ b/src/chrome/content/rules/Securelist.ru.xml
@@ -0,0 +1,38 @@
+<!--
+	For other Kaspersky coverage, see Kaspersky.com.xml.
+
+
+	www: Mismatched, CN: threatpost.com
+
+
+	Insecure cookies are set for these domains:
+
+		- securelist.ru
+
+-->
+<ruleset name="Securelist.ru">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="securelist.ru" />
+	<target host="cdn.securelist.ru" />
+
+	<!--	Complications:
+				-->
+	<target host="www.securelist.ru" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^securelist\.ru$" name="^X-Mapping-\w{8}$" /-->
+
+	<securecookie host="^securelist\.ru$" name=".+" />
+
+
+	<rule from="^http://www\.securelist\.ru/"
+		to="https://securelist.ru/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Securelogin.org.xml b/src/chrome/content/rules/Securelogin.org.xml
index df43ef62d657..9ae76648dde1 100644
--- a/src/chrome/content/rules/Securelogin.org.xml
+++ b/src/chrome/content/rules/Securelogin.org.xml
@@ -1,12 +1,14 @@
 <ruleset name="securelogin.org">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="securelogin.org" />
 
 
 	<securecookie host="^securelogin\.org$" name=".+" />
 
 
-	<rule from="^http://securelogin\.org/"
-		to="https://securelogin.org/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Securepaths.xml b/src/chrome/content/rules/Securepaths.xml
index 12494e5efa26..a331a94333dc 100644
--- a/src/chrome/content/rules/Securepaths.xml
+++ b/src/chrome/content/rules/Securepaths.xml
@@ -1,16 +1,18 @@
 <ruleset name="securepaths.com">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="securepaths.com" />
 	<target host="www.securepaths.com" />
 
 
-	<securecookie host="^(www\.)?securepaths\.com$" name=".*" />
+	<securecookie host="^(?:www\.)?securepaths\.com$" name=".+" />
 
 
 	<!--	Tracking beacon, e.g.:
 			- securepaths.com/pixel.cgi?org=a1c3bbeec26d8e3b293f
 			- Observed on education.org	-->
-	<rule from="^http://(www\.)?securepaths\.com/"
-		to="https://$1securepaths.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Securepaynet.net.xml b/src/chrome/content/rules/Securepaynet.net.xml
index 56fcc77fe9da..f998631620d3 100644
--- a/src/chrome/content/rules/Securepaynet.net.xml
+++ b/src/chrome/content/rules/Securepaynet.net.xml
@@ -1,39 +1,30 @@
 <!--
-	Fully covered domains:
-
-
-		- securepaynet.net	(→ www)
-
-		- *.securepaynet.net:
-
-			- cart
-			- help
-			- idp
-			- imagesak
-			- img
-			- m
-			- mya
-			- who
-			- www
-
-		- img[125].wsimg.com
-
+	Chain issue (missing intermediate):
+		- custom.securepaynet.net
+
+	Invalid certificate:
+		- securepaynet.net
+		- www.securepaynet.net
+		- cdrapplication.securepaynet.net
+		- dream.securepaynet.net
+		- help.securepaynet.net
+		- idp.securepaynet.net
+		- mcc.securepaynet.net
+		- who.securepaynet.net
+
+	SSL error:
+		- imagesak.securepaynet.net
 -->
-<ruleset name="Securepaynet.net">
-
-	<target host="securepaynet.net"/>
-	<target host="*.securepaynet.net"/>
-	<target host="*.wsimg.com"/>
-
-	<securecookie host="^(.*\.)?securepaynet\.net$" name=".+"/>
-
-	<rule from="^https?://securepaynet\.net/"
-		to="https://www.securepaynet.net/"/>
-
-	<rule from="^http://(\w+)\.securepaynet\.net/"
-		to="https://$1.securepaynet.net/"/>
-
-	<rule from="^http://img(\d)\.wsimg\.com/"
-		to="https://img$1.wsimg.com/"/>
-
+<ruleset name="Securepaynet.net (partial)">
+	<target host="img.securepaynet.net" />
+	<target host="img1.wsimg.com" />
+	<target host="img2.wsimg.com" />
+	<target host="img3.wsimg.com" />
+	<target host="img4.wsimg.com" />
+	<target host="img5.wsimg.com" />
+	<target host="nebula.wsimg.com" />
+
+	<securecookie host="^(.*\.)?securepaynet\.net$" name=".+" />
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Securepicssl.com.xml b/src/chrome/content/rules/Securepicssl.com.xml
index ad62d1fde611..f54a687d65ec 100644
--- a/src/chrome/content/rules/Securepicssl.com.xml
+++ b/src/chrome/content/rules/Securepicssl.com.xml
@@ -8,10 +8,10 @@
 	<target host="*.securepcissl.com" />
 
 
-	<securecookie host="^(?:.*\.)?securepicssl\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http://([\w-]+\.)?securepcissl\.com/"
 		to="https://$1securepcissl.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Securepoint.de.xml b/src/chrome/content/rules/Securepoint.de.xml
new file mode 100644
index 000000000000..98fb6645553b
--- /dev/null
+++ b/src/chrome/content/rules/Securepoint.de.xml
@@ -0,0 +1,47 @@
+<!--
+	Other Securepoint rulesets:
+
+		- SPDNS.de.xml
+
+
+	Nonfunctional hosts in *securepoint.de:
+
+		- downloads *
+		- support *
+		- wiki *
+
+	* Shows another domain
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.securepoint.de
+
+
+	Mixed content:
+
+		- css on www.securepoint.de from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Securepoint.de">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="securepoint.de" />
+	<target host="my.securepoint.de" />
+	<target host="www.securepoint.de" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="www\.securepoint\.de$" name="^fe_typo_user$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Securepurchaseserver.com.xml b/src/chrome/content/rules/Securepurchaseserver.com.xml
index 0a9ad3bf1339..0504d294920a 100644
--- a/src/chrome/content/rules/Securepurchaseserver.com.xml
+++ b/src/chrome/content/rules/Securepurchaseserver.com.xml
@@ -1,11 +1,23 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://securepurchaseserver.com/ => https://securepurchaseserver.com/: (60, 'SSL certificate problem: self signed certificate')
+Fetch error: http://www.securepurchaseserver.com/ => https://securepurchaseserver.com/: (60, 'SSL certificate problem: self signed certificate')
+Fetch error: http://securepurchaseserver2.com/ => https://securepurchaseserver2.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.securepurchaseserver2.com/ => https://securepurchaseserver2.com/: (60, 'SSL certificate problem: certificate has expired')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://securepurchaseserver.com/ => https://securepurchaseserver.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.securepurchaseserver.com/ => https://securepurchaseserver.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://securepurchaseserver2.com/ => https://securepurchaseserver2.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.securepurchaseserver2.com/ => https://securepurchaseserver2.com/: (60, 'SSL certificate problem: certificate has expired')
 	For other Web.com coverage, see Web.com.xml.
 
 
 	Cert doesn't match www.
 
 -->
-<ruleset name="securepurchaseserver.com">
+<ruleset name="securepurchaseserver.com" default_off="failed ruleset test">
 
 	<target host="securepurchaseserver.com" />
 	<target host="www.securepurchaseserver.com" />
@@ -13,7 +25,7 @@
 	<target host="www.securepurchaseserver2.com" />
 
 
-	<rule from="^https?://(?:www\.)?securepurchaseserver(2)?\.com/"
+	<rule from="^http://(?:www\.)?securepurchaseserver(2)?\.com/"
 		to="https://securepurchaseserver$1.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Secureserver.net.xml b/src/chrome/content/rules/Secureserver.net.xml
index 2d435c6a8d31..ed63558d0177 100644
--- a/src/chrome/content/rules/Secureserver.net.xml
+++ b/src/chrome/content/rules/Secureserver.net.xml
@@ -1,12 +1,25 @@
-<ruleset name="Secureserver.net (partial)">
-
-	<target host="*.secureserver.net" />
+<!--
+	Dropped:
+		- hxcc
 
+	Incomplete certificate chain:
+		- p3smysqladmin01
+-->
 
-	<securecookie host="^.+\.secureserver\.net$" name=".+" />
-
+<ruleset name="Secureserver.net (partial)">
+	<target host="secureserver.net" />
+	<target host="www.secureserver.net" />
+	<target host="email.secureserver.net" />
+	<target host="hostingmanager.secureserver.net" />
+	<target host="images.secureserver.net" />
+	<target host="img.secureserver.net" />
+	<target host="login.secureserver.net" />
+	<target host="mobilemail.secureserver.net" />
+	<target host="p3nmssqladmin.secureserver.net" />
+	<target host="products.secureserver.net" />
+	<target host="sso.secureserver.net" />
 
-	<rule from="^http://(cloud|email|hostingmanager|hxcc|images|img|login|mobilemail|p3nmssqladmin|p3smysqladmin01|products|www)\.secureserver\.net/"
-		to="https://$1.secureserver.net/" />
+	<securecookie host=".+" name=".+" />
 
+	<rule from="^http:"	to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Securetrust.com.xml b/src/chrome/content/rules/Securetrust.com.xml
new file mode 100644
index 000000000000..82c6e8178f34
--- /dev/null
+++ b/src/chrome/content/rules/Securetrust.com.xml
@@ -0,0 +1,30 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.securetrust.com/ => https://www.securetrust.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://securetrust.com/ => https://www.securetrust.com/: (60, 'SSL certificate problem: certificate has expired')
+
+	For other Trustwave coverage, see Trustwave.xml.
+
+
+	^securetrust.com: Cert only matches www.securetrust.com
+
+-->
+<ruleset name="securetrust.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.securetrust.com" />
+
+	<!--	Complications:
+				-->
+	<target host="securetrust.com" />
+
+
+	<rule from="^http://securetrust\.com/"
+		to="https://www.securetrust.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Securi.xml b/src/chrome/content/rules/Securi.xml
deleted file mode 100644
index a38f837d0caa..000000000000
--- a/src/chrome/content/rules/Securi.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)	(refused)
-		- blog		(500; mismatched, CN: server-p001.hostpoint.ch)
-
--->
-<ruleset name="Securi (partial)">
-
-	<target host="login.securi.net" />
-
-
-	<rule from="^http://login\.securi\.net/"
-		to="https://login.securi.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/SecuriTeam.com.xml b/src/chrome/content/rules/SecuriTeam.com.xml
new file mode 100644
index 000000000000..d4e5bbc36e14
--- /dev/null
+++ b/src/chrome/content/rules/SecuriTeam.com.xml
@@ -0,0 +1,15 @@
+<!--
+	(www.)?securiteam.com: Refused
+
+-->
+<ruleset name="SecuriTeam.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="blogs.securiteam.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Securifera.com.xml b/src/chrome/content/rules/Securifera.com.xml
new file mode 100644
index 000000000000..c59ae18193a4
--- /dev/null
+++ b/src/chrome/content/rules/Securifera.com.xml
@@ -0,0 +1,29 @@
+<!--
+	^securifera.com: Mismatched
+
+
+	Mixed content:
+
+		- Images on www from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Securifera.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.securifera.com" />
+
+	<!--	Complications:
+				-->
+	<target host="securifera.com" />
+
+
+	<rule from="^http://securifera\.com/"
+		to="https://www.securifera.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Securing_the_Human.org.xml b/src/chrome/content/rules/Securing_the_Human.org.xml
new file mode 100644
index 000000000000..79af1dfc1227
--- /dev/null
+++ b/src/chrome/content/rules/Securing_the_Human.org.xml
@@ -0,0 +1,26 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://help.securingthehuman.org/ => https://help.securingthehuman.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	For other SANS Institute coverage, see SANS.org.xml.
+
+-->
+<ruleset name="Securing the Human.org" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="securingthehuman.org" />
+	<target host="help.securingthehuman.org" />
+	<target host="www.securingthehuman.org" />
+
+
+	<!--	Server sets Secure for:
+					-->
+	<!--securecookie host="^\.securingthehuman\.org$" name=".+" /-->
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Securities.com.xml b/src/chrome/content/rules/Securities.com.xml
index 371e191e1cf1..58a97319f02c 100644
--- a/src/chrome/content/rules/Securities.com.xml
+++ b/src/chrome/content/rules/Securities.com.xml
@@ -1,4 +1,4 @@
-<!-- Nonfunctional subdomains:
+<!--
 	- blog.securities.com
 	- inews.securities.com
 	- bck.securities.com
@@ -6,5 +6,5 @@
 <ruleset name="Securities.com (partial)" platform="mixedcontent">
 	<target host="www.securities.com" />
 
-	<rule from="^http://www\.securities\.com/" to="https://www.securities.com/" />
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Security-Database.com.xml b/src/chrome/content/rules/Security-Database.com.xml
new file mode 100644
index 000000000000..07bbcda44458
--- /dev/null
+++ b/src/chrome/content/rules/Security-Database.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Invalid certificate:
+		security-database.com
+
+	Connection reset:
+		feeds.security-database.com
+
+-->
+<ruleset name="Security-Database.com">
+
+	<target host="security-database.com" />
+	<target host="www.security-database.com" />
+	<target host="crosslinks.security-database.com" />
+	<target host="oval.security-database.com" />
+		<test url="http://oval.security-database.com/oval_rep/5.7/v/family/pixos.xml" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://security-database\.com/"
+		to="https://www.security-database.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Security-In-A-Box.xml b/src/chrome/content/rules/Security-In-A-Box.xml
deleted file mode 100644
index 320f5db5742d..000000000000
--- a/src/chrome/content/rules/Security-In-A-Box.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="Security In A Box">
-	<target host="security.ngoinabox.org" />
-
-	<securecookie host="^(.*\.)?security\.ngoinabox\.org$" name=".+" />
-
-	<rule from="^http://security\.ngoinabox\.org/" to="https://security.ngoinabox.org/" />
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Security-Portal.cz.xml b/src/chrome/content/rules/Security-Portal.cz.xml
new file mode 100644
index 000000000000..b8159637af41
--- /dev/null
+++ b/src/chrome/content/rules/Security-Portal.cz.xml
@@ -0,0 +1,43 @@
+<!--
+	Fully covered subdomains:
+
+		- (www.)?
+		- bflow
+		- forum
+
+
+	Mixed content:
+
+		- Imaes, on:
+
+			- (www.)? from www ¹
+			- bflow from bflow ¹
+
+		- Ads/bugs, on:
+
+			- (www.)?, bflow from bflow ¹
+			- (www.)? from www.bezpecnostvcloudu.cz ²
+			- (www.)? from www.ceskapiratskastrana.cz ²
+			- (www.)? from i.creativecommons.org ¹
+			- (www.)? from www.expo-net.cz ²
+			- (www.)? from www.skodlivysoftware.cz ³
+
+	¹ Secured by us
+	² Not secured by us <= mismatched
+	³ Unsecurable <= 404
+
+-->
+<ruleset name="Security-Portal.cz">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="security-portal.cz" />
+	<target host="bflow.security-portal.cz" />
+	<target host="forum.security-portal.cz" />
+	<target host="www.security-portal.cz" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Security-Research-Labs.xml b/src/chrome/content/rules/Security-Research-Labs.xml
index 7962353a8627..364287107209 100644
--- a/src/chrome/content/rules/Security-Research-Labs.xml
+++ b/src/chrome/content/rules/Security-Research-Labs.xml
@@ -1,21 +1,37 @@
 <!--
+	Security Research Labs
+
+
+	www.srlabs.de: Unrecognized name
+
+
 	Fully covered subdomains:
 
-		- (www.)
+		- (www.)	(www → ^)
 		- lists
 		- opensource
 
 -->
-<ruleset name="Security Research Labs">
+<ruleset name="SRLabs.de">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="srlabs.de" />
-	<target host="*.srlabs.de" />
+	<target host="lists.srlabs.de" />
+	<target host="opensource.srlabs.de" />
+
+	<!--	Complications:
+				-->
+	<target host="www.srlabs.de" />
+
 
+	<securecookie host="^.*\.srlabs\.de$" name=".+" />
 
-	<securecookie host="^.*\.srlabs\.de$" name=".*" />
 
+	<rule from="^http://www\.srlabs\.de/"
+		to="https://srlabs.de/" />
 
-	<rule from="^http://((?:lists|opensource|www)\.)?srlabs\.de/"
-		to="https://$1srlabs.de/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/SecurityAffairs.co.xml b/src/chrome/content/rules/SecurityAffairs.co.xml
new file mode 100644
index 000000000000..97c51370319c
--- /dev/null
+++ b/src/chrome/content/rules/SecurityAffairs.co.xml
@@ -0,0 +1,8 @@
+<ruleset name="SecurityAffairs.co">
+	<target host="securityaffairs.co" />
+	<target host="www.securityaffairs.co" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SecurityKISS.com.xml b/src/chrome/content/rules/SecurityKISS.com.xml
index 5fd366bde8ca..e8d79e1baf65 100644
--- a/src/chrome/content/rules/SecurityKISS.com.xml
+++ b/src/chrome/content/rules/SecurityKISS.com.xml
@@ -4,11 +4,42 @@
 -->
 <ruleset name="SecurityKISS.com (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="securitykiss.com" />
 	<target host="www.securitykiss.com" />
 
+		<!--	Redirects to http:
+					-->
+		<!--exclusion pattern="^http://www\.securitykiss\.com/index\.php\?" /-->
 
-	<rule from="^http://(www\.)?securitykiss\.com/(favicon\.ico|(?:helpdesk|panel|pricing/order)(?:$|[?/])|images/|javascripts/|stylesheets/)"
-		to="https://$1securitykiss.com/$2" />
+		<!--	Exceptions:
+					-->
+		<exclusion pattern="^http://www\.securitykiss\.com/(?!favicon\.ico|(?:helpdesk|panel|pricing/order)(?:$|[?/])|images/|javascripts/|stylesheets/)" />
 
-</ruleset>
\ No newline at end of file
+			<!--	+ve:
+					-->
+			<test url="http://www.securitykiss.com/about/contact/" />
+			<test url="http://www.securitykiss.com/about/testimonials/" />
+			<test url="http://www.securitykiss.com/faq" />
+			<test url="http://www.securitykiss.com/giveaway/" />
+			<test url="http://www.securitykiss.com/locate/" />
+			<test url="http://www.securitykiss.com/pricing" />
+			<test url="http://www.securitykiss.com/resources/download/" />
+			<test url="http://www.securitykiss.com/resources/whysecuritykiss" />
+			<test url="http://www.securitykiss.com/support" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.securitykiss.com/favicon.ico" />
+			<test url="http://www.securitykiss.com/helpdesk/" />
+			<test url="http://www.securitykiss.com/images/flags/16/pl.png" />
+			<test url="http://www.securitykiss.com/panel/" />
+			<test url="http://www.securitykiss.com/pricing/order" />
+			<test url="http://www.securitykiss.com/stylesheets/sk.css" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SecurityMetrics.xml b/src/chrome/content/rules/SecurityMetrics.xml
index 384b40a2b526..0affd1a96e4f 100644
--- a/src/chrome/content/rules/SecurityMetrics.xml
+++ b/src/chrome/content/rules/SecurityMetrics.xml
@@ -1,20 +1,22 @@
+
 <!--
-	Server is configured for rc4 only.
+Disabled by https-everywhere-checker because:
+Fetch error: http://web2.securitymetrics.com/ => https://web2.securitymetrics.com/: (6, 'Could not resolve host: web2.securitymetrics.com')
 
+	Refused:
+		- blog
 -->
-<ruleset name="SecurityMetrics">
+<ruleset name="SecurityMetrics.com" default_off="failed ruleset test">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="securitymetrics.com" />
-	<target host="*.securitymetrics.com" />
-
-
-	<securecookie host="^(?:www\.)?securitymetrics\.com$" name=".+" />
-
+	<target host="web2.securitymetrics.com" />
+	<target host="www.securitymetrics.com" />
 
-	<rule from="^http://(www\.)?securitymetrics\.com/"
-		to="https://$1securitymetrics.com/" />
+	<securecookie host="^(?:web2\.|www\.)?securitymetrics\.com$" name=".+" />
 
-	<rule from="^http://blog\.securitymetrics\.com/favicon\.ico"
-		to="https://www.blogger.com/favicon.ico" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/SecurityNL.xml b/src/chrome/content/rules/SecurityNL.xml
index 42dcdd340b0c..ee642d21b1b9 100644
--- a/src/chrome/content/rules/SecurityNL.xml
+++ b/src/chrome/content/rules/SecurityNL.xml
@@ -1,6 +1,16 @@
 <ruleset name="Security.NL">
-  <target host="security.nl" />
-  <target host="www.security.nl" />
 
-  <rule from="^http://(?:www\.)?security\.nl/" to="https://secure.security.nl/"/>
+	<!--	Direct rewrites:
+				-->
+	<target host="security.nl" />
+	<target host="secure.security.nl" />
+	<target host="www.security.nl" />
+
+
+	<securecookie host="^\.www\.security\.nl$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/SecurityWeek.com.xml b/src/chrome/content/rules/SecurityWeek.com.xml
index 84fa4c6fb8bb..02478af12396 100644
--- a/src/chrome/content/rules/SecurityWeek.com.xml
+++ b/src/chrome/content/rules/SecurityWeek.com.xml
@@ -1,32 +1,21 @@
 <!--
-	Mixed content:
-
-		- Mixed script on www from securityweek.disqus.com
-
-		- Ads/web bugs, on www from:
-
-			- www.facebook.com *
-			- www.google.com *
-			- partner.googleadservices.com *
-			- platform.linkedin.com *
-
-	* Secured by us
-
-
-	mixedcontent due to script from securityweek.disqus.com.
-
+	Cloudflare error:
+		- s1.securityweek.com
 -->
-<ruleset name="SecurityWeek.com" platform="mixedcontent">
+<ruleset name="SecurityWeek.com">
 
 	<target host="securityweek.com" />
-	<target host="*.securityweek.com" />
+	<target host="www.securityweek.com" />
 
 
-	<securecookie host="^(?:www)?\.securityweek\.com$" name=".+" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.securityweek\.com$" name="^SESS[\da-f]{32}$" /-->
 
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(www\.)?securityweek\.com/"
-		to="https://$1securityweek.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
 
diff --git a/src/chrome/content/rules/Security_Conference.de.xml b/src/chrome/content/rules/Security_Conference.de.xml
new file mode 100644
index 000000000000..dd5782317f03
--- /dev/null
+++ b/src/chrome/content/rules/Security_Conference.de.xml
@@ -0,0 +1,17 @@
+<!--
+	Munich Security Conference
+
+-->
+<ruleset name="Security Conference.de">
+
+	<target host="securityconference.de" />
+	<target host="www.securityconference.de" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Security_Evaluators.com.xml b/src/chrome/content/rules/Security_Evaluators.com.xml
new file mode 100644
index 000000000000..811fb3e5baae
--- /dev/null
+++ b/src/chrome/content/rules/Security_Evaluators.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="Security Evaluators.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="securityevaluators.com" />
+	<target host="www.securityevaluators.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Security_Experten.com-falsemixed.xml b/src/chrome/content/rules/Security_Experten.com-falsemixed.xml
new file mode 100644
index 000000000000..1ffc6ea015a1
--- /dev/null
+++ b/src/chrome/content/rules/Security_Experten.com-falsemixed.xml
@@ -0,0 +1,30 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://securityexperten.com/ => https://www.securityexperten.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.securityexperten.com'")
+
+	For rules not causing false/broken MCB, see Security_Experten.com.xml.
+
+-->
+<ruleset name="Security Experten.com (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
+
+	<target host="securityexperten.com" />
+	<target host="*.securityexperten.com" />
+		<!--
+			Handled in Security_Experten.com.xml:
+							-->
+		<!--exclusion pattern="^http://www\.securityexperten\.com/(favicon\.ico|fileadmin/|typo3conf/|typo3temp/)" /-->
+
+
+	<securecookie host="^www\.securityexperten\.com$" name=".+" />
+
+
+	<!--	Server drops path:
+					-->
+	<rule from="^http://securityexperten\.com/.*"
+		to="https://www.securityexperten.com/" />
+
+	<rule from="^http://www\.securityexperten\.com/(?!favicon\.ico|fileadmin/|typo3conf/|typo3temp/)"
+		to="https://www.securityexperten.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Security_Experten.com.xml b/src/chrome/content/rules/Security_Experten.com.xml
new file mode 100644
index 000000000000..a06db1046187
--- /dev/null
+++ b/src/chrome/content/rules/Security_Experten.com.xml
@@ -0,0 +1,22 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.securityexperten.com/ => http://www.securityexperten.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.securityexperten.com'")
+
+	For rules causing false/broken MCB, see Security_Experten.com.xml.
+
+	For other G Data Software coverage, see G_Data_Software.xml.
+
+
+	^: mismatched
+
+-->
+<ruleset name="Security Experten.com (partial)" default_off="failed ruleset test">
+
+	<target host="www.securityexperten.com" />
+
+
+	<rule from="^http://www\.securityexperten\.com/(?=favicon\.ico|fileadmin/|typo3conf/|typo3temp/)"
+		to="https://www.securityexperten.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Security_Innovation.com.xml b/src/chrome/content/rules/Security_Innovation.com.xml
new file mode 100644
index 000000000000..8ccd2e604f62
--- /dev/null
+++ b/src/chrome/content/rules/Security_Innovation.com.xml
@@ -0,0 +1,33 @@
+<!--
+	Problematic hosts in *securityinnovation.com:
+
+		- blog *
+
+	* Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- securityinnovation.com
+		- www.securityinnovation.com
+
+-->
+<ruleset name="Security Innovation.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="securityinnovation.com" />
+	<target host="www.securityinnovation.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?securityinnovation\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^(?:www\.)?securityinnovation\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Security_Ledger.xml b/src/chrome/content/rules/Security_Ledger.xml
index 9c0348990688..51461d248982 100644
--- a/src/chrome/content/rules/Security_Ledger.xml
+++ b/src/chrome/content/rules/Security_Ledger.xml
@@ -1,4 +1,7 @@
 <!--
+	The Security Ledger
+
+
 	Mixed content:
 
 		- css on ^ from fonts.googleapis.com *
@@ -9,19 +12,22 @@
 
 			- ^ *
 			- d229cv0hj0jy0z.cloudfront.net *
+			- www.facebook.com *
 			- sucuri.net **
 
 	* Secured by us
 	** Unsecurable
 
 -->
-<ruleset name="The Security Ledger">
+<ruleset name="Security Ledger.com">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="securityledger.com" />
 	<target host="www.securityledger.com" />
 
 
-	<rule from="^http://(www\.)?securityledger\.com/"
-		to="https://$1securityledger.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Security_Mouse.com.xml b/src/chrome/content/rules/Security_Mouse.com.xml
new file mode 100644
index 000000000000..6aed185b7e85
--- /dev/null
+++ b/src/chrome/content/rules/Security_Mouse.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Mixed content:
+
+		- css from static.squarespace.com *
+
+		- Images from static.squarespace.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Security Mouse.com (false MCB)" platform="mixedcontent">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="securitymouse.com" />
+	<target host="www.securitymouse.com" />
+
+
+	<securecookie host="^\.securitymouse\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Security_in_a_Box.org.xml b/src/chrome/content/rules/Security_in_a_Box.org.xml
index 8d08ea1ebc28..2efa718ed7dc 100644
--- a/src/chrome/content/rules/Security_in_a_Box.org.xml
+++ b/src/chrome/content/rules/Security_in_a_Box.org.xml
@@ -1,13 +1,29 @@
+<!--
+	For other Tactical Technology coverage, see Tactical_Tech.org.xml.
+
+
+	Insecure cookies are set for these domains:
+
+		- .securityinabox.org
+
+-->
 <ruleset name="Security in a Box.org">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="securityinabox.org" />
-	<target host="*.securityinabox.org" />
+	<target host="info.securityinabox.org" />
+	<target host="www.securityinabox.org" />
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.securityinabox\.org$" name="^SESS[0-9a-f]{32}$" /-->
 
-	<securecookie host="^\.securityinabox\.org$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(www\.)?securityinabox\.org/"
-		to="https://$1securityinabox.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Securityheaders.com.xml b/src/chrome/content/rules/Securityheaders.com.xml
deleted file mode 100644
index b2d0497ce686..000000000000
--- a/src/chrome/content/rules/Securityheaders.com.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!-- This rule was automatically generated based on an HSTS
-     preload rule in the Chromium browser.  See
-     https://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.h
-     for the list of preloads.  Sites are added to the Chromium HSTS
-     preload list on request from their administrators, so HTTPS should
-     work properly everywhere on this site.
-
-     Because Chromium and derived browsers automatically force HTTPS for
-     every access to this site, this rule applies only to Firefox. -->
-<ruleset name="Securityheaders.com" platform="firefox">
-<target host="securityheaders.com" />
-
-<securecookie host="^securityheaders\.com$" name=".+" />
-
-<rule from="^http://securityheaders\.com/" to="https://securityheaders.com/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Securix.org.xml b/src/chrome/content/rules/Securix.org.xml
new file mode 100644
index 000000000000..d5f1539785f7
--- /dev/null
+++ b/src/chrome/content/rules/Securix.org.xml
@@ -0,0 +1,26 @@
+<!--
+	Mixed content:
+
+		- Images, from:
+
+			- www.gentoo.org ¹
+			- www.gnu.org ¹
+			- linuxconsult.fr ²
+			- www.security-portal.cz ¹
+
+	¹ Secured by us
+	² Unsecurable <= blank page
+
+-->
+<ruleset name="Securix.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="securix.org" />
+	<target host="www.securix.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Securosis.xml b/src/chrome/content/rules/Securosis.xml
index b1c15b37e9f3..ce01a2ec9e29 100644
--- a/src/chrome/content/rules/Securosis.xml
+++ b/src/chrome/content/rules/Securosis.xml
@@ -1,13 +1,30 @@
-<ruleset name="Securosis">
+<!--
+	Insecure cookies are set for these domains and hosts:
 
+		- securosis.com
+		- .securosis.com
+		- www.securosis.com
+		- .www.securosis.com
+
+-->
+<ruleset name="Securosis.com">
+
+	<!--	Direct rewrites:
+				-->
 	<target host="securosis.com" />
-	<target host="*.securosis.com" />
+	<target host="www.securosis.com" />
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?securosis\.com$" name="^___utmv[a-zA-Z]+$" /-->
+	<!--securecookie host="^\.(www\.)?securosis\.com$" name="^(exp_last_activity|exp_tracker)$" /-->
+	<!--securecookie host="^\.securosis\.com$" name="^(exp_last_visit|incap_ses_\d+_\d+|visid_incap_\d+)$" /-->
 
-	<securecookie host="^(?:www)?\.securosis\.com$" name=".+" />
+	<securecookie host="^(?:\.|\.?www\.)?securosis\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?securosis\.com/"
-		to="https://$1securosis.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Securus_Global.com.xml b/src/chrome/content/rules/Securus_Global.com.xml
new file mode 100644
index 000000000000..bee4fd0a75d9
--- /dev/null
+++ b/src/chrome/content/rules/Securus_Global.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="Securus Global.com">
+
+	<target host="securusglobal.com" />
+	<target host="www.securusglobal.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SecuryCast-Oy.xml b/src/chrome/content/rules/SecuryCast-Oy.xml
index bb540419535a..c8d41896c85b 100644
--- a/src/chrome/content/rules/SecuryCast-Oy.xml
+++ b/src/chrome/content/rules/SecuryCast-Oy.xml
@@ -1,7 +1,15 @@
-<ruleset name="SecuryCast Oy">
+<!--
+	SecuryCast Oy
+
+-->
+<ruleset name="SecuryCast.com">
+
+	<!--	Direct rewrites:
+				-->
 	<target host="securycast.com"/>
-	<target host="*.securycast.com"/>
+	<target host="images.securycast.com" />
+	<target host="www.securycast.com" />
 
-	<rule from="^http://((?:www|images)\.)?securycast\.com/"
-		to="https://$1securycast.com/"/>
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Secusmart.xml b/src/chrome/content/rules/Secusmart.xml
index 6bde8012b304..e830be0b5709 100644
--- a/src/chrome/content/rules/Secusmart.xml
+++ b/src/chrome/content/rules/Secusmart.xml
@@ -1,11 +1,25 @@
-<ruleset name="Secusmart">
-    <target host="secusmart.com" />
-    <target host="www.secusmart.com" />
+<!--
+	^secusmart.com: Mismatched
 
-    <securecookie host="^(.*\.)?secusmart\.com$" name=".+" />
 
-    <rule from="^https?://secusmart\.com/"
-        to="https://www.secusmart.com/" />
-    <rule from="^http://([^/:@]+)?\.secusmart\.com/"
-        to="https://$1.secusmart.com/" />
+	STS header includes includeSubDomains
+
+-->
+<ruleset name="Secusmart.com">
+
+	<target host="secusmart.com" />
+	<target host="*.secusmart.com" />
+
+		<test url="http://www.secusmart.com/" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://secusmart\.com/"
+		to="https://www.secusmart.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/Sedirekt.se.xml b/src/chrome/content/rules/Sedirekt.se.xml
new file mode 100644
index 000000000000..0c07ceddf4fc
--- /dev/null
+++ b/src/chrome/content/rules/Sedirekt.se.xml
@@ -0,0 +1,7 @@
+<ruleset name=".SE Direkt">
+	<target host="sedirekt.se" />
+	<target host="www.sedirekt.se" />
+	<target host="domanhanteraren.sedirekt.se" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Sedo-problematic.xml b/src/chrome/content/rules/Sedo-problematic.xml
index 3560035c53a8..443223f8032c 100644
--- a/src/chrome/content/rules/Sedo-problematic.xml
+++ b/src/chrome/content/rules/Sedo-problematic.xml
@@ -2,7 +2,7 @@
 	For rules that are on by default, see Sedo.com.xml.
 
 -->
-<ruleset name="Sedo (problematic)" default_off="expired">
+<ruleset name="Sedo.de (problematic)" default_off="expired">
 
 	<target host="cvs.sedo.de" />
 	<target host="dba.sedo.de" />
@@ -10,7 +10,7 @@
 	<target host="typo3.sedo.de" />
 
 
-	<rule from="^http://(cvs|dba|techoffice|typo3)\.sedo\.com/"
-		to="https://$1.sedo.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Sedo.co.uk.xml b/src/chrome/content/rules/Sedo.co.uk.xml
new file mode 100644
index 000000000000..f728e922cf5e
--- /dev/null
+++ b/src/chrome/content/rules/Sedo.co.uk.xml
@@ -0,0 +1,28 @@
+<!--
+	For other Sedo Holding coverage, see Sedo_Holding.com.xml.
+
+
+	Insecure cookies are set for these domains:
+
+		- .sedo.co.uk
+
+-->
+<ruleset name="Sedo.co.uk">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="sedo.co.uk" />
+	<target host="www.sedo.co.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.sedo\.co\.uk$" name="^session$" /-->
+
+	<securecookie host="^\.?sedo\.co\.uk$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Sedo.com.xml b/src/chrome/content/rules/Sedo.com.xml
index e78cd05884e1..4767a0a46ec6 100644
--- a/src/chrome/content/rules/Sedo.com.xml
+++ b/src/chrome/content/rules/Sedo.com.xml
@@ -1,96 +1,54 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://sc.sedo.com/ => https://sc.sedo.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
 	For problematic rules, see Sedo-problematic.xml.
 
 
-	Other Sedo rulesets: 
+	Other Sedo rulesets:
 
 		- Affili.net.xml
-		- Reussissonsensemble.fr.xml
-		- Sedo_Holding.com.xml
-
-
-	CDN buckets:
-
-		- sedo.cachefly.net
-
-			- img.sedoparking.com
-
-
-	Problematic domains:
-
-		- mail.sedo.com *
-
-		- sedo.de subdomains:
 
-			- cvs **
-			- dba **
-			- mail *
-			- techoffice **
-			- typo3 **
 
-		- (www.)sedo.fr		(works; mismatched, CN: www.sedo.de)
+	Problematic hosts in *sedo.com:
 
-	* Works; mismatched, CN: *.sedoholding.com
-	** Works, expired 2012-03-24
+		- mail *
 
+	* Mismatched
 
-	Fully covered domains:
 
-		- (www.)sedo.co.uk
-		- (www.)sedo.com
-		- mail.sedo.com		(→ mail.sedoholding.com)
+	Insecure cookies are set for these domains:
 
-		- sedo.de subdomains:
-
-			- (www.)
-			- backoffice
-			- mail		(→ mail.sedoholding.com)
-
-		- (www.)sedo.fr		(→ sedo.com)
-		- img.sedoparking.com	(→ sedo.cachefly.net)
-
-
-	Mixed content:
-
-		- Web bugs/ads, on:
-
-			- sedo.co.uk from www.tqlkg.com *
-			- sedo.com from banniere.reussissonsensemble.fr *
-			- sedo.de from ad2.adfarm1.adition.com *
-			- sedo.de from imagesrv.adition.com *
-
-	* Secured by us, and noone cares
+		- .sedo.com
 
 -->
-<ruleset name="Sedo.com">
+<ruleset name="Sedo.com" default_off="failed ruleset test">
 
-	<target host="sedo.co.uk" />
-	<target host="*.sedo.co.uk" />
+	<!--	Direct rewrites:
+				-->
 	<target host="sedo.com" />
-	<target host="*.sedo.com" />
-	<target host="sedo.de" />
-	<target host="*.sedo.de" />
-	<target host="sedo.fr" />
-	<target host="www.sedo.fr" />
-	<target host="img.sedoparking.com" />
+	<target host="api.sedo.com" />
+	<target host="cdn.sedo.com" />
+	<target host="sc.sedo.com" />
+	<target host="www.sedo.com" />
 
+	<!--	Complications:
+				-->
+	<target host="mail.sedo.com" />
 
-	<securecookie host="^\.?sedo\.(?:co\.uk|com|de)$" name=".+" />
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.sedo\.com$" name="^(?:cookielanguage|session)$" /-->
 
-	<rule from="^http://(www\.)?sedo\.(co\.uk|com|de)/"
-		to="https://$1sedo.$2/" />
+	<securecookie host="^\.?sedo\.com$" name=".+" />
 
-	<rule from="^http://mail\.sedo\.(?:com|de)/"
-		to="https://mail.sedoholding.com/" />
 
-	<rule from="^http://backoffice\.sedo\.de/"
-		to="https://backoffice.sedo.de/" />
-
-	<rule from="^http://(?:www\.)?sedo\.fr/"
-		to="https://sedo.com/fr/home/bienvenue" />
+	<rule from="^http://mail\.sedo\.com/"
+		to="https://mail.sedoholding.com/" />
 
-	<rule from="^http://img\.sedoparking\.com/"
-		to="https://sedo.cachefly.net/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Sedo.de.xml b/src/chrome/content/rules/Sedo.de.xml
new file mode 100644
index 000000000000..c7e85f5f4033
--- /dev/null
+++ b/src/chrome/content/rules/Sedo.de.xml
@@ -0,0 +1,54 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://backoffice.sedo.de/ => https://backoffice.sedo.de/: (6, 'Could not resolve host: backoffice.sedo.de')
+
+	For problematic rules, see Sedo-problematic.xml.
+
+	For other Sedo Holding coverage, see Sedo_Holding.com.xml.
+
+
+	Problematic hosts in *sedo.de:
+
+		- cvs **
+		- dba **
+		- mail *
+		- techoffice **
+		- typo3 **
+
+	* Works; mismatched, CN: *.sedoholding.com
+	** Works, expired 2012-03-24
+
+
+	Insecure cookies are set for these domains:
+
+		- .sedo.de
+
+-->
+<ruleset name="Sedo.de (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="sedo.de" />
+	<target host="backoffice.sedo.de" />
+	<target host="www.sedo.de" />
+
+	<!--	Complications:
+				-->
+	<target host="mail.sedo.de" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.sedo\.de$" name="^session$" /-->
+
+	<securecookie host="^\.?sedo\.de$" name=".+" />
+
+
+	<rule from="^http://mail\.sedo\.de/"
+		to="https://mail.sedoholding.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Sedo.fr.xml b/src/chrome/content/rules/Sedo.fr.xml
new file mode 100644
index 000000000000..fbba56fc7078
--- /dev/null
+++ b/src/chrome/content/rules/Sedo.fr.xml
@@ -0,0 +1,25 @@
+<!--
+	For other Sedo Holdings coverage, see Sedo_Holding.com.xml.
+
+
+	(www.)?sedo.fr: Mismatched
+
+-->
+<ruleset name="Sedo.fr">
+
+	<!--	Complications:
+				-->
+	<target host="sedo.fr" />
+	<target host="www.sedo.fr" />
+
+
+	<rule from="^http://(?:www\.)?sedo\.fr/$"
+		to="https://sedo.com/fr/?language=fr" />
+
+	<rule from="^http://(?:www\.)?sedo\.fr/"
+		to="https://sedo.com/" />
+
+		<test url="http://sedo.fr//" />
+		<test url="http://www.sedo.fr//" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Sedo_Holding.com.xml b/src/chrome/content/rules/Sedo_Holding.com.xml
deleted file mode 100644
index 796576c2e4c9..000000000000
--- a/src/chrome/content/rules/Sedo_Holding.com.xml
+++ /dev/null
@@ -1,27 +0,0 @@
-<!--
-	For other Sedo coverage, see Sedo.com.xml.
-
-
-	Nonfunctional subdomains:
-
-		- (www.)	(refused)
-
-
-	Fully covered subdomains:
-
-		- autodiscover
-		- mail
-
--->
-<ruleset name="Sedo Holding.com (partial)">
-
-	<target host="*.sedoholding.com" />
-
-
-	<securecookie host="^mail\.sedoholding\.com$" name=".+" />
-
-
-	<rule from="^http://(autodiscover|mail)\.sedoholding\.com/"
-		to="https://$1.sedoholding.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Sedo_Parking.com.xml b/src/chrome/content/rules/Sedo_Parking.com.xml
new file mode 100644
index 000000000000..cd3a1a184199
--- /dev/null
+++ b/src/chrome/content/rules/Sedo_Parking.com.xml
@@ -0,0 +1,24 @@
+<!--
+	For othe Sedo Holding coverage, see Sedo_Holding.com.xml.
+
+
+	CDN buckets:
+
+		- sedo.cachefly.net
+
+			- img.sedoparking.com
+
+-->
+<ruleset name="Sedo Parking.com">
+
+	<!--	Complications:
+				-->
+	<target host="img.sedoparking.com" />
+
+		<test url="http://img.sedoparking.com/templates/brick_gfx/common/logo_white.png" />
+
+
+	<rule from="^http://img\.sedoparking\.com/"
+		to="https://sedo.cachefly.net/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/See-Group.xml b/src/chrome/content/rules/See-Group.xml
index 18c7446f81a1..bf90a2288fa7 100644
--- a/src/chrome/content/rules/See-Group.xml
+++ b/src/chrome/content/rules/See-Group.xml
@@ -1,3 +1,7 @@
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://s.ststat.com/ => https://static.seetickets.com/: (6, 'Could not resolve host: s.ststat.com')
+-->
 <ruleset name="See Group (partial)">
 
 	<target host="seetickets.com"/>
@@ -6,7 +10,7 @@
 	<target host="www2.seetickets.com"/>
 	<target host="s.ststat.com"/>
 
-	<securecookie host="^www2\.seetickets\.com$" name=".*"/>
+	<securecookie host="^www2\.seetickets\.com$" name=".+" />
 
 	<!--	cert !valid for !www	-->
 	<rule from="^http://seetickets\.com/"
diff --git a/src/chrome/content/rules/Seecrypt.xml b/src/chrome/content/rules/Seecrypt.xml
index ff517e193a61..a15eeddf5da1 100644
--- a/src/chrome/content/rules/Seecrypt.xml
+++ b/src/chrome/content/rules/Seecrypt.xml
@@ -1,17 +1,34 @@
+
 <!--
-	!www: cert only matches www
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.seecrypt.com/ => https://www.seecrypt.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://seecrypt.com/ => https://seecrypt.com/: (60, 'SSL certificate problem: certificate has expired')
+
+	STS header includes includeSubDomains
+
+
+	Mixed content:
+
+		- Bug from piwik.seecrypt.net *
+
+	* Unsecurable <= dropped
 
 -->
-<ruleset name="Seecrypt">
+<ruleset name="Seecrypt.com" default_off="failed ruleset test">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="seecrypt.com" />
-	<target host="www.seecrypt.com" />
+	<target host="*.seecrypt.com" />
+
+		<test url="http://enterprise.seecrypt.com/" />
+		<test url="http://www.seecrypt.com/" />
 
 
-	<securecookie host="^www\.seecrypt\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?seecrypt\.com/"
-		to="https://www.seecrypt.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SeedProd.com.xml b/src/chrome/content/rules/SeedProd.com.xml
new file mode 100644
index 000000000000..0a7ecfc71a7f
--- /dev/null
+++ b/src/chrome/content/rules/SeedProd.com.xml
@@ -0,0 +1,36 @@
+<!--
+	Problematic hosts in *seedprod.com:
+
+		- support *
+
+	* Mismatched
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .seedprod.com
+		- support.seedprod.com
+		- www.seedprod.com
+
+-->
+<ruleset name="SeedProd.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="seedprod.com" />
+	<target host="www.seedprod.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^seedprod\.com$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^\.seedprod\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+	<!--securecookie host="^support\.seedprod\.com$" name="^PLAY_SESSION$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Seedboxes.cc.xml b/src/chrome/content/rules/Seedboxes.cc.xml
index 96585f30ee06..33c5bddb857d 100644
--- a/src/chrome/content/rules/Seedboxes.cc.xml
+++ b/src/chrome/content/rules/Seedboxes.cc.xml
@@ -7,7 +7,6 @@
 	<securecookie host="^(?:w*\.)?seedboxes\.cc$" name=".+" />
 
 
-	<rule from="^http://(www\.)?seedboxes\.cc/"
-		to="https://$1seedboxes.cc/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Seedr.xml b/src/chrome/content/rules/Seedr.xml
new file mode 100644
index 000000000000..229deec41e8b
--- /dev/null
+++ b/src/chrome/content/rules/Seedr.xml
@@ -0,0 +1,31 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://nl5.seedr.cc/ => https://nl5.seedr.cc/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://nl8.seedr.cc/ => https://nl8.seedr.cc/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	Fully covered subdomain:
+		- nl[3-12]
+		- www
+-->
+<ruleset name="Seedr" default_off="failed ruleset test">
+	<target host="seedr.cc" />
+	<target host="*.seedr.cc" />
+
+		<test url="http://nl3.seedr.cc/" />
+		<test url="http://nl4.seedr.cc/" />
+		<test url="http://nl5.seedr.cc/" />
+		<test url="http://nl6.seedr.cc/" />
+		<test url="http://nl7.seedr.cc/" />
+		<test url="http://nl8.seedr.cc/" />
+		<test url="http://nl9.seedr.cc/" />
+		<test url="http://nl10.seedr.cc/" />
+		<test url="http://nl11.seedr.cc/" />
+		<test url="http://nl12.seedr.cc/" />
+		<test url="http://www.seedr.cc/" />
+
+	<securecookie host="^.*\.seedr\.cc$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Seedrs.xml b/src/chrome/content/rules/Seedrs.xml
new file mode 100644
index 000000000000..246159f83540
--- /dev/null
+++ b/src/chrome/content/rules/Seedrs.xml
@@ -0,0 +1,17 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://learn.seedrs.com/ => https://learn.seedrs.com/: (6, 'Could not resolve host: learn.seedrs.com')
+
+-->
+<ruleset name="Seedrs" default_off="failed ruleset test">
+	<target host=       "seedrs.com" />
+	<target host=   "www.seedrs.com" />
+	<target host= "learn.seedrs.com" />
+	<target host="assets.seedrs.com" />
+
+  	<securecookie host="^.*\.seedrs\.com$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Seeed_Studio.com.xml b/src/chrome/content/rules/Seeed_Studio.com.xml
new file mode 100644
index 000000000000..480d0c65b992
--- /dev/null
+++ b/src/chrome/content/rules/Seeed_Studio.com.xml
@@ -0,0 +1,45 @@
+<!--
+	Insecure cookies are set for these domains: ᶜ
+
+		- .seeedstudio.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css, on:
+
+			- (www.)? from maxcdn.bootstrapcdn.com ˢ
+			- (www.)? from statics3.seeedstudio.com ˢ
+
+		- Images on (www.)? from statics3.seeedstudio.com ˢ
+		- Bug on (www.)? from www.googleadservices.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Seeed Studio.com" platform="mixedcontent">
+
+	<target host="seeedstudio.com" />
+	<target host="statics3.seeedstudio.com" />
+	<target host="www.seeedstudio.com" />
+
+		<test url="http://statics3.seeedstudio.com/seeed/img/2016-08/ZA75yx6E5LbxOQ4FIvyfXwip.jpg" />
+
+		<!--	Mixed css, images, bug:
+						-->
+		<!--test url="http://www.seeedstudio.com/depot/index.php?main_page=support" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.seeedstudio\.com$" name="^zenid$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SeekingArrangement.com.xml b/src/chrome/content/rules/SeekingArrangement.com.xml
new file mode 100644
index 000000000000..cec003aaec89
--- /dev/null
+++ b/src/chrome/content/rules/SeekingArrangement.com.xml
@@ -0,0 +1,17 @@
+<ruleset name="SeekingArrangement.com">
+
+	<target host="seekingarrangement.com" />
+	<target host="www.seekingarrangement.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.seekingarrangement\.com$" name="^dACCOUNT$" /-->
+	<!--securecookie host="^www\.seekingarrangement\.com$" name="^sa_language$" /-->
+
+	<securecookie host="^(?:www)?\.seekingarrangement\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Seeks_Project.xml b/src/chrome/content/rules/Seeks_Project.xml
deleted file mode 100644
index 8b5fa102864b..000000000000
--- a/src/chrome/content/rules/Seeks_Project.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- redmine	(shows www)
-
-
-	- Cert is only valid for ^seeks-project.info
-	- ^ redirects to www
-
--->
-<ruleset name="Seeks Project (partial)" default_off="mismatched, self-signed">
-
-	<target host="seeks-project.info" />
-	<target host="www.seeks-project.info" />
-
-
-	<rule from="^http://(?:www\.)?seeks-project\.info/"
-		to="https://www.seeks-project.info/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/SegPay.xml b/src/chrome/content/rules/SegPay.xml
index 3ecc54d5ec40..da36a6cd5502 100644
--- a/src/chrome/content/rules/SegPay.xml
+++ b/src/chrome/content/rules/SegPay.xml
@@ -1,15 +1,46 @@
+<!--
+	Problematic hosts:
+
+		- segpaychat.com *
+		- www.segpaychat.com *
+		- www.segpaycs.com *
+
+	* Mismatched
+
+-->
 <ruleset name="SegPay (partial)">
 
+	<!--	Direct rewrites:
+				-->
+	<target host="segpay.com"/>
+	<target host="cs.segpay.com"/>
 	<target host="my.segpay.com"/>
+	<target host="sa.segpay.com"/>
+	<target host="secure2.segpay.com"/>
+	<target host="www.segpay.com"/>
+
 	<target host="segpaycs.com"/>
-	<target host="www.segpaycs.com"/>
+
+	<!--	Complications:
+				-->
 	<target host="segpaychat.com"/>
 	<target host="www.segpaychat.com"/>
+	<target host="www.segpaycs.com"/>
+
+
+	<!--	Redirect drops path, args,
+		and forward slash:
+					-->
+	<rule from="^http://(?:www\.)?segpaychat\.com/.*"
+		to="https://cs.segpay.com/chat.html"/>
+
+		<test url="http://segpaychat.com//" />
+		<test url="http://www.segpaychat.com//" />
 
-	<rule from="^http://my\.segpay\.com/"
-		to="https://my.segpay.com/"/>
+	<rule from="^http://www\.segpaycs\.com/"
+		to="https://segpaycs.com/"/>
 
-	<rule from="^http://(?:www\.)?segpayc(hat|s)\.com/"
-		to="https://segpayc$1.com/"/>
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Segger.com.xml b/src/chrome/content/rules/Segger.com.xml
new file mode 100644
index 000000000000..ff0e773dc00c
--- /dev/null
+++ b/src/chrome/content/rules/Segger.com.xml
@@ -0,0 +1,21 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://segger.com/ => https://segger.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	Mixed content:
+
+		- Images from www *
+
+	* Secured by us
+
+-->
+<ruleset name="Segger.com" default_off="failed ruleset test">
+
+	<target host="segger.com" />
+	<target host="www.segger.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Segment.io.xml b/src/chrome/content/rules/Segment.io.xml
new file mode 100644
index 000000000000..26a14aead96e
--- /dev/null
+++ b/src/chrome/content/rules/Segment.io.xml
@@ -0,0 +1,10 @@
+<ruleset name="Segment.io">
+
+	<target host="segment.io" />
+	<target host="www.segment.io" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Segment.xml b/src/chrome/content/rules/Segment.xml
new file mode 100644
index 000000000000..5a841d4b666b
--- /dev/null
+++ b/src/chrome/content/rules/Segment.xml
@@ -0,0 +1,23 @@
+<ruleset name="Segment">
+
+	<target host="segment.com" />
+	<target host="cdn.segment.com" />
+	<target host="help.segment.com" />
+
+	<!--	refused
+	<target host="registry.segment.com" />
+	<target host="stage.segment.com" />
+					-->
+
+	<target host="www.segment.com" />
+
+	<target host="api.segment.io" />
+
+	<!--	time out
+	<target host="counters.segment.io" />
+					-->
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Segmentfault.com.xml b/src/chrome/content/rules/Segmentfault.com.xml
new file mode 100644
index 000000000000..43122d236a40
--- /dev/null
+++ b/src/chrome/content/rules/Segmentfault.com.xml
@@ -0,0 +1,4 @@
+<ruleset name="Segment Fault">
+	<target host="segmentfault.com" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Seguros_Universales.xml b/src/chrome/content/rules/Seguros_Universales.xml
index 1920ab3a860c..571690701e4c 100644
--- a/src/chrome/content/rules/Seguros_Universales.xml
+++ b/src/chrome/content/rules/Seguros_Universales.xml
@@ -1,3 +1,7 @@
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://segurosuniversales.net/ => https://www.segurosuniversales.net/: Cycle detected - URL already encountered: https://www.segurosuniversales.net/
+-->
 <ruleset name="Seguros Universales">
 
 	<target host="segurosuniversales.net" />
@@ -15,4 +19,4 @@
 	<rule from="^http://www\.segurosuniversales\.net/"
 		to="https://www.segurosuniversales.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Sehirfirsati.xml b/src/chrome/content/rules/Sehirfirsati.xml
index 5f1e64bec026..3e67427e1d15 100644
--- a/src/chrome/content/rules/Sehirfirsati.xml
+++ b/src/chrome/content/rules/Sehirfirsati.xml
@@ -1,12 +1,20 @@
-<ruleset name="Sehirfirsati">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.sehirfirsati.com/ => https://www.sehirfirsati.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.sehirfirsati.com'")
+Fetch error: http://sehirfirsati.com/ => https://www.sehirfirsati.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.sehirfirsati.com'")
+Fetch error: http://static.sehirfirsati.com/ => https://static.sehirfirsati.com/: (51, "SSL: no alternative certificate subject name matches target host name 'static.sehirfirsati.com'")
+
+-->
+<ruleset name="Sehirfirsati" default_off="failed ruleset test">
   <target host="www.sehirfirsati.com" />
   <target host="sehirfirsati.com" />
   <target host="static.sehirfirsati.com" />
   <target host="render.groupon-content.net" />
 
-  <securecookie host="^(.*\.)?sehirfirsati\.com$" name=".*" />
+  <securecookie host="^(?:.*\.)?sehirfirsati\.com$" name=".+" />
 
-  <rule from="^http://(www\.)?sehirfirsati\.com/" to="https://www.sehirfirsati.com/" />
+  <rule from="^http://(?:www\.)?sehirfirsati\.com/" to="https://www.sehirfirsati.com/" />
   <rule from="^http://static\.sehirfirsati\.com/" to="https://static.sehirfirsati.com/" />
   <rule from="^http://render\.groupon-content\.net/" to="https://render.groupon-content.net/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Sekindo.com.xml b/src/chrome/content/rules/Sekindo.com.xml
new file mode 100644
index 000000000000..48201d1e97d3
--- /dev/null
+++ b/src/chrome/content/rules/Sekindo.com.xml
@@ -0,0 +1,43 @@
+<!--
+	Cert mismatch:
+		- backend3.sekindo.com
+		- dmexco.sekindo.com
+		- frontend.sekindo.com
+		- frontend1.sekindo.com
+		- wptest.sekindo.com
+
+	Chain issues:
+		- lyncdiscover.sekindo.com
+		- meet.sekindo.com
+		- sfbweb.sekindo.com
+
+	Connection refused:
+		- backend1.sekindo.com
+		- backend2.sekindo.com
+
+	Timeout:
+		- archive1.sekindo.com
+
+	TLS error:
+		- sip.sekindo.com
+
+
+-->
+<ruleset name="Sekindo.com">
+
+	<target host="sekindo.com" />
+	<target host="www.sekindo.com" />
+
+	<target host="console.sekindo.com" />
+	<target host="dist.sekindo.com" />
+	<target host="hb.sekindo.com" />
+	<target host="live.sekindo.com" />
+	<target host="vast.sekindo.com" />
+	<target host="video.sekindo.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SektionEins.de.xml b/src/chrome/content/rules/SektionEins.de.xml
new file mode 100644
index 000000000000..3eee4ffaed85
--- /dev/null
+++ b/src/chrome/content/rules/SektionEins.de.xml
@@ -0,0 +1,9 @@
+<ruleset name="SektionEins.de">
+
+	<target host="sektioneins.de" />
+	<target host="www.sektioneins.de" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Selangorku.xml b/src/chrome/content/rules/Selangorku.xml
index cd3ff5515f32..28f3cde40da5 100644
--- a/src/chrome/content/rules/Selangorku.xml
+++ b/src/chrome/content/rules/Selangorku.xml
@@ -1,13 +1,25 @@
-<ruleset name="Selangorku">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://selangorku.com/ => https://selangorku.com/: (51, "SSL: no alternative certificate subject name matches target host name 'selangorku.com'")
+Fetch error: http://www.selangorku.com/ => https://www.selangorku.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.selangorku.com'")
+
+-->
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://selangorku.com/ => https://selangorku.com/: (60, 'SSL certificate problem: self signed certificate')
+
+-->
+<ruleset name="Selangorku" default_off="failed ruleset test">
 
 	<target host="selangorku.com" />
-	<target host="*.selangorku.com" />
+	<target host="www.selangorku.com" />
 
 
-	<securecookie host="^(?:.*\.)?selangorku\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(www\.)?selangorku\.com/"
-		to="https://$1selangorku.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Selectricity.xml b/src/chrome/content/rules/Selectricity.xml
index 3dbc548f23e5..96302f56b75c 100644
--- a/src/chrome/content/rules/Selectricity.xml
+++ b/src/chrome/content/rules/Selectricity.xml
@@ -1,23 +1,9 @@
-<!--
-	Nonfunctional subdomains:
-
-		- blog		(shows www)
-
-
-	- Expired 2010-12-27
-	- Cert only matches ^selectricity.org
-
--->
-<ruleset name="Selectricity (partial)" default_off="expired, self-signed">
-
+<ruleset name="Selectricity">
 	<target host="selectricity.org" />
 	<target host="www.selectricity.org" />
+	<target host="blog.selectricity.org" />
 
+	<securecookie host=".+" name=".+" />
 
-	<securecookie host="^selectricity\.org$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?selectricity\.org/"
-		to="https://selectricity.org/" />
-
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SelfAuthoring.com.xml b/src/chrome/content/rules/SelfAuthoring.com.xml
new file mode 100644
index 000000000000..f631a5d692ca
--- /dev/null
+++ b/src/chrome/content/rules/SelfAuthoring.com.xml
@@ -0,0 +1,13 @@
+<!--
+	Mismatched:
+		- mail
+-->
+
+<ruleset name="SelfAuthoring.com">
+	<target host="selfauthoring.com" />
+	<target host="www.selfauthoring.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Selfhost.de.xml b/src/chrome/content/rules/Selfhost.de.xml
deleted file mode 100644
index c36370734a53..000000000000
--- a/src/chrome/content/rules/Selfhost.de.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="selfhost.de">
-
-	<target host="selfhost.de"/>
-	<target host="*.selfhost.de"/>
-
-	<rule from="^http://(?:www\.)?selfhost\.de/" to="https://selfhost.de/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Selfridges.com.xml b/src/chrome/content/rules/Selfridges.com.xml
index 25af3c4bd589..8a6189a7b859 100644
--- a/src/chrome/content/rules/Selfridges.com.xml
+++ b/src/chrome/content/rules/Selfridges.com.xml
@@ -1,7 +1,7 @@
 <!--
 	Nonfunctional subdomains:
 
-		- press		(prints "currently down for maintainence")
+		- press		(prints "currently down for maintenance")
 		- style		(refused)
 
 
@@ -14,13 +14,13 @@
 <ruleset name="Selfridges.com (partial)">
 
 	<target host="selfridges.com" />
-	<target host="*.selfridges.com" />
+	<target host="images.selfridges.com" />
+	<target host="www.selfridges.com" />
 
 
 	<securecookie host="^www\.selfridges\.com$" name=".+" />
 
 
-	<rule from="^http://(images\.|www\.)?selfridges\.com/"
-		to="https://$1selfridges.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Sellaband.com.xml b/src/chrome/content/rules/Sellaband.com.xml
index c06dc88464d6..dfcf91db1f7e 100644
--- a/src/chrome/content/rules/Sellaband.com.xml
+++ b/src/chrome/content/rules/Sellaband.com.xml
@@ -1,9 +1,23 @@
-<ruleset name="Sellaband.com (partial)">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://sellaband.com/ => https://sellaband.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+-->
+<ruleset name="Sellaband.com (partial)" default_off="failed ruleset test">
 
 	<target host="sellaband.com"/>
-	<target host="*.sellaband.com"/>
+	<target host="www.sellaband.com" />
+	<target host="alternative.sellaband.com" />
+	<target host="electronic.sellaband.com" />
+	<target host="hiphop.sellaband.com" />
+	<target host="pop.sellaband.com" />
+	<target host="rnb.sellaband.com" />
+	<target host="rock.sellaband.com" />
+	<target host="world.sellaband.com" />
+	<target host="support.sellaband.com" />
 
-	<securecookie host="^(.*\.)?sellaband\.com$" name=".*"/>
+	<securecookie host=".+" name=".+"/>
 
 	<rule from="^http://(www\.)?sellaband\.com/"
 		to="https://$1sellaband.com/"/>
diff --git a/src/chrome/content/rules/Selz.com.xml b/src/chrome/content/rules/Selz.com.xml
new file mode 100644
index 000000000000..1a99ca3340e6
--- /dev/null
+++ b/src/chrome/content/rules/Selz.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .selz.com
+
+-->
+<ruleset name="Selz.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="selz.com" />
+	<target host="www.selz.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.selz\.com$" name="^__RequestVerificationToken$" /-->
+
+	<securecookie host="^\.selz\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SemanticScholar.org.xml b/src/chrome/content/rules/SemanticScholar.org.xml
new file mode 100644
index 000000000000..4b5a635dbdbe
--- /dev/null
+++ b/src/chrome/content/rules/SemanticScholar.org.xml
@@ -0,0 +1,21 @@
+<!--
+	Time out:
+		assets.semanticscholar.org
+		banner.semanticscholar.org
+
+-->
+<ruleset name="SemanticScholar.org">
+
+	<target host="semanticscholar.org" />
+	<target host="www.semanticscholar.org" />
+	<target host="api.semanticscholar.org" />
+	<target host="blog.semanticscholar.org" />
+	<target host="citeomatic.semanticscholar.org" />
+	<target host="labs.semanticscholar.org" />
+	<target host="open.semanticscholar.org" />
+	<target host="pdfs.semanticscholar.org" />
+		<test url="http://pdfs.semanticscholar.org/02b6/d8d8fd54fda1702e894374b5b62cc9ed9eba.pdf" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Semaphoreci.com.xml b/src/chrome/content/rules/Semaphoreci.com.xml
new file mode 100644
index 000000000000..27eb702d66c7
--- /dev/null
+++ b/src/chrome/content/rules/Semaphoreci.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="Semaphoreci.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="semaphoreci.com" />
+	<target host="www.semaphoreci.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Semasio.net.xml b/src/chrome/content/rules/Semasio.net.xml
new file mode 100644
index 000000000000..27c32ba2c9ae
--- /dev/null
+++ b/src/chrome/content/rules/Semasio.net.xml
@@ -0,0 +1,28 @@
+<!--
+	Cert mismatch:
+		- lyncdiscover.semasio.com
+		- sip.semasio.com
+
+	Self-signed cert
+		- (www.)semasio.com
+		- labs.semasio.com
+		- wiki.semasio.net
+
+-->
+<ruleset name="Semasio (partial)">
+
+	<target host="asa.semasio.net" />
+	<target host="asa1.semasio.net" />
+	<target host="asa2.semasio.net" />
+	<target host="me.semasio.net" />
+	<target host="meus.semasio.net" />
+	<target host="opt.semasio.net" />
+	<target host="uip.semasio.net" />
+	<target host="uipau.semasio.net" />
+	<target host="uipglob.semasio.net" />
+	<target host="uipus.semasio.net" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SemiAccurate.com.xml b/src/chrome/content/rules/SemiAccurate.com.xml
new file mode 100644
index 000000000000..9ce07512aca2
--- /dev/null
+++ b/src/chrome/content/rules/SemiAccurate.com.xml
@@ -0,0 +1,9 @@
+<!--
+	For other Stone Arch related rulesets, see StoneArch.net.xml
+-->
+<ruleset name="SemiAccurate.com (partial)">
+	<target host="semiaccurate.com" />
+	<target host="www.semiaccurate.com" />
+	
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SemiAccurate.xml b/src/chrome/content/rules/SemiAccurate.xml
deleted file mode 100644
index dc990ca3cde3..000000000000
--- a/src/chrome/content/rules/SemiAccurate.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	NB: www.stonearch.net shows semiaccurate.com over http.
-
--->
-<ruleset name="SemiAccurate">
-
-	<target host="semiaccurate.com" />
-	<target host="*.semiaccurate.com" />
-	<target host="www.stonearch.net" />
-
-
-	<securecookie host="^(?:.*\.)?semiaccurate\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?s(?:emiaccurate\.com|tonearch\.net)/"
-		to="https://$1semiaccurate.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Senate-Of-Poland.xml b/src/chrome/content/rules/Senate-Of-Poland.xml
new file mode 100644
index 000000000000..1d091aeb9fae
--- /dev/null
+++ b/src/chrome/content/rules/Senate-Of-Poland.xml
@@ -0,0 +1,29 @@
+<!--
+	Timeout:
+		- ie.senat.gov.pl
+		- ww.senat.gov.pl
+
+	Mismatch:
+		- proces.senat.edu.pl
+		- edukacja.senat.edu.pl
+		- edu2011.senat.edu.pl
+		- wycieczka.senat.edu.pl
+		- prawaiobowiazkisenatora.senat.edu.pl
+		- www.kalendarium.senat.gov.pl
+		- www.kalendarium.senat.edu.pl
+-->
+<ruleset name="Senate of Poland (partial)">
+
+	<target host="senat.gov.pl" />
+	<target host="www.senat.gov.pl" />
+	<target host="edukacja.senat.gov.pl" />
+
+	<target host="senat.edu.pl" />
+	<target host="www.senat.edu.pl" />
+
+	<rule from="^http://edukacja\.senat\.gov\.pl/"
+		to="https://senat.edu.pl/" />
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Senate.gov.xml b/src/chrome/content/rules/Senate.gov.xml
deleted file mode 100644
index 3cd8c0a5f73d..000000000000
--- a/src/chrome/content/rules/Senate.gov.xml
+++ /dev/null
@@ -1,28 +0,0 @@
-<!--
-	For other US government coverage, see US-government.xml.
-
--->
-<ruleset name="Senate.gov">
-
-	<target host="senate.gov" />
-	<target host="*.senate.gov" />
-	<target host="www.*.senate.gov" />
-
-
-	<securecookie host="^www\.\w+\.senate\.gov$" name=".*" />
-
-
-	<rule from="^http://((?:sopr|www)\.)?senate\.gov/"
-		to="https://$1senate.gov/" />
-
-	<!--	- Unique subdomains for each Senator
-		- !www doesn't work over https
-		- !www redirects to www over http
-
-		NB: All other subdomains must be covered above or excluded.
-				-->
-	<rule from="^http://(?:www\.)?(?!senate\.g)(\w+)\.senate\.gov/"
-		to="https://www.$1.senate.gov/" />
-
-</ruleset>
-
diff --git a/src/chrome/content/rules/Senate_of_the_Philippines.xml b/src/chrome/content/rules/Senate_of_the_Philippines.xml
index 22d175d17ad7..5c2a97834b50 100644
--- a/src/chrome/content/rules/Senate_of_the_Philippines.xml
+++ b/src/chrome/content/rules/Senate_of_the_Philippines.xml
@@ -1,13 +1,14 @@
-<ruleset name="Senate of the Philippines" default_off="self-signed">
+<ruleset name="Senate of the Philippines">
 
 	<target host="senate.gov.ph" />
 	<target host="www.senate.gov.ph" />
+	<target host="janus.senate.gov.ph" />
 
 
 	<securecookie host="^senate\.gov\.ph$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?senate\.gov\.ph/"
-		to="https://senate.gov.ph/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Sencha.xml b/src/chrome/content/rules/Sencha.xml
index 8625402665be..23bbddbcfac2 100644
--- a/src/chrome/content/rules/Sencha.xml
+++ b/src/chrome/content/rules/Sencha.xml
@@ -1,4 +1,11 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://img1.sencha.com/ => https://img1.sencha.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://manage.sencha.com/ => https://manage.sencha.com/: (6, 'Could not resolve host: manage.sencha.com')
+Non-2xx HTTP code: http://cdn.sencha.com/ (200) => https://extjs.cachefly.net/ (404)
+Non-2xx HTTP code: http://cdn.sencha.io/ (200) => https://extjs.cachefly.net/ (404)
+
 	CDN buckets:
 
 		- extjs.cachefly.net
@@ -9,37 +16,73 @@
 		- i2.wp.com/www.sencha.com/
 
 
-	Nonfunctional domains:
-
-		- docs.sencha.com	(shows www, valid cert)
-
-
 	Problematic domains:
 
-		- sencha.com		(times out)
+		- sencha.com ¹
 		- cdn.sencha.com *
 		- cdn.sencha.io *
 
+	¹ Refused
 	* Cachefly
 
+
+	Insecure cookies are set for these domains:
+
+		- .sencha.com
+		- .manage.sencha.com
+
 -->
-<ruleset name="Sencha (partial)">
+<ruleset name="Sencha (partial)" default_off="failed ruleset test">
 
+	<!--	Direct rewrites:
+				-->
+	<target host="docs.sencha.com" />
+	<target host="img1.sencha.com" />
+	<target host="manage.sencha.com" />
+	<target host="www.sencha.com" />
+
+	<!--	Complications:
+				-->
 	<target host="sencha.com" />
-	<target host="*.sencha.com" />
+	<target host="cdn.sencha.com" />
+
 	<target host="cdn.sencha.io" />
 
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.sencha\.com/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.sencha\.com/+(?!forum/|wp-content/)" />
 
-	<securecookie host="^\.?www\.sencha\.com$" name=".+" />
+			<!--	+ve:
+					-->
+			<test url="http://www.sencha.com/company/" />
+			<test url="http://www.sencha.com/products/extjs/" />
+			<test url="http://www.sencha.com/products/touch/download/" />
 
+			<!--	-ve:
+					-->
+			<test url="http://www.sencha.com/forum/" />
+			<test url="http://www.sencha.com/wp-content/themes/sencha/images/logo.svg" />
 
-	<rule from="^http://(?:www\.)?sencha\.com/"
-		to="https://www.sencha.com/" />
 
-	<rule from="^http://img1\.sencha\.com/"
-		to="https:///img1.sencha.com/" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.sencha\.com$" name="^bb_sessionhash$" /-->
+	<!--securecookie host="^\.manage\.sencha\.com$" name="^ARRAffinity$" /-->
+
+	<securecookie host="^\.manage\.sencha\.com$" name=".+" />
+
+
+	<rule from="^http://sencha\.com/"
+		to="https://www.sencha.com/" />
 
 	<rule from="^http://cdn\.sencha\.(?:com|io)/"
 		to="https://extjs.cachefly.net/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SendGrid.com.xml b/src/chrome/content/rules/SendGrid.com.xml
index 880e497112ac..a5f5beac81ec 100644
--- a/src/chrome/content/rules/SendGrid.com.xml
+++ b/src/chrome/content/rules/SendGrid.com.xml
@@ -1,30 +1,48 @@
+
 <!--
-		- sendgrid.zendesk.com
+Disabled by https-everywhere-checker because:
+Fetch error: http://community.sendgrid.com/ => https://community.sendgrid.com/: (51, "SSL: no alternative certificate subject name matches target host name 'community.sendgrid.com'")
+
+	Nonfunctional hosts in *sendgrid.com:
+
+		- labs *
 
-			- support
+	* Refused
 
 
-	Problematic subdomains:
+	These altnames don't exist:
 
-		- assets[1-4]	(mismatched, CN: sendgrid.com)
-		- support	(pages redirect to http, zendesk)
+		- www.community.sendgrid.com
+		- www.support.sendgrid.com
 
 
-	Some pages redirect to http.
+	Insecure cookies are set for these domains:
+
+		- .sendgrid.com
 
 -->
-<ruleset name="SendGrid.com (partial)">
+<ruleset name="SendGrid.com (partial)" default_off="failed ruleset test">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="sendgrid.com" />
-	<target host="*.sendgrid.com" />
-		<!--exclusion pattern="^http://(www\.)?sendgrid\.com/($|\?|newsletter/getSubscriptionWidget)" /-->
-		<exclusion pattern="^http://(?:www\.)?sendgrid\.com/(?!assets_ca/|favicon\.ico|(?:femr/turn_iframe|user)(?:$|[?/])|images/|mkt/assets/)" />
+	<target host="assets1.sendgrid.com" />
+	<target host="assets2.sendgrid.com" />
+	<target host="assets3.sendgrid.com" />
+	<target host="assets4.sendgrid.com" />
+	<target host="community.sendgrid.com" />
+	<target host="support.sendgrid.com" />
+	<target host="www.sendgrid.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.sendgrid\.com$" name="^(__cfduid|cf_clearance)$" /-->
 
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(?:assets\d\.|(www\.))?sendgrid\.com/"
-		to="https://$1sendgrid.com/" />
 
-	<rule from="^http://support\.sendgrid\.com/(assets/|favicon\.ico|system/)"
-		to="https://assets.zendesk.com/$1" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SendMoneyToSchool.com.xml b/src/chrome/content/rules/SendMoneyToSchool.com.xml
new file mode 100644
index 000000000000..a6fbc0cb29f8
--- /dev/null
+++ b/src/chrome/content/rules/SendMoneyToSchool.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="SendMoneyToSchool.com">
+
+	<target host="sendmoneytoschool.com" />
+	<target host="manage.sendmoneytoschool.com" />
+	<target host="www.sendmoneytoschool.com" />
+
+	<securecookie host="^(manage|www)\.sendmoneytoschool\.com$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SendPepper.com.xml b/src/chrome/content/rules/SendPepper.com.xml
new file mode 100644
index 000000000000..7afceb017163
--- /dev/null
+++ b/src/chrome/content/rules/SendPepper.com.xml
@@ -0,0 +1,19 @@
+<!--
+	CN: *.ontraport.com
+
+
+	Mixed content:
+
+		- Image from ^
+
+-->
+<ruleset name="SendPepper.com" default_off="expired, mismatched">
+
+	<target host="sendpepper.com" />
+	<target host="www.sendpepper.com" />
+
+
+	<rule from="^http://(?:www\.)?sendpepper\.com/"
+		to="https://sendpepper.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SendYourFiles.com.xml b/src/chrome/content/rules/SendYourFiles.com.xml
deleted file mode 100644
index db16a3764dc5..000000000000
--- a/src/chrome/content/rules/SendYourFiles.com.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)	(redirects to secure.dilbertfiles.com; mismatched, CN: *.dilbertfiles.com)
-
--->
-<ruleset name="SendYourFiles.org (partial)">
-
-	<target host="secure.sendyourfiles.com" />
-
-
-	<securecookie host="^secure\.sendyourfiles\.com$" name=".+" />
-
-
-	<rule from="^http://secure\.sendyourfiles\.com/"
-		to="https://secure.sendyourfiles.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/SenderScore.org.xml b/src/chrome/content/rules/SenderScore.org.xml
new file mode 100644
index 000000000000..ef311c144119
--- /dev/null
+++ b/src/chrome/content/rules/SenderScore.org.xml
@@ -0,0 +1,31 @@
+<!--
+	For other Return Path coverage, see Return_Path.com.xml.
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- senderscore.org
+		- .senderscore.org
+		- www.senderscore.org
+
+-->
+<ruleset name="SenderScore.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="senderscore.org" />
+	<target host="www.senderscore.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?senderscore\.org$" name="^^(BIGipServer[\w-]+|ss_lookup)$" /-->
+	<!--securecookie host="^\.senderscore\.org$" name="^RPID$" /-->
+
+	<securecookie host="^(?:\.|www\.)?senderscore\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Sendmail.xml b/src/chrome/content/rules/Sendmail.xml
index 2b8fa38f8a48..ee8ee480b2ee 100644
--- a/src/chrome/content/rules/Sendmail.xml
+++ b/src/chrome/content/rules/Sendmail.xml
@@ -2,5 +2,5 @@
   <target host="sendmail.com" />
   <target host="www.sendmail.com" />
 
-  <rule from="^http://(?:www\.)?sendmail\.com/" to="https://www.sendmail.com/"/>
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Sendmoments.com.xml b/src/chrome/content/rules/Sendmoments.com.xml
new file mode 100644
index 000000000000..822d2109f907
--- /dev/null
+++ b/src/chrome/content/rules/Sendmoments.com.xml
@@ -0,0 +1,16 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ck.sendmoments.com/ => https://ck.sendmoments.com/: Too many redirects while fetching 'https://ck.sendmoments.com/'
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://ck.sendmoments.com/ => https://ck.sendmoments.com/: Cycle detected - URL already encountered: http://ck.sendmoments.com
+-->
+<ruleset name="sendmoments.com (partial)" default_off="failed ruleset test">
+
+	<target host="ck.sendmoments.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Sendspace.com.xml b/src/chrome/content/rules/Sendspace.com.xml
new file mode 100644
index 000000000000..c4a91ff159b3
--- /dev/null
+++ b/src/chrome/content/rules/Sendspace.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="sendspace.com">
+
+	<target host="sendspace.com" />
+	<target host="www.sendspace.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Sendvid.com.xml b/src/chrome/content/rules/Sendvid.com.xml
new file mode 100644
index 000000000000..01082e7e0d62
--- /dev/null
+++ b/src/chrome/content/rules/Sendvid.com.xml
@@ -0,0 +1,34 @@
+<!--
+	Nonfunctional hosts in *sendvid.com:
+
+		- support *
+
+	* Desk.com
+
+
+	Insecure cookies are set for these hosts:
+
+		- sendvid.com
+		- 2.sendvid.com
+
+-->
+<ruleset name="Sendvid.com (partial)">
+
+	<!--	Direct rewrites;
+				-->
+	<target host="sendvid.com" />
+	<target host="2.sendvid.com" />
+	<target host="www.sendvid.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:2\.)?sendvid\.com$" name="^_sendvid_session$" /-->
+
+	<securecookie host="^(?:2\.)?sendvid\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SensePost.com.xml b/src/chrome/content/rules/SensePost.com.xml
new file mode 100644
index 000000000000..41a677d43024
--- /dev/null
+++ b/src/chrome/content/rules/SensePost.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="SensePost.com">
+  <target host="sensepost.com" />
+  <target host="www.sensepost.com" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Sensiolabs.com.xml b/src/chrome/content/rules/Sensiolabs.com.xml
new file mode 100644
index 000000000000..670a3a5d82df
--- /dev/null
+++ b/src/chrome/content/rules/Sensiolabs.com.xml
@@ -0,0 +1,28 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://support.sensiolabs.com/ => https://support.sensiolabs.com/: Too many redirects while fetching 'https://support.sensiolabs.com/'
+Fetch error: http://www.support.sensiolabs.com/ => https://www.support.sensiolabs.com/: (6, 'Could not resolve host: www.support.sensiolabs.com')
+Fetch error: http://www.connect.sensiolabs.com/ => https://www.connect.sensiolabs.com/: (6, 'Could not resolve host: www.connect.sensiolabs.com')
+
+    Nonfunctional subdomains:
+	    - blog
+
+    More SensioLabs rulesets:
+	    - Symfony.com.xml
+-->
+<ruleset name="Sensiolabs.com" default_off="failed ruleset test">
+    <target host="sensiolabs.com" />
+    <target host="www.sensiolabs.com" />
+    <target host="support.sensiolabs.com" />
+    <target host="www.support.sensiolabs.com" />
+    <target host="insight.sensiolabs.com" />
+    <target host="www.insight.sensiolabs.com" />
+    <target host="connect.sensiolabs.com" />
+    <target host="www.connect.sensiolabs.com" />
+
+    <securecookie host="^(www\.)?(support\.|insight\.|connect\.)?sensiolabs\.com" name=".+" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SentaiFilmworks.com.xml b/src/chrome/content/rules/SentaiFilmworks.com.xml
new file mode 100644
index 000000000000..12e87451052b
--- /dev/null
+++ b/src/chrome/content/rules/SentaiFilmworks.com.xml
@@ -0,0 +1,16 @@
+<!--
+	Expired:
+		- store.sentaifilmworks.com
+
+	Timeout:
+		- sentaifilmworks.com
+		- una.sentaifilmworks.com
+
+-->
+<ruleset name="Sentai Filmworks (partial)">
+	<target host="www.sentaifilmworks.com" />
+	<target host="shop.sentaifilmworks.com" />
+	<target host="staging.sentaifilmworks.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SentinelOne.com.xml b/src/chrome/content/rules/SentinelOne.com.xml
new file mode 100644
index 000000000000..9c951c76768b
--- /dev/null
+++ b/src/chrome/content/rules/SentinelOne.com.xml
@@ -0,0 +1,34 @@
+<!--
+	Nonfunctional hosts in *sentinelone.com:
+
+		- go2 ʳ
+
+	ʳ Refused
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- go.sentinelone.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="SentinelOne.com">
+
+	<target host="sentinelone.com" />
+	<target host="go.sentinelone.com" />
+	<target host="www.sentinelone.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^go\.sentinelone\.com$" name="^BIGipServer" /-->
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SeoWizard.ru.xml b/src/chrome/content/rules/SeoWizard.ru.xml
new file mode 100644
index 000000000000..f2c1fcd89c7f
--- /dev/null
+++ b/src/chrome/content/rules/SeoWizard.ru.xml
@@ -0,0 +1,37 @@
+<!--
+	For other Sape coverage, see Sape.xml.
+
+
+	^seowizard.ru: Mismatched
+
+
+	Insecure cookies are set for these domains:
+
+		- www.seowizard.ru
+
+-->
+<ruleset name="SeoWizard.ru">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.seowizard.ru" />
+
+	<!--	Complications:
+				-->
+	<target host="seowizard.ru" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.seowizard\.ru$" name="^from$" /-->
+
+	<securecookie host="^www\.seowizard\.ru$" name=".+" />
+
+
+	<rule from="^http://seowizard\.ru/"
+		to="https://www.seowizard.ru/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Seonet-Multimedia.xml b/src/chrome/content/rules/Seonet-Multimedia.xml
index 9ab64d4f35f9..142dcd3322ed 100644
--- a/src/chrome/content/rules/Seonet-Multimedia.xml
+++ b/src/chrome/content/rules/Seonet-Multimedia.xml
@@ -16,12 +16,12 @@
 	<target host="www.gigadesign.cz" />
 
 
-	<securecookie host="^kb\.gigaserver\.cz$" name=".*" />
+	<securecookie host="^kb\.gigaserver\.cz$" name=".+" />
 
 
 	<!--	!www redirects to www.
 		At least the homepage doesn't work properly over https.	-->
-	<rule from="^https?://(?:www\.)?gigadesign\.cz/(cs|image)s/"
+	<rule from="^http://(?:www\.)?gigadesign\.cz/(cs|image)s/"
 		to="https://www.gigadesign.cz/$1s/" />
 
 
@@ -29,7 +29,7 @@
 		to="https://$1.gigaserver.cz/" />
 
 	<!--	!www redirects to www.	-->
-	<rule from="^https?://(?:www\.)?seonet\.cz/"
+	<rule from="^http://(?:www\.)?seonet\.cz/"
 		to="https://www.seonet.cz/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Seower.com.xml b/src/chrome/content/rules/Seower.com.xml
deleted file mode 100644
index 4dc19ac9928d..000000000000
--- a/src/chrome/content/rules/Seower.com.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="seower.com">
-
-	<target host="seower.com" />
-	<target host="www.seower.com" />
-
-
-	<securecookie host="^(?:w*\.)?seower.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?seower\.com/"
-		to="https://$1seower.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Sequanux.org-falsemixed.xml b/src/chrome/content/rules/Sequanux.org-falsemixed.xml
index 7584dd26a5b7..a87463fdc987 100644
--- a/src/chrome/content/rules/Sequanux.org-falsemixed.xml
+++ b/src/chrome/content/rules/Sequanux.org-falsemixed.xml
@@ -1,8 +1,14 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://wiki.sequanux.org/ => https://wiki.sequanux.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://wiki.sequanux.org/ => https://wiki.sequanux.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 	For rules that are on by default, see Sequanux.org.xml.
 
 -->
-<ruleset name="Sequanux.org (false MCB)" platform="mixedcontent">
+<ruleset name="Sequanux.org (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="wiki.sequanux.org" />
 
diff --git a/src/chrome/content/rules/Sequanux.org.xml b/src/chrome/content/rules/Sequanux.org.xml
index d9a614cea115..b7574e848a17 100644
--- a/src/chrome/content/rules/Sequanux.org.xml
+++ b/src/chrome/content/rules/Sequanux.org.xml
@@ -17,7 +17,8 @@
 <ruleset name="Sequanux.org (partial)" default_off="self-signed">
 
 	<target host="sequanux.org" />
-	<target host="*.sequanux.org" />
+	<target host="www.sequanux.org" />
+	<target host="wiki.sequanux.org" />
 
 
 	<rule from="^http://(?:www\.)?sequanux\.org/"
diff --git a/src/chrome/content/rules/Serato.com.xml b/src/chrome/content/rules/Serato.com.xml
new file mode 100644
index 000000000000..89b5e3db3aac
--- /dev/null
+++ b/src/chrome/content/rules/Serato.com.xml
@@ -0,0 +1,43 @@
+<!--
+	Other Serato rulesets:
+
+		- Whitelabel.net.xml
+
+
+	CDN buckets:
+
+		- d3hrfuxypomrcm.cloudfront.net
+
+			- s.store
+
+
+	Nonfunctional subdomains:
+
+		- store		(refused)
+
+
+	Fully covered subdomains:
+
+		- (www.)
+		- auth
+		- manage
+		- playlists
+		- s.store	(→ d3hrfuxypomrcm.cloudfront.net)
+
+-->
+<ruleset name="Serato.com (partial)">
+
+	<target host="serato.com" />
+	<target host="auth.serato.com" />
+	<target host="manage.serato.com" />
+	<target host="playlists.serato.com" />
+	<target host="www.serato.com" />
+	<target host="s.store.serato.com" />
+
+
+
+	<rule from="^http://s\.store\.serato\.com/"
+		to="https://d3hrfuxypomrcm.cloudfront.net/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Seravo.fi.xml b/src/chrome/content/rules/Seravo.fi.xml
new file mode 100644
index 000000000000..71c6ea1d9f70
--- /dev/null
+++ b/src/chrome/content/rules/Seravo.fi.xml
@@ -0,0 +1,12 @@
+<ruleset name="Seravo.fi">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="seravo.fi" />
+	<target host="www.seravo.fi" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Serialist.xml b/src/chrome/content/rules/Serialist.xml
deleted file mode 100644
index 0da4eb7e85b1..000000000000
--- a/src/chrome/content/rules/Serialist.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="Serialist">
-  <target host="serialist.net" />
-  <target host="*.serialist.net" />
-
-  <rule from="^http://(?:www\.)?serialist\.net/" to="https://serialist.net/"/>
-  <rule from="^http://([^/:@]*)\.serialist\.net/" to="https://$1.serialist.net/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Serienjunkies.de.xml b/src/chrome/content/rules/Serienjunkies.de.xml
index 70339c4c3709..06b3ee47dbb2 100644
--- a/src/chrome/content/rules/Serienjunkies.de.xml
+++ b/src/chrome/content/rules/Serienjunkies.de.xml
@@ -1,10 +1,30 @@
-<ruleset name="Serienjunkies.de (mixed content)" default_off="mixed content">
-<target host="www.serienjunkies.de"/>
-<target host="serienjunkies.de"/>
-<target host="g-cdn.serienjunkies.de"/>
+<!--
+	This domain contains a wildcard DNS record.
 
-<rule from="^http://(www\.)?serienjunkies\.de/" to="https://www.serienjunkies.de/"/>
-<rule from="^http://g-cdn\.serienjunkies\.de/" to="https://g-cdn.serienjunkies.de/"/>
+	Insecure cookies are set for these hosts:
+		- www.serienjunkies.de
+-->
+<ruleset name="Serienjunkies.de">
+
+	<target host="serienjunkies.de" />
+	<target host="www.serienjunkies.de" />
+	<target host="a-cdn.serienjunkies.de" />
+	<target host="admin.serienjunkies.de" />
+	<target host="admin-stage.serienjunkies.de" />
+	<target host="f-cdn.serienjunkies.de" />
+	<target host="g-cdn.serienjunkies.de" />
+	<target host="n-cdn.serienjunkies.de" />
+	<target host="r-cdn.serienjunkies.de" />
+	<target host="s-cdn.serienjunkies.de" />
+	<target host="shop.serienjunkies.de" />
+	<target host="u-cdn.serienjunkies.de" />
+	<target host="v-cdn.serienjunkies.de" />
+
+	<!--	Not secured by server:
+					-->
+	<securecookie host="^www\.serienjunkies\.de$" name=".+" />
+
+	<rule from="^http:" to="https:" />
 
 </ruleset>
- 
+
diff --git a/src/chrome/content/rules/Seriouseats.com.xml b/src/chrome/content/rules/Seriouseats.com.xml
new file mode 100644
index 000000000000..156d6243ff72
--- /dev/null
+++ b/src/chrome/content/rules/Seriouseats.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="Seriouseats.com">
+	<target host="seriouseats.com" />
+	<target host="www.seriouseats.com" />
+	<target host="aht.seriouseats.com" />
+	<target host="chicago.seriouseats.com" />
+	<target host="drinks.seriouseats.com" />
+	<target host="newyork.seriouseats.com" />
+	<target host="slice.seriouseats.com" />
+	<target host="static.seriouseats.com" />
+	<target host="sweets.seriouseats.com" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Sertifikatai.lt.xml b/src/chrome/content/rules/Sertifikatai.lt.xml
index 4f50a4c83035..541b0a00e461 100644
--- a/src/chrome/content/rules/Sertifikatai.lt.xml
+++ b/src/chrome/content/rules/Sertifikatai.lt.xml
@@ -10,7 +10,6 @@
 	<target host="www.sertifikatai.lt" />
 
 
-	<rule from="^http://(?:www\.)?sertifikatai\.lt/"
-		to="https://www.sertifikatai.lt/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Servage.net.xml b/src/chrome/content/rules/Servage.net.xml
index 881d384941cc..5899a35f3f57 100644
--- a/src/chrome/content/rules/Servage.net.xml
+++ b/src/chrome/content/rules/Servage.net.xml
@@ -1,50 +1,40 @@
 <!--
 	For other Levonline coverage, see Levonline.com.xml.
 
+	Invalid certificate:
+		servage.com
+		www.servage.com
+		www.webmail.servage.net
 
-	Problematic domains:
-
-		- (www.)servage.com	(shows another domain; mismatched, CN: *.levonline.com)
-		- webmail.servage.net	(shows www, valid cert)
-
-
-	Partially covered domains:
-
-		- (www.)servage.com	(→ www.servage.net)
-		- webmail.servage.net	(→ secure)
-
-
-	Fully covered servage.net subdomains:
-
-		- (www.)	(^ → www)
-		- livesupport01
-		- secure
-		- static
+	Login required:
+		webmail.servage.com
 
 -->
 <ruleset name="Servage.net">
 
-	<target host="servage.*" />
+	<target host="servage.com" />
 	<target host="www.servage.com" />
-	<target host="*.servage.net" />
-
-
-	<securecookie host="^(?:livesupport01|secure|www)\.servage\.net$" name=".+" />
+	<target host="vps.servage.com" />
 
+	<target host="www.servage.net" />
+    <target host="cp.servage.net" />
+	<target host="images.servage.net" />
+	<target host="livesupport01.servage.net" />
+	<target host="secure.servage.net" />
+	<target host="static.servage.net" />
+		<test url="http://static.servage.net/img/favicon.ico" />
+	<target host="webmail.servage.net" />
+	<target host="www.webmail.servage.net" />
 
-	<rule from="^http://(?:www\.)?servage\.com/(?:\?.*)?$"
-		to="https://www.servage.net/" />
+	<securecookie host="^(secure|www)\.servage\.net$" name=".+" />
 
-	<!--	^ redirects to www over http,
-		so copy that behavior:
-					-->
-	<rule from="^http://(?:www\.)?servage\.net/"
+	<rule from="^http://(www\.)?servage\.com/(\?.*)?$"
 		to="https://www.servage.net/" />
 
-	<rule from="^http://(livesupport01|secure|static)\.servage\.net/"
-		to="https://$1.servage.net/" />
-
-	<rule from="^http://webmail\.servage\.net/(?:\?.*)?$"
+	<rule from="^http://www\.webmail\.servage\.net/"
 		to="https://secure.servage.net/webmail/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Serve.com.xml b/src/chrome/content/rules/Serve.com.xml
new file mode 100644
index 000000000000..9520f533b21a
--- /dev/null
+++ b/src/chrome/content/rules/Serve.com.xml
@@ -0,0 +1,20 @@
+<!--
+	For other American Express coverage, see AmericanExpress.xml.
+
+
+	Fully covered subdomains:
+
+		- (www.)?
+		- secure
+
+-->
+<ruleset name="Serve.com">
+
+	<target host="serve.com" />
+	<target host="secure.serve.com" />
+	<target host="www.serve.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ServeNets.com.xml b/src/chrome/content/rules/ServeNets.com.xml
new file mode 100644
index 000000000000..0615dd475092
--- /dev/null
+++ b/src/chrome/content/rules/ServeNets.com.xml
@@ -0,0 +1,41 @@
+<!--
+	Nonfunctional subdomains:
+
+		- ^ ¹
+		- www ²
+
+	¹ Shows wennect.info; mismatched, CN: admin.wennect.info
+	² Dropped
+
+
+	Problematic subdomains:
+
+		- admin *
+
+	* Works; mismatched, CN: secureclientlogin.org
+
+
+	Mixed content:
+
+		- css from fonts.googleapis.com *
+
+		- Images from www.google.com *
+
+	* Secured by us
+
+-->
+<ruleset name="ServeNets.com (partial)" default_off="mismatched">
+
+	<target host="domains.servenets.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^domains\.servenets\.com$" name="^(PHPSESSID|selected_lang)$" /-->
+
+	<securecookie host="^domains\.servenets\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ServeTheHome.com.xml b/src/chrome/content/rules/ServeTheHome.com.xml
new file mode 100644
index 000000000000..e49c4cb0d3d4
--- /dev/null
+++ b/src/chrome/content/rules/ServeTheHome.com.xml
@@ -0,0 +1,15 @@
+<!--
+	(www.)?servethehome.com: Refused
+
+-->
+<ruleset name="ServeTheHome.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="forums.servethehome.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Served_by_OpenX.com.xml b/src/chrome/content/rules/Served_by_OpenX.com.xml
new file mode 100644
index 000000000000..ea14e2700bfd
--- /dev/null
+++ b/src/chrome/content/rules/Served_by_OpenX.com.xml
@@ -0,0 +1,34 @@
+<!--
+	For other OpenX coverage, see OpenX.xml.
+
+
+	CDN buckets:
+
+		- i-cdn.servedbyopenx.com.edgesuite.net
+
+
+	Problematic hosts in *servedbyopenx.com:
+
+		- (www.)? ¹
+		- i-cdn ²
+
+	¹ Shows blog.openx.org; self-signed, CN: openx.com
+	² Works, akamai
+
+-->
+<ruleset name="Served by OpenX.com (partial)">
+
+	<!--	Complications:
+				-->
+	<!--target host="servedbyopenx.com" /-->
+	<target host="i-cdn.servedbyopenx.com" />
+	<!--target host="www.servedbyopenx.com" /-->
+
+
+	<!--rule from="^http://(?:www\.)?servedbyopenx\.com/"
+		to="https://www.openx.org/" /-->
+
+	<rule from="^http://i-cdn\.servedbyopenx\.com/"
+		to="https://i-cdn.openx.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Server314.com.xml b/src/chrome/content/rules/Server314.com.xml
index 39e67a402a26..0f46d8402a95 100644
--- a/src/chrome/content/rules/Server314.com.xml
+++ b/src/chrome/content/rules/Server314.com.xml
@@ -10,4 +10,4 @@
 	<rule from="^http://([\w\.-]+\.)?server314\.com/"
 		to="https://$1server314.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ServerBeach.com.xml b/src/chrome/content/rules/ServerBeach.com.xml
deleted file mode 100644
index 57ccfc78001b..000000000000
--- a/src/chrome/content/rules/ServerBeach.com.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- ^	(refused)
-		- www	(redirects to http, valid cert)
-
--->
-<ruleset name="ServerBeach.com (partial)">
-
-	<target host="shop.serverbeach.com" />
-
-
-	<securecookie host="^shop\.serverbeach\.com$" name=".+" />
-
-
-	<rule from="^http://shop\.serverbeach\.com/"
-		to="https://shop.serverbeach.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/ServerCentral.xml b/src/chrome/content/rules/ServerCentral.xml
index 85b4173f10e1..2c97c6fb99b4 100644
--- a/src/chrome/content/rules/ServerCentral.xml
+++ b/src/chrome/content/rules/ServerCentral.xml
@@ -1,4 +1,10 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://portal.servercentral.net/ => https://portal.servercentral.net/: (51, "SSL: no alternative certificate subject name matches target host name 'portal.servercentral.net'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://portal.servercentral.net/ => https://portal.servercentral.net/: (51, "SSL: no alternative certificate subject name matches target host name 'portal.servercentral.net'")
 	Nonfunctional domains:
 
 		- (www.)servercentral.com *
@@ -8,7 +14,7 @@
 	Redirects to http://www.servercentral.com/$, expired 2012-12-02, CN: *.nlayer.net
 
 -->
-<ruleset name="ServerCentral (partial)">
+<ruleset name="ServerCentral (partial)" default_off="failed ruleset test">
 
 	<target host="portal.servercentral.net" />
 
@@ -16,7 +22,6 @@
 	<securecookie host="^portal\.servercentral\.net$" name=".+" />
 
 
-	<rule from="^http://portal\.servercentral\.net/"
-		to="https://portal.servercentral.net/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ServerCrate.com.xml b/src/chrome/content/rules/ServerCrate.com.xml
deleted file mode 100644
index 9e6438c9c026..000000000000
--- a/src/chrome/content/rules/ServerCrate.com.xml
+++ /dev/null
@@ -1,32 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- dalweb1		(interrupted)
-		- dalweb1...:2082	(times out)
-
-
-	Partially covered subdomains:
-
-		- billing	(some pages redirect to http)
-
-
-	Fully covered subdomains:
-
-		- (www.)
-		- vps
-
--->
-<ruleset name="ServerCrate.com (partial)">
-
-	<target host="servercrate.com" />
-	<target host="*.servercrate.com" />
-		<exclusion pattern="^http://billing\.servercrate\.com/($|\?|(?:announcements|index|knowledgebase)\.php)" />
-
-
-	<securecookie host="^(?:vps|www)?\.servercrate\.com$" name=".+" />
-
-
-	<rule from="^http://((?:billing|vps|www)\.)?servercrate\.com/"
-		to="https://$1servercrate.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/ServerExpress.co.il.xml b/src/chrome/content/rules/ServerExpress.co.il.xml
deleted file mode 100644
index e87cd346f28c..000000000000
--- a/src/chrome/content/rules/ServerExpress.co.il.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	^stratusexpress.com doesn't exist.
-
--->
-<ruleset name="ServerExpress.co.il">
-
-	<target host="*.stratusexpress.com" />
-
-
-	<securecookie host="^(?:www)?\.stratusexpress\.com$" name=".+" />
-
-
-	<rule from="^http://www\.stratusexpress\.com/"
-		to="https://www.stratusexpress.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/ServerPilot.io.xml b/src/chrome/content/rules/ServerPilot.io.xml
index 8aa845bc7bcb..15ccc5a0bbc3 100644
--- a/src/chrome/content/rules/ServerPilot.io.xml
+++ b/src/chrome/content/rules/ServerPilot.io.xml
@@ -8,13 +8,13 @@
 <ruleset name="ServerPilot.io">
 
 	<target host="serverpilot.io" />
-	<target host="*.serverpilot.io" />
+	<target host="manage.serverpilot.io" />
+	<target host="www.serverpilot.io" />
 
 
 	<securecookie host="^\.serverpilot\.io$" name=".+" />
 
 
-	<rule from="^http;//(manage\.|www\.)?serverpilot\.io/"
-		to="https://$1serverpilot.io/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ServerStack.com.xml b/src/chrome/content/rules/ServerStack.com.xml
new file mode 100644
index 000000000000..caf5a28e3a7f
--- /dev/null
+++ b/src/chrome/content/rules/ServerStack.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- serverstack.com
+		- www.serverstack.com
+
+-->
+<ruleset name="ServerStack.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="serverstack.com" />
+	<target host="www.serverstack.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?serverstack\.com$" name="^(_serverstack_session|landing_page|referrer_url)$" /-->
+
+	<securecookie host="^(?:www\.)?serverstack\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ServerTastic.xml b/src/chrome/content/rules/ServerTastic.xml
deleted file mode 100644
index 1b7cc249fe9c..000000000000
--- a/src/chrome/content/rules/ServerTastic.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="ServerTastic">
-
-	<target host="servertastic.com" />
-	<target host="*.servertastic.com" />
-
-
-	<securecookie host="^(?:.*\.)?servertastic\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?servertastic\.com/"
-		to="https://$1servertastic.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Server_Circle.com.xml b/src/chrome/content/rules/Server_Circle.com.xml
new file mode 100644
index 000000000000..07d8d22c3a2c
--- /dev/null
+++ b/src/chrome/content/rules/Server_Circle.com.xml
@@ -0,0 +1,31 @@
+<!--
+	CDN buckets:
+
+		- d3vagbaw7ty9z.cloudfront.net
+
+
+	Mixed content:
+
+		- css from d3vagbaw7ty9z.cloudfront.net *
+
+		- Images from d3vagbaw7ty9z.cloudfront.net *
+
+	* Secured by us
+
+-->
+<ruleset name="Server Circle.com" platform="mixedcontent" default_off="expired">
+
+	<target host="servercircle.com" />
+	<target host="www.servercircle.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?servercircle\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^(?:www\.)?servercircle\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Server_Express.xml b/src/chrome/content/rules/Server_Express.xml
deleted file mode 100644
index 7d91e4ed83e4..000000000000
--- a/src/chrome/content/rules/Server_Express.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)	(shows manage)
-
--->
-<ruleset name="Server Express (partial)">
-
-	<target host="*.theserverexpress.com" />
-
-
-	<securecookie host="^\.theserverexpress\.com$" name="^__cfduid$" />
-	<securecookie host="^manage\.theserverexpress\.com$" name=".+" />
-
-
-	<rule from="^http://manage\.theserverexpress\.com/"
-		to="https://manage.theserverexpress.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Servera.ovh.xml b/src/chrome/content/rules/Servera.ovh.xml
new file mode 100644
index 000000000000..e57b53ab91a6
--- /dev/null
+++ b/src/chrome/content/rules/Servera.ovh.xml
@@ -0,0 +1,16 @@
+<!--
+	Mismatched (a248.e.akamai.net):
+		- bill
+		- cp
+		- my
+		- panel
+-->
+
+<ruleset name="Servera.ovh">
+	<target host="servera.ovh" />
+	<target host="www.servera.ovh" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Servercow.de.xml b/src/chrome/content/rules/Servercow.de.xml
new file mode 100644
index 000000000000..511215914f9b
--- /dev/null
+++ b/src/chrome/content/rules/Servercow.de.xml
@@ -0,0 +1,16 @@
+<ruleset name="Servercow.de">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="servercow.de" />
+	<target host="cp.servercow.de" />
+	<target host="www.servercow.de" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Servercraft.xml b/src/chrome/content/rules/Servercraft.xml
index 82622a862ad3..5ced94b2fc33 100644
--- a/src/chrome/content/rules/Servercraft.xml
+++ b/src/chrome/content/rules/Servercraft.xml
@@ -1,13 +1,12 @@
 <ruleset name="Servercraft">
 
 	<target host="servercraft.co" />
-	<target host="*.servercraft.co" />
+	<target host="www.servercraft.co" />
 
 
 	<securecookie host="^(?:w*\.)?servercraft\.co$" name=".+" />
 
 
-	<rule from="^http://(www\.)?servercraft\.co/"
-		to="https://$1servercraft.co/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Serverdensity.io.xml b/src/chrome/content/rules/Serverdensity.io.xml
deleted file mode 100644
index b6ed19b18e64..000000000000
--- a/src/chrome/content/rules/Serverdensity.io.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!-- This rule was automatically generated based on an HSTS
-     preload rule in the Chromium browser.  See
-     https://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.h
-     for the list of preloads.  Sites are added to the Chromium HSTS
-     preload list on request from their administrators, so HTTPS should
-     work properly everywhere on this site.
-
-     Because Chromium and derived browsers automatically force HTTPS for
-     every access to this site, this rule applies only to Firefox. -->
-<ruleset name="Serverdensity.io" platform="firefox">
-<target host="serverdensity.io" />
-
-<securecookie host="^serverdensity\.io$" name=".+" />
-
-<rule from="^http://serverdensity\.io/" to="https://serverdensity.io/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Serverdensity.xml b/src/chrome/content/rules/Serverdensity.xml
new file mode 100644
index 000000000000..bc7c8f0a218d
--- /dev/null
+++ b/src/chrome/content/rules/Serverdensity.xml
@@ -0,0 +1,17 @@
+<ruleset name="Serverdensity">
+	<target host="serverdensity.io" />
+	<target host="www.serverdensity.io" />
+	<target host="serverdensity.com" />
+	<target host="www.serverdensity.com" />
+	<target host="apidocs.serverdensity.com" />
+	<target host="blog.serverdensity.com" />
+	<target host="cs.serverdensity.com" />
+	<target host="plugins.serverdensity.com" />
+	<target host="support.serverdensity.com" />
+
+	<securecookie host="^serverdensity\.io$" name=".+" />
+	<securecookie host="^serverdensity\.com$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Serverfruit.com.xml b/src/chrome/content/rules/Serverfruit.com.xml
new file mode 100644
index 000000000000..dff0d1173edd
--- /dev/null
+++ b/src/chrome/content/rules/Serverfruit.com.xml
@@ -0,0 +1,27 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://client.serverfruit.com/ => https://client.serverfruit.com/: (6, 'Could not resolve host: client.serverfruit.com')
+
+	Mixed content:
+
+		- css on www from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Serverfruit.com" default_off="failed ruleset test">
+
+	<target host="serverfruit.com" />
+	<target host="client.serverfruit.com" />
+	<target host="www.serverfruit.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<securecookie host="^(?:client|www)?\.serverfruit\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Serveriai.lt.xml b/src/chrome/content/rules/Serveriai.lt.xml
index 03e7a9a7d8fa..5849e7c9ef36 100644
--- a/src/chrome/content/rules/Serveriai.lt.xml
+++ b/src/chrome/content/rules/Serveriai.lt.xml
@@ -1,10 +1,20 @@
-<ruleset name="serveriai.lt">
+<!--
+	Customers that choose not to buy a domain may get a subdomain
+	on serveriai.lt where their website will be hosted, but those
+	subdomains do not get valid certs (they are mismatched)
+-->
 
+<ruleset name="serveriai.lt">
 	<target host="serveriai.lt" />
-	<target host="*.serveriai.lt" />
+	<target host="www.serveriai.lt" />
+	<target host="whois.serveriai.lt" />
+	<target host="failai.serveriai.lt" />
+	<target host="idn.serveriai.lt" />
+	<target host="pastas.serveriai.lt" />
+	<target host="roundcube.serveriai.lt" />
 
 
-	<rule from="^http://(whois\.|www\.)?serveriai\.lt/"
-		to="https://$1serveriai.lt/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Serverloft.com.xml b/src/chrome/content/rules/Serverloft.com.xml
new file mode 100644
index 000000000000..abb9d22d5c61
--- /dev/null
+++ b/src/chrome/content/rules/Serverloft.com.xml
@@ -0,0 +1,14 @@
+<!--
+	Non-functional hosts
+		Incomplete certificate chain error:
+		- serverloft.com
+		- www.serverloft.com
+
+		Mixed content blocking (MCB) triggered:
+		- blog.serverloft.com
+-->
+<ruleset name="Serverloft.com (partial)">
+	<target host="my.serverloft.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Serverloft.xml b/src/chrome/content/rules/Serverloft.xml
deleted file mode 100644
index 42cc9768b3c3..000000000000
--- a/src/chrome/content/rules/Serverloft.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)
-
--->
-<ruleset name="serverloft (partial)">
-
-	<target host="*.serverloft.com" />
-
-
-	<securecookie host="^.*\.serverloft\.com$" name=".*" />
-
-
-	<rule from="^http://(my|order)\.serverloft\.com/"
-		to="https://$1.serverloft.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Servers_for_Hackers.com.xml b/src/chrome/content/rules/Servers_for_Hackers.com.xml
new file mode 100644
index 000000000000..2d3bbeefa4dc
--- /dev/null
+++ b/src/chrome/content/rules/Servers_for_Hackers.com.xml
@@ -0,0 +1,34 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://forums.serversforhackers.com/ => https://forums.serversforhackers.com/: (6, 'Could not resolve host: forums.serversforhackers.com')
+
+	Insecure cookies are set for these hosts:
+
+		- serversforhackers.com
+		- forums.serversforhackers.com
+		- www.serversforhackers.com
+
+-->
+<ruleset name="Servers for Hackers.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="serversforhackers.com" />
+	<target host="book.serversforhackers.com" />
+	<target host="forums.serversforhackers.com" />
+	<target host="www.serversforhackers.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?serversforhackers\.com$" name="^(PHPSESSID|laravel_session)$" /-->
+	<!--securecookie host="^forums\.serversforhackers\.com$" name="^(__profilin|_forum_session|destination_url)$" /-->
+
+	<securecookie host="^(?:forums\.|www\.)?serversforhackers\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Serversaurus.com.au.xml b/src/chrome/content/rules/Serversaurus.com.au.xml
new file mode 100644
index 000000000000..27f310d15576
--- /dev/null
+++ b/src/chrome/content/rules/Serversaurus.com.au.xml
@@ -0,0 +1,34 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://tasha.serversaurus.com.au/ => https://tasha.serversaurus.com.au/: (28, 'Connection timed out after 20000 milliseconds')
+
+	Nonfunctional subdomains:
+
+		- blog *
+
+	* Tumblr
+
+
+	These altnames don't exist:
+
+		- www.tasha.serversaurus.com.au
+
+-->
+<ruleset name="Serversaurus.com.au (partial)" default_off="failed ruleset test">
+
+	<target host="serversaurus.com.au" />
+	<target host="tasha.serversaurus.com.au" />
+	<target host="www.serversaurus.com.au" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?serversaurus\.com\.au$" name="^WHMCS\w+$" /-->
+
+	<securecookie host="^(?:www\.)?serversaurus\.com\.au$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Service-now.com.xml b/src/chrome/content/rules/Service-now.com.xml
index 4d1fc9cf1c97..4938cb3fe65e 100644
--- a/src/chrome/content/rules/Service-now.com.xml
+++ b/src/chrome/content/rules/Service-now.com.xml
@@ -1,21 +1,32 @@
 <!--
-	Problematic domains:
-
-		- servicenow.com	(works, cert only matches *.servicenow.com)
-		- www.servicenow.com	(works, akamai)
-		- service-now.com	(cert only matches *.service-now.com)
-		- www.service-now.com	(works, valid cert, but redirects to https://www.servicenow.com)
+	For other ServiceNow coverage, see ServiceNow.com.xml.
 
 -->
-<ruleset name="ServiceNow (partial)">
+<ruleset name="Service-Now.com">
 
+	<target host="service-now.com" />
 	<target host="*.service-now.com" />
 
+		<test url="http://appcentral1.service-now.com/app_showcase.do" />
+		<test url="http://signon.service-now.com/ssoregister.do" />
+		<test url="http://www.service-now.com/" />
+
+		<!--	Clients:
+				-->
+		<test url="http://hi.service-now.com/" />
+		<test url="http://liberty.service-now.com/" />
+		<test url="http://osuitsm.service-now.com/selfservice/system_status.do" />
+		<test url="http://theplatform.service-now.com/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="client\.service-now\.com$" name="^BIGipServer" /-->
 
-	<securecookie host="^.+\.service-now\.com$" name=".+" />
+	<securecookie host=".\.service-now\.com$" name=".+" />
 
 
-	<rule from="^http://(?!www\.)([\w-]+)\.service-now\.com/"
-		to="https://$1.service-now.com/" />
+	<rule from="^http://([\w-]+\.)?service-now\.com/"
+		to="https://$1service-now.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ServiceNow.com.xml b/src/chrome/content/rules/ServiceNow.com.xml
new file mode 100644
index 000000000000..c2f0aafcf272
--- /dev/null
+++ b/src/chrome/content/rules/ServiceNow.com.xml
@@ -0,0 +1,89 @@
+<!--
+	Other ServiceNow rulesets:
+
+		- Service-now.com.xml
+
+
+	Problematic hosts in *servicenow.com:
+
+		- knowledge *
+
+	* Mismatched
+
+
+	Fully covered hosts in *servicenow.com:
+
+		- (www.)?
+		- community
+		- developer
+		- express
+		- knowledge
+		- partners
+		- share
+		- store
+		- wiki
+
+
+	These altnames don't exist:
+
+		- apps.community.servicenow.com
+		- apps.uat.community.servicenow.com
+		- uat.community.servicenow.com
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .servicenow.com
+		- community.servicenow.com
+		- developer.servicenow.com
+		- express.servicenow.com
+		- partners.servicenow.com
+		- share.servicenow.com
+		- store.servicenow.com
+
+
+	Mixed content:
+
+		- Image on wiki from wiki.service-now.com *
+
+	* Secured by us
+
+-->
+<ruleset name="ServiceNow.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="servicenow.com" />
+	<target host="www.servicenow.com" />
+	<target host="community.servicenow.com" />
+	<target host="developer.servicenow.com" />
+	<target host="docs.servicenow.com" />
+	<target host="express.servicenow.com" />
+	<target host="knowledge.servicenow.com" />
+	<target host="partners.servicenow.com" />
+	<target host="share.servicenow.com" />
+	<target host="store.servicenow.com" />
+	<target host="wiki.servicenow.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.servicenow\.com$" name="^wikidb_session$" /-->
+	<!--securecookie host="^community\.servicenow\.com$" name="^(?:BIGipServer[\w.-]+|JSESSIONID|jive.security.context)$" /-->
+	<!--securecookie host="^developer\.servicenow\.com$" name="^(?:BIGipServer\w+|JSESSIONID|glide_user|glide_user_route|glide_user_session)$" /-->
+	<!--securecookie host="^express\.servicenow\.com$" name="^(?:PHPSESSID|wpfront-notification-bar-landingpage)$" /-->
+	<!--securecookie host="^(?:www\.)?partners\.servicenow\.com$" name="^(?:BIGipServer\w+|TS[\da-f]{8})$" /-->
+	<!--securecookie host="^share\.servicenow\.com$" name="^(?:BIGipServer\w+|JSESSIONID|glide_user_route)$" /-->
+	<!--securecookie host="^store\.servicenow\.com$" name="^(?:BIGipServer\w+|JSESSIONID|glide_user|glide_user_route|glide_user_session)$" /-->
+
+	<securecookie host="^\.servicenow\.com$" name="^wikidb_session$" />
+	<securecookie host="^(community|developer|docs|express|partners|share|store)\.servicenow\.com$" name=".+" />
+
+
+	<!--	Redirect keeps path, args,
+		and forward slash:
+					-->
+	<rule from="^http:"
+			to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ServiceTick.com.xml b/src/chrome/content/rules/ServiceTick.com.xml
new file mode 100644
index 000000000000..2060190e9b9f
--- /dev/null
+++ b/src/chrome/content/rules/ServiceTick.com.xml
@@ -0,0 +1,37 @@
+<!--
+	Other ServiceTick rulesets:
+
+		- SessionCam.com.xml
+
+
+	CDN buckets:
+
+		- 33c1kziyvzv5w.cloudfront.net
+
+
+	^: cert only matches www
+
+
+	Mixed content:
+
+		- Images on www from d33c1kziyvzv5w.cloudfront.net *
+
+	* Secured by us
+
+-->
+<ruleset name="ServiceTick.com">
+
+	<target host="servicetick.com" />
+	<target host="www.servicetick.com" />
+	<target host="console.servicetick.com" />
+
+
+	<securecookie host="^console\.servicetick\.com$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?servicetick\.com/"
+		to="https://www.servicetick.com/" />
+
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Service_Uptime.com.xml b/src/chrome/content/rules/Service_Uptime.com.xml
new file mode 100644
index 000000000000..904265d2161e
--- /dev/null
+++ b/src/chrome/content/rules/Service_Uptime.com.xml
@@ -0,0 +1,17 @@
+<ruleset name="Service Uptime.com">
+
+	<target host="serviceuptime.com" />
+	<target host="www.serviceuptime.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.serviceuptime\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^www\.serviceuptime\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Service_by_Air.xml b/src/chrome/content/rules/Service_by_Air.xml
index b2221455d705..97b5f325867a 100644
--- a/src/chrome/content/rules/Service_by_Air.xml
+++ b/src/chrome/content/rules/Service_by_Air.xml
@@ -1,13 +1,19 @@
-<ruleset name="Service by Air">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://community.sbaglobal.com/ => https://community.sbaglobal.com/: (51, "SSL: no alternative certificate subject name matches target host name 'community.sbaglobal.com'")
+
+-->
+<ruleset name="Service by Air" default_off="failed ruleset test">
 
 	<target host="sbaglobal.com" />
-	<target host="*.sbaglobal.com" />
+	<target host="community.sbaglobal.com" />
+	<target host="www.sbaglobal.com" />
 
 
 	<securecookie host="^community\.sbaglobal\.com$" name=".+" />
 
 
-	<rule from="^http://(community\.|www\.)?sbaglobal\.com/"
-		to="https://$1sbaglobal.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Serving-sys-int.com.xml b/src/chrome/content/rules/Serving-sys-int.com.xml
new file mode 100644
index 000000000000..fba533b401a2
--- /dev/null
+++ b/src/chrome/content/rules/Serving-sys-int.com.xml
@@ -0,0 +1,37 @@
+<!--
+
+	For other MediaMind coverage, see MediaMind.com.xml.
+
+
+	CDN buckets:
+
+		- as.serving-sys-int.com.edgesuite.net
+
+			- a1452.b.akamai.net
+
+		- secure-ds.serving-sys-int.com.edgekey.net
+
+
+	Problematic domains:
+
+		- as.serving-sys-int.com *
+
+	* Works, akamai
+
+
+	Fully covered domains:
+
+		- as.serving-sys-int.com	(→ akamai)
+		- secure-ds.serving-sys-int.com
+
+-->
+<ruleset name="serving-sys-int.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="secure-ds.serving-sys-int.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Serving-sys.com.xml b/src/chrome/content/rules/Serving-sys.com.xml
index 9c7406bc3974..30c00ac4bd5f 100644
--- a/src/chrome/content/rules/Serving-sys.com.xml
+++ b/src/chrome/content/rules/Serving-sys.com.xml
@@ -1,71 +1,110 @@
 <!--
 	For other MediaMind coverage, see MediaMind.com.xml.
 
-
-	CDN buckets:
-
-		- bs.eyeblaster.akadns.net
-
-			- bs.serving-sys.com
-
-		- www.eyeblaster-ds.com.edgesuite.net
-
-			- a50.g2.akamai.net
-			- ds.serving-sys.com
-
-		- as.serving-sys-int.com.edgesuite.net
-
-			- a1452.b.akamai.net
-
-		- activity.serving-sys.com.edgekey.net
-		- secure-ds.serving-sys.com.edgekey.net
-		- secure-ds.serving-sys-int.com.edgekey.net
-
-
-	Problematic domains:
-
-		- activity.serving-sys.com	(403; mismatched, CN: platform.mediamind.com)
-		- ds.serving-sys.com *
-		- as.serving-sys-int.com *
-
-	* Works, akamai
-
-
-	Fully covered domains:
-
-		- serving-sys.com subdomains:
-
-			- activity	(→ bs)
-			- as		(→ akamai)
-			- bs
-			- ds		(→ akamai)
-			- secure-ds
-
-		- secure-ds.serving-sys-int.com
-
+	Cert mismatch:
+		- www.serving-sys.com
+		- activity.serving-sys.com
+		- adx.serving-sys.com
+		- aol.serving-sys.com
+		- as.serving-sys.com
+		- us.bs.serving-sys.com
+		- customds.serving-sys.com
+		- ds.serving-sys.com
+		- origin.ds.serving-sys.com
+		- ds-ll.serving-sys.com
+		- eds.serving-sys.com
+		- geo2.serving-sys.com
+		- liquid.serving-sys.com
+		- mbs.serving-sys.com
+		- msn.serving-sys.com
+		- msntest.serving-sys.com
+		- ds.preview.serving-sys.com
+		- preview.serving-sys.com
+		- plu.serving-sys.com
+		- rtb.serving-sys.com
+		- sl.serving-sys.com
+		- yahoo.serving-sys.com
+
+	Chain issues:
+		- custom.serving-sys.com
+
+	Connection refused:
+		- detik.serving-sys.com
+		- ps.serving-sys.com
+
+	Timeout:
+		- geo.serving-sys.com
+		- hosting.serving-sys.com
 -->
 <ruleset name="serving-sys.com (partial)">
 
-	<target host="*.serving-sys.com" />
-	<target host="*.serving-sys-int.com" />
-
-
-	<securecookie host="^bs\.serving-sys\.com$" name=".*" />
-
-
-	<rule from="^http://(?:activity|bs)\.serving-sys\.com/"
+	<target host="activity.serving-sys.com" />
+	<target host="bs.serving-sys.com" />
+	<target host="custdev1.cd.serving-sys.com" />
+	<target host="custdev3.cd.serving-sys.com" />
+	<target host="bsch.serving-sys.com" />
+	<target host="custdev4.cd.serving-sys.com" />
+	<target host="custdev5.cd.serving-sys.com" />
+	<target host="conv-blizzard-emea.cd.serving-sys.com" />
+	<target host="conv-blizzard-na.cd.serving-sys.com" />
+	<target host="akqasf.mmgl.cd.serving-sys.com" />
+	<target host="centro.mmgl.cd.serving-sys.com" />
+	<target host="centrohyundai.mmgl.cd.serving-sys.com" />
+	<target host="chrysler.mmgl.cd.serving-sys.com" />
+	<target host="collective.mmgl.cd.serving-sys.com" />
+	<target host="gg.mmgl.cd.serving-sys.com" />
+	<target host="greydigital-es.mmgl.cd.serving-sys.com" />
+	<target host="gwa.mmgl.cd.serving-sys.com" />
+	<target host="havas-chi.mmgl.cd.serving-sys.com" />
+	<target host="havasdigitalfr.mmgl.cd.serving-sys.com" />
+	<target host="havasfr.mmgl.cd.serving-sys.com" />
+	<target host="ingnl.mmgl.cd.serving-sys.com" />
+	<target host="kbb.mmgl.cd.serving-sys.com" />
+	<target host="lexus.mmgl.cd.serving-sys.com" />
+	<target host="maxpoint.mmgl.cd.serving-sys.com" />
+	<target host="mediavest-la.mmgl.cd.serving-sys.com" />
+	<target host="meijer.mmgl.cd.serving-sys.com" />
+	<target host="mmmfr.mmgl.cd.serving-sys.com" />
+	<target host="msnpmg-gpu.mmgl.cd.serving-sys.com" />
+	<target host="nissan.mmgl.cd.serving-sys.com" />
+	<target host="novus.mmgl.cd.serving-sys.com" />
+	<target host="pervorm-nl.mmgl.cd.serving-sys.com" />
+	<target host="pnc-bank.mmgl.cd.serving-sys.com" />
+	<target host="png.mmgl.cd.serving-sys.com" />
+	<target host="rapp-au.mmgl.cd.serving-sys.com" />
+	<target host="reckittbenckiser.mmgl.cd.serving-sys.com" />
+	<target host="saatchila.mmgl.cd.serving-sys.com" />
+	<target host="spark.mmgl.cd.serving-sys.com" />
+	<target host="starcom-chi.mmgl.cd.serving-sys.com" />
+	<target host="swellshark.mmgl.cd.serving-sys.com" />
+	<target host="target.mmgl.cd.serving-sys.com" />
+	<target host="ticketsnow.mmgl.cd.serving-sys.com" />
+	<target host="voucher.cd.serving-sys.com" />
+	<target host="toysrus.mmgl.cd.serving-sys.com" />
+	<target host="umcd.mmgl.cd.serving-sys.com" />
+	<target host="umsf.mmgl.cd.serving-sys.com" />
+	<target host="vwus.mmgl.cd.serving-sys.com" />
+	<target host="weatherbug.mmgl.cd.serving-sys.com" />
+	<target host="yal.mmgl.cd.serving-sys.com" />
+	<target host="ds-cc.serving-sys.com" />
+	<target host="datahub.serving-sys.com" />
+	<target host="dh.serving-sys.com" />
+	<target host="ds-vn.serving-sys.com" />
+	<target host="gizmo.serving-sys.com" />
+	<target host="gizmo-s.serving-sys.com" />
+	<target host="origin-gizmo.serving-sys.com" />
+	<target host="origin.partners-demo.serving-sys.com" />
+	<target host="bs.preview.serving-sys.com" />
+	<target host="secure-ds.serving-sys.com" />
+	<target host="secure-msntest.serving-sys.com" />
+	<target host="services.serving-sys.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://activity\.serving-sys\.com/"
 		to="https://bs.serving-sys.com/" />
 
-	<rule from="^http://ds\.serving-sys\.com/"
-		to="https://a248.e.akamai.net/f/50/1/5m/ds.serving-sys.com/" />
-
-	<rule from="^http://secure-ds\.serving-sys\.com/"
-		to="https://secure-ds.serving-sys.com/" />
-
-	<rule from="^http://as\.serving-sys-int\.com/"
-		to="https://a248.e.akamai.net/f/1452/7592/10/as.serving-sys-int.com/" />
-
-	<rule from="^http://secure-ds\.serving-sys-int\.com/"
-		to="https://secure-ds.serving-sys-int.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Sesamstrasse.de.xml b/src/chrome/content/rules/Sesamstrasse.de.xml
new file mode 100644
index 000000000000..224b0f4b8e72
--- /dev/null
+++ b/src/chrome/content/rules/Sesamstrasse.de.xml
@@ -0,0 +1,8 @@
+<ruleset name="Sesamstrasse.de">
+	<target host="sesamstrasse.de" />
+	<target host="www.sesamstrasse.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Sesek.com.xml b/src/chrome/content/rules/Sesek.com.xml
new file mode 100644
index 000000000000..2cbbd7da3f4c
--- /dev/null
+++ b/src/chrome/content/rules/Sesek.com.xml
@@ -0,0 +1,17 @@
+<!--
+	(www.) doesn't exist.
+
+
+	These altnames don't exist:
+
+		- www.robert.sesek.com
+
+-->
+<ruleset name="Sesek.com">
+
+	<target host="robert.sesek.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SesliSozluk.net.xml b/src/chrome/content/rules/SesliSozluk.net.xml
new file mode 100644
index 000000000000..76a85011cd85
--- /dev/null
+++ b/src/chrome/content/rules/SesliSozluk.net.xml
@@ -0,0 +1,11 @@
+<ruleset name="SesliSözlük.net">
+	<target host="seslisozluk.net" />
+	<target host="www.seslisozluk.net" />
+	<target host="m.seslisozluk.net" />
+	<target host="static.seslisozluk.net" />
+		<test url="http://static.seslisozluk.net/img/sesli_searchicon.png" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SessionCam.com.xml b/src/chrome/content/rules/SessionCam.com.xml
new file mode 100644
index 000000000000..124adcc31207
--- /dev/null
+++ b/src/chrome/content/rules/SessionCam.com.xml
@@ -0,0 +1,29 @@
+<!--
+	For other ServiceTick coverage, see ServiceTick.com.xml.
+
+
+	CDN buckets:
+
+		- d2oh4tlt9mrke9.cloudfront.net
+		- d2vx1p3r3ko5ka.cloudfront.net
+
+
+	^: cert only matches www
+
+
+	Mixed content:
+
+		- Images from d2vx1p3r3ko5ka.cloudfront.net *
+
+	* Secured by us
+
+-->
+<ruleset name="SessionCam.com">
+
+	<target host="sessioncam.com" />
+	<target host="www.sessioncam.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Settrade.com.xml b/src/chrome/content/rules/Settrade.com.xml
index 5fd5f4fbf95a..4d9670547380 100644
--- a/src/chrome/content/rules/Settrade.com.xml
+++ b/src/chrome/content/rules/Settrade.com.xml
@@ -3,6 +3,6 @@
   <target host="www.settrade.com" />
   <target host="portal.settrade.com" />
 
-  <rule from="^http://(www\.)?settrade\.com/" to="https://www.settrade.com/" />
+  <rule from="^http://(?:www\.)?settrade\.com/" to="https://www.settrade.com/" />
   <rule from="^http://portal\.settrade\.com/" to="https://portal.settrade.com/" />
 </ruleset>
diff --git a/src/chrome/content/rules/Seurinternacional.com.xml b/src/chrome/content/rules/Seurinternacional.com.xml
deleted file mode 100644
index 236d16f06cc5..000000000000
--- a/src/chrome/content/rules/Seurinternacional.com.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="Seurinternacional.com">
-  <target host="seurinternacional.com" />
-  <target host="www.seurinternacional.com" />
-
-  <rule from="^http://(www\.)?seurinternacional\.com/" to="https://www.seurinternacional.com/" />
-</ruleset>
diff --git a/src/chrome/content/rules/SevenOneMedia.xml b/src/chrome/content/rules/SevenOneMedia.xml
new file mode 100644
index 000000000000..745fb0d1085d
--- /dev/null
+++ b/src/chrome/content/rules/SevenOneMedia.xml
@@ -0,0 +1,15 @@
+<ruleset name="SevenOneMedia">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ad.71i.de" />
+	<target host="adserver.71i.de" />
+	<target host="www.sevenonemedia.de" />
+
+	<rule from="^http://ad\.71i\.de/"
+		to="https://adserver.71i.de/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SevenTorrents.xml b/src/chrome/content/rules/SevenTorrents.xml
index 4839864ebd2a..d4386fdbbfdf 100644
--- a/src/chrome/content/rules/SevenTorrents.xml
+++ b/src/chrome/content/rules/SevenTorrents.xml
@@ -1,17 +1,12 @@
-<!--
-	CN: SEVENSERVER
-
--->
-<ruleset name="SevenTorrents" default_off="self-signed">
+<ruleset name="SevenTorrents.org" default_off="refused">
 
 	<target host="seventorrents.org" />
-	<target host="www.seventorrents.org" />
 
 
 	<securecookie host="^seventorrents\.org$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?seventorrents\.org/"
-		to="https://seventorrents.org/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Sevenoaks.gov.uk.xml b/src/chrome/content/rules/Sevenoaks.gov.uk.xml
new file mode 100644
index 000000000000..ff4a53f1a6d1
--- /dev/null
+++ b/src/chrome/content/rules/Sevenoaks.gov.uk.xml
@@ -0,0 +1,92 @@
+<!--
+	Sevenoaks District Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *sevenoaks.gov.uk:
+
+		- documents ᵃ
+		- pa ʳ
+
+	ᵃ Shows parking.sevenoaks.gov.uk
+	ʳ Refused
+
+
+	Problematic hosts in *sevenoaks.gov.uk:
+
+		- (www.)?planningconsult ᵐ
+
+	ᵐ Mismatched
+
+
+	Partially covered hosts in *sevenoaks.gov.uk:
+
+		- cds ʰ
+
+	ʰ Some pages redirect to http
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.sevenoaks.gov.uk
+
+
+	Mixed content:
+
+		- Images on www from $self ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="Sevenoaks.gov.uk (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="sevenoaks.gov.uk" />
+	<target host="cds.sevenoaks.gov.uk" />
+	<target host="hrselfservice.sevenoaks.gov.uk" />
+	<target host="parking.sevenoaks.gov.uk" />
+	<target host="portal.sevenoaks.gov.uk" />
+	<target host="selfservice.sevenoaks.gov.uk" />
+	<target host="webpayments.sevenoaks.gov.uk" />
+	<target host="www.sevenoaks.gov.uk" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://cds\.sevenoaks\.gov\.uk/(?:mgPasswordReqst|uuCoverPage)\.aspx" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://cds\.sevenoaks\.gov\.uk/+(?![Ss]iteSpecific/|documents/\w+/|ie(?:Logon|RegisterUser)\.aspx|jquery-ui/css/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://cds.sevenoaks.gov.uk/ieListDocuments.aspx?MId=1930" />
+			<test url="http://cds.sevenoaks.gov.uk/ieListMeetings.aspx?CommitteeId=134" />
+			<test url="http://cds.sevenoaks.gov.uk/mgParishCouncilDetails.aspx?ID=227" />
+			<test url="http://cds.sevenoaks.gov.uk/mgParishCouncilDetailsList.aspx" />
+			<test url="http://cds.sevenoaks.gov.uk/mgPasswordReqst.aspx" />
+			<test url="http://cds.sevenoaks.gov.uk/mgUserInfo.aspx?UID=117" />
+			<test url="http://cds.sevenoaks.gov.uk/uuCoverPage.aspx?bcr=1" />
+
+			<!--	-ve:
+					-->
+			<test url="http://cds.sevenoaks.gov.uk/SiteSpecific/top-menu-border.jpg" />
+			<test url="http://cds.sevenoaks.gov.uk/ieLogon.aspx?RPID=" />
+			<test url="http://cds.sevenoaks.gov.uk/ieRegisterUser.aspx?RPID=" />
+			<test url="http://cds.sevenoaks.gov.uk/jquery-ui/css/Smoothness/jquery-ui-1.10.2.custom.min.css" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.sevenoaks\.gov\.uk$" name="^SQ_SYSTEM_ID$" /-->
+
+	<securecookie host="^\." name="^_gat?$" />
+	<securecookie host="^(?!cds\.)\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Severgazbank.ru.xml b/src/chrome/content/rules/Severgazbank.ru.xml
new file mode 100644
index 000000000000..2357b27a8feb
--- /dev/null
+++ b/src/chrome/content/rules/Severgazbank.ru.xml
@@ -0,0 +1,59 @@
+<!--
+severgazbank.ru ⁴
+www.severgazbank.ru ⁴
+3ds.severgazbank.ru ³
+mail.arh.severgazbank.ru ¹
+bcback1.severgazbank.ru ³
+blackhole.severgazbank.ru ³
+eclient.che.severgazbank.ru ³
+cs.severgazbank.ru ³
+directum.severgazbank.ru ⁴
+ib.severgazbank.ru ³
+ibtest.severgazbank.ru ³
+eclient.ivanovo.severgazbank.ru ³
+eclient.ktl.severgazbank.ru ³
+mail.ktl.severgazbank.ru ¹
+lk.severgazbank.ru ²
+mail.severgazbank.ru ³
+mbtest.severgazbank.ru ³
+mc.severgazbank.ru ³
+mctest.severgazbank.ru ³
+bclient.msk.severgazbank.ru ³
+mx.severgazbank.ru ¹
+bclient.nor.severgazbank.ru ³
+bclient.novgorod.severgazbank.ru ³
+mail.novgorod.severgazbank.ru ¹
+ns.severgazbank.ru ³
+ns3.severgazbank.ru ³
+mail.sosnogorsk.severgazbank.ru ¹
+eclient.spb.severgazbank.ru ³
+eclient.syktyvkar.severgazbank.ru ³
+mail.syktyvkar.severgazbank.ru ¹
+tim.severgazbank.ru ⁴
+www.tim.severgazbank.ru ⁴
+static.tim.severgazbank.ru ⁴
+dcukhta.uhta.severgazbank.ru ³
+eclient.uhta.severgazbank.ru ³
+visa.severgazbank.ru ³
+eclient.vorkuta.severgazbank.ru ³
+eclient2.vorkuta.severgazbank.ru ³
+eclient.vustug.severgazbank.ru ³
+bclient.yar.severgazbank.ru ³
+mail.yar.severgazbank.ru ¹
+
+
+¹ mismatch
+² refused
+³ timed out
+⁴ self signed
+-->
+<ruleset name="severgazbank.ru (partial)">
+	<target host="acs.severgazbank.ru" />
+	<target host="vpn.che.severgazbank.ru" />
+	<target host="mb.severgazbank.ru" />
+	<target host="mpi.severgazbank.ru" />
+	<target host="online.severgazbank.ru" />
+	<target host="owa.severgazbank.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Sex.com.xml b/src/chrome/content/rules/Sex.com.xml
new file mode 100644
index 000000000000..1feca94e8f9a
--- /dev/null
+++ b/src/chrome/content/rules/Sex.com.xml
@@ -0,0 +1,27 @@
+<!--
+	Connection refused:
+		ads.sex.com
+		m.sex.com
+
+	Secure connection failed:
+		gay.sex.com
+
+-->
+<ruleset name="Sex.com">
+	<target host="sex.com"/>
+	<target host="www.sex.com"/>
+	<target host="ar.sex.com"/>
+	<target host="de.sex.com"/>
+	<target host="es.sex.com"/>
+	<target host="fr.sex.com"/>
+	<target host="gay.sex.com"/>
+	<target host="www.gay.sex.com"/>
+	<target host="images.sex.com"/>
+	<target host="it.sex.com"/>
+	<target host="pl.sex.com"/>
+	<target host="pt.sex.com"/>
+	<target host="ru.sex.com"/>
+
+	<rule from="^http://gay\.sex\.com/" to="https://www.gay.sex.com/"/>
+	<rule from="^http:"	to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SexNarod.xml b/src/chrome/content/rules/SexNarod.xml
index 732b1ff318bd..20e1c3724688 100644
--- a/src/chrome/content/rules/SexNarod.xml
+++ b/src/chrome/content/rules/SexNarod.xml
@@ -3,22 +3,20 @@
 	<target host="sexnarod.ru"/>
 	<target host="www.sexnarod.ru"/>
 	<target host="superforum.org"/>
-	<target host="*.superforum.org"/>
-	<target host="*.dating.superforum.org"/>
+	<target host="www.superforum.org" />
+	<target host="dating.superforum.org" />
 	<target host="sxnarod.com"/>
-	<target host="*.sxnarod.com"/>
-	<target host="wap.dating.sxnarod.com"/>
+	<target host="www.sxnarod.com" />
+	<target host="pda.sxnarod.com" />
+	<target host="wap.dating.sxnarod.com" />
 
 	<rule from="^http://(?:www\.)?(sexnarod\.ru|superforum\.org|sxnarod\.com)/"
 		to="https://www.$1/"/>
 
-	<rule from="^http://dating\.superforum\.org/"
-		to="https://dating.superforum.org/"/>
 
-	<rule from="^http://(pda|wap\.dating)\.sxnarod\.com/"
-		to="https://$1.sxnarod.com/"/>
 
-	<securecookie host="^(www)?\.sexnarod\.ru$" name=".*"/>
-	<securecookie host="^(\.dating)?\.s(uperforum\.org|xnarod\.com)$" name=".*"/>
+	<securecookie host="^(?:www)?\.sexnarod\.ru$" name=".+" />
+	<securecookie host="^(?:\.dating)?\.s(?:uperforum\.org|xnarod\.com)$" name=".+" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/SexSlurp.xml b/src/chrome/content/rules/SexSlurp.xml
deleted file mode 100644
index 81f0adf7c475..000000000000
--- a/src/chrome/content/rules/SexSlurp.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="SexSlurp">
-
-	<target host="sexslurp.com" />
-	<target host="*.sexslurp.com" />
-
-
-	<securecookie host="^\.sexslurp\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?sexslurp\.com/"
-		to="https://$1sexslurp.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Sexkompas.net.xml b/src/chrome/content/rules/Sexkompas.net.xml
new file mode 100644
index 000000000000..a7d376a62007
--- /dev/null
+++ b/src/chrome/content/rules/Sexkompas.net.xml
@@ -0,0 +1,30 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://sexkompas.net/ => https://sexkompas.net/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.sexkompas.net/ => https://www.sexkompas.net/: (60, 'SSL certificate problem: certificate has expired')
+
+	Insecure cookies are set for these hosts:
+
+		- www.sexkompas.net
+
+-->
+<ruleset name="Sexkompas.net" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="sexkompas.net" />
+	<target host="www.sexkompas.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.sexkompas\.net$" name="^(PHPSESSID|lang|rand|selectedCity|selectedCityCode)$" /-->
+
+	<securecookie host="^www\.sexkompas\.net$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Sexstories.com.xml b/src/chrome/content/rules/Sexstories.com.xml
new file mode 100644
index 000000000000..624fdc104a36
--- /dev/null
+++ b/src/chrome/content/rules/Sexstories.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Sexstories.com">
+	<target host="sexstories.com"/>
+	<target host="www.sexstories.com"/>
+
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/Sextoy.com.xml b/src/chrome/content/rules/Sextoy.com.xml
new file mode 100644
index 000000000000..e2f1f3e179d6
--- /dev/null
+++ b/src/chrome/content/rules/Sextoy.com.xml
@@ -0,0 +1,25 @@
+<!--
+	(www.)?sextoy.com: Mismatched
+
+
+	Mixed content:
+
+		- Images, on www from:
+
+			- cnvassets.s3.amazonaws.com *
+			- d1o1wlqwda3y1b.cloudfront.net *
+
+	* Secured by us
+
+-->
+<ruleset name="Sextoy.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="secure.sextoy.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Sextoy_fun.com.xml b/src/chrome/content/rules/Sextoy_fun.com.xml
new file mode 100644
index 000000000000..a3aa23c9e342
--- /dev/null
+++ b/src/chrome/content/rules/Sextoy_fun.com.xml
@@ -0,0 +1,27 @@
+<!--
+	(www.)?sextoyfun.com: Mismatched
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- admin.sextoyfun.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Sextoy fun.com (partial)">
+
+	<target host="admin.sextoyfun.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^admin\.sextoyfun\.com$" name="^z$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Sexy_House.xml b/src/chrome/content/rules/Sexy_House.xml
index 8218660b1adc..7371c00e5a51 100644
--- a/src/chrome/content/rules/Sexy_House.xml
+++ b/src/chrome/content/rules/Sexy_House.xml
@@ -1,13 +1,12 @@
 <ruleset name="The Sexy House">
 
 	<target host="thesexyhouse.com" />
-	<target host="*.thesexyhouse.com" />
+	<target host="www.thesexyhouse.com" />
 
 
 	<securecookie host="^\.thesexyhouse\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?thesexyhouse\.com/"
-		to="https://$1thesexyhouse.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Seznam.cz.xml b/src/chrome/content/rules/Seznam.cz.xml
new file mode 100644
index 000000000000..e29a44ece79c
--- /dev/null
+++ b/src/chrome/content/rules/Seznam.cz.xml
@@ -0,0 +1,31 @@
+<!--
+    Other Seznam.cz rulesets:
+        - Lide.cz.xml
+        - Mapy.cz.xml
+        - Sklik.cz.xml
+        - Mixer.cz.xml
+        - Stream.cz.xml
+        - ProZeny.cz.xml
+-->
+<ruleset name="Seznam.cz">
+    <target host="seznam.cz" />
+    <target host="www.seznam.cz" />
+
+    <target host="registrace.seznam.cz" />
+    <target host="email.seznam.cz" />
+    <target host="lab.email.seznam.cz" />
+    <target host="post.cz" />
+    <target host="www.post.cz" />
+
+    <target host="login.szn.cz" />
+    <target host="login.seznam.cz" />
+
+    <rule from="^http://(?:www\.)?seznam\.cz/"
+            to="https://www.seznam.cz/" />
+
+    <rule from="^http://(?:www\.)?post\.cz/"
+            to="https://email.seznam.cz/" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Sfc.hk.xml b/src/chrome/content/rules/Sfc.hk.xml
new file mode 100644
index 000000000000..9dec7d5f4757
--- /dev/null
+++ b/src/chrome/content/rules/Sfc.hk.xml
@@ -0,0 +1,51 @@
+<!--
+	Non-functional hosts
+		Couldn't resolve host name:
+			 - www.efrr.sfc.hk
+			 - iscan01.sfc.hk
+			 - iscan02.sfc.hk
+			 - iscan03.sfc.hk
+			 - mprg01.sfc.hk
+			 - www.portal.sfc.hk
+			 - proxy01.sfc.hk
+			 - prsfo.sfc.hk
+			 - www.sc.sfc.hk
+			 - sfcdns.sfc.hk
+
+		Couldn't connect to server:
+			 - eapp01.sfc.hk
+			 - eapp01.sbz.sfc.hk
+
+		Timeout was reached:
+			 - sbz1a.sfc.hk
+			 - sbz1b.sfc.hk
+			 - sbz2.sfc.hk
+			 - sfcmail.sfc.hk
+			 - sfcmail1.sfc.hk
+			 - sfcmail2.sfc.hk
+			 - sfcmaila.sfc.hk
+			 - sfcmailb.sfc.hk
+
+		SSL peer certificate or SSH remote key was not OK:
+			 - cn-rules.sfc.hk
+			 - edistributionweb.sfc.hk
+			 - en-rules.sfc.hk
+			 - www.sbz.sfc.hk
+			 - extra04.sbz.sfc.hk
+			 - portal.sbz.sfc.hk
+			 - sc.sbz.sfc.hk
+			 - sc-rules.sfc.hk
+
+		Secure connection redirects to plaintext:
+			 - www.sfc.hk
+			 - sc.sfc.hk
+-->
+<ruleset name="Security and Futures Commission (partial)">
+	<target host="sfc.hk" />
+	<target host="efrr.sfc.hk" />
+	<target host="extra04.sfc.hk" />
+	<target host="extra05.sfc.hk" />
+	<target host="portal.sfc.hk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Sferra.xml b/src/chrome/content/rules/Sferra.xml
index 644c021da90c..ac71bc954e7d 100644
--- a/src/chrome/content/rules/Sferra.xml
+++ b/src/chrome/content/rules/Sferra.xml
@@ -12,4 +12,4 @@
 	<rule from="^http://(www\.)?sferra\.com/((?:checkout|Member|registry)(?:$|\?)|content/|css/|images/|photos/|Public/|Scripts/|/?store_image/|Styles/)"
 		to="https://$1sferra.com/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Sfu.ca.xml b/src/chrome/content/rules/Sfu.ca.xml
new file mode 100644
index 000000000000..0d1270ef4b81
--- /dev/null
+++ b/src/chrome/content/rules/Sfu.ca.xml
@@ -0,0 +1,130 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://adastratst.its.sfu.ca/ => https://adastratst.its.sfu.ca/: (56, 'SSL read: error:00000000:lib(0):func(0):reason(0), errno 104')
+Fetch error: http://itunes.sfu.ca/ => https://itunes.sfu.ca/: (6, 'Could not resolve host: itunes.sfu.ca')
+
+	Ruleset for sfu.ca, the Simon Fraser University website.
+	See <https://en.wikipedia.org/wiki/Simon_Fraser_University>.
+
+	Not supporting HTTPS or using an invalid certificate:
+		* 4thfloorlaser.bus.sfu.ca
+		* adgsptr3.educ.sfu.ca
+		* adhara-11.fas.sfu.ca
+		* adhara-12.fas.sfu.ca
+		* adhara-13.fas.sfu.ca
+		* adhara-15.fas.sfu.ca
+		* adhara-16.fas.sfu.ca
+		* adhara-17.fas.sfu.ca
+		* adhara-19.fas.sfu.ca
+		* adhara-20.fas.sfu.ca
+		* adhara-21.fas.sfu.ca
+		* adhara-22.fas.sfu.ca
+		* adhara2.fas.sfu.ca
+		* adhara4.fas.sfu.ca
+		* adhara5.fas.sfu.ca
+		* adhara-7.fas.sfu.ca
+		* adhara-8.fas.sfu.ca
+		* adhara-9.fas.sfu.ca
+		* affectstudy.iat.sfu.ca
+		* afk.iat.sfu.ca
+		* agave.its.sfu.ca
+		* aisg.sfu.ca
+		* alder.archives.sfu.ca
+		* alert-sfu.srs.sfu.ca
+		* api-manager.its.sfu.ca
+		* aq2112-stor1.geog.sfu.ca
+		* aq2113-prtr1.geog.sfu.ca
+		* aq3110-pr1.psyc.sfu.ca
+		* aq3117-pr1.psyc.sfu.ca
+		* athletics.sfu.ca
+		* awards-search.sfu.ca
+		* blogs.sfu.ca
+		* business.sfu.ca
+		* ciber.fas.sfu.ca
+		* cran.stat.sfu.ca
+		* cs.sfu.ca
+		* cufts2.lib.sfu.ca
+		* fas.sfu.ca
+		* gruvi.cs.sfu.ca
+		* i.sfu.ca
+		* journals.sfu.ca
+		* lab-enif.sfu.ca
+		* lib-ojs3.lib.sfu.ca
+		* library.sfu.ca
+		* live.sfu.ca
+		* mial.fas.sfu.ca
+		* netsg.cs.sfu.ca
+		* ocs.sfu.ca
+		* people.math.sfu.ca
+		* people.stat.sfu.ca
+		* proxy.lib.sfu.ca
+		* summit.sfu.ca
+		* troy.lib.sfu.ca
+		* ts-incident01.its.sfu.ca
+		* www2.cieedac.sfu.ca
+		* www2.ensc.sfu.ca
+		* www.burnaby.sfu.ca
+		* www.cecm.sfu.ca
+		* www.cim.sfu.ca
+		* www.irmacs.sfu.ca
+		* www.lib.sfu.ca
+		* www.lti.sfu.ca
+		* www.pathogenomics.sfu.ca
+		* www.physics.sfu.ca
+		* www.rem.sfu.ca
+		* www.siat.sfu.ca
+		* www.vancouver.sfu.ca
+		* xpressconnect.its.sfu.ca
+-->
+<ruleset name="Simon Fraser University" default_off="failed ruleset test">
+
+	<target host="sfu.ca" />
+
+	<target host="4dlabs.sfu.ca" />
+	<target host="adastradev.its.sfu.ca" />
+	<target host="adastratst.its.sfu.ca" />
+	<target host="advance.science.sfu.ca" />
+	<target host="aef.alumni.sfu.ca" />
+	<target host="amaintf.sfu.ca" />
+	<target host="apps.code.sfu.ca" />
+	<target host="beediecommunity.sfu.ca" />
+	<target host="beedie.sfu.ca" />
+	<target host="canvas.sfu.ca" />
+	<target host="cas.sfu.ca" />
+	<target host="cgi.sfu.ca" />
+	<target host="code.sfu.ca" />
+	<target host="connect.sfu.ca" />
+	<target host="courses.cs.sfu.ca" />
+	<target host="email.sfu.ca" />
+	<target host="events.sfu.ca" />
+	<target host="go.sfu.ca" />
+	<target host="gradawards.sfu.ca" />
+	<target host="hatzicf.sfu.ca" />
+	<target host="itunes.sfu.ca" />
+	<target host="loncapa.sfu.ca" />
+	<target host="math.sfu.ca" />
+	<target host="my.sfu.ca" />
+	<target host="nernst.chem.sfu.ca" />
+	<target host="orientation.its.sfu.ca" />
+	<target host="pkp.sfu.ca" />
+	<target host="pop.sfu.ca" />
+	<target host="portal.cs.sfu.ca" />
+	<target host="services.sfu.ca" />
+	<target host="sims-prd.sfu.ca" />
+	<target host="starrez.its.sfu.ca" />
+	<target host="students.sfu.ca" />
+	<target host="svn.sfu.ca" />
+	<target host="theses.lib.sfu.ca" />
+	<target host="webmail.sfu.ca" />
+	<target host="www2.sfu.ca" />
+	<target host="www.cs.sfu.ca" />
+	<target host="www.psyc.sfu.ca" />
+	<target host="www.sfu.ca" />
+	<target host="www.stat.sfu.ca" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
+
diff --git a/src/chrome/content/rules/Sfx.ms.xml b/src/chrome/content/rules/Sfx.ms.xml
new file mode 100644
index 000000000000..7ea42972612c
--- /dev/null
+++ b/src/chrome/content/rules/Sfx.ms.xml
@@ -0,0 +1,20 @@
+<!--
+	For other Microsoft coverage, see Microsoft.xml.
+
+
+	Fully hosts in *sfx.ms:
+
+		- p
+
+-->
+<ruleset name="sfx.ms">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="p.sfx.ms" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Sgtools.info.xml b/src/chrome/content/rules/Sgtools.info.xml
new file mode 100644
index 000000000000..dbbde702b066
--- /dev/null
+++ b/src/chrome/content/rules/Sgtools.info.xml
@@ -0,0 +1,6 @@
+<ruleset name="Sgtools.info">
+	<target host="sgtools.info" />
+	<target host="www.sgtools.info" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Shabdkosh.com.xml b/src/chrome/content/rules/Shabdkosh.com.xml
new file mode 100644
index 000000000000..f6f7864e7550
--- /dev/null
+++ b/src/chrome/content/rules/Shabdkosh.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="Shabdkosh.com">
+	<target host="shabdkosh.com" />
+	<target host="www.shabdkosh.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Shacknews.com.xml b/src/chrome/content/rules/Shacknews.com.xml
new file mode 100644
index 000000000000..517065734b83
--- /dev/null
+++ b/src/chrome/content/rules/Shacknews.com.xml
@@ -0,0 +1,14 @@
+<!--
+	Non-functional hosts:
+		Certificate mismatched:
+		- cf.shacknews.com
+
+-->
+<ruleset name="Shacknews.com">
+
+	<target host="shacknews.com" />
+	<target host="www.shacknews.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Shacknews.xml b/src/chrome/content/rules/Shacknews.xml
deleted file mode 100644
index 9e5c40692b96..000000000000
--- a/src/chrome/content/rules/Shacknews.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<ruleset name="Shacknews">
-
-	<target host="shacknews.com" />
-	<target host="*.shacknews.com" />
-
-
-	<securecookie host="^www\.shacknews\.com$" name=".*" />
-
-
-	<!--	- !www times out over https
-		- !www 301s to www over http
-						-->
-	<rule from="^https?://(?:www\.)?shacknews\.com/"
-		to="https://www.shacknews.com/" />
-
-	<rule from="^https?://cf\.shacknews\.com/"
-		to="https://shacknews.s3.amazonaws.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Shadertoy.com.xml b/src/chrome/content/rules/Shadertoy.com.xml
new file mode 100644
index 000000000000..0b6082c4b6ef
--- /dev/null
+++ b/src/chrome/content/rules/Shadertoy.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="Shadertoy.com">
+
+	<target host="shadertoy.com" />
+	<target host="www.shadertoy.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Shadow_of_Mordor.com.xml b/src/chrome/content/rules/Shadow_of_Mordor.com.xml
new file mode 100644
index 000000000000..32f4dbb8435e
--- /dev/null
+++ b/src/chrome/content/rules/Shadow_of_Mordor.com.xml
@@ -0,0 +1,48 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.shadowofmordor.com/ => https://www.shadowofmordor.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://shadowofmordor.com/ => https://www.shadowofmordor.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+	^shadowofmordor.com: Expired
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .shadowofmordor.com
+		- www.shadowofmordor.com
+
+
+	Mixed content:
+
+		- Bug from pixel.quantserve.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Shadow of Mordor.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.shadowofmordor.com" />
+
+	<!--	Complications:
+				-->
+	<target host="shadowofmordor.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.shadowofmordor\.com$" name="^__qca" /-->
+	<!--securecookie host="^www\.shadowofmordor\.com$" name="^(?:_icl_current_language|PHPSESSID)$" /-->
+
+	<securecookie host="^(?:www)?\.shadowofmordor\.com$" name=".+" />
+
+
+	<rule from="^http://shadowofmordor\.com/"
+		to="https://www.shadowofmordor.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Shadowfacts.net.xml b/src/chrome/content/rules/Shadowfacts.net.xml
new file mode 100644
index 000000000000..dc6e6365dd20
--- /dev/null
+++ b/src/chrome/content/rules/Shadowfacts.net.xml
@@ -0,0 +1,26 @@
+<!--
+	Timeout:
+		- toren.shadowfacts.net
+
+	Mismatched:
+		- kalr.shadowfacts.net
+		- mail.shadowfacts.net
+		- v1.shadowfacts.net
+-->
+<ruleset name="Shadowfacts.net">
+	<target host="shadowfacts.net" />
+	<target host="www.shadowfacts.net" />
+	<target host="frenzy.shadowfacts.net" />
+	<target host="git.shadowfacts.net" />
+	<target host="hn.shadowfacts.net" />
+	<target host="maven.shadowfacts.net" />
+	<target host="mememachine.shadowfacts.net" />
+	<target host="new.shadowfacts.net" />
+	<target host="rtfm.shadowfacts.net" />
+	<target host="social.shadowfacts.net" />
+	<target host="proxy.toren.shadowfacts.net" />
+	<target host="type.shadowfacts.net" />
+	<target host="update.shadowfacts.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Shadowproof.com.xml b/src/chrome/content/rules/Shadowproof.com.xml
new file mode 100644
index 000000000000..0f5418331ba8
--- /dev/null
+++ b/src/chrome/content/rules/Shadowproof.com.xml
@@ -0,0 +1,32 @@
+<!--
+	Problematic hosts in *shadowproof.com:
+
+		- action ᴬ ᵐ
+
+	ᴬ Akamai
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these domains:
+
+		- .shadowproof.com
+
+-->
+<ruleset name="Shadowproof.com (partial)">
+
+	<target host="shadowproof.com" />
+	<target host="donate.shadowproof.com" />
+	<target host="www.shadowproof.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.shadowproof\.com$" name="^spud$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Shadowserver.org.xml b/src/chrome/content/rules/Shadowserver.org.xml
new file mode 100644
index 000000000000..73eea17754b8
--- /dev/null
+++ b/src/chrome/content/rules/Shadowserver.org.xml
@@ -0,0 +1,17 @@
+<!--
+	Non-functional subdomains:
+		- blog			(mismatch)
+		- keyserver		(connection refused) *
+		* https://github.com/EFForg/https-everywhere/issues/12455
+-->
+
+<ruleset name="Shadowserver.org (partial)">
+	<target host="shadowserver.org" />
+	<target host="www.shadowserver.org" />
+	<target host="dnsscan.shadowserver.org" />
+
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Shaklee.xml b/src/chrome/content/rules/Shaklee.xml
index d6ec73f16bf5..73e72d2dd8d6 100644
--- a/src/chrome/content/rules/Shaklee.xml
+++ b/src/chrome/content/rules/Shaklee.xml
@@ -17,14 +17,17 @@
 	* Some pages redirect to http
 
 -->
-<ruleset name="Shaklee (partial)">
+<ruleset name="Shaklee (partial)" default_off="Needs ruleset tests">
 
 	<target host="myshaklee.com" />
-	<target host="*.myshaklee.com" />
+	<target host="www.myshaklee.com" />
+	<target host="member.myshaklee.com" />
 		<exclusion pattern="^http://member\.myshaklee\.com/\w\w/\w\w/article/" />
 	<target host="shaklee.com" />
-	<target host="*.shaklee.com" />
-		<exclusion pattern="^htpp;//shaklee\.com/(?:/\w\w/\w\w/)?(?:$|\?)" />
+	<target host="content.shaklee.com" />
+	<target host="images.shaklee.com" />
+	<target host="www.shaklee.com" />
+		<exclusion pattern="^http://shaklee\.com/(?:/\w\w/\w\w/)?(?:$|\?)" />
 
 
 	<!--	Tracking cookies:
@@ -34,13 +37,10 @@
 	<securecookie host="^www\.myshaklee\.com$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?myshaklee\.com/"
+	<rule from="^http://myshaklee\.com/"
 		to="https://www.myshaklee.com/" />
 
-	<rule from="^http://member\.myshaklee\.com/"
-		to="https://member.myshaklee.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-	<rule from="^http://(content\.|images\.|www\.)?shaklee\.com/"
-		to="https://$1shaklee.com/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Shamans_Garden.xml b/src/chrome/content/rules/Shamans_Garden.xml
index f689607878da..daa6a3fd2b2a 100644
--- a/src/chrome/content/rules/Shamans_Garden.xml
+++ b/src/chrome/content/rules/Shamans_Garden.xml
@@ -1,13 +1,12 @@
 <ruleset name="Shaman's Garden">
 
 	<target host="shamansgarden.com" />
-	<target host="*.shamansgarden.com" />
+	<target host="www.shamansgarden.com" />
 
 
 	<securecookie host="^(?:w*\.)?shamansgarden\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?shamansgarden\.com/"
-		to="https://$1shamansgarden.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Shambhala-Mountain-Center.xml b/src/chrome/content/rules/Shambhala-Mountain-Center.xml
index 574df6d534dc..5bcf50539e02 100644
--- a/src/chrome/content/rules/Shambhala-Mountain-Center.xml
+++ b/src/chrome/content/rules/Shambhala-Mountain-Center.xml
@@ -4,10 +4,9 @@
 	<target host="www.shambhalamountain.org" />
 
 
-	<securecookie host="^(www\.)?shambhalamountain\.org$" name=".*" />
+	<securecookie host="^(?:www\.)?shambhalamountain\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?shambhalamountain\.org/"
-		to="https://$1shambhalamountain.org/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Shamela.ws.xml b/src/chrome/content/rules/Shamela.ws.xml
new file mode 100644
index 000000000000..00a44f029023
--- /dev/null
+++ b/src/chrome/content/rules/Shamela.ws.xml
@@ -0,0 +1,10 @@
+<ruleset name="Shamela.ws">
+	<target host="shamela.ws" />
+	<target host="www.shamela.ws" />
+	<target host="mail.shamela.ws" />
+	<target host="ns2.shamela.ws" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Shanaproject.com.xml b/src/chrome/content/rules/Shanaproject.com.xml
new file mode 100644
index 000000000000..355563a69f2b
--- /dev/null
+++ b/src/chrome/content/rules/Shanaproject.com.xml
@@ -0,0 +1,13 @@
+<!--
+	Timeout:
+		- blog.shanaproject.com
+
+-->
+<ruleset name="Shana Project">
+	<target host="shanaproject.com" />
+	<target host="www.shanaproject.com" />
+	<target host="media.shanaproject.com" />
+	<target host="static.shanaproject.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ShanghaiCommercialBank.xml b/src/chrome/content/rules/ShanghaiCommercialBank.xml
new file mode 100644
index 000000000000..432f53bc0c2b
--- /dev/null
+++ b/src/chrome/content/rules/ShanghaiCommercialBank.xml
@@ -0,0 +1,12 @@
+<ruleset name="Shanghai Commercial Bank">
+
+	<target host="www.shacombank.com.hk" />
+	<target host="ibusiness.shacombank.com.hk" />
+	<target host="m.shacombank.com.hk" />
+	<target host="ws21.shacombank.com.hk" />
+
+	<target host="www.shacomsecurities.com.hk" />
+
+		<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Shannon-Health.xml b/src/chrome/content/rules/Shannon-Health.xml
index 38c63779b3b3..5cf42226243a 100644
--- a/src/chrome/content/rules/Shannon-Health.xml
+++ b/src/chrome/content/rules/Shannon-Health.xml
@@ -1,19 +1,23 @@
-<ruleset name="Shannon Health">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://myshannonconnection.org/ => https://www.myshannonconnection.org/: (28, 'Connection timed out after 20001 milliseconds')
+
+-->
+<ruleset name="Shannon Health" default_off="failed ruleset test">
 
 	<target host="myshannonconnection.org" />
-	<target host="*.myshannonconnection.org" />
+	<target host="www.myshannonconnection.org" />
 	<target host="shannonhealth.com" />
-	<target host="*.shannonhealth.com" />
-
+	<target host="www.shannonhealth.com" />
 
-	<securecookie host="^(.*\.)?myshannonconnection\.org$" name=".+" />
-	<securecookie host="^(.*\.)?shannonhealth\.com$" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
 
-	<rule from="^https?://(?:www\.)?myshannonconnection\.org/"
+	<rule from="^http://(?:www\.)?myshannonconnection\.org/"
 		to="https://www.myshannonconnection.org/" />
 
-	<rule from="^https?://(?:www\.)?shannonhealth\.com/"
+	<rule from="^http://(?:www\.)?shannonhealth\.com/"
 		to="https://www.shannonhealth.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/ShapeShift.io.xml b/src/chrome/content/rules/ShapeShift.io.xml
new file mode 100644
index 000000000000..5c00f07e85a0
--- /dev/null
+++ b/src/chrome/content/rules/ShapeShift.io.xml
@@ -0,0 +1,23 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .shapeshift.io
+
+-->
+<ruleset name="ShapeShift.io">
+
+	<target host="shapeshift.io" />
+	<target host="www.shapeshift.io" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.shapeshift\.io$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ShareASale.com.xml b/src/chrome/content/rules/ShareASale.com.xml
index 672c76dbaa6f..29e1c276f48c 100644
--- a/src/chrome/content/rules/ShareASale.com.xml
+++ b/src/chrome/content/rules/ShareASale.com.xml
@@ -1,7 +1,26 @@
 <!--
-	Nonfunctional subdomains:
+	CDN buckets:
 
-		- blog	(dropped)
+		- dou14x5jx22mo.cloudfront.net	← static
+
+
+	Nonfunctional hosts in *shareasale.com:
+
+		- blog ᵈ
+
+	ᵈ Dropped
+
+
+	Problematic hosts in *shareasale.com:
+
+		- static ᵐ
+
+	ᵐ Cloudfront/mismatched
+
+
+	Insecure cookies are set for these domains:
+
+		- .shareasale.com
 
 
 	Click/referral tracking.
@@ -9,14 +28,26 @@
 -->
 <ruleset name="ShareASale.com (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="shareasale.com" />
-	<target host="*.shareasale.com" />
+	<target host="i.shareasale.com" />
+	<target host="www.shareasale.com" />
+
+	<!--	Complications:
+				-->
+	<target host="static.shareasale.com" />
+
+		<test url="http://static.shareasale.com/image/43811/Affiliates150x150.png" />
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.shareasale\.com$" name="^(AFFTRACK\d+|DATA\d+|GC|MERCHANT\d+|UNDER\d+)$" /-->
 
-	<securecookie host="^\.shareasale\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(www\.)?shareasale\.com/"
-		to="https://$1shareasale.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ShareConnect.com.xml b/src/chrome/content/rules/ShareConnect.com.xml
new file mode 100644
index 000000000000..b4274f8aa8ff
--- /dev/null
+++ b/src/chrome/content/rules/ShareConnect.com.xml
@@ -0,0 +1,29 @@
+<!--
+	For other Citrix coverage, see Citrix.xml.
+
+
+	Insecure cookies are set for these hosts:
+
+		- app.shareconnect.com
+
+-->
+<ruleset name="ShareConnect.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="shareconnect.com" />
+	<target host="app.shareconnect.com" />
+	<target host="www.shareconnect.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^app\.shareconnect\.com$" name="^ercVisitor$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ShareFile.com.xml b/src/chrome/content/rules/ShareFile.com.xml
new file mode 100644
index 000000000000..e87decfb96ae
--- /dev/null
+++ b/src/chrome/content/rules/ShareFile.com.xml
@@ -0,0 +1,30 @@
+<!--
+	For other Citrix coverage, see Citrix.xml.
+
+
+	Insecure cookies are set for these hosts:
+
+		- secure.sharefile.com
+
+-->
+<ruleset name="ShareFile.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="sharefile.com" />
+	<target host="secure.sharefile.com" />
+	<target host="www.sharefile.com" />
+	<target host="www2.sharefile.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^secure\.sharefile\.com$" name="^(?:ApiToken|i18next)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ShareFile_support.com-problematic.xml b/src/chrome/content/rules/ShareFile_support.com-problematic.xml
new file mode 100644
index 000000000000..77ec5650e604
--- /dev/null
+++ b/src/chrome/content/rules/ShareFile_support.com-problematic.xml
@@ -0,0 +1,20 @@
+<!--
+	For rules that are on by default, see ShareFile_support.com.xml.
+
+
+	Server sends no certificate chain *
+
+	* See https://whatsmychaincert.com
+
+-->
+<ruleset name="ShareFile support.com (missing certificate chain)" default_off="cert-chain">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="community.sharefilesupport.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ShareFile_support.com.xml b/src/chrome/content/rules/ShareFile_support.com.xml
new file mode 100644
index 000000000000..05d815e06819
--- /dev/null
+++ b/src/chrome/content/rules/ShareFile_support.com.xml
@@ -0,0 +1,34 @@
+<!--
+	For problematic rules, see ShareFile_support.com-problematic.xml.
+
+	For other Citrix coverage, see Citrix.xml.
+
+
+	Problematic hosts in *sharefilesupport.com:
+
+		- (www.)? ¹
+		- community ²
+
+	¹ Mismatched
+	² Missing certificate chain
+
+-->
+<ruleset name="ShareFile support.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<!--target host="community.sharefilesupport.com" /-->
+
+	<!--	Complications:
+				-->
+	<target host="sharefilesupport.com" />
+	<target host="www.sharefilesupport.com" />
+
+
+	<rule from="^http://(?:www\.)?sharefilesupport\.com/"
+		to="https://www.sharefile.com/" />
+
+	<!--rule from="^http:"
+		to="https:" /-->
+
+</ruleset>
diff --git a/src/chrome/content/rules/ShareIslam.com.xml b/src/chrome/content/rules/ShareIslam.com.xml
new file mode 100644
index 000000000000..4f8e8e9e8c5c
--- /dev/null
+++ b/src/chrome/content/rules/ShareIslam.com.xml
@@ -0,0 +1,19 @@
+<!--
+	Also see subsite at https://www.shareislam.com/order/
+
+	Invalid Certificate:
+		order.shareislam.com
+-->
+<ruleset name="ShareIslam.com" >
+	<target host="shareislam.com" />
+	<target host="www.shareislam.com" />
+	<target host="mail.shareislam.com" />
+	<target host="order.shareislam.com" />
+	<target host="storage.shareislam.com" />
+
+	<securecookie host="^www\.shareislam\.com$" name=".+" />
+
+	<rule from="^http://order\.shareislam\.com/" to="https://www.shareislam.com/order/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ShareRepo.com.xml b/src/chrome/content/rules/ShareRepo.com.xml
new file mode 100644
index 000000000000..20eea7bbf691
--- /dev/null
+++ b/src/chrome/content/rules/ShareRepo.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .sharerepo.com
+
+-->
+<ruleset name="ShareRepo.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="sharerepo.com" />
+	<target host="www.sharerepo.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.sharerepo\.com$" name="^(?:__cfduid|cf_clearance|guest_hash)$" /-->
+
+	<securecookie host="^\.sharerepo\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ShareSix.com.xml b/src/chrome/content/rules/ShareSix.com.xml
new file mode 100644
index 000000000000..0fb6aaeabef6
--- /dev/null
+++ b/src/chrome/content/rules/ShareSix.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .sharesix.com
+
+-->
+<ruleset name="ShareSix.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="sharesix.com" />
+	<target host="www.sharesix.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.sharesix\.com$" name="^(?:__cfduid|cf_clearance|guest_hash)$" /-->
+
+	<securecookie host="^\.sharesix\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ShareThis.xml b/src/chrome/content/rules/ShareThis.xml
index 4e5651c2c830..2af4869de38f 100644
--- a/src/chrome/content/rules/ShareThis.xml
+++ b/src/chrome/content/rules/ShareThis.xml
@@ -2,19 +2,22 @@
 	CDN buckets:
 
 		- cdn.sharethis.com.edgesuite.net
-
-			- a1694.g.akamai.net
-
 		- s.sharethis.com.edgesuite.net
+		- w.sharethis.com.edgesuite.net
 
-			- a803.g.akamai.net
 
-		- w.sharethis.com.edgesuite.net
+	Nonfunctional hosts in *sharethis.com:
+
+		- ^ ¹
+		- forums ²
+		- support ²
+		- www ²
 
-			- a335.b.akamai.net
+	¹ 503
+	² Redirects to http
 
 
-	Problematic subdomains:
+	Problematic hosts in *sharethis.com:
 
 		- cdn *
 		- s *
@@ -23,52 +26,56 @@
 	* Works, akamai
 
 
-	Fully covered subdomains:
-
-		- (www.)
-		- cdn	(→ ^)
-		- forums
-		- help
-		- l
-		- s	(→ sd)
-		- seg
-		- support
-		- w	(→ ws)
-		- wd
-		- wd-edge
-		- ws
+	Mixed content:
 
+		- Fonts on support from www.sharethis.com ¹
+		- Images on support from www.sharethis.com ¹
+		- Bugs on support from hello.myfonts.net ²
 
-	Mixed content:
+	¹ Unsecurable <= redirects to http
+	² Secured by us
 
-		- css on support from cdn *
+-->
+<ruleset name="ShareThis.com (partial)">
 
-		- Web bugs, on:
+	<!--	Direct rewrites:
+				-->
+	<target host="cf-wp-prod.sharethis.com" />
+	<target host="help.sharethis.com" />
+	<target host="l.sharethis.com" />
+	<target host="sd.sharethis.com" />
+	<target host="seg.sharethis.com" />
+	<target host="wd.sharethis.com" />
+	<target host="wd-edge.sharethis.com" />
+	<target host="ws.sharethis.com" />
 
-			- www from s **
-			- www from ws **
+	<!--	Complications:
+				-->
+	<target host="s.sharethis.com" />
+	<target host="w.sharethis.com" />
 
-	* Secured by us, alters snippet text size
-	** Secured by us
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://(support|www)\.sharethis\.com/$" /-->
 
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://forums\.sharethis\.com/($|wp-content/)" /-->
 
-	The change caused by css MCB is minimal,
-	and we don't care about web bugs, so don't
-	mark this ruleset as mixedcontent.
+			<!--test url="http://forums.sharethis.com/wp-content/themes/sharethis/images/homepage-engage-radar-1.png" /-->
 
--->
-<ruleset name="ShareThis">
+		<test url="http://cf-wp-prod.sharethis.com/wp-content/plugins/yet-another-related-posts-plugin/style/widget.css.gzip" />
+		<test url="http://seg.sharethis.com/socialOptimizationPixel.php" />
 
-	<target host="sharethis.com" />
-	<target host="*.sharethis.com" />
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.sharethis\.com$" name="^__seg$$" /-->
 
 	<!--securecookie host="^\.sharethis\.com$" name="^(__stid|__uset)$" /-->
-	<securecookie host="^(?:.*\.)?sharethis\.com$" name=".+" />
-
+	<!--securecookie host="^(?:.*\.)?sharethis\.com$" name=".+" /-->
+	<securecookie host=".+" name=".+"/>
 
-	<rule from="^http://cdn\.sharethis\.com/"
-		to="https://sharethis.com/" />
 
 	<rule from="^http://s\.sharethis\.com/"
 		to="https://sd.sharethis.com/" />
@@ -76,7 +83,7 @@
 	<rule from="^http://w\.sharethis\.com/"
 		to="https://ws.sharethis.com/" />
 
-	<rule from="^http://([\w-]+\.)?sharethis\.com/"
-		to="https://$1sharethis.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Share_it.com.xml b/src/chrome/content/rules/Share_it.com.xml
new file mode 100644
index 000000000000..c13dd87ce3a6
--- /dev/null
+++ b/src/chrome/content/rules/Share_it.com.xml
@@ -0,0 +1,79 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://secure.shareit.com/ => https://secure.shareit.com/: (7, 'Failed to connect to www.element5.com port 443: Connection refused')
+
+	For other Digital River coverage, see Digital-River.xml.
+
+
+	(www.)?shareit.com: Refused
+
+
+	Partially covered hosts in *shareit.com:
+
+		- (www.)? *
+
+	* Not all paths redirect
+
+
+	Insecure cookies are set for these hosts:
+
+		- ccc.shareit.com
+		- secure.shareit.com
+
+
+	Mixed content:
+
+		- css on ccc from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Share it.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ccc.shareit.com" />
+	<target host="secure.shareit.com" />
+
+	<!--	Complications:
+				-->
+	<target host="shareit.com" />
+	<target host="www.shareit.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(ccc|secure)\.shareit\.com$" name="^BIGipServerp(-\w+){4}-\d+$" /-->
+
+	<securecookie host="^(?!www\.)\w" name=".+" />
+
+
+	<!--	Redirect keeps args but
+		not forward slash:
+					-->
+	<rule from="^http://(?:www\.)?shareit\.com/+"
+		to="https://www.mycommerce.com/" />
+
+		<!--	/*\w does not redirect:
+						-->
+		<exclusion pattern="^http://(?:www\.)?shareit\.com/+(?!$|\?)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://shareit.com/default.aspx" />
+			<test url="http://www.shareit.com/default.aspx" />
+			<test url="http://www.shareit.com/index.htm" />
+			<test url="http://www.shareit.com/index.html" />
+			<test url="http://www.shareit.com/index.jsp" />
+			<test url="http://www.shareit.com/index.php" />
+
+			<!--	-ve:
+					-->
+			<test url="http://shareit.com/?" />
+			<test url="http://www.shareit.com/?" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Share_the_Network.xml b/src/chrome/content/rules/Share_the_Network.xml
index 32088971a5c7..189c4ec38421 100644
--- a/src/chrome/content/rules/Share_the_Network.xml
+++ b/src/chrome/content/rules/Share_the_Network.xml
@@ -1,11 +1,8 @@
 <!--
 	For other Verizon coverage, see Verizon.xml.
 
-
-	!www: cert only matches www
-
 -->
-<ruleset name="Share the Network">
+<ruleset name="Share the Network.com" default_off="connection reset">
 
 	<target host="sharethenetwork.com" />
 	<target host="www.sharethenetwork.com" />
@@ -14,7 +11,7 @@
 	<securecookie host="^www\.sharethenetwork\.com$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?sharethenetwork\.com/"
-		to="https://www.sharethenetwork.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SharedCount.com.xml b/src/chrome/content/rules/SharedCount.com.xml
new file mode 100644
index 000000000000..7a020e3ab512
--- /dev/null
+++ b/src/chrome/content/rules/SharedCount.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Time out:
+		status.sharedcount.com
+
+-->
+<ruleset name="SharedCount.com">
+
+	<target host="sharedcount.com" />
+	<target host="*.sharedcount.com" />
+
+		<test url="http://www.sharedcount.com/" />
+		<test url="http://api.sharedcount.com/" />
+		<test url="http://docs.sharedcount.com/" />
+
+		<!-- Each customer gets their own subdomain. See https://docs.sharedcount.com/ -->
+		<test url="http://business.sharedcount.com/" />
+		<test url="http://fairfaxmedia.sharedcount.com/" />
+		<test url="http://free.sharedcount.com/" />
+		<test url="http://vidiq.sharedcount.com/" />
+
+		<exclusion pattern="^http://status\.sharedcount\.com/" />
+			<test url="http://status.sharedcount.com/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SharedValue.org.xml b/src/chrome/content/rules/SharedValue.org.xml
index a79e8ea74dcb..5141f7a509b3 100644
--- a/src/chrome/content/rules/SharedValue.org.xml
+++ b/src/chrome/content/rules/SharedValue.org.xml
@@ -1,10 +1,22 @@
+<!--
+	Mixed content:
+
+		- Image from $self *
+
+	* Secured by us
+
+-->
 <ruleset name="SharedValue.org">
 
 	<target host="sharedvalue.org" />
 	<target host="www.sharedvalue.org" />
 
+		<!--	Mixed image:
+					-->
+		<test url="http://sharedvalue.org/user/login" />
+
 
-	<rule from="^http://(www\.)?sharedvalue\.org/"
-		to="https://$1sharedvalue.org/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Sharedcount.com-API.xml b/src/chrome/content/rules/Sharedcount.com-API.xml
deleted file mode 100644
index 2c2c6e045e11..000000000000
--- a/src/chrome/content/rules/Sharedcount.com-API.xml
+++ /dev/null
@@ -1,5 +0,0 @@
-<ruleset name="sharedcount.com API">
-  <target host="api.sharedcount.com"/>
-  
-<rule from="^http://api\.sharedcount\.com/" to="https://sharedcount.appspot.com/"/>
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Sharedvue.net.xml b/src/chrome/content/rules/Sharedvue.net.xml
new file mode 100644
index 000000000000..fd7e9d34081e
--- /dev/null
+++ b/src/chrome/content/rules/Sharedvue.net.xml
@@ -0,0 +1,27 @@
+<!--
+	(www.)?sharedvue.net: Dropped over http & https
+
+
+	Insecure cookies are set for these hosts:
+
+		- intel.sharedvue.net
+
+-->
+<ruleset name="sharedvue.net">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="intel.sharedvue.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^intel\.sharedvue\.net$" name="^AWSELB$" /-->
+
+	<securecookie host="^intel\.sharedvue\.net$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Sharefest.me.xml b/src/chrome/content/rules/Sharefest.me.xml
index c887208100e1..0606f4c08918 100644
--- a/src/chrome/content/rules/Sharefest.me.xml
+++ b/src/chrome/content/rules/Sharefest.me.xml
@@ -1,16 +1,25 @@
 <!--
-	Problematic subdomains:
+	Insecure cookies are set for these domains:
 
-		- ^	(dropped)
+		- .sharefest.me
 
 -->
 <ruleset name="Sharefest.me">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="sharefest.me" />
 	<target host="www.sharefest.me" />
 
 
-	<rule from="^http://(?:www\.)?sharefest\.me/"
-		to="https://www.sharefest.me/" />
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.sharefest\.me$" name="^(?:__cfduid|cf_clearance)$" /-->
 
-</ruleset>
\ No newline at end of file
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Shareholder.com.xml b/src/chrome/content/rules/Shareholder.com.xml
index 971d8fb41dc6..b1989a9ee09d 100644
--- a/src/chrome/content/rules/Shareholder.com.xml
+++ b/src/chrome/content/rules/Shareholder.com.xml
@@ -9,8 +9,17 @@
 -->
 <ruleset name="Shareholder.com (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="shareholder.com" />
-	<target host="*.shareholder.com" />
+	<target host="apps.shareholder.com" />
+	<target host="dialogue.shareholder.com" />
+	<target host="investor.shareholder.com" />
+	<target host="www.shareholder.com" />
+
+	<!--	Complications:
+				-->
+	<target host="apps2.shareholder.com" />
 
 
 	<!--securecookie host="^\.shareholder\.com$" name="^(gpv_p\d\d|s_\w\w|s_fid|s_invisit|s_vnum)$" /-->
@@ -20,10 +29,10 @@
 	<!--	- apps2 doesn't work over https
 		- apps & apps2 appear identical
 			-->
-	<rule from="^http://apps2?\.shareholder\.com/"
+	<rule from="^http://apps2\.shareholder\.com/"
 		to="https://apps.shareholder.com/" />
 
-	<rule from="^http://(dialogue\.|investor\.|www\.)?shareholder\.com/"
-		to="https://$1shareholder.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Shareholder.ru.xml b/src/chrome/content/rules/Shareholder.ru.xml
new file mode 100644
index 000000000000..3488d7be18d8
--- /dev/null
+++ b/src/chrome/content/rules/Shareholder.ru.xml
@@ -0,0 +1,41 @@
+<!--
+	For other WebMoney coverage, see WebMoney.xml.
+
+
+	Problematic hosts in *shareholder.ru:
+
+		- forum *
+
+	* Server sends no certificate chain, see https://whatsmychaincert.com
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- shareholder.ru
+		- .shareholder.ru
+		- forum.shareholder.ru
+		- www.shareholder.ru
+
+-->
+<ruleset name="Shareholder.ru (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="shareholder.ru" />
+	<!--target host="forum.shareholder.ru" /-->
+	<target host="www.shareholder.ru" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?shareholder\.ru$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^\.shareholder\.ru$" name="^Language$" /-->
+	<!--securecookie host="^forum\.sharehulder\.ru$" name="^session_id$" /-->
+
+	<securecookie host="^(?:\.|www\.)?shareholder\.ru$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Shareshight.com.xml b/src/chrome/content/rules/Shareshight.com.xml
new file mode 100644
index 000000000000..0dac6fb4a28b
--- /dev/null
+++ b/src/chrome/content/rules/Shareshight.com.xml
@@ -0,0 +1,15 @@
+<ruleset name="Sharesight.com">
+	<target host="sharesight.com" />
+	<target host="www.sharesight.com" />
+	<target host="api.sharesight.com" />
+	<target host="cmc.sharesight.com" />
+	<target host="community.sharesight.com" />
+	<target host="ebroking.sharesight.com" />
+	<target host="help.sharesight.com" />
+	<target host="pinnacle.sharesight.com" />
+	<target host="portfolio.sharesight.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Sharethefiles.com.xml b/src/chrome/content/rules/Sharethefiles.com.xml
new file mode 100644
index 000000000000..a4b3b4a26a35
--- /dev/null
+++ b/src/chrome/content/rules/Sharethefiles.com.xml
@@ -0,0 +1,19 @@
+<!--
+	Invalid certificate:
+		mail.sharethefiles.com
+
+-->
+<ruleset name="Sharethefiles.com">
+
+	<target host="sharethefiles.com" />
+	<target host="www.sharethefiles.com" />
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.sharethefiles\.com$" name="^phpbb3_\w{7}_(k|sid|u)$" /-->
+	<securecookie host="^\.sharethefiles\.com$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Sharethrough.com.xml b/src/chrome/content/rules/Sharethrough.com.xml
new file mode 100644
index 000000000000..6e3c0de9174a
--- /dev/null
+++ b/src/chrome/content/rules/Sharethrough.com.xml
@@ -0,0 +1,45 @@
+<!--
+	Nonfunctional hosts in *sharethrough.com:
+
+		- media ⁵
+
+	⁵ 504
+
+
+	Problematic hosts in *sharethrough.com:
+
+		- developer ᵐ
+		- headlines ᵐ
+		- hq ᵉ
+		- info ᵐ
+		- marketing ᵐ
+		- summit ᵉ
+
+	ᵉ Expired
+	ᵐ Mismatched
+
+	Insecure cookie are set for these hosts: ᶜ
+
+		- generator.sharethrough.com
+		- headlines.sharethrough.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Sharethrough.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="sharethrough.com" />
+	<target host="content.sharethrough.com" />
+	<target host="design.sharethrough.com" />
+	<target host="engineering.sharethrough.com" />
+	<target host="generator.sharethrough.com" />
+	<target host="native.sharethrough.com" />
+	<target host="static.sharethrough.com" />
+	<target host="support.sharethrough.com" />
+	<target host="www.sharethrough.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Sharethrough.xml b/src/chrome/content/rules/Sharethrough.xml
deleted file mode 100644
index 0204b41fe8a1..000000000000
--- a/src/chrome/content/rules/Sharethrough.xml
+++ /dev/null
@@ -1,75 +0,0 @@
-<!--
-	strlabs.wpengine.com
-
-
-	Nonfunctional domains:
-
-		- media.sharethrough.com	(no https)
-
-
-	Problematic domains:
-
-		- ads.shareth.ru		(mismatched, CN: *.adnxs.com)
-		- marketing.sharethrough.com	(works; mismatched, CN: actonsoftware.com)
-
-
-	Partially covered domains:
-
-		- marketing.sharethrough.com
-
-
-	Fully covered domains:
-
-		- strlabs.wpengine.netdna-cdn.com	(→ strlabs.wpengine.com)
-
-		- ads.shareth.ru		(→ ib.adnxs.com)
-
-		- sharethrough.com subdomains:
-
-			- (www.)
-			- apis
-			- apis-acceptance
-			- apis-staging
-			- assets
-			- assets-acceptance
-			- assets-staging
-			- content
-			- content-acceptance
-			- content-staging
-			- hq
-			- hq-acceptance
-			- hq-staging
-			- native
-			- native-staging
-			- static
-			- static-acceptance
-			- static-staging
-
--->
-<ruleset name="Sharethrough (partial)">
-
-	<target host="strlabs.wpengine.netdna-cdn.com" />
-	<target host="ads.shareth.ru" />
-	<target host="sharethrough.com" />
-	<target host="*.sharethrough.com" />
-
-
-	<securecookie host="^(?:.*\.)?sharethrough\.com$" name=".+" />
-
-
-	<rule from="^https?://strlabs\.wpengine\.netdna-cdn\.com/"
-		to="https://strlabs.wpengine.com/" />
-
-	<rule from="^https?://ads\.shareth\.ru/"
-		to="https://ib.adnxs.com/" />
-
-	<rule from="^http://((?:(?:apis|assets|content|hq|static)(?:-acceptance|-staging)?|native(?:-staging)?|www)\.)?sharethrough\.com/"
-		to="https://$1sharethrough.com/" />
-
-	<rule from="^https?://marketing\.sharethrough\.com/(?:\?.*)?$"
-		to="https://sharethrough.com/?ao=1" />
-
-	<rule from="^https?://marketing\.sharethrough\.com/acton/"
-		to="https://ci33.actonsoftware.com/acton/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/ShariDeAngelo.com.xml b/src/chrome/content/rules/ShariDeAngelo.com.xml
new file mode 100644
index 000000000000..2ce0135172d9
--- /dev/null
+++ b/src/chrome/content/rules/ShariDeAngelo.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="Shari DeAngelo.com">
+
+	<target host="sharideangelo.com" />
+	<target host="www.sharideangelo.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SharpFile.com.xml b/src/chrome/content/rules/SharpFile.com.xml
deleted file mode 100644
index 6eed2ac447f5..000000000000
--- a/src/chrome/content/rules/SharpFile.com.xml
+++ /dev/null
@@ -1,27 +0,0 @@
-<!--
-	CDN buckets:
-
-		- drsl3uiniohex.cloudfront.net
-
-
-	Nonfunctional subdomains:
-
-		- forum		(shows www)
-		- iridium
-		- romeo
-		- uniform
-
--->
-<ruleset name="SharpFile.com (partial)" platform="mixedcontent">
-
-	<target host="sharpfile.com" />
-	<target host="www.sharpfile.com" />
-
-
-	<securecookie host="^(?:www\.)?sharpfile\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?sharpfile\.com/"
-		to="https://$1sharpfile.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/SharpSpring.xml b/src/chrome/content/rules/SharpSpring.xml
index 4170e5d3ddb5..0edc05a042ba 100644
--- a/src/chrome/content/rules/SharpSpring.xml
+++ b/src/chrome/content/rules/SharpSpring.xml
@@ -6,13 +6,13 @@
 -->
 <ruleset name="SharpSpring (partial)">
 
-	<target host="*.sharpspring.com" />
+	<target host="app.sharpspring.com" />
+	<target host="sfdc.sharpspring.com" />
 
 
-	<securecookie host=".+\.sharpspring\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(app|sfdc)\.sharpspring\.com/"
-		to="https://$1.sharpspring.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Sharpmen.xml b/src/chrome/content/rules/Sharpmen.xml
index e3596499177e..ee19d8dbd05b 100644
--- a/src/chrome/content/rules/Sharpmen.xml
+++ b/src/chrome/content/rules/Sharpmen.xml
@@ -1,13 +1,19 @@
-<ruleset name="Sharpmen">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://sharpmen.com/ => https://sharpmen.com/: (35, 'error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error')
+Fetch error: http://www.sharpmen.com/ => https://www.sharpmen.com/: (35, 'error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error')
+
+-->
+<ruleset name="Sharpmen" default_off="failed ruleset test">
 
 	<target host="sharpmen.com" />
-	<target host="*.sharpmen.com" />
+	<target host="www.sharpmen.com" />
 
 
 	<securecookie host="^\.sharpmen\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?sharpmen\.com/"
-		to="https://$1sharpmen.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Shashkovs.ru.xml b/src/chrome/content/rules/Shashkovs.ru.xml
new file mode 100644
index 000000000000..bb1541235de0
--- /dev/null
+++ b/src/chrome/content/rules/Shashkovs.ru.xml
@@ -0,0 +1,8 @@
+<ruleset name="Shashkovs.ru">
+	<target host="shashkovs.ru" />
+	<target host="www.shashkovs.ru" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Shatiby.edu.sa.xml b/src/chrome/content/rules/Shatiby.edu.sa.xml
new file mode 100644
index 000000000000..8c4ad0319b29
--- /dev/null
+++ b/src/chrome/content/rules/Shatiby.edu.sa.xml
@@ -0,0 +1,9 @@
+<ruleset name="Shatiby.edu.sa" platform="mixedcontent">
+	<target host="shatiby.edu.sa" />
+	<target host="www.shatiby.edu.sa" />
+	<target host="multqa.shatiby.edu.sa" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Shaun_Lorrain.com.au.xml b/src/chrome/content/rules/Shaun_Lorrain.com.au.xml
new file mode 100644
index 000000000000..60cb6bc5b5ee
--- /dev/null
+++ b/src/chrome/content/rules/Shaun_Lorrain.com.au.xml
@@ -0,0 +1,25 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://shaunlorrain.com.au/ => https://shaunlorrain.com.au/: (51, "SSL: no alternative certificate subject name matches target host name 'shaunlorrain.com.au'")
+Fetch error: http://www.shaunlorrain.com.au/ => https://www.shaunlorrain.com.au/: (51, "SSL: no alternative certificate subject name matches target host name 'www.shaunlorrain.com.au'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://shaunlorrain.com.au/ => https://shaunlorrain.com.au/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.shaunlorrain.com.au/ => https://www.shaunlorrain.com.au/: (60, 'SSL certificate problem: certificate has expired')
+	Mixed content:
+
+		- Images from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Shaun Lorrain.com.au" default_off="failed ruleset test">
+
+	<target host="shaunlorrain.com.au" />
+	<target host="www.shaunlorrain.com.au" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Shaw.ca.xml b/src/chrome/content/rules/Shaw.ca.xml
new file mode 100644
index 000000000000..c0fc708d5a1e
--- /dev/null
+++ b/src/chrome/content/rules/Shaw.ca.xml
@@ -0,0 +1,88 @@
+<!--
+	Partially covered subdomains:
+
+		- business *
+
+	* $ redirects to http
+
+
+	Fully covered subdomains:
+
+		- (www.)?
+		- media.business
+		- community
+		- media
+		- myaccount
+		- newsroom
+		- register
+		- signon
+		- vod
+		- (www.)?webmail
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .shaw.ca
+		- community.shaw.ca
+		- myaccount.shaw.ca
+		- newsroom.shaw.ca
+		- www.shaw.ca
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- newsroom from media *
+			- www from $self *
+
+		- Bugs on newsroom, www from shawtelevision.112.2o7.net *
+
+	* Secured by us
+
+-->
+<ruleset name="Shaw.ca (partial)">
+
+	<target host="shaw.ca" />
+	<target host="business.shaw.ca" />
+	<target host="media.business.shaw.ca" />
+	<target host="community.shaw.ca" />
+	<target host="media.shaw.ca" />
+	<target host="myaccount.shaw.ca" />
+	<target host="newsroom.shaw.ca" />
+	<target host="register.shaw.ca" />
+	<target host="signon.shaw.ca" />
+	<target host="vod.shaw.ca" />
+	<target host="webmail.shaw.ca" />
+	<target host="www.webmail.shaw.ca" />
+	<target host="www.shaw.ca" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://business\.shaw\.ca/($|My-account/$|Support$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://business\.shaw\.ca/+(?!SharedAssets/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://business.shaw.ca/Support" />
+			<test url="http://business.shaw.ca/My-account/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.shaw\.ca$" name="^(localePreference|location|service|shaw_cart|shawJSID)$" /-->
+	<!--securecookie host="^community\.shaw\.ca$" name="^(BIGipServer\w+-\d+-pool|JSESSIONID|jive\.server\.info)+" /-->
+	<!--securecookie host="^myaccount\.shaw\.ca$" name="^(__ControllerTempDataToken|isChromeFrame)$" /-->
+	<!--securecookie host="^newsroom\.shaw\.ca$" name="^(ASP.NET_SessionId|EkAnalytics|EktGUID|ecm)" /-->
+	<!--securecookie host="^www\.shaw\.ca$" name="^JSESSIONID$" /-->
+
+	<securecookie host="^(?:community|myaccount|newsroom|www)\.shaw\.ca$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Shazam-problematic.xml b/src/chrome/content/rules/Shazam-problematic.xml
index 641adf73e15d..fad7c0b63ca5 100644
--- a/src/chrome/content/rules/Shazam-problematic.xml
+++ b/src/chrome/content/rules/Shazam-problematic.xml
@@ -2,12 +2,15 @@
 	For rules that are on by default, see Shazam.xml.
 
 -->
-<ruleset name="Shazam (problematic)" default_off="mismatched">
+<ruleset name="Shazam.com (problematic)" default_off="mismatched">
 
 	<target host="news.shazam.com" />
 
 
-	<rule from="^http://news\.shazam\.com/"
-		to="https://news.shazam.com/" />
+	<securecookie host="^\.shazam\.com$" name="^(?:_mynewsdesk_session|origin_site|picked_site)$" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Shazam.xml b/src/chrome/content/rules/Shazam.xml
index 4b83f960f903..a502d459f59a 100644
--- a/src/chrome/content/rules/Shazam.xml
+++ b/src/chrome/content/rules/Shazam.xml
@@ -1,6 +1,10 @@
 <!--
 	For problematic rules, see Shazam-problematic.xml.
 
+	Other Shazam rulesets:
+
+		- My_Shazam.com.xml
+
 
 	CDN buckets:
 
@@ -28,76 +32,61 @@
 	Nonfunctional domains:
 
 		- admin.blog.aws-ew1a.shazamcloud.com *
+		- (www.)myshazam.com ***
 		- swpcontent1.blog.aws-ue1a.shazamcloud.com *
 		- www.shazamers.com **
 		- www.swpcontent.com **
 
 	* Dropped
 	** Refused
+	*** Revoked
 
 
 	Problematic domains:
 
-		- www.myshazam.com	(cert only matches ^myshazam.com)
 		- shazam.com		(refused)
 		- news.shazam.com	(works; mismatched, CN: *.mynewsdesk.com)
 
 
-	Fully covered domains:
-
-		- myshazam.com
-		- www.myshazam.com	(→ www.shazam.com)
-
-		- shazam.com subdomains:
-
-			- (www.)	(^ → www)
-			- cdn
-			- support
-
-		- orbit.shazamid.com
-
-
-	Observed cookie domains:
+	Insecure cookies are set for these domains and hosts:
 
 		- .shazam.com
-		- support.shazam.com
 		- www.shazam.com
 
 
 	Mixed content:
 
-		- Images on www.shazam.com from www.swpcontent.com
+		- Images on www from $self *
 
--->
-<ruleset name="Shazam (partial)">
-
-	<target host="myshazam.com" />
-	<target host="www.myshazam.com" />
-	<target host="shazam.com" />
-	<target host="*.shazam.com" />
-	<target host="orbit.shazamid.com" />
+	* Secured by us
 
+-->
+<ruleset name="Shazam.com (partial)">
 
-	<securecookie host="^myshazam\.com$" name=".+" />
-	<securecookie host="^(?:support|www)\.shazam\.com$" name=".+" />
+	<!--	Direct rewrites:
+				-->
+	<target host="cdn.shazam.com" />
+	<target host="images.shazam.com" />
+	<target host="support.shazam.com" />
+	<target host="www.shazam.com" />
 
+	<!--	Complications:
+				-->
+	<target host="shazam.com" />
 
-	<rule from="^http://myshazam\.com/"
-		to="https://myshazam.com/" />
 
-	<!--	Redirects like so.
+	<!--	Not secured by server:
 					-->
-	<rule from="^http://www\.myshazam\.com/"
-		to="https://www.shazam.com/" />
+	<!--securecookie host="^\.shazam\.com$" name="^(?:_mynewsdesk_session|origin_site|picked_site)$" /-->
+	<!--securecookie host="^www\.shazam\.com$" name="^(?:fat|inid|lruic|profile-data|registration|social-session|tempea|uid|wid)$" /-->
 
+	<securecookie host=".+\.shazam\.com$" name=".+" />
 
-	<rule from="^http://(?:www\.)?shazam\.com/"
-		to="https://www.shazam.com/" />
 
-	<rule from="^http://(cdn|support)\.shazam\.com/"
-		to="https://$1.shazam.com/" />
+	<rule from="^http://shazam\.com/"
+		to="https://www.shazam.com/" />
 
-	<rule from="^http://orbit\.shazamid\.com/"
-		to="https://orbit.shazamid.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/SheKnows.com.xml b/src/chrome/content/rules/SheKnows.com.xml
new file mode 100644
index 000000000000..681afd760ea4
--- /dev/null
+++ b/src/chrome/content/rules/SheKnows.com.xml
@@ -0,0 +1,40 @@
+<!--
+	Nonfunctional hosts in *sheknows.com:
+
+		- (www.)? ¹
+		- cdn ²
+
+	¹ Redirects to http
+	² 404
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .sheknows.com
+		- connect.sheknows.com
+
+-->
+<ruleset name="SheKnows.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="connect.sheknows.com" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://(?:www\.)?sheknows\.com/(?:$|css/|images/|stylesheets/)" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.sheknows\.com$" name="^(?:__cfduid|__qca|cf_clearance)$" /-->
+	<!--securecookie host="^connect\.sheknows\.com$" name="^connect$" /-->
+
+	<securecookie host="^\.sheknows\.com$" name="^__(?:cfduid|qca)$" />
+	<securecookie host="^connect\.sheknows\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SheVibe.com.xml b/src/chrome/content/rules/SheVibe.com.xml
new file mode 100644
index 000000000000..99c691b9415d
--- /dev/null
+++ b/src/chrome/content/rules/SheVibe.com.xml
@@ -0,0 +1,29 @@
+<!--
+	social: http reply
+
+
+	art: works; mismatched, CN: *.squarespace.com
+
+
+	Server is configured for rc4 only.
+
+-->
+<ruleset name="SheVibe.com (partial)">
+
+	<target host="shevibe.com" />
+	<target host="www.shevibe.com" />
+		<!--exclusion pattern="^http://(art|social)\.shevibe\.com/" /-->
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="^http://www\.shevibe\.com/+($|\?)" /-->
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="^http://www\.shevibe\.com/+(?!\w+\.css|\w+/css/|(cart|login|order-lookup|send-password)\.aspx|favicon\.ico|features/|[\w.]+_files/|images/|scripts/|template/)" /-->
+
+
+	<rule from="^http://(?:www\.)?shevibe\.com/(?=\w+\.css|\w+/css/|(?:cart|login|order-lookup|send-password)\.aspx|favicon\.ico|features/|[\w.]+_files/|images/|scripts/|template/)"
+		to="https://www.shevibe.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Sheet-Music-Plus.xml b/src/chrome/content/rules/Sheet-Music-Plus.xml
index 0351f04a1274..404672b6801d 100644
--- a/src/chrome/content/rules/Sheet-Music-Plus.xml
+++ b/src/chrome/content/rules/Sheet-Music-Plus.xml
@@ -3,8 +3,9 @@
 <ruleset name="Sheet Music Plus (partial)" platform="mixedcontent">
 
 	<target host="sheetmusicplus.com"/>
-	<target host="*.sheetmusicplus.com"/>
-	<target host="ssl.assets.sheetmusicplus.com"/>
+	<target host="www.sheetmusicplus.com" />
+	<target host="assets.sheetmusicplus.com" />
+	<target host="ssl.assets.sheetmusicplus.com" />
 
 	<rule from="^http://sheetmusicplus\.com/"
 		to="https://www.sheetmusicplus.com/"/>
@@ -12,7 +13,7 @@
 	<rule from="^http://www\.sheetmusicplus\.com/(account/orders|affiliates|cart/save_item|checkout|easyrebates|favicon\.ico|newsletter/signup|sign_(in|up))"
 		to="https://www.sheetmusicplus.com/$1"/>
 
-	<!--	internapcdn.net covers ssl.assets, but the latter presents a cloudfront cert.	
+	<!--	internapcdn.net covers ssl.assets, but the latter presents a cloudfront cert.
 			It also covers ssl.staging.assets.sheetmusicplus.com, but that doesn't
 		seem to exist.
 						-->
diff --git a/src/chrome/content/rules/Sheffield.gov.uk.xml b/src/chrome/content/rules/Sheffield.gov.uk.xml
new file mode 100644
index 000000000000..8a054e08e78a
--- /dev/null
+++ b/src/chrome/content/rules/Sheffield.gov.uk.xml
@@ -0,0 +1,70 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://sheffield.gov.uk/ => https://sheffield.gov.uk/: (7, 'Failed to connect to sheffield.gov.uk port 443: Connection timed out')
+Fetch error: http://epp.sheffield.gov.uk/ => https://epp.sheffield.gov.uk/: (28, 'Connection timed out after 20001 milliseconds')
+Non-2xx HTTP code: http://sheffield0to19.sheffield.gov.uk/ (200) => https://sheffield0to19.sheffield.gov.uk/ (400)
+Fetch error: http://signpostsheffield.sheffield.gov.uk/ => https://signpostsheffield.sheffield.gov.uk/: (6, 'Could not resolve host: signpostsheffield.sheffield.gov.uk')
+Fetch error: http://taxbenefits.sheffield.gov.uk/ => https://taxbenefits.sheffield.gov.uk/: (35, 'Unknown SSL protocol error in connection to taxbenefits.sheffield.gov.uk:443 ')
+
+	Sheffield City Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *sheffield.gov.uk:
+
+		- libplugins ⁵
+		- sccplugins ⁵
+
+	⁵ 500
+
+
+	Insecure cookies are set for these hosts:
+
+		- epp.sheffield.gov.uk
+		- jobs.sheffield.gov.uk
+		- sccjobs.sheffield.gov.uk
+		- schools.sheffield.gov.uk
+		- sheffield0to19.sheffield.gov.uk
+		- signpostsheffield.sheffield.gov.uk
+
+-->
+<ruleset name="Sheffield.gov.uk (partial)" default_off="failed ruleset test">
+
+	<target host="sheffield.gov.uk" />
+	<target host="data.sheffield.gov.uk" />
+	<target host="ems.sheffield.gov.uk" />
+	<target host="epp.sheffield.gov.uk" />
+	<target host="jobs.sheffield.gov.uk" />
+	<target host="maps.sheffield.gov.uk" />
+	<target host="parkingin.sheffield.gov.uk" />
+	<target host="sccjobs.sheffield.gov.uk" />
+	<target host="schools.sheffield.gov.uk" />
+	<target host="sheffield0to19.sheffield.gov.uk" />
+	<target host="signpostsheffield.sheffield.gov.uk" />
+	<target host="taxbenefits.sheffield.gov.uk" />
+	<target host="www.sheffield.gov.uk" />
+
+		<!--	Redirect to 500:
+						-->
+		<!--test url="http://libplugins.sheffield.gov.uk/bmd/" /-->
+		<!--test url="http://sccplugins.sheffield.gov.uk/urban_design/" /-->
+		<!--test url="http://sccplugins.sheffield.gov.uk/urban_design/quarters_cathedral_character.htm" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^epp\.sheffield\.gov\.uk$" name="^(?:ASP\.NET_SessionId|eppdemo)$" /-->
+	<!--securecookie host="^jobs\.sheffield\.gov\.uk$" name="^ASPSESSIONID[A-Z]{8}$" /-->
+	<!--securecookie host="^sccjobs\.sheffield\.gov\.uk$" name="^ARPT$" /-->
+	<!--securecookie host="^(?:schools|sheffield0to19|signpostsheffield)\.sheffield\.gov\.uk$" name="^(?:ASPSESSIONID[A-Z]{8}|ES_Content_State)$" /-->
+
+	<securecookie host="^\." name="^_gat?$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SheldonBrown.com.xml b/src/chrome/content/rules/SheldonBrown.com.xml
new file mode 100644
index 000000000000..db70edd96189
--- /dev/null
+++ b/src/chrome/content/rules/SheldonBrown.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="SheldonBrown.com">
+	<target host="sheldonbrown.com" />
+	<target host="www.sheldonbrown.com" />
+	<target host="cdn.sheldonbrown.com" />
+	<target host="cdn-4.sheldonbrown.com" />
+	<target host="cdn-6.sheldonbrown.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SheldrickWildlifeTrust.org.xml b/src/chrome/content/rules/SheldrickWildlifeTrust.org.xml
new file mode 100644
index 000000000000..e3a08e76e124
--- /dev/null
+++ b/src/chrome/content/rules/SheldrickWildlifeTrust.org.xml
@@ -0,0 +1,19 @@
+<!--
+	Secure connection failed:
+		sheldrickwildlifetrust.org
+
+	Redirect to http:
+		giftshop.sheldrickwildlifetrust.org
+
+-->
+<ruleset name="Sheldrick Wildlife Trust">
+
+	<target host="sheldrickwildlifetrust.org" />
+	<target host="www.sheldrickwildlifetrust.org" />
+
+	<rule from="^http://sheldrickwildlifetrust\.org/"
+		to="https://www.sheldrickwildlifetrust.org/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Shellter_Project.com.xml b/src/chrome/content/rules/Shellter_Project.com.xml
new file mode 100644
index 000000000000..96218dc6cf12
--- /dev/null
+++ b/src/chrome/content/rules/Shellter_Project.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="Shellter Project.com">
+
+	<target host="shellterproject.com" />
+	<target host="www.shellterproject.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Shenandoah_University.xml b/src/chrome/content/rules/Shenandoah_University.xml
deleted file mode 100644
index 014122029017..000000000000
--- a/src/chrome/content/rules/Shenandoah_University.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	CDN buckets:
-
-		- 8e30e7d033d0eb544c88-cfde4bf79d8fc6cacaa1550c45dd6099.r25.cf1.rackcdn.com
-
-			- cdn
-
-
-	Nonfunctional subdomains:
-
-		- (www.)	(redirects to http, valid cert)
-
--->
-<ruleset name="Shenandoah University (partial)">
-
-	<target host="cdn.su.edu" />
-
-
-	<rule from="^http://cdn\.su\.edu/"
-		to="https://8e30e7d033d0eb544c88-cfde4bf79d8fc6cacaa1550c45dd6099.ssl.cf1.rackcdn.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Sheperds_Friendly_Society.xml b/src/chrome/content/rules/Sheperds_Friendly_Society.xml
deleted file mode 100644
index dd5b6cad250a..000000000000
--- a/src/chrome/content/rules/Sheperds_Friendly_Society.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	Problematic subdomains:
-
-		- ^	(mismatched, CN: www.lutroninstaller.com)
-
--->
-<ruleset name="Sheperds Friendly Society">
-
-	<target host="shepherdsfriendly.co.uk" />
-	<target host="www.shepherdsfriendly.co.uk" />
-
-
-	<securecookie host="^www\.shepherdsfriendly\.co\.uk$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?shepherdsfriendly\.co\.uk/"
-		to="https://www.shepherdsfriendly.co.uk/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/SheppyWare.net.xml b/src/chrome/content/rules/SheppyWare.net.xml
new file mode 100644
index 000000000000..7837342650fe
--- /dev/null
+++ b/src/chrome/content/rules/SheppyWare.net.xml
@@ -0,0 +1,17 @@
+<!--
+	Invalid certificate:
+		webmail.sheppyware.net
+		www.webmail.sheppyware.net
+
+-->
+<ruleset name="SheppyWare">
+
+	<target host="sheppyware.net" />
+	<target host="www.sheppyware.net" />
+	<target host="bugzilla.sheppyware.net" />
+	<target host="www.bugzilla.sheppyware.net" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SheppyWare.xml b/src/chrome/content/rules/SheppyWare.xml
deleted file mode 100644
index f347cf8f52ae..000000000000
--- a/src/chrome/content/rules/SheppyWare.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="SheppyWare" default_off="expired, mismatched, self-signed">
-
-	<target host="sheppyware.net" />
-	<target host="*.sheppyware.net" />
-
-
-	<rule from="^https?://(?:(bugzilla\.)|www\.)?sheppyware\.net/"
-		to="https://$1sheppyware.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Sherrin.xml b/src/chrome/content/rules/Sherrin.xml
new file mode 100644
index 000000000000..15faa56cb604
--- /dev/null
+++ b/src/chrome/content/rules/Sherrin.xml
@@ -0,0 +1,11 @@
+<ruleset name="Sherrin">
+
+	<target host=    "sherrin.com.au" />
+	<target host="www.sherrin.com.au" />
+
+  	<securecookie host="^www\.sherrin\.com\.au$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Shibboleth.net.xml b/src/chrome/content/rules/Shibboleth.net.xml
new file mode 100644
index 000000000000..a7d1caa18acc
--- /dev/null
+++ b/src/chrome/content/rules/Shibboleth.net.xml
@@ -0,0 +1,32 @@
+<!--
+	Fully covered subdomains:
+
+		- (www.)?
+		- issues
+		- wiki
+
+
+	Insecure cookies are set for these hosts:
+
+		- issues.shibboleth.net
+
+-->
+<ruleset name="Shibboleth.net">
+
+	<target host="shibboleth.net" />
+	<target host="issues.shibboleth.net" />
+	<target host="wiki.shibboleth.net" />
+	<target host="www.shibboleth.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^issues\.shibboleth\.net$" name="^atlassian\.xsrf\.token$" /-->
+
+	<securecookie host="^issues\.shibboleth\.net$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Shiftboard.com.xml b/src/chrome/content/rules/Shiftboard.com.xml
index 086b6a1cdbc8..fb3ec796a569 100644
--- a/src/chrome/content/rules/Shiftboard.com.xml
+++ b/src/chrome/content/rules/Shiftboard.com.xml
@@ -10,7 +10,6 @@
 	<target host="www.shiftboard.com" />
 
 
-	<rule from="^http://(?:www\.)?shiftboard\.com/"
-		to="https://www.shiftboard.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Shinobi.jp.xml b/src/chrome/content/rules/Shinobi.jp.xml
new file mode 100644
index 000000000000..1346adbc6ef1
--- /dev/null
+++ b/src/chrome/content/rules/Shinobi.jp.xml
@@ -0,0 +1,20 @@
+<!--
+	Non-functional hosts
+		Mixed content blocking (MCB) triggered:
+		- www.shinobi.jp
+-->
+<ruleset name="Shinobi.jp (partial)">
+	<target host="shinobi.jp" />
+	<target host="omt.shinobi.jp" />
+	<test url="http://omt.shinobi.jp/b/13110666b3d3ace36c79eaba55c9c7f5" />
+	<target host="st.shinobi.jp" />
+	<test url="http://st.shinobi.jp/img/services/admaxdsp/static/javascripts/trac.js" />
+	<target host="sync.shinobi.jp" />
+	<test url="http://sync.shinobi.jp/v2/sync/control" />
+	<target host="v2st.shinobi.jp" />
+	<test url="http://v2st.shinobi.jp/jquery/1.11.2/jquery.min.js" />
+	<target host="xa.shinobi.jp" />
+	<target host="x9.shinobi.jp" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Shipment.xml b/src/chrome/content/rules/Shipment.xml
index ead3022f8dba..5e56a09fdf05 100644
--- a/src/chrome/content/rules/Shipment.xml
+++ b/src/chrome/content/rules/Shipment.xml
@@ -1,13 +1,19 @@
-<ruleset name="Shipment">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ship-ment.com/ => https://ship-ment.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.ship-ment.com/ => https://www.ship-ment.com/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="Shipment" default_off="failed ruleset test">
 
 	<target host="ship-ment.com" />
-	<target host="*.ship-ment.com" />
+	<target host="www.ship-ment.com" />
 
 
 	<securecookie host="^\.(?:www\.)?ship-ment\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?ship-ment\.com/"
-		to="https://$1ship-ment.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ShippingWatch.xml b/src/chrome/content/rules/ShippingWatch.xml
new file mode 100644
index 000000000000..a453e10e8ab8
--- /dev/null
+++ b/src/chrome/content/rules/ShippingWatch.xml
@@ -0,0 +1,16 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.shippingwatch.dk/ => https://www.shippingwatch.dk/: (51, "SSL: no alternative certificate subject name matches target host name 'www.shippingwatch.dk'")
+
+  This renders poorly. The style sheet
+    http://shippingwatch.dk/template/swVer1-0/css/main.css?rev=35794
+  is essential for the layout but is served through http.
+-->
+<ruleset name="ShippingWatch (mixed content)" platform="mixedcontent" default_off="failed ruleset test">
+	<target host="shippingwatch.dk" />
+	<target host="www.shippingwatch.dk" />
+
+	<rule from="^http:"
+		to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/Shipto.com.xml b/src/chrome/content/rules/Shipto.com.xml
index d21c775a6d66..e1e8aae5b448 100644
--- a/src/chrome/content/rules/Shipto.com.xml
+++ b/src/chrome/content/rules/Shipto.com.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(www\.)?shipto\.com/(en/questions(?:$|\?|/)|favicon\.ico|qa-theme/)"
 		to="https://$1shipto.com/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Shirazlug.ir.xml b/src/chrome/content/rules/Shirazlug.ir.xml
new file mode 100644
index 000000000000..20b27e5f7104
--- /dev/null
+++ b/src/chrome/content/rules/Shirazlug.ir.xml
@@ -0,0 +1,8 @@
+<ruleset name="Shirazlug.ir">
+  <target host="shirazlug.ir" />
+  <target host="www.shirazlug.ir" />
+  <target host="qa.shirazlug.ir" />
+  <target host="events.shirazlug.ir" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Shmoo.com.xml b/src/chrome/content/rules/Shmoo.com.xml
new file mode 100644
index 000000000000..828186739631
--- /dev/null
+++ b/src/chrome/content/rules/Shmoo.com.xml
@@ -0,0 +1,41 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+			 - shmoo.com
+			 - www.shmoo.com
+			 - airsnarf.shmoo.com
+			 - airsnort.shmoo.com
+			 - archimedes.shmoo.com
+			 - bluesniff.shmoo.com
+			 - bluetooth.shmoo.com
+			 - braces.shmoo.com
+			 - cctf.shmoo.com
+			 - cvs.shmoo.com
+			 - eschew.shmoo.com
+			 - krusty.shmoo.com
+			 - obfuscation.shmoo.com
+			 - rainbowtables.shmoo.com
+			 - securitygeeks.shmoo.com
+			 - tinfoilhat.shmoo.com
+			 - tpm.shmoo.com
+			 - vpn.shmoo.com
+
+		Timeout was reached:
+			 - incognito.shmoo.com
+			 - osiris.shmoo.com
+			 - smtp.shmoo.com
+
+		Peer certificate cannot be authenticated with given CA certificates:
+			 - imap.shmoo.com
+			 - lists.shmoo.com
+			 - maxx.shmoo.com
+			 - thisiswhywerenotonmars.shmoo.com
+			 - thisiswhywerenotonmarsyet.shmoo.com
+			 - whywerenotonmars.shmoo.com
+			 - whywerenotonmarsyet.shmoo.com
+-->
+<ruleset name="Shmoo.com (partial)">
+	<target host="sass.shmoo.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ShmooCon.xml b/src/chrome/content/rules/ShmooCon.xml
index dbd4fee59cf6..e4aa609074a2 100644
--- a/src/chrome/content/rules/ShmooCon.xml
+++ b/src/chrome/content/rules/ShmooCon.xml
@@ -2,13 +2,13 @@
 	For other Shmoo Group coverage, see The-Shmoo-Group.xml.
 
 -->
-<ruleset name="ShmooCon">
+<ruleset name="ShmooCon.org" default_off="mismatched">
 
 	<target host="shmoocon.org" />
 	<target host="www.shmoocon.org" />
 
 
-	<rule from="^http://(www\.)?shmoocon\.org/"
-		to="https://$1shmoocon.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Shmoop.com.xml b/src/chrome/content/rules/Shmoop.com.xml
index db934ea84b91..3ae5b8191df9 100644
--- a/src/chrome/content/rules/Shmoop.com.xml
+++ b/src/chrome/content/rules/Shmoop.com.xml
@@ -12,7 +12,8 @@
 <ruleset name="Shmoop.com (partial)">
 
 	<target host="shmoop.com" />
-	<target host="*.shmoop.com" />
+	<target host="www.shmoop.com" />
+	<target host="media1.shmoop.com" />
 		<!--exclusion pattern="^http://(www\.)?shmoop\.com/+($|\?|errorpage\.php|favicon\.ico|public/terms/)" /-->
 
 
@@ -23,6 +24,6 @@
 		to="https://www.shmoop.com/" />
 
 	<rule from="^http://media1\.shmoop\.com/"
-		to="https://d32v6r6fgi4k49.cloudfront.net/" />
+		to="https://media1.shmoop.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Shock_Media.nl.xml b/src/chrome/content/rules/Shock_Media.nl.xml
index 9a6add24b566..d897f52e8aa9 100644
--- a/src/chrome/content/rules/Shock_Media.nl.xml
+++ b/src/chrome/content/rules/Shock_Media.nl.xml
@@ -1,4 +1,6 @@
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://shockmedia.nl/ => https://www.shockmedia.nl/: (28, 'Connection timed out after 10001 milliseconds')
 	Problematic subdomains:
 
 		- ^	(expired 2013-03-01)
@@ -14,7 +16,9 @@
 <ruleset name="Shock Media.nl">
 
 	<target host="shockmedia.nl" />
-	<target host="*.shockmedia.nl" />
+	<target host="www.shockmedia.nl" />
+	<target host="my.shockmedia.nl" />
+	<target host="webmail.shockmedia.nl" />
 
 
 	<securecookie host=".+\.shockmedia\.nl$" name=".+" />
@@ -23,7 +27,6 @@
 	<rule from="^http://(?:www\.)?shockmedia\.nl/"
 		to="https://www.shockmedia.nl/" />
 
-	<rule from="^http://(my|webmail)\.shockmedia\.nl/"
-		to="https://$1.shockmedia.nl/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Shodan.io.xml b/src/chrome/content/rules/Shodan.io.xml
index 95f799a75f22..0186a63d0f9f 100644
--- a/src/chrome/content/rules/Shodan.io.xml
+++ b/src/chrome/content/rules/Shodan.io.xml
@@ -1,16 +1,40 @@
-<!-- This rule was automatically generated based on an HSTS
-     preload rule in the Chromium browser.  See
-     https://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.h
-     for the list of preloads.  Sites are added to the Chromium HSTS
-     preload list on request from their administrators, so HTTPS should
-     work properly everywhere on this site.
+<!--
+	Insecure cookies are set for these domains and hosts:
 
-     Because Chromium and derived browsers automatically force HTTPS for
-     every access to this site, this rule applies only to Firefox. -->
-<ruleset name="Shodan.io" platform="firefox">
-<target host="shodan.io" />
+		- .shodan.io
+		- account.shodan.io
 
-<securecookie host="^shodan\.io$" name=".+" />
+-->
+<ruleset name="Shodan.io">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="shodan.io" />
+	<target host="*.shodan.io" />
+
+		<test url="http://account.shodan.io/" />
+		<test url="http://cli.shodan.io/" />
+		<test url="http://developer.shodan.io/" />
+		<test url="http://exploits.shodan.io/" />
+		<test url="http://honeyscore.shodan.io/" />
+		<test url="http://ics-radar.shodan.io/" />
+		<test url="http://icsmap.shodan.io/" />
+		<test url="http://maltego.shodan.io/" />
+		<test url="http://maps.shodan.io/" />
+		<test url="http://scanhub.shodan.io/" />
+		<test url="http://static.shodan.io/" />
+		<test url="http://www.shodan.io/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.shodan\.io" name="^(?:__cfduid|cf_clearance)$" /-->
+	<!--securecookie host="^account\.shodan\.io$" name="^session$" /-->
+
+	<securecookie host="^(?:account)?\.shodan\.io$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
-<rule from="^http://shodan\.io/" to="https://shodan.io/" />
 </ruleset>
diff --git a/src/chrome/content/rules/ShoeShow.xml b/src/chrome/content/rules/ShoeShow.xml
new file mode 100644
index 000000000000..e7d5be99ea49
--- /dev/null
+++ b/src/chrome/content/rules/ShoeShow.xml
@@ -0,0 +1,7 @@
+<!-- styles breaks due to MCB -->
+<ruleset name="Shoe Show" platform="mixedcontent">
+	<target host="shoeshow.com.au" />
+	<target host="www.shoeshow.com.au" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Shoebuy.com.xml b/src/chrome/content/rules/Shoebuy.com.xml
index eced90e09452..dffbf9aaf3c0 100644
--- a/src/chrome/content/rules/Shoebuy.com.xml
+++ b/src/chrome/content/rules/Shoebuy.com.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://att-i.shoebuy.com/ => https://att-i.shoebuy.com/: (51, "SSL: no alternative certificate subject name matches target host name 'att-i.shoebuy.com'")
+
 	CDN buckets:
 
 		- att-i.shoebuy.com.edgesuite.net
@@ -27,26 +31,22 @@
 		- i		(→ akamai)
 
 -->
-<ruleset name="Shoebuy.com (partial)">
+<ruleset name="Shoebuy.com (partial)" default_off="failed ruleset test">
 
 	<target host="shoebuy.com" />
-	<target host="*.shoebuy.com" />
+	<target host="www.shoebuy.com" />
+	<target host="designer.shoebuy.com" />
+	<target host="att-i.shoebuy.com" />
 		<exclusion pattern="^http://(?:designer\.|www\.)?shoebuy\.com/(?!(?:cart|cust|lists)(?:$|[?/])|coremetrics/|css/|favicon\.ico|images/|jscript/)" />
 
 
-	<rule from="^http://(designer\.|www\.)?shoebuy\.com/"
-		to="https://$1shoebuy.com/" />
-
 	<!--	Relative links break resource paths
 		when rewritten to akamai:
 						-->
 	<rule from="^http://att-i\.shoebuy\.com/css/"
 		to="https://www.shoebuy.com/css/" />
 
-	<rule from="^http://att-i\.shoebuy\.com/"
-		to="https://a248.e.akamai.net/f/1095/1/g2/att-i.shoebuy.com/" />
-
-	<rule from="^http://i\.shoebuy\.com/"
-		to="https://a248.e.akamai.net/f/727/1/g/i.shoebuy.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Shoofle.tv.xml b/src/chrome/content/rules/Shoofle.tv.xml
new file mode 100644
index 000000000000..5d3b2de4ce16
--- /dev/null
+++ b/src/chrome/content/rules/Shoofle.tv.xml
@@ -0,0 +1,72 @@
+<!--
+	Cert mismatch:
+		- bo.shoofle.tv
+		- calendar.shoofle.tv
+		- fax.shoofle.tv
+		- files.shoofle.tv
+		- mobilemail.shoofle.tv
+		- s.shoofle.tv
+		- v3.shoofle.tv
+
+	Chain issues:
+		- v4.shoofle.tv
+
+	Connection refused:
+		- shoofle.tv
+		- www.shoofle.tv
+		- bi.shoofle.tv
+		- bitemp.shoofle.tv
+		- ftp.shoofle.tv
+		- reports.shoofle.tv
+		- s3.shoofle.tv
+		- s6.shoofle.tv
+		- s8.shoofle.tv
+		- s9.shoofle.tv
+		- s10.shoofle.tv
+		- server4.shoofle.tv
+		- server6.shoofle.tv
+		- server7.shoofle.tv
+		- server8.shoofle.tv
+		- smtp.shoofle.tv
+		- v1.shoofle.tv
+		- v5.shoofle.tv
+		- www2.shoofle.tv
+
+	Timeout:
+		- email.shoofle.tv
+		- imap.shoofle.tv
+		- mail.shoofle.tv
+		- pop.shoofle.tv
+-->
+<ruleset name="Shoofle.tv (partial)" >
+
+	<target host="adserver.shoofle.tv" />
+	<target host="adserverc.shoofle.tv" />
+	<target host="adservercin.shoofle.tv" />
+	<target host="bicat.shoofle.tv" />
+	<target host="bis-ssl.shoofle.tv" />
+	<target host="bis-ssp-ssl.shoofle.tv" />
+	<target host="bis-ssp.shoofle.tv" />
+	<target host="bis.shoofle.tv" />
+	<target host="cdn.shoofle.tv" />
+	<target host="cdn2.shoofle.tv" />
+	<target host="cdnm4.shoofle.tv" />
+	<target host="inventory.shoofle.tv" />
+	<target host="openrtb.shoofle.tv" />
+	<target host="pl.shoofle.tv" />
+	<target host="platform.shoofle.tv" />
+	<target host="player.shoofle.tv" />
+	<target host="proxy-ssl.shoofle.tv" />
+	<target host="proxy.shoofle.tv" />
+	<target host="server-ssl.shoofle.tv" />
+	<target host="server.shoofle.tv" />
+	<target host="serverc.shoofle.tv" />
+	<target host="servercin.shoofle.tv" />
+	<target host="static.shoofle.tv" />
+	<target host="stream.shoofle.tv" />
+	<target host="vic.shoofle.tv" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ShopCo.com.xml b/src/chrome/content/rules/ShopCo.com.xml
index e0b3baf3b90e..303b356b0c17 100644
--- a/src/chrome/content/rules/ShopCo.com.xml
+++ b/src/chrome/content/rules/ShopCo.com.xml
@@ -9,10 +9,10 @@
 	<target host="*.shopco.com" />
 
 
-	<securecookie host=".+\.shopco\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http://(?!www\.)([\w-]+)\.shopco\.com/"
 		to="https://$1.shopco.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ShopLocal.xml b/src/chrome/content/rules/ShopLocal.xml
index c29146c2e77a..3b93d4076167 100644
--- a/src/chrome/content/rules/ShopLocal.xml
+++ b/src/chrome/content/rules/ShopLocal.xml
@@ -1,4 +1,6 @@
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://shoplocal.com/ => https://shoplocal.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 	For other Gannett Company coverage, see Gannett-Company.xml.
 
 
@@ -32,18 +34,22 @@
 -->
 <ruleset name="ShopLocal" platform="mixedcontent">
 
-        <target host="*.crossmediaservices.com" />
+        <target host="images.crossmediaservices.com" />
+        <target host="akimages.crossmediaservices.com" />
 	<target host="shoplocal.com" />
-	<target host="*.shoplocal.com" />
+	<target host="akimages.shoplocal.com" />
+	<target host="sl2.shoplocal.com" />
+	<target host="support.shoplocal.com" />
+	<target host="wiki.shoplocal.com" />
+	<target host="www.shoplocal.com" />
 
 
 	<securecookie host="^(?:support|wiki|www)\.shoplocal\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:ak)?images\.crossmediaservices\.com/"
+	<rule from="^http://(?:ak)?images\.crossmediaservices\.com/"
 		to="https://akimages.shoplocal.com/" />
 
-	<rule from="^http://((?:akimages|sl2|support|wiki|www)\.)?shoplocal\.com/"
-		to="https://$1shoplocal.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ShopMania.xml b/src/chrome/content/rules/ShopMania.xml
new file mode 100644
index 000000000000..61016c1425e7
--- /dev/null
+++ b/src/chrome/content/rules/ShopMania.xml
@@ -0,0 +1,57 @@
+<!--
+	Partially covered domains:
+
+		- biz.shopmania.com *
+		- partner.shopmania.com *
+		- www.shopmania.com *
+
+		- biz.shopmania.es *
+		- partner.shopmania.es *
+		- www.shopmania.es *
+
+	* At least some pages redirect to http.
+
+
+	Fully covered domains:
+
+		- cp.shopmania.com
+		- cp.shopmania.es
+
+		- fl\d+.shopmania.org:
+
+			- fl1
+			- fl22
+
+		- im\d+.shopmania.org
+
+			- im[14]
+
+-->
+<ruleset name="ShopMania (partial)">
+
+	<target host="shopmania.com" />
+	<target host="*.shopmania.com" />
+	<target host="shopmania.es" />
+	<target host="*.shopmania.es" />
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="^http://www\.shopmania\.(com|es)/+($|\?)" /-->
+		<exclusion pattern="^http://biz\.shopmania\.(?:com|es)/+(?:$|\?)" />
+		<!--exclusion pattern="^http://partner\.shopmania\.(com|es)/+($|\?)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.shopmania\.(?:com|es)/+(?!favicon\.ico|img/)" />
+		<!--exclusion pattern="^http://biz\.shopmania\.(com|es)/+(?!(cloud_ecommerce|cp-register_quick)($|[?/])|favicon\.ico)" /-->
+		<exclusion pattern="^http://partner\.shopmania\.(?:com|es)/+(?!dashboard(?:$|[?/])|favicon\.ico)" />
+	<target host="*.shopmania.org" />
+
+
+	<rule from="^http://((?:biz|cp|dashboard|www)\.)?shopmania\.(com|es)/"
+		to="https://$1shopmania.$2/" />
+
+	<rule from="^http://(fl\d+|im\d+)\.shopmania\.org/"
+		to="https://$1.shopmania.org/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ShopPBS.org.xml b/src/chrome/content/rules/ShopPBS.org.xml
new file mode 100644
index 000000000000..163adbe11791
--- /dev/null
+++ b/src/chrome/content/rules/ShopPBS.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="ShopPBS.org">
+	<target host="shoppbs.org" />
+	<target host="www.shoppbs.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ShopSite.xml b/src/chrome/content/rules/ShopSite.xml
index 60b82e144a2f..1dd31ba4a972 100644
--- a/src/chrome/content/rules/ShopSite.xml
+++ b/src/chrome/content/rules/ShopSite.xml
@@ -1,14 +1,43 @@
-<!--	!functional subdomains:
-		- store
-		- support
+<!--
+	For rules causing false/broken MCB, see shopsite.com-falsemixed.xml.
+
+
+	Insecure cookies are set for these domains: ᶜ
+
+		- .forums.shopsite.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css, on:
+
+			- www from fonts.googleapis.com ˢ
+			- www from $self ˢ
+
+		- Images on store, www from www.shopsite.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
 -->
-<ruleset name="ShopSite" default_off="expired">
+<ruleset name="ShopSite.com (partial)">
+
+	<!--target host="shopsite.com" /-->
+	<target host="forums.shopsite.com" />
+	<target host="store.shopsite.com" />
+	<!--target host="support.shopsite.com" /-->
+	<!--target host="www.shopsite.com" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.forums\.shopsite\.com$" name="^phpbb3_\w+_(?:k|sid|u)$" /-->
+
+	<securecookie host="^(?!\.shopsite\.com$)." name=".+" />
 
-	<target host="shopsite.com"/>
-	<target host="www.shopsite.com"/>
 
-	<!--	cert !valid for !www	-->
-	<rule from="^http://(?:www\.)?shopsite\.com/"
-		to="https://www.shopsite.com/"/>
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/ShopStyle-mismatches.xml b/src/chrome/content/rules/ShopStyle-mismatches.xml
deleted file mode 100644
index 1bd933b63547..000000000000
--- a/src/chrome/content/rules/ShopStyle-mismatches.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	For rules that are on by default, see ShopStyle.xml.
-
--->
-<ruleset name="ShopStyle (mismatches)" default_off="mismatch">
-
-	<!--	Cert: secure.onsugar.com	-->
-	<target host="blog.shopstyle.*" />
-	<target host="blog.shopstyle.com.au" />
-	<target host="blog.shopstyle.co.uk" />
-	<!--	Cert: www.shopstyle.co.jp	-->
-	<target host="widget.shopstyle.co.uk" />
-	<target host="widget.shopstyle.fr" />
-
-
-	<!--	Cookies are handled in ShopStyle.xml.	-->
-
-
-	<rule from="^http://blog\.shopstyle\.(com|com\.au|co\.uk|de|fr)/"
-		to="https://blog.shopstyle.$1/" />
-
-	<rule from="^http://widget\.shopstyle\.(co\.uk|fr)/"
-		to="https://widget.shopstyle.$1/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/ShopStyle.xml b/src/chrome/content/rules/ShopStyle.xml
index 60536a23ad5d..b37926ecb6f1 100644
--- a/src/chrome/content/rules/ShopStyle.xml
+++ b/src/chrome/content/rules/ShopStyle.xml
@@ -1,33 +1,45 @@
 <!--
-	For problematic rules, see ShopStyle-mismatches.xml.
-
+	Non-functional hosts
+		SSL connect error:
+		- shopsensetest.shopstyle.com
 -->
 <ruleset name="ShopStyle (partial)">
-
-	<target host="shopstyle.*" />
-	<target host="www.shopstyle.*" />
-	<target host="shopstyle.co.*" />
-	<target host="*.shopstyle.com" />
+	<!-- *shopstyle.com.au -->
 	<target host="shopstyle.com.au" />
-	<target host="*.shopstyle.com.au" />
-	<target host="*.shopstyle.co.jp" />
-	<target host="*.shopstyle.co.uk" />
-	<target host="*.shopstyle.de" />
-	<target host="*.shopstyle.fr" />
-
-
-	<securecookie host="^.*\.shopstyle\.[\w\.]{2,6}$" name=".*" />
-
-
-	<rule from="^http://(ads\.|shopsense\.|www\.)?shopstyle\.com/"
-		to="https://$1shopstyle.com/" />
-
-	<rule from="^http://(www\.)?shopsense\.co\.jp/"
-		to="https://$1shopsense.co.jp/" />
-
-	<!--	Cert only matches www.
-					-->
-	<rule from="^https?://(?:www\.)?shopstyle\.(com\.au|co\.uk|de|fr)/"
-		to="https://www.shopstyle.$1/" />
-
+	<target host="blog.shopstyle.com.au" />
+	<target host="www.shopstyle.com.au" />
+
+	<!-- *shopstyle.com -->
+	<target host="shopstyle.com" />
+	<target host="ads.shopstyle.com" />
+	<target host="blog.shopstyle.com" />
+	<target host="m.shopstyle.com" />
+	<target host="www.m.shopstyle.com" />
+	<target host="omniture.shopstyle.com" />
+	<target host="secure.shopstyle.com" />
+	<target host="shopsensebeta.shopstyle.com" />
+	<target host="shopsensewidget.shopstyle.com" />
+	<target host="www.shopstyle.com" />
+
+	<!-- *shopstyle.de -->
+	<target host="shopstyle.de" />
+	<target host="blog.shopstyle.de" />
+	<target host="www.shopstyle.de" />
+
+	<!-- *shopstyle.fr -->
+	<target host="shopstyle.fr" />
+	<target host="blog.shopstyle.fr" />
+	<target host="www.shopstyle.fr" />
+
+	<!-- *shopstyle.co.jp -->
+	<target host="shopstyle.co.jp" />
+	<target host="blog.shopstyle.co.jp" />
+	<target host="www.shopstyle.co.jp" />
+
+	<!-- *shopstyle.co.uk -->
+	<target host="shopstyle.co.uk" />
+	<target host="blog.shopstyle.co.uk" />
+	<target host="www.shopstyle.co.uk" />
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/ShopToIt.ca.xml b/src/chrome/content/rules/ShopToIt.ca.xml
new file mode 100644
index 000000000000..e738405f469f
--- /dev/null
+++ b/src/chrome/content/rules/ShopToIt.ca.xml
@@ -0,0 +1,23 @@
+<!--
+	Connection refused:
+		- retailers.shoptoit.ca
+		- smallbusiness.shoptoit.ca
+
+	Invalid certificate:
+		- shoptoit.ca, equivalent to www.shoptoit.ca
+		- fr.shoptoit.ca
+		- listingsca.shoptoit.ca, equivalent to www.shoptoit.ca
+		- yahoo.shoptoit.ca
+-->
+
+<ruleset name="ShopToIt.ca">
+	<target host="shoptoit.ca" />
+	<target host="www.shoptoit.ca" />
+	<target host="listingsca.shoptoit.ca" />
+	<target host="merchants.shoptoit.ca" />
+
+	<rule from="^http://(listingsca\.)?shoptoit\.ca/"
+		to="https://www.shoptoit.ca/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ShopWiki.com.xml b/src/chrome/content/rules/ShopWiki.com.xml
new file mode 100644
index 000000000000..7d8305a89eb3
--- /dev/null
+++ b/src/chrome/content/rules/ShopWiki.com.xml
@@ -0,0 +1,14 @@
+<!--
+	Non-functional hosts
+		Peer certificate cannot be authenticated with given CA certificates:
+		- shopwiki.com
+		- redir.shopwiki.com
+		- www.shopwiki.com
+-->
+<ruleset name="ShopWiki.com" default_off="cert-invalid">
+	<target host="shopwiki.com" />
+	<target host="www.shopwiki.com" />
+	<target host="redir.shopwiki.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ShopWiki.xml b/src/chrome/content/rules/ShopWiki.xml
deleted file mode 100644
index 4ced24c506b7..000000000000
--- a/src/chrome/content/rules/ShopWiki.xml
+++ /dev/null
@@ -1,55 +0,0 @@
-<!--
-	For other Oversee.net coverage, see Oversee.xml.
-
-
-	CDN buckets:
-
-		- i.s.shopwiki.com.cdngc.net
-
-			- si[0-5].shopwiki.com
-
-		- d2wh0l1jxh2l45.cloudfront.net
-			- static2.shopwiki.com
-
-		- Possible bucket at https://s3.amazonaws.com/shopwiki/
-
-		- shopwiki.co.uk.edgesuite.net
-
-			- l.shwcd.com
-			- s.shwcd.com
-
-
-	Nonfunctional subdomains:
-
-		- i.s		(reset, CN: ssl2.cdngc.net)
-		- si0		(403; mismatched, CN: support2.cdnetworks.net)
-		- si[134]	(403; mismatched, CN: ssl2.cdngc.net)
-		- static	(403, CN: support4.cdnetworks.net)
-
-		- l.shwcd.com	(shows shopwiki.com, akamai)
-
-
-	Problematic domains:
-
-		- s.shwcd.com	(works, akamai)
-
--->
-<ruleset name="ShopWiki (partial)" platform="mixedcontent">
-
-	<target host="shopwiki.com" />
-	<target host="*.shopwiki.com" />
-
-
-	<securecookie host="^.*\.shopwiki\.com$" name=".+" />
-
-
-	<rule from="^http://((?:redir|staticssl|wiki|www)\.)?shopwiki\.com/"
-		to="https://$1shopwiki.com/" />
-
-	<rule from="^https?://static2\.shopwiki\.com/"
-		to="https://d2wh0l1jxh2l45.cloudfront.net/" />
-
-	<rule from="^http://s\.shwcd\.com/"
-		to="https://www.shopwiki.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Shop_Mimi_Green.com.xml b/src/chrome/content/rules/Shop_Mimi_Green.com.xml
new file mode 100644
index 000000000000..d30be0b44c12
--- /dev/null
+++ b/src/chrome/content/rules/Shop_Mimi_Green.com.xml
@@ -0,0 +1,20 @@
+<!--
+	Mixed content:
+
+		- Web bugs from passets-cdn.pinterest.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Shop Mimi Green.com">
+
+	<target host="shopmimigreen.com" />
+	<target host="www.shopmimigreen.com" />
+
+
+	<securecookie host="^www\.shopmimigreen\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Shop_Your_Way.com.xml b/src/chrome/content/rules/Shop_Your_Way.com.xml
new file mode 100644
index 000000000000..5aeb2513892b
--- /dev/null
+++ b/src/chrome/content/rules/Shop_Your_Way.com.xml
@@ -0,0 +1,20 @@
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://shopyourway.com/ => http://shopyourway.com/: (18, 'transfer closed with outstanding read data remaining')
+	For other Sears Holdings coverage, see Sears.com.xml.
+
+-->
+<ruleset name="Shop Your Way.com (partial)">
+
+	<target host="shopyourway.com" />
+	<target host="www.shopyourway.com" />
+		<!--
+			Redirects to http:
+						-->
+		<!--exclusion pattern="^http://(www\.)?shopyourway\.com/+($|\?|Departments($|[?/])|favicon\.ico)" /-->
+
+
+	<rule from="^http://(www\.)?shopyourway\.com/static/"
+		to="https://$1shopyourway.com/static/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Shopatron.xml b/src/chrome/content/rules/Shopatron.xml
index b62d8ebe9bd3..4f77e5b4d8fc 100644
--- a/src/chrome/content/rules/Shopatron.xml
+++ b/src/chrome/content/rules/Shopatron.xml
@@ -1,4 +1,10 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://orderhlp.com/ => https://www.orderhlp.com/: (7, 'Failed to connect to www.orderhlp.com port 443: Connection timed out')
+Fetch error: http://www.orderhlp.com/ => https://www.orderhlp.com/: (7, 'Failed to connect to www.orderhlp.com port 443: Connection timed out')
+Fetch error: http://shopatron.com/ => https://shopatron.com/: (7, 'Failed to connect to shopatron.com port 443: Connection timed out')
+
 	Nonfunctional domains:
 
 		- ecommerce.shopatron	(no https)
@@ -24,12 +30,15 @@
 		- cdn.shptrn.com
 
 -->
-<ruleset name="Shopatron (partial)">
+<ruleset name="Shopatron (partial)" default_off="failed ruleset test">
 
 	<target host="orderhlp.com" />
 	<target host="www.orderhlp.com" />
 	<target host="shopatron.com" />
-	<target host="*.shopatron.com" />
+	<target host="media.shopatron.com" />
+	<target host="mss.shopatron.com" />
+	<target host="www.shopatron.com" />
+	<target host="mediacdn.shopatron.com" />
 	<target host="cdn.shptrn.com" />
 
 
@@ -39,13 +48,10 @@
 	<rule from="^http://(?:www\.)?orderhlp\.com/"
 		to="https://www.orderhlp.com/" />
 
-	<rule from="^http://(media\.|mss\.|www\.)?shopatron\.com/"
-		to="https://$1shopatron.com/" />
 
 	<rule from="^http://mediacdn\.shopatron\.com/"
 		to="https://media.shopatron.com/" />
 
-	<rule from="^http://cdn\.shptrn\.com/"
-		to="https://cdn.shptrn.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Shopee.com.my.xml b/src/chrome/content/rules/Shopee.com.my.xml
new file mode 100644
index 000000000000..737b4526320d
--- /dev/null
+++ b/src/chrome/content/rules/Shopee.com.my.xml
@@ -0,0 +1,49 @@
+<!--
+	Non-functional subdomains:
+
+		- api	(m)
+		- cahayaraya	(m)
+		- cf	(m)
+		- file	(m)
+		- fortuneangpao		(t)
+		- mobile-shopping-day	(t)
+		- myads	(t)
+		- shocking	(t)
+		- www.staging	(m)
+		- www.mall.staging	(m)
+		- uni	(r)
+		- userstats	(t)
+		- version	(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Shopee Malaysia">
+
+	<target host="shopee.com.my" />
+	<target host="www.shopee.com.my" />
+	<target host="admin.shopee.com.my" />
+	<target host="amp-http.shopee.com.my" />
+	<target host="chat.shopee.com.my" />
+	<target host="chat-ws.shopee.com.my" />
+	<target host="external2.shopee.com.my" />
+	<target host="f.shopee.com.my" />
+	<target host="help.shopee.com.my" />
+	<target host="luckydraw.shopee.com.my" />
+	<target host="mall.shopee.com.my" />
+	<target host="seller.shopee.com.my" />
+	<target host="staging.shopee.com.my" />
+	<target host="mall.staging.shopee.com.my" />
+	<target host="seller.staging.shopee.com.my" />
+	<target host="test.shopee.com.my" />
+	<target host="www.test.shopee.com.my" />
+	<target host="uat.shopee.com.my" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Shopfiller.com.xml b/src/chrome/content/rules/Shopfiller.com.xml
new file mode 100644
index 000000000000..1c0b56a8a9c0
--- /dev/null
+++ b/src/chrome/content/rules/Shopfiller.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Shopfiller.com">
+	<target host="shopfiller.com" />
+	<target host="www.shopfiller.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Shopify.xml b/src/chrome/content/rules/Shopify.xml
index 1fe0d69420b9..7f1707c2ed86 100644
--- a/src/chrome/content/rules/Shopify.xml
+++ b/src/chrome/content/rules/Shopify.xml
@@ -1,62 +1,63 @@
 <!--
-	CDN buckets:
-
-		- cdn.apps.shopify.com.cdngc.net
-
-
-	Problematic subdomains:
-
-		- cdn.apps	(403; mismatched, CN: ssl2.cdngc.net)
-
-
 	Fully covered domains:
 
 		- *.myshopify.com	(stores/clients)
 
-		- shopify.com subdomains:
-
-			- (www.)
-			- apps
-			- cdn.apps	(→ apps)
-			- cdn
-			- checkout
-			- static
-			- themes
-
-
-	Mixed content:
-
-		- Images on $client from cdn via cdn *
-
-		- Ads/web bugs, on $client from:
-
-			- cdn.api.twitter.com *
-			- staticwww.yopto.com *
-			- widgets.yopto.com *
+		- shopify local homepages
 
 	* Secured by us
 
 -->
-<ruleset name="Shopify (partial)">
+<ruleset name="Shopify">
 
+	<target host="myshopify.com" />
 	<target host="*.myshopify.com" />
-	<target host="shopify.com" />
-	<target host="*.shopify.com" />
-
+		<test url="http://beastmodeco.myshopify.com/" />
+		<test url="http://naiise.myshopify.com/" />
+		<test url="http://littlefreelibrary.myshopify.com/" />
+
+	<target host="fr.shopify.ca" />
+	<target host="shopify.ca" />
+	<target host="shopify.co" />
+	<target host="www.shopify.co" />
+	<target host="shopify.co.id" />
+	<target host="www.shopify.co.id" />
+	<target host="shopify.co.nz" />
+	<target host="www.shopify.co.nz" />
+	<target host="shopify.co.uk" />
+	<target host="www.shopify.co.uk" />
+	<target host="shopify.co.za" />
+	<target host="www.shopify.co.za" />
+	<target host="shopify.com.au" />
+	<target host="www.shopify.com.au" />
+	<target host="shopify.com.co" />
+	<target host="www.shopify.com.co" />
+	<target host="shopify.com.mx" />
+	<target host="www.shopify.com.mx" />
+	<target host="shopify.com.ng" />
+	<target host="www.shopify.com.ng" />
+	<target host="shopify.com.ph" />
+	<target host="www.shopify.com.ph" />
+	<target host="shopify.com.sg" />
+	<target host="www.shopify.com.sg" />
+	<target host="shopify.es" />
+	<target host="www.shopify.es" />
+	<target host="shopify.ie" />
+	<target host="www.shopify.ie" />
+	<target host="shopify.in" />
+	<target host="www.shopify.in" />
+	<target host="shopify.info" />
+	<target host="www.shopify.info" />
+	<target host="shopify.jp" />
+	<target host="www.shopify.jp" />
+	<target host="shopify.mx" />
+	<target host="www.shopify.mx" />
+	<target host="shopify.my" />
+	<target host="www.shopify.my" />
 
 	<!--	Cautiously avoiding cross-domain cookies for now.
 								-->
 	<securecookie host="^\w.*\.myshopify\.com$" name=".+" />
-	<securecookie host="^themes\.shopify\.com$" name=".+" />
-
-
-	<rule from="^http://([\w-]+)\.myshopify\.com/"
-		to="https://$1.myshopify.com/" />
-
-	<rule from="^http://((?:apps|cdn|checkout|static|themes|www)\.)?shopify\.com/"
-		to="https://$1shopify.com/" />
-
-	<rule from="^http://cdn\.apps\.shopify\.com/"
-		to="https://apps.shopify.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Shopinfo.net.xml b/src/chrome/content/rules/Shopinfo.net.xml
new file mode 100644
index 000000000000..793cb647376c
--- /dev/null
+++ b/src/chrome/content/rules/Shopinfo.net.xml
@@ -0,0 +1,22 @@
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://shopinfo.net/ => http://shopinfo.net/: (28, 'Operation timed out after 15001 milliseconds with 0 bytes received')
+-->
+<ruleset name="shopinfo.net (partial)">
+
+	<target host="shopinfo.net" />
+	<target host="www.shopinfo.net" />
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="^http://www\.shopinfo\.net/+($|\?)" /-->
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="^http://www\.shopinfo\.net/+(?!favicon\.ico|fileadmin/|typo3temp/|uploads/|zertifizierte-shops/zertifikat/)" /-->
+
+
+	<rule from="^http://(?:www\.)?shopinfo\.net/(?=favicon\.ico|fileadmin/|typo3temp/|uploads/|zertifizierte-shops/zertifikat/)"
+		to="https://www.shopinfo.net/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Shopper_Approved.com.xml b/src/chrome/content/rules/Shopper_Approved.com.xml
index d1a998b8556f..b2f8d8a67a89 100644
--- a/src/chrome/content/rules/Shopper_Approved.com.xml
+++ b/src/chrome/content/rules/Shopper_Approved.com.xml
@@ -1,17 +1,40 @@
 <!--
 	For other Global Marketing Strategies coverage, see Global-Marketing-Strategies.xml.
 
+
+	NB: Tor users cannot view* this website due to CloudFlare settings.
+
+	See:
+
+		- https://blog.torproject.org/blog/call-arms-helping-internet-services-accept-anonymous-users
+		- https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block-Tor-
+		- https://support.cloudflare.com/hc/en-us/articles/200170206-How-do-I-turn-I-m-Under-Attack-mode-on-
+
+	* without enabling javascript, for security and privacy implications see e.g.:
+
+		- https://www.mozilla.org/security/known-vulnerabilities/firefox.html
+		- https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-fingerprinting
+		- https://panopticlick.eff.org
+
+
+	Insecure cookies are set for these domains:
+
+		- .shopperapproved.com
+
 -->
 <ruleset name="Shopper Approved.com">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="shopperapproved.com" />
-	<target host="*.shopperapproved.com" />
+	<target host="www.shopperapproved.com" />
 
 
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
 	<securecookie host="^\.?www\.shopperapproved\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?shopperapproved\.com/"
-		to="https://$1shopperapproved.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Shopping.com.xml b/src/chrome/content/rules/Shopping.com.xml
deleted file mode 100644
index b30eaceb44d6..000000000000
--- a/src/chrome/content/rules/Shopping.com.xml
+++ /dev/null
@@ -1,53 +0,0 @@
-<!--
-	For other eBay coverage, see EBay.xml.
-
-
-	CDN buckets:
-
-		- img.shopping.com.edgesuite.net
-			- di105.shopping.com
-			- img.shopping.com
-			- img.shoppingshadow.com
-
-
-
-	Nonfunctional domains:
-
-		- cheapestpricessearchengine.shopping.com	(redirects to www)
-
-
-	Problematic domains:
-
-		- shopping.com subdomains:
-
-			- di *
-			- di105 *
-			- formation		(works, mismatched, CN: ssl5.ovh.net)
-			- img *
-			- merchantsupport	(mismatched, CN: *.mashery.com)
-
-		- img.shoppingshadow.com *
-
-	* Works, akamai
-
-
-	Partially covered subdomains:
-
-		- developer	(some [most?] pages redirect to http)
-
--->
-<ruleset name="Shopping.com (partial)">
-
-	<target host="developer.shopping.com" />
-		<exclusion pattern="^http://developer\.shopping\.com/(?!files/|login/|member/|public/)" />
-	<target host="merchant.shopping.com" />
-	<target host="partners.shopping.com" />
-
-
-	<securecookie host="^(?!developer).+\.shopping\.com$" name=".+" />
-
-
-	<rule from="^http://(developer|haendler|marchand|(?:uk)?merchant|partners)\.shopping\.com/"
-		to="https://$1.shopping.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Shopping_Cart_Elite.xml b/src/chrome/content/rules/Shopping_Cart_Elite.xml
index b7769439d398..2010e0ce4519 100644
--- a/src/chrome/content/rules/Shopping_Cart_Elite.xml
+++ b/src/chrome/content/rules/Shopping_Cart_Elite.xml
@@ -7,13 +7,12 @@
 <ruleset name="Shopping Cart Elite">
 
 	<target host="shoppingcartelite.com" />
-	<target host="*.shoppingcartelite.com" />
+	<target host="www.shoppingcartelite.com" />
 
 
-	<securecookie host="^(?:.*\.)?shoppingcartelite\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(www\.)?shoppingcartelite\.com/"
-		to="https://$1shoppingcartelite.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Shoptiques.com.xml b/src/chrome/content/rules/Shoptiques.com.xml
index cf0fd1ae88e7..559fa62d7304 100644
--- a/src/chrome/content/rules/Shoptiques.com.xml
+++ b/src/chrome/content/rules/Shoptiques.com.xml
@@ -14,7 +14,8 @@
 <ruleset name="Shoptiques.com (partial)">
 
 	<target host="shoptiques.com" />
-	<target host="*.shoptiques.com" />
+	<target host="www.shoptiques.com" />
+	<target host="metrics.shoptiques.com" />
 	<target host="cdn2.shoptiques.net" />
 
 
@@ -27,4 +28,4 @@
 	<rule from="^http://cdn2\.shoptiques\.net/"
 		to="https://d2csjd0bj2nauk.cloudfront.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Shopzilla.xml b/src/chrome/content/rules/Shopzilla.xml
index 488ed7cca8da..52397e8666f0 100644
--- a/src/chrome/content/rules/Shopzilla.xml
+++ b/src/chrome/content/rules/Shopzilla.xml
@@ -1,23 +1,29 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://shopzilla.com/ => https://www.shopzilla.com/: Too many redirects while fetching 'https://www.shopzilla.com/'
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://shopzilla.com/ => https://www.shopzilla.com/: (35, 'Unknown SSL protocol error in connection to www.shopzilla.com:443 ')
 	Other Shopzilla rulesets:
 
 		- Bizrate.com.xml
 
 -->
-<ruleset name="Shopzilla (partial)">
+<ruleset name="Shopzilla (partial)" default_off="failed ruleset test">
 
 	<target host="shopzilla.com" />
-	<target host="*.shopzilla.com" />
+	<target host="www.shopzilla.com" />
+	<target host="merchant.shopzilla.com" />
 
 
-	<securecookie host="^\.shopzilla\.com$" name=".*" />
+	<securecookie host="^\.shopzilla\.com$" name=".+" />
 
 
 	<!--	Cert only matches www.	-->
 	<rule from="^http://(?:www\.)?shopzilla\.com/"
 		to="https://www.shopzilla.com/" />
 
-	<rule from="^http://merchant\.shopzilla\.com/"
-		to="https://merchant.shopzilla.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/ShoroukNews.com.xml b/src/chrome/content/rules/ShoroukNews.com.xml
new file mode 100644
index 000000000000..fa1808690d08
--- /dev/null
+++ b/src/chrome/content/rules/ShoroukNews.com.xml
@@ -0,0 +1,13 @@
+<!--
+		waseet.shorouknews.com (Unable to connect)
+-->
+<ruleset name="ShoroukNews.com">
+	<target host="shorouknews.com" />
+	<target host="www.shorouknews.com" />
+	<target host="cms.shorouknews.com" />
+	<target host="natega.shorouknews.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ShortList.xml b/src/chrome/content/rules/ShortList.xml
index 82700846cf6c..4558a118e2cf 100644
--- a/src/chrome/content/rules/ShortList.xml
+++ b/src/chrome/content/rules/ShortList.xml
@@ -1,16 +1,84 @@
-<ruleset name="ShortList">
 
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cdn.shortlist.com/ => https://cdn.shortlist.com/: Too many redirects while fetching 'https://cdn.shortlist.com/'
+Fetch error: http://www.shortlist.com/ => https://www.shortlist.com/: Too many redirects while fetching 'https://www.shortlist.com/'
+Fetch error: http://shortlist.com/ => https://www.shortlist.com/: Too many redirects while fetching 'https://www.shortlist.com/'
+
+	For other Global Marketing Strategies coverage, see Global-Marketing-Strategies.xml.
+
+
+	NB: Tor users cannot view* this website due to CloudFlare settings.
+
+	See:
+
+		- https://blog.torproject.org/blog/call-arms-helping-internet-services-accept-anonymous-users
+		- https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block-Tor-
+		- https://support.cloudflare.com/hc/en-us/articles/200170206-How-do-I-turn-I-m-Under-Attack-mode-on-
+
+	* without enabling javascript, for security and privacy implications see e.g.:
+
+		- https://www.mozilla.org/security/known-vulnerabilities/firefox.html
+		- https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-fingerprinting
+		- https://panopticlick.eff.org
+
+
+	Problematic hosts in *shorlist.com:
+
+		- ^ ᶜ
+		- \d.darkroom ᵐ
+
+	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these domains:
+
+		- .shortlist.com
+
+
+	Mixed content:
+
+		- Images on www from \d.darkroom.shortlist.com ˢ
+		- Bug on www from b.scorecardresearch.com ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="ShortList.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="admin.shortlist.com" />
+	<target host="cdn.shortlist.com" />
+	<target host="darkroom.shortlist.com" />
+	<target host="www.shortlist.com" />
+
+	<!--	Complications:
+				-->
 	<target host="shortlist.com" />
-	<target host="*.shortlist.com" />
+	<target host="1.darkroom.shortlist.com" />
+	<target host="2.darkroom.shortlist.com" />
+	<target host="3.darkroom.shortlist.com" />
+	<target host="4.darkroom.shortlist.com" />
+	<target host="5.darkroom.shortlist.com" />
+	<target host="6.darkroom.shortlist.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.shortlist\.com$" name="^(__cfduid|cf_clearance)$" /-->
 
+	<securecookie host=".+" name=".+" />
 
-	<securecookie host="^(?:www\.)?shortlist\.com$" name=".+" />
 
+	<rule from="^http://shortlist\.com/"
+		to="https://www.shortlist.com/" />
 
-	<rule from="^http://(www\.)?shortlist\.com/"
-		to="https://$1shortlist.com/" />
+	<rule from="^http://\d\.darkroom\.shortlist\.com/"
+		to="https://darkroom.shortlist.com/" />
 
-	<rule from="^https?://cdn\.shortlist\.com/"
-		to="https://d20z6n9g3vmn1.cloudfront.net/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Shorte.st.xml b/src/chrome/content/rules/Shorte.st.xml
new file mode 100644
index 000000000000..2102a95a0d79
--- /dev/null
+++ b/src/chrome/content/rules/Shorte.st.xml
@@ -0,0 +1,42 @@
+<!--
+	Other Shorte.st rulesets:
+
+		- StShrt.com.xml
+
+
+	Nonfunctional hosts in *shorte.st:
+
+		- forum *
+
+	* Refused
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- shorte.st
+		- .shorte.st
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Shorte.st (partial)">
+
+	<target host="shorte.st" />
+	<target host="static.shorte.st" />
+	<target host="www.shorte.st" />
+
+		<!--test url="http://static.shorte.st/bundles/smeweb/img/right-arrow.png" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^shorte\.st$" name="^(?:PHPSESSID|cookies-enable|hl)$" /-->
+	<!--securecookie host="^\.shorte\.st$" name="^shst-visited$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Shorty_Awards.com.xml b/src/chrome/content/rules/Shorty_Awards.com.xml
index 883ff796d055..fa1771c99644 100644
--- a/src/chrome/content/rules/Shorty_Awards.com.xml
+++ b/src/chrome/content/rules/Shorty_Awards.com.xml
@@ -26,7 +26,8 @@
 -->
 <ruleset name="Shorty Awards.com (partial)">
 
-	<target host="*.shortyawards.com" />
+	<target host="cdn.shortyawards.com" />
+	<target host="industry.shortyawards.com" />
 
 
 	<!--	Tracking cookies:
@@ -40,4 +41,4 @@
 	<rule from="^http://industry\.shortyawards\.com/(account|static)/"
 		to="https://industry.shortyawards.com/$1/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Shoryuken.com.xml b/src/chrome/content/rules/Shoryuken.com.xml
new file mode 100644
index 000000000000..210bc38f59db
--- /dev/null
+++ b/src/chrome/content/rules/Shoryuken.com.xml
@@ -0,0 +1,27 @@
+<!--
+	Nonfunctional hosts in *.shoryuken.com:
+
+		cpanel.shoryuken.com
+		host.shoryuken.com
+		www.host.shoryuken.com
+
+	HTTPS connection refused:
+
+		forums.shoryuken.com
+		rank.shoryuken.com
+		wiki.shoryuken.com
+
+	Redirect to shoryuken.com:
+
+		mail.shoryuken.com
+-->
+<ruleset name="Shoryuken">
+
+	<target host="shoryuken.com" />
+	<target host="www.shoryuken.com" />
+	<target host="evo.shoryuken.com" />
+	<target host="stage.shoryuken.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Shotgun_Club.xml b/src/chrome/content/rules/Shotgun_Club.xml
deleted file mode 100644
index 16636e242d9d..000000000000
--- a/src/chrome/content/rules/Shotgun_Club.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Shotgun Club">
-
-	<target host="shotgunclub.com" />
-	<target host="*.shotgunclub.com" />
-
-
-	<securecookie host="^(?:w*\.)?shotgunclub\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?shotgunclub\.com/"
-		to="https://$1shotgunclub.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/ShouldIAnswer.xml b/src/chrome/content/rules/ShouldIAnswer.xml
new file mode 100644
index 000000000000..672d47bff54c
--- /dev/null
+++ b/src/chrome/content/rules/ShouldIAnswer.xml
@@ -0,0 +1,92 @@
+<!--
+	Invalid certificate:
+		- chistachiamando.it, equivalent to www.chistachiamando.it
+		- doisjerepondre.fr, equivalent to www.doisjerepondre.fr
+		- mozemtozdvihnut.sk, equivalent to www.mozemtozdvihnut.sk
+		- muzutozvednout.cz, equivalent to www.muzutozvednout.cz
+		- neberitrubku.ru, equivalent to www.neberitrubku.ru
+		- odebractelefon.pl, equivalent to www.odebractelefon.pl
+		- responderono.es, equivalent to www.responderono.es
+		- shouldianswer.co.uk, equivalent to www.shouldianswer.co.uk
+		- shouldianswer.com, equivalent to www.shouldianswer.com
+		- sollichannehmen.de, equivalent to www.sollichannehmen.de
+-->
+
+<ruleset name="ShouldIAnswer">
+	<target host="chistachiamando.it" />
+	<target host="www.chistachiamando.it" />
+	<target host="doisjerepondre.fr" />
+	<target host="www.doisjerepondre.fr" />
+	<target host="mozemtozdvihnut.sk" />
+	<target host="www.mozemtozdvihnut.sk" />
+	<target host="muzutozvednout.cz" />
+	<target host="www.muzutozvednout.cz" />
+	<target host="neberitrubku.ru" />
+	<target host="www.neberitrubku.ru" />
+	<target host="odebractelefon.pl" />
+	<target host="www.odebractelefon.pl" />
+	<target host="responderono.es" />
+	<target host="www.responderono.es" />
+	<target host="shouldianswer.co.uk" />
+	<target host="www.shouldianswer.co.uk" />
+	<target host="shouldianswer.com" />
+	<target host="www.shouldianswer.com" />
+	<target host="shouldianswer.net" />
+	<target host="www.shouldianswer.net" />
+	<target host="au.shouldianswer.net" />
+	<target host="ar.shouldianswer.net" />
+	<target host="at.shouldianswer.net" />
+	<target host="be.shouldianswer.net" />
+	<target host="br.shouldianswer.net" />
+	<target host="co.shouldianswer.net" />
+	<target host="ci.shouldianswer.net" />
+	<target host="cn.shouldianswer.net" />
+	<target host="cd.shouldianswer.net" />
+	<target host="cl.shouldianswer.net" />
+	<target host="dk.shouldianswer.net" />
+	<target host="fi.shouldianswer.net" />
+	<target host="hu.shouldianswer.net" />
+	<target host="in.shouldianswer.net" />
+	<target host="id.shouldianswer.net" />
+	<target host="ie.shouldianswer.net" />
+	<target host="jp.shouldianswer.net" />
+	<target host="ke.shouldianswer.net" />
+	<target host="mx.shouldianswer.net" />
+	<target host="nl.shouldianswer.net" />
+	<target host="nz.shouldianswer.net" />
+	<target host="ng.shouldianswer.net" />
+	<target host="no.shouldianswer.net" />
+	<target host="pe.shouldianswer.net" />
+	<target host="ph.shouldianswer.net" />
+	<target host="pt.shouldianswer.net" />
+	<target host="sn.shouldianswer.net" />
+	<target host="za.shouldianswer.net" />
+	<target host="se.shouldianswer.net" />
+	<target host="ch.shouldianswer.net" />
+	<target host="ve.shouldianswer.net" />
+	<target host="sollichannehmen.de" />
+	<target host="www.sollichannehmen.de" />
+
+	<rule from="^http://chistachiamando\.it/"
+		to="https://www.chistachiamando.it/" />
+	<rule from="^http://doisjerepondre\.fr/"
+		to="https://www.doisjerepondre.fr/" />
+	<rule from="^http://mozemtozdvihnut\.sk/"
+		to="https://www.mozemtozdvihnut.sk/" />
+	<rule from="^http://muzutozvednout\.cz/"
+		to="https://www.muzutozvednout.cz/" />
+	<rule from="^http://neberitrubku\.ru/"
+		to="https://www.neberitrubku.ru/" />
+	<rule from="^http://odebractelefon\.pl/"
+		to="https://www.odebractelefon.pl/" />
+	<rule from="^http://responderono\.es/"
+		to="https://www.responderono.es/" />
+	<rule from="^http://shouldianswer\.co\.uk/"
+		to="https://www.shouldianswer.co.uk/" />
+	<rule from="^http://shouldianswer\.com/"
+		to="https://www.shouldianswer.com/" />
+	<rule from="^http://sollichannehmen\.de/"
+		to="https://www.sollichannehmen.de/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ShoutOutRadio.lgbt.xml b/src/chrome/content/rules/ShoutOutRadio.lgbt.xml
new file mode 100644
index 000000000000..bf4899744e92
--- /dev/null
+++ b/src/chrome/content/rules/ShoutOutRadio.lgbt.xml
@@ -0,0 +1,8 @@
+<ruleset name="ShoutOutRadio.lgbt">
+	<target host="shoutoutradio.lgbt" />
+	<target host="www.shoutoutradio.lgbt" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ShoutWiki.com.xml b/src/chrome/content/rules/ShoutWiki.com.xml
new file mode 100644
index 000000000000..68b1685dfcec
--- /dev/null
+++ b/src/chrome/content/rules/ShoutWiki.com.xml
@@ -0,0 +1,19 @@
+<!--
+	Mismatched:
+		- ^
+		- www
+		- blog
+
+	ShoutWiki.com has a wildcard DNS record, so enumerating all subdomains is impossible.
+-->
+<ruleset name="ShoutWiki.com">
+	<target host="images.shoutwiki.com" />
+	<target host="phab-storage.shoutwiki.com" />
+	<target host="phabricator.shoutwiki.com" />
+	<target host="staff.shoutwiki.com" />
+	<target host="piwik.staff.shoutwiki.com" />
+	<target host="support.shoutwiki.com" />
+	<target host="support-dev.shoutwiki.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Shoutback-Concepts.xml b/src/chrome/content/rules/Shoutback-Concepts.xml
deleted file mode 100644
index 1d930183615b..000000000000
--- a/src/chrome/content/rules/Shoutback-Concepts.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="Shoutback Concepts (partial)">
-
-	<target host="static.shoutback.com"/>
-
-	<rule from="^http://static\.shoutback\.com/"
-		to="https://static.shoutback.com/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/ShoveHost.com.xml b/src/chrome/content/rules/ShoveHost.com.xml
deleted file mode 100644
index 1038972b85dd..000000000000
--- a/src/chrome/content/rules/ShoveHost.com.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	Fully covered subdomains:
-
-		- (www.)
-		- my
-
--->
-<ruleset name="ShoveHost.com">
-
-	<target host="shovehost.com" />
-	<target host="*.shovehost.com" />
-
-
-	<securecookie host="^(?:my)?\.shovehost\.com$" name=".+" />
-
-
-	<rule from="^http://(my\.|www\.)?shovehost\.com/"
-		to="https://$1shovehost.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/ShowMeCon.com.xml b/src/chrome/content/rules/ShowMeCon.com.xml
new file mode 100644
index 000000000000..cba97961db86
--- /dev/null
+++ b/src/chrome/content/rules/ShowMeCon.com.xml
@@ -0,0 +1,25 @@
+<!--
+	For other Parameter Security coverage, see Parameter_Security.com.xml.
+
+
+	At least some pages redirect to http.
+
+-->
+<ruleset name="ShowMeCon.com (partial)">
+
+	<target host="showmecon.com" />
+	<target host="www.showmecon.com" />
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="^http://(www\.)?showmecon\.com/+($|\?)" /-->
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="^http://(www\.)?showmecon\.com/+(?!favicon\.ico|wp-content/|wp-includes/)" /-->
+
+
+	<rule from="^http://(www\.)?showmecon\.com/(?=favicon\.ico|wp-content/|wp-includes/)"
+		to="https://$1showmecon.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Showcase-TV.xml b/src/chrome/content/rules/Showcase-TV.xml
index 06cdf79aa0e5..0237431a2f3c 100644
--- a/src/chrome/content/rules/Showcase-TV.xml
+++ b/src/chrome/content/rules/Showcase-TV.xml
@@ -1,31 +1,11 @@
-<ruleset name="Showcase-TV" platform="mixedcontent">
-
-	<target host="click-finder.jp"/>
+<ruleset name="Showcase-TV">
 	<target host="hadalog.jp"/>
+
 	<target host="hoku.co.jp"/>
 	<target host="www.hoku.co.jp"/>
-	<target host="navicast.co.jp"/>
-	<target host="www.navicast.co.jp"/>
+
 	<target host="showcase-tv.com"/>
 	<target host="www.showcase-tv.com"/>
-	<target host="click.showcase-tv.jp"/>
-
-	<rule from="^http://click-finder\.jp/"
-		to="https://click-finder.jp/"/>
-
-	<rule from="^http://hadalog\.jp/"
-		to="https://hadalog.jp/"/>
-
-	<rule from="^http://(www\.)?hoku\.co\.jp/"
-		to="https://$1hoku.co.jp/"/>
-
-	<rule from="^http://(www\.)?navicast\.co\.jp/"
-		to="https://$1navicast.co.jp/"/>
-
-	<rule from="^http://(www\.)?showcase-tv\.com/"
-		to="https://$1showcase-tv.com/"/>
-
-	<rule from="^http://click\.showcase-tv\.jp/"
-		to="https://click.showcase-tv.jp/"/>
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Showcase.ca.xml b/src/chrome/content/rules/Showcase.ca.xml
new file mode 100644
index 000000000000..4ce298541b15
--- /dev/null
+++ b/src/chrome/content/rules/Showcase.ca.xml
@@ -0,0 +1,11 @@
+<!--
+	Other Showcase Media rulesets:
+		- Smdg.ca.xml
+-->
+<ruleset name="Showcase.ca">
+	<target host="showcase.ca" />
+	<target host="www.showcase.ca" />
+	<target host="media.showcase.ca" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Showing_Cloud.com.xml b/src/chrome/content/rules/Showing_Cloud.com.xml
new file mode 100644
index 000000000000..07541df3eb0c
--- /dev/null
+++ b/src/chrome/content/rules/Showing_Cloud.com.xml
@@ -0,0 +1,16 @@
+<ruleset name="Showing Cloud.com">
+
+	<target host="showingcloud.com" />
+	<target host="cn.showingcloud.com" />
+	<target host="en.showingcloud.com" />
+	<target host="www.showingcloud.com" />
+
+
+	<!--	Server doesn't secure:
+					-->
+	<securecookie host="^(?:cn|www)?\.showingcloud\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Showrss.info.xml b/src/chrome/content/rules/Showrss.info.xml
new file mode 100644
index 000000000000..154137153e6c
--- /dev/null
+++ b/src/chrome/content/rules/Showrss.info.xml
@@ -0,0 +1,10 @@
+<ruleset name="Showrss.info">
+
+	<target host="showrss.info" />
+	<target host="www.showrss.info" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Shpock.xml b/src/chrome/content/rules/Shpock.xml
index 951b561b2254..44ebbbeed13d 100644
--- a/src/chrome/content/rules/Shpock.xml
+++ b/src/chrome/content/rules/Shpock.xml
@@ -7,7 +7,7 @@
 <ruleset name="Shpock">
 
 	<target host="shpock.com" />
-	<target host="*.shpock.com" />
+	<target host="www.shpock.com" />
 
 
 	<securecookie host="^\.?shpock\.com$" name=".+" />
@@ -16,4 +16,4 @@
 	<rule from="^http://(?:www\.)?shpock\.com/"
 		to="https://shpock.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ShrinkTheWeb.xml b/src/chrome/content/rules/ShrinkTheWeb.xml
index a3149dc92bbd..c72e484dbb86 100644
--- a/src/chrome/content/rules/ShrinkTheWeb.xml
+++ b/src/chrome/content/rules/ShrinkTheWeb.xml
@@ -1,38 +1,49 @@
 <!--
 	c249773.r73.cf1.rackcdn.com
 	c249773.ssl.cf1.rackcdn.com
--->
-<ruleset name="ShrinkTheWeb">
 
-	<target host="shrinktheweb.com" />
-	<target host="*.shrinktheweb.com" />
-	<!--	* for cross-domain cookie.	-->
-	<target host="*.images.shrinktheweb.com" />
+
+	Nonfunctional hosts in *shrinktheweb.com:
+
+		- support *
+
+	* Refused
+
+
+	images: Included on 3rd-party websites
 
 
-	<!--	Observed cookies:
+	Insecure cookies are set for these domains:
 
-			- \.
-			- \.images
+		- .shrinktheweb.com
+
+-->
+<ruleset name="ShrinkTheWeb.com (partial)">
+
+	<!--	Direct rewrites:
 				-->
-	<securecookie host="^.*\.shrinktheweb\.com$" name=".*" />
+	<target host="shrinktheweb.com" />
+	<target host="images.shrinktheweb.com" />
+	<target host="www.shrinktheweb.com" />
+
+	<!--	Complications:
+				-->
+	<target host="learn.shrinktheweb.com" />
 
 
-	<!--	Cert doesn't match !www.	-->
-	<rule from="^http://(?:www\.)?shrinktheweb\.com/"
-		to="https://www.shrinktheweb.com/" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="\.shrinktheweb\.com$" name="^SESS[\da-f]{32}$" /-->
 
-	<!--	Redirects to http, identical to blogs/$		-->
-	<rule from="^http://www\.shrinktheweb\.com/blog$"
-		to="https://www.shrinktheweb.com/blogs/" />
+	<securecookie host=".*\.shrinktheweb\.com$" name=".+" />
 
-	<!--	Included on third-party websites.	-->
-	<rule from="^http://images\.shrinktheweb\.com/"
-		to="https://images.shrinktheweb.com/" />
 
 	<!--	Cert not valid for learn.
 		Server redirects as so, sans-https.	-->
-	<rule from="^https?://learn\.shrinktheweb\.com/"
+	<rule from="^http://learn\.shrinktheweb\.com/"
 		to="https://www.shrinktheweb.com/learn/index.html" />
 
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/Shrodinger.xml b/src/chrome/content/rules/Shrodinger.xml
index 464484a31658..26c435c5f70c 100644
--- a/src/chrome/content/rules/Shrodinger.xml
+++ b/src/chrome/content/rules/Shrodinger.xml
@@ -4,10 +4,9 @@
 	<target host="www.schrodinger.com" />
 
 
-	<securecookie host="^www\.schrodinger\.com$" name=".*" />
+	<securecookie host="^www\.schrodinger\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?schrodinger\.com/"
-		to="https://$1schrodinger.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Shtuff.it.xml b/src/chrome/content/rules/Shtuff.it.xml
new file mode 100644
index 000000000000..a8b2b7cb403c
--- /dev/null
+++ b/src/chrome/content/rules/Shtuff.it.xml
@@ -0,0 +1,19 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://shtuff.it/ (200) => https://shtuff.it/ (521)
+Non-2xx HTTP code: http://www.shtuff.it/ (200) => https://shtuff.it/ (521)
+
+	www: Refused
+
+-->
+<ruleset name="shtuff.it" default_off="failed ruleset test">
+
+	<target host="shtuff.it" />
+	<target host="www.shtuff.it" />
+
+
+	<rule from="^http://(?:www\.)?shtuff\.it/"
+		to="https://shtuff.it/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Shubh.am.xml b/src/chrome/content/rules/Shubh.am.xml
new file mode 100644
index 000000000000..d28d2770fdb8
--- /dev/null
+++ b/src/chrome/content/rules/Shubh.am.xml
@@ -0,0 +1,29 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.shubh.am/ => https://www.shubh.am/: (6, 'Could not resolve host: www.shubh.am')
+
+	Insecure cookies are set for these domains:
+
+		- .shubh.am
+
+-->
+<ruleset name="Shubh.am" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="shubh.am" />
+	<target host="www.shubh.am" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.shubh\.am$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Shuddle.us.xml b/src/chrome/content/rules/Shuddle.us.xml
new file mode 100644
index 000000000000..b16c434de111
--- /dev/null
+++ b/src/chrome/content/rules/Shuddle.us.xml
@@ -0,0 +1,21 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://shuddle.us/ => https://shuddle.us/: (28, 'Connection timed out after 20001 milliseconds')
+
+	www: refused
+
+-->
+<ruleset name="Shuddle.us" default_off="failed ruleset test">
+
+	<target host="shuddle.us" />
+	<target host="blog.shuddle.us" />
+	<target host="california.shuddle.us" />
+	<target host="support.shuddle.us" />
+	<target host="www.shuddle.us" />
+
+
+	<rule from="^http://(?:((?:blog|california|support)\.)|www\.)?shuddle\.us/"
+		to="https://$1shuddle.us/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Shurgard.xml b/src/chrome/content/rules/Shurgard.xml
index 73c6369ac8ff..6dbb2f7de6fa 100644
--- a/src/chrome/content/rules/Shurgard.xml
+++ b/src/chrome/content/rules/Shurgard.xml
@@ -2,7 +2,7 @@
     <target host="shurgardpayment.eu" />
     <target host="*.shurgardpayment.eu" />
 
-    <rule from="^https?://shurgardpayment\.eu/"
+    <rule from="^http://shurgardpayment\.eu/"
         to="https://www.shurgardpayment.eu/"/>
     <rule from="^http://([^/:@]+)?\.shurgardpayment\.eu/"
         to="https://$1.shurgardpayment.eu/" />
diff --git a/src/chrome/content/rules/Shut_the_Backdoor.net.xml b/src/chrome/content/rules/Shut_the_Backdoor.net.xml
new file mode 100644
index 000000000000..32762c505e72
--- /dev/null
+++ b/src/chrome/content/rules/Shut_the_Backdoor.net.xml
@@ -0,0 +1,12 @@
+<ruleset name="Shut the Backdoor.net">
+
+	<target host="shutthebackdoor.net" />
+	<target host="www.shutthebackdoor.net" />
+
+
+	<securecookie host="^\.shutthebackdoor\.net$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Shutterfly-mismatches.xml b/src/chrome/content/rules/Shutterfly-mismatches.xml
index 7c1442bf2eba..263a0dfedd71 100644
--- a/src/chrome/content/rules/Shutterfly-mismatches.xml
+++ b/src/chrome/content/rules/Shutterfly-mismatches.xml
@@ -2,7 +2,7 @@
 	For rules that are on by default, see Shutterfly.xml.
 
 -->
-<ruleset name="Shutterfly (mismatches)" default_off="mismatch">
+<ruleset name="Shutterfly (mismatches)" default_off="mismatched">
 
 	<!--	Cert: *.hivelive.com	-->
 	<target host="forums.shutterfly.com" />
diff --git a/src/chrome/content/rules/Shutterfly.xml b/src/chrome/content/rules/Shutterfly.xml
index 318b057f8e88..aa3aa448910c 100644
--- a/src/chrome/content/rules/Shutterfly.xml
+++ b/src/chrome/content/rules/Shutterfly.xml
@@ -1,4 +1,6 @@
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://shutterfly.com/ => https://shutterfly.com/: (7, 'Failed to connect to shutterfly.com port 443: Connection refused')
 	For problematic rules, see Shutterfly-mismatches.xml.
 
 
@@ -15,12 +17,12 @@
 	<target host="*.staticsfly.com" />
 
 
-	<securecookie host="^(www)?\.shutterfly\.com$" name=".*" />
+	<securecookie host="^(?:www)?\.shutterfly\.com$" name=".+" />
 
 
 	<!--	Cert doesn't match businesssolutions.
 							-->
-	<rule from="^https?://(?:businesssolutions|sbmsshare)\.shutterfly\.com/"
+	<rule from="^http://(?:businesssolutions|sbmsshare)\.shutterfly\.com/"
 		to="https://sbmsshare.shutterfly.com/" />
 
 	<rule from="^http://(sbmsomp\.|web1\.|www\.)?shutterfly\.com/"
@@ -28,7 +30,7 @@
 
 	<!--	302s like so.
 				-->
-	<rule from="^https?://sortino\.shutterfly\.com/$"
+	<rule from="^http://sortino\.shutterfly\.com/$"
 		to="https://www.lexusdealerstore.com/lexus/" />
 
 	<rule from="^http://cdn(\d)?\.staticsfly\.com/"
diff --git a/src/chrome/content/rules/Shutterstock.xml b/src/chrome/content/rules/Shutterstock.xml
index 892a2ddd0295..3e640a6aca30 100644
--- a/src/chrome/content/rules/Shutterstock.xml
+++ b/src/chrome/content/rules/Shutterstock.xml
@@ -67,10 +67,6 @@
 					-->
 	<securecookie host="^\.shutterstock\.com$" name="^(?:IRF_3|__utm\w)$" />
 
-
-	<rule from="^http://absinthe\.picdn\.net/"
-		to="https://a248.e.akamai.net/f/1796/8888/2f/absinthe.picdn.net/" />
-
 	<!--	Akamai.	-->
 	<rule from="^http://s\d\.picdn\.net/"
 		to="https://www.shutterstock.com/" />
@@ -82,9 +78,4 @@
 	<rule from="^http://(absinthe|lilb2)\.shutterstock\.com/"
 		to="https://$1.shutterstock.com/" />
 
-	<!--	Data are also on www
-					-->
-	<rule from="^http://static6\.shutterstock\.com/"
-		to="https://a248.e.akamai.net/f/370/1360/2d/static6.shutterstock.com/" />
-
 </ruleset>
diff --git a/src/chrome/content/rules/Shwyz.ca.xml b/src/chrome/content/rules/Shwyz.ca.xml
new file mode 100644
index 000000000000..7a31407df89f
--- /dev/null
+++ b/src/chrome/content/rules/Shwyz.ca.xml
@@ -0,0 +1,12 @@
+<ruleset name="shwyz.ca" default_off="expired">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="shwyz.ca" />
+	<target host="www.shwyz.ca" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Sia.tech.xml b/src/chrome/content/rules/Sia.tech.xml
new file mode 100644
index 000000000000..e03fc8828a0b
--- /dev/null
+++ b/src/chrome/content/rules/Sia.tech.xml
@@ -0,0 +1,17 @@
+<!--
+	Mixed content on:
+		* support.sia.tech
+-->
+<ruleset name="Sia.tech">
+	<target host="sia.tech" />
+	<target host="www.sia.tech" />
+	<target host="blog.sia.tech" />
+	<target host="explore.sia.tech" />
+	<target host="explorestaging.sia.tech" />
+	<target host="forum.sia.tech" />
+	<target host="rankings.sia.tech" />
+	<target host="slackin.sia.tech" />
+	<target host="support.sia.tech" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SiaHub.info.xml b/src/chrome/content/rules/SiaHub.info.xml
new file mode 100644
index 000000000000..ab02834d5bf6
--- /dev/null
+++ b/src/chrome/content/rules/SiaHub.info.xml
@@ -0,0 +1,11 @@
+<ruleset name="SiaHub.info">
+	<target host="siahub.info" />
+	<target host="consensus.siahub.info" />
+	<target host="explorer.siahub.info" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Siciarz.net.xml b/src/chrome/content/rules/Siciarz.net.xml
new file mode 100644
index 000000000000..e587389c462d
--- /dev/null
+++ b/src/chrome/content/rules/Siciarz.net.xml
@@ -0,0 +1,9 @@
+<!--
+	Wildcard DNS record, but no wildcard cert.
+-->
+<ruleset name="Siciarz.net">
+	<target host="siciarz.net" />
+	<target host="www.siciarz.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Sick.com.xml b/src/chrome/content/rules/Sick.com.xml
new file mode 100644
index 000000000000..029258ec7793
--- /dev/null
+++ b/src/chrome/content/rules/Sick.com.xml
@@ -0,0 +1,31 @@
+<!--
+	www: Some paths redirect to http.
+
+-->
+<ruleset name="Sick.com (partial)">
+
+	<target host="sick.com" />
+	<target host="www.sick.com" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.sick\.com/(favicon.ico|group/EN/home/Pages/homepage1\.aspx|WebResource\.axd)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.sick\.com/(?!media/pdf/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.sick.com/group/EN/home/Pages/homepage1.aspx" />
+			<test url="http://www.sick.com/WebResource.axd" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.sick.com/media/pdf/7/77/277/IM0047277.PDF" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SickDay_surf_shop.com.xml b/src/chrome/content/rules/SickDay_surf_shop.com.xml
new file mode 100644
index 000000000000..5dfb52bc1d1e
--- /dev/null
+++ b/src/chrome/content/rules/SickDay_surf_shop.com.xml
@@ -0,0 +1,16 @@
+<!--
+	(www.)?: Refused
+
+-->
+<ruleset name="SickDay surf shop.com" default_off="refused">
+
+	<target host="sickdaysurfshop.com" />
+	<target host="www.sickdaysurfshop.com" />
+
+
+	<securecookie host="^\.sickdaysurfshop\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Sickbits.net.xml b/src/chrome/content/rules/Sickbits.net.xml
new file mode 100644
index 000000000000..bfba74f07f9b
--- /dev/null
+++ b/src/chrome/content/rules/Sickbits.net.xml
@@ -0,0 +1,20 @@
+<!--
+	Mixed content:
+
+		- css fron fonts.googleapis.com *
+
+		- Images from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Sickbits.net" default_off="expired">
+
+	<target host="sickbits.net" />
+	<target host="www.sickbits.net" />
+
+
+	<rule from="^http://(?:www\.)?sickbits\.net/"
+		to="https://sickbits.net/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Sicontact.at.xml b/src/chrome/content/rules/Sicontact.at.xml
new file mode 100644
index 000000000000..b0286c1da714
--- /dev/null
+++ b/src/chrome/content/rules/Sicontact.at.xml
@@ -0,0 +1,37 @@
+<!--
+	For other ESET coverage, see Eset.xml.
+
+
+	^sicontact.at: Cert only matches www.sicontact.at
+
+
+	Insecure cookies are set for these domains:
+
+		- .www.sicontact.at
+
+-->
+<ruleset name="sicontact.at">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.sicontact.at" />
+
+	<!--	Complications:
+				-->
+	<target host="sicontact.at" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.www\.sicontact\.at$" name="^SESS[\da-f]{32}$" /-->
+
+	<securecookie host="^\.www\.sicontact\.at$" name=".+" />
+
+
+	<rule from="^http://sicontact\.at/"
+		to="https://www.sicontact.at/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SideCar.xml b/src/chrome/content/rules/SideCar.xml
index 0d355e369b28..af669dcb6bd0 100644
--- a/src/chrome/content/rules/SideCar.xml
+++ b/src/chrome/content/rules/SideCar.xml
@@ -11,7 +11,6 @@
 	<target host="www.side.cr" />
 
 
-	<rule from="^https?://(?:www\.)?side\.cr/"
-		to="https://www.side.cr/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SideReel.com.xml b/src/chrome/content/rules/SideReel.com.xml
new file mode 100644
index 000000000000..1b966c8207d2
--- /dev/null
+++ b/src/chrome/content/rules/SideReel.com.xml
@@ -0,0 +1,22 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+		- support.sidereel.com
+
+		Status code mismatch:
+		- groundwork.sidereel.com
+-->
+<ruleset name="SideReel.com (partial)">
+	<target host="sidereel.com" />
+	<target host="www.sidereel.com" />
+	<target host="a3.sidereel.com" />
+	<target host="blog.sidereel.com" />
+	<target host="editorial.sidereel.com" />
+	<target host="s3.sidereel.com" />
+	<target host="snowball.sidereel.com" />
+	<target host="v2.sidereel.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SideReel.xml b/src/chrome/content/rules/SideReel.xml
deleted file mode 100644
index aab238b42d34..000000000000
--- a/src/chrome/content/rules/SideReel.xml
+++ /dev/null
@@ -1,50 +0,0 @@
-<!--
-	CDN buckets:
-
-		- s3.amazonaws.com/sidereel-editorial/
-		- s3.amazonaws.com/sidereel-production-static/
-
-		- sidereel.com.edgesuite.net
-
-			- s3.snowball.sidereel.com
-
-
-	Nonfunctional subdomains:
-
-		- blog		(record_too_long)
-		- groundwork
-		- v2		(loops; mismatched, CN: snowball.sidereel.com)
-
-
-	Problematic domains:
-
-		- a3 *
-		- editorial *
-		- s3 *
-		- support	(mismatched, CN: *.getsatisfaction.com)
-
-	* Works, akamai
-
--->
-<ruleset name="SideReel (partial)">
-
-	<target host="sidereel.com" />
-	<target host="*.sidereel.com" />
-
-
-	<securecookie host="^snowball\.sidereel\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?sidereel\.com/(_webapi/|images/|stylesheets/|users)"
-		to="https://$1sidereel.com/$2" />
-
-	<rule from="^https?://[as]3\.sidereel\.com/"
-		to="https://s3.amazonaws.com/sidereel-production-static/" />
-
-	<rule from="^https?://editorial\.sidereel\.com/"
-		to="https://sidereel-editorial.s3.amazonaws.com/" />
-
-	<rule from="^http://snowball\.sidereel\.com/"
-		to="https://snowball.sidereel.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Sidearm_Sports-problematic.xml b/src/chrome/content/rules/Sidearm_Sports-problematic.xml
deleted file mode 100644
index d2403b99c57c..000000000000
--- a/src/chrome/content/rules/Sidearm_Sports-problematic.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	For rules that are on by default, see Sidearm_Sports.xml.
-
--->
-<ruleset name="Sidearm Sports (problematic)" default_off="mismatched">
-
-	<target host="sidearmsports.com" />
-	<target host="*.sidearmsports.com" />
-
-
-	<rule from="^https?://(?:www\.)?sidearmsports\.com/"
-		to="https://www.sidearmsports.com/" />
-
-	<rule from="^http://blog\.sidearmsports\.com/"
-		to="https://blog.sidearmsports.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Sidearm_Sports.xml b/src/chrome/content/rules/Sidearm_Sports.xml
index 5b9d23fb1461..1874e979f999 100644
--- a/src/chrome/content/rules/Sidearm_Sports.xml
+++ b/src/chrome/content/rules/Sidearm_Sports.xml
@@ -1,21 +1,12 @@
 <!--
-	For problemstic rules, see Sidearm_Sports-problematic.xml.
-
-
-	Problematic subdomains:
-
-		- (www.) *
-		- blog *
-
-	* Mismatched, CN: *.gridserver.com
-
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- assets.sidearmsports.com
 -->
 <ruleset name="Sidearm Sports (partial)">
+	<target host="sidearmsports.com" />
+	<target host="blog.sidearmsports.com" />
+	<target host="www.sidearmsports.com" />
 
-	<target host="assets.sidearmsports.com" />
-
-
-	<rule from="^https?://assets\.sidearmsports\.com/"
-		to="https://s3.amazonaws.com/assets.sidearmsports.com/" />
-
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Sideshowtoy.com.xml b/src/chrome/content/rules/Sideshowtoy.com.xml
index fc313cf3d534..d918884ab0e5 100644
--- a/src/chrome/content/rules/Sideshowtoy.com.xml
+++ b/src/chrome/content/rules/Sideshowtoy.com.xml
@@ -7,7 +7,6 @@
 	<securecookie host="^www\.sideshowtoy\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?sideshowtoy\.com/"
-		to="https://$1sideshowtoy.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Sidibouras.xml b/src/chrome/content/rules/Sidibouras.xml
deleted file mode 100644
index d7b583252611..000000000000
--- a/src/chrome/content/rules/Sidibouras.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="SidiЪouras">
-
-	<target host="sidibouras.com" />
-	<target host="*.sidibouras.com" />
-
-
-	<securecookie host="^(?:www)?\.sidibouras\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?sidibouras\.com/"
-		to="https://$1sidibouras.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Sidux-ev.org.xml b/src/chrome/content/rules/Sidux-ev.org.xml
deleted file mode 100644
index a7b04990bea5..000000000000
--- a/src/chrome/content/rules/Sidux-ev.org.xml
+++ /dev/null
@@ -1,5 +0,0 @@
-<ruleset name="sidux e.V." platform="cacert">
-  <target host="sidux-ev.org"/>
-  <target host="www.sidux-ev.org"/>
-  <rule from="^http://(www\.)?sidux-ev\.org/" to="https://sidux-ev.org/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/Sieciovo.pl.xml b/src/chrome/content/rules/Sieciovo.pl.xml
new file mode 100644
index 000000000000..38c6cdae2946
--- /dev/null
+++ b/src/chrome/content/rules/Sieciovo.pl.xml
@@ -0,0 +1,14 @@
+<!--
+	www: cert only matches ^sieciovo.pl
+
+-->
+<ruleset name="Sieciovo.pl" default_off="expired">
+
+	<target host="sieciovo.pl" />
+	<target host="www.sieciovo.pl" />
+
+
+	<rule from="^http://(?:www\.)?sieciovo\.pl/"
+		to="https://sieciovo.pl/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Siemens.com-mismatches.xml b/src/chrome/content/rules/Siemens.com-mismatches.xml
deleted file mode 100644
index 428d0f5d2351..000000000000
--- a/src/chrome/content/rules/Siemens.com-mismatches.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	For rules that are on by default, see Siemens.com.xml.
-
--->
-<ruleset name="Siemens.com (mismatches)" default_off="mismatch">
-
-	<!--	Akamai	-->
-	<target host="m.siemens.com" />
-
-
-	<!--	Cookies are handled in the main ruleset.	-->
-
-
-	<rule from="^http://m\.siemens\.com/"
-		to="https://m.siemens.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Siemens.com.xml b/src/chrome/content/rules/Siemens.com.xml
deleted file mode 100644
index e8934cdc7bb9..000000000000
--- a/src/chrome/content/rules/Siemens.com.xml
+++ /dev/null
@@ -1,84 +0,0 @@
-<!--
-	For problematic rules, see Siemens.com-mismatches.xml.
-
-
-	Nonfunctional:
-
-		- www.siemens.kz
-
-
-	There are *many* more country domains to add.
-
--->
-<ruleset name="Siemens.com (partial)">
-
-	<target host="siemens.*" />
-	<!--	* for cross-domain cookies.	-->
-	<target host="*.siemens.com" />
-	<target host="www.siemens.*" />
-	<target host="www.siemens.co.*" />
-	<target host="www.siemens.com.*" />
-
-
-	<securecookie host="^.*\.siemens\.com$" name=".*" />
-
-
-	<!--	!www doesn't exist.	-->
-	<rule from="^http://www\.siemens\.co\.id/"
-		to="https://www.siemens.co.id/" />
-
-	<!--	Cert: eshare-ext.siemens.com.sg
-		!www doesn't exist.
-		Redirects as so.	-->
-	<rule from="^https?://www\.siemens\.co\.jp/"
-		to="https://www.siemens.com/answers/jp/ja/" />
-
-	<!--	https times out.
-		!www doesn't exist.
-		Redirects like so.	-->
-	<rule from="^https?://www\.siemens\.co\.in/"
-		to="https://www.siemens.com/answers/in/en/" />
-
-	<!--	https doesn't work.
-		!www doesn't exist.
-		Redirects like so.	-->
-	<rule from="^https?://www\.siemens\.co\.kr/"
-		to="https://www.siemens.com/answers/kr/ko/" />
-
-	<rule from="^http://(w1\.|www\.)?siemens\.com/"
-		to="https://$1siemens.com/" />
-
-	<!--	!www doesn't exist.	-->
-	<rule from="^http://www\.siemens\.com\.(hk|mx)/"
-		to="https://www.siemens.com.$1/" />
-
-	<!--	Cert: eshare-ext.siemens.com.sg
-		!www doesn't exist.
-		Redirects like so.	-->
-	<rule from="^https?://www\.siemens\.com\.kw/"
-		to="https://w1.siemens.com/answers/kw/en/" />
-
-	<!--	Self-signed.
-		Redirects as so.	-->
-	<rule from="^https?://(?:www\.)?siemens\.hu/"
-		to="https://w1.siemens.com/answers/hu/hu/" />
-
-	<!--	https doesn't work.
-		Redirects as so.	-->
-	<rule from="^https?://(?:www\.)?siemens\.ie/"
-		to="https://w1.siemens.com/entry/ie/en/" />
-
-	<!--	https times out.
-		Redirects like so.	-->
-	<rule from="^https?://(?:www\.)?siemens\.it/"
-		to="https://www.siemens.com/entry/it/index.htm" />
-
-	<!--	https times out.
-		www doesn't exist.
-		Server *doesn't* redirect to .com, but this works,
-		and is close to what it does for other cctlds.	-->
-	<rule from="^https?://www\.siemens\.lv/"
-		to="https://w1.siemens.com/entry/lv/" />
-
-</ruleset>
-
diff --git a/src/chrome/content/rules/Siemens.xml b/src/chrome/content/rules/Siemens.xml
new file mode 100644
index 000000000000..1ed21b45c95c
--- /dev/null
+++ b/src/chrome/content/rules/Siemens.xml
@@ -0,0 +1,264 @@
+<!--
+	To look for Siemens.com related TLD,
+		please visit https://www.healthcare.siemens.com/,
+		click the "Global" button on the top lefthand corner
+
+	Non-functional hosts
+		Couldn't connect to server:
+		- siemens.com.cn
+		- www.siemens.com.cn
+		- siemens.dk
+		- siemens.it
+		- www.siemens.it
+		- healthcare.siemens.si
+
+		Timeout was reached:
+		- siemens.ae
+		- www.siemens.ae
+		- siemens.com.ar
+		- www.siemens.com.ar
+		- siemens.com.au
+		- www.siemens.com.au
+		- siemens.ba
+		- siemens.cl
+		- www.siemens.cl
+		- siemens.com.co
+		- www.siemens.com.co
+		- siemens.fi
+		- www.siemens.fi
+		- siemens.co.in
+		- www.siemens.co.in
+		- www.siemens.lv
+		- siemens.nl
+		- www.siemens.nl
+		- siemens.com.pe
+		- www.siemens.com.pe
+		- www.siemens.com.sa
+		- siemens.com.ve
+		- www.siemens.com.ve
+
+		SSL connect error:
+		- siemens.com.my
+		- www.siemens.com.my
+		- siemens.ru
+		- www.siemens.ru
+		- www.siemens.com.sg
+
+		SSL peer certificate was not OK:
+		- healthcare.siemens.ae
+		- healthcare.siemens.com.ar
+		- siemens.at
+		- healthcare.siemens.at
+		- healthcare.siemens.com.au
+		- healthcare.siemens.ba
+		- www.siemens.ba
+		- siemens.be
+		- healthcare.siemens.com.br
+		- www.siemens.com.br
+		- siemens.ca
+		- healthcare.siemens.ca
+		- siemens.ch
+		- healthcare.siemens.ch
+		- healthcare.siemens.cl
+		- healthcare.siemens.com.cn
+		- healthcare.siemens.com.co
+		- aan.siemens.com
+		- healthcare.siemens.com
+		- healthcare.siemens.cz
+		- siemens.de
+		- healthcare.siemens.de
+		- healthcare.siemens.dk
+		- healthcare.siemens.es
+		- www.siemens.es
+		- healthcare.siemens.fi
+		- healthcare.siemens.fr
+		- siemens.hu
+		- healthcare.siemens.hu
+		- www.siemens.hu
+		- siemens.ie
+		- healthcare.siemens.ie
+		- www.siemens.ie
+		- healthcare.siemens.co.in
+		- healthcare.siemens.it
+		- siemens.co.jp
+		- healthcare.siemens.co.jp
+		- healthcare.siemens.co.kr
+		- siemens.com.mx
+		- healthcare.siemens.com.mx
+		- healthcare.siemens.com.my
+		- healthcare.siemens.nl
+		- healthcare.siemens.com.pe
+		- siemens.pl
+		- healthcare.siemens.pl
+		- siemens.pt
+		- www.siemens.pt
+		- healthcare.siemens.ru
+		- healthcare.siemens.com.sa
+		- healthcare.siemens.se
+		- healthcare.siemens.com.sg
+		- siemens.si
+		- www.siemens.si
+		- siemens.com.tr
+		- healthcare.siemens.com.tr
+		- siemens.co.uk
+		- healthcare.siemens.co.uk
+		- healthcare.siemens.com.uy
+		- healthcare.siemens.com.ve
+
+		Incomplete certificate chain error:
+		- www.cee.siemens.com
+		- siemens.cz
+		- www.siemens.cz
+		- siemens.fr
+		- siemens.co.kr
+		- www.siemens.co.kr
+		- siemens.com.uy
+		- www.siemens.com.uy
+
+		5xx server error:
+		- www.siemens.ca
+		- www.aan.siemens.com
+		- www.siemens.com.mx
+-->
+<ruleset name="Siemens">
+	<!-- *siemens.ae -->
+	<target host="www.healthcare.siemens.ae" />
+
+	<!-- *siemens.com.ar -->
+	<target host="www.healthcare.siemens.com.ar" />
+
+	<!-- *siemens.at -->
+	<target host="www.healthcare.siemens.at" />
+	<target host="www.siemens.at" />
+
+	<!-- *siemens.com.au -->
+	<target host="www.healthcare.siemens.com.au" />
+
+	<!-- *siemens.be -->
+	<target host="www.healthcare.siemens.ba" />
+	<target host="www.siemens.be" />
+
+	<!-- *siemens.com.br -->
+	<target host="www.healthcare.siemens.com.br" />
+
+	<!-- *siemens.ca -->
+	<target host="www.healthcare.siemens.ca" />
+
+	<!-- *siemens.ch -->
+	<target host="www.healthcare.siemens.ch" />
+	<target host="www.siemens.ch" />
+
+	<!-- *siemens.cl -->
+	<target host="www.healthcare.siemens.cl" />
+
+	<!-- *siemens.com.cn -->
+	<target host="www.healthcare.siemens.com.cn" />
+
+	<!-- *siemens.com.co -->
+	<target host="www.healthcare.siemens.com.co" />
+
+	<!-- *siemens.com -->
+	<target host="siemens.com" />
+	<target host="usa.healthcare.siemens.com" />
+	<target host="www.healthcare.siemens.com" />
+	<target host="m.siemens.com" />
+	<target host="www.siemens.com" />
+
+	<!-- *siemens.cz -->
+	<target host="www.healthcare.siemens.cz" />
+
+	<!-- *siemens.de -->
+	<target host="www.healthcare.siemens.de" />
+	<target host="www.siemens.de" />
+
+	<!-- *siemens.dk -->
+	<target host="www.healthcare.siemens.dk" />
+	<target host="www.siemens.dk" />
+
+	<!-- *siemens.es -->
+	<target host="www.healthcare.siemens.es" />
+
+	<!-- *siemens.fi -->
+	<target host="www.healthcare.siemens.fi" />
+
+	<!-- *siemens.fr -->
+	<target host="www.healthcare.siemens.fr" />
+	<target host="www.siemens.fr" />
+
+	<!-- *siemens.com.hk -->
+	<target host="www.siemens.com.hk" />
+
+	<!-- *siemens.hu -->
+	<target host="www.healthcare.siemens.hu" />
+
+	<!-- *siemens.ie -->
+	<target host="www.healthcare.siemens.ie" />
+
+	<!-- *siemens.co.in -->
+	<target host="www.healthcare.siemens.co.in" />
+
+	<!-- *siemens.it -->
+	<target host="www.healthcare.siemens.it" />
+
+	<!-- *siemens.co.jp -->
+	<target host="www.healthcare.siemens.co.jp" />
+	<target host="www.siemens.co.jp" />
+
+	<!-- *siemens.co.kr -->
+	<target host="www.healthcare.siemens.co.kr" />
+
+	<!-- *siemens.com.mx -->
+	<target host="www.healthcare.siemens.com.mx" />
+
+	<!-- *siemens.com.my -->
+	<target host="www.healthcare.siemens.com.my" />
+
+	<!-- *siemens.nl -->
+	<target host="www.healthcare.siemens.nl" />
+
+	<!-- *siemens.no -->
+	<target host="www.healthcare.siemens.no" />
+
+	<!-- *siemens.com.pe -->
+	<target host="www.healthcare.siemens.com.pe" />
+
+	<!-- *siemens.pl -->
+	<target host="www.healthcare.siemens.pl" />
+	<target host="www.siemens.pl" />
+
+	<!-- *siemens.pt -->
+	<target host="www.healthcare.siemens.pt" />
+
+	<!-- *siemens.ru -->
+	<target host="www.healthcare.siemens.ru" />
+
+	<!-- *siemens.com.sa -->
+	<target host="www.healthcare.siemens.com.sa" />
+
+	<!-- *siemens.se -->
+	<target host="siemens.se" />
+	<target host="www.healthcare.siemens.se" />
+	<target host="www.siemens.se" />
+
+	<!-- *siemens.com.sg -->
+	<target host="www.healthcare.siemens.com.sg" />
+
+	<!-- *siemens.com.tr -->
+	<target host="www.healthcare.siemens.com.tr" />
+	<target host="www.siemens.com.tr" />
+
+	<!-- *siemens.co.uk -->
+	<target host="www.healthcare.siemens.co.uk" />
+	<target host="www.siemens.co.uk" />
+
+	<!-- *siemens.com.uy -->
+	<target host="www.healthcare.siemens.com.uy" />
+
+	<!-- *siemens.com.ve -->
+	<target host="www.healthcare.siemens.com.ve" />
+
+	<!-- *siemens.co.za -->
+	<target host="www.healthcare.siemens.co.za" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Sierra_Club_Green_Home.xml b/src/chrome/content/rules/Sierra_Club_Green_Home.xml
index 5569bed305d6..bb81b59429bd 100644
--- a/src/chrome/content/rules/Sierra_Club_Green_Home.xml
+++ b/src/chrome/content/rules/Sierra_Club_Green_Home.xml
@@ -1,19 +1,25 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://sierraclubgreenhome.com/ => https://sierraclubgreenhome.com/: (28, 'Connection timed out after 20004 milliseconds')
+Fetch error: http://www.sierraclubgreenhome.com/ => https://www.sierraclubgreenhome.com/: (28, 'Connection timed out after 20000 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://sierraclubgreenhome.com/ => https://sierraclubgreenhome.com/: (60, 'SSL certificate problem: self signed certificate')
 	Nonfunctional subdomains:
 
 		- wordpress	(shows www; expired 2013-01-28, mismatched, CN: sierraclubgreenhome.com)
 
 -->
-<ruleset name="Sierra Club Green Home (partial)">
+<ruleset name="Sierra Club Green Home (partial)" default_off="failed ruleset test">
 
 	<target host="sierraclubgreenhome.com" />
-	<target host="*.sierraclubgreenhome.com" />
+	<target host="www.sierraclubgreenhome.com" />
 
 
 	<securecookie host="^\.sierraclubgreenhome\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?sierraclubgreenhome\.com/"
-		to="https://$1sierraclubgreenhome.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Sierraware.com.xml b/src/chrome/content/rules/Sierraware.com.xml
new file mode 100644
index 000000000000..418d79d595a7
--- /dev/null
+++ b/src/chrome/content/rules/Sierraware.com.xml
@@ -0,0 +1,20 @@
+<!--
+	Mixed content:
+
+		- css from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Sierraware.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="sierraware.com" />
+	<target host="www.sierraware.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Sig-IO.nl.xml b/src/chrome/content/rules/Sig-IO.nl.xml
new file mode 100644
index 000000000000..745e7553421e
--- /dev/null
+++ b/src/chrome/content/rules/Sig-IO.nl.xml
@@ -0,0 +1,12 @@
+<ruleset name="Sig-IO.nl">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="sig-io.nl" />
+	<target host="www.sig-io.nl" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SigFig.com-falsemixed.xml b/src/chrome/content/rules/SigFig.com-falsemixed.xml
new file mode 100644
index 000000000000..d17be95e63fa
--- /dev/null
+++ b/src/chrome/content/rules/SigFig.com-falsemixed.xml
@@ -0,0 +1,12 @@
+<!--
+	For rules not causing false/broken MCB, see SigFig.xml.
+
+-->
+<ruleset name="SigFig (false MCB)" platform="mixedcontent">
+
+	<target host="blog.sigfig.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SigFig.xml b/src/chrome/content/rules/SigFig.xml
index a2bd4c24cb25..2a189c774886 100644
--- a/src/chrome/content/rules/SigFig.xml
+++ b/src/chrome/content/rules/SigFig.xml
@@ -1,21 +1,68 @@
 <!--
+	For rules causing false/broken MCB, see SigFig.com-falsemixed.xml.
+
+
 	CDN buckets:
 
 		- d12ofxxpqkq4dm.cloudfront.net
 		- d7e8o9i11vi0c.cloudfront.net
 
+
+	Fully covered subdomains:
+
+		- (www.)?
+		- beta
+		- secure
+		- support
+
+
+	Partially covered subdomains:
+
+		- blog *
+
+	* Avoiding false/broken MCB
+
+
+	These altnames don't exist:
+
+		- www.support.sigfig.com
+
+
+	Mixed content:
+
+		- css, on:
+
+			- blog from $self *
+			- blog from fonts.googleapis.com *
+
+		- Images, on:
+
+			- blog from $self *
+			- blog from \d.gravatar.com *
+			- blog from i\d.wp.com *
+
+		- favicon on blog from $self *
+
+	* Secured by us
+
 -->
-<ruleset name="SigFig">
+<ruleset name="SigFig.com (partial)">
 
 	<target host="sigfig.com" />
-	<target host="*.sigfig.com" />
-	<target host="*.www.sigfig.com" />
+	<target host="beta.sigfig.com" />
+	<target host="blog.sigfig.com" />
+	<target host="secure.sigfig.com" />
+	<target host="support.sigfig.com" />
+	<target host="www.sigfig.com" />
+		<!--
+			Avoid broken MCB:
+						-->
+		<exclusion pattern="^http://blog\.sigfig\.com/+(?!favicon\.ico|wp-content/|wp-includes/)" />
 
 
 	<securecookie host="^\.www\.sigfig\.com$" name=".+" />
 
 
-	<rule from="^http://((?:beta|blog|secure|www)\.)?sigfig\.com/"
-		to="https://$1sigfig.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Sigdet.nu.xml b/src/chrome/content/rules/Sigdet.nu.xml
new file mode 100644
index 000000000000..867ac33b1efe
--- /dev/null
+++ b/src/chrome/content/rules/Sigdet.nu.xml
@@ -0,0 +1,16 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://sigdet.nu/ => https://sigdet.nu/: (35, 'Unknown SSL protocol error in connection to sigdet.nu:443 ')
+Fetch error: http://www.sigdet.nu/ => https://www.sigdet.nu/: (35, 'Unknown SSL protocol error in connection to www.sigdet.nu:443 ')
+
+-->
+<ruleset name="Sigdet.nu" default_off="failed ruleset test">
+
+	<target host="sigdet.nu" />
+	<target host="www.sigdet.nu" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Siggraph.org.xml b/src/chrome/content/rules/Siggraph.org.xml
index bcf302d8ff9c..b8fd5bc7de01 100644
--- a/src/chrome/content/rules/Siggraph.org.xml
+++ b/src/chrome/content/rules/Siggraph.org.xml
@@ -1,6 +1,6 @@
-<ruleset name="Siggraph.org (buggy)" default_off="https://eff.org/r.3bSc">
-  <target host="siggraph.org" />
-  <target host="www.siggraph.org" />
+<ruleset name="Siggraph.org">
+	<target host="siggraph.org" />
+	<target host="www.siggraph.org" />
 
-  <rule from="^http://(?:www\.)?siggraph\.org/" to="https://www.siggraph.org/" />
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/SigmaAldrich.com.xml b/src/chrome/content/rules/SigmaAldrich.com.xml
new file mode 100644
index 000000000000..a00e6a2f1afd
--- /dev/null
+++ b/src/chrome/content/rules/SigmaAldrich.com.xml
@@ -0,0 +1,32 @@
+
+<!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Fetch error: http://sigmaaldrich.com/norway.html => https://www.sigmaaldrich.com/norway.html: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://sigmaaldrich.com/ => https://www.sigmaaldrich.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://www.sigmaaldrich.com/ => https://www.sigmaaldrich.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+
+	Invalid certificate:
+		sigmaaldrich.com
+		go.sigmaaldrich.com
+		app.go.sigmaaldrich.com
+		images.go.sigmaaldrich.com
+		reviews.sigmaaldrich.com
+		www2.sigmaaldrich.com
+
+	No working URL known:
+		crm.sigmaaldrich.com
+
+	Secure connection failed:
+		origin-www.sigmaaldrich.com
+
+-->
+<ruleset name="Sigma-Aldrich.com">
+
+	<!-- target host="sigmaaldrich.com" /-->
+	<!-- target host="www.sigmaaldrich.com" /-->
+	<target host="secure.sigmaaldrich.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SigmaBeauty.xml b/src/chrome/content/rules/SigmaBeauty.xml
index d134a4bc38dc..51e82b88b8fd 100644
--- a/src/chrome/content/rules/SigmaBeauty.xml
+++ b/src/chrome/content/rules/SigmaBeauty.xml
@@ -1,6 +1,18 @@
+<!--
+blog. mismatch
+enews. mismatch
+-->
+
 <ruleset name="SigmaBeauty">
-  <target host="www.sigmabeauty.com" />
-  <target host="sigmabeauty.com" />
+	<target host="www.sigmabeauty.com" />
+	<target host="sigmabeauty.com" />
+	<target host="help.sigmabeauty.com" />
+
+	<!-- Fix #4684 -->
+	<exclusion pattern="^http://www\.sigmabeauty\.com/api/commerce/" />
+
+	<test url="http://www.sigmabeauty.com/api/commerce/carts/current" />
 
-  <rule from="^http://(?:www\.)?sigmabeauty\.com/" to="https://www.sigmabeauty.com/"/>
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Sigma_Xi.org.xml b/src/chrome/content/rules/Sigma_Xi.org.xml
new file mode 100644
index 000000000000..20c6f4ed4c47
--- /dev/null
+++ b/src/chrome/content/rules/Sigma_Xi.org.xml
@@ -0,0 +1,16 @@
+<ruleset name="Sigma Xi.org">
+
+	<target host="sigmaxi.org" />
+	<target host="www.sigmaxi.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.sigmaxi\.org$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^www\.sigmaxi\.org$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Sign-Up.to.xml b/src/chrome/content/rules/Sign-Up.to.xml
new file mode 100644
index 000000000000..a99ec7952b88
--- /dev/null
+++ b/src/chrome/content/rules/Sign-Up.to.xml
@@ -0,0 +1,15 @@
+<ruleset name="Sign-Up.to">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="sign-up.to" />
+	<target host="dev.sign-up.to" />
+	<target host="forms.sign-up.to" />
+	<target host="labs.sign-up.to" />
+	<target host="www.sign-up.to" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Signal-Spam.fr.xml b/src/chrome/content/rules/Signal-Spam.fr.xml
new file mode 100644
index 000000000000..f575095844be
--- /dev/null
+++ b/src/chrome/content/rules/Signal-Spam.fr.xml
@@ -0,0 +1,12 @@
+<!--
+	Invalid Certificate:
+		piwik.signal-spam.fr
+-->
+<ruleset name="Signal-Spam.fr">
+	<target host="signal-spam.fr" />
+	<target host="www.signal-spam.fr" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"	to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Signal_Spam.xml b/src/chrome/content/rules/Signal_Spam.xml
deleted file mode 100644
index d3486a4807c1..000000000000
--- a/src/chrome/content/rules/Signal_Spam.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	!www: cert only matches www
-
--->
-<ruleset name="Signal Spam">
-
-	<target host="signal-spam.fr" />
-	<target host="www.signal-spam.fr" />
-
-
-	<rule from="^http://(?:www\.)?signal-spam\.fr/"
-		to="https://www.signal-spam.fr/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Signals.xml b/src/chrome/content/rules/Signals.xml
index 3b23445b62e9..eb050a8ebc4f 100644
--- a/src/chrome/content/rules/Signals.xml
+++ b/src/chrome/content/rules/Signals.xml
@@ -7,16 +7,18 @@
 <ruleset name="Signals">
 
 	<target host="signals.com" />
-	<target host="*.signals.com" />
+	<target host="images.signals.com" />
+	<target host="shop.signals.com" />
+	<target host="www.signals.com" />
+	<target host="www3.signals.com" />
 
 
 	<securecookie host="^\.signals\.com$" name=".+" />
 
 
-	<rule from="^https?://signals\.com/"
+	<rule from="^http://signals\.com/"
 		to="https://www.signals.com/" />
 
-	<rule from="^http://(images|shop|www3?)\.signals\.com/"
-		to="https://$1.signals.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Sigterm.no.xml b/src/chrome/content/rules/Sigterm.no.xml
new file mode 100644
index 000000000000..a87190568a2b
--- /dev/null
+++ b/src/chrome/content/rules/Sigterm.no.xml
@@ -0,0 +1,50 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://clients.sigterm.no/ => https://clients.sigterm.no/: (6, 'Could not resolve host: clients.sigterm.no')
+
+	STS header includes includeSubdomains
+	for ^, analytics, www
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- clients.sigterm.no
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Sigterm.no" default_off="failed ruleset test">
+
+	<target host="sigterm.no" />
+	<target host="*.sigterm.no" />
+
+		<!--	includeSubdomains applies to one level only, so:
+									-->
+		<exclusion pattern="^http://(?:(?![^.]+\.analytics\.sigterm\.com/)(?:[^./]+\.){2,}|(?:[^./]+\.){3,})sigterm\.no/" />
+
+			<!--	+ve:
+					-->
+			<test url="http://this.host.sigterm.no/" />
+			<test url="http://exists.not.sigterm.no/" />
+			<test url="http://this.host.analytics.sigterm.no/" />
+			<test url="http://exists.not.analytics.sigterm.no/" />
+			<test url="http://thishost.clients.sigterm.no/" />
+			<test url="http://existsnot.clients.sigterm.no/" />
+
+		<test url="http://analytics.sigterm.no/" />
+		<test url="http://clients.sigterm.no/" />
+		<test url="http://www.sigterm.no/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^clients\.sigterm\.no$" name="^blesta_sid$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Sigxcpu.org.xml b/src/chrome/content/rules/Sigxcpu.org.xml
index 2754295d70c1..33575b221620 100644
--- a/src/chrome/content/rules/Sigxcpu.org.xml
+++ b/src/chrome/content/rules/Sigxcpu.org.xml
@@ -1,31 +1,29 @@
 <!--
-	Nonfunctional subdomains:
+	Non-functional hosts
+		Couldn't connect to server:
+			 - gluon.sigxcpu.org
 
-		- honk.dyn *
-		- git *
-		- hupe *
-		- imap *
-		- smtp *
-
-	* Shows honk
-
-
-	Mixed content:
-
-		- css on honk from honk *
-
-		- Images on honk from honk *
-
-	* Secured by us
+		SSL peer certificate was not OK:
+			 - honk6.sigxcpu.org (require IPv6 support)
+			 - photon.sigxcpu.org
 
+		Incomplete certificate chain error:
+			 - caldav.sigxcpu.org
+			 - carddav.sigxcpu.org
 -->
-<ruleset name="sigxcpu.org" platform="cacert">
-
+<ruleset name="Sigxcpu.org">
 	<target host="sigxcpu.org" />
-	<target host="*.sigxcpu.org" />
-
-
-	<rule from="^http://(?:honk\.|www\.)?sigxcpu\.org/"
-		to="https://honk.sigxcpu.org/" />
-
+	<target host="www.sigxcpu.org" />
+	<target host="ci.sigxcpu.org" />
+	<target host="honk.dyn.sigxcpu.org" />
+	<target host="git.sigxcpu.org" />
+	<target host="honk.sigxcpu.org" />
+	<target host="hupe.sigxcpu.org" />
+	<target host="imap.sigxcpu.org" />
+	<target host="lists.sigxcpu.org" />
+	<target host="smtp.sigxcpu.org" />
+	<target host="webmail.sigxcpu.org" />
+	<target host="wiki.sigxcpu.org" />
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Sikur.xml b/src/chrome/content/rules/Sikur.xml
new file mode 100644
index 000000000000..fe8eb7b5feab
--- /dev/null
+++ b/src/chrome/content/rules/Sikur.xml
@@ -0,0 +1,31 @@
+<!--
+	Non-functional hosts
+		Timeout was reached:
+		- sikur.com.br
+		- www.sikur.com.br
+		- granitephone.com
+		- sikur.com
+		- signup.sikur.com
+
+		No working URL known:
+		- communication.sikur.com.br
+		- logcat.sikur.com
+-->
+<ruleset name="Sikur (partial)">
+	<target host="granitephone.com" />
+	<target host="www.granitephone.com" />
+
+	<target host="sikur.com" />
+	<target host="www.sikur.com" />
+
+	<securecookie host="^www\.sikur\.com$" name=".+" />
+
+	<rule from="^http://granitephone\.com/"
+			to="https://www.granitephone.com/" />
+
+	<rule from="^http://sikur\.com/"
+			to="https://www.sikur.com/" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Silent_Circle.xml b/src/chrome/content/rules/Silent_Circle.xml
index 0c983e2cdd1a..d0d061ff968d 100644
--- a/src/chrome/content/rules/Silent_Circle.xml
+++ b/src/chrome/content/rules/Silent_Circle.xml
@@ -1,36 +1,48 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://canary.silentcircle.com/ => https://canary.silentcircle.com/: (6, 'Could not resolve host: canary.silentcircle.com')
+Fetch error: http://mail.silentcircle.com/ => https://mail.silentcircle.com/: (6, 'Could not resolve host: mail.silentcircle.com')
+
 	Other Silent Circle rulesets:
 
 		- Secure_in_the_Circle.xml.
 
 
-	Nonfunctional domains:
-
-		- (www.)silentcircle.org *
-
-	* CN: mail.silentcircle.com. There are two certificates, one of
-	which covers these domains. They present the wrong certificate,
-	and display mail. These domains time out over http.
-
-
 	Fully covered silentcircle.com subdomains:
 
 		- (www.)
 		- accounts
+		- blog
+		- home
 		- mail
 		- stats
 
--->
-<ruleset name="Silent Circle">
 
-	<target host="silentcircle.com" />
-	<target host="*.silentcircle.com" />
+	Mixed content:
 
+		- css on blog from fonts.googleapis.com *
+
+	* Secured by us
 
-	<securecookie host="^accounts\.silentcircle\.com$" name=".+" />
 
+	No respone:
+		- (www.)silentcircle.org
+-->
+<ruleset name="Silent Circle" default_off="failed ruleset test">
+	<target host="silentcircle.com" />
+	<target host="www.silentcircle.com" />
+	<target host="accounts.silentcircle.com" />
+	<target host="blog.silentcircle.com" />
+	<target host="canary.silentcircle.com" />
+	<target host="home.silentcircle.com" />
+	<target host="mail.silentcircle.com" />
+	<target host="sccps.silentcircle.com" />
+	<target host="stats.silentcircle.com" />
+	<target host="support.silentcircle.com" />
 
-	<rule from="^http://(?:(accounts\.|mail\.|stats\.)|www\.)?silentcircle\.com/"
-		to="https://$1silentcircle.com/" />
+	<securecookie host="^accounts\.silentcircle\.com$" name=".+" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Silent_Sender.com.xml b/src/chrome/content/rules/Silent_Sender.com.xml
index 7f08c6da4b04..cd23db56998c 100644
--- a/src/chrome/content/rules/Silent_Sender.com.xml
+++ b/src/chrome/content/rules/Silent_Sender.com.xml
@@ -1,5 +1,7 @@
-<ruleset name="Silent Sender.com">
+<ruleset name="Silent Sender.com" default_off="expired">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="silentsender.com" />
 	<target host="www.silentsender.com" />
 
@@ -7,10 +9,7 @@
 	<securecookie host="^www\.silentsender\.com$" name=".+" />
 
 
-	<!--	^ redirects to www over http,
-		so copy that behavior:
-					-->
-	<rule from="^http://(?:www\.)?silentsender\.com/"
-		to="https://www.silentsender.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Silentcircle.org.xml b/src/chrome/content/rules/Silentcircle.org.xml
deleted file mode 100644
index c2cd113da83a..000000000000
--- a/src/chrome/content/rules/Silentcircle.org.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!-- This rule was automatically generated based on an HSTS
-     preload rule in the Chromium browser.  See
-     https://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.h
-     for the list of preloads.  Sites are added to the Chromium HSTS
-     preload list on request from their administrators, so HTTPS should
-     work properly everywhere on this site.
-
-     Because Chromium and derived browsers automatically force HTTPS for
-     every access to this site, this rule applies only to Firefox. -->
-<ruleset name="Silentcircle.org" platform="firefox">
-<target host="silentcircle.org" />
-
-<securecookie host="^silentcircle\.org$" name=".+" />
-
-<rule from="^http://silentcircle\.org/" to="https://silentcircle.org/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Silicon-Labs.xml b/src/chrome/content/rules/Silicon-Labs.xml
index d9b9b31f9c85..0e26d6b2c736 100644
--- a/src/chrome/content/rules/Silicon-Labs.xml
+++ b/src/chrome/content/rules/Silicon-Labs.xml
@@ -4,13 +4,13 @@
 	<target host="www.silabs.com" />
 
 
-	<securecookie host="^www\.silabs\.com$" name=".*" />
+	<securecookie host="^www\.silabs\.com$" name=".+" />
 
 
 	<!--	- !www times out over https
 		- !www 301s to www over http
 						-->
-	<rule from="^https?://(?:www\.)?silabs\.com/"
+	<rule from="^http://(?:www\.)?silabs\.com/"
 		to="https://www.silabs.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Silicon.com.xml b/src/chrome/content/rules/Silicon.com.xml
index 30f326c78217..142eab5a1c9a 100644
--- a/src/chrome/content/rules/Silicon.com.xml
+++ b/src/chrome/content/rules/Silicon.com.xml
@@ -1,4 +1,14 @@
-<ruleset name="Silicon.com">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://silicon.com/ => https://www.silicon.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.silicon.com/ => https://www.silicon.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://silicon.com/ => https://www.silicon.com/: (28, 'Connection timed out after 10000 milliseconds')
+Fetch error: http://www.silicon.com/ => https://www.silicon.com/: (28, 'Connection timed out after 10001 milliseconds')
+-->
+<ruleset name="Silicon.com" default_off="failed ruleset test">
 	<target host="silicon.com" />
 	<target host="www.silicon.com" />
 	<rule from="^http://silicon\.com/" to="https://www.silicon.com/"/>
diff --git a/src/chrome/content/rules/Silicon_Republic.com.xml b/src/chrome/content/rules/Silicon_Republic.com.xml
new file mode 100644
index 000000000000..93168dc0b76d
--- /dev/null
+++ b/src/chrome/content/rules/Silicon_Republic.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="Silicon Republic.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="siliconrepublic.com" />
+	<target host="www.siliconrepublic.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Silicon_Valley_Bank.xml b/src/chrome/content/rules/Silicon_Valley_Bank.xml
index d1da62fc27c5..971594b2df71 100644
--- a/src/chrome/content/rules/Silicon_Valley_Bank.xml
+++ b/src/chrome/content/rules/Silicon_Valley_Bank.xml
@@ -11,7 +11,6 @@
 	<securecookie host="^www\.svb\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?svb\.com/"
-		to="https://www.svb.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Siliconera.com.xml b/src/chrome/content/rules/Siliconera.com.xml
new file mode 100644
index 000000000000..fc7b7da7e07f
--- /dev/null
+++ b/src/chrome/content/rules/Siliconera.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="Siliconera" platform="mixedcontent">
+
+	<target host="siliconera.com" />
+	<target host="www.siliconera.com" />
+	<target host="mobile.siliconera.com" />
+	<target host="storage.siliconera.com" />
+
+	<rule from="^http:" to="https:" />
+
+	<test url="http://www.siliconera.com/wordpress/wp-content/themes/siliconera/imgs/siliconera_logo.gif" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SilkRoad.xml b/src/chrome/content/rules/SilkRoad.xml
index 735ab49a4278..fe45530e76a4 100644
--- a/src/chrome/content/rules/SilkRoad.xml
+++ b/src/chrome/content/rules/SilkRoad.xml
@@ -1,16 +1,99 @@
-<!--	!functional:
-		(www.)silkroad.com	(timeout)
-		pages.silkroad.com	(cert: *.marketo.com; 404)
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://fr.silkroad.com/ => https://fr.silkroad.com/: (51, "SSL: no alternative certificate subject name matches target host name 'fr.silkroad.com'")
+Fetch error: http://pages.silkroad.com/ => https://pages.silkroad.com/: (51, "SSL: no alternative certificate subject name matches target host name 'pages.silkroad.com'")
+Fetch error: http://dandb-openhire.silkroad.com/epostings/index.cfm?fuseaction=app.jobsearch&byRegion=US_NC&byLocation_US => https://dandb-openhire.silkroad.com/epostings/index.cfm?fuseaction=app.jobsearch&byRegion=US_NC&byLocation_US: (6, 'Could not resolve host: dandb-openhire.silkroad.com')
+Fetch error: http://dandbcareers.silkroad.com/ => https://dandbcareers.silkroad.com/: (6, 'Could not resolve host: dandbcareers.silkroad.com')
+
+	Problematic hosts in *silkroad.com;
+
+		- hr1 ᵐ
+
+	ᵐ Pardot / mismatched
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- silkroad.com
+		- emea.silkroad.com
+		- pages.silkroad.com
+		- www.silkroad.com
+		- (account_vhost).silkroad.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css on emea, www from fonts.googleapis.com ˢ
+		- Images on jp, www from www.silkroad.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
 -->
-<ruleset name="SilkRoad (partial)">
+<ruleset name="SilkRoad.com (partial)" default_off="failed ruleset test">
 
+	<target host="silkroad.com"/>
 	<target host="*.silkroad.com"/>
-		<exclusion pattern="^http://(pages|www)\."/>
 
-	<securecookie host="^.*\.silkroad\.com$" name=".*"/>
+		<exclusion pattern="^http://(?:[^./]+\.){2,}silkroad\.com/" />
+
+			<test url="http://this.host.silkroad.com/" />
+			<test url="http://exists.not.silkroad.com/" />
+
+		<test url="http://emea.silkroad.com/" />
+		<test url="http://fr.silkroad.com/" />
+		<test url="http://jp.silkroad.com/" />
+		<test url="http://pages.silkroad.com/" />
+		<test url="http://support.silkroad.com/" />
+		<test url="http://www.silkroad.com/" />
+
+		<exclusion pattern="^http://hr1\.silkroad\.com/(?!/*(?:$|\?|[el]/|webmail/))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://hr1.silkroad.com/4-Steps-to-Strengthen-Your-Talent-Pipeline" />
+			<test url="http://hr1.silkroad.com/Onboarding-ROI-Calculator" />
+			<test url="http://hr1.silkroad.com/brand" />
+			<test url="http://hr1.silkroad.com/feedback" />
+			<test url="http://hr1.silkroad.com/tyv_performance" />
+			<test url="http://hr1.silkroad.com/ultimate-guide-performance" />
+			<test url="http://hr1.silkroad.com/video-demos" />
+
+			<!--	-ve:
+					-->
+			<test url="http://hr1.silkroad.com/l/61532/2014-12-15/289m" />
+			<test url="http://hr1.silkroad.com/l/61532/2015-01-22/59bm/61532/12024/LifeSuite_video_thumb.png" />
+
+		<!--	Accounts:
+					-->
+		<test url="http://dandb-openhire.silkroad.com/epostings/index.cfm?fuseaction=app.jobsearch&amp;byRegion=US_NC&amp;byLocation_US" />
+		<test url="http://dandbcareers.silkroad.com/" />
+		<!--test url="http://mhecareers.silkroad.com/" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:emea\.|www\.)?silkroad\.com$" name="^X-Mapping-" /-->
+	<!--securecookie host="^support\.silkroad\.com$" name="^BIGipServer" /-->
+	<!--securecookie host="^($account)\.silkroad\.com$" name="^(?:BIGipServer.*|CFID|CFTOKEN)$" /-->
+
+	<securecookie host="^(?!hr1\.)." name=".+" />
+
+
+	<!--	Redirect drops args and forward slash and args:
+								-->
+	<rule from="^http://hr1\.silkroad\.com/+(?:\?.*)?$"
+		to="https://www.silkroad.com/" />
+
+		<test url="http://hr1.silkroad.com/" />
+		<test url="http://hr1.silkroad.com/?" />
+
+	<rule from="^http://hr1\.silkroad\.com/"
+		to="https://go.pardot.com/" />
 
-	<!--	unique subdoman for each client	-->
-	<rule from="^http://([\w\-]+)\.silkroad\.com/"
-		to="https://$1.silkroad.com/"/>
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Silkn.com.xml b/src/chrome/content/rules/Silkn.com.xml
index 0cc949c3686c..201815bd30c4 100644
--- a/src/chrome/content/rules/Silkn.com.xml
+++ b/src/chrome/content/rules/Silkn.com.xml
@@ -1,4 +1,12 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://buyfacefx.com/ => https://www.buyfacefx.com/: (6, 'Could not resolve host: www.buyfacefx.com')
+Fetch error: http://www.buyfacefx.com/ => https://www.buyfacefx.com/: (6, 'Could not resolve host: www.buyfacefx.com')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://buyfacefx.com/ => https://www.buyfacefx.com/: (28, 'Connection timed out after 10000 milliseconds')
+Fetch error: http://www.buyfacefx.com/ => https://www.buyfacefx.com/: (6, 'Could not resolve host: www.buyfacefx.com')
 	CDN buckets:
 
 		- s3.amazonaws.com/dnaresponse-estore/
@@ -20,12 +28,13 @@
 		- shop.silkn.com
 
 -->
-<ruleset name="Silkn.com">
+<ruleset name="Silkn.com" default_off="failed ruleset test">
 
 	<target host="buyfacefx.com" />
 	<target host="www.buyfacefx.com" />
 	<target host="silkn.com" />
-	<target host="*.silkn.com" />
+	<target host="shop.silkn.com" />
+	<target host="www.silkn.com" />
 		<exclusion pattern="^http://(?:www\.)?silkn\.com/(?!images/|include/|RadControls/|scripts/|upload/|WebResource\.axd)" />
 
 
@@ -35,7 +44,6 @@
 	<rule from="^http://(?:www\.)?buyfacefx\.com/"
 		to="https://www.buyfacefx.com/" />
 
-	<rule from="^http://(shop\.|www\.)?silkn\.com/"
-		to="https://$1silkn.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Silkroad_WS.xml b/src/chrome/content/rules/Silkroad_WS.xml
deleted file mode 100644
index 2b84edf73156..000000000000
--- a/src/chrome/content/rules/Silkroad_WS.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	Some pages redirect to $
-
--->
-<ruleset name="Silkroad WS (partial)">
-
-	<target host="silkroad.ws" />
-	<target host="*.silkroad.ws" />
-		<exclusion pattern="^http://(?:www\.)?silkroad\.ws/(?!addons/|cron\.php|img/)" />
-
-
-	<securecookie host="^forum\.silkroad\.ws$" name=".+" />
-
-
-	<rule from="^http://(forum\.|www\.)?silkroad\.ws/"
-		to="https://$1silkroad.ws/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Silkspan.com.xml b/src/chrome/content/rules/Silkspan.com.xml
index e4ef5660d904..c9d42eacba13 100644
--- a/src/chrome/content/rules/Silkspan.com.xml
+++ b/src/chrome/content/rules/Silkspan.com.xml
@@ -1,6 +1,13 @@
-<ruleset name="Silkspan.com">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://silkspan.com/ => https://www.silkspan.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.silkspan.com/ => https://www.silkspan.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+-->
+<ruleset name="Silkspan.com" default_off="failed ruleset test">
   <target host="silkspan.com" />
   <target host="www.silkspan.com" />
 
-  <rule from="^http://(www\.)?silkspan\.com/" to="https://www.silkspan.com/" />
+  <rule from="^http://(?:www\.)?silkspan\.com/" to="https://www.silkspan.com/" />
 </ruleset>
diff --git a/src/chrome/content/rules/Silktide.xml b/src/chrome/content/rules/Silktide.xml
index 2429ae7bb611..7974a373e3d9 100644
--- a/src/chrome/content/rules/Silktide.xml
+++ b/src/chrome/content/rules/Silktide.xml
@@ -1,28 +1,64 @@
+
 <!--
-	Nonfunctional subdomains:
+Disabled by https-everywhere-checker because:
+Fetch error: http://assets.cookieconsent.silktide.com/current/style.min.css => https://d39hc9zyqwn1u0.cloudfront.net/current/style.min.css: (6, 'Could not resolve host: d39hc9zyqwn1u0.cloudfront.net')
+Fetch error: http://www.silktide.com/ => https://www.silktide.com/: Too many redirects while fetching 'https://www.silktide.com/'
+Fetch error: http://cdn.silktide.com/ => https://d2cbphali8h73p.cloudfront.net/: (6, 'Could not resolve host: d2cbphali8h73p.cloudfront.net')
+Fetch error: http://assets.cookieconsent.silktide.com/ => https://d39hc9zyqwn1u0.cloudfront.net/: (6, 'Could not resolve host: d39hc9zyqwn1u0.cloudfront.net')
+Fetch error: http://status.silktide.com/ => https://status.silktide.com/: (35, 'error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol')
+
+	CDN buckets:
+
+		- s3-eu-west-1.amazonaws.com/assets.cookieconsent.silktide.com
+		- d39hc9zyqwn1u0.cloudfront.net	← assets.cookieconsent
+
+
+	Nonfunctional hosts in *silktide.com:
+
+		- status ᵖ
+
+	ᵖ Plaintext reply
 
-		- (www.)
-			- Cert is valid
-			- $ 302s to http
-			- (asset|theme)s/.+ 302s to 404 page
-			- products$ 302s to http
 
-		- blog	(times out)
+	Problematic hosts in *silktide.com:
+
+		- blog ᵂ
+
+	ᵂ WP Engine/redirects to http
 
 -->
-<ruleset name="Silktide (partial)">
+<ruleset name="Silktide.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="silktide.com" />
+	<target host="www.silktide.com" />
 
-	<target host="*.silktide.com" />
+	<!--	Complications:
+				-->
+	<target host="blog.silktide.com" />
+	<target host="cdn.silktide.com" />
 	<target host="assets.cookieconsent.silktide.com" />
+	<target host="status.silktide.com" />
 
 
-	<rule from="^https?://cdn\.silktide\.com/"
+	<!--	Redirect drops path, args,
+		and forward slash:
+					-->
+	<rule from="^http://blog\.silktide\.com/.*"
+		to="https://silktide.com/blog" />
+
+		<test url="http://blog.silktide.com/home.php" />
+
+	<rule from="^http://cdn\.silktide\.com/"
 		to="https://d2cbphali8h73p.cloudfront.net/" />
 
-	<rule from="^https?://assets\.cookieconsent\.silktide\.com/"
-		to="https://s3-eu-west-1.amazonaws.com/assets.cookieconsent.silktide.com/" />
+	<rule from="^http://assets\.cookieconsent\.silktide\.com/"
+		to="https://d39hc9zyqwn1u0.cloudfront.net/" />
+
+		<test url="http://assets.cookieconsent.silktide.com/current/style.min.css" />
 
-	<rule from="^https?://status\.silktide\.com/"
-		to="https://silktide-status.herokuapp.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Silobreaker.xml b/src/chrome/content/rules/Silobreaker.xml
index e671fb112ffe..0e3f7ead558e 100644
--- a/src/chrome/content/rules/Silobreaker.xml
+++ b/src/chrome/content/rules/Silobreaker.xml
@@ -20,16 +20,18 @@
 
 	<target host="thumbs.sbstatic.com" />
 	<target host="cache.thumbs.sbstatic.com" />
-	<target host="*.silobreaker.com" />
+	<target host="api.silobreaker.com" />
+	<target host="my.silobreaker.com" />
+	<target host="thumbs.silobreaker.com" />
+	<target host="cache.thumbs.silobreaker.com" />
 
 
 	<securecookie host="^my\.silobreaker\.com$" name=".+" />
 
 
-	<rule from="^http://(api|my)\.silobreaker\.com/"
-		to="https://$1.silobreaker.com/" />
 
-	<rule from="^https?://(?:cache\.)?thumbs\.s(?:bstatic|ilobreaker)\.com/"
+	<rule from="^http://(?:cache\.)?thumbs\.s(?:bstatic|ilobreaker)\.com/"
 		to="https://thumbs.silobreaker.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Silva_Wood_Flooring.xml b/src/chrome/content/rules/Silva_Wood_Flooring.xml
index b516972eb278..0d7d263941f5 100644
--- a/src/chrome/content/rules/Silva_Wood_Flooring.xml
+++ b/src/chrome/content/rules/Silva_Wood_Flooring.xml
@@ -1,13 +1,19 @@
-<ruleset name="Silva Wood Flooring">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://silvawoodflooring.co.uk/ => https://silvawoodflooring.co.uk/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://www.silvawoodflooring.co.uk/ => https://www.silvawoodflooring.co.uk/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+
+-->
+<ruleset name="Silva Wood Flooring" default_off="failed ruleset test">
 
 	<target host="silvawoodflooring.co.uk" />
-	<target host="*.silvawoodflooring.co.uk" />
+	<target host="www.silvawoodflooring.co.uk" />
 
 
 	<securecookie host="^(?:www)?\.silvawoodflooring\.co\.uk$" name=".+" />
 
 
-	<rule from="^http://(www\.)?silvawoodflooring\.co\.uk/"
-		to="https://$1silvawoodflooring.co.uk/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Silver-Oven.xml b/src/chrome/content/rules/Silver-Oven.xml
index 0f56bf6e4e47..9999f5ebe044 100644
--- a/src/chrome/content/rules/Silver-Oven.xml
+++ b/src/chrome/content/rules/Silver-Oven.xml
@@ -3,9 +3,8 @@
 	<target host="investorflow.com"/>
 	<target host="www.investorflow.com"/>
 
-	<securecookie host="^(.*\.)?investorflow.com$" name=".*"/>
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(www\.)?investorflow\.com/"
-		to="https://$1investorflow.com/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/SilverRush_Style.xml b/src/chrome/content/rules/SilverRush_Style.xml
index 8ffcaf21ec7c..faeb986e492a 100644
--- a/src/chrome/content/rules/SilverRush_Style.xml
+++ b/src/chrome/content/rules/SilverRush_Style.xml
@@ -1,22 +1,45 @@
 <!--
-	Problematic subdomains:
+	Problematic hosts in *silverrushstyle.com:
 
-		- ^	(mismatched, CN: secure.silverrushstyle.com)
+		- ^ ¹
+		- secure ²
+		- th ³
+		- www ³
+
+	¹ Mismatched, CN: secure.silverrushstyle.com
+	² Server sends no certificate chain, see https://whatsmychaincert.com
+	³ Redirects to http
+
+
+	Insecure cookies are set for these domains:
+
+		- .silverrushstyle.com
 
 -->
-<ruleset name="SilverRush Style (partial)">
+<ruleset name="SilverRush Style.com" default_off="cert-chain">
 
+	<!--	Direct rewrites:
+				-->
+	<target host="secure.silverrushstyle.com" />
+
+	<!--	Complications:
+				-->
 	<target host="silverrushstyle.com" />
-	<target host="*.silverrushstyle.com" />
+	<target host="th.silverrushstyle.com" />
+	<target host="www.silverrushstyle.com" />
 
 
-	<securecookie host="^\.silverrushstyle\.com$" name=".+" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.silverrushstyle\.com$" name="^(?:silverrush_old_user|silverushstyle|wt_cookie_test)$" /-->
 
+	<securecookie host="^\.silverrushstyle\.com$" name=".+" />
 
-	<rule from="^http://(?:www\.)?silverrushstyle\.com/"
-		to="https://www.silverrushstyle.com/" />
 
-	<rule from="^http://secure\.silverrushstyle\.com/"
+	<rule from="^http://(?:th\.|www\.)?silverrushstyle\.com/"
 		to="https://secure.silverrushstyle.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Silverflint.xml b/src/chrome/content/rules/Silverflint.xml
index 36e238ca3d47..16e6495e7eef 100644
--- a/src/chrome/content/rules/Silverflint.xml
+++ b/src/chrome/content/rules/Silverflint.xml
@@ -15,4 +15,4 @@
 	<rule from="^http://(?:www\.)?silverflint\.com/(css/|favicon\.ico|js/|xajax/)"
 		to="https://www.silverflint.com/$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Silverpop.xml b/src/chrome/content/rules/Silverpop.xml
index 4c3c485bbbd2..4328c21de420 100644
--- a/src/chrome/content/rules/Silverpop.xml
+++ b/src/chrome/content/rules/Silverpop.xml
@@ -1,7 +1,16 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://gw.vtrenz.net/ => https://gw.vtrenz.net/: (6, 'Could not resolve host: gw.vtrenz.net')
+Fetch error: http://login1.vtrenz.net/ => https://login1.vtrenz.net/: (6, 'Could not resolve host: login1.vtrenz.net')
+Fetch error: http://www.vtrenz.net/ => https://www.vtrenz.net/: (6, 'Could not resolve host: www.vtrenz.net')
+Fetch error: http://www1.vtrenz.net/ => https://www1.vtrenz.net/: (6, 'Could not resolve host: www1.vtrenz.net')
+
+	For other IBM coverage, see IBM.xml.
+
 	Other Silverpop rulesets:
 
-		- CoreMotives.com.xml
+		- mkt51.net.xml
 		- Pages05.net.xml
 
 
@@ -32,6 +41,7 @@
 
 	Fully covered domains:
 
+		- *.links.mkt41.net
 		- contenta.mkt1710.com	(→ d35xxa4d4yp600.cloudfront.net)
 		- (www.)pages03.net	(^ → www)
 
@@ -43,24 +53,68 @@
 			- www1
 
 
+	Insecure cookies are set for these hosts: ᶜ
+
+		- silverpop.com
+		- loginpilot.silverpop.com
+		- portal.silverpop.com
+		- visitorinsight.silverpop.com
+		- www.silverpop.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
 	Mixed content:
 
-		- css on www.silverpop.com from www.silverpop.com
+		- css on (www.)?silverpop.com from fast.fonts.com
+		- favicon on (www.)?silverpop.com from www.silverpop.com
 
-		- favicon on www.silverpop.com from www.silverpop.com
+		- Web bugs, on:
 
-		- Web bug on www.silverpop.com from portal.mxlogic.com *
+			- (www.)?silverpop.com from \d+.fls.doubleclick.net *
+			- (www.)?silverpop.com from portal.mxlogic.com *
 
-	* Secured by us
+	* Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="Silverpop (partial)">
+<ruleset name="Silverpop (partial)" default_off="failed ruleset test">
 
-	<target host="content.mkt941.com" />
+	<!--	Direct rewrites:
+				-->
+	<target host="*.links.mkt41.net" />
+	<target host="www.pages03.net" />
+
+	<target host="silverpop.com" />
+	<target host="loginpilot.silverpop.com" />
+	<target host="portal.silverpop.com" />
+	<target host="visitorinsight.silverpop.com" />
+	<target host="www.silverpop.com" />
+
+	<target host="gw.vtrenz.net"/>
+	<target host="login1.vtrenz.net"/>
+	<target host="www.vtrenz.net"/>
+	<target host="www1.vtrenz.net"/>
+
+		<exclusion pattern="^http://(?:[^./]+\.){2,}links\.mkt41\.net/" />
+
+			<test url="http://this.host.links.mkt41.net/" />
+			<test url="http://exists.not.links.mkt41.net/" />
+
+	<!--	Complications:
+				-->
 	<target host="contenta.mkt1710.com" />
+	<target host="content.mkt941.com" />
 	<target host="pages03.net" />
-	<target host="www.pages03.net" />
-	<target host="*.vtrenz.net"/>
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?silverpop\.com$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^loginpilot\.silverpop\.com$" name="^Silverpop_cookie$" /-->
+	<!--securecookie host="^portal\.silverpop\.com$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^visitorinsight\.silverpop\.com$" name="^(?:PHPSESSID|Silverpop_cookie)$" /-->
+
+	<securecookie host="^\w" name=".+" />
 
 
 	<rule from="^http://content\.mkt941\.com/"
@@ -69,10 +123,10 @@
 	<rule from="^http://contenta\.mkt1710\.com/"
 		to="https://d35xxa4d4yp600.cloudfront.net/" />
 
-	<rule from="^http://(www\.)?pages03\.net/"
+	<rule from="^http://pages03\.net/"
 		to="https://www.pages03.net/" />
 
-	<rule from="^http://(gw|login1|www1?)\.vtrenz\.net/"
-		to="https://$1.vtrenz.net/"/>
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Silvertunnel.org.xml b/src/chrome/content/rules/Silvertunnel.org.xml
new file mode 100644
index 000000000000..37388c01c45b
--- /dev/null
+++ b/src/chrome/content/rules/Silvertunnel.org.xml
@@ -0,0 +1,27 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://silvertunnel.org/ => https://silvertunnel.org/: (35, 'Unknown SSL protocol error in connection to silvertunnel.org:443 ')
+Fetch error: http://www.silvertunnel.org/ => https://silvertunnel.org/: (35, 'Unknown SSL protocol error in connection to silvertunnel.org:443 ')
+
+	www.silvertunnel.org: Refused
+
+-->
+<ruleset name="silvertunnel.org" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="silvertunnel.org" />
+
+	<!--	Complications:
+				-->
+	<target host="www.silvertunnel.org" />
+
+
+	<rule from="^http://www\.silvertunnel\.org/"
+		to="https://silvertunnel.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Silverum.cz.xml b/src/chrome/content/rules/Silverum.cz.xml
new file mode 100644
index 000000000000..ab7acf207546
--- /dev/null
+++ b/src/chrome/content/rules/Silverum.cz.xml
@@ -0,0 +1,7 @@
+<ruleset name="SILVERUM s.r.o.">
+    <target host="silverum.cz" />
+    <target host="www.silverum.cz" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Sim-technik.de.xml b/src/chrome/content/rules/Sim-technik.de.xml
index 1d7bba09bb85..ab769dc24dd7 100644
--- a/src/chrome/content/rules/Sim-technik.de.xml
+++ b/src/chrome/content/rules/Sim-technik.de.xml
@@ -3,7 +3,6 @@
 	<target host="ws.vtc.sim-technik.de" />
 
 
-	<rule from="^http://ws\.vtc\.sim-technik\.de/"
-		to="https://ws.vtc.sim-technik.de/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SimFlight-mismatches.xml b/src/chrome/content/rules/SimFlight-mismatches.xml
deleted file mode 100644
index 4dd5e26844f2..000000000000
--- a/src/chrome/content/rules/SimFlight-mismatches.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<ruleset name="simFlight (mismatches)" default_off="mismatch, self-signed">
-
-	<target host="simflight.*"/>
-	<target host="www.simflight.*"/>
-	<target host="simrussia.com"/>
-	<target host="www.simrussia.com"/>
-
-	<securecookie host="^(.*\.)?simflight\.\w{2,3}$" name=".*"/>
-	<securecookie host="^(.*\.)?simrussia\.com$" name=".*"/>
-
-	<rule from="^http://(?:www\.)?simflight\.(cn|com|de|es|fr|it|jp|nl)/"
-		to="https://www.simflight.$1/"/>
-
-	<rule from="^http://(?:www\.)?simflight\.pt/"
-		to="https://simflight.pt/"/>
-
-	<rule from="^http://(?:www\.)?simrussia\.com/"
-		to="https://simrussia.com/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/SimFlight-problematic.xml b/src/chrome/content/rules/SimFlight-problematic.xml
new file mode 100644
index 000000000000..09e5edd556d4
--- /dev/null
+++ b/src/chrome/content/rules/SimFlight-problematic.xml
@@ -0,0 +1,62 @@
+<!--
+	Non-functional hosts
+		SSL connect error:
+		- simflight.cn
+		- www.simflight.cn
+		- simflight.com
+		- www.simflight.com
+		- simrussia.com
+		- www.simrussia.com
+		- simflight.de
+		- www.simflight.de
+		- simflight.es
+		- www.simflight.es
+		- simflight.fr
+		- www.simflight.fr
+		- simflight.it
+		- www.simflight.it
+		- simflight.jp
+		- www.simflight.jp
+		- simflight.nl
+		- www.simflight.nl
+-->
+<ruleset name="simFlight (problematic)" default_off="ssl-error">
+	<!-- *simflight.cn -->
+	<target host="simflight.cn" />
+	<target host="www.simflight.cn" />
+
+	<!-- *simflight.com -->
+	<target host="simflight.com" />
+	<target host="www.simflight.com" />
+
+	<!-- *simrussia.com -->
+	<target host="simrussia.com"/>
+	<target host="www.simrussia.com"/>
+
+	<!-- *simflight.de -->
+	<target host="simflight.de" />
+	<target host="www.simflight.de" />
+
+	<!-- *simflight.es -->
+	<target host="simflight.es" />
+	<target host="www.simflight.es" />
+
+	<!-- *simflight.fr -->
+	<target host="simflight.fr" />
+	<target host="www.simflight.fr" />
+
+	<!-- *simflight.it -->
+	<target host="simflight.it" />
+	<target host="www.simflight.it" />
+
+	<!-- *simflight.jp -->
+	<target host="simflight.jp" />
+	<target host="www.simflight.jp" />
+
+	<!-- *simflight.nl -->
+	<target host="simflight.nl" />
+	<target host="www.simflight.nl" />
+
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SimFlight.xml b/src/chrome/content/rules/SimFlight.xml
index 2efd2567e152..c9a372ed08dc 100644
--- a/src/chrome/content/rules/SimFlight.xml
+++ b/src/chrome/content/rules/SimFlight.xml
@@ -1,9 +1,10 @@
 <ruleset name="simFlight (partial)">
 
 	<target host="simmarket.com"/>
-	<target host="*.simmarket.com"/>
+	<target host="secure.simmarket.com" />
+	<target host="www.simmarket.com" />
 
-	<securecookie host="^(.*\.)?simmarket\.com$" name=".*"/>
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http://(?:secure\.|www\.)?simmarket\.com/"
 		to="https://secure.simmarket.com/"/>
diff --git a/src/chrome/content/rules/SimilarGroup.com.xml b/src/chrome/content/rules/SimilarGroup.com.xml
new file mode 100644
index 000000000000..606744272218
--- /dev/null
+++ b/src/chrome/content/rules/SimilarGroup.com.xml
@@ -0,0 +1,22 @@
+<!--
+	(www.)?similargroup.com: Plaintext reply
+
+
+	Problematic hosts in *similargroup.com:
+
+		- analytics *
+
+	* Server sends no certificate chain, see https://whatsmychaincert.com
+
+-->
+<ruleset name="SimilarGroup.com (partial)" default_off="cert-chain">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="analytics.similargroup.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SimilarWeb.xml b/src/chrome/content/rules/SimilarWeb.xml
index 89d83ec2d999..c84c547631e9 100644
--- a/src/chrome/content/rules/SimilarWeb.xml
+++ b/src/chrome/content/rules/SimilarWeb.xml
@@ -1,18 +1,40 @@
 <!--
-	Nonfunctional subdomains:
+	Insecure cookies are set for these domains and hosts:
 
-		- (www.)	(refused)
+		- similarweb.com
+		- .similarweb.com
+		- developer.similarweb.com
+		- www.similarweb.com
+
+
+	Mixed content:
+
+		- Image on www from $self *
+
+	* Secured by us
 
 -->
-<ruleset name="SimilarWeb (partial)">
+<ruleset name="SimilarWeb.com">
 
+	<!--	Direct rewrites:
+				-->
+	<target host="similarweb.com" />
 	<target host="developer.similarweb.com" />
+	<target host="www.similarweb.com" />
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?similarweb\.com$" name="^___utmv\w+$" /-->
+	<!--securecookie host="^\.similarweb\.com$" name="^(?:incap_ses_\d+|visid_incap)_\d+$" /-->
+	<!--securecookie host="^developer\.similarweb\.com$" name="^_system_session$" /-->
+	<!--securecookie host="^www\.similarweb\.com$" name="^(?:SPSI|UTGv2)$" /-->
 
-	<securecookie host="^developer\.similarweb\.com$" name=".+" />
+	<securecookie host="^(?:developer\.|www\.)?similarweb\.com$" name=".+" />
+	<securecookie host="^\.similarweb\.com$" name="^(?:incap_ses_\d+|visid_incap)_\d+$" />
 
 
-	<rule from="^http://developer\.similarweb\.com/"
-		to="https://developer.similarweb.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Simlar.org.xml b/src/chrome/content/rules/Simlar.org.xml
new file mode 100644
index 000000000000..2e5976a82808
--- /dev/null
+++ b/src/chrome/content/rules/Simlar.org.xml
@@ -0,0 +1,28 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://simlar.org/ => https://simlar.org/: (51, "SSL: no alternative certificate subject name matches target host name 'simlar.org'")
+
+	Problematic hosts in *simlar.org:
+
+		- counter ¹ ²
+
+	¹ Mismatched
+	² Self-signed
+
+-->
+<ruleset name="Simlar.org (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="simlar.org" />
+	<target host="www.simlar.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Simlystore.com.xml b/src/chrome/content/rules/Simlystore.com.xml
new file mode 100644
index 000000000000..a61854a5565e
--- /dev/null
+++ b/src/chrome/content/rules/Simlystore.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Simlystore.com">
+  <target host="simlystore.com" />
+  <target host="www.simlystore.com" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Simmtester.com.xml b/src/chrome/content/rules/Simmtester.com.xml
new file mode 100644
index 000000000000..7ebca01192fc
--- /dev/null
+++ b/src/chrome/content/rules/Simmtester.com.xml
@@ -0,0 +1,25 @@
+<!--
+	- Expired 2013-02-23
+	- ^: cert only matches www
+
+
+	Mixed content:
+
+		- Images from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Simmtester.com" default_off="expired, self-signed">
+
+	<target host="simmtester.com" />
+	<target host="www.simmtester.com" />
+
+
+	<securecookie host="^(?:www\.)?simmtester\.com$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?simmtester\.com/"
+		to="https://www.simmtester.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SimonButcher.name.xml b/src/chrome/content/rules/SimonButcher.name.xml
index 79d913e142c4..91909dfb389c 100644
--- a/src/chrome/content/rules/SimonButcher.name.xml
+++ b/src/chrome/content/rules/SimonButcher.name.xml
@@ -1,16 +1,8 @@
-<!-- This rule was automatically generated based on an HSTS
-     preload rule in the Chromium browser.  See 
-     https://src.chromium.org/viewvc/chrome/trunk/src/net/base/transport_security_state.cc
-     for the list of preloads.  Sites are added to the Chromium HSTS
-     preload list on request from their administrators, so HTTPS should
-     work properly everywhere on this site.
- 
-     Because Chromium and derived browsers automatically force HTTPS for
-     every access to this site, this rule applies only to Firefox. -->
-<ruleset name="Simon Butcher" platform="firefox">
-<target host="simon.butcher.name" />
+<ruleset name="Simon Butcher">
+	<target host="simon.butcher.name" />
 
-<securecookie host="^simon\.butcher\.name$" name=".+" />
+	<securecookie host="^simon\.butcher\.name$" name=".+" />
 
-<rule from="^http://simon\.butcher\.name/" to="https://simon.butcher.name/" />
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Simon_Swain.com.xml b/src/chrome/content/rules/Simon_Swain.com.xml
new file mode 100644
index 000000000000..d7d3210935c8
--- /dev/null
+++ b/src/chrome/content/rules/Simon_Swain.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="Simon Swain.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="simonswain.com" />
+	<target host="www.simonswain.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Simons_Foundation.org.xml b/src/chrome/content/rules/Simons_Foundation.org.xml
index 0b60b1d70d38..82480c5901cb 100644
--- a/src/chrome/content/rules/Simons_Foundation.org.xml
+++ b/src/chrome/content/rules/Simons_Foundation.org.xml
@@ -1,13 +1,16 @@
-<ruleset name="Simons Foundation.org">
+<!--
+	Started redirecting to http.
+
+-->
+<ruleset name="Simons Foundation.org" default_off="broken">
 
 	<target host="simonsfoundation.org" />
-	<target host="*.simonsfoundation.org" />
+	<target host="www.simonsfoundation.org" />
 
 
 	<securecookie host="^\.simonsfoundation\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?simonsfoundation\.org/"
-		to="https://$1simonsfoundation.org/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Simosnap.com.xml b/src/chrome/content/rules/Simosnap.com.xml
index bd007d4fe253..04458367e41a 100644
--- a/src/chrome/content/rules/Simosnap.com.xml
+++ b/src/chrome/content/rules/Simosnap.com.xml
@@ -18,7 +18,9 @@
 -->
 <ruleset name="Simosnap.com (partial)">
 
-	<target host="*.simosnap.com" />
+	<target host="community.simosnap.com" />
+	<target host="www.community.simosnap.com" />
+	<target host="developers.simosnap.com" />
 		<!--
 			.+ doesn't redirect
 						-->
diff --git a/src/chrome/content/rules/Simple-Talk.xml b/src/chrome/content/rules/Simple-Talk.xml
index 57f598aac6e9..1f3926dcfcc6 100644
--- a/src/chrome/content/rules/Simple-Talk.xml
+++ b/src/chrome/content/rules/Simple-Talk.xml
@@ -1,16 +1,23 @@
-<ruleset name="Simple Talk (partial)">
+<!--
+	Insecure cookies are set for these hosts:
+
+		- www.simple-talk.com
+
+-->
+<ruleset name="Simple Talk.com (partial)">
 
 	<target host="simple-talk.com" />
 	<target host="www.simple-talk.com" />
 
 
-	<securecookie host="^www\.simple-talk\.com$" name=".*" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.simple-talk\.com$" name="^(CommunityServer-LastVisitUpdated-\d+|CommunityServer-UserCookie\d+)$" /-->
+
+	<securecookie host="^www\.simple-talk\.com$" name=".+" />
 
 
-	<!--	- !www 404s over https
-		- !www redirects to www over http
-			-->
-	<rule from="^https?://(?:www\.)?simple-talk\.com/"
-		to="https://www.simple-talk.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Simple.com.xml b/src/chrome/content/rules/Simple.com.xml
index dfc0905194a2..07571fccd500 100644
--- a/src/chrome/content/rules/Simple.com.xml
+++ b/src/chrome/content/rules/Simple.com.xml
@@ -1,16 +1,17 @@
-<!-- This rule was automatically generated based on an HSTS
-     preload rule in the Chromium browser.  See
-     https://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.h
-     for the list of preloads.  Sites are added to the Chromium HSTS
-     preload list on request from their administrators, so HTTPS should
-     work properly everywhere on this site.
+<ruleset name="Simple.com">
 
-     Because Chromium and derived browsers automatically force HTTPS for
-     every access to this site, this rule applies only to Firefox. -->
-<ruleset name="Simple.com" platform="firefox">
-<target host="bank.simple.com" />
+	<!--	Direct rewrites:
+				-->
+	<target host="simple.com" />
+	<target host="bank.simple.com" />
+	<target host="fj.simple.com" />
+	<target host="status.simple.com" />
+	<target host="www.simple.com" />
 
-<securecookie host="^bank\.simple\.com$" name=".+" />
 
-<rule from="^http://bank\.simple\.com/" to="https://bank.simple.com/" />
+	<securecookie host="^bank\.simple\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/SimpleFIN.org.xml b/src/chrome/content/rules/SimpleFIN.org.xml
new file mode 100644
index 000000000000..a0251eecafc1
--- /dev/null
+++ b/src/chrome/content/rules/SimpleFIN.org.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .simplefin.org
+
+-->
+<ruleset name="SimpleFIN.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="simplefin.org" />
+	<target host="bridge.simplefin.org" />
+	<target host="www.simplefin.org" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.simplefin\.org$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SimpleReach.com.xml b/src/chrome/content/rules/SimpleReach.com.xml
index 80bfa5c251a6..da2c0b6311f7 100644
--- a/src/chrome/content/rules/SimpleReach.com.xml
+++ b/src/chrome/content/rules/SimpleReach.com.xml
@@ -12,7 +12,8 @@
 <ruleset name="SimpleReach.com">
 
 	<target host="simplereach.com" />
-	<target host="*.simplereach.com" />
+	<target host="www.simplereach.com" />
+	<target host="cc.simplereach.com" />
 
 
 	<securecookie host="^(?:www)?\.simplereach\.com$" name=".+" />
@@ -21,7 +22,6 @@
 	<rule from="^http://(?:www\.)?simplereach\.com/"
 		to="https://www.simplereach.com/" />
 
-	<rule from="^http://cc\.simplereach\.com/"
-		to="https://cc.simplereach.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Simple_Pickup.xml b/src/chrome/content/rules/Simple_Pickup.xml
index ee85e7e05158..6decbba483d6 100644
--- a/src/chrome/content/rules/Simple_Pickup.xml
+++ b/src/chrome/content/rules/Simple_Pickup.xml
@@ -7,13 +7,12 @@
 <ruleset name="Simple Pickup (partial)">
 
 	<target host="simplepickup.com" />
-	<target host="*.simplepickup.com" />
+	<target host="www.simplepickup.com" />
 
 
 	<securecookie host="^(?:w*\.)?simplepickup\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?simplepickup\.com/"
-		to="https://$1simplepickup.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Simple_Share_Buttons.com.xml b/src/chrome/content/rules/Simple_Share_Buttons.com.xml
new file mode 100644
index 000000000000..fbfa37547134
--- /dev/null
+++ b/src/chrome/content/rules/Simple_Share_Buttons.com.xml
@@ -0,0 +1,32 @@
+<!--
+	CDN buckets:
+
+		- simplesharebuttons-skittlwebsolutio.netdna-ssl.com
+
+
+	Insecure cookies are set for these hosts:
+
+		- simplesharebuttons.com
+		- www.simplesharebuttons.com
+
+-->
+<ruleset name="Simple Share Buttons.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="simplesharebuttons.com" />
+	<target host="www.simplesharebuttons.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?simplesharebuttons\.com$" name="^(PHPSESSID|edd_items_in_cart|edd_user_history|mc_session_ids\[default\]|mc_session_ids\[multi\]\[[0-4]\])$" /-->
+	<!--securecookie host="^www\.simplesharebuttons\.com$" name="^edd_user_history$" /-->
+
+	<securecookie host="^(?:www\.)?simplesharebuttons\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Simplebooklet.com.xml b/src/chrome/content/rules/Simplebooklet.com.xml
index 1ec2350512d4..d117a93c4d32 100644
--- a/src/chrome/content/rules/Simplebooklet.com.xml
+++ b/src/chrome/content/rules/Simplebooklet.com.xml
@@ -13,13 +13,13 @@
 <ruleset name="simplebooklet.com (partial)">
 
 	<target host="simplebooklet.com" />
-	<target host="*.simplebooklet.com" />
+	<target host="edu.simplebooklet.com" />
+	<target host="www.simplebooklet.com" />
 
 
 	<securecookie host="^(?:edu\.)?simplebooklet\.com$" name=".+" />
 
 
-	<rule from="^http://(edu\.|www\.)?simplebooklet\.com/"
-		to="https://$1simplebooklet.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Simplekb.com.xml b/src/chrome/content/rules/Simplekb.com.xml
new file mode 100644
index 000000000000..baa1561e480f
--- /dev/null
+++ b/src/chrome/content/rules/Simplekb.com.xml
@@ -0,0 +1,24 @@
+<!--
+	For other Namecheap coverage, see NameCheap.xml.
+
+-->
+<ruleset name="simplekb.com">
+
+	<target host="simplekb.com" />
+	<target host="*.simplekb.com" />
+
+		<test url="http://namecheap.simplekb.com/" />
+		<test url="http://web-hosting.simplekb.com/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="client_domain\.simplkb\.com$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^[\w-]+\.simplekb\.com$" name=".+" />
+
+
+	<rule from="^http://([\w-]+\.)?simplekb\.com/"
+		to="https://$1simplekb.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Simpli.fi.xml b/src/chrome/content/rules/Simpli.fi.xml
index 2e0a2ad046bc..6777efcfdcfc 100644
--- a/src/chrome/content/rules/Simpli.fi.xml
+++ b/src/chrome/content/rules/Simpli.fi.xml
@@ -1,27 +1,84 @@
 <!--
-	Nonfunctional subdomains:
+	Cert expired:
+		- ciscoasa.simpli.fi
 
-		- (www.)	(refused)
+	Chain issues:
+		- app-dev.simpli.fi
+		- s6.simpli.fi
+		- wwwdev.simpli.fi
 
+	Connection refused:
+		- dcfs.simpli.fi
+		- ftp.simpli.fi
+		- smtp.simpli.fi
+	TLS error:
+		- calendar.simpli.fi
+		- groups.simpli.fi
+		- mail.simpli.fi
+		- sites.simpli.fi
 
-	Fully covered subdomains:
-
-		- app
-		- i
+	Cert mismatch:
+		- eur.ads.simpli.fi
+		- east.ads.simpli.fi
+		- west.ads.simpli.fi
+		- east.bids.simpli.fi
+		- west.bids.simpli.fi
+		- fwgw.simpli.fi
+		- tc2.gs.simpli.fi
+		- east.i.simpli.fi
+		- china.i.simpli.fi
+		- eur.i.simpli.fi
+		- west.i.simpli.fi
+		- origin.simpli.fi
 
+	Timeout:
+		- dalit1.simpli.fi
+		- dashboard.simpli.fi
+		- mon.simpli.fi
 -->
 <ruleset name="Simpli.fi (partial)">
 
-	<target host="*.simpli.fi" />
-
+	<target host="simpli.fi" />
+	<target host="www.simpli.fi" />
 
-	<!--	Tracking cookies set by i:
-						-->
-	<securecookie host="^\.simpli\.fi$" name="^uid(?:_syncd)?$" />
-	<securecookie host="^app\.simpli\.fi$" name=".+" />
+	<target host="ads.simpli.fi" />
+	<target host="adspreview.simpli.fi" />
+	<target host="alderaan.simpli.fi" />
+	<target host="app.simpli.fi" />
+	<target host="app2.simpli.fi" />
+	<target host="asiaads.simpli.fi" />
+	<target host="bespin.simpli.fi" />
+	<target host="beta.simpli.fi" />
+	<target host="bullseye.simpli.fi" />
+	<target host="cdn.simpli.fi" />
+	<target host="cdnpixel.simpli.fi" />
+	<target host="centralads.simpli.fi" />
+	<target host="corellia.simpli.fi" />
+	<target host="coruscant.simpli.fi" />
+	<target host="cwe.simpli.fi" />
+	<target host="cww.simpli.fi" />
+	<target host="dagobah.simpli.fi" />
+	<target host="dccgen1.simpli.fi" />
+	<target host="dckawa.simpli.fi" />
+	<target host="dcuidev1.simpli.fi" />
+	<target host="eastevents.simpli.fi" />
+	<target host="endor.simpli.fi" />
+	<target host="eurads.simpli.fi" />
+	<target host="events.simpli.fi" />
+	<target host="gs.simpli.fi" />
+	<target host="hoth.simpli.fi" />
+	<target host="hub.simpli.fi" />
+	<target host="i.simpli.fi" />
+	<target host="kamino.simpli.fi" />
+	<target host="kawa.simpli.fi" />
+	<target host="kessel.simpli.fi" />
+	<target host="optout.simpli.fi" />
+	<target host="pme.simpli.fi" />
+	<target host="tag.simpli.fi" />
 
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(app|i)\.simpli\.fi/"
-		to="https://$1.simpli.fi/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Simply-Hired-clients.xml b/src/chrome/content/rules/Simply-Hired-clients.xml
index 766c68b6120d..a340daf6c39d 100644
--- a/src/chrome/content/rules/Simply-Hired-clients.xml
+++ b/src/chrome/content/rules/Simply-Hired-clients.xml
@@ -1,21 +1,16 @@
 <!--	for Simply Hired clients which have no other mismatched rules
 -->
-<ruleset name="Simply Hired clients" default_off="mismatch">
+<ruleset name="Simply Hired clients" default_off="mismatched">
 
-	<!--	*.jobamatic.com	-->
-	<target host="jobs.businessinsider.com" />
 	<target host="jobs.datacenterknowledge.com"/>
-	<target host="jobs.nodejs.org"/>
 	<target host="jobs.pcworld.com" />
 		<!--	handled in DataCenterKnowledge.xml & PCWorld.xml.	-->
 		<exclusion pattern="^http://jobs\.(datacenterknowledge|pcworld)\.com/c/"/>
 
-
 	<!--	is cross-domain cookie used on unsecure pages?	-->
-	<securecookie host="^jobs\.(datacenterknowledge|nodejs|pcworld)\.org$" name=".*"/>
-
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://jobs\.(businessinsider|datacenterknowledge|nodejs|pcworld)\.com/"
-		to="https://jobs.$1.com/"/>
+	<rule from="^http:"
+		to="https:"/>
 
 </ruleset>
diff --git a/src/chrome/content/rules/Simply-Hired.xml b/src/chrome/content/rules/Simply-Hired.xml
index 632c1a05642f..d6c2962b84ff 100644
--- a/src/chrome/content/rules/Simply-Hired.xml
+++ b/src/chrome/content/rules/Simply-Hired.xml
@@ -1,28 +1,157 @@
-<!--	!functional:
-		- blog
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.simplyhired.com/blog => https://www.simplyhired.com/blog: (7, 'Failed to connect to www.simplyhired.com port 443: Connection refused')
+Fetch error: http://blog.simplyhired.com/?f => https://www.simplyhired.com/blog: (7, 'Failed to connect to www.simplyhired.com port 443: Connection refused')
+Fetch error: http://blog.simplyhired.com/?o => https://www.simplyhired.com/blog: (7, 'Failed to connect to www.simplyhired.com port 443: Connection refused')
+Fetch error: http://blog.simplyhired.com//?o => https://www.simplyhired.com/blog: (7, 'Failed to connect to www.simplyhired.com port 443: Connection refused')
+Fetch error: http://blog.simplyhired.com/?b => https://www.simplyhired.com/blog: (7, 'Failed to connect to www.simplyhired.com port 443: Connection refused')
+Fetch error: http://blog.simplyhired.com/index.htm => https://www.simplyhired.com/blog/expired: (7, 'Failed to connect to www.simplyhired.com port 443: Connection refused')
+Fetch error: http://blog.simplyhired.com/index.php => https://www.simplyhired.com/blog/expired: (7, 'Failed to connect to www.simplyhired.com port 443: Connection refused')
+Fetch error: http://simplyhired.com/ => https://simplyhired.com/: (7, 'Failed to connect to simplyhired.com port 443: Connection refused')
+Fetch error: http://ads.simplyhired.com/ => https://ads.simplyhired.com/: (7, 'Failed to connect to ads.simplyhired.com port 443: Connection refused')
+Fetch error: http://api.simplyhired.com/ => https://api.simplyhired.com/: (7, 'Failed to connect to api.simplyhired.com port 443: Connection refused')
+Fetch error: http://www.simplyhired.com/ => https://www.simplyhired.com/: (7, 'Failed to connect to www.simplyhired.com port 443: Connection refused')
+Fetch error: http://blog.simplyhired.com/ => https://www.simplyhired.com/blog: (7, 'Failed to connect to www.simplyhired.com port 443: Connection refused')
+
+	Other SimplyHired rulesets:
+
+		- Job_a_matic.com.xml
+		- Simply-Partner.com.xml
+
+
+	Nonfunctional hosts in *simplyhired.com:
+
+		- support *
+
+	* Zendesk
+
+
+	Problematic hosts in *simplyhired.com:
+
+		- blog ¹
+		- employers ² ³
+
+	¹ Handshake fails
+	² Mixed css
+	³ Pardot
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .simplyhired.com
+		- ads.simplyhired.com
+		- employers.simplyhired.com
+		- www.simplyhired.com
+
+
+	Mixed content:
+
+		- css, on:
+
+			- employers from bit.ly *
+			- employers from fonts.googleapis.com *
+			- employers from $self *
+
+		- Images, on:
+
+			- employers from bit.ly *
+			- employers from $self *
+			- www from $self *
+
+		- favicon on employers from $self *
+
+		- Bugs, on:
+
+			- www from pixel.quantserve.com *
+			- www from b.scorecardresearch.com *
+
+	* Secured by us
+
 -->
-<ruleset name="Simply Hired">
+<ruleset name="Simply Hired.com" default_off="failed ruleset test">
 
-	<target host="jobamatic.com"/>
-	<target host="*.jobamatic.com"/>
+	<!--	Direct rewrites:
+				-->
 	<target host="simplyhired.com"/>
-	<target host="*.simplyhired.com"/>
+	<target host="ads.simplyhired.com" />
+	<target host="api.simplyhired.com" />
+	<target host="www.simplyhired.com" />
+
+	<!--	Complications:
+				-->
+	<target host="blog.simplyhired.com" />
+	<target host="employers.simplyhired.com" />
+	<target host="support.simplyhired.com" />
+
+		<exclusion pattern="^http://employers\.simplyhired\.com/+(?!l/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://employers.simplyhired.com/customers" />
+			<test url="http://employers.simplyhired.com/simplypost" />
+
+			<!--	-ve:
+					-->
+			<test url="http://employers.simplyhired.com/l/25542/2013-07-15/32p/25542/266/sh_logo.png" />
+
+		<exclusion pattern="^http://support\.simplyhired\.com/+(?!assets/|images/|system/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://support.simplyhired.com/anonymous_requests/new" />
+			<test url="http://support.simplyhired.com/forums" />
+			<test url="http://support.simplyhired.com/home" />
+			<test url="http://support.simplyhired.com/requests" />
+
+			<!--	-ve:
+					-->
+			<test url="http://support.simplyhired.com/images/logo-delimiter.png" />
+			<test url="http://support.simplyhired.com/system/logos/2057/8797/sh-help-logo.png" />
+
+		<!--	Mixed images from $self:
+						-->
+		<test url="http://www.simplyhired.com/blog" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.simplyhired\.com$" name="^(?:__qca|__utm\w|sh_sess|shua)$" /-->
+	<!--securecookie host="^ads\.simplyhired\.com$" name="^(?:adweb_sessionid|sh_sess|sh_uid)$" /-->
+	<!--securecookie host="^employers\.simplyhired\.com$" name="^(?:pardot|visitor_id\d+)$" /-->
+	<!--securecookie host="^www\.simplyhired\.com$" name="^(?:csrftoken|shup)$" /-->
+
+	<securecookie host="^\.simplyhired\.com$" name="^(?:__qca|__utm\w)$" />
+	<securecookie host="^(?:ads|www)\.simplyhired\.com$" name=".+" />
+
+
+	<!--	Redirect drops args
+		and forward slash:
+					-->
+	<rule from="^http://blog\.simplyhired\.com/+(?:$|\?.*)$"
+		to="https://www.simplyhired.com/blog" />
+
+		<test url="http://blog.simplyhired.com/?f" />
+		<test url="http://blog.simplyhired.com/?o" />
+		<test url="http://blog.simplyhired.com//?o" />
+		<test url="http://blog.simplyhired.com/?b" />
+
+	<!--	Redirect drops path, args,
+		and forward slash:
+					-->
+	<rule from="^http://blog\.simplyhired\.com/.*"
+		to="https://www.simplyhired.com/blog/expired" />
 
-	<securecookie host="^www\.jobamatic\.com$" name=".*"/>
-	<securecookie host="^\.simplyhired\.com$" name="^__utm\w$" />
-	<!--
-		Would it be safe to secure these?
-							-->
-	<!--securecookie host="\.www\.simplyhired\.com$" name="^(sh_sess|sh_uid)$" /-->
+		<test url="http://blog.simplyhired.com/index.htm" />
+		<test url="http://blog.simplyhired.com/index.php" />
 
-	<!--	clients have unique subdomains		-->
-	<rule from="^http://([\w\-]+\.)?jobamatic\.com/"
-		to="https://$1jobamatic.com/"/>
+	<rule from="^http://employers\.simplyhired\.com/"
+		to="https://pi.pardot.com/" />
 
-	<rule from="^http://(www\.)?simplyhired\.com/(a|c|event-logging|static)/"
-		to="https://$1simplyhired.com/$2/" />
+	<rule from="^http://support\.simplyhired\.com/"
+		to="https://simplyhired.zendesk.com/"/>
 
-	<rule from="^http://support\.simplyhired\.com/(assets|generated|images|system)/"
-                to="https://simplyhired.zendesk.com/$1/"/>
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Simply-Partner.com.xml b/src/chrome/content/rules/Simply-Partner.com.xml
new file mode 100644
index 000000000000..f22462c5e09b
--- /dev/null
+++ b/src/chrome/content/rules/Simply-Partner.com.xml
@@ -0,0 +1,33 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://simply-partner.com/ => https://simply-partner.com/: (7, 'Failed to connect to simply-partner.com port 443: Connection refused')
+Fetch error: http://www.simply-partner.com/ => https://www.simply-partner.com/: (7, 'Failed to connect to www.simply-partner.com port 443: Connection refused')
+
+	For other Simply Hired coverage, see Simply-Hired.xml.
+
+
+	Insecure cookies are set for these hosts:
+
+		- simply-partner.com
+
+-->
+<ruleset name="Simply-Partner.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="simply-partner.com" />
+	<target host="www.simply-partner.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^simply-partner\.com$" name="^(?:adweb_sessionid|csrftoken)$" /-->
+
+	<securecookie host="^simply-partner\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SimplyIslam.com.xml b/src/chrome/content/rules/SimplyIslam.com.xml
new file mode 100644
index 000000000000..526ee2550617
--- /dev/null
+++ b/src/chrome/content/rules/SimplyIslam.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="SimplyIslam.com">
+	<target host="simplyislam.com" />
+	<target host="www.simplyislam.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Simply_Business.xml b/src/chrome/content/rules/Simply_Business.xml
index 2b08c0e1e51d..ea7fd1fc5a3b 100644
--- a/src/chrome/content/rules/Simply_Business.xml
+++ b/src/chrome/content/rules/Simply_Business.xml
@@ -11,7 +11,6 @@
 	<securecookie host="^www\.simplybusiness\.co\.uk$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?simplybusiness\.co\.uk/"
-		to="https://www.simplybusiness.co.uk/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Simply_Secure.org.xml b/src/chrome/content/rules/Simply_Secure.org.xml
new file mode 100644
index 000000000000..0df6c768fe69
--- /dev/null
+++ b/src/chrome/content/rules/Simply_Secure.org.xml
@@ -0,0 +1,18 @@
+<!--
+	www: cert only matches ^m
+
+-->
+<ruleset name="Simply Secure.org">
+
+	<target host="simplysecure.org" />
+	<target host="www.simplysecure.org" />
+
+
+	<!--securecookie host="^www\.simplysecure\.org$" name="^X-Mapping-\w+$" /-->
+
+	<securecookie host="^www\.simplysecure\.org$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Simply_Technology.net.xml b/src/chrome/content/rules/Simply_Technology.net.xml
deleted file mode 100644
index 06dec36e7964..000000000000
--- a/src/chrome/content/rules/Simply_Technology.net.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	Webs bugs/ads.
-
-
-	^simplytechnology.net times out over both http and https.
-
--->
-<ruleset name="Simply Technology.net">
-
-	<target host="*.simplytechnology.net" />
-
-
-	<securecookie host="^(?:delivery|www)\.simplytechnology\.net$" name=".+" />
-
-
-	<rule from="^http://(delivery|www)\.simplytechnology\.net/"
-		to="https://$.simplytechnology.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Simquadrat.de.xml b/src/chrome/content/rules/Simquadrat.de.xml
new file mode 100644
index 000000000000..b65d0ca0dd73
--- /dev/null
+++ b/src/chrome/content/rules/Simquadrat.de.xml
@@ -0,0 +1,36 @@
+<!--
+	For other Sipgate GmbH coverage, see Sipgate.xml.
+
+
+	Nonfunctional hosts in *simquadrat.de:
+
+		- support *
+
+	* Zendesk
+
+
+	Insecure cookies are set for these hosts:
+
+		- simquadrat.de
+		- www.simquadrat.de
+
+-->
+<ruleset name="simquadrat.de (partial)">
+
+	<!--	Direct rewrites:
+				-->
+  <target host="simquadrat.de" />
+  <target host="www.simquadrat.de" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?simquadrat\.de$" name="^SERVERID$" /-->
+
+	<securecookie host="^(?:www\.)?simquadrat\.de$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Simson.net.xml b/src/chrome/content/rules/Simson.net.xml
new file mode 100644
index 000000000000..7a1cf46bed39
--- /dev/null
+++ b/src/chrome/content/rules/Simson.net.xml
@@ -0,0 +1,6 @@
+<ruleset name="Simson.net">
+	<target host="simson.net" />
+	<target host="www.simson.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Simyo.xml b/src/chrome/content/rules/Simyo.xml
index 0c4c8de21848..f334adb676f9 100644
--- a/src/chrome/content/rules/Simyo.xml
+++ b/src/chrome/content/rules/Simyo.xml
@@ -28,19 +28,24 @@
 <ruleset name="Simyo (partial)">
 
 	<target host="simyo.de" />
-	<target host="*.simyo.de" />
+	<target host="www.simyo.de" />
+	<target host="a.simyo.de" />
+	<target host="b.simyo.de" />
+	<target host="cdn.simyo.de" />
+	<target host="handyshop.simyo.de" />
+	<target host="m.simyo.de" />
+	<target host="sync.simyo.de" />
 
 
 	<securecookie host="^.*\.simyo\.de$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?simyo\.de/"
+	<rule from="^http://(?:www\.)?simyo\.de/"
 		to="https://www.simyo.de/" />
 
-	<rule from="^https?://a\.simyo\.de/"
+	<rule from="^http://a\.simyo\.de/"
 		to="https://simyo-de.122.2o7.net/" />
 
-	<rule from="^http://(b|cdn|handyshop|m|sync)\.simyo\.de/"
-		to="https://$1.simyo.de/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Sina-problematic.xml b/src/chrome/content/rules/Sina-problematic.xml
deleted file mode 100644
index b0ad6286df55..000000000000
--- a/src/chrome/content/rules/Sina-problematic.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<!--
-	For rules that are on by default, see Sina.xml.
-
--->
-<ruleset name="Sina.com.cn (problematic)" default_off="mismatch">
-
-	<target host="qdomain-saenew.stor.sinaapp.com" />
-
-
-	<rule from="^http://qdomain-saenew\.stor\.sinaapp\.com/"
-		to="https://qdomain-saenew.stor.sinaapp.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Sina.cn-mixedcontent.xml b/src/chrome/content/rules/Sina.cn-mixedcontent.xml
new file mode 100644
index 000000000000..a5765f65e434
--- /dev/null
+++ b/src/chrome/content/rules/Sina.cn-mixedcontent.xml
@@ -0,0 +1,10 @@
+<!--
+	For rules not causing mixed content, see Sina.cn.xml.
+-->
+<ruleset name="Sina.cn-mixedcontent" platform="mixedcontent">
+	<target host="global.sina.cn" />
+	<target host="h5.sina.cn" />
+	<!--target host="story.sina.cn" /--><!--Timeout by Tor-->
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Sina.cn.xml b/src/chrome/content/rules/Sina.cn.xml
new file mode 100644
index 000000000000..5e7b068e0ab3
--- /dev/null
+++ b/src/chrome/content/rules/Sina.cn.xml
@@ -0,0 +1,61 @@
+<!--
+	For other Sina coverage, see Sina.com.cn.xml.
+
+	MCB: Sina.cn-mixedcontent.xml
+
+	Invalid certificate:
+		https://data.auto.sina.cn
+		https://h5.games.sina.cn
+		https://ent.v.sina.cn
+-->
+<ruleset name="Sina.cn">
+	<target host="sina.cn" />
+	<target host="www.sina.cn" />
+	<target host="i.apps.sina.cn" />
+		<test url="http://i.apps.sina.cn/tqt/zip/TianQiTong_3.76_free.apk" />
+	<target host="ast.sina.cn" />
+	<target host="auto.sina.cn" />
+	<target host="bbs.auto.sina.cn" />
+	<target host="db.auto.sina.cn" />
+	<target host="s.auto.sina.cn" />
+	<target host="blog.sina.cn" />
+	<target host="book.sina.cn" />
+	<target host="cre.dp.sina.cn" />
+		<test url="http://cre.dp.sina.cn/api/v3/get" />
+	<target host="cul.sina.cn" />
+	<target host="r.dmp.sina.cn" />
+		<test url="http://r.dmp.sina.cn/cm/sinaads_ck_wap.js" />
+	<target host="eladies.sina.cn" />
+	<target host="ent.sina.cn" />
+	<target host="fashion.sina.cn" />
+	<target host="games.sina.cn" />
+	<target host="interface.sina.cn" />
+		<test url="http://interface.sina.cn/wap_api/wap_rollback_blacklist.d.json" />
+	<target host="jmqmil.sina.cn" />
+	<target host="k.sina.cn" />
+		<test url="http://k.sina.cn/article_6086156539_m16ac360fb03300kj8s.html" />
+	<target host="lives.sina.cn" />
+	<target host="mail.sina.cn" />
+		<test url="http://mail.sina.cn/?vt=3" />
+	<target host="mil.sina.cn" />
+	<target host="nba.sina.cn" />
+	<target host="news.sina.cn" />
+	<target host="passport.sina.cn" />
+		<test url="http://passport.sina.cn/signin/signin" />
+	<target host="photo.sina.cn" />
+	<target host="quotes.sina.cn" />
+	<target host="sky.sina.cn" />
+	<target host="so.sina.cn" />
+		<test url="http://so.sina.cn/push.d.json" />
+	<target host="stocks.sina.cn" />
+	<target host="video.sina.cn" />
+
+	<!--	Provinces and Cities:	-->
+	<target host="gd.sina.cn" />
+		<target host="shenzhen.sina.cn" />
+	<target host="henan.sina.cn" />
+	<target host="jiangsu.sina.cn" />
+	<target host="ln.sina.cn" />
+	
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Sina.com.cn-mixedcontent.xml b/src/chrome/content/rules/Sina.com.cn-mixedcontent.xml
new file mode 100644
index 000000000000..2ec9824b708d
--- /dev/null
+++ b/src/chrome/content/rules/Sina.com.cn-mixedcontent.xml
@@ -0,0 +1,37 @@
+<!--
+	Related rulesets:
+		- Sina.com.cn.xml
+-->
+<ruleset name="Sina.com.cn-mixedcontent" platform="mixedcontent">
+	<target host="dealer.auto.sina.com.cn" />
+	<target host="book.sina.com.cn" />
+	<target host="city.sina.com.cn" />
+	<target host="i.finance.sina.com.cn" />
+	<target host="live.finance.sina.com.cn" />
+	<target host="fund.sina.com.cn" />
+		<!--test url="http://fund.sina.com.cn/competition/2016/" /--><!--404: https://travis-ci.org/EFForg/https-everywhere/jobs/431922520#L685-->
+	<target host="green.sina.com.cn" />
+	<target host="guba.sina.com.cn" />
+	<target host="health.sina.com.cn" />
+	<target host="help.sina.com.cn" />
+	<target host="history.sina.com.cn" />
+		<test url="http://history.sina.com.cn/photo/" />
+	<target host="my.sina.com.cn" />
+	<target host="news.sina.com.cn" />
+		<test url="http://news.sina.com.cn/gov/zt/xjpbdj/" />
+		<test url="http://news.sina.com.cn/c/nd/2015-10-19/doc-ifxivsch3685302.shtml" />
+	<target host="mil.news.sina.com.cn" />
+	<target host="roll.news.sina.com.cn" />
+	<target host="sky.news.sina.com.cn" />
+	<target host="photo.sina.com.cn" />
+	<target host="publish.sina.com.cn" />
+		<test url="http://publish.sina.com.cn/ent/starshoot4/" />
+	<!--target host="sea.sina.com.cn" /--><!--CI test time out: https://travis-ci.org/EFForg/https-everywhere/jobs/431858541#L688 -->
+	<target host="match.sports.sina.com.cn" />
+	<target host="sh.sina.com.cn" />
+	<target host="sx.sina.com.cn" />
+	<target host="weather.sina.com.cn" />
+	<target host="zhuanlan.sina.com.cn" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Sina.com.cn.xml b/src/chrome/content/rules/Sina.com.cn.xml
new file mode 100644
index 000000000000..92181efeb9aa
--- /dev/null
+++ b/src/chrome/content/rules/Sina.com.cn.xml
@@ -0,0 +1,189 @@
+<!--
+	Other Sina rulesets:
+		- Sina.com.cn-mixedcontent.xml
+		- Sina.cn.xml
+		- Sina.cn-mixedcontent.xml
+		- SinaApp.com.xml
+		- SinaCloud.com.xml
+		- Sinaimg.cn.xml
+		- SinaJS.cn.xml
+		- Sinastorage.com.xml
+		- Weibo.cn.xml
+		- Weibo.com.xml
+		- WeiboPay.com.xml
+
+	Break sina flash videos:
+		ask.ivideo.sina.com.cn
+		edge.ivideo.sina.com.cn
+		comment5.news.sina.com.cn
+		s.video.sina.com.cn
+
+	MCB:
+		dealer.auto.sina.com.cn
+		book.sina.com.cn
+		city.sina.com.cn
+		csl.sina.com.cn			( https://csl.sina.com.cn/2010award/ )
+		fund.sina.com.cn		( https://fund.sina.com.cn/competition/2016/ )
+		green.sina.com.cn
+		guba.sina.com.cn
+		health.sina.com.cn
+		help.sina.com.cn/$
+		history.sina.com.cn		( https://history.sina.com.cn/photo/ )
+		i.finance.sina.com.cn
+		ka.sina.com.cn
+		licaishi.sina.com.cn	( https://licaishi.sina.com.cn/web/match?act=1 )
+		s3.licaishi.sina.com.cn	( https://s3.licaishi.sina.com.cn/180817/2238208671.png )
+		my.sina.com.cn
+		news.sina.com.cn
+		mil.news.sina.com.cn
+		roll.news.sina.com.cn
+		sky.news.sina.com.cn
+		slide.news.sina.com.cn
+		photo.sina.com.cn
+		publish.sina.com.cn		( https://publish.sina.com.cn/ent/starshoot4/ )
+		sea.sina.com.cn
+		match.sports.sina.com.cn
+		sh.sina.com.cn
+		sx.sina.com.cn
+		weather.sina.com.cn
+		zhuanlan.sina.com.cn
+
+		mail.sina.net
+
+	Invalid certificate:
+		ad4.sina.com.cn
+		down.apps.sina.com.cn		( https://down.apps.sina.cn/sinasrc/20/72/0e94867fafb79582d7af86f9bcf87220.apk )
+		s.auto.sina.com.cn
+		comet.blog.sina.com.cn
+		campus.sina.com.cn
+		int.dpool.sina.com.cn		( https://int.dpool.sina.com.cn/iplookup/iplookup.php?format=js )
+		edu.sina.com.cn
+		eladies.sina.com.cn
+		esf.sina.com.cn
+		slide.gongyi.sina.com.cn
+		slide.history.sina.com.cn
+		house.sina.com.cn
+		weblog.house.sina.com.cn	( https://weblog.house.sina.com.cn/dcs8axv0g10000oe7asc741a1_9n3x/wtid.js )
+		src.house.sina.com.cn
+		jiaju.sina.com.cn
+		s.img.mix.sina.com.cn
+		storage.slide.news.sina.com.cn
+		rm.sina.com.cn
+		blog.sae.sina.com.cn
+		e.sae.sina.com.cn
+		static.sae.sina.com.cn		( https://static.sae.sina.com.cn/image/poweredby/poweredby.png )
+		saet.sina.com.cn
+		show.sina.com.cn
+		t.sina.com.cn
+		video.vic.sina.com.cn
+		p.you.video.sina.com.cn		( Only avaiable in China. It's https will break sina videos to play even in China. )
+		rcd.video.sina.com.cn
+		zhongyi.sina.com.cn
+		home.zhuanlan.com.cn
+
+		s2.sae.sinacdn.com
+		www.sae.sinacdn.com
+
+	Too many redirectors: 		https://github.com/ywdblog/certbot-letencrypt-wildcardcertificates-alydns-au/issues/9#issuecomment-414920628
+		2008mail.sina.com.cn
+		mail2008.sina.com.cn	https://travis-ci.org/EFForg/https-everywhere/jobs/432043482#L684
+
+	Handshake failed:
+		d[0-9].sina.com.cn
+
+	Timed out:
+		blog.sina.com.cn
+
+		ads.sina.com.hk
+-->
+<ruleset name="Sina.com.cn">
+	<target host="sina.com.cn" />
+	<target host="www.sina.com.cn" />
+	<target host="api.sina.com.cn" />
+	<target host="app.sina.com.cn" />
+	<target host="astro.sina.com.cn" />
+	<target host="auto.sina.com.cn" />
+	<target host="baby.sina.com.cn" />
+	<target host="bbs.sina.com.cn" />
+	<target host="beacon.sina.com.cn" />
+	<!-- https://github.com/ywdblog/certbot-letencrypt-wildcardcertificates-alydns-au/issues/9#issuecomment-414920628 -->
+		<exclusion pattern="^http://beacon\.sina\.com\.cn/$" />
+		<test url="http://beacon.sina.com.cn/a.gif" />
+	<target host="client.sina.com.cn" />
+		<test url="http://client.sina.com.cn/2015emarketing/" />
+	<target host="collection.sina.com.cn" />
+	<target host="corp.sina.com.cn" />
+	<target host="cs.sina.com.cn" />
+		<test url="http://cs.sina.com.cn/minisite/2007gongyi/images/cn_zty_g.jpg" />
+	<target host="d00.sina.com.cn" />
+	<!--target host="d0.sina.com.cn" />
+	<target host="d1.sina.com.cn" />
+	<target host="d2.sina.com.cn" />
+	<target host="d3.sina.com.cn" />
+	<target host="d4.sina.com.cn" />
+	<target host="d5.sina.com.cn" />
+	<target host="d6.sina.com.cn" />
+	<target host="d7.sina.com.cn" />
+	<target host="d8.sina.com.cn" />
+	<target host="d9.sina.com.cn" />
+		<test url="http://d9.sina.com.cn/litong/zhitou/sinaads/release/sinaads.js" /-->
+	<target host="emarketing.sina.com.cn" />
+	<target host="ent.sina.com.cn" />
+	<target host="fashion.sina.com.cn" />
+	<target host="finance.sina.com.cn" />
+	<target host="fo.sina.com.cn" />
+	<target host="golf.sina.com.cn" />
+	<target host="games.sina.com.cn" />
+	<target host="swf.games.sina.com.cn" />
+	<target host="gongyi.sina.com.cn" />
+	<target host="image2.sina.com.cn" />
+		<test url="http://image2.sina.com.cn/home/images/tz-002.gif" />
+	<target host="iask.sina.com.cn" />
+	<target host="p.ivideo.sina.com.cn" />
+	<target host="p1.ivideo.sina.com.cn" />
+	<target host="p2.ivideo.sina.com.cn" />
+	<target host="p3.ivideo.sina.com.cn" />
+	<target host="p4.ivideo.sina.com.cn" />
+	<target host="live.sina.com.cn" />
+	<target host="login.sina.com.cn" />
+		<test url="http://login.sina.com.cn/crossdomain2.php?action=login" />
+	<target host="lottery.sina.com.cn" />
+	<target host="m.sina.com.cn" />
+	<target host="mail.sina.com.cn" />
+	<target host="members.sina.com.cn" />
+	<target host="mobile.sina.com.cn" />
+	<target host="pay.sina.com.cn" />
+	<target host="help.pay.sina.com.cn" />
+	<target host="merchant.pay.sina.com.cn" />
+	<target host="pfp.sina.com.cn" />
+		<test url="http://pfp.sina.com.cn/sinanews.html" />
+	<target host="rss.sina.com.cn" />
+	<target host="sae.sina.com.cn" />
+	<target host="sax.sina.com.cn" />
+		<test url="http://sax.sina.com.cn/view" />
+	<target host="saxs.sina.com.cn" />
+		<test url="http://saxs.sina.com.cn/view" />
+	<target host="sbeacon.sina.com.cn" />
+	<!-- https://github.com/ywdblog/certbot-letencrypt-wildcardcertificates-alydns-au/issues/9#issuecomment-414920628 -->
+		<exclusion pattern="^http://sbeacon\.sina\.com\.cn/$" />
+		<test url="http://sbeacon.sina.com.cn/a.gif" />
+	<target host="sports.sina.com.cn" />
+	<target host="i.sso.sina.com.cn" />
+		<test url="http://i.sso.sina.com.cn/images/login/thumb_default.png" />
+		<test url="http://i.sso.sina.com.cn/js/ssologin.js" />
+	<target host="api.t.sina.com.cn" />
+		<test url="http://api.t.sina.com.cn/short_url/shorten.xml" />
+		<test url="http://api.t.sina.com.cn/statuses/user_timeline.json" />
+	<target host="tech.sina.com.cn" />
+	<target host="travel.sina.com.cn" />
+	<target host="video.sina.com.cn" />
+	<target host="count.video.sina.com.cn" />
+	<target host="so.video.sina.com.cn" />
+		<test url="http://so.video.sina.com.cn/interface/top10" />
+	<target host="vip.sina.com.cn" />
+	<target host="open.weather.sina.com.cn" />
+	<target host="woocall.sina.com.cn" />
+	<target host="zhongce.sina.com.cn" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Sina.is.xml b/src/chrome/content/rules/Sina.is.xml
new file mode 100644
index 000000000000..5f134a417d18
--- /dev/null
+++ b/src/chrome/content/rules/Sina.is.xml
@@ -0,0 +1,18 @@
+<!--
+	Insecure cookies are set for these domains:
+		- .sina.is
+
+	Mixed content:
+		- css from (ajax|fonts).googleapis.com *
+	* Secured by us
+-->
+
+<ruleset name="Sina.is">
+
+	<target host="sina.is" />
+	<target host="www.sina.is" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Sina.xml b/src/chrome/content/rules/Sina.xml
deleted file mode 100644
index f850d1b9f5ef..000000000000
--- a/src/chrome/content/rules/Sina.xml
+++ /dev/null
@@ -1,72 +0,0 @@
-<!--
-	For problematic rules, see Sina-problematic.xml.
-
-
-	Other Sina rulesets:
-
-		- Sina_App.xml
-		- Sina_Weibo.xml
-
-
-	CDN buckets:
-
-		- sinajs.csglb.txcdn.cn
-
-			- simg.sinajs.cn
-			- timg.sjs.sinajs.cn
-
-
-	Nonfunctional domains:
-
-		- sina.com.cn subdomains:
-
-			- ad4 *
-			- campus
-			- d1		(reset)
-			- ent		(403; mismatched, CN: *.pantherssl.com)
-			- green **
-			- help **
-			- mail **
-			- t **
-			- tech *
-
-		- s2.sae.sinacdn.com
-		- www.sae.sinacdn.com
-		- i[01].sinaimg.cn	(403; mismatched, CN: support3.cdnetworks.net)
-		- ww1.sinaimg.cn ***
-		- www.sinaimg.cn	(reset)
-
-		- sinajs.cn subdomains:
-
-			- hits **
-			- rs **
-			- simg *
-			- timg.sjs *
-			- tjs.sjs *
-			- img.t *
-
-	* 403; mismatched, CN: ssl2.cdngc.net
-	** Times out
-	*** Reset
-
-
-	All mixed content appears to be images.
-
--->
-<ruleset name="Sina (partial)">
-
-	<target host="samsungapps.sina.cn" />
-	<target host="*.sina.com.cn" />
-
-
-	<securecookie host="^samsungapps\.sina\.cn$" name=".+" />
-	<securecookie host="^(?:\.sae|api\.t)\.sina\.com\.cn$" name=".+" />
-
-
-	<rule from="^http://samsungapps\.sina\.cn/"
-		to="https://samsungapps.sina.cn/" />
-
-	<rule from="^http://(login|sae|api\.t)\.sina\.com\.cn/"
-		to="https://$1.sina.com.cn/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/SinaApp.com.xml b/src/chrome/content/rules/SinaApp.com.xml
new file mode 100644
index 000000000000..2a61169820ca
--- /dev/null
+++ b/src/chrome/content/rules/SinaApp.com.xml
@@ -0,0 +1,43 @@
+<!--
+	For other Sina coverage, see Sina.com.cn.xml.
+
+	Mixed content:
+		Images on ^,www from www.sae.sinacdn.com *
+	* Unsecurable <= 403
+
+	MCB:
+		greengrass.sinaapp.com
+		hiwgy.sinaapp.com
+		weihr.sinaapp.com
+
+	Invalid certificate:
+		greengrass-wordpress.stor.sinaapp.com
+		qdomain-saenew.stor.sinaapp.com
+		siukwan-wordpress.stor.sinaapp.com
+-->
+
+<ruleset name="SinaApp.com (partial)">
+
+	<!-- Complications: -->
+	<target host="greengrass.sinaapp.com" />
+		<exclusion pattern="http://greengrass\.sinaapp\.com/(?!wp-content/)" />
+		<test url="http://greengrass.sinaapp.com/wp-content/plugins/bmo-expo/css/style.css" />
+		<test url="http://greengrass.sinaapp.com/?cat=1" />
+
+	<target host="weihr.sinaapp.com" />
+		<exclusion pattern="http://weihr\.sinaapp\.com/(?!js/|images/)" />
+		<test url="http://weihr.sinaapp.com/images/jobs/logo_50x50_sinajob.jpg" />
+		<test url="http://weihr.sinaapp.com/js/jobs/jobs.js" />
+		<test url="http://weihr.sinaapp.com/jobs/about.php" />
+		<test url="http://weihr.sinaapp.com/jobs/help.php" />
+
+	<!-- Directly: -->
+	<target host="sinaapp.com" />
+	<target host="www.sinaapp.com" />
+	<target host="lib.sinaapp.com" />
+	<target host="siukwan.sinaapp.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SinaCloud.com.xml b/src/chrome/content/rules/SinaCloud.com.xml
new file mode 100644
index 000000000000..294d459a6be8
--- /dev/null
+++ b/src/chrome/content/rules/SinaCloud.com.xml
@@ -0,0 +1,28 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://blog.sinacloud.com/ => https://blog.sinacloud.com/: (35, 'error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error')
+Fetch error: http://developer2014.sinacloud.com/ => https://developer2014.sinacloud.com/: (35, 'error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error')
+Fetch error: http://gongkaike.sinacloud.com/ => https://gongkaike.sinacloud.com/: (35, 'error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error')
+
+	For other Sina coverage, see Sina.com.cn.xml.
+
+	Invalid certificate:
+		cdn.static.sinacloud.com	https://cdn.static.sinacloud.com/public/259812555.gif
+		tools.sinacloud.com
+		pma.tools.sinacloud.com	https://pma.tools.sinacloud.com/print.css
+-->
+
+<ruleset name="SinaCloud.com" default_off="failed ruleset test">
+	<target host="sinacloud.com" />
+	<target host="www.sinacloud.com" />
+	<target host="ba.sinacloud.com" />
+	<target host="blog.sinacloud.com" />
+	<target host="developer2014.sinacloud.com" />
+	<target host="gongkaike.sinacloud.com" />
+	<target host="sc2.sinacloud.com" />
+	<target host="sec.sinacloud.com" />
+	<target host="static.sinacloud.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SinaJS.cn.xml b/src/chrome/content/rules/SinaJS.cn.xml
new file mode 100644
index 000000000000..f77d31c6e7c4
--- /dev/null
+++ b/src/chrome/content/rules/SinaJS.cn.xml
@@ -0,0 +1,34 @@
+<!--
+	For other Sina coverage, see Sina.com.cn.xml.
+-->
+<ruleset name="SinaJS.cn">
+	<target host="hits.sinajs.cn" />
+	<target host="hq.sinajs.cn" />
+		<test url="http://hq.sinajs.cn/list=s_sh000001" />
+	<target host="image.sinajs.cn" />
+		<test url="http://image.sinajs.cn/newchart/v5/usstock/min_idx_n1/.ixic.gif" />
+		<test url="http://image.sinajs.cn/newchart/v5/futures/global/mint/CL.gif" />
+	<target host="rs.sinajs.cn" />
+	<target host="simg.sinajs.cn" />
+	<target host="sjs.sinajs.cn" />
+	<target host="timg.sjs.sinajs.cn" />
+	<target host="tjs.sjs.sinajs.cn" />
+		<test url="http://tjs.sjs.sinajs.cn/open/api/js/wb.js" />
+	<target host="sjs0.sinajs.cn" />
+	<target host="sjs1.sinajs.cn" />
+	<target host="sjs2.sinajs.cn" />
+	<target host="sjs3.sinajs.cn" />
+	<target host="img.t.sinajs.cn" />
+		<test url="http://img.t.sinajs.cn/open/api/js/wb.js" />
+	<target host="js.t.sinajs.cn" />
+		<test url="http://js.t.sinajs.cn/open/api/js/wb.js" />
+	<target host="js1.t.sinajs.cn" />
+		<test url="http://js1.t.sinajs.cn/t5/register/js/v6/pl/register/loginBox/index.js" />
+	<target host="js2.t.sinajs.cn" />
+	<target host="js3.t.sinajs.cn" />
+	<target host="jss.t.sinajs.cn" />
+
+	<securecookie host="^\w" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Sina_App.xml b/src/chrome/content/rules/Sina_App.xml
deleted file mode 100644
index 445dcd3f9427..000000000000
--- a/src/chrome/content/rules/Sina_App.xml
+++ /dev/null
@@ -1,31 +0,0 @@
-<!--
-	For other Sina coverage, see Sina.xml.
-
-
-	Nonfunctional subdomains:
-
-		- lib
-
-
-	Problematic subdomains:
-
-		- qdomain-saenew.stor		(works, depth mismatch)
-
-
-	Mixed css from img.t.sinajs.cn
-
--->
-<ruleset name="Sina App (partial)" platform="mixedcontent">
-
-	<target host="sinaapp.com" />
-	<target host="*.sinaapp.com" />
-		<exclusion pattern="^http://lib\." />
-
-
-	<securecookie host="^(?:.+\.)?sinaapp\.com$" name=".+" />
-
-
-	<rule from="^http://([\w-]+\.)?sinaapp\.com/"
-		to="https://$1sinaapp.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Sina_Weibo.xml b/src/chrome/content/rules/Sina_Weibo.xml
deleted file mode 100644
index 0126416a37c2..000000000000
--- a/src/chrome/content/rules/Sina_Weibo.xml
+++ /dev/null
@@ -1,78 +0,0 @@
-<!--
-	For other Sina coverage, see Sina.xml.
-
-
-	CDN buckets:
-
-		- js.app.ccgslb.com.cn
-
-			- img.app.wcdn.cn
-			- img1.app.wcdn.cn
-
-		- u1.sinaimg.cn.cdngc.net
-
-
-	Nonfunctional domains:
-
-		- u1.sinaimg.cn *
-		- img.app.wcdn.cn	(403; mismatched, CN: support4.cdnetworks.net)
-		- img[12].app.wcdn.cn *
-
-		- weibo.com subdomains:
-
-			- e
-			- game
-			- open		(times out)
-			- service	(refused)
-
-	*  403; mismatched, CN: *.pantherssl.com
-
-
-	Problematic domains:
-
-		- tp2.sinaimg.cn	(reset)
-		- tp4.sinaimg.cn	(403; mismatched, CN: *.pantherssl.com)
-		- hr.weibo.com		(mismatched, CN: *.sinaapp.com)
-
-
-	Fully covered domains:
-
-		- tp[24].sinaimg.cn	(→ tpssl.weibo.cn)
-		- (www.)weibo.cn
-		- tpssl.weibo.cn
-
-		- weibo.com subdomains:
-
-			- api
-			- upload.api
-			- hr		(→ weihr.sinaapp.com)
-			- static
-
-
-	Mixed css on weihr.sinaapp.com from img.t.sinajs.cn
-
--->
-<ruleset name="Sina Weibo (partial)" platform="mixedcontent">
-
-	<target host="*.sinaimg.cn" />
-	<target host="weibo.cn" />
-	<target host="*.weibo.cn" />
-	<target host="*.weibo.com" />
-
-
-	<securecookie host="^upload\.api\.weibo\.com$" name=".+" />
-
-
-	<rule from="^http://tp\d\.sinaimg\.cn/"
-		to="https://tpssl.weibo.cn/" />
-
-	<rule from="^http://(tpssl\.|www\.)?weibo\.cn/"
-		to="https://$1weibo.cn/" />
-
-	<rule from="^http://(api|upload\.api|static)\.weibo\.com/"
-		to="https://$1.weibo.com/" />
-
-	<rule from="^http://hr\.weibo\.com/"
-		to="https://weihr.sinaapp.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Sinaimg.cn.xml b/src/chrome/content/rules/Sinaimg.cn.xml
new file mode 100644
index 000000000000..693852a12b86
--- /dev/null
+++ b/src/chrome/content/rules/Sinaimg.cn.xml
@@ -0,0 +1,172 @@
+<!--
+	For other Sina coverage, see Sina.com.cn.xml
+
+	403:
+		w(s|x)[1-4].sinaimg.cn	Equal to ww[1-4].sinaimg.cn		https://travis-ci.org/github/EFForg/https-everywhere/jobs/675233597#L465
+
+	Invalid certificate:	in China: https://github.com/ywdblog/certbot-letencrypt-wildcardcertificates-alydns-au/issues/9#issuecomment-414920628
+		henan.sinaimg.cn	https://henan.sinaimg.cn/16/2010/0604/U4314P827T16D8548F242DT20100604175637.jpg
+		i[0-3]s?.sinaimg.cn	Equal to www.sinaimg.cn
+		wwws.sinaimg.cn		Equal to www.sinaimg.cn
+-->
+<ruleset name="Sinaimg.cn">
+	<!--	Directly:	-->
+	<target host="www.sinaimg.cn" />
+	<target host="jiangxi.sinaimg.cn" />
+	<target host="sh.sinaimg.cn" />
+
+	<target host="auto.sinaimg.cn" />
+	<target host="auto1.sinaimg.cn" />
+	<target host="auto2.sinaimg.cn" />
+	<target host="auto3.sinaimg.cn" />
+	<target host="auto4.sinaimg.cn" />
+	<target host="auto5.sinaimg.cn" />
+	<target host="d0.sinaimg.cn" />
+	<target host="d1.sinaimg.cn" />
+	<target host="d2.sinaimg.cn" />
+	<target host="d3.sinaimg.cn" />
+	<target host="d4.sinaimg.cn" />
+	<target host="d5.sinaimg.cn" />
+	<target host="d6.sinaimg.cn" />
+	<target host="d7.sinaimg.cn" />
+	<target host="d8.sinaimg.cn" />
+	<target host="d9.sinaimg.cn" />
+	<target host="gongyi.sinaimg.cn" />
+	<target host="h5.sinaimg.cn" />
+	<target host="k.sinaimg.cn" />
+	<target host="ks.sinaimg.cn" />
+	<target host="mjs.sinaimg.cn" />
+	<target host="mjss.sinaimg.cn" />
+	<target host="mu1.sinaimg.cn" />
+    		<test url="http://mu1.sinaimg.cn/square.180/weiyinyue.music.sina.com.cn/wpp_cover/61522171.jpg" />
+	<target host="n.sinaimg.cn" />
+	<target host="n0.sinaimg.cn" />
+	<target host="n1.sinaimg.cn" />
+	<target host="n2.sinaimg.cn" />
+	<target host="n3.sinaimg.cn" />
+	<target host="ns.sinaimg.cn" />
+	<target host="p1.sinaimg.cn" />
+	<target host="p2.sinaimg.cn" />
+	<target host="p3.sinaimg.cn" />
+	<target host="p4.sinaimg.cn" />
+	<target host="p5.sinaimg.cn" />
+	<target host="p6.sinaimg.cn" />
+	<target host="p7.sinaimg.cn" />
+	<target host="p8.sinaimg.cn" />
+	<target host="portrait1.sinaimg.cn" />
+	<target host="portrait2.sinaimg.cn" />
+	<target host="portrait3.sinaimg.cn" />
+	<target host="portrait4.sinaimg.cn" />
+	<target host="portrait5.sinaimg.cn" />
+	<target host="portrait6.sinaimg.cn" />
+	<target host="portrait7.sinaimg.cn" />
+	<target host="portrait8.sinaimg.cn" />
+	<target host="ss1.sinaimg.cn" />
+	<target host="ss2.sinaimg.cn" />
+	<target host="ss3.sinaimg.cn" />
+	<target host="ss4.sinaimg.cn" />
+	<target host="ss5.sinaimg.cn" />
+	<target host="ss6.sinaimg.cn" />
+	<target host="ss7.sinaimg.cn" />
+	<target host="ss8.sinaimg.cn" />
+	<target host="ss9.sinaimg.cn" />
+	<target host="ss10.sinaimg.cn" />
+	<target host="ss11.sinaimg.cn" />
+	<target host="ss12.sinaimg.cn" />
+	<target host="ss13.sinaimg.cn" />
+	<target host="ss14.sinaimg.cn" />
+	<target host="ss15.sinaimg.cn" />
+	<target host="ss16.sinaimg.cn" />
+	<target host="tp1.sinaimg.cn" />
+	<target host="tp2.sinaimg.cn" />
+	<target host="tp3.sinaimg.cn" />
+	<target host="tp4.sinaimg.cn" />
+	<target host="tva1.sinaimg.cn" />
+	<target host="tva2.sinaimg.cn" />
+	<target host="tva3.sinaimg.cn" />
+	<target host="tva4.sinaimg.cn" />
+	<target host="tvax1.sinaimg.cn" />
+	<target host="tvax2.sinaimg.cn" />
+	<target host="tvax3.sinaimg.cn" />
+	<target host="tvax4.sinaimg.cn" />
+	<target host="us.sinaimg.cn" />
+	<target host="f.us.sinaimg.cn" />
+	<target host="mm.us.sinaimg.cn" />
+	<target host="ww1.sinaimg.cn" />
+	<target host="ww2.sinaimg.cn" />
+	<target host="ww3.sinaimg.cn" />
+	<target host="ww4.sinaimg.cn" />
+	<target host="z0.sinaimg.cn" />
+	<target host="z1.sinaimg.cn" />
+	<target host="z2.sinaimg.cn" />
+	<target host="z3.sinaimg.cn" />
+	<target host="z4.sinaimg.cn" />
+	<target host="z5.sinaimg.cn" />
+	<target host="z6.sinaimg.cn" />
+	<target host="z7.sinaimg.cn" />
+	<target host="z8.sinaimg.cn" />
+	<target host="z9.sinaimg.cn" />
+
+		<test url="http://www.sinaimg.cn/cj/pc/2007-10-19/32/U453P31T32D36393F1538DT20071019102225.pdf" />
+		<test url="http://www.sinaimg.cn/dy/weather/main/w2015/wt_switch2.png" />
+		<test url="http://jiangxi.sinaimg.cn/2013/0619/S92318T1371614052459.pdf" />
+		<test url="http://sh.sinaimg.cn/2014/0819/IsSh.js" />
+		<test url="http://auto.sinaimg.cn/autoimg/brand/00/00/276_3119_95.png" />
+		<test url="http://auto1.sinaimg.cn/autoimg/brand/00/00/307_7014_95.jpg" />
+		<test url="http://auto2.sinaimg.cn/autoimg/brand/00/00/272_2056_95.jpg" />
+		<test url="http://auto3.sinaimg.cn/autoimg/brand/00/00/303_4610_95.jpg" />
+		<test url="http://auto4.sinaimg.cn/autoimg/brand/00/00/16_4671_95.jpg" />
+		<test url="http://auto5.sinaimg.cn/autoimg/brand/00/00/305_5073_95.jpg" />
+		<test url="http://d0.sinaimg.cn/pfpghc/a0e6ccaf907445459a70b275444894a9.jpg" />
+		<test url="http://h5.sinaimg.cn/m/videoPlayer/js/app.c7e9c480.js" />
+		<test url="http://i0s.sinaimg.cn/dy/weather/main/index14/007/blk8_dots.gif" />
+		<test url="http://k.sinaimg.cn/n/sports/transform/20160705/8oyb-fxtsats1568094.jpg/w5707c6.jpg" />
+		<test url="http://ks.sinaimg.cn/n/ent/20161213/rIVK-fxypipt1161081.jpg/w640h320z1l50t1dcc.jpg" />
+		<test url="http://mjs.sinaimg.cn/wap/public/suda/201508041550/suda_log.min.js" />
+		<test url="http://mjss.sinaimg.cn/wap/online/home/v7/images/lz1X1.jpg" />
+		<test url="http://n.sinaimg.cn/tech/transform/20160503/s9-E-fxrunru8717987.jpg" />
+		<test url="http://n0.sinaimg.cn/sports/nba/style.css" />
+		<test url="http://ns.sinaimg.cn/news/transform/20160504/mHkI-fxrtztc3215730.jpg" />
+		<test url="http://p1.sinaimg.cn/1679869477/180/94201408034020" />
+		<test url="http://portrait1.sinaimg.cn/6004496926/blog/50" />
+		<test url="http://ss1.sinaimg.cn/orignal/0042rM3Xzy6HBCst4Um8e" />
+		<test url="http://tp1.sinaimg.cn/5554103544/180/0/1" />
+		<test url="http://tva1.sinaimg.cn/crop.0.0.798.798.180/6462d00fgw1egno4hgy6wj20m80m8mxn.jpg" />
+		<test url="http://tvax1.sinaimg.cn/default/images/default_avatar_male_50.gif" />
+		<test url="http://mm.us.sinaimg.cn/004APoF4jx075YvK4Tkk060f010005Ox0k01.zip" />
+		<test url="http://ww1.sinaimg.cn/bmiddle/4a02849cjw1elrtdbg81xj20dc0hsjst.jpg" />
+		<test url="http://z0.sinaimg.cn/auto/resize?size=560_0&amp;img=http://sinastorage.com/storage.miaosha.sina.com.cn/products/201701/71a54447d99e17e3324ad1cb92d00c16.jpg" />
+
+	<!--	Complication:	-->
+
+	<target host="wwws.sinaimg.cn" />
+	<target host="i0.sinaimg.cn" />
+	<target host="i1.sinaimg.cn" />
+	<target host="i2.sinaimg.cn" />
+	<target host="i3.sinaimg.cn" />
+	<target host="i0s.sinaimg.cn" />
+	<target host="i1s.sinaimg.cn" />
+	<target host="i2s.sinaimg.cn" />
+	<target host="i3s.sinaimg.cn" />
+
+	<rule from="^http://(i0s?|i1s?|i2s?|i3s?|wwws)\.sinaimg\.cn/" to="https://www.sinaimg.cn/" />
+		<test url="http://i0.sinaimg.cn/cha/images/c.gif" />
+		<test url="http://i1.sinaimg.cn/cha/images/c.gif" />
+		<test url="http://i2.sinaimg.cn/cha/images/c.gif" />
+		<test url="http://i3.sinaimg.cn/unipro/pub/suda_s_v839c.js" />
+		<test url="http://wwws.sinaimg.cn/dy/weather/main/w2015/wt_switch2.png" />
+
+	<target host="ws1.sinaimg.cn" />
+	<target host="ws2.sinaimg.cn" />
+	<target host="ws3.sinaimg.cn" />
+	<target host="ws4.sinaimg.cn" />
+	<target host="wx1.sinaimg.cn" />
+	<target host="wx2.sinaimg.cn" />
+	<target host="wx3.sinaimg.cn" />
+	<target host="wx4.sinaimg.cn" />
+	<rule from="^http://w(s|x)(\d+)\.sinaimg\.cn/" to="https://ww$2.sinaimg.cn/" />
+		<test url="http://ws1.sinaimg.cn/large/e8f236c4gw1f7dc0j9vxfj20f00f0myr.jpg" />
+		<test url="http://wx1.sinaimg.cn/large/006DI42Nly1favzwyi6dcj30hs0vljv50.jpg" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Sinastorage.com.xml b/src/chrome/content/rules/Sinastorage.com.xml
new file mode 100644
index 000000000000..f8af84c0a000
--- /dev/null
+++ b/src/chrome/content/rules/Sinastorage.com.xml
@@ -0,0 +1,12 @@
+<!--
+	For rules that are on by default, see Sina.com.cn.xml.
+-->
+<ruleset name="Sinastorage.com">
+	<target host="sinastorage.com" />
+		<test url="http://sinastorage.com/vipbook.sinaedge.com/cimg/bookpage/9362638/100x150x75x0.jpg" />
+	<target host="www.sinastorage.com" />
+	<target host="appimage.sinastorage.com" />
+		<test url="http://appimage.sinastorage.com/angel/60828_1482374812_ticon-72x72.png" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Sinefa.com.xml b/src/chrome/content/rules/Sinefa.com.xml
new file mode 100644
index 000000000000..026e5d1eb3df
--- /dev/null
+++ b/src/chrome/content/rules/Sinefa.com.xml
@@ -0,0 +1,32 @@
+<!--
+	Nonfunctional subdomains:
+
+		- (www.) *
+
+	* $ redirects to http, other paths 404
+
+
+	Problematic subdomains:
+
+		- community *
+
+	* zendesk
+
+-->
+<ruleset name="Sinefa.com (partial)">
+
+	<target host="controller.sinefa.com" />
+	<target host="community.sinefa.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<securecookie host="^controller\.sinefa\.com$" name=".+" />
+
+
+
+	<rule from="^http://community\.sinefa\.com/"
+		to="https://sinefa.zendesk.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SingPao.com.hk.xml b/src/chrome/content/rules/SingPao.com.hk.xml
new file mode 100644
index 000000000000..37f866fc0e00
--- /dev/null
+++ b/src/chrome/content/rules/SingPao.com.hk.xml
@@ -0,0 +1,22 @@
+<!--
+	Non-functional hosts
+		Couldn't resolve host name:
+			 - ns1.singpao.com.hk
+			 - vote.singpao.com.hk
+
+		Timeout was reached:
+			 - ftp.singpao.com.hk
+			 - imap.singpao.com.hk
+			 - mail.singpao.com.hk
+			 - pop3.singpao.com.hk
+			 - smtp.singpao.com.hk
+-->
+<ruleset name="SING PAO DAILY NEWS">
+	<target host="singpao.com.hk" />
+	<target host="www.singpao.com.hk" />
+	<target host="ad.singpao.com.hk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SingleHop.xml b/src/chrome/content/rules/SingleHop.xml
index 70c322302fe5..28c1688789db 100644
--- a/src/chrome/content/rules/SingleHop.xml
+++ b/src/chrome/content/rules/SingleHop.xml
@@ -9,22 +9,33 @@
 		- hub		(works, akamai)
 
 
-	Partially covered subdomains:
+	Mixed content:
 
-		- (www.)	(some paths redirect to http)
+		- Images, on:
+
+			- hub from cdn1.hubspot.com *
+			- www from $self *
+
+		- favicon on hub from cdn1.hubspot.com *
+
+	* Secured by us
 
 -->
 <ruleset name="SingleHop (partial)">
 
 	<target host="singlehop.com" />
-	<target host="*.singlehop.com" />
-		<exclusion pattern="^http://www\.singlehop\.com/(?!\?css=stylesheet|fonts/|images/|images-v\d-\d+/|js/|js_v\d_\d+/|order/|resources/|scripts/)" />
+	<target host="leap3.singlehop.com" />
+	<target host="www.singlehop.com" />
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?singlehop\.com$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^\.singlehop\.com$" name="^site_theme$" /-->
 
-	<securecookie host="^leap3\.singlehop\.com$" name=".+" />
+	<securecookie host="^(?:\.|leap3\.|www\.)?singlehop\.com$" name=".+" />
 
 
-	<rule from="^http://(leap3\.|www\.)?singlehop\.com/"
-		to="https://$1singlehop.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Singlefeed.xml b/src/chrome/content/rules/Singlefeed.xml
index 42a84448074d..2608e77f781f 100644
--- a/src/chrome/content/rules/Singlefeed.xml
+++ b/src/chrome/content/rules/Singlefeed.xml
@@ -1,15 +1,14 @@
 <ruleset name="Singlefeed">
 
-	<target host="singlefeed.com" />
-	<target host="*.singlefeed.com" />
+	<target host="reporting.singlefeed.com" />
+	<target host="www.singlefeed.com" />
 
 
-	<securecookie host="^(.*\.)?singlefeed\.com$" name=".*" />
+	<securecookie host=".+" name=".+" />
 
 
 	<!--	reporting is a tracking redirecter
 		that *.pgpartner.com uses.	-->
-	<rule from="^http://(reporting|www)\.singlefeed\.com/"
-		to="https://$1.singlefeed.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Singularity_Hub.xml b/src/chrome/content/rules/Singularity_Hub.xml
index a9d4894c4ccb..9519632d2af1 100644
--- a/src/chrome/content/rules/Singularity_Hub.xml
+++ b/src/chrome/content/rules/Singularity_Hub.xml
@@ -21,15 +21,14 @@
 <ruleset name="Singularity Hub (partial)">
 
 	<target host="singularityhub.com" />
-	<target host="*.singularityhub.com" />
-		<exclusion pattern="^https?://(?:www\.)?singularityhub\.com/(?:\d{4}/\d\d/\d\d/[\w-]+/|(?:about|(?:author|category)/[\w-]+|advertise|contact|membership-signup|privacy-policy|singularity-101)/?|video-central/?$|wp-login\.php)?(?:\?.*)?$" />
-		<exclusion pattern="^https?://(?:www\.)?singularityhub\.com/(?:debate-central)(?:$|\?|/)" />
-		
+	<target host="www.singularityhub.com" />
+		<exclusion pattern="^http://(?:www\.)?singularityhub\.com/(?:\d{4}/\d\d/\d\d/[\w-]+/|(?:about|(?:author|category)/[\w-]+|advertise|contact|membership-signup|privacy-policy|singularity-101)/?|video-central/?$|wp-login\.php)?(?:\?.*)?$" />
+		<exclusion pattern="^http://(?:www\.)?singularityhub\.com/(?:debate-central)(?:$|\?|/)" />
+
 
 	<!--securecookie host="^\.?singularityhub\.com$" name=".+" /-->
 
 
-	<rule from="^http://(www\.)?singularityhub\.com/"
-		to="https://$1singularityhub.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Sinica.edu.tw.xml b/src/chrome/content/rules/Sinica.edu.tw.xml
new file mode 100644
index 000000000000..2a2501e3af55
--- /dev/null
+++ b/src/chrome/content/rules/Sinica.edu.tw.xml
@@ -0,0 +1,53 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+		- phys.sinica.edu.tw
+
+		Timeout was reached:
+		- abrc.sinica.edu.tw
+		- career.sinica.edu.tw
+		- fmail1.cc.sinica.edu.tw
+		- edir.sinica.edu.tw
+		- imb.sinica.edu.tw
+		- www.imb.sinica.edu.tw
+		- stat.sinica.edu.tw
+		- www.stat.sinica.edu.tw
+
+		SSL peer certificate was not OK:
+		- ea.sinica.edu.tw
+		- econ.sinica.edu.tw
+		- npas.programs.sinica.edu.tw
+
+		Peer certificate cannot be authenticated with given CA certificates:
+		- www.econ.sinica.edu.tw
+
+		Site uses weak encryption (TLSv1.1 or earlier):
+		- aao.sinica.edu.tw
+		- aslib.sinica.edu.tw
+		- citi.sinica.edu.tw
+		- db3n2u.sinica.edu.tw
+		- db3x.sinica.edu.tw
+		- itsdesk.sinica.edu.tw
+
+		Mixed content blocking (MCB) triggered:
+		- digiarch.sinica.edu.tw
+-->
+<ruleset name="Sinica.edu.tw (partial)">
+	<target host="jobinfo.apps.sinica.edu.tw" />
+	<target host="ascc.sinica.edu.tw" />
+	<target host="www.ascc.sinica.edu.tw" />
+	<target host="app.sinica.edu.tw" />
+		<test url="http://app.sinica.edu.tw/rent/" />
+	<target host="www.citi.sinica.edu.tw" />
+	<target host="www.ea.sinica.edu.tw" />
+	<target host="gate.sinica.edu.tw" />
+	<target host="www.ios.sinica.edu.tw" />
+	<target host="irb.sinica.edu.tw" />
+	<target host="www.phys.sinica.edu.tw" />
+	<target host="research.sinica.edu.tw" />
+	<target host="sso.sinica.edu.tw" />
+	<target host="taibnet.sinica.edu.tw" />
+	<target host="www.sinica.edu.tw" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SinnFein.xml b/src/chrome/content/rules/SinnFein.xml
index a248039ad72c..4901030d0c5a 100644
--- a/src/chrome/content/rules/SinnFein.xml
+++ b/src/chrome/content/rules/SinnFein.xml
@@ -2,5 +2,5 @@
   <target host="sinnfein.ie" />
   <target host="www.sinnfein.ie" />
 
-  <rule from="^http://(?:www\.)?sinnfein\.ie/" to="https://www.sinnfein.ie/"/>
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Sinoptik.ua.xml b/src/chrome/content/rules/Sinoptik.ua.xml
new file mode 100644
index 000000000000..6bdda76fb408
--- /dev/null
+++ b/src/chrome/content/rules/Sinoptik.ua.xml
@@ -0,0 +1,21 @@
+<!--
+	Nonfunctional subdomains:
+
+		- (www.) *
+		- ua *
+
+	* 403
+
+
+	CN: *.fwdcdn.com
+
+-->
+<ruleset name="Sinoptik.ua (partial)" default_off="mismatched">
+
+	<target host="informers.sinoptik.ua" />
+	<target host="sinonptik-cdn1.un.net.ua" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Sins_of_a_Solar_Empire.com.xml b/src/chrome/content/rules/Sins_of_a_Solar_Empire.com.xml
index b191a7beab59..12e7ccad1b3a 100644
--- a/src/chrome/content/rules/Sins_of_a_Solar_Empire.com.xml
+++ b/src/chrome/content/rules/Sins_of_a_Solar_Empire.com.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://sinsofasolarempire.com/ => https://sinsofasolarempire.com/: (35, 'Unknown SSL protocol error in connection to sinsofasolarempire.com:443 ')
+
 	For other Stardock coverage, see Stardock.xml.
 
 
@@ -10,7 +14,7 @@
 	Mixed images from draginol.stardock.net
 
 -->
-<ruleset name="Sins of a Solar Empire.com (partial)">
+<ruleset name="Sins of a Solar Empire.com (partial)" default_off="failed ruleset test">
 
 	<target host="sinsofasolarempire.com" />
 	<target host="www.sinsofasolarempire.com" />
@@ -19,7 +23,6 @@
 	<securecookie host="^(?:www\.)?sinsofasolarempire\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?sinsofasolarempire\.com/"
-		to="https://$1sinsofasolarempire.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Siosm.fr.xml b/src/chrome/content/rules/Siosm.fr.xml
new file mode 100644
index 000000000000..908fd490cc2e
--- /dev/null
+++ b/src/chrome/content/rules/Siosm.fr.xml
@@ -0,0 +1,25 @@
+<!--
+	No working URL known:
+		cloud.siosm.fr
+
+	Invalid certificate:
+		ovh.siosm.fr
+
+-->
+<ruleset name="Siosm.fr">
+
+	<target host="siosm.fr" />
+	<target host="www.siosm.fr" />
+	<target host="fs.siosm.fr" />
+	<target host="git.siosm.fr" />
+	<target host="im.siosm.fr" />
+	<target host="mail.siosm.fr" />
+	<target host="matrix.siosm.fr" />
+	<target host="po.siosm.fr" />
+	<target host="repo.siosm.fr" />
+	<target host="tim.siosm.fr" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Sipgate.co.uk.xml b/src/chrome/content/rules/Sipgate.co.uk.xml
new file mode 100644
index 000000000000..afb630161798
--- /dev/null
+++ b/src/chrome/content/rules/Sipgate.co.uk.xml
@@ -0,0 +1,86 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://sipgate.co.uk/ => https://www.sipgate.co.uk/: Too many redirects while fetching 'https://www.sipgate.co.uk/'
+Fetch error: http://www.sipgate.co.uk/ => https://www.sipgate.co.uk/: Too many redirects while fetching 'https://www.sipgate.co.uk/'
+
+	For other Sipgate GmbH coverage, see Sipgate.xml.
+
+
+	Nonfunctional hosts in *sipgate.co.uk:
+
+		- www.live *
+
+	* Refused
+
+
+	Problematic hosts in *sipgate.co.uk:
+
+		- ^ *
+		- live *
+
+	* Mismatched
+
+
+	These altnames don't exist:
+
+		- www.secure.live.sipgate.de
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .live.sipgate.co.uk
+		- secure.live.sipgate.co.uk
+		- www.sipgate.co.uk
+
+-->
+<ruleset name="Sipgate.co.uk (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<!--target host="live.sipgate.co.uk" /-->
+	<target host="secure.live.sipgate.co.uk" />
+	<target host="secure.sipgate.co.uk" />
+
+<!--	Complications:
+			-->
+  <target host="sipgate.co.uk" />
+	<target host="www.sipgate.co.uk" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.live\.sipgate\.co\.uk/$" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:secure\.live|www)\.sipgate\.co\.uk$" name="^SERVERID$" /-->
+	<!--securecookie host="^\.live\.sipgate\.co\.uk$" name="^siptrack$" /-->
+
+	<securecookie host="^\.live\.sipgate\.co\.uk$" name="^siptrack$" />
+	<securecookie host="^(?:secure\.live|www)\.sipgate\.co\.uk$" name=".+" />
+
+
+	<!--	user/$ redirects to www.live.../$ over https,
+		https://www.../basic/ over http
+
+		Redirect drops forward slash and args
+						-->
+	<rule from="^http://(?:www\.)?sipgate\.co\.uk/+user/*(?:\?.*)?$"
+		to="https://www.sipgate.co.uk/basic/" />
+
+		<test url="http://sipgate.co.uk//user/" />
+		<test url="http://sipgate.co.uk/user" />
+		<test url="http://sipgate.co.uk/user/" />
+		<test url="http://sipgate.co.uk/user?" />
+		<test url="http://www.sipgate.co.uk//user/" />
+		<test url="http://www.sipgate.co.uk/user" />
+		<test url="http://www.sipgate.co.uk/user/" />
+
+	<rule from="^http://sipgate\.co\.uk/"
+		to="https://www.sipgate.co.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Sipgate.io.xml b/src/chrome/content/rules/Sipgate.io.xml
new file mode 100644
index 000000000000..456772680bcb
--- /dev/null
+++ b/src/chrome/content/rules/Sipgate.io.xml
@@ -0,0 +1,40 @@
+<!--
+	For other Sipgate GmbH coverage, see Sipgate.xml.
+
+
+	Problematic hosts in *sipgate.io:
+
+		- book *
+
+	* Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- sipgate.io
+		- book.sipgate.io
+		- www.sipgate.io
+
+-->
+<ruleset name="Sipgate.io (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="sipgate.io" />
+	<!--target host="book.sipgate.io" /-->
+	<target host="demo.sipgate.io" />
+	<target host="www.sipgate.io" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?sipgate\.io$" name="^SERVERID$" /-->
+	<!--securecookie host="^book\.sipgate\.io$" name="^gitbook:sess(?:\.sig)?$" /-->
+
+	<securecookie host="^(?:www\.)?sipgate\.io$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Sipgate.xml b/src/chrome/content/rules/Sipgate.xml
index 781995dba9a2..7a2e37255d4a 100644
--- a/src/chrome/content/rules/Sipgate.xml
+++ b/src/chrome/content/rules/Sipgate.xml
@@ -1,15 +1,83 @@
-<ruleset name="Sipgate" platform="mixedcontent">
-  <target host="sipgate.at" />
-  <target host="*.sipgate.at" />
-  <target host="sipgate.co.uk" />
-  <target host="*.sipgate.co.uk" />
+<!--
+	Other Sipgate GmbH rulesets:
+
+		- Sipgate.co.uk.xml
+		- Sipgate.io.xml
+		- Simquadrat.de.xml
+
+
+	Nonfunctional hosts in sipgate.de:
+
+		- teamsupport *
+
+	* Zendesk
+
+
+	Problematic hosts in sipgate.de:
+
+		- live ¹
+		- status ²
+
+	¹ Mismatched
+	² Server sends no certificate chain, see https://whatsmychaincert.com
+
+
+	These altnames don't exist:
+
+		- www.secure.live.sipgate.de
+		- www.secure.sipgate.de
+
+
+	Insecure cookies are set for these hosts:
+
+		- secure.live.sipgate.de
+
+-->
+<ruleset name="Sipgate.de (partial)">
+
+	<!--	Direct rewrites:
+				-->
   <target host="sipgate.de" />
-  <target host="*.sipgate.de" />
-  <target host="simquadrat.de" />
-  <target host="www.simquadrat.de" />
-
-  <rule from="^http://(?:(?:www|secure)\.)?sipgate\.(at|co\.uk)/" to="https://secure.sipgate.$1/"/>
-  <rule from="^http://(?:secure\.)?live\.sipgate\.(de|at|co\.uk)/" to="https://secure.live.sipgate.$1/"/>
-  <rule from="^http://(?:www\.)?go\.sipgate\.de/" to="https://go.sipgate.de/"/>
-  <rule from="^http://(?:www\.)?simquadrat\.de/" to="https://simquadrat.de/"/>
+	<!--target host="live.sipgate.de" /-->
+	<target host="secure.live.sipgate.de" />
+	<target host="secure.sipgate.de" />
+	<!--target host="status.sipgate.de" /-->
+	<target host="www.sipgate.de" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.sipgate\.de/(?:$|sim$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.sipgate\.de/+(?!(?:basic|design|trunking)(?:$|[?/]))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.sipgate.de/academy" />
+			<test url="http://www.sipgate.de/faq/" />
+			<test url="http://www.sipgate.de/sim" />
+			<test url="http://www.sipgate.de/team" />
+			<test url="http://www.sipgate.de/team/apps" />
+			<test url="http://www.sipgate.de/team/produkte" />
+			<test url="http://www.sipgate.de/team/voip" />
+			<test url="http://www.sipgate.de/unternehmen" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.sipgate.de/basic/" />
+			<test url="http://www.sipgate.de/design/" />
+			<test url="http://www.sipgate.de/trunking/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^secure\.live\.sipgate\.de$" name="^SERVERID$" /-->
+
+	<securecookie host="^secure\.live\.sipgate\.de$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/Siraj.Institute.xml b/src/chrome/content/rules/Siraj.Institute.xml
new file mode 100644
index 000000000000..add2473b3491
--- /dev/null
+++ b/src/chrome/content/rules/Siraj.Institute.xml
@@ -0,0 +1,10 @@
+<ruleset name="Siraj.Institute">
+	<target host="siraj.institute" />
+	<target host="www.siraj.institute" />
+	<target host="apply.siraj.institute" />
+	<target host="demo.siraj.institute" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Sirportly.xml b/src/chrome/content/rules/Sirportly.xml
index 94fbfe5da24f..412ca7beb839 100644
--- a/src/chrome/content/rules/Sirportly.xml
+++ b/src/chrome/content/rules/Sirportly.xml
@@ -15,4 +15,4 @@
 	<rule from="^http://(app\.|www\.)?sirportly\.com/"
 		to="https://$1sirportly.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Sirrix.xml b/src/chrome/content/rules/Sirrix.xml
index 9f466d1bea8f..e1741418feaa 100644
--- a/src/chrome/content/rules/Sirrix.xml
+++ b/src/chrome/content/rules/Sirrix.xml
@@ -15,17 +15,19 @@
 -->
 <ruleset name="Sirrix (partial)">
 
-	<target host="sirrix.*" />
-	<target host="www.sirrix.*" />
+	<target host="sirrix.com" />
+	<target host="www.sirrix.com" />
+	<target host="sirrix.de" />
+	<target host="www.sirrix.de" />
 
 
-	<securecookie host="^(?:www\.)?sirrix.(?:com|de)$" name=".+" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^http://(www\.)?sirrix\.com/"
-		to="https://$1sirrix.com/" />
-
-	<rule from="^http://(?:www\.)?sirrix\.de/"
+	<rule from="^http://sirrix\.de/"
 		to="https://www.sirrix.de/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SirsiDynix.net.uk.xml b/src/chrome/content/rules/SirsiDynix.net.uk.xml
new file mode 100644
index 000000000000..0e8d558c82e3
--- /dev/null
+++ b/src/chrome/content/rules/SirsiDynix.net.uk.xml
@@ -0,0 +1,22 @@
+<!--
+	Mixed content:
+
+		- css on emlib.ent from fonts.googleapis.com ˢ
+		- Images on emlib.ent from $self ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="SirsiDynix.net.uk">
+
+	<target host="emlib.ent.sirsidynix.net.uk" />
+	<target host="trib.ent.sirsidynix.net.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Site24x7.xml b/src/chrome/content/rules/Site24x7.xml
index 803d16c00135..529d538b9b7b 100644
--- a/src/chrome/content/rules/Site24x7.xml
+++ b/src/chrome/content/rules/Site24x7.xml
@@ -2,16 +2,19 @@
 	For other Zoho coverage, see Zoho.xml.
 
 -->
-<ruleset name="Site24x7">
+<ruleset name="Site24x7.com">
 
 	<target host="site24x7.com" />
-	<target host="*.site24x7.com" />
+	<target host="blogs.site24x7.com" />
+	<target host="forums.site24x7.com" />
+	<target host="static.site24x7.com" />
+	<target host="www.site24x7.com" />
 
 
-	<securecookie host="^(?:.*\.)?site24x7\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(blogs\.|forums\.|static\.|www\.)?site24x7\.com/"
-		to="https://$1site24x7.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Site5.xml b/src/chrome/content/rules/Site5.xml
index db668a0fb3fb..59c359abb8bb 100644
--- a/src/chrome/content/rules/Site5.xml
+++ b/src/chrome/content/rules/Site5.xml
@@ -1,4 +1,15 @@
-<ruleset name="Site5 (partial)" platform="mixedcontent">
+<!--
+	Mixed content:
+
+		- Ads, on:
+
+			- www from $self *
+			- www from www.googleadservices.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Site5 (partial)">
 
 	<target host="site5.com" />
 	<target host="*.site5.com" />
diff --git a/src/chrome/content/rules/SiteAdvisor.com.xml b/src/chrome/content/rules/SiteAdvisor.com.xml
index 6ae2fb90f825..5de70551ef53 100644
--- a/src/chrome/content/rules/SiteAdvisor.com.xml
+++ b/src/chrome/content/rules/SiteAdvisor.com.xml
@@ -11,7 +11,6 @@
 	<target host="www.siteadvisor.com" />
 
 
-	<rule from="^http://(?:www\.)?siteadvisor\.com/"
-		to="https://www.siteadvisor.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SiteCompass.com.xml b/src/chrome/content/rules/SiteCompass.com.xml
index 8a7d5e677f8b..ce8ce9ad1675 100644
--- a/src/chrome/content/rules/SiteCompass.com.xml
+++ b/src/chrome/content/rules/SiteCompass.com.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://mm.sitecompass.com/ => https://mm.sitecompass.com/: (28, 'Connection timed out after 20001 milliseconds')
+
 	Nonfunctional subdomains:
 
 		- (www.) *
@@ -7,12 +11,11 @@
 	* Dropped
 
 -->
-<ruleset name="SiteCompass.com (partial)">
+<ruleset name="SiteCompass.com (partial)" default_off="failed ruleset test">
 
 	<target host="mm.sitecompass.com" />
 
 
-	<rule from="^http://mm\.sitecompass\.com/"
-		to="https://mm.sitecompass.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/SiteGround.xml b/src/chrome/content/rules/SiteGround.xml
index 8182f215e25f..ac06a45278cf 100644
--- a/src/chrome/content/rules/SiteGround.xml
+++ b/src/chrome/content/rules/SiteGround.xml
@@ -1,13 +1,49 @@
-<ruleset name="SiteGround (partial)">
 
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://forum.siteground.com/ => https://forum.siteground.com/: (60, 'SSL certificate problem: self signed certificate')
+
+	Problematic hosts in *siteground.com:
+
+		- forum *
+
+	* Blocks Tor users
+
+
+	Fully covered hosts in *siteground.com:
+
+		- (www.)?
+		- blog
+		- forum
+		- kb
+		- ua
+
+
+	Insecure cookies are set for these domains:
+
+		- .siteground.com
+
+-->
+<ruleset name="SiteGround.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
 	<target host="siteground.com" />
-	<target host="*.siteground.com" />
+	<target host="blog.siteground.com" />
+	<target host="forum.siteground.com" />
+	<target host="kb.siteground.com" />
+	<target host="ua.siteground.com" />
+	<target host="www.siteground.com" />
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.siteground\.com$" name="^PHPSESSID$"/-->
 
-	<securecookie host="^.*\.siteground\.com$" name=".*"/>
+	<securecookie host="^.*\.siteground\.com$" name=".+" />
 
 
-	<rule from="^http://(kb\.|www\.)?siteground\.com/"
-		to="https://$1siteground.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/SiteHeart.xml b/src/chrome/content/rules/SiteHeart.xml
index cb8312325d1a..8203b974cac3 100644
--- a/src/chrome/content/rules/SiteHeart.xml
+++ b/src/chrome/content/rules/SiteHeart.xml
@@ -1,13 +1,17 @@
-<ruleset name="SiteHeart">
+<ruleset name="SiteHeart.com">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="siteheart.com" />
-	<target host="*.siteheart.com" />
+	<target host="static.siteheart.com" />
+	<target host="webindicator.siteheart.com" />
+	<target host="www.siteheart.com" />
 
 
 	<securecookie host="^(?:www\.)?siteheart\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?siteheart\.com/"
-		to="https://$1siteheart.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SiteLock.xml b/src/chrome/content/rules/SiteLock.xml
index fd4a40bd26f4..3912102444bb 100644
--- a/src/chrome/content/rules/SiteLock.xml
+++ b/src/chrome/content/rules/SiteLock.xml
@@ -1,21 +1,64 @@
 <!--
-	Problematic subdomains:
+	Problematic hosts in *sitelock.com:
 
 		- blog		(some pages redirect to http:.../$, valid cert)
 
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .sitelock.com
+		- shield.sitelock.com
+
+
+	Mixed content:
+
+		- css on secure from fonts.googleapis.com *
+		- Bug on blog from pixel.wp.com
+
+	* Secured by us
+
 -->
-<ruleset name="SiteLock (partial)">
+<ruleset name="SiteLock.com (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="sitelock.com"/>
-	<target host="*.sitelock.com"/>
+	<target host="admin.sitelock.com"/>
+	<target host="blog.sitelock.com"/>
+	<target host="mapi.sitelock.com"/>
+	<target host="secure.sitelock.com"/>
+	<target host="shield.sitelock.com"/>
+	<target host="wiki.sitelock.com"/>
+	<target host="www.sitelock.com"/>
+
+		<!--	Redirects to http:
+					-->
+		<!--exclusion pattern="^http://blog\.sitelock\.com/$" /-->
+		<!--
+			Exceptions:
+					-->
 		<exclusion pattern="^http://blog\.sitelock\.com/(?!feed/)" />
 
+			<!--	+ve:
+					-->
+			<test url="http://blog.sitelock.com/feed/" />
+
+			<!--
+				-ve:
+					-->
+			<test url="http://blog.sitelock.com/category/uncategorized/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.sitelock\.com$" name="^(btrack|incap_ses_\d+_\d+|nlbi_\d+|redirect_count|visid_incap_\d+)$" /-->
+	<!--securecookie host="^shield\.sitelock\.com$" name="^___utmv[abm]\w+$" /-->
 
-	<securecookie host="^\.sitelock\.com$" name="^(?:btrack|___utm\w+)$" />
-	<securecookie host="^(?:admin|mapi|secure|wiki|www)\.sitelock\.com$" name=".+" />
+	<securecookie host="^\.sitelock\.com$" name="^(?:btrack|incap_ses_\d+_\d+|nlbi_\d+|visid_incap_\d+)$" />
+	<securecookie host="^(?:admin|mapi|secure|shield|wiki|www)\.sitelock\.com$" name=".+" />
 
 
-	<rule from="^http://((?:admin|blog|mapi|secure|shield|wiki|www)\.)?sitelock\.com/"
-		to="https://$1sitelock.com/"/>
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/SiteOrigin.com.xml b/src/chrome/content/rules/SiteOrigin.com.xml
new file mode 100644
index 000000000000..3bb5c19a5b4e
--- /dev/null
+++ b/src/chrome/content/rules/SiteOrigin.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="SiteOrigin.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="siteorigin.com" />
+	<target host="www.siteorigin.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SitePen.com.xml b/src/chrome/content/rules/SitePen.com.xml
new file mode 100644
index 000000000000..ff0228b35fa1
--- /dev/null
+++ b/src/chrome/content/rules/SitePen.com.xml
@@ -0,0 +1,29 @@
+<!--
+	Mixed content:
+
+		- css on hub from fonts.googleapis.com *
+
+		- Images on www from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="SitePen.com">
+
+	<target host="sitepen.com" />
+	<target host="hub.sitepen.com" />
+	<target host="support.sitepen.com" />
+	<target host="www.sitepen.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(hub|support)\.sitepen\.com$" name="^_redmine_session$" /-->
+	<!--securecookie host="^www\.sitepen\.com$" name="^(PHPSESSID|YII_CSRF_TOKEN)" /-->
+
+	<securecookie host="^(?:hub|support|www)\.sitepen\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SitePoint.xml b/src/chrome/content/rules/SitePoint.xml
index 9a588713cfde..8ccae6b320fa 100644
--- a/src/chrome/content/rules/SitePoint.xml
+++ b/src/chrome/content/rules/SitePoint.xml
@@ -1,9 +1,4 @@
 <!--
-	Other SitePoint rulesets:
-
-		- Earl.xml
-
-
 	CDN buckets:
 
 		- wac.41aa.edgecastcdn.net/??41AA/
@@ -17,26 +12,29 @@
 
 			- cdn		(404; mismatched, CN: gp1.wac.edgecastcdn.net)
 			- downtime *
-			- i2 *
 			- products *
 			- tools *
 
-		- (www.)sitepointstatic.com *
+		- (www.)sitepointstatic.com ³
 		- 1.sitepointstatic.com *
 
 	* Refused
+	³ Shows beyonce
 
 
 	Problematic domains:
 
 		- sitepoint.com subdomains:
 
+			- beyonce ¹
+			- community *
+			- i2 ³
 			- reference *
 			- xmas *
 
-		- (www.)sitepointmarket.com	(times out)
-
-	* Works; mismatched, CN: sitepoint.com
+	¹ Self-signed
+	* Mismatched
+	³ Shows beyonce
 
 
 	Partially covered domains:
@@ -44,32 +42,47 @@
 		- (www.)sitepoint.com
 
 			- Some pages redirect to http
-			- wp-content/ 404s
 
 
 	Fully covered domains:
 
 		- i2.sitepoint.com		(→ www)
-		- (www.)sitepointmarket.com	(→ flippa.com)
 
 -->
-<ruleset name="SitePoint (partial)">
+<ruleset name="SitePoint.com (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="sitepoint.com" />
-	<target host="*.sitepoint.com" />
-	<target host="sitepointmarket.com" />
-	<target host="www.sitepointmarket.com" />
+	<target host="www.sitepoint.com" />
+
+	<!--	Complications:
+				-->
+	<target host="i2.sitepoint.com" />
 
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.sitepoint\.com/($|forums/images/)" /-->
+
+		<!--	Exceptions:
+					-->
+		<exclusion pattern="^http://www\.sitepoint\.com/+(?!favicon\.ico|wp-content/)" />
+
+			<test url="http://www.sitepoint.com/design-ux/" />
+			<test url="http://www.sitepoint.com/html-css/" />
+			<test url="http://www.sitepoint.com/php/" />
+			<test url="http://www.sitepoint.com/wordpress/" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.sitepoint.com/favicon.ico" />
+			<test url="http://www.sitepoint.com/wp-content/themes/sitepoint/assets/svg/sitepoint.svg" />
 
-	<rule from="^http://(www\.)?sitepoint\.com/(bookstore|forums|images)/"
-		to="https://$1sitepoint.com/forums/" />
 
 	<rule from="^http://i2\.sitepoint\.com/"
 		to="https://www.sitepoint.com/" />
 
-	<!--	Server drops path:
-					-->
-	<rule from="^http://(?:www\.)?sitepointmarket\.com/.*"
-		to="https://flippa.com/classifieds?spm=1" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SiteScout-problematic.xml b/src/chrome/content/rules/SiteScout-problematic.xml
deleted file mode 100644
index cf0acca51306..000000000000
--- a/src/chrome/content/rules/SiteScout-problematic.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	For rules that are on by default, see SiteScout.xml.
-
-
-	- ^ redirects to www
-	- mixedcontent due to CSS from netdna bucket
-
--->
-<ruleset name="SiteScout (problematic)" default_off="expired" platform="mixedcontent">
-
-	<target host="sitescout.com" />
-	<target host="www.sitescout.com" />
-
-
-	<rule from="^https?://(?:www\.)?sitescout\.com/"
-		to="https://www.sitescout.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/SiteScout.xml b/src/chrome/content/rules/SiteScout.xml
index 9f4202ec2c92..b4bc1cdcefa7 100644
--- a/src/chrome/content/rules/SiteScout.xml
+++ b/src/chrome/content/rules/SiteScout.xml
@@ -1,31 +1,57 @@
 <!--
-	For problematic rules, see SiteScout-problematic.xml.
-
 
 	CDN buckets:
 
+		- cdnsitescout1-a.akamaihd.net
+
 		- ssblog.sitescout.netdna-cdn.com
 
 			- *-ssl doesn't exist
 
 
-	Problematic subdomains:
+	www.sitescout.com: Refused
+
+
+	Problematic hosts in *sitescout.com:
+
+		- www-cdn *
+		- guru +
+
+	* 503
+	+ expited cert
 
-		- (www.)		(cert expired 2012-08-12)
+
+	Mixed content:
+
+		- favicon on rtb from www.sitescout.com *
+
+	* Unsecurable <= refused
 
 -->
-<ruleset name="SiteScout (partial)">
+<ruleset name="SiteScout.com (partial)" >
 
-	<target host="*.sitescout.com" />
+	<!--	Direct rewrites:
+				-->
+	<target host="sitescout.com" />
+	<target host="clickserv.sitescout.com" />
+	<target host="pixel.sitescout.com" />
+	<target host="rtb.sitescout.com" />
+
+	<!--	Complications:
+				-->
+	<target host="www-cdn.sitescout.com" />
 
 
 	<!--	Tracking cookies:
 						-->
-	<securecookie host="^\.sitescout\.com$" name="^(?:km_\w+|_ssum|ssi|__utm\w)$" />
-	<securecookie host="^rtb\.sitescout\.com$" name=".+" />
+	<securecookie host="^\." name="^(?:km_\w+|_ssum|ssi|__utm\w)$" />
+	<securecookie host="^\w" name=".+" />
+
 
+	<rule from="^http://www-cdn\.sitescout\.com/"
+		to="https://cdnsitescout1-a.akamaihd.net/" />
 
-	<rule from="^http://(guru|pixel|rtb)\.sitescout\.com/"
-		to="https://$1.sitescout.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SiteTagger.co.uk-problematic.xml b/src/chrome/content/rules/SiteTagger.co.uk-problematic.xml
index 72f33730627e..9fd544767126 100644
--- a/src/chrome/content/rules/SiteTagger.co.uk-problematic.xml
+++ b/src/chrome/content/rules/SiteTagger.co.uk-problematic.xml
@@ -7,7 +7,7 @@
 	<target host="www2.sitetagger.co.uk" />
 
 
-	<rule from="^http://www2\.sitetagger\.co\.uk/"
-		to="https://www2.sitetagger.co.uk/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SiteTagger.co.uk.xml b/src/chrome/content/rules/SiteTagger.co.uk.xml
deleted file mode 100644
index 327786319ff8..000000000000
--- a/src/chrome/content/rules/SiteTagger.co.uk.xml
+++ /dev/null
@@ -1,28 +0,0 @@
-<!--
-	For problematic rules, see SiteTagger.co.uk-problematic.xml.
-
-	For other BrightTag coverage, see BrightTag.xml.
-
-
-	 subdomains:
-
-		- www2		(works; expired 2013-02-28, self-signed, CN: Parallels Panel)
-
-
-	Fully covered subdomains:
-
-		- (www.)
-		- my
-		- \w+.tags	(per-client domains serving web bugs)
-
--->
-<ruleset name="SiteTagger.co.uk (partial)">
-
-	<target host="sitetagger.co.uk" />
-	<target host="*.sitetagger.co.uk" />
-
-
-	<rule from="^http://((?:my|\w+\.tags|www)\.)?sitetagger\.co\.uk/"
-		to="https://$1sitetagger.co.uk/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/SiteTrust-Network.xml b/src/chrome/content/rules/SiteTrust-Network.xml
deleted file mode 100644
index eb88aadaf4cb..000000000000
--- a/src/chrome/content/rules/SiteTrust-Network.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="SiteTrust Network">
-
-	<target host="sitetrustnetwork.com" />
-	<target host="www.sitetrustnetwork.com" />
-
-
-	<securecookie host="^(www\.)?sitetrustnetwork\.com$" name=".*" />
-
-
-	<rule from="^http://(www\.)?sitetrustnetwork\.com/"
-		to="https://$1sitetrustnetwork.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/SiteUptime.com.xml b/src/chrome/content/rules/SiteUptime.com.xml
new file mode 100644
index 000000000000..3fb5b25ff8f9
--- /dev/null
+++ b/src/chrome/content/rules/SiteUptime.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="SiteUptime.com">
+
+	<target host="siteuptime.com" />
+	<target host="www.siteuptime.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Site_Blindado.xml b/src/chrome/content/rules/Site_Blindado.xml
index ac7816dc6c03..7f5c1186aa7e 100644
--- a/src/chrome/content/rules/Site_Blindado.xml
+++ b/src/chrome/content/rules/Site_Blindado.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://siteblindado.com/ => https://siteblindado.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
 	CDN buckets:
 
 		- a248.e.akamai.net/f/248/76110/1h/s3-sa-east-1.amazonaws.com/selo.siteblindado.com/
@@ -32,24 +36,26 @@
 <ruleset name="Site Blindado">
 
 	<target host="siteblindado.com" />
-	<target host="*.siteblindado.com" />
-	<target host="*.siteblindado.com.br" />
+	<target host="portal2.siteblindado.com" />
+	<target host="selo.siteblindado.com" />
+	<target host="www.siteblindado.com" />
+	<target host="portal.siteblindado.com" />
+	<target host="portal.siteblindado.com.br" />
+	<target host="selo.siteblindado.com.br" />
+	<target host="www.siteblindado.com.br" />
 
 
 	<securecookie host="^(?:portal2|selo|www)?\.siteblindado\.com$" name=".+" />
 	<securecookie host="^(?:portal|selo)?\.siteblindado\.com\.br$" name=".+" />
 
 
-	<rule from="^http://((?:portal2|selo|www)\.)?siteblindado\.com/"
-		to="https://$1siteblindado.com/" />
 
 	<rule from="^http://portal\.siteblindado\.com/"
 		to="https://portal.siteblindado.com.br/" />
 
-	<rule from="^http://(portal|selo)\.siteblindado\.com\.br/"
-		to="https://$1.siteblindado.com.br/" />
 
 	<rule from="^http://www\.siteblindado\.com\.br/"
 		to="https://www.siteblindado.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Site_Control.us.xml b/src/chrome/content/rules/Site_Control.us.xml
new file mode 100644
index 000000000000..520457fe05c4
--- /dev/null
+++ b/src/chrome/content/rules/Site_Control.us.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .sitecontrol.us
+
+-->
+<ruleset name="Site Control.us">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="sitecontrol.us" />
+	<target host="www.sitecontrol.us" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.sitecontrol\.us$" name="^_session_id$" /-->
+
+	<securecookie host="^\.sitecontrol\.us$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Site_Safe.org.nz.xml b/src/chrome/content/rules/Site_Safe.org.nz.xml
new file mode 100644
index 000000000000..34ef99cb14b1
--- /dev/null
+++ b/src/chrome/content/rules/Site_Safe.org.nz.xml
@@ -0,0 +1,12 @@
+<ruleset name="Site Safe.org.nz">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="sitesafe.org.nz" />
+	<target host="www.sitesafe.org.nz" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Sitefinity.com.xml b/src/chrome/content/rules/Sitefinity.com.xml
new file mode 100644
index 000000000000..13301c20481e
--- /dev/null
+++ b/src/chrome/content/rules/Sitefinity.com.xml
@@ -0,0 +1,18 @@
+<ruleset name="Sitefinity.com (partial)">
+
+	<target host="sitefinity.com" />
+	<target host="www.sitefinity.com" />
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="^http://www\.sitefinity\.com/($|\?)" /-->
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="^http://www\.sitefinity\.com/+(?!Sitefinity/Public/|Telerik\.Web\.UI\.WebResource\.axd|assets/|favicon\.ico|sitefinityimages/)" /-->
+
+
+	<rule from="^http://(www\.)?sitefinity\.com/(?=Sitefinity/Public/|Telerik\.Web\.UI\.WebResource\.axd|assets/|favicon\.ico|sitefinityimages/)"
+		to="https://$1sitefinity.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Siteimprove.xml b/src/chrome/content/rules/Siteimprove.xml
index c9f468070483..d185a79e2e8f 100644
--- a/src/chrome/content/rules/Siteimprove.xml
+++ b/src/chrome/content/rules/Siteimprove.xml
@@ -1,26 +1,20 @@
 <!--
-	Nonfunctional subdomains:
-
-		- (www.)	(404, valid cert)
-
-
-	Fully covered subdomains:
-
-		- my
-		- us1
+	^siteimprove.com: WP Engine/redirects to http
 
 -->
 <ruleset name="Siteimprove (partial)">
 
-	<target host="*.siteimprove.com" />
+	<target host="my.siteimprove.com" />
+	<target host="us1.siteimprove.com" />
+	<target host="www.siteimprove.com" />
+
+		<test url="http://www.siteimprove.com/searchimprove/autocomplete/autocomplete.css" />
 
 
-	<securecookie host="^my\.siteimprove\.com$" name=".+" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<!--	us1: Included on 3rd-party websites.
-							-->
-	<rule from="^http://(my|us1)\.siteimprove\.com/"
-		to="https://$1.siteimprove.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Sitemason.xml b/src/chrome/content/rules/Sitemason.xml
index 085119e0786f..3db44ceb684f 100644
--- a/src/chrome/content/rules/Sitemason.xml
+++ b/src/chrome/content/rules/Sitemason.xml
@@ -1,56 +1,52 @@
 <!--
 	sitemason.vanderbilt.edu/files/b/b4VCI8/CrimeAlert.xml
 
+	sitemason.zendesk.com <=> support.sitemason.com
+
+
+	Nonfunctional domains:
+
+		- (www.)moses.com *
+
+	* Refused
+
+
+	Problematic domains:
+
+		- (www.)sitemasonmail.com.moses.com *
+		- sitemason.com *
+		- webmail.sitemason.com *
+		- (www.)sitemasonmail.com *
+		- webmail.sitemasonmail.com *
+
+	* Refused
+
 -->
-<ruleset name="Sitemason">
+<ruleset name="Sitemason (partial)">
 
-	<target host="moses.com" />
 	<target host="*.moses.com" />
-	<target host="sitemasonmail.com.moses.com" />
-	<target host="www.sitemasonmail.com.moses.com" />
 	<target host="sitemason.com" />
 	<target host="*.sitemason.com" />
 	<target host="sitemasonmail.com" />
 	<target host="*.sitemasonmail.com" />
 
 
-	<!--	Presumably this domain belongs to Sitemason, as
-		www.moses.org redirects to www.sitemason.com.	-->
-	<rule from="^http://secure\.moses\.org/"
-		to="https://secure.moses.org/" />
+	<rule from="^http://(?:www\.)?sitemasonmail\.com\.moses\.com/"
+		to="https://secure.sitemason.com/www.sitemasonmail.com/" />
 
-	<!--	For sitemason.com:
-			- !www 403s
-			- www: cert invalid, redirects as so.	-->
-	<rule from="^https?://(?:www\.)?(?:moses|sitemason)\.com/"
-		to="https://secure.sitemason.com/www.sitemason.com/" />
+	<rule from="^http://(?:www\.)?sitemason\.com/"
+		to="https://www.sitemason.com/" />
 
-	<!--	Same here.	-->
-	<rule from="^https?://developer\.sitemason\.com/"
-		to="https://secure.sitemason.com/developer.sitemason.com/" />
+	<rule from="^http://developer\.sitemason\.com/+"
+		to="https://www.sitemason.com/developers/" />
 
 	<rule from="^http://secure\.sitemason\.com/"
 		to="https://secure.sitemason.com/" />
 
-	<!--	Zendesk, at least some pages redirect to http.
-		sitemason.zendesk.com redirects back.	-->
-	<rule from="^https?://support\.sitemason\.com/(assets|generated|images|system)/"
-		to="https://sitemason.zendesk.com/$1/" />
-
-	<!--	sitemasonmail.com: same story as above.
-
-		sitemasonmail.com.moses.com:
-
-			- Cert: secure.moses.com
-			- redirects to secure.sitemason.com/www.sitemasonmail.com.moses.com
-			- 404s
-
-		The same data are present on sitemasonmail.com.
-				-->
-	<rule from="^https?://(?:www\.)?sitemasonmail\.com(?:\.moses\.com)?/"
-		to="https://secure.sitemason.com/www.sitemasonmail.com/" />
+	<rule from="^http://support\.sitemason\.com/(?=assets/|generated/|images/|system/)"
+		to="https://sitemason.zendesk.com/" />
 
-	<rule from="^http://webmail\.sitemasonmail\.com/"
-		to="https://webmail.sitemasonmail.com/" />
+	<rule from="^http://(?:webmail\.sitemason|(?:webmail\.|www\.)?sitemasonmail)\.com/+"
+		to="https://apps.rackspace.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Sitemeter.xml b/src/chrome/content/rules/Sitemeter.xml
index 252eaf06c9ed..180728ec93fb 100644
--- a/src/chrome/content/rules/Sitemeter.xml
+++ b/src/chrome/content/rules/Sitemeter.xml
@@ -10,7 +10,7 @@
 	<target host="*.sitemeter.com" />
 
 
-	<rule from="^https?://\w{3}\.sitemeter\.com/js/"
+	<rule from="^http://\w{3}\.sitemeter\.com/js/"
 		to="https://www.sitemeter.com/js/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Siteor.xml b/src/chrome/content/rules/Siteor.xml
index b1a9ea29bd31..3f732f6fceae 100644
--- a/src/chrome/content/rules/Siteor.xml
+++ b/src/chrome/content/rules/Siteor.xml
@@ -21,18 +21,21 @@
 -->
 <ruleset name="Siteor (partial)">
 
-	<target host="*.siteor.com" />
+	<target host="assets.siteor.com" />
+	<target host="fs.siteor.com" />
 	<target host="siteor.pl" />
-	<target host="*.siteor.pl" />
+	<target host="lavina.siteor.pl" />
+	<target host="secure.siteor.pl" />
+	<target host="www.siteor.pl" />
 
 
 	<securecookie host="^(?:.*\.)?siteor\.pl$" name=".+" />
 
 
-	<rule from="^https?://(?:lavina\.|(secure\.)|www\.)?siteor\.pl/"
+	<rule from="^http://(?:lavina\.|(secure\.)|www\.)?siteor\.pl/"
 		to="https://$1siteor.pl/" />
 
-	<rule from="^https?://(asset|f)s\.siteor\.com/"
+	<rule from="^http://(asset|f)s\.siteor\.com/"
 		to="https://s3-eu-west-1.amazonaws.com/$1s.siteor.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Siteparc.fr.xml b/src/chrome/content/rules/Siteparc.fr.xml
new file mode 100644
index 000000000000..76f3f1062594
--- /dev/null
+++ b/src/chrome/content/rules/Siteparc.fr.xml
@@ -0,0 +1,24 @@
+<!--
+	Nonfunctional subdomains:
+
+		- blog *
+
+	* Shows www
+
+
+	Fully covered subdomains
+
+		- (www.)?
+		- secure
+
+-->
+<ruleset name="Siteparc.fr (partial)">
+
+	<target host="siteparc.fr" />
+	<target host="secure.siteparc.fr" />
+	<target host="www.siteparc.fr" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Sitestat.xml b/src/chrome/content/rules/Sitestat.xml
index 87393313cbdf..ffc0b555e527 100644
--- a/src/chrome/content/rules/Sitestat.xml
+++ b/src/chrome/content/rules/Sitestat.xml
@@ -1,23 +1,37 @@
 <!--
-	Problematic subdomains:
+	For other comScore coverage, see ComScore.com.xml.
 
-		- (www.)	(works; mismatched, CN: *.comscore.com)
 
+	(www.)?sitestat.com: Mismatched, CN: *.comscore.com
 
-	Fully covered subdomains:
 
-		- int
+	Insecure cookies are set for these hosts: ᶜ
+
+		- fr.sitestat.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="Sitestat">
+<ruleset name="Sitestat.com (partial)">
+
+	<target host="de.sitestat.com" />
+	<target host="fr.sitestat.com" />
+	<target host="int.sitestat.com" />
+	<target host="nl.sitestat.com" />
+	<target host="se.sitestat.com" />
+	<target host="uk.sitestat.com" />
+
+		<test url="http://de.sitestat.com/dmag/001/s?" />
 
-	<target host="*.sitestat.com" />
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="fr\.sitestat\.com$" name="^(c1|s1)" /-->
 
-	<securecookie host="^.*\.sitestat\.com$" name=".*" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(de|fr|int|nl|uk)\.sitestat\.com/"
-		to="https://$1.sitestat.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Sitizens.xml b/src/chrome/content/rules/Sitizens.xml
deleted file mode 100644
index 05a21e86193f..000000000000
--- a/src/chrome/content/rules/Sitizens.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	Cert only matches ^sitizens.com
-
--->
-<ruleset name="Sitizens">
-
-	<target host="sitizens.com" />
-	<target host="*.sitizens.com" />
-
-
-	<securecookie host="^\.sitizens\.com$" name=".+" />
-
-
-	<rule from="^https?://(?:www\.)?sitizens\.com/"
-		to="https://sitizens.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Sitola.xml b/src/chrome/content/rules/Sitola.xml
index 0ecb866f5a21..81c4e720c216 100644
--- a/src/chrome/content/rules/Sitola.xml
+++ b/src/chrome/content/rules/Sitola.xml
@@ -1,13 +1,18 @@
-<ruleset name="Sitola">
 
-	<target host="sitola.cz" />
-	<target host="www.sitola.cz" />
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://sitola.cz/ => https://sitola.cz/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.sitola.cz/ => https://www.sitola.cz/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://sitola.fi.muni.cz/ => https://sitola.fi.muni.cz/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 
+-->
+<ruleset name="Sitola" default_off="failed ruleset test">
+    <target host="sitola.cz" />
+    <target host="www.sitola.cz" />
+    <target host="sitola.fi.muni.cz" />
 
-	<securecookie host="^(?:www\.)?sitola\.cz$" name=".+" />
+    <securecookie host="^(?:www\.)?sitola\.cz$" name=".+" />
 
-
-	<rule from="^http://(www\.)?sitola\.cz/"
-		to="https://$1sitola.cz/" />
-
-</ruleset>
\ No newline at end of file
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Sivers.xml b/src/chrome/content/rules/Sivers.xml
index 82fdedb12f5d..0e20071c1245 100644
--- a/src/chrome/content/rules/Sivers.xml
+++ b/src/chrome/content/rules/Sivers.xml
@@ -1,8 +1,9 @@
-<ruleset name="Sivers">
+<ruleset name="Sivers.org">
   <target host="sivers.org" />
   <target host="www.sivers.org" />
 
-  <securecookie host="^(.+\.)?sivers\.org$" name=".*"/>
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$"/>
+  <securecookie host="^(?:.+\.)?sivers\.org$" name=".+" />
 
-  <rule from="^http://(?:www\.)?sivers\.org/" to="https://sivers.org/"/>
+  <rule from="^http:" to="https:"/>
 </ruleset>
diff --git a/src/chrome/content/rules/SixApart.xml b/src/chrome/content/rules/SixApart.xml
index 33a20037cefc..eb7b4cfd74b6 100644
--- a/src/chrome/content/rules/SixApart.xml
+++ b/src/chrome/content/rules/SixApart.xml
@@ -1,11 +1,84 @@
-<ruleset name="SixApart" platform="mixedcontent">
-  <target host="sixapart.com" />
-  <target host="help.sixapart.com" />
-  <target host="www.sixapart.com" />
-  <target host="sixapart.jp" />
-  <target host="www.sixapart.jp" />
-
-  <rule from="^http://sixapart\.com/" to="https://sixapart.com/"/>
-  <rule from="^http://(help|www)\.sixapart\.com/" to="https://$1.sixapart.com/"/>
-  <rule from="^http://(?:www\.)?sixapart\.jp/" to="https://www.sixapart.jp/"/>
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://blog.sixapart.jp/ => https://blog.sixapart.jp/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	Other Six Apart rulesets:
+
+		- Movable_Type.com.xml
+		- sixapart.com.xml
+
+
+	Nonfunctional hosts in *sixapart.jp:
+
+		- media ᵈ
+
+	ᵈ Dropped
+
+
+	Problematic hosts in *sixapart.jp:
+
+		- makanai ᵐ ˣ
+
+	ᵐ Mismatched
+	ˣ Mixed css, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- .sixapart.jp
+		- mtuser.sixapart.jp
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css on makanai from $self *
+		- Images on makanai from $self *
+
+	* See https://www.paulirish.com/2010/the-protocol-relative-url/
+
+
+	STS header includes includeSubdomains
+	for ^, www
+
+	Note that ^ redirects to https, so....
+
+-->
+<ruleset name="Six Apart.jp (partial)" default_off="failed ruleset test">
+
+	<target host="sixapart.jp" />
+	<target host="*.sixapart.jp" />
+
+		<!--	includeSubdomains applies to one level only, so:
+									-->
+		<exclusion pattern="^http://(?:(?:[^./]+\.){2,}|makanai\.|media\.)sixapart\.jp/" />
+
+			<!--	+ve:
+					-->
+			<test url="http://this.host.sixapart.jp/" />
+			<test url="http://exists.net.sixapart.jp/" />
+			<test url="http://makanai.sixapart.jp/" />
+			<test url="http://media.sixapart.jp/" />
+
+		<test url="http://blog.sixapart.jp/" />
+		<test url="http://mtuser.sixapart.jp/" />
+		<test url="http://s.sixapart.jp/" />
+		<test url="http://s.sixapart.jp/sanl25814" />
+		<test url="http://www.sixapart.jp/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.sixapart\.jp$" name="^app_uid$" /-->
+	<!--securecookie host="^mtuser\.sixapart\.jp$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/SixthTone.com.xml b/src/chrome/content/rules/SixthTone.com.xml
new file mode 100644
index 000000000000..ca30e0e87e19
--- /dev/null
+++ b/src/chrome/content/rules/SixthTone.com.xml
@@ -0,0 +1,25 @@
+<!--
+	No working URL known:
+		file.sixthtone.com
+		image1.sixthtone.com
+		image2.sixthtone.com
+		image3.sixthtone.com
+		video.sixthtone.com
+
+-->
+<ruleset name="SixthTone.com">
+
+	<target host="sixthtone.com" />
+	<target host="www.sixthtone.com" />
+	<target host="file1.sixthtone.com" />
+		<test url="http://file1.sixthtone.com/css/css_elements.css" />
+	<target host="image4.sixthtone.com" />
+		<test url="http://image4.sixthtone.com/images/sendMail.svg" />
+	<target host="image5.sixthtone.com" />
+		<test url="http://image5.sixthtone.com/image/5/8/473.jpg" />
+	<target host="interaction.sixthtone.com" />
+		<test url="http://interaction.sixthtone.com/feature/2018/Melting-Away/index.html" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Sixxs.net.xml b/src/chrome/content/rules/Sixxs.net.xml
index e69c52629d13..461bb2f7fc6b 100644
--- a/src/chrome/content/rules/Sixxs.net.xml
+++ b/src/chrome/content/rules/Sixxs.net.xml
@@ -1,19 +1,12 @@
-<!--
-	Problematic domains:
-
-		- sixxs.net	(mismatched)
-
--->
-<ruleset name="Sixxs.net" platform="cacert mixedcontent">
+<ruleset name="Sixxs.net">
 
 	<target host="sixxs.net" />
-	<target host="*.sixxs.net" />
+	<target host="www.sixxs.net" />
 
 
 	<securecookie host="^\.sixxs\.net$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?sixxs\.net/"
-		to="https://www.sixxs.net/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Sizzle-Sites.xml b/src/chrome/content/rules/Sizzle-Sites.xml
index e0c84917a3e5..aa476d9286ca 100644
--- a/src/chrome/content/rules/Sizzle-Sites.xml
+++ b/src/chrome/content/rules/Sizzle-Sites.xml
@@ -1,11 +1,19 @@
-<ruleset name="Sizzle Sites">
 
-	<target host="sizzlesitesinc.com"/>
-	<target host="*.sizzlesitesinc.com"/>
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://sizzlesitesinc.com/ => https://sizzlesitesinc.com/: (35, 'Unknown SSL protocol error in connection to sizzlesitesinc.com:443 ')
+Fetch error: http://www.sizzlesitesinc.com/ => https://www.sizzlesitesinc.com/: (35, 'Unknown SSL protocol error in connection to www.sizzlesitesinc.com:443 ')
 
-	<securecookie host="^(.*\.)sizzlesitesinc\.com$" name=".*"/>
+Disabled by https-everywhere-checker because:
+Fetch error: http://sizzlesitesinc.com/ => https://sizzlesitesinc.com/: (35, 'Unknown SSL protocol error in connection to sizzlesitesinc.com:443 ')
+-->
+<ruleset name="Sizzle Sites" default_off="failed ruleset test">
 
-	<rule from="^http://(www\.)?sizzlesitesinc\.com/"
-		to="https://$1sizzlesitesinc.com/"/>
+	<target host="sizzlesitesinc.com" />
+	<target host="www.sizzlesitesinc.com" />
+
+	<securecookie host="^(?:.*\.)sizzlesitesinc\.com$" name=".+" />
+
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/SizzleJS.com.xml b/src/chrome/content/rules/SizzleJS.com.xml
new file mode 100644
index 000000000000..a69c3af1831c
--- /dev/null
+++ b/src/chrome/content/rules/SizzleJS.com.xml
@@ -0,0 +1,18 @@
+<!--
+	For other jQuery Foundation coverage, see JQuery.org.xml.
+
+-->
+<ruleset name="SizzleJS.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="sizzlejs.com" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Sk-nic.sk.xml b/src/chrome/content/rules/Sk-nic.sk.xml
new file mode 100644
index 000000000000..3387edcab9fe
--- /dev/null
+++ b/src/chrome/content/rules/Sk-nic.sk.xml
@@ -0,0 +1,6 @@
+<ruleset name="Sk-nic.sk">
+  <target host="sk-nic.sk" />
+  <target host="www.sk-nic.sk" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Skandiabanken.xml b/src/chrome/content/rules/Skandiabanken.xml
deleted file mode 100644
index 790454d238bc..000000000000
--- a/src/chrome/content/rules/Skandiabanken.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="Skandiabanken">
-  <target host="skandiabanken.no" />
-  <target host="www.skandiabanken.no" />
-  <target host="secure.skandiabanken.no" />
-  <target host="trader.skandiabanken.no" />
-
-	<rule from="^http://(?:www\.)?skandiabanken\.no/" to="https://www.skandiabanken.no/"/>
-	<rule from="^http://secure\.skandiabanken\.no/" to="https://secure.skandiabanken.no/"/>
-	<rule from="^http://trader\.skandiabanken\.no/" to="https://trader.skandiabanken.no/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/Skanetrafiken.se.xml b/src/chrome/content/rules/Skanetrafiken.se.xml
index 3bd9894c0aa5..2caad0d793bd 100644
--- a/src/chrome/content/rules/Skanetrafiken.se.xml
+++ b/src/chrome/content/rules/Skanetrafiken.se.xml
@@ -1,16 +1,25 @@
-<!--
-    Unsupported domains:
-    
-    www.reseplaneraren.skanetrafiken.se     (cannot establish connection)
--->
-<ruleset name="Skanetrafiken.se">
-  <target host="skanetrafiken.se"/>
-  <target host="www.skanetrafiken.se"/>
-  <target host="shop.skanetrafiken.se"/>
-  <target host="www.shop.skanetrafiken.se"/>
-
-  <securecookie host="skanetrafiken\.se$" name=".*"/>
-  <securecookie host="\.skanetrafiken\.se$" name=".*"/>
-  
-  <rule from="^https?://(?:www\.)?([^\.]+\.)?skanetrafiken.se/" to="https://www.$1skanetrafiken.se/"/>
-</ruleset>
\ No newline at end of file
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://shop.skanetrafiken.se/ => https://www.shop.skanetrafiken.se/: (51, "SSL: no alternative certificate subject name matches target host name 'www.shop.skanetrafiken.se'")
+Fetch error: http://www.shop.skanetrafiken.se/ => https://www.shop.skanetrafiken.se/: (51, "SSL: no alternative certificate subject name matches target host name 'www.shop.skanetrafiken.se'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://skanetrafiken.se/ => https://www.skanetrafiken.se/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.skanetrafiken.se/ => https://www.skanetrafiken.se/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://shop.skanetrafiken.se/ => https://www.shop.skanetrafiken.se/: (6, 'Could not resolve host: shop.skanetrafiken.se')
+    Unsupported domains:
+
+    www.reseplaneraren.skanetrafiken.se     (cannot establish connection)
+-->
+<ruleset name="Skanetrafiken.se" default_off="failed ruleset test">
+  <target host="skanetrafiken.se"/>
+  <target host="www.skanetrafiken.se"/>
+  <target host="shop.skanetrafiken.se"/>
+  <target host="www.shop.skanetrafiken.se"/>
+
+  <securecookie host="skanetrafiken\.se$" name=".+" />
+  <securecookie host="\.skanetrafiken\.se$" name=".+" />
+
+  <rule from="^http://(?:www\.)?([^\.]+\.)?skanetrafiken\.se/" to="https://www.$1skanetrafiken.se/"/>
+</ruleset>
diff --git a/src/chrome/content/rules/Skat.dk.xml b/src/chrome/content/rules/Skat.dk.xml
index 9d866e7d6431..9e2b3dd415eb 100644
--- a/src/chrome/content/rules/Skat.dk.xml
+++ b/src/chrome/content/rules/Skat.dk.xml
@@ -1,6 +1,37 @@
+<!--
+
+	Problematic subdomains:
+
+		- extranet.demo ⁴
+		- lagerhotel ¹
+		- www.lagerhotel ¹
+		- tarif ²
+		- www.tarif ²
+		- vita ²
+		- www.vurdering ³
+
+	¹: CN mismatched
+	²: Connection refused
+	³: Connection times out
+	⁴: Redirects to different site
+
+-->
 <ruleset name="Skat.dk">
-  <target host="skat.dk" />
-  <target host="www.skat.dk" />
 
-  <rule from="^http://(www\.)?skat\.dk/" to="https://www.skat.dk/" />
+	<target host="skat.dk" />
+	<target host="www.skat.dk" />
+
+	<target host="export.skat.dk" />
+		<test url="http://export.skat.dk/current_frontend/" />
+	<target host="extranet.skat.dk" />
+	<target host="inddrivelse.skat.dk" />
+		<test url="http://inddrivelse.skat.dk/efi-front/efi-fordringshaver.portal" />
+	<target host="motorregister.skat.dk" />
+	<target host="pdcs.skat.dk" />
+	<target host="tastselv.skat.dk" />
+	<target host="www.tastselv.skat.dk" />
+
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/SkateMall.xml b/src/chrome/content/rules/SkateMall.xml
index bf42c00f74de..19448ad37dcc 100644
--- a/src/chrome/content/rules/SkateMall.xml
+++ b/src/chrome/content/rules/SkateMall.xml
@@ -1,14 +1,9 @@
-<!--
-	Some pages redirect to http.
-
--->
-<ruleset name="SkateMall (partial)">
+<ruleset name="SkateMall (partial)" default_off="timeout">
 
 	<target host="skatemall.com" />
 	<target host="www.skatemall.com" />
 
+	<rule from="^http:"
+		to="https:" />
 
-	<rule from="^http://(www\.)?skatemall\.com/((?:cart|checkout|login|order-lookup)\.aspx|controls/|images/|img/|(?:Script|Web)Resource\.axd|scripts/|themes/)"
-		to="https://$1skatemall.com/$2" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Skatteministeriet.xml b/src/chrome/content/rules/Skatteministeriet.xml
index 115123ec16e6..e3f661bd4159 100644
--- a/src/chrome/content/rules/Skatteministeriet.xml
+++ b/src/chrome/content/rules/Skatteministeriet.xml
@@ -8,7 +8,7 @@
 	<target host="www.skm.dk" />
 
 
-	<rule from="^https?://(?:www\.)?skm\.dk/(css|gfx|js|public)/"
+	<rule from="^http://(?:www\.)?skm\.dk/(css|gfx|js|public)/"
 		to="https://www.skm.dk/$1/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Skatteverket.se.xml b/src/chrome/content/rules/Skatteverket.se.xml
new file mode 100644
index 000000000000..10bd3594c2b9
--- /dev/null
+++ b/src/chrome/content/rules/Skatteverket.se.xml
@@ -0,0 +1,10 @@
+<ruleset name="Skatteverket">
+	<target host="skatteverket.se" />
+	<target host="www.skatteverket.se" />
+	<target host="www4.skatteverket.se" />
+	<target host="sso.skatteverket.se" />
+
+	<!-- root domain does not support https, redirect -->
+	<rule from="^http://skatteverket\.se/" to="https://www.skatteverket.se/"/>
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Skch.me.xml b/src/chrome/content/rules/Skch.me.xml
index fc6abf8184c1..68e7a781fe39 100644
--- a/src/chrome/content/rules/Skch.me.xml
+++ b/src/chrome/content/rules/Skch.me.xml
@@ -5,13 +5,14 @@
 <ruleset name="Skch.me" default_off="self-signed" platform="mixedcontent">
 
 	<target host="skch.me" />
-	<target host="*.skch.me" />
+	<target host="wins.skch.me" />
+	<target host="www.skch.me" />
 
 
 	<securecookie host="^wins\.skch\.me$" name=".+" />
 
 
-	<rule from="^https?://(?:(wins\.)|www\.)?skch\.me/"
+	<rule from="^http://(?:(wins\.)|www\.)?skch\.me/"
 		to="https://$1skch.me/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Skeptic.org.uk.xml b/src/chrome/content/rules/Skeptic.org.uk.xml
index 379309a349be..f3461d29e000 100644
--- a/src/chrome/content/rules/Skeptic.org.uk.xml
+++ b/src/chrome/content/rules/Skeptic.org.uk.xml
@@ -1,3 +1,14 @@
+<!--
+	Mixed content:
+
+		- Images, from:
+
+			- $self *
+			- maps.google.co.uk *
+
+	* Secured by us
+
+-->
 <ruleset name="Skeptic.org.uk">
 
 	<target host="skeptic.org.uk" />
@@ -7,7 +18,6 @@
 	<securecookie host="^www\.skeptic\.org\.uk$" name=".+" />
 
 
-	<rule from="^http://(www\.)?skeptic\.org\.uk/"
-		to="https://$1skeptic.org.uk/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Skeptic.xml b/src/chrome/content/rules/Skeptic.xml
index 4fa74f2e2aff..9db18a03eaeb 100644
--- a/src/chrome/content/rules/Skeptic.xml
+++ b/src/chrome/content/rules/Skeptic.xml
@@ -3,7 +3,6 @@
 	<target host="shop.skeptic.com" />
 
 
-	<rule from="^http://shop\.skeptic\.com/"
-		to="https://shop.skeptic.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Skeptic_Ink.com.xml b/src/chrome/content/rules/Skeptic_Ink.com.xml
index 0ebbd4d31148..4ddc992409aa 100644
--- a/src/chrome/content/rules/Skeptic_Ink.com.xml
+++ b/src/chrome/content/rules/Skeptic_Ink.com.xml
@@ -1,19 +1,12 @@
-<!--
-	Problematic subdomains:
-
-		- ^	(http reply)
-
--->
-<ruleset name="Skeptic Ink.com">
+<ruleset name="Skeptic Ink.com" default_off="mismatched">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="skepticink.com" />
-	<target host="*.skepticink.com" />
-
-
-	<securecookie host="^\.skepticink\.com$" name=".+" />
+	<target host="www.skepticink.com" />
 
 
-	<rule from="^http://(?:www\.)?skepticink\.com/"
-		to="https://www.skepticink.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Skeptical_Science.xml b/src/chrome/content/rules/Skeptical_Science.xml
index d4ad03f3e3df..313e588c6053 100644
--- a/src/chrome/content/rules/Skeptical_Science.xml
+++ b/src/chrome/content/rules/Skeptical_Science.xml
@@ -1,7 +1,18 @@
 <!--
 	Mixed content:
 
-		- Images on www from www *
+		- Videos from www.youtube.com *
+
+		- Images, from:
+
+			- www *
+			- \d.bp.blogspot.com *
+
+		- Web bugs, from:
+
+			- ^ *
+			- s7.addthis.com *
+			- static.1.rp-api.com *
 
 	* Secured by us
 
@@ -15,7 +26,6 @@
 	<securecookie host="^(?:www\.)?skepticalscience\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?skepticalscience\.com/"
-		to="https://$1skepticalscience.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/SkepticsAnnotatedBible.com.xml b/src/chrome/content/rules/SkepticsAnnotatedBible.com.xml
new file mode 100644
index 000000000000..760cba38966f
--- /dev/null
+++ b/src/chrome/content/rules/SkepticsAnnotatedBible.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="SkepticsAnnotatedBible.com">
+	<target host="skepticsannotatedbible.com" />
+	<target host="www.skepticsannotatedbible.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Sketch.systems.xml b/src/chrome/content/rules/Sketch.systems.xml
new file mode 100644
index 000000000000..2b46e38b9422
--- /dev/null
+++ b/src/chrome/content/rules/Sketch.systems.xml
@@ -0,0 +1,9 @@
+<ruleset name="Sketch.systems">
+	<target host="sketch.systems" />
+	<target host="www.sketch.systems" />
+	<target host="talk.sketch.systems" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SketchThemes.com.xml b/src/chrome/content/rules/SketchThemes.com.xml
new file mode 100644
index 000000000000..867b330f8332
--- /dev/null
+++ b/src/chrome/content/rules/SketchThemes.com.xml
@@ -0,0 +1,40 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .sketchthemes.com
+
+
+	Mixed content:
+
+		- css from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="SketchThemes.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="sketchthemes.com" />
+	<target host="www.sketchthemes.com" />
+
+		<!--	Sets cookie without Secure & mixed css:
+								-->
+		<test url="http://www.sketchthemes.com/helpdesk/index.php?act=tickets&amp;code=open" />
+
+		<!--	Sets cookie without Secure:
+							-->
+		<test url="http://www.sketchthemes.com/members/member/index" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.sketchthemes\.com$" name="^(?:PHPSESSID|skt_hdsid)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Sketchfab.com.xml b/src/chrome/content/rules/Sketchfab.com.xml
new file mode 100644
index 000000000000..8d6019a987b4
--- /dev/null
+++ b/src/chrome/content/rules/Sketchfab.com.xml
@@ -0,0 +1,40 @@
+<!--
+	Nonfunctional hosts:
+
+		- blog ¹
+		- forum ²
+
+	¹ Refused
+	² Plaintext reply
+
+
+	Fully covered hosts in *sketchfab.com:
+
+		- (www.)?
+
+
+	Insecure cookies are set for these hosts:
+
+		- sketchfab.com
+		- www.sketchfab.com
+
+-->
+<ruleset name="Sketchfab.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="sketchfab.com" />
+	<target host="www.sketchfab.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?sketchfab\.com$" name="^(token_api|user_uid)$" /-->
+
+	<securecookie host="^(?:www\.)?sketchfab\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Skillclub.com.xml b/src/chrome/content/rules/Skillclub.com.xml
new file mode 100644
index 000000000000..69dc740ab2af
--- /dev/null
+++ b/src/chrome/content/rules/Skillclub.com.xml
@@ -0,0 +1,13 @@
+<!--
+	cluster-1: Mismatched
+
+-->
+<ruleset name="skillclub.com">
+
+	<target host="cluster-1.skillclub.com" />
+
+
+	<rule from="^http://cluster-1\.skillclub\.com/"
+		to="https://plarium.hs.llnwd.net/v1//" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Skills_Matter.com.xml b/src/chrome/content/rules/Skills_Matter.com.xml
index 6a1e46d33067..bf1a402cb584 100644
--- a/src/chrome/content/rules/Skills_Matter.com.xml
+++ b/src/chrome/content/rules/Skills_Matter.com.xml
@@ -1,7 +1,4 @@
 <!--
-	Cert only matches ^skillsmatter.com.
-
-
 	Mixed content:
 
 		- Images on ^ from ^ *
@@ -15,10 +12,9 @@
 	<target host="www.skillsmatter.com" />
 
 
-	<securecookie host="^skillsmatter\.com$" name=".+" />
+	<securecookie host="^(?:www\.)?skillsmatter\.com$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?skillsmatter\.com/"
-		to="https://skillsmatter.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/SkimLinks-problematic.xml b/src/chrome/content/rules/SkimLinks-problematic.xml
deleted file mode 100644
index 7248a844a320..000000000000
--- a/src/chrome/content/rules/SkimLinks-problematic.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<!--
-	For rules that are on by default, see SkimLinks.xml.
-
--->
-<ruleset name="SkimLinks (problematic)" default_off="mismatched">
-
-	<target host="redirect.skimlinks.com" />
-
-
-	<rule from="^http://redirect\.skimlinks\.com/"
-		to="https://redirect.skimlinks.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/SkimLinks.xml b/src/chrome/content/rules/SkimLinks.xml
index 7bac47761100..e42cbcccd058 100644
--- a/src/chrome/content/rules/SkimLinks.xml
+++ b/src/chrome/content/rules/SkimLinks.xml
@@ -1,17 +1,30 @@
+
 <!--
-	For problematic rules, see SkimLinks-problematic.xml.
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://info.skimlinks.com/css/mktLPSupport.css (200) => https://na-lon03.marketo.com/css/mktLPSupport.css (403)
+Non-2xx HTTP code: http://info.skimlinks.com/rs/skimbitltd/images/bg.jpg (200) => https://na-lon03.marketo.com/rs/skimbitltd/images/bg.jpg (403)
+
+	Other SkimLinks rulesets:
+
+		- redirectingat.com.xml
+		- Skimresources.com.xml
 
 
 	Problematic subdomains:
 
-		- redirect		(works, mismatched, CN: *.skimresources.com)
+		- redirect		(works, mismatched)
 
 
 	Nonfunctional subdomains:
 
-		- api-product
-		- api-products
+		- api-product ¹
+		- api-products ¹
 		- arthur	(times out)
+		- info		(Marketo)
+		- support ⁴
+
+	¹ Refused
+	⁴ Zendesk
 
 
 	Observed working subdomains:
@@ -21,35 +34,85 @@
 		- api-merchants
 		- blog
 		- events
+		- hub
 		- labs
 		- ocelot
 		- press
 		- scoop
+		- signup
+
+
+	Insecure cookies are set for these domains:  ᶜ
+
+		- .skimlinks.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="SkimLinks (partial)">
+<ruleset name="SkimLinks.com (partial)" default_off="failed ruleset test">
 
 	<target host="skimlinks.com" />
 	<target host="*.skimlinks.com" />
-		<exclusion pattern="^https?://api-products?\.skimlinks\.com/(?!$|\?.*)" />
-		<exclusion pattern="^http://(?:arthur|redirect)\." />
-		<exclusion pattern="^https?://support\.skimlinks\.com/(?!(?:assets|external|generated|images|registration|system)/)" />
-	<target host="*.skimresources.com" />
 
+		<exclusion pattern="^http://(?:api-products?|arthur|(?:[^./]+\.)+[^./]+)\.skimlinks.com/" />
+
+			<test url="http://api-product.skimlinks.com/" />
+			<test url="http://api-products.skimlinks.com/" />
+			<test url="http://arthur.skimlinks.com/" />
+			<test url="http://this.host.skimlinks.com/" />
+			<test url="http://exists.not.skimlinks.com/" />
+			<test url="http://honestly.this.host.skimlinks.com/" />
+			<test url="http://honestly.exists.not.skimlinks.com/" />
+
+		<exclusion pattern="^http://info\.skimlinks\.com/(?!/*(?:$|\?|css/|images/|rs/))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://info.skimlinks.com/BestPracticeGuide.html" />
+			<test url="http://info.skimlinks.com/BestPracticeGuide.html?foo" />
+			<test url="http://info.skimlinks.com//BestPracticeGuide.html" />
+			<test url="http://info.skimlinks.com/Shoppable-Content-Guide.html" />
+			<test url="http://info.skimlinks.com//Shoppable-Content-Guide.html" />
+			<test url="http://info.skimlinks.com/SmartAttribution.html" />
+			<test url="http://info.skimlinks.com/SmartAttribution.html?bar" />
+			<test url="http://info.skimlinks.com//SmartAttribution.html" />
+
+			<!--	-ve:
+					-->
+			<test url="http://info.skimlinks.com/css/mktLPSupport.css" />
+			<test url="http://info.skimlinks.com/rs/skimbitltd/images/bg.jpg" />
+
+		<test url="http://hub.skimlinks.com/" />
+		<test url="http://signup.skimlinks.com/" />
+		<test url="http://www.skimlinks.com/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.skimlinks\.com$" name="^skimsession$" /-->
 
 	<securecookie host="^\.skimlinks\.com$" name=".+" />
 
 
-	<rule from="^https?://api-products?\.skimlinks\.com/(?:\?.*)?"
+	<rule from="^http://info\.skimlinks\.com/+(?:\?.*)?$"
 		to="https://skimlinks.com/" />
 
-	<rule from="^https?://support\.skimlinks\.com/"
-		to="https://skimlinks.zendesk.com/" />
+		<test url="http://info.skimlinks.com/?f" />
+		<test url="http://info.skimlinks.com/?o" />
+		<test url="http://info.skimlinks.com//?o" />
+		<test url="http://info.skimlinks.com/?b" />
+		<test url="http://info.skimlinks.com/?a" />
+		<test url="http://info.skimlinks.com/?r" />
+
+	<rule from="^http://info\.skimlinks\.com/"
+		to="https://na-lon03.marketo.com/" />
+
+	<rule from="^http://redirect\.skimlinks\.com/"
+		to="https://go.redirectingat.com/" />
 
-	<rule from="^http://([\w-]+\.)?skimlinks\.com/"
-		to="https://$1skimlinks.com/" />
+		<test url="http://redirect.skimlinks.com/?id=76434X1526786&amp;xs=1&amp;url=http%3A%2F%2Fwww.amazon.com%2Fgp%2Fproduct%2FB00IEYHMIM" />
 
-	<rule from="^http://(r|s)\.skimresources\.com/"
-		to="https://$1.skimresources.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Skimresources.com.xml b/src/chrome/content/rules/Skimresources.com.xml
new file mode 100644
index 000000000000..132216b76bb4
--- /dev/null
+++ b/src/chrome/content/rules/Skimresources.com.xml
@@ -0,0 +1,30 @@
+<!--
+	For other SkimLinks coverage, see SkimLinks.xml.
+
+
+	Insecure cookies are set for these domains: ᶜ
+
+		- .skimresources.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Skimresources.com">
+
+	<target host="p.skimresources.com" />
+	<target host="r.skimresources.com" />
+	<target host="s.skimresources.com" />
+	<target host="x.skimresources.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.skimresources\.com$" name="^(skimGUID|skimSESS)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Skinflint.xml b/src/chrome/content/rules/Skinflint.xml
index 0ac60db8f3e4..71281576bc40 100644
--- a/src/chrome/content/rules/Skinflint.xml
+++ b/src/chrome/content/rules/Skinflint.xml
@@ -8,7 +8,6 @@
 	<target host="www.skinflint.co.uk" />
 
 
-	<rule from="^http://(www\.)?skinflint\.co\.uk/"
-		to="https://$1skinflint.co.uk/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Skins.cash.xml b/src/chrome/content/rules/Skins.cash.xml
new file mode 100644
index 000000000000..5a71aea0bc01
--- /dev/null
+++ b/src/chrome/content/rules/Skins.cash.xml
@@ -0,0 +1,9 @@
+<ruleset name="Skins.cash">
+	<target host="skins.cash" />
+	<target host="www.skins.cash" />
+	<target host="latest.skins.cash" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Skitch.xml b/src/chrome/content/rules/Skitch.xml
index b43546af76a1..97bc21d0a711 100644
--- a/src/chrome/content/rules/Skitch.xml
+++ b/src/chrome/content/rules/Skitch.xml
@@ -6,12 +6,12 @@
 -->
 <ruleset name="Skitch">
   <target host="skitch.com" />
-  <target host="*.skitch.com" />
+  <target host="www.skitch.com" />
+  <target host="img.skitch.com" />
 
-	<securecookie host="^(.*\.)?skitch\.com$" name=".*"/>
+	<securecookie host=".+" name=".+"/>
 
   <rule from="^http://(?:www\.)?skitch\.com/"
           to="https://skitch.com/" />
-  <rule from="^http://img\.skitch\.com/"
-          to="https://img.skitch.com/" />
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Sklik.cz.xml b/src/chrome/content/rules/Sklik.cz.xml
new file mode 100644
index 000000000000..1ca8d8287127
--- /dev/null
+++ b/src/chrome/content/rules/Sklik.cz.xml
@@ -0,0 +1,12 @@
+<!--
+    For other Seznam.cz coverage, see Seznam.cz.xml.
+-->
+<ruleset name="Sklik.cz">
+    <target host="sklik.cz" />
+    <target host="www.sklik.cz" />
+    <target host="api.sklik.cz" />
+    <target host="retargeting.sklik.cz" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Skoop.xml b/src/chrome/content/rules/Skoop.xml
deleted file mode 100644
index ceff62ea1132..000000000000
--- a/src/chrome/content/rules/Skoop.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="The Skoop">
-
-	<target host="theskoop.ca" />
-	<target host="www.theskoop.ca" />
-
-
-	<securecookie host="^(?:www\.)?theskoop\.ca$" name=".+" />
-
-
-	<rule from="^http://(www\.)?theskoop\.ca/"
-		to="https://$1theskoop.ca/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Skrill.com.xml b/src/chrome/content/rules/Skrill.com.xml
index e1aa0e6937d8..fdb4608a0036 100644
--- a/src/chrome/content/rules/Skrill.com.xml
+++ b/src/chrome/content/rules/Skrill.com.xml
@@ -1,4 +1,15 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://help.skrill.com/ => https://help.skrill.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://sso.skrill.com/ => https://sso.skrill.com/: (52, 'Empty reply from server')
+
+-->
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://sso.skrill.com/ => https://sso.skrill.com/: (7, 'Failed to connect to sso.skrill.com port 80: Connection refused')
+
 	Other Skrill rulesets:
 
 		- Moneybookers.xml
@@ -6,27 +17,25 @@
 
 	Fully covered subdomains:
 
-		- (www.)	(^ → www)
+		- (www.)
 		- account
 		- sso
+		- help
 
 -->
-<ruleset name="Skrill.com">
+<ruleset name="Skrill.com" default_off="failed ruleset test">
 
 	<target host="skrill.com" />
-	<target host="*.skrill.com" />
 
+	<target host="account.skrill.com" />
+	<target host="help.skrill.com" />
+	<target host="sso.skrill.com" />
+	<target host="www.skrill.com" />
 
-	<securecookie host=".*\.skrill\.com$" name=".+" />
 
+	<securecookie host=".*\.skrill\.com$" name=".+" />
 
-	<!--	^ redirects to www over http,
-		so copy that behavior:
-					-->
-	<rule from="^http://(?:www\.)?skrill\.com/"
-		to="https://www.skrill.com/" />
 
-	<rule from="^http://(account|sso)\.skrill\.com/"
-		to="https://$1.skrill.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Skrilnetz.net.xml b/src/chrome/content/rules/Skrilnetz.net.xml
new file mode 100644
index 000000000000..052c9fd335e9
--- /dev/null
+++ b/src/chrome/content/rules/Skrilnetz.net.xml
@@ -0,0 +1,34 @@
+<!--
+	www.skrilnetz.net: Expired, mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- skrilnetz.net
+
+-->
+<ruleset name="skrilnetz.net">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="skrilnetz.net" />
+
+	<!--	Complications:
+				-->
+	<target host="www.skrilnetz.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^skrilnetz\.net$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^skrilnetz\.net$" name=".+" />
+
+
+	<rule from="^http://www\.skrilnetz\.net/"
+		to="https://skrilnetz.net/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SkullSecurity.org.xml b/src/chrome/content/rules/SkullSecurity.org.xml
new file mode 100644
index 000000000000..90d34a265681
--- /dev/null
+++ b/src/chrome/content/rules/SkullSecurity.org.xml
@@ -0,0 +1,16 @@
+<ruleset name="SkullSecurity.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="skullsecurity.org" />
+	<target host="*.skullsecurity.org" />
+
+		<test url="http://blog.skullsecurity.org/" />
+		<test url="http://blogdata.skullsecurity.org/" />
+		<test url="http://www.skullsecurity.org/" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Sky-ip.org.xml b/src/chrome/content/rules/Sky-ip.org.xml
new file mode 100644
index 000000000000..87b916654ff3
--- /dev/null
+++ b/src/chrome/content/rules/Sky-ip.org.xml
@@ -0,0 +1,19 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://sky-ip.org/ => https://www.sky-ip.org/: (7, 'Failed to connect to www.sky-ip.org port 443: Connection refused')
+Fetch error: http://www.sky-ip.org/ => https://www.sky-ip.org/: (7, 'Failed to connect to www.sky-ip.org port 443: Connection refused')
+
+	^: Cert only matches www
+
+-->
+<ruleset name="Sky-ip.org" default_off="failed ruleset test">
+
+	<target host="sky-ip.org" />
+	<target host="www.sky-ip.org" />
+
+
+	<rule from="^http://(?:www\.)?sky-ip\.org/"
+		to="https://www.sky-ip.org/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Sky.com.xml b/src/chrome/content/rules/Sky.com.xml
index 52a030170c9f..2fe9764a2cde 100644
--- a/src/chrome/content/rules/Sky.com.xml
+++ b/src/chrome/content/rules/Sky.com.xml
@@ -1,133 +1,220 @@
+
 <!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Fetch error: http://tv.help.sky.com/ => https://tv.help.sky.com/: (51, "SSL: no alternative certificate subject name matches target host name 'tv.help.sky.com'")
+Fetch error: http://newsletter.sky.com/ => https://newsletter.sky.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://secure.api.search.sky.com/ => https://secure.api.search.sky.com/: (35, 'error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol')
+Fetch error: http://shop.sky.com/ => https://shop.sky.com/: (6, 'Could not resolve host: shop.sky.com')
+Fetch error: http://teachers.sky.com/ => https://teachers.sky.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.teachers.sky.com/ => https://teachers.sky.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+
 	Other Sky rulesets:
 
 		- SkyViewingHelp.com.xml
+		- Sky_Academy.com.xml
 
 
 	CDN buckets:
 
 		- skyidassets-a.akamaihd.net
-
-		- f.chtah.com
-
-			- f.newsletter.sky.com
-
+		- skystorage-a.akamaihd.net
+		- f.chtah.com		← f.newsletter.sky.com
 		- assets.sky.com.edgekey.net
 		- help.sky.com.edgesuite.net
-
-		- prod-diagnostics.herokuapp.com
-
-			- diagnostics.herokuapp.com
-
-		- bskyb.lithium.com
-
-			- helpforum.sky.com
-
-		- sky.com.d1.sc.omtrdc.net
-
-			- metrics.sky.com
-
-
-	Nonfunctional domains:
-
-		- sky.com subdomains:
-
-			- epgstatic *
-			- news *
-			- assets.search **
-			- sky1 *
-			- skyarts *
-			- skyatlantic *
-			- skyliving *
-			- skymovies *
-			- static **
-			- prod.entertainment.telly *
-			- tv *
-			- www *
-
-		- media.skynews.com *
-		- www.skysports.com **
-
-	* 504, akamai
-	** Dropped
-
-
-	Problematic domains:
-
-		- diagnostics.sky.com	(mismatched, CN: *.herokuapp.com)
-		- help.sky.com		(works, akamai)
-		- metrics.sky.com	(mismatched, CN: *.d1.sc.omtrdc.net)
-		- f.newsletter.sky.com		(works; mismatched, CN: *.chtah.com)
-		- reg.newsletter.sky.com	(works; mismatched, CN: *.cheetahmail.com)
-
-
-	Partially covered domains:
-
-		- go.sky.com *
-		- help.sky.com	(→ akamai)
-		- livingforsport.skysports.com *
-
-	* Some pages redirect to http
-
-
-	Fully covered domains:
-
-		- sky.com subdomains:
-
-			- accessibility
-			- accessories
-			- activatemychannels
-			- assets
-			- business
-			- buy
-			- contactus
-			- customerrewards
-			- diagnostics	(→ prod-diagnostics.herokuapp.com)
-			- global
-			- helpforum
-			- interest
-			- metrics	(→ sky-com.d1.sc.omtrdc.net)
-			- my
-			- myaccount
-			- myhelprequests
-			- myorders
-			- mysky
-			- newmysky
-			- rainforestrescue
-			- rewards
-			- secure.suggest.search
-			- secure
-			- skyid
-			- smetrics
-			- staging-assets
+		- prod-diagnostics.herokuapp.com	← diagnostics.herokuapp.com
+		- bskyb.lithium.com		← helpforum.sky.com
+		- sky.com.d1.sc.omtrdc.net	← metrics.sky.com
+
+
+	Nonfunctional hosts in *sky.com:
+
+		- epgservices ⁵
+		- epgstatic ⁵
+		- go ⁵
+		- help ʰ
+		- news ʰ
+		- assets.search ᵈ
+		- sky1 ⁵
+		- skyarts ⁵
+		- skyatlantic ⁵
+		- skyline	Differs from http
+		- skyliving ⁵
+		- skymovies ⁵
+		- staging-assets ⁵
+		- static ᵈ
+		- prod.entertainment.telly ⁵
+		- tickets	502
+		- tv ⁵
+		- customerrewards.sky.com ᵉ
+		- newmysky.sky.com ᵉ
+		- register.sky.com ᵉ
+
+	⁵ 504
+	ᵈ Dropped
+	ʰ Redirects to http
+	ᵉ Expired Certificate
+
+
+	Problematic hosts in *sky.com:
+
+		- ^ ᵖ
+		- accessibility ᶜ
+		- broadband.diagnostics ᵐ
+		- interest ᵐ
+		- metrics ᵐ
+		- ebm.newsletter ᵐ	(CN: *.cheetahmail.com)
+		- f.newsletter ᵐ	(CN: *.chtah.com)
+		- reg.newsletter ᵐ	(CN: *.cheetahmail.com)
+		- suggest.search ᵐ
+		- skymovies ᵐ
+		- www.teachers ᵐ
+		- trackmyorder ᵐ
+
+	ᶜ Missing certificate chain
+	ᵖ Redirects to http
+	ᵐ Mismatched
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- corporate from proxy.video.sky.com *
+			- corporate from static.video.sky.com *
+
+		- activatemychannels from metrics.sky.com *
+
+	* Secured by us
 
 -->
-<ruleset name="Sky.com (partial)">
-
-	<target host="*.sky.com" />
-		<exclusion pattern="^http://go\.sky\.com/(?!favicon\.ico|resources/|SVOD/|vod/content/Home/Application_Navigation/Sign_in/|vod/page/signUp\.do)" />
-		<exclusion pattern="^http://livingforsport\.skysports\.com/(?!assets/|static/|user/)" />
-
+<ruleset name="Sky.com (partial)" >
+
+	<!--	Direct rewrites:
+				-->
+	<!--target host="accessibility.sky.com" /-->
+	<target host="accessories.sky.com" />
+	<target host="activatemychannels.sky.com" />
+	<target host="assets.sky.com" />
+	<target host="business.sky.com" />
+	<target host="buy.sky.com" />
+	<target host="careers.sky.com" />
+	<target host="communaltv.sky.com" />
+	<target host="contactus.sky.com" />
+	<target host="corporate.sky.com" />
+	<target host="diagnostics.sky.com" />
+	<target host="global.sky.com" />
+	<target host="web-toolkit.global.sky.com" />
+	<!-- target host="tv.help.sky.com" /-->
+	<target host="helpforum.sky.com" />
+	<target host="player.sky.com" />
+	<target host="my.sky.com" />
+	<target host="myaccount.sky.com" />
+	<target host="myhelprequests.sky.com" />
+	<target host="myorders.sky.com" />
+	<target host="mysky.sky.com" />
+	<!-- target host="newsletter.sky.com" /-->
+	<target host="payments.sky.com" />
+	<target host="content.ott.sky.com" />
+	<target host="photos.sky.com" />
+	<target host="rainforestrescue.sky.com" />
+	<target host="rewards.sky.com" />
+
+	<!-- target host="secure.api.search.sky.com" /-->
+	<target host="secure.suggest.search.sky.com" />
+
+	<target host="secure.sky.com" />
+	<target host="servicestatus.sky.com" />
+	<!-- target host="shop.sky.com" /-->
+	<target host="skyid.sky.com" />
+	<target host="smetrics.sky.com" />
+	<!-- target host="teachers.sky.com" /-->
+	<target host="proxy.video.sky.com" />
+	<target host="static.video.sky.com" />
+	<target host="www.sky.com" />
+
+	<!--	Complications:
+				-->
+	<target host="sky.com" />
+	<target host="metrics.sky.com" />
+	<target host="f.newsletter.sky.com" />
+	<target host="suggest.search.sky.com" />
+	<!-- target host="www.teachers.sky.com" /-->
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.sky\.com/(?:academy/home$|cycling$|helpcentre/$|ireland$|mysky/$|quickbuy/new$|shop(?:/?$|customer-shop/$|skycom/404$)|sitemap$|skyq/$|vote$)" /-->
+		<!--
+			More generally:
+					-->
+		<!--exclusion pattern="^http://www\.sky\.com/(?:academy|cycling|helpcentre|ireland|mysky|quickbuy|shop|sitemap|skyq|vote)(?:$|[?/])" /-->
+		<!--
+			...let's go with a "whitelist" for now...
+								-->
+		<exclusion pattern="^http://www\.sky\.com/+(?!$|\?|(?:findandwatch|tv|watch)(?:$|[?/]))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.sky.com/academy/home" />
+			<test url="http://www.sky.com/cycling" />
+			<test url="http://www.sky.com/helpcentre/" />
+			<test url="http://www.sky.com/ireland" />
+			<test url="http://www.sky.com/mysky/" />
+			<test url="http://www.sky.com/quickbuy/new" />
+			<test url="http://www.sky.com/shop" />
+			<test url="http://www.sky.com/shop/customer-shop/" />
+			<test url="http://www.sky.com/shop/store-locator/" />
+			<test url="http://www.sky.com/sitemap" />
+			<test url="http://www.sky.com/skyq/" />
+			<test url="http://www.sky.com/vote" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.sky.com/findandwatch/" />
+			<test url="http://www.sky.com/tv/show/box-sets" />
+			<test url="http://www.sky.com/watch/channel/sky-1" />
+
+		<!--	Mixed images:
+					-->
+		<!--test url="http://corporate.sky.com/media-centre/our-blog/2015/business-can-be-both-profitable-and-responsible" /-->
+
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.sky\.com$" name="^(?:countryAKA|hant|just|polarisSplit|skyCEsidsso01|skySSO|skySplit01|uifd)$" /-->
+	<!--securecookie host="^(?:accessibility|rainforestrescue)\.sky\.com$" name="^(?:sessionid|uid)$" /-->
+	<!--securecookie host="^accessories\.sky\.com$" name="^(?:rack\.session|skyCEaccshophub01)$" /-->
+	<!--securecookie host="^business\.sky\.com$" name="^sessionid$" /-->
+	<!--securecookie host="^corporate\.sky\.com$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^diagnostics\.sky\.com$" name="^jwt-token$" /-->
+	<!--securecookie host="^broadband\.diagnostics\.sky\.com$" name="^request_method$" /-->
+	<!--securecookie host="^myorders\.sky\.com$" name="^(?:__VCAP_ID__|JSESSIONID)$" /-->
+	<!--securecookie host="^payments\.sky\.com$" name="^TS[\da-f]+$" /-->
+	<!--securecookie host="^helpforum\.sky\.com$" name="^LithiumUser(?:Info|Secure)$" /-->
+	<!--securecookie host="^shop\.sky\.com$" name="^JSESSIONID$" /-->
+	<!--securecookie host="^teachers\.sky\.com$" name="^uid$" /-->
 
 	<!--	Tracking cookie:
 						-->
-	<securecookie host="^\.sky\.com$" name="^(?:mbox|s_\w+)$" />
-	<securecookie host="^(?:accessibility|business|buy|contactus|helpforum|my|myaccount|myorders|rainforestrescue)\.sky\.com$" name=".+" />
+	<securecookie host="^\." name="^(?:_gat?|mbox|s_\w+)$" />
+	<securecookie host="^(?!www\.sky\.com$)\w" name=".+" />
 
 
-	<rule from="^http://(accessibility|accessories|activatemychannels|(?:staging-)?assets|business|buy|contactus|customerrewards|global|go|helpforum|interest|secure|smetrics|my|myaccount|myhelprequests|myorders|(?:new)?mysky|rainforestrescue|rewards|secure\.suggest\.search|skyid)\.sky\.com/"
-		to="https://$1.sky.com/" />
+	<rule from="^http://sky\.com/"
+		to="https://www.sky.com/" />
 
-	<rule from="^http://diagnostics\.sky\.com/"
-		to="https://prod-diagnostics.herokuapp.com/" />
+	<rule from="^http://metrics\.sky\.com/"
+		to="https://smetrics.sky.com/" />
 
-	<rule from="^http://help\.sky\.com/(favicon\.ico|images/|js/)"
-		to="https://a248.e.akamai.net/f/1982/1/g2/help.sky.com/$1" />
+	<rule from="^http://f\.newsletter\.sky\.com/"
+		to="https://f.chtah.com/" />
 
-	<rule from="^http://metrics\.sky\.com/"
-		to="https://sky-com.d1.sc.omtrdc.net/" />
+	<rule from="^http://suggest\.search\.sky\.com/"
+		to="https://secure.suggest.search.sky.com/" />
 
-	<rule from="^http://livingforsport\.skysports\.com/"
-		to="https://livingforsport.skysports.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Sky.de.xml b/src/chrome/content/rules/Sky.de.xml
new file mode 100644
index 000000000000..dd20392f59c7
--- /dev/null
+++ b/src/chrome/content/rules/Sky.de.xml
@@ -0,0 +1,92 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://bundesliga-tipp.sky.de/ => https://bundesliga-tipp.sky.de/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://events.sky.de/ => https://events.sky.de/: (60, 'SSL certificate problem: self signed certificate')
+Fetch error: http://uk-business.sky.de/ => https://uk-business.sky.de/: (6, 'Could not resolve host: uk-business.sky.de')
+Fetch error: http://uk-info.sky.de/ => https://uk-info.sky.de/: (6, 'Could not resolve host: uk-info.sky.de')
+Fetch error: http://uk-skyonline.sky.de/ => https://uk-skyonline.sky.de/: (6, 'Could not resolve host: uk-skyonline.sky.de')
+Fetch error: http://uk-skyticket.sky.de/ => https://uk-skyticket.sky.de/: (6, 'Could not resolve host: uk-skyticket.sky.de')
+Fetch error: http://uk-www.sky.de/ => https://uk-www.sky.de/: (6, 'Could not resolve host: uk-www.sky.de')
+
+	Invalid Certificate:
+		- mail.6erpack.sky.de
+		- service.test.angebot.sky.de
+		- ctxm.sky.de
+		- lyncdiscover.sky.de
+		- omni.sky.de
+		- service.skyticket.sky.de
+		- test2-skyticket.sky.de
+		- wirwollendeinestimme.sky.de
+		- www.wirwollendeinestimme.sky.de
+
+	MCB:
+		- business.sky.de
+
+	PROTOCOL_ERROR:
+		- medien.sky.de
+
+	Refused:
+		- sportkalender.sky.de
+		- sportkalender-stage.sky.de
+		- voucher.sky.de
+
+	Reset:
+		- connect.sky.de
+		- haendler.sky.de
+
+	Timeout:
+		- bundesligatipp.sky.de
+		- dm.sky.de
+		- download.sky.de
+		- film.sky.de
+		- fussball-im-herzen.sky.de
+		- www.info.sky.de
+		- ir.sky.de
+		- ondemand.sky.de
+		- select.sky.de
+		- servicecenter.sky.de
+		- www.servicecenter.sky.de
+		- skygo.sky.de
+		- www.skyonline.sky.de
+		- www.skyticket.sky.de
+		- www.spieldeslebens.sky.de
+-->
+<ruleset name="Sky.de" default_off="failed ruleset test">
+	<target host="www.sky.de" />
+	<target host="6erpack.sky.de" />
+	<target host="www.6erpack.sky.de" />
+	<target host="affiliate.sky.de" />
+	<target host="service.angebot.sky.de" />
+	<target host="autodiscover.sky.de" />
+	<target host="bundesliga-tipp.sky.de" />
+	<target host="cas-online-de.sky.de" />
+	<target host="community.sky.de" />
+	<target host="dealer-training.sky.de" />
+	<target host="events.sky.de" />
+	<target host="fut.sky.de" />
+	<target host="info.sky.de" />
+	<target host="jira.sky.de" />
+	<target host="next.sky.de" />
+	<target host="opta.sky.de" />
+	<target host="siebelsales.sky.de" />
+	<target host="www.skygo.sky.de" />
+	<target host="skyonline.sky.de" />
+	<target host="skyremoteaccess.sky.de" />
+	<target host="skyticket.sky.de" />
+	<target host="socialmedia.sky.de" />
+	<target host="somni.sky.de" />
+	<target host="spieldeslebens.sky.de" />
+	<target host="telekom.sky.de" />
+	<target host="test2-skyonline.sky.de" />
+	<target host="uk-business.sky.de" />
+	<target host="uk-info.sky.de" />
+	<target host="uk-skyonline.sky.de" />
+	<target host="uk-skyticket.sky.de" />
+	<target host="uk-www.sky.de" />
+	<target host="vodafone.sky.de" />
+	<target host="willkommen.sky.de" />
+	<target host="wvguard.sky.de" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SkySQL.com.xml b/src/chrome/content/rules/SkySQL.com.xml
new file mode 100644
index 000000000000..1bdf11479797
--- /dev/null
+++ b/src/chrome/content/rules/SkySQL.com.xml
@@ -0,0 +1,23 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://skysql.com/ => https://skysql.com/: (51, "SSL: no alternative certificate subject name matches target host name 'skysql.com'")
+Fetch error: http://support.skysql.com/ => https://support.skysql.com/: (6, 'Could not resolve host: support.skysql.com')
+Fetch error: http://www.skysql.com/ => https://www.skysql.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.skysql.com'")
+
+	For other MariaDB Corporation coverage, see MariaDB.com.xml.
+
+-->
+<ruleset name="SkySQL.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="skysql.com" />
+	<target host="support.skysql.com" />
+	<target host="www.skysql.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SkyViewingHelp.com.xml b/src/chrome/content/rules/SkyViewingHelp.com.xml
index e806fac20592..bf2fb253a6cd 100644
--- a/src/chrome/content/rules/SkyViewingHelp.com.xml
+++ b/src/chrome/content/rules/SkyViewingHelp.com.xml
@@ -1,4 +1,12 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://skyviewinghelp.com/ => https://www.skyviewinghelp.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.skyviewinghelp.com'")
+Fetch error: http://www.skyviewinghelp.com/ => https://www.skyviewinghelp.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.skyviewinghelp.com'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://skyviewinghelp.com/ => https://www.skyviewinghelp.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.skyviewinghelp.com'")
+Fetch error: http://www.skyviewinghelp.com/ => https://www.skyviewinghelp.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.skyviewinghelp.com'")
 	For other Sky coverage, see Sky.com.xml.
 
 
@@ -7,7 +15,7 @@
 			- ^	(expired, mismatched, CN: secure.sky.com)
 
 -->
-<ruleset name="SkyViewingHelp.com">
+<ruleset name="SkyViewingHelp.com" default_off="failed ruleset test">
 
 	<target host="skyviewinghelp.com" />
 	<target host="www.skyviewinghelp.com" />
@@ -16,7 +24,7 @@
 	<securecookie host="^(?:www\.)?skyviewinghelp\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?skyviewinghelp\.com/"
+	<rule from="^http://(?:www\.)?skyviewinghelp\.com/"
 		to="https://www.skyviewinghelp.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Sky_Academy.com.xml b/src/chrome/content/rules/Sky_Academy.com.xml
new file mode 100644
index 000000000000..8f2294ba7eb9
--- /dev/null
+++ b/src/chrome/content/rules/Sky_Academy.com.xml
@@ -0,0 +1,21 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://skyacademy.com/ => https://skyacademy.com/: (35, 'Unknown SSL protocol error in connection to skyacademy.com:443 ')
+
+	For other Sky coverage see Sky.com.xml.
+
+-->
+<ruleset name="Sky Academy.com" default_off="failed ruleset test">
+
+	<target host="skyacademy.com" />
+	<target host="www.skyacademy.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Sky_News.Au.xml b/src/chrome/content/rules/Sky_News.Au.xml
new file mode 100644
index 000000000000..f1254e6f0c06
--- /dev/null
+++ b/src/chrome/content/rules/Sky_News.Au.xml
@@ -0,0 +1,15 @@
+<!--
+	(www.): dropped
+
+
+	CN: *.hostworks.com.au
+
+-->
+<ruleset name="Sky News.Au (partial)" default_off="mismatched">
+
+	<target host="static.skynews.com.au" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Sky_and_Telescope-problematic.xml b/src/chrome/content/rules/Sky_and_Telescope-problematic.xml
index 69a9bb3c323c..65534d7f77de 100644
--- a/src/chrome/content/rules/Sky_and_Telescope-problematic.xml
+++ b/src/chrome/content/rules/Sky_and_Telescope-problematic.xml
@@ -2,12 +2,11 @@
 	For rules that are on by default, see Sky_and_Telescope.xml.
 
 -->
-<ruleset name="Sky &amp; Telescope (problematic)" default_off="mismatched">
+<ruleset name="Sky &amp; Telescope (problematic)" default_off="refused">
 
 	<target host="media.skyandtelescope.com" />
 
 
-	<rule from="^http://media\.skyandtelescope\.com/"
-		to="https://media.skyandtelescope.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Sky_and_Telescope.xml b/src/chrome/content/rules/Sky_and_Telescope.xml
index 040503d607c1..4713280f1b2a 100644
--- a/src/chrome/content/rules/Sky_and_Telescope.xml
+++ b/src/chrome/content/rules/Sky_and_Telescope.xml
@@ -1,23 +1,24 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://link.eml.skyandtelescope.com/ => https://link.eml.skyandtelescope.com/: (7, 'Failed to connect to link.eml.skyandtelescope.com port 443: Connection refused')
+
+Automatically by https-everywhere-checker because:
+Fetch error: http://link.eml.skyandtelescope.com/ => https://link.eml.skyandtelescope.com/: (7, 'Failed to connect to link.eml.skyandtelescope.com port 443: Connection refused')
 	For problematic rules, see Sky_and_Telescope-problematic.xml.
 
 
 	Nonfunctional subdomains:
 
 		- (www.)
-
-
-	Problematic subdomains:
-
-		- media		(works, mismatched, CN: *.clickability.com)
+		- media		(Refused)
 
 -->
-<ruleset name="Sky &amp; Telescope (partial)">
+<ruleset name="Sky &amp; Telescope (partial)" default_off="failed ruleset test">
 
 	<target host="link.eml.skyandtelescope.com" />
 
 
-	<rule from="^http://link\.eml\.skyandtelescope\.com/"
-		to="https://link.eml.skyandtelescope.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Skydsl.eu.xml b/src/chrome/content/rules/Skydsl.eu.xml
index 252048f54b7f..5d18e9c3ad2d 100644
--- a/src/chrome/content/rules/Skydsl.eu.xml
+++ b/src/chrome/content/rules/Skydsl.eu.xml
@@ -1,3 +1,7 @@
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://skydsl.eu/ => https://skydsl.eu/: Redirect for 'http://www.skydsl.eu' missing Location
+-->
 <ruleset name="Skydsl.eu">
   <target host="skydsl.eu" />
   <target host="*.skydsl.eu" />
diff --git a/src/chrome/content/rules/Skye.lgbt.xml b/src/chrome/content/rules/Skye.lgbt.xml
new file mode 100644
index 000000000000..4bf6284e28da
--- /dev/null
+++ b/src/chrome/content/rules/Skye.lgbt.xml
@@ -0,0 +1,8 @@
+<ruleset name="Skye.lgbt">
+	<target host="skye.lgbt" />
+	<target host="www.skye.lgbt" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Skylark_cloud.com.xml b/src/chrome/content/rules/Skylark_cloud.com.xml
new file mode 100644
index 000000000000..bcab5d75286f
--- /dev/null
+++ b/src/chrome/content/rules/Skylark_cloud.com.xml
@@ -0,0 +1,31 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://skylarkcloud.com/ => https://skylarkcloud.com/: (7, 'Failed to connect to skylarkcloud.com port 443: No route to host')
+Fetch error: http://www.skylarkcloud.com/ => https://www.skylarkcloud.com/: (28, 'Connection timed out after 20000 milliseconds')
+
+	Insecure cookies are set for these hosts:
+
+		- skylarkcloud.com
+		- www.skylarkcloud.com
+
+-->
+<ruleset name="Skylark cloud.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="skylarkcloud.com" />
+	<target host="www.skylarkcloud.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?skylarkcloud\.com$" name="^csrftoken$" /-->
+
+	<securecookie host="^(?:www\.)?skylarkcloud\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Skyline_Registrations.co.uk.xml b/src/chrome/content/rules/Skyline_Registrations.co.uk.xml
new file mode 100644
index 000000000000..eddca92126a3
--- /dev/null
+++ b/src/chrome/content/rules/Skyline_Registrations.co.uk.xml
@@ -0,0 +1,26 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://skylineregistrations.co.uk/ (200) => https://www.skylineregistrations.co.uk/ (403)
+Non-2xx HTTP code: http://www.skylineregistrations.co.uk/ (200) => https://www.skylineregistrations.co.uk/ (403)
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://skylineregistrations.co.uk/ => https://www.skylineregistrations.co.uk/: (28, 'Operation timed out after 0 milliseconds with 0 out of 0 bytes received')
+	^: cert only matches www.
+
+
+	Mixed content:
+
+		- Ads from www.googleadservices.com
+
+-->
+<ruleset name="Skyline Registrations.co.uk" default_off="failed ruleset test">
+
+	<target host="skylineregistrations.co.uk" />
+	<target host="www.skylineregistrations.co.uk" />
+
+
+	<rule from="^http://(?:www\.)?skylineregistrations\.co\.uk/"
+		to="https://www.skylineregistrations.co.uk/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Skylink.xml b/src/chrome/content/rules/Skylink.xml
new file mode 100644
index 000000000000..5808bb1436dc
--- /dev/null
+++ b/src/chrome/content/rules/Skylink.xml
@@ -0,0 +1,16 @@
+<ruleset name="Skylink">
+    <target host="skylink.cz" />
+    <target host="www.skylink.cz" />
+    <target host="karty.skylink.cz" />
+    <target host="otazky.skylink.cz" />
+    <target host="zona.skylink.cz" />
+    <target host="registrace.skylink.cz" />
+    <target host="partner.skylink.cz" />
+    <target host="skylink.sk" />
+    <target host="www.skylink.sk" />
+    <target host="zona.skylink.sk" />
+    <target host="partner.skylink.sk" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Skype.xml b/src/chrome/content/rules/Skype.xml
deleted file mode 100644
index 04f880cbc0ff..000000000000
--- a/src/chrome/content/rules/Skype.xml
+++ /dev/null
@@ -1,81 +0,0 @@
-<!--
-	For other Microsoft coverage, see Microsoft.xml.
-
-
-	CDN buckets:
-
-		- download-akm.skype.com.edgesuite.com
-			- download.skype.com
-			- download-akm.skype.com
-
-
-	Nonfunctional subdomains:
-
-		- ^
-		- downloads *
-		- downloads-akm *
-		- mystatus
-		- shop
-
-	* 503, akamai
-
-
-	Problematic domains:
-
-		- blogs.skype.com	(wordpress)
-		- metrics.skype.com	(mismatched, CN: *.d2.sc.omtrdc.net)
-		- www.skypeassets.com	(works, akamai)
-
-
-	Partially covered domains:
-
-		- www.skypeassets.com	(→ secure.skypeassets.com)
-
-
-	Fully covered domains:
-
-		- skype.com subdomains:
-
-			- ^		(→ www.skype.com)
-			- beta
-			- blogs
-			- login
-			- metrics	(→ skype.d2.sc.omtrdc.net)
-			- secure
-			- smetrics
-			- support
-			- www
-
-		- skypeassets.com subdomains:
-
-			- apps
-			- beta
-			- secure
-
--->
-<ruleset name="Skype (partial)" platform="mixedcontent">
-
-	<target host="skype.com" />
-	<target host="*.skype.com" />
-	<target host="*.skypeassets.com" />
-
-
-	<securecookie host="^.*\.skype\.com$" name=".+" />
-
-
-	<rule from="^https?://(?:www\.)?skype\.com/"
-		to="https://www.skype.com/" />
-
-	<rule from="^http://(beta|login|secure|smetrics|support)\.skype\.com/"
-		to="https://$1.skype.com/" />
-
-	<rule from="^https?://metrics\.skype\.com/"
-		to="https://skype.d2.sc.omtrdc.net/" />
-
-	<rule from="^https?://www\.skypeassets\.com/"
-		to="https://secure.skypeassets.com/" />
-
-	<rule from="^http://(apps|beta|secure)\.skypeassets\.com/"
-		to="https://$1.skypeassets.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Skype_assets.com.xml b/src/chrome/content/rules/Skype_assets.com.xml
new file mode 100644
index 000000000000..ad13df0d0af1
--- /dev/null
+++ b/src/chrome/content/rules/Skype_assets.com.xml
@@ -0,0 +1,32 @@
+<!--
+	For other Microsoft coverage, see Microsoft.xml.
+
+	Nonfunctional hosts in *.skypeassets.com:
+
+		- www.skypeassets.com (m, secure.skypeassets.com would work but status code is not the same)
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Skypeassets.com">
+
+	<target host="apps.skypeassets.com" />
+	<target host="secure.skypeassets.com" />
+	<target host="static.skypeassets.com" />
+
+	<!-- connection times out on $ for Travis -->
+	<exclusion pattern="^http://secure\.skypeassets\.com/$" />
+
+	<test url="http://apps.skypeassets.com/static/skype.client.login/3.0/3.30/release/images/normal/skype-logo-136x60.png" />
+	<test url="http://secure.skypeassets.com/favicon.ico" />
+	<test url="http://static.skypeassets.com/adserver/AdLoader.html" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Skyrider_GraalOnline.xml b/src/chrome/content/rules/Skyrider_GraalOnline.xml
index 3c3b06c763d8..e4bc2917efc5 100644
--- a/src/chrome/content/rules/Skyrider_GraalOnline.xml
+++ b/src/chrome/content/rules/Skyrider_GraalOnline.xml
@@ -1,13 +1,25 @@
-<ruleset name="Skyrider GraalOnline">
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://skyriderplay.com/ (200) => https://skyriderplay.com/ (521)
+Non-2xx HTTP code: http://www.skyriderplay.com/ (200) => https://www.skyriderplay.com/ (521)
+
+-->
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://skyriderplay.com/ (200) => https://skyriderplay.com/ (521)
+
+-->
+<ruleset name="Skyrider GraalOnline" default_off="failed ruleset test">
 
 	<target host="skyriderplay.com" />
-	<target host="*.skyriderplay.com" />
+	<target host="www.skyriderplay.com" />
 
 
 	<securecookie host="^\.skyriderplay\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?skyriderplay\.com/"
-		to="https://$1skyriderplay.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Skyscanner.xml b/src/chrome/content/rules/Skyscanner.xml
new file mode 100644
index 000000000000..ae6db4a6f6d3
--- /dev/null
+++ b/src/chrome/content/rules/Skyscanner.xml
@@ -0,0 +1,85 @@
+<!--
+	Ruleset for Skyscanner (multiple domain names).
+	See <https://en.wikipedia.org/wiki/Skyscanner>.
+
+	Invalid certificate:
+		help.skyscanner.co.in
+		help.skyscanner.co.th
+		help.skyscanner.com.au
+		help.skyscanner.ie
+		help.skyscanner.jp
+		help.skyscanner.nl
+		skyscanner2024.com
+		www.skyscanner2024.com
+
+	Time out:
+		skyscanner.ae
+		m.skyscanner.ae
+		skyscanner.at
+		m.skyscanner.at
+		w.skyscanner.at
+		ww.skyscanner.at
+		wwww.skyscanner.at
+		skyscanner.ca
+		skyscanner.ch
+		m.skyscanner.ch
+		skyscanner.co.in
+		m.skyscanner.co.in
+		skyscanner.co.kr
+		skyscanner.co.th
+		skyscanner.com.au
+		skyscanner.com.my
+		m.skyscanner.com.my
+		skyscanner.de
+		m.skyscanner.de
+		skyscanner.dk
+		m.skyscanner.dk
+		skyscanner.es
+		m.skyscanner.es
+		skyscanner.fr
+		m.skyscanner.fr
+		skyscanner.ie
+		m.skyscanner.ie
+		skyscanner.it
+		m.skyscanner.it
+		skyscanner.jp
+		m.skyscanner.jp
+		skyscanneraffiliate.net
+		www.skyscanneraffiliate.net
+		skyscanner.nl
+		m.skyscanner.nl
+		skyscanner.no
+		m.skyscanner.no
+		skyscanner.ro
+		m.skyscanner.ro
+		skyscanner.se
+		m.skyscanner.se
+
+-->
+<ruleset name="Skyscanner">
+
+	<target host="www.skyscanner.at" />
+	<target host="www.skyscanner.ae" />
+	<target host="www.skyscanner.ca" />
+	<target host="www.skyscanner.ch" />
+	<target host="www.skyscanner.co.in" />
+	<target host="www.skyscanner.co.kr" />
+	<target host="www.skyscanner.co.th" />
+	<target host="www.skyscanner.com.au" />
+	<target host="www.skyscanner.com.my" />
+	<target host="www.skyscanner.de" />
+	<target host="www.skyscanner.dk" />
+	<target host="www.skyscanner.es" />
+	<target host="www.skyscanner.fr" />
+	<target host="www.skyscanner.ie" />
+	<target host="www.skyscanner.it" />
+	<target host="www.skyscanner.jp" />
+	<target host="www.skyscanner.nl" />
+	<target host="www.skyscanner.no" />
+	<target host="www.skyscanner.ro" />
+	<target host="www.skyscanner.se" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SkyscraperPage.com.xml b/src/chrome/content/rules/SkyscraperPage.com.xml
new file mode 100644
index 000000000000..3b609b0cbc15
--- /dev/null
+++ b/src/chrome/content/rules/SkyscraperPage.com.xml
@@ -0,0 +1,15 @@
+<!--
+	Connection timed out:
+		- web1
+
+	Connection closed:
+		- webmail
+-->
+<ruleset name="SkyscraperPage.com">
+	<target host="skyscraperpage.com" />
+	<target host="www.skyscraperpage.com" />
+	<target host="forum.skyscraperpage.com" />
+	<target host="sandbox.skyscraperpage.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Slac.com.xml b/src/chrome/content/rules/Slac.com.xml
index 715fb14f3055..930f29a43f3b 100644
--- a/src/chrome/content/rules/Slac.com.xml
+++ b/src/chrome/content/rules/Slac.com.xml
@@ -4,7 +4,7 @@
 	<target host="www.slac.com" />
 
 
-	<rule from="^https?://(?:www\.)?slac\.com/"
+	<rule from="^http://(?:www\.)?slac\.com/"
 		to="https://www.slac.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Slack.com.xml b/src/chrome/content/rules/Slack.com.xml
new file mode 100644
index 000000000000..83cf3c731dab
--- /dev/null
+++ b/src/chrome/content/rules/Slack.com.xml
@@ -0,0 +1,27 @@
+<!--
+	(*.)?slack.com hsts preload
+	slack-edge.com nonexist
+	www.slack-edge.com nonexist
+
+	CDN buckets:
+
+		- slack.global.ssl.fastly.net
+
+-->
+<ruleset name="Slack.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="platform.slack-edge.com" />
+	<target host="a.slack-edge.com" />
+	<target host="downloads.slack-edge.com" />
+	<target host="slackhq.com" />
+	<target host="www.slackhq.com" />
+	<target host="slackatwork.com" />
+	<target host="www.slackatwork.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Slader.com.xml b/src/chrome/content/rules/Slader.com.xml
new file mode 100644
index 000000000000..2ef25f846484
--- /dev/null
+++ b/src/chrome/content/rules/Slader.com.xml
@@ -0,0 +1,14 @@
+<!--
+	Mismatch:
+		procrastinate.slader.com
+-->
+<ruleset name="Slader.com">
+	<target host="slader.com" />
+	<target host="www.slader.com" />
+	<target host="api.slader.com" />
+	<target host="blog.slader.com" />
+	<target host="build.slader.com" />
+	<target host="swag.slader.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Slanted.de.xml b/src/chrome/content/rules/Slanted.de.xml
new file mode 100644
index 000000000000..c7293690b80e
--- /dev/null
+++ b/src/chrome/content/rules/Slanted.de.xml
@@ -0,0 +1,44 @@
+<!--
+	Nonfunctional hosts in *slanted.de:
+
+		- videos *
+
+	* Shows www.slanted.de
+
+
+	Problematic hosts in *slanted.de:
+
+		- cuba *
+
+	* Self-signed
+
+
+	Insecure cookies are set for these domains:
+
+		- .slanted.de
+
+
+	Mixed content:
+
+		- Images on www from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Slanted.de (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="slanted.de" />
+	<target host="www.slanted.de" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.slanted\.de$" name="^SESS[\da-f]{32}$" /-->
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SlashFilm.com.xml b/src/chrome/content/rules/SlashFilm.com.xml
new file mode 100644
index 000000000000..2f3d39130f34
--- /dev/null
+++ b/src/chrome/content/rules/SlashFilm.com.xml
@@ -0,0 +1,11 @@
+<!--
+	Invalid certificate:
+		- daily.slashfilm.com
+-->
+
+<ruleset name="SlashFilm.com">
+	<target host="slashfilm.com" />
+	<target host="www.slashfilm.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Slashbits.com.xml b/src/chrome/content/rules/Slashbits.com.xml
index 44b73e078ffb..1799da8a955e 100644
--- a/src/chrome/content/rules/Slashbits.com.xml
+++ b/src/chrome/content/rules/Slashbits.com.xml
@@ -1,13 +1,21 @@
-<ruleset name="Slashbits.com">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://slashbits.com/ => https://slashbits.com/: (51, "SSL: no alternative certificate subject name matches target host name 'slashbits.com'")
+Fetch error: http://www.slashbits.com/ => https://www.slashbits.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.slashbits.com'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://slashbits.com/ => https://slashbits.com/: (51, "SSL: no alternative certificate subject name matches target host name 'slashbits.com'")
+-->
+<ruleset name="Slashbits.com" default_off="failed ruleset test">
 
 	<target host="slashbits.com" />
-	<target host="*.slashbits.com" />
+	<target host="www.slashbits.com" />
 
 
 	<securecookie host="^\.slashbits\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?slashbits\.com/"
-		to="https://$1slashbits.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Slashdot-mismatches.xml b/src/chrome/content/rules/Slashdot-mismatches.xml
deleted file mode 100644
index f0cceefe8cef..000000000000
--- a/src/chrome/content/rules/Slashdot-mismatches.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<!--
-	For rules that are on by default, see Slashdot.org.
-
--->
-<ruleset name="Slashdot (mismatches)" default_off="mismatch">
-
-	<target host="jobs.slashdot.org" />
-
-
-	<rule from="^http://jobs\.slashdot\.org/"
-		to="https://jobs.slashdot.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Slashdot.xml b/src/chrome/content/rules/Slashdot.xml
index 9a5e0ec3ddc3..db7e92e249e6 100644
--- a/src/chrome/content/rules/Slashdot.xml
+++ b/src/chrome/content/rules/Slashdot.xml
@@ -1,49 +1,44 @@
 <!--
-	For problematic rules, see Slashdot-mismatches.xml.
 
+	Nonfunctional covered hosts in *slashdot.org:
 
-	Nonfunctional subdomains:
+		- slashdotheadlines.p ʳ
+		- mbeta.slashdot.org *
+		- y.slashdot.org *
 
-		- mbeta			(404)
-		- slashdotheadlines.p	(refused)
-
-
-	Partially covered subdomains:
-
-		- (www.)	(many pages redirect to http)
-
-
-	Fully covered subdomains:
-
-		- images
-		- tv
-		- y
+	ʳ Refused
+	ˣ Invalid Certificate
 
 -->
-<ruleset name="Slashdot (partial)">
-
+<ruleset name="Slashdot.org (partial)">
 	<target host="slashdot.org" />
-	<target host="*.slashdot.org" />
-
-
-	<securecookie host="^slashdot\.org$" name="^w3tc_referrer$" />
-
-
-	<rule from="^http://(?:\w+\.)?slashdot\.org/favicon\.ico$"
-		to="https://tv.slashdot.org/wp-content/themes/TVslashdot/images/favicon.ico" />
-
-	<rule from="^http://(www\.)?slashdot\.org/(login\.pl|my/|submission|topic/|webcasts)"
-		to="https://$1slashdot.org/$2" />
-
-	<!--	Redirects to http as-is:
-						-->
-	<rule from="^http://slashdot\.org/images/"
-		to="https://images.slashdot.org/images/" />
-
-	<rule from="^http://(\w+)\.slashdot\.org/ajax\.pl"
-		to="https://$1.slashdot.org/ajax.pl" />
-
-	<rule from="^http://(images|tv|y)\.slashdot\.org/"
-		to="https://$1.slashdot.org/" />
-
-</ruleset>
\ No newline at end of file
+	<target host="apple.slashdot.org" />
+	<target host="build.slashdot.org" />
+	<target host="deals.slashdot.org" />
+	<target host="developers.slashdot.org" />
+	<target host="devices.slashdot.org" />
+	<target host="entertainment.slashdot.org" />
+	<target host="games.slashdot.org" />
+	<target host="hardware.slashdot.org" />
+	<target host="images.slashdot.org" />
+	<target host="interviews.slashdot.org" />
+	<target host="it.slashdot.org" />
+	<target host="jobs.slashdot.org" />
+	<target host="linux.slashdot.org" />
+	<target host="m.slashdot.org" />
+	<target host="mobile.slashdot.org" />
+	<target host="news.slashdot.org" />
+	<target host="partnervideo.slashdot.org" />
+	<target host="politics.slashdot.org" />
+	<target host="science.slashdot.org" />
+	<target host="tech.slashdot.org" />
+	<target host="technology.slashdot.org" />
+	<target host="tv.slashdot.org" />
+	<target host="www.slashdot.org" />
+	<target host="yro.slashdot.org" />
+
+	<securecookie host="^\." name="^_(?:ga|_qca$)" />
+	<securecookie host="^\w" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Slashdot_Media.xml b/src/chrome/content/rules/Slashdot_Media.xml
index cfb10ecb32ef..ccd3167178bf 100644
--- a/src/chrome/content/rules/Slashdot_Media.xml
+++ b/src/chrome/content/rules/Slashdot_Media.xml
@@ -1,21 +1,36 @@
 <!--
+
 	For other Dice coverage, see Dice.xml.
 
 
-	Fully covered subdomains:
+	Problematic hosts in *slashdotmedia.com:
 
-		- (www.)
-		- library
-		- web
+		- cdn.asset *
+		- web +
 
--->
-<ruleset name="Slashdot Media">
+	* Cloudfront
+	+ Invalid Certificate
+
+
+	Mixed content:
 
+		- css on (www.)?, web from fonts.googleapis.com *
+		- Image on library from cdn.asset.slashdotmedia.com
+
+	* Secured by us
+
+-->
+<ruleset name="Slashdot Media.com" >
 	<target host="slashdotmedia.com" />
-	<target host="*.slashdotmedia.com" />
+	<target host="www.slashdotmedia.com" />
+	<target host="analytics.slashdotmedia.com" />
+	<!--target host="cdn.asset.slashdotmedia.com" /-->
+	<target host="library.slashdotmedia.com" />
+	<target host="web.slashdotmedia.com" />
 
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://((?:library|web|www)\.)?slashdotmedia\.com/"
-		to="https://$1slashdotmedia.com/" />
+	<rule from="^http://web\.slashdotmedia\.com/" to="https://library.slashdotmedia.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Slate.fr-mixedcontent.xml b/src/chrome/content/rules/Slate.fr-mixedcontent.xml
new file mode 100644
index 000000000000..f51aba294ba7
--- /dev/null
+++ b/src/chrome/content/rules/Slate.fr-mixedcontent.xml
@@ -0,0 +1,13 @@
+<!--
+	See Slate.fr.xml for rules on by default
+
+-->
+<ruleset name="Slate.fr (mixedcontent)" platform="mixedcontent">
+
+	<target host="blog.slate.fr" />
+	<target host="bo.slate.fr" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Slate.fr.xml b/src/chrome/content/rules/Slate.fr.xml
new file mode 100644
index 000000000000..5d985ea50ab0
--- /dev/null
+++ b/src/chrome/content/rules/Slate.fr.xml
@@ -0,0 +1,25 @@
+<!--
+	Mixed content:
+		blog.slate.fr
+		bo.slate.fr
+
+	See Slate.fr-mixedcontent.xml for these subdomains
+
+	No working URL known:
+		mondial2010.slate.fr
+		politique.slate.fr
+		pub.slate.fr
+		regionales2010.slate.fr
+		tablette.slate.fr
+
+-->
+<ruleset name="Slate.fr">
+
+	<target host="slate.fr" />
+	<target host="www.slate.fr" />
+	<target host="m.slate.fr" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Slavery_Footprint.org.xml b/src/chrome/content/rules/Slavery_Footprint.org.xml
index a5f4786aaaa5..02334b7c5d81 100644
--- a/src/chrome/content/rules/Slavery_Footprint.org.xml
+++ b/src/chrome/content/rules/Slavery_Footprint.org.xml
@@ -10,13 +10,12 @@
 <ruleset name="Slavery Footprint.org">
 
 	<target host="slaveryfootprint.org" />
-	<target host="*.slaveryfootprint.org" />
+	<target host="www.slaveryfootprint.org" />
 
 
 	<securecookie host="^\.slaveryfootprint\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?slaveryfootprint\.org/"
-		to="https://$1slaveryfootprint.org/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Slax_Linux.xml b/src/chrome/content/rules/Slax_Linux.xml
index 1aede675fc23..45fff63faecc 100644
--- a/src/chrome/content/rules/Slax_Linux.xml
+++ b/src/chrome/content/rules/Slax_Linux.xml
@@ -1,13 +1,12 @@
 <ruleset name="Slax Linux">
 
 	<target host="slax.org" />
-	<target host="*.slax.org" />
+	<target host="www.slax.org" />
 
 
 	<securecookie host="^\.slax\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?slax\.org/"
-		to="https://$1slax.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Slender_Kitchen.xml b/src/chrome/content/rules/Slender_Kitchen.xml
index 67c3679085a6..d146d37471ce 100644
--- a/src/chrome/content/rules/Slender_Kitchen.xml
+++ b/src/chrome/content/rules/Slender_Kitchen.xml
@@ -1,13 +1,19 @@
-<ruleset name="The Slender Kitchen">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://slenderkitchen.com/ => https://slenderkitchen.com/: Too many redirects while fetching 'https://slenderkitchen.com/'
+Fetch error: http://www.slenderkitchen.com/ => https://www.slenderkitchen.com/: Too many redirects while fetching 'https://www.slenderkitchen.com/'
+
+-->
+<ruleset name="The Slender Kitchen" default_off="failed ruleset test">
 
 	<target host="slenderkitchen.com" />
-	<target host="*.slenderkitchen.com" />
+	<target host="www.slenderkitchen.com" />
 
 
 	<securecookie host="^(?:www)?\.slenderkitchen\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?slenderkitchen\.com/"
-		to="https://$1slenderkitchen.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Sleviste.cz.xml b/src/chrome/content/rules/Sleviste.cz.xml
new file mode 100644
index 000000000000..5aa8a91c608b
--- /dev/null
+++ b/src/chrome/content/rules/Sleviste.cz.xml
@@ -0,0 +1,19 @@
+<!--
+	(www.)?: refused
+
+
+	Problematic subdomains:
+
+		- img *
+
+	* Mismatched, CN: *.blesk.cz
+
+-->
+<ruleset name="Sleviste.cz (partial)" default_off="mismatched">
+
+	<target host="img.sleviste.cz" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SliTaz.org.xml b/src/chrome/content/rules/SliTaz.org.xml
index 5eca813d7fad..f74325fa687b 100644
--- a/src/chrome/content/rules/SliTaz.org.xml
+++ b/src/chrome/content/rules/SliTaz.org.xml
@@ -13,18 +13,20 @@
 <ruleset name="SliTaz.org" default_off="self-signed">
 
 	<target host="slitaz.org" />
-	<target host="*.slitaz.org" />
+	<target host="www.slitaz.org" />
+	<target host="mirror.slitaz.org" />
+	<target host="pkgs.slitaz.org" />
+	<target host="shop.slitaz.org" />
 
 
 	<rule from="^http://(?:www\.)?slitaz\.org/"
 		to="https://www.slitaz.org/" />
 
-	<rule from="^http://(mirror|pkgs)\.slitaz\.org/"
-		to="https://$1.slitaz.org/" />
 
 	<!--	Server keeps path and args:
 						-->
 	<rule from="^http://shop\.slitaz\.org/"
 		to="https://slitaz.spreadshirt.net/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Slice.xml b/src/chrome/content/rules/Slice.xml
index bfaef27e4890..90d882ec5646 100644
--- a/src/chrome/content/rules/Slice.xml
+++ b/src/chrome/content/rules/Slice.xml
@@ -26,7 +26,7 @@
 	<securecookie host="^www\.(?:go|project)?slice\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?(go|project)?slice\.com/"
+	<rule from="^http://(?:www\.)?(go|project)?slice\.com/"
 		to="https://www.$1slice.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SlickEdit.com.xml b/src/chrome/content/rules/SlickEdit.com.xml
index cbff7c32fcb9..396ded8c837e 100644
--- a/src/chrome/content/rules/SlickEdit.com.xml
+++ b/src/chrome/content/rules/SlickEdit.com.xml
@@ -1,13 +1,18 @@
-<ruleset name="SlickEdit.com">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://slickedit.com/ => https://slickedit.com/: (51, "SSL: no alternative certificate subject name matches target host name 'slickedit.com'")
+
+-->
+<ruleset name="SlickEdit.com" default_off="failed ruleset test">
 
 	<target host="slickedit.com" />
-	<target host="*.slickedit.com" />
+	<target host="www.slickedit.com" />
 
 
 	<securecookie host="^(?:www)?\.slickedit\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?slickedit\.com/"
-		to="https://$1slickedit.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Slick_Products.xml b/src/chrome/content/rules/Slick_Products.xml
index 89e0d88116b8..7e55024c05e9 100644
--- a/src/chrome/content/rules/Slick_Products.xml
+++ b/src/chrome/content/rules/Slick_Products.xml
@@ -7,7 +7,6 @@
 	<securecookie host="^www\.slickproductsusa\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?slickproductsusa\.com/"
-		to="https://$1slickproductsusa.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Slickdeals.xml b/src/chrome/content/rules/Slickdeals.xml
index fc4fc3f94129..1710095c79a8 100644
--- a/src/chrome/content/rules/Slickdeals.xml
+++ b/src/chrome/content/rules/Slickdeals.xml
@@ -6,22 +6,58 @@
 
 	* Mismatched, CN: *.slickdeals.net
 
+
+	Mixed content:
+
+		- Images, on:
+
+			- slickdeals.net from $self ¹
+			- slickdeals.net from www.google.com ¹
+
+		- Ads/Bugs, on:
+
+			- slickdeals.net, from:
+
+				- ad.doubleclick.net ²
+				- tags.bkrtx.com ¹
+				- pixel.quantserve.com ¹
+
+			- m.slickdeals.net from tapestry.tapad.com ¹
+
+	¹ Secured by us
+	² Rule disabled by default
+
 -->
 <ruleset name="Slickdeals">
 
 	<target host="slickdeals.net" />
-	<target host="*.slickdeals.net" />
+	<target host="archive.slickdeals.net" />
+	<target host="beta.slickdeals.net" />
+	<target host="blog.slickdeals.net" />
+	<target host="i.slickdeals.net" />
+	<target host="img.slickdeals.net" />
+	<target host="m.slickdeals.net" />
+	<target host="www.slickdeals.net" />
 	<target host="static.slickdealscdn.com" />
 	<target host="static.slickdealz.net" />
 
 
+	<!--	Secured by server:
+					-->
+	<!--securecookie host="^\.slickdeals\.net$" name="^(bblastactivity|bbnps_auuid|bbnps_tracking)$" /-->
+	<!--
+		Not secured by server:
+					-->
+	<!--securecookie host="^(m\.)?slickdeals\.net$" name="^(abgroup|bbvisitday|fp_style)$" /-->
+	<!--securecookie host="^\.slickdeals\.net$" name="^(abt_new|abt_uuid|auuid|bbsessionhash|sdref)$" /-->
+
+
 	<securecookie host="^(?:.*\.)?slickdeals\.net$" name=".+" />
 
 
-	<rule from="^http://((?:archive|beta|blog|i|img|m|www)\.)?slickdeals\.net/"
-		to="https://$1slickdeals.net/" />
 
 	<rule from="^http://static\.slickdeal(?:z\.net|scdn\.com)/"
 		to="https://slickdeals.net/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Slid.es.xml b/src/chrome/content/rules/Slid.es.xml
new file mode 100644
index 000000000000..7be48f609b38
--- /dev/null
+++ b/src/chrome/content/rules/Slid.es.xml
@@ -0,0 +1,33 @@
+<!--
+	For other Slides coverage, see Slides.com.xml.
+
+
+	CDN buckets:
+
+		- s3.amazonaws.com/static.slid.es/
+
+
+	Problematic hosts in *slid.es:
+
+		- help *
+
+	* Server sends no certificate chain, see https://whatsmychaincert.com
+
+
+	Fully covered hosts in *slid.es:
+
+		- assets
+
+-->
+<ruleset name="Slid.es (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="assets.slid.es" />
+	<!--target host="help.slid.es" /-->
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SlideDeck.xml b/src/chrome/content/rules/SlideDeck.xml
index 96060a9069cb..fbff90b4dfe1 100644
--- a/src/chrome/content/rules/SlideDeck.xml
+++ b/src/chrome/content/rules/SlideDeck.xml
@@ -22,11 +22,10 @@
 	<target host="www.slidedeck.com" />
 
 
-	<!--securecookie host="^\.slidedeck\.com$" name="^ubvt$" /-->
 	<securecookie host="^www\.slidedeck\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?slidedeck\.com/"
-		to="https://$1slidedeck.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SlideMyPics.xml b/src/chrome/content/rules/SlideMyPics.xml
deleted file mode 100644
index 52172ed4ba88..000000000000
--- a/src/chrome/content/rules/SlideMyPics.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	CDN buckets:
-
-		- files.slidemypics.com.s3.amazonaws.com
-
-
-
-	Nonfunctional subdomains:
-
-		- (www.)	(http reply)
-
--->
-<ruleset name="SlideMyPics (partial)">
-
-	<target host="files.slidemypics.com" />
-
-
-	<rule from="^http://files\.slidemypics\.com/"
-		to="https://s3.amazonaws.com/files.slidemypics.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/SlidePlayer.fr.xml b/src/chrome/content/rules/SlidePlayer.fr.xml
new file mode 100644
index 000000000000..aa2ad9b6f3c2
--- /dev/null
+++ b/src/chrome/content/rules/SlidePlayer.fr.xml
@@ -0,0 +1,11 @@
+<ruleset name="SlidePlayer.fr">
+
+	<target host="slideplayer.fr" />
+	<target host="www.slideplayer.fr" />
+	<target host="images.slideplayer.fr" />
+	<target host="player.slideplayer.fr" />
+		<test url="http://player.slideplayer.fr/10/2863612/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SlideShare.xml b/src/chrome/content/rules/SlideShare.xml
index c22c97268541..8fa72f03675e 100644
--- a/src/chrome/content/rules/SlideShare.xml
+++ b/src/chrome/content/rules/SlideShare.xml
@@ -1,24 +1,24 @@
 <!--
-	CDN buckets:
-
-		- unbouncepages.com
-
-			- premium.slideshare.net
+	For other LinkedIn coverage, see LinkedIn.xml.
 
 
 	Nonfunctional domains:
 
-		- engineering.slideshare.com *
-		- blog.slideshare.net *
-		- engineering.slideshare.net *
+		- help.slideshare.com ¹
+
+		- engineering.slideshare.net ²
 
-	* Refused
+	¹ Zendesk
+	² Refused
 
 
 	Problematic subdomains:
 
-		- help.slideshare.com	(zendesk)
-		- premium.slideshare.net	(mismatched, CN: *.unbounce.com)
+		- engineering.slideshare.com *
+
+		- apiexplorer.slideshare.net *
+
+	* Mismatched
 
 
 	Partially covered domains:
@@ -26,37 +26,87 @@
 		- help.slideshare.com	(→ slideshare.zendesk.com)
 
 
-	Fully covered domains:
+	Fully covered hosts:
 
-		- stats.slideshare.net
+		- ^
+		- blog
+		- stats
 
-			- slidesharecdn.com subdomains:
 
-				- image
+	Insecure cookies are set for these hosts:
+
+		- apiexplorer.slideshare.net
 
 -->
 <ruleset name="SlideShare.net (partial)">
 
-	<target host="help.slideshare.com" />
+	<!--	Direct rewrites:
+				-->
 	<target host="slideshare.net" />
-	<target host="*.slideshare.net" />
-		<!--exclusion pattern="^http://(www\.)?slideshare\.net/($|\?|(about|business|contact_sales|forgot-password|privacy|terms|widgets)($|\?))" /-->
-	<target host="*.slidesharecdn.com"/>
-
+	<target host="blog.slideshare.net" />
+	<target host="stats.slideshare.net" />
+	<target host="www.slideshare.net" />
 
-	<securecookie host="^\.slideshare\.net$" name="^(?:_smtLastVisitedHost|__utm\w)$" />
+	<!--	Complications:
+				-->
+	<target host="help.slideshare.com" />
 
+		<exclusion pattern="^http://help\.slideshare\.com/(?!attachments/|favicon\.ico|generated/|images/|system/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://help.slideshare.com/forums/20865265-Upload-on-SlideShare" />
+			<test url="http://help.slideshare.com/forums/67662-Get-Started" />
+			<test url="http://help.slideshare.com/home" />
+			<test url="http://help.slideshare.com/requests" />
+			<test url="http://help.slideshare.com/requests/new" />
+
+			<!--	-ve:
+					-->
+			<test url="http://help.slideshare.com/favicon.ico" />
+			<test url="http://help.slideshare.com/images/logo-delimiter.png" />
+			<test url="http://help.slideshare.com/system/logos/2029/3220/logo.png" />
+
+		<!--exclusion pattern="^http://www\.slideshare\.net/($|\?|(about|business|category|contact_sales|developers|explore|privacy|terms|upload|widgets)($|\?))" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.slideshare\.net/(?!elqNow/|favicon\.ico|images/|(?:create|forgot-password|login|signup)(?:$|[?/])|slideshow/embed_code/|stylesheets/)" />
+
+			<test url="http://www.slideshare.net/about" />
+			<test url="http://www.slideshare.net/category/feature" />
+			<test url="http://www.slideshare.net/cisco" />
+			<test url="http://www.slideshare.net/developers" />
+			<test url="http://www.slideshare.net/directory/content/a" />
+			<test url="http://www.slideshare.net/directory/user/a" />
+			<test url="http://www.slideshare.net/explore" />
+			<test url="http://www.slideshare.net/linkedin" />
+			<test url="http://www.slideshare.net/linkedinforgood" />
+			<test url="http://www.slideshare.net/rss/latest" />
+			<test url="http://www.slideshare.net/upload" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.slideshare.net/create" />
+			<test url="http://www.slideshare.net/favicon.ico" />
+			<test url="http://www.slideshare.net/forgot-password" />
+			<test url="http://www.slideshare.net/login" />
+			<test url="http://www.slideshare.net/signup" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?slideshare\.net$" name="^SERVERID$" /-->
+	<!--securecookie host="^\.slideshare\.net$" name="^_uv_id$" /-->
+	<!--securecookie host="^apiexplorer\.slideshare\.net$" name="^connect\.sid$" /-->
 
-	<rule from="^http://help\.slideshare\.com/(attachments/|favicon\.ico|generated/|system/)"
-		to="https://slideshare.zendesk.com/$1" />
+	<securecookie host="^\.slideshare\.net$" name="^(?:_smtLastVisitedHost|__utm\w)$" />
 
-	<rule from="^http://(www\.)?slideshare\.net/(elqNow/|favicon\.ico|images/|(?:login|signup)(?:$|[?/])|slideshow/embed_code/|stylesheets/)"
-		to="https://$1slideshare.net/$2"/>
 
-	<rule from="^http://stats\.slideshare\.net/"
-		to="https://stats.slideshare.net/" />
+	<rule from="^http://help\.slideshare\.com/"
+		to="https://slideshare.zendesk.com/" />
 
-	<rule from="^http://(cdn|image|public|static)\.slidesharecdn\.com/"
-		to="https://$1.slidesharecdn.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/SlideShareCDN.com.xml b/src/chrome/content/rules/SlideShareCDN.com.xml
new file mode 100644
index 000000000000..4450ce3d807f
--- /dev/null
+++ b/src/chrome/content/rules/SlideShareCDN.com.xml
@@ -0,0 +1,23 @@
+<!--
+	For other LinkedIn coverage, see LinkedIn.xml.
+
+
+	Fully covered hosts:
+
+		- image
+		- image-store
+
+-->
+<ruleset name="SlideShareCDN.com">
+
+	<target host="cdn.slidesharecdn.com"/>
+	<target host="image.slidesharecdn.com"/>
+	<target host="image-store.slidesharecdn.com"/>
+	<target host="public.slidesharecdn.com"/>
+	<target host="static.slidesharecdn.com"/>
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Slides.com.xml b/src/chrome/content/rules/Slides.com.xml
new file mode 100644
index 000000000000..0e871525d043
--- /dev/null
+++ b/src/chrome/content/rules/Slides.com.xml
@@ -0,0 +1,44 @@
+<!--
+	Other Slides rulesets:
+
+		- Slid.es.xml
+
+
+	Nonfunctional hosts in *slides.com:
+
+		- blog *
+
+	* Tumblr
+
+
+	Problematic hosts in *slides.com:
+
+		- help *
+
+	* Uservoice
+
+
+	Insecure cookies are set for these domains:
+
+		- .slides.com
+
+-->
+<ruleset name="Slides.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="slides.com" />
+	<target host="www.slides.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.slides\.com$" name="^(__cfduid|_slides_app_session|cf_clearance)$" /-->
+
+	<securecookie host="^\.slides\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SlimerJS.org.xml b/src/chrome/content/rules/SlimerJS.org.xml
new file mode 100644
index 000000000000..68c4656179bb
--- /dev/null
+++ b/src/chrome/content/rules/SlimerJS.org.xml
@@ -0,0 +1,12 @@
+<ruleset name="SlimerJS.org">
+
+	<target host="slimerjs.org" />
+	<target host="www.slimerjs.org" />
+	<target host="docs.slimerjs.org" />
+	<target host="download.slimerjs.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Slippedisc.com.xml b/src/chrome/content/rules/Slippedisc.com.xml
new file mode 100644
index 000000000000..4a408a30d155
--- /dev/null
+++ b/src/chrome/content/rules/Slippedisc.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Slippedisc.com">
+	<target host="slippedisc.com" />
+	<target host="www.slippedisc.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Slo-Tech.xml b/src/chrome/content/rules/Slo-Tech.xml
deleted file mode 100644
index a3048f5c39f8..000000000000
--- a/src/chrome/content/rules/Slo-Tech.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="Slo-Tech" platform="mixedcontent">
-  <target host="slo-tech.com" />
-  <target host="www.slo-tech.com" />
-  <target host="static.slo-tech.com" />
-
-  <rule from="^http://(?:www\.)?slo-tech\.com/"
-          to="https://slo-tech.com/"/>
-  <rule from="^http://static\.slo-tech\.com/"
-          to="https://static.slo-tech.com/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/Sloan-Digital-Sky-Survey.xml b/src/chrome/content/rules/Sloan-Digital-Sky-Survey.xml
index 1f093f444e9b..683fa8993028 100644
--- a/src/chrome/content/rules/Sloan-Digital-Sky-Survey.xml
+++ b/src/chrome/content/rules/Sloan-Digital-Sky-Survey.xml
@@ -1,10 +1,16 @@
-<ruleset name="Sloan Digital Sky Survey (partial)">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://sdss3.org/ => https://sdss3.org/: (51, "SSL: no alternative certificate subject name matches target host name 'sdss3.org'")
+
+-->
+<ruleset name="Sloan Digital Sky Survey (partial)" default_off="failed ruleset test">
 
 	<target host="sdss3.org"/>
 	<target host="*.sdss3.org"/>
 		<exclusion pattern="^http://www-visualmedia\."/>
 
-	<securecookie host="^(.*\.)?sdss3\.org$" name=".*"/>
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http://(\w+\.)?sdss3\.org/"
 		to="https://$1sdss3.org/"/>
diff --git a/src/chrome/content/rules/Sloan_Consortium.xml b/src/chrome/content/rules/Sloan_Consortium.xml
index faca07bea7ce..180b94f772b7 100644
--- a/src/chrome/content/rules/Sloan_Consortium.xml
+++ b/src/chrome/content/rules/Sloan_Consortium.xml
@@ -11,7 +11,7 @@
 	<target host="www.sloanconsortium.org" />
 
 
-	<rule from="^https?://(?:www\.)?sloanconsortium\.org/sites/"
+	<rule from="^http://(?:www\.)?sloanconsortium\.org/sites/"
 		to="https://sloanconsortium.org/sites/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Slon.ru.xml b/src/chrome/content/rules/Slon.ru.xml
new file mode 100644
index 000000000000..a8764aca4e4f
--- /dev/null
+++ b/src/chrome/content/rules/Slon.ru.xml
@@ -0,0 +1,41 @@
+<!--
+	www.slon.ru: 404
+
+
+	Insecure cookies are set for these domains:
+
+		- .slon.ru
+
+
+	Mixed content:
+
+		- Bug on ^ from b.scorecardresearch.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Slon.ru">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="slon.ru" />
+
+	<!--	Complications:
+				-->
+	<target host="www.slon.ru" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.slon\.ru$" name="^_SESS$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://www\.slon\.ru/"
+		to="https://slon.ru/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Slotsfrisoren.dk.xml b/src/chrome/content/rules/Slotsfrisoren.dk.xml
new file mode 100644
index 000000000000..907186f1cc92
--- /dev/null
+++ b/src/chrome/content/rules/Slotsfrisoren.dk.xml
@@ -0,0 +1,6 @@
+<ruleset name="Slotsfrisoren.dk">
+	<target host="slotsfrisoren.dk" />
+	<target host="www.slotsfrisoren.dk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Slough.gov.uk.xml b/src/chrome/content/rules/Slough.gov.uk.xml
new file mode 100644
index 000000000000..45ee3c10723d
--- /dev/null
+++ b/src/chrome/content/rules/Slough.gov.uk.xml
@@ -0,0 +1,69 @@
+<!--
+	Slough Borough Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *slough.gov.uk:
+
+		- citizen ᵈ
+		- servicesguide *
+		- www2 ʳ
+
+	* Redirects to search3.openobjects.com
+	ᵈ Dropped
+	ʳ Refused
+
+
+	Problematic hosts in *slough.gov.uk:
+
+		- css * ᵐ
+		- static * ᵐ
+
+	* Seems equivalent to www.slough.gov.uk
+	ᵐ Mismatched
+
+
+	These altnames don't exist:
+
+		- www.capita.slough.gov.uk
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- css.slough.gov.uk
+		- static.slough.gov.uk
+		- www.slough.gov.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Slough.gov.uk (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="slough.gov.uk" />
+	<target host="capita.slough.gov.uk" />
+	<target host="selfservice.slough.gov.uk" />
+	<target host="www.slough.gov.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="css.slough.gov.uk" />
+	<target host="static.slough.gov.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:css|static|www)\.slough\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://(?:css|static)\.slough\.gov\.uk/"
+		to="https://www.slough.gov.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SlovakGovernment.xml b/src/chrome/content/rules/SlovakGovernment.xml
new file mode 100644
index 000000000000..0ebfb024811f
--- /dev/null
+++ b/src/chrome/content/rules/SlovakGovernment.xml
@@ -0,0 +1,146 @@
+<!--
+
+    For Slovak Central Government Portal, see Slovensko.sk.xml
+
+    Nonfunctional hosts:
+
+    connection refused:
+        - metais.finance.gov.sk
+
+    certificate chain issues:
+-       - www.ujd.gov.sk
+-->
+<ruleset name="SlovakGovernment">
+
+<!-- Government Office of the Slovak Republic -->
+  <target host="vlada.gov.sk" />
+  <target host="www.vlada.gov.sk" />
+  <target host="radaprestatnusluzbu.vlada.gov.sk" />
+
+<!--  Ministry of Economy -->
+  <target host="www.mhsr.sk" />
+  <target host="www.soi.sk" />
+  <target host="sario.sk" />
+  <target host="www.sario.sk" />
+
+<!-- Ministry of Investments, Regional Development and Informatization -->
+  <target host="mirri.gov.sk" />
+  <target host="www.mirri.gov.sk" />
+
+<!-- Ministry of Transport and Construction -->
+  <target host="mindop.sk" />
+  <target host="www.mindop.sk" />
+
+<!-- Ministry of Agriculture and Rural Development -->
+  <target host="mpsr.sk" />
+  <target host="www.mpsr.sk" />
+
+<!-- Ministry of Labour, Social Affairs and Family -->
+  <target host="www.employment.gov.sk" />
+
+<!-- Ministry of the Environment -->
+  <target host="minzp.sk" />
+  <target host="www.minzp.sk" />
+
+<!-- Central register of contracts -->
+  <target host="crz.gov.sk" />
+  <target host="www.crz.gov.sk" />
+
+<!-- Central register of projects -->
+  <target host="crp.gov.sk" />
+  <target host="www.crp.gov.sk" />
+
+<!-- National Council of the Slovak Republic -->
+  <target host="www.nrsr.sk" />
+
+<!-- President of the Slovak republic -->
+  <target host="prezident.sk" />
+  <target host="www.prezident.sk" />
+
+<!-- Ministry of Finance of the Slovak Republic -->
+  <target host="mfsr.sk" />
+  <target host="www.mfsr.sk" />
+  <target host="dotacie.mfsr.sk" />
+  <target host="www.finance.gov.sk" />
+  <target host="financnasprava.sk" />
+  <target host="www.financnasprava.sk" />
+  <target host="www.cep.financnasprava.sk" />
+  <target host="rozpocet.sk" />
+  <target host="www.rozpocet.sk" />
+  <target host="www.ropk.sk" />
+  <target host="pohladavkystatu.sk" />
+  <target host="www.pohladavkystatu.sk" />
+  <target host="www.majetokstatu.sk" />
+  <target host="registeruz.sk" />
+  <target host="www.registeruz.sk" />
+  <target host="www.datacentrum.sk" />
+  <target host="csirt.gov.sk" />
+  <target host="www.csirt.gov.sk" />
+
+<!-- Ministy of Defense of Slovak Republic -->
+  <target host="mosr.sk" />
+  <target host="www.mosr.sk" />
+
+<!-- Ministry of Foreign and European Affairs of the Slovak Republic -->
+  <target host="www.mzv.sk" />
+
+<!-- Justice ministry -->
+  <target host="justice.sk" />
+  <target host="www.justice.sk" />
+  <target host="web.justice.sk" />
+  <target host="esmo.gov.sk" />
+  <target host="www.justice.gov.sk" />
+  <target host="obcan.justice.sk" />
+  <target host="www.radavladylp.gov.sk" />
+
+<!-- Ministry of Education -->
+  <target host="www.minedu.sk" />
+  <target host="iedu.sk" />
+  <target host="www.iedu.sk" />
+
+<!-- Ministry of Culture -->
+  <target host="culture.gov.sk" />
+  <target host="www.culture.gov.sk" />
+
+<!-- Ministry of Health -->
+  <target host="health.gov.sk" />
+  <target host="www.health.gov.sk" />
+
+<!-- Office for Public Procurement -->
+  <target host="uvo.gov.sk" />
+  <target host="www.uvo.gov.sk" />
+
+<!-- Industrial Property Office of the Slovak Republic -->
+  <target host="www.indprop.gov.sk" />
+
+<!-- Nuclear Regulatory Authority of the Slovak Republic -->
+
+<!-- Supreme Audit Office of the Slovak Republic -->
+  <target host="www.nku.gov.sk" />
+
+<!-- Slovak Academy of Sciences -->
+  <target host="sav.sk" />
+  <target host="www.sav.sk" />
+
+<!--  Standards portal -->
+  <target host="sutn.sk" />
+  <target host="www.sutn.sk" />
+
+<!-- Cadastral Portal -->
+  <target host="www.katasterportal.sk" />
+  <target host="zbgis.skgeodesy.sk" />
+
+<!-- Business Register - Justice ministry -->
+  <target host="orsr.sk" />
+  <target host="www.orsr.sk" />
+
+<!-- Legislative and Information Portal Slov-Lex -->
+  <target host="slov-lex.sk" />
+  <target host="www.slov-lex.sk" />
+
+  <rule from="^http://mfsr\.sk/" to="https://www.mfsr.sk/" />
+  <rule from="^http://mindop\.sk/" to="https://www.mindop.sk/" />
+
+  <rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Slovakrail.sk.xml b/src/chrome/content/rules/Slovakrail.sk.xml
new file mode 100644
index 000000000000..33ff08535b13
--- /dev/null
+++ b/src/chrome/content/rules/Slovakrail.sk.xml
@@ -0,0 +1,9 @@
+<ruleset name="Slovakrail.sk">
+  <target host="slovakrail.sk" />
+  <target host="www.slovakrail.sk" />
+  <target host="ikvc.slovakrail.sk" />
+
+  <rule from="^http://(?:www\.)?slovakrail\.sk/" to="https://www.slovakrail.sk/" />
+  <rule from="^http://ikvc\.slovakrail\.sk/" to="https://ikvc.slovakrail.sk/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Slovensko.digital.xml b/src/chrome/content/rules/Slovensko.digital.xml
new file mode 100644
index 000000000000..aa3ebacfa947
--- /dev/null
+++ b/src/chrome/content/rules/Slovensko.digital.xml
@@ -0,0 +1,19 @@
+<!--
+
+    Nonfunctional hosts:
+
+    certificate chain issues:
+        - edunet.slovensko.digital
+-->
+
+<ruleset name="Slovensko.digital">
+	<target host="slovensko.digital" />
+	<target host="www.slovensko.digital" />
+	<target host="ekosystem.slovensko.digital" />
+	<target host="platforma.slovensko.digital" />
+	<target host="stream.slovensko.digital" />
+	<target host="www.stream.slovensko.digital" />
+	<target host="vyzva.slovensko.digital" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Slovensko.sk.xml b/src/chrome/content/rules/Slovensko.sk.xml
new file mode 100644
index 000000000000..fbb2b9c77369
--- /dev/null
+++ b/src/chrome/content/rules/Slovensko.sk.xml
@@ -0,0 +1,37 @@
+<!--
+	Slovak Central Government Portal
+
+	For other Slovak Government sites see SlovakGovernment.xml
+
+	Nonfunctional hosts in *.slovensko.sk:
+
+	connection refused:
+		- eschranka.slovensko.sk
+		- eschranka1.slovensko.sk
+		- iamwse.slovensko.sk
+		- irsp.slovensko.sk
+		- mail.slovensko.sk
+		- portal1.slovensko.sk
+		- prihlasenie-retry.slovensko.sk
+		- uir.slovensko.sk
+		- usr.slovensko.sk
+	self-signed certificate:
+		- export.slovensko.sk
+	timeout on https:
+		- helpdesk.slovensko.sk
+-->
+<ruleset name="Slovensko.sk">
+	<target host="slovensko.sk" />
+	<target host="www.slovensko.sk" />
+	<target host="cuet.slovensko.sk" />
+	<target host="dotacie.slovensko.sk" />
+	<target host="eformulare.slovensko.sk" />
+	<target host="eidas.slovensko.sk" />
+	<target host="formulare.slovensko.sk" />
+	<target host="open.slovensko.sk" />
+	<target host="prihlasenie.slovensko.sk" />
+	<target host="schranka.slovensko.sk" />
+	<target host="schranka1.slovensko.sk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Slproweb.com.xml b/src/chrome/content/rules/Slproweb.com.xml
new file mode 100644
index 000000000000..edaa89f3b0e2
--- /dev/null
+++ b/src/chrome/content/rules/Slproweb.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Shining Light Productions">
+	<target host="slproweb.com" />
+	<target host="www.slproweb.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SlySoft.xml b/src/chrome/content/rules/SlySoft.xml
deleted file mode 100644
index fc0ebac61e52..000000000000
--- a/src/chrome/content/rules/SlySoft.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="SlySoft" default_off="Cert warning">
-  <target host="slysoft.com" />
-  <target host="forum.slysoft.com" />
-  <target host="www.slysoft.com" />
-
-  <rule from="^http://forum\.slysoft\.com/" to="https://forum.slysoft.com/"/>
-  <rule from="^https?://(?:www\.)?slysoft\.com/" to="https://www.slysoft.com/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/Slyar.com.xml b/src/chrome/content/rules/Slyar.com.xml
new file mode 100644
index 000000000000..fd2183cb97e1
--- /dev/null
+++ b/src/chrome/content/rules/Slyar.com.xml
@@ -0,0 +1,21 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://slyar.com/ => https://slyar.com/: Too many redirects while fetching 'https://slyar.com/'
+Fetch error: http://www.slyar.com/ => https://www.slyar.com/: Too many redirects while fetching 'https://www.slyar.com/'
+
+-->
+<ruleset name="Slyar.com" default_off="failed ruleset test">
+
+	<target host="slyar.com" />
+	<target host="www.slyar.com" />
+
+
+	<securecookie host="^\." name="^__utm" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Smack.co.uk-problematic.xml b/src/chrome/content/rules/Smack.co.uk-problematic.xml
deleted file mode 100644
index eb8a07c5747a..000000000000
--- a/src/chrome/content/rules/Smack.co.uk-problematic.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	For rules that are on by default, see Smack.co.uk.xml.
-
--->
-<ruleset name="Smack.co.uk (problematic)" default_off="self-signed">
-
-	<target host="smack.co.uk" />
-	<target host="www.smack.co.uk" />
-
-
-	<securecookie host="^www\.smack\.co\.uk$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?smack\.co\.uk/"
-		to="https://www.smack.co.uk/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Smack.co.uk.xml b/src/chrome/content/rules/Smack.co.uk.xml
index 6186dd0857b7..bf499085c343 100644
--- a/src/chrome/content/rules/Smack.co.uk.xml
+++ b/src/chrome/content/rules/Smack.co.uk.xml
@@ -1,36 +1,25 @@
 <!--
-	For problematic rules, see Smack.co.uk-problematic.xml.
-
-
-	CDN buckets:
-
-		- d2oq2oj0pg3sng.cloudfront.net
-
-			- cdn
-
-
-	Problematic subdomains:
-
-		- (www.)	(works, self-signed)
-		- cdn		(cloudfront)
-
-
 	Mixed content:
 
-		- Images on, www from:
-
-			- cdn *
-			- farm\d.static.flickr.com *
+		- Images from projecthoneypot.org *
 
 	* Secured by us
 
 -->
-<ruleset name="Smack.co.uk (partial)">
+<ruleset name="Smack.co.uk">
+
+	<target host="smack.co.uk" />
+	<target host="www.smack.co.uk" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.smack\.co\.uk$" name="^(?:__cfduid|cf_clearance)$" /-->
 
-	<target host="cdn.smack.co.uk" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://cdn\.smack\.co\.uk/"
-		to="https://d2oq2oj0pg3sng.cloudfront.net/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/SmackJeeves.xml b/src/chrome/content/rules/SmackJeeves.xml
new file mode 100644
index 000000000000..c4876320c3ac
--- /dev/null
+++ b/src/chrome/content/rules/SmackJeeves.xml
@@ -0,0 +1,17 @@
+<!--
+	Smack Jeeves Webcomic Hosting (www.smackjeeves.com)
+
+	Known non-HTTPS hosts in *.smackjeeves.com:
+
+		- img2.smackjeeves.com (image server)
+		- *.smackjeeves.com (comic sites, except img2.smackjeeves.com
+		                     and www.smackjeeves.com)
+
+-->
+<ruleset name="Smack Jeeves (partial)">
+	<target host="www.smackjeeves.com" />
+	<target host="smackjeeves.com" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Smackcoders.com.xml b/src/chrome/content/rules/Smackcoders.com.xml
new file mode 100644
index 000000000000..d3aa2cc92772
--- /dev/null
+++ b/src/chrome/content/rules/Smackcoders.com.xml
@@ -0,0 +1,25 @@
+<!--
+	^smackcoders.com: Redirect differs
+
+-->
+<ruleset name="Smackcoders.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.smackcoders.com" />
+
+	<!--	Complications:
+				-->
+	<target host="smackcoders.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://smackcoders\.com/"
+		to="https://www.smackcoders.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SmallArmsReview.com.xml b/src/chrome/content/rules/SmallArmsReview.com.xml
new file mode 100644
index 000000000000..c97295bc0fae
--- /dev/null
+++ b/src/chrome/content/rules/SmallArmsReview.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="SmallArmsReview.com">
+	<target host="smallarmsreview.com" />
+	<target host="www.smallarmsreview.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SmallCultFollowing.com.xml b/src/chrome/content/rules/SmallCultFollowing.com.xml
new file mode 100644
index 000000000000..1c8aa5d5dd5d
--- /dev/null
+++ b/src/chrome/content/rules/SmallCultFollowing.com.xml
@@ -0,0 +1,12 @@
+<!--
+	Mismatch:
+		svn.smallcultfollowing.com
+-->
+<ruleset name="SmallCultFollowing.com">
+	<target host="smallcultfollowing.com" />
+	<target host="www.smallcultfollowing.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SmallFormFactor.net.xml b/src/chrome/content/rules/SmallFormFactor.net.xml
new file mode 100644
index 000000000000..dd43fd2c7b21
--- /dev/null
+++ b/src/chrome/content/rules/SmallFormFactor.net.xml
@@ -0,0 +1,11 @@
+<ruleset name="SmallFormFactor.net">
+	<target host="smallformfactor.net" />
+	<target host="www.smallformfactor.net" />
+
+	<target host="sffwiki.net" />
+	<target host="www.sffwiki.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Small_World_Labs.com.xml b/src/chrome/content/rules/Small_World_Labs.com.xml
new file mode 100644
index 000000000000..4850c5c51927
--- /dev/null
+++ b/src/chrome/content/rules/Small_World_Labs.com.xml
@@ -0,0 +1,12 @@
+<!--
+	(www.): refused
+
+-->
+<ruleset name="Small World Labs.com (partial)">
+
+	<target host="static.smallworldlabs.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Smallbits.com.xml b/src/chrome/content/rules/Smallbits.com.xml
index 848e63c2ad8f..7573295566a8 100644
--- a/src/chrome/content/rules/Smallbits.com.xml
+++ b/src/chrome/content/rules/Smallbits.com.xml
@@ -1,15 +1,18 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://secure.smallbits.com/ => https://secure.smallbits.com/: (60, 'SSL certificate problem: certificate has expired')
+
 	Nonfunctional subdomains:
 
 		- (www.)	(shows secure; mismatched, CN: secure.smallbits.com)
 
 -->
-<ruleset name="Smallbits.com (partial)">
+<ruleset name="Smallbits.com (partial)" default_off="failed ruleset test">
 
 	<target host="secure.smallbits.com" />
 
 
-	<rule from="^http://secure\.smallbits\.com/"
-		to="https://secure.smallbits.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Smallpdf.com.xml b/src/chrome/content/rules/Smallpdf.com.xml
new file mode 100644
index 000000000000..5e29d515ea76
--- /dev/null
+++ b/src/chrome/content/rules/Smallpdf.com.xml
@@ -0,0 +1,10 @@
+<!--
+	Different content:
+		-  extract.smallpdf.com
+-->
+<ruleset name="Smallpdf.com">
+	<target host="smallpdf.com" />
+	<target host="www.smallpdf.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SmarTrend.xml b/src/chrome/content/rules/SmarTrend.xml
index f0d241cce67f..5dba83635389 100644
--- a/src/chrome/content/rules/SmarTrend.xml
+++ b/src/chrome/content/rules/SmarTrend.xml
@@ -16,7 +16,6 @@
 	<target host="www.mysmartrend.com" />
 
 
-	<rule from="^https?://(?:www\.)?mysmartrend\.com/"
-		to="https://www.mysmartrend.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Smart-AdServer.xml b/src/chrome/content/rules/Smart-AdServer.xml
index c3731d7d38d4..969e435cf9a2 100644
--- a/src/chrome/content/rules/Smart-AdServer.xml
+++ b/src/chrome/content/rules/Smart-AdServer.xml
@@ -1,7 +1,6 @@
 <!--
 	For other Axel Springer coverage, see Axel-Springer.xml.
 
-
 	Nonfunctional domains:
 
 		- smartadserver.com		(refused)
@@ -13,43 +12,259 @@
 
 		- (www.)
 
+		Non-200 status code & no known test url
+			- managebeta.smartadserver.com
+
+		Cert expired:
+			- ww284-eqx.smartadserver.com
+			- ww284-itx4.smartadserver.com
+			- ww284-itx5.smartadserver.com
+			- ww284.smartadserver.com
 
-	Fully covered domains:
+		Cert mismatch:
+			- ww339-itx5.smartadserver.com
+			- ww362-itx4.smartadserver.com
+			- betclic.smartadserver.com
+			- go.smartadserver.com
+			- itx4-publicidad.smartadserver.com
+			- itx5-publicidad.smartadserver.com
+			- tmk-akrma.smartadserver.com
+			- tmk-ecadn.smartadserver.com
+			- tmk-eltiempo.smartadserver.com
+			- ww1-aufemininsecure-eqx.smartadserver.com
+			- ww1-aufemininsecure-itx4.smartadserver.com
+			- ww1003-itx4.smartadserver.com
+			- ww1003-itx5.smartadserver.com
+			- ww1199-eqx.smartadserver.com
+			- ww1199-itx4.smartadserver.com
+			- ww1199-itx5.smartadserver.com
+			- ww1199.smartadserver.com
+			- ww13.smartadserver.com
+			- ww1316-eqx.smartadserver.com
+			- ww1316-itx4.smartadserver.com
+			- ww1316-itx5.smartadserver.com
+			- ww1316-tmk.smartadserver.com
+			- ww1316.smartadserver.com
+			- ww1350-tmk.smartadserver.com
+			- ww1373-eqx.smartadserver.com
+			- ww1373-itx4.smartadserver.com
+			- ww16-eqx.smartadserver.com
+			- ww16-itx4.smartadserver.com
+			- ww16-itx5.smartadserver.com
+			- ww1649-eqx.smartadserver.com
+			- ww1649-tmk.smartadserver.com
+			- ww1649.smartadserver.com
+			- ww2060-itx4.smartadserver.com
+			- ww276.smartadserver.com
+			- ww362-itx5.smartadserver.com
+			- ww362.smartadserver.com
+			- ww474-itx5.smartadserver.com
+			- ww484-itx4.smartadserver.com
+			- ww484-itx5.smartadserver.com
+			- ww484.smartadserver.com
+			- ww55-eqx.smartadserver.com
+			- ww55-itx4.smartadserver.com
+			- ww55-itx5.smartadserver.com
+			- ww55.smartadserver.com
+			- ww58-eqx.smartadserver.com
+			- ww58-itx4.smartadserver.com
+			- ww58-itx5.smartadserver.com
+			- ww668-eqx.smartadserver.com
+			- ww668-itx5.smartadserver.com
+			- ww671-eqx.smartadserver.com
+			- ww671-itx5.smartadserver.com
+			- ww671.smartadserver.com
+			- ww687-itx5.smartadserver.com
+			- ww688-itx5.smartadserver.com
+			- ww721-eqx.smartadserver.com
+			- ww721-itx4.smartadserver.com
+			- ww721-itx5.smartadserver.com
 
-		- ced.sascdn.com	(→ im2.smartadserver.com)
+		Chain issue:
+			- support.smartadserver.com
 
-		- smartadserver.com subdomains:
+		Connection refused:
+			- blog.smartadserver.com
+			- demo.smartadserver.com
+			- gallery.smartadserver.com
+			- jobs.smartadserver.com
+			- media.smartadserver.com
+			- rtbplus.smartadserver.com
 
-			- akamai	(→ im2)
-			- diff
-			- im2
-			- manage
-			- managebeta
-			- www4
+		Timeout:
+			- mail.sascdn.com
+			- china.smartadserver.com
 
+		TLS error:
+			- forecast.smartadserver.com
 -->
-<ruleset name="Smart AdServer (partial)">
+<ruleset name="Smart AdServer.com (partial)" >
 
+	<target host="ak.sascdn.com" />
+	<target host="ak-ns.sascdn.com" />
 	<target host="ced.sascdn.com" />
+	<target host="ced-ns.sascdn.com" />
+	<target host="creatives.sascdn.com" />
+	<target host="ec.sascdn.com" />
+	<target host="ec-ns.sascdn.com" />
+	<target host="ns.sascdn.com" />
+	<target host="r.sascdn.com" />
+	<target host="r-eqx.sascdn.com" />
+	<target host="r-itx4.sascdn.com" />
+	<target host="r-itx5.sascdn.com" />
+	<target host="r-tmk.sascdn.com" />
+	<target host="static.sascdn.com" />
+	<target host="static-origin.sascdn.com" />
+
 	<target host="smartadserver.com" />
-	<target host="*.smartadserver.com" />
+	<target host="www.smartadserver.com" />
+	<target host="akamai.smartadserver.com" />
+
+	<target host="boursorama.smartadserver.com" />
+	<target host="cdn.smartadserver.com" />
+	<target host="cdn1.smartadserver.com" />
+	<target host="cdn2.smartadserver.com" />
+	<target host="cdnorig.smartadserver.com" />
+	<target host="csync-tmk.smartadserver.com" />
+	<target host="csync.smartadserver.com" />
+
+	<target host="diff.smartadserver.com" />
+	<target host="diff2.smartadserver.com" />
+	<target host="diff3.smartadserver.com" />
+	<target host="diff4.smartadserver.com" />
+	<target host="diffdev44.smartadserver.com" />
+	<target host="eqx-itx4.smartadserver.com" />
+	<target host="eqx-secure.smartadserver.com" />
+	<target host="eqx-tmk-geoloc.smartadserver.com" />
+	<target host="eqx.smartadserver.com" />
+
+	<target host="forecastapi.smartadserver.com" />
+
+	<target host="geoced.smartadserver.com" />
+	<target host="help.smartadserver.com" />
+	<target host="im2.smartadserver.com" />
+	<target host="infra44.smartadserver.com" />
+	<target host="itx4.smartadserver.com" />
+	<target host="itx5-eqx.smartadserver.com" />
+	<target host="itx5-itx4-eqx.smartadserver.com" />
+	<target host="itx5-itx4.smartadserver.com" />
+	<target host="itx5-peak.smartadserver.com" />
+
+	<target host="itx5-secure.smartadserver.com" />
+	<target host="itx5.smartadserver.com" />
+
+	<target host="manage-eqx.smartadserver.com" />
+	<target host="manage-itx5.smartadserver.com" />
+	<target host="manage-v37.smartadserver.com" />
+	<target host="manage-v38.smartadserver.com" />
+	<target host="manage-v39.smartadserver.com" />
+	<target host="manage-v5.smartadserver.com" />
+	<target host="manage-v53.smartadserver.com" />
+	<target host="manage.smartadserver.com" />
+
+	<target host="mobile.smartadserver.com" />
+	<target host="notification.smartadserver.com" />
+	<target host="preview.smartadserver.com" />
+	<target host="prg.smartadserver.com" />
+	<target host="prtg44.smartadserver.com" />
+	<target host="reports.smartadserver.com" />
+	<target host="rtb-csync-blackhole.smartadserver.com" />
+	<target host="rtb-csync.smartadserver.com" />
+
+	<target host="ssp-csync.smartadserver.com" />
+
+	<target host="sync.smartadserver.com" />
+
+	<target host="tmk-eqx-geoloc.smartadserver.com" />
+	<target host="tmk-secure.smartadserver.com" />
+	<target host="tmk.smartadserver.com" />
+	<target host="usharbors.smartadserver.com" />
+	<target host="w1716.smartadserver.com" />
+
+	<target host="ww1.smartadserver.com" />
+
+	<target host="ww1075.smartadserver.com" />
+	<target host="ww1082.smartadserver.com" />
+	<target host="ww1097.smartadserver.com" />
+	<target host="ww1139.smartadserver.com" />
+
+	<target host="ww1270.smartadserver.com" />
+	<target host="ww1289.smartadserver.com" />
+	<target host="ww129.smartadserver.com" />
+
+	<target host="ww1325.smartadserver.com" />
+	<target host="ww135.smartadserver.com" />
+
+	<target host="ww14.smartadserver.com" />
+	<target host="ww147.smartadserver.com" />
+	<target host="ww1510.smartadserver.com" />
+	<target host="ww1551.smartadserver.com" />
+	<target host="ww1575.smartadserver.com" />
+
+
+	<target host="ww1694.smartadserver.com" />
+
+	<target host="ww17.smartadserver.com" />
+	<target host="ww1703.smartadserver.com" />
+	<target host="ww1755.smartadserver.com" />
+	<target host="ww1936.smartadserver.com" />
+	<target host="ww1972.smartadserver.com" />
+	<target host="ww2026.smartadserver.com" />
+	<target host="ww206.smartadserver.com" />
+
+	<target host="ww2234.smartadserver.com" />
+	<target host="ww2313.smartadserver.com" />
+	<target host="ww234.smartadserver.com" />
+	<target host="ww2451.smartadserver.com" />
+	<target host="ww2468.smartadserver.com" />
+	<target host="ww251.smartadserver.com" />
+	<target host="ww264.smartadserver.com" />
+
+	<target host="ww299.smartadserver.com" />
+	<target host="ww302.smartadserver.com" />
+
+	<target host="ww370.smartadserver.com" />
+	<target host="ww38.smartadserver.com" />
+	<target host="ww381.smartadserver.com" />
+	<target host="ww386.smartadserver.com" />
+	<target host="ww392.smartadserver.com" />
+	<target host="ww400.smartadserver.com" />
+
+	<target host="ww488.smartadserver.com" />
+	<target host="ww489.smartadserver.com" />
+	<target host="ww50.smartadserver.com" />
+
+	<target host="ww57.smartadserver.com" />
+
+	<target host="ww619.smartadserver.com" />
+	<target host="ww62.smartadserver.com" />
+	<target host="ww651.smartadserver.com" />
 
+	<target host="ww684.smartadserver.com" />
 
-	<!--	Wildcard cookies set by web bugs:
-							-->
-	<securecookie host="^\.smartadserver\.com$" name="^(?:pdomid|pbw|pid|sasd2?|TestIfCookieP?|vs)" />
-	<securecookie host="^(?:diff|im2|manage|www)\.smartadserver\.com$" name=".+" />
+	<target host="ww690.smartadserver.com" />
+	<target host="ww691.smartadserver.com" />
 
+	<target host="ww797.smartadserver.com" />
+	<target host="ww84.smartadserver.com" />
+	<target host="ww856.smartadserver.com" />
+	<target host="ww881.smartadserver.com" />
+	<target host="ww946.smartadserver.com" />
+	<target host="ww965.smartadserver.com" />
+	<target host="www14.smartadserver.com" />
+	<target host="www15.smartadserver.com" />
+	<target host="www2.smartadserver.com" />
+	<target host="www3.smartadserver.com" />
+	<target host="www4.smartadserver.com" />
+	<target host="www5.smartadserver.com" />
+	<target host="www6.smartadserver.com" />
+	<target host="www7.smartadserver.com" />
+	<target host="www8.smartadserver.com" />
 
-	<!--	every https URL redirects to shim.gif	-->
-	<rule from="^http://(?:www\.)?smartadserver\.com/(images/)?shim\.gif$"
-		to="https://www.smartadserver.com/$1shim.gif"/>
+	<securecookie host=".+" name=".+" />
 
-	<!--	cert: Akamai.  Appears to be the same as above.	-->
-	<rule from="^http://(?:ced\.sascdn|akamai\.smartadserver)\.com/"
-		to="https://im2.smartserver.com/"/>
+	<rule from="^http:"
+		to="https:" />
 
-	<rule from="^http://(diff|im2|manage(?:beta)?|www4?)\.smartadserver\.com/"
-		to="https://$1.smartadserver.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Smart-Mail.xml b/src/chrome/content/rules/Smart-Mail.xml
index 7623cfed86b6..53f16dfe8dd9 100644
--- a/src/chrome/content/rules/Smart-Mail.xml
+++ b/src/chrome/content/rules/Smart-Mail.xml
@@ -4,5 +4,5 @@
 
   <securecookie host="^(?:www\.)?smart-mail\.de$" name=".+" />
 
-  <rule from="^http://(?:www\.)?smart-mail\.de/" to="https://www.smart-mail.de/" />
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Smart.ly.xml b/src/chrome/content/rules/Smart.ly.xml
new file mode 100644
index 000000000000..af5c101c7d94
--- /dev/null
+++ b/src/chrome/content/rules/Smart.ly.xml
@@ -0,0 +1,12 @@
+<ruleset name="Smart.ly">
+
+	<target host="smart.ly" />
+	<target host="www.smart.ly" />
+
+
+	<securecookie host="^\.smart\.ly$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SmartBear.xml b/src/chrome/content/rules/SmartBear.xml
deleted file mode 100644
index 8a027a4ab242..000000000000
--- a/src/chrome/content/rules/SmartBear.xml
+++ /dev/null
@@ -1,32 +0,0 @@
-<!--	Nonfunctional:
-		(blog|support).smartbear.com	(cert: clientservices.automatedqa.com; 404)
-		community.smartbear.com		(cert: clientservices.automatedqa.com; shows client services portal login)
-		wiki.smartbear.com
-		www2.smartbear.com		(cert: *.marketo.com; 404)
--->
-<ruleset name="SmartBear (partial)">
-
-	<target host="alertsite.com"/>
-	<target host="www.alertsite.com"/>
-	<target host="clientservices.automatedqa.com"/>
-	<target host="my.smartbear.com"/>
-	<target host="login.softwareplanner.com"/>
-
-
-	<securecookie host="^my\.smartbear\.com$" name=".*"/>
-	<securecookie host="^login\.softwareplanner\.com$" name=".*"/>
-
-
-	<rule from="^http://(?:www\.)?alertsite\.com/"
-		to="https://www.alertsite.com/"/>
-
-	<rule from="^https?://clientservices\.automatedqa\.com/"
-		to="https://my.smartbear.com/"/>
-
-	<rule from="^http://my\.smartbear\.com/"
-		to="https://my.smartbear.com/"/>
-
-	<rule from="^http://login\.softwareplanner\.com/"
-		to="https://login.softwareplanner.com/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/SmartBrief.xml b/src/chrome/content/rules/SmartBrief.xml
index dc064cb3c424..52b6c6263085 100644
--- a/src/chrome/content/rules/SmartBrief.xml
+++ b/src/chrome/content/rules/SmartBrief.xml
@@ -1,7 +1,15 @@
-<ruleset name="SmartBrief">
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://smartbrief.com/ (200) => https://smartbrief.com/ (404)
+Non-2xx HTTP code: http://www.smartbrief.com/ (200) => https://www.smartbrief.com/ (404)
+
+-->
+<ruleset name="SmartBrief" default_off="failed ruleset test">
 
 	<target host="smartbrief.com" />
-	<target host="*.smartbrief.com" />
+	<target host="jobs.smartbrief.com" />
+	<target host="www.smartbrief.com" />
 
 
 	<!--	Observed cookie domains:
@@ -10,10 +18,9 @@
 			- jobs
 			- www
 				-->
-	<securecookie host="^(.*\.)?smartbrief\.com$" name=".*" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(jobs\.|www\.)?smartbrief\.com/"
-		to="https://$1smartbrief.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/SmartFTP.xml b/src/chrome/content/rules/SmartFTP.xml
deleted file mode 100644
index c807ec3a8217..000000000000
--- a/src/chrome/content/rules/SmartFTP.xml
+++ /dev/null
@@ -1,5 +0,0 @@
-<ruleset name="SmartFTP">
-  <target host="smartftp.com" />
-  <target host="www.smartftp.com" />
-  <rule from="^http://(?:www\.)?smartftp\.com/" to="https://www.smartftp.com/" />
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/SmartHide.xml b/src/chrome/content/rules/SmartHide.xml
index 3f45449de220..d1328205f866 100644
--- a/src/chrome/content/rules/SmartHide.xml
+++ b/src/chrome/content/rules/SmartHide.xml
@@ -1,7 +1,9 @@
 <!--
-	Nonfunctional subdomains:
+	Nonfunctional hosts in smarthide.com:
 
-		- blog	(cert: smarthide.com; shows that domain's data)
+		- blog ᵃ
+
+	ᵃ Shows ^smarthide.com
 
 -->
 <ruleset name="SmartHide (partial)">
@@ -9,12 +11,9 @@
 	<target host="smarthide.com" />
 	<target host="www.smarthide.com" />
 
+	<securecookie host="^\w" name=".+" />
 
-	<securecookie host="^smarthide\.com$" name=".*" />
-
-
-	<!--	Cert doesn't match www.	-->
-	<rule from="^http://(?:www\.)?smarthide\.com/"
-		to="https://smarthide.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/SmartOS.org.xml b/src/chrome/content/rules/SmartOS.org.xml
new file mode 100644
index 000000000000..295290623c8f
--- /dev/null
+++ b/src/chrome/content/rules/SmartOS.org.xml
@@ -0,0 +1,29 @@
+<!--
+	For other Joyent coverage, see Joyent.xml.
+
+
+	Insecure cookies are set for these hosts:
+
+		- wiki.smartos.org
+
+-->
+<ruleset name="SmartOS.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="smartos.org" />
+	<target host="wiki.smartos.org" />
+	<target host="www.smartos.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^wiki\.smartos\.org$" name="^JSESSIONID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SmartPractice.com.xml b/src/chrome/content/rules/SmartPractice.com.xml
index 7337216dc27d..d049c7411ea2 100644
--- a/src/chrome/content/rules/SmartPractice.com.xml
+++ b/src/chrome/content/rules/SmartPractice.com.xml
@@ -1,11 +1,32 @@
-<ruleset name="SmartPractice">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://allerderm.com/ => https://allerderm.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.allerderm.com/ => https://allerderm.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://finnchamber.com/ => https://www.finnchamber.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.finnchamber.com/ => https://www.finnchamber.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://allerderm.com/ => https://allerderm.com/: (51, "SSL: no alternative certificate subject name matches target host name 'allerderm.com'")
+Fetch error: http://www.allerderm.com/ => https://allerderm.com/: (51, "SSL: no alternative certificate subject name matches target host name 'allerderm.com'")
+	Problematic domains:
+
+		- finnchamber.com *
+
+	* Handshake fails
+
+-->
+<ruleset name="SmartPractice" default_off="failed ruleset test">
 
 	<target host="allerderm.com"/>
 	<target host="www.allerderm.com"/>
 	<target host="finnchamber.com"/>
 	<target host="www.finnchamber.com"/>
 
-	<rule from="^http://(www\.)?(allerderm|finnchamber)\.com/"
-		to="https://$2.com/"/>
+	<rule from="^http://(www\.)?allerderm\.com/"
+		to="https://allerderm.com/"/>
+
+	<rule from="^http://(?:www\.)?finnchamber\.com/"
+		to="https://www.finnchamber.com/"/>
 
 </ruleset>
diff --git a/src/chrome/content/rules/SmartRecruiters.com.xml b/src/chrome/content/rules/SmartRecruiters.com.xml
index c59d3ed5c41d..6c5d83641692 100644
--- a/src/chrome/content/rules/SmartRecruiters.com.xml
+++ b/src/chrome/content/rules/SmartRecruiters.com.xml
@@ -5,7 +5,8 @@
 <ruleset name="SmartRecruiters">
 
 	<target host="smartrecruiters.com" />
-	<target host="*.smartrecruiters.com" />
+	<target host="api.smartrecruiters.com" />
+	<target host="www.smartrecruiters.com" />
 		<!--
 			Redirects to http:
 						-->
@@ -15,7 +16,6 @@
 	<!--securecookie host="^www\.smartrecruiters\.com$" name=".+" /-->
 
 
-	<rule from="^http://(api\.|www\.)?smartrecruiters\.com/"
-		to="https://$1smartrecruiters.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/SmartSource.xml b/src/chrome/content/rules/SmartSource.xml
new file mode 100644
index 000000000000..6bbe90eaf128
--- /dev/null
+++ b/src/chrome/content/rules/SmartSource.xml
@@ -0,0 +1,16 @@
+<!--
+	Invalid certificate:
+		- smartsource.ca
+		- help.smartsource.com
+		- reports.smartsource.com
+
+	Timed out:
+		- ssdcmaint.smartsource.com
+-->
+
+<ruleset name="SmartSource">
+	<target host="www.smartsource.ca" />
+	<target host="smartsource.com" />
+	<target host="www.smartsource.com" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SmartURL.it.xml b/src/chrome/content/rules/SmartURL.it.xml
new file mode 100644
index 000000000000..72429ec56e31
--- /dev/null
+++ b/src/chrome/content/rules/SmartURL.it.xml
@@ -0,0 +1,7 @@
+<ruleset name="SmartURL.it">
+	<target host="smarturl.it" />
+	<target host="www.smarturl.it" />
+	<target host="manage.smarturl.it" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Smart_Living_Network.com.xml b/src/chrome/content/rules/Smart_Living_Network.com.xml
new file mode 100644
index 000000000000..f9ac8088c9b1
--- /dev/null
+++ b/src/chrome/content/rules/Smart_Living_Network.com.xml
@@ -0,0 +1,31 @@
+<!--
+	Other Smart Living Network rulesets:
+
+		- HelloLife.net.xml
+
+
+	Insecure cookies are set for these hosts:
+
+		- smartlivingnetwork.com
+		- www.smartlivingnetwork.com
+
+-->
+<ruleset name="Smart Living Network.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="smartlivingnetwork.com" />
+	<target host="www.smartlivingnetwork.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?smartlivingnetwork\.com$" name="^(HLID|HLSTAT|PHPSESSID)$" /-->
+
+	<securecookie host="^(?:www\.)?smartlivingnetwork\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Smartclip.net.xml b/src/chrome/content/rules/Smartclip.net.xml
new file mode 100644
index 000000000000..800c6b7321d1
--- /dev/null
+++ b/src/chrome/content/rules/Smartclip.net.xml
@@ -0,0 +1,133 @@
+<!--
+	Cert mismatch:
+		- dummy.ci.atv
+		- horst.ci.atv
+		- hosti.ci.atv
+		- reportingapi.stage.atv
+		- seb.stage.atv
+		- segment-builder-api-authentication.ci.atv
+		- segment-builder-ui.ci.atv
+		- seb.stage.atv
+		- segment-builder-api.stage.atv
+		- cockpit
+		- cdn3
+		- atv-pix.dev.hbbtv
+		- atv-reporting.dev.hbbtv
+		- atv-scheduler.dev.hbbtv
+		- atv-test-reporting.dev.hbbtv
+		- atv-test-scheduler.dev.hbbtv
+		- atv-test-user.dev.hbbtv
+		- atv-user.dev.hbbtv
+		- errors.hbbtv
+		- smartapi-authentication.ci.sxp
+		- smartx-api.ci.sxp
+		- smartxapi.ci.sxp
+		- smartapi-authentication.stage.sxp
+		- smartx-api.stage.sxp
+		- smartxapi.stage.sxp
+		- smartxui.stage.sxp
+
+		- docker-registry-web.k8s.sysops-smartclip.net
+		- kube-dashboard.k8s.sysops-smartclip.net
+		- kube-system.k8s.sysops-smartclip.net
+		- scheduler-api-browser.k8s.sysops-smartclip.net
+
+	Connection refused:
+		- www
+
+	Timeout:
+		- smokeping.dev.hbbtv
+
+	TLS error:
+		- demo
+		- gallery
+		- forecast
+		- munin
+		- placeholder
+		- pipeline-b1.sxp-ops-dev.ec1.sysops-smartclip.net
+-->
+<ruleset name="SmartClip.net (partial)">
+
+	<target host="authentication-api.ci.atv.smartclip.net" />
+
+	<target host="reporting-api.ci.atv.smartclip.net" />
+	<target host="sam.ci.atv.smartclip.net" />
+	<target host="scheduler-api.ci.atv.smartclip.net" />
+	<target host="seb.ci.atv.smartclip.net" />
+	<target host="segment-builder-api.ci.atv.smartclip.net" />
+	<target host="user-api.ci.atv.smartclip.net" />
+	<target host="authentication-api.stage.atv.smartclip.net" />
+	<target host="reporting-api.stage.atv.smartclip.net" />
+	<target host="rogator.stage.atv.smartclip.net" />
+	<target host="sam.stage.atv.smartclip.net" />
+	<target host="scheduler-api.stage.atv.smartclip.net" />
+	<target host="user-api.stage.atv.smartclip.net" />
+	<target host="bid.smartclip.net" />
+	<target host="bid-integration.smartclip.net" />
+	<target host="cdn-creatsrv.smartclip.net" />
+	<target host="cdn.smartclip.net" />
+	<target host="cdn2.smartclip.net" />
+	<target host="cmt.smartclip.net" />
+	<target host="confluence.smartclip.net" />
+	<target host="bamboo.smartclip.net" />
+	<target host="creative.smartclip.net" />
+	<target host="crowd.smartclip.net" />
+	<target host="dco.smartclip.net" />
+	<target host="des.smartclip.net" />
+	<target host="dev.smartclip.net" />
+	<target host="devtest.smartclip.net" />
+	<target host="gitlab.smartclip.net" />
+	<target host="elasticsearch.smartclip.net" />
+	<target host="grafana.smartclip.net" />
+	<target host="graphite.smartclip.net" />
+	<target host="cdn.hbbtv.smartclip.net" />
+	<target host="cloud.dev.hbbtv.smartclip.net" />
+	<target host="neo4j.dev.hbbtv.smartclip.net" />
+	<target host="visualizer.dev.hbbtv.smartclip.net" />
+	<target host="zeppelin.dev.hbbtv.smartclip.net" />
+	<target host="scheduler.hbbtv.smartclip.net" />
+	<target host="stats.hbbtv.smartclip.net" />
+	<target host="jira.smartclip.net" />
+	<target host="libs.smartclip.net" />
+	<target host="rog.smartclip.net" />
+	<target host="sam.smartclip.net" />
+	<target host="sdk.smartclip.net" />
+	<target host="seb.smartclip.net" />
+	<target host="rundeck.smartclip.net" />
+	<target host="confluence.stage.smartclip.net" />
+	<target host="crowd.stage.smartclip.net" />
+	<target host="jira.stage.smartclip.net" />
+	<target host="stats.smartclip.net" />
+	<target host="sxp.smartclip.net" />
+	<target host="ad.sxp.smartclip.net" />
+	<target host="ad-block-planner.ci.sxp.smartclip.net" />
+	<target host="smart-api-authentication.ci.sxp.smartclip.net" />
+	<target host="smart-api-booking.ci.sxp.smartclip.net" />
+	<target host="smart-api-common.ci.sxp.smartclip.net" />
+	<target host="smart-api-forecasting.ci.sxp.smartclip.net" />
+	<target host="smart-api-reporting.ci.sxp.smartclip.net" />
+	<target host="smart-api-tearsheet.ci.sxp.smartclip.net" />
+	<target host="smart-api-transcoding.ci.sxp.smartclip.net" />
+	<target host="smart-api-authentication.stage.sxp.smartclip.net" />
+	<target host="smart-api-booking.stage.sxp.smartclip.net" />
+	<target host="smart-api-common.stage.sxp.smartclip.net" />
+	<target host="smart-api-forecasting.stage.sxp.smartclip.net" />
+	<target host="smart-api-reporting.stage.sxp.smartclip.net" />
+	<target host="smart-api-tearsheet.stage.sxp.smartclip.net" />
+	<target host="smart-api-transcoding.stage.sxp.smartclip.net" />
+	<target host="smartx-ui.stage.sxp.smartclip.net" />
+	<target host="tools.smartclip.net" />
+	<target host="trax.smartclip.net" />
+
+	<target host="grafana.k8s.sysops-smartclip.net" />
+	<target host="graylog.k8s.sysops-smartclip.net" />
+	<target host="jenkins.k8s.sysops-smartclip.net" />
+	<target host="phpldapadmin.k8s.sysops-smartclip.net" />
+	<target host="grafana.k8s-ew1-2.sysops-smartclip.net" />
+	<target host="graylog.k8s-ew1-2.sysops-smartclip.net" />
+	<target host="jenkins.k8s-ew1-2.sysops-smartclip.net" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SmarterTools.xml b/src/chrome/content/rules/SmarterTools.xml
index ef2091784161..11790b4572ac 100644
--- a/src/chrome/content/rules/SmarterTools.xml
+++ b/src/chrome/content/rules/SmarterTools.xml
@@ -4,26 +4,50 @@
 		- SmarterTrack.com.xml
 
 
-	Nonfunctional subdomains:
+	Nonfunctional hosts in *smartertools.com:
 
 		- forums	(404, valid cert)
 
 
-	Problematic subdomains:
+	Problematic hosts in *smartertools.com:
 
 		- blogs		(wordpress)
 
+
+	Insecure cookies are set for these hosts:
+
+		- help.smartertools.com
+		- portal.smartertools.com
+
+
+	Mixed content:
+
+		- Image on portal from www.smartertools.com *
+
+	* Secured by us
+
 -->
-<ruleset name="SmarterTools (partial)">
+<ruleset name="SmarterTools.com (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="smartertools.com" />
-	<target host="*.smartertools.com" />
+	<target host="account.smartertools.com" />
+	<target host="help.smartertools.com" />
+	<target host="images.smartertools.com" />
+	<target host="portal.smartertools.com" />
+	<target host="www.smartertools.com" />
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^help\.smartertools\.com$" name="^Permissions$" /-->
+	<!--securecookie host="^portal\.smartertools\.com$" name="^(ASP\.NET_SessionId|uidut)$" /-->
 
-	<securecookie host="^(?:(?:account|portal|www)\.)?smartertools\.com$" name=".+" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^http://((?:account|images|portal|www)\.)?smartertools\.com/"
-		to="https://$1smartertools.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SmarterTrack.com.xml b/src/chrome/content/rules/SmarterTrack.com.xml
index c60749f4c49d..fb6acbd8c02a 100644
--- a/src/chrome/content/rules/SmarterTrack.com.xml
+++ b/src/chrome/content/rules/SmarterTrack.com.xml
@@ -6,17 +6,26 @@
 
 		- help		(404, valid cert)
 
+
+	Fully covered hosts in *smartertrack.com:
+
+		- (www.)?
+		- portal
+
 -->
 <ruleset name="SmarterTrack.com (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="smartertrack.com" />
+	<target host="portal.smartertrack.com" />
 	<target host="www.smartertrack.com" />
 
 
 	<securecookie host="^(?:portal|www)\.smartertrack\.com$" name=".+" />
 
 
-	<rule from="^http://(portal\.|www\.)?smartertrack\.com/"
-		to="https://$1smartertrack.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Smartling-problematic.xml b/src/chrome/content/rules/Smartling-problematic.xml
index c76b22641bf5..de7037de2b69 100644
--- a/src/chrome/content/rules/Smartling-problematic.xml
+++ b/src/chrome/content/rules/Smartling-problematic.xml
@@ -8,7 +8,7 @@
 	<target host="www.smartlingsource.com" />
 
 
-	<rule from="^https?://(?:www\.)?smartlingsource\.com/"
+	<rule from="^http://(?:www\.)?smartlingsource\.com/"
 		to="https://smartlingsource.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Smartling.xml b/src/chrome/content/rules/Smartling.xml
index b8da78e3edcf..278b35048be6 100644
--- a/src/chrome/content/rules/Smartling.xml
+++ b/src/chrome/content/rules/Smartling.xml
@@ -27,7 +27,11 @@
 <ruleset name="Smartling (partial)">
 
 	<target host="smartling.com" />
-	<target host="*.smartling.com" />
+	<target host="www.smartling.com" />
+	<target host="cdn01.smartling.com" />
+	<target host="dashboard.smartling.com" />
+	<target host="s-dashboard.smartling.com" />
+	<target host="s.smartling.com" />
 
 
 	<securecookie host="^dashboard\.smartling\.com$" name=".+" />
@@ -39,4 +43,4 @@
 	<rule from="^http://(cdn01|(?:s-)?dashboard|s)\.smartling\.com/"
 		to="https://$1.smartling.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Smartmix.io.xml b/src/chrome/content/rules/Smartmix.io.xml
new file mode 100644
index 000000000000..f41ad8e7d610
--- /dev/null
+++ b/src/chrome/content/rules/Smartmix.io.xml
@@ -0,0 +1,16 @@
+<!--
+	Nonfunctional hosts in *.smartmix.io:
+		staging.smartmix.io (r)
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Smartmix.io">
+	<target host="smartmix.io" />
+	<target host="www.smartmix.io" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Smartmixer.io.xml b/src/chrome/content/rules/Smartmixer.io.xml
new file mode 100644
index 000000000000..7c1e1aca3d80
--- /dev/null
+++ b/src/chrome/content/rules/Smartmixer.io.xml
@@ -0,0 +1,6 @@
+<ruleset name="Smartmixer.io">
+	<target host="smartmixer.io" />
+	<target host="www.smartmixer.io" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Smartphone_Experts.xml b/src/chrome/content/rules/Smartphone_Experts.xml
deleted file mode 100644
index e24a1d0dde60..000000000000
--- a/src/chrome/content/rules/Smartphone_Experts.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)
-
-
-	Problematic subdomains:
-
-		- cdn-store	(404, CN: *.netdna-ssl.com)
-		- store
-
--->
-<ruleset name="Smartphone Experts (partial)">
-
-	<target host="*.smartphoneexperts.com" />
-		<exclusion pattern="^https?://store\.smartphoneexperts\.com/(?!images/|store/modules/|store_images/|v3_templates/)" />
-
-
-	<rule from="^https?://(?:(?:cdn-)?store|secure)\.smartphoneexperts\.com/"
-		to="https://secure.smartphoneexperts.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Smartronix.xml b/src/chrome/content/rules/Smartronix.xml
index 63db3c542611..36ea024eb446 100644
--- a/src/chrome/content/rules/Smartronix.xml
+++ b/src/chrome/content/rules/Smartronix.xml
@@ -2,5 +2,5 @@
 	<target host="smartronix.com" />
 	<target host="www.smartronix.com" />
 
-	<rule from="^http://(www\.)?smartronix\.com/" to="https://www.smartronix.com/" />
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Smartstream.tv.xml b/src/chrome/content/rules/Smartstream.tv.xml
new file mode 100644
index 000000000000..e578a3113926
--- /dev/null
+++ b/src/chrome/content/rules/Smartstream.tv.xml
@@ -0,0 +1,35 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://dashboard.smartstream.tv/ => https://dashboard.smartstream.tv/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+-->
+<ruleset name="Smartstream.tv" default_off="failed ruleset test">
+
+	<target host="ads.smartstream.tv" />
+	<target host="cdn.smartstream.tv" />
+	<target host="dashboard.smartstream.tv" />
+	<target host="etrtbb1.smartstream.tv" />
+	<target host="etrtbs1.smartstream.tv" />
+	<target host="etrtbs2.smartstream.tv" />
+	<target host="etrtbs3.smartstream.tv" />
+	<target host="etrtbs4.smartstream.tv" />
+	<target host="etrtbs5.smartstream.tv" />
+	<target host="etrtbs6.smartstream.tv" />
+	<target host="etrtbs7.smartstream.tv" />
+	<target host="etrtbs9.smartstream.tv" />
+	<target host="mads.smartstream.tv" />
+	<target host="smartyield-mgr.smartstream.tv" />
+	<target host="smartyield.smartstream.tv" />
+	<target host="tads.smartstream.tv" />
+
+	<!-- invalid cert:
+		- analytics.smartstream.tv
+		- www.smartstream.tv
+		- smartstream.tv
+		- smartseed.media.smartstream.tv
+	-->
+
+	<rule from="^http:" to="https:"/>
+
+</ruleset>
diff --git a/src/chrome/content/rules/SmashFly.com-problematic.xml b/src/chrome/content/rules/SmashFly.com-problematic.xml
new file mode 100644
index 000000000000..632b219c5b6d
--- /dev/null
+++ b/src/chrome/content/rules/SmashFly.com-problematic.xml
@@ -0,0 +1,17 @@
+<!--
+	For rules that are on by default, see SmashFly.com.xml.
+
+-->
+<ruleset name="SmashFly.com (problematic)" default_off="expired, self-signed">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="smashfly.com" />
+	<target host="blog.smashfly.com" />
+	<target host="www.smashfly.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SmashFly.com.xml b/src/chrome/content/rules/SmashFly.com.xml
new file mode 100644
index 000000000000..f324d732a4df
--- /dev/null
+++ b/src/chrome/content/rules/SmashFly.com.xml
@@ -0,0 +1,98 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://go.smashfly.com/? (200) => https://smashfly.com/ (502)
+Non-2xx HTTP code: http://go.smashfly.com/ (200) => https://smashfly.com/ (502)
+
+	For problematic rules, see SmashFly.com-problematic.xml.
+
+
+	Other SmashFly Technologies rulesets:
+
+		- ApplyTracking.com.xml
+
+
+	Nonfunctional hosts in *smashfly.com:
+
+		- jobs *
+
+	* Refused
+
+
+	Problematic hosts in *smashfly.com:
+
+		- (www.)? ¹ ²
+		- blog ¹ ²
+		- go ³
+
+	¹ Expired
+	² Self-signed
+	³ Pardot
+
+
+	Fully covered hosts in *.smashfly.com:
+
+		- recruit
+
+
+	Mixed content:
+
+		- css on ^, go from fonts.googleapis.com ¹
+		- Images on blog from $self ²
+		- favicon on blog from $self ²
+
+		- Bugs, on:
+
+			- blog from jucy.tw ³
+			- blog from www.recruitingbrief.com ⁴
+			- ^, blog from go.smashfly.com ¹
+
+	¹ Secured by us
+	² Rule disabled by default <= expired & self-signed
+	³ Handshake fails
+	⁴ Refused
+
+-->
+<ruleset name="SmashFly.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="recruit.smashfly.com" />
+
+	<!--	Complications:
+				-->
+	<target host="go.smashfly.com" />
+
+		<!--	Redirects to http:
+						-->
+		<exclusion pattern="^http://go.smashfly.com/+(?!$|\?|l/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://go.smashfly.com/beyondemployees" />
+			<test url="http://go.smashfly.com//beyondemployees" />
+			<test url="http://go.smashfly.com/forresterwebinar" />
+			<test url="http://go.smashfly.com/how-cande-winners-improve-candidate-experience-smashfly" />
+			<test url="http://go.smashfly.com/newcandidateexperiencejourney" />
+			<test url="http://go.smashfly.com//newcandidateexperiencejourney" />
+
+
+	<rule from="^http://go\.smashfly\.com/(?=/*l/)"
+		to="https://go.pardot.com/" />
+
+		<test url="http://go.smashfly.com/l/63212/2015-01-21/4z31" />
+		<test url="http://go.smashfly.com/l/63212/2015-01-21/4z39" />
+		<test url="http://go.smashfly.com/l/63212/2015-02-10/7r8f?nid=" />
+
+	<!--	Redirect drops forward
+		slash and args:
+					-->
+	<rule from="^http://go\.smashfly\.com/.*"
+		to="https://smashfly.com/" />
+
+		<test url="http://go.smashfly.com/?" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Smashwords.com.xml b/src/chrome/content/rules/Smashwords.com.xml
new file mode 100644
index 000000000000..ec14e2963a2c
--- /dev/null
+++ b/src/chrome/content/rules/Smashwords.com.xml
@@ -0,0 +1,12 @@
+<!--
+    Nonfunctional hosts in *.smashwords.com:
+
+    Secure connection failed:
+	- blog.smashwords.com
+-->
+<ruleset name="Smashwords.com">
+	<target host="smashwords.com" />
+	<target host="www.smashwords.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Smdg.ca.xml b/src/chrome/content/rules/Smdg.ca.xml
new file mode 100644
index 000000000000..c2ba73160ffa
--- /dev/null
+++ b/src/chrome/content/rules/Smdg.ca.xml
@@ -0,0 +1,19 @@
+<!--
+	For other Showcase Media coverage, see Showcase.ca.xml.
+
+
+	CDN buckets:
+
+		- d3pf6blj843au7.cloudfront.net
+
+			- static
+
+-->
+<ruleset name="Smdg.ca">
+
+	<target host="static.smdg.ca" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Smi2.net.xml b/src/chrome/content/rules/Smi2.net.xml
new file mode 100644
index 000000000000..4171ba887d51
--- /dev/null
+++ b/src/chrome/content/rules/Smi2.net.xml
@@ -0,0 +1,34 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.smi2.net/ => https://www.smi2.net/: (6, 'Could not resolve host: www.smi2.net')
+
+	Insecure cookies are set for these hosts:
+
+		- smi2.net
+
+-->
+<ruleset name="SMI2.net" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="smi2.net" />
+	<target host="static.smi2.net" />
+	<target host="target.smi2.net" />
+	<target host="www.smi2.net" />
+
+		<test url="http://static.smi2.net/static/aggregator_v2/css/style.css" />
+		<test url="http://target.smi2.net/client/target.js" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^smi2\.net$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^smi2\.net$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Smileys_Network.xml b/src/chrome/content/rules/Smileys_Network.xml
index c1b67f3de9d2..8e72788f18d7 100644
--- a/src/chrome/content/rules/Smileys_Network.xml
+++ b/src/chrome/content/rules/Smileys_Network.xml
@@ -1,17 +1,39 @@
 <!--
 	CN: ssl10.ovh.net
 
+
+	Insecure cookies are set for these hosts:
+
+		- smileysnetwork.com
+		- www.smileysnetwork.com
+
+
+	Mixed content:
+
+		- Images from www.smileysnetwork.com
+
+		- Ads, from:
+
+			- www.abc-du-gratuit.com
+			- www.sv2.biz
+
 -->
-<ruleset name="Smileys Network" default_off="mismatched">
+<ruleset name="Smileys Network.com" default_off="mismatched">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="smileysnetwork.com" />
 	<target host="www.smileysnetwork.com" />
 
 
-	<securecookie host="^smileysnetwork\.com$" name=".+" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?smileysnetwork\.com$" name="^60gp(?:BAK)?$" /-->
+
+	<securecookie host="^(?:www\.)?smileysnetwork\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?smileysnetwork\.com/"
-		to="https://smileysnetwork.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Smith_Monitoring.com.xml b/src/chrome/content/rules/Smith_Monitoring.com.xml
new file mode 100644
index 000000000000..68d01f1d209e
--- /dev/null
+++ b/src/chrome/content/rules/Smith_Monitoring.com.xml
@@ -0,0 +1,20 @@
+<!--
+	CDN buckets:
+
+		- c15192108.r8.cf2.rackcdn.com
+
+			- cache
+
+
+	(www.): dropped
+
+-->
+<ruleset name="Smith Monitoring.com (partial)">
+
+	<target host="cache.smithmonitoring.com" />
+
+
+	<rule from="^http://cache\.smithmonitoring\.com/"
+		to="https://c15192108.ssl.cf2.rackcdn.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Smithsonian_Institution.xml b/src/chrome/content/rules/Smithsonian_Institution.xml
index 01221d643a95..43fe24aebaf1 100644
--- a/src/chrome/content/rules/Smithsonian_Institution.xml
+++ b/src/chrome/content/rules/Smithsonian_Institution.xml
@@ -22,13 +22,25 @@
 	* Refused
 	** 400; mismatched, CN: *.hs.llnwd.net
 
+
+	Insecure cookies are set for these hosts:
+
+		- logs1.smithsonian.museum
+
 -->
 <ruleset name="Smithsonian Institution (partial)">
 
 	<target host="logs1.smithsonian.museum" />
 
 
-	<rule from="^http://logs1\.smithsonian\.museum/"
-		to="https://logs1.smithsonian.museum/" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^logs1\.smithsonian\.museum$" name="^WEBTRENDS_ID$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Smithsonianmag.com.xml b/src/chrome/content/rules/Smithsonianmag.com.xml
new file mode 100644
index 000000000000..7993445dbb70
--- /dev/null
+++ b/src/chrome/content/rules/Smithsonianmag.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Refused:
+		smithsonianmag.com
+		www.smithsonianmag.com
+
+-->
+<ruleset name="Smithsonianmag.com (partial)">
+
+	<target host="public.media.smithsonianmag.com" />
+		<test url="http://public.media.smithsonianmag.com/filer/e1/85/e1853b98-e2b8-4b66-9456-a0e0f646f97e/geico.jpg" />
+	<target host="static.media.smithsonianmag.com" /><!-- Needs test url -->
+	<target host="thumbs.media.smithsonianmag.com" /><!-- Needs test url -->
+	<target host="static-media.smithsonianmag.com" />
+		<test url="http://static-media.smithsonianmag.com/img/smithsonian-institute-logo.png" />
+	<target host="subscribe.smithsonianmag.com" />
+
+	<target host="thumbs-prod.si-cdn.com" />
+		<test url="http://thumbs-prod.si-cdn.com/t1WP_hEji9_M--zrw1nX80UJLx4=/220x130/https://public-media.smithsonianmag.com/filer/0b/de/0bdee1e3-b6c7-4e6f-9225-b11abf27c22c/4864714198_a581043b00_b.jpg" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Smjg.xml b/src/chrome/content/rules/Smjg.xml
index 237dbac2a561..97a566d6f6ca 100644
--- a/src/chrome/content/rules/Smjg.xml
+++ b/src/chrome/content/rules/Smjg.xml
@@ -1,10 +1,10 @@
 <ruleset name="SMJG">
 
 	<target host="smjg.org" />
-	<target host="*.smjg.org" />
+	<target host="forum.smjg.org" />
+	<target host="www.smjg.org" />
 
 
-	<rule from="^http://((?:forum|www)\.)?smjg\.org/"
-		to="https://$1smjg.org/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/SmoothieBlend.com.xml b/src/chrome/content/rules/SmoothieBlend.com.xml
deleted file mode 100644
index b6b22b8f7b4e..000000000000
--- a/src/chrome/content/rules/SmoothieBlend.com.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	Mixed content:
-
-		- css on (www.) from fonts.googleapis.com *
-
-		- Images on (www.) from ^ *
-
-	* Secured by us
-
--->
-<ruleset name="SmoothieBlend.com">
-
-	<target host="smoothieblend.com" />
-	<target host="www.smoothieblend.com" />
-
-
-	<securecookie host="^\.?smoothieblend\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?smoothieblend\.com/"
-		to="https://$1smoothieblend.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Smoothwall.org.xml b/src/chrome/content/rules/Smoothwall.org.xml
index 67229c86e0bb..03d00359258d 100644
--- a/src/chrome/content/rules/Smoothwall.org.xml
+++ b/src/chrome/content/rules/Smoothwall.org.xml
@@ -10,7 +10,6 @@
 	<target host="my.smoothwall.org" />
 
 
-	<rule from="^http://my\.smoothwall\.org/"
-		to="https://my.smoothwall.org/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Smowtion.xml b/src/chrome/content/rules/Smowtion.xml
deleted file mode 100644
index e505ab690067..000000000000
--- a/src/chrome/content/rules/Smowtion.xml
+++ /dev/null
@@ -1,49 +0,0 @@
-<!--
-	CDN buckets:
-
-		- px.smowtion.com.s3.amazonaws.com
-
-		- wac.3D9E.edgecastcdn.net
-
-			- ads.smowtion.com
-			- edgecast.smowtion.com
-			- geo-ads.smowtion.com
-			- static.smowtion.com
-
-
-	Nonfunctional subdomains:
-
-		- (www.) *
-		- blog *
-		- edge **
-		- landing	(shows passport, mismatched, CN: passport.smowtion.com)
-		- press *
-		- px		(amazonaws)
-		- static **
-
-	* Redirects to http, mismatched, CN: publisher.smowtion.com
-	** 404, mismatched, CN: gp1.wac.edgecastcdn.net
-
-
-	Problematic subdomains:
-
-		- ad		(mismatched, CN: ad.yieldmanager.com)
-		- ads		(works, akamai)
-		- geo-ads	(akamai)
-
--->
-<ruleset name="Smowtion (partial)">
-
-	<target host="*.smowtion.com" />
-
-
-	<rule from="^https?://ad\.smowtion\.com/"
-		to="https://ad.yieldmanager.com/" />
-
-	<rule from="^http://p(assport|ublisher)\.smowtion\.com/"
-		to="https://p$1.smowtion.com/" />
-
-	<rule from="^https?://px\.smowtion\.com/"
-		to="https://s3.amazonaws.com/px.smowtion.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/SmugMug.com.xml b/src/chrome/content/rules/SmugMug.com.xml
index 5cebd0789bfb..da8e9a7b4397 100644
--- a/src/chrome/content/rules/SmugMug.com.xml
+++ b/src/chrome/content/rules/SmugMug.com.xml
@@ -8,40 +8,67 @@
 			- www.smugmug.com
 
 
-	Problematic subdomains:
+	Nonfunctional subdomains:
+
+		- help *
 
-		- ^	(works; mismatched, self-signed, CN: *.smugmug.com)
-		- cdn *
-		- www *
+	* Desk.com
 
-	* Works, akamai
 
+	Problematic subdomains:
 
-	Partially covered subdomains:
+		- ^ ¹ ² ³
 
-		- (www.)	(pages redirect back to http://www)
+	¹ Expired
+	² Mismatched, CN: secure.smugmug.com
+	³ Server sends no certificate chain, see https://whatsmychaincert.com
 
 
 	Fully covered subdomains:
 
-		- cdn	(→ akamai & secure)
+		- (www.)	(^ → www)
+		- dance
+		- cdn
 		- secure
 
+
+	Insecure cookies are set for these domains:
+
+		- .smugmug.com
+
+
+	Mixed content:
+
+		- Images on dance from $self *
+
+	* Secured by us
+
 -->
 <ruleset name="SmugMug.com (partial)">
 
+	<!--	Direct rewrites:
+				-->
+	<target host="cdn.smugmug.com" />
+	<target host="dance.smugmug.com" />
+	<target host="secure.smugmug.com" />
+	<target host="www.smugmug.com" />
+
+	<!--	Complications:
+				-->
 	<target host="smugmug.com" />
-	<target host="*.smugmug.com" />
 
 
-	<!--	Perhaps some css can be rewritten to
-		akamai safely, but remain cautious until
-		we've explicitly tested doing so.
-							-->
-	<rule from="^http://(cdn\.|www\.)?smugmug\.com/(?=favicon\.ico|img/)"
-		to="https://a248.e.akamai.net/f/539/9092/8m/$1smugmug.com/" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.smugmug\.com$" name="^(?:__cfduid|_ss|SMSESS|cf_clearance)$" /-->
+
+	<securecookie host="^\.smugmug\.com$" name="^(?:__cfduid|cf_clearance)$" />
+
+
+	<rule from="^http://smugmug\.com/"
+		to="https://www.smugmug.com/" />
 
-	<rule from="^http://(?:cdn|secure)\.smugmug\.com/"
-		to="https://secure.smugmug.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Smutty.com.xml b/src/chrome/content/rules/Smutty.com.xml
new file mode 100644
index 000000000000..29f58b006ef4
--- /dev/null
+++ b/src/chrome/content/rules/Smutty.com.xml
@@ -0,0 +1,18 @@
+<!--
+	Invalid certificate:
+		e.smutty.com
+		jul.smutty.com
+-->
+<ruleset name="Smutty.com">
+	<target host="smutty.com"/>
+	<target host="www.smutty.com"/>
+	<target host="a.smutty.com"/>
+		<test url="http://a.smutty.com/robots.txt"/>
+	<target host="i.smutty.com"/>
+		<test url="http://i.smutty.com/test.txt"/>
+	<target host="m.smutty.com"/>
+	<target host="s.smutty.com"/>
+		<test url="http://s.smutty.com/templates/COMMON/toCDN/overlay.png"/>
+
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/Smutty.xml b/src/chrome/content/rules/Smutty.xml
deleted file mode 100644
index 66a381f0e7d3..000000000000
--- a/src/chrome/content/rules/Smutty.xml
+++ /dev/null
@@ -1,5 +0,0 @@
-<ruleset name="smutty">
-  <target host="smutty.com" />
-
-  <rule from="^http://smutty\.com/" to="https://smutty.com/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/Smuxi.im.xml b/src/chrome/content/rules/Smuxi.im.xml
new file mode 100644
index 000000000000..3e6605a0855a
--- /dev/null
+++ b/src/chrome/content/rules/Smuxi.im.xml
@@ -0,0 +1,30 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.smuxi.com/ => https://www.smuxi.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.smuxi.com'")
+Fetch error: http://smuxi.de/ => https://smuxi.de/: (51, "SSL: no alternative certificate subject name matches target host name 'smuxi.de'")
+Fetch error: http://www.smuxi.de/ => https://www.smuxi.de/: (51, "SSL: no alternative certificate subject name matches target host name 'www.smuxi.de'")
+Fetch error: http://smuxi.net/ => https://smuxi.net/: (51, "SSL: no alternative certificate subject name matches target host name 'smuxi.net'")
+Fetch error: http://www.smuxi.net/ => https://www.smuxi.net/: (51, "SSL: no alternative certificate subject name matches target host name 'www.smuxi.net'")
+
+-->
+<ruleset name="Smuxi.im (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="smuxi.com" />
+	<target host="www.smuxi.com" />
+	<target host="smuxi.de" />
+	<target host="www.smuxi.de" />
+	<target host="smuxi.im" />
+	<target host="www.smuxi.im" />
+	<target host="smuxi.net" />
+	<target host="www.smuxi.net" />
+	<target host="smuxi.org" />
+	<target host="www.smuxi.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Smzdm.com.xml b/src/chrome/content/rules/Smzdm.com.xml
new file mode 100644
index 000000000000..b19a58f7a047
--- /dev/null
+++ b/src/chrome/content/rules/Smzdm.com.xml
@@ -0,0 +1,47 @@
+<!--
+	403：
+		^
+		card
+		duihuan
+		faxian
+		haitao
+		m
+		news
+		pinpai
+		post
+		quan
+		test
+		wiki
+
+	404:
+		avatarimg
+
+	502:
+		2
+
+	Mismatch:
+		*.zdmimg.com
+
+	gnutls_handshake() failed: Handshake failed:
+		eimg
+-->
+
+<ruleset name="smzdm">
+
+	<!--	Mixedcontent	-->
+	<target host="www.smzdm.com" />
+
+	<exclusion pattern="^http://www\.smzdm\.com/(?!resources/)" />
+		<test url="http://www.smzdm.com/resources/public/img/logo.png" />
+		<test url="http://www.smzdm.com/resources/public/img/loading.gif" />
+		<test url="http://www.smzdm.com/p2/" />
+
+	<!--	Direct rewrites:	-->
+
+	<target host="res.smzdm.com" />
+	<target host="res-ga.smzdm.com" />
+	<target host="zhiyou.smzdm.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Snabb.co.xml b/src/chrome/content/rules/Snabb.co.xml
new file mode 100644
index 000000000000..72c643f34fc8
--- /dev/null
+++ b/src/chrome/content/rules/Snabb.co.xml
@@ -0,0 +1,19 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://snabb.co/ => https://snabb.co/: (7, 'Failed to connect to snabb.co port 443: No route to host')
+Fetch error: http://www.snabb.co/ => https://www.snabb.co/: (28, 'Connection timed out after 20001 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://snabb.co/ => https://snabb.co/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.snabb.co/ => https://www.snabb.co/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+-->
+<ruleset name="Snabb.co" default_off="failed ruleset test">
+
+	<target host="snabb.co" />
+	<target host="www.snabb.co" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SnackTools.com-problematic.xml b/src/chrome/content/rules/SnackTools.com-problematic.xml
index 3d248283f17b..e7e6dbad4e9c 100644
--- a/src/chrome/content/rules/SnackTools.com-problematic.xml
+++ b/src/chrome/content/rules/SnackTools.com-problematic.xml
@@ -10,7 +10,6 @@
 	<securecookie host="^stapi\.snacktools\.com$" name=".+" />
 
 
-	<rule from="^http://stapi\.snacktools\.com/"
-		to="https://stapi.snacktools.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SnackTools.com.xml b/src/chrome/content/rules/SnackTools.com.xml
index 5c9ffa53a1da..7967966594a5 100644
--- a/src/chrome/content/rules/SnackTools.com.xml
+++ b/src/chrome/content/rules/SnackTools.com.xml
@@ -5,8 +5,6 @@
 	Other SnackTools rulesets:
 
 		- BannerSnack.com.xml
-		- Quizsnack.com.xml
-		- SnackTools.net.xml
 
 
 	Problematic subdomains:
diff --git a/src/chrome/content/rules/SnackTools.net.xml b/src/chrome/content/rules/SnackTools.net.xml
deleted file mode 100644
index 6b5a7b7f9878..000000000000
--- a/src/chrome/content/rules/SnackTools.net.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	For other SnackTools coverage, see SnackTools.com.xml.
-
--->
-<ruleset name="SnackTools.net">
-
-	<target host="stapi.snacktools.net" />
-
-
-	<securecookie host="^stapi\.snacktools\.net$" name=".+" />
-
-
-	<rule from="^http://stapi\.snacktools\.net/"
-		to="https://stapi.snacktools.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Snafu.xml b/src/chrome/content/rules/Snafu.xml
index a8cf91c24276..fb154414ff32 100644
--- a/src/chrome/content/rules/Snafu.xml
+++ b/src/chrome/content/rules/Snafu.xml
@@ -1,19 +1,22 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://service.snafu.de/ => https://service.snafu.de/: (7, 'Failed to connect to service.snafu.de port 443: Connection refused')
+
 	Nonfunctional subdomains:
 
 		- blog
 		- www	(cert: ; redirects there)
 
 -->
-<ruleset name="snafu (partial)">
+<ruleset name="snafu (partial)" default_off="failed ruleset test">
 
 	<target host="service.snafu.de" />
 
 
-	<securecookie host="^service\.snafu\.de$" name=".*" />
+	<securecookie host="^service\.snafu\.de$" name=".+" />
 
 
-	<rule from="^http://service\.snafu\.de/"
-		to="https://service.snafu.de/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Snagajob.xml b/src/chrome/content/rules/Snagajob.xml
index c841307499d1..8e9f9f582ba9 100644
--- a/src/chrome/content/rules/Snagajob.xml
+++ b/src/chrome/content/rules/Snagajob.xml
@@ -1,15 +1,15 @@
 <ruleset name="snagajob" platform="mixedcontent">
   <target host="snagajob.com"/>
-  <target host="www.snagajob.com"/>
-  <target host="*.snagajob.com"/>
+  <target host="www.snagajob.com" />
+  <target host="media.snagajob.com" />
 
-  <securecookie host="^(.*\.)?snagajob.com$" name=".*" />
+  <securecookie host=".+" name=".+"/>
 
   <rule from="^http://(?:www\.)?snagajob\.com/" to="https://www.snagajob.com/"/>
-  <rule from="^http://media\.snagajob\.com/" to="https://media.snagajob.com/"/>
 
-  <!-- A 404 error is occured when answers and blog are forced to https -->
+  <!-- A 404 error is occurred when answers and blog are forced to https -->
   <!-- Hence a exclusion is added to both of them -->
   <exclusion pattern="^http://www\.snagajob\.com/answers/" />
   <exclusion pattern="^http://www\.snagajob\.com/blog/" />
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Snakehosting.dk.xml b/src/chrome/content/rules/Snakehosting.dk.xml
new file mode 100644
index 000000000000..5e5c4d603b7d
--- /dev/null
+++ b/src/chrome/content/rules/Snakehosting.dk.xml
@@ -0,0 +1,9 @@
+<ruleset name="Snakehosting.dk">
+
+	<target host="snakehosting.dk" />
+	<target host="www.snakehosting.dk" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SnapEngage.com-falsemixed.xml b/src/chrome/content/rules/SnapEngage.com-falsemixed.xml
deleted file mode 100644
index 5158c8298aaf..000000000000
--- a/src/chrome/content/rules/SnapEngage.com-falsemixed.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	For rules not causing false MCB, see SnapEngage.xml.
-
--->
-<ruleset name="SnapEngage.com (false MCB)" platform="mixedcontent">
-
-	<target host="snapengage.com" />
-	<target host="developer.snapengage.com" />
-	<target host="help.snapengage.com" />
-		<!--
-			Handled in SnapEngage.xml:
-							-->
-		<exclusion pattern="^http://(?:developer\.|help\.)?snapengage\.com/(?:files|wp-content|wp-includes)/" />
-
-
-	<rule from="^http://(developer\.|help\.)?snapengage\.com/"
-		to="https://$1snapengage.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/SnapEngage.xml b/src/chrome/content/rules/SnapEngage.xml
index 012b9289b34b..867fe6fea035 100644
--- a/src/chrome/content/rules/SnapEngage.xml
+++ b/src/chrome/content/rules/SnapEngage.xml
@@ -1,74 +1,5 @@
-<!--
-	For rules causing false MCB, see SnapEngage.com-falsemixed.xml.
-
-
-	CDN buckets:
-
-		- snapabug.appspot.com
-		- commondatastorage.googleapis.com/code.snapengage.com/
-
-		- snapengage.wpengine.com
-
-		- snapengage-1.wpengine.com
-
-		- snapengage-3.wpengine.com
-
-			- help.snapengage.com
-
-		- snapengage-[45].wpengine.com
-
-		- snapengage-8.wpengine.com
-
-			- snapengage.com
-
-
-	Problematic subdomains:
-
-		- ^ *
-		- ayuda *
-		- blog *
-		- developer *
-		- es *
-		- help *
-		- pt *
-
-	* Mismatched, CN: *.wpengine.com
-
-
-	Mixed content:
-
-		- Scripts:
-
-			- On developer from developer *
-			- On help from help *
-			- On www from www *
-
-		- css:
-
-			- On developer from developer *
-			- On developer from fonts.googleapis.com *
-			- On help from help *
-			- On help from fonts.googleapis.com *
-			- On www from www *
-			- On www from fonts.googleapis.com *
-
-		- Images:
-
-			- On developer from developer *
-			- On help from help *
-			- On www from www *
-
-		- Web bugs:
-
-			- On developer from www *
-
-	* Secured by us
-
-
-	NB: We secure all resources, and thus
-	-falsemixed should be merged for Ffx 24.
-
 
+<!--
 	snapabug.appspot.com sets the following cookies
 	on whichever domain it is loaded from:
 
@@ -76,32 +7,35 @@
 		- SnapABugHistory
 		- SnapABugVisit
 
--->
-<ruleset name="SnapEngage (partial)">
-
-	<target host="snapengage-1.wpengine.netdna-cdn.com" />
-	<target host="snapengage-3.wpengine.netdna-cdn.com" />
-	<target host="snapengage-4.wpengine.netdna-cdn.com" />
-	<target host="snapengage-5.wpengine.netdna-cdn.com" />
-	<target host="snapengage-8.wpengine.netdna-cdn.com" />
-	<target host="snapengage.com" />
-		<!--
-			Exclude paths causing false MCB:
-							-->
-		<exclusion pattern="^http://(?:developer\.|help\.)?snapengage\.com/(?!files/|wp-content/|wp-includes/)" />
-	<target host="*.snapengage.com" />
+	No working URL known:
+		code.snapengage.com
 
+	Invalid certificate:
+		info.snapengage.com
 
-	<!--	Tracking cookies:
-					-->
-	<securecookie host="^\.snapengage\.com$" name="^(?:__insp_\w+|SnapABug\w+|__utm\w)$" />
-	<securecookie host="^www\.snapengage\.com$" name=".+" />
-
-
-	<rule from="^http://snapengage-(\d)\.wpengine\.netdna-cdn\.com/"
-		to="https://snapengage-$1.wpengine.com/" />
+-->
+<ruleset name="SnapEngage">
 
-	<rule from="^http://((?:developer|help|www)\.)?snapengage\.com/"
-		to="https://$1snapengage.com/" />
+	<target host="snapengage.com" />
+	<target host="www.snapengage.com" />
+	<target host="ajuda.snapengage.com" />
+	<target host="awesome.snapengage.com" />
+	<target host="ayuda.snapengage.com" />
+	<target host="blog.snapengage.com" />
+	<target host="de.snapengage.com" />
+	<target host="developer.snapengage.com" />
+	<target host="en.snapengage.com" />
+	<target host="es.snapengage.com" />
+	<target host="eu.snapengage.com" />
+	<target host="help.snapengage.com" />
+	<target host="new.snapengage.com" />
+	<target host="pt.snapengage.com" />
+	<target host="secure.snapengage.com" />
+	<target host="status.snapengage.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/SnapWidget.com.xml b/src/chrome/content/rules/SnapWidget.com.xml
index f942bb47e567..d494a7a70e3e 100644
--- a/src/chrome/content/rules/SnapWidget.com.xml
+++ b/src/chrome/content/rules/SnapWidget.com.xml
@@ -1,19 +1,30 @@
 <!--
-	Nonfunctional subdomains:
+	Nonfunctional hosts in *snapwidget.com:
 
-		- blog	(tumblr)
+		- blog *
+
+	* Tumblr/refused
+
+
+	Insecure cookies are set for these domains:
+
+		- .snapwidget.com
 
 -->
 <ruleset name="SnapWidget.com (partial)">
 
 	<target host="snapwidget.com" />
-	<target host="*.snapwidget.com" />
+	<target host="www.snapwidget.com" />
+
 
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.snapwidget\.com$" name="^(__cfduid|cf_clearance)$" /-->
 
-	<securecookie host="^\.snapwidget\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(www\.)?snapwidget\.com/"
-		to="https://$1snapwidget.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Snapdeal.com.xml b/src/chrome/content/rules/Snapdeal.com.xml
new file mode 100644
index 000000000000..9c93b45133e9
--- /dev/null
+++ b/src/chrome/content/rules/Snapdeal.com.xml
@@ -0,0 +1,27 @@
+<!--
+	Other Snapdeal rulesets:
+
+		- Sdlcdn.com.xml
+
+
+	^: plaintext reply
+
+-->
+<ruleset name="Snapdeal.com (partial)">
+
+	<target host="snapdeal.com" />
+	<target host="www.snapdeal.com" />
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="^http://www\.snapdeal\.com/(favicon\.ico|info/contactus)?($|\?)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.snapdeal\.com/(?!login(?:$|[?/]))" />
+
+
+	<rule from="^http://(?:www\.)?snapdeal\.com/"
+		to="https://www.snapdeal.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Snatchly.xml b/src/chrome/content/rules/Snatchly.xml
index b611f6950ca0..90f9b0c60dee 100644
--- a/src/chrome/content/rules/Snatchly.xml
+++ b/src/chrome/content/rules/Snatchly.xml
@@ -18,7 +18,7 @@
 	<target host="*.snatchly.com" />
 
 
-	<rule from="^https?://media-cache\d\.snatchly\.com/"
+	<rule from="^http://media-cache\d\.snatchly\.com/"
 		to="https://d2x4glpi1c9656.cloudfront.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SndCDN.com.xml b/src/chrome/content/rules/SndCDN.com.xml
new file mode 100644
index 000000000000..3b419fdb35df
--- /dev/null
+++ b/src/chrome/content/rules/SndCDN.com.xml
@@ -0,0 +1,51 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://a2.sndcdn.com/ => https://a2.sndcdn.com/: (6, 'Could not resolve host: a2.sndcdn.com')
+Fetch error: http://api.sndcdn.com/ => https://api.sndcdn.com/: (6, 'Could not resolve host: api.sndcdn.com')
+
+	For other Soundcloud coverage, see Soundcloud.xml.
+
+
+	CDN buckets:
+
+		- cs70.wac.edgecastcdn.net
+
+			- a1.sndcdn.com
+			- i1.sndcdn.com
+			- w1.sndcdn.com
+
+		- m-a.sndcdn.com.edgesuite.net
+
+
+	Problematic hosts in *sndcdn.com:
+
+		- m-a *
+
+	* Akamai
+
+-->
+<ruleset name="SndCDN.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="a-v2.sndcdn.com" />
+	<target host="a1.sndcdn.com" />
+	<target host="a2.sndcdn.com" />
+	<target host="api.sndcdn.com" />
+	<target host="cf-media.sndcdn.com" />
+	<target host="ec-media.sndcdn.com" />
+	<target host="i1.sndcdn.com" />
+	<target host="i2.sndcdn.com" />
+	<target host="i3.sndcdn.com" />
+	<target host="i4.sndcdn.com" />
+	<target host="style.sndcdn.com" />
+	<target host="w1.sndcdn.com" />
+	<target host="w2.sndcdn.com" />
+	<target host="wis.sndcdn.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Snel-Internet-Services.xml b/src/chrome/content/rules/Snel-Internet-Services.xml
index f00bc3001b9a..813ab352fb8b 100644
--- a/src/chrome/content/rules/Snel-Internet-Services.xml
+++ b/src/chrome/content/rules/Snel-Internet-Services.xml
@@ -1,4 +1,18 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://snelis.com/ => https://snelis.com/: (51, "SSL: no alternative certificate subject name matches target host name 'snelis.com'")
+Fetch error: http://api.snelis.com/ => https://api.snelis.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://livesales.snelis.com/ => https://livesales.snelis.com/: (51, "SSL: no alternative certificate subject name matches target host name 'livesales.snelis.com'")
+Fetch error: http://paymants.snelis.com/ => https://paymants.snelis.com/: (51, "SSL: no alternative certificate subject name matches target host name 'paymants.snelis.com'")
+Fetch error: http://session.snelis.com/ => https://session.snelis.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://staff.snelis.com/ => https://staff.snelis.com/: (51, "SSL: no alternative certificate subject name matches target host name 'staff.snelis.com'")
+Fetch error: http://www.snelis.com/ => https://www.snelis.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.snelis.com'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://snelis.com/ => https://snelis.com/: (51, "SSL: no alternative certificate subject name matches target host name 'snelis.com'")
+Fetch error: http://snelpanel.com/ => https://snelpanel.com/: (51, "SSL: no alternative certificate subject name matches target host name 'snelpanel.com'")
+Fetch error: http://snelserver.com/ => https://snelserver.com/: (51, "SSL: no alternative certificate subject name matches target host name 'snelserver.com'")
 	Cert is also valid for:
 
 		- (www.)snelhosting.com
@@ -7,23 +21,25 @@
 	but these don't appear to exist(?)
 
 -->
-<ruleset name="Snel Internet Services">
+<ruleset name="Snel Internet Services" default_off="failed ruleset test">
 
 	<target host="snelis.com" />
-	<target host="*.snelis.com" />
+	<target host="api.snelis.com" />
+	<target host="livesales.snelis.com" />
+	<target host="paymants.snelis.com" />
+	<target host="session.snelis.com" />
+	<target host="staff.snelis.com" />
+	<target host="www.snelis.com" />
 	<target host="snelpanel.com" />
 	<target host="www.snelpanel.com" />
 	<target host="snelserver.com" />
 	<target host="www.snelserver.com" />
 
 
-	<securecookie host="^.*\.snelis\.com$" name=".*" />
-
+	<securecookie host="^.*\.snelis\.com$" name=".+" />
 
-	<rule from="^http://(www\.)?snel(is|panel|server)\.com/"
-		to="https://$1snel$2.com/" />
 
-	<rule from="^http://(api|livesales|paymants|session|staff)\.snelis\.com/"
-		to="https://$1.snelis.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Snel.com.xml b/src/chrome/content/rules/Snel.com.xml
new file mode 100644
index 000000000000..3f4e7ea2e3d5
--- /dev/null
+++ b/src/chrome/content/rules/Snel.com.xml
@@ -0,0 +1,55 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://session.snel.com// (200) => https://control.snel.com/ (401)
+Non-2xx HTTP code: http://session.snel.com/ (200) => https://control.snel.com/ (401)
+
+	Insecure cookies are set for these hosts:
+
+		- snel.com
+		- staff.snel.com
+		- www.snel.com
+
+
+	Mixed content:
+
+		- css on (www.)? from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Snel.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="snel.com" />
+	<target host="api.snel.com" />
+	<target host="control.snel.com" />
+	<target host="staff.snel.com" />
+	<target host="www.snel.com" />
+
+	<!--	Complications:
+				-->
+	<target host="session.snel.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?snel\.com$" name="^_icl_current_language$" /-->
+	<!--securecookie host="^staff\.snel\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^(?:.+\.)?snel\.com$" name=".+" />
+
+
+	<!--	Redirect drops path, args,
+		and forward slash:
+					-->
+	<rule from="^http://session\.snel\.com/.*"
+		to="https://control.snel.com/" />
+
+		<test url="http://session.snel.com//" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Snellman.net.xml b/src/chrome/content/rules/Snellman.net.xml
new file mode 100644
index 000000000000..b537d529011a
--- /dev/null
+++ b/src/chrome/content/rules/Snellman.net.xml
@@ -0,0 +1,18 @@
+<!--
+	Nonfunctional subdomains:
+
+		- terra *
+
+	* Shows www
+
+-->
+<ruleset name="Snellman.net (partial)">
+
+	<target host="snellman.net" />
+	<target host="www.snellman.net" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Snip.ly.xml b/src/chrome/content/rules/Snip.ly.xml
new file mode 100644
index 000000000000..4e82a3bd8136
--- /dev/null
+++ b/src/chrome/content/rules/Snip.ly.xml
@@ -0,0 +1,24 @@
+<!--
+	Invalid certificate:
+	- go.snip.ly
+
+	Connection refused:
+	- calendar.snip.ly
+	- drive.snip.ly
+	- mail.snip.ly
+	- web1.snip.ly
+	- web2.snip.ly
+	- q.snip.ly
+
+	https installed:
+	- blog.snip.ly
+
+-->
+<ruleset name="Snip.ly">
+	<target host="snip.ly" />
+	<target host="www.snip.ly" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Snip2Code.com.xml b/src/chrome/content/rules/Snip2Code.com.xml
new file mode 100644
index 000000000000..64a60aa3d175
--- /dev/null
+++ b/src/chrome/content/rules/Snip2Code.com.xml
@@ -0,0 +1,34 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://api.snip2code.com/ => https://api.snip2code.com/: (51, "SSL: no alternative certificate subject name matches target host name 'api.snip2code.com'")
+Fetch error: http://apidev.snip2code.com/ => https://apidev.snip2code.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://dev.snip2code.com/ => https://dev.snip2code.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+	^snip2code.com: Handshake fails
+
+-->
+<ruleset name="Snip2Code.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="api.snip2code.com" />
+	<target host="apidev.snip2code.com" />
+	<target host="dev.snip2code.com" />
+	<target host="www.snip2code.com" />
+
+	<!--	Complications:
+				-->
+	<target host="snip2code.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://snip2code\.com/"
+		to="https://www.snip2code.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Snipcart.com.xml b/src/chrome/content/rules/Snipcart.com.xml
new file mode 100644
index 000000000000..4ec5d6262c13
--- /dev/null
+++ b/src/chrome/content/rules/Snipcart.com.xml
@@ -0,0 +1,43 @@
+<!--
+	Problematic hosts in *snipcart.com:
+
+		- docs *
+
+	* Mismatched
+
+
+	Fully covered hosts in *snipcart.com:
+
+		- (www.)?
+		- app
+		- cdn
+
+
+	Insecure cookies are set for these domains:
+
+		- .app.snipcart.com
+		- .docs.snipcart.com
+
+-->
+<ruleset name="Snipcart.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="snipcart.com" />
+	<target host="app.snipcart.com" />
+	<target host="cdn.snipcart.com" />
+	<!--target host="docs.snipcart.com" /-->
+	<target host="www.snipcart.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.(app|docs)\.snipcart\.com$" name="^ARRAffinity$" /-->
+
+	<securecookie host="^\.app\.snipcart\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Snipt.net.xml b/src/chrome/content/rules/Snipt.net.xml
new file mode 100644
index 000000000000..ec9fe04db9b4
--- /dev/null
+++ b/src/chrome/content/rules/Snipt.net.xml
@@ -0,0 +1,28 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://blog.snipt.net/ => https://blog.snipt.net/: (6, 'Could not resolve host: blog.snipt.net')
+
+	Insecure cookies are set for these domains:
+
+		- .snipt.net
+
+-->
+<ruleset name="Snipt.net" default_off="failed ruleset test">
+
+	<target host="snipt.net" />
+	<target host="blog.snipt.net" />
+	<target host="www.snipt.net" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.snipt\.net$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Snmc.io.xml b/src/chrome/content/rules/Snmc.io.xml
new file mode 100644
index 000000000000..d1a2a24c0664
--- /dev/null
+++ b/src/chrome/content/rules/Snmc.io.xml
@@ -0,0 +1,10 @@
+<!--
+	Invalid certificate:
+		snmc.io
+		www.snmc.io
+-->
+<ruleset name="snmc.io">
+	<target host="e.snmc.io" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Snob.ru.xml b/src/chrome/content/rules/Snob.ru.xml
new file mode 100644
index 000000000000..83a21d367d56
--- /dev/null
+++ b/src/chrome/content/rules/Snob.ru.xml
@@ -0,0 +1,8 @@
+<ruleset name="Snob.ru">
+	<target host="snob.ru" />
+	<target host="www.snob.ru" />
+	<target host="stellaclar.snob.ru" />
+	<target host="shop.snob.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Snoobi.xml b/src/chrome/content/rules/Snoobi.xml
index d010bb085199..c1623ff32b10 100644
--- a/src/chrome/content/rules/Snoobi.xml
+++ b/src/chrome/content/rules/Snoobi.xml
@@ -1,20 +1,20 @@
-<!--
-	Nonfunctional domains:
-
-		- (www.)snoobi.com
-		- (www.)snoobi.fi
-		- (www.)snoobi.nl
-
--->
-<ruleset name="Snoobi (partial)">
-
-	<target host="*.snoobi.com" />
-
-
-	<securecookie host="^.*\.snoobi\.com" name=".+" />
-
-
-	<rule from="^http://(analytics|eu1)\.snoobi\.com/"
-		to="https://$1.snoobi.com/" />
-
-</ruleset>
+<!--
+	self-signed:
+		- (www.)snoobi.com
+		- (www.)snoobi.fi
+		- (www.)snoobi.nl
+
+-->
+<ruleset name="Snoobi (partial)">
+
+	<target host="analytics.snoobi.com" />
+	<target host="eu1.snoobi.com" />
+
+
+	<securecookie host=".+" name=".+"/>
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Snoonet.xml b/src/chrome/content/rules/Snoonet.xml
new file mode 100644
index 000000000000..57b87577ed58
--- /dev/null
+++ b/src/chrome/content/rules/Snoonet.xml
@@ -0,0 +1,9 @@
+<ruleset name="Snoonet">
+  <target host="www.snoonet.org" />
+  <target host="snoonet.org" />
+
+  <rule from="^http:" to="https:" />
+
+  <test url="http://www.snoonet.org/communities" />
+  <test url="http://snoonet.org/SSL" />
+</ruleset>
diff --git a/src/chrome/content/rules/Snopes.com.xml b/src/chrome/content/rules/Snopes.com.xml
new file mode 100644
index 000000000000..3421941cd1e5
--- /dev/null
+++ b/src/chrome/content/rules/Snopes.com.xml
@@ -0,0 +1,30 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+		- msgboard.snopes.com
+		- newsletter.snopes.com
+
+		Timeout was reached:
+		- archive.snopes.com
+		- now.snopes.com
+
+		SSL connect error:
+		- m.snopes.com
+		- message.snopes.com
+
+		SSL peer certificate was not OK:
+		- live2.snopes.com
+		- staging.snopes.com
+		- static.snopes.com
+
+		Peer certificate cannot be authenticated with given CA certificates:
+		- mail.snopes.com
+		- zeus-origin.snopes.com
+-->
+<ruleset name="Snopes.com">
+	<target host="snopes.com" />
+	<target host="www.snopes.com" />
+	<target host="dev.snopes.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Snort.xml b/src/chrome/content/rules/Snort.xml
index b51ca1bbb94c..daa10ecd918e 100644
--- a/src/chrome/content/rules/Snort.xml
+++ b/src/chrome/content/rules/Snort.xml
@@ -1,20 +1,29 @@
+
 <!--
-	Nonfunctional subdomains:
+Disabled by https-everywhere-checker because:
+Fetch error: http://store.snort.org/ => https://store.snort.org/: (6, 'Could not resolve host: store.snort.org')
+
+	Nonfunctional hosts in *snort.org:
+
+		- blog *
+		- vrt-blog *
 
-		- blog		(interrupted)
+	* Blogger
 
 -->
-<ruleset name="Snort (partial)">
+<ruleset name="Snort.com (partial)" default_off="failed ruleset test">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="snort.org" />
-	<target host="*.snort.org" />
-	<target host="*.store.snort.org" />
+	<target host="store.snort.org" />
+	<target host="www.snort.org" />
 
 
-	<securecookie host=".+\.snort\.org$" name=".+" />
+	<securecookie host=".\.snort\.org$" name=".+" />
 
 
-	<rule from="^http://(store\.|www\.)?snort\.org/"
-		to="https://$1snort.org/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Snow_Magazine.xml b/src/chrome/content/rules/Snow_Magazine.xml
index d4bd838a0afe..2013233c75c9 100644
--- a/src/chrome/content/rules/Snow_Magazine.xml
+++ b/src/chrome/content/rules/Snow_Magazine.xml
@@ -11,7 +11,7 @@
 	<securecookie host="^www\.snowmagazineonline\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?snowmagazineonline\.com/"
+	<rule from="^http://(?:www\.)?snowmagazineonline\.com/"
 		to="https://www.snowmagazineonline.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Snowdrift.coop.xml b/src/chrome/content/rules/Snowdrift.coop.xml
new file mode 100644
index 000000000000..5373e0b69136
--- /dev/null
+++ b/src/chrome/content/rules/Snowdrift.coop.xml
@@ -0,0 +1,17 @@
+<ruleset name="Snowdrift.coop">
+
+	<target host="snowdrift.coop" />
+	<target host="www.snowdrift.coop" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^snowdrift\.coop$" name="^_SESSION$" /-->
+
+	<securecookie host="^snowdrift\.coop$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Snowfly.xml b/src/chrome/content/rules/Snowfly.xml
new file mode 100644
index 000000000000..ceb267df9abf
--- /dev/null
+++ b/src/chrome/content/rules/Snowfly.xml
@@ -0,0 +1,19 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://regencesecure.snowfly.com/ => https://regencesecure.snowfly.com/: (6, 'Could not resolve host: regencesecure.snowfly.com')
+
+	(www.)?snowfly.com: 403
+
+-->
+<ruleset name="Snowfly (partial)" default_off="failed ruleset test">
+
+	<target host="beesecure.prpa.org" />
+	<target host="starawardssecure.snowfly.com" />
+	<target host="regencesecure.snowfly.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SnugNote.xml b/src/chrome/content/rules/SnugNote.xml
deleted file mode 100644
index 3be5e7e766aa..000000000000
--- a/src/chrome/content/rules/SnugNote.xml
+++ /dev/null
@@ -1,26 +0,0 @@
-<!--
-	CDN buckets:
-
-		- d109v76l78uty1.cloudfront.net
-		- snugnote.desk.com
-
-
-	Nonfunctional subdomains:
-
-		- blog		
-		- help		(redirects to http; mismatched, CN: *.desk.com)
-
--->
-<ruleset name="SnugNote (partial)">
-
-	<target host="snugnote.com" />
-	<target host="*.snugnote.com" />
-
-
-	<securecookie host="^\.?snugnote\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?snugnote\.com/"
-		to="https://$1snugnote.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/So-Raise-Your-Glasses.xml b/src/chrome/content/rules/So-Raise-Your-Glasses.xml
index 7e97a7ed2bdd..e1261304a209 100644
--- a/src/chrome/content/rules/So-Raise-Your-Glasses.xml
+++ b/src/chrome/content/rules/So-Raise-Your-Glasses.xml
@@ -1,13 +1,22 @@
-<ruleset name="So Raise Your Glasses">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://soraiseyourglasses.com/ => https://soraiseyourglasses.com/: (51, "SSL: no alternative certificate subject name matches target host name 'soraiseyourglasses.com'")
+Fetch error: http://www.soraiseyourglasses.com/ => https://www.soraiseyourglasses.com/: Too many redirects while fetching 'https://www.soraiseyourglasses.com/'
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://soraiseyourglasses.com/ => https://soraiseyourglasses.com/: (51, "SSL: no alternative certificate subject name matches target host name 'soraiseyourglasses.com'")
+Fetch error: http://www.soraiseyourglasses.com/ => https://www.soraiseyourglasses.com/: Cycle detected - URL already encountered: https://www.soraiseyourglasses.com/
+-->
+<ruleset name="So Raise Your Glasses" default_off="failed ruleset test">
 
 	<target host="soraiseyourglasses.com" />
 	<target host="www.soraiseyourglasses.com" />
 
 
-	<securecookie host="^www\.soraiseyourglasses\.com$" name=".*" />
+	<securecookie host="^www\.soraiseyourglasses\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?soraiseyourglasses\.com/"
-		to="https://$1soraiseyourglasses.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/So.cl.xml b/src/chrome/content/rules/So.cl.xml
new file mode 100644
index 000000000000..e07371cef9b1
--- /dev/null
+++ b/src/chrome/content/rules/So.cl.xml
@@ -0,0 +1,29 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://so.cl/ => https://so.cl/: (7, 'Failed to connect to so.cl port 443: Connection timed out')
+Fetch error: http://www.so.cl/ => https://www.so.cl/: (6, 'Could not resolve host: www.so.cl')
+
+Fetch error: http://so.cl/ => https://so.cl/: (7, 'Failed to connect to so.cl port 443: Connection timed out')
+Fetch error: http://www.so.cl/ => https://www.so.cl/: Cycle detected - URL already encountered: https://www.so.cl/
+
+	For other Microsoft coverage, see Microsoft.xml.
+
+
+	Fully covered hosts in *so.cl:
+
+		- (www.)?
+
+-->
+<ruleset name="So.cl" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="so.cl" />
+	<target host="www.so.cl" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/So.com.xml b/src/chrome/content/rules/So.com.xml
new file mode 100644
index 000000000000..3651686805a7
--- /dev/null
+++ b/src/chrome/content/rules/So.com.xml
@@ -0,0 +1,146 @@
+<!--
+	For other ruleset of Qihoo, see 360.cn.xml
+
+	Invalid Certificate:
+		- buy.so.com
+		- buy-b.so.com
+		- captcha.so.com
+		- img.so.com
+		- images.so.com
+		- rd.login.so.com
+		- fb.app.m.so.com
+		- open.map.so.com
+		- subway-sug.map.so.com
+		- maps.so.com
+		- new.so.com
+		- m.news.so.com
+		- mtjapi.news.so.com
+		- rd.news.so.com
+		- open-b.onebox.so.com
+		- wp.onebox.so.com
+		- read.so.com
+		- read-b.so.com
+		- shenbian.so.com
+		- st.so.com
+		- tu.so.com
+		- w.so.com
+		- wd.so.com
+		- wenda.so.com
+		- m.wenda.so.com
+		- xinzhi.wenda.so.com
+		- wwww.so.com
+		- zhanzhang.so.com
+		- zhanzhang-b.so.com
+		- zhidao.so.com
+
+		- m.haosou.com
+
+	Mixed Content:
+		- api.app.m.so.com
+
+	Redirect to HTTP:
+		- dapai.so.com
+		- jifen.so.com
+		- cs.sapi.so.com
+
+	Timeout:
+		- rec.api.so.com
+		- app.so.com
+		- m.app.so.com
+		- baike.so.com
+		- m.baike.so.com
+		- m-b.baike.so.com
+		- njs.baike.so.com
+		- q.baike.so.com
+		- q-b.baike.so.com
+		- upimg.baike.so.com
+		- baike-b.so.com
+		- s.e.so.com
+		- gcs.so.com
+		- liangyi-b.so.com
+		- ly.so.com
+		- helper.m.so.com
+		- reader.m.so.com
+		- api.reader.m.so.com
+		- sug.m.so.com
+		- sug-b.m.so.com
+		- pc.zonghe.m.so.com
+		- pc-b.zonghe.m.so.com
+		- media.so.com
+		- mp3.so.com
+		- music.so.com
+		- m.music.so.com
+		- s.music.so.com
+		- suggest.music.so.com
+		- suggest-b.music.so.com
+		- mbrowser.news.so.com
+		- j.news.so.com
+		- s.news.so.com
+		- s-b.news.so.com
+		- tjapi.news.so.com
+		- zm.news.so.com
+		- onebox.so.com
+		- pfif.so.com
+		- qcaptcha.so.com
+		- ruanjian.so.com
+		- s.so.com
+		- ise.sapi.so.com
+		- ise-b.sapi.so.com
+		- shenghuo.so.com
+		- shiping.so.com
+		- shouji.so.com
+		- soft.so.com
+		- soft-b.so.com
+		- spro.so.com
+		- m.video.so.com
+		- video-b.so.com
+		- wemedia.so.com
+		- suggest.wenda.so.com
+		- ds.www.so.com
+		- waiter.www.so.com
+		- xueshu.so.com
+		- yinyue.so.com
+		- yl.so.com
+
+	403:
+		- p.ssl.so.com
+
+	404:
+		- zonghe.m.so.com
+		- news.so.com
+		- j.www.so.com
+-->
+<ruleset name="So.com">
+	<target host="so.com" />
+	<target host="www.so.com" />
+	<target host="ditu.so.com" />
+	<target host="i.so.com" />
+	<target host="image.so.com" />
+	<target host="dl.image.so.com" />
+	<target host="m.image.so.com" />
+	<target host="se-api.image.so.com" />
+	<target host="sug.image.so.com" />
+	<target host="index.so.com" />
+	<target host="info.so.com" />
+	<target host="login.so.com" />
+	<target host="m.so.com" />
+	<target host="map.so.com" />
+	<target host="api.map.so.com" />
+	<target host="m.map.so.com" />
+	<target host="restapi.map.so.com" />
+	<target host="xinhuashe.search.news.so.com" />
+	<target host="tran.news.so.com" />
+	<target host="open.onebox.so.com" />
+	<target host="t.so.com" />
+	<target host="top.so.com" />
+	<target host="trends.so.com" />
+	<target host="v.so.com" />
+	<target host="video.so.com" />
+	<target host="gem.www.so.com" />
+	<target host="zhishu.so.com" />
+	<target host="www.haosou.com" />
+
+	<securecookie host=".+" name="_.+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SoCal_Linux_Expo.org.xml b/src/chrome/content/rules/SoCal_Linux_Expo.org.xml
new file mode 100644
index 000000000000..a94816968360
--- /dev/null
+++ b/src/chrome/content/rules/SoCal_Linux_Expo.org.xml
@@ -0,0 +1,24 @@
+<!--
+	Fully covered subdomains:
+
+		- (www.)
+		- helpdesk
+		- reg
+		- wiki
+
+-->
+<ruleset name="SoCal Linux Expo.org">
+
+	<target host="socallinuxexpo.org" />
+	<target host="reg.socallinuxexpo.org" />
+	<target host="www.socallinuxexpo.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<securecookie host="^reg\.socallinuxexpo\.org$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SoFun.tw.xml b/src/chrome/content/rules/SoFun.tw.xml
new file mode 100644
index 000000000000..4de5fa09fd7b
--- /dev/null
+++ b/src/chrome/content/rules/SoFun.tw.xml
@@ -0,0 +1,20 @@
+<!--
+	Invalid Certificate:
+		go.sofun.tw
+-->
+<ruleset name="SoFun.tw">
+	<target host="sofun.tw" />
+	<target host="www.sofun.tw" />
+	<target host="album.sofun.tw" />
+	<target host="download.sofun.tw" />
+	<target host="file.sofun.tw" />
+	<target host="hotels.sofun.tw" />
+	<target host="photo.sofun.tw" />
+	<target host="short.sofun.tw" />
+	<target host="short1.sofun.tw" />
+	<target host="short2.sofun.tw" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SoFurry.xml b/src/chrome/content/rules/SoFurry.xml
index 91f6c9134236..7bf14b59131b 100644
--- a/src/chrome/content/rules/SoFurry.xml
+++ b/src/chrome/content/rules/SoFurry.xml
@@ -1,10 +1,11 @@
 <ruleset name="SoFurry">
   <target host="sofurry.com" />
   <target host="www.sofurry.com" />
+  <target host="sofurryfiles.com" />
   <target host="www.sofurryfiles.com" />
 
-  <securecookie host="^(www)?\.sofurry\.com$" name=".+" />
+  <securecookie host="^(?:www)?\.sofurry\.com$" name=".+" />
 
-  <rule from="^http://(www\.)?sofurry\.com/" to="https://www.sofurry.com/" />
-  <rule from="^http://(www\.)?sofurryfiles\.com/" to="https://www.sofurryfiles.com/" />
+  <rule from="^http://(?:www\.)?sofurry\.com/" to="https://www.sofurry.com/" />
+  <rule from="^http://(?:www\.)?sofurryfiles\.com/" to="https://www.sofurryfiles.com/" />
 </ruleset>
diff --git a/src/chrome/content/rules/SoHosted.com.xml b/src/chrome/content/rules/SoHosted.com.xml
new file mode 100644
index 000000000000..fa007e30e84f
--- /dev/null
+++ b/src/chrome/content/rules/SoHosted.com.xml
@@ -0,0 +1,17 @@
+<ruleset name="SoHosted.com">
+
+	<target host="sohosted.com" />
+	<target host="www.sohosted.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?sohosted\.com$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^www\.sohosted\.com$" name="^httpreferer$" /-->
+
+	<securecookie host="^(?:www\.)?sohosted\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SoSci-Survey.xml b/src/chrome/content/rules/SoSci-Survey.xml
index c88e75e63e85..1008a71c98bb 100644
--- a/src/chrome/content/rules/SoSci-Survey.xml
+++ b/src/chrome/content/rules/SoSci-Survey.xml
@@ -1,7 +1,22 @@
-<ruleset name="SoSci Survey">
-	<target host="soscisurvey.de" />
+<!--
+	^soscisurvey.de: Mismatched
+
+-->
+<ruleset name="SoSci Survey.de">
+
+	<!--	Direct rewrites:
+				-->
 	<target host="www.soscisurvey.de" />
 
-	<rule from="^http://(www\.)?soscisurvey\.de/"
-		to="https://$1soscisurvey.de/" />
-</ruleset>
\ No newline at end of file
+	<!--	Complications:
+				-->
+	<target host="soscisurvey.de" />
+
+
+	<rule from="^http://soscisurvey\.de/"
+		to="https://www.soscisurvey.de/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SoShare.xml b/src/chrome/content/rules/SoShare.xml
deleted file mode 100644
index f21774200ea9..000000000000
--- a/src/chrome/content/rules/SoShare.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	CDN buckets:
-
-		- d3473gg3f020ys.cloudfront.net
-
--->
-<ruleset name="SoShare">
-
-	<target host="soshareit.com" />
-	<target host="www.soshareit.com" />
-
-
-	<rule from="^http://(www\.)?soshareit\.com/"
-		to="https://$1soshareit.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/SoZone.de.xml b/src/chrome/content/rules/SoZone.de.xml
new file mode 100644
index 000000000000..adc5ecf9c7bd
--- /dev/null
+++ b/src/chrome/content/rules/SoZone.de.xml
@@ -0,0 +1,38 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- sozone.de
+
+
+	These altnames don't exist:
+
+		- www.forum.sozone.de
+
+
+	Mixed content:
+
+		- Bugs on ^, forum from piwik.pixcept.de *
+
+	* Secured by us
+
+-->
+<ruleset name="SoZone.de">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="sozone.de" />
+	<target host="forum.sozone.de" />
+	<target host="www.sozone.de" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^sozone\.de$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^sozone\.de$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/So_you_Start.com.xml b/src/chrome/content/rules/So_you_Start.com.xml
new file mode 100644
index 000000000000..70c5c4d8e1da
--- /dev/null
+++ b/src/chrome/content/rules/So_you_Start.com.xml
@@ -0,0 +1,33 @@
+<!--
+	For other OVH Group coverage, see Ovh.xml.
+
+
+	Insecure cookies are set for these hosts:
+
+		- soyoustart.com
+		- eu.soyoustart.com
+		- www.soyoustart.com
+
+-->
+<ruleset name="So you Start.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="soyoustart.com" />
+	<target host="eu.api.soyoustart.com" />
+	<target host="eu.soyoustart.com" />
+	<target host="www.soyoustart.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:eu\.|www\.)?soyoustart\.com$" name="^slb$" /-->
+	<!--securecookie host="^www\.soyoustart\.com$" name="^OVHCDN$" /-->
+
+	<securecookie host="^(?:^|\.)soyoustart\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Soap.com.xml b/src/chrome/content/rules/Soap.com.xml
index 829aba39a823..d7899e9a5c58 100644
--- a/src/chrome/content/rules/Soap.com.xml
+++ b/src/chrome/content/rules/Soap.com.xml
@@ -1,25 +1,48 @@
 <!--
-	Other Quidsi rulesets:
+	For other Amazon coverage, see Amazon.xml.
 
-		- BeautyBar.com.xml
+
+	CDN buckets:
+
+		- soap.q-assets.com
+
+
+	^soap.com: Refused
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- .soap.com
+		- www.soap.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="Soap.com (partial)">
+<ruleset name="Soap.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.soap.com" />
 
+	<!--	Complications:
+				-->
 	<target host="soap.com" />
-		<!--	Redirects to http.
-		<exclusion pattern="^http://www\.soap\.com/($|aboutus/|cat=)" /-->
-	<target host="*.soap.com" />
 
 
-	<!--	c[1-4]: Akamai
-		!www: cert is only valid for www.	-->
-	<rule from="^https?://(?:c\d\.)?soap\.com/"
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.soap\.com$" name="^(?:cookie-check|session-id|ubid-main)$" /-->
+	<!--securecookie host="^www\.soap\.com$" name="^(?:GEO_COUNTRYCODE|GEO_ZIPCODE|VISITOR_ID|cookie-check)$" /-->
+
+	<securecookie host=".+" name="^aps-trtmnt$" />
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://soap\.com/"
 		to="https://www.soap.com/" />
 
-	<!--	Many paths redirect to http,
-		so work by inclusing for now.	-->
-	<rule from="^http://www\.soap\.com/((?:checkout|login)\.qs|[iI]mages/|helpcenter/|myaccount/|myfaves/|(?:App_)?Themes/|[\w\-]+\.aspx)"
-		to="https://www.soap.com/$1" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Soapbox-CMS.xml b/src/chrome/content/rules/Soapbox-CMS.xml
index 43cd4a2c5ea4..8ce0cd213045 100644
--- a/src/chrome/content/rules/Soapbox-CMS.xml
+++ b/src/chrome/content/rules/Soapbox-CMS.xml
@@ -1,11 +1,17 @@
-<ruleset name="Soapbox CMS">
 
-	<target host="soapboxcms.com"/>
-	<target host="*.soapboxcms.com"/>
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://soapboxcms.com/ => https://soapboxcms.com/: (6, 'Could not resolve host: soapboxcms.com')
+Fetch error: http://www.soapboxcms.com/ => https://www.soapboxcms.com/: (6, 'Could not resolve host: www.soapboxcms.com')
 
-	<securecookie host="^(.*\.)?soapboxcms\.com$" name=".*"/>
+-->
+<ruleset name="Soapbox CMS" default_off="failed ruleset test">
 
-	<rule from="^http://(www\.)?soapboxcms\.com/"
-		to="https://$1soapboxcms.com/"/>
+	<target host="soapboxcms.com" />
+	<target host="www.soapboxcms.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Sobollubov.ru.xml b/src/chrome/content/rules/Sobollubov.ru.xml
new file mode 100644
index 000000000000..69e05a45da46
--- /dev/null
+++ b/src/chrome/content/rules/Sobollubov.ru.xml
@@ -0,0 +1,13 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://sobollubov.ru/ => https://sobollubov.ru/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://www.sobollubov.ru/ => https://www.sobollubov.ru/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+
+-->
+<ruleset name="Sobollubov.ru" default_off="failed ruleset test">
+	<target host="sobollubov.ru" />
+	<target host="www.sobollubov.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Social-Engineer.com.xml b/src/chrome/content/rules/Social-Engineer.com.xml
index a555012e896d..456d9d6dbad5 100644
--- a/src/chrome/content/rules/Social-Engineer.com.xml
+++ b/src/chrome/content/rules/Social-Engineer.com.xml
@@ -7,7 +7,6 @@
 	<securecookie host="^(?:www\.)?social-engineer\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?social-engineer\.com/"
-		to="https://$1social-engineer.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/SocialBox.xml b/src/chrome/content/rules/SocialBox.xml
index b5fa1b763991..c54af72a8d44 100644
--- a/src/chrome/content/rules/SocialBox.xml
+++ b/src/chrome/content/rules/SocialBox.xml
@@ -1,10 +1,10 @@
-<ruleset name="SocialBox">
+<ruleset name="SocialBox" default_off="plaintext reply">
 
 	<target host="socialboxusa.com" />
 	<target host="www.socialboxusa.com" />
 
 
-	<rule from="^http://(www\.)?socialboxusa\.com/"
-		to="https://$1socialboxusa.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SocialProgressImperative.org.xml b/src/chrome/content/rules/SocialProgressImperative.org.xml
new file mode 100644
index 000000000000..a0ef6f990445
--- /dev/null
+++ b/src/chrome/content/rules/SocialProgressImperative.org.xml
@@ -0,0 +1,16 @@
+<!--
+	MCB from fonts.net
+
+	Invalid certificate:
+		api.socialprogressimperative.org
+
+-->
+<ruleset name="Social Progress Imperative.org">
+
+	<target host="socialprogressimperative.org" />
+	<target host="www.socialprogressimperative.org" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SocialRank.com.xml b/src/chrome/content/rules/SocialRank.com.xml
new file mode 100644
index 000000000000..3d6d6beff87f
--- /dev/null
+++ b/src/chrome/content/rules/SocialRank.com.xml
@@ -0,0 +1,30 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://socialrank.co/ => https://socialrank.co/: Too many redirects while fetching 'https://socialrank.co/'
+Fetch error: http://www.socialrank.co/ => https://www.socialrank.co/: Too many redirects while fetching 'https://www.socialrank.co/'
+
+	Nonfunctional subdomains:
+
+		- blog *
+
+	* Show socialrank.co
+
+
+	These altnames don't exist:
+
+		- www.i.socialrank.com
+
+
+	(www.)?....co is a simple redirect to .com
+
+-->
+<ruleset name="SocialRank.com (partial)" default_off="failed ruleset test">
+
+	<target host="socialrank.co" />
+	<target host="www.socialrank.co" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SocialSafety.org.xml b/src/chrome/content/rules/SocialSafety.org.xml
index f37d3795fdfc..cb8483450a37 100644
--- a/src/chrome/content/rules/SocialSafety.org.xml
+++ b/src/chrome/content/rules/SocialSafety.org.xml
@@ -8,7 +8,7 @@
 	<target host="www.socialsafety.org" />
 
 
-	<rule from="^http://(?:www\.)?socialsafety\.org/"
-		to="https://socialsafety.org/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SocialSecurity.xml b/src/chrome/content/rules/SocialSecurity.xml
index b0cf71cca0cb..f0f1903387ed 100644
--- a/src/chrome/content/rules/SocialSecurity.xml
+++ b/src/chrome/content/rules/SocialSecurity.xml
@@ -1,27 +1,29 @@
 <!--
-	For other US government coverage, see US-government.xml.
+	U.S. Social Security Administration
 
--->
-<ruleset name="US Social Security Administration" platform="mixedcontent">
 
-	<target host="socialsecurity.gov" />
-	<target host="*.socialsecurity.gov" />
-		<exclusion pattern="^https://ftp\." />
-	<target host="ssa.gov" />
-	<target host="*.ssa.gov" />
 
+	Nonfunctional hosts in *socialsecurity.gov:
+
+		- search ³
+
+	³ 403
 
-	<securecookie host="^((www)?\.)?socialsecurity\.gov$" name=".+" />
-	<securecookie host="^((ftp|secure|stats|www)?\.)?ssa\.gov$" name=".+" />
+-->
+<ruleset name="Social Security.gov (partial)">
+
+	<target host="socialsecurity.gov" />
+	<target host="myaccount.socialsecurity.gov" />
+	<target host="www.myaccount.socialsecurity.gov" />
+	<target host="signup.socialsecurity.gov" />
+	<target host="www.signup.socialsecurity.gov" />
+	<target host="www.socialsecurity.gov" />
 
 
-	<rule from="^https?://(?:www\.)?socialsecurity\.gov/"
-		to="https://www.socialsecurity.gov/" />
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^https?://(?:ftp\.|www\.)?ssa\.gov/"
-		to="https://www.socialsecurity.gov/" />
 
-	<rule from="^http://s(ecure|tats)\.ssa\.gov/"
-		to="https://s$1.ssa.gov/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/SocialShows.xml b/src/chrome/content/rules/SocialShows.xml
index 47068d7ca261..7acbedff114c 100644
--- a/src/chrome/content/rules/SocialShows.xml
+++ b/src/chrome/content/rules/SocialShows.xml
@@ -1,4 +1,10 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://socialshows.com/ => https://socialshows.net/: (6, 'Could not resolve host: socialshows.net')
+Fetch error: http://www.socialshows.com/ => https://socialshows.net/: (6, 'Could not resolve host: socialshows.net')
+Fetch error: http://socialshows.net/ => https://socialshows.net/: (6, 'Could not resolve host: socialshows.net')
+
 	Problematic domains:
 
 		- (www.)socialshows.com *
@@ -7,12 +13,12 @@
 	* No https
 
 -->
-<ruleset name="SocialShows">
+<ruleset name="SocialShows" default_off="failed ruleset test">
 
 	<target host="socialshows.com" />
 	<target host="www.socialshows.com" />
 	<target host="socialshows.net" />
-	<target host="*.socialshows.net" />
+	<target host="www.socialshows.net" />
 
 
 	<securecookie host="^\.?socialshows\.net$" name=".+" />
@@ -21,4 +27,4 @@
 	<rule from="^http://(?:www\.)?socialshows\.(?:com|net)/"
 		to="https://socialshows.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SocialTwist.xml b/src/chrome/content/rules/SocialTwist.xml
index 16d49efa3185..b21ee16e33d7 100644
--- a/src/chrome/content/rules/SocialTwist.xml
+++ b/src/chrome/content/rules/SocialTwist.xml
@@ -1,8 +1,12 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://socialtwist.com/ => https://socialtwist.com/: (51, "SSL: no alternative certificate subject name matches target host name 'socialtwist.com'")
+
 	cdn.socialtwist.com is hosted at s3.amazonaws.com/cdn.socialtwist.com/, but has a valid cert.
 
 -->
-<ruleset name="SocialTwist">
+<ruleset name="SocialTwist" default_off="failed ruleset test">
 
 	<target host="socialtwist.com" />
 	<target host="*.socialtwist.com" />
diff --git a/src/chrome/content/rules/Social_Code_dev.com.xml b/src/chrome/content/rules/Social_Code_dev.com.xml
index 8494dbc6fe65..23499795d87c 100644
--- a/src/chrome/content/rules/Social_Code_dev.com.xml
+++ b/src/chrome/content/rules/Social_Code_dev.com.xml
@@ -1,14 +1,18 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://socialcodedev.com/ => https://socialcodedev.com/: (6, 'Could not resolve host: socialcodedev.com')
+Fetch error: http://www.socialcodedev.com/ => https://www.socialcodedev.com/: (6, 'Could not resolve host: www.socialcodedev.com')
+
 	Web bugs.
 
 -->
-<ruleset name="Social Code dev.com">
+<ruleset name="Social Code dev.com" default_off="failed ruleset test">
 
 	<target host="socialcodedev.com" />
 	<target host="www.socialcodedev.com" />
 
 
-	<rule from="^http://(www\.)?socialcodedev\.com/"
-		to="https://$1socialcodedev.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Social_Fixer.com.xml b/src/chrome/content/rules/Social_Fixer.com.xml
index 3f0b335cfe06..57afd0d86a9d 100644
--- a/src/chrome/content/rules/Social_Fixer.com.xml
+++ b/src/chrome/content/rules/Social_Fixer.com.xml
@@ -1,22 +1,9 @@
-<!--
-	Expired 2012-10-30
-
-
-	Mixed content:
-
-		- Icon on ^ from ^ *
-
-		- Web bugs on ^ from www.facebook.com *
-
-	* Secured by us
--->
-<ruleset name="Social Fixer.com" default_off="expired">
+<ruleset name="Social Fixer.com">
 
 	<target host="socialfixer.com" />
 	<target host="www.socialfixer.com" />
 
-
-	<rule from="^http://(?:www\.)?socialfixer\.com/"
-		to="https://socialfixer.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Social_Reader.com.xml b/src/chrome/content/rules/Social_Reader.com.xml
deleted file mode 100644
index 0be615702340..000000000000
--- a/src/chrome/content/rules/Social_Reader.com.xml
+++ /dev/null
@@ -1,31 +0,0 @@
-<!--
-	CDN buckets:
-
-		- d2pe20ur0h0p8p.cloudfront.net
-
-
-	Nonfunctional subdomains:
-
-		- help	(refused)
-
-
-	Fully covered subdomains:
-
-		- (www.)
-		- event...:9443
-		- id
-
--->
-<ruleset name="Social Reader.com (partial)">
-
-	<target host="socialreader.com" />
-	<target host="*.socialreader.com" />
-
-
-	<securecookie host="^(?:id)?\.socialreader\.com$" name=".+" />
-
-
-	<rule from="^http://((?:event|id|www)\.)?socialreader\.com(:9443)?/"
-		to="https://$1socialreader.com$2/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Social_Screamer.xml b/src/chrome/content/rules/Social_Screamer.xml
index 68fdc0956a11..c164ff92d6e0 100644
--- a/src/chrome/content/rules/Social_Screamer.xml
+++ b/src/chrome/content/rules/Social_Screamer.xml
@@ -1,4 +1,11 @@
-<ruleset name="Social Screamer">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://socialscreamer.com/ => https://socialscreamer.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.socialscreamer.com/ => https://www.socialscreamer.com/: (28, 'Connection timed out after 20011 milliseconds')
+
+-->
+<ruleset name="Social Screamer" default_off="failed ruleset test">
 
 	<target host="socialscreamer.com" />
 	<target host="www.socialscreamer.com" />
@@ -7,7 +14,6 @@
 	<securecookie host="^\.socialscreamer\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?socialscreamer\.com/"
-		to="https://$1socialscreamer.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Social_Theater.xml b/src/chrome/content/rules/Social_Theater.xml
index 8b6a78055341..cd9415102eb5 100644
--- a/src/chrome/content/rules/Social_Theater.xml
+++ b/src/chrome/content/rules/Social_Theater.xml
@@ -7,7 +7,6 @@
 	<securecookie host="^(?:www\.)?socialtheater\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?socialtheater\.com/"
-		to="https://$1socialtheater.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Socialbakers.xml b/src/chrome/content/rules/Socialbakers.xml
index 0e9027b408dd..58a7281ef9e0 100644
--- a/src/chrome/content/rules/Socialbakers.xml
+++ b/src/chrome/content/rules/Socialbakers.xml
@@ -1,11 +1,13 @@
-<!--	wpc.50b9.edgecastcdn.net/0050B9/
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://socialbakers.com/ => https://socialbakers.com/: (52, 'Empty reply from server')	wpc.50b9.edgecastcdn.net/0050B9/
 -->
 <ruleset name="socialbakers.com" platform="mixedcontent">
 
 	<target host="socialbakers.com"/>
 	<target host="*.socialbakers.com"/>
 
-	<securecookie host="^(.*\.)?socialbakers\.com$" name=".*"/>
+	<securecookie host=".+" name=".+" />
 
 	<!--	encountered subdomains:
 			- analytics
diff --git a/src/chrome/content/rules/Socialblade.com.xml b/src/chrome/content/rules/Socialblade.com.xml
new file mode 100644
index 000000000000..cc062b027d3a
--- /dev/null
+++ b/src/chrome/content/rules/Socialblade.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="Socialblade.com">
+	<target host="socialblade.com" />
+	<target host="www.socialblade.com" />
+	<target host="analytics.socialblade.com" />
+	<target host="support.socialblade.com" />
+
+	<rule from="^http:"	to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Socialcube.net.xml b/src/chrome/content/rules/Socialcube.net.xml
new file mode 100644
index 000000000000..48a533e5787a
--- /dev/null
+++ b/src/chrome/content/rules/Socialcube.net.xml
@@ -0,0 +1,21 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://lite.socialcube.net/ => https://lite.socialcube.net/: (60, 'SSL certificate problem: certificate has expired')
+
+	Fully covered subdomains:
+
+		- (www.)?
+		- lite
+
+-->
+<ruleset name="Socialcube.net (partial)" default_off="failed ruleset test">
+
+	<target host="socialcube.net" />
+	<target host="lite.socialcube.net" />
+	<target host="www.socialcube.net" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SocialistWorker.org.xml b/src/chrome/content/rules/SocialistWorker.org.xml
new file mode 100644
index 000000000000..72ed9ad1f5cb
--- /dev/null
+++ b/src/chrome/content/rules/SocialistWorker.org.xml
@@ -0,0 +1,12 @@
+<!--
+	This domain has a wildcard DNS record
+
+-->
+<ruleset name="SocialistWorker.org">
+
+	<target host="socialistworker.org" />
+	<target host="www.socialistworker.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Socialtext.net.xml b/src/chrome/content/rules/Socialtext.net.xml
new file mode 100644
index 000000000000..64622984ab06
--- /dev/null
+++ b/src/chrome/content/rules/Socialtext.net.xml
@@ -0,0 +1,15 @@
+<ruleset name="Socialtext.net (partial)">
+
+	<target host="saml.socialtext.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^saml\.socialtext\.net$" name="^PF$" /-->
+
+	<securecookie host="^saml\.socialtext\.net$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Socialtyzetracking.com.xml b/src/chrome/content/rules/Socialtyzetracking.com.xml
new file mode 100644
index 000000000000..19800d19d78e
--- /dev/null
+++ b/src/chrome/content/rules/Socialtyzetracking.com.xml
@@ -0,0 +1,33 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.socialtyzetracking.com/ => https://www.socialtyzetracking.com/: (28, 'Connection timed out after 20002 milliseconds')
+Fetch error: http://socialtyzetracking.com/ => https://www.socialtyzetracking.com/: (28, 'Connection timed out after 20000 milliseconds')
+
+	For other Nanigans coverage, see Nanigans.xml.
+
+
+	^socialtyzetracking.com: Mismatched
+
+-->
+<ruleset name="socialtyzetracking.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.socialtyzetracking.com" />
+
+	<!--	Complications:
+				-->
+	<target host="socialtyzetracking.com" />
+
+
+	<securecookie host="^www\.socialtyzetracking\.com$" name=".+" />
+
+
+	<rule from="^http://socialtyzetracking\.com/"
+		to="https://www.socialtyzetracking.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Sociamonials.com.xml b/src/chrome/content/rules/Sociamonials.com.xml
new file mode 100644
index 000000000000..dbd18c339c99
--- /dev/null
+++ b/src/chrome/content/rules/Sociamonials.com.xml
@@ -0,0 +1,17 @@
+<!--
+	Mixed content:
+
+		- Images on www from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Sociamonials.com">
+
+	<target host="sociamonials.com" />
+	<target host="www.sociamonials.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Society-for-Technical-Communication.xml b/src/chrome/content/rules/Society-for-Technical-Communication.xml
index a584c2c3bf85..ed404f104e9c 100644
--- a/src/chrome/content/rules/Society-for-Technical-Communication.xml
+++ b/src/chrome/content/rules/Society-for-Technical-Communication.xml
@@ -1,10 +1,12 @@
 <ruleset name="Society for Technical Communication (partial)" default_off="expired, mismatch">
 
 	<target host="stc.org" />
-	<target host="*.stc.org" />
+	<target host="archive.stc.org" />
+	<target host="www.stc.org" />
+	<target host="jobs.stc.org" />
 
 
-	<securecookie host="^.*\.stc\.org$" name=".*" />
+	<securecookie host="^.*\.stc\.org$" name=".+" />
 
 
 	<!--	Cert only matches www.stc.org.
@@ -16,7 +18,7 @@
 	<rule from="^http://archive\.stc\.org/"
 		to="https://archive.stc.org/" />
 
-	<rule from="^https?://(?:www\.)?stc\.org/index\.asp"
+	<rule from="^http://(?:www\.)?stc\.org/index\.asp"
 		to="https://archive.stc.org/index.asp" />
 
 	<!--	Cert: *.jobtarget.com	-->
diff --git a/src/chrome/content/rules/Society-of-Light-and-Lighting.xml b/src/chrome/content/rules/Society-of-Light-and-Lighting.xml
index 88cd84a0bcab..2261f61ca676 100644
--- a/src/chrome/content/rules/Society-of-Light-and-Lighting.xml
+++ b/src/chrome/content/rules/Society-of-Light-and-Lighting.xml
@@ -5,10 +5,10 @@
 	<target host="www.sll.org.uk" />
 
 
-	<securecookie host="^sll\.org\.uk$" name=".*" />
+	<securecookie host="^sll\.org\.uk$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?ssl\.org\.uk/"
+	<rule from="^http://(?:www\.)?ssl\.org\.uk/"
 		to="https://ssl.org.uk/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Society_for_Neuroscience.xml b/src/chrome/content/rules/Society_for_Neuroscience.xml
index 2002f9aab911..146b8b8780bc 100644
--- a/src/chrome/content/rules/Society_for_Neuroscience.xml
+++ b/src/chrome/content/rules/Society_for_Neuroscience.xml
@@ -1,17 +1,87 @@
 <!--
-	Cert only matches www.
+	Society for Neuroscience
+
+
+	Problematic hosts in *sfn.org:
+
+		- ^ ¹
+		- community ²
+
+	¹ Prints default page
+	² Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- ebiz.sfn.org
+		- neuronline.sfn.org
+		- www.sfn.org
+
+
+	Mixed content:
+
+		- Image on community from neuronline.sfn.org *
+		- favicon on community from www.sfn.org *
+
+	* Secured by us
 
 -->
-<ruleset name="Society for Neuroscience" default_off="expired">
+<ruleset name="SFN.org (partial)">
 
-	<target host="sfn.org" />
+	<!--	Direct rewrites:
+				-->
+	<!--target host="community.sfn.org" /-->
+	<target host="ebiz.sfn.org" />
+	<target host="neuronline.sfn.org" />
 	<target host="www.sfn.org" />
 
+	<!--	Complications:
+				-->
+	<target host="sfn.org" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://(?:neuronline|www)\.sfn\.org/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://(?:neuronline|www)\.sfn\.org/+(?!SfN_favicon\.ico|WebResource\.axd|css/|fonts/|images/|~/media/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://neuronline.sfn.org/Articles/FAQs" />
+			<test url="http://neuronline.sfn.org/Browse" />
+			<test url="http://neuronline.sfn.org/Topics/Scientific-Research" />
+
+			<test url="http://www.sfn.org/About/Mission-and-Strategic-Plan" />
+			<test url="http://www.sfn.org/Advertise/Advertise" />
+			<test url="http://www.sfn.org/Press-Room/Press-Room" />
+			<test url="http://www.sfn.org/member-center/member-directory" />
 
-	<securecookie host="^www\.sfn\.org$" name=".+" />
+			<!--	-ve:
+					-->
+			<test url="http://neuronline.sfn.org/css/omp/omp-print.css" />
+			<test url="http://neuronline.sfn.org/images/omp/ui/logo-neuronline2x.png" />
 
+			<test url="http://www.sfn.org/SfN_favicon.ico" />
+			<test url="http://www.sfn.org/WebResource.axd?d=" />
+			<test url="http://www.sfn.org/images/sfn/temp/brainfacts.jpg" />
+			<test url="http://www.sfn.org/~/media/SfN/Images/Logos/logo.ashx" />
 
-	<rule from="^https?://(?:www\.)?sfn\.org/"
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^ebiz\.sfn\.org$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^(?:neuronline\.|www\.)?sfn\.org$" name="^(?:ASP\.NET_SessionId|SC_ANALYTICS_SESSION_COOKIE)$" /-->
+
+	<securecookie host="^ebiz\.sfn\.org$" name=".+" />
+	<securecookie host="^(?:neuronline\.|www\.)?sfn\.org$" name="^SC_ANALYTICS_SESSION_COOKIE$" />
+
+
+	<rule from="^http://sfn\.org/"
 		to="https://www.sfn.org/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Societyforscience.org.xml b/src/chrome/content/rules/Societyforscience.org.xml
index 892cf83e2950..b8bb8a6385ab 100644
--- a/src/chrome/content/rules/Societyforscience.org.xml
+++ b/src/chrome/content/rules/Societyforscience.org.xml
@@ -1,9 +1,27 @@
-<ruleset name="SocietyForScience.org" platform="mixedcontent">
-  <target host="www.societyforscience.org" />
-  <target host="societyforscience.org" />
 
-  <rule from="^http://(?:www)?\.societyforscience\.org/" 
-      to="https://www.societyforscience.org/" />
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://societyforscience.org/ => https://societyforscience.org/: (28, 'Connection timed out after 20001 milliseconds')
+
+	Other Society for Science rulesets:
+
+		- Science_News.org.xml
+
+-->
+<ruleset name="SocietyForScience.org" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="societyforscience.org" />
+	<target host="member.societyforscience.org" />
+	<target host="student.societyforscience.org" />
+	<target host="www.societyforscience.org" />
+
+
+	<securecookie host="^www\.societyforscience\.org" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
-  <securecookie host="^www\.societyforscience\.org" name=".*" />
 </ruleset>
diff --git a/src/chrome/content/rules/Sociocast-Networks-problematic.xml b/src/chrome/content/rules/Sociocast-Networks-problematic.xml
deleted file mode 100644
index a813350c9164..000000000000
--- a/src/chrome/content/rules/Sociocast-Networks-problematic.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	For rules that are on by default, see Sociocast-Networks.xml.
-
--->
-<ruleset name="Sociocast Networks (self-signed)" default_off="self-signed">
-
-	<target host="sociocast.com" />
-	<target host="*.sociocast.com" />
-
-
-	<securecookie host="^\.scastnet\.com$" name=".*" />
-
-
-	<!--	Cert only matches www.
-					-->
-	<rule from="^https?://(?:taxonomy-editor\.|www\.)?sociocast\.com/"
-		to="https://www.sociocast.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Sociocast-Networks.xml b/src/chrome/content/rules/Sociocast-Networks.xml
deleted file mode 100644
index bb700115cbd6..000000000000
--- a/src/chrome/content/rules/Sociocast-Networks.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	For problematic rules, see Sociocast-Networks-problematic.xml.
-
--->
-<ruleset name="Sociocast Networks (partial)">
-
-	<target host="disc.scastnet.com" />
-
-
-	<securecookie host="^disc\.scastnet\.com$" name=".*" />
-
-
-	<rule from="^http://disc\.scastnet\.com/"
-		to="https://disc.scastnet.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Sociomantic_labs.xml b/src/chrome/content/rules/Sociomantic_labs.xml
index 7fa8846033a0..104d3e500cc3 100644
--- a/src/chrome/content/rules/Sociomantic_labs.xml
+++ b/src/chrome/content/rules/Sociomantic_labs.xml
@@ -17,18 +17,17 @@
 <ruleset name="sociomantic labs">
 
 	<target host="sociomantic.com" />
-	<target host="*.sociomantic.com" />
+	<target host="eu-sonar.sociomantic.com" />
+	<target host="us-sonar.sociomantic.com" />
+	<target host="sonar.sociomantic.com" />
+	<target host="www.sociomantic.com" />
 
 
 	<!--	Tracking cookies set by us-sonar:
 							-->
 	<securecookie host="^\.sociomantic\.com$" name="^sonar(?:-expires)$" />
 
+	<rule from="^http:"
+		to="https:" />
 
-	<rule from="^http://(?:www\.)?sociomantic\.com/"
-		to="https://www.sociomantic.com/" />
-
-	<rule from="^http://(blog|us-sonar)\.sociomantic\.com/"
-		to="https://$1.sociomantic.com/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SockShare.com-problematic.xml b/src/chrome/content/rules/SockShare.com-problematic.xml
new file mode 100644
index 000000000000..5d227973185d
--- /dev/null
+++ b/src/chrome/content/rules/SockShare.com-problematic.xml
@@ -0,0 +1,13 @@
+<!--
+	For rules that are on by default, see SockShare.xml.
+
+-->
+<ruleset name="SockShare (problematic)" default_off="expired, mismatched">
+
+	<target host="*.sockshare.com" />
+
+
+	<rule from="^http://(cdn|media-b\d+)\.sockshare\.com/"
+		to="https://$1.sockshare.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SockShare.xml b/src/chrome/content/rules/SockShare.xml
index 598a6ac3dab2..06e6ab6c6836 100644
--- a/src/chrome/content/rules/SockShare.xml
+++ b/src/chrome/content/rules/SockShare.xml
@@ -1,26 +1,47 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://images.sockshare.com/ => https://images.sockshare.com/: (6, 'Could not resolve host: images.sockshare.com')
+Fetch error: http://static.sockshare.com/ => https://static1.sockshare.com/: (6, 'Could not resolve host: static1.sockshare.com')
+Fetch error: http://static1.sockshare.com/ => https://static1.sockshare.com/: (6, 'Could not resolve host: static1.sockshare.com')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://images.sockshare.com/ => https://images.sockshare.com/: (28, 'Connection timed out after 10000 milliseconds')
+Fetch error: http://static.sockshare.com/ => https://static1.sockshare.com/: (6, 'Could not resolve host: static1.sockshare.com')
+Fetch error: http://static1.sockshare.com/ => https://static1.sockshare.com/: (6, 'Could not resolve host: static1.sockshare.com')
+	For problematic rules, see SockShare.com-problematic.xml.
+
+
 	CDN buckets:
 
 		- cdn.avanti247.com/...
-			- static.sockshare.com		(CN: *.avanti247.com; works)
+
+			- cdn
+			- static
 
 
 	Problematic subdomains:
 
-		- media-b6[567]	(works; mismatched, CN: *.firedrive.com)
+		- cdn ¹
+		- media-b6[567] ²
+		- static ¹
+
+	¹ Works; expired 2013-12-16, mismatched, CN: *.avanti247.com
+	² Works; mismatched, CN: *.firedrive.com
 
 -->
-<ruleset name="SockShare (partial)">
+<ruleset name="SockShare (partial)" default_off="failed ruleset test">
 
 	<target host="sockshare.com" />
-	<target host="*.sockshare.com" />
-
+	<target host="images.sockshare.com" />
+	<target host="static.sockshare.com" />
+	<target host="static1.sockshare.com" />
+	<target host="www.sockshare.com" />
+		<exclusion pattern="^http://(?:www\.)?sockshare\.com/(?!crossdomain\.xml|gopro\.php|include/captcha\.php)" />
 
-	<rule from="^http://(www\.)?sockshare\.com/(crossdomain\.xml|gopro\.php|include/captcha\.php)"
-		to="https://$1sockshare.com/$2" />
 
-	<rule from="^http://(images|static1)\.sockshare\.com/"
-		to="https://$1.sockshare.com/" />
+	<rule from="^http://((?:images|static1|www)\.)?sockshare\.com/"
+		to="https://$1sockshare.com/" />
 
 	<rule from="^http://static\.sockshare\.com/"
 		to="https://static1.sockshare.com/" />
diff --git a/src/chrome/content/rules/Socrata.com.xml b/src/chrome/content/rules/Socrata.com.xml
new file mode 100644
index 000000000000..7b06e3170947
--- /dev/null
+++ b/src/chrome/content/rules/Socrata.com.xml
@@ -0,0 +1,27 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://finance.socrata.com/ => https://finance.socrata.com/: (7, 'Failed to connect to finance.socrata.com port 443: Connection timed out')
+
+	CDN buckets:
+
+		- 1j3rac4ejwve1p3y0x1gprgk-wpengine.netdna-ssl.com
+
+-->
+<ruleset name="Socrata.com" default_off="failed ruleset test">
+
+	<target host="socrata.com" />
+	<target host="dev.socrata.com" />
+	<target host="finance.socrata.com" />
+	<target host="support.socrata.com" />
+	<target host="www.socrata.com" />
+
+
+	<securecookie host="^\." name="^_gat?$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SodaHead.com.xml b/src/chrome/content/rules/SodaHead.com.xml
index 0641897c778c..26726d4dcc57 100644
--- a/src/chrome/content/rules/SodaHead.com.xml
+++ b/src/chrome/content/rules/SodaHead.com.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://sodahead.com/ => https://sodahead.com/: (51, "SSL: no alternative certificate subject name matches target host name 'sodahead.com'")
+
 	CDN buckets:
 
 		- d33lglhhb8q63m.cloudfront.net
@@ -15,25 +19,29 @@
 	* cloudfront.net
 
 -->
-<ruleset name="SodaHead.com" platform="mixedcontent">
+<ruleset name="SodaHead.com" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="sodahead.com" />
-	<target host="*.sodahead.com" />
+	<target host="de.sodahead.com" />
+	<target host="latimes.sodahead.com" />
+	<target host="m.sodahead.com" />
+	<target host="partners.sodahead.com" />
+	<target host="www.sodahead.com" />
+	<target host="images.sodahead.com" />
+	<target host="statics.sodahead.com" />
+	<target host="widgets.sodahead.com" />
 
 
 	<securecookie host=".+\.sodahead\.com$" name=".+" />
 
 
-	<rule from="^http://((?:de|latimes|m|partners|www)\.)?sodahead\.com/"
-		to="https://$1sodahead.com/" />
 
-	<rule from="^https?://images\.sodahead\.com/"
-		to="https://d33lglhhb8q63m.cloudfront.net/" />
 
-	<rule from="^https?://statics\.sodahead\.com/"
+	<rule from="^http://statics\.sodahead\.com/"
 		to="https://d6fekxp9qbg3b.cloudfront.net/" />
 
-	<rule from="^https?://widgets\.sodahead\.com/"
+	<rule from="^http://widgets\.sodahead\.com/"
 		to="https://d3ict7m6m7fhlt.cloudfront.net/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Soekris.com.xml b/src/chrome/content/rules/Soekris.com.xml
new file mode 100644
index 000000000000..146554f9e4e8
--- /dev/null
+++ b/src/chrome/content/rules/Soekris.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="Soekris.com">
+
+	<target host="soekris.com" />
+	<target host="www.soekris.com" />
+
+
+	<securecookie host="^\.soekris\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Soeren-hentzschel.at.xml b/src/chrome/content/rules/Soeren-hentzschel.at.xml
new file mode 100644
index 000000000000..e95f057375ff
--- /dev/null
+++ b/src/chrome/content/rules/Soeren-hentzschel.at.xml
@@ -0,0 +1,18 @@
+<!--
+	Mixed content:
+
+		- Bug from piwik.pixcept.de *
+
+	* Secured by us
+
+-->
+<ruleset name="Soeren-Hentzschel.at">
+
+	<target host="soeren-hentzschel.at"/>
+	<target host="www.soeren-hentzschel.at"/>
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SofN.com.xml b/src/chrome/content/rules/SofN.com.xml
new file mode 100644
index 000000000000..28df15d86588
--- /dev/null
+++ b/src/chrome/content/rules/SofN.com.xml
@@ -0,0 +1,32 @@
+<!--
+	Fully covered hosts in *sofn.com:
+
+		- (www.)?
+		- members
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.sofn.com
+
+-->
+<ruleset name="SofN.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="sofn.com" />
+	<target host="members.sofn.com" />
+	<target host="www.sofn.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.sofn\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^www\.sofn\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Sofawolf.xml b/src/chrome/content/rules/Sofawolf.xml
index d135545422e0..4e526300bb38 100644
--- a/src/chrome/content/rules/Sofawolf.xml
+++ b/src/chrome/content/rules/Sofawolf.xml
@@ -2,7 +2,7 @@
   <target host="sofawolf.com" />
   <target host="www.sofawolf.com" />
 
-  <securecookie host="^(\.www|www|)\.sofawolf\.com$" name=".+" />
+  <securecookie host="^(?:\.www|www|)\.sofawolf\.com$" name=".+" />
 
-  <rule from="^http://(www\.)?sofawolf\.com/" to="https://www.sofawolf.com/" />
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Sofort.com.xml b/src/chrome/content/rules/Sofort.com.xml
new file mode 100644
index 000000000000..422ec1d7195c
--- /dev/null
+++ b/src/chrome/content/rules/Sofort.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="Sofort.com">
+
+	<target host="sofort.com" />
+	<target host="api.sofort.com" />
+	<target host="images.sofort.com" />
+	<target host="www.sofort.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SoftCom.xml b/src/chrome/content/rules/SoftCom.xml
index 9082edc7b303..126456fc4182 100644
--- a/src/chrome/content/rules/SoftCom.xml
+++ b/src/chrome/content/rules/SoftCom.xml
@@ -1,7 +1,13 @@
-<!--	!functional:
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://slhost.com/ => https://slhost.com/: (6, 'Could not resolve host: slhost.com')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://slhost.com/ => https://slhost.com/: (28, 'Resolving timed out after 10518 milliseconds')	!functional:
 		- softcom.com	(timeout)
 -->
-<ruleset name="SoftCom (partial)" platform="mixedcontent">
+<ruleset name="SoftCom (partial)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="daha.net"/>
 	<target host="www.daha.net"/>
@@ -13,7 +19,7 @@
 	<target host="*.slhost.com"/>
 	<target host="helpdesk.softcom.com"/>
 
-	<securecookie host="^(.*\.)?(mail2web|myhosting|slhost|softcom)\.com$" name=".*"/>
+	<securecookie host="^(?:.*\.)?(?:mail2web|myhosting|slhost|softcom)\.com$" name=".+" />
 
 	<rule from="^http://(www\.)?daha\.net/(assets/|fancybox/|\w+\.(css|ico|png)|[\w\-/]*images/)"
 		to="https://$1daha.net/$2"/>
diff --git a/src/chrome/content/rules/SoftCreatR.de.xml b/src/chrome/content/rules/SoftCreatR.de.xml
deleted file mode 100644
index 109dc7abc22f..000000000000
--- a/src/chrome/content/rules/SoftCreatR.de.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="SoftCreatR.de">
-
-	<target host="softcreatr.de" />
-	<target host="*.softcreatr.de" />
-
-
-	<securecookie host="^\.support\.softcreatr\.de$" name=".+" />
-
-
-	<rule from="^http://(www\.)?(support\.)?softcreatr\.de/"
-		to="https://$1softcreatr.de/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/SoftEther_VPN.xml b/src/chrome/content/rules/SoftEther_VPN.xml
index 685eb701a854..daaac629a606 100644
--- a/src/chrome/content/rules/SoftEther_VPN.xml
+++ b/src/chrome/content/rules/SoftEther_VPN.xml
@@ -1,4 +1,10 @@
-<ruleset name="SoftEther VPN">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://softether.org/ => https://softether.org/: (51, "SSL: no alternative certificate subject name matches target host name 'softether.org'")
+
+-->
+<ruleset name="SoftEther VPN" default_off="failed ruleset test">
 
 	<target host="softether.org" />
 	<target host="www.softether.org" />
@@ -7,7 +13,6 @@
 	<securecookie host="^(?:www\.)?softether\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?softether\.org/"
-		to="https://$1softether.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SoftLayer-mismatches.xml b/src/chrome/content/rules/SoftLayer-mismatches.xml
index e5bfa3f3295d..8802998e52d2 100644
--- a/src/chrome/content/rules/SoftLayer-mismatches.xml
+++ b/src/chrome/content/rules/SoftLayer-mismatches.xml
@@ -7,7 +7,6 @@
 	<target host="cdn.softlayer.com" />
 
 
-	<rule from="^http://cdn\.softlayer\.com/"
-		to="https://cdn.softlayer.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SoftLayer.xml b/src/chrome/content/rules/SoftLayer.xml
index 198914c11ae1..7158ac58a8bc 100644
--- a/src/chrome/content/rules/SoftLayer.xml
+++ b/src/chrome/content/rules/SoftLayer.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://softlayer.com/ => https://softlayer.com/: Too many redirects while fetching 'https://softlayer.com/'
+
 	CDN buckets:
 
 		- cs89.wpc.edgecastcdn.net/...
@@ -29,7 +33,7 @@
 		- www
 
 -->
-<ruleset name="SoftLayer">
+<ruleset name="SoftLayer" default_off="failed ruleset test">
 
 	<target host="softlayer.com" />
 	<target host="*.softlayer.com" />
@@ -43,7 +47,7 @@
 	<rule from="^http://((?:forums|manage|outlet|www)\.)?softlayer\.com/"
 		to="https://$1softlayer.com/" />
 
-	<rule from="^https?://(\w+)\.https?\.cdn\.softlayer\.net/"
+	<rule from="^http://(\w+)\.https?\.cdn\.softlayer\.net/"
 		to="https://$1.https.cdn.softlayer.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SoftPerfect.com.xml b/src/chrome/content/rules/SoftPerfect.com.xml
new file mode 100644
index 000000000000..19d8242824bc
--- /dev/null
+++ b/src/chrome/content/rules/SoftPerfect.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="SoftPerfect.com">
+
+	<target host="softperfect.com" />
+	<target host="www.softperfect.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Softaculous.com.xml b/src/chrome/content/rules/Softaculous.com.xml
new file mode 100644
index 000000000000..f8106579d185
--- /dev/null
+++ b/src/chrome/content/rules/Softaculous.com.xml
@@ -0,0 +1,22 @@
+<!--
+	Problematic subdomains:
+
+		- remote *
+
+	* Expired 2014
+
+-->
+<ruleset name="Softaculous.com (partial)">
+
+	<target host="softaculous.com" />
+	<target host="www.softaculous.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.softaculous\.com$" name="^AEFCookies\d+[aefsid]$" /-->
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Software-in-the-Public-Interest.xml b/src/chrome/content/rules/Software-in-the-Public-Interest.xml
deleted file mode 100644
index 2f27adced171..000000000000
--- a/src/chrome/content/rules/Software-in-the-Public-Interest.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)	(shows members, CN: members.spi-inc.org)
-
--->
-<ruleset name="Software in the Public Interest (partial)" default_off="self-signed">
-
-	<target host="*.spi-inc.org" />
-
-
-	<securecookie host="^rt\.spi-inc\.org$" name=".*" />
-
-
-	<rule from="^http://(members|rt)\.spi-inc\.org/"
-		to="https://$1.spi-inc.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/SoftwareFreedom.org.xml b/src/chrome/content/rules/SoftwareFreedom.org.xml
index 7bd0001f5306..df060940a566 100644
--- a/src/chrome/content/rules/SoftwareFreedom.org.xml
+++ b/src/chrome/content/rules/SoftwareFreedom.org.xml
@@ -1,6 +1,11 @@
-<ruleset name="Software Freedom Law Center">
+<!--
+	Software Freedom Law Center
+
+-->
+<ruleset name="Software Freedom.org">
 	<target host="softwarefreedom.org" />
 	<target host="www.softwarefreedom.org" />
 
-	<rule from="^http://(?:www\.)?softwarefreedom\.org/" to="https://www.softwarefreedom.org/" />
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Software_Freedom_Conservancy.xml b/src/chrome/content/rules/Software_Freedom_Conservancy.xml
index 418862d1f26a..3e508b55d81f 100644
--- a/src/chrome/content/rules/Software_Freedom_Conservancy.xml
+++ b/src/chrome/content/rules/Software_Freedom_Conservancy.xml
@@ -1,10 +1,25 @@
-<ruleset name="Software Freedom Conservancy">
+<!--
+	Non-functional hosts
+		Timeout was reached:
+		- basswood.sfconservancy.org
+		- redwood.sfconservancy.org
 
+		SSL peer certificate was not OK:
+		- conference.sfconservancy.org
+-->
+<ruleset name="Software Freedom Conservancy">
 	<target host="sfconservancy.org" />
 	<target host="www.sfconservancy.org" />
+	<target host="aspen.sfconservancy.org" />
+	<target host="docs.sfconservancy.org" />
+	<target host="git.sfconservancy.org" />
+	<target host="k.sfconservancy.org" />
+	<target host="lists.sfconservancy.org" />
+	<target host="npo-acct.sfconservancy.org" />
+	<target host="npoacct.sfconservancy.org" />
+	<target host="pad.sfconservancy.org" />
+	<target host="pine.sfconservancy.org" />
+	<target host="wiki.sfconservancy.org" />
 
-
-	<rule from="^http://(www\.)?sfconservancy\.org/"
-		to="https://$1sfconservancy.org/" />
-
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Software_Heritage.org.xml b/src/chrome/content/rules/Software_Heritage.org.xml
new file mode 100644
index 000000000000..75df1d2e2b05
--- /dev/null
+++ b/src/chrome/content/rules/Software_Heritage.org.xml
@@ -0,0 +1,18 @@
+<!--
+	Unable to Connect:
+		softwareheritage.org
+-->
+<ruleset name="Software Heritage.org">
+	<target host="softwareheritage.org" />
+	<target host="www.softwareheritage.org" />
+	<target host="annex.softwareheritage.org" />
+	<target host="docs.softwareheritage.org" />
+	<target host="forge.softwareheritage.org" />
+	<target host="wiki.softwareheritage.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://softwareheritage\.org/" to="https://www.softwareheritage.org/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Software_and_Information_Industry_Association.xml b/src/chrome/content/rules/Software_and_Information_Industry_Association.xml
index fc8ae1eda58c..e0fbc1d183f5 100644
--- a/src/chrome/content/rules/Software_and_Information_Industry_Association.xml
+++ b/src/chrome/content/rules/Software_and_Information_Industry_Association.xml
@@ -1,17 +1,57 @@
 <!--
-	Cert only matches www.
+	Software & Information Industry Association
+
+
+	Problematic hosts in *siia.net:
+
+		- dnn ᵈ
+
+	ᵈ Dropped, preemptable redirect
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- siia.net
+		- www.siia.net
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Image on www from dnn.siia.net ˢ
+
+	ˢ Secured by us
 
 -->
-<ruleset name="Software &amp; Information Industry Association">
+<ruleset name="SIIA.net">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="siia.net" />
 	<target host="www.siia.net" />
 
+	<!--	Complications:
+				-->
+	<target host="dnn.siia.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^siia\.net$" name="^dnn_IsMobile$" /-->
+	<!--securecookie host="^www\.siia\.net$" name="^(?:\.ASPXANONYMOUS|__RequestVerificationToken|dnn_IsMobile|language)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
 
-	<securecookie host="^www\.siia\.net$" name=".+" />
+	<rule from="^http://dnn\.siia\.net/"
+		to="https://www.siia.net/" />
 
+		<!--	Said mixed image:
+						-->
+		<test url="http://www.siia.net/Portals/0/Images/home/dc2.jpg" />
 
-	<rule from="^https?://(?:www\.)?siaa\.net/"
-		to="https://www.siaa.net/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Sogeti.com.xml b/src/chrome/content/rules/Sogeti.com.xml
new file mode 100644
index 000000000000..3c1b5c118c80
--- /dev/null
+++ b/src/chrome/content/rules/Sogeti.com.xml
@@ -0,0 +1,42 @@
+<!--
+	Nonfunctional hosts in *sogeti.com:
+
+		- esec-lab ʳ
+
+	ʳ Refused
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.fr.sogeti.com
+		- www.uk.sogeti.com
+		- www.us.sogeti.com
+		- www.sogeti.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Sogeti.com (partial)">
+
+	<target host="sogeti.com" />
+	<target host="fr.sogeti.com" />
+	<target host="www.fr.sogeti.com" />
+	<target host="uk.sogeti.com" />
+	<target host="www.uk.sogeti.com" />
+	<target host="us.sogeti.com" />
+	<target host="www.us.sogeti.com" />
+	<target host="www.sogeti.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.(?:fr\.|us\.)?sogeti\.com$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^\." name="^_ga" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Sogou.com.xml b/src/chrome/content/rules/Sogou.com.xml
new file mode 100644
index 000000000000..ab3bfea7eaae
--- /dev/null
+++ b/src/chrome/content/rules/Sogou.com.xml
@@ -0,0 +1,86 @@
+<!--
+	Other Sogou rulesets:
+		- Sogou_CDN.com.xml
+
+	Nonfunctional hosts in *sogou.com:
+		- app ¹
+		- baike		Dropped
+		- corp ¹
+		- cp ¹
+		- go ¹
+		- gouwu ¹
+		- fuwu ¹
+		- haha ¹
+		- help ¹
+		- fankui.help ¹
+		- hr ¹
+		- job ¹
+		- kan ¹
+		- mail ²
+		- mai ¹
+		- map ¹
+		- mp3 ¹
+		- music ¹
+		- news ¹
+		- pinyin ¹
+		- v ¹
+		- wan ¹
+		- weixin ¹
+		- wenwen ¹
+		- open.wenwen
+		- xiaoshuo ¹
+		- zhishi ¹
+	¹ Shows default page
+	² Shows mail.sohu.com
+
+	Problematic hosts in *sogou.com:
+		- download.ie ³
+		- ping.ie ³
+		- passport ¹ ²
+		- img.store ³
+		- logo.www ³
+	¹ Expired
+	² Missing certificate chain
+	³ Mismatched
+
+	Insecure cookies are set for these domains and hosts:
+		- .sogou.com
+		- www.sogou.com
+-->
+
+<ruleset name="Sogou.com (partial)">
+	<!--	Direct rewrites:	-->
+	<target host="sogou.com"/>
+	<target host="www.sogou.com"/>
+	<target host="123.sogou.com"/>
+	<target host="account.sogou.com" />
+	<target host="english.sogou.com"/>
+	<target host="ie.sogou.com" />
+	<target host="m.sogou.com"/>
+	<target host="mingyi.sogou.com"/>
+	<target host="pb.sogou.com"/>
+	<target host="pic.sogou.com"/>
+	<target host="scholar.sogou.com"/>
+	<target host="top.sogou.com"/>
+	<target host="wap.sogou.com"/>
+	<target host="zhihu.sogou.com"/>
+
+	<!--	Complications:	-->
+	<target host="imgstore.cdn.sogou.com" />
+	<target host="img.store.sogou.com" />
+	<rule from="^http://(imgstore\.cdn|img\.store)\.sogou\.com/"
+		to="https://img.sogoucdn.com/" />
+		<!--	Get tests from webcache by sogou.com.
+			Example:https://m.sogou.com/transcoding/sweb/detail.jsp?g_ut=3&url=http://www.du00.cc/read/35/35301/24600914.html
+				-->
+		<test url="http://imgstore.cdn.sogou.com/net/a/link?appid=100520102&amp;url=http://img.mp.itc.cn/upload/20170518/dd088f07c691400f97de0ec4539281d8_th.jpg" />
+		<test url="http://img.store.sogou.com/net/a/link?appid=100520102&amp;url=http://img.mp.itc.cn/upload/20170518/dd088f07c691400f97de0ec4539281d8_th.jpg" />
+
+	<target host="logo.www.sogou.com" />
+	<rule from="^http://logo\.www\.sogou\.com/"
+		to="https://www.sogou.com/" />
+
+	<securecookie host="^\w" name=".+" />
+
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/Sogou_CDN.com.xml b/src/chrome/content/rules/Sogou_CDN.com.xml
new file mode 100644
index 000000000000..159ae616dc95
--- /dev/null
+++ b/src/chrome/content/rules/Sogou_CDN.com.xml
@@ -0,0 +1,33 @@
+<!--
+	For other Sogou coverage, see Sogou.com.xml.
+
+	Mismatch:
+		- snapshot
+		- p[0-9].123
+		- s[0-7].tm
+		- p[0-7].wan
+
+	Get Nothing:
+		^(www.)?
+-->
+
+<ruleset name="Sogou_CDN.com">
+	<target host="123p0.sogoucdn.com" />
+	<target host="123p1.sogoucdn.com" />
+	<target host="123p2.sogoucdn.com" />
+	<target host="123p3.sogoucdn.com" />
+	<target host="123p4.sogoucdn.com" />
+
+	<target host="img.sogoucdn.com" />
+	<target host="img01.sogoucdn.com" />
+	<target host="img02.sogoucdn.com" />
+	<target host="img03.sogoucdn.com" />
+	<target host="img04.sogoucdn.com" />
+
+	<target host="dlweb.sogoucdn.com" />
+	<target host="dl.web.sogoucdn.com" />
+
+	<securecookie host="^\w" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Sohu.com-mixedcontent.xml b/src/chrome/content/rules/Sohu.com-mixedcontent.xml
new file mode 100644
index 000000000000..d46cd4760f77
--- /dev/null
+++ b/src/chrome/content/rules/Sohu.com-mixedcontent.xml
@@ -0,0 +1,23 @@
+<!--
+	For other Sohu coverage, see Sohu.com.xml
+-->
+<ruleset name="Sohu.com-mixedcontent" platform="mixedcontent">
+	<target host="ad.sohu.com" />
+		<test url="http://ad.sohu.com/case1/index.shtml" />
+		<test url="http://ad.sohu.com/point/" />
+		<test url="http://ad.sohu.com/tuijiehui/index.shtml" />
+
+	<target host="business.sohu.com" />
+		<test url="http://business.sohu.com/20100822/n274383929.shtml" />
+
+	<target host="k.sohu.com" />
+		<test url="http://k.sohu.com/public.html" />
+
+	<target host="money.sohu.com" />
+		<test url="http://money.sohu.com/yinhang/" />
+
+	<target host="mt.sohu.com" />
+		<test url="http://mt.sohu.com/20161229/n477289399.shtml" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Sohu.com.cn.xml b/src/chrome/content/rules/Sohu.com.cn.xml
new file mode 100644
index 000000000000..e267f401c13c
--- /dev/null
+++ b/src/chrome/content/rules/Sohu.com.cn.xml
@@ -0,0 +1,38 @@
+<!--
+	For other Sohu coverage, see Sohu.com.xml
+
+	Mismatch：
+		^sohu.com.cn
+		www.sohu.com.cn
+-->
+
+<ruleset name="Sohu.com.cn">
+	<target host="001.img.pu.sohu.com.cn" />
+	<target host="002.img.pu.sohu.com.cn" />
+	<target host="003.img.pu.sohu.com.cn" />
+	<target host="004.img.pu.sohu.com.cn" />
+	<target host="005.img.pu.sohu.com.cn" />
+		<test url="http://005.img.pu.sohu.com.cn/images/default.jpg" />
+
+	<target host="220.img.pp.sohu.com.cn" />
+	<target host="221.img.pp.sohu.com.cn" />
+		<test url="http://221.img.pp.sohu.com.cn/images/video/default.jpg" />
+	<target host="223.img.pp.sohu.com.cn" />
+	<target host="224.img.pp.sohu.com.cn" />
+	<target host="225.img.pp.sohu.com.cn" />
+		<test url="http://223.img.pp.sohu.com.cn/p223/2016/7/5/20/22/202088812_1569b426fa3g201b1377869_0.jpg" />
+		<test url="http://224.img.pp.sohu.com.cn/p224/2015/5/21/8/5/230619470_14e4b9c3660g201b6731701_2.jpg" />
+		<test url="http://225.img.pp.sohu.com.cn/p225/2016/6/29/14/0/296982548_1567a5bf78bg201b1816304_2.jpg" />
+
+	<target host="js1.pp.sohu.com.cn" />
+	<target host="js2.pp.sohu.com.cn" />
+	<target host="js3.pp.sohu.com.cn" />
+	<target host="js4.pp.sohu.com.cn" />
+	<target host="js5.pp.sohu.com.cn" />
+		<test url="http://js5.pp.sohu.com.cn/cn2012/blog/images/img_focus_bg.gif" />
+
+	<target host="img.my.tv.sohu.com.cn" />
+		<test url="http://img.my.tv.sohu.com.cn/o_zoom,w_170,h_110/p223/2016/12/27/21/7/6_15a21b33b41g102SysCutcloud_86748309_7_3b.jpg" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Sohu.com.xml b/src/chrome/content/rules/Sohu.com.xml
new file mode 100644
index 000000000000..a20409b71f84
--- /dev/null
+++ b/src/chrome/content/rules/Sohu.com.xml
@@ -0,0 +1,126 @@
+
+<!--
+The following targets have been disabled at 2020-04-17 18:38:06:
+
+Fetch error: http://db.money.sohu.com/card/js/jquery-1.4.2.min.js => https://db.money.sohu.com/card/js/jquery-1.4.2.min.js: (6, 'Could not resolve host: db.money.sohu.com')
+Fetch error: http://english.sohu.com/ => https://english.sohu.com/: (6, 'Could not resolve host: english.sohu.com')
+Fetch error: http://db.money.sohu.com/ => https://db.money.sohu.com/: (6, 'Could not resolve host: db.money.sohu.com')
+
+	Other Sohu rulesets:
+		- Sohu.com-mixedcontent.xml
+		- Sohu.com.cn.xml
+		- SohuCS.com.xml
+
+	Different http/https content:
+		- add.sohu.com	(http redirect to fuwu.sohu.com ; https redirect to pay.sohu.com )
+		- app.auto.sohu.com
+		- dir.sohu.com	(http redirect to 123.sogou.com ; https redirect to pay.sohu.com )
+		- fuwu.sohu.com
+		- txt.go.sohu.com	( https://txt.go.sohu.com/ip/soip )
+		- mp.sohu.com	(https redirect to pay.sohu.com )
+		- quan.sohu.com	(https redirect to pay.sohu.com )
+
+	MCB:
+		- 0502.sohu.com
+		- 2008.sohu.com
+		- ad.sohu.com
+		- auto.sohu.com
+		- db.auto.sohu.com
+		- book.sohu.com
+		- business.sohu.com
+		- changyan.sohu.com
+		- corp.sohu.com
+		- cul.sohu.com
+		- fashion.sohu.com
+		- help.sohu.com
+		- history.sohu.com
+		- k.sohu.com	https://k.sohu.com/public.html
+		- mail.sohu.com
+		- mgame.sohu.com
+		- money.sohu.com
+		- s.sohu.com
+		- sports.sohu.com
+		- stock.sohu.com
+		- q.stock.sohu.com
+		- travel.sohu.com
+		- tv.sohu.com	( break the information below videos )
+		- my.tv.sohu.com	https://my.tv.sohu.com/us/274383673/86733219.shtml
+		- push.my.tv.sohu.com
+		- www.sohu.com
+
+	Mismatched:
+		- data.2018.sohu.com	get from sports.sohu.com
+		- 2se.sohu.com
+		- mobile.auto.sohu.com
+		- club.sohu.com
+		- login.mail.sohu.com
+		- comment.news.sohu.com
+
+	Refused:
+		scp.sohu.com
+		ldd.sohu.com
+
+	Non-2xx HTTP code:
+		txt.go.sohu.com
+
+	Strange:
+		photocdn.sohu.com
+		OK: https://photocdn.sohu.com/20161111/Img472968305.jpeg
+		Broken(test in Tor): https://photocdn.sohu.com/20060930/Img227840979.swf
+
+	Insecure cookies are set for these domains and hosts:
+		- .sohu.com
+		- mail.sohu.com
+		- passport.sohu.com
+		- pay.sohu.com
+		- sendcloud.sohu.com
+-->
+<ruleset name="Sohu.com (partial)">
+	<target host="sohu.com" />
+	<target host="www.sohu.com" />
+	<target host="v.aty.sohu.com" />
+	<target host="vstat.v.blog.sohu.com" />
+	<target host="assets.changyan.sohu.com" />
+		<test url="http://assets.changyan.sohu.com/upload/changyan.js" />
+	<target host="changyan.sohu.com" />
+		<test url="http://changyan.sohu.com/mdevp/extensions/cmt-notice/021/images/notice-close.png" />
+	<target host="css.sohu.com" />
+		<test url="http://css.sohu.com/upload/global1.4.1.css" />
+	<!-- target host="english.sohu.com" /-->
+	<target host="film.sohu.com" />
+	<target host="game.sohu.com" />
+	<target host="pl.hd.sohu.com" />
+		<test url="http://pl.hd.sohu.com/videolist?playlistid=9174927" />
+	<target host="images.sohu.com" />
+		<test url="http://images.sohu.com/bill/s2015/yanchunzhang/richan/logo.png" />
+	<target host="js.sohu.com" />
+	<target host="api.k.sohu.com" />
+	<target host="cache.k.sohu.com" />
+	<target host="pic.k.sohu.com" />
+	<target host="m.sohu.com" />
+	<target host="s.m.sohu.com" />
+	<target host="mail.sohu.com" />
+	<target host="news.sohu.com" />
+		<test url="http://news.sohu.com/20161228/n477189660.shtml" />
+	<target host="passport.sohu.com" />
+	<target host="pay.sohu.com" />
+	<target host="photo.pic.sohu.com" />
+		<test url="http://photo.pic.sohu.com/images/chinaren/2005-08-02/10679ab6619.jpg" />
+		<test url="http://photo.pic.sohu.com/images/oldblog/person/11111.gif" />
+	<target host="pv.sohu.com" />
+	<target host="sendcloud.sohu.com" />
+	<target host="stock.sohu.com" />
+		<test url="http://stock.sohu.com/20161229/n477238585.shtml" />
+	<target host="t.sohu.com" />
+	<target host="tv.sohu.com" />
+		<test url="http://tv.sohu.com/20161229/n477242249.shtml" />
+	<target host="m.tv.sohu.com" />
+	<target host="ushq.stock.sohu.com" />
+	<target host="vip.sohu.com" />
+	<target host="count.vrs.sohu.com" />
+		<test url="http://count.vrs.sohu.com/count/query.action" />
+
+	<securecookie host="^\w" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SohuCS.com.xml b/src/chrome/content/rules/SohuCS.com.xml
new file mode 100644
index 000000000000..f4283cc91255
--- /dev/null
+++ b/src/chrome/content/rules/SohuCS.com.xml
@@ -0,0 +1,35 @@
+<!--
+	For other Sohu coverage, see Sohu.com.xml
+-->
+
+<ruleset name="SohuCS.com">
+	<target host="1234512345123451234512345123451234567.bjcnc.scs.sohucs.com" />
+	<target host="333333333.bjcnc.scs.sohucs.com" />
+	<target host="aaa.bjcnc.scs.sohucs.com" />
+	<target host="app.bjcnc.scs.sohucs.com" />
+	<target host="appimg.bjcnc.scs.sohucs.com" />
+	<target host="chesb.bjcnc.scs.sohucs.com" />
+	<target host="deploy-domeos.bjcnc.scs.sohucs.com" />
+	<target host="ganjimobile.bjcnc.scs.sohucs.com" />
+	<target host="imagenet2012.bjcnc.scs.sohucs.com" />
+	<target host="imdali.bjcnc.scs.sohucs.com" />
+	<target host="peiwo-download.bjcnc.scs.sohucs.com" />
+	<target host="peiwo-game.bjcnc.scs.sohucs.com" />
+	<target host="pewio-www.bjcnc.scs.sohucs.com" />
+	<target host="readindex.bjcnc.scs.sohucs.com" />
+		<test url="http://readindex.bjcnc.scs.sohucs.com/banner/20160618/youshijie_250x250.jpg" />
+	<target host="sales-leads.bjcnc.scs.sohucs.com" />
+	<target host="test201503csf.bjcnc.scs.sohucs.com" />
+	<target host="union.bjcnc.scs.sohucs.com" />
+	<target host="zhan.bjcnc.scs.sohucs.com" />
+
+	<target host="123444.bjctc.scs.sohucs.com" />
+	<target host="domeos-script.bjctc.scs.sohucs.com" />
+		<test url="http://domeos-script.bjctc.scs.sohucs.com/dns.yaml" />
+	<target host="mailcloud-web.bjctc.scs.sohucs.com" />
+	<target host="sohuweibopic.bjctc.scs.sohucs.com" />
+		<test url="http://sohuweibopic.bjctc.scs.sohucs.com/c6d462519695498f9a2d002304f478c5" />
+	<target host="test-haonan2.bjctc.scs.sohucs.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Sol.io.xml b/src/chrome/content/rules/Sol.io.xml
deleted file mode 100644
index b45a44a839b3..000000000000
--- a/src/chrome/content/rules/Sol.io.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!-- This rule was automatically generated based on an HSTS
-     preload rule in the Chromium browser.  See
-     https://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.h
-     for the list of preloads.  Sites are added to the Chromium HSTS
-     preload list on request from their administrators, so HTTPS should
-     work properly everywhere on this site.
-
-     Because Chromium and derived browsers automatically force HTTPS for
-     every access to this site, this rule applies only to Firefox. -->
-<ruleset name="Sol.io" platform="firefox">
-<target host="sol.io" />
-
-<securecookie host="^sol\.io$" name=".+" />
-
-<rule from="^http://sol\.io/" to="https://sol.io/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Sol_Musica.xml b/src/chrome/content/rules/Sol_Musica.xml
index 6d3510debb06..c7be0a930b4e 100644
--- a/src/chrome/content/rules/Sol_Musica.xml
+++ b/src/chrome/content/rules/Sol_Musica.xml
@@ -1,13 +1,15 @@
-<ruleset name="Sol Musica">
+<ruleset name="Sol Musica.com">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="solmusica.com" />
-	<target host="*.solmusica.com" />
+	<target host="www.solmusica.com" />
 
 
 	<securecookie host="^\.?solmusica\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?solmusica\.com/"
-		to="https://$1solmusica.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Solar-Energy-Installers.xml b/src/chrome/content/rules/Solar-Energy-Installers.xml
index fdd0c5f3df41..e2fe69f4c8ce 100644
--- a/src/chrome/content/rules/Solar-Energy-Installers.xml
+++ b/src/chrome/content/rules/Solar-Energy-Installers.xml
@@ -1,16 +1,16 @@
-<ruleset name="Solar Energy Installers" default_off="mismatch">
+<ruleset name="Solar Energy Installers" default_off="mismatched">
 
 	<!--	Cert: www.cleanenergyexperts.com	-->
 	<target host="solar-energy-installers.com" />
 	<target host="www.solar-energy-installers.com" />
 
 
-	<securecookie host="^www\.solar-energy-installers\.com$" name=".*" />
+	<securecookie host="^www\.solar-energy-installers\.com$" name=".+" />
 
 
 	<!--	!www 301s to www.
 					-->
-	<rule from="^https?://(?:www\.)?solar-energy-installers\.com/"
+	<rule from="^http://(?:www\.)?solar-energy-installers\.com/"
 		to="https://www.solar-energy-installers.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Solar-Power-Rocks.xml b/src/chrome/content/rules/Solar-Power-Rocks.xml
index 02cda39cd996..0d01f4d3e904 100644
--- a/src/chrome/content/rules/Solar-Power-Rocks.xml
+++ b/src/chrome/content/rules/Solar-Power-Rocks.xml
@@ -1,10 +1,11 @@
-<ruleset name="Solar Power Rocks" default_off="expired, self-signed">
-
+<!--
+	Mismatch:
+		- ftp.solarpowerrocks.com
+-->
+<ruleset name="Solar Power Rocks">
 	<target host="solarpowerrocks.com" />
 	<target host="www.solarpowerrocks.com" />
 
-
-	<rule from="^https?://(?:www\.)?solarpowerrocks\.com/"
-		to="https://solarpowerrocks.com/" />
-
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Solar1.net.xml b/src/chrome/content/rules/Solar1.net.xml
index ab081032c3d1..c671d351a14e 100644
--- a/src/chrome/content/rules/Solar1.net.xml
+++ b/src/chrome/content/rules/Solar1.net.xml
@@ -9,7 +9,6 @@
 
 	<!--	Cert only matches ^solar1.net.
 						-->
-	<rule from="^http://(?:www\.)?solar1\.net/"
-		to="https://solar1.net/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SolarCity.xml b/src/chrome/content/rules/SolarCity.xml
index bb3606a62f24..fead9dba490e 100644
--- a/src/chrome/content/rules/SolarCity.xml
+++ b/src/chrome/content/rules/SolarCity.xml
@@ -1,20 +1,24 @@
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://solarcity.com/ => https://www.solarcity.com/: (60, 'SSL certificate problem: certificate has expired')
+-->
 <ruleset name="SolarCity" platform="mixedcontent">
 
 	<target host="mysolarcity.com" />
 	<target host="www.mysolarcity.com" />
 	<target host="solarcity.com" />
-	<target host="*.solarcity.com" />
+	<target host="www.solarcity.com" />
+	<target host="solarguard.solarcity.com" />
 
 
 	<!--	Cert doesn't match, redirects like so.	-->
-	<rule from="^https?://(?:www\.)?mysolarcity\.com/"
+	<rule from="^http://(?:www\.)?mysolarcity\.com/"
 		to="https://solarguard.solarcity.com/kiosk/login/default.aspx" />
 
 	<!--	Cert only matches www.	-->
-	<rule from="^https?://(?:www\.)?solarcity\.com/"
+	<rule from="^http://(?:www\.)?solarcity\.com/"
 		to="https://www.solarcity.com/" />
 
-	<rule from="^http://solarguard\.solarcity\.com/"
-		to="https://solarguard.solarcity.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Solarbotics.com.xml b/src/chrome/content/rules/Solarbotics.com.xml
index b3627d4120ec..353a17e8fd94 100644
--- a/src/chrome/content/rules/Solarbotics.com.xml
+++ b/src/chrome/content/rules/Solarbotics.com.xml
@@ -1,30 +1,17 @@
-<!--
-	Fully covered subdomains:
-
-		- (www.)
-		- atlas
-		- content
-		- eos
-		- helios
-
-
-	Observed cookie domains:
-
-		- ^
-		- atlas
-		- eos
-
--->
 <ruleset name="Solarbotics.com">
 
 	<target host="solarbotics.com" />
-	<target host="*.solarbotics.com" />
-
-
-	<securecookie host="^(?:.+\.)?solarbotics\.com$" name=".+" />
-
-
-	<rule from="^http://((?:atlas|content|eos|helios|www)\.)?solarbotics\.com/"
-		to="https://$1solarbotics.com/" />
+	<target host="www.solarbotics.com" />
+	<target host="blog.solarbotics.com" />
+	<target host="cdn.solarbotics.com" />
+	<target host="content.solarbotics.com" />
+	<target host="distributors.solarbotics.com" />
+	<target host="helios.solarbotics.com" />
+	<target host="static.solarbotics.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Solarflare.com.xml b/src/chrome/content/rules/Solarflare.com.xml
index 6b70fdb67cd2..20f1e746ee77 100644
--- a/src/chrome/content/rules/Solarflare.com.xml
+++ b/src/chrome/content/rules/Solarflare.com.xml
@@ -1,27 +1,20 @@
 <!--
 	Solarflare Communications
 
-
-	Nonfunctional subdomains:
-
-		- (www.)	(refused)
-
-
-	Fully covered subdomains:
-
-		- partner
-		- support
-
 -->
-<ruleset name="Solarflare.com (partial)">
+<ruleset name="Solarflare.com">
 
-	<target host="*.solarflare.com" />
+	<target host="solarflare.com" />
+	<target host="partner.solarflare.com" />
+	<target host="support.solarflare.com" />
+	<target host="www.solarflare.com" />
 
 
-	<securecookie host="^support\.solarflare\.com$" name=".+" />
+	<securecookie host="^\w" name=".+" />
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
 
 
-	<rule from="^http://(partner|support)\.solarflare\.com/"
-		to="https://$1.solarflare.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Soldierx.com.xml b/src/chrome/content/rules/Soldierx.com.xml
new file mode 100644
index 000000000000..212175650708
--- /dev/null
+++ b/src/chrome/content/rules/Soldierx.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="Soldierx.com">
+
+	<target host="soldierx.com" />
+	<target host="www.soldierx.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Sole.dk.xml b/src/chrome/content/rules/Sole.dk.xml
new file mode 100644
index 000000000000..b6064e4b1ddb
--- /dev/null
+++ b/src/chrome/content/rules/Sole.dk.xml
@@ -0,0 +1,40 @@
+<!--
+	NB: Tor users cannot view* this website due to CloudFlare settings.
+
+	See:
+
+		- https://blog.torproject.org/blog/call-arms-helping-internet-services-accept-anonymous-users
+		- https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block-Tor-
+		- https://support.cloudflare.com/hc/en-us/articles/200170206-How-do-I-turn-I-m-Under-Attack-mode-on-
+
+	* without enabling javascript, for security and privacy implications see e.g.:
+
+		- https://www.mozilla.org/security/known-vulnerabilities/firefox.html
+		- https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-fingerprinting
+		- https://panopticlick.eff.org
+
+
+	Insecure cookies are set for these domains:
+
+		- .sole.dk
+
+-->
+<ruleset name="Sole.dk">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="sole.dk" />
+	<target host="www.sole.dk" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.sole\.dk$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Solicitor-Concierge.com.xml b/src/chrome/content/rules/Solicitor-Concierge.com.xml
new file mode 100644
index 000000000000..65b38d79d242
--- /dev/null
+++ b/src/chrome/content/rules/Solicitor-Concierge.com.xml
@@ -0,0 +1,23 @@
+<!--
+	Fully covered subdomains:
+
+		- (www.)
+		- admin
+
+
+	These altnames don't exist:
+
+		- account.solicitor-concierge.com
+		- www.admin.solicitor-concierge.com
+
+-->
+<ruleset name="Solicitor-Concierge.com">
+
+	<target host="solicitor-concierge.com" />
+	<target host="admin.solicitor-concierge.com" />
+	<target host="www.solicitor-concierge.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Solid-Run.com-problematic.xml b/src/chrome/content/rules/Solid-Run.com-problematic.xml
deleted file mode 100644
index a89c9576c166..000000000000
--- a/src/chrome/content/rules/Solid-Run.com-problematic.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	For rules that are on by default, see Solid-Run.com.xml.
-
--->
-<ruleset name="Solid-Run.com" default_off="self-signed">
-
-	<target host="solid-run.com" />
-	<target host="www.solid-run.com" />
-
-
-	<securecookie host="^solid-run\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?solid-run\.com/"
-		to="https://solid-run.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Solid-Run.com.xml b/src/chrome/content/rules/Solid-Run.com.xml
index 3f879142dfe4..b6eb29baa922 100644
--- a/src/chrome/content/rules/Solid-Run.com.xml
+++ b/src/chrome/content/rules/Solid-Run.com.xml
@@ -2,27 +2,29 @@
 	For problematic rules, see Solid-Run.com-problematic.xml.
 
 
-	Problematic subdomains:
-
-		- (www.)	(works, CN: Parallels Panel)
-
-
 	Mixed content:
 
-		- Video on www from www.youtube.com *
+		- css on www from fonts.googleapis.com *
+
+		- Image on www from $self *
 
 	* Secured by us
 
 -->
-<ruleset name="Solid-Run.com (partial)">
+<ruleset name="Solid-Run.com">
 
+	<target host="solid-run.com" />
 	<target host="imx.solid-run.com" />
+	<target host="www.solid-run.com" />
+
 
+	<!--	Secured by server:
+					-->
+	<!--securecookie host="^www\.solid-run\.com$" name="^admin_mediawiki_1_session$" /-->
 
 	<securecookie host="^imx\.solid-run\.com$" name=".+" />
 
 
-	<rule from="^http://imx\.solid-run\.com/"
-		to="https://imx.solid-run.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SolidAlert.com.xml b/src/chrome/content/rules/SolidAlert.com.xml
new file mode 100644
index 000000000000..8e142914a74c
--- /dev/null
+++ b/src/chrome/content/rules/SolidAlert.com.xml
@@ -0,0 +1,21 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://solidalert.com/ => https://solidalert.com/: (7, 'Failed to connect to solidalert.com port 443: Connection refused')
+Fetch error: http://www.solidalert.com/ => https://www.solidalert.com/: (7, 'Failed to connect to www.solidalert.com port 443: Connection refused')
+
+	For other Rose Web Services coverage, see RoseHosting.com.xml.
+
+-->
+<ruleset name="SolidAlert.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="solidalert.com" />
+	<target host="www.solidalert.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Solid_Cactus.xml b/src/chrome/content/rules/Solid_Cactus.xml
index 8d2322f8e30c..d3ef7c6b7ad2 100644
--- a/src/chrome/content/rules/Solid_Cactus.xml
+++ b/src/chrome/content/rules/Solid_Cactus.xml
@@ -27,4 +27,4 @@
 	<rule from="^http://([\w-]+)\.solidcactushosting\.com/"
 		to="https://$1.solidcactushosting.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Solid_Logic_Technology.xml b/src/chrome/content/rules/Solid_Logic_Technology.xml
index 9053c8b8d0ec..f913087e3670 100644
--- a/src/chrome/content/rules/Solid_Logic_Technology.xml
+++ b/src/chrome/content/rules/Solid_Logic_Technology.xml
@@ -1,19 +1,23 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://solidlogic.com/ => https://solidlogic.com/: (7, 'Failed to connect to solidlogic.com port 443: Connection refused')
+Fetch error: http://www.solidlogic.com/ => https://www.solidlogic.com/: (7, 'Failed to connect to www.solidlogic.com port 443: Connection refused')
+
 	CDN buckets:
 
 		- dvharv77wz0dp.cloudfront.net
 
 -->
-<ruleset name="Solid Logic Technology">
+<ruleset name="Solid Logic Technology" default_off="failed ruleset test">
 
 	<target host="solidlogic.com" />
-	<target host="*.solidlogic.com" />
+	<target host="www.solidlogic.com" />
 
 
 	<securecookie host="^\.solidlogic.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?solidlogic\.com/"
-		to="https://$1solidlogic.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Solidarity-US.org.xml b/src/chrome/content/rules/Solidarity-US.org.xml
new file mode 100644
index 000000000000..ecbc03a1daa3
--- /dev/null
+++ b/src/chrome/content/rules/Solidarity-US.org.xml
@@ -0,0 +1,12 @@
+<ruleset name="Solidarity-US.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="solidarity-us.org" />
+	<target host="www.solidarity-us.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Solihull.gov.uk.xml b/src/chrome/content/rules/Solihull.gov.uk.xml
new file mode 100644
index 000000000000..0a803097381b
--- /dev/null
+++ b/src/chrome/content/rules/Solihull.gov.uk.xml
@@ -0,0 +1,65 @@
+<!--
+	Solihull Metropolitan Borough Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *solihull.gov.uk:
+
+		- publicaccess ᵈ
+		- webtest ᵈ
+
+	ᵈ Dropped
+
+
+	These altnames don't exist:
+
+		- solihull.gov.uk
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .solihull.gov.uk
+		- www.solihull.gov.uk
+
+-->
+<ruleset name="Solihull.gov.uk (partial)">
+
+	<target host="eservices.solihull.gov.uk" />
+	<target host="www.solihull.gov.uk" />
+
+		<!--	200 redirect to http:
+						-->
+		<!--exclusion pattern="^http://www\.solihull\.gov\.uk/(?:$|About/contact-us$|AtoZ\.aspx|Business$|epay$|epay$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.solihull\.gov\.uk/+(?![Dd]esktop[Mm]odules/|[Pp]ortals/|favicon\.ico)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.solihull.gov.uk/About/contact-us" />
+			<test url="http://www.solihull.gov.uk/AtoZ.aspx" />
+			<test url="http://www.solihull.gov.uk/Business" />
+			<test url="http://www.solihull.gov.uk/epay" />
+			<test url="http://www.solihull.gov.uk/help" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.solihull.gov.uk/DesktopModules/CISS.SideMenu/img/spacer.gif" />
+			<test url="http://www.solihull.gov.uk/Portals/_default/Skins/AdaptOrangeSkins/TWMenuMobi/TWMenuMobi.css" />
+			<test url="http://www.solihull.gov.uk/favicon.ico" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.solihull\.gov\.uk$" name="^TS[\da-f]+$" /-->
+	<!--securecookie host="^www\.solihull\.gov\.uk$" name="^(?:dnn_IsMobile|solihull_gov_uk_https)$" /-->
+
+	<securecookie host="^(?!www\.)\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Solutions_Healthcare_Management.xml b/src/chrome/content/rules/Solutions_Healthcare_Management.xml
index 976f3d6c064c..9f096bba50c0 100644
--- a/src/chrome/content/rules/Solutions_Healthcare_Management.xml
+++ b/src/chrome/content/rules/Solutions_Healthcare_Management.xml
@@ -1,13 +1,18 @@
-<ruleset name="Solutions Healthcare Management">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.solutionshealthcare.com/ => https://www.solutionshealthcare.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+-->
+<ruleset name="Solutions Healthcare Management" default_off="failed ruleset test">
 
 	<target host="solutionshealthcare.com" />
-	<target host="*.solutionshealthcare.com" />
+	<target host="www.solutionshealthcare.com" />
 
 
 	<securecookie host="^\.solutionshealthcare\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?solutionshealthcare\.com/"
-		to="https://$1solutionshealthcare.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Solvemedia.com.xml b/src/chrome/content/rules/Solvemedia.com.xml
new file mode 100644
index 000000000000..82b25cb2b82b
--- /dev/null
+++ b/src/chrome/content/rules/Solvemedia.com.xml
@@ -0,0 +1,44 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://data-secure.solvemedia.com/ => https://data-secure.solvemedia.com/: (51, "SSL: no alternative certificate subject name matches target host name 'data-secure.solvemedia.com'")
+
+	Problematic hosts in *solvemedia.com:
+
+		- portal *
+
+	* Server sends no certificate chain, see https://whatsmychaincert.com
+
+
+	These altnames don't exist:
+
+		- www.api-secure.solvemedia.com
+		- www.pixel-secure.solvemedia.com
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- .solvemedia.com
+		- portal.solvemedia.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Solve Media.com (partial)" default_off="failed ruleset test">
+
+	<target host="api-secure.solvemedia.com" />
+	<target host="data-secure.solvemedia.com" />
+	<target host="pixel-secure.solvemedia.com" />
+	<!--target host="portal.solvemedia.com" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.solvemedia\.com$" name="^(_sscn_a|_sscn_t)$" /-->
+	<!--securecookie host="^portal\.solvemedia\.com$" name="^acplogin$" /-->
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Somerset.gov.uk.xml b/src/chrome/content/rules/Somerset.gov.uk.xml
new file mode 100644
index 000000000000..cd7442734d42
--- /dev/null
+++ b/src/chrome/content/rules/Somerset.gov.uk.xml
@@ -0,0 +1,100 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://slp.somerset.gov.uk/ => https://slp.somerset.gov.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'slp.somerset.gov.uk'")
+Fetch error: http://slp1.somerset.gov.uk/ => https://slp1.somerset.gov.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'slp1.somerset.gov.uk'")
+Fetch error: http://slp2.somerset.gov.uk/ => https://slp2.somerset.gov.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'slp2.somerset.gov.uk'")
+Fetch error: http://slp3.somerset.gov.uk/ => https://slp3.somerset.gov.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'slp3.somerset.gov.uk'")
+Fetch error: http://slp4.somerset.gov.uk/ => https://slp4.somerset.gov.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'slp4.somerset.gov.uk'")
+Fetch error: http://secure.somerset.gov.uk/ => https://secure.somerset.gov.uk/: (6, 'Could not resolve host: secure.somerset.gov.uk')
+
+	Somerset County Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *somerset.gov.uk:
+
+		- amv ⁴
+		- carewithus ⁴
+		- www.governorservices ʳ
+		- lea-owa ᵈ
+		- r4l ⁴
+		- swineflu ⁴
+		- webapp1 ⁴
+		- www1 ʳ
+
+	⁴ 404
+	ᵈ Dropped
+	ʳ Refused
+
+
+	^somerset.gov.uk: 404
+	www.somerset.gov.uk: Server sends no certificate chain, see https://whatsmychaincert.com
+
+
+	These altnames don't exist:
+
+		- autodiscover.educ.somerset.gov.uk
+		- lea-eas.somerset.gov.uk
+
+
+	Insecure cookies are set for these hosts:
+
+		- secure.somerset.gov.uk
+
+-->
+<ruleset name="Somerset.gov.uk (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="autodiscover.somerset.gov.uk" />
+	<target host="emsonline.somerset.gov.uk" />
+	<target host="mysite.somerset.gov.uk" />
+	<target host="slp.somerset.gov.uk" />
+	<target host="slp1.somerset.gov.uk" />
+	<target host="slp2.somerset.gov.uk" />
+	<target host="slp3.somerset.gov.uk" />
+	<target host="slp4.somerset.gov.uk" />
+	<target host="secure.somerset.gov.uk" />
+	<!--target host="www.somerset.gov.uk" /-->
+
+	<!--	Complications:
+				-->
+	<!--target host="somerset.gov.uk" /-->
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.somerset\.gov\.uk/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="^http://(?:www\.)?somerset\.gov\.uk/+(?![Ee]asy[Ss]ite(?:[Ww]eb)?/)" /-->
+
+			<!--	+ve:
+					-->
+			<!--test url="http://www.somerset.gov.uk/enp/" /-->
+			<!--test url="http://www.somerset.gov.uk/organisation/" /-->
+			<!--test url="http://www.somerset.gov.uk/yoursomerset/" /-->
+
+			<!--	-ve:
+					-->
+			<!--test url="http://somerset.gov.uk/EasySiteWeb/EasySite/StyleData/Somerset_gov_uk_MASTER/Images/bck_tab_bottom_border.gif" /-->
+			<!--test url="http://www.somerset.gov.uk/EasySiteWeb/style/faux/css/ux.net.css" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^secure.somerset.gov.uk$" name="^ASP.NET_SessionId$" /-->
+
+	<!--securecookie host="^(?!www\.)\w" name="." /-->
+	<securecookie host="^\w" name=".+" />
+
+
+	<!--rule from="^http://somerset\.gov\.uk/"
+		to="https://www.somerset.gov.uk/" /-->
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Someserver.xml b/src/chrome/content/rules/Someserver.xml
index f4aeef390880..dae14db53e5c 100644
--- a/src/chrome/content/rules/Someserver.xml
+++ b/src/chrome/content/rules/Someserver.xml
@@ -1,18 +1,27 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://seba-geek.de/ => https://seba-geek.de/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.seba-geek.de/ => https://www.seba-geek.de/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://someserver.de/ => https://someserver.de/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.someserver.de/ => https://www.someserver.de/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
 	Related rulesets:
 
 		- CHDK.xml
 
 -->
-<ruleset name="Someserver (partial)" platform="cacert">
+<ruleset name="Someserver (partial)" default_off="failed ruleset test">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="seba-geek.de" />
 	<target host="www.seba-geek.de" />
 	<target host="someserver.de" />
 	<target host="www.someserver.de" />
 
 
-	<rule from="^http://(www\.)?s(eba-geek|omeserver)\.de/"
-		to="https://$1s$2.de/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Something-Awful.xml b/src/chrome/content/rules/Something-Awful.xml
index 08fc2e720149..61060f798d9a 100644
--- a/src/chrome/content/rules/Something-Awful.xml
+++ b/src/chrome/content/rules/Something-Awful.xml
@@ -1,21 +1,26 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)	(shows secure)
-		- fi
-		- forums	(times out)
-		- i
-
--->
-<ruleset name="Something Awful (partial)">
+<ruleset name="Something Awful">
 
+	<target host="somethingawful.com" />
+	<target host="www.somethingawful.com" />
 	<target host="secure.somethingawful.com" />
+	<target host="forums.somethingawful.com" />
+	<target host="archives.somethingawful.com" />
+	<target host="static.somethingawful.com" />
+	<target host="downloads.somethingawful.com" />
+	<target host="i.somethingawful.com" />
+	<target host="images.somethingawful.com" />
+	<target host="fi.somethingawful.com" />
+	<target host="forumimages.somethingawful.com" />
+	<target host="v.somethingawful.com" />
+	<target host="videos.somethingawful.com" />
 
 
 	<securecookie host="^secure\.somethingawful\.com$" name=".+" />
+	<securecookie host="^forums\.somethingawful\.com$" name=".+" />
+	<securecookie host="^archives\.somethingawful\.com$" name=".+" />
 
 
-	<rule from="^http://secure\.somethingawful\.com/"
-		to="https://secure.somethingawful.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Somevid.com.xml b/src/chrome/content/rules/Somevid.com.xml
new file mode 100644
index 000000000000..75bd4013552c
--- /dev/null
+++ b/src/chrome/content/rules/Somevid.com.xml
@@ -0,0 +1,31 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://somevid.com/ => https://somevid.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.somevid.com/ => https://www.somevid.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+	Insecure cookies are set for these hosts:
+
+		- somevid.com
+		- www.somevid.com
+
+-->
+<ruleset name="Somevid.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="somevid.com" />
+	<target host="www.somevid.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?somevid\.com$" name="^sessionid$" /-->
+
+	<securecookie host="^(?:www\.)?somevid\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SonarCloud.io.xml b/src/chrome/content/rules/SonarCloud.io.xml
new file mode 100644
index 000000000000..116470aa6aee
--- /dev/null
+++ b/src/chrome/content/rules/SonarCloud.io.xml
@@ -0,0 +1,12 @@
+<!--
+	For other sonar rulesets, see: SonarSource.com.xml
+-->
+<ruleset name="SonarCloud.io">
+
+	<target host="sonarcloud.io" />
+	<target host="www.sonarcloud.io" />
+	<target host="about.sonarcloud.io" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SonarLint.org.xml b/src/chrome/content/rules/SonarLint.org.xml
new file mode 100644
index 000000000000..811b8769ac74
--- /dev/null
+++ b/src/chrome/content/rules/SonarLint.org.xml
@@ -0,0 +1,18 @@
+<!--
+	For other Sonar rulesets, see: SonarSource.com.xml
+-->
+<ruleset name="SonarLint.org">
+
+	<target host="sonarlint.org" />
+	<target host="www.sonarlint.org" />
+	<target host="atom.sonarlint.org" />
+	<target host="cli.sonarlint.org" />
+	<target host="eclipse.sonarlint.org" />
+	<target host="eclipse-uc.sonarlint.org" />
+	<target host="intellij.sonarlint.org" />
+	<target host="vs.sonarlint.org" />
+	<target host="vscode.sonarlint.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SonarQube.org.xml b/src/chrome/content/rules/SonarQube.org.xml
new file mode 100644
index 000000000000..00a318654cdf
--- /dev/null
+++ b/src/chrome/content/rules/SonarQube.org.xml
@@ -0,0 +1,16 @@
+<!--
+	For other Sonar rulesets, see SonarSource.com.xml
+
+	This domain uses a wildcard DNS record.
+-->
+<ruleset name="SonarQube.org">
+
+	<target host="sonarqube.org" />
+	<target host="www.sonarqube.org" />
+	<target host="docs.sonarqube.org" />
+	<target host="docs2.sonarqube.org" />
+	<target host="nemo.sonarqube.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SonarSource.com.xml b/src/chrome/content/rules/SonarSource.com.xml
new file mode 100644
index 000000000000..6e70e2c8691a
--- /dev/null
+++ b/src/chrome/content/rules/SonarSource.com.xml
@@ -0,0 +1,36 @@
+<!--
+	See also:
+		SonarCloud.io.xml
+		SonarLint.org.xml
+		SonarQube.org.xml
+
+	Content mismatch:
+		files.sonarsource.com
+
+	Invalid certificate:
+		github.sonarsource.com
+
+	Timeout:
+		fwg.sonarsource.com
+		fwl.sonarsource.com
+-->
+<ruleset name="SonarSource.com">
+
+	<target host="sonarsource.com" />
+	<target host="www.sonarsource.com" />
+	<target host="blog.sonarsource.com" />
+	<target host="chestnutsl.sonarsource.com" />
+	<target host="cix.sonarsource.com" />
+	<target host="dist.sonarsource.com" />
+	<target host="downloads.sonarsource.com" />
+	<target host="jira.sonarsource.com" />
+	<target host="peach.sonarsource.com" />
+	<target host="redirect.sonarsource.com" />
+	<target host="repox.sonarsource.com" />
+	<target host="rules.sonarsource.com" />
+	<target host="support.sonarsource.com" />
+	<target host="telemetry.sonarsource.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Sonatype.com.xml b/src/chrome/content/rules/Sonatype.com.xml
new file mode 100644
index 000000000000..1072600b0b70
--- /dev/null
+++ b/src/chrome/content/rules/Sonatype.com.xml
@@ -0,0 +1,60 @@
+<!--
+	Nonfunctional subdomains:
+
+		- blog *
+
+	* Refused
+
+
+	Problematic subdomains:
+
+		- go *
+
+	* Mismatched
+
+
+	These altnames don't exist:
+
+		- www.support.sonatype.com
+
+
+	Insecure cookies are set for these hosts:
+
+		- docs.sonatype.com
+
+-->
+<ruleset name="Sonatype.com (partial)">
+
+	<target host="sonatype.com" />
+	<target host="books.sonatype.com" />
+	<target host="docs.sonatype.com" />
+	<target host="download.sonatype.com" />
+	<target host="links.sonatype.com" />
+	<target host="support.sonatype.com" />
+	<target host="www.sonatype.com" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.sonatype\.com/($|system/images/|support$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.sonatype\.com/(?!assets/|downloads/products/|favicon\.ico)" />
+
+			<test url="http://www.sonatype.com/about/investors" />
+			<test url="http://www.sonatype.com/contact/general-inquiry" />
+			<test url="http://www.sonatype.com/nexus" />
+			<test url="http://www.sonatype.com/support" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^docs\.sonatype\.com$" name="^JSESSIONID$" /-->
+
+	<securecookie host="^docs\.sonatype\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Sonder_Design.com.xml b/src/chrome/content/rules/Sonder_Design.com.xml
new file mode 100644
index 000000000000..e157e78d92cf
--- /dev/null
+++ b/src/chrome/content/rules/Sonder_Design.com.xml
@@ -0,0 +1,16 @@
+<!--
+	Note: This website blocks Tor users.
+
+-->
+<ruleset name="Sonder Design.com" default_off="needs clearnet testing">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="sonderdesign.com" />
+	<target host="www.sonderdesign.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SongColeta.com.xml b/src/chrome/content/rules/SongColeta.com.xml
index 9ec8bf4757b6..1bf152628be7 100644
--- a/src/chrome/content/rules/SongColeta.com.xml
+++ b/src/chrome/content/rules/SongColeta.com.xml
@@ -19,4 +19,4 @@
 	<rule from="^http://static\.songcoleta\.com/"
 		to="https://d2f4ve6v2ack21.cloudfront.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Sonic.net.xml b/src/chrome/content/rules/Sonic.net.xml
new file mode 100644
index 000000000000..271ffc1eb1e7
--- /dev/null
+++ b/src/chrome/content/rules/Sonic.net.xml
@@ -0,0 +1,58 @@
+<!--
+	Nonfunctional subdomains:
+
+		- ^ ¹
+		- www.members ²
+		- www ¹
+
+	¹ Refused
+	² Dropped
+
+
+	Fully covered subdomains:
+
+		- assets
+		- corp
+		- forums
+		- legacy-webmail
+		- members
+		- newsignup
+		- webmail
+		- wiki
+
+
+	These altnames don't exist:
+
+		- www.corp.sonic.net
+		- www.forums.sonic.net
+		- www.newsignup.sonic.net
+		- www.webmail.sonic.net
+		- www.wiki.sonic.net
+
+
+	Insecure cookies are set for these domains:
+
+		- newsignup
+
+-->
+<ruleset name="Sonic.net (partial)">
+
+	<target host="assets.sonic.net" />
+	<target host="corp.sonic.net" />
+	<target host="forums.sonic.net" />
+	<target host="legacy-webmail.sonic.net" />
+	<target host="members.sonic.net" />
+	<target host="webmail.sonic.net" />
+	<target host="wiki.sonic.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^newsignup\.sonic\.net$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^newsignup\.sonic\.net$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SonicWALL.xml b/src/chrome/content/rules/SonicWALL.xml
index 0e48b5f515bf..58c1c0a3d088 100644
--- a/src/chrome/content/rules/SonicWALL.xml
+++ b/src/chrome/content/rules/SonicWALL.xml
@@ -1,4 +1,6 @@
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://sonicwall.com/ => https://www.sonicwall.com/: Redirect for 'http://www.sonicwall.com' missing Location
 	Problematic subdomains:
 
 		- ^		(cert only matches www)
@@ -8,16 +10,16 @@
 <ruleset name="SonicWALL (partial)">
 
 	<target host="sonicwall.com" />
-	<target host="*.sonicwall.com" />
+	<target host="www.sonicwall.com" />
+	<target host="software.sonicwall.com" />
 
 
 	<securecookie host="^.+\.sonicwall\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?sonicwall\.com/"
+	<rule from="^http://(?:www\.)?sonicwall\.com/"
 		to="https://www.sonicwall.com/" />
 
-	<rule from="^http://software\.sonicwall\.com/"
-		to="https://software.sonicwall.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Sonobi.com.xml b/src/chrome/content/rules/Sonobi.com.xml
new file mode 100644
index 000000000000..fa0ec8262a12
--- /dev/null
+++ b/src/chrome/content/rules/Sonobi.com.xml
@@ -0,0 +1,82 @@
+<!--
+	Timeout:
+		- corp.sonobi.com
+		- srv-corp01.corp.sonobi.com
+		- srv-dwcs1.corp.sonobi.com
+		- opt7.go.sonobi.com
+
+	Cert mismatch:
+		- ads.sonobi.com
+		- adobe.sync.go.sonobi.com
+		- lotame.segments.go.sonobi.com
+		- lotame.users.go.sonobi.com
+		- purch.demand.go.sonobi.com
+		- engagebdr.sync.go.sonobi.com
+		- liverail.sync.go.sonobi.com
+		- liveramp.sync.go.sonobi.com
+		- medianet.sync.go.sonobi.com
+		- optimatic.sync.go.sonobi.com
+		- pulsepoint.sync.go.sonobi.com
+		- purch.sync.go.sonobi.com
+		- sovrn.sync.go.sonobi.com
+		- zedo.sync.go.sonobi.com
+		- videos-2.sonobi.com
+
+	Cert chain issues:
+		- helpdesk.corp.sonobi.com
+
+-->
+<ruleset name="Sonobi.com">
+
+	<target host="sonobi.com" />
+	<target host="www.sonobi.com" />
+
+	<target host="alpha.sonobi.com" />
+	<target host="api.sonobi.com" />
+	<target host="beta.sonobi.com" />
+	<target host="bi.corp.sonobi.com" />
+	<target host="creative.sonobi.com" />
+	<target host="equilibrium.sonobi.com" />
+	<target host="go.sonobi.com" />
+	<target host="apex.go.sonobi.com" />
+	<target host="dub-1-apex.go.sonobi.com" />
+	<target host="dub-1-sync.go.sonobi.com" />
+	<target host="dub-1-xcp.go.sonobi.com" />
+	<target host="dub-1.go.sonobi.com" />
+	<target host="iad-1-apex.go.sonobi.com" />
+	<target host="iad-1-xcp.go.sonobi.com" />
+	<target host="iad-1.go.sonobi.com" />
+	<target host="iad-2-apex.go.sonobi.com" />
+	<target host="iad-2-sync.go.sonobi.com" />
+	<target host="iad-2-xcp.go.sonobi.com" />
+	<target host="keymaker.go.sonobi.com" />
+	<target host="lax-1-sync.go.sonobi.com" />
+	<target host="lax-1-xcp.go.sonobi.com" />
+	<target host="lax-1.go.sonobi.com" />
+	<target host="lotame-test.go.sonobi.com" />
+	<target host="lotame-users.go.sonobi.com" />
+	<target host="mco-1-apex.go.sonobi.com" />
+	<target host="mco-1-sync.go.sonobi.com" />
+	<target host="mco-1-xcp.go.sonobi.com" />
+	<target host="mco-1.go.sonobi.com" />
+	<target host="medianet-sync.go.sonobi.com" />
+	<target host="mtrx.go.sonobi.com" />
+	<target host="neo.go.sonobi.com" />
+	<target host="pdx-1-apex.go.sonobi.com" />
+	<target host="pdx-1-sync.go.sonobi.com" />
+	<target host="pdx-1-xcp.go.sonobi.com" />
+	<target host="pdx-1.go.sonobi.com" />
+	<target host="purch-sync.go.sonobi.com" />
+	<target host="static-failover.go.sonobi.com" />
+	<target host="sync.go.sonobi.com" />
+	<target host="xcp.go.sonobi.com" />
+	<target host="jetstream.sonobi.com" />
+	<target host="sharepoint.sonobi.com" />
+	<target host="static-serving.sonobi.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Sonos.com.xml b/src/chrome/content/rules/Sonos.com.xml
index cc5f739738f6..db6f0a22685b 100644
--- a/src/chrome/content/rules/Sonos.com.xml
+++ b/src/chrome/content/rules/Sonos.com.xml
@@ -34,10 +34,10 @@
 	<!--securecookie host="^\.www\.sonos\.com$" name="^(lang|region)$" /-->
 
 
-	<rule from="^http://(?:www\.)?sonos\.com/(?=(?:\w+/)?(?:[cC]s|image|j)s/|fancybox/|login(?:$|[?/])|shop/(?:i/|login\.aspx|[tT]hemes/)|WebResource\.axd|widgets/)"
+	<rule from="^http://(?:www\.)?sonos\.com/(?=(?:\w+/)?(?:[cC]ss/|images/|js/|(?:Script|Web)Resource\.axd)|fancybox/|login(?:$|[?/])|shop/(?:i/|login\.aspx|[tT]hemes/)|static/|widgets/)"
 		to="https://www.sonos.com/" />
 
 	<rule from="^http://faq\.sonos\.com/"
 		to="https://faq.sonos.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Sony-europe.com.xml b/src/chrome/content/rules/Sony-europe.com.xml
index f9f6f15cbedc..b6da6095d96e 100644
--- a/src/chrome/content/rules/Sony-europe.com.xml
+++ b/src/chrome/content/rules/Sony-europe.com.xml
@@ -1,11 +1,19 @@
-<ruleset name="Sony-Europe.com" platform="mixedcontent">
+<!--
+	For other Sony coverage, see Sony.xml.
+
+-->
+<ruleset name="Sony-Europe.com">
 
 	<target host="sony-europe.com" />
-	<target host="*.sony-europe.com" />
 	<target host="campaign.odw.sony-europe.com" />
+	<target host="sp.sony-europe.com" />
+	<target host="www.sony-europe.com" />
+
+
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^http://(campaign\.odw\.|sp\.|www\.)?sony-europe\.com/"
-		to="https://$1sony-europe.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Sony.co.uk.xml b/src/chrome/content/rules/Sony.co.uk.xml
new file mode 100644
index 000000000000..4133543be790
--- /dev/null
+++ b/src/chrome/content/rules/Sony.co.uk.xml
@@ -0,0 +1,75 @@
+<!--
+	For other Sony coverage, see
+		+ Sony.xml
+
+	Non-functional hosts
+		Couldn't connect to server:
+		- patterson.sony.co.uk
+		- ssc.sony.co.uk
+		- support.vaio.sony.co.uk
+
+		Timeout was reached:
+		- 4k.sony.co.uk
+		- business.sony.co.uk
+		- dns0-scee.sony.co.uk
+		- www.npe.sony.co.uk
+		- outlet.sony.co.uk
+		- print.sony.co.uk
+		- dns0.scee.sony.co.uk
+		- mailgw1.scee.sony.co.uk
+		- mailgw2.scee.sony.co.uk
+		- mailgw3.scee.sony.co.uk
+		- mailgw4.scee.sony.co.uk
+		- utf-admin.scee.sony.co.uk
+		- utf-aes.scee.sony.co.uk
+		- utf-portal.scee.sony.co.uk
+		- utf-stream.scee.sony.co.uk
+		- sonymakebelieve.sony.co.uk
+		- sorry.sony.co.uk
+		- store.sony.co.uk
+		- tvpromo.sony.co.uk
+		- www.tvpromo.sony.co.uk
+		- vaio.sony.co.uk
+		- club.vaio.sony.co.uk
+		- www.club.vaio.sony.co.uk
+
+		SSL connect error:
+		- risingstar.sony.co.uk
+
+		SSL peer certificate was not OK:
+		- www.community.sony.co.uk
+		- deals.sony.co.uk
+		- hra.sony.co.uk
+		- presscentre.sony.co.uk
+		- stg.sony.co.uk
+		- origin.www.sony.co.uk
+
+		Incomplete certificate chain error:
+		- dealer.sony.co.uk
+		- www.dealer.sony.co.uk
+		- dealerlocator.sony.co.uk
+		- shadownet.scee.sony.co.uk
+		- shop.sony.co.uk
+		- tvws-wsdb.sony.co.uk
+
+		4xx client error:
+		- aws-preview-production-pdp.sony.co.uk
+		- community-stage.sony.co.uk
+		- pet-pdp.sony.co.uk
+		- preview-production-pdp.sony.co.uk
+		- preview-uat-pdp.sony.co.uk
+		- production-pdp.sony.co.uk
+		- paradox.scee.sony.co.uk
+		- services.sony.co.uk
+		- uat-pdp.sony.co.uk
+-->
+<ruleset name="Sony.co.uk">
+	<target host="sony.co.uk" />
+	<target host="www.sony.co.uk" />
+	<target host="community.sony.co.uk" />
+	<target host="concierge.sony.co.uk" />
+	<target host="corporatestaffsales.sony.co.uk" />
+	<target host="staffsales.sony.co.uk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Sony.com.au.xml b/src/chrome/content/rules/Sony.com.au.xml
new file mode 100644
index 000000000000..89ce276c4cce
--- /dev/null
+++ b/src/chrome/content/rules/Sony.com.au.xml
@@ -0,0 +1,29 @@
+<!--
+	For other Sony coverage, see
+		+ Sony.xml
+
+	Nonfunctional hosts in *.sony.com.au:
+		- sony.com.au (r)
+		- content.sony.com.au (t)
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Sony.com.au">
+	<target host="sony.com.au" />
+	<target host="www.sony.com.au" />
+	<target host="partner.sony.com.au" />
+	<target host="pro.sony.com.au" />
+	<target host="www.pro.sony.com.au" />
+	<target host="pulselive.sony.com.au" />
+	<target host="sites.sony.com.au" />
+	<target host="store.sony.com.au" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://sony\.com\.au/" to="https://www.sony.com.au/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Sony.com.hk.xml b/src/chrome/content/rules/Sony.com.hk.xml
new file mode 100644
index 000000000000..23ea43206a98
--- /dev/null
+++ b/src/chrome/content/rules/Sony.com.hk.xml
@@ -0,0 +1,72 @@
+<!--
+	For other Sony coverage, see Sony.xml
+
+	Non-functional hosts
+		Couldn't connect to server:
+			 - cswebsis1.sony.com.hk
+			 - www.edc.sony.com.hk
+			 - portal.sony.com.hk
+			 - scep.sony.com.hk
+			 - www.flipper.sem.sony.com.hk
+			 - www.flipper.sih.sony.com.hk
+			 - vpn.sony.com.hk
+			 - web.sony.com.hk
+			 - wmobile.sony.com.hk
+			 - ww2.sony.com.hk
+			 - ww2dev.sony.com.hk
+
+		Timeout was reached:
+			 - best.sony.com.hk
+			 - hkshkemf01.sony.com.hk
+			 - hkshkemf04.sony.com.hk
+			 - hkshkextmg1.sony.com.hk
+			 - hkshkextmg2.sony.com.hk
+			 - www.imagestation.sony.com.hk
+			 - ns3.sony.com.hk
+			 - ns5.sony.com.hk
+			 - primenet.sony.com.hk
+			 - pro.sony.com.hk
+			 - shkemarketing.sony.com.hk
+			 - shkextgwy.sony.com.hk
+			 - shkextmr01.sony.com.hk
+			 - shkextmr02.sony.com.hk
+			 - shklbs.sony.com.hk
+			 - shklbs01.sony.com.hk
+			 - shklbs02.sony.com.hk
+			 - www.lei.sih.sony.com.hk
+			 - streaming.sony.com.hk
+			 - ww1.sony.com.hk
+
+		SSL connect error:
+			 - edm.sony.com.hk
+
+		SSL peer certificate was not OK:
+			 - sony.com.hk
+			 - click.sony.com.hk
+			 - m.sony.com.hk
+			 - pepci.sony.com.hk
+			 - regional-p.sony.com.hk
+			 - wwws.sony.com.hk
+
+		Incomplete certificate chain error:
+			 - sceh.sony.com.hk
+
+		Status code mismatch:
+			 - rem.sony.com.hk
+
+		4xx client error:
+			 - preview-production-pdp.sony.com.hk
+			 - preview-uat-pdp.sony.com.hk
+			 - production-pdp.sony.com.hk
+			 - uat-pdp.sony.com.hk
+-->
+<ruleset name="Sony.com.hk (partial)">
+	<target host="www.sony.com.hk" />
+	<target host="www.flipperctx.sony.com.hk" />
+	<target host="regional.sony.com.hk" />
+	<target host="webaccess.sony.com.hk" />
+	<target host="wwwp.sony.com.hk" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Sony.com.mx.xml b/src/chrome/content/rules/Sony.com.mx.xml
new file mode 100644
index 000000000000..c656ddfe6ba0
--- /dev/null
+++ b/src/chrome/content/rules/Sony.com.mx.xml
@@ -0,0 +1,51 @@
+<!--
+	For other Sony coverage, see
+		+ Sony.xml
+
+	Non-functional hosts
+		Couldn't connect to server:
+		- sony.com.mx
+		- stg.sony.com.mx
+
+		Timeout was reached:
+		- dev.sony.com.mx
+		- origin-buy.dev.sony.com.mx
+		- origin-customer.dev.sony.com.mx
+		- gdcw.origin.sony.com.mx
+		- origin-buy.sony.com.mx
+		- origin-customer.sony.com.mx
+		- qa.sony.com.mx
+		- gdcw.origin.qa.sony.com.mx
+		- origin-buy.qa.sony.com.mx
+		- origin-customer.qa.sony.com.mx
+		- origin-buy.stg.sony.com.mx
+		- origin-customer.stg.sony.com.mx
+
+		SSL peer certificate was not OK:
+		- proveedores.sony.com.mx
+		- reviews.store.sony.com.mx
+
+		Status code mismatch:
+		- corporativostore.sony.com.mx
+
+		4xx client error:
+		- preview-production-pdp.sony.com.mx
+		- preview-uat-pdp.sony.com.mx
+		- production-pdp.sony.com.mx
+		- uat-pdp.sony.com.mx
+
+		Secure connection redirects to plaintext:
+		- store.sony.com.mx
+-->
+<ruleset name="Sony.com.mx">
+	<target host="sony.com.mx" />
+	<target host="www.sony.com.mx" />
+	<target host="grupoprofesionaldemexico.sony.com.mx" />
+	<target host="prosupport.sony.com.mx" />
+
+	<rule from="^http://sony\.com\.mx/"
+			to="https://www.sony.com.mx/" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Sony.eu.xml b/src/chrome/content/rules/Sony.eu.xml
new file mode 100644
index 000000000000..0b21dc9953c5
--- /dev/null
+++ b/src/chrome/content/rules/Sony.eu.xml
@@ -0,0 +1,17 @@
+<!--
+	For other Sony coverage, see
+		+ Sony.xml
+
+	Non-functional hosts
+		Incomplete certificate chain error:
+		- sony.eu
+		- www.sony.eu
+		- shop.sony.eu
+-->
+<ruleset name="Sony.eu (partial)">
+	<target host="global.sony.eu" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Sony.se.xml b/src/chrome/content/rules/Sony.se.xml
index 4d6a3abfc06b..2b84199e359d 100644
--- a/src/chrome/content/rules/Sony.se.xml
+++ b/src/chrome/content/rules/Sony.se.xml
@@ -1,7 +1,37 @@
+<!--
+	For other Sony coverage, see
+		+ Sony.xml
+
+	Non-functional hosts
+		Timeout was reached:
+		- business.sony.se
+		- sorry.sony.se
+		- store.sony.se
+
+		SSL peer certificate was not OK:
+		- sony.se
+		- 4k.sony.se
+		- press.sony.se
+
+		Incomplete certificate chain error:
+		- outlet.sony.se
+		- shop.sony.se
+
+		4xx client error:
+		- community-stage.sony.se
+		- preview-production-pdp.sony.se
+		- production-pdp.sony.se
+		- services.sony.se
+-->
 <ruleset name="Sony.se">
 	<target host="sony.se" />
 	<target host="www.sony.se" />
-	<rule from="^http://www\.sony\.se/" to="https://www.sony.se/"/>
-	<rule from="^http://sony\.se/" to="https://sony.se/"/>
-</ruleset>
+	<target host="community.sony.se" />
+	<target host="concierge.sony.se" />
+
+	<rule from="^http://sony\.se/"
+			to="https://www.sony.se/" />
 
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Sony.xml b/src/chrome/content/rules/Sony.xml
index 2801c33a22cf..56c33cff05c3 100644
--- a/src/chrome/content/rules/Sony.xml
+++ b/src/chrome/content/rules/Sony.xml
@@ -1,88 +1,51 @@
 <!--
 	Other Sony rulesets:
 
-		- Naughty_Dog.xml
+		- lbp.me.xml
 		- PlayStation.xml
+		- PlayStation.net.xml
+		- PlayStation_Network.com.xml
+		- SCEA.com.xml
+		- Sony.co.uk.xml
+		- Sony.com.au.xml
+		- Sony.com.hk.xml
+		- Sony.com.mx.xml
+		- Sony.eu.xml
 		- Sony.se.xml
 		- Sony_Computer_Science_Laboratories.xml
 		- Sony_Entertainment_Network.xml
 		- Sony-europe.com.xml
-		- Sony_Latin_America.xml
 		- SonyMobile.xml
 		- SonyMusic.xml
 		- Sony_Pictures_UK.xml
 		- Xperia_Studio.xml
 
+	Non-functional hosts in *.sony.com
+		SSL read error:
+			 - www.docs.sony.com
 
-	CDN buckets:
+		SSL peer certificate was not OK:
+			 - content.esupport.sony.com
+			 - subscribe.sel.sony.com
+			 - store.sony.com
 
-		- d38zhw9ti31loc.cloudfront.net
-
-		- fp.scea.com.c.footprint.net
-			- fp.scea.com
-			- webassets[a-j]?.scea.com
-
-
-	Nonfunctional domains:
-
-		- (www.)imageworks.com *
-		- opensource.imageworks.com *
-		- esupport.sony.com		(redirects to s01.esupport, which has different data)
-		- www.kb.sony.com
-		- sonypictures.com		(times out)
-		- www.sonypictures.com *
-
-	* Refused
-
-
-	Partially covered domains:
-
-		- (www.)sony.co.uk	(at least some pages redirect to http)
-
-
-	Fully covered domains:
-
-		- shop.sony.co.uk
-		- outlet.sony.co.uk
-		- blog.sony.com
+		Peer certificate cannot be authenticated with given CA certificates:
+			 - eservice.sony.com
 
+		Incomplete certificate chain error:
+			 - blog.sony.com
 -->
-<ruleset name="Sony (partial)" platform="mixedcontent">
-
-	<target host="webassets.scea.com" />
-	<target host="*.webassets.scea.com" />
+<ruleset name="Sony.com (partial)">
 	<target host="sony.com" />
-	<target host="*.sony.com" />
-	<target host="s01.esupport.sony.com" />
-	<target host="sony.co.uk" />
-	<target host="*.sony.co.uk" />
-
-
-	<securecookie host="^.*\.sony\.com$" name=".*" />
-	<securecookie host="^outlet\.sony\.co\.uk$" name=".+" />
-
-
-	<!--	- Cert doesn't match
-		- Redirects as so
-				-->
-	<rule from="^https?://(?:www\.)?scea\.com/"
-		to="https://us.playstation.com/" />
-
-	<!--	webassets[a-j]?.scea.com: time out	-->
-	<rule from="^https?://(?:\w+\.)?webassets\w?\.scea\.com/"
-		to="https://secure.webassets.scea.com/" />
-
-	<!--	Cert only matches www.	-->
-	<rule from="^https?://(?:www\.)?sony\.com/"
-		to="https://www.sony.com/" />
-
-	<rule from="^http://(www\.)?sony\.co\.uk/(bravia|res)/"
-		to="https://$1sony.co.uk/$2/" />
-
-	<rule from="^http://(outlet|shop)\.sony\.co\.uk/"
-		to="https://$1.sony.co.uk/" />
+	<target host="www.sony.com" />
+	<target host="community.sony.com" />
+	<target host="docs.sony.com" />
+	<target host="esupport.sony.com" />
+	<target host="us.en.kb.sony.com" />
+	<target host="productregistration.sony.com" />
+	<target host="products.sel.sony.com" />
 
-	<rule from="^http://(blog|s01\.esupport|store)\.sony\.com/"
-		to="https://$1.sony.com/" />
+	<securecookie host=".+" name=".+" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/SonyMobile.xml b/src/chrome/content/rules/SonyMobile.xml
index 8a6afe59c72b..73fb1ab7ad75 100644
--- a/src/chrome/content/rules/SonyMobile.xml
+++ b/src/chrome/content/rules/SonyMobile.xml
@@ -1,55 +1,45 @@
 <!--
-	For other Sony coverage, see Sony.xml.
-
-
-	Nonfunctional domains:
-
-		- blogs.sonymobile.com		(401)
-		- developer.sonymobile.com *
-		- talk.sonymobile.com		(404, CN: gp1.wac.edgecastcdn.net)
-
-	* 401, valid cert
-
-
-	Problematic domains:
-
-		- changepassword.extranet.sonyericsson.com	(expired)
-		- sonymobile.com				(times out)
-
-
-	Partially covered domains:
-
-		- (www.)sonymobile.com		(at least some pages 401, global.css 403s)
-
-
-	Fully covered sonymobile.com subdomains:
-
-		- foris.extranet
-		- foris
-		- shop
-		- thesourceplus
-		- assets.thesourceplus
-
+	For other Sony coverage, see
+		+ Sony.xml
+
+	Non-functional hosts
+		Timeout was reached:
+		- se-mc.com
+		- sonyericsson.com
+		- extranet.sonyericsson.com
+
+		SSL peer certificate was not OK:
+		- www.se-mc.com
+		- shop.sonymobile.com
+
+		Status code mismatch:
+		- blogs.sonymobile.com
+		- foris.sonymobile.com
 -->
-<ruleset name="Sony Mobile (buggy)" default_off="https://lists.eff.org/pipermail/https-everywhere-rules/2013-November/001737.html">
+<ruleset name="Sony Mobile (partial)">
+	<!-- *sonyericsson.com -->
+	<target host="sonyericsson.com" />
+	<target host="www.sonyericsson.com" />
+	<target host="changepassword.extranet.sonyericsson.com" />
 
-	<target host="*.se-mc.com" />
+	<!-- *sonymobile.com -->
 	<target host="sonymobile.com" />
-	<target host="*.sonymobile.com" />
-		<exclusion pattern="^https?://(?:www\.)?sonymobile\.com/wp-content/themes/semc-main/css/global\.css" />
+	<target host="www.sonymobile.com" />
+	<target host="developer.sonymobile.com" />
 	<target host="foris.extranet.sonymobile.com" />
+	<target host="talk.sonymobile.com" />
+	<target host="thesourceplus.sonymobile.com" />
+	<target host="assets.thesourceplus.sonymobile.com" />
 
+	<!-- *se-mc.com -->
+	<target host="www-static.se-mc.com" />
+		<test url="http://www-static.se-mc.com/blogs.dir/0/files/2012/01/smartwatch.png" />
 
-	<securecookie host="^(?:shop|\.?thesourceplus)\.sonymobile\.com$" name=".+" />
-
-
-	<rule from="^http://(developer|www)-static\.se-mc\.com/"
-		to="https://$1-static.se-mc.com/" />
-
-	<rule from="^https?://(?:www\.)?sonymobile\.com/(cws|wp-content)/"
-		to="https://www.sonymobile.com/$1/" />
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(foris(?:\.extranet)?|shop|(?:assets\.)?thesourceplus)\.sonymobile\.com/"
-		to="https://$1.sonymobile.com/" />
+	<rule from="^http://sonyericsson\.com/"
+			to="https://www.sonyericsson.com/" />
 
+	<rule from="^http:"
+			to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/SonyMusic-problematic.xml b/src/chrome/content/rules/SonyMusic-problematic.xml
deleted file mode 100644
index f976c1db9783..000000000000
--- a/src/chrome/content/rules/SonyMusic-problematic.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	For rules that are on by default, see SonyMusic.xml.
-
--->
-<ruleset name="SonyMusic (problematic)" default_off="akamai certificate">
-
-	<target host="sonymusic.com" />
-	<target host="www.sonymusic.com" />
-
-
-	<securecookie host="^(?:.+\.)?sonymusic\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?sonymusic\.com/"
-		to="https://www.sonymusic.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/SonyMusic.xml b/src/chrome/content/rules/SonyMusic.xml
index 624a510054c7..f8e0d8fbe75f 100644
--- a/src/chrome/content/rules/SonyMusic.xml
+++ b/src/chrome/content/rules/SonyMusic.xml
@@ -1,28 +1,87 @@
 <!--
-	For problematic rules, see SonyMusic-problematic.xml
-
-
 	For other Sony coverage, see Sony.xml.
 
+	Non-functional hosts
+		Couldn't connect to server:
+			 - autodiscover.sonymusic.com
+			 - connected.sonymusic.com
+			 - d2credirect.sonymusic.com
+			 - ftp2.sonymusic.com
+			 - wireless.sonymusic.com
 
-	CDN buckets:
-
-		- d27g862ehx8viu.cloudfront.net
-			- cf.sonymusic.com
-
+		Timeout was reached:
+			 - 1-0.sonymusic.com
+			 - access.sonymusic.com
+			 - affiliate.sonymusic.com
+			 - approva.sonymusic.com
+			 - approva-dev.sonymusic.com
+			 - approva-dev-reporting.sonymusic.com
+			 - approva-reporting.sonymusic.com
+			 - citrix.sonymusic.com
+			 - ctx.sonymusic.com
+			 - d2ccatchall.sonymusic.com
+			 - forum.sonymusic.com
+			 - postcard.gb2b.sonymusic.com
+			 - gtlnmipgp001.sonymusic.com
+			 - gtlnmipgp002.sonymusic.com
+			 - lb-columbia.sonymusic.com
+			 - lb-columbia-sec.sonymusic.com
+			 - lb-epic.sonymusic.com
+			 - mailgw10.sonymusic.com
+			 - mailgw11.sonymusic.com
+			 - mailgw15.sonymusic.com
+			 - mailgw3.sonymusic.com
+			 - mailgw4.sonymusic.com
+			 - mailgw6.sonymusic.com
+			 - mailgw9.sonymusic.com
+			 - mpas.sonymusic.com
+			 - ns2.sonymusic.com
+			 - ns3.sonymusic.com
+			 - ns4.sonymusic.com
+			 - oa.sonymusic.com
+			 - pmxs001.sonymusic.com
+			 - pmxs002.sonymusic.com
+			 - portaltest.sonymusic.com
+			 - s3.sonymusic.com
+			 - services.sonymusic.com
+			 - toa.sonymusic.com
+			 - toolbar.sonymusic.com
+			 - usnyweb5.sonymusic.com
+			 - webmaster.sonymusic.com
+			 - webmaster10.sonymusic.com
 
-	Problematic subdomains:
+		SSL peer certificate was not OK:
+			 - assets.sonymusic.com
+			 - mi.sonymusic.com
+			 - release.sonymusic.com
+			 - www.secureaccess.sonymusic.com
 
-		- ^	(shows CentOS test page, self-signed, CN: ip-10-251-89-204)
-		- www	(works, akamai)
+		Peer certificate cannot be authenticated with given CA certificates:
+			 - bc.sonymusic.com
+			 - keys.sonymusic.com
+			 - pgp.sonymusic.com
 
+		Incomplete certificate chain error:
+			 - mail.sonymusic.com
+			 - meetings-muc.sonymusic.com
+			 - owa.sonymusic.com
 -->
-<ruleset name="SonyMusic (partial)">
-
-	<target host="cf.sonymusic.com" />
-
-
-	<rule from="^https?://cf\.sonymusic\.com/"
-		to="https://d27g862ehx8viu.cloudfront.net/" />
+<ruleset name="Sony Music">
+	<target host="sonymusic.com" />
+	<target host="www.sonymusic.com" />
+	<target host="brandsolutions.sonymusic.com" />
+	<target host="filtr.sonymusic.com" />
+		<test url="http://filtr.sonymusic.com/filtr/display_TOTC/" />
+	<target host="hub.sonymusic.com" />
+	<target host="moveit.sonymusic.com" />
+	<target host="royalties.sonymusic.com" />
+	<target host="secureaccess.sonymusic.com" />
+	<target host="sftp.sonymusic.com" />
+	<target host="sslvpn-aus.sonymusic.com" />
+	<target host="sslvpn-europe.sonymusic.com" />
+	<target host="sslvpn-hk.sonymusic.com" />
+	<target host="sslvpn-usa.sonymusic.com" />
+	<target host="syncshop.sonymusic.com" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Sony_Computer_Science_Laboratories.xml b/src/chrome/content/rules/Sony_Computer_Science_Laboratories.xml
index a722a0b55239..5f16e4c3b44c 100644
--- a/src/chrome/content/rules/Sony_Computer_Science_Laboratories.xml
+++ b/src/chrome/content/rules/Sony_Computer_Science_Laboratories.xml
@@ -8,7 +8,6 @@
 	<target host="www.sonycsl.co.jp" />
 
 
-	<rule from="^http://(www\.)?sonycsl\.co\.jp/"
-		to="https://$1sonycsl.co.jp/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Sony_Entertainment_Network.xml b/src/chrome/content/rules/Sony_Entertainment_Network.xml
index 8012e323c8fb..3ca2ac0c0af3 100644
--- a/src/chrome/content/rules/Sony_Entertainment_Network.xml
+++ b/src/chrome/content/rules/Sony_Entertainment_Network.xml
@@ -1,41 +1,28 @@
 <!--
 	For other Sony coverage, see Sony.xml.
 
+	Non-functional hosts
+		Couldn't connect to server:
+			 - sonyentertainmentnetwork.com
 
-	CDN buckets:
-
-		- sonyentnet.vo.llnwd.net
-
-			- .hs. does not exist
-			- cdn.sonyentertainmentnetwork.com
-
-
-	Problematic subdomains:
-
-		- cdn	(400; mismatched, CN: *.hs.llnwd.net)
-
-
-	Fully covered subdomains:
-
-		- (www.)
-		- account
-		- cdn		(→ www)
-		- music
+		SSL peer certificate was not OK:
+			 - music.sonyentertainmentnetwork.com
 
+		Status code mismatch:
+			 - auth.api.sonyentertainmentnetwork.com
 -->
 <ruleset name="Sony Entertainment Network (partial)">
-
 	<target host="sonyentertainmentnetwork.com" />
-	<target host="*.sonyentertainmentnetwork.com" />
-
-
-	<securecookie host=".*\.sonyentertainmentnetwork\.com$" name=".+" />
-
-
-	<rule from="^http://((?:account|music|www)\.)?sonyentertainmentnetwork\.com/"
-		to="https://$1sonyentertainmentnetwork.com/" />
-
-	<rule from="^http://cdn\.sonyentertainmentnetwork\.com/"
-		to="https://www.sonyentertainmentnetwork.com/" />
-
-</ruleset>
\ No newline at end of file
+	<target host="www.sonyentertainmentnetwork.com" />
+	<target host="account.sonyentertainmentnetwork.com" />
+		<test url="http://account.sonyentertainmentnetwork.com/login.action" />
+	<target host="cdn.sonyentertainmentnetwork.com" />
+	<target host="friendme.sonyentertainmentnetwork.com" />
+	<target host="store.sonyentertainmentnetwork.com" />
+
+	<rule from="^http://sonyentertainmentnetwork\.com/"
+			to="https://www.sonyentertainmentnetwork.com/" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Sony_Latin_America.xml b/src/chrome/content/rules/Sony_Latin_America.xml
deleted file mode 100644
index 754c5fcf6208..000000000000
--- a/src/chrome/content/rules/Sony_Latin_America.xml
+++ /dev/null
@@ -1,34 +0,0 @@
-<!--
-	For other Sony coverage, see Sony.xml.
-
-
-	Problematic subdomains:
-
-		- sonystyle.com.mx	(cert only matches www)
-
-
-	Partially covered domains:
-
-		- store.sony.com.mx	(some pages redirect to http)
-
--->
-<ruleset name="Sony Latin America (partial)">
-
-	<target host="store.sony.com.mx" />
-		<!--exclusion pattern="^http://store\.sony\.com\.mx/mx/site/(?:catalog/CategoryDisplay|catalog/LeafCategory|index|information/Information)\.jsp" /-->
-		<!--exclution pattern="^http://store\.sony\.com\.mx/(?!(?:mx/)?content/|css/|imagen?s/|mx.static/)" /-->
-		<exclusion pattern="^http://store\.sony\.com\.mx/mx/site/" />
-	<target host="sonystyle.com.mx" />
-	<target host="*.sonystyle.com.mx" />
-
-
-	<securecookie host="^(?:www)?\.sonystyle\.com\.mx$" name=".+" />
-
-
-	<rule from="^http://store\.sony\.com\.mx/"
-		to="https://store.sony.com.mx/" />
-
-	<rule from="^http://(?:www\.)?sonystyle\.com\.mx/"
-		to="https://www.sonystyle.com.mx/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Sony_Pictures_UK.xml b/src/chrome/content/rules/Sony_Pictures_UK.xml
index 4cf2623ac8b9..0928059eec80 100644
--- a/src/chrome/content/rules/Sony_Pictures_UK.xml
+++ b/src/chrome/content/rules/Sony_Pictures_UK.xml
@@ -1,11 +1,19 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://sonypictures.co.uk/ => https://www.sonypictures.co.uk/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.sonypictures.co.uk/ => https://www.sonypictures.co.uk/: (28, 'Connection timed out after 20001 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://sonypictures.co.uk/ => https://www.sonypictures.co.uk/: (35, 'Unknown SSL protocol error in connection to www.sonypictures.co.uk:443 ')
+Fetch error: http://www.sonypictures.co.uk/ => https://www.sonypictures.co.uk/: (35, 'Unknown SSL protocol error in connection to www.sonypictures.co.uk:443 ')
 	For other Sony coverage, see Sony.xml.
 
 
 	Cert only matches www.
 
 -->
-<ruleset name="Sony Pictures UK">
+<ruleset name="Sony Pictures UK" default_off="failed ruleset test">
 
 	<target host="sonypictures.co.uk" />
 	<target host="www.sonypictures.co.uk" />
@@ -14,7 +22,7 @@
 	<securecookie host="^www\.sonypictures\.co\.uk$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?sonypictures\.co\.uk/"
+	<rule from="^http://(?:www\.)?sonypictures\.co\.uk/"
 		to="https://www.sonypictures.co.uk/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Sonyalpha.blog.xml b/src/chrome/content/rules/Sonyalpha.blog.xml
new file mode 100644
index 000000000000..c5b4b916c168
--- /dev/null
+++ b/src/chrome/content/rules/Sonyalpha.blog.xml
@@ -0,0 +1,6 @@
+<ruleset name="Sonyalpha.blog">
+	<target host="sonyalpha.blog" />
+	<target host="www.sonyalpha.blog" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Sonyalpharumors.com.xml b/src/chrome/content/rules/Sonyalpharumors.com.xml
new file mode 100644
index 000000000000..f66a328453ed
--- /dev/null
+++ b/src/chrome/content/rules/Sonyalpharumors.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Sonyalpharumors.com">
+	<target host="sonyalpharumors.com" />
+	<target host="www.sonyalpharumors.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SooBEST.com.xml b/src/chrome/content/rules/SooBEST.com.xml
deleted file mode 100644
index d231b75539b2..000000000000
--- a/src/chrome/content/rules/SooBEST.com.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	Problematic subdomains:
-
-		- imglayer	(works, self-signed)
-
--->
-<ruleset name="SooBEST.com (partial)">
-
-	<target host="soobest.com" />
-	<target host="www.soobest.com" />
-
-
-	<!--	- Cert only matches www
-		- At least some pages redirect to http
-								-->
-	<rule from="^https?://(?:www\.)?soobest.com/themes/"
-		to="https://www.soobest.com/themes/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Sophie_VIP_Escort.xml b/src/chrome/content/rules/Sophie_VIP_Escort.xml
deleted file mode 100644
index e2c2e1dc4097..000000000000
--- a/src/chrome/content/rules/Sophie_VIP_Escort.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	CN: *.fatcow.com
-
--->
-<ruleset name="Sophie VIP Escort" default_off="mismatched">
-
-	<target host="sophievipescort.com" />
-	<target host="www.sophievipescort.com" />
-
-
-	<rule from="^http://(?:www\.)?sophievipescort\.com/"
-		to="https://sophievipescort.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Sophos-mismatches.xml b/src/chrome/content/rules/Sophos-mismatches.xml
deleted file mode 100644
index 420d877097c0..000000000000
--- a/src/chrome/content/rules/Sophos-mismatches.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="Sophos (mismatches)" default_off="mismatch">
-
-	<target host="nakedsecurity.sophos.com"/>
-
-	<rule from="^http://nakedsecurity\.sophos\.com/"
-		to="https://nakedsecurity.sophos.com/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Sophos.xml b/src/chrome/content/rules/Sophos.xml
index 5d463a45814b..3b9b1bc7a0fc 100644
--- a/src/chrome/content/rules/Sophos.xml
+++ b/src/chrome/content/rules/Sophos.xml
@@ -1,30 +1,50 @@
-<ruleset name="Sophos (partial)">
+<!--
+	Other Sophos rulesets:
 
-	<target host="astaro.com" />
-	<target host="*.astaro.com" />
-	<target host="gpp.partners.sophos.com"/>
-	<target host="*.sophos.com"/>
+		- Astaro.com.xml
 
 
-	<!--	Observed cookie domains:
+	gpp.partners.sophos.com: Dropped over http & https
 
-			- ^\.
-			- ^www
+
+	These altnames don't exist:
+
+		- origin-community.sophos.com
+		- search.sophos.com
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .sophos.com
+		- community.sophos.com
+
+-->
+<ruleset name="Sophos.com">
+
+	<!--	Direct rewrites:
 				-->
-	<securecookie host="^.*\.astaro\.com$" name=".*" />
-	<securecookie host="^solo\.sophos\.com$" name=".*"/>
+	<target host="sophos.com" />
+	<target host="blogs.sophos.com" />
+	<target host="community.sophos.com" />
+	<target host="forms.sophos.com" />
+	<target host="myutm.sophos.com" />
+	<target host="nakedsecurity.sophos.com" />
+	<target host="partnerportal.sophos.com" />
+	<target host="secure.sophos.com" />
+	<target host="secure2.sophos.com" />
+	<target host="shop.sophos.com" />
+	<target host="www.sophos.com" />
 
 
-	<rule from="^http://(www\.)?astaro\.com/"
-		to="https://$1astaro.com/" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.sophos\.com$" name="^(?:__qca|__utm\w+|__SophosNextDeviceEnabled|\.ASPXAUTH|ASP\.NET_SessionId|ppAuth|website#lang)$" /-->
+	<!--securecookie host="^community\.sophos\.com$" name="^AuthorizationCookie$" /-->
 
-	<rule from="^https?://feature\.astaro\.com/"
-		to="https://astaro.uservoice.com/" />
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://support\.astaro\.com/"
-		to="https://support.astaro.com/" />
 
-	<rule from="^http://(gpp\.partners|secure|solo)\.sophos\.com/"
-		to="https://$1.sophos.com/"/>
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/SotT.net.xml b/src/chrome/content/rules/SotT.net.xml
new file mode 100644
index 000000000000..8f76938af3b9
--- /dev/null
+++ b/src/chrome/content/rules/SotT.net.xml
@@ -0,0 +1,25 @@
+<!--
+	Sign of the Times
+
+
+	Some pages redirect to http.
+
+-->
+<ruleset name="SotT.net (partial)">
+
+	<target host="sott.net" />
+	<target host="www.sott.net" />
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="^http://(www\.)?sott\.net/+($|\?|podcasts($|[?/]))" /-->
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="^http://(www\.)?sott\.net/+(?!favicon\.ico|images/|signs/|stylesheets/|users/)" /-->
+
+
+	<rule from="^http://(www\.)?sott\.net/(?=favicon\.ico|images/|signs/|stylesheets/|users/)"
+		to="https://$1sott.net/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Soufun.com.tw.xml b/src/chrome/content/rules/Soufun.com.tw.xml
new file mode 100644
index 000000000000..bd99c3dffb2b
--- /dev/null
+++ b/src/chrome/content/rules/Soufun.com.tw.xml
@@ -0,0 +1,22 @@
+<!--
+	Nonfunctional subdomains:
+
+		- (www.) *
+		- img *
+
+	* 404; mismatched, CN: ssl.soufun.com.tw
+
+
+	These altnames don't exist:
+
+		- www.ssl.soufun.com.tw
+
+-->
+<ruleset name="Soufun.com.tw (partial)">
+
+	<target host="ssl.soufun.com.tw" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Soule.lgbt.xml b/src/chrome/content/rules/Soule.lgbt.xml
new file mode 100644
index 000000000000..41614a7d40bf
--- /dev/null
+++ b/src/chrome/content/rules/Soule.lgbt.xml
@@ -0,0 +1,8 @@
+<ruleset name="Soule.lgbt">
+	<target host="soule.lgbt" />
+	<target host="www.soule.lgbt" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SoundUnwound.xml b/src/chrome/content/rules/SoundUnwound.xml
deleted file mode 100644
index 1c7295c83e8e..000000000000
--- a/src/chrome/content/rules/SoundUnwound.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="SoundUnwound">
-  <target host="soundunwound.com" />
-  <target host="www.soundunwound.com" />
-
-  <rule from="^http://(www\.)?soundunwound\.com/" to="https://www.soundunwound.com/" />
-</ruleset>
diff --git a/src/chrome/content/rules/SoundViz.com.xml b/src/chrome/content/rules/SoundViz.com.xml
new file mode 100644
index 000000000000..89843bc3436d
--- /dev/null
+++ b/src/chrome/content/rules/SoundViz.com.xml
@@ -0,0 +1,21 @@
+<!--
+	^: dropped
+
+-->
+<ruleset name="SoundViz.com">
+
+	<target host="soundviz.com" />
+	<target host="www.soundviz.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.soundviz\.com$" name="^_web_session$" /-->
+
+	<securecookie host="^www\.soundviz\.com$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?soundviz\.com/"
+		to="https://www.soundviz.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Soundcloud.xml b/src/chrome/content/rules/Soundcloud.xml
index 0baa5832bc86..b62356be2d05 100644
--- a/src/chrome/content/rules/Soundcloud.xml
+++ b/src/chrome/content/rules/Soundcloud.xml
@@ -1,101 +1,56 @@
 <!--
 
-	CDN buckets:
+	Other Soundcloud rulesets:
 
-		- akmedia-a.akamaihd.net
+		- SndCDN.com.xml
 
-		- soundcloud.assistly.com
 
-			- help.soundcloud.com
+	CDN buckets:
 
+		- akmedia-a.akamaihd.net
+		- soundcloud.assistly.com	← help.soundcloud.com
 		- cs70.wac.edgecastcdn.net
-
-			- a1.sndcdn.com
-			- i1.sndcdn.com
-			- w1.sndcdn.com
-
 		- wpc.658D.edgecastcdn.net
-		- m-a.sndcdn.com.edgesuite.net 
 		- soundcloud.gettyimages.com
-
 		- scbackstage.wpengine.netdna-cdn.com
-
-			- ssl doesn't exist
-			- backstage.soundcloud.com
-
-		- soundcloud.wpengine.netdna-cdn.com
-
-			- -ssl doesn't exist
-			- blog.soundcloud.com
-
+		- soundcloud-wpengine.netdna-ssl.com
 		- gs1.wpc.v2cdn.netcdn.net
-		- gs1.wpc.v2cdn.net
-
-			- ec-media.soundcloud.com
-
-	Nonfunctional soundcloud.com subdomains:
+		- gs1.wpc.v2cdn.net	← ec-media.soundcloud.com
 
-		- help		(redirects to http, mismatched, CN: *.assistly.com)
-		- m		(redirects to http)
-		- media
-		- status	(times out)
 
+	Nonfunctional hosts in *soundcloud.com:
 
-	Problematic domains:
+		- feeds-tmp ʰ
+		- help ʰ
+		- status ᵀ
 
-		- m-a.sndcdn.com	(works, akamai)
+	ʰ Redirects to http
+	ᵀ Tumblr/refused
 
 
-	Partially covered domains:
+	Mixed content:
 
-		- backstage.soundcloud.com
+		- Images on blog from soundcloud-wpengine.netdna-ssl.com *
 
-
-	Fully covered domains:
-
-		- sndcdn.com subdomains:
-
-			- a[12]
-			- api
-			- i[1-4]
-			- w[12]
-			- wis
-
-		- soundcloud.com subdomains:
-
-			- (www.)
-			- api
-			- blog
-			- connect
-			- developers
-			- ec-media
-			- eventlogger
-			- help-assets
-			- media
-			- visuals
-			- w
+	* Secured by us
 
 -->
-<ruleset name="Soundcloud (partial)">
-
-	<target host="scbackstage.wpengine.netdna-cdn.com" />
-	<target host="soundcloud.wpengine.netdna-cdn.com" />
-	<target host="*.sndcdn.com" />
+<ruleset name="Soundcloud.com (partial)">
 	<target host="soundcloud.com" />
-	<target host="*.soundcloud.com" />
-		<exclusion pattern="^https?://(?:scbackstage\.wpengine\.netdna-cdn|backstage\.soundcloud)\.com/(?!wp-content/)" />
-
-
-	<rule from="^http://([aiw]\d|api|wis)\.sndcdn\.com/"
-		to="https://$1.sndcdn.com/" />
-
-	<rule from="^http://((?:api|backstage|blog|connect|developers|ec-media|eventlogger|help-assets|media|visuals|w|www)\.)?soundcloud\.com/"
-		to="https://$1soundcloud.com/" />
-
-	<rule from="^https?://scbackstage\.wpengine\.netdna-cdn\.com/"
-		to="https://backstage.soundcloud.com/" />
-
-	<rule from="^https?://soundcloud\.wpengine\.netdna-cdn\.com/"
-		to="https://blog.soundcloud.com/" />
-
+	<target host="www.soundcloud.com" />
+	<target host="api.soundcloud.com" />
+	<target host="api-v2.soundcloud.com" />
+	<target host="backstage.soundcloud.com" />
+	<target host="blog.soundcloud.com" />
+	<target host="connect.soundcloud.com" />
+	<target host="developers.soundcloud.com" />
+	<target host="eventlogger.soundcloud.com" />
+	<target host="feeds.soundcloud.com" />
+	<target host="help-assets.soundcloud.com" />
+	<target host="m.soundcloud.com" />
+	<target host="telemetry.soundcloud.com" />
+	<target host="visuals.soundcloud.com" />
+	<target host="w.soundcloud.com" />
+
+	<rule from="^http:"	to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Soundowl.net.xml b/src/chrome/content/rules/Soundowl.net.xml
deleted file mode 100644
index 0ea5434cde99..000000000000
--- a/src/chrome/content/rules/Soundowl.net.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	CDN buckets:
-
-		- d1mvw875i08plx.cloudfront.net
-
-			- assets.soundowl.net
-
-
-	Nonfunctional domains:
-
-		- (www.)soundowl.com	(dropped)
-
--->
-<ruleset name="Soundowl.net">
-
-	<target host="assets.soundowl.net" />
-
-
-	<rule from="^http://assets\.soundowl\.net/"
-		to="https://d1mvw875i08plx.cloudfront.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Sounds-True.xml b/src/chrome/content/rules/Sounds-True.xml
index 4ab22469a995..aca7da50fce4 100644
--- a/src/chrome/content/rules/Sounds-True.xml
+++ b/src/chrome/content/rules/Sounds-True.xml
@@ -12,7 +12,9 @@
 <ruleset name="Sounds True">
 
 	<target host="soundstrue.com"/>
-	<target host="*.soundstrue.com"/>
+	<target host="www.soundstrue.com" />
+	<target host="assets.soundstrue.com" />
+	<target host="components.soundstrue.com" />
 
 	<!--	!www: timeout	-->
 	<rule from="^http://(?:www\.)?soundstrue\.com/((?:assets/|media)\.soundstrue\.com/|catalog/|/?components/|css/|directaccess/|email/|google/ga\.js|linkshare/|pages/popup_shipping\.php|shipping/|shop/(?:login\.do|player/|st_assets/)|wakeup/|pages/popup_shipping\.php)"
diff --git a/src/chrome/content/rules/Soundslice.com.xml b/src/chrome/content/rules/Soundslice.com.xml
new file mode 100644
index 000000000000..82e8f25ce1cc
--- /dev/null
+++ b/src/chrome/content/rules/Soundslice.com.xml
@@ -0,0 +1,22 @@
+<!--
+	^soundslice.com: Mismatched
+
+-->
+<ruleset name="Soundslice.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.soundslice.com" />
+
+	<!--	Complications:
+				-->
+	<target host="soundslice.com" />
+
+
+	<rule from="^http://soundslice\.com/"
+		to="https://www.soundslice.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Soup.io.xml b/src/chrome/content/rules/Soup.io.xml
new file mode 100644
index 000000000000..1a899fd6d3a9
--- /dev/null
+++ b/src/chrome/content/rules/Soup.io.xml
@@ -0,0 +1,132 @@
+<!--
+	Other Soup rulesets:
+
+		- SoupCDN.com.xml
+
+
+	Problematic hosts in *soup.io:
+
+		- [\da-f] ᵐ
+
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- .soup.io
+		- www.soup.io
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css on www from fonts.googleapis.com ˢ
+		- Image on www from static.soup.io ˢ
+		- Bug on www from pixel.quantserve.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+-->
+
+<ruleset name="Soup.io (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="soup.io" />
+	<target host="asset-0.soup.io" />
+	<target host="asset-1.soup.io" />
+	<target host="asset-2.soup.io" />
+	<target host="asset-3.soup.io" />
+	<target host="asset-4.soup.io" />
+	<target host="asset-5.soup.io" />
+	<target host="asset-6.soup.io" />
+	<target host="asset-7.soup.io" />
+	<target host="asset-8.soup.io" />
+	<target host="asset-9.soup.io" />
+	<target host="asset-a.soup.io" />
+	<target host="asset-b.soup.io" />
+	<target host="asset-c.soup.io" />
+	<target host="asset-d.soup.io" />
+	<target host="asset-e.soup.io" />
+	<target host="asset-f.soup.io" />
+	<target host="static.soup.io" />
+	<target host="www.soup.io" />
+
+		<!--	Redirect to http:
+						-->
+		<!--exclusion pattern="^http://www\.soup\.io/(?:$|\?|signup$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.soup\.io/(?!/*(?:favicon\.ico|images/|login(?:$|[?/])))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.soup.io/about" />
+			<test url="http://www.soup.io/everyone" />
+			<test url="http://www.soup.io/frames/analytics" />
+			<test url="http://www.soup.io/privacy" />
+			<test url="http://www.soup.io/remote/toggle/frame?" />
+			<test url="http://www.soup.io/signup" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.soup.io/favicon.ico" />
+			<test url="http://www.soup.io/images/soup_small.png" />
+			<!--
+				(Mixed content):
+						-->
+			<test url="http://www.soup.io/login" />
+
+		<test url="http://static.soup.io/images/bar/drop.gif" />
+
+	<!--	Complications:
+				-->
+	<target host="0.asset.soup.io" />
+	<target host="1.asset.soup.io" />
+	<target host="2.asset.soup.io" />
+	<target host="3.asset.soup.io" />
+	<target host="4.asset.soup.io" />
+	<target host="5.asset.soup.io" />
+	<target host="6.asset.soup.io" />
+	<target host="7.asset.soup.io" />
+	<target host="8.asset.soup.io" />
+	<target host="9.asset.soup.io" />
+	<target host="a.asset.soup.io" />
+	<target host="b.asset.soup.io" />
+	<target host="c.asset.soup.io" />
+	<target host="d.asset.soup.io" />
+	<target host="e.asset.soup.io" />
+	<target host="f.asset.soup.io" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.soup\.io$" name="^(?:__qca|__utm\w+|soup_pool)$" /-->
+	<!--securecookie host="^www\.soup\.io$" name="^soup_session_id$" /-->
+
+	<securecookie host="^\." name="^__(?:qca$|utm)" />
+
+
+	<rule from="^http://(\w)\.asset\.soup\.io/"
+		to="https://asset-$1.soup.io/" />
+
+		<test url="http://0.asset.soup.io/asset/1539/2240_65c6_500.jpeg" />
+		<test url="http://1.asset.soup.io/asset/4345/4529_01da_390.jpeg" />
+		<test url="http://2.asset.soup.io/asset/3784/8642_df7d.jpeg" />
+		<test url="http://3.asset.soup.io/asset/3810/3683_f2a3_390.jpeg" />
+		<test url="http://4.asset.soup.io/asset/3061/5988_4d48.png" />
+		<test url="http://5.asset.soup.io/asset/0932/6117_09a9.jpeg" />
+		<test url="http://6.asset.soup.io/asset/0661/6294_aaef.jpeg" />
+		<test url="http://7.asset.soup.io/asset/2587/3719_3b0d_960.jpeg" />
+		<test url="http://8.asset.soup.io/asset/3170/9080_6033_480.jpeg" />
+		<test url="http://9.asset.soup.io/asset/2204/2617_36e0.jpeg" />
+		<test url="http://a.asset.soup.io/asset/3290/9786_0213_960.jpeg" />
+		<test url="http://b.asset.soup.io/asset/3743/9787_4343_390.jpeg" />
+		<test url="http://c.asset.soup.io/asset/4582/2300_3c64.jpeg" />
+		<test url="http://d.asset.soup.io/asset/3879/6365_97be.jpeg" />
+		<test url="http://e.asset.soup.io/asset/3708/2638_b88c.jpeg" />
+		<test url="http://f.asset.soup.io/asset/2516/9167_0f28.jpeg" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SoupCDN.com.xml b/src/chrome/content/rules/SoupCDN.com.xml
new file mode 100644
index 000000000000..556b849d31d0
--- /dev/null
+++ b/src/chrome/content/rules/SoupCDN.com.xml
@@ -0,0 +1,53 @@
+<!--
+	For other Soup coverage, see Soup.io.xml.
+
+	Invalid certificate:
+		- www.soupcdn.com
+
+	Insecure cookies are set for these domains:
+		- .soupcdn.com
+-->
+
+<ruleset name="SoupCDN.com">
+	<target host="asset-0.soupcdn.com" />
+	<target host="asset-1.soupcdn.com" />
+	<target host="asset-2.soupcdn.com" />
+	<target host="asset-3.soupcdn.com" />
+	<target host="asset-4.soupcdn.com" />
+	<target host="asset-5.soupcdn.com" />
+	<target host="asset-6.soupcdn.com" />
+	<target host="asset-7.soupcdn.com" />
+	<target host="asset-8.soupcdn.com" />
+	<target host="asset-9.soupcdn.com" />
+	<target host="asset-a.soupcdn.com" />
+	<target host="asset-b.soupcdn.com" />
+	<target host="asset-c.soupcdn.com" />
+	<target host="asset-d.soupcdn.com" />
+	<target host="asset-e.soupcdn.com" />
+	<target host="asset-f.soupcdn.com" />
+
+	<rule from="^http://asset-(\w)\.soupcdn\.com/"
+		to="https://asset-$1.soup.io/" />
+		<test url="http://asset-0.soupcdn.com/asset/12296/4785_0195_16-square.png" />
+		<test url="http://asset-1.soupcdn.com/asset/2595/6147_1cf9_16-square.jpeg" />
+		<test url="http://asset-2.soupcdn.com/asset/9658/5146_2b49_16-square.jpeg" />
+		<test url="http://asset-3.soupcdn.com/asset/0895/1864_3b3a_16-square.jpeg" />
+		<test url="http://asset-4.soupcdn.com/asset/7062/0194_47d5_16-square.jpeg" />
+		<test url="http://asset-6.soupcdn.com/asset/6293/5904_6b30_16-square.jpeg" />
+		<test url="http://asset-7.soupcdn.com/asset/7221/8010_7b60_24-square.jpeg" />
+		<test url="http://asset-8.soupcdn.com/asset/5535/3927_80aa_16-square.jpeg" />
+		<test url="http://asset-9.soupcdn.com/asset/2375/8450_9f52_16-square.jpeg" />
+		<test url="http://asset-a.soupcdn.com/asset/3974/0287_ad6d_16-square.gif" />
+		<test url="http://asset-b.soupcdn.com/asset/0994/3951_b0db_24-square.jpeg" />
+		<test url="http://asset-c.soupcdn.com/asset/1474/9410_c0ca_16-square.jpeg" />
+		<test url="http://asset-d.soupcdn.com/asset/0825/7644_d24b_16-square.jpeg" />
+		<test url="http://asset-e.soupcdn.com/asset/12081/8990_e6c2_16-square.jpeg" />
+		<test url="http://asset-f.soupcdn.com/asset/2301/8973_f360_16-square.jpeg" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.soupcdn\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host=".+" name=".+" />
+</ruleset>
diff --git a/src/chrome/content/rules/Source-Elements.com.xml b/src/chrome/content/rules/Source-Elements.com.xml
new file mode 100644
index 000000000000..193e6b66da75
--- /dev/null
+++ b/src/chrome/content/rules/Source-Elements.com.xml
@@ -0,0 +1,42 @@
+<ruleset name="Source-Elements.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="source-elements.com" />
+	<target host="now.source-elements.com" />
+	<target host="www.source-elements.com" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://source-elements\.com/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://source-elements\.com/+(?!css/|favicon\.ico|images/|(?:login|purchase|rentals)(?:$|[?/]))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://source-elements.com/compare/" />
+			<test url="http://source-elements.com/contact/" />
+			<test url="http://source-elements.com/iLok/" />
+			<test url="http://source-elements.com/live/" />
+			<test url="http://source-elements.com/news/" />
+			<test url="http://source-elements.com/newsletter/" />
+			<test url="http://source-elements.com/privacy/" />
+			<test url="http://source-elements.com/talk/" />
+			<test url="http://source-elements.com/trial/" />
+
+			<!--	-ve:
+					-->
+			<test url="http://source-elements.com/css/site13.css" />
+			<test url="http://source-elements.com/favicon.ico" />
+			<test url="http://source-elements.com/images/logo.png" />
+			<test url="http://source-elements.com/login" />
+			<test url="http://source-elements.com/purchase" />
+			<test url="http://source-elements.com/rentals" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SourceAFRICA.net.xml b/src/chrome/content/rules/SourceAFRICA.net.xml
new file mode 100644
index 000000000000..dae9c620ff31
--- /dev/null
+++ b/src/chrome/content/rules/SourceAFRICA.net.xml
@@ -0,0 +1,19 @@
+<!--
+	www: mismatched, CN: docs.openafrica.net
+
+
+	These altnames don't exist:
+
+		- docs.sourceafrica.net
+		- www.docs.sourceafrica.net
+
+-->
+<ruleset name="SourceAFRICA.net">
+
+	<target host="sourceafrica.net" />
+	<target host="www.sourceafrica.net" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SourceCoast.xml b/src/chrome/content/rules/SourceCoast.xml
index 7d1bb275595e..84d579729c0a 100644
--- a/src/chrome/content/rules/SourceCoast.xml
+++ b/src/chrome/content/rules/SourceCoast.xml
@@ -17,4 +17,4 @@
 	<rule from="^http://(www\.)?sourcecoast\.com/($|\?|components/|images/|jfbconnect/|media/|plugins/|templates/)"
 		to="https://$1sourcecoast.com/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SourceFed.xml b/src/chrome/content/rules/SourceFed.xml
index 8bdffa962421..27a37824959b 100644
--- a/src/chrome/content/rules/SourceFed.xml
+++ b/src/chrome/content/rules/SourceFed.xml
@@ -21,7 +21,7 @@
 	<target host="cdn.sourcefednews.com" />
 
 
-	<rule from="^https?://cdn\.sourcefednews\.com/"
+	<rule from="^http://cdn\.sourcefednews\.com/"
 		to="https://d1l31vajhvnn7o.cloudfront.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SourceForge-mismatches.xml b/src/chrome/content/rules/SourceForge-mismatches.xml
deleted file mode 100644
index 49ce06392978..000000000000
--- a/src/chrome/content/rules/SourceForge-mismatches.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	For rules that are on by default, see SourceForge.xml.
-
--->
-<ruleset name="SourceForge (mismatches)" default_off="mismatch">
-
-	<target host="*.git.sf.net"/>
-	<target host="*.git.sourceforge.net"/>
-	<target host="jobs.sourceforge.net"/>
-		<!--	Handled in the main ruleset.	-->
-		<exclusion pattern="^http://jobs\.sourceforge\.net/(build|images|include)/" />
-
-
-	<securecookie host="^jobs\.sourceforge\.net$" name=".*"/>
-
-
-	<rule from="^https?://([\w\-]+)\.git\.s(?:f|ourceforge)\.net/"
-		to="https://$1.git.sf.net/"/>
-
-	<rule from="^http://jobs\.sourceforge\.net/"
-		to="https://jobs.sourceforge.net/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/SourceForge.jp.xml b/src/chrome/content/rules/SourceForge.jp.xml
new file mode 100644
index 000000000000..b645ab76b887
--- /dev/null
+++ b/src/chrome/content/rules/SourceForge.jp.xml
@@ -0,0 +1,19 @@
+<!--
+	Related:
+		SourceForge.net.xml
+
+	Mismatched:
+		www.sourceforge.jp
+		(projectname).sourceforge.net
+		e.g. https://doublecmd.sourceforge.jp/
+-->
+
+<ruleset name="SourceForge.jp">
+	<target host="sourceforge.jp" />
+	<target host="static.sourceforge.jp" />
+
+	<target host="www.sourceforge.jp" />
+	<rule from="^http://www\.sourceforge\.jp/" to="https://sourceforge.jp/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SourceForge.net.xml b/src/chrome/content/rules/SourceForge.net.xml
new file mode 100644
index 000000000000..78b50351d284
--- /dev/null
+++ b/src/chrome/content/rules/SourceForge.net.xml
@@ -0,0 +1,50 @@
+<!--
+	Related:
+		SF.net.xml
+		SourceForge.jp.xml
+
+	Failed:
+		(projectname).sourceforge.net
+		e.g. http://doublecmd.sourceforge.net/
+
+	Mismatched:
+		*.cvs.sourceforge.net
+		*.git.sourceforge.net
+		heanet.dl.sourceforge.net
+		p.sourceforge.net
+
+	Refused:
+		*.hg.sourceforge.net
+-->
+
+<ruleset name="SourceForge.net">
+	<!--	Directly:	-->
+	<target host="sourceforge.net" />
+	<target host="www.sourceforge.net" />
+	<target host="apps.sourceforge.net" />
+	<target host="deals.sourceforge.net" />
+	<target host="downloads.sourceforge.net" />
+	<target host="goparallel.sourceforge.net" />
+	<target host="images.sourceforge.net" />
+	<target host="lists.sourceforge.net" />
+	<target host="prdownloads.sourceforge.net" />
+	<target host="sflogo.sourceforge.net" />
+
+	<!--	Complications:	-->
+	<target host="*.dl.sourceforge.net" />
+		<test url="http://netix.dl.sourceforge.net/project/kreogist-mu/Releases/0.9.9.3/Windows/mu_0.9.9.3_win64_intel_d9b5f2d.zip" />
+		<test url="http://excellmedia.dl.sourceforge.net/" />
+		<test url="http://jaist.dl.sourceforge.net/" />
+		<test url="http://netcologne.dl.sourceforge.net/" />
+		<test url="http://superb-sea2.dl.sourceforge.net/" />
+		<test url="http://svwh.dl.sourceforge.net/" />
+		<test url="http://ufpr.dl.sourceforge.net/" />
+
+	<target host="*.svn.sourceforge.net" />
+	<rule from="^http://(\w+)\.svn\.sourceforge\.net/"
+			to="https://$1.svn.sourceforge.net/" />
+		<test url="http://ancestrar.svn.sourceforge.net/svnroot/ancestrar" />
+		<test url="http://scummvm.svn.sourceforge.net/svnroot/scummvm/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SourceForge.xml b/src/chrome/content/rules/SourceForge.xml
deleted file mode 100644
index 197805caec7f..000000000000
--- a/src/chrome/content/rules/SourceForge.xml
+++ /dev/null
@@ -1,102 +0,0 @@
-<!--
-	For problematic rules, see SourceForge-mismatches.xml.
-
-
-	Note that SourceForge supports blanket https
-	use, but only for members who are logged in.
-
-
-	Nonfunctional domains:
-
-		- \w+.cvs.sf.net		(reset)
-		- p.sf.net			(reset)
-		- \w+.cvs.sourceforge.net	(reset)
-		- heanet.dl.sourceforge.net
-		- netcologne.dl.sourceforge.net
-		- switch.dl.sourceforge.net
-		- *.hg.sourceforge.net		(unique subdomains for each project)
-		- html5center.sourceforge.net	(refused)
-		- p.sourceforge.net		(cert: *.sf.net; reset)
-		- users.sourceforge.net **
-		- \w+.users.sourceforge.net
-
-	** Refused
-
-
-	Fully covered domains:
-
-		- sourceforge.net subdomains:
-
-			- goparallel
-			- ibmsmarteritservices
-
-
-	Mixed content:
-
-		- Images on \w+.git.sf.net from a.fsdn.com *
-
-	* Secured by us
-
--->
-<ruleset name="SourceForge (partial)">
-
-	<target host="sf.net" />
-	<target host="*.sf.net" />
-	<target host="*.svn.sf.net" />
-	<target host="sourceforge.jp" />
-		<!--
-			Different.
-					-->
-		<exclusion pattern="^http://downloads\.sourceforge\.j" />
-	<target host="sourceforge.net" />
-	<target host="*.sourceforge.net" />
-	<target host="*.svn.sourceforge.net" />
-		<!--
-			Redirects to http.
-
-		<exclusion pattern="^http://\w+\.svn\.s(?:f|ourceforge)\.net/viewvc/" /-->
-	<target host="*.sourceforge.jp" />
-
-
-	<securecookie host="^downloads\.sourceforge\.net$" name=".+" />
-
-        <rule from="^http://(www\.)?sourceforge\.jp/"
-                to="https://sourceforge.jp/" />
-
-        <rule from="^http://static\.sourceforge\.jp/"
-                to="https://static.sourceforge.jp/" />
-
-	<rule from="^http://(www\.)?s(?:f|ourceforge)\.net/(account|image)s/"
-		to="https://$1sourceforge.net/$2s/" />
-
-	<!--	Redirects to http first.
-						-->
-	<rule from="^http://(www\.)?sourceforge\.net/$"
-		to="https://$1sourceforge.net/account/login.php?return_to=%2Faccount%2F" />
-
-	<rule from="^http://(www\.)?sourceforge\.net/account/?"
-		to="https://$1sourceforge.net/account/" />
-
-	<rule from="^http://(www\.)?s(?:f|ourceforge)\.net/(blog|sflogo\.php)($|[\?/])"
-		to="https://$1sourceforge.net/$2$3" />
-
-	<!--	This should be above the next rule, so as to avoid double rewrites.
-											-->
-	<rule from="^http://downloads\.s(?:f|ourceforge)\.net/project/([^\?]+)\?r=http%3A%2F%2Fs"
-		to="https://downloads.sourceforge.net/project/$1?r=https%3A%2F%2Fs" />
-
-	<rule from="^http://(apps|downloads|goparallel|ibmsmarteritservices|images|lists|prdownloads|sflogo|static)\.s(?:f|ourceforge)\.net/"
-		to="https://$1.sourceforge.net/" />
-
-	<!--	jobs.sourceforge.net is equivalent to slashdot.personforce.com,
-		but cert doesn't match that domain either.
-					-->
-	<rule from="^http://jobs\.sourceforge\.net/(build|images|include)/"
-		to="https://secure.personforce.com/$1/" />
-
-	<!--	Cert only matches *.svn.sourceforge.net
-							-->
-	<rule from="^http://([\w-]+)\.svn\.s(?:f|ourceforge)\.net/svnroot/"
-		to="https://$1.svn.sourceforge.net/svnroot/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/SourceFoundry.org.xml b/src/chrome/content/rules/SourceFoundry.org.xml
new file mode 100644
index 000000000000..9df81e03d190
--- /dev/null
+++ b/src/chrome/content/rules/SourceFoundry.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="Source Foundry.org">
+	<target host="sourcefoundry.org" />
+	<target host="www.sourcefoundry.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SourceMaking.xml b/src/chrome/content/rules/SourceMaking.xml
index 7af73eb9f5bd..b31c70866b5e 100644
--- a/src/chrome/content/rules/SourceMaking.xml
+++ b/src/chrome/content/rules/SourceMaking.xml
@@ -1,17 +1,13 @@
-<!--
-	Expired 2012-06-26
-
--->
-<ruleset name="SourceMaking" default_off="expired">
+<ruleset name="SourceMaking">
 
 	<target host="sourcemaking.com" />
-	<target host="*.sourcemaking.com" />
+	<target host="www.sourcemaking.com" />
 
 
 	<securecookie host="^\.sourcemaking\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?sourcemaking\.com/"
-		to="https://sourcemaking.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SourcePoint.xml b/src/chrome/content/rules/SourcePoint.xml
new file mode 100644
index 000000000000..5720ff80dbee
--- /dev/null
+++ b/src/chrome/content/rules/SourcePoint.xml
@@ -0,0 +1,34 @@
+<!--
+	Cert mismatch:
+		- elb.app.sourcepoint.com
+		- rid-assets.sourcepoint.com
+
+	Connection refused:
+		- mml.sourcepoint.com
+
+	Timeout:
+		 research.sourcepoint.com
+-->
+<ruleset name="SourcePoint">
+	<target host="sourcepoint.com"/>
+	<target host="www.sourcepoint.com"/>
+
+	<target host="analytics-canary.sourcepoint.com"/>
+	<target host="analytics.sourcepoint.com"/>
+	<target host="api.sourcepoint.com"/>
+	<target host="app.sourcepoint.com"/>
+	<target host="consent.sourcepoint.com"/>
+	<target host="help.sourcepoint.com"/>
+	<target host="mms.sourcepoint.com"/>
+	<target host="www-test.sourcepoint.com"/>
+
+	<target host="www.summerhamster.com"/>
+
+	<target host="www.decenthat.com"/>
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SourceRuns.org.xml b/src/chrome/content/rules/SourceRuns.org.xml
new file mode 100644
index 000000000000..9a88304e1a1a
--- /dev/null
+++ b/src/chrome/content/rules/SourceRuns.org.xml
@@ -0,0 +1,25 @@
+<!--
+	Refused:
+		- web
+
+	Incomplete certificate chain:
+		- web3
+
+	HTTP 503:
+		- traf.web3
+		- wjs
+-->
+<ruleset name="SourceRuns.org">
+	<target host="sourceruns.org" />
+	<target host="www.sourceruns.org" />
+	<target host="cf-cdn.sourceruns.org" />
+	<target host="dl.sourceruns.org" />
+	<target host="forums.sourceruns.org" />
+	<target host="media.sourceruns.org" />
+	<target host="p.sourceruns.org" />
+	<target host="play.sourceruns.org" />
+	<target host="wiki.sourceruns.org" />
+	<target host="wiki-login.sourceruns.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SourceTree_app.com.xml b/src/chrome/content/rules/SourceTree_app.com.xml
new file mode 100644
index 000000000000..e5c38ae66370
--- /dev/null
+++ b/src/chrome/content/rules/SourceTree_app.com.xml
@@ -0,0 +1,17 @@
+<!--
+	For other Atlassian coverage, see Atlassian.xml.
+
+-->
+<ruleset name="SourceTree app.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="sourcetreeapp.com" />
+	<target host="blog.sourcetreeapp.com" />
+	<target host="www.sourcetreeapp.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Source_Conference.com.xml b/src/chrome/content/rules/Source_Conference.com.xml
new file mode 100644
index 000000000000..54696e48df9e
--- /dev/null
+++ b/src/chrome/content/rules/Source_Conference.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="Source Conference.com">
+
+	<target host="sourceconference.com" />
+	<target host="www.sourceconference.com" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Sourced.fm.xml b/src/chrome/content/rules/Sourced.fm.xml
deleted file mode 100644
index 4e99e4d771bb..000000000000
--- a/src/chrome/content/rules/Sourced.fm.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="sourced.fm">
-
-	<target host="sourced.fm" />
-	<target host="*.sourced.fm" />
-
-
-	<securecookie host="^\.sourced\.fm$" name=".+" />
-
-
-	<rule from="^http://(www\.)?sourced\.fm/"
-		to="https://$1sourced.fm/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Sourcefabric.com.xml b/src/chrome/content/rules/Sourcefabric.com.xml
new file mode 100644
index 000000000000..8a94d83812ae
--- /dev/null
+++ b/src/chrome/content/rules/Sourcefabric.com.xml
@@ -0,0 +1,46 @@
+<!--
+	For other Sourcefabric coverage, see Sourcefabric.org.xml.
+
+
+	(www.)?sourcefabric.com: Mismatched
+
+-->
+<ruleset name="Sourcefabric.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="account.sourcefabric.com" />
+
+	<!--	Complications:
+				-->
+	<target host="sourcefabric.com" />
+	<target host="www.sourcefabric.com" />
+
+
+	<securecookie host="^account\.sourcefabric\.com$" name=".+" />
+
+
+	<!--	Redirect drops path...:
+					-->
+	<rule from="^http://(?:www\.)?sourcefabric\.com/[^?]*\??$"
+		to="https://www.sourcefabric.org/" />
+
+		<test url="http://sourcefabric.com/en/airtimeproAirtime" />
+		<test url="http://www.sourcefabric.com/en/airtimeproAirtime" />
+		<test url="http://sourcefabric.com/en/newscooppro/" />
+		<test url="http://www.sourcefabric.com/en/newscooppro/" />
+
+	<!--	...but not args:
+				-->
+	<rule from="^http://(?:www\.)?sourcefabric\.com/[^?]*"
+		to="https://www.sourcefabric.org/" />
+
+		<test url="http://sourcefabric.com/en/airtimeproAirtime?foo" />
+		<test url="http://www.sourcefabric.com/en/airtimeproAirtime?foo" />
+		<test url="http://sourcefabric.com/en/newscooppro/?foo" />
+		<test url="http://www.sourcefabric.com/en/newscooppro/?foo" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Sourcefabric.org.xml b/src/chrome/content/rules/Sourcefabric.org.xml
new file mode 100644
index 000000000000..1e081bf1e0e6
--- /dev/null
+++ b/src/chrome/content/rules/Sourcefabric.org.xml
@@ -0,0 +1,67 @@
+<!--
+	Other Sourcefabric rulesets:
+
+		- Airtime.pro.xml
+		- Booktype.pro.xml
+		- Sourcefabric.com.xml
+		- Superdesk.pro.xml
+
+
+	Problematic hosts in *sourcefabric.org:
+
+		- help *
+
+	* Zendesk
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- airtime-demo.sourcefabric.org
+		- blog.sourcefabric.org
+		- wiki.sourcefabric.org
+		- www.sourcefabric.org
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Image on www from i.creativecommons.org *
+
+	* Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Sourcefabric.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="sourcefabric.org" />
+	<target host="airtime-demo.sourcefabric.org" />
+	<target host="blog.sourcefabric.org" />
+	<target host="dev.sourcefabric.org" />
+	<target host="forum.sourcefabric.org" />
+	<target host="login.sourcefabric.org" />
+	<target host="stash.sourcefabric.org" />
+	<target host="wiki.sourcefabric.org" />
+	<target host="www.sourcefabric.org" />
+
+	<!--	Complications:
+				-->
+	<target host="help.sourcefabric.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:airtime-demo|blog|www)\.sourcefabric\.org$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^wiki\.sourcefabric\.org$" name="^JSESSIONID$" /-->
+
+	<securecookie host="^(?:dev|login|wiki|www)\.sourcefabric\.org$" name=".+" />
+
+
+	<rule from="^http://help\.sourcefabric\.org/"
+		to="https://sourcefabricberlin.zendesk.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Sourcefire.com.xml b/src/chrome/content/rules/Sourcefire.com.xml
new file mode 100644
index 000000000000..dbd2613360a2
--- /dev/null
+++ b/src/chrome/content/rules/Sourcefire.com.xml
@@ -0,0 +1,47 @@
+<!--
+	For other Cisco coverage, see Cisco.xml.
+
+
+	^sourcefire.com: Dropped
+	www.sourcefire.com: Refused
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- info.sourcefire.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Sourcefire.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="info.sourcefire.com" />
+
+	<!--	Complications:
+				-->
+	<target host="sourcefire.com" />
+	<target host="www.sourcefire.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^info\.sourcefire\.com$" name="^BIGipServer[\w-]+$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<!--	Redirect keeps args, but not
+		path nor forward slash:
+					-->
+	<rule from="^http://(?:www\.)?sourcefire\.com/[^?]*"
+		to="https://www.cisco.com/c/en/us/products/security/index.html" />
+
+		<test url="http://sourcefire.com//" />
+		<test url="http://www.sourcefire.com/?" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Sourcegraph.com.xml b/src/chrome/content/rules/Sourcegraph.com.xml
new file mode 100644
index 000000000000..a10231bfdb30
--- /dev/null
+++ b/src/chrome/content/rules/Sourcegraph.com.xml
@@ -0,0 +1,23 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- sourcegraph.com
+
+-->
+<ruleset name="Sourcegraph.com">
+
+	<target host="sourcegraph.com" />
+	<target host="www.sourcegraph.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^sourcegraph\.com$" name="^session$" /-->
+
+	<securecookie host="^sourcegraph\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Sourceware.org.xml b/src/chrome/content/rules/Sourceware.org.xml
index dd82199e19f5..69cc4c71301d 100644
--- a/src/chrome/content/rules/Sourceware.org.xml
+++ b/src/chrome/content/rules/Sourceware.org.xml
@@ -10,7 +10,7 @@
 	<target host="www.sourceware.org" />
 
 
-	<rule from="^http://(www\.)?sourceware\.org/"
-		to="https://$1sourceware.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/South-by-Southwest.xml b/src/chrome/content/rules/South-by-Southwest.xml
index 5729b9dd2000..eaa6cbeed980 100644
--- a/src/chrome/content/rules/South-by-Southwest.xml
+++ b/src/chrome/content/rules/South-by-Southwest.xml
@@ -9,10 +9,9 @@
 	<target host="cart.sxsw.com" />
 
 
-	<securecookie host="^cart\.sxsw\.com$" name=".*" />
+	<securecookie host="^cart\.sxsw\.com$" name=".+" />
 
 
-	<rule from="^http://cart\.sxsw\.com/"
-		to="https://cart.sxsw.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/South_China_Morning_Post.xml b/src/chrome/content/rules/South_China_Morning_Post.xml
index 1a49b1a3709b..5e499b14fa63 100644
--- a/src/chrome/content/rules/South_China_Morning_Post.xml
+++ b/src/chrome/content/rules/South_China_Morning_Post.xml
@@ -1,19 +1,13 @@
 <!--
-	Problematic subdomains:
-
-		- ^	(cert only matches *.scmp.com)
-
-
-	Some pages redirect to http
-
+	Redirect to http:
+		^scmp.com
+		www.scmp.com
 -->
 <ruleset name="South China Morning Post (partial)">
+	<target host="cdn1.i-scmp.com" />
+	<target host="cdn2.i-scmp.com" />
+	<target host="cdn3.i-scmp.com" />
+	<target host="cdn4.i-scmp.com" />
 
-	<target host="scmp.com" />
-	<target host="www.scmp.com" />
-
-
-	<rule from="^http://(?:www\.)?scmp\.com/(esi/messages\.php|misc/|modules/|sites/)"
-		to="https://www.scmp.com/$1" />
-
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/South_Devon.ac.uk.xml b/src/chrome/content/rules/South_Devon.ac.uk.xml
new file mode 100644
index 000000000000..7e3591ae47c6
--- /dev/null
+++ b/src/chrome/content/rules/South_Devon.ac.uk.xml
@@ -0,0 +1,39 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://mobile.southdevon.ac.uk/ => https://mobile.southdevon.ac.uk/: (6, 'Could not resolve host: mobile.southdevon.ac.uk')
+
+	South Devon College
+
+
+	Nonfunctional hosts in *southdevon.ac.uk:
+
+		- (www.)? *
+		- iwanttobe *
+
+	* Refused
+
+
+	Problematic hosts in *southdevon.ac.uk:
+
+		- staff *
+
+	* Expired
+
+-->
+<ruleset name="South Devon.ac.uk (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="leap.southdevon.ac.uk" />
+	<target host="shib.southdevon.ac.uk" />
+	<target host="mobile.southdevon.ac.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/South_Glos.gov.uk.xml b/src/chrome/content/rules/South_Glos.gov.uk.xml
new file mode 100644
index 000000000000..e24b9a91f1cb
--- /dev/null
+++ b/src/chrome/content/rules/South_Glos.gov.uk.xml
@@ -0,0 +1,98 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://beta.southglos.gov.uk/ => https://beta.southglos.gov.uk/: Too many redirects while fetching 'https://beta.southglos.gov.uk/'
+Fetch error: http://edocs.southglos.gov.uk/ => https://edocs.southglos.gov.uk/: Too many redirects while fetching 'https://edocs.southglos.gov.uk/'
+Fetch error: http://www.southglos.gov.uk/ => https://www.southglos.gov.uk/: Too many redirects while fetching 'https://www.southglos.gov.uk/'
+
+	South Gloucestershire Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *southglos.gov.uk:
+
+		- communities ᵖ
+		- council ³
+		- developments ³
+		- essential ³
+		- hosted ᵖ
+		- xapp ³
+
+	³ 503
+	ᵖ Plaintext reply
+
+
+	Partially covered hosts in *southglos.gov.uk:
+
+		- jobs ʰ
+
+	ʰ Some pages redirect to http
+
+
+	These altnames don't exist:
+
+		- southglos.gov.uk
+		- www.learning.southglos.gov.uk
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .beta.southglos.gov.uk
+		- ems.southglos.gov.uk
+		- homechoice.southglos.gov.uk
+		- .sites.southglos.gov.uk
+		- .www.southglos.gov.uk
+
+-->
+<ruleset name="South Glos.gov.uk (partial)" default_off="failed ruleset test">
+
+	<target host="beta.southglos.gov.uk" />
+	<target host="consultations.southglos.gov.uk" />
+	<target host="edocs.southglos.gov.uk" />
+	<target host="ems.southglos.gov.uk" />
+	<target host="homechoice.southglos.gov.uk" />
+	<target host="jobs.southglos.gov.uk" />
+	<target host="learning.southglos.gov.uk" />
+	<target host="petitions.southglos.gov.uk" />
+	<target host="sites.southglos.gov.uk" />
+	<target host="www.southglos.gov.uk" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="http://jobs\.southglos\.gov\.uk//Index\.aspx" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="http://jobs\.southglos\.gov\.uk/+(?![Ii]mages/|favicon\.ico|install/|login\.aspx)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://jobs.southglos.gov.uk//Index.aspx" />
+			<test url="http://jobs.southglos.gov.uk/JobDetails.aspx/5380/Commissioning_Manager" />
+			<test url="http://jobs.southglos.gov.uk/JobDetails.aspx/5508/Team_Leader___Business_System_Administrator" />
+			<test url="http://jobs.southglos.gov.uk/jobs.aspx" />
+			<test url="http://jobs.southglos.gov.uk/page.aspx/6/general" />
+
+			<!--	-ve:
+					-->
+			<test url="http://jobs.southglos.gov.uk/favicon.ico" />
+			<test url="http://jobs.southglos.gov.uk/images/arrow.png" />
+			<test url="http://jobs.southglos.gov.uk/install/style/design.css" />
+			<test url="http://jobs.southglos.gov.uk/login.aspx" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.(?:beta|sites|www)\.southglos\.gov\.uk$" name="^ARRAffinity$" /-->
+	<!--securecookie host="^ems\.southglos\.gov\.uk$" name="^NSC_" /-->
+	<!--securecookie host="^homechoice\.southglos\.gov\.uk$" name="^(?:__RequestVerificationToken|ASP\.NET_SessionId)$" /-->
+
+	<securecookie host="^\." name="^ARRAffinity$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/South_Lanarkshire.gov.uk.xml b/src/chrome/content/rules/South_Lanarkshire.gov.uk.xml
new file mode 100644
index 000000000000..3eaedc1a18f4
--- /dev/null
+++ b/src/chrome/content/rules/South_Lanarkshire.gov.uk.xml
@@ -0,0 +1,62 @@
+<!--
+	South Lanarkshire Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *southlanarkshire.gov.uk:
+
+		- ecas ᵃ
+		- lvfmaps ʳ
+
+	ᵃ Shows another domain
+	ʳ Refused
+
+
+	Problematic hosts in *southlanarkshire.gov.uk:
+
+		- m ᵐ
+
+	ᵐ Mismatched
+
+
+	^southlanarkshire.gov.uk doesn't exist.
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- beta.southlanarkshire.gov.uk
+		- licensingregisters.southlanarkshire.gov.uk
+		- www.southlanarkshire.gov.uk
+		- .www.southlanarkshire.gov.uk
+
+
+	Mixed content:
+
+		- css on www from $self * ˢ
+		- Images on www from $self ˢ
+
+	* Only affects printing
+	ˢ Secured by us
+
+-->
+<ruleset name="South Lanarkshire.gov.uk (partial)">
+
+	<target host="beta.southlanarkshire.gov.uk" />
+	<target host="licensingregisters.southlanarkshire.gov.uk" />
+	<target host="www.southlanarkshire.gov.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^licensingregisters\.southlanarkshire\.gov\.uk$" name="^(?:ASP\.NET_SessionId|Glamis)$" /-->
+	<!--securecookie host="^(?:beta|www)\.southlanarkshire\.gov\.uk$" name="^\w{16}$" /-->
+	<!--securecookie host="^\.www\.southlanarkshire\.gov\.uk$" name="^TestCookie$" /-->
+
+	<securecookie host="^(?!\.southlanarkshire\.gov\.uk$)." name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Southampton.gov.uk.xml b/src/chrome/content/rules/Southampton.gov.uk.xml
new file mode 100644
index 000000000000..f68369811d83
--- /dev/null
+++ b/src/chrome/content/rules/Southampton.gov.uk.xml
@@ -0,0 +1,63 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://library.southampton.gov.uk/ => https://library.southampton.gov.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'library.southampton.gov.uk'")
+Fetch error: http://secure.southampton.gov.uk/ => https://secure.southampton.gov.uk/: (7, 'Failed to connect to secure.southampton.gov.uk port 443: Connection refused')
+
+	Southampton City Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *southampton.gov.uk:
+
+		- www.publichealth ᵈ
+		- sid ᵃ
+
+	ᵃ Shows another domain
+	ᵈ Dropped
+
+
+	Problematic hosts in *southampton.gov.uk:
+
+		- notices ᵐ
+
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- bacas.southampton.gov.uk
+		- mylearning.southampton.gov.uk
+		- tenants.southampton.gov.uk
+		- www.southampton.gov.uk
+
+-->
+<ruleset name="Southampton.gov.uk (partial)" default_off="failed ruleset test">
+
+	<target host="southampton.gov.uk" />
+	<target host="bacas.southampton.gov.uk" />
+	<target host="conditionsurveys.southampton.gov.uk" />
+	<target host="ems.southampton.gov.uk" />
+	<target host="library.southampton.gov.uk" />
+	<target host="my.southampton.gov.uk" />
+	<target host="mylearning.southampton.gov.uk" />
+	<target host="planningpublicaccess.southampton.gov.uk" />
+	<target host="secure.southampton.gov.uk" />
+	<target host="tenants.southampton.gov.uk" />
+	<target host="www.southampton.gov.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:bacas|www)\.southampton\.gov\.uk$" name="^lb\w\w_SCCWEB$" /-->
+	<!--securecookie host="^mylearning\.southampton\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^tenants\.southampton\.gov\.uk$" name="^SSRV_AUTHENTICATION$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Southbank_Centre.co.uk.xml b/src/chrome/content/rules/Southbank_Centre.co.uk.xml
new file mode 100644
index 000000000000..ecea15ed72e0
--- /dev/null
+++ b/src/chrome/content/rules/Southbank_Centre.co.uk.xml
@@ -0,0 +1,164 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://shopcms.southbankcentre.co.uk/ => https://shopcms.southbankcentre.co.uk/: (6, 'Could not resolve host: shopcms.southbankcentre.co.uk')
+
+	^southbankcentre.co.uk: Mismatched
+
+
+	Partially covered subdomains:
+
+		- (www.) ¹
+		- ticketing ²
+
+	¹ Some pages redirect to http
+	² At least $ redirects to www
+
+
+	Insecure cookies are set for these domains:
+
+		- .shop.southbankcentre.co.uk
+		- .shopcms.southbankcentre.co.uk
+
+
+	Mixed content:
+
+		- Images on shop, shopcms, and www from www *
+
+	* Secured by us
+
+-->
+<ruleset name="Southbank Centre.co.uk (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="shop.southbankcentre.co.uk" />
+	<target host="shopcms.southbankcentre.co.uk" />
+	<target host="ticketing.southbankcentre.co.uk" />
+	<target host="www.southbankcentre.co.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="southbankcentre.co.uk" />
+
+		<!--	Redirect to http:
+						-->
+		<!--exclusion pattern="^http://shop\.southbankcentre\.co\.uk/+$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://shop\.southbankcentre\.co\.uk/+(?!favicon\.ico|images/|includes/|user/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://shop.southbankcentre.co.uk/ham.html" />
+			<test url="http://shop.southbankcentre.co.uk/jewellery.html" />
+			<test url="http://shop.southbankcentre.co.uk/rudesouthbank.html" />
+			<test url="http://shop.southbankcentre.co.uk/sitemap.html" />
+			<test url="http://shop.southbankcentre.co.uk/southbankcentreshops.html" />
+
+			<!--	-ve:
+					-->
+			<test url="http://shop.southbankcentre.co.uk/favicon.ico" />
+			<test url="http://shop.southbankcentre.co.uk/images/spacer.gif" />
+
+		<!--	Redirect to http:
+						-->
+		<!--exclusion pattern="^http://ticketing\.southbankcentre\.co\.uk/+($|\?|(support-us|support-us/all-ways-to-support-us)($|\?))" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://ticketing\.southbankcentre\.co\.uk/+(?!favicon\.ico|sites/|(?:support-us/trusts-foundations|visitor-info/directions-and-opening-times)/*(?:$|\?))" />
+
+			<test url="http://ticketing.southbankcentre.co.uk//" />
+			<test url="http://ticketing.southbankcentre.co.uk/?" />
+			<test url="http://ticketing.southbankcentre.co.uk/?f" />
+			<test url="http://ticketing.southbankcentre.co.uk/?o" />
+			<test url="http://ticketing.southbankcentre.co.uk/support-us" />
+			<test url="http://ticketing.southbankcentre.co.uk/support-us/all-ways-to-support-us" />
+			<test url="http://ticketing.southbankcentre.co.uk/support-us/all-ways-to-support-us?" />
+			<test url="http://ticketing.southbankcentre.co.uk/support-us?" />
+
+		<!-- 	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.southbankcentre\.co\.uk/+(royal-festival-hall/access|supporters-circles|support-us|support-us/all-ways-to-support-us|visitor-info|visitor-info/faqs|visitor-info/how-to-book/access-list)/*($|\?)" /-->
+		<!--
+			Exceptions
+					-->
+		<!--exclusion pattern="^http://www\.southbankcentre\.co\.uk/+(?!$|\?|(about-us|shop-eat-drink|support-us/membership|venues/royal-festival-hall|visitor-info/access|visitor-info/directions-and-opening-times|whatson)($|[?/])|favicon\.ico|sites/)" /-->
+		<!--
+			Handled specially:
+						-->
+		<!--exclusion pattern="^http://www\.southbankcentre\.co\.uk/+(?!(buy-membership|find)/*($|\?))" /-->
+		<!--
+			In sum:
+				-->
+		<exclusion pattern="^http://www\.southbankcentre\.co\.uk/+(?!$|\?|(?:about-us|shop-eat-drink|support-us/membership|venues/royal-festival-hall|visitor-info/access|visitor-info/directions-and-opening-times|whatson)(?:$|[?/])|(?:buy-membership|find)/*(?:$|\?)|favicon\.ico|sites/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.southbankcentre.co.uk/royal-festival-hall/access" />
+			<test url="http://www.southbankcentre.co.uk/royal-festival-hall/access/" />
+			<test url="http://www.southbankcentre.co.uk/royal-festival-hall/access?" />
+			<test url="http://www.southbankcentre.co.uk/support-us" />
+			<test url="http://www.southbankcentre.co.uk/support-us/" />
+			<test url="http://www.southbankcentre.co.uk/support-us/all-ways-to-support-us" />
+			<test url="http://www.southbankcentre.co.uk/support-us/all-ways-to-support-us/" />
+			<test url="http://www.southbankcentre.co.uk/support-us/all-ways-to-support-us?" />
+			<test url="http://www.southbankcentre.co.uk/support-us?" />
+			<test url="http://www.southbankcentre.co.uk/supporters-circles" />
+			<test url="http://www.southbankcentre.co.uk/supporters-circles/" />
+			<test url="http://www.southbankcentre.co.uk/supporters-circles?" />
+			<test url="http://www.southbankcentre.co.uk/visitor-info" />
+			<test url="http://www.southbankcentre.co.uk/visitor-info/" />
+			<test url="http://www.southbankcentre.co.uk/visitor-info/faqs" />
+			<test url="http://www.southbankcentre.co.uk/visitor-info/faqs/" />
+			<test url="http://www.southbankcentre.co.uk/visitor-info/faqs?" />
+			<test url="http://www.southbankcentre.co.uk/visitor-info/how-to-book/access-list" />
+			<test url="http://www.southbankcentre.co.uk/visitor-info/how-to-book/access-list/" />
+			<test url="http://www.southbankcentre.co.uk/visitor-info/how-to-book/access-list?" />
+			<test url="http://www.southbankcentre.co.uk/visitor-info?" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.southbankcentre.co.uk/about-us" />
+			<test url="http://www.southbankcentre.co.uk/favicon.ico" />
+			<test url="http://www.southbankcentre.co.uk/support-us/membership" />
+
+
+	<!--	Not secured by server:
+					-->
+	<securecookie host="^\.shop(?:cms)?\.southbankcentre\.co\.uk$" name=".+" />
+
+
+	<rule from="^http://southbankcentre\.co\.uk/"
+		to="https://www.southbankcentre.co.uk/" />
+
+	<!--	Redirects to http first, preserves args:
+								-->
+	<rule from="^http://www\.southbankcentre\.co\.uk/+buy-membership/*(?=$|\?)"
+		to="https://www.southbankcentre.co.uk/support-us/membership" />
+
+		<test url="http://www.southbankcentre.co.uk/buy-membership" />
+		<test url="http://www.southbankcentre.co.uk/buy-membership/" />
+		<test url="http://www.southbankcentre.co.uk/buy-membership?" />
+		<test url="http://www.southbankcentre.co.uk/buy-membership?f" />
+		<test url="http://www.southbankcentre.co.uk/buy-membership?o" />
+		<test url="http://www.southbankcentre.co.uk/buy-membership?b" />
+
+	<!--	Redirects to http first, drops args:
+							-->
+	<rule from="^http://www\.southbankcentre\.co\.uk/+find/*(?:$|\?.*)"
+		to="https://www.southbankcentre.co.uk/whatson" />
+
+		<test url="http://www.southbankcentre.co.uk/find" />
+		<test url="http://www.southbankcentre.co.uk/find/" />
+		<test url="http://www.southbankcentre.co.uk/find?" />
+		<test url="http://www.southbankcentre.co.uk/find?f" />
+		<test url="http://www.southbankcentre.co.uk/find?o" />
+		<test url="http://www.southbankcentre.co.uk/find?b" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Southend.gov.uk.xml b/src/chrome/content/rules/Southend.gov.uk.xml
new file mode 100644
index 000000000000..4ee676bf8fb6
--- /dev/null
+++ b/src/chrome/content/rules/Southend.gov.uk.xml
@@ -0,0 +1,30 @@
+<!--
+	Southend on Sea Borough Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+	Non-functional hosts
+		Timeout was reached:
+		- minutes.southend.gov.uk
+		- my.southend.gov.uk
+
+		SSL connect error:
+		- apps.southend.gov.uk
+		- submit.southend.gov.uk
+
+		SSL peer certificate was not OK:
+		- democracy.southend.gov.uk
+-->
+<ruleset name="Southend.gov.uk">
+	<target host="southend.gov.uk" />
+	<target host="www.southend.gov.uk" />
+	<target host="consult.southend.gov.uk" />
+	<target host="myaccount.southend.gov.uk" />
+	<target host="one.southend.gov.uk" />
+	<target host="procurement.southend.gov.uk" />
+	<target host="securemail.southend.gov.uk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SouthernElectric.xml b/src/chrome/content/rules/SouthernElectric.xml
index a3f059c78457..cc6218000a8f 100644
--- a/src/chrome/content/rules/SouthernElectric.xml
+++ b/src/chrome/content/rules/SouthernElectric.xml
@@ -1,6 +1,10 @@
+<!--
+	^: Reset
+
+-->
 <ruleset name="SouthernElectric" platform="mixedcontent">
   <target host="southern-electric.co.uk" />
   <target host="www.southern-electric.co.uk" />
 
-  <rule from="^http://(?:www\.)?southern-electric\.co\.uk/" to="https://www.southern-electric.co.uk/"/>
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Southern_CT.edu.xml b/src/chrome/content/rules/Southern_CT.edu.xml
new file mode 100644
index 000000000000..462653e63eda
--- /dev/null
+++ b/src/chrome/content/rules/Southern_CT.edu.xml
@@ -0,0 +1,41 @@
+<!--
+	Southern Connecticut State University
+
+
+	Nonfunctional hosts in *southernct.edu:
+
+		- ares2 ¹
+		- calendar ²
+
+	¹ Shows another domain
+	² Refused
+
+
+	These altnames don't exist:
+
+		- apps.southernct.edu
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- (www.)? from www.mathbuntu.org ¹
+			- (www.)? from ares2.southernct.edu ²
+
+	¹ Ruleset disabled by default <= expired
+	² Unsecurable <= 404
+
+-->
+<ruleset name="Southern CT.edu (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="southernct.edu" />
+	<target host="www.southernct.edu" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Southpark.de.xml b/src/chrome/content/rules/Southpark.de.xml
new file mode 100644
index 000000000000..397a3901a188
--- /dev/null
+++ b/src/chrome/content/rules/Southpark.de.xml
@@ -0,0 +1,20 @@
+<!--
+	Nonfunctional hosts in *.southpark.de:
+		- southpark.de (t)
+		- forums.southpark.de (c)
+		- wiki.southpark.de (c)
+
+	c: mixed content issues
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Southpark.de">
+	<target host="southpark.de" />
+	<target host="www.southpark.de" />
+
+	<rule from="^http://southpark\.de/" to="https://www.southpark.de/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Southwark.gov.uk.xml b/src/chrome/content/rules/Southwark.gov.uk.xml
new file mode 100644
index 000000000000..6c164116a270
--- /dev/null
+++ b/src/chrome/content/rules/Southwark.gov.uk.xml
@@ -0,0 +1,74 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://southwark.gov.uk/ => https://southwark.gov.uk/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://forms.southwark.gov.uk/ => https://forms.southwark.gov.uk/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://forums.southwark.gov.uk/ => https://forums.southwark.gov.uk/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://m.southwark.gov.uk/ => https://m.southwark.gov.uk/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://my.southwark.gov.uk/ => https://my.southwark.gov.uk/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://pensions.southwark.gov.uk/ => https://pensions.southwark.gov.uk/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://safeguarding.southwark.gov.uk/ => https://safeguarding.southwark.gov.uk/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.southwark.gov.uk/ => https://www.southwark.gov.uk/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	London Borough of Southwark Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *southwark.gov.uk:
+
+		- cypdirectory ᶠ
+		- localoffer ᵈ
+		- maps ʳ
+		- moderngov ᶠ
+		- planbuild ᵇ
+		- wasteservices ᵇ
+
+	ᵇ Shows default page
+	ᵈ Dropped
+	ᶠ Handshake fails
+	ʳ Refused
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- southwark.gov.uk
+		- .southwark.gov.uk
+		- forums.southwark.gov.uk
+		- my.southwark.gov.uk
+		- pensions.southwark.gov.uk
+		- www.southwark.gov.uk
+
+-->
+<ruleset name="Southwark.gov.uk (partial)" default_off="failed ruleset test">
+
+	<target host="southwark.gov.uk" />
+	<target host="consultations.southwark.gov.uk" />
+	<target host="www.consultations.southwark.gov.uk" />
+	<target host="forms.southwark.gov.uk" />
+	<target host="forums.southwark.gov.uk" />
+	<target host="m.southwark.gov.uk" />
+	<target host="my.southwark.gov.uk" />
+	<target host="netloan.southwark.gov.uk" />
+	<target host="pensions.southwark.gov.uk" />
+	<target host="safeguarding.southwark.gov.uk" />
+	<target host="spm.southwark.gov.uk" />
+	<target host="www.southwark.gov.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?southwark\.gov\.uk$" name="^\w{16}$" /-->
+	<!--securecookie host="^\.southwark\.gov\.uk$" name="^TestCookie$" /-->
+	<!--securecookie host="^forums\.southwark\.gov\.uk$" name="^(?:ASP\.NET_SessionId|PreviousVisit|panelstate_(?:ActiveDiscussions|InformationPanel|categoryPanel[12]))$" /-->
+	<!--securecookie host="^my\.southwark\.gov\.uk$" name="^Login\.Return$" /-->
+	<!--securecookie host="^pensions\.southwark\.gov\.uk$" name="^(?:javax\.faces\.ClientToken|scheEmp)$" /-->
+
+	<securecookie host="^\." name="^(?:_gat?|TestCookie)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Sovereign_Man.com.xml b/src/chrome/content/rules/Sovereign_Man.com.xml
new file mode 100644
index 000000000000..545ee83795d3
--- /dev/null
+++ b/src/chrome/content/rules/Sovereign_Man.com.xml
@@ -0,0 +1,17 @@
+<!--
+	Mixed content:
+
+		- css from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Sovereign Man.com">
+
+	<target host="sovereignman.com" />
+	<target host="www.sovereignman.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Soylent.com.xml b/src/chrome/content/rules/Soylent.com.xml
new file mode 100644
index 000000000000..34712d417ae1
--- /dev/null
+++ b/src/chrome/content/rules/Soylent.com.xml
@@ -0,0 +1,61 @@
+<!--
+	CDN buckets:
+
+		- soylent-production-herokuapp-com.global.ssl.fastly.net
+
+
+	Nonfunctional hosts in *soylent.com:
+
+		- blog ¹
+		- files ²
+
+	¹ Tumblr
+	² Refused
+
+
+	Fully covered hosts in *soylent.com:
+
+		- (www.)?
+		- diy
+		- faq
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.soylent.com
+
+
+	These altnames don't exist:
+
+		- www.diy.soylent.com
+
+
+	Mixed content:
+
+		- css on faq from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Soylent.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="soylent.com" />
+	<target host="discourse.soylent.com" />
+	<target host="diy.soylent.com" />
+	<target host="faq.soylent.com" />
+	<target host="www.soylent.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.soylent\.com$" name="^csrftoken$" /-->
+
+	<securecookie host="^(discourse|www)\.soylent\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SoylentNews.org.xml b/src/chrome/content/rules/SoylentNews.org.xml
new file mode 100644
index 000000000000..ca213d363c2d
--- /dev/null
+++ b/src/chrome/content/rules/SoylentNews.org.xml
@@ -0,0 +1,21 @@
+<!--
+	Nonfunctional subdomains:
+
+		- chat
+		- wiki *
+
+	* Shows another domain
+
+-->
+<ruleset name="Soylent News.org (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="soylentnews.org" />
+	<target host="www.soylentnews.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Sozialdemokratische_Partei_Deutschlands.xml b/src/chrome/content/rules/Sozialdemokratische_Partei_Deutschlands.xml
index 8c63187d03c9..e4eaeff6f535 100644
--- a/src/chrome/content/rules/Sozialdemokratische_Partei_Deutschlands.xml
+++ b/src/chrome/content/rules/Sozialdemokratische_Partei_Deutschlands.xml
@@ -2,7 +2,7 @@
     <target host="spd.de" />
     <target host="*.spd.de" />
 
-    <rule from="^https?://spd\.de/"
+    <rule from="^http://spd\.de/"
         to="https://www.spd.de/"/>
     <rule from="^http://([^/:@]+)?\.spd\.de/"
         to="https://$1.spd.de/" />
diff --git a/src/chrome/content/rules/Sozialismus.info.xml b/src/chrome/content/rules/Sozialismus.info.xml
new file mode 100644
index 000000000000..d3d40524a7b1
--- /dev/null
+++ b/src/chrome/content/rules/Sozialismus.info.xml
@@ -0,0 +1,22 @@
+<!--
+	^sozialismus.info: Mismatched
+
+-->
+<ruleset name="Sozialismus.info">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.sozialismus.info" />
+
+	<!--	Complications:
+				-->
+	<target host="sozialismus.info" />
+
+
+	<rule from="^http://sozialismus\.info/"
+		to="https://www.sozialismus.info/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Space-Inch.xml b/src/chrome/content/rules/Space-Inch.xml
index f73255ddda28..e5f754bc3d7f 100644
--- a/src/chrome/content/rules/Space-Inch.xml
+++ b/src/chrome/content/rules/Space-Inch.xml
@@ -1,14 +1,26 @@
-<ruleset name="Space Inch (partial)" platform="mixedcontent">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://godownloadsongs.com/ => https://godownloadsongs.com/: (7, 'Failed to connect to godownloadsongs.com port 443: Connection refused')
+Fetch error: http://www.godownloadsongs.com/ => https://godownloadsongs.com/: (7, 'Failed to connect to godownloadsongs.com port 443: Connection refused')
+Fetch error: http://skipscreen.com/ => https://skipscreen.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.skipscreen.com/ => https://skipscreen.com/: (60, 'SSL certificate problem: certificate has expired')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://skipscreen.com/ => https://skipscreen.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.skipscreen.com/ => https://skipscreen.com/: (60, 'SSL certificate problem: certificate has expired')
+-->
+<ruleset name="Space Inch (partial)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="godownloadsongs.com"/>
 	<target host="www.godownloadsongs.com"/>
 	<target host="skipscreen.com"/>
 	<target host="www.skipscreen.com"/>
 
-	<rule from="^http://(www\.)?godownloadsongs\.com/"
+	<rule from="^http://(?:www\.)?godownloadsongs\.com/"
 		to="https://godownloadsongs.com/"/>
 
-	<rule from="^http://(www\.)?skipscreen\.com/"
+	<rule from="^http://(?:www\.)?skipscreen\.com/"
 		to="https://skipscreen.com/"/>
 
 </ruleset>
diff --git a/src/chrome/content/rules/Space.com.xml b/src/chrome/content/rules/Space.com.xml
index d6c0b6a5ac81..e0429aa57bff 100644
--- a/src/chrome/content/rules/Space.com.xml
+++ b/src/chrome/content/rules/Space.com.xml
@@ -1,21 +1,31 @@
+
 <!--
-	Nonfunctional subdomains:
+Disabled by https-everywhere-checker because:
+Fetch error: http://store.space.com/ => https://store.space.com/: (51, "SSL: no alternative certificate subject name matches target host name 'store.space.com'")
+
+	Nonfunctional hosts in *space.com:
+
+		- ^		Dropped
+		- i		504
+		- www		504
+
+
+	Mixed content:
+
+		- Bug on store from hermanstreet.122.2o7.net *
 
-		- (www.)	(times out)
-		- i		(cert: *.hs.llnwd.net; 400)
+	* Secured by us
 
 -->
-<ruleset name="Space.com store" default_off="expired">
+<ruleset name="Space.com store" default_off="failed ruleset test">
 
 	<target host="store.space.com" />
-	<!--	* for cross-domain cookie.	-->
-	<target host="*.store.space.com" />
 
 
-	<securecookie host="^\.?store\.space\.com$" name=".*" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://store\.space\.com/"
-		to="https://store.space.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Space2u.xml b/src/chrome/content/rules/Space2u.xml
index 284d42ee19c6..852da3a661a0 100644
--- a/src/chrome/content/rules/Space2u.xml
+++ b/src/chrome/content/rules/Space2u.xml
@@ -29,4 +29,4 @@
 	<rule from="^http://(owa\.|webmail2\.|www\.)?space2u\.com/"
 		to="https://$1space2u.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SpaceBattles.com.xml b/src/chrome/content/rules/SpaceBattles.com.xml
new file mode 100644
index 000000000000..e3a5e0c41ea9
--- /dev/null
+++ b/src/chrome/content/rules/SpaceBattles.com.xml
@@ -0,0 +1,16 @@
+<!--
+	Mismatched:
+		- ^ (*.prod.ams1.secureserver.net)
+		- www (*.prod.ams1.secureserver.net)
+		- forum (forums.spacebattles.com)
+-->
+
+<ruleset name="SpaceBattles.com">
+	<target host="forum.spacebattles.com" />
+	<target host="forums.spacebattles.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://forum\.spacebattles\.com/" to="https://forums.spacebattles.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SpaceLab.ie.xml b/src/chrome/content/rules/SpaceLab.ie.xml
new file mode 100644
index 000000000000..3efbb5a46dcf
--- /dev/null
+++ b/src/chrome/content/rules/SpaceLab.ie.xml
@@ -0,0 +1,13 @@
+<ruleset name="SpaceLab.ie">
+	<target host="spacelab.ie" />
+	<target host="www.spacelab.ie" />
+	<target host="blog.spacelab.ie" />
+	<target host="www.blog.spacelab.ie" />
+	<target host="cpanel.spacelab.ie" />
+	<target host="mail.spacelab.ie" />
+	<target host="php.spacelab.ie" />
+	<target host="www.php.spacelab.ie" />
+	<target host="webmail.spacelab.ie" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SpacePolicyOnline.com.xml b/src/chrome/content/rules/SpacePolicyOnline.com.xml
index cb7ba3d98441..dde5474d5314 100644
--- a/src/chrome/content/rules/SpacePolicyOnline.com.xml
+++ b/src/chrome/content/rules/SpacePolicyOnline.com.xml
@@ -1,4 +1,4 @@
-<ruleset name="SpacePolicyOnline.com" default_off="mismatch">
+<ruleset name="SpacePolicyOnline.com" default_off="mismatched">
 
 	<!--	Cert: *.worldsecuresystems.com	-->
 	<target host="spacepolicyonline.com" />
@@ -6,11 +6,11 @@
 	<target host="www.spacepolicyonline.com" />
 
 
-	<securecookie host="^.*\.spacepolicyonline\.com$" name=".*" />
+	<securecookie host="^.*\.spacepolicyonline\.com$" name=".+" />
 
 
 	<!--	!www redirects to www.	-->
-	<rule from="^https?://(?:www\.)?spacepolicyonline\.com/"
+	<rule from="^http://(?:www\.)?spacepolicyonline\.com/"
 		to="https://www.spacepolicyonline.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/SpaceTelescope.org.xml b/src/chrome/content/rules/SpaceTelescope.org.xml
new file mode 100644
index 000000000000..62bd111e3a56
--- /dev/null
+++ b/src/chrome/content/rules/SpaceTelescope.org.xml
@@ -0,0 +1,16 @@
+<!--
+	Invalid certificate:
+		spacetelescope.org
+		videos.spacetelescope.org
+
+-->
+
+<ruleset name="SpaceTelescope.org">
+
+	<target host="www.spacetelescope.org" />
+	<target host="cdn.spacetelescope.org" />
+		<test url="http://cdn.spacetelescope.org/archives/images/banner1920/heic1706a.jpg" />
+
+	<rule from="^http:"	to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SpaceUp.xml b/src/chrome/content/rules/SpaceUp.xml
index dc864d13169a..38114dec85ad 100644
--- a/src/chrome/content/rules/SpaceUp.xml
+++ b/src/chrome/content/rules/SpaceUp.xml
@@ -1,12 +1,14 @@
-<ruleset name="SpaceUp" default_off="mismatch">
+<!--
+	CN: *.lamphost.com
+
+-->
+<ruleset name="SpaceUp.org" default_off="mismatched">
 
-	<!--	Cert: *.lamphost.com
-					-->
 	<target host="spaceup.org" />
 	<target host="www.spaceup.org" />
 
 
-	<rule from="^https?://(?:www\.)?spaceup\.org/"
-		to="https://spaceup.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/SpaceWeb.xml b/src/chrome/content/rules/SpaceWeb.xml
index 01e60e86385b..dc1a72ed0777 100644
--- a/src/chrome/content/rules/SpaceWeb.xml
+++ b/src/chrome/content/rules/SpaceWeb.xml
@@ -1,4 +1,7 @@
 <!--
+	SpaceWeb
+
+
 	vip-35.sweb.ru: self-signed
 
 
@@ -6,17 +9,22 @@
 
 		- live	(times out)
 
+
+	These altnames don't exist:
+
+		- shared.sweb.ru
+
 -->
-<ruleset name="SpaceWeb">
+<ruleset name="SWeb.ru">
 
-	<target host="sweb.ru"/>
-	<target host="*.sweb.ru"/>
+	<target host="sweb.ru" />
+	<target host="cp.sweb.ru" />
+	<target host="www.sweb.ru" />
 
 
-	<securecookie host="^\.sweb\.ru$" name=".*" />
+	<securecookie host="^\.sweb\.ru$" name=".+" />
 
 
-	<rule from="^http://(cp\.|www\.)?sweb\.ru/"
-		to="https://$1sweb.ru/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/SpaceX.xml b/src/chrome/content/rules/SpaceX.xml
index 2e1dedab73e8..69aa86e4c619 100644
--- a/src/chrome/content/rules/SpaceX.xml
+++ b/src/chrome/content/rules/SpaceX.xml
@@ -1,4 +1,14 @@
-<ruleset name="SpaceX" platform="mixedcontent">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://spacex.com/ => https://spacex.com/: Too many redirects while fetching 'https://spacex.com/'
+Fetch error: http://www.spacex.com/ => https://spacex.com/: Too many redirects while fetching 'https://spacex.com/'
+
+Automatically by https-everywhere-checker because:
+Fetch error: http://spacex.com/ => https://spacex.com/: Cycle detected - URL already encountered: https://spacex.com/
+Fetch error: http://www.spacex.com/ => https://spacex.com/: Cycle detected - URL already encountered: https://spacex.com/
+-->
+<ruleset name="SpaceX" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="spacex.com" />
 	<target host="www.spacex.com" />
diff --git a/src/chrome/content/rules/Space_Industry_News.xml b/src/chrome/content/rules/Space_Industry_News.xml
index b963cce5c87b..244ef5f5f645 100644
--- a/src/chrome/content/rules/Space_Industry_News.xml
+++ b/src/chrome/content/rules/Space_Industry_News.xml
@@ -1,10 +1,17 @@
-<ruleset name="Space Industry News">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://spaceindustrynews.com/ => https://spaceindnews.wpengine.com/: (7, 'Failed to connect to spaceindnews.wpengine.com port 443: Connection refused')
+Fetch error: http://www.spaceindustrynews.com/ => https://spaceindnews.wpengine.com/: (7, 'Failed to connect to spaceindnews.wpengine.com port 443: Connection refused')
+
+-->
+<ruleset name="Space Industry News" default_off="failed ruleset test">
 
 	<target host="spaceindustrynews.com" />
 	<target host="www.spaceindustrynews.com" />
 
 
-	<rule from="^https?://(?:www\.)?spaceindustrynews\.com/"
+	<rule from="^http://(?:www\.)?spaceindustrynews\.com/"
 		to="https://spaceindnews.wpengine.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Space_Launch_Report.com.xml b/src/chrome/content/rules/Space_Launch_Report.com.xml
new file mode 100644
index 000000000000..b3588f692c19
--- /dev/null
+++ b/src/chrome/content/rules/Space_Launch_Report.com.xml
@@ -0,0 +1,21 @@
+<!--
+	CN: *.fatcow.com
+
+
+	Mixed content:
+
+		- Ads from pagead2.googlesyndication.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Space Launch Report.com" default_off="mismatched">
+
+	<target host="spacelaunchreport.com" />
+	<target host="www.spacelaunchreport.com" />
+
+
+	<rule from="^http://(?:www\.)?spacelaunchreport\.com/"
+		to="https://spacelaunchreport.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Space_Telescope_Science_Institute.xml b/src/chrome/content/rules/Space_Telescope_Science_Institute.xml
index dbc36b12fd72..31e673e35c15 100644
--- a/src/chrome/content/rules/Space_Telescope_Science_Institute.xml
+++ b/src/chrome/content/rules/Space_Telescope_Science_Institute.xml
@@ -13,7 +13,6 @@
 	<securecookie host="^archive\.stsci\.edu$" name=".+" />
 
 
-	<rule from="^http://archive\.stsci\.edu/"
-		to="https://archive.stsci.edu/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Spaceweather-PHONE.xml b/src/chrome/content/rules/Spaceweather-PHONE.xml
index 63526974a73f..13e71dcaf462 100644
--- a/src/chrome/content/rules/Spaceweather-PHONE.xml
+++ b/src/chrome/content/rules/Spaceweather-PHONE.xml
@@ -4,12 +4,11 @@
 	<target host="www.spaceweatherphone.com" />
 
 
-	<securecookie host="^spaceweatherphone\.com$" name=".*" />
+	<securecookie host="^spaceweatherphone\.com$" name=".+" />
 
 
 	<!--	Cert only matches ^spaceweatherphone.com.
 								-->
-	<rule from="^https?://(?:www\.)?spaceweatherphone\.com/"
-		to="https://spaceweatherphone.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/SpamGourmet.com.xml b/src/chrome/content/rules/SpamGourmet.com.xml
new file mode 100644
index 000000000000..6b275fd22de6
--- /dev/null
+++ b/src/chrome/content/rules/SpamGourmet.com.xml
@@ -0,0 +1,22 @@
+<!--
+	Bad certificate:
+		bbs.spamgourmet.com
+		gourmet.spamgourmet.com
+		gourmet7.spamgourmet.com
+		gourmet8.spamgourmet.com
+		gourmet9.spamgourmet.com
+		secure.spamgourmet.com
+
+-->
+
+<ruleset name="SpamGourmet">
+
+	<target host="spamgourmet.com" />
+	<target host="www.spamgourmet.com" />
+	<target host="secure.spamgourmet.com" />
+
+	<rule from="^http://secure\.spamgourmet\.com/"
+		to="https://www.spamgourmet.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SpamGourmet.xml b/src/chrome/content/rules/SpamGourmet.xml
deleted file mode 100644
index dd038ab31ba3..000000000000
--- a/src/chrome/content/rules/SpamGourmet.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="SpamGourmet">
-  <target host="spamgourmet.com" />
-  <target host="www.spamgourmet.com" />
-
-  <rule from="^http://spamgourmet\.com/" to="https://spamgourmet.com/"/>
-  <rule from="^http://www\.spamgourmet\.com/" to="https://www.spamgourmet.com/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/Spamicity.info.xml b/src/chrome/content/rules/Spamicity.info.xml
index a8d3d5145259..5d73d61216d4 100644
--- a/src/chrome/content/rules/Spamicity.info.xml
+++ b/src/chrome/content/rules/Spamicity.info.xml
@@ -1,22 +1,8 @@
-<!--
-	For other E14N coverage, see E14N.xml.
-
-
-	Problematic subdomains:
-
-		 - www		(http redirects to https://www, cert only matches ^spamicity.info)
-
--->
 <ruleset name="spamicity.info">
-
 	<target host="spamicity.info" />
 	<target host="www.spamicity.info" />
 
-
 	<securecookie host="^spamicity\.info$" name=".+" />
 
-
-	<rule from="^http://(?:www\.)?spamicity\.info/"
-		to="https://spamicity.info/" />
-
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Spanair.xml b/src/chrome/content/rules/Spanair.xml
deleted file mode 100644
index d5771ee8762b..000000000000
--- a/src/chrome/content/rules/Spanair.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="Spanair">
-  <target host="spanair.com" />
-  <target host="*.spanair.com" />
-  
-  <rule from="^http://spanair\.com/" to="https://spanair.com/"/>
-  <rule from="^http://([^/:@\.]+)\.spanair\.com/" to="https://$1.spanair.com/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/Spankwire.xml b/src/chrome/content/rules/Spankwire.xml
index 65bc41efd93f..91efbef4d31a 100644
--- a/src/chrome/content/rules/Spankwire.xml
+++ b/src/chrome/content/rules/Spankwire.xml
@@ -1,11 +1,11 @@
-<ruleset name="Spankwire (partial)" default_off="expired">
+<ruleset name="Spankwire (partial)">
 
-	<target host="spankwire.com"/>
-	<target host="www.spankwire.com"/>
+	<target host="spankwire.com" />
+	<target host="www.spankwire.com" />
 
-	<rule from="^http://(www\.)?spankwire\.com/"
-		to="https://www.spankwire.com/"/>
+	<securecookie host=".+" name=".+" />
 
-	<securecookie host="^(www\.)?spankwire\.com$" name=".*"/>
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Spark-Summit.org.xml b/src/chrome/content/rules/Spark-Summit.org.xml
new file mode 100644
index 000000000000..c8adde1e6d32
--- /dev/null
+++ b/src/chrome/content/rules/Spark-Summit.org.xml
@@ -0,0 +1,21 @@
+<!--
+	Mixed content:
+
+		- Images from spark-summit.org ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="Spark-Summit.org">
+
+	<target host="spark-summit.org" />
+	<target host="www.spark-summit.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Spark.ru.xml b/src/chrome/content/rules/Spark.ru.xml
new file mode 100644
index 000000000000..19d1b4cf9659
--- /dev/null
+++ b/src/chrome/content/rules/Spark.ru.xml
@@ -0,0 +1,13 @@
+<ruleset name="Spark.ru">
+
+	<target host="spark.ru" />
+	<target host="www.spark.ru" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SparkLabs.com.xml b/src/chrome/content/rules/SparkLabs.com.xml
new file mode 100644
index 000000000000..afab38dabba9
--- /dev/null
+++ b/src/chrome/content/rules/SparkLabs.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="SparkLabs.com">
+	<target host="sparklabs.com" />
+	<target host="www.sparklabs.com" />
+	<target host="tools.sparklabs.com" />
+	<target host="secure.sparklabs.com" />
+	<target host="register.sparklabs.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Sparked.com.xml b/src/chrome/content/rules/Sparked.com.xml
deleted file mode 100644
index 0c3fcfcc3b5e..000000000000
--- a/src/chrome/content/rules/Sparked.com.xml
+++ /dev/null
@@ -1,5 +0,0 @@
-<ruleset name="Sparked">
-  <target host="www.sparked.com" />
-
-  <rule from="^http://www\.sparked\.com/" to="https://www.sparked.com/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/Sparkfun.xml b/src/chrome/content/rules/Sparkfun.xml
index 49cb620d1b50..769db804e69f 100644
--- a/src/chrome/content/rules/Sparkfun.xml
+++ b/src/chrome/content/rules/Sparkfun.xml
@@ -1,13 +1,40 @@
-<ruleset name="Sparkfun">
 
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://analytics.sparkfun.com/ => https://analytics.sparkfun.com/: (6, 'Could not resolve host: analytics.sparkfun.com')
+
+	Fully covered hosts in *sparkfun.com:
+
+		- (www.)?
+		- analytics
+		- cdn
+		- data
+		- forum
+		- learn
+		- static
+
+-->
+<ruleset name="Sparkfun.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
 	<target host="sparkfun.com" />
-	<target host="*.sparkfun.com" />
+	<target host="analytics.sparkfun.com" />
+	<target host="cdn.sparkfun.com" />
+	<target host="data.sparkfun.com" />
+	<target host="forum.sparkfun.com" />
+	<target host="learn.sparkfun.com" />
+	<target host="static.sparkfun.com" />
+	<target host="www.sparkfun.com" />
 
 
-	<securecookie host="^\.sparkfun\.com$" name=".+" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.forum\.sparkfun\.com$" name=".+" /-->
+	<securecookie host="^(?:forum)?\.sparkfun\.com$" name=".+" />
 
 
-	<rule from="^http://(static\.|www\.)?sparkfun\.com/"
-		to="https://$1sparkfun.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Sparkle-Project.xml b/src/chrome/content/rules/Sparkle-Project.xml
new file mode 100644
index 000000000000..08b1d8fc5411
--- /dev/null
+++ b/src/chrome/content/rules/Sparkle-Project.xml
@@ -0,0 +1,10 @@
+<ruleset name="Sparkle Project">
+
+	<target host="sparkle-project.org" />
+	<target host="www.sparkle-project.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Sparklit.xml b/src/chrome/content/rules/Sparklit.xml
index 781a0bdd274d..51b43d2aeb95 100644
--- a/src/chrome/content/rules/Sparklit.xml
+++ b/src/chrome/content/rules/Sparklit.xml
@@ -7,13 +7,12 @@
 <ruleset name="Sparklit">
 
 	<target host="sparklit.com" />
-	<target host="*.sparklit.com" />
+	<target host="www.sparklit.com" />
 
 
 	<securecookie host="^\.sparklit\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?sparklit\.com/"
-		to="https://$1sparklit.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Sparkstudios.com.xml b/src/chrome/content/rules/Sparkstudios.com.xml
index f981f1bf334b..77fe3d6b0738 100644
--- a/src/chrome/content/rules/Sparkstudios.com.xml
+++ b/src/chrome/content/rules/Sparkstudios.com.xml
@@ -1,4 +1,14 @@
-<ruleset name="Sparkstudios.com">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.sparkstudios.com/ => https://www.sparkstudios.com/: (7, 'Failed to connect to www.sparkstudios.com port 443: Connection refused')
+Fetch error: http://sparkstudios.com/ => https://www.sparkstudios.com/: (7, 'Failed to connect to www.sparkstudios.com port 443: Connection refused')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.sparkstudios.com/ => https://www.sparkstudios.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://sparkstudios.com/ => https://www.sparkstudios.com/: (60, 'SSL certificate problem: certificate has expired')
+-->
+<ruleset name="Sparkstudios.com" default_off="failed ruleset test">
   <target host="www.sparkstudios.com" />
   <target host="sparkstudios.com" />
   <rule from="^http://www\.sparkstudios\.com/" to="https://www.sparkstudios.com/"/>
diff --git a/src/chrome/content/rules/Spartafx.com.xml b/src/chrome/content/rules/Spartafx.com.xml
index 61455e459eca..49bd0ec0ff89 100644
--- a/src/chrome/content/rules/Spartafx.com.xml
+++ b/src/chrome/content/rules/Spartafx.com.xml
@@ -1,13 +1,21 @@
-<ruleset name="Spartafx.com">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://spartafx.com/ => https://spartafx.com/: (51, "SSL: no alternative certificate subject name matches target host name 'spartafx.com'")
+Fetch error: http://www.spartafx.com/ => https://www.spartafx.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.spartafx.com'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://spartafx.com/ => https://spartafx.com/: (6, 'Could not resolve host: spartafx.com')
+-->
+<ruleset name="Spartafx.com" default_off="failed ruleset test">
 
 	<target host="spartafx.com" />
-	<target host="*.spartafx.com" />
+	<target host="www.spartafx.com" />
 
 
 	<securecookie host="^(?:w*\.)?spartafx\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?spartafx\.com/"
-		to="https://$1spartafx.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Spartan_Institute.xml b/src/chrome/content/rules/Spartan_Institute.xml
index 08a34eaa8e71..e9bc8bc4b1ac 100644
--- a/src/chrome/content/rules/Spartan_Institute.xml
+++ b/src/chrome/content/rules/Spartan_Institute.xml
@@ -1,19 +1,25 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://thespartaninstitute.com/ => https://thespartaninstitute.com/: (35, 'Unknown SSL protocol error in connection to thespartaninstitute.com:443 ')
+Fetch error: http://www.thespartaninstitute.com/ => https://www.thespartaninstitute.com/: (35, 'Unknown SSL protocol error in connection to www.thespartaninstitute.com:443 ')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://thespartaninstitute.com/ => https://thespartaninstitute.com/: (7, 'Failed to connect to thespartaninstitute.com port 443: Connection refused')
 	Nonfunctional subdomains:
 
 		- portal	(http reply)
 
 -->
-<ruleset name="The Spartan Institute (partial)">
+<ruleset name="The Spartan Institute (partial)" default_off="failed ruleset test">
 
 	<target host="thespartaninstitute.com" />
-	<target host="*.thespartaninstitute.com" />
+	<target host="www.thespartaninstitute.com" />
 
 
 	<securecookie host="^(?:w*\.)?thespartaninstitute\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?thespartaninstitute\.com/"
-		to="https://$1thespartaninstitute.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Sparx.org.nz.xml b/src/chrome/content/rules/Sparx.org.nz.xml
new file mode 100644
index 000000000000..2949a07d2ad0
--- /dev/null
+++ b/src/chrome/content/rules/Sparx.org.nz.xml
@@ -0,0 +1,23 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://research.sparx.org.nz/ => https://research.sparx.org.nz/: (28, 'Connection timed out after 20001 milliseconds')
+
+	These altnames don't exist:
+
+		- www.research.sparx.org.nz
+
+-->
+<ruleset name="Sparx.org.nz" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="sparx.org.nz" />
+	<target host="research.sparx.org.nz" />
+	<target host="www.sparx.org.nz" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Sparx_Trading.com-falsemixed.xml b/src/chrome/content/rules/Sparx_Trading.com-falsemixed.xml
new file mode 100644
index 000000000000..ea3609fd57d8
--- /dev/null
+++ b/src/chrome/content/rules/Sparx_Trading.com-falsemixed.xml
@@ -0,0 +1,17 @@
+<!--
+	For rules not causing false/broken MCB, see Sparx_Trading.com.xml.
+
+-->
+<ruleset name="Sparx Trading.com (false MCB)" platform="mixedcontent">
+
+	<target host="sparxtrading.com" />
+	<target host="www.sparxtrading.com" />
+
+
+	<securecookie host="^\.sparxtrading\.com$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?sparxtrading\.com/"
+		to="https://www.sparxtrading.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Sparx_Trading.com.xml b/src/chrome/content/rules/Sparx_Trading.com.xml
new file mode 100644
index 000000000000..c71075a20b81
--- /dev/null
+++ b/src/chrome/content/rules/Sparx_Trading.com.xml
@@ -0,0 +1,35 @@
+<!--
+	For rules causing false/broken MCB, see Sparx_Trading.com-falsemixed.xml.
+
+
+	^: refused
+
+
+	Mixed content:
+
+		- Videos from www.youtube.com *
+
+		- css, from:
+
+			- $self *
+			- fonts.googleapis.com *
+
+		- Images from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Sparx Trading.com (partial)">
+
+	<target host="sparxtrading.com" />
+	<target host="www.sparxtrading.com" />
+		<!--
+			Avoid false/broken MCB:
+						-->
+		<!--exclusion pattern="^http://(www\.)?sparxtrading.com/+(?!favicon\.ico|wp-content/|wp-includes/)" /-->
+
+
+	<rule from="^http://(?:www\.)?sparxtrading\.com/(?=favicon\.ico|wp-content/|wp-includes/)"
+		to="https://www.sparxtrading.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SpatialBuzz.com-problematic.xml b/src/chrome/content/rules/SpatialBuzz.com-problematic.xml
new file mode 100644
index 000000000000..b11087ca7798
--- /dev/null
+++ b/src/chrome/content/rules/SpatialBuzz.com-problematic.xml
@@ -0,0 +1,20 @@
+<!--
+	For rules that are on by default, see SpatialBuzz.com.xml.
+
+-->
+<ruleset name="SpatialBuzz.com (problematic)" default_off="expired, self-signed">
+
+	<target host="ftp.spatialbuzz.com" />
+	<target host="git.spatialbuzz.com" />
+	<target host="logs.spatialbuzz.com" />
+	<target host="monitor.spatialbuzz.com" />
+	<target host="sbfs.spatialbuzz.com" />
+	<target host="www.spatialbuzz.com" />
+
+
+	<securecookie host="^www\.spatialbuzz\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SpatialBuzz.com.xml b/src/chrome/content/rules/SpatialBuzz.com.xml
index e0632cea0433..9d19971464e2 100644
--- a/src/chrome/content/rules/SpatialBuzz.com.xml
+++ b/src/chrome/content/rules/SpatialBuzz.com.xml
@@ -1,33 +1,60 @@
 <!--
-	Nonfunctional subdomains:
+	For problematic rules, see SpatialBuzz.com-problematic.xml.
 
-		- ftp *
-		- logs *
 
-	* Revoked
+	Problematic subdomains:
+
+		- ftp ¹
+		- git ¹
+		- logs ¹
+		- monitor ¹
+		- sbfs ²
+		- www ¹
+
+	¹ Expired 2014-07-25, ^ redirects to www
+	² Works, self-signed
 
 
 	Fully covered subdomains:
 
-		- (www.)
+		- ^
 		- admin
 		- api
 		- cdn
 		 cdn2
+		- demo
 		- fs
 		- maps
+		- splunk
+		- vpn
+
+
+	These altnames don't exist:
+
+		- cdn3.spatialbuzz.com
 
 -->
 <ruleset name="SpatialBuzz.com (partial)">
 
 	<target host="spatialbuzz.com" />
-	<target host="*.spatialbuzz.com" />
+	<target host="admin.spatialbuzz.com" />
+	<target host="api.spatialbuzz.com" />
+	<target host="cdn.spatialbuzz.com" />
+	<target host="cdn2.spatialbuzz.com" />
+	<target host="demo.spatialbuzz.com" />
+	<target host="fs.spatialbuzz.com" />
+	<target host="maps.spatialbuzz.com" />
+	<!--target host="splunk.spatialbuzz.com" /-->
+	<target host="vpn.spatialbuzz.com" />
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.spatialbuzz\.com$" name="^[0-9a-f]{32}$" /-->
 
-	<securecookie host="^(?:fs|www)\.spatialbuzz\.com$" name=".+" />
+	<securecookie host="^fs\.spatialbuzz\.com$" name=".+" />
 
 
-	<rule from="^http://((?:admin|api|cdn2?|fs|maps|www)\.)?spatialbuzz\.com/"
-		to="https://$1spatialbuzz.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SpatialPoint.xml b/src/chrome/content/rules/SpatialPoint.xml
index 74b901659b58..d43ac15c9727 100644
--- a/src/chrome/content/rules/SpatialPoint.xml
+++ b/src/chrome/content/rules/SpatialPoint.xml
@@ -10,7 +10,6 @@
 	<target host="www.spatialpoint.com" />
 
 
-	<rule from="^http://(?:www\.)?spatialpoint\.com/"
-		to="https://spatialpoint.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SpeakPipe.com.xml b/src/chrome/content/rules/SpeakPipe.com.xml
new file mode 100644
index 000000000000..4752a6db2a0c
--- /dev/null
+++ b/src/chrome/content/rules/SpeakPipe.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="SpeakPipe.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="speakpipe.com" />
+	<target host="www.speakpipe.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Speak_Your_Silence.xml b/src/chrome/content/rules/Speak_Your_Silence.xml
index b08a0eef4650..0595a066d2a2 100644
--- a/src/chrome/content/rules/Speak_Your_Silence.xml
+++ b/src/chrome/content/rules/Speak_Your_Silence.xml
@@ -1,13 +1,12 @@
 <ruleset name="Speak Your Silence">
 
 	<target host="speakyoursilence.org" />
-	<target host="*.speakyoursilence.org" />
+	<target host="www.speakyoursilence.org" />
 
 
 	<securecookie host="^\.?speakyoursilence\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?speakyoursilence\.org/"
-		to="https://$1speakyoursilence.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Speakeasy.net.xml b/src/chrome/content/rules/Speakeasy.net.xml
new file mode 100644
index 000000000000..eb07f2343c5a
--- /dev/null
+++ b/src/chrome/content/rules/Speakeasy.net.xml
@@ -0,0 +1,37 @@
+<!--
+	For other MegaPath coverage, see MegaPath.xml.
+
+
+	Problematic hosts in *speakeasy.net:
+
+		- portal *
+
+	* Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- speakeasy.net
+		- www.speakeasy.net
+
+-->
+<ruleset name="Speakeasy.net (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="speakeasy.net"/>
+	<!--target host="portal.speakeasy.net"/-->
+	<target host="www.speakeasy.net"/>
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?speakeasy\.net$" name="^(?:tid|visitorid)$" /-->
+
+	<securecookie host="^(?:www\.)?speakeasy\.net$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Speaker_Deck.com.xml b/src/chrome/content/rules/Speaker_Deck.com.xml
index 604435983b7e..16c8adc3df17 100644
--- a/src/chrome/content/rules/Speaker_Deck.com.xml
+++ b/src/chrome/content/rules/Speaker_Deck.com.xml
@@ -6,6 +6,11 @@
 
 		- speakerd.s3.amazonaws.com
 
+
+	Insecure cookies are set for these hosts:
+
+		- speakerdeck.com
+
 -->
 <ruleset name="Speaker Deck.com">
 
@@ -13,13 +18,14 @@
 	<target host="www.speakerdeck.com" />
 
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^speakerdeck\.com$" name="^peek$" /-->
+
 	<securecookie host="^speakerdeck\.com$" name=".+" />
 
 
-	<!--	- www doesn't work over https
-		- Redirects to !www over http
-			-->
-	<rule from="^http://(?:www\.)?speakerdeck\.com/"
-		to="https://speakerdeck.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Speaker_Exchange.xml b/src/chrome/content/rules/Speaker_Exchange.xml
index 2185603436ae..47f00e77e02d 100644
--- a/src/chrome/content/rules/Speaker_Exchange.xml
+++ b/src/chrome/content/rules/Speaker_Exchange.xml
@@ -1,13 +1,12 @@
 <ruleset name="Speaker Exchange">
 
 	<target host="reconingspeakers.com" />
-	<target host="*.reconingspeakers.com" />
+	<target host="www.reconingspeakers.com" />
 
 
 	<securecookie host="^(?:w*\.)?reconingspeakers\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?reconingspeakers\.com/"
-		to="https://$1reconingspeakers.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SpeakyChat.com.xml b/src/chrome/content/rules/SpeakyChat.com.xml
index a42ecc0b4517..de1c201e937e 100644
--- a/src/chrome/content/rules/SpeakyChat.com.xml
+++ b/src/chrome/content/rules/SpeakyChat.com.xml
@@ -1,18 +1,17 @@
 <ruleset name="SpeakyChat.com">
 
 	<target host="speakychat.com" />
-	<target host="*.speakychat.com" />
+	<target host="download.speakychat.com" />
+	<target host="install.speakychat.com" />
+	<target host="www.speakychat.com" />
 	<target host="speakyweb.com" />
-	<target host="*.speakyweb.com" />
+	<target host="www.speakyweb.com" />
 
 
 	<securecookie host="^(?:w*\.)?speaky(?:chat|web)\.com$" name=".+" />
 
 
-	<rule from="^http://((?:download|install|www)\.)?speakychat\.com/"
-		to="https://$1speakychat.com/" />
 
-	<rule from="^http://(www\.)?speakyweb\.com/"
-		to="https://$1speakyweb.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Special-trade.de.xml b/src/chrome/content/rules/Special-trade.de.xml
index ce0b23dab43f..21933aaec287 100644
--- a/src/chrome/content/rules/Special-trade.de.xml
+++ b/src/chrome/content/rules/Special-trade.de.xml
@@ -1,6 +1,6 @@
 <ruleset name="Special-trade.de">
 <target host="www.special-trade.de"/>
 <target host="special-trade.de"/>
-<rule from="^http://(www\.)?special-trade\.de/" to="https://www.special-trade.de/"/>
+<rule from="^http:" to="https:" />
 </ruleset>
- 
+
diff --git a/src/chrome/content/rules/SpecialForces.xml b/src/chrome/content/rules/SpecialForces.xml
index cbd394e50758..4b0c4a04baed 100644
--- a/src/chrome/content/rules/SpecialForces.xml
+++ b/src/chrome/content/rules/SpecialForces.xml
@@ -1,8 +1,52 @@
-<ruleset name="SpecialForces">
-  <target host="specialforces.com" />
-  <target host="www.specialforces.com" />
+<!--
+	^specialforces.com: Shows default page
 
-  <securecookie host="^(.+\.)?specialforces\.com$" name=".*"/>
+	NB: Server sends no certificate chain, see https://whatsmychaincert.com
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- www.specialforces.com
+		- .www.specialforces.com
+
+
+	Mixed content:
+
+		- css from fonts.googleapis.com *
+
+		- Ads,bugs, from:
+
+			- www.dtc-330d.com
+			- $self
+			- www.w3.org
+			- ad.where.com *
+
+	* Secured by us
+
+-->
+<ruleset name="SpecialForces.com" default_off="expired, missing certificate chain">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.specialforces.com" />
+
+	<!--	Complications:
+				-->
+	<target host="specialforces.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.specialforces\.com$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^\.www\.specialforces\.com$" name="^currency$" /-->
+
+	<securecookie host="^(?:.+\.)?specialforces\.com$" name=".+" />
+
+
+	<rule from="^http://specialforces\.com/"
+		to="https://www.specialforces.com/" />
+
+	<rule from="^http:"
+		to="https:" />
 
-  <rule from="^http://(?:www\.)?specialforces\.com/" to="https://www.specialforces.com/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/Specialized_Products_Company.xml b/src/chrome/content/rules/Specialized_Products_Company.xml
index 30b11e550073..02f8ae11234c 100644
--- a/src/chrome/content/rules/Specialized_Products_Company.xml
+++ b/src/chrome/content/rules/Specialized_Products_Company.xml
@@ -10,7 +10,7 @@
 	<target host="www.specialized.net" />
 
 
-	<rule from="^https?://(?:www\.)?specialized\.net/($|\?|Specialized/(?:App_Themes|Checkout|images|Login\.aspx|Repository|styles|WebResource\.axd)(?:$|\?|/))"
+	<rule from="^http://(?:www\.)?specialized\.net/($|\?|Specialized/(?:App_Themes|Checkout|images|Login\.aspx|Repository|styles|WebResource\.axd)(?:$|\?|/))"
 		to="https://www.specialized.net/$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Specific-Media-mismatches.xml b/src/chrome/content/rules/Specific-Media-mismatches.xml
index 5e941e96add3..4140b5747315 100644
--- a/src/chrome/content/rules/Specific-Media-mismatches.xml
+++ b/src/chrome/content/rules/Specific-Media-mismatches.xml
@@ -7,10 +7,11 @@
 	<!--	Cert: creatives.specificmedia.co.uk
 							-->
 	<target host="specificmedia.co.uk" />
-	<target host="*.specificmedia.co.uk" />
+	<target host="creatives.specificmedia.co.uk" />
+	<target host="www.specificmedia.co.uk" />
 
 
-	<rule from="^https?://(?:(creatives\.)|www\.)?specificmedia\.co\.uk/"
+	<rule from="^http://(?:(creatives\.)|www\.)?specificmedia\.co\.uk/"
 		to="https://$1specificmedia.co.uk/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Specific-Media.xml b/src/chrome/content/rules/Specific-Media.xml
index d5049c564d23..e0f297e4afaa 100644
--- a/src/chrome/content/rules/Specific-Media.xml
+++ b/src/chrome/content/rules/Specific-Media.xml
@@ -1,4 +1,10 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://smp.specificmedia.net/ => https://smp.specificmedia.net/: (6, 'Could not resolve host: smp.specificmedia.net')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://smp.specificmedia.net/ => https://smp.specificmedia.net/: (6, 'Could not resolve host: smp.specificmedia.net')
 	For problematic coverage, see Specific-Media-mismatches.xml.
 
 
@@ -14,16 +20,13 @@
 		- (www.)specificmedia.net	(cert: mail.localsvcs.com; shows IIS7 default page)
 
 -->
-<ruleset name="Specific Media (partial)">
+<ruleset name="Specific Media (partial)" default_off="failed ruleset test">
 
-	<target host="*.specificmedia.com" />
+	<target host="cm.specificmedia.com" />
+	<target host="smp.specificmedia.com" />
 	<target host="smp.specificmedia.net" />
 
 
-	<rule from="^http://(cm|smp)\.specificmedia\.com/"
-		to="https://$1.specificmedia.com/" />
-
-	<rule from="^http://smp\.specificmedia\.net/"
-		to="https://smp.specificmedia.net/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Specificclick.xml b/src/chrome/content/rules/Specificclick.xml
index bc3c75eb78bc..432288019922 100644
--- a/src/chrome/content/rules/Specificclick.xml
+++ b/src/chrome/content/rules/Specificclick.xml
@@ -1,36 +1,54 @@
 <!--
 	For other Specific Media coverage, see Specific-Media.xml.
 
-secure.adviva.net
 
+	Insecure cookies are set for these domains: ᶜ
 
-	Fully covered  subdomains:
+		- .specificclick.net
 
-		- afe
-		- afe2
-		- clk
-		- cs
-		- rome
+	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="Specificclick">
-
-	<target host="*.specificclick.net" />
-
-
-	<!--	Tracking cookie set by bp:
+<ruleset name="Specificclick.net">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="afe.specificclick.net" />
+	<target host="afe2.specificclick.net" />
+	<target host="bp.specificclick.net" />
+	<target host="clk.specificclick.net" />
+	<target host="cs.specificclick.net" />
+	<target host="dp.specificclick.net" />
+	<target host="dp2.specificclick.net" />
+	<target host="mpp.specificclick.net" />
+	<target host="mpp2.specificclick.net" />
+	<target host="rome.specificclick.net" />
+
+	<!--	Complications:
+				-->
+	<target host="dg.specificclick.net" />
+
+		<!--	Sets cookies without Secure:
+							-->
+		<!--test url="http://bp.specificclick.net/?pixid=" /-->
+
+
+	<!--	Not secured byserver:
+					-->
+	<!--securecookie host="^\.specificclick\.net$" name="^(?:ct|cug)$" /-->
+
+	<!--	Tracking cookies set by bp:
 						-->
-	<securecookie host="^\.specificclick\.net$" name="^ug$" />
-	<securecookie host="^(?:afe2?|bp|clk|cs|dp|mpp)\.specificclick\.net$" name=".+" />
+	<securecookie host="^\." name="^(?:ct|c?ug)$" />
+	<securecookie host="^\w" name=".+" />
 
 
-
-	<rule from="^http://(afe2?|bp|clk|cs|dp2?|mpp2?|rome)\.specificclick\.net/"
-		to="https://$1.specificclick.net/" />
-
 	<!--	dg cert: dp.specificclick.net
 						-->
 	<rule from="^http://dg\.specificclick\.net/"
 		to="https://dp.specificclick.net/" />
 
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/Spectator.org.xml b/src/chrome/content/rules/Spectator.org.xml
index cbaddbc4a63e..a15a8691a5b4 100644
--- a/src/chrome/content/rules/Spectator.org.xml
+++ b/src/chrome/content/rules/Spectator.org.xml
@@ -6,20 +6,17 @@
 
 		- news		(shows www)
 
-
-	Expired 2013-04-12
-
 -->
-<ruleset name="Spectator.org (partial)" default_off="expired">
+<ruleset name="Spectator.org (partial)">
 
 	<target host="spectator.org" />
-	<target host="*.spectator.org" />
+	<target host="www.spectator.org" />
 
 
-	<securecookie host="^\.(?:www\.)?spectator\.org$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?spectator\.org/"
-		to="https://spectator.org/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Specto.io.xml b/src/chrome/content/rules/Specto.io.xml
new file mode 100644
index 000000000000..b453edeb7bb1
--- /dev/null
+++ b/src/chrome/content/rules/Specto.io.xml
@@ -0,0 +1,23 @@
+<!--
+	Mixed content:
+
+		- Image from spectolabs.wpengine.com
+
+-->
+<ruleset name="Specto.io">
+
+	<target host="specto.io" />
+	<target host="www.specto.io" />
+
+		<!--	Mixed image:
+					-->
+		<!--test url="http://www.specto.io/replacing-redis-with-boltdb-a-pure-go-keyvalue-store/" /-->
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Spectraflow.com.xml b/src/chrome/content/rules/Spectraflow.com.xml
index e4d6d5851372..4a111d11f226 100644
--- a/src/chrome/content/rules/Spectraflow.com.xml
+++ b/src/chrome/content/rules/Spectraflow.com.xml
@@ -1,13 +1,21 @@
-<ruleset name="Spectraflow.com">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://spectraflow.com/ => https://spectraflow.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.spectraflow.com/ => https://www.spectraflow.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://spectraflow.com/ => https://spectraflow.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+-->
+<ruleset name="Spectraflow.com" default_off="failed ruleset test">
 
 	<target host="spectraflow.com" />
-	<target host="*.spectraflow.com" />
+	<target host="www.spectraflow.com" />
 
 
 	<securecookie host="^(?:www)?\.spectraflow\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?spectraflow\.com/"
-		to="https://$1spectraflow.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SpectrumBusiness.net.xml b/src/chrome/content/rules/SpectrumBusiness.net.xml
new file mode 100644
index 000000000000..7289fe499d73
--- /dev/null
+++ b/src/chrome/content/rules/SpectrumBusiness.net.xml
@@ -0,0 +1,35 @@
+<!--
+	For other Charter Communications coverage, see Charter.com.xml.
+
+-->
+<ruleset name="SpectrumBusiness.net (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="spectrumbusiness.net" />
+	<target host="www.spectrumbusiness.net" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.spectrumbusiness\.net/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.spectrumbusiness\.net/(?!support(?:$|[?/]))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.spectrumbusiness.net/?" />
+			<test url="http://www.spectrumbusiness.net//" />
+			<test url="http://www.spectrumbusiness.net//?" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.spectrumbusiness.net/support" />
+			<test url="http://www.spectrumbusiness.net/support/" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Spectrum_Business_Insights.com.xml b/src/chrome/content/rules/Spectrum_Business_Insights.com.xml
new file mode 100644
index 000000000000..c132617573a4
--- /dev/null
+++ b/src/chrome/content/rules/Spectrum_Business_Insights.com.xml
@@ -0,0 +1,23 @@
+<!--
+	For other Charter Communications coverage, see Charter.com.xml.
+
+
+	Mixed content:
+
+		- Bugs from media.business.spectrum.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Spectrum Business Insights.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="spectrumbusinessinsights.com" />
+	<target host="www.spectrumbusinessinsights.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Speed-Dreams.xml b/src/chrome/content/rules/Speed-Dreams.xml
index 31091066e9d2..ab0356f06bba 100644
--- a/src/chrome/content/rules/Speed-Dreams.xml
+++ b/src/chrome/content/rules/Speed-Dreams.xml
@@ -1,14 +1,15 @@
 <ruleset name="Speed Dreams" default_off="mismatch, self-signed">
 
 	<target host="speed-dreams.org"/>
-	<target host="*.speed-dreams.org"/>
+	<target host="community.speed-dreams.org"/>
+	<target host="www.speed-dreams.org"/>
 
-	<securecookie host="^(.*\.)?speed-dreams\.org$" name=".*"/>
+	<securecookie host=".+" name=".+"/>
 
-	<rule from="^http://(?:www\.)?speed-dreams\.org/"
+	<rule from="^http://www\.speed-dreams\.org/"
 		to="https://speed-dreams.org/"/>
 
-	<rule from="^http://community\.speed-dreams\.org/"
-		to="https://community.speed-dreams.org/"/>
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/SpeedBurger.xml b/src/chrome/content/rules/SpeedBurger.xml
new file mode 100644
index 000000000000..3a4cd0f775e8
--- /dev/null
+++ b/src/chrome/content/rules/SpeedBurger.xml
@@ -0,0 +1,12 @@
+<ruleset name="SPEED-BURGER.com" >
+	<!-- ^ doesn't serve the same content on TLS that www does -->
+	<target host="speed-burger.com" />
+	<target host="www.speed-burger.com" />
+
+	<test url="http://www.speed-burger.com/mon-compte/creer-un-compte/" />
+	<test url="http://www.speed-burger.com/livraison-hamburger/" />
+
+	<rule from="^http://speed-burger\.com/" to="https://www.speed-burger.com/" />
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SpeedCrunch.org.xml b/src/chrome/content/rules/SpeedCrunch.org.xml
new file mode 100644
index 000000000000..5143e30bc498
--- /dev/null
+++ b/src/chrome/content/rules/SpeedCrunch.org.xml
@@ -0,0 +1,14 @@
+<!--
+	CN: *.ipage.com
+
+-->
+<ruleset name="SpeedCrunch.org" default_off="mismatched">
+
+	<target host="speedcrunch.org" />
+	<target host="www.speedcrunch.org" />
+
+
+	<rule from="^http://(?:www\.)?speedcrunch\.org/"
+		to="https://speedcrunch.org/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SpeedPPC.xml b/src/chrome/content/rules/SpeedPPC.xml
index 8df73cd95b63..1a7251849520 100644
--- a/src/chrome/content/rules/SpeedPPC.xml
+++ b/src/chrome/content/rules/SpeedPPC.xml
@@ -7,13 +7,13 @@
 <ruleset name="SpeedPPC (partial)">
 
 	<target host="speedppc.com" />
-	<target host="*.speedppc.com" />
+	<target host="www.speedppc.com" />
 
 
 	<securecookie host="^(?:w*\.)?speedppc\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?speedppc\.com/"
-		to="https://$1speedppc.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SpeedTree.com.xml b/src/chrome/content/rules/SpeedTree.com.xml
index 7c12cd15713f..d5b459950702 100644
--- a/src/chrome/content/rules/SpeedTree.com.xml
+++ b/src/chrome/content/rules/SpeedTree.com.xml
@@ -20,7 +20,8 @@
 <ruleset name="SpeedTree.com (partial)">
 
 	<target host="speedtree.com" />
-	<target host="*.speedtree.com" />
+	<target host="store.speedtree.com" />
+	<target host="www.speedtree.com" />
 
 
 	<!--	Tracking cookies:
@@ -29,7 +30,6 @@
 	<securecookie host="^(?:\.?store|www)\.speedtree\.com$" name=".+" />
 
 
-	<rule from="^http://(store\.|www\.)?speedtree\.com/"
-		to="https://$1speedtree.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Speed_World_Grafix.com.xml b/src/chrome/content/rules/Speed_World_Grafix.com.xml
new file mode 100644
index 000000000000..e7f884c04f12
--- /dev/null
+++ b/src/chrome/content/rules/Speed_World_Grafix.com.xml
@@ -0,0 +1,19 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://speedworldgrafix.com/ => https://speedworldgrafix.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.speedworldgrafix.com/ => https://www.speedworldgrafix.com/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="Speed World Grafix.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="speedworldgrafix.com" />
+	<target host="www.speedworldgrafix.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Speedcoin.org.xml b/src/chrome/content/rules/Speedcoin.org.xml
new file mode 100644
index 000000000000..c52653a6c3c0
--- /dev/null
+++ b/src/chrome/content/rules/Speedcoin.org.xml
@@ -0,0 +1,18 @@
+<ruleset name="Speedcoin.org (partial)">
+
+	<target host="speedcoin.org" />
+	<target host="www.speedcoin.org" />
+
+		<exclusion pattern="^http://(?:www\.)?speedcoin\.org:2750" />
+
+			<test url="http://speedcoin.org:2750/chain/Speedcoin" />
+			<test url="http://www.speedcoin.org:2750/chain/Speedcoin" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Speedify.com.xml b/src/chrome/content/rules/Speedify.com.xml
new file mode 100644
index 000000000000..0317f17edaee
--- /dev/null
+++ b/src/chrome/content/rules/Speedify.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="Speedify.com">
+	<target host="speedify.com" />
+	<target host="www.speedify.com" />
+	<target host="apidocs.speedify.com" />
+	<target host="msupport.speedify.com" />
+	<target host="my.speedify.com" />
+	<target host="newhotness.speedify.com" />
+	<target host="support.speedify.com" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Speedrun.com.xml b/src/chrome/content/rules/Speedrun.com.xml
new file mode 100644
index 000000000000..abe560552c0e
--- /dev/null
+++ b/src/chrome/content/rules/Speedrun.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Speedrun.com">
+	<target host="speedrun.com" />
+	<target host="www.speedrun.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Speedtest.net.xml b/src/chrome/content/rules/Speedtest.net.xml
index 675582f2f151..4f15664e2029 100644
--- a/src/chrome/content/rules/Speedtest.net.xml
+++ b/src/chrome/content/rules/Speedtest.net.xml
@@ -1,28 +1,13 @@
 <!--
 	For other Ookla coverage, see Ookla.xml.
-
 -->
 <ruleset name="Speedtest.net (partial)">
 
 	<target host="speedtest.net" />
-	<target host="*.speedtest.net" />
-		<!--
-			https://mail1.eff.org/pipermail/https-everywhere-rules/2013-June/001623.html
-
-			Breaks flash:
-					-->
-		<exclusion pattern="^http://c\.speedtest\.net/crossdomain\.xml" />
-
-
-	<!--	- Cert only matches www
-		- At least some pages 302 to http
-							-->
-	<rule from="^https?://(?:www\.)?speedtest\.net/(css/|images/|result/)"
-		to="https://www.speedtest.net/$1" />
+	<target host="www.speedtest.net" />
+	<target host="c.speedtest.net" />
+	<target host="zdstatic.speedtest.net" />
 
-	<!--	Cert: edgecastcdn.net
-					-->
-	<rule from="^https?://c\.speedtest\.net/"
-		to="https://www.speedtest.net/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Speedyshare.com.xml b/src/chrome/content/rules/Speedyshare.com.xml
index 17bbbe1eef60..5c5b0799002a 100644
--- a/src/chrome/content/rules/Speedyshare.com.xml
+++ b/src/chrome/content/rules/Speedyshare.com.xml
@@ -1,6 +1,14 @@
-<ruleset name="Speedyshare.com (mixed content)" default_off="mixed content">
-<target host="www.speedyshare.com"/>
-<target host="speedyshare.com"/>
-<rule from="^http://(www\.)?speedyshare\.com/" to="https://www.speedyshare.com/"/>
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.speedyshare.com/ => https://www.speedyshare.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://speedyshare.com/ => https://speedyshare.com/: (28, 'Connection timed out after 20000 milliseconds')
+
+-->
+<ruleset name="Speedyshare.com" default_off="failed ruleset test">
+	<target host="www.speedyshare.com"/>
+	<target host="speedyshare.com"/>
+
+	<rule from="^http:"
+		to="https:"/>
 </ruleset>
-<!-- Rule generated by HTTPS Finder 0.91 -->
diff --git a/src/chrome/content/rules/Spektrum.de.xml b/src/chrome/content/rules/Spektrum.de.xml
new file mode 100644
index 000000000000..164ff68272a3
--- /dev/null
+++ b/src/chrome/content/rules/Spektrum.de.xml
@@ -0,0 +1,14 @@
+<!--
+	Active mixed content from ad servers
+
+-->
+<ruleset name="Spektrum.de">
+
+	<target host="spektrum.de" />
+	<target host="www.spektrum.de" />
+	<target host="scilogs.spektrum.de" />
+	<target host="shop.spektrum.de" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Spench.net.xml b/src/chrome/content/rules/Spench.net.xml
new file mode 100644
index 000000000000..f6f4944986c9
--- /dev/null
+++ b/src/chrome/content/rules/Spench.net.xml
@@ -0,0 +1,38 @@
+<!--
+	- ^ & wiki: cert only matches www
+	- Expired 2006-11-06
+
+
+	Mixed content:
+
+		- Videos, on (www.) from:
+
+			- www.dailymotion.com ¹
+			- www.youtube.com ²
+
+	¹ Rule disabled by default
+	² Secured by us
+
+-->
+<ruleset name="spench.net" default_off="expired, mismatched, self-signed">
+
+	<target host="spench.net" />
+	<target host="www.spench.net" />
+	<target host="wiki.spench.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<securecookie host="^\.spench\.net$" name=".+" />
+	<!--
+		Secured by server:
+					-->
+	<!--securecookie host="^wiki\.spench\.net$" name="^wikidb_session$" /-->
+
+
+	<rule from="^http://(?:www\.)?spench\.net/"
+		to="https://www.spench.net/" />
+
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Spendabit.co.xml b/src/chrome/content/rules/Spendabit.co.xml
new file mode 100644
index 000000000000..6e629f51fe65
--- /dev/null
+++ b/src/chrome/content/rules/Spendabit.co.xml
@@ -0,0 +1,17 @@
+<ruleset name="Spendabit.co">
+
+	<target host="spendabit.co" />
+	<target host="www.spendabit.co" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^spendabit\.co$" name="^JSESSIONID$" /-->
+
+	<securecookie host="^spendabit\.co$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Spendbitcoins.xml b/src/chrome/content/rules/Spendbitcoins.xml
index e5ebb8188481..dc18a5e6b917 100644
--- a/src/chrome/content/rules/Spendbitcoins.xml
+++ b/src/chrome/content/rules/Spendbitcoins.xml
@@ -1,13 +1,25 @@
-<ruleset name="Spendbitcoins">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://spendbitcoins.com/ => https://spendbitcoins.com/: Too many redirects while fetching 'https://spendbitcoins.com/'
+Fetch error: http://www.spendbitcoins.com/ => https://www.spendbitcoins.com/: Too many redirects while fetching 'https://www.spendbitcoins.com/'
+
+-->
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://spendbitcoins.com/ => https://spendbitcoins.com/: Too many redirects while fetching 'https://spendbitcoins.com/'
+
+-->
+<ruleset name="Spendbitcoins" default_off="failed ruleset test">
 
 	<target host="spendbitcoins.com" />
-	<target host="*.spendbitcoins.com" />
+	<target host="www.spendbitcoins.com" />
 
 
 	<securecookie host="^(?:w*\.)?spendbitcoins\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?spendbitcoins\.com/"
-		to="https://$1spendbitcoins.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Sphere.com.xml b/src/chrome/content/rules/Sphere.com.xml
new file mode 100644
index 000000000000..9fdceb6fea04
--- /dev/null
+++ b/src/chrome/content/rules/Sphere.com.xml
@@ -0,0 +1,22 @@
+<!--
+	^sphere.com: Mismatched
+
+-->
+<ruleset name="Sphere.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.sphere.com" />
+
+	<!--	Complications:
+				-->
+	<target host="sphere.com" />
+
+
+	<rule from="^http://sphere\.com/"
+		to="https://www.sphere.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SphereUp.xml b/src/chrome/content/rules/SphereUp.xml
new file mode 100644
index 000000000000..9f56b61eb21b
--- /dev/null
+++ b/src/chrome/content/rules/SphereUp.xml
@@ -0,0 +1,64 @@
+<!--
+	Cert expired:
+		- contacts.sphereup.com
+		- lists.sphereup.com
+
+	Cert mismatch:
+		- d.sphereup.com
+		- e.sphereup.com
+		- email.sphereup.com
+		- lp.sphereup.com
+		- lyncdiscover.sphereup.com
+		- mail.sphereup.com
+		- mobilemail.sphereup.com
+		- msoid.sphereup.com
+		- pda.sphereup.com
+		- sip.sphereup.com
+		- sucdn.sphereup.com
+		- support.sphereup.com
+		- suweb.sphereup.com
+		- suweb3.sphereup.com
+		- suwidget3-bs-fx.sphereup.com
+		- webmail.sphereup.com
+
+	Chain issues:
+		- es.sphereup.com
+		- es5.sphereup.com
+
+	Connection refused:
+		- pop.sphereup.com
+
+	Timeout:
+		- autodiscover.sphereup.com
+		- ftp.sphereup.com
+		- imap.sphereup.com
+		- new.sphereup.com
+		- rnd.sphereup.com
+		- smtp.sphereup.com
+		- testsite.sphereup.com
+		- update.sphereup.com
+
+	TLS errors:
+		- sphereup.com
+		- www.sphereup.com
+		- blog.sphereup.com
+		- dev.sphereup.com
+		- dev2.sphereup.com
+		- suwidget3.sphereup.com
+		- suwidget3-alt.sphereup.com
+
+
+-->
+<ruleset name="SphereUp (partial)">
+
+	<target host="suadmin.sphereup.com"/>
+	<target host="suadmin-wix.sphereup.com"/>
+	<target host="suwidget3-bs.sphereup.com"/>
+	<target host="suwidget3-bs-clc.sphereup.com"/>
+	<target host="zdlogs.sphereup.com"/>
+	<target host="zdwidget3-bs.sphereup.com"/>
+	<target host="zdwidget3-bs-alt.sphereup.com"/>
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Sphinx-doc.org.xml b/src/chrome/content/rules/Sphinx-doc.org.xml
new file mode 100644
index 000000000000..156b61a60185
--- /dev/null
+++ b/src/chrome/content/rules/Sphinx-doc.org.xml
@@ -0,0 +1,16 @@
+<!--
+     Refused:
+	- ^
+-->
+<ruleset name="Sphinx-doc.org">
+
+	<target host="sphinx-doc.org" />
+	<target host="www.sphinx-doc.org" />
+
+	<rule from="^http://sphinx-doc\.org/"
+		to="https://www.sphinx-doc.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Spice-space.org.xml b/src/chrome/content/rules/Spice-space.org.xml
new file mode 100644
index 000000000000..74615a202112
--- /dev/null
+++ b/src/chrome/content/rules/Spice-space.org.xml
@@ -0,0 +1,15 @@
+<!--
+	For other Red Hat coverage, see Red_Hat.xml.
+
+	- ^: mismatched, CN: *.redhat.com
+
+-->
+<ruleset name="Spice-space.org">
+
+	<target host="spice-space.org" />
+	<target host="www.spice-space.org" />
+
+	<rule from="^http://(www\.)?spice-space\.org/"
+		to="https://www.spice-space.org/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Spicebox.xml b/src/chrome/content/rules/Spicebox.xml
index 045e5b9e6ebc..63878021b303 100644
--- a/src/chrome/content/rules/Spicebox.xml
+++ b/src/chrome/content/rules/Spicebox.xml
@@ -4,7 +4,6 @@
 	<target host="www.spicebox.co.jp" />
 
 
-	<rule from="^http://(www\.)?spicebox\.co\.jp/"
-		to="https://$1spicebox.co.jp/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Spiceworks.xml b/src/chrome/content/rules/Spiceworks.xml
index 5c5dd1118431..63f2c3c58bc3 100644
--- a/src/chrome/content/rules/Spiceworks.xml
+++ b/src/chrome/content/rules/Spiceworks.xml
@@ -1,18 +1,112 @@
+
 <!--
-	Nonfunctional subdomains:
+Disabled by https-everywhere-checker because:
+Fetch error: http://banners.spiceworks.com/ => https://banners.spiceworks.com/: (6, 'Could not resolve host: banners.spiceworks.com')
+Fetch error: http://wwwstatic.spiceworks.com/ => https://wwwstatic.spiceworks.com/: (6, 'Could not resolve host: wwwstatic.spiceworks.com')
+
+	Note: resources2.../$ redirects to a host that doesn't exist.
+	Excluding /$ would be a problem in two ways:
+
+		- It would make us stand out more
+		- The fetch checker would fail the required tests
+
+
+	Other Spiceworks rulesets:
+
+		- Spiceworks_static.com.xml
+
+
+	Problematic hosts in *spiceworks.com:
+
+		- ^ ¹
+		- developers ²
+
+	¹ Mismatched
+	² Refused
+
+
+	Insecure cookies are set for these domains and hosts:
 
-		- (www.)
+		- .spiceworks.com
+		- accounts.spiceworks.com
+		- on.spiceworks.com
+		- swagshop.spiceworks.com
+
+
+	Mixed content:
+
+		- Bug on community from stat.onestat.com *
+
+	* Secured by us
 
 -->
-<ruleset name="Spiceworks (partial)">
+<ruleset name="Spiceworks.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="accounts.spiceworks.com" />
+	<target host="banners.spiceworks.com" />
+	<target host="community.spiceworks.com" />
+	<target host="download.spiceworks.com" />
+	<target host="gekko.spiceworks.com" />
+	<target host="on.spiceworks.com" />
+	<target host="px.spiceworks.com" />
+	<target host="resources2.spiceworks.com" />
+	<target host="static.spiceworks.com" />
+	<target host="swagshop.spiceworks.com" />
+	<target host="wwwstatic.spiceworks.com" />
+	<target host="www.spiceworks.com" />
+	<target host="xact.spiceworks.com" />
+
+	<!--	Complications:
+				-->
+	<target host="spiceworks.com" />
+	<target host="developers.spiceworks.com" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://swagshop\.spiceworks\.com/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://swagshop\.spiceworks\.com/+(?![Ss]hared/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://swagshop.spiceworks.com/all" />
+			<test url="http://swagshop.spiceworks.com/apparel" />
+			<test url="http://swagshop.spiceworks.com/store/p/45-Happy-SysAdmin-Day-Tshirt.aspx" />
+
+			<!--	-ve:
+					-->
+			<test url="http://swagshop.spiceworks.com/Shared/Themes/SpiceworksTheme%20%5Bclone%5D/Templates/spiceworks-home.css" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.spiceworks\.com$" name="^(SessionId|SessionKey|ref|source|spiceworks_community|target|_swndat|_swnid)$" /-->
+	<!--securecookie host="^accounts\.spiceworks\.com$" name="^(?:_identity_service_session|request_method)$" /-->
+	<!--securecookie host="^on\.spiceworks\.com$" name="^_tron_session$" /-->
+	<!--securecookie host="^swagshop\.spiceworks\.com$" name="^ASP\.NET_SessionId$" /-->
+
+	<!--	Set by community:
+					-->
+	<securecookie host="^\.spiceworks\.com$" name="^(?:ref|spiceworks_community|_swndat|_swnid)$" />
 
-	<target host="*.spiceworks.com" />
+	<securecookie host="^\." name="^_gat?$" />
+	<securecookie host="^(?!swagshop\.)\w" name=".+" />
 
 
-	<securecookie host="^\w.*\.spiceworks\.com$" name=".*" />
+	<rule from="^http://spiceworks\.com/"
+		to="https://www.spiceworks.com/" />
 
+	<!--	Redirect preserves path,
+		args, and forward slash:
+					-->
+	<rule from="^http://developers\.spiceworks\.com/"
+		to="https://spiceworks.github.io/developers.spiceworks.com//" />
 
-	<rule from="^http://(community|static)\.spiceworks\.com/"
-		to="https://$1.spiceworks.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Spiceworks_static.com.xml b/src/chrome/content/rules/Spiceworks_static.com.xml
new file mode 100644
index 000000000000..187156d190d8
--- /dev/null
+++ b/src/chrome/content/rules/Spiceworks_static.com.xml
@@ -0,0 +1,17 @@
+<!--
+	For other Spiceworks coverage, see Spiceworks.xml.
+
+-->
+<ruleset name="Spiceworks static.com">
+
+	<target host="assets-on.spiceworksstatic.com" />
+	<target host="static.spiceworksstatic.com" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Spider.io.xml b/src/chrome/content/rules/Spider.io.xml
deleted file mode 100644
index 67bad554d042..000000000000
--- a/src/chrome/content/rules/Spider.io.xml
+++ /dev/null
@@ -1,27 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- challenge	(handshake fails, expired)
-
-
-	Problematic subdomains:
-
-		- ^		(no https)
-		- www		(cloudfront)
-
--->
-<ruleset name="Spider.io (partial)">
-
-	<target host="spider.io" />
-	<target host="www.spider.io" />
-		<!--
-			Changing the visible URL probably
-			wouldn't be appreciated...:
-							-->
-		<exclusion pattern="^http://(?:www\.)?splider\.io/(?!wp-content/)" />
-
-
-	<rule from="^http://(?:www\.)?spider\.io/"
-		to="https://d1ukwbduzme6ra.cloudfront.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/SpiderOak.xml b/src/chrome/content/rules/SpiderOak.xml
deleted file mode 100644
index 626132dcd7aa..000000000000
--- a/src/chrome/content/rules/SpiderOak.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<ruleset name="SpiderOak">
-
-	<target host="spideroak.com"/>
-	<target host="www.spideroak.com"/>
-
-	<securecookie host="^(www\.)?spideroak\.com$" name=".*"/>
-
-	<rule from="^http://(www\.)?spideroak\.com/"
-		to="https://$1spideroak.com/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Spiderweb-Software.xml b/src/chrome/content/rules/Spiderweb-Software.xml
index ec493bd59b3c..0b698620dbe0 100644
--- a/src/chrome/content/rules/Spiderweb-Software.xml
+++ b/src/chrome/content/rules/Spiderweb-Software.xml
@@ -1,12 +1,41 @@
-<ruleset name="Spiderweb Software">
+<!--
+	Problematic domains:
+
+		- www.spiderwebsoftware.com ᵐ
+		- (www.)?spidweb.com ᵐ
+
+	ᵐ Mismatched
+
+
+	Mixed content:
+
+		- css from www.spiderwebsoftware.com ˢ
+		- favicon from www.spiderwebsoftware.com ˢ
+		- Bug from chiclet.ymlp.com ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="Spiderweb Software" platform="mixedcontent">
+
+	<!--	Direct rewrites:
+				-->
 	<target host="spiderwebsoftware.com" />
+
+	<!--	Complications:
+				-->
 	<target host="www.spiderwebsoftware.com" />
+
 	<target host="spidweb.com" />
 	<target host="www.spidweb.com" />
 
-	<securecookie host="^(www\.)?spiderwebsoftware\.com$"
-			name=".+" />
 
-	<rule from="^http://(www\.)?(spidweb|spiderwebsoftware)\.com/"
-		to="https://$1spiderwebsoftware.com/" />
-</ruleset>
\ No newline at end of file
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://(?:(?:www\.)?spidweb|www\.spiderwebsoftware)\.com/"
+		to="https://spiderwebsoftware.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Spiegel-QC.xml b/src/chrome/content/rules/Spiegel-QC.xml
index d4c58afe71f5..5632757bbf7d 100644
--- a/src/chrome/content/rules/Spiegel-QC.xml
+++ b/src/chrome/content/rules/Spiegel-QC.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://adserv.quality-channel.de/ => https://adserv.quality-channel.de/: (6, 'Could not resolve host: adserv.quality-channel.de')
+
 	For other Spiegel Group coverage, see Spiegel.xml.
 
 
@@ -8,15 +12,15 @@
 		- (www.)spiegel-qc.de
 
 -->
-<ruleset name="Spiegel QC (partial)">
+<ruleset name="Spiegel QC (partial)" default_off="failed ruleset test">
 
-	<target host="*.quality-channel.de" />
+	<target host="adserv.quality-channel.de" />
 
 
 	<securecookie host="^\.quality-channel\.de$" name=".+" />
 
 
-	<rule from="^http://adserv\.quality-channel\.de/"
-		to="https://adserv.quality-channel.de/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Spiegel.xml b/src/chrome/content/rules/Spiegel.xml
index c63c2bb9c36a..773861284563 100644
--- a/src/chrome/content/rules/Spiegel.xml
+++ b/src/chrome/content/rules/Spiegel.xml
@@ -2,43 +2,52 @@
 	Other Spiegel Group rulesets:
 
 		- Spiegel-QC.xml
-
-
-	CDN buckets:
-
-		- cdn.spiegel.de.edgesuite.net
-
-			- cdn
-			- cdn[1-4]
-
-
-	Nonfunctional subdomains:
-
-		- forum
-		- tvprogramm
-		- wetter	(cert: plesk; shows default Parallels Plesk page)
-
 -->
-<ruleset name="Spiegel (partial)">
+<ruleset name="Spiegel.de (partial)" >
 
+	<!--	Direct rewrites:
+				-->
 	<target host="spiegel.de" />
-	<target host="*.spiegel.de" />
+	<target host="www.spiegel.de" />
+	<target host="cms.dev.www.spiegel.de" />
+	<target host="cdn.prod.www.spiegel.de" />
+	<target host="cdnsource.prod.www.spiegel.de" />
+	<target host="cdn.qs.www.spiegel.de" />
+	<target host="cdnsource.qs.www.spiegel.de" />
+	<target host="cdn.review.www.spiegel.de" />
+	<target host="cdnsource.review.www.spiegel.de" />
+	<target host="abo.spiegel.de" />
+	<target host="fsm2.spiegel.de" />
+	<target host="magazin.spiegel.de" />
+	<target host="spiegel-de.spiegel.de" />
+	<target host="sats.spiegel.de" />
+	<target host="tippspiel.spiegel.de" />
+
+	<!--	Complications:
+				-->
+	<target host="shop.spiegel.de" />
 
+	<!--	Redirect drops path and forward slash...:
+							-->
 
-	<securecookie host="^(?:count|shop)\.spiegel\.de$" name=".*" />
+	<rule from="^http://shop\.spiegel\.de/[^?]*\??$"
+		to="https://www.amazon.de/b?ie=UTF8&amp;node=2478999031" />
 
+		<test url="http://shop.spiegel.de/shop/action/productDetails" />
+		<test url="http://shop.spiegel.de/shop/action/productDetails?" />
+		<test url="http://shop.spiegel.de/shop/action/quickSearch" />
+		<test url="http://shop.spiegel.de/shop/action/quickSearch?" />
 
-	<!--	- Cert only matches www
-		- Unsupported paths redirect to http
-		- cdn\d?: Akamai
-				-->
-	<rule from="^http://(?:cdn\d?\.)?spiegel\.de/"
-		to="https://www.spiegel.de/" />
+	<!--	...but not args:-->
+
+	<rule from="^http://shop\.spiegel\.de/[^?]*\?"
+		to="https://www.amazon.de/b?ie=UTF8&amp;node=2478999031&amp;" />
 
-	<rule from="^http://www\.spiegel\.de/(images/|img/|layout/|static/|staticgen/)"
-		to="https://www.spiegel.de/$1" />
+		<test url="http://shop.spiegel.de/shop/action/productDetails?foo" />
+		<test url="http://shop.spiegel.de/shop/action/productDetails?bar" />
+		<test url="http://shop.spiegel.de/shop/action/quickSearch?foo" />
+		<test url="http://shop.spiegel.de/shop/action/quickSearch?bar" />
 
-	<rule from="^http://(abo|count|shop|wissen)\.spiegel\.de/"
-		to="https://$1.spiegel.de/" />
+	<rule from="^http:"	to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Spielfuerdeinland.de.xml b/src/chrome/content/rules/Spielfuerdeinland.de.xml
new file mode 100644
index 000000000000..600d22318f7c
--- /dev/null
+++ b/src/chrome/content/rules/Spielfuerdeinland.de.xml
@@ -0,0 +1,17 @@
+<!--
+	Non-functional hosts:
+		Certifiate mismatch:
+		- spielfuerdeinland.de
+
+		Redirect to HTTP:
+		- www.spielfuerdeinland.de
+
+	Mixed content:
+		- causes problems on https://www.spielfuerdeinland.de/sfdl/app/Spiel-fuer-dein-Land-Die-App-und-Download-Links,onlineapp100.html
+-->
+<ruleset name="Spielfuerdeinland.de" platform="mixedcontent" default_off="cert-invalid">
+	<target host="spielfuerdeinland.de" />
+	<target host="www.spielfuerdeinland.de" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Spiil.org.xml b/src/chrome/content/rules/Spiil.org.xml
new file mode 100644
index 000000000000..de6c602489eb
--- /dev/null
+++ b/src/chrome/content/rules/Spiil.org.xml
@@ -0,0 +1,29 @@
+<!--
+	^spiil.org: Refused
+
+
+	Mixed content:
+
+		- Image from www.adobe.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Spiil.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.spiil.org" />
+
+	<!--	Complications:
+				-->
+	<target host="spiil.org" />
+
+
+	<rule from="^http://spiil\.org/"
+		to="https://www.spiil.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Spinics.net.xml b/src/chrome/content/rules/Spinics.net.xml
new file mode 100644
index 000000000000..c102baa6a230
--- /dev/null
+++ b/src/chrome/content/rules/Spinics.net.xml
@@ -0,0 +1,39 @@
+<!--
+	Nonfunctional hosts in *spinics.net:
+
+		- images *
+
+	* Shows another domain
+
+
+	^spinics.net: Expired 2009-08-20, self-signed
+
+
+	Mixed content:
+
+		- Images, from:
+
+			- www.google.com *
+			- images.spinics.net
+
+	* Secured by us
+
+-->
+<ruleset name="spinics.net (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.spinics.net" />
+
+	<!--	Complications:
+				-->
+	<target host="spinics.net" />
+
+
+	<rule from="^http://spinics\.net/"
+		to="https://www.spinics.net/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Spinroot.com.xml b/src/chrome/content/rules/Spinroot.com.xml
new file mode 100644
index 000000000000..d88b6ee54a17
--- /dev/null
+++ b/src/chrome/content/rules/Spinroot.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Spinroot.com">
+	<target host="spinroot.com" />
+	<target host="www.spinroot.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Spirit-animals.com.xml b/src/chrome/content/rules/Spirit-animals.com.xml
new file mode 100644
index 000000000000..ac7646ee6a1c
--- /dev/null
+++ b/src/chrome/content/rules/Spirit-animals.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Spirit-animals.com">
+	<target host="spirit-animals.com" />
+	<target host="www.spirit-animals.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SpiritAirlines.xml b/src/chrome/content/rules/SpiritAirlines.xml
index b5de00d6e8cc..80677cba8d34 100644
--- a/src/chrome/content/rules/SpiritAirlines.xml
+++ b/src/chrome/content/rules/SpiritAirlines.xml
@@ -2,8 +2,5 @@
   <target host="spirit.com" />
   <target host="www.spirit.com" />
 
-  <rule from="^http://spirit\.com/"
-          to="https://spirit.com/" />
-  <rule from="^http://www\.spirit\.com/"
-          to="https://www.spirit.com/" />
-</ruleset>
\ No newline at end of file
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SpiritualPerception.org.xml b/src/chrome/content/rules/SpiritualPerception.org.xml
new file mode 100644
index 000000000000..747d88daac32
--- /dev/null
+++ b/src/chrome/content/rules/SpiritualPerception.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="SpiritualPerception.org">
+	<target host="spiritualperception.org" />
+	<target host="www.spiritualperception.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Spkcn.com.xml b/src/chrome/content/rules/Spkcn.com.xml
new file mode 100644
index 000000000000..b664ecf3c55f
--- /dev/null
+++ b/src/chrome/content/rules/Spkcn.com.xml
@@ -0,0 +1,21 @@
+<!--
+	^: Mismatched
+
+-->
+<ruleset name="spkcn.com">
+
+	<target host="spkcn.com" />
+	<target host="ideas.spkcn.com" />
+	<target host="www.spkcn.com" />
+
+
+	<!--	Redirect preserves forward
+		slash, path, and args:
+					-->
+	<rule from="^http://spkcn\.com/"
+		to="https://www.spkcn.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Splash_Data.com.xml b/src/chrome/content/rules/Splash_Data.com.xml
new file mode 100644
index 000000000000..cf6d890dea72
--- /dev/null
+++ b/src/chrome/content/rules/Splash_Data.com.xml
@@ -0,0 +1,32 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://splashdata.com/ => https://splashdata.com/: (35, 'Unknown SSL protocol error in connection to splashdata.com:443 ')
+Fetch error: http://www.splashdata.com/ => https://www.splashdata.com/: (35, 'Unknown SSL protocol error in connection to www.splashdata.com:443 ')
+
+	Nonfunctional subdomains:
+
+		- forum	(http reply)
+
+
+	Mixed content:
+
+		- Images from www *
+
+		- Web bugs, from:
+
+			- images.scanalert.com *
+			- privacy-policy.truste.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Splash Data.com (partial)" default_off="failed ruleset test">
+
+	<target host="splashdata.com" />
+	<target host="www.splashdata.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Splash_that.com.xml b/src/chrome/content/rules/Splash_that.com.xml
new file mode 100644
index 000000000000..e93b89195ba8
--- /dev/null
+++ b/src/chrome/content/rules/Splash_that.com.xml
@@ -0,0 +1,36 @@
+<!--
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- splashthat.com
+		- insightseries.splashthat.com
+		- www.splashthat.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Image on insightseries from d24wuq6o951i2g.cloudfront.net *
+
+	* Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Splash that.com">
+
+	<target host="splashthat.com" />
+	<target host="insightseries.splashthat.com" />
+	<target host="support.splashthat.com" />
+	<target host="www.splashthat.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^((insightseries|www)\.)?splashthat\.com$" name="^php-console-server$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SplatF.xml b/src/chrome/content/rules/SplatF.xml
deleted file mode 100644
index de21819bba23..000000000000
--- a/src/chrome/content/rules/SplatF.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	CDN buckets:
-
-		- dclr8nj9g78hi.cloudfront.net
-
-			- cdn.splatf.com
-
-
-	Nonfunctional subdomains:
-
-		- (www.)
-
--->
-<ruleset name="SplatF (partial)">
-
-	<target host="cdn.splatf.com" />
-
-
-	<rule from="^https?://cdn\.splatf\.com/"
-		to="https://dclr8nj9g78hi.cloudfront.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/SplatoonWiki.org.xml b/src/chrome/content/rules/SplatoonWiki.org.xml
new file mode 100644
index 000000000000..e03dd88bcdfa
--- /dev/null
+++ b/src/chrome/content/rules/SplatoonWiki.org.xml
@@ -0,0 +1,9 @@
+<ruleset name="SplatoonWiki.org">
+	<target host="splatoonwiki.org" />
+	<target host="www.splatoonwiki.org" />
+	<target host="fr.splatoonwiki.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Splendidbacon.com.xml b/src/chrome/content/rules/Splendidbacon.com.xml
deleted file mode 100644
index 6b29186e4825..000000000000
--- a/src/chrome/content/rules/Splendidbacon.com.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!-- This rule was automatically generated based on an HSTS
-     preload rule in the Chromium browser.  See 
-     https://src.chromium.org/viewvc/chrome/trunk/src/net/base/transport_security_state.cc
-     for the list of preloads.  Sites are added to the Chromium HSTS
-     preload list on request from their administrators, so HTTPS should
-     work properly everywhere on this site.
- 
-     Because Chromium and derived browsers automatically force HTTPS for
-     every access to this site, this rule applies only to Firefox. -->
-<ruleset name="Splendid Bacon" platform="firefox mixedcontent">
-  <target host="splendidbacon.com" />
-  <target host="www.splendidbacon.com" />
-
-  <securecookie host="^splendidbacon\.com$" name=".+" />
-
-  <rule from="^http://(www\.)?splendidbacon\.com/" to="https://splendidbacon.com/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Split_Reason_Clothing.xml b/src/chrome/content/rules/Split_Reason_Clothing.xml
index 3f4538424e69..e32ad6c6767a 100644
--- a/src/chrome/content/rules/Split_Reason_Clothing.xml
+++ b/src/chrome/content/rules/Split_Reason_Clothing.xml
@@ -1,4 +1,11 @@
-<ruleset name="Split Reason Clothing">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://splitreason.com/ => https://splitreason.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.splitreason.com/ => https://www.splitreason.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+-->
+<ruleset name="Split Reason Clothing" default_off="failed ruleset test">
 
 	<target host="splitreason.com" />
 	<target host="www.splitreason.com" />
@@ -7,7 +14,6 @@
 	<securecookie host="^(?:www\.)?splitreason\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?splitreason\.com/"
-		to="https://$1splitreason.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Sploder.com.xml b/src/chrome/content/rules/Sploder.com.xml
new file mode 100644
index 000000000000..168e6c103753
--- /dev/null
+++ b/src/chrome/content/rules/Sploder.com.xml
@@ -0,0 +1,18 @@
+<!--
+	Nonfunctional subdomains:
+
+		- (www.) ¹
+		- avatars ²
+
+	¹ 404, valid cert
+	² 503, valid cert
+
+-->
+<ruleset name="Sploder.com (partial)">
+
+	<target host="cdn.sploder.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Splone.com.xml b/src/chrome/content/rules/Splone.com.xml
new file mode 100644
index 000000000000..3cd0f5c7f78c
--- /dev/null
+++ b/src/chrome/content/rules/Splone.com.xml
@@ -0,0 +1,31 @@
+<!--
+	Problematic hosts in *splone.com:
+
+		- www *
+
+	* Refused
+
+
+	Fully covered hosts in *splone.com:
+
+		- (www.)?	(^ → ^)
+
+-->
+<ruleset name="splone.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="splone.com" />
+
+	<!--	Complications:
+				-->
+	<target host="www.splone.com" />
+
+
+	<rule from="^http://www\.splone\.com/"
+		to="https://splone.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Spogo.co.uk.xml b/src/chrome/content/rules/Spogo.co.uk.xml
new file mode 100644
index 000000000000..fc3ce4e3ebdf
--- /dev/null
+++ b/src/chrome/content/rules/Spogo.co.uk.xml
@@ -0,0 +1,23 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://spogo.co.uk/ => https://spogo.co.uk/: (7, 'Failed to connect to spogo.co.uk port 443: Connection refused')
+Fetch error: http://www.spogo.co.uk/ => https://www.spogo.co.uk/: (7, 'Failed to connect to www.spogo.co.uk port 443: Connection refused')
+
+-->
+<ruleset name="spogo.co.uk" default_off="failed ruleset test">
+
+	<target host="spogo.co.uk" />
+	<target host="www.spogo.co.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?spogo\.co\.uk$" name="^REGISTRATION_DESTINATION$" /-->
+
+	<securecookie host="^(?:www\.)?spogo\.co\.uk$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Spoki.xml b/src/chrome/content/rules/Spoki.xml
index e65d7d8ca03b..bd9635b60824 100644
--- a/src/chrome/content/rules/Spoki.xml
+++ b/src/chrome/content/rules/Spoki.xml
@@ -3,9 +3,8 @@
 	<target host="spoki.lv"/>
 	<!--	* for cross-domain cookies	-->
 	<target host="*.spoki.lv"/>
-	<target host="*.www.spoki.lv"/>
 
-	<securecookie host="^.*\.spoki\.lv$" name=".*"/>
+	<securecookie host="^.*\.spoki\.lv$" name=".+" />
 
 	<rule from="^http://(?:img\d\w\.)?www\.spoki\.lv/"
 		to="https://www.spoki.lv/"/>
diff --git a/src/chrome/content/rules/Spontex.org.xml b/src/chrome/content/rules/Spontex.org.xml
deleted file mode 100644
index e18d6cebef3c..000000000000
--- a/src/chrome/content/rules/Spontex.org.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<ruleset name="Spontex.org" platform="mixedcontent">
-	<target host="spontex.org" />
-	<target host="www.spontex.org" />
-	<target host="fr.spontex.org" />
-	<target host="en.spontex.org" />
-	<target host="media.spontex.org" />
-	<target host="stats.spontex.org" />
-	<target host="m.spontex.org" />
-	<target host="adminmedia.spontex.org" />
-	<securecookie host="^((adminmedia|m|www|fr|en|stats|media)?\.)?spontex\.org$" 
-                name=".+" />
-	<securecookie host="^spontex\.org$" name=".+" />
-  <rule from="^http://spontex\.org/" to="https://spontex.org/" />
-	<rule from="^http://(adminmedia|m|www|fr|en|stats|media)\.spontex\.org/"
-          to="https://$1.spontex.org/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Spoonful.com.xml b/src/chrome/content/rules/Spoonful.com.xml
index 016f9bbfdec7..b3cdb8f2c085 100644
--- a/src/chrome/content/rules/Spoonful.com.xml
+++ b/src/chrome/content/rules/Spoonful.com.xml
@@ -1,4 +1,10 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://spoonful.com/ => https://spoonful.com/: (51, "SSL: no alternative certificate subject name matches target host name 'spoonful.com'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://spoonful.com/ => https://spoonful.com/: (51, "SSL: no alternative certificate subject name matches target host name 'spoonful.com'")
 	CDN buckets:
 
 		- static.spoonful.cre.go.com.nsatc.net
@@ -21,10 +27,11 @@
 	* Secured by us
 
 -->
-<ruleset name="Spoonful.com">
+<ruleset name="Spoonful.com" default_off="failed ruleset test">
 
 	<target host="spoonful.com" />
-	<target host="*.spoonful.com" />
+	<target host="static.spoonful.com" />
+	<target host="www.spoonful.com" />
 
 
 	<rule from="^http://(?:static\.|www\.)?spoonful\.com/"
diff --git a/src/chrome/content/rules/Sport-English.com.xml b/src/chrome/content/rules/Sport-English.com.xml
new file mode 100644
index 000000000000..3ed4802dd044
--- /dev/null
+++ b/src/chrome/content/rules/Sport-English.com.xml
@@ -0,0 +1,14 @@
+<!--
+	Invalid Certificate:
+		sport-english.com
+-->
+<ruleset name="Sport-English.com">
+	<target host="sport-english.com" />
+	<target host="www.sport-english.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://sport-english\.com/" to="https://www.sport-english.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Sport1.de.xml b/src/chrome/content/rules/Sport1.de.xml
new file mode 100644
index 000000000000..42fea585d655
--- /dev/null
+++ b/src/chrome/content/rules/Sport1.de.xml
@@ -0,0 +1,99 @@
+<!--
+	Connection closed:
+		fbia
+
+	Invalid certificate:
+		extsrv01
+		hbbtv
+		imf
+		imf-rest
+		liveblog
+		newsletter
+		olympia
+		on
+		smashdown
+		spiele
+		stage
+		turniere-games
+		base.tv
+
+	Refused:
+		ticker
+
+	SSL: no alternative certificate subject name matches target host name:
+		tracking
+
+	SSL certificate problem: unable to get local issuer certificate:
+		ftp
+
+	Timeout:
+		account
+		community
+		imf-staging
+		mail10
+-->
+<ruleset name="Sport1.de">
+
+	<target host="sport1.de" />
+	<target host="www.sport1.de" />
+	<target host="amp.sport1.de" />
+	<target host="amp-stage.sport1.de" />
+	<target host="api.sport1.de" />
+	<target host="api-stage.sport1.de" />
+	<target host="assets.sport1.de" />
+	<target host="behave.sport1.de" />
+	<target host="bets.sport1.de" />
+	<target host="bets-staging.sport1.de" />
+	<target host="business.sport1.de" />
+	<target host="cmsdata.sport1.de" />
+	<target host="cmsdata-staging.sport1.de" />
+	<target host="darts.sport1.de" />
+	<target host="docs.sport1.de" />
+	<target host="esports-shop.sport1.de" />
+	<target host="ezadmin.sport1.de" />
+	<target host="games.sport1.de" />
+	<target host="go.sport1.de" />
+	<target host="icc.sport1.de" />
+	<target host="images.sport1.de" />
+	<target host="insights.sport1.de" />
+	<target host="jump.sport1.de" />
+	<target host="m.sport1.de" />
+	<target host="newsletter-abmeldung.sport1.de" />
+	<target host="newsletter-anmeldung.sport1.de" />
+	<target host="newsletter-profil.sport1.de" />
+	<target host="oz.sport1.de" />
+	<target host="pmds.sport1.de" />
+	<target host="react.sport1.de" />
+	<target host="react-stage.sport1.de" />
+	<target host="reshape.sport1.de" />
+	<target host="shop.sport1.de" />
+	<target host="sportsapi.sport1.de" />
+	<target host="sportshtml.sport1.de" />
+	<target host="sportshtmlblank.sport1.de" />
+	<target host="www.stage.sport1.de" />
+	<target host="ezadmin.stage.sport1.de" />
+	<target host="m.stage.sport1.de" />
+	<target host="stage-oz.sport1.de" />
+	<target host="stage-reshape.sport1.de" />
+	<target host="stage-tv.sport1.de" />
+	<target host="status.sport1.de" />
+	<target host="streaming-event01.sport1.de" />
+	<target host="streaming-event02.sport1.de" />
+	<target host="streaming-ext1.sport1.de" />
+	<target host="streaming-ext2.sport1.de" />
+	<target host="streaming-ext3.sport1.de" />
+	<target host="streaming-s1free.sport1.de" />
+	<target host="streaming-s1plus.sport1.de" />
+	<target host="tv.sport1.de" />
+	<target host="video.sport1.de" />
+	<target host="vod.sport1.de" />
+	<target host="vod-dach.sport1.de" />
+	<target host="vod-int.sport1.de" />
+	<target host="vod-int-bu.sport1.de" />
+	<target host="vod-onefootball.sport1.de" />
+	<target host="widgets.sport1.de" />
+	<target host="widgets-stage.sport1.de" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Sportifik.xml b/src/chrome/content/rules/Sportifik.xml
index 5e96a91ef3bf..75ad06e6452b 100644
--- a/src/chrome/content/rules/Sportifik.xml
+++ b/src/chrome/content/rules/Sportifik.xml
@@ -2,7 +2,7 @@
     <target host="sportifik.com" />
     <target host="*.sportifik.com" />
 
-    <rule from="^https?://sportifik\.com/"
+    <rule from="^http://sportifik\.com/"
         to="https://www.sportifik.com/"/>
     <rule from="^http://([^/:@]+)?\.sportifik\.com/"
         to="https://$1.sportifik.com/" />
diff --git a/src/chrome/content/rules/Sports_Authority.xml b/src/chrome/content/rules/Sports_Authority.xml
index 67b4e16ca752..4805f5439102 100644
--- a/src/chrome/content/rules/Sports_Authority.xml
+++ b/src/chrome/content/rules/Sports_Authority.xml
@@ -1,10 +1,18 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://sportsauthority.com/ => https://www.sportsauthority.com/: (7, 'Failed to connect to www.sportsauthority.com port 443: Connection timed out')
+Fetch error: http://www.sportsauthority.com/ => https://www.sportsauthority.com/: (7, 'Failed to connect to www.sportsauthority.com port 443: Connection timed out')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://sportsauthority.com/ => https://www.sportsauthority.com/: Too many redirects while fetching 'https://www.sportsauthority.com/'
+Fetch error: http://www.sportsauthority.com/ => https://www.sportsauthority.com/: Too many redirects while fetching 'https://www.sportsauthority.com/'
 	Nonfunctional domains:
 
 		- stores.sportsauthority.com
 
 -->
-<ruleset name="Sports Authority (partial)">
+<ruleset name="Sports Authority (partial)" default_off="failed ruleset test">
 
 	<target host="sportsauthority.com" />
 	<target host="www.sportsauthority.com" />
@@ -13,7 +21,7 @@
 	<securecookie host="^www\.sportsauthority\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?sportsauthority\.com/"
+	<rule from="^http://(?:www\.)?sportsauthority\.com/"
 		to="https://www.sportsauthority.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Sportxx.ch.xml b/src/chrome/content/rules/Sportxx.ch.xml
new file mode 100644
index 000000000000..0a285b2b9000
--- /dev/null
+++ b/src/chrome/content/rules/Sportxx.ch.xml
@@ -0,0 +1,33 @@
+<!--
+	For other Migros coverage, see Migros.xml.
+
+	Nonfunctional hosts in sportxx.ch:
+		- sportxx.ch (m,r) (static resources are working)
+		- www.sportxx.ch (r)
+
+	m: mismatch
+	r: HTTP redirect
+-->
+<ruleset name="Sportxx.ch (partial)">
+	<target host="www.sportxx.ch" />
+	<target host="cdn1.sportxx.ch" />
+	<target host="cdn2.sportxx.ch" />
+	<target host="cdn3.sportxx.ch" />
+	<target host="cdn4.sportxx.ch" />
+
+	<exclusion pattern="^http://www\.sportxx\.ch/$" />
+
+	<test url="http://www.sportxx.ch/js/sportxx.js" />
+	<test url="http://www.sportxx.ch/medias/sys_master/brand_large/4/d/7/b/id_9090064973854_brand.jpg" />
+	<test url="http://www.sportxx.ch/static/templates/shared/resources/stylesheets/fonts/helveticaneue-condensed-bold.woff" />
+	<test url="http://www.sportxx.ch/static/templates/shared/resources/stylesheets/images/m.svg" />
+	<test url="http://www.sportxx.ch/static/templates/sportxx/resources/images/loader.gif" />
+	<test url="http://www.sportxx.ch/static/templates/sportxx/resources/stylesheets/images/cart-icon.png" />
+	<test url="http://www.sportxx.ch/static/templates/sportxx/resources/stylesheets/images/logo_fr.png" />
+	<test url="http://www.sportxx.ch/static/templates/sportxx/resources/stylesheets/screen.css" />
+
+	<rule from="^http://www\.sportxx\.ch/([\.\-/%\w]+)\.(css|gif|jpg|js|png|svg|woff)$"
+		to="https://www.sportxx.ch/$1.$2" />
+	<rule from="^http://cdn([1-4])\.sportxx\.ch/"
+		to="https://cdn$1.sportxx.ch/" />
+</ruleset>
diff --git a/src/chrome/content/rules/Sportys.xml b/src/chrome/content/rules/Sportys.xml
new file mode 100644
index 000000000000..6600e40b323b
--- /dev/null
+++ b/src/chrome/content/rules/Sportys.xml
@@ -0,0 +1,9 @@
+<ruleset name="Sportys">
+	<target host="sportys.com" />
+	<target host="www.sportys.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Sporza.be.xml b/src/chrome/content/rules/Sporza.be.xml
new file mode 100644
index 000000000000..7028248c6154
--- /dev/null
+++ b/src/chrome/content/rules/Sporza.be.xml
@@ -0,0 +1,17 @@
+<!--
+	For other VRT coverage, see Vrt.be.xml
+
+	Invalid certificate:
+		live.sporza.be
+	Refused:
+		www.sporza.be
+		m.video.sporza.be
+-->
+<ruleset name="Sporza.be">
+    <target host="sporza.be" />
+    <target host="m.sporza.be" />
+    <target host="m.live.sporza.be" />
+        <test url="http://m.live.sporza.be/cm/lmc.mobile/m_mc_wielrennen/2.50178/1.2997549"/>
+
+    <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Spot.IM.xml b/src/chrome/content/rules/Spot.IM.xml
new file mode 100644
index 000000000000..b94d97eef5b0
--- /dev/null
+++ b/src/chrome/content/rules/Spot.IM.xml
@@ -0,0 +1,63 @@
+<!--
+	Non-functional hosts
+		Timeout was reached:
+			 - demos.spot.im
+			 - staging.landing.spot.im
+			 - o2.notification.spot.im
+			 - o2.trans.spot.im
+
+		SSL peer certificate was not OK:
+			 - www.blog.spot.im
+			 - www.community.spot.im
+
+		Peer certificate cannot be authenticated with given CA certificates:
+			 - staging-blog.spot.im
+
+		4xx client error:
+			 - app-cdn.spot.im
+			 - launcher.spot.im
+			 - recirculation.spot.im
+			 - s.spot.im
+			 - traffic.spot.im
+
+		5xx server error:
+			 - api.spot.im
+			 - staging-api.spot.im
+			 - stagingv2.spot.im
+
+		Mixed content blocking (MCB) triggered:
+			 - blog.spot.im
+			 - community.spot.im
+-->
+<ruleset name="Spot.im">
+	<target host="spot.im" />
+	<target host="www.spot.im" />
+	<target host="admin.spot.im" />
+	<target host="all.spot.im" />
+	<target host="app-cdn.spot.im" />
+		<test url="http://app-cdn.spot.im/modules/prerender/3.0.126/fast-bundle/bundle.js" />
+	<target host="conversation-read.spot.im" />
+	<target host="developers.spot.im" />
+	<target host="email-connect.spot.im" />
+	<target host="images.spot.im" />
+	<target host="me.spot.im" />
+	<target host="moderation.spot.im" />
+	<target host="newsfeed-sync.spot.im" />
+	<target host="notifications.spot.im" />
+	<target host="open-api.spot.im" />
+	<target host="public-user.spot.im" />
+	<target host="rank.spot.im" />
+	<target host="recommendation.spot.im" />
+	<target host="sentry.spot.im" />
+	<target host="social-connect.spot.im" />
+	<target host="spoxy-eb.spot.im" />
+	<target host="spoxy-shard1.spot.im" />
+	<target host="spoxy-shard2.spot.im" />
+	<target host="spoxy-shard3.spot.im" />
+	<target host="sso.spot.im" />
+	<target host="support.spot.im" />
+	<target host="tracker.spot.im" />
+	<target host="v2.spot.im" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SpotXchange.com.xml b/src/chrome/content/rules/SpotXchange.com.xml
index bce71ffc83cb..a61fd7a70807 100644
--- a/src/chrome/content/rules/SpotXchange.com.xml
+++ b/src/chrome/content/rules/SpotXchange.com.xml
@@ -1,4 +1,9 @@
 <!--
+	Fully covered subdomains:
+
+		- search
+
+
 	Mixed content:
 
 		- Images on www from www *
@@ -9,10 +14,11 @@
 <ruleset name="SpotXchange.com (partial)">
 
 	<target host="spotxchange.com" />
-	<target host="*.spotxchange.com" />
+	<target host="search.spotxchange.com" />
+	<target host="sync.search.spotxchange.com" />
+	<target host="www.spotxchange.com" />
 
 
-	<rule from="^http://(sync\.search\.|www\.)?spotxchange\.com/"
-		to="https://$1spotxchange.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Spotify-problematic.xml b/src/chrome/content/rules/Spotify-problematic.xml
index 8fcfd4079ce1..050eff335759 100644
--- a/src/chrome/content/rules/Spotify-problematic.xml
+++ b/src/chrome/content/rules/Spotify-problematic.xml
@@ -1,13 +1,13 @@
 <!--
-	For rules that are on by default, see Spotify.xml.
+	For rules that are on by default, see SCDN.co.xml.
 
 -->
-<ruleset name="Spotify (problematic)" default_off="mismatched">
+<ruleset name="SCDN.co (problematic)" default_off="mismatched">
 
 	<target host="origin.scdn.co" />
 
 
-	<rule from="^http://origin\.scdn\.co/"
-		to="https://origin.scdn.co/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Spotify.xml b/src/chrome/content/rules/Spotify.xml
index ebf5bb2ea4cd..3629b2b64f5e 100644
--- a/src/chrome/content/rules/Spotify.xml
+++ b/src/chrome/content/rules/Spotify.xml
@@ -1,5 +1,7 @@
 <!--
-	For problematic rules, see Spotify-problematic.xml.
+	Other Spotify rulesets:
+
+		- SCDN.co.xml
 
 
 	CDN buckets:
@@ -8,7 +10,7 @@
 
 		- d1clcicqv97n4s.cloudfront.net
 
-			- download
+			- download.spotify.com
 
 		- d2b1xqaw2ss8na.cloudfront.net
 
@@ -21,33 +23,15 @@
 		- dlfl22czvqywx.cloudfront.net
 		- spotify.i.lithium.com
 
-
-	Problematic domains:
-
-		- cf.scdn.co			(cloudfront)
-		- origin.scdn.co		(mismatched, CN: *.spotify.com)
-
-
-	Fully covered domains:
-
-		- cf.scdn.co	(→ d2c87l0yth4zbw.cloudfront.net)
-
-		- spotify.com subdomains:
-
-			- (www.)
-			- community
-			- developer
-			- download	(→ d1clcicqv97n4s.cloudfront.net)
-			- embed
-			- support
-
-
 	Mixed content:
 
 		- Images, on community from:
 
 			- community *
 			- www.airplane-pictures.net **
+			- labs **
+			- news *
+			- press *
 
 		- Web bugs on community from files.quizsnack.com *
 
@@ -55,23 +39,26 @@
 	** Unsecurable
 
 -->
-<ruleset name="Spotify (partial)">
+<ruleset name="Spotify.com">
 
-	<target host="cf.scdn.co" />
 	<target host="spotify.com" />
-	<target host="*.spotify.com" />
-
-
-	<securecookie host="^(?:community|\.developer|\.?embed|www)?\.spotify\.com$" name=".+" />
-
-
-	<rule from="^http://cf\.scdn\.co/"
-		to="https://d2c87l0yth4zbw.cloudfront.net/" />
-
-	<rule from="^http://((?:community|developer|embed|support|www)\.)?spotify\.com/"
-		to="https://$1spotify.com/" />
-
-	<rule from="^http://download\.spotify\.com/"
-		to="https://d1clcicqv97n4s.cloudfront.net/" />
+	<target host="www.spotify.com" />
+	<target host="charts.spotify.com" />
+	<target host="community.spotify.com" />
+	<target host="developer.spotify.com" />
+	<target host="download.spotify.com" />
+		<test url="http://download.spotify.com/clickonce/clickonce_bootstrap.exe.manifest" />
+	<target host="embed.spotify.com" />
+	<target host="news.spotify.com" />
+	<target host="labs.spotify.com" />
+	<target host="open.spotify.com" />
+	<target host="play.spotify.com" />
+	<target host="press.spotify.com" />
+	<target host="support.spotify.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Spotplanet.xml b/src/chrome/content/rules/Spotplanet.xml
index ab47a99217f2..05a4b7166259 100644
--- a/src/chrome/content/rules/Spotplanet.xml
+++ b/src/chrome/content/rules/Spotplanet.xml
@@ -1,13 +1,21 @@
-<ruleset name="Spotplanet">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://spotplanet.org/ => https://spotplanet.org/: (60, 'SSL certificate problem: self signed certificate')
+Fetch error: http://www.spotplanet.org/ => https://www.spotplanet.org/: (60, 'SSL certificate problem: self signed certificate')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://spotplanet.org/ => https://spotplanet.org/: (60, 'SSL certificate problem: self signed certificate')
+-->
+<ruleset name="Spotplanet" default_off="failed ruleset test">
 
 	<target host="spotplanet.org" />
-	<target host="*.spotplanet.org" />
+	<target host="www.spotplanet.org" />
 
 
 	<securecookie host="^\.spotplanet\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?spotplanet\.org/"
-		to="https://$1spotplanet.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Spotware.com.xml b/src/chrome/content/rules/Spotware.com.xml
index 8d45931cfb57..60b94cdbffc4 100644
--- a/src/chrome/content/rules/Spotware.com.xml
+++ b/src/chrome/content/rules/Spotware.com.xml
@@ -12,7 +12,6 @@
 	<target host="www.spotware.com" />
 
 
-	<rule from="^http://(www\.)?spotware\.com/"
-		to="https://$1spotware.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Sprawl.xml b/src/chrome/content/rules/Sprawl.xml
index 13867fc866f2..10de1ffb6310 100644
--- a/src/chrome/content/rules/Sprawl.xml
+++ b/src/chrome/content/rules/Sprawl.xml
@@ -1,10 +1,8 @@
-<ruleset name="The Sprawl">
+<ruleset name="The Sprawl.org" default_off="Certificate expired">
 
 	<target host="thesprawl.org" />
 	<target host="www.thesprawl.org" />
 
+	<rule from="^http:" to="https:" />
 
-	<rule from="^http://(www\.)?thesprawl\.org/"
-		to="https://$1thesprawl.org/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SpreadPrivacy.com.xml b/src/chrome/content/rules/SpreadPrivacy.com.xml
new file mode 100644
index 000000000000..86db6c6f7f2d
--- /dev/null
+++ b/src/chrome/content/rules/SpreadPrivacy.com.xml
@@ -0,0 +1,15 @@
+<!--
+	This domain is related to DuckDuckGo.com (see also DuckDuckGo.xml).
+
+	Mismatched:
+		- www (CN=spread-privacy.ghst.pro)
+-->
+<ruleset name="SpreadPrivacy.com">
+
+	<target host="spreadprivacy.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Spreadshirt.xml b/src/chrome/content/rules/Spreadshirt.xml
deleted file mode 100644
index 77f93b364c7c..000000000000
--- a/src/chrome/content/rules/Spreadshirt.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<ruleset name="Spreadshirt">
-
-	<target host="spreadshirt.*" />
-	<target host="spreadshirt.co.uk" />
-	<target host="*.spreadshirt.co.uk" />
-	<target host="*.spreadshirt.com" />
-	<target host="*.spreadshirt.net" />
-
-
-	<securecookie host=".*\.spreadshirt\.(?:co\.uk|com|net)$" name=".+" />
-
-
-	<rule from="^http://spreadshirt\.(co\.uk|com|net)/"
-		to="https://www.spreadshirt.$1/" />
-
-	<rule from="^http://(\w+)\.spreadshirt\.(co\.uk|com|net)/"
-		to="https://$1.spreadshirt.$2/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Sprig-of-Thyme.com.xml b/src/chrome/content/rules/Sprig-of-Thyme.com.xml
new file mode 100644
index 000000000000..1f8c282b40bd
--- /dev/null
+++ b/src/chrome/content/rules/Sprig-of-Thyme.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Sprig-of-Thyme.com">
+	<target host="sprig-of-thyme.com" />
+	<target host="www.sprig-of-thyme.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Spring-TNS.net.xml b/src/chrome/content/rules/Spring-TNS.net.xml
index 69b4271fe341..f7f01b5c205f 100644
--- a/src/chrome/content/rules/Spring-TNS.net.xml
+++ b/src/chrome/content/rules/Spring-TNS.net.xml
@@ -1,31 +1,47 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://foreca.spring-tns.net/blank.gif => https://ssl-foreca.spring-tns.net/blank.gif: (6, 'Could not resolve host: ssl-foreca.spring-tns.net')
+
 	Web bugs.
 
 
+	(www.)?spring-tns.net does not exist.
+
+
 	Problematic subdomains:
 
 		- nelonen	(refused)
 
 -->
-<ruleset name="Spring-TNS.net (partial)">
+<ruleset name="Spring-TNS.net (partial)" default_off="failed ruleset test">
 
 	<target host="*.spring-tns.net" />
 
+		<exclusion pattern="^http://(?:[^./]+\.){2,}spring-tns\.net/" />
+
+			<!--	+ve:
+					-->
+			<test url="http://this.host.spring-tns.net/" />
+			<test url="http://exists.not.spring-tns.net/" />
+
 
 	<!--securecookie host="^\.spring-tns\.net$" name="^i00$" /-->
 	<!--securecookie host=".+\.spring-tns\.net$" name="^srp$" /-->
-	<securecookie host=".*\.spring-tns\.net$" name=".+" />
+	<securecookie host=".\.spring-tns\.net$" name=".+" />
 
 
-	<rule from="^http://ssl-(\w+)\.spring-tns\.net/"
+	<rule from="^http://(?!ssl-)([^.]+)\.spring-tns\.net/"
 		to="https://ssl-$1.spring-tns.net/" />
 
-	<rule from="^http://nelonen\.spring-tns\.net/"
-		to="https://ssl-nelonen.spring-tns.net/" />
+		<test url="http://foreca.spring-tns.net/blank.gif" />
+		<test url="http://mtv3.spring-tns.net/blank.gif" />
+		<test url="http://nelonen.spring-tns.net/blank.gif" />
+		<test url="http://tori.spring-tns.net/blank.gif" />
+
+	<rule from="^http:"
+		to="https:" />
 
-	<!--	Does this work for all subdomains?
-							-->
-	<!--rule from="^http://(\w+)\.spring-tns\.net/"
-		to="https://ssl-$1.spring-tns.net/" /-->
+		<test url="http://ssl-tori.spring-tns.net/blank.gif" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Spring.io-falsemixed.xml b/src/chrome/content/rules/Spring.io-falsemixed.xml
deleted file mode 100644
index e8049f57bb02..000000000000
--- a/src/chrome/content/rules/Spring.io-falsemixed.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	For rules not causing false/broken MCB, see Spring.io.xml.
-
--->
-<ruleset name="Spring.io (false MCB)" platform="mixedcontent">
-
-	<target host="forum.spring.io" />
-
-
-	<securecookie host="^forum\.spring\.io$" name=".+" />
-
-
-	<rule from="^http://forum\.spring\.io/"
-		to="https://forum.spring.io/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Spring.io.xml b/src/chrome/content/rules/Spring.io.xml
index c931bb612aaf..20b92a182dc5 100644
--- a/src/chrome/content/rules/Spring.io.xml
+++ b/src/chrome/content/rules/Spring.io.xml
@@ -1,37 +1,40 @@
 <!--
-	For rules causing false/broken MCB, see Spring.io-falsemixed.xml.
-
-
-	Nonfunctional subdomains:
-
-		- projects
-
-
-	Fully covered subdomains:
-
-		- (www.)
-
-
-	Mixed content:
-
-		- css, on forum from:
-
-			- forum *
-			- fonts.googleapis.com *
-			- netdna.bootstrapcdn.com *
-
-		- Images, on forum from forum *
-
-	* Secured by us
-
+	Nonfunctional hosts in *.spring.io:
+		502 error:
+			* forum.spring.io
+		Invalid Certificate:
+			* redirect.spring.io
+			* search.spring.io
+
+	Mixed content on:
+		* Some docs.spring.io pages
 -->
 <ruleset name="Spring.io (partial)">
 
 	<target host="spring.io" />
 	<target host="www.spring.io" />
-
-
-	<rule from="^http://(www\.)?spring\.io/"
-		to="https://$1spring.io/" />
-
+	<target host="assets.spring.io" />
+		<test url="http://assets.spring.io/drupal/files/Spring_A_Managers_OverviewVer05.pdf" />
+	<target host="build.spring.io" />
+	<target host="ci.spring.io" />
+	<target host="cloud.spring.io" />
+		<test url="http://cloud.spring.io/spring-cloud-config/" />
+	<target host="cloud-start.spring.io" />
+	<target host="docs.spring.io" />
+		<test url="http://docs.spring.io/spring-boot/docs/current/reference/html/boot-features-profiles.html" />
+	<target host="jenkins.spring.io" />
+	<target host="platform.spring.io" />
+		<test url="http://platform.spring.io/platform/" />
+	<target host="projects.spring.io" />
+		<test url="http://projects.spring.io/spring-framework/" />
+	<target host="repo.spring.io" />
+	<target host="schema.spring.io" />
+	<target host="sonar.spring.io" />
+	<target host="start.spring.io" />
+	<target host="store.spring.io" />
+	<target host="jira.spring.io" />
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Spring.org.uk.xml b/src/chrome/content/rules/Spring.org.uk.xml
new file mode 100644
index 000000000000..b22f55886914
--- /dev/null
+++ b/src/chrome/content/rules/Spring.org.uk.xml
@@ -0,0 +1,18 @@
+<!--
+	Mixed content:
+
+		- Image on www from $self *
+
+	* Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Spring.org.uk" default_off="expired, self-signed">
+
+	<target host="spring.org.uk" />
+	<target host="www.spring.org.uk" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SpringFiles.com.xml b/src/chrome/content/rules/SpringFiles.com.xml
new file mode 100644
index 000000000000..58361b5f8225
--- /dev/null
+++ b/src/chrome/content/rules/SpringFiles.com.xml
@@ -0,0 +1,12 @@
+<!--
+	Remark: *.springfiles.com has a wildcard DNS record.
+-->
+<ruleset name="SpringFiles.com (partial)">
+	<target host="springfiles.com" />
+	<target host="www.springfiles.com" />
+	<target host="admin.springfiles.com" />
+
+	<securecookie host="^(www\.|admin\.)?springfiles\.com$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SpringFiles.xml b/src/chrome/content/rules/SpringFiles.xml
deleted file mode 100644
index 198a2e3b7106..000000000000
--- a/src/chrome/content/rules/SpringFiles.xml
+++ /dev/null
@@ -1,31 +0,0 @@
-<!--
-	Nonfunctional:
-
-		- metadata.springfiles.com (cert: springfiles.com; 404)
-
-
-	Mixed content:
-
-		- Images on ^ from ^ *
-
-		- Web bug on ^ from www.facebook.com *
-
-	* Secured by us
-
--->
-<ruleset name="SpringFiles (partial)" platform="cacert" default_off="expired">
-
-	<target host="springfiles.com" />
-	<target host="*.springfiles.com" />
-	<target host="springfiles.nl" />
-	<target host="*.springfiles.nl" />
-
-
-	<securecookie host="^\.springfiles\.com$" name=".*" />
-
-
-	<!--	Cert doesn't match www nor nl	-->
-	<rule from="^https?://(?:www\.)?springfiles\.(?:com|nl)/"
-		to="https://springfiles.com/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Spring_RTS.com.xml b/src/chrome/content/rules/Spring_RTS.com.xml
new file mode 100644
index 000000000000..7224062ddf00
--- /dev/null
+++ b/src/chrome/content/rules/Spring_RTS.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .springrts.com
+
+-->
+<ruleset name="Spring RTS.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="springrts.com" />
+	<target host="www.springrts.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.springrts\.com$" name="^phpbb3_\w+_(?:k|sid|u)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Springer-Gabler.de.xml b/src/chrome/content/rules/Springer-Gabler.de.xml
new file mode 100644
index 000000000000..3561bdbe1f5e
--- /dev/null
+++ b/src/chrome/content/rules/Springer-Gabler.de.xml
@@ -0,0 +1,17 @@
+<!--
+	For other Springer coverage, see Springer.xml.
+
+-->
+<ruleset name="Springer-Gabler.de" default_off="mismatched">
+
+	<target host="springer-gabler.de" />
+	<target host="www.springer-gabler.de" />
+
+
+	<securecookie host="^springer-gabler\.de$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?springer-gabler\.de/"
+		to="https://springer-gabler.de/"/>
+
+</ruleset>
diff --git a/src/chrome/content/rules/Springer-Medizin.de.xml b/src/chrome/content/rules/Springer-Medizin.de.xml
new file mode 100644
index 000000000000..5f3132733f21
--- /dev/null
+++ b/src/chrome/content/rules/Springer-Medizin.de.xml
@@ -0,0 +1,36 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://registrierung.springer-medizin.de/ => https://registrierung.springer-medizin.de/: (51, "SSL: no alternative certificate subject name matches target host name 'registrierung.springer-medizin.de'")
+
+	For other Springer coverage, see Springer.xml.
+
+
+	Nonfunctional hosts:
+
+		- www.mediadaten *
+
+	* Shows adwizard.springer.com
+
+
+	Insecure cookies are set for these hosts:
+
+		- registrierung.springer-medizin.de
+
+-->
+<ruleset name="Springer Zahnmedizin.de (partial)" default_off="failed ruleset test">
+
+	<target host="registrierung.springer-medizin.de" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^registrierung\.springer-medizin\.de$" name="^Apache$" /-->
+
+	<securecookie host="^registrierung\.springer-medizin\.de$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Springer.xml b/src/chrome/content/rules/Springer.xml
index 62124699f373..ccf9b786ba1a 100644
--- a/src/chrome/content/rules/Springer.xml
+++ b/src/chrome/content/rules/Springer.xml
@@ -1,61 +1,112 @@
 <!--
+	For rules causing false/broken MCB, see springer.com-falsemixed.xml.
+
 	Other Springer rulesets:
 
-		- Biomed-Central.xml
+		- Springer-Gabler.de.xml
+		- Springer_Zahnmedizin.de.xml
 
 
 	Nonfunctional domains:
 
 		- (www.)chemistrycentral.com	(times out)
-		- link.springer.com *
-		- rd.springer.com *
+		- academy.springer.com ᵃ
 		- (www.)springeropen.com *
 
 	* 504, akamai
+	ᵃ Shows another domain
 
 
 	Problematic domains:
 
-		- springer.com			(mismatched, CN: www.springer.com)
+		- springer.com ᵐ
+		- adinsight.springer.com ᴬ
+		- adis.springer.com ᴬ
+		- adis-static.springer.com ᴬ
+		- download.springer.com ᴬ
+		- download-redirector.springer.com ᴬ
+		- extras.springer.com ᵐ
+		- lod.springer.com ˣ
+		- materials.springer.com ᴬ
+
 		- springerlink.com
 		- www.springerlink.com		(akamai)
 		- (www.)springeronline.com	(works; mismatched, CN: www.springer.com)
 
+	ᴬ Akamai / mismatched
+	ᵐ Mismatched
+	ˣ Mixed css, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
-	Fully covered domains:
 
-		- (www.)springer.com
-		- admin.springer.com
-		- checkout.springer.com
-		- images.springer.com
-		- preview.springer.com
-		- static.springer.com
+	These altnames do not exist:
 
--->
-<ruleset name="Springer (partial)">
+		- download-ssl.springer.com
+		- health-ssl.springer.com
+		- rd-ssl.springer.com
 
-	<target host="springer.com" />
-	<target host="*.springer.com" />
-	<target host="springer-gabler.de" />
-	<target host="www.springer-gabler.de" />
-	<target host="springerzahnmedizin.de"/>
-	<target host="www.springerzahnmedizin.de"/>
 
+	Insecure cookies are set for these domains and hosts: ᶜ
 
-	<securecookie host="^springer-gabler\.de$" name=".+" />
-	<securecookie host="^.+\.springer\.com$" name=".+" />
+		- .springer.com
+		- lod.springer.com
 
+	ᶜ See https://owasp.org/index.php/SecureFlag
 
-	<rule from="^https?://(?:www\.)?springer\.com/"
-		to="https://www.springer.com/"/>
 
-	<rule from="^http://(admin|checkout|images|preview|static)\.springer\.com/"
-		to="https://$1.springer.com/" />
+	Mixed content:
+
+		- css on lod from $self ˢ
+		- Images on lod from $self ˢ
+		- Bugs on health, link, rd from springergmbh01.webtrekk.net ˢ
 
-	<rule from="^http://(?:www\.)?springer-gabler\.de/"
-		to="https://springer-gabler.de/"/>
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Springer.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="admin.springer.com" />
+	<target host="adminportal.springer.com" />
+	<target host="adwizard.springer.com" />
+	<target host="checkout.springer.com" />
+	<target host="dev.springer.com" />
+	<target host="health.springer.com" />
+	<target host="images.springer.com" />
+	<target host="lab.springer.com" />
+	<target host="link.springer.com" />
+	<!--target host="lod.springer.com" /-->
+	<target host="preview.springer.com" />
+	<target host="copublishers.live.cf.public.springer.com" />
+	<target host="resource-cms.springer.com" />
+	<target host="signon.springer.com" />
+	<target host="static.springer.com" />
+	<target host="static-content.springer.com" />
+	<target host="www.springer.com" />
+
+		<test url="http://images.springer.com/_default" />
+		<test url="http://resource-cms.springer.com/springer-cms/rest/v1/img/35898/v2/spcom-img-homepage-teaser" />
+		<test url="http://static.springer.com/spcom/sites/sgw/images/expander_arrows.png" />
+		<test url="http://static-content.springer.com/cover/cover-placeholder.png" />
+
+	<!--	Complications:
+				-->
+	<target host="springer.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.springer\.com$" name="^(?:sim-inst-token|tabSet|springercomcountry|trackid)$" /-->
+	<!--securecookie host="^lod\.springer\.com$" name="^JSESSIONID$" /-->
+
+	<securecookie host=".\.springer\.com$" name=".+" />
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+
+
+	<rule from="^http://springer\.com/"
+		to="https://www.springer.com/"/>
 
-	<rule from="^http://(?:www\.)?springerzahnmedizin\.de/(css|img|servlet)/"
-		to="https://springerzahnmedizin.de/$1/"/>
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/SpringerNature.com.xml b/src/chrome/content/rules/SpringerNature.com.xml
new file mode 100644
index 000000000000..f2c7956a43b7
--- /dev/null
+++ b/src/chrome/content/rules/SpringerNature.com.xml
@@ -0,0 +1,61 @@
+<!--
+	Refused:
+		authors.springernature.com
+		compliance.springernature.com
+		helpdesk.springernature.com
+		unifiedconcur.springernature.com
+
+	No working URL known:
+		citrix-nz.springernature.com
+		eas.springernature.com
+		ews.springernature.com
+		idp.springernature.com
+		media.springernature.com
+		owa.springernature.com
+
+	Invalid certificate:
+		click.springernature.com
+		editorial-jobs.springernature.com
+		id.springernature.com (broken chain)
+		www.search.springernature.com
+		sndigital.springernature.com
+
+	Connection reset:
+		leap.springernature.com
+
+-->
+<ruleset name="SpringerNature.com">
+
+	<target host="springernature.com" />
+	<target host="www.springernature.com" />
+	<target host="adminportal.springernature.com" />
+	<target host="app-hive.springernature.com" />
+	<target host="as.springernature.com" />
+	<target host="authorservices.springernature.com" />
+	<target host="www.authorservices.springernature.com" />
+	<target host="identity.authorservices.springernature.com" />
+	<target host="secure.authorservices.springernature.com" />
+	<target host="secureb.authorservices.springernature.com" />
+	<target host="bookmanuscriptsubmission.springernature.com" />
+	<target host="dam.springernature.com" />
+	<target host="dropbox.springernature.com" />
+	<target host="ebookrecords.springernature.com" />
+	<target host="experiments.springernature.com" />
+	<target host="grandchallenges.springernature.com" />
+	<target host="group.springernature.com" />
+	<target host="hive.springernature.com" />
+	<target host="jira.springernature.com" />
+	<target host="labs.springernature.com" />
+	<target host="liferay.springernature.com" />
+	<target host="myaccount.springernature.com" />
+	<target host="preview.springernature.com" />
+	<target host="recommendations.springernature.com" />
+	<target host="recommended.springernature.com" />
+	<target host="researchdata.springernature.com" />
+	<target host="resources.springernature.com" />
+	<target host="scigraph.springernature.com" />
+	<target host="search.springernature.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Springer_Zahnmedizin.de.xml b/src/chrome/content/rules/Springer_Zahnmedizin.de.xml
new file mode 100644
index 000000000000..f072b8fc2ae4
--- /dev/null
+++ b/src/chrome/content/rules/Springer_Zahnmedizin.de.xml
@@ -0,0 +1,41 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://springerzahnmedizin.de/ => https://springerzahnmedizin.de/: (7, 'Failed to connect to springerzahnmedizin.de port 443: Connection refused')
+Fetch error: http://fortbildung.springerzahnmedizin.de/ => https://fortbildung.springerzahnmedizin.de/: (51, "SSL: no alternative certificate subject name matches target host name 'fortbildung.springerzahnmedizin.de'")
+Fetch error: http://www.springerzahnmedizin.de/ => https://www.springerzahnmedizin.de/: (51, "SSL: no alternative certificate subject name matches target host name 'www.springerzahnmedizin.de'")
+
+	For other Springer coverage, see Springer.xml.
+
+
+	Fully covered hosts in *springerzahnmedizin.de:
+
+		- (www.)?
+		- fortbildung
+
+
+	Insecure cookies are set for these hosts:
+
+		- springerzahnmedizin.de
+		- fortbildung.springerzahnmedizin.de
+		- www.springerzahnmedizin.de
+
+-->
+<ruleset name="Springer Zahnmedizin.de" default_off="failed ruleset test">
+
+	<target host="springerzahnmedizin.de"/>
+	<target host="fortbildung.springerzahnmedizin.de" />
+	<target host="www.springerzahnmedizin.de"/>
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(fortbildung\.|www\.)?springerzahnmedizin\.de$" name="Apache$" /-->
+
+	<securecookie host="^(?:fortbildung\.|www\.)?springerzahnmedizin\.de$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Springpad.xml b/src/chrome/content/rules/Springpad.xml
deleted file mode 100644
index 10a812eb7946..000000000000
--- a/src/chrome/content/rules/Springpad.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="Springpad">
-  <target host="springpadit.com" />
-  <target host="www.springpadit.com" />
-
-  <rule from="^http://(?:www\.)?springpadit\.com/" to="https://springpadit.com/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/Springserve.com.xml b/src/chrome/content/rules/Springserve.com.xml
new file mode 100644
index 000000000000..d333ff65e474
--- /dev/null
+++ b/src/chrome/content/rules/Springserve.com.xml
@@ -0,0 +1,35 @@
+<!--
+	Cert mismatch:
+		- origin.vid-io.springserve.com
+
+	Connection refused:
+		- tools.springserve.com
+		- origin.vid-io.springserve.com
+-->
+<ruleset name="Springserve">
+
+	<target host="springserve.com" />
+	<target host="www.springserve.com" />
+
+
+	<target host="hb.springserve.com" />
+	<target host="dmp.springserve.com" />
+	<target host="vast-videos.springserve.com" />
+	<target host="sync.springserve.com" />
+	<target host="vd.springserve.com" />
+	<target host="vid.springserve.com" />
+	<target host="vid-io.springserve.com" />
+	<target host="hb-io.springserve.com" />
+	<target host="post.update.morgdog.springserve.com" />
+	<target host="edat.springserve.com" />
+	<target host="s.update.morgdog.springserve.com" />
+	<target host="omni.springserve.com" />
+	<target host="vid-ssb.springserve.com" />
+	<target host="videos.springserve.com" />
+	<target host="video.springserve.com" />
+	<target host="vpaid.springserve.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Springshare.xml b/src/chrome/content/rules/Springshare.xml
index 677a9166e570..61fcd8fb88fb 100644
--- a/src/chrome/content/rules/Springshare.xml
+++ b/src/chrome/content/rules/Springshare.xml
@@ -1,22 +1,62 @@
 <!--
 	Other Springshare rulesets:
 
+		- Guide_FAQ.com.xml
 		- LibAnswers.xml
+		- LibApps.com.xml
+		- LibCal.com.xml
 		- LibGuides.xml
 
 
-	Nonfunctional subdomains:
+	Nonfunctional hosts in *springshare.com:
 
-		- lgproc.aws.springshare.com
+		- lgproc.aws
+		- help *
+
+	* Redirects to http
+
+
+	Problematic hosts in *springshare.com:
+
+		- blog *
+		- buzz *
+		- calendar *
+		- support *
+
+	* Mismatched
+
+
+	Mixed content:
+
+		- css on blog from fonts.googleapis.com *
+		- Images on calendar from lgimages.s3.amazonaws.com
+
+	* Secured by us
 
 -->
-<ruleset name="Springshare">
+<ruleset name="Springshare.com (partial)">
 
 	<target host="springshare.com" />
-	<target host="www.springshare.com" />
+	<target host="ask.springshare.com" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.springshare\.com/(?:$|favicon\.ico|images/|img/|style\.css)" /-->
+
+			<!--	+ve:
+					-->
+			<!--test url="http://www.springshare.com/favicon.ico" /-->
+			<!--test url="http://www.springshare.com/images/blue-bullet.png" /-->
+			<!--test url="http://www.springshare.com/images/icon-lc-88.png" /-->
+			<!--test url="http://www.springshare.com/images/top_logo.png" /-->
+			<!--test url="http://www.springshare.com/img/white_menu_divider.gif" /-->
+			<!--test url="http://www.springshare.com/styles.css" /-->
+
+
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^http://(www\.)?springshare\.com/"
-		to="https://$1springshare.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Sprint.com.xml b/src/chrome/content/rules/Sprint.com.xml
index a202affb4817..a459f3133494 100644
--- a/src/chrome/content/rules/Sprint.com.xml
+++ b/src/chrome/content/rules/Sprint.com.xml
@@ -1,4 +1,28 @@
+
 <!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Fetch error: http://ria.sprint.com/ => https://ria.sprint.com/: (7, 'Failed to connect to ria.sprint.com port 443: Connection refused')
+
+-->
+
+<!--
+The following targets have been disabled at 2020-04-17 18:38:06:
+
+Fetch error: http://discover.sprint.com/ => https://discover.sprint.com/: (6, 'Could not resolve host: discover.sprint.com')
+Fetch error: http://image2.sprint.com/ => https://image2.sprint.com/: (6, 'Could not resolve host: image2.sprint.com')
+Fetch error: http://image3.sprint.com/ => https://image3.sprint.com/: (6, 'Could not resolve host: image3.sprint.com')
+Fetch error: http://image4.sprint.com/ => https://image4.sprint.com/: (6, 'Could not resolve host: image4.sprint.com')
+Fetch error: http://shop2.sprint.com/ => https://shop2.sprint.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://manage.sprintpcs.com/ => https://manage.sprintpcs.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://manage.sprintpcs.com/ => https://manage.sprintpcs.com/: (28, 'Connection timed out after 10001 milliseconds')
+	Other Sprint rulesets:
+
+		- Sprint_Buyback.com.xml
+
+
 	Nonfunctional:
 
 		- community.sprint.com	(at least some pages under baw/ 404)
@@ -11,26 +35,28 @@
 <ruleset name="Sprint.com (partial)">
 
 	<target host="sprint.com" />
-	<target host="*.sprint.com" />
-	<target host="manage.sprintpcs.com" />
+	<target host="www.sprint.com" />
+	<target host="community.sprint.com" />
+	<target host="coverage.sprint.com" />
+	<!-- target host="discover.sprint.com" /-->
+	<!-- target host="image2.sprint.com" /-->
+	<!-- target host="image3.sprint.com" /-->
+	<!-- target host="image4.sprint.com" /-->
+	<target host="mysprint.sprint.com" />
+	<!-- target host="ria.sprint.com" /-->
+	<target host="shop.sprint.com" />
+	<!-- target host="shop2.sprint.com" /-->
+	<target host="support.sprint.com" />
+	<!-- target host="manage.sprintpcs.com" /-->
 
 
-	<securecookie host="^.*\.sprint(pcs)?\.com$" name=".*" />
+	<securecookie host="^.*\.sprint(?:pcs)?\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?sprint\.com/"
+	<rule from="^http://(?:www\.)?sprint\.com/"
 		to="https://www.sprint.com/" />
 
-	<rule from="^http://community\.sprint\.com/favicon\.ico"
-		to="https://community.sprint.com/favicon.ico" />
-
-	<rule from="^http://(coverage|discover|image[234]|mysprint|ria|shop2?)\.sprint\.com/"
-		to="https://$1.sprint.com/" />
-
-	<rule from="^http://support\.sprint\.com/(catalog/image|global/(?:cs|image))s/"
-		to="https://support.sprint.com/$1s/" />
-
-	<rule from="^http://manage\.sprintpcs\.com/"
-		to="https://manage.sprintpcs.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Sprint_Buyback.com.xml b/src/chrome/content/rules/Sprint_Buyback.com.xml
new file mode 100644
index 000000000000..e9208938e98a
--- /dev/null
+++ b/src/chrome/content/rules/Sprint_Buyback.com.xml
@@ -0,0 +1,15 @@
+<!--
+	For other Sprint coverage, see Sprint.com.xml.
+
+
+	(www.)?: mismatched
+
+-->
+<ruleset name="Sprint Buyback.com (partial)">
+
+	<target host="secure.sprintbuyback.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SpritesMods.com.xml b/src/chrome/content/rules/SpritesMods.com.xml
new file mode 100644
index 000000000000..0923c5099202
--- /dev/null
+++ b/src/chrome/content/rules/SpritesMods.com.xml
@@ -0,0 +1,15 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.spritesmods.com/ => https://www.spritesmods.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.spritesmods.com'")
+
+-->
+<ruleset name="SpritesMods.com" default_off="failed ruleset test">
+
+	<target host="spritesmods.com" />
+	<target host="www.spritesmods.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Sprout.xml b/src/chrome/content/rules/Sprout.xml
index 268c54c5ce78..4fa1600d8c6c 100644
--- a/src/chrome/content/rules/Sprout.xml
+++ b/src/chrome/content/rules/Sprout.xml
@@ -1,10 +1,18 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://sproutinc.com/ => https://sproutinc.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.sproutinc.com/ => https://sproutinc.com/: (28, 'Connection timed out after 20000 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://sproutinc.com/ => https://sproutinc.com/: (28, 'Connection timed out after 10001 milliseconds')
+Fetch error: http://www.sproutinc.com/ => https://sproutinc.com/: (28, 'Connection timed out after 10000 milliseconds')
 	Nonfunctional domains:
 
 		- (www.)sproutbuilder.com
 
 -->
-<ruleset name="Sprout (partial)">
+<ruleset name="Sprout (partial)" default_off="failed ruleset test">
 
 	<target host="sproutinc.com" />
 	<target host="www.sproutinc.com" />
@@ -13,7 +21,7 @@
 	<!--	- www doesn't work over https
 		- Redirects to !www over http.
 					-->
-	<rule from="^https?://(?:www\.)?sproutinc\.com/"
+	<rule from="^http://(?:www\.)?sproutinc\.com/"
 		to="https://sproutinc.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/SproutVideo.com.xml b/src/chrome/content/rules/SproutVideo.com.xml
new file mode 100644
index 000000000000..22af8e746d37
--- /dev/null
+++ b/src/chrome/content/rules/SproutVideo.com.xml
@@ -0,0 +1,39 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- sproutvideo.com
+		- videos.sproutvideo.com
+
+
+	Mixed content:
+
+		- Image from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="SproutVideo.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="sproutvideo.com" />
+	<target host="videos.sproutvideo.com" />
+	<target host="www.sproutvideo.com" />
+
+		<!--	Mixed image:
+					-->
+		<test url="http://sproutvideo.com/blog/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^sproutvideo\.com$" name="^(?:_sproutvideo_session|flp|source)$" /-->
+	<!--securecookie host="^videos\.sproutvideo\.com$" name="^svid$" /-->
+
+	<securecookie host="^(?:videos\.)?sproutvideo\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Spsn.net.xml b/src/chrome/content/rules/Spsn.net.xml
new file mode 100644
index 000000000000..60315387594e
--- /dev/null
+++ b/src/chrome/content/rules/Spsn.net.xml
@@ -0,0 +1,15 @@
+<ruleset name="spsn.net">
+
+	<target host="spsn.net" />
+	<target host="www.spsn.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?spsn\.net$" name="^session$" /-->
+	<securecookie host="^(?:www\.)?spsn\.net$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Sptag1.com.xml b/src/chrome/content/rules/Sptag1.com.xml
deleted file mode 100644
index 55cf67257c6b..000000000000
--- a/src/chrome/content/rules/Sptag1.com.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="sptag1.com">
-
-	<target host="sptag1.com" />
-	<target host="www.sptag1.com" />
-
-
-	<securecookie host="^(?:www\.)?sptag1\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?sptag1\.com/"
-		to="https://$1sptag1.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Spu.ac.th.xml b/src/chrome/content/rules/Spu.ac.th.xml
deleted file mode 100644
index c1daa0ac1c53..000000000000
--- a/src/chrome/content/rules/Spu.ac.th.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="Spu.ac.th (broken)" default_off="HTTPS URL not found">
-  <target host="spu.ac.th" />
-  <target host="www.spu.ac.th" />
-
-  <rule from="^http://(www\.)?spu\.ac\.th/" to="https://www.spu.ac.th/" />
-</ruleset>
diff --git a/src/chrome/content/rules/SpyShelter.xml b/src/chrome/content/rules/SpyShelter.xml
new file mode 100644
index 000000000000..e4de56549fe5
--- /dev/null
+++ b/src/chrome/content/rules/SpyShelter.xml
@@ -0,0 +1,9 @@
+<ruleset name="SpyShelter">
+	<target host=    "spyshelter.com" />
+	<target host="www.spyshelter.com" />
+
+  	<securecookie host="^www\.spyshelter\.com$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Spyderco.xml b/src/chrome/content/rules/Spyderco.xml
index fbbb41cca3e8..132915526bbb 100644
--- a/src/chrome/content/rules/Spyderco.xml
+++ b/src/chrome/content/rules/Spyderco.xml
@@ -1,6 +1,10 @@
-<ruleset name="Spyderco" platform="mixedcontent">
+<ruleset name="Spyderco.com">
+
+	<!--	Direct rewrites:
+				-->
   <target host="spyderco.com" />
   <target host="www.spyderco.com" />
 
-  <rule from="^http://(www\.)?spyderco\.com/" to="https://$1spyderco.com/"/>
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Spylog.com.xml b/src/chrome/content/rules/Spylog.com.xml
index 3a7be0d2538e..12f02661f7b9 100644
--- a/src/chrome/content/rules/Spylog.com.xml
+++ b/src/chrome/content/rules/Spylog.com.xml
@@ -20,4 +20,4 @@
 	<rule from="^http://(?:u\d+\.02|counter)\.spylog\.com/"
 		to="https://counter.spylog.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Sqsp.com.xml b/src/chrome/content/rules/Sqsp.com.xml
new file mode 100644
index 000000000000..76d1257422b9
--- /dev/null
+++ b/src/chrome/content/rules/Sqsp.com.xml
@@ -0,0 +1,33 @@
+<!--
+	For other Squarespace coverage, see Squarespace.xml.
+
+
+	Problematic domains:
+
+		- ([\w-]+.)?sqsp.com: Mismatched
+
+
+	Clients have unique subdomains.
+
+-->
+<ruleset name="Sqsp.com">
+
+	<target host="sqsp.com" />
+	<target host="*.sqsp.com" />
+
+		<!--	Special cases:
+					-->
+		<test url="http://www.sqsp.com/" />
+
+		<!--	(Client domains):
+						-->
+		<test url="http://dozuki.sqsp.com/" />
+
+
+	<!--	Redirect keeps path, args,
+		and forward slash:
+					-->
+	<rule from="^http://([\w-]+\.)?sqsp\.com/"
+		to="https://$1squarespace.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Square.com.xml b/src/chrome/content/rules/Square.com.xml
deleted file mode 100644
index 3fc41db70df0..000000000000
--- a/src/chrome/content/rules/Square.com.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!-- This rule was automatically generated based on an HSTS
-     preload rule in the Chromium browser.  See
-     https://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.h
-     for the list of preloads.  Sites are added to the Chromium HSTS
-     preload list on request from their administrators, so HTTPS should
-     work properly everywhere on this site.
-
-     Because Chromium and derived browsers automatically force HTTPS for
-     every access to this site, this rule applies only to Firefox. -->
-<ruleset name="Square.com" platform="firefox">
-<target host="square.com" />
-
-<securecookie host="^square\.com$" name=".+" />
-
-<rule from="^http://square\.com/" to="https://square.com/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Square_Penguin.xml b/src/chrome/content/rules/Square_Penguin.xml
index 469b1d497ce7..df59cd3d57eb 100644
--- a/src/chrome/content/rules/Square_Penguin.xml
+++ b/src/chrome/content/rules/Square_Penguin.xml
@@ -1,13 +1,13 @@
-<ruleset name="Square Penguin">
+<ruleset name="Square Penguin.co.uk">
 
 	<target host="squarepenguin.co.uk" />
-	<target host="*.squarepenguin.co.uk" />
+	<target host="www.squarepenguin.co.uk" />
 
 
-	<securecookie host="^\.squarepenguin\.co\.uk$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(www\.)?squarepenguin\.co\.uk/"
-		to="https://$1squarepenguin.co.uk/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Squarefree.com.xml b/src/chrome/content/rules/Squarefree.com.xml
index 839e135748d6..09f43a011b07 100644
--- a/src/chrome/content/rules/Squarefree.com.xml
+++ b/src/chrome/content/rules/Squarefree.com.xml
@@ -1,10 +1,9 @@
 <ruleset name="squarefree.com">
-
 	<target host="squarefree.com" />
 	<target host="www.squarefree.com" />
+	<target host="htmledit.squarefree.com" />
+	<target host="www.htmledit.squarefree.com" />
 
-
-	<rule from="^http://(www\.)?squarefree\.com/"
-		to="https://$1squarefree.com/" />
-
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Squarespace-clients.xml b/src/chrome/content/rules/Squarespace-clients.xml
deleted file mode 100644
index 3fed8200388b..000000000000
--- a/src/chrome/content/rules/Squarespace-clients.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	This ruleset is for Squarespace clients which otherwise have no rules off by default.
-
--->
-<ruleset name="Squarespace clients" default_off="mismatch">
-
-	<!--	Cert: *.squarespace.com	-->
-	<target host="ohnopodcast.com" />
-	<target host="www.ohnopodcast.com" />
-
-
-	<!--	- At least the homepage redirects to http
-		- !www 301s to www
-		- universal/ can be fetched from squarespace.com,
-		  but is that worth it? Maybe deal with it later.
-					-->
-	<rule from="^https?://(?:www\.)?ohnopodcast\.com/(display|layout|storage|universal)/"
-		to="https://www.ohnopodcast.com/$1/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Squarespace.xml b/src/chrome/content/rules/Squarespace.xml
index 5982282a3e80..b442b47d7c0a 100644
--- a/src/chrome/content/rules/Squarespace.xml
+++ b/src/chrome/content/rules/Squarespace.xml
@@ -1,40 +1,50 @@
 <!--
-	CDN buckets:
+	Other Squarespace rulesets:
 
-		- s3.amazonaws.com/s3.media.squarespace.com/
-			- s3.media.squarespace.com
+		- Sqsp.com.xml
 
-		- squarespace.cachefly.net
-			- squarespace.cachefly.net
 
--->
-<ruleset name="Squarespace (partial)">
+	Mixed content:
+
+		- Images on (client_subdomain).squarespace.com from $self *
+
+	* Secured by us
 
-	<target host="sqsp.com" />
-	<target host="*.sqsp.com" />
-	<target host="squarespace.com"/>
-	<target host="*.squarespace.com" />
-	<target host="s3.media.squarespace.com" />
 
+	Clients have unique subdomains.
 
-	<securecookie host="^.*\.sq(?:sp|uarespace)\.com$" name=".+" />
+-->
+<ruleset name="Squarespace.com (partial)">
+
+	<target host="squarespace.com" />
+	<target host="*.squarespace.com" />
 
+		<!--	Direct rewrites:
+					-->
+		<test url="http://blog.squarespace.com/" />
+		<test url="http://developers.squarespace.com/" />
+		<test url="http://static.squarespace.com/" />
+		<test url="http://static1.squarespace.com/" />
+		<test url="http://www.squarespace.com/" />
 
-	<rule from="^http://(\w+\.)?sqsp\.com/"
-		to="https://$1sqsp.com/" />
+		<!-- see https://github.com/EFForg/https-everywhere/issues/5622,
+		     https://github.com/EFForg/https-everywhere/issues/8752 and
+		     https://github.com/EFForg/https-everywhere/issues/14382 -->
+		<exclusion pattern="^http://static\.squarespace\.com/universal/scripts-compressed/.+\.js$" />
+		<test url="http://static.squarespace.com/universal/scripts-compressed/commerce-356bf589098c2e9faf2d-min.en-US.js" />
+		<test url="http://static.squarespace.com/universal/scripts-compressed/common-dd64a0db275c6e4d9e4a-min.en-US.js" />
+		<test url="http://static.squarespace.com/universal/scripts-compressed/commerce-b058ae78ba10263f4ade-min.js" />
+		<test url="http://static.squarespace.com/universal/scripts-compressed/common-df74a0490af8af881a93-min.js" />
+		<test url="http://static.squarespace.com/universal/scripts-compressed/common-add104b2b7cce25eb854-min.js" />
+		<test url="http://static.squarespace.com/universal/scripts-compressed/slides-4f64e7da35a986c724d0-min.js" />
 
-	<rule from="^http://((?:blog|developers|static|www)\.)?squarespace\.com/"
-		to="https://$1squarespace.com/" />
+		<!-- see https://github.com/EFForg/https-everywhere/issues/8251 -->
+		<exclusion pattern="^http://sg-links\.squarespace\.com" />
 
-	<rule from="^https?://cachefly\.squarespace\.com/"
-		to="https://squarespace.cachefly.net/" />
+		<test url="http://sg-links.squarespace.com/wf/click?upn=randomstring" />
 
-	<rule from="^https?://s3\.media\.squarespace\.com/"
-		to="https://s3.amazonaws.com/s3.media.squarespace.com/" />
+	<securecookie host=".+" name=".+" />
 
-	<!--	Clients have unique subdomains.
-						-->
-	<rule from="^http://(\w+)\.squarespace\.com/(display/|favicon\.ico|layout/|picture/|storage/|universal/)"
-		to="https://$1.squarespace.com/$2" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Squareup.com.xml b/src/chrome/content/rules/Squareup.com.xml
deleted file mode 100644
index f76e5815733e..000000000000
--- a/src/chrome/content/rules/Squareup.com.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!-- This rule was automatically generated based on an HSTS
-     preload rule in the Chromium browser.  See 
-     https://src.chromium.org/viewvc/chrome/trunk/src/net/base/transport_security_state.cc
-     for the list of preloads.  Sites are added to the Chromium HSTS
-     preload list on request from their administrators, so HTTPS should
-     work properly everywhere on this site.
- 
-     Because Chromium and derived browsers automatically force HTTPS for
-     every access to this site, this rule applies only to Firefox.
-
--->
-<ruleset name="Square" platform="firefox">
-
-	<target host="squareup.com" />
-	<target host="www.squareup.com" />
-
-	<securecookie host="^(?:www\.)?squareup\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?squareup\.com/"
-		to="https://$1squareup.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Squid_Solutions.xml b/src/chrome/content/rules/Squid_Solutions.xml
deleted file mode 100644
index b36a6c7f69aa..000000000000
--- a/src/chrome/content/rules/Squid_Solutions.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	Nonfunctional domains:
-
-		- (www.)squidsolutions.com
-
--->
-<ruleset name="Squid Solutions (partial)">
-
-	<target host="aws.tracker.squidanalytics.com" />
-
-
-	<rule from="^http://aws\.tracker\.squidanalytics\.com/"
-		to="https://aws.tracker.squidanalytics.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Squirrel-webmail.surftown.com.xml b/src/chrome/content/rules/Squirrel-webmail.surftown.com.xml
index a5072698dcf4..3a611b7db383 100644
--- a/src/chrome/content/rules/Squirrel-webmail.surftown.com.xml
+++ b/src/chrome/content/rules/Squirrel-webmail.surftown.com.xml
@@ -1,5 +1,17 @@
-<ruleset name="Squirrel-webmail.surftown.com">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://squirrel-webmail.surftown.com/ => https://squirrel-webmail.surftown.com/: (7, 'Failed to connect to squirrel-webmail.surftown.com port 443: No route to host')
+
+-->
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://squirrel-webmail.surftown.com/ => https://squirrel-webmail.surftown.com/: (7, 'Failed to connect to squirrel-webmail.surftown.com port 443: Connection refused')
+
+-->
+<ruleset name="Squirrel-webmail.surftown.com" default_off="failed ruleset test">
   <target host="squirrel-webmail.surftown.com" />
 
-  <rule from="^http://squirrel-webmail\.surftown\.com/" to="https://squirrel-webmail.surftown.com/" />
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/SquirrelMail.org.xml b/src/chrome/content/rules/SquirrelMail.org.xml
new file mode 100644
index 000000000000..4974ccac0537
--- /dev/null
+++ b/src/chrome/content/rules/SquirrelMail.org.xml
@@ -0,0 +1,19 @@
+<!--
+	Invalid certificate:
+		l10n-stats.squirrelmail.org
+		mail.squirrelmail.org
+		mail2.squirrelmail.org
+		ns.squirrelmail.org
+		snapshots.squirrelmail.org
+
+-->
+<ruleset name="SquirrelMail.org">
+
+	<target host="squirrelmail.org" />
+	<target host="www.squirrelmail.org" />
+
+	<securecookie host="^squirrelmail\.org$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SquirrelMail.xml b/src/chrome/content/rules/SquirrelMail.xml
deleted file mode 100644
index 3136a98bfbf9..000000000000
--- a/src/chrome/content/rules/SquirrelMail.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="SquirrelMail">
-	<target host="squirrelmail.org" />
-	<target host="www.squirrelmail.org" />
-
-	<securecookie host="^squirrelmail\.org$"
-			name=".+" />
-
-	<rule from="^(http://(www\.)?|https://www\.)squirrelmail\.org/"
-		to="https://squirrelmail.org/" />
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Srcclr.com.xml b/src/chrome/content/rules/Srcclr.com.xml
new file mode 100644
index 000000000000..064f567c8fa3
--- /dev/null
+++ b/src/chrome/content/rules/Srcclr.com.xml
@@ -0,0 +1,26 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://api.srcclr.com/ => https://api.srcclr.com/: (6, 'Could not resolve host: api.srcclr.com')
+Fetch error: http://app.srcclr.com/ => https://app.srcclr.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	Other SourceClear rulesets:
+
+
+-->
+<ruleset name="srcclr.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="srcclr.com" />
+	<target host="api.srcclr.com" />
+	<target host="app.srcclr.com" />
+	<target host="blog.srcclr.com" />
+	<target host="download.srcclr.com" />
+	<target host="www.srcclr.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Srcf.net.xml b/src/chrome/content/rules/Srcf.net.xml
new file mode 100644
index 000000000000..c50be1db5b92
--- /dev/null
+++ b/src/chrome/content/rules/Srcf.net.xml
@@ -0,0 +1,63 @@
+<!--
+	Problematic domains:
+
+	alto.srcf.net            (Known to exist, but not yet tested for HTTPS support.)
+	ash.srcf.net             (Known to exist, but not yet tested for HTTPS support.)
+	auth.ns.srcf.net         (Known to exist, but not yet tested for HTTPS support.)
+	avalanche.srcf.net       (Known to exist, but not yet tested for HTTPS support.)
+	blizzard.srcf.net        (Known to exist, but not yet tested for HTTPS support.)
+	chimney.srcf.net         (Known to exist, but not yet tested for HTTPS support.)
+	cloud.srcf.net           (Known to exist, but not yet tested for HTTPS support.)
+	cumulus.srcf.net         (Known to exist, but not yet tested for HTTPS support.)
+	cyclone.srcf.net         (Known to exist, but not yet tested for HTTPS support.)
+	desktop.srcf.net         (Known to exist, but not yet tested for HTTPS support.)
+	discord.srcf.net         (Known to exist, but not yet tested for HTTPS support.)
+	drought.srcf.net         (Known to exist, but not yet tested for HTTPS support.)
+	earthquake.srcf.net      (Known to exist, but not yet tested for HTTPS support.)
+	files.srcf.net           (Known to exist, but not yet tested for HTTPS support.)
+	flame.srcf.net           (Known to exist, but not yet tested for HTTPS support.)
+	flood-ipv4.srcf.net      (Known to exist, but not yet tested for HTTPS support.)
+	flood.srcf.net           (Known to exist, but not yet tested for HTTPS support.)
+	ftp.srcf.net             (Known to exist, but not yet tested for HTTPS support.)
+	ghost.srcf.net           (Known to exist, but not yet tested for HTTPS support.)
+	gopher.srcf.net          (Known to exist, but not yet tested for HTTPS support.)
+	hurricane.srcf.net       (Known to exist, but not yet tested for HTTPS support.)
+	hydra.srcf.net           (Known to exist, but not yet tested for HTTPS support.)
+	internal.srcf.net        (Known to exist, but not yet tested for HTTPS support.)
+	irc.srcf.net             (Known to exist, but not yet tested for HTTPS support.)
+	mail.srcf.net            (Known to exist, but not yet tested for HTTPS support.)
+	munin.srcf.net           (Known to exist, but not yet tested for HTTPS support.)
+	news.srcf.net            (Known to exist, but not yet tested for HTTPS support.)
+	nntp.srcf.net            (Known to exist, but not yet tested for HTTPS support.)
+	ns.srcf.net              (Known to exist, but not yet tested for HTTPS support.)
+	party.srcf.net           (Known to exist, but not yet tested for HTTPS support.)
+	pdu-mill-2.srcf.net      (Known to exist, but not yet tested for HTTPS support.)
+	pip-webservices.srcf.net (Known to exist, but not yet tested for HTTPS support.)
+	pip.srcf.net             (Known to exist, but not yet tested for HTTPS support.)
+	power.srcf.net           (Known to exist, but not yet tested for HTTPS support.)
+	rescue.srcf.net          (Known to exist, but not yet tested for HTTPS support.)
+	seismograph.srcf.net     (Known to exist, but not yet tested for HTTPS support.)
+	shell.srcf.net           (Known to exist, but not yet tested for HTTPS support.)
+	smog.srcf.net            (Known to exist, but not yet tested for HTTPS support.)
+	soc.srcf.net             (Known to exist, but not yet tested for HTTPS support.)
+	status.srcf.net          (Known to exist, but not yet tested for HTTPS support.)
+	stream.srcf.net          (Known to exist, but not yet tested for HTTPS support.)
+	thunder.srcf.net         (Known to exist, but not yet tested for HTTPS support.)
+	tsunami.srcf.net         (Known to exist, but not yet tested for HTTPS support.)
+	user.srcf.net            (Known to exist, but not yet tested for HTTPS support.)
+	webchat.srcf.net         (Known to exist, but not yet tested for HTTPS support.)
+	webserver.srcf.net       (Known to exist, but not yet tested for HTTPS support.)
+	webstats.srcf.net        (Known to exist, but not yet tested for HTTPS support.)
+	wiki.srcf.net            (Known to exist, but not yet tested for HTTPS support.)
+-->
+<ruleset name="Srcf.net">
+
+	<target host="srcf.net" />
+	<target host="lists.srcf.net" />
+	<target host="webmail.srcf.net" />
+	<target host="www.srcf.net" />
+	<target host="cueims.soc.srcf.net" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Srclib.org.xml b/src/chrome/content/rules/Srclib.org.xml
new file mode 100644
index 000000000000..81f4e885787f
--- /dev/null
+++ b/src/chrome/content/rules/Srclib.org.xml
@@ -0,0 +1,23 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .srclib.org
+
+-->
+<ruleset name="srclib.org">
+
+	<target host="srclib.org" />
+	<target host="www.srclib.org" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.srclib\.org$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Srdrvp.com.xml b/src/chrome/content/rules/Srdrvp.com.xml
new file mode 100644
index 000000000000..600d1cdeb099
--- /dev/null
+++ b/src/chrome/content/rules/Srdrvp.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="srdrvp.com">
+
+	<target host="srdrvp.com" />
+	<target host="www.srdrvp.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Srna.sk.xml b/src/chrome/content/rules/Srna.sk.xml
new file mode 100644
index 000000000000..0473303eb39c
--- /dev/null
+++ b/src/chrome/content/rules/Srna.sk.xml
@@ -0,0 +1,9 @@
+<ruleset name="Srna.sk">
+
+	<target host="srna.sk" />
+	<target host="www.srna.sk" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Srvv.net.xml b/src/chrome/content/rules/Srvv.net.xml
new file mode 100644
index 000000000000..adb1f29658d8
--- /dev/null
+++ b/src/chrome/content/rules/Srvv.net.xml
@@ -0,0 +1,13 @@
+<!--
+	For other prxy coverage, see Prxy.com.xml.
+
+-->
+<ruleset name="srvv.net">
+
+	<target host="web01.srvv.net" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Srware.xml b/src/chrome/content/rules/Srware.xml
index dc514fafdded..c27f333a5be1 100644
--- a/src/chrome/content/rules/Srware.xml
+++ b/src/chrome/content/rules/Srware.xml
@@ -1,8 +1,18 @@
-<ruleset name="Srware">
+<!--
+	Mixed content:
+
+		- Images from $self *
+		- Bug from www.browser-statistik.de *
+
+	* Secured by us
+
+-->
+<ruleset name="SRWare.net">
   <target host="srware.net"/>
   <target host="www.srware.net"/>
 
-  <securecookie host="^(.*\.)?srware.net$" name=".*" />
+  <securecookie host=".+" name=".+" />
 
-  <rule from="^http://(?:www\.)?srware\.net/" to="https://www.srware.net/"/>
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/SsbKyh.com.xml b/src/chrome/content/rules/SsbKyh.com.xml
index 06e3280fbf14..28b6b7735892 100644
--- a/src/chrome/content/rules/SsbKyh.com.xml
+++ b/src/chrome/content/rules/SsbKyh.com.xml
@@ -19,4 +19,4 @@
 	<rule from="^http://cdn\.ssbkyh\.com/"
 		to="https://djhznh41oxwef.cloudfront.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Sslcert14.com.xml b/src/chrome/content/rules/Sslcert14.com.xml
deleted file mode 100644
index 5855a8ad9963..000000000000
--- a/src/chrome/content/rules/Sslcert14.com.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	Clients have unique subdomains.
-
--->
-<ruleset name="sslcert14.com">
-
-	<target host="sslcert14.com" />
-	<target host="*.sslcert14.com" />
-
-
-	<securecookie host="^(?:.+\.)?sslcert14\.com$" name=".+" />
-
-
-	<rule from="^http://([\w-]+\.)?sslcert14\.com/"
-		to="https://$1sslcert14.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Sslcert35.com.xml b/src/chrome/content/rules/Sslcert35.com.xml
index e25c9ccb40f8..199156f95563 100644
--- a/src/chrome/content/rules/Sslcert35.com.xml
+++ b/src/chrome/content/rules/Sslcert35.com.xml
@@ -19,4 +19,4 @@
 	<rule from="^http://([\w-]+)\.sslcert35\.com/"
 		to="https://$1.sslcert35.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Ssldomain.com.xml b/src/chrome/content/rules/Ssldomain.com.xml
index a7296633b1b2..18549cfcd16b 100644
--- a/src/chrome/content/rules/Ssldomain.com.xml
+++ b/src/chrome/content/rules/Ssldomain.com.xml
@@ -10,10 +10,10 @@
 		<exclusion pattern="^http://www\." />
 
 
-	<securecookie host=".+\.ssldomain\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http://([\w-]+)\.ssldomain\.com/"
 		to="https://$1.ssldomain.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Ssltrust.us.xml b/src/chrome/content/rules/Ssltrust.us.xml
index adf5dee64225..ba2c6e426dd3 100644
--- a/src/chrome/content/rules/Ssltrust.us.xml
+++ b/src/chrome/content/rules/Ssltrust.us.xml
@@ -1,9 +1,14 @@
-<ruleset name="ssltrust.us (partial)">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://test.ssltrust.us/ => https://test.ssltrust.us/: (6, 'Could not resolve host: test.ssltrust.us')
+
+-->
+<ruleset name="ssltrust.us (partial)" default_off="failed ruleset test">
 
 	<target host="test.ssltrust.us" />
 
 
-	<rule from="^http://test\.ssltrust\.us/"
-		to="https://test.ssltrust.us/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/St-Andrews.ac.uk.xml b/src/chrome/content/rules/St-Andrews.ac.uk.xml
new file mode 100644
index 000000000000..5fad8b8bbc79
--- /dev/null
+++ b/src/chrome/content/rules/St-Andrews.ac.uk.xml
@@ -0,0 +1,60 @@
+<!--
+	University of St Andrews
+
+
+	Nonfunctional subdomains:
+
+		- morph.cs		(dropped)
+		- research-repository	(redirects to http)
+
+
+	Problematic subdomains:
+
+		- ^	(cert only matches www)
+
+
+	Fully covered subdomains:
+
+		- (www.)	(^ → www)
+		- risweb
+		- sparc
+		- www.vacancies
+
+
+	Observed cookie domains:
+
+		- research-repository ¹
+		- risweb ²
+		- www.vacancies ²
+
+	¹ Not secured by us <= we don't touch plaintext cookies
+	² Secured by us
+
+
+	Mixed content:
+
+		- Images on risweb from www *
+
+	* Secured by us
+
+-->
+<ruleset name="St-Andrews.ac.uk (partial)">
+
+	<target host="st-andrews.ac.uk" />
+	<target host="www.st-andrews.ac.uk" />
+	<target host="risweb.st-andrews.ac.uk" />
+	<target host="sparc.st-andrews.ac.uk" />
+	<target host="www.vacancies.st-andrews.ac.uk" />
+		<!--exclusion pattern="^http://research-repository\.st-andrews\.ac\.uk/+($|community-list$|favicon\.ico|image/|print\.css|static/|styles\.css|utils\.js)" /-->
+
+
+	<securecookie host="^\.(?:.+\.)?st-andrews\.ac\.uk$" name="^__utm\w+$" />
+	<securecookie host="^(?:risweb|www\.vacancies)\.st-andrews\.ac\.uk$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?st-andrews\.ac\.uk/"
+		to="https://www.st-andrews.ac.uk/" />
+
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/StShrt.com.xml b/src/chrome/content/rules/StShrt.com.xml
new file mode 100644
index 000000000000..388151875813
--- /dev/null
+++ b/src/chrome/content/rules/StShrt.com.xml
@@ -0,0 +1,37 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.stshrt.com/ => https://www.stshrt.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.stshrt.com'")
+
+	For other Shorte.st coverage, see Shorte.st.xml.
+
+
+	Bugs.
+
+
+	^stshrt.com doesn't exist.
+
+
+	Insecure cookies are set for these domains:
+
+		- .stshrt.com
+
+-->
+<ruleset name="stShrt.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.stshrt.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.stshrt\.com$" name="^(?:ecvtcn|ecvtcn_shstview)$" /-->
+
+	<securecookie host="^\.stshrt\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/St_Graber.org.xml b/src/chrome/content/rules/St_Graber.org.xml
index ad9ec32a0c59..8ee220245b20 100644
--- a/src/chrome/content/rules/St_Graber.org.xml
+++ b/src/chrome/content/rules/St_Graber.org.xml
@@ -1,10 +1,10 @@
 <ruleset name="St Graber.org">
 
 	<target host="stgraber.org" />
-	<target host="*.stgraber.org" />
+	<target host="dl.stgraber.org" />
+	<target host="www.stgraber.org" />
 
 
-	<rule from="^http://(dl\.|www\.)?stgraber\.org/"
-		to="https://$1stgraber.org/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/St_Kitts_Zipline.xml b/src/chrome/content/rules/St_Kitts_Zipline.xml
index 0f80601c2071..75a5e65c65a3 100644
--- a/src/chrome/content/rules/St_Kitts_Zipline.xml
+++ b/src/chrome/content/rules/St_Kitts_Zipline.xml
@@ -1,14 +1,21 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://stkittszipline.com/ => http://stkittszipline.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://stkittszipline.com/ => http://stkittszipline.com/: (28, 'Resolving timed out after 10520 milliseconds')
 	Nonfunctional subdomains:
 
 		- ^		(redirects to www.bransonzipline.com, valid cert)
 		- www		(redirects to secure, valid cert)
 
 -->
-<ruleset name="St. Kitts Zipline (partial)">
+<ruleset name="St. Kitts Zipline (partial)" default_off="failed ruleset test">
 
 	<target host="stkittszipline.com" />
-	<target host="*.stkittszipline.com" />
+	<target host="www.stkittszipline.com" />
+	<target host="secure.stkittszipline.com" />
 
 
 	<securecookie host="^secure\.stkittszipline\.com$" name=".+" />
@@ -20,4 +27,4 @@
 	<rule from="^http://secure\.stkittszipline\.com/"
 		to="https://secure.stkittszipline.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/St_L_Beacon.org.xml b/src/chrome/content/rules/St_L_Beacon.org.xml
new file mode 100644
index 000000000000..bfd3b65e04bd
--- /dev/null
+++ b/src/chrome/content/rules/St_L_Beacon.org.xml
@@ -0,0 +1,24 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://stlbeacon.org/ => https://stlbeacon.org/: (28, 'Connection timed out after 20008 milliseconds')
+Fetch error: http://www.stlbeacon.org/ => https://www.stlbeacon.org/: (28, 'Connection timed out after 20001 milliseconds')
+
+	^: shows another domain
+-->
+<ruleset name="St L Beacon.org" default_off="failed ruleset test">
+
+	<target host="stlbeacon.org" />
+	<target host="www.stlbeacon.org" />
+
+
+	<!--	Not secured by server:
+					-->
+
+	<securecookie host="^(?:www\.)?stlbeacon\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Sta.sh.xml b/src/chrome/content/rules/Sta.sh.xml
new file mode 100644
index 000000000000..072736b78757
--- /dev/null
+++ b/src/chrome/content/rules/Sta.sh.xml
@@ -0,0 +1,12 @@
+<!--
+	For other DeviantArt coverage, see DeviantArt.xml.
+-->
+
+<ruleset name="Sta.sh">
+	<target host="sta.sh" />
+	<target host="www.sta.sh" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Stable-Host.xml b/src/chrome/content/rules/Stable-Host.xml
index 3824c771dbb7..9adcb01541d6 100644
--- a/src/chrome/content/rules/Stable-Host.xml
+++ b/src/chrome/content/rules/Stable-Host.xml
@@ -4,24 +4,55 @@
 		- blog	(ssl_error_rx_record_too_long)
 		- cdn	(times out)
 
+
+	Fully covered hosts in *stablehost.com:
+
+		- (www.)?
+		- billing
+		- cdn		(→ www.stablehost.com)
+		- forums
+
+
+	Insecure cookies are set for these domains:
+
+		- .stablehost.com
+		- billing.stablehost.com
+
+
+	Mixed content:
+
+		- css on forums, www from fonts.googleapis.com *
+
+	* Secured by us
+
 -->
-<ruleset name="Stable Host (partial)">
+<ruleset name="Stable Host.com (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="stablehost.com" />
+	<target host="billing.stablehost.com" />
+	<target host="forums.stablehost.com" />
 	<target host="www.stablehost.com" />
 
+	<!--	Complications:
+				-->
+	<target host="cdn.stablehost.com" />
 
-	<securecookie host="^billing\.stablehost\.com$" name=".*" />
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.stablehost\.com$" name="^(__cfduid|cf_clearance)$" /-->
+	<!--securecookie host="^billing\.stablehost\.com$" name="^WHMCS\w+$" /-->
 
-	<!--	Some pages redirect to http.	-->
-	<rule from="^http://(www\.)?stablehost\.com/(css/|images/|login\.php)"
-		to="https://$1stablehost.com/$2" />
+	<securecookie host="^\.stablehost\.com$" name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^billing\.stablehost\.com$" name=".+" />
 
-	<rule from="^http://billing\.stablehost\.com/"
-		to="https://billing.stablehost.com/" />
 
-	<rule from="^https?://cdn\.stablehost\.com/"
+	<rule from="^http://cdn\.stablehost\.com/"
 		to="https://www.stablehost.com/images/" />
 
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/Stack-Exchange.xml b/src/chrome/content/rules/Stack-Exchange.xml
index 156418f3690d..1a2410d9833c 100644
--- a/src/chrome/content/rules/Stack-Exchange.xml
+++ b/src/chrome/content/rules/Stack-Exchange.xml
@@ -1,85 +1,152 @@
 <!--
-	Nonfunctional domains:
+	This ruleset aims to cover all sites in the Stackexchange family
 
-		- chat.stackexchange.com	(Mixed content)
-		- meta.*.stackexchange.com      (cert: *.stackexchange.com)
+	Problematic domains:
 
-
-	Fully covered domains:
-
-        - *.stackexchange.com
-
-    As of Dec., 2013, stackexchange has a cert valid for:
-        - *.stackexchange.com
-        - stackexchange.com
-        - meta.stackexchange.com
-        - *.meta.stackexchange.com
-        - *.stackoverflow.com
-        - stackoverflow.com
-        - serverfault.com
-        - stackauth.com
-        - sstatic.net
-        - meta.serverfault.com
-        - superuser.com
-        - meta.superuser.com
-        - stackapps.com
-        - openid.stackauth.com 
+		- www.stackapps.com ==> Mismatched
+		- mathoverflow.com ==> No response (only a redirect to mathoverflow.net anyway)
+		- meta.*.stackexchange.com ==> Mismatched (now *.meta.stackexchange.com)
+		- blog.*  ==> Mixed Active Content
+		- discuss.area51.stackexchange.com ==> Mismatched
 
 -->
-<ruleset name="Stack Exchange (partial)">
+<ruleset name="Stack Exchange">
 
+	<!-- Askubuntu -->
 	<target host="askubuntu.com" />
 	<target host="www.askubuntu.com" />
+	<target host="meta.askubuntu.com" />
+
+	<!-- Blogoverflow -->
 	<target host="blogoverflow.com" />
 	<target host="www.blogoverflow.com" />
+
+	<!-- Mathoverflow -->
+	<target host="mathoverflow.net" />
+	<target host="www.mathoverflow.net" />
+	<target host="meta.mathoverflow.net" />
+
+	<!-- Serverfault -->
+	<target host="meta.serverfault.com" />
 	<target host="serverfault.com" />
-	<target host="*.serverfault.com" />
-	<target host="sstatic.net" />
-	<target host="cdn.sstatic.net" />
-	<target host="or.cdn.sstatic.net" />
+
+	<!-- Stackauth -->
+	<target host="stackauth.com" />
+	<target host="dev.stackauth.com" />
+
+	<!-- Stackexchange -->
 	<target host="stackexchange.com" />
 	<target host="*.stackexchange.com" />
+	<!-- This wildcard covers 125 subdomains -->
+		<test url="http://academia.stackexchange.com/" />
+		<test url="http://crypto.stackexchange.com/" />
+		<test url="http://reverseengineering.stackexchange.com/" />
+		<test url="http://unix.stackexchange.com/" />
+		<test url="http://writers.stackexchange.com/" />
+
+		<!-- gaming blog causes certificate mismatch errors -->
+		<exclusion pattern="^http://blog\.gaming\.stackexchange\.com"/>
+		<test url="http://blog.gaming.stackexchange.com/" />
+
+		<!-- this causes login issues on area51. See:
+			- https://area51.meta.stackexchange.com/questions/13597/area-51-openid-login-is-broken-with-https/27726
+			- https://github.com/EFForg/https-everywhere/issues/14452
+			- https://meta.stackexchange.com/questions/292058/network-wide-https-its-time/306308#306308
+		-->
+		<exclusion pattern="^http://area51\.stackexchange\.com/users/authenticate/\?s=" />
+		<test url="http://area51.stackexchange.com/users/authenticate/?s=" />
+		<test url="http://area51.stackexchange.com/users/authenticate/?s=11111111-1111-1111-1111-111111111111" />
+
+	<!-- Stackoverflow -->
 	<target host="stackoverflow.com" />
-	<target host="*.stackoverflow.com" />
-	<target host="app.stacktack.com" />
+	<target host="www.stackoverflow.com" />
+	<target host="chat.stackoverflow.com" />
+	<target host="careers.stackoverflow.com" />
+	<target host="email.stackoverflow.com" />
+	<target host="ja.stackoverflow.com" />
+	<target host="meta.stackoverflow.com" />
+	<target host="pt.stackoverflow.com" />
+	<target host="ru.stackoverflow.com" />
+	<target host="blog.stackoverflow.com" />
+	<target host="stackoverflow.blog" />
+	<target host="www.stackoverflow.blog" />
+	<target host="stackoverflow.email" />
+	<target host="sg-links.stackoverflow.email" />
+
+	<!-- Superuser -->
 	<target host="superuser.com" />
-	<target host="*.superuser.com" />
-    <target host="stackapps.com" />
-    <exclusion pattern="^http://chat\.stackexchange\.com/" />
+	<target host="www.superuser.com" />
+	<target host="meta.superuser.com" />
+
+	<!-- Misc -->
+	<target host="sstatic.net" />
+	<target host="cdn.sstatic.net" />
+	<target host="cdn-chat.sstatic.net" />
+	<target host="stackapps.com" />
+	<target host="teststackoverflow.com" />
+	<target host="www.teststackoverflow.com" />
+
+<!-- Securecookies -->
+
+	<!-- Blogoverflow -->
+	<securecookie host="^blogoverflow\.com$" name=".+" />
+
+	<!-- Askubuntu -->
+	<securecookie host="^askubuntu\.com$" name=".+" />
+	<securecookie host="^meta\.askubuntu.com$" name=".+" />
+
+	<!-- Mathoverflow -->
+	<securecookie host="^mathoverflow\.net$" name=".+" />
+	<securecookie host="^meta\.mathoverflow.net$" name=".+" />
+
+	<!-- Serverfault -->
+	<securecookie host="^clc\.serverfault\.com$" name=".+" />
+	<securecookie host="^meta\.serverfault\.com$" name=".+" />
+	<securecookie host="^serverfault\.com$" name=".+" />
+
+	<!-- Stackauth -->
+	<securecookie host="^stackauth\.com$" name=".+" />
+	<securecookie host="^dev\.stackauth\.com$" name=".+" />
 
-	<rule from="^https?://(?:www\.)?(stackexchange|askubuntu|serverfault|superuser)\.com/favicon\.ico"
-		to="https://cdn.sstatic.net/$1/img/favicon.ico" />
+	<!-- Stackexchange -->
+	<securecookie host="^stackexchange\.com$" name=".+" />
+	<securecookie host="^([\w-]+)\.stackexchange\.com$" name=".+" />
 
-	<rule from="^https?://(?:\w+\.)?(\w+)\.stackexchange\.com/favicon\.ico"
-		to="https://cdn.sstatic.net/$1/img/favicon.ico" />
+	<!-- Stackoverflow -->
+	<securecookie host="^chat\.stackoverflow\.com$" name=".+" />
+	<securecookie host="^careers\.stackoverflow\.com$" name=".+" />
+	<securecookie host="^ja\.stackoverflow\.com$" name=".+" />
+	<securecookie host="^meta\.stackoverflow\.com$" name=".+" />
+	<securecookie host="^pt\.stackoverflow\.com$" name=".+" />
+	<securecookie host="^ru\.stackoverflow\.com$" name=".+" />
+	<securecookie host="^stackoverflow\.com$" name=".+" />
 
-	<rule from="^https?://(?:www\.)?blogoverflow\.com/$"
-		to="https://stackexchange.com/blogs" />
+	<!-- Superuser -->
+	<securecookie host="^superuser\.com$" name=".+" />
+	<securecookie host="^meta\.superuser\.com$" name=".+" />
 
-	<rule from="^http://(\w+\.)?stackexchange\.com/"
-		to="https://$1stackexchange.com/" />
+	<!-- Misc -->
+	<securecookie host="^sstatic\.net$" name=".+" />
+	<securecookie host="^cdn\.sstatic\.net$" name=".+" />
+	<securecookie host="^cdn-chat\.sstatic\.net$" name=".+" />
+	<securecookie host="^stackapps\.com$" name=".+" />
+	<securecookie host="^teststackoverflow\.com$" name=".+" />
 
-	<rule from="^https?://(?:(or\.)?cdn\.)?sstatic\.net/"
-		to="https://$1cdn.sstatic.net/" />
+<!-- Rules -->
 
-	<rule from="^http://(www\.|meta\.|careers\.)?stackoverflow\.com/"
-		to="https://$1stackoverflow.com/" />
-    
-    <rule from="^http://(www\.|meta\.)?serverfault\.com/"
-		to="https://$1serverfault.com/" />
-    
-    <rule from="^http://(www\.|meta\.)?superuser\.com/"
-		to="https://$1superuser.com/" />
+	<!-- meta.* sites moved to *.meta - we can safely redirect to their new equivalents, which support https -->
+	<!-- details: https://meta.stackexchange.com/questions/292058/network-wide-https-its-time -->
+	<rule from="^http://meta\.([\w-]+)\.stackexchange\.com/" to="https://$1.meta.stackexchange.com/" />
 
-    <rule from="^http://(www\.)?stackapps\.com/"
-        to="https://$1stackapps.com/" />
+		<test url="http://meta.unix.stackexchange.com/" />
+		<test url="http://meta.opendata.stackexchange.com/" />
 
-	<rule from="^https?://app\.stacktack\.com/"
-		to="https://s3.amazonaws.com/stacktackapp/" />
+	<rule from="^http://discuss\.area51\.stackexchange\.com/"
+		to="https://area51.meta.stackexchange.com/" />
 
-	<rule from="^https?://meta\.superuser\.com/favicon\.ico"
-		to="https://cdn.sstatic.net/superusermeta/img/favicon.ico" />
+		<test url="http://discuss.area51.stackexchange.com/" />
+		<test url="http://discuss.area51.stackexchange.com/users/19476/kronos" />
 
-	<securecookie host="\.stackexchange\.com$" name=".*" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Stack.nl.xml b/src/chrome/content/rules/Stack.nl.xml
index 7ffc6588420d..1fd4903f0cdd 100644
--- a/src/chrome/content/rules/Stack.nl.xml
+++ b/src/chrome/content/rules/Stack.nl.xml
@@ -1,47 +1,22 @@
 <!--
-	Fully covered subdomains:
+	^ doesn't exist.
 
-		- (www.)
+	Incomplete certificate chain:
 		- dbadmin
-		- koelkast
 		- uqm
 		- bugs.uqm
 		- forum.uqm
 		- wiki.uqm
 		- webmail
-		- websites
-
-
-	^stack.nl doesn't exist.
-
-
-	Observed cookie domains:
-
-		- dbadmin
-		- .bugs.uqm
-		- forum.uqm
-		- wiki.uqm
-		- .webmail
-		- websites
-		- www
-
-
-	Mixed content:
-
-		- Image on wiki.uqm from creativecommons.org *
-
-	* Secured by us
 
+	Self-signed:
+		- keyserver
 -->
-<ruleset name="Stack.nl" platform="cacert">
-
-	<target host="*.stack.nl" />
-
-
-	<securecookie host=".+\.stack\.nl$" name=".+" />
-
 
-	<rule from="^http://(dbadmin|koelkast|((?:bugs|forum|wiki)\.)?uqm|webmail|websites|www)\.stack\.nl/"
-		to="https://$1.stack.nl/" />
+<ruleset name="Stack.nl (partial)">
+	<target host="www.stack.nl" />
+	<target host="koelkast.stack.nl" />
+	<target host="websites.stack.nl" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/StackCommerce.com.xml b/src/chrome/content/rules/StackCommerce.com.xml
new file mode 100644
index 000000000000..e2d28473b899
--- /dev/null
+++ b/src/chrome/content/rules/StackCommerce.com.xml
@@ -0,0 +1,22 @@
+<!--
+	Nonfunctional hosts in *stackcommerce.com:
+
+		- blog ʰ
+
+	ʰ WP Engine / redirects to http
+
+-->
+<ruleset name="StackCommerce.com (partial)">
+
+	<target host="stackcommerce.com" />
+	<target host="cdn.stackcommerce.com" />
+	<target host="image-assets.stackcommerce.com" />
+	<target host="images.stackcommerce.com" />
+	<target host="stores-assets.stackcommerce.com" />
+	<target host="www.stackcommerce.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/StackEdit.io.xml b/src/chrome/content/rules/StackEdit.io.xml
new file mode 100644
index 000000000000..09b2c096176f
--- /dev/null
+++ b/src/chrome/content/rules/StackEdit.io.xml
@@ -0,0 +1,8 @@
+<ruleset name="StackEdit.io">
+	<target host="stackedit.io" />
+	<target host="community.stackedit.io" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/StackSocial.xml b/src/chrome/content/rules/StackSocial.xml
index 19e9242d770a..d2e2af45e119 100644
--- a/src/chrome/content/rules/StackSocial.xml
+++ b/src/chrome/content/rules/StackSocial.xml
@@ -1,4 +1,9 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cnet.stacksocial.com/ => https://cnet.stacksocial.com/: (6, 'Could not resolve host: cnet.stacksocial.com')
+Fetch error: http://jobs.stacksocial.com/ => https://jobs.stacksocial.com/: (6, 'Could not resolve host: jobs.stacksocial.com')
+
 	CDN buckets:
 
 		- app-stacksocial.netdna-ssl.com
@@ -10,24 +15,27 @@
 		- blog
 
 
-	Problematic subdomains:
+	Fully covered subdomains:
 
-		- jobs		(pages redirect to http. CN: *.theresumator.com)
+		- (www.)?
+		- beta
+		- cnet
+		- jobs
 
 -->
-<ruleset name="StackSocial (partial)">
+<ruleset name="StackSocial.com (partial)" default_off="failed ruleset test">
 
 	<target host="stacksocial.com" />
-	<target host="*.stacksocial.com" />
+	<target host="beta.stacksocial.com" />
+	<target host="cnet.stacksocial.com" />
+	<target host="jobs.stacksocial.com" />
+	<target host="www.stacksocial.com" />
 
 
 	<securecookie host="^\.stacksocial\.com$" name=".+" />
 
 
-	<rule from="^http://(cnet\.|www\.)?stacksocial\.com/"
-		to="https://$1stacksocial.com/" />
-
-	<rule from="^https?://jobs\.stacksocial\.com/(css|img)/"
-		to="https://stacksocial.theresumator.com/$1/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Stacklet.com.xml b/src/chrome/content/rules/Stacklet.com.xml
new file mode 100644
index 000000000000..0d1eb727a2d8
--- /dev/null
+++ b/src/chrome/content/rules/Stacklet.com.xml
@@ -0,0 +1,34 @@
+<!--
+	Nonfunctional subdomains:
+
+		- ftp *
+
+	* Refused
+
+
+	Problematic hosts:
+
+		- (www.)? *
+		- secure *
+
+	* Server sends no certificate chain, see https://whatsmychaincert.com
+
+-->
+<ruleset name="Stacklet.com (partial)" default_off="cert-chain">
+
+	<target host="stacklet.com" />
+	<target host="secure.stacklet.com" />
+	<target host="www.stacklet.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(\.secure)?\.stacklet\.com$" name="^SESS[0-9a-f]{32}$" /-->
+
+	<securecookie host="^(?:\.secure)?\.stacklet\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Stacksity.com.xml b/src/chrome/content/rules/Stacksity.com.xml
new file mode 100644
index 000000000000..a97e7856d559
--- /dev/null
+++ b/src/chrome/content/rules/Stacksity.com.xml
@@ -0,0 +1,46 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.stacksity.com/ => https://www.stacksity.com/: (6, 'Could not resolve host: www.stacksity.com')
+
+	NB: Tor users cannot view* this website due to CloudFlare settings.
+
+	See:
+
+		- https://blog.torproject.org/blog/call-arms-helping-internet-services-accept-anonymous-users
+		- https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block-Tor-
+		- https://support.cloudflare.com/hc/en-us/articles/200170206-How-do-I-turn-I-m-Under-Attack-mode-on-
+
+	* without enabling javascript, for security and privacy implications see e.g.:
+
+		- https://www.mozilla.org/security/known-vulnerabilities/firefox.html
+		- https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-fingerprinting
+		- https://panopticlick.eff.org
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- stacksity.com
+		- .stacksity.com
+
+-->
+<ruleset name="Stacksity.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="stacksity.com" />
+	<target host="www.stacksity.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^stacksity\.com$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^\.stacksity\.com$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.?stacksity\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Stadt-Zuerich.ch.xml b/src/chrome/content/rules/Stadt-Zuerich.ch.xml
new file mode 100644
index 000000000000..67b807f65205
--- /dev/null
+++ b/src/chrome/content/rules/Stadt-Zuerich.ch.xml
@@ -0,0 +1,20 @@
+<!--
+	Stadt Zürich
+
+
+	^: cert only matches www
+
+-->
+<ruleset name="Stadt-Zuerich.ch">
+
+	<target host="stadt-zuerich.ch" />
+	<target host="www.stadt-zuerich.ch" />
+
+
+	<securecookie host="^www\.stadt-zuerich\.ch$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?stadt-zuerich\.ch/"
+		to="https://www.stadt-zuerich.ch/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Stadt-bremerhaven.de.xml b/src/chrome/content/rules/Stadt-bremerhaven.de.xml
new file mode 100644
index 000000000000..1523f67cec80
--- /dev/null
+++ b/src/chrome/content/rules/Stadt-bremerhaven.de.xml
@@ -0,0 +1,7 @@
+
+<ruleset name="Stadt-Bremerhaven.de">
+<target host="stadt-bremerhaven.de"/>
+<target host="www.stadt-bremerhaven.de"/>
+
+<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/Stadtwerke-Bamberg.xml b/src/chrome/content/rules/Stadtwerke-Bamberg.xml
new file mode 100644
index 000000000000..5869907d64c0
--- /dev/null
+++ b/src/chrome/content/rules/Stadtwerke-Bamberg.xml
@@ -0,0 +1,39 @@
+<!--
+	Cert mismatch:
+		- kundenportal
+		- lieferanten
+		- newsroom
+		- osp
+
+	Connection refused:
+		- (www.)shop
+
+	Self-signed cert:
+		- bewerbung
+		- blog
+		- eeg
+		- ftp
+		- fw
+		- gwweb
+		- mail
+		- mob
+		- vibe
+		- vpn
+		- webmail
+
+	TLS not supported:
+		- buergernet
+		- sentry
+		- test
+-->
+<ruleset name="Stadtwerke Bamberg">
+
+	<target host="stadtwerke-bamberg.de" />
+	<target host="www.stadtwerke-bamberg.de" />
+	<target host="cag.stadtwerke-bamberg.de" />
+	<target host="filr.stadtwerke-bamberg.de" />
+	<target host="vsp.stadtwerke-bamberg.de" />
+
+	<rule from="^http:" to="https:"/>
+
+</ruleset>
diff --git a/src/chrome/content/rules/Stadtwerke-Ingolstadt.xml b/src/chrome/content/rules/Stadtwerke-Ingolstadt.xml
new file mode 100644
index 000000000000..277cb4d7fdc6
--- /dev/null
+++ b/src/chrome/content/rules/Stadtwerke-Ingolstadt.xml
@@ -0,0 +1,17 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://portal.sw-in.de/ => https://portal.sw-in.de/: (6, 'Could not resolve host: portal.sw-in.de')
+
+-->
+<ruleset name="Stadtwerke Ingolstadt" platform="mixedcontent" default_off="failed ruleset test">
+<target host="www.sw-i.de" />
+<target host="portal.sw-in.de" />
+
+
+<rule from="^http:" to="https:" />
+
+<test url="http://www.sw-i.de/" />
+<test url="http://portal.sw-in.de/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Staffordshire.gov.uk.xml b/src/chrome/content/rules/Staffordshire.gov.uk.xml
new file mode 100644
index 000000000000..545ee0b402e2
--- /dev/null
+++ b/src/chrome/content/rules/Staffordshire.gov.uk.xml
@@ -0,0 +1,87 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://atmsbookings.staffordshire.gov.uk/ => https://atmsbookings.staffordshire.gov.uk/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://pcbooking.staffordshire.gov.uk/ => https://pcbooking.staffordshire.gov.uk/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+
+	Staffordshire County Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *staffordshire.gov.uk:
+
+		- www.archives ᵈ
+		- cdn ᵈ
+		- cyclemap ᵇ
+		- enewsletter ᵈ
+		- moderngov *
+		- www.museums ᵈ
+		- sscb ᵈ
+		- www.tradedservices ᵈ
+
+	ᵇ Shows default page
+	ᵈ Dropped
+	* Redirects to login
+
+
+	^staffordshire.gov.uk: Mismatched
+
+
+	These altnames don't exist:
+
+		- www.consultation.staffordshire.gov.uk
+
+
+	Insecure cookies are set for these hosts:
+
+		- apps2.staffordshire.gov.uk
+		- atmsbookings.staffordshire.gov.uk
+		- education.staffordshire.gov.uk
+		- moderngov.staffordshire.gov.uk
+		- pcbooking.staffordshire.gov.uk
+		- pensions.staffordshire.gov.uk
+
+
+	Mixed content:
+
+		- Image on www from cdn.staffordshire.gov.uk ᵈ
+		- on www from socitm.govmetric.com ˢ
+
+	ᵈ Dropped
+	ˢ Secured by us
+
+-->
+<ruleset name="Staffordshire.gov.uk (partial)" default_off="failed ruleset test">
+
+	<target host="apps.staffordshire.gov.uk" />
+	<target host="apps2.staffordshire.gov.uk" />
+	<target host="atmsbookings.staffordshire.gov.uk" />
+	<target host="consultation.staffordshire.gov.uk" />
+	<target host="education.staffordshire.gov.uk" />
+	<target host="ems.staffordshire.gov.uk" />
+	<target host="onthemap.staffordshire.gov.uk" />
+	<target host="pcbooking.staffordshire.gov.uk" />
+	<target host="pensions.staffordshire.gov.uk" />
+	<target host="www.staffordshire.gov.uk" />
+	<target host="www.yourlibcat.staffordshire.gov.uk" />
+
+		<!--	Sets cookie without Secure:
+							-->
+		<!--test url="http://apps2.staffordshire.gov.uk/scc/eventscalendar/" /-->
+		<!--test url="http://atmsbookings.staffordshire.gov.uk/Guest/live/achievermain.aspx?a=default" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:apps2|atmsbookings|education|pcbooking)\.staffordshire\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^moderngov\.staffordshire\.gov\.uk$" name="^(?:_mglogon_|ASP\.NET_SessionId)$" /-->
+	<!--securecookie host="^pensions\.staffordshire\.gov\.uk$" name="^(?:javax\.faces\.ClientToken|scheEmp)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/StaffordshirePolice.xml b/src/chrome/content/rules/StaffordshirePolice.xml
new file mode 100644
index 000000000000..38cafe7e48a5
--- /dev/null
+++ b/src/chrome/content/rules/StaffordshirePolice.xml
@@ -0,0 +1,9 @@
+<!--
+	^staffordshire.police.uk doesn't exist.
+
+-->
+<ruleset name="Staffordshire Police">
+  <target host="www.staffordshire.police.uk" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Stallman.org.xml b/src/chrome/content/rules/Stallman.org.xml
index 7904cb2fa77b..42357ecc2bb6 100644
--- a/src/chrome/content/rules/Stallman.org.xml
+++ b/src/chrome/content/rules/Stallman.org.xml
@@ -1,13 +1,16 @@
+<!--
+	Invalid certificate:
+		ww.stallman.org
+
+-->
 <ruleset name="Stallman.org">
+
 	<target host="stallman.org" />
-	<target host="ww.stallman.org" />
 	<target host="www.stallman.org" />
 
-	<!-- The stallman.org site does in fact have a
-	working ww (not a typo) subdomain that redirects
-	to the www subdomain. -->
-	<rule from="^https?://ww\.stallman\.org/"
-		to="https://www.stallman.org/" />
-	<rule from="^http://(www\.)?stallman\.org/"
-		to="https://$1stallman.org/" />
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/StanDeyo.xml b/src/chrome/content/rules/StanDeyo.xml
deleted file mode 100644
index 83776090ab80..000000000000
--- a/src/chrome/content/rules/StanDeyo.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="Stan Deyo" default_off="Certificate mismatch">
-  <target host="www.standeyo.com" />
-  <target host="standeyo.com" />
-
-  <rule from="^http://(?:www\.)?standeyo\.com/" to="https://standeyo.com/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/Stan_Deyo.com.xml b/src/chrome/content/rules/Stan_Deyo.com.xml
new file mode 100644
index 000000000000..7e1ce53b13f3
--- /dev/null
+++ b/src/chrome/content/rules/Stan_Deyo.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Stan Deyo.com">
+	<target host="standeyo.com" />
+	<target host="www.standeyo.com" />
+
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/Stand-for-Children.xml b/src/chrome/content/rules/Stand-for-Children.xml
index d8c3e8cdc2e5..43564c3a4beb 100644
--- a/src/chrome/content/rules/Stand-for-Children.xml
+++ b/src/chrome/content/rules/Stand-for-Children.xml
@@ -1,17 +1,25 @@
-<ruleset name="Stand for Children (partial)">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://greatteachersgreatschools.org/ => https://www.greatteachersgreatschools.org/: (7, 'Failed to connect to www.greatteachersgreatschools.org port 443: Connection refused')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://greatteachersgreatschools.org/ => https://www.greatteachersgreatschools.org/: (6, 'Could not resolve host: greatteachersgreatschools.org')
+-->
+<ruleset name="Stand for Children (partial)" default_off="failed ruleset test">
 
 	<target host="greatteachersgreatschools.org" />
 	<!--	* for cross-domain cookie.	-->
-	<target host="*.greatteachersgreatschools.org" />
+	<target host="www.greatteachersgreatschools.org" />
 	<target host="stand.org" />
 	<target host="www.stand.org" />
 
 
-	<securecookie host="^.*\.greatteachersgreatschools\.org$" name=".*" />
+	<securecookie host="^.*\.greatteachersgreatschools\.org$" name=".+" />
 
 
 	<!--	Cert only matches www.	-->
-	<rule from="^https?://(?:www\.)?greatteachersgreatschools\.org/"
+	<rule from="^http://(?:www\.)?greatteachersgreatschools\.org/"
 		to="https://www.greatteachersgreatschools.org/" />
 
 	<!--	Some pages redirect to http.	-->
diff --git a/src/chrome/content/rules/Stand_Up_to_Cancer.xml b/src/chrome/content/rules/Stand_Up_to_Cancer.xml
index 8ced0bfb65eb..ec46bbbdbf20 100644
--- a/src/chrome/content/rules/Stand_Up_to_Cancer.xml
+++ b/src/chrome/content/rules/Stand_Up_to_Cancer.xml
@@ -1,12 +1,80 @@
-<ruleset name="Stand Up to Cancer (partial)">
 
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://standup2cancer.ca/ => https://www.standup2cancer.ca/: (51, "SSL: no alternative certificate subject name matches target host name 'www.standup2cancer.ca'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://standup2cancer.ca/ => https://www.standup2cancer.ca/: (51, "SSL: no alternative certificate subject name matches target host name 'www.standup2cancer.ca'")
+	CDN buckets:
+
+		- d3ltd4zpclv1en.cloudfront.net
+
+			- su2c.standup2cancer.org
+
+
+	Problematic domains:
+
+		- standup2cancer.ca ¹
+		- standup2cancer.org ¹
+		- su2c.standup2cancer.org ²
+
+	¹ Dropped
+	² cloudfront
+
+
+	Fully covered domains:
+
+		- (www.)standup2cancer.ca	(^ → www)
+
+		- standup2cancer.com subdomains:
+
+			- (www.)
+			- secure
+			- shop
+			- si
+
+
+	Mixed content:
+
+		- Images on su2c from $self *
+
+		- favicon on su2c from $self *
+
+		- Bug on su2c from leadback.advertising.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Stand Up to Cancer (partial)" default_off="failed ruleset test">
+
+	<target host="standup2cancer.ca" />
+	<target host="www.standup2cancer.ca" />
+	<target host="standup2cancer.org" />
+	<target host="www.standup2cancer.org" />
 	<target host="secure.standup2cancer.org" />
+	<target host="shop.standup2cancer.org" />
+	<target host="si.standup2cancer.org" />
+	<target host="su2c.standup2cancer.org" />
+		<!--
+			Avoid user-visible paths:
+							-->
+		<!--exclusion pattern="http://su2c\.standup2cancer\.org/+(?!_www_images/|favicon\.ico|styles/)" /-->
+
+
+	<!--	Secured by server:
+					-->
+	<!--securecookie host="^shop\.standup2cancer\.(?:ca|org)$" name="^xsessionid$" /-->
+
+	<securecookie host="^(?:secure)?\.standup2cancer\.(?:ca|org)$" name=".+" />
 
 
-	<securecookie host="^secure\.standup2cancer\.org$" name=".+" />
+	<rule from="^http://(?:www\.)?standup2cancer\.(ca|org)/"
+		to="https://www.standup2cancer.$1/" />
 
+	<rule from="^http://s(ecure|hop|i)\.standup2cancer\.org/"
+		to="https://s$1.standup2cancer.org/" />
 
-	<rule from="^http://secure\.standup2cancer\.org/"
-		to="https://secure.standup2cancer.org/" />
+	<rule from="^http://su2c\.standup2cancer\.org/(?=_www_images/|favicon\.ico|styles/)"
+		to="https://d3ltd4zpclv1en.cloudfront.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Stand_with_Reality.org.xml b/src/chrome/content/rules/Stand_with_Reality.org.xml
new file mode 100644
index 000000000000..6a05a0d82478
--- /dev/null
+++ b/src/chrome/content/rules/Stand_with_Reality.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="Stand with Reality.org">
+	<target host="standwithreality.org" />
+	<target host="www.standwithreality.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Standaard.be-mixed.xml b/src/chrome/content/rules/Standaard.be-mixed.xml
new file mode 100644
index 000000000000..6025e222a2f9
--- /dev/null
+++ b/src/chrome/content/rules/Standaard.be-mixed.xml
@@ -0,0 +1,18 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.standaard.be/ => https://www.standaard.be/: Too many redirects while fetching 'https://www.standaard.be/'
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.standaard.be/ => https://www.standaard.be/: Cycle detected - URL already encountered: https://www.standaard.be/
+	For rules not causing neither false/broken nor valid MCB, see Standaard.be.xml.
+
+-->
+<ruleset name="Standaard.be (mixed content)" platform="mixedcontent" default_off="failed ruleset test">
+
+	<target host="www.standaard.be" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Standaard.be.xml b/src/chrome/content/rules/Standaard.be.xml
new file mode 100644
index 000000000000..3830ca707d64
--- /dev/null
+++ b/src/chrome/content/rules/Standaard.be.xml
@@ -0,0 +1,126 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://standaard.be/ => https://standaard.be/: Too many redirects while fetching 'https://standaard.be/'
+Fetch error: http://2.standaardcdn.be/ => https://www.standaard.be/: Too many redirects while fetching 'https://www.standaard.be/'
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://standaard.be/ => https://standaard.be/: Cycle detected - URL already encountered: https://standaard.be/
+Fetch error: http://2.standaardcdn.be/ => https://www.standaard.be/: Cycle detected - URL already encountered: https://www.standaard.be/
+	For rules causing either false/broken or valid MCB, see Standaard.be-mixed.xml.
+
+
+	CDN buckets:
+
+		- [12].standaardcdn.be.edgesuite.net
+
+		- corelio.edgesuite.net
+
+			- meteo1.standaard.be
+
+
+	Nonfunctional domains:
+
+		- abonnement.standaard.be ¹
+		- m.standaard.be ²
+		- meteo1.standaard.be ³
+		- 1.standaardcdn.be ⁴
+
+	¹ Dropped
+	² Shows www
+	³ 503, akamai
+	⁴ 504, akamai
+
+
+	Problematic domains:
+
+		- standaard.be subdomains:
+
+			- cdn2 ¹
+			- dating ²
+			- shop ³
+
+		- 2.standaardcdn.be ⁴
+
+	¹ Dropped
+	² $ 503s; mismatched, CN: secure.datinglab.net
+	³ $ 404s
+	⁴ 504, akamai
+
+
+	Partially covered domains:
+
+		- dating.standaard.be	(→ secure.datinglab.net)
+		- www.standaard.be ¹
+
+	¹ Avoiding false and valid MCB
+
+
+	Fully covered domains:
+
+		- standaard.be subdomains:
+
+			- ^
+			- cdn2		(→ www)
+			- shop
+
+		- 2.standaardcdn.be	(→ www.standaard.be)
+
+
+	Mixed content:
+
+		- iframe on www from meteo1 ¹
+
+		- Images, on www from:
+
+			- www from 1.standaardcdn.be ¹
+			- www from www.jobat.be ¹
+
+		- Web bugs, on m from:
+
+			- www.googletagmanager.com ²
+			- b.scorecardresearch.com ²
+
+	¹ Unsecurable
+	² Secured by us
+
+-->
+<ruleset name="Standaard.be (partial)" platform="mixedcontent" default_off="failed ruleset test">
+
+	<!--	https://sta... redirects to http://www..., so
+		we can avoid a duplicate target warning by
+		blanket rewriting !www to www here.
+							-->
+	<target host="standaard.be" />
+	<target host="*.standaard.be" />
+		<!--
+			Exception to MCB:
+						-->
+		<exclusion pattern="^http://www\.standaard\.be/+(?!extra/)" />
+		<!--
+			s/$ 503s:
+					-->
+		<!--exclusion pattern="^http;//dating\.standaard\.be/+($|\?|s/$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="^http;//dating\.standaard\.be/+(?!css/|favicon\.ico|js/|pics/|pht/)" /-->
+	<target host="2.standaardcdn.be" />
+
+
+	<securecookie host="^shop\.standaard\.be$" name=".+" />
+
+
+	<rule from="^http://shop\.standaard\.be/+(?=$|\?)"
+		to="https://shop.standaard.be/CORELIO-Standaard-Site/index-nl_BE" />
+
+	<rule from="^http://(shop\.)?standaard\.be/"
+		to="https://$1standaard.be/" />
+
+	<rule from="^http://(?:2|cdn2|www)\.standaard(?:cdn)?\.be/"
+		to="https://www.standaard.be/" />
+
+	<rule from="^http://dating\.standaard\.be/(?=css/|favicon\.ico|js/|pics/|pht/)"
+		to="https://secure.datinglab.net/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Standard_Ebooks.com.xml b/src/chrome/content/rules/Standard_Ebooks.com.xml
deleted file mode 100644
index 9ad9e199981e..000000000000
--- a/src/chrome/content/rules/Standard_Ebooks.com.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Standard Ebooks.com">
-
-	<target host="standardebooks.com" />
-	<target host="www.standardebooks.com" />
-
-
-	<securecookie host="^standardebooks\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?standardebooks\.com/"
-		to="https://$1standardebooks.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Standish-Management.xml b/src/chrome/content/rules/Standish-Management.xml
index e1a97dc5a3f4..8f3300f30856 100644
--- a/src/chrome/content/rules/Standish-Management.xml
+++ b/src/chrome/content/rules/Standish-Management.xml
@@ -1,13 +1,23 @@
-<ruleset name="Standish Management">
+<!--
+	2x, eweblp: Differs from http
 
+-->
+<ruleset name="Standish Management.com" default_off="redirects to http">
+
+	<!--	Direct rewrites:
+				-->
 	<target host="standishmanagement.com" />
-	<target host="*.standishmanagement.com" />
+	<target host="www.standishmanagement.com" />
+
+		<!--	Redirects to http:
+						-->
+		<exclusion pattern="^http://(?:www\.)?standishmanagement\.com/(?:$|wp-content/)" />
 
 
-	<securecookie host="^.*\.standishmanagement\.com$" name=".*" />
+	<securecookie host=".*\.standishmanagement\.com$" name=".+" />
 
 
-	<rule from="^http://(eweblp\.|www\.)?standishmanagement\.com/"
-		to="https://$1standishmanagement.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Stanford-University-problematic.xml b/src/chrome/content/rules/Stanford-University-problematic.xml
deleted file mode 100644
index e92e89f4c695..000000000000
--- a/src/chrome/content/rules/Stanford-University-problematic.xml
+++ /dev/null
@@ -1,28 +0,0 @@
-<!--
-	For rules that are on by default, see Stanford-University.xml.
-
--->
-<ruleset name="Stanford University (self-signed)" default_off="mismatched, self-signed">
-
-	<target host="foswiki.stanford.edu" />
-	<target host="bgm.stanford.edu" />
-	<target host="*.bgm.stanford.edu" />
-	<target host="maps.stanford.edu" />
-	<target host="*.maps.stanford.edu" />
-	<target host="thestanfordchallenge.stanford.edu" />
-	<target host="yuba.stanford.edu" />
-
-
-	<securecookie host="^\.(?:bgm|maps)\.stanford\.edu$" name=".+" />
-
-
-	<!--	- Cert: localhost.localdomain
-		- Both appear identical
-						-->
-	<rule from="^http://(?:foswiki|yuba)\.stanford\.edu/"
-		to="https://yuba.stanford.edu/" />
-
-	<rule from="^http://(bgm|maps|thestanfordchallenge)\.stanford\.edu/"
-		to="https://$1.stanford.edu/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Stanford-University.xml b/src/chrome/content/rules/Stanford-University.xml
deleted file mode 100644
index e76a69ba6532..000000000000
--- a/src/chrome/content/rules/Stanford-University.xml
+++ /dev/null
@@ -1,183 +0,0 @@
-<!--
-	For problematic rules, see Stanford-University-problematic.xml.
-
-
-	Other Stanford University rulesets:
-
-		- Hoover_Institution.xml
-
-
-	store-0ef21.mybigcommerce
-
-
-	Nonfunctional subdomains:
-
-		- assu			($ redirects to http; at least some paths 404)
-		- bondholder-information(redirects to http)
-		- campusmap		(shows hannahousetours, mismatched, CN: hannahousetours.stanford.edu)
-		- elections		("not yet configured")
-		- fah-web		(cert valid; 302s to http)
-		- fairuse
-		- folding		(cert valid; 302s to http)
-		- liberationtechnology **
-		- babar-hn.slac		(rx_record_too_long)
-		- home.slac
-		- srp			(reused serial)
-		- sse			("not yet configured")
-		- sselabs		(cert: assu-web.stanford.edu; "not yet configured")
-		- stanford-online	(times out)
-		- startx		("not yet configured")
-		- store			($ redirects to http; at least some paths 404)
-		- theory		(shows Fedora test page, self-signed)
-		- www-cs-students	(shows xenon; mismatched, CN: xenon.stanford.edu)
-
-	** Refused
-
-
-	Problematic subdomains:
-
-		- ^			(cert only matches *.stanford.edu)
-		- askjane		(mismatched, CN: studentaffairs.stanford.edu)
-		- bgm *
-		- fingate **
-		- maps *
-		- search **
-		- slac			(cert only matches www.slac)
-		- soe			(refused)
-		- studentservicescenter **
-		- thestanfordchallenge	(works, mismatched, CN: ood-web1.stanford.edu)
-		- www-ee		(mismatched, CN: ee.stanford.edu)
-
-
-	* Works, mismatched, CN: lbre.stanford.edu
-	** Redirects to http
-
-
-	Partially covered subdomains:
-
-		- soe	(→ engineering, [^/?]+ 404s)
-
-
-	Fully covered subdomains:
-
-		- (www.)		(^ → www)
-		- accessories
-		- ai
-		- alumni
-		- annualreport
-		- answers
-		- askjane
-		- assu-web
-		- ccrma
-		- crowd
-		- crypto
-		- (www.)cs	( www → ^)
-		- ctr
-		- cyberlaw
-		- ehsappprd1
-		- engineering
-		- events
-		- fingate
-		- founders
-		- hannahousetours
-		- itservices
-		- itunes
-		- janestanford
-		- (www.)law
-		- blogs.law
-		- cch.law
-		- lbre
-		- lists
-		- mailman
-		- maven
-		- med
-		- news
-		- npl
-		- openflow
-		- osep
-		- parentsweekend
-		- pgnet
-		- publicaffairs
-		- refunds
-		- remedyweb
-		- search
-		- siepr
-
-		- slac subdomains:
-
-			- (www.)	(^ → www)
-			- bbr-wiki
-			- news
-			- oraweb
-			- webauth1
-			- www2
-			- www6
-			- www-conf
-			- www-group
-			- www-public
-
-		- stanfordevents
-		- stanfordwho
-		- studentaffairs
-		- studentservicescenter
-		- ucomm
-		- visit
-		- waivers
-		- weblogin
-		- www-ee		(→ ee)
-		- xenon
-
-
-	Observed cookie domains:
-
-		- .answers
-		- .cs
-		- .engineering
-		- .itservices
-		- .lbre
-
--->
-<ruleset name="Stanford University (partial)">
-
-	<target host="stanford.edu" />
-	<target host="*.stanford.edu" />
-
-
-	<!--securecookie host="^(\.cs|\.engineering)?\.stanford\.edu$" name=".+" /-->
-	<securecookie host="^(?:alumni|\.answers|ehsappprd1|hannahousetours|\.itservices|\.law|\.lbre|maven|openflow|pgnet|\.siepr|(?:\.news|www6)\.slac\|stanfordwho|weblogin|webauth1).stanford\.edu$" name=".+" />
-
-
-	<rule from="^https?://(?:www\.)?(slac\.)?stanford\.edu/"
-		to="https://www.$1stanford.edu/" />
-
-	<rule from="^http://(accessories|ai|alumni|annualreport|answers|assu-web|ccrma|crowd|crypto|ctr|cyberlaw|ehsappprd1|engineering|events|founders|hannahousetours|itservices|itunes|janestanford|(?:blogs\.|cch\.|www\.)?law|lbre|lists|mailman|maven|med|news|npl|openflow|osep|parentsweekend|pgnet|publicaffairs|refunds|remedyweb|siepr|(?:bbr-wiki|news|oraweb|webauth1|www[26]|www-conf|www-group|www-public)\.slac|stanford(?:events|who)|studentaffairs|ucomm|visit|waivers|weblogin|xenon)\.stanford\.edu/"
-		to="https://$1.stanford.edu/" />
-
-	<rule from="^http://(?:www\.)?cs\.stanford\.edu/"
-		to="https://cs.stanford.edu/" />
-
-	<rule from="^https?://askjane\.stanford\.edu/(?:.*)"
-		to="https://studentaffairs.stanford.edu/askjane" />
-
-	<rule from="^https?://(?:www-)?ee\.stanford\.edu/"
-		to="https://ee.stanford.edu/" />
-
-	<rule from="^http://fingate\.stanford\.edu/"
-		to="https://www.stanford.edu/group/fms/fingate/" />
-
-	<rule from="^http://search\.stanford\.edu/"
-		to="https://www.stanford.edu/search/" />
-
-	<rule from="^http://soe\.stanford\.edu/+(?=\?.*)?$"
-		to="https://engineering.stanford.edu/" />
-
-	<!--	- Cert isn't valid for www6
-		- When rewritten to www, redirects back
-					-->
-	<rule from="^https://www6\.slac\.stanford\.edu/"
-		to="http://www6.slac.stanford.edu/" downgrade="1" />
-
-	<rule from="^http://studentservicescenter\.stanford\.edu/"
-		to="https://www.stanford.edu/group/studentservicescenter/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Stanford.edu.xml b/src/chrome/content/rules/Stanford.edu.xml
new file mode 100644
index 000000000000..9f2e748eb7d4
--- /dev/null
+++ b/src/chrome/content/rules/Stanford.edu.xml
@@ -0,0 +1,201 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+		- aero-comlab.stanford.edu
+		- crispr-era.stanford.edu
+		- cslibrary.stanford.edu
+		- design.stanford.edu
+		- dionne.stanford.edu
+		- ee263.stanford.edu
+		- highwire.stanford.edu
+		- i.stanford.edu
+		- infolab.stanford.edu
+		- large.stanford.edu
+		- lingo.stanford.edu
+		- mendel.stanford.edu
+		- nifty.stanford.edu
+		- opera.stanford.edu
+		- orbis.stanford.edu
+		- snow.stanford.edu
+		- wordbank.stanford.edu
+		- www-ksl.stanford.edu
+
+		Timeout was reached:
+		- cantorcollection.stanford.edu
+		- okra.stanford.edu
+
+		SSL connect error:
+		- dschool-old.stanford.edu
+		- snf.stanford.edu
+		- solar-center.stanford.edu
+		- yuba.stanford.edu
+
+		SSL peer certificate was not OK:
+		- cs229.stanford.edu
+		- cs231n.stanford.edu
+		- ether.stanford.edu
+		- graeflab.stanford.edu
+		- jmc.stanford.edu
+		- make3d.stanford.edu
+		- mathcircle.stanford.edu
+		- odbook.stanford.edu
+		- securities.stanford.edu
+		- sfgf.stanford.edu
+		- ufldl.stanford.edu
+		- vis.stanford.edu
+		- vision.stanford.edu
+		- www-cs-students.stanford.edu
+
+		Incomplete certificate chain error:
+		- math.stanford.edu
+		- vibe.stanford.edu
+		- virtualmath1.stanford.edu
+
+		4xx client error:
+		- htext.stanford.edu
+
+		Redirects to HTTP:
+		- asl.stanford.edu
+		- cs236.stanford.edu
+		- metalab.stanford.edu
+		- scpd.stanford.edu
+		- speakers.stanford.edu
+
+		Different content:
+		- cvgl.stanford.edu
+		- www-formal.stanford.edu
+
+		Mixed content blocking (MCB) triggered:
+		- cepa.stanford.edu
+		- journalism.stanford.edu
+		- kananlab.stanford.edu
+		- shc.stanford.edu
+		- www-group.slac.stanford.edu
+-->
+<ruleset name="Stanford.edu">
+	<target host="stanford.edu" />
+	<target host="www.stanford.edu" />
+	<target host="ai.stanford.edu" />
+	<target host="anderson.stanford.edu" />
+	<target host="animaltrax.stanford.edu" />
+	<target host="baogroup.stanford.edu" />
+	<target host="biobankengine.stanford.edu" />
+	<target host="bioengineering.stanford.edu" />
+	<target host="bondholder-information.stanford.edu" />
+	<target host="camlab.stanford.edu" />
+	<target host="cars.stanford.edu" />
+	<target host="ceas.stanford.edu" />
+	<target host="cee.stanford.edu" />
+	<target host="cheme.stanford.edu" />
+	<target host="chemistry.stanford.edu" />
+	<target host="chuehlab.stanford.edu" />
+	<target host="collegepuzzle.stanford.edu" />
+	<target host="crustal.stanford.edu" />
+	<target host="crypto.stanford.edu" />
+	<target host="cs.stanford.edu" />
+	<target host="dawn.cs.stanford.edu" />
+	<target host="cs224d.stanford.edu" />
+	<target host="cs224u.stanford.edu" />
+	<target host="cs230.stanford.edu" />
+	<target host="culture-emotion-lab.stanford.edu" />
+	<target host="cyberlaw.stanford.edu" />
+	<target host="designimpact.stanford.edu" />
+	<target host="dish.stanford.edu" />
+	<target host="dloft.stanford.edu" />
+	<target host="dschoolcraft.stanford.edu" />
+	<target host="e145.stanford.edu" />
+	<target host="economics.stanford.edu" />
+	<target host="ed.stanford.edu" />
+	<target host="einstein.stanford.edu" />
+	<target host="energy.stanford.edu" />
+	<target host="execedportal.stanford.edu" />
+	<target host="explorecourses.stanford.edu" />
+	<target host="fairuse.stanford.edu" />
+	<target host="fanlab.stanford.edu" />
+	<target host="fingate.stanford.edu" />
+	<target host="fsi.stanford.edu" />
+	<target host="spice.fsi.stanford.edu" />
+	<target host="gapmap.stanford.edu" />
+	<target host="gcep.stanford.edu" />
+	<target host="givinghistory.stanford.edu" />
+	<target host="givingtohumsci.stanford.edu" />
+	<target host="graphics.stanford.edu" />
+	<target host="www.gsb.stanford.edu" />
+	<target host="hci.stanford.edu" />
+	<target host="healthlibrary.stanford.edu" />
+	<target host="hearinglosscure.stanford.edu" />
+	<target host="hivdb.stanford.edu" />
+	<target host="hopkinsmarinestation.stanford.edu" />
+	<target host="intranet.stanford.edu" />
+	<target host="kidsfirst.stanford.edu" />
+	<target host="apply.knight-hennessy.stanford.edu" />
+	<target host="lagunita.stanford.edu" />
+	<target host="www.launchpad.stanford.edu" />
+	<target host="law.stanford.edu" />
+	<target host="learnedhands.law.stanford.edu" />
+	<target host="nonprofitdocuments.law.stanford.edu" />
+	<target host="www-cdn.law.stanford.edu" />
+	<target host="lbre.stanford.edu" />
+	<target host="leonardodavinci.stanford.edu" />
+	<target host="litlab.stanford.edu" />
+	<target host="lsjumb.stanford.edu" />
+	<target host="makeagift.stanford.edu" />
+	<target host="mally.stanford.edu" />
+	<target host="med.stanford.edu" />
+	<target host="microimmuno.stanford.edu" />
+	<target host="mla.stanford.edu" />
+	<target host="mm-admin.stanford.edu" />
+	<target host="monkeybiz.stanford.edu" />
+	<target host="museum.stanford.edu" />
+	<target host="mygsb.stanford.edu" />
+	<target host="mylibrary.stanford.edu" />
+	<target host="ngi.stanford.edu" />
+	<target host="nlp.stanford.edu" />
+	<target host="npdp.stanford.edu" />
+	<target host="opensim.stanford.edu" />
+	<target host="pangea.stanford.edu" />
+	<target host="aauclert.people.stanford.edu" />
+	<target host="plato.stanford.edu" />
+	<target host="police.stanford.edu" />
+	<target host="policylab.stanford.edu" />
+	<target host="psb.stanford.edu" />
+	<target host="psychology.stanford.edu" />
+	<target host="puffer.stanford.edu" />
+	<target host="pyramidal.stanford.edu" />
+	<target host="quake06.stanford.edu" />
+	<target host="quakelab.stanford.edu" />
+	<target host="rde.stanford.edu" />
+	<target host="riverwalkjazz.stanford.edu" />
+	<target host="sallie.stanford.edu" />
+	<target host="scale.stanford.edu" />
+	<target host="searchworks.stanford.edu" />
+	<target host="see.stanford.edu" />
+	<target host="sherlockholmes.stanford.edu" />
+	<target host="simtk-confluence.stanford.edu" />
+	<target host="portal.slac.stanford.edu" />
+	<target host="userportal.slac.stanford.edu" />
+	<target host="www-ssrl.slac.stanford.edu" />
+	<target host="www6.slac.stanford.edu" />
+	<target host="smc.stanford.edu" />
+	<target host="socialdance.stanford.edu" />
+	<target host="sociology.stanford.edu" />
+	<target host="spcs.stanford.edu" />
+	<target host="stacks.stanford.edu" />
+	<target host="starsexpress.stanford.edu" />
+	<target host="statweb.stanford.edu" />
+	<target host="support.stanford.edu" />
+	<target host="sustainable.stanford.edu" />
+	<target host="syllabus.stanford.edu" />
+	<target host="tableau.stanford.edu" />
+	<target host="tfa.stanford.edu" />
+	<target host="theory.stanford.edu" />
+	<target host="transportation.stanford.edu" />
+	<target host="urology.stanford.edu" />
+	<target host="vhil.stanford.edu" />
+	<target host="vpts.stanford.edu" />
+	<target host="web.stanford.edu" />
+	<target host="webprotege.stanford.edu" />
+	<target host="wsl.stanford.edu" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Stanford_Healthcare.org.xml b/src/chrome/content/rules/Stanford_Healthcare.org.xml
new file mode 100644
index 000000000000..bddb395f690e
--- /dev/null
+++ b/src/chrome/content/rules/Stanford_Healthcare.org.xml
@@ -0,0 +1,16 @@
+<!--
+	For other Stanford University coverage, see Stanford-University.xml.
+
+-->
+<ruleset name="Stanford Healthcare.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="stanfordhealthcare.org" />
+	<target host="www.stanfordhealthcare.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Stanford_Hospital.org.xml b/src/chrome/content/rules/Stanford_Hospital.org.xml
new file mode 100644
index 000000000000..7b69869a5591
--- /dev/null
+++ b/src/chrome/content/rules/Stanford_Hospital.org.xml
@@ -0,0 +1,16 @@
+<!--
+	For other Stanford University coverage, see Stanford-University.xml.
+
+-->
+<ruleset name="Stanford Hospital.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="stanfordhospital.org" />
+	<target host="www.stanfordhospital.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Stanford_Med.org.xml b/src/chrome/content/rules/Stanford_Med.org.xml
new file mode 100644
index 000000000000..135a166f78e8
--- /dev/null
+++ b/src/chrome/content/rules/Stanford_Med.org.xml
@@ -0,0 +1,34 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://econnect.stanfordmed.org/ => https://econnect.stanfordmed.org/: (28, 'Connection timed out after 20000 milliseconds')
+
+	For other Stanford University coverage, see Stanford-University.xml.
+
+
+	^stanfordmed.org: 400 over http
+	www.stanfordmed.org: Refused
+
+-->
+<ruleset name="Stanford Med.org" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="econnect.stanfordmed.org" />
+
+	<!--	Complications:
+				-->
+	<target host="www.stanfordmed.org" />
+
+
+	<!--	Redirect drops path, args, and forward slash:
+								-->
+	<rule from="^http://www\.stanfordmed\.org/.*"
+		to="https://stanfordhealthcare.org/" />
+
+		<test url="http://www.stanfordmed.org//" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Stanographer.com.xml b/src/chrome/content/rules/Stanographer.com.xml
new file mode 100644
index 000000000000..504813cb01b2
--- /dev/null
+++ b/src/chrome/content/rules/Stanographer.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="Stanographer.com">
+	<target host="stanographer.com" />
+	<target host="www.stanographer.com" />
+	<target host="blog.stanographer.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Star-Motorcycles.xml b/src/chrome/content/rules/Star-Motorcycles.xml
index c9325efdde68..b085f70c716c 100644
--- a/src/chrome/content/rules/Star-Motorcycles.xml
+++ b/src/chrome/content/rules/Star-Motorcycles.xml
@@ -4,11 +4,10 @@
 	<target host="www.starmotorcycles.com" />
 
 
-	<securecookie host="^www\.starmotorcycles\.com$" name=".*" />
+	<securecookie host="^www\.starmotorcycles\.com$" name=".+" />
 
 
 	<!--	Cert only matches www.	-->
-	<rule from="^http://(?:www\.)?starmotorcycles\.com/"
-		to="https://www.starmotorcycles.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Star-Pool.xml b/src/chrome/content/rules/Star-Pool.xml
deleted file mode 100644
index 776facc092ae..000000000000
--- a/src/chrome/content/rules/Star-Pool.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	Some (most?) pages redirect to http.
-
--->
-<ruleset name="Star-Pool (partial)">
-
-	<target host="star-pool.com" />
-	<target host="www.star-pool.com" />
-
-
-	<rule from="^http://(www\.)?star-pool\.com/(App_Themes|[aA]ssets|images|js|[lL]ogin\.aspx|Members|(?:Script|Web)Resource\.axd)($|\?|/)"
-		to="https://$1star-pool.com/$2$3" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/StarFoxWiki.info.xml b/src/chrome/content/rules/StarFoxWiki.info.xml
new file mode 100644
index 000000000000..bc2d66a69b38
--- /dev/null
+++ b/src/chrome/content/rules/StarFoxWiki.info.xml
@@ -0,0 +1,12 @@
+<ruleset name="StarFoxWiki.info">
+	<target host="starfoxwiki.info" />
+	<target host="www.starfoxwiki.info" />
+	<target host="cpanel.starfoxwiki.info" />
+	<target host="mail.starfoxwiki.info" />
+	<target host="webdisk.starfoxwiki.info" />
+	<target host="webmail.starfoxwiki.info" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/StarKist.xml b/src/chrome/content/rules/StarKist.xml
index d5b0823250bd..87afe8103482 100644
--- a/src/chrome/content/rules/StarKist.xml
+++ b/src/chrome/content/rules/StarKist.xml
@@ -8,7 +8,7 @@
 	<target host="www.starkist.com" />
 
 
-	<rule from="^https?://(?:www\.)?starkist\.com/sites/"
+	<rule from="^http://(?:www\.)?starkist\.com/sites/"
 		to="https://www.starkist.com/sites/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/StarMoney.de.xml b/src/chrome/content/rules/StarMoney.de.xml
new file mode 100644
index 000000000000..9b82bd3d2ade
--- /dev/null
+++ b/src/chrome/content/rules/StarMoney.de.xml
@@ -0,0 +1,32 @@
+<!--
+	^: cert only matches www
+
+
+	Mixed content:
+
+		- Images on www from home.arcor.de *
+
+	* Unsecurable <= dropped
+
+-->
+<ruleset name="StarMoney.de">
+
+	<target host="starmoney.de" />
+	<target host="www.starmoney.de" />
+	<target host="shop.starmoney.de" />
+
+
+	<!--	Not secured by server:
+					-->
+	<securecookie host="^\.starmoney\.de$" name="^(?:phpbb3_\w+_(?:k|sid|u)|sessioncookie)$" />
+	<!--securecookie host="^www\.starmoney\.de$" name="^fe_typo_user$" /-->
+
+	<securecookie host="^www\.starmoney\.de$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?starmoney\.de/"
+		to="https://www.starmoney.de/" />
+
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/StarNet.com.xml b/src/chrome/content/rules/StarNet.com.xml
deleted file mode 100644
index 0eefb4dfeab1..000000000000
--- a/src/chrome/content/rules/StarNet.com.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	StarNet Communications
-
-
-	Problematic subdomains:
-
-		- (www.)	(mismatched, CN: ssl.starnet.com)
-
--->
-<ruleset name="StarNet.com (partial)">
-
-	<target host="starnet.com" />
-	<target host="*.starnet.com" />
-		<!--
-			$ 403s, some pages 404:
-						-->
-		<exclusion pattern="^http://(?:www\.)?starnet\.com/(?!css/|favicon\.ico|images/|js/|skin/)" />
-
-
-	<rule from="^http://(?:ssl\.|www\.)?starnet\.com/"
-		to="https://ssl.starnet.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/StarRez.xml b/src/chrome/content/rules/StarRez.xml
index c9f7ca6e4836..20fddcfbcfe8 100644
--- a/src/chrome/content/rules/StarRez.xml
+++ b/src/chrome/content/rules/StarRez.xml
@@ -1,10 +1,10 @@
 <ruleset name="StarRez">
 
 	<target host="starrez.com" />
-	<target host="*.starrez.com" />
+	<target host="support.starrez.com" />
+	<target host="www.starrez.com" />
 
 
-	<rule from="^http://(support\.|www\.)?starrez\.com/"
-		to="https://$1starrez.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/StarTech.com.xml b/src/chrome/content/rules/StarTech.com.xml
new file mode 100644
index 000000000000..83007b94c9ac
--- /dev/null
+++ b/src/chrome/content/rules/StarTech.com.xml
@@ -0,0 +1,55 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .startech.com
+
+-->
+<ruleset name="StarTech.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="startech.com" />
+	<target host="blog.startech.com" />
+	<target host="livechat.startech.com" />
+	<target host="sgcdn.startech.com" />
+	<target host="www.startech.com" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.startech\.com/(?:$|Chat$|Downloads$|PrivacyStatement$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.startech\.com/+(?!(?:Account|SalesInquiry|TechSupport|eNews)(?:$|\?)|favicon\.ico)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.startech.com/AboutUs" />
+			<test url="http://www.startech.com/Chat" />
+			<test url="http://www.startech.com/ContactUs" />
+			<!--
+				(whatcouldpossiblygowrong...)
+								-->
+			<test url="http://www.startech.com/Downloads" />
+			<test url="http://www.startech.com/PrivacyStatement" />
+			<test url="http://www.startech.com/QuickBuy" />
+			<test url="http://www.startech.com/Support" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.startech.com/Account/Login" />
+			<test url="http://www.startech.com/SalesInquiry" />
+			<test url="http://www.startech.com/TechSupport" />
+			<test url="http://www.startech.com/eNews" />
+			<test url="http://www.startech.com/favicon.ico" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.startech\.com$" name="^localization$" /-->
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/StarTrack.com.au.xml b/src/chrome/content/rules/StarTrack.com.au.xml
new file mode 100644
index 000000000000..2ebd45c400df
--- /dev/null
+++ b/src/chrome/content/rules/StarTrack.com.au.xml
@@ -0,0 +1,57 @@
+<!--
+	For other AusPost coverage, see AusPost.com.au.xml
+
+
+	Nonfunctional subdomains:
+		- api	(HTTP 403 code)
+		- av	(SSL handshake failed)
+		- b2bqa		¹
+		- basware	¹
+		- conf	(SSL connection error)
+		- extwebservices	(unknown issuer cert, only valid on port 3112)
+		- myinfo	¹
+		- remotepoc	¹
+		- sip	(SSL connection error)
+
+	¹ Timeout
+	² Unknown issuer cert
+	³ Expired cert
+	⁴ Connection refused
+
+-->
+<ruleset name="StarTrack">
+
+	<target host="startrack.com.au" />
+	<target host="www.startrack.com.au" />
+	<target host="acquire.startrack.com.au" />
+	<target host="autodiscover.startrack.com.au" />
+	<target host="ccroster.startrack.com.au" />
+	<target host="forms.startrack.com.au" />
+	<target host="freightmaster.startrack.com.au" />
+	<target host="www.freightmaster.startrack.com.au" />
+	<target host="international.startrack.com.au" />
+	<target host="lync.startrack.com.au" />
+	<target host="lyncdiscover.startrack.com.au" />
+	<target host="lyncws.startrack.com.au" />
+	<target host="mobile.startrack.com.au" />
+	<target host="msto.startrack.com.au" />
+	<target host="autodiscover.test.npe.startrack.com.au" />
+	<target host="mobile.test.npe.startrack.com.au" />
+	<target host="owa.test.npe.startrack.com.au" />
+	<target host="smtp.test.npe.startrack.com.au" />
+	<target host="www.owxd.startrack.com.au" />
+	<target host="parcelslive.startrack.com.au" />
+	<target host="www.parcelslive.startrack.com.au" />
+	<target host="remedy.startrack.com.au" />
+	<target host="smtp.startrack.com.au" />
+	<target host="sttrackandtrace.startrack.com.au" />
+	<target host="virginmobile.startrack.com.au" />
+	<target host="webapps.startrack.com.au" />
+	<target host="www1.startrack.com.au" />
+	<target host="www2.startrack.com.au" />
+
+	<securecookie host="^startrack\.com\.au$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/StarWars.com.xml b/src/chrome/content/rules/StarWars.com.xml
index c5e4d70a974d..40df1bfcdee2 100644
--- a/src/chrome/content/rules/StarWars.com.xml
+++ b/src/chrome/content/rules/StarWars.com.xml
@@ -2,7 +2,7 @@
 	Homepage redirects to http.
 
 -->
-<ruleset name="StarWars.com (partial)">
+<ruleset name="StarWars.com (partial) (mismatches)" default_off="mismatched">
 
 	<target host="starwars.com" />
 	<target host="www.starwars.com" />
@@ -11,4 +11,4 @@
 	<rule from="^http://(www\.)?starwars\.com/(?!$|\?)"
 		to="https://$1starwars.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Star_Product_Reviews.xml b/src/chrome/content/rules/Star_Product_Reviews.xml
deleted file mode 100644
index a328776fa6d0..000000000000
--- a/src/chrome/content/rules/Star_Product_Reviews.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	For other Web.com coverage, see Web.com.xml.
-
-
-	Nonfunctional subdomains:
-
-		- (www.)	(times out)
-
--->
-<ruleset name="Star Product Reviews (partial)">
-
-	<target host="admin.starproductreviews.com" />
-
-
-	<securecookie host="^admin\.starproductreviews\.com$" name=".+" />
-
-
-	<rule from="^http://admin\.starproductreviews\.com/"
-		to="https://admin.starproductreviews.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Star_Trek.xml b/src/chrome/content/rules/Star_Trek.xml
index 2e4b516cf79a..3ce5446ca97e 100644
--- a/src/chrome/content/rules/Star_Trek.xml
+++ b/src/chrome/content/rules/Star_Trek.xml
@@ -1,11 +1,17 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://store.startrek.com/ => https://store.startrek.com/: (35, 'error:14077458:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 unrecognized name')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://store.startrek.com/ => https://store.startrek.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 	Nonfunctional subdomains:
 
 		- ^
 		- www	(akamai; 503)
 
 -->
-<ruleset name="Star Trek (partial)">
+<ruleset name="Star Trek (partial)" default_off="failed ruleset test">
 
 	<target host="store.startrek.com" />
 
@@ -13,7 +19,6 @@
 	<securecookie host="^store\.startrek\.com$" name=".+" />
 
 
-	<rule from="^http://store\.startrek\.com/"
-		to="https://store.startrek.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Starbucks.com.xml b/src/chrome/content/rules/Starbucks.com.xml
index 59d825bf7230..1a4131242fb6 100644
--- a/src/chrome/content/rules/Starbucks.com.xml
+++ b/src/chrome/content/rules/Starbucks.com.xml
@@ -23,18 +23,40 @@
 
 	* Works, akamai
 
+
+	Fully covered subdomains:
+
+		- sgsmsupplier
+		- sgsmsuppliertest
+
+
+	Observed cookie domains:
+
+		- . ¹
+		- sgsmsupplier ²
+		- sgsmsuppliertest ²
+
+	¹ Partially secured by us <= accounting for possible use on uncovered subdomains
+	² Secured by us
+
 -->
 <ruleset name="Starbucks.com (partial)">
 
 	<target host="starbucks.com" />
-	<target host="*.starbucks.com" />
+	<target host="www.starbucks.com" />
+	<target host="sgsmsupplier.starbucks.com" />
+	<target host="sgsmsuppliertest.starbucks.com" />
 		<!--exclusion pattern="^http://(www\.)?starbucks\.com/([aA]ccounts($|[?/])|favicon\.ico|resources/|static/|sysiplocation/)" /-->
 
 
+	<securecookie host="^\.starbucks\.com$" name="^(?:visid_)?incap_\w+$" />
+	<securecookie host="^sgsmsupplier(?:test)?\.starbucks\.com$" name=".+" />
+
+
 	<rule from="^http://(?:www\.)?starbucks\.com/(?=[aA]ccounts(?:$|[?/])|favicon\.ico|resources/|static/|sysiplocation/)"
 		to="https://www.starbucks.com/" />
 
-	<rule from="^http://bcassets\.starbucks\.com/"
-		to="https://a248.e.akamai.net/f/259/7942/2/bcassets.starbucks.com/" />
+	<rule from="^http://sgsmsupplier(test)?\.starbucks\.com/"
+		to="https://sgsmsupplier$1.starbucks.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Stardock.xml b/src/chrome/content/rules/Stardock.xml
index 0b41eda1c5a0..c4feed03929a 100644
--- a/src/chrome/content/rules/Stardock.xml
+++ b/src/chrome/content/rules/Stardock.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://stardock.com/ => https://stardock.com/: (35, 'Unknown SSL protocol error in connection to stardock.com:443 ')
+
 	Other Stardock rulesets:
 
 		- Sins_of_a_Solar_Empire.com.xml
@@ -30,7 +34,7 @@
 		- services.stardock.net
 
 -->
-<ruleset name="Stardock (partial)">
+<ruleset name="Stardock (partial)" default_off="failed ruleset test">
 
 	<target host="stardock.com" />
 	<target host="*.stardock.com" />
@@ -53,4 +57,4 @@
 	<rule from="^http://services\.stardock\.net/"
 		to="https://services.stardock.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Stardrifter.org.xml b/src/chrome/content/rules/Stardrifter.org.xml
index ddffa5eff2b8..c3838d4e6eb7 100644
--- a/src/chrome/content/rules/Stardrifter.org.xml
+++ b/src/chrome/content/rules/Stardrifter.org.xml
@@ -1,10 +1,22 @@
+<!--
+	^stardrifter.org: Mismatched
+
+-->
 <ruleset name="Stardrifter.org" default_off="self-signed">
 
-	<target host="stardrifter.org" />
+	<!--	Direct rewrites:
+				-->
 	<target host="www.stardrifter.org" />
 
+	<!--	Complications:
+				-->
+	<target host="stardrifter.org" />
+
+
+	<rule from="^http://stardrifter\.org/"
+		to="https://www.stardrifter.org/" />
 
-	<rule from="^https?://(?:www\.)?stardrifter\.org/"
-		to="https://stardrifter.org/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Starfield.xml b/src/chrome/content/rules/Starfield.xml
index 9baca7a8764e..6d9564bc83b0 100644
--- a/src/chrome/content/rules/Starfield.xml
+++ b/src/chrome/content/rules/Starfield.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://starfieldtech.com/ => https://starfieldtech.com/: (51, "SSL: no alternative certificate subject name matches target host name 'starfieldtech.com'")
+
 	Fully covered subdomains:
 
 		- (www.)
@@ -14,16 +18,19 @@
 		- seal
 
 -->
-<ruleset name="Starfield Technologies, Inc.">
+<ruleset name="Starfield Technologies, Inc." default_off="failed ruleset test">
 
 	<target host="starfieldtech.com" />
-	<target host="*.starfieldtech.com" />
+	<target host="certs.starfieldtech.com" />
+	<target host="certificates.starfieldtech.com" />
+	<target host="seal.starfieldtech.com" />
+	<target host="tracedseals.starfieldtech.com" />
+	<target host="www.starfieldtech.com" />
 
 
-	<securecookie host="^(?:.*\.)?starfieldtech\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://((?:certs|certificates|seal|tracedseals|www)\.)?starfieldtech\.com/"
-		to="https://$1starfieldtech.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/StarfyWiki.org.xml b/src/chrome/content/rules/StarfyWiki.org.xml
new file mode 100644
index 000000000000..594981080dcf
--- /dev/null
+++ b/src/chrome/content/rules/StarfyWiki.org.xml
@@ -0,0 +1,9 @@
+<ruleset name="StarfyWiki.org">
+	<target host="starfywiki.org" />
+	<target host="www.starfywiki.org" />
+	<target host="new.starfywiki.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Starminder.xyz.xml b/src/chrome/content/rules/Starminder.xyz.xml
new file mode 100644
index 000000000000..4c44e6581587
--- /dev/null
+++ b/src/chrome/content/rules/Starminder.xyz.xml
@@ -0,0 +1,8 @@
+<ruleset name="Starminder.xyz">
+	<target host="starminder.xyz" />
+	<target host="www.starminder.xyz" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Starship.rs.xml b/src/chrome/content/rules/Starship.rs.xml
new file mode 100644
index 000000000000..33aa27cb4d2a
--- /dev/null
+++ b/src/chrome/content/rules/Starship.rs.xml
@@ -0,0 +1,7 @@
+<ruleset name="Starship.rs">
+	<target host="starship.rs" />
+	<target host="www.starship.rs" />
+	<target host="translate.starship.rs" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Starship.xyz.xml b/src/chrome/content/rules/Starship.xyz.xml
new file mode 100644
index 000000000000..48913aa683b3
--- /dev/null
+++ b/src/chrome/content/rules/Starship.xyz.xml
@@ -0,0 +1,6 @@
+<ruleset name="Starship.xyz">
+	<target host="starship.xyz" />
+	<target host="www.starship.xyz" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Start.me.xml b/src/chrome/content/rules/Start.me.xml
new file mode 100644
index 000000000000..e0f8253def55
--- /dev/null
+++ b/src/chrome/content/rules/Start.me.xml
@@ -0,0 +1,83 @@
+<!--
+	Remark:
+		+ *.start.me and *.favicons.start.me have a wildcard DNS record.
+		+ *.favicons.start.me with incomplete certificate chain error are omitted.
+
+	Non-functional hosts
+		Couldn't connect to server:
+			 - d0efc7be.start.me
+			 - email.start.me
+
+		Incomplete certificate chain error:
+			 - about.start.me
+			 - assets.start.me
+			 - campuscolumbus.start.me
+			 - canadaschool.start.me
+			 - debongerd.start.me
+			 - dehuet.start.me
+			 - deklimtoren.start.me
+			 - irospiegel.den.start.me
+			 - deplattenburg.start.me
+			 - dewetelaar.start.me
+			 - dewoordhof.start.me
+			 - dorpsschool.start.me
+			 - explore.start.me
+			 - favicon-0.start.me
+			 - favicon-1.start.me
+			 - favicon-2.start.me
+			 - favicon-3.start.me
+			 - favicons.start.me
+			 - favicons-0.start.me
+			 - favicons-1.start.me
+			 - favicons-2.start.me
+			 - favicons-3.start.me
+			 - fec.start.me
+			 - gobobison.start.me
+			 - hagen.start.me
+			 - hetdok.start.me
+			 - hogenkamp.start.me
+			 - horizon.start.me
+			 - hsbab.start.me
+			 - iesfrayluisdegranada.start.me
+			 - issiena.start.me
+			 - iteach.start.me
+			 - janligthart.start.me
+			 - jetech.start.me
+			 - laclassedalain.start.me
+			 - mozaiek.start.me
+			 - mrbeebe.start.me
+			 - overstegen.start.me
+			 - proxy.start.me
+			 - randy-maugans-i-iz-untruthful-dishonest-and-i-lackz-integrity.start.me
+			 - rjmtech.start.me
+			 - scopescholen.start.me
+			 - sullins.start.me
+			 - tpastudent.start.me
+			 - winton.start.me
+			 - wisenwierig.start.me
+
+		4xx client error:
+			 - beta.start.me
+			 - screenshots.start.me
+			 - static.start.me
+
+		5xx server error:
+			 - error.start.me
+
+		Mixed content blocking (MCB) tiggered:
+			 - pitkin.start.me
+-->
+<ruleset name="Start.me (partial)">
+	<target host="start.me" />
+	<target host="www.start.me" />
+	<target host="admin.start.me" />
+	<target host="admin-assets.start.me" />
+	<target host="blog.start.me" />
+	<target host="favicon.start.me" />
+	<target host="iron.start.me" />
+	<target host="palemoon.start.me" />
+	<target host="support.start.me" />
+	<target host="torch.start.me" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/StartBox.xml b/src/chrome/content/rules/StartBox.xml
index 1f5355f92136..05f3352bb6e4 100644
--- a/src/chrome/content/rules/StartBox.xml
+++ b/src/chrome/content/rules/StartBox.xml
@@ -1,19 +1,25 @@
 <!--
-	Nonfunctional subdomains:
+	Problematic hosts in *wpstartbox.com:
 
-		- docs		(no https)
+		- (www.)? *
+		- docs *
 
-
-	Some pages redirect to http.
+	* Refused
 
 -->
-<ruleset name="StartBox (partial)">
+<ruleset name="StartBox.com">
 
+	<!--	Complications:
+				-->
 	<target host="wpstartbox.com" />
+	<target host="docs.wpstartbox.com" />
 	<target host="www.wpstartbox.com" />
 
 
-	<rule from="^http://(www\.)?wpstartbox\.com/(my-account|wp-content/)"
-		to="https://$1wpstartbox.com/$2" />
+	<!--	Redirect drops path, args,
+		and forward slash:
+					-->
+	<rule from="^http://(?:docs\.|www\.)?wpstartbox\.com/"
+		to="https://webdevstudios.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/StartCom.xml b/src/chrome/content/rules/StartCom.xml
index ae03bfbbd8fe..4ebe9ba03815 100644
--- a/src/chrome/content/rules/StartCom.xml
+++ b/src/chrome/content/rules/StartCom.xml
@@ -1,4 +1,14 @@
-<ruleset name="StartCom">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://forum.startcom.org/ => https://forum.startcom.org/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.startssl.eu/ => https://www.startssl.eu/: (6, 'Could not resolve host: www.startssl.eu')
+Fetch error: http://www.startssl.us/ => https://www.startssl.us/: (6, 'Could not resolve host: www.startssl.us')
+Fetch error: http://startssl.eu/ => https://startssl.eu/: (6, 'Could not resolve host: startssl.eu')
+Fetch error: http://startssl.us/ => https://startssl.us/: (6, 'Could not resolve host: startssl.us')
+
+-->
+<ruleset name="StartCom" default_off="failed ruleset test">
   <target host="startssl.com" />
   <target host="*.startssl.com" />
   <target host="startssl.net" />
@@ -9,37 +19,52 @@
   <target host="*.startssl.eu" />
   <target host="startssl.us" />
   <target host="*.startssl.us" />
+  <!-- host startcom.org responds neither on 80 nor on 443,
+    but should be protected from MitM and redirected to https://www.startcom.org -->
   <target host="startcom.org" />
   <target host="*.startcom.org" />
 
   <!-- since these resources are required for establishing HTTPS connections,
-       they need to be available over HTTP
-  <Piet> OCSP: URI: http://ocsp.startssl.com/sub/class4/server/ca
-  <Piet> CA Issuers: URI: http://www.startssl.com/certs/sub.class4.server.ca.crt
-  <Piet> URI: http://www.startssl.com/crt4-crl.crl
-  <Piet> URI: http://crl.startssl.com/crt4-crl.crl
-  (and from the SSL observatory):
-  http://cert.startcom.org/sfsca-crl.crl
-  http://crl.startcom.org/sfsca-crl.crl
-  http://crl.startssl.com/sfsca.crl
-  http://cert.startcom.org/ca-crl.crl
-  http://crl.startcom.org/crl/ca-crl.crl
-  (and from Eddy Nigg):
-  http://ocsp.startssl.com/*
-  http://www.startssl.com/certs/*.crt
-  http://www.startssl.com/*.crl
-  http://crl.startssl.com/*.crl
-  http://cert.startcom.org/*.crl
-  http://cert.startcom.org/*.crt
-  -->
-  <exclusion pattern="ocsp\.startcom" />
+       they need to be available over HTTP -->
+  <!-- from Piet: -->
+  <test url="http://ocsp.startssl.com/sub/class4/server/ca" />
+  <test url="http://www.startssl.com/certs/sub.class4.server.ca.crt" />
+  <test url="http://www.startssl.com/crt4-crl.crl" />
+  <test url="http://crl.startssl.com/crt4-crl.crl" />
+  <!-- and from the SSL observatory: -->
+  <test url="http://cert.startcom.org/sfsca-crl.crl" />
+  <test url="http://crl.startcom.org/sfsca-crl.crl" />
+  <test url="http://crl.startssl.com/sfsca.crl" />
+  <test url="http://cert.startcom.org/ca-crl.crl" />
+  <test url="http://crl.startcom.org/crl/ca-crl.crl" />
+  <!-- and from Eddy Nigg: -->
+  <test url="http://ocsp.startssl.com/sub/class1/server/ca/a" />
+  <test url="http://www.startssl.com/certs/sub.class3.server.ca.crt" />
+  <test url="http://www.startssl.com/crtu1-crl.crl" />
+  <test url="http://crl.startssl.com/crtu1-crl.crl" />
+  <test url="http://cert.startcom.org/crtu1-crl.crl" />
+  <test url="http://cert.startcom.org/sub.class3.server.ca.crt" />
+
   <exclusion pattern="ocsp\.startssl" />
   <exclusion pattern="\.crl$" />
   <exclusion pattern="\.crt$" />
 
   <!-- should mitigate against exploitation of the above exclusions -->
-  <securecookie host=".*" name=".*" />
+  <securecookie host=".+" name=".+" />
+
+  <test url="http://linux.startcom.org/" />
+  <test url="http://forum.startcom.org/" />
+
+  <test url="http://www.startssl.com/" />
+  <test url="http://www.startssl.net/" />
+  <test url="http://www.startssl.org/" />
+  <test url="http://www.startssl.eu/" />
+  <test url="http://www.startssl.us/" />
+
+  <test url="http://startcom.org/" />
 
-  <rule from="^http://([^/:@\.]*\.)?startssl\.(com|net|org|eu|us)/" to="https://$1startssl.$2/"/>
-  <rule from="^http://([^/:@\.]*\.)?startcom\.org/" to="https://$1startcom.org/"/>
+  <!-- host startcom.org responds neither on 80 nor on 443,
+    but should be protected from MitM and redirected to https://www.startcom.org -->
+  <rule from="^http://startcom\.org/" to="https://www.startcom.org/" />
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/StartEngine.com.xml b/src/chrome/content/rules/StartEngine.com.xml
new file mode 100644
index 000000000000..d7c3dd25e528
--- /dev/null
+++ b/src/chrome/content/rules/StartEngine.com.xml
@@ -0,0 +1,40 @@
+<!--
+	CDN buckets:
+
+		- startengine.s3.amazonaws.com
+		- startenginebetadev.s3.amazonaws.com
+
+
+	^startengine.com: Refused
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.startengine.com
+
+-->
+<ruleset name="StartEngine.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.startengine.com" />
+
+	<!--	Complications:
+				-->
+	<target host="startengine.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.startengine\.com$" name="^_startenginebeta_session$" /-->
+
+	<securecookie host="^www\.startengine\.com$" name=".+" />
+
+
+	<rule from="^http://startengine\.com/"
+		to="https://www.startengine.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/StartLogic.xml b/src/chrome/content/rules/StartLogic.xml
index 451eef03d5a4..c94c66d859f6 100644
--- a/src/chrome/content/rules/StartLogic.xml
+++ b/src/chrome/content/rules/StartLogic.xml
@@ -1,13 +1,13 @@
 <ruleset name="StartLogic">
 
 	<target host="startlogic.com" />
-	<target host="*.startlogic.com" />
+	<target host="secure.startlogic.com" />
+	<target host="www.startlogic.com" />
 
 
-	<securecookie host="^(?:.*\.)?startlogic\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(secure\.|www\.)?startlogic\.com/"
-		to="https://$1startlogic.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/StartMail.xml b/src/chrome/content/rules/StartMail.xml
deleted file mode 100644
index d7c38be014eb..000000000000
--- a/src/chrome/content/rules/StartMail.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="StartMail">
-
-	<target host="startmail.com" />
-	<target host="*.startmail.com" />
-
-
-	<securecookie host="^www\.startmail\.com$" name=".+" />
-
-
-	<rule from="^http://(beta\.|www\.)?startmail\.com/"
-		to="https://$1startmail.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/StartingPage.com.xml b/src/chrome/content/rules/StartingPage.com.xml
new file mode 100644
index 000000000000..aa8018ac3533
--- /dev/null
+++ b/src/chrome/content/rules/StartingPage.com.xml
@@ -0,0 +1,18 @@
+<!--
+	Startingpage redirects to Startpage
+
+-->
+<ruleset name="StartingPage.com">
+
+  	<target host="startingpage.com" />
+	<target host="www.startingpage.com" />
+	<target host="eu1.startingpage.com" />
+	<target host="eu4.startingpage.com" />
+	<target host="eu5.startingpage.com" />
+	<target host="us2.startingpage.com" />
+	<target host="us3.startingpage.com" />
+	<target host="us4.startingpage.com" />
+
+	<rule from="^http:" to="https:"/>
+
+</ruleset>
diff --git a/src/chrome/content/rules/Startnext.com.xml b/src/chrome/content/rules/Startnext.com.xml
new file mode 100644
index 000000000000..33000088328e
--- /dev/null
+++ b/src/chrome/content/rules/Startnext.com.xml
@@ -0,0 +1,35 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .startnext.com
+
+-->
+<ruleset name="Startnext.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="startnext.com" />
+	<target host="static0.startnext.com" />
+	<target host="static1.startnext.com" />
+	<target host="static2.startnext.com" />
+	<target host="static3.startnext.com" />
+	<target host="static4.startnext.com" />
+	<target host="static5.startnext.com" />
+	<target host="static6.startnext.com" />
+	<target host="static7.startnext.com" />
+	<target host="static8.startnext.com" />
+	<target host="static9.startnext.com" />
+	<target host="www.startnext.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.startnext\.com$" name="^(?:PHPSESSID|cfce|lang)$" /-->
+
+	<securecookie host="^\.startnext\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Starwood-Hotels-and-Resorts.xml b/src/chrome/content/rules/Starwood-Hotels-and-Resorts.xml
deleted file mode 100644
index ad03b85d39e8..000000000000
--- a/src/chrome/content/rules/Starwood-Hotels-and-Resorts.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<ruleset name="Starwood Hotels &amp; Resorts">
-
-	<target host="starwoodhotels.com"/>
-	<target host="www.starwoodhotels.com"/>
-	<!--	* for cross-domain cookie	-->
-	<target host="*.www.starwoodhotels.com"/>
-
-
-	<securecookie host="^\.?www\.starwoodhotels\.com$" name=".*"/>
-
-
-	<!--	!www doesn't work via https.
-		Redirects to www via http.	-->
-	<rule from="^http://(?:www\.)?starwoodhotels\.com/"
-		to="https://www.starwoodhotels.com/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/StarwoodHotels.com.xml b/src/chrome/content/rules/StarwoodHotels.com.xml
new file mode 100644
index 000000000000..cfa27a7c5fa1
--- /dev/null
+++ b/src/chrome/content/rules/StarwoodHotels.com.xml
@@ -0,0 +1,14 @@
+<!--
+	Non-functional hosts
+		Timeout:
+		- starwoodhotels.com
+-->
+<ruleset name="StarwoodHotels.com">
+
+	<target host="starwoodhotels.com"/>
+	<target host="www.starwoodhotels.com"/>
+
+	<rule from="^http://(www\.)?starwoodhotels\.com/"
+			to="https://www.starwoodhotels.com/"/>
+
+</ruleset>
diff --git a/src/chrome/content/rules/StatOwl.com.xml b/src/chrome/content/rules/StatOwl.com.xml
index 0f6a51c1e668..0ddc35dacfd7 100644
--- a/src/chrome/content/rules/StatOwl.com.xml
+++ b/src/chrome/content/rules/StatOwl.com.xml
@@ -1,15 +1,18 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://collector.statowl.com/ => https://collector.statowl.com/: (60, 'SSL certificate problem: certificate has expired')
+
 	Nonfunctional subdomains:
 
 		- (www.)	(404; mismatched, CN: homer.terabytemedia.com)
 
 -->
-<ruleset name="StatOwl.com (partial)">
+<ruleset name="StatOwl.com (partial)" default_off="failed ruleset test">
 
 	<target host="collector.statowl.com" />
 
 
-	<rule from="^http://collector\.statowl\.com/"
-		to="https://collector.statowl.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Statcounter.com-falsemixed.xml b/src/chrome/content/rules/Statcounter.com-falsemixed.xml
new file mode 100644
index 000000000000..a2707ebff020
--- /dev/null
+++ b/src/chrome/content/rules/Statcounter.com-falsemixed.xml
@@ -0,0 +1,19 @@
+<!--
+	For rules not causing false/broken MCB, see Statcounter.xml.
+
+-->
+<ruleset name="Statcounter.com (false MCB)" platform="mixedcontent">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="blog.statcounter.com" />
+
+
+	<securecookie host="^\.statcounter\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
+
diff --git a/src/chrome/content/rules/Statcounter.xml b/src/chrome/content/rules/Statcounter.xml
index 961a3722eb9c..4f37de12f108 100644
--- a/src/chrome/content/rules/Statcounter.xml
+++ b/src/chrome/content/rules/Statcounter.xml
@@ -1,44 +1,61 @@
 <!--
-	Nonfunctional subdomains:
+	For rules causing false/broken MCB, see Statcounter.com-falsemixed.xml.
 
-		- gs	(redirects to http)
 
+	Nonfunctional hosts in *statcounter.com:
 
-	Problematic subdomains;
+		- gs ʰ
 
-		- www *
-		- www-beta *
+	ʰ Redirects to http
 
-	* 403; mismatched, CN: ssl2.cdngc.net
 
+	Problematic hosts in *statcounter.com:
 
-	Fully covered subdomains:
+		- blog ˣ
+		- www ³
 
-		- (www.)	(www → ^)
-		- www-beta	(→ ^)
+	³ 403
+	ˣ Mixed css
 
-		- *		(web bugs)
 
-			- c
-			- c20
-			- c40
+	Insecure cookies are set for these domains: ᶜ
+
+		- .statcounter.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="Statcounter (partial)">
+<ruleset name="Statcounter.com (partial)">
 
 	<target host="statcounter.com" />
 	<target host="*.statcounter.com" />
-		<!--exclusion pattern="^http://gs\.statcounter\.com/" /-->
 
+		<exclusion pattern="^http://(?:blog|gs)\.statcounter\.com/" />
+
+			<test url="http://blog.statcounter.com/" />
+			<test url="http://gs.statcounter.com/" />
+
+		<test url="http://c.statcounter.com/" />
+		<test url="http://c17.statcounter.com/counter.php?sc_project=" />
+		<test url="http://c20.statcounter.com/" />
+		<test url="http://c40.statcounter.com/" />
+		<test url="http://www-beta.statcounter.com/" />
 
-	<securecookie host="^(?!gs\.)(?:.*\.)?statcounter\.com$" name=".+" />
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.statcounter\.com$" name="^(?:__cfduid|PHPSESSID|cf_clearance|is_unique|is_visitor_unique)$" /-->
 
-	<rule from="^https?://www(?:-beta)?\.statcounter\.com/"
+	<securecookie host="^(?!gs\.)." name=".+" />
+
+
+	<rule from="^http://www\.statcounter\.com/"
 		to="https://statcounter.com/" />
 
-	<rule from="^http://(?!gs\.)([^/:@\.]+\.)?statcounter\.com/"
-		to="https://$1statcounter.com/" />
+		<test url="http://www.statcounter.com/" />
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
 
diff --git a/src/chrome/content/rules/StateFarm.xml b/src/chrome/content/rules/StateFarm.xml
index bdf14ce6336a..123adc770133 100644
--- a/src/chrome/content/rules/StateFarm.xml
+++ b/src/chrome/content/rules/StateFarm.xml
@@ -1,11 +1,19 @@
-<ruleset name="StateFarm" platform="mixedcontent">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://sfsecuremail.statefarm.com/ => https://sfsecuremail.statefarm.com/: (51, "SSL: no alternative certificate subject name matches target host name 'sfsecuremail.statefarm.com'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://sfsecuremail.statefarm.com/ => https://sfsecuremail.statefarm.com/: (28, 'Connection timed out after 10001 milliseconds')
+-->
+<ruleset name="StateFarm" platform="mixedcontent" default_off="failed ruleset test">
   <target host="statefarm.com" />
   <target host="www.statefarm.com" />
   <target host="sfsecuremail.statefarm.com" />
   <target host="online.statefarm.com" />
   <target host="online2.statefarm.com" />
 
-  <securecookie host="^(.+\.)?statefarm\.com$" name=".*"/>
+  <securecookie host="^(?:.+\.)?statefarm\.com$" name=".+" />
 
   <rule from="^http://(?:www\.)?statefarm\.com/" to="https://www.statefarm.com/"/>
   <rule from="^http://(sfsecuremail|online2?)\.statefarm\.com/" to="https://$1.statefarm.com/"/>
diff --git a/src/chrome/content/rules/State_of_Alaska.xml b/src/chrome/content/rules/State_of_Alaska.xml
index 52bccdc5b825..6b4e7672fc8a 100644
--- a/src/chrome/content/rules/State_of_Alaska.xml
+++ b/src/chrome/content/rules/State_of_Alaska.xml
@@ -18,10 +18,10 @@
 	<rule from="^http://acpe\.alaska\.gov/"
 		to="https://acpe.alaska.gov/" />
 
-	<rule from="^https?://aps\.alaska\.gov/\??$"
+	<rule from="^http://aps\.alaska\.gov/\??$"
 		to="https://acpe.alaska.gov/STUDENT-PARENT/Grants_Scholarships/Alaska_Performance_Scholarship.aspx" />
 
-	<rule from="^https?://aps\.alaska\.gov/\?(.+)"
+	<rule from="^http://aps\.alaska\.gov/\?(.+)"
 		to="https://acpe.alaska.gov/Default.aspx?$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/State_of_Delaware.xml b/src/chrome/content/rules/State_of_Delaware.xml
index 8fa6b248324e..2e6f52c38283 100644
--- a/src/chrome/content/rules/State_of_Delaware.xml
+++ b/src/chrome/content/rules/State_of_Delaware.xml
@@ -1,9 +1,18 @@
-<ruleset name="State of Delaware (partial)">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://delecorp.delaware.gov/ => https://delecorp.delaware.gov/: (7, 'Failed to connect to delecorp.delaware.gov port 443: Connection refused')
+
+-->
+<ruleset name="State of Delaware (partial)" default_off="failed ruleset test">
 
 	<target host="delecorp.delaware.gov" />
+	<target host="delaware.gov" />
+        <target host="www.delaware.gov" />
 
 
 	<rule from="^http://delecorp\.delaware\.gov/"
 		to="https://delecorp.delaware.gov/" />
-
-</ruleset>
\ No newline at end of file
+	<rule from="^http://(?:www\.)?delaware\.gov/"
+		to="https://www.delaware.gov/" />
+</ruleset>
diff --git a/src/chrome/content/rules/State_of_Oregon.xml b/src/chrome/content/rules/State_of_Oregon.xml
index aee05c745fa2..b0357e8e4e99 100644
--- a/src/chrome/content/rules/State_of_Oregon.xml
+++ b/src/chrome/content/rules/State_of_Oregon.xml
@@ -23,4 +23,4 @@
 	<rule from="^http://(?:www\.)?budget\.oregon\.gov/(?:.*)"
 		to="https://www.oregon.gov/gov/priorities/pages/budget.aspx" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/State_of_the_Internet.com.xml b/src/chrome/content/rules/State_of_the_Internet.com.xml
new file mode 100644
index 000000000000..320928a30a79
--- /dev/null
+++ b/src/chrome/content/rules/State_of_the_Internet.com.xml
@@ -0,0 +1,14 @@
+<!--
+	For other Akamai coverage, see Akamai.xml.
+
+-->
+<ruleset name="State of the Internet.com">
+
+	<target host="stateoftheinternet.com" />
+	<target host="www.stateoftheinternet.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Statesman_Journal.xml b/src/chrome/content/rules/Statesman_Journal.xml
index fac866f1cb03..640a083ed7c3 100644
--- a/src/chrome/content/rules/Statesman_Journal.xml
+++ b/src/chrome/content/rules/Statesman_Journal.xml
@@ -1,4 +1,6 @@
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://statesmanjournal.com/ => https://www.statesmanjournal.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.statesmanjournal.com'")
 	For other Gannett Company coverage, see Gannett-Company.xml.
 
 
@@ -34,13 +36,13 @@
 	<securecookie host="^www\.statesmanjournal\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?statesmanjournal\.com/"
+	<rule from="^http://(?:www\.)?statesmanjournal\.com/"
 		to="https://www.statesmanjournal.com/" />
 
-	<rule from="^https?://deals\.statesmanjournal\.com/(?:$|\?.*)"
+	<rule from="^http://deals\.statesmanjournal\.com/(?:$|\?.*)"
 		to="https://salem.planetdiscover.com/sp?aff=1180" />
 
-	<rule from="^https?://deals\.statesmanjournal\.com/"
+	<rule from="^http://deals\.statesmanjournal\.com/"
 		to="https://salem.planetdiscover.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Statewatch.org.xml b/src/chrome/content/rules/Statewatch.org.xml
new file mode 100644
index 000000000000..a6446e873528
--- /dev/null
+++ b/src/chrome/content/rules/Statewatch.org.xml
@@ -0,0 +1,24 @@
+<!--
+	Mixed content:
+
+		- css from $self *
+		- Images from $self *
+
+		- Bugs, from:
+
+			- s7.addthis.com *
+			- c\d+.statcounter.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Statewatch.org" default_off="expired, mismatched" platform="mixedcontent">
+
+	<target host="statewatch.org" />
+	<target host="www.statewatch.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Static-Cisco.com.xml b/src/chrome/content/rules/Static-Cisco.com.xml
new file mode 100644
index 000000000000..fad21e5f2f94
--- /dev/null
+++ b/src/chrome/content/rules/Static-Cisco.com.xml
@@ -0,0 +1,19 @@
+<!--
+	For other Cisco coverage, see Cisco.xml.
+
+
+	^static-cisco.com doesn't exist.
+
+-->
+<ruleset name="static-Cisco.com">
+
+	<target host="www.static-cisco.com" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Static-Economist.com.xml b/src/chrome/content/rules/Static-Economist.com.xml
new file mode 100644
index 000000000000..be4c04a1ed17
--- /dev/null
+++ b/src/chrome/content/rules/Static-Economist.com.xml
@@ -0,0 +1,22 @@
+<!--
+	For other Economist Group coverage, see Economist.xml.
+
+
+	CDN buckets:
+
+		- media.economist.com.cdngc.net
+
+			- cdn.static-economist.com
+
+-->
+<ruleset name="static-Economist.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="cdn.static-economist.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/StaticGen.com.xml b/src/chrome/content/rules/StaticGen.com.xml
new file mode 100644
index 000000000000..10438b444879
--- /dev/null
+++ b/src/chrome/content/rules/StaticGen.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="StaticGen.com">
+
+	<target host="staticgen.com" />
+	<target host="www.staticgen.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/StaticStuff.net.xml b/src/chrome/content/rules/StaticStuff.net.xml
new file mode 100644
index 000000000000..9a4ed3568af9
--- /dev/null
+++ b/src/chrome/content/rules/StaticStuff.net.xml
@@ -0,0 +1,26 @@
+<!--
+	For other clicky rulesets, see Clicky.com.xml
+
+	Invalid certificate:
+		staticstuff.net
+		www.staticstuff.net
+		spy.staticstuff.net
+
+-->
+<ruleset name="StaticStuff.net">
+
+	<target host="staticstuff.net" />
+	<target host="www.staticstuff.net" />
+	<target host="cdn.staticstuff.net" />
+	<target host="hello.staticstuff.net" />
+	<target host="win.staticstuff.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://(www\.)?staticstuff\.net/"
+		to="https://win.staticstuff.net/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/StaticWars.com.xml b/src/chrome/content/rules/StaticWars.com.xml
new file mode 100644
index 000000000000..5cc7b5a42685
--- /dev/null
+++ b/src/chrome/content/rules/StaticWars.com.xml
@@ -0,0 +1,13 @@
+<!--
+	For other NCsoft coverage, see NCsoft.com.xml.
+
+-->
+<ruleset name="StaticWars.com">
+
+	<target host="*.staticwars.com" />
+
+
+	<rule from="^http://(\w+)\.staticwars\.com/"
+		to="https://$1.staticwars.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Static_Flickr.com.xml b/src/chrome/content/rules/Static_Flickr.com.xml
new file mode 100644
index 000000000000..c11a75f55f8b
--- /dev/null
+++ b/src/chrome/content/rules/Static_Flickr.com.xml
@@ -0,0 +1,33 @@
+<!--
+	For other Yahoo coverage, see Yahoo.xml.
+
+
+	(www.)staticflickr.com does not exist
+-->
+<ruleset name="staticflickr.com">
+
+	<target host="*.staticflickr.com" />
+
+	<test url="http://c1.staticflickr.com/" />
+	<test url="http://c2.staticflickr.com/" />
+	<test url="http://c3.staticflickr.com/" />
+	<test url="http://c4.staticflickr.com/" />
+	<test url="http://c5.staticflickr.com/" />
+	<test url="http://c6.staticflickr.com/" />
+	<test url="http://c7.staticflickr.com/" />
+	<test url="http://c8.staticflickr.com/" />
+
+	<test url="http://farm1.staticflickr.com/" />
+	<test url="http://farm2.staticflickr.com/" />
+	<test url="http://farm3.staticflickr.com/" />
+	<test url="http://farm4.staticflickr.com/" />
+	<test url="http://farm5.staticflickr.com/" />
+	<test url="http://farm6.staticflickr.com/" />
+	<test url="http://farm7.staticflickr.com/" />
+	<test url="http://farm8.staticflickr.com/" />
+	<test url="http://farm9.staticflickr.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Static_Site_Generators.net.xml b/src/chrome/content/rules/Static_Site_Generators.net.xml
new file mode 100644
index 000000000000..cb98d53d7621
--- /dev/null
+++ b/src/chrome/content/rules/Static_Site_Generators.net.xml
@@ -0,0 +1,17 @@
+<!--
+	www: Herokuapp
+
+-->
+<ruleset name="Static Site Generators.net">
+
+	<target host="staticsitegenerators.net" />
+	<target host="www.staticsitegenerators.net" />
+
+
+	<securecookie host="^(?:\.|www\.)?staticsitegenerators\.net$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?staticsitegenerators\.net/"
+		to="https://staticsitegenerators.net/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Staticcache.org.xml b/src/chrome/content/rules/Staticcache.org.xml
new file mode 100644
index 000000000000..209a8f133b4e
--- /dev/null
+++ b/src/chrome/content/rules/Staticcache.org.xml
@@ -0,0 +1,14 @@
+<!--
+	For other William Hill coverage, see William-Hill.xml.
+
+-->
+<ruleset name="staticcache.org">
+
+	<target host="cmscdn.staticcache.org" />
+	<target host="cwf.staticcache.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Staticmy.com.xml b/src/chrome/content/rules/Staticmy.com.xml
new file mode 100644
index 000000000000..e8e44230be60
--- /dev/null
+++ b/src/chrome/content/rules/Staticmy.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="staticmy.com">
+
+	<target host="img.staticmy.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Staticskynet.be.xml b/src/chrome/content/rules/Staticskynet.be.xml
new file mode 100644
index 000000000000..82df5a82c484
--- /dev/null
+++ b/src/chrome/content/rules/Staticskynet.be.xml
@@ -0,0 +1,14 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://common.staticskynet.be/ => https://common.staticskynet.be/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+-->
+<ruleset name="staticskynet.be" default_off="failed ruleset test">
+
+	<target host="common.staticskynet.be" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/StationColdBrew.com.xml b/src/chrome/content/rules/StationColdBrew.com.xml
new file mode 100644
index 000000000000..0feb48954b48
--- /dev/null
+++ b/src/chrome/content/rules/StationColdBrew.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="StationColdBrew.com">
+	<target host="stationcoldbrew.com" />
+	<target host="www.stationcoldbrew.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Station_L_Rowing_Club.xml b/src/chrome/content/rules/Station_L_Rowing_Club.xml
index 2c46ea086ffb..1bca9ff97f34 100644
--- a/src/chrome/content/rules/Station_L_Rowing_Club.xml
+++ b/src/chrome/content/rules/Station_L_Rowing_Club.xml
@@ -7,7 +7,6 @@
 	<securecookie host="^(?:www\.)?stationlrowingclub\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?stationlrowingclub\.com/"
-		to="https://$1stationlrowingclub.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Statistics.gov.uk.xml b/src/chrome/content/rules/Statistics.gov.uk.xml
new file mode 100644
index 000000000000..b1afa453a32f
--- /dev/null
+++ b/src/chrome/content/rules/Statistics.gov.uk.xml
@@ -0,0 +1,41 @@
+<!--
+	For other UK government coverage, see GOV.UK.xml.
+
+	Non-functional hosts
+		Couldn't connect to server:
+		- data.statistics.gov.uk
+
+		Timeout was reached:
+		- www.hubedit.statistics.gov.uk
+		- www.hubpreview.statistics.gov.uk
+		- www.onstest.statistics.gov.uk
+		- prerelease.statistics.gov.uk
+		- www.prerelease.statistics.gov.uk
+		- pressoffice.statistics.gov.uk
+
+		SSL connect error:
+		- opss.statistics.gov.uk
+
+		SSL peer certificate was not OK:
+		- www.statistics.gov.uk
+		- geoportal.statistics.gov.uk
+		- neighborhood.statistics.gov.uk
+		- www.neighborhood.statistics.gov.uk
+
+		Incomplete certificate chain error:
+		- fa1rvwapxx439.ons.statistics.gov.uk
+		- www.secure-transfer.statistics.gov.uk
+		- www1.secure-transfer.statistics.gov.uk
+		- www2.secure-transfer.statistics.gov.uk
+-->
+<ruleset name="Statistics.gov.uk (partial)">
+	<target host="www.statistics.gov.uk" />
+	<target host="neighbourhood.statistics.gov.uk" />
+	<target host="www.neighbourhood.statistics.gov.uk" />
+
+	<rule from="^http://www\.statistics\.gov\.uk/$"
+		  	to="https://www.gov.uk/government/statistics/announcements" />
+
+	<rule from="^http://(www\.)?neighbourhood\.statistics\.gov\.uk/"
+			to="https://$1neighbourhood.statistics.gov.uk/" />
+</ruleset>
diff --git a/src/chrome/content/rules/StatisticsDoneWrong.com.xml b/src/chrome/content/rules/StatisticsDoneWrong.com.xml
new file mode 100644
index 000000000000..5ac91f93b7b8
--- /dev/null
+++ b/src/chrome/content/rules/StatisticsDoneWrong.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="StatisticsDoneWrong.com">
+	<target host="statisticsdonewrong.com" />
+	<target host="www.statisticsdonewrong.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/StatistikamtBayern.xml b/src/chrome/content/rules/StatistikamtBayern.xml
index 58a28506ed66..7a6820f8face 100644
--- a/src/chrome/content/rules/StatistikamtBayern.xml
+++ b/src/chrome/content/rules/StatistikamtBayern.xml
@@ -2,5 +2,5 @@
   <target host="www.statistik.bayern.de" />
   <target host="statistik.bayern.de" />
 
-  <rule from="^http://(www\.)?statistik\.bayern\.de/" to="https://www.statistik.bayern.de/"/>
+  <rule from="^http://(?:www\.)?statistik\.bayern\.de/" to="https://www.statistik.bayern.de/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/Status.net.xml b/src/chrome/content/rules/Status.net.xml
new file mode 100644
index 000000000000..82697aa80e64
--- /dev/null
+++ b/src/chrome/content/rules/Status.net.xml
@@ -0,0 +1,17 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+			 - api.status.net
+
+		4xx client error:
+			 - cdn.status.net
+			 - images.status.net
+-->
+<ruleset name="Status.net (partial)">
+	<target host="status.net" />
+	<target host="app.status.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/StatusCake.com.xml b/src/chrome/content/rules/StatusCake.com.xml
new file mode 100644
index 000000000000..ecba08989855
--- /dev/null
+++ b/src/chrome/content/rules/StatusCake.com.xml
@@ -0,0 +1,45 @@
+<!--
+	Nonfunctional subdomains:
+
+		- kb *
+
+	* Zendesk
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.statuscake.com
+
+-->
+<ruleset name="StatusCake.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="statuscake.com" />
+	<target host="www.statuscake.com" />
+
+	<!--	Complications:
+				-->
+	<!--target host="kb.statuscake.com" /-->
+
+		<!--exclusion pattern="^http://kb\.statuscake\.com/(?!hc/assets/)" /-->
+
+			<!--	+ve:
+					-->
+			<!--test url="http://kb.statuscake.com/hc/en-us" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.statuscake\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^www\.statuscake\.com$" name=".+" />
+
+
+	<!--rule from="^http://kb\.statuscake\.com/"
+		to="https://statuscake1.zendesk.com/" /-->
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/StatusNet.xml b/src/chrome/content/rules/StatusNet.xml
deleted file mode 100644
index eacedd5f42f4..000000000000
--- a/src/chrome/content/rules/StatusNet.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="StatusNet (partial)">
-
-	<target host="*.status.net"/>
-
-	<rule from="^http://(avatar3|file|plugins[12]|theme[12])\.status\.net/" to="https://$1.status.net/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/StatusPage.io.xml b/src/chrome/content/rules/StatusPage.io.xml
index 8465fc75dba2..8c242d62b837 100644
--- a/src/chrome/content/rules/StatusPage.io.xml
+++ b/src/chrome/content/rules/StatusPage.io.xml
@@ -4,38 +4,28 @@
 		- status-page-blog.s3.amazonaws.com
 		- d13w15pduyzezm.cloudfront.net
 
-		- status-page-blog.herokuapp.com
-
-			- blog
-
-
-	Problematic subdomains:
-
-		- blog		(works; mismatched, CN: *.herokuapp.com)
-
-
-	Fully covered subdomains:
-
-		- blog		(→ status-page-blog.herokuapp.com)
-		- hosted
-		- manage
-		- www
-		- *	(per-client subdomains)
-
 -->
 <ruleset name="StatusPage.io">
 
 	<target host="statuspage.io" />
 	<target host="*.statuspage.io" />
+	<target host="metastatuspage.com" />
 
+		<test url="http://www.statuspage.io/" />
+		<test url="http://manage.statuspage.io/" />
+		<test url="http://blog.statuspage.io/" />
+		<test url="http://help.statuspage.io/" />
+		<test url="http://meta.statuspage.io/" />
+		<test url="http://usertesting.statuspage.io/" />
 
-	<securecookie host=".*\.statuspage\.io$" name=".+" />
+		<!-- A couple of random customer pages -->
+		<test url="http://bitbucket.statuspage.io/" />
+		<test url="http://surveygizmo.statuspage.io/" />
+		<test url="http://switch.statuspage.io/" />
 
+	<securecookie host=".*\.statuspage\.io$" name=".+" />
 
-	<rule from="^http://blog\.statuspage\.io/"
-		to="https://status-page-blog.herokuapp.com/" />
-
-	<rule from="^http://([\w-]+\.)?statuspage\.io/"
-		to="https://$1statuspage.io/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Statushub.io.xml b/src/chrome/content/rules/Statushub.io.xml
new file mode 100644
index 000000000000..2e63ffc0c339
--- /dev/null
+++ b/src/chrome/content/rules/Statushub.io.xml
@@ -0,0 +1,36 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://workspaces.statushub.io/ => https://workspaces.statushub.io/: (60, 'SSL certificate problem: certificate has expired')
+blog. protocol error
+mozillastatus. mismatch
+msuservicestatus. mismatch-->
+<ruleset name="Statushub.io" default_off="failed ruleset test">
+	<target host="statushub.io" />
+	<target host="www.statushub.io" />
+	<target host="app.statushub.io" />
+	<target host="armor.statushub.io" />
+	<target host="acecommunications.statushub.io" />
+	<target host="workspaces.statushub.io" />
+	<target host="oupublic.statushub.io" />
+	<target host="aodocs.statushub.io" />
+	<target host="realtime.statushub.io" />
+	<target host="emailage.statushub.io" />
+	<target host="osiris.statushub.io" />
+	<target host="uogictstatus.statushub.io" />
+	<target host="fastnotes.statushub.io" />
+	<target host="mozillastatus.statushub.io" />
+	<target host="msuservicestatus.statushub.io" />
+
+	<rule from="^http://mozillastatus\.statushub\.io/"
+		to="https://status.mozilla.org/" />
+
+	<test url="http://mozillastatus.statushub.io/" />
+
+	<rule from="^http://msuservicestatus\.statushub\.io/"
+		to="https://servicestatus.msu.edu/" />
+
+	<test url="http://msuservicestatus.statushub.io/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Stavrovski.Net.xml b/src/chrome/content/rules/Stavrovski.Net.xml
new file mode 100644
index 000000000000..fa12b101f715
--- /dev/null
+++ b/src/chrome/content/rules/Stavrovski.Net.xml
@@ -0,0 +1,34 @@
+<!--
+	Fully covered hosts in *stavrovski.net:
+
+		- (www.)?
+		- d
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .stavrovski.net
+		- www.stavrovski.net
+
+-->
+<ruleset name="Stavrovski.Net">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="stavrovski.net" />
+	<target host="d.stavrovski.net" />
+	<target host="www.stavrovski.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.stavrovski\.net$" name="^(__cfduid|cf_clearance)$" /-->
+	<!--securecookie host="^www\.stavrovski\.net$" name="^[\da-f]+$" /-->
+
+	<securecookie host="^(?:www)?\.stavrovski\.net$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/StayClassy.xml b/src/chrome/content/rules/StayClassy.xml
deleted file mode 100644
index 6ff1e46bcb80..000000000000
--- a/src/chrome/content/rules/StayClassy.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="StayClassy">
-
-	<target host="stayclassy.org" />
-	<target host="*.stayclassy.org" />
-
-
-	<securecookie host="^(?:www)?\.stayclassy\.org$" name=".+" />
-
-
-	<rule from="^http://(www\.)?stayclassy\.org/"
-		to="https://$1stayclassy.org/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/StaySafeOnline.org.xml b/src/chrome/content/rules/StaySafeOnline.org.xml
new file mode 100644
index 000000000000..947c45e3dd7d
--- /dev/null
+++ b/src/chrome/content/rules/StaySafeOnline.org.xml
@@ -0,0 +1,18 @@
+<!--
+	Mixed content:
+
+		- css from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="StaySafeOnline.org">
+
+	<target host="staysafeonline.org" />
+	<target host="www.staysafeonline.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/StaySmartOnline.xml b/src/chrome/content/rules/StaySmartOnline.xml
new file mode 100644
index 000000000000..4eb4e31bc955
--- /dev/null
+++ b/src/chrome/content/rules/StaySmartOnline.xml
@@ -0,0 +1,12 @@
+<ruleset name="Stay Smart Online">
+	<target host="staysmartonline.gov.au" />
+	<target host="www.staysmartonline.gov.au" />
+	<target host="budd-e.staysmartonline.gov.au" />
+	<target host="www.budd-e.staysmartonline.gov.au" />
+
+	<rule from="^http://(?:www\.)?staysmartonline\.gov\.au/"
+		to="https://www.staysmartonline.gov.au/" />
+
+	<rule from="^http://(?:www\.)?budd-e\.staysmartonline\.gov\.au/"
+		to="https://budd-e.staysmartonline.gov.au/" />
+</ruleset>
diff --git a/src/chrome/content/rules/StayToday.com.xml b/src/chrome/content/rules/StayToday.com.xml
new file mode 100644
index 000000000000..3e7a361cf107
--- /dev/null
+++ b/src/chrome/content/rules/StayToday.com.xml
@@ -0,0 +1,22 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://staytoday.com/ => https://staytoday.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.staytoday.com/ => https://www.staytoday.com/: (28, 'Connection timed out after 20000 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://staytoday.com/ => https://staytoday.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.staytoday.com/ => https://www.staytoday.com/: (60, 'SSL certificate problem: certificate has expired')
+-->
+<ruleset name="StayToday.com" default_off="failed ruleset test">
+
+	<target host="staytoday.com" />
+	<target host="www.staytoday.com" />
+
+
+	<securecookie host="^(?:www\.)?staytoday\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Stayfriends.xml b/src/chrome/content/rules/Stayfriends.xml
index 0ffa77cdc60b..c4608147665f 100644
--- a/src/chrome/content/rules/Stayfriends.xml
+++ b/src/chrome/content/rules/Stayfriends.xml
@@ -1,17 +1,19 @@
 <ruleset name="StayFriends" platform="mixedcontent">
 
 	<target host="stayfriends.at" />
-	<target host="*.stayfriends.at" />
 	<target host="stayfriends.ch" />
-	<target host="*.stayfriends.ch" />  
 	<target host="stayfriends.de" />
-	<target host="*.stayfriends.de" />
-  
+	<target host="images.stayfriends.at" />
+	<target host="images.stayfriends.ch" />
+	<target host="images.stayfriends.de" />
+	<target host="www.stayfriends.at" />
+	<target host="www.stayfriends.ch" />
+	<target host="www.stayfriends.de" />
+
 
 	<securecookie host="^(?:www)?\.stayfriends\.(?:at|ch|de)$" name=".+" />
 
 
-	<rule from="^http://(images\.|www\.)?stayfriends\.(at|ch|de)/"
-		to="https://$1stayfriends.$2/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Steadfast.net.xml b/src/chrome/content/rules/Steadfast.net.xml
index 729258e34581..5a78cb4e278f 100644
--- a/src/chrome/content/rules/Steadfast.net.xml
+++ b/src/chrome/content/rules/Steadfast.net.xml
@@ -12,13 +12,13 @@
 <ruleset name="Steadfast.net">
 
 	<target host="steadfast.net" />
-	<target host="*.steadfast.net" />
+	<target host="support.steadfast.net" />
+	<target host="www.steadfast.net" />
 
 
 	<securecookie host="^(?:support)?\.steadfast\.net$" name=".+" />
 
 
-	<rule from="^http://(support\.|www\.)?steadfast\.net/"
-		to="https://$1steadfast.net/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Steaknshake.com.xml b/src/chrome/content/rules/Steaknshake.com.xml
new file mode 100644
index 000000000000..17e64ea86e35
--- /dev/null
+++ b/src/chrome/content/rules/Steaknshake.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Steaknshake.com">
+  <target host="steaknshake.com" />
+  <target host="www.steaknshake.com" />
+
+  <rule from="^http://(?:www\.)?steaknshake\.com/" to="https://www.steaknshake.com/" />
+</ruleset>
diff --git a/src/chrome/content/rules/StealthNet.xml b/src/chrome/content/rules/StealthNet.xml
index 54e87dd4fb0e..d36c5517013d 100644
--- a/src/chrome/content/rules/StealthNet.xml
+++ b/src/chrome/content/rules/StealthNet.xml
@@ -1,11 +1,11 @@
-<ruleset name="StealthNet" default_off="mismatch">
+<ruleset name="StealthNet" default_off="mismatched">
 
 	<!--	Cert: tnorad.de	-->
 	<target host="stealthnet.de" />
 	<target host="www.stealthnet.de" />
 
 
-	<rule from="^https?://(?:www\.)?stealthnet\.de/"
+	<rule from="^http://(?:www\.)?stealthnet\.de/"
 		to="https://stealthnet.de/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Stealthnews.xml b/src/chrome/content/rules/Stealthnews.xml
deleted file mode 100644
index 0564180fa2c1..000000000000
--- a/src/chrome/content/rules/Stealthnews.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<ruleset name="Stealthnews.com">
-
-	<target host="stealthnews.com"/>
-	<target host="*.stealthnews.com"/>
-
-	<securecookie host="^(.*\.)?stealthnews\.com$" name=".*"/>
-
-	<rule from="^http://(www\.)?stealthnews\.com/"
-		to="https://$1stealthnews.com/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Stealthy.io.xml b/src/chrome/content/rules/Stealthy.io.xml
new file mode 100644
index 000000000000..1f75425624b7
--- /dev/null
+++ b/src/chrome/content/rules/Stealthy.io.xml
@@ -0,0 +1,12 @@
+<ruleset name="Stealthy.io">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="stealthy.io" />
+	<target host="www.stealthy.io" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Steam.xml b/src/chrome/content/rules/Steam.xml
index 78f657f9ac64..7bac4b2f6e0a 100644
--- a/src/chrome/content/rules/Steam.xml
+++ b/src/chrome/content/rules/Steam.xml
@@ -1,77 +1,59 @@
-<!--
-	For other Valve coverage, see Valve.xml.
+<ruleset name="Steam">
+	<target host="community.steam-api.com" />
+	<target host="partner.steam-api.com" />
 
+	<target host="steamcommunity.com" />
+	<target host="www.steamcommunity.com" />
+	<target host="api.steamcommunity.com" />
+	<target host="cdn.steamcommunity.com" />
 
-	ToDo: Find hs.llnwd.net bucket
-
-
-	CDN buckets:
-
-		- akacdn.valve.com.edgesuite.net
-
-			- a1507.d.akamai.net
-			- cdn4
-			- cloud-3
-			- repo
-
-		- content2.steampowered.com.c.footprint.net
-
-			- cloud-4
-
-		- cds.w2n5c2t7.hwcdn.net
-			- cloud-2.steampowered.com
-
-		- valve.vo.llnwd.net/...
-			- .hs. doesn't exist
-			- cdn.steampowered.com
-			- cloud.streampowered.com
-			- media.steampowered.com
-
-
-	Nonfunctional domains:
-
-		- cdn.steampowered.com		(CN: *.hs.llnwd.net; 400)
-		- cloud.steampowered.com	(CN: *.hs.llnwd.net; 400)
-		- cloud-2.steampowered.com	(refused)
-		- cloud-3	(404, akamai)
-		- cloud-4	(dropped)
-		- media.steampowered.com	(CN: *.hs.llnwd.net; 400)
-		- repo		(504, akamai)
-
-
-	Problematic subdomains:
-
-		- cdn4	(works, akamai)
-
--->
-<ruleset name="Steam (partial, broken)" default_off="breaks some forum embeds">
+	<target host="steamgames.com" />
+	<target host="www.steamgames.com" />
+	<target host="partner.steamgames.com" />
 
 	<target host="steampowered.com" />
-	<target host="*.steampowered.com" />
-		<exclusion pattern="http://www\.steampowered\.com/status/survey\.html" />
-		<!--
-			Redirect to http:
-						-->
-		<!--exclusion pattern="^http://store\.steampowered\.com/about/" /-->
+	<target host="www.steampowered.com" />
+	<target host="api.steampowered.com" />
+	<target host="cdn.steampowered.com" />
+	<target host="help.steampowered.com" />
+	<target host="media.steampowered.com" />
+	<target host="partner.steampowered.com" />
+	<target host="store.steampowered.com" />
 	<target host="cdn.store.steampowered.com" />
+	<target host="storefront.steampowered.com" />
+	<target host="support.steampowered.com" />
+
+	<target host="cdn.akamai.steamstatic.com" />
+	<target host="cdn.edgecast.steamstatic.com" />
+	<target host="community.akamai.steamstatic.com" />
+	<target host="community.edgecast.steamstatic.com" />
+	<target host="store.akamai.steamstatic.com" />
+	<target host="store.edgecast.steamstatic.com" />
 
+	<securecookie host=".+" name=".+" />
 
-	<securecookie host="^\.steampowered\.com$" name=".+" />
+	<rule from="^http://(www\.)?steamgames\.com/"
+			to="https://store.steampowered.com/" />
 
+	<test url="http://storefront.steampowered.com/v/gfx/apps/210950/capsule_467x181.jpg" />
+	<rule from="^http://storefront\.steampowered\.com/v/gfx/"
+			to="https://steamcdn-a.akamaihd.net/steam/" />
 
-	<rule from="^http://store\.steampowered\.com/(jo|log)in"
-		to="https://store.steampowered.com/$1in" />
+	<rule from="^http://((cdn|storefront|www)\.)?steampowered\.com/"
+			to="https://store.steampowered.com/" />
 
-	<rule from="^http://steampowered\.com/"
-		to="https://www.steampowered.com/" />
+	<rule from="^http://www\.steamcommunity\.com/"
+			to="https://steamcommunity.com/" />
 
-	<rule from="^http://(cafe|support|www)\.steampowered\.com/"
-		to="https://$1.steampowered.com/" />
+	<rule from="^http://(cdn\.steamcommunity|community\.akamai\.steamstatic|community\.edgecast\.steamstatic)\.com/"
+		to="https://steamcommunity-a.akamaihd.net/" />
 
-	<rule from="^http://store\.steampowered\.com/public/images/"
-		to="https://store.steampowered.com/public/images/" />
+	<rule from="^http://(media\.steampowered|cdn\.akamai\.steamstatic|cdn\.edgecast\.steamstatic)\.com/"
+		to="https://steamcdn-a.akamaihd.net/" />
 
-	<rule from="^https?://cdn\.(store\.)?steampowered\.com/"
-		to="https://$1steampowered.com/" />
+	<rule from="^http://(cdn\.store\.steampowered|store\.akamai\.steamstatic|store\.edgecast\.steamstatic)\.com/"
+		to="https://steamstore-a.akamaihd.net/" />
 
+	<rule from="^http:"
+			to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Steam_Community.com.xml b/src/chrome/content/rules/Steam_Community.com.xml
deleted file mode 100644
index 44867ceec0d4..000000000000
--- a/src/chrome/content/rules/Steam_Community.com.xml
+++ /dev/null
@@ -1,42 +0,0 @@
-<!--
-	For other Valve coverage, see Valve.xml.
-
-
-	Mixed content:
-
-		- Images, on ^ from:
-
-			- cdn *
-			- cdn4.steampowered.com
-			- media.steampowered.com
-
-	* Secured by us
-
--->
-<ruleset name="Steam Community.com (partial, broken)" default_off="breaks some forum embeds">
-
-	<target host="steamcommunity.com" />
-	<target host="*.steamcommunity.com" />
-		<!--
-			Redirects to http
-						-->
-		<exclusion pattern="^http://steamcommunity\.com/+($|\?)" />
-		<!--
-			Breaks news/screenshot/video loading.
-					-->
-		<exclusion pattern="^http://(?:www\.)?steamcommunity\.com/app/\d+/(?:homecontent|news|screenshots|videos)" />
-		<!--
-			Breaks thread loading:
-						-->
-		<exclusion pattern="^http://(?:www\.)?steamcommunity\.com/groups/" />
-
-
-	<securecookie host="^steamcommunity\.com$" name=".+" />
-
-
-	<!--	www: cert only matches ^streamcommunity.com.
-								-->
-	<rule from="^http://(?:cdn\.|www\.)?steamcommunity\.com/"
-		to="https://steamcommunity.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Steamid.eu.xml b/src/chrome/content/rules/Steamid.eu.xml
new file mode 100644
index 000000000000..8790ee16d01e
--- /dev/null
+++ b/src/chrome/content/rules/Steamid.eu.xml
@@ -0,0 +1,6 @@
+<ruleset name="Steamid.eu">
+	<target host="steamid.eu" />
+	<target host="www.steamid.eu" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Steamray.com.xml b/src/chrome/content/rules/Steamray.com.xml
new file mode 100644
index 000000000000..dc225da4cc7d
--- /dev/null
+++ b/src/chrome/content/rules/Steamray.com.xml
@@ -0,0 +1,61 @@
+<!--
+	Ads.
+
+	For other FriendFinder coverage, see FriendFinder.xml.
+
+
+	(www.): refused
+
+
+	Problematic subdomains:
+
+		- graphics ¹
+		- webmaster ²
+
+	¹ Works; mismatched, CN: *.securedataimages.com
+	² works; mismatched, CN: affiliates.streamray.com
+
+
+	Fully covered subdomains:
+
+		- affiliates
+		- graphics	(→ secureimage.securedataimages.com)
+		- studios
+		- webmaster	(→ affiliates)
+
+
+	These altnames don't exist:
+
+		- www.affiliates.streamray.com
+
+-->
+<ruleset name="Streamray.com (partial)">
+
+	<target host="affiliates.streamray.com" />
+	<target host="studios.streamray.com" />
+
+	<!--	Complications:
+				-->
+	<target host="graphics.streamray.com" />
+	<target host="webmaster.streamray.com" />
+
+		<!--exclusion pattern="^http://www\." /-->
+
+
+	<securecookie host="^\.steamray\.com$" name="^(?:AB_TRACKING|cams_tr|click_id_time|HISTORY|IP_COUNTRY|LOCATION_FROM_IP|REFERRAL_URL)$" />
+	<!--
+		Could we secure either of these safely?
+							-->
+	<!--securecookie host="^\.steamray\.com$" name="^(cams_who|v_hash)$" /-->
+
+
+	<rule from="^http://graphics\.streamray\.com/"
+		to="https://secureimage.securedataimages.com/" />
+
+	<rule from="^http://webmaster\.streamray\.com/"
+		to="https://affiliates.streamray.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Steamrep.com.xml b/src/chrome/content/rules/Steamrep.com.xml
new file mode 100644
index 000000000000..db95f5f7ae50
--- /dev/null
+++ b/src/chrome/content/rules/Steamrep.com.xml
@@ -0,0 +1,10 @@
+<!--
+Error on https://forums.steamrep.com/
+-->
+
+<ruleset name="Steamrep.com">
+  <target host="steamrep.com" />
+  <target host="www.steamrep.com" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Steamspy.com.xml b/src/chrome/content/rules/Steamspy.com.xml
new file mode 100644
index 000000000000..4fa854852cc5
--- /dev/null
+++ b/src/chrome/content/rules/Steamspy.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="Steamspy.com">
+	<target host="steamspy.com" />
+	<target host="www.steamspy.com" />
+	<rule from="^http://www\.steamspy\.com/"
+	to="https://steamspy.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Steamunlock.com.xml b/src/chrome/content/rules/Steamunlock.com.xml
new file mode 100644
index 000000000000..3dccc824d5e1
--- /dev/null
+++ b/src/chrome/content/rules/Steamunlock.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Steamunlock.com">
+  <target host="steamunlock.com" />
+  <target host="www.steamunlock.com" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Steaw.xml b/src/chrome/content/rules/Steaw.xml
index 3ec0208bb738..a79b2518c182 100644
--- a/src/chrome/content/rules/Steaw.xml
+++ b/src/chrome/content/rules/Steaw.xml
@@ -1,10 +1,27 @@
-<ruleset name="Steaw">
 
-	<target host="steaw.com" />
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.steaw.com/ => https://www.steaw.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://steaw.com/ => https://www.steaw.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+	^steaw.com: Shows another domain
+
+-->
+<ruleset name="Steaw.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
 	<target host="www.steaw.com" />
 
+	<!--	Complications:
+				-->
+	<target host="steaw.com" />
+
+
+	<rule from="^http://steaw\.com/"
+		to="https://www.steaw.com/" />
 
-	<rule from="^http://(www\.)?steaw\.com/"
-		to="https://$1steaw.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SteelHousemedia.com.xml b/src/chrome/content/rules/SteelHousemedia.com.xml
index b507f7aaff16..bcf80708ee7c 100644
--- a/src/chrome/content/rules/SteelHousemedia.com.xml
+++ b/src/chrome/content/rules/SteelHousemedia.com.xml
@@ -15,7 +15,10 @@
 -->
 <ruleset name="SteelHousemedia.com (partial)">
 
-	<target host="*.steelhousemedia.com" />
+	<target host="cdn4s.steelhousemedia.com" />
+	<target host="dx.steelhousemedia.com" />
+	<target host="px.steelhousemedia.com" />
+	<target host="ww.steelhousemedia.com" />
 
 
 	<!--	Tracking cookies:
@@ -24,7 +27,6 @@
 	<securecookie host="^\.px\.steelhousemedia\.com$" name=".+" />
 
 
-	<rule from="^http://(cdn4s|dx|px|ww)\.steelhousemedia\.com/"
-		to="https://$1.steelhousemedia.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Steeleye.com.xml b/src/chrome/content/rules/Steeleye.com.xml
index f232d24b21a8..9d57d3655f4e 100644
--- a/src/chrome/content/rules/Steeleye.com.xml
+++ b/src/chrome/content/rules/Steeleye.com.xml
@@ -12,7 +12,6 @@
 	<securecookie host="^license\.steeleye\.com$" name=".+" />
 
 
-	<rule from="^http://license\.steeleye\.com/"
-		to="https://license.steeleye.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Steemh.org.xml b/src/chrome/content/rules/Steemh.org.xml
new file mode 100644
index 000000000000..34033b15e5f5
--- /dev/null
+++ b/src/chrome/content/rules/Steemh.org.xml
@@ -0,0 +1,6 @@
+<ruleset name="Steemh.org">
+	<target host="steemh.org" />
+	<target host="www.steemh.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Steep_and_Cheap.com.xml b/src/chrome/content/rules/Steep_and_Cheap.com.xml
new file mode 100644
index 000000000000..34a5e434dd1a
--- /dev/null
+++ b/src/chrome/content/rules/Steep_and_Cheap.com.xml
@@ -0,0 +1,22 @@
+<!--
+	^steepandcheap.com: Akamai
+
+-->
+<ruleset name="Steep and Cheap.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.steepandcheap.com" />
+
+	<!--	Complications:
+				-->
+	<target host="steepandcheap.com" />
+
+
+	<rule from="^http://steepandcheap\.com/"
+		to="https://www.steepandcheap.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Stefan-Betz.net.xml b/src/chrome/content/rules/Stefan-Betz.net.xml
new file mode 100644
index 000000000000..126a9bbe1bb1
--- /dev/null
+++ b/src/chrome/content/rules/Stefan-Betz.net.xml
@@ -0,0 +1,13 @@
+<ruleset name="Stefan-Betz.net">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="stefan-betz.net" />
+	<target host="blog.stefan-betz.net" />
+	<target host="www.stefan-betz.net" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Steganos.com.xml b/src/chrome/content/rules/Steganos.com.xml
index cac1a7332910..ecd83987be0b 100644
--- a/src/chrome/content/rules/Steganos.com.xml
+++ b/src/chrome/content/rules/Steganos.com.xml
@@ -25,13 +25,14 @@
 <ruleset name="Steganos.com">
 
 	<target host="steganos.com" />
-	<target host="*.steganos.com" />
+	<target host="blog.steganos.com" />
+	<target host="securestore.steganos.com" />
+	<target host="www.steganos.com" />
 
 
 	<securecookie host=".*\.steganos\.com$" name=".+" />
 
 
-	<rule from="^http://((?:blog|securestore|www)\.)?steganos\.com/"
-		to="https://$1steganos.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Stella_and_Dot.xml b/src/chrome/content/rules/Stella_and_Dot.xml
index 6387fb81f9c2..80689fdcd3a8 100644
--- a/src/chrome/content/rules/Stella_and_Dot.xml
+++ b/src/chrome/content/rules/Stella_and_Dot.xml
@@ -1,4 +1,12 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://stylewatch.stelladot.com/ => https://stylewatch.stelladot.com/: (51, "SSL: no alternative certificate subject name matches target host name 'stylewatch.stelladot.com'")
+
+	Other Stella & Dot rulesets:
+
+
+
 	CDN buckets:
 
 		- com.stelladot.static.s3.amazonaws.com
@@ -8,38 +16,96 @@
 			- s3static.stelladotcdn.com
 
 
-	Problematic domains:
+	Problematic hosts in *stelladot.com:
 
-		- s3static.stelladotcdn.com	(mismatched, CN: *.test.edgekey.net)
+		- blog ᵐ
 
+	ᵐ Mismatched
 
-	Fully covered domains:
 
-		- stelladot.com subdomains:
+	Insecure cookies are set for these domains and hosts:
 
-			- (www.)
-			- lounge
-			- shop
-			- stylewatch
-			- stylistlounge
+		- .stelladot.com
+		- lounge.stelladot.com
+		- www.stelladot.com
 
-		- s3static.stelladotcdn.com	(→ s3.amazonaws.com)
 
--->
-<ruleset name="Stella &amp; Dot">
-
-	<target host="stelladot.com" />
-	<target host="*.stelladot.com" />
-	<target host="s3static.stelladotcdn.com" />
+	Mixed content:
 
+		- css on www from assets.stelladot.com ˢ
 
-	<securecookie host=".*\.stelladot\.com$" name=".+" />
+		- Images, on:
 
+			- www from shop.stelladot.com ˢ
+			- www from s3static.stelladotcdn.com ˢ
 
-	<rule from="^http://((?:(?:stylist)?lounge|shop|stylewatch|www)\.)?stelladot\.com/"
-		to="https://$1stelladot.com/" />
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
-	<rule from="^http://s3static\.stelladotcdn\.com/"
-		to="https://s3.amazonaws.com/com.stelladot.static/" />
+-->
+<ruleset name="Stella Dot.com (partial)" default_off="failed ruleset test">
 
-</ruleset>
\ No newline at end of file
+	<target host="stelladot.com" />
+	<target host="assets.stelladot.com" />
+	<target host="lounge.stelladot.com" />
+	<target host="shop.stelladot.com" />
+	<target host="stylewatch.stelladot.com" />
+	<target host="stylistlounge.stelladot.com" />
+	<target host="www.stelladot.com" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.stelladot\.com/$" /-->
+		<!--
+			Mixed css:
+					-->
+		<!--exclusion pattern="^http://www\.stelladot\.com/help$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://(?:www\.)?stelladot\.com/(?!/*(?:bootstrap/|bootstrap-select/|common/|favicon\.ico|images/|minify/|sdrand/|shop/account(?:create|login|forgot)(?:$|[?/])))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.stelladot.com/about/listings" />
+			<test url="http://www.stelladot.com/affiliates" />
+			<test url="http://www.stelladot.com/connect/stylist" />
+			<test url="http://www.stelladot.com/events" />
+			<test url="http://www.stelladot.com/help" />
+			<test url="http://www.stelladot.com/help/privacypolicy" />
+			<test url="http://www.stelladot.com/lastylist" />
+			<test url="http://www.stelladot.com/shop" />
+			<test url="http://www.stelladot.com/stylist" />
+			<test url="http://www.stelladot.com/trunkshow/faqs" />
+
+			<!--	-ve:
+					-->
+			<test url="http://stelladot.com/common/bootstrap-select/bootstrap-select.css" />
+			<test url="http://stelladot.com/common/bootstrap/css/bootstrap.css" />
+			<test url="http://stelladot.com/common/images/logo-color.svg" />
+			<test url="http://stelladot.com/common/minify/?f=/css/ts.css,/common/css/trunkshows/rsvpstatus.css,/common/css/trunkshows/invitations.css,/common/_compiled/css/trunkshows/invite-header.css,/common/_compiled/css/trunkshows/email-settings.css,/common/css/trunkshows/selectstyle.css" />
+			<test url="http://stelladot.com/common/webfonts/proximaNova/proximanova_regular_macroman/ProximaNova-Reg-webfont.ttf" />
+			<test url="http://www.stelladot.com/favicon.ico" />
+			<test url="http://www.stelladot.com/images/mobile-icon-bag.png" />
+			<test url="http://www.stelladot.com/sdrand/01558cca91a78138e3d95894437fbcd3ca18271c//common/css/ui-stelladot/jquery-ui-1.8.9.custom.css" />
+			<test url="http://www.stelladot.com/shop/account/create" />
+			<test url="http://www.stelladot.com/shop/account/forgot" />
+			<test url="http://www.stelladot.com/shop/account/login" /><!--	mixed images -->
+
+		<test url="http://assets.stelladot.com/website-assets/NA/site/corp/css/global-cms.css" />
+		<test url="http://shop.stelladot.com/style/media/catalog/product/cache/0/image/450x682/9df78eab33525d08d6e5fb8d27136e95/r/1/r157g_engravable_signet_ring_engraved_hero_5.jpg" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.stelladot\.com$" name="^(?:frontend|locale)$" /-->
+	<!--securecookie host="^(?:lounge|www)\.stelladot\.com$" name="^PHPSESSID$" /-->
+
+	<!--securecookie host="." name="." /-->
+	<securecookie host=".+" name="^optimizely" />
+	<securecookie host="^[^.sw]" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Stellar.org.xml b/src/chrome/content/rules/Stellar.org.xml
new file mode 100644
index 000000000000..2ad145bfada1
--- /dev/null
+++ b/src/chrome/content/rules/Stellar.org.xml
@@ -0,0 +1,20 @@
+<!--
+	Fully covered subdomains:
+
+		- (www.)?
+		- launch
+
+-->
+<ruleset name="Stellar.org">
+
+	<target host="stellar.org" />
+	<target host="launch.stellar.org" />
+	<target host="www.stellar.org" />
+
+
+	<securecookie host="^\.stellar\.org$" name="^__cfduid$" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Stellwerksim.de.xml b/src/chrome/content/rules/Stellwerksim.de.xml
new file mode 100644
index 000000000000..6b8123daa774
--- /dev/null
+++ b/src/chrome/content/rules/Stellwerksim.de.xml
@@ -0,0 +1,33 @@
+<!--
+	Nonfunctional hosts in *.stellwerksim.de:
+
+	certificate mismatch
+        public8.stellwerksim.de
+        public9.stellwerksim.de
+        qs.stellwerksim.de
+
+	connection refused
+        bbb.stellwerksim.de
+
+    Out of date certificate
+        doku.sandbox.stellwerksim.de
+
+	timeout on https
+        mx0.stellwerksim.de
+        mx1.stellwerksim.de
+        public6.stellwerksim.de
+        public7.stellwerksim.de
+
+    Website unavailable (Message from provider)
+        stitzdoku.stellwerksim.de
+
+-->
+<ruleset name="Stellwerksim.de">
+
+    <target host="stellwerksim.de" />
+    <target host="www.stellwerksim.de" />
+    <target host="doku.stellwerksim.de" />
+    <target host="stitz.stellwerksim.de" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Stelter.xml b/src/chrome/content/rules/Stelter.xml
index 6c82e4686ead..b9fa88a95381 100644
--- a/src/chrome/content/rules/Stelter.xml
+++ b/src/chrome/content/rules/Stelter.xml
@@ -1,4 +1,18 @@
-<ruleset name="Stelter (partial)" platform="mixedcontent">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://gftplns.org/ => https://gftplns.org/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.gftplns.org/ => https://www.gftplns.org/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://plan.gs/ => https://gftplns.org/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.plan.gs/ => https://www.gftplns.org/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://dashboard.stelter.com/ => https://dashboard.stelter.com/: (7, 'Failed to connect to dashboard.stelter.com port 443: Connection refused')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.gftplns.org/ => https://www.gftplns.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.plan.gs/ => https://www.gftplns.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://dashboard.stelter.com/ => https://dashboard.stelter.com/: (28, 'Connection timed out after 10000 milliseconds')
+-->
+<ruleset name="Stelter (partial)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="gftplns.org"/>
 	<target host="www.gftplns.org"/>
@@ -6,7 +20,7 @@
 	<target host="www.plan.gs"/>
 	<target host="dashboard.stelter.com"/>
 
-	<securecookie host="^(.*\.)?gftplns\.org$" name=".*"/>
+	<securecookie host="^(?:.*\.)?gftplns\.org$" name=".+" />
 
 	<rule from="^http://(www\.)?(?:gftplns\.org|plan\.gs)/"
 		to="https://$1gftplns.org/"/>
diff --git a/src/chrome/content/rules/Stemformatics.org.xml b/src/chrome/content/rules/Stemformatics.org.xml
new file mode 100644
index 000000000000..221e9ba091cb
--- /dev/null
+++ b/src/chrome/content/rules/Stemformatics.org.xml
@@ -0,0 +1,13 @@
+<!--
+	^stemformatics.org doesn't exist.
+
+-->
+<ruleset name="Stemformatics.org">
+
+	<target host="www.stemformatics.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Stemulite_Fitness_Formula.xml b/src/chrome/content/rules/Stemulite_Fitness_Formula.xml
index 03c8d31a2d1a..f31382a255ed 100644
--- a/src/chrome/content/rules/Stemulite_Fitness_Formula.xml
+++ b/src/chrome/content/rules/Stemulite_Fitness_Formula.xml
@@ -1,13 +1,12 @@
 <ruleset name="Stemulite Fitness Formula">
 
 	<target host="stemulitefitnessformula.com" />
-	<target host="*.stemulitefitnessformula.com" />
+	<target host="www.stemulitefitnessformula.com" />
 
 
 	<securecookie host="^\.stemulitefitnessformula\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?stemulitefitnessformula\.com/"
-		to="https://$1stemulitefitnessformula.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/StephenHicks.org.xml b/src/chrome/content/rules/StephenHicks.org.xml
new file mode 100644
index 000000000000..9ea52731c076
--- /dev/null
+++ b/src/chrome/content/rules/StephenHicks.org.xml
@@ -0,0 +1,19 @@
+<!--
+	Mismatched:
+		- autoconfig
+		- ftp
+		- whm
+-->
+<ruleset name="StephenHicks.org">
+	<target host="stephenhicks.org" />
+	<target host="www.stephenhicks.org" />
+	<target host="autodiscover.stephenhicks.org" />
+	<target host="cpanel.stephenhicks.org" />
+	<target host="mail.stephenhicks.org" />
+	<target host="webdisk.stephenhicks.org" />
+	<target host="webmail.stephenhicks.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/StephenHolyday.ca.xml b/src/chrome/content/rules/StephenHolyday.ca.xml
new file mode 100644
index 000000000000..e701286ce47e
--- /dev/null
+++ b/src/chrome/content/rules/StephenHolyday.ca.xml
@@ -0,0 +1,6 @@
+<ruleset name="StephenHolyday.ca">
+	<target host="stephenholyday.ca" />
+	<target host="www.stephenholyday.ca" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Stephenpi.com.xml b/src/chrome/content/rules/Stephenpi.com.xml
new file mode 100644
index 000000000000..eedc4d06e229
--- /dev/null
+++ b/src/chrome/content/rules/Stephenpi.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Stephenpi.com">
+	<target host="stephenpi.com" />
+	<target host="www.stephenpi.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Stepmaniax.com.xml b/src/chrome/content/rules/Stepmaniax.com.xml
new file mode 100644
index 000000000000..1bc6267bbcd2
--- /dev/null
+++ b/src/chrome/content/rules/Stepmaniax.com.xml
@@ -0,0 +1,15 @@
+<ruleset name="stepmaniax.com">
+	<target host="stepmaniax.com" />
+	<target host="www.stepmaniax.com" />
+	<target host="api.stepmaniax.com" />
+	<target host="www.api.stepmaniax.com" />
+	<target host="data.stepmaniax.com" />
+	<target host="www.data.stepmaniax.com" />
+	<target host="docs.data.stepmaniax.com" />
+	<target host="www.docs.data.stepmaniax.com" />
+	<target host="host.stepmaniax.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Stern.de.xml b/src/chrome/content/rules/Stern.de.xml
new file mode 100644
index 000000000000..f801c1f2e9f5
--- /dev/null
+++ b/src/chrome/content/rules/Stern.de.xml
@@ -0,0 +1,61 @@
+<!--
+	Invalid certificate:
+		*.1.damoh.aws.stern.de
+		*.2.damoh.aws.stern.de
+		*.3.damoh.aws.stern.de
+		www.glb.aws.stern.de
+		view.glb.aws.stern.de
+		katalogservice.stern.de
+		pmd-brightcove-streaming.stern.de
+
+	Timeout:
+		cm-preview.stern.de
+		www.int.stern.de
+		ticker.stern.de
+
+	Unable to get local issuer certificate:
+		reisewelten.stern.de
+-->
+<ruleset name="STERN.de">
+
+	<target host="stern.de" />
+	<target host="www.stern.de" />
+	<target host="aboshop.stern.de" />
+	<target host="aktion.stern.de" />
+	<target host="asset3.stern.de" />
+	<target host="ssl.1.damoh.aws.stern.de" />
+	<target host="ssl.2.damoh.aws.stern.de" />
+	<target host="ssl.3.damoh.aws.stern.de" />
+	<target host="blogs.stern.de" />
+	<target host="commsvc.stern.de" />
+	<target host="go.stern.de" />
+	<target host="image.stern.de" />
+	<target host="insider.stern.de" />
+	<target host="krankenkassenvergleich.stern.de" />
+	<target host="liveticker.stern.de" />
+	<target host="m.stern.de" />
+	<target host="mobil.stern.de" />
+	<target host="spiele.mobil.stern.de" />
+	<target host="mobile-feed.stern.de" />
+	<target host="neon.stern.de" />
+	<target host="newsletter.stern.de" />
+	<target host="www.newsletter.stern.de" />
+	<target host="secure.stern.de" />
+	<target host="serviceportal.stern.de" />
+	<target host="shop.stern.de" />
+	<target host="spiele.stern.de" />
+	<target host="www.stage.stern.de" />
+	<target host="image.stage.stern.de" />
+	<target host="m.stage.stern.de" />
+	<target host="static.stage.stern.de" />
+	<target host="static.stern.de" />
+	<target host="tools.stern.de" />
+	<target host="upload.stern.de" />
+	<target host="view.stern.de" />
+	<target host="view-s3.stern.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Sternkom.xml b/src/chrome/content/rules/Sternkom.xml
new file mode 100644
index 000000000000..7d48bf8acb52
--- /dev/null
+++ b/src/chrome/content/rules/Sternkom.xml
@@ -0,0 +1,7 @@
+<ruleset name="SternKom GmbH">
+<target host="www.sternkom.de" />
+
+<rule from="^http:" to="https:" />
+
+
+</ruleset>
diff --git a/src/chrome/content/rules/Stevens.xml b/src/chrome/content/rules/Stevens.xml
index 38aeb612617c..d54006f6d5f7 100644
--- a/src/chrome/content/rules/Stevens.xml
+++ b/src/chrome/content/rules/Stevens.xml
@@ -1,6 +1,6 @@
 <ruleset name="Stevens">
 	<target host="*.stevens.edu" />
-	<exclusion pattern="^http://(personal|www.math|www.cs|www.acc|guinness.cs|tarantula.phy|www.phy|tarantula.srcit|www.srcit|debian.srcit|ubuntu.srcit)\.stevens\.edu/.*" />
+	<exclusion pattern="^http://(?:personal|www.math|www.cs|www.acc|guinness.cs|tarantula.phy|www.phy|tarantula.srcit|www.srcit|debian.srcit|ubuntu.srcit)\.stevens\.edu/.*" />
 		<rule from="^http://([^/:@\.]+)\.stevens\.edu/"
 				  to="https://$1.stevens.edu/" />
 </ruleset>
diff --git a/src/chrome/content/rules/Stevesie.xml b/src/chrome/content/rules/Stevesie.xml
index 61df98e22eb4..fffc091bc1b5 100644
--- a/src/chrome/content/rules/Stevesie.xml
+++ b/src/chrome/content/rules/Stevesie.xml
@@ -1,10 +1,18 @@
-<ruleset name="Stevesie">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://api.stevesie.com/ => https://api.stevesie.com/: (6, 'Could not resolve host: api.stevesie.com')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://stevesie.com/ => https://stevesie.com/: (35, 'error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol')
+-->
+<ruleset name="Stevesie" default_off="failed ruleset test">
 
 	<target host="stevesie.com" />
-	<target host="*.stevesie.com" />
+	<target host="api.stevesie.com" />
+	<target host="www.stevesie.com" />
 
 
-	<rule from="^http://(api\.|www\.)?stevesie\.com/"
-		to="https://$1stevesie.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/StewartCalculus.com.xml b/src/chrome/content/rules/StewartCalculus.com.xml
new file mode 100644
index 000000000000..3adaf9b78cb4
--- /dev/null
+++ b/src/chrome/content/rules/StewartCalculus.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="StewartCalculus.com">
+	<target host="stewartcalculus.com" />
+	<target host="www.stewartcalculus.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Stickhet.xml b/src/chrome/content/rules/Stickhet.xml
index 68abf9a81c9c..a0bcfb6155fb 100644
--- a/src/chrome/content/rules/Stickhet.xml
+++ b/src/chrome/content/rules/Stickhet.xml
@@ -1,13 +1,19 @@
-<ruleset name="Stickhet">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://stickhet.com/ => https://stickhet.com/: (51, "SSL: no alternative certificate subject name matches target host name 'stickhet.com'")
+Fetch error: http://www.stickhet.com/ => https://www.stickhet.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.stickhet.com'")
+
+-->
+<ruleset name="Stickhet" default_off="failed ruleset test">
 
 	<target host="stickhet.com" />
-	<target host="*.stickhet.com" />
+	<target host="www.stickhet.com" />
 
 
 	<securecookie host="^\.stickhet\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?stickhet\.com/"
-		to="https://$1stickhet.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Stickyadstv.com.xml b/src/chrome/content/rules/Stickyadstv.com.xml
new file mode 100644
index 000000000000..e6f241212857
--- /dev/null
+++ b/src/chrome/content/rules/Stickyadstv.com.xml
@@ -0,0 +1,14 @@
+<ruleset name="stickyadstv.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ads.stickyadstv.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Stirling.gov.uk.xml b/src/chrome/content/rules/Stirling.gov.uk.xml
new file mode 100644
index 000000000000..30d58e4e97ef
--- /dev/null
+++ b/src/chrome/content/rules/Stirling.gov.uk.xml
@@ -0,0 +1,54 @@
+<!--
+	Stirling Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *stirling.gov.uk:
+
+		- alberthalls ᵃ
+		- lib ᵃ
+		- minutes ᵈ
+		- my ᵃ
+		- offthepage ᵃ
+		- pabs ᵈ
+		- tolbooth ᵃ
+		- whaslikeus ᵃ
+		- wedding ᵃ
+
+	ᵃ Shows another domain
+	ᵈ Dropped
+
+
+	Mixed content:
+
+		- favicon on www from my.stirling.gov.uk ᵃ
+
+	ᵃ Unsecurable <= shows another domain
+
+-->
+<ruleset name="Stirling.gov.uk (partial)">
+
+	<target host="stirling.gov.uk" />
+	<target host="www.stirling.gov.uk" />
+
+		<exclusion pattern="^http://(?:www\.)?stirling\.gov\.uk/+(?!(?:interpay|publicaccesslive)(?:$|[?/]))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://stirling.gov.uk/archives" />
+			<test url="http://stirling.gov.uk/funding" />
+			<test url="http://www.stirling.gov.uk/libraries" />
+			<test url="http://www.stirling.gov.uk/riverbank" />
+			<test url="http://www.stirling.gov.uk/services/libraries-and-archives/libraries-general-information/libraries-charges" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.stirling.gov.uk/interpay/sccart/css/sccart.css" />
+			<test url="http://www.stirling.gov.uk/publicaccesslive" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Stitcher.xml b/src/chrome/content/rules/Stitcher.xml
index bd3424f869cb..c75ab8c3d8e9 100644
--- a/src/chrome/content/rules/Stitcher.xml
+++ b/src/chrome/content/rules/Stitcher.xml
@@ -1,42 +1,73 @@
 <!--
+	Disabled per https://trac.torproject.org/projects/tor/ticket/15485
+
+
 	CDN buckets:
 
 		- stitcher.assets.s3.amazonaws.com
+		- d1e7rotcsmgpz9.cloudfront.net	← cloudfront.assets
 
 		- stitcher.vo.llnwd.net
 
 			- .hs. doesn't exist
 
 
-	Cert only matches ^stitcher.com
-
-
-	Nonfunctional subdomains:
+	Nonfunctional hosts in *stitcher.com:
 
-		- app *
 		- landing *
 		- partners *
 
-	- Shows www
+	* Shows www.stitcher.com
 
 
-	Problematic subdomains:
+	Problematic hosts in *stitcher.com:
 
-		- ^			(cert only matches www)
+		- cloudfront.assets ²
 		- limelight.assets	(400, CN: *.hs.llnwd.net)
+		- ec-cdn-assets		404, EdgeCast
+
+	² Cloudfront
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- app from www.stitcher.com *
+			- www from $self *
+
+		- Bug on planet, www from b.scorecardresearch.com *
+
+	* Secured by us
 
 
 -->
-<ruleset name="Stitcher (partial)">
+<ruleset name="Stitcher.com (partial)" default_off="Breaks site">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="stitcher.com" />
-	<target host="*.stitcher.com" />
+	<target host="app.stitcher.com" />
+	<target host="secureimg.stitcher.com" />
+	<target host="www.stitcher.com" />
+
+	<!--	Complications:
+				-->
+	<target host="cloudfront.assets.stitcher.com" />
+	<target host="limelight.assets.stitcher.com" />
+	<target host="ec-cdn-assets.stitcher.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.stitcher\.com$" name="^_webapp_sui$" /-->
+
 
+	<rule from="^http://(?:cloudfront\.|limelight\.|ec-cdn-)assets\.stitcher\.com/"
+		to="https://secureimg.stitcher.com/" />
 
-	<rule from="^https?://(?:www\.)?stitcher\.com/"
-		to="https://www.stitcher.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-	<rule from="^https?://limelight\.assets\.stitcher\.com/"
-		to="https://s3.amazonaws.com/stitcher.assets/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/StockCharts.xml b/src/chrome/content/rules/StockCharts.xml
index 44656c638bf3..34e2f7dbc15f 100644
--- a/src/chrome/content/rules/StockCharts.xml
+++ b/src/chrome/content/rules/StockCharts.xml
@@ -5,16 +5,15 @@
 		- store	(cert: *.myshopify.com; redirects to http)
 
 -->
-<ruleset name="StockCharts.com (partial)">
+<ruleset name="StockCharts.com (partial)" default_off="redirect loop">
 
 	<target host="stockcharts.com" />
 	<target host="www.stockcharts.com" />
 
 
-	<securecookie host="^(www\.)?stockcharts\.com$" name=".*" />
+	<securecookie host="^(?:www\.)?stockcharts\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?stockcharts\.com/"
-		to="https://$1stockcharts.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/StockReportsPlus.com.xml b/src/chrome/content/rules/StockReportsPlus.com.xml
new file mode 100644
index 000000000000..a3a1ac5c231c
--- /dev/null
+++ b/src/chrome/content/rules/StockReportsPlus.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="StockReportsPlus.com">
+	<target host="stockreportsplus.com" />
+	<target host="www.stockreportsplus.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/StockTwits.com.xml b/src/chrome/content/rules/StockTwits.com.xml
new file mode 100644
index 000000000000..d96222c7b9bd
--- /dev/null
+++ b/src/chrome/content/rules/StockTwits.com.xml
@@ -0,0 +1,51 @@
+<!--
+	Invalid certificate:
+		cloudfront.stocktwits.com
+		a.twimg.stocktwits.com
+		videos.stocktwits.com
+
+	Mixed content:
+		help.stocktwits.com
+
+	No working URL known:
+		ql.stocktwits.com
+		quotes.stocktwits.com
+
+	Redirect to HTTP:
+		careers.stocktwits.com
+
+	Time out:
+		api-status.stocktwits.com
+
+-->
+<ruleset name="StockTwits.com">
+
+	<target host="stocktwits.com" />
+	<target host="www.stocktwits.com" />
+	<target host="ablinks.stocktwits.com" />
+		<test url="http://ablinks.stocktwits.com/wf/click" />
+	<target host="api.stocktwits.com" />
+		<test url="http://api.stocktwits.com/api/2/streams/suggested.json" />
+	<target host="assets.stocktwits.com" />
+		<test url="http://assets.stocktwits.com/production/discover/highlights/445/300x200-1522237652.png?1522237652" />
+	<target host="avatars.stocktwits.com" />
+		<test url="http://avatars.stocktwits.com/production/493790/large-1428450549.png" />
+	<target host="blog.stocktwits.com" />
+	<target host="charts.stocktwits.com" />
+		<test url="http://charts.stocktwits.com/production/original_117967674.png" />
+	<target host="cryptoguide.stocktwits.com" />
+	<target host="events.stocktwits.com" />
+	<target host="firehose.stocktwits.com" />
+	<target host="ipv6.stocktwits.com" />
+	<target host="moneybadger.stocktwits.com" />
+	<target host="newsletters.stocktwits.com" />
+	<target host="newswire-images.stocktwits.com" />
+		<test url="http://newswire-images.stocktwits.com/admins/password/new" />
+	<target host="orders.stocktwits.com" />
+	<target host="premium.stocktwits.com" />
+	<target host="shop.stocktwits.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/StockTwits.xml b/src/chrome/content/rules/StockTwits.xml
deleted file mode 100644
index 8190c0946b01..000000000000
--- a/src/chrome/content/rules/StockTwits.xml
+++ /dev/null
@@ -1,29 +0,0 @@
-<!--
-	Nonfunctional domains:
-
-		- blog.stocktwits.com	(502)
-
-
-	Problematic domains:
-
-		- assets[0-3].stocktwits.net		(mismatched, CN: *.stocktwits.com)
-
-
-	Some pages redirect to http.
-
--->
-<ruleset name="StockTwits (partial)">
-
-	<target host="stocktwits.com" />
-	<target host="*.stocktwits.com" />
-		<exclusion pattern="^http://(?:new\.|www\.)?stocktwits\.com/(?!assets/|sign(?:in|up)(?:$|\?|/))" />
-	<target host="*.stocktwits.net" />
-
-
-	<rule from="^http://(new\.|www\.)?stocktwits\.com/"
-		to="https://$1stocktwits.com/" />
-
-	<rule from="^https?://assets\d\.stocktwits\.net/"
-		to="https://new.stocktwits.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Stockton_College.xml b/src/chrome/content/rules/Stockton_College.xml
index 7b651dd99b10..ff2d67e4b107 100644
--- a/src/chrome/content/rules/Stockton_College.xml
+++ b/src/chrome/content/rules/Stockton_College.xml
@@ -75,4 +75,4 @@ www.lynda.com.ezproxy.stockton.edu
 	<rule from="^http://pssb\.stockton\.edu:9000/"
 		to="https://pssb.stockton.edu:9000/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Stocktrade.de.xml b/src/chrome/content/rules/Stocktrade.de.xml
deleted file mode 100644
index 810e526ee5cb..000000000000
--- a/src/chrome/content/rules/Stocktrade.de.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!-- This rule was automatically generated based on an HSTS
-     preload rule in the Chromium browser.  See
-     https://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.h
-     for the list of preloads.  Sites are added to the Chromium HSTS
-     preload list on request from their administrators, so HTTPS should
-     work properly everywhere on this site.
-
-     Because Chromium and derived browsers automatically force HTTPS for
-     every access to this site, this rule applies only to Firefox. -->
-<ruleset name="Stocktrade.de" platform="firefox">
-<target host="stocktrade.de" />
-
-<securecookie host="^stocktrade\.de$" name=".+" />
-
-<rule from="^http://stocktrade\.de/" to="https://stocktrade.de/" />
-</ruleset>
diff --git a/src/chrome/content/rules/StoneArch.net.xml b/src/chrome/content/rules/StoneArch.net.xml
new file mode 100644
index 000000000000..cdfb186364fe
--- /dev/null
+++ b/src/chrome/content/rules/StoneArch.net.xml
@@ -0,0 +1,20 @@
+<!--
+	Stone Arch related rulesets:
+		+ SemiAccurate.com.xml
+
+	Non-functional hosts in *.stonearch.net:
+		Mismatched:
+		- stonearch.net
+		- www.stonearch.net
+-->
+<ruleset name="StoneArch.net (partial)">
+	<target host="stonearch.net" />
+		<test url="http://stonearch.net/subscribe/" />
+		<test url="http://stonearch.net/tag/40nm/" />
+	<target host="www.stonearch.net" />
+		<test url="http://www.stonearch.net/fullyaccurate/" />
+		<test url="http://www.stonearch.net/tag/microsoft/" />
+
+	<rule from="^http://(www\.)?stonearch\.net/"
+		to="https://$1semiaccurate.com/" />
+</ruleset>
diff --git a/src/chrome/content/rules/Stoneandstone.org.xml b/src/chrome/content/rules/Stoneandstone.org.xml
new file mode 100644
index 000000000000..5f394c2d4056
--- /dev/null
+++ b/src/chrome/content/rules/Stoneandstone.org.xml
@@ -0,0 +1,6 @@
+<ruleset name="Stoneandstone.org">
+	<target host="stoneandstone.org" />
+	<target host="www.stoneandstone.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Stony_Brook_University.xml b/src/chrome/content/rules/Stony_Brook_University.xml
index bb81945c37d1..f45150ea98f6 100644
--- a/src/chrome/content/rules/Stony_Brook_University.xml
+++ b/src/chrome/content/rules/Stony_Brook_University.xml
@@ -1,24 +1,116 @@
+
 <!--
-	Nonfunctional subdomains:
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.grad.stonybrook.edu/ => https://www.grad.stonybrook.edu/: (7, 'Failed to connect to www.grad.stonybrook.edu port 443: Connection refused')
+Fetch error: http://www.cs.sunysb.edu/ => https://www.cs.sunysb.edu/: (51, "SSL: no alternative certificate subject name matches target host name 'www.cs.sunysb.edu'")
+
+	Nonfunctional domains:
+
+		- (www.)?stonybrook.edu ¹
+		- sb.cc.stonybrook.edu ¹
+		- itsm.stonybrook.edu ¹
+		- (www.)?library.stonybrook.edu ¹
+		- research.dev.sinc.stonybrook.edu ³
+
+		- (www.)?sunysb.edu ¹
+		- fsl-gw.fsl.cs.sunysb.edu ⁴
+		- lists.fsl.cs.sunysb.edu ⁴
+		- ssh.fsl.cs.sunysb.edu ⁴
+
+	¹ Refused
+	¹ Dropped
+	³ 404
+	⁴ Data differ from http
+
+
+	Problematic domains:
+
+		- service.stonybrook.edu *
+
+		- fsl.cs.sunysb.edu *
+
+	* Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- blackboard.stonybrook.edu
+
+		- avatar.fsl.cs.sunysb.edu
+		- bugzilla.fsl.cs.sunysb.edu
+		- rt.fsl.cs.sunysb.edu
+		- eweb.research.sunysb.edu
 
-		- (www.)		(times out)
+
+	Mixed content:
+
+		- css, on:
+
+			- research from fonts.googleapis.com
+			- (www.)?studentaffairs from fast.fonts.net
+			- (www.)?studentaffairs from ^stonybrook.edu
+			- (www.)?studentaffairs from www.stonybrook.edu
+
+		- Images, on:
+
+			- career, (www.)?studentaffairs from $self
+			- (www.)?studentaffairs from ^stonybrook.edu
+			- (www.)?studentaffairs from mobile.cc.stonybrook.edu
+			- (www.)?studentaffairs from www.stonybrook.edu
+
+		- favicon on research from www.stonybrook.edu
+		- Bug on (www.)?studentaffairs from snapwidget.com
 
 -->
-<ruleset name="Stony Brook University (partial)">
+<ruleset name="Stony Brook University (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="blackboard.stonybrook.edu" />
+	<target host="career.stonybrook.edu" />
+	<target host="mobile.cc.stonybrook.edu" />
+	<target host="sso.cc.stonybrook.edu" />
 
-	<target host="*.cs.stonybrook.edu" />
+	<target host="hiring.cs.stonybrook.edu" />
+	<target host="set-hiring.cs.stonybrook.edu" />
+	<target host="www.cs.stonybrook.edu" />
+	<target host="www3.cs.stonybrook.edu" />
+
+	<target host="www.grad.stonybrook.edu" />
+	<target host="it.stonybrook.edu" />
+	<target host="policy.stonybrook.edu" />
+	<target host="research.stonybrook.edu" />
+	<target host="studentaffairs.stonybrook.edu" />
+	<target host="www.studentaffairs.stonybrook.edu" />
+
+	<target host="avatar.fsl.cs.sunysb.edu" />
+	<target host="bugzilla.fsl.cs.sunysb.edu" />
+	<target host="rt.fsl.cs.sunysb.edu" />
+	<target host="www.fsl.cs.sunysb.edu" />
 	<target host="www.cs.sunysb.edu" />
-		<!--
-			- $ prompts for login
-			- js/ 404s
-						-->
-		<exclusion pattern="^http://www\.cs\.s(?:tonybrook|unysb)\.edu/(?!~|all\.css|css/|images/)" />
+	<target host="www3.cs.sunysb.edu" />
+
+	<target host="eweb.research.sunysb.edu" />
+
+	<!--	Complications:
+				-->
+	<target host="fsl.cs.sunysb.edu" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^blackboard\.stonybrook\.edu$" name="^session_id$" /-->
+	<!--securecookie host="^(?:avatar|rt)\.fsl\.cs\.subysb\.edu$" name="^(?:_collaboration_session|cc\.collabd_session_guid)$" /-->
+	<!--securecookie host="^bugzilla\.fsl\.cs\.subysb\.edu$" name="^(?:Bugzilla_login_request_cookie|DEFAULTFORMAT)$" /-->
+	<!--securecookie host="^eweb.research.sunysb.edu$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^http://(www|(?:set-)?hiring)\.cs\.stonybrook\.edu/"
-		to="https://$1.cs.stonybrook.edu/" />
+	<rule from="^http://fsl\.cs\.sunysb\.edu/"
+		to="https://www.fsl.cs.sunysb.edu/" />
 
-	<rule from="^http://www\.cs\.sunysb\.edu/"
-		to="https://www.cs.sunysb.edu/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Stop-Snoring-Mouthpiece.org.xml b/src/chrome/content/rules/Stop-Snoring-Mouthpiece.org.xml
index 7e41609099c5..7ccafdc6262e 100644
--- a/src/chrome/content/rules/Stop-Snoring-Mouthpiece.org.xml
+++ b/src/chrome/content/rules/Stop-Snoring-Mouthpiece.org.xml
@@ -1,4 +1,9 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://stop-snoring-mouthpiece.org/ => https://stop-snoring-mouthpiece.org/: (28, 'Connection timed out after 20007 milliseconds')
+Fetch error: http://www.stop-snoring-mouthpiece.org/ => https://www.stop-snoring-mouthpiece.org/: (28, 'Connection timed out after 20001 milliseconds')
+
 	Mixed content:
 
 		- Images, on www from:
@@ -14,16 +19,15 @@
 		- old	(works, CN: Parallels Panel)
 
 -->
-<ruleset name="Stop-Snoring-Mouthpiece.org (partial)">
+<ruleset name="Stop-Snoring-Mouthpiece.org (partial)" default_off="failed ruleset test">
 
 	<target host="stop-snoring-mouthpiece.org" />
-	<target host="*.stop-snoring-mouthpiece.org" />
+	<target host="www.stop-snoring-mouthpiece.org" />
 
 
 	<securecookie host="^(?:www)?\.stop-snoring-mouthpiece\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?stop-snoring-mouthpiece\.org/"
-		to="https://$1stop-snoring-mouthpiece.org/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/StopFundingHate.org.uk.xml b/src/chrome/content/rules/StopFundingHate.org.uk.xml
new file mode 100644
index 000000000000..856ddcea0f8f
--- /dev/null
+++ b/src/chrome/content/rules/StopFundingHate.org.uk.xml
@@ -0,0 +1,8 @@
+<ruleset name="StopFundingHate.org.uk">
+	<target host="stopfundinghate.org.uk" />
+	<target host="www.stopfundinghate.org.uk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Stop_Cyber_Spying.com.xml b/src/chrome/content/rules/Stop_Cyber_Spying.com.xml
new file mode 100644
index 000000000000..788b2e6d4937
--- /dev/null
+++ b/src/chrome/content/rules/Stop_Cyber_Spying.com.xml
@@ -0,0 +1,34 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://stopcyberspying.com/ => https://stopcyberspying.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.stopcyberspying.com/ => https://www.stopcyberspying.com/: (60, 'SSL certificate problem: certificate has expired')
+
+	For other Access coverage, see AccessNow.xml.
+
+
+	Insecure cookies are set for these hosts:
+
+		- stopcyberspying.com
+		- www.stopcyberspying.com
+
+-->
+<ruleset name="Stop Cyber Spying.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="stopcyberspying.com" />
+	<target host="www.stopcyberspying.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?stopcyberspying\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^(?:www\.)?stopcyberspying\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Stop_Fast_Track.com.xml b/src/chrome/content/rules/Stop_Fast_Track.com.xml
new file mode 100644
index 000000000000..8d82e159985e
--- /dev/null
+++ b/src/chrome/content/rules/Stop_Fast_Track.com.xml
@@ -0,0 +1,40 @@
+<!--
+	NB: Tor users cannot view* this website due to CloudFlare settings.
+
+	See:
+
+		- https://blog.torproject.org/blog/call-arms-helping-internet-services-accept-anonymous-users
+		- https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block-Tor-
+		- https://support.cloudflare.com/hc/en-us/articles/200170206-How-do-I-turn-I-m-Under-Attack-mode-on-
+
+	* without enabling javascript, for security and privacy implications see e.g.:
+
+		- https://www.mozilla.org/security/known-vulnerabilities/firefox.html
+		- https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-fingerprinting
+		- https://panopticlick.eff.org
+
+
+	Insecure cookies are set for these domains:
+
+		- .stopfasttrack.com
+
+-->
+<ruleset name="Stop Fast Track.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="stopfasttrack.com" />
+	<target host="www.stopfasttrack.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.stopfasttrack\.com$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.stopfasttrack\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Stop_Software_Patents.xml b/src/chrome/content/rules/Stop_Software_Patents.xml
deleted file mode 100644
index 3747f54c0d4b..000000000000
--- a/src/chrome/content/rules/Stop_Software_Patents.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	Expired 2011-12-17
-
--->
-<ruleset name="Stop Software Patents" default_off="expired">
-
-	<target host="stopsoftwarepatents.eu" />
-	<target host="*.stopsoftwarepatents.eu" />
-
-
-	<!--	All appear identical.
-					-->
-	<rule from="^http://(?:petition\.|www\.)?stopsoftwarepatents\.eu/"
-		to="https://stopsoftwarepatents.eu/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Stop_Think_Connect.org.xml b/src/chrome/content/rules/Stop_Think_Connect.org.xml
new file mode 100644
index 000000000000..40994de22aa1
--- /dev/null
+++ b/src/chrome/content/rules/Stop_Think_Connect.org.xml
@@ -0,0 +1,17 @@
+<!--
+	Mixed content:
+
+		- css from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Stop Think Connect.org">
+
+	<target host="stopthinkconnect.org" />
+	<target host="www.stopthinkconnect.org" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Stop_Watching_Us.xml b/src/chrome/content/rules/Stop_Watching_Us.xml
index 491ab2bbed2d..c893941adaad 100644
--- a/src/chrome/content/rules/Stop_Watching_Us.xml
+++ b/src/chrome/content/rules/Stop_Watching_Us.xml
@@ -1,13 +1,28 @@
-<ruleset name="Stop Watching Us">
+<!--
+	Insecure cookies are set for these domains:
 
+		- .stopwatching.us
+
+-->
+<ruleset name="Stop Watching.Us">
+
+	<!--	Direct rewrites:
+				-->
 	<target host="stopwatching.us" />
-	<target host="*.stopwatching.us" />
+	<target host="call.stopwatching.us" />
+	<target host="optin.stopwatching.us" />
+	<target host="rally.stopwatching.us" />
+	<target host="www.stopwatching.us" />
+
 
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.stopwatching\.us$" name="^(?:__cfduid|cf_clearance)$" /-->
 
 	<securecookie host="^\.stopwatching\.us$" name=".+" />
 
 
-	<rule from="^http://((?:call|optin|rally|www)\.)?stopwatching\.us/"
-		to="https://$1stopwatching.us/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Stopbadware.org.xml b/src/chrome/content/rules/Stopbadware.org.xml
index e351adca2c8c..72b7564f3adb 100644
--- a/src/chrome/content/rules/Stopbadware.org.xml
+++ b/src/chrome/content/rules/Stopbadware.org.xml
@@ -1,6 +1,12 @@
 <ruleset name="Stopbadware.org">
-  <target host="stopbadware.org" />
-  <target host="www.stopbadware.org" />
 
-  <rule from="^http://(?:www\.)?stopbadware\.org/" to="https://stopbadware.org/" />
+	<target host="stopbadware.org" />
+	<target host="www.stopbadware.org" />
+
+
+	<securecookie host="^\.stopbadware\.org$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/Stopthehacker.com.xml b/src/chrome/content/rules/Stopthehacker.com.xml
index f1269d652c96..7a0f6c72991d 100644
--- a/src/chrome/content/rules/Stopthehacker.com.xml
+++ b/src/chrome/content/rules/Stopthehacker.com.xml
@@ -1,6 +1,21 @@
+<!--
+	No working URL known:
+		api.stopthehacker.com
+		api-dev.stopthehacker.com
+
+	Invalid certificate:
+		secure.stopthehacker.com
+
+-->
 <ruleset name="Stopthehacker.com">
-  <target host="www.stopthehacker.com"/>
-  <target host="stopthehacker.com"/>
-  <rule from="^http://(www\.)?stopthehacker\.com/" to="https://www.stopthehacker.com/"/>
+
+	<target host="stopthehacker.com"/>
+	<target host="www.stopthehacker.com"/>
+	<target host="panel.stopthehacker.com"/>
+
+	<securecookie host="^\.stopthehacker\.com$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
-<!-- Rule generated by HTTPS Finder 0.85 -->
\ No newline at end of file
diff --git a/src/chrome/content/rules/Storage-Bin.com.xml b/src/chrome/content/rules/Storage-Bin.com.xml
index 1e09b2a34bb9..bf2a8d394aa9 100644
--- a/src/chrome/content/rules/Storage-Bin.com.xml
+++ b/src/chrome/content/rules/Storage-Bin.com.xml
@@ -1,13 +1,13 @@
 <ruleset name="Storage-Bin.com">
 
 	<target host="storage-bin.com" />
-	<target host="*.storage-bin.com" />
+	<target host="secure.storage-bin.com" />
+	<target host="www.storage-bin.com" />
 
 
 	<securecookie host="^\.storage-bin\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?(secure\.)?storage-bin\.com/"
-		to="https://$1$2storage-bin.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Store4Geeks.com.xml b/src/chrome/content/rules/Store4Geeks.com.xml
new file mode 100644
index 000000000000..4cdc278c3720
--- /dev/null
+++ b/src/chrome/content/rules/Store4Geeks.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="Store4Geeks.com">
+
+	<target host="store4geeks.com" />
+	<target host="www.store4geeks.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/StoreSecured.com.xml b/src/chrome/content/rules/StoreSecured.com.xml
index 9fd83ac3e427..c0302b26c064 100644
--- a/src/chrome/content/rules/StoreSecured.com.xml
+++ b/src/chrome/content/rules/StoreSecured.com.xml
@@ -1,4 +1,6 @@
 <!--
+Automatically by https-everywhere-checker because:
+Non-2xx HTTP code: http://storesecured.com/ (200) => https://www.storesecured.com/ (403)
 	Nonfunctional subdomains:
 
 		- manage	(reset)
diff --git a/src/chrome/content/rules/Storenvy.xml b/src/chrome/content/rules/Storenvy.xml
index 6da1fb0c6d6e..a7457c228c07 100644
--- a/src/chrome/content/rules/Storenvy.xml
+++ b/src/chrome/content/rules/Storenvy.xml
@@ -19,4 +19,4 @@
 	<rule from="^http://([\w-]+)\.storenvy\.com/(favicon\.ico|themes/)"
 		to="https://$1.storenvy.com/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Storify.xml b/src/chrome/content/rules/Storify.xml
index c0bbac553d03..e32f7e0de6be 100644
--- a/src/chrome/content/rules/Storify.xml
+++ b/src/chrome/content/rules/Storify.xml
@@ -1,20 +1,25 @@
-<ruleset name="Storify">
 
-	<target host="storify.com" />
-	<target host="*.storify.com" />
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://dev.storify.com/ => https://dev.storify.com/: (7, 'Failed to connect to dev.storify.com port 443: Connection refused')
+Fetch error: http://manage.storify.com/ => https://manage.storify.com/: (6, 'Could not resolve host: manage.storify.com')
+Fetch error: http://proxy.storify.com/ => https://proxy.storify.com/: (6, 'Could not resolve host: proxy.storify.com')
+
+-->
+<ruleset name="Storify.com" default_off="failed ruleset test">
 
+	<target host="storify.com" />
+	<target host="api.storify.com" />
+	<target host="dev.storify.com" />
+	<target host="manage.storify.com" />
+	<target host="proxy.storify.com" />
+	<target host="www.storify.com" />
 
-	<!--	Cookie domains:
 
-			- ^
-			- .
-			- dev
-			- manage
-					-->
-	<securecookie host="^(?:.*\.)?storify\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://((?:api|dev|manage|proxy|www)\.)?storify\.com/"
-		to="https://$1storify.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Storm-Internet.xml b/src/chrome/content/rules/Storm-Internet.xml
index 219675295ed1..53759e01e64b 100644
--- a/src/chrome/content/rules/Storm-Internet.xml
+++ b/src/chrome/content/rules/Storm-Internet.xml
@@ -1,21 +1,26 @@
-<ruleset name="Storm Internet (partial)">
 
-	<target host="*.linuxcontrolpanel.co.uk" />
-	<target host="storminternet.co.uk" />
-	<target host="www.storminternet.co.uk" />
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://classic.storminternet.co.uk/ => https://classic.storminternet.co.uk/: (6, 'Could not resolve host: classic.storminternet.co.uk')
+
+	Other Storm Internet rulesets:
 
+		- Linux_control_panel.co.uk.xml
 
-	<securecookie host="^www\.storminternet\.co\.uk$" name=".*" />
+-->
+<ruleset name="Storm Internet.co.uk" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="storminternet.co.uk" />
+	<target host="classic.storminternet.co.uk" />
+	<target host="www.storminternet.co.uk" />
 
 
-	<!--	Website administration pages.
+	<securecookie host="^www\.storminternet\.co\.uk$" name=".+" />
 
-		101's certificate has expired.
-						-->
-	<rule from="^http://linsrv10([234])\.linuxcontrolpanel\.co\.uk/"
-		to="https://linsrv10$1.linuxcontrolpanel.co.uk/" />
 
-	<rule from="^http://(www\.)?storminternet\.co\.uk/"
-		to="https://$1storminternet.co.uk/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/StormFront.org.xml b/src/chrome/content/rules/StormFront.org.xml
new file mode 100644
index 000000000000..e7bd0b8ae22c
--- /dev/null
+++ b/src/chrome/content/rules/StormFront.org.xml
@@ -0,0 +1,50 @@
+<!--
+	Problematic hosts in *stormfront.org:
+
+		- cdn *
+
+	* Mismatched
+
+
+	Insecure cookies are set for these domains:
+
+		- .stormfront.org
+
+
+	Mixed content:
+
+		- Images, from:
+
+			- ecx.images-amazon.com
+			- postimg.org ˢ
+			- s\d+.postimg.org ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="StormFront.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="stormfront.org" />
+	<target host="www.stormfront.org" />
+
+	<!--	Complications:
+				-->
+	<target host="cdn.stormfront.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.stormfront\.org$" name="^bb2sessionhash$" /-->
+
+	<securecookie host="^\.stormfront\.org$" name=".+" />
+
+
+	<rule from="^http://cdn\.stormfront\.org/"
+		to="https://www.stormfront.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Stormiq.com.xml b/src/chrome/content/rules/Stormiq.com.xml
deleted file mode 100644
index 2c394a057ff0..000000000000
--- a/src/chrome/content/rules/Stormiq.com.xml
+++ /dev/null
@@ -1,34 +0,0 @@
-<!--
-	Web bugs.
-
-
-	Fully covered subdomains:
-
-		- js
-		- t1
-
-
-	(www.) do not exist.
-
-
-	t1 sets the following wildcard cookies
-	on whichever domain it is loaded from:
-
-		- _#env
-		- _#lps
-		- _#sess
-		- _#srchist
-		- _#tsa
-		- _#uid
-		- _#vdf
-
--->
-<ruleset name="stormiq.com">
-
-	<target host="*.stormiq.com" />
-
-
-	<rule from="^http://(js|t1)\.stormiq\.com/"
-		to="https://$1.stormiq.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Stormpath.com.xml b/src/chrome/content/rules/Stormpath.com.xml
new file mode 100644
index 000000000000..418590cfa12b
--- /dev/null
+++ b/src/chrome/content/rules/Stormpath.com.xml
@@ -0,0 +1,31 @@
+<!--
+	Problematic hosts in *stormpath.com:
+
+		- status *
+
+	* StatusPage.io/mismatched
+
+-->
+<ruleset name="Stormpath.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="stormpath.com" />
+	<target host="support.stormpath.com" />
+	<target host="www.stormpath.com" />
+
+	<!--	Complications:
+				-->
+	<target host="status.stormpath.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://status\.stormpath\.com/"
+		to="https://stormpath.statuspage.io/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Story_Cubes.com.xml b/src/chrome/content/rules/Story_Cubes.com.xml
new file mode 100644
index 000000000000..e31008c27a8c
--- /dev/null
+++ b/src/chrome/content/rules/Story_Cubes.com.xml
@@ -0,0 +1,13 @@
+<!--
+	^: Refused
+
+-->
+<ruleset name="Story Cubes.com">
+
+	<target host="storycubes.com" />
+	<target host="www.storycubes.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Storywrite.xml b/src/chrome/content/rules/Storywrite.xml
index 34a6fe29b1fa..5673e67f8de9 100644
--- a/src/chrome/content/rules/Storywrite.xml
+++ b/src/chrome/content/rules/Storywrite.xml
@@ -1,5 +1,5 @@
 <!--
-	Some pages reirect to http
+	Some pages redirect to http
 
 -->
 <ruleset name="Storywrite (partial)">
@@ -11,4 +11,4 @@
 	<rule from="^http://(www\.)?storywrite\.com/(assets/|favicon\.ico|images/|javascripts/|(?:login|store)(?:$|\?|/))"
 		to="https://$1storywrite.com/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Stovetop.com.au.xml b/src/chrome/content/rules/Stovetop.com.au.xml
new file mode 100644
index 000000000000..949d86e28c07
--- /dev/null
+++ b/src/chrome/content/rules/Stovetop.com.au.xml
@@ -0,0 +1,14 @@
+<!--
+	Invalid certificate:
+		- stovetop.com.au, equivalent to www.stovetop.com.au
+-->
+
+<ruleset name="Stovetop.com.au">
+	<target host="stovetop.com.au" />
+	<target host="www.stovetop.com.au" />
+
+	<rule from="^http://stovetop\.com\.au/"
+		to="https://www.stovetop.com.au/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Stpeter.im.xml b/src/chrome/content/rules/Stpeter.im.xml
index ec194428ab26..4455aa8ad495 100644
--- a/src/chrome/content/rules/Stpeter.im.xml
+++ b/src/chrome/content/rules/Stpeter.im.xml
@@ -1,16 +1,40 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://stpeter.im/ => https://stpeter.im/: (51, "SSL: no alternative certificate subject name matches target host name 'stpeter.im'")
+Fetch error: http://mailhost.stpeter.im/ => https://mailhost.stpeter.im/: (6, 'Could not resolve host: mailhost.stpeter.im')
+Fetch error: http://www.stpeter.im/ => https://stpeter.im/: (51, "SSL: no alternative certificate subject name matches target host name 'stpeter.im'")
+
 	Problematic subdomains:
 
+		- garden *
 		- www	(mismatched, CN: mailhost.stpeter.im)
 
+	* Mismatched
+
+
+	Fully covered hosts in *stpeter.im:
+
+		- (www.)?	(www → ^)
+		- mailhost
+
 -->
-<ruleset name="stpeter.im">
+<ruleset name="stpeter.im (partial)" default_off="failed ruleset test">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="stpeter.im" />
-	<target host="*.stpeter.im" />
+	<target host="mailhost.stpeter.im" />
+
+	<!--	Complications:
+				-->
+	<target host="www.stpeter.im" />
+
 
+	<rule from="^http://www\.stpeter\.im/"
+		to="https://stpeter.im/" />
 
-	<rule from="^http://(?:(garden\.|mailhost\.)|www\.)?stpeter\.im/"
-		to="https://$1stpeter.im/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/StrangeWorlds.xml b/src/chrome/content/rules/StrangeWorlds.xml
index 7ed29c8f9b8c..35b1b15b851c 100644
--- a/src/chrome/content/rules/StrangeWorlds.xml
+++ b/src/chrome/content/rules/StrangeWorlds.xml
@@ -1,9 +1,14 @@
-<ruleset name="StrangeWorlds">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://strangeworlds.co.uk/ => https://strangeworlds.co.uk/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+-->
+<ruleset name="StrangeWorlds" default_off="failed ruleset test">
 
 	<target host="strangeworlds.co.uk" />
 
 
-	<rule from="^http://strangeworlds\.co\.uk/"
-		to="https://strangeworlds.co.uk/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Straply.xml b/src/chrome/content/rules/Straply.xml
deleted file mode 100644
index fb9234cfdb9c..000000000000
--- a/src/chrome/content/rules/Straply.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Straply">
-
-	<target host="straply.com" />
-	<target host="*.straply.com" />
-
-
-	<securecookie host="^(?:www)?\.straply\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?straply\.com/"
-		to="https://$1straply.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Strasbourg.eu.xml b/src/chrome/content/rules/Strasbourg.eu.xml
new file mode 100644
index 000000000000..1a782a6d6ac4
--- /dev/null
+++ b/src/chrome/content/rules/Strasbourg.eu.xml
@@ -0,0 +1,15 @@
+<!--
+    Mixed content:
+
+        - Images on www from media *
+
+    * Unsecurable
+-->
+<ruleset name="Strasbourg.eu" platform="mixedcontent">
+  <target host="strasbourg.eu" />
+  <target host="www.strasbourg.eu" />
+  <target host="portail.strasbourg.eu" />
+
+  <rule from="^http://(www\.)?strasbourg\.eu/" to="https://www.strasbourg.eu/" />
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Strasweb.fr.xml b/src/chrome/content/rules/Strasweb.fr.xml
new file mode 100644
index 000000000000..d02b4b0b1e37
--- /dev/null
+++ b/src/chrome/content/rules/Strasweb.fr.xml
@@ -0,0 +1,6 @@
+<ruleset name="Strasweb.fr">
+  <target host="strasweb.fr" />
+  <target host="www.strasweb.fr" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Stratechery.com.xml b/src/chrome/content/rules/Stratechery.com.xml
new file mode 100644
index 000000000000..d98bc6103113
--- /dev/null
+++ b/src/chrome/content/rules/Stratechery.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- forum.stratechery.com
+
+-->
+<ruleset name="Stratechery.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="stratechery.com" />
+	<target host="forum.stratechery.com" />
+	<target host="www.stratechery.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^forum\.stratechery\.com$" name="^(?:_forum_session|destination_url)$" /-->
+
+	<securecookie host="^forum\.stratechery\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Strategic_Management_Society.xml b/src/chrome/content/rules/Strategic_Management_Society.xml
index 8bc186a319aa..00135ea001f8 100644
--- a/src/chrome/content/rules/Strategic_Management_Society.xml
+++ b/src/chrome/content/rules/Strategic_Management_Society.xml
@@ -1,11 +1,15 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://strategicmanagement.net/ => https://strategicmanagement.net/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
 	www redirects to http before redirecting to !www.
 
 -->
-<ruleset name="Strategic Management Society">
+<ruleset name="Strategic Management Society" default_off="failed ruleset test">
 
 	<target host="strategicmanagement.net" />
-	<target host="*.strategicmanagement.net" />
+	<target host="www.strategicmanagement.net" />
 
 
 	<securecookie host="^\.strategicmanagement\.net$" name=".+" />
@@ -14,4 +18,4 @@
 	<rule from="^http://(?:www\.)?strategicmanagement\.net/"
 		to="https://strategicmanagement.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/StrategyWiki.org.xml b/src/chrome/content/rules/StrategyWiki.org.xml
new file mode 100644
index 000000000000..193bc7ad386b
--- /dev/null
+++ b/src/chrome/content/rules/StrategyWiki.org.xml
@@ -0,0 +1,16 @@
+<!--
+	Mismatched:
+		- media (CN: abxy.org)
+-->
+
+<ruleset name="StrategyWiki.org">
+	<target host="strategywiki.org" />
+	<target host="www.strategywiki.org" />
+	<target host="beta.strategywiki.org" />
+	<target host="www.beta.strategywiki.org" />
+	<target host="media.beta.strategywiki.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Strategy_Analytics.xml b/src/chrome/content/rules/Strategy_Analytics.xml
index 48e4ff5aef33..36e62a3ec72f 100644
--- a/src/chrome/content/rules/Strategy_Analytics.xml
+++ b/src/chrome/content/rules/Strategy_Analytics.xml
@@ -1,13 +1,26 @@
-<ruleset name="Strategy Analytics">
+<!--
+	Insecure cookies are set for these hosts:
 
+		- www.strategyanalytics.com
+
+-->
+<ruleset name="Strategy Analytics.com">
+
+	<!--	Direct rewrites:
+				-->
 	<target host="strategyanalytics.com" />
-	<target host="*.strategyanalytics.com" />
+	<target host="blogs.strategyanalytics.com" />
+	<target host="www.strategyanalytics.com" />
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.strategyanalytics\.com$" name="^ASP\.NET_SessionId$" /-->
 
-	<securecookie host="^(?:www\.)?strategyanalytics\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(blogs\.|www\.)?strategyanalytics\.com/"
-		to="https://$1strategyanalytics.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Strategysignals.com.xml b/src/chrome/content/rules/Strategysignals.com.xml
index 35499dfa90d2..40dd70088642 100644
--- a/src/chrome/content/rules/Strategysignals.com.xml
+++ b/src/chrome/content/rules/Strategysignals.com.xml
@@ -1,6 +1,22 @@
+<!--
+	^strategysignals.com: Mismatched
+
+-->
 <ruleset name="Strategysignals.com">
+
+	<!--	Direct rewrites:
+				-->
   <target host="www.strategysignals.com"/>
+
+	<!--	Complications:
+				-->
   <target host="strategysignals.com"/>
-  <rule from="^http://(www\.)?strategysignals\.com/" to="https://www.strategysignals.com/"/>
+
+
+	<rule from="^http://strategysignals\.com/"
+		to="https://www.strategysignals.com/"/>
+
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
-<!-- Rule generated by HTTPS Finder 0.85 -->
\ No newline at end of file
+<!-- Rule generated by HTTPS Finder 0.85 -->
diff --git a/src/chrome/content/rules/Stratum_0.xml b/src/chrome/content/rules/Stratum_0.xml
index 10d64ce9cc23..3bb79735ab25 100644
--- a/src/chrome/content/rules/Stratum_0.xml
+++ b/src/chrome/content/rules/Stratum_0.xml
@@ -1,10 +1,11 @@
 <ruleset name="Stratum 0">
 
 	<target host="stratum0.org" />
-	<target host="*.stratum0.org" />
+	<target host="pad.stratum0.org" />
+	<target host="pod.stratum0.org" />
+	<target host="www.stratum0.org" />
 
 
-	<rule from="^http://(p[ao]d\.|www\.)?stratum0\.org/"
-		to="https://$1stratum0.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Strava.com.xml b/src/chrome/content/rules/Strava.com.xml
new file mode 100644
index 000000000000..fcba36b50bbf
--- /dev/null
+++ b/src/chrome/content/rules/Strava.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Strava.com">
+  <target host="strava.com" />
+  <target host="www.strava.com" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Strava.cz.xml b/src/chrome/content/rules/Strava.cz.xml
new file mode 100644
index 000000000000..601fd99e9962
--- /dev/null
+++ b/src/chrome/content/rules/Strava.cz.xml
@@ -0,0 +1,7 @@
+<ruleset name="Strava.cz">
+    <target host="strava.cz" />
+    <target host="www.strava.cz" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Strawpoll.me.xml b/src/chrome/content/rules/Strawpoll.me.xml
new file mode 100644
index 000000000000..982bdf4305a4
--- /dev/null
+++ b/src/chrome/content/rules/Strawpoll.me.xml
@@ -0,0 +1,35 @@
+<!--
+	Invalid certificate:
+		support.strawpoll.me (only matches *.zendesk.com and zendesk.com)
+
+	Redirect to HTTP:
+		strawpoll.me (also redirects to www subdomain)
+		www.strawpoll.me (see exceptions in rule below)
+-->
+
+<ruleset name="Strawpoll.me (partial)">
+	<target host="strawpoll.me" />
+		<test url="http://strawpoll.me/1" />
+		<test url="http://strawpoll.me/login" />
+		<test url="http://strawpoll.me/register" />
+		<exclusion pattern="^http://strawpoll\.me/$" />
+
+	<target host="www.strawpoll.me" />
+		<test url="http://www.strawpoll.me/1" />
+		<test url="http://www.strawpoll.me/login" />
+		<test url="http://www.strawpoll.me/register" />
+		<exclusion pattern="^http://www\.strawpoll\.me/$" />
+
+	<target host="support.strawpoll.me" />
+
+	<!-- static-strawpoll.cursecdn.com and media-strawpoll.cursecdn.com handled by Curse.xml -->
+
+	<!-- At least polls, login and registration work over HTTPS -->
+	<rule from="^http://(www\.)?strawpoll\.me/([0-9]+|login|register)$"
+		to="https://$1strawpoll.me/$2"/>
+
+	<!-- https://support.strawpoll.me/ redirects to https://strawpoll.zendesk.com/ -->
+	<rule from="^http://support\.strawpoll\.me/"
+		to="https://strawpoll.zendesk.com/"/>
+
+</ruleset>
diff --git a/src/chrome/content/rules/Stream.cz.xml b/src/chrome/content/rules/Stream.cz.xml
new file mode 100644
index 000000000000..cabe24658db5
--- /dev/null
+++ b/src/chrome/content/rules/Stream.cz.xml
@@ -0,0 +1,10 @@
+<!--
+    For other Seznam.cz coverage, see Seznam.cz.xml.
+-->
+<ruleset name="Stream.cz">
+    <target host="stream.cz" />
+    <target host="www.stream.cz" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/StreamGoals.com.xml b/src/chrome/content/rules/StreamGoals.com.xml
new file mode 100644
index 000000000000..812c39d5b8fb
--- /dev/null
+++ b/src/chrome/content/rules/StreamGoals.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="StreamGoals.com">
+	<target host="streamgoals.com" />
+	<target host="www.streamgoals.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/StreamMyGame.xml b/src/chrome/content/rules/StreamMyGame.xml
deleted file mode 100644
index 8996ab2d5c19..000000000000
--- a/src/chrome/content/rules/StreamMyGame.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="StreamMyGame">
-
-	<target host="streammygame.com" />
-	<target host="www.streammygame.com" />
-
-
-	<securecookie host="^(?:www\.)?streammygame\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?streammygame\.com/"
-		to="https://$1streammygame.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/StreamVI.com.xml b/src/chrome/content/rules/StreamVI.com.xml
new file mode 100644
index 000000000000..42da3f80c0c4
--- /dev/null
+++ b/src/chrome/content/rules/StreamVI.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="StreamVI.com">
+	<target host="streamvi.com" />
+	<target host="www.streamvi.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Streamable.com.xml b/src/chrome/content/rules/Streamable.com.xml
new file mode 100644
index 000000000000..77e5eb1a6476
--- /dev/null
+++ b/src/chrome/content/rules/Streamable.com.xml
@@ -0,0 +1,41 @@
+<!--
+	Non-functional subdomains:
+		- cdn-staging	(expired cert)
+		- cdn-staging-media	(expired cert)
+		- chat	(timeout)
+		- chat-staging	(timeout)
+		- transcoder[1-9]	(timeout)
+
+-->
+<ruleset name="Streamable.com">
+
+	<target host="streamable.com" />
+	<target host="www.streamable.com" />
+	<target host="advertising.streamable.com" />
+	<target host="ajax.streamable.com" />
+	<target host="api.streamable.com" />
+	<target host="app.streamable.com" />
+	<target host="assets.streamable.com" />
+	<target host="blog.streamable.com" />
+	<target host="cdn-e1.streamable.com" />
+	<target host="cdn-e2.streamable.com" />
+	<target host="cdn-east.streamable.com" />
+	<target host="cdn-emb1.streamable.com" />
+	<target host="cdn-w1.streamable.com" />
+	<target host="cdn-w2.streamable.com" />
+	<target host="changelog.streamable.com" />
+	<target host="help.streamable.com" />
+	<target host="images.streamable.com" />
+	<target host="privacy.streamable.com" />
+	<target host="publishers.streamable.com" />
+	<target host="status.streamable.com" />
+	<target host="support.streamable.com" />
+	<target host="terms.streamable.com" />
+	<target host="tools.streamable.com" />
+	<target host="xbox.streamable.com" />
+
+	<securecookie host="^streamable\.com$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Streamfarm.net.xml b/src/chrome/content/rules/Streamfarm.net.xml
new file mode 100644
index 000000000000..dbf9060f2e8e
--- /dev/null
+++ b/src/chrome/content/rules/Streamfarm.net.xml
@@ -0,0 +1,25 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://c17001-o.l.core.cdn.streamfarm.net/ => https://c17001-o.l.core.cdn.streamfarm.net/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+-->
+<ruleset name="Streamfarm.net" default_off="failed ruleset test">
+  <target host="*.core.cdn.streamfarm.net" />
+
+<!--
+	breaks jumpradio.de
+-->
+
+  <exclusion pattern="^http://c22033\-ls\.i\.core\.cdn\.streamfarm\.net/" />
+
+  <test url="http://c1000305-o.p.core.cdn.streamfarm.net/" />
+  <test url="http://c13009-l.l.core.cdn.streamfarm.net/" />
+  <test url="http://c17001-o.l.core.cdn.streamfarm.net/" />
+  <test url="http://c20004-o.l.core.cdn.streamfarm.net/" />
+  <test url="http://c22033-o.p.core.cdn.streamfarm.net/" />
+  <test url="http://c31001-o.l.core.cdn.streamfarm.net/" />
+  <test url="http://c22033-ls.i.core.cdn.streamfarm.net/" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Streamja.com.xml b/src/chrome/content/rules/Streamja.com.xml
new file mode 100644
index 000000000000..513f77d474cc
--- /dev/null
+++ b/src/chrome/content/rules/Streamja.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="Streamja.com">
+	<target host="streamja.com" />
+	<target host="www.streamja.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Street_Art_Utopia.xml b/src/chrome/content/rules/Street_Art_Utopia.xml
index f8c6b15b4d4d..609eab9ebebf 100644
--- a/src/chrome/content/rules/Street_Art_Utopia.xml
+++ b/src/chrome/content/rules/Street_Art_Utopia.xml
@@ -1,13 +1,13 @@
-<ruleset name="Street Art Utopia">
+<ruleset name="Street Art Utopia.com" default_off="redirect loop">
 
 	<target host="streetartutopia.com" />
-	<target host="*.streetartutopia.com" />
+	<target host="www.streetartutopia.com" />
 
 
-	<securecookie host="^(?:w*\.)?streetartutopia\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(www\.)?streetartutopia\.com/"
-		to="https://$1streetartutopia.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Street_Moda.xml b/src/chrome/content/rules/Street_Moda.xml
index 8a36913b7422..b73b343437d2 100644
--- a/src/chrome/content/rules/Street_Moda.xml
+++ b/src/chrome/content/rules/Street_Moda.xml
@@ -8,13 +8,11 @@
 
 	<target host="streetmoda.com" />
 	<target host="www.streetmoda.com" />
-	<target host="*.www.streetmoda.com" />
 
 
 	<securecookie host="^.*\.streetmoda\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?streetmoda\.com/"
-		to="https://$1streetmoda.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Strelkacard.ru.xml b/src/chrome/content/rules/Strelkacard.ru.xml
new file mode 100644
index 000000000000..1c60ac116dc0
--- /dev/null
+++ b/src/chrome/content/rules/Strelkacard.ru.xml
@@ -0,0 +1,11 @@
+<!--www. mismatch-->
+<ruleset name="Strelkacard.ru">
+	<target host="strelkacard.ru" />
+	<target host="www.strelkacard.ru" />
+	<target host="lk.strelkacard.ru" />
+
+	<rule from="^http://www\.strelkacard\.ru/"
+		to="https://strelkacard.ru/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Stremio.io.xml b/src/chrome/content/rules/Stremio.io.xml
new file mode 100644
index 000000000000..36423c17aa94
--- /dev/null
+++ b/src/chrome/content/rules/Stremio.io.xml
@@ -0,0 +1,6 @@
+<ruleset name="Strem.io">
+        <target host="strem.io" />
+
+        <rule from="^http:"
+                to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Strikingly.com.xml b/src/chrome/content/rules/Strikingly.com.xml
new file mode 100644
index 000000000000..69529a49548f
--- /dev/null
+++ b/src/chrome/content/rules/Strikingly.com.xml
@@ -0,0 +1,74 @@
+<!--
+	Other Strikingly rulesets:
+
+		- Strikingly_CDN.com.xml
+
+
+	Nonfunctional hosts in *strikingly.com:
+
+		- blog *
+
+	* WP Engine
+
+
+	Problematic hosts in *strikingly.com:
+
+		- assets **
+		- support *
+		- www **
+
+	* Mismatched
+	** Breaks login and dashboard; see https://github.com/EFForg/https-everywhere/issues/6865
+
+
+	Fully covered hosts in *strikingly.com:
+
+		- ^
+		- b
+
+
+	Unsecurable cookies are set for these hosts:
+
+		- www.strikingly.com
+
+-->
+<ruleset name="Strikingly.com (partial)">
+
+	<target host="strikingly.com" />
+	<target host="assets.strikingly.com" />
+	<target host="b.strikingly.com" />
+	<target host="www.strikingly.com" />
+
+	<!-- The following exclusions serve to fix various issues regarding logging in
+	     to the site and having the dashboard properly displayed; see
+	     https://github.com/EFForg/https-everywhere/issues/6865 for further details:
+											-->
+	<exclusion pattern="http://assets\.strikingly\.com/assets/[\w\d/-]+\.js$" />
+
+		<test url="http://assets.strikingly.com/assets/application-362e8a18a2ddf1c67eaad35ce6fb569c.js" />
+		<test url="http://assets.strikingly.com/assets/v4/webpack_bridge-app-bundle-66d6f9a0908a285fd9fc64f5ee7d9565.js" />
+
+	<exclusion pattern="^http://www\.strikingly\.com/a/t/pages/listing\.html$" />
+
+		<test url="http://www.strikingly.com/a/t/pages/listing.html" />
+
+	<exclusion pattern="^http://www\.strikingly\.com/r/v1" />
+
+		<test url="http://www.strikingly.com/r/v1/sites" />
+		<test url="http://www.strikingly.com/r/v1/users/me/email_settings" />
+
+	<exclusion pattern="^http://www\.strikingly\.com/s" />
+
+		<test url="http://www.strikingly.com/s/login" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.strikingly\.com$" name="^(_bobcat_session|XSRF-TOKEN|locale)$" /-->
+	<!--securecookie host="^www\.strikingly\.com$" name=".+" /-->
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Strikingly_CDN.com.xml b/src/chrome/content/rules/Strikingly_CDN.com.xml
new file mode 100644
index 000000000000..3715e57d8ba1
--- /dev/null
+++ b/src/chrome/content/rules/Strikingly_CDN.com.xml
@@ -0,0 +1,27 @@
+<!--
+	For other Strikingly coverage, see Strikingly.com.xml.
+
+
+	Insecure cookies are set for these domains:
+
+		- .strikinglycdn.com
+
+-->
+<ruleset name="Strikingly CDN.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="uploads.strikinglycdn.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.strikinglycdn\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.strikinglycdn\.com$" name="^(?:__cfduid|cf_clearance)$" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Stripe.com.xml b/src/chrome/content/rules/Stripe.com.xml
index 9a9ee54896d8..e3f71dd89171 100644
--- a/src/chrome/content/rules/Stripe.com.xml
+++ b/src/chrome/content/rules/Stripe.com.xml
@@ -1,28 +1,28 @@
 <!--
-	This rule was automatically generated based on an
-	HSTS preload rule in the Chromium browser.  See
-	https://src.chromium.org/viewvc/chrome/trunk/src/net/base/transport_security_state.cc
-	for the list of preloads.  Sites are added to the Chromium
-	HSTS preload list on request from their administrators, so
-	HTTPS should work properly everywhere on this site.
-
-
-	Fully covered subdomains:
-
-		- checkout
-		- q
+	Insecure cookies are set for these domains and hosts:
 
+		- .stripe.com
+		- status.stripe.com
 -->
-<ruleset name="Stripe.com" platform="mixedcontent">
-
+<ruleset name="Stripe.com">
 	<target host="stripe.com" />
-	<target host="*.stripe.com" />
-
-
-	<securecookie host="^(?:(?:answers|www)\.)?stripe\.com$" name=".+" />
-
-
-	<rule from="^http://((?:answers|api|checkout|js|manage|q|www)\.)?stripe\.com/"
-		to="https://$1stripe.com/" />
-
+	<target host="www.stripe.com" />
+	<target host="answers.stripe.com" />
+	<target host="api.stripe.com" />
+	<target host="checkout.stripe.com" />
+	<target host="code.stripe.com" />
+	<target host="connect.stripe.com" />
+	<target host="dashboard.stripe.com" />
+	<target host="js.stripe.com" />
+	<target host="manage.stripe.com" />
+	<target host="q.stripe.com" />
+	<target host="shop.stripe.com" />
+	<target host="status.stripe.com" />
+	<target host="support.stripe.com" />
+
+	<!--	Not secured by server: -->
+	<securecookie host="^(?:(?:answers|status|www)?\.)?stripe\.com$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Strode-College.ac.uk.xml b/src/chrome/content/rules/Strode-College.ac.uk.xml
new file mode 100644
index 000000000000..6a6c59f943ba
--- /dev/null
+++ b/src/chrome/content/rules/Strode-College.ac.uk.xml
@@ -0,0 +1,32 @@
+<!--
+	(www.)?strode-college.ac.uk: Handshake fails
+
+
+	Insecure cookies are set for these domains:
+
+		- .strode-college.ac.uk
+
+-->
+<ruleset name="Strode-College.ac.uk (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="adfs.strode-college.ac.uk" />
+	<target host="cas.strode-college.ac.uk" />
+	<target host="moodle.strode-college.ac.uk" />
+	<target host="portal.strode-college.ac.uk" />
+	<target host="promonitor.strode-college.ac.uk" />
+	<target host="studentportal.strode-college.ac.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.strode-college\.ac\.uk$" name="^cadata[\dA-F]{32}$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Stroeerdigitalmedia.xml b/src/chrome/content/rules/Stroeerdigitalmedia.xml
new file mode 100644
index 000000000000..130978898d59
--- /dev/null
+++ b/src/chrome/content/rules/Stroeerdigitalmedia.xml
@@ -0,0 +1,5 @@
+<ruleset name="StroeerDigitalMedia">
+<target host="cdn.stroeerdigitalmedia.de" />
+
+<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/StrongLoop.com.xml b/src/chrome/content/rules/StrongLoop.com.xml
new file mode 100644
index 000000000000..5104d557b265
--- /dev/null
+++ b/src/chrome/content/rules/StrongLoop.com.xml
@@ -0,0 +1,21 @@
+<!--
+	Fully covered subdomains:
+
+		- (www.)?
+		- ssl-static\d*
+		- www-static\d*
+
+-->
+<ruleset name="StrongLoop.com">
+
+	<target host="strongloop.com" />
+	<target host="*.strongloop.com" />
+
+
+	<securecookie host="^\.strongloop\.com$" name="^__cfdui$" />
+
+
+	<rule from="^http://((?:ssl|www)-static\d*\.|www\.)?strongloop\.com/"
+		to="https://$1strongloop.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/StrongSwan.xml b/src/chrome/content/rules/StrongSwan.xml
deleted file mode 100644
index 5a3fbb5ffc02..000000000000
--- a/src/chrome/content/rules/StrongSwan.xml
+++ /dev/null
@@ -1,29 +0,0 @@
-<ruleset name="StrongSwan (partial)" platform="cacert mixedcontent">
-
-	<target host="strongswan.org" />
-	<target host="*.strongswan.org" />
-		<!--
-			Cert valid, but shows CRL files:
-							-->
-		<exclusion pattern="^http://git\." />
-
-
-	<!--	Observed cookie domains:
-
-			- ^/
-			- ^wiki
-			- ^www
-				-->
-	<securecookie host="^(?:.*\.)?strongswan\.org$" name=".+" />
-
-
-	<!--	Observed subdomains:
-
-			- downloads
-			- wiki
-			- www
-				-->
-	<rule from="^http://(\w+\.)?strongswan\.org/"
-		to="https://$1strongswan.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/StrongVPN.xml b/src/chrome/content/rules/StrongVPN.xml
index dcf9a67f96ab..530efbcfe0b0 100644
--- a/src/chrome/content/rules/StrongVPN.xml
+++ b/src/chrome/content/rules/StrongVPN.xml
@@ -2,8 +2,5 @@
   <target host="strongvpn.com" />
   <target host="www.strongvpn.com" />
 
-  <rule from="^http://strongvpn\.com/"
-          to="https://strongvpn.com/" />
-  <rule from="^http://www\.strongvpn\.com/"
-          to="https://www.strongvpn.com/" />
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Strongest-privacy.com.xml b/src/chrome/content/rules/Strongest-privacy.com.xml
deleted file mode 100644
index 97f63703a908..000000000000
--- a/src/chrome/content/rules/Strongest-privacy.com.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!-- This rule was automatically generated based on an HSTS
-     preload rule in the Chromium browser.  See
-     https://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.h
-     for the list of preloads.  Sites are added to the Chromium HSTS
-     preload list on request from their administrators, so HTTPS should
-     work properly everywhere on this site.
-
-     Because Chromium and derived browsers automatically force HTTPS for
-     every access to this site, this rule applies only to Firefox. -->
-<ruleset name="Strongest-privacy.com" platform="firefox">
-<target host="strongest-privacy.com" />
-
-<securecookie host="^strongest-privacy\.com$" name=".+" />
-
-<rule from="^http://strongest-privacy\.com/" to="https://strongest-privacy.com/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Stuart-Robbins.xml b/src/chrome/content/rules/Stuart-Robbins.xml
deleted file mode 100644
index 3bef7f4bc90a..000000000000
--- a/src/chrome/content/rules/Stuart-Robbins.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<ruleset name="Stuart Robbins" default_off="mismatch">
-
-	<!--	Cert: *.hostmonster.com	-->
-	<target host="*.sjrdesign.net" />
-
-
-	<rule from="^https?://about.sjrdesign.net/"
-		to="https://sjrdesign.net/~sjrdesig/about/" />
-
-	<!--	At least some files are too long to fetch via secure.hostmonster.com.	-->
-	<rule from="^https?://photos.sjrdesign.net/"
-		to="https://sjrdesign.net/~sjrdesig/photos/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Stubhub.ca.xml b/src/chrome/content/rules/Stubhub.ca.xml
new file mode 100644
index 000000000000..73e82ccfb435
--- /dev/null
+++ b/src/chrome/content/rules/Stubhub.ca.xml
@@ -0,0 +1,40 @@
+<!--
+	For other Stubhub coverage, see Stubhub.com.xml
+
+
+	Non-functional subdomains:
+
+		- myaccount.m	(m)
+		- qasecure	(m)
+		- www.sell	(m)
+		- static	(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+
+	Wildcard DNS and cert.
+-->
+<ruleset name="Stubhub.ca">
+
+	<target host="stubhub.ca" />
+	<target host="www.stubhub.ca" />
+	<target host="buy.stubhub.ca" />
+	<target host="iam.stubhub.ca" />
+	<target host="intl.stubhub.ca" />
+	<target host="log.stubhub.ca" />
+	<target host="m.stubhub.ca" />
+	<target host="myaccount.stubhub.ca" />
+	<target host="pro.stubhub.ca" />
+	<target host="publicfeed.stubhub.ca" />
+	<target host="secure.stubhub.ca" />
+	<target host="sell.stubhub.ca" />
+	<target host="track.stubhub.ca" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Stubhub.co.uk.xml b/src/chrome/content/rules/Stubhub.co.uk.xml
new file mode 100644
index 000000000000..708ffc9bb3b2
--- /dev/null
+++ b/src/chrome/content/rules/Stubhub.co.uk.xml
@@ -0,0 +1,40 @@
+<!--
+	For other Stubhub coverage, see Stubhub.com.xml
+
+
+	Non-functional subdomains:
+
+		- blog	(t)
+		- intl	(SSL connnection error)
+		- log	(t)
+		- secure	(SSL connnection error)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+
+	Wildcard DNS and cert.
+-->
+<ruleset name="Stubhub.co.uk">
+
+	<target host="stubhub.co.uk" />
+	<target host="www.stubhub.co.uk" />
+	<target host="buy.stubhub.co.uk" />
+	<target host="data.stubhub.co.uk" />
+	<target host="iam.stubhub.co.uk" />
+	<target host="m.stubhub.co.uk" />
+	<target host="myaccount.stubhub.co.uk" />
+	<target host="pro.stubhub.co.uk" />
+	<target host="publicfeed.stubhub.co.uk" />
+	<target host="sell.stubhub.co.uk" />
+	<target host="smetrics.stubhub.co.uk" />
+	<target host="stubconnect.stubhub.co.uk" />
+	<target host="track.stubhub.co.uk" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Stubhub.com.xml b/src/chrome/content/rules/Stubhub.com.xml
new file mode 100644
index 000000000000..4c46b0d4f6b3
--- /dev/null
+++ b/src/chrome/content/rules/Stubhub.com.xml
@@ -0,0 +1,127 @@
+
+<!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Fetch error: http://cms.stubhub.com/ => https://cms.stubhub.com/: (51, "SSL: no alternative certificate subject name matches target host name 'cms.stubhub.com'")
+Fetch error: http://engineering.stubhub.com/ => https://engineering.stubhub.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://iam.stubhub.com/ => https://iam.stubhub.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://pro.stubhub.com/ => https://pro.stubhub.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://sonartickets.stubhub.com/ => https://sonartickets.stubhub.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+-->
+
+<!--
+The following targets have been disabled at 2020-04-17 18:38:06:
+
+Fetch error: http://stubhub.com/ => https://stubhub.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://www.stubhub.com/ => https://www.stubhub.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://blog.stubhub.com/ => https://blog.stubhub.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://bugsnag.stubhub.com/ => https://bugsnag.stubhub.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://buy.stubhub.com/ => https://buy.stubhub.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://cat.stubhub.com/ => https://cat.stubhub.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://log.stubhub.com/ => https://log.stubhub.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://m.stubhub.com/ => https://m.stubhub.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://myaccount.stubhub.com/ => https://myaccount.stubhub.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://sell.stubhub.com/ => https://sell.stubhub.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://stubconnect.stubhub.com/ => https://stubconnect.stubhub.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://telluwhat.stubhub.com/ => https://telluwhat.stubhub.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://tickettech.stubhub.com/ => https://tickettech.stubhub.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://track.stubhub.com/ => https://track.stubhub.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+
+	Other Stubhub rulesets:
+		- Stubhub.co.uk.xml
+		- Stubhub.ca.xml
+		- Stubhub.de.xml
+		- Stubhub.fr.xml
+		- stubhubstatic.com.xml
+
+
+	Non-functional subdomains:
+		- apipublish	(t)
+		- autobulk	(t)
+		- autodiscover	(r)
+		- www.comarena	(m)
+		- intl	(t)
+		- www.jetsauction	(m)
+		- lsp	(t)
+		- orderreview	(t)
+		- secure	(t)
+		- stubconnect2	(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+
+	Wildcard DNS and cert.
+-->
+<ruleset name="Stubhub.com">
+
+	<!-- target host="stubhub.com" /-->
+	<!-- target host="www.stubhub.com" /-->
+	<target host="ak.stubhub.com" />
+	<target host="api.stubhub.com" />
+	<target host="apisupport.stubhub.com" />
+	<target host="benedumcenter.stubhub.com" />
+	<!-- target host="blog.stubhub.com" /-->
+	<target host="bpm.stubhub.com" />
+	<!-- target host="bugsnag.stubhub.com" /-->
+	<!-- target host="buy.stubhub.com" /-->
+	<target host="cache1.stubhub.com" />
+	<!-- target host="cat.stubhub.com" /-->
+	<target host="chargers.stubhub.com" />
+	<target host="cirque.stubhub.com" />
+	<!-- target host="cms.stubhub.com" /-->
+	<target host="concerts.stubhub.com" />
+	<target host="cowboys.stubhub.com" />
+	<target host="cyclones.stubhub.com" />
+	<target host="dailynews.stubhub.com" />
+	<target host="danpatrick.stubhub.com" />
+	<target host="data.stubhub.com" />
+	<target host="developer.stubhub.com" />
+	<target host="email.stubhub.com" />
+	<!-- target host="engineering.stubhub.com" /-->
+	<target host="forum.stubhub.com" />
+	<target host="giants.stubhub.com" />
+	<target host="gotogether.stubhub.com" />
+	<target host="httpwww.stubhub.com" />
+	<!-- target host="iam.stubhub.com" /-->
+	<target host="jetsauction.stubhub.com" />
+	<!-- target host="log.stubhub.com" /-->
+	<!-- target host="m.stubhub.com" /-->
+	<target host="mariners.stubhub.com" />
+	<target host="music.stubhub.com" />
+	<!-- target host="myaccount.stubhub.com" /-->
+	<target host="partnerfeed.stubhub.com" />
+	<target host="partnersapi.stubhub.com" />
+	<target host="patriots.stubhub.com" />
+	<target host="pe.stubhub.com" />
+	<target host="pluck.stubhub.com" />
+	<target host="pluckstage.stubhub.com" />
+	<!-- target host="pro.stubhub.com" /-->
+	<target host="publicfeed.stubhub.com" />
+	<!-- target host="sell.stubhub.com" /-->
+	<!-- target host="sonartickets.stubhub.com" /-->
+	<target host="sports.stubhub.com" />
+	<target host="srwp01gtm001.stubhub.com" />
+	<!-- target host="stubconnect.stubhub.com" /-->
+	<target host="swww.stubhub.com" />
+	<!-- target host="telluwhat.stubhub.com" /-->
+	<target host="test.stubhub.com" />
+	<!-- target host="tickettech.stubhub.com" /-->
+	<target host="touch.stubhub.com" />
+	<!-- target host="track.stubhub.com" /-->
+	<target host="tracking.stubhub.com" />
+	<target host="venues.stubhub.com" />
+	<target host="was.stubhub.com" />
+	<target host="ww.stubhub.com" />
+	<target host="wwgm.stubhub.com" />
+	<target host="www10.stubhub.com" />
+	<target host="wwww.stubhub.com" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Stubhub.de.xml b/src/chrome/content/rules/Stubhub.de.xml
new file mode 100644
index 000000000000..385bd400b94a
--- /dev/null
+++ b/src/chrome/content/rules/Stubhub.de.xml
@@ -0,0 +1,39 @@
+<!--
+	For other Stubhub coverage, see Stubhub.com.xml
+
+
+	Non-functional subdomains:
+
+		- static	(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+
+	Wildcard DNS and cert.
+-->
+<ruleset name="Stubhub.de">
+
+	<target host="stubhub.de" />
+	<target host="www.stubhub.de" />
+	<target host="apipublish.stubhub.de" />
+	<target host="buy.stubhub.de" />
+	<target host="data.stubhub.de" />
+	<target host="developer.stubhub.de" />
+	<target host="iam.stubhub.de" />
+	<target host="log.stubhub.de" />
+	<target host="m.stubhub.de" />
+	<target host="myaccount.stubhub.de" />
+	<target host="pro.stubhub.de" />
+	<target host="publicfeed.stubhub.de" />
+	<target host="sell.stubhub.de" />
+	<target host="stubconnect.stubhub.de" />
+	<target host="track.stubhub.de" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Stubhub.fr.xml b/src/chrome/content/rules/Stubhub.fr.xml
new file mode 100644
index 000000000000..2754e2a8b933
--- /dev/null
+++ b/src/chrome/content/rules/Stubhub.fr.xml
@@ -0,0 +1,29 @@
+<!--
+	For other Stubhub coverage, see Stubhub.com.xml
+
+
+	Non-functional subdomains:
+
+		- static	(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+
+	Wildcard DNS and cert.
+-->
+<ruleset name="Stubhub.fr">
+
+	<target host="stubhub.fr" />
+	<target host="www.stubhub.fr" />
+	<target host="iam.stubhub.fr" />
+	<target host="myaccount.stubhub.fr" />
+	<target host="pro.stubhub.fr" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Stubhub.xml b/src/chrome/content/rules/Stubhub.xml
deleted file mode 100644
index 8453a613ea71..000000000000
--- a/src/chrome/content/rules/Stubhub.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	Problematic domains:
-
-		-  stubhub.com		(mismatched, CN: www.stubhub.com)
-
--->
-<ruleset name="Stubhub">
-
-	<target host="stubhub.com" />
-	<target host="*.stubhub.com" />
-
-
-	<securecookie host="^(?:.*\.)?stubhub\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?stubhub\.com/"
-		to="https://www.stubhub.com/" /> 
-
-	<rule from="^http://([^/:@]+)\.stubhub\.com/"
-		to="https://$1.stubhub.com/" />
-
-	<rule from="^http://cache(\d+)\.stubhubstatic\.com/"
-		to="https://cache$1.stubhubstatic.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/StudentDoctor.net.xml b/src/chrome/content/rules/StudentDoctor.net.xml
new file mode 100644
index 000000000000..5f04a50ee688
--- /dev/null
+++ b/src/chrome/content/rules/StudentDoctor.net.xml
@@ -0,0 +1,12 @@
+<ruleset name="Student Doctor Network">
+	<target host="studentdoctor.net" />
+	<target host="www.studentdoctor.net" />
+	<target host="dds.studentdoctor.net" />
+	<target host="experts.studentdoctor.net" />
+	<target host="forums.studentdoctor.net" />
+	<target host="help.studentdoctor.net" />
+	<target host="schools.studentdoctor.net" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/StudentLoans.gov.xml b/src/chrome/content/rules/StudentLoans.gov.xml
deleted file mode 100644
index 8c921c08f910..000000000000
--- a/src/chrome/content/rules/StudentLoans.gov.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="StudentLoans.gov">
-	<target host="studentloans.gov" />
-	<target host="www.studentloans.gov" />
-
- 	<securecookie host="^(.*\.)?studentloans\.gov$" name=".+" />
-
-	<rule from="^http://(?:www\.)?studentloans\.gov/" to="https://studentloans.gov/" />
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Student_Benefits.ca.xml b/src/chrome/content/rules/Student_Benefits.ca.xml
index 60a812f6741c..6d8b92aedcc0 100644
--- a/src/chrome/content/rules/Student_Benefits.ca.xml
+++ b/src/chrome/content/rules/Student_Benefits.ca.xml
@@ -9,7 +9,7 @@
 <ruleset name="Student Benefits.ca">
 
 	<target host="studentbenefits.ca" />
-	<target host="*.studentbenefits.ca" />
+	<target host="www.studentbenefits.ca" />
 
 
 	<securecookie host="^\.studentbenefits\.ca$" name=".+" />
@@ -18,7 +18,6 @@
 	<!--	www redirects to ^ over http,
 		so copy that behavior:
 					-->
-	<rule from="^http://(?:www\.)?studentbenefits\.ca/"
-		to="https://studentbenefits.ca/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Students_for_Sensible_Drug_Policy.xml b/src/chrome/content/rules/Students_for_Sensible_Drug_Policy.xml
index eb7d02835ad2..188188cf13c6 100644
--- a/src/chrome/content/rules/Students_for_Sensible_Drug_Policy.xml
+++ b/src/chrome/content/rules/Students_for_Sensible_Drug_Policy.xml
@@ -4,7 +4,6 @@
 	<target host="www.ssdp.org" />
 
 
-	<rule from="^http://(www\.)?ssdp\.org/"
-		to="https://$1ssdp.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/StudiVZ.xml b/src/chrome/content/rules/StudiVZ.xml
index c70d2ecab3c3..3cca7fda53ac 100644
--- a/src/chrome/content/rules/StudiVZ.xml
+++ b/src/chrome/content/rules/StudiVZ.xml
@@ -1,5 +1,5 @@
 <ruleset name="StudiVZ (disabled)" default_off="Certificate mismatch">
   <target host="www.studivz.net" />
 
-  <rule from="^http://www\.studivz\.net/" to="https://www.studivz.net/"/>
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/StudiesAbroad.com.xml b/src/chrome/content/rules/StudiesAbroad.com.xml
index e7a69b45bf23..fe9ae45daa95 100644
--- a/src/chrome/content/rules/StudiesAbroad.com.xml
+++ b/src/chrome/content/rules/StudiesAbroad.com.xml
@@ -3,7 +3,6 @@
 	<target host="secure.studiesabroad.com" />
 
 
-	<rule from="^http://secure\.studiesabroad\.com/"
-		to="https://secure.studiesabroad.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/StudioPress.com.xml b/src/chrome/content/rules/StudioPress.com.xml
index 5659fd16ddef..e3b66897913a 100644
--- a/src/chrome/content/rules/StudioPress.com.xml
+++ b/src/chrome/content/rules/StudioPress.com.xml
@@ -1,20 +1,15 @@
-<!--
-	Fully covered subdomains:
-
-		- (www.)
-		- my
-
--->
 <ruleset name="StudioPress.com">
 
 	<target host="studiopress.com" />
-	<target host="*.studiopress.com" />
+	<target host="my.studiopress.com" />
+	<target host="www.studiopress.com" />
 
 
-	<securecookie host="^my\.studiopress\.com$" name=".+" />
+	<securecookie host="^\." name="^_ga(?:t?$|t)" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^http://(my\.|www\.)?studiopress\.com/"
-		to="https://$1studiopress.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Study.Monash.xml b/src/chrome/content/rules/Study.Monash.xml
new file mode 100644
index 000000000000..d11d367de334
--- /dev/null
+++ b/src/chrome/content/rules/Study.Monash.xml
@@ -0,0 +1,30 @@
+<!--
+	For other Monash University coverage, see Monash.edu.xml.
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- study.monash
+		- www.study.monash
+		- .www.study.monash
+
+-->
+<ruleset name="Study.Monash">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="study.monash" />
+	<target host="www.study.monash" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:\.?www\.)?study\.monash$" name="^SQ_SYSTEM_SESSION$" /-->
+
+	<securecookie host="^(?:\.?www\.)?study\.monash$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/StudySchedule.org.xml b/src/chrome/content/rules/StudySchedule.org.xml
new file mode 100644
index 000000000000..aa4c88ffce37
--- /dev/null
+++ b/src/chrome/content/rules/StudySchedule.org.xml
@@ -0,0 +1,15 @@
+<!--
+	Problematic subdomains:
+
+	blog.studyschedule.org (Bad gateway)
+-->
+
+<ruleset name="StudySchedule.org">
+	<target host="studyschedule.org" />
+	<target host="www.studyschedule.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/StudyinAustralia.xml b/src/chrome/content/rules/StudyinAustralia.xml
new file mode 100644
index 000000000000..628c945488de
--- /dev/null
+++ b/src/chrome/content/rules/StudyinAustralia.xml
@@ -0,0 +1,7 @@
+<ruleset name="Study in Australia">
+	<target host="studyinaustralia.gov.au" />
+	<target host="www.studyinaustralia.gov.au" />
+
+	<rule from="^http://(?:www\.)?studyinaustralia\.gov\.au/"
+		to="https://www.studyinaustralia.gov.au/" />
+</ruleset>
diff --git a/src/chrome/content/rules/StumbleUpon.xml b/src/chrome/content/rules/StumbleUpon.xml
index 068453c0d4b8..e87f4899bacf 100644
--- a/src/chrome/content/rules/StumbleUpon.xml
+++ b/src/chrome/content/rules/StumbleUpon.xml
@@ -1,3 +1,21 @@
+<!--
+	CDN buckets:
+
+		- nb9-stumbleupon.netdna-ssl.com
+
+
+	Observed cookie domains:
+
+		- .stumbleupon.com
+
+
+	Mixed content:
+
+		- Web bugs on www.stumbleupon.com from b.scorecardresearch.com *
+
+	* Secured by us
+
+-->
 <ruleset name="StumbleUpon (breaks plugin)" default_off="Breaks the SU extension">
 
 	<target host="stumbleupon.com" />
@@ -8,10 +26,9 @@
 	<target host="sustatic.com" />
 	<target host="*.sustatic.com" />
 	<!--	* for cross-domain cookie.	-->
-	<target host="*.b9.stumbleupon.com" />
 
 
-	<securecookie host="^.*\.s(tumbleupon|ustatic)\.com$" name=".*" />
+	<securecookie host="^.*\.s(?:tumbleupon|ustatic)\.com$" name=".+" />
 
 
 	<rule from="^http://(?:badge\.|www\.)?stumbleupon\.com/"
diff --git a/src/chrome/content/rules/StumblingOn.com.xml b/src/chrome/content/rules/StumblingOn.com.xml
new file mode 100644
index 000000000000..60c0d8a5a973
--- /dev/null
+++ b/src/chrome/content/rules/StumblingOn.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="StumblingOn.com">
+	<target host="stumblingon.com" />
+	<target host="www.stumblingon.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Stunnel.org.xml b/src/chrome/content/rules/Stunnel.org.xml
index c26eded07b6c..cecccb442dd7 100644
--- a/src/chrome/content/rules/Stunnel.org.xml
+++ b/src/chrome/content/rules/Stunnel.org.xml
@@ -1,24 +1,13 @@
-<!--
-	Problematic subdomains:
-
-		- ^	(mismatched, CN; www.mirt.net)
-
--->
 <ruleset name="stunnel.org">
 
 	<target host="stunnel.org" />
 	<target host="www.stunnel.org" />
 
 
-	<securecookie host="^(?:www\.)?stunnel\.org$" name=".+" />
-
+	<securecookie host=".+" name=".+" />
 
-	<!--	Server drops path:
-					-->
-	<rule from="^http://stunnel\.org/[^?]*(\?.*)?"
-		to="https://www.stunnel.org/$1" />
 
-	<rule from="^http://www\.stunnel\.org/"
-		to="https://www.stunnel.org/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Stunnish.com.xml b/src/chrome/content/rules/Stunnish.com.xml
deleted file mode 100644
index 6e63c21ab470..000000000000
--- a/src/chrome/content/rules/Stunnish.com.xml
+++ /dev/null
@@ -1,35 +0,0 @@
-<!--
-	Problematic subdomains:
-
-		- ^	(http reply)
-
-
-	Mixed content:
-
-		- css on www from www *
-
-		- Images, on www from:
-
-			- www *
-			- \d.gravatar.com *
-
-		- Ads, on www from:
-
-			- api.lanistaads.com *
-
-	* Secured by us
-
--->
-<ruleset name="Stunnish.com (false MCB)" platform="mixedcontent">
-
-	<target host="stunnish.com" />
-	<target host="*.stunnish.com" />
-
-
-	<securecookie host="^\.stunnish\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?stunnish\.com/"
-		to="https://www.stunnish.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Stupid.com.xml b/src/chrome/content/rules/Stupid.com.xml
new file mode 100644
index 000000000000..8d6ce3520323
--- /dev/null
+++ b/src/chrome/content/rules/Stupid.com.xml
@@ -0,0 +1,16 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://stupid.com/ => https://stupid.com/: Too many redirects while fetching 'https://stupid.com/'
+Fetch error: http://www.stupid.com/ => https://www.stupid.com/: Too many redirects while fetching 'https://www.stupid.com/'
+
+-->
+<ruleset name="Stupid.com" default_off="failed ruleset test">
+
+	<target host="stupid.com" />
+	<target host="www.stupid.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Stupidcensorship.com.xml b/src/chrome/content/rules/Stupidcensorship.com.xml
deleted file mode 100644
index e48704a460d6..000000000000
--- a/src/chrome/content/rules/Stupidcensorship.com.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	CN: www.mousematrix.com
-
--->
-<ruleset name="Stupidcensorship.com" default_off="mismatched">
-
-	<target host="stupidcensorship.com" />
-	<target host="www.stupidcensorship.com" />
-
-
-	<rule from="^https?://(?:www\.)?stupidcensorship\.com/"
-		to="https://stupidcensorship.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Stuvel-Photography.xml b/src/chrome/content/rules/Stuvel-Photography.xml
deleted file mode 100644
index 519876b97199..000000000000
--- a/src/chrome/content/rules/Stuvel-Photography.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="Stüvel photography" platform="cacert">
-
-	<target host="stuvel.eu" />
-	<target host="www.stuvel.eu" />
-
-
-	<rule from="^http://(www\.)?stuvel\.eu/"
-		to="https://$1stuvel.eu/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Style.com.xml b/src/chrome/content/rules/Style.com.xml
new file mode 100644
index 000000000000..c09f6bd69591
--- /dev/null
+++ b/src/chrome/content/rules/Style.com.xml
@@ -0,0 +1,24 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://style.com/ => https://style.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://bellboy.style.com/ => https://bellboy.style.com/: (51, "SSL: no alternative certificate subject name matches target host name 'bellboy.style.com'")
+Fetch error: http://www.style.com/ => https://www.style.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	For other Condé Nast coverage, see Conde-Nast.xml.
+
+-->
+<ruleset name="Style.com" default_off="failed ruleset test">
+
+	<target host="style.com" />
+	<target host="bellboy.style.com" />
+	<target host="www.style.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/StyleCaster.com.xml b/src/chrome/content/rules/StyleCaster.com.xml
new file mode 100644
index 000000000000..5274f0f4c1dd
--- /dev/null
+++ b/src/chrome/content/rules/StyleCaster.com.xml
@@ -0,0 +1,40 @@
+<!--
+	Connection closed:
+		- thetryonstudio.stylecaster.com
+
+	Connection refused:
+		- videos.stylecaster.com
+
+	Invalid certificate:
+		- cb.stylecaster.com
+		- community.stylecaster.com, equivalent to stylecaster.com
+		- click.email.stylecaster.com
+		- pages.email.stylecaster.com
+		- view.email.stylecaster.com
+		- home.stylecaster.com, equivalent to stylecaster.com
+		- liveintent.stylecaster.com, equivalent to p.liadm.com
+		- news-cdn.stylecaster.com
+		- news.stylecaster.com, equivalent to stylecaster.com
+		- sa-cdn.stylecaster.com
+		- search.stylecaster.com
+		- shop.stylecaster.com
+		- stylestudio.stylecaster.com
+		- ua-cdn.stylecaster.com
+-->
+
+<ruleset name="StyleCaster.com">
+	<target host="stylecaster.com" />
+	<target host="www.stylecaster.com" />
+	<target host="community.stylecaster.com" />
+	<target host="home.stylecaster.com" />
+	<target host="liveintent.stylecaster.com" />
+	<target host="news.stylecaster.com" />
+
+	<rule from="^http://(community|home|news)\.stylecaster\.com/"
+		to="https://stylecaster.com/" />
+
+	<rule from="^http://liveintent\.stylecaster\.com/"
+		to="https://p.liadm.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Style_Hatch.co.xml b/src/chrome/content/rules/Style_Hatch.co.xml
new file mode 100644
index 000000000000..1eff61271870
--- /dev/null
+++ b/src/chrome/content/rules/Style_Hatch.co.xml
@@ -0,0 +1,26 @@
+<!--
+	Nonfunctional subdomains:
+
+		- cadence ¹
+		- help ²
+
+	¹ Tumblr
+	² Desk.com
+
+
+	^: expired 2014
+	www: mismatched, CN: ssl2000.cloudflare.com
+
+-->
+<ruleset name="Style Hatch.co (partial)" default_off="expired">
+
+	<target host="stylehatch.co" />
+	<target host="www.stylehatch.co" />
+
+
+	<securecookie host="^\.stylehatch\.co$" name="^__cfduid$" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Stylist.co.uk.xml b/src/chrome/content/rules/Stylist.co.uk.xml
new file mode 100644
index 000000000000..aa69ffbe2ab2
--- /dev/null
+++ b/src/chrome/content/rules/Stylist.co.uk.xml
@@ -0,0 +1,56 @@
+<!--
+	Stylist Magazine
+
+
+	Nonfunctional hosts in *stylist.co.uk:
+
+		- [1-6].darkroom ³
+		- www ʰ
+
+	³ 403
+	ʰ Redirects to http
+
+
+	^stylist.co.uk: Server sends no certificate chain, see https://whatsmychaincert.com
+
+
+	Mixed content:
+
+		- Ads/web bugs, from:
+
+			- b.scorecardresearch.com ¹
+			- widgets.io.shortlistmedia.co.uk ²
+
+	¹ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+	² Unsecurable
+
+-->
+<ruleset name="Stylist.co.uk" default_off="redirects to http">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.stylist.co.uk" />
+
+		<!--	Redirects to http:
+						-->
+		<exclusion pattern="^http://www\.stylist\.co\.uk/(?:$|assets/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.stylist.co.uk/assets/img/stylist/82d1a7dd15d5bcd697f50fe348b0ec72/stylist-logo-nav.png" />
+
+	<!--	Complications:
+				-->
+	<target host="stylist.co.uk" />
+
+
+	<securecookie host="^\." name="^_(?:_cfduid$|gat?$|gat_)" />
+
+
+	<rule from="^http://stylist\.co\.uk/"
+		to="https://www.stylist.co.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Suas.ie.xml b/src/chrome/content/rules/Suas.ie.xml
new file mode 100644
index 000000000000..d5d68cd7cc41
--- /dev/null
+++ b/src/chrome/content/rules/Suas.ie.xml
@@ -0,0 +1,12 @@
+<ruleset name="Suas.ie">
+
+	<target host="suas.ie" />
+	<target host="www.suas.ie" />
+
+
+	<securecookie host="^\.suas\.ie$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SubDownloader.net.xml b/src/chrome/content/rules/SubDownloader.net.xml
index 8bf387b44189..adfe34a8d3f7 100644
--- a/src/chrome/content/rules/SubDownloader.net.xml
+++ b/src/chrome/content/rules/SubDownloader.net.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(?:www\.)?subdownloader\.net/"
 		to="https://subdownloader.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Subcon_admin.com.xml b/src/chrome/content/rules/Subcon_admin.com.xml
new file mode 100644
index 000000000000..daa56b9a521b
--- /dev/null
+++ b/src/chrome/content/rules/Subcon_admin.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="Subcon admin.com">
+
+	<target host="subconadmin.com" />
+	<target host="www.subconadmin.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Subeta.xml b/src/chrome/content/rules/Subeta.xml
index 667d3251c28c..5a1534fd2bd3 100644
--- a/src/chrome/content/rules/Subeta.xml
+++ b/src/chrome/content/rules/Subeta.xml
@@ -1,13 +1,24 @@
+<!--
+
+	Problemantic hosts in *subeta.net:
+
+		- forums (timeout)
+		- status (mismatch)
+
+-->
 <ruleset name="Subeta">
 
 	<target host="subeta.net" />
 	<target host="www.subeta.net" />
+	<target host="avatar.subeta.net" />
+	<target host="email.subeta.net" />
+	<target host="images.subeta.net" />
+	<target host="img.subeta.net" />
+	<target host="pets.subeta.net" />
 
+	<securecookie host="^\w" name=".+" />
 
-	<securecookie host="^(?:.*\.)?subeta\.net$" name=".+" />
-
-
-	<rule from="^http://(avatar\.|images\.|www\.)?subeta\.net/"
-		to="https://$1subeta.net/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Subgraph.com.xml b/src/chrome/content/rules/Subgraph.com.xml
new file mode 100644
index 000000000000..8cab36c3d9af
--- /dev/null
+++ b/src/chrome/content/rules/Subgraph.com.xml
@@ -0,0 +1,21 @@
+<!--
+	Invalid certificate:
+		- www.subgraph.com
+		- keystream.subgraph.com
+
+-->
+<ruleset name="Subgraph.com">
+
+	<target host="subgraph.com" />
+	<target host="www.subgraph.com" />
+	<target host="dist.subgraph.com" />
+	<target host="myip.subgraph.com" />
+	<target host="support.subgraph.com" />
+
+	<rule from="^http://www\.subgraph\.com/"
+		to="https://subgraph.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Subimage.xml b/src/chrome/content/rules/Subimage.xml
index b23209d5b2a8..4ca93ac26168 100644
--- a/src/chrome/content/rules/Subimage.xml
+++ b/src/chrome/content/rules/Subimage.xml
@@ -12,7 +12,7 @@
 	<target host="www.getcashboard.com"/>
 
 
-	<securecookie host="^(.*\.)?cashboardapp\.com$" name=".*"/>
+	<securecookie host="^(?:.*\.)?cashboardapp\.com$" name=".+" />
 
 
 	<rule from="^http://(?:www\.)?(?:cashboardapp|getcashboard)\.com/"
diff --git a/src/chrome/content/rules/SublimeGit.net.xml b/src/chrome/content/rules/SublimeGit.net.xml
new file mode 100644
index 000000000000..fc54767808d8
--- /dev/null
+++ b/src/chrome/content/rules/SublimeGit.net.xml
@@ -0,0 +1,21 @@
+<!--
+	Invalid certificate:
+		sublimegit.net
+		docs.sublimegit.net
+
+	Secure connection failed:
+		release.sublimegit.net
+		www.sublimegit.net
+
+-->
+<ruleset name="SublimeGit.net" default_off="other">
+
+	<target host="sublimegit.net" />
+	<target host="docs.sublimegit.net" />
+	<target host="release.sublimegit.net" />
+	<target host="www.sublimegit.net" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SublimeVideo.xml b/src/chrome/content/rules/SublimeVideo.xml
deleted file mode 100644
index cb5886b5a8d6..000000000000
--- a/src/chrome/content/rules/SublimeVideo.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<!--
-	d1p69vb2iuddhr.cloudfront.net
-	getsatisfaction.com/sublimevideo/
-
-
-	Nonfunctional domains:
-
-		- sublimevideo.net	(cert: *.heroku.com; redirects to http
-		- docs			(redirects to http)
-
--->
-<ruleset name="SublimeVideo (partial)">
-
-	<target host="*.sublimevideo.net" />
-
-
-	<rule from="^http://(my|www)\.sublimevideo\.net/"
-		to="https://$1.sublimevideo.net/" />
-
-	<!--	cdn: Akamai	-->
-	<rule from="^https?://(?:cdn|data)\.sublimevideo\.net/"
-		to="https://data.sublimevideo.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Sublime_Text.com.xml b/src/chrome/content/rules/Sublime_Text.com.xml
new file mode 100644
index 000000000000..7448e0170351
--- /dev/null
+++ b/src/chrome/content/rules/Sublime_Text.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- forum.sublimetext.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Sublime Text.com">
+
+	<target host="sublimetext.com" />
+	<target host="forum.sublimetext.com" />
+	<target host="www.sublimetext.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^forum\.sublimetext\.com$" name="^(?:__profilin|_forum_session)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Submission-Technology.xml b/src/chrome/content/rules/Submission-Technology.xml
index e892cd0373c3..b0482b12e76b 100644
--- a/src/chrome/content/rules/Submission-Technology.xml
+++ b/src/chrome/content/rules/Submission-Technology.xml
@@ -1,12 +1,20 @@
-<ruleset name="Submission Technology">
 
-	<target host="submissiontechnology.co.uk"/>
-	<target host="*.submissiontechnology.co.uk"/>
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://submissiontechnology.co.uk/ => https://submissiontechnology.co.uk/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://ssl.submissiontechnology.co.uk/ => https://ssl.submissiontechnology.co.uk/: (6, 'Could not resolve host: ssl.submissiontechnology.co.uk')
+Fetch error: http://www.submissiontechnology.co.uk/ => https://www.submissiontechnology.co.uk/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 
-	<securecookie host="^(.*\.)?submissiontechnology\.co\.uk$" name=".*"/>
+-->
+<ruleset name="Submission Technology" default_off="failed ruleset test">
+
+	<target host="submissiontechnology.co.uk" />
+	<target host="ssl.submissiontechnology.co.uk" />
+	<target host="www.submissiontechnology.co.uk" />
+
+	<securecookie host=".+" name=".+" />
 
 	<!--	ssl redirects to www, cert expired	-->
-	<rule from="^http://(ssl\.|www\.)?submissiontechnology\.co\.uk/"
-		to="https://$1submissiontechnology.co.uk/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Subrosa.io.xml b/src/chrome/content/rules/Subrosa.io.xml
new file mode 100644
index 000000000000..c3c7c14e0c44
--- /dev/null
+++ b/src/chrome/content/rules/Subrosa.io.xml
@@ -0,0 +1,19 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://subrosa.io/ => https://subrosa.io/: (28, 'Connection timed out after 20003 milliseconds')
+
+	www.subrosa.io doesn't exist.
+
+-->
+<ruleset name="Subrosa.io" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="subrosa.io" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SubscriptionGenius.com.xml b/src/chrome/content/rules/SubscriptionGenius.com.xml
index 58bcca62dc04..11a5403ae0b2 100644
--- a/src/chrome/content/rules/SubscriptionGenius.com.xml
+++ b/src/chrome/content/rules/SubscriptionGenius.com.xml
@@ -1,21 +1,38 @@
+
 <!--
-	Nonfunctional subdomains:
+Disabled by https-everywhere-checker because:
+Fetch error: http://support.subscriptiongenius.com/ => https://support.subscriptiongenius.com/: Too many redirects while fetching 'https://support.subscriptiongenius.com/'
 
-		- www	(refused)
+	Insecure cookies are set for these hosts: ᶜ
 
+		- app.subscriptiongenius.com
+		- checkout.subscriptiongenius.com
+		- developer.subscriptiongenius.com
+		- www.subscriptiongenius.com
 
-	^subscriptiongenius.com does not exist
+	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="SubscriptionGenius.com (partial)">
+<ruleset name="SubscriptionGenius.com" default_off="failed ruleset test">
 
+	<target host="subscriptiongenius.com" />
+	<target host="app.subscriptiongenius.com" />
 	<target host="checkout.subscriptiongenius.com" />
+	<target host="developer.subscriptiongenius.com" />
+	<target host="support.subscriptiongenius.com" />
+	<target host="www.subscriptiongenius.com" />
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:app|checkout|developer)\.subscriptiongenius\.com$" name="^(?:PHPSESSID$|X-Mapping-)" /-->
+	<!--securecookie host="^www\.subscriptiongenius\.com$" name="^X-Mapping-" /-->
 
-	<securecookie host="^checkout\.subscriptiongenius\.com$" name=".+" />
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^http://checkout\.subscriptiongenius\.com/"
-		to="https://checkout.subscriptiongenius.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Subsignal.org-problematic.xml b/src/chrome/content/rules/Subsignal.org-problematic.xml
new file mode 100644
index 000000000000..deb625315b3f
--- /dev/null
+++ b/src/chrome/content/rules/Subsignal.org-problematic.xml
@@ -0,0 +1,38 @@
+<!--
+	For rules that are on by default, see Subsignal.org.xml.
+
+
+	Fully covered hosts in *subsignal.org:
+
+		- (www.)?	(www → ^)
+		- ffx
+		- svn.ffx
+		- mail
+		- pads
+
+-->
+<ruleset name="subsignal.org (missing certificate chain)" default_off="expired, missing certificate chain">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="subsignal.org" />
+	<target host="ffx.subsignal.org" />
+	<target host="svn.ffx.subsignal.org" />
+	<target host="mail.subsignal.org" />
+	<target host="pads.subsignal.org" />
+
+	<!--	Complications:
+				-->
+	<target host="www.subsignal.org" />
+
+
+	<securecookie host="^\.pads\.subsignal\.org$" name=".+" />
+
+
+	<rule from="^http://www\.subsignal\.org/"
+		to="https://subsignal.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Subsignal.org.xml b/src/chrome/content/rules/Subsignal.org.xml
new file mode 100644
index 000000000000..64b9991661d1
--- /dev/null
+++ b/src/chrome/content/rules/Subsignal.org.xml
@@ -0,0 +1,77 @@
+<!--
+	For problematic rules, see Subsignal.org-problematic.xml.
+
+
+	Nonfunctional hosts *subsignal.org:
+
+		- mountain *
+
+	* Shows cloud.kbia-gmbh.de
+
+
+	Problematic hosts in *subsignal.org:
+
+		- ^ ¹
+		- ffx ¹ ² ³
+		- svn.ffx ¹ ² ³
+		- luci ¹ ² ³
+		- mail ³
+		- pads ³
+		- www ¹ ⁴
+
+	¹ CAcert
+	² Expired
+	³ Server sends no certificate chain, see https://whatsmychaincert.com
+	⁴ Mismatched
+
+
+	Fully covered hosts in *subsignal.org:
+
+		- diaspora
+
+
+	These altnames don't exist:
+
+		- svn.luci.subsignal.org
+
+
+	Insecure cookies are set for these domains:
+
+		- .pads.subsignal.org
+
+
+	Mixed content:
+
+		- favicon on ^ from $self
+
+-->
+<ruleset name="subsignal.org (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<!--target host="subsignal.org" /-->
+	<target host="diaspora.subsignal.org" />
+	<!--target host="ffx.subsignal.org" /-->
+	<!--target host="svn.ffx.subsignal.org" /-->
+	<!--target host="mail.subsignal.org" /-->
+	<!--target host="pads.subsignal.org" /-->
+
+	<!--	Complications:
+				-->
+	<!--target host="www.subsignal.org" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.pads\.subsignal\.org$" name="^(ES|ET)$" /-->
+
+	<!--securecookie host="^\.pads\.subsignal\.org$" name=".+" /-->
+
+
+	<!--rule from="^http://www\.subsignal\.org/"
+		to="https://subsignal.org/" /-->
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Subterranean_Games.com.xml b/src/chrome/content/rules/Subterranean_Games.com.xml
new file mode 100644
index 000000000000..cb75b3b093b4
--- /dev/null
+++ b/src/chrome/content/rules/Subterranean_Games.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Mixed content:
+
+		- css from fonts.googleapis.com ¹
+
+		- Image from cdn.steamcommunity.com ²
+
+	¹ Secured by us
+	² Rule disabled by default
+
+-->
+<ruleset name="Subterranean Games.com">
+
+	<target host="subterraneangames.com" />
+	<target host="forum.subterraneangames.com" />
+	<target host="www.subterraneangames.com" />
+
+
+	<!--	Server secures cookies, but cloudflare doesn't:
+								-->
+	<securecookie host="^\.subterraneangames\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Subtome.com.xml b/src/chrome/content/rules/Subtome.com.xml
index 375713ca2fd1..ff178d460ce6 100644
--- a/src/chrome/content/rules/Subtome.com.xml
+++ b/src/chrome/content/rules/Subtome.com.xml
@@ -1,13 +1,40 @@
+<!--
+	NB: Tor users cannot view* this website due to CloudFlare settings.
+
+	See:
+
+		- https://blog.torproject.org/blog/call-arms-helping-internet-services-accept-anonymous-users
+		- https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block-Tor-
+		- https://support.cloudflare.com/hc/en-us/articles/200170206-How-do-I-turn-I-m-Under-Attack-mode-on-
+
+	* without enabling javascript, for security and privacy implications see e.g.:
+
+		- https://www.mozilla.org/security/known-vulnerabilities/firefox.html
+		- https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-fingerprinting
+		- https://panopticlick.eff.org
+
+
+	Insecure cookies are set for these domains:
+
+		- .subtome.com
+
+-->
 <ruleset name="SubToMe.com">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="subtome.com" />
-	<target host="*.subtome.com" />
+	<target host="www.subtome.com" />
+
 
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.subtome\.com$" name="^(__cfduid|cf_clearance)$" /-->
 
 	<securecookie host="^\.subtome\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?subtome\.com/"
-		to="https://$1subtome.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Suburban-Records.xml b/src/chrome/content/rules/Suburban-Records.xml
index 732146082a1b..4b2f16f8f5e0 100644
--- a/src/chrome/content/rules/Suburban-Records.xml
+++ b/src/chrome/content/rules/Suburban-Records.xml
@@ -1,12 +1,11 @@
-<ruleset name="Suburban Records" default_off="self-signed">
+<ruleset name="Suburban Records">
 
-	<target host="suburban.nl"/>
-	<target host="www.suburban.nl"/>
-	<target host="*.www.suburban.nl"/>
+	<target host="suburban.nl" />
+	<target host="www.suburban.nl" />
 
-	<securecookie host="^(.*\.)?suburban\.nl$" name=".*"/>
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(?:www\.)?suburban\.nl/"
-		to="https://www.suburban.nl/"/>
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Subway.com.xml b/src/chrome/content/rules/Subway.com.xml
index 41376e7f3f7b..66471e0bf1ec 100644
--- a/src/chrome/content/rules/Subway.com.xml
+++ b/src/chrome/content/rules/Subway.com.xml
@@ -1,4 +1,11 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://subway.com/ => https://subway.com/: Too many redirects while fetching 'https://subway.com/'
+Fetch error: http://www.subway.com/ => https://www.subway.com/: Too many redirects while fetching 'https://www.subway.com/'
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://subway.com/ => https://subway.com/: (51, "SSL: no alternative certificate subject name matches target host name 'subway.com'")
 	Mixed content:
 
 		- Images on www from www *
@@ -8,7 +15,7 @@
 	* Secured by us
 
 -->
-<ruleset name="Subway.com">
+<ruleset name="Subway.com" default_off="failed ruleset test">
 
 	<target host="subway.com" />
 	<target host="www.subway.com" />
@@ -17,7 +24,6 @@
 	<securecookie host="^www\.subway\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?subway\.com/"
-		to="https://$1subway.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/SuccessFactors.xml b/src/chrome/content/rules/SuccessFactors.xml
index afae2735590f..309b19124cba 100644
--- a/src/chrome/content/rules/SuccessFactors.xml
+++ b/src/chrome/content/rules/SuccessFactors.xml
@@ -44,4 +44,4 @@
 	<rule from="^http://(autodiscover|blogs|career\d*|community|jobs|owa|performancemanager\d*)\.successfactors\.com/"
 		to="https://$1.successfactors.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Success_Chef.xml b/src/chrome/content/rules/Success_Chef.xml
deleted file mode 100644
index ba08c0a422c1..000000000000
--- a/src/chrome/content/rules/Success_Chef.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Success Chef">
-
-	<target host="successchef.com" />
-	<target host="*.successchef.com" />
-
-
-	<securecookie host="^\.?successchef\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?successchef\.com/"
-		to="https://$1successchef.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Suckless.xml b/src/chrome/content/rules/Suckless.xml
new file mode 100644
index 000000000000..f2659dbee23a
--- /dev/null
+++ b/src/chrome/content/rules/Suckless.xml
@@ -0,0 +1,21 @@
+<ruleset name="suckless.org">
+	<target host="sta.li" />
+	<target host="dl.sta.li" />
+	<target host="git.sta.li" />
+
+	<target host="suckless.org" />
+	<target host="www.suckless.org" />
+	<target host="core.suckless.org" />
+	<target host="dl.suckless.org" />
+	<target host="dwm.suckless.org" />
+	<target host="ev.suckless.org" />
+	<target host="git.suckless.org" />
+	<target host="libs.suckless.org" />
+	<target host="lists.suckless.org" />
+	<target host="st.suckless.org" />
+	<target host="stagit.suckless.org" />
+	<target host="surf.suckless.org" />
+	<target host="tools.suckless.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Suckup.de.xml b/src/chrome/content/rules/Suckup.de.xml
new file mode 100644
index 000000000000..c4aeb25be3b7
--- /dev/null
+++ b/src/chrome/content/rules/Suckup.de.xml
@@ -0,0 +1,15 @@
+<ruleset name="suckup.de">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="suckup.de" />
+	<target host="www.suckup.de" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Sucuri.xml b/src/chrome/content/rules/Sucuri.xml
index 66d932be120c..df9a764a9044 100644
--- a/src/chrome/content/rules/Sucuri.xml
+++ b/src/chrome/content/rules/Sucuri.xml
@@ -1,18 +1,41 @@
+
 <!--
-	Nonfunctional subdomains:
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://cloudproxy.sucuri.net/ (200) => https://cloudproxy.sucuri.net/ (404)
+
+	Nonfunctional hosts in *sucuri.net:
+
+		- labs ᵈ
+
+	ᵈ Dropped
 
-		- (www.) *
-		- blog *
 
-	* No https
+	Insecure cookies are set for these domains:
+
+		- .sucuri.net
 
 -->
-<ruleset name="Sucuri (partial)">
+<ruleset name="Sucuri.net (partial)" default_off="failed ruleset test">
 
+	<target host="sucuri.net" />
+	<target host="affl.sucuri.net" />
+	<target host="blog.sucuri.net" />
+	<target host="cloudproxy.sucuri.net" />
+	<target host="kb.sucuri.net" />
 	<target host="login.sucuri.net" />
+	<target host="sitecheck.sucuri.net" />
+	<target host="support.sucuri.net" />
+	<target host="www.sucuri.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.sucuri\.net$" name="^(sucuri-affl|sucuri-affl-tr2)$" /-->
+
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://login\.sucuri\.net/"
-		to="https://login.sucuri.net/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SudanTribune.xml b/src/chrome/content/rules/SudanTribune.xml
new file mode 100644
index 000000000000..3d31bd2605cf
--- /dev/null
+++ b/src/chrome/content/rules/SudanTribune.xml
@@ -0,0 +1,30 @@
+<!--
+	Cert expired:
+		- beta.admin.sudantribune.com
+		- beta.sudantribune.com
+
+	Chain issues:
+		- dev.admin.sudantribune.com
+		- dev.api.sudantribune.com
+		- dev.sudantribune.com
+
+	Self-signed certificate:
+		- ftp.sudantribune.com
+		- ipv4.sudantribune.com
+		- mail.sudantribune.com
+		- ns.sudantribune.com
+		- test.sudantribune.com
+		- v4.sudantribune.com
+		- webmail.sudantribune.com
+		- www.webmail.sudantribune.com
+		- www2.sudantribune.com
+-->
+<ruleset name="Sudan Tribune">
+
+	<target host="sudantribune.com" />
+	<target host="www.sudantribune.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Sudbury_Neutrino_Observatory_Institute.xml b/src/chrome/content/rules/Sudbury_Neutrino_Observatory_Institute.xml
index 61a3451a7806..332f1157debd 100644
--- a/src/chrome/content/rules/Sudbury_Neutrino_Observatory_Institute.xml
+++ b/src/chrome/content/rules/Sudbury_Neutrino_Observatory_Institute.xml
@@ -4,13 +4,10 @@
 -->
 <ruleset name="Sudbury Neutrino Observatory Institute">
 
-	<target host="*.snolab.ca" />
+	<target host="www.snolab.ca" />
 
 
-	<securecookie host="^\.snolab\.ca$" name=".+" />
 
+	<rule from="^http:" to="https:" />
 
-	<rule from="^http://www\.snolab\.ca/"
-		to="https://www.snolab.ca/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Suddeutsche_Zeitung-problematic.xml b/src/chrome/content/rules/Suddeutsche_Zeitung-problematic.xml
deleted file mode 100644
index 6f401be7cbac..000000000000
--- a/src/chrome/content/rules/Suddeutsche_Zeitung-problematic.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	For rules that are on by default, see Suddeutsche_Zeitung.xml.
-
--->
-<ruleset name="Süddeutsche Zeitung (problematic)" default_off="mismatched">
-
-	<target host="englisch.sueddeutsche.de" />
-
-
-	<securecookie host="^englisch\.sueddeutsche\.de$" name=".+" />
-
-
-	<rule from="^http://englisch\.sueddeutsche\.de/"
-		to="https://englisch.sueddeutsche.de/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Suddeutsche_Zeitung.xml b/src/chrome/content/rules/Suddeutsche_Zeitung.xml
index 7cdcf1fdc5cf..b23a1b8ab21d 100644
--- a/src/chrome/content/rules/Suddeutsche_Zeitung.xml
+++ b/src/chrome/content/rules/Suddeutsche_Zeitung.xml
@@ -1,61 +1,61 @@
 <!--
-	For problematic rules, see Suddeutsche_Zeitung-problematic.xml.
-
-
 	Other Süddeutsche Zeitung rulesets:
 
 		- Suddeutsche_Zeitung_Tickets.xml
 
-
-	Nonfunctional domains:
-
-		- pixfinanzen.sueddeutsche.de	(times out)
-
-
 	Problematic domains:
 
-		- sueddeutsche.com		(cert only matches *.sueddeutsche.com)
-		- polpix.sueddeutsche.com	(times out)
-		- englisch.sueddeutsche.de	(works, mismatched, CN: www.gymglish.com)
-		- mediadaten.sueddeutsche.de	(mismatched, CN: www.rehmnetz.de)
-
-
-	Partially covered domains:
-
-		- (www.)sueddeutsche.de		(^ → www, some [most?] paths redirect to http)
-		- polpix.sueddeutsche.com	(→ www.sueddeutsche.de)
-
-
-	Fully covered sueddeutsche.de subdomains:
-
-		- anzeigen
-		- anzeigen-buchen
-		- epaper
-		- immobilienmarkt
-		- motormarkt
-		- service
-		- stellenmarkt
-		- sz-media
-		- sz-shop
-
+		- jetzt.sueddeutsche.de				(Timeout)
+		- sportergebnisse.sueddeutsche.de 	(Invalid certificate)
+		- sz-shop 							(Refused)
+		- tickets.sueddeutsche.de			(Plaintext reply)
 -->
-<ruleset name="Süddeutsche Zeitung (partial)">
+<ruleset name="Süddeutsche Zeitung (partial)" >
 
-	<target host="polpix.sueddeutsche.com" />
 	<target host="sueddeutsche.de" />
-	<target host="*.sueddeutsche.de" />
-
-
-	<securecookie host="^(?:anzeigen-buchen|epaper|sz-media|sz-shop)\.sueddeutsche\.de$" name=".+" />
-
-
-	<rule from="^https?://(?:polpix\.sueddeutsche\.com|(?:www\.)?sueddeutsche\.de)/static_assets/"
-		to="https://www.sueddeutsche.de/static_assets/" />
-
-	<rule from="^http://(anzeigen(?:-buchen)?|epaper|(?:immobilien|motor|stellen)markt|service|sz-media|sz-shop)\.sueddeutsche\.de/"
-		to="https://$1.sueddeutsche.de/" />
-
-	<rule from="^https?://mediadaten.sueddeutsche.de/(?:home/)?(?:$|\?)"
-		to="https://sz-media.sueddeutsche.de/" />
-
-</ruleset>
\ No newline at end of file
+	<target host="www.sueddeutsche.de" />
+	<target host="anzeigen.sueddeutsche.de" />
+	<target host="anzeigen-buchen.sueddeutsche.de" />
+	<target host="archiv.sueddeutsche.de" />
+	<target host="bildung.sueddeutsche.de" />
+	<target host="englisch.sueddeutsche.de" />
+	<target host="epaper.sueddeutsche.de" />
+	<target host="finanzen.sueddeutsche.de" />
+	<target host="geoservice.sueddeutsche.de" />
+	<target host="gfx.sueddeutsche.de" />
+	<target host="global.sueddeutsche.de" />
+		<test url="http://global.sueddeutsche.de/assets/img/header/sprite_header.png" />
+	<target host="id.sueddeutsche.de" />
+	<target host="ladenwelten.sueddeutsche.de" />
+	<target host="llm.sueddeutsche.de" />
+	<target host="immobilienmarkt.sueddeutsche.de" />
+	<target host="international.sueddeutsche.de" />
+	<target host="maerkte.sueddeutsche.de" />
+		<test url="http://maerkte.sueddeutsche.de/esi/content-modul/muenchen.html" />
+	<target host="maps.sueddeutsche.de" />
+	<target host="media-cdn.sueddeutsche.de" />
+		<test url="http://media-cdn.sueddeutsche.de/globalassets/img/unsprited/placeholder_16_9.png" />
+		<test url="http://media-cdn.sueddeutsche.de/globalassets/components/szfonts/fonts/SZSans/SZSans-Bold.woff2" />
+	<target host="medienberufe.sueddeutsche.de" />
+	<target host="motormarkt.sueddeutsche.de" />
+	<target host="reiseangebote.sueddeutsche.de" />
+	<target host="paybox-ui.sueddeutsche.de" />
+		<test url="http://paybox-ui.sueddeutsche.de/assets/css/paybox.css" />
+	<target host="pix.sueddeutsche.de" />
+	<target host="projekte.sueddeutsche.de" />
+	<target host="service.sueddeutsche.de" />
+	<target host="stellenmarkt.sueddeutsche.de" />
+	<target host="sz-media.sueddeutsche.de" />
+	<target host="sz-veranstaltungen.sueddeutsche.de" />
+	<target host="szshop.sueddeutsche.de" />
+	<target host="trauer.sueddeutsche.de" />
+	<target host="weiterbildung.sueddeutsche.de" />
+
+	<target host="jetzt.de" />
+	<target host="www.jetzt.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"	to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Suddeutsche_Zeitung_Tickets.xml b/src/chrome/content/rules/Suddeutsche_Zeitung_Tickets.xml
index d7889582aec1..150b38748507 100644
--- a/src/chrome/content/rules/Suddeutsche_Zeitung_Tickets.xml
+++ b/src/chrome/content/rules/Suddeutsche_Zeitung_Tickets.xml
@@ -14,10 +14,14 @@
 	<target host="www.sueddeutsche-tickets.de" />
 
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.sueddeutsche-tickets\.de$" name="^https-upgrade$" /-->
+
 	<securecookie host="^www\.sueddeutsche-tickets\.de$" name=".+" />
 
 
-	<rule from="^https?://(?:tickets\.sueddeutsche|(?:www\.)?sueddeutsche-tickets)\.de/"
+	<rule from="^http://(?:tickets\.sueddeutsche|(?:www\.)?sueddeutsche-tickets)\.de/"
 		to="https://www.sueddeutsche-tickets.de/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Sudo_Room.xml b/src/chrome/content/rules/Sudo_Room.xml
index 1635f0e358cc..7d588f9d9cd8 100644
--- a/src/chrome/content/rules/Sudo_Room.xml
+++ b/src/chrome/content/rules/Sudo_Room.xml
@@ -1,10 +1,37 @@
-<ruleset name="Sudo Room">
+<!--
+	Problematic hosts in *sudoroom.org:
 
+		- door ᵐ
+		- lists ᵉ
+
+	ᵉ Expired
+	ᵐ Mismatched
+
+-->
+<ruleset name="Sudo Room.org (partial)">
+
+	<!--	Direct rewrites:
+				-->
 	<target host="sudoroom.org" />
 	<target host="www.sudoroom.org" />
 
+	<!--	Complications:
+				-->
+	<target host="lists.sudoroom.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<!--	Redirect keeps path and args,
+		but not forward slash:
+					-->
+	<rule from="^http://lists\.sudoroom\.org/+"
+		to="https://sudoroom.org/lists/" />
+
+		<test url="http://lists.sudoroom.org/listinfo/sudo-announce" />
 
-	<rule from="^http://(www\.)?sudoroom\.org/"
-		to="https://$1sudoroom.org/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Sufficientlysecure.org.xml b/src/chrome/content/rules/Sufficientlysecure.org.xml
new file mode 100644
index 000000000000..519feb4a94a4
--- /dev/null
+++ b/src/chrome/content/rules/Sufficientlysecure.org.xml
@@ -0,0 +1,6 @@
+<ruleset name="Sufficientlysecure.org">
+	<target host="sufficientlysecure.org" />
+	<target host="www.sufficientlysecure.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SufiLive.com.xml b/src/chrome/content/rules/SufiLive.com.xml
new file mode 100644
index 000000000000..95268dc88133
--- /dev/null
+++ b/src/chrome/content/rules/SufiLive.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="SufiLive.com">
+	<target host="sufilive.com" />
+	<target host="www.sufilive.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Sufism.org.xml b/src/chrome/content/rules/Sufism.org.xml
new file mode 100644
index 000000000000..fd46235eee1c
--- /dev/null
+++ b/src/chrome/content/rules/Sufism.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="Sufism.org">
+	<target host="sufism.org" />
+	<target host="www.sufism.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Sugar_Labs.org.xml b/src/chrome/content/rules/Sugar_Labs.org.xml
new file mode 100644
index 000000000000..2b8225d974a2
--- /dev/null
+++ b/src/chrome/content/rules/Sugar_Labs.org.xml
@@ -0,0 +1,30 @@
+<!--
+	Insecure cookies are set for these domains and hosts:
+
+		- .sugarlabs.org
+		- wiki.sugarlabs.org
+
+-->
+<ruleset name="Sugar Labs.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="sugarlabs.org" />
+	<target host="activities.sugarlabs.org" />
+	<target host="download.sugarlabs.org" />
+	<target host="wiki.sugarlabs.org" />
+	<target host="www.sugarlabs.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.sugarlabs\.org$" name="^(?:engine_ssl|getpage_fs_url)_$" /-->
+	<!--securecookie host="^wiki\.sugarlabs\.org$" name="^bb2_screener_$" /-->
+
+	<securecookie host="^(?:wiki)?\.sugarlabs\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Sugarcrm.com.xml b/src/chrome/content/rules/Sugarcrm.com.xml
new file mode 100644
index 000000000000..15c514bb4024
--- /dev/null
+++ b/src/chrome/content/rules/Sugarcrm.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Sugarcrm.com">
+  <target host="sugarcrm.com" />
+  <target host="www.sugarcrm.com" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Sugarsync.com.xml b/src/chrome/content/rules/Sugarsync.com.xml
new file mode 100644
index 000000000000..fd94c4857841
--- /dev/null
+++ b/src/chrome/content/rules/Sugarsync.com.xml
@@ -0,0 +1,49 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://sugarsync.com/ => https://sugarsync.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	Ruleset for sugarsync.com, cloud service that enables active synchronization of files.
+	See <https://en.wikipedia.org/wiki/SugarSync>.
+
+	Not supporting HTTPS or using an invalid certificate:
+
+		* betasupport.sugarsync.com
+		* blog.sugarsync.com
+		* brendapie.sugarsync.com
+		* capien.sugarsync.com
+		* cgweb.sugarsync.com
+		* dhfinch.sugarsync.com
+		* download.sugarsync.com
+		* go.sugarsync.com
+		* harryldanieliii.sugarsync.com
+		* imagelane.sugarsync.com
+		* itsdavebuck.sugarsync.com
+		* jmm2.sugarsync.com
+		* jusami37.sugarsync.com
+		* mail-mkt.mx.sugarsync.com
+		* mail.mx.sugarsync.com
+		* mail-txn.mx.sugarsync.com
+		* margitlehis.sugarsync.com
+		* mobile.sugarsync.com
+		* mobilet85.sugarsync.com
+		* m.sugarsync.com
+		* mx.sugarsync.com
+		* oviciobanu.sugarsync.com
+		* ssandars.sugarsync.com
+		* sugar274.sugarsync.com
+		* wwwa.sugarsync.com
+-->
+<ruleset name="SugarSync" default_off="failed ruleset test">
+
+	<target host="sugarsync.com" />
+
+	<target host="app.sugarsync.com" />
+	<target host="helpdesk.sugarsync.com" />
+	<target host="support.sugarsync.com" />
+	<target host="www.sugarsync.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Sugester.xml b/src/chrome/content/rules/Sugester.xml
index 326aeca8ac96..7b03cdb1e9d1 100644
--- a/src/chrome/content/rules/Sugester.xml
+++ b/src/chrome/content/rules/Sugester.xml
@@ -22,10 +22,10 @@
 		<exclusion pattern="^http://www\." />
 
 
-	<rule from="^https?://(asset|f)s\.sugester\.pl/"
+	<rule from="^http://(asset|f)s\.sugester\.pl/"
 		to="https://s3-eu-west-1.amazonaws.com/$1s.sugester.pl/" />
 
 	<rule from="^http://(\w+)\.sugg?ester\.pl/"
 		to="https://$1.sugester.pl/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SuicideGirls.xml b/src/chrome/content/rules/SuicideGirls.xml
new file mode 100644
index 000000000000..e3e185cffbcf
--- /dev/null
+++ b/src/chrome/content/rules/SuicideGirls.xml
@@ -0,0 +1,7 @@
+<ruleset name="SuicideGirls">
+	<target host="suicidegirls.com" />
+	<target host="www.suicidegirls.com" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SuicidePreventionLifeline.org.xml b/src/chrome/content/rules/SuicidePreventionLifeline.org.xml
new file mode 100644
index 000000000000..88700b07c816
--- /dev/null
+++ b/src/chrome/content/rules/SuicidePreventionLifeline.org.xml
@@ -0,0 +1,20 @@
+<!--
+	Mixed content:
+		chat.suicidepreventionlifeline.org
+
+	Mismatched:
+		www.youmatter.suicidepreventionlifeline.org
+
+	Different content content HTTP/HTTPS:
+		followupmatters.suicidepreventionlifeline.org (479 over HTTPS)
+		youmatter.suicidepreventionlifeline.org (479 over HTTPS)
+
+-->
+<ruleset name="SuicidePreventionLifeline.org">
+
+	<target host="suicidepreventionlifeline.org" />
+	<target host="www.suicidepreventionlifeline.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SuitableTech.com.xml b/src/chrome/content/rules/SuitableTech.com.xml
new file mode 100644
index 000000000000..2a1a95140070
--- /dev/null
+++ b/src/chrome/content/rules/SuitableTech.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Login required:
+		crash.suitabletech.com
+		stg1.suitabletech.com
+
+	Invalid certificate:
+		docs.suitabletech.com
+
+	No working URL known:
+		spacenet.suitabletech.com
+
+-->
+<ruleset name="Suitable Tech.com">
+
+	<target host="suitabletech.com" />
+	<target host="www.suitabletech.com" />
+	<target host="app.suitabletech.com" />
+	<target host="blog.suitabletech.com" />
+	<target host="shop.suitabletech.com" />
+	<target host="support.suitabletech.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Suitecrm.com.xml b/src/chrome/content/rules/Suitecrm.com.xml
new file mode 100644
index 000000000000..44fda4e0aae3
--- /dev/null
+++ b/src/chrome/content/rules/Suitecrm.com.xml
@@ -0,0 +1,20 @@
+<!--
+	Incomplete certificate chain:
+		- docs.suitecrm.com
+		- forum.suitecrm.com
+
+	Mismatched:
+		- wordpress.uat.suitecrm.com
+-->
+<ruleset name="Suitecrm.com">
+	<target host="suitecrm.com" />
+	<target host="www.suitecrm.com" />
+	<target host="marketing.suitecrm.com" />
+	<target host="portal.suitecrm.com" />
+	<target host="sodsite.staging.suitecrm.com" />
+	<target host="wpsite.staging.suitecrm.com" />
+	<target host="store.suitecrm.com" />
+	<target host="webinar.suitecrm.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Suitesmart.com.xml b/src/chrome/content/rules/Suitesmart.com.xml
deleted file mode 100644
index 64f07bec9cb6..000000000000
--- a/src/chrome/content/rules/Suitesmart.com.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	Web bugs.
-
-
-	(www.) don't work over http.
-
--->
-<ruleset name="suitesmart.com">
-
-	<target host="sensor2.suitesmart.com" />
-
-
-	<rule from="^http://sensor2\.suitesmart\.com/"
-		to="https://sensor2.suitesmart.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Suitey.com.xml b/src/chrome/content/rules/Suitey.com.xml
index 2f66b0cc7fbc..b283888775a9 100644
--- a/src/chrome/content/rules/Suitey.com.xml
+++ b/src/chrome/content/rules/Suitey.com.xml
@@ -1,19 +1,26 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://suitey.com/ => https://suitey.com/: (51, "SSL: no alternative certificate subject name matches target host name 'suitey.com'")
+Fetch error: http://www.suitey.com/ => https://www.suitey.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.suitey.com'")
+
 	CDN buckets:
 
 		- d1i0b14063qyxc.cloudfront.net
 
 -->
-<ruleset name="Suitey.com">
+<ruleset name="Suitey.com" default_off="failed ruleset test">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="suitey.com" />
-	<target host="*.suitey.com" />
+	<target host="www.suitey.com" />
 
 
 	<securecookie host="^\.suitey\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?suitey\.com/"
-		to="https://$1suitey.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Sukimashita.xml b/src/chrome/content/rules/Sukimashita.xml
index ef6b9686d6e1..85e433d168d8 100644
--- a/src/chrome/content/rules/Sukimashita.xml
+++ b/src/chrome/content/rules/Sukimashita.xml
@@ -9,7 +9,6 @@
 	<target host="svn.sukimashita.com" />
 
 
-	<rule from="^http://svn\.sukimashita\.com/"
-		to="https://svn.sukimashita.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Suma-eV.de.xml b/src/chrome/content/rules/Suma-eV.de.xml
new file mode 100644
index 000000000000..f39836f5c3fb
--- /dev/null
+++ b/src/chrome/content/rules/Suma-eV.de.xml
@@ -0,0 +1,17 @@
+<ruleset name="Suma-ev.de">
+
+	<target host="suma-ev.de" />
+	<target host="www.suma-ev.de" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?suma-ev\.de$" name="^insid$" /-->
+	<!--securecookie host="^\.(www\.)?suma-ev\.de$" name="^insvid$" /-->
+
+	<securecookie host="^(?:\.|\.?www\.)?suma-ev\.de$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SummitPost.xml b/src/chrome/content/rules/SummitPost.xml
deleted file mode 100644
index f391dd594bb3..000000000000
--- a/src/chrome/content/rules/SummitPost.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)	(no https)
-
--->
-<ruleset name="SummitPost (partial)">
-
-	<target host="images.summitpost.org" />
-
-
-	<rule from="^http://images\.summitpost\.org/"
-		to="https://c278592.ssl.cf0.rackcdn.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Summit_Route.com.xml b/src/chrome/content/rules/Summit_Route.com.xml
new file mode 100644
index 000000000000..c760b584ccfb
--- /dev/null
+++ b/src/chrome/content/rules/Summit_Route.com.xml
@@ -0,0 +1,27 @@
+<!--
+	www.summitroute.com: Refused
+
+
+	These altnames don't exist:
+
+		- app.summitroute.com
+
+-->
+<ruleset name="Summit Route.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="summitroute.com" />
+
+	<!--	Complications:
+				-->
+	<target host="www.summitroute.com" />
+
+
+	<rule from="^http://www\.summitroute\.com/"
+		to="https://summitroute.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Sumo_Logic.com.xml b/src/chrome/content/rules/Sumo_Logic.com.xml
new file mode 100644
index 000000000000..4f589df87ac3
--- /dev/null
+++ b/src/chrome/content/rules/Sumo_Logic.com.xml
@@ -0,0 +1,19 @@
+<!--
+	Connection closed:
+		- go
+		- mail
+-->
+<ruleset name="SumoLogic.com (partial)">
+    <target host="sumologic.com" />
+    <target host="www.sumologic.com" />
+    <target host="api.sumologic.com" />
+    <target host="collectors.sumologic.com" />
+    <target host="help.sumologic.com" />
+    <target host="info.sumologic.com" />
+    <target host="operations.sumologic.com" />
+    <target host="service.sumologic.com" />
+    <target host="status.sumologic.com" />
+    <target host="support.sumologic.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SunGuard-Higher-Education.xml b/src/chrome/content/rules/SunGuard-Higher-Education.xml
index d77c4c434b7a..70367b45415b 100644
--- a/src/chrome/content/rules/SunGuard-Higher-Education.xml
+++ b/src/chrome/content/rules/SunGuard-Higher-Education.xml
@@ -10,10 +10,10 @@
 	<target host="www.sungardhe.com" />
 
 
-	<securecookie host="^sungardhe\.com$" name=".*" />
+	<securecookie host="^sungardhe\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?sungardhe\.com/"
+	<rule from="^http://(?:www\.)?sungardhe\.com/"
 		to="https://sungardhe.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/SunTimes.com.xml b/src/chrome/content/rules/SunTimes.com.xml
new file mode 100644
index 000000000000..546f622d7306
--- /dev/null
+++ b/src/chrome/content/rules/SunTimes.com.xml
@@ -0,0 +1,78 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://suntimes.com/ => https://www.suntimes.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.suntimes.com'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://suntimes.com/ => https://www.suntimes.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.suntimes.com'")
+	CDN buckets:
+
+		- eedition.suntimes.com
+
+			- eedition
+
+		- suntimes.sportsdirectinc.com
+
+			- scores
+
+
+	Nonfunctional subdomains:
+
+		- beaconnews ¹
+		- blogs ²
+		- dev ²
+		- eedition ³
+		- fh ⁴
+		- iwantit
+		- legacy ⁵
+		- politics ²
+		- scores ⁶
+		- searchchicago ¹
+		- homes.searchchicago ²
+		- specialsections ¹
+		- splash ²
+		- tv ²
+		- voices ²
+
+	¹ Shows www
+	² Refused
+	³ 404; mismatched, CN: www.pressdisplay.com
+	⁴ Dropped
+	⁵ legacy.com
+	⁶ 504, akamai
+
+
+	Problematic subdomains:
+
+		- ^ ¹
+		- video ²
+
+	¹ Cert only matches *.suntimes.com
+	² Works; mismatched, CN: *.newsinc.com
+
+
+	Mixed content:
+
+		- css on video from vault.studio.ndnmediaservices.com *
+
+		- Images on jobs and www from www *
+
+		- Ads on www from web.adblade.com *
+
+	* Secured by us
+
+-->
+<ruleset name="SunTimes.com (partial)" default_off="failed ruleset test">
+
+	<target host="suntimes.com" />
+	<target host="www.suntimes.com" />
+	<target host="jobs.suntimes.com" />
+		<!--exclusion pattern="^http://(beaconnews|blogs|dev|eedition|fh|iwantit|legacy|politics|scores|searchchicago|homes\.searchchicago|specialsections|splash|tv|video|voices)\.suntimes\.com/" /-->
+
+
+	<rule from="^http://(?:www\.)?suntimes\.com/"
+		to="https://www.suntimes.com/" />
+
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SunTrust.xml b/src/chrome/content/rules/SunTrust.xml
index 2b3ecc6402e9..bec2d4d0b694 100644
--- a/src/chrome/content/rules/SunTrust.xml
+++ b/src/chrome/content/rules/SunTrust.xml
@@ -1,9 +1,16 @@
 <ruleset name="SunTrust">
   <target host="suntrust.com" />
-  <target host="*.suntrust.com" />
+  <target host="answers.suntrust.com" />
+  <target host="blog.suntrust.com" />
+  <target host="esp.suntrust.com" />
+  <target host="giftcard.suntrust.com" />
+  <target host="online401k.suntrust.com" />
+  <target host="onlinecourier.suntrust.com" />
+  <target host="otm.suntrust.com" />
+  <target host="rewards.suntrust.com" />
+  <target host="www.suntrust.com" />
 
   <rule from="^http://suntrust\.com/"
           to="https://www.suntrust.com/" />
-  <rule from="^http://(answers|blog|esp|giftcard|online401k|onlinecourier|otm|rewards|www)\.suntrust\.com/"
-          to="https://$1.suntrust.com/" />
-</ruleset>
\ No newline at end of file
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Sunbeltsoftware.com.xml b/src/chrome/content/rules/Sunbeltsoftware.com.xml
index 27420f0b0994..62e0c37f2b19 100644
--- a/src/chrome/content/rules/Sunbeltsoftware.com.xml
+++ b/src/chrome/content/rules/Sunbeltsoftware.com.xml
@@ -1,10 +1,23 @@
-<ruleset name="Sunbeltsoftware.com">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://sunbeltsoftware.com/ => https://sunbeltsoftware.com/: (7, 'Failed to connect to sunbeltsoftware.com port 443: Connection refused')
+Fetch error: http://www.sunbeltsoftware.com/ => https://www.sunbeltsoftware.com/: (7, 'Failed to connect to www.sunbeltsoftware.com port 443: Connection refused')
+
+-->
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://sunbeltsoftware.com/ => https://sunbeltsoftware.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.sunbeltsoftware.com/ => https://www.sunbeltsoftware.com/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="Sunbeltsoftware.com" default_off="failed ruleset test">
 
 	<target host="sunbeltsoftware.com" />
 	<target host="www.sunbeltsoftware.com" />
 
 
-	<rule from="^http://(www\.)?sunbeltsoftware\.com/"
-		to="https://$1sunbeltsoftware.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Sundance_Channel.xml b/src/chrome/content/rules/Sundance_Channel.xml
index 91e0bc0b8031..c17b9cf6fac6 100644
--- a/src/chrome/content/rules/Sundance_Channel.xml
+++ b/src/chrome/content/rules/Sundance_Channel.xml
@@ -1,13 +1,21 @@
-<ruleset name="Sundance Channel">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://sundancechannel.com/ => https://www.sundancechannel.com/: (7, 'Failed to connect to www.sundancechannel.com port 443: Connection timed out')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://sundancechannel.com/ => https://www.sundancechannel.com/: (7, 'Failed to connect to www.sundancechannel.com port 443: Connection timed out')
+-->
+<ruleset name="Sundance Channel" default_off="failed ruleset test">
 
 	<target host="sundancechannel.com" />
-	<target host="*.sundancechannel.com" />
+	<target host="www.sundancechannel.com" />
+	<target host="media.sundancechannel.com" />
 
 
-	<rule from="^https?://(?:www\.)?sundancechannel\.com/"
+	<rule from="^http://(?:www\.)?sundancechannel\.com/"
 		to="https://www.sundancechannel.com/" />
 
-	<rule from="^http://media\.sundancechannel\.com/"
-		to="https://media.sundancechannel.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Sunday_World.com.xml b/src/chrome/content/rules/Sunday_World.com.xml
new file mode 100644
index 000000000000..9b9894d25a46
--- /dev/null
+++ b/src/chrome/content/rules/Sunday_World.com.xml
@@ -0,0 +1,21 @@
+<!--
+	Mixed content:
+
+		- Images from darkroom *
+
+	* Secured by us
+
+-->
+<ruleset name="Sunday World.com">
+
+	<target host="sundayworld.com" />
+	<target host="darkroom.sundayworld.com" />
+	<target host="www.sundayworld.com" />
+
+
+	<securecookie host="^\.sundayworld\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Sundtek.com.xml b/src/chrome/content/rules/Sundtek.com.xml
new file mode 100644
index 000000000000..10601979e39e
--- /dev/null
+++ b/src/chrome/content/rules/Sundtek.com.xml
@@ -0,0 +1,37 @@
+<!--
+	Nonfunctional subdomains:
+
+		- (www.) *
+		- support *
+
+	* Shows shop
+
+
+	- Expired 2011-01-05
+	- CN: Markus Rechberger
+
+
+	Mixed content:
+
+		- css from $self *
+
+		- Images from $self *
+
+		- favicon from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Sundtek.com (partial)" default_off="expired, self-signed">
+
+	<target host="shop.sundtek.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<securecookie host="^shop\.sundtek\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Sunglass_Warehouse.xml b/src/chrome/content/rules/Sunglass_Warehouse.xml
index 09c00d2d4175..a316431a283b 100644
--- a/src/chrome/content/rules/Sunglass_Warehouse.xml
+++ b/src/chrome/content/rules/Sunglass_Warehouse.xml
@@ -1,14 +1,13 @@
 <ruleset name="Sunglass Warehouse">
 
 	<target host="sunglasswarehouse.com" />
-	<target host="*.sunglasswarehouse.com" />
-	<target host="*.www.sunglasswarehouse.com" />
+	<target host="cdn.sunglasswarehouse.com" />
+	<target host="www.sunglasswarehouse.com" />
 
 
 	<securecookie host="^\.?www\.sunglasswarehouse\.com$" name=".+" />
 
 
-	<rule from="^http://(cdn\.|www\.)?sunglasswarehouse\.com/"
-		to="https://$1sunglasswarehouse.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Sunlight-Foundation.xml b/src/chrome/content/rules/Sunlight-Foundation.xml
deleted file mode 100644
index a9c23463c3a4..000000000000
--- a/src/chrome/content/rules/Sunlight-Foundation.xml
+++ /dev/null
@@ -1,32 +0,0 @@
-<!--	Buckets:
-		- assets-sfcom.s3.amazonaws.com
-		- s3.amazonaws.com/assets.sunlightfoundation.com/
-		- s3.amazonaws.com/sunlight-assets/
-
-
-	Nonfunctional sunlightfoundation.com subdomains:
-
-		- churnalism *
-		- politwoops *
-		- sitegeist *
-		- staffers *
-
-	* Redirects to ^sunlightfoundation.com
-
--->
-<ruleset name="Sunlight Foundation (partial)" platform="mixedcontent">
-
-	<target host="inbox.influenceexplorer.com"/>
-	<target host="sunlightfoundation.com"/>
-	<target host="*.sunlightfoundation.com"/>
-
-	<rule from="^http://inbox\.influenceexplorer\.com/"
-		to="https://inbox.influenceexplorer.com/"/>
-
-	<rule from="^http://(reporting\.|scout\.|www\.)?sunlightfoundation\.com/"
-		to="https://$1sunlightfoundation.com/" />
-
-	<rule from="^http://assets\.sunlightfoundation\.com/"
-		to="https://s3.amazonaws.com/assets.sunlightfoundation.com/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/SunlightFoundation.com.xml b/src/chrome/content/rules/SunlightFoundation.com.xml
new file mode 100644
index 000000000000..3d64e4f6dbd6
--- /dev/null
+++ b/src/chrome/content/rules/SunlightFoundation.com.xml
@@ -0,0 +1,22 @@
+<!--
+	Non-functional hosts
+		Timeout was reached:
+		- reporting.sunlightfoundation.com
+		- tcamp.sunlightfoundation.com
+		- training.sunlightfoundation.com
+		- www.sunlightfoundation.com
+
+		SSL peer certificate was not OK:
+		- politicaladsleuth.sunlightfoundation.com
+		- unitedstates.sunlightfoundation.com
+
+		Incomplete certificate chain error:
+		- politwoops.sunlightfoundation.com
+-->
+<ruleset name="SunlightFoundation.com">
+	<target host="sunlightfoundation.com" />
+
+	<securecookie host=".+" name=".+" />
+	
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Sunnah.com.xml b/src/chrome/content/rules/Sunnah.com.xml
new file mode 100644
index 000000000000..adee759f252f
--- /dev/null
+++ b/src/chrome/content/rules/Sunnah.com.xml
@@ -0,0 +1,13 @@
+<!--
+	See also:
+	- Quran.com.xml
+
+-->
+<ruleset name="Sunnah.com">
+	<target host="sunnah.com" />
+	<target host="www.sunnah.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Sunnah.one.xml b/src/chrome/content/rules/Sunnah.one.xml
new file mode 100644
index 000000000000..40d750fb915d
--- /dev/null
+++ b/src/chrome/content/rules/Sunnah.one.xml
@@ -0,0 +1,8 @@
+<ruleset name="Sunnah.one">
+	<target host="sunnah.one" />
+	<target host="www.sunnah.one" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SunniOnline.us.xml b/src/chrome/content/rules/SunniOnline.us.xml
new file mode 100644
index 000000000000..5e42830fe4a4
--- /dev/null
+++ b/src/chrome/content/rules/SunniOnline.us.xml
@@ -0,0 +1,12 @@
+<!--
+	Mixed content blocking can be found within the site, for example at
+		https://sunnionline.us/english/
+-->
+<ruleset name="SunniOnline.us" platform="mixedcontent" >
+	<target host="sunnionline.us" />
+	<target host="www.sunnionline.us" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SunoSanuo.com.xml b/src/chrome/content/rules/SunoSanuo.com.xml
index 3bcf0cd9f736..d7e45105f73e 100644
--- a/src/chrome/content/rules/SunoSanuo.com.xml
+++ b/src/chrome/content/rules/SunoSanuo.com.xml
@@ -1,4 +1,14 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://app.sunosunao.com/ => https://app.sunosunao.com/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://app.sunosunao.com/ => https://app.sunosunao.com/: (51, "SSL: no alternative certificate subject name matches target host name 'app.sunosunao.com'")
+
 	For other Chambal coverage, see Chambal.xml.
 
 
@@ -8,7 +18,7 @@
 		- www	(shows app; mismatched, CN: app.sunosunao.com)
 
 -->
-<ruleset name="SunoSanuo.com (partial)">
+<ruleset name="SunoSanuo.com (partial)" default_off="failed ruleset test">
 
 	<target host="app.sunosunao.com" />
 
@@ -16,7 +26,6 @@
 	<securecookie host="^app\.sunosunao\.com$" name=".+" />
 
 
-	<rule from="^http://app\.sunosunao\.com/"
-		to="https://app.sunosunao.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Sunrise.xml b/src/chrome/content/rules/Sunrise.xml
index e89a49832003..34284de59d95 100644
--- a/src/chrome/content/rules/Sunrise.xml
+++ b/src/chrome/content/rules/Sunrise.xml
@@ -1,14 +1,67 @@
-<ruleset name="Sunrise">
-    <target host="sunrise.ch" />
-    <target host="*.sunrise.ch" />
+<!--
+	Nonfunctional hosts in *.sunrise.ch:
+		- b2b.sunrise.ch (m)
+		- campaign.sunrise.ch (i)
+		- corporate.sunrise.ch (m)
+		- cpbx.sunrise.ch (m)
+		- emarketing.sunrise.ch (i)
+		- itunes.sunrise.ch (m)
+		- kobik.sunrise.ch (t)
+		- m.sunrise.ch (m)
+			- business.marketing.sunrise.ch (i)
+		- mobile.sunrise.ch (s)
+			- www.mobile.sunrise.ch (s)
+		- partners.sunrise.ch (s)
+		- survey.sunrise.ch (i)
+		- speed.sunrise.ch (s)
+		- testimonials.sunrise.ch (m)
+
+	Fetch issues:
+		- codes.sunrise.ch
+		- www.partnerdeal.sunrise.ch
 
-    <!-- www. redirects to valid www1. -->
-    <exclusion pattern="^http://www\.sunrise\.ch" />
+	h: http redirect
+	i: incomplete cert chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Sunrise">
+	<target host="sunrise.ch" />
+	<target host="www.sunrise.ch" />
+	<target host="autodiscover.sunrise.ch" />
+	<target host="cct.sunrise.ch" />
+	<target host="cockpit.sunrise.ch" />
+		<target host="www.community.sunrise.ch" />
+		<target host="home.cpbx.sunrise.ch" />
+		<target host="userportal.cpbx.sunrise.ch" />
+	<target host="e-deliverymobile.sunrise.ch" />
+	<target host="ebill.sunrise.ch" />
+	<target host="esign.sunrise.ch" />
+	<target host="event1.sunrise.ch" />
+	<target host="event2.sunrise.ch" />
+	<target host="internet.sunrise.ch" />
+		<test url="http://internet.sunrise.ch/iff/index_fr.html" />
+	<target host="jobs.sunrise.ch" />
+	<target host="lss.sunrise.ch" />
+	<target host="maps.sunrise.ch" />
+	<target host="mip.sunrise.ch" />
+	<target host="mobilepbx.sunrise.ch" />
+	<target host="msm.sunrise.ch" />
+	<target host="olympus.sunrise.ch" />
+		<target host="www.recommend.sunrise.ch" />
+	<target host="salesportal.sunrise.ch" />
+	<target host="sbp.sunrise.ch" />
+	<target host="suota.sunrise.ch" />
+	<target host="travel.sunrise.ch" />
+		<target host="serviceportal.vpbx.sunrise.ch" />
+	<target host="webmail.sunrise.ch" />
+	<target host="webmail1.sunrise.ch" />
+	<target host="webmail2.sunrise.ch" />
+	<target host="www1.sunrise.ch" />
 
-    <securecookie host="^(.*\.)?sunrise\.ch$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
-    <rule from="^https?://sunrise\.ch/"
-        to="https://www1.sunrise.ch/"/>
-    <rule from="^http://([^/:@]+)?\.sunrise\.ch/"
-        to="https://$1.sunrise.ch/" />
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/SunriseTech.gr.xml b/src/chrome/content/rules/SunriseTech.gr.xml
deleted file mode 100644
index 05f89cd5dae5..000000000000
--- a/src/chrome/content/rules/SunriseTech.gr.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	- CN: Parallels Panel
-	- Expired 2013-08-01
-
--->
-<ruleset name="SunriseTech.gr" default_off="expired, self-signed">
-
-	<target host="sunrisetech.gr" />
-	<target host="www.sunrisetech.gr" />
-
-
-	<rule from="^http://(?:www\.)?sunrisetech\.gr/"
-		to="https://sunrisetech.gr/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Sunrise_Print_Online.xml b/src/chrome/content/rules/Sunrise_Print_Online.xml
index 194224368d33..5fa4bf29ef7a 100644
--- a/src/chrome/content/rules/Sunrise_Print_Online.xml
+++ b/src/chrome/content/rules/Sunrise_Print_Online.xml
@@ -1,4 +1,11 @@
-<ruleset name="Sunrise Print Online">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://sunriseprintonline.com/ => https://sunriseprintonline.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.sunriseprintonline.com/ => https://www.sunriseprintonline.com/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="Sunrise Print Online" default_off="failed ruleset test">
 
 	<target host="sunriseprintonline.com" />
 	<target host="www.sunriseprintonline.com" />
@@ -7,7 +14,6 @@
 	<securecookie host="^www\.sunriseprintonline\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?sunriseprintonline\.com/"
-		to="https://$1sunriseprintonline.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Sunset_ProHosting.xml b/src/chrome/content/rules/Sunset_ProHosting.xml
deleted file mode 100644
index 305bf0ad0d4b..000000000000
--- a/src/chrome/content/rules/Sunset_ProHosting.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Sunset ProHosting">
-
-	<target host="sunsetprohosting.net" />
-	<target host="*.sunsetprohosting.net" />
-
-
-	<securecookie host="^(?:www\.)?sunsetprohosting\.net$" name=".+" />
-
-
-	<rule from="^http://(www\.)?sunsetprohosting\.net/"
-		to="https://$1sunsetprohosting.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Sunshine_Week.org.xml b/src/chrome/content/rules/Sunshine_Week.org.xml
new file mode 100644
index 000000000000..9017800f1dfb
--- /dev/null
+++ b/src/chrome/content/rules/Sunshine_Week.org.xml
@@ -0,0 +1,26 @@
+<!--
+	For other RCFP coverage, see RCFP.org.xml.
+
+
+	CN: www.rcfp.org
+
+
+	Mixed content:
+
+		- Image on (www.) from ^ *
+
+	* Secured by us
+
+-->
+<ruleset name="Sunshine Week.org" default_off="mismatched">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="sunshineweek.org" />
+	<target host="www.sunshineweek.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Sunshinepress.org.xml b/src/chrome/content/rules/Sunshinepress.org.xml
deleted file mode 100644
index 8b100843acea..000000000000
--- a/src/chrome/content/rules/Sunshinepress.org.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!-- This rule was automatically generated based on an HSTS
-     preload rule in the Chromium browser.  See
-     https://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.h
-     for the list of preloads.  Sites are added to the Chromium HSTS
-     preload list on request from their administrators, so HTTPS should
-     work properly everywhere on this site.
-
-     Because Chromium and derived browsers automatically force HTTPS for
-     every access to this site, this rule applies only to Firefox. -->
-<ruleset name="Sunshinepress.org" platform="firefox">
-<target host="sunshinepress.org" />
-
-<securecookie host="^sunshinepress\.org$" name=".+" />
-
-<rule from="^http://sunshinepress\.org/" to="https://sunshinepress.org/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Suntec.net.xml b/src/chrome/content/rules/Suntec.net.xml
index b6e3ecb62868..f6aa2778942c 100644
--- a/src/chrome/content/rules/Suntec.net.xml
+++ b/src/chrome/content/rules/Suntec.net.xml
@@ -13,4 +13,4 @@
 	<rule from="^http://www\.suntec\.net/(auth|resources)/"
 		to="https://www.suntec.net/$1/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Suny_Broome.edu-problematic.xml b/src/chrome/content/rules/Suny_Broome.edu-problematic.xml
new file mode 100644
index 000000000000..5168cf56f438
--- /dev/null
+++ b/src/chrome/content/rules/Suny_Broome.edu-problematic.xml
@@ -0,0 +1,15 @@
+<!--
+	For rules that are on by default, see BroomeCC.xml.
+
+-->
+<ruleset name="Suny Broome.edu (problematic)" default_off="mismatched">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="sunybroome.edu" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Suomen-ortodoksinen-kirkko.xml b/src/chrome/content/rules/Suomen-ortodoksinen-kirkko.xml
index 82b78b45a40a..6c6992260405 100644
--- a/src/chrome/content/rules/Suomen-ortodoksinen-kirkko.xml
+++ b/src/chrome/content/rules/Suomen-ortodoksinen-kirkko.xml
@@ -2,6 +2,5 @@
 	<target host="ort.fi"/>
 	<target host="www.ort.fi"/>
 
-	<rule from="^http://(www\.)?ort\.fi/"
-		to="https://$1ort.fi/"/>
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/SupaDupa.xml b/src/chrome/content/rules/SupaDupa.xml
index 74b9e245c7a1..b05c16521b3c 100644
--- a/src/chrome/content/rules/SupaDupa.xml
+++ b/src/chrome/content/rules/SupaDupa.xml
@@ -15,16 +15,17 @@
 <ruleset name="SupaDupa (partial)">
 
 	<target host="supadupa.me" />
-	<target host="*.supadupa.me" />
+	<target host="www.supadupa.me" />
+	<target host="cdn.supadupa.me" />
+	<target host="static.supadupa.me" />
 
 
 	<securecookie host="^supadupa\.me$" name=".+" />
 
 
-	<rule from="^http://(www\.)?supadupa\.me/"
-		to="https://$1supadupa.me/" />
 
-	<rule from="^https?://(?:cdn|static)\.supadupa\.me/"
+	<rule from="^http://(?:cdn|static)\.supadupa\.me/"
 		to="https://d2cgdgk0o1xu5x.cloudfront.net/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SuperAntiSpyware.xml b/src/chrome/content/rules/SuperAntiSpyware.xml
index 2d17b6cc9983..4784aec48d0a 100644
--- a/src/chrome/content/rules/SuperAntiSpyware.xml
+++ b/src/chrome/content/rules/SuperAntiSpyware.xml
@@ -1,6 +1,6 @@
-<ruleset name="SuperAntiSpyware" platform="mixedcontent">
-  <target host="www.superantispyware.com" />
-  <target host="superantispyware.com" />
+<ruleset name="SuperAntiSpyware.com">
+	<target host="superantispyware.com" />
+	<target host="www.superantispyware.com" />
 
-  <rule from="^http://(?:www\.)?superantispyware\.com/" to="https://www.superantispyware.com/"/>
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/SuperGuarantee.com.xml b/src/chrome/content/rules/SuperGuarantee.com.xml
new file mode 100644
index 000000000000..7fd3f5ad8684
--- /dev/null
+++ b/src/chrome/content/rules/SuperGuarantee.com.xml
@@ -0,0 +1,36 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://superguarantee.com/ => https://superguarantee.com/: (51, "SSL: no alternative certificate subject name matches target host name 'superguarantee.com'")
+Fetch error: http://www.superguarantee.com/ => https://www.superguarantee.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.superguarantee.com'")
+
+	For other Dex Media coverage, see Dex_Media.com.xml.
+
+
+	Insecure cookies are set for these hosts:
+
+		- superguarantee.com
+
+
+	Mixed content:
+
+		- Bug from fls.doubleclick.net
+
+-->
+<ruleset name="SuperGuarantee.com" default_off="failed ruleset test">
+
+	<target host="superguarantee.com"/>
+	<target host="www.superguarantee.com"/>
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^superguarantee\.com$" name="^NSC_\w+$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SuperMedia-mismatches.xml b/src/chrome/content/rules/SuperMedia-mismatches.xml
index 33f13f35498d..c425c1f66092 100644
--- a/src/chrome/content/rules/SuperMedia-mismatches.xml
+++ b/src/chrome/content/rules/SuperMedia-mismatches.xml
@@ -3,26 +3,20 @@
 	<!--	expired	-->
 	<target host="idearcmedia.com"/>
 	<target host="www.idearcmedia.com"/>
-	<!--	*.jobs2web.com	-->
-	<target host="jobs.supermedia.com"/>
 	<!--	Akamai	-->
-	<target host="img.superpages.com"/>
 	<target host="ir.supermedia.com"/>
 	<!--	*.mashery.com	-->
 	<target host="developer.whitepages.com"/>
 	<!--	Akamai	-->
 	<target host="static.ypautos.com"/>
 
-	<securecookie host="^jobs\.supermedia\.com$" name=".*"/>
+	<securecookie host="^jobs\.supermedia\.com$" name=".+" />
 
 	<rule from="^http://(?:www\.)?idearcmedia\.com/"
 		to="https://www.idearcmedia.com/"/>
 
-	<rule from="^http://(ir|jobs)\.supermedia\.com/"
-		to="https://$1.supermedia.com/"/>
-
-	<rule from="^http://img\.superpages\.com/"
-		to="https://img.superpages.com/"/>
+	<rule from="^http://ir\.supermedia\.com/"
+		to="https://ir.supermedia.com/"/>
 
 	<rule from="^http://developer\.whitepages\.com/(files|public)/"
 		to="https://developer.whitepages.com/$1/"/>
diff --git a/src/chrome/content/rules/SuperMedia.xml b/src/chrome/content/rules/SuperMedia.xml
index d63ee756f3dc..9b5d6c175ad8 100644
--- a/src/chrome/content/rules/SuperMedia.xml
+++ b/src/chrome/content/rules/SuperMedia.xml
@@ -1,51 +1,37 @@
-<ruleset name="SuperMedia (partial)" platform="mixedcontent">
+<!--
+	For other Dex Media coverage, see Dex_Media.com.xml.
 
-	<target host="s.cdnwp.com"/>
-        <target host="directorystore.com"/>
-        <target host="*.directorystore.com"/>
-	<target host="superguarantee.com"/>
-	<target host="*.superguarantee.com"/>
-	<target host="supermedia.com"/>
-	<target host="*.supermedia.com"/>
-	<target host="superpages.com"/>
-	<target host="*.superpages.com"/>
-	<target host="switchboard.com"/>
-	<target host="www.switchboard.com"/>
-	<target host="whitepages.com"/>
-	<target host="*.whitepages.com"/>
-
-
-	<securecookie host="^(.*\.)?directorystore\.com$" name=".*"/>
-	<securecookie host="^(.*\.)?super(guarantee|media)\.com$" name=".*"/>
-	<securecookie host="^yellowpages\.superpages\.com$" name=".*"/>
 
+	Problematic subdomains:
 
-	<rule from="^http://s\.cdnwp\.com/"
-		to="https://s.cdnwp.com/"/>
+		- (www.)? ¹
+		- jobs ²
 
-	<rule from="^http://(?:www\.)?directorystore\.com/"
-		to="https://www.directorystore.com/"/>
+	¹ Redirects to http before dexmedia.com
+	² Connection refused at redirect destination
 
+-->
+<ruleset name="SuperMedia.com (partial)">
 
-	<rule from="^http://(www\.)?superguarantee\.com/"
-		to="https://$1superguarantee.com/"/>
+	<!--	Direct rewrites:
+				-->
+	<target host="my.supermedia.com"/>
 
-	<rule from="^http://(my\.|www\.)?supermedia\.com/"
-		to="https://$1supermedia.com/"/>
-
-	<rule from="^http://superpages\.com/"
-		to="https://www.superpages.com/"/>
+	<!--	Complications:
+				-->
+	<target host="supermedia.com"/>
+	<target host="www.supermedia.com"/>
 
-	<rule from="^http://(?:www\.)?(?:switchboard|whiteboard)\.com/(cache/|common/|switchboard/)"
-		to="https://s.cdnwp.com/$1"/>
 
-	<rule from="^http://(?:jscss|yellowpages)\.superpages\.com/"
-		to="https://yellowpages.superpages.com/"/>
+	<!--	Redirect keeps path but not args:
+						-->
+	<rule from="^http://(?:www\.)?supermedia\.com/[^?]*"
+		to="https://www.dexmedia.com/?ref=sm" />
 
-	<rule from="^http://whitepages\.com/"
-		to="https://www.whitepages.com/"/>
+		<test url="http://supermedia.com//" />
+		<test url="http://www.supermedia.com//" />
 
-	<rule from="^http://pro\.whitepages\.com/"
-		to="https://pro.whitepages.com/"/>
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/SuperRepo.org.xml b/src/chrome/content/rules/SuperRepo.org.xml
new file mode 100644
index 000000000000..ed0946ca4851
--- /dev/null
+++ b/src/chrome/content/rules/SuperRepo.org.xml
@@ -0,0 +1,14 @@
+<ruleset name="SuperRepo.org">
+
+	<target host="superrepo.org" />
+	<target host="www.superrepo.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SuperStats.com.xml b/src/chrome/content/rules/SuperStats.com.xml
index a1495e4f17b4..715f44b096cc 100644
--- a/src/chrome/content/rules/SuperStats.com.xml
+++ b/src/chrome/content/rules/SuperStats.com.xml
@@ -23,7 +23,13 @@
 <ruleset name="SuperStats.com (partial)">
 
 	<target host="superstats.com" />
-	<target host="*.superstats.com" />
+	<target host="www.superstats.com" />
+	<target host="boardserver.superstats.com" />
+	<target host="counter.superstats.com" />
+	<target host="ezpolls.superstats.com" />
+	<target host="guestbook.superstats.com" />
+	<target host="stats.superstats.com" />
+	<target host="submitwizard.superstats.com" />
 
 
 	<securecookie host="^\.superstats\.com$" name=".+" />
@@ -32,7 +38,6 @@
 	<rule from="^http://(?:www\.)?superstats\.com/"
 		to="https://www.superstats.com/" />
 
-	<rule from="^http://(boardserver|counter|ezpolls|guestbook|stats|submitwizard)\.superstats\.com/"
-		to="https://$1.superstats.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/SuperStrands.xml b/src/chrome/content/rules/SuperStrands.xml
index 129072dc0b03..73cefb1279d8 100644
--- a/src/chrome/content/rules/SuperStrands.xml
+++ b/src/chrome/content/rules/SuperStrands.xml
@@ -1,13 +1,12 @@
 <ruleset name="SuperStrands">
 
 	<target host="superstrands.com" />
-	<target host="*.superstrands.com" />
+	<target host="www.superstrands.com" />
 
 
 	<securecookie host="^(?:www)?\.superstrands.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?superstrands\.com/"
-		to="https://$1superstrands.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Super_Bright_LEDs.com.xml b/src/chrome/content/rules/Super_Bright_LEDs.com.xml
new file mode 100644
index 000000000000..f9437c0242da
--- /dev/null
+++ b/src/chrome/content/rules/Super_Bright_LEDs.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="Super Bright LEDs.com">
+
+	<target host="superbrightleds.com" />
+	<target host="www.superbrightleds.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Super_Hexagon.com.xml b/src/chrome/content/rules/Super_Hexagon.com.xml
new file mode 100644
index 000000000000..acdda51c38a4
--- /dev/null
+++ b/src/chrome/content/rules/Super_Hexagon.com.xml
@@ -0,0 +1,23 @@
+<!--
+	CN: *.gridserver
+
+
+	Mixed content:
+
+		- Video from www.youtube.com *
+
+		- Ads from www.humblebundle.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Super Hexagon.com" default_off="mismatched">
+
+	<target host="superhexagon.com" />
+	<target host="www.superhexagon.com" />
+
+
+	<rule from="^http://(?:www\.)?superhexagon\.com/"
+		to="https://superhexagon.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Super_Lawyers.xml b/src/chrome/content/rules/Super_Lawyers.xml
index e6d0e23c8746..031e11ba4dd3 100644
--- a/src/chrome/content/rules/Super_Lawyers.xml
+++ b/src/chrome/content/rules/Super_Lawyers.xml
@@ -3,7 +3,7 @@
 	<target host="i.superlawyers.com" />
 
 
-	<rule from="^https?://i\.superlawyers\.com/"
+	<rule from="^http://i\.superlawyers\.com/"
 		to="https://d22sy6g45ur8ee.cloudfront.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Super_Pet_USA.com.xml b/src/chrome/content/rules/Super_Pet_USA.com.xml
new file mode 100644
index 000000000000..77822169c05d
--- /dev/null
+++ b/src/chrome/content/rules/Super_Pet_USA.com.xml
@@ -0,0 +1,28 @@
+<!--
+	^: self-signed, CN: lx03.cent.com, expired 2011-10-22
+	www: expired 2013-03-02
+
+
+	Mixed content:
+
+		- Video from www.youtube.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Super Pet USA.com" default_off="expired">
+
+	<target host="superpetusa.com" />
+	<target host="www.superpetusa.com" />
+
+
+	<securecookie host="^(?:www)?\.superpetusa\.com$" name=".+" />
+
+
+	<!--	Server drops trailing slash, but
+		but we can't copy that.
+					-->
+	<rule from="^http://(?:www\.)?superpetusa\.com/"
+		to="https://www.superpetusa.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Super_Teacher_Worksheets.com.xml b/src/chrome/content/rules/Super_Teacher_Worksheets.com.xml
new file mode 100644
index 000000000000..a76733f3a0bc
--- /dev/null
+++ b/src/chrome/content/rules/Super_Teacher_Worksheets.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- superteacherworksheets.com
+		- www.superteacherworksheets.com
+
+-->
+<ruleset name="Super Teacher Worksheets.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="superteacherworksheets.com" />
+	<target host="www.superteacherworksheets.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?superteacherworksheets\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^(?:www\.)?superteacherworksheets\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SuperannuationComplaintsTribunal.xml b/src/chrome/content/rules/SuperannuationComplaintsTribunal.xml
new file mode 100644
index 000000000000..cb0362a53ed2
--- /dev/null
+++ b/src/chrome/content/rules/SuperannuationComplaintsTribunal.xml
@@ -0,0 +1,7 @@
+<ruleset name="Superannuation Complaints Tribunal">
+	<target host="sct.gov.au" />
+	<target host="www.sct.gov.au" />
+
+	<rule from="^http://(?:www\.)?sct\.gov\.au/"
+		to="https://www.sct.gov.au/" />
+</ruleset>
diff --git a/src/chrome/content/rules/Superdesk.pro.xml b/src/chrome/content/rules/Superdesk.pro.xml
new file mode 100644
index 000000000000..727fe6bb4170
--- /dev/null
+++ b/src/chrome/content/rules/Superdesk.pro.xml
@@ -0,0 +1,26 @@
+<!--
+	For other Sourcefabric coverage, see Sourcefabric.org.xml.
+
+
+	Insecure cookies are set for these domains:
+
+		- .superdesk.pro
+
+-->
+<ruleset name="Superdesk.pro">
+
+	<target host="superdesk.pro" />
+	<target host="www.superdesk.pro" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.superdesk\.pro$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.superdesk\.pro$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Superdrug.xml b/src/chrome/content/rules/Superdrug.xml
index 4d0a1c7fada6..4bb5dfc1b0d2 100644
--- a/src/chrome/content/rules/Superdrug.xml
+++ b/src/chrome/content/rules/Superdrug.xml
@@ -1,12 +1,81 @@
-<ruleset name="Superdrug (partial)" platform="mixedcontent">
 
-	<target host="superdrug.com"/>
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.superdrug.com/combined.css => https://www.superdrug.com/combined.css: Too many redirects while fetching 'https://www.superdrug.com/combined.css'
+
+	Nonfunctional hosts:
+
+		- blog ¹
+		- images ²
+
+	¹ Recursive redirect
+	² Refused
+
+
+	^: Mismatched
+	www: Some pages redirect to http
+
+
+	These altnames don't exist:
+
+		- www.onlinedoctor.superdrug.com
+
+
+	Insecure cookies are set for these hosts:
+
+		- onlinedoctor.superdrug.com
+
+-->
+<ruleset name="Superdrug.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="onlinedoctor.superdrug.com" />
 	<target host="www.superdrug.com"/>
-	<target host="*.www.superdrug.com"/>
 
-	<securecookie host="^(.*\.)?superdrug\.com$" name=".*"/>
+	<!--	Complications:
+				-->
+	<target host="superdrug.com"/>
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.superdrug\.com/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.superdrug\.com/(?!combined\.css|favicon\.ico|(?:login|register)(?:$|[?/])|medias/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.superdrug.com/beautycard" />
+			<test url="http://www.superdrug.com/cart" />
+			<test url="http://www.superdrug.com/competitions" />
+			<test url="http://www.superdrug.com/contact" />
+			<test url="http://www.superdrug.com/delInfo" />
+			<test url="http://www.superdrug.com/history" />
+			<test url="http://www.superdrug.com/page/careers" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.superdrug.com/combined.css" />
+			<test url="http://www.superdrug.com/favicon.ico" />
+			<test url="http://www.superdrug.com/login" />
+			<test url="http://www.superdrug.com/medias/custom-content/img/offerbar/storenextdelivery.png" />
+			<test url="http://www.superdrug.com/register" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^onlinedoctor\.superdrug\.com$" name="^PHPSESSID$" /-->
+
+	<!--securecookie host="^(?:.*\.)?superdrug\.com$" name=".*"/-->
+	<securecookie host="^onlinedoctor\.superdrug\.com$" name=".+" />
+
+
+	<rule from="^http://superdrug\.com/"
+		to="https://www.superdrug.com/" />
 
-	<rule from="^http://(www\.)?superdrug\.com/"
-		to="https://$1superdrug.com/"/>
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Superevr.xml b/src/chrome/content/rules/Superevr.xml
index 9b0f56c73ddc..ec8f25b6f438 100644
--- a/src/chrome/content/rules/Superevr.xml
+++ b/src/chrome/content/rules/Superevr.xml
@@ -1,10 +1,10 @@
-<ruleset name="Superevr">
+<ruleset name="Superevr.com">
 
 	<target host="superevr.com" />
 	<target host="www.superevr.com" />
 
 
-	<rule from="^http://(www\.)?superevr\.com/"
-		to="https://$1superevr.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Superfast-Openreach.co.uk.xml b/src/chrome/content/rules/Superfast-Openreach.co.uk.xml
new file mode 100644
index 000000000000..344fa466a2c0
--- /dev/null
+++ b/src/chrome/content/rules/Superfast-Openreach.co.uk.xml
@@ -0,0 +1,25 @@
+<!--
+	For other BT Group coverage, see BT-Group.xml.
+
+
+	Mixed content:
+
+		- iframe on (www.)? from www.youtube.com *
+		- Bugs on (www.)? from \d+.fls.doubleclick.net
+
+	* Secured by us
+
+-->
+<ruleset name="Superfast-Openreach.co.uk" default_off="cert-chain">
+
+	<target host="superfast-openreach.co.uk" />
+	<target host="www.superfast-openreach.co.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Superhero-Training-Network.xml b/src/chrome/content/rules/Superhero-Training-Network.xml
index ff42c024b71a..a8f743827c3e 100644
--- a/src/chrome/content/rules/Superhero-Training-Network.xml
+++ b/src/chrome/content/rules/Superhero-Training-Network.xml
@@ -1,11 +1,10 @@
-<ruleset name="Superhero Training Network" default_off="mismatch">
+<ruleset name="Superhero Training Network" default_off="refused">
 
-	<!--	Cert: *.fatcow.com	-->
 	<target host="superherotrainingnetwork.com" />
 	<target host="www.superherotrainingnetwork.com" />
 
 
-	<rule from="^https?://(?:www\.)?superherotrainingnetwork\.com/"
-		to="https://superherotrainingnetwork.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Superherostuff.com.xml b/src/chrome/content/rules/Superherostuff.com.xml
index 67e1cc7fb648..7ba57efab124 100644
--- a/src/chrome/content/rules/Superherostuff.com.xml
+++ b/src/chrome/content/rules/Superherostuff.com.xml
@@ -1,15 +1,29 @@
 <!--
-	Some pages redirect to http.
+	^: 404
+
+
+	These altnames don't exist:
+
+		- www.images.superherostuff.com
 
 -->
-<ruleset name="Superherostuff.com (partial)">
+<ruleset name="Superherostuff.com">
 
+	<!--	Direct rewrites:
+				-->
+	<target host="images.superherostuff.com" />
+	<target host="resources.superherostuff.com" />
+	<target host="www.superherostuff.com" />
+
+	<!--	Complications:
+				-->
 	<target host="superherostuff.com" />
-	<target host="*.superherostuff.com" />
-		<exclusion pattern="^http://(?:www\.)?superherostuff\.com/(?!blog(?:$|\?|/)|images/)" />
 
 
-	<rule from="^http://(images\.|resources\.|www\.)?superherostuff\.com/"
-		to="https://$1superherostuff.com/" />
+	<rule from="^http://superherostuff\.com/"
+		to="https://www.superherostuff.com/" />
+
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Superkuh.com.xml b/src/chrome/content/rules/Superkuh.com.xml
new file mode 100644
index 000000000000..78409f8038ab
--- /dev/null
+++ b/src/chrome/content/rules/Superkuh.com.xml
@@ -0,0 +1,15 @@
+<!--
+	^: Mismatched
+	www: Self-signed
+
+-->
+<ruleset name="superkuh.com" default_off="self-signed">
+
+	<target host="superkuh.com" />
+	<target host="www.superkuh.com" />
+
+
+	<rule from="^http://(?:www\.)?superkuh\.com/"
+		to="https://www.superkuh.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Superpages.com.xml b/src/chrome/content/rules/Superpages.com.xml
new file mode 100644
index 000000000000..dcbdfdb2bdb9
--- /dev/null
+++ b/src/chrome/content/rules/Superpages.com.xml
@@ -0,0 +1,102 @@
+<!--
+	For other Dex Media coverage, see Dex_Media.com.xml.
+
+
+	Nonfunctional domains:
+
+		- advertising ¹
+		- cars ²
+		- mapserver ²
+		- people ²
+		- wp ³
+
+	¹ Redirects to http
+	² Refused
+	³ Dropped
+
+
+	Problematic subdomains:
+
+		- img ¹
+		- jscss ²
+
+	¹ Akamai
+	² Refused
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .superpages.com
+		- claimlisting.superpages.com
+		- yellowpages.superpages.com
+
+
+	Mixed content:
+
+		- css, on:
+
+			- yellowpages from jscss.superpages.com ¹
+			- yellowpages from www.superpages.com ²
+
+		- Images, on:
+
+			- claimlisting from www.dexmedia.com
+			- claimlisting, yellowpages from img.superpages.com ¹
+
+		- favicon on yellowpages from img.superpages.com ¹
+		- Bug on claimlisting from superpagesadvert.122.2o7.net ¹
+
+	¹ Secured by us
+	² Unsecurable <= redirects to http
+
+-->
+<ruleset name="Superpages.com (partial)">
+
+	<target host="claimlisting.superpages.com"/>
+	<target host="imgssl.superpages.com" />
+	<target host="m.superpages.com" />
+	<target host="yellowpages.superpages.com"/>
+
+	<!--	Complications:
+				-->
+	<target host="jscss.superpages.com"/>
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://advertising\.superpages\.com/$" /-->
+		<!--exclusion pattern="^http://www\.superpages\.com/($|css/)" /-->
+
+		<!--	Avoid broken MCB:
+						-->
+		<exclusion pattern="^http://(?:jscss|yellowpages)\.superpages\.com/(?!common/css/|css/|images-yp/|profiler/css/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://yellowpages.superpages.com/categorybrowser.jsp" />
+			<test url="http://yellowpages.superpages.com/help/help.jsp" />
+			<test url="http://yellowpages.superpages.com/tips.jsp" />
+			<test url="http://yellowpages.superpages.com/yp.advanced.jsp" />
+
+			<!--	-ve:
+					-->
+			<test url="http://jscss.superpages.com/common/css/print.css" />
+			<test url="http://yellowpages.superpages.com/common/css/spflyouts.1.0.css" />
+			<test url="http://yellowpages.superpages.com/profiler/css/alert.css" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.superpages\.com$" name="^SPC$" /-->
+	<!--securecookie host="^claimlisting\.superpages\.com$" name="^(CstrStatus|JSESSIONID|trafficSource)$"/-->
+	<!--securecookie host="^yellowpages\.superpages\.com$" name="^JSESSIONID$" /-->
+
+	<securecookie host="^claimlisting\.superpages\.com$" name=".+" />
+
+
+	<rule from="^http://jscss\.superpages\.com/"
+		to="https://yellowpages.superpages.com/"/>
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Supersec.xml b/src/chrome/content/rules/Supersec.xml
index 1b187e242dd8..633f2d98067e 100644
--- a/src/chrome/content/rules/Supersec.xml
+++ b/src/chrome/content/rules/Supersec.xml
@@ -1,13 +1,12 @@
 <ruleset name="Supersec">
 
 	<target host="supersec.com" />
-	<target host="*.supersec.com" />
+	<target host="www.supersec.com" />
 
 
 	<securecookie host="^\.?supersec\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?supersec\.com/"
-		to="https://$1supersec.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Supplies_for_Dreams.org-falsemixed.xml b/src/chrome/content/rules/Supplies_for_Dreams.org-falsemixed.xml
new file mode 100644
index 000000000000..80e1aa907a0c
--- /dev/null
+++ b/src/chrome/content/rules/Supplies_for_Dreams.org-falsemixed.xml
@@ -0,0 +1,17 @@
+<!--
+	For rules not causing false/broken MCB, see Supplies_for_Dreams.org.xml.
+
+-->
+<ruleset name="Supplies for Dreams.org (false MCB)" platform="mixedcontent">
+
+	<target host="suppliesfordreams.org" />
+	<target host="www.suppliesfordreams.org" />
+
+
+	<securecookie host="^\.suppliesfordreams\.org$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?suppliesfordreams\.org/"
+		to="https://www.suppliesfordreams.org/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Supplies_for_Dreams.org.xml b/src/chrome/content/rules/Supplies_for_Dreams.org.xml
new file mode 100644
index 000000000000..a409840a70b6
--- /dev/null
+++ b/src/chrome/content/rules/Supplies_for_Dreams.org.xml
@@ -0,0 +1,37 @@
+
+<!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Fetch error: http://suppliesfordreams.org/ => https://suppliesfordreams.org/: (6, 'Could not resolve host: suppliesfordreams.org')
+
+	For rules causing false/broken MCB, see Supplies_for_Dreams.org-falsemixed.xml.
+
+
+	^: OCSP failure
+
+
+	Mixed content:
+
+		- Video from www.youtube.com *
+
+		- css from $self *
+
+		- Images from $self *
+
+		- Web bugs from cdn-images.mailchimp.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Supplies for Dreams.org (partial)">
+
+	<!-- target host="suppliesfordreams.org" /-->
+	<target host="www.suppliesfordreams.org" />
+		<!--
+			Avoid false/broken MCB:
+						-->
+		<!--exclusion pattern="^http://(www\.)?suppliesfordreams\.org/(?!favicon\.ico|wp-content/|wp-includes/)" /-->
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Supply_Frame.com.xml b/src/chrome/content/rules/Supply_Frame.com.xml
new file mode 100644
index 000000000000..0e18e7398f81
--- /dev/null
+++ b/src/chrome/content/rules/Supply_Frame.com.xml
@@ -0,0 +1,35 @@
+<!--
+	www.supplyframe.com: Akamai
+		-
+
+	Insecure cookies are set for these domains:
+
+		- .supplyframe.com
+
+-->
+<ruleset name="Supply Frame.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="supplyframe.com" />
+	<target host="analytics.supplyframe.com" />
+
+	<!--	Complications:
+				-->
+	<target host="www.supplyframe.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.supplyframe\.com$" name="supplyframeUserId" /-->
+
+	<securecookie host="^\.supplyframe\.com$" name=".+" />
+
+
+	<rule from="^http://www\.supplyframe\.com/"
+		to="https://supplyframe.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Supporterz.jp.xml b/src/chrome/content/rules/Supporterz.jp.xml
new file mode 100644
index 000000000000..142ca48919f9
--- /dev/null
+++ b/src/chrome/content/rules/Supporterz.jp.xml
@@ -0,0 +1,34 @@
+<!--
+	www.supporterz.jp: Cert only matches ^supporterz.jp
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.supporterz.jp
+
+-->
+<ruleset name="Supporterz.jp">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="supporterz.jp" />
+
+	<!--	Complications:
+				-->
+	<target host="www.supporterz.jp" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^supporterz\.jp$" name="^SUPPORTERZ$" /-->
+
+	<securecookie host="^supporterz\.jp$" name=".+" />
+
+
+	<rule from="^http://www\.supporterz\.jp/"
+		to="https://supporterz.jp/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Supportion.org.xml b/src/chrome/content/rules/Supportion.org.xml
index 165fbddbd6fc..d6bda9357c0f 100644
--- a/src/chrome/content/rules/Supportion.org.xml
+++ b/src/chrome/content/rules/Supportion.org.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(?:www\.)?supportion\.org/"
 		to="https://supportion.org/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Suprizkizlar.com.xml b/src/chrome/content/rules/Suprizkizlar.com.xml
deleted file mode 100644
index dccaad077d1f..000000000000
--- a/src/chrome/content/rules/Suprizkizlar.com.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Suprizkizlar.com">
-
-	<target host="suprizkizlar.com" />
-	<target host="*.suprizkizlar.com" />
-
-
-	<securecookie host="^(?:w*\.)?suprizkizlar\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?suprizkizlar\.com/"
-		to="https://$1suprizkizlar.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Sur-ecoute.org.xml b/src/chrome/content/rules/Sur-ecoute.org.xml
new file mode 100644
index 000000000000..52ab97043ab6
--- /dev/null
+++ b/src/chrome/content/rules/Sur-ecoute.org.xml
@@ -0,0 +1,16 @@
+<!--
+	Time out:
+		www.sur-ecoute.org
+
+-->
+<ruleset name="Sur-écoute">
+
+	<target host="sur-ecoute.org" />
+	<target host="www.sur-ecoute.org" />
+
+	<rule from="^http://www\.sur-ecoute\.org/"
+		to="https://sur-ecoute.org/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Sur.ly.xml b/src/chrome/content/rules/Sur.ly.xml
new file mode 100644
index 000000000000..f5143eafe9be
--- /dev/null
+++ b/src/chrome/content/rules/Sur.ly.xml
@@ -0,0 +1,12 @@
+<ruleset name="Sur.ly">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="sur.ly" />
+	<target host="www.sur.ly" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Surbitcoin.com.xml b/src/chrome/content/rules/Surbitcoin.com.xml
new file mode 100644
index 000000000000..d7917135c8b1
--- /dev/null
+++ b/src/chrome/content/rules/Surbitcoin.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .surbitcoin.com
+
+-->
+<ruleset name="Surbitcoin.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="surbitcoin.com" />
+	<target host="www.surbitcoin.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.surbitcoin\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.surbitcoin\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Sure-assist.com.xml b/src/chrome/content/rules/Sure-assist.com.xml
index 07ca459f1740..2d8038f07c26 100644
--- a/src/chrome/content/rules/Sure-assist.com.xml
+++ b/src/chrome/content/rules/Sure-assist.com.xml
@@ -1,34 +1,66 @@
 <!--
+	For other Envoy Media Group coverage, see Envoy_Media_Group.com.xml.
+
+
 	CDN buckets:
 
 		- d16b15zfg5s2bm.cloudfront.net
 
-			- cdn\d
+			- cdn[1-9]
 			- cdn10
 
 
 	Problematic subdomains:
 
 		- ^		(mismatched, CN: www.envoymediagroup.com)
-		- cdn\d *
+		- cdn[1-9] *
 		- cdn10 *
 
 	* cloudfront
 
+
+	Insecure cookies are set for these hosts:
+
+		- www.sure-assist.com
+
 -->
 <ruleset name="sure-assist.com">
 
+	<!--	Direct rewrites:
+				-->
+	<target host="www.sure-assist.com" />
+
+	<!--	Complications:
+				-->
 	<target host="sure-assist.com" />
-	<target host="*.sure-assist.com" />
+	<target host="cdn1.sure-assist.com" />
+	<target host="cdn2.sure-assist.com" />
+	<target host="cdn3.sure-assist.com" />
+	<target host="cdn4.sure-assist.com" />
+	<target host="cdn5.sure-assist.com" />
+	<target host="cdn6.sure-assist.com" />
+	<target host="cdn7.sure-assist.com" />
+	<target host="cdn8.sure-assist.com" />
+	<target host="cdn9.sure-assist.com" />
+	<target host="cdn10.sure-assist.com" />
+
+		<test url="http://www.sure-assist.com/session.php?p_sit=" />
 
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.sure-assist\.com$" name="^(?:PHPSESSID|p_ls)$" /-->
+
 	<securecookie host="^(?:www)?\.sure-assist\.com$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?sure-assist\.com/"
+	<rule from="^http://sure-assist\.com/"
 		to="https://www.sure-assist.com/" />
 
-	<rule from="^http://cdn(?:\d|10)\.sure-assist\.com/"
+	<rule from="^http://cdn\d+\.sure-assist\.com/"
 		to="https://d16b15zfg5s2bm.cloudfront.net/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SureSupport.xml b/src/chrome/content/rules/SureSupport.xml
index c1e12d4c7af6..62f1bee5bd35 100644
--- a/src/chrome/content/rules/SureSupport.xml
+++ b/src/chrome/content/rules/SureSupport.xml
@@ -1,13 +1,13 @@
 <ruleset name="SureSupport">
 
 	<target host="suresupport.com" />
-	<target host="*.suresupport.com" />
+	<target host="www.suresupport.com" />
+	<target host="www2.suresupport.com" />
 
 
 	<securecookie host="(?:www2)?\.suresupport\.com$" name=".+" />
 
 
-	<rule from="^http://(www2?\.)?suresupport\.com/"
-		to="https://$1suresupport.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Surespot.me.xml b/src/chrome/content/rules/Surespot.me.xml
new file mode 100644
index 000000000000..0dec041b550a
--- /dev/null
+++ b/src/chrome/content/rules/Surespot.me.xml
@@ -0,0 +1,12 @@
+<ruleset name="surespot.me">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="surespot.me" />
+	<target host="www.surespot.me" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Surface.com.xml b/src/chrome/content/rules/Surface.com.xml
new file mode 100644
index 000000000000..4311d785e708
--- /dev/null
+++ b/src/chrome/content/rules/Surface.com.xml
@@ -0,0 +1,46 @@
+<!--
+	For other Microsoft coverage, see Microsoft.xml.
+
+
+	Problematic covered hosts in *surface.com:
+
+		- blog *
+
+	* Mismatched
+
+
+	Fully covered hosts in *surface.com:
+
+		- compass-ssl
+
+
+	Insecure cookies are set for these domains:
+
+		- .blog.surface.com
+
+
+	Mixed content:
+
+		- Images on blog from az607270.vo.msecnd.net
+		- Bug on blog from c.microsoft.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Surface.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="compass-ssl.surface.com" />
+
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.blog\.surface\.com$" name="^ARRAffinity$" /-->
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Surfcanyon.com.xml b/src/chrome/content/rules/Surfcanyon.com.xml
index 5ea5b7912cdf..9094624503ab 100644
--- a/src/chrome/content/rules/Surfcanyon.com.xml
+++ b/src/chrome/content/rules/Surfcanyon.com.xml
@@ -1,6 +1,6 @@
-<ruleset name="Surfcanyon.com">
+<ruleset name="Surfcanyon.com" default_off="refused">
   <target host="www.surfcanyon.com"/>
   <target host="surfcanyon.com"/>
-  <rule from="^http://(www\.)?surfcanyon\.com/" to="https://www.surfcanyon.com/"/>
+  <rule from="^http://(?:www\.)?surfcanyon\.com/" to="https://www.surfcanyon.com/"/>
 </ruleset>
-<!-- Rule generated by HTTPS Finder 0.85 -->
\ No newline at end of file
+<!-- Rule generated by HTTPS Finder 0.85 -->
diff --git a/src/chrome/content/rules/Surfeasy.com.xml b/src/chrome/content/rules/Surfeasy.com.xml
index 7f9c83a2f632..e77b2078a88f 100644
--- a/src/chrome/content/rules/Surfeasy.com.xml
+++ b/src/chrome/content/rules/Surfeasy.com.xml
@@ -1,19 +1,11 @@
-<!-- This rule was automatically generated based on an HSTS
-     preload rule in the Chromium browser.  See
-     https://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.h
-     for the list of preloads.  Sites are added to the Chromium HSTS
-     preload list on request from their administrators, so HTTPS should
-     work properly everywhere on this site.
+<ruleset name="Surfeasy.com">
+	<target host="surfeasy.com" />
+	<target host="www.surfeasy.com" />
+	<target host="support.surfeasy.com" />
+	<target host="accounts.surfeasy.com" />
 
-     Because Chromium and derived browsers automatically force HTTPS for
-     every access to this site, this rule applies only to Firefox. -->
-<ruleset name="Surfeasy.com" platform="firefox">
-<target host="surfeasy.com" />
-<target host="www.surfeasy.com" />
+	<securecookie host=".+" name=".+" />
 
-<securecookie host="^surfeasy\.com$" name=".+" />
-<securecookie host="^www\.surfeasy\.com$" name=".+" />
-
-<rule from="^http://surfeasy\.com/" to="https://surfeasy.com/" />
-<rule from="^http://www\.surfeasy\.com/" to="https://www.surfeasy.com/" />
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Surfermag.xml b/src/chrome/content/rules/Surfermag.xml
index 062272fc9a1c..5af5c860c021 100644
--- a/src/chrome/content/rules/Surfermag.xml
+++ b/src/chrome/content/rules/Surfermag.xml
@@ -1,4 +1,4 @@
-<ruleset name="Surfermag" default_off="mismatch">
+<ruleset name="Surfermag" default_off="mismatched">
 
 	<!--	Cert: www.semabuzz.com	-->
 	<target host="surfermag.com" />
diff --git a/src/chrome/content/rules/Surfline.xml b/src/chrome/content/rules/Surfline.xml
index 25550ecd0016..12702d681513 100644
--- a/src/chrome/content/rules/Surfline.xml
+++ b/src/chrome/content/rules/Surfline.xml
@@ -1,10 +1,63 @@
-<ruleset name="Surfline">
+<!--
+	Nonfunctional hosts in *surfline.com:
 
-	<target host="surfline.com" />
+		- cdn02 ¹
+		- media1 ¹
+		- photos ¹
+		- premium ¹
+		- support ²
+
+	¹ Refused
+	² Zendesk
+
+
+	Problematic hosts in *surfline.com:
+
+		- ^ ¹
+		- premium ²
+
+	¹ Refused
+	² AmazonAWS/mismatched
+
+	Mismatch:
+		- *.cdn-surfline.com
+
+
+	Mixed content:
+
+		- css, from:
+
+			- ajax.googleapis.com
+			- e.cdn-surfline.com
+			- i.cdn-surfline.com
+
+		- Images, from:
+
+			- e.cdn-surfline.com
+			- i.cdn-surfline.com
+			- cdn02.surfline.com
+			- media1.surfline.com
+			- premium.surfline.com
+
+-->
+<ruleset name="Surfline.com" platform="mixedcontent" default_off="redirect to http">
+
+	<!--	Direct rewrites:
+				-->
 	<target host="www.surfline.com" />
 
+	<!--	Complications:
+				-->
+	<target host="surfline.com" />
+
+
+	<securecookie host="^\w" name=".+" />
 
-	<rule from="^http://(?:www\.)?surfline\.com/"
+
+	<rule from="^http://surfline\.com/"
 		to="https://www.surfline.com/" />
 
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/Surfshark.com.xml b/src/chrome/content/rules/Surfshark.com.xml
new file mode 100644
index 000000000000..92700485f2e9
--- /dev/null
+++ b/src/chrome/content/rules/Surfshark.com.xml
@@ -0,0 +1,177 @@
+<!--
+	Could not resolve host:
+		autodiscover.surfshark.com
+		de-gun-001.test.surfshark.com
+		mail.surfshark.com
+		owa.surfshark.com
+		prod.surfshark.com
+		speed-ix.surfshark.com
+		test-nl.surfshark.com
+		test-sg.surfshark.com
+		test-us.surfshark.com
+		links.mail.surfshark.com
+		www.links.mail.surfshark.com
+
+	SSL: no alternative certificate subject name matches target host name:
+		de-gun-002.test.surfshark.com
+		de-gun.test.surfshark.com
+		get host="get.surfshark.com
+
+	Connection timed out: 
+		de-gun-003.test.surfshark.com (t)
+		dimension.surfshark.com (t)
+		dnsman.test.surfshark.com (t)
+		matrix.surfshark.com (t)
+		mm.surfshark.com (t)
+		nl-dron-trustdns001.prod.surfshark.com (t)
+		o1.ptr9686.surfshark.com (t)
+		o2.ptr5812.surfshark.com (t)
+		pt-lou-v010.prod.surfshark.com (t)
+		riot.surfshark.com (t)
+		tw-tai-v020.prod.surfshark.com (t)
+		ip6.surfshark.com (t)
+
+	Connection refused:
+		mor-ord.prod.surfshark.com (r)
+		mordor-orodruin-v001.prod.surfshark.com (r)
+		
+
+	r: connection refused
+	t: timeout on https
+-->
+<ruleset name="Surfshark.com">
+	<target host="surfshark.com" />
+	<target host="www.surfshark.com" />
+	<!-- these hosts were generated with `python3 sublist3r.py -d surfshark.com` -->
+	<target host="account.surfshark.com"/>
+	<target host="al-tia-v010.prod.surfshark.com"/>
+	<target host="and-shark-s.surfshark.com"/>
+	<target host="api.surfshark.com"/>
+	<target host="at-vie-v010.prod.surfshark.com"/>
+	<target host="at-vie-v020.prod.surfshark.com"/>
+	<target host="at-vie.prod.surfshark.com"/>
+	<target host="au-adl-v010.prod.surfshark.com"/>
+	<target host="au-bne-v010.prod.surfshark.com"/>
+	<target host="au-mel-v010.prod.surfshark.com"/>
+	<target host="au-mel.prod.surfshark.com"/>
+	<target host="au-per-v010.prod.surfshark.com"/>
+	<target host="au-per.prod.surfshark.com"/>
+	<target host="au-syd-v020.prod.surfshark.com"/>
+	<target host="ba-sjj-v010.prod.surfshark.com"/>
+	<target host="be-bru-v010.prod.surfshark.com"/>
+	<target host="bg-sof-v010.prod.surfshark.com"/>
+	<target host="br-sao.prod.surfshark.com"/>
+	<target host="ca-mon-v010.prod.surfshark.com"/>
+	<target host="ca-mon-v020.prod.surfshark.com"/>
+	<target host="ca-tor-v020.prod.surfshark.com"/>
+	<target host="ca-van-v010.prod.surfshark.com"/>
+	<target host="ca-van-v020.prod.surfshark.com"/>
+	<target host="ca-van.prod.surfshark.com"/>
+	<target host="cdn.surfshark.com"/>
+	<target host="ch-zur-v010.prod.surfshark.com"/>
+	<target host="cl-san.prod.surfshark.com"/>
+	<target host="cr-sjn.prod.surfshark.com"/>
+	<target host="cy-nic-v010.prod.surfshark.com"/>
+	<target host="cz-prg-v010.prod.surfshark.com"/>
+	<target host="de-ber-v010.prod.surfshark.com"/>
+	<target host="de-ber-v020.prod.surfshark.com"/>
+	<target host="de-fra-st001.prod.surfshark.com"/>
+	<target host="de-fra-st003.prod.surfshark.com"/>
+	<target host="de-fra-v020.prod.surfshark.com"/>
+	<target host="dk-cph-v010.prod.surfshark.com"/>
+	<target host="dk-cph-v020.prod.surfshark.com"/>
+	<target host="dns.surfshark.com"/>
+	<target host="downloads.surfshark.com"/>
+	<target host="ee-tll-v010.prod.surfshark.com"/>
+	<target host="es-bcn-v010.prod.surfshark.com"/>
+	<target host="es-mad-v010.prod.surfshark.com"/>
+	<target host="es-mad-v020.prod.surfshark.com"/>
+	<target host="es-mad.prod.surfshark.com"/>
+	<target host="es-vlc-v010.prod.surfshark.com"/>
+	<target host="fi-hel-v010.prod.surfshark.com"/>
+	<target host="fr-bod-v010.prod.surfshark.com"/>
+	<target host="fr-bod-v020.prod.surfshark.com"/>
+	<target host="fr-mrs-v010.prod.surfshark.com"/>
+	<target host="fr-par-v020.prod.surfshark.com"/>
+	<target host="fr-par.prod.surfshark.com"/>
+	<target host="go-shark-s.surfshark.com"/>
+	<target host="gr-ath-v010.prod.surfshark.com"/>
+	<target host="hu-bud-v010.prod.surfshark.com"/>
+	<target host="id-jak.prod.surfshark.com"/>
+	<target host="ie-dub-v010.prod.surfshark.com"/>
+	<target host="il-tlv.prod.surfshark.com"/>
+	<target host="in-chn-v010.prod.surfshark.com"/>
+	<target host="in-mum-v020.prod.surfshark.com"/>
+	<target host="it-mil-v010.prod.surfshark.com"/>
+	<target host="it-mil-v020.prod.surfshark.com"/>
+	<target host="it-mil.prod.surfshark.com"/>
+	<target host="it-rom-v010.prod.surfshark.com"/>
+	<target host="it-rom-v020.prod.surfshark.com"/>
+	<target host="jp-tok-v010.prod.surfshark.com"/>
+	<target host="jp-tok-v020.prod.surfshark.com"/>
+	<target host="kr-seo-v010.prod.surfshark.com"/>
+	<target host="lu-ste-v010.prod.surfshark.com"/>
+	<target host="lv-rig-v010.prod.surfshark.com"/>
+	<target host="mk-skp-v010.prod.surfshark.com"/>
+	<target host="mk-skp.prod.surfshark.com"/>
+	<target host="my-kul-v010.prod.surfshark.com"/>
+	<target host="my-kul.prod.surfshark.com"/>
+	<target host="my.surfshark.com"/>
+	<target host="no-osl-v010.prod.surfshark.com"/>
+	<target host="ocean.surfshark.com"/>
+	<target host="order.surfshark.com"/>
+	<target host="pl-waw-v010.prod.surfshark.com"/>
+	<target host="pl-waw.prod.surfshark.com"/>
+	<target host="pt-lis-v010.prod.surfshark.com"/>
+	<target host="rs-beg-v010.prod.surfshark.com"/>
+	<target host="ru-spt.prod.surfshark.com"/>
+	<target host="s.surfshark.com"/>
+	<target host="se-sto-v010.prod.surfshark.com"/>
+	<target host="se-sto-v020.prod.surfshark.com"/>
+	<target host="sg-sng.prod.surfshark.com"/>
+	<target host="shop.surfshark.com"/>
+	<target host="si-lju-v010.prod.surfshark.com"/>
+	<target host="support.surfshark.com"/>
+	<target host="tr-bur-v010.prod.surfshark.com"/>
+	<target host="tw-tai.prod.surfshark.com"/>
+	<target host="uk-gla-v010.prod.surfshark.com"/>
+	<target host="uk-gla.prod.surfshark.com"/>
+	<target host="uk-lon.prod.surfshark.com"/>
+	<target host="uk-man-v020.prod.surfshark.com"/>
+	<target host="url1242.surfshark.com"/>
+	<target host="us-atl-v010.prod.surfshark.com"/>
+	<target host="us-atl-v020.prod.surfshark.com"/>
+	<target host="us-bdn-v010.prod.surfshark.com"/>
+	<target host="us-bdn.prod.surfshark.com"/>
+	<target host="us-bos-v010.prod.surfshark.com"/>
+	<target host="us-buf-v010.prod.surfshark.com"/>
+	<target host="us-chi-v020.prod.surfshark.com"/>
+	<target host="us-clt-v010.prod.surfshark.com"/>
+	<target host="us-dal-v020.prod.surfshark.com"/>
+	<target host="us-dal.prod.surfshark.com"/>
+	<target host="us-den-v020.prod.surfshark.com"/>
+	<target host="us-dtw-v010.prod.surfshark.com"/>
+	<target host="us-dtw.prod.surfshark.com"/>
+	<target host="us-hou-v010.prod.surfshark.com"/>
+	<target host="us-kan-v010.prod.surfshark.com"/>
+	<target host="us-lax-v010.prod.surfshark.com"/>
+	<target host="us-lax.prod.surfshark.com"/>
+	<target host="us-ltm-v010.prod.surfshark.com"/>
+	<target host="us-mia-v010.prod.surfshark.com"/>
+	<target host="us-mia-v020.prod.surfshark.com"/>
+	<target host="us-mnz-v010.prod.surfshark.com"/>
+	<target host="us-nyc-v010.prod.surfshark.com"/>
+	<target host="us-nyc.prod.surfshark.com"/>
+	<target host="us-orl-v010.prod.surfshark.com"/>
+	<target host="us-sea-v010.prod.surfshark.com"/>
+	<target host="us-sea.prod.surfshark.com"/>
+	<target host="us-sfo-v020.prod.surfshark.com"/>
+	<target host="us-sfo.prod.surfshark.com"/>
+	<target host="us-slc-v010.prod.surfshark.com"/>
+	<target host="us-stl-v010.prod.surfshark.com"/>
+	<target host="us-tpa-v020.prod.surfshark.com"/>
+	<target host="vn-hcm-v010.prod.surfshark.com"/>
+	<target host="vn-hcm.prod.surfshark.com"/>
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Surftown.com.xml b/src/chrome/content/rules/Surftown.com.xml
index 5d1d037a690d..80f4554d6811 100644
--- a/src/chrome/content/rules/Surftown.com.xml
+++ b/src/chrome/content/rules/Surftown.com.xml
@@ -2,5 +2,5 @@
   <target host="surftown.com" />
   <target host="www.surftown.com" />
 
-  <rule from="^http://(www\.)?surftown\.com/" to="https://www.surftown.com/" />
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Surge.sh.xml b/src/chrome/content/rules/Surge.sh.xml
new file mode 100644
index 000000000000..3812ff1f416a
--- /dev/null
+++ b/src/chrome/content/rules/Surge.sh.xml
@@ -0,0 +1,15 @@
+<ruleset name="Surge.sh">
+
+	<target host="surge.sh" />
+	<target host="*.surge.sh" />
+
+		<test url="http://ipfs-chatroom.surge.sh/" />
+		<test url="http://gpw.surge.sh/" />
+		<test url="http://web-cdn.surge.sh/" />
+		<test url="http://ioniclib.surge.sh/docs/" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Surkatty.org.xml b/src/chrome/content/rules/Surkatty.org.xml
deleted file mode 100644
index 6c39707b3ce6..000000000000
--- a/src/chrome/content/rules/Surkatty.org.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!-- This rule was automatically generated based on an HSTS
-     preload rule in the Chromium browser.  See
-     https://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.h
-     for the list of preloads.  Sites are added to the Chromium HSTS
-     preload list on request from their administrators, so HTTPS should
-     work properly everywhere on this site.
-
-     Because Chromium and derived browsers automatically force HTTPS for
-     every access to this site, this rule applies only to Firefox. -->
-<ruleset name="Surkatty.org" platform="firefox">
-<target host="surkatty.org" />
-
-<securecookie host="^surkatty\.org$" name=".+" />
-
-<rule from="^http://surkatty\.org/" to="https://surkatty.org/" />
-</ruleset>
diff --git a/src/chrome/content/rules/SurpassHosting.com.xml b/src/chrome/content/rules/SurpassHosting.com.xml
new file mode 100644
index 000000000000..de53794b7e36
--- /dev/null
+++ b/src/chrome/content/rules/SurpassHosting.com.xml
@@ -0,0 +1,45 @@
+<!--
+	Nonfunctional subdomains;
+
+		- (www.) *
+		- blog *
+
+	* http reply
+
+
+	Fully covered subdomains:
+
+		- chat
+		- core
+		- sh151
+
+
+	These altnames don't exist:
+
+		- www.chat.surpasshosting.com
+		- www.core.surpasshosting.com
+		- www.sh151.surpasshosting.com
+
+
+	Observed cookie domains:
+
+		- core *
+
+	* Secured by us <= not secured by server
+
+-->
+<ruleset name="SurpassHosting.com (partial)">
+
+	<target host="chat.surpasshosting.com" />
+	<target host="core.surpasshosting.com" />
+	<target host="sh151.surpasshosting.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<securecookie host="^core\.surpasshosting\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Surprisingly-Free.xml b/src/chrome/content/rules/Surprisingly-Free.xml
index f1558e3f51ee..02e605f72fe7 100644
--- a/src/chrome/content/rules/Surprisingly-Free.xml
+++ b/src/chrome/content/rules/Surprisingly-Free.xml
@@ -8,7 +8,7 @@
 
 	<!--	www 301s to !www.
 					-->
-	<rule from="^https?://(?:www\.)?surprisinglyfree\.com/"
+	<rule from="^http://(?:www\.)?surprisinglyfree\.com/"
 		to="https://surprisinglyfree.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Surveillance_Law.org.xml b/src/chrome/content/rules/Surveillance_Law.org.xml
new file mode 100644
index 000000000000..bd010f753818
--- /dev/null
+++ b/src/chrome/content/rules/Surveillance_Law.org.xml
@@ -0,0 +1,16 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://surveillancelaw.org/ => https://surveillancelaw.org/: (7, 'Failed to connect to surveillancelaw.org port 443: Connection refused')
+Fetch error: http://www.surveillancelaw.org/ => https://www.surveillancelaw.org/: (7, 'Failed to connect to www.surveillancelaw.org port 443: Connection refused')
+
+-->
+<ruleset name="Surveillance Law.org" default_off="failed ruleset test">
+
+	<target host="surveillancelaw.org" />
+	<target host="www.surveillancelaw.org" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Survey-Analytics.xml b/src/chrome/content/rules/Survey-Analytics.xml
index b062da29def9..edd9898342f4 100644
--- a/src/chrome/content/rules/Survey-Analytics.xml
+++ b/src/chrome/content/rules/Survey-Analytics.xml
@@ -2,7 +2,6 @@
 
 	<target host="popup.questionpro.com" />
 
-	<rule from="^http://popup\.questionpro\.com/"
-		to="https://popup.questionpro.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/SurveyGizmo.com.xml b/src/chrome/content/rules/SurveyGizmo.com.xml
index 7af61a051587..1f0ddc0e4242 100644
--- a/src/chrome/content/rules/SurveyGizmo.com.xml
+++ b/src/chrome/content/rules/SurveyGizmo.com.xml
@@ -1,9 +1,29 @@
 <ruleset name="SurveyGizmo.com">
   <target host="surveygizmo.com" />
   <target host="www.surveygizmo.com" />
-  <target host="*.sgizmo.com"/>
+  <target host="app.sgizmo.com" />
+  <target host="pro0.sgizmo.com" />
+  <target host="pro00.sgizmo.com" />
+  <target host="pro01.sgizmo.com" />
+  <target host="pro02.sgizmo.com" />
+  <target host="pro03.sgizmo.com" />
+  <target host="pro04.sgizmo.com" />
+  <target host="pro05.sgizmo.com" />
+  <target host="pro06.sgizmo.com" />
+  <target host="pro07.sgizmo.com" />
+  <target host="pro08.sgizmo.com" />
+  <target host="pro09.sgizmo.com" />
+  <target host="pro1.sgizmo.com" />
+  <target host="pro2.sgizmo.com" />
+  <target host="pro3.sgizmo.com" />
+  <target host="pro4.sgizmo.com" />
+  <target host="pro5.sgizmo.com" />
+  <target host="pro6.sgizmo.com" />
+  <target host="pro7.sgizmo.com" />
+  <target host="pro8.sgizmo.com" />
+  <target host="pro9.sgizmo.com" />
 
-  <rule from="^http://(www\.)?surveygizmo\.com/" to="https://www.surveygizmo.com/" />
+  <rule from="^http://(?:www\.)?surveygizmo\.com/" to="https://www.surveygizmo.com/" />
 
-  <rule from="^http://(app|pro[0-9][0-9]?)\.sgizmo\.com/" to="https://$1.sgizmo.com/"/>
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/SurveyMonkey.xml b/src/chrome/content/rules/SurveyMonkey.xml
index 723cf0e3de1b..6f456eb4a7b1 100644
--- a/src/chrome/content/rules/SurveyMonkey.xml
+++ b/src/chrome/content/rules/SurveyMonkey.xml
@@ -40,19 +40,19 @@
 	<rule from="^http://(secure\.|www\.)?research\.net/"
 		to="https://$1research.net/" />
 
-	<rule from="^https?://surveymonkey\.com/"
+	<rule from="^http://surveymonkey\.com/"
 		to="https://www.surveymonkey.com/" />
 
 	<rule from="^http://(admin|aide|a[jy]uda|blog|contribute|da|de|fr|es|fi|go|help2|hilfe|it|jp|ko|nl|no|pt|ru|ruhelp|secure|sv|www|zh)\.surveymonkey\.com/"
 		to="https://$1.surveymonkey.com/" />
 
-	<rule from="^https?://help\.surveymonkey\.com/"
+	<rule from="^http://help\.surveymonkey\.com/"
 		to="https://surveymonkey.secure.force.com/" />
 
-	<rule from="^https?://smaudience\.surveymonkey\.com/(?:\?.*)?$"
+	<rule from="^http://smaudience\.surveymonkey\.com/(?:\?.*)?$"
 		to="https://www.surveymonkey.com/mp/audience/" />
 
-	<rule from="^https?://smaudience\.surveymonkey\.com/(cs|image|j|r)s/"
+	<rule from="^http://smaudience\.surveymonkey\.com/(cs|image|j|r)s/"
 		to="https://na-d.market.com/$1s/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Surveydaddy.xml b/src/chrome/content/rules/Surveydaddy.xml
index 5fdaee853c8e..bb9799e95edd 100644
--- a/src/chrome/content/rules/Surveydaddy.xml
+++ b/src/chrome/content/rules/Surveydaddy.xml
@@ -1,4 +1,12 @@
-<ruleset name="Surveydaddy" platform="mixedcontent">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://surveydaddy.com/ => https://surveydaddy.com/: (51, "SSL: no alternative certificate subject name matches target host name 'surveydaddy.com'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://surveydaddy.com/ => https://surveydaddy.com/: (60, 'SSL certificate problem: certificate has expired')
+-->
+<ruleset name="Surveydaddy" platform="mixedcontent" default_off="failed ruleset test">
   <target host="surveydaddy.com" />
   <target host="*.surveydaddy.com" />
 
diff --git a/src/chrome/content/rules/Survs.xml b/src/chrome/content/rules/Survs.xml
index 1eb578f80e73..946f0c3e4789 100644
--- a/src/chrome/content/rules/Survs.xml
+++ b/src/chrome/content/rules/Survs.xml
@@ -1,15 +1,10 @@
 <!--
-	nonfunctional:
-		- blog.survs.com	(cert: *.pair.com; shows default pair Networks page)
+	Nonfunctional domains:
+		- blog.survs.com - SSL_ERROR_RX_RECORD_TOO_LONG
 -->
-<ruleset name="Survs (partial)">
-
+<ruleset name="Survs">
 	<target host="survs.com"/>
 	<target host="www.survs.com"/>
-		<!--	survey pages appear to redirect to http		-->
-		<exclusion pattern="^http://www\.survs\.com/survey/"/>
-
-	<rule from="^http://(www\.)?survs\.com/"
-		to="https://$1survs.com/"/>
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Susliving.xml b/src/chrome/content/rules/Susliving.xml
index 813233816791..4d6d232939f0 100644
--- a/src/chrome/content/rules/Susliving.xml
+++ b/src/chrome/content/rules/Susliving.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://forum.susliving.org/ => https://forum.susliving.org/: (51, "SSL: no alternative certificate subject name matches target host name 'forum.susliving.org'")
+
 	Nonfunctional domains:
 
 		- (www.)
@@ -7,7 +11,7 @@
 	* Redirects to http; expired 2013-01-27, mismatched, CN: forum.susliving.org
 
 -->
-<ruleset name="Susliving (partial)">
+<ruleset name="Susliving (partial)" default_off="failed ruleset test">
 
 	<target host="forum.susliving.org" />
 
@@ -15,7 +19,6 @@
 	<securecookie host="^forum\.susliving\.org$" name=".+" />
 
 
-	<rule from="^http://forum\.susliving\.org/"
-		to="https://forum.susliving.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Sussan.com.au.xml b/src/chrome/content/rules/Sussan.com.au.xml
new file mode 100644
index 000000000000..abc9726228ac
--- /dev/null
+++ b/src/chrome/content/rules/Sussan.com.au.xml
@@ -0,0 +1,47 @@
+<!--
+	CDN buckets:
+
+		- dcu0x19cdch9b.cloudfront.net
+
+
+	Problematic hosts in *sussan.com.au:
+
+		- assets ²
+
+	² mismatched
+
+
+	Insecure cookies are set for these domains: ᶜ
+
+		- .www.sussan.com.au
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Sussan.com.au">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="sussan.com.au" />
+	<target host="www.sussan.com.au" />
+
+	<!--	Complications:
+				-->
+	<target host="assets.sussan.com.au" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.www\.sussan\.com\.au$" name="^(?:CUSTOMER_SEGMENT_IDS|frontend)$" /-->
+
+	<securecookie host="^\." name="^_ga" />
+	<securecookie host="^(?!\.sussan\.com\.au$)." name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+		<test url="http://assets.sussan.com.au/media/upload/2015/December/Homepages/Homepage1/css/main_3_.css" />
+
+
+
+</ruleset>
diff --git a/src/chrome/content/rules/Sustainable-Cleaning.com.xml b/src/chrome/content/rules/Sustainable-Cleaning.com.xml
new file mode 100644
index 000000000000..6356b129d85e
--- /dev/null
+++ b/src/chrome/content/rules/Sustainable-Cleaning.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="Sustainable cleaning">
+
+	<target host="www.sustainable-cleaning.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Sustainable_Electronics.org.xml b/src/chrome/content/rules/Sustainable_Electronics.org.xml
new file mode 100644
index 000000000000..a39ace486ae1
--- /dev/null
+++ b/src/chrome/content/rules/Sustainable_Electronics.org.xml
@@ -0,0 +1,12 @@
+<ruleset name="Sustainable Electronics.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="sustainableelectronics.org" />
+	<target host="www.sustainableelectronics.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Sustainablebusiness.com.xml b/src/chrome/content/rules/Sustainablebusiness.com.xml
new file mode 100644
index 000000000000..bcd86c592c9f
--- /dev/null
+++ b/src/chrome/content/rules/Sustainablebusiness.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Sustainablebusiness.com">
+  <target host="sustainablebusiness.com" />
+  <target host="www.sustainablebusiness.com" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Sv2.biz.xml b/src/chrome/content/rules/Sv2.biz.xml
new file mode 100644
index 000000000000..103c42719e8e
--- /dev/null
+++ b/src/chrome/content/rules/Sv2.biz.xml
@@ -0,0 +1,16 @@
+<!--
+	Ads.
+
+-->
+<ruleset name="sv2.biz">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="sv2.biz" />
+	<target host="www.sv2.biz" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SvD.se.xml b/src/chrome/content/rules/SvD.se.xml
index 48fa9267bebf..9b72e4ad0647 100644
--- a/src/chrome/content/rules/SvD.se.xml
+++ b/src/chrome/content/rules/SvD.se.xml
@@ -18,7 +18,6 @@
 	<target host="kundservice.svd.se" />
 
 
-	<rule from="^http://kundservice\.svd\.se/"
-		to="https://kundservice.svd.se/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Svbtle.com.xml b/src/chrome/content/rules/Svbtle.com.xml
new file mode 100644
index 000000000000..ef9994ec6d37
--- /dev/null
+++ b/src/chrome/content/rules/Svbtle.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Wildcard DNS and certificate.
+
+	Each user gets its own subdomain.
+
+-->
+<ruleset name="Svbtle.com">
+
+	<target host="svbtle.com" />
+	<target host="*.svbtle.com" />
+
+		<test url="http://testurl1.svbtle.com/" />
+		<test url="http://testurl2.svbtle.com/" />
+		<test url="http://testurl3.svbtle.com/" />
+
+		<test url="http://locks.svbtle.com/" />
+		<test url="http://playhdstream.svbtle.com/" />
+		<test url="http://summercampamerica.svbtle.com/" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Svenskakyrkan.se.xml b/src/chrome/content/rules/Svenskakyrkan.se.xml
index 76f178af36ee..ff9c7f15b8c2 100644
--- a/src/chrome/content/rules/Svenskakyrkan.se.xml
+++ b/src/chrome/content/rules/Svenskakyrkan.se.xml
@@ -1,7 +1,6 @@
-<ruleset name="Svenskakyrkan (broken)" default_off="https://trac.torproject.org/projects/tor/ticket/9613">
+<ruleset name="Svenskakyrkan.se">
 	<target host="svenskakyrkan.se" />
 	<target host="www.svenskakyrkan.se" />
-	<rule from="^http://svenskakyrkan\.se/" to="https://www.svenskakyrkan.se/"/>
-	<rule from="^http://www\.svenskakyrkan\.se/" to="https://www.svenskakyrkan.se/"/>
-</ruleset>
 
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Svenskaspel.se.xml b/src/chrome/content/rules/Svenskaspel.se.xml
index 2ecf5253c1ea..665df8e35c87 100644
--- a/src/chrome/content/rules/Svenskaspel.se.xml
+++ b/src/chrome/content/rules/Svenskaspel.se.xml
@@ -1,5 +1,6 @@
 <ruleset name="Svenskaspel.se">
   <target host="svenskaspel.se" />
+  <target host="www.svenskaspel.se" />
   <rule from="^http://svenskaspel\.se/" to="https://svenskaspel.se/"/>
   <rule from="^http://www\.svenskaspel\.se/" to="https://svenskaspel.se/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/SverigesRadio.se.xml b/src/chrome/content/rules/SverigesRadio.se.xml
index cbd5ee886b02..2791cf377eec 100644
--- a/src/chrome/content/rules/SverigesRadio.se.xml
+++ b/src/chrome/content/rules/SverigesRadio.se.xml
@@ -20,7 +20,7 @@
 
 	<!--	Cert only matches ^sverigesradio.se.
 							-->
-	<rule from="^https?://(?:www\.)?s(?:r|verigesradio)\.se/"
+	<rule from="^http://(?:www\.)?s(?:r|verigesradio)\.se/"
 		to="https://sverigesradio.se/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Sviaz-bank.ru.xml b/src/chrome/content/rules/Sviaz-bank.ru.xml
new file mode 100644
index 000000000000..4e090f9421ae
--- /dev/null
+++ b/src/chrome/content/rules/Sviaz-bank.ru.xml
@@ -0,0 +1,46 @@
+<!--
+access.sviaz-bank.ru ⁴
+access2.sviaz-bank.ru ⁴
+app.sviaz-bank.ru ⁴
+bonus.sviaz-bank.ru ¹
+ca.sviaz-bank.ru/: (35, 'error:14092105:SSL routines:ssl3_get_server_hello:wrong cipher returned')
+ftp.sviaz-bank.ru ³
+idocsmpc.sviaz-bank.ru ³
+info2.sviaz-bank.ru ³
+kb.sviaz-bank.ru/: (35, 'error:14092105:SSL routines:ssl3_get_server_hello:wrong cipher returned')
+lt.sviaz-bank.ru ⁴
+mx1.sviaz-bank.ru ³
+mx2.sviaz-bank.ru ³
+ns1.sviaz-bank.ru ³
+ns2.sviaz-bank.ru ³
+webconf.sviaz-bank.ru/: (56, 'SSL read: error:00000000:lib(0):func(0):reason(0), errno 104')
+ca.sviaz-bank.ru:4499 ³
+
+
+¹ mismatch
+³ timed out
+⁴ self signed
+-->
+<ruleset name="sviaz-bank.ru">
+	<target host="sviaz-bank.ru" />
+	<target host="www.sviaz-bank.ru" />
+	<target host="3d.sviaz-bank.ru" />
+	<target host="anketa.sviaz-bank.ru" />
+	<target host="autodiscover.sviaz-bank.ru" />
+	<target host="www.bonus.sviaz-bank.ru" />
+	<target host="citrix.sviaz-bank.ru" />
+	<target host="dbo.sviaz-bank.ru" />
+	<target host="dialin.sviaz-bank.ru" />
+	<target host="idocs.sviaz-bank.ru" />
+	<target host="lyncaccess.sviaz-bank.ru" />
+	<target host="lyncdiscover.sviaz-bank.ru" />
+	<target host="lyncwebapps.sviaz-bank.ru" />
+	<target host="mail.sviaz-bank.ru" />
+	<target host="meet.sviaz-bank.ru" />
+	<target host="megapay.sviaz-bank.ru" />
+	<target host="mi.sviaz-bank.ru" />
+	<target host="vpn.sviaz-bank.ru" />
+	<target host="web-ext.sviaz-bank.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Svtrd.com.xml b/src/chrome/content/rules/Svtrd.com.xml
index e15c236b1dfd..d5f03df16572 100644
--- a/src/chrome/content/rules/Svtrd.com.xml
+++ b/src/chrome/content/rules/Svtrd.com.xml
@@ -1,9 +1,14 @@
-<ruleset name="svtrd.com">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://s.svtrd.com/ => https://s.svtrd.com/: (6, 'Could not resolve host: s.svtrd.com')
+
+-->
+<ruleset name="svtrd.com" default_off="failed ruleset test">
 
 	<target host="s.svtrd.com" />
 
 
-	<rule from="^http://s\.svtrd\.com/"
-		to="https://s.svtrd.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Sw-KA.de.xml b/src/chrome/content/rules/Sw-KA.de.xml
new file mode 100644
index 000000000000..d1a22f7424e1
--- /dev/null
+++ b/src/chrome/content/rules/Sw-KA.de.xml
@@ -0,0 +1,19 @@
+<!--
+	Invalid certificate:
+		- vpn.sw-ka.de
+
+	Non-2xx HTTP code:
+		- autoload.sw-ka.de
+-->
+<ruleset name="Sw-KA.de">
+
+	<target host="sw-ka.de" />
+	<target host="www.sw-ka.de" />
+	<target host="bafoegonline.sw-ka.de" />
+	<target host="stats.sw-ka.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Swan.sk.xml b/src/chrome/content/rules/Swan.sk.xml
new file mode 100644
index 000000000000..962ecb595ae0
--- /dev/null
+++ b/src/chrome/content/rules/Swan.sk.xml
@@ -0,0 +1,23 @@
+<!--
+    Nonfunctional hosts in *.swan.sk:
+
+    certificate mismatch:
+	- akcia.swan.sk
+	- gallery.swan.sk
+	- man.swan.sk
+	- kochanovce.swan.sk
+	- speedmeter.swan.sk
+    connection refused:
+	- legalaid.swan.sk
+	- vinica.swan.sk
+    unable to get local issuer certificate:
+	- webhosting.web.swan.sk
+-->
+<ruleset name="Swan.sk">
+  <target host="swan.sk" />
+  <target host="www.swan.sk" />
+  <target host="webmail.mail.swan.sk" />
+  <target host="webbill.swan.sk" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Swapspace.net.xml b/src/chrome/content/rules/Swapspace.net.xml
new file mode 100644
index 000000000000..2de6d3eb497a
--- /dev/null
+++ b/src/chrome/content/rules/Swapspace.net.xml
@@ -0,0 +1,21 @@
+<!--
+	Expired 2009-08-14
+
+-->
+<ruleset name="swapspace.net" default_off="expired, self-signed">
+
+	<target host="swapspace.net" />
+	<target host="www.swapspace.net" />
+
+
+	<!--	Secured by server:
+					-->
+	<!--securecookie host="^\.swapspace\.net$" name="^(phpbb3_gylpk_k|phpbb3_gylpk_sid|phpbb3_gylpk_u)$" /-->
+
+	<securecookie host="^\.swapspace\.net$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?swapspace\.net/"
+		to="https://swapspace.net/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Swartz_Files.com.xml b/src/chrome/content/rules/Swartz_Files.com.xml
new file mode 100644
index 000000000000..72bc71c8a130
--- /dev/null
+++ b/src/chrome/content/rules/Swartz_Files.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="Swartz Files.com">
+
+	<target host="swartzfiles.com" />
+	<target host="www.swartzfiles.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Swedbank.lv.xml b/src/chrome/content/rules/Swedbank.lv.xml
new file mode 100644
index 000000000000..609be85bf36e
--- /dev/null
+++ b/src/chrome/content/rules/Swedbank.lv.xml
@@ -0,0 +1,31 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://swedbank.nl/ => https://swedbank.nl/: (7, 'Failed to connect to swedbank.nl port 443: Connection refused')
+Fetch error: http://ib.swedbank.nl/ => https://ib.swedbank.nl/: (7, 'Failed to connect to ib.swedbank.nl port 443: Connection refused')
+Fetch error: http://sib.swedbank.nl/ => https://sib.swedbank.nl/: (7, 'Failed to connect to sib.swedbank.nl port 443: Connection refused')
+Fetch error: http://www.swedbank.nl/ => https://www.swedbank.nl/: (7, 'Failed to connect to www.swedbank.nl port 443: Connection refused')
+
+	Problematic hosts in *swedbank.nl:
+
+		- stat *
+
+	* Server sends no certificate chain, see https://whatsmychaincert.com
+
+-->
+<ruleset name="Swedbank.lv (partial)" default_off="failed ruleset test">
+
+	<target host="swedbank.nl" />
+	<target host="ib.swedbank.nl" />
+	<target host="sib.swedbank.nl" />
+	<!--target host="stat.swedbank.nl" /-->
+	<target host="www.swedbank.nl" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Sweden.se.xml b/src/chrome/content/rules/Sweden.se.xml
new file mode 100644
index 000000000000..f97f166bb456
--- /dev/null
+++ b/src/chrome/content/rules/Sweden.se.xml
@@ -0,0 +1,26 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://work.sweden.se/ (200) => https://work.sweden.se/ (403)
+
+
+	REQUIRES https:
+		- api (will return apache page if attempted access over http)
+
+	Nonfunctional domains:
+		- ar (refused)
+		- blogs (refused)
+		- mediaroom (wrong cert)
+		- study (wrong cert)
+		- imagebank (self signed)
+		- www.imagebank (self signed)
+
+-->
+<ruleset name="Sweden.se" default_off="failed ruleset test">
+	<target host="sweden.se" />
+	<target host="www.sweden.se" />
+	<target host="api.sweden.se" />
+	<target host="work.sweden.se" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SweetDreamsMiniDonuts.com.xml b/src/chrome/content/rules/SweetDreamsMiniDonuts.com.xml
new file mode 100644
index 000000000000..72382da27757
--- /dev/null
+++ b/src/chrome/content/rules/SweetDreamsMiniDonuts.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="SweetDreamsMiniDonuts.com">
+	<target host="sweetdreamsminidonuts.com" />
+	<target host="www.sweetdreamsminidonuts.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SweetPepper.org.xml b/src/chrome/content/rules/SweetPepper.org.xml
new file mode 100644
index 000000000000..18b8f21249b3
--- /dev/null
+++ b/src/chrome/content/rules/SweetPepper.org.xml
@@ -0,0 +1,10 @@
+<ruleset name="SweetPepper.org">
+
+	<target host="sweetpepper.org" />
+	<target host="www.sweetpepper.org" />
+	<target host="thechemistandtheacevities.sweetpepper.org" />
+	<target host="velvetsluts.sweetpepper.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Sweet_and_Sour.xml b/src/chrome/content/rules/Sweet_and_Sour.xml
index 735cc1ba26fa..dfe3cebc3ee3 100644
--- a/src/chrome/content/rules/Sweet_and_Sour.xml
+++ b/src/chrome/content/rules/Sweet_and_Sour.xml
@@ -1,10 +1,23 @@
-<ruleset name="Sweet &amp; Sour">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://sweetandsourstudio.com/ => https://sweetandsourstudio.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.sweetandsourstudio.com/ => https://www.sweetandsourstudio.com/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://sweetandsourstudio.com/ => https://sweetandsourstudio.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.sweetandsourstudio.com/ => https://www.sweetandsourstudio.com/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="Sweet &amp; Sour" default_off="failed ruleset test">
 
 	<target host="sweetandsourstudio.com" />
 	<target host="www.sweetandsourstudio.com" />
 
 
-	<rule from="^http://(www\.)?sweetandsourstudio\.com/"
-		to="https://$1sweetandsourstudio.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SweetsLyrics.com.xml b/src/chrome/content/rules/SweetsLyrics.com.xml
new file mode 100644
index 000000000000..ed6f4a3866a1
--- /dev/null
+++ b/src/chrome/content/rules/SweetsLyrics.com.xml
@@ -0,0 +1,21 @@
+<!--
+	CN: Parallels Panel
+
+
+	Mixed content:
+
+		- css from $self
+
+		- Images from $self
+
+-->
+<ruleset name="SweetsLyrics.com" default_off="expired, self-signed">
+
+	<target host="sweetslyrics.com" />
+	<target host="www.sweetslyrics.com" />
+
+
+	<rule from="^http://(?:www\.)?sweetslyrics\.com/"
+		to="https://www.sweetslyrics.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SwetsWise.xml b/src/chrome/content/rules/SwetsWise.xml
deleted file mode 100644
index 58682b59db20..000000000000
--- a/src/chrome/content/rules/SwetsWise.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<ruleset name="SwetsWise">
-
-	<target host="*.swetswise.com" />
-
-
-	<securecookie host="^.*\.swetswise\.com$" name=".+" />
-
-
-	<rule from="^http://www\.swetswise\.com/"
-		to="https://www.swetswise.com/" />
-
-	<rule from="^http://shibboleth\.swetswise\.com/"
-		to="https://shibboleth.swetswise.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Swift.im.xml b/src/chrome/content/rules/Swift.im.xml
new file mode 100644
index 000000000000..2800dfaf87b1
--- /dev/null
+++ b/src/chrome/content/rules/Swift.im.xml
@@ -0,0 +1,9 @@
+<ruleset name="Swift XMPP Client">
+	<target host="swift.im" />
+	<target host="www.swift.im" />
+	<target host="git.swift.im" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Swift.org.xml b/src/chrome/content/rules/Swift.org.xml
new file mode 100644
index 000000000000..2ea44ee5884b
--- /dev/null
+++ b/src/chrome/content/rules/Swift.org.xml
@@ -0,0 +1,20 @@
+<ruleset name="Swift.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="swift.org" />
+	<target host="bugs.swift.org" />
+	<target host="bugs-staging.swift.org" />
+	<target host="ci.swift.org" />
+	<target host="ci-staging.swift.org" />
+	<target host="lists.swift.org" />
+	<target host="www.swift.org" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Swiftype.xml b/src/chrome/content/rules/Swiftype.xml
index ae33f0ffc163..483f9c7d66c1 100644
--- a/src/chrome/content/rules/Swiftype.xml
+++ b/src/chrome/content/rules/Swiftype.xml
@@ -1,17 +1,45 @@
 <!--
 	swiftype-assets.a.ssl.fastly.net
 
+
+	Nonfunctional subdomains:
+
+		- status *
+
+	* Google
+
+
+	Problematic subdomains:
+
+		- blog *
+
+	* Hubspot / mismatched
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- .swiftype.com
+		- blog.swiftype.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
 -->
-<ruleset name="Swiftype">
+<ruleset name="Swiftype (partial)">
 
 	<target host="swiftype.com" />
 	<target host="www.swiftype.com" />
+	<target host="s.swiftypecdn.com" />
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.swiftype\.com$" name="^st_brid$" /-->
+	<!--securecookie host="^blog\.swiftype\.com$" name="^hsPagesViewedThisSession$" /-->
 
-	<securecookie host="^swiftype\.com$" name=".*" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^http://(www\.)?swiftype\.com/"
-		to="https://$1swiftype.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Swin.edu.au.xml b/src/chrome/content/rules/Swin.edu.au.xml
index 76868d051b88..4ee93cdef563 100644
--- a/src/chrome/content/rules/Swin.edu.au.xml
+++ b/src/chrome/content/rules/Swin.edu.au.xml
@@ -22,7 +22,10 @@
 <ruleset name="Swin.edu.au (partial)">
 
 	<target host="swin.edu.au" />
-	<target host="*.swin.edu.au" />
+	<target host="www.swin.edu.au" />
+	<target host="astronomy.swin.edu.au" />
+	<target host="www.astronomy.swin.edu.au" />
+	<target host="gpo.swin.edu.au" />
 
 
 	<securecookie host="^www\.swin\.edu\.au$" name=".+" />
@@ -31,7 +34,6 @@
 	<rule from="^http://(?:www\.)?swin\.edu\.au/"
 		to="https://www.swin.edu.au/" />
 
-	<rule from="^http://((?:www\.)?astronomy|gpo)\.swin\.edu\.au/"
-		to="https://$1.swin.edu.au/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Swinburne.edu.au.xml b/src/chrome/content/rules/Swinburne.edu.au.xml
index 0f4b737705bb..bbc0a199e627 100644
--- a/src/chrome/content/rules/Swinburne.edu.au.xml
+++ b/src/chrome/content/rules/Swinburne.edu.au.xml
@@ -38,7 +38,6 @@
 	<target host="www.swinburne.edu.au" />
 
 
-	<rule from="^http://(?:www\.)?swinburne\.edu\.au/"
-		to="https://www.swinburne.edu.au/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Swiss-Federal-Railways.xml b/src/chrome/content/rules/Swiss-Federal-Railways.xml
index 9269ef7c647f..d4237dd96eae 100644
--- a/src/chrome/content/rules/Swiss-Federal-Railways.xml
+++ b/src/chrome/content/rules/Swiss-Federal-Railways.xml
@@ -1,37 +1,77 @@
-<ruleset name="Swiss Federal Railways (SBB/CFF/FFS)">
-    <target host="sbb.ch" />
-    <target host="www.sbb.ch" />
+<!--
+Mismatch:
+	sbb.ch:
+	-blog
+	-geschaeftsbericht
+	-unterwegs
+
+	cff.ch
+	-blog
+	-enroute
+	-int-www
+	-rapport-de-gestion
 
-    <target host="cff.ch" />
-    <target host="www.cff.ch" />
+	ffs.ch
+	-blog
+	-inviaggio
+	-rapporto-di-gestione
 
-    <target host="ffs.ch" />
-    <target host="www.ffs.ch" />
+Redirect:
+	sbb.ch
+	-fahrplan
 
-    <target host="mobilbonus.ch" />
-    <target host="*.mobilbonus.ch" />
+	cff.ch
+	-horaire
+
+	ffs.ch
+	-orario
+-->
+<ruleset name="Swiss Federal Railways (SBB/CFF/FFS)">
+	<target host="sbb.ch" />
+	<target host="www.sbb.ch" />
+	<target host="m.sbb.ch" />
+	<target host="freizeit.sbb.ch" />
+	<target host="freizeit1.sbb.ch" />
+	<target host="jobs.sbb.ch" />
+	<target host="leisure1.sbb.ch" />
+	<target host="mitderzeitspielen.sbb.ch" />
+	<target host="piper.sbb.ch" />
+	<target host="playingwithtime.sbb.ch" />
+	<target host="tip.sbb.ch" />
+	<target host="tipmobile.sbb.ch" />
+	<target host="tipmobileint.sbb.ch" />
+	<target host="tipmobiletest.sbb.ch" />
+	<target host="stories.sbb.ch" />
+	<target host="company.sbb.ch" />
+	<target host="dima.sbb.ch" />
+	<target host="analytics.sbb.ch" />
 
-    <securecookie host="^\.www\.sbb\.ch$" name=".+" />
-    <securecookie host="^\.www\.cff\.ch$" name=".+" />
-    <securecookie host="^\.www\.ffs\.ch$" name=".+" />
+	<target host="cdn.app.sbb-aws.net" />
 
-    <rule from="^https?://sbb\.ch/"
-        to="https://www.sbb.ch/" />
-    <rule from="^http://([^/:@]+)?\.sbb\.ch/"
-        to="https://$1.sbb.ch/" />
+	<target host="cff.ch" />
+	<target host="www.cff.ch" />
+	<target host="m.cff.ch" />
+	<target host="joueravecletemps.cff.ch" />
+	<target host="loisirs.cff.ch" />
+	<target host="loisirs1.cff.ch" />
+	<target host="loisirs2.cff.ch" />
+	<target host="loisirs3.cff.ch" />
 
-    <rule from="^https?://cff\.ch/"
-        to="https://www.cff.ch/" />
-    <rule from="^http://([^/:@]+)?\.cff\.ch/"
-        to="https://$1.cff.ch/" />
+	<target host="ffs.ch" />
+	<target host="www.ffs.ch" />
+	<target host="m.ffs.ch" />
+	<target host="giocarecoltempo.ffs.ch" />
+	<target host="tempolibero.ffs.ch" />
+	<target host="tempolibero1.ffs.ch" />
+	<target host="tempolibero2.ffs.ch" />
+	<target host="tempolibero3.ffs.ch" />
 
-    <rule from="^https?://ffs\.ch/"
-        to="https://www.ffs.ch/" />
-    <rule from="^http://([^/:@]+)?\.ffs\.ch/"
-        to="https://$1.ffs.ch/" />
+	<securecookie host="^\.sbb\.ch$" name=".+" />
+	<securecookie host="^\.www\.sbb\.ch$" name=".+" />
+	<securecookie host="^\.www\.cff\.ch$" name=".+" />
+	<securecookie host="^\.www\.ffs\.ch$" name=".+" />
+	<securecookie host="^.+.sbb-aws\.net$" name=".+" />
 
-    <rule from="^https?://mobilbonus\.ch/"
-        to="https://www.mobilbonus.ch/" />
-    <rule from="^http://([^/:@]+)?\.mobilbonus\.ch/"
-        to="https://$1.mobilbonus.ch/" />
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Swiss.xml b/src/chrome/content/rules/Swiss.xml
index 9b65d8d58296..113c06a65616 100644
--- a/src/chrome/content/rules/Swiss.xml
+++ b/src/chrome/content/rules/Swiss.xml
@@ -1,14 +1,21 @@
-<ruleset name="Swiss.com" platform="mixedcontent">
-  <target host="swiss.com"/>
-  <target host="www.swiss.com"/>
-  <target host="lsy-www.swiss.com"/>
-  <target host="booking.swiss.com"/>
-  <target host="mobile.swiss.com"/>
-
-  <securecookie host="^(.*\.)?swiss\.com$" name=".+" />
-
-  <rule from="^http://(?:www\.)?swiss\.com/" to="https://www.swiss.com/"/>
-  <rule from="^http://lsy-www\.swiss\.com/" to="https://lsy-www.swiss.com/"/>
-  <rule from="^http://booking\.swiss\.com/" to="https://booking.swiss.com/"/>
-  <rule from="^http://mobile\.swiss\.com/" to="https://mobile.swiss.com/"/>
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://lsy-www.swiss.com/ => https://lsy-www.swiss.com/: (51, "SSL: no alternative certificate subject name matches target host name 'lsy-www.swiss.com'")
+Fetch error: http://booking.swiss.com/ => https://booking.swiss.com/: (51, "SSL: no alternative certificate subject name matches target host name 'booking.swiss.com'")
+Fetch error: http://mobile.swiss.com/ => https://mobile.swiss.com/: (51, "SSL: no alternative certificate subject name matches target host name 'mobile.swiss.com'")
+
+-->
+<ruleset name="Swiss.com" default_off="failed ruleset test">
+	<target host="swiss.com"/>
+	<target host="www.swiss.com"/>
+	<target host="lsy-www.swiss.com"/>
+	<target host="booking.swiss.com"/>
+	<target host="mobile.swiss.com"/>
+	<target host="my.swiss.com"/>
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Swiss_Federal_Institute_of_Intellectual_Property.xml b/src/chrome/content/rules/Swiss_Federal_Institute_of_Intellectual_Property.xml
index 1bf4b67f268f..5fca0bcfe534 100644
--- a/src/chrome/content/rules/Swiss_Federal_Institute_of_Intellectual_Property.xml
+++ b/src/chrome/content/rules/Swiss_Federal_Institute_of_Intellectual_Property.xml
@@ -1,25 +1,29 @@
-<ruleset name="Swiss Federal Institute of Intellectual Property">
-    <target host="ige.ch" />
-    <target host="*.ige.ch" />
+<!--
+	For other swiss government coverage, see swissgov.xml.
+
+	Invalid cert:
+		- abnahme.swissreg.ch
 
-    <target host="ip-search.ch" />
-    <target host="*.ip-search.ch" />
+	Refused:
+		- ip-search.ch
+		- client.ip-search.ch
 
-    <target host="swissreg.ch" />
-    <target host="*.swissreg.ch" />
+		- swissreg.ch
+-->
+<ruleset name="Swiss Federal Institute of Intellectual Property">
+	<target host="ige.ch" />
+	<target host="www.ige.ch" />
+	<target host="e-trademark.ige.ch" />
+	<target host="gz.ige.ch" />
+	<target host="kmu.ige.ch" />
+	<target host="ph.ige.ch" />
+	<target host="wdl.ige.ch" />
 
-    <rule from="^https?://ige\.ch/"
-        to="https://www.ige.ch/"/>
-    <rule from="^http://([^/:@]+)?\.ige\.ch/"
-        to="https://$1.ige.ch/" />
+	<!-- IGE services -->
+	<target host="www.ip-search.ch" />
 
-    <rule from="^https?://ip-search\.ch/"
-        to="https://www.ip-search.ch/"/>
-    <rule from="^http://([^/:@]+)?\.ip-search\.ch/"
-        to="https://$1.ip-search.ch/" />
+	<target host="www.swissreg.ch" />
 
-    <rule from="^https?://swissreg\.ch/"
-        to="https://www.swissreg.ch/"/>
-    <rule from="^http://([^/:@]+)?\.swissreg\.ch/"
-        to="https://$1.swissreg.ch/" />
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Swiss_Financial_Market_Supervisory_Authority.xml b/src/chrome/content/rules/Swiss_Financial_Market_Supervisory_Authority.xml
index 4c3728c3a9f2..809a5c2391e9 100644
--- a/src/chrome/content/rules/Swiss_Financial_Market_Supervisory_Authority.xml
+++ b/src/chrome/content/rules/Swiss_Financial_Market_Supervisory_Authority.xml
@@ -1,9 +1,25 @@
+<!--
+	For other swiss government coverage, see swissgov.xml.
+
+
+	mismatch:
+		- ^
+
+	refused:
+		- www.versichererreport.finma.ch
+
+	Incomplete cert chain:
+		- first.finma.ch
+		- webmail.finma.ch
+-->
 <ruleset name="Swiss Financial Market Supervisory Authority (FINMA)">
-    <target host="finma.ch" />
-    <target host="*.finma.ch" />
+	<target host="www.finma.ch" />
+	<target host="register.finma.ch" />
+		<!--
+		Download too big for Travis
+		<test url="http://register.finma.ch/ReportRegister.aspx?regnr=27388" />
+		-->
 
-    <rule from="^https?://finma\.ch/"
-        to="https://www.finma.ch/"/>
-    <rule from="^http://([^/:@]+)?\.finma\.ch/"
-        to="https://$1.finma.ch/" />
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Swiss_Power.xml b/src/chrome/content/rules/Swiss_Power.xml
deleted file mode 100644
index 3c4858c8477b..000000000000
--- a/src/chrome/content/rules/Swiss_Power.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<ruleset name="Swiss Power">
-    <target host="swisspower.ch" />
-    <target host="*.swisspower.ch" />
-
-    <securecookie host="^(.*\.)?swisspower\.ch$" name=".+" />
-
-    <rule from="^https?://swisspower\.ch/"
-        to="https://www.swisspower.ch/" />
-    <rule from="^http://([^/:@]+)?\.swisspower\.ch/"
-        to="https://$1.swisspower.ch/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Swissabroad.ch.xml b/src/chrome/content/rules/Swissabroad.ch.xml
deleted file mode 100644
index c8945a838da9..000000000000
--- a/src/chrome/content/rules/Swissabroad.ch.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="Swissabroad.ch">
-    <target host="swissabroad.ch" />
-    <target host="*.swissabroad.ch" />
-
-    <rule from="^https?://swissabroad\.ch/"
-        to="https://www.swissabroad.ch/" />
-    <rule from="^http://([^/:@]+)?\.swissabroad\.ch/"
-        to="https://$1.swissabroad.ch/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Swisscom.ch.xml b/src/chrome/content/rules/Swisscom.ch.xml
index c89af4cb9ef6..a0eb9b08cf59 100644
--- a/src/chrome/content/rules/Swisscom.ch.xml
+++ b/src/chrome/content/rules/Swisscom.ch.xml
@@ -1,82 +1,140 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cms.hospitality.swisscom.com/ => https://cms.hospitality.swisscom.com/: (6, 'Could not resolve host: cms.hospitality.swisscom.com')
+Fetch error: http://conftool.hospitality.swisscom.com/ => https://conftool.hospitality.swisscom.com/: (6, 'Could not resolve host: conftool.hospitality.swisscom.com')
+Fetch error: http://delegate.hospitality.swisscom.com/ => https://delegate.hospitality.swisscom.com/: (6, 'Could not resolve host: delegate.hospitality.swisscom.com')
+Fetch error: http://extranet.hospitality.swisscom.com/ => https://extranet.hospitality.swisscom.com/: (6, 'Could not resolve host: extranet.hospitality.swisscom.com')
+Fetch error: http://partnerportal.hospitality.swisscom.com/ => https://partnerportal.hospitality.swisscom.com/: (6, 'Could not resolve host: partnerportal.hospitality.swisscom.com')
+Fetch error: http://portal.hospitality.swisscom.com/ => https://portal.hospitality.swisscom.com/: (6, 'Could not resolve host: portal.hospitality.swisscom.com')
+Fetch error: http://scheduler.hospitality.swisscom.com/ => https://scheduler.hospitality.swisscom.com/: (6, 'Could not resolve host: scheduler.hospitality.swisscom.com')
+Fetch error: http://vidia.swisscom.ch/ => https://vidia.swisscom.ch/: (6, 'Could not resolve host: vidia.swisscom.ch')
+Fetch error: http://itsalm1.swisscom.com/ => https://itsalm1.swisscom.com/: (56, 'SSL read: error:00000000:lib(0):func(0):reason(0), errno 104')
+Fetch error: http://remas.swisscom.com/ => https://remas.swisscom.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://smartlife.swisscom.com/ => https://smartlife.swisscom.com/: (6, 'Could not resolve host: smartlife.swisscom.com')
+Fetch error: http://www.smartlife.swisscom.com/ => https://www.smartlife.swisscom.com/: (6, 'Could not resolve host: www.smartlife.swisscom.com')
+Fetch error: http://services.snoopy.swisscom.com/ => https://services.snoopy.swisscom.com/: (6, 'Could not resolve host: services.snoopy.swisscom.com')
+
 	Other Swisscom rulesets:
 
 		- Bluewin.ch.xml
 		- Bluewin-HostCenter.xml
-		- Scssstatic.ch.xml
-
-
-		- swisscom.ch.122.2o7.net
-
-			- o.swisscom.ch
-
-
-	Nonfunctional subdomains:
-
-		- web.tvair *
-		- web.tvonline *
-
-	* Shows services.snoopy; mismatched, CN: services.snoopy.swisscom.com)
-
 
 	Problematic subdomains:
-
-		- ^		(cert only matches www)
-		- de		(http reply)
-		- o		(mismatched, CN: *.122.2o7.net)
-		- sommer	(works; mismatched, CN: *.hostcenter.com)
-
-
-	Partially covered subdomains:
-
-		- de		(→ www)
-
-
-	Fully covered domains:
-
-		- swisscom.ch subdomains:
-
-			- (www.)	(^ → www)
-			- o		(→ swisscom-ch.122.2o7.net)
-			- so
-			- www1
-
-		- (www.)swisscom.com
-		- services.snoopy.swisscom.com
-
-
+		swisscom.ch:
+			Mismatch:
+				- community
+				- cr
+				- deezer
+				- hotspotlocator
+				- internetbox
+				- labs
+				- lpn
+				- mobileemail
+					- www.mobileemail
+				- report
+				- shoplocator
+				- sommer
+				- tvair
+					- web.tvair
+				- tvonline
+					- web.tvonline
+
+			Unknown issuer:
+				- expats
+
+			Refused:
+				- devicesupport
+				- mobileaid
+				- tv
+
+		swisscom.com:
+			Mismatch:
+				- mobileemail
+					- www.mobileemail
+				- www.mafo
+
+			Refused:
+				- brandcenter
+				- documents
+				- ictquiz
+				- quiz365d
 -->
-<ruleset name="Swisscom.ch (partial)">
-
+<ruleset name="Swisscom.ch" default_off="failed ruleset test">
 	<target host="swisscom.ch" />
-	<target host="*.swisscom.ch" />
-	<target host="swisscom.com" />
-	<target host="*.swisscom.com" />
-
+	<target host="www.swisscom.ch" />
+	<target host="businessapps.swisscom.ch" />
+	<target host="cockpit.swisscom.ch" />
+	<target host="conferencing.swisscom.ch" />
+	<target host="developer.swisscom.ch" />
+	<target host="extranet.swisscom.ch" />
+	<target host="ict.swisscom.ch" />
+	<target host="io.swisscom.ch" />
+	<target host="issue.swisscom.ch" />
+	<target host="itunes.swisscom.ch" />
+	<target host="jobs.swisscom.ch" />
+	<target host="o.swisscom.ch" />
+	<target host="so.swisscom.ch" />
+	<target host="supportcommunity.swisscom.ch" />
+	<target host="tools.swisscom.ch" />
+	<target host="vidia.swisscom.ch" />
+	<target host="www2.swisscom.ch" />
 
-	<!--	Omniture cookies:
-					-->
+	<target host="swisscom.com" />
+	<target host="www.swisscom.com" />
+	<target host="bfm.swisscom.com" />
+	<target host="developer.swisscom.com" />
+	<target host="docsafe.swisscom.com" />
+	<target host="itsalm1.swisscom.com" />
+	<target host="itunes.swisscom.com" />
+	<target host="jobsp.swisscom.com" />
+	<target host="remas.swisscom.com" />
+	<target host="smartlife.swisscom.com" />
+	<target host="www.smartlife.swisscom.com" />
+	<target host="wholesale.swisscom.com" />
+	<target host="services.snoopy.swisscom.com" />
+	<target host="*.hospitality.swisscom.com" />
+	<target host="*.ds01.swisscom.com" />
+	<target host="*.ds02.swisscom.com" />
+
+	<target host="www.swissdigicert.ch"/>
+
+
+	<test url="http://bar.ds01.swisscom.com/" />
+	<test url="http://foo.ds01.swisscom.com/" />
+	<test url="http://ici.ds01.swisscom.com/" />
+	<test url="http://promo.ds01.swisscom.com/" />
+	<test url="http://www.ds01.swisscom.com/" />
+
+	<test url="http://awk.ds02.swisscom.com/" />
+	<test url="http://belimo.ds02.swisscom.com/" />
+	<test url="http://ctera.ds02.swisscom.com/" />
+	<test url="http://finitia.ds02.swisscom.com/" />
+	<test url="http://fischerconnectors.ds02.swisscom.com/" />
+	<test url="http://lukb.ds02.swisscom.com/" />
+	<test url="http://securitonsi.ds02.swisscom.com/" />
+
+	<test url="http://cms.hospitality.swisscom.com/" />
+	<test url="http://conftool.hospitality.swisscom.com/" />
+	<test url="http://delegate.hospitality.swisscom.com/" />
+	<test url="http://extranet.hospitality.swisscom.com/" />
+	<test url="http://partnerportal.hospitality.swisscom.com/" />
+	<test url="http://portal.hospitality.swisscom.com/" />
+	<test url="http://scheduler.hospitality.swisscom.com/" />
+
+
+	<!--	Omniture cookies:-->
 	<securecookie host="^\.swisscom\.ch$" name="^s_\w+$" />
 	<securecookie host="^www1?\.swisscom\.ch$" name=".+" />
 	<securecookie host="^(?:www\.)?swisscom\.com$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?swisscom\.ch/"
-		to="https://www.swisscom.ch/" />
-
-	<rule from="^http://de\.swisscom\.ch/(?:\?.*|privatkunden)?$"
-		to="https://www.swisscom.ch/de/privatkunden.html" />
-
-	<rule from="^http://de\.swisscom\.ch/its/(?:\?.*)?$"
-		to="https://www.swisscom.ch/it-services/" />
-
 	<rule from="^http://o\.swisscom\.ch/"
 		to="https://swisscom-ch.122.2o7.net/" />
 
-	<rule from="^http://(so|www1)\.swisscom\.ch/"
-		to="https://$1.swisscom.sh/" />
-
-	<rule from="^http://(services\.snoopy\.|www\.)?swisscom\.com/"
-		to="https://$1swisscom.com/" />
+	<rule from="^http://itunes\.swisscom\.com/"
+		to="https://itunes.swisscom.ch/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Swissinfo.ch.xml b/src/chrome/content/rules/Swissinfo.ch.xml
new file mode 100644
index 000000000000..60205a66518b
--- /dev/null
+++ b/src/chrome/content/rules/Swissinfo.ch.xml
@@ -0,0 +1,17 @@
+<!--
+	For other SRG SSR coverage, see SRGSSR.ch.xml.
+
+	Mixed content:
+		- forum.swissinfo.ch
+-->
+<ruleset name="Swissinfo.ch">
+
+	<target host="swissinfo.ch"/>
+	<target host="www.swissinfo.ch"/>
+	<target host="live.swissinfo.ch"/>
+	<target host="origin.swissinfo.ch"/>
+	<target host="play.swissinfo.ch"/>
+
+	<rule from="^http:"
+		to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/Swisslinsen.ch.xml b/src/chrome/content/rules/Swisslinsen.ch.xml
deleted file mode 100644
index b61a0fde5790..000000000000
--- a/src/chrome/content/rules/Swisslinsen.ch.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="swisslinsen.ch">
-
-	<target host="swisslinsen.ch" />
-	<target host="*.swisslinsen.ch" />
-
-
-	<securecookie host="^\.swisslinsen\.ch$" name=".+" />
-
-
-	<rule from="^http://(www\.)?swisslinsen\.ch/"
-		to="https://$1swisslinsen.ch/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Swisstph.ch.xml b/src/chrome/content/rules/Swisstph.ch.xml
new file mode 100644
index 000000000000..c50c04b962d5
--- /dev/null
+++ b/src/chrome/content/rules/Swisstph.ch.xml
@@ -0,0 +1,21 @@
+<!--
+	Nonfunctional hosts in *.swisstph.ch:
+		- thegallery.swisstph.ch (m)
+		- ludok.swisstph.ch (t)
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Swisstph.ch">
+	<target host="swisstph.ch" />
+	<target host="www.swisstph.ch" />
+	<target host="conn.swisstph.ch" />
+	<target host="elearning.swisstph.ch" />
+	<target host="team.swisstph.ch" />
+	<target host="webmail.swisstph.ch" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Switch.ch.xml b/src/chrome/content/rules/Switch.ch.xml
index 417d2809cbed..743b87bbddb2 100644
--- a/src/chrome/content/rules/Switch.ch.xml
+++ b/src/chrome/content/rules/Switch.ch.xml
@@ -1,19 +1,239 @@
 <!--
-	Nonfunctional subdomains:
+	Other SWITCH rulesets:
 
-		- mirror	(dropped)
+		- Switchie.ch.xml
+		- Switchplus.ch.xml
+		- EduId.ch.xml
 
--->
-<ruleset name="switch.ch">
+	Refused:
+		- cam.switch.ch
+		- ndt.switch.ch
+		- cavari.switch.ch
+		- cavari-test.switch.ch
+		- landingpage.cert.switch.ch
+		- spludes.cert.switch.ch
+		- spluli.cert.switch.ch
+		- spluma.cert.switch.ch
+		- splunk.cert.switch.ch
+		- splunk-test.cert.switch.ch
+		- spindex1.zh.cert.switch.ch
+		- splufex.zh.cert.switch.ch
+		- splufo1.zh.cert.switch.ch
+		- certsplunk.switch.ch
+		- chapel.switch.ch
+		- fl-0-10.unil.cloud.switch.ch
+		- cvs.switch.ch
 
-	<target host="switch.ch" />
-	<target host="*.switch.ch" />
+	Time out:
+		- frisal.switch.ch
+		- mirror.switch.ch
+		- gitlab.cloud.switch.ch
+		- cr.gitlab.cloud.switch.ch
+		- pages.gitlab.cloud.switch.ch
+		- prometheus.gitlab.cloud.switch.ch
+		- node.prometheus.gitlab.cloud.switch.ch
+		- mattermost.cloud.switch.ch
+		- fl-0-42.unil.cloud.switch.ch
+		- fl-0-44.unil.cloud.switch.ch
+		- fl-2-13.unil.cloud.switch.ch
+		- fl-2-14.unil.cloud.switch.ch
+		- docker.drive.switch.ch
 
+	Invalid certificate:
+		- kb.pert.switch.ch
+		- aai.switch.ch
+		- metadata.aai.switch.ch
+		- drive-backup.switch.ch (expired)
+		- [a01-a20].drive-backup.switch.ch (expired)
+		- ca.aai.switch.ch
+		- crl.aai.switch.ch
+		- webdav-demo.aai.switch.ch
+		- bresaola.switch.ch
+		- annotations.cast.switch.ch
+		- cast-staging.switch.ch
+		- annotations.cast-test.switch.ch
+		- api.cast-test.switch.ch
+		- keystone.cloud.switch.ch
+		- dashboard.unil.cloud.switch.ch
+		- fl-0-11.unil.cloud.switch.ch
+		- os-0.unil.cloud.switch.ch
+		- comal.switch.ch
+		- tandikat.switch.ch
+		- teramac.switch.ch
+		- teruel.switch.ch
 
-	<securecookie host="^\.switch\.ch$" name=".+" />
+	Too many redirects:
+		- presentation.cast-test.switch.ch
+-->
+<ruleset name="switch.ch">
+	<target host="switch.ch" />
+	<target host="www.switch.ch" />
+	<target host="attribute-viewer.aai.switch.ch" />
+	<target host="attribute-viewer-test.aai.switch.ch" />
+	<target host="av.aai.switch.ch" />
+	<target host="idp-monitor.aai.switch.ch" />
+	<target host="ldap-test2.aai.switch.ch" />
+	<target host="rr.aai.switch.ch" />
+	<target host="login.vho.aai.switch.ch" />
+	<target host="tools.vho.aai.switch.ch" />
+	<target host="aai-demo-idp.switch.ch" />
+	<target host="aai-logon.switch.ch" />
+	<target host="aai-viewer.switch.ch" />
+	<target host="x509.aai-logon.switch.ch" />
+	<target host="alphubel.switch.ch" />
+	<target host="bernina.switch.ch" />
+	<target host="bistro.switch.ch" />
+	<target host="aai-demo.switch.ch" />
+	<target host="cast.switch.ch" />
+	<target host="download.cast.switch.ch" />
+	<target host="player.cast.switch.ch" />
+	<target host="producer.cast.switch.ch" />
+	<target host="hslu-ch.producer.cast.switch.ch" />
+	<target host="phlu-ch.producer.cast.switch.ch" />
+	<target host="cast-test.switch.ch" />
+	<target host="download.cast-test.switch.ch" />
+	<target host="player.cast-test.switch.ch" />
+	<target host="producer.cast-test.switch.ch" />
+	<target host="certrepo.switch.ch" />
+	<target host="check.switch.ch" />
+	<target host="dataanalytics.cloud.switch.ch" />
+	<target host="forum.cloud.switch.ch" />
+	<target host="reporting.cloud.switch.ch" />
+	<target host="sandstorm.cloud.switch.ch" />
+	<target host="cylinders.unil.cloud.switch.ch" />
+	<target host="fl-3-137.unil.cloud.switch.ch" />
+	<target host="os.unil.cloud.switch.ch" />
+	<target host="wp7.cloud.switch.ch" />
+	<target host="cylinders.zhdk.cloud.switch.ch" />
+	<target host="fl-0-199.zhdk.cloud.switch.ch" />
+	<target host="fl-0-91.zhdk.cloud.switch.ch" />
+	<target host="fl-4-53.zhdk.cloud.switch.ch" />
+	<target host="fl-6-178.zhdk.cloud.switch.ch" />
+	<target host="os.zhdk.cloud.switch.ch" />
+	<target host="openmaptiles.os.zhdk.cloud.switch.ch" />
+	<target host="switch-production.os.zhdk.cloud.switch.ch" />
+		<test url="http://switch-production.os.zhdk.cloud.switch.ch/organization-banners/661af9be636fc30b.jpg?AWSAccessKeyId=c70ce910fb73491f9933421af7a4fcee&amp;Expires=1515372022&amp;Signature=KS%2FNxjJZ9A0qSTnbVsJ6oOfhv88%3D" />
+		<test url="http://switch-production.os.zhdk.cloud.switch.ch/organization-banners/6d60285226a7fa7d.jpg?AWSAccessKeyId=c70ce910fb73491f9933421af7a4fcee&amp;Expires=1515371769&amp;Signature=X11QwadlTxb1uZmXdWReFzrV0iE%3D" />
+		<exclusion pattern="^http://switch-production\.os\.zhdk\.cloud\.switch\.ch/$" />
+	<target host="switch-video-production.os.zhdk.cloud.switch.ch" />
+		<test url="http://switch-video-production.os.zhdk.cloud.switch.ch/thumbnails/865899/optimized/original.jpg?AWSAccessKeyId=c70ce910fb73491f9933421af7a4fcee&amp;Expires=1515369234&amp;Signature=i%2BvRsWJA%2FYu7UpyioOs%2B3fnibLY%3D" />
+		<test url="http://switch-video-production.os.zhdk.cloud.switch.ch/thumbnails/864661/optimized/large.jpg?AWSAccessKeyId=c70ce910fb73491f9933421af7a4fcee&amp;Expires=1515371769&amp;Signature=Nz4245iGTRcyHb2krZuBIGsKtAc%3D" />
+		<exclusion pattern="^http://switch-video-production\.os\.zhdk\.cloud\.switch\.ch/$" />
+	<target host="cloud-id.switch.ch" />
+	<target host="cloud-id-stage.switch.ch" />
+	<target host="cloudblog.switch.ch" />
+	<target host="collab.switch.ch" />
+	<target host="collab-test.switch.ch" />
+	<target host="cool.switch.ch" />
+	<target host="idpv3.dlu.switch.ch" />
+	<target host="sp.dlu.switch.ch" />
+	<target host="sp2-test.dlu.switch.ch" />
+	<target host="sp3-test.dlu.switch.ch" />
+	<target host="uni-a.dlu.switch.ch" />
+	<target host="uni-be.dlu.switch.ch" />
+	<target host="uni-ci.dlu.switch.ch" />
+	<target host="uni-dd.dlu.switch.ch" />
+	<target host="uni-ee.dlu.switch.ch" />
+	<target host="domainpulse.switch.ch" />
+	<target host="drive.switch.ch" />
+	<target host="drive-stage.switch.ch" />
+	<target host="mfa-dev.ed.switch.ch" />
+	<target host="edu-id.switch.ch" />
+	<target host="eduid.switch.ch" />
+	<target host="engines.switch.ch" />
+	<target host="engines-admin.switch.ch" />
+	<target host="filesender.switch.ch" />
+	<target host="filesender-test.switch.ch" />
+	<target host="fogo.switch.ch" />
+	<target host="forge.switch.ch" />
+	<target host="fuchur.switch.ch" />
+	<target host="gitlab.switch.ch" />
+	<target host="cr.gitlab.switch.ch" />
+	<target host="pages.gitlab.switch.ch" />
+	<target host="prometheus.gitlab.switch.ch" />
+	<target host="node.prometheus.gitlab.switch.ch" />
+	<target host="ham.switch.ch" />
+	<target host="help.switch.ch" />
+	<target host="help-dev.switch.ch" />
+	<target host="help-test.switch.ch" />
+	<target host="identityblog.switch.ch" />
+	<target host="test.idph.switch.ch" />
+	<target host="il-misp.switch.ch" />
+	<target host="interact.switch.ch" />
+	<target host="interact-test.switch.ch" />
+	<target host="jungfrau.switch.ch" />
+	<target host="traffic.lan.switch.ch" />
+	<target host="traffic-dev.lan.switch.ch" />
+	<target host="traffic-test.lan.switch.ch" />
+	<target host="lists.switch.ch" />
+	<target host="lists-test.switch.ch" />
+	<target host="malios.switch.ch" />
+	<target host="mattermost.switch.ch" />
+	<target host="neptun-login.switch.ch" />
+	<target host="sbb-omc.net.switch.ch" />
+	<target host="portal.switch.ch" />
+	<target host="cms.portal.switch.ch" />
+	<target host="portal-dev.switch.ch" />
+	<target host="cms.portal-dev.switch.ch" />
+	<target host="portal-test.switch.ch" />
+	<target host="cms.portal-test.switch.ch" />
+	<target host="portfolio.switch.ch" />
+	<target host="staging.portfolio.switch.ch" />
+	<target host="projects.switch.ch" />
+	<target host="projects-dev.switch.ch" />
+	<target host="projects-test.switch.ch" />
+	<target host="engines.scloud.switch.ch" />
+	<target host="engines-admin.scloud.switch.ch" />
+	<target host="os.s2.scloud.switch.ch" />
+	<target host="securechat.switch.ch" />
+	<target host="security.switch.ch" />
+	<target host="securityblog.switch.ch" />
+	<target host="www.securityblog.switch.ch" />
+	<target host="spedla.switch.ch" />
+	<target host="srp.switch.ch" />
+	<target host="subversion.switch.ch" />
+	<target host="thetis.switch.ch" />
+	<target host="toolbox.switch.ch" />
+	<target host="api.toolbox.switch.ch" />
+	<target host="dev.toolbox.switch.ch" />
+	<target host="api.dev.toolbox.switch.ch" />
+	<target host="dokuwiki.dev.toolbox.switch.ch" />
+	<target host="letodms.dev.toolbox.switch.ch" />
+	<target host="sympa.dev.toolbox.switch.ch" />
+	<target host="discourse.toolbox.switch.ch" />
+	<target host="dokuwiki.toolbox.switch.ch" />
+	<target host="interact.toolbox.switch.ch" />
+	<target host="test.interact.toolbox.switch.ch" />
+	<target host="letodms.toolbox.switch.ch" />
+	<target host="sympa.toolbox.switch.ch" />
+	<target host="test.toolbox.switch.ch" />
+	<target host="api.test.toolbox.switch.ch" />
+	<target host="tube.switch.ch" />
+	<target host="staging.tube.switch.ch" />
+	<target host="vcregister.switch.ch" />
+	<target host="videoconf.switch.ch" />
+	<target host="wayf.switch.ch" />
+	<target host="wayf-test.switch.ch" />
+	<target host="webcam.switch.ch" />
+	<target host="cms.www.switch.ch" />
+	<target host="dev.www.switch.ch" />
+	<target host="misc.www.switch.ch" />
+	<target host="prod.www.switch.ch" />
+	<target host="test.www.switch.ch" />
+	<target host="www-dev.switch.ch" />
+	<target host="cms.www-dev.switch.ch" />
+	<target host="misc.www-dev.switch.ch" />
+	<target host="www-test.switch.ch" />
+	<target host="cms.www-test.switch.ch" />
+	<target host="misc.www-test.switch.ch" />
+	<target host="zeus.switch.ch" />
 
+	<securecookie host="^(cloud-id|drive|filesender|portfolio|tube)?\.switch\.ch$" name=".+" />
 
-	<rule from="^http://((?:help|traffic\.lan|nic|portal|security|wayf|www|cms\.www|misc\.www)\.)?switch\.ch/"
-		to="https://$1switch.ch/" />
+	<!-- Rewrite for redirection pages without HTTPS support -->
+	<rule from="^http://(av\.aai|aai-viewer)\.switch\.ch/"
+		to="https://attribute-viewer.aai.switch.ch/" />
 
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Switch.co.xml b/src/chrome/content/rules/Switch.co.xml
new file mode 100644
index 000000000000..58749880ec58
--- /dev/null
+++ b/src/chrome/content/rules/Switch.co.xml
@@ -0,0 +1,16 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://switch.co/ => https://www.switch.co/: (51, "SSL: no alternative certificate subject name matches target host name 'www.switch.co'")
+
+-->
+<ruleset name="Switch.co" default_off="failed ruleset test">
+
+	<target host="switch.co" />
+	<target host="www.switch.co" />
+
+
+	<rule from="^http://(?:www\.)?switch\.co/"
+		to="https://www.switch.co/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SwitchConcepts.xml b/src/chrome/content/rules/SwitchConcepts.xml
new file mode 100644
index 000000000000..2d94e517b81b
--- /dev/null
+++ b/src/chrome/content/rules/SwitchConcepts.xml
@@ -0,0 +1,77 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://delivery.o.switchadhub.com/ => https://delivery.o.switchadhub.com/: (51, "SSL: no alternative certificate subject name matches target host name 'delivery.o.switchadhub.com'")
+Fetch error: http://pb.switchadhub.com/ => https://pb.switchadhub.com/: (51, "SSL: no alternative certificate subject name matches target host name 'pb.switchadhub.com'")
+Fetch error: http://proxy1.switchadhub.com/ => https://proxy1.switchadhub.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://proxy2.switchadhub.com/ => https://proxy2.switchadhub.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://proxy3.switchadhub.com/ => https://proxy3.switchadhub.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://proxy4.switchadhub.com/ => https://proxy4.switchadhub.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://proxy5.switchadhub.com/ => https://proxy5.switchadhub.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://proxy6.switchadhub.com/ => https://proxy6.switchadhub.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://support.switchconcepts.com/ => https://support.switchconcepts.com/: Too many redirects while fetching 'https://support.switchconcepts.com/'
+
+-->
+
+<ruleset name="Switch Concepts" default_off="failed ruleset test">
+		<!-- not supported:
+		- switchadhub.com
+		- delivery.thg.switchadhub.com
+		- externaldb.switchadhub.com
+		- images.thg.switchadhub.com
+		- switchads.com
+		- www.switchads.com
+		- dev.switchads.com
+		- w.switchads.com
+		- switchconcepts.com
+		- www.switchconcepts.com
+	-->
+
+	<target host="cdn.switchadhub.com" />
+	<target host="delivery.a.switchadhub.com" />
+	<target host="delivery.b.switchadhub.com" />
+	<target host="delivery.c.switchadhub.com" />
+	<target host="delivery.d.switchadhub.com" />
+	<target host="delivery.e.switchadhub.com" />
+	<target host="delivery.f.switchadhub.com" />
+	<target host="delivery.g.switchadhub.com" />
+	<target host="delivery.h.switchadhub.com" />
+	<target host="delivery.o.switchadhub.com" />
+	<target host="delivery.swid.switchads.com" />
+	<target host="delivery.switchadhub.com" />
+	<target host="images.a.switchadhub.com" />
+	<target host="images.b.switchadhub.com" />
+	<target host="images.c.switchadhub.com" />
+	<target host="images.d.switchadhub.com" />
+	<target host="images.e.switchadhub.com" />
+	<target host="images.f.switchadhub.com" />
+	<target host="images.g.switchadhub.com" />
+	<target host="images.h.switchadhub.com" />
+	<target host="images.switchadhub.com" />
+	<target host="pb.switchadhub.com" />
+	<target host="proxy1.switchadhub.com" />
+	<target host="proxy2.switchadhub.com" />
+	<target host="proxy3.switchadhub.com" />
+	<target host="proxy4.switchadhub.com" />
+	<target host="proxy5.switchadhub.com" />
+	<target host="proxy6.switchadhub.com" />
+	<target host="www.a.switchadhub.com" />
+	<target host="www.b.switchadhub.com" />
+	<target host="www.d.switchadhub.com" />
+	<target host="www.e.switchadhub.com" />
+	<target host="www.f.switchadhub.com" />
+	<target host="www.g.switchadhub.com" />
+	<target host="www.h.switchadhub.com" />
+	<target host="www.switchadhub.com" />
+	<target host="support.switchconcepts.com" />
+
+		<test url="http://delivery.g.switchadhub.com/adserver/sat.js" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:"/>
+
+</ruleset>
diff --git a/src/chrome/content/rules/SwitchVPN.xml b/src/chrome/content/rules/SwitchVPN.xml
new file mode 100644
index 000000000000..3ae33254fe1f
--- /dev/null
+++ b/src/chrome/content/rules/SwitchVPN.xml
@@ -0,0 +1,26 @@
+<!--
+	Non-functional domains:
+		- www		(hostname mismatch, CN: switchvpn.net)
+-->
+<ruleset name="Switch VPN">
+	<target host="switchvpn.net" />
+	<target host="www.switchvpn.net" />
+	<target host="secure.switchkonnect.com" />
+	<target host="www.secure.switchkonnect.com" />
+
+  	<securecookie host="^switchvpn\.net$" name=".+" />
+
+	<exclusion pattern="^http://(www\.)?secure\.switchkonnect\.com/(downloads|knowledgebase|announcements)"/>
+
+		<test url="http://secure.switchkonnect.com/downloads/" />
+		<test url="http://secure.switchkonnect.com/knowledgebase/" />
+		<test url="http://secure.switchkonnect.com/announcements/" />
+		<test url="http://secure.switchkonnect.com/knowledgebase.php" />
+
+	<!-- hostname mismatch -->
+	<rule from="^http://www\.switchvpn\.net/"
+		to="https://switchvpn.net/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Switch_Adserver.xml b/src/chrome/content/rules/Switch_Adserver.xml
deleted file mode 100644
index 2465b4c7e8c5..000000000000
--- a/src/chrome/content/rules/Switch_Adserver.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	Fully covered subdomains:
-
-		- delivery
-		- images
-
-		- *.swid:
-
-			- delivery
-
--->
-<ruleset name="Switch Adserver">
-
-	<target host="*.switchadhub.com" />
-
-
-	<securecookie host="^(?:\w+\.a|delivery)\.switchadhub\.com$" name=".+" />
-
-
-	<rule from="^http://(\w+\.a|delivery|imagse|\w+\.swid)\.switchadhub\.com/"
-		to="https://$1.switchadhub.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Switch_Networks.com.au.xml b/src/chrome/content/rules/Switch_Networks.com.au.xml
new file mode 100644
index 000000000000..9bb91b56071e
--- /dev/null
+++ b/src/chrome/content/rules/Switch_Networks.com.au.xml
@@ -0,0 +1,37 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.switchnetworks.com.au/ => https://www.switchnetworks.com.au/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://vweb02.switchnetworks.com.au:2083/ => https://vweb02.switchnetworks.com.au:2083/: (6, 'Could not resolve host: vweb02.switchnetworks.com.au')
+Fetch error: http://vweb02.switchnetworks.com.au:2096/ => https://vweb02.switchnetworks.com.au:2096/: (6, 'Could not resolve host: vweb02.switchnetworks.com.au')
+Fetch error: http://switchnetworks.com.au/ => https://www.switchnetworks.com.au/: (60, 'SSL certificate problem: certificate has expired')
+
+	^switchnetworks.com.au: Server sends no certificate chain, see https://whatsmychaincert.com
+
+
+	Fully covered subdomains:
+
+		- (www.)?	(^ → www)
+		- vweb02...:2083
+		- vweb02...:2096
+
+-->
+<ruleset name="Switch Networks.com.au" default_off="failed ruleset test">
+
+	<target host="switchnetworks.com.au" />
+	<target host="vweb02.switchnetworks.com.au" />
+	<target host="www.switchnetworks.com.au" />
+
+		<test url="http://www.switchnetworks.com.au/" />
+
+
+	<rule from="^http://switchnetworks\.com\.au/"
+		to="https://www.switchnetworks.com.au/" />
+
+
+		<test url="http://vweb02.switchnetworks.com.au:2083/" />
+		<test url="http://vweb02.switchnetworks.com.au:2096/" />
+
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Switchads.com.xml b/src/chrome/content/rules/Switchads.com.xml
deleted file mode 100644
index 1c2b9f5077ce..000000000000
--- a/src/chrome/content/rules/Switchads.com.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	Problematic subdomains:
-
-		- (www.)	(works; mismatched, CN: *.platform.switchads.com)
-
--->
-<ruleset name="Switchads.com" default_off="mismatched">
-
-	<target host="delivery.swid.switchads.com" />
-
-
-	<rule from="^http://delivery\.swid\.switchads\.com/"
-		to="https://delivery.swid.switchads.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Switchboard.lgbt.xml b/src/chrome/content/rules/Switchboard.lgbt.xml
new file mode 100644
index 000000000000..e8d1b9de6000
--- /dev/null
+++ b/src/chrome/content/rules/Switchboard.lgbt.xml
@@ -0,0 +1,8 @@
+<ruleset name="Switchboard.lgbt">
+	<target host="switchboard.lgbt" />
+	<target host="www.switchboard.lgbt" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Switchie.ch.xml b/src/chrome/content/rules/Switchie.ch.xml
new file mode 100644
index 000000000000..598064e661c3
--- /dev/null
+++ b/src/chrome/content/rules/Switchie.ch.xml
@@ -0,0 +1,20 @@
+<!--
+	For other SWITCH coverage, see Switch.ch.xml.
+
+-->
+<ruleset name="Switchie.ch">
+
+	<target host="switchie.ch" />
+	<target host="www.switchie.ch" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?switchie\.ch$" name="^pll_language$" /-->
+
+	<securecookie host="^(?:www\.)?switchie\.ch$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Switchplus.ch.xml b/src/chrome/content/rules/Switchplus.ch.xml
new file mode 100644
index 000000000000..cedd5f22bda6
--- /dev/null
+++ b/src/chrome/content/rules/Switchplus.ch.xml
@@ -0,0 +1,27 @@
+<!--
+	For other SWITCH coverage, see Switch.ch.xml.
+
+
+	^: cert only matches www
+
+-->
+<ruleset name="switchplus.ch">
+
+	<target host="switchplus.ch" />
+	<target host="www.switchplus.ch" />
+	<target host="app.switchplus.ch" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.switchplus\.ch$" name="^(_icl_current_language|_icl_visitor_lang|regapploggedin)$" /-->
+
+	<securecookie host="^www\.switchplus\.ch$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?switchplus\.ch/"
+		to="https://www.switchplus.ch/" />
+
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Swordfishdc.com.xml b/src/chrome/content/rules/Swordfishdc.com.xml
index 1e1d77241595..2181ca4cdfd0 100644
--- a/src/chrome/content/rules/Swordfishdc.com.xml
+++ b/src/chrome/content/rules/Swordfishdc.com.xml
@@ -1,4 +1,10 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://swordfishdc.com/ => https://customer.innometrics.com/: (51, "SSL: no alternative certificate subject name matches target host name 'customer.innometrics.com'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://swordfishdc.com/ => https://customer.innometrics.com/: (28, 'Connection timed out after 10000 milliseconds')
 	For other Innometrics coverage, see Innometrics.com.xml.
 
 
@@ -18,10 +24,10 @@
 	Ads.
 
 -->
-<ruleset name="swordfishdc.com">
+<ruleset name="swordfishdc.com" default_off="failed ruleset test">
 
 	<target host="swordfishdc.com" />
-	<target host="*.swordfishdc.com" />
+	<target host="www.swordfishdc.com" />
 
 
 	<!--	Server does not drop path:
@@ -29,7 +35,4 @@
 	<rule from="^http://(?:www\.)?swordfishdc\.com/"
 		to="https://customer.innometrics.com/" />
 
-	<rule from="^http://media\.swordfishdc\.com/"
-		to="https://a248.e.akamai.net/f/1985/671/7m/media.swordfishdc.com/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Swtor.com.xml b/src/chrome/content/rules/Swtor.com.xml
index 2633b20ea7ba..bd8a45a64dc3 100644
--- a/src/chrome/content/rules/Swtor.com.xml
+++ b/src/chrome/content/rules/Swtor.com.xml
@@ -9,7 +9,8 @@
 <ruleset name="swtor.com (partial)">
 
 	<target host="swtor.com" />
-	<target host="*.swtor.com" />
+	<target host="account.swtor.com" />
+	<target host="www.swtor.com" />
 		<exclusion pattern="^http://(?:www\.)?swtor\.com/(?!user)" />
 
 
@@ -19,4 +20,4 @@
 	<rule from="^http://(?:account\.|www\.)?swtor\.com/"
 		to="https://account.swtor.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Swu.de.xml b/src/chrome/content/rules/Swu.de.xml
new file mode 100644
index 000000000000..75fcd76b0d5e
--- /dev/null
+++ b/src/chrome/content/rules/Swu.de.xml
@@ -0,0 +1,11 @@
+<ruleset name="Stadtwerke Ulm/Neu-Ulm">
+	<target host="swu.de" />
+	<target host="www.swu.de" />
+	<target host="echtzeit.swu.de" />
+	<target host="einkauf.swu.de" />
+	<target host="geschaeftskunden.swu.de" />
+	<target host="kundenbereich.swu.de" />
+
+<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Sycom.xml b/src/chrome/content/rules/Sycom.xml
index f45cef5655ba..13175864e015 100644
--- a/src/chrome/content/rules/Sycom.xml
+++ b/src/chrome/content/rules/Sycom.xml
@@ -2,5 +2,5 @@
   <target host="sycom.co.jp"/>
   <target host="www.sycom.co.jp"/>
 
-  <rule from="^http://(www\.)?sycom\.co\.jp/" to="https://www.sycom.co.jp/"/>
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Sydney-Aquarium.xml b/src/chrome/content/rules/Sydney-Aquarium.xml
new file mode 100644
index 000000000000..1987da24018f
--- /dev/null
+++ b/src/chrome/content/rules/Sydney-Aquarium.xml
@@ -0,0 +1,26 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://secure.sydneyaquarium.com.au/ => https://secure.sydneyaquarium.com.au/: (6, 'Could not resolve host: secure.sydneyaquarium.com.au')
+
+	For other Merlin Entertainments coverage, see Merlin-Entertainments.xml.
+
+	Nonfunctional subdomains:
+		- calendar		(cert mismatch)
+
+-->
+<ruleset name="Sydney Aquarium" default_off="failed ruleset test">
+	<target host="sydneyaquarium.com.au" />
+	<target host="m.sydneyaquarium.com.au" />
+	<target host="secure.sydneyaquarium.com.au" />
+	<target host="www.sydneyaquarium.com.au" />
+
+	<securecookie host=".*\.sydneyaquarium\.com\.au$" name=".+" />
+
+	<!-- HTTP 404: -->
+	<rule from="^http://sydneyaquarium\.com\.au/"
+		to="https://www.sydneyaquarium.com.au/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Sydney-Tower-Eye.xml b/src/chrome/content/rules/Sydney-Tower-Eye.xml
new file mode 100644
index 000000000000..6a5689338f4a
--- /dev/null
+++ b/src/chrome/content/rules/Sydney-Tower-Eye.xml
@@ -0,0 +1,24 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://m.sydneytowereye.com.au/ => https://m.sydneytowereye.com.au/: (51, "SSL: no alternative certificate subject name matches target host name 'm.sydneytowereye.com.au'")
+Fetch error: http://secure.sydneytowereye.com.au/ => https://secure.sydneytowereye.com.au/: (6, 'Could not resolve host: secure.sydneytowereye.com.au')
+
+	For other Merlin Entertainments coverage, see Merlin-Entertainments.xml.
+-->
+
+<ruleset name="Sydney Tower Eye" default_off="failed ruleset test">
+	<target host="sydneytowereye.com.au" />
+	<target host="m.sydneytowereye.com.au" />
+	<target host="secure.sydneytowereye.com.au" />
+	<target host="www.sydneytowereye.com.au" />
+
+	<securecookie host=".*\.sydneytowereye\.com\.au$" name=".+" />
+
+	<!-- HTTP 404: -->
+	<rule from="^http://sydneytowereye\.com\.au/"
+		to="https://www.sydneytowereye.com.au/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SydneysHardRockStory.com.xml b/src/chrome/content/rules/SydneysHardRockStory.com.xml
new file mode 100644
index 000000000000..0dda0df99df3
--- /dev/null
+++ b/src/chrome/content/rules/SydneysHardRockStory.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="SydneysHardRockStory.com">
+	<target host="sydneyshardrockstory.com" />
+	<target host="www.sydneyshardrockstory.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Sydostran.se.xml b/src/chrome/content/rules/Sydostran.se.xml
index 016a3f4ce43c..c29bfe3387a1 100644
--- a/src/chrome/content/rules/Sydostran.se.xml
+++ b/src/chrome/content/rules/Sydostran.se.xml
@@ -1,4 +1,14 @@
-<ruleset name="Sydostran.se">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://sydostran.se/ => https://www.sydostran.se/: (7, 'Failed to connect to www.sydostran.se port 443: Connection timed out')
+Fetch error: http://www.sydostran.se/ => https://www.sydostran.se/: (7, 'Failed to connect to www.sydostran.se port 443: Connection timed out')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://sydostran.se/ => https://www.sydostran.se/: (28, 'Connection timed out after 10001 milliseconds')
+Fetch error: http://www.sydostran.se/ => https://www.sydostran.se/: (28, 'Connection timed out after 10000 milliseconds')
+-->
+<ruleset name="Sydostran.se" default_off="failed ruleset test">
 <target host="sydostran.se" />
 <target host="www.sydostran.se" />
 <rule from="^http://sydostran\.se/" to="https://www.sydostran.se/"/>
diff --git a/src/chrome/content/rules/Sydsvenskan.se.xml b/src/chrome/content/rules/Sydsvenskan.se.xml
new file mode 100644
index 000000000000..e9d97c78ffd6
--- /dev/null
+++ b/src/chrome/content/rules/Sydsvenskan.se.xml
@@ -0,0 +1,34 @@
+<!--
+	Nonfunctional hosts in *.sydsvenskan.se:
+
+		- ^ ᵗ
+		- prenumerera.sydsvenskan.se ᵐ
+		- stjarnklubb.sydsvenskan.se ʳ
+		- wahlgrenska.stiftelsen.sydsvenskan.se ʳ
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+
+	Mixed content:
+
+		- blogg.sydsvenskan.se
+
+-->
+<ruleset name="Sydsvenskan.se">
+	<target host="sydsvenskan.se" />
+	<target host="account.sydsvenskan.se" />
+	<target host="apps.sydsvenskan.se" />
+	<target host="blogg.sydsvenskan.se" />
+	<target host="fusion.sydsvenskan.se" />
+	<target host="www.sydsvenskan.se" />
+
+	<securecookie host="^\w" name=".+" />
+
+	<rule from="^http://sydsvenskan\.se/"
+		to="https://www.sydsvenskan.se/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Syllabusshare-mismatches.xml b/src/chrome/content/rules/Syllabusshare-mismatches.xml
index 369032516511..6c8681c42b6b 100644
--- a/src/chrome/content/rules/Syllabusshare-mismatches.xml
+++ b/src/chrome/content/rules/Syllabusshare-mismatches.xml
@@ -1,9 +1,9 @@
-<ruleset name="Syllabusshare (mismatches)" default_off="mismatch">
+<ruleset name="Syllabusshare (mismatches)" default_off="mismatched">
 
 	<target host="syllabusshare.com"/>
 	<target host="www.syllabusshare.com"/>
 
-	<securecookie host="^(.*\.)?syllabusshare\.com$" name=".*"/>
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http://(?:www\.)?syllabusshare\.com/"
 		to="https://syllabusshare.com/"/>
diff --git a/src/chrome/content/rules/Syllabusshare.xml b/src/chrome/content/rules/Syllabusshare.xml
index e6023d8cf5bc..ef69d9c699ce 100644
--- a/src/chrome/content/rules/Syllabusshare.xml
+++ b/src/chrome/content/rules/Syllabusshare.xml
@@ -1,8 +1,15 @@
-<ruleset name="Syllabusshare (partial)">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://secure.syllabushare.com/ => https://secure.syllabushare.com/: (60, 'SSL certificate problem: certificate has expired')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://secure.syllabushare.com/ => https://secure.syllabushare.com/: (60, 'SSL certificate problem: certificate has expired')
+-->
+<ruleset name="Syllabusshare (partial)" default_off="failed ruleset test">
 
 	<target host="secure.syllabushare.com"/>
 
-	<rule from="^http://secure\.syllabushare\.com/"
-		to="https://secure.syllabushare.com/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Sylvan_Company.com.xml b/src/chrome/content/rules/Sylvan_Company.com.xml
index 64912544a917..b3b21f4a345f 100644
--- a/src/chrome/content/rules/Sylvan_Company.com.xml
+++ b/src/chrome/content/rules/Sylvan_Company.com.xml
@@ -1,19 +1,13 @@
-<!--
-	Other Sylvan Company rulesets:
-
-		- Edge_Snapbacks.com.xml
-
--->
 <ruleset name="Sylvan Company.com">
 
 	<target host="sylvancompany.com" />
-	<target host="*.sylvancompany.com" />
+	<target host="analytics.sylvancompany.com" />
+	<target host="www.sylvancompany.com" />
 
 
 	<securecookie host="^(?:www\.)?sylvancompany\.com$" name=".+" />
 
 
-	<rule from="^http://(analytics\.|www\.)?sylvancompany\.com/"
-		to="https://$1sylvancompany.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Symantec.xml b/src/chrome/content/rules/Symantec.xml
index c9132b126434..49479219383d 100644
--- a/src/chrome/content/rules/Symantec.xml
+++ b/src/chrome/content/rules/Symantec.xml
@@ -1,108 +1,167 @@
 <!--
 	Other Symantec rulesets:
-
 		- Norton.xml
 		- Norton_Online_Backup.xml
 		- Verisign.xml
 
 
-	CDN buckets:
-
-		- d1mj3xqaoh14j0.cloudfront.net
-
-
-	Nonfunctional subdomains:
-
-		- check			(redirects to app-l.marketo.com, mismatched, CN: *.marketo.com)
-		- csaweb
-		- customersupport	(redirects to http, mismatched, CN: slotmatching6.salesforce.com)
-		- entsupport		(times out)
-		- eval			(503, akamai)
-		- lcdls
-		- searchg
-
-
-	Problematic symantec.com subdomains:
-
-		- definitions 		(504, akamai)
-		- esdownload *
-		- go *
-		- investor *
-		- liveupdate *
-		- norton		(akamai)
-		- securityresponse *
-		- secure1		(works, expired)
-		- service1		(works, expired, mismatched, CN: secure1.symantec.com)
-		- sfdoccentral		(works, expired 2011-12-14)
-
-	* Works, akamai
-
-
-	Fully covered subdomains:
-
-		- bcportal
-
+	Non-functional subdomains:
+
+		- accenture	(m)
+		- apidocs	(i)
+		- careers	(SSL connection error)
+		- clicktime	(t)
+		- connect	(m)
+		- click.connect	(m)
+		- cpe	(t)
+		- customersupport	(m)
+		- dell	(SSL handshake failed)
+		- developer	(m)
+		- email	(m)
+		- enterprisesecurity	(m)
+		- entsupport	(m)
+		- seer.entsupport	(m)
+		- et	(i)
+		- esdownload	(m)
+		- eval	(m)
+		- email.everyonesocial	(t)
+		- fujitsu	(m)
+		- gsc	(SSL handshake failed)
+		- buy.norton.com.gtm	(m)
+		- help	(i)
+		- investor	(m)
+		- jp-registry	(e)
+		- know	(m)
+		- lrc	(t)
+		- mft	(i)
+		- app.mktgassets	(m)
+		- images.mktgassets	(m)
+		- mysort	(m)
+		- norton	(m)
+		- nortonshoppingguarantee	(m)
+		- safeweb.norton.com.ntn	(m)
+		- om	(m)
+		- partnerlocator	(m)
+		- app.partnermktg	(m)
+		- pcd	(m)
+		- peering	(i)
+		- psc	(t)
+		- resource	(m)
+		- safeweb	(t)
+		- securityresponse	(m)
+		- service1	(t)
+		- www.ses	(m)
+		- sfdoccentral	(m)
+		- sigs	(t)
+		- ipremoval.sms	(t)
+		- sort	(m)
+		- store	(m)
+		- techcenter	(r)
+		- threat-protection	(m)
+		- veritas	(m)
+		- http.websecurity	(m)
+		- app.website-security	(m)
+		- evcs-crl.ws	(m)
+		- sha1timestamp.ws	(t)
+		- sha256timestamp.ws	(t)
+		- ts-crl.ws	(m)
+		- ts-ocsp.ws	(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
 -->
-<ruleset name="Symantec (partial)">
+<ruleset name="Symantec">
 
 	<target host="symantec.com" />
-	<target host="*.symantec.com" />
-		<!--
-			These redirect to http.
-						-->
-		<exclusion pattern="^http://www\.symantec\.com/connect/(?:$|all-connect$|articles/|blogs/|imagebrowser/view/image/|forums/)" />
-	<target host="*.symanteccloud.com" />
-	<target host="*.symanteccontent.com" />
-	<target host="now.symassets.com" />
-
-
-	<securecookie host="^(?:.*\.)?symantec(?:content)?\.com$" name=".*" />
-
-
-	<!--	//symantec.com/.+:
-			- 404s over https
-			- Redirects to www over http
-					-->
-	<rule from="^https?://symantec\.com/"
-		to="https://www.symantec.com/" />
-
-	<rule from="^https?://check\.symantec\.com/(?:$|\?.*)"
-		to="https://www.symantec.com/" />
-
-	<rule from="^https?://definitions\.symantec\.com/(?:$|\?.*)"
-		to="https://www.symantec.com/business/security_response/definitions.jsp" />
-
-	<rule from="^https?://entsupport\.symantec\.com/(?:$|\?.*)"
-		to="https://www.symantec.com/enterprise/support/index.jsp" />
-
-	<rule from="^https?://go\.symantec\.com/(?:$|\?.*)"
-		to="https://www.symantec.com/index.jsp" />
-
-	<rule from="^https?://om\.symantec\.com/"
-		to="https://veritasnonconsumer.122.2o7.net/" />
-
-	<rule from="^http://(bcportal|buy|careers|customercare|education|transfer\.emea|et|faster|fileconnect|fileshare|licensing(?:programs)?|locator|my?|my(?:-qa|-uat|sort|support|symantec)|oms|partner(?:locator|net(?:-internal|-qa|-sit|-uat|-temp)?|vpn)|phoenix|productadvisor|renewals|(?:corp\.|retail\.)?sarcscan|security|sfprep|sitedirector|scm|solutions|sort|ssae|store|submit|symaccount|symbeta|symlms|telemetrics|vias|vip|(?:desktop|idprotect|toolbar)\.vip|vos|vpn-us-west|vs|webdl|www4?|www-secure)\.symantec\.com/"
-		to="https://$1.symantec.com/" />
-
-	<rule from="^https?://customersupport\.symantec\.com/(resource|servlet)/"
-		to="https://symantec1.secure.force.com/$1/" />
-
-	<rule from="^https?://liveupdate\.symantec\.com/(?:$|\?.*)"
-		to="https://www.symantec.com/security_response/" />
-
-	<rule from="^https?://securityresponse\.symantec\.com/(?:$|\?.*)"
-		to="https://www.symantec.com/security_response/index.jsp" />
-
-	<rule from="^https?://se(?:cur|rvic)e1\.symantec\.com/(\?.*)?$"
-		to="https://www.symantec.com/techsupp/$1" />
-
-	<rule from="^http://(buy|static)\.symanteccloud\.com/"
-		to="https://$1.symanteccloud.com/" />
-
-	<rule from="^http://static(1|2|3)\.symanteccontent\.com/"
-		to="https://static$1.symanteccontent.com/" />
-
-	<rule from="^http://now\.symassets\.com/"
-		to="https://now.symassets.com/" />
+	<target host="www.symantec.com" />
+	<target host="bcportal.symantec.com" />
+	<target host="btsp-portal.symantec.com" />
+	<target host="buy.symantec.com" />
+	<target host="api.connect.symantec.com" />
+	<target host="content.connect.symantec.com" />
+	<target host="cynic.symantec.com" />
+	<target host="deepsight.symantec.com" />
+	<target host="definitions.symantec.com" />
+	<target host="digitalhubshare.symantec.com" />
+	<target host="know.elq.symantec.com" />
+	<target host="resource.elq.symantec.com" />
+	<target host="www.emea.symantec.com" />
+	<target host="entced.symantec.com" />
+	<target host="fileconnect.symantec.com" />
+	<target host="go.symantec.com" />
+	<target host="itchat.symantec.com" />
+	<target host="jp-businessstore.symantec.com" />
+	<target host="k9.symantec.com" />
+	<target host="knowledge.symantec.com" />
+	<target host="lcdls.symantec.com" />
+	<target host="learn-partner.symantec.com" />
+	<target host="licensing.symantec.com" />
+	<target host="liveupdate.symantec.com" />
+	<target host="login.symantec.com" />
+	<target host="mss.symantec.com" />
+	<target host="my.symantec.com" />
+	<target host="nsg.symantec.com" />
+	<target host="origin-symwisedownload.symantec.com" />
+	<target host="osgonlineordering.symantec.com" />
+	<target host="partnernet.symantec.com" />
+	<target host="benefits.partnernet.symantec.com" />
+	<target host="phoenix.symantec.com" />
+	<target host="sice.enc.protect.symantec.com" />
+	<target host="sice.stage.enc.protect.symantec.com" />
+	<target host="eu.quarantine.symantec.com" />
+	<target host="us.quarantine.symantec.com" />
+	<target host="symc.sam.symantec.com" />
+	<target host="vrts.sam.symantec.com" />
+	<target host="searchg.symantec.com" />
+	<target host="security.symantec.com" />
+	<target host="securitycloud.symantec.com" />
+	<target host="sep.securitycloud.symantec.com" />
+	<target host="sepc.securitycloud.symantec.com" />
+	<target host="sitedirector.symantec.com" />
+	<target host="ssaw.symantec.com" />
+	<target host="status.symantec.com" />
+	<target host="email.status.symantec.com" />
+	<target host="submit.symantec.com" />
+	<target host="support.symantec.com" />
+	<target host="symbeta.symantec.com" />
+	<target host="symwisedownload.symantec.com" />
+	<target host="tms.symantec.com" />
+	<target host="trial.symantec.com" />
+	<target host="sso.trm.symantec.com" />
+	<target host="vip.symantec.com" />
+	<target host="idprotect.vip.symantec.com" />
+	<target host="manager.vip.symantec.com" />
+	<target host="vpn-us-east.symantec.com" />
+	<target host="vs.symantec.com" />
+	<target host="webdl.symantec.com" />
+	<target host="websecurity.symantec.com" />
+	<target host="www.websecurity.symantec.com" />
+	<target host="cbc.websecurity.symantec.com" />
+	<target host="cryptoreport.websecurity.symantec.com" />
+	<target host="dcv.websecurity.symantec.com" />
+	<target host="enterprise-ssl-admin.websecurity.symantec.com" />
+	<target host="enterprise-ssl-adminmanager.websecurity.symantec.com" />
+	<target host="evcs.websecurity.symantec.com" />
+	<target host="www.jp.websecurity.symantec.com" />
+	<target host="coupon.jp.websecurity.symantec.com" />
+	<target host="enterprise-ssl-admin.jp.websecurity.symantec.com" />
+	<target host="estimate.jp.websecurity.symantec.com" />
+	<target host="storefront.jp.websecurity.symantec.com" />
+	<target host="securesigning.websecurity.symantec.com" />
+	<target host="trustcenter.websecurity.symantec.com" />
+	<target host="website-security.symantec.com" />
+	<target host="wspp.symantec.com" />
+	<target host="www-secure.symantec.com" />
+	<target host="www4.symantec.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Symbian.xml b/src/chrome/content/rules/Symbian.xml
deleted file mode 100644
index 0cd183ea2a75..000000000000
--- a/src/chrome/content/rules/Symbian.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="Symbian Foundation">
-  <target host="developer.symbian.org" />
-
-  <rule from="^http://developer\.symbian\.org/" to="https://developer.symbian.org/" />
-</ruleset>
-
diff --git a/src/chrome/content/rules/Symbolab.com.xml b/src/chrome/content/rules/Symbolab.com.xml
new file mode 100644
index 000000000000..16354f1d6e67
--- /dev/null
+++ b/src/chrome/content/rules/Symbolab.com.xml
@@ -0,0 +1,21 @@
+<!--
+    Mixed content:
+	    - blog
+		    - some images loaded from blogspot.com *
+
+		* secured by us
+
+	Notes:
+	    - blog
+		    - Cloudflare SSL
+-->
+<ruleset name="Symbolab.com">
+    <target host="symbolab.com" />
+    <target host="www.symbolab.com" />
+    <target host="blog.symbolab.com" />
+
+    <securecookie host="^(www\.|blog\.)?symbolab\.com$" name=".+" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Symfony.com.xml b/src/chrome/content/rules/Symfony.com.xml
new file mode 100644
index 000000000000..621106457155
--- /dev/null
+++ b/src/chrome/content/rules/Symfony.com.xml
@@ -0,0 +1,13 @@
+<!--
+    More SensioLabs rulesets:
+	    - Sensiolabs.com.xml
+-->
+<ruleset name="Symfony.com">
+    <target host="symfony.com" />
+    <target host="www.symfony.com" />
+
+    <securecookie host="^(www\.)?symfony\.com" name=".+" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Symfony.fi.xml b/src/chrome/content/rules/Symfony.fi.xml
new file mode 100644
index 000000000000..3e53bca6255f
--- /dev/null
+++ b/src/chrome/content/rules/Symfony.fi.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- symfony.fi
+		- www.symfony.fi
+
+-->
+<ruleset name="Symfony.fi">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="symfony.fi" />
+	<target host="www.symfony.fi" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?symfony\.fi$" name="^bolt_session$" /-->
+
+	<securecookie host="^(?:www\.)?symfony\.fi$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SymlynX.xml b/src/chrome/content/rules/SymlynX.xml
index 4307c02a4310..2e38ab20421e 100644
--- a/src/chrome/content/rules/SymlynX.xml
+++ b/src/chrome/content/rules/SymlynX.xml
@@ -1,12 +1,20 @@
-<ruleset name="symlynX">
 
-	<target host="symlynx.com"/>
-	<target host="*.symlynx.com"/>
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://symlynx.com/ => https://symlynx.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://symlynx.com/ => https://symlynx.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+-->
+<ruleset name="symlynX" default_off="failed ruleset test">
+
+	<target host="symlynx.com" />
+	<target host="extra.symlynx.com" />
+	<target host="www.symlynx.com" />
 
 	<!--	www redirects to ^ over http,
 		so copy that behavior:
 					-->
-	<rule from="^http://(extra\.|(?:www\.))?symlynx\.com/"
-		to="https://$1symlynx.com/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/SymmetricStrength.com.xml b/src/chrome/content/rules/SymmetricStrength.com.xml
new file mode 100644
index 000000000000..97719083cf22
--- /dev/null
+++ b/src/chrome/content/rules/SymmetricStrength.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="SymmetricStrength.com">
+	<target host="symmetricstrength.com" />
+	<target host="www.symmetricstrength.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Sympa.xml b/src/chrome/content/rules/Sympa.xml
index 1a4c982c2448..135c2db1a9a5 100644
--- a/src/chrome/content/rules/Sympa.xml
+++ b/src/chrome/content/rules/Sympa.xml
@@ -1,20 +1,34 @@
 <!--
-	Problematic subdomains:
+	^sympa.org: Mismatched
 
-		- ^	(mismatched, CN: federation.renater.fr)
-		- demo	(works; mismatched, CN: listes.cru.fr)
+
+	Mixed content:
+
+		- Images on demo, www from www.sympa.org *
+		- Bug on www from www.cru.fr *
+
+	* Secured by us
 
 -->
-<ruleset name="Sympa.org (partial)">
+<ruleset name="Sympa.org">
 
-	<target host="sympa.org" />
+	<!--	Direct rewrites:
+				-->
+	<target host="demo.sympa.org" />
 	<target host="www.sympa.org" />
 
+	<!--	Complications:
+				-->
+	<target host="sympa.org" />
+
 
-	<securecookie host="^www\.sympa\.org$" name=".+" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?sympa\.org/"
+	<rule from="^http://sympa\.org/"
 		to="https://www.sympa.org/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Symplicity.xml b/src/chrome/content/rules/Symplicity.xml
index ff0c1b49bb3d..3862ede9adc4 100644
--- a/src/chrome/content/rules/Symplicity.xml
+++ b/src/chrome/content/rules/Symplicity.xml
@@ -1,13 +1,13 @@
 <ruleset name="Symplicity">
 
 	<target host="symplicity.com" />
-	<target host="*.symplicity.com" />
+	<target host="static.symplicity.com" />
+	<target host="www.symplicity.com" />
 
 
 	<securecookie host="^(?:w*\.)?symplicity\.com$" name=".+" />
 
 
-	<rule from="^http://(static\.|www\.)?symplicity\.com/"
-		to="https://$1symplicity.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Synacor.xml b/src/chrome/content/rules/Synacor.xml
index d66f793face1..f2990bb3a3d2 100644
--- a/src/chrome/content/rules/Synacor.xml
+++ b/src/chrome/content/rules/Synacor.xml
@@ -17,10 +17,11 @@
 -->
 <ruleset name="Synacor (partial)">
 
-	<target host="*.synacor.com" />
+	<target host="static.coral.synacor.com" />
+	<target host="web.coral.synacor.com" />
+	<target host="static.garnet.synacor.com" />
 
 
-	<rule from="^http://((?:static|web)\.coral|static\.garnet)\.synacor\.com/"
-		to="https://$1.synacor.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Synaesthesie.net.xml b/src/chrome/content/rules/Synaesthesie.net.xml
new file mode 100644
index 000000000000..8d4af5c4b1e4
--- /dev/null
+++ b/src/chrome/content/rules/Synaesthesie.net.xml
@@ -0,0 +1,34 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- synaesthesie.net
+		- www.synaesthesie.net
+
+
+	Mixed content:
+
+		- Image from www.synaesthesie.net *
+		- Bug from api.flattr.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Synaesthesie.net">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="synaesthesie.net" />
+	<target host="www.synaesthesie.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?synaesthesie\.net$" name="^PHPSESSID" /-->
+
+	<securecookie host="^(?:www\.)?synaesthesie\.net$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Sync.com.xml b/src/chrome/content/rules/Sync.com.xml
new file mode 100644
index 000000000000..b6b2fcf536dc
--- /dev/null
+++ b/src/chrome/content/rules/Sync.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Sync.com">
+  <target host="sync.com" />
+  <target host="www.sync.com" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SyncBoss.xml b/src/chrome/content/rules/SyncBoss.xml
deleted file mode 100644
index 4009f7f733cf..000000000000
--- a/src/chrome/content/rules/SyncBoss.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)	(redirects to http, valid cert)
-
-
-	Problematic subdomains:
-
-		- www.my	(shows mynomadesk.com)
-
--->
-<ruleset name="SyncBoss (partial)">
-
-	<target host="*.syncboss.com" />
-
-
-	<securecookie host="^my\.syncboss\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?my\.syncboss\.com/"
-		to="https://my.syncboss.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Syncany.org.xml b/src/chrome/content/rules/Syncany.org.xml
new file mode 100644
index 000000000000..62ecfebf7a57
--- /dev/null
+++ b/src/chrome/content/rules/Syncany.org.xml
@@ -0,0 +1,12 @@
+<ruleset name="Syncany.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="syncany.org" />
+	<target host="www.syncany.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Synch.hu.xml b/src/chrome/content/rules/Synch.hu.xml
deleted file mode 100644
index f9b7f4793022..000000000000
--- a/src/chrome/content/rules/Synch.hu.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="Synch.hu (partial)">
-
-	<target host="web.synch.hu" />
-
-
-	<rule from="^http://web\.synch\.hu/"
-		to="https://web.synch.hu/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Synchronicer.dk.xml b/src/chrome/content/rules/Synchronicer.dk.xml
new file mode 100644
index 000000000000..9da044c9fe31
--- /dev/null
+++ b/src/chrome/content/rules/Synchronicer.dk.xml
@@ -0,0 +1,9 @@
+<ruleset name="Synchronicer.dk">
+	<target host="synchronicer.dk" />
+	<target host="www.synchronicer.dk" />
+		<test url="http://www.synchronicer.dk/app?WSLOAD=TipHerlev4229fdF" />
+
+	<securecookie host="(www\.)?synchronicer\.dk" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Syncplicity.xml b/src/chrome/content/rules/Syncplicity.xml
new file mode 100644
index 000000000000..c9b21f2d9c87
--- /dev/null
+++ b/src/chrome/content/rules/Syncplicity.xml
@@ -0,0 +1,18 @@
+<!--
+	Non-functional subdomains:
+		- support		(hostname mismatch, CN: *.zendesk.com, zendesk.com)
+-->
+<ruleset name="Syncplicity">
+	<target host="syncplicity.com" />
+	<target host="www.syncplicity.com" />
+	<target host="my.syncplicity.com" />
+	<target host="sesame.syncplicity.com" />
+	<target host="staging.syncplicity.com" />
+	<target host="purdue.syncplicity.com" />
+	<target host="dev.syncplicity.com" />
+
+  	<securecookie host="^.*\.syncplicity\.com$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Syncsearch.jp.xml b/src/chrome/content/rules/Syncsearch.jp.xml
new file mode 100644
index 000000000000..5330ee375178
--- /dev/null
+++ b/src/chrome/content/rules/Syncsearch.jp.xml
@@ -0,0 +1,26 @@
+<!--
+	Nonfunctional hosts in *syncsearch.jp:
+
+		- (www.)? ʳ
+		- demo ʳ
+		- faq ᵈ
+
+	ᵈ Dropped
+	ʳ Refused
+
+-->
+<ruleset name="Syncsearch.jp (partial)">
+
+	<target host="image.syncsearch.jp" />
+	<target host="pro.syncsearch.jp" />
+	<target host="static.syncsearch.jp" />
+	<target host="www.syncsearch.jp" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Syncthing.net.xml b/src/chrome/content/rules/Syncthing.net.xml
new file mode 100644
index 000000000000..e69eb24a4547
--- /dev/null
+++ b/src/chrome/content/rules/Syncthing.net.xml
@@ -0,0 +1,26 @@
+<!--
+	Login required:
+		build2.syncthing.net
+
+	Redirect to http:
+		relays.syncthing.net
+
+	Invalid certificate:
+		web.syncthing.net
+
+-->
+<ruleset name="Syncthing.net">
+
+	<target host="syncthing.net" />
+	<target host="www.syncthing.net" />
+	<target host="apt.syncthing.net" />
+	<target host="archive.syncthing.net" />
+	<target host="build.syncthing.net" />
+	<target host="data.syncthing.net" />
+	<target host="docs.syncthing.net" />
+	<target host="forum.syncthing.net" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SyndeticS.com.xml b/src/chrome/content/rules/SyndeticS.com.xml
new file mode 100644
index 000000000000..ae5a938712e7
--- /dev/null
+++ b/src/chrome/content/rules/SyndeticS.com.xml
@@ -0,0 +1,47 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://syndetics.com/ => https://syndetics.com/: (56, 'SSL read: error:00000000:lib(0):func(0):reason(0), errno 104')
+Fetch error: http://secure.syndetics.com/ => https://secure.syndetics.com/: (56, 'SSL read: error:00000000:lib(0):func(0):reason(0), errno 104')
+Fetch error: http://www.syndetics.com/ => https://secure.syndetics.com/: (56, 'SSL read: error:00000000:lib(0):func(0):reason(0), errno 104')
+
+	For other ProQuest coverage, see ProQuest.xml.
+
+
+	Nonfunctional hosts in *syndetics.com:
+
+		- proquest *
+
+	* Dropped
+
+
+	www.syndetics.com: Mismatched
+
+-->
+<ruleset name="SyndeticS.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="syndetics.com" />
+	<target host="secure.syndetics.com" />
+
+	<!--	Complications:
+				-->
+	<target host="www.syndetics.com" />
+
+		<test url="http://syndetics.com/termsofuse.htm" />
+		<test url="http://secure.syndetics.com/index.php?isbn=" />
+		<test url="http://secure.syndetics.com/termsofuse.htm" />
+		<test url="http://www.syndetics.com/termsofuse.htm" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://www\.syndetics\.com/"
+		to="https://secure.syndetics.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Syndie.xml b/src/chrome/content/rules/Syndie.xml
index 0f3c8e23cb6e..49b49052123b 100644
--- a/src/chrome/content/rules/Syndie.xml
+++ b/src/chrome/content/rules/Syndie.xml
@@ -4,7 +4,6 @@
 	<target host="www.syndie.de" />
 
 
-	<rule from="^http://(www\.)?syndie\.de/"
-		to="https://$1syndie.de/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Synergist_SCADA.xml b/src/chrome/content/rules/Synergist_SCADA.xml
index c5b3dcf8a1c1..379522485ead 100644
--- a/src/chrome/content/rules/Synergist_SCADA.xml
+++ b/src/chrome/content/rules/Synergist_SCADA.xml
@@ -1,13 +1,25 @@
-<ruleset name="Synergist SCADA">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://synergistscada.com/ => https://synergistscada.com/: (28, 'Operation timed out after 30000 milliseconds with 0 bytes received')
+Fetch error: http://www.synergistscada.com/ => https://www.synergistscada.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+
+-->
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://synergistscada.com/ => https://synergistscada.com/: Too many redirects while fetching 'https://synergistscada.com/'
+
+-->
+<ruleset name="Synergist SCADA" default_off="failed ruleset test">
 
 	<target host="synergistscada.com" />
-	<target host="*.synergistscada.com" />
+	<target host="www.synergistscada.com" />
 
 
 	<securecookie host="^(?:w*\.)?synergistscada\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?synergistscada\.com/"
-		to="https://$1synergistscada.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Synergy-FOSS.org.xml b/src/chrome/content/rules/Synergy-FOSS.org.xml
new file mode 100644
index 000000000000..608146f8d261
--- /dev/null
+++ b/src/chrome/content/rules/Synergy-FOSS.org.xml
@@ -0,0 +1,22 @@
+<!--
+	Some pages redirect to http.
+
+-->
+<ruleset name="Synergy-FOSS.org (partial)">
+
+	<target host="synergy-foss.org" />
+	<target host="www.synergy-foss.org" />
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="^http://(www\.)?synergy-foss\.org/+($|\?|(blog|code|download|goals|info|osqa|press|related|search|social|spit|wiki)($|[?/]))" /-->
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="^http://(www\.)?synergy-foss\.org/+(css/|(donate|nightly|premium)($|[?/])|favicon\.ico|files/|icons/|img/)" /-->
+
+
+	<rule from="^http://(www\.)?synergy-foss\.org/(?=css/|(?:donate|nightly|premium)(?:$|[?/])|favicon\.ico|files/|icons/|img/)"
+		to="https://$1synergy-foss.org/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Synology.com.tw.xml b/src/chrome/content/rules/Synology.com.tw.xml
new file mode 100644
index 000000000000..b60be5965721
--- /dev/null
+++ b/src/chrome/content/rules/Synology.com.tw.xml
@@ -0,0 +1,23 @@
+<!--
+	For other Synology coverage, see
+
+
+	Nonfunctional domains:
+
+		- blog.synology.com
+		- wiki.synology.com
+
+-->
+<ruleset name="Synology.com.tw" default_off="mismatched">
+
+	<target host="synology.com.tw" />
+	<target host="www.synology.com.tw" />
+
+
+	<securecookie host="^.*\.synology\.com\.tw$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Synology.xml b/src/chrome/content/rules/Synology.xml
index 8736046754e1..9aee7c0b6b85 100644
--- a/src/chrome/content/rules/Synology.xml
+++ b/src/chrome/content/rules/Synology.xml
@@ -1,27 +1,53 @@
+
 <!--
-	Nonfunctional domains:
+Disabled by https-everywhere-checker because:
+Fetch error: http://stc.synology.com/ => https://stc.synology.com/: (6, 'Could not resolve host: stc.synology.com')
+Fetch error: http://synokm.synology.com/ => https://synokm.synology.com/: (6, 'Could not resolve host: synokm.synology.com')
+
+	Other Synology rulesets:
+
+		- Synology.com.tw.xml
+
+
+	Fully covered hosts:
 
-		- blog.synology.com
-		- wiki.synology.com
+		- (www.)?
+		- blog
+		- myds
+		- srs
+		- stc
+		- synokm
+
+
+	Insecure cookies are set for these hosts:
+
+		- myds.synology.com
+		- stc.synology.com
+		- synokm.synology.com
+		- www.synology.com
 
 -->
-<ruleset name="Synology (partial)">
+<ruleset name="Synology.com" default_off="failed ruleset test">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="synology.com" />
-	<target host="*.synology.com" />
-	<target host="synology.com.tw" />
-	<target host="www.synology.com.tw" />
+	<target host="blog.synology.com" />
+	<target host="myds.synology.com" />
+	<target host="srs.synology.com" />
+	<target host="stc.synology.com" />
+	<target host="synokm.synology.com" />
+	<target host="www.synology.com" />
 
 
-	<securecookie host="^.*\.synology\.com(?:\.tw)?$" name=".+" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(myds|stc|synokm|www)\.synology\.com$" name="^PHPSESSID$" /-->
 
+	<securecookie host=".*\.synology\.com$" name=".+" />
 
-	<!--	Cert only matches www.
-					-->
-	<rule from="^https?://(?:www\.)?synology\.com(\.tw)?/"
-		to="https://www.synology.com$1/" />
 
-	<rule from="^http://(myds|srs|stc|synokm)\.synology\.com/"
-		to="https://$1.synology.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Synopsys.xml b/src/chrome/content/rules/Synopsys.xml
index cb457cee31e3..f93de60474a6 100644
--- a/src/chrome/content/rules/Synopsys.xml
+++ b/src/chrome/content/rules/Synopsys.xml
@@ -9,11 +9,14 @@
 
 	<target host="www.synopsys.co.jp" />
 	<target host="synopsys.com" />
-	<target host="*.synopsys.com" />
+	<target host="www.synopsys.com" />
+	<target host="blogs.synopsys.com" />
+	<target host="solvnet.synopsys.com" />
+	<target host="sso.synopsys.com" />
 
 
 	<!--securecookie host="^www\.synopsys\.com$" name="^(BIGipServerwww-prod-MOSS-pool|SynsLC)$" /-->
-	<securecookie host="^\w+\.synopsys\.com$" name=".*" />
+	<securecookie host="^\w+\.synopsys\.com$" name=".+" />
 
 
 	<!--	- !www doesn't exist
diff --git a/src/chrome/content/rules/Synovite-scripts.com.xml b/src/chrome/content/rules/Synovite-scripts.com.xml
index e995e61e75b2..8fa93274f1af 100644
--- a/src/chrome/content/rules/Synovite-scripts.com.xml
+++ b/src/chrome/content/rules/Synovite-scripts.com.xml
@@ -3,7 +3,6 @@
 	<target host="ssl.synovite-scripts.com" />
 
 
-	<rule from="^http://ssl\.synovite-scripts\.com/"
-		to="https://ssl.synovite-scripts.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Syntevo.com.xml b/src/chrome/content/rules/Syntevo.com.xml
new file mode 100644
index 000000000000..170082322ec3
--- /dev/null
+++ b/src/chrome/content/rules/Syntevo.com.xml
@@ -0,0 +1,27 @@
+<ruleset name="syntevo.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="syntevo.com" />
+	<target host="www.syntevo.com" />
+
+		<!--	Redirects to http:
+						-->
+		<exclusion pattern="^http://www\.syntevo\.com/blog/(?!wp-content/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.syntevo.com/blog/" />
+			<test url="http://www.syntevo.com/blog/?author=2" />
+			<test url="http://www.syntevo.com/blog/?paged=2" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.syntevo.com/blog/wp-content/themes/syntevo2/style.css" />
+			<test url="http://www.syntevo.com/contact/" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Synthetix.com.xml b/src/chrome/content/rules/Synthetix.com.xml
index e54cda625ea3..f46c906034b0 100644
--- a/src/chrome/content/rules/Synthetix.com.xml
+++ b/src/chrome/content/rules/Synthetix.com.xml
@@ -1,30 +1,20 @@
 <!--
 	Other Synthetix rulesets:
 
-		- Synthetix.info.xml
 
 
 	Nonfunctional subdomains:
 
 		- blog	(shows www)
 
-
-	Mixed content:
-
-		- css on (www.) from fonts.googleapis.com *
-
-		- Image on (www.) from www.synthetix-ec2.com
-
-	* Secured by us
-
 -->
-<ruleset name="Synthetix.com (partial)">
+<ruleset name="Synthetix.com (partial)" default_off="404">
 
 	<target host="synthetix.com" />
 	<target host="www.synthetix.com" />
 
 
-	<rule from="^http://(www\.)?synthetix\.com/"
-		to="https://$1synthetix.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Synthetix.info.xml b/src/chrome/content/rules/Synthetix.info.xml
deleted file mode 100644
index 11081f6d4c4d..000000000000
--- a/src/chrome/content/rules/Synthetix.info.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	For other Synthetix coverage, see Synthetix.com.xml.
-
--->
-<ruleset name="Synthetix.info">
-
-	<target host="synthetix.info" />
-	<target host="www.synthetix.info" />
-	<target host="synthetix.net" />
-	<target host="www.synthetix.net" />
-
-
-	<securecookie host="^synthetix\.(?:info|net)$" name=".+" />
-
-
-	<!--	www redirects to ^ over http,
-		so copy that behavior:
-					-->
-	<rule from="^http://(?:www\.)?synthetix\.(info|net)/"
-		to="https://synthetix.$1/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Synthfont.com.xml b/src/chrome/content/rules/Synthfont.com.xml
new file mode 100644
index 000000000000..58f4d2d16443
--- /dev/null
+++ b/src/chrome/content/rules/Synthfont.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Synthfont.com">
+	<target host="synthfont.com" />
+	<target host="www.synthfont.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Syopajarjestot.xml b/src/chrome/content/rules/Syopajarjestot.xml
index cacb90f3d499..fdf252fff223 100644
--- a/src/chrome/content/rules/Syopajarjestot.xml
+++ b/src/chrome/content/rules/Syopajarjestot.xml
@@ -1,4 +1,7 @@
 <!--
+Automatically by https-everywhere-checker because:
+Fetch error: http://cancer.fi/ => https://cancer-fi.directo.fi/: (6, 'Could not resolve host: cancer.fi')
+Fetch error: http://syoparekisteri.fi/ => https://cancer-fi.directo.fi/syoparekisteri/: (28, 'Connection timed out after 10000 milliseconds')
 Problematic domains:
 	- (www.)cancer.fi		(cert matches *.directo.fi)
 	- (www.)seulonta.fi		(redirects to cancer.fi/seulonta)
@@ -13,13 +16,13 @@ Problematic domains:
 	<target host="syoparekisteri.fi"/>
 	<target host="www.syoparekisteri.fi"/>
 
-	<rule from="^https?://(?:www\.)?cancer\.fi/"
+	<rule from="^http://(?:www\.)?cancer\.fi/"
 		to="https://cancer-fi.directo.fi/"/>
 
 	<rule from="^http://cancer-fi\.directo\.fi/"
 		to="https://cancer-fi.directo.fi/"/>
 
-	<rule from="^https?://(?:www\.)?(seulonta|syoparekisteri)\.fi/"
+	<rule from="^http://(?:www\.)?(seulonta|syoparekisteri)\.fi/"
 		to="https://cancer-fi.directo.fi/$1/"/>
 
 </ruleset>
diff --git a/src/chrome/content/rules/Syracuse_University.xml b/src/chrome/content/rules/Syracuse_University.xml
index c0044c848273..c1a441d5d0ec 100644
--- a/src/chrome/content/rules/Syracuse_University.xml
+++ b/src/chrome/content/rules/Syracuse_University.xml
@@ -3,7 +3,6 @@
 	<target host="faculty.ischool.syr.edu" />
 
 
-	<rule from="^http://faculty\.ischool\.syr\.edu/"
-		to="https://faculty.ischool.syr.edu/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Sys4.de.xml b/src/chrome/content/rules/Sys4.de.xml
new file mode 100644
index 000000000000..fc799bd1f95d
--- /dev/null
+++ b/src/chrome/content/rules/Sys4.de.xml
@@ -0,0 +1,50 @@
+<!--
+	Other sys4 rulesets:
+
+		- Automx.org.xml
+
+	Cert expired:
+		- bravo.sys4.de
+		- mon.sys4.de
+		- secmail.sys4.de
+
+	Cert mismatch:
+		- golf.sys4.de
+		- mike.sys4.de
+		- romeo.sys4.de
+		- stats.sys4.de
+
+	Chain issues:
+		- download.sys4.de
+		- files.sys4.de
+		- foxtrot.sys4.de
+		- ml.oss.sys4.de
+		- ml.srv.sys4.de
+		- ns-v.sys4.de
+
+-->
+<ruleset name="sys4.de">
+
+
+	<target host="sys4.de" />
+	<target host="www.sys4.de" />
+
+	<target host="blog.sys4.de" />
+	<target host="dane.sys4.de" />
+	<target host="forecast.sys4.de" />
+	<target host="ftp.sys4.de" />
+	<target host="kibana.sys4.de" />
+	<target host="log.sys4.de" />
+	<target host="mail.sys4.de" />
+	<target host="meter.sys4.de" />
+	<target host="project.sys4.de" />
+	<target host="sepa.sys4.de" />
+	<target host="src.sys4.de" />
+	<target host="ticket.sys4.de" />
+	<target host="time.sys4.de" />
+	<target host="webmail.sys4.de" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SysAid.com.xml b/src/chrome/content/rules/SysAid.com.xml
new file mode 100644
index 000000000000..7ab9de1deae8
--- /dev/null
+++ b/src/chrome/content/rules/SysAid.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- www.sysaid.com
+
+-->
+<ruleset name="SysAid.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="sysaid.com" />
+	<target host="www.sysaid.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.sysaid\.com$" name="^[\da-f]{32}$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SysWard.com.xml b/src/chrome/content/rules/SysWard.com.xml
new file mode 100644
index 000000000000..68b322d06f59
--- /dev/null
+++ b/src/chrome/content/rules/SysWard.com.xml
@@ -0,0 +1,28 @@
+<!--
+	Mixed content:
+
+		- css from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="SysWard.com">
+
+	<target host="sysward.com" />
+	<target host="www.sysward.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.sysward\.com$" name="^_sys-ward_session_production$" /-->
+
+	<securecookie host="^\.sysward\.com$" name=".+" />
+
+
+	<!--	www redirects to ^ over http,
+		so copy that behavior:
+					-->
+	<rule from="^http://(?:www\.)?sysward\.com/"
+		to="https://sysward.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Sysadmin_Casts.com.xml b/src/chrome/content/rules/Sysadmin_Casts.com.xml
new file mode 100644
index 000000000000..5e23b29102cb
--- /dev/null
+++ b/src/chrome/content/rules/Sysadmin_Casts.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="Sysadmin Casts.com">
+
+	<target host="sysadmincasts.com" />
+	<target host="www.sysadmincasts.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Syscoding.com.xml b/src/chrome/content/rules/Syscoding.com.xml
new file mode 100644
index 000000000000..dd1a05b672f2
--- /dev/null
+++ b/src/chrome/content/rules/Syscoding.com.xml
@@ -0,0 +1,36 @@
+<!--
+	www: Refused
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- syscoding.com
+		- .syscoding.com
+
+-->
+<ruleset name="Syscoding.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="syscoding.com" />
+
+	<!--	Complications:
+				-->
+	<target host="www.syscoding.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^syscoding\.com$" name="^csrftoken$" /-->
+	<!--securecookie host="^\.syscoding\.com$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.?syscoding\.com$" name=".+" />
+
+
+	<rule from="^http://www\.syscoding\.com/"
+		to="https://syscoding.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Sysconfig.org.uk.xml b/src/chrome/content/rules/Sysconfig.org.uk.xml
new file mode 100644
index 000000000000..4f73fce01604
--- /dev/null
+++ b/src/chrome/content/rules/Sysconfig.org.uk.xml
@@ -0,0 +1,13 @@
+<ruleset name="Sysconfig.org.uk">
+
+	<target host="sysconfig.org.uk" />
+	<target host="www.sysconfig.org.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Sysdream.com.xml b/src/chrome/content/rules/Sysdream.com.xml
new file mode 100644
index 000000000000..db7f98caaddf
--- /dev/null
+++ b/src/chrome/content/rules/Sysdream.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .sysdream.com
+
+-->
+<ruleset name="Sysdream.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="sysdream.com" />
+	<target host="www.sysdream.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.sysdream\.com$" name="^SESS[\da-f]{32}$" /-->
+
+	<securecookie host="^\.sysdream\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Sysmex.com.xml b/src/chrome/content/rules/Sysmex.com.xml
new file mode 100644
index 000000000000..78a69bb97cbe
--- /dev/null
+++ b/src/chrome/content/rules/Sysmex.com.xml
@@ -0,0 +1,33 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://sysmex.com/ => https://sysmex.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.sysmex.com/ => https://www.sysmex.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .sysmex.com
+		- www.sysmex.com
+
+-->
+<ruleset name="Sysmex.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="sysmex.com" />
+	<target host="www.sysmex.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.sysmex\.com$" name="^__utm\w+$" /-->
+	<!--securecookie host="^www\.sysmex\.com$" name="^BIGipServer\w+$" /-->
+
+	<securecookie host="^\.sysmex\.com$" name="^__utm\w+$" />
+	<securecookie host="^www\.sysmex\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Sysmocom.de.xml b/src/chrome/content/rules/Sysmocom.de.xml
index 0261f437ed95..b6da264262f3 100644
--- a/src/chrome/content/rules/Sysmocom.de.xml
+++ b/src/chrome/content/rules/Sysmocom.de.xml
@@ -1,17 +1,24 @@
-<ruleset name="sysmocom.de (CAcert, partial)" platform="cacert">
+<!--
+	Non-functional hosts
+		Incomplete certificate chain error:
+			 - dns.sysmocom.de
+			 - downloads.sysmocom.de
+			 - imap.sysmocom.de
+			 - mail.sysmocom.de
+			 - rt.sysmocom.de
 
+		5xx server error:
+			 - piwik.sysmocom.de
+
+		Secure connection redirects to plaintext:
+			 - shop.sysmocom.de
+-->
+<ruleset name="Sysmocom.de (partial)">
 	<target host="sysmocom.de" />
-	<target host="shop.sysmocom.de" />
-	<target host="piwik.sysmocom.de" />
 	<target host="www.sysmocom.de" />
+	<target host="git.sysmocom.de" />
 
-	<rule from="^http://sysmocom\.de/"
-		to="https://www.sysmocom.de/" />
-
-	<rule from="^http://(piwik|www)\.sysmocom\.de/"
-		to="https://$1.sysmocom.de/" />
-
-	<rule from="^http://shop\.sysmocom\.de/(assets|checkout|images|login|stylesheets)"
-		to="https://shop.sysmocom.de/$1" />
+	<securecookie host="^(www\.)?sysmocom\.de$" name=".+" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Syspectr.com.xml b/src/chrome/content/rules/Syspectr.com.xml
new file mode 100644
index 000000000000..a1203dd10039
--- /dev/null
+++ b/src/chrome/content/rules/Syspectr.com.xml
@@ -0,0 +1,14 @@
+<!--
+    More O&O rulesets:
+	    - Oo-software.com
+-->
+<ruleset name="Syspectr.com">
+    <target host="syspectr.com" />
+    <target host="app.syspectr.com" />
+    <target host="www.syspectr.com" />
+
+    <securecookie host="^(app\.|www\.)?syspectr\.com" name=".+" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Sysprofile.de.xml b/src/chrome/content/rules/Sysprofile.de.xml
new file mode 100644
index 000000000000..189517e156de
--- /dev/null
+++ b/src/chrome/content/rules/Sysprofile.de.xml
@@ -0,0 +1,7 @@
+<ruleset name="Sysprofile.de">
+	<target host="sysprofile.de" />
+	<target host="www.sysprofile.de" />
+	<target host="forum.sysprofile.de" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/System76.com.xml b/src/chrome/content/rules/System76.com.xml
index a49440b430b0..b5153680f901 100644
--- a/src/chrome/content/rules/System76.com.xml
+++ b/src/chrome/content/rules/System76.com.xml
@@ -1,7 +1,28 @@
+<!--
+	Redirect to http://support.system76.com
+		archive.system76.com
+		cdn.system76.com
+		docs.system76.com
+		eww.system76.com
+		qwww.system76.com
+		tetryon.system76.com
+		w2ww.system76.com
+		waww.system76.com
+		www3.system76.com
+		wwws.system76.com
+
+	Bad certificate
+		blog.system76.com
+		support.system76.com
+		mail.system76.com
+
+-->
+
 <ruleset name="System76.com">
-  <target host="www.system76.com" />
-  <target host="system76.com" />
-  <rule from="^http://www\.system76\.com/" to="https://www.system76.com/"/>
-  <rule from="^http://system76\.com/" to="https://www.system76.com/"/>
-</ruleset>
 
+	<target host="system76.com" />
+	<target host="www.system76.com" />
+
+	<rule from="^http:" to="https:"/>
+
+</ruleset>
diff --git a/src/chrome/content/rules/SystemIntegra.ru.xml b/src/chrome/content/rules/SystemIntegra.ru.xml
index 020a19098c12..ccad3aca7a73 100644
--- a/src/chrome/content/rules/SystemIntegra.ru.xml
+++ b/src/chrome/content/rules/SystemIntegra.ru.xml
@@ -1,13 +1,12 @@
 <ruleset name="SystemIntegra.ru">
 
 	<target host="systemintegra.ru" />
-	<target host="*.systemintegra.ru" />
+	<target host="www.systemintegra.ru" />
 
 
 	<securecookie host="^\.systemintegra\.ru$" name=".+" />
 
 
-	<rule from="^http://(www\.)?systemintegra\.ru/"
-		to="https://$1systemintegra.ru/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SystemSensor.ca.xml b/src/chrome/content/rules/SystemSensor.ca.xml
new file mode 100644
index 000000000000..9926bebb9fbb
--- /dev/null
+++ b/src/chrome/content/rules/SystemSensor.ca.xml
@@ -0,0 +1,16 @@
+<!--
+	Mismatched:
+		- mybusiness
+
+	Connection reset:
+		- ^
+-->
+<ruleset name="SystemSensor.ca">
+	<target host="systemsensor.ca" />
+	<target host="www.systemsensor.ca" />
+
+	<rule from="^http://systemsensor\.ca/"
+		to="https://www.systemsensor.ca/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/System_Center_Advisor.com.xml b/src/chrome/content/rules/System_Center_Advisor.com.xml
index 582d0e46eafe..669c0021c7ea 100644
--- a/src/chrome/content/rules/System_Center_Advisor.com.xml
+++ b/src/chrome/content/rules/System_Center_Advisor.com.xml
@@ -1,4 +1,11 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://systemcenteradviser.com/ => https://systemcenteradviser.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://systemcenteradviser.net/ => https://systemcenteradviser.net/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://systemcenteradvisor.com/ => https://systemcenteradvisor.com/: (28, 'Connection timed out after 20004 milliseconds')
+Fetch error: http://systemcenteradvisor.net/ => https://systemcenteradvisor.net/: (28, 'Connection timed out after 20000 milliseconds')
+
 	For other Microsoft coverage, see Microsoft.xml.
 
 
@@ -11,25 +18,22 @@
 		- (www.)systemcenteradvisor.net
 
 -->
-<ruleset name="System Center Advisor.com">
+<ruleset name="System Center Advisor.com" default_off="failed ruleset test">
 
 	<target host="systemcenteradviser.com" />
-	<target host="*.systemcenteradviser.com" />
 	<target host="systemcenteradviser.net" />
-	<target host="*.systemcenteradviser.net" />
 	<target host="systemcenteradvisor.com" />
-	<target host="*.systemcenteradvisor.com" />
 	<target host="systemcenteradvisor.net" />
-	<target host="*.systemcenteradvisor.net" />
+	<target host="www.systemcenteradviser.com" />
+	<target host="www.systemcenteradviser.net" />
+	<target host="www.systemcenteradvisor.com" />
+	<target host="www.systemcenteradvisor.net" />
+	<target host="login.systemcenteradvisor.com" />
 
 
 	<securecookie host="^(?:www)?\.systemcenteradvis[eo]r\.(?:com|net)$" name=".+" />
 
 
-	<rule from="^http://(www\.)?systemcenteradvis(e|o)r\.(com|net)/"
-		to="https://$1systemcenteradvis$2r.$3/" />
-
-	<rule from="^http://login\.systemcenteradvisor\.com/"
-		to="https://login.systemcenteradvisor.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/System_Overlord.com.xml b/src/chrome/content/rules/System_Overlord.com.xml
new file mode 100644
index 000000000000..ca22bb82b165
--- /dev/null
+++ b/src/chrome/content/rules/System_Overlord.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="System Overlord.com">
+
+	<target host="systemoverlord.com" />
+	<target host="www.systemoverlord.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Systeme-D.xml b/src/chrome/content/rules/Systeme-D.xml
deleted file mode 100644
index c07b4dd588a7..000000000000
--- a/src/chrome/content/rules/Systeme-D.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<ruleset name="Système D" default_off="mismatch, self-signed">
-
-	<!--	- Cert: systemed.vm.bytemark.co.uk
-		- That domain prints the website's title
-			-->
-	<target host="systemed.net" />
-	<target host="www.systemed.net" />
-
-
-	<securecookie host="^systemed\.net$" name=".*" />
-
-
-	<rule from="^https?://(?:www\.)?systemed\.net/"
-		to="https://systemed.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/SystemeD.net.xml b/src/chrome/content/rules/SystemeD.net.xml
new file mode 100644
index 000000000000..a5b7f7d44d35
--- /dev/null
+++ b/src/chrome/content/rules/SystemeD.net.xml
@@ -0,0 +1,16 @@
+<!--
+	Mixed content from fonts.googleapis.com:
+		blog.systemed.net
+
+-->
+<ruleset name="Système D">
+
+	<target host="systemed.net" />
+	<target host="www.systemed.net" />
+
+	<securecookie host="^systemed\.net$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Systemspace.network.xml b/src/chrome/content/rules/Systemspace.network.xml
new file mode 100644
index 000000000000..12e90cc1921b
--- /dev/null
+++ b/src/chrome/content/rules/Systemspace.network.xml
@@ -0,0 +1,14 @@
+<!--
+	Mismatched:
+		- sct8
+-->
+<ruleset name="Systemspace.network">
+	<target host="systemspace.network" />
+	<target host="www.systemspace.network" />
+	<target host="ex.systemspace.network" />
+	<target host="farewell.systemspace.network" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Syxin.com.xml b/src/chrome/content/rules/Syxin.com.xml
new file mode 100644
index 000000000000..6f0f0c053677
--- /dev/null
+++ b/src/chrome/content/rules/Syxin.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="syxin.com">
+
+	<target host="syxin.com" />
+	<target host="www.syxin.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/T-Engine.org.xml b/src/chrome/content/rules/T-Engine.org.xml
index 0bdeb4bf1c4d..6d226de52324 100644
--- a/src/chrome/content/rules/T-Engine.org.xml
+++ b/src/chrome/content/rules/T-Engine.org.xml
@@ -1,4 +1,9 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://t-engine.org/ => https://www.t-engine.org/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.t-engine.org/ => https://www.t-engine.org/: (60, 'SSL certificate problem: certificate has expired')
+
 	Problematic subdomains:
 
 		- ^	(cert only matches www)
@@ -14,7 +19,7 @@
 	** Secured by us
 
 -->
-<ruleset name="T-Engine.org (partial)">
+<ruleset name="T-Engine.org (partial)" default_off="failed ruleset test">
 
 	<target host="t-engine.org" />
 	<target host="www.t-engine.org" />
diff --git a/src/chrome/content/rules/T-Mobile.com-falsemixed.xml b/src/chrome/content/rules/T-Mobile.com-falsemixed.xml
new file mode 100644
index 000000000000..860a7d6973ba
--- /dev/null
+++ b/src/chrome/content/rules/T-Mobile.com-falsemixed.xml
@@ -0,0 +1,19 @@
+<!--
+	For rules not causing false/broken MCB, see T-Mobile.xml.
+
+-->
+<ruleset name="T-Mobile (false MCB)" platform="mixedcontent">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="videos.t-mobile.com" />
+	<target host="es.videos.t-mobile.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/T-Mobile.nl.xml b/src/chrome/content/rules/T-Mobile.nl.xml
new file mode 100644
index 000000000000..aa3284e43513
--- /dev/null
+++ b/src/chrome/content/rules/T-Mobile.nl.xml
@@ -0,0 +1,64 @@
+<!--
+	For other Deutsche Telekom coverage, see Deutsche_Telekom.xml.
+
+
+	Problematic hosts in *t-mobile.nl:
+
+		- gsm ¹
+		- toestelhulp ²
+
+	¹ Expired
+	² Mismatched
+
+
+	These altnames don't exist:
+
+		- www.forum.t-mobile.nl
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- t-mobile.nl
+		- .accessoires.t-mobile.nl
+		- service.t-mobile.nl
+		- shop.t-mobile.nl
+		- www.t-mobile.nl
+
+
+	Mixed content:
+
+		- css on toestelhulp from static.customersaas.com *
+		- Images on toestelhulp from imageservice.customersaas.com *
+
+	* Secured by us
+
+-->
+<ruleset name="T-Mobile.nl (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="t-mobile.nl" />
+	<target host="accessoires.t-mobile.nl" />
+	<target host="forum.t-mobile.nl" />
+	<!--target host="gsm.t-mobile.nl" /-->
+	<target host="service.t-mobile.nl" />
+	<target host="shop.t-mobile.nl" />
+	<target host="www.t-mobile.nl" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?t-mobile\.nl$" name="^Sid$" /-->
+	<!--securecookie host="^\.accessoires\.t-mobile\.nl$" name="^frontend$" /-->
+	<!--securecookie host="^service\.t-mobile\.nl$" name="^cp_session$" /-->
+	<!--securecookie host="^shop\.t-mobile\.nl$" name="^(?:MAMBOS-eca|goldenTicket)$" /-->
+	<!--securecookie host="^www\.t-mobile\.nl$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^\w" name=".+" />
+	<securecookie host="^\.accessoires\.t-mobile\.nl$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/T-Mobile.xml b/src/chrome/content/rules/T-Mobile.xml
index 091b98c9a773..adb45b61acfa 100644
--- a/src/chrome/content/rules/T-Mobile.xml
+++ b/src/chrome/content/rules/T-Mobile.xml
@@ -1,4 +1,7 @@
 <!--
+
+	For rules causing false/broken MCB, see T-Mobile.com-falsemixed.xml.
+
 	For other Deutsche Telekom coverage, see Deutsche_Telekom.xml.
 
 
@@ -12,142 +15,118 @@
 		- wac.04c7.edgecastcdn.net/0004C7/
 
 
-	Nonfunctional domains:
-
-		- t-mobile.com subdomains:
-
-			- newsroom
-			- cache.deals *
-			- htc **
-			- cache.htc **
-			- locator			(404, mismatched, CN: *.spatialpoint.com)
-			- cache.newsroom *
-			- t-mobile-coverage		(shows videos, mismatched, CN: videos.t-mobile.com)
-
-	* 404, CN: gp1.wac.edgecastcdn.net
-	** Revoked cert
-
-
-	Problematic domains:
-
-		- (www.)tmobile.com *
-		- my.tmobile.com *
-
-		- t-mobile.com subdomains:
-
-			- ^				(cert only matches www)
-			- deals				(shows videos, mismatched, CN: videos.t-mobile.com)
-			- find **
-			- cache.prepaid-phones		(works, CN: gp1.wac.edgecastcdn.net)
-			- cache.videos			(404, CN: gp1.wac.edgecastcdn.net)
-
-		- (www.)tmobile.nl		(redirects to t-mobile.nl over http)
-
-	* Redirects to t-mobile.com over http, mismatched, CN: vip.t-mobile.com
-	** Works, mismatched, CN: find.my.t-mobile.com. Functionally
+	Nonfunctional hosts in *t-mobile.com:
+
+		- explore.business ¹
+		- cache.deals ¹
+		- htc ³
+		- cache.htc ³
+		- investor ⁴
+		- locator ⁵
+		- cache.newsroom ¹
+		- sdc ⁴
+		- t-mobile-coverage ⁶
+
+	¹ Handshake fails
+	¹ 404, CN: gp1.wac.edgecastcdn.net
+	³ Revoked cert
+	⁴ Dropped
+	⁵ 404
+	⁶ Shows another domain
+
+
+	Problematic hosts in *t-mobile.com:
+
+		- b2b ⁷
+		- cache.business ¹
+		- es.explore.business ²
+		- images.businessresources ³
+		- cache.explore	 ¹
+		- find ⁴
+		- cache.prepaid-phones ¹
+		- videos ⁵
+		- cache.videos ⁶
+		- es.videos ⁵
+
+	¹ Expired
+	² TLS unsupported at redirect destination
+	³ Akamai
+	⁴ Works, mismatched, CN: find.my.t-mobile.com. Functionally
 	   equivalent to the latter, but visually different.
+	⁵ Mixed css
+	⁶ Mismatched, CN: gp1.wac.edgecastcdn.net
+	⁷ Incomplete certificate chain
 
 
-	Partially covered domains:
+	Insecure cookies are set for these domains and hosts:
 
-		- deals.t-mobile.com	(→ www.t-mobile.com)
+		- .t-mobile.com
+		- account.t-mobile.com
+		- es.account.t-mobile.com
+		- .ebill.t-mobile.com
+		- explore.t-mobile.com
+		- es.explore.t-mobile.com
+		- my.t-mobile.com
+		- .my.t-mobile.com
+		- account.my.t-mobile.com
+		- es.my.t-mobile.com
+		- m.my.t-mobile.com
+		- newsroom.t-mobile.com
+		- es.support.t-mobile.com
+		- videos.t-mobile.com
+		- es.videos.t-mobile.com
 
 
-	Fully covered domains:
+	Mixed content:
 
-		- tmobileuk.blackberry.com
-		- www.tmobileuk.blackberry.com		(→ tmobileuk.blackberry.com)
-		- (www.)tmobile.com			(→ www.t-mobile.com)
-		- my.tmobile.com			(→ my.t-mobile.com)
+		- css, on:
 
-		- t-mobile.com subdomains:
+			- videos from www.t-mobile.com *
+			- es.videos from es.t-mobile.com *
 
-			- (www.)			(^ → www)
-			- business
-			- cache.business
-			- ebill
-			- es
-			- explore
-			- cache.explore
-			- my
-			- find.my
-			- prepaid-phones
-			- cache.prepaid-phones		(→ prepaid-phones)
-			- secure-checkout
-			- support
-			- videos
-			- cache.videos			(→ videos)
-			- www
+		- Images, on:
 
-		- (www.)t-mobile.co.uk			(^ → www)
-		- (www.)instantemail.t-mobile.co.uk	(→ tmobileuk.blackberry.com)
-		- (www.)tmobile.nl			(→ www.t-mobile.nl)
-		- (www.)t-mobile.nl			(^ → www)
-		- gsm.t-mobile.nl
+			- find.es from www.t-mobile.com *
+			- find.es from s.tmocache.com *
 
-		- tmocache.com subdomains:
+		- favicon on es.videos from www.t-mobile.com *
 
-			- s.my
-			- s
-
-        - t-mobile.net subdomains:
-
-            - hotspot
+	* Secured by us
 
 -->
-<ruleset name="T-Mobile" platform="mixedcontent">
-
-	<target host="tmobileuk.blackberry.com" />
-	<target host="www.tmobileuk.blackberry.com" />
-	<target host="tmobile.com" />
-	<target host="*.tmobile.com" />
+<ruleset name="T-Mobile.com (partial)">
 	<target host="t-mobile.com" />
-	<target host="*.t-mobile.com" />
-	<target host="t-mobile.co.uk" />
-	<target host="*.t-mobile.co.uk" />
-	<target host="www.*.t-mobile.co.uk"/>
-	<target host="tmobile.nl" />
-	<target host="www.tmobile.nl" />
-	<target host="t-mobile.nl" />
-	<target host="*.t-mobile.nl" />
-	<target host="*.tmocache.com" />
-	<target host="hotspot.t-mobile.net" />
-
-
-	<securecookie host="^(?:business|ebill|explore|my|find\.my|support|videos)\.t-mobile\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?tmobileuk\.blackberry\.com/"
-		to="https://tmobileuk.blackberry.com/" />
-
-	<rule from="^http://(?:www\.)?t-?mobile\.(com|nl)/"
-		to="https://www.t-mobile.$1/" />
-
-	<rule from="^https?://deals\.t-mobile\.com/(?:\?.*)?$"
-		to="https://www.t-mobile.com/shop/phones/?pricerange=0-0&amp;features=371e5c4a-3dc6-4404-86d0-c59f8d8baa3b" />
-
-	<rule from="^http://((?:cache\.)?(?:business|explore)|ebill|es|my|find\.my|secure-checkout|support)\.t-mobile\.com/"
-		to="https://$1.t-mobile.com/" />
-
-	<rule from="^http://my\.t-?mobile\.com/"
-		to="https://my.t-mobile.com/" />
-
-	<rule from="^https?://(?:cache\.)?(prepaid-phone|video)s\.t-mobile\.com/"
-		to="https://$1s.t-mobile.com/" />
-
-	<rule from="^http://(?:www\.)?t-mobile\.co\.uk/"
-		to="https://www.t-mobile.co.uk/" />
-
-	<rule from="^http://(?:www\.)?instantemail\.t-mobile\.co\.uk/"
-		to="https://tmobileuk.blackberry.com/" />
-
-	<rule from="^http://gsm\.t-mobile\.nl/"
-		to="https://gsm.t-mobile.nl/" />
-
-	<rule from="^http://s(\.my)?\.tmocache\.com/"
-        to="https://s$1.tmocache.com/" />
-
-	<rule from="^http://hotspot\.t-mobile\.net/"
-		to="https://hotspot.t-mobile.net/" />
-
+	<target host="www.t-mobile.com" />
+	<target host="account.t-mobile.com" />
+	<target host="es.account.t-mobile.com" />
+	<target host="business.t-mobile.com" />
+	<target host="es.business.t-mobile.com" />
+	<target host="find.business.t-mobile.com" />
+	<target host="ebill.t-mobile.com" />
+	<target host="es.t-mobile.com" />
+	<target host="find.es.t-mobile.com" />
+	<target host="explore.t-mobile.com" />
+	<target host="es.explore.t-mobile.com" />
+	<target host="my.t-mobile.com" />
+	<target host="account.my.t-mobile.com" />
+	<target host="es.account.my.t-mobile.com" />
+	<target host="es.my.t-mobile.com" />
+	<target host="m.my.t-mobile.com" />
+	<target host="manage.my.t-mobile.com" />
+	<target host="es.manage.my.t-mobile.com" />
+	<target host="newsroom.t-mobile.com" />
+	<target host="prepaid-phones.t-mobile.com" />
+	<target host="es.prepaid-phones.t-mobile.com" />
+	<target host="secure-checkout.t-mobile.com" />
+	<target host="support.t-mobile.com" />
+	<target host="apps.support.t-mobile.com" />
+	<target host="es.support.t-mobile.com" />
+	<target host="vip.t-mobile.com" />
+	<!--target host="videos.t-mobile.com" /-->
+	<!--target host="es.videos.t-mobile.com" /-->
+	<!--target host="cache.videos.t-mobile.com" /-->
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"	to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/T-Nation.com.xml b/src/chrome/content/rules/T-Nation.com.xml
new file mode 100644
index 000000000000..f206430da062
--- /dev/null
+++ b/src/chrome/content/rules/T-Nation.com.xml
@@ -0,0 +1,53 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://tnation.t-nation.com/ => https://tnation.t-nation.com/: (51, "SSL: no alternative certificate subject name matches target host name 'tnation.t-nation.com'")
+
+	^t-nation.com: Mismatched
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .t-nation.com
+		- biotest.t-nation.com
+		- tnation.t-nation.com
+		- www.t-nation.com
+
+
+	Mixed content:
+
+		- Image on tnation from www.t-nation.com *
+
+	* Secured by us
+
+-->
+<ruleset name="T-Nation.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="biotest.t-nation.com" />
+	<target host="tnation.t-nation.com" />
+	<target host="www.t-nation.com" />
+
+	<!--	Complications:
+				-->
+	<target host="t-nation.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.t-nation\.com$" name="^(?:__cfduid|TFUSER|cf_clearance)$" /-->
+	<!--securecookie host="^biotest\.t-nation\.com$" name="^(?:_ecommAdmin_session|STORE_ID_PROD)$" /-->
+	<!--securecookie host="^tnation\.t-nation\.com$" name="^(?:JSESSIONID|TM_ID_PROD)$" /-->
+	<!--securecookie host="^www\.t-nation\.com$" name="^(?:_publishing_session|ARTICLE_ID_PROD)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://t-nation\.com/"
+		to="https://www.t-nation.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/T-Online.xml b/src/chrome/content/rules/T-Online.xml
index 729794dc2610..55d11fb2947a 100644
--- a/src/chrome/content/rules/T-Online.xml
+++ b/src/chrome/content/rules/T-Online.xml
@@ -1,102 +1,58 @@
 <!--
 	For other Deutsche Telekom coverage, see Deutsche_Telekom.xml.
 
-
-	CDN buckets:
-
-		- toi.ivwbox.de
-		- toi-ssl.ivwbox.de
-
-		- telekom.tipico.com
-
-			- sportwetten
-
-
 	Nonfunctional domains:
 
-		- img.toi.de *
-
-		- t-online.de subdomains:
-
-			- (www.) *
-			- augenblicke *
-			- bilder *
-			- downloads *
-			- dsl-und-dienste *
-			- einkaufswelt *
-			- eltern *
-			- erotik *
-			- gewinnspiele *
-			- handy1 *
-			- hilfe *
-			- hilfe-und-service *
-			- horoskop		(prints "it works!"; mismatched, CN: www.viversum.de)
-			- kids *
-			- lifestyle *
-			- nachrichten *
-			- iss *
-			- partnerfragmente2010 *
-			- routenplaner **
-			- service *
-			- sportwetten	(redirects to http; mismatched, CN: *.tipico.com)
-			- stats *
-			- themen **
-			- top-themen *
-			- unterhaltung *
+		- augenblicke *
+		- downloads *
+		- dsl-und-dienste *
+		- einkaufswelt *
+		- eltern *
+		- handy1 *
+		- hilfe-und-service *
+		- horoskop ***
+		- kids *
+		- lifestyle *
+		- mediencenter **
+		- nachrichten *
+		- partnerfragmente2010 *
+		- service *
+		- sportwetten *
+		- top-themen *
+		- unterhaltung *
+		- wiga ****
 
 	* Refused
-	** Shows suche; mismatched, CN: suche.t-online.de
-
-
-	Problematic subdomains:
-
-		- freemail *
-		- sportdaten *
-
-	* Works; mismatched, CN: webservice.fussball.de
-
-
-	Partially covered subdomains:
-
-		- rezepte	($ redirects to http)
-
-
-	Fully covered subdomains:
-
-		- im.banner
-		- header.cdb
-		- email
-		- fssecure
-		- mediencenter
-		- stayfriends
-		- suche
-		- tbx
-		- wiga
-
-
-	Mixed web bug on suche from stats
-
-	Mixed images on suche from bilder
-
+	** Timeout
+	*** Unable to get local issuer certificate
+	**** Non-2xx HTTP code
 -->
 <ruleset name="T-Online (partial)">
 
-	<target host="t-online.de.intellitxt.com" />
-	<target host="toi.ivwbox.de" />
-	<target host="*.t-online.de" />
-		<exclusion pattern="^http://rezepte\.t-online\.de/(?!sites/)" />
-
-
-	<securecookie host="^(?:\.banner|email|\.mediencenter|stayfriends|suche|tbx)\.t-online\.de$" name=".+" />
-
-
-	<rule from="^http://toi\.ivwbox\.de/"
-		to="https://toi-ssl.ivwbox.de/" />
-
-	<rule from="^http://(im\.banner|header\.cdb|email|fssecure|mediencenter|rezepte|stayfriends|suche|tbx|wiga)\.t-online\.de/"
-		to="https://$1.t-online.de/" />
-
-	<rule from="^http://t-online\.de\.intellitxt\.com/"
-		to="https://ln1-g003.intellitxt.com/" />
+	<target host="t-online.de" />
+	<target host="www.t-online.de" />
+	<target host="im.banner.t-online.de" />
+	<target host="bilder.t-online.de" />
+	<target host="header.cdb.t-online.de" />
+	<target host="email.t-online.de" />
+	<target host="erotik.t-online.de" />
+	<target host="freemail.t-online.de" />
+	<target host="fssecure.t-online.de" />
+	<target host="gewinnspiele.t-online.de" />
+	<target host="hilfe.t-online.de" />
+	<target host="iss.t-online.de" />
+	<target host="routenplaner.t-online.de" />
+	<target host="stats.t-online.de" />
+	<target host="stayfriends.t-online.de" />
+	<target host="suche.t-online.de" />
+	<target host="themen.t-online.de" />
+	<target host="wiga.t-online.de" />
+		<test url="http://wiga.t-online.de/wetter/wetterinfoapp/configAndroid.xml" />
+		<exclusion pattern="^http://wiga\.t-online\.de/$" />
+		<test url="http://wiga.t-online.de/wetter/" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:"/>
 
 </ruleset>
diff --git a/src/chrome/content/rules/T-Shirt_Mojo.xml b/src/chrome/content/rules/T-Shirt_Mojo.xml
deleted file mode 100644
index a98d383c1d19..000000000000
--- a/src/chrome/content/rules/T-Shirt_Mojo.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	!www: cert only matches www
-
--->
-<ruleset name="T-Shirt Mojo">
-
-	<target host="t-shirtmojo.com" />
-	<target host="www.t-shirtmojo.com" />
-
-
-	<securecookie host="^www\.t-shirtmojo\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?t-shirtmojo\.com/"
-		to="https://$1t-shirtmojo.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/T.co.xml b/src/chrome/content/rules/T.co.xml
new file mode 100644
index 000000000000..f7f315e65bba
--- /dev/null
+++ b/src/chrome/content/rules/T.co.xml
@@ -0,0 +1,33 @@
+<!--
+	For other Twitter coverage, see Twitter.xml.
+
+
+	www.t.co: Cert only matches ^t.co
+
+
+	Fully covered domains:
+
+		- (www.)t.co		(www → ^)
+
+
+	Insecure cookies are set for these domains:
+
+		- .t.co
+
+-->
+<ruleset name="T.co">
+
+	<target host="t.co" />
+	<target host="www.t.co" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.t\.co$" name="^muc$" /-->
+
+	<securecookie host="^\.t\.co$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/T0.com.xml b/src/chrome/content/rules/T0.com.xml
new file mode 100644
index 000000000000..73b6e2161513
--- /dev/null
+++ b/src/chrome/content/rules/T0.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="T0.com">
+	<target host="t0.com" />
+	<target host="www.t0.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/T3.io.xml b/src/chrome/content/rules/T3.io.xml
index ec91ea18835e..e232492b4712 100644
--- a/src/chrome/content/rules/T3.io.xml
+++ b/src/chrome/content/rules/T3.io.xml
@@ -1,13 +1,24 @@
-<ruleset name="t3.io">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://t3.io/ => https://t3.io/: (60, 'SSL certificate problem: self signed certificate')
+
+-->
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://t3.io/ => https://t3.io/: (60, 'SSL certificate problem: self signed certificate')
+
+-->
+<ruleset name="t3.io" default_off="failed ruleset test">
 
 	<target host="t3.io" />
-	<target host="*.t3.io" />
+	<target host="www.t3.io" />
 
 
 	<securecookie host="^\.t3\.io$" name=".+" />
 
 
-	<rule from="^http://(www\.)?t3\.io/"
-		to="https://$1t3.io/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/T35-cPanel-Hosting.xml b/src/chrome/content/rules/T35-cPanel-Hosting.xml
index 50c6c212c38e..9e7a766acc88 100644
--- a/src/chrome/content/rules/T35-cPanel-Hosting.xml
+++ b/src/chrome/content/rules/T35-cPanel-Hosting.xml
@@ -5,7 +5,6 @@
 
 
 	<!--	Cert doesn't match !www.	-->
-	<rule from="^http://(?:www\.)?t35\.com/"
-		to="https://www.t35.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/T37.net.xml b/src/chrome/content/rules/T37.net.xml
new file mode 100644
index 000000000000..9e8b9fdc5465
--- /dev/null
+++ b/src/chrome/content/rules/T37.net.xml
@@ -0,0 +1,13 @@
+<!--
+	www: cert only matches ^t37.net
+
+-->
+<ruleset name="t37.net">
+
+	<target host="t37.net" />
+	<target host="www.t37.net" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TACAR.org.xml b/src/chrome/content/rules/TACAR.org.xml
new file mode 100644
index 000000000000..3dfe444fdc83
--- /dev/null
+++ b/src/chrome/content/rules/TACAR.org.xml
@@ -0,0 +1,27 @@
+<!--
+	For other GÉANT Association coverage, see GEANT.org.xml.
+
+
+	Insecure cookies are set for these hosts:
+
+		- tacar.org
+		- www.tacar.org
+
+-->
+<ruleset name="TACAR.org">
+
+	<target host="tacar.org" />
+	<target host="www.tacar.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?tacar\.org$" name="^PHPSESSID" /-->
+
+	<securecookie host="^(?:www\.)?tacar\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TAG24.de.xml b/src/chrome/content/rules/TAG24.de.xml
new file mode 100644
index 000000000000..4858da2bcebc
--- /dev/null
+++ b/src/chrome/content/rules/TAG24.de.xml
@@ -0,0 +1,35 @@
+<!--
+	Invalid certificate:
+		test
+
+	Refused:
+		tag20
+-->
+<ruleset name="TAG24.de">
+
+	<target host="tag24.de" />
+	<target host="www.tag24.de" />
+	<target host="247.tag24.de" />
+	<target host="api.tag24.de" />
+	<target host="assets.tag24.de" />
+	<target host="backlog.tag24.de" />
+	<target host="campus.tag24.de" />
+	<target host="download.tag24.de" />
+	<target host="dynamic.tag24.de" />
+	<target host="fbia.tag24.de" />
+	<target host="go.tag24.de" />
+	<target host="jobs.tag24.de" />
+	<target host="media.tag24.de" />
+	<target host="mein.tag24.de" />
+	<target host="partyboot.tag24.de" />
+	<target host="pizza.tag24.de" />
+	<target host="redmine.tag24.de" />
+	<target host="staging.tag24.de" />
+	<target host="cito.staging.tag24.de" />
+	<target host="story.tag24.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TAG_Online.com.xml b/src/chrome/content/rules/TAG_Online.com.xml
index f23e799bfdf7..30bf95e75795 100644
--- a/src/chrome/content/rules/TAG_Online.com.xml
+++ b/src/chrome/content/rules/TAG_Online.com.xml
@@ -1,24 +1,26 @@
 <!--
 	Nonfunctional subdomains:
 
+		- ^ ¹
 		- blog	(refused)
+		- www ²
 
-
-	Problematic subdomains:
-
-		- ^	(cert only matches www)
+	¹ Refused
+	² Redirects to http
 
 -->
-<ruleset name="TAG Online.com">
+<ruleset name="TAG Online.com (partial)">
 
-	<target host="tagonline.com" />
-	<target host="*.tagonline.com" />
+	<!--	Direct rewrites:
+				-->
+	<target host="secure1.tagonline.com" />
 
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.tagonline\.com/($|wp-content/)" /-->
 
-	<rule from="^http://(?:www\.)?tagonline\.com/"
-		to="https://www.tagonline.com/" />
 
-	<rule from="^http://secure1\.tagonline\.com/"
-		to="https://secure1.tagonline.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/TAIFEX.com.tw.xml b/src/chrome/content/rules/TAIFEX.com.tw.xml
new file mode 100644
index 000000000000..31a4d2bc1c7e
--- /dev/null
+++ b/src/chrome/content/rules/TAIFEX.com.tw.xml
@@ -0,0 +1,31 @@
+<!--
+	Taiwan Futures Exchange
+
+
+	Nonfunctional subdomains:
+
+		- epaper *
+
+	* Refused
+
+
+	^taifex.com.tw doesn't exist.
+
+-->
+<ruleset name="TAIFEX.com.tw">
+
+	<target host="sim.taifex.com.tw" />
+	<target host="www.taifex.com.tw" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^sim\.taifex\.com\.tw$" name="^JSESSIONID$" /-->
+	<!--securecookie host="^www\.taifex\.com\.tw$" name="^(ASPSESSIONID\w+|AX-cookie-POOL_PORTAL)$" /-->
+
+	<securecookie host="^(?:sim|www)\.taifex\.com\.tw$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TARGUSinfo.xml b/src/chrome/content/rules/TARGUSinfo.xml
index dccf04b74a49..b921b68569c7 100644
--- a/src/chrome/content/rules/TARGUSinfo.xml
+++ b/src/chrome/content/rules/TARGUSinfo.xml
@@ -1,16 +1,30 @@
 <!--
+	For other Neustar coverage, see NeuStar.xml.
+
+
 	Nonfunctional domains:
 
 		- (www.)targusinfo.com	(times out)
 
+
+	Fully covered hosts:
+
+		- e1.targusinfo.com
+		- webapp2.targusinfo.com
+
 -->
 <ruleset name="TARGUSinfo">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="adadvisor.net" />
 	<target host="www.adadvisor.net" />
 
+	<target host="e1.targusinfo.com" />
+	<target host="webapp2.targusinfo.com" />
+
 
-	<rule from="^http://(www\.)?adadvisor\.net/"
-		to="https://$1adadvisor.net/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/TAU.ac.il.xml b/src/chrome/content/rules/TAU.ac.il.xml
index 516e9be7cd95..1add39342d50 100644
--- a/src/chrome/content/rules/TAU.ac.il.xml
+++ b/src/chrome/content/rules/TAU.ac.il.xml
@@ -29,13 +29,16 @@
 -->
 <ruleset name="TAU.ac.il (partial)">
 
-	<target host="*.tau.ac.il" />
+	<target host="cs.tau.ac.il" />
+	<target host="www.cs.tau.ac.il" />
+	<target host="course.cs.tau.ac.il" />
+	<target host="forums.cs.tau.ac.il" />
+	<target host="svn.cs.tau.ac.il" />
 
 
 	<rule from="^http://(?:www\.)?cs\.tau\.ac\.il/"
 		to="https://www.cs.tau.ac.il/" />
 
-	<rule from="^http://(course|forums|svn)\.cs\.tau\.ac\.il/"
-		to="https://$1.cs.tau.ac.il/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/TAZ.xml b/src/chrome/content/rules/TAZ.xml
index 43748cfd0351..bfc99260fe84 100644
--- a/src/chrome/content/rules/TAZ.xml
+++ b/src/chrome/content/rules/TAZ.xml
@@ -1,10 +1,22 @@
-<ruleset name="TAZ" platform="mixedcontent">
-  <target host="taz.de" />
-  <target host="blogs.taz.de" />
-  <target host="dl.taz.de" />
-  <target host="www.taz.de" />
+<!--
+	Mismatch:
+		- kunstraub.taz.de
 
-  <rule from="^http://(?:www\.)?taz\.de/" to="https://www.taz.de/"/>
-  <rule from="^http://blogs\.taz\.de/" to="https://blogs.taz.de/"/>
-  <rule from="^http://dl\.taz\.de/" to="https://dl.taz.de/"/>
+	HTTP redirect:
+		- bewegung.taz.de
+-->
+<ruleset name="TAZ">
+	<target host="taz.de"/>
+	<target host="www.taz.de"/>
+	<target host="blogs.taz.de"/>
+	<target host="buchmesse.taz.de"/>
+	<target host="dl.taz.de"/>
+	<target host="download.taz.de"/>
+	<target host="m.taz.de"/>
+	<target host="shop.taz.de"/>
+	<target host="sogo.taz.de"/>
+	<target host="www.buchmesse.taz.de"/>
+
+	<rule from="^http:"
+		to="https:"/>
 </ruleset>
diff --git a/src/chrome/content/rules/TBray.org.xml b/src/chrome/content/rules/TBray.org.xml
index ccf7015994ef..b0d2f6b0f536 100644
--- a/src/chrome/content/rules/TBray.org.xml
+++ b/src/chrome/content/rules/TBray.org.xml
@@ -1,13 +1,15 @@
 <ruleset name="TBray.org">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="tbray.org" />
-	<target host="*.tbray.org" />
+	<target host="www.tbray.org" />
 
 
 	<securecookie host="^(?:www)?\.tbray\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?tbray\.org/"
-		to="https://$1tbray.org/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/TCCA.info.xml b/src/chrome/content/rules/TCCA.info.xml
new file mode 100644
index 000000000000..b63d83999555
--- /dev/null
+++ b/src/chrome/content/rules/TCCA.info.xml
@@ -0,0 +1,8 @@
+<ruleset name="TCCA.info">
+
+	<target host="tcca.info" />
+	<target host="www.tcca.info" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TCD.ie-problematic.xml b/src/chrome/content/rules/TCD.ie-problematic.xml
index 40917815a125..33a0dfae933e 100644
--- a/src/chrome/content/rules/TCD.ie-problematic.xml
+++ b/src/chrome/content/rules/TCD.ie-problematic.xml
@@ -10,7 +10,6 @@
 	<securecookie host="^www\.dsg\.cs\.tcd\.ie$" name=".+" />
 
 
-	<rule from="^http://www\.dsg\.cs\.tcd\.ie/"
-		to="https://www.dsg.cs.tcd.ie/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/TCF_MailVault.info.xml b/src/chrome/content/rules/TCF_MailVault.info.xml
new file mode 100644
index 000000000000..76dcce63ef17
--- /dev/null
+++ b/src/chrome/content/rules/TCF_MailVault.info.xml
@@ -0,0 +1,9 @@
+<ruleset name="TCF MailVault.info">
+
+	<target host="tcfmailvault.info" />
+	<target host="www.tcfmailvault.info" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TCPalm.com.xml b/src/chrome/content/rules/TCPalm.com.xml
index 43851fe0a595..104554ee28c3 100644
--- a/src/chrome/content/rules/TCPalm.com.xml
+++ b/src/chrome/content/rules/TCPalm.com.xml
@@ -1,4 +1,11 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://tcpalmextras.com/ => https://tcpalmextras.com/: (7, 'Failed to connect to tcpalmextras.com port 443: Connection refused')
+Fetch error: http://www.tcpalmextras.com/ => https://www.tcpalmextras.com/: (7, 'Failed to connect to www.tcpalmextras.com port 443: Connection refused')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://tcpalm.com/ => https://www.tcpalm.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.tcpalm.com'")
 	CDN buckets:
 
 		- media.tcpalm.com.edgesuite.net
@@ -42,10 +49,11 @@
 	* → akamai
 
 -->
-<ruleset name="TCPalm.com (partial)">
+<ruleset name="TCPalm.com (partial)" default_off="failed ruleset test">
 
 	<target host="tcpalm.com" />
-	<target host="*.tcpalm.com" />
+	<target host="www.tcpalm.com" />
+	<target host="jobs.tcpalm.com" />
 	<target host="tcpalmextras.com" />
 	<target host="www.tcpalmextras.com" />
 
@@ -61,16 +69,6 @@
 	<rule from="^http://jobs\.tcpalm\.com/"
 		to="https://www.tcpalm.com/hotjobs" />
 
-	<rule from="^http://login\.tcpalm\.com/"
-		to="https://login.tcpalm.com/" />
-
-	<rule from="^http://media\.tcpalm\.com/"
-		to="https://a248.e.akamai.net/f/1683/5970/9m/media.tcpalm.com/" />
-
-	<rule from="^http://web\.tcpalm\.com/"
-		to="https://a248.e.akamai.net/f/194/4034/1m/web.tcpalm.com/" />
-
-	<rule from="^http://(www\.)?tcpalmextras\.com/"
-		to="https://$1tcpalmextras.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TDBank.xml b/src/chrome/content/rules/TDBank.xml
index f98bf4fa45d6..b6493bcaeeaf 100644
--- a/src/chrome/content/rules/TDBank.xml
+++ b/src/chrome/content/rules/TDBank.xml
@@ -1,6 +1,5 @@
 <ruleset name="TD Bank (partial)">
   <target host="onlinebanking.tdbank.com" />
 
-  <rule from="^http://onlinebanking\.tdbank\.com/"
-          to="https://onlinebanking.tdbank.com/" />
-</ruleset>
\ No newline at end of file
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TDC.dk.xml b/src/chrome/content/rules/TDC.dk.xml
new file mode 100644
index 000000000000..45585d8606cc
--- /dev/null
+++ b/src/chrome/content/rules/TDC.dk.xml
@@ -0,0 +1,101 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://clouddisk.tdc.dk/ => https://clouddisk.tdc.dk/: (6, 'Could not resolve host: clouddisk.tdc.dk')
+Fetch error: http://fordele.tdc.dk/ => https://fordele.tdc.dk/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://oam.tdc.dk/ => https://oam.tdc.dk/: (6, 'Could not resolve host: oam.tdc.dk')
+Fetch error: http://om.tdc.dk/ => https://om.tdc.dk/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://shop.tdc.dk/ => https://shop.tdc.dk/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://tdc-wholesale.com/ => https://wholesale.tdc.dk/nordic/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://wholesale.tdc.dk/ => https://wholesale.tdc.dk/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.tdc-wholesale.com/ => https://wholesale.tdc.dk/nordic/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+
+	Other TDC rulesets:
+
+		- C.dk.xml
+		- TDC.no.xml
+		- TDC_Service_Online.com.xml
+
+
+	Nonfunctional subdomains:
+
+		- 118			(refused)
+		- aarsrapport2012	(dropped)
+		- go			(refused)
+		- hastighedstest	(refused)
+		- investor		(timeout)
+		- perspektiv		(mismatch)
+		- play			(refused)
+		- presse		(mismatch)
+		- tdcguide		(refused)
+		- telefonmanualer	(mismatch)
+
+
+	Problematic subdomains:
+
+		- forum		(lithium)
+
+
+	Observed cookie domains:
+
+		- . ¹
+		- shop ²
+
+	¹ Partially secured by us <= accounting
+	  for possible use on uncovered domains
+
+	² Secured by us <= complete coverage
+
+-->
+<ruleset name="TDC.dk (partial)" default_off="failed ruleset test">
+
+	<target host="tdc.dk" />
+	<target host="www.tdc.dk" />
+	<target host="businesscare.tdc.dk" />
+	<target host="clouddisk.tdc.dk" />
+	<target host="erhverv.tdc.dk" />
+	<target host="erhvervkundeservice.tdc.dk" />
+	<target host="fly.tdc.dk" />
+	<target host="fordele.tdc.dk" />
+	<target host="forum.tdc.dk" />
+	<target host="kundeservice.tdc.dk" />
+	<target host="mail.tdc.dk" />
+	<target host="mit.tdc.dk" />
+	<target host="mobil.tdc.dk" />
+	<target host="oam.tdc.dk" />
+	<target host="om.tdc.dk" />
+	<target host="opdaterdinpc.tdc.dk" />
+	<target host="postmaster.tdc.dk" />
+	<target host="privat.tdc.dk" />
+	<target host="reinsurance.tdc.dk" />
+	<target host="selfcare.tdc.dk" />
+	<target host="shop.tdc.dk" />
+	<target host="sikkerhed.tdc.dk" />
+	<target host="tdc-wholesale.com" />
+	<target host="wholesale.tdc.dk" />
+	<target host="www.tdc-wholesale.com" />
+
+	<!--	Set by shop:
+				-->
+	<securecookie host="^\.tdc\.dk$" name="^salg_dwbc$" />
+	<!--
+		Could we  secure either of these safely?
+							-->
+	<!--securecookie host="^\.tdc\.dk$" name="^(ObSSOCookie|VISITORID)$" /-->
+	<securecookie host="^(?:privatalarm|shop)\.tdc\.dk$" name=".+" />
+
+
+	<rule from="^http://forum\.tdc\.dk/"
+		to="https://tdc.i.lithium.com/" />
+
+	<!--	- //+ redirects to http://$
+		- \w+ 404s
+				-->
+	<rule from="^http://(?:www\.)?tdc-wholesale\.com/"
+		to="https://wholesale.tdc.dk/nordic/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TDC.no.xml b/src/chrome/content/rules/TDC.no.xml
new file mode 100644
index 000000000000..c20ba2aef60e
--- /dev/null
+++ b/src/chrome/content/rules/TDC.no.xml
@@ -0,0 +1,34 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://io.tdc.no/ => https://io.tdc.no/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://henvis.tdc.no/ => https://henvis.tdc.no/: (28, 'Connection timed out after 20001 milliseconds')
+
+	For other TDC coverage, see TDC.dk.xml.
+
+
+	Nonfunctional subdomains:
+
+		- (www.) *
+		- go *
+		- m *
+		- henvs *
+		- kundeservice *
+		- marked *
+		- skatt *
+
+	* Dropped
+-->
+<ruleset name="TDC.no (partial)" default_off="failed ruleset test">
+
+	<target host="io.tdc.no" />
+	<target host="kiss.tdc.no" />
+	<target host="um.tdc.no" />
+	<target host="henvis.tdc.no" />
+	<target host="mobilflex.tdc.no" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TDC_Service_Online.com.xml b/src/chrome/content/rules/TDC_Service_Online.com.xml
new file mode 100644
index 000000000000..06fab08775a9
--- /dev/null
+++ b/src/chrome/content/rules/TDC_Service_Online.com.xml
@@ -0,0 +1,18 @@
+<!--
+	For other TDC coverage, see TDC.dk.xml.
+
+-->
+<ruleset name="TDC Service Online.com">
+
+	<target host="tdcserviceonline.com" />
+	<target host="www.tdcserviceonline.com" />
+	<target host="scalesystemweb.tdcserviceonline.com" />
+
+
+	<securecookie host="^(?:www\.)?tdcserviceonline\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TDCanadatrust.com.xml b/src/chrome/content/rules/TDCanadatrust.com.xml
index 8eb84d86447a..4e6398e4891f 100644
--- a/src/chrome/content/rules/TDCanadatrust.com.xml
+++ b/src/chrome/content/rules/TDCanadatrust.com.xml
@@ -2,5 +2,5 @@
   <target host="tdcanadatrust.com" />
   <target host="www.tdcanadatrust.com" />
 
-  <rule from="^http://(?:www\.)?tdcanadatrust\.com/" to="https://www.tdcanadatrust.com/" />
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/TDF-Telekom.fr.xml b/src/chrome/content/rules/TDF-Telekom.fr.xml
new file mode 100644
index 000000000000..6420c7f7100f
--- /dev/null
+++ b/src/chrome/content/rules/TDF-Telekom.fr.xml
@@ -0,0 +1,15 @@
+<ruleset name="TDF-Telecom.fr">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="tdf-telecom.fr" />
+	<target host="www.tdf-telecom.fr" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TDRevolution.xml b/src/chrome/content/rules/TDRevolution.xml
index a61d739eb355..caa8cbaad76b 100644
--- a/src/chrome/content/rules/TDRevolution.xml
+++ b/src/chrome/content/rules/TDRevolution.xml
@@ -4,11 +4,11 @@
 	<target host="www.tdrevolution.com" />
 
 
-	<securecookie host="^www\.tdrevolution\.com$" name=".*" />
+	<securecookie host="^www\.tdrevolution\.com$" name=".+" />
 
 
 	<!--	!www redirects to www.	-->
-	<rule from="^https?://(?:www\.)?tdrevolution\.com/"
+	<rule from="^http://(?:www\.)?tdrevolution\.com/"
 		to="https://www.tdrevolution.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/TDS.net.xml b/src/chrome/content/rules/TDS.net.xml
index ab99c2e84010..637bd10307f2 100644
--- a/src/chrome/content/rules/TDS.net.xml
+++ b/src/chrome/content/rules/TDS.net.xml
@@ -13,7 +13,9 @@
 -->
 <ruleset name="TDS.net (partial)">
 
-	<target host="*.tds.net" />
+	<target host="secure.tds.net" />
+	<target host="sso.tds.net" />
+	<target host="tsm.tds.net" />
 
 
 	<!--	Tracking cookies:
@@ -23,7 +25,6 @@
 	<securecookie host="^sso\.tds\.net$" name=".+" />
 
 
-	<rule from="^http://(secure|sso|tsm)\.tds\.net/"
-		to="https://$1.tds.net/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/TEAC.xml b/src/chrome/content/rules/TEAC.xml
index b452b14f4f0e..7747484a7d4b 100644
--- a/src/chrome/content/rules/TEAC.xml
+++ b/src/chrome/content/rules/TEAC.xml
@@ -1,13 +1,25 @@
-<ruleset name="TEAC (partial)">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://teac.co.jp/ => https://teac.co.jp/: (51, "SSL: no alternative certificate subject name matches target host name 'teac.co.jp'")
+Fetch error: http://www.teac.co.jp/ => https://teac.co.jp/: (51, "SSL: no alternative certificate subject name matches target host name 'teac.co.jp'")
+Fetch error: http://shop.teac.com/ => https://shop.teac.com/: (28, 'Connection timed out after 20000 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://teac.co.jp/ => https://teac.co.jp/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.teac.co.jp/ => https://teac.co.jp/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://shop.teac.com/ => https://shop.teac.com/: (28, 'Connection timed out after 10000 milliseconds')
+-->
+<ruleset name="TEAC (partial)" default_off="failed ruleset test">
 
 	<target host="teac.co.jp"/>
 	<target host="www.teac.co.jp"/>
 	<target host="shop.teac.com"/>
 
-	<rule from="^http://(www\.)?teac\.co\.jp/" to="https://teac.co.jp/"/>
+	<rule from="^http://(?:www\.)?teac\.co\.jp/" to="https://teac.co.jp/"/>
 
 	<rule from="^http://shop\.teac\.com/" to="https://shop.teac.com/"/>
 
-	<securecookie host="^shop\.teac\.com$" name=".*"/>
+	<securecookie host="^shop\.teac\.com$" name=".+" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/TED-mismatches.xml b/src/chrome/content/rules/TED-mismatches.xml
deleted file mode 100644
index 645f8b78b7fe..000000000000
--- a/src/chrome/content/rules/TED-mismatches.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	For rules that are on by default, see TED.xml
-
--->
-<ruleset name="TED (mismatches)" default_off="mismatch">
-
-	<!--	- blog CN: *.wordpress.com
-		- video: Akamai
-				-->
-	<target host="blog.ted.com" />
-	<target host="video.ted.com" />
-
-
-	<rule from="^http://(blog|video)\.ted\.com/"
-		to="https://$1.ted.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/TED.xml b/src/chrome/content/rules/TED.xml
index f90c28683830..7f44d9d3213b 100644
--- a/src/chrome/content/rules/TED.xml
+++ b/src/chrome/content/rules/TED.xml
@@ -1,50 +1,84 @@
 <!--
-	For problematic rules, see TED-mismatches.xml.
+	Invalid certificate:
+		images.ted.com
+			<test url="https://images.ted.com/assets/conferences/TED2016/images/T16_homepage_main.jpg" />
+		t.ted.com
 
+	No working URL known:
+		api.ted.com
 
-	CDN buckets:
+	Redirect to http:
+		blog.ted.com
+		ideas.ted.com
 
-		- video.ted.com.edgesuite.net
-
-		- lvlt.tedcdn.com.c.footprint.net
-
-			- images.ted.com
-
-
-	Nonfunctional domains:
-
-		- conferences.ted.com	(shows default RHEL page)
-		- images.ted.com *
-		- media.ted.com *
-
-	* Times out
+	Time out:
+		video.ted.com
 
 -->
-<ruleset name="TED (buggy)" default_off="breaks videos">
+<ruleset name="TED" >
 
 	<target host="ted.com" />
-	<target host="*.ted.com" />
-		<!--
-			Breaks videos embedded on 3rd-party websites.
-
-			https://mail1.eff.org/pipermail/https-everywhere-rules/2012-May/001134.html
-											-->
-		<exclusion pattern="^https?://images\.ted\.com/crossdomain\.xml$" />
-		<!--
-			Handled in TED-mismatches.xml.
-							-->
-		<exclusion pattern="^http://video\.ted\.com/" />
-	<target host="lvlt.tedcdn.com" />
+	<target host="www.ted.com" />
+	<target host="appletv.ted.com" />
+	<target host="auth.ted.com" />
+	<target host="conferences.ted.com" />
+	<target host="devices.ted.com" />
+	<target host="download.ted.com" />
+		<test url="http://download.ted.com/talks/JimYongKim_2017-320k.mp4" />
+	<target host="ed.ted.com" />
+	<target host="embed.ted.com" />
+		<test url="http://embed.ted.com/talks/jim_yong_kim_doesn_t_everyone_deserve_a_chance_at_a_good_life" />
+	<target host="fellowsblog.ted.com" />
+	<target host="goto.ted.com" />
+	<target host="hello.ted.com" />
+	<target host="hls.ted.com" />
+		<test url="http://hls.ted.com/talks/2806.json" />
+	<target host="images-ssl.ted.com" />
+	<target host="reproxy.ted.com" />
+		<test url="http://images-ssl.ted.com/assets/conferences/TED2016/images/T16_homepage_main.jpg" />
+	<target host="support.ted.com" />
+	<target host="ted2017.ted.com" />
+	<target host="ted2018.ted.com" />
+	<target host="tedglobal2017.ted.com" />
+	<target host="tedlive.ted.com" />
+	<target host="tedwomen2016.ted.com" />
+	<target host="tedwomen2017.ted.com" />
+	<target host="tedxbillion.ted.com" />
+	<target host="tedxinnovations.ted.com" />
+	<target host="tedxtalks.ted.com" />
+
+
+	<target host="img.tedcdn.com" /><!-- Needs test url -->
+	<target host="img-ssl.tedcdn.com" /><!-- Needs test url -->
+	<target host="geo-assets.tedcdn.com" />
+		<test url="http://geo-assets.tedcdn.com/cookie-notice/tcn.js" />
+	<target host="pa.tedcdn.com" />
+		<test url="http://pa.tedcdn.com/mask-icon.svg" />
+	<target host="pb.tedcdn.com" />
+		<test url="http://pb.tedcdn.com/assets/player/flash_hls/player_4_01_002.swf" />
+	<target host="pb-assets.tedcdn.com" />
+		<test url="http://pb-assets.tedcdn.com/system/baubles/files/000/002/348/original/tedlive_poster_image_confpg.jpg" />
+	<target host="pc.tedcdn.com" />
+		<test url="http://pc.tedcdn.com/talk/stream/2017/None/JimYongKim_2017-320k.mp4" />
+	<target host="pe.tedcdn.com" />
+		<test url="http://pe.tedcdn.com/images/ted/f26393b438dfc2ed8c8ae66d0c7291ac08629153_2880x1620.jpg" />
+	<target host="pf.tedcdn.com" />
+		<test url="http://pf.tedcdn.com/images/playlists/20_most_popular_268x268.jpg" />
+	<target host="pi.tedcdn.com" />
+		<test url="http://pi.tedcdn.com/r/pl.tedcdn.com/social/ted-logo-fb.png" />
+	<target host="pl.tedcdn.com" />
+		<test url="http://pl.tedcdn.com/social/ted-logo-fb.png" />
+	<target host="teded.tedcdn.com" />
+		<test url="http://teded.tedcdn.com/assets/application-92442c34a6f7cd903a357eee9c50a770327c3ad82782fb2356c200b403d9f707.css" />
+
+	<target host="tedcinema.com" />
 
   <!-- do not securecookie this ruleset :
     https://trac.torproject.org/projects/tor/ticket/7548
 	  <securecookie host="^.*\.ted\.com$" name=".+" />
   -->
 
-	<rule from="^https?://ed\.ted\.com/"
-		to="https://teded.herokuapp.com/" />
-
-	<rule from="^https?://(?:images\.ted|lvlt\.tedcdn)\.com/"
-		to="https://www.ted.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/TEHTRI-Security.com.xml b/src/chrome/content/rules/TEHTRI-Security.com.xml
index 27b6c6d4a456..46d07a547a1f 100644
--- a/src/chrome/content/rules/TEHTRI-Security.com.xml
+++ b/src/chrome/content/rules/TEHTRI-Security.com.xml
@@ -1,4 +1,10 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://tehtri-security.com/ => https://tehtri-security.com/: (6, 'Could not resolve host: tehtri-security.com')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://tehtri-security.com/ => https://tehtri-security.com/: (6, 'Could not resolve host: tehtri-security.com')
 	Mixed content:
 
 		- Scripts from www *
@@ -12,13 +18,12 @@
 	platform should be removed with Ffx 24.
 
 -->
-<ruleset name="TEHTRI-Security.com" platform="mixedcontent">
+<ruleset name="TEHTRI-Security.com" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="tehtri-security.com" />
 	<target host="www.tehtri-security.com" />
 
 
-	<rule from="^http://(www\.)?tehtri-security\.com/"
-		to="https://$1tehtri-security.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/TFAW.com.xml b/src/chrome/content/rules/TFAW.com.xml
new file mode 100644
index 000000000000..e3a1dab4600a
--- /dev/null
+++ b/src/chrome/content/rules/TFAW.com.xml
@@ -0,0 +1,15 @@
+<!--
+	Refused: tfaw.com
+		- ^ (fixed by this ruleset)
+-->
+
+<ruleset name="TFAW.com">
+	<target host="tfaw.com" />
+	<target host="www.tfaw.com" />
+	<target host="blog.tfaw.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://tfaw\.com/" to="https://www.tfaw.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TF_Sprays.com.xml b/src/chrome/content/rules/TF_Sprays.com.xml
index 73b88482a9cb..e9b7ef9d0668 100644
--- a/src/chrome/content/rules/TF_Sprays.com.xml
+++ b/src/chrome/content/rules/TF_Sprays.com.xml
@@ -1,13 +1,12 @@
 <ruleset name="TF Sprays.com">
 
 	<target host="tfsprays.com" />
-	<target host="*.tfsprays.com" />
+	<target host="www.tfsprays.com" />
 
 
 	<securecookie host="^(?:w*\.)?tfsprays\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?tfsprays\.com/"
-		to="https://$1tfsprays.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/TH-Mittelhessen.de.xml b/src/chrome/content/rules/TH-Mittelhessen.de.xml
new file mode 100644
index 000000000000..68f38d7fb04f
--- /dev/null
+++ b/src/chrome/content/rules/TH-Mittelhessen.de.xml
@@ -0,0 +1,48 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://alumni.th-mittelhessen.de/ => https://alumni.th-mittelhessen.de/: (60, 'SSL certificate problem: certificate has expired')
+
+	For other Mittelhessen University of Applied Sciences coverage, see THM.de.xml.
+
+
+	^th-mittelhessen.de doesn't exist.
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.mni.th-mittelhessen.de
+
+
+	Mixed content:
+
+		- favicon on homepages-fb from www.thm.de *
+
+	* Secured by us
+
+-->
+<ruleset name="TH-Mittelhessen.de" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="alumni.th-mittelhessen.de" />
+	<target host="homepages.th-mittelhessen.de" />
+	<target host="homepages-fb.th-mittelhessen.de" />
+	<target host="www.its.th-mittelhessen.de" />
+	<target host="www.mni.th-mittelhessen.de" />
+	<target host="studien-sb-service.th-mittelhessen.de" />
+	<target host="www.w.th-mittelhessen.de" />
+	<target host="www.th-mittelhessen.de" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.mni\.th-mittelhessen\.de$" name="^(?:[\da-f]{32}|giessenstyle[\d.]+_tpl)$" /-->
+
+	<securecookie host="^www\.mni\.th-mittelhessen\.de$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/THC.xml b/src/chrome/content/rules/THC.xml
deleted file mode 100644
index e2df3a127b2e..000000000000
--- a/src/chrome/content/rules/THC.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	Fully covered subdomains:
-
-		- wiki
-
--->
-<ruleset name="The Hacker's Choice">
-
-	<target host="thc.org"/>
-	<target host="freeworld.thc.org"/>
-	<target host="www.thc.org"/>
-
-	<rule from="^http://(www\.)?thc\.org/"
-		to="https://thc.org/"/>
-
-	<rule from="^http://(freeworld|wiki)\.thc\.org/"
-		to="https://$1.thc.org/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/THM.de.xml b/src/chrome/content/rules/THM.de.xml
new file mode 100644
index 000000000000..d869ffe22c02
--- /dev/null
+++ b/src/chrome/content/rules/THM.de.xml
@@ -0,0 +1,123 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://brueckenkurse.thm.de/ => https://brueckenkurse.thm.de/: (6, 'Could not resolve host: brueckenkurse.thm.de')
+Fetch error: http://cacti.its.thm.de/ => https://cacti.its.thm.de/: (28, 'Connection timed out after 20007 milliseconds')
+Fetch error: http://moodle-ext.thm.de/ => https://moodle-ext.thm.de/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://pharus.thm.de/ => https://pharus.thm.de/: (6, 'Could not resolve host: pharus.thm.de')
+
+	Other Mittelhessen University of Applied Sciences rulesets:
+
+		- TH-Mittelhessen.de.xml
+
+
+	Nonfunctional hosts in *thm.de:
+
+		- fsmni ¹
+		- icampus ²
+		- kobis ²
+		- dualesstudium.m ³
+		- www.m ³
+		- www.me ⁴
+		- www.mnd ⁵
+
+		- dev.mni ²
+		- hackaday.mni ²
+		- jenkins-ci.mni ²
+		- statistics.mni ²
+
+	¹ Shows websites.thm.de
+	² Refused
+	³ Dropped
+	⁴ Shows www.thm.de
+	⁵ Plaintext reply
+
+
+	These altnames don't exist:
+
+		- online-dienste.thm.de
+		- studien-sb-service.thm.de
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- alumni.thm.de
+		- brueckenkurse.thm.de
+		- www.iem.thm.de
+		- www.its.thm.de
+		- www.mni.thm.de
+		- moodle.thm.de
+		- moodle-ext.thm.de
+		- pharus.thm.de
+		- .websites.thm.de
+		- www.w.thm.de
+		- www.thm.de
+
+
+	Mixed content:
+
+		- favicon on homepages-fb from www.thm.de ¹
+
+		- Bugs, on:
+
+			- moodle from cacti.its.thm.de ¹
+			- pharus from statistics.mni.thm.de ²
+			- www.w from $self ¹
+
+	¹ Secured by us
+	² Unsecurable <= refused
+
+-->
+<ruleset name="THM.de (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="thm.de" />
+	<target host="alumni.thm.de" />
+	<target host="arsnova.thm.de" />
+	<target host="www.asta.thm.de" />
+	<target host="brueckenkurse.thm.de" />
+	<target host="cas.thm.de" />
+	<target host="homepages.thm.de" />
+	<target host="homepages-fb.thm.de" />
+	<target host="git.thm.de" />
+	<target host="www.iem.thm.de" />
+	<target host="intra.thm.de" />
+	<target host="intranet.thm.de" />
+
+	<target host="cacti.its.thm.de" />
+	<target host="scripts.its.thm.de" />
+	<target host="www.its.thm.de" />
+
+	<target host="jenkins.mni.thm.de" />
+	<target host="www.mni.thm.de" />
+	<target host="moodle.thm.de" />
+	<target host="moodle-ext.thm.de" />
+	<target host="pharus.thm.de" />
+	<target host="projects.thm.de" />
+	<target host="scm.thm.de" />
+	<target host="websites.thm.de" />
+	<target host="wiki.thm.de" />
+	<target host="www.w.thm.de" />
+	<target host="webmail.thm.de" />
+	<target host="www.thm.de" />
+
+		<test url="http://websites.thm.de/fachschaft/me/phpBB3/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:alumni|www\.iem)\.thm\.de$" name="^fe_typo_user$" /-->
+	<!--securecookie host="^(?:brueckenkurse|www\.its|www)\.thm\.de$" name="^[\da-f]{32}$" /-->
+	<!--securecookie host="^www\.(?:mni|w)\.thm\.de$" name="^(?:[\da-f]{32}|giessenstyle[\d.]+_tpl)$" /-->
+	<!--securecookie host="^moodle(?:-ext)?\.thm\.de$" name="^MoodleSession$" /-->
+	<!--securecookie host="^pharus\.thm\.de$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^\.websites\.thm\.de$" name="^phpbb3_\w+_(?:k|sid|u)$" /-->
+
+	<securecookie host="^(?:\w.*|\.websites)\.thm\.de$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/THN.li.xml b/src/chrome/content/rules/THN.li.xml
new file mode 100644
index 000000000000..400b44f67424
--- /dev/null
+++ b/src/chrome/content/rules/THN.li.xml
@@ -0,0 +1,28 @@
+<!--
+	For other Hacker News coverage, see Thehackernews.com.xml.
+
+
+	Insecure cookies are set for these domains:
+
+		- .thn.li
+
+-->
+<ruleset name="THN.li">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="thn.li" />
+	<target host="www.thn.li" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.thn\.li$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.thn\.li$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/THR.com.xml b/src/chrome/content/rules/THR.com.xml
new file mode 100644
index 000000000000..a1f80a8ca659
--- /dev/null
+++ b/src/chrome/content/rules/THR.com.xml
@@ -0,0 +1,49 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cdn1.thr.com/ => https://cdn1.thr.com/: Too many redirects while fetching 'https://cdn1.thr.com/'
+Fetch error: http://cdn2.thr.com/ => https://cdn2.thr.com/: Too many redirects while fetching 'https://cdn2.thr.com/'
+Fetch error: http://cdn3.thr.com/ => https://cdn3.thr.com/: Too many redirects while fetching 'https://cdn3.thr.com/'
+Fetch error: http://cdn4.thr.com/ => https://cdn4.thr.com/: Too many redirects while fetching 'https://cdn4.thr.com/'
+Fetch error: http://cdn5.thr.com/ => https://cdn5.thr.com/: Too many redirects while fetching 'https://cdn5.thr.com/'
+Fetch error: http://thr.com/ => https://www.hollywoodreporter.com/: Too many redirects while fetching 'https://www.hollywoodreporter.com/'
+Fetch error: http://www.thr.com/ => https://www.hollywoodreporter.com/: Too many redirects while fetching 'https://www.hollywoodreporter.com/'
+
+	(www.)?thr.com: Mismatched
+
+
+	Mixed content:
+
+		- Images from www.billboard.com ¹
+		- Bugs from b.scorecardresearch.com ²
+
+	¹ Unsecurable <= redirects to http
+	² Secured by us
+
+-->
+<ruleset name="THR.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="cdn1.thr.com" />
+	<target host="cdn2.thr.com" />
+	<target host="cdn3.thr.com" />
+	<target host="cdn4.thr.com" />
+	<target host="cdn5.thr.com" />
+
+	<!--	Complications:
+				-->
+	<target host="thr.com" />
+	<target host="www.thr.com" />
+
+
+	<!--	Redirect keeps path, args,
+		and forward slash:
+					-->
+	<rule from="^http://(?:www\.)?thr\.com/"
+		to="https://www.hollywoodreporter.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/THREe.ne.jp.xml b/src/chrome/content/rules/THREe.ne.jp.xml
new file mode 100644
index 000000000000..bb5ddcdc4704
--- /dev/null
+++ b/src/chrome/content/rules/THREe.ne.jp.xml
@@ -0,0 +1,22 @@
+<!--
+	www.three.ne.jp: Mismatched
+
+-->
+<ruleset name="THREe.ne.jp">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="three.ne.jp" />
+
+	<!--	Complications:
+				-->
+	<target host="www.three.ne.jp" />
+
+
+	<rule from="^http://www\.three\.ne\.jp/"
+		to="https://three.ne.jp/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/THW.de.xml b/src/chrome/content/rules/THW.de.xml
new file mode 100644
index 000000000000..9916aa042344
--- /dev/null
+++ b/src/chrome/content/rules/THW.de.xml
@@ -0,0 +1,24 @@
+<!--
+	This domain contains a wildcard DNS record.
+
+	Unable to get local issuer certificate:
+		- uploader.thw.de
+		- www.uploader.thw.de
+-->
+<ruleset name="THW.de (partial)">
+
+	<target host="thw.de" />
+	<target host="www.thw.de" />
+	<target host="br500.thw.de" />
+	<target host="extranet.thw.de" />
+	<target host="www.gfb-bremen.thw.de" />
+	<target host="www.gfb-hamburg.thw.de" />
+	<target host="gfb-muenchen.thw.de" />
+	<target host="www.infozentrum.thw.de" />
+	<target host="m.thw.de" />
+	<target host="www.m.thw.de" />
+	<target host="portal.thw.de" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TIAA-CREF.org.xml b/src/chrome/content/rules/TIAA-CREF.org.xml
new file mode 100644
index 000000000000..2c0defa6afa2
--- /dev/null
+++ b/src/chrome/content/rules/TIAA-CREF.org.xml
@@ -0,0 +1,43 @@
+<!--
+	^tiaa-cref.org: Refused
+
+
+	Fully covered hosts in *tiaa-cref.org:
+
+		- (www.)?	(^ → www)
+		- publictools
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .tiaa-cref.org
+		- publictools.tiaa-cref.org
+
+-->
+<ruleset name="TIAA-CREF.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="publictools.tiaa-cref.org" />
+	<target host="www.tiaa-cref.org" />
+
+	<!--	Complications:
+				-->
+	<target host="tiaa-cref.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.tiaa-cref\.org$" name="^(tiaa_dc|v1st)$" /-->
+	<!--securecookie host="^publictools\.tiaa-cref\.org$" name="^(BIGipServerpool[\w-]+|TS[\da-f]+)$" /-->
+
+	<securecookie host="^publictools\.tiaa-cref\.org$" name=".+" />
+
+
+	<rule from="^http://tiaa-cref\.org/"
+		to="https://www.tiaa-cref.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TIBCO.com.xml b/src/chrome/content/rules/TIBCO.com.xml
index d9f8e7e9abc1..5d1eabad7d68 100644
--- a/src/chrome/content/rules/TIBCO.com.xml
+++ b/src/chrome/content/rules/TIBCO.com.xml
@@ -19,16 +19,23 @@
 -->
 <ruleset name="TIBCO.com (partial)">
 
-	<target host="*.tibco.com" />
+	<target host="docs.tibco.com" />
+	<target host="download.tibco.com" />
+	<target host="support.tibco.com" />
+	<target host="forms2.tibco.com" />
 
 
-	<securecookie host="^(?:download|support)\.tibco\.com$" name=".+" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^docs\.tibco\.com$" name="^_tibcodocs_session$" /-->
 
+	<securecookie host="^(?:docs|download|support)\.tibco\.com$" name=".+" />
 
-	<rule from="^http://(download|support)\.tibco\.com/"
+
+	<rule from="^http://(docs|download|support)\.tibco\.com/"
 		to="https://$1.tibco.com/" />
 
 	<rule from="^http://forms2\.tibco\.com/(cs|image|j|r)s/"
 		to="https://na-sj01.marketo.com/$1s/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/TICKETsage.xml b/src/chrome/content/rules/TICKETsage.xml
index 8e5c273e4ac4..a7ef68af6cd5 100644
--- a/src/chrome/content/rules/TICKETsage.xml
+++ b/src/chrome/content/rules/TICKETsage.xml
@@ -1,13 +1,18 @@
-<ruleset name="TICKETsage">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.ticketsage.com/ => https://www.ticketsage.com/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="TICKETsage" default_off="failed ruleset test">
 
 	<target host="ticketsage.com" />
-	<target host="*.ticketsage.com" />
+	<target host="www.ticketsage.com" />
 
 
 	<securecookie host="^\.ticketsage.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?ticketsage\.com/"
-		to="https://$1ticketsage.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/TIME.com.xml b/src/chrome/content/rules/TIME.com.xml
index ac4b5ebe3e26..f316a87e7134 100644
--- a/src/chrome/content/rules/TIME.com.xml
+++ b/src/chrome/content/rules/TIME.com.xml
@@ -1,54 +1,59 @@
 <!--
-	CDN buckets:
-
-		- tiads.timeinc.net.edgesuite.net
-
-
-	Problematic subdomains:
-
-		- business *
-		- entertainment
-		- healthland *
-		- ideas *
-		- keepingscore *
-		- lightbox *
-		- nation *
-		- newsfeed *
-		- science *
-		- style *
-		- swampland *
-		- techland *
-		- world *
-
-	* Mismatched, handled in WordPress-blogs.xml.
-
-
-	Nonfunctional subdomains:
-
-		- www		(404, akamai)
-
-
-	Fully covered subdomains:
-
-		- smetrics
-		- tiads		(→ akamai)
+	For other Time Inc coverage, see Time_Inc.xml
+
+	Non-functional hosts
+		Couldn't connect to server:
+			 - 100photos.time.com
+
+		SSL peer certificate was not OK:
+			 - 10questions.time.com
+			 - motto.time.com
+			 - thepage.time.com
+
+		Secure connection redirects to plaintext:
+			 - business.time.com
+			 - entertainment.time.com
+			 - healthland.time.com
+			 - ideas.time.com
+			 - labs.time.com
+			 - realestate.money.time.com
+			 - nation.time.com
+			 - newsfeed.time.com
+			 - poy.time.com
+			 - science.time.com
+			 - style.time.com
+			 - swampland.time.com
+			 - time100.time.com
+			 - techland.time.com
+			 - world.time.com
+
+		Time out:
+			 - life.time.com
+			 - lightbox.time.com
+
+		Active mixed content:
+			 - content.time.com
+				<test url="http://content.time.com/time/specials/packages/completelist/0,29569,1991915,00.html" />
+				<test url="http://content.time.com/time/specials/packages/0,28757,1940424,00.html" />
 
 -->
 <ruleset name="TIME.com (partial)">
 
-	<target host="*.time.com" />
-
-
-	<!--	Tracking cookies:
-					-->
-	<securecookie host="^\.time\.com$" name="^(?:gpv_\w\d+|sinvisit_\w|s_\w+)$" />
-	<securecookie host="^subscription\.time\.com$" name=".+" />
-
-
-	<rule from="^http://(profiles|smetrics|subscription)\.time\.com/"
-		to="https://$1.time.com/" />
-
-	<rule from="^http://tiads\.time\.com/"
-		to="https://a248.e.akamai.net/f/259/1/g/tiads.time.com/" />
-
-</ruleset>
\ No newline at end of file
+	<target host="time.com" />
+	<target host="www.time.com" />
+	<target host="assets.time.com" />
+		<test url="http://assets.time.com/scripts/brightcove-facade/1.1.0/brightcove-facade.min.js" />
+	<target host="auth.time.com" />
+	<target host="backissues.time.com" />
+	<target host="pages.email.time.com" />
+	<target host="shop.time.com" />
+	<target host="smetrics.time.com" />
+	<target host="subscription.time.com" />
+	<target host="subscription-assets.time.com" />
+		<test url="http://subscription-assets.time.com/prod/assets/themes/magazines/SUBS/templates/velocity/site/td-learnmore0711/smartphone.html" />
+		<test url="http://subscription-assets.time.com/prod/assets/themes/magazines/default/template-resources/html/legal/amazon/TD/tos.html" />
+		<test url="http://subscription-assets.time.com/prod/assets/themes/magazines/default/template-resources/html/legal/ios/TD/pp.html" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TIP.net.au.xml b/src/chrome/content/rules/TIP.net.au.xml
index 55316e076b21..e3654cdbd1b7 100644
--- a/src/chrome/content/rules/TIP.net.au.xml
+++ b/src/chrome/content/rules/TIP.net.au.xml
@@ -1,14 +1,43 @@
 <!--
-	Some pages redirect to http.
+	For more PCUG.org.au related rules, see PCUG.org.au.xml
 
--->
-<ruleset name="TIP.net.au (partial)" platform="cacert">
+	Non-functional hosts
+		Couldn't connect to server:
+			 - irc.ipv6.tip.net.au
+
+		Timeout was reached:
+			 - mx0.tip.net.au
 
-	<target host="tip.net.au" />
-	<target host="www.tip.net.au" />
+		SSL peer certificate was not OK:
+			 - hosting.ipv4.tip.net.au
+			 - irc.ipv4.tip.net.au
+			 - irc.tip.net.au
+			 - ldap.tip.net.au
+			 - newshost.tip.net.au
+			 - ns1.tip.net.au
 
+		Status code mismatch:
+			 - ftp.tip.net.au
+			 - mx1.ipv4.tip.net.au
+			 - mailhost.tip.net.au
+			 - mx1.tip.net.au
+			 - smtp.tip.net.au
+			 - smtps.tip.net.au
 
-	<rule from="^http://(www\.)?tip\.net\.au/(favicon\.ico|wiki/(?:index\.php\?title=(?:.+&amp;action=raw|Special:UserLogin)|PCUG_logo\.jpg|skins/))"
-		to="https://$1tip.net.au/$2" />
+		Different content:
+			 - tip.net.au
+			 - www.tip.net.au
+			 - ipv4.tip.net.au
+			 - www.ipv4.tip.net.au
+			 - members.ipv4.tip.net.au
+			 - members.tip.net.au
+			 - pide.tip.net.au
+			 - webmail.tip.net.au
+-->
+<ruleset name="TIP.net.au (partial)">
+	<target host="hosting.tip.net.au" />
+	<target host="lists.ipv4.tip.net.au" />
+	<target host="lists.tip.net.au" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TK-Lindau.xml b/src/chrome/content/rules/TK-Lindau.xml
new file mode 100644
index 000000000000..73fe42867a1f
--- /dev/null
+++ b/src/chrome/content/rules/TK-Lindau.xml
@@ -0,0 +1,308 @@
+<!--
+
+	Cert mismatch:
+		- familie-kabel-lindau.de
+
+		- tk-lindau.de
+		- cr2.ffm.tk-lindau.de
+		- fra-csr1.tk-lindau.de
+		- gw-teledata.tk-lindau.de
+		- cr1.li.tk-lindau.de
+		- cr3.li.tk-lindau.de
+		- cs1.li.tk-lindau.de
+		- csw2.dcb.tk-lindau.de
+		- eth-1-1-vfw-008.liu.tk-lindau.de
+		- fw.dcb.tk-lindau.de
+		- lin-cs-kop.tk-lindau.de
+		- liu.tk-lindau.de
+		- lyncdiscover.tk-lindau.de
+		- mx1.tk-lindau.de
+		- security.tk-lindau.de
+		- voice-gateway.tk-lindau.de
+		- voicegw-1.tk-lindau.de
+		- voicegw-10.tk-lindau.de
+		- voicegw-100.tk-lindau.de
+		- voicegw-101.tk-lindau.de
+		- voicegw-102.tk-lindau.de
+		- voicegw-103.tk-lindau.de
+		- voicegw-104.tk-lindau.de
+		- voicegw-105.tk-lindau.de
+		- voicegw-106.tk-lindau.de
+		- voicegw-107.tk-lindau.de
+		- voicegw-108.tk-lindau.de
+		- voicegw-11.tk-lindau.de
+		- voicegw-110.tk-lindau.de
+		- voicegw-111.tk-lindau.de
+		- voicegw-112.tk-lindau.de
+		- voicegw-113.tk-lindau.de
+		- voicegw-114.tk-lindau.de
+		- voicegw-115.tk-lindau.de
+		- voicegw-116.tk-lindau.de
+		- voicegw-117.tk-lindau.de
+		- voicegw-118.tk-lindau.de
+		- voicegw-119.tk-lindau.de
+		- voicegw-12.tk-lindau.de
+		- voicegw-120.tk-lindau.de
+		- voicegw-121.tk-lindau.de
+		- voicegw-122.tk-lindau.de
+		- voicegw-123.tk-lindau.de
+		- voicegw-124.tk-lindau.de
+		- voicegw-125.tk-lindau.de
+		- voicegw-126.tk-lindau.de
+		- voicegw-127.tk-lindau.de
+		- voicegw-128.tk-lindau.de
+		- voicegw-129.tk-lindau.de
+		- voicegw-13.tk-lindau.de
+		- voicegw-130.tk-lindau.de
+		- voicegw-131.tk-lindau.de
+		- voicegw-132.tk-lindau.de
+		- voicegw-133.tk-lindau.de
+		- voicegw-134.tk-lindau.de
+		- voicegw-135.tk-lindau.de
+		- voicegw-136.tk-lindau.de
+		- voicegw-137.tk-lindau.de
+		- voicegw-138.tk-lindau.de
+		- voicegw-139.tk-lindau.de
+		- voicegw-14.tk-lindau.de
+		- voicegw-140.tk-lindau.de
+		- voicegw-141.tk-lindau.de
+		- voicegw-142.tk-lindau.de
+		- voicegw-144.tk-lindau.de
+		- voicegw-145.tk-lindau.de
+		- voicegw-146.tk-lindau.de
+		- voicegw-147.tk-lindau.de
+		- voicegw-148.tk-lindau.de
+		- voicegw-149.tk-lindau.de
+		- voicegw-15.tk-lindau.de
+		- voicegw-150.tk-lindau.de
+		- voicegw-151.tk-lindau.de
+		- voicegw-152.tk-lindau.de
+		- voicegw-153.tk-lindau.de
+		- voicegw-154.tk-lindau.de
+		- voicegw-155.tk-lindau.de
+		- voicegw-156.tk-lindau.de
+		- voicegw-157.tk-lindau.de
+		- voicegw-158.tk-lindau.de
+		- voicegw-159.tk-lindau.de
+		- voicegw-161.tk-lindau.de
+		- voicegw-162.tk-lindau.de
+		- voicegw-163.tk-lindau.de
+		- voicegw-164.tk-lindau.de
+		- voicegw-165.tk-lindau.de
+		- voicegw-166.tk-lindau.de
+		- voicegw-167.tk-lindau.de
+		- voicegw-168.tk-lindau.de
+		- voicegw-169.tk-lindau.de
+		- voicegw-17.tk-lindau.de
+		- voicegw-170.tk-lindau.de
+		- voicegw-171.tk-lindau.de
+		- voicegw-172.tk-lindau.de
+		- voicegw-173.tk-lindau.de
+		- voicegw-174.tk-lindau.de
+		- voicegw-175.tk-lindau.de
+		- voicegw-176.tk-lindau.de
+		- voicegw-177.tk-lindau.de
+		- voicegw-178.tk-lindau.de
+		- voicegw-179.tk-lindau.de
+		- voicegw-18.tk-lindau.de
+		- voicegw-180.tk-lindau.de
+		- voicegw-181.tk-lindau.de
+		- voicegw-182.tk-lindau.de
+		- voicegw-183.tk-lindau.de
+		- voicegw-184.tk-lindau.de
+		- voicegw-185.tk-lindau.de
+		- voicegw-186.tk-lindau.de
+		- voicegw-187.tk-lindau.de
+		- voicegw-188.tk-lindau.de
+		- voicegw-189.tk-lindau.de
+		- voicegw-19.tk-lindau.de
+		- voicegw-190.tk-lindau.de
+		- voicegw-191.tk-lindau.de
+		- voicegw-192.tk-lindau.de
+		- voicegw-193.tk-lindau.de
+		- voicegw-194.tk-lindau.de
+		- voicegw-195.tk-lindau.de
+		- voicegw-196.tk-lindau.de
+		- voicegw-197.tk-lindau.de
+		- voicegw-198.tk-lindau.de
+		- voicegw-199.tk-lindau.de
+		- voicegw-2.tk-lindau.de
+		- voicegw-20.tk-lindau.de
+		- voicegw-200.tk-lindau.de
+		- voicegw-201.tk-lindau.de
+		- voicegw-202.tk-lindau.de
+		- voicegw-203.tk-lindau.de
+		- voicegw-204.tk-lindau.de
+		- voicegw-205.tk-lindau.de
+		- voicegw-206.tk-lindau.de
+		- voicegw-207.tk-lindau.de
+		- voicegw-208.tk-lindau.de
+		- voicegw-209.tk-lindau.de
+		- voicegw-21.tk-lindau.de
+		- voicegw-210.tk-lindau.de
+		- voicegw-211.tk-lindau.de
+		- voicegw-212.tk-lindau.de
+		- voicegw-213.tk-lindau.de
+		- voicegw-214.tk-lindau.de
+		- voicegw-215.tk-lindau.de
+		- voicegw-216.tk-lindau.de
+		- voicegw-217.tk-lindau.de
+		- voicegw-218.tk-lindau.de
+		- voicegw-219.tk-lindau.de
+		- voicegw-22.tk-lindau.de
+		- voicegw-220.tk-lindau.de
+		- voicegw-221.tk-lindau.de
+		- voicegw-222.tk-lindau.de
+		- voicegw-223.tk-lindau.de
+		- voicegw-224.tk-lindau.de
+		- voicegw-225.tk-lindau.de
+		- voicegw-226.tk-lindau.de
+		- voicegw-227.tk-lindau.de
+		- voicegw-228.tk-lindau.de
+		- voicegw-229.tk-lindau.de
+		- voicegw-23.tk-lindau.de
+		- voicegw-230.tk-lindau.de
+		- voicegw-231.tk-lindau.de
+		- voicegw-232.tk-lindau.de
+		- voicegw-233.tk-lindau.de
+		- voicegw-234.tk-lindau.de
+		- voicegw-235.tk-lindau.de
+		- voicegw-236.tk-lindau.de
+		- voicegw-237.tk-lindau.de
+		- voicegw-238.tk-lindau.de
+		- voicegw-239.tk-lindau.de
+		- voicegw-24.tk-lindau.de
+		- voicegw-240.tk-lindau.de
+		- voicegw-241.tk-lindau.de
+		- voicegw-242.tk-lindau.de
+		- voicegw-243.tk-lindau.de
+		- voicegw-244.tk-lindau.de
+		- voicegw-245.tk-lindau.de
+		- voicegw-246.tk-lindau.de
+		- voicegw-247.tk-lindau.de
+		- voicegw-248.tk-lindau.de
+		- voicegw-249.tk-lindau.de
+		- voicegw-25.tk-lindau.de
+		- voicegw-250.tk-lindau.de
+		- voicegw-251.tk-lindau.de
+		- voicegw-252.tk-lindau.de
+		- voicegw-253.tk-lindau.de
+		- voicegw-254.tk-lindau.de
+		- voicegw-26.tk-lindau.de
+		- voicegw-27.tk-lindau.de
+		- voicegw-28.tk-lindau.de
+		- voicegw-29.tk-lindau.de
+		- voicegw-3.tk-lindau.de
+		- voicegw-30.tk-lindau.de
+		- voicegw-31.tk-lindau.de
+		- voicegw-32.tk-lindau.de
+		- voicegw-33.tk-lindau.de
+		- voicegw-34.tk-lindau.de
+		- voicegw-35.tk-lindau.de
+		- voicegw-36.tk-lindau.de
+		- voicegw-37.tk-lindau.de
+		- voicegw-38.tk-lindau.de
+		- voicegw-39.tk-lindau.de
+		- voicegw-4.tk-lindau.de
+		- voicegw-40.tk-lindau.de
+		- voicegw-41.tk-lindau.de
+		- voicegw-42.tk-lindau.de
+		- voicegw-43.tk-lindau.de
+		- voicegw-44.tk-lindau.de
+		- voicegw-45.tk-lindau.de
+		- voicegw-46.tk-lindau.de
+		- voicegw-47.tk-lindau.de
+		- voicegw-48.tk-lindau.de
+		- voicegw-49.tk-lindau.de
+		- voicegw-5.tk-lindau.de
+		- voicegw-50.tk-lindau.de
+		- voicegw-51.tk-lindau.de
+		- voicegw-52.tk-lindau.de
+		- voicegw-53.tk-lindau.de
+		- voicegw-54.tk-lindau.de
+		- voicegw-55.tk-lindau.de
+		- voicegw-56.tk-lindau.de
+		- voicegw-57.tk-lindau.de
+		- voicegw-58.tk-lindau.de
+		- voicegw-59.tk-lindau.de
+		- voicegw-6.tk-lindau.de
+		- voicegw-60.tk-lindau.de
+		- voicegw-61.tk-lindau.de
+		- voicegw-62.tk-lindau.de
+		- voicegw-63.tk-lindau.de
+		- voicegw-64.tk-lindau.de
+		- voicegw-65.tk-lindau.de
+		- voicegw-66.tk-lindau.de
+		- voicegw-67.tk-lindau.de
+		- voicegw-68.tk-lindau.de
+		- voicegw-69.tk-lindau.de
+		- voicegw-7.tk-lindau.de
+		- voicegw-70.tk-lindau.de
+		- voicegw-71.tk-lindau.de
+		- voicegw-72.tk-lindau.de
+		- voicegw-73.tk-lindau.de
+		- voicegw-74.tk-lindau.de
+		- voicegw-75.tk-lindau.de
+		- voicegw-76.tk-lindau.de
+		- voicegw-77.tk-lindau.de
+		- voicegw-78.tk-lindau.de
+		- voicegw-79.tk-lindau.de
+		- voicegw-8.tk-lindau.de
+		- voicegw-80.tk-lindau.de
+		- voicegw-81.tk-lindau.de
+		- voicegw-82.tk-lindau.de
+		- voicegw-83.tk-lindau.de
+		- voicegw-84.tk-lindau.de
+		- voicegw-85.tk-lindau.de
+		- voicegw-86.tk-lindau.de
+		- voicegw-87.tk-lindau.de
+		- voicegw-88.tk-lindau.de
+		- voicegw-89.tk-lindau.de
+		- voicegw-9.tk-lindau.de
+		- voicegw-90.tk-lindau.de
+		- voicegw-91.tk-lindau.de
+		- voicegw-92.tk-lindau.de
+		- voicegw-93.tk-lindau.de
+		- voicegw-94.tk-lindau.de
+		- voicegw-95.tk-lindau.de
+		- voicegw-97.tk-lindau.de
+		- voicegw-98.tk-lindau.de
+		- voicegw-99.tk-lindau.de
+		- wireless.tk-lindau.de
+
+	Connection refused:
+		- csw1.dcb.tk-lindau.de
+		- ntp.tk-lindau.de
+		- speedmeter.tk-lindau.de
+		- speedtest.tk-lindau.de
+		- test.tk-lindau.de
+
+	Timeout:
+		- asterix.tk-lindau.de
+		- dns-lin.tk-lindau.de
+		- dns2-lin.tk-lindau.de
+		- mx2-lin.tk-lindau.de
+		- ns01.tk-lindau.de
+		- ns02.tk-lindau.de
+		- rad1-lin.tk-lindau.de
+		- sip.tk-lindau.de
+		- www1-lin.tk-lindau.de
+		- www2-lin.tk-lindau.de
+
+	TLS Error:
+		- familie-kabel.de
+		- www.familie-kabel.de
+		- ftp.familie-kabel.de
+-->
+<ruleset name="Telekommunikation Lindau">
+
+	<target host="www.tk-lindau.de" />
+	<target host="autodiscover.tk-lindau.de" />
+	<target host="kundenportal.tk-lindau.de" />
+
+	<target host="owa.tk-lindau.de" />
+
+	<target host="www.familie-kabel-lindau.de" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TKK.fi.xml b/src/chrome/content/rules/TKK.fi.xml
new file mode 100644
index 000000000000..5e2499164644
--- /dev/null
+++ b/src/chrome/content/rules/TKK.fi.xml
@@ -0,0 +1,19 @@
+<!--
+	Problematic hosts in *tkk.fi:
+
+		- wwwcms *
+
+	* Server sends no certificate chain, see https://whatsmychaincert.com
+
+-->
+<ruleset name="TKK.fi" default_off="cert-chain">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="wwwcms.tkk.fi" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TLDRLegal.com.xml b/src/chrome/content/rules/TLDRLegal.com.xml
new file mode 100644
index 000000000000..5a2bd0c06644
--- /dev/null
+++ b/src/chrome/content/rules/TLDRLegal.com.xml
@@ -0,0 +1,14 @@
+<!--
+	Mismatched:
+	- www (tldrlegal.com)
+	- community (tldrlegal.com)
+-->
+
+<ruleset name="TLDRLegal.com">
+	<target host="tldrlegal.com" />
+	<target host="www.tldrlegal.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://(www\.)?tldrlegal\.com/" to="https://tldrlegal.com/" />
+</ruleset>
diff --git a/src/chrome/content/rules/TLS-o-Matic.com.xml b/src/chrome/content/rules/TLS-o-Matic.com.xml
new file mode 100644
index 000000000000..9605b6aa6e9f
--- /dev/null
+++ b/src/chrome/content/rules/TLS-o-Matic.com.xml
@@ -0,0 +1,18 @@
+<!--
+	For other Edvina coverage, see Edvina.net.xml.
+
+
+	^tls-o-matic.com: Dropped/refused
+
+-->
+<ruleset name="TLS-o-Matic.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.tls-o-matic.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TLScompare.org.xml b/src/chrome/content/rules/TLScompare.org.xml
new file mode 100644
index 000000000000..50cdcc26d5a2
--- /dev/null
+++ b/src/chrome/content/rules/TLScompare.org.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- tlscompare.org
+		- www.tlscompare.org
+
+-->
+<ruleset name="TLScompare.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="tlscompare.org" />
+	<target host="www.tlscompare.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?tlscompare\.org$" name="^session$" /-->
+
+	<securecookie host="^(?:www\.)?tlscompare\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TMBC.gov.uk.xml b/src/chrome/content/rules/TMBC.gov.uk.xml
new file mode 100644
index 000000000000..faac61e3fa92
--- /dev/null
+++ b/src/chrome/content/rules/TMBC.gov.uk.xml
@@ -0,0 +1,47 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://bookings.tmbc.gov.uk/ => https://bookings.tmbc.gov.uk/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://publicaccess2.tmbc.gov.uk/ => https://publicaccess2.tmbc.gov.uk/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	Tonbridge & Malling Borough Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .tmbc.gov.uk
+		- democracy.tmbc.gov.uk
+		- parking.tmbc.gov.uk
+		- www.tmbc.gov.uk
+
+
+	These altnames don't exist:
+
+		- tmbc.gov.uk
+
+-->
+<ruleset name="TMBC.gov.uk" default_off="failed ruleset test">
+
+	<target host="bookings.tmbc.gov.uk" />
+	<target host="democracy.tmbc.gov.uk" />
+	<target host="maps.tmbc.gov.uk" />
+	<target host="parking.tmbc.gov.uk" />
+	<target host="publicaccess2.tmbc.gov.uk" />
+	<target host="www.tmbc.gov.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www)?\.tmbc\.gov\.uk$" name="^SQ_SYSTEM_SESSION$" /-->
+	<!--securecookie host="^democracy\.tmbc\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^parking\.tmbc\.gov\.uk$" name="^ASPSESSIONID[A-Z]{8}$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TMCH.xml b/src/chrome/content/rules/TMCH.xml
new file mode 100644
index 000000000000..e546fe88dec1
--- /dev/null
+++ b/src/chrome/content/rules/TMCH.xml
@@ -0,0 +1,137 @@
+<!--
+	403:
+		- tda.tamedia.ch
+
+	Cert expired:
+		- a-cre.tamedia.ch
+
+	Cert mismatch:
+		- tda.io
+		- a-cre-igr.tamedia.ch
+		- a-cre-p-fe1.tamedia.ch
+		- a-cre-p-fe2.tamedia.ch
+		- a-cre-p-fe3.tamedia.ch
+		- a-cre-p-fe4.tamedia.ch
+		- a-cre-st-fe1.tamedia.ch
+		- a-cre-st-fe2.tamedia.ch
+		- advertising.tamedia.ch
+		- be-vpn.tamedia.ch
+		- be-vpn-test.tamedia.ch
+		- branding.tamedia.ch
+		- mdn.das.tamedia.ch
+		- media.das.tamedia.ch
+		- tfn.das.tamedia.ch
+		- e-learning.tamedia.ch
+		- www.leserangebot.tamedia.ch
+		- media.tamedia.ch
+		- nbild.tamedia.ch
+		- nlink.tamedia.ch
+		- showcase.tamedia.ch
+		- lb1.tda.tamedia.ch
+		- nginx01.tda.io
+		- geodb-demo.tda.io
+
+	Chain incomplete:
+		- guichetvirtueledipub-dev.tamedia.ch
+
+	Connection refused:
+		- a-cre-dev.tamedia.ch
+		- rcmd.tda.io
+		- 20min.rcmd.tda.io
+		- 24heures.rcmd.tda.io
+		- bernerzeitung.rcmd.tda.io
+		- derbund.rcmd.tda.io
+		- tagesanzeiger.rcmd.tda.io
+		- tdg.rcmd.tda.io
+		- trk.rcmd.tda.io
+		- rcmd01.tda.io
+
+	Self-Signed:
+		- ss2.tamedia.ch
+		- dev-desknet.tamedia.ch
+		- pagetrack.tamedia.ch
+
+	Timeout:
+		- api.tamedia.ch
+		- beilagen.tamedia.ch
+		- corners.tamedia.ch
+		- corners3.tamedia.ch
+		- daikon.tamedia.ch
+		- b4m.das.tamedia.ch
+		- b4m-test.das.tamedia.ch
+		- tdg.corners3.dbd.tamedia.ch
+		- dev.dbd.tamedia.ch
+		- feminav2.dev.dbd.tamedia.ch
+		- epaper.tamedia.ch
+		- guestaccess.tamedia.ch
+		- gzd.tamedia.ch
+		- lsftp01.tamedia.ch
+		- lsshare01.tamedia.ch
+		- www.mediateur.tamedia.ch
+		- pegasus1.tamedia.ch
+		- s6397.tamedia.ch
+		- s6636-vip-155.tamedia.ch
+		- sentinel.tamedia.ch
+		- service.tamedia.ch
+		- sharefr.tamedia.ch
+		- srftp.tamedia.ch
+		- ssabo-nsm-dev.tamedia.ch
+		- ssabo-nsm-prd.tamedia.ch
+		- ssabo-nsm-qua.tamedia.ch
+		- ssocffws.tamedia.ch
+		- sts.tamedia.ch
+		- tx.tamedia.ch
+		- epaper.welcome.tamedia.ch
+		- werbemittel.tamedia.ch
+		- woodwing.tamedia.ch
+		- workspace.tamedia.ch
+-->
+<ruleset name="Tamedia.ch">
+
+	<target host="www.tamedia.ch" />
+	<target host="access.tamedia.ch" />
+	<target host="adbox.tamedia.ch" />
+	<target host="geodb.api.tamedia.ch" />
+	<target host="geodb-demo.api.tamedia.ch" />
+	<target host="apps.tamedia.ch" />
+	<target host="arbeitszeiterfassung2.tamedia.ch" />
+	<target host="ase.tamedia.ch" />
+	<target host="auth-grp.tamedia.ch" />
+	<target host="beilagendatenbank.tamedia.ch" />
+	<target host="booking.tamedia.ch" />
+	<target host="devel.das.tamedia.ch" />
+	<target host="develhomegate.das.tamedia.ch" />
+	<target host="develnn.das.tamedia.ch" />
+	<target host="develppn.das.tamedia.ch" />
+	<target host="staging.das.tamedia.ch" />
+	<target host="stagingppn.das.tamedia.ch" />
+	<target host="dev-tadam.tamedia.ch" />
+	<target host="dipsin.tamedia.ch" />
+	<target host="e-dialogue.tamedia.ch" />
+	<target host="helpline.tamedia.ch" />
+	<target host="intranet.tamedia.ch" />
+	<target host="jira.tamedia.ch" />
+	<target host="link.tamedia.ch" />
+	<target host="mfa.tamedia.ch" />
+	<target host="myservices.tamedia.ch" />
+	<target host="myservices-mobile.tamedia.ch" />
+	<target host="myservices2.tamedia.ch" />
+	<target host="pageworkflow.tamedia.ch" />
+	<target host="personalantrag.tamedia.ch" />
+	<target host="secureself.tamedia.ch" />
+	<target host="survey.tamedia.ch" />
+	<target host="tadam.tamedia.ch" />
+	<target host="tashop.tamedia.ch" />
+	<target host="tgt.tamedia.ch" />
+	<target host="tgt-dev.tamedia.ch" />
+	<target host="tgt-igr.tamedia.ch" />
+	<target host="web-vip-91.tamedia.ch" />
+	<target host="wwedit.tamedia.ch" />
+
+	<target host="joel.tda.io" />
+	<target host="w.tda.io" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TMDN.org.xml b/src/chrome/content/rules/TMDN.org.xml
new file mode 100644
index 000000000000..9e897006f0db
--- /dev/null
+++ b/src/chrome/content/rules/TMDN.org.xml
@@ -0,0 +1,39 @@
+<!--
+	Nonfunctional hosts in *tmdn.org:
+
+		- tmclass *
+
+	* Shows oami.europa.eu
+
+
+	^tmdn.org doesn't exist.
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.tmdn.org
+
+-->
+<ruleset name="TMDN.org (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.tmdn.org" />
+
+		<!--	Sets cookie without Secure:
+							-->
+		<test url="http://www.tmdn.org/tmview/" />
+		<test url="http://www.tmdn.org/tmview/welcome" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.tmdn\.org$" name="^(?:JSESSIONID|b{15}|f5_cspm)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TMP.xml b/src/chrome/content/rules/TMP.xml
index 5405ceb3e6fa..5b245395d05e 100644
--- a/src/chrome/content/rules/TMP.xml
+++ b/src/chrome/content/rules/TMP.xml
@@ -6,7 +6,7 @@
 
 	Nonfunctional domains:
 
-		- (www.)tmp.com		(dropped)
+		- (www.)tmp.com		(404)
 		- yestmp-com.tmpqa.com	(shows jobs; mismatched, CN: jobs.citigroup.com)
 
 
@@ -23,13 +23,13 @@
 -->
 <ruleset name="TMP.com">
 
-	<target host="*.tmp.com" />
+	<target host="autodiscover.tmp.com" />
+	<target host="webmail.tmp.com" />
 
 
 	<rule from="^http://autodiscover\.tmp\.com/"
 		to="https://autodiscover-s.outlook.com/" />
 
-	<rule from="^http://webmail\.tmp\.com/"
-		to="https://webmail.tmp.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TMPwebeng.com.xml b/src/chrome/content/rules/TMPwebeng.com.xml
index 14063983208e..afc48bae2f64 100644
--- a/src/chrome/content/rules/TMPwebeng.com.xml
+++ b/src/chrome/content/rules/TMPwebeng.com.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://tmpwebeng.com/ => https://secure.tmpwebeng.com/: (7, 'Failed to connect to secure.tmpwebeng.com port 443: Connection refused')
+
 	For other TMP coverage, see TMP.com.xml.
 
 
@@ -14,10 +18,12 @@
 		- services
 
 -->
-<ruleset name="TMPwebeng.com">
+<ruleset name="TMPwebeng.com" default_off="failed ruleset test">
 
 	<target host="tmpwebeng.com" />
-	<target host="*.tmpwebeng.com" />
+	<target host="secure.tmpwebeng.com" />
+	<target host="www.tmpwebeng.com" />
+	<target host="services.tmpwebeng.com" />
 
 
 	<securecookie host="^services\.tmpwebeng\.com$" name=".+" />
@@ -26,7 +32,6 @@
 	<rule from="^http://(?:secure\.|www\.)?tmpwebeng\.com/"
 		to="https://secure.tmpwebeng.com/" />
 
-	<rule from="^http://services\.tmpwebeng\.com/"
-		to="https://services.tmpwebeng.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TMT.org.xml b/src/chrome/content/rules/TMT.org.xml
new file mode 100644
index 000000000000..572ac8cab356
--- /dev/null
+++ b/src/chrome/content/rules/TMT.org.xml
@@ -0,0 +1,24 @@
+<!--
+	Time out:
+		tmt.org
+		old.tmt.org
+
+-->
+<ruleset name="TMT.org">
+
+	<target host="tmt.org" />
+	<target host="www.tmt.org" />
+	<target host="docushare.tmt.org" />
+	<target host="docushare-test.tmt.org" />
+	<target host="mail.tmt.org" />
+	<target host="profiles.tmt.org" />
+	<target host="project.tmt.org" />
+
+	<securecookie host="^\.profiles\.tmt\.org$" name=".+" />
+
+	<rule from="^http://tmt\.org/"
+		to="https://www.tmt.org/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TMZ.com.xml b/src/chrome/content/rules/TMZ.com.xml
index c8d42eba1b9f..0f30a9b4ee4f 100644
--- a/src/chrome/content/rules/TMZ.com.xml
+++ b/src/chrome/content/rules/TMZ.com.xml
@@ -1,34 +1,34 @@
 <!--
-	CDN buckets:
+	Refused:
+		facebook.tmz.com
+		twitter.tmz.com
 
-		- assets.tmz.com.s3.amazonaws.com
+	Invalid certificate:
+		zone.tmz.com
 
-				- assets.tmz.com
-
-		- media.tmz.com.s3.amazonaws.com
-
-				- media.tmz.com
-
-		- tmz.vo.llnwd.net/o28/assets/images/
-		- tmz.hs.llnwd.net/o28/assets/images/
-
-				- ll-assets.tmz.com
-				- ll-media.tmz.com
+	Mixed content:
+		m.tmz.com
 
 -->
 <ruleset name="TMZ.com">
 
 	<target host="tmz.com" />
-	<target host="*.tmz.com" />
-
+	<target host="www.tmz.com" />
+	<target host="assets.tmz.com" />
+	<target host="checkout.tmz.com" />
+	<target host="ll-assets.tmz.com" />
+	<target host="ll-media.tmz.com" />
+	<target host="media.tmz.com" />
+	<target host="ssl-cdn-assets.tmz.com" />
+	<target host="ssl-cdn-media.tmz.com" />
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.www\.tmz\.com$" name="^phpsessionid$" /-->
 
 	<securecookie host="^\.www\.tmz\.com$" name=".+" />
 
-
-	<rule from="^http://(?:ll-)?(assets|media)\.tmz\.com/"
-		to="https://s3.amazonaws.com/$1.tmz.com/" />
-
-	<rule from="^http://(www\.)?tmz\.com/"
-		to="https://$1tmz.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/TMcdn.org.xml b/src/chrome/content/rules/TMcdn.org.xml
deleted file mode 100644
index 1e58dee0ce88..000000000000
--- a/src/chrome/content/rules/TMcdn.org.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	Bucket used by themittani.com, which doesn't support https.
-
-
-	CDN buckets:
-
-		- d28avt1uzu18qf.cloudfront.net
-
-			- cdn
-			- cdn[1-4]
-
--->
-<ruleset name="TMcdn.org">
-
-	<target host="*.tmcdn.org" />
-
-
-	<rule from="^http://cdn\d?\.tmcdn\.org/"
-		to="https://d28avt1uzu18qf.cloudfront.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/TMobile.com.xml b/src/chrome/content/rules/TMobile.com.xml
new file mode 100644
index 000000000000..476a0acad59f
--- /dev/null
+++ b/src/chrome/content/rules/TMobile.com.xml
@@ -0,0 +1,28 @@
+<!--
+	For other Deutsche Telekom coverage, see Deutsche_Telekom.xml.
+
+
+	Problematic hosts in *tmobile.com:
+
+		- (www.)? *
+		- my *
+
+	* Redirects to t-mobile.com over http, mismatched, CN: vip.t-mobile.com
+
+-->
+<ruleset name="TMobile.com">
+
+	<!--	Complications:
+				-->
+	<target host="tmobile.com" />
+	<target host="my.tmobile.com" />
+	<target host="www.tmobile.com" />
+
+
+	<rule from="^http://(?:www\.)?tmobile\.com/"
+		to="https://www.t-mobile.com/" />
+
+	<rule from="^http://my\.tmobile\.com/"
+		to="https://my.t-mobile.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TMobile.nl.xml b/src/chrome/content/rules/TMobile.nl.xml
new file mode 100644
index 000000000000..fd143bc78b95
--- /dev/null
+++ b/src/chrome/content/rules/TMobile.nl.xml
@@ -0,0 +1,19 @@
+<!--
+	For other Deutsche Telekom coverage, see Deutsche_Telekom.xml.
+
+
+	(www.)?tmobile.nl: Dropped
+
+-->
+<ruleset name="TMobile.nl">
+
+	<!--	Complications:
+				-->
+	<target host="tmobile.nl" />
+	<target host="www.tmobile.nl" />
+
+
+	<rule from="^http://(?:www\.)?tmobile\.nl/"
+		to="https://www.t-mobile.nl/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TMocache.com.xml b/src/chrome/content/rules/TMocache.com.xml
new file mode 100644
index 000000000000..43a881b3e38d
--- /dev/null
+++ b/src/chrome/content/rules/TMocache.com.xml
@@ -0,0 +1,18 @@
+<!--
+	For other Deutsche Telekom coverage, see Deutsche_Telekom.xml.
+
+-->
+<ruleset name="TMocache.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="s.my.tmocache.com" />
+	<target host="s.tmocache.com" />
+
+		<test url="http://s.tmocache.com/etc/designs/tmo-wem/clientlibs_base/img/tmo_loader.gif" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TMtm.ru.xml b/src/chrome/content/rules/TMtm.ru.xml
new file mode 100644
index 000000000000..16677f03f3ad
--- /dev/null
+++ b/src/chrome/content/rules/TMtm.ru.xml
@@ -0,0 +1,32 @@
+<!--
+	Other TM rulesets:
+
+		- Brainstorage.me.xml
+		- Freelansim.ru.xml
+		- HabraCDN.net.xml
+		- Habrahabr.ru.xml
+		- Hsto.org.xml
+		- Hstor.org.xml
+		- megamozg.ru.xml
+		- Toster.ru.xml
+
+
+	(www.): redirects to brainstorage.me; mismatched, CN: habrahabr.ru
+
+-->
+<ruleset name="TMtm.ru (partial)">
+
+	<target host="id.tmtm.ru" />
+		<!--exclusion pattern="^http://www\.tmtm\.ru/" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^id\.tmtm\.ru$" name="^(captcha|tmid_sessid)$" /-->
+
+	<securecookie host="^id\.tmtm\.ru$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TNNet.xml b/src/chrome/content/rules/TNNet.xml
index cbbed2f96eb9..8008a16ae58e 100644
--- a/src/chrome/content/rules/TNNet.xml
+++ b/src/chrome/content/rules/TNNet.xml
@@ -4,15 +4,18 @@
 	-->
 
 	<target host="tnnet.fi" />
-	<target host="*.tnnet.fi" />
+	<target host="hostcontrol.tnnet.fi" />
+	<target host="mail.tnnet.fi" />
+	<target host="oma.tnnet.fi" />
+	<target host="wm.tnnet.fi" />
+	<target host="www.tnnet.fi" />
 
 
-	<securecookie host="^(.*\.)?tnnet\.fi$" name=".*" />
+	<securecookie host=".+" name=".+"/>
 
 
 	<rule from="^http://tnnet\.fi/"
 		to="https://www.tnnet.fi/" />
-	<rule from="^http://((?:hostcontrol|mail|oma|wm|www)\.)?tnnet\.fi/"
-		to="https://$1tnnet.fi/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/TNO.nl.xml b/src/chrome/content/rules/TNO.nl.xml
new file mode 100644
index 000000000000..df78e4a61258
--- /dev/null
+++ b/src/chrome/content/rules/TNO.nl.xml
@@ -0,0 +1,13 @@
+<!--
+	^: 404
+
+-->
+<ruleset name="TNO.nl">
+
+	<target host="tno.nl" />
+	<target host="www.tno.nl" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TNS-Gallup.xml b/src/chrome/content/rules/TNS-Gallup.xml
index 7776f0278ddb..a3cbf7fd4673 100644
--- a/src/chrome/content/rules/TNS-Gallup.xml
+++ b/src/chrome/content/rules/TNS-Gallup.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://statistik-gallup.net/ => https://statistik-gallup.net/: (7, 'Failed to connect to statistik-gallup.net port 443: Connection refused')
+
 	For other TNS coverage, see TNS-Global.xml
 
 
@@ -6,18 +10,21 @@
 
 		- tnsdk.spring-tns.net
 		- (www.)tns-gallup.dk
+		- kt.tns-gallup.dk *
+
+	* Refused
 
 -->
-<ruleset name="TNS Gallup (partial)">
+<ruleset name="TNS Gallup (partial)" default_off="failed ruleset test">
 
 	<target host="statistik-gallup.net" />
 
 
-	<securecookie host="^statistik-gallup.net$" name=".*" />
+	<securecookie host="^statistik-gallup.net$" name=".+" />
 
 
 	<!--	Cert only matches /stat...	-->
-	<rule from="^https?://www\.statistik-gallup\.net/"
+	<rule from="^http://www\.statistik-gallup\.net/"
 		to="https://statistik-gallup.net/" />
 
 	<!--	Sets tracking beacons, e.g.:
diff --git a/src/chrome/content/rules/TNS-Global.xml b/src/chrome/content/rules/TNS-Global.xml
index 254764505f91..ecb8b50b1b93 100644
--- a/src/chrome/content/rules/TNS-Global.xml
+++ b/src/chrome/content/rules/TNS-Global.xml
@@ -1,24 +1,71 @@
+
 <!--
-	Other Kantar rulesets:
+The following targets have been disabled at 2020-09-25 16:20:22:
 
-		- BMW-China-Custom-Login.xml
-		- Digitab-Portals.xml
-		- Kantar-Latam-Portal.xml
-		- Kantar-Worldpanel.xml
-		- TNS-Gallup.xml
-		- TNS-Info.xml
-		- TNS-Sifo.xml
-		- Worldpanelinfo.xml
+Fetch error: http://mailus.tnsglobal.com/ => https://mailus.tnsglobal.com/: (56, 'OpenSSL SSL_read: SSL_ERROR_SYSCALL, errno 104')
 
 -->
-<ruleset name="TNS Global" default_off="self-signed">
 
-	<target host="tnsglobal.com" />
-	<target host="www.tnsglobal.com" />
+<!--
+The following targets have been disabled at 2020-04-17 18:38:06:
+
+Fetch error: http://gmmeocsi.tnsglobal.com/ => https://gmmeocsi.tnsglobal.com/: (28, 'Connection timed out after 20002 milliseconds')
+Fetch error: http://heinekenonequity.tnsglobal.com/ => https://heinekenonequity.tnsglobal.com/: (35, 'error:14171102:SSL routines:tls_process_server_hello:unsupported protocol')
+Fetch error: http://post.tnsglobal.com/ => https://post.tnsglobal.com/: (56, 'OpenSSL SSL_read: SSL_ERROR_SYSCALL, errno 104')
+Fetch error: http://rap.tnsglobal.com/ => https://rap.tnsglobal.com/: (56, 'OpenSSL SSL_read: SSL_ERROR_SYSCALL, errno 104')
+Fetch error: http://rap8.tnsglobal.com/ => https://rap8.tnsglobal.com/: (56, 'OpenSSL SSL_read: SSL_ERROR_SYSCALL, errno 104')
+Fetch error: http://reports.tnsglobal.com/ => https://reports.tnsglobal.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://surveys.tnsglobal.com/ => https://surveys.tnsglobal.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://tracker.tnsglobal.com/ => https://tracker.tnsglobal.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://volvogrouprex.tnsglobal.com/ => https://volvogrouprex.tnsglobal.com/: (56, 'OpenSSL SSL_read: SSL_ERROR_SYSCALL, errno 104')
+Fetch error: http://webedit.tnsglobal.com/ => https://webedit.tnsglobal.com/: (35, 'error:14171102:SSL routines:tls_process_server_hello:unsupported protocol')
+
+	Other Kantar rulesets:
+		+ Kantar-Latam-Portal.xml
+		+ Kantar-Worldpanel.xml
+		+ TNS-Gallup.xml
+		+ TNS-Info.xml
+
+	Non-functional hosts
+		Couldn't connect to server:
+		- connectedlife.tnsglobal.com
+		- connectedlifequiz.tnsglobal.com
+
+		Timeout was reached:
+		- tnspostalplatformrmd-uat.tnsglobal.com
+
+		SSL connect error:
+		- timeline.tnsglobal.com
 
+		SSL peer certificate was not OK:
+		- blogs.tnsglobal.com
+		- go.tnsglobal.com
+		- tnscourierchallenge.tnsglobal.com
+		- tnsselfrecruitment.tnsglobal.com
+		- www2.tnsglobal.com
 
-	<!--	Cert only matches www.	-->
-	<rule from="^http://(?:www\.)?tnsglobal\.com/"
-		to="https://www.tnsglobal.com/" />
+		Incomplete certificate chain error:
+		- insightondemand.tnsglobal.com
+-->
+<ruleset name="TNS-Global">
+	<target host="tnsglobal.com" />
+	<target host="www.tnsglobal.com" />
+	<!-- target host="gmmeocsi.tnsglobal.com" /-->
+	<!-- target host="heinekenonequity.tnsglobal.com" /-->
+	<target host="www.idp.tnsglobal.com" />
+	<!-- target host="mailus.tnsglobal.com" /-->
+	<!-- target host="post.tnsglobal.com" /-->
+	<!-- target host="rap.tnsglobal.com" /-->
+	<!-- target host="rap8.tnsglobal.com" /-->
+	<!-- target host="reports.tnsglobal.com" /-->
+	<!-- target host="surveys.tnsglobal.com" /-->
+	<target host="tnspostalplatformau.tnsglobal.com" />
+	<target host="tnspostalplatformgms.tnsglobal.com" />
+	<target host="tnspostalplatformswex.tnsglobal.com" />
+	<target host="tnspostalplatformwebapi-uat.tnsglobal.com" />
+	<!-- target host="tracker.tnsglobal.com" /-->
+	<!-- target host="volvogrouprex.tnsglobal.com" /-->
+	<!-- target host="webedit.tnsglobal.com" /-->
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/TNS-Info.xml b/src/chrome/content/rules/TNS-Info.xml
index dfe7e3754dbf..d67a518979b1 100644
--- a/src/chrome/content/rules/TNS-Info.xml
+++ b/src/chrome/content/rules/TNS-Info.xml
@@ -1,18 +1,26 @@
-<!--
-	See TNS-Global.xml for other TNS coverage.
 
--->
-<ruleset name="TNS Info">
+<!--
+The following targets have been disabled at 2020-09-25 16:20:22:
 
-	<target host="tnsinfo.com" />
-	<target host="*.tnsinfo.com" />
+Fetch error: http://login.tnsinfo.com/sites/usermanager/pages/tnsinfo.aspx => https://login.tnsinfo.com/sites/usermanager/pages/tnsinfo.aspx: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://tnsinfo.com/ => https://tnsinfo.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.tnsinfo.com/ => https://www.tnsinfo.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://login.tnsinfo.com/ => https://login.tnsinfo.com/: (28, 'Connection timed out after 20000 milliseconds')
 
+	See TNS-Global.xml for other TNS coverage.
 
-	<securecookie host="^(.*\.)?tnsinfo\.com$" name=".*" />
+  Timeout:
+    control.tnsinfo.com
+    iclick.tnsinfo.com
+-->
 
+<ruleset name="TNS-Info">
+	<!-- target host="tnsinfo.com" /-->
+	<!-- target host="www.tnsinfo.com" /-->
+	<target host="explorer.tnsinfo.com" />
+	<!-- target host="login.tnsinfo.com" /-->
 
-	<!--	Cert doesn't match !www.	-->
-	<rule from="^http://(?:www\.)?tnsinfo\.com/"
-		to="https://www.tnsinfo.com/" />
+	<securecookie host=".+" name=".+" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/TNS-Sifo.xml b/src/chrome/content/rules/TNS-Sifo.xml
deleted file mode 100644
index bc0f42951fd7..000000000000
--- a/src/chrome/content/rules/TNS-Sifo.xml
+++ /dev/null
@@ -1,27 +0,0 @@
-<!--
-	For other TNS coverage, see TNS-Global.xml.
-
-
-	Nonfunctional domains:
-
-		- (www.)tns-sifo.se	(shows login page)
-		- webbrev.tns-sifo.se
-
--->
-<ruleset name="TNS Sifo (partial)">
-
-	<target host="panel.research-int.se" />
-	<target host="ssl.sifomedia.se" />
-
-
-	<securecookie host="^panel\.research-int\.se$" name=".+" />
-	<securecookie host="^ssl\.sifomedia\.se$" name=".*" />
-
-
-	<rule from="^http://panel\.research-int\.se/"
-		to="https://panel.research-int.se/" />
-
-	<rule from="^http://ssl\.sifomedia\.se/"
-		to="https://ssl.sifomedia.se/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/TOG.ie.xml b/src/chrome/content/rules/TOG.ie.xml
new file mode 100644
index 000000000000..0b1bc3a4f512
--- /dev/null
+++ b/src/chrome/content/rules/TOG.ie.xml
@@ -0,0 +1,22 @@
+<!--
+	Mismatch:
+		gallery.tog.ie
+
+	Expired certificate:
+		jenkins.tog.ie
+
+-->
+<ruleset name="TOG">
+
+	<target host="tog.ie" />
+	<target host="www.tog.ie" />
+	<target host="api.tog.ie" />
+	<target host="lists.tog.ie" />
+	<target host="wiki.tog.ie" />
+
+	<securecookie host="^www\.tog\.ie$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TOG.xml b/src/chrome/content/rules/TOG.xml
deleted file mode 100644
index 0b7a8d1a4cc8..000000000000
--- a/src/chrome/content/rules/TOG.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="TOG" platform="cacert">
-
-	<target host="tog.ie" />
-	<target host="*.tog.ie" />
-
-
-	<securecookie host="^www\.tog\.ie$" name=".*" />
-
-
-	<rule from="^http://(lists\.|www\.)?tog\.ie/"
-		to="https://$1tog.ie/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/TOPNET.cz.xml b/src/chrome/content/rules/TOPNET.cz.xml
new file mode 100644
index 000000000000..7407283ace76
--- /dev/null
+++ b/src/chrome/content/rules/TOPNET.cz.xml
@@ -0,0 +1,7 @@
+<ruleset name="TOPNET.cz">
+    <target host="profil.topnet.cz" />
+
+    <securecookie host="^profil\.topnet\.cz$" name="^TopnetProfil_login$" />
+
+    <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TOSBack.org.xml b/src/chrome/content/rules/TOSBack.org.xml
new file mode 100644
index 000000000000..ea36e0fdd844
--- /dev/null
+++ b/src/chrome/content/rules/TOSBack.org.xml
@@ -0,0 +1,18 @@
+<!--
+	www doesn't exist.
+
+-->
+<ruleset name="TOSBack.org">
+
+	<target host="tosback.org" />
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^tosback\.org$" name="^_tosback3_session$" /-->
+
+	<securecookie host="^tosback\.org$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TPB.me.xml b/src/chrome/content/rules/TPB.me.xml
deleted file mode 100644
index 00565215091e..000000000000
--- a/src/chrome/content/rules/TPB.me.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="TPB.me">
-  <target host="tpb.me"/>
-  <target host="www.tpb.me"/>
-
-  <rule from="^https?://(www\.)?tpb\.me/" to="https://$1tbp.me/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/TPC.com.xml b/src/chrome/content/rules/TPC.com.xml
new file mode 100644
index 000000000000..45347b58a4b1
--- /dev/null
+++ b/src/chrome/content/rules/TPC.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="TPC.com">
+
+	<target host="tpc.com" />
+	<target host="www.tpc.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TPG-Capital-mismatches.xml b/src/chrome/content/rules/TPG-Capital-mismatches.xml
deleted file mode 100644
index 60d76944cdc8..000000000000
--- a/src/chrome/content/rules/TPG-Capital-mismatches.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="TPG Capital (self-signed)" default_off="mismatch, self-signed">
-
-	<target host="tpg.com"/>
-	<target host="www.tpg.com"/>
-
-	<rule from="^http://(?:www\.)?tpg\.com/"
-		to="https://tpg.com/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/TPG-Capital.xml b/src/chrome/content/rules/TPG-Capital.xml
index 85c5ac15faa0..f0b60d0f98a4 100644
--- a/src/chrome/content/rules/TPG-Capital.xml
+++ b/src/chrome/content/rules/TPG-Capital.xml
@@ -1,4 +1,6 @@
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://neimanmarcus.com/ => https://www.neimanmarcus.com/: None
 	CDN buckets:
 
 		- images.neimanmarcus.com.edgesuite.net/.../
@@ -22,7 +24,8 @@
 	<target host="lastcall.com"/>
 	<target host="www.lastcall.com"/>
 	<target host="neimanmarcus.com"/>
-	<target host="*.neimanmarcus.com"/>
+	<target host="registry.neimanmarcus.com" />
+	<target host="www.neimanmarcus.com" />
 
 	<rule from="^http://(?:www\.)?bergdorfgoodman\.com/"
 		to="https://www.bergdorfgoodman.com/"/>
diff --git a/src/chrome/content/rules/TPG.com.xml b/src/chrome/content/rules/TPG.com.xml
new file mode 100644
index 000000000000..6f737acbacda
--- /dev/null
+++ b/src/chrome/content/rules/TPG.com.xml
@@ -0,0 +1,14 @@
+<!--
+	Invalid certificate:
+		press.tpg.com
+
+-->
+<ruleset name="TPG.com">
+
+	<target host="tpg.com" />
+	<target host="www.tpg.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TPPNoCertification.org.xml b/src/chrome/content/rules/TPPNoCertification.org.xml
new file mode 100644
index 000000000000..19c8c82db29f
--- /dev/null
+++ b/src/chrome/content/rules/TPPNoCertification.org.xml
@@ -0,0 +1,9 @@
+<ruleset name="TPP No Certification.org">
+
+	<target host="tppnocertification.org" />
+	<target host="www.tppnocertification.org" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TPPtraining.com.xml b/src/chrome/content/rules/TPPtraining.com.xml
index 47d23bc4f02d..152286911f6c 100644
--- a/src/chrome/content/rules/TPPtraining.com.xml
+++ b/src/chrome/content/rules/TPPtraining.com.xml
@@ -13,7 +13,6 @@
 	<target host="www.tpptraining.com" />
 
 
-	<rule from="^http://(?:www\.)?tpptraining\.com/"
-		to="https://www.tpptraining.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/TPTQ-Arabic.com.xml b/src/chrome/content/rules/TPTQ-Arabic.com.xml
new file mode 100644
index 000000000000..9921c5892656
--- /dev/null
+++ b/src/chrome/content/rules/TPTQ-Arabic.com.xml
@@ -0,0 +1,17 @@
+<!--
+	For other Typotheque coverage, see Typotheque.xml.
+
+-->
+<ruleset name="TPTQ-Arabic.com">
+
+	<target host="tptq-arabic.com" />
+	<target host="www.tptq-arabic.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TROFire.com.xml b/src/chrome/content/rules/TROFire.com.xml
new file mode 100644
index 000000000000..86fadee60d41
--- /dev/null
+++ b/src/chrome/content/rules/TROFire.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="TROFire.com">
+	<target host="trofire.com" />
+	<target host="www.trofire.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TRON-DELTA.ORG.xml b/src/chrome/content/rules/TRON-DELTA.ORG.xml
index 4d538e054e63..97769e8c0d7c 100644
--- a/src/chrome/content/rules/TRON-DELTA.ORG.xml
+++ b/src/chrome/content/rules/TRON-DELTA.ORG.xml
@@ -1,20 +1,13 @@
-<!--
-	"Works, except external RSS"
-
--->
-<ruleset name="TRON-DELTA.ORG" platform="firefox">
+<ruleset name="tron-delta.org">
 
 	<target host="tron-delta.org" />
-	<target host="*.tron-delta.org" />
-
+	<target host="www.tron-delta.org" />
 
-	<securecookie host="^tron-delta\.org$" name=".+" />
 
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(?:www\.)?tron-delta\.org/"
-		to="https://tron-delta.org/" />
 
-	<rule from="^http://([^/:@]+)\.tron-delta\.org/"
-		to="https://$1.tron-delta.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/TRUNI.sk.xml b/src/chrome/content/rules/TRUNI.sk.xml
new file mode 100644
index 000000000000..164d7324925c
--- /dev/null
+++ b/src/chrome/content/rules/TRUNI.sk.xml
@@ -0,0 +1,25 @@
+<!--
+    Trnava University
+
+    certificate chain issues:
+
+	- ff.truni.sk
+	- fzsp.truni.sk
+	- idmportal.truni.sk
+	- iuridica.truni.sk
+	- sfeu.truni.sk
+-->
+<ruleset name="TRUNI.sk">
+	<target host="truni.sk" />
+	<target host="www.truni.sk" />
+	<target host="ezp.truni.sk" />
+	<target host="mais.truni.sk" />
+	<target host="moodle.truni.sk" />
+	<target host="pdf.truni.sk" />
+	<target host="strava.truni.sk" />
+	<target host="webmail.truni.sk" />
+
+        <rule from="^http://truni\.sk/" to="https://www.truni.sk/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TRUSTe.com.xml b/src/chrome/content/rules/TRUSTe.com.xml
new file mode 100644
index 000000000000..accf47f693fe
--- /dev/null
+++ b/src/chrome/content/rules/TRUSTe.com.xml
@@ -0,0 +1,29 @@
+<!--
+	Non-functional hosts
+		Incomplete certificate chain error:
+		- truste.com
+		- clicktoverify.truste.com
+		- privacy.truste.com
+		- tracking-protection.truste.com
+		- www.truste.com
+
+		Secure connection redirects to plaintext:
+		- feedback.truste.com
+-->
+<ruleset name="TRUSTe.com (partial)">
+	<target host="choices-or.truste.com" />
+	<target host="choices.truste.com" />
+	<target host="consent.truste.com" />
+	<target host="content.truste.com" />
+	<target host="easy-tracking-protection.truste.com" />
+	<target host="feedback-form.truste.com" />
+	<target host="login.truste.com" />
+	<target host="preferences-mgr.truste.com" />
+	<target host="preferences.truste.com" />
+	<target host="privacy-policy.truste.com" />
+	<target host="tdp-feedback.truste.com" />
+	<target host="view.truste.com" />
+	<target host="watchdog.truste.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TRUSTe.xml b/src/chrome/content/rules/TRUSTe.xml
deleted file mode 100644
index f0b3984da2b2..000000000000
--- a/src/chrome/content/rules/TRUSTe.xml
+++ /dev/null
@@ -1,28 +0,0 @@
-<!--
-	Problematic subdomains:
-
-		- ^	(cert only matches *.truste.com)
-
-
-	Fully covered subdomains:
-
-		- content
-		- view
-
--->
-<ruleset name="TRUSTe (partial)">
-
-	<target host="truste.com" />
-	<target host="*.truste.com" />
-
-
-	<securecookie host=".*\.truste\.com$" name=".+" />
-
-
-	<rule from="^http://truste\.com/"
-		to="https://www.truste.com/" />
-
-	<rule from="^http://(clicktoverify|connect|consent|content|easy-tracking-protection|feedback-form|login|preferences(?:-mgr)?|privacy(?:-policy)?|tdp-feedback|tracking-protection|view|www)\.truste\.com/"
-		to="https://$1.truste.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/TRUe-Security.nl.xml b/src/chrome/content/rules/TRUe-Security.nl.xml
new file mode 100644
index 000000000000..98877b6cdee8
--- /dev/null
+++ b/src/chrome/content/rules/TRUe-Security.nl.xml
@@ -0,0 +1,20 @@
+<!--
+	Mixed content:
+
+		- css from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="TRUe-Security.nl">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="true-security.nl" />
+	<target host="www.true-security.nl" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TRiBot.org.xml b/src/chrome/content/rules/TRiBot.org.xml
index 0f56c15b528a..833ece434812 100644
--- a/src/chrome/content/rules/TRiBot.org.xml
+++ b/src/chrome/content/rules/TRiBot.org.xml
@@ -7,13 +7,12 @@
 <ruleset name="TRiBot.org (partial)">
 
 	<target host="tribot.org" />
-	<target host="*.tribot.org" />
+	<target host="www.tribot.org" />
 
 
 	<securecookie host="^\.tribot\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?tribot\.org/"
-		to="https://$1tribot.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/TSB_Mag.com.xml b/src/chrome/content/rules/TSB_Mag.com.xml
new file mode 100644
index 000000000000..11e0497965ac
--- /dev/null
+++ b/src/chrome/content/rules/TSB_Mag.com.xml
@@ -0,0 +1,30 @@
+<!--
+	Mixed content:
+
+		- css from fonts.googleapis.com *
+
+		- Images from $self *
+
+		- Web bugs, from:
+
+			- 2leep.com *
+			- d5nxst8fruw4z.cloudfront.net *
+			- c.statcounter.com *
+			- www.stumbleupon.com *
+			- platform.twitter.com *
+
+	* Secured by us
+
+-->
+<ruleset name="TSB Mag.com">
+
+	<target host="tsbmag.com" />
+	<target host="www.tsbmag.com" />
+
+
+	<securecookie host="^(?:w*\.)?tsbmag\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TSDD.org.xml b/src/chrome/content/rules/TSDD.org.xml
deleted file mode 100644
index 631ffd7b80e4..000000000000
--- a/src/chrome/content/rules/TSDD.org.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="TSDD.org">
-
-	<target host="tsdd.org" />
-	<target host="*.tsdd.org" />
-
-
-	<securecookie host="^\.tsdd\.org$" name=".+" />
-
-
-	<rule from="^http://(www\.)?tsdd\.org/"
-		to="https://$1tsdd.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/TSHA_online.org.xml b/src/chrome/content/rules/TSHA_online.org.xml
index 489193c0a4ce..d6ac73450dfd 100644
--- a/src/chrome/content/rules/TSHA_online.org.xml
+++ b/src/chrome/content/rules/TSHA_online.org.xml
@@ -5,13 +5,12 @@
 <ruleset name="TSHA online.org">
 
 	<target host="tshaonline.org" />
-	<target host="*.tshaonline.org" />
+	<target host="www.tshaonline.org" />
 
 
 	<securecookie host="^\.tshaonline\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?tshaonline\.org/"
-		to="https://$1tshaonline.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/TSMC.com.xml b/src/chrome/content/rules/TSMC.com.xml
new file mode 100644
index 000000000000..45c00b63b418
--- /dev/null
+++ b/src/chrome/content/rules/TSMC.com.xml
@@ -0,0 +1,18 @@
+<!--
+	Fully covered subdomains:
+
+		- ecaonline
+		- ectonline
+		- online
+
+-->
+<ruleset name="TSMC.com (partial)">
+
+	<target host="ecaonline.tsmc.com" />
+	<target host="ectonline.tsmc.com" />
+	<target host="online.tsmc.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TSO.co.uk.xml b/src/chrome/content/rules/TSO.co.uk.xml
index 13c4dfae8e21..8fcd851116de 100644
--- a/src/chrome/content/rules/TSO.co.uk.xml
+++ b/src/chrome/content/rules/TSO.co.uk.xml
@@ -1,18 +1,18 @@
-<!--
-	Other TSO rulesets:
-
-		- TSO_Shop.xml
 
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://tso.co.uk/ (200) => https://www.tso.co.uk/ (503)
 
 	Problematic subdomains:
 
 		- ^	(cert only matches www)
 
 -->
-<ruleset name="TSO.co.uk">
+<ruleset name="TSO.co.uk" default_off="failed ruleset test">
 
 	<target host="tso.co.uk" />
-	<target host="*.tso.co.uk" />
+	<target host="www.tso.co.uk" />
+	<target host="www.stats.tso.co.uk" />
 
 
 	<securecookie host="^(?:www)?\.tso\.co\.uk$" name=".+" />
@@ -21,7 +21,6 @@
 	<rule from="^http://(?:www\.)?tso\.co\.uk/"
 		to="https://www.tso.co.uk/" />
 
-	<rule from="^http://www\.stats\.tso\.co\.uk/"
-		to="https://www.stats.tso.co.uk/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TSOshop.co.uk.xml b/src/chrome/content/rules/TSOshop.co.uk.xml
index f1334d412f9e..c39c6c2801e4 100644
--- a/src/chrome/content/rules/TSOshop.co.uk.xml
+++ b/src/chrome/content/rules/TSOshop.co.uk.xml
@@ -13,7 +13,6 @@
 	<securecookie host="^www\.tsoshop\.co\.uk$" name=".+" />
 
 
-	<rule from="^http://www\.tsoshop\.co\.uk/"
-		to="https://www.tsoshop.co.uk/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/TSUTAYA.co.jp.xml b/src/chrome/content/rules/TSUTAYA.co.jp.xml
new file mode 100644
index 000000000000..5fb454e51506
--- /dev/null
+++ b/src/chrome/content/rules/TSUTAYA.co.jp.xml
@@ -0,0 +1,45 @@
+<!--
+	Non-functional hosts
+		Timeout was reached:
+		- cms.tsutaya.co.jp
+		- concierge.tsutaya.co.jp
+		- ez.tsutaya.co.jp
+		- imovie.tsutaya.co.jp
+		- imusic.tsutaya.co.jp
+		- s.tsutaya.co.jp
+		- store.tsutaya.co.jp
+
+		SSL peer certificate was not OK:
+		- sp.shop.tsutaya.co.jp
+
+		Peer certificate cannot be authenticated with given CA certificates:
+		- qa.tsutaya.co.jp
+
+		Status code mismatch:
+		- www.tsutaya.co.jp
+		- sp.tsutaya.co.jp
+
+		Mixed content blocking (MCB) triggered:
+		- shop.tsutaya.co.jp
+-->
+<ruleset name="TSUTAYA.co.jp (partial)">
+	<target host="di.tsutaya.co.jp" />
+	<target host="log.tsutaya.co.jp" />
+	<target host="ssl.tsutaya.co.jp" />
+	<target host="shop.tsutaya.co.jp" />
+	<exclusion pattern="^http://shop\.tsutaya\.co\.jp/$" />
+	<test url="http://shop.tsutaya.co.jp/library/css/base.css" />
+	<test url="http://shop.tsutaya.co.jp/library/css/print.css" />
+	<test url="http://shop.tsutaya.co.jp/library/img/base/ic/btn_shoppinginfo.png" />
+	<test url="http://shop.tsutaya.co.jp/library/img/base/ic/btn_tpoint.png" />
+	<test url="http://shop.tsutaya.co.jp/library/js/globalNaviHeaderShareBlock.js" />
+	<test url="http://shop.tsutaya.co.jp/library/js/tol.js" />
+	<test url="http://shop.tsutaya.co.jp/library/shop/css/dvd/swiper_02.css" />
+	<test url="http://shop.tsutaya.co.jp/library/shop/js/bsn.Crossfader.js" />
+
+	<rule from="^http://shop\.tsutaya\.co\.jp/library/"
+		to="https://shop.tsutaya.co.jp/library/" />
+
+	<rule from="^http://(di|log|ssl)\.tsutaya\.co\.jp/"
+		to="https://$1.tsutaya.co.jp/" />
+</ruleset>
diff --git a/src/chrome/content/rules/TT.se.xml b/src/chrome/content/rules/TT.se.xml
index a0b56b1d7b63..271ce4133b44 100644
--- a/src/chrome/content/rules/TT.se.xml
+++ b/src/chrome/content/rules/TT.se.xml
@@ -1,7 +1,20 @@
+<!-- Problematic subdomains:
+
+		Incomplete certificate chain:
+
+			- text.tt.se
+-->
+
 <ruleset name="TT.se">
-<target host="tt.se" />
-<target host="www.tt.se" />
-<rule from="^http://tt\.se/" to="https://www.tt.se/"/>
-<rule from="^http://www\.tt\.se/" to="https://www.tt.se/"/>
-</ruleset>
+	<target host="tt.se" />
+	<target host="www.tt.se" />
+	<target host="adm.tt.se" />
+	<target host="api.tt.se" />
+	<target host="app.tt.se" />
+	<target host="beta.tt.se" />
+	<target host="spy.tt.se" />
+	<target host="tt.tt.se" />
+	<target host="via.tt.se" />
 
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/TTIP-Stoppen.at.xml b/src/chrome/content/rules/TTIP-Stoppen.at.xml
new file mode 100644
index 000000000000..b86f31caa813
--- /dev/null
+++ b/src/chrome/content/rules/TTIP-Stoppen.at.xml
@@ -0,0 +1,22 @@
+<!--
+	^ttip-stoppen.at: Mismatched
+
+-->
+<ruleset name="TTIP-Stoppen.at">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.ttip-stoppen.at" />
+
+	<!--	Complications:
+				-->
+	<target host="ttip-stoppen.at" />
+
+
+	<rule from="^http://ttip-stoppen\.at/"
+		to="https://www.ttip-stoppen.at/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TTxm.co.uk.xml b/src/chrome/content/rules/TTxm.co.uk.xml
new file mode 100644
index 000000000000..95408947caad
--- /dev/null
+++ b/src/chrome/content/rules/TTxm.co.uk.xml
@@ -0,0 +1,16 @@
+<!--
+	For TalkTalk coverage, see TalkTalk.xml.
+
+-->
+<ruleset name="TTxm.co.uk">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="m2.ttxm.co.uk" />
+	<target host="m3.ttxm.co.uk" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TU-Chemnitz.de.xml b/src/chrome/content/rules/TU-Chemnitz.de.xml
index a19c73c747bf..507a69a3c7d7 100644
--- a/src/chrome/content/rules/TU-Chemnitz.de.xml
+++ b/src/chrome/content/rules/TU-Chemnitz.de.xml
@@ -22,13 +22,14 @@
 <ruleset name="TU-Chemnitz.de (partial)">
 
 	<target host="tu-chemnitz.de" />
-	<target host="*.tu-chemnitz.de" />
+	<target host="www.tu-chemnitz.de" />
+	<target host="www.bibliothek.tu-chemnitz.de" />
+	<target host="www-user.tu-chemnitz.de" />
 
 
 	<rule from="^http://(?:www\.)?tu-chemnitz\.de/"
 		to="https://www.tu-chemnitz.de/" />
 
-	<rule from="^http://(www\.bibliothek|www-user)\.tu-chemnitz\.de/"
-		to="https://$1.tu-chemnitz.de/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/TU-Darmstadt.de.xml b/src/chrome/content/rules/TU-Darmstadt.de.xml
new file mode 100644
index 000000000000..62b1b9a20906
--- /dev/null
+++ b/src/chrome/content/rules/TU-Darmstadt.de.xml
@@ -0,0 +1,285 @@
+<!--
+	Technische Universitaet Darmstadt
+
+	^tu-darmstadt.de doesn't exist.
+
+	This includes: 
+		- all manually added subdomains from 210332db950e2b4a3a89a51ba59c3629dc7c6407
+		- all subdomains from Sublist3r that returned a HTTP200 status code
+-->
+<ruleset name="TU-Darmstadt.de">
+
+	<target host="www.tu-darmstadt.de" />
+	<target host="ai-da.tu-darmstadt.de" />
+	<target host="www.akaflieg.tu-darmstadt.de" />
+	<target host="ehemalige.akaflieg.tu-darmstadt.de" />
+	<target host="konsul.akaflieg.tu-darmstadt.de" />
+	<target host="wiki.akaflieg.tu-darmstadt.de" />
+	<target host="www.arc2019.tu-darmstadt.de" />
+	<target host="help.architektur.tu-darmstadt.de" />
+	<target host="seminarbasar.architektur.tu-darmstadt.de" />
+	<target host="toyblocks.architektur.tu-darmstadt.de" />
+	<target host="webmail.architektur.tu-darmstadt.de" />
+	<target host="auth-reload.asta.tu-darmstadt.de" />
+	<target host="mail.asta.tu-darmstadt.de" />
+	<target host="mail1.asta.tu-darmstadt.de" />
+	<target host="slmg.bauing.tu-darmstadt.de" />
+	<target host="bsprox.verkehr.bauing.tu-darmstadt.de" />
+	<target host="im.compbiol.bio.tu-darmstadt.de" />
+	<target host="office.oc.chemie.tu-darmstadt.de" />
+	<target host="cloud.theo.chemie.tu-darmstadt.de" />
+	<target host="www.cit.tu-darmstadt.de" />
+	<target host="it.crossing.tu-darmstadt.de" />
+	<target host="svn.crossing.tu-darmstadt.de" />
+	<target host="www.crossing-week-2019.tu-darmstadt.de" />
+	<target host="www.cs.tu-darmstadt.de" />
+	<target host="seemoo.cs.tu-darmstadt.de" />
+	<target host="www.seemoo.cs.tu-darmstadt.de" />
+	<target host="svn.cysec.tu-darmstadt.de" />
+	<target host="www.dads.tu-darmstadt.de" />
+	<target host="deutschlandstipendium.tu-darmstadt.de" />
+	<target host="www.dh-concepts.tu-darmstadt.de" />
+	<target host="www.digital-philology.tu-darmstadt.de" />
+	<target host="www.digitalhumanities.tu-darmstadt.de" />
+	<target host="datterich.digitalhumanities.tu-darmstadt.de" />
+	<target host="www.digitalphilology.tu-darmstadt.de" />
+	<target host="www.distributed-ledger-center.tu-darmstadt.de" />
+	<target host="blog.e-learning.tu-darmstadt.de" />
+	<target host="ost.dek.e-technik.tu-darmstadt.de" />
+	<target host="must.emk.e-technik.tu-darmstadt.de" />
+	<target host="pc229.hf.e-technik.tu-darmstadt.de" />
+	<target host="cloud.rtm.e-technik.tu-darmstadt.de" />
+	<target host="mail.rtm.e-technik.tu-darmstadt.de" />
+	<target host="www.ees.tu-darmstadt.de" />
+	<target host="www.energygov.tu-darmstadt.de" />
+	<target host="www.es.tu-darmstadt.de" />
+	<target host="evaluation.tu-darmstadt.de" />
+	<target host="www.fif.tu-darmstadt.de" />
+	<target host="www.filmkreis.tu-darmstadt.de" />
+	<target host="foren.tu-darmstadt.de" />
+	<target host="forum.tu-darmstadt.de" />
+	<target host="www.fsk.tu-darmstadt.de" />
+	<target host="www.fsr.tu-darmstadt.de" />
+	<target host="gomera.geo.tu-darmstadt.de" />
+	<target host="www.glr.tu-darmstadt.de" />
+	<target host="www.gugw.tu-darmstadt.de" />
+	<target host="247-230.gugw.tu-darmstadt.de" />
+	<target host="office.247-230.gugw.tu-darmstadt.de" />
+	<target host="247-232.gugw.tu-darmstadt.de" />
+	<target host="247-233.gugw.tu-darmstadt.de" />
+	<target host="test2.247-233.gugw.tu-darmstadt.de" />
+	<target host="test3.247-233.gugw.tu-darmstadt.de" />
+	<target host="test4.247-233.gugw.tu-darmstadt.de" />
+	<target host="cloud.gugw.tu-darmstadt.de" />
+	<target host="office.cloud.gugw.tu-darmstadt.de" />
+	<target host="fb2-pc202.gugw.tu-darmstadt.de" />
+	<target host="ifs-pc206.gugw.tu-darmstadt.de" />
+	<target host="lists.gugw.tu-darmstadt.de" />
+	<target host="mail.gugw.tu-darmstadt.de" />
+	<target host="saturn.chaos.hg.tu-darmstadt.de" />
+	<target host="uranus.chaos.hg.tu-darmstadt.de" />
+	<target host="cloud.chor.hg.tu-darmstadt.de" />
+	<target host="intern.chor.hg.tu-darmstadt.de" />
+	<target host="wiki.chor.hg.tu-darmstadt.de" />
+	<target host="server.sailingteam.hg.tu-darmstadt.de" />
+	<target host="ipa.wegerecht.hg.tu-darmstadt.de" />
+	<target host="piwigo.wegerecht.hg.tu-darmstadt.de" />
+	<target host="wgr1.wegerecht.hg.tu-darmstadt.de" />
+	<target host="www.hrz.tu-darmstadt.de" />
+	<target host="arswww.hrz.tu-darmstadt.de" />
+	<target host="arswww-dev.hrz.tu-darmstadt.de" />
+	<target host="cgi.hrz.tu-darmstadt.de" />
+	<target host="download.hrz.tu-darmstadt.de" />
+	<target host="mahara.hrz.tu-darmstadt.de" />
+	<target host="mail-control.hrz.tu-darmstadt.de" />
+	<target host="medienportal.hrz.tu-darmstadt.de" />
+	<target host="download.mmag.hrz.tu-darmstadt.de" />
+	<target host="moodle-schulung.hrz.tu-darmstadt.de" />
+	<target host="cup1.net.hrz.tu-darmstadt.de" />
+	<target host="cup2.net.hrz.tu-darmstadt.de" />
+	<target host="cup3.net.hrz.tu-darmstadt.de" />
+	<target host="cup4.net.hrz.tu-darmstadt.de" />
+	<target host="mrtg.net.hrz.tu-darmstadt.de" />
+	<target host="olw-material.hrz.tu-darmstadt.de" />
+	<target host="openlearnware.hrz.tu-darmstadt.de" />
+	<target host="testolw.hrz.tu-darmstadt.de" />
+	<target host="testolw-material.hrz.tu-darmstadt.de" />
+	<target host="ticket.hrz.tu-darmstadt.de" />
+	<target host="www-cgi.hrz.tu-darmstadt.de" />
+	<target host="www-cgi03.hrz.tu-darmstadt.de" />
+	<target host="www.idm.tu-darmstadt.de" />
+	<target host="imap.ifs.tu-darmstadt.de" />
+	<target host="development.l3ams.ifs.tu-darmstadt.de" />
+	<target host="smtp.ifs.tu-darmstadt.de" />
+	<target host="typo3.ifs.tu-darmstadt.de" />
+	<target host="www.informatik.tu-darmstadt.de" />
+	<target host="www.algo.informatik.tu-darmstadt.de" />
+	<target host="nabla.algo.informatik.tu-darmstadt.de" />
+	<target host="testing.algo.informatik.tu-darmstadt.de" />
+	<target host="cast.informatik.tu-darmstadt.de" />
+	<target host="cfp.cast.informatik.tu-darmstadt.de" />
+	<target host="www.cdc.informatik.tu-darmstadt.de" />
+	<target host="crossing-cloud.cdc.informatik.tu-darmstadt.de" />
+	<target host="longtermsecurity.cdc.informatik.tu-darmstadt.de" />
+	<target host="roundcube.cdc.informatik.tu-darmstadt.de" />
+	<target host="svn.cdc.informatik.tu-darmstadt.de" />
+	<target host="aud.cryptoplexity.informatik.tu-darmstadt.de" />
+	<target host="doku.dekanat.informatik.tu-darmstadt.de" />
+	<target host="www.esa.informatik.tu-darmstadt.de" />
+	<target host="pw.esa.informatik.tu-darmstadt.de" />
+	<target host="daswesentliche.fachschaft.informatik.tu-darmstadt.de" />
+	<target host="glados.fachschaft.informatik.tu-darmstadt.de" />
+	<target host="host37.fachschaft.informatik.tu-darmstadt.de" />
+	<target host="mail.fachschaft.informatik.tu-darmstadt.de" />
+	<target host="hiwis.informatik.tu-darmstadt.de" />
+	<target host="www.ias.informatik.tu-darmstadt.de" />
+	<target host="lehre.ias.informatik.tu-darmstadt.de" />
+	<target host="mail.ias.informatik.tu-darmstadt.de" />
+	<target host="minsky.ias.informatik.tu-darmstadt.de" />
+	<target host="www.mais.informatik.tu-darmstadt.de" />
+	<target host="www.ml.informatik.tu-darmstadt.de" />
+	<target host="mon-01.informatik.tu-darmstadt.de" />
+	<target host="moodle.informatik.tu-darmstadt.de" />
+	<target host="www.parallel.informatik.tu-darmstadt.de" />
+	<target host="icinga.rbg.informatik.tu-darmstadt.de" />
+	<target host="mypage.rbg.informatik.tu-darmstadt.de" />
+	<target host="tools.rbg.informatik.tu-darmstadt.de" />
+	<target host="vm4.rbg.informatik.tu-darmstadt.de" />
+	<target host="adimat.sc.informatik.tu-darmstadt.de" />
+	<target host="scm.informatik.tu-darmstadt.de" />
+	<target host="seemoo.informatik.tu-darmstadt.de" />
+	<target host="www.seemoo.informatik.tu-darmstadt.de" />
+	<target host="share.informatik.tu-darmstadt.de" />
+	<target host="www.sit.informatik.tu-darmstadt.de" />
+	<target host="www.student.informatik.tu-darmstadt.de" />
+	<target host="coffee.tk.informatik.tu-darmstadt.de" />
+	<target host="recording.tk.informatik.tu-darmstadt.de" />
+	<target host="tupass.tk.informatik.tu-darmstadt.de" />
+	<target host="bugzilla.ukp.informatik.tu-darmstadt.de" />
+	<target host="dhconvalidator.ukp.informatik.tu-darmstadt.de" />
+	<target host="public.ukp.informatik.tu-darmstadt.de" />
+	<target host="wiki.ukp.informatik.tu-darmstadt.de" />
+	<target host="web.informatik.tu-darmstadt.de" />
+	<target host="cloud.ise.tu-darmstadt.de" />
+	<target host="survey.ise.tu-darmstadt.de" />
+	<target host="www.fachschaft.ist.tu-darmstadt.de" />
+	<target host="www.konaktiva.tu-darmstadt.de" />
+	<target host="kondb.konaktiva.tu-darmstadt.de" />
+	<target host="messe.konaktiva.tu-darmstadt.de" />
+	<target host="portal.konaktiva.tu-darmstadt.de" />
+	<target host="www.korruptionsforschung.tu-darmstadt.de" />
+	<target host="imap.kritis.tu-darmstadt.de" />
+	<target host="smtp.kritis.tu-darmstadt.de" />
+	<target host="imap.linglit.tu-darmstadt.de" />
+	<target host="smtp.linglit.tu-darmstadt.de" />
+	<target host="socialmedia.linglit.tu-darmstadt.de" />
+	<target host="lists.tu-darmstadt.de" />
+	<target host="vs04.lzm.maschinenbau.tu-darmstadt.de" />
+	<target host="mail.ptu.maschinenbau.tu-darmstadt.de" />
+	<target host="support.vkm.maschinenbau.tu-darmstadt.de" />
+	<target host="fb04142.mathematik.tu-darmstadt.de" />
+	<target host="linux.mathematik.tu-darmstadt.de" />
+	<target host="linux2.mathematik.tu-darmstadt.de" />
+	<target host="num.mathematik.tu-darmstadt.de" />
+	<target host="numawww.mathematik.tu-darmstadt.de" />
+	<target host="osm.mathematik.tu-darmstadt.de" />
+	<target host="svn.mathematik.tu-darmstadt.de" />
+	<target host="wwwdid.mathematik.tu-darmstadt.de" />
+	<target host="wwwrt.mathematik.tu-darmstadt.de" />
+	<target host="moodle.tu-darmstadt.de" />
+	<target host="www.neue-politische-literatur.tu-darmstadt.de" />
+	<target host="nicer.tu-darmstadt.de" />
+	<target host="www.nicer.tu-darmstadt.de" />
+	<target host="www.oapp.tu-darmstadt.de" />
+	<target host="olw.tu-darmstadt.de" />
+	<target host="www.olw.tu-darmstadt.de" />
+	<target host="openlearnware.tu-darmstadt.de" />
+	<target host="www.openlearnware.tu-darmstadt.de" />
+	<target host="www.owl.tu-darmstadt.de" />
+	<target host="imap.pg.tu-darmstadt.de" />
+	<target host="smtp.pg.tu-darmstadt.de" />
+	<target host="imap.phil.tu-darmstadt.de" />
+	<target host="smtp.phil.tu-darmstadt.de" />
+	<target host="www.fachschaft.physik.tu-darmstadt.de" />
+	<target host="dev.fachschaft.physik.tu-darmstadt.de" />
+	<target host="chaos3.fkp.physik.tu-darmstadt.de" />
+	<target host="element.fkp.physik.tu-darmstadt.de" />
+	<target host="ezra.fkp.physik.tu-darmstadt.de" />
+	<target host="gp-portal.physik.tu-darmstadt.de" />
+	<target host="chaos.iap.physik.tu-darmstadt.de" />
+	<target host="ernie.iap.physik.tu-darmstadt.de" />
+	<target host="mailhost.iap.physik.tu-darmstadt.de" />
+	<target host="crunch.ikp.physik.tu-darmstadt.de" />
+	<target host="lwapsr.ikp.physik.tu-darmstadt.de" />
+	<target host="targetlab.ikp.physik.tu-darmstadt.de" />
+	<target host="theorie.ikp.physik.tu-darmstadt.de" />
+	<target host="mailhost.physik.tu-darmstadt.de" />
+	<target host="olav.physik.tu-darmstadt.de" />
+	<target host="prp0.prp.physik.tu-darmstadt.de" />
+	<target host="www.pmv.tu-darmstadt.de" />
+	<target host="www.ptu.tu-darmstadt.de" />
+	<target host="www.ptw.tu-darmstadt.de" />
+	<target host="ticket.pvw.tu-darmstadt.de" />
+	<target host="www1.rmr.tu-darmstadt.de" />
+	<target host="www.rsm.tu-darmstadt.de" />
+	<target host="www1.rtm.tu-darmstadt.de" />
+	<target host="seemoo.tu-darmstadt.de" />
+	<target host="www.seemoo.tu-darmstadt.de" />
+	<target host="account.seemoo.tu-darmstadt.de" />
+	<target host="auth01.seemoo.tu-darmstadt.de" />
+	<target host="icnp.seemoo.tu-darmstadt.de" />
+	<target host="lectures.seemoo.tu-darmstadt.de" />
+	<target host="share.seemoo.tu-darmstadt.de" />
+	<target host="team.seemoo.tu-darmstadt.de" />
+	<target host="welcome.seemoo.tu-darmstadt.de" />
+	<target host="www.self-assessment.tu-darmstadt.de" />
+	<target host="analytics.self-assessment.tu-darmstadt.de" />
+	<target host="www.sfb1194.tu-darmstadt.de" />
+	<target host="www.sfb1245.tu-darmstadt.de" />
+	<target host="securitylab.sit.tu-darmstadt.de" />
+	<target host="imap.stadtforschung.tu-darmstadt.de" />
+	<target host="smtp.stadtforschung.tu-darmstadt.de" />
+	<target host="www.tdt.tu-darmstadt.de" />
+	<target host="www.tfi.tu-darmstadt.de" />
+	<target host="imap.theol.tu-darmstadt.de" />
+	<target host="smtp.theol.tu-darmstadt.de" />
+	<target host="www.theologie.tu-darmstadt.de" />
+	<target host="www.ttd.tu-darmstadt.de" />
+	<target host="www.tucan.tu-darmstadt.de" />
+	<target host="wwwvs.tucan.tu-darmstadt.de" />
+	<target host="www.tuday.tu-darmstadt.de" />
+	<target host="www.ulb.tu-darmstadt.de" />
+	<target host="astarchiv.ulb.tu-darmstadt.de" />
+	<target host="buechner.ulb.tu-darmstadt.de" />
+	<target host="hertz.ulb.tu-darmstadt.de" />
+	<target host="imd-test.ulb.tu-darmstadt.de" />
+	<target host="kompass.ulb.tu-darmstadt.de" />
+	<target host="kompass-dev.ulb.tu-darmstadt.de" />
+	<target host="kompass-hmz.ulb.tu-darmstadt.de" />
+	<target host="kompass-hmz-dev.ulb.tu-darmstadt.de" />
+	<target host="leitsystem.ulb.tu-darmstadt.de" />
+	<target host="static.ulb.tu-darmstadt.de" />
+	<target host="tickets.ulb.tu-darmstadt.de" />
+	<target host="tubama.ulb.tu-darmstadt.de" />
+	<target host="tubiblio.ulb.tu-darmstadt.de" />
+	<target host="tudata-test.ulb.tu-darmstadt.de" />
+	<target host="tudatalib.ulb.tu-darmstadt.de" />
+	<target host="tudmo.ulb.tu-darmstadt.de" />
+	<target host="tudmo-test.ulb.tu-darmstadt.de" />
+	<target host="tujournals.ulb.tu-darmstadt.de" />
+	<target host="tuprints.ulb.tu-darmstadt.de" />
+	<target host="ulbiblio.ulb.tu-darmstadt.de" />
+	<target host="zci.ulb.tu-darmstadt.de" />
+	<target host="online-anmeldung.usz.tu-darmstadt.de" />
+	<target host="www.veranstaltungskalender.tu-darmstadt.de" />
+	<target host="psgd-nas.ipg.verm.tu-darmstadt.de" />
+	<target host="www.vwl2.wi.tu-darmstadt.de" />
+	<target host="www.vwl3.wi.tu-darmstadt.de" />
+	<target host="imap.wissensordnung.tu-darmstadt.de" />
+	<target host="smtp.wissensordnung.tu-darmstadt.de" />
+	<target host="www-cgi.tu-darmstadt.de" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TU-Dresden.de.xml b/src/chrome/content/rules/TU-Dresden.de.xml
index fdf7c34e5191..14cdfb2fb09f 100644
--- a/src/chrome/content/rules/TU-Dresden.de.xml
+++ b/src/chrome/content/rules/TU-Dresden.de.xml
@@ -18,7 +18,15 @@
 	Fully covered subdomains:
 
 		- (www.)inf	(^ → www)
+		- www.iai.inf	(→ www.inf)
 		- anon.inf
+		- dudle.inf
+		- os.inf
+
+
+	Insecure cookies are set for these hosts:
+
+		- dudle.inf.tu-dresden.de
 
 
 	Mixed content:
@@ -30,13 +38,31 @@
 -->
 <ruleset name="TU-Dresden.de (partial)">
 
-	<target host="*.tu-dresden.de" />
+	<!--	Direct rewrites:
+				-->
+	<target host="dudle.inf.tu-dresden.de" />
+	<target host="anon.inf.tu-dresden.de" />
+	<target host="os.inf.tu-dresden.de" />
+	<target host="www.inf.tu-dresden.de" />
+
+	<!--	Complications:
+				-->
+	<target host="inf.tu-dresden.de" />
+	<target host="iai.inf.tu-dresden.de" />
+	<target host="www.iai.inf.tu-dresden.de" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^dudle\.inf\.tu-dresden\.de$" name="^lang$" /-->
+
+	<securecookie host="^dudle\.inf\.tu-dresden\.de$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?inf\.tu-dresden\.de/"
+	<rule from="^http://(?:(?:www\.)?iai\.)?inf\.tu-dresden\.de/"
 		to="https://www.inf.tu-dresden.de/" />
 
-	<rule from="^http://anon\.inf\.tu-dresden\.de/"
-		to="https://anon.inf.tu-dresden.de/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/TU-I-TAM.xml b/src/chrome/content/rules/TU-I-TAM.xml
index 910604e9a272..e3a9a1f2f956 100644
--- a/src/chrome/content/rules/TU-I-TAM.xml
+++ b/src/chrome/content/rules/TU-I-TAM.xml
@@ -1,11 +1,17 @@
-<ruleset name="TU I TAM" platform="mixedcontent">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://tuitam.pl/ => https://tuitam.pl/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.tuitam.pl/ => https://www.tuitam.pl/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="TU I TAM" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="tuitam.pl"/>
 	<target host="www.tuitam.pl"/>
 
-	<securecookie host="^(.*\.)?tuitam\.pl$" name=".*"/>
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(www\.)?tuitam\.pl/"
-		to="https://$1tuitam.pl/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/TU-Ilmenau.de.xml b/src/chrome/content/rules/TU-Ilmenau.de.xml
new file mode 100644
index 000000000000..a5568d363f58
--- /dev/null
+++ b/src/chrome/content/rules/TU-Ilmenau.de.xml
@@ -0,0 +1,28 @@
+<!--
+	Ilmenau University of Technology
+
+
+	^: mismatched
+
+
+	These altnames don't exist:
+
+		- wwwdev.tu-ilmenau.de
+
+-->
+<ruleset name="TU-Ilmenau.de">
+
+	<target host="tu-ilmenau.de" />
+	<target host="www.tu-ilmenau.de" />
+	<target host="wwwtest.tu-ilmenau.de" />
+
+
+	<!--	Not secured by server:
+					-->
+	<securecookie host="^\.www(?:test)?\.tu-ilmenau\.de$" name="^fe_typo_user$" />
+
+
+	<rule from="^http://(?:www(test)?\.)?tu-ilmenau\.de/"
+		to="https://www$1.tu-ilmenau.de/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TUE.nl.xml b/src/chrome/content/rules/TUE.nl.xml
new file mode 100644
index 000000000000..4a02394730b9
--- /dev/null
+++ b/src/chrome/content/rules/TUE.nl.xml
@@ -0,0 +1,57 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://m.edu.tue.nl/ => https://m.edu.tue.nl/: (51, "SSL: no alternative certificate subject name matches target host name 'm.edu.tue.nl'")
+Fetch error: http://m.ond.tue.nl/ => https://m.ond.tue.nl/: (51, "SSL: no alternative certificate subject name matches target host name 'm.ond.tue.nl'")
+
+	Eindhoven University of Technology
+
+
+	Nonfunctional hosts in *tue.nl:
+
+		- cso ¹
+		- oase ᵃ
+		- (www.)?education ᵃ
+		- (www.)?onderwijs ᵃ
+		- w3 *
+		- w3.win *
+
+	¹ 401
+	ᵃ Shows another domain
+	* Refused
+
+
+	These altnames don't exist:
+
+		- www.educationguide.tue.nl
+		- www.intranet.tue.nl
+		- www.static.tue.nl
+
+-->
+<ruleset name="TUE.nl (partial)" default_off="failed ruleset test">
+
+	<target host="tue.nl" />
+	<target host="m.edu.tue.nl" />
+	<target host="educationguide.tue.nl" />
+	<target host="educationsso.tue.nl" />
+	<target host="intranet.tue.nl" />
+	<target host="static.intranet.tue.nl" />
+	<target host="m.ond.tue.nl" />
+	<target host="onderwijssso.tue.nl" />
+	<target host="planapp.tue.nl" />
+	<target host="static.tue.nl" />
+	<target host="studiegids.tue.nl" />
+	<target host="static.studiegids.tue.nl" />
+	<target host="www.studiegids.tue.nl" />
+	<target host="www.win.tue.nl" />
+	<target host="www.tue.nl" />
+
+
+	<securecookie host="^\w" name=".+" />
+	<securecookie host="^\." name="^_gat?$" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TUGraz.at.xml b/src/chrome/content/rules/TUGraz.at.xml
new file mode 100644
index 000000000000..6b7df774977e
--- /dev/null
+++ b/src/chrome/content/rules/TUGraz.at.xml
@@ -0,0 +1,99 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://online.tu-graz.ac.at/ => https://online.tu-graz.ac.at/: (51, "SSL: no alternative certificate subject name matches target host name 'online.tu-graz.ac.at'")
+
+	Technische Universität Graz
+
+
+	Nonfunctional subdomains:
+
+		- (www.) ¹
+		- campusonline ²
+		- institute ³
+		- (www.)presse ³
+		- tugnet ⁴
+		- www.zid ⁴
+
+	¹ 404
+	² Redirects to http
+	³ Shows dav-id
+	⁴ Shows portal
+
+
+	Problematic domains:
+
+		- tugraz.at subdomains:
+
+			- lamp ¹
+			- zid ²
+
+	¹ Works, expired
+	² Works, mismatched
+
+
+	Partially covered domains:
+
+		- portal.tugraz.at *
+
+	* $ redirects to http, at least some pages 404
+
+
+	Fully covered domains:
+
+		- tugraz.at subdomains:
+
+			- analytics
+			- www.campusonline
+			- dav-id
+			- donation
+			- jce.iaik
+			- online
+			- sso
+			- tu4u
+
+		- online.tu-graz.ac.at
+
+
+	These altnames don't exist:
+
+		- www.tu4u.tugraz.at
+
+
+	Mixed content:
+
+		- css on lamp.tugraz.at and lamp.tu-graz.ac.at from portal.tugraz.at *
+
+		- Images on lamp.tugraz.at and lamp.tu-graz.ac.at from portal.tugraz.at *
+
+	* Unsecurable <= 404
+
+-->
+<ruleset name="TUGRaz.at (partial)" default_off="failed ruleset test">
+
+	<target host="analytics.tugraz.at" />
+	<target host="www.campusonline.tugraz.at" />
+	<target host="dav-id.tugraz.at" />
+	<target host="donation.tugraz.at" />
+	<target host="jce.iaik.tugraz.at" />
+	<target host="online.tugraz.at" />
+	<target host="portal.tugraz.at" />
+	<target host="sso.tugraz.at" />
+	<target host="tu4u.tugraz.at" />
+	<target host="tugnet.tugraz.at" />
+	<target host="www.zid.tugraz.at" />
+		<!--exclusion pattern="^http://(campusonline|institute|lamp|presse|tugnet|(www\.)?zid|www)\.tugraz\.at/" /-->
+		<exclusion pattern="^http://portal\.tugraz\.at/+(?!tugraz/sso/login\?site2pstoretoken=)" />
+	<target host="online.tu-graz.ac.at" />
+
+
+
+	<rule from="^http://tugnet\.tugraz\.at/"
+		to="https://portal.tugraz.at/portal/page/portal/zid/netzwerk/" />
+
+	<rule from="^http://www\.zid\.tugraz\.at/"
+		to="https://portal.tugraz.at/portal/page/portal/zid/" />
+
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TUHH.de.xml b/src/chrome/content/rules/TUHH.de.xml
new file mode 100644
index 000000000000..f147ea42b13a
--- /dev/null
+++ b/src/chrome/content/rules/TUHH.de.xml
@@ -0,0 +1,49 @@
+<!--
+	Technische Universitaet Hamburg-Harburg
+
+
+	Nonfunctional domains:
+
+		- asta.tu-harburg.de ¹
+
+		- pdf.v.tuhh.de ²
+
+	¹ Refused
+	² http reply
+
+
+	Fully covered domains:
+
+		- www.tu-hamburg.de
+
+		- intranet.tu-harburg.de
+		- intranet.v.tu-harburg.de
+		- www.tu-harburg.de
+
+		- intranet.tuhh.de
+		- intranet.v.tuhh.de
+		- www.tuhh.de
+
+
+	^tu-hamburg.de doesn't exist.
+	^tu-harburg.de doesn't exist.
+	^tuhh.de doesn't exist.
+
+-->
+<ruleset name="TUHH.de (partial)">
+
+	<target host="www.tu-hamburg.de" />
+	<target host="intranet.tu-harburg.de" />
+	<target host="intranet.v.tu-harburg.de" />
+	<target host="www.tu-harburg.de" />
+	<target host="intranet.tuhh.de" />
+	<target host="intranet.v.tuhh.de" />
+	<target host="www.tuhh.de" />
+		<!--exclusion pattern="^http://asta\.tu-harburg\.de/" /-->
+
+		<!--exclusion pattern="^http://pdf\.v\.tuhh\.de/" /-->
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TUKE.sk.xml b/src/chrome/content/rules/TUKE.sk.xml
new file mode 100644
index 000000000000..d7c793ae45de
--- /dev/null
+++ b/src/chrome/content/rules/TUKE.sk.xml
@@ -0,0 +1,20 @@
+<!--
+    certificate chain issues:
+	- www.lib.tuke.sk
+	- kip.tuke.sk
+	- web.tuke.sk
+	- www.sdaj.tuke.sk
+-->
+<ruleset name="TUKE.sk">
+	<target host="tuke.sk" />
+	<target host="www.tuke.sk" />
+	<target host="kj.tuke.sk" />
+	<target host="uvt.tuke.sk" />
+	<target host="ktv.tuke.sk" />
+	<target host="accesscentre.tuke.sk" />
+	<target host="www.uvptechnicom.sk" />
+	<target host="eprihlaska.tuke.sk" />
+	<target host="studium.tuke.sk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TUT.fi.xml b/src/chrome/content/rules/TUT.fi.xml
new file mode 100644
index 000000000000..3d5be1a5a214
--- /dev/null
+++ b/src/chrome/content/rules/TUT.fi.xml
@@ -0,0 +1,33 @@
+<!--
+	Tampere University of Technology
+
+
+	www: redirects to idp
+
+
+	Fully covered subdomains:
+
+		- www.cs
+		- idp
+
+-->
+<ruleset name="TUT.fi (partial)">
+
+	<target host="www.cs.tut.fi" />
+	<target host="idp.tut.fi" />
+
+
+	<!--	Secured by server:
+					-->
+	<!--securecookie host="^idp\.tut\.fi$" name="^(JSESSIONID|_idp_authn_lc_key)$" /-->
+	<!--
+		Not secured by server:
+					-->
+	<!--securecookie host="^idp\.tut\.fi$" name="^idp_lb_selection$" /-->
+
+	<securecookie host="^idp\.tut\.fi$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TUZVO.sk.xml b/src/chrome/content/rules/TUZVO.sk.xml
new file mode 100644
index 000000000000..368ddf137823
--- /dev/null
+++ b/src/chrome/content/rules/TUZVO.sk.xml
@@ -0,0 +1,13 @@
+<ruleset name="TUZVO.sk">
+	<target host="tuzvo.sk" />
+	<target host="www.tuzvo.sk" />
+	<target host="dokumenty.tuzvo.sk" />
+	<target host="books.tuzvo.sk" />
+	<target host="sdj.tuzvo.sk" />
+	<target host="is.tuzvo.sk" />
+	<target host="sldk.tuzvo.sk" />
+	<target host="cdv.tuzvo.sk" />
+	<target host="cit.tuzvo.sk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TV.com.xml b/src/chrome/content/rules/TV.com.xml
deleted file mode 100644
index e9b01e5b1e4c..000000000000
--- a/src/chrome/content/rules/TV.com.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<!-- tv.com includes stuff from .com.com. which do NOT allow https :( -->
-<ruleset name="TV.com (broken)" default_off="JS redirects back to HTTP">
-	<target host="tv.com" />
-	<target host="www.tv.com" />
-
-	<rule from="^http://tv\.com/" to="https://www.tv.com/"/>
-	<rule from="^http://www\.tv\.com/" to="https://www.tv.com/"/>
-</ruleset>
-
diff --git a/src/chrome/content/rules/TV1.eu.xml b/src/chrome/content/rules/TV1.eu.xml
new file mode 100644
index 000000000000..834d4b24146a
--- /dev/null
+++ b/src/chrome/content/rules/TV1.eu.xml
@@ -0,0 +1,5 @@
+<ruleset name="TV1.eu">
+  <target host="player.cdn.tv1.eu" />
+  <test url="http://player.cdn.tv1.eu/player/macros/brtv/tksplayer.js" />
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TV2.dk-mixedcontent.xml b/src/chrome/content/rules/TV2.dk-mixedcontent.xml
new file mode 100644
index 000000000000..be5d40d6557d
--- /dev/null
+++ b/src/chrome/content/rules/TV2.dk-mixedcontent.xml
@@ -0,0 +1,18 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://mad.tv2.dk/ => https://mad.tv2.dk/: Too many redirects while fetching 'https://mad.tv2.dk/'
+
+-->
+
+<!--
+	See TV2.dk.xml for all comments on this rule.
+-->
+<ruleset name="TV2.dk (mixed content)" platform="mixedcontent" default_off="failed ruleset test">
+	<target host="google.tv2.dk" />
+	<target host="mad.tv2.dk" />
+	<target host="ttv.tv2.dk" />
+
+	<rule from="^http:"
+		to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/TV2.dk.xml b/src/chrome/content/rules/TV2.dk.xml
new file mode 100644
index 000000000000..867c09ba6dab
--- /dev/null
+++ b/src/chrome/content/rules/TV2.dk.xml
@@ -0,0 +1,88 @@
+<!--
+	Domains not covered:
+		- www (and web root) *
+
+		- beep *
+		- common *****
+		- forgeofempires ***
+		- finans *
+		- fri *
+		- go *
+		- nyhederne *
+		- nyhedsbreve ***
+		- lb-stat.tv2.dk **
+		- omtv2 **
+		- piratestorm **
+		- play ****
+		- politik *
+		- presse **
+		- programmer *
+		- risingcities **
+		- seafight **
+		- shakes-and-fidget ***
+		- soccer-star ***
+		- spilskyen ***
+		- sporten *
+		- sr **
+		- tribalwars ***
+		- tv2media.dk **
+		- *.tv2net.dk ***
+		- tvtid *
+		- vejret *
+		- zulu.dk ***
+
+	    * automatically redirect to http
+	   ** connection times out/refused
+	  *** bad certificate
+	 **** https works but almost all content is served on
+	      http, so the site is largely useless
+	***** generally works well but breaks video streaming
+	      on some pages
+
+	Covered domains:
+		- drupal-images
+		- epg-images
+		- feeds
+		- files
+		- google **
+		- grid
+		- mad *
+		- r7
+		- spil
+		- spillehallen
+		- ttv **
+		- vendor
+		- weatherimages
+		- whistleblower
+
+	 * Video streaming will fail on "mixedcontent" platforms
+	** Style sheet will not load on "mixedcontent" platforms
+
+	All mixed content domains are included in TV2.dk-mixedcontent.xml, so
+	as to allow the non-mixed content rules to be used even in browsers
+	covered by platform="mixedcontent".
+
+	Mixed content from external domains:
+		- cf.datawrapper.de *
+		- e2.emediate.se
+		- ll.lp4.io *
+		- tv2.dk.nuggad.net *
+
+	* not secured by us
+-->
+<ruleset name="TV2.dk (partial)">
+	<target host="drupal-images.tv2.dk" />
+	<target host="eps-images.tv2.dk" />
+	<target host="feeds.tv2.dk" />
+	<target host="files.tv2.dk" />
+	<target host="grid.tv2.dk" />
+	<target host="r7.tv2.dk" />
+	<target host="spil.tv2.dk" />
+	<target host="spillehallen.tv2.dk" />
+	<target host="vendor.tv2.dk" />
+	<target host="weatherimages.tv2.dk" />
+	<target host="whistleblower.tv2.dk" />
+
+	<rule from="^http:"
+		to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/TV4Play.se.xml b/src/chrome/content/rules/TV4Play.se.xml
index 70636be80a2f..74f6c33b9829 100644
--- a/src/chrome/content/rules/TV4Play.se.xml
+++ b/src/chrome/content/rules/TV4Play.se.xml
@@ -1,7 +1,54 @@
-<ruleset name="TV4play.se">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://account.services.tv4play.se/ => https://account.services.tv4play.se/: (6, 'Could not resolve host: account.services.tv4play.se')
+Fetch error: http://video-annotator.services.tv4play.se/ => https://video-annotator.services.tv4play.se/: (6, 'Could not resolve host: video-annotator.services.tv4play.se')
+ ServerAlternate Names from the cert:
+
+img-staging.koket.se
+img.koket.se
+staging.koket.se
+www.koket.se
+www.sfanytime.com
+www.sfanytime.se
+secure.sfanytime.com
+secure.sfanytime.se
+
+Cert mismatch:
+
+	- atv-live.tv4play.se , cert only valid for *.herokuapp.com
+	- secure.tv4play.se , cert only valid for prima.tv4play.se
+
+Can't be resolved:
+	- progdwnl.tv4.se
+	- secure.tv4.se
+
+Connection refused:
+	- ^
+	- api.tv4play.se
+-->
+<ruleset name="TV4play.se"  default_off="failed ruleset test">
+
+	<target host="account.services.tv4play.se" />
+	<target host="android.tv4play.se" />
+	<target host="api.tv4play.se" />
+	<target host="ios-conf.tv4play.se" />
+	<target host="ios.tv4play.se" />
+	<target host="papi.tv4play.se" />
+	<target host="prima.tv4play.se" />
+	<target host="sslapi.tv4play.se" />
 	<target host="tv4play.se" />
+	<target host="video-annotator.services.tv4play.se" />
+	<target host="www.tv4.se" />
 	<target host="www.tv4play.se" />
-	<rule from="^http://www\.tv4play\.se/" to="https://www.tv4play.se/"/>
+
+	<target host="img0.tv4cdn.se" />
+	<target host="img1.tv4cdn.se" />
+	<target host="img2.tv4cdn.se" />
+	<target host="img3.tv4cdn.se" />
+
+	<rule from="^http://api\.tv4play\.se/" to="https://sslapi.tv4play.se/"/>
 	<rule from="^http://tv4play\.se/" to="https://www.tv4play.se/"/>
-</ruleset>
+	<rule from="^http:" to="https:"/>
 
+</ruleset>
diff --git a/src/chrome/content/rules/TVBrowser.org.xml b/src/chrome/content/rules/TVBrowser.org.xml
index b30da1665647..abbac6d1d099 100644
--- a/src/chrome/content/rules/TVBrowser.org.xml
+++ b/src/chrome/content/rules/TVBrowser.org.xml
@@ -36,7 +36,8 @@
 <ruleset name="TVBrowser.org" default_off="mismatched, self-signed" platform="mixedcontent">
 
 	<target host="tvbrowser.org" />
-	<target host="*.tvbrowser.org" />
+	<target host="hilfe.tvbrowser.org" />
+	<target host="www.tvbrowser.org" />
 
 
 	<securecookie host="^(?:\.hilfe\.)?tvbrowser\.org$" name=".+" />
@@ -45,4 +46,4 @@
 	<rule from="^http://(?:(hilfe\.)|www\.)?tvbrowser\.org/"
 		to="https://$1tvbrowser.org/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/TVLine.com.xml b/src/chrome/content/rules/TVLine.com.xml
new file mode 100644
index 000000000000..389d7d3d5dda
--- /dev/null
+++ b/src/chrome/content/rules/TVLine.com.xml
@@ -0,0 +1,29 @@
+<!--
+	www: Mismatched
+
+
+	Mixed content:
+
+		- Bug from b.scorecardresearch.com *
+
+	* Secured by us
+
+-->
+<ruleset name="TVLine.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="tvline.com" />
+
+	<!--	Complications:
+				-->
+	<target host="www.tvline.com" />
+
+
+	<rule from="^http://www\.tvline\.com/"
+		to="https://tvline.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TVLinks.xml b/src/chrome/content/rules/TVLinks.xml
deleted file mode 100644
index 01ef27dd514c..000000000000
--- a/src/chrome/content/rules/TVLinks.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	Nonfunctional domains:
-
-		- (www.)tv-links.eu	(times out)
-
--->
-<ruleset name="TVLinks (partial)">
-
-	<target host="*.tvlim.com" />
-
-
-	<rule from="^https?://i\.tvlim\.com/"
-		to="https://d2hhnaah6fgxxa.cloudfront.net/" />
-
-	<rule from="^https?://s\.tvlim\.com/"
-		to="https://d1fv5i6aszv8fs.cloudfront.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/TVMaze.com.xml b/src/chrome/content/rules/TVMaze.com.xml
new file mode 100644
index 000000000000..1405cc43fe76
--- /dev/null
+++ b/src/chrome/content/rules/TVMaze.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="TVmaze.com">
+		<target host="tvmaze.com" />
+        <target host="www.tvmaze.com" />
+        
+        <target host="static.tvmaze.com" />
+        <target host="api.tvmaze.com" />
+
+        <rule from="^http:"
+                to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TVNZ.xml b/src/chrome/content/rules/TVNZ.xml
index 6fd9d9f1a70a..abc5542e319f 100644
--- a/src/chrome/content/rules/TVNZ.xml
+++ b/src/chrome/content/rules/TVNZ.xml
@@ -1,13 +1,51 @@
+<!--
+	CDN buckets:
+
+		- download.tvnz.co.nz.edgesuite.net
+
+
+	Problematic subdomains:
+
+		- download ¹
+		- shop ²
+
+	¹ Works, akamai
+	² BigCommerce
+
+
+	Mixed content:
+
+		- css on ^ from images ¹
+
+		- Images on ^ and shop from images ²
+
+		- Bugs on ^ from metrics
+
+	¹ Secured by us, effect seems minimal
+	² Secured by us
+
+-->
 <ruleset name="TVNZ">
 
 	<target host="tvnz.co.nz" />
-	<target host="*.tvnz.co.nz" />
+	<target host="www.tvnz.co.nz" />
+	<target host="careers.tvnz.co.nz" />
+	<target host="download.tvnz.co.nz" />
+	<target host="www.careers.tvnz.co.nz" />
+	<target host="images.tvnz.co.nz" />
+	<target host="shop.tvnz.co.nz" />
 
 
 	<securecookie host="^\.?tvnz\.co\.nz$" name=".+" />
 
 
-	<rule from="^http://(images\.|www\.)?tvnz\.co\.nz/"
-		to="https://$1tvnz.co.nz/" />
+	<rule from="^http://download\.tvnz\.co\.nz/"
+		to="https://images.tvnz.co.nz/" />
+
+	<rule from="^http://shop\.tvnz\.co\.nz/"
+		to="https://store-prbg35.mybigcommerce.com/" />
+
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/TVNewsCheck.com.xml b/src/chrome/content/rules/TVNewsCheck.com.xml
index 646364441346..d46e16e83f48 100644
--- a/src/chrome/content/rules/TVNewsCheck.com.xml
+++ b/src/chrome/content/rules/TVNewsCheck.com.xml
@@ -11,11 +11,12 @@
 <ruleset name="TVNewsCheck.com (partial)">
 
 	<target host="tvnewscheck.com" />
-	<target host="*.tvnewscheck.com" />
+	<target host="assets.tvnewscheck.com" />
+	<target host="www.tvnewscheck.com" />
 		<exclusion pattern="^http://(?:www\.)?tvnewscheck\.com/(?!asset/|/?playout/wp-content/|resource/|sites/|sso/)" />
 
 
 	<rule from="^http://(?:assets\.|www\.)?tvnewscheck\.com/"
 		to="https://www.tvnewscheck.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/TVShow_Time.com.xml b/src/chrome/content/rules/TVShow_Time.com.xml
new file mode 100644
index 000000000000..c023408196be
--- /dev/null
+++ b/src/chrome/content/rules/TVShow_Time.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="TVShow Time.com">
+
+	<target host="tvshowtime.com" />
+	<target host="www.tvshowtime.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TVTropes.org.xml b/src/chrome/content/rules/TVTropes.org.xml
new file mode 100644
index 000000000000..c26877945bee
--- /dev/null
+++ b/src/chrome/content/rules/TVTropes.org.xml
@@ -0,0 +1,12 @@
+<ruleset name="TVTropes.org">
+
+	<target host="tvtropes.org" />
+	<target host="www.tvtropes.org" />
+	<target host="static.tvtropes.org" />
+		<test url="http://static.tvtropes.org/pmwiki/pub/images/christmas_m-ms_5132.jpg" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TV_Tropes.xml b/src/chrome/content/rules/TV_Tropes.xml
deleted file mode 100644
index 40a79aded7aa..000000000000
--- a/src/chrome/content/rules/TV_Tropes.xml
+++ /dev/null
@@ -1,26 +0,0 @@
-<!--
-	CDN buckets:
-
-		- gp1.wac.edgecastcdn.net/00A20D/
-
-			- static
-
-
-	Nonfunctional domains:
-
-		- mediatropes.info *
-		- (www.)tvtropes.org *
-
-	* Reset
-
--->
-<ruleset name="TV Tropes (partial)" default_off="webmaster request">
-
-	<target host="static.mediatropes.info" />
-	<target host="static.tvtropes.org" />
-
-
-	<rule from="^http://static\.(?:mediatropes\.info|tvtropes\.org)/"
-		to="https://gp1.wac.edgecastcdn.net/00A20D/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/TWDown.net.xml b/src/chrome/content/rules/TWDown.net.xml
new file mode 100644
index 000000000000..7c4c1b907bd9
--- /dev/null
+++ b/src/chrome/content/rules/TWDown.net.xml
@@ -0,0 +1,8 @@
+<ruleset name="TWDown.net">
+	<target host="twdown.net" />
+	<target host="www.twdown.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TWRP.xml b/src/chrome/content/rules/TWRP.xml
new file mode 100644
index 000000000000..a106ac0a4ee0
--- /dev/null
+++ b/src/chrome/content/rules/TWRP.xml
@@ -0,0 +1,19 @@
+<!--
+	Non-functional domain:
+		- teamw.in (obsolete)
+
+	Invalid certificate:
+		- www.twrp.me
+-->
+<ruleset name="TWRP">
+	<target host="twrp.me" />
+	<target host="dl.twrp.me" />
+	<target host="eu.dl.twrp.me" />
+	<target host="gerrit.twrp.me" />
+	<target host="jenkins.twrp.me" />
+
+	<securecookie host="^.*\.twrp\.me$" name=".+" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TWiT.tv.xml b/src/chrome/content/rules/TWiT.tv.xml
new file mode 100644
index 000000000000..28c99cd7a5dc
--- /dev/null
+++ b/src/chrome/content/rules/TWiT.tv.xml
@@ -0,0 +1,13 @@
+<ruleset name="TWiT.tv">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="twit.tv" />
+	<target host="elroy.twit.tv" />
+	<target host="www.twit.tv" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TXT.ca.xml b/src/chrome/content/rules/TXT.ca.xml
new file mode 100644
index 000000000000..89db350b6f5d
--- /dev/null
+++ b/src/chrome/content/rules/TXT.ca.xml
@@ -0,0 +1,6 @@
+<ruleset name="TXT.ca">
+	<target host="txt.ca" />
+	<target host="www.txt.ca" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TYPO3.org-falsemixed.xml b/src/chrome/content/rules/TYPO3.org-falsemixed.xml
new file mode 100644
index 000000000000..b441b954a5b4
--- /dev/null
+++ b/src/chrome/content/rules/TYPO3.org-falsemixed.xml
@@ -0,0 +1,17 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://flow.typo3.org/ => https://flow.typo3.org/: (51, "SSL: no alternative certificate subject name matches target host name 'flow.typo3.org'")
+
+	For rules not causing false/broken MCB, see TYPO3.xml.
+
+-->
+<ruleset name="TYPO3.org (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
+
+	<target host="flow.typo3.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TYPO3.xml b/src/chrome/content/rules/TYPO3.xml
index 12dcd0047ea9..5345a26447ad 100644
--- a/src/chrome/content/rules/TYPO3.xml
+++ b/src/chrome/content/rules/TYPO3.xml
@@ -1,6 +1,113 @@
-<ruleset name="TYPO3">
-  <target host="typo3.org"/>
-  <target host="www.typo3.org"/>
 
-  <rule from="^http://(www\.)?typo3\.org/" to="https://typo3.org/"/>
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://flow.typo3.org/_Resources/Static/Packages/TYPO3.FlowTypo3Org/Stylesheets/print.css => https://flow.typo3.org/_Resources/Static/Packages/TYPO3.FlowTypo3Org/Stylesheets/print.css: (51, "SSL: no alternative certificate subject name matches target host name 'flow.typo3.org'")
+
+	For rules causing false/broken MCB, see TYPO3.org-falsemixed.xml.
+
+	Nonfunctional hosts in *typo3.org:
+
+		- demo ¹
+		- lists ²
+
+	¹ Dropped
+	² Refused
+
+
+	Problematic hosts in *typo3.org:
+
+		- flow ¹
+		- neos ²
+
+	¹ Mixed css from $self
+	² Mismatched
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .typo3.org
+		- buzz.typo3.org
+		- forge.typo3.org
+		- .forum.typo3.org
+
+
+	Mixed content:
+
+		- css on flow from $self *
+		- Images flow from $self *
+		- favicon on buzz, flow from $self *
+		- Bug on ^, buzz, forum, wiki from piwik.typo3.org *
+
+	⁴ Secured by us
+
+-->
+<ruleset name="TYPO3.org (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="typo3.org"/>
+	<target host="association.typo3.org" />
+	<target host="buzz.typo3.org" />
+	<target host="certification.typo3.org" />
+	<target host="composer.typo3.org" />
+	<target host="docs.typo3.org" />
+	<target host="flow.typo3.org" />
+	<target host="forge.typo3.org" />
+	<target host="forum.typo3.org" />
+	<target host="get.typo3.org" />
+	<target host="git.typo3.org" />
+	<target host="piwik.typo3.org" />
+	<target host="review.typo3.org" />
+	<target host="shop.typo3.org" />
+	<target host="wiki.typo3.org" />
+	<target host="www.typo3.org" />
+
+	<!--	Complications:
+				-->
+	<target host="neos.typo3.org" />
+
+		<exclusion pattern="^http://flow\.typo3\.org/+(?!_Resources/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://flow.typo3.org/community" />
+			<test url="http://flow.typo3.org/home" />
+			<test url="http://flow.typo3.org/support" />
+
+			<!--	-ve:
+					-->
+			<test url="http://flow.typo3.org/_Resources/Static/Packages/TYPO3.FlowTypo3Org/Stylesheets/print.css" />
+
+		<!--	Formerly triggered broken MCB:
+							-->
+		<test url="http://docs.typo3.org/getthedocs/" />
+		<test url="http://docs.typo3.org/typo3cms/" />
+		<test url="http://docs.typo3.org/typo3cms/CoreApiReference/" />
+		<test url="http://docs.typo3.org/typo3cms/Index.html" />
+		<test url="http://docs.typo3.org/typo3cms/InstallationGuide/" />
+		<test url="http://docs.typo3.org/typo3cms/SecurityGuide/" />
+		<test url="http://docs.typo3.org/typo3cms/TyposcriptSyntaxReference/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.typo3\.org$" name="^fe_typo_user$" /-->
+	<!--securecookie host="^buzz\.typo3\.org$" name="^fe_typo_user$" /-->
+	<!--securecookie host="^forge\.typo3\.org$" name="^_redmine_session$" /-->
+	<!--securecookie host="^\.forum\.typo3\.org$" name="^fud_session_\d+$" /-->
+
+	<securecookie host="^\." name="^fe_typo_user$" />
+	<securecookie host="^(?!flow\.)." name=".+" />
+
+
+	<!--	Redirect keeps path and args,
+		but not forward slash:
+					-->
+	<rule from="^http://neos\.typo3\.org/+"
+		to="https://www.neos.io/" />
+
+		<test url="http://neos.typo3.org//" />
+
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/TZ.de.xml b/src/chrome/content/rules/TZ.de.xml
new file mode 100644
index 000000000000..df98030befc0
--- /dev/null
+++ b/src/chrome/content/rules/TZ.de.xml
@@ -0,0 +1,26 @@
+<!--
+	This domain contains a wildcard DNS record.
+
+	Covered by other rulesets:
+		on.tz.de (Bitly_branded_short_domains.xml)
+
+	Timeout:
+		media.tz.de
+-->
+<ruleset name="TZ.de">
+
+	<target host="tz.de" />
+	<target host="www.tz.de" />
+	<target host="abo.tz.de" />
+	<target host="www.abo.tz.de" />
+	<target host="lust.tz.de" />
+	<target host="markt.lust.tz.de" />
+	<target host="markt.tz.de" />
+	<target host="playground.tz.de" />
+	<target host="promo.tz.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TaDst.com.xml b/src/chrome/content/rules/TaDst.com.xml
new file mode 100644
index 000000000000..507f5d574034
--- /dev/null
+++ b/src/chrome/content/rules/TaDst.com.xml
@@ -0,0 +1,25 @@
+<!--
+	CDN buckets:
+
+		- sourcecdn.edgesuite.net
+
+			- a
+
+
+	Problematic subdomains:
+
+		- a *
+
+	* Akamai
+
+-->
+<ruleset name="TaDst.com">
+
+	<target host="a.tadst.com" />
+	<target host="c.tadst.com" />
+
+
+	<rule from="^http://[ac]\.tadst\.com/"
+		to="https://c.tadst.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Tableau.com.xml b/src/chrome/content/rules/Tableau.com.xml
new file mode 100644
index 000000000000..c0099408beaf
--- /dev/null
+++ b/src/chrome/content/rules/Tableau.com.xml
@@ -0,0 +1,45 @@
+<!--
+	Other Tableau Software rulesets:
+
+		- TblSft.com.xml
+
+
+	^tableau.com: Refused
+
+
+	Insecure cookies are set for these hosts:
+
+		- careers.tableau.com
+
+-->
+<ruleset name="Tableau.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="careers.tableau.com" />
+	<target host="public.tableau.com" />
+	<target host="www.tableau.com" />
+
+	<!--	Complications:
+				-->
+	<target host="tableau.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^careers\.tableau\.com$" name="^BIGipServercareers_pool_prod_http$" /-->
+
+	<securecookie host="^\." name="^_gat?$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<!--	Redirect preserves path,
+		args, and forward slash:
+					-->
+	<rule from="^http://tableau\.com/"
+		to="https://www.tableau.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Taboola.xml b/src/chrome/content/rules/Taboola.xml
index 853c31c2dab1..0d4144c888d0 100644
--- a/src/chrome/content/rules/Taboola.xml
+++ b/src/chrome/content/rules/Taboola.xml
@@ -1,44 +1,68 @@
 <!--
-	CDN buckets:
+	Other Taboola rulesets:
+		- Taboolasyndication.com.xml
 
+	CDN buckets:
 		- orig-1000[23].taboola.cotcdn.net
 
-
-	Nonfunctional domains:
-
-		- cdn.taboolasyndication.com
-		- trc.taboolasyndication.com
-
-
-	Partially covered subdomains:
-
-		- trc	(libtrc/\w+/rbox.js 502s)
-
-
-	Fully covered subdomains:
-
-		- images
-
+	Invalid certificate:
+		- cannes2016.taboola.com
+		- events.taboola.com
+		- pages.taboola.com
 -->
-<ruleset name="Taboola (partial)">
 
+<ruleset name="Taboola">
 	<target host="taboola.com" />
-	<target host="*.taboola.com" />
-		<!--
-			502:
-				-->
-		<exclusion pattern="^http://trc\.taboola\.com/libtrc/" />
-
-
-	<securecookie host="^www\.taboola\.com$" name=".*" />
-
-
-	<!--	Cert only matches *.taboola.com.
-							-->
-	<rule from="^http://(?:www\.)?taboola\.com/"
-		to="https://www.taboola.com/" />
-
-	<rule from="^http://(images|trc)\.taboola\.com/"
-		to="https://$1.taboola.com/" />
-
+	<target host="www.taboola.com" />
+	<target host="15.taboola.com" />
+	<target host="accessrequest.taboola.com" />
+	<target host="am-trc.taboola.com" />
+	<target host="api.taboola.com" />
+	<target host="authentication.taboola.com" />
+	<target host="backstage.taboola.com" />
+	<target host="backstage-demo.taboola.com" />
+	<target host="billing.taboola.com" />
+	<target host="blog.taboola.com" />
+	<target host="blogde.taboola.com" />
+	<target host="blogfr.taboola.com" />
+	<target host="blogjp.taboola.com" />
+	<target host="blogpt.taboola.com" />
+	<target host="branding.taboola.com" />
+	<target host="c2.taboola.com" />
+	<target host="careers.taboola.com" />
+	<target host="cdn.taboola.com" />
+	<target host="cdn-yjp.taboola.com" />
+	<target host="cn.taboola.com" />
+	<target host="content.taboola.com" />
+	<target host="engineering.taboola.com" />
+	<target host="feed.taboola.com" />
+	<target host="gallery.taboola.com" />
+	<target host="go.taboola.com" />
+	<target host="help.taboola.com" />
+	<target host="il-vpn.taboola.com" />
+	<target host="images.taboola.com" />
+	<target host="japanese.taboola.com" />
+	<target host="jobs.taboola.com" />
+	<target host="jp.taboola.com" />
+	<target host="ko.taboola.com" />
+	<target host="la-trc.taboola.com" />
+	<target host="mb.taboola.com" />
+	<target host="netstorage.taboola.com" />
+	<target host="newsroom-help.taboola.com" />
+	<target host="newsroomhelp.taboola.com" />
+	<target host="nr.taboola.com" />
+	<target host="opps.taboola.com" />
+	<target host="popup.taboola.com" />
+	<target host="signup.taboola.com" />
+	<target host="store.taboola.com" />
+	<target host="swag.taboola.com" />
+	<target host="trc.taboola.com" />
+	<target host="trc-f.taboola.com" />
+	<target host="trends.taboola.com" />
+	<target host="vision.taboola.com" />
+	<target host="yahoojp.taboola.com" />
+
+	<securecookie host="^www\.taboola\.com$" name=".+" />
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Taboolasyndication.com.xml b/src/chrome/content/rules/Taboolasyndication.com.xml
new file mode 100644
index 000000000000..802f53f4067e
--- /dev/null
+++ b/src/chrome/content/rules/Taboolasyndication.com.xml
@@ -0,0 +1,32 @@
+<!--
+	For other Taboola coverage, see Taboola.xml.
+
+
+	CDN buckets:
+
+		- esd.taboola.com.edgesuite.net
+
+			- cdn
+
+
+	Nonfunctional domains:
+
+		- trc.taboolasyndication.com
+
+
+	Problematic subdomains:
+
+		- cdn *
+
+	* Akamai
+
+-->
+<ruleset name="Taboolasyndication.com (partial)">
+
+	<target host="cdn.taboolasyndication.com" />
+
+
+	<rule from="^http://cdn\.taboolasyndication\.com/"
+		to="https://cdn.taboola.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Tachanka.org.xml b/src/chrome/content/rules/Tachanka.org.xml
new file mode 100644
index 000000000000..4487603b0d23
--- /dev/null
+++ b/src/chrome/content/rules/Tachanka.org.xml
@@ -0,0 +1,10 @@
+<ruleset name="Tachanka.org">
+
+	<target host="tachanka.org" />
+	<target host="www.tachanka.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Tactical_Tech.org.xml b/src/chrome/content/rules/Tactical_Tech.org.xml
index d6b2a8e29ac4..5a719cef843f 100644
--- a/src/chrome/content/rules/Tactical_Tech.org.xml
+++ b/src/chrome/content/rules/Tactical_Tech.org.xml
@@ -1,11 +1,18 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://protect.tacticaltech.org/ => https://protect.tacticaltech.org/: (28, 'Connection timed out after 20001 milliseconds')
+
 	Other Tactical Technology rulesets:
 
-		- Drawing_by_Numbers.org.xml
+		- Exposing_the_Invisible.org.xml
 		- Informationactivism.org.xml
+		- My_Shadow.com.xml
+		- Security_in_a_Box.org.xml
+		- Visualising_Advocacy.org.xml
 
 
-	Nonfunctional subdomains:
+	Nonfunctional hosts in *tacticaltech.org:
 
 		- archive *
 		- messageinabox *
@@ -15,47 +22,33 @@
 	* Shows default Drupal page
 
 
-	Fully covered subdomains:
-
-		- (www.)
-		- analytics
-		- archive2013
-		- protect
-		- survival
-
-
-	Observed cookie domains:
-
-		- ^
-		- archive2013
-		- .archive2013
-		- .protect
-		- .survival
-		- www
-
-
 	Mixed content:
 
 		- Image on survival from creativecommons.org *
 
-		- Web bug, on:
+		- Bugs, on:
 
-			- survival from analytics
+			- survival from analytics.tacticaltech.org *
 			- archive2013 from widgets.twimg.com *
 
 	* Secured by us
 
 -->
-<ruleset name="Tactical Tech.org (partial)">
+<ruleset name="Tactical Tech.org (partial)" default_off="failed ruleset test">
 
 	<target host="tacticaltech.org" />
-	<target host="*.tacticaltech.org" />
+	<target host="analytics.tacticaltech.org" />
+	<target host="archive2013.tacticaltech.org" />
+	<target host="gendersec.tacticaltech.org" />
+	<target host="protect.tacticaltech.org" />
+	<target host="survival.tacticaltech.org" />
+	<target host="www.tacticaltech.org" />
 
 
-	<securecookie host="^(?:.*\.)?tacticaltech\.org$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://((?:analytics|archive2013|protect|survival|www)\.)?tacticaltech\.org/"
-		to="https://$1tacticaltech.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Tada.com.xml b/src/chrome/content/rules/Tada.com.xml
new file mode 100644
index 000000000000..9afa988597a7
--- /dev/null
+++ b/src/chrome/content/rules/Tada.com.xml
@@ -0,0 +1,36 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .tada.com
+
+
+	Mixed content:
+
+		- css, on:
+
+			- www from fonts.googleapis.com ˢ
+			- www from img10.tada-images.com ᴬ
+
+		- Images on www from img10.tada-images.com ᴬ
+
+	ᴬ Not secured by us <= Akamai/mismatched
+	ˢ Secured by us
+
+-->
+<ruleset name="Tada.com" platform="mixedcontent">
+
+	<target host="tada.com" />
+	<target host="www.tada.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.tada\.com$" name="^(?:_data|br|p13n_id|rng|sessionid)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TafasirStore.com.xml b/src/chrome/content/rules/TafasirStore.com.xml
new file mode 100644
index 000000000000..dce05c286f57
--- /dev/null
+++ b/src/chrome/content/rules/TafasirStore.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="TafasirStore.com">
+	<target host="tafasirstore.com" />
+	<target host="www.tafasirstore.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Tafsir.net.xml b/src/chrome/content/rules/Tafsir.net.xml
new file mode 100644
index 000000000000..8c186fea3c80
--- /dev/null
+++ b/src/chrome/content/rules/Tafsir.net.xml
@@ -0,0 +1,24 @@
+<ruleset name="Tafsir.net">
+	<target host="tafsir.net"/>
+	<target host="www.tafsir.net"/>
+	<target host="api.tafsir.net"/>
+	<target host="cpanel.tafsir.net"/>
+	<target host="library.tafsir.net"/>
+	<target host="www.library.tafsir.net"/>
+	<target host="mlffat.tafsir.net"/>
+	<target host="www.mlffat.tafsir.net"/>
+	<target host="media.tafsir.net"/>
+	<target host="services.tafsir.net"/>
+	<target host="static.tafsir.net"/>
+	<target host="www.static.tafsir.net"/>
+	<target host="vb.tafsir.net"/>
+	<target host="www.vb.tafsir.net"/>
+	<target host="up.tafsir.net"/>
+	<target host="www.up.tafsir.net"/>
+	<target host="webdisk.tafsir.net"/>
+	<target host="webmail.tafsir.net"/>
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/Tafsir.one.xml b/src/chrome/content/rules/Tafsir.one.xml
new file mode 100644
index 000000000000..b7aef7dcb4d7
--- /dev/null
+++ b/src/chrome/content/rules/Tafsir.one.xml
@@ -0,0 +1,8 @@
+<ruleset name="Tafsir.one">
+	<target host="kalimah.tafsir.one" />
+	<target host="read.tafsir.one" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TafsirStore.com.xml b/src/chrome/content/rules/TafsirStore.com.xml
new file mode 100644
index 000000000000..380059c2c796
--- /dev/null
+++ b/src/chrome/content/rules/TafsirStore.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="TafsirStore.com">
+	<target host="tafsirstore.com" />
+	<target host="www.tafsirstore.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Tag1_Consulting.com.xml b/src/chrome/content/rules/Tag1_Consulting.com.xml
new file mode 100644
index 000000000000..1816d90e1977
--- /dev/null
+++ b/src/chrome/content/rules/Tag1_Consulting.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .tag1consulting.com
+
+-->
+<ruleset name="Tag1 Consulting.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="tag1consulting.com" />
+	<target host="www.tag1consulting.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.tag1consulting\.com$" name="^SESS[\da-f]{32}$" /-->
+
+	<securecookie host="^\.tag1consulting\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TagCommander.com.xml b/src/chrome/content/rules/TagCommander.com.xml
new file mode 100644
index 000000000000..cd49c1215d38
--- /dev/null
+++ b/src/chrome/content/rules/TagCommander.com.xml
@@ -0,0 +1,66 @@
+<!--
+	Mixed content:
+
+		- css on www from fonts.googleapis.com *
+
+	* Secured by us
+
+	Redirect to http:
+		- 	(www.\)tagcommander.com
+
+	Cert mismatch:
+		- landing.tagcommander.com , only valid for instapage.com
+
+		- enterpriseenrollment.commandersact.com
+		- lyncdiscover.commandersact.com
+		- msoid.commandersact.com
+		- sip.commandersact.com
+		- www2.commandersact.com
+
+	Connection refused:
+		- supervision.commandersact.com
+
+	Timeout:
+		- autodiscover.commandersact.com
+		- local.commandersact.com
+
+	Cert expired:
+		- dashboard.commandersact.com
+		- forms.commandersact.com
+		- projects.commandersact.com
+		- status.commandersact.com
+		- support.commandersact.com
+-->
+<ruleset name="TagCommander.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+
+	<target host="certification.tagcommander.com" />
+	<target host="cdn.tagcommander.com" />
+	<target host="manager.tagcommander.com" />
+	<target host="redirect1903.tagcommander.com" />
+
+	<target host="*.commander1.com" />
+
+		<test url="http://adler.commander1.com/" />
+		<test url="http://cyrillus.commander1.com/" />
+		<test url="http://mugler.commander1.com/" />
+		<test url="http://nocibefr.commander1.com/" />
+		<test url="http://redirect1903.tagcommander.com/utils/noscript.php?id=3&amp;mode=iframe" />
+		<test url="http://seidensticker.commander1.com/" />
+
+	<target host="commandersact.com" />
+	<target host="www.commandersact.com" />
+	<target host="community.commandersact.com" />
+
+	<target host="v4.commandersact.com" />
+	<target host="v5.commandersact.com" />
+	<target host="v6.commandersact.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TagMan.xml b/src/chrome/content/rules/TagMan.xml
index 01a8edc3978b..89f1dfd87564 100644
--- a/src/chrome/content/rules/TagMan.xml
+++ b/src/chrome/content/rules/TagMan.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://admin.tagman.com/ => https://admin.tagman.com/: (60, 'SSL certificate problem: certificate has expired')
+
 	For other Levexis coverage, see Levexis.xml.
 
 
@@ -12,7 +16,7 @@
 	* Refused
 
 -->
-<ruleset name="TagMan (partial)">
+<ruleset name="TagMan (partial)" default_off="failed ruleset test">
 
 	<target host="admin.tagman.com" />
 
@@ -20,7 +24,6 @@
 	<securecookie host="^admin\.tagman\.com$" name=".+" />
 
 
-	<rule from="^http://admin\.tagman\.com/"
-		to="https://admin.tagman.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Tagasauris.com.xml b/src/chrome/content/rules/Tagasauris.com.xml
new file mode 100644
index 000000000000..ace413bc7c0a
--- /dev/null
+++ b/src/chrome/content/rules/Tagasauris.com.xml
@@ -0,0 +1,25 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://photo.tagasauris.com/ => https://photo.tagasauris.com/: Too many redirects while fetching 'https://photo.tagasauris.com/'
+
+	Mixed content:
+
+		- css on www from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Tagasauris.com" default_off="failed ruleset test">
+
+	<target host="tagasauris.com" />
+	<target host="photo.tagasauris.com" />
+	<target host="www.tagasauris.com" />
+
+
+	<securecookie host="^(?:photo)?\.tagasauris\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TagesWoche.xml b/src/chrome/content/rules/TagesWoche.xml
new file mode 100644
index 000000000000..2d90adb2fcad
--- /dev/null
+++ b/src/chrome/content/rules/TagesWoche.xml
@@ -0,0 +1,17 @@
+<!--
+	HTTP redirect:
+		- todesanzeigen
+-->
+<ruleset name="TagesWoche">
+	<target host="tageswoche.ch"/>
+	<target host="www.tageswoche.ch"/>
+	<target host="ausgehen.tageswoche.ch"/>
+	<target host="blogs.tageswoche.ch"/>
+	<target host="labs.tageswoche.ch"/>
+	<target host="partner.tageswoche.ch"/>
+
+	<rule from="^http://tageswoche\.ch/"
+		to="https://www.tageswoche.ch/"/>
+	<rule from="^http:"
+		to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/Tagesanzeiger.ch.xml b/src/chrome/content/rules/Tagesanzeiger.ch.xml
new file mode 100644
index 000000000000..80cfe58210ec
--- /dev/null
+++ b/src/chrome/content/rules/Tagesanzeiger.ch.xml
@@ -0,0 +1,301 @@
+<!--
+		Most of the subdomains are selected top stories, not all of them are properly secured with a valid cert though
+
+	Cert expired:
+		- staging.mobile.tagesanzeiger.ch
+
+	Cert mismatch:
+		- www.1zu12.tagesanzeiger.ch
+		- www.abo.tagesanzeiger.ch
+		- www.abseits.tagesanzeiger.ch
+		- www.actioncam.tagesanzeiger.ch
+		- www.akwdebatte.tagesanzeiger.ch
+		- www.alttrifftjung.tagesanzeiger.ch
+		- www.antarktis.tagesanzeiger.ch
+		- www.arbeit.tagesanzeiger.ch
+		- www.arboretum.tagesanzeiger.ch
+		- www.atomstreit.tagesanzeiger.ch
+		- www.bahnhof.tagesanzeiger.ch
+		- bahnhofdach.tagesanzeiger.ch
+		- www.bankumfrage.tagesanzeiger.ch
+		- www.bestseller.tagesanzeiger.ch
+		- www.brauen.tagesanzeiger.ch
+		- brunnen.tagesanzeiger.ch
+		- www.brwahl.tagesanzeiger.ch
+		- www.buch.tagesanzeiger.ch
+		- www.bundesrat.tagesanzeiger.ch
+		- www.carlos.tagesanzeiger.ch
+		- www.cleese.tagesanzeiger.ch
+		- www.dalailama.tagesanzeiger.ch
+		- www.deweck.tagesanzeiger.ch
+		- www.dudamel.tagesanzeiger.ch
+		- www.ecopop.tagesanzeiger.ch
+		- www.einwanderung.tagesanzeiger.ch
+		- electionmarket.tagesanzeiger.ch
+		- epaper3.tagesanzeiger.ch
+		- www.erb.tagesanzeiger.ch
+		- www.fallbonstetten.tagesanzeiger.ch
+		- www.flexitarier.tagesanzeiger.ch
+		- www.frankreich.tagesanzeiger.ch
+		- www.grabung.tagesanzeiger.ch
+		- www.grundrisstest.tagesanzeiger.ch
+		- www.gymi.tagesanzeiger.ch
+		- www.hacker.tagesanzeiger.ch
+		- www.heirat.tagesanzeiger.ch
+		- www.hoeness.tagesanzeiger.ch
+		- www.hungerstreik.tagesanzeiger.ch
+		- www.hymne.tagesanzeiger.ch
+		- www.indoorkinder.tagesanzeiger.ch
+		- www.jacobs.tagesanzeiger.ch
+		- www.kakteen.tagesanzeiger.ch
+		- www.kandidaten.tagesanzeiger.ch
+		- www.kickbacks.tagesanzeiger.ch
+		- kindertagi.tagesanzeiger.ch
+		- www.klassiker.tagesanzeiger.ch
+		- www.knie.tagesanzeiger.ch
+		- www.kran.tagesanzeiger.ch
+		- www.kreuzwortraetsel.tagesanzeiger.ch
+		- www.kuba.tagesanzeiger.ch
+		- www.lauterbrunnen.tagesanzeiger.ch
+		- www.lehrplan21.tagesanzeiger.ch
+		- www.leibovitz.tagesanzeiger.ch
+		- www.lernpower.tagesanzeiger.ch
+		- www.leserbilder.tagesanzeiger.ch
+		- www.leserreise.tagesanzeiger.ch
+		- www.lichtbild.tagesanzeiger.ch
+		- www.lichtbilder.tagesanzeiger.ch
+		- liveblog.tagesanzeiger.ch
+		- www.lobbying.tagesanzeiger.ch
+		- www.m.tagesanzeiger.ch
+		- www.geldblog.tagesanzeiger.ch
+		- www.gerichtskosten.tagesanzeiger.ch/
+		- www.globus.tagesanzeiger.ch
+		- www.militaer.tagesanzeiger.ch
+		- www.mindestlohn.tagesanzeiger.ch
+		- paywall.mobile2.tagesanzeiger.ch
+		- www.moire.tagesanzeiger.ch
+		- www.nachrichtendienst.tagesanzeiger.ch
+		- www.namen.tagesanzeiger.ch
+		- www.nostalgie.tagesanzeiger.ch
+		- www.outdoor.tagesanzeiger.ch
+		- www.panama.tagesanzeiger.ch
+		- www.panorama.tagesanzeiger.ch
+		- www.pfz.tagesanzeiger.ch
+		- www.pluto.tagesanzeiger.ch
+		- www.podium.tagesanzeiger.ch
+		- www.prozess.tagesanzeiger.ch
+		- www.raetselspass.tagesanzeiger.ch
+		- www.raubkunst.tagesanzeiger.ch
+		- www.rechtundkonsum.tagesanzeiger.ch
+		- www.rio.tagesanzeiger.ch
+		- www.rosengarten.tagesanzeiger.ch
+		- www.salon.tagesanzeiger.ch
+		- www.sandro.tagesanzeiger.ch
+		- www.schaadzeile.tagesanzeiger.ch
+		- www.schule.tagesanzeiger.ch
+		- www.smarttv.tagesanzeiger.ch
+		- www.sorgerecht.tagesanzeiger.ch
+		- www.staging.tagesanzeiger.ch
+		- www.steuerdeal.tagesanzeiger.ch
+		- www.stevelee.tagesanzeiger.ch
+		- www.stockys.tagesanzeiger.ch
+		- www.stromverbrauch.tagesanzeiger.ch
+		- www.sweethome.tagesanzeiger.ch
+		- www.tablet.tagesanzeiger.ch
+		- www.tagesschule.tagesanzeiger.ch
+		- www.tatort.tagesanzeiger.ch
+		- www.tbtf.tagesanzeiger.ch
+		- www.tvquoten.tagesanzeiger.ch
+		- www.ubs.tagesanzeiger.ch
+		- www.unfaelle.tagesanzeiger.ch
+		- www.usa.tagesanzeiger.ch
+		- www.veloquiz.tagesanzeiger.ch
+		- www.verteidigung.tagesanzeiger.ch
+		- www.wasser.tagesanzeiger.ch
+		- www.wegzug.tagesanzeiger.ch
+		- www.windpark.tagesanzeiger.ch
+		- www.wohnen.tagesanzeiger.ch
+		- www.zeitreise.tagesanzeiger.ch
+		- www.zeitung.tagesanzeiger.ch
+		- www.zkb.tagesanzeiger.ch
+		- www.zollfreilager.tagesanzeiger.ch
+		- www.zufuss.tagesanzeiger.ch
+		- www.zuwanderung.tagesanzeiger.ch
+		- www.zweitwohnungen.tagesanzeiger.ch
+
+	Chain incomplete:
+		- tda.tagesanzeiger.ch
+
+	Connection refused:
+		- boerse.tagesanzeiger.ch
+		- epaper2.tagesanzeiger.ch
+		- interaktiv.tagesanzeiger.ch
+		- jobs.tagesanzeiger.ch
+		- karten.tagesanzeiger.ch
+		- longform.tagesanzeiger.ch
+		- marktplatz.tagesanzeiger.ch
+		- seminare.tagesanzeiger.ch
+		- tippinho.tagesanzeiger.ch
+		- webspecial.tagesanzeiger.ch
+		- editor.webspecial.tagesanzeiger.ch
+		- weiterbildung.tagesanzeiger.ch
+
+	Self-Signed:
+		- politblog.tagesanzeiger.ch
+		- soundslides.tagesanzeiger.ch
+
+	Timeout:
+		- ipad.tagesanzeiger.ch
+		- m2.tagesanzeiger.ch
+		- paywall.mobile.tagesanzeiger.ch
+		- mobile2.tagesanzeiger.ch
+		- sc.tagesanzeiger.ch
+		- staging.tagesanzeiger.ch
+-->
+<ruleset name="tagesanzeiger.ch (partial)">
+
+	<target host="www.tagesanzeiger.ch"/>
+
+	<target host="1980.tagesanzeiger.ch"/>
+	<target host="9to5.tagesanzeiger.ch"/>
+	<target host="abo-igr.tagesanzeiger.ch" />
+	<target host="abo-prod.tagesanzeiger.ch" />
+	<target host="abo.tagesanzeiger.ch" />
+	<target host="abopage-mediafiles.tagesanzeiger.ch" />
+	<target host="adler.tagesanzeiger.ch"/>
+	<target host="advent.tagesanzeiger.ch"/>
+	<target host="applelive.tagesanzeiger.ch"/>
+	<target host="badi.tagesanzeiger.ch"/>
+	<target host="blog.tagesanzeiger.ch"/>
+	<target host="blog2.tagesanzeiger.ch"/>
+	<target host="booker.tagesanzeiger.ch"/>
+	<target host="boyle.tagesanzeiger.ch"/>
+	<target host="bwww.tagesanzeiger.ch"/>
+	<target host="byod.tagesanzeiger.ch"/>
+	<target host="cervelat.tagesanzeiger.ch"/>
+	<target host="copypaste.tagesanzeiger.ch"/>
+	<target host="cre-st-fe1.tagesanzeiger.ch"/>
+	<target host="cre-st-fe2.tagesanzeiger.ch"/>
+	<target host="cre.tagesanzeiger.ch" />
+	<target host="dada100.tagesanzeiger.ch"/>
+	<target host="damalsheute.tagesanzeiger.ch"/>
+	<target host="datenblog.tagesanzeiger.ch"/>
+	<target host="dermorgen.tagesanzeiger.ch"/>
+	<target host="digitalabo.tagesanzeiger.ch"/>
+	<target host="drehschiene.tagesanzeiger.ch"/>
+	<target host="eichmann.tagesanzeiger.ch"/>
+	<target host="eisfeld.tagesanzeiger.ch"/>
+	<target host="eisig.tagesanzeiger.ch"/>
+	<target host="eisklettern.tagesanzeiger.ch"/>
+	<target host="eload.tagesanzeiger.ch"/>
+	<target host="em-bars.tagesanzeiger.ch"/>
+	<target host="epaper.tagesanzeiger.ch" />
+	<target host="essrechner.tagesanzeiger.ch" />
+	<target host="fankarte.tagesanzeiger.ch"/>
+	<target host="fatah.tagesanzeiger.ch"/>
+	<target host="feuerwerk.tagesanzeiger.ch"/>
+	<target host="fragen.tagesanzeiger.ch"/>
+	<target host="fresken.tagesanzeiger.ch"/>
+	<target host="geldblog.tagesanzeiger.ch"/>
+	<target host="generationy.tagesanzeiger.ch"/>
+	<target host="globus.tagesanzeiger.ch"/>
+	<target host="grabung.tagesanzeiger.ch" />
+	<target host="gripen.tagesanzeiger.ch"/>
+	<target host="gymiquiz.tagesanzeiger.ch"/>
+	<target host="heirat.tagesanzeiger.ch"/>
+	<target host="horror.tagesanzeiger.ch"/>
+	<target host="httpheidenheimwww.tagesanzeiger.ch"/>
+	<target host="imhuus.tagesanzeiger.ch"/>
+	<target host="insightness.tagesanzeiger.ch"/>
+	<target host="iwww.tagesanzeiger.ch"/>
+	<target host="jelmoli.tagesanzeiger.ch"/>
+	<target host="kakteen.tagesanzeiger.ch"/>
+	<target host="karl.tagesanzeiger.ch"/>
+	<target host="kattarshians.tagesanzeiger.ch"/>
+	<target host="kreuzwortraetsel.tagesanzeiger.ch"/>
+	<target host="kunst.tagesanzeiger.ch"/>
+	<target host="leer.tagesanzeiger.ch"/>
+	<target host="leichtathletik.tagesanzeiger.ch"/>
+	<target host="lichtbild.tagesanzeiger.ch"/>
+	<target host="lift.tagesanzeiger.ch"/>
+	<target host="listen.tagesanzeiger.ch"/>
+	<target host="m.tagesanzeiger.ch"/>
+	<target host="manegg.tagesanzeiger.ch" />
+	<target host="marines.tagesanzeiger.ch" />
+	<target host="meersprung.tagesanzeiger.ch" />
+	<target host="meintagi.tagesanzeiger.ch" />
+	<target host="meisterwerk.tagesanzeiger.ch" />
+	<target host="modus.tagesanzeiger.ch" />
+	<target host="museum.tagesanzeiger.ch" />
+	<target host="newdc.tagesanzeiger.ch" />
+	<target host="newsletter.tagesanzeiger.ch" />
+	<target host="online.tagesanzeiger.ch" />
+	<target host="panama-papers.tagesanzeiger.ch" />
+	<target host="patentrezepte.tagesanzeiger.ch" />
+	<target host="perlen.tagesanzeiger.ch" />
+	<target host="pop.tagesanzeiger.ch" />
+	<target host="poststellen.tagesanzeiger.ch" />
+	<target host="preisvergleich.tagesanzeiger.ch" />
+	<target host="probeabo.tagesanzeiger.ch" />
+	<target host="quiz.tagesanzeiger.ch" />
+	<target host="rec.tda.tagesanzeiger.ch" />
+	<target host="rechtundkonsum.tagesanzeiger.ch" />
+	<target host="regionenrating.tagesanzeiger.ch" />
+	<target host="rist.tagesanzeiger.ch" />
+	<target host="rollband.tagesanzeiger.ch" />
+	<target host="rundgang.tagesanzeiger.ch" />
+	<target host="saudiarabienwww.tagesanzeiger.ch" />
+	<target host="schraube.tagesanzeiger.ch" />
+	<target host="schrauben.tagesanzeiger.ch" />
+	<target host="selectionsupport.tagesanzeiger.ch" />
+	<target host="sex.tagesanzeiger.ch" />
+	<target host="sexumfrage.tagesanzeiger.ch" />
+	<target host="shanghigh.tagesanzeiger.ch" />
+	<target host="shaw.tagesanzeiger.ch" />
+	<target host="silvesterlauf.tagesanzeiger.ch" />
+	<target host="smartvote.tagesanzeiger.ch" />
+	<target host="solarimpulse.tagesanzeiger.ch" />
+	<target host="spitaeler.tagesanzeiger.ch" />
+	<target host="sprachatlas.tagesanzeiger.ch" />
+	<target host="stadtgeschichten.tagesanzeiger.ch" />
+	<target host="stamm.tagesanzeiger.ch" />
+	<target host="sterne.tagesanzeiger.ch" />
+	<target host="stokys.tagesanzeiger.ch" />
+	<target host="strassenhunde.tagesanzeiger.ch" />
+	<target host="stromverbrauch.tagesanzeiger.ch" />
+	<target host="suisis.tagesanzeiger.ch" />
+	<target host="tarife.tagesanzeiger.ch" />
+	<target host="tifliszoom.tagesanzeiger.ch" />
+	<target host="tools.tagesanzeiger.ch" />
+	<target host="torgala.tagesanzeiger.ch" />
+	<target host="track-dev.tagesanzeiger.ch" />
+	<target host="track-igr.tagesanzeiger.ch" />
+	<target host="track.tagesanzeiger.ch" />
+	<target host="tracking.tagesanzeiger.ch" />
+	<target host="tram.tagesanzeiger.ch" />
+	<target host="triemli.tagesanzeiger.ch" />
+	<target host="trumpchat-en.tagesanzeiger.ch" />
+	<target host="umfrage.tagesanzeiger.ch" />
+	<target host="untote.tagesanzeiger.ch" />
+	<target host="veloquiz.tagesanzeiger.ch" />
+	<target host="verlag.tagesanzeiger.ch" />
+	<target host="vonkopfbisfuss.tagesanzeiger.ch" />
+	<target host="wada-bericht.tagesanzeiger.ch" />
+	<target host="wahlen.tagesanzeiger.ch" />
+	<target host="warnapp.tagesanzeiger.ch" />
+	<target host="websuche.tagesanzeiger.ch" />
+	<target host="westumfahrung.tagesanzeiger.ch" />
+	<target host="wiki.tagesanzeiger.ch" />
+	<target host="wochenschau.tagesanzeiger.ch" />
+	<target host="ww.tagesanzeiger.ch" />
+	<target host="wwwt.tagesanzeiger.ch" />
+	<target host="wwww.tagesanzeiger.ch" />
+	<target host="wwwww.tagesanzeiger.ch" />
+	<target host="zalando.tagesanzeiger.ch" />
+	<target host="zomm.tagesanzeiger.ch" />
+	<target host="zoom.tagesanzeiger.ch" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Tagesspiegel.de.xml b/src/chrome/content/rules/Tagesspiegel.de.xml
new file mode 100644
index 000000000000..cc37ad658d78
--- /dev/null
+++ b/src/chrome/content/rules/Tagesspiegel.de.xml
@@ -0,0 +1,79 @@
+<!--
+	Mismatch:
+		anzeigenportal.tagesspiegel.de
+-->
+<ruleset name="Tagesspiegel.de (partial)">
+
+	<target host="tagesspiegel.de" />
+	<target host="www.tagesspiegel.de" />
+	<target host="1928.tagesspiegel.de" />
+	<target host="390gramm.tagesspiegel.de" />
+	<target host="abo.tagesspiegel.de" />
+	<target host="aboservice.tagesspiegel.de" />
+	<target host="access.tagesspiegel.de" />
+	<target host="adfrend.tagesspiegel.de" />
+	<target host="adlershof.tagesspiegel.de" />
+	<target host="anzeigen.tagesspiegel.de" />
+	<target host="anzeigeneingabe.tagesspiegel.de" />
+	<target host="anzeigenmarkt.tagesspiegel.de" />
+	<target host="anzeigenpreise.tagesspiegel.de" />
+	<target host="www.anzeigenpreise.tagesspiegel.de" />
+	<target host="apps.tagesspiegel.de" />
+	<target host="auktion.tagesspiegel.de" />
+	<target host="background.tagesspiegel.de" />
+	<target host="beilagen.tagesspiegel.de" />
+	<target host="blutgraetsche.tagesspiegel.de" />
+	<target host="brand.tagesspiegel.de" />
+	<target host="www.brand.tagesspiegel.de" />
+	<target host="causa.tagesspiegel.de" />
+	<target host="ccs.tagesspiegel.de" />
+	<target host="checkpoint.tagesspiegel.de" />
+	<target host="data.tagesspiegel.de" />
+	<target host="digitalpresent.tagesspiegel.de" />
+	<target host="ehrensache.tagesspiegel.de" />
+	<target host="epaper.tagesspiegel.de" />
+	<target host="fieldtrip.tagesspiegel.de" />
+	<target host="golf.tagesspiegel.de" />
+	<target host="gutscheine.tagesspiegel.de" />
+	<target host="hausnummern.tagesspiegel.de" />
+	<target host="hugo.tagesspiegel.de" />
+	<target host="ifa.tagesspiegel.de" />
+	<target host="italien.tagesspiegel.de" />
+	<target host="jobs.tagesspiegel.de" />
+	<target host="karriere.tagesspiegel.de" />
+	<target host="leserreisen.tagesspiegel.de" />
+	<target host="leute.tagesspiegel.de" />
+	<target host="mahjong.tagesspiegel.de" />
+	<target host="malwettbewerb.tagesspiegel.de" />
+	<target host="mein.tagesspiegel.de" />
+	<target host="nl.tagesspiegel.de" />
+	<target host="ostern.tagesspiegel.de" />
+	<target host="queer.tagesspiegel.de" />
+	<target host="reiseauktion.tagesspiegel.de" />
+	<target host="reisen.tagesspiegel.de" />
+	<target host="service.tagesspiegel.de" />
+	<target host="shop.tagesspiegel.de" />
+	<target host="smartmagazines.tagesspiegel.de" />
+	<target host="sonderthemen.tagesspiegel.de" />
+	<target host="specials.tagesspiegel.de" />
+	<target host="sudoku.tagesspiegel.de" />
+	<target host="tippspiel.tagesspiegel.de" />
+	<target host="trauer.tagesspiegel.de" />
+	<target host="urban-running.tagesspiegel.de" />
+	<target host="veranstaltungen.tagesspiegel.de" />
+	<target host="verbraucher.tagesspiegel.de" />
+	<target host="vergleich.tagesspiegel.de" />
+	<target host="verkehrsluecken.tagesspiegel.de" />
+	<target host="verlagsjobs.tagesspiegel.de" />
+	<target host="versicherungsvergleich.tagesspiegel.de" />
+	<target host="video.tagesspiegel.de" />
+	<target host="wahl.tagesspiegel.de" />
+	<target host="weihnachten.tagesspiegel.de" />
+	<target host="wetter.tagesspiegel.de" />
+	<target host="wieklingtberlin.tagesspiegel.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Tagged.com.xml b/src/chrome/content/rules/Tagged.com.xml
new file mode 100644
index 000000000000..d5d1c80a47e0
--- /dev/null
+++ b/src/chrome/content/rules/Tagged.com.xml
@@ -0,0 +1,43 @@
+<!--
+	Fully covered hosts in *tagged.com:
+
+		- (www.)?
+		- secure
+		- secure-static
+		- support
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .tagged.com
+		- support.tagged.com
+
+
+	Mixed content:
+
+		- Bug on www from ad.doubleclick.net
+
+-->
+<ruleset name="Tagged.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="tagged.com" />
+	<target host="secure.tagged.com" />
+	<target host="secure-static.tagged.com" />
+	<target host="support.tagged.com" />
+	<target host="www.tagged.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.tagged\.com$" name="^__qca$" /-->
+	<!--securecookie host="^support\.tagged\.com$" name="^(_help_center_session|_zendesk_shared_session)$" /-->
+
+	<securecookie host="^(?:support)?\.tagged\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Tahina.priv.at.xml b/src/chrome/content/rules/Tahina.priv.at.xml
new file mode 100644
index 000000000000..2449d09ad580
--- /dev/null
+++ b/src/chrome/content/rules/Tahina.priv.at.xml
@@ -0,0 +1,14 @@
+<!--
+	Non-functional hosts
+		Incomplete certificate chain error:
+		- mail.tahina.priv.at
+
+		Status code mismatch:
+		- hs27.tahina.priv.at
+-->
+<ruleset name="Tahina.priv.at (partial)">
+	<target host="www.tahina.priv.at" />
+	<target host="le.tahina.priv.at" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Tahoe-LAFS.xml b/src/chrome/content/rules/Tahoe-LAFS.xml
index 6ed35496d3ab..6b8279f2400c 100644
--- a/src/chrome/content/rules/Tahoe-LAFS.xml
+++ b/src/chrome/content/rules/Tahoe-LAFS.xml
@@ -1,15 +1,27 @@
 <!--
-	Cert only matches ^tahoe-lafs.org
+	Insecure cookies are set for these hosts:
+
+		- tahoe-lafs.org
+		- www.tahoe-lafs.org
 
 -->
-<ruleset name="Tahoe-LAFS">
+<ruleset name="Tahoe-LAFS.org">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="tahoe-lafs.org"/>
 	<target host="www.tahoe-lafs.org"/>
 
-	<rule from="^http://(www\.)?tahoe-lafs\.org/"
-		to="https://tahoe-lafs.org/"/>
 
-	<securecookie host="^tahoe-lafs\.org$" name=".*"/>
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?tahoe-lafs\.org$" name="^(trac_form_token|trac_session)$" /-->
+
+	<securecookie host="^(?:www\.)?tahoe-lafs\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
 
 </ruleset>
diff --git a/src/chrome/content/rules/Taiga.io.xml b/src/chrome/content/rules/Taiga.io.xml
new file mode 100644
index 000000000000..3a769c023669
--- /dev/null
+++ b/src/chrome/content/rules/Taiga.io.xml
@@ -0,0 +1,10 @@
+<ruleset name="Taiga.io">
+
+	<target host="taiga.io" />
+	<target host="tree.taiga.io" />
+	<target host="www.taiga.io" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Tailgaters_Parking.com.xml b/src/chrome/content/rules/Tailgaters_Parking.com.xml
index 29719cb595a0..7f86b90855a5 100644
--- a/src/chrome/content/rules/Tailgaters_Parking.com.xml
+++ b/src/chrome/content/rules/Tailgaters_Parking.com.xml
@@ -1,13 +1,12 @@
 <ruleset name="Tailgaters Parking.com">
 
 	<target host="tailgatersparking.com" />
-	<target host="*.tailgatersparking.com" />
+	<target host="www.tailgatersparking.com" />
 
 
 	<securecookie host="^(?:w*\.)?tailgatersparking\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?tailgatersparking\.com/"
-		to="https://$1tailgatersparking.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Tailor-Made-Answers.xml b/src/chrome/content/rules/Tailor-Made-Answers.xml
index 126b71d3f819..47f560ce0bc7 100644
--- a/src/chrome/content/rules/Tailor-Made-Answers.xml
+++ b/src/chrome/content/rules/Tailor-Made-Answers.xml
@@ -8,7 +8,6 @@
 	<target host="www.tailormadeanswers.com"/>
 
 	<!--	cert !valid for !www	-->
-	<rule from="^http://(?:www\.)?tailormadeanswers\.com/"
-		to="https://tailormadeanswers.com/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Taimiah.org.xml b/src/chrome/content/rules/Taimiah.org.xml
new file mode 100644
index 000000000000..748509161e9b
--- /dev/null
+++ b/src/chrome/content/rules/Taimiah.org.xml
@@ -0,0 +1,14 @@
+<ruleset name="Taimiah.org">
+	<target host="taimiah.org" />
+	<target host="www.taimiah.org" />
+	<target host="halakat.taimiah.org" />
+	<target host="library.taimiah.org" />
+	<target host="libraryold.taimiah.org" />
+	<target host="mosabaqat.taimiah.org" />
+	<target host="tadrib.taimiah.org" />
+	<target host="webmail.taimiah.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Take_Control_Ebooks.xml b/src/chrome/content/rules/Take_Control_Ebooks.xml
index 6ff7635ae240..106b3610e93a 100644
--- a/src/chrome/content/rules/Take_Control_Ebooks.xml
+++ b/src/chrome/content/rules/Take_Control_Ebooks.xml
@@ -1,13 +1,12 @@
 <ruleset name="Take Control Ebooks">
 
 	<target host="takecontrolbooks.com" />
-	<target host="*.takecontrolbooks.com" />
+	<target host="www.takecontrolbooks.com" />
 
 
-	<securecookie host="^(?:.*\.)?takecontrolbooks\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(www\.)?takecontrolbooks\.com/"
-		to="https://$1takecontrolbooks.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Takeaway.com.xml b/src/chrome/content/rules/Takeaway.com.xml
index f65cdbd14f01..6fa87ded8663 100644
--- a/src/chrome/content/rules/Takeaway.com.xml
+++ b/src/chrome/content/rules/Takeaway.com.xml
@@ -2,6 +2,7 @@
 	Other Takeaway.com rulesets:
 
 		- Pizza.fr.xml
+		- Thuisbezorgd.nl.xml
 
 -->
 <ruleset name="Takeaway.com">
@@ -13,7 +14,6 @@
 	<securecookie host="^(?:www\.)?takeaway\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?takeaway\.com/"
-		to="https://$1takeaway.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Takuu-Saatio.xml b/src/chrome/content/rules/Takuu-Saatio.xml
deleted file mode 100644
index 395be7a450a4..000000000000
--- a/src/chrome/content/rules/Takuu-Saatio.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-Problematic:
-	- (www.)takuu-saatio.fi		(cert matches *.directo.fi)
--->
-<ruleset name="Takuu-S&#228;&#228;ti&#246;">
-	<target host="takuu-saatio.fi"/>
-	<target host="www.takuu-saatio.fi"/>
-	<target host="takuu--saatio-fi.directo.fi"/>
-
-	<rule from="^http://(?:www\.)?takuu-saatio\.fi/"
-		to="https://takuu--saatio-fi.directo.fi/"/>
-
-	<rule from="^http://takuu--saatio-fi\.directo\.fi/"
-		to="https://takuu--saatio-fi.directo.fi/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/Takw.in.xml b/src/chrome/content/rules/Takw.in.xml
new file mode 100644
index 000000000000..e121fdd237b8
--- /dev/null
+++ b/src/chrome/content/rules/Takw.in.xml
@@ -0,0 +1,8 @@
+<ruleset name="Takw.in">
+	<target host="takw.in" />
+	<target host="www.takw.in" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Tal.de.xml b/src/chrome/content/rules/Tal.de.xml
index ad7e908ccdb6..02cfaf4bd549 100644
--- a/src/chrome/content/rules/Tal.de.xml
+++ b/src/chrome/content/rules/Tal.de.xml
@@ -2,7 +2,7 @@
   <target host="tal.de" />
   <target host="*.tal.de" />
 
-  <securecookie host="^(api|backup|mysql\d\d|service|webmail|winbackup|xvp)\.tal\.de$" name=".+" />
+  <securecookie host="^(?:api|backup|mysql\d\d|service|webmail|winbackup|xvp)\.tal\.de$" name=".+" />
 
   <rule from="^http://(api|backup|mysql\d\d|service|webmail|winbackup|xvp)\.tal\.de/" to="https://$1.tal.de/" />
 </ruleset>
diff --git a/src/chrome/content/rules/Talaqqi.org.xml b/src/chrome/content/rules/Talaqqi.org.xml
new file mode 100644
index 000000000000..a40e324f4aec
--- /dev/null
+++ b/src/chrome/content/rules/Talaqqi.org.xml
@@ -0,0 +1,10 @@
+<!--
+	Invalid Certificate:
+		support.talaqqi.org
+-->
+<ruleset name="Talaqqi.org">
+	<target host="talaqqi.org" />
+	<target host="www.talaqqi.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Talemetry.com-problematic.xml b/src/chrome/content/rules/Talemetry.com-problematic.xml
deleted file mode 100644
index ff3e96bc7893..000000000000
--- a/src/chrome/content/rules/Talemetry.com-problematic.xml
+++ /dev/null
@@ -1,30 +0,0 @@
-<!--
-	For rules that are on by default, see Talemetry.com.xml.
-
--->
-<ruleset name="Talemetry.com (problematic)" default_off="self-signed">
-
-	<target host="talemetry.com" />
-	<target host="*.talemetry.com" />
-	<target host="talemetrytoday.com" />
-	<target host="www.talemetrytoday.com" />
-	<target host="talenttech.com" />
-	<target host="www.talenttech.com" />
-
-
-	<!--securecookie host="^\.talemetry\.com$" name="^(_mkto_trk|_s|__utm\w)$" /-->
-	<!--securecookie host="^\.talemetrytoday\.com$" name="^(_mkto_trk|__qca|__utm\w)$" /-->
-	<securecookie host="^\.talemetry(?:today)?\.com$" name=".+" />
-
-
-	<!--	Both appear identical:
-					-->
-	<rule from="^http://(?:www\.)?tale(?:metry|nttech)\.com/"
-		to="https://talemetry.com/" />
-
-	<rule from="^http://(?:www\.)?talemetrytoday\.com/"
-		to="https://www.talemetrytoday.com/" />
-
-</ruleset>
-
-	
\ No newline at end of file
diff --git a/src/chrome/content/rules/Talemetry.com.xml b/src/chrome/content/rules/Talemetry.com.xml
index aaf25b437a07..c17ccd04de35 100644
--- a/src/chrome/content/rules/Talemetry.com.xml
+++ b/src/chrome/content/rules/Talemetry.com.xml
@@ -1,54 +1,55 @@
 <!--
-	For problematic rules, see Talemtry.com-problematic.xml.
-
-
 	CDN buckets:
 
 		- talenttech.mktoweb.com
 
-			- ttc.talenttech.com
 
+	Nonfunctional domains:
 
-	Problematic domains:
+		- (www.)?talemetry.com ʰ
+		- (www.)?talenttech.com ᵈ
+		- ttc.talenttech.com ʳ
 
-		- (www.)talemetry.com *
-		- (www.)talemetrytoday.com *
-		- (www.)talenttech.com *
-		- ttc.talenttech.com	(redirects to app-k.marketo.com)
+	ᵈ Dropped
+	ʰ WPEngine / Redirects to http
+	ʳ Refused
 
-	* Works; self-signed, CN: Parallels Panel
 
+	Problematic hosts in *talemetry.com:
 
-	Partially covered domains:
+		- careers ᵐ
 
-		- ttc.talenttech.com	(→ na-k.marketo.com)
+	ᵐ Mismatched
 
 
-	Fully covered domains:
+	Insecure cookies are set for these domains:
 
-		- careers.talemetry.com
+		- .talemetry.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
 
 
 	Mixed content:
 
+		- css on careers from fonts.googleapis.com ˢ
 		- Web bugs on careers from stats.ttccareerportal.com
 
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
 -->
 <ruleset name="Talemetry.com (partial)">
 
-	<target host="careers.talemetry.com" />
-	<target host="*.careers.talemetry.com" />
 	<target host="login.talemetry.com" />
-	<target host="ttc.talenttech.com" />
 
 
-	<securecookie host="^(?:\.careers|login)\.talemetry\.com$" name=".+" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.talemetry\.com$" name="^(?:_m_s|_s|ts?id)$" /-->
 
+	<securecookie host="^\w" name=".+" />
 
-	<rule from="^http://(careers|login)\.talemetry\.com/"
-		to="https://$1.talemetry.com/" />
 
-	<rule from="^http://ttc\.talenttech\.com/(cs|image|j|r)s/"
-		to="https://na-k.marketo.com/$1s/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/TalentSmart.com.xml b/src/chrome/content/rules/TalentSmart.com.xml
new file mode 100644
index 000000000000..2839ce65f4ed
--- /dev/null
+++ b/src/chrome/content/rules/TalentSmart.com.xml
@@ -0,0 +1,19 @@
+<ruleset name="TalentSmart.com (partial)">
+
+	<target host="talentsmart.com" />
+	<target host="www.talentsmart.com" />
+		<!--
+			Redirects to http:
+
+			(plaintext password, full name, address, tel #, ref #...)
+										-->
+		<!--exclusion pattern="^http://www\.talentsmart\.com/($|contact-us/$|me/welcome\.php|meadminv2/verify\.php|meadminv2/survey$|member/access-assessments\.php|products/view-cart\.php|refined/$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.talentsmart\.com/+(?!css/|eia360(?:$|[?/])|eiqb2/|favicon\.ico|images/|member(?:/*$|/*\?|/+(?:login|passretr|register)\.php)|mev2/|mrv2/refined/+(?:admin|passretr)\.php)" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Talentopoly.com.xml b/src/chrome/content/rules/Talentopoly.com.xml
new file mode 100644
index 000000000000..2b33cf6b2584
--- /dev/null
+++ b/src/chrome/content/rules/Talentopoly.com.xml
@@ -0,0 +1,17 @@
+<!--
+	Nonfunctional subdomains:
+
+		- podcast *
+
+	* Tumblr
+
+-->
+<ruleset name="Talentopoly.com (partial)">
+
+	<target host="talentopoly.com" />
+	<target host="www.talentopoly.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Taleo.net.xml b/src/chrome/content/rules/Taleo.net.xml
new file mode 100644
index 000000000000..90b443600f31
--- /dev/null
+++ b/src/chrome/content/rules/Taleo.net.xml
@@ -0,0 +1,64 @@
+<!--
+	For other Oracle coverage, see Oracle.xml.
+
+
+	Fully covered subdomains:
+
+		- nestleusa
+		- oracle
+
+		- *.tbe: ¹
+
+			- ch
+			- chj
+			- staticchj
+
+	¹ Domain for clients
+
+
+	!functional:
+		- www.taleo.net			(cert: acquia-sites.com; redirect to http://...com; same cert is valid for .com)
+
+
+	Insecure cookies are set for these hosts:
+
+		- nestleusa.taleo.net
+		- oracle.taleo.net
+
+-->
+<ruleset name="Taleo.net (partial)">
+
+	<!--target host="taleo.net"/-->
+	<target host="nestleusa.taleo.net" />
+	<target host="oracle.taleo.net"/>
+	<target host="tbe.taleo.net"/>
+	<target host="*.tbe.taleo.net"/>
+	<target host="toc.taleo.net"/>
+	<!--target host="www.taleo.net" /-->
+
+		<!--test url="http://kenthrbc.taleo.net/careersection/external/jobsearch.ftl?lang=" /-->
+		<test url="http://nestleusa.taleo.net/careersection/9/jobdetail.ftl?job=" />
+		<test url="http://chj.tbe.taleo.net/chj06/ats/careers/searchResults.jsp" />
+		<test url="http://oracle.taleo.net/careersection/2/jobsearch.ftl" />
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^nestleusa\.taleo\.net$" name="^locale$" /-->
+	<!--securecookie host="^oracle\.taleo\.net$" name="^locale$" /-->
+
+	<!--	encountered cookies:
+
+			- .net:
+				- ^tbe
+				- ^staticiad.tbe	-->
+	<securecookie host="^(?:oracle|(?:.+\.)?tbe)\.taleo\.net$" name=".+" />
+
+
+	<!--	cert is not valid for net	-->
+	<!--rule from="^http://(?:www\.)?taleo\.(?:com|net)/"
+		to="https://www.taleo.com/"/-->
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Taleo.xml b/src/chrome/content/rules/Taleo.xml
index 9a89a13b1ef6..1f220f058827 100644
--- a/src/chrome/content/rules/Taleo.xml
+++ b/src/chrome/content/rules/Taleo.xml
@@ -1,46 +1,37 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://taleo.com/ => https://www.oracle.com/us/products/applications/taleo/overview/index.html: Too many redirects while fetching 'https://www.oracle.com/us/products/applications/taleo/overview/index.html'
+Fetch error: http://www.taleo.com/ => https://www.oracle.com/us/products/applications/taleo/overview/index.html: Too many redirects while fetching 'https://www.oracle.com/us/products/applications/taleo/overview/index.html'
+
+	For other Oracle coverage, see Oracle.xml.
+
+
 	!functional:
-		- www.taleo.net			(cert: acquia-sites.com; redirect to http://...com; same cert is valid for .com)
+		- knowledgeexchange.taleo.com	(Dropped)
 		- www.taleobusinessedition.com	(timeout)
 
--->
-<ruleset name="Taleo (partial)" platform="mixedcontent">
-
-	<target host="taleo.com"/>
-	<target host="*.taleo.com"/>
-	<target host="taleo.net"/>
-	<target host="*.taleo.net"/>
-	<target host="*.tbe.taleo.net"/>
 
+	(www.)?taleo.com: Redirects to http
 
-	<!--	encountered cookies:
-			- .com:
-				- ^www
-			- .net:
-				- ^tbe
-				- ^staticiad.tbe	-->
-	<securecookie host="^www\.taleo\.com$" name=".*"/>
-	<securecookie host="^(?:.+\.)?tbe\.taleo\.net$" name=".+" />
+-->
+<ruleset name="Taleo.com (partial)" default_off="failed ruleset test">
 
+	<target host="taleo.com"/>
+	<target host="www.taleo.com"/>
 
-	<!--	cert is not valid for www nor net	-->
-	<rule from="^http://(?:www\.)?taleo\.(?:com|net)/"
-		to="https://www.taleo.com/"/>
 
-	<!--	domain for clients
+	<!--securecookie host="^www\.taleo\.com$" name=".*"/-->
 
-		Observed subdomains:
 
-			- ch
-			- staticiad
-			- staticord
-					-->
-	<rule from="^http://(\w+\.)?tbe\.taleo\.net/"
-		to="https://$1tbe.taleo.net/"/>
+	<!--	Redirect drops path and args:
+						-->
+	<rule from="^http://(?:www\.)?taleo\.com/$"
+		to="https://www.oracle.com/us/products/applications/taleo/overview/index.html" />
 
 	<!--	times out over https.  This redirection
 		is what the server does, aside from https.	-->
-	<rule from="^http://(?:www\.)?taleobusinessedition\.com/"
-		to="https://www.taleo.com/solutions/taleo-business-edition"/>
+	<!--rule from="^http://(?:www\.)?taleobusinessedition\.com/"
+		to="https://www.taleo.com/solutions/taleo-business-edition"/-->
 
 </ruleset>
diff --git a/src/chrome/content/rules/Talgov.com.xml b/src/chrome/content/rules/Talgov.com.xml
new file mode 100644
index 000000000000..a9d58c8594d5
--- /dev/null
+++ b/src/chrome/content/rules/Talgov.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- talgov.com
+		- www.talgov.com
+
+-->
+<ruleset name="Talgov.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="talgov.com" />
+	<target host="www.talgov.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?talgov\.com$" name="^(?:ASP\.NET_SessionId|BlueStripe\.PVN|CPAUDIENCEID_\w+)$" /-->
+
+	<securecookie host="^(?:www\.)?talgov\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Talk-Active-mismatches.xml b/src/chrome/content/rules/Talk-Active-mismatches.xml
index 5bb35334187a..b77925b0d422 100644
--- a/src/chrome/content/rules/Talk-Active-mismatches.xml
+++ b/src/chrome/content/rules/Talk-Active-mismatches.xml
@@ -11,13 +11,13 @@
 	<target host="www.web10.dk" />
 
 
-	<securecookie host="^web10\.dk$" name=".*" />
+	<securecookie host="^web10\.dk$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?talkactive\.net/"
+	<rule from="^http://(?:www\.)?talkactive\.net/"
 		to="https://talkactive.net/" />
 
-	<rule from="^https?://(?:www\.)?web10\.dk/"
+	<rule from="^http://(?:www\.)?web10\.dk/"
 		to="https://web10.dk/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Talk-Active.xml b/src/chrome/content/rules/Talk-Active.xml
deleted file mode 100644
index 383a4e7b643b..000000000000
--- a/src/chrome/content/rules/Talk-Active.xml
+++ /dev/null
@@ -1,35 +0,0 @@
-<!--
-	For problematic rules, see Talk-Active-mismatches.xml.
-
-
-	Nonfunctional domains:
-
-		- web10.net:
-
-			- de		(cert: web12.talkactive.net, self-signed;
-					shows CloudLinux test page)
-			- fi		(ditto)
-			- uk		(ditto)
-
-		- (www.)web10.nl	(ditto)
-		- (www.)web10.nu	(ditto)
-		- (www.)web10.se	(ditto)
-
-
-	Problematic subdomains:
-
-		- (www.)	(works, expired, mismatched, self-signed)
-
--->
-<ruleset name="Talk Active (partial)">
-
-	<target host="*.talkactive.net" />
-
-
-	<securecookie host="^webmail\.talkactive\.net$" name=".*" />
-
-
-	<rule from="^http://web(12|mail)\.talkactive\.net/"
-		to="https://web$1.talkactive.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/TalkTalk-Labs.com.xml b/src/chrome/content/rules/TalkTalk-Labs.com.xml
new file mode 100644
index 000000000000..3544bc463622
--- /dev/null
+++ b/src/chrome/content/rules/TalkTalk-Labs.com.xml
@@ -0,0 +1,17 @@
+<!--
+	For other TalkTalk coverage, see TalkTalk.xml.
+
+
+	^: cert only matches www
+
+-->
+<ruleset name="TalkTalk-Labs.com" default_off="503">
+
+	<target host="talktalk-labs.com" />
+	<target host="www.talktalk-labs.com" />
+
+
+	<rule from="^http://(?:www\.)?talktalk-labs\.com/"
+		to="https://www.talktalk-labs.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TalkTalk-mismatches.xml b/src/chrome/content/rules/TalkTalk-mismatches.xml
index 5bef097df172..f6fe0287b531 100644
--- a/src/chrome/content/rules/TalkTalk-mismatches.xml
+++ b/src/chrome/content/rules/TalkTalk-mismatches.xml
@@ -1,9 +1,9 @@
-<ruleset name="TalkTalk (mismatches)" default_off="mismatch">
+<ruleset name="TalkTalk (mismatches)" default_off="mismatched">
 
 	<target host="talktalktechnology.com"/>
 	<target host="www.talktalktechnology.com"/>
 
-	<securecookie host="^(.*\.)?talktalktechnology\.com$" name=".*"/>
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http://(?:www\.)?talktalktechnology\.com/"
 		to="https://www.talktalktechnology.com/"/>
diff --git a/src/chrome/content/rules/TalkTalk.xml b/src/chrome/content/rules/TalkTalk.xml
index 7b09ef1f4bf5..b8d3e3069f63 100644
--- a/src/chrome/content/rules/TalkTalk.xml
+++ b/src/chrome/content/rules/TalkTalk.xml
@@ -1,33 +1,39 @@
+
 <!--
-	Nonfunctional:
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://talktalk.co.uk/ (200) => https://talktalk.co.uk/ (400)
+Fetch error: http://help.talktalk.co.uk/ => https://help.talktalk.co.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'help.talktalk.co.uk'")
+Fetch error: http://my.talktalk.co.uk/ => https://my.talktalk.co.uk/: (7, 'Failed to connect to my.talktalk.co.uk port 443: Connection refused')
+
+	Other TalkTalk rulesets:
 
-		- pipex.net		(redirects to talktalkbusiness.co.uk)
-		- error.talktalk.co.uk	(dropped)
-		- mobile.talktalk.co.uk	(redirects to secure-mobiles.com; mismatched, CN: *.secure-mobiles.com)
+		- Nildram.net.xml
+		- TTxm.co.uk.xml
+		- TalkTalk_Business.co.uk.xml
+		- TalkTalk-Labs.com.xml
 
 
-	Problematic domains:
+	Nonfunctional hosts in *talktalk.co.uk:
 
-		- careers.talktalk.co.uk	(works, CN: Parallels Panel)
-		- webmail.talktalk.co.uk	(dropped)
+		- error ¹
+		- mobile ²
 
+	¹ Dropped
+	² Redirects to secure-mobiles.com; mismatched, CN: *.secure-mobiles.com
 
-	Partially covered subdomains:
 
-		- webmail	(→ www, [^?/]+ 404s)
+	Problematic hosts in *talktalk.co.uk:
 
+		- careers *
 
-	Fully covered domains:
+	* CN: Parallels Panel
 
-		- talktalk.co.uk subdomains:
 
-			- (www.)	(^ → www)
-			- help
-			- help2
-			- my
-			- myaccount
-			- sales
-			- sso
+	Insecure cookies are set for these domains and hosts:
+
+		- .talktalk.co.uk
+		- sales.talktalk.co.uk
+		- www.talktalk.co.uk
 
 
 	Mixed content:
@@ -41,7 +47,7 @@
 			- help2.talktalk.co.uk from m\d.ttxm.co.uk *
 			- www.talktalk.co.uk from m\d.ttxm.co.uk *
 
-		- Web bugs, on www.talktalk.co.uk from:
+		- Bugs, on www.talktalk.co.uk from:
 
 			- fls.doubleclick.net *
 			- b.scorecardresearch.com *
@@ -49,51 +55,34 @@
 
 	* Secured by us
 
-
-	Observed cookie domains:
-
-		- .talktalk.co.uk
-		- community.talktalk.co.uk
-		- my.talktalk.co.uk
-
 -->
-<ruleset name="TalkTalk (partial)">
-
-	<target host="secure.nildram.net"/>
-	<target host="talktalk.co.uk"/>
-	<target host="*.talktalk.co.uk"/>
-	<target host="talktalkbusiness.co.uk"/>
-	<target host="*.talktalkbusiness.co.uk"/>
-	<target host="*.ttxm.co.uk"/>
-	<target host="tiscali.co.uk"/>
-	<target host="*.tiscali.co.uk"/>
-
-	<securecookie host="^(.*\.)?talktalk\.co\.uk$" name=".*"/>
-	<securecookie host="^billing\.mytalktalkbusiness\.co\.uk$" name=".*"/>
-
-	<rule from="^http://secure\.nildram\.net/"
-		to="https://secure.nildram.net/"/>
-
-	<rule from="^https?://(?:www\.)?t(?:alktalk|iscali)\.co\.uk/"
-		to="https://www.talktalk.co.uk/"/>
-
-	<rule from="^http://(community|help2?|my|myaccount|sales|sso)\.talktalk\.co\.uk/"
-		to="https://$1.talktalk.co.uk/"/>
-
-	<rule from="^http://webmail\.talktalk\.co\.uk/+(?:\?.*)$"
-		to="https://www.talktalk.co.uk/mail/?from=aol" />
-
-	<rule from="^http://billing\.mytalktalkbusiness\.co\.uk/"
-		to="https://billing.mytalktalkbusiness.co.uk/"/>
-
-	<!--	Cert only matches *.talkta...	-->
-	<rule from="^http://(?:www\.)?talktalkbusiness\.co\.uk/(Global/|[tT]emplates/)"
-		to="https://www.talktalkbusiness.co.uk/$1"/>
-
-	<rule from="^http://media\.tiscali\.co\.uk/"
-		to="https://media.tiscali.co.uk/"/>
-
-	<rule from="^http://m(\d)\.ttxm\.co\.uk/"
-		to="https://m$1.ttxm.co.uk/"/>
+<ruleset name="TalkTalk.co.uk (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="talktalk.co.uk" />
+	<target host="community.talktalk.co.uk" />
+	<target host="help.talktalk.co.uk" />
+	<target host="help2.talktalk.co.uk" />
+	<target host="my.talktalk.co.uk" />
+	<target host="myaccount.talktalk.co.uk" />
+	<target host="myaccountholding.talktalk.co.uk" />
+	<target host="sales.talktalk.co.uk" />
+	<target host="sso.talktalk.co.uk" />
+	<target host="webmail.talktalk.co.uk" />
+	<target host="www.talktalk.co.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?talktalk\.co\.uk$" name="^TS[\da-f]{8}$" /-->
+	<!--securecookie host="^\.talktalk\.co\.uk$" name="^(?:TS[\da-f]{8}|portalId|tiscalicustomsettings)$" /-->
+	<!--securecookie host="^sales\.talktalk\.co\.uk$" name="^(?:ADRUM_BT|TS[\da-f]{8}|branchId)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/TalkTalk_Business.co.uk.xml b/src/chrome/content/rules/TalkTalk_Business.co.uk.xml
new file mode 100644
index 000000000000..0c0996d074b2
--- /dev/null
+++ b/src/chrome/content/rules/TalkTalk_Business.co.uk.xml
@@ -0,0 +1,40 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://talktalkbusiness.co.uk/ => https://talktalkbusiness.co.uk/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://myaccount.talktalkbusiness.co.uk/ => https://myaccount.talktalkbusiness.co.uk/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.talktalkbusiness.co.uk/ => https://www.talktalkbusiness.co.uk/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	For other TalkTalk coverage, see TalkTalk.xml.
+
+
+	Insecure cookies are set for these hosts:
+
+		- blog.talktalkbusiness.co.uk
+		- blogmaintenance.talktalkbusiness.co.uk
+		- www.talktalkbusiness.co.uk
+
+-->
+<ruleset name="TalkTalk Business.co.uk" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="talktalkbusiness.co.uk" />
+	<target host="blog.talktalkbusiness.co.uk" />
+	<target host="blogmaintenance.talktalkbusiness.co.uk" />
+	<target host="myaccount.talktalkbusiness.co.uk" />
+	<target host="www.talktalkbusiness.co.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^blog(?:maintenance)?\.talktalkbusiness\.co\.uk$" name="^ISAWPLB\{[\dA-F-]+\}$" /-->
+	<!--securecookie host="^www\.talktalkbusiness\.co\.uk$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:"/>
+
+</ruleset>
diff --git a/src/chrome/content/rules/Talkhealth_partnership.com.xml b/src/chrome/content/rules/Talkhealth_partnership.com.xml
new file mode 100644
index 000000000000..4d358a3bd0d4
--- /dev/null
+++ b/src/chrome/content/rules/Talkhealth_partnership.com.xml
@@ -0,0 +1,28 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://talkhealthpartnership.com/ => https://talkhealthpartnership.com/: Too many redirects while fetching 'https://talkhealthpartnership.com/'
+Fetch error: http://www.talkhealthpartnership.com/ => https://www.talkhealthpartnership.com/: Too many redirects while fetching 'https://www.talkhealthpartnership.com/'
+
+	Insecure cookies are set for these hosts:
+
+		- www.talkhealthpartnership.com
+
+-->
+<ruleset name="talkhealth partnership.com" default_off="failed ruleset test">
+
+	<target host="talkhealthpartnership.com" />
+	<target host="www.talkhealthpartnership.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.talkhealthpartnership\.com$" name="^SUIREF$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Talking_French.xml b/src/chrome/content/rules/Talking_French.xml
deleted file mode 100644
index 23317aab6f8f..000000000000
--- a/src/chrome/content/rules/Talking_French.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="Talking French">
-    <target host="talkingfrench.com" />
-    <target host="www.talkingfrench.com" />
-
-    <rule from="^https?://talkingfrench\.com/"
-        to="https://www.talkingfrench.com/" />
-    <rule from="^http://([^/:@]+)?\.talkingfrench\.com/"
-        to="https://$1.talkingfrench.com/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Talking_Points_Memo.com.xml b/src/chrome/content/rules/Talking_Points_Memo.com.xml
index 525e463e3a28..d9af449cccde 100644
--- a/src/chrome/content/rules/Talking_Points_Memo.com.xml
+++ b/src/chrome/content/rules/Talking_Points_Memo.com.xml
@@ -34,7 +34,6 @@
 	<target host="cdn1.talkingpointsmemo.com" />
 
 
-	<rule from="^http://cdn1\.talkingpointsmemo\.com/"
-		to="https://d2lix3jnlp95fq.cloudfront.net/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Talky.io.xml b/src/chrome/content/rules/Talky.io.xml
new file mode 100644
index 000000000000..d8534101e0c8
--- /dev/null
+++ b/src/chrome/content/rules/Talky.io.xml
@@ -0,0 +1,19 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://beta.talky.io/ => https://beta.talky.io/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="Talky.io" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="talky.io" />
+	<target host="beta.talky.io" />
+	<target host="www.talky.io" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Tallinn-University-of-Technology.xml b/src/chrome/content/rules/Tallinn-University-of-Technology.xml
index 2cc71d55d0bf..1041b67b1189 100644
--- a/src/chrome/content/rules/Tallinn-University-of-Technology.xml
+++ b/src/chrome/content/rules/Tallinn-University-of-Technology.xml
@@ -6,16 +6,16 @@
 	<target host="www.ttu.ee" />
 
 
-	<securecookie host="^www\.ioc\.ee$" name=".*" />
-	<securecookie host="^ttu\.ee$" name=".*" />
+	<securecookie host="^www\.ioc\.ee$" name=".+" />
+	<securecookie host="^ttu\.ee$" name=".+" />
 
 
 	<!--	Cert only matches www.	-->
-	<rule from="^https?://(?:www\.)?ioc\.ee/"
+	<rule from="^http://(?:www\.)?ioc\.ee/"
 		to="https://www.ioc.ee/" />
 
 	<!--	Cert: localhost.localdomain; expired.	-->
-	<rule from="^https?://(?:www\.)?ttu\.ee/"
+	<rule from="^http://(?:www\.)?ttu\.ee/"
 		to="https://ttu.ee/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Tampa_Bay.com.xml b/src/chrome/content/rules/Tampa_Bay.com.xml
new file mode 100644
index 000000000000..ecd727bf7abf
--- /dev/null
+++ b/src/chrome/content/rules/Tampa_Bay.com.xml
@@ -0,0 +1,102 @@
+<!--
+	Tampa Bay Times
+
+
+	Nonfunctional subdomains:
+
+		- clients ¹
+		- eedition ²
+		- homes ¹
+		- jobs ¹
+		- tampa-weather ³
+		- m.weather ³
+
+	¹ Refused
+	² Dropped
+	³ WUnderground
+
+
+	Problematic subdomains:
+
+		- (www.)? ¹
+		- video ²
+
+	¹ Blocks Tor users
+	² Mismatched, CN: *.newsinc.com
+
+
+	Partially covered subdomains:
+
+		- homes ¹	(→ www)
+		- jobs ¹	(→ www)
+
+	¹ Some paths 404 when rewritten
+
+
+	Mixed content:
+
+		- css, on:
+
+			- video from vault.studio.ndnmediaservices.com ¹
+			- www from ^ ¹
+
+		- Images, on:
+
+			- video from vault.studio.ndnmediaservices.com ¹
+			- www from (www.)? ¹
+			- www from (www.)?sptimes.com ²
+			- www from media.cmgdigital.com ¹
+
+		- favicon on www from ^ ¹
+
+		- Ads/bugs, on:
+
+			- www from homes ²
+			- www from media.monster.com ¹
+			- www from tampabay.mycapture.com ²
+			- www from img-seeker.newjobs.com ¹
+			- www from www.renttampabay.com ²
+			- www from snapwidget.com ¹
+			- www from metric.sptimes.com ¹
+			- www from www.zillow.com
+
+	¹ Secured by us
+	² Unsecurable <= refused
+
+-->
+<ruleset name="Tampa Bay.com (partial)">
+
+	<target host="tampabay.com" />
+	<target host="*.tampabay.com" />
+		<!--
+			404s when rewritten to www:
+							-->
+		<!--exclusion pattern="^http://homes\.tampabay\.com/images/" /-->
+		<!--
+			Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.tampabay\.com/($|features/$|news/$|news/politics/$|opinion/$|sports/$|things-to-do/$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.tampabay\.com/+(?!(?:404\.page|bay|cars|company|edeals|homes|jobs|marketplace|mediakit|postad|publication|search|shopping|subscribe|tb-two)(?:$|[?/])|components/|favicon\.ico|iwov-resources/|media/|resources/|specials/$|universal/(?:css|graphics|images|media|nav|static)/|wunderground/)" />
+		<!--
+			(triggers MCB):
+					-->
+		<!--exclusion pattern="^http://www\.tampabay\.com/(specials/\d{4}/\w+/[\w-]+/$|universal/standard_of_accur\.shtml)" /-->
+
+
+	<!--	2o7.net cookies:
+				-->
+	<securecookie host="^\.tampabay\.com$" name="^s_\w\w(?:_.*)?$" />
+
+
+	<!--	Redirect drops args:
+					-->
+	<rule from="^http://(home|job)s\.tampabay\.com/+(?:\?.*)?$"
+		to="https://www.tampabay.com/$1s/" />
+
+	<rule from="^http://(placead\.|www\.)?tampabay\.com/"
+		to="https://$1tampabay.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Tampermonkey.xml b/src/chrome/content/rules/Tampermonkey.xml
new file mode 100644
index 000000000000..d6e6b5d1aef2
--- /dev/null
+++ b/src/chrome/content/rules/Tampermonkey.xml
@@ -0,0 +1,24 @@
+<!--
+	For Tampermonkey.net
+
+		Works:
+
+			- www
+			- $
+			- forum
+			- safari
+
+		Doesn't Work:
+		nil
+-->
+<ruleset name="Tampermonkey.net">
+	<target host="tampermonkey.net" />
+	<target host="www.tampermonkey.net" />
+	<target host="forum.tampermonkey.net" />
+	<target host="safari.tampermonkey.net" />
+
+	<rule from="^http:"
+			to="https:" />
+
+	<securecookie host="^forum\.tampermonkey\.net$" name=".+" />
+</ruleset>
diff --git a/src/chrome/content/rules/TamrielVault.com.xml b/src/chrome/content/rules/TamrielVault.com.xml
new file mode 100644
index 000000000000..aaabda46ab92
--- /dev/null
+++ b/src/chrome/content/rules/TamrielVault.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="TamrielVault.com">
+	<target host="tamrielvault.com" />
+	<target host="www.tamrielvault.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TanCity.de.xml b/src/chrome/content/rules/TanCity.de.xml
deleted file mode 100644
index 556469fa5eea..000000000000
--- a/src/chrome/content/rules/TanCity.de.xml
+++ /dev/null
@@ -1,34 +0,0 @@
-<!--
-	Cert only matches www.
-
-
-	Mixed content:
-
-		- css, on www from:
-
-			- ajax.googleapis.com *
-			- fonts.googleapis.com *
-
-		- Images on www from www *
-
-		- Ads on www, from:
-
-			- www.connect.facebook.com *
-			- www.media-proweb.de
-
-	* Secured by us
-
--->
-<ruleset name="TanCity.de">
-
-	<target host="tancity.de" />
-	<target host="www.tancity.de" />
-
-
-	<securecookie host="^www\.tancity\.de$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?tancity\.de/"
-		to="https://www.tancity.de/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Tandem_Calendar.xml b/src/chrome/content/rules/Tandem_Calendar.xml
index 2718bd27632d..daec148bc4cd 100644
--- a/src/chrome/content/rules/Tandem_Calendar.xml
+++ b/src/chrome/content/rules/Tandem_Calendar.xml
@@ -1,7 +1,8 @@
 <ruleset name="Tandem Calendar">
 
 	<target host="intand.com" />
-	<target host="*.intand.com" />
+	<target host="support.intand.com" />
+	<target host="www.intand.com" />
 	<target host="tandemcal.com" />
 	<target host="www.tandemcal.com" />
 
@@ -15,10 +16,6 @@
 	<securecookie host="^(?:www\.)?tandemcal\.com$" name=".+" />
 
 
-	<rule from="^http://(support\.|www\.)?intand\.com/"
-		to="https://$1intand.com/" />
+	<rule from="^http:" to="https:" />
 
-	<rule from="^http://(www\.)?tandemcal\.com/"
-		to="https://$1tandemcal.com/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Tandlakarforbundet.se.xml b/src/chrome/content/rules/Tandlakarforbundet.se.xml
index 8dbcb9f70213..be19637cd20b 100644
--- a/src/chrome/content/rules/Tandlakarforbundet.se.xml
+++ b/src/chrome/content/rules/Tandlakarforbundet.se.xml
@@ -1,4 +1,3 @@
-<!-- tandlakarforbundet is a swedish labour union -->
 <ruleset name="Tandlakarforbundet.se">
 	<target host="tandlakarforbundet.se" />
 	<target host="www.tandlakarforbundet.se" />
diff --git a/src/chrome/content/rules/Tandridge.gov.uk-mixedcontent.xml b/src/chrome/content/rules/Tandridge.gov.uk-mixedcontent.xml
new file mode 100644
index 000000000000..2b23a422276b
--- /dev/null
+++ b/src/chrome/content/rules/Tandridge.gov.uk-mixedcontent.xml
@@ -0,0 +1,20 @@
+<!--
+	For rules not causing MCB, see Tandridge.gov.uk.xml.
+
+
+	NB: See https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Tandridge.gov.uk (MCB)" platform="mixedcontent">
+
+	<target host="tandridge.gov.uk" />
+	<target host="www.tandridge.gov.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Tandridge.gov.uk.xml b/src/chrome/content/rules/Tandridge.gov.uk.xml
new file mode 100644
index 000000000000..a3c0117f03a1
--- /dev/null
+++ b/src/chrome/content/rules/Tandridge.gov.uk.xml
@@ -0,0 +1,73 @@
+<!--
+	Tandridge District Council
+
+	For rules causing MCB, see Tandridge.gov.uk-mixedcontent.xml.
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *tandridge.gov.uk:
+
+		- www.councillors ᵈ
+		- maps ³
+		- planning ᵈ
+
+	³ 403
+	ᵈ Dropped
+
+
+	Problematic hosts in *tandridge.gov.uk:
+
+		- (www.)? ˣ
+		- consult ᵐ
+		- m ᵐ
+
+	ᵐ Mismatched
+	ˣ Mixed css, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- consult.tandridge.gov.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css on (www.)? from maps.tandridge.gov.uk ³
+		- Image on (www.)? from www.siteimprove.com ˢ
+		- Bug on (www.)? from www.logo-serve2.co.uk ʳ
+
+	³ Unsecurable <= 403
+	ʳ Unsecurable <= refused
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Tandridge.gov.uk (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<!--target host="tandridge.gov.uk" /-->
+	<target host="tdcws01.tandridge.gov.uk" />
+	<!--target host="www.tandridge.gov.uk" /-->
+
+	<!--	Complications:
+				-->
+	<target host="consult.tandridge.gov.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^consult\.tandridge\.gov\.uk$" name="^(?:JSESSION|Server)ID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://consult\.tandridge\.gov\.uk/"
+		to="https://tandridge-consult.objective.co.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Tanger.ma.xml b/src/chrome/content/rules/Tanger.ma.xml
new file mode 100644
index 000000000000..e40ba58c166c
--- /dev/null
+++ b/src/chrome/content/rules/Tanger.ma.xml
@@ -0,0 +1,34 @@
+<!--
+	Not publicly accessible:
+		benimakada.tanger.ma
+		www.benimakada.tanger.ma
+		cpanel.tanger.ma
+		mail.tanger.ma
+		cpanel.medina.tanger.ma
+		mail.medina.tanger.ma
+		webdisk.medina.tanger.ma
+		webmail.medina.tanger.ma
+		mghoga.tanger.ma
+		www.mghoga.tanger.ma
+		rdv.tanger.ma
+		www.rdv.tanger.ma
+		souani.tanger.ma
+		www.souani.tanger.ma
+		webdisk.tanger.ma
+		webmail.tanger.ma
+
+	Expired certificate:
+		r.tanger.ma
+		www.r.tanger.ma
+
+-->
+<ruleset name="Tanger.ma">
+	<target host="tanger.ma" />
+	<target host="www.tanger.ma" />
+	<target host="medina.tanger.ma" />
+	<target host="www.medina.tanger.ma" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Tangerine-Bank.xml b/src/chrome/content/rules/Tangerine-Bank.xml
new file mode 100644
index 000000000000..861fdbc2092d
--- /dev/null
+++ b/src/chrome/content/rules/Tangerine-Bank.xml
@@ -0,0 +1,32 @@
+<!--
+	Invalid certificates:
+		- forwardthinking.tangerine.ca
+		- e.tangerine.ca
+		- links.e.tangerine.ca
+
+	Timeout:
+		- tangerine.com (https times out, http doesn't)
+		- www.tangerine.com (https times out, http doesn't)
+		- brightwayforward.ca
+		- www.brightwayforward.ca
+-->
+
+<ruleset name="Tangerine Bank">
+	<target host="tangerine.ca" />
+	<target host="www.tangerine.ca" />
+	<target host="secure.tangerine.ca" />
+	<target host="info.tangerine.ca" />
+	<target host="api.tangerine.ca" />
+	<target host="upload.tangerine.ca" />
+	<target host="readonly.tangerine.ca" />
+	<target host="m.tangerine.ca" />
+	<target host="ofx.tangerine.ca" />
+	<target host="tangerine.com" />
+	<target host="www.tangerine.com" />
+
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://(www\.)?tangerine\.com/" to="https://$1tangerine.ca/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Tango.me.xml b/src/chrome/content/rules/Tango.me.xml
new file mode 100644
index 000000000000..09b8c8171bea
--- /dev/null
+++ b/src/chrome/content/rules/Tango.me.xml
@@ -0,0 +1,69 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://media.tango.me/ => https://media.tango.me/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+
+	Nonfunctional hosts in *tango.me:
+
+		- support *
+
+	* zendesk
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .tango.me
+		- www.tango.me
+
+
+	Mixed content:
+
+		- Images from media.tango.me *
+		- Images from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Tango.me (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="tango.me" />
+	<target host="media.tango.me" />
+	<target host="www.tango.me" />
+
+	<!--	Complications:
+				-->
+	<target host="support.tango.me" />
+
+		<exclusion pattern="^http://support\.tango\.me/(?!favicon\.ico|images/|system/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://support.tango.me/access/unauthenticated" />
+			<test url="http://support.tango.me/anonymous_requests/new" />
+			<test url="http://support.tango.me/forums" />
+			<test url="http://support.tango.me/home" />
+
+			<!--	-ve:
+					-->
+			<test url="http://support.tango.me/favicon.ico" />
+			<test url="http://support.tango.me/images/logo-delimiter.png" />
+
+
+	<!--	Incapsula cookies:
+					-->
+	<!--securecookie host="^\.tango\.me$" name="(?:incap_ses_\d+|nlbi|visid_incap)_\d+$" /-->
+	<!--securecookie host="^www\.tango\.me$" name="^___utm[abm]\w+$" /-->
+
+	<securecookie host="^\.tango\.me$" name="(?:incap_ses_\d+|nlbi|visid_incap)_\d+$" />
+	<securecookie host="^www\.tango\.me$" name=".+" />
+
+
+	<rule from="^http://support\.tango\.me/"
+		to="https://tangome.zendesk.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TankaFetast.com.xml b/src/chrome/content/rules/TankaFetast.com.xml
index 89038b84cca5..e284af3e887c 100644
--- a/src/chrome/content/rules/TankaFetast.com.xml
+++ b/src/chrome/content/rules/TankaFetast.com.xml
@@ -1,21 +1,30 @@
+
 <!--
-	Mixed content:
+Disabled by https-everywhere-checker because:
+Fetch error: http://tankafetast.com/ => https://tankafetast.com/: (35, 'Unknown SSL protocol error in connection to tankafetast.com:443 ')
+Fetch error: http://www.tankafetast.com/ => https://www.tankafetast.com/: (35, 'Unknown SSL protocol error in connection to www.tankafetast.com:443 ')
 
-		- Web bug on (www.) track.adform.net *
+	Insecure cookies are set for these domains:
 
-	* Secured by us
+		- .tankafetast.com
 
 -->
-<ruleset name="TankaFetast.com">
+<ruleset name="TankaFetast.com" default_off="failed ruleset test">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="tankafetast.com" />
-	<target host="*.tankafetast.com" />
+	<target host="www.tankafetast.com" />
+
 
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.tankafetast\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
 
 	<securecookie host="^(?:w*\.)?tankafetast\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?tankafetast\.com/"
-		to="https://$1tankafetast.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Tanomail.com.xml b/src/chrome/content/rules/Tanomail.com.xml
new file mode 100644
index 000000000000..e08c75871185
--- /dev/null
+++ b/src/chrome/content/rules/Tanomail.com.xml
@@ -0,0 +1,33 @@
+<!--
+	For other Otsaku Corporation coverage, see Otsuka-shokai.co.jp.xml.
+
+
+	^tanomail.com doesn't exist.
+
+
+	Insecure cookies are set for these hosts:
+
+		- tnbc.tanomail.com
+		- www.tanomail.com
+
+-->
+<ruleset name="Tanomail.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="tnbc.tanomail.com" />
+	<target host="www.tanomail.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^tnbc\.tanomail\.com$" name="^OTSUKA$" /-->
+	<!--securecookie host="^www\.tanomail\.com$" name="^(?:AUTO_LOGIN|TS[\da-f]{8}|tanomail_cookie)$" /-->
+
+	<securecookie host="^(?:tnbc|www)\.tanomail\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Tante.cc.xml b/src/chrome/content/rules/Tante.cc.xml
new file mode 100644
index 000000000000..2ced89ac6c60
--- /dev/null
+++ b/src/chrome/content/rules/Tante.cc.xml
@@ -0,0 +1,26 @@
+<!--
+	Mixed content:
+
+		- Bug on ^ from vg0\d.met.vgwort.de *
+
+	* Unsecurable <= refused
+
+-->
+<ruleset name="Tante.cc">
+
+	<target host="tante.cc" />
+	<target host="connected.tante.cc" />
+	<target host="www.tante.cc" />
+
+
+	<!--	Not secured by server:
+					-->
+	<securecookie host="^(connected\.)?tante\.cc$" name="^PHPSESSID$" />
+
+	<securecookie host="^(?:connected\.)?tante\.cc$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Tanzschule-wernecke.de.xml b/src/chrome/content/rules/Tanzschule-wernecke.de.xml
new file mode 100644
index 000000000000..207a76f07b04
--- /dev/null
+++ b/src/chrome/content/rules/Tanzschule-wernecke.de.xml
@@ -0,0 +1,9 @@
+<ruleset name="Tanzschule-wernecke.de">
+	<target host="tanzschule-wernecke.de" />
+	<target host="www.tanzschule-wernecke.de" />
+	<target host="cdn.tanzschule-wernecke.de" />
+	<target host="contao4-assets.tanzschule-wernecke.de" />
+	<target host="contao4-files.tanzschule-wernecke.de" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Tao_Effect.com.xml b/src/chrome/content/rules/Tao_Effect.com.xml
new file mode 100644
index 000000000000..8deb896a9c3b
--- /dev/null
+++ b/src/chrome/content/rules/Tao_Effect.com.xml
@@ -0,0 +1,15 @@
+<!--
+	Other Tao Effect rulesets:
+
+		- Espionage_app.com.xml
+-->
+<ruleset name="Tao Effect.com">
+
+	<target host="taoeffect.com" />
+	<target host="www.taoeffect.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Taobao.com-falsemixed.xml b/src/chrome/content/rules/Taobao.com-falsemixed.xml
deleted file mode 100644
index 2b308bb5995e..000000000000
--- a/src/chrome/content/rules/Taobao.com-falsemixed.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<!--
-	For rules not causing false/broken MCB, see Taobao.xml.
-
--->
-<ruleset name="Taobao.com (false MCB)" platform="mixedcontent">
-
-	<target host="101.taobao.com" />
-
-
-	<rule from="^http://101\.taobao\.com/"
-		to="https://101.taobao.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Taobao.com-mixedcontent.xml b/src/chrome/content/rules/Taobao.com-mixedcontent.xml
new file mode 100644
index 000000000000..b1c22112ad67
--- /dev/null
+++ b/src/chrome/content/rules/Taobao.com-mixedcontent.xml
@@ -0,0 +1,8 @@
+<!--
+	For rules not causing false/broken or valid MCB, see Taobao.com.xml.
+-->
+<ruleset name="Taobao.com-mixedcontent" platform="mixedcontent">
+	<target host="trust.taobao.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Taobao.com.xml b/src/chrome/content/rules/Taobao.com.xml
new file mode 100644
index 000000000000..29ec7e6ca752
--- /dev/null
+++ b/src/chrome/content/rules/Taobao.com.xml
@@ -0,0 +1,329 @@
+<!--
+	NB: Hosts may^Wwill take a long time to respond!
+
+	Fetch tests will probably receive corrupted packets and resets also.
+
+	For rules causing false/broken or valid MCB, see Taobao.com-mixedcontent.xml.
+
+	Other Taobao rulesets:
+		- Taobao_CDN.com.xml
+		- TbCDN.cn.xml
+
+	CDN buckets:
+		- img.taobaocdn.com.danuoyi.tbcache.com
+		- img0[1-8].taobaocdn.com.danuoyi.tbcache.com
+			- taurus0[1-4].danuoyi.tbcache.com
+
+	Nonfunctional domains:
+		- taobao.com subdomains:
+			- f.ai *
+			- amp *
+			- b *
+			- bangpai	(Redirects to http)
+			- baobei *
+			- trace.cps *
+			- cu		(Redirects to http)
+			- daigou *
+			- design *
+			- dingyue *
+			- display *
+			- dmp		Dropped
+			- fws *
+			- hitao		(Redirects to http)
+			- i56 *
+			- isvsupport *
+			- learn *
+			- leye *
+			- love		(Redirects to http)
+			- wenda		(Redirects to http)
+			- m subdomains:
+				- a *
+				- caipiao *
+				- im	(Redirects to error page)
+				- info	(404)
+				- ju *
+				- mz *
+				- rj *
+				- s *
+				- tm	(redirects to error page, valid cert)
+				- wtm *
+				- yyz	(redirects to error page, valid cert)
+			- maimai *
+			- miiee		(Redirects to http)
+			- bbs.nanren *
+			- my.open *
+			- pics		(503; self-signed, CN: dynamic.12306.cn)
+			- pro		(Redirects to http)
+			- quanzi *
+			- shuju *
+			- home.shuju	(shows s.tbcdn.cn; mismatched, CN: s.tbcdn.cn)
+			- shuo *
+			- shuyuan	Redirects to http
+			- taocode *
+			- seller.taojinbi *
+			- tese			(Redirects to http)
+			- tianxia		(Redurects to http)
+			- static.tianxia	(Redirects to http)
+			- trip subdomains:
+				- jipiao *
+				- tuan		(shows s.tbcdn.cn; mismatched, CN: s.tbcdn.cn)
+				- zhaoshang	(shows s.tbcdn.cn; mismatched, CN: s.tbcdn.cn)
+			- cloud.video *
+			- vodcdn.video	(refused)
+			- wao *
+			- wap		(redirects to error page; mismatched, CN: *.m.taobao.com)
+			- img2012.i0[234].wimg	(refused)
+			- q.i0[1-4].wimg	(refused)
+			- xiaobao *
+			- xianhao *
+			- yiqi		(Shows guang.taobao.com)
+			- you *
+			- zhitongche *
+			- zuanshi *
+		- img2.tbcdn.com	(503; self-signed, CN: dynamic.12306.cn)
+	* Dropped
+
+	Problematic hosts in *taobao.com:
+		- global ¹
+		- jipiao ³
+		- jump ³
+		- logo ³
+		- support ⁴
+		- to ³
+		- trust ²	be fixed by Upgrade:https://github.com/EFForg/https-everywhere/issues/8506
+		- tsu ³
+		- tw ³
+		- world ³
+		- act.yun ³
+	* Mixed css
+	¹ Redirects to http
+	² Mixed css
+	³ Mismatched
+	⁴ https://support.taobao.com/ use https://assets.taobaocdn.com , which is mismatched.
+	See Taobao_CDN.com.xml for the rule of assets.taobaocdn.com
+
+	HTTP request to this server failed
+		md.taobao.com
+		wan.taobao.com
+
+	Insecure cookies are set for these domains and hosts:
+		- .taobao.com
+		- bgt.taobao.com
+		- caipiao.taobao.com
+		- .ju.taobao.com
+		- mm.taobao.com
+		- re.taobao.com
+		- .reg.taobao.com
+		- .simba.taobao.com
+		- temai.taobao.com
+
+	Mixed content:
+		- css, on:
+			- trust from a.tbcdn.cn *
+		- Images, on:
+			- pinkong.bbs, md, yingxiao, from gtms0\d.alicdn.com *
+			- pinkong.bbs from img.alicdn.com *
+			- chuangye.bbs, pinkong.bbs, daohang, dingyue, jiadian, rule, trust, ur, www from img0\d.taobaocdn.com *
+			- daohang from img.tongji.linezing.com ²
+			- md, rule, trust, www, zhiyuanzhe from a.tbcdn.cn *
+			- u.m from mbuf.alipay.com *
+			- u.m from pin.aliyun.com *
+			- ur from img.china.alibaba.com *
+			- yun from m.alicdn.com *
+		- Ads on etuoguan from player.youku.com ²
+	* Secured by us
+	² Unsecurable <= refused
+-->
+<ruleset name="Taobao.com (partial)">
+	<!--	Direct rewrites:	-->
+	<target host="taobao.com" />
+	<target host="101.taobao.com" />
+	<target host="2.taobao.com" />
+	<target host="sell.2.taobao.com" />
+	<target host="trade.2.taobao.com" />
+	<target host="s.2.taobao.com" />
+	<target host="315.taobao.com" />
+	<target host="3c.taobao.com" />
+	<target host="a.taobao.com" />
+	<target host="acg.taobao.com" />
+	<target host="ai.taobao.com" />
+	<target host="aitao.taobao.com" />
+	<target host="amos.taobao.com" />
+	<target host="api.taobao.com" />
+	<target host="api-taojinbi.taobao.com" />
+	<target host="auction1.taobao.com" />
+	<target host="baichuan.taobao.com" />
+	<target host="bang.taobao.com" />
+	<target host="baobao.taobao.com" />
+	<target host="bbs.taobao.com" />
+	<target host="chuangye.bbs.taobao.com" />
+	<target host="pinkong.bbs.taobao.com" />
+	<target host="beauty.taobao.com" />
+	<target host="caipiao.taobao.com" />
+	<target host="cart.taobao.com" />
+	<target host="chi.taobao.com" />
+	<target host="china.taobao.com" />
+	<target host="cgfang.taobao.com" />
+	<target host="s.click.taobao.com" />
+	<target host="daohang.taobao.com" />
+	<target host="dating.taobao.com" />
+	<target host="daxue.taobao.com" />
+	<target host="i.daxue.taobao.com" />
+	<target host="dingyue.taobao.com" />
+	<target host="dongtai.taobao.com" />
+	<target host="ecrm.taobao.com" />
+	<target host="etuoguan.taobao.com" />
+	<target host="e56.taobao.com" />
+	<target host="ershou.taobao.com" />
+	<target host="err.taobao.com" />
+	<target host="fang.taobao.com" />
+	<target host="fashion.taobao.com" />
+	<target host="fenxiao.taobao.com" />
+	<target host="favorite.taobao.com" />
+	<target host="form.taobao.com" />
+	<target host="forum.taobao.com" />
+	<target host="fuwu.taobao.com" />
+	<target host="i.fuwu.taobao.com" />
+	<target host="g.taobao.com" />
+	<target host="gan.taobao.com" />
+	<target host="bgt.taobao.com" />
+	<target host="game.taobao.com" />
+	<target host="guang.taobao.com" />
+	<target host="gwywx.taobao.com" />
+	<target host="h5.taobao.com" />
+	<target host="hk.taobao.com" />
+	<target host="hunban.taobao.com" />
+	<target host="i.taobao.com" />
+	<target host="interface.im.taobao.com" />
+		<test url="http://interface.im.taobao.com/api/roaming/taobaocdn/1484637939/c3b691ef6f65a4fcbb15229dfde4c201.jpg" />
+	<target host="ishop.taobao.com" />
+	<target host="it.taobao.com" />
+	<target host="item.taobao.com" />
+	<target host="jiadian.taobao.com" />
+	<target host="jianghu.tmall.com" />
+	<target host="ju.taobao.com" />
+	<target host="act.ju.taobao.com" />
+	<target host="freeway.ju.taobao.com" />
+	<target host="i.ju.taobao.com" />
+	<target host="o.ju.taobao.com" />
+	<target host="seller.ju.taobao.com" />
+	<target host="kan.taobao.com" />
+	<target host="lady.taobao.com" />
+	<target host="lu.taobao.com" />
+	<target host="life.taobao.com" />
+	<target host="1.life.taobao.com" />
+	<target host="list.taobao.com" />
+	<target host="login.taobao.com" />
+	<target host="m.taobao.com" />
+	<target host="fav.m.taobao.com" />
+	<target host="h5.m.taobao.com" />
+	<target host="login.m.taobao.com" />
+	<target host="mo.m.taobao.com" />
+		<test url="http://mo.m.taobao.com/etao/pc_search_hotwords" />
+	<target host="my.m.taobao.com" />
+	<target host="shop.m.taobao.com" />
+	<target host="trip.m.taobao.com" />
+	<target host="triph5.m.taobao.com" />
+	<target host="u.m.taobao.com" />
+	<target host="m-a-g.taobao.com" />
+	<target host="mai.taobao.com" />
+	<target host="mall.taobao.com" />
+	<target host="meirong.taobao.com" />
+	<target host="meiyantang.taobao.com" />
+	<target host="member1.taobao.com" />
+	<target host="mj.taobao.com" />
+	<target host="mm.taobao.com" />
+	<target host="my.taobao.com" />
+	<target host="nanren.taobao.com" />
+	<target host="nanxie.taobao.com" />
+	<target host="nanzhuang.taobao.com" />
+	<target host="neiyi.taobao.com" />
+	<target host="notice.taobao.com" />
+	<target host="nvbao.taobao.com" />
+	<target host="nvxie.taobao.com" />
+	<target host="nvzhuang.taobao.com" />
+	<target host="ny.taobao.com" />
+	<target host="nz.taobao.com" />
+	<target host="open.taobao.com" />
+	<target host="paimai.taobao.com" />
+	<target host="pan.taobao.com" />
+	<target host="passport.taobao.com" />
+	<target host="pay.taobao.com" />
+	<target host="peijian.taobao.com" />
+	<target host="pinkong.taobao.com" />
+	<target host="qiang.taobao.com" />
+	<target host="qianggou.taobao.com" />
+	<target host="rate.taobao.com" />
+	<target host="re.taobao.com" />
+	<target host="mosaic.re.taobao.com" />
+	<target host="reg.taobao.com" />
+	<target host="ruanko.taobao.com" />
+	<target host="rule.taobao.com" />
+	<target host="s.taobao.com" />
+	<target host="s-paimai.taobao.com" />
+	<target host="search1.taobao.com" />
+	<target host="sec.taobao.com" />
+	<target host="sell.taobao.com" />
+	<target host="seller-taojinbi.taobao.com" />
+	<target host="sellerhelp.taobao.com" />
+	<target host="service.taobao.com" />
+	<target host="sf.taobao.com" />
+	<target host="shoucang.taobao.com" />
+	<target host="click.simba.taobao.com" />
+	<target host="click.mz.simba.taobao.com" />
+	<target host="srd.simba.taobao.com" />
+	<target host="spu.taobao.com" />
+	<target host="store.taobao.com" />
+	<target host="style.taobao.com" />
+	<!--target host="support.taobao.com" /-->
+	<target host="sy.taobao.com" />
+	<target host="taojinbi.taobao.com" />
+	<target host="tejia.taobao.com" />
+	<target host="temai.taobao.com" />
+	<target host="top.taobao.com" />
+	<target host="tp.taobao.com" />
+	<!--	encoding error
+	target host="trade.taobao.com" /-->
+	<target host="trip.taobao.com" />
+	<!--target host="trust.taobao.com" /-->
+	<target host="try.taobao.com" />
+	<target host="ugc.taobao.com" />
+	<target host="upload.taobao.com" />
+	<target host="ur.taobao.com" />
+	<target host="usabags.taobao.com" />
+	<target host="uz.taobao.com" />
+	<target host="wangpu.taobao.com" />
+	<target host="we.taobao.com" />
+	<target host="weike.taobao.com" />
+	<target host="weitao.taobao.com" />
+	<!--target host="wenda.taobao.com" /-->
+	<target host="whlove.taobao.com" />
+	<target host="work.taobao.com" />
+	<target host="wuliu.taobao.com" />
+	<target host="wt.taobao.com" />
+	<target host="www.taobao.com" />
+	<target host="xiangqing.taobao.com" />
+	<target host="xue.taobao.com" />
+	<target host="yingxiao.taobao.com" />
+	<target host="yun.taobao.com" />
+	<target host="zc-paimai.taobao.com" />
+	<target host="zhi.taobao.com" />
+	<target host="zhiyuanzhe.taobao.com" />
+	<target host="zhonggongyc.taobao.com" />
+	<target host="zhoumo.taobao.com" />
+	<target host="zj.taobao.com" />
+
+	<!--	Complications:	-->
+	<target host="global.taobao.com" />
+	<rule from="^http://global\.taobao\.com/"
+		to="https://g.taobao.com/" />
+
+	<target host="logo.taobao.com" />
+	<rule from="^http://logo\.taobao\.com/"
+		to="https://img.alicdn.com/" />
+
+	<securecookie host="^\.taobao\.com$" name="^ali_ab$" />
+	<securecookie host="^(?:bgt|caipiao|\.login\.m|mm|re|mosaic\.re|temai)\.taobao\.com$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Taobao.xml b/src/chrome/content/rules/Taobao.xml
deleted file mode 100644
index da904668ed4b..000000000000
--- a/src/chrome/content/rules/Taobao.xml
+++ /dev/null
@@ -1,240 +0,0 @@
-<!--
-	For rules causing false/broken MCB, see Taobao.com-falsemixed.xml.
-
-	Other Taobao rulesets:
-
-		- Cnzz.com.xml
-
-
-	CDN buckets:
-
-		- g.tbcdn.cn.danuoyi.tbcache.com
-
-		- www.gslb.taobao.com.danuoyi.tbcache.com
-
-			- a.tbcdn.cn
-
-		- img.taobaocdn.com.danuoyi.tbcache.com
-
-		- img0[1-8].taobaocdn.com.danuoyi.tbcache.com
-
-			- taurus0[1-4].danuoyi.tbcache.com
-
-
-	Nonfunctional domains:
-
-		- taobao.com subdomains:
-
-			- (www.)	(shows s.tbcdn.cn, mismatched, CN: s.tbcdn.cn)
-			- 315		(shows s.tbcdn.cn, mismatched, CN: s.tbcdn.cn)
-			- aitao *
-			- amos *
-			- bang *
-			- bangpai *
-			- baobao *
-			- baobei *
-			- bbs *
-			- cart *
-			- trace.cps *
-			- cu *
-			- dongtai *
-			- daohang	(shows s.tbcdn.cn, mismatched, CN: s.tbcdn.cn)
-			- daxue		(shows s.tbcdn.cn, mismatched, CN: s.tbcdn.cn)
-			- dingyue *
-			- display *
-			- dongtai *
-			- ecrm *
-			- err		(refused)
-			- favorite *
-			- fenxiao *
-			- form *
-			- forum *
-			- fuwu *
-			- i.fuwu *
-			- fws *
-			- g *
-			- guang *
-			- h5		(redirects to error page; mismatched, CN: *.m.taobao.com)
-			- hitao		(shows s.tbcdn.cn, mismatched, CN: s.tbcdn.cn)
-			- i *
-			- ishop *
-			- isvsupport *
-			- item *
-			- jianghu *
-
-			- ju subdomains:
-
-				- ^ *
-				- act	(shows s.tbcdn.cn, mismatched, CN: s.tbcdn.cn)
-				- i *
-				- o *
-				- seller *
-
-			- jump *
-			- kan *
-			- learn *
-			- list *
-			- logo		(shows s.tbcdn.cn, mismatched, CN: s.tbcdn.cn)
-			- love *
-			- lu *
-
-			- m subdomains:
-
-				- ^	(redirects to error page; mismatched, CN: *.m.taobao.com)
-				- a *
-				- caipiao *
-				- fav	(redirects to error page, valid cert)
-				- im *
-				- info	(redirects to error page, valid cert)
-				- ju *
-				- my	(redirects to error page, valid cert)
-				- mz *
-				- rj *
-				- s *
-				- shop *
-				- tm	(redirects to error page, valid cert)
-				- trip *
-				- triph5 *
-				- wtm *
-				- yyz	(redirects to error page, valid cert)
-
-			- m-a-g *
-			- mai *
-			- maimai *
-			- md *
-			- member1 *
-			- mj		(shows s.tbcdn.cn; mismatched, CN: s.tbcdn.cn)
-			- mm *
-			- my *
-			- nanren	(shows s.tbcdn.cn; mismatched, CN: s.tbcdn.cn)
-			- bbs.nanren *
-			- nanxie	(shows s.tbcdn.cn; mismatched, CN: s.tbcdn.cn)
-			- nanzhuang	(shows s.tbcdn.cn; mismatched, CN: s.tbcdn.cn)
-			- neiyi		(shows s.tbcdn.cn; mismatched, CN: s.tbcdn.cn)
-			- nvbao		(shows s.tbcdn.cn; mismatched, CN: s.tbcdn.cn)
-			- nvxie		(shows s.tbcdn.cn; mismatched, CN: s.tbcdn.cn)
-			- nvzhuang	(shows s.tbcdn.cn; mismatched, CN: s.tbcdn.cn)
-			- re *
-			- reg *
-			- open *
-			- pay *
-			- peijian	(shows s.tbcdn.cn; mismatched, CN: s.tbcdn.cn)
-			- pics		(503; self-signed, CN: dynamic.12306.cn)
-			- pro *
-			- rate *
-			- re *
-			- rule *
-			- s *
-			- search1 *
-			- sell *
-			- service *
-			- shuju *
-			- home.shuju	(shows s.tbcdn.cn; mismatched, CN: s.tbcdn.cn)
-			- shuo *
-			- click.simba *
-			- store *
-			- support *
-			- taocode *
-			- tianxia *
-			- static.tianxia *
-			- to *
-			- trade *
-
-			- trip subdomains:
-
-				- ^	(shows s.tbcdn.cn; mismatched, CN: s.tbcdn.cn)
-				- jipiao *
-				- tuan		(shows s.tbcdn.cn; mismatched, CN: s.tbcdn.cn)
-				- zhaoshang	(shows s.tbcdn.cn; mismatched, CN: s.tbcdn.cn)
-
-			- trust		(shows s.tbcdn.cn; mismatched, CN: s.tbcdn.cn)
-			- try *
-			- ur *
-			- cloud.video *
-			- vodcdn.video	(refused)
-			- ugc *
-			- usabags *
-			- uz *
-			- wap		(redirects to error page; mismatched, CN: *.m.taobao.com)
-			- we *
-			- weike *
-			- weitao *
-			- img2012.i0[234].wimg	(refused)
-			- q.i0[1-4].wimg	(refused)
-			- work		(shows s.tbcdn.cn; mismatched, CN: s.tbcdn.cn)
-			- xiaobao *
-			- yiqi *
-			- zuanshi *
-
-		- taobaocdn.com subdomains:
-
-			- download.browser	(refused)
-			- img			(refused)
-			- img0[1-47]		(refused)
-			- img0[56]		(503; self-signed, CN: dynamic.12306.cn)
-			- img08			(503, akamai)
-			- pics			(503; self-signed, CN: dynamic.12306.cn)
-			- wwc			(refused)
-
-		- g.tbcdn.cn *
-		- img2.tbcdn.com	(503; self-signed, CN: dynamic.12306.cn)
-
-	* Dropped
-
-
-	Problematic domains:
-
-		- assets.taobaocdn.com *
-		- a.tbcdn.cn *
-
-	* Mismatched, CN: s.tbcdn.cn
-
-
-	Fully covered domains:
-
-		- taobao.com subdomains:
-
-			- login
-			- login.m
-			- u.m
-			- regcheckcode
-
-		- assets.taobaocdn.com	(→ s.tbcdn.cn)
-
-		- a.tbcdn.cn	(→ s)
-		- s.tbcdn.cn
-
-
-	Mixed content:
-
-		- css on 101 from assets.taobaocdn.com *
-
-		- Images, on:
-
-			- 101 from regcheckcode *
-			- 101 img0\d.taobaocdn.com
-			- login.m from regcheckcode *
-			- login.m from mbuf.alipay.com *
-			- u.m from mbuf.alipay.com *
-			- u.m from pin.aliyun.com *
-
-	* Secured by us
-
--->
-<ruleset name="Taobao (partial)">
-
-	<target host="*.taobao.com" />
-	<target host="assets.taobaocdn.com" />
-	<target host="*.tbcdn.cn" />
-
-
-	<securecookie host="^\.login\.m\.taobao\.com$" name=".+" />
-
-
-	<rule from="^http://(login|login\.m|u\.m|regcheckcode)\.taobao\.com/"
-		to="https://$1.taobao.com/" />
-
-	<rule from="^http://(?:assets\.taobao|[as]\.tb)cdn\.c(?:om|n)/"
-		to="https://s.tbcdn.cn/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Taobao_CDN.com.xml b/src/chrome/content/rules/Taobao_CDN.com.xml
new file mode 100644
index 000000000000..39c014b9bc28
--- /dev/null
+++ b/src/chrome/content/rules/Taobao_CDN.com.xml
@@ -0,0 +1,53 @@
+<!--
+	For other Taobao coverage, see Taobao.com.xml.
+
+	CDN buckets:
+		- img.taobaocdn.com.danuoyi.tbcache.com
+		- img0[1-8].taobaocdn.com.danuoyi.tbcache.com
+			- taurus0[1-4].danuoyi.tbcache.com
+
+	Nonfunctional hosts in *taobaocdn.com:
+		- download.browser	(refused)
+		- pics				(503; self-signed, CN: dynamic.12306.cn)
+		- wwc				(refused)
+
+	Problematic hosts in *taobaocdn.com:
+		- assets *
+		- download ³
+		- img			(refused)
+		- img0[1-4,7]	(refused)
+		- img0[56]		(503; self-signed, CN: dynamic.12306.cn)
+		- img08			(503, akamai)
+	³ 403
+	* Mismatched, CN: s.tbcdn.cn
+
+	Fully covered domains:
+		- assets.taobaocdn.com	(→ s.tbcdn.cn)
+-->
+<ruleset name="Taobao_CDN.com (partial)">
+
+	<target host="assets.taobaocdn.com" />
+	<target host="download.taobaocdn.com" />
+	<target host="img.taobaocdn.com" />
+	<target host="img01.taobaocdn.com" />
+	<target host="img02.taobaocdn.com" />
+	<target host="img03.taobaocdn.com" />
+	<target host="img04.taobaocdn.com" />
+	<target host="img05.taobaocdn.com" />
+	<target host="img06.taobaocdn.com" />
+	<target host="img07.taobaocdn.com" />
+	<target host="img08.taobaocdn.com" />
+
+	<rule from="^http://assets\.taobaocdn\.com/"
+		to="https://s.tbcdn.cn/" />
+		<test url="http://assets.taobaocdn.com/p/header/header-min.css" />
+
+	<rule from="^http://download\.taobaocdn\.com/"
+		to="https://download.alicdn.com/" />
+
+	<rule from="^http://img(0\d)?\.taobaocdn\.com/"
+		to="https://img.alicdn.com/" />
+		<test url="http://img01.taobaocdn.com/tps/i1/T1RLnjXdtjXXc0Pcvg-20-171.jpg" />
+		<test url="http://img03.taobaocdn.com/tps/i3/T1Te_iXfRnXXbRn1E.-12-60.jpg" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Tapad.xml b/src/chrome/content/rules/Tapad.xml
index bd32fcec65f9..4ce067b2b1da 100644
--- a/src/chrome/content/rules/Tapad.xml
+++ b/src/chrome/content/rules/Tapad.xml
@@ -1,28 +1,27 @@
 <!--
-	tapad.app10.hubspot.com
-
-
-	Nonfunctional subdomains:
-
-		- www
-
-
-	taptalks.tapad.com cert: www.valoancaptain.com
-
+	Unable to Connect:
+		taptalks.tapad.com
+	Invalid Certificiate:
+ 		tapad.app10.hubspot.com
 -->
-<ruleset name="Tapad (partial)">
-
-	<target host="tapad.app10.hubspot.com" />
-	<target host="*.tapad.com" />
-
-
-	<securecookie host="^\.tapad\.com$" name=".*" />
-
-
-	<rule from="^http://tapad\.app10\.hubspot\.com/"
-		to="https://tapad.app10.hubspot.com/" />
-
-	<rule from="^http://audience\.tapad\.com/"
-		to="https://audience.tapad.com/" />
-
+<ruleset name="Tapad" >
+	<target host="tapad.com" />
+	<target host="www.tapad.com" />
+	<target host="assets.tapad.com" />
+	<target host="audience.tapad.com" />
+	<target host="dgdemo.tapad.com" />
+	<target host="dsp.tapad.com" />
+	<target host="engineering.tapad.com" />
+	<target host="go.tapad.com" />
+	<target host="help.tapad.com" />
+	<target host="help.stg.tapad.com" />
+	<target host="pixel.tapad.com" />
+	<target host="privacy.tapad.com" />
+	<target host="tapestry.tapad.com" />
+	<target host="unify.tapad.com" />
+	<target host="www.stg.tapad.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Tapatalk.com.xml b/src/chrome/content/rules/Tapatalk.com.xml
new file mode 100644
index 000000000000..b4360d3fc0cc
--- /dev/null
+++ b/src/chrome/content/rules/Tapatalk.com.xml
@@ -0,0 +1,106 @@
+<!--
+	Connection timed out:
+		- activate
+		- db
+		- devserver
+		- email-gateway
+		- email-gateway-1
+		- email-gateway-2
+		- glog
+		- groups
+		- m
+		- mail-182-92
+		- mail-182-93
+		- mail-182-94
+		- share
+		- wwwtest
+	
+	Mismatched:
+		- s2.db
+		- s2.dev
+		- s2.directory
+		- link2
+		- s2.logos
+		- ox-i
+		- redirect
+		- redirect2
+		- s2directory
+	
+	Expired:
+		- cdn
+		- images
+		- img
+		- img-2011-12
+		- img-2013
+		- rest
+		- support-dev
+	
+	Connection refused:
+		- int-noc
+		- push2
+		- testblog
+		- vpn
+	
+	Connection closed:
+		- mail
+	
+	Unsupported SSL version
+		- ning
+	
+	Incomplete certificate chain:
+		- s2.support
+	
+	SSL handshake failure:
+		- tapstream
+-->
+<ruleset name="Tapatalk.com">
+	<target host="tapatalk.com" />
+	<target host="www.tapatalk.com" />
+	<target host="api.tapatalk.com" />
+	<target host="apis.tapatalk.com" />
+	<target host="blog.tapatalk.com" />
+	<target host="cache.tapatalk.com" />
+	<target host="cloud.tapatalk.com" />
+	<target host="customdomain.tapatalk.com" />
+	<target host="dev.tapatalk.com" />
+	<target host="directory.tapatalk.com" />
+	<target host="directory1.tapatalk.com" />
+	<target host="directory3.tapatalk.com" />
+	<target host="jwt.tapatalk.com" />
+	<target host="link.tapatalk.com" />
+	<target host="log.tapatalk.com" />
+	<target host="log2.tapatalk.com" />
+	<target host="logos.tapatalk.com" />
+	<target host="market.tapatalk.com" />
+	<target host="new.tapatalk.com" />
+	<target host="piwik.tapatalk.com" />
+	<target host="piwik1.tapatalk.com" />
+	<target host="piwik2.tapatalk.com" />
+	<target host="pt.tapatalk.com" />
+	<target host="push.tapatalk.com" />
+	<target host="r.tapatalk.com" />
+	<target host="redir.tapatalk.com" />
+	<target host="rss.tapatalk.com" />
+	<target host="rss-spider.tapatalk.com" />
+	<target host="s2.tapatalk.com" />
+	<target host="search.tapatalk.com" />
+	<target host="search-log.tapatalk.com" />
+	<target host="search-log-1.tapatalk.com" />
+	<target host="search2.tapatalk.com" />
+	<target host="siteowners.tapatalk.com" />
+	<target host="siteowners-dev.tapatalk.com" />
+	<target host="siteowners-stage.tapatalk.com" />
+	<target host="sso.tapatalk.com" />
+	<target host="stage.tapatalk.com" />
+	<target host="stage1.tapatalk.com" />
+	<target host="support.tapatalk.com" />
+	<target host="support2.tapatalk.com" />
+	<target host="track.tapatalk.com" />
+	<target host="upload.tapatalk.com" />
+	<target host="vb5demo.tapatalk.com" />
+	<target host="verify.tapatalk.com" />
+	<target host="vww.tapatalk.com" />
+	<target host="web.tapatalk.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Tapatalk.xml b/src/chrome/content/rules/Tapatalk.xml
deleted file mode 100644
index 7bf168fcd2a6..000000000000
--- a/src/chrome/content/rules/Tapatalk.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- img		(cert: tapatalk.com, self-signed; shows Mantis login page)
-		- support
-
--->
-<ruleset name="Tapatalk" default_off="self-signed">
-
-	<!--	Cert: ip-10-245-190-224	-->
-	<target host="tapatalk.com" />
-	<target host="www.tapatalk.com" />
-
-
-	<securecookie host="^tapatalk\.com$" name=".*" />
-
-
-	<rule from="^https?://(?:www\.)?tapatalk\.com/"
-		to="https://tapatalk.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Tape.tv.xml b/src/chrome/content/rules/Tape.tv.xml
new file mode 100644
index 000000000000..637a50a3255d
--- /dev/null
+++ b/src/chrome/content/rules/Tape.tv.xml
@@ -0,0 +1,27 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://blog.tape.tv/ => https://blog.tape.tv/: (6, 'Could not resolve host: blog.tape.tv')
+Fetch error: http://connect.tape.tv/ => https://connect.tape.tv/: (6, 'Could not resolve host: connect.tape.tv')
+Fetch error: http://metrics.tape.tv/ => https://metrics.tape.tv/: (6, 'Could not resolve host: metrics.tape.tv')
+Fetch error: http://streaming-url.tape.tv/ => https://streaming-url.tape.tv/: (6, 'Could not resolve host: streaming-url.tape.tv')
+Fetch error: http://web202.tape.tv/ => https://web202.tape.tv/: (6, 'Could not resolve host: web202.tape.tv')
+Fetch error: http://tapetv-slowjam.de/ => https://tapetv-slowjam.de/: (6, 'Could not resolve host: tapetv-slowjam.de')
+
+-->
+<ruleset name="Tape.tv" default_off="failed ruleset test">
+
+	<target host="blog.tape.tv"/>
+	<target host="connect.tape.tv"/>
+	<target host="metrics.tape.tv"/>
+	<target host="streaming-url.tape.tv"/>
+	<target host="web202.tape.tv"/>
+	<target host="www.tape.tv"/>
+	<target host="tapetv-slowjam.de"/>
+
+	<securecookie host="^\.tape\.tv$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Tapgage.xml b/src/chrome/content/rules/Tapgage.xml
index e8d26204a333..a16812f02e71 100644
--- a/src/chrome/content/rules/Tapgage.xml
+++ b/src/chrome/content/rules/Tapgage.xml
@@ -1,8 +1,16 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://tapgage.net/ => https://tapgage.net/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.tapgage.net/ => https://www.tapgage.net/: (28, 'Connection timed out after 20001 milliseconds')
+
+Automatically by https-everywhere-checker because:
+Fetch error: http://tapgage.net/ => https://tapgage.net/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.tapgage.net/ => https://www.tapgage.net/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 	!www: self-signed
 
 -->
-<ruleset name="Tapgage">
+<ruleset name="Tapgage" default_off="failed ruleset test">
 
 	<target host="tapgage.net" />
 	<target host="www.tapgage.net" />
@@ -11,7 +19,6 @@
 	<securecookie host="^www\.tapgage\.net$" name=".+" />
 
 
-	<rule from="^http://(www\.)?tapgage\.net/"
-		to="https://$1tapgage.net/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Tapiture.com.xml b/src/chrome/content/rules/Tapiture.com.xml
new file mode 100644
index 000000000000..7b4608501d48
--- /dev/null
+++ b/src/chrome/content/rules/Tapiture.com.xml
@@ -0,0 +1,50 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://tapiture.com/ => https://tapiture.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.tapiture.com/ => https://www.tapiture.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+	CDN buckets:
+
+		- sl-tapiture.edgesuite.net
+
+			- a978.g.akamai.net
+			- assets.tapcdn.com
+
+		- s3-live.tapiture.com.edgesuite.net
+
+			 s3-live.tapcdn.com
+
+		- tapiture.myshopify.com
+
+			- shop.tapiture.com
+
+
+	Nonfunctional domains:
+
+		- shop.tapiture.com	(redirects back from ...myshopify.com)
+
+
+	Problematic domains:
+
+		- assets.tapcdn.com	(works, akamai)
+		- s3-live.tapcdn.com	(503, akamai)
+
+
+	Mixed content:
+
+		- Image from s3-live.tapcdn.com
+
+-->
+<ruleset name="Tapiture.com (partial)" default_off="failed ruleset test">
+
+	<target host="tapiture.com" />
+	<target host="www.tapiture.com" />
+
+
+	<securecookie host="^\.tapiture\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Tar-jx.bz.xml b/src/chrome/content/rules/Tar-jx.bz.xml
new file mode 100644
index 000000000000..6d434a51d4e3
--- /dev/null
+++ b/src/chrome/content/rules/Tar-jx.bz.xml
@@ -0,0 +1,12 @@
+<ruleset name="tar-jx.bz">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="tar-jx.bz" />
+	<target host="www.tar-jx.bz" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Taranis.news.xml b/src/chrome/content/rules/Taranis.news.xml
new file mode 100644
index 000000000000..60c8d5b85f17
--- /dev/null
+++ b/src/chrome/content/rules/Taranis.news.xml
@@ -0,0 +1,8 @@
+<ruleset name="Taranis.news">
+
+	<target host="taranis.news" />
+	<target host="www.taranis.news" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Tarasic.com.tw.xml b/src/chrome/content/rules/Tarasic.com.tw.xml
index 548f2b8cfd9c..029e5a3f3bb9 100644
--- a/src/chrome/content/rules/Tarasic.com.tw.xml
+++ b/src/chrome/content/rules/Tarasic.com.tw.xml
@@ -30,4 +30,4 @@
 	<rule from="^http://(?:www\.)?terasic\.com\.tw/"
 		to="https://www.terasic.com.tw/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Target.com.au.xml b/src/chrome/content/rules/Target.com.au.xml
new file mode 100644
index 000000000000..014283e18c50
--- /dev/null
+++ b/src/chrome/content/rules/Target.com.au.xml
@@ -0,0 +1,75 @@
+<!--
+	For other Coles coverage, see Coles.com.au.xml
+
+
+	Non-functional subdomains:
+		- access	(t)
+		- as4g	(SSL connection error)
+		- b2b	(SSL connection error)
+		- b2b-test	(r)
+		- careers	(m)
+		- catalogues	(m)
+		- www.catalogues	(m)
+		- connect	(i)
+		- email	(s)
+		- ess	(t)
+		- essuat	(i)
+		- fe-qat	(t)
+		- fe-stg	(i)
+		- fe-uat	(t)
+		- ftd	(t)
+		- guest	(t)
+		- internalcareers	(m)
+		- legacy	(t)
+		- mail	(m)
+		- mail1	(t)
+		- mixandmatch	(t)
+		- mybenefits	(r)
+		- onlineshopping	(m)
+		- orig-shop	(t)
+		- portal	(m)
+		- preprod-www	(t)
+		- qa	(t)
+		- rah	(i)
+		- socialmedia	(t)
+		- subscriptions	(r)
+		- supplier	(SSL connection error)
+		- supplierawards	(r)
+		- targart	(t)
+		- testcatalogue		(m)
+		- traps		(t)
+		- twptrmdmzweb1vth	(t)
+		- twptrmdmzweb2vto	(t)
+		- webmeeting	(i)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Target Australia">
+
+	<target host="target.com.au" />
+	<target host="www.target.com.au" />
+	<target host="app.target.com.au" />
+	<target host="staging.app.target.com.au" />
+	<target host="as3g.target.com.au" />
+	<target host="autodiscover.target.com.au" />
+	<target host="hampers.target.com.au" />
+	<target host="hybrid.target.com.au" />
+	<target host="jabber.target.com.au" />
+	<target host="jbgexpe1.target.com.au" />
+	<target host="jbgexpe2.target.com.au" />
+	<target host="mdm.target.com.au" />
+	<target host="preprod-app.target.com.au" />
+	<target host="shop.target.com.au" />
+	<target host="staging.target.com.au" />
+	<target host="transfers.target.com.au" />
+	<target host="webmail.target.com.au" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Target.xml b/src/chrome/content/rules/Target.xml
index 202be3704591..1db270ef6078 100644
--- a/src/chrome/content/rules/Target.xml
+++ b/src/chrome/content/rules/Target.xml
@@ -1,11 +1,18 @@
 <!--
 	CDN buckets:
 
+
 		- /D/16382/173656/000/
+
+		- phx.corporate-ir.net
+
+			- investors
+
 		- www.target.com.edgesuite.net
 		- weeklyad.target.com.edgesuite.net
 		- m.weeklyad.target.com.edgesuite.net
 		- img1.targetimg1.com.edgesuite.net
+		- pressroom.target.com.ipressroom.com
 
 
 	Nonfunctional target.com subdomains:
@@ -23,6 +30,7 @@
 			- dailydeals *
 			- m *
 			- m-beta-secure	(mismatched)
+			- pressroom	(works; mismatched, CN: cms.iprsoftware.com)
 			- m.weeklyad *
 
 		- img1.targetimg1.com		(works, akamai)
@@ -103,6 +111,26 @@
 			- img\d-ssa-secure-perf
 			- img\d-ssa-secure-stg
 
+
+	Mixed content:
+
+		- iframe on investors from corporate *
+
+		- css, on:
+
+			- investors from corporate *
+			- investors from phx.corporate-ir.net *
+
+		- Images, on:
+
+			- investors from media.corporate-ir.net *
+			- investors from charts.edgar-online.com *
+			- pressroom from cms.ipressroom.com.s3.amazonaws.com *
+
+		- favicon in investors from www *
+
+	* Secured by us
+
 -->
 <ruleset name="Target (partial) ">
 
@@ -113,6 +141,11 @@
 	<target host="*.targetimg3.com" />
 
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="\.target\.com$" name="^(TealeafAkaSid|TealeafAkaUID)$" /-->
+	<!--securecookie host="^pressroom\.target\.com$" name="^ipr_i$" /-->
+
 	<securecookie host="^\.m-secure\.target\.com$" name=".+" />
 	<!--
 		No partially covered domains
@@ -123,23 +156,12 @@
 	<securecookie host="^.+\.target\.com$" name=".+" />
 
 
-	<!--	This generates links that point to akamai :(
-
-	<rule from="^http://(?:www\.)?target\.com/AjaxGlobalNavView($|\?|/)"
-		to="https://a248.e.akamai.net/D/16382/173656/000/www.target.com/AjaxGlobalNavView$1" /-->
-
-	<rule from="^http://(?:www\.)?target\.com/favicon\.ico"
-		to="https://a248.e.akamai.net/D/16382/173656/000/www.target.com/favicon.ico" />
-
 	<rule from="^http://([\w-]+-secure(?:-perf|-stg)?|(?:images-)?babycatalog|(?:baby|m\.baby|home|patio|toys|wedding)\.catalogs|college|corporate(?:-admin)?|health|microsites|mrcam|secureconnect|sites|tgtfiles)\.target\.com/"
 		to="https://$1.target.com/" />
 
 	<rule from="^http://m\.target\.com/"
 		to="https://m-secure.target.com/" />
 
-	<rule from="^http://m\.weeklyad\.target\.com/(asset|image)s/"
-		to="https://a248.e.akamai.net/D/16382/173656/000/m.weeklyad.target.com/$1s/" />
-
 	<rule from="^http://([\w-]+)-secure(-perf|-stg)?\.targetimg(\d)\.com/"
 		to="https://$1-secure$2.targetimg$3.com/" />
 
diff --git a/src/chrome/content/rules/Target_Performance.xml b/src/chrome/content/rules/Target_Performance.xml
new file mode 100644
index 000000000000..4b1ff59712b0
--- /dev/null
+++ b/src/chrome/content/rules/Target_Performance.xml
@@ -0,0 +1,15 @@
+
+<!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Fetch error: http://n2.ad.ad-srv.net/ => https://n2.ad.ad-srv.net/: (6, 'Could not resolve host: n2.ad.ad-srv.net')
+Fetch error: http://n34.ad.ad-srv.net/ => https://n34.ad.ad-srv.net/: (6, 'Could not resolve host: n34.ad.ad-srv.net')
+
+-->
+<ruleset name="Targeting Performance">
+<target host="ad.ad-srv.net" />
+<!-- target host="n2.ad.ad-srv.net" /-->
+<!-- target host="n34.ad.ad-srv.net" /-->
+
+<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Targeted_Threats.net.xml b/src/chrome/content/rules/Targeted_Threats.net.xml
new file mode 100644
index 000000000000..4c740baa00fa
--- /dev/null
+++ b/src/chrome/content/rules/Targeted_Threats.net.xml
@@ -0,0 +1,19 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://targetedthreats.net/ => https://targetedthreats.net/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.targetedthreats.net/ => https://www.targetedthreats.net/: (28, 'Connection timed out after 20000 milliseconds')
+
+-->
+<ruleset name="Targeted Threats.net" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="targetedthreats.net" />
+	<target host="www.targetedthreats.net" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Taringa.xml b/src/chrome/content/rules/Taringa.xml
index 6177275a72e1..42e4bf1d4974 100644
--- a/src/chrome/content/rules/Taringa.xml
+++ b/src/chrome/content/rules/Taringa.xml
@@ -1,37 +1,10 @@
-<!--
-	CDN buckets:
-
-		- d3lid0uad1kwsj.cloudfront.net
-		- d3mapax0c3izpi.cloudfront.net
-
-
-	Nonfunctional domains:
-
-		- k30.kn3.net
-		- a03.t26.net
-		- a08.t26.net
-		- a19.t26.net
-
-
-	Problematic domains:
-
-		- o1.r26.net	(cert only matches l)
-		- i.t.net.ar	(mismatched, CN: l.r26.net)
-		- taringa.net	(cert only matches www)
-
--->
-<ruleset name="Taringa (partial)">
-
-	<target host="*.r26.net" />
-	<target host="i.t.net.ar" />
-	<target host="taringa.net" />
-	<target host="www.taringa.net" />
-
-
-	<rule from="^http://(?:(?:l|o1)\.r26\.net|i\.t\.net\.ar)/"
-		to="https://l.r26.net/" />
-
-	<rule from="^https?://(?:www\.)?taringa.net/(login|recuperar-(?:clave|nick)|registro(?:-reenviar)?)($|\?|/)"
-		to="https://www.taringa.net/$1$2" />
-
-</ruleset>
\ No newline at end of file
+<ruleset name="Taringa">
+	<target host="taringa.net"/>
+	<target host="www.taringa.net"/>
+	<target host="api.taringa.net"/>
+	<target host="d.taringa.net"/>
+	<target host="kn3.taringa.net"/>
+	<target host="m.taringa.net"/>
+
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/Tariq_Ramadan.com.xml b/src/chrome/content/rules/Tariq_Ramadan.com.xml
new file mode 100644
index 000000000000..70ca5543f031
--- /dev/null
+++ b/src/chrome/content/rules/Tariq_Ramadan.com.xml
@@ -0,0 +1,12 @@
+<!--
+	Invalid Certificate:
+		beta.tariqramadan.com
+	Error 502:
+		iife.tariqramadan.com
+-->
+<ruleset name="Tariq Ramadan.com">
+	<target host="tariqramadan.com" />
+	<target host="www.tariqramadan.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Tarlogic.com.xml b/src/chrome/content/rules/Tarlogic.com.xml
new file mode 100644
index 000000000000..9d8f4fbe0914
--- /dev/null
+++ b/src/chrome/content/rules/Tarlogic.com.xml
@@ -0,0 +1,25 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://tarlogic.com/ => https://tarlogic.com/: (51, "SSL: no alternative certificate subject name matches target host name 'tarlogic.com'")
+
+
+	Mixed content:
+
+		- Image from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Tarlogic.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="tarlogic.com" />
+	<target host="www.tarlogic.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Tarsnap.xml b/src/chrome/content/rules/Tarsnap.xml
index a0c7f70a68ba..e6fb98fbe97c 100644
--- a/src/chrome/content/rules/Tarsnap.xml
+++ b/src/chrome/content/rules/Tarsnap.xml
@@ -3,7 +3,6 @@
   <target host="tarsnap.com" />
   <target host="www.tarsnap.com" />
 
-  <rule from="^http://(www\.)?tarsnap\.com/"
-          to="https://www.tarsnap.com/"/>
+  <rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Tartarus.org.xml b/src/chrome/content/rules/Tartarus.org.xml
new file mode 100644
index 000000000000..a9c2a025a7fb
--- /dev/null
+++ b/src/chrome/content/rules/Tartarus.org.xml
@@ -0,0 +1,15 @@
+<!--
+	Expired:
+		- munin.tartarus.org
+
+	Mismatch:
+		- snowball.tartarus.org
+		- zap.tartarus.org
+
+-->
+<ruleset name="Tartarus.org">
+	<target host="tartarus.org" />
+	<target host="lists.tartarus.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Taschenorakel.de.xml b/src/chrome/content/rules/Taschenorakel.de.xml
deleted file mode 100644
index 8923512ef241..000000000000
--- a/src/chrome/content/rules/Taschenorakel.de.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="Taschenorakel.de" default_off="expired" platform="cacert">
-
-	<target host="taschenorakel.de" />
-	<target host="www.taschenorakel.de" />
-
-
-	<rule from="^https?://(?:www\.)?taschenorakel\.de/"
-		to="https://taschenorakel.de/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/TaskCluster.net.xml b/src/chrome/content/rules/TaskCluster.net.xml
new file mode 100644
index 000000000000..623f22a165a1
--- /dev/null
+++ b/src/chrome/content/rules/TaskCluster.net.xml
@@ -0,0 +1,30 @@
+<!--
+	For other Mozilla coverage, see Mozilla.xml.
+
+
+	Nonfunctional hosts in *taskcluster.net:
+
+		- docs *
+
+	* 500
+
+
+	Fully covered hosts in *taskcluster.net:
+
+		- tools
+
+
+	(www.)?taskcluster.net doesn't exist.
+
+-->
+<ruleset name="TaskCluster.net (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="tools.taskcluster.net" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TaskRabbit.com.xml b/src/chrome/content/rules/TaskRabbit.com.xml
new file mode 100644
index 000000000000..427a680472d5
--- /dev/null
+++ b/src/chrome/content/rules/TaskRabbit.com.xml
@@ -0,0 +1,33 @@
+<!--
+	Non-functional subdomains:
+		- api2		(t)
+		- assets	(m)
+		- refer		(e)
+		- sendgrid-tracking	(m)
+		- status	(m)
+		- store		(m)
+		- tech		(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="TaskRabbit.com">
+
+	<target host="taskrabbit.com" />
+	<target host="www.taskrabbit.com" />
+	<target host="api.taskrabbit.com" />
+	<target host="blog.taskrabbit.com" />
+	<target host="realtime.taskrabbit.com" />
+	<target host="sailthru-links.taskrabbit.com" />
+	<target host="support.taskrabbit.com" />
+
+	<securecookie host="^www\.taskrabbit\.com$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Taskforce.is.xml b/src/chrome/content/rules/Taskforce.is.xml
new file mode 100644
index 000000000000..35ebf66dee56
--- /dev/null
+++ b/src/chrome/content/rules/Taskforce.is.xml
@@ -0,0 +1,23 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .taskforce.is
+
+-->
+<ruleset name="Taskforce.is">
+
+	<target host="taskforce.is" />
+	<target host="www.taskforce.is" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.taskforce\.is$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.taskforce\.is$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Taskwarrior.xml b/src/chrome/content/rules/Taskwarrior.xml
new file mode 100644
index 000000000000..ac2827356ef7
--- /dev/null
+++ b/src/chrome/content/rules/Taskwarrior.xml
@@ -0,0 +1,11 @@
+<ruleset name="Taskwarrior (partial)">
+
+	<target host="taskwarrior.org" />
+
+	<target host="bug.tasktools.org" />
+	<target host="git.tasktools.org" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Taste-of-the-North-End.xml b/src/chrome/content/rules/Taste-of-the-North-End.xml
deleted file mode 100644
index ba1136cd74ec..000000000000
--- a/src/chrome/content/rules/Taste-of-the-North-End.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="Taste of the North End" default_off="mismatch">
-
-	<!--	cert: *.gridserver.com	-->
-	<target host="tasteofthenorthend.org"/>
-	<target host="www.tasteofthenorthend.org"/>
-
-	<rule from="^http://(?:www\.)?tasteofthenorthend\.org/"
-		to="https://tasteofthenorthend.org/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/TasteKid.com.xml b/src/chrome/content/rules/TasteKid.com.xml
new file mode 100644
index 000000000000..4c265616a29b
--- /dev/null
+++ b/src/chrome/content/rules/TasteKid.com.xml
@@ -0,0 +1,40 @@
+<!--
+	Insecure cookies are set for these domains and hosts:
+
+		- .tastekid.com
+		- www.tastekid.com
+		- .www.tastekid.com
+
+
+	Mixed content:
+
+		- Images, from:
+
+			- graph.facebook.com *
+			- $self *
+			- upload.wikimedia.org *
+
+	* Secured by us
+
+-->
+<ruleset name="TasteKid.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="tastekid.com" />
+	<target host="www.tastekid.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.tastekid\.com$" name="^(__cfduid|cf_clearance)$" /-->
+	<!--securecookie host="^www\.tastekid\.com$" name="^tk_mpv$" /-->
+	<!--securecookie host="^\.www\.tastekid\.com$" name="^tk_s$" /-->
+
+	<securecookie host="^(?:\.?www)?\.tastekid\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TataSky.xml b/src/chrome/content/rules/TataSky.xml
index 80e2dbbbc825..78be3df29ecf 100644
--- a/src/chrome/content/rules/TataSky.xml
+++ b/src/chrome/content/rules/TataSky.xml
@@ -1,5 +1,5 @@
 <ruleset name="TataSky">
   <target host="www.mytatasky.com" />
 
-  <rule from="^http://www\.mytatasky\.com/" to="https://www.mytatasky.com/"/>
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Tate_Publishing.com.xml b/src/chrome/content/rules/Tate_Publishing.com.xml
deleted file mode 100644
index cec41836e8f2..000000000000
--- a/src/chrome/content/rules/Tate_Publishing.com.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Tate Publishing.com">
-
-	<target host="tatepublishing.com" />
-	<target host="www.tatepublishing.com" />
-
-
-	<securecookie host="^(?:www\.)?tatepublishing\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?tatepublishing\.com/"
-		to="https://$1tatepublishing.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Tatrabanka.sk.xml b/src/chrome/content/rules/Tatrabanka.sk.xml
new file mode 100644
index 000000000000..825a14e82d24
--- /dev/null
+++ b/src/chrome/content/rules/Tatrabanka.sk.xml
@@ -0,0 +1,23 @@
+<!--
+	Invalid certificate:
+		priip.tatrabanka.sk
+-->
+<ruleset name="Tatrabanka.sk">
+	<target host="tatrabanka.sk" />
+	<target host="www.tatrabanka.sk" />
+	<target host="3dsecure.tatrabanka.sk" />
+	<target host="business.tatrabanka.sk" />
+	<target host="byod.tatrabanka.sk" />
+	<target host="developer.tatrabanka.sk" />
+	<target host="dialog.tatrabanka.sk" />
+	<target host="kariera.tatrabanka.sk" />
+	<target host="kontakt.tatrabanka.sk" />
+	<target host="lms.tatrabanka.sk" />
+	<target host="mkt-cdn.tatrabanka.sk" />
+	<target host="moja.tatrabanka.sk" />
+	<target host="nuance.tatrabanka.sk" />
+	<target host="secure.tatrabanka.sk" />
+	<target host="vportal.tatrabanka.sk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Tatsotsbank.ru.xml b/src/chrome/content/rules/Tatsotsbank.ru.xml
new file mode 100644
index 000000000000..ceb6bc51755b
--- /dev/null
+++ b/src/chrome/content/rules/Tatsotsbank.ru.xml
@@ -0,0 +1,21 @@
+<!--
+www.ibank.tatsotsbank.ru ¹
+mail.tatsotsbank.ru ²
+old.tatsotsbank.ru ⁴
+promo.tatsotsbank.ru ¹
+www.telebank.tatsotsbank.ru ¹
+
+
+¹ mismatch
+² refused
+⁴ self signed
+-->
+<ruleset name="tatsotsbank.ru">
+	<target host="tatsotsbank.ru" />
+	<target host="www.tatsotsbank.ru" />
+	<target host="ibank.tatsotsbank.ru" />
+	<target host="online.tatsotsbank.ru" />
+	<target host="telebank.tatsotsbank.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TauCeti.org.au.xml b/src/chrome/content/rules/TauCeti.org.au.xml
index 363aa5eebde6..3987d0e82390 100644
--- a/src/chrome/content/rules/TauCeti.org.au.xml
+++ b/src/chrome/content/rules/TauCeti.org.au.xml
@@ -7,7 +7,6 @@
 	<target host="www.tauceti.org.au" />
 
 
-	<rule from="^http://www\.tauceti\.org\.au/"
-		to="https://www.tauceti.org.au/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Tau_Day.com.xml b/src/chrome/content/rules/Tau_Day.com.xml
new file mode 100644
index 000000000000..6224cfaa0ee2
--- /dev/null
+++ b/src/chrome/content/rules/Tau_Day.com.xml
@@ -0,0 +1,24 @@
+<!--
+	CN: *.heroku.com
+
+
+	Mixed content:
+
+		- Video from player.vimeo.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Tau Day.com" default_off="mismatched">
+
+	<target host="tauday.com" />
+	<target host="www.tauday.com" />
+
+
+	<securecookie host="^tauday\.com$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?tauday\.com/"
+		to="https://www.tauday.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Taunton_Deane.gov.uk.xml b/src/chrome/content/rules/Taunton_Deane.gov.uk.xml
new file mode 100644
index 000000000000..6b5c97bc4cbb
--- /dev/null
+++ b/src/chrome/content/rules/Taunton_Deane.gov.uk.xml
@@ -0,0 +1,26 @@
+<!--
+	Taunton Deane Borough Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+	Non-functional hosts
+		Timeout was reached:
+		- mail.tauntondeane.gov.uk
+		- webgate.tauntondeane.gov.uk
+
+		SSL peer certificate was not OK:
+		- consultldf.tauntondeane.gov.uk
+
+		4xx client error:
+		- autodiscover.tauntondeane.gov.uk
+		- www2.tauntondeane.gov.uk
+-->
+<ruleset name="Taunton Deane.gov.uk">
+	<target host="www.tauntondeane.gov.uk" />
+	<target host="eventspaces.tauntondeane.gov.uk" />
+	<target host="extranet.tauntondeane.gov.uk" />
+	<target host="owa.tauntondeane.gov.uk" />
+	<target host="www1.tauntondeane.gov.uk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TawkTo.xml b/src/chrome/content/rules/TawkTo.xml
new file mode 100644
index 000000000000..1b2e8b8d9253
--- /dev/null
+++ b/src/chrome/content/rules/TawkTo.xml
@@ -0,0 +1,12 @@
+<ruleset name="tawk.to">
+
+	<target host="tawk.to" />
+	<target host="www.tawk.to" />
+	<target host="dashboard.tawk.to" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TaxAct.xml b/src/chrome/content/rules/TaxAct.xml
new file mode 100644
index 000000000000..13323a76adaa
--- /dev/null
+++ b/src/chrome/content/rules/TaxAct.xml
@@ -0,0 +1,36 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www1.taxact.com/ => https://www1.taxact.com/: (6, 'Could not resolve host: www1.taxact.com')
+Fetch error: http://www2.taxact.com/ => https://www2.taxact.com/: (6, 'Could not resolve host: www2.taxact.com')
+Fetch error: http://www1.taxactonline.com/ => https://www1.taxactonline.com/: (6, 'Could not resolve host: www1.taxactonline.com')
+Fetch error: http://www2.taxactonline.com/ => https://www2.taxactonline.com/: (6, 'Could not resolve host: www2.taxactonline.com')
+
+	Non-functional subdomain:
+		- taxact.com
+			- bizadvance	(¹, CN: *.wpengine.com, wpengine.com)
+			- blog		(¹, CN: *.wpengine.com, wpengine.com)
+			- danica	(¹, CN: www.racetoyourrefund.com)
+			- ef		(¹, CN: www.taxact.com)
+			- m		(revoked cert)
+			- proadvance	(¹, CN: *.wpengine.com, wpengine.com)
+
+		¹ hostname mismatch
+-->
+<ruleset name="TaxAct (partial)" default_off="failed ruleset test">
+	<target host="taxact.com" />
+	<target host="cdn.taxact.com" />
+	<target host="www.taxact.com" />
+	<target host="www1.taxact.com" />
+	<target host="www2.taxact.com" />
+	<target host="taxactonline.com" />
+	<target host="cdn.taxactonline.com" />
+	<target host="www.taxactonline.com" />
+	<target host="www1.taxactonline.com" />
+	<target host="www2.taxactonline.com" />
+
+	<securecookie host=".*\.taxact(online)?\.com$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TaxChopper.ca.xml b/src/chrome/content/rules/TaxChopper.ca.xml
new file mode 100644
index 000000000000..180ac4d4d66b
--- /dev/null
+++ b/src/chrome/content/rules/TaxChopper.ca.xml
@@ -0,0 +1,12 @@
+<!--
+	Timeout:
+		- mail.taxchopper.ca
+		- ns1.taxchopper.ca
+		- ns2.taxchopper.ca
+-->
+<ruleset name="TaxChopper.ca">
+	<target host="taxchopper.ca" />
+	<target host="www.taxchopper.ca" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TaxPayers_Alliance.xml b/src/chrome/content/rules/TaxPayers_Alliance.xml
index 69f39b280c75..0745ca0bebd0 100644
--- a/src/chrome/content/rules/TaxPayers_Alliance.xml
+++ b/src/chrome/content/rules/TaxPayers_Alliance.xml
@@ -1,13 +1,23 @@
-<ruleset name="TaxPayers' Alliance">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://taxpayersalliance.com/ => https://www.taxpayersalliance.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.taxpayersalliance.com'")
+
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://taxpayersalliance.com/ (200) => https://www.taxpayersalliance.com/ (526)
+	^: Expired 2013-05-13
+
+-->
+<ruleset name="TaxPayers' Alliance" default_off="failed ruleset test">
 
 	<target host="taxpayersalliance.com" />
-	<target host="*.taxpayersalliance.com" />
+	<target host="www.taxpayersalliance.com" />
 
 
 	<securecookie host="(?:www)?\.taxpayersalliance\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?taxpayersalliance\.com/"
-		to="https://$1taxpayersalliance.com/" />
+	<rule from="^http://(?:www\.)?taxpayersalliance\.com/"
+		to="https://www.taxpayersalliance.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Taxify.eu.xml b/src/chrome/content/rules/Taxify.eu.xml
new file mode 100644
index 000000000000..eb562a8bed75
--- /dev/null
+++ b/src/chrome/content/rules/Taxify.eu.xml
@@ -0,0 +1,23 @@
+<ruleset name="Taxify">
+
+	<target host="taxify.eu" />
+	<target host="www.taxify.eu" />
+	<target host="blog.taxify.eu" />
+	<target host="business.taxify.eu" />
+	<target host="button.taxify.eu" />
+	<target host="dispatcher.taxify.eu" />
+	<target host="drivers.taxify.eu" />
+	<target host="fleets.taxify.eu" />
+	<target host="help.taxify.eu" />
+	<target host="invoice.taxify.eu" />
+	<target host="m.taxify.eu" />
+	<target host="partners.taxify.eu" />
+	<target host="s2.taxify.eu" />
+	<target host="summersummit2018.taxify.eu" />
+	<target host="support.taxify.eu" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Tb.cn.xml b/src/chrome/content/rules/Tb.cn.xml
new file mode 100644
index 000000000000..9ecf66b81bf1
--- /dev/null
+++ b/src/chrome/content/rules/Tb.cn.xml
@@ -0,0 +1,12 @@
+<!--
+	For other Alibaba Group coverage, see Alibaba.xml.
+-->
+<ruleset name="Tb.cn">
+
+	<target host="tb.cn" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TbCDN.cn.xml b/src/chrome/content/rules/TbCDN.cn.xml
new file mode 100644
index 000000000000..a4777f78725f
--- /dev/null
+++ b/src/chrome/content/rules/TbCDN.cn.xml
@@ -0,0 +1,38 @@
+<!--
+	For other Taobao coverage, see Taobao.com.xml.
+
+	CDN buckets:
+		- g.tbcdn.cn.danuoyi.tbcache.com
+		- www.gslb.taobao.com.danuoyi.tbcache.com
+			- a.tbcdn.cn
+
+	Problematic subdomains:
+		- a ¹
+		- g ²
+		- img3 ¹
+	¹ Mismatched, CN: *.alicdn.com
+	² akamai
+-->
+<ruleset name="TbCDN.cn">
+	<!--	Direct rewrites:
+				-->
+	<target host="s.tbcdn.cn" />
+
+	<!--	Complications:
+				-->
+	<target host="a.tbcdn.cn" />
+	<target host="g.tbcdn.cn" />
+	<target host="img3.tbcdn.cn" />
+
+	<rule from="^http://a\.tbcdn\.cn/"
+		to="https://s.tbcdn.cn/" />
+
+	<rule from="^http://g\.tbcdn\.cn/"
+		to="https://g.alicdn.com/" />
+		<test url="http://g.tbcdn.cn/ilw/crazy/1.1.3/images/bg_flat.png" />
+
+	<rule from="^http://img3\.tbcdn\.cn/"
+		to="https://img.alicdn.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Tbib.org.xml b/src/chrome/content/rules/Tbib.org.xml
new file mode 100644
index 000000000000..c524b8a6a90b
--- /dev/null
+++ b/src/chrome/content/rules/Tbib.org.xml
@@ -0,0 +1,6 @@
+<ruleset name="Tbib.org">
+  <target host="tbib.org" />
+  <target host="www.tbib.org" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TblSft.com.xml b/src/chrome/content/rules/TblSft.com.xml
new file mode 100644
index 000000000000..2099420b92c8
--- /dev/null
+++ b/src/chrome/content/rules/TblSft.com.xml
@@ -0,0 +1,14 @@
+<!--
+	For other Tableau Software coverage, see Tableau.com.xml.
+
+-->
+<ruleset name="TblSft.com">
+
+	<target host="cdnl.tblsft.com" />
+	<target host="cdns.tblsft.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Tchibo.xml b/src/chrome/content/rules/Tchibo.xml
index 37acae51a8c9..92288bed6d3a 100644
--- a/src/chrome/content/rules/Tchibo.xml
+++ b/src/chrome/content/rules/Tchibo.xml
@@ -1,19 +1,73 @@
-<ruleset name="Tchibo.de" platform="mixedcontent">
-  <target host="tchibo.de"/>
-  <target host="*.tchibo.de"/>
-  <target host="*.tchibo-content.de"/>
 
-  <securecookie host="^(.*\.)?tchibo\.de$" name=".*" />
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://blumen.tchibo.de/ => https://blumen.tchibo.de/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://images.tchibo.de/ => https://images.tchibo.de/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://meinprivatkaffee.tchibo.de/ => https://meinprivatkaffee.tchibo.de/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://strom.tchibo.de/ => https://strom.tchibo.de/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://tchibo-ideas.de/ => https://www.tchibo-ideas.de/: (28, 'Connection timed out after 20003 milliseconds')
+Fetch error: http://www.tchibo-ideas.de/ => https://www.tchibo-ideas.de/: (28, 'Connection timed out after 20001 milliseconds')
 
-  <rule from="^http://(?:www\.)?tchibo\.de/" to="https://www.tchibo.de/"/>
-  <rule from="^http://tchibo\.de/" to="https://www.tchibo.de/"/>
-  <rule from="^http://media1\.tchibo-content\.de/" to="https://media1.tchibo-content.de/"/>
-  <rule from="^http://media2\.tchibo-content\.de/" to="https://media2.tchibo-content.de/"/>
-  <rule from="^http://media3\.tchibo-content\.de/" to="https://media3.tchibo-content.de/"/>
-  <rule from="^http://media4\.tchibo-content\.de/" to="https://media4.tchibo-content.de/"/>
-  <rule from="^http://media5\.tchibo-content\.de/" to="https://media5.tchibo-content.de/"/>
-  <rule from="^http://media6\.tchibo-content\.de/" to="https://media6.tchibo-content.de/"/>
-  <rule from="^http://media7\.tchibo-content\.de/" to="https://media7.tchibo-content.de/"/>
-  <rule from="^http://media8\.tchibo-content\.de/" to="https://media8.tchibo-content.de/"/>
-  <rule from="^http://media9\.tchibo-content\.de/" to="https://media9.tchibo-content.de/"/>
+Problematic domains:
+	- uzletek.tchibo.hu
+	- hirlevel.tchibo.hu
+	- radoscodkrywania.tchibo.pl
+	- *tchibo.com
+-->
+<ruleset name="Tchibo" default_off="failed ruleset test">
+	<target host="tchibo.de"/>
+	<target host="www.tchibo.de"/>
+	<target host="blumen.tchibo.de"/>
+	<target host="fbapp12.tchibo.de"/>
+	<target host="images.tchibo.de"/>
+	<target host="lieblingskaffees.tchibo.de"/>
+	<target host="magazin.tchibo.de"/>
+	<target host="meinprivatkaffee.tchibo.de"/>
+	<target host="mobilfunk.tchibo.de"/>
+	<target host="reisen.tchibo.de"/>
+	<target host="strom.tchibo.de"/>
+	<target host="tchibo.ch"/>
+	<target host="www.tchibo.ch"/>
+	<target host="reisen.tchibo.ch"/>
+	<target host="fr.tchibo.ch"/>
+	<target host="www.fr.tchibo.ch"/>
+	<target host="eduscho.at"/>
+	<target host="www.eduscho.at"/>
+	<target host="reisen.eduscho.at"/>
+	<target host="tchibo.sk"/>
+	<target host="www.tchibo.sk"/>
+	<target host="tchibo.com.tr"/>
+	<target host="www.tchibo.com.tr"/>
+	<target host="tchibo.pl"/>
+	<target host="www.tchibo.pl"/>
+	<target host="tchibo.cz"/>
+	<target host="www.tchibo.cz"/>
+	<target host="tchibo.hu"/>
+	<target host="www.tchibo.hu"/>
+	<target host="media.tchibo-content.de"/>
+	<target host="tchibo-ideas.de"/>
+	<target host="www.tchibo-ideas.de"/>
+
+	<rule from="^http://(?:www\.)?tchibo\.de/"
+		to="https://www.tchibo.de/"/>
+	<rule from="^http://(?:www\.)?tchibo\.ch/"
+		to="https://www.tchibo.ch/"/>
+	<rule from="^http://(?:www\.)?fr\.tchibo\.ch/"
+		to="https://www.fr.tchibo.ch/"/>
+	<rule from="^http://(?:www\.)?eduscho\.at/"
+		to="https://www.eduscho.at/"/>
+	<rule from="^http://(?:www\.)?tchibo\.sk/"
+		to="https://www.tchibo.sk/"/>
+	<rule from="^http://(?:www\.)?tchibo\.com\.tr/"
+		to="https://www.tchibo.com.tr/"/>
+	<rule from="^http://(?:www\.)?tchibo\.pl/"
+		to="https://www.tchibo.pl/"/>
+	<rule from="^http://(?:www\.)?tchibo\.cz/"
+		to="https://www.tchibo.cz/"/>
+	<rule from="^http://(?:www\.)?tchibo\.hu/"
+		to="https://www.tchibo.hu/"/>
+	<rule from="^http://(?:www\.)?tchibo-ideas\.de/"
+		to="https://www.tchibo-ideas.de/"/>
+	<rule from="^http:"
+		to="https:"/>
 </ruleset>
diff --git a/src/chrome/content/rules/Tcl.tk.xml b/src/chrome/content/rules/Tcl.tk.xml
new file mode 100644
index 000000000000..6ad264772b01
--- /dev/null
+++ b/src/chrome/content/rules/Tcl.tk.xml
@@ -0,0 +1,30 @@
+<!--
+	Invalid certificate:
+		eskil.tcl.tk
+		jim.tcl.tk
+		tdbc.tcl.tk
+		tkhtml.tcl.tk
+		wfr.tcl.tk
+
+	Refused:
+		tkchat.tcl.tk
+
+	Redirect to http:
+		core3.tcl.tk
+
+-->
+<ruleset name="Tcl.tk (partial)">
+
+	<target host="tcl.tk" />
+	<target host="www.tcl.tk" />
+	<target host="3dcanvas.tcl.tk" />
+	<target host="core.tcl.tk" />
+	<target host="mirror1.tcl.tk" />
+	<target host="nikit.tcl.tk" />
+	<target host="tip.tcl.tk" />
+	<target host="wiki.tcl.tk" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Tcpdump.org.xml b/src/chrome/content/rules/Tcpdump.org.xml
new file mode 100644
index 000000000000..1488137fdb38
--- /dev/null
+++ b/src/chrome/content/rules/Tcpdump.org.xml
@@ -0,0 +1,25 @@
+<!--
+	^ does not exist
+
+	Mismatched:
+		- bpf.tcpdump.org
+		- www.ca1.tcpdump.org
+		- www4.ca1.tcpdump.org
+		- www6.ca1.tcpdump.org
+		- lists.tcpdump.org
+		- master.tcpdump.org
+		- www6.us.tcpdump.org
+-->
+<ruleset name="Tcpdump.org">
+	<target host="www.tcpdump.org" />
+	<target host="www4.tcpdump.org" />
+	<target host="www6.tcpdump.org" />
+	<target host="www.ca.tcpdump.org" />
+	<target host="www4.ca.tcpdump.org" />
+	<target host="www6.ca.tcpdump.org" />
+	<target host="www.us.tcpdump.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Tdesktop.com.xml b/src/chrome/content/rules/Tdesktop.com.xml
new file mode 100644
index 000000000000..25b10c59108c
--- /dev/null
+++ b/src/chrome/content/rules/Tdesktop.com.xml
@@ -0,0 +1,24 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://update.tdesktop.com/ => https://update.tdesktop.com/: (51, "SSL: no alternative certificate subject name matches target host name 'update.tdesktop.com'")
+
+	For other Telegram coverage, see Telegram.me.xml.
+
+
+	These altnames don't exist:
+
+		- www.updates.tdesktop.com
+
+-->
+<ruleset name="Tdesktop.com" default_off="failed ruleset test">
+
+	<target host="tdesktop.com" />
+	<target host="update.tdesktop.com" />
+	<target host="www.tdesktop.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TeX-Users-Group.xml b/src/chrome/content/rules/TeX-Users-Group.xml
index 4519b7956bb1..9941f531da0d 100644
--- a/src/chrome/content/rules/TeX-Users-Group.xml
+++ b/src/chrome/content/rules/TeX-Users-Group.xml
@@ -3,7 +3,6 @@
 	<target host="tug.org"/>
 	<target host="www.tug.org"/>
 
-	<rule from="^http://(www\.)?tug\.org/"
-		to="https://www.tug.org/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Tea-Party-Patriots.xml b/src/chrome/content/rules/Tea-Party-Patriots.xml
index 84fdd147aa36..ccf7edf4bf07 100644
--- a/src/chrome/content/rules/Tea-Party-Patriots.xml
+++ b/src/chrome/content/rules/Tea-Party-Patriots.xml
@@ -10,11 +10,10 @@
 	<target host="www.teapartypatriots.org" />
 
 
-	<securecookie host="^www\.teapartypatriots\.org$" name=".*" />
+	<securecookie host="^www\.teapartypatriots\.org$" name=".+" />
 
 
 	<!--	Cert only matches www.	-->
-	<rule from="^https?://(?:www\.)?teapartypatriots\.org/"
-		to="https://www.teapartypatriots.org/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/TeacherCast.net.xml b/src/chrome/content/rules/TeacherCast.net.xml
new file mode 100644
index 000000000000..f7a37a2b89df
--- /dev/null
+++ b/src/chrome/content/rules/TeacherCast.net.xml
@@ -0,0 +1,6 @@
+<ruleset name="TeacherCast.net">
+	<target host="teachercast.net" />
+	<target host="www.teachercast.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Teachers_Assurance.xml b/src/chrome/content/rules/Teachers_Assurance.xml
index 6f26a9e6dba2..9715caf00a3e 100644
--- a/src/chrome/content/rules/Teachers_Assurance.xml
+++ b/src/chrome/content/rules/Teachers_Assurance.xml
@@ -33,4 +33,4 @@
 	<rule from="^http://(customer|securevpn|www)\.teachersassurance\.co\.uk/"
 		to="https://$1.teachersassurance.co.uk/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Teacups_and_Trinkets.co.uk.xml b/src/chrome/content/rules/Teacups_and_Trinkets.co.uk.xml
deleted file mode 100644
index 5c4129200d73..000000000000
--- a/src/chrome/content/rules/Teacups_and_Trinkets.co.uk.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Teacups and Trinkets.co.uk">
-
-	<target host="teacupsandtrinkets.co.uk" />
-	<target host="*.teacupsandtrinkets.co.uk" />
-
-
-	<securecookie host="^(?:w*\.)?teacupsandtrinkets\.co\.uk$" name=".+" />
-
-
-	<rule from="^http://(www\.)?teacupsandtrinkets\.co\.uk/"
-		to="https://$1teacupsandtrinkets.co.uk/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Teads.tv.xml b/src/chrome/content/rules/Teads.tv.xml
new file mode 100644
index 000000000000..37e6c832f0d2
--- /dev/null
+++ b/src/chrome/content/rules/Teads.tv.xml
@@ -0,0 +1,20 @@
+<!--
+	Not covered:
+
+		- ^ ¹
+		- www ¹
+
+	¹: Connection refused
+-->
+<ruleset name="Teads.tv (partial)">
+
+	<target host="cdn.teads.tv" />
+	<target host="cdn2.teads.tv" />
+	<target host="r.teads.tv" />
+	<target host="sync.teads.tv" />
+	<target host="t.teads.tv" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Tealium.com.xml b/src/chrome/content/rules/Tealium.com.xml
new file mode 100644
index 000000000000..4659293279d9
--- /dev/null
+++ b/src/chrome/content/rules/Tealium.com.xml
@@ -0,0 +1,71 @@
+<!--
+	Cert expired:
+		- i-mobistar.tealiumiq.com
+		- i_mobistar.tealiumiq.com
+
+	Cert mismatch:
+		- www.tealium.com
+		- blog.tealium.com
+		- maven.tealiumiq.com
+		- akamai.tags.tiqcdn.com
+		- edgecast.tags.tiqcdn.com
+		- my.tealium.com
+		- offers.tealium.com
+		- static.tealium.com
+
+	Connection refused:
+		- go.tealium.com
+		- videos.tealium.com
+
+	Self-signed cert:
+		- cdn.tealium.com
+
+	TLS-error:
+		- mail.tealium.com
+
+	Redirects to plain-text:
+		- support.tealiumiq.com
+-->
+<ruleset name="Tealium.com (partial)">
+
+	<target host="tealium.com" />
+	<target host="status.tealium.com" />
+
+	<target host="tealiumiq.com" />
+	<target host="www.tealiumiq.com" />
+	<target host="api.tealiumiq.com" />
+	<target host="collect.tealiumiq.com" />
+	<target host="collect-eu-central-1.tealiumiq.com" />
+	<target host="collect-eu-west-1.tealiumiq.com" />
+	<target host="collect-us-east-1.tealiumiq.com" />
+	<target host="collect-us-west-1.tealiumiq.com" />
+	<target host="community.tealiumiq.com" />
+	<target host="community-beta.tealiumiq.com" />
+	<target host="datacloud.tealiumiq.com" />
+	<target host="datacloud-eu-central-1.tealiumiq.com" />
+	<target host="datacloud-eu-west-1.tealiumiq.com" />
+	<target host="datacloud-us-east-1.tealiumiq.com" />
+	<target host="datacloud-us-west-1.tealiumiq.com" />
+
+	<target host="my.tealiumiq.com" />
+	<target host="pc1-collect.tealiumiq.com" />
+	<target host="sso.tealiumiq.com" />
+	<target host="stage-community.tealiumiq.com" />
+	<target host="tmu-collect.tealiumiq.com" />
+	<target host="tmu-datacloud.tealiumiq.com" />
+	<target host="tmu-my.tealiumiq.com" />
+	<target host="uconnect.tealiumiq.com" />
+	<target host="visitor-service.tealiumiq.com" />
+	<target host="visitor-service-eu-central-1.tealiumiq.com" />
+	<target host="visitor-service-eu-west-1.tealiumiq.com" />
+	<target host="visitor-service-us-east-1.tealiumiq.com" />
+	<target host="visitor-service-us-west-1.tealiumiq.com" />
+
+	<target host="tags.tiqcdn.com" />
+	<target host="tags-eu.tiqcdn.com" />
+	<target host="vodafone.tiqcdn.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Tealium.xml b/src/chrome/content/rules/Tealium.xml
deleted file mode 100644
index 14ad29e42a8f..000000000000
--- a/src/chrome/content/rules/Tealium.xml
+++ /dev/null
@@ -1,34 +0,0 @@
-<!--
-	CDN buckets:
-
-		- tealium.hs.llnwd.net/o43/
-
-
-	Nonfunctional domains:
-
-		- blog.tealium.com	(cert: ip-10-169-46-117, self-signed;
-					shows Amazon Linux test page)
-		- (www.)tealium.com	(no https)
-
-
-	tealium.hs.llnwd.net sets utag_main wildcard cookie on client domains.
-
-	tags.tiqcdn.com sets s_pers abd s_sess wildcard cookies
-	cookies on whichever domain it is loaded from.
-
--->
-<ruleset name="Tealium (partial)">
-
-	<target host="my.tealiumiq.com" />
-	<target host="tags.tiqcdn.com" />
-
-
-	<rule from="^http://my\.tealiumiq\.com/"
-		to="https://my.tealiumiq.com/" />
-
-	<!--	Tracking on 3rd-party websites:
-						-->
-	<rule from="^http://tags\.tiqcdn\.com/"
-		to="https://tags.tiqcdn.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/TeamBoard.com.xml b/src/chrome/content/rules/TeamBoard.com.xml
new file mode 100644
index 000000000000..77f7cd17b5d1
--- /dev/null
+++ b/src/chrome/content/rules/TeamBoard.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="TeamBoard.com">
+
+	<target host="teamboard.com" />
+	<target host="www.teamboard.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TeamForge.net.xml b/src/chrome/content/rules/TeamForge.net.xml
new file mode 100644
index 000000000000..6d98d6f4441f
--- /dev/null
+++ b/src/chrome/content/rules/TeamForge.net.xml
@@ -0,0 +1,22 @@
+<!--
+	Nonfunctional hosts in *teamforge.net:
+
+		- (www.)?
+
+
+	Fully covered hosts in *teamforge.net:
+
+		- secure
+
+-->
+<ruleset name="TeamForge.net (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="secure.teamforge.net" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TeamLiquid.net.xml b/src/chrome/content/rules/TeamLiquid.net.xml
new file mode 100644
index 000000000000..1f8e699ddd57
--- /dev/null
+++ b/src/chrome/content/rules/TeamLiquid.net.xml
@@ -0,0 +1,8 @@
+<ruleset name="TeamLiquid.net">
+
+	<target host="teamliquid.net" />
+	<target host="www.teamliquid.net" />
+	<target host="wiki.teamliquid.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Team_Cymru.xml b/src/chrome/content/rules/Team_Cymru.xml
index 31bfc84ec8e2..6996b3310ddd 100644
--- a/src/chrome/content/rules/Team_Cymru.xml
+++ b/src/chrome/content/rules/Team_Cymru.xml
@@ -4,7 +4,6 @@
 	<target host="www.team-cymru.org" />
 
 
-	<rule from="^http://(www\.)?team-cymru\.org/"
-		to="https://$1team-cymru.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Team_Gaslight.com.xml b/src/chrome/content/rules/Team_Gaslight.com.xml
new file mode 100644
index 000000000000..d8d8af03549a
--- /dev/null
+++ b/src/chrome/content/rules/Team_Gaslight.com.xml
@@ -0,0 +1,22 @@
+<!--
+	www.teamgaslight.com: Mismatched
+
+-->
+<ruleset name="Team Gaslight.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="teamgaslight.com" />
+
+	<!--	Complications:
+				-->
+	<target host="www.teamgaslight.com" />
+
+
+	<rule from="^http://www\.teamgaslight\.com/"
+		to="https://teamgaslight.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Team_in_Training.org.xml b/src/chrome/content/rules/Team_in_Training.org.xml
index 4938d992a995..91587e7c6ccd 100644
--- a/src/chrome/content/rules/Team_in_Training.org.xml
+++ b/src/chrome/content/rules/Team_in_Training.org.xml
@@ -1,4 +1,9 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://teamintraining.org/ => https://www.teamintraining.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.teamintraining.org'")
+Fetch error: http://www.teamintraining.org/ => https://www.teamintraining.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.teamintraining.org'")
+
 	Nonfunctional subdomains:
 
 		- etools	(dropped)
@@ -9,7 +14,7 @@
 		- ^	(works; mismatched, CN: *.lls.org)
 
 -->
-<ruleset name="Team in Training.org (partial)">
+<ruleset name="Team in Training.org (partial)" default_off="failed ruleset test">
 
 	<target host="teamintraining.org" />
 	<target host="www.teamintraining.org" />
@@ -21,4 +26,4 @@
 	<rule from="^http://(?:www\.)?teamintraining\.org/"
 		to="https://www.teamintraining.org/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Teamtailor.com.xml b/src/chrome/content/rules/Teamtailor.com.xml
new file mode 100644
index 000000000000..56a3578bdcf6
--- /dev/null
+++ b/src/chrome/content/rules/Teamtailor.com.xml
@@ -0,0 +1,63 @@
+<!--
+	Nonfunctional hosts in *teamtailor.com:
+
+		- blog ³
+
+	³ 403
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- .teamtailor.com
+		- career.teamtailor.com
+		- mynewsdesk.teamtailor.com
+		- paradox-interactive.teamtailor.com
+		- www.teamtailor.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css on blog from fonts.googleapis.com *
+		- Images on career, paradox-interactive, www from res.cloudinary.com *
+
+	* Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Teamtailor.com (partial)">
+
+	<target host="teamtailor.com" />
+	<target host="career.teamtailor.com" />
+	<target host="mynewsdesk.teamtailor.com" />
+	<target host="paradox-interactive.teamtailor.com" />
+	<target host="www.teamtailor.com" />
+
+		<!--	Redirect destination mismatched:
+							-->
+		<exclusion pattern="^http://paradox-interactive\.teamtailor\.com/$" />
+
+			<!--	-ve:
+					-->
+			<test url="http://paradox-interactive.teamtailor.com/connect/login" />
+
+		<test url="http://career.teamtailor.com/connect" />
+
+		<!--	$ redirects to career, so:
+							-->
+		<test url="http://mynewsdesk.teamtailor.com/connect" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.teamtailor\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+	<!--securecookie host="^(?:career|mynewsdesk|paradox-interactive|www)\.teamtailor\.com$" name="^_tt_session$" /-->
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host=".\.teamtailor\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Teamviewer.xml b/src/chrome/content/rules/Teamviewer.xml
index 755907aacc98..9c1a661c05bf 100644
--- a/src/chrome/content/rules/Teamviewer.xml
+++ b/src/chrome/content/rules/Teamviewer.xml
@@ -1,13 +1,31 @@
-<ruleset name="Teamviewer">
+<!--
+	Mismatched:
+	- mailings (*.inxmail.com)
+-->
 
+<ruleset name="Teamviewer.com">
 	<target host="teamviewer.com" />
-	<target host="*.teamviewer.com" />
+	<target host="www.teamviewer.com" />
+	<target host="blog.teamviewer.com" />
+	<target host="get.teamviewer.com" />
+	<target host="go.teamviewer.com" />
+	<target host="integrate.teamviewer.com" />
+	<target host="jobs.teamviewer.com" />
+	<target host="community.teamviewer.com" />
+	<target host="download.teamviewer.com" />
+	<target host="downloadeu1.teamviewer.com" />
+	<target host="downloadeu2.teamviewer.com" />
+	<target host="downloadus1.teamviewer.com" />
+	<target host="downloadus2.teamviewer.com" />
+	<target host="ideas.teamviewer.com" />
+	<target host="login.teamviewer.com" />
+	<target host="meeting.teamviewer.com" />
+	<target host="pages.teamviewer.com" />
+	<target host="start.teamviewer.com" />
+	<target host="status.teamviewer.com" />
+	<target host="wwwold.teamviewer.com" />
 
+	<securecookie host=".+" name=".+" />
 
-	<securecookie host="^(.*\.)?teamviewer.com$" name=".*" />
-
-
-	<rule from="^http://((?:downloadeu1|login|wa103|wa236|www)\.)?teamviewer\.com/"
-		to="https://$1teamviewer.com/" />
-
+	<rule from="^http:"	to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Teamweek.com.xml b/src/chrome/content/rules/Teamweek.com.xml
new file mode 100644
index 000000000000..ec039880879d
--- /dev/null
+++ b/src/chrome/content/rules/Teamweek.com.xml
@@ -0,0 +1,33 @@
+<!--
+	Nonfunctional subdomains:
+
+		- blog ¹
+		- support ²
+
+	¹ Redirects to http
+	² Refused
+
+
+	Fully covered subdomains:
+
+		- (www.)?
+		- new
+
+-->
+<ruleset name="Teamweek.com (partial)">
+
+	<target host="teamweek.com" />
+	<target host="new.teamweek.com" />
+	<target host="www.teamweek.com" />
+		<!--
+			Redirects to http...$:
+						-->
+		<!--exclusion pattern="^http://blog\.teamweek\.com/($|favicon\.ico|wp-content/)" /-->
+
+
+	<securecookie host="^\.new\.teamweek\.com$" name="^__utm\w+$" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Teamxlink.xml b/src/chrome/content/rules/Teamxlink.xml
index 940e77968419..411e752400c3 100644
--- a/src/chrome/content/rules/Teamxlink.xml
+++ b/src/chrome/content/rules/Teamxlink.xml
@@ -1,6 +1,10 @@
-<ruleset name="Teamxlink" default_off="Cert warning">
-  <target host="teamxlink.co.uk" />
-  <target host="www.teamxlink.co.uk" />
+<ruleset name="Teamxlink">
+	<target host="teamxlink.co.uk" />
+	<target host="www.teamxlink.co.uk" />
+	<target host="ca.teamxlink.co.uk" />
+	<target host="es.teamxlink.co.uk" />
+	<target host="orb.teamxlink.co.uk" />
+	<target host="cdn.teamxlink.co.uk" />
 
-  <rule from="^http://(?:www\.)?teamxlink\.co\.uk/" to="https://www.teamxlink.co.uk/"/>
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Teanglann.ie.xml b/src/chrome/content/rules/Teanglann.ie.xml
new file mode 100644
index 000000000000..5531450060c7
--- /dev/null
+++ b/src/chrome/content/rules/Teanglann.ie.xml
@@ -0,0 +1,6 @@
+<ruleset name="Teanglann.ie">
+	<target host="teanglann.ie"/>
+	<target host="www.teanglann.ie"/>
+
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/Tech-Recipes.xml b/src/chrome/content/rules/Tech-Recipes.xml
index fceef79866ea..1f242b25d47e 100644
--- a/src/chrome/content/rules/Tech-Recipes.xml
+++ b/src/chrome/content/rules/Tech-Recipes.xml
@@ -1,18 +1,14 @@
-<ruleset name="Tech-Recipes" default_off="mismatch, self-signed">
+<ruleset name="Tech-Recipes.com" default_off="shows default page">
 
 	<target host="tech-recipes.com" />
-	<target host="*.tech-recipes.com" />
+	<target host="cloud.tech-recipes.com" />
+	<target host="www.tech-recipes.com" />
 
 
-	<securecookie host="^www\.tech-recipes\.com$" name=".*" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<!--	- !www: cert only matches www
-		- !www redirects to www
-		- cloud cert: gp1.wac.edgecastcdn.net
-		- cloud 404s
-						-->
-	<rule from="^https?://(?:cloud\.|www\.)?tech-recipes\.com/"
-		to="https://www.tech-recipes.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/TechEmpower.com.xml b/src/chrome/content/rules/TechEmpower.com.xml
new file mode 100644
index 000000000000..c4eedc642037
--- /dev/null
+++ b/src/chrome/content/rules/TechEmpower.com.xml
@@ -0,0 +1,29 @@
+<!--
+	^techempower.com: Mismatched
+
+
+	Mixed content:
+
+		- css on fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="TechEmpower.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.techempower.com" />
+
+	<!--	Complications:
+				-->
+	<target host="techempower.com" />
+
+
+	<rule from="^http://techempower\.com/"
+		to="https://www.techempower.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TechEnclave.com.xml b/src/chrome/content/rules/TechEnclave.com.xml
new file mode 100644
index 000000000000..e74ba0d1f909
--- /dev/null
+++ b/src/chrome/content/rules/TechEnclave.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="TechEnclave.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="techenclave.com" />
+	<target host="www.techenclave.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TechFreedom.org.xml b/src/chrome/content/rules/TechFreedom.org.xml
index 6862f0ecc024..dd9afe80936b 100644
--- a/src/chrome/content/rules/TechFreedom.org.xml
+++ b/src/chrome/content/rules/TechFreedom.org.xml
@@ -1,15 +1,10 @@
-<!--
-	- Expired 2013-06-08
-	- Cert only matches ^techfreedom.org
-
--->
-<ruleset name="TechFreedom.org" default_off="expired, self-signed">
+<ruleset name="TechFreedom.org" default_off="refused">
 
 	<target host="techfreedom.org" />
 	<target host="www.techfreedom.org" />
 
 
-	<rule from="^http://(?:www\.)?techfreedom\.org/"
-		to="https://techfreedom.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/TechHouse.xml b/src/chrome/content/rules/TechHouse.xml
index bd3275236608..bde8eab45d42 100644
--- a/src/chrome/content/rules/TechHouse.xml
+++ b/src/chrome/content/rules/TechHouse.xml
@@ -2,8 +2,7 @@
   <target host="techhouse.org" />
   <target host="www.techhouse.org" />
 
-  <securecookie host="^(.+\.)?techhouse\.org$" name=".*"/>
+  <securecookie host=".+" name=".+" />
 
-  <rule from="^http://techhouse\.org/" to="https://techhouse.org/"/>
-  <rule from="^http://(www)\.techhouse\.org/" to="https://$1.techhouse.org/"/>
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/TechOnline.com.xml b/src/chrome/content/rules/TechOnline.com.xml
new file mode 100644
index 000000000000..bdf871fecef0
--- /dev/null
+++ b/src/chrome/content/rules/TechOnline.com.xml
@@ -0,0 +1,38 @@
+<!--
+	For other UBM coverage, see UBM.xml.
+
+
+	CDN buckets:
+
+		- dpzfphvq26nxh.cloudfront.net
+
+			- media
+
+
+	Nonfunctional subdomains:
+
+		- (www.) ¹
+		- seminar2 ²
+
+	¹ Refused
+	² Dropped
+
+
+	Problematic domains:
+
+		- media.techonline.com ¹
+		- sso.techonline.com ²
+
+	¹ cloudfront
+	² Works; mismatched, CN: *.eetimes.com
+
+-->
+<ruleset name="TechOnline.com (partial)">
+
+	<target host="media.techonline.com" />
+
+
+	<rule from="^http://media\.techonline\.com/"
+		to="https://dpzfphvq26nxh.cloudfront.net/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TechPresident.com.xml b/src/chrome/content/rules/TechPresident.com.xml
new file mode 100644
index 000000000000..460506af5978
--- /dev/null
+++ b/src/chrome/content/rules/TechPresident.com.xml
@@ -0,0 +1,27 @@
+<!--
+	Mixed content:
+
+		- css from cloud.webtype.com *
+
+	* Secured by us
+
+
+	Expired 2014-05-13
+
+-->
+<ruleset name="TechPresident.com" default_off="expired">
+
+	<target host="techpresident.com" />
+	<target host="www.techpresident.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.techpresident\.com$" name="^SESS[\da-f]{32}" /-->
+
+	<securecookie host="^\.techpresident\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TechRepublic.com.xml b/src/chrome/content/rules/TechRepublic.com.xml
new file mode 100644
index 000000000000..186a269b37cc
--- /dev/null
+++ b/src/chrome/content/rules/TechRepublic.com.xml
@@ -0,0 +1,43 @@
+<!--
+	For other CBS coverage, see CBS.xml.
+
+	Invalid certificate:
+		android-streaming.techrepublic.com
+		dw.techrepublic.com
+		ipad-streaming.techrepublic.com
+		li.techrepublic.com
+
+	Different content HTTP/HTTPS:
+		blogs.techrepublic.com
+		downloads.techrepublic.com
+		itdojo.techrepublic.com
+		policies.techrepublic.com
+		techbooks.techrepublic.com
+		whitepapers.techrepublic.com
+
+	No working URL known:
+		cdn-origin01.techrepublic.com
+		urs.techrepublic.com
+
+	Login required:
+		enews.techrepublic.com
+
+	Time out:
+		itpapers.techrepublic.com
+
+-->
+<ruleset name="TechRepublic.com (partial)">
+
+	<target host="techrepublic.com" />
+	<target host="academy.techrepublic.com" />
+	<target host="cms.techrepublic.com" />
+	<target host="japan.techrepublic.com" />
+	<target host="m.techrepublic.com" />
+	<target host="secure.techrepublic.com" />
+
+	<securecookie host="^secure\.techrepublic\.com$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TechRepublic.xml b/src/chrome/content/rules/TechRepublic.xml
deleted file mode 100644
index 2d1cca512bdc..000000000000
--- a/src/chrome/content/rules/TechRepublic.xml
+++ /dev/null
@@ -1,39 +0,0 @@
-<!--
-	For other CBS coverage, see CBS.xml.
-
-
-	Nonfunctional domains:
-
-
-		- techrepublic.com.com		(cert: www.techrepublic.com; 301s there)
-		- i.techrepublic.com.com	(Akamai; 504)
-		- techrepublic.com		(301s to http)
-		- www.techrepublic.com		(Akamai; 301s to http)
-		- \w+.trstatic.com		(Akamai, "An error occurred")
-
-
-	origin.techrepublic.com/images/foo.ext 301s to img.com.com/i/tr/foo.ext
-
-
-	Problematic domains:
-
-		- origin.techrepublic.com	(some paths redirect to http, mismatched)
-
--->
-<ruleset name="TechRepublic (partial)">
-
-	<target host="techrepublic.com" />
-	<target host="*.techrepublic.com" />
-	<target host="*.trstatic.com" />
-
-
-	<securecookie host="^ssl\.techrepublic\.com$" name=".+" />
-
-
-	<rule from="^http://(ssl\.)?techrepublic\.com/"
-		to="https://$1techrepublic.com/" />
-
-	<rule from="^http://(?:(?:origin|www)\.techrepublic|i\d\.trstatic)\.com/(cs|image)s/"
-		to="https://ssl.techrepublic.com/s/$1s/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/TechSay.com.xml b/src/chrome/content/rules/TechSay.com.xml
new file mode 100644
index 000000000000..e33ec8fc4d5d
--- /dev/null
+++ b/src/chrome/content/rules/TechSay.com.xml
@@ -0,0 +1,29 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://techsay.com/ => https://techsay.com/: (51, "SSL: no alternative certificate subject name matches target host name 'techsay.com'")
+
+	Insecure cookies are set for these hosts:
+
+		- techsay.com
+		- www.techsay.com
+
+-->
+<ruleset name="TechSay.com" default_off="failed ruleset test">
+
+	<target host="techsay.com" />
+	<target host="www.techsay.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^techsay\.com$" name="^BIGipServer" /-->
+	<!--securecookie host="^www\.techsay\.com$" name="^(?:BIGipServer|CID$|SID$|partnerID$)" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TechStage.de.xml b/src/chrome/content/rules/TechStage.de.xml
new file mode 100644
index 000000000000..1ccf16507454
--- /dev/null
+++ b/src/chrome/content/rules/TechStage.de.xml
@@ -0,0 +1,15 @@
+<!--
+	Invalid certificate:
+		- live.techstage.de
+-->
+<ruleset name="TechStage.de">
+
+	<target host="techstage.de" />
+	<target host="www.techstage.de" />
+	<target host="preisvergleich.techstage.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TechSupportAlert.com.xml b/src/chrome/content/rules/TechSupportAlert.com.xml
new file mode 100644
index 000000000000..90895e64ffe4
--- /dev/null
+++ b/src/chrome/content/rules/TechSupportAlert.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="TechSupportAlert.com">
+	<target host="techsupportalert.com" />
+	<target host="www.techsupportalert.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TechTarget-mismatches.xml b/src/chrome/content/rules/TechTarget-mismatches.xml
index 2423e6ecfa52..f109bc69483b 100644
--- a/src/chrome/content/rules/TechTarget-mismatches.xml
+++ b/src/chrome/content/rules/TechTarget-mismatches.xml
@@ -15,6 +15,6 @@
 
 	<rule from="^http://(www\.)?search(cloudcomputing|datacenter|networking|security|storage)\.de/" to="https://www.search$2.de/"/>
 
-	<securecookie host="^www\.search(cloudcomputing|datacenter|networking|security|storage)\.de$" name=".*"/>
+	<securecookie host="^www\.search(?:cloudcomputing|datacenter|networking|security|storage)\.de$" name=".+" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/TechTarget.xml b/src/chrome/content/rules/TechTarget.xml
index fd8b158fd194..e1ee84db9d10 100644
--- a/src/chrome/content/rules/TechTarget.xml
+++ b/src/chrome/content/rules/TechTarget.xml
@@ -2,50 +2,49 @@
 	CDN buckets:
 
 		- cdn.ttgtmedia.com.cdngc.net
-
-		- irsolutions.snl.com
-
-			- investor
+		- irsolutions.snl.com	← investor
 
 
 	Nonfunctional domains:
 
 		- techtarget.com subdomains:
 
-			- investor *
-			- searchsecurity *
-			- users		(refused)
-
-		- cdn.ttgtmedia.com		(403; mismatched, CN: ssl2.cdngc.net)
-
-	* Dropped
+			- investor ᵈ
+			- searchsecurity ᵈ
+			- users ʳ
 
+		- cdn.ttgtmedia.com ³
 
-	Problematic subdomains:
+	³ 403
+	ᵈ Dropped
+	ʳ Refused
 
-		- ^	(dropped)
 
+	Insecure cookies are set for these hosts: ᶜ
 
-	Fully covered subdomains:
+		- techtarget.com
+		- techtargetsummit.techtarget.com
+		- www.techtarget.com
 
-		- (www.)	(^ → www)
-		- media
-		- techtargetsummit
+	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="TechTarget (partial)">
+<ruleset name="TechTarget.com (partial)">
 
 	<target host="techtarget.com" />
-	<target host="*.techtarget.com" />
+	<target host="media.techtarget.com" />
+	<target host="techtargetsummit.techtarget.com" />
+	<target host="www.techtarget.com" />
 
 
-	<securecookie host="^(?:media|techtargetsummit|www)\.techtarget\.com$" name=".+" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:techtargetsummit\.|www\.)?techtarget\.com$" name="^BIGipServer" /-->
 
+	<securecookie host="^\w" name=".+" />
 
-	<rule from="^http://(?:www\.)?techtarget\.com/"
-		to="https://www.techtarget.com/" />
 
-	<rule from="^http://(media|techtargetsummit)\.techtarget\.com/"
-		to="https://$1.techtarget.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/TechVerse.xml b/src/chrome/content/rules/TechVerse.xml
index fccec383db55..0b82c67fb6f7 100644
--- a/src/chrome/content/rules/TechVerse.xml
+++ b/src/chrome/content/rules/TechVerse.xml
@@ -14,4 +14,4 @@
 	<rule from="^http://(?:www\.)?techverse\.com\.au/(chat/|images/|index\.php\?(?:.+&amp;)?_a=(?:login|reg)|language/|skins/)"
 		to="https://techverse.com.au/$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/TechWeb.xml b/src/chrome/content/rules/TechWeb.xml
index b3a01970e710..d1794776d7a7 100644
--- a/src/chrome/content/rules/TechWeb.xml
+++ b/src/chrome/content/rules/TechWeb.xml
@@ -1,4 +1,12 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://store.drdobbs.com/ => https://store.drdobbs.com/: (6, 'Could not resolve host: store.drdobbs.com')
+Fetch error: http://techwebonlineevents.com/ => https://www.techwebonlineevents.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.techwebonlineevents.com'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://store.drdobbs.com/ => https://store.drdobbs.com/: Redirect for 'http://store.drdobbs.com/' missing Location
+Fetch error: http://techwebonlineevents.com/ => https://www.techwebonlineevents.com/: (28, 'Connection timed out after 10000 milliseconds')
 	For problematic rules and other UBM coverage, see UBM-mismatches.xml.
 
 
@@ -6,10 +14,13 @@
 
 		- newagora.cachefly.net
 
+		- d2x7anl33w5mmo.cloudfront.net
+
+			- img.lightreading.com
+
 
 	Nonfunctional domains:
 
-		- (www.)darkreading.com		(cert: cms.informationweekanalytics.com, self-signed; redirects to http)
 		- (www.)gamasutra.com		(valid cert; pages become blank)
 		- (www.)lightreading.com	(cert: payment.lightreading.com; .+ 404s, $ redirects to http)
 		- liveevents.techweb.com
@@ -24,12 +35,8 @@
 			- login
 			- ng
 
-
-	i.ubm-us.net sets us_ubm_aut wildcard cookie
-	on whichever domain it is loaded from.
-
 -->
-<ruleset name="TechWeb (partial)" platform="mixedcontent">
+<ruleset name="TechWeb (partial)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="store.drdobbs.com" />
 	<target host="gamasutra.com" />
@@ -39,12 +46,11 @@
 	<target host="techwebonlineevents.com" />
 	<target host="*.techwebonlineevents.com" />
 	<target host="twimgs.com" />
-	<target host="i.ubm-us.net" />
 
 
 	<securecookie host="^store\.drdobbs\.com$" name=".+" />
 	<securecookie host="^ng\.techweb\.com$" name=".+" />
-	<securecookie host="^(.*\.)?techwebonlineevents\.com$" name=".*" />
+	<securecookie host="^(?:.*\.)?techwebonlineevents\.com$" name=".+" />
 
 
 	<rule from="^http://store\.drdobbs\.com/"
@@ -53,24 +59,21 @@
 	<rule from="^http://(i|login|ng)\.techweb\.com/"
 		to="https://$1.techweb.com/" />
 
-	<rule from="^http://(www\.)?gamasutra\.com/(blogs/edit/img/|(?:comments/|content/blogs/)?\w+\.css|(?:db_area/)?images/)"
+	<rule from="^http://(www\.)?gamasutra\.com/(blogs/edit/img/|css/|(?:comments/|content/blogs/)?\w+\.css|game_sites_superfooter_2012/|(?:db_area/)?images/)"
 		to="https://$1gamasutra.com/$2" />
 
 	<!--	darkreading/ data are also available in i.cmpnet.com/infoweek/security/darkreading/seo/
 					-->
-	<rule from="^https?://img\.lightreading\.com/"
-		to="https://newagora.cachefly.net/" />
+	<rule from="^http://img\.lightreading\.com/"
+		to="https://img.lightreading.com/" />
 
 	<rule from="^http://payment\.lightreading\.com/"
 		to="https://payment.lightreading.com/" />
 
-	<rule from="^https?://(?:www\.)?techwebonlineevents\.com/"
+	<rule from="^http://(?:www\.)?techwebonlineevents\.com/"
 		to="https://www.techwebonlineevents.com/" />
 
 	<rule from="^http://twimgs\.com/"
 		to="https://twimgs.com/" />
 
-	<rule from="^http://i\.ubm-us\.net/"
-		to="https://i.ubm-us.net/" />
-
 </ruleset>
diff --git a/src/chrome/content/rules/TechXpress.net.xml b/src/chrome/content/rules/TechXpress.net.xml
new file mode 100644
index 000000000000..fcd08c2db19e
--- /dev/null
+++ b/src/chrome/content/rules/TechXpress.net.xml
@@ -0,0 +1,80 @@
+<!--
+	Nonfunctional hosts in *techxpress.net:
+
+		- blog *
+
+	* Redirects to emailmarketing.techxpress.net
+
+
+	www: Mismatched
+
+
+	Fully covered hosts in *techxpress.net:
+
+		- (www.)?	(www → ^)
+		- dev
+		- emailmarketing
+		- mail
+		- prelaunch
+		- secure-dev
+		- secure
+		- secure2
+		- support
+		- xm
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- techxpress.net
+		- .techxpress.net
+		- emailmarketing.techxpress.net
+		- mail.techxpress.net
+		- support.techxpress.net
+		- xm.techxpress.net
+
+	Mixed content:
+
+		- Images on support from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="TechXpress.net (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="techxpress.net" />
+	<target host="dev.techxpress.net" />
+	<target host="emailmarketing.techxpress.net" />
+	<target host="mail.techxpress.net"/>
+	<target host="prelaunch.techxpress.net" />
+	<target host="secure-dev.techxpress.net" />
+	<target host="secure.techxpress.net" />
+	<target host="secure2.techxpress.net" />
+	<target host="support.techxpress.net" />
+	<target host="xm.techxpress.net" />
+
+	<!--	Complications:
+				-->
+	<target host="www.techxpress.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^techxpress\.net$" name="^ct$" /-->
+	<!--securecookie host="^\.techxpress\.net$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^emailmarketing\.techxpress\.net$" name="^IEMSESSIONID$" /-->
+	<!--securecookie host="^mail\.techxpress\.net$" name="^atmail6$" /-->
+	<!--securecookie host="^support\.techxpress\.net$" name="^(SWIFT_client|SWIFT_sessionid40)$" /-->
+	<!--securecookie host="^xm\.techxpress\.net$" name="^_redmine_session$" /-->
+
+	<securecookie host="^(?:(?:emailmarketing|mail|support|xm)?\.)?techxpress\.net$" name=".+" />
+
+
+	<rule from="^http://www\.techxpress\.net/"
+		to="https://techxpress.net/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Tech_Journey.net.xml b/src/chrome/content/rules/Tech_Journey.net.xml
new file mode 100644
index 000000000000..401ba7b69062
--- /dev/null
+++ b/src/chrome/content/rules/Tech_Journey.net.xml
@@ -0,0 +1,31 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- techjourney.net
+		- www.techjourney.net
+
+
+	Mixed content:
+
+		- Bugs from c.statcounter.com *
+
+	* Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Tech Journey.net">
+
+	<target host="techjourney.net" />
+	<target host="www.techjourney.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?techjourney\.net$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Tech_Tools_for_Activism.org.xml b/src/chrome/content/rules/Tech_Tools_for_Activism.org.xml
new file mode 100644
index 000000000000..b0314a8a9d32
--- /dev/null
+++ b/src/chrome/content/rules/Tech_Tools_for_Activism.org.xml
@@ -0,0 +1,16 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://techtoolsforactivism.org/ => https://techtoolsforactivism.org/: (51, "SSL: no alternative certificate subject name matches target host name 'techtoolsforactivism.org'")
+Fetch error: http://www.techtoolsforactivism.org/ => https://www.techtoolsforactivism.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.techtoolsforactivism.org'")
+
+-->
+<ruleset name="Tech Tools for Activism.org" default_off="failed ruleset test">
+
+	<target host="techtoolsforactivism.org" />
+	<target host="www.techtoolsforactivism.org" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Tech_in_Asia.com.xml b/src/chrome/content/rules/Tech_in_Asia.com.xml
new file mode 100644
index 000000000000..2632dc911a75
--- /dev/null
+++ b/src/chrome/content/rules/Tech_in_Asia.com.xml
@@ -0,0 +1,24 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- techinasia.com
+		- www.techinasia.com
+
+-->
+<ruleset name="Tech in Asia.com">
+
+	<target host="techinasia.com" />
+	<target host="www.techinasia.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?techinasia\.com$" name="^tia-ws$" /-->
+
+	<securecookie host="^(?:www\.)?techinasia\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Techdirt.xml b/src/chrome/content/rules/Techdirt.xml
deleted file mode 100644
index 85838b3f7f45..000000000000
--- a/src/chrome/content/rules/Techdirt.xml
+++ /dev/null
@@ -1,48 +0,0 @@
-<!--
-	For other Floor64 coverage, see Floor64.xml.
-
-
-	ToDo: Find sstatic bucket
-
-
-	CDN buckets:
-
-		- techdirt1.floor64inc.netdna-cdn.com 
-
-			- Equivalent to cdn.techdirt.com
-
-
-	Nonfunctional subdomains:
-
-		- rtb	(interrupted)
-
-
-	Mixed content:
-
-		- Images on www from i.imgur.com *
-
-		- Ads/web bugs, on www from :
-
-			- ad.doubleclick.net **
-			- www.kickstarter.com **
-			- www.indiegogo.com **
-			- a.postrelease.com **
-			- b.scorecardresearch.com **
-
-	* Secured by us, doesn't trip MCB
-	** Secured by us, and no one cares
-
--->
-<ruleset name="Techdirt">
-
-	<target host="techdirt.com" />
-	<target host="*.techdirt.com" />
-
-
-	<securecookie host="^(?:www)?\.techdirt\.com$" name=".*" />
-
-
-	<rule from="^http://(cdn\.|ii\.|www\.)?techdirt\.com/"
-		to="https://$1techdirt.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Techendo.com.xml b/src/chrome/content/rules/Techendo.com.xml
new file mode 100644
index 000000000000..979c2c4f6f99
--- /dev/null
+++ b/src/chrome/content/rules/Techendo.com.xml
@@ -0,0 +1,25 @@
+<!--
+	^: refused
+
+-->
+<ruleset name="Techendo.com">
+
+	<target host="techendo.com" />
+	<target host="www.techendo.com" />
+	<target host="beta.techendo.com" />
+	<target host="store.techendo.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.techendo\.com$" name="^_tch_session$" /-->
+
+	<securecookie host="^\.techendo\.com$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?techendo\.com/"
+		to="https://www.techendo.com/" />
+
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Techidiots.xml b/src/chrome/content/rules/Techidiots.xml
index b027ed4ce12b..f133cb99204a 100644
--- a/src/chrome/content/rules/Techidiots.xml
+++ b/src/chrome/content/rules/Techidiots.xml
@@ -1,25 +1,38 @@
-<ruleset name="Techidiots.net" platform="mixedcontent">
+<!--
+	Nonfunctional hosts in techidiots.net:
+
+		 uns *
+
+	* Shows api.vistumbler.net
+
+
+	^techidiots.net: Refused
 
-	<target host="electronicinsanity.com" />
-	<target host="www.electronicinsanity.com" />
-	<target host="techidiots.net" />
-	<target host="*.techidiots.net" />
-	<!--	* for cross-domain cookies.	-->
-	<target host="*.forum.techidiots.net" />
 
+	These altnames don't exist:
+
+		- www.forum.techidiots.net
+
+-->
+<ruleset name="Techidiots.net (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.techidiots.net" />
+	<target host="forum.techidiots.net" />
+
+	<!--	Complications:
+				-->
+	<target host="techidiots.net" />
 
-	<securecookie host="^\.forum\.techidiots\.net$" name=".*" />
 
+	<securecookie host="^\.forum\.techidiots\.net$" name=".+" />
 
-	<!--	!www times out over https, redirects over http.		-->
-	<rule from="^http://(?:www\.)?electronicinsanity\.com/"
-		to="https://www.electronicinsanity.com/" />
 
-	<!--	!www times out over https, redirects over http.		-->
-	<rule from="^http://(?:www\.)?techidiots\.net/"
+	<rule from="^http://techidiots\.net/"
 		to="https://www.techidiots.net/" />
 
-	<rule from="^http://forum\.techidiots\.net/"
-		to="https://forum.techidiots.net/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Techmeme.com.xml b/src/chrome/content/rules/Techmeme.com.xml
new file mode 100644
index 000000000000..cef137c68a7f
--- /dev/null
+++ b/src/chrome/content/rules/Techmeme.com.xml
@@ -0,0 +1,20 @@
+<!--
+	Non-functional hosts
+		Invalid certificate:
+			 - alt.techmeme.com
+			 - ftp.techmeme.com
+			 - mail.techmeme.com
+			 - news.techmeme.com
+			 - search.techmeme.com
+-->
+<ruleset name="Techmeme.com">
+	<target host="techmeme.com" />
+	<target host="www.techmeme.com" />
+	<target host="search.techmeme.com" />
+
+	<rule from="^http://search\.techmeme\.com/"
+		  	to="https://www.techmeme.com/search/" />
+
+	<rule from="^http:"
+		  	to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Technet.com.xml b/src/chrome/content/rules/Technet.com.xml
index 94fd8ca8186c..228017fefada 100644
--- a/src/chrome/content/rules/Technet.com.xml
+++ b/src/chrome/content/rules/Technet.com.xml
@@ -1,9 +1,5 @@
 <!--
-	Other Microsoft rulesets:
-
-		- Live.xml
-		- Microsoft.xml
-		- Microsoft-mismatches.xml
+	For other Microsoft coverage, see Microsoft.xml.
 
 
 	Technet.com redirects to technet.microsoft.com,
@@ -11,13 +7,13 @@
 		blogs.technet.com, however, does.
 
 -->
-<ruleset name="Technet.com (partial)">
+<ruleset name="Technet.com (broken)" default_off="broken">
 
 	<target host="blogs.technet.com" />
 	<target host="*.blogs.technet.com" />
 
 
-	<securecookie host="^blogs\.technet\.com$" name=".*" />
+	<securecookie host="^blogs\.technet\.com$" name=".+" />
 
 
 	<!--	Preemptive workaround for problem identical to:
@@ -32,7 +28,7 @@
 
 	<!--	Akamai with no valid cert.
 			Where's the bucket?	-->
-	<rule from="^https?://(?:i\d?)\.blogs\.technet\.com/"
+	<rule from="^http://(?:i\d?)\.blogs\.technet\.com/"
 		to="https://blogs.technet.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Technical-University-of-Denmark.xml b/src/chrome/content/rules/Technical-University-of-Denmark.xml
index e0947a78b932..bf4b105ccfc3 100644
--- a/src/chrome/content/rules/Technical-University-of-Denmark.xml
+++ b/src/chrome/content/rules/Technical-University-of-Denmark.xml
@@ -1,43 +1,118 @@
+
 <!--
-	!functional:
-		- jobbank.dtu.dk		(timeout)
-		- (www.)studievalg.dtu.dk	(self-signed; prints "This is the AIT LAMP 01 server")
+Disabled by https-everywhere-checker because:
+Fetch error: http://backend.alumnenet.dtu.dk/ => https://backend.alumnenet.dtu.dk/: (7, 'Failed to connect to backend.alumnenet.dtu.dk port 443: No route to host')
+Fetch error: http://portalen.dtu.dk/ => https://portalen.dtu.dk/: (7, 'Failed to connect to portalen.dtu.dk port 443: Connection refused')
+Fetch error: http://www.portalen.dtu.dk/ => https://portalen.dtu.dk/: (7, 'Failed to connect to portalen.dtu.dk port 443: Connection refused')
+
+	Technical University of Denmark
+
+
+	Nonfunctional hosts in *dtu.dk:
+
+		- www.alumne *
+		- www.alumni *
+		- www.bibliotek *
+		- jobbank		(timeout)
+		- (www.)studievalg	(self-signed; prints "This is the AIT LAMP 01 server")
+
+	* Redirects to http
+
+
+	Problematic hosts in *dtu.dk:
+
+		- ^ ¹ ²
+		- alumnea ¹ ²
+		- alumni ¹ ²
+		- bibliotek ¹ ²
+		- (www.)?dtic ¹ ²
+		- www.portalen ¹ ²
+		- space ¹ ²
+
+	¹ Missing certificate chain
+	² Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- auth.dtu.dk
+		- nemid.dtu.dk
+		- portalen.dtu.dk
+		- www.portalen.dtu.dk
+
 -->
-<ruleset name="Technical University of Denmark (partial)" platform="mixedcontent">
+<ruleset name="DTU.dk (partial)" default_off="failed ruleset test">
 
-	<target host="dtu.dk"/>
-	<target host="alumne.dtu.dk"/>
-	<target host="www.alumne.dtu.dk"/>
+	<!--	Direct rewrites:
+				-->
 	<target host="backend.alumnenet.dtu.dk"/>
 	<target host="auth.dtu.dk"/>
-	<target host="dtic.dtu.dk"/>
-	<target host="www.dtic.dtu.dk"/>
+	<target host="aezoo.compute.dtu.dk"/>
+	<target host="www.compute.dtu.dk"/>
 	<target host="nemid.dtu.dk"/>
 	<target host="portalen.dtu.dk"/>
-	<target host="www.portalen.dtu.dk"/>
-	<target host="space.dtu.dk"/>
 	<target host="www.space.dtu.dk"/>
 	<target host="mail.win.dtu.dk"/>
 	<target host="www.dtu.dk"/>
 
-	<securecookie host="^(backend\.alumnenet|auth|nemid|portalen|space|www)\.dtu\.dk$" name=".*"/>
-
-	<!--	cert doesn't match www.foo.dtu
+	<!--	Complications:
+				-->
+	<target host="dtu.dk"/>
+	<target host="www.portalen.dtu.dk"/>
+	<target host="space.dtu.dk"/>
 
-		See below if this makes your head hurt.
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.(?:(?:compute|space)\.)?dtu\.dk/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="^http://www\.(?:(?:compute|space)\.)?dtu\.dk/+(?!-/media/|css/|gimage\.ashx|images/)" /-->
+		<!--
+			(Access-Control...: http://*...):
 							-->
-	<rule from="^http://(?:(?:www\.)?((?:(?:alumne|dtic|portalen|space)|backend\.alumnenet|auth|nemid|mail\.win|www)\.))?dtu\.dk/"
-		to="https://$1dtu.dk/"/>
+		<!--exclusion pattern="^http://www\.(?:(?:compute|space)\.)?dtu\.dk/css/" /-->
+		<!--
+			In sum:
+				-->
+		<exclusion pattern="^http://(?:www\.)?(?:(?:compute|space)\.)?dtu\.dk/+(?!-/media/|gimage\.ashx|images/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.compute.dtu.dk/css/common/print.min.css" />
+			<test url="http://www.space.dtu.dk/css/common/init_alldevices.min.css" />
+			<test url="http://www.space.dtu.dk/css/common/print.min.css" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.compute.dtu.dk/-/media/Institutter/Compute/forside/dtu_compute_da_web.ashx?mh=100&amp;mw=600" />
+			<test url="http://www.compute.dtu.dk/gimage.ashx?i=" />
+			<test url="http://www.compute.dtu.dk/images/grid/dtu_logo_servicemenu.png" />
+			<test url="http://space.dtu.dk/images/grid/dtu_logo_servicemenu.png" />
+			<test url="http://www.space.dtu.dk/-/media/DTU_Generelt/Navnetraek/Mobilsite/Lille%20mobiltop%20DTU%20Space%20DK.ashx" />
+			<test url="http://www.space.dtu.dk/gimage.ashx" />
+			<test url="http://www.space.dtu.dk/images/modules/megamenu/megamenu_bg.png" />
+			<test url="http://www.dtu.dk/gimage.ashx" />
+
+		<test url="http://auth.dtu.dk/dtu/login?service=" />
+
+
+	<!--	Direct rewrites:
+				-->
+	<!--securecookie host="^auth\.dtu\.dk$" name="^(?:ASP\.NET_SessionId|Cas\.USERNAMECOOKIE)$" /-->
+	<!--securecookie host="^nemid\.dtu\.dk$" name="^(?:ASP\.NET_SessionId|SamlRequestIdKey)$" /-->
+	<!--securecookie host="^(?:www\.)?portalen\.dtu\.dk$" name="^(?:ASP\.NET_SessionId|loginurl)$" /-->
+
+	<securecookie host="^(?:backend\.alumnenet|auth|nemid|(?:www\.)?portalen)\.dtu\.dk$" name=".+" />
+
+
+	<rule from="^http://(space\.)?dtu\.dk/"
+		to="https://www.$1dtu.dk/"/>
+
+	<rule from="^http://www\.portalen\.dtu\.dk/"
+		to="https://portalen.dtu.dk/"/>
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
-<!--	  from="^http://(?:
-				(?:www\.
-				)?
-				(
-					(?:
-						(?:alumne|dtic|portalen|space
-						)|backend\.alumnenet|auth|nemid|mail\.win|www
-					)\.
-				)
-			)?dtu\.dk/"
--->
diff --git a/src/chrome/content/rules/Technical-University-of-Lisbon-Darkstar.xml b/src/chrome/content/rules/Technical-University-of-Lisbon-Darkstar.xml
index f89d87a45ee5..7d0fd9a35f9b 100644
--- a/src/chrome/content/rules/Technical-University-of-Lisbon-Darkstar.xml
+++ b/src/chrome/content/rules/Technical-University-of-Lisbon-Darkstar.xml
@@ -3,7 +3,6 @@
 	<target host="darkstar.ist.utl.pt" />
 	<target host="tecnica.ist.utl.pt" />
 
-	<rule from="^http://(darkstar|tecnica)\.ist\.utl\.pt/"
-		to="https://$1.ist.utl.pt/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Technical-University-of-Lisbon.xml b/src/chrome/content/rules/Technical-University-of-Lisbon.xml
index b07b70a504ad..a6bf979ebe3d 100644
--- a/src/chrome/content/rules/Technical-University-of-Lisbon.xml
+++ b/src/chrome/content/rules/Technical-University-of-Lisbon.xml
@@ -1,4 +1,14 @@
-<ruleset name="Technical University of Lisbon" platform="mixedcontent">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://utl.pt/ => https://www.utl.pt/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.utl.pt/ => https://www.utl.pt/: (60, 'SSL certificate problem: certificate has expired')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://utl.pt/ => https://www.utl.pt/: (6, 'Could not resolve host: utl.pt')
+Non-2xx HTTP code: http://www.utl.pt/ (200) => https://www.utl.pt/ (401)
+-->
+<ruleset name="Technical University of Lisbon" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="utl.pt" />
 	<target host="ist.utl.pt" />
diff --git a/src/chrome/content/rules/Technical.ly.xml b/src/chrome/content/rules/Technical.ly.xml
index d7a081ed5d64..49bd09c47cfc 100644
--- a/src/chrome/content/rules/Technical.ly.xml
+++ b/src/chrome/content/rules/Technical.ly.xml
@@ -1,26 +1,58 @@
-<ruleset name="Technical.ly (partial)">
 
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.technical.ly/2013/03/12/founder-institute-boasts-helping-to-launch-750-startups-in-40-cities-infographic/ => https://www.technical.ly/2013/03/12/founder-institute-boasts-helping-to-launch-750-startups-in-40-cities-infographic/: Too many redirects while fetching 'https://www.technical.ly/2013/03/12/founder-institute-boasts-helping-to-launch-750-startups-in-40-cities-infographic/'
+Fetch error: http://www.technical.ly/category/business/ => https://www.technical.ly/category/business/: Too many redirects while fetching 'https://www.technical.ly/category/business/'
+Fetch error: http://www.technical.ly/organization/accessmd-com/ => https://www.technical.ly/organization/accessmd-com/: Too many redirects while fetching 'https://www.technical.ly/organization/accessmd-com/'
+Fetch error: http://www.technical.ly/philly/2016/03/11/federal-open-source-policy-philadelphia/ => https://www.technical.ly/philly/2016/03/11/federal-open-source-policy-philadelphia/: Too many redirects while fetching 'https://www.technical.ly/philly/2016/03/11/federal-open-source-policy-philadelphia/'
+
+-->
+<ruleset name="Technical.ly (partial)" default_off="failed ruleset test">
 	<target host="technical.ly" />
 	<target host="www.technical.ly" />
-		<!--
-			These paths redirect to http:
-
-				- $
-				- 2013/03/12/founder-institute-boasts-helping-to-launch-750-startups-in-40-cities-infographic/$
-				- about/$
-				- advertising/$
-				- category/business/$
-				- contact-us/$
-				- directory/$
-				- ethics/$
-				- jobs/$
-				- organization/accessmd-com/$
-				- post-a-job/$
-							-->
-		<exclusion pattern="^http://(?:www\.)?technical\.ly/(?:$|\?|\d{4}/\d\d/\d\d/|about|advertising|category|contact-us|directory|ethics|jobs|organization|post-a-job)" />
+	<target host="rise.technical.ly" />
 
+	<!--
+	These paths redirect to http:
+		- $
+		- 2013/03/12/founder-institute-boasts-helping-to-launch-750-startups-in-40-cities-infographic/$
+		- about/$
+		- advertising/$
+		- category/business/$
+		- contact-us/$
+		- directory/$
+		- ethics/$
+		- jobs/$
+		- organization/accessmd-com/$
+		- post-a-job/$
+	-->
+	<exclusion pattern="^http://(www\.)?technical\.ly/(\?|\d{4}/\d\d/\d\d/|about/|advertising/|category/|contact-us/|directory/|ethics/|jobs/|organization/|post-a-job/)?$" />
 
-	<rule from="^http://(www\.)?technical\.ly/"
-		to="https://$1technical.ly/" />
+	<test url="http://technical.ly/" />
+	<test url="http://technical.ly/2013/03/12/founder-institute-boasts-helping-to-launch-750-startups-in-40-cities-infographic/" />
+	<test url="http://technical.ly/about/" />
+	<test url="http://technical.ly/advertising/" />
+	<test url="http://technical.ly/category/business/" />
+	<test url="http://technical.ly/contact-us/" />
+	<test url="http://technical.ly/directory/" />
+	<test url="http://technical.ly/ethics/" />
+	<test url="http://technical.ly/jobs/" />
+	<test url="http://technical.ly/organization/accessmd-com/" />
+	<test url="http://technical.ly/post-a-job/" />
+	<test url="http://technical.ly/philly/2016/03/11/federal-open-source-policy-philadelphia/" />
+	<test url="http://www.technical.ly/" />
+	<test url="http://www.technical.ly/2013/03/12/founder-institute-boasts-helping-to-launch-750-startups-in-40-cities-infographic/" />
+	<test url="http://www.technical.ly/about/" />
+	<test url="http://www.technical.ly/advertising/" />
+	<test url="http://www.technical.ly/category/business/" />
+	<test url="http://www.technical.ly/contact-us/" />
+	<test url="http://www.technical.ly/directory/" />
+	<test url="http://www.technical.ly/ethics/" />
+	<test url="http://www.technical.ly/jobs/" />
+	<test url="http://www.technical.ly/organization/accessmd-com/" />
+	<test url="http://www.technical.ly/post-a-job/" />
+	<test url="http://www.technical.ly/philly/2016/03/11/federal-open-source-policy-philadelphia/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http://rise\.technical\.ly/" to="https://rise2015.splashthat.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Technical_University_Munich.xml b/src/chrome/content/rules/Technical_University_Munich.xml
index 9689337e44a9..d24b125ba067 100644
--- a/src/chrome/content/rules/Technical_University_Munich.xml
+++ b/src/chrome/content/rules/Technical_University_Munich.xml
@@ -1,17 +1,27 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ias.cs.tum.edu/ => https://ias.cs.tum.edu/: (60, 'SSL certificate problem: certificate has expired')
+
 	Fully covered domains:
 
 		- tum.de subdomains:
 
+			- (www.)
 			- adm9.in.tum.de
 			- ias.in
+			- sec.in
+			- www21.in
 			- www.lehre
 			- www.lehren
+			- www.piwik
+			- mediatum.ub
 			- www
 
 		- ias.cs.tum.edu
 
 		- ias.informatik.tu-muenchen.de
+		- mailmanbroy.informatik.tu-muenchen.de
 		- www.tu-muenchen.de
 
 
@@ -20,41 +30,55 @@
 
 	Observed cookie domains:
 
+		- in.tum.de
 		- adm9.in.tum.de
 		- ias.in.tum.de
+		- www.in.tum.de
+		- www.tum.de
 		- ias.cs.tum.edu
 		- ias.informatik.tu-muenchen.de
 
 
 	Mixed content:
 
-		- Web bug on ias.in.tum.de from adm9.in.tum.de *
+		- Web bugs, on:
+
+			- ias.in.tum.de from adm9.in.tum.de *
+			- www.in from www.etracker.de *
+			- www.tum.de from www.piwik.tum.de *
 
 	* Secured by us
 
 -->
-<ruleset name="Technical University Munich (partial)">
-
-	<target host="*.tum.de" />
+<ruleset name="Technical University Munich (partial)" default_off="failed ruleset test">
+
+	<target host="www.tum.de" />
+	<target host="www.lehre.tum.de" />
+	<target host="www.lehren.tum.de" />
+	<target host="www.piwik.tum.de" />
+	<target host="in.tum.de" />
+	<target host="ias.in.tum.de" />
+	<target host="sec.in.tum.de" />
+	<target host="www.in.tum.de" />
+	<target host="www21.in.tum.de" />
+	<target host="mediatum.ub.tum.de" />
 	<target host="ias.cs.tum.edu" />
-	<target host="*.tu-muenchen.de" />
+	<target host="ias.informatik.tu-muenchen.de" />
+	<target host="mailmanbroy.informatik.tu-muenchen.de" />
+	<target host="www.tu-muenchen.de" />
+	<target host="isabelle.in.tum.de" />
 
 
-	<securecookie host="^(?:adm9\.in|ias\.in|www(?:\.lehren?))?\.tum\.de$" name=".+" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.sec\.in\.tum\.de$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^mediatum\.ub\.tum\.de$" name="^PSESSION$" /-->
+
+	<securecookie host="^(?:in|(?:adm9|ias|sec|www)\.in|mediatum\.ub|www(?:\.lehren?)?)?\.tum\.de$" name=".+" />
 	<securecookie host="^ias\.cs\.tum\.edu$" name=".+" />
 	<securecookie host="^(?:www|ias\.informatik)\.tu-muenchen\.de$" name=".+" />
 
 
-	<rule from="^http://www(\.lehren?)?\.tum\.de/"
-		to="https://www$1.tum.de/" />
-
-	<rule from="^http://ias\.in\.tum\.de/"
-		to="https://ias.in.tum.de/" />
-
-	<rule from="^http://ias\.cs\.tum\.edu/"
-		to="https://ias.cs.tum.edu/" />
-
-	<rule from="^http://(ias\.informatik|www)\.tu-muenchen\.de/"
-		to="https://$1.tu-muenchen.de/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Technik.cafe.xml b/src/chrome/content/rules/Technik.cafe.xml
new file mode 100644
index 000000000000..64bfdef59363
--- /dev/null
+++ b/src/chrome/content/rules/Technik.cafe.xml
@@ -0,0 +1,8 @@
+<ruleset name="Technik.cafe" default_off="cert-chain">
+	<target host="technik.cafe" />
+	<target host="www.technik.cafe" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Techniker-Krankenkasse.xml b/src/chrome/content/rules/Techniker-Krankenkasse.xml
index 07c043499a82..6e62f0d30565 100644
--- a/src/chrome/content/rules/Techniker-Krankenkasse.xml
+++ b/src/chrome/content/rules/Techniker-Krankenkasse.xml
@@ -1,5 +1,5 @@
 <ruleset name="Techniker Krankenkasse">
 <target host="www.tk.de" />
 <target host="tk.de" />
-<rule from="^http://(?:www\.)?tk\.de/" to="https://www.tk.de/"/>
+<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Technische_Aufklarung.xml b/src/chrome/content/rules/Technische_Aufklarung.xml
new file mode 100644
index 000000000000..a20670842b75
--- /dev/null
+++ b/src/chrome/content/rules/Technische_Aufklarung.xml
@@ -0,0 +1,13 @@
+<ruleset name="Technische Aufklärung">
+
+	<!-- cert mismatch on www , it is only valid for webgo -->
+
+	<target host="technische-aufklaerung.de" />
+	<target host="www.technische-aufklaerung.de" />
+
+	<rule from="^http://www\.technische-aufklaerung\.de/"
+		to="https://technische-aufklaerung.de/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Technische_Universitat_Berlin.xml b/src/chrome/content/rules/Technische_Universitat_Berlin.xml
index c570f4f4e0a5..8a8d1a5a9bf0 100644
--- a/src/chrome/content/rules/Technische_Universitat_Berlin.xml
+++ b/src/chrome/content/rules/Technische_Universitat_Berlin.xml
@@ -177,4 +177,4 @@
 	<rule from="^http://autodiscover\.tu-berlin\.de/"
 		to="https://exchange.tu-berlin.de/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/TechnoPortal.ua.xml b/src/chrome/content/rules/TechnoPortal.ua.xml
new file mode 100644
index 000000000000..dbc85b0e6024
--- /dev/null
+++ b/src/chrome/content/rules/TechnoPortal.ua.xml
@@ -0,0 +1,72 @@
+<!--
+	Problematic subdomains:
+
+		- catalogue *
+		- i *
+
+	* Mismatched
+
+
+	Insecure cookies are set for these domains:
+
+		- technoportal.ua
+		- .technoportal.ua
+
+
+	Mixed content:
+
+		- css on ^ from fonts.googleapis.com ¹
+
+		- Images, on:
+
+			- ^ from $self ¹
+			- ^ from i ¹
+
+		- Ads/bugs on ^ from www.googleadservices.com ²
+
+	¹ Secured by us
+	² Rule disabled by default
+
+-->
+<ruleset name="TechnoPortal.ua (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="technoportal.ua" />
+	<target host="www.technoportal.ua" />
+
+	<!--	Complications:
+				-->
+	<target host="i.technoportal.ua" />
+
+		<!--	Differs from (www.)?
+						-->
+		<exclusion pattern="^http://i\.technoportal\.ua/+(?:$|\?)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://i.technoportal.ua//" />
+			<test url="http://i.technoportal.ua//?" />
+			<test url="http://i.technoportal.ua/?" />
+
+			<!--	-ve:
+					-->
+			<test url="http://i.technoportal.ua/i/logo426.png?r=" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^technoportal\.ua$" name="^FIRST_ENTER|(event|page|referer)$" /-->
+	<!--securecookie host="^\.technoportal\.ua$" name="^(PHPSESSID|TPFE_event|TPFE_page|TPFE_referer|cookiesAgree|test_set_cookie1|test_set_cookie2)$" /-->
+
+	<securecookie host="^technoportal\.ua$" name=".+" />
+	<securecookie host="^\.technoportal\.ua$" name="^(TPFE_(?:event|page|referer)|cookiesAgree)$" />
+
+
+	<rule from="^http://i\.technoportal\.ua/"
+		to="https://technoportal.ua/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Technocrat.net.xml b/src/chrome/content/rules/Technocrat.net.xml
new file mode 100644
index 000000000000..74df424c4758
--- /dev/null
+++ b/src/chrome/content/rules/Technocrat.net.xml
@@ -0,0 +1,14 @@
+<ruleset name="Technocrat.net">
+
+	<target host="technocrat.net" />
+	<target host="www.technocrat.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<securecookie host="^(?:w*\.)?technocrat\.net$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TechnologyReview.xml b/src/chrome/content/rules/TechnologyReview.xml
index 042e22bf6183..15d8617b4a74 100644
--- a/src/chrome/content/rules/TechnologyReview.xml
+++ b/src/chrome/content/rules/TechnologyReview.xml
@@ -1,22 +1,41 @@
-<ruleset name="TechnologyReview (partial)">
+<!--
+	For other MIT coverage, see MIT.xml.
 
-	<target host="technologyreview.com" />
-	<target host="*.technologyreview.com" />
-		<exclusion pattern="^http://(?:www\.)?technologyreview\.com/(?:$|(?:featuredstory|fromtheeditor|news|qa|view)/\d+/\w|magazine/$|tr\d\d/(?:$|\?|\d{4}/|profile\.aspx)|video/$)" />
-	<target host="technologyreview.in" />
-	<target host="www.technologyreview.in" />
 
+	CDN buckets:
+
+		- mittr-frontend-prod-herokuapp-com.global.ssl.fastly.net
+
+
+	Problematic hosts in *technologyreview.com:
+
+		- ^ ʳ
+		- events ᵐ
+
+	ᵐ Mismatched
+	ʳ Refused
+
+-->
+<ruleset name="TechnologyReview.com (partial)">
+
+	<!--	Complications:
+				-->
+	<target host="subscribe.technologyreview.com" />
+	<target host="www.technologyreview.com" />
+	<target host="www2.technologyreview.com" />
+
+	<!--	Complications:
+				-->
+	<target host="technologyreview.com" />
 
-	<securecookie host="^(?:.*\.)?technologyreview\.(com|in)$" name=".+" />
 
+	<securecookie host="^\." name="^_gat?$" />
 
-	<rule from="^http://(?:www\.)?technologyreview\.(com|in)/"
-		to="https://www.technologyreview.$1/" />
 
-	<rule from="^http://s?metrics\.technologyreview\.com/"
-		to="https://smetrics.technologyreview.com/" />
+	<rule from="^http://technologyreview\.com/"
+		to="https://www.technologyreview.com/" />
 
-	<rule from="^http://(subscribe|www2)\.technologyreview\.com/"
-		to="https://$1.technologyreview.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Technolutions.net.xml b/src/chrome/content/rules/Technolutions.net.xml
new file mode 100644
index 000000000000..ceb99008b904
--- /dev/null
+++ b/src/chrome/content/rules/Technolutions.net.xml
@@ -0,0 +1,13 @@
+<ruleset name="Technolutions.net">
+
+	<target host="apply-berkeley-edu.cdn.technolutions.net" />
+	<target host="fw.cdn.technolutions.net" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Technomedia.xml b/src/chrome/content/rules/Technomedia.xml
index 6db80c036b00..c7a0a20f8d7f 100644
--- a/src/chrome/content/rules/Technomedia.xml
+++ b/src/chrome/content/rules/Technomedia.xml
@@ -13,7 +13,6 @@
 	<securecookie host="^www\.technomedia\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?technomedia\.com/"
-		to="https://www.technomedia.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Technorati-Media-problematic.xml b/src/chrome/content/rules/Technorati-Media-problematic.xml
deleted file mode 100644
index 1e5864c1550c..000000000000
--- a/src/chrome/content/rules/Technorati-Media-problematic.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	For rules that are on by default, see Technorati-Media.xml.
-
--->
-<ruleset name="Technorati Media (mismatches)" default_off="expired, mismatched, self-signed">
-
-	<target host="technoratimedia.com" />
-	<target host="ad-cdn.technoratimedia.com" />
-	<target host="uat-net.technoratimedia.com" />
-	<target host="www.technoratimedia.com" />
-
-
-	<!--	www 301s to !www.
-					-->
-	<rule from="^https?://(?:www\.)?technoratimedia\.com/"
-		to="https://technoratimedia.com/" />
-
-	<rule from="^https?://(?:ad-cdn|uat-net)\.technoratimedia\.com/"
-		to="https://uat-net.technoratimedia.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Technorati-Media.xml b/src/chrome/content/rules/Technorati-Media.xml
deleted file mode 100644
index 0eda20206b62..000000000000
--- a/src/chrome/content/rules/Technorati-Media.xml
+++ /dev/null
@@ -1,40 +0,0 @@
-<!--
-	For problematic rules, see Technorati-Media-problematic.xml.
-
-
-	CDN buckets:
-
-		- wac.1DDE.edgecastcdn.net/...
-			- scm-l3.technorati.com
-			- ad-cdn.technoratimedia.com
-
-
-	Problematic technoratimedia.com subdomains:
-
-		- (www.)	(self-signed, CN: Parallels Panel)
-		- ad		(mismatch, CN: ad.yieldmanager.com)
-		- ad-cdn	(CN: gp1.wac.edgecastcdn.net; 404)
-		- uat-net	(expired 2012-10-08)
-
-
-	Nonfunctional domains:
-
-		- technorati.com
-		- feeds09.technorati.com	(interrupted)
-		- scm-l3.technorati.com		(cert: gp1.wac.edgecastcdn.net; 404)
-		- static.technorati.com		(refused)
-		- widgets.technorati.com
-
--->
-<ruleset name="Technorati Media (partial)">
-
-	<target host="*.technoratimedia.com" />
-
-
-	<rule from="^http://ad\.technoratimedia\.com/"
-		to="https://ad.rmxads.com/" />
-
-	<!--rule from="^https?://(?:ad-cdn|uat-net)\.technoratimedia\.com/"
-		to="https://uat-net.technoratimedia.com/" /-->
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Technorati.com.xml b/src/chrome/content/rules/Technorati.com.xml
new file mode 100644
index 000000000000..bc86307fcddf
--- /dev/null
+++ b/src/chrome/content/rules/Technorati.com.xml
@@ -0,0 +1,28 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+			 - ns1.technorati.com
+			 - ns2.technorati.com
+			 - ns3.technorati.com
+			 - ns4.technorati.com
+
+		Timeout was reached:
+			 - technorati.com
+			 - www.technorati.com
+			 - static.technorati.com
+
+		SSL connect error:
+			 - feeds09.technorati.com
+
+		SSL peer certificate was not OK:
+			 - newthumbs-l3.technorati.com
+			 - scm-l3.technorati.com
+
+		Peer certificate cannot be authenticated with given CA certificates:
+			 - contango.technorati.com
+-->
+<ruleset name="Technorati.com (partial)">
+	<target host="mycontango.technorati.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Technovelty.org.xml b/src/chrome/content/rules/Technovelty.org.xml
new file mode 100644
index 000000000000..3be5361ebef9
--- /dev/null
+++ b/src/chrome/content/rules/Technovelty.org.xml
@@ -0,0 +1,13 @@
+<ruleset name="Technovelty.org">
+
+	<target host="technovelty.org" />
+	<target host="www.technovelty.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Techopedia.com.xml b/src/chrome/content/rules/Techopedia.com.xml
index e1b93ccf49b9..5578ce0409a6 100644
--- a/src/chrome/content/rules/Techopedia.com.xml
+++ b/src/chrome/content/rules/Techopedia.com.xml
@@ -1,4 +1,6 @@
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://techopedia.com/ => https://www.techopedia.com/: (28, 'Connection timed out after 10000 milliseconds')
 	Problematic subdomains:
 
 		- ^	(mismatched, CN: Janalta.com)
@@ -16,7 +18,8 @@
 <ruleset name="Techopedia.com">
 
 	<target host="techopedia.com" />
-	<target host="*.techopedia.com" />
+	<target host="www.techopedia.com" />
+	<target host="cms.techopedia.com" />
 
 
 	<securecookie host="^(?:cms|www)?\.techopedia\.com$" name=".+" />
@@ -25,7 +28,6 @@
 	<rule from="^http://(?:www\.)?techopedia\.com/"
 		to="https://www.techopedia.com/" />
 
-	<rule from="^http://cms\.techopedia\.com/"
-		to="https://cms.techopedia.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Techpinions.com.xml b/src/chrome/content/rules/Techpinions.com.xml
new file mode 100644
index 000000000000..ac87703ce62d
--- /dev/null
+++ b/src/chrome/content/rules/Techpinions.com.xml
@@ -0,0 +1,31 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- techpinions.com
+		- www.techpinions.com
+
+
+	Mixed content:
+
+		- css from maxcdn.bootstrapcdn.com ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="Techpinions.com">
+
+	<target host="techpinions.com" />
+	<target host="www.techpinions.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?techpinions\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Techpowerup.com.xml b/src/chrome/content/rules/Techpowerup.com.xml
new file mode 100644
index 000000000000..a1ea3d5fb844
--- /dev/null
+++ b/src/chrome/content/rules/Techpowerup.com.xml
@@ -0,0 +1,13 @@
+<!--
+	Other TechPowerUp rulesets:
+		- tpucdn.com.xml
+-->
+
+<ruleset name="Techpowerup.com">
+	<target host="techpowerup.com" />
+	<target host="www.techpowerup.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Techquila.co.in.xml b/src/chrome/content/rules/Techquila.co.in.xml
new file mode 100644
index 000000000000..cfa818699228
--- /dev/null
+++ b/src/chrome/content/rules/Techquila.co.in.xml
@@ -0,0 +1,9 @@
+<ruleset name="Techquila.co.in">
+	<target host="techquila.co.in" />
+	<target host="www.techquila.co.in" />
+	<target host="team.techquila.co.in" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Techreport.com.xml b/src/chrome/content/rules/Techreport.com.xml
new file mode 100644
index 000000000000..26a8f609423a
--- /dev/null
+++ b/src/chrome/content/rules/Techreport.com.xml
@@ -0,0 +1,40 @@
+<!--
+	Problematic subdomains:
+
+		- jobs *
+
+	* Works; mismatched, CN: *.jobthread.com
+
+
+	Mixed content:
+
+		- Images on jobs from www *
+
+		- Ads/bugs, on:
+
+			- jobs from d1.openx.org *
+			- www from www.facebook.com *
+			- www from pixel.quantserve.com *
+			- www from b.scorecardresearch.com *
+
+	* Secured by us
+
+-->
+<ruleset name="The Tech Report (partial)">
+
+	<target host="techreport.com" />
+	<target host="www.techreport.com" />
+		<!--exclusion pattern="^http://jobs\.techreport\.com/" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^techreport\.com$" name="^(PHPSESSID|trheadline_lastseen2)$" /-->
+	<!--securecookie host="^\.techreport\.com$" name="^tr_view$" /-->
+
+	<securecookie host="^\.?techreport\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Techslinger.com.xml b/src/chrome/content/rules/Techslinger.com.xml
deleted file mode 100644
index 24e0d626f5d7..000000000000
--- a/src/chrome/content/rules/Techslinger.com.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Techslinger.com">
-
-	<target host="techslinger.com" />
-	<target host="www.techslinger.com" />
-
-
-	<securecookie host="^www\.techslinger\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?techslinger\.com/"
-		to="https://$1techslinger.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Techstats.net.xml b/src/chrome/content/rules/Techstats.net.xml
deleted file mode 100644
index 8d36e9561138..000000000000
--- a/src/chrome/content/rules/Techstats.net.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="techstats.net">
-
-	<target host="affiliate.techstats.net" />
-
-
-	<rule from="^http://affiliate\.techstats\.net/"
-		to="https://affiliate.techstats.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Techsupportalert.xml b/src/chrome/content/rules/Techsupportalert.xml
deleted file mode 100644
index cdab9262129c..000000000000
--- a/src/chrome/content/rules/Techsupportalert.xml
+++ /dev/null
@@ -1,5 +0,0 @@
-<ruleset name="Techsupportalert" platform="mixedcontent">
-<target host="www.techsupportalert.com" />
-<target host="techsupportalert.com" />
-<rule from="^http://(?:www\.)?techsupportalert\.com/" to="https://www.techsupportalert.com/"/>
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Tecnocode.co.uk.xml b/src/chrome/content/rules/Tecnocode.co.uk.xml
new file mode 100644
index 000000000000..4d5f9f6f4fa2
--- /dev/null
+++ b/src/chrome/content/rules/Tecnocode.co.uk.xml
@@ -0,0 +1,9 @@
+<ruleset name="tecnocode.co.uk">
+
+	<target host="tecnocode.co.uk" />
+	<target host="www.tecnocode.co.uk" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Tectonic.com.xml b/src/chrome/content/rules/Tectonic.com.xml
new file mode 100644
index 000000000000..d7085d597da5
--- /dev/null
+++ b/src/chrome/content/rules/Tectonic.com.xml
@@ -0,0 +1,17 @@
+<ruleset name="Tectonic.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="tectonic.com" />
+	<target host="account.tectonic.com" />
+	<target host="cdn.tectonic.com" />
+	<target host="www.tectonic.com" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Teddy_Hyde.com.xml b/src/chrome/content/rules/Teddy_Hyde.com.xml
new file mode 100644
index 000000000000..a0edb45546fc
--- /dev/null
+++ b/src/chrome/content/rules/Teddy_Hyde.com.xml
@@ -0,0 +1,15 @@
+<!--
+	These altnames don't exist:
+
+		- teddyhyde.com
+
+-->
+<ruleset name="Teddy Hyde.com" default_off="expired, mismatched">
+
+	<target host="www.teddyhyde.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Teddy_Online_Judge.net.xml b/src/chrome/content/rules/Teddy_Online_Judge.net.xml
new file mode 100644
index 000000000000..207c47770498
--- /dev/null
+++ b/src/chrome/content/rules/Teddy_Online_Judge.net.xml
@@ -0,0 +1,29 @@
+<!--
+	NB: Server sends no certificate chain, see https://whatsmychaincert.com
+
+
+	Insecure cookies are set for these hosts:
+
+		- teddyonlinejudge.net
+		- www.teddyonlinejudge.net
+
+-->
+<ruleset name="Teddy Online Judge.net" default_off="cert-chain">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="teddyonlinejudge.net" />
+	<target host="www.teddyonlinejudge.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?teddyonlinejudge\.net$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^(?:www\.)?teddyonlinejudge\.net$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TeenDriverSource.org.xml b/src/chrome/content/rules/TeenDriverSource.org.xml
index 7c7e5aa3299a..0ed09385492e 100644
--- a/src/chrome/content/rules/TeenDriverSource.org.xml
+++ b/src/chrome/content/rules/TeenDriverSource.org.xml
@@ -1,4 +1,14 @@
-<ruleset name="TeenDriverSource.org">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://teendriversource.org/ => https://teendriversource.org/: Too many redirects while fetching 'https://teendriversource.org/'
+Fetch error: http://www.teendriversource.org/ => https://www.teendriversource.org/: Too many redirects while fetching 'https://www.teendriversource.org/'
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://teendriversource.org/ => https://teendriversource.org/: Cycle detected - URL already encountered: https://www.teendriversource.org/
+Fetch error: http://www.teendriversource.org/ => https://www.teendriversource.org/: Cycle detected - URL already encountered: https://www.teendriversource.org/
+-->
+<ruleset name="TeenDriverSource.org" default_off="failed ruleset test">
 
 	<target host="teendriversource.org" />
 	<target host="www.teendriversource.org" />
@@ -7,7 +17,6 @@
 	<securecookie host="^(?:www\.)?teendriversource\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?teendriversource\.org/"
-		to="https://$1teendriversource.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Teen_Revenue.com.xml b/src/chrome/content/rules/Teen_Revenue.com.xml
index 09e7936a3470..7545f2f274d0 100644
--- a/src/chrome/content/rules/Teen_Revenue.com.xml
+++ b/src/chrome/content/rules/Teen_Revenue.com.xml
@@ -8,7 +8,8 @@
 <ruleset name="Teen Revenue.com" default_off="mismatched">
 
 	<target host="teenrevenue.com" />
-	<target host="*.teenrevenue.com" />
+	<target host="nats.teenrevenue.com" />
+	<target host="www.teenrevenue.com" />
 
 
 	<securecookie host="^nats\.teenrevenue\.com$" name=".+" />
@@ -17,4 +18,4 @@
 	<rule from="^http://(?:nats\.|www\.)?teenrevenue\.com/"
 		to="https://nats.teenrevenue.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Teespring.com.xml b/src/chrome/content/rules/Teespring.com.xml
new file mode 100644
index 000000000000..90e450f92a62
--- /dev/null
+++ b/src/chrome/content/rules/Teespring.com.xml
@@ -0,0 +1,58 @@
+<!--
+	Other Teespring rulesets:
+
+		- Tspr.ng.xml
+
+
+	Nonfunctional hosts in *teespring.com:
+
+		- answers *
+
+	* Desk.com
+
+
+	Problematic hosts in *teespring.com:
+
+		- university *
+
+	* Squarespace/mismatched
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- teespring.com
+		- .teespring.com
+		- university.teespring.com
+
+
+	Mixed content:
+
+		- favicon on university from d1b2zzpxewkr9z.cloudfront.net *
+
+	* Secured by us
+
+-->
+<ruleset name="Teespring.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="teespring.com" />
+	<target host="app-community.teespring.com" />
+	<target host="community.teespring.com" />
+	<target host="vangogh.teespring.com" />
+	<target host="www.teespring.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^teespring\.com$" name="^teespring_user_email$" /-->
+	<!--securecookie host="^\.teespring\.com$" name="^(?:__cfduid|_teespring_session_2|SS_MID|cf_clearance)$" /-->
+	<!--securecookie host="^university\.teespring\.com$" name="^(?:JSESSIONID|crumb)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Teevox.com.xml b/src/chrome/content/rules/Teevox.com.xml
new file mode 100644
index 000000000000..caef61ce41c3
--- /dev/null
+++ b/src/chrome/content/rules/Teevox.com.xml
@@ -0,0 +1,29 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://teevox.com/ => https://teevox.com/: (51, "SSL: no alternative certificate subject name matches target host name 'teevox.com'")
+Fetch error: http://www.teevox.com/ => https://www.teevox.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.teevox.com'")
+
+	Mixed content:
+
+		- Bugs, from:
+
+			- www.facebook.com ˢ
+			- platform.twitter.com ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="Teevox.com" default_off="failed ruleset test">
+
+	<target host="teevox.com" />
+	<target host="www.teevox.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Tehconnection.eu.xml b/src/chrome/content/rules/Tehconnection.eu.xml
deleted file mode 100644
index ea4a0f505d42..000000000000
--- a/src/chrome/content/rules/Tehconnection.eu.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="Tehconnection">
-
-	<target host="tehconnection.eu"/>
-	<target host="*.tehconnection.eu"/>
-
-	<securecookie host="^tehconnection\.eu$" name=".*"/>
-
-	<!--	cert !match www		-->
-	<rule from="^http://(?:(static\.)|www\.)?tehconnection\.eu/"
-		to="https://$1tehconnection.eu/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Tek.no.xml b/src/chrome/content/rules/Tek.no.xml
index 68731f666da0..d16e732a86ab 100644
--- a/src/chrome/content/rules/Tek.no.xml
+++ b/src/chrome/content/rules/Tek.no.xml
@@ -1,35 +1,69 @@
 <!--
-	Nonfunctional subdomains:
+	Problematic hosts in *tek.no:
 
-		- ish		(no https)
-		- prisguide	(times out)
+		- ^ ʰ
+		- ad	(mismatched, CN: *.adtech.de)
+		- prisguide ᵈ
 
+	ᵈ Dropped, preemptable redirect
+	ʰ Redirects to http, preemptable redirect
 
-	Problematic subdomains:
 
-		- ad	(mismatched, CN: *.adtech.de)
+	Insecure cookies are set for these domains: ᶜ
+
+		- .ish.tek.no
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
 
 
 	Mixed images from:
 
-		- img.gfx.no
+		- img.gfx.no ᵈ
+
+	ᵈ Unsecurable <= dropped
 
 -->
 <ruleset name="Tek.no (partial)">
 
+	<!--	Direct rewrites:
+				-->
+	<target host="ish.tek.no" />
+	<target host="static.tek.no" />
+	<target host="www.tek.no" />
+
+		<test url="http://static.tek.no/images/main/tek.svg" />
+
+	<!--	Complications:
+				-->
 	<target host="tek.no" />
-	<target host="*.tek.no" />
+	<target host="ad.tek.no" />
+	<target host="prisguide.tek.no" />
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.ish\.tek\.no$" name="^(?:tek_)?ish$" /-->
 
 	<!--	Adtech cookie:
 				-->
 	<securecookie host="^\.tek\.no$" name="^CfP$" />
+	<securecookie host="^\.ish\." name=".+" />
 
 
-	<rule from="^http://(static\.|www\.)?tek\.no/"
-		to="https://$1tek.no/" />
+	<rule from="^http://tek\.no/"
+		to="https://www.tek.no/" />
 
 	<rule from="^http://ad\.tek\.no/"
 		to="https://adserver.adtech.de/" />
 
-</ruleset>
\ No newline at end of file
+	<!--	Redirect keeps all:
+					-->
+	<rule from="^http://prisguide\.tek\.no/"
+		to="https://www.prisguide.no/" />
+
+		<test url="http://prisguide.tek.no/kategorier" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TekGoblin.com.xml b/src/chrome/content/rules/TekGoblin.com.xml
new file mode 100644
index 000000000000..ffbbd9621970
--- /dev/null
+++ b/src/chrome/content/rules/TekGoblin.com.xml
@@ -0,0 +1,28 @@
+<!--
+	Secure coonection failed:
+		tekgoblin.com
+
+	Invalid certificate:
+		cloud.tekgoblin.com
+		jobs.tekgoblin.com
+
+	Time out:
+		origin.tekgoblin.com
+
+-->
+<ruleset name="TekGoblin" platform="mixedcontent">
+
+	<target host="tekgoblin.com" />
+	<target host="www.tekgoblin.com" />
+
+	<target host="cdn.tekgoblinmedia.com" />
+	<target host="cdn2.tekgoblinmedia.com" />
+	<target host="cdn3.tekgoblinmedia.com" />
+
+	<rule from="^http://tekgoblin\.com/"
+		to="https://www.tekgoblin.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TekGoblin.xml b/src/chrome/content/rules/TekGoblin.xml
deleted file mode 100644
index 4dfed7ed6523..000000000000
--- a/src/chrome/content/rules/TekGoblin.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	CDN buckets:
-
-		- d369bx7nq13k6v.cloudfront.net
-
--->
-<ruleset name="TekGoblin">
-
-	<target host="tekgoblin.com" />
-	<target host="*.tekgoblin.com" />
-	<target host="tekgoblinmedia.com" />
-	<target host="*.tekgoblinmedia.com" />
-
-
-	<!--	Every tekgoblin.com subdomain seems identical.
-								-->
-	<rule from="^https?://(?:(?:\w+\.)?tekgoblin|cdn(?:[23])?\.tekgoblinmedia)\.com/"
-		to="https://d369bx7nq13k6v.cloudfront.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Tek_Syndicate.com.xml b/src/chrome/content/rules/Tek_Syndicate.com.xml
new file mode 100644
index 000000000000..61ecc76a9f7d
--- /dev/null
+++ b/src/chrome/content/rules/Tek_Syndicate.com.xml
@@ -0,0 +1,35 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://forum.teksyndicate.com/ => https://forum.teksyndicate.com/: (6, 'Could not resolve host: forum.teksyndicate.com')
+Fetch error: http://newton.teksyndicate.com/ => https://newton.teksyndicate.com/: (6, 'Could not resolve host: newton.teksyndicate.com')
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- forum.teksyndicate.com
+		- newton.teksyndicate.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Tek Syndicate.com" default_off="failed ruleset test">
+
+	<target host="teksyndicate.com" />
+	<target host="forum.teksyndicate.com" />
+	<target host="newton.teksyndicate.com" />
+	<target host="www.teksyndicate.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^forum\.teksyndicate\.com$" name="^_forum_session$" /-->
+	<!--securecookie host="^newton\.teksyndicate\.com$" name="^OA(?:ID|VARS\[[\da-f]+\])$" /-->
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TelMasters.xml b/src/chrome/content/rules/TelMasters.xml
index 7ef504d5c07f..96e9e0623177 100644
--- a/src/chrome/content/rules/TelMasters.xml
+++ b/src/chrome/content/rules/TelMasters.xml
@@ -1,13 +1,18 @@
-<ruleset name="TelMasters">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://telmasters.com/ => https://telmasters.com/: (51, "SSL: no alternative certificate subject name matches target host name 'telmasters.com'")
+
+-->
+<ruleset name="TelMasters" default_off="failed ruleset test">
 
 	<target host="telmasters.com" />
 	<target host="www.telmasters.com" />
 
 
-	<securecookie host="^(www\.)?telmasters\.com$" name=".*" />
+	<securecookie host="^(?:www\.)?telmasters\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?telmasters\.com/"
-		to="https://$1telmasters.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Tele-TASK.xml b/src/chrome/content/rules/Tele-TASK.xml
index b340c561f5de..5ec0ca597194 100644
--- a/src/chrome/content/rules/Tele-TASK.xml
+++ b/src/chrome/content/rules/Tele-TASK.xml
@@ -18,4 +18,4 @@
 	<rule from="^http://www\.tele-task\.de/"
 		to="https://www.tele-task.de/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Tele2.lt.xml b/src/chrome/content/rules/Tele2.lt.xml
new file mode 100644
index 000000000000..95101f5b1cd8
--- /dev/null
+++ b/src/chrome/content/rules/Tele2.lt.xml
@@ -0,0 +1,34 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://loyaloop.tele2.lt/ => https://loyaloop.tele2.lt/: (7, 'Failed to connect to loyaloop.tele2.lt port 443: No route to host')
+
+	Unsupported subdomains:
+
+		- pagalba.tele2.lt *
+		- narsyk.tele2.lt *
+		- pyptonas.tele2.lt **
+		- webmail.tele2.lt **
+		- wap.tele2.lt **
+		- mail.tele2.lt **
+		- blog.tele2.lt ***
+		- web.tele2.lt ***
+		- parkuok.tele2.lt ***
+		- internetas.tele2.lt ***
+		- editorial.tele2.lt ***
+
+	* 404s on HTTPS
+	** Connection fails, times out, or is refused on HTTPS
+	*** Invalid certificate
+-->
+<ruleset name="Tele2.lt" default_off="failed ruleset test">
+	<target host="www.tele2.lt" />
+	<target host="tele2.lt" />
+	<target host="cdn.tele2.lt" />
+	<target host="mano.tele2.lt" />
+	<target host="loyaloop.tele2.lt" />
+
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TeleGeography.com.xml b/src/chrome/content/rules/TeleGeography.com.xml
new file mode 100644
index 000000000000..d038b3eb5bd9
--- /dev/null
+++ b/src/chrome/content/rules/TeleGeography.com.xml
@@ -0,0 +1,20 @@
+<!--
+	Nonfunctional subdomains:
+
+		- shop *
+
+	* Shopify
+
+
+	^: cert only matches www
+
+-->
+<ruleset name="TeleGeography.com (partial)">
+
+	<target host="telegeography.com" />
+	<target host="www.telegeography.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Telebrands.xml b/src/chrome/content/rules/Telebrands.xml
index 17166602cf0f..8af43a4164d0 100644
--- a/src/chrome/content/rules/Telebrands.xml
+++ b/src/chrome/content/rules/Telebrands.xml
@@ -7,7 +7,6 @@
 	<securecookie host="^(?:www\.)?telebrands\.net$" name=".+" />
 
 
-	<rule from="^http://(www\.)?telebrands\.net/"
-		to="https://$1telebrands.net/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Telecolumbus.com.xml b/src/chrome/content/rules/Telecolumbus.com.xml
new file mode 100644
index 000000000000..d143b8634f92
--- /dev/null
+++ b/src/chrome/content/rules/Telecolumbus.com.xml
@@ -0,0 +1,19 @@
+<ruleset name="Telecolumbus">
+    <target host="telecolumbus.com" />
+    <target host="www.telecolumbus.com" />
+    <target host="ir.telecolumbus.com" />
+
+    <target host="telecolumbus.de" />
+    <target host="www.telecolumbus.de" />
+    <target host="wohnungsunternehmen.telecolumbus.de" />
+
+    <target host="service.telecolumbus.net" />
+    <target host="webmailer.telecolumbus.net" />
+
+    <securecookie host="^(www\.|ir\.)?telecolumbus\.com$" name=".+" />
+    <securecookie host="^(www\.|wohnungsunternehmen\.)?telecolumbus\.de$" name=".+" />
+    <securecookie host="^(service\.|webmailer\.)?telecolumbus\.net$" name=".+" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Telecom_Industry_Dialogue.org.xml b/src/chrome/content/rules/Telecom_Industry_Dialogue.org.xml
new file mode 100644
index 000000000000..af8958590af5
--- /dev/null
+++ b/src/chrome/content/rules/Telecom_Industry_Dialogue.org.xml
@@ -0,0 +1,24 @@
+<!--
+	Mixed content:
+
+		- Bugs, from:
+
+			- globalnetworkinitiative.org ¹
+			- c.statcounter.com ²
+
+	¹ Rule disabled by default <= missing certificate chain
+	² Secured by us
+
+-->
+<ruleset name="Telecom Industry Dialogue.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="telecomindustrydialogue.org" />
+	<target host="www.telecomindustrydialogue.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Telecommunications-Industry-Ombudsman.xml b/src/chrome/content/rules/Telecommunications-Industry-Ombudsman.xml
new file mode 100644
index 000000000000..f6fc35670ae6
--- /dev/null
+++ b/src/chrome/content/rules/Telecommunications-Industry-Ombudsman.xml
@@ -0,0 +1,24 @@
+<!--
+
+	For mixed content rules, see Telecommunications-Industry-Ombudsman-mixedcontent.xml.
+
+	Problematic hosts in *tio.com.au:
+
+		- m
+		- annualreport
+		- annualreport2015
+		- annualreport2016
+		- ar2011
+		- ar2012
+		- ar2013
+		- ar2014
+
+-->
+<ruleset name="Telecommunications Industry Ombudsman">
+
+	<target host="tio.com.au" />
+	<target host="www.tio.com.au" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Telefonica-mismatches.xml b/src/chrome/content/rules/Telefonica-mismatches.xml
index 3053b37fcb4d..ab66c8b83a50 100644
--- a/src/chrome/content/rules/Telefonica-mismatches.xml
+++ b/src/chrome/content/rules/Telefonica-mismatches.xml
@@ -10,12 +10,9 @@
 	<target host="www.beusergroup.co.uk"/>
 	<target host="obrazky.o2active.cz"/>
 	<target host="survey.o2active.cz"/>
-	<!--	Cert: localhost.localdomain	-->
-	<target host="tumeapp.com" />
-	<target host="www.tumeapp.com" />
 
-	<securecookie host="^(.*\.)?beusergroup\.co\.uk$" name=".*"/>
-	<securecookie host="^survey\.o2active\.cz$" name=".*"/>
+	<securecookie host="^(?:.*\.)?beusergroup\.co\.uk$" name=".+" />
+	<securecookie host="^survey\.o2active\.cz$" name=".+" />
 
 	<rule from="^http://download\.bethere\.co\.uk/"
 		to="https://download.bethere.co.uk/"/>
@@ -32,7 +29,4 @@
 	<rule from="^http://survey\.o2active\.cz/"
 		to="https://survey.o2active.cz/"/>
 
-	<rule from="^https?://(?:www\.)?tumeapp\.com/"
-		to="https://tumeapp.com/" />
-
 </ruleset>
diff --git a/src/chrome/content/rules/Telefonica.xml b/src/chrome/content/rules/Telefonica.xml
index e7574fd46e78..170a2633e0a5 100644
--- a/src/chrome/content/rules/Telefonica.xml
+++ b/src/chrome/content/rules/Telefonica.xml
@@ -1,7 +1,5 @@
-<!--
-	For problematic rules, see Telefonica-mismatches.xml.
-
 
+<!--
 	Other Telefónica rulesets:
 
 		- O2_online.de.xml
@@ -9,8 +7,11 @@
 
 	Nonfunctional:
 
+		- (www.)?tumeapp.com ¹
 		- support.tumeapp.com	(cert: *.lithium.com; reset)
 
+	¹ Reset
+
 
 	Fully covered domains:
 
@@ -22,74 +23,35 @@
 
 	<target host="chcidoo2.cz"/>
 	<target host="www.chcidoo2.cz"/>
-	<target host="cz.o2.com"/>
-	<target host="www.cz.o2.com"/>
+	<target host="kariera.o2.cz"/>
 	<target host="o2.cz"/>
-	<target host="*.o2.cz"/>
-	<target host="*.www.o2.cz"/>
-	<target host="*.o2.de" />
-	<target host="i.o2active.cz"/>
-	<target host="mail.o2active.cz"/>
-	<target host="o2extra.cz"/>
-	<target host="www.o2extra.cz"/>
-	<target host="o2shop.cz"/>
-	<target host="www.o2shop.cz"/>
+	<target host="moje.o2.cz" />
+	<target host="www.o2.cz" />
+	<target host="static.o2.de" />
+	<target host="static2.o2.de" />
+	<target host="o2extravyhody.cz"/>
+	<target host="www.o2extravyhody.cz"/>
+	<target host="o2knihovna.cz"/>
+	<target host="www.o2knihovna.cz"/>
+	<target host="o2vyhody.cz"/>
+	<target host="www.o2vyhody.cz"/>
 	<target host="o2tv.cz"/>
 	<target host="www.o2tv.cz"/>
-	<target host="o2-tv.cz"/>
-	<target host="www.o2-tv.cz"/>
 	<target host="odmenazadobiti.cz"/>
 	<target host="www.odmenazadobiti.cz"/>
-	<target host="telefonica.cz"/>
-	<target host="www.telefonica.cz"/>
 
-	<target host="bethere.co.uk"/>
-	<target host="*.bethere.co.uk"/>
-	<target host="windows.mouselike.org"/>
 	<target host="o2.co.uk"/>
 	<target host="www.o2.co.uk"/>
 
+	<target host="o2.sk" />
+	<target host="www.o2.sk" />
 
-	<securecookie host="^(.*\.)?bethere\.co\.uk$" name=".*"/>
-	<securecookie host="^www\.(chcidoo2|telefonica)\.cz$" name=".*"/>
-	<securecookie host="^(moje|sso|\.?www)?\.o2\.cz$" name=".*"/>
-	<securecookie host="^mail\.o2active\.cz$" name=".*"/>
-	<securecookie host="^www\.o2(extra|shop|tv)\.cz$" name=".*"/>
-	<securecookie host="^(www\.)?odmenazabobiti\.cz$" name=".*"/>
-
-
-	<rule from="^http://bethere\.co\.uk/"
-		to="https://www.bethere.co.uk/"/>
-
-	<rule from="^http://(avatar|help|www)\.bethere\.co\.uk/"
-		to="https://$1.bethere.co.uk/"/>
-
-	<rule from="^http://(?:www\.)?(chcidoo2|telefonica)\.cz/"
-		to="https://www.$1.cz/"/>
-
-	<rule from="^http://windows\.mouselike\.org/"
-		to="https://windows.mouselike.org/"/>
-
-	<rule from="^http://(?:(?:www\.)?cz\.o2\.com|o2\.cz)/"
-		to="https://www.o2.cz/"/>
-
-	<rule from="^http://(moje|www)\.o2\.cz/"
-		to="https://$1.o2.cz/"/>
-
-	<rule from="^http://static(2)?\.o2\.de/"
-		to="https://static$1.o2.de/" />
-
-	<rule from="^http://(i|mail)\.o2active\.cz/"
-		to="https://$1.o2active.cz/"/>
-
-	<rule from="^http://(?:www\.)?o2(?:(extra|shop)|(?:-)?(tv))\.cz/"
-		to="https://www.o2$12.cz/"/>
-
-	<rule from="^http://(www\.)?odmenazadobiti\.cz/"
-		to="https://$1odmenazadobiti.cz/"/>
-
+	<securecookie host="^www\.(?:chcidoo2)\.cz$" name=".+" />
+	<securecookie host="^(?:moje|\.?www)?\.o2\.cz$" name=".+" />
+	<securecookie host="^www\.o2(?:extravyhody|tv)\.cz$" name=".+" />
+	<securecookie host="^(?:www\.)?odmenazabobiti\.cz$" name=".+" />
 
-	<rule from="^http://(?:www\.)?o2\.co\.uk/favicon\.ico"
-		to="https://www.o2.co.uk/favicon.ico"/>
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Telegr.am.xml b/src/chrome/content/rules/Telegr.am.xml
new file mode 100644
index 000000000000..1c3c337bcd54
--- /dev/null
+++ b/src/chrome/content/rules/Telegr.am.xml
@@ -0,0 +1,18 @@
+<ruleset name="Telegr.am">
+
+	<target host="telegr.am" />
+	<target host="blog.telegr.am" />
+	<target host="howto.telegr.am" />
+	<target host="www.telegr.am" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^telegr\.am$" name="^JSESSIONID$" /-->
+
+	<securecookie host="^telegr\.am$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Telegram.com.xml b/src/chrome/content/rules/Telegram.com.xml
index 830f15952e65..b4e1e4bb63d2 100644
--- a/src/chrome/content/rules/Telegram.com.xml
+++ b/src/chrome/content/rules/Telegram.com.xml
@@ -7,13 +7,14 @@
 <ruleset name="Telegram.com (partial)">
 
 	<target host="telegram.com" />
-	<target host="*.telegram.com" />
+	<target host="www.telegram.com" />
+	<target host="home.telegram.com" />
 
 
 	<securecookie host="^home\.telegram\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?telegram\.com/graphics/(?:header/(frontpageHeader978x136\.jpg)|nav/(arrv_anim_1\.gif)|(tg_background_tile\.gif))"
+	<rule from="^http://(?:www\.)?telegram\.com/graphics/(?:header/(frontpageHeader978x136\.jpg)|nav/(arrv_anim_1\.gif)|(tg_background_tile\.gif))"
 		to="https://home.telegram.com/images/$1$2$3" />
 
 	<rule from="^http://home\.telegram\.com/"
diff --git a/src/chrome/content/rules/Telegram.how.xml b/src/chrome/content/rules/Telegram.how.xml
new file mode 100644
index 000000000000..fa900b7e3fb6
--- /dev/null
+++ b/src/chrome/content/rules/Telegram.how.xml
@@ -0,0 +1,12 @@
+<!--
+	Not exist:
+		- www
+-->
+
+<ruleset name="Telegram.how">
+
+	<target host="telegram.how" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Telegram.me.xml b/src/chrome/content/rules/Telegram.me.xml
new file mode 100644
index 000000000000..7f6acf845553
--- /dev/null
+++ b/src/chrome/content/rules/Telegram.me.xml
@@ -0,0 +1,17 @@
+<!--
+	Other Telegram rulesets:
+		- Tdesktop.com.xml
+		- t.me.xml
+		- Telegram.wiki.xml
+
+-->
+<ruleset name="Telegram.me">
+
+	<target host="telegram.me" />
+	<target host="www.telegram.me" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Telegram.wiki.xml b/src/chrome/content/rules/Telegram.wiki.xml
new file mode 100644
index 000000000000..f81e4c1a29ca
--- /dev/null
+++ b/src/chrome/content/rules/Telegram.wiki.xml
@@ -0,0 +1,17 @@
+<!--
+	For other Telegram coverage, see Telegram.me.xml.
+
+	Mismatch:
+		ip
+		data
+		www
+-->
+<ruleset name="Telegram Wiki">
+	<target host="telegram.wiki" />
+	<target host="www.telegram.wiki" />
+
+	<rule from="^http://www\.telegram\.wiki/"
+		to="https://telegram.wiki/" />
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Telegraph-Media-Group-mismatches.xml b/src/chrome/content/rules/Telegraph-Media-Group-mismatches.xml
index e4fc4251f0ef..c19e82ae18ed 100644
--- a/src/chrome/content/rules/Telegraph-Media-Group-mismatches.xml
+++ b/src/chrome/content/rules/Telegraph-Media-Group-mismatches.xml
@@ -5,15 +5,16 @@
 	images.lynku.com                (CN: shop.look.co.uk)
 
 -->
-<ruleset name="Telegraph (mismatches)" default_off="mismatched">
+<ruleset name="Telegraph.co.uk (mismatches)" default_off="expired, mismatched">
 
+	<target host="fantasygames.telegraph.co.uk" />
 	<target host="fashionshop.telegraph.co.uk" />
 
 
 	<securecookie host="^fashionshop\.telegraph\.co\.uk$" name=".+" />
 
 
-	<rule from="^http://fashionshop\.telegraph\.co\.uk/"
-		to="https://fashionshop.telegraph.co.uk/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Telegraph-Media-Group.xml b/src/chrome/content/rules/Telegraph-Media-Group.xml
index 74499df48f9f..e2b455747305 100644
--- a/src/chrome/content/rules/Telegraph-Media-Group.xml
+++ b/src/chrome/content/rules/Telegraph-Media-Group.xml
@@ -1,13 +1,11 @@
 <!--
+	Telegraph Media Group
+
 	For problematic rules, see Telegraph-Media-Group-mismatches.xml.
 
 
 	CDN buckets:
 
-		- telegraph.webtrends.akadns.net
-
-			- webtrends.telegraph.co.uk
-
 		- (wac.437a|gs1.wac).edgecastcdn.net/00437A/telegraph/fantasycricket/
 
 			- i.fantasyfootball.telegraph.co.uk
@@ -32,11 +30,12 @@
 
 	Nonfunctional domains:
 
-		- is.i2.datinglab.net
-		- courses	(http reply)
+		- blogs *
+		- courses ʳ
 		- dating **
 		- fashion	(503, akamai)
-		- my **
+		- i ***
+		- my *
 		- puzzles **
 		- secure *
 		- secure[1-9] *
@@ -45,80 +44,82 @@
 		- shares	(refused)
 		- subscriber *
 		- tickets	(tixdaq.com)
-		- www ***
 
+	¹ 503, Akamai
 	* 504, akamai
 	** Dropped
 	*** Redirects to http, akamai
+	ʳ Refused
 
 
 	Problematic subdomains:
 
+		- i.fantasycricket (mismatched)
+		- i.fantasyracing  (mismatched)
+		- fantasygames ¹
 		- fashionshop	(works; mismatched, CN: shop.look.co.uk)
-		- i		(redirects to http, akamai)
-		- s		(works, akamai)
-
-
-	Partially covered subdomains:
-
-		- blogs
-		- fantasycricket
-		- fantasyfootball
-		- fantasygames
-		- blogs.uat
-
-
-	Fully covered subdomains:
-
-		- announcements
-		- auth
-		- i.fantasycricket
-		- i.fantasyfootball
-		- i.fantasygames
-		- i.fantasyracing
-		- fantasyracing
-		- fbapp
-		- i			(→ secure.i)
-		- secure.i
-		- jobs
-		- recruiters.jobs
-		- s			(→ akamai)
-		- secure.s
-		- shop
-		- fbapp.uat
-		- secure.i.uat1
-		- webtrends
+		- fbapp (mismatched)
+		- m ³
+		- s ³
+		- blogs.uat ³
+
+	¹ Expired
+	³ Akamai
+
+
+	These altnames don't exist:
+
+		- www.reporting.shop.telegraph.co.uk
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .telegraph.co.uk
+		- announcements.telegraph.co.uk
+		- fantasyracing.telegraph.co.uk
+		- reporting.shop.telegraph.co.uk
+
+
+	Mixed content:
+
+		- Image on fantasygames from i.fantasyfootball.telegraph.co.uk *
+
+	* Secured by us
 
 -->
-<ruleset name="Telegraph Media Group (partial)">
+<ruleset name="Telegraph.co.uk (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="telegraph.co.uk" />
-	<target host="*.telegraph.co.uk" />
-		<!--
-			Pages redirect to http:
-						-->
-		<exclusion pattern="^http://blogs(?:\.uat)?\.telegraph\.co\.uk/(?!\w+/files/|wp-content/)" />
-		<exclusion pattern="^http://fantasycricket\.telegraph\.co\.uk/(?!(?:\w+/)?(?:images|scripts|select-team|xcss)(?:$|[?/])|favicon\.ico)" />
-		<exclusion pattern="^http://fantasy(?:football|games)\.telegraph\.co\.uk/(?!(?:\w+/)?(?:images|scripts|xcss)/|favicon\.ico)" />
-
+	<target host="www.telegraph.co.uk" />
+	<target host="announcements.telegraph.co.uk" />
+	<target host="auth.telegraph.co.uk" />
+	<target host="fantasycricket.telegraph.co.uk" />
+	<target host="fantasyfootball.telegraph.co.uk" />
+	<target host="i.fantasyfootball.telegraph.co.uk" />
+	<!--target host="fantasygames.telegraph.co.uk" /-->
+	<target host="fantasyracing.telegraph.co.uk" />
+	<target host="secure.i.telegraph.co.uk" />
+	<target host="jobs.telegraph.co.uk" />
+	<target host="recruiters.jobs.telegraph.co.uk" />
+	<target host="secure.s.telegraph.co.uk" />
+	<target host="shop.telegraph.co.uk" />
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.telegraph\.co\.uk$" name="^__TGC$" /-->
+	<!--securecookie host="^announcements\.telegraph\.co\.uk$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^fantasyracing\.telegraph\.co\.uk$" name="^_FGTeam$" /-->
+	<!--securecookie host="^reporting\.shop\.telegraph\.co\.uk$" name="^(?:NetOutcome|redeye)$" /-->
+	<!--securecookie host="^webtrends\.telegraph\.co\.uk$" name="^ACOOKIE$" /-->
 
 	<!--	Tracking cookies:
 					-->
 	<securecookie host="^\.(?:\w+\.)?telegraph\.co\.uk$" name="^(?:tmg_web_trends|__utm\w)$" />
-	<securecookie host="^(?:announcements|jobs|recruiters\.jobs|shop|webtrends)\.telegraph\.co\.uk$" name=".+" />
-
-
-	<rule from="^http://(announcements|auth|(?:blogs|fbapp)(?:\.uat)?|(?:i\.)?fantasy(?:cricket|football|games|racing)|secure\.i\.uat1|jobs|recruiters\.jobs|secure\.s|shop|webtrends)\.telegraph\.co\.uk/"
-		to="https://$1.telegraph.co.uk/" />
-
-	<!--	We could point to akamai if it didn't redirect to http...
-								-->
-	<rule from="^http://(?:secure\.)?i\.telegraph\.co\.uk/"
-		to="https://secure.i.telegraph.co.uk/" />
+	<securecookie host="^(?:announcements|jobs|recruiters\.jobs)\.telegraph\.co\.uk$" name=".+" />
 
-	<!--	Image paths are relative to stylesheets:
-							-->
-	<rule from="^http://s\.telegraph\.co\.uk/"
-		to="https://a248.e.akamai.net/f/1362/5848/6m/s.telegraph.co.uk/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Telekom-Malaysia.xml b/src/chrome/content/rules/Telekom-Malaysia.xml
new file mode 100644
index 000000000000..fa15e32c5545
--- /dev/null
+++ b/src/chrome/content/rules/Telekom-Malaysia.xml
@@ -0,0 +1,33 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cams.tm.com.my/ => https://cams.tm.com.my/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://tmbizonline.tm.com.my/ => https://tmbizonline.tm.com.my/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://tmshop.tm.com.my/ => https://tmshop.tm.com.my/: Too many redirects while fetching 'https://tmshop.tm.com.my/'
+
+
+	Nonfunctional subdomains:
+		- webmail2014	(unknown  issuer certificate)
+		- securevpn	(self-signed)
+
+-->
+<ruleset name="Telekom Malaysia" default_off="failed ruleset test">
+	<target host=            "tm.com.my" />
+	<target host=        "www.tm.com.my" />
+	<target host=       "cams.tm.com.my" />
+	<target host=       "gems.tm.com.my" />
+	<target host=       "mytm.tm.com.my" />
+	<target host=      "ocien.tm.com.my" />
+	<target host=       "oses.tm.com.my" />
+	<target host="tmbizonline.tm.com.my" />
+	<target host=     "tmshop.tm.com.my" />
+
+  	<securecookie host="^.*\.tm\.com\.my$" name=".+" />
+
+	<!-- cert only matches www -->
+	<rule from="^http://tm\.com\.my/"
+		to="https://www.tm.com.my/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Telekom-Partnerwelt.de.xml b/src/chrome/content/rules/Telekom-Partnerwelt.de.xml
new file mode 100644
index 000000000000..e0eb8df945f7
--- /dev/null
+++ b/src/chrome/content/rules/Telekom-Partnerwelt.de.xml
@@ -0,0 +1,54 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.telekom-partnerwelt.de/ => https://www.telekom-partnerwelt.de/: (7, 'Failed to connect to www.telekom-partnerwelt.de port 443: Connection refused')
+Fetch error: http://telekom-partnerwelt.de/ => https://www.telekom-partnerwelt.de/: (7, 'Failed to connect to www.telekom-partnerwelt.de port 443: Connection refused')
+
+	Deutsche Telekom coverage, see Deutsche_Telekom.xml.
+
+
+	^telekom-partnerwelt.de: Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.telekom-partnerwelt.de
+
+
+	Mixed content:
+
+		- Image from telekom-partnerwelt.de *
+
+		- Bugs, from:
+
+			- pix.telekom.de *
+			- tracking.mlsat02.de
+
+	* Secured by us
+
+-->
+<ruleset name="Telekom-Partnerwelt.de" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.telekom-partnerwelt.de" />
+
+	<!--	Complications:
+				-->
+	<target host="telekom-partnerwelt.de" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.telekom-partnerwelt\.de$" name="^dtag_cookieHash$" /-->
+
+	<securecookie host="^www\.telekom-partnerwelt\.de$" name=".+" />
+
+
+	<rule from="^http://telekom-partnerwelt\.de/"
+		to="https://www.telekom-partnerwelt.de/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Telekom-Profis.de.xml b/src/chrome/content/rules/Telekom-Profis.de.xml
new file mode 100644
index 000000000000..b57e3cc223c6
--- /dev/null
+++ b/src/chrome/content/rules/Telekom-Profis.de.xml
@@ -0,0 +1,16 @@
+<!--
+	Deutsche Telekom coverage, see Deutsche_Telekom.xml.
+
+-->
+<ruleset name="Telekom-Profis.de">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="telekom-profis.de" />
+	<target host="www.telekom-profis.de" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Telekom-dienste.de.xml b/src/chrome/content/rules/Telekom-dienste.de.xml
new file mode 100644
index 000000000000..3e7e7aa8ead5
--- /dev/null
+++ b/src/chrome/content/rules/Telekom-dienste.de.xml
@@ -0,0 +1,15 @@
+<!--
+	For other Deutsche Telekom coverage, see Deutsche_Telekom.xml.
+-->
+<ruleset name="Telekom-dienste.de">
+
+	<target host="meinkonto.telekom-dienste.de" />
+
+
+	<securecookie host="^meinkonto\.telekom-dienste\.de$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Telekom.com.xml b/src/chrome/content/rules/Telekom.com.xml
new file mode 100644
index 000000000000..9e6aa86e73e4
--- /dev/null
+++ b/src/chrome/content/rules/Telekom.com.xml
@@ -0,0 +1,40 @@
+<!--
+	For other Deutsche Telekom coverage, see Deutsche_Telekom.xml.
+
+
+	Nonfunctional hosts in *telekom.com:
+
+		- tv	(times out)
+
+
+	Fully covered hosts in *telekom.com:
+
+		- login.idm
+		- accounts.login.idm
+
+-->
+<ruleset name="Telekom.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="login.idm.telekom.com" />
+	<target host="accounts.login.idm.telekom.com" />
+	<target host="www.telekom.com" />
+
+	<!--	Complications:
+				-->
+	<target host="telekom.com" />
+
+
+	<securecookie host="^(?:accounts\.login)?\.idm\.telekom\.com$" name=".+" />
+
+
+	<!--	Certs only match www.
+					-->
+	<rule from="^http://telekom\.com/"
+		to="https://www.telekom.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Telekom.sk.xml b/src/chrome/content/rules/Telekom.sk.xml
new file mode 100644
index 000000000000..02817bd7b96a
--- /dev/null
+++ b/src/chrome/content/rules/Telekom.sk.xml
@@ -0,0 +1,25 @@
+<ruleset name="Telekom.sk">
+  <target host="telekom.sk" />
+  <target host="www.telekom.sk" />
+
+  <target host="telecom.sk" />
+  <target host="www.telecom.sk" />
+
+  <target host="t-com.sk" />
+  <target host="www.t-com.sk" />
+
+  <target host="zona.telekom.sk" />
+  <target host="zona.telecom.sk" />
+  <target host="zona.t-com.sk" />
+
+  <target host="mail.telekom.sk" />
+  <target host="mail.telecom.sk" />
+  <target host="mail.t-com.sk" />
+
+  <rule from="^http://(?:www\.)?(?:telekom|telecom|t-com)\.sk/"
+        to="https://www.telekom.sk/" />
+
+  <rule from="^http://(mail\.|zona\.)(telekom|telecom|t-com)\.sk/"
+        to="https://$1telekom.sk/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Telemetry-mismatches.xml b/src/chrome/content/rules/Telemetry-mismatches.xml
deleted file mode 100644
index 33ca1c7e8812..000000000000
--- a/src/chrome/content/rules/Telemetry-mismatches.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	For rules that are on by default, see Telemetry.xml.
-
--->
-<ruleset name="Telemetry (mismatches)" default_off="mismatch">
-
-	<target host="telemetry.com" />
-	<target host="www.telemetry.com" />
-
-
-	<!--	- Akamai
-		- origin, origin-www, nor www-origin exist
-			-->
-	<rule from="^https://(?:www\.)?telemetry\.com/"
-		to="https://www.telemetry.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Telemetry.xml b/src/chrome/content/rules/Telemetry.xml
deleted file mode 100644
index 4f43ea0890c4..000000000000
--- a/src/chrome/content/rules/Telemetry.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	For problematic rules, see Telemetry-mismatches.xml.
-
--->
-<ruleset name="Telemetry (partial)" platform="mixedcontent">
-
-	<target host="telemetryverification.net" />
-	<target host="*.telemetryverification.net" />
-
-
-	<!--	- !www doesn't work over https
-		- redirects to www over http
-			-->
-	<rule from="^https?://telemetryverification\.net/"
-		to="https://www.telemetryverification.net/" />
-
-	<!--	Clients have unique subdomains.		-->
-	<rule from="^http://([\w\-]+)\.telemetryverification\.net/"
-		to="https://$1.telemetryverification.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Telenor-banka.xml b/src/chrome/content/rules/Telenor-banka.xml
new file mode 100644
index 000000000000..da8706bfb33f
--- /dev/null
+++ b/src/chrome/content/rules/Telenor-banka.xml
@@ -0,0 +1,12 @@
+<!--
+	Invalid certificate:
+		telenorbanka.rs
+		www.telenorbanka.rs
+-->
+<ruleset name="Telenor banka">
+
+	<target host="online.telenorbanka.rs" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Telenor.se.xml b/src/chrome/content/rules/Telenor.se.xml
index f756f9a3337d..b772a23f3941 100644
--- a/src/chrome/content/rules/Telenor.se.xml
+++ b/src/chrome/content/rules/Telenor.se.xml
@@ -1,4 +1,10 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.euromail.se/ => https://www.euromail.se/: (28, 'Connection timed out after 20001 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.euromail.se/ => https://www.euromail.se/: (28, 'Connection timed out after 10000 milliseconds')
 	Nonfunctional domains:
 
 		- ladda.telenor.se	(refused)
@@ -15,7 +21,7 @@
 		- minasidor.telenor.se
 
 -->
-<ruleset name="Telenor.se (partial)">
+<ruleset name="Telenor.se (partial)" default_off="failed ruleset test">
 
 	<target host="www.euromail.se" />
 	<target host="telenor.se" />
@@ -33,4 +39,4 @@
 	<rule from="^http://(minasidor\.|www\.)?telenor\.se/"
 		to="https://$1telenor.se/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Telepigeon.com.xml b/src/chrome/content/rules/Telepigeon.com.xml
new file mode 100644
index 000000000000..9895ba603903
--- /dev/null
+++ b/src/chrome/content/rules/Telepigeon.com.xml
@@ -0,0 +1,36 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://telepigeon.com/ => https://telepigeon.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.telepigeon.com/ => https://www.telepigeon.com/: (28, 'Connection timed out after 20000 milliseconds')
+
+	Fully covered hosts in *telepigeon.com:
+
+		- (www.)?
+
+
+	Insecure cookies are set for these hosts:
+
+		- telepigeon.com
+		- www.telepigeon.com
+
+-->
+<ruleset name="Telepigeon.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="telepigeon.com" />
+	<target host="www.telepigeon.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?telepigeon\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^(?:www\.)?telepigeon\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Telerik-web-assets.com.xml b/src/chrome/content/rules/Telerik-web-assets.com.xml
new file mode 100644
index 000000000000..4c4af4c4c6d9
--- /dev/null
+++ b/src/chrome/content/rules/Telerik-web-assets.com.xml
@@ -0,0 +1,16 @@
+<!--
+	For other Telerik coverage, see Telerik.com.xml.
+
+
+	^: cert only matches www
+
+-->
+<ruleset name="Telerik-web-assets.com">
+
+	<target host="telerik-web-assets.com" />
+	<target host="www.telerik-web-assets.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Telerik.com.xml b/src/chrome/content/rules/Telerik.com.xml
new file mode 100644
index 000000000000..e31ed461afd3
--- /dev/null
+++ b/src/chrome/content/rules/Telerik.com.xml
@@ -0,0 +1,61 @@
+<!--
+	Other Telerik rulesets:
+
+		- Telerik-web-assets.com.xml
+
+
+	Nonfunctional subdomains:
+
+		- docs ¹
+		- partners ²
+
+	¹ Dropped
+	² Shows licenseapi; mismatched, CN: licenseapi.telerik.com
+
+
+	Partially covered subdomains:
+
+		- (www.) *
+		- blogs *
+
+	* Some pages redirect to http
+
+
+	Fully covered subdomains:
+
+		- identity
+		- licenseapi
+		- platform
+		- tfis
+
+-->
+<ruleset name="Telerik.com (partial)">
+
+	<target host="telerik.com" />
+	<target host="blogs.telerik.com" />
+	<target host="identity.telerik.com" />
+	<target host="platform.telerik.com" />
+	<target host="tfis.telerik.com" />
+	<target host="www.telerik.com" />
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="^http://(blogs|www)\.telerik\.com/+($|\?)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://blogs\.telerik\.com/+(?!Telerik\.Web\.UI\.WebResource\.axd|images/|prettyPhoto/css/)" />
+		<exclusion pattern="^http://www\.telerik\.com/+(?!Telerik\.Web\.UI\.WebResource\.axd|favicon\.ico|login(?:$|[?/])|sfimages/)" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^platform\.telerik\.com$" name="^state$" /-->
+	<!--securecookie host="^tfis\.telerik\.com$" name="^AuthSession$" /-->
+
+	<securecookie host="^(?:platform|tfis)\.telerik\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Telethon.it.xml b/src/chrome/content/rules/Telethon.it.xml
index 449efd50f909..004507877c36 100644
--- a/src/chrome/content/rules/Telethon.it.xml
+++ b/src/chrome/content/rules/Telethon.it.xml
@@ -4,19 +4,58 @@
 		- www2	(dropped)
 
 
-	Mixed images on www from www2
+	Problematic hosts in *telethon.it:
+
+		- ^ ʳ
+		- adottailfuturo ᶜ
+		- dti ᶜ
+
+	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
+	ʳ Refused
 
 -->
 <ruleset name="Telethon.it (partial)">
 
+	<!--	Direct rewrites:
+				-->
+	<!--target host="adottailfuturo.telethon.it" /-->
+	<!--target host="dti.telethon.it" /-->
+	<target host="www.telethon.it" />
+
+	<!--	Complications:
+				-->
 	<target host="telethon.it" />
-	<target host="*.telethon.it" />
 
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.telethon\.it/(?:$|aziende/adotta-futuro$|donation$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://(?:www\.)?telethon\.it/+(?!misc/|modules/|sites/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.telethon.it/aziende/adotta-futuro" />
+			<test url="http://www.telethon.it/cosa-facciamo/la-missione" />
+			<test url="http://www.telethon.it/donation" />
+			<test url="http://www.telethon.it/taxonomy/term/23" />
+
+			<!--	-ve:
+					-->
+			<test url="http://telethon.it/misc/message-24-error.png" />
+			<test url="http://www.telethon.it/modules/node/node.css" />
+			<test url="http://www.telethon.it/sites/all/themes/telethon/css/form.css" />
+
+
+	<securecookie host="^\." name="^_(?:gat?|_cfduid)$" />
+	<!--securecookie host="^(?!www\.)\w" name="." /-->
 
-	<securecookie host="^\.telethon\.it$" name=".+" />
 
+	<rule from="^http://telethon\.it/"
+		to="https://www.telethon.it/" />
 
-	<rule from="^http://(www\.)?telethon\.it/"
-		to="https://$1telethon.it/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Telex.xml b/src/chrome/content/rules/Telex.xml
index 9f50a28beafc..7e852dd221d2 100644
--- a/src/chrome/content/rules/Telex.xml
+++ b/src/chrome/content/rules/Telex.xml
@@ -1,10 +1,16 @@
-<ruleset name="Telex">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://notblocked.telex.cc/ => https://notblocked.telex.cc/: (6, 'Could not resolve host: notblocked.telex.cc')
+
+-->
+<ruleset name="Telex" default_off="failed ruleset test">
 
 	<target host="telex.cc" />
-	<target host="*.telex.cc" />
+	<target host="notblocked.telex.cc" />
+	<target host="www.telex.cc" />
 
 
-	<rule from="^http://(notblocked\.|www\.)?telex\.cc/"
-		to="https://$1telex.cc/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Telfort.nl.xml b/src/chrome/content/rules/Telfort.nl.xml
index 09b109034287..1325b852c587 100644
--- a/src/chrome/content/rules/Telfort.nl.xml
+++ b/src/chrome/content/rules/Telfort.nl.xml
@@ -16,7 +16,12 @@
 <ruleset name="Telfort (partial)">
 
 	<target host="telfort.nl" />
-	<target host="*.telfort.nl" />
+	<target host="forum.telfort.nl" />
+	<target host="internet.telfort.nl" />
+	<target host="orderstatus.telfort.nl" />
+	<target host="shop.telfort.nl" />
+	<target host="webmail.telfort.nl" />
+	<target host="www.telfort.nl" />
 		<!--
 			At least some pages redirect to http:
 								-->
@@ -28,10 +33,9 @@
 	<securecookie host="^(?!internet\.).*\.telfort\.nl$" name=".+" />
 
 
-	<rule from="^http://((?:forum|internet|orderstatus|shop|webmail|www)\.)?telfort\.nl/"
-		to="https://$1telfort.nl/" />
 
 	<rule from="^http://(?:www\.)?tiscali\.nl/"
 		to="https://www.telfort.nl/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Telia.se.xml b/src/chrome/content/rules/Telia.se.xml
index f9189624ce8d..adc7fe9d5ccf 100644
--- a/src/chrome/content/rules/Telia.se.xml
+++ b/src/chrome/content/rules/Telia.se.xml
@@ -1,7 +1,7 @@
 <ruleset name="Telia.se" platform="mixedcontent">
   <target host="telia.se" />
-  <target host="*.telia.se" />
+  <target host="www.telia.se" />
   <rule from="^http://telia\.se/" to="https://www.telia.se/"/>
-  <rule from="^http://www\.telia\.se/" to="https://www.telia.se/"/>
+  <rule from="^http:" to="https:" />
 </ruleset>
 
diff --git a/src/chrome/content/rules/Tello.xml b/src/chrome/content/rules/Tello.xml
new file mode 100644
index 000000000000..5496455a5b09
--- /dev/null
+++ b/src/chrome/content/rules/Tello.xml
@@ -0,0 +1,11 @@
+<!--
+	Non-functional hosts:
+		Certificate mismatched:
+		- blog.tello.com
+-->
+<ruleset name="Tello.com">
+    <target host="tello.com" />
+    <target host="www.tello.com" />
+
+    <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Telltalegames.com.xml b/src/chrome/content/rules/Telltalegames.com.xml
new file mode 100644
index 000000000000..bfb34da21f9f
--- /dev/null
+++ b/src/chrome/content/rules/Telltalegames.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="Telltalegames.com">
+	<target host="telltalegames.com" />
+	<target host="www.telltalegames.com" />
+	<target host="support.telltalegames.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Telnic.xml b/src/chrome/content/rules/Telnic.xml
index eb9c4b92dc9c..3777aeeb56b8 100644
--- a/src/chrome/content/rules/Telnic.xml
+++ b/src/chrome/content/rules/Telnic.xml
@@ -1,10 +1,20 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://nic.tel/ => https://www.telnic.org/: (28, 'Connection timed out after 20002 milliseconds')
+Fetch error: http://a0.webproxy.nic.tel/ => https://a0.webproxy.nic.tel/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.nic.tel/ => https://www.telnic.org/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://telnic.org/ => https://www.telnic.org/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.telnic.org/ => https://www.telnic.org/: (28, 'Connection timed out after 20000 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://nic.tel/ => https://www.telnic.org/: (6, 'Could not resolve host: nic.tel')
 	Nonfunctional domains:
 
 		- dev.telnic.org	(ssl_error_rx_record_too_long)
 
 -->
-<ruleset name="Telnic">
+<ruleset name="Telnic" default_off="failed ruleset test">
 
 	<target host="nic.tel" />
 	<target host="a0.webproxy.nic.tel" />
@@ -18,7 +28,7 @@
 		to="https://a0.webproxy.nic.tel/" />
 
 	<!--	Cert only matches www.telnic.org	-->
-	<rule from="^https?://(?:www\.)?(?:nic\.tel|telnic\.org)/"
+	<rule from="^http://(?:www\.)?(?:nic\.tel|telnic\.org)/"
 		to="https://www.telnic.org/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Telphin.ru.xml b/src/chrome/content/rules/Telphin.ru.xml
new file mode 100644
index 000000000000..a556c5721dad
--- /dev/null
+++ b/src/chrome/content/rules/Telphin.ru.xml
@@ -0,0 +1,34 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://sipproxy.telphin.ru/ => https://sipproxy.telphin.ru/: (51, "SSL: no alternative certificate subject name matches target host name 'sipproxy.telphin.ru'")
+
+e.telphin.ru ²
+mta-1.e.telphin.ru ²
+mail.telphin.ru ³
+test-pbx.telphin.ru ³
+
+
+² refused
+³ timed out
+-->
+<ruleset name="telphin.ru" default_off="failed ruleset test">
+	<target host="telphin.ru" />
+	<target host="www.telphin.ru" />
+	<target host="account.telphin.ru" />
+	<target host="apiproxy.telphin.ru" />
+	<target host="bn.telphin.ru" />
+	<target host="cabinet.telphin.ru" />
+	<target host="cloud.telphin.ru" />
+	<target host="contest.telphin.ru" />
+	<target host="corp.telphin.ru" />
+	<target host="gate.telphin.ru" />
+	<target host="hosted.telphin.ru" />
+	<target host="m.telphin.ru" />
+	<target host="office.telphin.ru" />
+	<target host="pbx.telphin.ru" />
+	<target host="sipproxy.telphin.ru" />
+	<target host="teleo.telphin.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Telstra-Corporation-mismatches.xml b/src/chrome/content/rules/Telstra-Corporation-mismatches.xml
index 042677da886b..6ab1c9144fcf 100644
--- a/src/chrome/content/rules/Telstra-Corporation-mismatches.xml
+++ b/src/chrome/content/rules/Telstra-Corporation-mismatches.xml
@@ -1,9 +1,8 @@
-<ruleset name="Telstra Corporation (mismatches)" default_off="mismatch">
+<ruleset name="Telstra Corporation (mismatches)" default_off="mismatched">
 
 	<!--	cert: apps.netbiscuits.com	-->
 	<target host="m.sockassist.com.au"/>
 
-	<rule from="^http://m\.sockassist\.com\.au/"
-		to="https://m.sockassist.com.au/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Telstra-Corporation.xml b/src/chrome/content/rules/Telstra-Corporation.xml
index 23685757ea76..b157e8c9f61e 100644
--- a/src/chrome/content/rules/Telstra-Corporation.xml
+++ b/src/chrome/content/rules/Telstra-Corporation.xml
@@ -1,4 +1,10 @@
-<!--	!functional:
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://medrx.sensis.com.au/ => https://medrx.sensis.com.au/: (6, 'Could not resolve host: medrx.sensis.com.au')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://sockassist.com.au/ => https://sockassist.com.au/: (60, 'SSL certificate problem: unable to get local issuer certificate')	!functional:
 		- www.1234.com.au		(cert: sockassist.com.au; redirects to m.sockassist.com.au)
 		- clickmanager.com.au
 		- (www.)clickmanager.com.au	(reset)
@@ -7,15 +13,11 @@
 
 	See Telstra-Corporation-mismatches.xml for problematic rules.
 -->
-<ruleset name="Telstra Corporation (partial)">
+<ruleset name="Telstra Corporation (partial)" default_off="failed ruleset test">
 
 	<target host="medrx.sensis.com.au"/>
 	<target host="sockassist.com.au"/>
-	
-	<rule from="^http://medrx\.sensis\.com\.au/"
-		to="https://medrx.sensis.com.au/"/>
 
-	<rule from="^http://sockassist\.com\.au/"
-		to="https://sockassist.com.au/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Telstra.com.au.xml b/src/chrome/content/rules/Telstra.com.au.xml
new file mode 100644
index 000000000000..52dbc48b22c2
--- /dev/null
+++ b/src/chrome/content/rules/Telstra.com.au.xml
@@ -0,0 +1,320 @@
+<!--
+
+	For other Telstra coverage, see Telstra.com.xml
+
+	Non-functional subdomains:
+		- (www.)2014superoffer		(t)
+		- adonis	(m)
+		- advocacy	(t)
+		- connect.air	(m)
+		- (www.)avu	(t)
+		- (www.)billplay	(t)
+		- clientssl	(t)
+		- cloudcontact	(t)
+		- cners		(t)
+		- cnhrs		(t)
+		- cnmsp		(e)
+		- cnmsps	(e)
+		- col	(e)
+		- configure	(t)
+		- connectapp	(t)
+		- countmein	(t)
+		- staging.countmein	(t)
+		- cpmf		(m)
+		- ischeduler.ehtest	(e)
+		- selfcare.epod		(e)
+		- selfcare-pp.epod		(e)
+		- www.exchange		(t)
+		- experiencetrial	(t)
+		- subscription.services.fn1	(r)
+		- foxtel	(s)
+		- dev1.foxtel		(m)
+		- giftedservices	(e)
+		- dev1.giftedservices	(t)
+		- uat1.giftedservices	(t)
+		- go	(connection error)
+		- gw	(e)
+		- dev1.hub	(SSL connection error)
+		- uat1.hub	(t)
+		- wa1.id		(m)
+		- wa2.id		(m)
+		- wa3.id		(m)
+		- info		(m)
+		- ipportal	(t)
+		- ipportal-staff	(t)
+		- linxonlineordering-integration	(s)
+		- linxonlineordering-staging	(s)
+		- lms-ex	(e)
+		- m	(t)
+		- authorhf.media	(SSL connection error)
+		- (www.)dev1.media	(t)
+		- adis01.dev1.media	(t)
+		- auth01.dev1.media	(t)
+		- author.dev1.media	(t)
+		- authorhf.dev1.media	(m)
+		- pdis01.dev1.media	(t)
+		- publ01.dev1.media	(t)
+		- wa1(.www).dev1.media	(t)
+		- wa2(.www).dev1.media	(t)
+		- wa3(.www).dev1.media	(t)
+		- publ01.dev1.media	(t)
+		- (www.)dev2.media	(s)
+		- author.dev2.media	(s)
+		- wa1(.www).dev2.media	(s)
+		- wa2(.www).dev2.media	(s)
+		- wa3(.www).dev2.media	(s)
+		- go1.nrlclubs.media	(m)
+		- search.media		(e)
+		- (www.)uat1.media	(t)
+		- auth01.uat1.media	(t)
+		- auth02.uat1.media	(t)
+		- author.uat1.media	(t)
+		- pdis01.uat1.media	(t)
+		- pdis02.uat1.media	(t)
+		- publ01.uat1.media	(t)
+		- publ02.uat1.media	(t)
+		- wa1(.www).uat1.media	(t)
+		- wa2(.www).uat1.media	(t)
+		- wa3(.www).uat1.media	(t)
+		- (www.)uat2.media	(s)
+		- author.uat2.media	(s)
+		- wa1(.www).uat2.media	(s)
+		- wa2(.www).uat2.media	(s)
+		- wa3(.www).uat2.media	(s)
+		- wa1.www.media		(HTTP 404 error)
+		- mnc		(t)
+		- mobilesupport		(m)
+		- www.mobius		(t)
+		- www.pre-prod.mobius	(t)
+		- www.staging.mobius	(t)
+		- agd1-ibmail1.msng	(t)
+		- dibp-ibmail1.msng	(t)
+		- dibp-ibmail2.msng	(t)
+		- icga-ibmail1.msng	(t)
+		- m.my		(t)
+		- wa1.www.my		(e)
+		- wa2.www.my		(e)
+		- wa3.www.my		(e)
+		- myacct		(e)
+		- wa1.myacct		(e)(m)
+		- wa2.myacct		(e)(m)
+		- wa3.myacct		(e)(m)
+		- nsa.v.ivc-xx06.nexus		(i)
+		- activesync.m.nexus		(e)(m)
+		- mdm.m.nexus		(t)
+		- mdm02.m.nexus		(m)
+		- myrna.m.nexus		(e)
+		- myrnaf.m.nexus	(SSL connection error)
+		- segactivesync.m.nexus		(SSL handshake failed)
+		- segactivesync02.m.nexus	(m)
+		- inco.n.nexus		(m)
+		- rna.m.nsa.nexus	(e)
+		- nsa.n.teleperf.nexus		(t)
+		- nsa.v.teleperf.nexus		(t)
+		- nsa.n.teletech.nexus		(t)
+		- nsa.v.teletech.nexus		(t)
+		- inco.v.nexus		(m)
+		- ourvalues	(t)
+		- api.outages		(SSL handshake failed)
+		- (www.)partners		(e)(m)
+		- pre-stage		(t)
+		- (www.)protecthceck		(r)
+		- (www.)redeemtickets		(t)
+		- register	(SSL connection error)
+		- register2	(t)
+		- rp		(t)
+		- safesw	(t)
+		- sdnreporting		(t)
+		- shopfront3		(r)
+		- shopfront4		(t)
+		- signon2		(t)
+		- signonit		(m)
+		- connect.smart		(t)
+		- relay.smart		(e)
+		- ipportal.smart	(t)
+		- ipportal-staff.smart		(t)
+		- ipportal.staging		(t)
+		- www.stayconnected		(m)
+		- (www.)store-locator		(m)
+		- ipavo.tcif		(t)
+		- ipbno.tcif		(t)
+		- ipbvo.tcif		(t)
+		- ipxano.tcif		(t)
+		- ipxavo.tcif		(t)
+		- ipxbno.tcif		(t)
+		- ipxbvo.tcif		(t)
+		- ipxcno.tcif		(t)
+		- ipxcvo.tcif		(t)
+		- tconnect		(r)
+		- www.tcps		(t)
+		- telstrab2bportal	(t)
+		- adreporting.tmedia	(e)
+		- contentmgr.tmedia	(e)
+		- insights.tmedia	(SSL handshake failed)
+		- pcr.tmedia	(e)
+		- reporting.tmedia	(e)
+		- rmr.tmedia	(e)
+		- trev.tmedia	(e)
+		- trade-in		(SSL connection error)
+		- dev1.tv		(m)
+		- metadata.tv		(r)
+		- uat1.tv		(m)
+		- tvideods		(SSL connection error)
+		- tvideods-pp		(SSL connection error)
+		- www.uat		(HTTP error 503)
+		- vantage	(m)
+		- vmr		(t)
+		- www.vtcif	(e)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Telstra.com.au">
+
+	<target host="telstra.com.au" />
+	<target host="www.telstra.com.au" />
+	<target host="accessories.telstra.com.au" />
+	<target host="api.connect.air.telstra.com.au" />
+	<target host="alumni.telstra.com.au" />
+	<target host="ask.telstra.com.au" />
+	<target host="blackbird.telstra.com.au" />
+	<target host="blmo.telstra.com.au" />
+	<target host="business.telstra.com.au" />
+	<target host="cms.cat.telstra.com.au" />
+	<target host="retail.cat.telstra.com.au" />
+	<target host="cner.telstra.com.au" />
+	<target host="cnhr.telstra.com.au" />
+	<target host="crowdsupport.telstra.com.au" />
+	<target host="stage.crowdsupport.telstra.com.au" />
+	<target host="customnetcontrol.telstra.com.au" />
+	<target host="dvn2.telstra.com.au" />
+	<target host="enterprise-support.telstra.com.au" />
+	<target host="es.telstra.com.au" />
+	<target host="exchange.telstra.com.au" />
+	<target host="fastfix.telstra.com.au" />
+	<target host="feedback.telstra.com.au" />
+	<target host="gcm.telstra.com.au" />
+	<target host="staging.gcm.telstra.com.au" />
+	<target host="staging.go.telstra.com.au" />
+	<target host="hub.telstra.com.au" />
+	<target host="api.hub.telstra.com.au" />
+	<target host="modapi.hub.telstra.com.au" />
+	<target host="stgapi.hub.telstra.com.au" />
+	<target host="id.telstra.com.au" />
+	<target host="staging.id.telstra.com.au" />
+	<target host="infos.telstra.com.au" />
+	<target host="mobileexperiencemonitor.inside.telstra.com.au" />
+	<target host="insight.telstra.com.au" />
+	<target host="linxonlineordering.telstra.com.au" />
+	<target host="media.telstra.com.au" />
+	<target host="www.media.telstra.com.au" />
+	<target host="author.media.telstra.com.au" />
+	<target host="wa1.media.telstra.com.au" />
+	<target host="wa2.media.telstra.com.au" />
+	<target host="wa3.media.telstra.com.au" />
+	<target host="wa2.www.media.telstra.com.au" />
+	<target host="wa3.www.media.telstra.com.au" />
+	<target host="medrx.telstra.com.au" />
+	<target host="my.telstra.com.au" />
+	<target host="www.my.telstra.com.au" />
+	<target host="preprod.www.my.telstra.com.au" />
+	<target host="staging.www.my.telstra.com.au" />
+	<target host="nsa.n.bill-xx03.nexus.telstra.com.au" />
+	<target host="nsa.v.bill-xx03.nexus.telstra.com.au" />
+	<target host="ctof.nexus.telstra.com.au" />
+	<target host="nsa.n.ibm.nexus.telstra.com.au" />
+	<target host="nsa.v.ibm.nexus.telstra.com.au" />
+	<target host="nsa.n.ivc-xx04.nexus.telstra.com.au" />
+	<target host="nsa.v.ivc-xx04.nexus.telstra.com.au" />
+	<target host="nsa.n.ivc-xx05.nexus.telstra.com.au" />
+	<target host="nsa.v.ivc-xx05.nexus.telstra.com.au" />
+	<target host="nsa.n.ivc-xx06.nexus.telstra.com.au" />
+	<target host="nsa.n.ivc01.nexus.telstra.com.au" />
+	<target host="nsa.v.ivc01.nexus.telstra.com.au" />
+	<target host="myrna.nexus.telstra.com.au" />
+	<target host="ctof.n.nexus.telstra.com.au" />
+	<target host="myrna.n.nexus.telstra.com.au" />
+	<target host="rna.n.nsa.nexus.telstra.com.au" />
+	<target host="rna.nsa.nexus.telstra.com.au" />
+	<target host="rna.v.nsa.nexus.telstra.com.au" />
+	<target host="nsa.v.oth-xv01.nexus.telstra.com.au" />
+	<target host="nsa.n.oth-xx02.nexus.telstra.com.au" />
+	<target host="nsa.v.oth-xx02.nexus.telstra.com.au" />
+	<target host="nsa.n.ptr-xx03.nexus.telstra.com.au" />
+	<target host="nsa.v.ptr-xx03.nexus.telstra.com.au" />
+	<target host="nsa.n.ptr-xx04.nexus.telstra.com.au" />
+	<target host="nsa.v.ptr-xx04.nexus.telstra.com.au" />
+	<target host="nsa.n.ptr01.nexus.telstra.com.au" />
+	<target host="nsa.v.ptr01.nexus.telstra.com.au" />
+	<target host="myrna.m.ssl.nexus.telstra.com.au" />
+	<target host="nsa.n.tcs.nexus.telstra.com.au" />
+	<target host="nsa.v.tcs.nexus.telstra.com.au" />
+	<target host="nsa.n.tlr.nexus.telstra.com.au" />
+	<target host="nsa.v.tlr.nexus.telstra.com.au" />
+	<target host="ctof.v.nexus.telstra.com.au" />
+	<target host="myrna.v.nexus.telstra.com.au" />
+	<target host="nsa.n.xn01.nexus.telstra.com.au" />
+	<target host="onlinebilling.telstra.com.au" />
+	<target host="onlineshop.telstra.com.au" />
+	<target host="staging.onlineshop.telstra.com.au" />
+	<target host="orderexpress.telstra.com.au" />
+	<target host="ordertracker.telstra.com.au" />
+	<target host="www.ordertracker.telstra.com.au" />
+	<target host="outages.telstra.com.au" />
+	<target host="order.paperless.telstra.com.au" />
+	<target host="prm.telstra.com.au" />
+	<target host="protect.telstra.com.au" />
+	<target host="www.protect.telstra.com.au" />
+	<target host="protectsw.telstra.com.au" />
+	<target host="go.retail.telstra.com.au" />
+	<target host="satellite.telstra.com.au" />
+	<target host="say.telstra.com.au" />
+	<target host="olb.int.sdf.telstra.com.au" />
+	<target host="payment.sdfcust.telstra.com.au" />
+	<target host="selfserve.telstra.com.au" />
+	<target host="www.selfserve.telstra.com.au" />
+	<target host="service.telstra.com.au" />
+	<target host="prm.service.telstra.com.au" />
+	<target host="retail.service.telstra.com.au" />
+	<target host="services.telstra.com.au" />
+	<target host="subscription.services.telstra.com.au" />
+	<target host="serviceweb.telstra.com.au" />
+	<target host="shopfront.telstra.com.au" />
+	<target host="signon.telstra.com.au" />
+	<target host="signon-fn1.telstra.com.au" />
+	<target host="signon-fn2.telstra.com.au" />
+	<target host="signon-fn3.telstra.com.au" />
+	<target host="signon-fn4.telstra.com.au" />
+	<target host="signon-svt.telstra.com.au" />
+	<target host="signonssl.telstra.com.au" />
+	<target host="smallbusiness.telstra.com.au" />
+	<target host="smarter.telstra.com.au" />
+	<target host="www.smarter.telstra.com.au" />
+	<target host="smarterbusiness.telstra.com.au" />
+	<target host="www.smarterbusiness.telstra.com.au" />
+	<target host="stayconnected.telstra.com.au" />
+	<target host="servicerequest.stayconnected.telstra.com.au" />
+	<target host="uploader.stayconnected.telstra.com.au" />
+	<target host="yourservicerequest.stayconnected.telstra.com.au" />
+	<target host="store.telstra.com.au" />
+	<target host="support.telstra.com.au" />
+	<target host="tcsspublic.telstra.com.au" />
+	<target host="techtalks.telstra.com.au" />
+	<target host="www.techtalks.telstra.com.au" />
+	<target host="tee.telstra.com.au" />
+	<target host="tv.telstra.com.au" />
+	<target host="api.tv.telstra.com.au" />
+	<target host="logger.tv.telstra.com.au" />
+	<target host="qos.tv.telstra.com.au" />
+	<target host="unlock.telstra.com.au" />
+
+  	<securecookie host="^www\.telstra\.com\.au$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Telstra.com.xml b/src/chrome/content/rules/Telstra.com.xml
new file mode 100644
index 000000000000..1ecb951a5aa4
--- /dev/null
+++ b/src/chrome/content/rules/Telstra.com.xml
@@ -0,0 +1,674 @@
+<!--
+	Other related ruleset:
+		- Telstra.com.au.xml
+
+
+	Non-functional subdomains:
+		- account	(t)
+		- wa1.account	(t)
+		- wa2.account	(t)
+		- wa3.account	(t)
+		- activefun	(m)
+		- www.activequotes	(m)
+		- advocacy	(r)
+		- agentassist	(e)
+		- connect.air	(m)
+		- prm.app	(e)
+		- retail.app	(e)
+		- staff.apps	(t)
+		- staff.support.apps	(t)
+		- staff.transition.apps	(t)
+		- dealer.uat.apps	(e)
+		- staff.uat.apps	(t)
+		- austarfoh	(t)
+		- awcm	(e)
+		- receiver.b2b	(t)
+		- bap.billpay	(r)
+		- images.businessnews	(m)
+		- businesswomensawards	(m)
+		- www.businesswomensawards	(m)
+		- www.careers	(m)
+		- careersearch	(m)
+		- ccezwebrfvs001.cce	(r)
+		- chats	(m)
+		- sa.access.cloud	(s)
+		- admin.c57.apps	(r)
+		- autodiscover.c57.apps	(r)
+		- communities.c57.apps	(r)
+		- custowasfarm1.c57.apps	(r)
+		- custowasfarm2.c57.apps	(r)
+		- custweb-ext.c57.apps	(r)
+		- dev.c57.apps	(r)
+		- ews.c57.apps	(r)
+		- mail.c57.apps	(r)
+		- my.c57.apps	(r)
+		- portal.c57.apps	(r)
+		- sip.c57.apps	(r)
+		- spadmin.c57.apps	(r)
+		- sts.c57.apps	(r)
+		- teams.c57.apps	(r)
+		- webconf.c57.apps	(r)
+		- autodiscover.mt1.apps	(r)
+		- custowasfarm1.mt1.apps	(r)
+		- custowasfarm2.mt1.apps	(r)
+		- ews.mt1.apps	(r)
+		- mail.mt1.apps	(r)
+		- portal.mt1.apps	(r)
+		- portal-a.mt1.apps	(r)
+		- sts.mt1.apps	(r)
+		- Passwordregistration.ngd.apps	(r)
+		- Passwordreset.ngd.apps	(r)
+		- admin.ngd.apps	(r)
+		- autodiscover.ngd.apps	(r)
+		- communities.ngd.apps	(r)
+		- custowasfarm1.ngd.apps	(r)
+		- custowasfarm2.ngd.apps	(r)
+		- custweb-ext.ngd.apps	(r)
+		- dev.ngd.apps	(r)
+		- ews.ngd.apps	(r)
+		- mail.ngd.apps	(r)
+		- my.ngd.apps	(r)
+		- passwordregistration.ngd.apps	(r)
+		- passwordreset.ngd.apps	(r)
+		- portal.ngd.apps	(r)
+		- sip.ngd.apps.cloud	(t)
+		- spadmin.ngd.apps	(r)
+		- sts.ngd.apps	(r)
+		- teams.ngd.apps	(r)
+		- webconf.ngd.apps.cloud	(t)
+		- admin.svt.apps	(r)
+		- autodiscover.svt.apps	(r)
+		- communities.svt.apps	(r)
+		- custowasfarm1.svt.apps	(r)
+		- custowasfarm2.svt.apps	(r)
+		- custweb-ext.svt.apps	(r)
+		- dev.svt.apps	(r)
+		- ews.svt.apps	(r)
+		- lync.svt.apps	(r)
+		- lyncdiscover.svt.apps	(r)
+		- mail.svt.apps	(r)
+		- my.svt.apps	(r)
+		- portal.svt.apps	(r)
+		- sip.svt.apps	(r)
+		- smtp.svt.apps.cloud	(t)
+		- spadmin.svt.apps	(r)
+		- sts.svt.apps	(r)
+		- teams.svt.apps	(r)
+		- webconf.svt.apps	(r)
+		- webconf.tld.apps	(r)
+		- beta-sapi	(HTTP 404 error)
+		- ccezwebrfns001.cce	(t)
+		- chat	(e)
+		- cliq	(i)
+		- admin.tld.apps.cloud	(e)
+		- autodiscover.tld.apps	(r)
+		- communities.tld.apps.cloud	(e)
+		- custowasfarm1.tld.apps.cloud	(r)
+		- custowasfarm2.tld.apps.cloud	(r)
+		- custweb-ext.tld.apps.cloud	(e)
+		- dev.tld.apps.cloud	(e)
+		- ews.tld.apps	(r)
+		- mail.tld.apps.cloud	(e)
+		- my.tld.apps.cloud	(e)
+		- portal.tld.apps.cloud	(e)
+		- sip.tld.apps	(r)
+		- spadmin.tld.apps.cloud	(e)
+		- sts.tld.apps	(r)
+		- teams.tld.apps.cloud	(e)
+		- bss-oss-facade.dev.cloud	(t)
+		- bss-oss-facade.p-1.cloud	(t)
+		- bss-oss-facade.p-2.cloud	(t)
+		- bss-oss-facade.p-3.cloud	(t)
+		- tcif-dns-portal.cloud	(t)
+		- o2monitoring.cmi	(s)
+		- mail.collab	(r)
+		- portal.collab	(r)
+		- portal-a.collab	(r)
+		- www.cobs	(t)
+		- mobileordering.cobs	(invalid redirect)
+		- portal4.cobs	(s)
+		- www.cobs1	(t)
+		- conferencing	(t)
+		- selfcare.connect	(e)
+		- cpmf	(m)
+		- crowdsupport	(m)
+		- smarthome.cto	(t)
+		- fb.ctones	(t)
+		- ctonesfoh	(s)
+		- daas	(t)
+		- dep	(m)
+		- epdg.epc.devmobile	(t)
+		- btbc-mod.digitalbusiness	(m)
+		- dms.model.digitalbusiness	(t)
+		- polydms.model.digitalbusiness	(t)
+		- file.dvn	(e)
+		- ecoportal	(e)
+		- ecsmc	(r)
+		- b2b.ecsmc	(s)
+		- b2b.sit.ecsmc	(r)
+		- edd	(s)
+		- efm	(t)
+		- cla-bpe-f5.email	(t)
+		- devconsole.ess	(t)
+		- hmsdev-n-nsw.ess	(t)
+		- hmsdev-n-vic.ess	(r)
+		- hmsdev-nplus1-nsw.ess	(t)
+		- hmsdev-nplus1-vic.ess	(r)
+		- everyone	(t)
+		- evolution	(s)
+		- exchange	(m)
+		- www.exchange	(m)
+		- exfiles	(s)
+		- fb	(s)
+		- subscription.services.fn1	(r)
+		- tgqnslev01cxe.gcc	(t)
+		- hk.gms	(t)
+		- uk.gms	(r)
+		- us.gms	(r)
+		- buy.govcloud	(s)
+		- heromessage	(e)
+		- pitt7-chi-dec-ipc01.hosting	(t)
+		- rtb.icall-lab	(t)
+		- exhi.idcservmgmt	(s)
+		- imap	(t)
+		- chat2-imn-ive.imnmgmt	(s)
+		- exhi4-imn-ive.imnmgmt	(s)
+		- custportal.inframvsstg.in	(s)
+		- calling.innovation	(r)
+		- drive.innovation	(t)
+		- tet.innovation	(t)
+		- careerready.inside	(t)
+		- fms1.classroom.inside	(r)
+		- fms2.classroom.inside	(r)
+		- fms3.classroom.inside	(r)
+		- fm.inside	(s)
+		- indigenousexperience.inside	(r)
+		- www.indigenousexperience.inside	(r)
+		- nbnconnectedhome.inside	(m)
+		- home-stg.news.inside	(r)
+		- api.home-stg.news.inside	(r)
+		- web.home-stg.news.inside	(r)
+		- v2srating.inside	(r)
+		- rna.vpn.inside	(r)
+		- insight	(m)
+		- internalcareers	(m)
+		- intl	(t)
+		- autodiscover.intl	(e)
+		- cloud.intl	(r)
+		- oab.intl	(t)
+		- um-edge1.intl	(r)
+		- webmail.intl	(e)
+		- svt.stage.ipss	(s)
+		- svt.ipss	(s)
+		- ipvc	(e)
+		- desktopclient.ipvc	(s)
+		- desktopclient.ipvcstaging	(t)
+		- cpp.keystone	(r)
+		- lanes	(s)
+		- leadership	(e)
+		- m	(t)
+		- www.m	(t)
+		- mail	(m)
+		- manage-tcloud	(s)
+		- www.marketinghub	(m)
+		- www.marketplace	(e)
+		- dev.marketplace	(t)
+		- jama.mbc	(t)
+		- mdm	(t)
+		- mdn	(r)
+		- search.media	(e)
+		- mlm	(r)
+		- mlmmodel	(r)
+		- dm2.mobile	(t)
+		- mpmweb.mobile	(t)
+		- foh.mobilescvm	(t)
+		- mobiletv	(m)
+		- mobilitypartner	(e)
+		- www.mobilitypartner	(e)
+		- model-tsdpwebservices	(s)
+		- onlinesms.msg	(s)
+		- pc2mobile.msg	(e)
+		- wow.msg	(s)
+		- www.mss	(t)
+		- modelvm2e.mymessages	(t)
+		- myprepaid	(t)
+		- myprepaidmod	(m)
+		- mysync	(e)
+		- aqua.prod.security.nbnb2b-gw	(t)
+		- nessus.prod.security.nbnb2b-gw	(t)
+		- svt.nbndaportal	(e)
+		- uat-a.nbndaportal	(r)
+		- uat-b.nbndaportal	(r)
+		- uat-c.nbndaportal	(r)
+		- nbnthanks	(e)
+		- afllivehlsjit346.ngcdn	(t)
+		- bpmultihlslive2258.ngcdn	(s)
+		- bpmultihlsvod3257.ngcdn	(r)
+		- bpmultiwoc253.ngcdn	(s)
+		- bponlinewoc6264.ngcdn	(r)
+		- bptvpd.ngcdn	(r)
+		- cht-cdn220-is-3.se.bptvpd.ngcdn	(m)
+		- win-cdn220-is-2.se.bptvpd.ngcdn	(m)
+		- win-cdn220-is-3.se.bptvpd.ngcdn	(m)
+		- lon-cdn220-is-3.se.bptvvod.ngcdn	(s)
+		- cedexisudnsffdl844.ngcdn	(r)
+		- fairfaxiosffdl734.ngcdn	(s)
+		- haydc-cdn220-pe-1.se.fairfaxiosffdl734.ngcdn	(s)
+		- ken-cdn220-is-1.se.fairfaxiosffdl734.ngcdn	(s)
+		- ken-cdn220-is-12.se.fairfaxiosffdl734.ngcdn	(s)
+		- lon-cdn220-is-10.se.fairfaxiosffdl734.ngcdn	(s)
+		- lon-cdn220-is-3.se.fairfaxiosffdl734.ngcdn	(s)
+		- win-cdn220-is-10.se.fairfaxiosffdl734.ngcdn	(s)
+		- telstraonlinewoc763.ngcdn03	(s)
+		- npmantbtest	(s)
+		- npmantegtest	(s)
+		- npmantwtest	(s)
+		- cause.one	(t)
+		- partnerapps-v2	(s)
+		- cp.pen	(m)
+		- www.deskcontrol.pm	(m)
+		- www.missioncontrol.pm	(m)
+		- smtp-pitt.pm	(s)
+		- api.pn	(m)
+		- group-mgmt.pn	(m)
+		- openam.pn	(t)
+		- pen.pn	(m)
+		- pen-dashboard.pn	(t)
+		- penadmin.pn	(t)
+		- penapi.pn	(m)
+		- pricing1.pn	(m)
+		- pricingrs1.pn	(m)
+		- pocketnews	(t)
+		- www.pocketnews	(r)
+		- admin.pocketnews	(t)
+		- pop	(t)
+		- vas.int.portal	(t)
+		- www.prm-apps	(r)
+		- prm-v2	(r)
+		- prmrifdi	(r)
+		- prmsit3	(s)
+		- pulsegw	(t)
+		- redeemtickets	(t)
+		- www.redeemtickets	(t)
+		- netops.rms	(t)
+		- int.sdf	(t)
+		- messaging.int.sdf	(e)
+		- osm.int.sdf	(t)
+		- sapi	(HTTP 404 error)
+		- say.int.sdf	(t)
+		- signon.int.sdf	(t)
+		- uma.int.sdf	(t)
+		- demoapi.security	(t)
+		- devapi.security	(t)
+		- labapi.security	(t)
+		- preprodapi.security	(t)
+		- servicesit	(m)
+		- shop	(e)
+		- signon2	(t)
+		- signonit	(m)
+		- skt1eprod	(r)
+		- sllprm	(s)
+		- connect.smart	(t)
+		- hub.dev.smart	(m)
+		- stream1.dev.smart	(r)
+		- relay.smart	(e)
+		- stream1.trl.smart	(r)
+		- relay1.smarthome	(t)
+		- relay6.smarthome	(r)
+		- stream1.smarthome	(r)
+		- stream2.smarthome	(r)
+		- stream3.smarthome	(r)
+		- stream4.smarthome	(r)
+		- stream5.smarthome	(r)
+		- stream6.smarthome	(r)
+		- smtp	(t)
+		- speedtest	(r)
+		- staging	(t)
+		- www.staging	(t)
+		- shop.staging	(t)
+		- web02.staging	(r)
+		- www.stockquotes	(m)
+		- symphony	(t)
+		- symphony-p2	(t)
+		- store.t-suite	(t)
+		- net365.admin.t-suite	(e)
+		- testadmin.t-suite	(t)
+		- net365.testadmin.t-suite	(e)
+		- teststore.t-suite	(t)
+		- testsuperadmin.t-suite	(t)
+		- talknow	(t)
+		- talknowfoh	(t)
+		- tapi	(HTTP 404 error)
+		- tapp	(r)
+		- deskcontrol.tbn	(i)
+		- Missioncontrol.tbn	(e)
+		- missioncontrol.tbn	(e)
+		- tghnslev11expe.tcc	(t)
+		- tghvcltv11expe.tcc	(t)
+		- telstrabc	(e)
+		- tlu4.tcc	(t)
+		- tlu4nslev01cxe.tcc	(t)
+		- txlgw.tcc	(t)
+		- txlnslev11cxe.tcc	(t)
+		- txlnslev12cxe.tcc	(t)
+		- txlnslev13cxe.tcc	(t)
+		- txlvcltv11cxe.tcc	(t)
+		- txlvcltv12cxe.tcc	(t)
+		- txlvcltv13cxe.tcc	(t)
+		- admin.dev.team	(s)
+		- autodiscover.dev.team	(t)
+		- communities.dev.team	(s)
+		- dev.dev.team	(s)
+		- lync.dev.team	(s)
+		- lyncdiscover.dev.team	(s)
+		- mail.dev.team	(s)
+		- my.dev.team	(s)
+		- portal.dev.team	(s)
+		- spadmin.dev.team	(s)
+		- teams.dev.team	(s)
+		- Lyncdire1.test.team	(r)
+		- Lyncwebe1.test.team	(r)
+		- lync.test.team	(r)
+		- lyncdiscover.test.team	(r)
+		- officewebapps01.test.team	(r)
+		- telstraassistancefund	(m)
+		- www.telstraassistancefund	(m)
+		- telstrabusinessawards	(m)
+		- www.telstrabusinessawards	(m)
+		- teos	(t)
+		- teosquality	(t)
+		- theproject	(m)
+		- rrds.thor	(m)
+		- admin.mdm.thyra	(t)
+		- ds.mdm.thyra	(t)
+		- myrna.mdm.thyra	(HTTP 404 error)
+		- myrna.ssl.thyra	(e)
+		- admin.testmdm.thyra	(t)
+		- ds.testmdm.thyra	(t)
+		- eis.testmdm.thyra	(t)
+		- seg.testmdm.thyra	(m)
+		- tim4.tim	(r)
+		- tim6.tim	(r)
+		- callcentre.tipt	(t)
+		- dms-mod.tipt	(m)
+		- ews.tipt	(t)
+		- ews-exhi.tipt	(t)
+		- ews-stld.tipt	(t)
+		- ewsint.tipt	(t)
+		- ewsint-exhi.tipt	(t)
+		- mireception.tipt	(t)
+		- www.tiptcgatool	(t)
+		- tmvs	(e)
+		- tribe	(m)
+		- tsdpwebservices	(r)
+		- tvideods	(e)
+		- tvideods-pp	(e)
+		- rvo.uk	(t)
+		- st.uk	(t)
+		- st3-app.uk	(t)
+		- videomonitoring	(t)
+		- vmr	(t)
+		- s1.vmr	(t)
+		- wap	(t)
+		- waprd	(t)
+		- configure.wdms	(t)
+		- web02		(HTTP 500 error)
+		- web02foh	(t)
+		- www.web02foh	(t)
+		- webedge	(e)
+		- webedge2	(e)
+		- webmail	(e)
+		- webmail2	(e)
+		- www.webquotes	(m)
+		- yourcdn	(e)
+		- collab.pprd.yourtelstratools	(r)
+		- svt.stage.yourtelstratools	(s)
+		- svt.yourtelstratools	(s)
+		- collab.uat-a.yourtelstratools	(r)
+		- rrds.uat-a.yourtelstratools	(r)
+		- collab.uat-b.yourtelstratools	(r)
+		- rrds.uat-b.yourtelstratools	(r)
+		- collab.uat-c.yourtelstratools	(r)
+		- rrds.uat-c.yourtelstratools	(r)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Telstra.com">
+
+	<target host="telstra.com" />
+	<target host="www.telstra.com" />
+	<target host="accessories.telstra.com" />
+	<target host="activation.telstra.com" />
+	<target host="api.telstra.com" />
+	<target host="beta.api.telstra.com" />
+	<target host="sandbox.api.telstra.com" />
+	<target host="staging.api.telstra.com" />
+	<target host="apps.telstra.com" />
+	<target host="dealer.apps.telstra.com" />
+	<target host="support.apps.telstra.com" />
+	<target host="dealer.support.apps.telstra.com" />
+	<target host="training-uat.apps.telstra.com" />
+	<target host="transition.apps.telstra.com" />
+	<target host="dealer.transition.apps.telstra.com" />
+	<target host="uat1.apps.telstra.com" />
+	<target host="uat2.apps.telstra.com" />
+	<target host="uat3.apps.telstra.com" />
+	<target host="apps-uat.telstra.com" />
+	<target host="autoconfig.telstra.com" />
+	<target host="awr.telstra.com" />
+	<target host="billing.telstra.com" />
+	<target host="www.billing.telstra.com" />
+	<target host="ebapweb.billpay.telstra.com" />
+	<target host="ebapwebsm.billpay.telstra.com" />
+	<target host="bookmentoring.telstra.com" />
+	<target host="brand.telstra.com" />
+	<target host="staging.brand.telstra.com" />
+	<target host="buycloud.telstra.com" />
+	<target host="buyiot.telstra.com" />
+	<target host="calendar.telstra.com" />
+	<target host="careers.telstra.com" />
+	<target host="cat2prm.telstra.com" />
+	<target host="ccezwebrfas001.cce.telstra.com" />
+	<target host="cliq-yammer.telstra.com" />
+	<target host="cloud.telstra.com" />
+	<target host="www.cloud.telstra.com" />
+	<target host="git.ci.cloud.telstra.com" />
+	<target host="jenkins.ci.cloud.telstra.com" />
+	<target host="cloudcontact.telstra.com" />
+	<target host="cloudcontact-csr.telstra.com" />
+	<target host="cloudcontact-reporting.telstra.com" />
+	<target host="nswmeet.cmi.telstra.com" />
+	<target host="vicmeet.cmi.telstra.com" />
+	<target host="mbrs.cobs.telstra.com" />
+	<target host="portal.cobs.telstra.com" />
+	<target host="portal2.cobs.telstra.com" />
+	<target host="conferencing1.telstra.com" />
+	<target host="contacts.telstra.com" />
+	<target host="cto.telstra.com" />
+	<target host="id.cto.telstra.com" />
+	<target host="ctones.telstra.com" />
+	<target host="datait.telstra.com" />
+	<target host="dev.telstra.com" />
+	<target host="cb.test.dev.telstra.com" />
+	<target host="its-sandpit.cb.test.dev.telstra.com" />
+	<target host="qa.cb.test.dev.telstra.com" />
+	<target host="slot1.cb.test.dev.telstra.com" />
+	<target host="slot2.cb.test.dev.telstra.com" />
+	<target host="slot3.cb.test.dev.telstra.com" />
+	<target host="slot4.cb.test.dev.telstra.com" />
+	<target host="slot5.cb.test.dev.telstra.com" />
+	<target host="slot6.cb.test.dev.telstra.com" />
+	<target host="slot7.cb.test.dev.telstra.com" />
+	<target host="slot8.cb.test.dev.telstra.com" />
+	<target host="slot9.cb.test.dev.telstra.com" />
+	<target host="dev-smarthome.telstra.com" />
+	<target host="developer.telstra.com" />
+	<target host="messaging.devicecare.telstra.com" />
+	<target host="btbc.digitalbusiness.telstra.com" />
+	<target host="dms.digitalbusiness.telstra.com" />
+	<target host="dms-mod.digitalbusiness.telstra.com" />
+	<target host="ews.digitalbusiness.telstra.com" />
+	<target host="ews-mod.digitalbusiness.telstra.com" />
+	<target host="polydms.digitalbusiness.telstra.com" />
+	<target host="polydms-mod.digitalbusiness.telstra.com" />
+	<target host="portal.digitalbusiness.telstra.com" />
+	<target host="portal-mod.digitalbusiness.telstra.com" />
+	<target host="e.telstra.com" />
+	<target host="emailupdate.telstra.com" />
+	<target host="enrol.telstra.com" />
+	<target host="enterprise.telstra.com" />
+	<target host="enterprise-support.telstra.com" />
+	<target host="forms.enterprisenews.telstra.com" />
+	<target host="es.telstra.com" />
+	<target host="hmsdev.ess.telstra.com" />
+	<target host="hmsdev-n.ess.telstra.com" />
+	<target host="hmsdev-nplus1.ess.telstra.com" />
+	<target host="fastfix.telstra.com" />
+	<target host="federatesso.telstra.com" />
+	<target host="feedback.telstra.com" />
+	<target host="fix.telstra.com" />
+	<target host="api.fix.telstra.com" />
+	<target host="gateway.telstra.com" />
+	<target host="infos.telstra.com" />
+	<target host="innovation.telstra.com" />
+	<target host="brilliantbasics.inside.telstra.com" />
+	<target host="ccr.inside.telstra.com" />
+	<target host="classroom.inside.telstra.com" />
+	<target host="author.classroom.inside.telstra.com" />
+	<target host="publish.classroom.inside.telstra.com" />
+	<target host="getstarted.inside.telstra.com" />
+	<target host="hrdirect.inside.telstra.com" />
+	<target host="insightacademy.inside.telstra.com" />
+	<target host="mobileexperiencemonitor.inside.telstra.com" />
+	<target host="myrewards.inside.telstra.com" />
+	<target host="telstraleaderprogram.inside.telstra.com" />
+	<target host="telstrasam.inside.telstra.com" />
+	<target host="thrive.inside.telstra.com" />
+	<target host="www.thrive.inside.telstra.com" />
+	<target host="test.thrive.inside.telstra.com" />
+	<target host="iot.telstra.com" />
+	<target host="coj.iot.telstra.com" />
+	<target host="ipss.telstra.com" />
+	<target host="www.ipss.telstra.com" />
+	<target host="stage.ipss.telstra.com" />
+	<target host="labs.telstra.com" />
+	<target host="livechat.telstra.com" />
+	<target host="marketinghub.telstra.com" />
+	<target host="marketplace.telstra.com" />
+	<target host="jb.marketplace.telstra.com" />
+	<target host="test.jb.marketplace.telstra.com" />
+	<target host="test.marketplace.telstra.com" />
+	<target host="hi4a.messagebank.telstra.com" />
+	<target host="wi4a.messagebank.telstra.com" />
+	<target host="mmod.telstra.com" />
+	<target host="mm7.mms.telstra.com" />
+	<target host="mob.telstra.com" />
+	<target host="mobileservices.telstra.com" />
+	<target host="staging.mobileservices.telstra.com" />
+	<target host="mss.telstra.com" />
+	<target host="myaccount.telstra.com" />
+	<target host="myacct.telstra.com" />
+	<target host="api.mycalling.telstra.com" />
+	<target host="api-c.mycalling.telstra.com" />
+	<target host="api-s.mycalling.telstra.com" />
+	<target host="portal.mycalling.telstra.com" />
+	<target host="portal-c.mycalling.telstra.com" />
+	<target host="portal-s.mycalling.telstra.com" />
+	<target host="wapi.mycalling.telstra.com" />
+	<target host="wapi-c.mycalling.telstra.com" />
+	<target host="wapi-s.mycalling.telstra.com" />
+	<target host="wsale.mycalling.telstra.com" />
+	<target host="wsale-c.mycalling.telstra.com" />
+	<target host="wsale-s.mycalling.telstra.com" />
+	<target host="mycloud.telstra.com" />
+	<target host="myiot.telstra.com" />
+	<target host="mymessages.telstra.com" />
+	<target host="mymessages-1.mymessages.telstra.com" />
+	<target host="voicemail.mymessages.telstra.com" />
+	<target host="mynetwork.telstra.com" />
+	<target host="nbndaportal.telstra.com" />
+	<target host="neqce.telstra.com" />
+	<target host="news.telstra.com" />
+	<target host="portal.ngcdn.telstra.com" />
+	<target host="npmantb.telstra.com" />
+	<target host="npmanteg.telstra.com" />
+	<target host="npmantw.telstra.com" />
+	<target host="onlinesms.telstra.com" />
+	<target host="outages.telstra.com" />
+	<target host="partnerapps.telstra.com" />
+	<target host="mail.pen.telstra.com" />
+	<target host="portal.pen.telstra.com" />
+	<target host="www.pn.telstra.com" />
+	<target host="cp.pn.telstra.com" />
+	<target host="mail.pn.telstra.com" />
+	<target host="prepaidrecharge.telstra.com" />
+	<target host="www.prepaidrecharge.telstra.com" />
+	<target host="sdev.telstra.com" />
+	<target host="ext.sdf.telstra.com" />
+	<target host="identitymanagement.ext.sdf.telstra.com" />
+	<target host="osm.ext.sdf.telstra.com" />
+	<target host="signon.ext.sdf.telstra.com" />
+	<target host="uma.ext.sdf.telstra.com" />
+	<target host="signon.sdf.telstra.com" />
+	<target host="payment.sdfcust.telstra.com" />
+	<target host="security.telstra.com" />
+	<target host="services.telstra.com" />
+	<target host="servicestatus.telstra.com" />
+	<target host="signon.telstra.com" />
+	<target host="signon-fn1.telstra.com" />
+	<target host="signon-fn2.telstra.com" />
+	<target host="signon-fn3.telstra.com" />
+	<target host="signon-fn4.telstra.com" />
+	<target host="signon-svt.telstra.com" />
+	<target host="smallbusiness.telstra.com" />
+	<target host="bundle.dev.smart.telstra.com" />
+	<target host="relay.dev.smart.telstra.com" />
+	<target host="relay1.dev.smart.telstra.com" />
+	<target host="connected.trl.smart.telstra.com" />
+	<target host="relay.trl.smart.telstra.com" />
+	<target host="relay1.trl.smart.telstra.com" />
+	<target host="smartcontrols.telstra.com" />
+	<target host="forms.smarterbusiness.telstra.com" />
+	<target host="smarthome.telstra.com" />
+	<target host="bundle.smarthome.telstra.com" />
+	<target host="relay.smarthome.telstra.com" />
+	<target host="relay2.smarthome.telstra.com" />
+	<target host="relay3.smarthome.telstra.com" />
+	<target host="relay4.smarthome.telstra.com" />
+	<target host="relay5.smarthome.telstra.com" />
+	<target host="ssoinit.telstra.com" />
+	<target host="stayconnected.telstra.com" />
+	<target host="servicerequest.stayconnected.telstra.com" />
+	<target host="yourservicerequest.stayconnected.telstra.com" />
+	<target host="www.supplychain.telstra.com" />
+	<target host="tba.telstra.com" />
+	<target host="tbwa.telstra.com" />
+	<target host="teos-i.telstra.com" />
+	<target host="teosquality-i.telstra.com" />
+	<target host="api.thanks.telstra.com" />
+	<target host="www.thor.telstra.com" />
+	<target host="sa.auth.thyra.telstra.com" />
+	<target host="seg.mdm.thyra.telstra.com" />
+	<target host="sa.thyra.telstra.com" />
+	<target host="enterpriseenrollment.testmdm.thyra.telstra.com" />
+	<target host="myrna.testmdm.thyra.telstra.com" />
+	<target host="cmanager.tipt.telstra.com" />
+	<target host="dms.tipt.telstra.com" />
+	<target host="trade-in.telstra.com" />
+	<target host="unlock.telstra.com" />
+	<target host="yourtelstratools.telstra.com" />
+	<target host="collab.yourtelstratools.telstra.com" />
+	<target host="rrds.yourtelstratools.telstra.com" />
+	<target host="staging.yourtelstratools.telstra.com" />
+
+  	<securecookie host="^www\.telstra\.com$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Teltarif.xml b/src/chrome/content/rules/Teltarif.xml
new file mode 100644
index 000000000000..11bf0c526471
--- /dev/null
+++ b/src/chrome/content/rules/Teltarif.xml
@@ -0,0 +1,18 @@
+<ruleset name="Teltarif">
+
+	<target host="teltarif.de"/>
+	<target host="m.teltarif.de"/>
+	<target host="mobil.teltarif.de"/>
+	<target host="www.mobil.teltarif.de"/>
+	<target host="www.teltarif.de"/>
+
+        <target host="www.0180.info" />
+        <target host="mobil.0180.info" />
+        <target host="0180.info"/>
+
+	<securecookie host="^\.teltarif\.de$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Telus.xml b/src/chrome/content/rules/Telus.xml
new file mode 100644
index 000000000000..0cd284c9e349
--- /dev/null
+++ b/src/chrome/content/rules/Telus.xml
@@ -0,0 +1,34 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+		- msg.telus.com
+
+		SSL peer certificate was not OK:
+		- telushealth.com
+		- telusmobility.com
+
+		Incomplete certificate chain error:
+		- mobileidentity.telus.com
+-->
+<ruleset name="Telus (partial)">
+	<target host="telushealth.co" />
+	<target host="www.telushealth.co" />
+
+	<target host="telus.com" />
+	<target host="www.telus.com" />
+	<target host="b.telus.com" />
+	<target host="mobility.telus.com" />
+	<target host="shop.telus.com" />
+	<target host="static.telus.com" />
+
+	<target host="www.telushealth.com" />
+
+	<target host="telusinternational.com" />
+	<target host="www.telusinternational.com" />
+
+	<target host="www.telusmobility.com" />
+
+	<target host="webmail.telus.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Temando.com.xml b/src/chrome/content/rules/Temando.com.xml
deleted file mode 100644
index 769f6ac359d2..000000000000
--- a/src/chrome/content/rules/Temando.com.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Temando.com">
-
-	<target host="temando.com" />
-	<target host="*.temando.com" />
-
-
-	<securecookie host="^dashboard\.temando\.com$" name=".+" />
-
-
-	<rule from="^http://(dashboard\.|www\.)?temando\.com/"
-		to="https://$1temando.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Temp-Mail.xml b/src/chrome/content/rules/Temp-Mail.xml
new file mode 100644
index 000000000000..6602282e3035
--- /dev/null
+++ b/src/chrome/content/rules/Temp-Mail.xml
@@ -0,0 +1,25 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.temp-mail.ru/ => https://www.temp-mail.ru/: (6, 'Could not resolve host: www.temp-mail.ru')
+
+	Problematic subdomains:
+
+		- hazar.temp-mail.org ¹
+
+	¹: Timeout
+
+-->
+<ruleset name="Temp Mail" default_off="failed ruleset test">
+
+	<target host="temp-mail.org" />
+	<target host="www.temp-mail.org" />
+
+	<target host="temp-mail.ru" />
+	<target host="www.temp-mail.ru" />
+	<target host="api.temp-mail.ru" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Template_Monster.com.xml b/src/chrome/content/rules/Template_Monster.com.xml
index e8396bd46c1d..8fbc2f317946 100644
--- a/src/chrome/content/rules/Template_Monster.com.xml
+++ b/src/chrome/content/rules/Template_Monster.com.xml
@@ -58,10 +58,15 @@
 <ruleset name="Template Monster.com (partial)">
 
 	<target host="templatemonster.com" />
-	<target host="*.templatemonster.com" />
+	<target host="secure.templatemonster.com" />
+	<target host="www.templatemonster.com" />
+	<target host="scr.templatemonster.com" />
+	<target host="wac.templatemonster.com" />
 		<!--exclusion pattern="^http://(www\.)?templatemonster\.com/($|\?|main\.js)" /-->
 		<exclusion pattern="^http://(?:www\.)?templatemonster\.com/(?!cart\.php|favicon\.ico|images/|js/|themes/)" />
-	<target host="*.tmimgcdn.com" />
+	<target host="i.tmimgcdn.com" />
+	<target host="j.tmimgcdn.com" />
+	<target host="t.tmimgcdn.com" />
 
 
 	<!--	Tracking cookies:
@@ -76,8 +81,6 @@
 	<rule from="^http://scr\.templatemonster\.com/"
 		to="https://scrtm-templatemonster.netdna-ssl.com/" />
 
-	<rule from="^http://wac\.templatemonster\.com/"
-		to="https://wac.templatemonster.com/" />
 
 	<rule from="^http://i\.tmimgcdn\.com/"
 		to="https://secure.templatemonster.com/images/" />
@@ -88,4 +91,5 @@
 	<rule from="^http://t\.tmimgcdn\.com/"
 		to="https://themestm-templatemonster.netdna-ssl.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Tenable.com.xml b/src/chrome/content/rules/Tenable.com.xml
index c9f248c4d195..8e19ab863ef2 100644
--- a/src/chrome/content/rules/Tenable.com.xml
+++ b/src/chrome/content/rules/Tenable.com.xml
@@ -1,27 +1,58 @@
 <!--
-	Tenable Network Security
-
-
-	Nonfunctional subdomains:
-
-		- (www.)	(dropped)
-
-
-	Fully covered subdomains:
-
-		- store
-		- support
+	Time out:
+		blackhat.tenable.com
+		cn.tenable.com
+		elearn.tenable.com
+		jobs.tenable.com
+		rsa.tenable.com
+		wwwredir.tenable.com
+
+	Login required:
+		cloud.tenable.com
+		*.cloud.tenable.com
+		lookbook.tenable.com
+		nec-support.tenable.com
+		pci.tenable.com
+		perimeter-support.tenable.com
+
+	Refused:
+		go.tenable.com
+		uptime.tenable.com
+
+	Invalid certificate:
+		info.tenable.com
+		traincdn.tenable.com
+		videos.tenable.com
 
 -->
-<ruleset name="Tenable.com (partial)">
-
-	<target host="*.tenable.com" />
-
-
-	<securecookie host="^(?:store|\.support)\.tenable\.com$" name=".+" />
-
-
-	<rule from="^http://s(tore|upport)\.tenable\.com/"
-		to="https://s$1.tenable.com/" />
+<ruleset name="Tenable.com">
+
+	<target host="tenable.com" />
+	<target host="www.tenable.com" />
+	<target host="apps-discussions.tenable.com" />
+	<target host="blog.tenable.com" />
+	<target host="careers.tenable.com" />
+	<target host="cftest.tenable.com" />
+	<target host="cgi.tenable.com" />
+	<target host="community.tenable.com" />
+	<target host="companystore.tenable.com" />
+	<target host="de.tenable.com" />
+	<target host="discussions.tenable.com" />
+	<target host="docs.tenable.com" />
+	<target host="es-la.tenable.com" />
+	<target host="forms.tenable.com" />
+	<target host="fr.tenable.com" />
+	<target host="jp.tenable.com" />
+	<target host="static.tenable.com" />
+	<target host="store.tenable.com" />
+	<target host="support.tenable.com" />
+	<target host="university.tenable.com" />
+	<target host="zh-cn.tenable.com" />
+	<target host="zh-tw.tenable.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Tendatta.com.xml b/src/chrome/content/rules/Tendatta.com.xml
deleted file mode 100644
index fd4770ac1034..000000000000
--- a/src/chrome/content/rules/Tendatta.com.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	Web bugs.
-
-
-	Fully covered subdomains:
-
-		- ^
-		- go
-
-
-	www.tendatta.com doesn't exist.
-
--->
-<ruleset name="tendatta.com">
-
-	<target host="tendatta.com" />
-	<target host="go.tendatta.com" />
-
-
-	<rule from="^http://(go\.)?tendatta\.com/"
-		to="https://$1tendatta.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Tenhou.net.xml b/src/chrome/content/rules/Tenhou.net.xml
new file mode 100644
index 000000000000..56bdafe13a32
--- /dev/null
+++ b/src/chrome/content/rules/Tenhou.net.xml
@@ -0,0 +1,12 @@
+<!--
+	mismatch: blog.tenhou.net
+-->
+
+<ruleset name="Tenhou.net">
+	<target host="tenhou.net" />
+	<target host="cdn.tenhou.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Tenon.com.xml b/src/chrome/content/rules/Tenon.com.xml
new file mode 100644
index 000000000000..d93ee27f7088
--- /dev/null
+++ b/src/chrome/content/rules/Tenon.com.xml
@@ -0,0 +1,19 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://tenon.com/ => https://www.tenon.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.tenon.com/ => https://www.tenon.com/: (28, 'Connection timed out after 20000 milliseconds')
+
+	^: cert only matches www
+
+-->
+<ruleset name="Tenon.com" default_off="failed ruleset test">
+
+	<target host="tenon.com" />
+	<target host="www.tenon.com" />
+
+
+	<rule from="^http://(?:www\.)?tenon\.com/"
+		to="https://www.tenon.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Tenpay.com.xml b/src/chrome/content/rules/Tenpay.com.xml
new file mode 100644
index 000000000000..307de0be02ad
--- /dev/null
+++ b/src/chrome/content/rules/Tenpay.com.xml
@@ -0,0 +1,50 @@
+<!--
+	For rules causing false/broken MCB, see Tenpay.com-falsemixed.xml.
+
+
+	Nonfunctional hosts in *tenpay.com:
+
+		- action	502
+		- help		404
+		- juhui		503
+		- mch		Handshake fails
+		- money		Redirects to www.tenpay.com
+		- open		200 redirects to error.shtml
+		- sdc		Blank page
+		- union		Dropped
+
+
+	Problematic hosts in *tenpay.com:
+
+		- global	Untrusted root
+		- life		Mixed iframe
+
+
+	Mixed content:
+
+		- iframe on life from cb.qq.com *
+		- Bug on global from www.googleadservices.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Tenpay.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="tenpay.com" />
+	<target host="img.tenpay.com" />
+	<!--target host="life.tenpay.com" /-->
+	<target host="ui.ptlogin2.tenpay.com" />
+	<target host="xui.ptlogin2.tenpay.com" />
+	<target host="wallet.tenpay.com" />
+	<target host="www.tenpay.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Tent.io.xml b/src/chrome/content/rules/Tent.io.xml
deleted file mode 100644
index be0e843b1796..000000000000
--- a/src/chrome/content/rules/Tent.io.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	CDN buckets:
-
-		- d31dxsia6hg3x2.cloudfront.net
-
--->
-<ruleset name="Tent.io">
-
-	<target host="tent.io" />
-	<target host="www.tent.io" />
-
-
-	<rule from="^http://(www\.)?tent\.io/"
-		to="https://$1tent.io/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Tent.is.xml b/src/chrome/content/rules/Tent.is.xml
index a0211e7c5484..976f83b9bde4 100644
--- a/src/chrome/content/rules/Tent.is.xml
+++ b/src/chrome/content/rules/Tent.is.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://tent.is/ => https://tent.is/: (6, 'Could not resolve host: tent.is')
+
 	CDN buckets:
 
 		- d2ztykom2wnksx.cloudfront.net
@@ -14,7 +18,7 @@
 		- *	(user subdomains)
 
 -->
-<ruleset name="Tent.is">
+<ruleset name="Tent.is" default_off="failed ruleset test">
 
 	<target host="tent.is" />
 	<target host="*.tent.is" />
@@ -23,4 +27,4 @@
 	<rule from="^http://([\w-]+\.)?tent\.is/"
 		to="https://$1tent.is/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Tenten.vn.xml b/src/chrome/content/rules/Tenten.vn.xml
new file mode 100644
index 000000000000..34bf479ed000
--- /dev/null
+++ b/src/chrome/content/rules/Tenten.vn.xml
@@ -0,0 +1,17 @@
+<!--
+	For other GMO coverage, see GMO_Internet.xml.
+
+-->
+<ruleset name="Tenten.vn">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="tenten.vn" />
+	<target host="support.tenten.vn" />
+	<target host="www.tenten.vn" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Teo.xml b/src/chrome/content/rules/Teo.xml
new file mode 100644
index 000000000000..2ae5878d23f6
--- /dev/null
+++ b/src/chrome/content/rules/Teo.xml
@@ -0,0 +1,7 @@
+<ruleset name="Teo">
+	<target host="teo.lt" />
+	<target host="www.teo.lt" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Tequipment.NET.xml b/src/chrome/content/rules/Tequipment.NET.xml
index 92cc369decbf..372c3d399f43 100644
--- a/src/chrome/content/rules/Tequipment.NET.xml
+++ b/src/chrome/content/rules/Tequipment.NET.xml
@@ -12,7 +12,6 @@
 	<securecookie host="^store\.tequipment\.net$" name=".+" />
 
 
-	<rule from="^http://store\.tequipment\.net/"
-		to="https://store.tequipment.net/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Teracom-Consulting.xml b/src/chrome/content/rules/Teracom-Consulting.xml
index 0c1366c69768..347a7eda1b93 100644
--- a/src/chrome/content/rules/Teracom-Consulting.xml
+++ b/src/chrome/content/rules/Teracom-Consulting.xml
@@ -6,7 +6,7 @@
 	<target host="www.teracomconsulting.com" />
 
 
-	<rule from="^https?://(?:www\.)?teracomconsulting\.com/"
+	<rule from="^http://(?:www\.)?teracomconsulting\.com/"
 		to="https://teracomconsulting.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Terena.org.xml b/src/chrome/content/rules/Terena.org.xml
index fa204a6c1483..320fab5bc1ab 100644
--- a/src/chrome/content/rules/Terena.org.xml
+++ b/src/chrome/content/rules/Terena.org.xml
@@ -1,26 +1,42 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://crypto-filesender.terena.org/ => https://crypto-filesender.terena.org/: (6, 'Could not resolve host: crypto-filesender.terena.org')
+Fetch error: http://cryptosender.terena.org/ => https://cryptosender.terena.org/: (6, 'Could not resolve host: cryptosender.terena.org')
+Fetch error: http://lenin.terena.org/ => https://lenin.terena.org/: (6, 'Could not resolve host: lenin.terena.org')
+Fetch error: http://test-login.terena.org/ => https://test-login.terena.org/: (28, 'Connection timed out after 20001 milliseconds')
+Non-2xx HTTP code: http://tnc2006.terena.org/ (200) => https://www.terena.org/events/tnc2006/ (404)
+
+	For other GÉANT Association coverage, see GEANT.org.xml.
+
+
 	Nonfunctional subdomains:
 
 		- godzilla *
 		- mailarchive *
-		- papers *
+		- nipkow ²
+		- putin ³
 		- tnc200[0-4] **
-		- tnc2005 *
-		- v4 *
 
 	* Shows eduroam.org, valid cert
+	² Prints name
+	³ Shows refeds.org
 	** Shows eduroam.org; mismatched, CN: godzilla.terena.org
 
 
 	Problematic subdomains:
 
+		- rostov ¹
 		- tnc2006	(403)
+		- wikis ²
+
+	¹ 403
+	² Mismatched
 
 
 	Partially covered subdomains:
 
-		- (www.) *
-		- tnc200[789] *
+		- tnc200[5789] *
 		- tnc2010 *
 
 	* Some pages redirect to http
@@ -28,31 +44,118 @@
 
 	Fully covered subdomains:
 
+		- (www.)?
+		- compendium
 		- confluence
+		- crypto-filesender
+		- eventr
+		- filesender
+		- lenin
 		- login
-		- my
 		- omega
-		- tec
+		- rykov
+		- test-login
+		- tnc15
 		- tnc2006	(→ www)
-		- tnc201[1-4]
-		- wikis
+		- tnc201[1-5]
+		- wiki
+		- wikis		(→ wiki.terena.org)
+
+
+	These altnames don't exist:
+
+		- core.terena.org
+		- urnreg.terena.org
+
+
+	Insecure cookies are set for these hosts:
+
+		- compendium.terena.org
+		- crypto-filesender.terena.org
+		- cryptosender.terena.org
+		- eventr.terena.org
+		- filesender.terena.org
+		- login.terena.org
+		- omega.terena.org
+		- tnc15.terena.org
+		- tnc2011.terena.org
+		- tnc2012.terena.org
+		- tnc2013.terena.org
+		- tnc2014.terena.org
+		- wiki.terena.org
+		- www.terena.org
 
 -->
-<ruleset name="Terena.org (partial)">
+<ruleset name="Terena.org (partial)" default_off="failed ruleset test">
 
 	<target host="terena.org" />
 	<target host="*.terena.org" />
-		<exclusion pattern="^http://(?:www\.)?terena\.org/(?!css/|events(?:$|\?|/)|favicon\.ico|gfx/|js/)" />
-		<exclusion pattern="^http://tnc20(?:0\d|10)\.terena\.org/(?!css/|gfx/|js/)" />
+		<!--
+			Redirects to http:
+						-->
+		<!--exclusion pattern="^http://tnc(200[5789]|2010)\.terena\.org/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://tnc20(?:0[57-9]|10)\.terena\.org/(?!css/|gfx/|js/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://tnc2005.terena.org/" />
+			<test url="http://tnc2007.terena.org/" />
+			<test url="http://tnc2008.terena.org/" />
+			<test url="http://tnc2009.terena.org/" />
+			<test url="http://tnc2010.terena.org/" />
+
+			<!--	-ve:
+					-->
+			<test url="http://tnc2005.terena.org/core.css" />
+			<test url="http://tnc2007.terena.org/css/base.css" />
+			<test url="http://tnc2008.terena.org/css/min-base.css" />
+			<test url="http://tnc2009.terena.org/gfx/logos/terena_header.png" />
+			<test url="http://tnc2010.terena.org/css/min-base.css" />
+
+		<test url="http://compendium.terena.org/" />
+		<test url="http://confluence.terena.org/" />
+		<test url="http://crypto-filesender.terena.org/" />
+		<test url="http://cryptosender.terena.org/" />
+		<test url="http://eventr.terena.org/" />
+		<test url="http://filesender.terena.org/" />
+		<test url="http://lenin.terena.org/" />
+		<test url="http://login.terena.org/" />
+		<test url="http://omega.terena.org/" />
+		<test url="http://rykov.terena.org/" />
+		<test url="http://test-login.terena.org/" />
+		<test url="http://tnc15.terena.org/" />
+		<test url="http://tnc2006.terena.org/" />
+		<test url="http://tnc2011.terena.org/" />
+		<test url="http://tnc2012.terena.org/" />
+		<test url="http://tnc2013.terena.org/" />
+		<test url="http://tnc2014.terena.org/" />
+		<test url="http://tnc2015.terena.org/" />
+		<test url="http://wiki.terena.org/" />
+		<test url="http://wikis.terena.org/" />
+		<test url="http://www.terena.org/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^compendium\.terena\.org$" name="^_terena_session$" /-->
+	<!--securecookie host="^(crypto-filesender|cryptosender|filesender|login|tnc15|tnc201[1-4]|www)\.terena\.org$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^eventr\.terena\.org$" name="^_events_session$" /-->
+	<!--securecookie host="^login\.terena\.org$" name="^language$" /-->
+	<!--securecookie host="^wiki\.terena\.org$" name="^JSESSIONID$" /-->
+
+	<securecookie host="^(?:compendium|confluence|crypto-filesender|cryptosender|eventr|filesender|login|tnc15|tnc201[1-4]|wikis?|www)\.terena\.org$" name=".+" />
 
 
-	<securecookie host="^(?:confluence|login|tnc201[1-4]|wikis)\.terena\.org$" name=".+" />
+	<rule from="^http://tnc2006\.terena\.org/"
+		to="https://www.terena.org/events/tnc2006/" />
 
+	<rule from="^http://wikis\.terena\.org/"
+		to="https://wiki.terena.org/" />
 
-	<rule from="^http://((?:confluence|login|my|omega|tec|tnc20(?:0[789]|1\d)|wikis|www)\.)?terena\.org/"
+	<rule from="^http://((?:compendium|confluence|crypto-filesender|cryptosender|eventr|filesender|lenin|login|omega|rykov|test-login|tnc15|tnc20(?:0[5789]|1\d)|wikis?|www)\.)?terena\.org/"
 		to="https://$1terena.org/" />
 
-	<rule from="^http://tnc2006\.terena\.org/"
-		to="https://www.terena.org/events/tnc2006/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Terminal.com.xml b/src/chrome/content/rules/Terminal.com.xml
new file mode 100644
index 000000000000..b4824fa0994f
--- /dev/null
+++ b/src/chrome/content/rules/Terminal.com.xml
@@ -0,0 +1,36 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://terminal.com/ => https://terminal.com/: (7, 'Failed to connect to terminal.com port 443: Connection refused')
+Fetch error: http://blog.terminal.com/ => https://blog.terminal.com/: (7, 'Failed to connect to blog.terminal.com port 443: Connection refused')
+Fetch error: http://www.terminal.com/ => https://www.terminal.com/: (7, 'Failed to connect to www.terminal.com port 443: Connection refused')
+
+	Fully covered subdomains:
+
+		- (www.)?
+		- blog
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.terminal.com
+
+-->
+<ruleset name="Terminal.com" default_off="failed ruleset test">
+
+	<target host="terminal.com" />
+	<target host="blog.terminal.com" />
+	<target host="www.terminal.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.terminal\.com$" name="^connect\.sid$" /-->
+
+	<securecookie host="^www\.terminal\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Terminal.sexy.xml b/src/chrome/content/rules/Terminal.sexy.xml
new file mode 100644
index 000000000000..736da4d450fc
--- /dev/null
+++ b/src/chrome/content/rules/Terminal.sexy.xml
@@ -0,0 +1,8 @@
+<ruleset name="Terminal.sexy">
+	<target host="terminal.sexy" />
+	<target host="www.terminal.sexy" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TerminatorX.org.xml b/src/chrome/content/rules/TerminatorX.org.xml
new file mode 100644
index 000000000000..901d320618af
--- /dev/null
+++ b/src/chrome/content/rules/TerminatorX.org.xml
@@ -0,0 +1,7 @@
+<ruleset name="Terminatorx.org">
+  <target host="terminatorx.org" />
+  <target host="www.terminatorx.org" />
+
+  <rule from="^http://(?:www\.)?terminatorx\.org/" to="https://terminatorx.org/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Terra-Galleria.xml b/src/chrome/content/rules/Terra-Galleria.xml
deleted file mode 100644
index a8fe366fdb79..000000000000
--- a/src/chrome/content/rules/Terra-Galleria.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Terra Galleria">
-
-	<target host="terragalleria.com"/>
-	<!--	*s for cross-domain-cookies	-->
-	<target host="*.terragalleria.com"/>
-	<target host="*.www.terragalleria.com"/>
-
-	<securecookie host="^(.*\.)?terragalleria\.com$" name=".*"/>
-
-	<rule from="^http://(www\.)?terragalleria\.com/"
-		to="https://$1terragalleria.com/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/TerraGalleria.com.xml b/src/chrome/content/rules/TerraGalleria.com.xml
new file mode 100644
index 000000000000..43b00f38acc3
--- /dev/null
+++ b/src/chrome/content/rules/TerraGalleria.com.xml
@@ -0,0 +1,15 @@
+<!--
+	Invalid certificate:
+		photo.terragalleria.com
+
+-->
+<ruleset name="Terra Galleria">
+
+	<target host="terragalleria.com" />
+	<target host="www.terragalleria.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TerraPass.com.xml b/src/chrome/content/rules/TerraPass.com.xml
new file mode 100644
index 000000000000..bfbe8d1a2ac2
--- /dev/null
+++ b/src/chrome/content/rules/TerraPass.com.xml
@@ -0,0 +1,13 @@
+<!--
+	Invalid certificate:
+		store.terrapass.com
+
+-->
+<ruleset name="TerraPass">
+
+	<target host="terrapass.com" />
+	<target host="www.terrapass.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TerraPass.xml b/src/chrome/content/rules/TerraPass.xml
deleted file mode 100644
index 6c0455879877..000000000000
--- a/src/chrome/content/rules/TerraPass.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	At least some store pages redirect to http
-
--->
-<ruleset name="TerraPass (partial)">
-
-	<target host="terrapass.com" />
-	<target host="*.terrapass.com" />
-		<exclusion pattern="^http://store.terrapass.com/(?![iI]mages/|Shared/|[sS]tore/(?:buttons|i|Templates)/)" />
-
-
-	<rule from="^http://(store\.|www\.)?terrapass\.com/"
-		to="https://$1terrapass.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/TerraUserCentralMX.xml b/src/chrome/content/rules/TerraUserCentralMX.xml
new file mode 100644
index 000000000000..ce380eaec0dd
--- /dev/null
+++ b/src/chrome/content/rules/TerraUserCentralMX.xml
@@ -0,0 +1,4 @@
+<ruleset name="Terra User Central (MX)" default_off="Breaks site">
+	<target host="central.terra.com.mx" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TerreActive.xml b/src/chrome/content/rules/TerreActive.xml
index 17b206b8405e..8a11463565d3 100644
--- a/src/chrome/content/rules/TerreActive.xml
+++ b/src/chrome/content/rules/TerreActive.xml
@@ -2,5 +2,5 @@
   <target host="www.terreactive.ch" />
   <target host="terreactive.ch" />
 
-  <rule from="^http://(www\.)?terreactive\.ch/" to="https://www.terreactive.ch/"/>
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Terres_Oubliees.com.xml b/src/chrome/content/rules/Terres_Oubliees.com.xml
index 9a1c08f6d3ea..4741abc25e2b 100644
--- a/src/chrome/content/rules/Terres_Oubliees.com.xml
+++ b/src/chrome/content/rules/Terres_Oubliees.com.xml
@@ -1,7 +1,8 @@
 <ruleset name="Terres Oubliees.com">
 
 	<target host="terresoubliees.com" />
-	<target host="*.terresoubliees.com" />
+	<target host="www.terresoubliees.com" />
+	<target host="erp.terresoubliees.com" />
 
 
 	<securecookie host="^(?:w*\.)?terresoubliees\.com$" name=".+" />
@@ -13,7 +14,6 @@
 	<rule from="^http://(?:www\.)?terresoubliees\.com/"
 		to="https://www.terresoubliees.com/" />
 
-	<rule from="^http://erp\.terresoubliees\.com/"
-		to="https://erp.terresoubliees.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Terse_Systems.com.xml b/src/chrome/content/rules/Terse_Systems.com.xml
new file mode 100644
index 000000000000..47b270ca1776
--- /dev/null
+++ b/src/chrome/content/rules/Terse_Systems.com.xml
@@ -0,0 +1,40 @@
+<!--
+	NB: Tor users cannot view* this website due to CloudFlare settings.
+
+	See:
+
+		- https://blog.torproject.org/blog/call-arms-helping-internet-services-accept-anonymous-users
+		- https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block-Tor-
+		- https://support.cloudflare.com/hc/en-us/articles/200170206-How-do-I-turn-I-m-Under-Attack-mode-on-
+
+	* without enabling javascript, for security and privacy implications see e.g.:
+
+		- https://www.mozilla.org/security/known-vulnerabilities/firefox.html
+		- https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-fingerprinting
+		- https://panopticlick.eff.org
+
+
+	Insecure cookies are set for these domains:
+
+		- .tersesystems.com
+
+-->
+<ruleset name="Terse Systems.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="tersesystems.com" />
+	<target host="www.tersesystems.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.tersesystems\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Terveysportti.fi.xml b/src/chrome/content/rules/Terveysportti.fi.xml
index 691373376168..cd1e75a6492c 100644
--- a/src/chrome/content/rules/Terveysportti.fi.xml
+++ b/src/chrome/content/rules/Terveysportti.fi.xml
@@ -5,8 +5,8 @@
   <target host="terveysportti.net"/>
   <target host="www.terveysportti.org"/>
   <target host="terveysportti.org"/>
-  <rule from="^http://(www\.)?terveysportti\.fi/" to="https://www.terveysportti.fi/"/>
-  <rule from="^https?://(www\.)?terveysportti\.org/" to="https://www.terveysportti.fi/"/>
-  <rule from="^https?://(www\.)?terveysportti\.net/" to="https://www.terveysportti.fi/"/>
+  <rule from="^http://(?:www\.)?terveysportti\.fi/" to="https://www.terveysportti.fi/"/>
+  <rule from="^http://(?:www\.)?terveysportti\.org/" to="https://www.terveysportti.fi/"/>
+  <rule from="^http://(?:www\.)?terveysportti\.net/" to="https://www.terveysportti.fi/"/>
 </ruleset>
-<!-- Rule generated by HTTPS Finder 0.85 -->
\ No newline at end of file
+<!-- Rule generated by HTTPS Finder 0.85 -->
diff --git a/src/chrome/content/rules/Tesco.xml b/src/chrome/content/rules/Tesco.xml
index 86787b88f4bb..0d49be1ff3d2 100644
--- a/src/chrome/content/rules/Tesco.xml
+++ b/src/chrome/content/rules/Tesco.xml
@@ -1,8 +1,10 @@
 <!--
-	Partial
-
 	For rules causing false/broken MCB, see Tesco.com-falsemixed.xml.
 
+	Other Tesco rulesets:
+
+		- Tesco_Help.com.xml
+
 
 	tesco.scene7.com
 
@@ -10,6 +12,7 @@
 	Other Tesco rulesets:
 
 		- Clothing_at_Tesco.com.xml
+		- Our_Tesco.com.xml
 		- Tesco_Compare.com.xml
 		- Tesco_Bank.com.xml
 		- Tesco_Diets.com.xml
@@ -18,8 +21,11 @@
 
 	Nonfunctional domains:
 
+		- direct.tesco.com *
 		- origin-img.tesco.com
 		- origin-www.tesco.com *
+		- phone-shop.tesco.com *
+
 		- (www.)tescoliving.com *
 		- www.tescomagazine.com *
 
@@ -40,85 +46,149 @@
 	* Akamai
 
 
-	Fully covered domains:
-
-		- tesco.com subdomains:
-
-			- direct
-			- img ¹
-			- phone-shop
-			- secure
-
-		- *.tescoassets.com ¹
-
-			- direct
-			- ui
-
-	¹ → secure.tesco.com
-
-
 	Mixed content:
 
 		- css on secure from ui.tescoassets.com *
 
-		- Images on secure from www **
+		- Bugs, on:
+
+			- secure from metrics.tesco.com *
+			- secure from rtd.tubemogul.com *
+			- secure from r.turn.com *
 
-	* On groceries/ when rewritten from www; secured by us
-	** Secured by us
+	* Secured by us
 
 -->
 <ruleset name="Tesco (partial)">
 
-	<target host="tesco.com" />
-	<target host="*.tesco.com" />
-		<!--
-			Avoid false/broken MCB:
+	<!--	Direct rewrites:
+				-->
+	<target host="www.giftcards.tesco.com" />
+	<target host="secure.tesco.com" />
+
+	<!--	Complications:
+				-->
+	<!--target host="tesco.com" /-->
+	<!--target host="img.tesco.com" /-->
+	<target host="metrics.tesco.com" />
+	<!--target host="www.tesco.com" /-->
+
+		<!--	These paths don't work:
+
+				- affiliates/$
+				- apps/$
+				- direct/hudl/$
+				- eathappyproject/$
+				- events/$
+				- foodcollection/$
+				- productrecall/$
+				- raceforlife/$
+				- staysafeonline/$
+				- wine/$	(redirects to winestore/)
+				- WINE/Help/$	(404)
+
+			These paths redirect back to www:
+
+				- direct/$
+				- direct/help/homepage.page$
+
+			These paths don't:
+
+				- $
+				- c/css/
+				- clubcard/
+				- css/
+				- directuiassets/
+				- exchange$
+				- exchange/$
+				- grocery/images/
+				- homepages/default/[\w.]+.css
+				- offer/$
+				- Wine/MarketingContent/Sites/
+				- wine/UIAssets/
+				- storelocator/
+				- storeLocator/
+				- termsandconditions/privacy.htm$
+
+			These paths cause CORS breakage:
+
+				- groceries/
 						-->
-		<!--exclusion pattern="^http://(www\.)?tesco\.com/groceries/" /-->
-	<target host="*.tescoassets.com" />
+		<!--exclusion pattern="^http://(?:www\.)?tesco\.com/(?!$|(?:BrandGuarantee|carrier-bags|clubcard|exchange)(?:$|[?/])|(?:books|c/css|css|directuiassets|grocery/images|homepages/default|offer|store-?[lL]ocator|termsandconditions|whatsinstore|Wine/MarketingContent|wine/UIAssets)/)" /-->
 
+			<!--	+ve:
+					-->
+			<!--test url="http://www.tesco.com/WINE/Help/" /-->
+			<!--test url="http://www.tesco.com/affiliates/" /-->
+			<!--test url="http://www.tesco.com/apps/" /-->
+			<!--test url="http://www.tesco.com/direct/" /-->
+			<!--test url="http://www.tesco.com/direct/help/homepage.page" /-->
+			<!--test url="http://www.tesco.com/direct/hudl/" /-->
+			<!--test url="http://www.tesco.com/direct/technology-gaming/mobile-phones/cat3376638.cat" /-->
+			<!--test url="http://www.tesco.com/eathappyproject/" /-->
+			<!--test url="http://www.tesco.com/events/" /-->
+			<!--test url="http://www.tesco.com/foodcollection/" /-->
+			<!--test url="http://www.tesco.com/groceries/" /-->
+			<!--test url="http://www.tesco.com/productrecall/" /-->
+			<!--test url="http://www.tesco.com/raceforlife/" /-->
+			<!--test url="http://www.tesco.com/staysafeonline/" /-->
+			<!--test url="http://www.tesco.com/wine/" /-->
+			<!--test url="http://www.tesco.com/winestore/" /-->
+
+			<!--	-ve:
+					-->
+			<!--test url="http://www.tesco.com/BrandGuarantee" /-->
+			<!--test url="http://www.tesco.com/BrandGuarantee/HowItWorks" /-->
+			<!--test url="http://www.tesco.com/carrier-bags/" /-->
+			<!--test url="http://www.tesco.com/clubcard/" /-->
+			<!--test url="http://www.tesco.com/global/template/css/global.desktop.css" /-->
+			<!--test url="http://www.tesco.com/help/" /-->
+			<!--test url="http://www.tesco.com/help/contact/" /-->
+			<!--test url="http://www.tesco.com/homepages/default/css/datauri.preload.9.css" /-->
+			<!--test url="http://www.tesco.com/homepages/default/i/woti/more-from-tesco.s6.png" /-->
+			<!--test url="http://www.tesco.com/store-locator/uk/" /-->
+
+		<!--	Avoid false/broken MCB:
+						-->
+		<!--exclusion pattern="^http://(www\.)?tesco\.com/groceries/" /-->
 
-	<securecookie host="^secure\.tesco\.com$" name=".+" />
+	<target host="direct.tescoassets.com" />
+	<target host="ui.tescoassets.com" />
 
 
-	<!--	These paths don't work:
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.tesco\.com$" name="^(?:_gat?|DCCC|s_vi)$" /-->
+	<!--securecookie host="^www\.giftcards\.tesco\.com$" name="^(?:\.ASPXANONYMOUS|ASP\.NET_SessionId|dnn_IsMobile|language)$" /-->
 
-			- wine/$	(redirects to winestore/)
-			- WINE/Help/$	(404)
+	<securecookie host="^\." name="^(?:_gat?$|s_v)" />
+	<securecookie host="^www\.giftcards\.tesco\.com$" name=".+" />
+	<!--securecookie host="^secure\.tesco\.com$" name="." /-->
 
-		These paths redirect back to www:
 
-			- direct/$
-			- direct/help/homepage.page$
+	<!--rule from="^http://(?:img\.|www\.)?tesco\.com/"
+		to="https://secure.tesco.com/" /-->
 
-		These paths don't:
+	<rule from="^http://metrics\.tesco\.com/"
+		to="https://tesco.122.2o7.net/" />
 
-			- $
-			- c/css/
-			- clubcard/
-			- css/
-			- directuiassets/
-			- exchange$
-			- exchange/$
-			- grocery/images/
-			- homepages/default/[\w.]+.css
-			- offer/$
-			- Wine/MarketingContent/Sites/
-			- wine/UIAssets/
-			- storelocator/
-			- storeLocator/
-			- termsandconditions/privacy.htm$
+	<!--	Self-relative links:
 					-->
-	<rule from="^http://(?:www\.)?tesco\.com/(?=$|exchange|(?:books|c/css|clubcard/clubcard|css|directuiassets|grocery/images|homepages/default|offer|store[lL]ocator|termsandconditions|whatsinstore|Wine/MarketingContent|wine/UIAssets)/)"
-		to="https://secure.tesco.com/" />
+	<!--rule from="^https://secure\.tesco\.com/"
+		to="http://www.tesco.com/" downgrade="1" /-->
 
-	<rule from="^http://(direct|phone-shop|secure)\.tesco\.com/"
-		to="https://$1.tesco.com/" />
+		<!--exclusion pattern="^https://secure\.tesco\.com/+(?!(?:affiliates|productrecall|raceforlife|staysafeonline)/$)" /-->
 
-	<rule from="^http://img\.tesco\.com/"
-		to="https://secure.tesco.com/" />
+			<!--	-ve:
+					-->
+			<!--test url="https://secure.tesco.com/affiliates/" /-->
+			<!--test url="https://secure.tesco.com/productrecall/" /-->
+			<!--test url="https://secure.tesco.com/raceforlife/" /-->
 
 	<rule from="^http://\w+\.tescoassets\.com/"
 		to="https://secure.tesco.com/" />
 
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/Tesco_Bank.com.xml b/src/chrome/content/rules/Tesco_Bank.com.xml
index c89436ecac37..451d4d60257b 100644
--- a/src/chrome/content/rules/Tesco_Bank.com.xml
+++ b/src/chrome/content/rules/Tesco_Bank.com.xml
@@ -23,7 +23,7 @@
 	<securecookie host="^www\.tescobank\.com$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?tescofinance\.com/+(?=\?.*)?$"
+	<rule from="^http://(?:www\.)?tescofinance\.com/+$"
 		to="https://www.tescobank.com/personal/finance/home.html" />
 
 	<rule from="^http://(?:www\.)?tesco(?:bank|finance)\.com/"
diff --git a/src/chrome/content/rules/Tesco_Compare.com.xml b/src/chrome/content/rules/Tesco_Compare.com.xml
index ef36fd92a882..81d6b6976dca 100644
--- a/src/chrome/content/rules/Tesco_Compare.com.xml
+++ b/src/chrome/content/rules/Tesco_Compare.com.xml
@@ -1,11 +1,19 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://tescocompare.com/ => https://www.tescocompare.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.tescocompare.com/ => https://www.tescocompare.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+Automatically by https-everywhere-checker because:
+Fetch error: http://tescocompare.com/ => https://www.tescocompare.com/: (7, 'Failed to connect to www.tescocompare.com port 443: Connection refused')
+Fetch error: http://www.tescocompare.com/ => https://www.tescocompare.com/: (7, 'Failed to connect to www.tescocompare.com port 443: Connection refused')
 	For other Tesco coverage, see Tesco.xml.
 
 
 	Cert only matches www.
 
 -->
-<ruleset name="Tesco Compare.com">
+<ruleset name="Tesco Compare.com" default_off="failed ruleset test">
 
 	<target host="tescocompare.com" />
 	<target host="www.tescocompare.com" />
diff --git a/src/chrome/content/rules/Tesco_Diets.com.xml b/src/chrome/content/rules/Tesco_Diets.com.xml
index 746ee90235f7..924e46b4a113 100644
--- a/src/chrome/content/rules/Tesco_Diets.com.xml
+++ b/src/chrome/content/rules/Tesco_Diets.com.xml
@@ -1,4 +1,16 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://tescodiets.com/ => https://tescodiets.com/: (51, "SSL: no alternative certificate subject name matches target host name 'tescodiets.com'")
+Fetch error: http://www.tescodiets.com/ => https://www.tescodiets.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.tescodiets.com'")
+
+-->
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://tescodiets.com/ => https://tescodiets.com/: (51, "SSL: no alternative certificate subject name matches target host name 'tescodiets.com'")
+Fetch error: http://www.tescodiets.com/ => https://www.tescodiets.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.tescodiets.com'")
+
 	For other Tesco coverage, see Tesco.com.xml.
 
 
@@ -12,7 +24,7 @@
 	* Secured by us
 
 -->
-<ruleset name="Tesco Diets.com">
+<ruleset name="Tesco Diets.com" default_off="failed ruleset test">
 
 	<target host="tescodiets.com" />
 	<target host="www.tescodiets.com" />
@@ -21,7 +33,6 @@
 	<securecookie host="^www\.tescodiets\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?tescodiets\.com/"
-		to="https://$1tescodiets.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Tesco_Help.com.xml b/src/chrome/content/rules/Tesco_Help.com.xml
new file mode 100644
index 000000000000..d8863e5bfad9
--- /dev/null
+++ b/src/chrome/content/rules/Tesco_Help.com.xml
@@ -0,0 +1,21 @@
+<!--
+	For other Tesco coverage, see Tesco.xml.
+
+
+	These altnames don't exist:
+
+		- tescohelp.com
+
+-->
+<ruleset name="Tesco Help.com">
+
+	<target host="www.tescohelp.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Tesco_Photo.com.xml b/src/chrome/content/rules/Tesco_Photo.com.xml
index 4c568ef23997..21827e3b0834 100644
--- a/src/chrome/content/rules/Tesco_Photo.com.xml
+++ b/src/chrome/content/rules/Tesco_Photo.com.xml
@@ -14,7 +14,6 @@
 	<securecookie host="^www\.tescophoto\.com$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?tescophoto\.com/"
-		to="https://www.tescophoto.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Tesla_Motors.xml b/src/chrome/content/rules/Tesla_Motors.xml
index 21975c8b38fd..39baf068e19a 100644
--- a/src/chrome/content/rules/Tesla_Motors.xml
+++ b/src/chrome/content/rules/Tesla_Motors.xml
@@ -1,19 +1,36 @@
 <!--
-	Some pages redirect to http.
+	For other Tesla Motors coverage, see tesla.com.xml.
 
 
-	Nonfunctional subdomains:
+	Nonfunctional hosts in *teslamotors.com:
 
-		- ir	(times out)
+		- ir *
+
+	* Dropped
+
+
+	Insecure cookies are set for these hosts: ˢ
+
+		- shop.teslamotors.com
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="Tesla Motors (partial)">
+<ruleset name="Tesla Motors.com (partial)">
 
 	<target host="teslamotors.com" />
-	<target host="www.teslamotors.com" />
+	<target host="my.teslamotors.com" />
+	<target host="shop.teslamotors.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^shop\.teslamotors\.com$" name="^(?:_landing_page|_orig_referrer|cart_sig)$" /-->
+
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^http://(www\.)?teslamotors\.com/((?:mytesla|order|user)(?:$|\?|/)|sites/|tesla_theme/)"
-		to="https://$1teslamotors.com/$2" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Test-IPv6.cz-falsemixed.xml b/src/chrome/content/rules/Test-IPv6.cz-falsemixed.xml
deleted file mode 100644
index de6cd1c2849a..000000000000
--- a/src/chrome/content/rules/Test-IPv6.cz-falsemixed.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	For rules not causing false/broken MCB, see Test-IPv6.cz.xml.
-
--->
-<ruleset name="Test-IPv6.cz (false MCB)" platform="mixedcontent">
-
-	<target host="test-ipv6.cz" />
-	<target host="www.test-ipv6.cz" />
-		<!--
-			Handled in Test-IPv6.cz.xml:
-							-->
-		<!--exclusion pattern="^http://(www\.)?test-ipv6\.cz/(\w+\.css|\w+\.js|images/|ipv6widget/|site/)" /-->
-
-
-	<securecookie host="^(?:www\.)?test-ipv6\.cz$" name=".+" />
-
-
-	<rule from="^http://(www\.)?test-ipv6\.cz/(?!\w+\.css|\w+\.js|images/|ipv6widget/|site/)"
-		to="https://$1test-ipv6.cz/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Test-IPv6.cz.xml b/src/chrome/content/rules/Test-IPv6.cz.xml
deleted file mode 100644
index aacb1037062d..000000000000
--- a/src/chrome/content/rules/Test-IPv6.cz.xml
+++ /dev/null
@@ -1,52 +0,0 @@
-<!--
-	For rules causing false/broken MCB, see Test-IPv6.cz-falsemixed.xml.
-
-
-	Partially covered subdomains:
-
-		- (www.) *
-
-	* Avoiding false/broken MCB, rest handled in Test-IPv6.cz-falsemixed.xml
-
-
-	Fully covered subdomains:
-
-		- ds
-		- ipv4
-		- ipv6
-
-
-	Mixed content:
-
-		- Scripts, on ^ from:
-
-			- ds *
-			- ipv4 *
-			- ipv6 *
-
-		- Images on ^ from ds *
-
-	* Secured by us
-
-
-	NB: We secure all resources, and thus
-	-falsemixed should be merged for Ffx 24.
-
--->
-<ruleset name="Test-IPv6.cz (partial)">
-
-	<target host="test-ipv6.cz" />
-	<target host="*.test-ipv6.cz" />
-		<!--
-			Avoid false/broken MCB:
-						-->
-		<exclusion pattern="^http://(?:www\.)?test-ipv6\.cz/(?!\w+\.css|\w+\.js|images/|ipv6widget/|site/)" />
-
-
-	<securecookie host="^(?!www\.).+\.test-ipv6\.cz$" name=".+" />
-
-
-	<rule from="^http://((?:ds|ipv[46]|www)\.)?test-ipv6\.cz/"
-		to="https://$1test-ipv6.cz/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Test-IPv6.xml b/src/chrome/content/rules/Test-IPv6.xml
new file mode 100644
index 000000000000..abdd2f73626c
--- /dev/null
+++ b/src/chrome/content/rules/Test-IPv6.xml
@@ -0,0 +1,457 @@
+<!--
+	Mirrors:
+		https://test-ipv6.com/mirrors.html
+
+	Invalid certificate:
+		badsig.dnssec.test-ipv6.cz
+		a.test-ipv6.com
+		aaaa.test-ipv6.com
+		v4.test-ipv6.com
+		v6.test-ipv6.com
+		www4.test-ipv6.com
+		www6.test-ipv6.com
+		www.testipv6.de
+		a.testipv6.de
+		aaaa.testipv6.de
+		mtu1280.testipv6.de
+		v4.testipv6.de
+		v6.testipv6.de
+		www4.testipv6.de
+		www6.testipv6.de
+		test-ipv6.cmd.net.br
+		www.test-ipv6.cmd.net.br
+		a.test-ipv6.cmd.net.br
+		aaaa.test-ipv6.cmd.net.br
+		ds.test-ipv6.cmd.net.br
+		ipv4.test-ipv6.cmd.net.br
+		ipv6.test-ipv6.cmd.net.br
+		mtu1280.test-ipv6.cmd.net.br
+		v4.test-ipv6.cmd.net.br
+		v6.test-ipv6.cmd.net.br
+		ds.v6ns.test-ipv6.cmd.net.br
+		www4.test-ipv6.cmd.net.br
+		www6.test-ipv6.cmd.net.br
+		www.ipv6ready.me
+		a.ipv6ready.me
+		aaaa.ipv6ready.me
+		v4.ipv6ready.me
+		v6.ipv6ready.me
+		www4.ipv6ready.me
+		www6.ipv6ready.me
+		a.test-ipv6-vm3.comcast.net
+		aaaa.test-ipv6-vm3.comcast.net
+		ipv6.test-ipv6-vm3.comcast.net
+		mtu1280.test-ipv6-vm3.comcast.net
+		v4.test-ipv6-vm3.comcast.net
+		v6.test-ipv6-vm3.comcast.net
+		www4.test-ipv6-vm3.comcast.net
+		www6.test-ipv6-vm3.comcast.net
+		test-ipv6.nl
+		www.test-ipv6.nl
+		a.test-ipv6.nl
+		aaaa.test-ipv6.nl
+		ds.test-ipv6.nl
+		ipv4.test-ipv6.nl
+		ipv6.test-ipv6.nl
+		mtu1280.test-ipv6.nl
+		v4.test-ipv6.nl
+		v6.test-ipv6.nl
+		ds.v6ns.test-ipv6.nl
+		www4.test-ipv6.nl
+		www6.test-ipv6.nl
+		ds.v6ns.test-ipv6.polkam.go.id
+		www.test-ipv6.com.au
+		a.test-ipv6.com.au
+		aaaa.test-ipv6.com.au
+		v4.test-ipv6.com.au
+		v6.test-ipv6.com.au
+		www4.test-ipv6.com.au
+		www6.test-ipv6.com.au
+		test-ipv6.ernet.in
+		www.test-ipv6.ernet.in
+		a.test-ipv6.ernet.in
+		aaaa.test-ipv6.ernet.in
+		ds.test-ipv6.ernet.in
+		ipv4.test-ipv6.ernet.in
+		ipv6.test-ipv6.ernet.in
+		mtu1280.test-ipv6.ernet.in
+		v4.test-ipv6.ernet.in
+		v6.test-ipv6.ernet.in
+		ds.v6ns.test-ipv6.ernet.in
+		www4.test-ipv6.ernet.in
+		www6.test-ipv6.ernet.in
+		a.test-ipv6.ams.vr.org
+		aaaa.test-ipv6.ams.vr.org
+		ipv6.test-ipv6.ams.vr.org
+		mtu1280.test-ipv6.ams.vr.org
+		v4.test-ipv6.ams.vr.org
+		v6.test-ipv6.ams.vr.org
+		www4.test-ipv6.ams.vr.org
+		www6.test-ipv6.ams.vr.org
+		a.test-ipv6.jp
+		aaaa.test-ipv6.jp
+		v4.test-ipv6.jp
+		v6.test-ipv6.jp
+		www4.test-ipv6.jp
+		www6.test-ipv6.jp
+		www.ipv6-test.pl
+		a.ipv6-test.pl
+		aaaa.ipv6-test.pl
+		mtu1280.ipv6-test.pl
+		v4.ipv6-test.pl
+		v6.ipv6-test.pl
+		www4.ipv6-test.pl
+		www6.ipv6-test.pl
+		a.test-ipv6-vm4.comcast.net
+		aaaa.test-ipv6-vm4.comcast.net
+		ipv6.test-ipv6-vm4.comcast.net
+		mtu1280.test-ipv6-vm4.comcast.net
+		v4.test-ipv6-vm4.comcast.net
+		v6.test-ipv6-vm4.comcast.net
+		www4.test-ipv6-vm4.comcast.net
+		www6.test-ipv6-vm4.comcast.net
+		a.test-ipv6.go6.si
+		aaaa.test-ipv6.go6.si
+		ipv6.test-ipv6.go6.si
+		mtu1280.test-ipv6.go6.si
+		v4.test-ipv6.go6.si
+		v6.test-ipv6.go6.si
+		ds.v6ns.test-ipv6.go6.si
+		www4.test-ipv6.go6.si
+		www6.test-ipv6.go6.si
+		a.test-ipv6.hkg.vr.org
+		aaaa.test-ipv6.hkg.vr.org
+		v4.test-ipv6.hkg.vr.org
+		v6.test-ipv6.hkg.vr.org
+		www4.test-ipv6.hkg.vr.org
+		www6.test-ipv6.hkg.vr.org
+		www.test-ipv6.csclub.uwaterloo.ca
+		a.test-ipv6.csclub.uwaterloo.ca
+		aaaa.test-ipv6.csclub.uwaterloo.ca
+		v4.test-ipv6.csclub.uwaterloo.ca
+		v6.test-ipv6.csclub.uwaterloo.ca
+		www4.test-ipv6.csclub.uwaterloo.ca
+		www6.test-ipv6.csclub.uwaterloo.ca
+		aaaa.test-ipv6.vyncke.org
+		ipv6.test-ipv6.vyncke.org
+		mtu1280.test-ipv6.vyncke.org
+		v4.test-ipv6.vyncke.org
+		v6.test-ipv6.vyncke.org
+		www4.test-ipv6.vyncke.org
+		www6.test-ipv6.vyncke.org
+		www.test-ipv6.carnet.hr
+		a.test-ipv6.carnet.hr
+		aaaa.test-ipv6.carnet.hr
+		ipv6.test-ipv6.carnet.hr
+		mtu1280.test-ipv6.carnet.hr
+		v4.test-ipv6.carnet.hr
+		v6.test-ipv6.carnet.hr
+		www4.test-ipv6.carnet.hr
+		www6.test-ipv6.carnet.hr
+		a.test-ipv6.cl
+		aaaa.test-ipv6.cl
+		ipv6.test-ipv6.cl
+		mtu1280.test-ipv6.cl
+		v4.test-ipv6.cl
+		v6.test-ipv6.cl
+		www4.test-ipv6.cl
+		www6.test-ipv6.cl
+		a.test-ipv6.zw.liquidtelecom.net
+		aaaa.test-ipv6.zw.liquidtelecom.net
+		ipv6.test-ipv6.zw.liquidtelecom.net
+		v4.test-ipv6.zw.liquidtelecom.net
+		v6.test-ipv6.zw.liquidtelecom.net
+		www4.test-ipv6.zw.liquidtelecom.net
+		www6.test-ipv6.zw.liquidtelecom.net
+		a.test-ipv6.si
+		aaaa.test-ipv6.si
+		v4.test-ipv6.si
+		v6.test-ipv6.si
+		www4.test-ipv6.si
+		www6.test-ipv6.si
+		www.test-ipv6.showmyip.ca
+		a.test-ipv6.showmyip.ca
+		aaaa.test-ipv6.showmyip.ca
+		v4.test-ipv6.showmyip.ca
+		v6.test-ipv6.showmyip.ca
+		www4.test-ipv6.showmyip.ca
+		www6.test-ipv6.showmyip.ca
+		a.test-ipv6.roedu.net
+		aaaa.test-ipv6.roedu.net
+		ipv6.test-ipv6.roedu.net
+		v4.test-ipv6.roedu.net
+		v6.test-ipv6.roedu.net
+		www4.test-ipv6.roedu.net
+		www6.test-ipv6.roedu.net
+		www.test-ipv6.sin.vr.org
+		a.test-ipv6.sin.vr.org
+		aaaa.test-ipv6.sin.vr.org
+		v4.test-ipv6.sin.vr.org
+		v6.test-ipv6.sin.vr.org
+		www4.test-ipv6.sin.vr.org
+		www6.test-ipv6.sin.vr.org
+		a.test-ipv6.noroutetohost.net
+		aaaa.test-ipv6.noroutetohost.net
+		v4.test-ipv6.noroutetohost.net
+		v6.test-ipv6.noroutetohost.net
+		www4.test-ipv6.noroutetohost.net
+		www6.test-ipv6.noroutetohost.net
+		a.test-ipv6.epic.network
+		aaaa.test-ipv6.epic.network
+		v4.test-ipv6.epic.network
+		v6.test-ipv6.epic.network
+		www4.test-ipv6.epic.network
+		www6.test-ipv6.epic.network
+		a.test-ipv6.se
+		aaaa.test-ipv6.se
+		v4.test-ipv6.se
+		v6.test-ipv6.se
+		www4.test-ipv6.se
+		www6.test-ipv6.se
+		www.test-ipv6.alpinedc.ch
+		a.test-ipv6.alpinedc.ch
+		aaaa.test-ipv6.alpinedc.ch
+		v4.test-ipv6.alpinedc.ch
+		v6.test-ipv6.alpinedc.ch
+		www4.test-ipv6.alpinedc.ch
+		www6.test-ipv6.alpinedc.ch
+		a.test-ipv6.arauc.br
+		aaaa.test-ipv6.arauc.br
+		v4.test-ipv6.arauc.br
+		v6.test-ipv6.arauc.br
+		www4.test-ipv6.arauc.br
+		www6.test-ipv6.arauc.br
+		a.test-ipv6.ke.liquidtelecom.net
+		aaaa.test-ipv6.ke.liquidtelecom.net
+		v4.test-ipv6.ke.liquidtelecom.net
+		v6.test-ipv6.ke.liquidtelecom.net
+		www4.test-ipv6.ke.liquidtelecom.net
+		www6.test-ipv6.ke.liquidtelecom.net
+		www.test-ipv6.fratec.net
+		a.test-ipv6.fratec.net
+		aaaa.test-ipv6.fratec.net
+		v4.test-ipv6.fratec.net
+		v6.test-ipv6.fratec.net
+		www4.test-ipv6.fratec.net
+		www6.test-ipv6.fratec.net
+-->
+<ruleset name="Test-IPv6">
+
+	<target host="test-ipv6.com" />
+	<target host="www.test-ipv6.com" />
+	<target host="ds.test-ipv6.com" />
+	<target host="ipv4.test-ipv6.com" />
+	<target host="ipv6.test-ipv6.com" />
+	<target host="mtu1280.test-ipv6.com" />
+	<target host="ds.v6ns.test-ipv6.com" />
+
+	<target host="test-ipv6.cz" />
+	<target host="www.test-ipv6.cz" />
+	<target host="a.test-ipv6.cz" />
+	<target host="aaaa.test-ipv6.cz" />
+	<target host="ds.test-ipv6.cz" />
+	<target host="ipv4.test-ipv6.cz" />
+	<target host="ipv6.test-ipv6.cz" />
+	<target host="mtu1280.test-ipv6.cz" />
+	<target host="v4.test-ipv6.cz" />
+	<target host="v6.test-ipv6.cz" />
+	<target host="ds.v6ns.test-ipv6.cz" />
+	<target host="www4.test-ipv6.cz" />
+	<target host="www6.test-ipv6.cz" />
+
+	<target host="testipv6.de" />
+	<target host="ds.testipv6.de" />
+	<target host="ipv4.testipv6.de" />
+	<target host="ipv6.testipv6.de" />
+	<target host="ds.v6ns.testipv6.de" />
+
+	<target host="ipv6ready.me" />
+	<target host="ds.ipv6ready.me" />
+	<target host="ipv4.ipv6ready.me" />
+	<target host="ipv6.ipv6ready.me" />
+	<target host="mtu1280.ipv6ready.me" />
+	<target host="ds.v6ns.ipv6ready.me" />
+
+	<target host="test-ipv6-vm3.comcast.net" />
+	<target host="www.test-ipv6-vm3.comcast.net" />
+	<target host="ds.test-ipv6-vm3.comcast.net" />
+	<target host="ipv4.test-ipv6-vm3.comcast.net" />
+	<target host="ds.v6ns.test-ipv6-vm3.comcast.net" />
+
+	<target host="test-ipv6.polkam.go.id" />
+	<target host="www.test-ipv6.polkam.go.id" />
+	<target host="a.test-ipv6.polkam.go.id" />
+	<target host="aaaa.test-ipv6.polkam.go.id" />
+	<target host="ipv4.test-ipv6.polkam.go.id" />
+	<target host="ipv6.test-ipv6.polkam.go.id" />
+	<target host="mtu1280.test-ipv6.polkam.go.id" />
+	<target host="v4.test-ipv6.polkam.go.id" />
+	<target host="v6.test-ipv6.polkam.go.id" />
+	<target host="www4.test-ipv6.polkam.go.id" />
+	<target host="www6.test-ipv6.polkam.go.id" />
+
+	<target host="test-ipv6.com.au" />
+	<target host="ds.test-ipv6.com.au" />
+	<target host="ipv4.test-ipv6.com.au" />
+	<target host="ipv6.test-ipv6.com.au" />
+	<target host="mtu1280.test-ipv6.com.au" />
+	<target host="ds.v6ns.test-ipv6.com.au" />
+
+	<target host="test-ipv6.ams.vr.org" />
+	<target host="www.test-ipv6.ams.vr.org" />
+	<target host="ds.test-ipv6.ams.vr.org" />
+	<target host="ipv4.test-ipv6.ams.vr.org" />
+	<target host="ds.v6ns.test-ipv6.ams.vr.org" />
+
+	<target host="test-ipv6.jp" />
+	<target host="www.test-ipv6.jp" />
+	<target host="ds.test-ipv6.jp" />
+	<target host="ipv4.test-ipv6.jp" />
+	<target host="ipv6.test-ipv6.jp" />
+	<target host="mtu1280.test-ipv6.jp" />
+	<target host="ds.v6ns.test-ipv6.jp" />
+
+	<target host="ipv6-test.pl" />
+	<target host="ds.ipv6-test.pl" />
+	<target host="ipv4.ipv6-test.pl" />
+	<target host="ipv6.ipv6-test.pl" />
+	<target host="ds.v6ns.ipv6-test.pl" />
+
+	<target host="test-ipv6-vm4.comcast.net" />
+	<target host="www.test-ipv6-vm4.comcast.net" />
+	<target host="ds.test-ipv6-vm4.comcast.net" />
+	<target host="ipv4.test-ipv6-vm4.comcast.net" />
+	<target host="ds.v6ns.test-ipv6-vm4.comcast.net" />
+
+	<target host="test-ipv6.go6.si" />
+	<target host="www.test-ipv6.go6.si" />
+	<target host="ds.test-ipv6.go6.si" />
+	<target host="ipv4.test-ipv6.go6.si" />
+
+	<target host="test-ipv6.hkg.vr.org" />
+	<target host="www.test-ipv6.hkg.vr.org" />
+	<target host="ds.test-ipv6.hkg.vr.org" />
+	<target host="ipv4.test-ipv6.hkg.vr.org" />
+	<target host="ipv6.test-ipv6.hkg.vr.org" />
+	<target host="mtu1280.test-ipv6.hkg.vr.org" />
+	<target host="ds.v6ns.test-ipv6.hkg.vr.org" />
+
+	<target host="test-ipv6.csclub.uwaterloo.ca" />
+	<target host="ds.test-ipv6.csclub.uwaterloo.ca" />
+	<target host="ipv4.test-ipv6.csclub.uwaterloo.ca" />
+	<target host="ipv6.test-ipv6.csclub.uwaterloo.ca" />
+	<target host="mtu1280.test-ipv6.csclub.uwaterloo.ca" />
+	<target host="ds.v6ns.test-ipv6.csclub.uwaterloo.ca" />
+
+	<target host="test-ipv6.vyncke.org" />
+	<target host="www.test-ipv6.vyncke.org" />
+	<target host="a.test-ipv6.vyncke.org" />
+	<target host="ds.test-ipv6.vyncke.org" />
+	<target host="ipv4.test-ipv6.vyncke.org" />
+	<target host="ds.v6ns.test-ipv6.vyncke.org" />
+
+	<target host="test-ipv6.carnet.hr" />
+	<target host="ds.test-ipv6.carnet.hr" />
+	<target host="ipv4.test-ipv6.carnet.hr" />
+	<target host="ds.v6ns.test-ipv6.carnet.hr" />
+
+	<target host="test-ipv6.cl" />
+	<target host="www.test-ipv6.cl" />
+	<target host="ds.test-ipv6.cl" />
+	<target host="ipv4.test-ipv6.cl" />
+	<target host="ds.v6ns.test-ipv6.cl" />
+
+	<target host="test-ipv6.zw.liquidtelecom.net" />
+	<target host="www.test-ipv6.zw.liquidtelecom.net" />
+	<target host="ds.test-ipv6.zw.liquidtelecom.net" />
+	<target host="ipv4.test-ipv6.zw.liquidtelecom.net" />
+	<target host="mtu1280.test-ipv6.zw.liquidtelecom.net" />
+	<target host="ds.v6ns.test-ipv6.zw.liquidtelecom.net" />
+
+	<target host="test-ipv6.si" />
+	<target host="www.test-ipv6.si" />
+	<target host="ds.test-ipv6.si" />
+	<target host="ipv4.test-ipv6.si" />
+	<target host="ipv6.test-ipv6.si" />
+	<target host="mtu1280.test-ipv6.si" />
+	<target host="ds.v6ns.test-ipv6.si" />
+
+	<target host="test-ipv6.showmyip.ca" />
+	<target host="ds.test-ipv6.showmyip.ca" />
+	<target host="ipv4.test-ipv6.showmyip.ca" />
+	<target host="ipv6.test-ipv6.showmyip.ca" />
+	<target host="mtu1280.test-ipv6.showmyip.ca" />
+	<target host="ds.v6ns.test-ipv6.showmyip.ca" />
+
+	<target host="test-ipv6.roedu.net" />
+	<target host="www.test-ipv6.roedu.net" />
+	<target host="ds.test-ipv6.roedu.net" />
+	<target host="ipv4.test-ipv6.roedu.net" />
+	<target host="mtu1280.test-ipv6.roedu.net" />
+	<target host="ds.v6ns.test-ipv6.roedu.net" />
+
+	<target host="test-ipv6.sin.vr.org" />
+	<target host="ds.test-ipv6.sin.vr.org" />
+	<target host="ipv4.test-ipv6.sin.vr.org" />
+	<target host="ipv6.test-ipv6.sin.vr.org" />
+	<target host="mtu1280.test-ipv6.sin.vr.org" />
+	<target host="ds.v6ns.test-ipv6.sin.vr.org" />
+
+	<target host="test-ipv6.noroutetohost.net" />
+	<target host="www.test-ipv6.noroutetohost.net" />
+	<target host="ds.test-ipv6.noroutetohost.net" />
+	<target host="ipv4.test-ipv6.noroutetohost.net" />
+	<target host="ipv6.test-ipv6.noroutetohost.net" />
+	<target host="mtu1280.test-ipv6.noroutetohost.net" />
+	<target host="ds.v6ns.test-ipv6.noroutetohost.net" />
+
+	<target host="test-ipv6.epic.network" />
+	<target host="www.test-ipv6.epic.network" />
+	<target host="ds.test-ipv6.epic.network" />
+	<target host="ipv4.test-ipv6.epic.network" />
+	<target host="ipv6.test-ipv6.epic.network" />
+	<target host="mtu1280.test-ipv6.epic.network" />
+	<target host="ds.v6ns.test-ipv6.epic.network" />
+
+	<target host="test-ipv6.se" />
+	<target host="www.test-ipv6.se" />
+	<target host="ds.test-ipv6.se" />
+	<target host="ipv4.test-ipv6.se" />
+	<target host="ipv6.test-ipv6.se" />
+	<target host="mtu1280.test-ipv6.se" />
+	<target host="ds.v6ns.test-ipv6.se" />
+
+	<target host="test-ipv6.alpinedc.ch" />
+	<target host="ds.test-ipv6.alpinedc.ch" />
+	<target host="ipv4.test-ipv6.alpinedc.ch" />
+	<target host="ipv6.test-ipv6.alpinedc.ch" />
+	<target host="mtu1280.test-ipv6.alpinedc.ch" />
+	<target host="ds.v6ns.test-ipv6.alpinedc.ch" />
+
+	<target host="test-ipv6.arauc.br" />
+	<target host="www.test-ipv6.arauc.br" />
+	<target host="ds.test-ipv6.arauc.br" />
+	<target host="ipv4.test-ipv6.arauc.br" />
+	<target host="ipv6.test-ipv6.arauc.br" />
+	<target host="mtu1280.test-ipv6.arauc.br" />
+	<target host="ds.v6ns.test-ipv6.arauc.br" />
+
+	<target host="test-ipv6.ke.liquidtelecom.net" />
+	<target host="www.test-ipv6.ke.liquidtelecom.net" />
+	<target host="ds.test-ipv6.ke.liquidtelecom.net" />
+	<target host="ipv4.test-ipv6.ke.liquidtelecom.net" />
+	<target host="ipv6.test-ipv6.ke.liquidtelecom.net" />
+	<target host="mtu1280.test-ipv6.ke.liquidtelecom.net" />
+	<target host="ds.v6ns.test-ipv6.ke.liquidtelecom.net" />
+
+	<target host="test-ipv6.fratec.net" />
+	<target host="ds.test-ipv6.fratec.net" />
+	<target host="ipv4.test-ipv6.fratec.net" />
+	<target host="ipv6.test-ipv6.fratec.net" />
+	<target host="mtu1280.test-ipv6.fratec.net" />
+	<target host="ds.v6ns.test-ipv6.fratec.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TestCloud.io.xml b/src/chrome/content/rules/TestCloud.io.xml
index 9945421081fd..6d2f9d7e0f35 100644
--- a/src/chrome/content/rules/TestCloud.io.xml
+++ b/src/chrome/content/rules/TestCloud.io.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://testcloud.io/ => https://testcloud.io/: (7, 'Failed to connect to testcloud.io port 443: Connection refused')
+
 	Nonfunctional domains:
 
 		- blog.testcloud.de	(404)
@@ -24,7 +28,7 @@
 		- app.thetestcloud.com
 
 -->
-<ruleset name="testCloud.io (partial)">
+<ruleset name="testCloud.io (partial)" default_off="failed ruleset test">
 
 	<target host="testcloud.de" />
 	<target host="*.testcloud.de" />
diff --git a/src/chrome/content/rules/TestPolitique.fr.xml b/src/chrome/content/rules/TestPolitique.fr.xml
new file mode 100644
index 000000000000..88f36788e88d
--- /dev/null
+++ b/src/chrome/content/rules/TestPolitique.fr.xml
@@ -0,0 +1,17 @@
+<!--
+	Invalid certificate:
+		www.testpolitique.fr
+
+-->
+<ruleset name="TestPolitique.fr">
+
+	<target host="testpolitique.fr" />
+	<target host="www.testpolitique.fr" />
+
+	<rule from="^http://www\.testpolitique\.fr/"
+		to="https://testpolitique.fr/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Test_Equipment_Depot.xml b/src/chrome/content/rules/Test_Equipment_Depot.xml
index fb22c29934f3..e876027c7d2a 100644
--- a/src/chrome/content/rules/Test_Equipment_Depot.xml
+++ b/src/chrome/content/rules/Test_Equipment_Depot.xml
@@ -2,13 +2,11 @@
 
 	<target host="testequipmentdepot.com" />
 	<target host="www.testequipmentdepot.com" />
-	<target host="*.www.testequipmentdepot.com" />
 
 
 	<securecookie host="^\.www\.testequipmentdepot\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?testequipmentdepot\.com/"
-		to="https://$1testequipmentdepot.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Testssl.sh.xml b/src/chrome/content/rules/Testssl.sh.xml
new file mode 100644
index 000000000000..90736f2faa08
--- /dev/null
+++ b/src/chrome/content/rules/Testssl.sh.xml
@@ -0,0 +1,18 @@
+<!--
+	Time out:
+		bugs.testssl.sh
+
+	Invalid certificate:
+		secure.testssl.sh
+
+-->
+<ruleset name="testssl.sh">
+
+	<target host="testssl.sh" />
+	<target host="borken.testssl.sh" />
+	<target host="dev.testssl.sh" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Testyourmight.com.xml b/src/chrome/content/rules/Testyourmight.com.xml
new file mode 100644
index 000000000000..5b4d0c7bd5ee
--- /dev/null
+++ b/src/chrome/content/rules/Testyourmight.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="Testyourmight">
+
+	<target host="testyourmight.com" />
+	<target host="www.testyourmight.com" />
+	<target host="mail.testyourmight.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TetherReport.com.xml b/src/chrome/content/rules/TetherReport.com.xml
new file mode 100644
index 000000000000..87afb7239c75
--- /dev/null
+++ b/src/chrome/content/rules/TetherReport.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="TetherReport.com">
+	<target host="tetherreport.com" />
+	<target host="www.tetherreport.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Tetu.com.xml b/src/chrome/content/rules/Tetu.com.xml
new file mode 100644
index 000000000000..1f15bc728104
--- /dev/null
+++ b/src/chrome/content/rules/Tetu.com.xml
@@ -0,0 +1,26 @@
+<!--
+	No known URL working:
+		www.tetu.com
+		blogs.tetu.com
+		courrier2.tetu.com
+		infos.tetu.com
+		pub.tetu.com
+		pubs.tetu.com
+		routeur.tetu.com
+		shopping.tetu.com
+		vpn.tetu.com
+
+	Bad certificate:
+		webzone.tetu.com
+
+-->
+<ruleset name="Tetu.com">
+
+	<target host="tetu.com" />
+	<target host="www.tetu.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Tetu.xml b/src/chrome/content/rules/Tetu.xml
deleted file mode 100644
index 6183720feaa1..000000000000
--- a/src/chrome/content/rules/Tetu.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<ruleset name="Tetu">
-
-	<target host="tetu.com" />
-	<target host="*.tetu.com" />
-	<target host="*.shopping.tetu.com" />
-
-
-	<securecookie host="^(?:.+\.)?tetu\.com$" name=".+" />
-
-
-	<rule from="^http://(shopping\.|www\.)?tetu\.com/"
-		to="https://$1tetu.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Texaco.com.xml b/src/chrome/content/rules/Texaco.com.xml
new file mode 100644
index 000000000000..283a9a394bd6
--- /dev/null
+++ b/src/chrome/content/rules/Texaco.com.xml
@@ -0,0 +1,22 @@
+<!--
+	^: expired 2011-12-17, CN: 192.168.1.245
+
+-->
+<ruleset name="Texaco.com">
+
+	<target host="texaco.com" />
+	<target host="www.texaco.com" />
+
+
+	<securecookie host="^www\.texaco\.com$" name=".+" />
+
+
+	<!--	Server drops path:
+					-->
+	<rule from="^http://texaco\.com/.*"
+		to="https://www.texaco.com/" />
+
+	<rule from="^http://www\.texaco\.com/"
+		to="https://www.texaco.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Texas-Association-of-School-Boards.xml b/src/chrome/content/rules/Texas-Association-of-School-Boards.xml
index 5037f252c546..baf7575a3579 100644
--- a/src/chrome/content/rules/Texas-Association-of-School-Boards.xml
+++ b/src/chrome/content/rules/Texas-Association-of-School-Boards.xml
@@ -1,9 +1,10 @@
 <ruleset name="Texas Association of Schoolboards">
 
 	<target host="tasb.org"/>
-	<target host="*.tasb.org"/>
+	<target host="www.tasb.org" />
+	<target host="store.tasb.org" />
 
-	<securecookie host="^(.*\.)?tasb\.org$" name=".*"/>
+	<securecookie host=".+" name=".+"/>
 
 	<rule from="^http://(?:www\.)?tasb\.org/"
 		to="https://www.tasb.org/"/>
diff --git a/src/chrome/content/rules/Texas-Department-of-State-Health-Services.xml b/src/chrome/content/rules/Texas-Department-of-State-Health-Services.xml
deleted file mode 100644
index d9adde633bcf..000000000000
--- a/src/chrome/content/rules/Texas-Department-of-State-Health-Services.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	For other U.S. government coverage, see US-government.xml.
-
--->
-<ruleset name="Texas Department of State Health Services">
-
-	<target host="dshs.state.tx.us" />
-	<target host="www.dshs.state.tx.us" />
-
-
-	<securecookie host="^www\.dshs\.state\.tx\.us$" name=".+" />
-
-
-	<!--	!www times out.
-				-->
-	<rule from="^https?://(?:www\.)?dshs\.state\.tx\.us/"
-		to="https://www.dshs.state.tx.us/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Texas-Instruments.xml b/src/chrome/content/rules/Texas-Instruments.xml
index fe530dc6c948..69853f08f389 100644
--- a/src/chrome/content/rules/Texas-Instruments.xml
+++ b/src/chrome/content/rules/Texas-Instruments.xml
@@ -1,92 +1,60 @@
 <!--
-	Nonfunctional domains:
+	Timeout:
+		ti.com
+		reviews.ti.com
+		trainingcenter.ti.com
+		videos.ti.com
+		www-s.ti.com
+		commerce.ti.com (504 gateway timeout)
 
-		- careers	(shows default Media Temple page, CN: plesk)
-		- education	(403/404, valid cert)
-		- investor *
-		- m		(redirects to www, valid cert)
-		- newscenter *
-		- reviews	(akamai)
-		- www2		(shows RHEL Apache test page, CN: dqhgl02)
+	Invalid certificate:
+		www-k.ext.ti.com
 
-	* Times out
+	Service unavailable (503):
+		processors.wiki.ti.com
 
+	Mixed content issues:
+		m.ti.com
 
-	Problematic subdomains:
-
-		- ^			(cert only matches www)
-		- www-k.ext		(times out)
-		- trainingcenter	(mismatched, CN: *.vsearch2.net)
-		- videos		(redirects to www; mismatched, CN: www.ti.com)
-
-
-	Partially covered subdomains:
-
-		- e2e		(support/other_analog/default.aspx redirects to http)
-		- www-k.ext	(→ www)
-
-
-	Fully covered domains:
-
-		- (www.)national.com	(→ www.ti.com)
-
-		- ti.com subdomains:
-
-			- fedid.ext
-
-
-	Mixed images from reviews.ti.com on www.ti.com
+	Redirect issues:
+		focus.ti.com
 
 -->
-<ruleset name="Texas Instruments (partial)">
-
-	<target host="national.com" />
-	<target host="www.national.com" />
-	<target host="ti.com" />
-	<target host="*.ti.com" />
-		<exclusion pattern="^http://e2e\.ti\.com/(?!.+/css/|cfs-file\.ashx|favicon\.ico|resized-image\.ashx|[tT]hemes/)" />
 
+<ruleset name="TI.com (partial)">
 
-	<!--	Cookie domains:
+	<target host="ti.com" />
+	<target host="www.ti.com" />
 
-			- .
-			- e2e
-			- estore
-			- focus
-			- myportal
-			- www
+		<exclusion pattern="^http://www\.ti\.com/corp/" />
+			<test url="http://www.ti.com/corp/docs/legal/copyright.shtml" />
+			<test url="http://www.ti.com/corp/docs/company/home.html" />
 
-		Set by myportal, might be used as login
-		on e2e or othe unsecurable subdomains:
+	<target host="careers.ti.com" />
 
-	<securecookie host="^\.ti\.com$" name="^iatc$" /-->
-	<securecookie host="^(?!e2e\.).+\.ti\.com$" name=".+" />
+	<target host="education.ti.com" />
 
+	<target host="estore.ti.com" />
 
-	<!--	Server drops path:
-					-->
-	<rule from="^http://(?:www\.)?national\.com/.*"
-		to="https://www.ti.com/" />
+	<target host="e2e.ti.com" />
+	<target host="e2e-uat.ti.com" />
 
-	<rule from="^http://(?:www\.)?ti\.com/"
-		to="https://www.ti.com/" />
+	<target host="fedid.ext.ti.com" />
 
-	<rule from="^http://(commerce|e2e|estore|fedid\.ext|focus|my|myportal)\.ti\.com/"
-		to="https://$1.ti.com/" />
+	<target host="investor.ti.com" />
 
-	<rule from="^http://www-k\.ext\.ti\.com/sc/technical-support/pic/americas\.htm(?:\?.*)?$"
-		to="https://www.ti.com/ww/en/csc/support-Americas.html" />
+	<target host="my.ti.com" />
+	<target host="myportal.ti.com" />
 
-	<rule from="^http://www-k\.ext\.ti\.com/sc/technical-support/pic/asia\.htm(?:\?.*)?$"
-		to="https://www.ti.com/ww/en/pic/PIC-Asia.html" />
+	<target host="news.ti.com" />
+	<target host="newscenter.ti.com" />
 
-	<rule from="^http://www-k\.ext\.ti\.com/sc/technical-support/pic/japan\.htm(?:\?.*)?$"
-		to="https://www.ti.com/ww/en/pic/PIC-Japan.html" />
+	<target host="training.ti.com" />
 
-	<rule from="^http://reviews\.ti\.com/(?:\?.*)?$"
-		to="https://focus.ti.com/" />
+	<rule from="^http://ti\.com/"
+		to="https://www.ti.com/" />
 
-	<rule from="^http://videos\.ti\.com/[^\?]*(\?.*)?"
-		to="https://focus.ti.com/general/docs/video/Portal.tsp$1" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Texas-State-Library-and-Archives-Commission.xml b/src/chrome/content/rules/Texas-State-Library-and-Archives-Commission.xml
index 452ac571e6c3..f9e68f0bcae7 100644
--- a/src/chrome/content/rules/Texas-State-Library-and-Archives-Commission.xml
+++ b/src/chrome/content/rules/Texas-State-Library-and-Archives-Commission.xml
@@ -1,18 +1,18 @@
 <ruleset name="Texas State Library and Archives Commission">
 
 	<target host="tsl.state.tx.us" />
-	<target host="*.tsl.state.tx.us" />
+	<target host="www.tsl.state.tx.us" />
 
 
 	<securecookie host="^\.tsl\.state\.tx\.us$" name=".+" />
 
 
-	<!--	!www: 
+	<!--	!www:
 			- presents valid cert
 			- shows RHEL Apache test page via https
 			- 302s to www via http
 						-->
-	<rule from="^https?://(?:www\.)?tsl\.state\.tx\.us/"
+	<rule from="^http://(?:www\.)?tsl\.state\.tx\.us/"
 		to="https://www.tsl.state.tx.us/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Texas_A_and_M_University.xml b/src/chrome/content/rules/Texas_A_and_M_University.xml
index 7933ec91edae..be2a4c6fb10f 100644
--- a/src/chrome/content/rules/Texas_A_and_M_University.xml
+++ b/src/chrome/content/rules/Texas_A_and_M_University.xml
@@ -169,4 +169,4 @@
 	<rule from="^http://(?:www\.)?t(ransport|ti)\.tamu\.edu/"
 		to="https://t$1.tamu.edu/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Texas_Center_for_Community_Journalism.xml b/src/chrome/content/rules/Texas_Center_for_Community_Journalism.xml
deleted file mode 100644
index 1984da0bbbf5..000000000000
--- a/src/chrome/content/rules/Texas_Center_for_Community_Journalism.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	Problematic subdomains:
-
-		- ^	(mismatched, CN: webcommon5.tr.tcu.edu)
-
--->
-<ruleset name="Texas Center for Community Journalism">
-
-	<target host="community-journalism.net" />
-	<target host="*.community-journalism.net" />
-
-
-	<securecookie host="^\.?community-journalism\.net$" name=".+" />
-
-
-	<rule from="^https?://(?:www\.)?community-journalism\.net/"
-		to="https://community-journalism.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Texas_Tribune.org.xml b/src/chrome/content/rules/Texas_Tribune.org.xml
new file mode 100644
index 000000000000..dd29b0028a7d
--- /dev/null
+++ b/src/chrome/content/rules/Texas_Tribune.org.xml
@@ -0,0 +1,34 @@
+<!--
+	CDN buckets:
+
+		- s3.amazonaws.com/static.texastribune.org/
+
+
+	^: 503
+
+
+	Mixed content:
+
+		- Images on www from static *
+
+		- Web bugs on www from pixel.quantserve.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Texas Tribune.org">
+
+	<target host="texastribune.org" />
+	<target host="www.texastribune.org" />
+	<target host="static.texastribune.org" />
+
+
+	<securecookie host="^\.?texastribune\.org$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?texastribune\.org/"
+		to="https://www.texastribune.org/" />
+
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Texblog.org.xml b/src/chrome/content/rules/Texblog.org.xml
new file mode 100644
index 000000000000..1dc7330148ea
--- /dev/null
+++ b/src/chrome/content/rules/Texblog.org.xml
@@ -0,0 +1,13 @@
+<!--
+	Invalid certificate:
+		mail.texblog.org
+
+-->
+<ruleset name="Texblog.org">
+
+	<target host="texblog.org" />
+	<target host="www.texblog.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TextFixer.com.xml b/src/chrome/content/rules/TextFixer.com.xml
new file mode 100644
index 000000000000..daafe150e634
--- /dev/null
+++ b/src/chrome/content/rules/TextFixer.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="TextFixer.com">
+
+	<target host="textfixer.com" />
+	<target host="www.textfixer.com" />
+
+  	<securecookie host="^www\.textfixer\.com$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TextMagic.com.xml b/src/chrome/content/rules/TextMagic.com.xml
new file mode 100644
index 000000000000..d3c1c9b19e4c
--- /dev/null
+++ b/src/chrome/content/rules/TextMagic.com.xml
@@ -0,0 +1,43 @@
+<!--
+	CDN buckets:
+
+		- textmagic.cachefly.net
+
+
+	Nonfunctional subdomains:
+
+		- api *
+
+	* 503/521
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .textmagic.com
+		- my.textmagic.com
+		- .support.textmagic.com
+
+-->
+<ruleset name="TextMagic.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="textmagic.com" />
+	<target host="my.textmagic.com" />
+	<target host="support.textmagic.com" />
+	<target host="www.textmagic.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.textmagic\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+	<!--securecookie host="^my\.textmagic\.com$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^\.support\.textmagic\.com$" name="EP-LastViewedPosts$" /-->
+
+	<securecookie host=".*\.textmagic\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TextPad.com.xml b/src/chrome/content/rules/TextPad.com.xml
new file mode 100644
index 000000000000..5ff2f948eef3
--- /dev/null
+++ b/src/chrome/content/rules/TextPad.com.xml
@@ -0,0 +1,22 @@
+<!--
+	Nonfunctional subdomains:
+
+		- forums *
+
+	* Shows www
+
+-->
+<ruleset name="TextPad.com (partial)">
+
+	<target host="textpad.com" />
+	<target host="www.textpad.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<securecookie host="^(?:www\.)?textpad\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Textbooks.com.xml b/src/chrome/content/rules/Textbooks.com.xml
index c23d9aef3d97..21a858f981fc 100644
--- a/src/chrome/content/rules/Textbooks.com.xml
+++ b/src/chrome/content/rules/Textbooks.com.xml
@@ -1,19 +1,18 @@
 <ruleset name="Textbooks.com" platform="mixedcontent">
 
 	<target host="textbooks.com" />
-	<target host="*.textbooks.com" />
+	<target host="www.textbooks.com" />
+	<target host="images.textbooks.com" />
 	<!--	* for cross-domain cookie	-->
-	<target host="*.www.textbooks.com" />
 
 
-	<securecookie host="^.*\.textbooks\.com$" name=".*" />
+	<securecookie host="^.*\.textbooks\.com$" name=".+" />
 
 
 	<!--	Cert doesn't match !www.	-->
-	<rule from="^https?://(?:www\.)?textbooks\.com/"
+	<rule from="^http://(?:www\.)?textbooks\.com/"
 		to="https://www.textbooks.com/" />
 
-	<rule from="^http://images\.textbooks\.com/"
-		to="https://images.textbooks.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Texthelp.com.xml b/src/chrome/content/rules/Texthelp.com.xml
new file mode 100644
index 000000000000..e73cb02e0d0c
--- /dev/null
+++ b/src/chrome/content/rules/Texthelp.com.xml
@@ -0,0 +1,34 @@
+<!--
+	^texthelp.com: 404
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.texthelp.com
+
+-->
+<ruleset name="Texthelp.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.texthelp.com" />
+
+	<!--	Complications:
+				-->
+	<target host="texthelp.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.texthelp\.com$" name="^CMSCookieLevel$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://texthelp\.com/"
+		to="https://www.texthelp.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Textracer.dk.xml b/src/chrome/content/rules/Textracer.dk.xml
new file mode 100644
index 000000000000..3a405c7e0faa
--- /dev/null
+++ b/src/chrome/content/rules/Textracer.dk.xml
@@ -0,0 +1,16 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://textracer.dk/ => https://textracer.dk/: (7, 'Failed to connect to textracer.dk port 443: Connection refused')
+Fetch error: http://www.textracer.dk/ => https://www.textracer.dk/: (7, 'Failed to connect to www.textracer.dk port 443: Connection refused')
+
+-->
+<ruleset name="Textracer.dk" default_off="failed ruleset test">
+
+    <target host="textracer.dk" />
+    <target host="www.textracer.dk" />
+
+    <rule from="^http:"
+            to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Tfaforms.com.xml b/src/chrome/content/rules/Tfaforms.com.xml
new file mode 100644
index 000000000000..8b9e993a5136
--- /dev/null
+++ b/src/chrome/content/rules/Tfaforms.com.xml
@@ -0,0 +1,30 @@
+<!--
+	For other FormAssembly coverage, see FormAssembly.com.xml.
+
+
+	Fully covered domains:
+
+		- (www.)tfaforms.com
+
+
+	Insecure cookies are set for these domains:
+
+		- .tfaforms.com
+
+-->
+<ruleset name="tfaforms.com">
+
+	<target host="tfaforms.com" />
+	<target host="www.tfaforms.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.tfaforms\.com$" name="^tfasrv$" /-->
+
+	<securecookie host="^(?:www\.)?tfaforms\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Tfb.ru.xml b/src/chrome/content/rules/Tfb.ru.xml
new file mode 100644
index 000000000000..3c458d12d7ea
--- /dev/null
+++ b/src/chrome/content/rules/Tfb.ru.xml
@@ -0,0 +1,39 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://acs.tfb.ru/ => https://acs.tfb.ru/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://demo-ic.tfb.ru/ => https://demo-ic.tfb.ru/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://paymentgate.tfb.ru/ => https://paymentgate.tfb.ru/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://web-ex.tfb.ru/ => https://web-ex.tfb.ru/: (60, 'SSL certificate problem: self signed certificate')
+
+broker.tfb.ru ³
+capital.tfb.ru ²
+www.capital.tfb.ru ²
+dbo.tfb.ru ³
+finance.tfb.ru ²
+www.finance.tfb.ru ²
+lk.finance.tfb.ru ²
+ic.tfb.ru ³
+job-co.tfb.ru ³
+mobile.tfb.ru ³
+old-finance.tfb.ru ²
+online.tfb.ru ³
+voip-e.tfb.ru ³
+
+
+² refused
+³ timed out
+-->
+<ruleset name="tfb.ru" default_off="failed ruleset test">
+	<target host="tfb.ru" />
+	<target host="www.tfb.ru" />
+	<target host="acs.tfb.ru" />
+	<target host="app.tfb.ru" />
+	<target host="demo-ic.tfb.ru" />
+	<target host="ftp.tfb.ru" />
+	<target host="paymentgate.tfb.ru" />
+	<target host="vip.tfb.ru" />
+	<target host="web-ex.tfb.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Tfes.org.xml b/src/chrome/content/rules/Tfes.org.xml
new file mode 100644
index 000000000000..087f33ede88f
--- /dev/null
+++ b/src/chrome/content/rules/Tfes.org.xml
@@ -0,0 +1,13 @@
+<!--
+	library.tfes.org does not serve a valid cert, but may be added in the future
+-->
+<ruleset name="tfes.org">
+	<target host="tfes.org" />
+	<target host="www.tfes.org" />
+	<target host="forum.tfes.org" />
+	<target host="wiki.tfes.org" />
+	<target host="irc.tfes.org" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Tgknt.com.xml b/src/chrome/content/rules/Tgknt.com.xml
new file mode 100644
index 000000000000..73fa5996bd3b
--- /dev/null
+++ b/src/chrome/content/rules/Tgknt.com.xml
@@ -0,0 +1,16 @@
+<!--
+	Bugs.
+
+
+	(www.) doesn't exist.
+
+-->
+<ruleset name="tgknt.com">
+
+	<target host="c.tgknt.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Tgthr.com.xml b/src/chrome/content/rules/Tgthr.com.xml
deleted file mode 100644
index 8c86b35bb53e..000000000000
--- a/src/chrome/content/rules/Tgthr.com.xml
+++ /dev/null
@@ -1,36 +0,0 @@
-<!--
-	Problematic domains:
-
-		- tgthr.crbuildsite.com		(http reply)
-
-
-	Mixed content:
-
-		- css, on ^ from:
-
-			- tgthr.crbuildsite.com ¹
-			- fonts.googleapis.com ²
-
-		- Images on ^ from ^ ²
-
-	¹ Secured by us, effect appears minimal
-	² Secured by us
-
--->
-<ruleset name="tgthr.com">
-
-	<target host="tgthr.crbuildsite.com" />
-	<target host="tgthr.com" />
-	<target host="*.tgthr.com" />
-
-
-	<securecookie host="^(?:w*\.)?tgthr\.com$" name=".+" />
-
-
-	<rule from="^http://tgthr\.crbuildsite\.com/"
-		to="https://tgthr.crbuildsite.com/" />
-
-	<rule from="^http://(www\.)?tgthr\.com/"
-		to="https://$1tgthr.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Thai_Netizen.org.xml b/src/chrome/content/rules/Thai_Netizen.org.xml
new file mode 100644
index 000000000000..28a1fd6a6ca9
--- /dev/null
+++ b/src/chrome/content/rules/Thai_Netizen.org.xml
@@ -0,0 +1,10 @@
+<ruleset name="Thai Netizen.org">
+
+	<target host="thainetizen.org" />
+	<target host="www.thainetizen.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Thaipicpost.info.xml b/src/chrome/content/rules/Thaipicpost.info.xml
deleted file mode 100644
index a6e2336fcf39..000000000000
--- a/src/chrome/content/rules/Thaipicpost.info.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="thaipicpost.info">
-
-	<target host="thaipicpost.info" />
-	<target host="*.thaipicpost.info" />
-
-
-	<securecookie host="^\.thaipicpost\.info$" name=".+" />
-
-
-	<rule from="^http://(sv\d\.|www\.)?thaipicpost\.info/"
-		to="https://$1thaipicpost.info/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Thalasseo.com.xml b/src/chrome/content/rules/Thalasseo.com.xml
new file mode 100644
index 000000000000..eccc6d025386
--- /dev/null
+++ b/src/chrome/content/rules/Thalasseo.com.xml
@@ -0,0 +1,52 @@
+<!--
+	^thalasseo.com: Refused
+
+
+	Insecure cookies are set for these hosts:
+
+		- .thalasseo.com
+
+
+	Mixed content:
+
+		- css from fonts.googleapis.com ˢ
+
+		- Images, from:
+
+			- images.thalasseo.com ˢ
+			- img\d.thalasseo.com ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="Thalasseo.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="images.thalasseo.com" />
+	<target host="img1.thalasseo.com" />
+	<target host="img2.thalasseo.com" />
+	<target host="img3.thalasseo.com" />
+	<target host="img4.thalasseo.com" />
+	<target host="img5.thalasseo.com" />
+	<target host="www.thalasseo.com" />
+
+	<!--	Complications:
+				-->
+	<target host="thalasseo.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.thalasseo\.com$" name="^newB$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://thalasseo\.com/"
+		to="https://www.thalasseo.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Thales-Communications.xml b/src/chrome/content/rules/Thales-Communications.xml
index 2ca766ac0830..9ecf62440d72 100644
--- a/src/chrome/content/rules/Thales-Communications.xml
+++ b/src/chrome/content/rules/Thales-Communications.xml
@@ -1,15 +1,25 @@
-<ruleset name="Thales Communications">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://thalescomminc.com/ => https://www.thalescomminc.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.thalescomminc.com'")
+Fetch error: http://www.thalescomminc.com/ => https://www.thalescomminc.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.thalescomminc.com'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://thalescomminc.com/ => https://www.thalescomminc.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.thalescomminc.com'")
+Fetch error: http://www.thalescomminc.com/ => https://www.thalescomminc.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.thalescomminc.com'")
+-->
+<ruleset name="Thales Communications" default_off="failed ruleset test">
 
 	<target host="thalescomminc.com" />
 	<target host="www.thalescomminc.com" />
 
 
-	<securecookie host="^www\.thalescomminc\.com$" name=".*" />
+	<securecookie host="^www\.thalescomminc\.com$" name=".+" />
 
 
 	<!--	Cert only matches www.
 						-->
-	<rule from="^https?://(?:www\.)?thalescomminc\.com/"
+	<rule from="^http://(?:www\.)?thalescomminc\.com/"
 		to="https://www.thalescomminc.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Thali_project.org.xml b/src/chrome/content/rules/Thali_project.org.xml
new file mode 100644
index 000000000000..edf59df9aae2
--- /dev/null
+++ b/src/chrome/content/rules/Thali_project.org.xml
@@ -0,0 +1,13 @@
+<!--
+	^: Dropped
+
+-->
+<ruleset name="Thali project.org" default_off="mismatched">
+
+	<target host="www.thaliproject.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Thalia_Holding.xml b/src/chrome/content/rules/Thalia_Holding.xml
new file mode 100644
index 000000000000..bfdffbfd73f9
--- /dev/null
+++ b/src/chrome/content/rules/Thalia_Holding.xml
@@ -0,0 +1,81 @@
+<!--
+	Mismatch:
+		- images.bol.de *
+		- images.buch.de *
+		- images.thalia.de *
+		- media.buch.de *
+
+		* Rewrite to www.buch.de fails sometimes:
+
+	Refused:
+		- blog.buch.de
+		- unternehmen.thalia.de
+		- ^buch.de
+
+
+	Wrong content:
+		- ^thalia.ch
+
+	Mixed content:
+		- various images served from images.*
+-->
+<ruleset name="Thalia Holding" platform="mixedcontent">
+	<target host="bol.de"/>
+	<target host="www.bol.de"/>
+	<target host="img.bol.de"/>
+	<target host="books.ch"/>
+	<target host="www.books.ch"/>
+	<target host="img.books.ch"/>
+	<target host="buch.ch"/>
+	<target host="www.buch.ch"/>
+	<target host="img.buch.ch"/>
+	<target host="buch.de"/>
+	<target host="www.buch.de"/>
+	<target host="img.buch.de"/>
+	<target host="leseprobe.buch.de"/>
+	<target host="ssl.buch.de"/>
+	<target host="thalia.at"/>
+	<target host="www.thalia.at"/>
+	<target host="img.thalia.at"/>
+	<target host="thalia.ch"/>
+	<target host="www.thalia.ch"/>
+	<target host="img.thalia.ch"/>
+	<target host="thalia.de"/>
+	<target host="www.thalia.de"/>
+	<target host="img.thalia.de"/>
+
+	<!--
+	Trying to rewrite mismatched domains to buch.de, but this
+	fails for some images. Commented out for future work.
+
+	<target host="images.bol.de"/>
+	<target host="images.buch.de"/>
+	<target host="images.thalia.de"/>
+	<target host="media.buch.de"/>
+	<exclusion pattern="^http://media\.buch\.de/alexandria/"/>
+	<exclusion pattern="^http://images\.buch\.de/leseproben/"/>
+	<exclusion pattern="^http://images\.buch\.de/md21/"/>
+	<exclusion pattern="^http://images\.thalia\.de/md37/"/>
+
+	<test url="http://media.buch.de/alexandria/thalia_test/000008951137-00-1.jpg"/>
+	<test url="http://images.buch.de/leseproben/874/541/12_9783442541874.pdf"/>
+	<test url="http://images.buch.de/md21/Pix2015/Portalseite/miles-and-more-logo-startseite.png"/>
+	<test url="http://images.thalia.de/md37/lp2015/Sommer/sommer_stempel_thalia_10.png"/>
+
+	<rule from="^http://images\.bol\.de/"
+		to="https://www.bol.de/"/>
+	<rule from="^http://images\.buch\.de/"
+		to="https://www.buch.de/"/>
+	<rule from="^http://media\.buch\.de/"
+		to="https://www.buch.de/"/>
+	<rule from="^http://images\.thalia\.de/"
+		to="https://www.buch.de/"/>
+	-->
+
+	<rule from="^http://buch\.de/"
+		to="https://www.buch.de/"/>
+	<rule from="^http://thalia\.ch/"
+		to="https://www.thalia.ch/"/>
+	<rule from="^http:"
+		to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/Thalys.xml b/src/chrome/content/rules/Thalys.xml
index 88664d6988b6..eb09c48623fd 100644
--- a/src/chrome/content/rules/Thalys.xml
+++ b/src/chrome/content/rules/Thalys.xml
@@ -1,4 +1,14 @@
-<ruleset name="Thalys">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://portal.thalysnet.com/ => https://portal.thalysnet.com/: (6, 'Could not resolve host: portal.thalysnet.com')
+
+	Mixed content:
+
+		- Bug on (www.)?thalysthecard.com from logi\d+.xiti.com
+
+-->
+<ruleset name="Thalys" default_off="failed ruleset test">
     <target host="thalys.com" />
     <target host="www.thalys.com" />
     <target host="thalysthecard.com" />
@@ -7,18 +17,12 @@
     <!-- Accessible from Thalys trains. -->
     <target host="portal.thalysnet.com" />
 
-    <securecookie host="^(.*\.)?thalys\.com$" name=".+" />
-    <securecookie host="^(.*\.)?thalysnet\.com$" name=".+" />
-    <securecookie host="^(.*\.)?thalysthecard\.com$" name=".+" />
-
-    <rule from="^https?://thalys\.com/"
-        to="https://www.thalys.com/" />
-    <rule from="^http://([^/:@]+)?\.thalys\.com/"
-        to="https://$1.thalys.com/" />
-    <rule from="^http://([^/:@]+)?\.thalysnet\.com/"
-        to="https://$1.thalysnet.com/" />
-    <rule from="^https?://thalysthecard\.com/"
-        to="https://www.thalysthecard.com/" />
-    <rule from="^http://([^/:@]+)?\.thalysthecard\.com/"
-        to="https://$1.thalysthecard.com/" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.thalysthecard\.com$" name="^SESS[\da-f]{32}$" /-->
+
+    <securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/ThankYou.com.xml b/src/chrome/content/rules/ThankYou.com.xml
index 27f5cf1e62e4..88ef03182dd7 100644
--- a/src/chrome/content/rules/ThankYou.com.xml
+++ b/src/chrome/content/rules/ThankYou.com.xml
@@ -5,15 +5,17 @@
 	Problematic subdomains:
 
 		- ^ *
+		- shopping ² ³
 
 	* Cert only matches www
+	² Expired
+	³ Server sends no certificate chain, see https://whatsmychaincert.com
 
 
 	Fully covered subdomains:
 
 		- (www.)	(^ → www)
 		- rewards
-		- shopping
 		- travel
 
 
@@ -32,17 +34,25 @@
 -->
 <ruleset name="ThankYou.com">
 
+	<!--	Direct rewrites:
+				-->
+	<target host="rewards.thankyou.com" />
+	<!--target host="shopping.thankyou.com" /-->
+	<target host="travel.thankyou.com" />
+	<target host="www.thankyou.com" />
+
+	<!--	Complications:
+				-->
 	<target host="thankyou.com" />
-	<target host="*.thankyou.com" />
 
 
 	<securecookie host="^(?:rewards|shopping|travel|www)?\.thankyou\.com$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?thankyou\.com/"
+	<rule from="^http://thankyou\.com/"
 		to="https://www.thankyou.com/" />
 
-	<rule from="^http://(rewards|shopping|travel)\.thankyou\.com/"
-		to="https://$1.thankyou.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Thankyou4caring.org.xml b/src/chrome/content/rules/Thankyou4caring.org.xml
new file mode 100644
index 000000000000..22c2eea69e7c
--- /dev/null
+++ b/src/chrome/content/rules/Thankyou4caring.org.xml
@@ -0,0 +1,24 @@
+<!--
+	A donations service with per-organization subdomains.
+
+-->
+<ruleset name="thankyou4caring.org">
+
+	<target host="*.thankyou4caring.org" />
+
+		<test url="http://breakingground.thankyou4caring.org/" />
+		<test url="http://cpj20023.thankyou4caring.org/" />
+		<test url="http://jjaycuny.thankyou4caring.org/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\w+\.thankyou4caring\.org$" name="^(?:ASP\.NET_SessionId|NSC_[\w-]+|ShoppingCartCookieID)$" /-->
+
+	<securecookie host="^\w+" name=".+" />
+
+
+	<rule from="^http://(\w+)\.thankyou4caring\.org/"
+		to="https://$1.thankyou4caring.org/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Thaqafa.org.xml b/src/chrome/content/rules/Thaqafa.org.xml
new file mode 100644
index 000000000000..b41fc64e5af5
--- /dev/null
+++ b/src/chrome/content/rules/Thaqafa.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="Thaqafa.org">
+	<target host="thaqafa.org" />
+	<target host="www.thaqafa.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ThatOnePrivacySite.xml b/src/chrome/content/rules/ThatOnePrivacySite.xml
new file mode 100644
index 000000000000..2990841270ff
--- /dev/null
+++ b/src/chrome/content/rules/ThatOnePrivacySite.xml
@@ -0,0 +1,7 @@
+<ruleset name="That One Privacy Site">
+        <target host="thatoneprivacysite.net" />
+        <target host="www.thatoneprivacysite.net" />
+
+        <rule from="^http:"
+                to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Thawte.xml b/src/chrome/content/rules/Thawte.xml
index d16b8470a03e..daeb1cdaa4d9 100644
--- a/src/chrome/content/rules/Thawte.xml
+++ b/src/chrome/content/rules/Thawte.xml
@@ -2,8 +2,8 @@
 		- ocsp.thawte.com
 -->
 <ruleset name="Thawte">
- <target host="www.thawte.com" /> 
+ <target host="www.thawte.com" />
  <target host="thawte.com" />
 
- <rule from="^http://(?:www\.)?thawte\.com/" to="https://www.thawte.com/" />
+ <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/The-ACLU-of-Idaho.xml b/src/chrome/content/rules/The-ACLU-of-Idaho.xml
new file mode 100644
index 000000000000..6933b0259ae0
--- /dev/null
+++ b/src/chrome/content/rules/The-ACLU-of-Idaho.xml
@@ -0,0 +1,11 @@
+<ruleset name="The ACLU of Idaho">
+	<target host="acluidaho.org" />
+	<target host="www.acluidaho.org" />
+
+	<securecookie host="^acluidaho\.org$" name=".+" />
+
+	<rule from="^http://www\.acluidaho\.org/"
+		to="https://acluidaho.org/" />
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/The-Art-Institutes.xml b/src/chrome/content/rules/The-Art-Institutes.xml
index 7a33d2f2d811..4992ccd31d69 100644
--- a/src/chrome/content/rules/The-Art-Institutes.xml
+++ b/src/chrome/content/rules/The-Art-Institutes.xml
@@ -3,15 +3,22 @@
 
 		- (www.)ailearnmore.com
 
+
+	Problematic domains:
+
+		- artinstitutes.edu *
+
+	* Handshake fails
+
 -->
 <ruleset name="The Art Institutes (partial)">
 
 	<target host="artinstitutes.edu"/>
-	<target host="*.artinstitutes.edu"/>
+	<target host="www.artinstitutes.edu" />
+	<target host="content.artinstitutes.edu" />
 
 
-	<!--	Cert doesn't match !www.	-->
-	<rule from="^https?://artinstitutes\.edu/"
+	<rule from="^http://artinstitutes\.edu/"
 		to="https://www.artinstitutes.edu/" />
 
 	<rule from="^http://www\.artinstitutes\.edu/([iI]mages/|[iI]ncludes/|javascript/|masters-degrees/(images|stylesheets)/|Multimedia|programs-info/form/|[sS]tylesheets/|WebResource\.axd)"
@@ -21,3 +28,4 @@
 		to="https://content.artinstitutes.edu/" />
 
 </ruleset>
+
diff --git a/src/chrome/content/rules/The-Atom-Group.xml b/src/chrome/content/rules/The-Atom-Group.xml
index b06a14a1ff5b..343c76607682 100644
--- a/src/chrome/content/rules/The-Atom-Group.xml
+++ b/src/chrome/content/rules/The-Atom-Group.xml
@@ -1,13 +1,20 @@
-<!--	!functional subdomains:
-		- (www.)	(mismatch, shows IIS 7 welcome page)
+<!--
+	(www.)?theatomgroup.com: Refused
+
 -->
-<ruleset name="The Atom Group (partial)">
+<ruleset name="The Atom Group.com (partial)">
 
+	<!--	Complications:
+				-->
 	<target host="mail.theatomgroup.com"/>
 
-	<securecookie host="^mail\.theatomgroup\.com$" name=".*"/>
 
-	<rule from="^http://mail\.theatomgroup\.com/"
-		to="https://mail.theatomgroup.com/"/>
+	<!--	Redirect drops path, args,
+		and forward slash:
+					-->
+	<rule from="^http://mail\.theatomgroup\.com/.*"
+		to="https://mail.google.com/a/theatomgroup.com" />
+
+		<test url="http://mail.theatomgroup.com//" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/The-Awl.xml b/src/chrome/content/rules/The-Awl.xml
index 8eccab83f1be..1af5bb7279a6 100644
--- a/src/chrome/content/rules/The-Awl.xml
+++ b/src/chrome/content/rules/The-Awl.xml
@@ -1,18 +1,23 @@
 <!--
-	Nonfunctional subdomains:
+	CDN buckets:
 
-		- (www.)	(cert: www2.theawl.com; shows that domain)
+		- 650439772.r.cdn77.net
+
+
+	(www.)?theawl.com: Dropped
 
 -->
-<ruleset name="The Awl (partial)" default_off="self-signed">
+<ruleset name="The Awl.com (partial)" default_off="mismatched">
 
-	<target host="ads.theawl.com" />
+	<target host="cdn.theawl.com" />
+	<target host="cdn0.theawl.com" />
 
 
-	<securecookie host="^ads\.theawl\.com$" name=".+" />
+	<securecookie host="^\." name="^__qca$" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^http://ads\.theawl\.com/"
-		to="https://ads.theawl.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/The-Best-Hosting.xml b/src/chrome/content/rules/The-Best-Hosting.xml
deleted file mode 100644
index 8ea3cbbcbbf4..000000000000
--- a/src/chrome/content/rules/The-Best-Hosting.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<ruleset name="The Best Hosting">
-
-	<target host="the-best-hosting.net"/>
-	<target host="www.the-best-hosting.net"/>
-
-	<rule from="^http://(www\.)?the-best-hosting\.net/"
-		to="https://$1the-best-hosting.net/"/>
-
-	<securecookie host="^(www\.)?the-best-hosting\.net$" name=".*"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/The-Blackpool-Tower.xml b/src/chrome/content/rules/The-Blackpool-Tower.xml
new file mode 100644
index 000000000000..120b18ba977c
--- /dev/null
+++ b/src/chrome/content/rules/The-Blackpool-Tower.xml
@@ -0,0 +1,16 @@
+<!--
+	For other Merlin Entertainments coverage, see Merlin-Entertainments.xml.
+-->
+<ruleset name="The Blackpool Tower">
+	<target host="theblackpooltower.com" />
+	<target host="www.theblackpooltower.com" />
+
+	<securecookie host="www\.theblackpooltower\.com$" name=".+" />
+
+	<!-- Cert only matches www: -->
+	<rule from="^http://theblackpooltower\.com/"
+		to="https://www.theblackpooltower.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/The-Business-Journals.xml b/src/chrome/content/rules/The-Business-Journals.xml
index bac2139ecb99..98e6ff368ce1 100644
--- a/src/chrome/content/rules/The-Business-Journals.xml
+++ b/src/chrome/content/rules/The-Business-Journals.xml
@@ -17,6 +17,8 @@
 
 			- a1484.g.akamai.net
 
+		- images.bizjournals.com.edgesuite.net
+
 		- assets.upstart.bizjournals.com.edgesuite.net
 
 
@@ -25,6 +27,7 @@
 		- bizjournals.com subdomains:
 
 			- businessdirectory ¹
+			- images		(shows www, akamai)
 			- m ²
 			- upstart ²
 			- assets.upstart	(shows www, akamai)
@@ -43,7 +46,7 @@
 
 			- ^		(cert only matches www)
 			- assets *
-			- metric	(2o7.net)	
+			- metric	(2o7.net)
 
 	* Works, akamai
 
@@ -93,15 +96,9 @@
 	<securecookie host="^secure\.bizjournals\.com$" name=".+" />
 
 
-	<rule from="^http://media\.bizj\.us/"
-		to="https://a248.e.akamai.net/f/1867/1301/3/media.bizj.us/" />
-
 	<rule from="^http://(?:www\.)?bizjournals\.com/(bizjournals/images|lib|login|register)/"
 		to="https://www.bizjournals.com/$1/" />
 
-	<rule from="^http://assets\.bizjournals\.com/"
-		to="https://a248.e.akamai.net/f/1484/9205/3/assets.bizjournals.com/" />
-
 	<rule from="^http://(mediaapi|metrics|secure)\.bizjournals\.com/"
 		to="https://$1.bizjournals.com/" />
 
diff --git a/src/chrome/content/rules/The-Butler-and-the-Chef.xml b/src/chrome/content/rules/The-Butler-and-the-Chef.xml
index 215981ac54ba..0dc9ad654a33 100644
--- a/src/chrome/content/rules/The-Butler-and-the-Chef.xml
+++ b/src/chrome/content/rules/The-Butler-and-the-Chef.xml
@@ -1,11 +1,11 @@
-<ruleset name="The Butler and the Chef" default_off="mismatch">
+<ruleset name="The Butler and the Chef" default_off="mismatched">
 
 	<!--	Cert: *.fatcow.com	-->
 	<target host="butlerandthechef.com" />
 	<target host="www.butlerandthechef.com" />
 
 
-	<rule from="^https?://(?:www\.)?butlerandthechef\.com/"
+	<rule from="^http://(?:www\.)?butlerandthechef\.com/"
 		to="https://butlerandthechef.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/The-Cisco-Group.xml b/src/chrome/content/rules/The-Cisco-Group.xml
index 98284a90505f..c61a155a790c 100644
--- a/src/chrome/content/rules/The-Cisco-Group.xml
+++ b/src/chrome/content/rules/The-Cisco-Group.xml
@@ -4,16 +4,13 @@
 		- (www.)saqpro.com	(ssl_error_rx_record_too_long)
 
 -->
-<ruleset name="The CISCO Group (partial)" default_off="mismatch">
+<ruleset name="The CISCO Group (partial)" default_off="mismatched">
 
-	<!--	cert: saqpro.com	-->
-	<target host="securityexe.com" />
-	<target host="www.securityexe.com" />
 	<target host="thecisogroup.com" />
 	<target host="www.thecisogroup.com" />
 
 
-	<rule from="^https?://(?:www\.)?(securityexe|thecisogroup)\.com/"
-		to="https://$1.com/" />
+	<rule from="^http://(?:www\.)?thecisogroup\.com/"
+		to="https://theciscogroup.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/The-Citizen-Lab.xml b/src/chrome/content/rules/The-Citizen-Lab.xml
index ca9acec81a47..2205f4f8b5c4 100644
--- a/src/chrome/content/rules/The-Citizen-Lab.xml
+++ b/src/chrome/content/rules/The-Citizen-Lab.xml
@@ -6,7 +6,6 @@
 
 	<!--	Cert only matches //citizenlab.org.
 					-->
-	<rule from="^https?://(?:www\.)?citizenlab\.org/"
-		to="https://citizenlab.org/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/The-Conversation.xml b/src/chrome/content/rules/The-Conversation.xml
new file mode 100644
index 000000000000..4b452aae2ca7
--- /dev/null
+++ b/src/chrome/content/rules/The-Conversation.xml
@@ -0,0 +1,13 @@
+<ruleset name="The Conversation">
+	<!-- theconversation.edu.au -->
+	<target host="theconversation.edu.au" />
+	<target host="www.theconversation.edu.au" />
+	<target host="counter.theconversation.edu.au" />
+	<target host="donate.theconversation.edu.au" />
+	<target host="jobs.theconversation.edu.au" />
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/The-Cutest-Site-on-the-Block.xml b/src/chrome/content/rules/The-Cutest-Site-on-the-Block.xml
index 6db43d3b1e1d..5a435345c1c7 100644
--- a/src/chrome/content/rules/The-Cutest-Site-on-the-Block.xml
+++ b/src/chrome/content/rules/The-Cutest-Site-on-the-Block.xml
@@ -1,13 +1,21 @@
-<ruleset name="The Cutest Site on the Block" platform="mixedcontent">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://thecutestsiteontheblock.com/ => https://www.thecutestsiteontheblock.com/: (28, 'Operation timed out after 0 milliseconds with 0 out of 0 bytes received')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://thecutestsiteontheblock.com/ => https://www.thecutestsiteontheblock.com/: (7, 'Failed to connect to www.thecutestsiteontheblock.com port 443: Connection refused')
+-->
+<ruleset name="The Cutest Site on the Block" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="thecutestsiteontheblock.com" />
-	<target host="*.thecutestsiteontheblock.com" />
+	<target host="www.thecutestsiteontheblock.com" />
 
 
-	<securecookie host="^(.*\.)?thecutestsiteontheblock\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?thecutestsiteontheblock\.com/"
+	<rule from="^http://(?:www\.)?thecutestsiteontheblock\.com/"
 		to="https://www.thecutestsiteontheblock.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/The-DMA.org.xml b/src/chrome/content/rules/The-DMA.org.xml
new file mode 100644
index 000000000000..b309b4a1b770
--- /dev/null
+++ b/src/chrome/content/rules/The-DMA.org.xml
@@ -0,0 +1,22 @@
+<!--
+	For other Direct Marketing Association coverage, see The_DMA.org.xml
+
+
+	(www.)?the-dma.org: WP Engine
+
+-->
+<ruleset name="The-DMA.org">
+
+	<target host="the-dma.org" />
+	<target host="www.the-dma.org" />
+
+
+	<!--	Redirect keeps path and args,
+		but not forward slash:
+					-->
+	<rule from="^http://(?:www\.)?the-dma\.org/+"
+		to="https://thedma.org/" />
+
+		<test url="http://the-dma.org/index.htm" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/The-Debian-Administrators-Handbook.xml b/src/chrome/content/rules/The-Debian-Administrators-Handbook.xml
index b829b494ff25..4d595a2942fc 100644
--- a/src/chrome/content/rules/The-Debian-Administrators-Handbook.xml
+++ b/src/chrome/content/rules/The-Debian-Administrators-Handbook.xml
@@ -1,10 +1,25 @@
-<ruleset name="The Debian Administrator's Handbook" default_off="self-signed">
+<!--
+	The Debian Administrator's Handbook
 
+
+	www.debian-handbook.info: Mismatched
+
+-->
+<ruleset name="Debian-Handbook.info">
+
+	<!--	Direct rewrites:
+				-->
 	<target host="debian-handbook.info" />
+
+	<!--	Complications:
+				-->
 	<target host="www.debian-handbook.info" />
 
 
-	<rule from="^https?://(?:www\.)?debian-handbook\.info/"
+	<rule from="^http://www\.debian-handbook\.info/"
 		to="https://debian-handbook.info/" />
 
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/The-Diplomat.xml b/src/chrome/content/rules/The-Diplomat.xml
deleted file mode 100644
index adfeb54f3023..000000000000
--- a/src/chrome/content/rules/The-Diplomat.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<ruleset name="The Diplomat">
-
-	<target host="thediplomat.com" />
-	<target host="www.thediplomat.com" />
-		<!--
-			Seems to have stopped redirecting to http....
-
-		<exclusion pattern="^http://thediplomat\.com/(?!(?:contact-us|newsletter|write-for-us)(?:$|\?|/)|wp-content/(?:blogs.dir|themes)/)" /-->
-
-
-	<securecookie host="^thediplomat\.com$" name=".+" />
-
-
-	<!--	Cert only matches ^thediplomat.com.
-							-->
-	<rule from="^https?://(?:www\.)?thediplomat\.com/"
-		to="https://thediplomat.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/The-Dungeons.xml b/src/chrome/content/rules/The-Dungeons.xml
new file mode 100644
index 000000000000..5e4cb5b0c129
--- /dev/null
+++ b/src/chrome/content/rules/The-Dungeons.xml
@@ -0,0 +1,28 @@
+<!--
+	For other Merlin Entertainments coverage, see Merlin-Entertainments.xml.
+
+	Mixed content:
+		- Js from ajax.googleapis.com *
+		- Font from fonts.googleapis.com *
+		- Js from platform.twitter.com *
+
+	* Secured by us
+
+	Problematic subdomain:
+		- !www		(hostname mismatch, CN: *.azurewebsites.net)
+-->
+<ruleset name="The Dungeons">
+	<target host="thedungeons.com" />
+	<target host="sanfrancisco.thedungeons.com" />
+	<target host="secure.thedungeons.com" />
+	<target host="www.thedungeons.com" />
+
+	<securecookie host="www\.thedungeons\.com$" name=".+" />
+
+	<!-- Cert mismatch: -->
+	<rule from="^http://thedungeons\.com/"
+		to="https://www.thedungeons.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/The-Escapist-Expo.xml b/src/chrome/content/rules/The-Escapist-Expo.xml
deleted file mode 100644
index c8440c5f6ee5..000000000000
--- a/src/chrome/content/rules/The-Escapist-Expo.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	For other Themis Group coverage, see Themis-Group.xml.
-
--->
-<ruleset name="The Escapist Expo">
-
-	<target host="escapistexpo.com" />
-	<target host="*.escapistexpo.com" />
-	<target host="www.sec.escapistexpo.com" />
-
-
-	<!--	Cert only matches (www.)sec.	-->
-	<rule from="^https?://(?:(www\.)?sec\.|www\.)?escapistexpo\.com/"
-		to="https://$1sec.escapistexpo.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/The-Event-Diva.xml b/src/chrome/content/rules/The-Event-Diva.xml
index 5fd779168452..59e902e854e0 100644
--- a/src/chrome/content/rules/The-Event-Diva.xml
+++ b/src/chrome/content/rules/The-Event-Diva.xml
@@ -4,12 +4,12 @@
 	<target host="www.theeventdiva.com" />
 
 
-	<securecookie host="^www\.theeventdiva\.com$" name=".*" />
+	<securecookie host="^www\.theeventdiva\.com$" name=".+" />
 
 
 	<!--	Cert only matches www.
 					-->
-	<rule from="^https?://(?:www\.)?theeventdiva\.com/"
+	<rule from="^http://(?:www\.)?theeventdiva\.com/"
 		to="https://www.theeventdiva.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/The-Flirble-Organisation-self-signed.xml b/src/chrome/content/rules/The-Flirble-Organisation-self-signed.xml
deleted file mode 100644
index 31a019ec0926..000000000000
--- a/src/chrome/content/rules/The-Flirble-Organisation-self-signed.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	For rules that are on by default, see The-Flirble-Organisation.xml.
-
--->
-<ruleset name="The Flirble Organisation (self-signed)" default_off="self-signed">
-
-	<target host="wiki.flirble.org" />
-
-
-	<!--	Cookies are handled in The-Flirble-Organisation.xml.	-->
-
-
-	<rule from="^http://wiki\.flirble\.org/"
-		to="https://wiki.flirble.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/The-Flirble-Organisation.xml b/src/chrome/content/rules/The-Flirble-Organisation.xml
index f4504ca27cbd..0fbb9687cd63 100644
--- a/src/chrome/content/rules/The-Flirble-Organisation.xml
+++ b/src/chrome/content/rules/The-Flirble-Organisation.xml
@@ -1,30 +1,51 @@
+
 <!--
-	For problematic rules, see The-Flirble-Organisation-self-signed.xml.
+Disabled by https-everywhere-checker because:
+Fetch error: http://wiki.flirble.org/ => https://wiki.flirble.org/: (6, 'Could not resolve host: wiki.flirble.org')
 
+	Problematic hosts in *flirble.org:
 
--->
-<ruleset name="The Flirble Organisation (partial)">
+		- domreg *
+
+	* Mismatched, CN: *.shopco.com
 
-	<target host="flirble.org" />
-	<target host="*.flirble.org" />
-	<target host="*.blog.flirble.org" />
 
+	^flirble.org doesn't exist.
 
-	<securecookie host="^.*\.flirble\.org$" name=".*" />
 
+	Insecure cookies are set for these hosts:
+
+		- wiki.flirble.org
+		- www.flirble.org
+
+-->
+<ruleset name="The Flirble Organisation" default_off="failed ruleset test">
 
-	<!--	- !www doesn't work over https
-		- !www redirects to www over http
+	<!--	Direct rewrites:
+				-->
+	<target host="blog.flirble.org" />
+	<target host="c0-blog.flirble.org" />
+	<target host="c1-blog.flirble.org" />
+	<target host="wiki.flirble.org" />
+	<target host="www.flirble.org" />
+
+	<!--	Complications:
+				-->
+	<target host="domreg.flirble.org" />
+
+
+	<!--	Not secured by server:
 					-->
-	<rule from="^https?://(?:www\.)?flirble\.org/"
-		to="https://flirble.org/" />
+	<!--securecookie host="wiki\.flirble\.org$" name="^TWIKISID$" /-->
+	<!--securecookie host="www\.flirble\.org$" name="^SQMSESSID$" /-->
 
-	<!--	Cert only matches (*.)flirble.org	-->
-	<rule from="^https?://(?:c\d\.)?blog\.flirble\.org/"
-		to="https://blog.flirble.org/" />
+	<securecookie host=".+" name=".+"/>
 
-	<!--	Cert: *.shopco.com	-->
-	<rule from="^https?://domreg\.flirble\.org/"
+
+	<rule from="^http://domreg\.flirble\.org/"
 		to="https://domreg-flirble-org.shopco.com/" />
 
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/The-Great-Courses-mismatches.xml b/src/chrome/content/rules/The-Great-Courses-mismatches.xml
index c432d564295b..d9fd42a2a7fd 100644
--- a/src/chrome/content/rules/The-Great-Courses-mismatches.xml
+++ b/src/chrome/content/rules/The-Great-Courses-mismatches.xml
@@ -2,13 +2,12 @@
 	For rules that are on by default, see The-Great-Courses.xml.
 
 -->
-<ruleset name="The Great Courses (mismatches)" default_off="mismatch">
+<ruleset name="The Great Courses (mismatches)" default_off="mismatched">
 
 	<!--	Akamai	-->
 	<target host="reviews.thegreatcourses.com" />
 
 
-	<rule from="^http://reviews\.thegreatcourses\.com/"
-		to="https://reviews.thegreatcourses.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/The-Great-Courses.xml b/src/chrome/content/rules/The-Great-Courses.xml
index 4e0bc09d24f0..fb7bbb27cbc2 100644
--- a/src/chrome/content/rules/The-Great-Courses.xml
+++ b/src/chrome/content/rules/The-Great-Courses.xml
@@ -11,7 +11,7 @@
 	<!--	- Cert only matches www
 		- At least some pages 30 to http
 							-->
-	<rule from="^https?://(?:www\.)?thegreatcourses\.com/tgc/([aA]ccount|cs)s/"
+	<rule from="^http://(?:www\.)?thegreatcourses\.com/tgc/([aA]ccount|cs)s/"
 		to="https://www.thegreatcourses.com/tgc/$1s/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/The-Iconic.com.au.xml b/src/chrome/content/rules/The-Iconic.com.au.xml
new file mode 100644
index 000000000000..86fee073ed29
--- /dev/null
+++ b/src/chrome/content/rules/The-Iconic.com.au.xml
@@ -0,0 +1,38 @@
+<!--
+	Non-functional subdomains:
+		- assets.subscription.mars.stagingv1.staging.aws	(m)
+		- email.email	(t)
+		- marketplace	(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="The Iconic.com.au">
+
+	<target host="theiconic.com.au" />
+	<target host="www.theiconic.com.au" />
+	<target host="email.app.theiconic.com.au" />
+	<target host="www.orange.aws.theiconic.com.au" />
+	<target host="thumbor.production.productionv1.production.aws.theiconic.com.au" />
+	<target host="shadowit.toolbox.techv1.toolbox.aws.theiconic.com.au" />
+	<target host="collector2.theiconic.com.au" />
+	<target host="crmdata.theiconic.com.au" />
+	<target host="edition.theiconic.com.au" />
+	<target host="img1.theiconic.com.au" />
+	<target host="img2.theiconic.com.au" />
+	<target host="m.theiconic.com.au" />
+	<target host="mediaonsite.theiconic.com.au" />
+	<target host="sellercenter.theiconic.com.au" />
+	<target host="static.theiconic.com.au" />
+	<target host="static1.theiconic.com.au" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/The-Indie-Gala.xml b/src/chrome/content/rules/The-Indie-Gala.xml
deleted file mode 100644
index 1157f36a97e3..000000000000
--- a/src/chrome/content/rules/The-Indie-Gala.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	indiegalalobby.chatango.com
-
--->
-<ruleset name="The Indie Gala" default_off="mismatch">
-
-	<!--	Cert: ghs-ssl.googlehosted.com	-->
-	<target host="indiegala.com" />
-	<target host="www.indiegala.com" />
-
-
-	<rule from="^https?://(?:www\.)?indiegala\.com/"
-		to="https://indiegala.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/The-Inspiration-Room.xml b/src/chrome/content/rules/The-Inspiration-Room.xml
index f5135d56762d..088d789d2978 100644
--- a/src/chrome/content/rules/The-Inspiration-Room.xml
+++ b/src/chrome/content/rules/The-Inspiration-Room.xml
@@ -3,7 +3,7 @@
 	<target host="theinspirationroom.com"/>
 	<target host="www.theinspirationroom.com"/>
 
-	<securecookie host="^(.*\.)?theinspirationroom\.com$" name=".*"/>
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http://(?:www\.)?theinspirationroom\.com/"
 		to="https://theinspirationroom.com/"/>
diff --git a/src/chrome/content/rules/The-Irish-Times.xml b/src/chrome/content/rules/The-Irish-Times.xml
index 8280f1cb95c9..fabe2a6a102d 100644
--- a/src/chrome/content/rules/The-Irish-Times.xml
+++ b/src/chrome/content/rules/The-Irish-Times.xml
@@ -4,7 +4,6 @@
 	<target host="www.irishtimes.com" />
 
 
-	<rule from="^http://(www\.)?irishtimes\.com/"
-		to="https://$1irishtimes.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/The-Japan-Times-problematic.xml b/src/chrome/content/rules/The-Japan-Times-problematic.xml
deleted file mode 100644
index f07c8eef0290..000000000000
--- a/src/chrome/content/rules/The-Japan-Times-problematic.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	For rules that are on by default, see The-Japan-Times.xml.
-
--->
-<ruleset name="The Japan Times (problematic)" default_off="mismatch">
-
-	<target host="japantimes.co.jp" />
-	<target host="www.japantimes.co.jp" />
-		<!--
-			Handled in The-Japan-Times.xml.
-							-->
-		<exclusion pattern="https?://www\.japantimes\.co\.jp/images/header_title\.gif" />
-
-
-	<!--	Cookies are handled in The-Japan-Times.xml.
-
-
-		Cert: form.japantimes.co.jp
-						-->
-	<rule from="^https?://(?:www\.)?japantimes\.co\.jp/"
-		to="https://www.japantimes.co.jp/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/The-Japan-Times.xml b/src/chrome/content/rules/The-Japan-Times.xml
deleted file mode 100644
index 8678cdb47d4d..000000000000
--- a/src/chrome/content/rules/The-Japan-Times.xml
+++ /dev/null
@@ -1,32 +0,0 @@
-<!--
-	For problematic rules, see The-Japan-Times-problematic.xml.
-
-
-	Nonfunctional domains:
-
-		- blog		(cert: form.japantimes; shows form)
-		- search	(ditto)
-		- timescoupon	(times out)
-		- weekly	(ditto)
-		- women
-
--->
-<ruleset name="The Japan Times (partial)">
-
-	<target host="*.japantimes.co.jp" />
-
-
-	<securecookie host="^.+\.japantimes\.co\.jp$" name=".+" />
-
-
-	<rule from="^http://(bookclub|club|form)\.japantimes\.co\.jp/"
-		to="https://$1.japantimes.co.jp/" />
-
-	<!--	- Cert only matches form
-		- At least some pages redirect back
-		- Many (most?) paths aren't identical
-							-->
-	<rule from="^https?://www\.japantimes\.co\.jp/images/header_title\.gif"
-		to="https://form.japantimes.co.jp/images/header_title.gif" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/The-List.xml b/src/chrome/content/rules/The-List.xml
index 832dafc9a7ce..70a169b32bca 100644
--- a/src/chrome/content/rules/The-List.xml
+++ b/src/chrome/content/rules/The-List.xml
@@ -1,17 +1,36 @@
 <!--
-	Nonfunctional subdomains:
+	The List
 
-		- files		(cert valid; 400)
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- .list.co.uk
+		- shop.list.co.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="The List (partial)">
+<ruleset name="List.co.uk">
 
 	<target host="list.co.uk" />
+	<target host="edinburghfestival.list.co.uk" />
+	<target host="files.list.co.uk" />
+	<target host="film.list.co.uk" />
+	<target host="food.list.co.uk" />
+	<target host="shop.list.co.uk" />
 	<target host="www.list.co.uk" />
 
 
-	<!--	!www throws 400 over https.	-->
-	<rule from="^https?://(?:www\.)?list\.co\.uk/"
-		to="https://www.list.co.uk/" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.list\.co\.uk$" name="^(?:COOKIE_NOTICE|JSESSIONID)$" /-->
+	<!--securecookie host="^shop\.list\.co\.uk$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\." name="^(?:COOKIE_NOTICE|JSESSIONID)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/The-Nation.xml b/src/chrome/content/rules/The-Nation.xml
index f3a5afea7ab8..bafb365ad04c 100644
--- a/src/chrome/content/rules/The-Nation.xml
+++ b/src/chrome/content/rules/The-Nation.xml
@@ -1,25 +1,87 @@
+
 <!--
-	s3.amazonaws.com/thenation/
+Disabled by https-everywhere-checker because:
+Fetch error: http://nationbuilders.thenation.com/default.aspx => https://donate.thenation.com/nb-launch-pages/5_2015_nationbuildersmembership/default.aspx: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://donate.thenation.com/ => https://donate.thenation.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://subscribe.thenation.com/ => https://subscribe.thenation.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://nationbuilders.thenation.com/ => https://donate.thenation.com/nb-launch-pages/5_2015_nationbuildersmembership: (28, 'Connection timed out after 20000 milliseconds')
+
+	CDN buckets:
+
+		- s3.amazonaws.com/thenation/
+
+
+	Problematic hosts in *thenation.com:
+
+		- ^ ʳ
+		- activism ¹
+		- nationbuilders ʳ
+
+	¹ Mismatched
+	ʳ Refused, preemptable redirect
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- donate.thenation.com
+		- subscribe.thenation.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css on nationbuilders.thenation.com from static.ning.com *
+
+		- Images, on:
+
+			- nationbuilders.thenation.com from api.ning.com *
+			- www.thenation.com from $self *
+
+		- Bugs, on:
+
+			- www.thenation.com from b.scorecardresearch.com *
+			- www.thenation.com from platform.twitter.com *
+
+	* Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="The Nation">
+<ruleset name="The Nation.com" default_off="failed ruleset test">
 
-	<target host="65.98.18.218" />
+	<!--	Direct rewrites:
+				-->
 	<target host="donate.thenation.com" />
-	<target host="upgnation.com" />
-	<target host="www.upgnation.com" />
+	<target host="subscribe.thenation.com" />
+	<target host="www.thenation.com" />
+
+	<!--	Complications:
+				-->
+	<target host="thenation.com" />
+	<target host="nationbuilders.thenation.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^donate\.thenation\.com$" name="^(?:ASP\.NET_SessionId$|NSC_|VisitorGuid$)" /-->
+	<!--securecookie host="^subscribe\.thenation\.com$" name="^JSESSIONID$" /-->
+
+	<securecookie host="^\w" name=".+" />
 
 
-	<securecookie host="^donate\.thenation\.com$" name=".*" />
+	<rule from="^http://thenation\.com/"
+		to="https://www.thenation.com/" />
 
+	<rule from="^http://nationbuilders\.thenation\.com/$"
+		to="https://donate.thenation.com/nb-launch-pages/5_2015_nationbuildersmembership" />
 
-	<rule from="^http://donate\.thenation\.com/"
-		to="https://donate.thenation.com/" />
+	<!--	Redirect keeps all and prepends forward slash:
+								-->
+	<rule from="^http://nationbuilders\.thenation\.com/"
+		to="https://donate.thenation.com/nb-launch-pages/5_2015_nationbuildersmembership/" />
 
-	<rule from="^http://65\.98\.18\.218/"
-		to="https://upgnation.com/" />
+		<test url="http://nationbuilders.thenation.com/default.aspx" />
 
-	<rule from="^http://(www\.)?upgnation\.com/(images/|(?:image|login|register)\.php|skin/|var/)"
-		to="https://$1upgnation.com/$1" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/The-National-Academies-Press.xml b/src/chrome/content/rules/The-National-Academies-Press.xml
index d534f28b22b4..733076401b04 100644
--- a/src/chrome/content/rules/The-National-Academies-Press.xml
+++ b/src/chrome/content/rules/The-National-Academies-Press.xml
@@ -1,4 +1,5 @@
 <!--
+	Disabled per https://trac.torproject.org/projects/tor/ticket/15561
 	Nonfunctional subdomains:
 
 		- (www.)		(times out)
@@ -18,10 +19,14 @@
 		- secure
 
 -->
-<ruleset name="The National Academies Press (partial)">
+<ruleset name="The National Academies Press (partial)" default_off="broken">
 
 	<target host="nap.edu" />
-	<target host="*.nap.edu" />
+	<target host="cart.nap.edu" />
+	<target host="images.nap.edu" />
+	<target host="www.nap.edu" />
+	<target host="download.nap.edu" />
+	<target host="secure.nap.edu" />
 
 
 	<securecookie host="^download\.nap\.edu$" name=".+" />
@@ -32,7 +37,6 @@
 	<rule from="^http://(?:cart\.|images\.|www\.)?nap\.edu/"
 		to="https://cart.nap.edu/" />
 
-	<rule from="^http://(download|secure)\.nap\.edu/"
-		to="https://$1.nap.edu/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/The-Nature-Conservancy.xml b/src/chrome/content/rules/The-Nature-Conservancy.xml
deleted file mode 100644
index 41385cdd905f..000000000000
--- a/src/chrome/content/rules/The-Nature-Conservancy.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)	(Akamai; 302s to http)
-		- my
-
--->
-<ruleset name="The Nature Conservancy (partial)">
-
-	<target host="*.nature.org" />
-
-
-	<securecookie host="^shop\.nature\.org$" name=".*" />
-
-
-	<rule from="^http://shop\.nature\.org/"
-		to="https://shop.nature.org/" />
-
-	<rule from="^http://support\.nature\.org/images/"
-		to="https://support.nature.org/images/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/The-New-Yorker.xml b/src/chrome/content/rules/The-New-Yorker.xml
index 7d05ed94e4dd..ec7a6764cbed 100644
--- a/src/chrome/content/rules/The-New-Yorker.xml
+++ b/src/chrome/content/rules/The-New-Yorker.xml
@@ -1,28 +1,71 @@
 <!--
 	For other Condé Nast coverage, see Conde-Nast.xml.
 
+	Non-functional hosts
+		Couldn't connect to server:
+			 - boards.newyorker.com
+			 - conference.newyorker.com
+			 - dev.newyorker.com
+			 - feeds.newyorker.com
+			 - give.newyorker.com
+			 - iphone.newyorker.com
+			 - legacy.newyorker.com
+			 - m.newyorker.com
+			 - meter-stg.newyorker.com
+			 - meter-www.newyorker.com
+			 - pay.newyorker.com
+			 - www.pay.newyorker.com
+			 - politics.newyorker.com
+			 - prd.newyorker.com
+			 - renew.newyorker.com
+			 - www.renew.newyorker.com
+			 - secure.newyorker.com
+			 - sponsor.newyorker.com
+			 - techfest-stg.newyorker.com
+			 - video.newyorker.com
+			 - origin.www.newyorker.com
 
-	CDN buckets:
+		Timeout was reached:
+			 - contest.newyorker.com
+			 - festival.newyorker.com
+			 - info.newyorker.com
+			 - random.newyorker.com
+			 - sitelife.newyorker.com
+			 - stage.subscribe.newyorker.com
 
-		- www.newyorker.com.edgesuite.net
+		SSL peer certificate was not OK:
+			 - archives.newyorker.com
+			 - images.archives.newyorker.com
+			 - li.newyorker.com
+			 - sstats2.newyorker.com
+			 - stats2.newyorker.com
 
+		Peer certificate cannot be authenticated with given CA certificates:
+			 - documents.newyorker.com
+
+		Status code mismatch:
+			 - result.newyorker.com
+
+		4xx client error:
+			 - downloads.newyorker.com
+			 - event.newyorker.com
+			 - projects-stg.newyorker.com
 -->
 <ruleset name="The New Yorker (partial)">
-
 	<target host="newyorker.com" />
-	<target host="*.newyorker.com" />
-
-
-	<!--	secure... redirects to http:
-
-		- epicenter/wp-content/
-		- images_blogs/
-		- opinion/wp-content/
-					-->
-	<rule from="^https?://(?:www\.)?newyorker\.com/(appjs/stats/|online/blogs/[\w-]+/[\w-]+\.(?:jp|pn)g(?:$|\?)|css/|images/|js/|favicon\.ico$|sandbox/)"
-		to="https://secure.newyorker.com/$1" />
-
-	<rule from="^http://(result|secure)\.newyorker\.com/"
-		to="https://$1.newyorker.com/" />
+	<target host="www.newyorker.com" />
+	<target host="account.newyorker.com" />
+	<target host="account-stg.newyorker.com" />
+	<target host="ap-prod.newyorker.com" />
+	<target host="media.newyorker.com" />
+		<test url="http://media.newyorker.com/photos/59097d0bebe912338a3789ca/4:3/w_280,c_limit/620623_r29079.jpg" />
+	<target host="paidpost.newyorker.com" />
+	<target host="projects.newyorker.com" />
+	<target host="sstats.newyorker.com" />
+	<target host="stg.newyorker.com" />
+	<target host="subscribe.newyorker.com" />
+	<target host="subscriptions.newyorker.com" />
+	<target host="techfest.newyorker.com" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/The-Next-Web.xml b/src/chrome/content/rules/The-Next-Web.xml
index b431aae48515..07d1e29f7bbb 100644
--- a/src/chrome/content/rules/The-Next-Web.xml
+++ b/src/chrome/content/rules/The-Next-Web.xml
@@ -27,10 +27,18 @@
 		- jobs		(works, mismatched, CN: my.zartis.com)
 
 -->
-<ruleset name="The Next Web (partial)">
+<ruleset name="The Next Web.com (partial)">
 
 	<target host="thenextweb.com" />
-	<target host="*.thenextweb.com" />
+	<target host="fr.thenextweb.com" />
+	<target host="nl.thenextweb.com" />
+	<target host="pl.thenextweb.com" />
+	<target host="ru.thenextweb.com" />
+	<target host="www.thenextweb.com" />
+	<target host="cdn.thenextweb.com" />
+	<target host="deals.thenextweb.com" />
+	<target host="guides.thenextweb.com" />
+	<target host="jobs.thenextweb.com" />
 
 
 	<!--	At least some pages redirect to http.
@@ -41,13 +49,16 @@
 		to="https://$1thenextweb.com/$2/" />
 
 	<!--	Cert: *.netdna-ssl.com; 404	-->
-	<rule from="^https?://cdn\.thenextweb\.com/"
+	<rule from="^http://cdn\.thenextweb\.com/"
 		to="https://thenextweb.com/" />
 
-	<rule from="^https?://guides\.thenextweb\.com/(av|cs|image)s/"
+	<rule from="^http://deals\.thenextweb\.com/"
+		to="https://deals.thenextweb.com/" />
+
+	<rule from="^http://guides\.thenextweb\.com/(av|cs|image)s/"
 		to="https://tnextw.accel.io/$1s/" />
 
-	<rule from="^https?://jobs\.thenextweb\.com/(Areas|Content|i)/"
+	<rule from="^http://jobs\.thenextweb\.com/(Areas|Content|i)/"
 		to="https://my.zartis.com/$1/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/The-Open-Group.xml b/src/chrome/content/rules/The-Open-Group.xml
deleted file mode 100644
index 81da1869cb40..000000000000
--- a/src/chrome/content/rules/The-Open-Group.xml
+++ /dev/null
@@ -1,37 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- $	(redirects to www3)
-		- pubs	(redirects to http)
-		- www	($ redirects to https://www2.opengroup.org/josso/signon/login.do...)
-		- www3	(ditto)
-
-
-	Problematic subdomains:
-
-		- blog	(wordpress)
-
-
-	Fully covered subdomains:
-
-		- sso
-		- www6
-
--->
-<ruleset name="The Open Group (partial)">
-
-	<target host="opengroup.org" />
-	<target host="*.opengroup.org" />
-		<!--
-			See above
-					-->
-		<exclusion pattern="^http://(?:www3?\.)?opengroup\.org/+(?!austin(?:$|[?/])|images/|onlinepubs/|sites/|stylesheets/)" />
-
-
-	<securecookie host="^(?:sso|www2)\.opengroup\.org$" name=".*" />
-
-
-	<rule from="^http://(sso\.|www[236]?\.)?opengroup\.org/"
-		to="https://$1opengroup.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/The-Public-Index.xml b/src/chrome/content/rules/The-Public-Index.xml
index 834cd83a5879..410880e7f917 100644
--- a/src/chrome/content/rules/The-Public-Index.xml
+++ b/src/chrome/content/rules/The-Public-Index.xml
@@ -2,11 +2,12 @@
 
 	<!--	Cert:	LiquidNet Ltd	-->
 	<target host="thepublicindex.org" />
-	<target host="*.thepublicindex.org" />
+	<target host="blog.thepublicindex.org" />
+	<target host="www.thepublicindex.org" />
 
 
 	<!--	www 301s to !www	-->
-	<rule from="^https?://(?:(blog\.)|www\.)?thepublicindex\.org/"
+	<rule from="^http://(?:(blog\.)|www\.)?thepublicindex\.org/"
 		to="https://$1thepublicindex.org/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/The-Republic.xml b/src/chrome/content/rules/The-Republic.xml
index 4fdef3848bbe..d299424f04bd 100644
--- a/src/chrome/content/rules/The-Republic.xml
+++ b/src/chrome/content/rules/The-Republic.xml
@@ -14,7 +14,7 @@
 
 
 	<!--	Akamai, 403	-->
-	<rule from="^https?://cdn\.therepublic\.com/"
+	<rule from="^http://cdn1\.therepublic\.com/"
 		to="https://c348471.ssl.cf1.rackcdn.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/The-Santa-Fe-New-Mexican.xml b/src/chrome/content/rules/The-Santa-Fe-New-Mexican.xml
index 0673830ace38..70b94dcb083a 100644
--- a/src/chrome/content/rules/The-Santa-Fe-New-Mexican.xml
+++ b/src/chrome/content/rules/The-Santa-Fe-New-Mexican.xml
@@ -1,4 +1,4 @@
-<ruleset name="The Santa Fe New Mexican" default_off="mismatch">
+<ruleset name="The Santa Fe New Mexican" default_off="mismatched">
 
 	<target host="santafenewmexican.com" />
 	<target host="www.santafenewmexican.com" />
@@ -9,7 +9,7 @@
 
 	<!--	Cert: *.mediaspanonline.com
 						-->
-	<rule from="^https?://(?:www\.)?santafenewmexican\.com/"
+	<rule from="^http://(?:www\.)?santafenewmexican\.com/"
 		to="https://www.santafenewmexican.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/The-Shmoo-Group.xml b/src/chrome/content/rules/The-Shmoo-Group.xml
deleted file mode 100644
index 745e6fa92cb2..000000000000
--- a/src/chrome/content/rules/The-Shmoo-Group.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<!--
-	Other Shmoo Group rulesets:
-
-		- ShmooCon.xml
-
-
-	Nonfunctional subdomains:
-
-		- (www.)	(cert: www.shmoocon.org, expired; shows an old version of that domain)
-
--->
-<ruleset name="The Shmoo Group (partial)" platform="cacert" default_off="expired">
-
-	<target host="*.shmoo.com" />
-		<!--
-			301s to http.
-					-->
-		<exclusion pattern="^http://lists\.shmoo.com/pipermail" />
-
-
-	<rule from="^http://(imap|lists|maxx)\.shmoo\.com/"
-		to="https://$1.shmoo.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/The-Skynet-Project.xml b/src/chrome/content/rules/The-Skynet-Project.xml
index 9491b636d12d..48d4bb770ff4 100644
--- a/src/chrome/content/rules/The-Skynet-Project.xml
+++ b/src/chrome/content/rules/The-Skynet-Project.xml
@@ -1,4 +1,16 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://skynet.ie/ => https://skynet.ie/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://anyterm.skynet.ie/ => https://anyterm.skynet.ie/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://webirc.skynet.ie/ => https://webirc.skynet.ie/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://webmail.skynet.ie/ => https://webmail.skynet.ie/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://wiki.skynet.ie/ => https://wiki.skynet.ie/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.skynet.ie/ => https://www.skynet.ie/: (60, 'SSL certificate problem: certificate has expired')
+
+	The Skynet Project
+
+
 	Nonfunctional subdomains:
 
 		- lists		(refused)
@@ -18,16 +30,22 @@
 		- wiki
 
 -->
-<ruleset name="The Skynet Project">
+<ruleset name="Skynet.ie" default_off="failed ruleset test">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="skynet.ie" />
-	<target host="*.skynet.ie" />
+	<target host="anyterm.skynet.ie" />
+	<target host="webirc.skynet.ie" />
+	<target host="webmail.skynet.ie" />
+	<target host="wiki.skynet.ie" />
+	<target host="www.skynet.ie" />
 
 
 	<securecookie host="^\.?webmail\.skynet\.ie$" name=".+" />
 
 
-	<rule from="^http://((?:anyterm|webirc|webmail|wiki|www)\.)?skynet\.ie/"
-		to="https://$1skynet.ie/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/The-Teaching-Company.xml b/src/chrome/content/rules/The-Teaching-Company.xml
index 4758bdd90753..dddefa0e5c72 100644
--- a/src/chrome/content/rules/The-Teaching-Company.xml
+++ b/src/chrome/content/rules/The-Teaching-Company.xml
@@ -3,7 +3,6 @@
 	<target host="secureimages.teach12.com" />
 
 
-	<rule from="^http://secureimages\.teach12\.com/"
-		to="https://secureimages.teach12.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/The-Vault-Bar.xml b/src/chrome/content/rules/The-Vault-Bar.xml
index 584a836cb32e..47eb79bcfe25 100644
--- a/src/chrome/content/rules/The-Vault-Bar.xml
+++ b/src/chrome/content/rules/The-Vault-Bar.xml
@@ -5,10 +5,10 @@
 	<target host="www.thevaultbar.co.uk" />
 
 
-	<securecookie host="^thevaultbar\.co\.uk$" name=".*" />
+	<securecookie host="^thevaultbar\.co\.uk$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?thevaultbar\.co\.uk/"
+	<rule from="^http://(?:www\.)?thevaultbar\.co\.uk/"
 		to="https://thevaultbar.co.uk/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/The-Verge.xml b/src/chrome/content/rules/The-Verge.xml
index bdf8964a325b..982feff2bc17 100644
--- a/src/chrome/content/rules/The-Verge.xml
+++ b/src/chrome/content/rules/The-Verge.xml
@@ -1,35 +1,19 @@
 <!--
-	Other Vox Media rulesets:
-
-		- SB-Nation.xml
-
-
-	CDN buckets:
-
-		- d35lb3dl296zwu.cloudfront.net
+For other Vox Media coverage, see Vox.com.xml.
 
+Timeout:
+	mobile.theverge.com
+	status.theverge.com
 -->
-<ruleset name="The Verge (buggy)" default_off="breaks comments">
-
-	<target host="theverge.com" />
-	<target host="*.theverge.com" />
-		<!--
-			Redrects to http.
-						-->
-		<exclusion pattern="^http://(?:www\.)?theverge\.com/(?:\w+/)?\d{4}/\d\d?/\d\d?/\d+/[\w-]+(?:$|\?)" />
-
-
-	<!--	Set by beacons.
-				-->
-	<securecookie host="^.*\.theverge\.com$" name=".+" />
-
-
-	<!--	Doesn't redirect back, but updates fail to load when rewritten.
-
-	<rule from="https?://live\.theverge\.com/"
-		to="https://d35lb3dl296zwu.cloudfront.net/" /-->
-
-	<rule from="^http://(mobile\.|www\.)?theverge\.com/"
-		to="https://$1theverge.com/" />
-
+<ruleset name="The Verge.com">
+	<target host="theverge.com"/>
+	<target host="www.theverge.com"/>
+	<target host="live.theverge.com"/>
+	<target host="mobile.theverge.com"/>
+	<target host="status.theverge.com"/>
+	<target host="store.theverge.com"/>
+
+	<rule from="^http://mobile\.theverge\.com/" to="https://www.theverge.com/" />
+	<rule from="^http://status\.theverge\.com/" to="https://voxmedia.statuspage.io/" />
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/The-Washington-Examiner.xml b/src/chrome/content/rules/The-Washington-Examiner.xml
deleted file mode 100644
index 0176c214a002..000000000000
--- a/src/chrome/content/rules/The-Washington-Examiner.xml
+++ /dev/null
@@ -1,34 +0,0 @@
-<!--
-	CDN buckets:
-
-		- d1j4hw6rcy3g1h.cloudfront.net
-
-			- cdn.washingtonexaminer.biz
-
-
-	Nonfunctional subdomains:
-
-		- (www.) *
-		- campaign2012 *
-		- events		(shows amstarcinemas.com; mismatched, CN: thegrandtheatre.com)
-
-	* Times out
-
-
-	Problematic domains:
-
-		- community.washingtonexaminer.com	(wpengine)
-		- newsletters.washingtonexaminer.com *
-
-	* wpengine
-
--->
-<ruleset name="The Washington Examiner (partial)">
-
-	<target host="cdn.washingtonexaminer.biz" />
-
-
-	<rule from="^http://cdn\.washingtonexaminer\.biz/"
-		to="https://d1j4hw6rcy3g1h.cloudfront.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/The-Wrap.xml b/src/chrome/content/rules/The-Wrap.xml
index abed9402eaae..bc258593288e 100644
--- a/src/chrome/content/rules/The-Wrap.xml
+++ b/src/chrome/content/rules/The-Wrap.xml
@@ -1,4 +1,6 @@
 <!--
+Automatically by https-everywhere-checker because:
+Fetch error: http://thewrap.com/ => https://www.thewrap.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.thewrap.com'")
 	Nonfunctional domains:
 
 		- (www.)itsonthegrid.com *
@@ -26,7 +28,8 @@
 <ruleset name="The Wrap (partial) ">
 
 	<target host="thewrap.com"/>
-	<target host="*.thewrap.com"/>
+	<target host="drupal.thewrap.com" />
+	<target host="www.thewrap.com" />
 
 
 	<!--	Tracking cookies:
diff --git a/src/chrome/content/rules/The-digital-picture.com.xml b/src/chrome/content/rules/The-digital-picture.com.xml
new file mode 100644
index 000000000000..4e1ac3357816
--- /dev/null
+++ b/src/chrome/content/rules/The-digital-picture.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="The-digital-picture.com">
+	<target host="the-digital-picture.com" />
+	<target host="www.the-digital-picture.com" />
+
+	<target host="community.the-digital-picture.com" />
+	<target host="media.the-digital-picture.com" />
+	<target host="rs-stripe.the-digital-picture.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/The.Ismaili.xml b/src/chrome/content/rules/The.Ismaili.xml
new file mode 100644
index 000000000000..1362111c9ca0
--- /dev/null
+++ b/src/chrome/content/rules/The.Ismaili.xml
@@ -0,0 +1,9 @@
+<!--
+	See also TheIsmaili.org.xml
+
+-->
+<ruleset name="The.Ismaili">
+	<target host="the.ismaili" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TheAA.xml b/src/chrome/content/rules/TheAA.xml
index f28381fbce60..41f5482ac93f 100644
--- a/src/chrome/content/rules/TheAA.xml
+++ b/src/chrome/content/rules/TheAA.xml
@@ -2,5 +2,5 @@
   <target host="theaa.com" />
   <target host="www.theaa.com" />
 
-  <rule from="^http://(?:www\.)?theaa\.com/" to="https://www.theaa.com/"/>
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/TheAnarchistLibrary.org.xml b/src/chrome/content/rules/TheAnarchistLibrary.org.xml
new file mode 100644
index 000000000000..0590d807499e
--- /dev/null
+++ b/src/chrome/content/rules/TheAnarchistLibrary.org.xml
@@ -0,0 +1,28 @@
+<!--
+	Problematic subdomains:
+
+	- sr.theanarchistlibrary.org *
+	- mk.theanarchistlibrary.org *
+
+	* Mismatched
+-->
+<ruleset name="TheAnarchistLibrary.org">
+	<target host="theanarchistlibrary.org" />
+	<target host="bookshelf.theanarchistlibrary.org" />
+	<target host="fi.theanarchistlibrary.org" />
+	<target host="ru.theanarchistlibrary.org" />
+	<target host="es.theanarchistlibrary.org" />
+	<target host="sv.theanarchistlibrary.org" />
+	<target host="da.theanarchistlibrary.org" />
+	<target host="fr.theanarchistlibrary.org" />
+	<target host="www.theanarchistlibrary.org" />
+	<target host="www.anarhisticka-biblioteka.org" />
+	<target host="anarhisticka-biblioteka.org" />
+	<target host="anarchistischebibliothek.org" />
+	<target host="www.anarchistischebibliothek.org" />
+	<target host="anarhisticka-biblioteka.net" />
+	<target host="www.anarhisticka-biblioteka.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
+
diff --git a/src/chrome/content/rules/TheArchive.me.xml b/src/chrome/content/rules/TheArchive.me.xml
new file mode 100644
index 000000000000..5b3d61d7cb04
--- /dev/null
+++ b/src/chrome/content/rules/TheArchive.me.xml
@@ -0,0 +1,8 @@
+<ruleset name="TheArchive.me">
+    <target host="thearchive.me" />
+    <target host="www.thearchive.me" />
+
+	<securecookie host=".+" name=".+" />
+
+    <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TheBabushkasOfChernobyl.com.xml b/src/chrome/content/rules/TheBabushkasOfChernobyl.com.xml
new file mode 100644
index 000000000000..ec5b775242a6
--- /dev/null
+++ b/src/chrome/content/rules/TheBabushkasOfChernobyl.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="TheBabushkasOfChernobyl.com">
+	<target host="thebabushkasofchernobyl.com" />
+	<target host="www.thebabushkasofchernobyl.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TheBanners.uk.xml b/src/chrome/content/rules/TheBanners.uk.xml
new file mode 100644
index 000000000000..71af903075fb
--- /dev/null
+++ b/src/chrome/content/rules/TheBanners.uk.xml
@@ -0,0 +1,8 @@
+<ruleset name="TheBanners.uk">
+	<target host="thebanners.uk" />
+	<target host="www.thebanners.uk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TheBookDepository.xml b/src/chrome/content/rules/TheBookDepository.xml
deleted file mode 100644
index 308921a252c2..000000000000
--- a/src/chrome/content/rules/TheBookDepository.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="The Book Depository" platform="mixedcontent">
-  <target host="bookdepository.co.uk" />
-  <target host="*.bookdepository.co.uk" />
-  <target host="bookdepository.com" />
-  <target host="*.bookdepository.com" />
-
-  <rule from="^http://bookdepository\.(co\.uk|com)/" to="https://bookdepository.$1/" />
-  <rule from="^http://(cache0|cache1|cache2|cache3|images|www)\.bookdepository\.(co\.uk|com)/" to="https://$1.bookdepository.$2/" />
-</ruleset>
diff --git a/src/chrome/content/rules/TheBookPeople.xml b/src/chrome/content/rules/TheBookPeople.xml
index 377d0a9e94b8..e218421b2ced 100644
--- a/src/chrome/content/rules/TheBookPeople.xml
+++ b/src/chrome/content/rules/TheBookPeople.xml
@@ -5,4 +5,4 @@
 
   <rule from="^http://(?:www\.)?thebookpeople\.co\.uk/" to="https://www.thebookpeople.co.uk/" />
   <rule from="^http://images\.thebookpeople\.co\.uk/" to="https://images.thebookpeople.co.uk/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/TheChronicleHerald.ca.xml b/src/chrome/content/rules/TheChronicleHerald.ca.xml
new file mode 100644
index 000000000000..1fcd1c2afd20
--- /dev/null
+++ b/src/chrome/content/rules/TheChronicleHerald.ca.xml
@@ -0,0 +1,21 @@
+<!--
+	Connection refused:
+		- cream.thechronicleherald.ca
+		- navigatens.thechronicleherald.ca
+
+	Invalid certificate:
+		- local.thechronicleherald.ca
+		- m.thechronicleherald.ca
+		- weatherbyday.thechronicleherald.ca
+-->
+
+<ruleset name="TheChronicleHerald.ca" platform="mixedcontent">
+	<target host="thechronicleherald.ca" />
+	<target host="www.thechronicleherald.ca" />
+	<target host="accountservices.thechronicleherald.ca" />
+	<target host="enewsletter.thechronicleherald.ca" />
+	<target host="myherald.thechronicleherald.ca" />
+	<target host="shop.thechronicleherald.ca" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TheChurchofJesusChristofLatterdaySaints.xml b/src/chrome/content/rules/TheChurchofJesusChristofLatterdaySaints.xml
deleted file mode 100644
index 3be6a0854512..000000000000
--- a/src/chrome/content/rules/TheChurchofJesusChristofLatterdaySaints.xml
+++ /dev/null
@@ -1,102 +0,0 @@
-<!--
- (The following is removed when the extention is built,
- allowing for notes to be viewed by other devs without 
- cluttering up the final ruleset file.)
- 
- === About ===
- 
- Secures connections to lds.org (and ldscdn.org), the official
- site of The Church of Jesus Christ of Latter-day Saints,
- also known as the 'LDS Church' or 'Mormon Church'.
- 
- As to the choice of the ruleset name, the Church prefers
- that people refer to them by their actual name and not 
- their nickname(s). This is just for future reference.
- 
- Refer to http://newsroom.lds.org/style-guide
- 
- === Notes ===
- 
- These sites appear okay:
-  tech.lds.org
-  history.lds.org
-  store.lds.org
-  institute.lds.org (just need iperceptions ruleset for full encypt)
-  seminary.lds.org  (same as above)
-  ldsces.org  (will do later, see below)
-  
- The following sites redirect to already https supported site:
-  feeds.lds.org      	> google feedburner
-  broadcast.lds.org  	> to http://lds.org/broadcast
-  clerk.lds.org      	> http://lds.org/ldsorg/v/index.jsp...
-  scriptures.lds.org 	> lds.org/scriptures
-  music.lds.org      	> lds.org/music
-  youth.lds.org     	> lds.org/youth
-  new.lds.org			> lds.org
-  (probably more)
- 
- Following ones do not support https:
-  classic.lds.org
-  lds.org/ldsorg/... This is just the classic.lds.org under a 
-    different path. For example, the following fails to load:
-    https://lds.org/ldsorg/v/index.jsp?locale=0&vgnextoid=22dfd7256ec8b010VgnVCM1000004d82620aRCRD
-  jesuschrist.lds.org
- 
- Already forces encryption:
-  secure.lds.org
-  cdol.lds.org
- 
- ldscdn that work under https:
-  media.ldscdn.org
-  edge.ldscdn.org
-  ldscdn.org
-
- ldscdn that did not work:
-  media2.ldscdn.org    invalid cert (a248.e.akamai.net)
-
-
-
-ldsces.org - Try out at a later time
-<target host="ldsces.org"/>
-<rule from="^https?://(?:www\.)?ldsces\.org/" to="https://ldsces.org/"/>
-
--->
-
-<ruleset name="The Church of Jesus Christ of Latter-day Saints" platform="mixedcontent">
-
-<target host="history.lds.org"/>
-<target host="store.lds.org"/>
-<target host="tech.lds.org"/>
-<target host="www.lds.org"/>
-<target host="lds.org"/>
-<!--
-Incomplete encryption without iPerceptions ruleset:
--->
-<target host="institute.lds.org"/>
-<target host="seminary.lds.org"/>
-
-<target host="edge.ldscdn.org"/>
-<target host="media.ldscdn.org"/>
-<target host="www.ldscdn.org"/>
-<target host="ldscdn.org"/>
-
-<!--
-This excludes http://lds.org/ldsorg/... (classic.lds.org) from using
-https, as some of it pages cannot be loaded (see above)
--->
-<exclusion pattern="^http://lds\.org/ldsorg"/>
-
-<!--
-Secure the cookies for the above sites (only)
--->
-<securecookie host="^(.*\.)?lds\.org$" name=".*"/>
-<securecookie host="^(.*\.)?ldscdn\.org$" name=".*"/>
-
-
-<rule from="^http://(?:www\.)?lds\.org/" to="https://www.lds.org/"/>
-<rule from="^http://(history|store|tech|institute|seminary)\.lds\.org/" to="https://$1.lds.org/"/>
-
-<rule from="^http://(?:www\.)?ldscdn\.org/" to="https://www.ldscdn.org/"/>
-<rule from="^http://(edge|media)\.ldscdn\.org/" to="https://$1.ldscdn.org/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/TheCityUK.xml b/src/chrome/content/rules/TheCityUK.xml
index c03e894d12d8..021558ee7dc7 100644
--- a/src/chrome/content/rules/TheCityUK.xml
+++ b/src/chrome/content/rules/TheCityUK.xml
@@ -11,7 +11,6 @@
 	<securecookie host="^www\.thecityuk\.com$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?thecityuk\.com/"
-		to="https://www.thecityuk.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/TheClaroGroup.com.xml b/src/chrome/content/rules/TheClaroGroup.com.xml
new file mode 100644
index 000000000000..5df0e50519d5
--- /dev/null
+++ b/src/chrome/content/rules/TheClaroGroup.com.xml
@@ -0,0 +1,27 @@
+<!--
+	^.theclarogroup.com does not exist.
+
+	Refused:
+		- autodiscover
+
+	Connection reset:
+		- webserver
+
+	Connection closed:
+		- ftp
+
+	Mismatched:
+		- ironport
+
+	Self-signed:
+		- sqlserver
+
+	Incomplete certificate chain:
+		- cameo
+-->
+<ruleset name="TheClaroGroup.com (partial)">
+	<target host="www.theclarogroup.com" />
+	<target host="adfs.theclarogroup.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TheDailyWTF.com.xml b/src/chrome/content/rules/TheDailyWTF.com.xml
new file mode 100644
index 000000000000..df6df8a023fb
--- /dev/null
+++ b/src/chrome/content/rules/TheDailyWTF.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Timeout:
+		- live
+
+	Mismatched:
+		- www (fixed by this ruleset)
+		- forums (fixed by this ruleset)
+		- img
+		- omg
+		- cms.omg2
+-->
+<ruleset name="TheDailyWTF.com">
+	<target host="thedailywtf.com" />
+	<target host="www.thedailywtf.com" />
+	<target host="forums.thedailywtf.com" />
+	<target host="omg2.thedailywtf.com" />
+	<target host="what.thedailywtf.com" />
+
+	<rule from="^http://forums\.thedailywtf\.com/"
+		to="https://what.thedailywtf.com/" />
+
+	<rule from="^http://www\.thedailywtf\.com/"
+		to="https://thedailywtf.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TheDenverChannel.com.xml b/src/chrome/content/rules/TheDenverChannel.com.xml
deleted file mode 100644
index 836e16a9d873..000000000000
--- a/src/chrome/content/rules/TheDenverChannel.com.xml
+++ /dev/null
@@ -1,36 +0,0 @@
-<!--
-	For other Other E. W. Scripps Company coverage, see EW-Scripps-Company.xml.
-
-
-	CDN buckets:
-
-		- media.endplay.com.edgesuite.net
-
-			- a1168.g2.akamai.net
-			- media.thedenverchannel.com
-
-		- www2.myfox.com.edgesuite.net
-
-			- www.thedenverchannel.com
-
-
-	Nonfunctional subdomains:
-
-		- ^	(refused)
-		- www	("Temporarily Down For Maintenance", akamai)
-
-
-	Fully covered subdomains:
-
-		- media		(→ akamai)
-
--->
-<ruleset name="TheDenverChannel.com (partial)">
-
-	<target host="media.thedenverchannel.com" />
-
-
-	<rule from="^http://media\.thedenverchannel\.com/"
-		to="https://a248.e.akamai.net/f/1168/4549/9d/media.thedenverchannel.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/TheDiplomat.com.xml b/src/chrome/content/rules/TheDiplomat.com.xml
new file mode 100644
index 000000000000..32b85a72c6a8
--- /dev/null
+++ b/src/chrome/content/rules/TheDiplomat.com.xml
@@ -0,0 +1,11 @@
+<ruleset name="The Diplomat.com">
+	<target host="thediplomat.com" />
+	<target host="www.thediplomat.com" />
+	<target host="apac2020.thediplomat.com" />
+	<target host="magazine.thediplomat.com" />
+	<target host="manage.thediplomat.com" />
+	<target host="sv1.thediplomat.com" />
+	<target host="sv2.thediplomat.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TheDocumentFoundation.xml b/src/chrome/content/rules/TheDocumentFoundation.xml
deleted file mode 100644
index 8acc9d5d094f..000000000000
--- a/src/chrome/content/rules/TheDocumentFoundation.xml
+++ /dev/null
@@ -1,27 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- nabble	(refused)
-
-
-	Problematic subdomains:
-
-		- blog		(wordpress)
-
--->
-<ruleset name="The Document Foundation">
-
-	<target host="documentfoundation.org" />
-	<target host="*.documentfoundation.org" />
-
-
-	<securecookie host="^www\.documentfoundation\.org$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?documentfoundation\.org/"
-		to="https://www.documentfoundation.org/" />
-
-	<rule from="^http://(download|piwik)\.documentfoundation\.org/"
-		to="https://$1.documentfoundation.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/TheDogBowl.ca.xml b/src/chrome/content/rules/TheDogBowl.ca.xml
new file mode 100644
index 000000000000..597526754863
--- /dev/null
+++ b/src/chrome/content/rules/TheDogBowl.ca.xml
@@ -0,0 +1,12 @@
+<ruleset name="TheDogBowl.ca">
+	<target host="thedogbowl.ca" />
+	<target host="www.thedogbowl.ca" />
+	<target host="cpanel.thedogbowl.ca" />
+	<target host="mail.thedogbowl.ca" />
+	<target host="solyogaretreats.thedogbowl.ca" />
+	<target host="webdisk.thedogbowl.ca" />
+	<target host="webmail.thedogbowl.ca" />
+	<target host="www.solyogaretreats.thedogbowl.ca" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TheEpochTimes.com.xml b/src/chrome/content/rules/TheEpochTimes.com.xml
new file mode 100644
index 000000000000..9fbb88843f92
--- /dev/null
+++ b/src/chrome/content/rules/TheEpochTimes.com.xml
@@ -0,0 +1,19 @@
+<!--
+	Other Epoch Times releated rulesets:
+		+ EpochTimes.com.xml
+-->
+<ruleset name="TheEpochTimes.com (partial)">
+	<target host="theepochtimes.com" />
+	<target host="www.theepochtimes.com" />
+	<target host="es.theepochtimes.com" />
+	<target host="img.theepochtimes.com" />
+	<test url="http://img.theepochtimes.com/assets/uploads/2019/12/14/wang-yi-205x123.jpg" />
+	<target host="kr.theepochtimes.com" />
+	<target host="kr-mb.theepochtimes.com" />
+	<target host="m.theepochtimes.com" />
+	<target host="subscribe.theepochtimes.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TheEroticReview.xml b/src/chrome/content/rules/TheEroticReview.xml
index 81a32b04c4b8..4e1bf53762c8 100644
--- a/src/chrome/content/rules/TheEroticReview.xml
+++ b/src/chrome/content/rules/TheEroticReview.xml
@@ -2,8 +2,8 @@
     <target host="www.theeroticreview.com" />
     <target host="theeroticreview.com" />
 
-    <rule from="^http://(?:www\.)?theeroticreview\.com/" to="https://www.theeroticreview.com/" />
+    <rule from="^http:" to="https:" />
 
-    <securecookie host="^theeroticreview\.com$" name=".*" />
-    <securecookie host="^www\.theeroticreview\.com$" name=".*" />
+    <securecookie host="^theeroticreview\.com$" name=".+" />
+    <securecookie host="^www\.theeroticreview\.com$" name=".+" />
 </ruleset>
diff --git a/src/chrome/content/rules/TheFNF.org.xml b/src/chrome/content/rules/TheFNF.org.xml
new file mode 100644
index 000000000000..55a5b936ae63
--- /dev/null
+++ b/src/chrome/content/rules/TheFNF.org.xml
@@ -0,0 +1,15 @@
+<ruleset name="The FNF.org" default_off="expired">
+
+	<target host="thefnf.org" />
+	<target host="www.thefnf.org" />
+	<target host="commons.thefnf.org" />
+	<target host="lists.thefnf.org" />
+	<target host="staticbits.thefnf.org" />
+	<target host="webstats.thefnf.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TheFader.com.xml b/src/chrome/content/rules/TheFader.com.xml
new file mode 100644
index 000000000000..2dfa08a2a677
--- /dev/null
+++ b/src/chrome/content/rules/TheFader.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Timeout:
+		- mailer
+
+	Mismatched:
+		- advertising
+		- creative
+		- email
+		- images
+
+	HTTP authentication required:
+		- staging
+		- v4
+-->
+<ruleset name="TheFader.com (partial)">
+	<target host="thefader.com" />
+	<target host="www.thefader.com" />
+	<target host="amp.thefader.com" />
+	<target host="amp-staging.thefader.com" />
+	<target host="cms.thefader.com" />
+	<target host="cms-staging.thefader.com" />
+	<target host="shop.thefader.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TheFappening2015.com.xml b/src/chrome/content/rules/TheFappening2015.com.xml
new file mode 100644
index 000000000000..5ded32bf4cac
--- /dev/null
+++ b/src/chrome/content/rules/TheFappening2015.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="TheFappening2015.com" platform="mixedcontent">
+	<target host="thefappening2015.com" />
+	<target host="www.thefappening2015.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TheFappeningBlog.com.xml b/src/chrome/content/rules/TheFappeningBlog.com.xml
new file mode 100644
index 000000000000..171cce8f2343
--- /dev/null
+++ b/src/chrome/content/rules/TheFappeningBlog.com.xml
@@ -0,0 +1,11 @@
+<ruleset name="TheFappeningBlog.com" platform="mixedcontent">
+	<target host="thefappeningblog.com" />
+	<target host="www.thefappeningblog.com" />
+
+	<target host="thefappening.so" />
+	<target host="www.thefappening.so" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TheFashionLaw.com.xml b/src/chrome/content/rules/TheFashionLaw.com.xml
new file mode 100644
index 000000000000..0c7b0a547878
--- /dev/null
+++ b/src/chrome/content/rules/TheFashionLaw.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="TheFashionLaw.com">
+	<target host="thefashionlaw.com" />
+	<target host="www.thefashionlaw.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TheFederalistPapers.org.xml b/src/chrome/content/rules/TheFederalistPapers.org.xml
new file mode 100644
index 000000000000..e78f75909370
--- /dev/null
+++ b/src/chrome/content/rules/TheFederalistPapers.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="The Federalist Papers.org">
+	<target host="thefederalistpapers.org" />
+	<target host="www.thefederalistpapers.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TheFreeDictionary.com.xml b/src/chrome/content/rules/TheFreeDictionary.com.xml
new file mode 100644
index 000000000000..cb70c668f7cb
--- /dev/null
+++ b/src/chrome/content/rules/TheFreeDictionary.com.xml
@@ -0,0 +1,52 @@
+<!--
+	Other related ruleset:
+		- FreeThesaurus.com.xml
+
+
+	Nonfunctional subdomain:
+		- c	(t)
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+
+	Wildcard DNS and cert. Host responds to any subdomain.
+
+-->
+<ruleset name="The Free Dictionary">
+	<target host="thefreedictionary.com" />
+	<target host="*.thefreedictionary.com" />
+
+		<test url="http://acronyms.thefreedictionary.com/" />
+		<test url="http://encyclopedia.thefreedictionary.com/" />
+		<test url="http://encyclopedia2.thefreedictionary.com/" />
+		<test url="http://financial-dictionary.thefreedictionary.com/" />
+		<test url="http://idioms.thefreedictionary.com/" />
+		<test url="http://legal-dictionary.thefreedictionary.com/" />
+		<test url="http://medical-dictionary.thefreedictionary.com/" />
+		<test url="http://secure.thefreedictionary.com/" />
+
+	<target host="tfd.com" />
+	<target host="*.tfd.com" />
+
+		<test url="http://acronyms.tfd.com/" />
+		<test url="http://encyclopedia.tfd.com/" />
+		<test url="http://encyclopedia2.tfd.com/" />
+		<test url="http://financial-dictionary.tfd.com/" />
+		<test url="http://idioms.tfd.com/" />
+		<test url="http://img.tfd.com/" />
+		<test url="http://legal-dictionary.tfd.com/" />
+		<test url="http://medical-dictionary.tfd.com/" />
+
+  	<securecookie host="^www\.thefreedictionary\.com$" name=".+" />
+  	<securecookie host="^www\.tfd\.com$" name=".+" />
+
+	<exclusion pattern="http://c\.thefreedictionary\.com/" />
+
+		<test url="http://c.thefreedictionary.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TheGlobeAndMail.com.xml b/src/chrome/content/rules/TheGlobeAndMail.com.xml
new file mode 100644
index 000000000000..fcd5cc86e6dc
--- /dev/null
+++ b/src/chrome/content/rules/TheGlobeAndMail.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="TheGlobeAndMail.com (partial)">
+	<target host="theglobeandmail.com" />
+	<target host="www.theglobeandmail.com" />
+
+	<securecookie host="^(www\.)?theglobeandmail\.com$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TheGrandTheatre.com.xml b/src/chrome/content/rules/TheGrandTheatre.com.xml
new file mode 100644
index 000000000000..2cc3fc31d2a4
--- /dev/null
+++ b/src/chrome/content/rules/TheGrandTheatre.com.xml
@@ -0,0 +1,16 @@
+<!--
+	SSL failed:
+		espanol.thegrandtheatre.com
+		ftp.thegrandtheatre.com
+	Unable to Connect:
+		autodiscover.thegrandtheatre.com
+-->
+<ruleset name="TheGrandTheatre.com">
+	<target host="thegrandtheatre.com" />
+	<target host="www.thegrandtheatre.com" />
+	<target host="m.thegrandtheatre.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TheGroceryOutlet.ca.xml b/src/chrome/content/rules/TheGroceryOutlet.ca.xml
new file mode 100644
index 000000000000..3f318be7358a
--- /dev/null
+++ b/src/chrome/content/rules/TheGroceryOutlet.ca.xml
@@ -0,0 +1,6 @@
+<ruleset name="TheGroceryOutlet.ca">
+	<target host="thegroceryoutlet.ca" />
+	<target host="www.thegroceryoutlet.ca" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TheGuardian.pe.ca.xml b/src/chrome/content/rules/TheGuardian.pe.ca.xml
new file mode 100644
index 000000000000..37d6e74aafc9
--- /dev/null
+++ b/src/chrome/content/rules/TheGuardian.pe.ca.xml
@@ -0,0 +1,6 @@
+<ruleset name="TheGuardian.pe.ca">
+	<target host="theguardian.pe.ca" />
+	<target host="www.theguardian.pe.ca" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TheHiring.co.xml b/src/chrome/content/rules/TheHiring.co.xml
new file mode 100644
index 000000000000..25e838806276
--- /dev/null
+++ b/src/chrome/content/rules/TheHiring.co.xml
@@ -0,0 +1,6 @@
+<ruleset name="TheHiring.co">
+	<target host="thehiring.co" />
+	<target host="www.thehiring.co" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TheHouseOrgan.xyz.xml b/src/chrome/content/rules/TheHouseOrgan.xyz.xml
new file mode 100644
index 000000000000..6755eba75fbc
--- /dev/null
+++ b/src/chrome/content/rules/TheHouseOrgan.xyz.xml
@@ -0,0 +1,12 @@
+<!--
+	Time out:
+		www.thehouseorgan.xyz
+
+-->
+<ruleset name="TheHouseOrgan.xyz">
+
+	<target host="thehouseorgan.xyz" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TheHubPeople.com.xml b/src/chrome/content/rules/TheHubPeople.com.xml
new file mode 100644
index 000000000000..6eee9ffaa7f8
--- /dev/null
+++ b/src/chrome/content/rules/TheHubPeople.com.xml
@@ -0,0 +1,30 @@
+<!--
+	For other Hubpeople coverage, see hubpeople.com.xml.
+
+	Non-functional hosts
+		SSL connect error:
+		- adult.thehubpeople.com
+		- adult-preview.thehubpeople.com
+		- casual-preview.thehubpeople.com
+		- dating.thehubpeople.com
+		- mail.thehubpeople.com
+		- signup-adult.thehubpeople.com
+		- signup-dating.thehubpeople.com
+		- web1.thehubpeople.com
+		- web2.thehubpeople.com
+
+		SSL peer certificate was not OK:
+		- admin.thehubpeople.com
+		- cdns.thehubpeople.com
+		- dc.thehubpeople.com
+		- dc0.thehubpeople.com
+		- support.thehubpeople.com
+-->
+<ruleset name="TheHubPeople.com">
+	<target host="thehubpeople.com" />
+	<target host="www.thehubpeople.com" />
+	<target host="secure.thehubpeople.com" />
+	<target host="ssl.thehubpeople.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TheHumbleI.com.xml b/src/chrome/content/rules/TheHumbleI.com.xml
new file mode 100644
index 000000000000..5758abd98d8f
--- /dev/null
+++ b/src/chrome/content/rules/TheHumbleI.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="TheHumbleI.com">
+	<target host="thehumblei.com"/>
+	<target host="www.thehumblei.com"/>
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/TheHut.com.xml b/src/chrome/content/rules/TheHut.com.xml
index 18398d35770e..1b36cd7dd2eb 100644
--- a/src/chrome/content/rules/TheHut.com.xml
+++ b/src/chrome/content/rules/TheHut.com.xml
@@ -31,13 +31,13 @@
 	<securecookie host="^tracking\.thehut\.net$" name=".+" />
 
 
-	<rule from="^https?://static\d\.thcdn\.com/"
+	<rule from="^http://static\d\.thcdn\.com/"
 		to="https://thehut.pantherssl.com/" />
 
-	<rule from="^https?://(?:www\.)?thehut\.com/([\w-]+\.info|c-images/|common/|c-scripts/|css/|hutint/)"
+	<rule from="^http://(?:www\.)?thehut\.com/([\w-]+\.info|c-images/|common/|c-scripts/|css/|hutint/)"
 		to="https://www.thehut.com/$1" />
 
 	<rule from="^http://tracking\.thehut\.net/"
 		to="https://tracking.thehut.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/TheIDBandCo.com.xml b/src/chrome/content/rules/TheIDBandCo.com.xml
new file mode 100644
index 000000000000..5cffc3a694fb
--- /dev/null
+++ b/src/chrome/content/rules/TheIDBandCo.com.xml
@@ -0,0 +1,20 @@
+<!--
+	Nonfunctional hosts in *.theidbandco.com:
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+
+        m: health.theidbandco.com
+-->
+<ruleset name="The ID Band Company" platform="mixedcontent">
+	<target host="theidbandco.com" />
+	<target host="www.theidbandco.com" />
+                <test url="http://www.theidbandco.com/About.aspx" />
+                <test url="http://www.theidbandco.com/Terms.aspx" />
+                <test url="http://www.theidbandco.com/Returns.aspx" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TheJournal.ie.xml b/src/chrome/content/rules/TheJournal.ie.xml
index c354e0347b88..ec5557c40d89 100644
--- a/src/chrome/content/rules/TheJournal.ie.xml
+++ b/src/chrome/content/rules/TheJournal.ie.xml
@@ -1,4 +1,11 @@
 <!--
+	Other TheJournal rulesets:
+
+		- dailyedge.ie.xml
+		- jrnl.ie.xml
+		- the42.ie.xml
+
+
 	CDN buckets:
 
 		- cdn.thejournal.ie.s3.amazonaws.com
@@ -9,58 +16,127 @@
 			- s[0-3].thejournal.ie
 
 
-	Problematic domains:
+	Nonfunctional hosts in *thejournal.ie:
+
+		- advertising ᵈ
+
+	ᵈ Dropped
+
 
-		- s[0-3].jrnl.ie	(cloudfront)
-		- static.jrnl.ie	(works; mismatched, CN: *.thejournal.ie)
+	Problematic hosts in thejournal.ie:
 
-		 thejournal.ie subdomains:
+		- ^ ᵐ
+		- businessetc ᵐ
+		- cdn		(amazonws)
+		- inside ᵐ
+		- jobs ᵐ
+		- r ᵐ
+		- s[0-3]	(cloudfront)
+		- static ᵐ
+		- thedailyedge ᵐ
+		- thescore ᵐ
 
-			- ^		(times out)
-			- cdn		(amazonws)
-			- jobs		(works; mismatched, CN: *.adverts.ie)
-			- s[0-3]	(cloudfront)
+	ᵐ Mismatched
 
 
-	Fully covered domains:
+	Insecure cookies are set for these domains:
 
-		- s[0-3].jrnl.ie	(→ d1icb8fuiosdrj.cloudfront.net)
-		- static.jrnl.ie	(→ static.thejournal.ie)
+		- .thejournal.ie
 
-		- thejournal.ie subdomains:
 
-			- (www.)	(^ → www)
-			- businessetc
-			- cdn		(→ s3-eu-west-1.amazonaws.com/cdn.thejournal.ie/)
-			- s[0-3]	(→ d1icb8fuiosdrj.cloudfront.net)
-			- static
-			- thedailyedge
-			- thescore
+	Mixed content:
+
+		- Images, on:
+
+			- businessetc, inside, www from static.jrnl.ie ˢ
+			- businessetc, inside, www from c[0123].thejournal.ie ˢ
+			- businessetc, inside, www from f[123].thejournal.ie ˢ
+			- businessetc, inside, www from img2.thejournal.ie ˢ
+			- inside from chart.apis.google.com
+			- inside from cdn.thejournal.ie ˢ
+
+		- Ads/bugs on businessetc, inside, www from b.scorecardresearch.com ˢ
+
+	ˢ Secured by us
 
 -->
 <ruleset name="TheJournal.ie">
 
-	<target host="*.jrnl.ie" />
+	<!--	Direct rewrites:
+				-->
+	<target host="b0.thejournal.ie" />
+	<target host="careers.thejournal.ie" />
+	<target host="c0.thejournal.ie" />
+	<target host="c1.thejournal.ie" />
+	<target host="c2.thejournal.ie" />
+	<target host="c3.thejournal.ie" />
+	<target host="f0.thejournal.ie" />
+	<target host="f1.thejournal.ie" />
+	<target host="f2.thejournal.ie" />
+	<target host="f3.thejournal.ie" />
+	<target host="img0.thejournal.ie" />
+	<target host="img2.thejournal.ie" />
+	<target host="www.thejournal.ie" />
+
+	<!--	Complications:
+				-->
 	<target host="thejournal.ie" />
-	<target host="*.thejournal.ie" />
+	<target host="cdn.thejournal.ie" />
+	<target host="s0.thejournal.ie" />
+	<target host="s1.thejournal.ie" />
+	<target host="s2.thejournal.ie" />
+	<target host="s3.thejournal.ie" />
+	<target host="static.thejournal.ie" />
+	<target host="thedailyedge.thejournal.ie" />
+	<target host="thescore.thejournal.ie" />
 
 
-	<securecookie host="^\.thejournal\.ie$" name=".+" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.thejournal\.ie$" name="^(?:__cfduid|cf_clearance|jSID|notice_cookies)$" /-->
 
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://s\d\.(?:jrn|thejourna)l\.ie/"
-		to="https://d1icb8fuiosdrj.cloudfront.net/" />
 
-	<rule from="^http://static\.jrnl\.ie/"
-		to="https://static.thejournal.ie/" />
+	<!--rule from="^http://[cfs]\d\.(?:jrn|thejourna)l\.ie/"
+		to="https://d1icb8fuiosdrj.cloudfront.net/" /-->
 
-	<rule from="^http://(?:www\.)?thejournal\.ie/"
+	<rule from="^http://thejournal\.ie/"
 		to="https://www.thejournal.ie/" />
 
-	<rule from="^http://(businessetc|thedailyedge|static|thescore)\.thejournal\.ie/"
-		to="https://$1.thejournal.ie/" />
-
 	<rule from="^http://cdn\.thejournal\.ie/"
 		to="https://s3-eu-west-1.amazonaws.com/cdn.thejournal.ie/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http://s\d\.thejournal\.ie/"
+		to="https://d1icb8fuiosdrj.cloudfront.net/" />
+
+	<rule from="^http://static\.thejournal\.ie/"
+		to="https://b0.thejournal.ie/" />
+
+	<rule from="^http://thedailyedge\.thejournal\.ie/"
+		to="https://www.dailyedge.ie/" />
+
+	<!--	Redirect keeps path and args, but not forward slash:
+									-->
+	<rule from="^http://thescore\.thejournal\.ie/+(?=$|\?|.+/(?:$|\?))"
+		to="https://www.the42.ie/" />
+
+		<test url="http://thescore.thejournal.ie/beyonce/news/" />
+		<test url="http://thescore.thejournal.ie/dope/news/" />
+		<test url="http://thescore.thejournal.ie/hawkeye/news/" />
+		<test url="http://thescore.thejournal.ie/naas/news/" />
+
+	<!--	Redirect keeps path, and args, but not forward
+		slash, and appends forward slash after path:
+								-->
+	<rule from="^http://thescore\.thejournal\.ie/+([^?]*)"
+		to="https://www.the42.ie/$1/" />
+
+		<test url="http://thescore.thejournal.ie/my-feed" />
+		<test url="http://thescore.thejournal.ie/rugby" />
+		<test url="http://thescore.thejournal.ie/topic/australia" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TheMuslimTimes.info.xml b/src/chrome/content/rules/TheMuslimTimes.info.xml
new file mode 100644
index 000000000000..f2cf818479e5
--- /dev/null
+++ b/src/chrome/content/rules/TheMuslimTimes.info.xml
@@ -0,0 +1,6 @@
+<ruleset name="TheMuslimTimes.info">
+	<target host="themuslimtimes.info" />
+	<target host="www.themuslimtimes.info" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TheNewPress.com.xml b/src/chrome/content/rules/TheNewPress.com.xml
new file mode 100644
index 000000000000..04189ca3f780
--- /dev/null
+++ b/src/chrome/content/rules/TheNewPress.com.xml
@@ -0,0 +1,11 @@
+<!--
+	Non-HTTPS subdomains:
+		webmail.thenewpress.com
+		dev.thenewpress.com
+-->
+<ruleset name="The New Press">
+	<target host="thenewpress.com" />
+	<target host="www.thenewpress.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TheNewsLens.com.xml b/src/chrome/content/rules/TheNewsLens.com.xml
new file mode 100644
index 000000000000..62f2eee5d56c
--- /dev/null
+++ b/src/chrome/content/rules/TheNewsLens.com.xml
@@ -0,0 +1,69 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://thenewslens.com/ (200) => https://thenewslens.com/ (500)
+Non-2xx HTTP code: http://election.thenewslens.com/ (200) => https://election.thenewslens.com/ (500)
+Non-2xx HTTP code: http://superpost.thenewslens.com/ (200) => https://superpost.thenewslens.com/ (500)
+
+	Non-functional hosts
+		Couldn't resolve host name:
+			 - analytics-test2.thenewslens.com
+			 - www.feed.thenewslens.com
+
+		Couldn't connect to server:
+			 - analytics-db.thenewslens.com
+
+		Timeout was reached:
+			 - image.thenewslens.com
+			 - oldadmin.thenewslens.com
+
+		SSL peer certificate or SSH remote key was not OK:
+			 - aces.thenewslens.com
+			 - aces2016.thenewslens.com
+			 - app.thenewslens.com
+			 - apps.thenewslens.com
+			 - drinkwithmario.thenewslens.com
+			 - election2016.thenewslens.com
+			 - event.thenewslens.com
+			 - eventmaster.thenewslens.com
+			 - forum.thenewslens.com
+			 - gapyear.thenewslens.com
+			 - gapyear2015.thenewslens.com
+			 - legislator.thenewslens.com
+			 - mayorgame.thenewslens.com
+			 - rakuten.thenewslens.com
+
+		Peer certificate cannot be authenticated with given CA certificates:
+			 - widget.thenewslens.com
+
+		Status code mismatch:
+			 - analytics.thenewslens.com
+			 - analytics-test.thenewslens.com
+			 - aws.thenewslens.com
+
+		4xx client error:
+			 - api.thenewslens.com
+			 - greedy-snake.thenewslens.com
+
+		Mixed content blocking (MCB) tiggered:
+			 - test.thenewslens.com
+-->
+<ruleset name="TheNewsLens.com" default_off="failed ruleset test">
+	<target host="thenewslens.com" />
+	<target host="www.thenewslens.com" />
+	<target host="admin.thenewslens.com" />
+	<target host="asean.thenewslens.com" />
+	<target host="editor-static.thenewslens.com" />
+	<target host="election.thenewslens.com" />
+	<target host="everylittled.thenewslens.com" />
+	<target host="fbmonitor.thenewslens.com" />
+	<target host="feed.thenewslens.com" />
+	<target host="hk.thenewslens.com" />
+	<target host="image1.thenewslens.com" />
+	<target host="image2.thenewslens.com" />
+	<target host="image3.thenewslens.com" />
+	<target host="international.thenewslens.com" />
+	<target host="superpost.thenewslens.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TheOJ.org.xml b/src/chrome/content/rules/TheOJ.org.xml
new file mode 100644
index 000000000000..5764889c1b98
--- /dev/null
+++ b/src/chrome/content/rules/TheOJ.org.xml
@@ -0,0 +1,16 @@
+<!--
+	Secure connection failed:
+		blog.joss.theoj.org
+
+-->
+<ruleset name="TheOJ.org">
+
+	<target host="theoj.org" />
+	<target host="www.theoj.org" />
+	<target host="astro.theoj.org" />
+	<target host="jose.theoj.org" />
+	<target host="joss.theoj.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TheOldReader.xml b/src/chrome/content/rules/TheOldReader.xml
index ae46496a03aa..fafcfee04e6c 100644
--- a/src/chrome/content/rules/TheOldReader.xml
+++ b/src/chrome/content/rules/TheOldReader.xml
@@ -1,9 +1,13 @@
+<!--
+Automatically by https-everywhere-checker because:
+Fetch error: http://s.yeoldreader.com/ => https://theoldreader.com/: (6, 'Could not resolve host: s.yeoldreader.com')
+-->
 <ruleset name="The Old Reader">
 	<target host="theoldreader.com" />
 	<target host="www.theoldreader.com" />
 	<target host="s.yeoldreader.com" />
 
-	<securecookie host="^([^/:@]*\.)?theoldreader\.com$" name=".*" />
+	<securecookie host="^(?:[^/:@]*\.)?theoldreader\.com$" name=".+" />
 
 	<rule from="^http://(www\.)?theoldreader\.com/" to="https://$1theoldreader.com/" />
 	<rule from="^http://s\.yeoldreader\.com/" to="https://theoldreader.com/" />
diff --git a/src/chrome/content/rules/ThePermitStore.com.xml b/src/chrome/content/rules/ThePermitStore.com.xml
index 7d8cce014a61..912f3de2ff1f 100644
--- a/src/chrome/content/rules/ThePermitStore.com.xml
+++ b/src/chrome/content/rules/ThePermitStore.com.xml
@@ -1,9 +1,17 @@
-<ruleset name="ThePermitStore.com">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.thepermitstore.com/ => https://www.thepermitstore.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://thepermitstore.com/ => https://thepermitstore.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+-->
+<ruleset name="ThePermitStore.com" default_off="failed ruleset test">
 	<target host="thepermitstore.com" />
 	<target host="*.thepermitstore.com" />
+	<test url="http://www.thepermitstore.com/" />
 
-	<securecookie host="^([a-zA-Z0-9\-]*\.)?thepermitstore\.com$" name=".+" />
+	<securecookie host="^(?:[a-zA-Z0-9\-]*\.)?thepermitstore\.com$" name=".+" />
 
-	<rule from="^http://thepermitstore\.com/" to="https://thepermitstore.com/" />
-	<rule from="^http://([a-zA-Z0-9\-]+)\.thepermitstore\.com/" to="https://$1.thepermitstore.com/" />
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ThePetitionSite.com.xml b/src/chrome/content/rules/ThePetitionSite.com.xml
new file mode 100644
index 000000000000..19f3b4662acc
--- /dev/null
+++ b/src/chrome/content/rules/ThePetitionSite.com.xml
@@ -0,0 +1,16 @@
+<!--
+	Time out:
+		thepetitionsite.com
+
+-->
+<ruleset name="ThePetitionSite.com">
+
+	<target host="thepetitionsite.com" />
+	<target host="www.thepetitionsite.com" />
+
+	<rule from="^http://thepetitionsite\.com/"
+		to="https://www.thepetitionsite.com/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ThePirateBay-mismatches.xml b/src/chrome/content/rules/ThePirateBay-mismatches.xml
deleted file mode 100644
index 21b3f9bf83db..000000000000
--- a/src/chrome/content/rules/ThePirateBay-mismatches.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	For rules that are on by default, see ThePirateBay.xml
-
--->
-<ruleset name="The Pirate Bay (mismatches)" default_off="mismatches">
-
-	<!--	Cert: thepiratebay.se	-->
-	<target host="baiedespirates.be" />
-	<!--	* for cross-domain cookie.	-->
-	<target host="*.baiedespirates.be" />
-	<target host="upload.thepiratebay.org" />
-
-
-	<securecookie host="^\.baiedespirates\.be$" name=".*" />
-
-
-	<rule from="^http://(?:www\.)?baiedespirates\.be/"
-		to="https://baiedespirates.be/" />
-
-	<rule from="^http://upload\.thepiratebay\.org/"
-		to="https://upload.thepiratebay.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/ThePirateBay.xml b/src/chrome/content/rules/ThePirateBay.xml
index f38a4ed22e7f..14b947b4c800 100644
--- a/src/chrome/content/rules/ThePirateBay.xml
+++ b/src/chrome/content/rules/ThePirateBay.xml
@@ -1,39 +1,40 @@
 <!--
-	Nonfunctional:
-
-		- image.bayimg.com
-		- (www.)thepiratebay.sx		(http reply)
-
-
-	For problematic rules, see ThePirateBay-mismatches.xml.
-
+	Other related rulesets:
+		thepiratebay-legacy.xml
+		thephoenixbay.com.xml
+		proxyportal.org.xml
+		tpblist.xyz.xml
+		proxybay.pl.xml
+
+	Mismatch:
+		tpb.run
+		www.tpb.run
+
+	Unable to Connect:
+		thepiratebay.se
+		www.thepiratebay.se
+
+	Timeout:
+		kanyebay.com
+		www.kanyebay.com
+		oldpiratebay.org
+		www.oldpiratebay.org
+
+	Invalid redirect:
+		m		(redirects to invalid thepiratebay.se in non-mobile)
 -->
-<ruleset name="The Pirate Bay (partial; bad cert)" default_off="bad certificate">
-
-	<target host="suprbay.org" />
-	<target host="*.suprbay.org" />
-	<!--	* for cross-domain cookie	-->
-	<target host="*.forum.suprbay.org" />
-	<target host="thepiratebay.org"/>
-	<target host="*.thepiratebay.org"/>
-	<target host="thepiratebay.se"/>
-	<target host="*.thepiratebay.se"/>
-	<target host="thepiratebay.is"/>
-	<target host="*.thepiratebay.is"/>
-
-
-	<securecookie host="^.*\.suprbay\.org$" name=".*" />
-	<securecookie host="^(.*\.)?thepiratebay\.se$" name=".*"/>
-
+<ruleset name="The Pirate Bay">
+	<target host="thepiratebay.org" />
+	<target host="www.thepiratebay.org" />
+	<target host="m.thepiratebay.org" />
 
-	<!--	Cert doesn't match (www.), redirects like so.	-->
-	<rule from="^https?://(?:forum\.|www\.)?suprbay\.org/"
-		to="https://forum.suprbay.org/" />
+	<target host="thepiratebay-proxylist.org" />
+	<target host="www.thepiratebay-proxylist.org" />
 
-	<rule from="^https?://(?:www\.)?thepiratebay\.(?:org|se|is)/"
-		to="https://thepiratebay.is/"/>
+	<target host="pirates-forum.org" />
+	<target host="www.pirates-forum.org" />
 
-	<rule from="^http://(rss|static|torrents)\.thepiratebay\.(?:org|se|is)/"
-		to="https://$1.thepiratebay.is/"/>
+	<securecookie host=".+" name=".+" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/ThePirateGoogle.xml b/src/chrome/content/rules/ThePirateGoogle.xml
deleted file mode 100644
index 159cb5d40822..000000000000
--- a/src/chrome/content/rules/ThePirateGoogle.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="ThePirateGoogle" default_off="Certificate mismatch">
-
-	<target host="thepirategoogle.mrcarch.com" />
-	<target host="webtorrentsearch.mrcarch.com" />
-	<target host="thepirategoogle.com" />
-	<target host="www.thepirategoogle.com" />
-	<target host="webtorrentsearch.com" />
-	<target host="www.webtorrentsearch.com" />
-
-	<rule from="^http://(www\.)?(thepirategoogle|webtorrentsearch)\.(mrcarch\.)?com/"
-		to="https://$2.mrcarch.com/~mrcarchc/$2/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/ThePlatform-problematic.xml b/src/chrome/content/rules/ThePlatform-problematic.xml
index e4c7f649e01b..14ab28b6a47c 100644
--- a/src/chrome/content/rules/ThePlatform-problematic.xml
+++ b/src/chrome/content/rules/ThePlatform-problematic.xml
@@ -2,13 +2,15 @@
 	For rules that are on by default, see ThePlatform.xml.
 
 -->
-<ruleset name="thePlatform (problematic)" default_off="mismatched">
+<ruleset name="thePlatform.com (problematic)" default_off="mismatched">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="mxr.theplatform.com" />
 	<target host="web.theplatform.com" />
 
 
-	<rule from="^http://(mxr|web)\.theplatform\.com/"
-		to="https://$1.theplatform.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ThePlatform.xml b/src/chrome/content/rules/ThePlatform.xml
index 8cdb95c72860..1623982c4e33 100644
--- a/src/chrome/content/rules/ThePlatform.xml
+++ b/src/chrome/content/rules/ThePlatform.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://uploads.www.theplatform.com/ => https://uploads.www.theplatform.com/: (60, 'SSL certificate problem: certificate has expired')
+
 	For problematic rules, see ThePlatform-problematic.xml.
 
 
@@ -8,22 +12,19 @@
 		- web.theplatform.com.edgesuite.net
 
 
-	Nonfunctional subdomains:
-
-		- (www.)	(shows default Media Temple page, CN: plesk)
-
-
 	Problematic subdomains:
 
+		- feed ***
 		- mpx *
+		- pdk **
+		- player ***
+		- support ⁴
 		- web *
 
 	* Works, akamai
-
-
-	Partially covered subdomains:
-
-		- help		(some paths 403)
+	** https://github.com/EFForg/https-everywhere/issues/1431
+	*** https://github.com/EFForg/https-everywhere/issues/1816
+	⁴ Mismatched
 
 
 	NB: crossdomain.xml on player forbids https (FUU!)
@@ -31,17 +32,40 @@
 
 	OTOH, we could rewrite crossdomain.xml from player to release....
 
+
+	Insecure cookies are set for these hosts:
+
+		- console.theplatform.com
+		- mps.theplatform.com
+
 -->
-<ruleset name="thePlatform (partial)">
+<ruleset name="thePlatform.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="theplatform.com" />
+	<target host="console.theplatform.com" />
+	<target host="help.theplatform.com" />
+	<target host="mps.theplatform.com" />
+	<target host="release.theplatform.com" />
+	<target host="delivery.support.theplatform.com" />
+	<target host="www.theplatform.com" />
+	<target host="uploads.www.theplatform.com" />
+
+	<!--	Complications:
+				-->
+	<target host="support.theplatform.com" />
 
-	<target host="*.theplatform.com" />
-		<exclusion pattern="^http://help\.theplatform\.com/(?!login(?:$|\?|/))" />
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(console|mps)\.theplatform\.com$" name="^JSESSIONID$" /-->
 
-	<securecookie host="^(?:mps|release)\.theplatform\.com$" name=".+" />
+	<securecookie host="^(?:console|mps|release)\.theplatform\.com$" name=".+" />
 
 
-	<rule from="^http://(feed|help|mps|player|release)\.theplatform\.com/"
-		to="https://$1.theplatform.com/" />
+	<rule from="^http://support\.theplatform\.com/"
+		to="https://delivery.support.theplatform.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ThePokerChips.net.xml b/src/chrome/content/rules/ThePokerChips.net.xml
deleted file mode 100644
index 293aa169f7fc..000000000000
--- a/src/chrome/content/rules/ThePokerChips.net.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="ThePokerChips.net">
-
-	<target host="thepokerchips.net" />
-	<target host="*.thepokerchips.net" />
-
-
-	<securecookie host="^\.thepokerchips\.net$" name=".+" />
-
-
-	<rule from="^http://(www\.)?thepokerchips\.net/"
-		to="https://$1thepokerchips.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/ThePrivacyBlog.com.xml b/src/chrome/content/rules/ThePrivacyBlog.com.xml
new file mode 100644
index 000000000000..b777f3467c86
--- /dev/null
+++ b/src/chrome/content/rules/ThePrivacyBlog.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="The Privacy Blog" default_off="cert-chain">
+
+	<target host="theprivacyblog.com" />
+	<target host="www.theprivacyblog.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ThePrivacyBlog.xml b/src/chrome/content/rules/ThePrivacyBlog.xml
deleted file mode 100644
index d81e0cee0a6b..000000000000
--- a/src/chrome/content/rules/ThePrivacyBlog.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="The Privacy Blog">
-  <target host="www.theprivacyblog.com" />
-  <target host="theprivacyblog.com" />
-
-  <rule from="^http://(?:www\.)?theprivacyblog\.com/" to="https://www.theprivacyblog.com/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/TheReadingRoom.com.xml b/src/chrome/content/rules/TheReadingRoom.com.xml
deleted file mode 100644
index 84a6b628233a..000000000000
--- a/src/chrome/content/rules/TheReadingRoom.com.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	$ redirects to http.
-
--->
-<ruleset name="TheReadingRoom.com (partial)">
-
-	<target host="thereadingroom.com" />
-	<target host="www.thereadingroom.com" />
-		<exclusion pattern="^http://(?:www\.)?thereadingroom\.com/(?:$|\?)" />
-
-
-	<rule from="^http://(www\.)?thereadingroom\.com/"
-		to="https://$1thereadingroom.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/TheRealTalk.org.xml b/src/chrome/content/rules/TheRealTalk.org.xml
new file mode 100644
index 000000000000..a6068f9a2a72
--- /dev/null
+++ b/src/chrome/content/rules/TheRealTalk.org.xml
@@ -0,0 +1,26 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://therealtalk.org/ => https://therealtalk.org/: (7, 'Failed to connect to therealtalk.org port 443: Connection timed out')
+Fetch error: http://www.therealtalk.org/ => https://www.therealtalk.org/: (28, 'Connection timed out after 20001 milliseconds')
+
+	Mixed content:
+
+		- css from fonts.googleapis.com *
+		- Bug from piwik.liberdade.digital *
+
+	* Secured by us
+
+-->
+<ruleset name="TheRealTalk.org" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="therealtalk.org" />
+	<target host="www.therealtalk.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TheResumator.com-clients.xml b/src/chrome/content/rules/TheResumator.com-clients.xml
deleted file mode 100644
index dc3cda190293..000000000000
--- a/src/chrome/content/rules/TheResumator.com-clients.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<!--
-	This is a ruleset for TheResumator.com clients that otherwise have no rules on by default.
--->
-<ruleset name="TheResumator clients (partial)">
-
-	<target host="jobs.urbandictionary.com"/>
-
-	<rule from="^http://jobs\.urbandictionary\.com/"
-		to="https://urbandictionary.theresumator.com/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/TheResumator.com.xml b/src/chrome/content/rules/TheResumator.com.xml
index 8d7533477fae..ee7a38ee52ea 100644
--- a/src/chrome/content/rules/TheResumator.com.xml
+++ b/src/chrome/content/rules/TheResumator.com.xml
@@ -14,14 +14,14 @@
 
 	<!--	Is the .app cross-domain cookie used on any unsecurable pages?
 						-->
-	<securecookie host="^(app\.|www\.)?theresumator\.com$" name=".*" />
+	<securecookie host="^(?:app\.|www\.)?theresumator\.com$" name=".+" />
 
 
 	<rule from="^http://(app\.|www\.)?theresumator\.com/"
 		to="https://$1theresumator.com/" />
 
-	<rule from="^https?://assets\.theresumator\.com/"
-		to="https://d1o2i4ti2oga3l.cloudfront.net/" />
+	<rule from="^http://assets\.theresumator\.com/"
+		to="https://assets.theresumator.com/" />
 
 	<!--	Unique pages for each client.  Pages redirect to http.
 					-->
diff --git a/src/chrome/content/rules/TheRoot.com.xml b/src/chrome/content/rules/TheRoot.com.xml
new file mode 100644
index 000000000000..71a2d8785ed8
--- /dev/null
+++ b/src/chrome/content/rules/TheRoot.com.xml
@@ -0,0 +1,40 @@
+<!--
+	Invalid certificate
+		help.theroot.com
+		jobs.theroot.com
+		link.theroot.com
+		my.theroot.com
+		podcasts.theroot.com
+		theroottv.theroot.com
+
+	Wildcard DNS.
+
+-->
+<ruleset name="The Root">
+
+	<target host="theroot.com" />
+	<target host="*.theroot.com" />
+
+		<!-- Regular subdomains -->
+		<test url="http://www.theroot.com/" />
+		<test url="http://login.theroot.com/" />
+		<test url="http://mms.theroot.com/" />
+		<test url="http://onehundred.theroot.com/" />
+
+		<!-- Blogs. Each user gets their own subdomain -->
+		<test url="http://journalisms.theroot.com/" />
+		<test url="http://thegrapevine.theroot.com/" />
+		<test url="http://verysmartbrothas.theroot.com/" />
+		<test url="http://youngfuturists.theroot.com/" />
+
+	<exclusion pattern="^http://(help|jobs|link|my|podcasts|theroottv)\.theroot\.com/" />
+        <test url="http://help.theroot.com/" />
+        <test url="http://jobs.theroot.com/" />
+        <test url="http://link.theroot.com/" />
+        <test url="http://my.theroot.com/" />
+        <test url="http://podcasts.theroot.com/" />
+        <test url="http://theroottv.theroot.com/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TheSafety.US.xml b/src/chrome/content/rules/TheSafety.US.xml
index 51c661e240c2..78204a7a708f 100644
--- a/src/chrome/content/rules/TheSafety.US.xml
+++ b/src/chrome/content/rules/TheSafety.US.xml
@@ -11,7 +11,6 @@
 	<securecookie host="^thesafety\.us$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?thesafety\.us/"
-		to="https://thesafety.us/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/TheSaveMovement.org.xml b/src/chrome/content/rules/TheSaveMovement.org.xml
new file mode 100644
index 000000000000..cff6a33c3ad2
--- /dev/null
+++ b/src/chrome/content/rules/TheSaveMovement.org.xml
@@ -0,0 +1,10 @@
+<ruleset name="The Save Movement">
+
+	<target host="thesavemovement.org" />
+	<target host="www.thesavemovement.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TheSims3.com.xml b/src/chrome/content/rules/TheSims3.com.xml
new file mode 100644
index 000000000000..372d81162fcc
--- /dev/null
+++ b/src/chrome/content/rules/TheSims3.com.xml
@@ -0,0 +1,19 @@
+<!--
+	Invalid certificate:
+		- thesims3.com, equivalent to www.thesims3.com
+-->
+
+<ruleset name="TheSims3.com">
+	<target host="thesims3.com"/>
+	<target host="*.thesims3.com"/>
+		<test url="http://www.thesims3.com/" />
+		<test url="http://ca.thesims3.com/" />
+		<test url="http://forum.thesims3.com/" />
+
+	<rule from="^http://thesims3\.com/"
+		to="https://www.thesims3.com/" />
+
+	<!--	\w\w:	country codes	-->
+	<rule from="^http://(www|forum|\w\w)\.thesims3\.com/"
+		to="https://$1.thesims3.com/"/>
+</ruleset>
diff --git a/src/chrome/content/rules/TheSixthAxis.com.xml b/src/chrome/content/rules/TheSixthAxis.com.xml
index e10a2bc5a143..e9fdb8c9c455 100644
--- a/src/chrome/content/rules/TheSixthAxis.com.xml
+++ b/src/chrome/content/rules/TheSixthAxis.com.xml
@@ -1,10 +1,9 @@
-<ruleset name="TheSixthAxis.com">
+<ruleset name="TheSixthAxis.com" platform="mixedcontent">
 
 	<target host="thesixthaxis.com" />
 	<target host="www.thesixthaxis.com" />
 
 
-	<rule from="^http://(www\.)?thesixthaxis\.com/"
-		to="https://$1thesixthaxis.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/TheStandNews.com.xml b/src/chrome/content/rules/TheStandNews.com.xml
new file mode 100644
index 000000000000..f74faae46440
--- /dev/null
+++ b/src/chrome/content/rules/TheStandNews.com.xml
@@ -0,0 +1,23 @@
+<ruleset name="TheStandNews.com">
+	<target host="thestandnews.com" />
+	<target host="www.thestandnews.com" />
+	<target host="64.thestandnews.com" />
+	<target host="928.thestandnews.com" />
+	<target host="api.thestandnews.com" />
+	<target host="atv.thestandnews.com" />
+	<target host="cdn.thestandnews.com" />
+	<target host="dce2015.thestandnews.com" />
+	<target host="dce2019.thestandnews.com" />
+	<target host="kwest2018.thestandnews.com" />
+	<target host="legco2020.thestandnews.com" />
+	<target host="legcobe2016.thestandnews.com" />
+	<target host="legcobe2018.thestandnews.com" />
+	<target host="live.thestandnews.com" />
+	<target host="mystand.thestandnews.com" />
+	<target host="polyu.thestandnews.com" />
+	<target host="yuchengchung.thestandnews.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TheStar.com.my.xml b/src/chrome/content/rules/TheStar.com.my.xml
new file mode 100644
index 000000000000..81bf48e7bd60
--- /dev/null
+++ b/src/chrome/content/rules/TheStar.com.my.xml
@@ -0,0 +1,63 @@
+<!--
+	Non-functional subdomains:
+
+		- adrates	(m)
+		- advertising	(m)
+		- archives	(m)
+		- aurora	(t)
+		- biz	(m)
+		- career	(m)
+		- careers	(m)
+		- classifieds	(m)
+		- dev	(t)
+		- dev-2	(t)
+		- developer	(s)
+		- elections	(m)
+		- epaper	(m)
+		- erm	(r)
+		- events	(r)
+		- m	(m)
+		- www.m	(m)
+		- beta.m	(t)
+		- mail	(r)
+		- dev.newsstand	(t)
+		- psignia	(t)
+		- search	(m)
+		- staging	(m)
+		- starsearch	(r)
+		- trek	(t)
+		- videos	(m)
+		- winwithwords	(m)
+
+	e: expired certificate
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="TheStar.com.my">
+
+	<target host="thestar.com.my" />
+	<target host="www.thestar.com.my" />
+	<target host="ads.thestar.com.my" />
+	<target host="api.thestar.com.my" />
+	<target host="bookstore.thestar.com.my" />
+	<target host="cdn.thestar.com.my" />
+	<target host="charts.thestar.com.my" />
+	<target host="clips.thestar.com.my" />
+	<target host="content.thestar.com.my" />
+	<target host="contests.thestar.com.my" />
+	<target host="dev-login.thestar.com.my" />
+	<target host="login.thestar.com.my" />
+	<target host="mystarauth.thestar.com.my" />
+	<target host="newsstand.thestar.com.my" />
+	<target host="payment.thestar.com.my" />
+	<target host="sites.thestar.com.my" />
+
+  	<securecookie host="^www\.thestar\.com\.my$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TheSwanSanctuary.org.uk.xml b/src/chrome/content/rules/TheSwanSanctuary.org.uk.xml
new file mode 100644
index 000000000000..63bb91bc01ba
--- /dev/null
+++ b/src/chrome/content/rules/TheSwanSanctuary.org.uk.xml
@@ -0,0 +1,11 @@
+<!--
+	Active mixed content:
+		- www.theswansanctuary.org.uk, e.g. www.theswansanctuary.org.uk/cause/wandsworth-family-returned-home/
+-->
+
+<ruleset name="TheSwanSanctuary.org.uk" platform="mixedcontent">
+	<target host="theswansanctuary.org.uk" />
+	<target host="www.theswansanctuary.org.uk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TheTrainLine.xml b/src/chrome/content/rules/TheTrainLine.xml
index e4fbad9b4eac..3c7480b87148 100644
--- a/src/chrome/content/rules/TheTrainLine.xml
+++ b/src/chrome/content/rules/TheTrainLine.xml
@@ -1,8 +1,15 @@
-<ruleset name="TheTrainLine" platform="mixedcontent">
-  <target host="thetrainline.com" />
-  <target host="www.thetrainline.com" />
+<ruleset name="TheTrainLine.com">
 
-  <securecookie host="^(.+\.)?thetrainline\.com$" name=".*"/>
+	<target host="thetrainline.com" />
+	<target host="www.thetrainline.com" />
+
+
+	<securecookie host="^\." name="^s_v" />
+	<securecookie host="^\.www\." name=".+" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
-  <rule from="^http://(?:www\.)?thetrainline\.com/" to="https://www.thetrainline.com/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/TheTrevorProject.org.xml b/src/chrome/content/rules/TheTrevorProject.org.xml
new file mode 100644
index 000000000000..cf405f9a2168
--- /dev/null
+++ b/src/chrome/content/rules/TheTrevorProject.org.xml
@@ -0,0 +1,18 @@
+<!--
+	events.thetrevorproject.org redirects to non-existing subdomain
+
+	secure.thetrevorproject.org times out over both HTTP and HTTPS
+
+-->
+<ruleset name="The Trevor Project">
+
+	<target host="thetrevorproject.org" />
+	<target host="www.thetrevorproject.org" />
+	<target host="cities.thetrevorproject.org" />
+	<target host="donate.thetrevorproject.org" />
+	<target host="give.thetrevorproject.org" />
+	<target host="membership.thetrevorproject.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TheVideo.me.xml b/src/chrome/content/rules/TheVideo.me.xml
new file mode 100644
index 000000000000..0a649a57fbac
--- /dev/null
+++ b/src/chrome/content/rules/TheVideo.me.xml
@@ -0,0 +1,27 @@
+<!--
+	Insecure cookies are set for these domains: ᶜ
+
+		- .thevideo.me
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="TheVideo.me">
+
+	<target host="thevideo.me" />
+	<target host="analytics.thevideo.me" />
+	<target host="img.thevideo.me" />
+	<target host="www.thevideo.me" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.thevideo\.me$" name="^(?:__cfduid|cf_clearance|lang)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/The_109.xml b/src/chrome/content/rules/The_109.xml
index 6cbcc38ec726..341adee06990 100644
--- a/src/chrome/content/rules/The_109.xml
+++ b/src/chrome/content/rules/The_109.xml
@@ -1,13 +1,25 @@
-<ruleset name="The 109">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://the109.org/ => https://the109.org/: (7, 'Failed to connect to the109.org port 443: Connection refused')
+Fetch error: http://www.the109.org/ => https://www.the109.org/: (7, 'Failed to connect to www.the109.org port 443: Connection refused')
+
+-->
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://the109.org/ => https://the109.org/: (7, 'Failed to connect to the109.org port 443: Connection refused')
+
+-->
+<ruleset name="The 109" default_off="failed ruleset test">
 
 	<target host="the109.org" />
-	<target host="*.the109.org" />
+	<target host="www.the109.org" />
 
 
 	<securecookie host="^\.the109\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?the109\.org/"
-		to="https://$1the109.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/The_American_Prospect.xml b/src/chrome/content/rules/The_American_Prospect.xml
index 06936564265e..ae5b29556945 100644
--- a/src/chrome/content/rules/The_American_Prospect.xml
+++ b/src/chrome/content/rules/The_American_Prospect.xml
@@ -1,16 +1,24 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://prospect.org/ => https://prospect.org/: Too many redirects while fetching 'https://prospect.org/'
+Fetch error: http://www.prospect.org/ => https://prospect.org/: Too many redirects while fetching 'https://prospect.org/'
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://prospect.org/ => https://prospect.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.prospect.org/ => https://prospect.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 	Problematic subdomains:
 
 		- www	(cert only matches ^prospect.org)
 
 -->
-<ruleset name="The American Prospect">
+<ruleset name="The American Prospect" default_off="failed ruleset test">
 
 	<target host="prospect.org" />
 	<target host="www.prospect.org" />
 
 
-	<rule from="^https?://(?:www\.)?prospect\.org/"
+	<rule from="^http://(?:www\.)?prospect\.org/"
 		to="https://prospect.org/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/The_American_Scholar.org.xml b/src/chrome/content/rules/The_American_Scholar.org.xml
new file mode 100644
index 000000000000..127ad7faa7bd
--- /dev/null
+++ b/src/chrome/content/rules/The_American_Scholar.org.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these domains and hosts:
+
+		- theamericanscholar.org
+		- .theamericanscholar.org
+		- www.theamericanscholar.org
+
+-->
+<ruleset name="The American Scholar.org">
+
+	<target host="theamericanscholar.org" />
+	<target host="www.theamericanscholar.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?theamericanscholar\.org$" name="^PHPSESSID" /-->
+	<!--securecookie host="^\.theamericanscholar\.org$" name="^__qca$" /-->
+
+	<securecookie host="^(?:\.|www\.)?theamericanscholar\.org$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/The_Appendix.net.xml b/src/chrome/content/rules/The_Appendix.net.xml
new file mode 100644
index 000000000000..b8f6694b4303
--- /dev/null
+++ b/src/chrome/content/rules/The_Appendix.net.xml
@@ -0,0 +1,66 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://theappendix.net/ => https://theappendix.net/: (51, "SSL: no alternative certificate subject name matches target host name 'theappendix.net'")
+Fetch error: http://images.theappendix.net/ => https://d6hat78o59yti.cloudfront.net/: (6, 'Could not resolve host: d6hat78o59yti.cloudfront.net')
+Fetch error: http://www.theappendix.net/ => https://theappendix.net/: (51, "SSL: no alternative certificate subject name matches target host name 'theappendix.net'")
+
+	CDN buckets:
+
+		- d6hat78o59yti.cloudfront.net
+
+
+	www: cert only matches ^theappendix.net
+
+
+	Nonfunctional subdomains:
+
+		- shop *
+
+	* Shopify
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- theappendix.net
+		- .theappendix.net
+
+
+	Mixed content:
+
+		- Images from images.theappendix.net *
+
+	* Secured by us
+
+-->
+<ruleset name="The Appendix.net (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="theappendix.net" />
+
+	<!--	Complications:
+				-->
+	<target host="images.theappendix.net" />
+	<target host="www.theappendix.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^theappendix\.net$" name="^_appendix_session$" /-->
+	<!--securecookie host="^\.theappendix\.net$" name="^__qca$" /-->
+
+	<securecookie host="^theappendix\.net$" name=".+" />
+	<securecookie host="^\.theappendix\.net$" name="^__qca$" />
+
+
+	<rule from="^http://images\.theappendix\.net/"
+		to="https://d6hat78o59yti.cloudfront.net/" />
+
+	<rule from="^http://www\.theappendix\.net/"
+		to="https://theappendix.net/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/The_Atlantic.com.xml b/src/chrome/content/rules/The_Atlantic.com.xml
new file mode 100644
index 000000000000..1753a9b3c35f
--- /dev/null
+++ b/src/chrome/content/rules/The_Atlantic.com.xml
@@ -0,0 +1,42 @@
+<!--
+	For other Atlantic Media coverage, see Atlantic-Media.xml.
+
+
+	Nonfunctional domains:
+
+		- advertising.theatlantic.com *
+
+	* Shows profiles; mismatched, CN: profiles.theatlantic.com
+
+
+	Fully covered domains:
+		- www.theatlantic.com
+		- cdn.theatlantic.com
+		- assets.theatlantic.com	(→ cdn.theatlantic.com)
+-->
+<ruleset name="The Atlantic.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="theatlantic.com" />
+	<target host="www.theatlantic.com" />
+	<target host="cdn.theatlantic.com" />
+
+	<!--	Complications:
+				-->
+	<target host="assets.theatlantic.com" />
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.theatlantic\.com$" name="^(SC_LINKS|atl_tests|s_cc|s_sq)$" /-->
+
+
+	<!-- not 100% sure about this, but it's the
+		  least broken configuration I can find -->
+	<rule from="^http://assets\.theatlantic\.com/"
+		to="https://cdn.theatlantic.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/The_Baffler.xml b/src/chrome/content/rules/The_Baffler.xml
index 2480eefe085d..55e3a98186c8 100644
--- a/src/chrome/content/rules/The_Baffler.xml
+++ b/src/chrome/content/rules/The_Baffler.xml
@@ -7,7 +7,6 @@
 	<securecookie host="^(?:www\.)?thebaffler\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?thebaffler\.com/"
-		to="https://$1thebaffler.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/The_Big_Wedding_Movie.com.xml b/src/chrome/content/rules/The_Big_Wedding_Movie.com.xml
index c147bddb761a..03d27534df49 100644
--- a/src/chrome/content/rules/The_Big_Wedding_Movie.com.xml
+++ b/src/chrome/content/rules/The_Big_Wedding_Movie.com.xml
@@ -1,16 +1,18 @@
 <!--
-	Problematic subdomains:
+	Mixed content:
 
-		- ^	(works, cert only matches www)
+		- iframe from www.youtube.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="The Big Wedding Movie.com">
+<ruleset name="The Big Wedding Movie.com" default_off="mismatched, self-signed">
 
 	<target host="thebigweddingmovie.com" />
 	<target host="www.thebigweddingmovie.com" />
 
 
-	<rule from="^http://(?:www\.)?thebigweddingmovie\.com/"
-		to="https://www.thebigweddingmovie.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/The_Blue_Sky_Life.com.xml b/src/chrome/content/rules/The_Blue_Sky_Life.com.xml
new file mode 100644
index 000000000000..20f0d2a79a13
--- /dev/null
+++ b/src/chrome/content/rules/The_Blue_Sky_Life.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="The Blue Sky Life.com" default_off="expired">
+
+	<target host="theblueskylife.com" />
+	<target host="www.theblueskylife.com" />
+
+
+	<securecookie host="^(?:www\.)?theblueskylife\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/The_Body_Shop.co.uk.xml b/src/chrome/content/rules/The_Body_Shop.co.uk.xml
new file mode 100644
index 000000000000..38ff663a75da
--- /dev/null
+++ b/src/chrome/content/rules/The_Body_Shop.co.uk.xml
@@ -0,0 +1,149 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.thebodyshop.co.uk/services/aboutus_privacypolicy.aspx => https://secure.thebodyshop.co.uk/services/aboutus_privacypolicy.aspx: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.thebodyshop.co.uk/services/cookies.aspx => https://secure.thebodyshop.co.uk/services/cookies.aspx: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://thebodyshop.co.uk/404-3.jpg => https://secure.thebodyshop.co.uk/404-3.jpg: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://thebodyshop.co.uk/404.htm => https://secure.thebodyshop.co.uk/404.htm: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://thebodyshop.co.uk/athome/athome_hostaparty.aspx => https://secure.thebodyshop.co.uk/athome/athome_hostaparty.aspx: (7, 'Failed to connect to secure.thebodyshop.co.uk port 443: No route to host')
+Fetch error: http://thebodyshop.co.uk/content => https://secure.thebodyshop.co.uk/content: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://thebodyshop.co.uk/content/TBSAH/index.aspx => https://secure.thebodyshop.co.uk/content/TBSAH/index.aspx: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://thebodyshop.co.uk/content/affiliates/hub.aspx => https://secure.thebodyshop.co.uk/content/affiliates/hub.aspx: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.thebodyshop.co.uk/css/common/fiche_produit.css => https://secure.thebodyshop.co.uk/css/common/fiche_produit.css: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.thebodyshop.co.uk/images/product/Medium/47466m_m.jpg => https://secure.thebodyshop.co.uk/images/product/Medium/47466m_m.jpg: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.thebodyshop.co.uk/img/BTN_SgnInRED_ON.gif => https://secure.thebodyshop.co.uk/img/BTN_SgnInRED_ON.gif: (28, 'Connection timed out after 20004 milliseconds')
+Fetch error: http://www.thebodyshop.co.uk/services/sitemap.aspx => https://secure.thebodyshop.co.uk/services/sitemap.aspx: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.thebodyshop.co.uk/services/storelocator-search.aspx => https://secure.thebodyshop.co.uk/services/storelocator-search.aspx: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://secure.thebodyshop.co.uk/ => https://secure.thebodyshop.co.uk/: (28, 'Connection timed out after 20001 milliseconds')
+
+	CDN buckets:
+
+		- thebodyshop-uk-blog.azurewebsites.net
+		- www.thebodyshop.co.uk.edgesuite.net
+		- bodyshop.metafaq.com
+
+
+	Nonfunctional hosts in *thebodyshop.co.uk:
+
+		- (www.)?beautyblog ᵖ
+		- skincareonline ᵃ
+
+	ᵃ Shows another domain
+	ᵖ Plaintext reply
+
+
+	^thebodyshop.co.uk: Mismatched
+	www.thebodyshop.co.uk: Akamai / mismatched
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .thebodyshop.co.uk
+		- help.thebodyshop.co.uk
+		- secure.thebodyshop.co.uk
+
+
+	Mixed content:
+
+		- Images on secure from www.thebodyshop.co.uk *
+
+		- Bugs, on:
+
+			- secure from ad.amgdgt.com *
+			- secure from res.levexis.com *
+
+	* Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="The Body Shop.co.uk (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="help.thebodyshop.co.uk" />
+	<target host="secure.thebodyshop.co.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="thebodyshop.co.uk" />
+	<target host="www.thebodyshop.co.uk" />
+
+		<!--	Redirects back:
+								-->
+		<!--exclusion pattern="^http://(?:www\.)?thebodyshop\.co\.uk/(?:$|(?:index|new|skin-advice)\.aspx)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://(?:www\.)?thebodyshop\.co\.uk/(?!/*(?:404\.htm|404-\d\.jpg|(?:athome|content|loveyourbody|myspace)(?:$|[?/])|checkout/|css/|images/|img/|js/|loyalty/|services/|socialhub/|(?:Script|Web)Resource\.axd|ws/))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://thebodyshop.co.uk/body.aspx" />
+			<test url="http://thebodyshop.co.uk/body/scrubs.aspx" />
+			<test url="http://thebodyshop.co.uk/catalog/" />
+			<test url="http://thebodyshop.co.uk/face.aspx" />
+			<test url="http://thebodyshop.co.uk/face/accessories.aspx" />
+			<test url="http://thebodyshop.co.uk/fragrance.aspx" />
+			<test url="http://thebodyshop.co.uk/fragrance/candles.aspx" />
+			<test url="http://thebodyshop.co.uk/gifts.aspx" />
+			<test url="http://thebodyshop.co.uk/hair.aspx" />
+			<test url="http://thebodyshop.co.uk/hair/styling.aspx" />
+			<test url="http://www.thebodyshop.co.uk/hands.aspx" />
+			<test url="http://www.thebodyshop.co.uk/hands/tools.aspx" />
+			<test url="http://www.thebodyshop.co.uk/index.aspx" />
+			<test url="http://www.thebodyshop.co.uk/joy" />
+			<test url="http://www.thebodyshop.co.uk/new.aspx" />
+			<test url="http://www.thebodyshop.co.uk/services/aboutus_privacypolicy.aspx" />
+			<test url="http://www.thebodyshop.co.uk/services/cookies.aspx" />
+			<test url="http://www.thebodyshop.co.uk/skin-advice.aspx" />
+			<test url="http://www.thebodyshop.co.uk/values/ingredient_cotton.aspx" />
+			<test url="http://www.thebodyshop.co.uk/values/tct.aspx" />
+
+			<!--	-ve:
+					-->
+			<test url="http://thebodyshop.co.uk/404-3.jpg" />
+			<test url="http://thebodyshop.co.uk/404.htm" /><!--	Mixed images -->
+			<test url="http://thebodyshop.co.uk/athome/athome_hostaparty.aspx" /><!--	Mixed images, bug -->
+			<test url="http://thebodyshop.co.uk/content" /><!--	Mixed images, bug -->
+			<test url="http://thebodyshop.co.uk/content/TBSAH/index.aspx" /><!--	Mixed images, bug -->
+			<test url="http://thebodyshop.co.uk/content/affiliates/hub.aspx" /><!--	Mixed images, bug -->
+			<test url="http://www.thebodyshop.co.uk/css/common/fiche_produit.css" />
+			<test url="http://www.thebodyshop.co.uk/images/product/Medium/47466m_m.jpg" />
+			<test url="http://www.thebodyshop.co.uk/img/BTN_SgnInRED_ON.gif" />
+			<test url="http://www.thebodyshop.co.uk/love-your-body" />
+			<test url="http://www.thebodyshop.co.uk/love-your-body/index.aspx" />
+			<test url="http://www.thebodyshop.co.uk/services/sitemap.aspx" /><!--	Mixed images -->
+			<test url="http://www.thebodyshop.co.uk/services/storelocator-search.aspx" />
+
+		<!--	Avoid potential XHR problems:
+							-->
+		<exclusion pattern="^http://(?:www\.)?thebodyshop\.co\.uk/.+\.js(?:on)?(?:$|\?)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://thebodyshop.co.uk/js/lib/jquery/jquery-ui.1.9.2.min.js" />
+			<test url="http://thebodyshop.co.uk/js/lib/modernizr/modernizr-2.5.3.min.js" />
+			<test url="http://www.thebodyshop.co.uk/js/lib/jquery/jquery-ui.1.9.2.min.js" />
+			<test url="http://www.thebodyshop.co.uk/js/lib/modernizr/modernizr-2.5.3.min.js" />
+			<test url="http://www.thebodyshop.co.uk/js/lib/modernizr/modernizr-ie-prefix.min.js" />
+			<test url="http://www.thebodyshop.co.uk/js/s_code.js" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.thebodyshop\.co\.uk$" name="^(?:AdditionalParams|stop_mobi|UKTBSAUTH|UserAuthentication)$" /-->
+	<!--securecookie host="^help\.thebodyshop\.co\.uk$" name="^(?:identitytoken|vsid)$" /-->
+	<!--securecookie host="^secure\.thebodyshop\.co\.uk$" name="^(?:server)$" /-->
+
+	<!--	Tracking cookies:
+					-->
+	<securecookie host="^\." name="^(?:_gat?$|_gat_|TRADEDOUBLER_\w+$|__tro\w+$)" />
+	<securecookie host="^(?!\.thebodyshop\.co\.uk$)." name=".+" />
+
+
+	<rule from="^http://(?:www\.)?thebodyshop\.co\.uk/"
+		to="https://secure.thebodyshop.co.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/The_Boston_Globe.xml b/src/chrome/content/rules/The_Boston_Globe.xml
deleted file mode 100644
index a020bb731434..000000000000
--- a/src/chrome/content/rules/The_Boston_Globe.xml
+++ /dev/null
@@ -1,82 +0,0 @@
-<!--
-	For other New York Times coverage, see NYTimes.xml.
-
-
-	CDN buckets:
-
-		- nytbglobe.112.2o7.net
-		- s3.amazonaws.com/static.rondavu.com/C/Boston_PROD/
-
-		- wac.493C.edgecastcdn.net
-
-			- cinesport.boston.com
-
-		- bostoncom.http.internapcdn.net
-
-			- c.o0bc.com
-			- cache.boston.com
-
-
-	Nonfunctional domains:
-
-		- cinesport.boston.com		(404; mismatched, CN: gp1.wac.edgecastcdn.net)
-
-
-	Problematic domains:
-
-		- c.o0bc.com	(404; mismatched, CN: *.internapcdn.net)
-		- www.boston.com	(akamai)
-		- bostonglobe.com	(dropped)
-
-
-	Fully covered domains:
-
-		- (www.)bostonglobe.com	(^ → www)
-
--->
-<ruleset name="The Boston Globe (partial)">
-
-	<target host="c.o0bc.com" />
-	<target host="boston.com" />
-	<target host="*.boston.com" />
-	<target host="bostonglobe.com" />
-	<target host="*.bostonglobe.com" />
-		<!--
-			- Doesn't work
-			- epaper CN: www.pressdisplay.com
-							-->
-		<exclusion pattern="http://(epaper|spiderbites)\.bostonglobe\.com/" />
-
-
-	<securecookie host="^(?:.*\.)?boston\.com$" name=".+" />
-	<securecookie host=".*\.bostonglobe\.com$" name=".+" />
-
-
-	<rule from="^http://c\.o0bc\.com/"
-		to="https://boston.com/" />
-
-	<rule from="^http://(?:(graphics\.)|www\.)?boston\.com/"
-		to="https://$1boston.com/" />
-
-	<!--	- cache doesn't work
-		- cache CN: *.https.internapcdn.net
-							-->
-	<rule from="^http://cache\.boston\.com/"
-		to="https://graphics.boston.com/" />
-
-	<rule from="^http://deals\.boston\.com/(favicon\.ico|signup|views/)"
-		to="https://deals.boston.com/$1" />
-
-	<!--	- Weather doesn't work
-		- This is what the server does, aside from https
-							-->
-	<rule from="^http://weather\.boston\.com/"
-		to="https://boston.com/weather/" />
-
-	<rule from="^http://services\.bostonglobe\.com/"
-		to="https://services.bostonglobe.com/" />
-
-	<rule from="^http://(?:www\.)?bostonglobe\.com/"
-		to="https://www.bostonglobe.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/The_Bureau_Investigates.com-falsemixed.xml b/src/chrome/content/rules/The_Bureau_Investigates.com-falsemixed.xml
new file mode 100644
index 000000000000..0d51b0cdaf75
--- /dev/null
+++ b/src/chrome/content/rules/The_Bureau_Investigates.com-falsemixed.xml
@@ -0,0 +1,12 @@
+<!--
+	For rules not causing false/broken MCB, see The_Bureau_Investigates.com.xml.
+
+-->
+<ruleset name="The Bureau Investigates.com (false MCB)" platform="mixedcontent">
+
+	<target host="www.thebureauinvestigates.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/The_Bureau_Investigates.com.xml b/src/chrome/content/rules/The_Bureau_Investigates.com.xml
new file mode 100644
index 000000000000..3d9a64b63a28
--- /dev/null
+++ b/src/chrome/content/rules/The_Bureau_Investigates.com.xml
@@ -0,0 +1,25 @@
+<!--
+	For rules causing false/broken MCB, see The_Bureau_Investigates.com-falsemixed.xml.
+
+
+	Mixed content:
+
+		- css from $self *
+		- Images from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="The Bureau Investigates.com (partial)">
+
+	<target host="thebureauinvestigates.com" />
+	<target host="www.thebureauinvestigates.com" />
+		<!--
+			Avoid broken MCB:
+						-->
+		<exclusion pattern="^http://www\.thebureauinvestigates\.com/+(?!favicon\.ico|wp-content/|wp-includes/)" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/The_CALMzone.net.xml b/src/chrome/content/rules/The_CALMzone.net.xml
new file mode 100644
index 000000000000..51a6459f7815
--- /dev/null
+++ b/src/chrome/content/rules/The_CALMzone.net.xml
@@ -0,0 +1,16 @@
+<ruleset name="The CALMzone.net">
+
+	<target host="thecalmzone.net" />
+	<target host="www.thecalmzone.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.thecalmzone\.net$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^www\.thecalmzone\.net$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/The_Center_for_Rights.org.xml b/src/chrome/content/rules/The_Center_for_Rights.org.xml
new file mode 100644
index 000000000000..267ee65ba018
--- /dev/null
+++ b/src/chrome/content/rules/The_Center_for_Rights.org.xml
@@ -0,0 +1,20 @@
+<!--
+	Other Center for Rights rulesets:
+
+		- Internet_Coup.org.xml
+
+
+	^: dropped
+	www: Herokuapp
+
+-->
+<ruleset name="The Center for Rights.org" default_off="mismatched">
+
+	<target host="thecenterforrights.org" />
+	<target host="www.thecenterforrights.org" />
+
+
+	<rule from="^http://(?:www\.)?thecenterforrights\.org/"
+		to="https://www.thecenterforrights.org/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/The_Changelog.com.xml b/src/chrome/content/rules/The_Changelog.com.xml
new file mode 100644
index 000000000000..d6ae807874d4
--- /dev/null
+++ b/src/chrome/content/rules/The_Changelog.com.xml
@@ -0,0 +1,19 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://thechangelog.com/ => https://thechangelog.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.thechangelog.com/ => https://www.thechangelog.com/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="The Changelog.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="thechangelog.com" />
+	<target host="www.thechangelog.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/The_China_Story.org.xml b/src/chrome/content/rules/The_China_Story.org.xml
new file mode 100644
index 000000000000..9fff43231a4c
--- /dev/null
+++ b/src/chrome/content/rules/The_China_Story.org.xml
@@ -0,0 +1,32 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .thechinastory.org
+
+
+	Mixed content:
+
+		- Images from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="The China Story.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="thechinastory.org" />
+	<target host="www.thechinastory.org" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.thechinastory\.org$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.thechinastory\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/The_Chronicles_of_George.xml b/src/chrome/content/rules/The_Chronicles_of_George.xml
deleted file mode 100644
index 7c296249f267..000000000000
--- a/src/chrome/content/rules/The_Chronicles_of_George.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="The Chronicles of George">
-
-	<target host="chroniclesofgeorge.com" />
-	<target host="*.chroniclesofgeorge.com" />
-
-
-	<rule from="^http://(forum\.|www\.)?chroniclesofgeorge\.com/"
-		to="https://$1chroniclesofgeorge.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/The_Coast_News.com.xml b/src/chrome/content/rules/The_Coast_News.com.xml
new file mode 100644
index 000000000000..e4ad2b915739
--- /dev/null
+++ b/src/chrome/content/rules/The_Coast_News.com.xml
@@ -0,0 +1,20 @@
+<!--
+	Mixed content:
+
+		- Images from i1.ytimg.com *
+
+	* Secured by us
+
+-->
+<ruleset name="The Coast News.com">
+
+	<target host="thecoastnews.com" />
+	<target host="www.thecoastnews.com" />
+
+
+	<securecookie host="^\.thecoastnews\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/The_Compassion_Club.org.xml b/src/chrome/content/rules/The_Compassion_Club.org.xml
new file mode 100644
index 000000000000..fd0e862313f2
--- /dev/null
+++ b/src/chrome/content/rules/The_Compassion_Club.org.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- thecompassionclub.org
+		- www.thecompassionclub.org
+
+-->
+<ruleset name="The Compassion Club.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="thecompassionclub.org" />
+	<target host="www.thecompassionclub.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?thecompassionclub\.org$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^(?:www\.)?thecompassionclub\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/The_Conversation.xml b/src/chrome/content/rules/The_Conversation.xml
deleted file mode 100644
index 269f3a87572b..000000000000
--- a/src/chrome/content/rules/The_Conversation.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<!--
-	CDN buckets:
-
-		- c479107.ssl.cf2.rackcdn.com
-
-
-	Cert doesn't match www.
-
--->
-<ruleset name="The Conversation">
-
-	<target host="theconversation.com" />
-	<target host="www.theconversation.com" />
-	<target host="theconversation.edu.au" />
-	<target host="www.theconversation.edu.au" />
-
-
-	<securecookie host="^theconversation\.(?:com|edu\.au)$" name=".+" />
-
-
-	<rule from="^https?://(?:www\.)?theconversation\.(com|edu\.au)/"
-		to="https://theconversation.$1/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/The_Creators_Project.com.xml b/src/chrome/content/rules/The_Creators_Project.com.xml
new file mode 100644
index 000000000000..549326efddc6
--- /dev/null
+++ b/src/chrome/content/rules/The_Creators_Project.com.xml
@@ -0,0 +1,45 @@
+<!--
+	For other Vice Media coverage, see Vice.xml.
+
+
+	CDN buckets:
+
+		- dm07ef02yemve.cloudfront.net
+
+			- assets.thecreatorsproject.com
+
+
+	Problematic hosts in *thecreatorsproject.com:
+
+		- (www.)? ¹
+		- assets ²
+
+	¹ 503
+	² Cloudfront
+
+
+	Fully covered hosts in *thecreatorsproject.com:
+
+		- (www.)?	(→ thecreatorsproject.vice.com)
+		- assets	(→ dm07ef02yemve.cloudfront.net)
+
+-->
+<ruleset name="The Creators Project.com">
+
+	<!--	Complications:
+				-->
+	<target host="thecreatorsproject.com" />
+	<target host="assets.thecreatorsproject.com" />
+	<target host="www.thecreatorsproject.com" />
+
+
+	<!--	Redirect keeps path, args,
+		and forward slash:
+					-->
+	<rule from="^http://(?:www\.)?thecreatorsproject\.com/"
+		to="https://thecreatorsproject.vice.com/" />
+
+	<rule from="^http://assets\.thecreatorsproject\.com/"
+		to="https://dm07ef02yemve.cloudfront.net/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/The_DMA.org.xml b/src/chrome/content/rules/The_DMA.org.xml
new file mode 100644
index 000000000000..0692584d44f0
--- /dev/null
+++ b/src/chrome/content/rules/The_DMA.org.xml
@@ -0,0 +1,54 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.thedma.org/ => https://www.thedma.org/: (60, 'SSL certificate problem: certificate has expired')
+
+	Other Direct Marketing Association rulesets:
+
+		- DMAchoice.org.xml
+		- The-DMA.org.xml
+
+
+	Nonfunctional hosts in *thedma.org:
+
+		- andthen *
+		- ddminstitute *
+		- mac *
+
+	* wpengine / redirects to http
+
+
+	Problematic hosts in *thedma.org:
+
+		- careercenter ᵐ
+
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- thedma.org
+		- dmachoice.thedma.org
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="The DMA.org (partial)" default_off="failed ruleset test">
+
+	<target host="thedma.org" />
+	<target host="dmachoice.thedma.org" />
+	<target host="www.thedma.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^thedma\.org$" name="^_wp_session$" /-->
+	<!--securecookie host="^dmachoice\.thedma\.org$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/The_Daily_Beast.xml b/src/chrome/content/rules/The_Daily_Beast.xml
index 513f9d41511a..c9c1a2c7dcc4 100644
--- a/src/chrome/content/rules/The_Daily_Beast.xml
+++ b/src/chrome/content/rules/The_Daily_Beast.xml
@@ -2,24 +2,27 @@
 	CDN buckets:
 
 		- d508l827lzpfo.cloudfront.net
+
 			- cdn.thedailybeast.com
 
 
 	Partially covered subdomains:
 
-		- (www.)	(some pages redirect to http)
+		- (www.)? *
+
+	* Some pages redirect to http
 
 -->
-<ruleset name="The Daily Beast (partial)">
+<ruleset name="The Daily Beast.com (partial)">
 
 	<target host="thedailybeast.com" />
 	<target host="*.thedailybeast.com" />
 
 
-	<rule from="^http://(www\.)?thedailybeast\.com/(content/|favicon\.ico|etc/)"
-		to="https://$1thedailybeast.com/$2" />
+	<rule from="^http://(www\.)?thedailybeast\.com/(?=(?:articles|cheats)/.+\.jpg$|content/|favicon\.ico|etc/)"
+		to="https://$1thedailybeast.com/" />
 
-	<rule from="^https?://cdn\.thedailybeast\.com/"
+	<rule from="^http://cdn\.thedailybeast\.com/"
 		to="https://d508l827lzpfo.cloudfront.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/The_Day_We_Fight_Back.org.xml b/src/chrome/content/rules/The_Day_We_Fight_Back.org.xml
new file mode 100644
index 000000000000..3a5c53b22dcb
--- /dev/null
+++ b/src/chrome/content/rules/The_Day_We_Fight_Back.org.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .thedaywefightback.org
+
+-->
+<ruleset name="The Day We Fight Back.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="thedaywefightback.org" />
+	<target host="www.thedaywefightback.org" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.thedaywefightback\.org$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.thedaywefightback\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/The_Dilbert_Store.com-falsemixed.xml b/src/chrome/content/rules/The_Dilbert_Store.com-falsemixed.xml
deleted file mode 100644
index 2b772e8387fe..000000000000
--- a/src/chrome/content/rules/The_Dilbert_Store.com-falsemixed.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	For rules not causing false/broken MCB, see The_Dilbert_Store.com.xml
-
--->
-<ruleset name="The Dilbert Store.com (false MCB)" platform="mixedcontent">
-
-	<target host="thedilbertstore.com" />
-	<target host="*.thedilbertstore.com" />
-		<!--
-			Paths handled in The_Dilbert_Store.com.xml:
-									-->
-		<!--exclusion pattern="^http://(www\.)?thedilbertstore\.com/+((customers/(forgot_password|login|new)|javascript_no)/?(?:$|\?)|images/|javascripts/|stylesheets/)" /-->
-
-
-	<securecookie host="^(?:w*\.)?thedilbertstore\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?thedilbertstore\.com/(?!(?:customers/(?:forgot_password|login|new)|javascript_no)/?(?:$|\?.*)|images/|javascripts/|stylesheets/)"
-		to="https://$1thedilbertstore.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/The_Dilbert_Store.com.xml b/src/chrome/content/rules/The_Dilbert_Store.com.xml
deleted file mode 100644
index dbf0c4d00eae..000000000000
--- a/src/chrome/content/rules/The_Dilbert_Store.com.xml
+++ /dev/null
@@ -1,29 +0,0 @@
-<!--
-	For rules causing false/broken MCB, see The_Dilbert_Store.com-falsemixed.xml
-
-
-	Mixed content:
-
-		- css on ^ from ^ *
-
-		- Images on ^ from ^ *
-
-	* Secured by us
-
--->
-<ruleset name="The Dilbert Store.com (partial)">
-
-	<target host="thedilbertstore.com" />
-	<target host="www.thedilbertstore.com" />
-		<!--
-			Some pages fetch stylesheets insecurely,
-			so avoid false/broken MCB accordingly:
-								-->
-		<!--exclusion pattern="^http://(www\.)?thedilbertstore\.com/+($|\?)" /-->
-		<!--exclusion pattern="^http://(www\.)?thedilbertstore\.com/+(?!(customers/(forgot_password|login|new)|javascript_no)/?(?:$|\?)|images/|javascripts/|stylesheets/)" /-->
-
-
-	<rule from="^http://(www\.)?thedilbertstore\.com/(?=(?:customers/(?:forgot_password|login|new)|javascript_no)/?(?:$|\?.*)|images/|javascripts/|stylesheets/)"
-		to="https://$1thedilbertstore.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/The_Drom.com.xml b/src/chrome/content/rules/The_Drom.com.xml
new file mode 100644
index 000000000000..44b1cb65e6b5
--- /dev/null
+++ b/src/chrome/content/rules/The_Drom.com.xml
@@ -0,0 +1,32 @@
+<!--
+	Problematic subdomains:
+
+		- static2 *
+		- static3 *
+
+	Mismatched, CN: www.thedrum.com
+
+
+	Some (most?) pages redirect to http.
+
+
+	Mixed content:
+
+		- Images on www from static3 *
+
+	* Secured by us
+
+-->
+<ruleset name="The Drum.com (partial)">
+
+	<target host="thedrum.com" />
+	<target host="*.thedrum.com" />
+
+
+	<rule from="^http://(www\.)?thedrum\.com/(?=(?:account/login|cart/add/\d+|store|user/login)(?:$|[?/])|uploads/)"
+		to="https://$1thedrum.com/" />
+
+	<rule from="^http://static\d\.thedrum\.com/"
+		to="https://www.thedrum.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/The_Fappening.sexy.xml b/src/chrome/content/rules/The_Fappening.sexy.xml
new file mode 100644
index 000000000000..3c43c7622abc
--- /dev/null
+++ b/src/chrome/content/rules/The_Fappening.sexy.xml
@@ -0,0 +1,12 @@
+<ruleset name="The Fappening.sexy">
+
+	<target host="thefappening.sexy" />
+	<target host="www.thefappening.sexy" />
+
+
+	<securecookie host="^\.thefappening\.sexy$" name="^__cfduid$" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/The_Fire.org.xml b/src/chrome/content/rules/The_Fire.org.xml
new file mode 100644
index 000000000000..ef3385c89eda
--- /dev/null
+++ b/src/chrome/content/rules/The_Fire.org.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- www.thefire.org
+
+-->
+<ruleset name="The Fire.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="thefire.org" />
+	<target host="www.thefire.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.thefire\.org$" name="^(?:[\da-f]{32}|PHPSESSID|popupcookie)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/The_Foundry.co.uk.xml b/src/chrome/content/rules/The_Foundry.co.uk.xml
new file mode 100644
index 000000000000..6282e3bdd4d5
--- /dev/null
+++ b/src/chrome/content/rules/The_Foundry.co.uk.xml
@@ -0,0 +1,41 @@
+<!--
+	Fully covered hosts in *thefoundry.co.uk:
+
+		- (www.)?
+		- community
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .thefoundry.co.uk
+		- community.thefoundry.co.uk
+
+
+	Mixed content:
+
+		- css on community from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="The Foundry.co.uk">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="thefoundry.co.uk" />
+	<target host="community.thefoundry.co.uk" />
+	<target host="www.thefoundry.co.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.thefoundry\.co\.uk$" name="^CONCRETE5$" /-->
+	<!--securecookie host="^community\.thefoundry\.co\.uk$" name="^(ASP\.NET_SessionId|LXCLastVisitDT)$" /-->
+
+	<securecookie host="^(?:community)?\.thefoundry\.co\.uk$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/The_G_Cloud.com.xml b/src/chrome/content/rules/The_G_Cloud.com.xml
new file mode 100644
index 000000000000..6c28618d5f33
--- /dev/null
+++ b/src/chrome/content/rules/The_G_Cloud.com.xml
@@ -0,0 +1,33 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://thegcloud.com/ (200) => https://thegcloud.com/ (400)
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://thegcloud.com/ => https://thegcloud.com/: (60, 'SSL certificate problem: self signed certificate')
+	For other GigeNET coverage, see GigeNET.com.xml.
+
+
+	www: expired 2008-12-05, self-signed, CN: mainsites.gigenet.com
+
+-->
+<ruleset name="The G Cloud.com (partial)" default_off="failed ruleset test">
+
+	<target host="thegcloud.com" />
+	<target host="*.thegcloud.com" />
+		<!--
+			[^?]+ 404s:
+					-->
+		<!--exclusion pattern="^http://www\.thegcloud\.com/+(?!$|\?)" /-->
+
+
+	<securecookie host="^(?:clients|manage-lax)\.thegcloud\.com$" name=".+" />
+
+
+	<rule from="^http://(clients\.|manage-lax\.)?thegcloud\.com/"
+		to="https://$1thegcloud.com/" />
+
+	<rule from="^http://www\.thegcloud\.com/+(?:\?.*)?$"
+		to="https://clients.thegcloud.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/The_Gazette.xml b/src/chrome/content/rules/The_Gazette.xml
new file mode 100644
index 000000000000..5b3a1e24a40f
--- /dev/null
+++ b/src/chrome/content/rules/The_Gazette.xml
@@ -0,0 +1,34 @@
+<!--
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	^thegazette.co.uk: Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.thegazette.co.uk
+
+-->
+<ruleset name="The Gazette.co.uk">
+
+	<target host="thegazette.co.uk" />
+	<target host="*.thegazette.co.uk" />
+
+		<test url="http://www.thegazette.co.uk/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.thegazette\.co\.uk$" name="^(?:Authenticated|JSESSIONID)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://thegazette\.co\.uk/"
+		to="https://www.thegazette.co.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/The_Gear_Hunter.co.uk.xml b/src/chrome/content/rules/The_Gear_Hunter.co.uk.xml
new file mode 100644
index 000000000000..c8079c34bb59
--- /dev/null
+++ b/src/chrome/content/rules/The_Gear_Hunter.co.uk.xml
@@ -0,0 +1,33 @@
+<!--
+	CN: *.secure-secure.co.uk
+
+
+	Mixed content:
+
+		- css, from:
+
+			- $self *
+			- fonts.googleapis.com *
+
+		- Images from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="The Gear Hunter.co.uk (false MCB)" default_off="mismatched" platform="mixedcontent">
+
+	<target host="thegearhunter.co.uk" />
+	<target host="www.thegearhunter.co.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?thegearhunter\.co\.uk$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^www\.thegearhunter\.co\.uk$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/The_Grand.xml b/src/chrome/content/rules/The_Grand.xml
deleted file mode 100644
index 77c7adb39e09..000000000000
--- a/src/chrome/content/rules/The_Grand.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	!www: cert only matches ^thegrandtheatre.com
-
--->
-<ruleset name="The Grand">
-
-	<target host="thegrandtheatre.com" />
-	<target host="www.thegrandtheatre.com" />
-
-
-	<securecookie host="^thegrandtheatre\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?thegrandtheatre\.com/"
-		to="https://thegrandtheatre.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/The_Great_Courses_Plus.com.xml b/src/chrome/content/rules/The_Great_Courses_Plus.com.xml
new file mode 100644
index 000000000000..dc20c0100350
--- /dev/null
+++ b/src/chrome/content/rules/The_Great_Courses_Plus.com.xml
@@ -0,0 +1,28 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://dev.thegreatcoursesplus.com/ => https://dev.thegreatcoursesplus.com/: (6, 'Could not resolve host: dev.thegreatcoursesplus.com')
+Fetch error: http://develop.thegreatcoursesplus.com/ => https://develop.thegreatcoursesplus.com/: Too many redirects while fetching 'https://develop.thegreatcoursesplus.com/'
+Fetch error: http://release.thegreatcoursesplus.com/ => https://release.thegreatcoursesplus.com/: Too many redirects while fetching 'https://release.thegreatcoursesplus.com/'
+
+	Mixed content:
+
+		- Image on dev from cdn.snagfilms.com
+
+-->
+<ruleset name="The Great Courses Plus.com" default_off="failed ruleset test">
+
+	<target host="thegreatcoursesplus.com" />
+	<target host="dev.thegreatcoursesplus.com" />
+	<target host="develop.thegreatcoursesplus.com" />
+	<target host="release.thegreatcoursesplus.com" />
+	<target host="www.thegreatcoursesplus.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/The_Great_Discontent.com.xml b/src/chrome/content/rules/The_Great_Discontent.com.xml
new file mode 100644
index 000000000000..6e59d83bc7fa
--- /dev/null
+++ b/src/chrome/content/rules/The_Great_Discontent.com.xml
@@ -0,0 +1,32 @@
+<!--
+	Problematic hosts in *thegreatdiscontent.com:
+
+		- shop ¹
+		- www ²
+
+	¹ Shopify
+	² Mismatched
+
+-->
+<ruleset name="The Great Discontent.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="thegreatdiscontent.com" />
+
+	<!--	Complications:
+				-->
+	<!--target host="shop.thegreatdiscontent.com" /-->
+	<target host="www.thegreatdiscontent.com" />
+
+
+	<!--rule from="^http://shop\.thegreatdiscontent\.com/"
+		to="https://???.shopify.com/" /-->
+
+	<rule from="^http://www\.thegreatdiscontent\.com/"
+		to="https://thegreatdiscontent.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/The_Group.xml b/src/chrome/content/rules/The_Group.xml
index d55b48a97667..7163653138d2 100644
--- a/src/chrome/content/rules/The_Group.xml
+++ b/src/chrome/content/rules/The_Group.xml
@@ -1,20 +1,24 @@
 <!--
+	(www.)?: Refused
+
+
 	Cert only matches *.the-group.net.
 
 -->
-<ruleset name="The Group">
+<ruleset name="The Group" default_off="refused">
 
 	<target host="the-group.net" />
-	<target host="*.the-group.net" />
+	<target host="www.the-group.net" />
+	<target host="om.the-group.net" />
 
 
 	<securecookie host="^\.the-group\.net$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?the-group\.net/"
+	<rule from="^http://(?:www\.)?the-group\.net/"
 		to="https://www.the-group.net/" />
 
-	<rule from="^https?://om\.the-group\.net/"
+	<rule from="^http://om\.the-group\.net/"
 		to="https://thegroup.112.2o7.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/The_Guardian.com.xml b/src/chrome/content/rules/The_Guardian.com.xml
new file mode 100644
index 000000000000..3e653c89ac71
--- /dev/null
+++ b/src/chrome/content/rules/The_Guardian.com.xml
@@ -0,0 +1,110 @@
+<!--
+	Other Guardian rulesets:
+
+		- Gu.com.xml
+		- Guardian.xml
+		- guardianapps.co.uk.xml
+		- Guardian_Escapes.com.xml
+		- Guardian_Offers.co.uk.xml
+
+
+	CDN buckets:
+
+		- soulmates-614848966.eu-west-1.elb.amazonaws.com
+		- guardian-registration.s3.amazonaws.com
+		- n0tice-static.s3.amazonaws.com
+		- s3.amazonaws.com/soulmates/
+		- witness-static.s3.amazonaws.com
+		- d1mbyzj6lih1pj.cloudfront.net
+		- cdn.theguardian.com.c.footprint.net	← cdn.theguardian.tv
+		- audio.theguardian.tv.c.footprint.net
+		- theguardian.com.d1.sc.omtrdc.net	← hits.theguardian.com
+		- partners.simplifydigital.co.uk	← www.guardiandigitalcomparison.co.uk
+
+
+	Nonfunctional domains:
+
+		- discussion.guardianapis.com ¹
+		- www.guardiandigitalcomparison.co.uk ¹
+
+		- theguardian.com subdomains:
+
+			- feeds ⁴
+			- observer ⁵
+			- syndication ¹
+
+		- audio.theguardian.tv ¹
+		- cdn.theguardian.tv ¹
+
+	¹ Dropped
+	² Interrupted
+	³ 404; mismatched, CN: *.a.ssl.fastly.net
+	⁴ Refused
+	⁵ Redirects to www; mismatched, CN: *.a.ssl.fastly.net
+
+
+	Problematic hosts in *theguardian.com:
+
+		- hits ¹
+		- next ¹
+		- m.jobs ¹
+		- oas ¹
+		- register ¹
+
+	¹ Mismatched
+
+
+	These altnames don't exist:
+
+		- www.id.guardian.co.uk
+		- www.profile.theguardian.com
+		- www.register.theguardian.com
+		- www.securedrop.theguardian.com
+		- www.soulmates.theguardian.com
+		- www.witness.theguardian.com
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- .theguardian.com
+		- bookshop.theguardian.com
+		- .bookshop.theguardian.com
+		- www.bookshop.theguardian.com
+		- contribute.theguardian.com
+		- courseproviders.theguardian.com
+		- courses.theguardian.com
+		- jobs.theguardian.com
+		- soulmates.theguardian.com
+		- www.theguardian.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Bugs on profile, witness from hits.guardian.co.uk *
+
+	* Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+-->
+<ruleset name="The Guardian.com (partial)">
+	<target host="theguardian.com" />
+	<target host="bookshop.theguardian.com" />
+	<target host="www.bookshop.theguardian.com" />
+	<target host="contribute.theguardian.com" />
+	<target host="courses.theguardian.com" />
+	<target host="discussion.theguardian.com" />
+	<target host="embed.theguardian.com" />
+	<target host="hits-secure.theguardian.com" />
+	<target host="id.theguardian.com" />
+	<target host="jobs.theguardian.com" />
+	<target host="membership.theguardian.com" />
+	<target host="profile.theguardian.com" />
+	<target host="securedrop.theguardian.com" />
+	<target host="soulmates.theguardian.com" />
+	<target host="subscribe.theguardian.com" />
+	<target host="witness.theguardian.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"	to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/The_Hill.com.xml b/src/chrome/content/rules/The_Hill.com.xml
new file mode 100644
index 000000000000..525ec8c0b952
--- /dev/null
+++ b/src/chrome/content/rules/The_Hill.com.xml
@@ -0,0 +1,42 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://thehill.com/ => https://thehill.com/: (51, "SSL: no alternative certificate subject name matches target host name 'thehill.com'")
+Fetch error: http://mobile.thehill.com/ => https://mobile.thehill.com/: (6, 'Could not resolve host: mobile.thehill.com')
+Fetch error: http://www.thehill.com/ => https://www.thehill.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.thehill.com'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://thehill.com/ => https://thehill.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+	Mixed content:
+
+		- Images from $self ¹
+
+		- favicon on ^ from $self ¹
+
+		- Ads/web bugs, on:
+
+			- ^ from:
+
+				- cdn.nmcdn.us ²
+				- widgets.outbrain.com ¹
+				- meta.talkingpointsmemo.com ³
+				- b.scorecardresearch.com ¹
+
+			- mobile from partner.googleadservices.com ¹
+
+
+	¹ Secured by us
+	² Unsecurable <= 404
+	³ Unsecurable <= refused
+
+-->
+<ruleset name="The Hill.com" default_off="failed ruleset test">
+
+	<target host="thehill.com" />
+	<target host="mobile.thehill.com" />
+	<target host="www.thehill.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/The_Hoxton.com.xml b/src/chrome/content/rules/The_Hoxton.com.xml
new file mode 100644
index 000000000000..bec4bc0ecf14
--- /dev/null
+++ b/src/chrome/content/rules/The_Hoxton.com.xml
@@ -0,0 +1,22 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.thehoxton.com/ => https://www.thehoxton.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.thehoxton.com'")
+
+-->
+<ruleset name="The Hoxton.com" default_off="failed ruleset test">
+
+	<target host="thehoxton.com" />
+	<target host="www.thehoxton.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^thehoxton\.com$" name="^__RequestVerificationToken$" /-->
+
+	<securecookie host="^thehoxton\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/The_Information.com.xml b/src/chrome/content/rules/The_Information.com.xml
new file mode 100644
index 000000000000..fc27974cc52e
--- /dev/null
+++ b/src/chrome/content/rules/The_Information.com.xml
@@ -0,0 +1,14 @@
+<!--
+	^: refused
+
+-->
+<ruleset name="The Information.com">
+
+	<target host="theinformation.com" />
+	<target host="www.theinformation.com" />
+
+
+	<rule from="^http://(?:www\.)?theinformation\.com/"
+		to="https://www.theinformation.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/The_Internet_Co.net.xml b/src/chrome/content/rules/The_Internet_Co.net.xml
new file mode 100644
index 000000000000..e1310621468f
--- /dev/null
+++ b/src/chrome/content/rules/The_Internet_Co.net.xml
@@ -0,0 +1,8 @@
+<ruleset name="The Internet Co.net">
+
+	<target host="theinternetco.net" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/The_Johns_Hopkins_University.xml b/src/chrome/content/rules/The_Johns_Hopkins_University.xml
index 5914b034981f..2bf5d5307985 100644
--- a/src/chrome/content/rules/The_Johns_Hopkins_University.xml
+++ b/src/chrome/content/rules/The_Johns_Hopkins_University.xml
@@ -1,55 +1,315 @@
+
 <!--
-	DNS Name: *.erp.johnshopkins.edu
+Disabled by https-everywhere-checker because:
+Fetch error: http://archive.data.jhu.edu/ => https://archive.data.jhu.edu/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://dmp.data.jhu.edu/ => https://dmp.data.jhu.edu/: (35, 'error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure')
+Fetch error: http://sites.krieger.jhu.edu/ => https://sites.krieger.jhu.edu/: (51, "SSL: no alternative certificate subject name matches target host name 'sites.krieger.jhu.edu'")
+Fetch error: http://rooms.library.jhu.edu/ => https://rooms.library.jhu.edu/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://m.jhu.edu/ => https://m.jhu.edu/: (6, 'Could not resolve host: jhu-prod.cloud.modolabs.net')
+Fetch error: http://wiki.pha.jhu.edu/ => https://wiki.pha.jhu.edu/: (60, 'SSL certificate problem: certificate has expired')
+
+	For rules causing false/broken MCB, see JHU.edu-falsemixed.xml.
+
+	Other Johns Hopkins University rulesets:
+
+		- Hopkins-Interactive.com.xml
+		- JH.edu.xml
+		- JHMI.edu.xml
+		- Johns_Hopkins.edu.xml
+
+
+	Nonfunctional hosts in *jhu.edu:
+
+		- academicsupport ²
+		- accessibility ²
+		- advanced ³
+		- www.advising ²
+		- (www.)?alumni ʳ
+		- www.ams ʳ
+		- anthropology ²
+		- archaeologicalmuseum ʳ
+		- (www.)?benefits **
+		- www.bio	(Shows orchid.hosts.jhmi.edu)
+		- (www.)?bme ²
+		- carey ʳ
+		- (www.)?cbi ²
+		- (www.)?chemistry ²
+		- classics ²
+		- cmdb		(Shows webapps.jhu.edu)
+		- cogsci ²
+		- digitalmedia ²
+		- e-catalog ʳ
+		- (www.)?econ ²
+		- education ᵈ
+		- eng ᵈ
+		- english ²
+		- eps ²
+		- gazette ²
+		- (www.)?grad ²
+		- grll ²
+		- gro ²
+		- history ²
+		- host ²
+		- humctr ²
+		- isi ʳ
+		- spar.isi ʳ
+		- jhuniverse ²
+		- krieger ²
+		- krieger2 ²
+		- kriegerbeta	(500)
+		- kriegerit ²
+		- ksasalpha	(Blank page)
+		- labsafety-old ²
+		- old.library ᵗ
+		- magazine ʳ
+		- mathnt.mat ²
+		- (www.)?math	(Plaintext reply)
+		- (www.)?mathematics ²
+		- neareast ²
+		- (www.)?nursing ²
+		- parents ²
+
+		- facultydb.peabody ᶠ
+		- musiclibrary.peabody	404
+		- preview.peabody ʳ
+
+		- pbs ²
+		- pha			(Shows mail.pha.jhu.edu)
+		- www.pha		(Shows wiki.pha.jhu.edu)
+		- philosophy ²
+		- physics-astronomy ²
+		- pmb ²
+		- pmcb ²
+		- politicalscience ²
+		- postdoc ²
+		- releases ²
+		- sexualassault ²
+		- (www.)?soc ²
+		- stepup ²
+		- tutoring ᵈ
+		- web ²
+		- webaccessibility	(Shows orchid.hosts.jhmi.edu)
+		- writingseminars ²
+
+	³ 403
+	ᵈ Dropped
+	** Shows hrnt
+	ʳ Refused
+	² 200 "not configured"
+	ᵗ Reset
+	ᶠ Handshake fails
+
+
+	Problematic hosts in *jhu.edu:
+
+		- beta ᶜ
+		- (www.)?ce ʳ
+		- caportal.cis ᵐ
+		- gallery.cis ˢ
+		- mind.cog ᵉ
+		- (www.)?ce ʳ
+		- (www.)?giving ʳ
+		- homewoodphoto2 ˢ
+		- www.hub ᵐ
+		- help.isis ᵉ
+		- (www.)?it ²
+		- labsafety ˣ
+		- ask.library ᵐ
+		- databases.library ˢ
+		- nanjing ᵐ
+		- peabody ᵐ
+		- www.peabody ᶜ
+		- help.sset ᵉ ᵐ
+
+	² 200 "not configured"
+	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
+	ᵉ Expired
+	ᵐ Mismatched
+	ʳ Refused
+	ˢ Self-signed
+	ˣ Mixed css
+
+
+	Partially covered hosts in *jhu.edu:
+
+		- www.ams ⁴	(→ engineering)
 
+	⁴ Some paths 404
 
-	Nonfunctional domains:
 
-		- ssc.jhmi.edu	(shows ess.erp.johnhopkins.edu, CN: *.johnshopkins.edu)
-		- www.jhu.edu	(CN: *.johnshopkins.edu)
-		- (www.)library.jhu.edu
+	These altnames don't exist:
 
+		- beta.jhu.edu
+		- io17.cis.jhu.edu
 
-	Problematic domains:
 
-		- cs.jhu.edu	(cert only matches www.cs)
+	Insecure cookies are set for these domains and hosts:
 
+		- blackboard.jhu.edu
+		- gallery.cis.jhu.edu
+		- archive.data.jhu.edu
+		- hrnt.jhu.edu
+		- hub.jhu.edu
+		- isis.jhu.edu
+		- m.jhu.edu
+		- .muse.jhu.edu
+		- esgwtdc.nts.jhu.edu
+		- peabody.jhu.edu
+		- www.peabody.jhu.edu
 
-	Fully covered domains:
 
-		- orchid.hosts.jhmi.edu
+	Mixed content:
 
-		- (www.)cs.jhu.edu	(^ → www)
-		- webapps.jhu.edu
+		- css, on:
 
-		- johnshopkins.edu subdomains:
+			- homewoodphoto2, www.peabody from fonts.googleapis.com ˢ
+			- labsafety from $self ˢ
+			- www.peabody from $self ᶜ
 
-			- ess.erp
-			- my
-			- portal
-			- portalcontent
+		- Images, on:
+
+			- archive.data from dmp.data.jhu.edu ˢ
+			- archive.data, dmp.data from www.library.jhu.edu ˢ
+			- (www.)?cs, support.cs from engineering.jhu.edu ˢ
+			- engineering from $self ˢ
+			- homewoodphoto2 from *.r\d+.cf\d.rackcdn.com ˢ
+			- www.peabody from $self ᶜ
+
+		- favicon on hmt from webapps ˢ
+
+	ᶜ Not secured by us <= missing certificate chain
+	ˢ Secured by us
 
 -->
-<ruleset name="The Johns Hopkins University (partial)">
+<ruleset name="JHU.edu (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="apply.jhu.edu" />
+	<!--target host="beta.jhu.edu" /-->
+	<target host="blackboard.jhu.edu" />
+	<target host="connect.jhu.edu" />
+	<target host="cs.jhu.edu" />
+	<target host="www.cs.jhu.edu" />
+	<target host="archive.data.jhu.edu" />
+	<target host="dmp.data.jhu.edu" />
+	<target host="jhweb.dev.jhu.edu" />
+	<target host="engineering.jhu.edu" />
+	<target host="ep.jhu.edu" />
+	<target host="folio.jhu.edu" />
+	<target host="hrnt.jhu.edu" />
+	<target host="hub.jhu.edu" />
+	<target host="api.hub.jhu.edu" />
+	<target host="isis.jhu.edu" />
+	<!--target host="help.isis.jhu.edu" /-->
+	<target host="jobs.jhu.edu" />
+	<target host="sites.krieger.jhu.edu" />
+	<!--target host="labsafety.jhu.edu" /-->
+	<target host="library.jhu.edu" />
+
+	<target host="catalyst.library.jhu.edu" />
+	<target host="databases.library.jhu.edu" />
+	<target host="findit.library.jhu.edu" />
+	<target host="rooms.library.jhu.edu" />
+	<target host="www.library.jhu.edu" />
 
-	<target host="orchid.hosts.jhmi.edu" />
+	<target host="m.jhu.edu" />
+	<target host="muse.jhu.edu" />
+	<target host="my.jhu.edu" />
+	<target host="esgwtdc.nts.jhu.edu" />
+	<!--target host="www.peabody.jhu.edu" /-->
+	<target host="wiki.pha.jhu.edu" />
+	<target host="jhupbooks.press.jhu.edu" />
+	<target host="www.press.jhu.edu" />
+	<target host="rising.jhu.edu" />
+	<target host="www.rising.jhu.edu" />
+	<target host="secure.jhu.edu" />
+	<target host="www.secure.jhu.edu" />
 	<target host="webapps.jhu.edu" />
-	<target host="*.johnshopkins.edu" />
-	<target host="ess.erp.johnshopkins.edu" />
+	<target host="www.jhu.edu" />
+
+	<!--	Complications:
+				-->
+	<target host="www.ams.jhu.edu" />
+	<target host="ce.jhu.edu" />
+	<target host="www.ce.jhu.edu" />
+	<target host="giving.jhu.edu" />
+	<target host="www.giving.jhu.edu" />
+	<target host="www.hub.jhu.edu" />
+	<target host="it.jhu.edu" />
+	<target host="www.it.jhu.edu" />
+	<!--target host="peabody.jhu.edu" /-->
+	<target host="nanjing.jhu.edu" />
+	<!--target host="help.sset.jhu.edu" /-->
+
+		<exclusion pattern="^http://www\.ams\.jhu\.edu/+(?!$|\?)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.ams.jhu.edu/ers/" />
+			<test url="http://www.ams.jhu.edu/~eyink/" />
+			<test url="http://www.ams.jhu.edu/~fishkind/550_361.html" />
+			<test url="http://www.ams.jhu.edu/~priebe/students.html" />
+			<test url="http://www.ams.jhu.edu/~yxu70/research.html" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^blackboard\.jhu\.edu$" name="^(?:JSESSIONID|bbcswebdav|session_id)$" /-->
+	<!--securecookie host="^gallery\.cis\.jhu\.edu$" name="^GallerySession$" /-->
+	<!--securecookie host="^archive\.data\.jhu\.edu$" name="^ice\.push\.browser$" /-->
+	<!--securecookie host="^hrnt\.jhu\.edu$" name="^(CFID|CFTOKEN|JHUJOBS_ID|JHUJOBS_USER|JSESSIONID)$" /-->
+	<!--securecookie host="^hub\.jhu\.edu$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^isis\.jhu\.edu$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^m\.jhu\.edu$" name="^(?:_kgouuid|[\da-f]{32})$" /-->
+	<!--securecookie host="^\.muse\.jhu\.edu$" name="^session$" /-->
+	<!--securecookie host="^esgwtdc\.nts\.jhu\.edu$" name="^(?:ACOOKIE|WEBTRENDS_ID)$" /-->
+	<!--securecookie host="^(www\.)?peabody\.jhu\.edu$" name="^(CFID|CFTOKEN)$" /-->
+
+	<securecookie host="^\." name="^_gat?$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<!--	Redirect keeps args:
+					-->
+	<rule from="^http://www\.ams\.jhu\.edu/+"
+		to="https://engineering.jhu.edu/ams/" />
+
+		<test url="http://www.ams.jhu.edu/?" />
+
+	<!--	Redirect drops path but not args:
+							-->
+	<rule from="^http://(?:www\.)?ce\.jhu\.edu/[^?]*"
+		to="https://engineering.jhu.edu/civil/" />
+
+		<test url="http://ce.jhu.edu/home.htm" />
+		<test url="http://www.ce.jhu.edu/home.php" />
+
+	<!--	Redirect keeps path and args:
+						-->
+	<rule from="^http://(?:www\.)?giving\.jhu\.edu/+"
+		to="https://rising.jhu.edu/" />
 
+	<rule from="^http://www\.hub\.jhu\.edu/"
+		to="https://hub.jhu.edu/" />
 
-	<securecookie host="^.+\.johnshopkins\.edu$" name=".+" />
+	<rule from="^http://(?:www\.)?it\.jhu\.edu/"
+		to="https://it.johnshopkins.edu/" />
 
+	<!--	Redirect drops path but not args:
+							-->
+	<rule from="^http://nanjing\.jhu\.edu/[^?]*"
+		to="https://www.sais-jhu.edu/graduate-studies/campuses/nanjing-china" />
 
-	<rule from="^http://orchid\.hosts\.jhmi\.edu/"
-		to="https://orchid.hosts.jhmi.edu/" />
+		<test url="http://nanjing.jhu.edu/home.htm" />
 
-	<rule from="^https?://(?:www\.)?cs\.jhu\.edu/"
-		to="https://www.cs.jhu.edu/" />
+	<!--rule from="^http://peabody\.jhu\.edu/"
+		to="https://www.peabody.jhu.edu/" /-->
 
-	<rule from="^http://webapps\.jhu\.edu/"
-		to="https://webapps.jhu.edu/" />
+	<!--rule from="^http://help\.sset\.jhu\.edu/"
+		to="https://help.isis.jhu.edu/" /-->
 
-	<rule from="^http://(ess\.erp|my|portal(?:content)?)\.johnshopkins\.edu/"
-		to="https://$1.johnshopkins.edu/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/The_Marshall_Project.org.xml b/src/chrome/content/rules/The_Marshall_Project.org.xml
new file mode 100644
index 000000000000..8635b817983a
--- /dev/null
+++ b/src/chrome/content/rules/The_Marshall_Project.org.xml
@@ -0,0 +1,10 @@
+<ruleset name="The Marshall Project.org">
+
+	<target host="themarshallproject.org" />
+	<target host="www.themarshallproject.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/The_Movie_Database.xml b/src/chrome/content/rules/The_Movie_Database.xml
new file mode 100644
index 000000000000..488e52f3eccb
--- /dev/null
+++ b/src/chrome/content/rules/The_Movie_Database.xml
@@ -0,0 +1,26 @@
+<!--
+	404 status code:
+		image.tmdb.org
+
+	Redirects:
+		api.themoviedb.org → www.themoviedb.org/documentation/api
+		developers.themoviedb.org → developers.themoviedb.org/4/getting-started
+		tmdb.org → www.themoviedb.org
+		www.tmdb.org → www.themoviedb.org
+-->
+<ruleset name="The Movie Database (TMDb)">
+	<target host="themoviedb.org" />
+	<target host="www.themoviedb.org" />
+	<target host="api.themoviedb.org" />
+	<target host="blog.themoviedb.org" />
+	<target host="developers.themoviedb.org" />
+
+	<target host="tmdb.org" />
+	<target host="www.tmdb.org" />
+	<target host="image.tmdb.org" />
+		<test url="http://image.tmdb.org/t/p/w500_and_h281_bestv2/nGsNruW3W27V6r4gkyc3iiEGsKR.jpg" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/The_Newsmarket.xml b/src/chrome/content/rules/The_Newsmarket.xml
index 07f91aa456f5..0347072bc706 100644
--- a/src/chrome/content/rules/The_Newsmarket.xml
+++ b/src/chrome/content/rules/The_Newsmarket.xml
@@ -1,12 +1,12 @@
 <ruleset name="The Newsmarket (partial)">
 
-	<target host="*.thenewsmarket.com" />
+	<target host="br.thenewsmarket.com" />
+	<target host="previews.thenewsmarket.com" />
 
 
 	<securecookie host="^br\.thenewsmarket\.com$" name=".+" />
 
 
-	<rule from="^http://(br|previews)\.thenewsmarket\.com/"
-		to="https://$1.thenewsmarket.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/The_Next_Web-problematic.xml b/src/chrome/content/rules/The_Next_Web-problematic.xml
index f462b0ad6297..7a973ff284d5 100644
--- a/src/chrome/content/rules/The_Next_Web-problematic.xml
+++ b/src/chrome/content/rules/The_Next_Web-problematic.xml
@@ -11,7 +11,6 @@
 		<exclusion pattern="^http://jobs\.thenextweb\.com/(?:Areas|Content|i)/" />
 
 
-	<rule from="^http://(guides|index|jobs)\.thenextweb\.com/"
-		to="https://$1.thenextweb.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/The_Outnet.xml b/src/chrome/content/rules/The_Outnet.xml
index 1297c114649e..f991c527bd56 100644
--- a/src/chrome/content/rules/The_Outnet.xml
+++ b/src/chrome/content/rules/The_Outnet.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://theoutnet.com/ (200) => https://www.theoutnet.com/ (403)
+
 	Problematic subdomains:
 
 		- ^	(cert only matches www)
@@ -9,10 +13,12 @@
 		- cache
 
 -->
-<ruleset name="The Outnet">
+<ruleset name="The Outnet" default_off="failed ruleset test">
 
 	<target host="theoutnet.com" />
-	<target host="*.theoutnet.com" />
+	<target host="www.theoutnet.com" />
+	<target host="cache.theoutnet.com" />
+	<target host="www-lt.theoutnet.com" />
 
 
 	<securecookie host="^\.?www\.theoutnet\.com$" name=".+" />
@@ -21,7 +27,6 @@
 	<rule from="^http://(?:www\.)?theoutnet\.com/"
 		to="https://www.theoutnet.com/" />
 
-	<rule from="^http://(cache|www-lt)\.theoutnet\.com/"
-		to="https://$1.theoutnet.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/The_Parliament_Magazine.eu.xml b/src/chrome/content/rules/The_Parliament_Magazine.eu.xml
new file mode 100644
index 000000000000..330203a30bc6
--- /dev/null
+++ b/src/chrome/content/rules/The_Parliament_Magazine.eu.xml
@@ -0,0 +1,14 @@
+<ruleset name="The Parliament Magazine.eu">
+
+	<target host="theparliamentmagazine.eu" />
+	<target host="www.theparliamentmagazine.eu" />
+
+
+	<securecookie host="^\." name="^_ga" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/The_Patriot_Post.xml b/src/chrome/content/rules/The_Patriot_Post.xml
deleted file mode 100644
index 1754fb83f49f..000000000000
--- a/src/chrome/content/rules/The_Patriot_Post.xml
+++ /dev/null
@@ -1,29 +0,0 @@
-<!--
-	CDN buckets:
-
-		- assets.patriotpost.com.s3.amazonaws.com
-		- media.patriotpost.us.s3.amazonaws.com
-
-
-	Problematic domains:
-
-		- www.patriotpost.us	(cert only matches ^patriotpost.us)
-
--->
-<ruleset name="The Patriot Post">
-
-	<target host="assets.patriotpost.com" />
-	<target host="patriotpost.us" />
-	<target host="*.patriotpost.us" />
-
-
-	<securecookie host="^patriotpost\.us$" name=".+" />
-
-
-	<rule from="^https?://(?:www\.)?patriotpost\.us/"
-		to="https://patriotpost.us/" />
-
-	<rule from="^https?://(assets\.patriotpost\.com|media\.patriotpost\.us)/"
-		to="https://s3.amazonaws.com/$1/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/The_RSA.org.xml b/src/chrome/content/rules/The_RSA.org.xml
new file mode 100644
index 000000000000..63fd42cf3759
--- /dev/null
+++ b/src/chrome/content/rules/The_RSA.org.xml
@@ -0,0 +1,12 @@
+<ruleset name="The RSA.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="thersa.org" />
+	<target host="www.thersa.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/The_Rock_Trading.com.xml b/src/chrome/content/rules/The_Rock_Trading.com.xml
new file mode 100644
index 000000000000..b2099531db09
--- /dev/null
+++ b/src/chrome/content/rules/The_Rock_Trading.com.xml
@@ -0,0 +1,24 @@
+<!--
+	These altnames don't exist:
+
+		- www.support.therocktrading.com
+
+-->
+<ruleset name="The Rock Trading.com">
+
+	<target host="therocktrading.com" />
+	<target host="support.therocktrading.com" />
+	<target host="www.therocktrading.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?therocktrading\.com$" name="^(_rock3_session|promoter_id)$" /-->
+
+	<securecookie host="^(?:www\.)?therocktrading\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/The_Satanic_Temple.com.xml b/src/chrome/content/rules/The_Satanic_Temple.com.xml
index 709f854fad9c..a414f5cec72b 100644
--- a/src/chrome/content/rules/The_Satanic_Temple.com.xml
+++ b/src/chrome/content/rules/The_Satanic_Temple.com.xml
@@ -1,4 +1,7 @@
 <!--
+	(www.)?thesatanictemple.org: Refused
+
+
 	Mixed content:
 
 		- Images on www from www *
@@ -9,7 +12,7 @@
 <ruleset name="The Satanic Temple.com (false MCB)" default_off="mismatched" platform="mixedcontent">
 
 	<target host="thesatanictemple.com" />
-	<target host="*.thesatanictemple.com" />
+	<target host="www.thesatanictemple.com" />
 	<target host="thesatanictemple.org" />
 	<target host="www.thesatanictemple.org" />
 
diff --git a/src/chrome/content/rules/The_Security_Practice.com.xml b/src/chrome/content/rules/The_Security_Practice.com.xml
new file mode 100644
index 000000000000..595576166c1f
--- /dev/null
+++ b/src/chrome/content/rules/The_Security_Practice.com.xml
@@ -0,0 +1,23 @@
+<!--
+	CN: ssl2749.cloudflare.com
+
+
+	^thesecuritypractice.com doesn't exist
+
+
+	Mixed content:
+
+		- css from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="The Security Practice.com" default_off="mismatched">
+
+	<target host="www.thesecuritypractice.com" />
+
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/The_Smoking_Gun.com.xml b/src/chrome/content/rules/The_Smoking_Gun.com.xml
new file mode 100644
index 000000000000..8762d6ff2883
--- /dev/null
+++ b/src/chrome/content/rules/The_Smoking_Gun.com.xml
@@ -0,0 +1,27 @@
+<!--
+	CN: *.acquia-sites.com
+
+
+	Mixed content:
+
+		- Images from ^ *
+
+		- Ads/bugs, from:
+
+			- s7.addthis.com *
+			- ads.pubsqrd.com *
+			- platform.twitter.com *
+
+	* Secured by us
+
+-->
+<ruleset name="The Smoking Gun.com" default_off="mismatched">
+
+	<target host="thesmokinggun.com" />
+	<target host="www.thesmokinggun.com" />
+
+
+	<rule from="^http://(?:www\.)?thesmokinggun\.com/"
+		to="https://www.thesmokinggun.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/The_Star_Advisers.com.xml b/src/chrome/content/rules/The_Star_Advisers.com.xml
new file mode 100644
index 000000000000..bd045f8e8311
--- /dev/null
+++ b/src/chrome/content/rules/The_Star_Advisers.com.xml
@@ -0,0 +1,23 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- www.thestaradvisers.com
+
+-->
+<ruleset name="The Star Advisers.com">
+
+	<target host="thestaradvisers.com" />
+	<target host="www.thestaradvisers.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.thestaradvisers\.com$" name="^(?:\.VCOPAuth|ASP\.NET_SessionId)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/The_Storefront.com-falsemixed.xml b/src/chrome/content/rules/The_Storefront.com-falsemixed.xml
deleted file mode 100644
index 16ba84c17449..000000000000
--- a/src/chrome/content/rules/The_Storefront.com-falsemixed.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	For rules not causing false/broken MCB, see The_Storefront.com.xml.
-
--->
-<ruleset name="The Storefront.com (false MCB)" platform="mixedcontent">
-
-	<target host="blog.thestorefront.com" />
-		<!--
-			Handled in The_Storefront.com.xml:
-								-->
-		<!--exclusion pattern="^http://blog\.thestorefront\.com/+(wp-content/|wp-includes/)" /-->
-
-
-	<rule from="^http://blog\.thestorefront\.com/(?!wp-content/|wp-includes/)"
-		to="https://blog.thestorefront.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/The_Storefront.com-problematic.xml b/src/chrome/content/rules/The_Storefront.com-problematic.xml
index b49266e80c63..287d2dea0333 100644
--- a/src/chrome/content/rules/The_Storefront.com-problematic.xml
+++ b/src/chrome/content/rules/The_Storefront.com-problematic.xml
@@ -10,7 +10,7 @@
 	<securecookie host="^explore\.thestorefront\.com$" name=".+" />
 
 
-	<rule from="^http://explore\.thestorefront\.com/"
-		to="https://explore.thestorefront.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/The_Storefront.com.xml b/src/chrome/content/rules/The_Storefront.com.xml
index d46333089ba4..96f19eaede39 100644
--- a/src/chrome/content/rules/The_Storefront.com.xml
+++ b/src/chrome/content/rules/The_Storefront.com.xml
@@ -1,6 +1,4 @@
 <!--
-	For rules causing false/broken MCB, see The_Storefront.com-falsemixed.xml.
-
 	For problematic rules, see The_Storefront.com-problematic.xml.
 
 
@@ -9,50 +7,32 @@
 		- d1q9ztij0byik7.cloudfront.net
 
 
-	Nonfunctional subdomains:
+	Nonfunctional hosts in *thestorefront.com:
 
+		- blog *
 		- help	(desk.com)
 
+	* WP Engine
+
 
 	Problematic subdomains:
 
 		- explore	(works; mismatched, CN: *.unbounce.com)
 
-
-	Mixed content:
-
-		- Script on blog from s0.wp.com *
-
-		- css on blog from blog *
-
-		- Images on blog from blog *
-
-		- Web bugs, on blog from:
-
-			- www.facebook.com *
-			- s.gravatar.com *
-			- www.reddit.com *
-			- www.stumbleupon.com *
-			- platform.twitter.com *
-			- stats.wordpress.com *
-
-	* Secured by us
-
 -->
 <ruleset name="The Storefront.com (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="thestorefront.com" />
-	<target host="*.thestorefront.com" />
-		<!--
-			Avoid false/broken MCB:
-						-->
-		<exclusion pattern="^http://blog\.thestorefront\.com/+(?!wp-content/|wp-includes/)" />
+	<target host="app.thestorefront.com" />
+	<target host="www.thestorefront.com" />
 
 
 	<securecookie host="^(?:www)?\.thestorefront\.com$" name=".+" />
 
 
-	<rule from="^http://(blog\.|www\.)?thestorefront\.com/"
-		to="https://$1thestorefront.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/The_Stranger.com.xml b/src/chrome/content/rules/The_Stranger.com.xml
new file mode 100644
index 000000000000..3c971deb1938
--- /dev/null
+++ b/src/chrome/content/rules/The_Stranger.com.xml
@@ -0,0 +1,33 @@
+<!--
+	Nonfunctional subdomains:
+
+		- slog
+
+
+	Mixed content:
+
+		- favicon on post and www from www *
+
+	* Secured by us
+
+-->
+<ruleset name="The Stranger.com (partial)">
+
+	<target host="thestranger.com" />
+	<target host="classifieds.thestranger.com" />
+	<target host="post.thestranger.com" />
+	<target host="www.thestranger.com" />
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="^http://post\.thestranger\.com/seattle/Login($|\?)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://post\.thestranger\.com/+(?!$|\?|favicon\.ico|foundation/|images/|post/|styles/)" />
+
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/The_Student_Room.co.uk.xml b/src/chrome/content/rules/The_Student_Room.co.uk.xml
new file mode 100644
index 000000000000..3dd7e56414a8
--- /dev/null
+++ b/src/chrome/content/rules/The_Student_Room.co.uk.xml
@@ -0,0 +1,13 @@
+<!--
+	Unable to Connect:
+		insight.thestudentroom.co.uk
+-->
+<ruleset name="The Student Room.co.uk">
+	<target host="thestudentroom.co.uk" />
+	<target host="www.thestudentroom.co.uk" />
+	<target host="static.thestudentroom.co.uk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/The_TFP.xml b/src/chrome/content/rules/The_TFP.xml
index 1ed9f0803615..1d7abbd94a34 100644
--- a/src/chrome/content/rules/The_TFP.xml
+++ b/src/chrome/content/rules/The_TFP.xml
@@ -4,7 +4,6 @@
 	<target host="www.thetfp.com" />
 
 
-	<rule from="^http://(www\.)?thetfp\.com/"
-		to="https://$1thetfp.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/The_Technoskeptic.com.xml b/src/chrome/content/rules/The_Technoskeptic.com.xml
new file mode 100644
index 000000000000..600ff838c862
--- /dev/null
+++ b/src/chrome/content/rules/The_Technoskeptic.com.xml
@@ -0,0 +1,24 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- thetechnoskeptic.com
+		- www.thetechnoskeptic.com
+
+-->
+<ruleset name="The Technoskeptic.com">
+
+	<target host="thetechnoskeptic.com" />
+	<target host="www.thetechnoskeptic.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?thetechnoskeptic\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/The_Theme_Foundry.com.xml b/src/chrome/content/rules/The_Theme_Foundry.com.xml
new file mode 100644
index 000000000000..8233a9514e26
--- /dev/null
+++ b/src/chrome/content/rules/The_Theme_Foundry.com.xml
@@ -0,0 +1,29 @@
+<!--
+	Nonfunctional subdomains:
+
+		- forge *
+
+	* github
+
+
+	Fully covered subdomains:
+
+		- (www.)
+		- demo
+		- staging.demo
+		- staging
+
+-->
+<ruleset name="The Theme Foundry.com (partial)">
+
+	<target host="thethemefoundry.com" />
+	<target host="demo.thethemefoundry.com" />
+	<target host="staging.demo.thethemefoundry.com" />
+	<target host="staging.thethemefoundry.com" />
+	<target host="www.thethemefoundry.com" />
+		<!--exclusion pattern="^http://forge\.thethemefoundry\.com/" /-->
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/The_Tin_Hat.com.xml b/src/chrome/content/rules/The_Tin_Hat.com.xml
new file mode 100644
index 000000000000..3d135567260d
--- /dev/null
+++ b/src/chrome/content/rules/The_Tin_Hat.com.xml
@@ -0,0 +1,16 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.thetinhat.com/ => https://www.thetinhat.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.thetinhat.com'")
+
+-->
+<ruleset name="The Tin Hat.com" default_off="failed ruleset test">
+
+	<target host="thetinhat.com" />
+	<target host="www.thetinhat.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/The_Watershed.xml b/src/chrome/content/rules/The_Watershed.xml
deleted file mode 100644
index e2b132812b20..000000000000
--- a/src/chrome/content/rules/The_Watershed.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	Problematic subdomains:
-
-		- chat	(mismatched)
-
--->
-<ruleset name="The Watershed">
-
-	<target host="thewatershed.com" />
-	<target host="*.thewatershed.com" />
-
-
-	<securecookie host=".+\.thewatershed\.com$" name=".+" />
-
-
-	<rule from="^http://((?:cdn|lp|wsmail|www)\.)?thewatershed\.com/"
-		to="https://$1thewatershed.com/" />
-
-	<rule from="^https?://chat\.thewatershed\.com/(?:\?.*)?$"
-		to="https://addictionhelpchat.com/webchatasp/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/The_Watershed_Residence.xml b/src/chrome/content/rules/The_Watershed_Residence.xml
index 0e42b154e70d..e6cd17cb7339 100644
--- a/src/chrome/content/rules/The_Watershed_Residence.xml
+++ b/src/chrome/content/rules/The_Watershed_Residence.xml
@@ -1,8 +1,16 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://thewatershedresidence.com/ => https://thewatershedresidence.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.thewatershedresidence.com/ => https://thewatershedresidence.com/: (60, 'SSL certificate problem: certificate has expired')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://thewatershedresidence.com/ => https://thewatershedresidence.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.thewatershedresidence.com/ => https://thewatershedresidence.com/: (60, 'SSL certificate problem: certificate has expired')
 	www: mismatched
 
 -->
-<ruleset name="The Watershed Residence">
+<ruleset name="The Watershed Residence" default_off="failed ruleset test">
 
 	<target host="thewatershedresidence.com" />
 	<target host="www.thewatershedresidence.com" />
@@ -11,7 +19,7 @@
 	<securecookie host="^thewatershedresidence\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?thewatershedresidence\.com/"
+	<rule from="^http://(?:www\.)?thewatershedresidence\.com/"
 		to="https://thewatershedresidence.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/The_Web_Index.org.xml b/src/chrome/content/rules/The_Web_Index.org.xml
index b323df7f99d8..b600ac9a7b0c 100644
--- a/src/chrome/content/rules/The_Web_Index.org.xml
+++ b/src/chrome/content/rules/The_Web_Index.org.xml
@@ -1,16 +1,22 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://thewebindex.org/ => https://thewebindex.org/: Too many redirects while fetching 'https://thewebindex.org/'
+Fetch error: http://www.thewebindex.org/ => https://www.thewebindex.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.thewebindex.org'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.thewebindex.org/ => https://www.thewebindex.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.thewebindex.org'")
 	Problematic subdomains:
 
 		- beta	(mismatched, CN: thewebindex.org)
 
 -->
-<ruleset name="The Web Index.org">
+<ruleset name="The Web Index.org" default_off="failed ruleset test">
 
 	<target host="thewebindex.org" />
 	<target host="www.thewebindex.org" />
 
 
-	<rule from="^http://(www\.)?thewebindex\.org/"
-		to="https://$1thewebindex.org/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/The_Week.com.xml b/src/chrome/content/rules/The_Week.com.xml
new file mode 100644
index 000000000000..13bcaea5561e
--- /dev/null
+++ b/src/chrome/content/rules/The_Week.com.xml
@@ -0,0 +1,14 @@
+<ruleset name="The Week.com">
+
+	<target host="theweek.com" />
+	<target host="www.theweek.com" />
+
+
+	<!--	Secured by server:
+					-->
+	<!--securecookie host="^theweek\.com$" name="^THEWEEK$" /-->
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/The_Western_World.xml b/src/chrome/content/rules/The_Western_World.xml
index 62b2090fb994..7f89f142c51a 100644
--- a/src/chrome/content/rules/The_Western_World.xml
+++ b/src/chrome/content/rules/The_Western_World.xml
@@ -1,4 +1,12 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://thewesternworld.com/ => https://thewesternworld.com/: (7, 'Failed to connect to thewesternworld.com port 443: Connection refused')
+Fetch error: http://www.thewesternworld.com/ => https://www.thewesternworld.com/: (7, 'Failed to connect to www.thewesternworld.com port 443: Connection refused')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://thewesternworld.com/ => https://thewesternworld.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.thewesternworld.com/ => https://www.thewesternworld.com/: (60, 'SSL certificate problem: certificate has expired')
 	Problematic subdomains:
 
 		- categories *
@@ -11,7 +19,7 @@
 	The above three appear to serve images only.
 
 -->
-<ruleset name="The Western World (partial)">
+<ruleset name="The Western World (partial)" default_off="failed ruleset test">
 
 	<target host="thewesternworld.com" />
 	<target host="www.thewesternworld.com" />
@@ -20,7 +28,6 @@
 	<securecookie host="^www\.thewesternworld\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?thewesternworld\.com/"
-		to="https://$1thewesternworld.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/The_Work_Dept.com.xml b/src/chrome/content/rules/The_Work_Dept.com.xml
new file mode 100644
index 000000000000..3c0a9f7ee4fc
--- /dev/null
+++ b/src/chrome/content/rules/The_Work_Dept.com.xml
@@ -0,0 +1,21 @@
+<!--
+	CN: *.alliedmedia.org
+
+
+	Mixed content:
+
+		- favicon from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="The Work Dept.com" default_off="mismatched">
+
+	<target host="theworkdept.com" />
+	<target host="www.theworkdept.com" />
+
+
+	<rule from="^http://(?:www\.)?theworkdept\.com/"
+		to="https://www.theworkdept.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/The_World_According_to_Nouns.xml b/src/chrome/content/rules/The_World_According_to_Nouns.xml
index 600546588b92..9dc26e0e677a 100644
--- a/src/chrome/content/rules/The_World_According_to_Nouns.xml
+++ b/src/chrome/content/rules/The_World_According_to_Nouns.xml
@@ -1,13 +1,13 @@
 <ruleset name="The World According to Nouns">
 
 	<target host="danzappone.com" />
-	<target host="*.danzappone.com" />
+	<target host="www.danzappone.com" />
 
 
 	<securecookie host="^(?:www)?\.danzappone\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?danzappone\.com/"
+	<rule from="^http://(?:www\.)?danzappone\.com/"
 		to="https://www.danzappone.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/The_engine_room.org.xml b/src/chrome/content/rules/The_engine_room.org.xml
new file mode 100644
index 000000000000..a0f8886160b9
--- /dev/null
+++ b/src/chrome/content/rules/The_engine_room.org.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- theengineroom.org
+		- www.theengineroom.org
+
+-->
+<ruleset name="the engine room.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="theengineroom.org" />
+	<target host="www.theengineroom.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?theengineroom\.org$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^(?:www\.)?theengineroom\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/The_iPhone_Wiki.com.xml b/src/chrome/content/rules/The_iPhone_Wiki.com.xml
index 444287e4c4ef..b708940fb60e 100644
--- a/src/chrome/content/rules/The_iPhone_Wiki.com.xml
+++ b/src/chrome/content/rules/The_iPhone_Wiki.com.xml
@@ -1,19 +1,12 @@
-<!--
-	Problematic subdomains:
-
-		- www	(cert only matches ^theiphonewiki.com)
-
--->
-<ruleset name="The iPhone Wiki.com" default_off="self-signed">
+<ruleset name="The iPhone Wiki.com">
 
 	<target host="theiphonewiki.com" />
 	<target host="www.theiphonewiki.com" />
 
 
-	<securecookie host="^theiphonewiki\.com$" name=".+" />
+	<securecookie host="^(?:www\.)?theiphonewiki\.com$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?theiphonewiki\.com/"
-		to="https://theiphonewiki.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Theadex.xml b/src/chrome/content/rules/Theadex.xml
new file mode 100644
index 000000000000..219935b66e6c
--- /dev/null
+++ b/src/chrome/content/rules/Theadex.xml
@@ -0,0 +1,8 @@
+<ruleset name="Theadex">
+<target host="dmp.theadex.com"/>
+<target host="static.theadex.com"/>
+<target host="xpl.theadex.com"/>
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Theads.me.xml b/src/chrome/content/rules/Theads.me.xml
new file mode 100644
index 000000000000..222af250f7fa
--- /dev/null
+++ b/src/chrome/content/rules/Theads.me.xml
@@ -0,0 +1,35 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://theads.me/ => https://theads.me/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://www.theads.me/ => https://www.theads.me/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .theads.me
+		- code.theads.me
+
+-->
+<ruleset name="theads.me" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="theads.me" />
+	<target host="code.theads.me" />
+	<target host="www.theads.me" />
+
+		<test url="http://code.theads.me/www/delivery/afr.php?zoneid=3&amp;cb=" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.theads\.me$" name="^(?:__cfduid|cf_clearance)$" /-->
+	<!--securecookie host="^code\.theads\.me$" name="^(?:OAGEO|OAID)$" /-->
+
+	<securecookie host="^(?:code)?\.theads\.me$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Thebluealliance.com.xml b/src/chrome/content/rules/Thebluealliance.com.xml
new file mode 100644
index 000000000000..5745e7a5ff16
--- /dev/null
+++ b/src/chrome/content/rules/Thebluealliance.com.xml
@@ -0,0 +1,20 @@
+<ruleset name="Thebluealliance.com">
+	<target host="thebluealliance.com" />
+	<target host="www.thebluealliance.com" />
+
+	<rule from="^http:" to="https:" />
+
+	<!--
+	Don't break Gameday API calls that aren't ready yet:
+	https://github.com/the-blue-alliance/the-blue-alliance/issues/1343
+	-->
+	<exclusion pattern="^http://(www\.)?thebluealliance\.com/gameday$" />
+	<exclusion pattern="^http://(www\.)?thebluealliance\.com/_/.*$" />
+
+	<test url="http://www.thebluealliance.com/events" />
+	<test url="http://thebluealliance.com/gameday" />
+	<test url="http://www.thebluealliance.com/gameday" />
+	<test url="http://thebluealliance.com/_/webcast/kickoff/1" />
+	<test url="http://www.thebluealliance.com/_/webcast/kickoff/1" />
+	<test url="http://www.thebluealliance.com/_/typeahead/teams-all" />
+</ruleset>
diff --git a/src/chrome/content/rules/Thecanadaline.com.xml b/src/chrome/content/rules/Thecanadaline.com.xml
new file mode 100644
index 000000000000..982d34230a24
--- /dev/null
+++ b/src/chrome/content/rules/Thecanadaline.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Thecanadaline.com">
+	<target host="thecanadaline.com" />
+	<target host="www.thecanadaline.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Thecthulhu.com.xml b/src/chrome/content/rules/Thecthulhu.com.xml
new file mode 100644
index 000000000000..d8fbe76b9def
--- /dev/null
+++ b/src/chrome/content/rules/Thecthulhu.com.xml
@@ -0,0 +1,75 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://thecthulhu.com/ => https://thecthulhu.com/: (51, "SSL: no alternative certificate subject name matches target host name 'thecthulhu.com'")
+Fetch error: http://000webhost.thecthulhu.com/ => https://000webhost.thecthulhu.com/: (6, 'Could not resolve host: 000webhost.thecthulhu.com')
+Fetch error: http://akp.thecthulhu.com/ => https://akp.thecthulhu.com/: (6, 'Could not resolve host: akp.thecthulhu.com')
+Fetch error: http://am.thecthulhu.com/ => https://am.thecthulhu.com/: (6, 'Could not resolve host: am.thecthulhu.com')
+Fetch error: http://atlas.thecthulhu.com/ => https://atlas.thecthulhu.com/: (51, "SSL: no alternative certificate subject name matches target host name 'atlas.thecthulhu.com'")
+Fetch error: http://citizenfour.thecthulhu.com/ => https://citizenfour.thecthulhu.com/: (6, 'Could not resolve host: citizenfour.thecthulhu.com')
+Fetch error: http://compass.thecthulhu.com/ => https://compass.thecthulhu.com/: (51, "SSL: no alternative certificate subject name matches target host name 'compass.thecthulhu.com'")
+Fetch error: http://cryptome.thecthulhu.com/ => https://cryptome.thecthulhu.com/: (6, 'Could not resolve host: cryptome.thecthulhu.com')
+Fetch error: http://fbidhs.thecthulhu.com/ => https://fbidhs.thecthulhu.com/: (6, 'Could not resolve host: fbidhs.thecthulhu.com')
+Fetch error: http://fop.thecthulhu.com/ => https://fop.thecthulhu.com/: (6, 'Could not resolve host: fop.thecthulhu.com')
+Fetch error: http://globe.thecthulhu.com/ => https://globe.thecthulhu.com/: (51, "SSL: no alternative certificate subject name matches target host name 'globe.thecthulhu.com'")
+Fetch error: http://insurance.thecthulhu.com/ => https://insurance.thecthulhu.com/: (6, 'Could not resolve host: insurance.thecthulhu.com')
+Fetch error: http://linkedin.thecthulhu.com/ => https://linkedin.thecthulhu.com/: (6, 'Could not resolve host: linkedin.thecthulhu.com')
+Fetch error: http://mirror.thecthulhu.com/ => https://mirror.thecthulhu.com/: (51, "SSL: no alternative certificate subject name matches target host name 'mirror.thecthulhu.com'")
+Fetch error: http://muslimmatch.thecthulhu.com/ => https://muslimmatch.thecthulhu.com/: (6, 'Could not resolve host: muslimmatch.thecthulhu.com')
+Fetch error: http://myspace.thecthulhu.com/ => https://myspace.thecthulhu.com/: (6, 'Could not resolve host: myspace.thecthulhu.com')
+Fetch error: http://nasadrones.thecthulhu.com/ => https://nasadrones.thecthulhu.com/: (6, 'Could not resolve host: nasadrones.thecthulhu.com')
+Fetch error: http://nulled.thecthulhu.com/ => https://nulled.thecthulhu.com/: (6, 'Could not resolve host: nulled.thecthulhu.com')
+Fetch error: http://onionoo.thecthulhu.com/ => https://onionoo.thecthulhu.com/: (51, "SSL: no alternative certificate subject name matches target host name 'onionoo.thecthulhu.com'")
+Fetch error: http://patreon.thecthulhu.com/ => https://patreon.thecthulhu.com/: (6, 'Could not resolve host: patreon.thecthulhu.com')
+Fetch error: http://sin.thecthulhu.com/ => https://sin.thecthulhu.com/: (51, "SSL: no alternative certificate subject name matches target host name 'sin.thecthulhu.com'")
+Fetch error: http://staminus.thecthulhu.com/ => https://staminus.thecthulhu.com/: (6, 'Could not resolve host: staminus.thecthulhu.com')
+Fetch error: http://tails.thecthulhu.com/ => https://tails.thecthulhu.com/: (51, "SSL: no alternative certificate subject name matches target host name 'tails.thecthulhu.com'")
+Fetch error: http://time.thecthulhu.com/ => https://time.thecthulhu.com/: (6, 'Could not resolve host: time.thecthulhu.com')
+Fetch error: http://tor.thecthulhu.com/ => https://tor.thecthulhu.com/: (51, "SSL: no alternative certificate subject name matches target host name 'tor.thecthulhu.com'")
+Fetch error: http://turkey.thecthulhu.com/ => https://turkey.thecthulhu.com/: (6, 'Could not resolve host: turkey.thecthulhu.com')
+Fetch error: http://whonix.thecthulhu.com/ => https://whonix.thecthulhu.com/: (51, "SSL: no alternative certificate subject name matches target host name 'whonix.thecthulhu.com'")
+Fetch error: http://www.thecthulhu.com/ => https://www.thecthulhu.com/: (6, 'Could not resolve host: www.thecthulhu.com')
+
+	Nonfunctional subdomains:
+
+		- hacked *
+
+	* Temporarily down
+-->
+
+<ruleset name="Thecthulhu.com" default_off="failed ruleset test">
+
+	<target host="thecthulhu.com" />
+	<target host="000webhost.thecthulhu.com" />
+	<target host="akp.thecthulhu.com" />
+	<target host="am.thecthulhu.com" />
+	<target host="atlas.thecthulhu.com" />
+	<target host="citizenfour.thecthulhu.com" />
+	<target host="compass.thecthulhu.com" />
+	<target host="cryptome.thecthulhu.com" />
+	<target host="fbidhs.thecthulhu.com" />
+	<target host="fop.thecthulhu.com" />
+	<target host="globe.thecthulhu.com" />
+	<!--target host="hacked.thecthulhu.com" /-->
+	<target host="insurance.thecthulhu.com" />
+	<target host="linkedin.thecthulhu.com" />
+	<target host="mirror.thecthulhu.com" />
+	<target host="muslimmatch.thecthulhu.com" />
+	<target host="myspace.thecthulhu.com" />
+	<target host="nasadrones.thecthulhu.com" />
+	<target host="nulled.thecthulhu.com" />
+	<target host="onionoo.thecthulhu.com" />
+	<target host="patreon.thecthulhu.com" />
+	<target host="sin.thecthulhu.com" />
+	<target host="staminus.thecthulhu.com" />
+	<target host="tails.thecthulhu.com" />
+	<target host="time.thecthulhu.com" />
+	<target host="tor.thecthulhu.com" />
+	<target host="turkey.thecthulhu.com" />
+	<target host="whonix.thecthulhu.com" />
+	<target host="www.thecthulhu.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Thefind.xml b/src/chrome/content/rules/Thefind.xml
index 2f3668839d3c..31316004dafb 100644
--- a/src/chrome/content/rules/Thefind.xml
+++ b/src/chrome/content/rules/Thefind.xml
@@ -1,18 +1,36 @@
-<ruleset name="TheFind">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://s.tfcdn.com/ => https://www.thefind.com/: (6, 'Could not resolve host: www.thefind.com')
+Fetch error: http://thefind.com/ => https://thefind.com/: (6, 'Could not resolve host: thefind.com')
+
+-->
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://s.tfcdn.com/ => https://www.thefind.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://thefind.com/ => https://thefind.com/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="TheFind" default_off="failed ruleset test">
 
 	<target host="s.tfcdn.com" />
 	<target host="thefind.com" />
-	<target host="*.thefind.com" />
+	<target host="blog.thefind.com" />
+	<target host="img.thefind.com" />
+	<target host="local.thefind.com" />
+	<target host="upfront.thefind.com" />
+	<target host="www.thefind.com" />
 
 
-	<securecookie host="^.*\.thefind\.com$" name=".*" />
+	<securecookie host="^.*\.thefind\.com$" name=".+" />
 
 
 	<!--	cert: *.pantherssl.com	-->
-	<rule from="^https?://s\.tfcdn\.com/"
+	<rule from="^http://s\.tfcdn\.com/"
 		to="https://www.thefind.com/" />
 
-	<rule from="^https?://blog\.thefind\.com/(i|wp-content)/"
+	<rule from="^http://blog\.thefind\.com/(i|wp-content)/"
 		to="https://s64159.gridserver.com/$1/" />
 
 	<rule from="^http://((?:img|local|upfront|www)\.)?thefind\.com/"
diff --git a/src/chrome/content/rules/Thefrozenfire.com.xml b/src/chrome/content/rules/Thefrozenfire.com.xml
new file mode 100644
index 000000000000..67f4bb44fae1
--- /dev/null
+++ b/src/chrome/content/rules/Thefrozenfire.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .thefrozenfire.com
+
+-->
+<ruleset name="thefrozenfire.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="thefrozenfire.com" />
+	<target host="www.thefrozenfire.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.thefrozenfire\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.thefrozenfire\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Thehabbos.org.xml b/src/chrome/content/rules/Thehabbos.org.xml
index d72841d3a84c..c01fd07cc878 100644
--- a/src/chrome/content/rules/Thehabbos.org.xml
+++ b/src/chrome/content/rules/Thehabbos.org.xml
@@ -7,7 +7,6 @@
 	<target host="thehabbos.org" />
 
 
-	<rule from="^http://thehabbos\.org/"
-		to="https://thehabbos.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Thehackernews.com.xml b/src/chrome/content/rules/Thehackernews.com.xml
new file mode 100644
index 000000000000..a04bd2a38de9
--- /dev/null
+++ b/src/chrome/content/rules/Thehackernews.com.xml
@@ -0,0 +1,21 @@
+<!--
+	Other Hacker News rulesets:
+
+		- THN.li.xml
+
+-->
+<ruleset name="The Hacker News.com">
+
+	<target host="thehackernews.com" />
+	<target host="www.thehackernews.com" />
+	<target host="amp.thehackernews.com" />
+		<test url="http://amp.thehackernews.com/thn/2017/06/windows10-builds-source-code.html" />
+	<target host="deals.thehackernews.com" />
+	<target host="magazine.thehackernews.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Theiphonemom.com.xml b/src/chrome/content/rules/Theiphonemom.com.xml
new file mode 100644
index 000000000000..ca01df12cf76
--- /dev/null
+++ b/src/chrome/content/rules/Theiphonemom.com.xml
@@ -0,0 +1,9 @@
+
+<ruleset name="Theiphonemom">
+
+	<target host="theiphonemom.com" />
+	<target host="www.theiphonemom.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Thejakartapost.com.xml b/src/chrome/content/rules/Thejakartapost.com.xml
new file mode 100644
index 000000000000..2a674b48b3e7
--- /dev/null
+++ b/src/chrome/content/rules/Thejakartapost.com.xml
@@ -0,0 +1,22 @@
+<!--
+	Other Jakarta Post rulesets:
+		- Jakpost.net.xml
+
+	Nonfunctional hosts in *.thejakartapost.com:
+		- www.thejakartapost.com (h)
+		- epaper.thejakartapost.com (m)
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Thejakartapost.com (partial)" platform="mixedcontent">
+	<target host="thejakartapost.com" />
+	<target host="events.thejakartapost.com" />
+	<target host="jobs.thejakartapost.com" />
+	<target host="ms.thejakartapost.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Theme-Fusion.com.xml b/src/chrome/content/rules/Theme-Fusion.com.xml
new file mode 100644
index 000000000000..d19beb52b490
--- /dev/null
+++ b/src/chrome/content/rules/Theme-Fusion.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these domains and hosts:
+
+		- theme-fusion.com
+		- .theme-fusion.com
+
+-->
+<ruleset name="Theme-Fusion.com">
+
+	<target host="theme-fusion.com" />
+	<target host="www.theme-fusion.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^theme-fusion\.com$" name="^PHPSESSID" /-->
+	<!--securecookie host="^\.theme-fusion\.com$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.?theme-fusion\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Theme.co.xml b/src/chrome/content/rules/Theme.co.xml
new file mode 100644
index 000000000000..772fa38ca6e7
--- /dev/null
+++ b/src/chrome/content/rules/Theme.co.xml
@@ -0,0 +1,30 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+			 - managed.theme.co
+
+		Timeout was reached:
+			 - build.theme.co
+			 - dunharrow.theme.co
+
+		SSL peer certificate was not OK:
+			 - assets.theme.co
+			 - download.theme.co
+			 - mail.theme.co
+			 - updates.theme.co
+
+		Secure connection redirects to plaintext:
+			 - demo.theme.co
+-->
+<ruleset name="Theme.co">
+	<target host="theme.co" />
+	<target host="www.theme.co" />
+	<target host="community.theme.co" />
+	<target host="host.theme.co" />
+	<target host="ludicrous.theme.co" />
+	<target host="velocity.theme.co" />
+
+	<securecookie host="^(www\.)?theme\.co$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ThemeParkReview.com.xml b/src/chrome/content/rules/ThemeParkReview.com.xml
new file mode 100644
index 000000000000..50c879b4dda6
--- /dev/null
+++ b/src/chrome/content/rules/ThemeParkReview.com.xml
@@ -0,0 +1,30 @@
+<!--
+	Connection closed:
+		- mail.themeparkreview.com
+
+	Invalid certificate:
+		- ftp.themeparkreview.com
+		- ns1.themeparkreview.com
+		- ns2.themeparkreview.com
+		- server2.themeparkreview.com
+		- www.web1.themeparkreview.com
+
+	Refused:
+		- mailinglist.themeparkreview.com
+		- www.mailinglist.themeparkreview.com
+-->
+<ruleset name="ThemeParkReview.com">
+
+	<target host="themeparkreview.com" />
+	<target host="www.themeparkreview.com" />
+	<target host="cpanel.themeparkreview.com" />
+	<target host="web1.themeparkreview.com" />
+	<target host="webdisk.themeparkreview.com" />
+	<target host="webmail.themeparkreview.com" />
+	<target host="whm.themeparkreview.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+	
+</ruleset>
diff --git a/src/chrome/content/rules/Themertailor.com.xml b/src/chrome/content/rules/Themertailor.com.xml
new file mode 100644
index 000000000000..b0ff7cabd01e
--- /dev/null
+++ b/src/chrome/content/rules/Themertailor.com.xml
@@ -0,0 +1,11 @@
+<!--
+	Mixed content blocking:
+		magento2.themertailor.com
+
+-->
+<ruleset name="themertailor.com">
+	<target host="themertailor.com" />
+	<target host="www.themertailor.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Themis-Group.xml b/src/chrome/content/rules/Themis-Group.xml
index 183de4fd89d2..e071bac3f3aa 100644
--- a/src/chrome/content/rules/Themis-Group.xml
+++ b/src/chrome/content/rules/Themis-Group.xml
@@ -13,13 +13,12 @@
 		- (www.)trianglegameinitiative.org
 
 -->
-<ruleset name="Themis Group (partial)" default_off="mismatch">
+<ruleset name="Themis Group (partial)" default_off="mismatched">
 
 	<!--	Akamai	-->
 	<target host="cdn.themis-media.com" />
 
 
-	<rule from="^http://cdn\.themis-media\.com/"
-		to="https://cdn.themis-media.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Themler.com.xml b/src/chrome/content/rules/Themler.com.xml
new file mode 100644
index 000000000000..35de5a530135
--- /dev/null
+++ b/src/chrome/content/rules/Themler.com.xml
@@ -0,0 +1,55 @@
+<!--
+	For other BillionDigital coverage, see BillionDigital.com.xml.
+
+
+	www.themler.com: 400
+
+
+	Fully covered hosts in *themler.com:
+
+		- (www.)?	(www → ^)
+		- answers
+
+
+	Insecure cookies are set for these hosts:
+
+		- answers.themler.com
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- answers from attachments.answers.billiondigital.com ¹
+			- answers from www.gravatar.com ²
+
+	¹ Unsecurable <= 404
+	² Secured by us
+
+-->
+<ruleset name="Themler.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="themler.com" />
+	<target host="answers.themler.com" />
+
+	<!--	Complications:
+				-->
+	<target host="www.themler.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^answers\.themler\.com$" name="^(CheckCookie|Forum)$" /-->
+
+	<securecookie host="^answers\.themler\.com$" name=".+" />
+
+
+	<rule from="^http://www\.themler\.com/"
+		to="https://themler.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Themuse.com.xml b/src/chrome/content/rules/Themuse.com.xml
new file mode 100644
index 000000000000..c23a79c6cf24
--- /dev/null
+++ b/src/chrome/content/rules/Themuse.com.xml
@@ -0,0 +1,39 @@
+<!--
+	CDN buckets:
+
+		- tm-prod.global.ssl.fastly.net
+
+
+	^themuse.com: Refused
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.themuse.com
+
+-->
+<ruleset name="themuse.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.themuse.com" />
+
+	<!--	Complications:
+				-->
+	<target host="themuse.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.themuse\.com$" name="^(_csrf|session_id)$" /-->
+
+	<securecookie host="^www\.themuse\.com$" name=".+" />
+
+
+	<rule from="^http://themuse\.com/"
+		to="https://www.themuse.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Theora.org.xml b/src/chrome/content/rules/Theora.org.xml
new file mode 100644
index 000000000000..b338a71f3d9d
--- /dev/null
+++ b/src/chrome/content/rules/Theora.org.xml
@@ -0,0 +1,6 @@
+<ruleset name="Theora.org">
+  <target host="theora.org" />
+  <target host="www.theora.org" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Thephone.coop.xml b/src/chrome/content/rules/Thephone.coop.xml
index 04b82fb20dd6..9fa697682ea3 100644
--- a/src/chrome/content/rules/Thephone.coop.xml
+++ b/src/chrome/content/rules/Thephone.coop.xml
@@ -1,11 +1,29 @@
-<ruleset name="thephone.coop (partial)">
 
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://thephone.coop/ (200) => https://thephone.coop/ (404)
+Fetch error: http://my.thephone.coop/ => https://my.thephone.coop/: (6, 'Could not resolve host: my.thephone.coop')
+Fetch error: http://order.thephone.coop/ => https://order.thephone.coop/: (6, 'Could not resolve host: order.thephone.coop')
+Fetch error: http://plesk2.thephone.coop/ => https://plesk2.thephone.coop/: (60, 'SSL certificate problem: self signed certificate')
+
+	Other phone co-operative rulesets:
+
+		- My_phone.coop.xml
+		- Phone.coop.xml
+
+-->
+<ruleset name="thephone.coop" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
 	<target host="thephone.coop" />
-	<target host="*.thephone.coop" />
-		<exclusion pattern="^http://(?:www\.)?thephone\.coop/(?!css/|favicon\.ico|images/|media/|scripts/)" />
+	<target host="my.thephone.coop" />
+	<target host="order.thephone.coop" />
+	<target host="plesk2.thephone.coop" />
+	<target host="www.thephone.coop" />
 
 
-	<rule from="^http://((?:my|order|plesk2|www)\.)?thephone\.coop/"
-		to="https://$1thephone.coop/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Thepiratebay.sx.xml b/src/chrome/content/rules/Thepiratebay.sx.xml
deleted file mode 100644
index fe49f067cc3b..000000000000
--- a/src/chrome/content/rules/Thepiratebay.sx.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="Thepiratebay.sx">
-  <target host="thepiratebay.sx" />
-  <target host="*.thepiratebay.sx" />
-
-  <rule from="^http://(www\.|upload\.)?thepiratebay\.sx/" to="https://thepiratebay.sx/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Thequestion.ru.xml b/src/chrome/content/rules/Thequestion.ru.xml
new file mode 100644
index 000000000000..24b88d4b1177
--- /dev/null
+++ b/src/chrome/content/rules/Thequestion.ru.xml
@@ -0,0 +1,6 @@
+<ruleset name="Thequestion.ru">
+	<target host="thequestion.ru" />
+	<target host="www.thequestion.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Therapynotes.com.xml b/src/chrome/content/rules/Therapynotes.com.xml
deleted file mode 100644
index 088cbf17b439..000000000000
--- a/src/chrome/content/rules/Therapynotes.com.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!-- This rule was automatically generated based on an HSTS
-     preload rule in the Chromium browser.  See
-     https://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.h
-     for the list of preloads.  Sites are added to the Chromium HSTS
-     preload list on request from their administrators, so HTTPS should
-     work properly everywhere on this site.
-
-     Because Chromium and derived browsers automatically force HTTPS for
-     every access to this site, this rule applies only to Firefox. -->
-<ruleset name="Therapynotes.com" platform="firefox">
-<target host="therapynotes.com" />
-<target host="www.therapynotes.com" />
-
-<securecookie host="^therapynotes\.com$" name=".+" />
-<securecookie host="^www\.therapynotes\.com$" name=".+" />
-
-<rule from="^http://therapynotes\.com/" to="https://therapynotes.com/" />
-<rule from="^http://www\.therapynotes\.com/" to="https://www.therapynotes.com/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Thermitic.net.xml b/src/chrome/content/rules/Thermitic.net.xml
new file mode 100644
index 000000000000..b4ba9aef9833
--- /dev/null
+++ b/src/chrome/content/rules/Thermitic.net.xml
@@ -0,0 +1,21 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://stats.thermitic.net/ => https://stats.thermitic.net/: (60, 'SSL certificate problem: certificate has expired')
+
+	^: shows stats, valid cert
+
+-->
+<ruleset name="Thermitic.net (partial)" default_off="failed ruleset test">
+
+	<target host="stats.thermitic.net" />
+
+
+	<!--	Secured by server:
+					-->
+	<!--securecookie host="^(stats\.)?thermitic\.net$" name="^PIWIK_SESSID$" /-->
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Thermo_Scientific.com.xml b/src/chrome/content/rules/Thermo_Scientific.com.xml
new file mode 100644
index 000000000000..9e418b3110bf
--- /dev/null
+++ b/src/chrome/content/rules/Thermo_Scientific.com.xml
@@ -0,0 +1,63 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://thermoscientific.com/ (200) => https://www.thermoscientific.com/ (403)
+
+	Nonfunctional hosts in *thermoscientific.com:
+
+		- ir *
+
+	* Refused
+
+
+	Problematic hosts in *thermoscientific.com:
+
+		- ^ *
+		- stats *
+
+	* Mismatched
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .thermoscientific.com
+		- www.thermoscientific.com
+
+
+	Mixed content:
+
+		- Bug on www from stats.thermoscientific.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Thermo Scientific.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.thermoscientific.com" />
+
+	<!--	Complications:
+				-->
+	<target host="thermoscientific.com" />
+	<target host="stats.thermoscientific.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.thermoscientific\.com$" name="^s_vi$" /-->
+	<!--securecookie host="^www\.thermoscientific\.com$" name="^(?:BIGipServer\w+|locale)$" /-->
+
+	<securecookie host="^(?:www)?\.thermoscientific\.com$" name=".+" />
+
+
+	<rule from="^http://thermoscientific\.com/"
+		to="https://www.thermoscientific.com/" />
+
+	<rule from="^http://stats\.thermoscientific\.com/"
+		to="https://thermoscientific.d1.sc.omtrdc.net/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Theses.cz.xml b/src/chrome/content/rules/Theses.cz.xml
new file mode 100644
index 000000000000..0a25486d050b
--- /dev/null
+++ b/src/chrome/content/rules/Theses.cz.xml
@@ -0,0 +1,17 @@
+<!--
+	For other Masaryk University coverage, see Muni.cz.xml.
+
+	www: cert only matches ^theses.cz
+
+-->
+<ruleset name="Theses.cz">
+
+	<target host="theses.cz" />
+	<target host="www.theses.cz" />
+
+	<securecookie host="^theses\.cz$" name=".+" />
+
+	<rule from="^http://(www\.)?theses\.cz/"
+		to="https://theses.cz/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Thesn.net.xml b/src/chrome/content/rules/Thesn.net.xml
new file mode 100644
index 000000000000..142f81e96558
--- /dev/null
+++ b/src/chrome/content/rules/Thesn.net.xml
@@ -0,0 +1,19 @@
+<!--
+	CDN buckets:
+
+		- ddrm6oy8thgk7.cloudfront.net
+
+			- cdn
+
+
+	(www.)?: refused
+
+-->
+<ruleset name="thesn.net (partial)">
+
+	<target host="cdn.thesn.net" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Thespringbox.com.xml b/src/chrome/content/rules/Thespringbox.com.xml
deleted file mode 100644
index 497dbc861178..000000000000
--- a/src/chrome/content/rules/Thespringbox.com.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	CDN buckets:
-
-		- cdn.thespringbox.com.edgesuite.net
-
-			- a902.g.akamai.net
-			- downloads
-
--->
-<ruleset name="thespringbox.com">
-
-	<target host="downloads.thespringbox.com" />
-
-
-	<rule from="^http://downloads\.thespringbox\.com/"
-		to="https://a248.e.akamai.net/f/902/3660/1d/downloads.thespringbox.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Thetvdb.com.xml b/src/chrome/content/rules/Thetvdb.com.xml
new file mode 100644
index 000000000000..c69a4380949f
--- /dev/null
+++ b/src/chrome/content/rules/Thetvdb.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Thetvdb.com">
+  <target host="thetvdb.com" />
+  <target host="www.thetvdb.com" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Thewarehouse.co.nz.xml b/src/chrome/content/rules/Thewarehouse.co.nz.xml
new file mode 100644
index 000000000000..1b6aa33e2e29
--- /dev/null
+++ b/src/chrome/content/rules/Thewarehouse.co.nz.xml
@@ -0,0 +1,30 @@
+<!--
+	Invalid Certificate:
+		- email.thewarehouse.co.nz
+		- click.emails.thewarehouse.co.nz
+		- www.gslb.thewarehouse.co.nz
+		- hybrid.gslb.thewarehouse.co.nz
+		- mydesktop.gslb.thewarehouse.co.nz
+		- sts.gslb.thewarehouse.co.nz
+
+	Timeout:
+		- curtains.thewarehouse.co.nz
+-->
+<ruleset name="thewarehouse.co.nz">
+	<target host="thewarehouse.co.nz" />
+	<target host="www.thewarehouse.co.nz" />
+	<target host="catalogues.thewarehouse.co.nz" />
+	<target host="image.emails.thewarehouse.co.nz" />
+		<test url="http://image.emails.thewarehouse.co.nz/robots.txt" />
+	<target host="extranet.thewarehouse.co.nz" />
+	<target host="mymail.thewarehouse.co.nz" />
+	<target host="mypay.thewarehouse.co.nz" />
+	<target host="orders.thewarehouse.co.nz" />
+	<target host="pages.thewarehouse.co.nz" />
+	<target host="search.thewarehouse.co.nz" />
+	<target host="sslvpn.thewarehouse.co.nz" />
+	<target host="sts.thewarehouse.co.nz" />
+	<target host="www2.thewarehouse.co.nz" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Thijs_Alkema.de.xml b/src/chrome/content/rules/Thijs_Alkema.de.xml
index a1d053989dbd..364c34048b5b 100644
--- a/src/chrome/content/rules/Thijs_Alkema.de.xml
+++ b/src/chrome/content/rules/Thijs_Alkema.de.xml
@@ -1,22 +1,11 @@
-<!--
-	Problematic subdomains:
-
-		- www	(mismatched, CN: www.xnyhps.nl)
-
-
-	Fully covered subdomains:
-
-		- (www.)	(www → ^)
-		- blog
-
--->
 <ruleset name="Thijs Alkema.de">
 
 	<target host="thijsalkema.de" />
-	<target host="*.thijsalkema.de" />
+	<target host="blog.thijsalkema.de" />
+	<target host="www.thijsalkema.de" />
 
 
-	<rule from="^http://(?:(blog\.)|www\.)?thijsalkema\.de/"
-		to="https://$1thijsalkema.de/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Thing.net.xml b/src/chrome/content/rules/Thing.net.xml
new file mode 100644
index 000000000000..f09a3906cffc
--- /dev/null
+++ b/src/chrome/content/rules/Thing.net.xml
@@ -0,0 +1,24 @@
+<!--
+	Invalid certificate:
+		thingist.thing.net
+
+-->
+<ruleset name="thing.net (partial)">
+
+	<target host="thing.net" />
+	<target host="www.thing.net" />
+	<target host="archive.thing.net" />
+	<target host="auction.thing.net" />
+	<target host="calc.thing.net" />
+	<target host="editions.thing.net" />
+	<target host="isp.thing.net" />
+	<target host="mailman.thing.net" />
+	<target host="pad.thing.net" />
+	<target host="post.thing.net" />
+	<target host="the.thing.net" />
+	<target host="tools.thing.net" />
+	<target host="webmail.thing.net" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ThingLink.xml b/src/chrome/content/rules/ThingLink.xml
index 0df008cb0a70..6f9a7033474c 100644
--- a/src/chrome/content/rules/ThingLink.xml
+++ b/src/chrome/content/rules/ThingLink.xml
@@ -14,26 +14,24 @@
 		- support	(redirects to http, mismatched, CN: *.getsatisfaction.com)
 
 
-	Problematic domains:
+	Problematic hosts in *thinglink.com:
 
-		- (www.)thinglinkblog.com	(works, mismatched, CN: *.gridserver.com)
+		- patners ᵐ
+
+	ᵐ Mismatched
 
 -->
 <ruleset name="ThingLink (partial)">
 
 	<target host="thinglink.com" />
-	<target host="*.thinglink.com" />
+	<target host="www.thinglink.com" />
 	<target host="cdn.thinglink.me" />
 
 
-	<securecookie host="^(?:www)?\.thinglink\.com$" name=".+" />
-	<securecookie host="^cdn\.thinglink\.me$" name=".+" />
-
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(www\.)?thinglink\.com/"
-		to="https://$1thinglink.com/" />
 
-	<rule from="^http://cdn\.thinglink\.me/"
-		to="https://cdn.thinglink.me/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ThingLink_Blog.xml b/src/chrome/content/rules/ThingLink_Blog.xml
index ef4ef51ac15a..36f63b58b3bd 100644
--- a/src/chrome/content/rules/ThingLink_Blog.xml
+++ b/src/chrome/content/rules/ThingLink_Blog.xml
@@ -1,17 +1,14 @@
 <!--
 	For other ThingLink coverage, see ThingLink.xml.
 
-
-	Separate purely due to being off by default.
-
 -->
-<ruleset name="ThingLink Blog" default_off="mismatched">
+<ruleset name="ThingLink Blog.com" default_off="mismatched">
 
 	<target host="thinglinkblog.com" />
 	<target host="www.thinglinkblog.com" />
 
 
-	<rule from="^https?://(?:www\.)?thinglinkblog\.com/"
-		to="https://thinglinkblog.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Thingiverse.xml b/src/chrome/content/rules/Thingiverse.xml
index 0abec121a7b4..7f095c8ad771 100644
--- a/src/chrome/content/rules/Thingiverse.xml
+++ b/src/chrome/content/rules/Thingiverse.xml
@@ -3,6 +3,7 @@
 
 		- thingiverse-production.s3.amazonaws.com
 		- s3.amazonaws.com/thingiverse-resources/
+		- thingiverse-production-new.s3.amazonaws.com
 
 
 	Nonfunctional subdomains:
@@ -12,39 +13,45 @@
 
 	Problematic subdomains:
 
-		- ^		(521)
 		- support	(mismatched, CN: *.tenderapp.com)
 
 
-	Fully covered subdomains:
-
-		- (www.)	(^ → www)
-		- support	(→ thingiverse.tenderapp.com)
-
-
 	Mixed content:
 
 		- Images, on:
 
 			- support from www *
-			- www from thingiverse-resources.s3.amazonaws.com *
+			- www from thingiverse-production-new.s3.amazonaws.com *
 
-	* Secured by us
+		- Bug on www from www.facebook.com *
+
+	* Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="Thingiverse (partial)">
+<ruleset name="Thingiverse.com (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="thingiverse.com" />
-	<target host="*.thingiverse.com" />
+	<target host="www.thingiverse.com" />
+
+	<!--	Complications:
+				-->
+	<target host="support.thingiverse.com" />
 
 
-	<securecookie host="^(?:www)?\.thingiverse\.com$" name=".+" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?thingiverse\.com$" name="^(?:AWSELB|PHPSESSID)$" /-->
+	<!--securecookie host="^\.thingiverse\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
 
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(?:www\.)?thingiverse\.com/"
-		to="https://www.thingiverse.com/" />
 
 	<rule from="^http://support\.thingiverse\.com/"
 		to="https://thingiverse.tenderapp.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Thingsquare.xml b/src/chrome/content/rules/Thingsquare.xml
index 1f2b4a7fa126..d68e86642fca 100644
--- a/src/chrome/content/rules/Thingsquare.xml
+++ b/src/chrome/content/rules/Thingsquare.xml
@@ -6,7 +6,7 @@
 
 	<!--	CN: *.loopiasecure.com
 					-->
-	<rule from="^https?://(?:www\.)?thingsquare\.com/"
+	<rule from="^http://(?:www\.)?thingsquare\.com/"
 		to="https://thingsquare.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ThinkFaster.co.xml b/src/chrome/content/rules/ThinkFaster.co.xml
new file mode 100644
index 000000000000..ae6fe830a560
--- /dev/null
+++ b/src/chrome/content/rules/ThinkFaster.co.xml
@@ -0,0 +1,19 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.thinkfaster.co/ => https://www.thinkfaster.co/: (6, 'Could not resolve host: www.thinkfaster.co')
+
+-->
+<ruleset name="ThinkFaster.co" default_off="failed ruleset test">
+
+	<target host="thinkfaster.co" />
+	<target host="www.thinkfaster.co" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ThinkGeek.xml b/src/chrome/content/rules/ThinkGeek.xml
deleted file mode 100644
index 4a0f2f125d99..000000000000
--- a/src/chrome/content/rules/ThinkGeek.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="ThinkGeek">
-        <target host="thinkgeek.com" />
-        <target host="*.thinkgeek.com" />
-
-        <rule from="^http://(?:www\.)?thinkgeek\.com/" to="https://www.thinkgeek.com/"/>
-        <securecookie host="^(.*\.)?thinkgeek\.com$" name=".*" />
-</ruleset>
diff --git a/src/chrome/content/rules/ThinkProgress.org.xml b/src/chrome/content/rules/ThinkProgress.org.xml
new file mode 100644
index 000000000000..36f9ec97f528
--- /dev/null
+++ b/src/chrome/content/rules/ThinkProgress.org.xml
@@ -0,0 +1,25 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+			 - lgbt.thinkprogress.org
+			 - pr.thinkprogress.org
+			 - wonkroom.thinkprogress.org
+			 - yglesias.thinkprogress.org
+
+		SSL peer certificate was not OK:
+			 - interactives.thinkprogress.org
+			 - video.thinkprogress.org
+
+		4xx client error:
+			 - bucket.thinkprogress.org
+			 - buckets.thinkprogress.org
+			 - s3.thinkprogress.org
+-->
+<ruleset name="ThinkProgress.org (partial)">
+	<target host="thinkprogress.org" />
+	<target host="www.thinkprogress.org" />
+	<target host="cdn.thinkprogress.org" />
+		<test url="http://cdn.thinkprogress.org/wp-content/uploads/2016/06/23143503/RYA16548.pdf" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ThinkUp.com.xml b/src/chrome/content/rules/ThinkUp.com.xml
new file mode 100644
index 000000000000..05989604cc7c
--- /dev/null
+++ b/src/chrome/content/rules/ThinkUp.com.xml
@@ -0,0 +1,17 @@
+<!--
+	Nonfunctional subdomains:
+
+		- blog *
+
+	* Refused
+
+-->
+<ruleset name="ThinkUp.com (partial)">
+
+	<target host="thinkup.com" />
+	<target host="www.thinkup.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ThinkWithGoogle.xml b/src/chrome/content/rules/ThinkWithGoogle.xml
new file mode 100644
index 000000000000..09775a431b4a
--- /dev/null
+++ b/src/chrome/content/rules/ThinkWithGoogle.xml
@@ -0,0 +1,14 @@
+<!--
+	For other Google coverage, see GoogleServices.xml.
+
+-->
+<ruleset name="Think with Google.com">
+
+	<target host="thinkwithgoogle.com" />
+	<target host="www.thinkwithgoogle.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ThinkingDiver.com.xml b/src/chrome/content/rules/ThinkingDiver.com.xml
new file mode 100644
index 000000000000..fe94ca7c9819
--- /dev/null
+++ b/src/chrome/content/rules/ThinkingDiver.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="ThinkingDiver.com">
+	<target host="thinkingdiver.com" />
+	<target host="www.thinkingdiver.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Thinking_Christian.xml b/src/chrome/content/rules/Thinking_Christian.xml
index a0b2d959f32f..67c6bcfc48cc 100644
--- a/src/chrome/content/rules/Thinking_Christian.xml
+++ b/src/chrome/content/rules/Thinking_Christian.xml
@@ -5,13 +5,13 @@
 <ruleset name="Thinking Christian">
 
 	<target host="thinkingchristian.net" />
-	<target host="*.thinkingchristian.net" />
+	<target host="www.thinkingchristian.net" />
 
 
 	<securecookie host="^(?:\.?www)?\.thinkingchristian\.net$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?thinkingchristian\.net/"
+	<rule from="^http://(?:www\.)?thinkingchristian\.net/"
 		to="https://www.thinkingchristian.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Thinkpads.com.xml b/src/chrome/content/rules/Thinkpads.com.xml
new file mode 100644
index 000000000000..29f6066fdf0b
--- /dev/null
+++ b/src/chrome/content/rules/Thinkpads.com.xml
@@ -0,0 +1,11 @@
+<!--
+	Related:
+		Lenovo.com.xml
+-->
+<ruleset name="Thinkpads.com">
+	<target host="thinkpads.com" />
+	<target host="www.thinkpads.com" />
+	<target host="forum.thinkpads.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Thinkwiki.org.xml b/src/chrome/content/rules/Thinkwiki.org.xml
new file mode 100644
index 000000000000..a9dc1658529a
--- /dev/null
+++ b/src/chrome/content/rules/Thinkwiki.org.xml
@@ -0,0 +1,6 @@
+<ruleset name="Thinkwiki.org">
+	<target host="thinkwiki.org" />
+	<target host="www.thinkwiki.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Third-Door-Media-mismatches.xml b/src/chrome/content/rules/Third-Door-Media-mismatches.xml
index 61ff53a04d5a..3144730f8351 100644
--- a/src/chrome/content/rules/Third-Door-Media-mismatches.xml
+++ b/src/chrome/content/rules/Third-Door-Media-mismatches.xml
@@ -1,4 +1,4 @@
-<ruleset name="Third Door Media (mismatches)" default_off="mismatch">
+<ruleset name="Third Door Media (mismatches)" default_off="mismatched">
 
 	<target host="thirddoormedia.com"/>
 	<target host="www.thirddoormedia.com"/>
diff --git a/src/chrome/content/rules/Third-Door-Media.xml b/src/chrome/content/rules/Third-Door-Media.xml
index 83514ab1b836..ce7ee111e5db 100644
--- a/src/chrome/content/rules/Third-Door-Media.xml
+++ b/src/chrome/content/rules/Third-Door-Media.xml
@@ -1,19 +1,24 @@
-<ruleset name="Third Door Media (partial)" platform="mixedcontent">
+<!--
+	Redirect to http:
+		(www.)searchengineland.com
+
+	Invalid certificate:
+		blog.searchmarketingexpo.com
+		blog.searchmarketingnow.com
+
+	Connection closed:
+		feeds.searchmarketingexpo.com
+		feeds.searchmarketingnow.com
+
+-->
+<ruleset name="Third Door Media (partial)">
 
-	<target host="searchengineland.com"/>
-	<target host="www.searchengineland.com"/>
 	<target host="searchmarketingexpo.com"/>
 	<target host="www.searchmarketingexpo.com"/>
 	<target host="searchmarketingnow.com"/>
 	<target host="www.searchmarketingnow.com"/>
 
-	<rule from="^http://www\.searchengineland\.com/"
-		to="https://www.searchengineland.com/"/>
-
-	<rule from="^http://searchengineland\.com/figz/"
-		to="https://searchengineland.com/figz/"/>
-
-	<rule from="^http://(www\.)?searchmarketing(expo|now)\.com/"
-		to="https://$1searchmarketing(expo|now).com/"/>
+	<rule from="^http:"
+		to="https:"/>
 
 </ruleset>
diff --git a/src/chrome/content/rules/ThirdAge.xml b/src/chrome/content/rules/ThirdAge.xml
index f3ad1f3af84c..b2e55021fba5 100644
--- a/src/chrome/content/rules/ThirdAge.xml
+++ b/src/chrome/content/rules/ThirdAge.xml
@@ -1,4 +1,10 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://thirdage.com/ => https://thirdage.com/: (60, 'SSL certificate problem: certificate has expired')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://thirdage.com/ => https://thirdage.com/: (7, 'Failed to connect to thirdage.com port 443: Connection refused')
 	CDN buckets:
 
 		- s3.amazonaws.com/shvideobkt/
@@ -18,16 +24,17 @@
 		- videos	(cert: *.onescreen.net; 403)
 
 -->
-<ruleset name="ThirdAge (partial)">
+<ruleset name="ThirdAge (partial)" default_off="failed ruleset test">
 
 	<target host="thirdage.com" />
-	<target host="*.thirdage.com" />
+	<target host="www.thirdage.com" />
+	<target host="ww3.thirdage.com" />
+	<target host="cast.thirdage.com" />
 
 
-	<rule from="^http://(ww[w3]\.)?thirdage\.com/"
-		to="https://$1thirdage.com/" />
 
-	<rule from="^https?://cast\.thirdage\.com/"
+	<rule from="^http://cast\.thirdage\.com/"
 		to="https://www.thirdage.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ThirdPresence.com.xml b/src/chrome/content/rules/ThirdPresence.com.xml
index 80df03e7610f..e0f7ef044dc5 100644
--- a/src/chrome/content/rules/ThirdPresence.com.xml
+++ b/src/chrome/content/rules/ThirdPresence.com.xml
@@ -20,4 +20,4 @@
 	<rule from="^http://files\.thirdpresence\.com/"
 		to="https://s3-eu-west-1.amazonaws.com/files.thirdpresence.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Thirty_Meter_Telescope.xml b/src/chrome/content/rules/Thirty_Meter_Telescope.xml
deleted file mode 100644
index 8772a8e9fb4b..000000000000
--- a/src/chrome/content/rules/Thirty_Meter_Telescope.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	At least some pages on www 404.  $ doesn't,
-	but does use protocol-relative links.
-
--->
-<ruleset name="Thirty Meter Telescope (partial)">
-
-	<target host="tmt.org" />
-	<target host="*.tmt.org" />
-		<exclusion pattern="^http://(?:www\.)?tmt\.org/(?!images/|sites/)" />
-
-
-	<securecookie host="^\.profiles\.tmt\.org$" name=".+" />
-
-
-	<rule from="^http://(profiles\.|project\.|www\.)?tmt\.org/"
-		to="https://$1tmt.org/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/ThisCatDoesNotExist.com.xml b/src/chrome/content/rules/ThisCatDoesNotExist.com.xml
new file mode 100644
index 000000000000..3f5aec9dd963
--- /dev/null
+++ b/src/chrome/content/rules/ThisCatDoesNotExist.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="ThisCatDoesNotExist.com">
+	<target host="thiscatdoesnotexist.com" />
+	<target host="www.thiscatdoesnotexist.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ThisCrazyTrain.com.xml b/src/chrome/content/rules/ThisCrazyTrain.com.xml
new file mode 100644
index 000000000000..d5ee85668542
--- /dev/null
+++ b/src/chrome/content/rules/ThisCrazyTrain.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="ThisCrazyTrain.com">
+	<target host="thiscrazytrain.com" />
+	<target host="www.thiscrazytrain.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ThisIsMyNext.xml b/src/chrome/content/rules/ThisIsMyNext.xml
index e20fec150dd0..118f3559399a 100644
--- a/src/chrome/content/rules/ThisIsMyNext.xml
+++ b/src/chrome/content/rules/ThisIsMyNext.xml
@@ -1,8 +1,25 @@
-<ruleset name="This is my next (buggy)" default_off="ssl_error_rx_record_too_long">
-  <target host="thisismynext.com" />
-  <target host="www.thisismynext.com" />
+<!--
+	(www.)?thisismynext.com: Refused
 
-  <securecookie host="^(.+\.)?thisismynext\.com$" name=".*"/>
+-->
+<ruleset name="This is my next.com">
+
+	<!--	Complications:
+				-->
+	<target host="thisismynext.com" />
+	<target host="www.thisismynext.com" />
+
+
+	<rule from="^http://(?:www\.)?thisismynext\.com/$"
+		to="https://www.theverge.com/reviews" />
+
+	<!--	Redirect keeps path, args,
+		amd forward slash:
+					-->
+	<rule from="^http://(?:www\.)?thisismynext\.com/"
+		to="https://www.theverge.com/reviews/" />
+
+		<test url="http://thisismynext.com//?foo" />
+		<test url="http://www.thisismynext.com//?foo" />
 
-  <rule from="^http://(?:www\.)?thisismynext\.com/" to="https://thisismynext.com/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/ThisPersonDoesNotExist.com.xml b/src/chrome/content/rules/ThisPersonDoesNotExist.com.xml
new file mode 100644
index 000000000000..f15ba00e0355
--- /dev/null
+++ b/src/chrome/content/rules/ThisPersonDoesNotExist.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="ThisPersonDoesNotExist.com">
+	<target host="thispersondoesnotexist.com" />
+	<target host="www.thispersondoesnotexist.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ThisWebHost.xml b/src/chrome/content/rules/ThisWebHost.xml
index 845ff72c0b80..7c155b05d45f 100644
--- a/src/chrome/content/rules/ThisWebHost.xml
+++ b/src/chrome/content/rules/ThisWebHost.xml
@@ -2,7 +2,7 @@
   <target host="thiswebhost.com" />
   <target host="www.thiswebhost.com" />
 
-  <securecookie host="^(.+\.)?thiswebhost\.com$" name=".*"/>
+  <securecookie host=".+" name=".+" />
 
-  <rule from="^http://(?:www\.)?thiswebhost\.com/" to="https://www.thiswebhost.com/"/>
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/ThisisColossal.com.xml b/src/chrome/content/rules/ThisisColossal.com.xml
index 6791ee38e60d..51b2c1fd32cd 100644
--- a/src/chrome/content/rules/ThisisColossal.com.xml
+++ b/src/chrome/content/rules/ThisisColossal.com.xml
@@ -1,34 +1,15 @@
 <!--
-	Problematic subdomains:
+	Nonfunctional subdomains:
 
-		- ^	(expored 2012-07-05, self-signed)
+		- (www.)? *
 
-
-	Mixed content:
-
-		- css, on www from:
-
-			- www *
-			- fonts.googleapis.com *
-
-		- Images, on www from:
-
-			- www *
-
-		- Ads/web bugs, on www from:
-
-			- www.facebook.com *
-			- s3.feedly.com *
-			- www.kickstarter.com *
-			- www.stumbleupon.com *
-
-	* Secured by us
+	* Refused
 
 -->
-<ruleset name="ThisisColossal.com (false MCB)" platform="mixedcontent">
+<ruleset name="ThisisColossal.com" default_off="refused">
 
 	<target host="colossal.com" />
-	<target host="*.colossal.com" />
+	<target host="www.colossal.com" />
 
 
 	<securecookie host="^\.colossal\.com$" name=".+" />
diff --git a/src/chrome/content/rules/Thomas-Krenn.com.xml b/src/chrome/content/rules/Thomas-Krenn.com.xml
new file mode 100644
index 000000000000..4dd234ccf4b8
--- /dev/null
+++ b/src/chrome/content/rules/Thomas-Krenn.com.xml
@@ -0,0 +1,28 @@
+<!--
+	^: Refused
+
+
+	Insecure cookies are set for these domains:
+
+		- www.thomas-krenn.com
+		- .www.thomas-krenn.com
+
+-->
+<ruleset name="Thomas-Krenn.com">
+
+	<target host="thomas-krenn.com" />
+	<target host="www.thomas-krenn.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.thomas-krenn\.com$" name="^(TKID|tk_country_code)" /-->
+	<!--securecookie host="^\.www\.thomas-krenn\.com$" name="^REDX_RESPONSIVE_DESKTOP$" /-->
+
+	<securecookie host="^\.?www\.thomas-krenn\.com$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?thomas-krenn\.com/"
+		to="https://www.thomas-krenn.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ThomasCook.xml b/src/chrome/content/rules/ThomasCook.xml
deleted file mode 100644
index a258deb1729e..000000000000
--- a/src/chrome/content/rules/ThomasCook.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="Thomas Cook" default_off="Site no longer exists">
-  <target host="thomascook.com" />
-  <target host="*.thomascook.com" />
-
-  <rule from="^http://thomascook\.com/"
-          to="https://thomascook.com/" />
-  <rule from="^http://(book|ww3|ww7|www)\.thomascook\.com/"
-          to="https://$1.thomascook.com/" />
-</ruleset>
diff --git a/src/chrome/content/rules/ThomasNet.com.xml b/src/chrome/content/rules/ThomasNet.com.xml
new file mode 100644
index 000000000000..9c18f3f538ad
--- /dev/null
+++ b/src/chrome/content/rules/ThomasNet.com.xml
@@ -0,0 +1,70 @@
+<!--
+	Other ThomasNet rulesets:
+
+		- Webtraxs.com.xml
+
+
+	Nonfunctional hosts in *thomasnet.com:
+
+		- ^ ¹
+		- cad ²
+		- careers ²
+		- certifications ²
+		- customquotes ³
+		- jobs ¹
+		- productsourcing ²
+		- www ²
+
+	¹ Refused
+	² Redirects to http
+	³ Dropped
+
+
+	Problematic hosts in *thomasnet.com:
+
+		- business ¹
+		- cfnewsads ²
+		- news ²
+		- promoteyourbusiness ³
+
+	¹ Akamai
+	² Cloudfront
+
+
+	Fully covered hosts in *thomasnet.com:
+
+		- cdn
+		- clientcenter
+
+
+	Insecure cookies are set for these hosts:
+
+		- clientcenter.thomasnet.com
+
+-->
+<ruleset name="ThomasNet.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="cdn.thomasnet.com" />
+	<target host="clientcenter.thomasnet.com" />
+
+	<!--	Complications:
+				-->
+	<!--target host="cfnewsads.thomasnet.com" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^clientcenter\.thomasnet\.com$" name="^(ASP\.NET_SessionId|AWSELB)$" /-->
+
+	<securecookie host="^clientcenter\.thomasnet\.com$" name=".+" />
+
+
+	<!--rule from="^http://cfnewsads\.thomasnet\.com/"
+		to="https://???.cloudfront.net/" /-->
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Thomas_Cook.com.xml b/src/chrome/content/rules/Thomas_Cook.com.xml
new file mode 100644
index 000000000000..4aa651a8f174
--- /dev/null
+++ b/src/chrome/content/rules/Thomas_Cook.com.xml
@@ -0,0 +1,30 @@
+<!--
+	Non-functional hosts
+		Timeout was reached:
+			 - www.thomascook.com.cn
+			 - cdn.thomascook.com
+			 - media.thomascook.com
+
+		SSL peer certificate was not OK:
+			 - travel.thomascook.com
+
+		Incomplete certificate chain error:
+			 - support.thomascook.com
+			 - tcselfservice.thomascook.com
+-->
+<ruleset name="Thomas Cook.com (partial)">
+	<target host="thomascook.com" />
+	<target host="www.thomascook.com" />
+	<target host="careers.thomascook.com" />
+	<target host="cruise.thomascook.com" />
+	<target host="giftoftravel.thomascook.com" />
+	<target host="scdn.thomascook.com" />
+		<test url="http://scdn.thomascook.com/resources/images/tch/logo-ie.png" />
+	<target host="tcsignature.thomascook.com" />
+	<target host="ww2.thomascook.com" />
+	<target host="ww7.thomascook.com" />
+	<target host="ww8.thomascook.com" />
+	<target host="ww9.thomascook.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Thompson.com.xml b/src/chrome/content/rules/Thompson.com.xml
index 281bc2e36be7..ce65b4b6d0f3 100644
--- a/src/chrome/content/rules/Thompson.com.xml
+++ b/src/chrome/content/rules/Thompson.com.xml
@@ -13,7 +13,6 @@
 	<securecookie host="^www\.thompson\.com$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?thompson\.com/"
-		to="https://www.thompson.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Thompson_Hotels.com-falsemixed.xml b/src/chrome/content/rules/Thompson_Hotels.com-falsemixed.xml
new file mode 100644
index 000000000000..57bc69fbb0b0
--- /dev/null
+++ b/src/chrome/content/rules/Thompson_Hotels.com-falsemixed.xml
@@ -0,0 +1,24 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://thompsonhotels.com/ => https://www.thompsonhotels.com/: (7, 'Failed to connect to www.thompsonhotels.com port 443: Connection refused')
+
+-->
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://thompsonhotels.com/ => https://www.thompsonhotels.com/: (52, 'Empty reply from server')
+
+	For rules not causing false/broken MCB, see Thompson_Hotels.com.xml.
+
+-->
+<ruleset name="Thompson Hotels.com (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
+
+	<target host="thompsonhotels.com" />
+	<target host="www.thompsonhotels.com" />
+
+
+	<rule from="^http://(?:www\.)?thompsonhotels\.com/"
+		to="https://www.thompsonhotels.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Thompson_Hotels.com.xml b/src/chrome/content/rules/Thompson_Hotels.com.xml
new file mode 100644
index 000000000000..ced0fd89fcbb
--- /dev/null
+++ b/src/chrome/content/rules/Thompson_Hotels.com.xml
@@ -0,0 +1,28 @@
+<!--
+	For rules causing false/broken MCB, see Thompson_Hotels.com-falsemixed.xml.
+
+
+	^: mismatched, CN: www.jdvhotels.com
+
+
+	Mixed content:
+
+		- css from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Thompson Hotels.com (partial)" default_off="redirect loop">
+
+	<target host="thompsonhotels.com" />
+	<target host="www.thompsonhotels.com" />
+		<!--
+			Avoid broken MCB:
+						-->
+		<exclusion pattern="^http://(?:www\.)?thompsonhotels\.com/+(?!content/)" />
+
+
+	<rule from="^http://(?:www\.)?thompsonhotels\.com/"
+		to="https://www.thompsonhotels.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Thomson-Reuters-clients.xml b/src/chrome/content/rules/Thomson-Reuters-clients.xml
deleted file mode 100644
index b24b597de3b6..000000000000
--- a/src/chrome/content/rules/Thomson-Reuters-clients.xml
+++ /dev/null
@@ -1,29 +0,0 @@
-<!--
-	This ruleset is for clients of corporate-ir.net
-	that have no other rules off by default.
-
-
-	thomsonreuters.com/products_services/financial/financial_products/corporate_services/investor_relations/
-
--->
-<ruleset name="Thomson Reuters clients" default_off="mismatch">
-
-	<target host="investors.marchex.com" />
-	<target host="ir.monster.com" />
-	<target host="*.radioshackcorporation.com" />
-	<target host="investor.visa.com" />
-
-
-	<rule from="^http://investors\.marchex\.com/"
-		to="https://phx.corporate-ir.net/" />
-
-	<rule from="^https?://ir\.monster\.com/"
-		to="https://phx.corporate-ir.net/" />
-
-	<rule from="^https?://(?:ir|media)\.radioshackcorporation\.com/"
-		to="https://phx.corporate-ir.net/" />
-
-	<rule from="^https?://investor\.visa\.com/"
-		to="https://phx.corporate-ir.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Thomson-Reuters-mismatches.xml b/src/chrome/content/rules/Thomson-Reuters-mismatches.xml
index c7405fd5efb1..04a24f36ff26 100644
--- a/src/chrome/content/rules/Thomson-Reuters-mismatches.xml
+++ b/src/chrome/content/rules/Thomson-Reuters-mismatches.xml
@@ -10,26 +10,10 @@
 		a1768.g.akamai.net
 
 -->
-<ruleset name="Thomson Reuters (mismatches)" default_off="mismatch">
+<ruleset name="Thomson Reuters (mismatches)" default_off="mismatched">
 
         <target host="investor.marvell.com" />
-	<!--	Akamai	-->
-	<target host="s1.reutersmedia.net" />
-	<target host="s2.reutersmedia.net" />
-	<target host="s3.reutersmedia.net" />
-	<target host="s4.reutersmedia.net" />
-		<!--
-			Handled in Reuters.com.xml:
-							-->
-		<exclusion pattern="^http://s[1-4]\.reutersmedia\.net/(?:resources/(?:images|media|r)|resources_v2/(?:image|j)s)/" />
 
-
-        <rule from="^http://investor\.marvell\.com/"
-                to="https://investor.marvell.com/"/>
-
-	<!--	Data appear the same for all s\d, so
-		minimize the number of exceptions needed.	-->
-	<rule from="^https?://s[1-4]\.reutersmedia\.net/"
-		to="https://s1.reutersmedia.net/" />
+        <rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Thomson-Reuters.xml b/src/chrome/content/rules/Thomson-Reuters.xml
index 64db1d966103..6fdd5dd0e24f 100644
--- a/src/chrome/content/rules/Thomson-Reuters.xml
+++ b/src/chrome/content/rules/Thomson-Reuters.xml
@@ -1,57 +1,318 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://admin.checkpoint.thomsonreuters.com/ => https://admin.checkpoint.thomsonreuters.com/: (6, 'Could not resolve host: admin.checkpoint.thomsonreuters.com')
+
+	For rules covering resources which do not secure
+	mixed content, see thomsonreuters.com-resources.xml.
+
 	For problematic rules, see Thomson-Reuters-mismatches.xml.
 
 
 	Other Thomson Reuters rulesets:
 
+		- accelus.com.xml
+		- breakingviews.com.xml
 		- Corporate-ir.net.xml
 		- EndNote_Web.xml
 		- Mark-Monitor.xml
 		- Reuters.com.xml
+		- reuters.tv.xml
+		- ScholarOne.xml
+		- Thomson.com.xml
+		- thomsoninnovation.com.xml
+		- thomsonreuters.com.ar.xml
 		- Web_of_Knowledge.xml
+		- Westlaw.com.xml
 
 
-	counterparties-assets.s3.amazonaws.com
+	CDN buckets:
+
+		- counterparties-assets.s3.amazonaws.com
+		- lifesciences.innerve8ltd.netdna-cdn.com
 
 
 	Nonfunctional domains:
 
 		- (www.)ccbn.com
 		- (www.)counterparties.com
-		- (www.)reuters.com		(sec_error_reused_issuer_and_serial)
-		- ip-science.thomsonreuters.com
+
+		- blog ⁵
+		- careers.thomsonreuters.com ³
+		- cmr ⁴
+		- compumark ⁵
+		- developercenter.thomsonreuters.com ⁴
+		- eximius ᵖ
+		- financial ᵃ
+		- innovation ᵃ
+		- ip ⁵
+		- ip-science.thomsonreuters.com ⁵
+		- ipscience ⁴
+		- lifesciences.thomsonreuters.com ⁵
+		- refscan ⁴
+		- science.thomsonreuters.com ⁵
+		- scientific ³
 		- staging.thomsonreuters.com
-		- (www.)thomsonreuters.com
+		- stateofinnovation ⁴
+		- trademarks ⁵
+
+	ᵃ Shows another domain
+	³ Shows insidecareers
+	⁴ Dropped
+	ᵖ Plaintext reply
+	⁵ Refused
+
+
+	Problematic hosts in *thomsonreuters.com:
+
+		- corepublishingsolutions ᵐ
+		- blog.corepublishingsolutions ᵐ
+		- endnote ᵐ ˢ
+		- excellence ᵐ
+		- interest.ip ¹
+		- lifesciences ᵐ ˢ
+		- lresearch ³
+		- mena ᵐ
+		- nz ᵐ
+		- online ᵐ
+		- recap ᵐ ˢ
+		- osu.researchinview ᶜ
+		- interest.science ¹
+		- sustainability ᵐ
+		- wosac ᵐ ˢ
 
+	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
+	ᵐ Mismatched
+	ˢ Self-signed
+	¹ Eloqua
+	³ Mismatched, CN: *.genego.com
 
-	Fully covered domains:
 
+	Partially covered hosts in *thomsonreuters.com:
+
+		- legalsolutions *
+		- uklawstudent *
+
+	* Some pages redirect to http
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- .thomsonreuters.com
+		- annual-report.thomsonreuters.com
+		- blogs.thomsonreuters.com
+
+		- admin.checkpoint.thomsonreuters.com
+		- billingsupport.checkpoint.thomsonreuters.com
+		- ebill.checkpoint.thomsonreuters.com
+		- support.checkpoint.thomsonreuters.com
+
+		- checkpointlearning.thomsonreuters.com
+		- datastream.thomsonreuters.com
+		- developers.thomsonreuters.com
+		- community.developers.thomsonreuters.com
+		- fmc.thomsonreuters.com
+		- fnis.thomsonreuters.com
+		- fntr.thomsonreuters.com
+		- forms.thomsonreuters.com
+		- assets.gcs.thomsonreuters.com
+		- iamam.thomsonreuters.com
+		- error.incites.thomsonreuters.com
+		- esi.incites.thomsonreuters.com
+		- jcr.incites.thomsonreuters.com
+		- legalsolutions.thomsonreuters.com
 		- info.legalsolutions.thomsonreuters.com
+		- myaccount.thomsonreuters.com
+		- proview.thomsonreuters.com
+		- osu.researchinview.thomsonreuters.com
+		- support.rg.thomsonreuters.com
+		- ria.thomsonreuters.com
+		- signin.thomsonreuters.com
+		- signon.thomsonreuters.com
+		- tax.thomsonreuters.com
+		- thehub.thomsonreuters.com
+		- tickhistory.thomsonreuters.com
+		- updates.thomsonreuters.com
+		- www.thomsonreuters.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css on sustainability from assets.gcs.thomsonreuters.com * ˢ
+		- Images on interest.science from science ³
+		- Bug on customers from statse.webtrendslive.com ˢ
+
+	* Only fonts
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+	³ Unsecurable <= refused
 
 -->
-<ruleset name="Thomson Reuters (partial)">
+<ruleset name="Thomson Reuters.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="thomsonreuters.com" />
+	<target host="aeddo.thomsonreuters.com" />
+	<target host="annual-report.thomsonreuters.com" />
+	<target host="blogs.thomsonreuters.com" />
+
+	<target host="admin.checkpoint.thomsonreuters.com" />
+	<target host="billingsupport.checkpoint.thomsonreuters.com" />
+	<target host="ebill.checkpoint.thomsonreuters.com" />
+	<target host="support.checkpoint.thomsonreuters.com" />
+
+	<target host="checkpointlearning.thomsonreuters.com" />
+	<target host="cl.thomsonreuters.com" />
+	<target host="clear.thomsonreuters.com" />
+	<target host="cs.thomsonreuters.com" />
+	<target host="customers.thomsonreuters.com" />
+	<target host="datastream.thomsonreuters.com" />
+	<target host="developers.thomsonreuters.com" />
+	<target host="community.developers.thomsonreuters.com" />
+	<target host="fmc.thomsonreuters.com" />
+	<target host="fnis.thomsonreuters.com" />
+	<target host="fntr.thomsonreuters.com" />
+	<target host="forms.thomsonreuters.com" />
+	<target host="assets.gcs.thomsonreuters.com" />
+	<target host="iamam.thomsonreuters.com" />
+	<target host="incites.thomsonreuters.com" />
+
+	<target host="error.incites.thomsonreuters.com" />
+	<target host="esi.incites.thomsonreuters.com" />
+	<target host="jcr.incites.thomsonreuters.com" />
+	<target host="login.incites.thomsonreuters.com" />
+
+	<target host="infobase.thomsonreuters.com" />
+	<target host="insider.thomsonreuters.com" />
+	<target host="embed.insider.thomsonreuters.com" />
+	<target host="jobs.thomsonreuters.com" />
+	<!--target host="legalsolutions.thomsonreuters.com" /-->
+	<target host="info.legalsolutions.thomsonreuters.com" />
+	<target host="static.legalsolutions.thomsonreuters.com" />
+	<target host="mifidii.thomsonreuters.com" />
+	<target host="myaccount.thomsonreuters.com" />
+	<target host="newsandinsight.thomsonreuters.com" />
+	<target host="peermonitor.thomsonreuters.com" />
+	<target host="permid.thomsonreuters.com" />
+	<target host="proview.thomsonreuters.com" />
+	<target host="info.proview.thomsonreuters.com" />
+	<!--target host="osu.researchinview.thomsonreuters.com" /-->
+	<target host="support.rg.thomsonreuters.com" />
+	<target host="ria.thomsonreuters.com" />
+	<target host="risk.thomsonreuters.com" />
+	<target host="sa-proview.thomsonreuters.com" />
+	<target host="signin.thomsonreuters.com" />
+	<target host="signon.thomsonreuters.com" />
+	<target host="tax.thomsonreuters.com" />
+	<target host="thehub.thomsonreuters.com" />
+	<target host="tickhistory.thomsonreuters.com" />
+	<!--target host="uklawstudent.thomsonreuters.com" /-->
+	<target host="updates.thomsonreuters.com" />
+	<target host="www.thomsonreuters.com" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://legalsolutions\.thomsonreuters\.com/law-products/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="^http://legalsolutions\.thomsonreuters\.com/(?!/*(?:favicon\.ico|law-products/(?:_ui|onlineopinionV5|static|stylesheets)/|medias/))" /-->
+
+			<!--	+ve:
+
+			<test url="http://legalsolutions.thomsonreuters.com/law-products/" />
+			<test url="http://legalsolutions.thomsonreuters.com/law-products/jurisdictions/" />
+			<test url="http://legalsolutions.thomsonreuters.com/law-products/law-books/blacks-law-dictionary" />
+			<test url="http://legalsolutions.thomsonreuters.com/law-products/law-books/collections/finplan" />
+			<test url="http://legalsolutions.thomsonreuters.com/law-products/law-products/customer-service/onepass" />
+			<test url="http://legalsolutions.thomsonreuters.com/law-products/practice/" />
+			<test url="http://legalsolutions.thomsonreuters.com/law-products/westlaw-legal-research/training-support" />
+			-->
+
+			<!--	-ve:
+
+			<test url="http://legalsolutions.thomsonreuters.com/favicon.ico" />
+			<test url="http://legalsolutions.thomsonreuters.com/law-products/_ui/blueprint/print.css" />
+			<test url="http://legalsolutions.thomsonreuters.com/law-products/onlineopinionV5/oo_style.css" />
+			<test url="http://legalsolutions.thomsonreuters.com/law-products/static/ui/swc/screen.css" />
+			<test url="http://legalsolutions.thomsonreuters.com/law-products/stylesheets/themes/redmond/jquery-ui-1.8.9.custom.css" />
+			-->
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://uklawstudent\.thomsonreuters\.com/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="^http://uklawstudent\.thomsonreuters\.com/(?!/*wp-content/)" /-->
+
+			<!--	+ve:
+					-->
+			<!--
+			<test url="http://uklawstudent.thomsonreuters.com/blog/" />
+			<test url="http://uklawstudent.thomsonreuters.com/learn-the-law/" />
+			-->
+
+			<!--	-ve:
+					-->
+			<!--
+			<test url="http://uklawstudent.thomsonreuters.com/wp-content/themes/tr-alpha/resources/images/widget-background.png" />
+			-->
+
+		<test url="http://assets.gcs.thomsonreuters.com/fonts?variants=regular|bold" />
+		<test url="http://embed.insider.thomsonreuters.com/kwf/widget/caas/instanceid/0_97kgfhgw/cid/0_n1ukq68u/layout/player/features/notranscript" />
+		<test url="http://sa-proview.thomsonreuters.com/eReaderStaticContent_32.5.1002/images/loginECommerce/arrow_up_gray.png" />
+		<test url="http://static.legalsolutions.thomsonreuters.com/static/icons/oo_icon.gif" />
+
+		<!--	$ 500s, so:
+					-->
+		<test url="http://datastream.thomsonreuters.com/dsws/1.0/DSLogon.aspx" />
 
-	<target host="*.west.thomson.com" />
-	<target host="*.thomsonreuters.com" />
-	<target host="*.westlaw.com" />
-	<target host="images.store.westlaw.com" />
+		<!--	$ 403s, so:
+					-->
+		<test url="http://fnis.thomsonreuters.com/mbl/" />
 
+		<!--	Set cookies without Secure:
+							-->
+		<!--test url="http://forms.thomsonreuters.com/bankcapital12/" /-->
+		<!--test url="http://iamam.thomsonreuters.com/auth/UI/Login" /-->
+		<!--test url="http://myaccount.thomsonreuters.com/MYACCOUNT/AccessControl/AccessControl/SignIn" /-->
+		<!--test url="http://signin.thomsonreuters.com/?productid=ECMLTC&amp;returnto=http%3A%2F%2Flegalsolutions.thomsonreuters.com%2Flaw-products%2F" /-->
 
-	<securecookie host="^(images|myaccount)\.west\.thomson\.com$" name=".*" />
-	<securecookie host="^info\.legalsolutions\.thomsonreuters\.com$" name=".+" />
-	<securecookie host="^store\.westlaw\.com$" name=".*" />
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.thomsonreuters\.com$" name="^(?:CplReturnUrl|amlbcookie|trAuthCookie)$" /-->
+	<!--securecookie host="^(?:annual-report|blogs|assets\.gcs|updates)\.thomsonreuters\.com$" name="^X-Mapping-" /-->
+	<!--securecookie host="^admin\.checkpoint\.thomsonreuters\.com$" name="^(?:JSESSIONID$|oam\.Flash\.REDIRECT|oam\.Flash\.RENDERMAP\.TOKEN|platform-id)$" /-->
+	<!--securecookie host="^billingsupport\.checkpoint\.thomsonreuters\.com$" name="^KSBilling_Cookie$" /-->
+	<!--securecookie host="^(?:ebill\.checkpoint|developers|iamam|tickhistory)\.thomsonreuters\.com$" name="^BIGipServerpool" /-->
+	<!--securecookie host="^(?:support\.checkpoint|fnis)\.thomsonreuters\.com$" name="^(?:ASPSESSIONID[A-Z]{8}$|BIGipServer)" /-->
+	<!--securecookie host="^checkpointlearning\.thomsonreuters\.com$" name="^(?:ASP\.NET_SessionId$|BIGipServerpool)" /-->
+	<!--securecookie host="^customers\.thomsonreuters\.com$" name="^(?:ASP\.NET_SessionId|CZAR1)$" /-->
+	<!--securecookie host="^community\.developers\.thomsonreuters\.com$" name="^AWSELB$" /-->
+	<!--securecookie host="^fmc\.thomsonreuters\.com$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^(?:fntr|ria)\.thomsonreuters\.com$" name="^(?:BIGipServerpool|TS[\da-f]{8}$)" /-->
+	<!--securecookie host="^forms\.thomsonreuters\.com$" name="^(?:ASP\.NET_SessionId$|X-Mapping-)" /-->
+	<!--securecookie host="^(?:error\.incites|legalsolutions|proview|www)\.thomsonreuters\.com$" name="^JSESSIONID$" /-->
+	<!--securecookie host="^(?:esi|jcr)\.incites\.thomsonreuters\.com$" name="^(?:BIGipServer|JSESSIONID$)" /-->
+	<!--securecookie host="^(?:info\.legalsolutions|support\.rg)\.thomsonreuters\.com$" name="^ASPSESSIONID[A-Z]{8}$" /-->
+	<!--securecookie host="^myaccount\.thomsonreuters\.com$" name="^(?:\.MYACCOUNT|MA_ASP\.NET_SessionId)$" /-->
+	<!--securecookie host="^osu\.researchinview\.thomsonreuters\.com$" name="^(?:_AIMSSESSION$|BIGipServerpool)" /-->
+	<!--securecookie host="^sign[io]n\.thomsonreuters\.com$" name="^(bhCookiePerm|bhCookieSess)$" /-->
+	<!--securecookie host="^tax\.thomsonreuters\.com$" name="^(?:BIGipServerpool|PHPSESSID$)" /-->
+	<!--securecookie host="^thehub\.thomsonreuters\.com$" name="^(?:BIGipServerpool|jive\.login\.ts$|jive\.security\.context$)" /-->
 
-	<rule from="^http://myaccount\.west\.thomson\.com/"
-		to="https://myaccount.west.thomson.com/" />
+	<securecookie host="^\." name="^_(?:_qca$|gat?$|gat_)" />
+	<securecookie host="^(?!legalsolutions\.)\w" name=".+" />
 
-	<rule from="^http://info\.legalsolutions\.thomsonreuters\.com/"
-		to="https://info.legalsolutions.thomsonreuters.com/" />
 
-	<rule from="^http://newsandinsight\.thomsonreuters\.com/(favicon\.ico$|(?:Help|Legal/Login|PrivacyPolicy|TermsOfUse)\.aspx|uploadedimages/|UserSettings\.aspx|Web/)"
-		to="https://newsandinsight.thomsonreuters.com/$1" />
+	<!--rule from="^http://lresearch\.thomsonreuters\.com/(?=static/)"
+		to="https://???.genego.com/" /-->
 
-	<rule from="^http://(onepass|(?:images\.)?store)\.westlaw\.com/"
-		to="https://$1.westlaw.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Thomson.com.xml b/src/chrome/content/rules/Thomson.com.xml
new file mode 100644
index 000000000000..0c93f8ed5804
--- /dev/null
+++ b/src/chrome/content/rules/Thomson.com.xml
@@ -0,0 +1,77 @@
+<!--
+	For other Thomson Reuters coverage, see Thomson-Reuters.xml.
+
+
+	Nonfunctional hosts in *thomson.com:
+
+		- dashboard.compumark ʳ
+
+	ʳ Refused
+
+
+	Problematic hosts in *thomson.com:
+
+		- myaccount.west ᵐ
+
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- managementconsole.thomson.com
+		- peermonitor.thomson.com
+		- safe.thomson.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Thomson.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="managementconsole.thomson.com" />
+	<target host="peermonitor.thomson.com" />
+	<target host="safe.thomson.com" />
+
+		<!--	Sets cookie without Secure:
+							-->
+		<!--test url="http://peermonitor.thomsonreuters.com/PrivateRatesAdmin/updatepassword.jsp" /-->
+		<!--test url="http://safe.thomson.com/auth/router?action=Login&amp;TARGET=$SM$https%3a%2f%2fsafe%2ethomson%2ecom%2fSAML2%2fsso%2fSAML2Service" /-->
+
+	<!--	Complications:
+				-->
+	<target host="myaccount.west.thomson.com" />
+
+		<exclusion pattern="^http://myaccount\.west\.thomson\.com/(?!/*(?:$|\?|myaccount/default\.aspx))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://myaccount.west.thomson.com/default.asp" />
+			<test url="http://myaccount.west.thomson.com/default.aspx" />
+			<test url="http://myaccount.west.thomson.com/favicon.ico" />
+			<test url="http://myaccount.west.thomson.com/index.htm" />
+			<test url="http://myaccount.west.thomson.com/index.html" />
+			<test url="http://myaccount.west.thomson.com/index.php" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^managementconsole\.thomson\.com$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^peermonitor\.thomson\.com$" name="^JSESSIONID$" /-->
+	<!--securecookie host="^safe\.thomson\.com$" name="^(BIGipServerSAFE-443|JSESSIONID|safe2\.protectionlevel|safe2\.target)$" /-->
+
+	<!--securecookie host="^images\.west\.thomson\.com$" name="." /-->
+	<securecookie host="^(?!myaccount\.west\.)\w" name=".+" />
+
+
+	<!--	Redirect drops all:
+					-->
+	<rule from="^http://myaccount\.west\.thomson\.com/.*"
+		to="https://myaccount.thomsonreuters.com/westlaw" />
+
+		<test url="http://myaccount.west.thomson.com/?" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Thorpe-Park.xml b/src/chrome/content/rules/Thorpe-Park.xml
new file mode 100644
index 000000000000..3f7c9890b983
--- /dev/null
+++ b/src/chrome/content/rules/Thorpe-Park.xml
@@ -0,0 +1,21 @@
+<!--
+	For other Merlin Entertainments coverage, see Merlin-Entertainments.xml.
+
+	Nonfunctional domain:
+		- $self				(timeout)
+		- secure			(cert mismatch, CN: secure.shreksadventure.com)
+		- thorpeparkjobs.com		(connection refused)
+-->
+<ruleset name="Thorpe Park">
+	<target host="thorpepark.com" />
+	<target host="www.thorpepark.com" />
+
+	<securecookie host="www\.thorpepark\.com$" name=".+" />
+
+	<!-- Timeout: -->
+	<rule from="^http://thorpepark\.com/"
+		to="https://www.thorpepark.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ThoughtStreams.io.xml b/src/chrome/content/rules/ThoughtStreams.io.xml
new file mode 100644
index 000000000000..582ad03a14ff
--- /dev/null
+++ b/src/chrome/content/rules/ThoughtStreams.io.xml
@@ -0,0 +1,20 @@
+<!--
+	www: Refused (cf. 400 over http)
+
+-->
+<ruleset name="ThoughtStreams.io">
+
+	<target host="thoughtstreams.io" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^thoughtstreams\.io$" name="^(csrftoken|sessionid)$" /-->
+
+	<securecookie host="^thoughtstreams\.io$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ThoughtWorks.com.xml b/src/chrome/content/rules/ThoughtWorks.com.xml
new file mode 100644
index 000000000000..1fb09fbe92be
--- /dev/null
+++ b/src/chrome/content/rules/ThoughtWorks.com.xml
@@ -0,0 +1,27 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- info.thoughtworks.com
+		- www.thoughtworks.com
+
+-->
+<ruleset name="ThoughtWorks.com">
+
+	<target host="thoughtworks.com" />
+	<target host="info.thoughtworks.com" />
+	<target host="www.thoughtworks.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="info\.thoughtworks\.com" name="^RSMKTO1$" /-->
+	<!--securecookie host="www\.thoughtworks\.com" name="^rack\.session$" /-->
+
+	<securecookie host="^\w" name=".+" />
+	<securecookie host="^\." name="^_gat?$" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Thoughtbot.com.xml b/src/chrome/content/rules/Thoughtbot.com.xml
new file mode 100644
index 000000000000..a616425e7462
--- /dev/null
+++ b/src/chrome/content/rules/Thoughtbot.com.xml
@@ -0,0 +1,23 @@
+<!--
+	Other thoughtbot rulesets:
+
+		- FormKeep.com.xml
+		- Hound_CI.com.xml
+		- Upcase.com
+
+-->
+<ruleset name="thoughtbot.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="thoughtbot.com" />
+	<target host="font.thoughtbot.com" />
+	<target host="images.thoughtbot.com" />
+	<target host="robots.thoughtbot.com" />
+	<target host="www.thoughtbot.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Thp.io.xml b/src/chrome/content/rules/Thp.io.xml
index f5cbac3cd0a3..701077e24c52 100644
--- a/src/chrome/content/rules/Thp.io.xml
+++ b/src/chrome/content/rules/Thp.io.xml
@@ -1,16 +1,20 @@
 <!--
-	Problematic subdomains:
-
-		- www	(cert only matches ^thp.io)
+	Invalid certificate:
+		www.thp.io
+		o.thp.io
+		sulu.thp.io
 
 -->
 <ruleset name="thp.io">
 
 	<target host="thp.io" />
 	<target host="www.thp.io" />
+	<target host="i.thp.io" />
 
-
-	<rule from="^http://(?:www\.)?thp\.io/"
+	<rule from="^http://www\.thp\.io/"
 		to="https://thp.io/" />
 
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/Thread.com.xml b/src/chrome/content/rules/Thread.com.xml
new file mode 100644
index 000000000000..42034c084924
--- /dev/null
+++ b/src/chrome/content/rules/Thread.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="Thread.com">
+
+	<target host="thread.com" />
+	<target host="www.thread.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ThreadReaderApp.com.xml b/src/chrome/content/rules/ThreadReaderApp.com.xml
new file mode 100644
index 000000000000..0e3a1fd7ae2f
--- /dev/null
+++ b/src/chrome/content/rules/ThreadReaderApp.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="ThreadReaderApp.com">
+	<target host="threadreaderapp.com" />
+	<target host="www.threadreaderapp.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Threading-Building-Blocks.xml b/src/chrome/content/rules/Threading-Building-Blocks.xml
index d34b95598c4f..8a3292203668 100644
--- a/src/chrome/content/rules/Threading-Building-Blocks.xml
+++ b/src/chrome/content/rules/Threading-Building-Blocks.xml
@@ -1,19 +1,23 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://threadingbuildingblocks.org/ => https://threadingbuildingblocks.org/: (7, 'Failed to connect to threadingbuildingblocks.org port 443: Connection refused')
+
 	For other Intel coverage, see Intel.xml.
 
 -->
-<ruleset name="Threading Building Blocks">
+<ruleset name="Threading Building Blocks.org" default_off="failed ruleset test">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="threadingbuildingblocks.org" />
-	<!--	* for cross-domain cookie.	-->
-	<target host="*.threadingbuildingblocks.org" />
+	<target host="www.threadingbuildingblocks.org" />
 
 
-	<securecookie host="^\.threadingbuildingblocks\.org$" name=".*" />
+	<securecookie host="^\.threadingbuildingblocks\.org$" name=".+" />
 
 
-	<!--	Cert only matches //threadi...	-->
-	<rule from="^https?://(?:www\.)?threadingbuildingblocks\.org/"
-		to="https://threadingbuildingblocks.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Threat2Alert.com.xml b/src/chrome/content/rules/Threat2Alert.com.xml
new file mode 100644
index 000000000000..994031b2c32d
--- /dev/null
+++ b/src/chrome/content/rules/Threat2Alert.com.xml
@@ -0,0 +1,33 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://threat2alert.com/ => https://threat2alert.com/: (6, 'Could not resolve host: threat2alert.com')
+
+	For other Nettitude coverage, see Nettitude.co.uk.xml.
+
+
+	Insecure cookies are set for these hosts:
+
+		- threat2alert.com
+		- www.threat2alert.com
+
+-->
+<ruleset name="Threat2Alert.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="threat2alert.com" />
+	<target host="www.threat2alert.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.threat2alert\.com$" name="^(?:PHPSESSID|wfvt_\d+)$" /-->
+
+	<securecookie host="^www\.threat2alert\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ThreatMetrix.com.xml b/src/chrome/content/rules/ThreatMetrix.com.xml
new file mode 100644
index 000000000000..340ae1a56061
--- /dev/null
+++ b/src/chrome/content/rules/ThreatMetrix.com.xml
@@ -0,0 +1,50 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+			 - autodiscover.threatmetrix.com
+			 - go.threatmetrix.com
+			 - portal2-qa2.threatmetrix.com
+			 - portal3.threatmetrix.com
+			 - tardis.threatmetrix.com
+
+		Timeout was reached:
+			 - ccc.threatmetrix.com
+			 - us-oem1.delivery.threatmetrix.com
+			 - us-oem2.delivery.threatmetrix.com
+			 - mail.threatmetrix.com
+			 - portal2-am1.threatmetrix.com
+			 - reporting-qa1.threatmetrix.com
+			 - reporting2.threatmetrix.com
+			 - smtp.threatmetrix.com
+
+		SSL peer certificate was not OK:
+			 - dataviz.threatmetrix.com
+			 - explore.threatmetrix.com
+
+		Incomplete certificate chain error:
+			 - portal2-qaperf2.threatmetrix.com
+
+		4xx client error:
+			 - cas.threatmetrix.com
+			 - demonstration.threatmetrix.com
+			 - reporting-qa2.threatmetrix.com
+			 - sso-qa1.threatmetrix.com
+			 - sso-qaperf2.threatmetrix.com
+			 - tdmobile.threatmetrix.com
+-->
+<ruleset name="Threat Metrix.com (partial)">
+	<target host="threatmetrix.com" />
+	<target host="www.threatmetrix.com" />
+	<target host="ask.threatmetrix.com" />
+	<target host="info.threatmetrix.com" />
+	<target host="jasper-qa1.threatmetrix.com" />
+	<target host="kb.threatmetrix.com" />
+	<target host="portal.threatmetrix.com" />
+	<target host="portal-qa1.threatmetrix.com" />
+	<target host="portal2.threatmetrix.com" />
+	<target host="portal2-qa1.threatmetrix.com" />
+	<target host="report.threatmetrix.com" />
+	<target host="reporting.threatmetrix.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ThreatPost.xml b/src/chrome/content/rules/ThreatPost.xml
index ced57723444b..73f61b43b682 100644
--- a/src/chrome/content/rules/ThreatPost.xml
+++ b/src/chrome/content/rules/ThreatPost.xml
@@ -4,33 +4,22 @@
 		- trtpost.wpengine.netdna-cdn.com
 
 
-	Problematic subdomains:
-
-		- www	(wpengine)
-
-
 	Fully covered subdomains:
 
-		- (www.)	(www → ^)
-
+		- (www.)
 
-	Mixed content:
-
-		- css on ^ from fonts.googleapis.com *
+-->
+<ruleset name="ThreatPost.com">
 
-		- Images on www from kasperskycontenthub.com *
+	<target host="threatpost.com" />
+	<target host="www.threatpost.com" />
 
-		- Web bug from api.google.com *
 
-	* Secured by us
+	<!--securecookie host="^\.threatpost\.com$" name="^(_ga|__qca)$" /-->
+	<securecookie host="^\.?threatpost\.com$" name=".+" />
 
--->
-<ruleset name="ThreatPost">
-  <target host="threatpost.com" />
-  <target host="*.threatpost.com" />
 
-	<!--securecookie host="^\.threatpost\.com$" name="^(_ga|__qca)" /-->
-  <securecookie host="^(.*\.)?threatpost\.com$" name=".*"/>
+	<rule from="^http:"
+		to="https:" />
 
-  <rule from="^http://(?:www\.)?threatpost\.com/" to="https://threatpost.com/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/ThreatTrack_Security.com.xml b/src/chrome/content/rules/ThreatTrack_Security.com.xml
index fbea676c9fc3..491e2b68e44c 100644
--- a/src/chrome/content/rules/ThreatTrack_Security.com.xml
+++ b/src/chrome/content/rules/ThreatTrack_Security.com.xml
@@ -1,10 +1,19 @@
-<ruleset name="ThreatTrack Security.com">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://threattracksecurity.com/ => https://threattracksecurity.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.threattracksecurity.com/ => https://www.threattracksecurity.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://threattracksecurity.com/ => https://threattracksecurity.com/: Cycle detected - URL already encountered: https://www.threattracksecurity.com/
+Fetch error: http://www.threattracksecurity.com/ => https://www.threattracksecurity.com/: Cycle detected - URL already encountered: https://www.threattracksecurity.com/
+-->
+<ruleset name="ThreatTrack Security.com" default_off="failed ruleset test">
 
 	<target host="threattracksecurity.com" />
 	<target host="www.threattracksecurity.com" />
 
 
-	<rule from="^http://(www\.)?threattracksecurity\.com/"
-		to="https://$1threattracksecurity.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Threatpost.ru.xml b/src/chrome/content/rules/Threatpost.ru.xml
new file mode 100644
index 000000000000..590936879055
--- /dev/null
+++ b/src/chrome/content/rules/Threatpost.ru.xml
@@ -0,0 +1,28 @@
+<!--
+	For other Kaspersky coverage, see Kaspersky.com.xml.
+
+
+	www: Mismatched, CN: threatpost.com
+
+
+	Insecure cookies are set for these domains:
+
+		- threatpost.ru
+
+-->
+<ruleset name="Threatpost.ru">
+
+	<target host="threatpost.ru" />
+	<target host="www.threatpost.ru" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^threatpost\.ru$" name="^X-Mapping-\w{8}$" /-->
+
+	<securecookie host="^threatpost\.ru$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Three.xml b/src/chrome/content/rules/Three.xml
index 82c45f9343ec..b8e0b25c6006 100644
--- a/src/chrome/content/rules/Three.xml
+++ b/src/chrome/content/rules/Three.xml
@@ -1,4 +1,14 @@
-<ruleset name="Three" platform="mixedcontent">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://three.ie/ => https://www.three.ie/: Too many redirects while fetching 'https://www.three.ie/'
+Fetch error: http://www.three.ie/ => https://www.three.ie/: Too many redirects while fetching 'https://www.three.ie/'
+Fetch error: http://threestore.three.co.uk/ => https://threestore.three.co.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'threestore.three.co.uk'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://threestore.three.co.uk/ => https://threestore.three.co.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'threestore.three.co.uk'")
+-->
+<ruleset name="Three" platform="mixedcontent" default_off="failed ruleset test">
   <target host="three.ie" />
   <target host="www.three.ie" />
   <target host="threestore.three.co.uk" />
diff --git a/src/chrome/content/rules/Threema-Forum.de.xml b/src/chrome/content/rules/Threema-Forum.de.xml
new file mode 100644
index 000000000000..aaa2f6ba7ae6
--- /dev/null
+++ b/src/chrome/content/rules/Threema-Forum.de.xml
@@ -0,0 +1,9 @@
+<ruleset name="Threema-forum.de">
+    <target host="threema-forum.de" />
+    <target host="www.threema-forum.de" />
+
+    <securecookie host="^(www\.)?threema-forum\.de" name=".+" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Threema.xml b/src/chrome/content/rules/Threema.xml
index f6430afc0849..0383e34014a4 100644
--- a/src/chrome/content/rules/Threema.xml
+++ b/src/chrome/content/rules/Threema.xml
@@ -1,5 +1,11 @@
 <ruleset name="Threema">
-<target host="www.threema.ch" />
-<target host="threema.ch" />
-<rule from="^http://(www\.)?threema\.ch/" to="https://threema.ch/"/>
-</ruleset>
\ No newline at end of file
+	<target host="three.ma" />
+	<target host="www.three.ma" />
+
+	<target host="threema.id" />
+	<target host="www.threema.id" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Thrifty.be.xml b/src/chrome/content/rules/Thrifty.be.xml
new file mode 100644
index 000000000000..dd0fc32966ae
--- /dev/null
+++ b/src/chrome/content/rules/Thrifty.be.xml
@@ -0,0 +1,28 @@
+<!--
+	For other Thrifty coverage, see Thrifty.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Thrifty.be">
+
+	<target host="thrifty.be" />
+	<target host="www.thrifty.be" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://thrifty\.be/"
+		to="https://www.thrifty.be/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Thrifty.ch.xml b/src/chrome/content/rules/Thrifty.ch.xml
new file mode 100644
index 000000000000..1795fad219c7
--- /dev/null
+++ b/src/chrome/content/rules/Thrifty.ch.xml
@@ -0,0 +1,28 @@
+<!--
+	For other Thrifty coverage, see Thrifty.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Thrifty.ch">
+
+	<target host="thrifty.ch" />
+	<target host="www.thrifty.ch" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://thrifty\.ch/"
+		to="https://www.thrifty.ch/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Thrifty.co.kr.xml b/src/chrome/content/rules/Thrifty.co.kr.xml
new file mode 100644
index 000000000000..58ff0f3f399e
--- /dev/null
+++ b/src/chrome/content/rules/Thrifty.co.kr.xml
@@ -0,0 +1,28 @@
+<!--
+	For other Thrifty coverage, see Thrifty.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Thrifty.co.kr">
+
+	<target host="thrifty.co.kr" />
+	<target host="www.thrifty.co.kr" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://thrifty\.co\.kr/"
+		to="https://www.thrifty.co.kr/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Thrifty.co.nz.xml b/src/chrome/content/rules/Thrifty.co.nz.xml
new file mode 100644
index 000000000000..12a83d4a3cff
--- /dev/null
+++ b/src/chrome/content/rules/Thrifty.co.nz.xml
@@ -0,0 +1,23 @@
+<!--
+	For other Thrifty coverage, see Thrifty.com.xml
+
+
+	Non-functional subdomains:
+		- e		(http 403 error)
+		- m		(ssl connection error)
+		- mcms		(ssl connection error)
+
+-->
+<ruleset name="Thrifty.co.nz">
+
+	<target host="thrifty.co.nz" />
+	<target host="www.thrifty.co.nz" />
+	<target host="autodiscover.thrifty.co.nz" />
+	<target host="lyncdiscover.thrifty.co.nz" />
+	<target host="sip.thrifty.co.nz" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Thrifty.co.uk.xml b/src/chrome/content/rules/Thrifty.co.uk.xml
new file mode 100644
index 000000000000..2ff1bba30b67
--- /dev/null
+++ b/src/chrome/content/rules/Thrifty.co.uk.xml
@@ -0,0 +1,37 @@
+<!--
+	For other Thrifty coverage, see Thrifty.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(t)
+		- dollar	(m)
+		- (www.)prepaid	(e)
+		- savings	(redirect to unresponsive host)
+		- support	(r)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Thrifty.co.uk">
+
+	<target host="thrifty.co.uk" />
+	<target host="www.thrifty.co.uk" />
+	<target host="ffncs.thrifty.co.uk" />
+	<target host="mail.thrifty.co.uk" />
+	<target host="olb.thrifty.co.uk" />
+	<target host="refresh.thrifty.co.uk" />
+	<target host="secure.thrifty.co.uk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://thrifty\.co\.uk/"
+		to="https://www.thrifty.co.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Thrifty.co.za.xml b/src/chrome/content/rules/Thrifty.co.za.xml
new file mode 100644
index 000000000000..b294c6e9c536
--- /dev/null
+++ b/src/chrome/content/rules/Thrifty.co.za.xml
@@ -0,0 +1,34 @@
+<!--
+	For other Thrifty coverage, see Thrifty.com.xml
+
+
+	Non-functional subdomains:
+		- af	(ssl connection error)
+		- api	(ssl connection error)
+		- helpdesk	(s)
+		- m		(r)
+		- nmp	(h)
+		- www.nmp	(http 500 error)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Thrifty.co.za">
+
+	<target host="thrifty.co.za" />
+	<target host="www.thrifty.co.za" />
+	<target host="connect.thrifty.co.za" />
+	<target host="oldsite.thrifty.co.za" />
+	<target host="www.oldsite.thrifty.co.za" />
+	<target host="partner.thrifty.co.za" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Thrifty.com.au.xml b/src/chrome/content/rules/Thrifty.com.au.xml
new file mode 100644
index 000000000000..8347a9089dbe
--- /dev/null
+++ b/src/chrome/content/rules/Thrifty.com.au.xml
@@ -0,0 +1,54 @@
+<!--
+	For other Thrifty coverage, see Thrifty.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(t)
+		- autodiscover		(ssl connection error)
+		- blue	(e)
+		- corpwebmail		(ssl connection error)
+		- eradr	(e)
+		- erauat	(e)
+		- exstandby	(t)
+		- identity	(t)
+		- mcms	(e)
+		- sit	(e)
+		- sitidentity	(t)
+		- cm.sitecore.prod.svc	(m)
+		- www.uat	(i)
+		- uatidentity	(t)
+		- uatwww	(t)
+		- webmail		(ssl connection error)
+		- white02	(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Thrifty.com.au">
+
+	<target host="thrifty.com.au" />
+	<target host="www.thrifty.com.au" />
+	<target host="apps.thrifty.com.au" />
+	<target host="bluechip.thrifty.com.au" />
+	<target host="image.email.thrifty.com.au" />
+	<target host="pages.email.thrifty.com.au" />
+	<target host="era.thrifty.com.au" />
+	<target host="invoices.thrifty.com.au" />
+	<target host="lyncdiscover.thrifty.com.au" />
+	<target host="m.thrifty.com.au" />
+	<target host="sip.thrifty.com.au" />
+	<target host="cd-prod01.sitecore.prod.svc.thrifty.com.au" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://thrifty\.com\.au/"
+		to="https://www.thrifty.com.au/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Thrifty.com.br.xml b/src/chrome/content/rules/Thrifty.com.br.xml
new file mode 100644
index 000000000000..295725cf4311
--- /dev/null
+++ b/src/chrome/content/rules/Thrifty.com.br.xml
@@ -0,0 +1,13 @@
+<!--
+	For other Thrifty coverage, see Thrifty.com.xml
+-->
+<ruleset name="Thrifty.com.br">
+
+	<target host="thrifty.com.br" />
+	<target host="www.thrifty.com.br" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Thrifty.com.ph.xml b/src/chrome/content/rules/Thrifty.com.ph.xml
new file mode 100644
index 000000000000..356a03cb0617
--- /dev/null
+++ b/src/chrome/content/rules/Thrifty.com.ph.xml
@@ -0,0 +1,13 @@
+<!--
+	For other Thrifty coverage, see Thrifty.com.xml
+-->
+<ruleset name="Thrifty.com.au">
+
+	<target host="thrifty.com.ph" />
+	<target host="www.thrifty.com.ph" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Thrifty.com.xml b/src/chrome/content/rules/Thrifty.com.xml
new file mode 100644
index 000000000000..ac8640a0bdfe
--- /dev/null
+++ b/src/chrome/content/rules/Thrifty.com.xml
@@ -0,0 +1,62 @@
+<!--
+	Other related rulesets:
+		- Thrifty.be.xml
+		- Thrifty.ch.xml
+		- Thrifty.co.kr.xml
+		- Thrifty.co.nz.xml
+		- Thrifty.co.uk.xml
+		- Thrifty.co.za.xml
+		- Thrifty.com.au.xml
+		- Thrifty.com.br.xml
+		- Thrifty.com.ph.xml
+		- Thrifty.de.xml
+		- Thrifty.ie.xml
+		- Thrifty.ma.xml
+		- Thrifty.nl.xml
+		- Thrifty.no.xml
+		- ThriftyCanada.ca.xml
+		- ThriftySingapore.com.xml
+
+
+	Non-functional subdomains:
+		- dblog	(t)
+		- click.emails	(m)
+		- image.emails	(m)
+		- pub.emails	(m)
+		- htcstaging	(i)
+		- lac	(i)
+		- rms	(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Thrifty.com">
+
+	<target host="thrifty.com" />
+	<target host="www.thrifty.com" />
+	<target host="cf.thrifty.com" />
+	<target host="m.thrifty.com" />
+	<target host="mobile.thrifty.com" />
+	<target host="mstaging.thrifty.com" />
+	<target host="okea.thrifty.com" />
+	<target host="ota.thrifty.com" />
+	<target host="pblog.thrifty.com" />
+	<target host="prepay.thrifty.com" />
+	<target host="register.thrifty.com" />
+	<target host="sblog.thrifty.com" />
+	<target host="staging.thrifty.com" />
+	<target host="stagingm.thrifty.com" />
+	<target host="worldwide.thrifty.com" />
+	<target host="ww2.thrifty.com" />
+	<target host="www2.thrifty.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Thrifty.de.xml b/src/chrome/content/rules/Thrifty.de.xml
new file mode 100644
index 000000000000..795e9f32cfa5
--- /dev/null
+++ b/src/chrome/content/rules/Thrifty.de.xml
@@ -0,0 +1,29 @@
+<!--
+	For other Thrifty coverage, see Thrifty.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(m)
+		- prepaid		(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Thrifty.de">
+
+	<target host="thrifty.de" />
+	<target host="www.thrifty.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://thrifty\.de/"
+		to="https://www.thrifty.de/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Thrifty.ie.xml b/src/chrome/content/rules/Thrifty.ie.xml
new file mode 100644
index 000000000000..4d961b011baf
--- /dev/null
+++ b/src/chrome/content/rules/Thrifty.ie.xml
@@ -0,0 +1,28 @@
+<!--
+	For other Thrifty coverage, see Thrifty.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Thrifty.ie">
+
+	<target host="thrifty.ie" />
+	<target host="www.thrifty.ie" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://thrifty\.ie/"
+		to="https://www.thrifty.ie/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Thrifty.ma.xml b/src/chrome/content/rules/Thrifty.ma.xml
new file mode 100644
index 000000000000..5311d1e26d41
--- /dev/null
+++ b/src/chrome/content/rules/Thrifty.ma.xml
@@ -0,0 +1,14 @@
+<!--
+	For other Thrifty coverage, see Thrifty.com.xml
+-->
+<ruleset name="Thrifty.ma">
+
+	<target host="thrifty.ma" />
+	<target host="www.thrifty.ma" />
+	<target host="en.thrifty.ma" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Thrifty.nl.xml b/src/chrome/content/rules/Thrifty.nl.xml
new file mode 100644
index 000000000000..4cf5e08f4b61
--- /dev/null
+++ b/src/chrome/content/rules/Thrifty.nl.xml
@@ -0,0 +1,28 @@
+<!--
+	For other Thrifty coverage, see Thrifty.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Thrifty.nl">
+
+	<target host="thrifty.nl" />
+	<target host="www.thrifty.nl" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://thrifty\.nl/"
+		to="https://www.thrifty.nl/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Thrifty.no.xml b/src/chrome/content/rules/Thrifty.no.xml
new file mode 100644
index 000000000000..28026ade2f8c
--- /dev/null
+++ b/src/chrome/content/rules/Thrifty.no.xml
@@ -0,0 +1,28 @@
+<!--
+	For other Thrifty coverage, see Thrifty.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Thrifty.no">
+
+	<target host="thrifty.no" />
+	<target host="www.thrifty.no" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://thrifty\.no/"
+		to="https://www.thrifty.no/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ThriftyCanada.ca.xml b/src/chrome/content/rules/ThriftyCanada.ca.xml
new file mode 100644
index 000000000000..19ec335f3fed
--- /dev/null
+++ b/src/chrome/content/rules/ThriftyCanada.ca.xml
@@ -0,0 +1,28 @@
+<!--
+	For other Thrifty coverage, see Thrifty.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Thrifty Canada.ca">
+
+	<target host="thriftycanada.ca" />
+	<target host="www.thriftycanada.ca" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://thriftycanada\.ca/"
+		to="https://www.thriftycanada.ca/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ThriftySingapore.com.xml b/src/chrome/content/rules/ThriftySingapore.com.xml
new file mode 100644
index 000000000000..4dc86f49a7cd
--- /dev/null
+++ b/src/chrome/content/rules/ThriftySingapore.com.xml
@@ -0,0 +1,28 @@
+<!--
+	For other Thrifty coverage, see Thrifty.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Thrifty Singapore.com">
+
+	<target host="thriftysingapore.com" />
+	<target host="www.thriftysingapore.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://thriftysingapore\.com/"
+		to="https://www.thriftysingapore.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Thuisbezorgd.nl.xml b/src/chrome/content/rules/Thuisbezorgd.nl.xml
new file mode 100644
index 000000000000..d6ce5ff1dec5
--- /dev/null
+++ b/src/chrome/content/rules/Thuisbezorgd.nl.xml
@@ -0,0 +1,16 @@
+<!--
+	For other Takeaway.com coverage, see Takeaway.com.xml.
+
+-->
+<ruleset name="Thuisbezorgd.nl">
+
+	<target host="thuisbezorgd.nl" />
+	<target host="www.thuisbezorgd.nl" />
+
+
+	<securecookie host="^(?:w*\.)?thuisbezorgd\.nl$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Thumbshots.xml b/src/chrome/content/rules/Thumbshots.xml
index b33a41879e07..83fa73b2a1c7 100644
--- a/src/chrome/content/rules/Thumbshots.xml
+++ b/src/chrome/content/rules/Thumbshots.xml
@@ -1,20 +1,43 @@
+<!--
+	thumbshots.net mismatched and 503 over http
+
+	thumbshots.org mismatched and redirects to thumbshots.com
+
+	thumbshots.com redirects to http on some pages
+
+	Invalid certificate:
+		www.ranking.thumbshots.com
+		open.thumbshots.org
+
+-->
 <ruleset name="Thumbshots (partial)">
 
-	<target host="thumbshots.*"/>
-	<target host="*.thumbshots.com"/>
-	<target host="*.thumbshots.net"/>
-	<target host="*.thumbshots.org"/>
+	<target host="thumbshots.com" />
+	<target host="www.thumbshots.com" />
+		<!-- Exclude implicit test url from tests -->
+		<exclusion pattern="^http://(www\.)?thumbshots.com/$" />
+	<target host="images.thumbshots.com" />
+		<test url="http://images.thumbshots.com/image.aspx?cid=yyy&#x26;url=xxx" />
+	<target host="learn.thumbshots.com" />
+	<target host="open.thumbshots.com" />
+		<test url="http://open.thumbshots.com/attribution.png" />
+	<target host="ranking.thumbshots.com" />
+	<target host="simple.thumbshots.com" />
 
-	<rule from="^http://thumbshots\.com/"
-		to="https://thumbshots.com/"/>
+	<target host="thumbshots.org" />
+	<target host="www.thumbshots.org" />
+		<!-- Exclude implicit test url from tests -->
+		<exclusion pattern="^http://(www\.)?thumbshots.org/$" />
 
-	<rule from="^http://(www\.)?thumbshots\.(?:com|net)/(admin/|DesktopModules/|images/|[pP]ortals/|register\.aspx|SecureLogin|Telerik\.Web\.UI\.WebResource\.axd)"
-		to="https://$1thumbshots.com/$2"/>
+	<rule from="^http://(www\.)?thumbshots\.(com|org)/(DesktopModules/|[pP]ortals/)"
+		to="https://$1thumbshots.com/$3"/>
 
-	<rule from="^http://(www\.)?thumbshots\.org/"
-		to="https://$1thumbshots.com/"/>
+		<test url="http://www.thumbshots.com/portals/0/Images/IncreaseTraffic.png" />
+		<test url="http://www.thumbshots.com/portals/0/Images/BBCLogo.png" />
+		<test url="http://www.thumbshots.com/Portals/0/favicon.ico" />
+		<test url="http://www.thumbshots.com/DesktopModules/Blog/Trackback.aspx" />
 
-	<rule from="^http://open\.thumbshots\.(?:com|org)/"
-		to="https://open.thumbshots.com/"/>
+	<rule from="^http://(images|learn|open|ranking|simple)\.thumbshots\.com/"
+		to="https://$1.thumbshots.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Thumbtack.com.xml b/src/chrome/content/rules/Thumbtack.com.xml
new file mode 100644
index 000000000000..3e162a5c6b13
--- /dev/null
+++ b/src/chrome/content/rules/Thumbtack.com.xml
@@ -0,0 +1,55 @@
+<!--
+	Non-functional subdomains:
+		- blog	(connection refused)
+		- o1.email	(timeout)
+		- fm	(timeout)
+		- fujimoto 	(timeout)
+		- pestcontrol	(timeout)
+		- spotlight	(connection refused)
+		- (www.)style		(mismatch hostname, CN: *.squarespace.com)
+		- survey	(mismatch hostname, CN: focusvision.com)
+		- tophat	(not found)
+		- ww		(mismatch hostname, CN: www.thumbtack.com)
+
+-->
+<ruleset name="Thumbtack.com">
+	<target host="thumbtack.com" />
+	<target host="www.thumbtack.com" />
+	<target host="certapro.thumbtack.com" />
+	<target host="it.corp.thumbtack.com" />
+	<target host="tsl.corp.thumbtack.com" />
+	<target host="link.customer.thumbtack.com" />
+	<target host="d.thumbtack.com" />
+	<target host="data.thumbtack.com" />
+	<target host="denver.thumbtack.com" />
+	<target host="df.thumbtack.com" />
+	<target host="elkgrove.thumbtack.com" />
+	<target host="email.thumbtack.com" />
+	<target host="fci.thumbtack.com" />
+	<target host="fsp.thumbtack.com" />
+	<target host="ghs.thumbtack.com" />
+	<target host="go.thumbtack.com" />
+	<target host="guidelines.thumbtack.com" />
+	<target host="handymanconnection.thumbtack.com" />
+	<target host="help.thumbtack.com" />
+	<target host="hercule.thumbtack.com" />
+	<target host="oxifresh.thumbtack.com" />
+	<target host="pronexis.thumbtack.com" />
+	<target host="quotingservice.thumbtack.com" />
+	<target host="static.thumbtack.com" />
+	<target host="static1.thumbtack.com" />
+	<target host="static2.thumbtack.com" />
+	<target host="static3.thumbtack.com" />
+	<target host="static4.thumbtack.com" />
+	<target host="static5.thumbtack.com" />
+	<target host="static6.thumbtack.com" />
+	<target host="static7.thumbtack.com" />
+	<target host="static8.thumbtack.com" />
+	<target host="support.thumbtack.com" />
+	<target host="thumbprint.thumbtack.com" />
+
+  	<securecookie host="^www\.thumbtack\.com$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Thumbzilla.com.xml b/src/chrome/content/rules/Thumbzilla.com.xml
new file mode 100644
index 000000000000..56a20a5a12f0
--- /dev/null
+++ b/src/chrome/content/rules/Thumbzilla.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Thumbzilla.com">
+  <target host="thumbzilla.com" />
+  <target host="www.thumbzilla.com" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ThunderRanch.xml b/src/chrome/content/rules/ThunderRanch.xml
index c94f02651e7b..64d75f1eefc8 100644
--- a/src/chrome/content/rules/ThunderRanch.xml
+++ b/src/chrome/content/rules/ThunderRanch.xml
@@ -1,6 +1,6 @@
-<ruleset name="Thunder Ranch">
+<ruleset name="Thunder Ranch Inc.com" default_off="expired">
   <target host="thunderranchinc.com" />
   <target host="www.thunderranchinc.com" />
 
-  <rule from="^http://(?:www\.)?thunderranchinc\.com/" to="https://www.thunderranchinc.com/"/>
+  <rule from="^http:" to="https:"/>
 </ruleset>
diff --git a/src/chrome/content/rules/Thunderbird-Mail.DE.xml b/src/chrome/content/rules/Thunderbird-Mail.DE.xml
new file mode 100644
index 000000000000..4017c611fc4d
--- /dev/null
+++ b/src/chrome/content/rules/Thunderbird-Mail.DE.xml
@@ -0,0 +1,23 @@
+<!--
+	^thunderbird-mail.de: Mismatched
+
+-->
+<ruleset name="Thunderbird-Mail.DE">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.thunderbird-mail.de" />
+
+	<!--	Complications:
+				-->
+	<target host="thunderbird-mail.de" />
+
+
+	<rule from="^http://thunderbird-mail\.de/"
+		to="https://www.thunderbird-mail.de/" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Thunderbird.net.xml b/src/chrome/content/rules/Thunderbird.net.xml
new file mode 100644
index 000000000000..558516910d85
--- /dev/null
+++ b/src/chrome/content/rules/Thunderbird.net.xml
@@ -0,0 +1,29 @@
+<ruleset name="Thunderbird.net" >
+
+	<target host="thunderbird.net" />
+	<target host="www.thunderbird.net" />
+
+	<target host="addons.thunderbird.net" />
+	<target host="autoconfig-stage.thunderbird.net" />
+	<target host="autoconfig.thunderbird.net" />
+	<target host="broker-stage.thunderbird.net" />
+	<target host="broker.thunderbird.net" />
+	<target host="lists.thunderbird.net" />
+	<target host="live-stage.thunderbird.net" />
+	<target host="live.thunderbird.net" />
+	<target host="mail.thunderbird.net" />
+	<target host="mx-stage.thunderbird.net" />
+	<target host="mx.thunderbird.net" />
+	<target host="stage.thunderbird.net" />
+	<target host="start-stage.thunderbird.net" />
+	<target host="start.thunderbird.net" />
+	<target host="support-stage.thunderbird.net" />
+	<target host="support.thunderbird.net" />
+	<target host="www-stage.thunderbird.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+	        to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Thunderclap.it.xml b/src/chrome/content/rules/Thunderclap.it.xml
deleted file mode 100644
index 4a868329b8e3..000000000000
--- a/src/chrome/content/rules/Thunderclap.it.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	CDN buckets:
-
-		- s3.amazonaws.com/thunderclap-production/
-		- d3enntrj2q0c71.cloudfront.net
-
-
-	Problematic subdomains:
-
-		- ^	(mismatched, CN: *.heroku.com)
-
--->
-<ruleset name="Thunderclap.it">
-
-	<target host="thunderclap.it" />
-	<target host="www.thunderclap.it" />
-
-
-	<securecookie host="^www\.thunderclap\.it$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?thunderclap\.it/"
-		to="https://www.thunderclap.it/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Thunderkick.xml b/src/chrome/content/rules/Thunderkick.xml
index d1a76e441346..581d0d2da23a 100644
--- a/src/chrome/content/rules/Thunderkick.xml
+++ b/src/chrome/content/rules/Thunderkick.xml
@@ -1,10 +1,18 @@
-<ruleset name="Thunderkick">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://thunderkick.com/ => https://thunderkick.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://thunderkick.com/ => https://thunderkick.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+-->
+<ruleset name="Thunderkick" default_off="failed ruleset test">
 
 	<target host="thunderkick.com" />
-	<target host="*.thunderkick.com" />
+	<target host="content.thunderkick.com" />
+	<target host="www.thunderkick.com" />
 
 
-	<rule from="^http://(content\.|www\.)?thunderkick\.com/"
-		to="https://$1thunderkick.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Thurrott.com.xml b/src/chrome/content/rules/Thurrott.com.xml
new file mode 100644
index 000000000000..17470571e710
--- /dev/null
+++ b/src/chrome/content/rules/Thurrott.com.xml
@@ -0,0 +1,23 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .thurrott.com
+
+-->
+<ruleset name="Thurrott.com">
+
+	<target host="thurrott.com" />
+	<target host="www.thurrott.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.thurrott\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.thurrott\.com$" name="^__cfduid$" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Thuvien.lgbt.xml b/src/chrome/content/rules/Thuvien.lgbt.xml
new file mode 100644
index 000000000000..badac978a37a
--- /dev/null
+++ b/src/chrome/content/rules/Thuvien.lgbt.xml
@@ -0,0 +1,8 @@
+<ruleset name="Thuvien.lgbt">
+	<target host="thuvien.lgbt" />
+	<target host="www.thuvien.lgbt" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ti.to.xml b/src/chrome/content/rules/Ti.to.xml
new file mode 100644
index 000000000000..e0c81a58a42f
--- /dev/null
+++ b/src/chrome/content/rules/Ti.to.xml
@@ -0,0 +1,34 @@
+<!--
+	CDN buckets:
+
+		- titoproduction.global.ssl.fastly.net
+
+
+	Problematic domains:
+
+		- www.ti.to *
+		- www.tito.io *
+
+	* Refused
+
+-->
+<ruleset name="Ti.to">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ti.to" />
+	<target host="tito.io" />
+
+	<!--	Complications:
+				-->
+	<target host="www.ti.to" />
+	<target host="www.tito.io" />
+
+
+	<rule from="^http://www\.ti(\.to|to\.io)/"
+		to="https://ti$1/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TiMos.me.xml b/src/chrome/content/rules/TiMos.me.xml
new file mode 100644
index 000000000000..bde694e91053
--- /dev/null
+++ b/src/chrome/content/rules/TiMos.me.xml
@@ -0,0 +1,19 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://timos.me/ => https://timos.me/: (28, 'Connection timed out after 20000 milliseconds')
+
+	www.timos.me doesn't exist.
+
+-->
+<ruleset name="TiMos.me" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="timos.me" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Tibet_Action.net.xml b/src/chrome/content/rules/Tibet_Action.net.xml
new file mode 100644
index 000000000000..dced7c0a201f
--- /dev/null
+++ b/src/chrome/content/rules/Tibet_Action.net.xml
@@ -0,0 +1,42 @@
+<!--
+	NB: Tor users cannot view* this website due to CloudFlare settings.
+
+	See:
+
+		- https://blog.torproject.org/blog/call-arms-helping-internet-services-accept-anonymous-users
+		- https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block-Tor-
+		- https://support.cloudflare.com/hc/en-us/articles/200170206-How-do-I-turn-I-m-Under-Attack-mode-on-
+
+	* without enabling javascript, for security and privacy implications see e.g.:
+
+		- https://www.mozilla.org/security/known-vulnerabilities/firefox.html
+		- https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-fingerprinting
+		- https://panopticlick.eff.org
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .tibetaction.net
+		- www.tibetaction.net
+
+-->
+<ruleset name="Tibet Action.net">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="tibetaction.net" />
+	<target host="www.tibetaction.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.tibetaction\.net$" name="^(__cfduid|cf_clearance)$" /-->
+	<!--securecookie host="^www\.tibetaction\.net$" name="^_icl_current_language$" /-->
+
+	<securecookie host="^(?:www)?\.tibetaction\.net$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ticaretsicil.gov.tr.xml b/src/chrome/content/rules/Ticaretsicil.gov.tr.xml
new file mode 100644
index 000000000000..26e5f0f76b6f
--- /dev/null
+++ b/src/chrome/content/rules/Ticaretsicil.gov.tr.xml
@@ -0,0 +1,7 @@
+<ruleset name="Turkish Trade Registry Gazette">
+	<target host="ticaretsicil.gov.tr" />
+	<target host="www.ticaretsicil.gov.tr" />
+
+	<securecookie host=".+" name="^PHPSESSID$" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Tickengo.xml b/src/chrome/content/rules/Tickengo.xml
deleted file mode 100644
index 172668bd27ff..000000000000
--- a/src/chrome/content/rules/Tickengo.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<ruleset name="Tickengo">
-
-	<target host="tickengo.*" />
-	<target host="www.tickengo.*" />
-	<target host="fr.tickengo.ca" />
-
-
-	<securecookie host="^tickengo\.(?:com|fr)$" name=".+" />
-
-
-	<!--	Cert doesn't match !www.
-						-->
-	<rule from="^https?://(?:www\.)?tickengo\.(ca|com|fr)/"
-		to="https://tickengo.$1/" />
-
-	<rule from="^http://fr\.tickengo\.ca/"
-		to="https://fr.tickengo.ca/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/TickerTech.com.xml b/src/chrome/content/rules/TickerTech.com.xml
index 587009b6b298..54009d92b129 100644
--- a/src/chrome/content/rules/TickerTech.com.xml
+++ b/src/chrome/content/rules/TickerTech.com.xml
@@ -7,10 +7,11 @@
 <ruleset name="TickerTech.com">
 
 	<target host="tickertech.com" />
-	<target host="*.tickertech.com" />
+	<target host="secure.tickertech.com" />
+	<target host="www.tickertech.com" />
 
 
 	<rule from="^http://(?:secure\.|www\.)?tickertech\.com/"
 		to="https://secure.tickertech.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/TicketOne.xml b/src/chrome/content/rules/TicketOne.xml
index c0b307aa5060..fba7d174cf83 100644
--- a/src/chrome/content/rules/TicketOne.xml
+++ b/src/chrome/content/rules/TicketOne.xml
@@ -1,20 +1,24 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://ticketone.it/ (200) => https://www.ticketone.it/ (403)
+
 	^ticketone.it doesn't work.
 
 -->
-<ruleset name="TicketOne">
+<ruleset name="TicketOne" default_off="failed ruleset test">
 
 	<target host="ticketone.it" />
-	<target host="*.ticketone.it" />
+	<target host="www.ticketone.it" />
+	<target host="secure.ticketone.it" />
 
 
 	<securecookie host="^.+\.ticketone\.it$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?ticketone\.it/"
+	<rule from="^http://(?:www\.)?ticketone\.it/"
 		to="https://www.ticketone.it/" />
 
-	<rule from="^http://secure\.ticketone\.it/"
-		to="https://secure.ticketone.it/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ticket_Driver.xml b/src/chrome/content/rules/Ticket_Driver.xml
deleted file mode 100644
index 4ed825b7d297..000000000000
--- a/src/chrome/content/rules/Ticket_Driver.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Ticket Driver">
-
-	<target host="ticketdriver.com" />
-	<target host="*.ticketdriver.com" />
-
-
-	<securecookie host="^(?:w*\.)?ticketdriver\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?ticketdriver\.com/"
-		to="https://$1ticketdriver.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Ticket_Factory.xml b/src/chrome/content/rules/Ticket_Factory.xml
index 2d464085491d..8073dee2b93c 100644
--- a/src/chrome/content/rules/Ticket_Factory.xml
+++ b/src/chrome/content/rules/Ticket_Factory.xml
@@ -11,10 +11,13 @@
 	<target host="www.theticketfactory.com" />
 
 
-	<securecookie host="^www\.theticketfactory\.com$" name=".+" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?theticketfactory\.com$" name="^ASPSESSIONID$" /-->
 
+	<securecookie host="^(?:www\.)?theticketfactory\.com$" name=".+" />
 
-	<rule from="^http://(www\.)?theticketfactory\.com/"
-		to="https://$1theticketfactory.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ticket_Online.xml b/src/chrome/content/rules/Ticket_Online.xml
index c41b82c7839c..7dd583f248ee 100644
--- a/src/chrome/content/rules/Ticket_Online.xml
+++ b/src/chrome/content/rules/Ticket_Online.xml
@@ -1,22 +1,26 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://ticketonline.de/ (200) => https://www.ticketonline.de/ (403)
+
 	Problematic domains:
 
 		- ticketonline.de	(times out)
 
 -->
-<ruleset name="Ticket Online">
+<ruleset name="Ticket Online" default_off="failed ruleset test">
 
 	<target host="ticketonline.de" />
-	<target host="*.ticketonline.de" />
+	<target host="www.ticketonline.de" />
+	<target host="secure.ticketonline.de" />
 
 
 	<securecookie host="^.*\.ticketonline\.de$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?ticketonline\.de/"
+	<rule from="^http://(?:www\.)?ticketonline\.de/"
 		to="https://www.ticketonline.de/" />
 
-	<rule from="^http://secure\.ticketonline\.de/"
-		to="https://secure.ticketonline.de/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ticketcorner.ch.xml b/src/chrome/content/rules/Ticketcorner.ch.xml
new file mode 100644
index 000000000000..ce1d5487258c
--- /dev/null
+++ b/src/chrome/content/rules/Ticketcorner.ch.xml
@@ -0,0 +1,28 @@
+<!--
+	For other Eventim coverage, see Eventim.com.xml.
+
+
+	Problematic subdomains:
+
+		- ^ (mismatch)
+		- analytics (expired)
+		- app (mismatch)
+		- sport (expired)
+-->
+<ruleset name="Ticketcorner.ch">
+
+	<target host="ticketcorner.ch" />
+	<target host="www.ticketcorner.ch" />
+	<target host="blog.ticketcorner.ch" />
+	<target host="secure.ticketcorner.ch" />
+	<target host="ski.ticketcorner.ch" />
+	<target host="staging.ticketcorner.ch" />
+
+
+	<rule from="^http://ticketcorner\.ch/"
+		to="https://www.ticketcorner.ch/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ticketcorner.xml b/src/chrome/content/rules/Ticketcorner.xml
deleted file mode 100644
index 1f9519b192dd..000000000000
--- a/src/chrome/content/rules/Ticketcorner.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	For other Eventim coverage, see Eventim.xml.
-
-
-	Problematic subdomains:
-
-		- ^
-
--->
-<ruleset name="Ticketcorner">
-
-	<target host="ticketcorner.ch" />
-	<target host="*.ticketcorner.ch" />
-
-
-	<rule from="^https?://(?:www\.)?ticketcorner\.ch/"
-		to="https://www.ticketcorner.ch/" />
-
-	<rule from="^http://secure\.ticketcorner\.ch/"
-		to="https://secure.ticketcorner.ch/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Ticketea.com.xml b/src/chrome/content/rules/Ticketea.com.xml
new file mode 100644
index 000000000000..e13eb0880793
--- /dev/null
+++ b/src/chrome/content/rules/Ticketea.com.xml
@@ -0,0 +1,34 @@
+<!--
+	Nonfunctional hosts:
+
+		- ayuda *
+		- features *
+		- help *
+
+	* Dropped
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.ticketea.com
+
+-->
+<ruleset name="Ticketea.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ticketea.com" />
+	<target host="www.ticketea.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.ticketea\.com$" name="^csrftoken$" /-->
+
+	<securecookie host="^www\.ticketea\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TicketingNetworkEastMidlands.xml b/src/chrome/content/rules/TicketingNetworkEastMidlands.xml
index cfffb2ca5cf5..31f32c69c88f 100644
--- a/src/chrome/content/rules/TicketingNetworkEastMidlands.xml
+++ b/src/chrome/content/rules/TicketingNetworkEastMidlands.xml
@@ -1,11 +1,20 @@
-<ruleset name="TicketingNetworkEastMidlands">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ticketingnetworkeastmidlands.co.uk/ => https://ticketingnetworkeastmidlands.co.uk/: (28, 'Connection timed out after 20007 milliseconds')
+Fetch error: http://www.ticketingnetworkeastmidlands.co.uk/ => https://www.ticketingnetworkeastmidlands.co.uk/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://ticketing.trch.co.uk/ => https://ticketing.trch.co.uk/: (7, 'Failed to connect to ticketing.trch.co.uk port 443: Connection refused')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://ticketingnetworkeastmidlands.co.uk/ => https://ticketingnetworkeastmidlands.co.uk/: (28, 'Connection timed out after 10001 milliseconds')
+Fetch error: http://www.ticketingnetworkeastmidlands.co.uk/ => https://www.ticketingnetworkeastmidlands.co.uk/: (28, 'Connection timed out after 10001 milliseconds')
+-->
+<ruleset name="TicketingNetworkEastMidlands" default_off="failed ruleset test">
   <target host="ticketingnetworkeastmidlands.co.uk" />
   <target host="www.ticketingnetworkeastmidlands.co.uk" />
   <target host="ticketing.trch.co.uk" />
 
-  <securecookie host="^(.+\.)?(ticketingnetworkeastmidlands|ticketing\.trch)\.co\.uk$" name=".*"/>
+  <securecookie host=".+" name=".+" />
 
-  <rule from="^http://ticketingnetworkeastmidlands\.co\.uk/" to="https://ticketingnetworkeastmidlands.co.uk/"/>
-  <rule from="^http://www\.ticketingnetworkeastmidlands\.co\.uk/" to="https://www.ticketingnetworkeastmidlands.co.uk/"/>
-  <rule from="^http://ticketing\.trch\.co\.uk/" to="https://ticketing.trch.co.uk/"/>
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Ticketmaster.ae.xml b/src/chrome/content/rules/Ticketmaster.ae.xml
new file mode 100644
index 000000000000..93c2a3f38dda
--- /dev/null
+++ b/src/chrome/content/rules/Ticketmaster.ae.xml
@@ -0,0 +1,6 @@
+<ruleset name="Ticketmaster.ae (partial)">
+	<target host="ticketmaster.ae" />
+	<target host="www.ticketmaster.ae" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ticketmaster.at.xml b/src/chrome/content/rules/Ticketmaster.at.xml
new file mode 100644
index 000000000000..506ced89e6e1
--- /dev/null
+++ b/src/chrome/content/rules/Ticketmaster.at.xml
@@ -0,0 +1,6 @@
+<ruleset name="Ticketmaster.at (partial)">
+	<target host="ticketmaster.at" />
+	<target host="www.ticketmaster.at" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ticketmaster.be.xml b/src/chrome/content/rules/Ticketmaster.be.xml
new file mode 100644
index 000000000000..37be670df049
--- /dev/null
+++ b/src/chrome/content/rules/Ticketmaster.be.xml
@@ -0,0 +1,6 @@
+<ruleset name="Ticketmaster.be (partial)">
+	<target host="ticketmaster.be" />
+	<target host="www.ticketmaster.be" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ticketmaster.ch.xml b/src/chrome/content/rules/Ticketmaster.ch.xml
new file mode 100644
index 000000000000..c48059653738
--- /dev/null
+++ b/src/chrome/content/rules/Ticketmaster.ch.xml
@@ -0,0 +1,6 @@
+<ruleset name="Ticketmaster.ch (partial)">
+	<target host="ticketmaster.ch" />
+	<target host="www.ticketmaster.ch" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ticketmaster.co.nz.xml b/src/chrome/content/rules/Ticketmaster.co.nz.xml
new file mode 100644
index 000000000000..769f3f110a60
--- /dev/null
+++ b/src/chrome/content/rules/Ticketmaster.co.nz.xml
@@ -0,0 +1,6 @@
+<ruleset name="Ticketmaster.co.nz (partial)">
+	<target host="ticketmaster.co.nz" />
+	<target host="www.ticketmaster.co.nz" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ticketmaster.co.uk.xml b/src/chrome/content/rules/Ticketmaster.co.uk.xml
new file mode 100644
index 000000000000..11897fb2cb07
--- /dev/null
+++ b/src/chrome/content/rules/Ticketmaster.co.uk.xml
@@ -0,0 +1,7 @@
+<ruleset name="Ticketmaster.co.uk (partial)">
+	<target host="ticketmaster.co.uk" />
+	<target host="www.ticketmaster.co.uk" />
+	<target host="media.ticketmaster.co.uk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ticketmaster.com.au.xml b/src/chrome/content/rules/Ticketmaster.com.au.xml
new file mode 100644
index 000000000000..4785441336c5
--- /dev/null
+++ b/src/chrome/content/rules/Ticketmaster.com.au.xml
@@ -0,0 +1,6 @@
+<ruleset name="Ticketmaster.com.au (partial)">
+	<target host="ticketmaster.com.au" />
+	<target host="www.ticketmaster.com.au" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ticketmaster.com.mx.xml b/src/chrome/content/rules/Ticketmaster.com.mx.xml
new file mode 100644
index 000000000000..b661094f6f14
--- /dev/null
+++ b/src/chrome/content/rules/Ticketmaster.com.mx.xml
@@ -0,0 +1,6 @@
+<ruleset name="Ticketmaster.com.mx (partial)">
+	<target host="ticketmaster.com.mx" />
+	<target host="www.ticketmaster.com.mx" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ticketmaster.cz.xml b/src/chrome/content/rules/Ticketmaster.cz.xml
new file mode 100644
index 000000000000..08cc23f9f393
--- /dev/null
+++ b/src/chrome/content/rules/Ticketmaster.cz.xml
@@ -0,0 +1,6 @@
+<ruleset name="Ticketmaster.cz (partial)">
+	<target host="ticketmaster.cz" />
+	<target host="www.ticketmaster.cz" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ticketmaster.de.xml b/src/chrome/content/rules/Ticketmaster.de.xml
new file mode 100644
index 000000000000..8c81674a7b84
--- /dev/null
+++ b/src/chrome/content/rules/Ticketmaster.de.xml
@@ -0,0 +1,6 @@
+<ruleset name="Ticketmaster.de (partial)">
+	<target host="ticketmaster.de" />
+	<target host="www.ticketmaster.de" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ticketmaster.dk.xml b/src/chrome/content/rules/Ticketmaster.dk.xml
new file mode 100644
index 000000000000..583e67f45d7e
--- /dev/null
+++ b/src/chrome/content/rules/Ticketmaster.dk.xml
@@ -0,0 +1,6 @@
+<ruleset name="Ticketmaster.dk (partial)">
+	<target host="ticketmaster.dk" />
+	<target host="www.ticketmaster.dk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ticketmaster.es.xml b/src/chrome/content/rules/Ticketmaster.es.xml
new file mode 100644
index 000000000000..e5a79d639ecd
--- /dev/null
+++ b/src/chrome/content/rules/Ticketmaster.es.xml
@@ -0,0 +1,6 @@
+<ruleset name="Ticketmaster.es (partial)">
+	<target host="ticketmaster.es" />
+	<target host="www.ticketmaster.es" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ticketmaster.eu.xml b/src/chrome/content/rules/Ticketmaster.eu.xml
new file mode 100644
index 000000000000..99fadcc72eac
--- /dev/null
+++ b/src/chrome/content/rules/Ticketmaster.eu.xml
@@ -0,0 +1,11 @@
+<!--
+	Non-functional hosts:
+		Timeout:
+		- ticketmaster.eu
+-->
+<ruleset name="Ticketmaster.eu (partial)">
+	<target host="www.ticketmaster.eu" />
+	<target host="media.ticketmaster.eu" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ticketmaster.fi.xml b/src/chrome/content/rules/Ticketmaster.fi.xml
new file mode 100644
index 000000000000..1121e05773d5
--- /dev/null
+++ b/src/chrome/content/rules/Ticketmaster.fi.xml
@@ -0,0 +1,6 @@
+<ruleset name="Ticketmaster.fi (partial)">
+	<target host="ticketmaster.fi" />
+	<target host="www.ticketmaster.fi" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ticketmaster.fr.xml b/src/chrome/content/rules/Ticketmaster.fr.xml
new file mode 100644
index 000000000000..cc0ded4254d9
--- /dev/null
+++ b/src/chrome/content/rules/Ticketmaster.fr.xml
@@ -0,0 +1,6 @@
+<ruleset name="Ticketmaster.fr (partial)">
+	<target host="ticketmaster.fr" />
+	<target host="www.ticketmaster.fr" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ticketmaster.gr.xml b/src/chrome/content/rules/Ticketmaster.gr.xml
new file mode 100644
index 000000000000..a0a0d30c1ded
--- /dev/null
+++ b/src/chrome/content/rules/Ticketmaster.gr.xml
@@ -0,0 +1,6 @@
+<ruleset name="Ticketmaster.gr (partial)">
+	<target host="ticketmaster.gr" />
+	<target host="www.ticketmaster.gr" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ticketmaster.ie.xml b/src/chrome/content/rules/Ticketmaster.ie.xml
new file mode 100644
index 000000000000..c9cbcd41422f
--- /dev/null
+++ b/src/chrome/content/rules/Ticketmaster.ie.xml
@@ -0,0 +1,6 @@
+<ruleset name="Ticketmaster.ie (partial)">
+	<target host="ticketmaster.ie" />
+	<target host="www.ticketmaster.ie" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ticketmaster.it.xml b/src/chrome/content/rules/Ticketmaster.it.xml
new file mode 100644
index 000000000000..94815a2b327f
--- /dev/null
+++ b/src/chrome/content/rules/Ticketmaster.it.xml
@@ -0,0 +1,6 @@
+<ruleset name="Ticketmaster.it (partial)">
+	<target host="ticketmaster.it" />
+	<target host="www.ticketmaster.it" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ticketmaster.nl.xml b/src/chrome/content/rules/Ticketmaster.nl.xml
new file mode 100644
index 000000000000..4c4d9bdde637
--- /dev/null
+++ b/src/chrome/content/rules/Ticketmaster.nl.xml
@@ -0,0 +1,6 @@
+<ruleset name="Ticketmaster.nl (partial)">
+	<target host="ticketmaster.nl" />
+	<target host="www.ticketmaster.nl" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ticketmaster.no.xml b/src/chrome/content/rules/Ticketmaster.no.xml
new file mode 100644
index 000000000000..02b692ce57bb
--- /dev/null
+++ b/src/chrome/content/rules/Ticketmaster.no.xml
@@ -0,0 +1,6 @@
+<ruleset name="Ticketmaster.no (partial)">
+	<target host="ticketmaster.no" />
+	<target host="www.ticketmaster.no" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ticketmaster.pl.xml b/src/chrome/content/rules/Ticketmaster.pl.xml
new file mode 100644
index 000000000000..1b1dc3f7eb78
--- /dev/null
+++ b/src/chrome/content/rules/Ticketmaster.pl.xml
@@ -0,0 +1,6 @@
+<ruleset name="Ticketmaster.pl (partial)">
+	<target host="ticketmaster.pl" />
+	<target host="www.ticketmaster.pl" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ticketmaster.se.xml b/src/chrome/content/rules/Ticketmaster.se.xml
new file mode 100644
index 000000000000..1e17b5975a7c
--- /dev/null
+++ b/src/chrome/content/rules/Ticketmaster.se.xml
@@ -0,0 +1,6 @@
+<ruleset name="Ticketmaster.se (partial)">
+	<target host="ticketmaster.se" />
+	<target host="www.ticketmaster.se" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ticketmaster.xml b/src/chrome/content/rules/Ticketmaster.xml
index 4c30d751afad..137ce45d44ab 100644
--- a/src/chrome/content/rules/Ticketmaster.xml
+++ b/src/chrome/content/rules/Ticketmaster.xml
@@ -1,205 +1,43 @@
 <!--
-	For other Live Nation coverage, see Live-Nation.xml
-
-
-	CDN buckets:
-
-		- ads.ticketmaster1st.akadns.net
-
-			 - ads.tmcs.ticketmaster.com
-			 - ads.as4x.tmcs.ticketmaster.com
-
-		- a248.e.akamai.net/6/248/85580/MNXWEB10.3.8-13442812851/www.ticketmaster.de/
-		- a248.e.akamai.net/6/248/85580/MNXWEB10.3.8-13442812851/media.ticketmaster.com/
-		- a248.e.akamai.net/6/248/85580/MNXWEB10.3.8-13442812851/media.ticketmaster.eu/
-		- a248.e.akamai.net/6/248/85580/MNXWEB11.1.7-13576805241/media.ticketmaster.eu/
-		- a248.e.akamai.net/6/248/85580/MNXWEB11.1.7-13576805241/www.ticketmaster.de/
-		- a248.e.akamai.net/7/248/11802/MNXWEB10.3.8-13528827611/media.ticketmaster.eu/
-		- a248.e.akamai.net/7/248/11802/MNXWEB10.3.8-13528827611/www.ticketmaster.nl/
-		- a248.e.akamai.net/7/248/11802/MNXWEB9-2-41/www.ticketmaster.nl/
-		- a248.e.akamai.net/7/248/11803/MNXWEB10.3.9-13511844753/www.billettservice.no/
-		- a248.e.akamai.net/7/248/11803/MNXWEB10.3.9-13511844753/media.ticketmaster.eu/
-		- a248.e.akamai.net/7/248/17391/MNXWEB9-2-2/www.lippupalvelu.fi/
-		- a248.e.akamai.net/7/248/17391/MNXWEB10.3.8-1352882761/www.lippupalvelu.fi/
-		- a248.e.akamai.net/7/248/17391/MNXWEB10.3.8-1352882761/media.ticketmaster.eu/
-		- a248.e.akamai.net/7/248/22942/MNXWEB9-2-3e/www.billetnet.dk/
-		- a248.e.akamai.net/7/248/22942/MNXWEB11.1.7-13576805241/www.billetnet.dk/
-		- a248.e.akamai.net/7/248/22942/MNXWEB11.1.7-13576805241/media.ticketmaster.eu/
-		- a248.e.akamai.net/f/19/17391/1d/www.lippupalvelu.fi/
-		- a248.e.akamai.net/f/248/905/10m/origin.media.ticketmaster.com/
-		- a248.e.akamai.net/f/248/905/10m/origin.media.ticketmaster.co.uk/
-		- a248.e.akamai.net/f/248/905/10m/reviews.ticketmaster.co.uk/
-		- a248.e.akamai.net/f/248/11802/1d/www.ticketmaster.nl/
-		- a248.e.akamai.net/f/248/22942/1d/www.billetnet.dk/
-
-		- ticketmaster.ugc.bazaarvoice.com
-
-			- reviews.ticketmaster.co.uk
-
-		- ticketmaster.com.d2.sc.omtrdc.net
-
-			- metrics.ticketmaster.com
-
-
-	Problematic domains:
-
-		- (www.)billetnet.es			(redirects to billetnet.fr)
-		- (www.)billetnet.fr			(shows default Parallels Panel page)
-		- eticketing.co.uk ***
-		- ticketmaster.com			(only matches www)
-		- media.ticketmaster.com *
-		- media.ticketmaster.co.uk *
-		- metrics.ticketmaster.com		(mismatched, CN: *.d2.sc.omtrdc.net)
-		- reviews.ticketmaster.co.uk *
-		- ads.tmcs.ticketmaster.com **
-		- ads.as4x.tmcs.ticketmaster.com **
-		- ticketmaster.co.uk			(cert only matches media)
-		- ticketmaster.es ***
-		- i.ticketweb.com **
-		- (www.)tmdeals.co.uk
-
-	* Akamai
-	** CN: de.ticketmaster.com, works.
-	*** Cert only matches www
-
-
-	Partially covered domains:
-
-		- (www.)billetnet.dk *
-		- (www.)billettservice.no *
-		- lippupalvelu.fi *
-		- (www.)ticketmaster.com *
-		- ticketsnow.ticketmaster.com *
-		- reviews.ticketmaster.co.uk *
-		- (www.)ticketmaster.de *
-		- (www.)ticketmaster.nl *
-
-	* At least some pages redirect to http.
-
-
-	Fully covered domains:
-
-		- (www.)eticketing.co.uk	(^ → www)
-		- (www.)ticketmaster.co.uk	(^ → www)
-		- secure.store.ticketmaster.com
-		- de.ticketmaster.com
-		- (www.)ticketmaster.es		(^ → www)
+	For other Live Nation coverage, see 
+		+ LiveNation.com.xml
+
+	Other ticketmaster rulesets:
+		+ ETicketing.co.uk.xml
+		+ Ticketmaster.ae.xml
+		+ Ticketmaster.at.xml
+		+ Ticketmaster.be.xml
+		+ Ticketmaster.ch.xml
+		+ Ticketmaster.co.nz.xml
+		+ Ticketmaster.co.uk.xml
+		+ Ticketmaster.com.au.xml
+		+ Ticketmaster.com.mx.xml
+		+ Ticketmaster.cz.xml
+		+ Ticketmaster.de.xml
+		+ Ticketmaster.dk.xml
+		+ Ticketmaster.es.xml
+		+ Ticketmaster.eu.xml
+		+ Ticketmaster.fi.xml
+		+ Ticketmaster.fr.xml
+		+ Ticketmaster.gr.xml
+		+ Ticketmaster.ie.xml
+		+ Ticketmaster.it.xml
+		+ Ticketmaster.nl.xml
+		+ Ticketmaster.no.xml
+		+ Ticketmaster.pl.xml
+		+ Ticketmaster.se.xml
 
 -->
-<ruleset name="Ticketmaster (partial)">
-
-	<target host="admission.com" />
-	<target host="www.admission.com" />
-	<target host="billetnet.dk" />
-	<target host="www.billetnet.dk" />
-		<exclusion pattern="^http://(?:www\.)?(?:billetnet\.dk|billettservice\.no|lippupalvelu\.fi|ticketmaster\.(?:de|nl))/(?!assets/|myAccount|resource/|static/|theme/|tm-\w\wprod\.112\.2O7\.net/)" />
-	<target host="billettservice.no" />
-	<target host="www.billettservice.no" />
-	<target host="eticketing.co.uk" />
-	<target host="www.eticketing.co.uk" />
-	<target host="lippupalvelu.fi" />
-	<target host="www.lippupalvelu.fi" />
-	<target host="ticketmaster.*" />
-	<target host="www.ticketmaster.*" />
-	<target host="*.ticketmaster.com" />
-	<target host="ticketmaster.co.uk" />
-	<target host="*.ticketmaster.co.uk" />
-	<target host="media.ticketmaster.eu" />
-	<target host="ticketweb.*" />
-	<target host="*.ticketweb.com" />
-	<target host="www.ticketweb.co.uk" />
-
-
-	<securecookie host="^www\.eticketing\.co\.uk$" name=".+" />
-	<!--
-		Omniture cookies:
-					-->
-	<securecookie host="^\.ticketmaster\.com$" name="^s_vi$" />
-	<securecookie host="^de\.ticketmaster\.com$" name=".+" />
-
-	<!--	Apply 2o7 rules first, so that matches
-		don't get rewritten by other rules.
-							-->
-	<rule from="^http://(?:www\.)?(?:billet(?:net\.dk|tservice\.no)|lippupalvelu\.fi|ticketmaster\.(?:de|nl))/tm-(\w\w)prod\.112\.2O7\.net/"
-		to="https://tm-$1prod.112.2o7.net/" />
-
-
-	<rule from="^http://(?:www\.)?admission\.com/(resourc|them)e/"
-		to="https://www.admission.com/$1e/" />
-
-
-	<rule from="^http://(?:www\.)?billetnet\.dk/"
-		to="https://www.billetnet.dk/" />
-
-	<rule from="^https?://(?:www\.)?eticketing\.co\.uk/"
-		to="https://www.eticketing.co.uk/" />
-
-	<rule from="^http://(?:www\.)?lippupalvelu\.fi/"
-		to="https://www.lippupalvelu.fi/" />
-
-
-	<rule from="^http://(?:www\.)?ticket(?:ek|master)\.cl/"
-		to="https://www.ticketek.cl/" />
-
-
-	<rule from="^http://(?:www\.)?ticketmaster\.(ca|com\.(?:au|nz|mx)|ie)/favicon-rebrand\.ico"
-		to="https://www.ticketmaster.$1/favicon-rebrand.ico" />
-
-	<rule from="^https?://(?:www\.)?ticketmaster\.com/(app/|checkout/|h/|json/|member(?:$|\?|/))"
-		to="https://www.ticketmaster.com/$1" />
-
-
-	<rule from="^http://media\.ticketmaster\.com/"
-		to="https://a248.e.akamai.net/f/248/905/10m/origin.media.ticketmaster.com/" />
-
-	<rule from="^http://(ds|mm|secure\.store)\.ticketmaster\.com/"
-		to="https://$1.ticketmaster.com/" />
-
-	<rule from="^http://metrics\.ticketmaster\.com/"
-		to="https://ticketmaster-com.d2.sc.omtrdc.net/" />
-
-	<rule from="^http://ticketsnow\.ticketmaster\.com/(DataProviders/|Scripts/|TopCitiesDropDownListGenerator\.aspx|UI/)"
-		to="https://ticketsnow.ticketmaster.com/$1" />
-
-
-	<rule from="^http://(?:www\.)?ticketmaster\.co\.uk/(?:section)?(\?.*)?$"
-		to="https://www.ticketmaster.co.uk/section/$1" />
-
-	<rule from="^http://(?:www\.)?ticketmaster\.co\.uk/"
-		to="https://www.ticketmaster.co.uk/" />
-
-	<rule from="^http://media\.ticketmaster\.co\.uk/"
-		to="https://a248.e.akamai.net/f/248/905/10m/origin.media.ticketmaster.co.uk/" />
-
-	<rule from="^http://reviews\.ticketmaster\.co\.uk/(logging(?:$|\?)|\d+-\w\w_\w\w/\d+/reviews\.htm\?.*format=embedded|static/)"
-		to="https://ticketmaster.ugc.bazaarvoice.com/$1" />
-
-
-	<rule from="^http://(?:www\.)?ticketmaster\.(de|es|nl)/"
-		to="https://www.ticketmaster.$1/" />
-
-
-	<rule from="^http://(?:www\.)?ticketmaster\.dk/"
-		to="https://www.billetnet.dk/" />
-
-
-	<rule from="^http://media\.ticketmaster\.eu/"
-		to="https://media.ticketmaster.eu/" />
-
-
-	<rule from="^http://(?:www\.)?ticketnet\.fr/(assets|static)/"
-		to="https://www.ticketnet.fr/$1/" />
-
-
-	<rule from="^http://(?:www\.)?ticketweb\.com/"
-		to="https://www.ticketweb.com/" />
-
-
-	<rule from="^http://i\.ticketweb\.com/"
-		to="https://a248.e.akamai.net/f/248/15404/24h/i.ticketweb.com/" />
-
-
-	<rule from="^http://(?:www\.)?ticketweb\.co\.uk/(images/|INFO/|giftcards|member|partners/|section/|styles\.css|twpurple\.html|ukcontent\.css|user/gb_northeast/order/|venuepages/|[\w\./-]+\.html$|[\w-]+/artist/\d+)"
-		to="https://www.ticketweb.co.uk/$1" />
-
+<ruleset name="Ticketmaster.com (partial)">
+	<target host="ticketmaster.com" />
+	<target host="media.ticketmaster.com" />
+	<test url="http://media.ticketmaster.com/en-au/img/static/pdf/AIDA_guide.pdf" />
+	<test url="http://media.ticketmaster.com/en-au/img/static/pdf/WA_SchoolsList_2016.pdf" />
+	<test url="http://media.ticketmaster.com/en-nz/img/static/pdf/tmnz_aga_pds.pdf" />
+	<target host="ticketsnow.ticketmaster.com" />
+	<target host="www.ticketmaster.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Ticketnet.fr.xml b/src/chrome/content/rules/Ticketnet.fr.xml
index 47996a505221..158070516eea 100644
--- a/src/chrome/content/rules/Ticketnet.fr.xml
+++ b/src/chrome/content/rules/Ticketnet.fr.xml
@@ -15,7 +15,7 @@
 	<target host="www.ticketnet.fr" />
 
 
-	<rule from="^https?://(?:www\.)?ticketnet\.fr/(assets|static)/"
+	<rule from="^http://(?:www\.)?ticketnet\.fr/(assets|static)/"
 		to="https://www.ticketnet.fr/$1/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Ticketportal.sk.xml b/src/chrome/content/rules/Ticketportal.sk.xml
new file mode 100644
index 000000000000..9eb7f96ac7b7
--- /dev/null
+++ b/src/chrome/content/rules/Ticketportal.sk.xml
@@ -0,0 +1,7 @@
+<ruleset name="Ticketportal.sk">
+  <target host="ticketportal.sk" />
+  <target host="www.ticketportal.sk" />
+  <target host="ssl.ticketportal.sk" />
+
+  <rule from="^http://(?:www\.|ssl\.)?ticketportal\.sk/" to="https://ssl.ticketportal.sk/" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ticketpro.xml b/src/chrome/content/rules/Ticketpro.xml
deleted file mode 100644
index 73d364461b1b..000000000000
--- a/src/chrome/content/rules/Ticketpro.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="Ticketpro (partial)">
-
-	<target host="shop.ticketpro.hu" />
-
-
-	<securecookie host="^shop\.ticketpro\.hu$" name=".+" />
-
-
-	<rule from="^http://shop\.ticketpro\.hu/"
-		to="https://shop.ticketpro.hu/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Tickets.com.xml b/src/chrome/content/rules/Tickets.com.xml
index 7a90bfa91d11..53b574acf471 100644
--- a/src/chrome/content/rules/Tickets.com.xml
+++ b/src/chrome/content/rules/Tickets.com.xml
@@ -1,7 +1,14 @@
+
 <!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Fetch error: http://ourchase.tickets.com/ => https://ourchase.tickets.com/: (6, 'Could not resolve host: ourchase.tickets.com')
+Fetch error: http://broadcaster.email-tickets.com/ => https://broadcaster.email-tickets.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://broadcaster.email-tickets.com/ => https://broadcaster.email-tickets.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 	Other Tickets.com rulesets:
 
-		- ProVenue.net.xml
 
 
 	CDN buckets:
@@ -30,31 +37,25 @@
 -->
 <ruleset name="Tickets.com (partial)">
 
-	<target host="broadcaster.email-tickets.com" />
+	<!-- target host="broadcaster.email-tickets.com" /-->
 	<target host="tickets.com" />
 	<target host="*.tickets.com" />
-
+    <test url="http://intra.tickets.com/" />
+    <test url="http://provenue.tickets.com/au/" />
+    <test url="http://onsale.tickets.com/" />
 
 	<securecookie host="^broadcaster\.email-tickets\.com$" name=".+" />
 	<securecookie host="^purchasecdn\.tickets\.com$" name=".+" />
 
-
-	<rule from="^http://broadcaster\.email-tickets\.com/"
-		to="https://broadcaster.email-tickets.com/" />
-
-	<rule from="^http://(?:www\.)?tickets\.com/(images/|user(?:$|[?/]))"
-		to="https://www.tickets.com/$1" />
-
-	<rule from="^http://facebook\.tickets\.com/[^?]*(\?.*)?"
+	<!--
+    403
+    <rule from="^http://facebook\.tickets\.com/[^?]*(\?.*)?"
 		to="https://www.facebook.com/pages/Ticketscom/43749304172$1" />
 
-	<rule from="^http://(?:frontline\.)?images\.tickets\.com/"
-		to="https://images.tickets.com/" />
-
-	<rule from="^http://purchasecdn\.tickets\.com/"
-		to="https://purchasecdn.tickets.com/" />
-
-	<rule from="^http://youtube\.tickets\.com/[^?]*(\?.*)?"
+    <rule from="^http://youtube\.tickets\.com/[^?]*(\?.*)?"
 		to="https://www.youtube.com/gototicketsdotcom$1" />
+  -->
+
+  <rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Tickets.gwr.com.xml b/src/chrome/content/rules/Tickets.gwr.com.xml
new file mode 100644
index 000000000000..48913593a91f
--- /dev/null
+++ b/src/chrome/content/rules/Tickets.gwr.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Tickets.gwr.com">
+	<target host="tickets.gwr.com" />
+
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TicketsNow.xml b/src/chrome/content/rules/TicketsNow.xml
index d528dc63a762..411354d7f758 100644
--- a/src/chrome/content/rules/TicketsNow.xml
+++ b/src/chrome/content/rules/TicketsNow.xml
@@ -1,43 +1,51 @@
 <!--
-	For other Live Nation coverage, see Live-Nation.xml.
-
-
-	CDN buckets:
-
-		- content.ticketsnow.com.edgesuite.net
-
-
-	Problematic subdomains:
-
-		- content	(akamai; 504)
-
-
-	Partially covered subdomains:
-
-		- (www.)	(at least some pages redirect to http)
-
-
-	Fully covered subdomains:
-
-		- content
-		- securecontent
-
+	For other Live Nation coverage, see LiveNation.com.xml
+
+	Non-functional hosts
+		Timeout was reached:
+		- ticketsnow.com
+		- affiliatelinks.ticketsnow.com
+		- affiliates.ticketsnow.com
+		- brokers.ticketsnow.com
+		- chat.ticketsnow.com
+		- mail.ticketsnow.com
+		- race.ticketsnow.com
+		- search.ticketsnow.com
+
+		SSL peer certificate was not OK:
+		- content.ticketsnow.com
+
+		Peer certificate cannot be authenticated with given CA certificates:
+		- www1.ticketsnow.com
+
+		Incomplete certificate chain error:
+		- resale.preview.ticketsnow.com
+
+		Self-signed certificate chain error:
+		- m.resale.preview.ticketsnow.com
+		- m.preview1.ticketsnow.com
+		- m.resale.preview1.ticketsnow.com
+
+		5xx server error:
+		- identity-dev.ticketsnow.com
+
+		Secure connection redirects to plaintext:
+		- cc.ticketsnow.com
+		- m.ticketsnow.com
+		- m.preview.ticketsnow.com
+		- www.ticketsnow.com
 -->
 <ruleset name="TicketsNow (partial)">
-
-	<target host="ticketsnow.com" />
-	<target host="*.ticketsnow.com" />
-
-
-	<rule from="^http://(www\.)?ticketsnow\.com/(UI/)"
-		to="https://$1ticketsnow.com/$2" />
-
-	<!--	myTicketsNow$ redirects to http before myTicketsNow/
-									-->
-	<rule from="^http://(www\.)?ticketsnow\.com/myTicketsNow/?"
-		to="https://$1ticketsnow.com/myTicketsNow/" />
-
-	<rule from="^https?://(?:secure)?content\.ticketsnow\.com/"
-		to="https://securecontent.ticketsnow.com/" />
-
-</ruleset>
\ No newline at end of file
+	<target host="identity.ticketsnow.com" />
+	<target host="content.ticketsnow.com" />
+		<test url="http://content.ticketsnow.com/css/themes/base/jquery.ui.theme.css" />
+		<test url="http://content.ticketsnow.com/graphics/Search/calendarGoButton_hprd.jpg" />
+		<test url="http://content.ticketsnow.com/scripts/master/swfobject.js" />
+	<target host="securecontent.ticketsnow.com" />
+
+	<rule from="^http://content\.ticketsnow\.com/"
+			to="https://securecontent.ticketsnow.com/" />
+
+		<rule from="^http:"
+				to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ticketweb.co.uk.xml b/src/chrome/content/rules/Ticketweb.co.uk.xml
new file mode 100644
index 000000000000..1f7456f99aaa
--- /dev/null
+++ b/src/chrome/content/rules/Ticketweb.co.uk.xml
@@ -0,0 +1,10 @@
+<!--
+	For other Ticketmaster related rulesets, see
+		+ Ticketmaster.xml
+-->
+<ruleset name="Ticketweb.co.uk (partial)">
+	<target host="ticketweb.co.uk" />
+	<target host="www.ticketweb.co.uk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ticketweb.com.xml b/src/chrome/content/rules/Ticketweb.com.xml
new file mode 100644
index 000000000000..668ab22b8b37
--- /dev/null
+++ b/src/chrome/content/rules/Ticketweb.com.xml
@@ -0,0 +1,12 @@
+<!--
+	For other Ticketmaster related rulesets, see
+		+ Ticketmaster.xml
+-->
+<ruleset name="Ticketweb.com (partial)">
+	<target host="ticketweb.com" />
+	<target host="www.ticketweb.com" />
+	<target host="i.ticketweb.com" />
+	<test url="http://i.ticketweb.com//i/00/14/57/15/11_Home.png?v=14571511" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Tictail.com.xml b/src/chrome/content/rules/Tictail.com.xml
index 8a654696158e..76ad370aa337 100644
--- a/src/chrome/content/rules/Tictail.com.xml
+++ b/src/chrome/content/rules/Tictail.com.xml
@@ -38,6 +38,7 @@
 	Fully covered subdomains:
 
 		- (www.)
+		- api
 		- blogassets ¹
 		- external.static ¹
 		- *			(per-client subdomains)
@@ -48,15 +49,22 @@
 <ruleset name="Tictail.com (partial)">
 
 	<target host="tictail.com" />
-	<target host="*.tictail.com" />
+	<target host="api.tictail.com" />
+	<target host="www.tictail.com" />
+	<target host="blogassets.tictail.com" />
+	<target host="external.static.tictail.com" />
+	<target host="help.tictail.com" />
 		<!--exclusion pattern="^http://blog\.tictail\.com/" /-->
 
 
 	<securecookie host="^\.ticktail\.com$" name="^(?:__ar_v4|mp_\w{32}_mixpanel|optimizely\w+|_te_)$" />
+	<!--
+		Not secured by server:
+					-->
 	<securecookie host="^(?:www\.)?tictail\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?tictail\.com/"
+	<rule from="^http://(api\.|www\.)?tictail\.com/"
 		to="https://$1tictail.com/" />
 
 	<rule from="^http://(?:blogassets|external\.static)\.tictail\.com/"
@@ -65,4 +73,4 @@
 	<rule from="^http://help\.tictail\.com/favicon\.ico"
 		to="https://d3jyn100am7dxp.cloudfront.net/favicon.ico" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Tid.al-problematic.xml b/src/chrome/content/rules/Tid.al-problematic.xml
new file mode 100644
index 000000000000..632dff4f48f0
--- /dev/null
+++ b/src/chrome/content/rules/Tid.al-problematic.xml
@@ -0,0 +1,15 @@
+<!--
+	For rules that are on by default, see Tid.al.xml.
+
+-->
+<ruleset name="Tid.al (mismatched)" default_off="mismatched">
+
+	<target host="news.tid.al" />
+
+
+	<securecookie host="^news\.tid\.al$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Tid.al.xml b/src/chrome/content/rules/Tid.al.xml
new file mode 100644
index 000000000000..ca841943c12e
--- /dev/null
+++ b/src/chrome/content/rules/Tid.al.xml
@@ -0,0 +1,65 @@
+<!--
+	Tidal Networks
+
+	For problematic rules, see Tid.al-problematic.xml.
+
+
+	CDN buckets:
+
+		- c15192701.r1.cf2.rackcdn.com
+
+		- 1b40d7834cd36cb17272-d318e241556db478f2443eab8244ec10.r48.cf2.rackcdn.com
+
+			- cdna
+
+		- 46cd30968e1573f1be6a-8c2846daf2177f4f4bf5c632288c9df2.r86.cf2.rackcdn.com
+		- 4abad160cf62a615766a-dad11508dc123521ac84d3bb736999e7.r51.cf2.rackcdn.com
+		- f533f48d5f4caca7eca4-fc1b9f39dbc011f36431a12c21c5bdb0.r0.cf2.rackcdn.com
+		- ff8b9ae288661cae8212-d318e241556db478f2443eab8244ec10.ssl.cf2.rackcdn.com
+
+
+	Nonfunctional subdomains:
+
+		- docs *
+
+	* Refused
+
+
+	Problematic subdomains:
+
+		- cdna ¹
+		- news ²
+
+	¹ Works, akamai
+	² Works; mismatched, CN: tid.al
+
+
+	www doesn't exist.
+
+
+	Mixed content:
+
+		- Images, on news from:
+
+			- cdna *
+			- 4abad160cf62a615766a-dad11508dc123521ac84d3bb736999e7.r51.cf2.rackcdn.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Tid.al (partial)">
+
+	<target host="tid.al" />
+	<target host="cdna.tid.al" />
+
+
+	<securecookie host="^tid\.al$" name=".+" />
+
+
+	<rule from="^http://tid\.al/"
+		to="https://tid.al/" />
+
+	<rule from="^http://cdna\.tid\.al/"
+		to="https://1b40d7834cd36cb17272-d318e241556db478f2443eab8244ec10.ssl.cf2.rackcdn.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TidBITS.xml b/src/chrome/content/rules/TidBITS.xml
index 99841ca9e9b4..6716ab03ea3b 100644
--- a/src/chrome/content/rules/TidBITS.xml
+++ b/src/chrome/content/rules/TidBITS.xml
@@ -10,7 +10,6 @@
 	<target host="www.tidbits.com" />
 
 
-	<rule from="^http://(www\.)?tidbits\.com/"
-		to="https://$1tidbits.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Tidal_HiFi.com.xml b/src/chrome/content/rules/Tidal_HiFi.com.xml
new file mode 100644
index 000000000000..cc46e57aaab7
--- /dev/null
+++ b/src/chrome/content/rules/Tidal_HiFi.com.xml
@@ -0,0 +1,34 @@
+<!--
+	Fully covered subdomains:
+
+		- (www.)?
+		- go
+		- tracking
+
+
+	Insecure cookies are set for these domains:
+
+		- tidalhifi.com
+		- go.tidalhifi.com
+		- www.tidalhifi.com
+
+-->
+<ruleset name="Tidal HiFi.com">
+
+	<target host="tidalhifi.com" />
+	<target host="go.tidalhifi.com" />
+	<target host="tracking.tidalhifi.com" />
+	<target host="www.tidalhifi.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?tidalhifi\.com$" name="^(PLAY_LANG|PLAY_SESSION)$" /-->
+	<!--securecookie host="^go\.tidalhifi\.com$" name="^PLAY_SESSION$" /-->
+
+	<securecookie host="^(?:go\.|www\.)?tidalhifi\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Tidaltv.com.xml b/src/chrome/content/rules/Tidaltv.com.xml
index 292c93b3d0af..3f88949f95fc 100644
--- a/src/chrome/content/rules/Tidaltv.com.xml
+++ b/src/chrome/content/rules/Tidaltv.com.xml
@@ -6,16 +6,33 @@
 
 		- (www.)	(503; expired 2013-06-04, mismatched, CN: *.lucidmedia.com)
 
+
+	Insecure cookies are set forthese domains:
+
+		- .tidaltv.com
+
 -->
 <ruleset name="tidaltv.com (partial)">
 
-	<target host="*.tidaltv.com" />
+	<target host="set.tidaltv.com" />
+	<target host="sync.tidaltv.com" />
+	<target host="trk.tidaltv.com" />
+
+		<!--	Sets cookies without Secure:
+							-->
+		<!--test url="http://trk.tidaltv.com/ILogger.aspx?Event=Action&amp;apid=&amp;rand=" /-->
+
+	<test url="http://sync.tidaltv.com/genericusersync.ashx" />
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.tidaltv\.com$" name="^(?:adidt|tidal_ttid)$" /-->
 
-	<securecookie host="^\.tidaltv\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://set\.tidaltv\.com/"
-		to="https://set.tidaltv.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Tidningsnatet.se.xml b/src/chrome/content/rules/Tidningsnatet.se.xml
deleted file mode 100644
index a790e8decb71..000000000000
--- a/src/chrome/content/rules/Tidningsnatet.se.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		(www.)		(shows nysk; mismatched, CN: nysk.mediekompaniet.com)
-
--->
-<ruleset name="Tidningsnatet.se (partial)">
-
-	<target host="sifomedia.tidningsnatet.se" />
-
-
-	<!--	Tracking cookies:
-					-->
-	<securecookie host="^\.tidningsnatet\.se$" name="(?:NXCLICK2|OAX)$" />
-
-
-	<rule from="^http://sifomedia\.tidningsnatet\.se/"
-		to="https://oasc07.247realmedia.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/TieTuKu.xml b/src/chrome/content/rules/TieTuKu.xml
new file mode 100644
index 000000000000..04393440a400
--- /dev/null
+++ b/src/chrome/content/rules/TieTuKu.xml
@@ -0,0 +1,56 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://buimg.com/ => https://buimg.com/: (6, 'Could not resolve host: buimg.com')
+Fetch error: http://www.buimg.com/ => https://www.buimg.com/: (6, 'Could not resolve host: www.buimg.com')
+Fetch error: http://i2.buimg.com/ => https://i2.buimg.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://i3.buimg.com/ => https://i3.buimg.com/: (7, 'Failed to connect to i3.buimg.com port 443: Connection refused')
+Fetch error: http://i4.buimg.com/ => https://i4.buimg.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://i5.buimg.com/ => https://i5.buimg.com/: (7, 'Failed to connect to i5.buimg.com port 443: Connection refused')
+Fetch error: http://i6.buimg.com/ => https://i6.buimg.com/: (7, 'Failed to connect to i6.buimg.com port 443: Connection refused')
+Fetch error: http://i8.buimg.com/ => https://i8.buimg.com/: (7, 'Failed to connect to i8.buimg.com port 443: Connection refused')
+Fetch error: http://i9.buimg.com/ => https://i9.buimg.com/: (7, 'Failed to connect to i9.buimg.com port 443: Connection refused')
+Fetch error: http://i1.piimg.com/ => https://i1.piimg.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://i2.piimg.com/ => https://i2.piimg.com/: (28, 'Connection timed out after 20000 milliseconds')
+
+	Secure connection failed:
+		^tietuku.com
+		www.tietuku.com
+		avatar.tietuku.com
+		i.tietuku.com
+		i[1-9].tietuku.com
+		ps.tietuku.com
+
+		^(www.)?piimg.com
+
+		p1.bpimg.com
+		p1.bqimg.com
+
+	Not exist:
+		i7.buimg.com
+		i7.piimg.com
+-->
+<ruleset name="TieTuKu (partial)" default_off="failed ruleset test">
+
+	<target host="buimg.com" />
+	<target host="www.buimg.com" />
+	<target host="i1.buimg.com" />
+	<target host="i2.buimg.com" />
+	<target host="i3.buimg.com" />
+	<target host="i4.buimg.com" />
+	<target host="i5.buimg.com" />
+	<target host="i6.buimg.com" />
+	<target host="i8.buimg.com" />
+	<target host="i9.buimg.com" />
+
+	<target host="i1.piimg.com" />
+	<target host="i2.piimg.com" />
+	<target host="i3.piimg.com" />
+	<target host="i4.piimg.com" />
+	<target host="i5.piimg.com" />
+	<target host="i6.piimg.com" />
+	<target host="i8.piimg.com" />
+	<target host="i9.piimg.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TierraNet-mismatches.xml b/src/chrome/content/rules/TierraNet-mismatches.xml
deleted file mode 100644
index 1ba880e27ec0..000000000000
--- a/src/chrome/content/rules/TierraNet-mismatches.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	For rules that are on by default, see TierraNet.xml.
-
--->
-<ruleset name="TierraNet (mismatches)" default_off="mismatch">
-
-	<!--	Cert: control.tierra.net	-->
-	<target host="blog.tierra.net" />
-	<target host="support.tierra.net" />
-
-	<rule from="^http://(blog|support)\.tierra\.net/"
-		to="https://$1.tierra.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/TierraNet.xml b/src/chrome/content/rules/TierraNet.xml
index 23d65b10e33f..34fea00394e6 100644
--- a/src/chrome/content/rules/TierraNet.xml
+++ b/src/chrome/content/rules/TierraNet.xml
@@ -1,23 +1,42 @@
 <!--
-	For problematic rules, see TierraNet-mismatches.xml.
+	Insecure cookies are set for these hosts:
 
--->
-<ruleset name="TierraNet (partial)">
+		- control.tierra.net
+		- support.tierra.net
 
+-->
+<ruleset name="TierraNet.net">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="blog.tierra.net" />
+	<target host="control.tierra.net" />
+	<target host="static.tierra.net" />
+	<target host="support.tierra.net" />
+	<target host="webmail.tierra.net" />
+	<target host="www.tierra.net" />
+
+	<!--	Complications:
+				-->
 	<target host="tierra.net" />
-	<target host="*.tierra.net" />
-		<!--	Handled in -mismatches.	-->
-		<exclusion pattern="^http://(blog|support)\." />
 	<target host="www.control.tierra.net" />
 
 
-	<securecookie host="^.*\.tierra\.net$" name=".*" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^control\.tierra\.net$" name="^(?:ROUTE_ID|balancer://control_cluster)$" /-->
+	<!--securecookie host="^support\.tierra\.net$" name="^SWIFT_(?:client|sessionid40)$" /-->
 
+	<securecookie host="^(?:control|support)\.tierra\.net$" name=".+" />
 
-	<rule from="^https?://tierra\.net/"
+
+	<rule from="^http://tierra\.net/"
 		to="https://www.tierra.net/" />
 
-	<rule from="^http://((?:www\.)?control|webmail|www)\.tierra\.net/"
-		to="https://$1.tierra.net/" />
+	<rule from="^http://www\.control\.tierra\.net/"
+		to="https://control.tierra.net/" />
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Tieteellisten-seurain-valtuuskunta.xml b/src/chrome/content/rules/Tieteellisten-seurain-valtuuskunta.xml
index b3af863632a3..e0205dce6d39 100644
--- a/src/chrome/content/rules/Tieteellisten-seurain-valtuuskunta.xml
+++ b/src/chrome/content/rules/Tieteellisten-seurain-valtuuskunta.xml
@@ -2,6 +2,5 @@
 	<target host="tsv.fi"/>
 	<target host="www.tsv.fi"/>
 
-	<rule from="^http://(www\.)?tsv\.fi/"
-		to="https://$1tsv.fi/"/>
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Tieto.com.xml b/src/chrome/content/rules/Tieto.com.xml
index cefa73be2d09..64c46137609d 100644
--- a/src/chrome/content/rules/Tieto.com.xml
+++ b/src/chrome/content/rules/Tieto.com.xml
@@ -1,15 +1,11 @@
 <!--
 	Other Tieto rulesets:
 
-		- Tietoenator.com.xml
-
-
-	Nonfunctional subdomains:
+  Most subdomains nonfunctional
 
 		- novasupport			(dropped)
 		- leansystemcommunity.portal	(refused)
 
-
 	Problematic subdomains:
 
 		- ^		(works; mismatched, CN: acquia-sites.com)
@@ -36,21 +32,13 @@
 <ruleset name="Tieto.com (partial)">
 
 	<target host="tieto.com" />
-	<target host="*.tieto.com" />
-		<exclusion pattern="^http://leansystemcommunity\.portal\." />
-
 
 	<securecookie host="^\.tieto\.com$" name="^__utm\w$" />
 	<securecookie host="^\w+\.portal\.tieto\.com$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?tieto\.com/(?=customer-area(?:$|[?/])|misc/|profiles/\w+/modules/|sites/)"
-		to="https://www.tieto.com/" />
-
-	<rule from="^http://easyedi\.tieto\.com/"
-		to="https://easyedi.tietoenator.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-	<rule from="^http://(\w+)\.portal\.tieto\.com/"
-		to="https://$1.portal.tieto.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Tietoenator.com.xml b/src/chrome/content/rules/Tietoenator.com.xml
deleted file mode 100644
index 6c4d7a2898fa..000000000000
--- a/src/chrome/content/rules/Tietoenator.com.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<!--
-	For other Tieto coverage, see Tieto.com.xml.
-
--->
-<ruleset name="Tietoenator.com (partial)">
-
-	<target host="easyedi.tietoenator.com" />
-
-
-	<rule from="^http://easyedi\.tietoenator\.com/"
-		to="https://easyedi.tietoenator.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Tigase.org.xml b/src/chrome/content/rules/Tigase.org.xml
new file mode 100644
index 000000000000..f48e6c008d31
--- /dev/null
+++ b/src/chrome/content/rules/Tigase.org.xml
@@ -0,0 +1,26 @@
+<!--
+	Nonfunctional subdomains:
+
+		- (www.) ¹
+		- build ²
+		- messenger ¹
+
+	¹ Redirects to projects, expired 2014-06-06
+	² Refused
+
+-->
+<ruleset name="Tigase.org (partial)">
+
+	<target host="projects.tigase.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^projects\.tigase\.org$" name="^_redmine_session$" /-->
+
+	<securecookie host="^projects\.tigase\.org$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Tiger-Airways.xml b/src/chrome/content/rules/Tiger-Airways.xml
new file mode 100644
index 000000000000..6b5dc5c5e740
--- /dev/null
+++ b/src/chrome/content/rules/Tiger-Airways.xml
@@ -0,0 +1,42 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cars.tigerair.com/ => https://cars.tigerair.com/: (51, "SSL: no alternative certificate subject name matches target host name 'cars.tigerair.com'")
+Fetch error: http://groups.tigerair.com/ => https://groups.tigerair.com/: (51, "SSL: no alternative certificate subject name matches target host name 'groups.tigerair.com'")
+
+	Non-functional subdomain:
+		- tigerair.com		(², CN: www.tigerair.com)
+			- www		(redirect to http)
+			- crewnet	¹
+			- crs		(handshake failure)
+			- gethelp	¹
+			- holidays	(redirect to packages)
+			- hotels	(², CN: ssl.goquo.com)
+			- notify	¹
+			- packages	(², CN: ssl.goquo.com)
+			- tigertours	(², CN: *.bluehost.com)
+
+		- .com.au
+			- crewnet	¹
+			- gethelp	¹
+			- hotels	(², CN: *.booking.com)
+			- manage	(invalid cert chain)
+
+	¹ timeout
+	² cert mismatch
+-->
+<ruleset name="Tiger Airways (partial)" default_off="failed ruleset test">
+	<target host=         "tigerair.com.au" />
+	<target host=     "www.tigerair.com.au" />
+	<target host= "booking.tigerair.com.au" />
+	<target host="webcheck.tigerair.com.au" />
+
+	<target host= "booking.tigerair.com" />
+	<target host=    "cars.tigerair.com" />
+	<target host=  "groups.tigerair.com" />
+	<target host="intranet.tigerair.com" />
+	<target host=       "m.tigerair.com" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TigerDirect.xml b/src/chrome/content/rules/TigerDirect.xml
index ddc670e02128..0126088acaa4 100644
--- a/src/chrome/content/rules/TigerDirect.xml
+++ b/src/chrome/content/rules/TigerDirect.xml
@@ -1,15 +1,77 @@
+
 <!--
-	- ^tigerdirect.com presents a different, mismatched, cert
-	- At least some pages redirect to http
+Disabled by https-everywhere-checker because:
+Fetch error: http://biz.tigerdirect.com/ => https://biz.tigerdirect.com/: (60, 'SSL certificate problem: self signed certificate')
+
+	^tigerdirect.com: Akamai
+	www.tigerdirect.com: "Blocked Request"
+
+
+	Insecure cookies are set for these hosts:
+
+		- biz.tigerdirect.com
+		- www.tigerdirect.com
+
+
+	Mixed content:
+
+		- Image on biz from i\d+.geccdn.net
 
 -->
-<ruleset name="TigerDirect (partial)">
+<ruleset name="TigerDirect.com (partial)" default_off="failed ruleset test">
 
-	<target host="tigerdirect.com" />
+	<!--	Direct rewrites:
+				-->
+	<target host="biz.tigerdirect.com" />
+	<target host="orders.tigerdirect.com" />
 	<target host="www.tigerdirect.com" />
 
+	<!--	Complications:
+				-->
+	<target host="tigerdirect.com" />
+
+		<!--	"Blocked Request":
+						-->
+		<!--exclusion pattern="^http://(?:www\.)?tigerdirect\.com/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://(?:www\.)?tigerdirect\.com/+(?!(?:cgi|secure)(?:$|[?/])|css/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.tigerdirect.com/applications/campaigns/deals.asp?campaignid=" />
+			<test url="http://www.tigerdirect.com/applications/email/emailafriend.asp" />
+			<test url="http://www.tigerdirect.com/rss/index.asp" />
+			<test url="http://www.tigerdirect.com/sectors/help/index.asp" />
+			<test url="http://www.tigerdirect.com/sectors/livechat/popup.asp" />
+
+			<!--	-ve:
+					-->
+			<test url="http://tigerdirect.com/css/global-mobile.css" />
+			<test url="http://tigerdirect.com/cgisec/orderTrack.asp" />
+			<test url="http://tigerdirect.com/secure/captcha/Default.aspx" />
+			<test url="http://tigerdirect.com/secure/orderlogin.asp" />
+			<test url="http://www.tigerdirect.com/css/global-mobile.css" />
+			<test url="http://www.tigerdirect.com/cgisec/orderTrack.asp" />
+			<test url="http://www.tigerdirect.com/secure/captcha/Default.aspx" />
+			<test url="http://www.tigerdirect.com/secure/orderlogin.asp" />
+
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^biz\.tigerdirect\.com$" name="^(?:JSESSIONID|TS[\da-f]{8}|gec-pcs_al_hash)$" /-->
+	<!--securecookie host="^www\.tigerdirect\.com$" name="^(?:ACKOFR|ASP\.NET_SessionId|DB|SRCCODE|SRVR)$" /-->
+
+	<securecookie host="^biz\.tigerdirect\.com$" name=".+" />
+
+
+
+	<rule from="^http://tigerdirect\.com/"
+		to="https://www.tigerdirect.com/" />
 
-	<rule from="^https?://(?:www\.)?tigerdirect\.com/css/"
-		to="https://www.tigerdirect.com/css/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Tigertronics.com.xml b/src/chrome/content/rules/Tigertronics.com.xml
new file mode 100644
index 000000000000..56fa29031f46
--- /dev/null
+++ b/src/chrome/content/rules/Tigertronics.com.xml
@@ -0,0 +1,20 @@
+<!--
+	Connection reset:
+		- ftp.tigertronics.com
+		- sucuriip.tigertronics.com
+
+	Mismatched:
+		- email.tigertronics.com
+		- e.tigertronics.com
+		- mobilemail.tigertronics.com
+		- pda.tigertronics.com
+		- webmail.tigertronics.com
+-->
+<ruleset name="Tigertronics.com">
+	<target host="tigertronics.com" />
+	<target host="www.tigertronics.com" />
+	<target host="shop.tigertronics.com" />
+	<target host="www.shop.tigertronics.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TiggersWelt.net.xml b/src/chrome/content/rules/TiggersWelt.net.xml
new file mode 100644
index 000000000000..d63e0de39273
--- /dev/null
+++ b/src/chrome/content/rules/TiggersWelt.net.xml
@@ -0,0 +1,54 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://ssl.tiggerswelt.net/ (200) => https://ssl.tiggerswelt.net/ (400)
+
+	Problematic hosts:
+
+		- webmail *
+
+	* Mismatched
+
+
+	Fully covered hosts:
+
+		- (www.)?
+		- ssl
+		- webmail	(→ ssl)
+
+
+	Insecure cookies are set for these
+
+		- ssl
+
+-->
+<ruleset name="tiggersWelt.net" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="tiggerswelt.net" />
+	<target host="ssl.tiggerswelt.net" />
+	<target host="www.tiggerswelt.net" />
+
+	<!--	Complications:
+				-->
+	<target host="webmail.tiggerswelt.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^ssl\.tiggerswelt\.net$" name="^(DW[\da-f]{32}|DokuWiki)$" /-->
+
+	<securecookie host="^ssl\.tiggerswelt\.net$" name=".+" />
+
+
+	<!--	Redirect keeps forward
+		slash, path, and args:
+				-->
+	<rule from="^http://webmail\.tiggerswelt\.net/"
+		to="https://ssl.tiggerswelt.net/webmail/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Tigr.net.xml b/src/chrome/content/rules/Tigr.net.xml
new file mode 100644
index 000000000000..07b08dba4072
--- /dev/null
+++ b/src/chrome/content/rules/Tigr.net.xml
@@ -0,0 +1,13 @@
+<!--
+	www: dropped
+
+-->
+<ruleset name="Tigr.net">
+
+	<target host="tigr.net" />
+	<target host="www.tigr.net" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TikTok.xml b/src/chrome/content/rules/TikTok.xml
new file mode 100644
index 000000000000..72a95709636a
--- /dev/null
+++ b/src/chrome/content/rules/TikTok.xml
@@ -0,0 +1,36 @@
+<!--
+	tiktok.com itself is preloaded.
+
+	Nonfunctional hosts in *.tiktok.com:
+		Mismatch:
+			+ tiktok.com
+
+	CDN subdomains are frequently changing.
+-->
+<ruleset name="TikTok">
+	<target host="*.tiktokcdn.com" />
+		<test url="http://s16.tiktokcdn.com/musical/resource/mtact/static/pwa/icon_512x512.png" />
+		<test url="http://s20.tiktokcdn.com/tiktok/common/init.js" />
+		<test url="http://v19.tiktokcdn.com/" />
+		<test url="http://v51.tiktokcdn.com/" />
+		<test url="http://v53.tiktokcdn.com/" />
+		<test url="http://v77.tiktokcdn.com/" />
+		<test url="http://sf53-va.tiktokcdn.com/" />
+		<test url="http://sf53-sg.tiktokcdn.com/" />
+		<test url="http://p77-va.tiktokcdn.com/" />
+		<test url="http://sf77-sg.tiktokcdn.com/" />
+		<test url="http://sf77-va.tiktokcdn.com/" />
+		<test url="http://sf77-webcast.tiktokcdn.com/" />
+		<test url="http://p77-webcast.tiktokcdn.com/" />
+		<test url="http://p16-sign-va.tiktokcdn.com/" />
+		<test url="http://p16-sign-sg.tiktokcdn.com/" />
+
+	<target host="tiktokv.com" />
+	<target host="*.tiktokv.com" />
+		<test url="http://api.tiktokv.com/" />
+		<test url="http://api16.tiktokv.com/" />
+		<test url="http://mcs-sg.tiktokv.com/" />
+		<test url="http://mcs-va.tiktokv.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Tiki-Toki.com.xml b/src/chrome/content/rules/Tiki-Toki.com.xml
new file mode 100644
index 000000000000..ff1ad9f13c4e
--- /dev/null
+++ b/src/chrome/content/rules/Tiki-Toki.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="Tiki-Toki.com">
+
+	<target host="tiki-toki.com" />
+	<target host="www.tiki-toki.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Tiki.org.xml b/src/chrome/content/rules/Tiki.org.xml
new file mode 100644
index 000000000000..df2832bf13b8
--- /dev/null
+++ b/src/chrome/content/rules/Tiki.org.xml
@@ -0,0 +1,85 @@
+<!--
+	CDN buckets:
+
+		- dsitvpbwt9mw4.cloudfront.net
+
+
+	Insecure cookies are set for these hosts:
+
+		- tiki.org
+		- branding.tiki.org
+		- dev.tiki.org
+		- doc.tiki.org
+		- info.tiki.org
+		- i18n.tiki.org
+		- profiles.tiki.org
+		- security.tiki.org
+		- themes.tiki.org
+
+
+	Mixed content:
+
+		- Image, on:
+
+			- doc and themes from:
+
+				- ^tiki.org *
+				- themes.tiki.org *
+
+			- edu from:
+
+				- $self *
+				- creativecommons.org *
+
+			- info from:
+
+				- ^tiki.org *
+				- branding.tiki.org *
+				- $self *
+				- themes.tiki.org *
+
+			- profiles from themes.tiki.org *
+			- security from secunia.com *
+
+		- Bugs on doc, profiles, themes from piwik *
+
+	* Secured by us
+
+-->
+<ruleset name="Tiki.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="tiki.org" />
+	<target host="branding.tiki.org" />
+	<target host="demo.tiki.org" />
+	<target host="dev.tiki.org" />
+	<target host="doc.tiki.org" />
+	<target host="edu.tiki.org" />
+	<target host="info.tiki.org" />
+	<target host="irc.tiki.org" />
+	<target host="i18n.tiki.org" />
+	<target host="piwik.tiki.org" />
+	<target host="profiles.tiki.org" />
+	<target host="security.tiki.org" />
+	<target host="suite.tiki.org" />
+	<target host="themes.tiki.org" />
+	<target host="www.tiki.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(doc\.|suite\.|themes\.)?tiki\.org$" name="^(PHPSESSID|PHPSESSIDCV|javascript_enabled_detect)$" /-->
+	<!--securecookie host="^branding\.tiki\.org$" name="^(mobile_mode|runs_before_js_detect)$" /-->
+	<!--securecookie host="^dev\.tiki\.org$" name="^javascript_enabled_detect$" /-->
+	<!--securecookie host="^info\.tiki\.org$" name="^(PHPSESSID|PHPSESSIDCV|runs_before_js_detect|tab|tab_last_query)$" /-->
+	<!--securecookie host="^profiles\.tiki\.org$" name="^(PHPSESSID|PHPSESSIDCV|runs_before_js_detect)$" /-->
+	<!--securecookie host="^(?:i18n|security)\.tiki\.org$" name="^(PHPSESSID|PHPSESSIDCV)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Tilastokeskus.fi.xml b/src/chrome/content/rules/Tilastokeskus.fi.xml
new file mode 100644
index 000000000000..351399038c3f
--- /dev/null
+++ b/src/chrome/content/rules/Tilastokeskus.fi.xml
@@ -0,0 +1,16 @@
+<!--
+	Refused:
+		- autodiscover.tilastokeskus.fi
+
+	Mismatched:
+		- link.tilastokeskus.fi
+		- lyncdiscover.tilastokeskus.fi
+		- web.tilastokeskus.fi
+-->
+<ruleset name="Tilastokeskus.fi">
+	<target host="tilastokeskus.fi" />
+	<target host="www.tilastokeskus.fi" />
+	<target host="securemail.tilastokeskus.fi" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Tilburg_University.xml b/src/chrome/content/rules/Tilburg_University.xml
index 88914e42451e..50a7d51e4b87 100644
--- a/src/chrome/content/rules/Tilburg_University.xml
+++ b/src/chrome/content/rules/Tilburg_University.xml
@@ -1,82 +1,58 @@
-<!--
-	Problematic domains:
-
-		- www.kub.nl *
-		- tilburguniversity.nl		(400; mismatched, CN: images.uvt.nl)
-		- www.tilburguniversity.nl	(redirects to osso)
-
-		- uvt.nl subdomains:
-
-			- ^ *
-			- oudesite	($ redirects to osso)
-			- saml		(shows different data)
-			- www		(redirects to osso)
-
-	* Mismatched, CN: www.tilburguniversity.edu
-
 
-	Partially covered domains:
-
-		- oudesite.uvt.nl
-
-
-	Fully covered domains:
-
-		- www.kub.nl			(→ www.tilburguniversity.edu)
-		- (www.)tilburguniversity.edu
-		- edit.tilburguniversity.edu
-		- (www.)tilburguniversity.nl	(→ www.tilburguniversity.edu)
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://asterix.uvt.nl/ => https://asterix.uvt.nl/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://stuwww.uvt.nl/ => https://stuwww.uvt.nl/: (28, 'Connection timed out after 20001 milliseconds')
 
-		- uvt.nl subdomains:
+	Insecure cookies are set for these hosts:
 
-			- (www.)	(→ www.tilburguniversity.edu)
-			- cooper-redir
-			- (www.)curry
-			- (www.)fibonacci
-			- edit.productie.gx
-			- www.productie.gx
-			- (www.)hermite
-			- osso
-			- osso...:4443
-			- sso
-			- stuwww
+		- www.tilburguniversity.edu
 
 -->
-<ruleset name="Tilburg University (partial)">
+<ruleset name="Tilburg University" default_off="failed ruleset test">
 
+	<target host="kub.nl" />
 	<target host="www.kub.nl" />
+
 	<target host="tilburguniversity.edu" />
-	<target host="*.tilburguniversity.edu" />
+	<target host="edit.tilburguniversity.edu" />
+	<target host="www.tilburguniversity.edu" />
+
 	<target host="tilburguniversity.nl" />
 	<target host="www.tilburguniversity.nl" />
-	<target host="uvt.nl" />
-	<target host="*.uvt.nl" />
-		<exclusion pattern="^http://oudesite\.uvt\.nl/(?!imweb2/)" />
-
-
-	<securecookie host="^www\.tilburguniversity\.edu$" name=".+" />
-	<securecookie host="^(?:sso|stuwww)\.uvt\.nl$" name=".+" />
-
-
-	<rule from="^http://www\.kub\.nl/[^?]*(\?.*)?"
-		to="https://www.tilburguniversity.edu/nl/alumni/$1" />
 
-	<rule from="^http://(www\.)?tilberguniversity\.edu/"
-		to="https://$1tilberguniversity.edu/" />
-
-	<rule from="^http://edit\.tilburguniversity\.edu/"
-		to="https://edit.tilburguniversity.edu/" />
-
-	<rule from="^http://(?:www\.)?tilberguniversity\.nl/[^?]*(\?.*)?"
-		to="https://www.tilberguniversity.edu/$1" />
-
-	<rule from="^http://(?:www\.)?uvt\.nl/[^?]*(\?.*)?"
-		to="https://www.tilburguniversity.edu/nl$1" />
+	<target host="uvt.nl" />
+	<target host="asterix.uvt.nl" />
+	<target host="curry.uvt.nl" />
+	<target host="www.curry.uvt.nl" />
+	<target host="fibonacci.uvt.nl" />
+	<target host="www.fibonacci.uvt.nl" />
+	<target host="edit.productie.gx.uvt.nl" />
+	<target host="www.productie.gx.uvt.nl" />
+	<target host="hermite.uvt.nl" />
+	<target host="www.hermite.uvt.nl" />
+	<target host="osso.uvt.nl" />
+	<target host="oudesite.uvt.nl" />
+	<target host="rechten.uvt.nl" />
+	<target host="saml.uvt.nl" />
+	<target host="sso.uvt.nl" />
+	<target host="stuwww.uvt.nl" />
+	<target host="www.uvt.nl" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.tilburguniversity\.edu$" name="^route$" /-->
+
+	<securecookie host="^\w" name=".+" />
 
-	<rule from="^http://(cooper-redir|(?:www\.)?(?:curry|fibonacci|hermite)|(?:edit|www)\.productie\.gx|o?sso|oudesite|stuwww)\.uvt\.nl/"
-		to="https://$1.uvt.nl/" />
 
 	<rule from="^http://osso\.uvt\.nl:4443/"
 		to="https://osso.uvt.nl:4443/" />
 
-</ruleset>
\ No newline at end of file
+		<test url="http://osso.uvt.nl:4443/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Tildedave.com.xml b/src/chrome/content/rules/Tildedave.com.xml
new file mode 100644
index 000000000000..e0c6a92eab67
--- /dev/null
+++ b/src/chrome/content/rules/Tildedave.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="tildedave.com">
+
+	<target host="tildedave.com" />
+	<target host="www.tildedave.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Tilera.xml b/src/chrome/content/rules/Tilera.xml
index aacda172b5d7..82fc2eadc5e9 100644
--- a/src/chrome/content/rules/Tilera.xml
+++ b/src/chrome/content/rules/Tilera.xml
@@ -1,10 +1,10 @@
-<ruleset name="Tilera (partial)">
+<ruleset name="Tilera (partial)" default_off="refused">
 
 	<target host="support.tilera.com"/>
 
-	<securecookie host="^support\.tilera\.com$" name=".*"/>
+	<securecookie host="^support\.tilera\.com$" name=".+" />
 
-	<rule from="^http://support\.tilera\.com/"
-		to="https://support.tilera.com/"/>
+	<rule from="^http:"
+		to="https:"/>
 
 </ruleset>
diff --git a/src/chrome/content/rules/Tiltbrush.com.xml b/src/chrome/content/rules/Tiltbrush.com.xml
new file mode 100644
index 000000000000..4cd010a54e46
--- /dev/null
+++ b/src/chrome/content/rules/Tiltbrush.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Tiltbrush.com">
+	<target host="tiltbrush.com" />
+	<target host="www.tiltbrush.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Tilted_Windmill_Press.com.xml b/src/chrome/content/rules/Tilted_Windmill_Press.com.xml
new file mode 100644
index 000000000000..cfff2a53e852
--- /dev/null
+++ b/src/chrome/content/rules/Tilted_Windmill_Press.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="Tilted Windmill Press.com">
+
+	<target host="tiltedwindmillpress.com" />
+	<target host="www.tiltedwindmillpress.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Tim.it.xml b/src/chrome/content/rules/Tim.it.xml
new file mode 100644
index 000000000000..750eab225f59
--- /dev/null
+++ b/src/chrome/content/rules/Tim.it.xml
@@ -0,0 +1,19 @@
+<ruleset name="Tim.it (partial)">
+	<target host="tim.it" />
+	<target host="www.tim.it" />
+	<target host="area51.tim.it" />
+	<target host="antivirus.tim.it" />
+	<target host="authwifi.tim.it" />
+	<target host="community.tim.it" />
+	<target host="helpme.tim.it" />
+	<target host="iam.tim.it" />
+	<target host="mail.tim.it" />
+	<target host="m.mail.tim.it" />
+	<target host="mobimail.tim.it" />
+	<target host="webmail.pc.tim.it" />
+	<target host="www.timparty.tim.it" />
+	<target host="wap.tim.it" />
+	<target host="wcap.tim.it" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TimHortons.com.xml b/src/chrome/content/rules/TimHortons.com.xml
new file mode 100644
index 000000000000..989087dfd56c
--- /dev/null
+++ b/src/chrome/content/rules/TimHortons.com.xml
@@ -0,0 +1,23 @@
+<!--
+	Connection timed out:
+		- jobs.timhortons.com
+
+	Expired certificate:
+		- scholarship.timhortons.com
+
+	Wrong server:
+		- rapportdurabilite.timhortons.com
+		- sustainabilityreport.timhortons.com
+-->
+
+<ruleset name="TimHortons.com">
+	<target host="timhortons.com" />
+	<target host="www.timhortons.com" />
+	<target host="apps.timhortons.com" />
+	<target host="auth.timhortons.com" />
+	<target host="c2w.timhortons.com" />
+	<target host="locations.timhortons.com" />
+	<target host="m.timhortons.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Tim_Minchin.com.xml b/src/chrome/content/rules/Tim_Minchin.com.xml
index 0a1a1e20225c..bc0b06308c88 100644
--- a/src/chrome/content/rules/Tim_Minchin.com.xml
+++ b/src/chrome/content/rules/Tim_Minchin.com.xml
@@ -1,23 +1,10 @@
-<!--
-	CDN buckets:
-
-		- d1g9yotx740lzx.cloudfront.net
-
-			- cdn1
-
-
-	Nonfunctional subdomains:
-
-		- ^	(refused)
-		- www	(dropped)
-
--->
 <ruleset name="Tim Minchin.com (partial)">
 
+	<target host="timminchin.com" />
+	<target host="www.timminchin.com" />
 	<target host="cdn1.timminchin.com" />
 
 
-	<rule from="^http://cdn1\.timminchin\.com/"
-		to="https://d1g9yotx740lzx.cloudfront.net/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Timbro.se.xml b/src/chrome/content/rules/Timbro.se.xml
index e5e37605047d..c38f38dc0308 100644
--- a/src/chrome/content/rules/Timbro.se.xml
+++ b/src/chrome/content/rules/Timbro.se.xml
@@ -1,7 +1,6 @@
-<ruleset name="Timbro.se">
+<ruleset name="Timbro.se" default_off="broken">
 	<target host="timbro.se" />
 	<target host="www.timbro.se" />
-	<rule from="^http://www\.timbro\.se/" to="https://www.timbro.se/"/>
-	<rule from="^http://timbro\.se/" to="https://timbro.se/"/>
+	<rule from="^http:" to="https:" />
 </ruleset>
 
diff --git a/src/chrome/content/rules/Time2Play.mobi.xml b/src/chrome/content/rules/Time2Play.mobi.xml
new file mode 100644
index 000000000000..96a217e96542
--- /dev/null
+++ b/src/chrome/content/rules/Time2Play.mobi.xml
@@ -0,0 +1,32 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .time2play.mobi
+
+
+	Mixed content:
+
+		- Bug from c.waplog.net *
+
+	* Unsecurable <= dropped
+
+-->
+<ruleset name="Time2Play.mobi">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="time2play.mobi" />
+	<target host="www.time2play.mobi" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.time2play\.mobi$" name="^default_theme$" /-->
+
+	<securecookie host="^\.time2play\.mobi$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TimeTrade.xml b/src/chrome/content/rules/TimeTrade.xml
deleted file mode 100644
index 042e9d09db01..000000000000
--- a/src/chrome/content/rules/TimeTrade.xml
+++ /dev/null
@@ -1,29 +0,0 @@
-<!--
-	Partially covered subdomains:
-
-		- (www.)	(some paths redirect to http)
-
-
-	Fully covered subdomains:
-
-		- cdn
-		- schedule
-
--->
-<ruleset name="TimeTrade.com">
-
-	<target host="timetrade.com" />
-	<target host="*.timetrade.com" />
-		<!--
-			These paths redirect to http:
-
-				- $
-				- sites/
-						-->
-		<exclusion pattern="^http://(?:www\.)?timetrade\.com/(?!app/|book/|files/|td(?:$|\?|/))" />
-
-
-	<rule from="^http://((?:cdn|schedule|www)\.)?timetrade\.com/"
-		to="https://$1timetrade.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/TimeWeb.com.xml b/src/chrome/content/rules/TimeWeb.com.xml
new file mode 100644
index 000000000000..60c7a4dc8ba7
--- /dev/null
+++ b/src/chrome/content/rules/TimeWeb.com.xml
@@ -0,0 +1,26 @@
+<!--
+	For other TimeWeb coverage, see TimeWeb.xml.
+
+
+	Insecure cookies are set for these domains:
+
+		- .timeweb.com
+
+-->
+<ruleset name="TimeWeb.com">
+
+	<target host="timeweb.com" />
+	<target host="www.timeweb.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.timeweb\.com$" name="^30beta$" /-->
+
+	<securecookie host="^\.timeweb\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TimeWeb.xml b/src/chrome/content/rules/TimeWeb.xml
index fe1d986e0bd8..a56979a8e437 100644
--- a/src/chrome/content/rules/TimeWeb.xml
+++ b/src/chrome/content/rules/TimeWeb.xml
@@ -1,20 +1,21 @@
 <!--
-	www: cert only matches ^timeweb.ru
+	Other TimeWeb rulesets:
+
+		- TimeWeb.com.xml
 
 -->
-<ruleset name="TimeWeb">
+<ruleset name="TimeWeb.ru">
 
 	<target host="timeweb.ru" />
-	<target host="*.timeweb.ru" />
-
+	<target host="cp.timeweb.ru" />
+	<target host="webmail.timeweb.ru" />
+	<target host="www.timeweb.ru" />
 
-	<securecookie host="^(?:.*\.)?timeweb\.ru$" name=".+" />
 
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(?:www\.)?timeweb\.ru/"
-		to="https://timeweb.ru/" />
 
-	<rule from="^http://(cp|webmail)\.timeweb\.ru/"
-		to="https://$1.timeweb.ru/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/TimeZero.ru.xml b/src/chrome/content/rules/TimeZero.ru.xml
new file mode 100644
index 000000000000..1e6555f6d950
--- /dev/null
+++ b/src/chrome/content/rules/TimeZero.ru.xml
@@ -0,0 +1,22 @@
+<!--
+	For other Mail.ru coverage, see Mail.ru.xml.
+
+
+	Mixed content:
+
+		- Images on www from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="TimeZero.ru">
+
+	<target host="timezero.ru" />
+	<target host="game.timezero.ru" />
+	<target host="www.timezero.ru" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Time_Clock_Deals.com.xml b/src/chrome/content/rules/Time_Clock_Deals.com.xml
new file mode 100644
index 000000000000..760d8d68fc21
--- /dev/null
+++ b/src/chrome/content/rules/Time_Clock_Deals.com.xml
@@ -0,0 +1,18 @@
+<!--
+	CDN buckets:
+
+		- d1dq5me9pcwinz.cloudfront.net
+
+-->
+<ruleset name="Time Clock Deals.com">
+
+	<target host="timeclockdeals.com" />
+	<target host="www.timeclockdeals.com" />
+
+
+	<securecookie host="^(?:w*\.)?timeclockdeals\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Time_Inc.xml b/src/chrome/content/rules/Time_Inc.xml
index 99aa15df496e..a53ff03c6d75 100644
--- a/src/chrome/content/rules/Time_Inc.xml
+++ b/src/chrome/content/rules/Time_Inc.xml
@@ -1,124 +1,70 @@
-<!--
-	Other Time Inc rulesets:
-
-		- Entertainment_Weekly.xml
-
-
-	CDN buckets:
-
-		- timecm.122.2o7.net
-
-		- timeinc.brightcove.com.edgesuite.net
-
-			- a1213.g.akamai.net
-
-		- fonts.timeinc.net.edgesuite.net
-
-			- a1726.g2.akamai.net
-
-		- i.timeinc.net.edgesuite.net 
-
-			- a850.g.akamai.net
-			- img.timeinc.net
-
-		- img2.timeinc.net.edgesuite.net
-
-			- a626.g.akamai.net
-			- img2.timeinc.net
-
-		- img2-1.timeinc.net.edgesuite.net
-
-			- a1449.g.akamai.net
-			- img2-1.timeinc.net
-
-		- img2-2.timeinc.net.edgesuite.net
-
-			- a1170.g.akamai.net
-			- img2-2.timeinc.net
-
-		- img2-3.timeinc.net.edgesuite.net
-
-			- a1073.g.akamai.net
-			- img2-3.timeinc.net
-
-		- img2-short.timeinc.net.edgesuite.net
 
-			- a760.g.akamai.net
-
-		- i2.akamai.timeinc.net
-
-			- i2.timeinc.net
-
-
-	Nonfunctional domains:
+<!--
+The following targets have been disabled at 2020-09-25 16:20:22:
 
-		- timeinc.com		(refused)
-		- www.timeinc.com	(503, akamai)
+Fetch error: http://amp.timeinc.net/time/4753419/time-100-gala-biggest-moments/?source=dam => https://amp.timeinc.net/time/4753419/time-100-gala-biggest-moments/?source=dam: (6, 'Could not resolve host: amp.timeinc.net')
+Fetch error: http://amp.timeinc.net/ => https://amp.timeinc.net/: (6, 'Could not resolve host: amp.timeinc.net')
 
+-->
 
-	Problematic domains:
+<!--
+The following targets have been disabled at 2020-04-17 18:38:06:
 
-		- img2.timeinc.net *
-		- img2-[123].timeinc.net *
-		- img2-short.timeinc.net *
+Fetch error: http://cgi.timeinc.net/ => https://cgi.timeinc.net/: (6, 'Could not resolve host: www.pathfinder.com')
+Fetch error: http://invest.timeinc.com/ => https://invest.timeinc.com/: (51, "SSL: no alternative certificate subject name matches target host name 'invest.timeinc.com'")
 
-	* Works, akamai
+	Other Time Inc rulesets:
 
+		- TIME.com.xml
+		- Entertainment_Weekly.xml
+		- Fortune.com.xml
+		- People.com.xml
 
-	Fully covered domains:
 
-		- timeinc.brightcove.com.edgesuite.net	(→ akamai)
+	Non-functional hosts in *.timeinc.net
 
-		- subscription.timeinc.com
+		Couldn't connect to server:
+			 - timeinc.net
 
-		- timeinc.net subdomains:
+		Peer certificate cannot be authenticated with given CA certificates:
+			 - dev-wpcom.timeinc.net
 
-			- fonts		(→ akamai)
-			- i2
-			- img		(→ akamai)
-			- img2		(→ i2)
-			- img2-[123]	(→ i2)
+		Incomplete certificate chain error:
+			 - github.timeinc.net
+			 - jenkins.ties.timeinc.net
 
+		4xx client error:
+			 - i2.timeinc.net
 -->
 <ruleset name="Time Inc (partial)">
-
-	<target host="timeinc.brightcove.com.edgesuite.net" />
-	<target host="*.timeinc.com" />
-	<target host="timeinc.net" />
-	<target host="*.timeinc.net" />
-
+	<!--  *.timeinc.net -->
+	<target host="www.timeinc.net" />
+		<test url="http://www.timeinc.net/subs/newsstand/main.html" />
+	<!-- target host="cgi.timeinc.net" /-->
+	<target host="fonts.timeinc.net" />
+		<test url="http://fonts.timeinc.net/ti/fortune/webfonts.css?ver=1.0.00" />
+	<target host="git.timeinc.net" />
+	<target host="img.timeinc.net" />
+		<test url="http://img.timeinc.net/tii/omniture/h/config/time_s_code_multivideo.js" />
+	<target host="img5.timeinc.net" />
+		<test url="http://img5.timeinc.net/keynote/above_the_fold_1x1.gif" />
+	<target host="smetrics.timeinc.net" />
+	<target host="svn.timeinc.net" />
+	<target host="tia.timeinc.net" />
+		<test url="http://tia.timeinc.net/fortune/tia_tgx.min.js" />
+	<target host="tiads.timeinc.net" />
+		<test url="http://tiads.timeinc.net/ads/tii_bk-coretag.js" />
+
+
+	<!-- *.timeinc.com -->
+	<target host="timeinc.com" />
+	<target host="www.timeinc.com" />
+	<!-- target host="invest.timeinc.com" /-->
+	<target host="subscription.timeinc.com" />
+	<target host="subscription-assets.timeinc.com" />
+		<test url="http://subscription-assets.timeinc.com/prod/assets/themes/magazines/SUBS/templates/velocity/site/mm-newsstand/lp.html" />
 
 	<securecookie host="^subscription\.timeinc\.com$" name=".+" />
 
-
-	<rule from="^http://timeinc\.brightcove\.com\.edgesuite\.net/"
-		to="https://a248.e.akamai.net/f/1213/768/4m/timeinc.brightcove.com.edgesuite.net/" />
-
-	<rule from="^http://subscription(-assets)?\.timeinc\.com/"
-		to="https://subscription$1.timeinc.com/" />
-
-	<rule from="^http://(i2\.|www\.)?timeinc\.net/"
-		to="https://$1timeinc.net/" />
-
-	<rule from="^http://fonts\.timeinc\.net/"
-		to="https://a248.e.akamai.net/f/1726/2257/9m/fonts.timeinc.net/" />
-
-	<rule from="^http://img\.timeinc\.net/"
-		to="https://a248.e.akamai.net/f/850/5111/2m/img.timeinc.net/" />
-
-	<rule from="^http://img2\.timeinc\.net/"
-		to="https://a248.e.akamai.net/f/626/1155/10m/img2.timeinc.net/" />
-
-	<rule from="^http://img2-1\.timeinc\.net/"
-		to="https://a248.e.akamai.net/f/1449/5599/6m/img2-1.timeinc.net/" />
-
-	<rule from="^http://img2-2\.timeinc\.net/"
-		to="https://a248.e.akamai.net/f/1170/3533/10m/img2-2.timeinc.net/" />
-
-	<rule from="^http://img2-3\.timeinc\.net/"
-		to="https://a248.e.akamai.net/f/1073/96/1m/img2-3.timeinc.net/" />
-
-	<rule from="^http://img2-short\.timeinc\.net/"
-		to="https://a248.e.akamai.net/f/760/1695/4m/img2-short.timeinc.net/" />
-
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Time_and_Date.com.xml b/src/chrome/content/rules/Time_and_Date.com.xml
new file mode 100644
index 000000000000..9936a39c77f0
--- /dev/null
+++ b/src/chrome/content/rules/Time_and_Date.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Problematic subdomains:
+
+		- free *
+
+	* Fastly
+
+
+	Mixed content:
+
+		- Images from [ac].tadst.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Time and Date.com (partial)">
+
+	<target host="timeanddate.com" />
+	<target host="freesecure.timeanddate.com" />
+	<target host="www.timeanddate.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Times-Printing-Co.xml b/src/chrome/content/rules/Times-Printing-Co.xml
index 29ed43d441a3..f02500f51a55 100644
--- a/src/chrome/content/rules/Times-Printing-Co.xml
+++ b/src/chrome/content/rules/Times-Printing-Co.xml
@@ -1,14 +1,13 @@
-<!--	!functional
-		(www.)timesprintingco.com	(timeout)
+<!--
+	(www.)?: Shows default page
+	read: Refused
+
 -->
-<ruleset name="Times Printing Co. (partial)" default_off="mismatch">
+<ruleset name="Times Printing Co. (partial)" default_off="refused">
 
-	<!--	cert: *.mygazines.com		-->
 	<target host="read.timesprintingdigital.com"/>
 
-	<securecookie host="^read\.timesprintingdigital\.com$" name=".*"/>
-
-	<rule from="^http://read\.timesprintingdigital\.com/"
-		to="https://read.timesprintingdigital.com/"/>
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Times.xml b/src/chrome/content/rules/Times.xml
index 0c258bcf0762..efade848fc63 100644
--- a/src/chrome/content/rules/Times.xml
+++ b/src/chrome/content/rules/Times.xml
@@ -1,9 +1,82 @@
-<ruleset name="The Times">
+<!--
+	For other News Corporation coverage, see News-Corporation.xml.
 
-	<target host="*.thetimes.co.uk" />
 
+	CDN buckets:
 
-	<rule from="^http://(home|login)\.thetimes\.co\.uk/"
-		to="https://$1.thetimes.co.uk/" />
+		- times-deck.s3-eu-west-1.amazonaws.com
 
-</ruleset>
\ No newline at end of file
+
+	Nonfunctional hosts in *thetimes.co.uk:
+
+		- bcg ᵇ
+		- extras ʰ
+		- ww1 ᵈ
+		- www ʰ
+
+	ᵇ Shows default page
+	ᵈ Dropped
+	ʰ Redirects to http
+
+
+	Problematic hosts in *thetimes.co.uk:
+
+		- ^ ᵐ
+		- archiveprints ᵐ
+		- carlocator ᵐ
+		- globalstore ᵐ
+		- jobs ᵐ
+		- store ᵐ
+		- store2 ᵐ
+
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- .thetimes.co.uk
+		- join.thetimes.co.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Bug on globalstore, store from pubads.g.doubleclick.net *
+
+	* See https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="The Times.co.uk (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="feeds.thetimes.co.uk" />
+	<target host="home.thetimes.co.uk" />
+	<target host="join.thetimes.co.uk" />
+	<target host="login.thetimes.co.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="archiveprints.thetimes.co.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.thetimes\.co\.uk$" name="^nuk_customer_location_hint$" /-->
+	<!--securecookie host="^join\.thetimes\.co\.uk$" name="^AWSELB$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<!--	Redirect drops all:
+					-->
+	<rule from="^http://archiveprints\.thetimes\.co\.uk/.*"
+		to="https://www.magnoliabox.com/" />
+
+		<test url="http://archiveprints.thetimes.co.uk/index.htm" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Times_Higher_Education.com.xml b/src/chrome/content/rules/Times_Higher_Education.com.xml
new file mode 100644
index 000000000000..4b376c5d5935
--- /dev/null
+++ b/src/chrome/content/rules/Times_Higher_Education.com.xml
@@ -0,0 +1,36 @@
+<!--
+	^timeshighereducation.com: Dropped
+
+
+	Insecure cookies are set for these hosts:
+
+		- jobs.timeshighereducation.com
+
+-->
+<ruleset name="Times Higher Education.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="jobs.timeshighereducation.com" />
+	<target host="www.timeshighereducation.com" />
+
+	<!--	Dropped:
+			-->
+	<target host="timeshighereducation.com" />
+
+
+	<!--	Not secured by server:
+					-->
+
+	<!--securecookie host="^jobs\.timeshighereducation\.com$" name="^(?:AnonymousUserId|BrowserSession|FixedFacetDefaults)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://timeshighereducation\.com/"
+		to="https://www.timeshighereducation.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Times_Record_News.xml b/src/chrome/content/rules/Times_Record_News.xml
index f1a15d505c30..302d303b97af 100644
--- a/src/chrome/content/rules/Times_Record_News.xml
+++ b/src/chrome/content/rules/Times_Record_News.xml
@@ -1,4 +1,6 @@
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://timesrecordnews.com/ => https://www.timesrecordnews.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.timesrecordnews.com'")
 	CDN buckets:
 
 		- media.timesrecordnews.com.edgesuite.net
@@ -31,7 +33,8 @@
 <ruleset name="Times Record News (partial)">
 
 	<target host="timesrecordnews.com" />
-	<target host="*.timesrecordnews.com" />
+	<target host="www.timesrecordnews.com" />
+	<target host="media.timesrecordnews.com" />
 
 
 	<rule from="^http://(?:www\.)?timesrecordnews\.com/"
@@ -40,7 +43,4 @@
 	<rule from="^http://media\.timesrecordnews\.com/"
 		to="https://images.scrippsing.com/" />
 
-	<rule from="^http://web\.timesrecordnews\.com/"
-		to="https://a248.e.akamai.net/f/1767/1649/9f/web.timesrecordnews.com/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/TimesofMoney.xml b/src/chrome/content/rules/TimesofMoney.xml
index 8bfb43b99737..90dad328c52e 100644
--- a/src/chrome/content/rules/TimesofMoney.xml
+++ b/src/chrome/content/rules/TimesofMoney.xml
@@ -10,4 +10,4 @@
 	<rule from="^http://(?:www\.)?timesofmoney\.com/"
 		to="https://www.timesofmoney.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Timex.xml b/src/chrome/content/rules/Timex.xml
index 351efd13b188..47160102f312 100644
--- a/src/chrome/content/rules/Timex.xml
+++ b/src/chrome/content/rules/Timex.xml
@@ -1,4 +1,10 @@
-<ruleset name="Timex">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://timex.com/ => https://timex.com/: (51, "SSL: no alternative certificate subject name matches target host name 'timex.com'")
+
+-->
+<ruleset name="Timex" default_off="failed ruleset test">
 
 	<target host="timex.com" />
 	<target host="www.timex.com" />
@@ -7,7 +13,6 @@
 	<securecookie host="^www\.timex\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?timex\.com/"
-		to="https://$1timex.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/TinEye.xml b/src/chrome/content/rules/TinEye.xml
index 47372229d27a..8d2ab9854992 100644
--- a/src/chrome/content/rules/TinEye.xml
+++ b/src/chrome/content/rules/TinEye.xml
@@ -1,33 +1,36 @@
-<!--
-	Nonfunctional subdomains:
-
-		- ideeinc.com:
-
-			- $
-			- blog
-			- labs	(cert: *.tineye.com; 403)
-			- www
-
-		- tineye.com:
-
-			- blog
-
--->
-<ruleset name="TinEye (partial)">
-
-	<target host="pixid.ideeinc.com" />
-	<target host="www.pixid.ideeinc.com" />
-	<target host="tineye.com" />
-	<target host="*.tineye.com" />
-
-
-	<securecookie host="^www\.tineye\.com$" name=".*"/>
-
-
- 	<rule from="^https?://(?:www\.)?pixid\.ideeinc\.com/"
-		to="https://pixid.ideeinc.com/" />
-
-	<rule from="^http://((?:img|services|www)\.)?tineye\.com/"
-		to="https://$1tineye.com/" />
-
-</ruleset>
+<!--
+	Nonfunctional subdomains:
+
+		- ideeinc.com:
+
+			- $
+			- blog
+			- labs	(cert: *.tineye.com; 403)
+			- www
+
+		- tineye.com:
+
+			- blog
+
+-->
+<ruleset name="TinEye (partial)">
+
+	<target host="pixid.ideeinc.com" />
+	<target host="www.pixid.ideeinc.com" />
+	<target host="tineye.com" />
+	<target host="www.tineye.com" />
+	<target host="img.tineye.com" />
+	<target host="labs.tineye.com" />
+	<target host="services.tineye.com" />
+
+
+	<securecookie host="^www\.tineye\.com$" name=".+" />
+
+
+ 	<rule from="^http://www\.pixid\.ideeinc\.com/"
+		to="https://pixid.ideeinc.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Tinc-vpn.org.xml b/src/chrome/content/rules/Tinc-vpn.org.xml
new file mode 100644
index 000000000000..8662eaa2ce2c
--- /dev/null
+++ b/src/chrome/content/rules/Tinc-vpn.org.xml
@@ -0,0 +1,9 @@
+<ruleset name="Tinc-vpn.org">
+	<target host="tinc-vpn.org" />
+	<target host="www.tinc-vpn.org" />
+	<target host="git.tinc-vpn.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Tinder.xml b/src/chrome/content/rules/Tinder.xml
new file mode 100644
index 000000000000..b2f68db7fed6
--- /dev/null
+++ b/src/chrome/content/rules/Tinder.xml
@@ -0,0 +1,25 @@
+<!--
+	Nonfunctional hosts in *gotinder.com:
+
+		- blog ³
+		- swipedright ʳ
+		- tech ³
+
+	³ 403
+	ʳ Refused
+
+-->
+<ruleset name="got Tinder.com (partial)">
+
+	<target host="gotinder.com" />
+	<target host="www.gotinder.com" />
+
+
+	<securecookie host="^\." name="^(?:__cfduid$|_gat?$|_gat_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Tindie.com.xml b/src/chrome/content/rules/Tindie.com.xml
index 8333bdc4db49..cefb12b72f66 100644
--- a/src/chrome/content/rules/Tindie.com.xml
+++ b/src/chrome/content/rules/Tindie.com.xml
@@ -18,7 +18,6 @@
 	<securecookie host="^www\.tindie\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?tindie\.com/"
-		to="https://$1tindie.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Tinfoil_Security.com.xml b/src/chrome/content/rules/Tinfoil_Security.com.xml
new file mode 100644
index 000000000000..f104846121e3
--- /dev/null
+++ b/src/chrome/content/rules/Tinfoil_Security.com.xml
@@ -0,0 +1,15 @@
+<ruleset name="Tinfoil Security.com">
+
+	<target host="tinfoil.co" />
+	<target host="www.tinfoil.co" />
+	<target host="tinfoilsecurity.com" />
+	<target host="blog.tinfoilsecurity.com" />
+	<target host="www.tinfoilsecurity.com" />
+
+
+	<securecookie host="^\.tinfoilsecurity\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ting.com.xml b/src/chrome/content/rules/Ting.com.xml
index 4555feb72f0f..87069e776e61 100644
--- a/src/chrome/content/rules/Ting.com.xml
+++ b/src/chrome/content/rules/Ting.com.xml
@@ -24,13 +24,15 @@
 <ruleset name="Ting.com">
 
 	<target host="ting.com" />
-	<target host="*.ting.com" />
+	<target host="help.ting.com" />
+	<target host="static.ting.com" />
+	<target host="www.ting.com" />
 
 
-	<securecookie host="^(?:.*\.)?ting\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http://(?:(help\.|static\.)|www\.)?ting\.com/"
 		to="https://$1ting.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Tinhte.vn.xml b/src/chrome/content/rules/Tinhte.vn.xml
new file mode 100644
index 000000000000..15511a532cb9
--- /dev/null
+++ b/src/chrome/content/rules/Tinhte.vn.xml
@@ -0,0 +1,32 @@
+<!--
+	Fully covered hosts in *tinhte.vn:
+
+		- (www.)?
+		- photo
+
+
+	Insecure cookies are set for these domains:
+
+		- .tinhte.vn
+
+-->
+<ruleset name="Tinhte.vn">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="tinhte.vn" />
+	<target host="photo.tinhte.vn" />
+	<target host="www.tinhte.vn" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.tinhte\.vn$" name="^xf_session$" /-->
+
+	<securecookie host="^\.tinhte\.vn$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TinkerSoup.de.xml b/src/chrome/content/rules/TinkerSoup.de.xml
new file mode 100644
index 000000000000..47d5c8484343
--- /dev/null
+++ b/src/chrome/content/rules/TinkerSoup.de.xml
@@ -0,0 +1,47 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.tinkersoup.de/leds-el-wire/leds/einzelne-leds/massiver-arcade-taster-mit-led-a-100mm-rot/a-1426/ => https://www.tinkersoup.de/leds-el-wire/leds/einzelne-leds/massiver-arcade-taster-mit-led-a-100mm-rot/a-1426/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.tinkersoup.de/webshop/tutorials/ => https://www.tinkersoup.de/webshop/tutorials/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://tinkersoup.de/ => https://tinkersoup.de/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.tinkersoup.de/ => https://www.tinkersoup.de/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	Insecure cookies are set for these domains:
+
+		- .tinkersoup.de
+
+	Mixed content:
+
+		- Image from www.adafruit.com *
+		- Image from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="TinkerSoup.de" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="tinkersoup.de" />
+	<target host="www.tinkersoup.de" />
+
+		<!--	Mixed image from www.adafruit.com:
+							-->
+		<test url="http://www.tinkersoup.de/leds-el-wire/leds/einzelne-leds/massiver-arcade-taster-mit-led-a-100mm-rot/a-1426/" />
+
+		<!--	Mixed image from $self:
+							-->
+		<test url="http://www.tinkersoup.de/webshop/tutorials/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.tinkersoup\.de$" name="^plentyID$" /-->
+
+	<securecookie host="^\.tinkersoup\.de$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Tinkerforge.com.xml b/src/chrome/content/rules/Tinkerforge.com.xml
index 18cfce69a0b9..ab42090aae37 100644
--- a/src/chrome/content/rules/Tinkerforge.com.xml
+++ b/src/chrome/content/rules/Tinkerforge.com.xml
@@ -23,4 +23,4 @@
 	<rule from="^http://(www\.)?tinkerforge\.com/(?=shop(?:$|[?/])|static/)"
 		to="https://$1tinkerforge.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Tinkoff.ru.xml b/src/chrome/content/rules/Tinkoff.ru.xml
new file mode 100644
index 000000000000..71f114287162
--- /dev/null
+++ b/src/chrome/content/rules/Tinkoff.ru.xml
@@ -0,0 +1,9 @@
+<!--journal. timed out-->
+<ruleset name="Tinkoff.ru">
+	<target host="tinkoff.ru" />
+	<target host="www.tinkoff.ru" />
+	<target host="static.tinkoff.ru" />
+	<target host="t.tinkoff.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Tintup.com.xml b/src/chrome/content/rules/Tintup.com.xml
index 6a234a764ba2..84e29cf293f5 100644
--- a/src/chrome/content/rules/Tintup.com.xml
+++ b/src/chrome/content/rules/Tintup.com.xml
@@ -1,21 +1,30 @@
 <!--
-	CDN buckets:
+	Different content http/https:
+		developers.tintup.com
 
-		- d33w9bm0n1egwm.cloudfront.net
-		- d36hc0p18k1aoc.cloudfront.net
-		- d3l7tj34e9fc43.cloudfront.net
+	Invalid certificate:
+		dev.api.tintup.com
+		gallery.tintup.com
+		www.go.tintup.com
+
+	Refused:
+		saasboard.tintup.com
 
 -->
 <ruleset name="Tintup.com">
 
 	<target host="tintup.com" />
-	<target host="*.tintup.com" />
-
-
-	<securecookie host="^\.tintup\.com$" name=".+" />
+	<target host="www.tintup.com" />
+	<target host="api.tintup.com" />
+		<test url="http://api.tintup.com/v1/analytics/impact/activity/:tint_name" />
+	<target host="office.tintup.com" />
+	<target host="staging.tintup.com" />
+	<target host="status.tintup.com" />
+	<target host="support.tintup.com" />
 
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(www\.)?tintup\.com/"
-		to="https://$1tintup.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Tiny.cc.xml b/src/chrome/content/rules/Tiny.cc.xml
new file mode 100644
index 000000000000..0a972f6371f1
--- /dev/null
+++ b/src/chrome/content/rules/Tiny.cc.xml
@@ -0,0 +1,30 @@
+<!--
+	Mismatch:
+		- d.tiny.cc
+
+	Mixed content:
+
+		- css from fonts.googleapis.com *
+
+		- Images from ^ *
+
+		- favicon from ^ *
+
+	* Secured by us
+
+-->
+<ruleset name="Tiny.cc">
+
+	<target host="tiny.cc" />
+	<target host="www.tiny.cc" />
+
+
+	<!--	Not secured by server:
+					-->
+	<securecookie host="^(?:\.|www\.)?tiny\.cc$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TinyBites.xml b/src/chrome/content/rules/TinyBites.xml
deleted file mode 100644
index ed6741138b6b..000000000000
--- a/src/chrome/content/rules/TinyBites.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="TinyBites">
-
-	<target host="tinybytes.me" />
-	<target host="*.tinybytes.me" />
-
-
-	<securecookie host="^\.tinybytes\.me$" name=".+" />
-
-
-	<rule from="^http://(www\.)?tinybytes\.me/"
-		to="https://$1tinybytes.me/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/TinyChat.xml b/src/chrome/content/rules/TinyChat.xml
index ea5374082d1b..63aa9f52571d 100644
--- a/src/chrome/content/rules/TinyChat.xml
+++ b/src/chrome/content/rules/TinyChat.xml
@@ -1,10 +1,15 @@
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://tinychat.com/ => https://tinychat.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.tinychat.com/ => https://tinychat.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+-->
 <ruleset name="TinyChat" platform="mixedcontent">
   <target host="tinychat.com" />
   <target host="www.tinychat.com" />
 
-  <!-- 
-   https://trac.torproject.org/projects/tor/ticket/8848 
-  <securecookie host="^(.+\.)?tinychat\.com$" name=".*"/>
+  <!--
+   https://trac.torproject.org/projects/tor/ticket/8848
+  <securecookie host="^(.+\.)?tinychat\.com$" name=".+" />
   -->
   <exclusion pattern="^http://(?:www\.)?tinychat\.com/nsfw" />
   <exclusion pattern="^http://(?:www\.)?tinychat\.com/api/find.room/lobby\?site=nsfw" />
diff --git a/src/chrome/content/rules/TinyJPG.com.xml b/src/chrome/content/rules/TinyJPG.com.xml
new file mode 100644
index 000000000000..3c00fcd06daa
--- /dev/null
+++ b/src/chrome/content/rules/TinyJPG.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="TinyJPG.com">
+
+	<target host="tinyjpg.com" />
+	<target host="www.tinyjpg.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TinyLetter.com.xml b/src/chrome/content/rules/TinyLetter.com.xml
new file mode 100644
index 000000000000..7bd4f9484cda
--- /dev/null
+++ b/src/chrome/content/rules/TinyLetter.com.xml
@@ -0,0 +1,17 @@
+<ruleset name="TinyLetter.com">
+
+	<target host="tinyletter.com" />
+	<target host="app.tinyletter.com" />
+	<target host="www.tinyletter.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^app\.tinyletter\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^app\.tinyletter\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TinyPNG.xml b/src/chrome/content/rules/TinyPNG.xml
new file mode 100644
index 000000000000..08f13af1f001
--- /dev/null
+++ b/src/chrome/content/rules/TinyPNG.xml
@@ -0,0 +1,21 @@
+<!--
+	Invalid certificate:
+		www.tinypng.com
+
+-->
+<ruleset name="TinyPNG">
+
+	<target host="tinypng.com" />
+	<target host="www.tinypng.com" />
+	<target host="api.tinypng.com" />
+	<target host="staging.api.tinypng.com" />
+	<target host="cdn.tinypng.com" />
+	<target host="staging.tinypng.com" />
+
+	<rule from="^http://www\.tinypng\.com/"
+		to="https://tinypng.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TinyURL.xml b/src/chrome/content/rules/TinyURL.xml
deleted file mode 100644
index 5e456f97d82a..000000000000
--- a/src/chrome/content/rules/TinyURL.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<ruleset name="TinyURL" platform="mixedcontent">
-
-	<target host="tinyurl.com"/>
-	<target host="*.tinyurl.com"/>
-
-	<securecookie host="^\.tinyurl\.com$" name=".*"/>
-
-	<rule from="^http://(?:www\.)?tinyurl\.com/"
-		to="https://tinyurl.com/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Tiny_Buddha.com.xml b/src/chrome/content/rules/Tiny_Buddha.com.xml
new file mode 100644
index 000000000000..76c4485a2c70
--- /dev/null
+++ b/src/chrome/content/rules/Tiny_Buddha.com.xml
@@ -0,0 +1,35 @@
+<!--
+	Note: platform is so as not to increase non-Tor
+	distinguishability, given that no pages are covered
+	and no mixed content secured.
+
+
+	(www.)?tinybuddha.com: redirects to http
+
+-->
+<ruleset name="Tiny Buddha.com (partial)" platform="mixedcontent">
+
+	<target host="cdn.tinybuddha.com" />
+
+		<!--	Avoid possible XHR problems:
+							-->
+		<exclusion pattern="^http://cdn\.tinybuddha\.com/.+\.js(?:$|\?)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://cdn.tinybuddha.com/wp-content/plugins/buddypress/bp-core/js/confirm.min.js" />
+			<test url="http://cdn.tinybuddha.com/wp-content/plugins/buddypress/bp-core/js/widget-members.min.js" />
+			<test url="http://cdn.tinybuddha.com/wp-content/plugins/optimizePressPlugin/lib/js/op-jquery-base-all.min.js" />
+			<test url="http://cdn.tinybuddha.com/wp-content/themes/tinybuddha/js/modernizr.js" />
+			<!--
+			<test url="http://cdn.tinybuddha.com/wp-includes/js/jquery/jquery-migrate.min.js" />
+			<test url="http://cdn.tinybuddha.com/wp-includes/js/wp-emoji-release.min.js" />
+			-->
+
+		<test url="http://cdn.tinybuddha.com/wp-content/plugins/new-royalslider/lib/royalslider/blank.gif" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Tinyapps.org.xml b/src/chrome/content/rules/Tinyapps.org.xml
new file mode 100644
index 000000000000..c94f71b3396c
--- /dev/null
+++ b/src/chrome/content/rules/Tinyapps.org.xml
@@ -0,0 +1,10 @@
+<ruleset name="tinyapps.org">
+
+	<target host="tinyapps.org" />
+	<target host="www.tinyapps.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Tinydl.xml b/src/chrome/content/rules/Tinydl.xml
deleted file mode 100644
index 17b3c02b957b..000000000000
--- a/src/chrome/content/rules/Tinydl.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	CDN buckets:
-
-		- cdn.shahpar.netdna-cdn.com
-			- cdn-shahpar.netdna-ssl.com doesn't exist
-
--->
-<ruleset name="Tinydl" default_off="expired, self-signed">
-
-	<target host="tinydl.com" />
-	<target host="*.tinydl.com" />
-
-
-	<securecookie host="^www\.tinydl\.com$" name=".*" />
-
-
-	<!--	cdn cert: *.netdna-ssl.com; 404.
-		Cert doesn't match !www.	-->
-	<rule from="^http://(?:cdn\.|www\.)?tinydl\.com/"
-		to="https://www.tinydl.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Tinypass.com.xml b/src/chrome/content/rules/Tinypass.com.xml
new file mode 100644
index 000000000000..48b54db922ed
--- /dev/null
+++ b/src/chrome/content/rules/Tinypass.com.xml
@@ -0,0 +1,41 @@
+<!--
+	Invalid certificate:
+		assets.tinypass.com
+		jobs.tinypass.com
+
+	Timeout:
+		bc.tinypass.com
+		demo.tinypass.com
+		dev.tinypass.com
+		ew-demo.tinypass.com
+		github.tinypass.com
+		qa0.tinypass.com
+		qa1.tinypass.com
+		sw.tinypass.com
+-->
+<ruleset name="Tinypass.com">
+
+	<target host="tinypass.com" />
+	<target host="www.tinypass.com" />
+	<target host="api.tinypass.com" />
+	<target host="api-v3.tinypass.com" />
+	<target host="buy.tinypass.com" />
+	<target host="cdn.tinypass.com" />
+	<target host="cnbc-dev.tinypass.com" />
+	<target host="cnbc-sandbox.tinypass.com" />
+	<target host="code.tinypass.com" />
+	<target host="dashboard.tinypass.com" />
+	<target host="developer.tinypass.com" />
+	<target host="experience.tinypass.com" />
+	<target host="fonts.tinypass.com" />
+	<target host="id.tinypass.com" />
+	<target host="market.tinypass.com" />
+	<target host="media.tinypass.com" />
+	<target host="play.tinypass.com" />
+	<target host="pmauth-sandbox.tinypass.com" />
+	<target host="publisher.tinypass.com" />
+	<target host="sandbox.tinypass.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Tinyteenpass.com.xml b/src/chrome/content/rules/Tinyteenpass.com.xml
index 23315f87878b..23e1c52ff061 100644
--- a/src/chrome/content/rules/Tinyteenpass.com.xml
+++ b/src/chrome/content/rules/Tinyteenpass.com.xml
@@ -1,10 +1,19 @@
-<ruleset name="tinyteenpass.com">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://tinyteenpass.com/ => https://tinyteenpass.com/: (7, 'Failed to connect to tinyteenpass.com port 443: Connection refused')
+Fetch error: http://www.tinyteenpass.com/ => https://www.tinyteenpass.com/: (7, 'Failed to connect to www.tinyteenpass.com port 443: Connection refused')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://tinyteenpass.com/ => https://tinyteenpass.com/: (7, 'Failed to connect to tinyteenpass.com port 443: No route to host')
+Fetch error: http://www.tinyteenpass.com/ => https://www.tinyteenpass.com/: (7, 'Failed to connect to www.tinyteenpass.com port 443: No route to host')
+-->
+<ruleset name="tinyteenpass.com" default_off="failed ruleset test">
 
 	<target host="tinyteenpass.com" />
 	<target host="www.tinyteenpass.com" />
 
 
-	<rule from="^http://(www\.)?tinyteenpass\.com/"
-		to="https://$1tinyteenpass.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Tip4Commit.com.xml b/src/chrome/content/rules/Tip4Commit.com.xml
new file mode 100644
index 000000000000..aeddded88ef6
--- /dev/null
+++ b/src/chrome/content/rules/Tip4Commit.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="Tip4Commit.com">
+
+	<target host="tip4commit.com" />
+	<target host="www.tip4commit.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Tipico.de.xml b/src/chrome/content/rules/Tipico.de.xml
index 6927a6dc0bd8..83a08957f8de 100644
--- a/src/chrome/content/rules/Tipico.de.xml
+++ b/src/chrome/content/rules/Tipico.de.xml
@@ -1,14 +1,13 @@
 <ruleset name="Tipico.de">
 
 	<target host="tipico.de" />
-	<target host="*.tipico.de" />
+	<target host="www.tipico.de" />
 
 
 	<securecookie host="^\.tipico\.de$" name="^affiliateId$" />
 	<securecookie host="^(?:www\.)?tipico\.de$" name=".+" />
 
 
-	<rule from="^http://(www\.)?tipico\.de/"
-		to="https://$1tipico.de/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Tipp10.com.xml b/src/chrome/content/rules/Tipp10.com.xml
new file mode 100644
index 000000000000..6e7a09d45edb
--- /dev/null
+++ b/src/chrome/content/rules/Tipp10.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Tipp10.com">
+  <target host="tipp10.com" />
+  <target host="www.tipp10.com" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Tire_Metro.xml b/src/chrome/content/rules/Tire_Metro.xml
deleted file mode 100644
index d20c0f49cbb0..000000000000
--- a/src/chrome/content/rules/Tire_Metro.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Tire Metro">
-
-	<target host="tiremetroonline.com" />
-	<target host="*.tiremetroonline.com" />
-
-
-	<securecookie host="^(?:.*\.)?tiremetroonline\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?tiremetroonline\.com/"
-		to="https://$1tiremetroonline.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Tirerack.com.xml b/src/chrome/content/rules/Tirerack.com.xml
deleted file mode 100644
index 5d92953bc2cf..000000000000
--- a/src/chrome/content/rules/Tirerack.com.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="Tirerack">
-  <target host="www.tirerack.com"/>
-  <target host="tirerack.com"/>
-
-  <rule from="^http://(www\.)?tirerack\.com/" to="https://www.tirerack.com/"/>
-</ruleset>
-<!-- Rule generated by HTTPS Finder 0.77 -->
diff --git a/src/chrome/content/rules/Tires_N_Wheels.xml b/src/chrome/content/rules/Tires_N_Wheels.xml
deleted file mode 100644
index 64a462d45c37..000000000000
--- a/src/chrome/content/rules/Tires_N_Wheels.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Tires N' Wheels">
-
-	<target host="tiresnwheels.ca" />
-	<target host="*.tiresnwheels.ca" />
-
-
-	<securecookie host="^(?:.*\.)?tiresnwheels\.ca$" name=".+" />
-
-
-	<rule from="^http://(www\.)?tiresnwheels\.ca/"
-		to="https://$1tiresnwheels.ca/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Tisarana.ca.xml b/src/chrome/content/rules/Tisarana.ca.xml
new file mode 100644
index 000000000000..a86ff1619194
--- /dev/null
+++ b/src/chrome/content/rules/Tisarana.ca.xml
@@ -0,0 +1,16 @@
+<ruleset name="Tisarana Buddhist Monastery" platform="mixedcontent">
+    <target host="tisarana.ca" />
+    <target host="www.tisarana.ca" />
+
+    <test url="http://tisarana.ca/wp/wp-content/uploads/powerpress/xRounded_play_button4.jpg.pagespeed.ic.ZUZdhSzz6X.jpg" />
+    <test url="http://tisarana.ca/wp/wp-content/uploads/powerpress/xRounded_play_button4.jpg.pagespeed.ic.Aje6RnBKde.jpg" />
+    <test url="http://tisarana.ca/wp/wp-content/uploads/2014/10/xClearLeafSlim.png.pagespeed.ic.H6vDzn8dgH.png" />
+    <test url="http://tisarana.ca/wp/wp-content/uploads/2014/10/xClearLeafSlim.png.pagespeed.ic.Sd7hxk5eTN.png" />
+
+    <securecookie host="^(?:www)?(?:\.)?tisarana\.ca$" name=".+" />
+
+    <rule from="^http://tisarana\.ca/wp/wp-content/uploads/(.+)/x(.+)\.pagespeed.+"
+            to="https://tisarana.ca/wp/wp-content/uploads/$1/$2" />
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Tiscali.it.xml b/src/chrome/content/rules/Tiscali.it.xml
index 19a2eebe6534..1a35e366b048 100644
--- a/src/chrome/content/rules/Tiscali.it.xml
+++ b/src/chrome/content/rules/Tiscali.it.xml
@@ -1,25 +1,47 @@
 <!--
-	Nonfunctional subdomains:
+	Nonfunctional hosts in *tiscali.it:
 
-		- abbonati *
-		- business *
-		- fax *
-		- servizi *
+		- (www.)? ᵈ
+		- ambiente ʳ
+		- business ᵈ
+		- cloud ᵈ
+		- fax ᵈ
+		- gamesurf ᵈ
+		- lifestyle ᵃ
+		- meteo ᵃ
+		- motori ʳ
+		- notizie ᵈ
+		- archivio.notizie ᵃ
+		- rd ᵃ
+		- rubriche ʳ
+		- servizi ᵈ
+		- socialwifi ᵃ
+		- speedtest ʳ
+		- spettacoli ᵈ
+		- sport ᵃ
+		- tecnologia ᵃ
+		- vacanze ᵈ
+		- viaggi ᶠ
 
-	* Dropped
+	ᵃ Shows another domain
+	ᵈ Dropped
+	ᶠ Handshake fails
+	ʳ Refused
 
 
-	Problematic subdomains:
+	Problematic hosts in *tiscali.it:
 
-		- mobile	(works, expired 2012-09-09)
+		- incontri ᵐ
 
+	ᵐ Mismatched
 
-	Fully covered subdomains:
 
-		- assistenza
-		- mail
-		- selfcare
-		- webcenter
+	Insecure cookies are set for these hosts:
+
+		- aziende.tiscali.it
+		- casa.tiscali.it
+		- freelosophy.tiscali.it
+		- partitaiva.tiscali.it
 
 
 	Mixed content:
@@ -32,8 +54,9 @@
 
 		- Web bugs, on:
 
-			- assistenza from tiscaliadv01.webtrekk.net *
-			- assistenza from statse.webtrendslive.com *
+			- abbonati, aziende, casa, freelosophy, partitaiva from bs.serving-sys.com *
+			- abbonati, assistenza, aziende, casa, freelosophy, partitaiva from tiscaliadv01.webtrekk.net *
+			- abbonati, assistenza, aziende, casa, freelosophy, partitaiva from statse.webtrendslive.com *
 			- assistenza.business from tiscaliadv01.webtrekk.net *
 			- assistenza.business from statse.webtrendslive.com *
 			- webcenter from tiscaliadv01.webtrekk.net *
@@ -44,13 +67,39 @@
 -->
 <ruleset name="Tiscali.it (partial)">
 
-	<target host="*.tiscali.it" />
+	<!--	Direct rewrites:
+				-->
+	<target host="abbonati.tiscali.it" />
+	<target host="assistenza.tiscali.it" />
+	<target host="aziende.tiscali.it" />
+	<target host="casa.tiscali.it" />
+	<target host="freelosophy.tiscali.it" />
+	<target host="mail.tiscali.it" />
+	<target host="mobile.tiscali.it" />
+	<target host="partitaiva.tiscali.it" />
+	<target host="selfcare.tiscali.it" />
+	<target host="servizi.tiscali.it" />
+	<target host="webcenter.tiscali.it" />
+
+	<!--	Complications:
+				-->
+	<target host="incontri.tiscali.it" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:aziende|casa|freelosophy|partitaiva)\.tiscali\.it$" name="^PHPSESSID$" /-->
 
+	<!--	Breaks login:
+				-->
+	<!--securecookie host="^mail\.tiscali\.it$" name="." /-->
+	<securecookie host="^(?!mail\.)." name=".+" />
 
-	<securecookie host="^mail\.tiscali\.it$" name=".+" />
 
+	<rule from="^http://incontri\.tiscali\.it/"
+		to="https://www.meetic.com/" />
 
-	<rule from="^http://(assistenza|mail|selfcare|webcenter)\.tiscali\.it/"
-		to="https://$1.tiscali.it/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Tisoomi.xml b/src/chrome/content/rules/Tisoomi.xml
new file mode 100644
index 000000000000..a5665c9693b3
--- /dev/null
+++ b/src/chrome/content/rules/Tisoomi.xml
@@ -0,0 +1,10 @@
+<ruleset name="Tisoomi GmbH">
+
+	<!-- tls not offered on (www.)tisoomi.com -->
+
+	<target host="tisoomi-services.com"/>
+	<target host="www.tisoomi-services.com"/>
+
+	<rule from="^http:" to="https:"/>
+
+</ruleset>
diff --git a/src/chrome/content/rules/Titanfile.com.xml b/src/chrome/content/rules/Titanfile.com.xml
new file mode 100644
index 000000000000..869eb6c1b400
--- /dev/null
+++ b/src/chrome/content/rules/Titanfile.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Titanfile.com">
+  <target host="titanfile.com" />
+  <target host="www.titanfile.com" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Titania.com.xml b/src/chrome/content/rules/Titania.com.xml
index b6435fcf2b34..5eff018282d3 100644
--- a/src/chrome/content/rules/Titania.com.xml
+++ b/src/chrome/content/rules/Titania.com.xml
@@ -10,7 +10,6 @@
 	<!--	^ redirects to www over http,
 		so copy that behavior:
 					-->
-	<rule from="^http://(?:www\.)?titania\.com/"
-		to="https://www.titania.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Titanic-Magazin.de.xml b/src/chrome/content/rules/Titanic-Magazin.de.xml
new file mode 100644
index 000000000000..f59b0ce5a444
--- /dev/null
+++ b/src/chrome/content/rules/Titanic-Magazin.de.xml
@@ -0,0 +1,11 @@
+<ruleset name="Titanic-Magazin.de">
+
+	<target host="titanic-magazin.de" />
+	<target host="www.titanic-magazin.de" />
+
+	<securecookie host="^www\.titanic-magazin\.de$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Tittygram.com.xml b/src/chrome/content/rules/Tittygram.com.xml
new file mode 100644
index 000000000000..c1b1032ccffa
--- /dev/null
+++ b/src/chrome/content/rules/Tittygram.com.xml
@@ -0,0 +1,27 @@
+<!--
+	Insecure cookies are set for these domains and hosts:
+
+		- tittygram.com
+		- .tittygram.com
+
+-->
+<ruleset name="Tittygram.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="tittygram.com" />
+	<target host="www.tittygram.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^tittygram\.com$" name="^(XSRF-TOKEN|laravel_session)$" /-->
+	<!--securecookie host="^\.tittygram\.com$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.?tittygram\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Tittygram.ru.xml b/src/chrome/content/rules/Tittygram.ru.xml
new file mode 100644
index 000000000000..4a2a9522dca9
--- /dev/null
+++ b/src/chrome/content/rules/Tittygram.ru.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .tittygram.ru
+
+-->
+<ruleset name="Tittygram.ru">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="tittygram.ru" />
+	<target host="www.tittygram.ru" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.tittygram\.ru$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.tittygram\.ru$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Tizen.org.xml b/src/chrome/content/rules/Tizen.org.xml
index a674a4eea4a0..209740f2f421 100644
--- a/src/chrome/content/rules/Tizen.org.xml
+++ b/src/chrome/content/rules/Tizen.org.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://tizen.org/ => https://tizen.org/: (51, "SSL: no alternative certificate subject name matches target host name 'tizen.org'")
+
 	Fully covered subdomains:
 
 		- (www.)
@@ -12,16 +16,24 @@
 		- wiki
 
 -->
-<ruleset name="Tizen.org">
+<ruleset name="Tizen.org" default_off="failed ruleset test">
 
 	<target host="tizen.org" />
-	<target host="*.tizen.org" />
+	<target host="bugs.tizen.org" />
+	<target host="build.tizen.org" />
+	<target host="developer.tizen.org" />
+	<target host="download.tizen.org" />
+	<target host="lists.tizen.org" />
+	<target host="review.tizen.org" />
+	<target host="source.tizen.org" />
+	<target host="wiki.tizen.org" />
+	<target host="www.tizen.org" />
 
 
 	<securecookie host="^(?:bugs|build|wiki)\.tizen\.org$" name=".+" />
 
 
-	<rule from="^http://((?:bugs|build|developer|download|lists|review|source|wiki|www)\.)?tizen\.org/"
-		to="https://$1tizen.org/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Tjoos.xml b/src/chrome/content/rules/Tjoos.xml
index 6027d7b9b16c..96b47e45936f 100644
--- a/src/chrome/content/rules/Tjoos.xml
+++ b/src/chrome/content/rules/Tjoos.xml
@@ -5,22 +5,26 @@
 <ruleset name="Tjoos (partial)">
 
 	<target host="tjoos.com" />
-	<target host="*.tjoos.com" />
+	<target host="www.tjoos.com" />
+	<target host="store.img0.tjoos.com" />
+	<target host="store.img1.tjoos.com" />
+	<target host="store.img2.tjoos.com" />
+	<target host="store.img3.tjoos.com" />
 
 
 	<rule from="^http://(www\.)?tjoos\.com/([iI])mg/"
 		to="https://$1tjoos.com/$2mg/" />
 
-	<rule from="^https?://store\.img0\.tjoos\.com/"
+	<rule from="^http://store\.img0\.tjoos\.com/"
 		to="https://d1orxobvizj2av.cloudfront.net/" />
 
-	<rule from="^https?://store\.img1\.tjoos\.com/"
+	<rule from="^http://store\.img1\.tjoos\.com/"
 		to="https://d3ivv5oi68ept2.cloudfront.net/" />
 
-	<rule from="^https?://store\.img2\.tjoos\.com/"
+	<rule from="^http://store\.img2\.tjoos\.com/"
 		to="https://d1cqgyjxjycyec.cloudfront.net/" />
 
-	<rule from="^https?://store\.img3\.tjoos\.com/"
+	<rule from="^http://store\.img3\.tjoos\.com/"
 		to="https://d35h6lli6lzgmi.cloudfront.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Tjournal.ru.xml b/src/chrome/content/rules/Tjournal.ru.xml
new file mode 100644
index 000000000000..c8dd6573becb
--- /dev/null
+++ b/src/chrome/content/rules/Tjournal.ru.xml
@@ -0,0 +1,12 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.tjournal.ru/ => https://www.tjournal.ru/: (51, "SSL: no alternative certificate subject name matches target host name 'www.tjournal.ru'")
+
+-->
+<ruleset name="Tjournal.ru" default_off="failed ruleset test">
+	<target host="tjournal.ru" />
+	<target host="www.tjournal.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Tkbbank.ru.xml b/src/chrome/content/rules/Tkbbank.ru.xml
new file mode 100644
index 000000000000..de13ebf5b426
--- /dev/null
+++ b/src/chrome/content/rules/Tkbbank.ru.xml
@@ -0,0 +1,27 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://b2card.tkbbank.ru/ => https://b2card.tkbbank.ru/: (6, 'Could not resolve host: b2card.tkbbank.ru')
+
+paymentgate.tkbbank.ru ¹
+sfera.tkbbank.ru ³
+
+
+¹ mismatch
+³ timed out
+-->
+<ruleset name="tkbbank.ru" default_off="failed ruleset test">
+	<target host="tkbbank.ru" />
+	<target host="www.tkbbank.ru" />
+	<target host="b2card.tkbbank.ru" />
+	<target host="bilet.tkbbank.ru" />
+	<target host="business.tkbbank.ru" />
+	<target host="ibank.tkbbank.ru" />
+	<target host="online.tkbbank.ru" />
+	<target host="pay.tkbbank.ru" />
+	<target host="travel.tkbbank.ru" />
+	<target host="video.tkbbank.ru" />
+	<target host="voltage-pp-0000.tkbbank.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Tl63.co.uk.xml b/src/chrome/content/rules/Tl63.co.uk.xml
deleted file mode 100644
index cb38946be86e..000000000000
--- a/src/chrome/content/rules/Tl63.co.uk.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	CN:   *.ipage.com
-
--->
-<ruleset name="tl63.co.uk" default_off="mismatched">
-
-	<target host="tl63.co.uk" />
-	<target host="www.tl63.co.uk" />
-
-
-	<securecookie host="^www\.tl63\.co\.uk$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?tl63\.co\.uk/"
-		to="https://www.tl63.co.uk/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Tld.pl.xml b/src/chrome/content/rules/Tld.pl.xml
index 432d609424ee..14818e1f016a 100644
--- a/src/chrome/content/rules/Tld.pl.xml
+++ b/src/chrome/content/rules/Tld.pl.xml
@@ -1,9 +1,10 @@
-<ruleset name="tld.pl" default_off="self-signed">
+<ruleset name="tld.pl">
 
-	<target host="tld.pl"/>
-	<target host="www.tld.pl"/>
+	<target host="tld.pl" />
+	<target host="www.tld.pl" />
 
-	<rule from="^http://(www\.)?tld\.pl/"
-		to="https://tld.pl/"/>
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/TleCDN.net.xml b/src/chrome/content/rules/TleCDN.net.xml
new file mode 100644
index 000000000000..98ffeaa43ff5
--- /dev/null
+++ b/src/chrome/content/rules/TleCDN.net.xml
@@ -0,0 +1,11 @@
+<ruleset name="tleCDN.net">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="logos.tlecdn.net" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Tls.li.xml b/src/chrome/content/rules/Tls.li.xml
new file mode 100644
index 000000000000..58fe6324dc37
--- /dev/null
+++ b/src/chrome/content/rules/Tls.li.xml
@@ -0,0 +1,21 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://tls.li/ => https://tls.li/: (28, 'Connection timed out after 20000 milliseconds')
+
+	These altnames don't exist:
+
+		- www.tls.li
+
+-->
+<ruleset name="tls.li" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="tls.li" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Tlsfun.de.xml b/src/chrome/content/rules/Tlsfun.de.xml
new file mode 100644
index 000000000000..8fc713e93e1e
--- /dev/null
+++ b/src/chrome/content/rules/Tlsfun.de.xml
@@ -0,0 +1,10 @@
+<ruleset name="tlsfun.de">
+
+	<target host="tlsfun.de" />
+	<target host="*.tlsfun.de" />
+
+
+	<rule from="^http://([\w-]+\.)?tlsfun\.de/"
+		to="https://$1tlsfun.de/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Tmall.HK.xml b/src/chrome/content/rules/Tmall.HK.xml
new file mode 100644
index 000000000000..56a54ea7f525
--- /dev/null
+++ b/src/chrome/content/rules/Tmall.HK.xml
@@ -0,0 +1,38 @@
+<!--
+	For other Alibaba Group coverage, see Alibaba.xml.
+
+
+	^tmall.hk: Mismatched
+
+
+	Insecure cookies are set for these domains:
+
+		- .tmall.hk
+
+-->
+<ruleset name="Tmall.HK">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="list.tmall.hk" />
+	<target host="pass.tmall.hk" />
+	<target host="rule.tmall.hk" />
+	<target host="www.tmall.hk" />
+
+	<!--	Complications:
+				-->
+	<target host="tmall.hk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.tmall\.hk$" name="^(?:_tb_token|cookie2|t)$" /-->
+
+
+	<rule from="^http://tmall\.hk/"
+		to="https://www.tmall.hk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Tmblr.co.xml b/src/chrome/content/rules/Tmblr.co.xml
new file mode 100644
index 000000000000..04a62534ae7a
--- /dev/null
+++ b/src/chrome/content/rules/Tmblr.co.xml
@@ -0,0 +1,16 @@
+<!--
+	For other Tumblr coverage, see Tumblr.xml.
+
+	www doesn't exist
+
+-->
+<ruleset name="Tmblr.co">
+
+	<target host="tmblr.co" />
+
+	<test url="http://tmblr.co/ZE5Fby1dP0xGe" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Tmcnet.com.xml b/src/chrome/content/rules/Tmcnet.com.xml
index 773bdf0e74cd..f90a14f5bd98 100644
--- a/src/chrome/content/rules/Tmcnet.com.xml
+++ b/src/chrome/content/rules/Tmcnet.com.xml
@@ -1,4 +1,12 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://tmcnet.com/ => https://tmcnet.com/: Too many redirects while fetching 'https://tmcnet.com/'
+Fetch error: http://www.tmcnet.com/ => https://www.tmcnet.com/: Too many redirects while fetching 'https://www.tmcnet.com/'
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://tmcnet.com/ => https://tmcnet.com/: Cycle detected - URL already encountered: https://tmcnet.com/
+Fetch error: http://www.tmcnet.com/ => https://www.tmcnet.com/: Cycle detected - URL already encountered: https://www.tmcnet.com/
 	Nonfunctional subdomains:
 
 		- blog *
@@ -12,13 +20,12 @@
 	** 404, CN: www.tmcnet.com
 
 -->
-<ruleset name="Tmcnet.com" platform="mixedcontent">
+<ruleset name="Tmcnet.com" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="tmcnet.com" />
 	<target host="www.tmcnet.com" />
 
 
-	<rule from="^http://(www\.)?tmcnet\.com/"
-		to="https://$1tmcnet.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Tmsz.com.xml b/src/chrome/content/rules/Tmsz.com.xml
new file mode 100644
index 000000000000..59d217eeba12
--- /dev/null
+++ b/src/chrome/content/rules/Tmsz.com.xml
@@ -0,0 +1,21 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://tmsz.com/ => https://tmsz.com/: (6, 'Could not resolve host: tmsz.com')
+Fetch error: http://www.tmsz.com/ => https://www.tmsz.com/: (6, 'Could not resolve host: www.tmsz.com')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://tmsz.com/ => https://tmsz.com/: (7, 'Failed to connect to tmsz.com port 80: No route to host')
+Fetch error: http://www.tmsz.com/ => https://www.tmsz.com/: (7, 'Failed to connect to www.tmsz.com port 80: No route to host')
+	Mixed images from various domains
+
+-->
+<ruleset name="tmsz.com" default_off="failed ruleset test">
+
+	<target host="tmsz.com" />
+	<target host="www.tmsz.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TnAstatic.com.xml b/src/chrome/content/rules/TnAstatic.com.xml
new file mode 100644
index 000000000000..711db66060ee
--- /dev/null
+++ b/src/chrome/content/rules/TnAstatic.com.xml
@@ -0,0 +1,13 @@
+<!--
+	For other T'nAflix coverage, see Tnaflix.xml.
+
+-->
+<ruleset name="TnAstatic.com">
+
+	<target host="img.tnastatic.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Tnaflix.xml b/src/chrome/content/rules/Tnaflix.xml
index d49e8c92a78d..148f7159229c 100644
--- a/src/chrome/content/rules/Tnaflix.xml
+++ b/src/chrome/content/rules/Tnaflix.xml
@@ -1,10 +1,14 @@
 <!--
+	T'nAflix
+
 	Other T'nAflix rulesets:
 
 		- EmpFlix.xml
+		- Empstatic.com.xml
+		- TnAstatic.com.xml
 
 
-	Nonfunctional subdomains:
+	Nonfunctional hosts in *tnaflix.com:
 
 		- static *
 		- s[1-4].static *
@@ -12,34 +16,20 @@
 
 	* Times out
 
-
-	Problematic subdomains:
-
-		- (www.)		(appears identical to payment, mismatched)
-		- payment		(expired 2012-12-31)
-		- www-edge		(404, mismatched, CN: systemcdn.net)
-
-
-	Fully covered subdomains:
-
-		- (www.)	(→ payment)
-		- payment
-		- www-edge	(→ payment)
-
-
-	CN: payment.tnaflix.com
-
 -->
-<ruleset name="T'nAflix (partial)" platform="mixedcontent" default_off="expired">
+<ruleset name="TnAflix.com (partial)">
 
 	<target host="tnaflix.com" />
-	<target host="*.tnaflix.com" />
+	<target host="m.tnaflix.com" />
+	<target host="payment.tnaflix.com" />
+	<target host="www.tnaflix.com" />
+	<target host="www-edge.tnaflix.com" />
 
 
-	<securecookie host="^payment\.tnaflix\.com$" name=".+" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^https?://(?:payment\.|www(?:-edge)?\.)?tnaflix\.com/"
-		to="https://payment.tnaflix.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Tns-counter.ru.xml b/src/chrome/content/rules/Tns-counter.ru.xml
index 119426de8186..c325ff3a71b0 100644
--- a/src/chrome/content/rules/Tns-counter.ru.xml
+++ b/src/chrome/content/rules/Tns-counter.ru.xml
@@ -1,14 +1,26 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .tns-counter.ru
+
+-->
 <ruleset name="tns-counter.ru">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="tns-counter.ru" />
-	<!--	* for cross-domain cookie.	-->
-	<target host="*.tns-counter.ru" />
+	<target host="ar.tns-counter.ru" />
+	<target host="www.tns-counter.ru" />
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.tns-counter\.ru$" name="^guid$" /-->
 
-	<securecookie host="^\.tns-counter\.ru$" name=".*" />
+	<securecookie host="^\.tns-counter\.ru$" name=".+" />
 
 
-	<rule from="^http://(www\.)?tns-counter\.ru/"
-		to="https://$1tns-counter.ru/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/ToFOUR.net.xml b/src/chrome/content/rules/ToFOUR.net.xml
new file mode 100644
index 000000000000..114d0b7e0d0f
--- /dev/null
+++ b/src/chrome/content/rules/ToFOUR.net.xml
@@ -0,0 +1,25 @@
+
+<!--
+The following targets have been disabled at 2020-04-17 18:38:06:
+
+Fetch error: http://cdn.tofour.net/ => https://cdn.tofour.net/: (6, 'Could not resolve host: cdn.tofour.net')
+
+	Other toFOUR rulesets:
+
+
+-->
+<ruleset name="toFOUR.net">
+
+	<target host="tofour.net" />
+	<!-- target host="cdn.tofour.net" /-->
+	<target host="static.tofour.net" />
+	<target host="www.tofour.net" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ToLearnEnglish.com.xml b/src/chrome/content/rules/ToLearnEnglish.com.xml
new file mode 100644
index 000000000000..640104d3a9c1
--- /dev/null
+++ b/src/chrome/content/rules/ToLearnEnglish.com.xml
@@ -0,0 +1,11 @@
+<!--
+	See for related rulesets: FrancaisFacile.com.xml
+-->
+<ruleset name="ToLearnEnglish.com">
+	<target host="tolearnenglish.com" />
+	<target host="www.tolearnenglish.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ToSDR.org.xml b/src/chrome/content/rules/ToSDR.org.xml
index 2fec2734e25d..83638377408e 100644
--- a/src/chrome/content/rules/ToSDR.org.xml
+++ b/src/chrome/content/rules/ToSDR.org.xml
@@ -1,17 +1,20 @@
 <!--
-	ToS;DR
-
-
-	CN: *.5apps.com
+	Expired:
+	- www (10.08.2016)
 
+	Mismatched:
+	- safariextension (www.github.com)
 -->
-<ruleset name="ToSDR.org" default_off="mismatched">
 
+<ruleset name="ToS;DR">
 	<target host="tosdr.org" />
 	<target host="www.tosdr.org" />
+	<target host="blog.tosdr.org" />
+	<target host="edit.tosdr.org" />
+	<target host="1901.tosdr.org" />
 
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(?:www\.)?tosdr\.org/"
-		to="https://tosdr.org/" />
-
-</ruleset>
\ No newline at end of file
+	<rule from="^http://www\.tosdr\.org/" to="https://tosdr.org/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/To_BTR.com.xml b/src/chrome/content/rules/To_BTR.com.xml
new file mode 100644
index 000000000000..2db043eb3fa0
--- /dev/null
+++ b/src/chrome/content/rules/To_BTR.com.xml
@@ -0,0 +1,18 @@
+<!--
+	For other BlogTalkRadio coverage, see BlogTalkRadio.xml.
+
+
+	www: 400
+
+-->
+<ruleset name="To BTR.com (partial)">
+
+	<target host="tobtr.com" />
+
+
+	<!--	Redirect keeps path and args:
+							-->
+	<rule from="^http://tobtr\.com/"
+		to="https://secure.blogtalkradio.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Toad_Fly.xml b/src/chrome/content/rules/Toad_Fly.xml
index bce3b4d33730..1a2ec78f491c 100644
--- a/src/chrome/content/rules/Toad_Fly.xml
+++ b/src/chrome/content/rules/Toad_Fly.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(www\.)?thetoadfly\.com/(favicon\.ico|(?:my-account|order-tracking)(?:$|\?|/)|wp-content/|wp-includes/)"
 		to="https://$1thetoadfly.com/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Toastmasters.org.xml b/src/chrome/content/rules/Toastmasters.org.xml
new file mode 100644
index 000000000000..6b75d412a405
--- /dev/null
+++ b/src/chrome/content/rules/Toastmasters.org.xml
@@ -0,0 +1,36 @@
+<!--
+	Mismatched:
+		- ^
+		- magazines
+
+	Connection refused:
+		- autodiscover
+		- ecommerce
+		- reports
+
+	Expired:
+		- california
+		- cdcentral
+		- convention
+
+	Time out:
+		- dashboards
+		- remote
+		- vpn
+		- webmail
+-->
+<ruleset name="Toastmasters International">
+	<target host="toastmasters.org" />
+	<target host="www.toastmasters.org" />
+	<target host="mediacenter.toastmasters.org" />
+	<target host="reports2.toastmasters.org" />
+	<target host="secure.toastmasters.org" />
+	<target host="themeetingroom.toastmasters.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://toastmasters\.org/"
+		to="https://www.toastmasters.org/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Tocco.ch.xml b/src/chrome/content/rules/Tocco.ch.xml
new file mode 100644
index 000000000000..65b961add8d1
--- /dev/null
+++ b/src/chrome/content/rules/Tocco.ch.xml
@@ -0,0 +1,165 @@
+<!--
+	Non-functional hosts:
+		Certificate mismatch:
+			- juventus.tocco.ch
+			- sfb.tocco.ch
+			- sfbtest.tocco.ch
+			- sfbv.tocco.ch
+			- uzhmels.tocco.ch
+			- uzhmelstest.tocco.ch
+			- zb.tocco.ch
+			- zbtest.tocco.ch
+		Connection refused:
+			- santesuisse.tocco.ch
+			- santesuissetest.tocco.ch
+-->
+<ruleset name="Tocco AG">
+	<target host="tocco.ch" />
+	<target host="www.tocco.ch" />
+	<target host="143.tocco.ch" />
+	<target host="abbts.tocco.ch" />
+	<target host="abbtstest.tocco.ch" />
+	<target host="agogis.tocco.ch" />
+	<target host="agogistest.tocco.ch" />
+	<target host="arge.tocco.ch" />
+	<target host="argetest.tocco.ch" />
+	<target host="artifactory01.tocco.ch" />
+	<target host="avanti.tocco.ch" />
+	<target host="avantitest.tocco.ch" />
+	<target host="awpf.tocco.ch" />
+	<target host="awpftest.tocco.ch" />
+	<target host="backoffice.tocco.ch" />
+	<target host="bbg.tocco.ch" />
+	<target host="bbgtest.tocco.ch" />
+	<target host="betriebsunterhalt.tocco.ch" />
+	<target host="biomedica.tocco.ch" />
+	<target host="birdag.tocco.ch" />
+	<target host="bnf.tocco.ch" />
+	<target host="bnftest.tocco.ch" />
+	<target host="bvz.tocco.ch" />
+	<target host="bvztest.tocco.ch" />
+	<target host="chinadoc.tocco.ch" />
+	<target host="csp-reports.tocco.ch" />
+	<target host="demo.tocco.ch" />
+	<target host="dev.tocco.ch" />
+	<target host="dgh.tocco.ch" />
+	<target host="dghtest.tocco.ch" />
+	<target host="dls.tocco.ch" />
+	<target host="dlstest.tocco.ch" />
+	<target host="documentation.tocco.ch" />
+	<target host="ecap.tocco.ch" />
+	<target host="ecaptest.tocco.ch" />
+	<target host="elk.tocco.ch" />
+	<target host="elk01.tocco.ch" />
+	<target host="enga.tocco.ch" />
+	<target host="extranet.tocco.ch" />
+	<target host="ffgs.tocco.ch" />
+	<target host="ffgstest.tocco.ch" />
+	<target host="fsn.tocco.ch" />
+	<target host="fsntest.tocco.ch" />
+	<target host="gerrit.tocco.ch" />
+	<target host="git.tocco.ch" />
+	<target host="graphite.tocco.ch" />
+	<target host="gst.tocco.ch" />
+	<target host="gvz.tocco.ch" />
+	<target host="gvztest.tocco.ch" />
+	<target host="hftm.tocco.ch" />
+	<target host="hftmtest.tocco.ch" />
+	<target host="hrswiss.tocco.ch" />
+	<target host="icfo.tocco.ch" />
+	<target host="ief.tocco.ch" />
+	<target host="iffp.tocco.ch" />
+	<target host="iffp1.tocco.ch" />
+	<target host="iffp2.tocco.ch" />
+	<target host="iffptest.tocco.ch" />
+	<target host="inlingua.tocco.ch" />
+	<target host="inlinguatest.tocco.ch" />
+	<target host="juventustest.tocco.ch" />
+	<target host="k5bs.tocco.ch" />
+	<target host="kinderaerzte.tocco.ch" />
+	<target host="kinderaerztetest.tocco.ch" />
+	<target host="koshiatsu.tocco.ch" />
+	<target host="koshiatsutest.tocco.ch" />
+	<target host="lakesideschool.tocco.ch" />
+	<target host="lmb.tocco.ch" />
+	<target host="magenta.tocco.ch" />
+	<target host="maltech.tocco.ch" />
+	<target host="maltechtest.tocco.ch" />
+	<target host="manual.tocco.ch" />
+	<target host="master.tocco.ch" />
+	<target host="master2.tocco.ch" />
+	<target host="master3.tocco.ch" />
+	<target host="mvn.tocco.ch" />
+	<target host="newplacement.tocco.ch" />
+	<target host="nhk.tocco.ch" />
+	<target host="nhktest.tocco.ch" />
+	<target host="nose.tocco.ch" />
+	<target host="nvs.tocco.ch" />
+	<target host="nvstest.tocco.ch" />
+	<target host="odags.tocco.ch" />
+	<target host="odagstest.tocco.ch" />
+	<target host="odaszh.tocco.ch" />
+	<target host="phsg.tocco.ch" />
+	<target host="redcross.tocco.ch" />
+	<target host="redcrosstest.tocco.ch" />
+	<target host="rss.tocco.ch" />
+	<target host="rsstest.tocco.ch" />
+	<target host="sah.tocco.ch" />
+	<target host="saz.tocco.ch" />
+	<target host="saztest.tocco.ch" />
+	<target host="sgd.tocco.ch" />
+	<target host="sgdtest.tocco.ch" />
+	<target host="shl.tocco.ch" />
+	<target host="siu.tocco.ch" />
+	<target host="siutest.tocco.ch" />
+	<target host="sjv.tocco.ch" />
+	<target host="sjvtest.tocco.ch" />
+	<target host="slrg.tocco.ch" />
+	<target host="slrgtest.tocco.ch" />
+	<target host="smc.tocco.ch" />
+	<target host="smctest.tocco.ch" />
+	<target host="sonar.tocco.ch" />
+	<target host="sorbetto.tocco.ch" />
+	<target host="spedlogswiss.tocco.ch" />
+	<target host="spedlogswisstest.tocco.ch" />
+	<target host="spi.tocco.ch" />
+	<target host="spitest.tocco.ch" />
+	<target host="sps.tocco.ch" />
+	<target host="spv.tocco.ch" />
+	<target host="spvtest.tocco.ch" />
+	<target host="srksg.tocco.ch" />
+	<target host="ssn.tocco.ch" />
+	<target host="sus.tocco.ch" />
+	<target host="swv.tocco.ch" />
+	<target host="swvtest.tocco.ch" />
+	<target host="tc.tocco.ch" />
+	<target host="teamcity.tocco.ch" />
+	<target host="test.tocco.ch" />
+	<target host="test1.tocco.ch" />
+	<target host="test2.tocco.ch" />
+	<target host="tgv.tocco.ch" />
+	<target host="tgvtest.tocco.ch" />
+	<target host="tlc.tocco.ch" />
+	<target host="tocco.tocco.ch" />
+	<target host="tocco1.tocco.ch" />
+	<target host="tocco2.tocco.ch" />
+	<target host="toccotest.tocco.ch" />
+	<target host="toz.tocco.ch" />
+	<target host="toztest.tocco.ch" />
+	<target host="usic.tocco.ch" />
+	<target host="usictest.tocco.ch" />
+	<target host="uzhavinventar.tocco.ch" />
+	<target host="uzhavinventartest.tocco.ch" />
+	<target host="visana.tocco.ch" />
+	<target host="visanatest.tocco.ch" />
+	<target host="wiki.tocco.ch" />
+	<target host="zbrest.tocco.ch" />
+	<target host="zewo.tocco.ch" />
+	<target host="zewotest.tocco.ch" />
+	<target host="zgp.tocco.ch" />
+	<target host="zgptest.tocco.ch" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Today.com.xml b/src/chrome/content/rules/Today.com.xml
deleted file mode 100644
index a180942ed1f8..000000000000
--- a/src/chrome/content/rules/Today.com.xml
+++ /dev/null
@@ -1,52 +0,0 @@
-<!--
-	CDN buckets:
-
-		- today.msnbc.msn.com.edgesuite.net
-
-			- a205.g.akamai.net
-			- www.today.com
-
-		- nvcdn.today.com.edgesuite.net
-
-			- a1638.g2.akamai.net
-
-
-	Nonfunctional subdomains:
-
-		- edp	(404; mismatched, CN: *.msnbc.msn.com)
-
-
-	Problematic subdomains:
-
-		- www *
-		- nvcdn *
-		- on	(dropped)
-
-	* Works, akamai
-
--->
-<ruleset name="Today.com (partial)">
-
-	<target host="today.com" />
-	<target host="*.today.com" />
-		<!--
-			Avoid user-visible paths:
-							-->
-		<exclusion pattern="^http://(?:www\.)?today\.com/(?!default\.ashx/id/|favicon\.ico|js/|Today/assets/)" />
-		<exclusion pattern="^http://nvcdn\.today\.com/[^/]*$" />
-		<!--
-			css links images relative to /
-							-->
-		<exclusion pattern="^http://(?:www\.)?today\.com/Today/assets/desktopCss/" />
-
-
-	<rule from="^http://(?:www\.)?today\.com/"
-		to="https://a248.e.akamai.net/f/205/8773/8m/www.today.com/" />
-
-	<rule from="^http://nvcdn\.today\.com/"
-		to="https://a248.e.akamai.net/f/1638/5769/3m/nvcdn.today.com/" />
-
-	<rule from="^http://on\.today\.com/"
-		to="https://bit.ly/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Todo_en_Tinta.xml b/src/chrome/content/rules/Todo_en_Tinta.xml
index c82a50b34c06..6fd44f8e2239 100644
--- a/src/chrome/content/rules/Todo_en_Tinta.xml
+++ b/src/chrome/content/rules/Todo_en_Tinta.xml
@@ -1,13 +1,21 @@
-<ruleset name="Todo en Tinta">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ahorroentinta.com/ => https://ahorroentinta.com/: (60, 'SSL certificate problem: self signed certificate')
+Fetch error: http://www.ahorroentinta.com/ => https://www.ahorroentinta.com/: (60, 'SSL certificate problem: self signed certificate')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://ahorroentinta.com/ => https://ahorroentinta.com/: Redirect for 'http://peplogar.com/' missing Location
+-->
+<ruleset name="Todo en Tinta" default_off="failed ruleset test">
 
 	<target host="ahorroentinta.com" />
-	<target host="*.ahorroentinta.com" />
+	<target host="www.ahorroentinta.com" />
 
 
 	<securecookie host="^\.ahorroentinta\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?ahorroentinta\.com/"
-		to="https://$1ahorroentinta.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Todoist.xml b/src/chrome/content/rules/Todoist.xml
deleted file mode 100644
index 24ae7fc635bb..000000000000
--- a/src/chrome/content/rules/Todoist.xml
+++ /dev/null
@@ -1,5 +0,0 @@
-<ruleset name="Todoist">
-  <target host="todoist.com" />
-
-  <rule from="^http://(?:www\.)?todoist\.com/" to="https://todoist.com/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/Todoly.xml b/src/chrome/content/rules/Todoly.xml
index 63dfb43e26a3..f34dc53a3247 100644
--- a/src/chrome/content/rules/Todoly.xml
+++ b/src/chrome/content/rules/Todoly.xml
@@ -2,7 +2,7 @@
   <target host="todo.ly"/>
   <target host="www.todo.ly"/>
 
-  <securecookie host="^(.+\.)?todo\.ly$" name=".*"/>
+  <securecookie host=".+" name=".+" />
 
   <rule from="^http://(?:www\.)?todo\.ly/" to="https://todo.ly/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/TofinoSecurity.xml b/src/chrome/content/rules/TofinoSecurity.xml
index afbe28a24f7b..96e3885e3f86 100644
--- a/src/chrome/content/rules/TofinoSecurity.xml
+++ b/src/chrome/content/rules/TofinoSecurity.xml
@@ -2,5 +2,5 @@
   <target host="www.tofinosecurity.com" />
   <target host="tofinosecurity.com" />
 
-  <rule from="^http://(?:www\.)?tofinosecurity\.com/" to="https://www.tofinosecurity.com/"/>
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Toga_Hotels.xml b/src/chrome/content/rules/Toga_Hotels.xml
index 722bf8248206..2826b4e3139f 100644
--- a/src/chrome/content/rules/Toga_Hotels.xml
+++ b/src/chrome/content/rules/Toga_Hotels.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(www\.)?togahotels\.com/(asset|template)s/"
 		to="https://$1togahotels.com/$2s/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/TogetherJS.com.xml b/src/chrome/content/rules/TogetherJS.com.xml
new file mode 100644
index 000000000000..a4fac018495e
--- /dev/null
+++ b/src/chrome/content/rules/TogetherJS.com.xml
@@ -0,0 +1,26 @@
+<!--
+	For other Mozilla coverage, see Mozilla.xml.
+
+
+	www: <= ssl3 only
+
+-->
+<ruleset name="TogetherJS.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="togetherjs.com" />
+	<target host="hub.togetherjs.com" />
+
+	<!--	Complications:
+				-->
+	<target host="www.togetherjs.com" />
+
+
+	<rule from="^http://www\.togetherjs\.com/"
+		to="https://togetherjs.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Toggl.com.xml b/src/chrome/content/rules/Toggl.com.xml
new file mode 100644
index 000000000000..547b8f43376b
--- /dev/null
+++ b/src/chrome/content/rules/Toggl.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="Toggl.com">
+
+	<target host="toggl.com" />
+	<target host="www.toggl.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TokBox.xml b/src/chrome/content/rules/TokBox.xml
index 195f33bb9867..5ddbf11b2ccc 100644
--- a/src/chrome/content/rules/TokBox.xml
+++ b/src/chrome/content/rules/TokBox.xml
@@ -1,30 +1,19 @@
 <!--
-	CDN buckets:
+	Other TokBox rulesets:
 
-		- static.opentok.com.edgesuite.net
-
-
-	Nonfunctional domains:
-
-		- status.opentok.com
-
-
-	Problematic domains:
-
-		- labs.opentok.com	(mismatch, CN: *.tokbox.com; works)
+		- OpenTok.com.xml
 
 -->
-<ruleset name="TokBox">
+<ruleset name="TokBox.com">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="tokbox.com" />
-	<target host="*.tokbox.com" />
-	<target host="static.opentok.com" />
-
+	<target host="swww.tokbox.com" />
+	<target host="www.tokbox.com" />
 
-	<rule from="^http://(s?www\.)?tokbox\.com/"
-		to="https://$1tokbox.com/" />
 
-	<rule from="^https?://static\.opentok\.com/"
-		to="https://swww.tokbox.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Toke.dk.xml b/src/chrome/content/rules/Toke.dk.xml
new file mode 100644
index 000000000000..8bee0f278cc5
--- /dev/null
+++ b/src/chrome/content/rules/Toke.dk.xml
@@ -0,0 +1,12 @@
+<!--
+	(www.) doesn't exist.
+
+-->
+<ruleset name="Toke.dk">
+
+	<target host="kau.toke.dk" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Tokopedia.com.xml b/src/chrome/content/rules/Tokopedia.com.xml
new file mode 100644
index 000000000000..b233b8c0a1b3
--- /dev/null
+++ b/src/chrome/content/rules/Tokopedia.com.xml
@@ -0,0 +1,18 @@
+<ruleset name="Tokopedia.com">
+	<target host="tokopedia.com" />
+	<target host="www.tokopedia.com" />
+	<target host="accounts.tokopedia.com" />
+	<target host="ace.tokopedia.com" />
+	<target host="ecs.tokopedia.com" />
+	<target host="goldmerchant.tokopedia.com" />
+	<target host="gql.tokopedia.com" />
+	<target host="kota.tokopedia.com" />
+	<target host="m.tokopedia.com" />
+	<target host="mojito.tokopedia.com" />
+	<target host="pulsa.tokopedia.com" />
+	<target host="seller.tokopedia.com" />
+	<target host="ta.tokopedia.com" />
+	<target host="tiket.tokopedia.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Tokyo-Broadcasting-System-Television.xml b/src/chrome/content/rules/Tokyo-Broadcasting-System-Television.xml
new file mode 100644
index 000000000000..05965a9c87e5
--- /dev/null
+++ b/src/chrome/content/rules/Tokyo-Broadcasting-System-Television.xml
@@ -0,0 +1,5 @@
+<ruleset name="Tokyo Broadcasting System Television">
+	<target host="www.tbs.co.jp" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Tokyo-Linux-Users-Group.xml b/src/chrome/content/rules/Tokyo-Linux-Users-Group.xml
index 414912d8e275..8524aefb4779 100644
--- a/src/chrome/content/rules/Tokyo-Linux-Users-Group.xml
+++ b/src/chrome/content/rules/Tokyo-Linux-Users-Group.xml
@@ -7,12 +7,12 @@
 <ruleset name="Tokyo Linux Users Group" default_off="self-signed">
 
 	<target host="tlug.jp" />
-	<target host="*.tlug.jp" />
+	<target host="www.tlug.jp" />
+	<target host="lists.tlug.jp" />
 
 	<rule from="^http://(?:www\.)?tlug\.jp/"
 		to="https://tlug.jp/" />
 
-	<rule from="^http://lists\.tlug\.jp/"
-		to="https://lists.tlug.jp/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Tokyo_University_of_Science.xml b/src/chrome/content/rules/Tokyo_University_of_Science.xml
index 2b50ddb9b1f6..45de56d6744d 100644
--- a/src/chrome/content/rules/Tokyo_University_of_Science.xml
+++ b/src/chrome/content/rules/Tokyo_University_of_Science.xml
@@ -5,7 +5,6 @@
 
 	<!--	^tus.ac.jp doesn't exist.
 						-->
-	<rule from="^http://www\.tus\.ac\.jp/"
-		to="https://www.tus.ac.jp/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Tolaris.com.xml b/src/chrome/content/rules/Tolaris.com.xml
new file mode 100644
index 000000000000..a0d09e5faaf5
--- /dev/null
+++ b/src/chrome/content/rules/Tolaris.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="Tolaris.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="tolaris.com" />
+	<target host="www.tolaris.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Tolvutaekni.xml b/src/chrome/content/rules/Tolvutaekni.xml
index 6b258011567c..6588d52025e7 100644
--- a/src/chrome/content/rules/Tolvutaekni.xml
+++ b/src/chrome/content/rules/Tolvutaekni.xml
@@ -1,17 +1,31 @@
 <!--
+	Tölvutækni
+
+
+	NB: Server sends no certificate chain, see https://whatsmychaincert.com
+
 	Expired 2012-08-17
 
+
+	Insecure cookies are set for these domains:
+
+		- .tolvutaekni.is
+
 -->
-<ruleset name="Tölvutækni" default_off="expired">
+<ruleset name="Tolvutaekni.is" default_off="expired, missing certificate chain">
 
 	<target host="tolvutaekni.is" />
-	<target host="*.tolvutaekni.is" />
+	<target host="www.tolvutaekni.is" />
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.tolvutaekni\.is$" name="^osCsid$" /-->
 
 	<securecookie host="^\.tolvutaekni\.is$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?tolvutaekni\.is/"
-		to="https://tolvutaekni.is/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/TomTom-International.xml b/src/chrome/content/rules/TomTom-International.xml
index 8eb2a72a9d29..4f914fbaa428 100644
--- a/src/chrome/content/rules/TomTom-International.xml
+++ b/src/chrome/content/rules/TomTom-International.xml
@@ -1,47 +1,66 @@
+
 <!--
-	!functional subdomains:
-		- corporate		(cert: *.shareholder.com; 403 & 404)
-		- lbs			(reset)
-		- routes		(ditto)
-		- static.routes		(cert: *.tomtom.com; reset)
+Disabled by https-everywhere-checker because:
+Fetch error: http://tomtomrunningrace.com/ => https://tomtomrunningrace.com/: (7, 'Failed to connect to tomtomrunningrace.com port 443: Connection refused')
+Fetch error: http://www.tomtomrunningrace.com/ => https://www.tomtomrunningrace.com/: (7, 'Failed to connect to www.tomtomrunningrace.com port 443: Connection refused')
+
+	TomTom International
+
+	Nonfunctional subdomains:
+		- routes
+		- static.routes
+		- automotive
+		- corporate
+		- lbs
+		- livetraffic
+		- download *
+
+	* bad cert domain
 -->
-<ruleset name="TomTom International (partial)" platform="mixedcontent">
-
-	<target host="tomtom.com"/>
-	<target host="business.tomtom.com"/>
-	<target host="www.tomtom.com"/>
-		<!--	redirect to http	-->
-		<exclusion pattern="^http://(www\.)?tomtom\.com/(products|support)/"/>
-
-	<securecookie host="^business.tomtom.com$" name=".*"/>
-	<!--	cookies encountered:
-			- ^\.
-				- tt_locale
-			- ^business
-				- AAannnaa
-			- ^corporate
-				- PRELOADIMAGESNOW
-			- ^\.corporate
-				- TOMTOM_BRIEFCASE
-				- TOMTOM_SESSION
-			- ^\.investors
-				- TOMTOM_BRIEFCASE
-				- TOMTOM_SESSION
-			- ^aa.support.tomtom.com
-				- cp_session
-				- locale
-			- ^www
-				- JSESSIONID
-				- TT
-		Are any more of these not used on unsecurable pages?	-->
-
-	<!--	front page redirects to http
-		pages within a directory seem to work		-->
-	<rule from="^http://(www\.)?tomtom\.com/(\w+)/"
-		to="https://$1tomtom.com/$2/"/>
-
-	<rule from="^http://business\.tomtom\.com/"
-		to="https://business.tomtom.com/"/>
+<ruleset name="TomTom.com (partial)" default_off="failed ruleset test">
+
+	<target host="tomtom.com" />
+	<target host="www.tomtom.com" />
+	<target host="mydrive.tomtom.com" />
+	<target host="mysports.tomtom.com" />
+	<target host="business.tomtom.com" />
+	<target host="places.tomtom.com" />
+
+	<target host="es.support.tomtom.com" />
+	<target host="fr.support.tomtom.com" />
+	<target host="uk.support.tomtom.com" />
+	<target host="nl.support.tomtom.com" />
+	<target host="ru.support.tomtom.com" />
+	<target host="fi.support.tomtom.com" />
+	<target host="cz.support.tomtom.com" />
+	<target host="au.support.tomtom.com" />
+	<target host="de.support.tomtom.com" />
+	<target host="se.support.tomtom.com" />
+	<target host="dk.support.tomtom.com" />
+	<target host="it.support.tomtom.com" />
+	<target host="hu.support.tomtom.com" />
+	<target host="no.support.tomtom.com" />
+	<target host="tr.support.tomtom.com" />
+	<target host="in.support.tomtom.com" />
+	<target host="br.support.tomtom.com" />
+	<target host="pl.support.tomtom.com" />
+	<target host="us.support.tomtom.com" />
+	<target host="pt.support.tomtom.com" />
+	<target host="gr.support.tomtom.com" />
+
+	<target host="en.discussions.tomtom.com" />
+	<target host="de.discussions.tomtom.com" />
+	<target host="fr.discussions.tomtom.com" />
+
+	<target host="tomtomrunningrace.com" />
+	<target host="www.tomtomrunningrace.com" />
+
+
+	<securecookie host="^tomtom\.com$" name=".+" />
+	<securecookie host="^(?:mydrive|mysport|business|places)?\.tomtom\.com$" name=".+" />
+	<securecookie host="^(?:es|fr|uk|nl|ru|fi|cz|au|de|se|dk|it|hu|no|tr|in|br|pl|us|pt|gr)?\.support\.tomtom\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
 
 </ruleset>
-	
diff --git a/src/chrome/content/rules/Tom_Lee.wtf.xml b/src/chrome/content/rules/Tom_Lee.wtf.xml
new file mode 100644
index 000000000000..ec5bbc82d75a
--- /dev/null
+++ b/src/chrome/content/rules/Tom_Lee.wtf.xml
@@ -0,0 +1,40 @@
+<!--
+	NB: Tor users cannot view* this website due to CloudFlare settings.
+
+	See:
+
+		- https://blog.torproject.org/blog/call-arms-helping-internet-services-accept-anonymous-users
+		- https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block-Tor-
+		- https://support.cloudflare.com/hc/en-us/articles/200170206-How-do-I-turn-I-m-Under-Attack-mode-on-
+
+	* without enabling javascript, for security and privacy implications see e.g.:
+
+		- https://www.mozilla.org/security/known-vulnerabilities/firefox.html
+		- https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-fingerprinting
+		- https://panopticlick.eff.org
+
+
+	Insecure cookies are set for these domains:
+
+		- .tomlee.wtf
+
+-->
+<ruleset name="Tom Lee.wtf">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="tomlee.wtf" />
+	<target host="www.tomlee.wtf" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.tomlee\.wtf$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.tomlee\.wtf$" name="^(__cfduid|cf_clearance)$" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Tomorrow-Focus-Media.de.xml b/src/chrome/content/rules/Tomorrow-Focus-Media.de.xml
new file mode 100644
index 000000000000..5d74f5cfb4e5
--- /dev/null
+++ b/src/chrome/content/rules/Tomorrow-Focus-Media.de.xml
@@ -0,0 +1,21 @@
+<!--
+	CN: webserver.ispgateway.de
+
+-->
+<ruleset name="Tomorrow-Focus-Media.de" default_off="self-signed">
+
+	<target host="tomorrow-focus-media.de" />
+	<target host="www.tomorrow-focus-media.de" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?tomorrow-focus-media\.de$" name="^fe_typo_user$" /-->
+
+	<securecookie host="^(?:www\.)?tomorrow-focus-media\.de$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Tompkins-CortlandCC.xml b/src/chrome/content/rules/Tompkins-CortlandCC.xml
index 183d6d36dc96..3688041883d0 100644
--- a/src/chrome/content/rules/Tompkins-CortlandCC.xml
+++ b/src/chrome/content/rules/Tompkins-CortlandCC.xml
@@ -2,5 +2,5 @@
   <target host="www.tc3.edu" />
   <target host="tc3.edu" />
 
-  <rule from="^http://(www\.)?tc3\.edu/" to="https://tc3.edu/"/>
+  <rule from="^http://(?:www\.)?tc3\.edu/" to="https://tc3.edu/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/Toms-of-Maine.xml b/src/chrome/content/rules/Toms-of-Maine.xml
index c2aa766e35d4..4f5d151ad1c7 100644
--- a/src/chrome/content/rules/Toms-of-Maine.xml
+++ b/src/chrome/content/rules/Toms-of-Maine.xml
@@ -1,4 +1,12 @@
-<ruleset name="Tom's of Maine (partial)">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://images.tomsofmainestore.com/ => https://images.tomsofmainestore.com/: (6, 'Could not resolve host: images.tomsofmainestore.com')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://images.tomsofmainestore.com/ => https://images.tomsofmainestore.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+-->
+<ruleset name="Tom's of Maine (partial)" default_off="failed ruleset test">
 
 	<target host="tomsofmainestore.com"/>
 	<target host="images.tomsofmainestore.com"/>
diff --git a/src/chrome/content/rules/TomsHardware.com.xml b/src/chrome/content/rules/TomsHardware.com.xml
new file mode 100644
index 000000000000..77297018663d
--- /dev/null
+++ b/src/chrome/content/rules/TomsHardware.com.xml
@@ -0,0 +1,27 @@
+<!--
+	Certificate mismatch:
+		- tomshardware.com
+		- feedbacks.tomshardware.com
+		- img.tomshardware.com
+
+	Expired certificate:
+		- gb.tomshardware.com
+		- dld.tomshardware.com
+		- business.tomshardware.com
+		- channel.tomshardware.com
+		- community.tomshardware.com
+		- graphics.tomshardware.com
+		- images.tomshardware.com
+		- tracking.tomshardware.com
+-->
+<ruleset name="TomsHardware.com">
+	<target host="tomshardware.com" />
+	<target host="www.tomshardware.com" />
+	<target host="stores.tomshardware.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://tomshardware\.com/" to="https://www.tomshardware.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TonerGiant.xml b/src/chrome/content/rules/TonerGiant.xml
index 194a90702c01..0d16bb210095 100644
--- a/src/chrome/content/rules/TonerGiant.xml
+++ b/src/chrome/content/rules/TonerGiant.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(www\.)?tonergiant\.co\.uk/(css/|favicon\.ico|includes/|login\.asp|media/|version9/|viewBasket\.asp)"
 		to="https://$1tonergiant.co.uk/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/TonyBianco.xml b/src/chrome/content/rules/TonyBianco.xml
new file mode 100644
index 000000000000..f7d8626c7fd3
--- /dev/null
+++ b/src/chrome/content/rules/TonyBianco.xml
@@ -0,0 +1,8 @@
+<!-- infinite scroll breaks due to MCB -->
+<ruleset name="Tony Bianco" platform="mixedcontent">
+	<target host="tonybianco.com.au" />
+	<target host="www.tonybianco.com.au" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TonyZTan.xml b/src/chrome/content/rules/TonyZTan.xml
new file mode 100644
index 000000000000..12b15f5b4c3c
--- /dev/null
+++ b/src/chrome/content/rules/TonyZTan.xml
@@ -0,0 +1,17 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ztan.tk/ => https://ztan.tk/: (28, 'Connection timed out after 20001 milliseconds')
+
+-->
+<ruleset name="Tony Zhaocheng Tan" default_off="failed ruleset test">
+
+	<target host="ztan.tk" />
+	<target host="*.ztan.tk" />
+
+	<!-- ztan.tk redirects to tonytan.io, but it is also used for URL shortening -->
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Tony_Yang_Photography.xml b/src/chrome/content/rules/Tony_Yang_Photography.xml
index 3dcec003f5e0..ece0857d144c 100644
--- a/src/chrome/content/rules/Tony_Yang_Photography.xml
+++ b/src/chrome/content/rules/Tony_Yang_Photography.xml
@@ -1,15 +1,21 @@
 <!--
-	- CN:
-	- ^ redirects to www
+	- CN: *.gridserver.com
+
+
+	Mixed content:
+
+		- Images from $self
 
 -->
-<ruleset name="Tony Yang Photography (partial)" default_off="mismatched">
+<ruleset name="Tony Yang Photography" default_off="mismatched">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="knsaber.com" />
 	<target host="www.knsaber.com" />
 
 
-	<rule from="^https?://(?:www\.)?knsaber\.com/"
-		to="https://www.knsaber.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Toofishes.net.xml b/src/chrome/content/rules/Toofishes.net.xml
index 8148b6914bbc..b5143e0a7d26 100644
--- a/src/chrome/content/rules/Toofishes.net.xml
+++ b/src/chrome/content/rules/Toofishes.net.xml
@@ -1,18 +1,16 @@
 <!--
-	- Expired 2013-08-30
-	- Cert only matches *.toofishes.net
-
+	Non-functional hosts
+		4xx client error:
+			 - stats.toofishes.net (require auth)
 -->
-<ruleset name="toofishes.net" default_off="expired" platform="cacert">
-
+<ruleset name="Toofishes.net">
 	<target host="toofishes.net" />
-	<target host="*.toofishes.net" />
-
-
-	<rule from="^http://(?:www\.)?toofishes\.net/"
-		to="https://www.toofishes.net/" />
+	<target host="www.toofishes.net" />
+	<target host="abroad.toofishes.net" />
+	<target host="blog.toofishes.net" />
+	<target host="code.toofishes.net" />
 
-	<rule from="^http://code\.toofishes\.net/"
-		to="https://code.toofishes.net/" />
+	<securecookie host=".+" name=".+" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Toogl.com.xml b/src/chrome/content/rules/Toogl.com.xml
new file mode 100644
index 000000000000..60eb8db82707
--- /dev/null
+++ b/src/chrome/content/rules/Toogl.com.xml
@@ -0,0 +1,39 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://toogl.com/ => https://toogl.com/: (35, 'Unknown SSL protocol error in connection to toogl.com:443 ')
+Fetch error: http://quiz.toogl.com/ => https://quiz.toogl.com/: (35, 'Unknown SSL protocol error in connection to quiz.toogl.com:443 ')
+Fetch error: http://www.toogl.com/ => https://www.toogl.com/: (35, 'Unknown SSL protocol error in connection to www.toogl.com:443 ')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://toogl.com/ => https://toogl.com/: (35, 'Unknown SSL protocol error in connection to toogl.com:443 ')
+	Nonfunctional subdomains:
+
+		- blog ¹
+		- jobs ²
+		- support ¹
+
+	¹ Dropped
+	² Redirects to http
+
+
+	Fully covered subdomains:
+
+		- (www.)?
+		- quiz
+
+-->
+<ruleset name="Toogl.com (partial)" default_off="failed ruleset test">
+
+	<target host="toogl.com" />
+	<target host="quiz.toogl.com" />
+	<target host="www.toogl.com" />
+		<!--
+			Redirects to http:
+						-->
+		<!--exclusion pattern="^http://jobs\.toogl\.com/($|favicon\.ico|images/|stylesheets/)" /-->
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Tookapic.com.xml b/src/chrome/content/rules/Tookapic.com.xml
new file mode 100644
index 000000000000..9e5db2c36b1f
--- /dev/null
+++ b/src/chrome/content/rules/Tookapic.com.xml
@@ -0,0 +1,41 @@
+<!--
+	Nonfunctional hosts in *tookapic.com:
+
+		- blog *
+
+	* 503
+
+
+	www.tookapic.com: 500
+
+
+	Insecure cookies are set for these domains:
+
+		- .tookapic.com
+
+-->
+<ruleset name="tookapic.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="tookapic.com" />
+
+	<!--	Complications:
+				-->
+	<target host="www.tookapic.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.tookapic\.com$" name="^tookapic_session_v2$" /-->
+
+	<securecookie host="^\.tookapic\.com$" name=".+" />
+
+
+	<rule from="^http://www\.tookapic\.com/"
+		to="https://tookapic.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ToolbarBrowser.xml b/src/chrome/content/rules/ToolbarBrowser.xml
index 0bcdbd372cc9..da921732f067 100644
--- a/src/chrome/content/rules/ToolbarBrowser.xml
+++ b/src/chrome/content/rules/ToolbarBrowser.xml
@@ -1,17 +1,12 @@
 <!--
 	For other Trellian coverage, see Trellian.xml.
-
-
-	CN: *.vendercom.com
-
 -->
-<ruleset name="ToolbarBrowser" default_off="mismatched">
+<ruleset name="ToolbarBrowser">
 
 	<target host="toolbarbrowser.com" />
 	<target host="www.toolbarbrowser.com" />
 
+	<rule from="^http:"
+		to="https:" />
 
-	<rule from="^http://(?:www\.)?toolbarbrowser\.com/"
-		to="https://toolbarbrowser.com/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Toolbox.com.xml b/src/chrome/content/rules/Toolbox.com.xml
new file mode 100644
index 000000000000..a8c88393bc1e
--- /dev/null
+++ b/src/chrome/content/rules/Toolbox.com.xml
@@ -0,0 +1,23 @@
+<!--
+	404s:
+		- toolbox.com, equivalent to it.toolbox.com
+
+	Invalid certificate:
+		- login.toolbox.com
+-->
+
+<ruleset name="Toolbox.com">
+	<target host="toolbox.com" />
+	<target host="www.toolbox.com" />
+	<target host="assets.toolbox.com" />
+	<target host="finance.toolbox.com" />
+	<target host="hosteddocs.toolbox.com" />
+	<target host="hr.toolbox.com" />
+	<target host="it.toolbox.com" />
+	<target host="marketing.toolbox.com" />
+
+	<rule from="^http://toolbox\.com/"
+		to="https://it.toolbox.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Toolserver.xml b/src/chrome/content/rules/Toolserver.xml
deleted file mode 100644
index b5950cc41fb3..000000000000
--- a/src/chrome/content/rules/Toolserver.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="Toolserver">
-  <target host="toolserver.org" />
-  <target host="*.toolserver.org" />
-
-  <rule from="^http://(?:www\.)?toolserver\.org/"
-	  to="https://toolserver.org/" />
-  <rule from="^http://(fingerprints|fisheye|jira|journal|svn|wiki)\.toolserver\.org/"
-	  to="https://$1.toolserver.org/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Toolslib.net.xml b/src/chrome/content/rules/Toolslib.net.xml
new file mode 100644
index 000000000000..1d929ccb5cdf
--- /dev/null
+++ b/src/chrome/content/rules/Toolslib.net.xml
@@ -0,0 +1,8 @@
+<ruleset name="Toolslib.net">
+	<target host="toolslib.net" />
+	<target host="www.toolslib.net" />
+	<target host="dashboard.toolslib.net" />
+	<target host="status.toolslib.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Toonpool-expired.xml b/src/chrome/content/rules/Toonpool-expired.xml
deleted file mode 100644
index 99373577f47a..000000000000
--- a/src/chrome/content/rules/Toonpool-expired.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--	!functional:
-		- blog	(cert: (www.)toonpool.com; shows that domain's data)
--->
-<ruleset name="toonpool.com (expired)" default_off="expired">
-
-	<target host="toonpool.com"/>
-	<!--	* for cross-domain cookie	-->
-	<target host="*.toonpool.com"/>
-		<exclusion pattern="^http://(blog|shop)\."/>
-
-	<securecookie host="^.*\.toonpool\.com$" name=".*"/>
-
-	<!--	!www redireects to www	-->
-	<rule from="^http://(?:www\.)?toonpool\.com/"
-		to="https://www.toonpool.com/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Toonpool.xml b/src/chrome/content/rules/Toonpool.xml
deleted file mode 100644
index c8605adfc537..000000000000
--- a/src/chrome/content/rules/Toonpool.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<!--	See Toonpool-expired.xml for problematic rules.
--->
-<ruleset name="toonpool.com (partial)">
-
-	<target host="shop.toonpool.com"/>
-
-	<rule from="^http://shop\.toonpool\.com/"
-		to="https://shop.toonpool.com/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/ToorCon.net.xml b/src/chrome/content/rules/ToorCon.net.xml
new file mode 100644
index 000000000000..94632b8a22d2
--- /dev/null
+++ b/src/chrome/content/rules/ToorCon.net.xml
@@ -0,0 +1,17 @@
+<!--
+	Mixed content:
+
+		- Images from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="ToorCon.net">
+
+	<target host="toorcon.net" />
+	<target host="www.toorcon.net" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Top.de.xml b/src/chrome/content/rules/Top.de.xml
index 058ace8a84e3..d06aedede095 100644
--- a/src/chrome/content/rules/Top.de.xml
+++ b/src/chrome/content/rules/Top.de.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://sec-i.top.de/ => https://sec-i.top.de/: (6, 'Could not resolve host: sec-i.top.de')
+
 	For other United Internet coverage, see United-Internet.xml.
 
 
@@ -26,7 +30,6 @@
 	Fully covered subdomains:
 
 		- (www.)	(www → ^)
-		- i[012]	(→ akamai)
 		- sec-i
 
 
@@ -37,25 +40,17 @@
 	* Secured by us
 
 -->
-<ruleset name="top.de">
+<ruleset name="top.de" default_off="failed ruleset test">
 
-	<target host="top" />
-	<target host="*.top" />
+	<target host="top.de" />
+	<target host="sec-i.top.de" />
+	<target host="www.top.de" />
 
 
 	<securecookie host="^top\.de$" name=".+" />
 
 
-	<rule from="^http://(?:(sec-i\.)|www\.)?top\.de/"
-		to="https://$1top.de/" />
-
-	<rule from="^http://i0\.top\.de/"
-		to="https://a248.e.akamai.net/f/1961/8755/1m/i0.top.de/" />
-
-	<rule from="^http://i1\.top\.de/"
-		to="https://a248.e.akamai.net/f/908/5274/9m/i1.top.de/" />
-
-	<rule from="^http://i2\.top\.de/"
-		to="https://a248.e.akamai.net/f/229/1272/7m/i2.top.de/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Top500.org.xml b/src/chrome/content/rules/Top500.org.xml
new file mode 100644
index 000000000000..f7649e562c09
--- /dev/null
+++ b/src/chrome/content/rules/Top500.org.xml
@@ -0,0 +1,14 @@
+<!--
+	Mismatched (CN: www.top500.org):
+		- i
+		- s
+-->
+
+<ruleset name="Top500.org">
+	<target host="top500.org" />
+	<target host="www.top500.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TopBuy.com.au.xml b/src/chrome/content/rules/TopBuy.com.au.xml
index fbdea147e9a4..871664292422 100644
--- a/src/chrome/content/rules/TopBuy.com.au.xml
+++ b/src/chrome/content/rules/TopBuy.com.au.xml
@@ -1,13 +1,19 @@
-<ruleset name="TopBuy.com.au">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://groupbuy.topbuy.com.au/ => https://groupbuy.topbuy.com.au/: (28, 'Connection timed out after 20006 milliseconds')
+
+-->
+<ruleset name="TopBuy.com.au" default_off="failed ruleset test">
 
 	<target host="topbuy.com.au" />
-	<target host="*.topbuy.com.au" />
+	<target host="groupbuy.topbuy.com.au" />
+	<target host="www.topbuy.com.au" />
 
 
-	<securecookie host="^(?:.*\.)?topbuy\.com\.au$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(groupbuy\.|www\.)?topbuy\.com\.au/"
-		to="https://$1topbuy.com.au/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/TopCoder.xml b/src/chrome/content/rules/TopCoder.xml
index bedb0182dbc8..663d3d5c5ab7 100644
--- a/src/chrome/content/rules/TopCoder.xml
+++ b/src/chrome/content/rules/TopCoder.xml
@@ -1,12 +1,46 @@
-<ruleset name="TopCoder" platform="mixedcontent">
+<!--
+	Nonfunctional hosts in *topcoder.com:
+
+		- help *
+
+	* WP Engine
+
+
+	Insecure cookies are set for these hosts:
+
+		- apps.topcoder.com
+		- community.topcoder.com
+		- software.topcoder.com
+		- studio.topcoder.com
+		- www.topcoder.com
+
+-->
+<ruleset name="TopCoder.com (partial)">
 
 	<target host="topcoder.com"/>
 	<target host="*.topcoder.com"/>
 
-	<securecookie host="^(.*\.)?topcoder\.com$" name=".*"/>
+		<exclusion pattern="^http://help\.topcoder\.com/" />
+
+			<test url="http://help.topcoder.com/" />
+
+		<test url="http://apps.topcoder.com/" />
+		<test url="http://community.topcoder.com/" />
+		<test url="http://software.topcoder.com/" />
+		<test url="http://studio.topcoder.com/" />
+		<test url="http://www.topcoder.com/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(app|community|software|studio|www)\.topcoder\.com$" name="^JSESSIONID$" /-->
+	<!--securecookie host="^www\.topcoder\.com$" name="^PHPSESSID$"/-->
+
+	<securecookie host=".+" name=".+" />
+
 
 	<!--	each client has a unique subdomain.	-->
-	<rule from="^http://([\w\-]+\.)?topcoder\.com/"
-		to="https://$1topcoder.com/"/>
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/TopFox.co.uk.xml b/src/chrome/content/rules/TopFox.co.uk.xml
new file mode 100644
index 000000000000..4e8738512c99
--- /dev/null
+++ b/src/chrome/content/rules/TopFox.co.uk.xml
@@ -0,0 +1,31 @@
+<!--
+	CDN buckets:
+
+		- d2gnblp1jps891.cloudfront.net
+
+
+	Mixed content:
+
+		- Images from d2gnblp1jps891.cloudfront.net *
+
+		- Ads/bugs, from:
+
+			- s7.addthis.com *
+			- tracking.adjug.com *
+			- www.googleadservices.com *
+
+	* Secured by us
+
+-->
+<ruleset name="TopFox.co.uk">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="topfox.co.uk" />
+	<target host="www.topfox.co.uk" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TopOption.com.xml b/src/chrome/content/rules/TopOption.com.xml
new file mode 100644
index 000000000000..98556091834f
--- /dev/null
+++ b/src/chrome/content/rules/TopOption.com.xml
@@ -0,0 +1,68 @@
+<!--
+	Nonfunctional subdomains:
+
+		- landing *
+
+	* Dropped
+
+
+	Partially covered subdomains:
+
+		- www *
+
+	* Some pages redirect to http
+
+
+	Fully covered subdomains:
+
+		- ^
+		- myaccount
+		- widgets
+
+
+	Observed cookie domains:
+
+		- ¹
+		- . ²
+		- myaccount ¹
+		- widgets ¹
+		- www ³
+
+	¹ Secured by us <= not secured by server
+	² Partially secured by us <= accounting for possible use on unsecurable subdomains
+	³ Not secured by us <= incomplete tls support
+
+-->
+<ruleset name="TopOption.com (partial)">
+
+	<target host="topoption.com" />
+	<target host="myaccount.topoption.com" />
+	<target host="widgets.topoption.com" />
+	<target host="www.topoption.com" />
+		<!--exclusion pattern="^http://landing\.topoption\.com/" /-->
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="^http://www\.topoption.com/+(Error)?($|\?)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.topoption.com/+(?!AppProxy/|ContactUsmediaProxy/|css/|favicon\.ico|homemediaProxy/|images/)" />
+
+
+	<!--	Not secured by server:
+					-->
+	<securecookie host="^(?:myaccount\.|widgets\.)?topoption\.com$" name=".+" />
+	<!--
+		Tracking cookies:
+					-->
+	<securecookie host="^\.topoption\.com$" name="^(?:apTracker|campaignId|subCampaignId)$" />
+	<!--
+		Could we secure any of these safely?
+							-->
+	<!--securecookie host="^\.topoption\.com$" name="^(incap_ses_[\d_]+|nlbi_\d+|spotsession_\d+|___utmv\w+|visid_incap_\d+)$" /-->
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Top_Universities.xml b/src/chrome/content/rules/Top_Universities.xml
deleted file mode 100644
index 2805653ad31f..000000000000
--- a/src/chrome/content/rules/Top_Universities.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	- Expired 2010-09-02
-	- CN: *.acquia-sites.com
-
--->
-<ruleset name="Top Universities" default_off="expired, mismatched, self-signed">
-
-	<target host="topuniversities.com" />
-	<target host="www.topuniversities.com" />
-
-
-	<rule from="^https?://(?:www\.)?topuniversities\.com/"
-		to="https://www.topuniversities.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/TopatoCo.xml b/src/chrome/content/rules/TopatoCo.xml
index e434f402412b..66a78d71f7b7 100644
--- a/src/chrome/content/rules/TopatoCo.xml
+++ b/src/chrome/content/rules/TopatoCo.xml
@@ -7,7 +7,6 @@
 	<securecookie host="^(?:www\.)?topatoco\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?topatoco\.com/"
-		to="https://$1topatoco.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Topiama.com.xml b/src/chrome/content/rules/Topiama.com.xml
new file mode 100644
index 000000000000..d9c4b11c28a7
--- /dev/null
+++ b/src/chrome/content/rules/Topiama.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="Topiama.com">
+
+	<target host="topiama.com" />
+	<target host="www.topiama.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Topky.sk.xml b/src/chrome/content/rules/Topky.sk.xml
new file mode 100644
index 000000000000..c30e61be463a
--- /dev/null
+++ b/src/chrome/content/rules/Topky.sk.xml
@@ -0,0 +1,6 @@
+<ruleset name="Topky.sk">
+	<target host="topky.sk" />
+	<target host="www.topky.sk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Toppers.jp.xml b/src/chrome/content/rules/Toppers.jp.xml
new file mode 100644
index 000000000000..d486b15bb889
--- /dev/null
+++ b/src/chrome/content/rules/Toppers.jp.xml
@@ -0,0 +1,13 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- spica.toppers.jp
+-->
+<ruleset name="Toppers.jp">
+	<target host="toppers.jp" />
+	<target host="www.toppers.jp" />
+	<target host="dev.toppers.jp" />
+	<target host="swest.toppers.jp" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Tor-Relay.co.xml b/src/chrome/content/rules/Tor-Relay.co.xml
new file mode 100644
index 000000000000..eae09246b450
--- /dev/null
+++ b/src/chrome/content/rules/Tor-Relay.co.xml
@@ -0,0 +1,8 @@
+<ruleset name="Tor-Relay.co">
+	<target host="tor-relay.co" />
+	<target host="www.tor-relay.co" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Tor.com.xml b/src/chrome/content/rules/Tor.com.xml
new file mode 100644
index 000000000000..6f2477600a12
--- /dev/null
+++ b/src/chrome/content/rules/Tor.com.xml
@@ -0,0 +1,19 @@
+<!--
+
+	Problematic hosts in *tor.com:
+
+		- submissions (self-signed)
+
+-->
+<ruleset name="Tor.com">
+
+	<target host="tor.com" />
+	<target host="www.tor.com" />
+	<target host="ebookclub.tor.com" />
+	<target host="giveaway.tor.com" />
+	<target host="publishing.tor.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Tor2Web.xml b/src/chrome/content/rules/Tor2Web.xml
index cce3eb096fdd..5196d85957a7 100644
--- a/src/chrome/content/rules/Tor2Web.xml
+++ b/src/chrome/content/rules/Tor2Web.xml
@@ -1,13 +1,62 @@
-<ruleset name="Tor2Web">
-  <target host="*.tor2web.com" />
-  <target host="*.tor2web.org" />
-  <!-- the home page is not yet working
-  <target host="tor2web.*" />
-  -->
-
-  <exclusion pattern="^http://wiki\.tor2web\.org" />
-
-  <rule from="^http://([^/]+)\.tor2web\.(org|com)/" to="https://$1.tor2web.org/"/>
-  <!-- just in case -->
-  <rule from="^https://([^/]+)\.tor2web\.com/" to="https://$1.tor2web.org/"/>
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://duskgytldkxiuqc6.torlink.co/ => https://duskgytldkxiuqc6.torlink.co/: (6, 'Could not resolve host: duskgytldkxiuqc6.torlink.co')
+Fetch error: http://duskgytldkxiuqc6.onion.ink/ => https://duskgytldkxiuqc6.onion.ink/: (6, 'Could not resolve host: duskgytldkxiuqc6.onion.ink')
+Fetch error: http://duskgytldkxiuqc6.onion.direct/ => https://duskgytldkxiuqc6.onion.to/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://duskgytldkxiuqc6.tor2web.fi/ => https://duskgytldkxiuqc6.onion.to/: (28, 'Operation timed out after 30002 milliseconds with 0 bytes received')
+Fetch error: http://facebookcorewwwi.tor2web.com/ => https://facebookcorewwwi.onion.to/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://facebookcorewwwi.onion.direct/ => https://facebookcorewwwi.onion.to/: (28, 'Operation timed out after 30000 milliseconds with 0 bytes received')
+Fetch error: http://torlink.co/ => https://torlink.co/: (6, 'Could not resolve host: torlink.co')
+Fetch error: http://onion.ink/ => https://onion.ink/: (6, 'Could not resolve host: onion.ink')
+
+-->
+<ruleset name="tor2Web" default_off="failed ruleset test">
+	<target host="*.tor2web.com" />
+	<target host="torlink.co" />
+	<target host="*.torlink.co" />
+<!-- 	<target host="onion.to" />
+	<target host="*.onion.to" /> -->
+	<target host="onion.ink" />
+	<target host="*.onion.ink" />
+	<target host="onion.cab" />
+	<target host="*.onion.cab" />
+	<!-- <target host="*.onion.nu" /> -->
+	<target host="onion.link" />
+	<target host="*.onion.link" />
+	<!-- <target host="*.onion.it" /> -->
+	<target host="*.onion.city" />
+	<target host="onion.direct" />
+	<target host="*.onion.direct" />
+	<target host="*.tor2web.fi" />
+	<!-- <target host="*.tor2web.blutmagie.de" /> -->
+	<!-- <target host="*.onion.sh" /> -->
+	<!-- <target host="*.onion.lu" /> -->
+	<!-- <target host="*.t2w.pw" /> -->
+	<!-- <target host="*.tor2web.ae.org" /> -->
+	<!-- <target host="*.onion.lt" /> -->
+	<!-- <target host="*.s1.tor-gateways.de" /> -->
+	<!-- <target host="*.s2.tor-gateways.de" /> -->
+	<!-- <target host="*.s3.tor-gateways.de" /> -->
+	<!-- <target host="*.s4.tor-gateways.de" /> -->
+	<!-- <target host="*.s5.tor-gateways.de" /> -->
+
+	<test url="http://duskgytldkxiuqc6.tor2web.com/" />
+	<test url="http://duskgytldkxiuqc6.torlink.co/" />
+	<test url="http://duskgytldkxiuqc6.onion.ink/" />
+	<test url="http://duskgytldkxiuqc6.onion.cab/" />
+	<test url="http://duskgytldkxiuqc6.onion.link/" />
+	<test url="http://duskgytldkxiuqc6.onion.city/" />
+	<test url="http://duskgytldkxiuqc6.onion.direct/" />
+	<test url="http://duskgytldkxiuqc6.tor2web.fi/" />
+	<test url="http://facebookcorewwwi.tor2web.com/" />
+	<test url="http://facebookcorewwwi.tor2web.fi/" />
+	<test url="http://facebookcorewwwi.onion.city/" />
+	<test url="http://facebookcorewwwi.onion.direct/" />
+
+	<rule from="^http://([^/]+)\.tor2web\.(com|fi)/" to="https://$1.onion.to/"/>
+	<rule from="^http://([^/]+)\.onion\.city/" to="https://$1.onion.link/"/>
+	<rule from="^http://([^/]+)\.onion\.direct/" to="https://$1.onion.to/"/>
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/TorGuard.xml b/src/chrome/content/rules/TorGuard.xml
index 2fd3df166658..18cef1f4d486 100644
--- a/src/chrome/content/rules/TorGuard.xml
+++ b/src/chrome/content/rules/TorGuard.xml
@@ -1,14 +1,31 @@
-<ruleset name="TorGuard">
+<!--
+	Insecure cookies are set for these domains and hosts:
 
+		- torguard.net
+		- .torguard.net
+
+-->
+<ruleset name="TorGuard.net">
+
+	<!--	Direct rewrites:
+				-->
 	<target host="torguard.net" />
 	<target host="www.torguard.net" />
 
+		<!--	Sets cookies without Secure:
+							-->
+		<test url="http://torguard.net/aff.php?aff=" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^torguard\.net$" name="^WHMCS(?:\w+|AffiliateID)$" /-->
+	<!--securecookie host="^\.torguard\.net$" name="^(?:__cfduid|cf_clearance)$" /-->
 
-	<securecookie host="^torguard\.net$" name=".*" />
+	<securecookie host="^\.?torguard\.net$" name=".+" />
 
 
-	<!--	Cert only matches //torguard.	-->
-	<rule from="^https?://(?:www\.)?torguard\.net/"
-		to="https://torguard.net/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Torbay.gov.uk.xml b/src/chrome/content/rules/Torbay.gov.uk.xml
new file mode 100644
index 000000000000..24b16d582764
--- /dev/null
+++ b/src/chrome/content/rules/Torbay.gov.uk.xml
@@ -0,0 +1,43 @@
+<!--
+	Torbay Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *torbay.gov.uk:
+
+		- itec ᵃ
+		- plans ᵃ
+
+	ᵃ Shows myview.torbay.gov.uk
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .torbay.gov.uk
+		- libraries.torbay.gov.uk
+
+-->
+<ruleset name="Torbay.gov.uk (partial)">
+
+	<target host="torbay.gov.uk" />
+	<target host="forms.torbay.gov.uk" />
+	<target host="libraries.torbay.gov.uk" />
+	<target host="my.torbay.gov.uk" />
+	<target host="myview.torbay.gov.uk" />
+	<target host="secure.torbay.gov.uk" />
+	<target host="www.torbay.gov.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.torbay\.gov\.uk$" name="^__tcpsid$" /-->
+	<!--securecookie host="^libraries\.torbay\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Torbit.xml b/src/chrome/content/rules/Torbit.xml
deleted file mode 100644
index 770e60177a82..000000000000
--- a/src/chrome/content/rules/Torbit.xml
+++ /dev/null
@@ -1,28 +0,0 @@
-<!--
-	Problematic domains:
-
-		- (www.)odn.io		(mismatched, CN: *.torbit.com)
-		- (www.)torbit.com
-
--->
-<ruleset name="Torbit (partial)">
-
-	<target host="odn.io" />
-	<target host="*.odn.io" />
-	<target host="torbit.com" />
-	<target host="*.torbit.com" />
-
-
-	<securecookie host="^\.torbit\.com$" name=".+" />
-
-
-	<rule from="^https?://(?:(?:www\.)?odi\.io|(?:secure\.|www\.)?torbit\.com)/"
-		to="https://secure.torbit.com/" />
-
-	<rule from="^http://torbit\.odn\.io/"
-		to="https://torbit.odn.io/" />
-
-	<rule from="^http://insight\.torbit\.com/"
-		to="https://insight.torbit.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Torcache.xml b/src/chrome/content/rules/Torcache.xml
new file mode 100644
index 000000000000..9777986e2456
--- /dev/null
+++ b/src/chrome/content/rules/Torcache.xml
@@ -0,0 +1,14 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://torcache.net/ => https://torcache.net/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.torcache.net/ => https://www.torcache.net/: (28, 'Connection timed out after 20001 milliseconds')
+
+-->
+<ruleset name="Torcache.net" default_off="failed ruleset test">
+	<target host="torcache.net"/>
+	<target host="www.torcache.net"/>
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Torchbox.com.xml b/src/chrome/content/rules/Torchbox.com.xml
new file mode 100644
index 000000000000..2eae3183d11b
--- /dev/null
+++ b/src/chrome/content/rules/Torchbox.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="Torchbox.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="torchbox.com" />
+	<target host="www.torchbox.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Torchlight_game.com.xml b/src/chrome/content/rules/Torchlight_game.com.xml
new file mode 100644
index 000000000000..6505c3b68d79
--- /dev/null
+++ b/src/chrome/content/rules/Torchlight_game.com.xml
@@ -0,0 +1,23 @@
+<!--
+	- Expired 2010-10-26
+	- CN: plesk
+
+
+	Mixed content:
+
+		- css from $self *
+		- Images from $self *
+
+-->
+<ruleset name="Torchlight game.com" default_off="expired, self-signed">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="torchlightgame.com" />
+	<target host="www.torchlightgame.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TornadoWeb.org.xml b/src/chrome/content/rules/TornadoWeb.org.xml
new file mode 100644
index 000000000000..8b46c644adf4
--- /dev/null
+++ b/src/chrome/content/rules/TornadoWeb.org.xml
@@ -0,0 +1,17 @@
+<!--
+	Invalid certificate:
+		tornadoweb.org
+
+-->
+<ruleset name="TornadoWeb.org">
+
+	<target host="tornadoweb.org" />
+	<target host="www.tornadoweb.org" />
+
+	<rule from="^http://tornadoweb\.org/"
+		to="https://www.tornadoweb.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Toronto-Star.xml b/src/chrome/content/rules/Toronto-Star.xml
index 1b62d476556a..cc446d316c9b 100644
--- a/src/chrome/content/rules/Toronto-Star.xml
+++ b/src/chrome/content/rules/Toronto-Star.xml
@@ -1,18 +1,67 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://emarketing.thestar.com/ => https://emarketing.thestar.com/: (28, 'Connection timed out after 20007 milliseconds')
+
+	Toronto Star
+
+
 	thestar.com.122.2o7.net
 
 
-	Nonfunctional domains:
+	Nonfunctional hosts in *thestar.com:
+
+		- www3 ʳ
+
+	ʳ Refused
+
+
+	Problematic hosts in *thestar.com:
+
+		- ^ ʳ
+		- n ᵐ
+
+	ʳ Refused
+	ᵐ Mismatched, CN: *.122.2o7.net
 
-		- (www.)thestar.com	(times out)
+
+	Mixed content:
+
+		- Images on www from $self ˢ
+
+		- Bugs, on:
+
+			- www from www.redditstatic.com ˢ
+			- www from n.thestar.com ˢ
+
+	ˢ Secured by us
 
 -->
-<ruleset name="Toronto Star (partial)">
+<ruleset name="The Star.com (partial)" default_off="failed ruleset test">
 
+	<!--	Direct rewrites:
+				-->
+	<target host="emarketing.thestar.com" />
+	<target host="s.thestar.com" />
+	<target host="secure.thestar.com" />
+	<target host="www.thestar.com" />
+
+	<!--	Complications:
+				-->
+	<target host="thestar.com" />
 	<target host="n.thestar.com" />
 
 
-	<rule from="^https?://n\.thestar\.com/"
-		to="https://thestar-com.122.2o7.net/" />
+	<securecookie host="^\." name="^s_\w" />
+
+
+	<rule from="^http://thestar\.com/"
+		to="https://www.thestar.com/" />
+
+	<rule from="^http://n\.thestar\.com/"
+		to="https://s.thestar.com/" />
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/TorontoHydro.com.xml b/src/chrome/content/rules/TorontoHydro.com.xml
new file mode 100644
index 000000000000..a70e9eb022ba
--- /dev/null
+++ b/src/chrome/content/rules/TorontoHydro.com.xml
@@ -0,0 +1,21 @@
+<!--
+	Chain issue (missing intermediate):
+	- cf.torontohydro.com
+	- css.torontohydro.com
+  	- myusage.torontohydro.com
+	- outagereport.torontohydro.com
+  	- outlook.torontohydro.com
+  	- powerlens.torontohydro.com
+	- powerlensbusiness.torontohydro.com
+-->
+
+<ruleset name="TorontoHydro.com">
+	<target host="torontohydro.com" />
+	<target host="www.torontohydro.com" />
+	<target host="jobs.torontohydro.com" />
+	<target host="www.newsroom.torontohydro.com" />
+  	<target host="outages.torontohydro.com" />
+  	<target host="ss.torontohydro.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TorontoPolice.on.ca.xml b/src/chrome/content/rules/TorontoPolice.on.ca.xml
new file mode 100644
index 000000000000..2d9f7739eb66
--- /dev/null
+++ b/src/chrome/content/rules/TorontoPolice.on.ca.xml
@@ -0,0 +1,34 @@
+<!--
+	Other TPS (Toronto police) rulesets:
+		- Tpsmedia.ca.xml
+		- Tpsnet.ca.xml
+		- Tpsnews.ca.xml
+		- Tpsnews.ca-mixedcontent.xml
+
+	Active mixed content:
+		- c4s.torontopolice.on.ca
+
+	Invalid certificate:
+		- data.torontopolice.on.ca
+		- maps.torontopolice.on.ca
+-->
+
+<ruleset name="TorontoPolice.on.ca">
+	<target host="torontopolice.on.ca" />
+	<target host="www.torontopolice.on.ca" />
+	<target host="bike.torontopolice.on.ca" />
+	<target host="careers.torontopolice.on.ca" />
+	<target host="clearance.torontopolice.on.ca" />
+	<target host="core.torontopolice.on.ca" />
+	<target host="highclass.torontopolice.on.ca" />
+	<target host="lyncdiscover.torontopolice.on.ca" />
+	<target host="lyncweb.torontopolice.on.ca" />
+	<target host="projectseconds.torontopolice.on.ca" />
+	<target host="prybar.torontopolice.on.ca" />
+	<target host="psp.torontopolice.on.ca" />
+	<target host="secure.torontopolice.on.ca" />
+	<target host="trnpsp.torontopolice.on.ca" />
+	<target host="ybird.torontopolice.on.ca" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Torproject.xml b/src/chrome/content/rules/Torproject.xml
index b69375016720..d882ac504739 100644
--- a/src/chrome/content/rules/Torproject.xml
+++ b/src/chrome/content/rules/Torproject.xml
@@ -2,18 +2,13 @@
 
 	<target host="torproject.org" />
 	<target host="*.torproject.org" />
-		<exclusion pattern="^http://(archive|deb|media|torperf)\.torproject\.org/" />
-	<!--	* for cross-domain cookie.	-->
-	<target host="*.blog.torproject.org" />
+		<test url="http://blog.torproject.org/" />
+		<test url="http://check.torproject.org/" />
+		<test url="http://trac.torproject.org/" />
 
+	<securecookie host=".+" name=".+" />
 
-	<securecookie host="^(.*\.)?torproject\.org$" name=".*" />
-
-
-	<rule from="^http://torproject\.org/"
-		to="https://torproject.org/" />
-
-	<rule from="^http://([^/:@\.]+)\.torproject\.org/"
-		 to="https://$1.torproject.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/TorrentButler.xml b/src/chrome/content/rules/TorrentButler.xml
new file mode 100644
index 000000000000..f9ba7e93a180
--- /dev/null
+++ b/src/chrome/content/rules/TorrentButler.xml
@@ -0,0 +1,7 @@
+<ruleset name="TorrentButler">
+	<target host="torrentbutler.eu" />
+	<target host="www.torrentbutler.eu" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TorrentDay.com.xml b/src/chrome/content/rules/TorrentDay.com.xml
new file mode 100644
index 000000000000..24d42d398639
--- /dev/null
+++ b/src/chrome/content/rules/TorrentDay.com.xml
@@ -0,0 +1,24 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://editor.torrentday.com/ => https://editor.torrentday.com/: (6, 'Could not resolve host: editor.torrentday.com')
+
+	Refused on (March 2016):
+		announce.torrentday.com
+		irc.torrentday.com
+-->
+<ruleset name="Torrent Day" default_off="failed ruleset test">
+
+	<target host="torrentday.com" />
+	<target host="www.torrentday.com" />
+	<target host="classic.torrentday.com" />
+	<target host="editor.torrentday.com" />
+	<target host="s.torrentday.com" />
+	<target host="secure.torrentday.com" />
+	<target host="static.torrentday.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TorrentFreak.com.xml b/src/chrome/content/rules/TorrentFreak.com.xml
index dbaadbf8300f..df0a42dfc399 100644
--- a/src/chrome/content/rules/TorrentFreak.com.xml
+++ b/src/chrome/content/rules/TorrentFreak.com.xml
@@ -13,14 +13,16 @@
 -->
 <ruleset name="TorrentFreak.com">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="torrentfreak.com" />
-	<target host="*.torrentfreak.com" />
+	<target host="www.torrentfreak.com" />
 
 
 	<securecookie host="^(?:w*\.)?torrentfreak\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?torrentfreak\.com/"
-		to="https://$1torrentfreak.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/TorrentPrivacy.xml b/src/chrome/content/rules/TorrentPrivacy.xml
index 8aa55c22d06e..9a0c799c6cb0 100644
--- a/src/chrome/content/rules/TorrentPrivacy.xml
+++ b/src/chrome/content/rules/TorrentPrivacy.xml
@@ -1,11 +1,68 @@
-<ruleset name="TorrentPrivacy (partial)" platform="mixedcontent">
+<!--
+	www.torrentprivacy.com: Expired. mismatched
 
+
+	Insecure cookies are set for these hosts:
+
+		- torrentprivacy.com
+
+
+	Mixed content:
+
+		- css from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="TorrentPrivacy.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
 	<target host="torrentprivacy.com"/>
+
+	<!--	Complications:
+				-->
 	<target host="www.torrentprivacy.com"/>
 
-	<securecookie host="^(.*\.)?torrentprivacy\.com$" name=".*"/>
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://torrentprivacy\.com/index\.php\?mod=v2_(?:main_10|reg)&amp;" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://torrentprivacy\.com/+(?!css/|favicon\.ico|img/|index\.php\?mod=(?:v2_login|v2_support)(?:$|&amp;))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://torrentprivacy.com//index.php?mod=v2_contacts" />
+			<test url="http://torrentprivacy.com//index.php?mod=v2_main_10" />
+			<test url="http://torrentprivacy.com//index.php?mod=v2_reg" />
+			<test url="http://torrentprivacy.com//index.php?mod=v2_terms" />
+			<test url="http://torrentprivacy.com/index.php?mod=v2_contacts" />
+			<test url="http://torrentprivacy.com/index.php?mod=v2_main_10" />
+			<test url="http://torrentprivacy.com/index.php?mod=v2_reg" />
+			<test url="http://torrentprivacy.com/index.php?mod=v2_terms" />
+
+			<!--	-ve:
+					-->
+			<test url="http://torrentprivacy.com/css/v2/main_10/all.css" />
+			<test url="http://torrentprivacy.com/favicon.ico" />
+			<test url="http://torrentprivacy.com/img/main_10/img/logos/logo.png" />
+			<test url="http://torrentprivacy.com/index.php?mod=v2_login" />
+			<test url="http://torrentprivacy.com/index.php?mod=v2_support" />
+
 
-	<rule from="^http://(?:www\.)?torrentprivacy\.com/"
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^torrentprivacy\.com$" name="^v[12]_site_version$" /-->
+
+	<!--securecookie host="." name="." /-->
+
+
+	<rule from="^http://www\.torrentprivacy\.com/"
 		to="https://torrentprivacy.com/"/>
 
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/Torrentbit.net.xml b/src/chrome/content/rules/Torrentbit.net.xml
new file mode 100644
index 000000000000..3669e48d4266
--- /dev/null
+++ b/src/chrome/content/rules/Torrentbit.net.xml
@@ -0,0 +1,27 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .torrentbit.net
+
+-->
+<ruleset name="Torrentbit.net (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="torrentbit.net" />
+	<target host="blog.torrentbit.net" />
+	<target host="cdn.torrentbit.net" />
+	<target host="forum.torrentbit.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.torrentbit\.net$" name="^(?:__cfduid|bbsessionhash|cf_clearance)$" /-->
+
+	<securecookie host="^\.torrentbit\.net$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Torrenthounds.com.xml b/src/chrome/content/rules/Torrenthounds.com.xml
new file mode 100644
index 000000000000..66ffdf059915
--- /dev/null
+++ b/src/chrome/content/rules/Torrenthounds.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Torrenthounds.com">
+	<target host="torrenthounds.com" />
+	<target host="www.torrenthounds.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Torrentleech.org.xml b/src/chrome/content/rules/Torrentleech.org.xml
new file mode 100644
index 000000000000..0d6a2ffbc626
--- /dev/null
+++ b/src/chrome/content/rules/Torrentleech.org.xml
@@ -0,0 +1,19 @@
+<ruleset name="torrentleech.org.xml">
+	<target host="torrentleech.org" />
+	<target host="www.torrentleech.org" />
+	<target host="classic.torrentleech.org" />
+	<target host="forums.torrentleech.org" />
+	<target host="imageservice.torrentleech.org" />
+	<target host="rss.torrentleech.org" />
+	<target host="rss24h.torrentleech.org" />
+	<target host="static.torrentleech.org" />
+	<target host="tracker.torrentleech.org" />
+	<target host="v4.torrentleech.org" />
+	<target host="wiki.torrentleech.org" />
+	
+	<test url="http://www.torrentleech.org/user/account/signup" />
+	<test url="http://v4.torrentleech.org/user/account/lostpassword" />
+	<rule from="^http:" to="https:" />
+        
+</ruleset>
+
diff --git a/src/chrome/content/rules/Torrents.to.xml b/src/chrome/content/rules/Torrents.to.xml
deleted file mode 100644
index 36e59ceff436..000000000000
--- a/src/chrome/content/rules/Torrents.to.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- static	(shows default plesk page)
-
-
-	- Expired 2010-08-29
-	- CN: plesk
-
-
-	Mixed css & images from static
-
--->
-<ruleset name="Torrents.to (partial)" default_off="expired, self-signed" platform="mixedcontent">
-
-	<target host="torrents.to"/>
-	<target host="*.torrents.to"/>
-
-	<securecookie host="^\.torrents\.to$" name=".*"/>
-
-	<rule from="^http://(?:www\.)?torrents\.to/"
-		to="https://torrents.to/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Torrentz.to.xml b/src/chrome/content/rules/Torrentz.to.xml
new file mode 100644
index 000000000000..cd17d9f0efdf
--- /dev/null
+++ b/src/chrome/content/rules/Torrentz.to.xml
@@ -0,0 +1,11 @@
+<ruleset name="Torrentz.to">
+
+	<target host="torrentz.to" />
+	<target host="www.torrentz.to" />
+	<!--<target host="dev.torrentz.to" />--><!-- Mismatch, March 2016 -->
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Torrentz.xml b/src/chrome/content/rules/Torrentz.xml
deleted file mode 100644
index 759cc3b3814e..000000000000
--- a/src/chrome/content/rules/Torrentz.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Torrentz">
-  <target host="www.torrentz.com" />
-  <target host="www.torrentz.eu" />
-  <target host="www.torrentz.me" />
-  <target host="torrentz.com" />
-  <target host="torrentz.eu" />
-  <target host="torrentz.me" />
-
-	<securecookie host="^torrents\.eu$" name=".*"/>
-
-  <rule from="^https?://(?:www\.)?torrentz\.(?:com|me)/" to="https://torrentz.eu/"/>
-  <rule from="^http://(www\.)?torrentz\.eu/" to="https://$1torrentz.eu/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/TorreyCommerce.net.xml b/src/chrome/content/rules/TorreyCommerce.net.xml
index 2f9d8230a284..eaa6513c03b3 100644
--- a/src/chrome/content/rules/TorreyCommerce.net.xml
+++ b/src/chrome/content/rules/TorreyCommerce.net.xml
@@ -1,17 +1,23 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://torreycommerce.net/ => https://torreycommerce.net/: Too many redirects while fetching 'https://torreycommerce.net/'
+Fetch error: http://www.torreycommerce.net/ => https://www.torreycommerce.net/: Too many redirects while fetching 'https://www.torreycommerce.net/'
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://torreycommerce.net/ => https://torreycommerce.net/: Redirect for 'http://torreycommerce.net/' missing Location
 	For other TorreyCommerce coverage, see TorreyCommerce.xml.
 
 -->
-<ruleset name="TorreyCommerce.net">
+<ruleset name="TorreyCommerce.net" default_off="failed ruleset test">
 
 	<target host="torreycommerce.net" />
-	<target host="*.torreycommerce.net" />
+	<target host="www.torreycommerce.net" />
 
 
 	<securecookie host="^\.torreycommerce\.net$" name=".+" />
 
 
-	<rule from="^http://(www\.)?torreycommerce\.net/"
-		to="https://$1torreycommerce.net/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/TorreyCommerce.xml b/src/chrome/content/rules/TorreyCommerce.xml
index 99c42ce3e63e..972d6884500d 100644
--- a/src/chrome/content/rules/TorreyCommerce.xml
+++ b/src/chrome/content/rules/TorreyCommerce.xml
@@ -1,4 +1,6 @@
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://torreycommerce.com/ => http://torreycommerce.com/: Redirect for 'http://torreycommerce.com/' missing Location
 	Other TorreyCommerce rulesets:
 
 		- TorreyCommerce.net.xml
diff --git a/src/chrome/content/rules/Torservers.xml b/src/chrome/content/rules/Torservers.xml
deleted file mode 100644
index d30c80962be5..000000000000
--- a/src/chrome/content/rules/Torservers.xml
+++ /dev/null
@@ -1,5 +0,0 @@
-<ruleset name="Torservers">
-<target host="www.torservers.net" />
-<target host="torservers.net" />
-<rule from="^http://(?:www\.)?torservers\.net/" to="https://www.torservers.net/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/TortoiseGit.org.xml b/src/chrome/content/rules/TortoiseGit.org.xml
new file mode 100644
index 000000000000..480d9bb1da2a
--- /dev/null
+++ b/src/chrome/content/rules/TortoiseGit.org.xml
@@ -0,0 +1,12 @@
+<ruleset name="TortoiseGit.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="tortoisegit.org" />
+	<target host="www.tortoisegit.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Torus_Knot.com.xml b/src/chrome/content/rules/Torus_Knot.com.xml
index 8d707839a344..4b9e18753c51 100644
--- a/src/chrome/content/rules/Torus_Knot.com.xml
+++ b/src/chrome/content/rules/Torus_Knot.com.xml
@@ -14,4 +14,4 @@
 	<rule from="^http://(?:www\.)?torusknot\.com/"
 		to="https://torusknot.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Toshiba.co.jp.xml b/src/chrome/content/rules/Toshiba.co.jp.xml
index c0179dd2e0c2..15686e336886 100644
--- a/src/chrome/content/rules/Toshiba.co.jp.xml
+++ b/src/chrome/content/rules/Toshiba.co.jp.xml
@@ -11,7 +11,6 @@
 		<exclusion pattern="^http://www\.toshiba\.co\.jp/index_j3.htm" />
 
 
-	<rule from="^http://www\.toshiba\.co\.jp/"
-		to="https://www.toshiba.co.jp/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Toster.ru.xml b/src/chrome/content/rules/Toster.ru.xml
new file mode 100644
index 000000000000..2f5303ac01b9
--- /dev/null
+++ b/src/chrome/content/rules/Toster.ru.xml
@@ -0,0 +1,26 @@
+<!--
+	For other TM coverage, see TMtm.ru.xml.
+
+
+	www.toster.ru: Mismatched
+
+-->
+<ruleset name="Toster.ru">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="toster.ru" />
+	<target host="api.toster.ru" />
+
+	<!--	Complications:
+				-->
+	<target host="www.toster.ru" />
+
+
+	<rule from="^http://www\.toster\.ru/"
+		to="https://toster.ru/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TotalBarcode.com.xml b/src/chrome/content/rules/TotalBarcode.com.xml
index 3c98dd57d630..8acc39cfe2c2 100644
--- a/src/chrome/content/rules/TotalBarcode.com.xml
+++ b/src/chrome/content/rules/TotalBarcode.com.xml
@@ -7,7 +7,6 @@
 	<securecookie host="^www\.totalbarcode\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?totalbarcode\.com/"
-		to="https://$1totalbarcode.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/TotalProSports.com.xml b/src/chrome/content/rules/TotalProSports.com.xml
new file mode 100644
index 000000000000..920dfa63d051
--- /dev/null
+++ b/src/chrome/content/rules/TotalProSports.com.xml
@@ -0,0 +1,11 @@
+<!--
+	Connection refused:
+		- beta.totalprosports.com
+-->
+
+<ruleset name="TotalProSports.com">
+	<target host="totalprosports.com" />
+	<target host="www.totalprosports.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Total_Boox.xml b/src/chrome/content/rules/Total_Boox.xml
index c8d3b2d60b72..f97b0d36f276 100644
--- a/src/chrome/content/rules/Total_Boox.xml
+++ b/src/chrome/content/rules/Total_Boox.xml
@@ -1,13 +1,18 @@
-<ruleset name="Total Boox">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://totalboox.com/ => https://totalboox.com/: (6, 'Could not resolve host: totalboox.com')
+
+-->
+<ruleset name="Total Boox" default_off="failed ruleset test">
 
 	<target host="totalboox.com" />
-	<target host="*.totalboox.com" />
+	<target host="www.totalboox.com" />
 
 
 	<securecookie host="^(?:w*\.)?totalboox\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?totalboox\.com/"
-		to="https://$1totalboox.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Total_Choice_Hosting.xml b/src/chrome/content/rules/Total_Choice_Hosting.xml
index ebfb85b7c515..cee849b6804e 100644
--- a/src/chrome/content/rules/Total_Choice_Hosting.xml
+++ b/src/chrome/content/rules/Total_Choice_Hosting.xml
@@ -20,10 +20,10 @@
 	<rule from="^http://([\w-]+)\.tchmachines\.com/"
 		to="https://$1.tchmachines.com/" />
 
-	<rule from="^https?://totalchoicehosting\.com/"
+	<rule from="^http://totalchoicehosting\.com/"
 		to="https://www.totalchoicehosting.com/" />
 
 	<rule from="^http://(billing|blog|domains|forums|status|support|www)\.totalchoicehosting\.com/"
 		to="https://$1.totalchoicehosting.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Total_Eyecare.xml b/src/chrome/content/rules/Total_Eyecare.xml
index e5bceed50a24..11634f20244a 100644
--- a/src/chrome/content/rules/Total_Eyecare.xml
+++ b/src/chrome/content/rules/Total_Eyecare.xml
@@ -1,13 +1,12 @@
 <ruleset name="Total Eyecare">
 
 	<target host="totalicare.com" />
-	<target host="*.totalicare.com" />
+	<target host="www.totalicare.com" />
 
 
 	<securecookie host="^(?:w*\.)?totalicare\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?totalicare\.com/"
-		to="https://$1totalicare.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Total_Fan_Shop.net.xml b/src/chrome/content/rules/Total_Fan_Shop.net.xml
index 96e1829efcb8..ad5c2550e0fc 100644
--- a/src/chrome/content/rules/Total_Fan_Shop.net.xml
+++ b/src/chrome/content/rules/Total_Fan_Shop.net.xml
@@ -1,13 +1,21 @@
-<ruleset name="Total Fan Shop.net">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://totalfanshop.net/ => https://totalfanshop.net/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.totalfanshop.net/ => https://www.totalfanshop.net/: (28, 'Connection timed out after 20000 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://totalfanshop.net/ => https://totalfanshop.net/: (35, 'error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure')
+-->
+<ruleset name="Total Fan Shop.net" default_off="failed ruleset test">
 
 	<target host="totalfanshop.net" />
-	<target host="*.totalfanshop.net" />
+	<target host="www.totalfanshop.net" />
 
 
 	<securecookie host="^\.(?:www\.)?totalfanshop\.net$" name=".+" />
 
 
-	<rule from="^http://(www\.)?totalfanshop\.net/"
-		to="https://$1totalfanshop.net/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Total_Investor.xml b/src/chrome/content/rules/Total_Investor.xml
index 43a07584bbd8..e4f6f51203d5 100644
--- a/src/chrome/content/rules/Total_Investor.xml
+++ b/src/chrome/content/rules/Total_Investor.xml
@@ -1,4 +1,6 @@
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://totalinvestor.co.uk/ => https://www.totalinvestor.co.uk/: (7, 'Failed to connect to www.totalinvestor.co.uk port 443: Connection refused')
 	CDN buckets:
 
 		- d14vj0hj6x9324.cloudfront.net
@@ -22,22 +24,25 @@
 <ruleset name="Total Investor">
 
 	<target host="totalinvestor.co.uk" />
-	<target host="*.totalinvestor.co.uk" />
+	<target host="www.totalinvestor.co.uk" />
+	<target host="userfiles-m.totalinvestor.co.uk" />
+	<target host="userfiles-s.totalinvestor.co.uk" />
+	<target host="userfiles-xs.totalinvestor.co.uk" />
 
 
 	<securecookie host="^(?:www)?\.totalinvestor\.co\.uk$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?totalinvestor\.co\.uk/"
+	<rule from="^http://(?:www\.)?totalinvestor\.co\.uk/"
 		to="https://www.totalinvestor.co.uk/" />
 
-	<rule from="^https?://userfiles-m\.totalinvestor\.co\.uk/"
+	<rule from="^http://userfiles-m\.totalinvestor\.co\.uk/"
 		to="https://d14vj0hj6x9324.cloudfront.net/" />
 
-	<rule from="^https?://userfiles-s\.totalinvestor\.co\.uk/"
+	<rule from="^http://userfiles-s\.totalinvestor\.co\.uk/"
 		to="https://d2w8arlr69kjmg.cloudfront.net/" />
 
-	<rule from="^https?://userfiles-xs\.totalinvestor\.co\.uk/"
+	<rule from="^http://userfiles-xs\.totalinvestor\.co\.uk/"
 		to="https://d3tydccictwpfl.cloudfront.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Total_Web_Solutions.xml b/src/chrome/content/rules/Total_Web_Solutions.xml
index 131fea6db300..a1326e5702d7 100644
--- a/src/chrome/content/rules/Total_Web_Solutions.xml
+++ b/src/chrome/content/rules/Total_Web_Solutions.xml
@@ -1,4 +1,10 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://store.totalwebsolutions.com/ => https://store.totalwebsolutions.com/: (28, 'Operation timed out after 0 milliseconds with 0 out of 0 bytes received')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://store.totalwebsolutions.com/ => https://store.totalwebsolutions.com/: (28, 'Operation timed out after 15001 milliseconds with 0 bytes received')
 	Nonfunctional totalwebsolutions.com subdomains:
 
 		- (www.) *
@@ -10,10 +16,16 @@
 	* Shows order.totalwebsecure.com; mismatched, CN: *.totalwebsecure.com
 
 -->
-<ruleset name="Total Web Solutions (partial)">
-
-	<target host="*.totalhostingplus.com" />
-	<target host="*.totalwebsecure.com" />
+<ruleset name="Total Web Solutions (partial)" default_off="failed ruleset test">
+
+	<target host="vps-unixweb1.totalhostingplus.com" />
+	<target host="vps-unixweb2.totalhostingplus.com" />
+	<target host="vps-unixweb3.totalhostingplus.com" />
+	<target host="vps-unixweb4.totalhostingplus.com" />
+	<target host="vps-unixweb5.totalhostingplus.com" />
+	<target host="vps-unixweb6.totalhostingplus.com" />
+	<target host="merchant.totalwebsecure.com" />
+	<target host="order.totalwebsecure.com" />
 	<target host="store.totalwebsolutions.com" />
 
 
@@ -21,13 +33,8 @@
 	<securecookie host="^store\.totalwebsolutions\.com$" name=".+" />
 
 
-	<rule from="^http://vps-unixweb([1-6])\.totalhostingplus\.com/"
-		to="https://vps-unixweb$1.totalhostingplus.com/" />
 
-	<rule from="^http://(merchant|order)\.totalwebsecure\.com/"
-		to="https://$1.totalwebsecure.com/" />
 
-	<rule from="^http://store\.totalwebsolutions\.com/"
-		to="https://store.totalwebsolutions.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Totem.xml b/src/chrome/content/rules/Totem.xml
index a61301ee54f4..1b287aca2a7f 100644
--- a/src/chrome/content/rules/Totem.xml
+++ b/src/chrome/content/rules/Totem.xml
@@ -9,15 +9,25 @@
 	<target host="totemapp.com" />
 	<target host="*.totemapp.com" />
 
+	<exclusion pattern="^http://help\.totemapp\.com/" />
 
-	<securecookie host="^(.*\.)?totemapp\.com$" name=".*" />
+		<test url="http://help.totemapp.com/help_center" />
 
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^https?://(?:www\.)?totemapp\.com/"
+	<rule from="^http://(www\.)?totemapp\.com/"
 		to="https://www.totemapp.com/"/>
 
 	<!--	Clients have unique subdomains.	-->
 	<rule from="^http://([\w\-]+)\.totemapp\.com/"
 		to="https://$1.totemapp.com/"/>
 
+		<test url="http://codeproof.totemapp.com/" />
+		<test url="http://gnupg.totemapp.com/" />
+		<test url="http://ingredientmatcher.totemapp.com/" />
+
+	<!-- Invalid certificate
+		<test url="http://www.fracture.totemapp.com/" />
+	-->
+
 </ruleset>
diff --git a/src/chrome/content/rules/Totse2.xml b/src/chrome/content/rules/Totse2.xml
index 4ee580b7e0a1..797d2e047fce 100644
--- a/src/chrome/content/rules/Totse2.xml
+++ b/src/chrome/content/rules/Totse2.xml
@@ -5,10 +5,10 @@
 	<target host="www.totse2.com" />
 
 
-	<securecookie host="^totse\.com$" name=".*" />
+	<securecookie host="^totse\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?totse\.com/"
+	<rule from="^http://(?:www\.)?totse\.com/"
 		to="https://totse.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/TouClick.xml b/src/chrome/content/rules/TouClick.xml
new file mode 100644
index 000000000000..25b24fe1c3da
--- /dev/null
+++ b/src/chrome/content/rules/TouClick.xml
@@ -0,0 +1,27 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://admin.touclick.com/ => https://admin.touclick.com/: (35, 'error:14082174:SSL routines:ssl3_check_cert_and_algorithm:dh key too small')
+
+	Redirect to http:
+	- ecs.touclick.com
+	- request.touclick.com
+	- test.touclick.com
+	- wt.touclick.com
+	- www.touclick.com
+	- xiaowangzi.touclick.com
+
+	Broken:
+	- adc.touclick.com
+-->
+
+<ruleset name="TouClick" default_off="failed ruleset test">
+
+	<target host="admin.touclick.com" />
+	<target host="captcha-static.touclick.com" />
+	<target host="cdnjs.touclick.com" />
+	<target host="js.touclick.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TouTiao.xml b/src/chrome/content/rules/TouTiao.xml
new file mode 100644
index 000000000000..987cc913d0ed
--- /dev/null
+++ b/src/chrome/content/rules/TouTiao.xml
@@ -0,0 +1,56 @@
+<!--
+	Mismatch:
+		m.pstatp.com
+		s5.pstatp.com
+		v(0|1|2|4|5|6|7|9|10).pstatp.com
+		(p|v)[0-10].statp.com
+-->
+<ruleset name="TouTiao (partial)">
+	<!-- Complications: -->
+	<target host="s5.pstatp.com" />
+	<rule from="^http://s5\.pstatp\.com/" to="https://s6.pstatp.com/" />
+		<test url="http://s5.pstatp.com/toutiao/resource/ntoutiao_web/static/image/logo_201f80d.png" />
+
+	<!-- Directly: -->
+	<target host="toutiao.com" />
+	<target host="www.toutiao.com" />
+		<test url="http://www.toutiao.com/i6371298813642015233/" />
+	<target host="ad.toutiao.com" />
+	<target host="app.toutiao.com" />
+	<target host="m.toutiao.com" />
+	<target host="mp.toutiao.com" />
+	<target host="partner.toutiao.com" />
+	<target host="space.toutiao.com" />
+	<target host="web.toutiao.com" />
+
+	<target host="m.toutiaocdn.com" />
+		<test url="http://m.toutiaocdn.com/i6371298813642015233/" />
+	<target host="m.toutiaocdn.cn" />
+
+	<target host="pstatp.com" />
+	<target host="i.pstatp.com" />
+	<target host="p0.pstatp.com" />
+	<target host="p1.pstatp.com" />
+	<target host="p2.pstatp.com" />
+	<target host="p3.pstatp.com" />
+	<target host="p3a.pstatp.com" />
+	<target host="p4.pstatp.com" />
+	<target host="p5.pstatp.com" />
+	<target host="p5a.pstatp.com" />
+	<target host="p6.pstatp.com" />
+	<target host="p7.pstatp.com" />
+	<target host="p8.pstatp.com" />
+	<target host="p9.pstatp.com" />
+	<target host="p10.pstatp.com" />
+
+	<target host="s0.pstatp.com" />
+	<target host="s1.pstatp.com" />
+	<target host="s2.pstatp.com" />
+	<target host="s3.pstatp.com" />
+	<target host="s3a.pstatp.com" />
+	<target host="s3b.pstatp.com" />
+	<target host="s4.pstatp.com" />
+	<target host="s6.pstatp.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TouchCommerce.xml b/src/chrome/content/rules/TouchCommerce.xml
deleted file mode 100644
index 954d487ab9db..000000000000
--- a/src/chrome/content/rules/TouchCommerce.xml
+++ /dev/null
@@ -1,35 +0,0 @@
-<!--
-	CDN buckets:
-
-		- touch-commerce-880c4ca5.s3.amazonaws.com
-
-
-	Nonfunctional domains:
-
-		- (www.)inq.com			(times out)
-		- touchcommerce.com		(cert: *.webvanta.com; 302s to www)
-		- www.touchcommerce.com		(times out)
-
--->
-<ruleset name="TouchCommerce (partial)">
-
-	<target host="*.inq.com" />
-		<!--
-			301s to www.touchcommerce.com.
-							-->
-		<exclusion pattern="^http://www\." />
-	<target host="go.touchcommerce.com" />
-
-
-	<!--	Clients have unique subdomains.
-						-->
-	<rule from="^http://([\w\-]+)\.inq\.com/"
-		to="https://$1.inq.com/" />
-
-	<!--	- $ 302s to app-j.market.com
-		- Pages 404
-						-->
-	<rule from="^https?://go\.touchcommerce\.com/(cs|image|r)s/"
-		to="https://na-j.marketo.com/$1s/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/TouchNet_Information_Systems.xml b/src/chrome/content/rules/TouchNet_Information_Systems.xml
index 645dda640801..7674cf07937e 100644
--- a/src/chrome/content/rules/TouchNet_Information_Systems.xml
+++ b/src/chrome/content/rules/TouchNet_Information_Systems.xml
@@ -6,7 +6,6 @@
 	<securecookie host="^secure\.touchnet\.com$" name=".+" />
 
 
-	<rule from="^http://secure\.touchnet\.com/"
-		to="https://secure.touchnet.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Touchandtravel.de.xml b/src/chrome/content/rules/Touchandtravel.de.xml
new file mode 100644
index 000000000000..89b203fa7dcb
--- /dev/null
+++ b/src/chrome/content/rules/Touchandtravel.de.xml
@@ -0,0 +1,11 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.touchandtravel.de/ => https://www.touchandtravel.de/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+-->
+<ruleset name="Touchandtravel.de" default_off="failed ruleset test">
+  <target host="www.touchandtravel.de" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Touchgen.net.xml b/src/chrome/content/rules/Touchgen.net.xml
new file mode 100644
index 000000000000..cd1bcd3af264
--- /dev/null
+++ b/src/chrome/content/rules/Touchgen.net.xml
@@ -0,0 +1,9 @@
+<ruleset name="Touchgen">
+
+	<target host="touchgen.net" />
+	<target host="www.touchgen.net" />
+	<target host="mail.touchgen.net" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Touchstone_Network.xml b/src/chrome/content/rules/Touchstone_Network.xml
index 7d5f10ff254c..25c0364c1645 100644
--- a/src/chrome/content/rules/Touchstone_Network.xml
+++ b/src/chrome/content/rules/Touchstone_Network.xml
@@ -2,15 +2,17 @@
 	For other MIT coverage, see MIT.xml.
 
 -->
-<ruleset name="Touchstone Network">
+<ruleset name="Touchstone Network.net">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="idp.touchstonenetwork.net" />
 
 
 	<securecookie host="^idp\.touchstonenetwork\.net$" name=".+" />
 
 
-	<rule from="^http://idp\.touchstonenetwork\.net/"
-		to="https://idp.touchstonenetwork.net/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Tourism_and_Events_Queensland.xml b/src/chrome/content/rules/Tourism_and_Events_Queensland.xml
index 87a07138326d..b16c0a79abda 100644
--- a/src/chrome/content/rules/Tourism_and_Events_Queensland.xml
+++ b/src/chrome/content/rules/Tourism_and_Events_Queensland.xml
@@ -1,11 +1,17 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://atdw.tq.com.au/ => https://atdw.tq.com.au/: (28, 'Connection timed out after 20001 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://atdw.tq.com.au/ => https://atdw.tq.com.au/: (51, "SSL: no alternative certificate subject name matches target host name 'atdw.tq.com.au'")
 	Problematic subdomains:
 
 		- (www.)	(shows paypoint; mismatched, CN: paypoint.tq.com.au)
 		- paypoint	(expired 2012-04-22)
 
 -->
-<ruleset name="Tourism and Events Queensland (partial)">
+<ruleset name="Tourism and Events Queensland (partial)" default_off="failed ruleset test">
 
 	<target host="atdw.tq.com.au" />
 
@@ -13,7 +19,6 @@
 	<securecookie host="^atdw\.tq\.com\.au$" name=".+" />
 
 
-	<rule from="^http://atdw\.tq\.com\.au/"
-		to="https://atdw.tq.com.au/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Tourismepourtous.ch.xml b/src/chrome/content/rules/Tourismepourtous.ch.xml
new file mode 100644
index 000000000000..103fa23bac44
--- /dev/null
+++ b/src/chrome/content/rules/Tourismepourtous.ch.xml
@@ -0,0 +1,14 @@
+<!--
+	For other Migros coverage, see Migros.xml.
+
+	Mismatch:
+		- ^tourismepourtous.ch
+-->
+<ruleset name="Tourismepourtous.ch">
+	<target host="tourismepourtous.ch" />
+	<target host="www.tourismepourtous.ch" />
+
+	<rule from="^http://tourismepourtous\.ch/"
+		to="https://www.tourismepourtous.ch/"/>
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TousLesCours.com.xml b/src/chrome/content/rules/TousLesCours.com.xml
new file mode 100644
index 000000000000..b979e819452a
--- /dev/null
+++ b/src/chrome/content/rules/TousLesCours.com.xml
@@ -0,0 +1,11 @@
+<!--
+	See for related rulesets: FrancaisFacile.com.xml
+-->
+<ruleset name="TousLesCours.com">
+	<target host="touslescours.com" />
+	<target host="www.touslescours.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TowerData.com.xml b/src/chrome/content/rules/TowerData.com.xml
new file mode 100644
index 000000000000..a72ef1d885e7
--- /dev/null
+++ b/src/chrome/content/rules/TowerData.com.xml
@@ -0,0 +1,49 @@
+<!--
+	Other TowerData rulesets:
+
+		- RL_CDN.com.xml
+		- RapLeaf.xml
+
+
+	Problematic hosts in *:
+
+		- ^ ¹
+		- intelligence ²
+		- www ²
+
+	¹ Dropped
+	² Akamai
+
+
+	Fully covered hosts in *towerdata.com:
+
+		- client
+		- dashboard
+
+
+	Insecure cookies are set for these hosts:
+
+		- client.towerdata.com
+		- dashboard.towerdata.com
+
+-->
+<ruleset name="TowerData.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="client.towerdata.com" />
+	<target host="dashboard.towerdata.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^dashboard\.towerdata\.com$" name="^_session_id$" /-->
+	<!--securecookie host="^client\.towerdata\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^(?:client|dashboard)\.towerdata\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TowersTimes.co.uk.xml b/src/chrome/content/rules/TowersTimes.co.uk.xml
new file mode 100644
index 000000000000..2019280fff3e
--- /dev/null
+++ b/src/chrome/content/rules/TowersTimes.co.uk.xml
@@ -0,0 +1,15 @@
+<!--
+	This domain contains a wildcard DNS record.
+
+	Invalid certificate:
+		forum.towerstimes.co.uk
+		old.towerstimes.co.uk
+-->
+<ruleset name="TowersTimes.co.uk">
+
+	<target host="towerstimes.co.uk" />
+	<target host="www.towerstimes.co.uk" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TownNews.com.xml b/src/chrome/content/rules/TownNews.com.xml
index a52789accf03..a614927cca44 100644
--- a/src/chrome/content/rules/TownNews.com.xml
+++ b/src/chrome/content/rules/TownNews.com.xml
@@ -33,7 +33,6 @@
 	Partially covered domains:
 
 		- support.townnews.com			(→ secure)
-		- bloximages.chicago2.vip.townnews.com *
 		- (www.)townnews365.com *		(avoiding user-visible paths)
 
 	* → townnews365-dot-com.bloxcms.com
@@ -42,6 +41,8 @@
 	Fully covered domains:
 
 		- townnews365-dot-com.bloxcms.com
+		- bloximages.chicago2.vip.townnews.com
+		- bloximages.newyork1.vip.townnews.com
 		- secure.townnews.com
 		- stats.townnews.com
 
@@ -49,7 +50,7 @@
 <ruleset name="TownNews.com">
 
 	<target host="townnews365-dot-com.bloxcms.com" />
-	<target host="secure.townnews.com" />
+	<target host="*.townnews.com" />
 	<target host="townnews365.com" />
 	<target host="www.townnews365.com" />
 		<!--
@@ -71,7 +72,7 @@
 	<rule from="^http://support\.townnews\.com/(\?.*)?$"
 		to="https://secure.townnews.com/support.townnews.com/custlogin/$1" />
 
-	<rule from="^http://bloximages\.chicago2\.vip\.townnews\.com/townnews365\.com/"
-		to="https://townnews365-dot-com.bloxcms.com/" />
+	<rule from="^http://bloximages\.(chicago2|newyork1)\.vip\.townnews\.com/"
+		to="https://bloximages.$1.vip.townnews.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Townsville_Bottom_Fishing_Charters.com.au.xml b/src/chrome/content/rules/Townsville_Bottom_Fishing_Charters.com.au.xml
deleted file mode 100644
index a0ad641da2b5..000000000000
--- a/src/chrome/content/rules/Townsville_Bottom_Fishing_Charters.com.au.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	Some pages redirect to http.
-
--->
-<ruleset name="Townsville Bottom Fishing Charters.com.au (partial)">
-
-	<target host="townsvillebottomfishingcharters.com.au" />
-	<target host="www.townsvillebottomfishingcharters.com.au" />
-
-
-	<rule from="^http://(www\.)?townsvillebottomfishingcharters\.com\.au/(?=BrowserPreview_tmp_01\.jpg|cdn-cgi/ping|favicon\.ico|images/|media/|plugins/|spacer\.gif|templates/)"
-		to="https://$1townsvillebottomfishingcharters.com.au/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Tox.chat.xml b/src/chrome/content/rules/Tox.chat.xml
new file mode 100644
index 000000000000..d9e7ae9eb491
--- /dev/null
+++ b/src/chrome/content/rules/Tox.chat.xml
@@ -0,0 +1,15 @@
+<ruleset name="Tox.chat">
+
+	<target host="tox.chat" />
+	<target host="blog.tox.chat" />
+	<target host="build.tox.chat" />
+	<target host="lists.tox.chat" />
+	<target host="pkg.tox.chat" />
+	<target host="wiki.tox.chat" />
+	<target host="www.tox.chat" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Tox.im.xml b/src/chrome/content/rules/Tox.im.xml
deleted file mode 100644
index 9c21bc3872cd..000000000000
--- a/src/chrome/content/rules/Tox.im.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- dev *
-		- wiki *
-
-	* Redirects to ^tox.im; mismatched, CN: www.ipwnage.com
-
--->
-<ruleset name="Tox.im (partial)">
-
-	<target host="tox.im" />
-	<target host="www.tox.im" />
-
-
-	<rule from="^http://(www\.)?tox\.im/"
-		to="https://$1tox.im/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Toxme.se.xml b/src/chrome/content/rules/Toxme.se.xml
new file mode 100644
index 000000000000..79bce75d0fb9
--- /dev/null
+++ b/src/chrome/content/rules/Toxme.se.xml
@@ -0,0 +1,12 @@
+<ruleset name="toxme.se">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="toxme.se" />
+	<target host="www.toxme.se" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ToyFoundry.xml b/src/chrome/content/rules/ToyFoundry.xml
deleted file mode 100644
index 3760443d80ff..000000000000
--- a/src/chrome/content/rules/ToyFoundry.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	Nonfunctional domains:
-
-		- (www.)toyfoundry.com		(redirects to login, mismatched, CN: store.fruitninja.com)
-
--->
-<ruleset name="ToyFoundry (partial)">
-
-	<target host="toyfoundry.net" />
-	<target host="*.toyfoundry.net" />
-
-
-	<securecookie host="^(?:www\.)?toyfoundry\.net$" name=".+" />
-
-
-	<rule from="^http://(cdn\.|www\.)?toyfoundry\.net/"
-		to="https://$1toyfoundry.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Toyota.es.xml b/src/chrome/content/rules/Toyota.es.xml
index 806996991605..1ce4a2b43c9c 100644
--- a/src/chrome/content/rules/Toyota.es.xml
+++ b/src/chrome/content/rules/Toyota.es.xml
@@ -9,7 +9,6 @@
 	<target host="www2.toyota.es" />
 
 
-	<rule from="^http://www2\.toyota\.es/"
-		to="https://www2.toyota.es/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Tpaste.us.xml b/src/chrome/content/rules/Tpaste.us.xml
new file mode 100644
index 000000000000..44ddeb9da095
--- /dev/null
+++ b/src/chrome/content/rules/Tpaste.us.xml
@@ -0,0 +1,9 @@
+<!--
+	Mismatch:
+		- www.tpaste.us (not the same as tpaste.us)
+-->
+<ruleset name="Tpaste.us">
+	<target host="tpaste.us" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Tpd.sk.xml b/src/chrome/content/rules/Tpd.sk.xml
new file mode 100644
index 000000000000..a1fdce187b73
--- /dev/null
+++ b/src/chrome/content/rules/Tpd.sk.xml
@@ -0,0 +1,6 @@
+<ruleset name="Tpd.sk">
+  <target host="tpd.sk" />
+  <target host="www.tpd.sk" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Tpfrb.dk.xml b/src/chrome/content/rules/Tpfrb.dk.xml
new file mode 100644
index 000000000000..ab8d6c7c89e9
--- /dev/null
+++ b/src/chrome/content/rules/Tpfrb.dk.xml
@@ -0,0 +1,13 @@
+<!--
+     Problematic domains:
+        - m ¹
+    ¹: Mismatch
+-->
+<ruleset name="Tpfrb.dk">
+    <target host="tpfrb.dk" />
+    <target host="www.tpfrb.dk" />
+
+    <securecookie host=".+" name=".+" />
+
+    <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Tpsmedia.ca.xml b/src/chrome/content/rules/Tpsmedia.ca.xml
new file mode 100644
index 000000000000..e7e2a602dcb6
--- /dev/null
+++ b/src/chrome/content/rules/Tpsmedia.ca.xml
@@ -0,0 +1,11 @@
+<!--
+	For other TPS (Toronto police) rulesets, see TorontoPolice.on.ca.xml.
+
+-->
+<ruleset name="Tpsmedia.ca">
+	<target host="tpsmedia.ca" />
+	<target host="www.tpsmedia.ca" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Tpsnet.ca.xml b/src/chrome/content/rules/Tpsnet.ca.xml
new file mode 100644
index 000000000000..e5d060c59dda
--- /dev/null
+++ b/src/chrome/content/rules/Tpsnet.ca.xml
@@ -0,0 +1,11 @@
+<!--
+	For other TPS (Toronto police) rulesets, see TorontoPolice.on.ca.xml.
+
+-->
+<ruleset name="Tpsnet.ca">
+	<target host="tpsnet.ca" />
+	<target host="www.tpsnet.ca" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Tpsnews.ca-mixedcontent.xml b/src/chrome/content/rules/Tpsnews.ca-mixedcontent.xml
new file mode 100644
index 000000000000..548a78f7782e
--- /dev/null
+++ b/src/chrome/content/rules/Tpsnews.ca-mixedcontent.xml
@@ -0,0 +1,19 @@
+<!--
+	See also Tpsnews.ca.xml.
+
+	For other TPS (Toronto police) rulesets, see TorontoPolice.on.ca.xml.
+
+-->
+<ruleset name="Tpsnews.ca-mixedcontent" platform="mixedcontent">
+	<target host="tpsnews.ca" />
+	<target host="www.tpsnews.ca" />
+
+	<!-- Exclude URLs covered by Tpsnews.ca.xml -->
+	<exclusion pattern="^http://(www\.)?tpsnews\.ca/(feeds|static)/" />
+		<test url="http://tpsnews.ca/feeds/stories.json?format=json" />
+		<test url="http://tpsnews.ca/static/images/grey.gif" />
+		<test url="http://www.tpsnews.ca/static/images/grey.gif" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Tpsnews.ca.xml b/src/chrome/content/rules/Tpsnews.ca.xml
new file mode 100644
index 000000000000..5044cef81a60
--- /dev/null
+++ b/src/chrome/content/rules/Tpsnews.ca.xml
@@ -0,0 +1,17 @@
+<!--
+	See also Tpsnews.ca-mixedcontent.xml.
+
+	For other TPS (Toronto police) rulesets, see TorontoPolice.on.ca.xml.
+
+-->
+<ruleset name="Tpsnews.ca">
+	<target host="tpsnews.ca" />
+		<exclusion pattern="^http://tpsnews\.ca/$" />
+		<test url="http://tpsnews.ca/feeds/stories.json?format=json" />
+	<target host="www.tpsnews.ca" />
+		<exclusion pattern="^http://www\.tpsnews\.ca/$" />
+		<test url="http://www.tpsnews.ca/static/images/grey.gif" />
+
+	<rule from="^http://(www\.)?tpsnews\.ca/(feeds|static)/"
+		to="https://$1tpsnews.ca/$2/" />
+</ruleset>
diff --git a/src/chrome/content/rules/Tr.im.xml b/src/chrome/content/rules/Tr.im.xml
new file mode 100644
index 000000000000..bf331b914ba5
--- /dev/null
+++ b/src/chrome/content/rules/Tr.im.xml
@@ -0,0 +1,12 @@
+<ruleset name="Tr.im">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="tr.im" />
+	<target host="www.tr.im" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TracFone.com.xml b/src/chrome/content/rules/TracFone.com.xml
index f036affcfbff..cea8a5aeafbf 100644
--- a/src/chrome/content/rules/TracFone.com.xml
+++ b/src/chrome/content/rules/TracFone.com.xml
@@ -23,7 +23,7 @@
 	* Secured by us
 
 -->
-<ruleset name="TracFone.com">
+<ruleset name="TracFone.com (redirects)" default_off="Redirect loop">
 
 	<target host="tracfone.com" />
 	<target host="www.tracfone.com" />
diff --git a/src/chrome/content/rules/TracFone_Wireless.com.xml b/src/chrome/content/rules/TracFone_Wireless.com.xml
deleted file mode 100644
index e8cd5aea4250..000000000000
--- a/src/chrome/content/rules/TracFone_Wireless.com.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	Other TracFone Wireless rulesets:
-
-		- TracFone.com.xml
-
--->
-<ruleset name="TracFone Wireless.com (partial)">
-
-	<target host="media.tracfonewireless.com" />
-
-
-	<!--	Could we secure either of these safely?
-							-->
-	<!--securecookie host="^\.tracfonewireless\.com$" name="^(CSList|PrefID)$" /-->
-	<securecookie host="^media\.tracfonewireless\.com$" name=".+" />
-
-
-	<rule from="^http://media\.tracfonewireless\.com/"
-		to="https://media.tracfonewireless.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Trace_Register.xml b/src/chrome/content/rules/Trace_Register.xml
index b080f79ec0c1..50cfa904dcb4 100644
--- a/src/chrome/content/rules/Trace_Register.xml
+++ b/src/chrome/content/rules/Trace_Register.xml
@@ -9,7 +9,6 @@
 	<target host="cdn.traceregister.com" />
 
 
-	<rule from="^http://cdn\.traceregister\.com/"
-		to="https://cdn.traceregister.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Trackalyzer.xml b/src/chrome/content/rules/Trackalyzer.xml
index bf0adb85d02a..a5751a669cdd 100644
--- a/src/chrome/content/rules/Trackalyzer.xml
+++ b/src/chrome/content/rules/Trackalyzer.xml
@@ -14,10 +14,10 @@
 	<target host="*.trackalyzer.com" />
 
 
-	<securecookie host="^(.*\.)?trackalyzer\.com$" name=".*" />
+	<securecookie host="^(?:.*\.)?trackalyzer\.com$" name=".+" />
 
 
-	<rule from="^https?://formalyzer\.com/"
+	<rule from="^http://formalyzer\.com/"
 		to="https://trackalyzer.com/" />
 
 	<rule from="^http://(www\.)?trackalyzer\.com/"
@@ -27,11 +27,11 @@
 		- Cert only matches // & www
 		- t 2 & 3 time out
 				-->
-	<rule from="^https?://t\d\.trackalyzer\.com/trackalyze(?:_secure)?\.(asp|js)"
+	<rule from="^http://t\d\.trackalyzer\.com/trackalyze(?:_secure)?\.(asp|js)"
 		to="https://trackalyzer.com/trackalyze_secure.$1" />
 
 	<!--	0.gif doesn't though.	-->
-	<rule from="^https?://t\d\.trackalyzer\.com/0\.gif"
+	<rule from="^http://t\d\.trackalyzer\.com/0\.gif"
 		to="https://trackalyzer.com/0.gif" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Tracker-Software.com.xml b/src/chrome/content/rules/Tracker-Software.com.xml
new file mode 100644
index 000000000000..93dbb9afe1e8
--- /dev/null
+++ b/src/chrome/content/rules/Tracker-Software.com.xml
@@ -0,0 +1,22 @@
+<!--
+	Mixed content:
+
+		- Images from www.tracker-software.com *
+		- Bug from www.facebook.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Tracker-Software.com">
+
+	<target host="tracker-software.com" />
+	<target host="www.tracker-software.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TrackingPoint.xml b/src/chrome/content/rules/TrackingPoint.xml
index b7bbc1f42138..86b3bbce074b 100644
--- a/src/chrome/content/rules/TrackingPoint.xml
+++ b/src/chrome/content/rules/TrackingPoint.xml
@@ -8,7 +8,7 @@
 	<target host="www.tracking-point.com" />
 
 
-	<rule from="^https?://(?:www\.)?tracking-point\.com/(favicon\.ico|modules/|sites/|(?:labs|user)(?:$|\?|/))"
+	<rule from="^http://(?:www\.)?tracking-point\.com/(favicon\.ico|modules/|sites/|(?:labs|user)(?:$|\?|/))"
 		to="https://tracking-point.com/$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Traction-Digital.com.xml b/src/chrome/content/rules/Traction-Digital.com.xml
new file mode 100644
index 000000000000..f107d8393784
--- /dev/null
+++ b/src/chrome/content/rules/Traction-Digital.com.xml
@@ -0,0 +1,15 @@
+<!--
+	Other Traction Digital rulesets:
+
+		- Ecm74.com.xml
+
+-->
+<ruleset name="Traction-Digital.com">
+
+	<target host="traction-digital.com" />
+	<target host="www.traction-digital.com" />
+	<target host="info.traction-digital.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Trade.tf.xml b/src/chrome/content/rules/Trade.tf.xml
new file mode 100644
index 000000000000..41d846a4a43e
--- /dev/null
+++ b/src/chrome/content/rules/Trade.tf.xml
@@ -0,0 +1,8 @@
+<ruleset name="Trade.tf">
+	<target host="trade.tf" />
+	<target host="www.trade.tf" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TradeBlock.com.xml b/src/chrome/content/rules/TradeBlock.com.xml
new file mode 100644
index 000000000000..8d9207b89870
--- /dev/null
+++ b/src/chrome/content/rules/TradeBlock.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="TradeBlock.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="tradeblock.com" />
+	<target host="www.tradeblock.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TradeKing.com.xml b/src/chrome/content/rules/TradeKing.com.xml
new file mode 100644
index 000000000000..3ea51afa9bee
--- /dev/null
+++ b/src/chrome/content/rules/TradeKing.com.xml
@@ -0,0 +1,21 @@
+<!--
+	Nonfunctional subdomains:
+
+		- content *
+
+	* 404
+
+-->
+<ruleset name="TradeKing.com (partial)">
+
+	<target host="tradeking.com" />
+	<target host="community.tradeking.com" />
+	<target host="investor.tradeking.com" />
+	<target host="static-investor.tradeking.com" />
+	<target host="www.tradeking.com" />
+		<!--exclusion pattern="http://content\.tradeking\.com/" /-->
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TradeLeaks.com.xml b/src/chrome/content/rules/TradeLeaks.com.xml
new file mode 100644
index 000000000000..9c2005d5384e
--- /dev/null
+++ b/src/chrome/content/rules/TradeLeaks.com.xml
@@ -0,0 +1,31 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://tradeleaks.com/ => https://tradeleaks.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.tradeleaks.com/ => https://www.tradeleaks.com/: (60, 'SSL certificate problem: certificate has expired')
+
+	NB: politically sensitive => backport?
+
+
+	Mixed content:
+
+		- Bugs, from:
+
+			- twitter-badges.s3.amazonaws.com *
+			- www.facebook.com *
+
+	* Secured by us
+
+-->
+<ruleset name="TradeLeaks.com" default_off="failed ruleset test">
+
+	<target host="tradeleaks.com" />
+	<target host="www.tradeleaks.com" />
+
+
+	<securecookie host="^\.tradeleaks\.com$" name="^__cfduid$" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TradeNetworks.xml b/src/chrome/content/rules/TradeNetworks.xml
index d91f07a9f2c3..91ba92586429 100644
--- a/src/chrome/content/rules/TradeNetworks.xml
+++ b/src/chrome/content/rules/TradeNetworks.xml
@@ -11,13 +11,13 @@
 -->
 <ruleset name="TradeNetworks (partial)">
 
-	<target host="*.tradenetworks.com" />
+	<target host="billing.tradenetworks.com" />
+	<target host="download.tradenetworks.com" />
 
 
 	<securecookie host="^billing\.tradenetworks\.com$" name=".+" />
 
 
-	<rule from="^http://(billing|download)\.tradenetworks\.com/"
-		to="https://$1.tradenetworks.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/TradePub.com-falsemixed.xml b/src/chrome/content/rules/TradePub.com-falsemixed.xml
index 898fed531c1c..0aa2607a7eeb 100644
--- a/src/chrome/content/rules/TradePub.com-falsemixed.xml
+++ b/src/chrome/content/rules/TradePub.com-falsemixed.xml
@@ -4,15 +4,9 @@
 -->
 <ruleset name="TradePub.com (false MCB)" platform="mixedcontent">
 
-	<target host="tradepub.com" />
-	<target host="www.tradepub.com" />
-		<!--
-			Handled in Tradepub.com.xml:
-							-->
-		<!--exclusion pattern="^http://(www\.)?tradepub\.com/+(body_styles\.css|data/|favicon\.ico)" /-->
+	<target host="betanews.tradepub.com" />
 
 
-	<rule from="^http://(?:www\.)?tradepub\.com/(?!body_styles\.css|data/|favicon\.ico)"
-		to="https://www.tradepub.com/" />
-
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Tradedoubler.xml b/src/chrome/content/rules/Tradedoubler.xml
index ce6ac091eeaa..230ebe9334d6 100644
--- a/src/chrome/content/rules/Tradedoubler.xml
+++ b/src/chrome/content/rules/Tradedoubler.xml
@@ -1,39 +1,90 @@
 <!--
-	Nonfunctional subdomains:
+	Nonfunctional hosts in *tradedoubler.com:
 
-		- (www.)	(refused)
-		- financials	(handshake fails)
+		- financials ʳ
+		- www ⁴
 
+	⁴ 404
+	ʳ Refused
 
-	Fully covered subdomains:
 
-		- anet
-		- clk
+	Partially covered hosts in *tradedoubler.com:
 
-		- clk\w\w:
+		- anet ⁴
+		- clk ⁴
+
+		- clk\w\w: ⁴
 
 			- clkde
 			- clkgb
 
+		- imp\w\w ⁴
+		- pdt ⁴
+		- star\w\w ⁴
+		- tracker ⁴
+
+	⁴ $ redirects to 404
+
+
+	Fully covered hosts in *tradedoubler.com:
+
 		- img
-		- imp\w\w
 		- login
+		- prod
 		- publisher
-		- stardk
-		- tracker
+		- solutions
+
+
+	Insecure cookies are set for these domains:
+
+		- .tradedoubler.com
 
 -->
-<ruleset name="Tradedoubler (partial)">
+<ruleset name="Tradedoubler.com (partial)">
 
 	<target host="*.tradedoubler.com" />
 
+		<!--	$ redirects to s://www
+						-->
+		<exclusion pattern="^http://(?:anet|clk|clk\w\w|imp\w\w|pdt|star\w\w|tracker)\.tradedoubler\.com/$" />
+
+			<!--	+ve:
+					-->
+			<test url="http://anet.tradedoubler.com/" />
+			<test url="http://clk.tradedoubler.com/" />
+			<test url="http://clkde.tradedoubler.com/" />
+			<test url="http://impfr.tradedoubler.com/" />
+			<test url="http://impit.tradedoubler.com/" />
+			<test url="http://pdt.tradedoubler.com/" />
+			<test url="http://stardk.tradedoubler.com/" />
+
+			<!--	-ve:
+					-->
+			<test url="http://anet.tradedoubler.com/anet?type()loc()" />
+			<test url="http://clk.tradedoubler.com/click?p=&amp;a=&amp;f=0" />
+			<test url="http://clkde.tradedoubler.com/click?p=&amp;a=&amp;f=0" />
+			<test url="http://impfr.tradedoubler.com/imp?type()g()a()" />
+			<test url="http://impit.tradedoubler.com/click?p()g()a()" />
+			<test url="http://pdt.tradedoubler.com/click?a()p()prod()ttid()url()" />
+			<test url="http://stardk.tradedoubler.com/click?" />
+			<test url="http://tracker.tradedoubler.com/click?p=&amp;a=&amp;url=" />
+
+		<test url="http://hst.tradedoubler.com/" />
+		<test url="http://img.tradedoubler.com/images/inv.gif" />
+		<test url="http://login.tradedoubler.com/" />
+		<test url="http://prod.tradedoubler.com/" />
+		<test url="http://publisher.tradedoubler.com/" />
+		<test url="http://solutions.tradedoubler.com/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.tradedoubler\.com$" name="^(?:ANETC|BT|GUID|PI|TD_UNIQUE_IMP|TradeDoublerGUID|UI)$" /-->
 
-	<!--securecookie host="^\.tradedoubler\.com$" name="^TD_EH_0$" /-->
-	<securecookie host="^\.tradedoubler\.com$" name="^(?:ANETC|BT|PI|TD_UNIQUE_IMP|TradeDoublerGUID|UI)$" />
-	<securecookie host="^(?:login|publisher)\.tradedoubler\.com$" name=".+" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^http://(anet|clk|clk\w\w|img|imp\w\w|login|publisher|stardk|tracker)\.tradedoubler\.com/"
+	<rule from="^http://(anet|clk|clk\w\w|hst|img|imp\w\w|login|pdt|prod|publisher|solutions|star\w\w|tracker)\.tradedoubler\.com/"
 		to="https://$1.tradedoubler.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Tradelab-problematic.xml b/src/chrome/content/rules/Tradelab-problematic.xml
index 768c9ed96745..c361ca3514b9 100644
--- a/src/chrome/content/rules/Tradelab-problematic.xml
+++ b/src/chrome/content/rules/Tradelab-problematic.xml
@@ -8,7 +8,7 @@
 	<target host="www.tradelab.fr" />
 
 
-	<rule from="^https?://(?:www\.)?tradelab\.fr/"
+	<rule from="^http://(?:www\.)?tradelab\.fr/"
 		to="https://www.tradelab.fr/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Tradelab.xml b/src/chrome/content/rules/Tradelab.xml
index d840f10ef0a5..687f73712aea 100644
--- a/src/chrome/content/rules/Tradelab.xml
+++ b/src/chrome/content/rules/Tradelab.xml
@@ -17,7 +17,6 @@
 	<target host="cdn.tradelab.fr" />
 
 
-	<rule from="^http://cdn\.tradelab\.fr/"
-		to="https://cdn.tradelab.fr/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Tradepub.com.xml b/src/chrome/content/rules/Tradepub.com.xml
index a82b739cdc59..0b3f013302ef 100644
--- a/src/chrome/content/rules/Tradepub.com.xml
+++ b/src/chrome/content/rules/Tradepub.com.xml
@@ -4,72 +4,60 @@
 
 	CDN buckets:
 
-		- netline.cachefly.net
+		- netline.cachefly.net	← img
 
-			- img
 
+	Insecure cookies are set for these domains: ᶜ
 
-	Cert only matches *.tradepub.com
+		- .tradepub.com
 
-
-	Fully covered subdomains:
-
-		- img		(→ netline.cachefly.net)
-		- nl-marketing
-
-
-	Partially covered subdomains:
-
-		- (www.)	(^ → www, avoiding false/broken MCB)
+	ᶜ See https://owasp.org/index.php/SecureFlag
 
 
 	Mixed content:
 
-		- Scripts on www from www ¹
-
 		- css, on:
 
+			- betanews from $self ˢ
+			- betanews from betanews.com
 			- nl-marketing from www.netline.com ²
-			- www from www ¹
 
 		- Images, on:
 
-			- nl-marketing from img ¹
+			- betanews, nl-marketing from img.tradepub.com ˢ
 			- nl-marketing from www.netline.com ³
-			- www from img ¹
 
-		- Web bugs, on www from:
+		- Bugs, on:
 
-			- cts ¹
-			- w.sharethis.com ¹
+			- on www from netline-d.openx.net
+			- on www from u.openx.net ˢ
 
-	¹ Secured by us
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 	² Unsecurable, minimal effect
 	³ Unsecurable
 
 -->
-<ruleset name="tradepub.com (partial)">
+<ruleset name="TradePub.com (partial)">
 
 	<target host="tradepub.com" />
-	<target host="*.tradepub.com" />
-		<!--
-			False/broken MCB:
-						-->
-		<!--exclusion pattern="^http://(www\.)?tradepub\.com/+(?!body_styles\.css|c/|data/|favicon\.ico)" /-->
+	<target host="cts.tradepub.com" />
+	<target host="img.tradepub.com" />
+	<target host="nl-marketing.tradepub.com" />
+	<target host="www.tradepub.com" />
 
+		<test url="http://img.tradepub.com/images/search_icon.png" />
 
-	<!--	Could we secure any of these safely?
+		<!--	Sets cookies without Secure:
 							-->
-	<!--securecookie host="^\.tradepub\.com$" name="^(Apache|_t|tpid)$" /-->
+		<!--test url="http://www.tradepub.com/free-offer/hr-magazine/hrmg?sr=hm&amp;_t=hm:" /-->
 
 
-	<rule from="^http://(?:www\.)?tradepub\.com/(?=body_styles\.css|c/|data/|favicon\.ico)"
-		to="https://www.tradepub.com/" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.tradepub\.com$" name="^(Apache|_t|tpid)$" /-->
 
-	<rule from="^http://(cts|nl-marketing)\.tradepub\.com/"
-		to="https://$1.tradepub.com/" />
 
-	<rule from="^http://img\.tradepub\.com/"
-		to="https://netline.cachefly.net/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Tradera.se.xml b/src/chrome/content/rules/Tradera.se.xml
deleted file mode 100644
index 7a9de4ef5b04..000000000000
--- a/src/chrome/content/rules/Tradera.se.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<ruleset name="Tradera">
-	<target host="tradera.com" />
-	<target host="*.tradera.com" />
-	<target host="tradera.se" />
-	<target host="*.tradera.se" />
-	<rule from="^http://tradera\.se/" to="https://www.tradera.com/"/>
-	<rule from="^http://www\.tradera\.se/" to="https://www.tradera.com/"/>
-	<rule from="^http://tradera\.com/" to="https://www.tradera.com/"/>
-	<rule from="^http://www\.tradera\.com/" to="https://www.tradera.com/"/>
-</ruleset>
-
diff --git a/src/chrome/content/rules/Traffic-Holder.xml b/src/chrome/content/rules/Traffic-Holder.xml
deleted file mode 100644
index 8df7bcfec9b4..000000000000
--- a/src/chrome/content/rules/Traffic-Holder.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<ruleset name="Traffic Holder (partial)">
-
-	<target host="76.9.16.34" />
-	<target host="trafficholder.com" />
-	<target host="*.trafficholder.com" />
-
-
-	<rule from="^http://76\.9\.16\.34/"
-		to="https://secure.trafficholder.com/" />
-
-	<!--	(www.) cert: secure
-			Data appear identical.	-->
-	<rule from="^http://(?:secure\.|www\.)?trafficholder\.com/"
-		to="https://secure.trafficholder.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Traffic-Shop.xml b/src/chrome/content/rules/Traffic-Shop.xml
index 81cf54c720a0..f1f63222571a 100644
--- a/src/chrome/content/rules/Traffic-Shop.xml
+++ b/src/chrome/content/rules/Traffic-Shop.xml
@@ -4,10 +4,9 @@
 	<target host="www.trafficshop.com" />
 
 
-	<securecookie host="^www\.trafficshop\.com$" name=".*" />
+	<securecookie host="^www\.trafficshop\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?trafficshop\.com/"
-		to="https://$1trafficshop.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/TrafficJunky.xml b/src/chrome/content/rules/TrafficJunky.xml
index 2a058aa473b0..238810fdbec5 100644
--- a/src/chrome/content/rules/TrafficJunky.xml
+++ b/src/chrome/content/rules/TrafficJunky.xml
@@ -1,29 +1,44 @@
 <!--
-	Partially covered subdomains:
+	For other TrafficJunky coverage, see trafficjunky.com.xml.
 
-		- marketplace	(some pages redirect to http)
 
+	Problematic hosts in *trafficyjunky.net:
 
-	Fully covered subdomains:
+		- cdn11 ᵐ
+		- beta.marketplace ᵐ
 
-		- (www.)
-		- ads
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- marketplace.trafficjunky.net
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="TrafficJunky (partial)">
+<ruleset name="TrafficJunky.net (partial)">
 
 	<target host="trafficjunky.net" />
-	<target host="*.trafficjunky.net" />
-		<!--exclusion pattern="^http://marketplace\.trafficjunky\.net/+($|\?|(about-us|advertisers|contact-us|home|mobile|networks|privacy-policy|publishers|rules-and-regulations|sitemap|terms-of-use)($|[?/]))" /-->
-		<exclusion pattern="^http://marketplace\.trafficjunky\.net/+(?!bundles/|favicon\.ico|(?:member|signin|signup)(?:$|[?/]))" />
+	<target host="ads.trafficjunky.net" />
+	<target host="cdn10.trafficjunky.net" />
+	<target host="marketplace.trafficjunky.net" />
+	<target host="media.trafficjunky.net" />
+	<target host="pt.trafficjunky.net" />
+	<target host="www.trafficjunky.net" />
+
+		<test url="http://cdn10.trafficjunky.net/html5video/video-js.css" />
+		<test url="http://media.trafficjunky.net/delivery/js/abp/js1.js" />
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^marketplace\.trafficjunky\.net$" name="^RNLBSERVERID$" /-->
 
-	<securecookie host="^www\.trafficjunky\.net$" name=".+" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<!--	ads: included on 3rd-party websites.
-							-->
-	<rule from="^http://((?:ads|marketplace|www)\.)?trafficjunky\.net/"
-		to="https://$1trafficjunky.net/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/TrafficPrivacy.xml b/src/chrome/content/rules/TrafficPrivacy.xml
index 57d193cce1d8..724e7fb5d979 100644
--- a/src/chrome/content/rules/TrafficPrivacy.xml
+++ b/src/chrome/content/rules/TrafficPrivacy.xml
@@ -1,17 +1,39 @@
+
 <!--
-	www: cert only matches ^trafficprivacy.com
+Disabled by https-everywhere-checker because:
+Fetch error: http://trafficprivacy.com/ => https://trafficprivacy.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.trafficprivacy.com/ => https://trafficprivacy.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	www.trafficprivacy.com: cert only matches ^trafficprivacy.com
+
+
+	Insecure cookies are set for these hosts:
+
+		- trafficprivacy.com
 
 -->
-<ruleset name="TrafficPrivacy">
+<ruleset name="TrafficPrivacy.com" default_off="failed ruleset test">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="trafficprivacy.com" />
+
+	<!--	Complications:
+				-->
 	<target host="www.trafficprivacy.com" />
 
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^trafficprivacy\.com$" name="^(?:PHPSESSID|uniq2)$" /-->
+
 	<securecookie host="^trafficprivacy\.com$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?trafficprivacy\.com/"
+	<rule from="^http://www\.trafficprivacy\.com/"
 		to="https://trafficprivacy.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Traffic_Factory.biz.xml b/src/chrome/content/rules/Traffic_Factory.biz.xml
new file mode 100644
index 000000000000..b240f69a2f96
--- /dev/null
+++ b/src/chrome/content/rules/Traffic_Factory.biz.xml
@@ -0,0 +1,27 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- main.trafficfactory.biz
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Traffic Factory.biz">
+
+	<target host="trafficfactory.biz" />
+	<target host="analytics.trafficfactory.biz" />
+	<target host="main.trafficfactory.biz" />
+	<target host="www.trafficfactory.biz" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^main\.trafficfactory\.biz$" name="^symfony$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Traffic_Force.com.xml b/src/chrome/content/rules/Traffic_Force.com.xml
new file mode 100644
index 000000000000..3ddc9ad0b0f4
--- /dev/null
+++ b/src/chrome/content/rules/Traffic_Force.com.xml
@@ -0,0 +1,39 @@
+<!--
+	Problematic hosts in *trafficforce.com:
+
+		- cdn.ht *
+
+	* Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- deliver.trafficforce.com
+
+-->
+<ruleset name="Traffic Force.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="cdes.trafficforce.com" />
+	<target host="deliver.trafficforce.com" />
+
+	<!--	Complications:
+				-->
+	<target host="cdn.ht.trafficforce.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^deliver\.gtrafficforce\.com$" name="^(?:RNLBSERVERID|sppc_uuid)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://cdn\.ht\.trafficforce\.com/"
+		to="https://cdnes.trafficforce.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Traffic_Haus.xml b/src/chrome/content/rules/Traffic_Haus.xml
index 7f689a667aca..28c22b78685c 100644
--- a/src/chrome/content/rules/Traffic_Haus.xml
+++ b/src/chrome/content/rules/Traffic_Haus.xml
@@ -1,16 +1,31 @@
 <!--
-	Nonfunctional subdomains:
+	Insecure cookies are set for these hosts: ᶜ
 
-		- syndication
+		- syndication.traffichaus.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="Traffic Haus (partial)">
+<ruleset name="Traffic Haus.com (partial)">
 
 	<target host="traffichaus.com" />
-	<target host="*.traffichaus.com" />
+	<target host="stats.traffichaus.com" />
+	<target host="syndication.traffichaus.com" />
+	<target host="www.traffichaus.com" />
+
+		<!--	Sets cookies without Secure:
+							-->
+		<!--test url="http://syndication.traffichaus.com/adserve/index.php?z=1&amp;loc=" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^syndication\.traffichaus\.com$" name="^(?:zone|th_trans)_\d+$" /-->
+
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^http://(stats\.|www\.)?traffichaus\.com/"
-		to="https://$1traffichaus.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Trafficfacts.com.xml b/src/chrome/content/rules/Trafficfacts.com.xml
index 08530b447b29..50e3fd20a5eb 100644
--- a/src/chrome/content/rules/Trafficfacts.com.xml
+++ b/src/chrome/content/rules/Trafficfacts.com.xml
@@ -1,5 +1,13 @@
-<ruleset name="Trafficfacts.com">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://rt.trafficfacts.com/ => https://rt.trafficfacts.com/: (6, 'Could not resolve host: rt.trafficfacts.com')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://rt.trafficfacts.com/ => https://rt.trafficfacts.com/: (6, 'Could not resolve host: rt.trafficfacts.com')
+-->
+<ruleset name="Trafficfacts.com" default_off="failed ruleset test">
 	<target host="rt.trafficfacts.com" />
 
-	<rule from="^http://rt\.trafficfacts\.com/" to="https://rt.trafficfacts.com/" />
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Trafficmaxx.xml b/src/chrome/content/rules/Trafficmaxx.xml
index 8e8d0e07eab3..1fed66484962 100644
--- a/src/chrome/content/rules/Trafficmaxx.xml
+++ b/src/chrome/content/rules/Trafficmaxx.xml
@@ -1,19 +1,23 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://s3.trafficmaxx.de/ => https://s3.trafficmaxx.de/: (28, 'Connection timed out after 20003 milliseconds')
+
 	Nonfunctional domains:
 
 		- (www.)trafficmaxx.com	(cert: *.trafficmaxx.de; redirects there)
 
 -->
-<ruleset name="trafficmaxx (partial)">
+<ruleset name="trafficmaxx (partial)" default_off="failed ruleset test">
 
 	<target host="trafficmaxx.de" />
-	<target host="*.trafficmaxx.de" />
+	<target host="s3.trafficmaxx.de" />
+	<target host="www.trafficmaxx.de" />
 
 
-	<securecookie host="^.*\.traffixmaxx\.de$" name=".*" />
+	<securecookie host="^.*\.trafficmaxx\.de$" name=".+" />
 
 
-	<rule from="^http://(s3\.|www\.)?trafficmaxx\.de/"
-		to="https://$1trafficmaxx.de/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Trail_of_Bits.com.xml b/src/chrome/content/rules/Trail_of_Bits.com.xml
new file mode 100644
index 000000000000..1c5416d79cb4
--- /dev/null
+++ b/src/chrome/content/rules/Trail_of_Bits.com.xml
@@ -0,0 +1,50 @@
+<!--
+	^: Refused
+
+
+	Insecure cookies are set for these domains:
+
+		- .trailofbits.com
+
+
+	Mixed content:
+
+		- iframe on blog from www.youtube.com *
+
+		- Images, on blog from:
+
+			- \d.gravatar.com *
+			- trailofbits.files.wordpress.com *
+			- s0.wp.com *
+
+		- Bug on blog from pixel.wp.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Trail of Bits.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="blog.trailofbits.com" />
+	<target host="www.trailofbits.com" />
+
+	<!--	Complications:
+				-->
+	<target host="trailofbits.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.trailofbits\.com$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.trailofbits\.com$" name=".+" />
+
+
+	<rule from="^http://trailofbits\.com/"
+		to="https://www.trailofbits.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Trails.com.xml b/src/chrome/content/rules/Trails.com.xml
new file mode 100644
index 000000000000..4107a429a2e9
--- /dev/null
+++ b/src/chrome/content/rules/Trails.com.xml
@@ -0,0 +1,11 @@
+<!--
+	For other Demand Media coverage, see Demand-Media.xml.
+-->
+<ruleset name="Trails.com (partial)">
+	<target host="trails.com" />
+	<target host="www.trails.com" />
+	<target host="api.trails.com" />
+	<target host="cdn-www.trails.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Training_Industry.com.xml b/src/chrome/content/rules/Training_Industry.com.xml
new file mode 100644
index 000000000000..b2af44013852
--- /dev/null
+++ b/src/chrome/content/rules/Training_Industry.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="Training Industry.com">
+
+	<target host="trainingindustry.com" />
+	<target host="www.trainingindustry.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Traintimes.org.uk.xml b/src/chrome/content/rules/Traintimes.org.uk.xml
new file mode 100644
index 000000000000..68b877330051
--- /dev/null
+++ b/src/chrome/content/rules/Traintimes.org.uk.xml
@@ -0,0 +1,19 @@
+<!--
+	Invalid certificate:
+		i.traintimes.org.uk
+		www.gingerbread.traintimes.org.uk
+		m.traintimes.org.uk
+		mx.traintimes.org.uk
+		pto.traintimes.org.uk
+		www.pto.traintimes.org.uk
+		split.traintimes.org.uk
+-->
+<ruleset name="Traintimes.org.uk">
+	<target host="traintimes.org.uk" />
+	<target host="www.traintimes.org.uk" />
+	<target host="gingerbread.traintimes.org.uk" />
+
+	<securecookie host="^(www\.)?traintimes\.org\.uk$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Trakk247.com.xml b/src/chrome/content/rules/Trakk247.com.xml
deleted file mode 100644
index c09080f9bf41..000000000000
--- a/src/chrome/content/rules/Trakk247.com.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="trakk247.com">
-
-	<target host="trakk247.com" />
-	<target host="www.trakk247.com" />
-
-
-	<rule from="^http://(www\.)?trakk247\.com/"
-		to="https://$1trakk247.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/TransIP.nl.xml b/src/chrome/content/rules/TransIP.nl.xml
new file mode 100644
index 000000000000..e40c6d0c16fc
--- /dev/null
+++ b/src/chrome/content/rules/TransIP.nl.xml
@@ -0,0 +1,15 @@
+<!--
+	Other TransIP rulesets:
+
+		- JoinUs.Today.xml
+
+-->
+<ruleset name="TransIP.nl">
+
+	<target host="transip.nl" />
+	<target host="www.transip.nl" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TransLink.ca.xml b/src/chrome/content/rules/TransLink.ca.xml
new file mode 100644
index 000000000000..6ca2c820a856
--- /dev/null
+++ b/src/chrome/content/rules/TransLink.ca.xml
@@ -0,0 +1,48 @@
+<!--
+	Invalid certificate:
+		translink.bc.ca
+		www.translink.bc.ca
+		nextbus.translink.bc.ca
+		www.alerts.translink.ca
+
+	Time out:
+		infomaps.translink.ca
+		mbltripplanning.translink.bc.ca
+
+	Server sends no certificate chain, see https://whatsmychaincert.com:
+		buzzer.translink.ca
+		employee.translink.ca
+		infraction.translink.ca
+-->
+<ruleset name="TransLink.ca">
+	<target host="careers.translink.bc.ca" />
+	<target host="empsupport.translink.bc.ca" />
+	<target host="compasscard.ca" />
+	<target host="www.compasscard.ca" />
+	<target host="translink.ca" />
+	<target host="*.translink.ca" />
+		<test url="http://www.translink.ca/" />
+		<test url="http://10yearvision.translink.ca/" />
+		<test url="http://developer.translink.ca/" />
+		<test url="http://fav.translink.ca/" />
+		<test url="http://feedback.translink.ca/" />
+		<test url="http://m.translink.ca/" />
+		<test url="http://mfb.translink.ca/" />
+		<test url="http://msft.translink.ca/" />
+		<test url="http://myaccess.translink.ca/" />
+		<test url="http://nb.translink.ca/" />
+		<test url="http://tenyearvision.translink.ca/" />
+		<test url="http://tp.translink.ca/" />
+		<test url="http://tripplanning.translink.ca/" />
+		<test url="http://upassbc.translink.ca/" />
+	<target host="translinklistens.ca" />
+	<target host="www.translinklistens.ca" />
+	<target host="join.translinklistens.ca" />
+	<target host="translinkstore.ca" />
+	<target host="www.translinkstore.ca" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Trans_Marine.xml b/src/chrome/content/rules/Trans_Marine.xml
index 42c1f271b12f..8f67595961f7 100644
--- a/src/chrome/content/rules/Trans_Marine.xml
+++ b/src/chrome/content/rules/Trans_Marine.xml
@@ -1,13 +1,19 @@
-<ruleset name="Trans Marine">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://transmarine.org/ => https://transmarine.org/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.transmarine.org/ => https://www.transmarine.org/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="Trans Marine" default_off="failed ruleset test">
 
 	<target host="transmarine.org" />
-	<target host="*.transmarine.org" />
+	<target host="www.transmarine.org" />
 
 
 	<securecookie host="^(?:www)?\.transmarine\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?transmarine\.org/"
-		to="https://$1transmarine.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Transact_Auto.xml b/src/chrome/content/rules/Transact_Auto.xml
index 6341bb0c31c7..a8c65c3d1227 100644
--- a/src/chrome/content/rules/Transact_Auto.xml
+++ b/src/chrome/content/rules/Transact_Auto.xml
@@ -1,14 +1,14 @@
 <!--
-	Cert only matches ^transactauto.com
+	(www.)?: Reset
 
 -->
-<ruleset name="Transact Auto">
+<ruleset name="Transact Auto" default_off="connection reset">
 
 	<target host="transactauto.com" />
 	<target host="www.transactauto.com" />
 
 
-	<rule from="^https?://(?:www\.)?transactauto\.com/"
+	<rule from="^http://(?:www\.)?transactauto\.com/"
 		to="https://transactauto.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Transbuddhists.org.xml b/src/chrome/content/rules/Transbuddhists.org.xml
new file mode 100644
index 000000000000..f01c661498da
--- /dev/null
+++ b/src/chrome/content/rules/Transbuddhists.org.xml
@@ -0,0 +1,6 @@
+<ruleset name="Transbuddhists.org">
+	<target host="transbuddhists.org" />
+	<target host="www.transbuddhists.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TransferWise.com.xml b/src/chrome/content/rules/TransferWise.com.xml
new file mode 100644
index 000000000000..8f0e3304aa63
--- /dev/null
+++ b/src/chrome/content/rules/TransferWise.com.xml
@@ -0,0 +1,32 @@
+<!--
+	Non-functional subdomains:
+		- document-store	(m)
+		- links		(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="TransferWise.com">
+
+	<target host="transferwise.com" />
+	<target host="www.transferwise.com" />
+	<target host="api.transferwise.com" />
+	<target host="api-docs.transferwise.com" />
+	<target host="api-sandbox.transferwise.com" />
+	<target host="bootstrap.transferwise.com" />
+	<target host="bot.transferwise.com" />
+	<target host="brand.transferwise.com" />
+	<target host="jobs.transferwise.com" />
+	<target host="tech.transferwise.com" />
+	<target host="vpn.transferwise.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Transformationmadeeasy.com.xml b/src/chrome/content/rules/Transformationmadeeasy.com.xml
index 38532c51c7b0..8f63d5775112 100644
--- a/src/chrome/content/rules/Transformationmadeeasy.com.xml
+++ b/src/chrome/content/rules/Transformationmadeeasy.com.xml
@@ -29,4 +29,4 @@
 	<rule from="^http://(?:www\.)?(?:ask-inc|transformationmadeeasy)\.com/"
 		to="https://www.transformationmadeeasy.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Transformative_Works.org-problematic.xml b/src/chrome/content/rules/Transformative_Works.org-problematic.xml
new file mode 100644
index 000000000000..40c3daabb72c
--- /dev/null
+++ b/src/chrome/content/rules/Transformative_Works.org-problematic.xml
@@ -0,0 +1,12 @@
+<!--
+	For rules that are on by default, see Transformative_Works.org.xml.
+
+-->
+<ruleset name="Transformative Works.org (mismatched)" default_off="mismatched">
+
+	<target host="elections.transformativeworks.org" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Transformative_Works.org.xml b/src/chrome/content/rules/Transformative_Works.org.xml
new file mode 100644
index 000000000000..a323e2d23f0b
--- /dev/null
+++ b/src/chrome/content/rules/Transformative_Works.org.xml
@@ -0,0 +1,43 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://transformativeworks.org/ => https://transformativeworks.org/: (7, 'Failed to connect to transformativeworks.org port 443: Connection refused')
+Fetch error: http://www.transformativeworks.org/ => https://transformativeworks.org/: (7, 'Failed to connect to transformativeworks.org port 443: Connection refused')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://transformativeworks.org/ => https://transformativeworks.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.transformativeworks.org/ => https://transformativeworks.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+	For problematic rules, see Transformative_Works.org-problematic.xml.
+
+
+	Problematic subdomains:
+
+		- elections *
+		- www *
+
+	* Works; mismatched, CN: transformativeworks.org
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- (www.) from ^ ¹
+			- elections from $self ²
+
+		- Web bugs from platform.twimg.com ¹
+
+	¹ Secured by us
+	² Secured in -problematic
+
+-->
+<ruleset name="Transformative Works.org (partial)" default_off="failed ruleset test">
+
+	<target host="transformativeworks.org" />
+	<target host="www.transformativeworks.org" />
+
+
+	<rule from="^http://(?:www\.)?transformativeworks\.org/"
+		to="https://transformativeworks.org/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Transifex.com.xml b/src/chrome/content/rules/Transifex.com.xml
new file mode 100644
index 000000000000..4677fc04afc9
--- /dev/null
+++ b/src/chrome/content/rules/Transifex.com.xml
@@ -0,0 +1,18 @@
+<ruleset name="Transifex.com">
+
+	<target host="transifex.com" />
+	<target host="www.transifex.com" />
+	<target host="blog.transifex.com" />
+	<target host="cdn.transifex.com" />
+		<test url="http://cdn.transifex.com/live.js" />
+	<target host="docs.transifex.com" />
+	<target host="help.transifex.com" />
+	<target host="status.transifex.com" />
+	<target host="support.transifex.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Transifex.xml b/src/chrome/content/rules/Transifex.xml
deleted file mode 100644
index 8fae08f93197..000000000000
--- a/src/chrome/content/rules/Transifex.xml
+++ /dev/null
@@ -1,35 +0,0 @@
-<!--
-	CDN buckets:
-
-		- txblog-media.s3.amazonaws.com
-		- ds0k0en9abmn1.cloudfront.net
-
-
-	Nonfunctional subdomains:
-
-		- blog		(hosted on Tumblr)
-		- help
-		- support	(cert: *.zendesk.com; 302s to http)
-
--->
-<ruleset name="Transifex (partial)">
-
-	<target host="transifex.com" />
-	<target host="*.transifex.com" />
-
-
-	<securecookie host="^www\.transifex\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?transifex\.com/"
-		to="https://$1transifex.com/" />
-
-	<!--	generated is used directly on some Zendesk accounts, so
-		presumably pointing to generated.zendesk is preferred.
-
-		transifex.zendesk.com 302s back.
-								-->
-	<rule from="^https?://support\.transifex\.com/generated/"
-		to="https://generated.zendesk.com/generated/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Transit.land.xml b/src/chrome/content/rules/Transit.land.xml
new file mode 100644
index 000000000000..f64b5aa51ad8
--- /dev/null
+++ b/src/chrome/content/rules/Transit.land.xml
@@ -0,0 +1,10 @@
+<ruleset name="Transit.land">
+
+	<target host="transit.land" />
+	<target host="www.transit.land" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TransitionNetwork.org.xml b/src/chrome/content/rules/TransitionNetwork.org.xml
index 4716c0e84e4e..f6b085fb50b1 100644
--- a/src/chrome/content/rules/TransitionNetwork.org.xml
+++ b/src/chrome/content/rules/TransitionNetwork.org.xml
@@ -1,9 +1,14 @@
+<!--
+	Invalid certificate:
+		transitionese.transitionnetwork.org
+
+-->
 <ruleset name="TransitionNetwork.org">
 
 	<target host="transitionnetwork.org" />
 	<target host="www.transitionnetwork.org" />
 
-	<rule from="^http://(www\.)?transitionnetwork\.org/"
-		to="https://www.transitionnetwork.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/TranslateHouse.org.xml b/src/chrome/content/rules/TranslateHouse.org.xml
new file mode 100644
index 000000000000..f9f5348fb274
--- /dev/null
+++ b/src/chrome/content/rules/TranslateHouse.org.xml
@@ -0,0 +1,15 @@
+<!--
+	Mismatch:
+		translatehouse.org
+		docs.translatehouse.org
+-->
+<ruleset name="TranslateHouse.org">
+	<target host="amagama.translatehouse.org" />
+	<target host="pootle.translatehouse.org" />
+	<target host="toolkit.translatehouse.org" />
+	<target host="virtaal.translatehouse.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TranslateThi.is.xml b/src/chrome/content/rules/TranslateThi.is.xml
index f9d59f70f1d4..f5ffc76f4481 100644
--- a/src/chrome/content/rules/TranslateThi.is.xml
+++ b/src/chrome/content/rules/TranslateThi.is.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://x.translateth.is/ (200) => https://s3.amazonaws.com/x.translateth.is/ (403)
+
 	CDN buckets:
 
 		- x.translateth.is
@@ -9,12 +13,11 @@
 		- (www.)	(prints "dashd", invalid cert)
 
 -->
-<ruleset name="TranslateThi.is (partial)">
+<ruleset name="TranslateThi.is (partial)" default_off="failed ruleset test">
 
 	<target host="x.translateth.is" />
 
 
-	<rule from="^http://x\.translateth\.is/"
-		to="https://s3.amazonaws.com/x.translateth.is/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Translatewiki.net.xml b/src/chrome/content/rules/Translatewiki.net.xml
index e543ad0f4f93..f5a607b27686 100644
--- a/src/chrome/content/rules/Translatewiki.net.xml
+++ b/src/chrome/content/rules/Translatewiki.net.xml
@@ -3,4 +3,4 @@
   <target host="www.translatewiki.net" />
 
   <rule from="^http://(?:www\.)?translatewiki\.net/" to="https://translatewiki.net/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Translation_Project.org.xml b/src/chrome/content/rules/Translation_Project.org.xml
new file mode 100644
index 000000000000..717521016247
--- /dev/null
+++ b/src/chrome/content/rules/Translation_Project.org.xml
@@ -0,0 +1,20 @@
+<!--
+	Mixed content:
+
+		- Image from ^ *
+
+	* Secured by us
+
+-->
+<ruleset name="Translation Project.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="translationproject.org" />
+	<target host="www.translationproject.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Translatoruser.net.xml b/src/chrome/content/rules/Translatoruser.net.xml
new file mode 100644
index 000000000000..f7d65fb1821e
--- /dev/null
+++ b/src/chrome/content/rules/Translatoruser.net.xml
@@ -0,0 +1,14 @@
+<!--
+
+	For other Microsoft coverage, see Microsoft.xml.
+
+-->
+<ruleset name="Translatoruser.net">
+
+	<target host="ssl.translatoruser.net" />
+	<target host="www.translatoruser.net" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Translink.xml b/src/chrome/content/rules/Translink.xml
index 2688fb1bc838..52877bed8196 100644
--- a/src/chrome/content/rules/Translink.xml
+++ b/src/chrome/content/rules/Translink.xml
@@ -1,17 +1,18 @@
 <!--
+
 	!www times out/
 
 -->
 <ruleset name="Translink">
 
 	<target host="translink.co.uk" />
-	<target host="*.translink.co.uk" />
+	<target host="www.translink.co.uk" />
 
 
 	<securecookie host="^w*\.translink.co.uk$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?translink\.co\.uk/"
+	<rule from="^http://(?:www\.)?translink\.co\.uk/"
 		to="https://www.translink.co.uk/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Transmission.xml b/src/chrome/content/rules/Transmission.xml
index 8ada2903c7f2..ac5e696a621b 100644
--- a/src/chrome/content/rules/Transmission.xml
+++ b/src/chrome/content/rules/Transmission.xml
@@ -1,20 +1,27 @@
 <!--
-	Nonfunctional subdomains:
+	Insecure cookies are set for these hosts: ᶜ
 
-		- download		(404)
-		- download-origin
-		- (www.)		(redirects to http)
+		- trac.transmissionbt.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="Transmission (partial)">
+<ruleset name="Transmission BT.com">
+
+	<target host="transmissionbt.com" />
+	<target host="forum.transmissionbt.com" />
+	<target host="trac.transmissionbt.com" />
+	<target host="www.transmissionbt.com" />
 
-	<target host="*.transmissionbt.com" />
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^trac\.transmissionbt\.com$" name="^(trac_form_token|trac_session)$" /-->
 
-	<securecookie host="^.*\.transmissionbt\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(forum|trac)\.transmissionbt\.com/"
-		to="https://$1.transmissionbt.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/TransmissionZero.co.uk.xml b/src/chrome/content/rules/TransmissionZero.co.uk.xml
new file mode 100644
index 000000000000..0422718260b7
--- /dev/null
+++ b/src/chrome/content/rules/TransmissionZero.co.uk.xml
@@ -0,0 +1,14 @@
+<!--
+	Unable to connect:
+		transmissionzero.co.uk
+-->
+<ruleset name="TransmissionZero.co.uk">
+	<target host="transmissionzero.co.uk" />
+	<target host="www.transmissionzero.co.uk" />
+	<target host="files.transmissionzero.co.uk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://transmissionzero\.co\.uk/" to="https://www.transmissionzero.co.uk/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Transmode.se.xml b/src/chrome/content/rules/Transmode.se.xml
new file mode 100644
index 000000000000..9d4ffda77505
--- /dev/null
+++ b/src/chrome/content/rules/Transmode.se.xml
@@ -0,0 +1,24 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://transmode.se/ => https://www.transmode.com/: (7, 'Failed to connect to www.transmode.com port 443: Connection refused')
+
+	For other Transmode coverage, see Transmode.xml.
+
+
+	(www.): mismatched
+
+-->
+<ruleset name="Transmode.se" default_off="failed ruleset test">
+
+	<target host="transmode.se" />
+	<target host="*.transmode.se" />
+
+
+	<rule from="^http://(?:www\.)?transmode\.se/+"
+		to="https://www.transmode.com/" />
+
+	<rule from="^http://tac\.transmode\.org/"
+		to="https://tac.transmode.org/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Transmode.xml b/src/chrome/content/rules/Transmode.xml
index 33ebdcf39e75..5683d4e8db83 100644
--- a/src/chrome/content/rules/Transmode.xml
+++ b/src/chrome/content/rules/Transmode.xml
@@ -1,11 +1,28 @@
-<ruleset name="Transmode" platform="mixedcontent">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://transmode.com/ => https://transmode.com/: (7, 'Failed to connect to transmode.com port 443: Connection refused')
+Fetch error: http://www.transmode.com/ => https://www.transmode.com/: (7, 'Failed to connect to www.transmode.com port 443: Connection refused')
+
+	Other Transmode rulesets:
+
+		- Transmode.se.xml
+
+
+	Mixed content:
+
+		- Bugs from statse.webtrendslive.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Transmode" default_off="failed ruleset test">
 
 	<target host="transmode.com"/>
 	<target host="www.transmode.com"/>
 
-	<securecookie host="^(.*\.)?transmode\.com$" name=".*"/>
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(www\.)?transmode\.com/"
-		to="https://$1transmode.com/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Transparency.org.xml b/src/chrome/content/rules/Transparency.org.xml
new file mode 100644
index 000000000000..538ecd21eb83
--- /dev/null
+++ b/src/chrome/content/rules/Transparency.org.xml
@@ -0,0 +1,39 @@
+<!--
+	Other Transparency International rulesets:
+
+		- transparency.hu.xml
+
+
+	Nonfunctional hosts in *transparency.org:
+
+		- bpi *
+		- cpi *
+		- gcb *
+
+	* 401
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.transparency.org
+
+-->
+<ruleset name="Transparency.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="transparency.org" />
+	<target host="www.transparency.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.transparency\.org$" name="^exp_(csrf_token|last_activity|last_visit|tracker)$" /-->
+
+	<securecookie host="^www\.transparency\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Transparency_Toolkit.org.xml b/src/chrome/content/rules/Transparency_Toolkit.org.xml
new file mode 100644
index 000000000000..c1b1ddbd77ae
--- /dev/null
+++ b/src/chrome/content/rules/Transparency_Toolkit.org.xml
@@ -0,0 +1,34 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://htwiki.transparencytoolkit.org/ => https://htwiki.transparencytoolkit.org/: (60, 'SSL certificate problem: certificate has expired')
+
+	Insecure cookies are set for these domains:
+
+		- .transparencytoolkit.org
+
+-->
+<ruleset name="Transparency Toolkit.org" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="transparencytoolkit.org" />
+	<target host="*.transparencytoolkit.org" />
+
+		<test url="http://ht.transparencytoolkit.org/" />
+		<test url="http://htwiki.transparencytoolkit.org/" />
+		<test url="http://icwatch.transparencytoolkit.org/" />
+		<test url="http://www.transparencytoolkit.org/" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.transparencytoolkit\.org$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.transparencytoolkit\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Transport_for_London.xml b/src/chrome/content/rules/Transport_for_London.xml
index 60d15a4e1cf2..3c7193918cf3 100644
--- a/src/chrome/content/rules/Transport_for_London.xml
+++ b/src/chrome/content/rules/Transport_for_London.xml
@@ -1,20 +1,44 @@
 <!--
+	Transport for London
+
 	For other UK government coverage, see GOV.UK.xml.
 
+
+	Nonfunctional hosts in *tfl.gov.uk:
+
+		- content ᵈ
+
+	ᵈ Dropped
+
+
+	Mixed content:
+
+		- Bug on ^ from tf1.d3.sc.omtrdc.net ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
 -->
-<ruleset name="Transport for London (partial)">
+<ruleset name="TfL.gov.uk (partial)">
 
 	<target host="tfl.gov.uk" />
-	<target host="*.tfl.gov.uk" />
+	<!--target host="*.tfl.gov.uk" /-->
+	<target host="www.tfl.gov.uk" />
+
+		<!--exclusion pattern="^http://(?:art|blog|content|countdown|cyclestories|info|visitorshop)\.tfl\.gov\.uk/" /-->
+
+			<!--test url="http://art.tfl.gov.uk/" /-->
+			<!--test url="http://art.tfl.gov.uk/contact/" /-->
+			<!--test url="http://blog.tfl.gov.uk/house-rules/" /-->
+			<!--test url="http://content.tfl.gov.uk/MyStops/" /-->
+			<!--test url="http://countdown.tfl.gov.uk/MyStops/" /-->
+			<!--test url="http://cyclestories.tfl.gov.uk/cyclists-beth.shtml" /-->
+			<!--test url="http://info.tfl.gov.uk/licenses/aboutEcm.jsp" /-->
+			<!--test url="http://visitorshop.tfl.gov.uk/help/" /-->
 
+		<!--test url="http://www.tfl.gov.uk/" /-->
 
-	<!--	- Cert only matches www
-		- At least some pages 30 to http
-						-->
-	<rule from="^https?://(?:www\.)?tfl\.gov\.uk/(assets/|helpandcontact/?$|microsites/|\w+-global/)"
-		to="https://www.tfl.gov.uk/$1" />
 
-	<rule from="^http://custserv\.tfl\.gov\.uk/"
-		to="https://custserv.tfl.gov.uk/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Transportation.gov.xml b/src/chrome/content/rules/Transportation.gov.xml
new file mode 100644
index 000000000000..b3ce618889b7
--- /dev/null
+++ b/src/chrome/content/rules/Transportation.gov.xml
@@ -0,0 +1,18 @@
+<!--
+
+
+	^transportation.gov doesn't exist.
+
+-->
+<ruleset name="Transportation.gov">
+
+	<target host="www.transportation.gov" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Transportstyrelsen.se.xml b/src/chrome/content/rules/Transportstyrelsen.se.xml
index 36b2a13524e3..b437fe12794b 100644
--- a/src/chrome/content/rules/Transportstyrelsen.se.xml
+++ b/src/chrome/content/rules/Transportstyrelsen.se.xml
@@ -1,7 +1,6 @@
 <ruleset name="Transportstyrelsen.se" platform="mixedcontent">
 	<target host="transportstyrelsen.se" />
 	<target host="www.transportstyrelsen.se" />
-	<rule from="^http://www\.transportstyrelsen\.se/" to="https://www.transportstyrelsen.se/"/>
-	<rule from="^http://transportstyrelsen\.se/" to="https://transportstyrelsen.se/"/>
+	<rule from="^http:" to="https:" />
 </ruleset>
 
diff --git a/src/chrome/content/rules/Transversal.com.xml b/src/chrome/content/rules/Transversal.com.xml
new file mode 100644
index 000000000000..905dafccd678
--- /dev/null
+++ b/src/chrome/content/rules/Transversal.com.xml
@@ -0,0 +1,16 @@
+<!--
+	Other Transversal rulesets:
+
+		- metafaq.com.xml
+
+-->
+<ruleset name="Transversal.com">
+
+	<target host="transversal.com" />
+	<target host="www.transversal.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Trapologyboston.com.xml b/src/chrome/content/rules/Trapologyboston.com.xml
new file mode 100644
index 000000000000..93b7cef3362e
--- /dev/null
+++ b/src/chrome/content/rules/Trapologyboston.com.xml
@@ -0,0 +1,5 @@
+<ruleset name="Trapologyboston.com">
+	<target host="trapologyboston.com" />
+	<target host="www.trapologyboston.com" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Trappedinsidethecomputer.net.xml b/src/chrome/content/rules/Trappedinsidethecomputer.net.xml
deleted file mode 100644
index c1f414770675..000000000000
--- a/src/chrome/content/rules/Trappedinsidethecomputer.net.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	CDN buckets:
-
-		- 4126-iamnoonesolution.netdna-ssl.com
-
-
-	Nonfunctional subdomains:
-
-		- (www.)	(redirects to vishakeswwwabcde, valid cert)
-
--->
-<ruleset name="trappedinsidethecomputer.net (partial)">
-
-	<target host="vishakeswwwabcde.trappedinsidethecomputer.net" />
-
-
-	<securecookie host="^vishakeswwwabcde\.trappedinsidethecomputer\.net$" name=".+" />
-
-
-	<rule from="^http://vishakeswwwabcde\.trappedinsidethecomputer\.net/"
-		to="https://vishakeswwwabcde.trappedinsidethecomputer.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Trash.net.xml b/src/chrome/content/rules/Trash.net.xml
index b226313ed695..13cdb93f897e 100644
--- a/src/chrome/content/rules/Trash.net.xml
+++ b/src/chrome/content/rules/Trash.net.xml
@@ -1,17 +1,40 @@
 <!--
-	Nonfunctiona subdomains:
+	Nonfunctional hosts in *trash.net:
 
-		- $	(cert: your; shows your's data)
-		- beer	(ditto)
-		- www	(ditto)
+		- beer ᵃ
+
+	ᵃ Shows your.trash.net
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- trash.net
+		- your.trash.net
+		- your2.trash.net
+		- www.trash.net
+		- www2.trash.net
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="trash.net (partial)" platform="cacert">
+<ruleset name="trash.net (partial)">
 
+	<target host="trash.net" />
 	<target host="your.trash.net" />
+	<target host="your2.trash.net" />
+	<target host="www.trash.net" />
+	<target host="www2.trash.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www2?\.)?trash\.net$" name="^CMSSESSID[\da-f]+$" /-->
+	<!--securecookie host="^your2?\.trash\.net$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^http://your\.trash\.net/"
-		to="https://your.trash.net/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Trashmail.xml b/src/chrome/content/rules/Trashmail.xml
index 1ea0ea83c585..eea0469bac04 100644
--- a/src/chrome/content/rules/Trashmail.xml
+++ b/src/chrome/content/rules/Trashmail.xml
@@ -1,19 +1,17 @@
 <!--
-	Problematic subdomains:
-
-		- (www.)	(redirects to ssl; mismatched, CN: ssl.trashmail.net)
+	Mismatch on (www\.)?trashmail.net
 
+	(www\.)?trashmail-static.com do not exist
 -->
 <ruleset name="Trashmail">
 
-	<target host="trashmail.net" />
-	<target host="*.trashmail.net" />
-
-
-	<securecookie host="^\.?ssl\.trashmail\.net$" name=".+" />
+	<target host="trashmail.com" />
+	<target host="www.trashmail.com" />
+	<target host="flare.trashmail-static.com" />
 
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(?:ssl\.|www\.)?trashmail\.net/"
-		to="https://ssl.trashmail.net/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Trauer.de.xml b/src/chrome/content/rules/Trauer.de.xml
new file mode 100644
index 000000000000..9911e2cbc5ce
--- /dev/null
+++ b/src/chrome/content/rules/Trauer.de.xml
@@ -0,0 +1,17 @@
+<!--
+	^: 404
+
+-->
+<ruleset name="Trauer.de">
+
+	<target host="trauer.de" />
+	<target host="www.trauer.de" />
+	<target host="forum.trauer.de" />
+
+
+	<rule from="^http://(?:www\.)?trauer\.de/"
+		to="https://www.trauer.de/" />
+
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TravelBlog.xml b/src/chrome/content/rules/TravelBlog.xml
new file mode 100644
index 000000000000..835e2edb6898
--- /dev/null
+++ b/src/chrome/content/rules/TravelBlog.xml
@@ -0,0 +1,10 @@
+<ruleset name="TravelBlog">
+	<target host=       "travelblog.org" />
+	<target host="photos.travelblog.org" />
+	<target host=   "www.travelblog.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TravelDoctor.xml b/src/chrome/content/rules/TravelDoctor.xml
new file mode 100644
index 000000000000..5045bf52c2ac
--- /dev/null
+++ b/src/chrome/content/rules/TravelDoctor.xml
@@ -0,0 +1,7 @@
+<ruleset name="Travel Doctor">
+	<target host="traveldoctor.com.au" />
+	<target host="www.traveldoctor.com.au" />
+
+	<rule from="^http://(?:www\.)?traveldoctor\.com\.au/"
+		to="https://www.traveldoctor.com.au/" />
+</ruleset>
diff --git a/src/chrome/content/rules/TravelNow.xml b/src/chrome/content/rules/TravelNow.xml
index c08c586f3922..513ac4da2ae2 100644
--- a/src/chrome/content/rules/TravelNow.xml
+++ b/src/chrome/content/rules/TravelNow.xml
@@ -1,26 +1,61 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://dg.travelnow.com/ => https://dg.travelnow.com/: (6, 'Could not resolve host: dg.travelnow.com')
+
 	Some pages started redirecting to http, including:
 
 		- templates/331656?showOptions=false
 		- templates/331656/hotels/list
 		- templates/331656/hotels/200950/overview
 
+
+	Insecure cookies are set for these domains:
+
+		- .travelnow.com
+		- .www.travelnow.com
+
 -->
-<ruleset name="TravelNow (partial)">
+<ruleset name="TravelNow.com (partial)" default_off="failed ruleset test">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="travelnow.com" />
-	<target host="*.travelnow.com" />
-		<exclusion pattern="^https?://(?:www\.)?travelnow\.com/templates/331656(?:/?$|\?|/hotels/)" />
+	<target host="dg.travelnow.com" />
+	<target host="images.travelnow.com" />
+	<target host="www.travelnow.com" />
 
+		<!--exclusion pattern="^http://(www\.)?travelnow\.com/templates/331656(?:/?$|\?|/hotels/)" /-->
 
-	<!--securecookie host="^(.*\.)?travelnow\.com$" name=".*" /-->
+		<exclusion pattern="^http://(?:www\.)?travelnow\.com/(?!.+\.(?:JPG|css|gif|ico|png)(?:$|\?))" />
 
+			<!--	+ve:
+					-->
+			<test url="http://travelnow.com/selfService/searchByIdAndEmail" />
+			<test url="http://www.travelnow.com/selfService/searchByIdAndEmail" />
+			<test url="http://travelnow.com/templates/336616" />
+			<test url="http://www.travelnow.com/templates/336616" />
+			<test url="http://travelnow.com/templates/471605" />
+			<test url="http://www.travelnow.com/templates/471605" />
+			<test url="http://travelnow.com/templates/84505/hotels/list" />
+			<test url="http://www.travelnow.com/templates/84505/hotels/list" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.travelnow.com/favicon.ico" />
+			<test url="http://travelnow.com/templates/336616/static/57/default/images/core/tp-rating.png" />
+			<test url="http://www.travelnow.com/templates/336616/static/57/default/images/core/tp-rating.png" />
+
+
+	<!--	Not secured by server:
+					-->
+	<securecookie host="^\.travelnow\.com$" name="^(?:ServerPool|TACds|TASession|TAUnique)$" />
+	<securecookie host="^\.www\.travelnow\.com$" name="^TASSK$" />
+
+	<!--securecookie host="^(.*\.)?travelnow\.com$" name=".*" /-->
 
-	<!--	Cert only matches *.travelnow.com	-->
-	<rule from="^https?://(?:www\.)?travelnow\.com/"
-		to="https://www.travelnow.com/" />
 
-	<rule from="^http://(dg|images)\.travelnow\.com/"
-		to="https://$1.travelnow.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/TravelPod.xml b/src/chrome/content/rules/TravelPod.xml
deleted file mode 100644
index d0735459b0a7..000000000000
--- a/src/chrome/content/rules/TravelPod.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)	(redirects to http)
-
--->
-<ruleset name="TravelPod (partial)">
-
-	<target host="images.travelpod.com" />
-
-
-	<rule from="^http://images\.travelpod\.com/(?!cgi-bin/|users/)"
-		to="https://images.travelpod.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Travel_Plan.xml b/src/chrome/content/rules/Travel_Plan.xml
index 85ef8bbc6be7..e5fd9a0a5b73 100644
--- a/src/chrome/content/rules/Travel_Plan.xml
+++ b/src/chrome/content/rules/Travel_Plan.xml
@@ -1,4 +1,14 @@
-<ruleset name="Travel Plan">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://travelplan.gr/ => https://travelplan.gr/: (7, 'Failed to connect to travelplan.gr port 443: Connection refused')
+Fetch error: http://www.travelplan.gr/ => https://www.travelplan.gr/: (7, 'Failed to connect to www.travelplan.gr port 443: Connection refused')
+
+Automatically by https-everywhere-checker because:
+Fetch error: http://travelplan.gr/ => https://travelplan.gr/: Cycle detected - URL already encountered: https://travelplan.gr/
+Fetch error: http://www.travelplan.gr/ => https://www.travelplan.gr/: Cycle detected - URL already encountered: https://www.travelplan.gr/
+-->
+<ruleset name="Travel Plan" default_off="failed ruleset test">
 
 	<target host="travelplan.gr" />
 	<target host="www.travelplan.gr" />
@@ -7,7 +17,6 @@
 	<securecookie host="^(?:www\.)?travelplan\.gr$" name=".+" />
 
 
-	<rule from="^http://(www\.)?travelplan\.gr/"
-		to="https://$1travelplan.gr/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Travel_Republic.xml b/src/chrome/content/rules/Travel_Republic.xml
index 70838d889e96..2862dba07e45 100644
--- a/src/chrome/content/rules/Travel_Republic.xml
+++ b/src/chrome/content/rules/Travel_Republic.xml
@@ -1,36 +1,38 @@
 <!--
-	Nonfunctional travelrepublic.co.uk subdomains:
+	Problematic hosts in *travelrepublic.co.uk:
 
-		- blog		(http reply)
-		- static	(refused)
+		- blog *
+		- static *
 
-
-	Problematic domains:
-
-		- travelrepublic.co.uk *
-		- (www.)travelrepublic.com *
-
-	* Cert only matches www.travelrepublic.co.uk
+	* Mismatched
 
 -->
 <ruleset name="Travel Republic (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="travelrepublic.co.uk" />
-	<target host="*.travelrepublic.co.uk" />
+	<target host="m.travelrepublic.co.uk" />
+	<!--target host="static.travelrepublic.co.uk" /-->
+	<target host="www.travelrepublic.co.uk" />
+
 	<target host="travelrepublic.com" />
 	<target host="www.travelrepublic.com" />
 
+	<!--	Complications:
+				-->
+	<target host="blog.travelrepublic.co.uk" />
 
-	<securecookie host="^(?:m|www)?\.travelrepublic\.co\.uk$" name=".+" />
 
+	<securecookie host="^(?:m|www)?\.travelrepublic\.co\.uk$" name=".+" />
 
-	<rule from="^http://(?:www\.)?travelrepublic\.co\.uk/"
-		to="https://www.travelrepublic.co.uk/" />
 
-	<rule from="^http://m\.travelrepublic\.co\.uk/"
-		to="https://m.travelrepublic.co.uk/" />
+	<!--	Redirect keeps path, args, and forward slash:
+							-->
+	<rule from="^http://blog\.travelrepublic\.co\.uk/"
+		to="https://www.travelrepublic.co.uk/blog/" />
 
-	<rule from="^http://(?:www\.)?travelrepublic\.com/.*"
-		to="https://www.travelrepublic.co.uk/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Travelingnuker.com.xml b/src/chrome/content/rules/Travelingnuker.com.xml
index 4b4de20a974f..36e14d307180 100644
--- a/src/chrome/content/rules/Travelingnuker.com.xml
+++ b/src/chrome/content/rules/Travelingnuker.com.xml
@@ -1,11 +1,28 @@
 <!--
-	!www: mismatched
+	Nonfunctional subdomains:
+
+		- img *
+
+	* Refused
+
+
+	!www: Reset
+
+
+	Mixed content:
+
+		- Images, on www from:
+
+			- blog *
+			- img *
+
+	* Unsecurable <= refused
 
 -->
-<ruleset name="Travelingnuker.com">
+<ruleset name="Travelingnuker.com (partial)">
 
 	<target host="travelingnuker.com" />
-	<target host="*.travelingnuker.com" />
+	<target host="www.travelingnuker.com" />
 
 
 	<securecookie host="^(?:www)?\.travelingnuker\.com$" name=".+" />
@@ -14,4 +31,4 @@
 	<rule from="^http://(?:www\.)?travelingnuker\.com/"
 		to="https://www.travelingnuker.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Travelmarket.com.xml b/src/chrome/content/rules/Travelmarket.com.xml
index 1e92c4694c9c..53b6e82fc704 100644
--- a/src/chrome/content/rules/Travelmarket.com.xml
+++ b/src/chrome/content/rules/Travelmarket.com.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://tmcomponents.travelmarket.com/ => https://tmcomponents.travelmarket.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
 	Nonfunctional subdomains:
 
 		- (www.) *
@@ -7,7 +11,7 @@
 	* Refused
 
 -->
-<ruleset name="Travelmarket.com (partial)">
+<ruleset name="Travelmarket.com (partial)" default_off="failed ruleset test">
 
 	<target host="tmcomponents.travelmarket.com" />
 
@@ -15,7 +19,6 @@
 	<securecookie host="^tmcomponents\.travelmarket\.com$" name=".+" />
 
 
-	<rule from="^http://tmcomponents\.travelmarket\.com/"
-		to="https://tmcomponents.travelmarket.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Travelocity.xml b/src/chrome/content/rules/Travelocity.xml
new file mode 100644
index 000000000000..bad884ee8c31
--- /dev/null
+++ b/src/chrome/content/rules/Travelocity.xml
@@ -0,0 +1,21 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://travelocity.com/ (200) => https://www.travelocity.com/ (403)
+
+-->
+<ruleset name="Travelocity" default_off="failed ruleset test">
+	<target host=    "travelocity.com" />
+	<target host="www.travelocity.com" />
+	<target host=    "travelocity.ca" />
+	<target host="www.travelocity.ca" />
+
+  	<securecookie host="^www\.travelocity\.(com|ca)$" name=".+" />
+
+  	<!-- timeout -->
+	<rule from="^http://travelocity\.(com|ca)/"
+		to="https://www.travelocity.$1/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Travelspecialistsite.com.xml b/src/chrome/content/rules/Travelspecialistsite.com.xml
new file mode 100644
index 000000000000..f63c24a2ca8f
--- /dev/null
+++ b/src/chrome/content/rules/Travelspecialistsite.com.xml
@@ -0,0 +1,29 @@
+<!--
+	Problematic hosts in *travelspecialistsite.com:
+
+		- manager *
+
+	* Server sends no certificate chain, see https://whatsmychaincert.com
+
+
+	Fully covered hosts in *travelspecialistsite.com:
+
+		- manager
+
+
+	These altnames don't exist:
+
+		- www.manager.travelspecialistsite.com
+
+-->
+<ruleset name="travelspecialistsite.com" default_off="cert-chain">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="manager.travelspecialistsite.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Travelzoo.com.xml b/src/chrome/content/rules/Travelzoo.com.xml
index 8aecbc5fe0c3..290ce2e978c5 100644
--- a/src/chrome/content/rules/Travelzoo.com.xml
+++ b/src/chrome/content/rules/Travelzoo.com.xml
@@ -44,9 +44,13 @@
 -->
 <ruleset name="Travelzoo.com (partial)">
 
-	<target host="*.tzoo-img.com" />
+	<target host="ssl.tzoo-img.com" />
+	<target host="www.tzoo-img.com" />
 	<target host="travelzoo.com" />
-	<target host="*.travelzoo.com" />
+	<target host="ssl.travelzoo.com" />
+	<target host="www.travelzoo.com" />
+	<target host="oascentral.travelzoo.com" />
+	<target host="cache.travelzoo.com" />
 
 
 	<securecookie host="^ssl\.travelzoo\.com$" name=".+" />
@@ -61,4 +65,4 @@
 	<rule from="^http://(?:cache\.travelzoo|(?:ssl|www)\.tzoo-img)\.com/"
 		to="https://ssl.tzoo-img.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Travis-CI.org.xml b/src/chrome/content/rules/Travis-CI.org.xml
new file mode 100644
index 000000000000..37a6e1410450
--- /dev/null
+++ b/src/chrome/content/rules/Travis-CI.org.xml
@@ -0,0 +1,36 @@
+<!--
+	Mismatched:
+		- about (*.herokuapp.com)
+		- foundation (www.github.com)
+		- next(www.github.com)
+		- love (www.github.com)
+		- changelog (*.tumblr.com)
+
+	Redirects to HTTP:
+		- rubies.travis-ci.org
+
+	Dropped:
+		- foundation.travis-ci.com
+-->
+
+<ruleset name="Travis-CI.org">
+	<target host="travis-ci.org" />
+	<target host="www.travis-ci.org" />
+	<target host="cdn.travis-ci.org" />
+	<target host="love.travis-ci.org" />
+	<target host="lint.travis-ci.org" />
+	<target host="developer.travis-ci.org" />
+	<target host="api.travis-ci.org" />
+	<target host="travis-ci.com" />
+	<target host="www.travis-ci.com" />
+	<target host="billing.travis-ci.com" />
+	<target host="blog.travis-ci.com" />
+	<target host="cdn.travis-ci.com" />
+	<target host="docs.travis-ci.com" />
+	<target host="enterprise.travis-ci.com" />
+	<target host="education.travis-ci.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Travis_CI.xml b/src/chrome/content/rules/Travis_CI.xml
deleted file mode 100644
index 7f9e176107d7..000000000000
--- a/src/chrome/content/rules/Travis_CI.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	Problematic subdomains:
-
-		- www		(mismatched, CN: *.heroku.com)
-
--->
-<ruleset name="Travis CI">
-
-	<target host="travis-ci.org" />
-	<target host="*.travis-ci.org" />
-
-
-	<rule from="^http://(?:(api\.|secure\.)|www\.)?travis-ci\.org/"
-		to="https://$1travis-ci.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Traviscistatus.com.xml b/src/chrome/content/rules/Traviscistatus.com.xml
new file mode 100644
index 000000000000..269dee21a299
--- /dev/null
+++ b/src/chrome/content/rules/Traviscistatus.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="Traviscistatus.com">
+	<target host="traviscistatus.com" />
+	<target host="www.traviscistatus.com" />
+	<rule from="^http://traviscistatus\.com/"
+		to="https://www.traviscistatus.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Treasury.gov.xml b/src/chrome/content/rules/Treasury.gov.xml
new file mode 100644
index 000000000000..2ec2bf2392f5
--- /dev/null
+++ b/src/chrome/content/rules/Treasury.gov.xml
@@ -0,0 +1,74 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://portal.donotpay.treasury.gov/ => https://portal.donotpay.treasury.gov/: (6, 'Could not resolve host: portal.donotpay.treasury.gov')
+Fetch error: http://m.treasury.gov/ => https://m.treasury.gov/: (51, "SSL: no alternative certificate subject name matches target host name 'm.treasury.gov'")
+
+
+
+	Nonfunctional hosts in *treasury.gov:
+
+		- donotpay ¹
+		- search ²
+
+	¹ Dropped
+	² 403
+
+
+	^treasury.gov: Dropped
+
+
+	These altnames don't exist:
+
+		- www.sdc.fiscal.treasury.gov
+
+
+	Insecure cookies are set for these hosts:
+
+		- fiscal.treasury.gov
+		- sdc.fiscal.treasury.gov
+		- www.fiscal.treasury.gov
+		- m.treasury.gov
+		- www.treasury.gov
+
+
+	Mixed content:
+
+		- Images on m, www from farm\d.staticflickr.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Treasury.gov (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="portal.donotpay.treasury.gov" />
+	<target host="sdc.fiscal.treasury.gov" />
+	<target host="www.fiscal.treasury.gov" />
+	<target host="m.treasury.gov" />
+	<target host="thenew10.treasury.gov" />
+	<target host="www.thenew10.treasury.gov" />
+	<target host="www.treasury.gov" />
+
+	<!--	Complications:
+				-->
+	<target host="treasury.gov" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?fiscal\.treasury\.gov$" name="^BIGipServer" /-->
+	<!--securecookie host="^sdc\.fiscal\.treasury\.gov$" name="^(?:ACOOKIE|WEBTRENDS_ID)$" /-->
+	<!--securecookie host="^(?:m|www)\.treasury\.gov$" name="^(?:HASH_)?ROUTEID\.[\da-f]{32}$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://treasury\.gov/"
+		to="https://www.treasury.gov/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Treasurydirect.gov.xml b/src/chrome/content/rules/Treasurydirect.gov.xml
index 8eedb3aab7ea..d504b684b7d9 100644
--- a/src/chrome/content/rules/Treasurydirect.gov.xml
+++ b/src/chrome/content/rules/Treasurydirect.gov.xml
@@ -1,6 +1,13 @@
-<ruleset name="TreasuryDirect" platform="mixedcontent">
-  <target host="treasurydirect.gov" />
-  <target host="www.treasurydirect.gov" />
+<!--
+
+-->
+<ruleset name="TreasuryDirect.gov">
+
+	<target host="treasurydirect.gov" />
+	<target host="www.treasurydirect.gov" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
-  <rule from="^http://(?:www\.)?treasurydirect\.gov/" to="https://www.treasurydirect.gov/" />
 </ruleset>
diff --git a/src/chrome/content/rules/TreeHouse_I.com.xml b/src/chrome/content/rules/TreeHouse_I.com.xml
new file mode 100644
index 000000000000..52161586b901
--- /dev/null
+++ b/src/chrome/content/rules/TreeHouse_I.com.xml
@@ -0,0 +1,38 @@
+<!--
+	^: <=ssl3 only
+
+
+	Insecure cookies are set for these hosts:
+
+		- mv.treehousei.com
+		- www.treehousei.com
+
+-->
+<ruleset name="TreeHouse I.com">
+
+	<!--	Direct rewrites;
+				-->
+	<target host="mv.treehousei.com" />
+	<target host="www.treehousei.com" />
+
+	<!--	Complications:
+				-->
+	<target host="treehousei.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(mv|www)\.treehousei\.com$" name="^BIGipServerHTTP_Pool$" /-->
+	<!--securecookie host="^mv\.treehousei\.com$" name="^thi\.mv\.dlreq$" /-->
+	<!--securecookie host="^www\.treehousei\.com$" name="^TS[\da-f]$" /-->
+
+	<securecookie host="^(?:mv|www)\.treehousei\.com$" name=".+" />
+
+
+	<rule from="^http://treehousei\.com/"
+		to="https://www.treehousei.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TreeHugger.com.xml b/src/chrome/content/rules/TreeHugger.com.xml
deleted file mode 100644
index ff5f3f2b29fc..000000000000
--- a/src/chrome/content/rules/TreeHugger.com.xml
+++ /dev/null
@@ -1,32 +0,0 @@
-<!--
-	CDN buckets:
-
-		- media.treehugger.com.edgesuite.net
-
-			- a1168.g.akamai.net
-
-		- static.treehugger.com.edgesuite.net
-
-			- a1186.g.akamai.net
-
-		- www.treehugger.com.edgesuite.net
-
-
-	Nonfunctional subdomains:
-
-		- ^	(refused)
-		- www	(503, akamai)
-
--->
-<ruleset name="TreeHugger.com (partial)">
-
-	<target host="*.treehugger.com" />
-
-
-	<rule from="^http://media\.treehugger\.com/"
-		to="https://a248.e.akamai.net/f/1168/9749/8m/media.treehugger.com/" />
-
-	<rule from="^http://static\.treehugger\.com/"
-		to="https://a248.e.akamai.net/f/1186/566/7m/static.treehugger.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Trefis.xml b/src/chrome/content/rules/Trefis.xml
index 3648b85beb3e..c664d1009dc2 100644
--- a/src/chrome/content/rules/Trefis.xml
+++ b/src/chrome/content/rules/Trefis.xml
@@ -1,4 +1,6 @@
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://trefis.com/ => https://www.trefis.com/: Cycle detected - URL already encountered: https://www.trefis.com/
 	CDN buckets:
 
 		- wp-uploads-trefis.s3.amazonaws.com
@@ -12,16 +14,16 @@
 <ruleset name="Trefis">
 
 	<target host="trefis.com" />
-	<target host="*.trefis.com" />
+	<target host="www.trefis.com" />
+	<target host="cdn.trefis.com" />
 
 
 	<securecookie host="^www\.trefis\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?trefis\.com/"
+	<rule from="^http://(?:www\.)?trefis\.com/"
 		to="https://www.trefis.com/" />
 
-	<rule from="^http://cdn\.trefis\.com/"
-		to="https://cdn.trefis.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Trekaroo.xml b/src/chrome/content/rules/Trekaroo.xml
deleted file mode 100644
index bae8a4948a03..000000000000
--- a/src/chrome/content/rules/Trekaroo.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- cdn[12]	(502)
-
-
-	Problematic subdomains:
-
-		- ^	(502)
-
--->
-<ruleset name="Trekaroo (partial)">
-
-	<target host="trekaroo.com" />
-	<target host="*.trekaroo.com" />
-		<exclusion pattern="^https?://(?:www\.)?trekaroo\.com/(?!img/|images/|photos/|stylesheets/)" />
-
-
-	<rule from="^https?://(?:cdn[12]\.|www\.)?trekaroo\.com/"
-		to="https://www.trekaroo.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Trellian.xml b/src/chrome/content/rules/Trellian.xml
index eb5910334188..b0348f91a02c 100644
--- a/src/chrome/content/rules/Trellian.xml
+++ b/src/chrome/content/rules/Trellian.xml
@@ -3,10 +3,9 @@
 
 		- Above.com.xml
 		- Global_Promote.xml
-		- Keyword_Discovery.xml
+		- KeywordDiscovery.com.xml
 		- NeedMoreHits.com.xml
 		- PrioritySubmit.com.xml
-		- ToolbarBrowser.com.xml
 
 
 	Problematic subdomains:
@@ -30,7 +29,4 @@
 	<rule from="^http://(?:www\.)?trellian\.com/"
 		to="https://www.trellian.com/" />
 
-	<rule from="^http://bid\.trellian\.com/(\?.*)?$"
-		to="https://www.trellian.com/dsn/index.html$1" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Trello.xml b/src/chrome/content/rules/Trello.xml
index 7eefa1cb4fdc..15427ae0539d 100644
--- a/src/chrome/content/rules/Trello.xml
+++ b/src/chrome/content/rules/Trello.xml
@@ -1,17 +1,26 @@
 <!--
 	For other Fog Creek coverage, see Fog_Creek.xml.
 
+	Mismatched:
+		- help (*.helpscoutdocs.com)
+		- mail (mandrillapp.com)
 -->
-<ruleset name="Trello">
 
+<ruleset name="Trello.com">
 	<target host="trello.com" />
+	<target host="w.trello.com" />
+	<target host="ww.trello.com" />
 	<target host="www.trello.com" />
+	<target host="wwww.trello.com" />
+	<target host="api.trello.com" />
+	<target host="blog.trello.com" />
+	<target host="c.trello.com" />
+	<target host="br.blog.trello.com" />
+	<target host="developers.trello.com" />
+	<target host="info.trello.com" />
+	<target host="tech.trello.com" />
 
+	<securecookie host=".+" name=".+" />
 
-	<securecookie host="^(?:www\.)?trello\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?trello\.com/"
-		to="https://$1trello.com/" />
-
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Tremor-Media.xml b/src/chrome/content/rules/Tremor-Media.xml
deleted file mode 100644
index aba96d51a7e4..000000000000
--- a/src/chrome/content/rules/Tremor-Media.xml
+++ /dev/null
@@ -1,40 +0,0 @@
-<!--
-	For other Tremor Video coverage, see Tremor_Video.com.xml.
-
-
-	CDN buckets:
-
-		- cdn.tremormedia.com.edgesuite.net
-
-			- a1576.g.akamai.net
-
-		- objectsorigin.tremormedia.edgesuite.net
-
-			- a1761.g.akamai.net
-
-
-	Nonfunctional subdomains:
-
-		- dc	(dropped)
-
-
-	Problematic subdomains:
-
-		- cdn *
-		- oobjects *
-
-	* Works, akamai
-
--->
-<ruleset name="Tremor Media.com (partial)">
-
-	<target host="*.tremormedia.com" />
-
-
-	<rule from="^http://cdn\.tremormedia\.com/"
-		to="https://a248.e.akamai.net/f/1576/4225/8m/cdn.tremormedia.com/" />
-
-	<rule from="^http://objects\.tremormedia\.com/"
-		to="https://a248.e.akamai.net/f/1761/2685/4d/objects.tremormedia.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Tremor_Video.com.xml b/src/chrome/content/rules/Tremor_Video.com.xml
index ea78b0e9882e..e24d6bf44451 100644
--- a/src/chrome/content/rules/Tremor_Video.com.xml
+++ b/src/chrome/content/rules/Tremor_Video.com.xml
@@ -2,7 +2,6 @@
 	Other Tremor Video rulesets:
 
 		- Scanscout.com.xml
-		- Tremor-Media.xml
 		- VideoHub.tv.xml
 
 
@@ -37,4 +36,4 @@
 	<rule from="^http://investor\.tremorvideo\.com/(modul|sit)es/"
 		to="https://tremorvideo.investorhq.businesswire.com/$1es/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Tremorhub.com.xml b/src/chrome/content/rules/Tremorhub.com.xml
new file mode 100644
index 000000000000..6071c7fec87c
--- /dev/null
+++ b/src/chrome/content/rules/Tremorhub.com.xml
@@ -0,0 +1,17 @@
+<ruleset name="TremorHub">
+
+	<target host="appnexus-partners.tremorhub.com" />
+	<target host="cdn.tremorhub.com" />
+	<target host="config.tremorhub.com" />
+	<target host="console.tremorhub.com" />
+	<target host="events.tremorhub.com" />
+	<target host="eyeview-partners.tremorhub.com" />
+	<target host="partners.tremorhub.com" />
+	<target host="sundaysky-partners.tremorhub.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TrendWeight.xml b/src/chrome/content/rules/TrendWeight.xml
index 2052781b3317..c11669d47f14 100644
--- a/src/chrome/content/rules/TrendWeight.xml
+++ b/src/chrome/content/rules/TrendWeight.xml
@@ -1,13 +1,12 @@
 <ruleset name="TrendWeight">
 
 	<target host="trendweight.com" />
-	<target host="*.trendweight.com" />
+	<target host="www.trendweight.com" />
 
 
 	<securecookie host="^(?:w*\.)?trendweight\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?trendweight\.com/"
-		to="https://$1trendweight.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Trend_Micro-falsemixed.xml b/src/chrome/content/rules/Trend_Micro-falsemixed.xml
index df4cb1b434f1..1d0c595a26f6 100644
--- a/src/chrome/content/rules/Trend_Micro-falsemixed.xml
+++ b/src/chrome/content/rules/Trend_Micro-falsemixed.xml
@@ -2,16 +2,12 @@
 	For rules not causing false MCB, see Trend_Micro.xml.
 
 -->
-<ruleset name="Trend Micro (false MCB)" platform="mixedcontent">
+<ruleset name="Trend Micro.com (false MCB)" platform="mixedcontent">
 
 	<target host="blog.trendmicro.com" />
-		<!--
-			Handled in Trend_Micro.xml:
-							-->
-		<exclusion pattern="^http://blog\.trendmicro\.com/(?:[\w-]+/files/|wp-content/)" />
 
 
-	<rule from="^http://blog\.trendmicro\.com/"
-		to="https://blog.trendmicro.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Trend_Micro-problematic.xml b/src/chrome/content/rules/Trend_Micro-problematic.xml
index 19c9e68f2720..df03566457ab 100644
--- a/src/chrome/content/rules/Trend_Micro-problematic.xml
+++ b/src/chrome/content/rules/Trend_Micro-problematic.xml
@@ -1,17 +1,15 @@
 <!--
-	For rules that are on by default, see Trend_Micro.xml.
+	For rules not causing false/broken MCB, see Trend_Micro.eu.xml.
 
 -->
-<ruleset name="Trend Micro (problematic)" default_off="mismatched">
+<ruleset name="Trend Micro.eu (false MCB)" platform="mixedcontent">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="countermeasures.trendmicro.eu" />
-		<!--
-			These paths are handled in Trend_Micro.xml:
-							-->
-		<exclusion pattern="^http://countermeasures\.trendmicro\.eu/(?:favicon\.ico|wp-content/(?!plugins/youtube-channel-gallery/styles\.css))" />
 
 
-	<rule from="^http://countermeasures\.trendmicro\.eu/"
-		to="https://countermeasures.trendmicro.eu/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Trend_Micro.de.xml b/src/chrome/content/rules/Trend_Micro.de.xml
new file mode 100644
index 000000000000..6b1daa6cf021
--- /dev/null
+++ b/src/chrome/content/rules/Trend_Micro.de.xml
@@ -0,0 +1,38 @@
+<!--
+	For other Trend Micro coverage, see Trend_Micro.xml.
+
+
+	Problematic hosts in *trendmicro.de:
+
+		- ^ ¹
+		- blog ²
+		- www ³
+
+	¹ Redirect destination cert mismatched
+	² Mixed css
+	³ Akamai
+
+
+	Mixed content:
+
+		- css on blog from $self
+
+		- Images, on:
+
+			- blog from documents.trendmicro.com
+			- blog from $self
+
+-->
+<ruleset name="Trend Micro.de" default_off="mismatched" platform="mixedcontent">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="trendmicro.de" />
+	<target host="blog.trendmicro.de" />
+	<target host="www.trendmicro.de" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Trend_Micro.eu.xml b/src/chrome/content/rules/Trend_Micro.eu.xml
new file mode 100644
index 000000000000..75788e4c0517
--- /dev/null
+++ b/src/chrome/content/rules/Trend_Micro.eu.xml
@@ -0,0 +1,73 @@
+<!--
+	For rules causing false/broken MCB, see Trend_Micro-problematic.xml.
+
+	For other Trend Micro coverage, see Trend_Micro.xml.
+
+
+	CDN buckets:
+
+		- global-web.trendmicro.com.edgesuite.net
+
+			- countermeasures.trendmicro.eu
+
+
+	Problematic hosts in *trendmicro.eu:
+
+		- countermeasures ¹
+		- eeur ²
+
+	¹ Mixed css
+	² Akamai
+
+
+	Insecure cookies are set for these hosts:
+
+		- partnerlocator.trendmicro.eu
+
+
+	Mixed content:
+
+		- css on countermeasures from $self *
+		- Images on countermeasures from $self *
+		- favicon on eeur from $self
+
+	* Secured by us
+
+-->
+<ruleset name="Trend Micro.eu (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="trendmicro.eu" />
+	<target host="countermeasures.trendmicro.eu" />
+	<target host="partnerlocator.trendmicro.eu" />
+	<target host="www.trendmicro.eu" />
+
+		<!--	Avoid broken MCB:
+						-->
+		<exclusion pattern="^http://countermeasures\.trendmicro\.eu/+(?!favicon\.ico|wp-content/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://countermeasures.trendmicro.eu/about/" />
+			<test url="http://countermeasures.trendmicro.eu/category/data-leakage/" />
+			<test url="http://countermeasures.trendmicro.eu/disclaimer-2/" />
+			<test url="http://countermeasures.trendmicro.eu/page/2/" />
+
+			<!--	-ve:
+					-->
+			<test url="http://countermeasures.trendmicro.eu/favicon.ico" />
+			<test url="http://countermeasures.trendmicro.eu/wp-content/plugins/yet-another-related-posts-plugin/style/widget.css" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^partnerlocator\.trendmicro\.eu$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Trend_Micro.xml b/src/chrome/content/rules/Trend_Micro.xml
index 3986f5a22480..6f87443a13f3 100644
--- a/src/chrome/content/rules/Trend_Micro.xml
+++ b/src/chrome/content/rules/Trend_Micro.xml
@@ -1,18 +1,19 @@
 <!--
 	For rules causing false MCB, see Trend_Micro-falsemixed.xml.
 
-	For problematic rules, see Trend_Micro-problematic.xml.
+
+	Other Trend Micro rulesets:
+
+		- Trend_Micro.de.xml
+		- Trend_Micro.eu.xml
+		- Zero_Day_Initiative.com.xml
 
 
 	CDN buckets:
 
 		- trend-fail.download.trendmicro.com.edgesuite.net
-
 		- global-web.trendmicro.com.edgesuite.net
 
-			- a489.g.akamai.net
-			- countermeasures.trendmicro.eu
-
 
 	Nonfunctional domains:
 
@@ -23,11 +24,14 @@
 
 		- trendmicro.com subdomains:
 
-			- ^
 			- about-threats **
 			- de ***
+			- community		Shows ssl.trendmicro.com
+			- documents		Refused
+			- downloadcenter	Redirects to forms.trendmicro.com
 			- fr ***
-			- housecall **
+			- newsroom	500
+			- uk		403
 
 		- trendmicro.co.uk *
 		- www.trendmicro.co.uk **
@@ -37,21 +41,18 @@
 	*** "Server Error", akamai
 
 
-	Problematic domains:
+	Problematic hosts in *trendmicro.com:
 
-		- countermeasures.trendmicro.eu		(works, akamai)
+		- amea ¹
+		- apac ¹
+		- blog ²
+		- feeds ³
+		- free ¹
+		- housecall ¹
 
-
-	Partially covered domains:
-
-		- countermeasures.trendmicro.eu		(→ akamai)
-
-
-	Fully covered domains:
-
-		- trendmicro.com subdomains:
-
-			- corelib
+	¹ Akamai
+	² Mixed css
+	³ Feedburner
 
 
 	Mixed content:
@@ -63,52 +64,61 @@
 
 		- css on blog from blog *
 		- Images on blog from blog *
+		- favicon on apac, free, housecall from apac.trendmicro.com
 
-		- Web bugs:
+		- Bugs:
 
 			- On blog from edge.quantserve.com *
 			- On blog from platform.twitter.com *
 
 	* Secured by us
 
-
-	NB: We secure all resources, and thus
-	-falsemixed should be merged for Ffx 24.
-
 -->
-<ruleset name="Trend Micro (partial)">
+<ruleset name="Trend Micro.com (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="trendmicro.com" />
-	<target host="*.trendmicro.com" />
-	<target host="trendmicro.eu" />
-	<target host="*.trendmicro.eu" />
-		<!--
-			Exclude pages so as to avoid false MCB:
+	<target host="blog.trendmicro.com" />
+	<target host="corelib.trendmicro.com" />
+	<target host="esupport.trendmicro.com" />
+	<target host="forms.trendmicro.com" />
+	<target host="go.trendmicro.com" />
+	<target host="go2.trendmicro.com" />
+	<target host="ssl.trendmicro.com" />
+	<target host="www.trendmicro.com" />
+
+	<!--	Complications:
+				-->
+	<target host="feeds.trendmicro.com" />
+
+		<!--	Exclude pages so as to avoid false MCB:
 								-->
 		<exclusion pattern="^http://blog\.trendmicro\.com/(?![\w-]+/files/|wp-content/)" />
-		<!--
-			Exclude user-visible paths:
-							-->
-		<exclusion pattern="^http://countermeasures\.trendmicro\.eu/(?!favicon\.ico|wp-content/)" />
-		<!--
-			styles.css links to image relative to /
-								-->
-		<exclusion pattern="^http://countermeasures\.trendmicro\.eu/wp-content/plugins/youtube-channel-gallery/styles\.css" />
 
+			<!--	+ve:
+					-->
+			<test url="http://blog.trendmicro.com/author/rikferguson/" />
+			<test url="http://blog.trendmicro.com/page/2/" />
+			<test url="http://blog.trendmicro.com/websites-use-https/" />
+
+			<!--	-ve:
+					-->
+			<test url="http://blog.trendmicro.com/wp-content/uploads/2013/07/simply-security-logo.png" />
 
-	<securecookie host="^(?:\.blog|esupport)\.trendmicro\.com$" name=".+" />
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^esupport\.trendmicro\.com$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^forms\.trendmicro\.com$" name="^PHPSESSID$" /-->
 
-	<rule from="^http://(?:www\.)?trendmicro\.com/"
-		to="https://www.trendmicro.com/" />
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(blog|corelib|esupport|go)\.trendmicro\.com/"
-		to="https://$1.trendmicro.com/" />
 
-	<rule from="^http://(partnerlocator\.|www\.)?trendmicro\.eu/"
-		to="https://$1trendmicro.eu/" />
+	<rule from="^http://feeds\.trendmicro\.com/"
+		to="https://feeds.feedburner.com/" />
 
-	<rule from="^http://countermeasures\.trendmicro\.eu/"
-		to="https://a248.e.akamai.net/f/489/2696/8m/countermeasures.trendmicro.eu/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Trendin.com.xml b/src/chrome/content/rules/Trendin.com.xml
index 6026da6c1637..0f2746833541 100644
--- a/src/chrome/content/rules/Trendin.com.xml
+++ b/src/chrome/content/rules/Trendin.com.xml
@@ -1,13 +1,12 @@
 <ruleset name="Trendin.com">
 
 	<target host="trendin.com" />
-	<target host="*.trendin.com" />
+	<target host="www.trendin.com" />
 
 
 	<securecookie host="^(?:www)?\.trendin\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?trendin\.com/"
-		to="https://$1trendin.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Trey_Perry.com.xml b/src/chrome/content/rules/Trey_Perry.com.xml
new file mode 100644
index 000000000000..fd1674cacdef
--- /dev/null
+++ b/src/chrome/content/rules/Trey_Perry.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="Trey Perry.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="treyperry.com" />
+	<target host="www.treyperry.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Trgt.eu.xml b/src/chrome/content/rules/Trgt.eu.xml
index a3bbd6a77807..9e374b41b19b 100644
--- a/src/chrome/content/rules/Trgt.eu.xml
+++ b/src/chrome/content/rules/Trgt.eu.xml
@@ -1,9 +1,14 @@
-<ruleset name="trgt.eu">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cdn.trgt.eu/ => https://cdn.trgt.eu/: (6, 'Could not resolve host: cdn.trgt.eu')
+
+-->
+<ruleset name="trgt.eu" default_off="failed ruleset test">
 
 	<target host="cdn.trgt.eu" />
 
 
-	<rule from="^http://cdn\.trgt\.eu/"
-		to="https://cdn.trgt.eu/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Tri-CUE.xml b/src/chrome/content/rules/Tri-CUE.xml
index 6c5debe64974..2154776d2b7c 100644
--- a/src/chrome/content/rules/Tri-CUE.xml
+++ b/src/chrome/content/rules/Tri-CUE.xml
@@ -8,10 +8,9 @@
 	<target host="www.tricue.com" />
 
 
-	<securecookie host="^www\.tricue\.com$" name=".+" />	
+	<securecookie host="^www\.tricue\.com$" name=".+" />
 
 
-	<rule from="^http://www\.tricue\.com/"
-		to="https://www.tricue.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/TriDeci.xml b/src/chrome/content/rules/TriDeci.xml
deleted file mode 100644
index fb5b5ac72ce7..000000000000
--- a/src/chrome/content/rules/TriDeci.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="TriDeci">
-
-	<target host="trideci.com" />
-	<target host="www.trideci.com" />
-
-
-	<securecookie host="^(?:www\.)?trideci\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?trideci\.com/"
-		to="https://$1trideci.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/TrialPay.xml b/src/chrome/content/rules/TrialPay.xml
index b920d4ab0ec6..541ec3f2ba90 100644
--- a/src/chrome/content/rules/TrialPay.xml
+++ b/src/chrome/content/rules/TrialPay.xml
@@ -9,7 +9,8 @@
 <ruleset name="TrialPay (partial)" platform="mixedcontent">
 
 	<target host="trialpay.com" />
-	<target host="*.trialpay.com" />
+	<target host="www.trialpay.com" />
+	<target host="assets.trialpay.com" />
 		<!--
 			Redirects to http:
 						-->
@@ -22,7 +23,6 @@
 	<rule from="^http://(?:www\.)?trialpay\.com/"
 		to="https://www.trialpay.com/" />
 
-	<rule from="^http://assets\.trialpay\.com/"
-		to="https://d2n8p8eh14pae1.cloudfront.net/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Tribal_Fusion.com.xml b/src/chrome/content/rules/Tribal_Fusion.com.xml
index 06695ef764b7..21cec66eae4f 100644
--- a/src/chrome/content/rules/Tribal_Fusion.com.xml
+++ b/src/chrome/content/rules/Tribal_Fusion.com.xml
@@ -1,28 +1,47 @@
 <!--
-	Poblematic subdomains:
+	For other Exponential coverage, see Exponential.com.xml.
 
-		- ^	(mismatched, CN: *.tribalfusion.com)
 
+	^tribalfusion.com: Server sends no certificate chain, see https://whatsmychaincert.com
 
-	Fully covered subdomains:
 
-		- (www.)	(^ → www)
-		- a
+	Insecure cookies are set for these domains: ᶜ
+
+		- .tribalfusion.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="Tribal Fusion.com (partial)">
+<ruleset name="Tribal Fusion.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="a.tribalfusion.com" />
+	<target host="s.tribalfusion.com" />
+	<target host="www.tribalfusion.com" />
 
+	<!--	Complications:
+				-->
 	<target host="tribalfusion.com" />
-	<target host="*.tribalfusion.com" />
 
+		<test url="http://a.tribalfusion.com/i.match?p=&amp;u=&amp;google_error=3" />
+		<test url="http://a.tribalfusion.com/z/i.cid?c=&amp;d=&amp;page=landingPage" />
+		<test url="http://a.tribalfusion.com/z/i.match?p=&amp;u=&amp;google_error=3" />
+		<test url="http://s.tribalfusion.com/z/i.cid?c=&amp;d=&amp;page=" />
+		<test url="http://www.tribalfusion.com/adapp/login/expo9" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.tribalfusion\.com$" name="^(?:ANON_ID|RealLoginName|SAccess|Tkt1|copyFlightId|tfre)$" /-->
 
-	<securecookie host="^(?:www)?\.tribalfusion\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?tribalfusion\.com/"
+	<rule from="^http://tribalfusion\.com/"
 		to="https://www.tribalfusion.com/" />
 
-	<rule from="^http://a\.tribalfusion\.com/"
-		to="https://a.tribalfusion.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Tribalhosting.net.xml b/src/chrome/content/rules/Tribalhosting.net.xml
deleted file mode 100644
index 472f1a052c73..000000000000
--- a/src/chrome/content/rules/Tribalhosting.net.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="tribalhosting.net">
-
-	<target host="tribalhosting.net" />
-	<target host="*.tribalhosting.net" />
-
-
-	<rule from="^http://(assets\.|www\.)?tribalhosting\.net/"
-		to="https://$1tribalhosting.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Tribeca_Film.com.xml b/src/chrome/content/rules/Tribeca_Film.com.xml
new file mode 100644
index 000000000000..b84ed1d71dc4
--- /dev/null
+++ b/src/chrome/content/rules/Tribeca_Film.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- tribecafilm.com
+
+-->
+<ruleset name="Tribeca Film.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="tribecafilm.com" />
+	<target host="www.tribecafilm.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^tribecafilm\.com$" name="^_tribeca_session$" /-->
+
+	<securecookie host="^tribecafilm\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Tribeca_Film_Institute.org.xml b/src/chrome/content/rules/Tribeca_Film_Institute.org.xml
new file mode 100644
index 000000000000..d22a5f2b57ab
--- /dev/null
+++ b/src/chrome/content/rules/Tribeca_Film_Institute.org.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- tribecafilminstitute.org
+
+-->
+<ruleset name="Tribeca Film Institute.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="tribecafilminstitute.org" />
+	<target host="www.tribecafilminstitute.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^tribecafilminstitute\.org$" name="^(PHPSESSID|exp_last_activity|exp_last_visit|exp_stashid|exp_tracker)$" /-->
+
+	<securecookie host="^tribecafilminstitute\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Tribecastudios.co.uk.xml b/src/chrome/content/rules/Tribecastudios.co.uk.xml
new file mode 100644
index 000000000000..878fdd9a041a
--- /dev/null
+++ b/src/chrome/content/rules/Tribecastudios.co.uk.xml
@@ -0,0 +1,20 @@
+<!--
+	Nonfunctional hosts in *.tribecastudios.co.uk:
+
+		blog.tribecastudios.co.uk (r)
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Tribecastudios.co.uk">
+	<target host="tribecastudios.co.uk" />
+	<target host="www.tribecastudios.co.uk" />
+
+	<!-- accessing the bare domain with https: redirects to http://www.zingfit.com/
+	     so explicitly add www.
+	-->
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Tribler.org.xml b/src/chrome/content/rules/Tribler.org.xml
new file mode 100644
index 000000000000..5439dc444ae6
--- /dev/null
+++ b/src/chrome/content/rules/Tribler.org.xml
@@ -0,0 +1,23 @@
+<!--
+	Time out:
+		statistics.tribler.org
+
+	Invalid certficiate:
+		dispersyreporter.tribler.org
+		old.forum.tribler.org
+		kayapo.tribler.org
+		svn.tribler.org
+
+-->
+<ruleset name="Tribler">
+
+	<target host="tribler.org" />
+	<target host="www.tribler.org" />
+	<target host="forum.tribler.org" />
+	<target host="jenkins.tribler.org" />
+
+	<securecookie host="^www\.tribler\.org$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Tribler.xml b/src/chrome/content/rules/Tribler.xml
deleted file mode 100644
index 379bc10cec9c..000000000000
--- a/src/chrome/content/rules/Tribler.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	Nonfunctional domains:
-
-		- dl		(ssl_error_rx_record_too_long)
-		- forum		(cert: triblr.org; redirects to www)
-
--->
-<ruleset name="Tribler (partial)">
-
-	<target host="tribler.org" />
-	<target host="www.tribler.org" />
-
-
-	<securecookie host="^www\.tribler\.org$" name=".*" />
-
-
-	<rule from="^http://(www\.)?tribler\.org/"
-		to="https://$1tribler.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Tribune-mismatches.xml b/src/chrome/content/rules/Tribune-mismatches.xml
index b6c94124babe..e49f2c670881 100644
--- a/src/chrome/content/rules/Tribune-mismatches.xml
+++ b/src/chrome/content/rules/Tribune-mismatches.xml
@@ -2,7 +2,7 @@
 	For rules that are on by default, see Tribune.xml.
 
 -->
-<ruleset name="Tribune (mismatches)" default_off="mismatch">
+<ruleset name="Tribune (mismatches)" default_off="mismatched">
 
 	<!--	Akamai	-->
 	<target host="baltimoresun.com" />
@@ -12,7 +12,7 @@
 		<!--
 			Handled in Los_Angeles_Times.xml.
 								-->
-		<exclusion pattern="^https?://(?:www\.)?latimes\.com/(?:favicon\.ico|hive/|images/|includes/|media/|stylesheets/)" />
+		<exclusion pattern="^http://(?:www\.)?latimes\.com/(?:favicon\.ico|hive/|images/|includes/|media/|stylesheets/)" />
 
 
 	<rule from="^http://(?:www\.)?baltimoresun\.com/"
@@ -20,7 +20,7 @@
 
 	<!--	Cookies are handled in Los_Angeles_Times.xml.
 								-->
-	<rule from="^https?://(?:www\.)?latimes\.com/"
+	<rule from="^http://(?:www\.)?latimes\.com/"
 		to="https://www.latimes.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Tribune.xml b/src/chrome/content/rules/Tribune.xml
index 53c40619d257..ba3c621ff9cd 100644
--- a/src/chrome/content/rules/Tribune.xml
+++ b/src/chrome/content/rules/Tribune.xml
@@ -5,21 +5,27 @@
 	Other Tribune rulesets:
 
 		- Chicago_Tribune.xml
+		- courant.com.xml
 		- Los_Angeles_Times.xml
 
 
 	CDN buckets:
 
-		-  trb.edgesuite.net 
+		- s3.amazonaws.com/MG2_Tribune/
+
+		-  trb.edgesuite.net
 
 			- www.trbimg.com
 
+		- tribcmsprod.blob.core.windows.net
+
 
 	Nonfunctional domains:
 
 		- connect2maryland.baltimoresun.com	(times out)
 		- data.baltimoresun.com			(ssl_error_rx_record_too_long)
 		- www.chicagotribune.com		(Akamai; 301s to http)
+
 		- www.sun-sentinel.com			(Akamai; 301s to http)
 		- media.trb.com				(Akamai; 503)
 		- mv2.trb.com				(refused)
@@ -29,31 +35,22 @@
 
 	* Times out
 
-
-	Fully covered domains:
-
-		- *.signon.trb.com:
-
-			- latimes
-
 -->
 <ruleset name="Tribune (partial)">
 
-	<target host="courant.com" />
-	<target host="*.courant.com" />
 	<target host="*.signon.trb.com" />
 
+		<exclusion pattern="^http://(?:[^./]+\.){2,}signon\.trb\.com/" />
 
-	<rule from="^http://advertise\.courant\.com/"
-		to="https://advertise.courant.com/" />
+			<!--	+ve:
+					-->
+			<test url="http://this.host.signon.trb.com/" />
+			<test url="http://exists.not.signon.trb.com/" />
 
-	<rule from="^http://(?:www\.)?courant\.com/includes/uploads/2010/08/3A2C26D5_courant_logo_981x160b\.jpg$"
-		to="https://advertise.courant.com/portal/page/portal/Hartford%20Courant/Content%20Items/P2P/3A2C26D5_courant_logo_981x160b.jpg" />
+		<test url="http://latimes.signon.trb.com/" />
 
-	<rule from="^http://(?:www\.)?courant\.com/media/graphic/2009-06/47547079\.png$"
-		to="https://advertise.courant.com/portal/page/portal/Hartford%20Courant/Content%20Items/P2P/47547079.png" />
 
-	<rule from="^http://([\w-]+)\.signon\.trb\.com/"
-		to="https://$1.signon.trb.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Tricolumbia.org.xml b/src/chrome/content/rules/Tricolumbia.org.xml
index 0c7972dbe831..00bb1399e238 100644
--- a/src/chrome/content/rules/Tricolumbia.org.xml
+++ b/src/chrome/content/rules/Tricolumbia.org.xml
@@ -1,7 +1,15 @@
-<ruleset name="Tricolumbia.org">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://tricolumbia.org/ => https://www.tricolumbia.org/: (28, 'Connection timed out after 20000 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://tricolumbia.org/ => https://www.tricolumbia.org/: (60, 'SSL certificate problem: certificate has expired')
+-->
+<ruleset name="Tricolumbia.org" default_off="failed ruleset test">
 
 	<target host="tricolumbia.org" />
-	<target host="*.tricolumbia.org" />
+	<target host="www.tricolumbia.org" />
 
 
 	<securecookie host="^(?:www)?\.tricolumbia\.org$" name=".+" />
diff --git a/src/chrome/content/rules/Tridium.xml b/src/chrome/content/rules/Tridium.xml
index a89f689bc9a2..674c94436773 100644
--- a/src/chrome/content/rules/Tridium.xml
+++ b/src/chrome/content/rules/Tridium.xml
@@ -11,7 +11,7 @@
 	<securecookie host="^www\.tridium\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?tridium\.com/"
+	<rule from="^http://(?:www\.)?tridium\.com/"
 		to="https://www.tridium.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Triggit.com.xml b/src/chrome/content/rules/Triggit.com.xml
new file mode 100644
index 000000000000..50a16a9f3364
--- /dev/null
+++ b/src/chrome/content/rules/Triggit.com.xml
@@ -0,0 +1,48 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://a.triggit.com/px?u=&rtv=, => https://a.triggit.com/px?u=&rtv=,: (6, 'Could not resolve host: a.triggit.com')
+Fetch error: http://a.triggit.com/ => https://a.triggit.com/: (6, 'Could not resolve host: a.triggit.com')
+Fetch error: http://portal.triggit.com/ => https://portal.triggit.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+	^triggit.com: Dropped
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- triggit.com
+		- .triggit.com
+
+
+	Mixed content:
+
+		- Images on ^ from $self
+		- Images on ^ from i.imgur.com
+
+-->
+<ruleset name="Triggit.com (partial)" default_off="failed ruleset test">
+
+	<target host="a.triggit.com" />
+	<target host="portal.triggit.com" />
+	<!--target host="www.triggit.com" /-->
+
+		<!--	Sets cookies without Secure:
+							-->
+		<test url="http://a.triggit.com/px?u=&amp;rtv=," />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^triggit\.com$" name="^PHPSESSID$" /-->
+	<!--
+		(Set by a):
+				-->
+	<!--securecookie host="^\.triggit\.com$" name="^trg[psu]$" /-->
+
+	<securecookie host="^\." name="^trg[psu]$" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Trillian.im.xml b/src/chrome/content/rules/Trillian.im.xml
deleted file mode 100644
index ba43ab44bfeb..000000000000
--- a/src/chrome/content/rules/Trillian.im.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- blog	(refused)
-
--->
-<ruleset name="Trillian.im (partial)">
-
-	<target host="trillian.im" />
-	<target host="www.trillian.im" />
-
-
-	<rule from="^http://(www\.)?trillian\.im/"
-		to="https://$1trillian.im/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Trinity-look.org.xml b/src/chrome/content/rules/Trinity-look.org.xml
new file mode 100644
index 000000000000..39c53527bd54
--- /dev/null
+++ b/src/chrome/content/rules/Trinity-look.org.xml
@@ -0,0 +1,12 @@
+<!--
+	For other openDesktop rules, see openDesktop.org.xml
+
+-->
+<ruleset name="Trinity-look.org">
+
+	<target host="trinity-look.org" />
+	<target host="www.trinity-look.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Trinity_College_Dublin.xml b/src/chrome/content/rules/Trinity_College_Dublin.xml
index e50b3f1710b1..fb6eb041f2e2 100644
--- a/src/chrome/content/rules/Trinity_College_Dublin.xml
+++ b/src/chrome/content/rules/Trinity_College_Dublin.xml
@@ -13,7 +13,6 @@
 	<target host="www.tcd.ie" />
 
 
-	<rule from="^http://(www\.)?tcd\.ie/"
-		to="https://$1tcd.ie/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Trinity_Foundation.xml b/src/chrome/content/rules/Trinity_Foundation.xml
index eb2f0be1caae..d17826929eaf 100644
--- a/src/chrome/content/rules/Trinity_Foundation.xml
+++ b/src/chrome/content/rules/Trinity_Foundation.xml
@@ -1,10 +1,7 @@
 <ruleset name="Trinity Foundation">
-
 	<target host="trinityfi.org" />
 	<target host="www.trinityfi.org" />
 
-
-	<rule from="^http://(www\.)?trinityfi\.org/"
-		to="https://$1trinityfi.org/" />
-
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Trinity_Home.org.xml b/src/chrome/content/rules/Trinity_Home.org.xml
new file mode 100644
index 000000000000..0f31928155eb
--- /dev/null
+++ b/src/chrome/content/rules/Trinity_Home.org.xml
@@ -0,0 +1,20 @@
+<!--
+	www: cert only matches ^trinityhome.org
+
+-->
+<ruleset name="Trinity Home.org" default_off="self-signed">
+
+	<target host="trinityhome.org" />
+	<target host="www.trinityhome.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?trinityhome\.org$" name="^(cart_numbertrhome|PHPSESSID)$" /-->
+	<securecookie host="^(?:www\.)?trinityhome\.org$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?trinityhome\.org/"
+		to="https://trinityhome.org/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Triodos.com.xml b/src/chrome/content/rules/Triodos.com.xml
new file mode 100644
index 000000000000..4e6e4f1da165
--- /dev/null
+++ b/src/chrome/content/rules/Triodos.com.xml
@@ -0,0 +1,33 @@
+<!--
+	Other Triodos Bank rulesets:
+
+		- Triodos.nl.xml
+
+
+	Server is configured for rc4 only.
+
+
+	Mixed content:
+
+		- Images on www from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Triodos.com">
+
+	<target host="triodos.com" />
+	<target host="projects.triodos.com" />
+	<target host="www.triodos.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^projects\.triodos\.com$" name="^JSESSIONID" /-->
+
+	<securecookie host="^projects.triodos.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Triodos.nl.xml b/src/chrome/content/rules/Triodos.nl.xml
new file mode 100644
index 000000000000..fbf31d3645c9
--- /dev/null
+++ b/src/chrome/content/rules/Triodos.nl.xml
@@ -0,0 +1,16 @@
+<!--
+	For other Triodos Bank coverage, see Triodos.com.xml.
+-->
+<ruleset name="Triodos.nl (partial)">
+	<target host="triodos.nl" />
+	<target host="www.triodos.nl" />
+	<target host="bankieren.triodos.nl" />
+
+	<!-- Secured by server: -->
+	<!--securecookie host="^bankieren\.triodos\.nl$" name="^(JSESSIONID|ib2Locale|javax\.faces\.ClientToken|mcid|stid)" /-->
+	<!-- Not secured by server: -->
+	<!--securecookie host="^bankieren\.triodos\.nl$" name="^LB_IB$" /-->
+	<securecookie host="^bankieren\.triodos\.nl$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TripAdvisor.xml b/src/chrome/content/rules/TripAdvisor.xml
index 77fce3c9c9af..b08d846a4d0a 100644
--- a/src/chrome/content/rules/TripAdvisor.xml
+++ b/src/chrome/content/rules/TripAdvisor.xml
@@ -1,11 +1,18 @@
 <!--
 	CDN buckets:
 
+		- developer-tripadvisor.s3.amazonaws.com
 		- www.jscache.com.edgesuite.net
 
 
 	Other TripAdvisor rulesets:
 
+		- t-analytics.com.xml
+		- tacdn.com.xml
+		- tripadvisor.ca.xml
+		- tripadvisor.co.nz.xml
+		- tripadvisor.co.uk.xml
+		- tripadvisorsupport.com.xml
 		- VirtualTourist.xml
 
 
@@ -30,42 +37,89 @@
 	Problematic domains:
 
 		- www.jscache.com	(redirects to http, akamai)
-		- tripadvisor.com	(cert only matches *.tripadvisor.com)
 
 
-	Partially covered subdomains:
+	Partially hosts in *tripadvisor.com:
 
-		- (www.)	(^ → www, some pages redirect to http)
+		- (www.)? ʰ
+		- cdn ʰ
 
+	ʰ Some pages redirect to http
 
-	Fully covered domains:
 
-		- www.jscache.com	(→ c1.tacdn.com)
+	Mixed content:
 
--->
-<ruleset name="TripAdvisor (partial)">
-
-	<target host="www.jscache.com" />
-	<target host="c1.tacdn.com" />
-	<target host="www.t-analytics.com" />
-	<target host="tripadvisor.com" />
-	<target host="*.tripadvisor.com" />
-
-
-	<securecookie host="^www\.t-analytics\.com$" name=".+" />
-	<securecookie host="^webmail\.tripadvisor\.com$" name=".+" />
+		- Bug on www from b.scorecardresearch.com ˢ
 
+	ˢ Secured by us
 
-	<rule from="^http://(?:www\.jscache|c1\.tacdn)\.com/"
-		to="https://c1.tacdn.com/" />
-
-	<rule from="^http://www\.t-analytics\.com/"
-		to="https://www.t-analytics.com/" />
-
-	<rule from="^http://(?:www\.)?tripadvisor\.com/(favicon\.ico|img/|Registration(?:$|\?))"
-		to="https://www.tripadvisor.com/$1" />
-
-	<rule from="^http://(cdn|media-cdn|remote|webmail)\.tripadvisor\.com/"
-		to="https://$1.tripadvisor.com/" />
+-->
+<ruleset name="TripAdvisor.com (partial)">
 
-</ruleset>
\ No newline at end of file
+	<target host="tripadvisor.com" />
+	<target host="cdn.tripadvisor.com" />
+	<target host="media-cdn.tripadvisor.com" />
+	<target host="remote.tripadvisor.com" />
+	<target host="www.tripadvisor.com" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://(?:cdn|www)\.tripadvisor\.com/(?:$|ForumHome$|GetListedNew$|BusinessListings$|Hotels-g\d+-[\w-]+\.html|MediaKit$|PressCenter-c6-About_Us\.html|help$|reviewexpress$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://(?:cdn\.|www\.)?tripadvisor\.com/(?!/*(?:favicon\.ico|img2?/|(?:Amex|GreenLeaders|Owners|Registration|RegistrationPage|ReviewExpress|TripAdvisorInsights|UserReview)(?:-[^/]*)?(?:$|\?)|TripAdvisorInsights/|pages/privacy\.html))" />
+
+			<!--	+ve: (quota: 21)
+						-->
+			<test url="http://cdn.tripadvisor.com/GetListedNew" />
+			<test url="http://www.tripadvisor.com/Attractions-g274707-Activities-Prague_Bohemia.html" />
+			<test url="http://www.tripadvisor.com/BusinessListings" />
+			<test url="http://www.tripadvisor.com/ForumHome" />
+			<test url="http://www.tripadvisor.com/GetListedNew" />
+			<test url="http://www.tripadvisor.com/Hotels" />
+			<test url="http://www.tripadvisor.com/Hotels-g293916-Bangkok-Hotels.html" />
+			<test url="http://www.tripadvisor.com/MediaKit" />
+			<test url="http://www.tripadvisor.com/PressCenter-c6-About_Us.html" />
+			<test url="http://www.tripadvisor.com/Rentals" />
+			<test url="http://www.tripadvisor.com/Restaurants" />
+			<test url="http://www.tripadvisor.com/TravelAdvisory" />
+			<test url="http://www.tripadvisor.com/TravelersChoice" />
+			<test url="http://www.tripadvisor.com/VacationRentalIdeas" />
+			<test url="http://www.tripadvisor.com/apps" />
+			<test url="http://www.tripadvisor.com/help" />
+			<test url="http://www.tripadvisor.com/help/greenleaders" />
+			<test url="http://www.tripadvisor.com/reviewexpress" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.tripadvisor.com/Amex" /><!--	mixed bug -->
+			<test url="http://www.tripadvisor.com/GreenLeaders" />
+			<test url="http://cdn.tripadvisor.com/UserReview" />
+			<test url="http://www.tripadvisor.com/Owners-t7" />
+			<test url="http://www.tripadvisor.com/Registration" />
+			<test url="http://www.tripadvisor.com/RegistrationPage-a_partnerKey.1-a_url." />
+			<test url="http://www.tripadvisor.com/ReviewExpress" />
+			<test url="http://www.tripadvisor.com/TripAdvisorInsights" />
+			<test url="http://www.tripadvisor.com/TripAdvisorInsights/ReviewExpress" />
+			<test url="http://www.tripadvisor.com/UserReview" />
+			<test url="http://www.tripadvisor.com/UserReview-e__2F__" />
+			<test url="http://www.tripadvisor.com/favicon.ico" />
+			<test url="http://www.tripadvisor.com/img/cdsi/img2/ratings/traveler/s4.0-MCID-0.svg" />
+			<test url="http://www.tripadvisor.com/pages/privacy.html" /><!--	mixed bug -->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.tripadvisor\.com$" name="^(CM|PassThruUrlArgs|ServerPool|TACds|TAReturnTo|TASession|TATravelInfo|TAUD|TAUnique)$" /-->
+
+	<!--	Set by badges:
+				-->
+	<securecookie host="^\.tripadvisor\.com$" name="^(?:ServerPool|TACds|TASession|TAUnique)$" />
+	<securecookie host="^(?!www\.)\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TripHip.xml b/src/chrome/content/rules/TripHip.xml
index 93c8864319b1..bf656988be2e 100644
--- a/src/chrome/content/rules/TripHip.xml
+++ b/src/chrome/content/rules/TripHip.xml
@@ -1,13 +1,19 @@
-<ruleset name="TripHip">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://triphip.com/ => https://triphip.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.triphip.com/ => https://www.triphip.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+-->
+<ruleset name="TripHip" default_off="failed ruleset test">
 
 	<target host="triphip.com" />
-	<target host="*.triphip.com" />
+	<target host="www.triphip.com" />
 
 
 	<securecookie host="^(?:www)?\.triphip\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?triphip\.com/"
-		to="https://$1triphip.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/TripIt.com.xml b/src/chrome/content/rules/TripIt.com.xml
new file mode 100644
index 000000000000..edb433205640
--- /dev/null
+++ b/src/chrome/content/rules/TripIt.com.xml
@@ -0,0 +1,33 @@
+<!--
+	Problematic subdomains:
+
+		- help *
+
+	* zendesk
+
+-->
+<ruleset name="TripIt.com">
+
+	<target host="tripit.com" />
+	<target host="careers.tripit.com" />
+	<target host="www.tripit.com" />
+	<target host="help.tripit.com" />
+
+
+	<!--	Secured by server:
+					-->
+	<!--securecookie host="^www\.tripit\.com$" name="^(it_csrf|it_ref_id)$" /-->
+	<!--
+		Not secured by server:
+					-->
+	<!--securecookie host="^(careers\.|www\.)?tripit\.com$" name="^BIGipServertripit-web$" /-->
+
+	<securecookie host="^(?:careers\.|www\.)?tripit\.com$" name=".+" />
+
+
+
+	<rule from="^http://help\.tripit\.com/"
+		to="https://tripit.zendesk.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Tripbaa.com.xml b/src/chrome/content/rules/Tripbaa.com.xml
new file mode 100644
index 000000000000..2a80ff0240f3
--- /dev/null
+++ b/src/chrome/content/rules/Tripbaa.com.xml
@@ -0,0 +1,19 @@
+<!--
+	Invalid certificate:
+		ec2.tripbaa.com
+		hotel.tripbaa.com
+		transport.tripbaa.com
+		tripbaa2015.tripbaa.com
+-->
+<ruleset name="Tripbaa.com">
+	<target host="tripbaa.com" />
+	<target host="www.tripbaa.com" />
+	<target host="blog.tripbaa.com" />
+	<target host="cn.tripbaa.com" />
+	<target host="en.tripbaa.com" />
+	<target host="hk.tripbaa.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Tripbod.com.xml b/src/chrome/content/rules/Tripbod.com.xml
new file mode 100644
index 000000000000..980ee7b31a6e
--- /dev/null
+++ b/src/chrome/content/rules/Tripbod.com.xml
@@ -0,0 +1,14 @@
+<!--
+	Some pages redirect to http.
+
+-->
+<ruleset name="tripbod.com (partial)">
+
+	<target host="tripbod.com" />
+	<target host="www.tripbod.com" />
+
+
+	<rule from="^http://(www\.)?tripbod\.com/(?=(?:\w\w/)?beatripbod(?:$|[?/])|favicon\.ico|img/|js/|min/)"
+		to="https://$1tripbod.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TripleMint.com.xml b/src/chrome/content/rules/TripleMint.com.xml
new file mode 100644
index 000000000000..9c56ecc0d7b7
--- /dev/null
+++ b/src/chrome/content/rules/TripleMint.com.xml
@@ -0,0 +1,33 @@
+<!--
+	Nonfunctional hosts in triplemint.com:
+
+		- blog *
+
+	* Refused
+
+
+	Insecure cookies are set for these hosts:
+
+		- triplemint.com
+		- www.triplemint.com
+
+-->
+<ruleset name="TripleMint.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="triplemint.com" />
+	<target host="www.triplemint.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?triplemint\.com$" name="^csrftoken$" /-->
+
+	<securecookie host="^(?:www\.)?triplemint\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Triplebyte.com.xml b/src/chrome/content/rules/Triplebyte.com.xml
new file mode 100644
index 000000000000..3513290d1a60
--- /dev/null
+++ b/src/chrome/content/rules/Triplebyte.com.xml
@@ -0,0 +1,30 @@
+<!--
+	Problematic hosts in *triplebyte.com:
+
+		- blog *
+
+	* Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- blog.triplebyte.com
+
+-->
+<ruleset name="Triplebyte.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="triplebyte.com" />
+	<target host="www.triplebyte.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^blog\.triplebyte\.com$" name="^after_access_path$" /-->
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Tripodo.de.xml b/src/chrome/content/rules/Tripodo.de.xml
new file mode 100644
index 000000000000..4d1c4906e170
--- /dev/null
+++ b/src/chrome/content/rules/Tripodo.de.xml
@@ -0,0 +1,45 @@
+<!--
+	CDN buckets:
+
+		- d3jjs8jj56ow4v.cloudfront.net
+
+			- static.tripodo.de
+
+		- d3n4h69ermngjr.cloudfront.net
+
+			- bilder-cdn.tripodo.de
+
+
+	^: cert only matches *.tripodo.de
+
+-->
+<ruleset name="Tripodo.de (partial)">
+
+	<target host="tripodo.de" />
+	<target host="www.tripodo.de" />
+	<target host="bilder-cdn.tripodo.de" />
+	<target host="static.tripodo.de" />
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="http://www\.tripodo\.de/($|favicon\.ico|login/$|passwort-vergessen/$)" /-->
+		<!--
+			404:
+				-->
+		<!--exclusion pattern="http://www\.tripodo\.de/(css/new_public/|images/general/|images/new_public/)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://(?:www\.)?tripodo\.de/+(?!photo/|photo_\d+_\w\.jpg)" />
+
+
+	<rule from="^http://(?:www\.)?tripodo\.de/"
+		to="https://www.tripodo.de/" />
+
+	<rule from="^http://bilder-cdn\.tripodo\.de/"
+		to="https://d3n4h69ermngjr.cloudfront.net/" />
+
+	<rule from="^http://static\.tripodo\.de/"
+		to="https://d3jjs8jj56ow4v.cloudfront.net/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Tripwire.com.xml b/src/chrome/content/rules/Tripwire.com.xml
new file mode 100644
index 000000000000..abb1c734d44c
--- /dev/null
+++ b/src/chrome/content/rules/Tripwire.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Tripwire.com (partial)">
+	<target host="tripwire.com" />
+	<target host="www.tripwire.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Trisquel.info.xml b/src/chrome/content/rules/Trisquel.info.xml
new file mode 100644
index 000000000000..bc69ad87bf5f
--- /dev/null
+++ b/src/chrome/content/rules/Trisquel.info.xml
@@ -0,0 +1,46 @@
+<!--
+	Refused:
+		archive.trisquel.info
+		cdimage.trisquel.info
+		fr.archive.trisquel.info
+		in.archive.trisquel.info
+		nl.archive.trisquel.info
+		us.archive.trisquel.info
+		fr.cdimage.trisquel.info
+		oldarchive.trisquel.info
+
+	Bad certificate:
+		cn.archive.trisquel.info
+		es.archive.trisquel.info
+		correo.trisquel.info
+		jenkins.trisquel.info
+		store.trisquel.info
+
+	Different content http/https:
+		devel.trisquel.info
+		packages.trisquel.info
+
+	Insecure cookies are set for these domains:
+
+		- .trisquel.info
+		- devel.trisquel.info
+
+-->
+<ruleset name="Trisquel.info (partial)">
+
+	<target host="trisquel.info" />
+	<target host="www.trisquel.info" />
+	<target host="listas.trisquel.info" />
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.trisquel\.info$" name="^SESS\w{32}$" /-->
+	<!--securecookie host="^devel\.trisquel\.info$" name="^request_method$" /-->
+
+	<securecookie host="^(?:devel)?\.trisquel\.info$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Trisquel.xml b/src/chrome/content/rules/Trisquel.xml
deleted file mode 100644
index c9b7183f9995..000000000000
--- a/src/chrome/content/rules/Trisquel.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- devel *
-		- listas	(redirects to http; mismatched, CN: www.trisquel.info)
-		- packages *
-
-	* Refused
-
--->
-<ruleset name="Trisquel">
-
-	<target host="trisquel.info" />
-	<target host="*.trisquel.info" />
-
-
-	<securecookie host="^\.trisquel\.info$" name="^SESS\w{32}$" />
-
-
-	<rule from="^http://(?:www\.)?trisquel\.info/"
-		to="https://trisquel.info/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Triumph-Adler.de.xml b/src/chrome/content/rules/Triumph-Adler.de.xml
index f70055adebc8..a8b168b5a48b 100644
--- a/src/chrome/content/rules/Triumph-Adler.de.xml
+++ b/src/chrome/content/rules/Triumph-Adler.de.xml
@@ -7,7 +7,6 @@
 	<!--	^ works, but redirects to www over
 		http => emulate that behavior:
 						-->
-	<rule from="^http://(?:www\.)?triumph-adler\.de/"
-		to="https://www.triumph-adler.de/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Trkclk.net.xml b/src/chrome/content/rules/Trkclk.net.xml
deleted file mode 100644
index 974ab9a51607..000000000000
--- a/src/chrome/content/rules/Trkclk.net.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	CDN buckets:
-
-		- d3vg9hiogk70qz.cloudfront.net
-
-			- cdn
-
-
-	Problematic subdomains:
-
-		- ads	(works; mismatched, CN: ads.adk2.com)
-
--->
-<ruleset name="trkclk.net">
-
-	<target host="*.trkclk.net" />
-
-
-	<rule from="^http://ads\.trkclk\.net/"
-		to="https://ads.adk2.com/" />
-
-	<rule from="^http://cdn\.trkclk\.net/"
-		to="https://d3vg9hiogk70qz.cloudfront.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Trklnks.com.xml b/src/chrome/content/rules/Trklnks.com.xml
new file mode 100644
index 000000000000..d27e9ff10778
--- /dev/null
+++ b/src/chrome/content/rules/Trklnks.com.xml
@@ -0,0 +1,25 @@
+<!--
+	For other AdSupply coverage, see AdSupply.xml.
+
+-->
+<ruleset name="trklnks.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="engine.trklnks.com" />
+
+	<!--	Complications:
+				-->
+	<target host="trklnks.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://trklnks\.com/"
+		to="https://engine.trklnks.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Trmm.net.xml b/src/chrome/content/rules/Trmm.net.xml
new file mode 100644
index 000000000000..719f0d88f426
--- /dev/null
+++ b/src/chrome/content/rules/Trmm.net.xml
@@ -0,0 +1,9 @@
+<ruleset name="Trmm.net">
+
+	<target host="trmm.net" />
+	<target host="www.trmm.net" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Trolling_Effects.org.xml b/src/chrome/content/rules/Trolling_Effects.org.xml
deleted file mode 100644
index 370a24ec1c3e..000000000000
--- a/src/chrome/content/rules/Trolling_Effects.org.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	For other EFF coverage, see EFF.xml.
-
--->
-<ruleset name="Trolling Effects.org">
-
-	<target host="trollingeffects.org" />
-	<target host="www.trollingeffects.org" />
-
-
-	<!--	www redirects to ^ over http,
-		so copy that behavior:
-					-->
-	<rule from="^http://(?:www\.)?trollingeffects\.org/"
-		to="https://trollingeffects.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Tronix_Computers.com.xml b/src/chrome/content/rules/Tronix_Computers.com.xml
index 4557e02d78ca..82853fc868fb 100644
--- a/src/chrome/content/rules/Tronix_Computers.com.xml
+++ b/src/chrome/content/rules/Tronix_Computers.com.xml
@@ -7,7 +7,6 @@
 	<securecookie host="^(?:www\.)?tronixcomputers\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?tronixcomputers\.com/"
-		to="https://$1tronixcomputers.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Troopers.de.xml b/src/chrome/content/rules/Troopers.de.xml
new file mode 100644
index 000000000000..888bc7a0c36c
--- /dev/null
+++ b/src/chrome/content/rules/Troopers.de.xml
@@ -0,0 +1,17 @@
+<!--
+	For other ERNW coverage, see ERNW.de.xml.
+
+
+	^: dropped
+
+-->
+<ruleset name="Troopers.de">
+
+	<target host="troopers.de" />
+	<target host="www.troopers.de" />
+
+
+	<rule from="^http://(?:www\.)?troopers\.de/"
+		to="https://www.troopers.de/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Tropo-problematic.xml b/src/chrome/content/rules/Tropo-problematic.xml
deleted file mode 100644
index 17e7a1dd0f49..000000000000
--- a/src/chrome/content/rules/Tropo-problematic.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<!--
-	For rules that are on by default, see Tropo.xml.
-
--->
-<ruleset name="Tropo (problematic)" default_off="expired, self-signed">
-
-	<target host="blog.tropo.com" />
-
-
-	<rule from="^http://blog\.tropo\.com/"
-		to="https://blog.tropo.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Tropo.xml b/src/chrome/content/rules/Tropo.xml
index 96afda2c27b1..574e408d1dc3 100644
--- a/src/chrome/content/rules/Tropo.xml
+++ b/src/chrome/content/rules/Tropo.xml
@@ -1,19 +1,83 @@
 <!--
-	For problematic rules, see Tropo-problematic.xml.
+	Non-functional hosts
+		Couldn't connect to server:
+			 - vpn.int.tropo.com
+			 - rt1-alpha.wdc.tropo.com
+			 - rt1-dev.wdc.tropo.com
+			 - rt1-fiserv-prod.wdc.tropo.com
+			 - rt1-huron-dev.wdc.tropo.com
+			 - rt2-alpha.wdc.tropo.com
+			 - rt2-dev.wdc.tropo.com
+			 - rt2-fiserv-prod.wdc.tropo.com
+			 - rt2-huron-prod.wdc.tropo.com
 
+		Timeout was reached:
+			 - wh1e.prod.us-east-1.aws.tropo.com
+			 - chef.int.tropo.com
+			 - chef12.int.tropo.com
+			 - es2-client1.int.tropo.com
+			 - graphite.int.tropo.com
+			 - irc.int.tropo.com
+			 - jenkins.int.tropo.com
+			 - jian.int.tropo.com
+			 - logs.int.tropo.com
+			 - maven.int.tropo.com
+			 - sensu.int.tropo.com
+			 - paste.tropo.com
+			 - gw-01.paasless.sales.tropo.com
+			 - fw1-prod.sjc.tropo.com
+			 - fw2-prod.sjc.tropo.com
+			 - rt1-prod.sjc.tropo.com
+			 - api.sl.tropo.com
+			 - gw1-dev.wdc.sl.tropo.com
+			 - gw1.prod.wdc.sl.tropo.com
+			 - gw2.prod.wdc.sl.tropo.com
+			 - rt1-huron.prod.wdc.sl.tropo.com
+			 - ssl-test.tropo.com
+			 - support-playground.tropo.com
+			 - incall-as1-staging.wdc.tropo.com
+			 - incall-gw1-staging.wdc.tropo.com
 
-	Problematic subdomains:
+		SSL peer certificate was not OK:
+			 - changes.tropo.com
+			 - landing.tropo.com
+			 - gw1-dev.lon.tropo.com
+			 - gw1-prod.lon.tropo.com
+			 - gw2-dev.lon.tropo.com
+			 - gw2-prod.lon.tropo.com
+			 - gw1-huron-prod.sjc.tropo.com
+			 - gw1-prod.sjc.tropo.com
+			 - status.tropo.com
+			 - status-old.tropo.com
+			 - gw1-alpha.wdc.tropo.com
+			 - gw1-huron-prod.wdc.tropo.com
+			 - gw1-prod.wdc.tropo.com
+			 - gw2-dev.wdc.tropo.com
+			 - gw2-huron-prod.wdc.tropo.com
 
-		- blog		(works, expired, self-signed)
+		Peer certificate cannot be authenticated with given CA certificates:
+			 - api.aws.tropo.com
+			 - api.prod.aws.tropo.com
 
+		Incomplete certificate chain error:
+			 - usecases.tropo.com
+			 - uses.tropo.com
+
+		4xx client error:
+			 - api.tropo.com (require auth)
+			 - sjc.tropo.com
+			 - transcription-api-us-east.tropo.com
 -->
 <ruleset name="Tropo (partial)">
-
 	<target host="tropo.com" />
 	<target host="www.tropo.com" />
+	<target host="api-new.tropo.com" />
+	<target host="blog.tropo.com" />
+	<target host="corp.tropo.com" />
+	<target host="learn.tropo.com" />
+	<target host="support.tropo.com" />
 
+	<securecookie host="^(www\.|blog\.)?tropo\.com$" name=".+" />
 
-	<rule from="^http://(www\.)?tropo\.com/"
-		to="https://$1tropo.com/" />
-
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Tros.nl.xml b/src/chrome/content/rules/Tros.nl.xml
new file mode 100644
index 000000000000..8eabd59237df
--- /dev/null
+++ b/src/chrome/content/rules/Tros.nl.xml
@@ -0,0 +1,19 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://tros.nl/ => https://tros.nl/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.tros.nl/ => https://www.tros.nl/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+-->
+<ruleset name="tros.nl" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="tros.nl" />
+	<target host="www.tros.nl" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Trove.com.xml b/src/chrome/content/rules/Trove.com.xml
index f2af94129fd2..719a7f067d87 100644
--- a/src/chrome/content/rules/Trove.com.xml
+++ b/src/chrome/content/rules/Trove.com.xml
@@ -1,16 +1,12 @@
-<!--
-	Nonfunctional subdomains:
-
-		- ^	(dropped)
-		- www	(refused)
-
--->
-<ruleset name="Trove.com (partial)">
-
-	<target host="*.trove.com" />
-
-
-	<rule from="^http://(id|moneta)\.trove\.com/"
-		to="https://$1.trove.com/" />
-
+<ruleset name="Trove.com">
+	<target host="trove.com" />
+	<target host="www.trove.com" />
+	<target host="api.trove.com" />
+	<target host="app.trove.com" />
+	<target host="blog.trove.com" />
+	<target host="help.trove.com" />
+	<target host="status.trove.com" />
+
+	<rule from="^http:"
+		    to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Troveread.com.xml b/src/chrome/content/rules/Troveread.com.xml
deleted file mode 100644
index 22f1c81562d9..000000000000
--- a/src/chrome/content/rules/Troveread.com.xml
+++ /dev/null
@@ -1,29 +0,0 @@
-<!--
-	CDN buckets:
-
-		- dizqy8916g7hx.cloudfront.net
-
-			- s
-
-
-	^: refused
-
-
-	www doesn't exist.
-
--->
-<ruleset name="troveread.com">
-
-	<target host="troveread.com" />
-	<target host="s.troveread.com" />
-
-
-	<!--	Server drops path:
-					-->
-	<rule from="^http://troveread\.com/.*"
-		to="https://socialreader.com/" />
-
-	<rule from="^http://s\.troveread\.com/"
-		to="https://dizqy8916g7hx.cloudfront.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/TruckingUnlimited.com.xml b/src/chrome/content/rules/TruckingUnlimited.com.xml
index ffae6eb90774..f3592f9d98e3 100644
--- a/src/chrome/content/rules/TruckingUnlimited.com.xml
+++ b/src/chrome/content/rules/TruckingUnlimited.com.xml
@@ -1,14 +1,20 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://static.truckingunlimited.com/ => https://www.truckingunlimited.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://static.truckingunlimited.com/ => https://www.truckingunlimited.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 	Problematic subdomains:
 
 		- static	(akamai)
 
 -->
-<ruleset name="TruckingUnlimited.com (partial)">
+<ruleset name="TruckingUnlimited.com (partial)" default_off="failed ruleset test">
 
 	<target host="static.truckingunlimited.com" />
 
-	<rule from="^https?://static\.truckingunlimited\.com/"
+	<rule from="^http://static\.truckingunlimited\.com/"
 		to="https://www.truckingunlimited.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/TrueCrypt.ch.xml b/src/chrome/content/rules/TrueCrypt.ch.xml
new file mode 100644
index 000000000000..22f554b1df16
--- /dev/null
+++ b/src/chrome/content/rules/TrueCrypt.ch.xml
@@ -0,0 +1,12 @@
+<ruleset name="TrueCrypt.ch">
+
+	<target host="truecrypt.ch" />
+	<target host="www.truecrypt.ch" />
+	<target host="download.truecrypt.ch" />
+	<target host="forum.truecrypt.ch" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TrueCrypt_71a.com.xml b/src/chrome/content/rules/TrueCrypt_71a.com.xml
new file mode 100644
index 000000000000..70e1feafb772
--- /dev/null
+++ b/src/chrome/content/rules/TrueCrypt_71a.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="TrueCrypt 71a.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="truecrypt71a.com" />
+	<target host="www.truecrypt71a.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TrueLife.com-problematic.xml b/src/chrome/content/rules/TrueLife.com-problematic.xml
new file mode 100644
index 000000000000..1d86d02ed06d
--- /dev/null
+++ b/src/chrome/content/rules/TrueLife.com-problematic.xml
@@ -0,0 +1,12 @@
+<!--
+	For rules that are on by default, see TrueLife.com.xml.
+
+-->
+<ruleset name="TrueLife.com (expired)" default_off="expired">
+
+	<target host="login.truelife.com"/>
+
+
+	<rule from="^http:" to="https:"/>
+
+</ruleset>
diff --git a/src/chrome/content/rules/TrueLife.com.xml b/src/chrome/content/rules/TrueLife.com.xml
new file mode 100644
index 000000000000..a918c2ff00ab
--- /dev/null
+++ b/src/chrome/content/rules/TrueLife.com.xml
@@ -0,0 +1,97 @@
+<!--
+	For problematic rules, see TrueLife.com-problematic.xml.
+
+
+	Nonfunctional subdomains:
+
+		- ad2 ¹
+		- asian ²
+		- campus ²
+		- news ¹
+		- sport ¹
+		- travel ¹
+		- tv ¹
+		- women ²
+
+	¹ Refused
+	² Redirects to pokemon
+
+
+	Problematic subdomains:
+
+		- ^ ¹
+		- login ²
+		- social ³
+		- www ³
+
+	¹ Mismatched
+	² Expired 2014
+	³ Mixed css
+
+
+	Partially covered subdomains:
+
+		- (www.)? *	(^ → www)
+		- home *
+
+	* Avoiding broken MCB
+
+
+	Fully covered subdomains:
+
+		- pokemon
+
+
+	Mixed content:
+
+		- iframe on social from $self ¹
+
+		- css, on:
+
+			- social from $self ¹
+			- www from $self ¹
+
+		- Images, on:
+
+			- social from $self ¹
+			- www from $self ¹
+			- social, www from dynamic.tlcdn[1-4].com ²
+			- social, www from static.tlcdn[1-4].com ²
+
+		- Ads, on:
+
+			- pokemon from hits.truehits.in.th
+			- social, www from ad2 ²
+			- www from www.rentalcars.com ³
+
+	¹ Secured by us
+	² Unsecurable <= refused
+	³ Unsecurable <= 403
+
+-->
+<ruleset name="TrueLife.com (partial)">
+
+	<target host="truelife.com" />
+	<target host="home.truelife.com" />
+	<target host="pokemon.truelife.com" />
+	<target host="social.truelife.com" />
+	<target host="www.truelife.com" />
+		<!--
+			Avoid broken MCB:
+						-->
+		<exclusion pattern="^http://(?:home\.|www\.)?truelife\.com/+(?!assets/|streaming_now/|youtube/)" />
+
+			<test url="http://truelife.com/assets/css/reset.css" />
+			<test url="http://truelife.com/hilight" />
+			<test url="http://truelife.com/home" />
+			<test url="http://www.truelife.com/hilight" />
+			<test url="http://www.truelife.com/home" />
+
+
+	<rule from="^http://truelife\.com/"
+		to="https://www.truelife.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TrueVault.com.xml b/src/chrome/content/rules/TrueVault.com.xml
new file mode 100644
index 000000000000..9238787d7b38
--- /dev/null
+++ b/src/chrome/content/rules/TrueVault.com.xml
@@ -0,0 +1,11 @@
+<ruleset name="TrueVault.com">
+
+	<target host="truevault.com" />
+	<target host="api.truevault.com" />
+	<target host="console.truevault.com" />
+	<target host="www.truevault.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Truecrypt.xml b/src/chrome/content/rules/Truecrypt.xml
deleted file mode 100644
index 320bd96d44b0..000000000000
--- a/src/chrome/content/rules/Truecrypt.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="Truecrypt (partial)">
-
-	<target host="truecrypt.org"/>
-	<target host="*.truecrypt.org"/>
-
-	<rule from="^http://(www\.)?truecrypt\.org/(bug|donation|image)s/"
-		to="https://$1truecrypt.org/$2s/"/>
-
-	<rule from="^http://forums\.truecrypt\.org/templates/"
-		to="https://forums.truecrypt.org/templates/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Truehits.in.th.xml b/src/chrome/content/rules/Truehits.in.th.xml
new file mode 100644
index 000000000000..8a82c2739252
--- /dev/null
+++ b/src/chrome/content/rules/Truehits.in.th.xml
@@ -0,0 +1,37 @@
+<!--
+	(www.)?: Refused
+
+
+	Problematic subdomains:
+
+		- hits *
+
+	* Mismatched
+
+
+	Fully covered subdomains:
+
+		- hits	(→ lvs)
+		- lvs
+
+
+	These altnames don't exist:
+
+		- www.lvs.truehits.in.th
+
+-->
+<ruleset name="Truehits.in.th (partial)">
+
+	<target host="hits.truehits.in.th" />
+	<target host="lvs.truehits.in.th" />
+
+
+	<!--	Redirect keeps path and args:
+						-->
+	<!--rule from="^http://(?:www\.)?truehits\.in\.th/"
+		to="https://truehits.net/" /-->
+
+	<rule from="^http://(?:hits|lvs)\.truehits\.in\.th/"
+		to="https://lvs.truehits.in.th/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Truenudists.com.xml b/src/chrome/content/rules/Truenudists.com.xml
index 277657f18aaa..46898aeaabfd 100644
--- a/src/chrome/content/rules/Truenudists.com.xml
+++ b/src/chrome/content/rules/Truenudists.com.xml
@@ -1,38 +1,23 @@
 <!--
-	CDN buckets:
-
-		- cdncss.socialcomediallc.netdna-cdn.com
-		- cdncss-socialcomediallc.netdna-ssl.com
-
-			- cdn.css.truenudists.com
-
-		- cdnimg.socialcomediallc.netdna-cdn.com
-		- cdnimg-socialcomediallc.netdna-ssl.com
-
-			- cdn.image.truenudists.com
+	No working URL known:
+		a.truenudists.com
+		g.truenudists.com
+		m.truenudists.com
 
 -->
 <ruleset name="truenudists.com">
 
-	<!--	We need to target this CDN domain to secure cookies.
-						-->
-	<target host="cdncss-socialcomediallc.netdna-ssl.com" />
 	<target host="truenudists.com" />
-	<target host="cdn.*.truenudists.com" />
 	<target host="www.truenudists.com" />
+	<target host="cdn.truenudists.com" />
+		<test url="http://cdn.truenudists.com/assets/css/common/wrapper.home.css" />
+	<target host="dev.truenudists.com" />
+	<target host="media.truenudists.com" />
 
 
-	<securecookie host="^cdncss-socialcomediallc\.netdna-ssl\.com$" name=".*" />
-	<securecookie host="^www\.truenudists\.com$" name=".*" />
-
-
-	<rule from="^http://(www\.)?truenudists\.com/" 
-		to="https://$1truenudists.com/" />
-
-	<rule from="^https?://cdn\.css\.truenudists\.com/"
-		to="https://cdncss-socialcomediallc.netdna-ssl.com/" />
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^https?://cdn\.image\.truenudists\.com/"
-		to="https://cdnimg-socialcomediallc.netdna-ssl.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Trulia-cdn.com.xml b/src/chrome/content/rules/Trulia-cdn.com.xml
index 5ace166f4427..775e0012bf96 100644
--- a/src/chrome/content/rules/Trulia-cdn.com.xml
+++ b/src/chrome/content/rules/Trulia-cdn.com.xml
@@ -1,19 +1,14 @@
 <!--
 	CDN buckets:
-
 		- dsd-static.trulia-cdn.com.edgesuite.net
-
 			- a176.g.akamai.net
-			- css.trulia-cdn.com
-			- static.trulia-cdn.com
-
 -->
-<ruleset name="trulia-cdn.com">
-
-	<target host="*.trulia-cdn.com" />
-
-
-	<rule from="^http://(css|static)\.trulia-cdn\.com/"
-		to="https://a248.e.akamai.net/f/176/831/8m/$1.trulia-cdn.com/" />
-
-</ruleset>
\ No newline at end of file
+<ruleset name="Trulia-cdn.com">
+	<target host="css.trulia-cdn.com" />
+	<target host="js.trulia-cdn.com" />
+	<target host="logos.trulia-cdn.com" />
+	<target host="static.trulia-cdn.com" />
+	<target host="thumbs.trulia-cdn.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Trumba.xml b/src/chrome/content/rules/Trumba.xml
index ed2834a0a9ea..4a571470d64f 100644
--- a/src/chrome/content/rules/Trumba.xml
+++ b/src/chrome/content/rules/Trumba.xml
@@ -9,7 +9,6 @@
 
 	<!--	Cert only matches www.
 					-->
-	<rule from="^https?://(?:www\.)?trumba\.com/"
-		to="https://www.trumba.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Trump.com.xml b/src/chrome/content/rules/Trump.com.xml
new file mode 100644
index 000000000000..e14ddc248bdf
--- /dev/null
+++ b/src/chrome/content/rules/Trump.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="Trump.com">
+	<target host="trump.com" />
+	<target host="www.trump.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TrumpGolf.com.xml b/src/chrome/content/rules/TrumpGolf.com.xml
new file mode 100644
index 000000000000..cea8689da98d
--- /dev/null
+++ b/src/chrome/content/rules/TrumpGolf.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="TrumpGolf.com">
+	<target host="trumpgolf.com" />
+	<target host="www.trumpgolf.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TrumpGolfCount.com.xml b/src/chrome/content/rules/TrumpGolfCount.com.xml
new file mode 100644
index 000000000000..a2f6b76f8f65
--- /dev/null
+++ b/src/chrome/content/rules/TrumpGolfCount.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="TrumpGolfCount.com">
+	<target host="trumpgolfcount.com" />
+	<target host="www.trumpgolfcount.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TrumpHotels.com.xml b/src/chrome/content/rules/TrumpHotels.com.xml
new file mode 100644
index 000000000000..0cf83e66926b
--- /dev/null
+++ b/src/chrome/content/rules/TrumpHotels.com.xml
@@ -0,0 +1,17 @@
+<!--
+	Does not connect:
+		remote.trumphotels.com
+		tbygp.trumphotels.com
+		tchgp.trumphotels.com
+		twagp.trumphotels.com
+-->
+<ruleset name="TrumpHotels.com">
+	<target host="trumphotels.com" />
+	<target host="www.trumphotels.com" />
+	<target host="trumpadmin.trumphotels.com" />
+	<target host="trumpcard.trumphotels.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TrumpInternationalRealty.com.xml b/src/chrome/content/rules/TrumpInternationalRealty.com.xml
new file mode 100644
index 000000000000..9422e4b73ffd
--- /dev/null
+++ b/src/chrome/content/rules/TrumpInternationalRealty.com.xml
@@ -0,0 +1,19 @@
+<ruleset name="TrumpInternationalRealty.com">
+	<target host="trumpinternationalrealty.com" />
+	<target host="www.trumpinternationalrealty.com" />
+	<target host="charlotte.trumpinternationalrealty.com" />
+	<target host="gardenstate.trumpinternationalrealty.com" />
+	<target host="jerseycity.trumpinternationalrealty.com" />
+	<target host="jerseyshore.trumpinternationalrealty.com" />
+	<target host="jupiter.trumpinternationalrealty.com" />
+	<target host="lasvegas.trumpinternationalrealty.com" />
+	<target host="miami.trumpinternationalrealty.com" />
+	<target host="northernjersey.trumpinternationalrealty.com" />
+	<target host="palmbeach.trumpinternationalrealty.com" />
+	<target host="virginia.trumpinternationalrealty.com" />
+	<target host="westchester.trumpinternationalrealty.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TrumpStore.com.xml b/src/chrome/content/rules/TrumpStore.com.xml
new file mode 100644
index 000000000000..aa5fb1e5f271
--- /dev/null
+++ b/src/chrome/content/rules/TrumpStore.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="TrumpStore.com">
+	<target host="trumpstore.com" />
+	<target host="www.trumpstore.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TrumpWinery.com.xml b/src/chrome/content/rules/TrumpWinery.com.xml
new file mode 100644
index 000000000000..260299be624b
--- /dev/null
+++ b/src/chrome/content/rules/TrumpWinery.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="TrumpWinery.com">
+	<target host="trumpwinery.com" />
+	<target host="www.trumpwinery.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Trumpia.com.xml b/src/chrome/content/rules/Trumpia.com.xml
deleted file mode 100644
index 01a027de0f60..000000000000
--- a/src/chrome/content/rules/Trumpia.com.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	Mixed content:
-
-		- Web bug on ^ from s7.addthis.com *
-
-	* Secured by us
-
--->
-<ruleset name="Trumpia.com">
-
-	<target host="trumpia.com" />
-	<target host="www.trumpia.com" />
-
-
-	<securecookie host="^(?:www\.)?trumpia\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?trumpia\.com/"
-		to="https://$1trumpia.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Trust-Guard.com.xml b/src/chrome/content/rules/Trust-Guard.com.xml
index 875627ad931f..71d10ac21b00 100644
--- a/src/chrome/content/rules/Trust-Guard.com.xml
+++ b/src/chrome/content/rules/Trust-Guard.com.xml
@@ -9,32 +9,72 @@
 			- seals
 
 
-	Partially covered subdomains:
+	Problematic hosts in *
 
-		- (www.)	(pages redirect to http)
+		- support *
 
+	* Mismatched
 
-	Fully covered subdomains:
 
-		- members
-		- seals		(→ c674753.ssl.cf2.rackcdn.com)
-		- secure
+	www.trust-guard.com: Pages redirect to http
+
+
+	Insecure cookies are set for these domains:
+
+		- .trust-guard.com
 
 -->
 <ruleset name="Trust-Guard.com (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="trust-guard.com" />
-	<target host="*.trust-guard.com" />
-		<exclusion pattern="^http://(?:www\.)?trust-guard\.com/+(?!CSS/|favicon\.ico|Images/|Other/|Scripts/|Templates/)" />
-
-
+	<target host="members.trust-guard.com" />
+	<target host="secure.trust-guard.com" />
+	<target host="www.trust-guard.com" />
+
+	<!--	Complications:
+				-->
+	<target host="seals.trust-guard.com" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.trust-guard\.com/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.trust-guard\.com/+(?!CSS/|favicon\.ico|Images/|Other/|Scripts/|Templates/)" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.trust-guard.com/affiliates/" />
+			<test url="http://www.trust-guard.com/cindex.asp" />
+			<test url="http://www.trust-guard.com/faq.htm" />
+			<test url="http://www.trust-guard.com/features.htm" />
+			<test url="http://www.trust-guard.com/partners.htm" />
+			<test url="http://www.trust-guard.com/pindex.asp" />
+			<test url="http://www.trust-guard.com/security-scanned.htm" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.trust-guard.com/favicon.ico" />
+			<test url="http://www.trust-guard.com/Images/xbutton.gif" />
+			<test url="http://www.trust-guard.com/Templates/2.0/css/style.css" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.trust-guard\.com$" name="^(?:__cfduid|Language|cf_clearance)$" /-->
+	<!--securecookie host="^www\.trust-guard\.com$" name="^(?:FirstVisitForm|PHPSESSID)$" /-->
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
 	<securecookie host="^(?:members|secure)\.trust-guard\.com$" name=".+" />
 
 
-	<rule from="^http://((?:members|secure|www)\.)?trust-guard\.com/"
-		to="https://$1trust-guard.com/" />
-
 	<rule from="^http://seals\.trust-guard\.com/"
 		to="https://c674753.ssl.cf2.rackcdn.com/" />
 
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/Trust-IT.gr.xml b/src/chrome/content/rules/Trust-IT.gr.xml
new file mode 100644
index 000000000000..05b1f88234b9
--- /dev/null
+++ b/src/chrome/content/rules/Trust-IT.gr.xml
@@ -0,0 +1,25 @@
+<!--
+	Mixed content:
+
+		- Images from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Trust-IT.gr">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="trust-it.gr" />
+	<target host="www.trust-it.gr" />
+
+
+	<!--	Server doesn't set Secure for:
+						-->
+	<securecookie host="^(?:www)?\.trust-it\.gr$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TrustArc.com.xml b/src/chrome/content/rules/TrustArc.com.xml
new file mode 100644
index 000000000000..46309f0577d0
--- /dev/null
+++ b/src/chrome/content/rules/TrustArc.com.xml
@@ -0,0 +1,13 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+		- go.trustarc.com
+-->
+<ruleset name="TrustArc.com">
+	<target host="trustarc.com" />
+	<target host="www.trustarc.com" />
+	<target host="download.trustarc.com" />
+	<target host="info.trustarc.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TrustKeeper.xml b/src/chrome/content/rules/TrustKeeper.xml
index 11e9daad7073..8a7afad774c4 100644
--- a/src/chrome/content/rules/TrustKeeper.xml
+++ b/src/chrome/content/rules/TrustKeeper.xml
@@ -1,25 +1,35 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://trustkeeper.net/ => https://trustkeeper.net/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.trustkeeper.net/ => https://www.trustkeeper.net/: (28, 'Connection timed out after 20001 milliseconds')
+
 	For other Trustwave coverage, see Trustwave.xml.
 
 
-	Problematic domains:
+	Insecure cookies are set for these hosts:
 
 		- trustkeeper.net
+		- www.trustkeeper.net
 
 -->
-<ruleset name="TrustKeeper">
+<ruleset name="TrustKeeper.net" default_off="failed ruleset test">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="trustkeeper.net" />
-	<target host="*.trustkeeper.net" />
+	<target host="sealserver.trustkeeper.net" />
+	<target host="www.trustkeeper.net" />
 
 
-	<securecookie host="^www\.trustkeeper\.net$" name=".+" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?trustkeeper\.net$" name="^(?:TKSESSION|i18nloc|sponsorId)$" /-->
 
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^https?://(?:www\.)?trustkeeper\.net/"
-		to="https://www.trustkeeper.net/" />
 
-	<rule from="^http://sealserver\.trustkeeper\.net/"
-		to="https://sealserver.trustkeeper.net/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/TrustSign.com.br.xml b/src/chrome/content/rules/TrustSign.com.br.xml
new file mode 100644
index 000000000000..39ab68b89a2e
--- /dev/null
+++ b/src/chrome/content/rules/TrustSign.com.br.xml
@@ -0,0 +1,36 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://seals.trustsign.com.br/ => https://seals.trustsign.com.br/: (6, 'Could not resolve host: seals.trustsign.com.br')
+Fetch error: http://security.trustsign.com.br/ => https://security.trustsign.com.br/: (6, 'Could not resolve host: security.trustsign.com.br')
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .trustsign.com.br
+		- seals.trustsign.com.br
+		- security.trustsign.com.br
+		- www.trustsign.com.br
+
+-->
+<ruleset name="TrustSign.com.br" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="trustsign.com.br" />
+	<target host="seals.trustsign.com.br" />
+	<target host="security.trustsign.com.br" />
+	<target host="www.trustsign.com.br" />
+
+
+	<!--	Incapsula cookies:
+					-->
+	<!--securecookie host="^\.trustsign\.com\.br$" name="^(?:incap_ses_\d+|visid_incap)_\d+$" /-->
+	<!--securecookie host="^(?:seals|security|www)\.trustsign\.com\.br$" name="^__utm[abm]\w+$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TrustTheVote.org-falsemixed.xml b/src/chrome/content/rules/TrustTheVote.org-falsemixed.xml
deleted file mode 100644
index ffb46768bc2d..000000000000
--- a/src/chrome/content/rules/TrustTheVote.org-falsemixed.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	For rules not causing false/broken MCB, see TrustTheVote.org.xml.
-
--->
-<ruleset name="TrustTheVote.org (false MCB)" platform="mixedcontent">
-
-	<target host="trustthevote.org" />
-	<target host="wordpress2.trustthevote.org" />
-	<target host="www.trustthevote.org" />
-		<!--
-			Handled in TrustTheVote.org.xml:
-							-->
-		<exclusion pattern="^http://(?:wordpress2\.|www\.)?trustthevote\.org/wp-(?:content|includes)/" />
-
-
-	<rule from="^http://(wordpress2\.|www\.)?trustthevote\.org/"
-		to="https://$1trustthevote.org/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/TrustTheVote.org.xml b/src/chrome/content/rules/TrustTheVote.org.xml
index 2a46e6b83c67..eb812e9650f2 100644
--- a/src/chrome/content/rules/TrustTheVote.org.xml
+++ b/src/chrome/content/rules/TrustTheVote.org.xml
@@ -1,57 +1,32 @@
 <!--
-	For rules causing false/broken MCB, see TrustTheVote.org-falsemixed.xml.
+	Problematic hosts in *trustthevote.org:
 
-
-	Fully covered subdomains:
-
-		- wiki
-
-
-	Partially covered subdomains:
-
-		- (www.) *
+		- wiki *
 		- wordpress2 *
 
-	* Avoiding false/broken MCB, rest handled in TrustTheVote.org-falsemixed.xml
-
-
-	Mixed content:
-
-		- Script on wordpress2 from osdv.org *
-
-		- css, on:
-
-			- wordpress2 from osdv.org *
-			- www from www *
-
-		- Images, on:
-
-			- wordpress2 from wordpress2 *
-			- www from www *
-			- www from www.trustlogo.com
-
-	* Secured by us
-
-
-	NB: We secure all active resources, and thus
-	-mixedcontent should be merged for Ffx 24.
+	* Mismatched
 
 -->
-<ruleset name="TrustTheVote.org (partial)">
+<ruleset name="TrustTheVote.org">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="trustthevote.org" />
-	<target host="*.trustthevote.org" />
-		<!--
-			Avoid false/broken MCB:
-						-->
-		<exclusion pattern="^http://(?:wordpress2\.|www\.)?trustthevote\.org/(?!wp-content/|wp-includes/)" />
+	<target host="www.trustthevote.org" />
+
+	<!--	Complications:
+				-->
+	<target host="wiki.trustthevote.org" />
+	<target host="wordpress2.trustthevote.org" />
+
 
+	<securecookie host=".+" name=".+" />
 
-	<securecookie host="^\.(?:wordpress2\.)?trustthevote\.org$" name="^__utm\w$" />
-	<securecookie host="^wiki\.trustthevote\.org$" name=".+" />
 
+	<rule from="^http://w(?:iki|ordpress2)\.trustthevote\.org/"
+		to="https://2014.wooconf.com/" />
 
-	<rule from="^http://((?:wiki|wordpress2|www)\.)?trustthevote\.org/"
-		to="https://$1trustthevote.org/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Trusted-Introducer.org.xml b/src/chrome/content/rules/Trusted-Introducer.org.xml
index e4af176b8474..b3c2e53182d1 100644
--- a/src/chrome/content/rules/Trusted-Introducer.org.xml
+++ b/src/chrome/content/rules/Trusted-Introducer.org.xml
@@ -1,15 +1,28 @@
 <!--
-	^trusted-introducer.nl doesn't exist.
+	Nonfunctional hosts in *trusted-introducer.org:
+
+		- tiw *
+
+	* Handshake fails
+
+
+	^trusted-introducer.org: Mismatched
 
 -->
 <ruleset name="Trusted-Introducer.org">
 
-	<target host="www.trusted-introducer.nl" />
-	<target host="trusted-introducer.org" />
+	<!--	Direct rewrites:
+				-->
 	<target host="www.trusted-introducer.org" />
+	<!--	Complications:
+				-->
+	<target host="trusted-introducer.org" />
+
 
+    <rule from="^http://trusted-introducer\.org/"
+        to="https://www.trusted-introducer.org/" />
 
-	<rule from="^http://(www\.)?trusted-introducer\.(nl|org)/"
-		to="https://$1trusted-introducer.$2/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Trusted-Shops.xml b/src/chrome/content/rules/Trusted-Shops.xml
deleted file mode 100644
index ca5495512987..000000000000
--- a/src/chrome/content/rules/Trusted-Shops.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<ruleset name="Trusted Shops (partial)">
-
-	<target host="trustedshops.*" />
-	<target host="www.trustedshops.*" />
-	<target host="trustedshops.co.uk" />
-	<target host="www.trustedshops.co.uk" />
-
-
-	<!--	- Cert only mathes www
-		- Some pages redirect to http
-			-->
-	<rule from="^https?://(?:www\.)?trustedshops\.(at|ch|com|co\.uk|de|es|fr|pl)/(b2c_int/|bewertung/|cms/assets/|merchants/(?:$|\?)|shoplogo/|\w\w/(?:buyer/login\.html|shop/))"
-		to="https://www.trustedshops.$1/$2" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/TrustedMessenger.com.xml b/src/chrome/content/rules/TrustedMessenger.com.xml
index 4292c41fe2ef..f077b3b80c72 100644
--- a/src/chrome/content/rules/TrustedMessenger.com.xml
+++ b/src/chrome/content/rules/TrustedMessenger.com.xml
@@ -1,13 +1,15 @@
 <ruleset name="TrustedMessenger.com">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="trustedmessenger.com" />
-	<target host="*.trustedmessenger.com" />
+	<target host="www.trustedmessenger.com" />
 
 
 	<securecookie host="^(?:www)?\.trustedmessenger\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?trustedmessenger\.com/"
-		to="https://$1trustedmessenger.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/TrustedSec.com.xml b/src/chrome/content/rules/TrustedSec.com.xml
index f3720f7ef54d..92c039a61b1e 100644
--- a/src/chrome/content/rules/TrustedSec.com.xml
+++ b/src/chrome/content/rules/TrustedSec.com.xml
@@ -1,10 +1,12 @@
 <ruleset name="TrustedSec.com">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="trustedsec.com" />
 	<target host="www.trustedsec.com" />
 
 
-	<rule from="^http://(www\.)?trustedsec\.com/"
-		to="https://$1trustedsec.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Trusted_CS.com.xml b/src/chrome/content/rules/Trusted_CS.com.xml
new file mode 100644
index 000000000000..d8dbb6a4f3e1
--- /dev/null
+++ b/src/chrome/content/rules/Trusted_CS.com.xml
@@ -0,0 +1,22 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://trustedcs.com/ => https://www.trustedcs.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.trustedcs.com/ => https://www.trustedcs.com/: (28, 'Connection timed out after 20000 milliseconds')
+
+	Raytheon Trusted Computer Solutions
+
+
+	^: cert only matches www
+
+-->
+<ruleset name="Trusted CS.com" default_off="failed ruleset test">
+
+	<target host="trustedcs.com" />
+	<target host="www.trustedcs.com" />
+
+
+	<rule from="^http://(?:www\.)?trustedcs\.com/"
+		to="https://www.trustedcs.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Trusted_Computing_Group.xml b/src/chrome/content/rules/Trusted_Computing_Group.xml
index 7350396e62c8..362ffba75529 100644
--- a/src/chrome/content/rules/Trusted_Computing_Group.xml
+++ b/src/chrome/content/rules/Trusted_Computing_Group.xml
@@ -1,13 +1,16 @@
-<ruleset name="Trusted Computing Group">
+<ruleset name="Trusted Computing Group.org">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="trustedcomputinggroup.org" />
+	<target host="members.trustedcomputinggroup.org" />
 	<target host="www.trustedcomputinggroup.org" />
 
 
-	<securecookie host="^www\.trustedcomputinggroup\.org$" name=".+" />
+	<securecookie host="^(?:www)?\.trustedcomputinggroup\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?trustedcomputinggroup\.org/"
-		to="https://$1trustedcomputinggroup.org/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Trusted_Reviews.xml b/src/chrome/content/rules/Trusted_Reviews.xml
index 6aa5bab11601..cfefc51f7e3f 100644
--- a/src/chrome/content/rules/Trusted_Reviews.xml
+++ b/src/chrome/content/rules/Trusted_Reviews.xml
@@ -23,14 +23,12 @@
 <ruleset name="Trusted Reviews (partial)">
 
 	<target host="trustedreviews.com" />
-	<target host="*.trustedreviews.com" />
+	<target host="static.trustedreviews.com" />
+	<target host="www.trustedreviews.com" />
 		<exclusion pattern="^http://(?:www\.)?trustedreviews\.com/(?!css/)" />
 
 
 	<rule from="^http://(?:secure\.|www\.)?trustedreviews\.com/"
 		to="https://secure.trustedreviews.com/" />
 
-	<rule from="^http://static\.trustedreviews\.com/"
-		to="https://a248.e.akamai.net/f/1974/9070/9m/static.trustedreviews.com/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Trusted_Shops.xml b/src/chrome/content/rules/Trusted_Shops.xml
new file mode 100644
index 000000000000..4a266c7700ad
--- /dev/null
+++ b/src/chrome/content/rules/Trusted_Shops.xml
@@ -0,0 +1,38 @@
+<!--
+	Non-functional hosts
+		4xx client error:
+		- static.trustedshops.com
+
+		Secure connection redirects to plaintext:
+		- www.trustedshops.com
+		- trustedshops.es
+		- www.trustedshops.es
+		- trustedshops.fr
+		- www.trustedshops.fr
+-->
+<ruleset name="Trusted Shops">
+	<!-- *trustedshops.at -->
+	<target host="trustedshops.at" />
+	<target host="www.trustedshops.at" />
+
+	<!-- *trustedshops.ch -->
+	<target host="trustedshops.ch" />
+	<target host="www.trustedshops.ch" />
+
+	<!-- *trustedshops.com -->
+	<target host="trustedshops.com" />
+
+	<!-- *trustedshops.de -->
+	<target host="trustedshops.de" />
+	<target host="www.trustedshops.de" />
+
+	<!-- *trustedshops.pl -->
+	<target host="trustedshops.pl" />
+	<target host="www.trustedshops.pl" />
+
+	<!-- *trustedshops.co.uk -->
+	<target host="trustedshops.co.uk" />
+	<target host="www.trustedshops.co.uk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Trusteer.com.xml b/src/chrome/content/rules/Trusteer.com.xml
new file mode 100644
index 000000000000..8e60a03dd2fe
--- /dev/null
+++ b/src/chrome/content/rules/Trusteer.com.xml
@@ -0,0 +1,40 @@
+<!--
+	For other IBM coverage, see IBM.xml.
+
+
+	Problematic subdomains:
+
+		- ^ ¹
+		- buildingtrust ²
+		- info ³
+
+	¹ Dropped
+	² Eloqua
+	³ Marketo
+
+
+	Mixed content:
+
+		- Images on www from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Trusteer.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.trusteer.com" />
+
+	<!--	Complications:
+				-->
+	<target host="trusteer.com" />
+
+
+	<rule from="^http://trusteer\.com/"
+		to="https://www.trusteer.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Trustico.xml b/src/chrome/content/rules/Trustico.xml
index 993dd39138bc..a4b709bcb6f7 100644
--- a/src/chrome/content/rules/Trustico.xml
+++ b/src/chrome/content/rules/Trustico.xml
@@ -1,6 +1,23 @@
-<ruleset name="Trustico">
- <target host="www.trustico.com" />
- <target host="trustico.com" />
+<!--
+	Nonfunctional hosts in *trustico.com:
+
+		- blog *
+
+	* Blogger
+
+-->
+<ruleset name="Trustico.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="trustico.com" />
+	<target host="order.trustico.com" />
+	<target host="resellers.trustico.com" />
+	<target host="secure.trustico.com" />
+	<target host="www.trustico.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
- <rule from="^http://(?:www\.)?trustico\.com/" to="https://www.trustico.com/" />
 </ruleset>
diff --git a/src/chrome/content/rules/Trustifier.com.xml b/src/chrome/content/rules/Trustifier.com.xml
new file mode 100644
index 000000000000..36c43b82af1e
--- /dev/null
+++ b/src/chrome/content/rules/Trustifier.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="Trustifier.com">
+
+	<target host="trustifier.com" />
+	<target host="www.trustifier.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Trustly.com.xml b/src/chrome/content/rules/Trustly.com.xml
new file mode 100644
index 000000000000..8be47056c257
--- /dev/null
+++ b/src/chrome/content/rules/Trustly.com.xml
@@ -0,0 +1,16 @@
+<!--
+	Other Trustly Group rulesets:
+
+		- Trustly.se.xml
+
+-->
+<ruleset name="Trustly.com">
+
+	<target host="trustly.com" />
+	<target host="www.trustly.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Trustly.se.xml b/src/chrome/content/rules/Trustly.se.xml
new file mode 100644
index 000000000000..83af51622145
--- /dev/null
+++ b/src/chrome/content/rules/Trustly.se.xml
@@ -0,0 +1,14 @@
+<!--
+	For other Trustly Group coverage, see Trustly.com.xml.
+
+-->
+<ruleset name="Trustly.se">
+
+	<target host="trustly.se" />
+	<target host="www.trustly.se" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Trustpilot.com.xml b/src/chrome/content/rules/Trustpilot.com.xml
index 23c794206bbd..ec56edea7e4c 100644
--- a/src/chrome/content/rules/Trustpilot.com.xml
+++ b/src/chrome/content/rules/Trustpilot.com.xml
@@ -3,18 +3,16 @@
 
 		- s3-eu-west-1.amazonaws.com/images.trustpilot.com/
 
-
-	Nonfunctional subdomains:
-
-		- (www.)	(refused)
-
 -->
-<ruleset name="Trustpilot.com (partial)">
+<ruleset name="Trustpilot.com">
 
+	<target host="trustpilot.com" />
 	<target host="images-static.trustpilot.com" />
+	<target host="widget.trustpilot.com" />
+	<target host="www.trustpilot.com" />
 
 
-	<rule from="^http://images-static\.trustpilot\.com/"
-		to="https://images-static.trustpilot.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Trustwave.xml b/src/chrome/content/rules/Trustwave.xml
index a785a8a6de40..5486800ccb23 100644
--- a/src/chrome/content/rules/Trustwave.xml
+++ b/src/chrome/content/rules/Trustwave.xml
@@ -1,40 +1,38 @@
+
 <!--
+The following targets have been disabled at 2020-04-17 18:38:06:
+
+Fetch error: http://mailmax.trustwave.com/ => https://mailmax.trustwave.com/: (35, 'error:14171102:SSL routines:tls_process_server_hello:unsupported protocol')
+
 	Other Trustwave rulesets:
 
-		- MySecureConnect.com.xml
-		- SecureConnect.com.xml
+		- Securetrust.com.xml
 		- TrustKeeper.xml
+		- Xramp.com.xml
 
 
-	Nonfunctional subdomains:
+	Nonfunctional hosts in *trustwave.com:
 
 		- go
-
-
-	Problematic domains:
-
-		- securetrust.com	(cert only matches www)
-
 -->
-<ruleset name="Trustwave (partial)">
+<ruleset name="Trustwave.com (partial)">
 
-	<target host="securetrust.com" />
-	<target host="www.securetrust.com" />
+	<!--	Direct rewrites:
+				-->
 	<target host="trustwave.com" />
-	<target host="*.trustwave.com" />
-	<target host="*.xramp.com" />
-
-
-	<securecookie host="^(?:.*\.)?trustwave\.com$" name=".+" />
+	<target host="login.trustwave.com" />
+	<!-- target host="mailmax.trustwave.com" /-->
+	<target host="pci.trustwave.com" />
+	<target host="scanmail.trustwave.com" />
+	<target host="sealserver.trustwave.com" />
+	<target host="ssl.trustwave.com" />
+	<target host="www.trustwave.com" />
 
 
-	<rule from="^https?://(?:www\.)?securetrust\.com/"
-		to="https://www.securetrust.com/" />
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://((?:login|mailmax|pci|scanmail|sealserver|ssl|www)\.)?trustwave\.com/"
-		to="https://$1trustwave.com/" />
 
-	<rule from="^http://s(eal|itedata)\.xramp\.com/"
-		to="https://s$1.xramp.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Trustworthy-Internet-Movement.xml b/src/chrome/content/rules/Trustworthy-Internet-Movement.xml
index a6009c62ccb1..9a7619472090 100644
--- a/src/chrome/content/rules/Trustworthy-Internet-Movement.xml
+++ b/src/chrome/content/rules/Trustworthy-Internet-Movement.xml
@@ -1,9 +1,13 @@
-<ruleset name="Trustworthy Internet Movement">
+<!--
+	Trustworthy Internet Movement
+
+-->
+<ruleset name="Trustworthy Internet.org">
 
 	<target host="trustworthyinternet.org"/>
 	<target host="www.trustworthyinternet.org"/>
 
-	<rule from="^http://(www\.)?trustworthyinternet\.org/"
-		to="https://$1trustworthyinternet.org/"/>
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/TruthMarket.xml b/src/chrome/content/rules/TruthMarket.xml
deleted file mode 100644
index c66402e505c1..000000000000
--- a/src/chrome/content/rules/TruthMarket.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	Needs exclusions.
-
--->
-<ruleset name="TruthMarket" default_off="buggy">
-
-	<target host="truthmarket.com" />
-	<target host="www.truthmarket.com" />
-
-
-	<securecookie host="^(?:www\.)?truthmarket\.com$" name=".*" />
-
-
-	<rule from="^http://(www\.)?truthmarket\.com/"
-		to="https://$1truthmarket.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Truth_in_Advertising.xml b/src/chrome/content/rules/Truth_in_Advertising.xml
index bada875a60c9..c5898dbd45e1 100644
--- a/src/chrome/content/rules/Truth_in_Advertising.xml
+++ b/src/chrome/content/rules/Truth_in_Advertising.xml
@@ -7,7 +7,6 @@
 	<securecookie host="^(?:www\.)?truthinadvertising\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?truthinadvertising\.org/"
-		to="https://$1truthinadvertising.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Truthdig.xml b/src/chrome/content/rules/Truthdig.xml
index 7d29a7382749..37a81b853019 100644
--- a/src/chrome/content/rules/Truthdig.xml
+++ b/src/chrome/content/rules/Truthdig.xml
@@ -3,9 +3,8 @@
 	<target host="truthdig.com"/>
 	<target host="www.truthdig.com"/>
 
-	<securecookie host="^(.*\.)?truthdig\.com$" name=".*"/>
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(www\.)?truthdig\.com/"
-		to="https://$1truthdig.com/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/TryMagPop.ca.xml b/src/chrome/content/rules/TryMagPop.ca.xml
new file mode 100644
index 000000000000..6d60f3292845
--- /dev/null
+++ b/src/chrome/content/rules/TryMagPop.ca.xml
@@ -0,0 +1,6 @@
+<ruleset name="TryMagPop.ca">
+	<target host="trymagpop.ca" />
+	<target host="www.trymagpop.ca" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Try_Celery.com.xml b/src/chrome/content/rules/Try_Celery.com.xml
new file mode 100644
index 000000000000..31b5e2167446
--- /dev/null
+++ b/src/chrome/content/rules/Try_Celery.com.xml
@@ -0,0 +1,16 @@
+<ruleset name="Try Celery.com">
+
+	<target host="trycelery.com" />
+	<target host="www.trycelery.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?trycelery\.com$" name="^connect\.sess$" /-->
+
+	<securecookie host="^(?:www\.)?trycelery\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Try_Haskell.org.xml b/src/chrome/content/rules/Try_Haskell.org.xml
new file mode 100644
index 000000000000..84b723840d3b
--- /dev/null
+++ b/src/chrome/content/rules/Try_Haskell.org.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .tryhaskell.org
+
+-->
+<ruleset name="Try Haskell.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="tryhaskell.org" />
+	<target host="www.tryhaskell.org" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.tryhaskell\.org$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.tryhaskell\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Try_Zen99.com.xml b/src/chrome/content/rules/Try_Zen99.com.xml
new file mode 100644
index 000000000000..918901f47d58
--- /dev/null
+++ b/src/chrome/content/rules/Try_Zen99.com.xml
@@ -0,0 +1,18 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://tryzen99.com/ => https://tryzen99.com/: (51, "SSL: no alternative certificate subject name matches target host name 'tryzen99.com'")
+
+-->
+<ruleset name="try Zen99.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="tryzen99.com" />
+	<target host="www.tryzen99.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Trygghansa.se.xml b/src/chrome/content/rules/Trygghansa.se.xml
index e4627d000b15..4990cf80dbcb 100644
--- a/src/chrome/content/rules/Trygghansa.se.xml
+++ b/src/chrome/content/rules/Trygghansa.se.xml
@@ -1,5 +1,5 @@
 <ruleset name="Trygghansa.se" platform="mixedcontent">
 	<target host="trygghansa.se" />
 	<target host="www.trygghansa.se" />
-	<rule from="^http://(www\.)?trygghansa\.se/" to="https://www.trygghansa.se/"/>
+	<rule from="^http://(?:www\.)?trygghansa\.se/" to="https://www.trygghansa.se/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/Tryton.org.xml b/src/chrome/content/rules/Tryton.org.xml
new file mode 100644
index 000000000000..6e2631e0eb14
--- /dev/null
+++ b/src/chrome/content/rules/Tryton.org.xml
@@ -0,0 +1,35 @@
+<!--
+	Mismatched:
+		- demo*.tryton.org (subdomain for each version, e.g. demo5.0.tryton.org)
+		- doc.tryton.org
+		- tub2013.tryton.org
+		- tub2016.tryton.org
+		- tuba2015.tryton.org
+		- tul2014.tryton.org
+		- videos.tryton.org
+		- debian.tryton.org
+-->
+<ruleset name="Tryton.org">
+	<target host="tryton.org" />
+	<target host="www.tryton.org" />
+	<target host="amagama.tryton.org" />
+	<target host="bugs.tryton.org" />
+	<target host="codereview.tryton.org" />
+	<target host="discuss.tryton.org" />
+	<target host="doc.tryton.org" />
+	<target host="docs.tryton.org" />
+	<target host="downloads.tryton.org" />
+	<target host="drone.tryton.org" />
+	<target host="git.tryton.org" />
+	<target host="goocalendar.tryton.org" />
+	<target host="hg.tryton.org" />
+	<target host="pootle.tryton.org" />
+	<target host="python-sql.tryton.org" />
+	<target host="relatorio.tryton.org" />
+	<target host="trydevpi.tryton.org" />
+	<target host="trypod.tryton.org" />
+	<target host="tul2017.tryton.org" />
+
+	<rule from="^http://doc\.tryton\.org/" to="https://docs.tryton.org/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Tsgstatic.com.xml b/src/chrome/content/rules/Tsgstatic.com.xml
new file mode 100644
index 000000000000..dbf42bc2b4bd
--- /dev/null
+++ b/src/chrome/content/rules/Tsgstatic.com.xml
@@ -0,0 +1,33 @@
+<!--
+	CDN buckets:
+
+		- d25jbto4vhnqrd.cloudfront.net
+
+			- [a-c]
+
+
+	Nonfunctional subdomains:
+
+		- attach *
+
+	* Shows web1.techguy.org
+
+
+	Problematic subdomains:
+
+		- [a-c] *
+
+	* Cloudfront
+
+-->
+<ruleset name="tsgstatic.com (partial)">
+
+	<target host="a.tsgstatic.com" />
+	<target host="b.tsgstatic.com" />
+	<target host="c.tsgstatic.com" />
+
+
+	<rule from="^http://[a-c]\.tsgstatic\.com/"
+		to="https://d25jbto4vhnqrd.cloudfront.net/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Tspr.ng.xml b/src/chrome/content/rules/Tspr.ng.xml
new file mode 100644
index 000000000000..0ddc39afe358
--- /dev/null
+++ b/src/chrome/content/rules/Tspr.ng.xml
@@ -0,0 +1,30 @@
+<!--
+	For other Teespring coverage, see Teespring.com.xml.
+
+
+	www.tspr.ng doesn't exist.
+
+
+	Insecure cookies are set for these domains:
+
+		- .tspr.ng
+
+-->
+<ruleset name="Tspr.ng">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="tspr.ng" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.tspr\.ng$" name="^(?:__cfduid|cf_clearanec)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Tsumino.com.xml b/src/chrome/content/rules/Tsumino.com.xml
new file mode 100644
index 000000000000..32b9613ea4c5
--- /dev/null
+++ b/src/chrome/content/rules/Tsumino.com.xml
@@ -0,0 +1,12 @@
+<!--
+	Invalid certificate:
+		r34.tsumino.com
+-->
+
+<ruleset name="Tsumino.com">
+	<target host="tsumino.com" />
+	<target host="www.tsumino.com" />
+	<target host="ga.tsumino.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ttk.ru.xml b/src/chrome/content/rules/Ttk.ru.xml
new file mode 100644
index 000000000000..6fe287994d9a
--- /dev/null
+++ b/src/chrome/content/rules/Ttk.ru.xml
@@ -0,0 +1,21 @@
+<!--nn. protocol error
+volga. timed out
+expo. expired
+baikal. timed out
+zs. timed out
+lg. timed out
+www.ural. mismatch
+www.su. timed out
+www.nn. protocol error
+www.klgd. self signed
+www.sever. refused
+www.baikal. timed out-->
+<ruleset name="Ttk.ru">
+	<target host="ttk.ru" />
+	<target host="www.ttk.ru" />
+	<target host="customer.ttk.ru" />
+	<target host="pay.ttk.ru" />
+	<target host="lk.ttk.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TuXingSun.net.xml b/src/chrome/content/rules/TuXingSun.net.xml
new file mode 100644
index 000000000000..e635c328b270
--- /dev/null
+++ b/src/chrome/content/rules/TuXingSun.net.xml
@@ -0,0 +1,31 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://tuxingsun.net/ => https://tuxingsun.net/: (6, 'Could not resolve host: tuxingsun.net')
+Fetch error: http://www.tuxingsun.net/ => https://www.tuxingsun.net/: (6, 'Could not resolve host: www.tuxingsun.net')
+
+	Insecure cookies are set for these hosts:
+
+		- tuxingsun.net
+		- www.tuxingsun.net
+
+-->
+<ruleset name="TuXingSun.net" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="tuxingsun.net" />
+	<target host="www.tuxingsun.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?tuxingsun\.net$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^(?:www\.)?tuxingsun\.net$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Tuakiri.ac.nz.xml b/src/chrome/content/rules/Tuakiri.ac.nz.xml
new file mode 100644
index 000000000000..523bfde5c0df
--- /dev/null
+++ b/src/chrome/content/rules/Tuakiri.ac.nz.xml
@@ -0,0 +1,28 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- tuakiri.ac.nz
+		- directory.tuakiri.ac.nz
+		- tuakiri.ac.nz
+
+-->
+<ruleset name="Tuakiri.ac.nz (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="tuakiri.ac.nz" />
+	<target host="directory.tuakiri.ac.nz" />
+	<target host="www.tuakiri.ac.nz" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:directory\.|www\.)?tuakiri\.ac.nz$" name="^BIGipServer[\w~.]+$" /-->
+
+	<securecookie host="^(?:directory\.|www\.)?tuakiri\.ac.nz$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Tub.ee.xml b/src/chrome/content/rules/Tub.ee.xml
new file mode 100644
index 000000000000..ee0e3c2a52c8
--- /dev/null
+++ b/src/chrome/content/rules/Tub.ee.xml
@@ -0,0 +1,25 @@
+<!--
+	HTTP redirects to NXDOMAIN:
+		- mail.meanings.eu
+		- mail.tub.ee
+		- mail.unscramble.eu
+-->
+<ruleset name="Tub.ee">
+	<!-- tub.ee -->
+	<target host="tub.ee" />
+	<target host="www.tub.ee" />
+	<target host="meanings.tub.ee" />
+	<target host="www.meanings.tub.ee" />
+	<target host="meaningseu.tub.ee" />
+	<target host="www.meaningseu.tub.ee" />
+	<target host="unscramble.tub.ee" />
+	<target host="www.unscramble.tub.ee" />
+
+	<!-- unscramble.eu -->
+	<target host="unscramble.eu" />
+	<target host="www.unscramble.eu" />
+	<target host="autodiscover.unscramble.eu" />
+	<target host="webdisk.unscramble.eu" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Tube4.me.xml b/src/chrome/content/rules/Tube4.me.xml
new file mode 100644
index 000000000000..482b527d9717
--- /dev/null
+++ b/src/chrome/content/rules/Tube4.me.xml
@@ -0,0 +1,31 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://tube4.me/ => https://tube4.me/: (60, 'SSL certificate problem: self signed certificate')
+Fetch error: http://www.tube4.me/ => https://www.tube4.me/: (60, 'SSL certificate problem: self signed certificate')
+
+-->
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://tube4.me/ => https://tube4.me/: (60, 'SSL certificate problem: self signed certificate')
+
+	Mixed content:
+
+		- Images from (www.) *
+
+	* Secured by us
+
+-->
+<ruleset name="Tube4.me" default_off="failed ruleset test">
+
+	<target host="tube4.me" />
+	<target host="www.tube4.me" />
+
+
+	<securecookie host="^\.tube4\.me$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TubeMogul.com.xml b/src/chrome/content/rules/TubeMogul.com.xml
index f507b36f1f19..ec7c0e112801 100644
--- a/src/chrome/content/rules/TubeMogul.com.xml
+++ b/src/chrome/content/rules/TubeMogul.com.xml
@@ -5,33 +5,173 @@
 
 			- cdn
 
-
-	Problematic subdomains:
-
-		- cdn		(works; mismatched, CN: edgecastcdn.net)
-		- landing	(works; mismatched, CN: *.unbounce.com)
-
-
-	Fully covered subdomains:
-
-		- (www.)
-		- cdn		(→ edgecast)
-		- rtb
+	Insecure cookies are set for these domains:
+
+		- .tubemogul.com
+
+	Cert mismatch:
+		- content.tubemogul.com
+		- as.geodns.tubemogul.com
+		- cdn.geodns.tubemogul.com
+		- pub.geodns.tubemogul.com
+		- rtb.geodns.tubemogul.com
+		- rtb-liverail.geodns.tubemogul.com
+		- static.inplay.tubemogul.com
+		- mgmt01.linode.tubemogul.com
+		- mgmt01.lqweb.tubemogul.com
+		- mldb03.tubemogul.com
+		- oltp02.tubemogul.com
+		- playtime-videos.tubemogul.com
+		- mgmt01.rtb.tm-iad-1a.tubemogul.com
+		- tmvpn02.tubemogul.com
+		- rtb-lb.us-east.tubemogul.com
+		- mgmt01.rtb2.us-east-1a.tubemogul.com
+		- mgmt01.rts.us-east-1a.tubemogul.com
+		- dev-mgmt01.us-east-1b.tubemogul.com
+		- monitor01.us-east-1b.tubemogul.com
+		- users.us-east-1b.tubemogul.com
+		- mgmt01.dbp.us-east-1d.tubemogul.com
+		- rtb-lb.us-west.tubemogul.com
+
+	Connection refused:
+		- app06.tubemogul.com
+		- mgmt01.rtb.eu-west-1a.tubemogul.com
+		- ln03.tubemogul.com
+		- asbr01a.tm-ams-1a.tubemogul.com
+		- asbr01b.tm-ams-1a.tubemogul.com
+		- asbr01a.tm-hkg-1a.tubemogul.com
+		- asbr01b.tm-hkg-1a.tubemogul.com
+		- asbr01a.tm-sjc-1a.tubemogul.com
+		- asbr01b.tm-sjc-1a.tubemogul.com
+		- mgmt01.rtb.us-east-1a.tubemogul.com
+
+	Self-signed cert:
+		- app07.tubemogul.com
+		- post.update.tubemogul.com
+		- s.update.tubemogul.com
+
+	Timeout:
+		- mgmt01.ap-southeast-1a.tubemogul.com
+		- mgmt01.rtb.ap-southeast-1a.tubemogul.com
+		- mgmt01.rtb2.ap-southeast-1a.tubemogul.com
+		- mgmt01.udb.ap-southeast-1a.tubemogul.com
+		- bck01.tubemogul.com
+		- storezone01.corp.tubemogul.com
+		- mgmt01.eu-west-1a.tubemogul.com
+		- gallery.tubemogul.com
+		- innertube.tubemogul.com
+		- investor.tubemogul.com
+		- jp.tubemogul.com
+		- oltp01.tubemogul.com
+		- promo.tubemogul.com
+		- facebook.promo.tubemogul.com
+		- rtb-lb-event-us-west.tubemogul.com
+		- fw01a.tm-hkg-1a.tubemogul.com
+		- tm01.tubemogul.com
+		- trac.tubemogul.com
+		- mgmt01.us-east-1a.tubemogul.com
+		- mgmt02.us-east-1a.tubemogul.com
+		- mgmt01.us-east-1b.tubemogul.com
+		- mgmt02.us-east-1b.tubemogul.com
+		- mgmt01.us-east-1d.tubemogul.com
+		- mgmt01.us-west-1a.tubemogul.com
+		- mgmt01.rtb.us-west-1a.tubemogul.com
+
+		TLS error:
+			- oltp10.tubemogul.com
+			- mgmt01.rtb.tm-sjc-1a.tubemogul.com
 
 -->
 <ruleset name="TubeMogul.com (partial)">
 
 	<target host="tubemogul.com" />
-	<target host="*.tubemogul.com" />
-
+	<target host="www.tubemogul.com" />
+
+	<target host="ad.tubemogul.com" />
+	<target host="ad-audit.tubemogul.com" />
+	<target host="ad-serv.tubemogul.com" />
+	<target host="adf.tubemogul.com" />
+	<target host="ads.tubemogul.com" />
+	<target host="as.tubemogul.com" />
+	<target host="as-lb-ap-southeast.tubemogul.com" />
+	<target host="as-lb-eu-west.tubemogul.com" />
+	<target host="as-lb-tm-iad.tubemogul.com" />
+	<target host="as-lb-us-east.tubemogul.com" />
+	<target host="as-lb-us-west.tubemogul.com" />
+	<target host="as-pub.tubemogul.com" />
+	<target host="asv.tubemogul.com" />
+	<target host="av.tubemogul.com" />
+	<target host="avf.tubemogul.com" />
+	<target host="br.tubemogul.com" />
+	<target host="cdn.tubemogul.com" />
+	<target host="cn.tubemogul.com" />
+	<target host="conv.tubemogul.com" />
+	<target host="convf.tubemogul.com" />
+	<target host="ct.tubemogul.com" />
+	<target host="display.tubemogul.com" />
+	<target host="education.tubemogul.com" />
+	<target host="es.tubemogul.com" />
+	<target host="es-419.tubemogul.com" />
+	<target host="es-la.tubemogul.com" />
+	<target host="fr.tubemogul.com" />
+	<target host="fr-fr.tubemogul.com" />
+	<target host="ibv.tubemogul.com" />
+	<target host="inplay.tubemogul.com" />
+	<target host="ja-jp.tubemogul.com" />
+	<target host="lb-sjc-rrd.tubemogul.com" />
+	<target host="maintenance.tubemogul.com" />
+	<target host="playtime.tubemogul.com" />
+	<target host="preprod.tubemogul.com" />
+	<target host="static.promo.tubemogul.com" />
+	<target host="psi.tubemogul.com" />
+	<target host="pt-br.tubemogul.com" />
+	<target host="pub.tubemogul.com" />
+	<target host="pv.tubemogul.com" />
+	<target host="pvf.tubemogul.com" />
+	<target host="rtb.tubemogul.com" />
+	<target host="rtb-ba-ad-us-east.tubemogul.com" />
+	<target host="rtb-ba-lb-ap-southeast.tubemogul.com" />
+	<target host="rtb-ba-lb-eu-west.tubemogul.com" />
+	<target host="rtb-ba-lb-us-east.tubemogul.com" />
+	<target host="rtb-lb-ap-southeast.tubemogul.com" />
+	<target host="rtb-lb-eu-west.tubemogul.com" />
+	<target host="rtb-lb-event-ap-southeast.tubemogul.com" />
+	<target host="rtb-lb-event-eu-west.tubemogul.com" />
+	<target host="rtb-lb-event-sjc.tubemogul.com" />
+	<target host="rtb-lb-event-tm-ams.tubemogul.com" />
+	<target host="rtb-lb-event-tm-iad.tubemogul.com" />
+	<target host="rtb-lb-event-us-east.tubemogul.com" />
+	<target host="rtb-lb-event-us-east-1a.tubemogul.com" />
+	<target host="rtb-lb-sjc.tubemogul.com" />
+	<target host="rtb-lb-us-east.tubemogul.com" />
+	<target host="rtb-lb-us-east-aws.tubemogul.com" />
+	<target host="rtb-lb-us-west.tubemogul.com" />
+	<target host="rtb-liverail.tubemogul.com" />
+	<target host="rtb-liverail-lb-ap-southeast.tubemogul.com" />
+	<target host="rtb-liverail-lb-eu-west.tubemogul.com" />
+	<target host="rtb-liverail-lb-us-east.tubemogul.com" />
+	<target host="rtb-liverail-lb-us-west.tubemogul.com" />
+	<target host="rtd.tubemogul.com" />
+	<target host="rtdf.tubemogul.com" />
+	<target host="sfp.tubemogul.com" />
+	<target host="stats.tubemogul.com" />
+	<target host="stats-rtapi.tubemogul.com" />
+	<target host="tmvpn.tubemogul.com" />
+	<target host="ud.tubemogul.com" />
+	<target host="userdblb.tubemogul.com" />
+	<target host="vast.tubemogul.com" />
+	<target host="vastproxy.tubemogul.com" />
+	<target host="vpn.tubemogul.com" />
+	<target host="ww.tubemogul.com" />
+	<target host="zh-cn.tubemogul.com" />
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.tubemogul\.com$" name="^_tmid$" /-->
 
 	<securecookie host="^\.tubemogul\.com$" name=".+" />
 
+	<rule from="^http:"
+		to="https:" />
 
-	<rule from="^http://(rtb\.|www\.)?tubemogul\.com/"
-		to="https://$1tubemogul.com/" />
-
-	<rule from="^http://cdn\.tubemogul\.com/"
-		to="https://ne1.wpc.edgecastcdn.net/001500/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/TubeOffline.com.xml b/src/chrome/content/rules/TubeOffline.com.xml
new file mode 100644
index 000000000000..ab21c676f37a
--- /dev/null
+++ b/src/chrome/content/rules/TubeOffline.com.xml
@@ -0,0 +1,31 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .tubeoffline.com
+
+-->
+<ruleset name="TubeOffline.com" default_off="redirects to http">
+
+	<target host="tubeoffline.com" />
+	<target host="www.tubeoffline.com" />
+
+		<!--	Redirects to http:
+						-->
+		<exclusion pattern="^http://(?:www\.)?tubeoffline\.com/(?:$|Contact-Pop/|images/|styles1\.css)" />
+
+			<test url="http://tubeoffline.com/Contact-Pop/css/contact.css" />
+			<test url="http://www.tubeoffline.com/images/logo-new.png" />
+			<test url="http://www.tubeoffline.com/styles1.css" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.tubeoffline\.com$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<!--securecookie host="." name="." /-->
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Tucows-mismatches.xml b/src/chrome/content/rules/Tucows-mismatches.xml
index 6800fdfa045b..d69857603d28 100644
--- a/src/chrome/content/rules/Tucows-mismatches.xml
+++ b/src/chrome/content/rules/Tucows-mismatches.xml
@@ -2,7 +2,7 @@
 	See Tucows.xml for rules that are on by default.
 
 -->
-<ruleset name="Tucows (mismatches)" default_off="mismatch" platform="mixedcontent">
+<ruleset name="Tucows (mismatches)" default_off="mismatched" platform="mixedcontent">
 
 	<target host="ispbilling.com" />
 	<target host="forums.ispbilling.com" />
@@ -28,7 +28,7 @@
 	<!--	- Cert: opensrs.net
 		- !www 301s to www
 					-->
-	<rule from="^https?://(?:www\.)?tucowsdomains\.com/"
+	<rule from="^http://(?:www\.)?tucowsdomains\.com/"
 		to="https://www.tucowsdomains.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Tucows.xml b/src/chrome/content/rules/Tucows.xml
index 86cc79d699c9..7ad9853bec9a 100644
--- a/src/chrome/content/rules/Tucows.xml
+++ b/src/chrome/content/rules/Tucows.xml
@@ -1,4 +1,14 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://contact-privacy.com/ => http://contact-privacy.com/: (6, 'Could not resolve host: contact-privacy.com')
+
+-->
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://contact-privacy.com/ => http://contact-privacy.com/: (28, 'Resolving timed out after 10520 milliseconds')
+
 	See Tucows-mismatches.xml for problematic rules.
 
 
@@ -12,15 +22,16 @@
 	Nonfunctional:
 
 		- (www.)accountservergroup.com	(ssl_error_rx_record_too_long)
+		- (www.)tucows.com ²
 		- www.tucowsdomains.com		(cert: opensrs.com
 
+	² Refused
+
 -->
-<ruleset name="Tucows (partial)">
+<ruleset name="Tucows (partial)" default_off="failed ruleset test">
 
 	<target host="contact-privacy.com" />
 	<target host="support.ispbilling.com" />
-	<target host="tucows.com" />
-	<target host="www.tucows.com" />
 
 
 	<!-- actually redirects as so -->
@@ -30,7 +41,4 @@
 	<rule from="^http://support\.ispbilling\.com/"
 		to="https://support.ispbilling.com/" />
 
-	<rule from="^http://(www\.)?tucows\.com/"
-		to="https://$1tucows.com/" />
-
 </ruleset>
diff --git a/src/chrome/content/rules/Tufts.edu.xml b/src/chrome/content/rules/Tufts.edu.xml
new file mode 100644
index 000000000000..c7c0292b6164
--- /dev/null
+++ b/src/chrome/content/rules/Tufts.edu.xml
@@ -0,0 +1,173 @@
+<!--
+	Other Tufts University rulesets:
+
+		- Floating_Hospital.org.xml
+		- Tufts_Giving.org.xml
+		- Tufts_Medical_Center.org.xml
+
+
+	Nonfunctional subdomains:
+
+		- (www.) ¹
+		- as ²
+		- gs.as ²
+		- campusmaps ¹
+		- enews ¹
+		- engineering ²
+		- events ¹
+		- giving ¹
+		- gradstudy ²
+		- go ¹
+		- hr ¹
+		- support.hsl ³
+		- infoboard ⁴
+		- (www.)nutrition ⁴
+		- socialmedia ¹
+		- tuftsjournal ⁵
+		- lb-infoboard-prod.uit ⁴
+		- uss ⁴
+		- viceprovost ¹
+		- webcomm ¹
+
+	¹ Refused
+	² Shows ase; mismatched, CN: ase.tufts.edu
+	³ Shows www.library; mismatched, CN: www.library.tufts.edu
+	⁴ Data differs from http
+	⁵ http reply
+
+
+	Problematic subdomains:
+
+		- admissions ¹
+		- medical.alumni ²
+		- directory ³
+		- md ⁴
+		- publichealth ⁴
+		- researchguides.library ⁵
+		- sackler ⁴
+		- uit ⁶
+		- whitepages ⁷
+
+	¹ ocsp failure
+	² Refused, destination supports tls
+	³ Mismatched, CN: whitepages.tufts.edu
+	⁴ Works; mismatched, CN: medicine.tufts.edu
+	⁵ Mismatched, CN: *.libguides.com
+	⁶ Refused; destination supports tls, but redirect is unpredictable
+	⁷ Mixed css from $self
+
+
+	Fully covered subdomains:
+
+		- medical.alumni	(→ medical)
+		- ase
+		- exchange
+		- it
+		- library
+		- illiad.library
+		- www.library
+		- m
+		- medicine
+		- webapps.moit
+		- now
+		- sites
+		- trunk
+		- ests01.uit
+		- infoboard-updates.uit
+		- isis.uit
+		- wikis.uit
+
+
+	Observed cookie domains:
+
+		- . ¹
+		- ase ²
+		- exchange ³
+		- m ²
+		- md ⁴
+		- medicine ²
+		- webapps.moit ²
+		- publichealth ⁴
+		- sackler ⁴
+		- trunk ²
+		- infoboard-updates.uit ²
+		- lb-infoboard-prod.uit ⁵
+		- isis.uit ²
+		- wikis.uit ⁶
+
+	¹ Not secured by us <= accounting for possible use on unsecurable domains
+	² Secured by us <= not secured by server
+	³ Some secured by server, the rest by us
+	⁴ Not secured by us <= cert mismatched
+	⁵ Not secured by us <= tls unsupported
+	⁶ Secured by server
+
+
+	Mixed content:
+
+		- css on whitepages from $self ¹
+
+		- Images, on:
+
+			- www.library from $self ¹
+			- medicine from assets.umb.edu ²
+			- now from distilleryimage\d.s3.amazonaws.com ¹
+			- sites from $self ¹
+			- whitepages from $self ¹
+
+		- Web bugs on sites from chat.zoho.com ¹
+
+	¹ Secured by us
+	² Unsecurable <= refused
+
+-->
+<ruleset name="Tufts.edu (partial)">
+
+	<target host="*.tufts.edu" />
+		<!--exclusion pattern="^http://(admissions|as|gs\.as|campusmaps|enews|engineering|events|giving|go|gradstudy|hr|support\.hsl|md|(www\.)?nutrition|publichealth|sackler|socialmedia|tuftsjournal|lb-infoboard-prod\.uit|uss|viceprovost|webcomm|www)\.tufts\.edu/" /-->
+		<!--
+			Avoid false/broken MCB:
+						-->
+		<exclusion pattern="^http://(?:directory|whitepages)\.tufts\.edu/+(?!css/|favicon\.ico|images/|main\.css)" />
+
+
+
+	<!--	Secured by server:
+					-->
+	<!--securecookie host="^exchange\.tufts\.edu$" name="^OutlookSession$" /-->
+	<!--securecookie host="^wikis\.uit\.tufts\.edu$" name="^JSESSIONID$" /-->
+	<!--
+		Not secured by server:
+					-->
+	<!--securecookie host="^\.tufts\.edu$" name="^(F5-ISISPA-PROD|III_EXPT_FILE|III_SESSION_ID|SESSION_LANGUAGE)$" /-->
+	<!--securecookie host="^ase\.tufts\.edu$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^exchange\.tufts\.edu$" name="^BIGipServertftmexarray01\.tufts\.ad\.tufts\.edu$" /-->
+	<!--securecookie host="^library\.tufts\.edu$" name="^SESSION_SCOPE$" /-->
+	<!--securecookie host="^m\.tufts\.edu$" name="^([\da-f]{32}|deviceClassification|visitID)$" /-->
+	<!--securecookie host="^(md|medicine|publichealth|sackler)\.tufts\.edu$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^webapps\.moit\.tufts\.edu$" name="^(ASP\.NET_SessionId|TMOSBrowservalidation|testCookie)$" /-->
+	<!--securecookie host="^trunk\.tufts\.edu$" name="^JSESSIONID$" /-->
+	<!--securecookie host="^infoboard-updates\.uit\.tufts\.edu$" name="^outages$" /-->
+	<!--securecookie host="^isis\.uit\.tufts\.edu$" name="^F5-PAPRD-COOKIE$" /-->
+
+	<securecookie host="^(?:ase|exchange|library|m|medicine|webapps\.moit|trunk|(?:infoboard-updates|isis)\.uit)\.tufts\.edu$" name=".+" />
+
+
+	<!--	Redirect preserves path and args:
+							-->
+	<rule from="^http://medical\.alumni\.tufts\.edu/+"
+		to="https://medicine.tufts.edu/Who-We-Are/Alumnia/" />
+
+	<rule from="^http://(ase|exchange|it|(?:illiad\.|www\.)?library|m|medicine|webapps\.moit|now|sites|trunk|(?:ests01|infoboard-updates|isis|wikis)\.uit|whitepages)\.tufts\.edu/"
+		to="https://$1.tufts.edu/" />
+
+	<rule from="^http://directory\.tufts\.edu/"
+		to="https://whitepages.tufts.edu/" />
+
+	<rule from="^http://researchguides\.library\.tufts\.edu/(?=css\d*/|data/|favicon\.ico|images/|include/|js\d*/)"
+		to="https://libguides.com/" />
+
+	<rule from="^http://uit\.tufts\.edu/+\??$"
+		to="https://it.tufts.edu/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Tufts_Giving.org.xml b/src/chrome/content/rules/Tufts_Giving.org.xml
new file mode 100644
index 000000000000..a46436a14be8
--- /dev/null
+++ b/src/chrome/content/rules/Tufts_Giving.org.xml
@@ -0,0 +1,17 @@
+<!--
+	For other Tufts University coverage, see Tufts.edu.xml.
+
+
+	www: cert only matches tuftsgiving.org
+
+-->
+<ruleset name="Tufts Giving.org">
+
+	<target host="tuftsgiving.org" />
+	<target host="www.tuftsgiving.org" />
+
+
+	<rule from="^http://(?:www\.)?tuftsgiving\.org/"
+		to="https://tuftsgiving.org/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Tufts_Medical_Center.org.xml b/src/chrome/content/rules/Tufts_Medical_Center.org.xml
new file mode 100644
index 000000000000..73828c59f9c7
--- /dev/null
+++ b/src/chrome/content/rules/Tufts_Medical_Center.org.xml
@@ -0,0 +1,31 @@
+<!--
+	For other Tufts University coverage, see Tufts.edu.xml.
+
+
+	Nonfunctional subdomains:
+
+		- jobs *
+
+	* Refused
+
+
+	^: mismatched
+
+-->
+<ruleset name="Tufts Medical Center.org (partial)">
+
+	<target host="tuftsmedicalcenter.org" />
+	<target host="www.tuftsmedicalcenter.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.tuftsmedicalcenter\.org$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^www\.tuftsmedicalcenter\.org$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?tuftsmedicalcenter\.org/"
+		to="https://www.tuftsmedicalcenter.org/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Tugg.com.xml b/src/chrome/content/rules/Tugg.com.xml
index 1c76812e6465..4e8202fb5513 100644
--- a/src/chrome/content/rules/Tugg.com.xml
+++ b/src/chrome/content/rules/Tugg.com.xml
@@ -5,7 +5,7 @@
 <ruleset name="Tugg.com (partial)">
 
 	<target host="tugg.com" />
-	<target host="*.tugg.com" />
+	<target host="www.tugg.com" />
 		<!--exclusion pattern="^http://(www\.)?tugg\.com/titles/" /-->
 
 
@@ -20,4 +20,4 @@
 	<rule from="^http://(?:www\.)?tugg\.com/(assets|system)/"
 		to="https://www.tugg.com/$1/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Tuleap.net.xml b/src/chrome/content/rules/Tuleap.net.xml
new file mode 100644
index 000000000000..84bf38f67e17
--- /dev/null
+++ b/src/chrome/content/rules/Tuleap.net.xml
@@ -0,0 +1,31 @@
+<!--
+	Nonfunctional subdomains:
+
+		- gerrit *
+
+	* Refused
+
+
+	Problematic subdomains:
+
+		- doc-en *
+
+	* ReadtheDocs
+
+-->
+<ruleset name="Tuleap.net (partial)">
+
+	<target host="tuleap.net" />
+	<target host="www.tuleap.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?tuleap\.net$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^(?:www\.)?tuleap\.net$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Tuleap.org.xml b/src/chrome/content/rules/Tuleap.org.xml
new file mode 100644
index 000000000000..995282096ac0
--- /dev/null
+++ b/src/chrome/content/rules/Tuleap.org.xml
@@ -0,0 +1,9 @@
+<ruleset name="Tuleap.org">
+
+	<target host="tuleap.org" />
+	<target host="www.tuleap.org" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Tulemar.xml b/src/chrome/content/rules/Tulemar.xml
new file mode 100644
index 000000000000..def1c8927ac4
--- /dev/null
+++ b/src/chrome/content/rules/Tulemar.xml
@@ -0,0 +1,17 @@
+<!--
+	Mismatched:
+		- 4tulemar.com
+		- www.4tulemar.com
+-->
+<ruleset name="Tulemar">
+	<target host="tulemar.com" />
+	<target host="www.tulemar.com" />
+
+	<target host="4tulemar.com" />
+	<target host="www.4tulemar.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://(www\.)?4tulemar\.com/" to="https://tulemar.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Tum.de.xml b/src/chrome/content/rules/Tum.de.xml
new file mode 100644
index 000000000000..3ccaff21e24f
--- /dev/null
+++ b/src/chrome/content/rules/Tum.de.xml
@@ -0,0 +1,14 @@
+<!--
+Technical University Munich
+-->
+<ruleset name="Tum.de">
+	<!-- main page -->
+  	<target host="tum.de" />
+  	<target host="www.tum.de" />
+	<!-- library -->
+	<target host="ub.tum.de" />
+	<target host="www.ub.tum.de" />
+	<target host="opac.ub.tum.de" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Tumblr-falsemixed.xml b/src/chrome/content/rules/Tumblr-falsemixed.xml
deleted file mode 100644
index 1e5338bcd46d..000000000000
--- a/src/chrome/content/rules/Tumblr-falsemixed.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<!--
-	For rules not causing false/broken MCB, see Tumblr.xml.
-
--->
-<ruleset name="Tumblr.com (false MCB)" platform="mixedcontent">
-
-	<target host="www.tumblr.com" />
-
-
-	<rule from="^http://www\.tumblr\.com/assets/html/"
-		to="https://www.tumblr.com/assets/html/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Tumblr.xml b/src/chrome/content/rules/Tumblr.xml
deleted file mode 100644
index f14a1dc723d7..000000000000
--- a/src/chrome/content/rules/Tumblr.xml
+++ /dev/null
@@ -1,148 +0,0 @@
-<!--
-	For rules causing false/broken MCB, see Tumblr.com-falsemixed.xml.
-
-
-	CDN buckets:
-
-		- s3.amazonaws.com/assets.tumblr.com/
-		- s3.amazonaws.com/data.tumblr.com/
-		- s3.amazonaws.com/static.tumblr.com/
-
-		- d2g9v1gts353nd.cloudfront.net
-
-			- a
-			- static
-			- v
-
-		- d2glp9604qyu8g.cloudfront.net
-
-			- assets
-
-		- d2pi0bc9ewx28h.cloudfront.net
-
-			- static
-
-		- degx20iof9o2c.cloudfront.net
-
-			- vt
-
-		- dssedc4qxg7o6.cloudfront.net
-
-			- media
-			- \d+.media
-
-		- duktadvmmowhi.cloudfront.net
-
-			- secure.static
-
-		- cs38.wac.edgecastcdn.net/...
-
-			- secure.assets
-
-		- wac.19b6.edgecastcdn.net/??19B6/
-
-			- platform.tumblr.com
-
-		- gs1.wac.edgecastcdn.net/8019B6/data.tumblr.com/
-		- a.tumblr.com.edgesuite.net
-		- assets.tumblr.com.edgesuite.net
-		- media.tumblr.com.edgesuite.net
-		- static.tumblr.com.edgesuite.net
-		- vt.tumblr.com.edgesuite.net
-
-
-	Nonfunctional subdomains:
-
-		- developers *
-		- engineering *
-		- staff *
-
-	* Dropped
-
-
-	Problematic subdomains:
-
-		- media		(cert only matches *.media)
-
-
-	Fully covered subdomains:
-
-		- a
-		- assets	(→ d2glp9604qyu8g.cloudfront.net)
-		- origin.assets
-		- secure.assets
-		- data
-		- media		(→ 31.media)
-		- \d+.media
-		- platform
-		- origin.platform
-		- static	(→ d2g9v1gts353nd.cloudfront.net)
-		- secure.static
-		- v
-		- vt
-
-
-	Mixed content:
-
-		- Scripts on www from assets *
-
-		- Images on www from assets *
-
-	* Secured by us
-
--->
-<ruleset name="Tumblr (partial)">
-
-	<target host="tumblr.com" />
-	<target host="*.tumblr.com" />
-
-
-	<!--	Tracking cookies:
-					-->
-	<securecookie host="^(?:secure\.assets|www)\.tumblr\.com$" name="^__utmf$" />
-
-
-	<!--	These paths 302 to http:
-
-			- about$
-			- apps$
-			- audio_file/
-			- dashboard$
-			- dashboard/iframe
-			- developers$
-			- docs/en/api/v2$
-			- docs/en/buttons$
-			- goto/
-			- jobs$
-			- like/
-			- policy/en/community$
-			- policy/en/privacy$
-			- policy/en/terms_of_service$
-			- press$
-			- reblog/
-			- share$
-			- sponsors$
-			- submit_form_js/
-			- themes/
-			- tips$
-			- upload/image
-					-->
-	<rule from="^http://(www\.)?tumblr\.com/(?=$|dmca|examples/share/\w|(?:forgot_password|impixu|register|teaser)(?:$|[?/])|images/|javascript/|login|logout|photo/|register|settings/|svc/log/|svc/teaser(?:$|[#?/]))"
-		to="https://$1tumblr.com/" />
-
-	<rule from="^http://(a|(?:origin|secure)\.assets|\d+\.media|platform|origin\.platform|secure\.static|vt?)\.tumblr\.com/"
-		to="https://$1.tumblr.com/" />
-
-	<rule from="^http://assets\.tumblr\.com/"
-		to="https://d2glp9604qyu8g.cloudfront.net/" />
-
-	<rule from="^http://data\.tumblr\.com/"
-		to="https://gs1.wac.edgecastcdn.net/8019B6/data.tumblr.com/" />
-
-	<rule from="^http://media\.tumblr\.com/"
-		to="https://31.media.tumblr.com/" />
-
-	<rule from="^http://static\.tumblr\.com/"
-		to="https://d2g9v1gts353nd.cloudfront.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Tumri.net.xml b/src/chrome/content/rules/Tumri.net.xml
deleted file mode 100644
index bd9d8ae723a3..000000000000
--- a/src/chrome/content/rules/Tumri.net.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	Web bugs.
-
--->
-<ruleset name="Tumri.net">
-
-	<target host="*.tumri.net" />
-
-
-	<securecookie host="^\.tumri\.net$" name=".+" />
-
-
-	<rule from="^http://ats\.tumri\.net/"
-		to="https://ats.tumri.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Tune.pk.xml b/src/chrome/content/rules/Tune.pk.xml
new file mode 100644
index 000000000000..ae192b2e2c6b
--- /dev/null
+++ b/src/chrome/content/rules/Tune.pk.xml
@@ -0,0 +1,29 @@
+<!--
+	Mixed content:
+
+		- Images, from:
+
+			- lwx00[235-7].gear3rd.com *
+			- storage9.gear3rd.com *
+			- storage1[35-9].gear3rd.com *
+			- storage2[12].gear3rd.com *
+
+	* Unsecurable <= dropped
+
+-->
+<ruleset name="Tune.pk">
+
+	<target host="tune.pk" />
+	<target host="www.tune.pk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?tune\.pk$" name="^(PHPSESSID|fb_\d+_state|pageredir)$" /-->
+
+	<securecookie host="^(?:\.|www\.)?tune\.pk$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Tunespeak.com.xml b/src/chrome/content/rules/Tunespeak.com.xml
new file mode 100644
index 000000000000..0696dbe49f07
--- /dev/null
+++ b/src/chrome/content/rules/Tunespeak.com.xml
@@ -0,0 +1,14 @@
+<ruleset name="Tunespeak.com">
+
+	<target host="stagingspeak.com" />
+	<target host="tunespeak.com" />
+	<target host="www.stagingspeak.com" />
+	<target host="www.tunespeak.com" />
+
+
+	<securecookie host="^\.(?:staging|tune)speak\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Tuning_World.xml b/src/chrome/content/rules/Tuning_World.xml
deleted file mode 100644
index e2ac8434ad32..000000000000
--- a/src/chrome/content/rules/Tuning_World.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Tuning World">
-
-	<target host="tuningworld.com.au" />
-	<target host="www.tuningworld.com.au" />
-
-
-	<securecookie host="^(?:www\.)?tuningworld\.com\.au$" name=".+" />
-
-
-	<rule from="^http://(www\.)?tuningworld\.com\.au/"
-		to="https://$1tuningworld.com.au/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Tunisia-Sat.xml b/src/chrome/content/rules/Tunisia-Sat.xml
index c634b87a3d69..038e1eb05d3b 100644
--- a/src/chrome/content/rules/Tunisia-Sat.xml
+++ b/src/chrome/content/rules/Tunisia-Sat.xml
@@ -1,15 +1,28 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .tunisia-sat.com
+		- .tunisia-sat.com.tn
+
+-->
 <ruleset name="Tunisia-Sat">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="tunisia-sat.com" />
-	<target host="*.tunisia-sat.com" />
+	<target host="www.tunisia-sat.com" />
 	<target host="tunisia-sat.com.tn" />
-	<target host="*.tunisia-sat.com.tn" />
+	<target host="www.tunisia-sat.com.tn" />
+
 
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.tunisia-sat\.com(\.tn)?$" name="^(__cfduid|cf_clearance)$" /-->
 
 	<securecookie host="^\.tunisia-sat\.com(?:\.tn)?$" name=".+" />
 
 
-	<rule from="^http://(www\.)?tunisia-sat\.com(\.tn)?/"
-		to="https://$1tunisia-sat.com$2/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/TunnelBear.xml b/src/chrome/content/rules/TunnelBear.xml
deleted file mode 100644
index 9515dafe3f90..000000000000
--- a/src/chrome/content/rules/TunnelBear.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="TunnelBear">
-  <target host="www.Tunnelbear.com" />
-  <target host="tunnelbear.com" />
-
-  <rule from="^http://(?:www\.)?tunnelbear\.com/" to="https://www.tunnelbear.com/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/TunnelBroker.xml b/src/chrome/content/rules/TunnelBroker.xml
index e0969c31a018..615f4b82e31a 100644
--- a/src/chrome/content/rules/TunnelBroker.xml
+++ b/src/chrome/content/rules/TunnelBroker.xml
@@ -1,13 +1,23 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ipv6.tunnelbroker.com/ => https://ipv6.tunnelbroker.net/: (7, '')
+Fetch error: http://ipv6.tunnelbroker.net/ => https://ipv6.tunnelbroker.net/: (7, '')
+
+
 	For other Hurricane Electric coverage, see HurricaneElectric.xml.
 
 -->
-<ruleset name="HE Tunnel Broker">
+<ruleset name="HE Tunnel Broker" default_off="failed ruleset test">
 
 	<target host="tunnelbroker.com" />
-	<target host="*.tunnelbroker.com" />
+	<target host="www.tunnelbroker.com" />
+	<target host="ipv4.tunnelbroker.com" />
+	<target host="ipv6.tunnelbroker.com" />
 	<target host="tunnelbroker.net" />
-	<target host="*.tunnelbroker.net" />
+	<target host="www.tunnelbroker.net" />
+	<target host="ipv4.tunnelbroker.net" />
+	<target host="ipv6.tunnelbroker.net" />
 
 
 	<securecookie host="^(?:.*\.)?tunnelbroker\.net$" name=".+" />
@@ -15,7 +25,7 @@
 
 	<!--	Certificate only covers the tunnelbroker.net domain, not .com
 									-->
-	<rule from="^http://(ipv[46]\.|www\.)?tunnelbroker\.(?:com|net)/"
+	<rule from="^http://(\w+\.)?tunnelbroker\.(?:com|net)/"
 		to="https://$1tunnelbroker.net/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Turath.co.uk.xml b/src/chrome/content/rules/Turath.co.uk.xml
new file mode 100644
index 000000000000..6aa6e44b9bbf
--- /dev/null
+++ b/src/chrome/content/rules/Turath.co.uk.xml
@@ -0,0 +1,8 @@
+<ruleset name="Turath.co.uk">
+	<target host="turath.co.uk" />
+	<target host="www.turath.co.uk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TurboSquid.xml b/src/chrome/content/rules/TurboSquid.xml
index d6309815878e..2c6333ed02a8 100644
--- a/src/chrome/content/rules/TurboSquid.xml
+++ b/src/chrome/content/rules/TurboSquid.xml
@@ -1,4 +1,6 @@
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://turbosquid.com/ => https://turbosquid.com/: Cycle detected - URL already encountered: https://www.turbosquid.com/index.cfm
 	Nonfunctional subdomains:
 
 		- support	(redirects to http, zendesk instance with valid cert)
@@ -7,17 +9,15 @@
 <ruleset name="TurboSquid (partial)">
 
 	<target host="turbosquid.com" />
-	<target host="*.turbosquid.com" />
+	<target host="support.turbosquid.com" />
+	<target host="www.turbosquid.com" />
+	<target host="sitefiles.turbosquid.com" />
 		<exclusion pattern="^http://support\.turbosquid\.com/(?!generated/)" />
 
 
 	<securecookie host="^\.(?:www\.)?turbosquid\.com$" name=".+" />
 
 
-	<rule from="^http://(support\.|www\.)?turbosquid\.com/"
-		to="https://$1turbosquid.com/" />
+	<rule from="^http:" to="https:" />
 
-	<rule from="^https?://sitefiles\.turbosquid\.com/"
-		to="https://d3vuj04fwiko4o.cloudfront.net/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/TurboTax.com.xml b/src/chrome/content/rules/TurboTax.com.xml
new file mode 100644
index 000000000000..a66009b734f5
--- /dev/null
+++ b/src/chrome/content/rules/TurboTax.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="TurboTax.com">
+	<target host="turbotax.com" />
+	<target host="www.turbotax.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Turbobytes.com.xml b/src/chrome/content/rules/Turbobytes.com.xml
index a4c55c09558d..a51e63c0be3a 100644
--- a/src/chrome/content/rules/Turbobytes.com.xml
+++ b/src/chrome/content/rules/Turbobytes.com.xml
@@ -17,7 +17,6 @@
 	<securecookie host="^my\.turbobytes\.com$" name=".+" />
 
 
-	<rule from="^http://my\.turbobytes\.com/"
-		to="https://my.turbobytes.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Turbobytes.net.xml b/src/chrome/content/rules/Turbobytes.net.xml
index 0c9282377ad1..57e663b2eb90 100644
--- a/src/chrome/content/rules/Turbobytes.net.xml
+++ b/src/chrome/content/rules/Turbobytes.net.xml
@@ -1,16 +1,21 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://az.turbobytes.net/ => https://az.turbobytes.net/: (6, 'Could not resolve host: az.turbobytes.net')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://az.turbobytes.net/ => https://az.turbobytes.net/: (6, 'Could not resolve host: az.turbobytes.net')
 	For other Turbobytes coverage, see Turbobytes.com.xml.
 
 
 	az serves ads.
 
 -->
-<ruleset name="Turbobytes.net">
+<ruleset name="Turbobytes.net" default_off="failed ruleset test">
 
 	<target host="az.turbobytes.net" />
 
 
-	<rule from="^http://az\.turbobytes\.net/"
-		to="https://az.turbobytes.net/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Turkiye.gov.tr.xml b/src/chrome/content/rules/Turkiye.gov.tr.xml
new file mode 100644
index 000000000000..4fc6c557a8b7
--- /dev/null
+++ b/src/chrome/content/rules/Turkiye.gov.tr.xml
@@ -0,0 +1,13 @@
+<ruleset name="Türkiye.gov.tr">
+	<target host="turkiye.gov.tr" />
+	<target host="www.turkiye.gov.tr" />
+	<target host="giris.turkiye.gov.tr" />
+	<target host="kamu.turkiye.gov.tr" />
+	<target host="mobil.turkiye.gov.tr" />
+	<target host="static.turkiye.gov.tr" />
+		<test url="http://static.turkiye.gov.tr/themes/mobil/main.js" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Turn.com.xml b/src/chrome/content/rules/Turn.com.xml
index 2c97db5d0c15..11196149e984 100644
--- a/src/chrome/content/rules/Turn.com.xml
+++ b/src/chrome/content/rules/Turn.com.xml
@@ -1,19 +1,75 @@
 <!--
-	Nonfunctional subdomains:
+	Chain issues:
+		- mag.sjc2.turn.com
+		- ra01.sjc2.turn.com
 
-		- ^
-		- www		(503, akamai)
+	Connection refused:
+		- info.turn.com
 
--->
-<ruleset name="Turn.com">
+	Self-signed cert:
+		- analytics.turn.com
+		- bomgar.turn.com
+		- corp1.sjc2.turn.com
+
+	Timeout:
+		- mag.atl1.turn.com
+		- ra01.atl1.turn.com
+		- bid-spotxchange-sjc2.turn.com
+		- ftp2.turn.com
 
-	<target host="*.turn.com" />
+	TLS error:
+		- bid-atl1.turn.com
+		- bid-sjc2.turn.com
+		- bid.turn.com
 
+	Cert mismatch:
+		- turn.com
+		- www.turn.com
+		- ak.ad.turn.com
+		- ad2.turn.com
+		- akamai.turn.com
+		- emb.akamai.turn.com
+		- blog.turn.com
+		- cdn.turn.com
+		- developer.turn.com
+		- e.turn.com
+		- img.turn.com
+		- metrics.turn.com
+		- pages.turn.com
+		- static.turn.com
+		- status.turn.com
+		- trust.turn.com
+-->
+<ruleset name="Turn.com (partial)" >
 
-	<!--securecookie host="^\.turn\.com$" name="^uid$" /-->
+	<target host="ad.turn.com" />
+	<target host="ad2.cdns.turn.com" />
+	<target host="console.turn.com" />
+	<target host="creative-preview.turn.com" />
+	<target host="d-atl1.turn.com" />
+	<target host="d-hkg1.turn.com" />
+	<target host="d.turn.com" />
+	<target host="img.cdns.turn.com" />
+	<target host="origin-cdn.turn.com" />
+	<target host="presentation-ams1.turn.com" />
+	<target host="presentation-atl1.turn.com" />
+	<target host="presentation-hkg1.turn.com" />
+	<target host="presentation-sjc2.turn.com" />
+	<target host="preview.turn.com" />
+	<target host="r.turn.com" />
+	<target host="redbull-as.turn.com" />
+	<target host="redbull.turn.com" />
+	<target host="rwcvpn1.turn.com" />
+	<target host="sd.turn.com" />
+	<target host="sr.turn.com" />
+	<target host="tb-prd.turn.com" />
+	<target host="tb.turn.com" />
+	<target host="vid1.cdns.turn.com" />
+	<target host="vidyo.turn.com" />
 
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(akamai|console|d|r)\.turn\.com/"
-		to="https://$1.turn.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/TurnKey_Linux.org.xml b/src/chrome/content/rules/TurnKey_Linux.org.xml
new file mode 100644
index 000000000000..ff6850ec3280
--- /dev/null
+++ b/src/chrome/content/rules/TurnKey_Linux.org.xml
@@ -0,0 +1,40 @@
+<!--
+	NB: Tor users cannot view* this website due to CloudFlare settings.
+
+	See:
+
+		- https://blog.torproject.org/blog/call-arms-helping-internet-services-accept-anonymous-users
+		- https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block-Tor-
+		- https://support.cloudflare.com/hc/en-us/articles/200170206-How-do-I-turn-I-m-Under-Attack-mode-on-
+
+	* without enabling javascript, for security and privacy implications see e.g.:
+
+		- https://www.mozilla.org/security/known-vulnerabilities/firefox.html
+		- https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-fingerprinting
+		- https://panopticlick.eff.org
+
+
+	Insecure cookies are set for these domains:
+
+		- .turnkeylinux.org
+
+-->
+<ruleset name="TurnKey Linux.org">
+
+	<target host="turnkeylinux.org" />
+	<target host="hub.turnkeylinux.org" />
+	<target host="www.turnkeylinux.org" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.turnkeylinux\.org$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TurnTo.com.xml b/src/chrome/content/rules/TurnTo.com.xml
new file mode 100644
index 000000000000..809f089fb962
--- /dev/null
+++ b/src/chrome/content/rules/TurnTo.com.xml
@@ -0,0 +1,23 @@
+<!--
+	Other TurnTo.com related rulesets:
+		+ TurnToNetworks.com.xml
+
+	Non-functional hosts
+		Timeout was reached:
+			 - developers.turnto.com
+
+		SSL peer certificate was not OK:
+			 - email.turnto.com
+
+		4xx client error:
+			 - api.turnto.com
+-->
+<ruleset name="TurnTo.com">
+	<target host="turnto.com" />
+	<target host="www.turnto.com" />
+	<target host="static.www.turnto.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TurnToNetworks.com.xml b/src/chrome/content/rules/TurnToNetworks.com.xml
new file mode 100644
index 000000000000..f30fbb87042f
--- /dev/null
+++ b/src/chrome/content/rules/TurnToNetworks.com.xml
@@ -0,0 +1,20 @@
+<!--
+	For other TurnTo.com related rulesets, see TurnTo.com.xml
+
+	Non-functional hosts
+		Timeout was reached:
+			 - turntonetworks.com
+
+		SSL peer certificate was not OK:
+			 - www2.turntonetworks.com
+-->
+<ruleset name="TurnToNetworks.com">
+	<target host="turntonetworks.com" />
+	<target host="www.turntonetworks.com" />
+	<target host="www2.turntonetworks.com" />
+
+	<rule from="^http://(www2\.)?turntonetworks\.com/"
+			to="https://www.turntonetworks.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TurnTo_Networks.xml b/src/chrome/content/rules/TurnTo_Networks.xml
deleted file mode 100644
index 915eb71a4ed6..000000000000
--- a/src/chrome/content/rules/TurnTo_Networks.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="TurnTo Networks (partial)">
-
-	<target host="static.www.turnto.com" />
-
-
-	<rule from="^http://static\.www\.turnto\.com/"
-		to="https://static.www.turnto.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Turn_Game_Studios.xml b/src/chrome/content/rules/Turn_Game_Studios.xml
index 677726da14a0..66e4fb020c4b 100644
--- a/src/chrome/content/rules/Turn_Game_Studios.xml
+++ b/src/chrome/content/rules/Turn_Game_Studios.xml
@@ -1,13 +1,12 @@
 <ruleset name="Turn Game Studios">
 
 	<target host="turngs.com" />
-	<target host="*.turngs.com" />
+	<target host="www.turngs.com" />
 
 
 	<securecookie host="^\.turngs\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?turngs\.com/"
-		to="https://$1turngs.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Turn_On_Social.xml b/src/chrome/content/rules/Turn_On_Social.xml
deleted file mode 100644
index 74a11fc591ce..000000000000
--- a/src/chrome/content/rules/Turn_On_Social.xml
+++ /dev/null
@@ -1,26 +0,0 @@
-<!--
-	www doesn't exist.
-
-
-	Problematic subdomains:
-
-		- cdn-css *
-		- cdn-js-body *
-		- cdn-js-body *
-
-	* 404; mismatched, CN: *.netdna-ssl.com
-
--->
-<ruleset name="Turn On Social">
-
-	<target host="turnonsocial.com" />
-	<target host="*.turnonsocial.com" />
-
-
-	<securecookie host="^\.?turnonsocial\.com$" name=".+" />
-
-
-	<rule from="^http://(?:cdn-[\w-]+\.)?turnonsocial\.com/"
-		to="https://turnonsocial.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Turner.com.xml b/src/chrome/content/rules/Turner.com.xml
index 78f9432d3745..9e8b61c7582a 100644
--- a/src/chrome/content/rules/Turner.com.xml
+++ b/src/chrome/content/rules/Turner.com.xml
@@ -1,4 +1,9 @@
 <!--
+	Other Turner rulesets:
+
+		- AdultSwim.com.xml
+
+
 	CDN buckets:
 
 		- s.cdn.turner.com.edgekey.net
@@ -17,38 +22,43 @@
 
 	Nonfunctional subdomains:
 
+		- (www.)? ¹
 		- news		(dropped)
 
+	¹ Refused
+
 
 	Problematic subdomains:
 
 		- z.cdn		(503, akamai)
 
 
-	Fully covered subdomains:
-
-		- (www.)
-
-		- cdn subdomains:
+	Partially covered subdomains:
 
-			- i *
-			- i1 *
-			- s
-			- z *
+		- i *
+		- i1 *
+		- s *
+		- z *
 
-	* (→ s.cdn)
+	* CNN video streaming-related exclusions
 
 -->
-<ruleset name="Turner.com (partial)">
+<ruleset name="Turner.com (partial)" default_off="Needs ruleset tests">
 
-	<target host="turner.com" />
 	<target host="*.turner.com" />
+		<!--
+			Attempt at fixing CNN video streaming:
+								-->
+		<exclusion pattern="^http://(?:i\d?|s|z)\.cdn\.turner\.com/.*(?:crossdomain\.xml|\.swf)(?:$|\?)" />
 
+			<!--	-ve:
+					-->
+			<test url="http://i.cdn.turner.com/adultswim/big/img/global/adult-swim-logo.png" />
+			<test url="http://i.cdn.turner.com/adultswim/tools/css/global.css" />
+			<test url="http://s.cdn.turner.com/adultswim/footer/legal/tools/img/ad-choices-logo-small.gif" />
 
-	<rule from="^http://(www\.)?turner\.com/"
-		to="https://$1turner.com/" />
 
 	<rule from="^http://(?:i\d?|s|z)\.cdn\.turner\.com/"
 		to="https://s.cdn.turner.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Turris.cz.xml b/src/chrome/content/rules/Turris.cz.xml
new file mode 100644
index 000000000000..09e8c35320f6
--- /dev/null
+++ b/src/chrome/content/rules/Turris.cz.xml
@@ -0,0 +1,35 @@
+<!--
+	For other CZ.NIC coverage, see Nic.cz.xml.
+
+
+	These altnames don't exist:
+
+		- web.turris.cz
+
+
+	Insecure cookies are set for these hosts:
+
+		- omnia.turris.cz
+		- www.turris.cz
+
+-->
+<ruleset name="Turris.cz">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="turris.cz" />
+	<target host="omnia.turris.cz" />
+	<target host="www.turris.cz" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:omnia\.|www\.)?turris\.cz$" name="^csrftoken$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Turtl.it.xml b/src/chrome/content/rules/Turtl.it.xml
new file mode 100644
index 000000000000..d4e5fd264de1
--- /dev/null
+++ b/src/chrome/content/rules/Turtl.it.xml
@@ -0,0 +1,12 @@
+<ruleset name="Turtl.it">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="turtl.it" />
+	<target host="www.turtl.it" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Turtlebeach.xml b/src/chrome/content/rules/Turtlebeach.xml
new file mode 100644
index 000000000000..eba097ba69ca
--- /dev/null
+++ b/src/chrome/content/rules/Turtlebeach.xml
@@ -0,0 +1,6 @@
+<ruleset name="Turtlebeach">
+	<target host="support.turtlebeach.com" />
+	<target host="www.turtlebeach.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TusFiles.xml b/src/chrome/content/rules/TusFiles.xml
new file mode 100644
index 000000000000..c7a787495fa2
--- /dev/null
+++ b/src/chrome/content/rules/TusFiles.xml
@@ -0,0 +1,50 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://r.tusfiles.net/ => https://r.tusfiles.net/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://support.tusfiles.net/ => https://support.tusfiles.net/: (6, 'Could not resolve host: support.tusfiles.net')
+
+	Insecure cookies are set for these domains:
+
+		- .tusfiles.net
+
+
+	Mixed content:
+
+		- Bug on (www.)? from sstatic1.histats.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="TusFiles.net" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+        <target host="tusfiles.net" />
+        <target host="*.tusfiles.net" />
+
+		<test url="http://a.tusfiles.net/" />
+		<test url="http://f.tusfiles.net/" />
+		<test url="http://i.tusfiles.net/" />
+		<test url="http://l.tusfiles.net/" />
+		<test url="http://m.tusfiles.net/" />
+		<test url="http://o.tusfiles.net/" />
+		<test url="http://r.tusfiles.net/" />
+		<test url="http://support.tusfiles.net/" />
+		<test url="http://t.tusfiles.net/" />
+		<test url="http://www.tusfiles.net/" />
+		<test url="http://www3.tusfiles.net/" />
+		<test url="http://z.tusfiles.net/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.tusfiles\.net$" name="^lang$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+        <rule from="^http:"
+                to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Tutor.com.xml b/src/chrome/content/rules/Tutor.com.xml
index e0c6ee29338a..25a059076be9 100644
--- a/src/chrome/content/rules/Tutor.com.xml
+++ b/src/chrome/content/rules/Tutor.com.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://tutor.com/ => http://tutor.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
 	Problematic subdomains:
 
 		- ^	(works, cert only matches www)
@@ -7,10 +11,11 @@
 	Some pages redirect to http.
 
 -->
-<ruleset name="Tutor.com (partial)">
+<ruleset name="Tutor.com (partial)" default_off="failed ruleset test">
 
 	<target host="tutor.com" />
-	<target host="*.tutor.com" />
+	<target host="www.tutor.com" />
+	<target host="media.tutor.com" />
 
 
 	<rule from="^http://(?:www\.)?tutor\.com/(contact-forms/|favicon\.ico|get-started(?:$|[?/])|images/|(?:Script|Web)Resource\.axd|scripts/|styles/)"
@@ -19,4 +24,4 @@
 	<rule from="^http://media\.tutor\.com/"
 		to="https://media.tutor.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Tutorialspoint.xml b/src/chrome/content/rules/Tutorialspoint.xml
new file mode 100644
index 000000000000..24e47a23f60d
--- /dev/null
+++ b/src/chrome/content/rules/Tutorialspoint.xml
@@ -0,0 +1,12 @@
+<!--
+	Mismatch: codingground.tutorialspoint.com
+
+-->
+<ruleset name="Tutorialspoint (partial)">
+
+	<target host="tutorialspoint.com"/>
+	<target host="www.tutorialspoint.com"/>
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TutsPlus.com.xml b/src/chrome/content/rules/TutsPlus.com.xml
new file mode 100644
index 000000000000..d5f175f850b5
--- /dev/null
+++ b/src/chrome/content/rules/TutsPlus.com.xml
@@ -0,0 +1,56 @@
+<!--
+	For other Envato coverage, see Envato.com.xml.
+
+
+	Nonfunctional subdomains:
+
+		- business *
+		- code *
+		- design *
+
+	* Redirect to http, valid cert
+
+
+	Fully covered subdomains:
+
+		- cms-assets
+		- jobs
+		- static
+		- support
+		- www
+
+-->
+<ruleset name="TutsPlus.com (partial)">
+
+	<target host="tutsplus.com" />
+	<target host="business.tutsplus.com" />
+	<target host="cms-assets.tutsplus.com" />
+	<target host="code.tutsplus.com" />
+	<target host="design.tutsplus.com" />
+	<target host="jobs.tutsplus.com" />
+	<target host="static.tutsplus.com" />
+	<target host="support.tutsplus.com" />
+	<target host="www.tutsplus.com" />
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="^http://((?:business|code|design)\.)?tutsplus\.com/+($|\?)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://tutsplus\.com/+(?!favicon\.ico|sign_(?:in|up)(?:$|[?/]))" />
+		<exclusion pattern="^http://(?:business|code|design)\.tutsplus\.com/+(?!favicon\.ico)" />
+
+
+	<!--	Secured by server:
+					-->
+	<!--securecookie host="^jobs\.tutsplus\.com$" name="^_session_id$" /-->
+	<!--securecookie host="^support\.tutsplus\.com$" name="^(_help_center_session|_zendesk_session|_zendesk_shared_session)$" /-->
+
+	<securecookie host="^\.tutsplus\.com$" name="^__cfduid$" />
+	<!--securecookie host="^(?:w*\.)?tutsplus\.com$" name=".+" /-->
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Tux.Org.xml b/src/chrome/content/rules/Tux.Org.xml
index 76a4e2eabdcd..14af635b7b67 100644
--- a/src/chrome/content/rules/Tux.Org.xml
+++ b/src/chrome/content/rules/Tux.Org.xml
@@ -1,15 +1,19 @@
 <!--
-	Nonfunctional subdomains:
+	Invalid certificate:
+		mx.tux.org
+		smtp.tux.org
 
-		- (www.)	(dropped)
+	No working URL known:
+		git.tux.org
+		mail.tux.org
 
 -->
-<ruleset name="Tux.Org (partial)" default_off="self-signed">
+<ruleset name="Tux.org" default_off="expired">
 
-	<target host="calypso.tux.org" />
+	<target host="tux.org" />
+	<target host="www.tux.org" />
 
+	<rule from="^http:"
+		to="https:" />
 
-	<rule from="^http://calypso\.tux\.org/"
-		to="https://calypso.tux.org/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/TuxFamily.org.xml b/src/chrome/content/rules/TuxFamily.org.xml
index 4237c6e2cfde..49c1b551fe24 100644
--- a/src/chrome/content/rules/TuxFamily.org.xml
+++ b/src/chrome/content/rules/TuxFamily.org.xml
@@ -1,60 +1,422 @@
+
 <!--
-	Nonfunctional domains:
+Disabled by https-everywhere-checker because:
+Fetch error: http://svnweb.tuxfamily.org/ => https://svnweb.tuxfamily.org/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://mdx.tuxfamily.org/ => https://mdx.tuxfamily.org/: (60, 'SSL certificate problem: self signed certificate')
+
+	For rules causing false/broken MCB, see tuxfamily.org-falsemixed.xml.
+
+	Other TuxFamily rulesets:
+
+		- tuxfamily.net.xml
+
+
+forum.asri.edu.tuxfamily.org ¹
+eelo.lgm.tuxfamily.org ¹
+wiki.hnm.tuxfamily.org ¹
+
+tuxfamily.net ¹
+www.tuxfamily.net ¹
+panel.tuxfamily.net ¹
+malibu.tuxfamily.net ¹
+armagnac.tuxfamily.net ¹
+download.tuxfamily.net ¹
+games.tuxfamily.net ³
+absinthe.tuxfamily.net ¹
+misc.tuxfamily.net ¹
+downloads.tuxfamily.net ¹
+free.downloads.tuxfamily.net ¹
+downloads.geo.tuxfamily.net ¹
+pics.glx-dock.org ³
+
+¹ mismatch
+³ timed out
+
+
+	Nonfunctional hosts in *tuxfamily.org:
+
+		- lists ᵈ
+
+	ᵈ Dropped
+
+
+	Problematic hosts in *tuxfamily.org:
+
+		- www.(project_vhost) ᵐ
+		- blenderclan ˣ
+		- bugparis ˣ
+		- celmir ˣ
+		- 2011.donation ᵐ
+		- feeblemind ˣ
+		- ffdiaporama ˣ
+		- www.flatland *
+		- fr.flightgear ᵐ
+		- gimpphoto ˣ
+		- wiki.l2tpipsecvpn ᵐ
+		- ivanlef0u **
+		- lebottindesjeuxlinux **
+		- non ˣ
+		- phoenixsuite **
+		- popaul77 ˣ
+		- blog.indiarosepub ᵐ ˣ
+		- scoretarot ˣ
+		- stickyvibe ˣ
+		- forum.toulonux ᵐ
+		- wiki.toulonux ᵐ
+		- avignu.wiki ᵐ
+		- xcfa ˣ
+		- forum.xmoto ᵐ
+		- wiki.xmoto ᵐ
+
+	* //foo redirects to p://www.foo
+	** Redirects to s://www.foo
+	ᵐ Mismatched
+	ˣ Mixed css, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
 
-		tuxfamily.net subdomains:
+		- audio-digital-nation.tuxfamily.org
+		- blendercave.tuxfamily.org
+		- blenderclan.tuxfamily.org
+		- celmir.tuxfamily.org
+		- duo.tuxfamily.org
+		- ekd.tuxfamily.org
+		- erika.tuxfamily.org
+		- ffdiaporama.tuxfamily.org
+		- forum.tuxfamily.org
+		- geotux.tuxfamily.org
+		- hoerbuecher.tuxfamily.org
+		- libregame.tuxfamily.org
+		- mdx.tuxfamily.org
+		- odp.tuxfamily.org
+		- pacmiam.tuxfamily.org
+		- .pasnox.tuxfamily.org
+		- scoretarot.tuxfamily.org
+		- sprouts.tuxfamily.org
+		- stuntrally.tuxfamily.org
+		- xmoto.tuxfamily.org
+		- tangostudio.tuxfamily.org
+		- toulonux.tuxfamily.org
+		- videoporama.tuxfamily.org
+		- webmail.tuxfamily.org
+		- xcfa.tuxfamily.org
+		- xmoto.tuxfamily.org
+		- forum.xmoto.tuxfamily.org
 
-			- download
-			- git		(times out)
-			- listengine	(cert: panel; shows panel's data)
-			- lists		(times out)
-			- projects	(cert: panel; shows panel's data)
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- iframe, on:
+
+			- ffdiaporama from www.dailymotion.com
+			- videoporama from www.youtube.com ˢ
+
+		- css, on:
+
+			- 0vercl0k, blenderclan, bugparis, celmir, eigen, feeblemind, ffdiaporama, gimpphoto, joliebulle, non, scoretarot, stickyvibe from $self ˢ
+			- alphaos, anoise, dka, erika, ffdiaporama, non, telegram from fonts.googleapis.com ˢ
+			- blog.indiarosepub from $self ᵐ
+			- xcfa from www.xcfa.tuxfamily.org ˢ
+
+		- Images, on:
+
+			- 0 from www.igh.cnrs.fr ˢ
+			- 0, antigoone, ffdiaporama, hatari, hoerbuecher, tehessin, wikiss, xlview from logo.tuxfamily.org ˢ
+			- 0vercl0k, blenderclan, celmir, coban, eigen, ella, erika, ffdiaporama, gimpphoto, joliebulle, librazik, non, pydhcplib, stickyvibe, stuntrally, wikiss from $self ˢ
+			- blendercave, denissalem, ella, libregame from download.tuxfamily.org ˢ
+			- bugparis from static1.purebreak.com ᵈ
+			- bugparis from img.soleil42.fr ᵐ
+			- bugparis from blenderclan.tuxfamily.org ˢ
+			- coban from www.sg-logiciels.fr ˢ
+			- edupython from prototheque.free.fr ᵈ
+			- epidermis, geotux from www.gravatar.com ˢ
+			- epidermis from faq.tuxfamily.org ˢ
+			- feeblemind from a1.twimg.com ˢ
+			- gimpphoto from i\d+.photobucket.com ˢ
+			- mdx from www.r-project.org ˢ
+			- odp from perso.univ-lemans.fr ᵈ
+			- ofrancois from www.danasoft.com
+			- ofrancois from www.tuxfamily.org ˢ
+			- popaul77 from www.popaul77.tuxfamily.org ˢ
+			- scplanet from www.fredrikolofsson.com
+			- scplanet from \d+.media.tumblr.com ˢ
+			- snk from tuxfamily.org ˢ
+			- tangostudio from mozshot.nemui.org ˢ
+			- tehessin from perso0.free.fr ʳ
+			- xcfa from www.xcfa.tuxfamily.org ˢ
+			- forum.xmoto from i.imgur.com ˢ
+
+		- Bugs, on:
+
+			- 0vercl0k from www.adobe.com ˢ
+			- blenderclan from statics.elephorm.com ᵃ
+			- eigen from stats.sylphide-consulting.com ᵈ
+			- gmfsamples from api.flattr.com ˢ
+			- gmfsamples from static.getclicky.com ˢ
+			- gmfsamples from sourceforge.net ˢ
+			- gmfsamples from logv\d+.xiti.com
+			- non, scoretarot from $self ˢ
+			- ofrancois, openag, tm290 from www.w3.org ˢ
+			- openag, tm290 from jigsaw.w3.org ˢ
+			- ffdiaporama, proaudio, tehessin, from i.creativecommons.org ˢ
+			- proaudio from licensebuttons.net ˢ
+			- stickyvibe from buzzbuttons.com ⁴
+			- tm290 from www.linux-on-laptops.com ⁴
+			- tm290 from tuxmobil.org ⁴
+
+	⁴ Unsecurable <= 404
+	ᵃ Unsecurable <= shows another domain
+	ᵈ unsecurable <= dropped
+	ᵐ Not secured by us <= mismatched
+	ʳ unsecurable <= refused
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="TuxFamily.org" default_off="mismatch, self-signed, may need more exclusions">
-
-	<!--	Cert: web.tuxfamily.net	-->
-	<target host="anwiki.com" />
-	<target host="*.anwiki.com" />
-	<target host="glx-dock.org" />
-	<target host="www.glx-dock.org" />
-	<target host="web.tuxfamily.net" />
+<ruleset name="TuxFamily.org (partial)" default_off="failed ruleset test">
+
+	<target host="tuxfamily.org" />
 	<target host="*.tuxfamily.org" />
-		<exclusion pattern="^http://(download|git|listengine|lists|projects)\.tuxfamily\.org/" />
-	<target host="bugs.vhffs.org" />
 
+		<exclusion pattern="^http://(?:(?!(?:www\.[^.]+|fr\.flightgear)\.tuxfamily\.org/)(?:[^./]+\.){2,}|(?:[^./]+\.){3,}|(?:www\.)?(?:blenderclan|bugparis|celmir|eigen|feeblemind|ffdiaporama|gimpphoto|ivanlef0u|joliebulle|lebottindesjeuxlinux|lists|non|0vercl0k|phoenixsuite|popaul77|scoretarot|stickyvibe|xcfa)\.|www\.flatland\.)tuxfamily\.org/" />
+
+			<!--	+ve:
+					-->
+			<test url="http://0vercl0k.tuxfamily.org/" />
+			<test url="http://blenderclan.tuxfamily.org/" />
+			<test url="http://bugparis.tuxfamily.org/" />
+			<test url="http://celmir.tuxfamily.org/" />
+			<test url="http://2011.donation.tuxfamily.org/" />
+			<test url="http://download.tuxfamily.org/" />
+			<test url="http://eigen.tuxfamily.org/" />
+			<test url="http://feeblemind.tuxfamily.org/" />
+			<test url="http://ffdiaporama.tuxfamily.org/" />
+			<test url="http://www.flatland.tuxfamily.org/" />
+			<test url="http://gimpphoto.tuxfamily.org/" />
+			<test url="http://blog.indiarosepub.tuxfamily.org/" />
+			<test url="http://ivanlef0u.tuxfamily.org/" />
+			<test url="http://joliebulle.tuxfamily.org/" />
+			<test url="http://wiki.l2tpipsecvpn.tuxfamily.org/" />
+			<test url="http://lebottindesjeuxlinux.tuxfamily.org/" />
+			<test url="http://www.lebottindesjeuxlinux.tuxfamily.org/" />
+			<test url="http://lists.tuxfamily.org/" />
+			<test url="http://non.tuxfamily.org/" />
+			<test url="http://phoenixsuite.tuxfamily.org/" />
+			<test url="http://popaul77.tuxfamily.org/" />
+			<test url="http://scoretarot.tuxfamily.org/" />
+			<test url="http://stickyvibe.tuxfamily.org/" />
+			<test url="http://forum.toulonux.tuxfamily.org/" />
+			<test url="http://wiki.toulonux.tuxfamily.org/" />
+			<test url="http://avignu.wiki.tuxfamily.org/" />
+			<test url="http://xcfa.tuxfamily.org/" />
+			<test url="http://forum.xmoto.tuxfamily.org/" />
+			<test url="http://wiki.xmoto.tuxfamily.org/" />
+			<test url="http://nothing.here.tuxfamily.org/" />
 
-	<securecookie host="^(.*\.)?anwiki\.com$" name=".*" />
-	<securecookie host="^glx-dock\.org$" name=".*" />
-	<securecookie host="^[\w\-]+\.tuxfamily\.org$" name=".*" />
-	<securecookie host="^bugs\.vhffs\.org$" name=".*" />
+		<test url="http://donation.tuxfamily.org/" />
+		<test url="http://download.tuxfamily.org/" />
+		<test url="http://faq.tuxfamily.org/" />
+		<test url="http://forum.tuxfamily.org/" />
+		<test url="http://git.tuxfamily.org/" />
+		<test url="http://listengine.tuxfamily.org/" />
+		<test url="http://logo.tuxfamily.org/" />
+		<test url="http://panel.tuxfamily.org/" />
+		<test url="http://projects.tuxfamily.org/" />
+		<test url="http://svnweb.tuxfamily.org/" />
+		<test url="http://webmail.tuxfamily.org/" />
+		<test url="http://www.tuxfamily.org/" />
 
+		<!--	(projects:) -->
+		<test url="http://0.tuxfamily.org/" />
+		<test url="http://3v1n0.tuxfamily.org/" />
+		<test url="http://actux.tuxfamily.org/" />
+		<test url="http://alasta.tuxfamily.org/" />
+		<test url="http://alphaos.tuxfamily.org/" />
+		<test url="http://amienspython.tuxfamily.org/" />
+		<test url="http://ampshell.tuxfamily.org/" />
+		<test url="http://andaris.tuxfamily.org/" />
+		<test url="http://anoise.tuxfamily.org/" />
+		<test url="http://antigoone.tuxfamily.org/" />
+		<test url="http://arkandis.tuxfamily.org/" />
+		<test url="http://aru2l.tuxfamily.org/" />
+		<test url="http://audio-digital-nation.tuxfamily.org/" />
+		<test url="http://bbclone.tuxfamily.org/" />
+		<test url="http://bbug.tuxfamily.org/" />
+		<test url="http://blendercave.tuxfamily.org/" />
+		<test url="http://bulkmailer.tuxfamily.org/" />
+		<test url="http://cgmail.tuxfamily.org/" />
+		<test url="http://chansonbech.tuxfamily.org/" />
+		<test url="http://chino.tuxfamily.org/" />
+		<test url="http://chrony.tuxfamily.org/" />
+		<test url="http://coban.tuxfamily.org/" />
+		<test url="http://cola.tuxfamily.org/" />
+		<test url="http://comicrevolt.tuxfamily.org/" />
+		<test url="http://cyloop.tuxfamily.org/" />
+		<test url="http://cytchinese.tuxfamily.org/" />
+		<test url="http://cytrussian.tuxfamily.org/" />
+		<test url="http://deckerix.tuxfamily.org/" />
+		<test url="http://denissalem.tuxfamily.org/" />
+		<test url="http://dka.tuxfamily.org/" />
+		<test url="http://docgmic.tuxfamily.org/" />
+		<test url="http://dsmltools.tuxfamily.org/" />
+		<test url="http://duo.tuxfamily.org/" />
+		<test url="http://edupython.tuxfamily.org/" />
+		<test url="http://ella.tuxfamily.org/" />
+		<test url="http://emftools.tuxfamily.org/" />
+		<test url="http://epidermis.tuxfamily.org/" />
+		<test url="http://ekd.tuxfamily.org/" />
+		<test url="http://erika.tuxfamily.org/" />
+		<test url="http://firegpg.tuxfamily.org/" />
+		<test url="http://flatland.tuxfamily.org/" />
+		<test url="http://flenglish.tuxfamily.org/" />
+		<test url="http://foldercolor.tuxfamily.org/" />
+		<test url="http://freegamearts.tuxfamily.org/" />
+		<test url="http://galette.tuxfamily.org/" />
+		<test url="http://gamedsl.tuxfamily.org/" />
+		<test url="http://geneweb.tuxfamily.org/" />
+		<test url="http://geotux.tuxfamily.org/" />
+		<test url="http://gimpons.tuxfamily.org/" />
+		<test url="http://gmfsamples.tuxfamily.org/" />
+		<test url="http://gnudroider.tuxfamily.org/" />
+		<test url="http://godotengine.tuxfamily.org/" />
+		<test url="http://graveman.tuxfamily.org/" />
+		<test url="http://gshutdown.tuxfamily.org/" />
+		<test url="http://gufw.tuxfamily.org/" />
+		<test url="http://halazoon.tuxfamily.org/" />
+		<test url="http://hatari.tuxfamily.org/" />
+		<test url="http://heraia.tuxfamily.org/" />
+		<test url="http://hoerbuecher.tuxfamily.org/" />
+		<test url="http://informathix.tuxfamily.org/" />
+		<test url="http://lavilladel6.tuxfamily.org/" />
+		<test url="http://lgm.tuxfamily.org/" />
+		<test url="http://libertempo.tuxfamily.org/" />
+		<test url="http://librazik.tuxfamily.org/" />
+		<test url="http://libregame.tuxfamily.org/" />
+		<test url="http://libremail.tuxfamily.org/" />
+		<test url="http://lmms.tuxfamily.org/" />
+		<test url="http://louvilug.tuxfamily.org/" />
+		<test url="http://malinuxtele.tuxfamily.org/" />
+		<test url="http://marinux.tuxfamily.org/" />
+		<test url="http://mathco.tuxfamily.org/" />
+		<test url="http://mathematix.tuxfamily.org/" />
+		<test url="http://mathsp.tuxfamily.org/" />
+		<test url="http://mdx.tuxfamily.org/" />
+		<test url="http://miniini.tuxfamily.org/" />
+		<test url="http://miniupnp.tuxfamily.org/" />
+		<test url="http://modnpds.tuxfamily.org/" />
+		<test url="http://mooouette.tuxfamily.org/" />
+		<test url="http://mpsi.tuxfamily.org/" />
+		<test url="http://multicd.tuxfamily.org/" />
+		<test url="http://netbootcd.tuxfamily.org/" />
+		<test url="http://odp.tuxfamily.org/" />
+		<test url="http://ofrancois.tuxfamily.org/" />
+		<test url="http://openag5.tuxfamily.org/" />
+		<test url="http://openplacos.tuxfamily.org/" />
+		<test url="http://ose.tuxfamily.org/" />
+		<test url="http://pacmiam.tuxfamily.org/" />
+		<test url="http://pasnox.tuxfamily.org/" />
+		<test url="http://passiongnulinux.tuxfamily.org/" />
+		<test url="http://pdsounds.tuxfamily.org/" />
+		<test url="http://piprim.tuxfamily.org/" />
+		<test url="http://planetalert.tuxfamily.org/" />
+		<test url="http://poddroid.tuxfamily.org/" />
+		<test url="http://pok.tuxfamily.org/" />
+		<test url="http://prefbar.tuxfamily.org/" />
+		<test url="http://pride.tuxfamily.org/" />
+		<test url="http://proaudio.tuxfamily.org/" />
+		<test url="http://py3exiv2.tuxfamily.org/" />
+		<test url="http://pydhcplib.tuxfamily.org/" />
+		<test url="http://pympdserver.tuxfamily.org/" />
+		<test url="http://pythonwifi.tuxfamily.org/" />
+		<test url="http://q3min.tuxfamily.org/" />
+		<test url="http://qelectrotech.tuxfamily.org/" />
+		<test url="http://rfakeap.tuxfamily.org/" />
+		<test url="http://rhinote.tuxfamily.org/" />
+		<test url="http://rho.tuxfamily.org/" />
+		<test url="http://runningtracker.tuxfamily.org/" />
+		<test url="http://sallu.tuxfamily.org/" />
+		<test url="http://sawfish.tuxfamily.org/" />
+		<test url="http://scplanet.tuxfamily.org/" />
+		<test url="http://setmetmojo.tuxfamily.org/" />
+		<test url="http://silente.tuxfamily.org/" />
+		<test url="http://simpleburn.tuxfamily.org/" />
+		<test url="http://snk.tuxfamily.org/" />
+		<test url="http://slackware-live.tuxfamily.org/" />
+		<test url="http://speakeasy.tuxfamily.org/" />
+		<test url="http://sprouts.tuxfamily.org/" />
+		<test url="http://starlightgraphics.tuxfamily.org/" />
+		<test url="http://stuntrally.tuxfamily.org/" />
+		<test url="http://synfig.tuxfamily.org/" />
+		<test url="http://tango.tuxfamily.org/" />
+		<test url="http://tangostudio.tuxfamily.org/" />
+		<test url="http://tangshi.tuxfamily.org/" />
+		<test url="http://taste.tuxfamily.org/" />
+		<test url="http://tehessin.tuxfamily.org/" />
+		<test url="http://telegram.tuxfamily.org/" />
+		<test url="http://texgraph.tuxfamily.org/" />
+		<test url="http://theglu.tuxfamily.org/" />
+		<test url="http://tlk.tuxfamily.org/" />
+		<test url="http://tm290.tuxfamily.org/" />
+		<test url="http://tng.tuxfamily.org/" />
+		<test url="http://toulonux.tuxfamily.org/" />
+		<test url="http://user42.tuxfamily.org/" />
+		<test url="http://vbaexpress.tuxfamily.org/" />
+		<test url="http://verac.tuxfamily.org/" />
+		<test url="http://videoporama.tuxfamily.org/" />
+		<test url="http://wifi-radar.tuxfamily.org/" />
+		<test url="http://wikiss.tuxfamily.org/" />
+		<test url="http://wipetools.tuxfamily.org/" />
+		<test url="http://xlogo.tuxfamily.org/" />
+		<test url="http://xlview.tuxfamily.org/" />
+		<!--
+		<test url="http://xmoto.tuxfamily.org/" />
+		<test url="http://zengamer.tuxfamily.org/" />
+		-->
 
-	<!--	Cert: web.tuxfamily.net	-->
-	<rule from="^https?://(?:(bugs\.|doc\.|forum\.)|www\.)?anwiki\.com/"
-		to="https://$1anwki.com/" />
+		<!--	Mixed image:
+					-->
+		<!--test url="http://stuntrally.tuxfamily.org/wiki/doku.php?id=features" /-->
 
-	<!--	Ditto.	-->
-	<rule from="^https?://(?:www\.)?glx-dock\.org/"
-		to="https://glx-dock.org/" />
+		<!--	Set cookie without Secure:
+							-->
+		<!--test url="http://erika.tuxfamily.org/forum/" /-->
+		<!--test url="http://hoerbuecher.tuxfamily.org/forum/" /-->
+		<!--test url="http://webmail.tuxfamily.org/squirrel/src/login.php" /-->
 
-	<!--	Secure 404!	-->
-	<rule from="^http://web\.tuxfamily\.net/"
-		to="https://web.tuxfamily.net/" />
 
-	<!--	- Projects have unique subdomains
-		- Those observed present a cert for web.tuxfamily.net
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^audio-digital-nation\.tuxfamily\.org$" name="^session_data$" /-->
+	<!--securecookie host="^(?:blendercave|blenderclan|celmir|ekd|forum|mdx|odp|pacmiam|scoretarot|videoporama|xcfa|xmoto|forum\.xmoto)\.tuxfamily\.org$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^duo\.tuxfamily\.org$" name="^xLanguage_$" /-->
+	<!--securecookie host="^(?:erika|hoerbuecher)\.tuxfamily\.org$" name="^phpbb3_\w+_(?:k|sid|u)$" /-->
+	<!--securecookie host="^ffdiaporama\.tuxfamily\.org$" name="^(?:PHPSESSID|qtrans_front_language)$" /-->
+	<!--securecookie host="^geotux\.tuxfamily\.org$" name="^(?:[\da-f]{32}|cip_vvisitcounter|jfcookie\[lang\])$" /-->
+	<!--securecookie host="^libregame\.tuxfamily\.org$" name="^(?:PHPSESSID|runs_before_js_detect)$" /-->
+	<!--securecookie host="^\.pasnox\.tuxfamily\.org$" name="^SESS[\da-f]{32}$" /-->
+	<!--securecookie host="^sprouts\.tuxfamily\.org$" name="^(?:DW[\da-f]{32}|DocuWiki)$" /-->
+	<!--securecookie host="^stuntrally\.tuxfamily\.org$" name="^CMSSESSID[\da-f]+$" /-->
+	<!--securecookie host="^tangostudio\.tuxfamily\.org$" name="^(?:[\da-f]{32}|jfcookie\[lang\])$" /-->
+	<!--securecookie host="^toulonux\.tuxfamily\.org$" name="^[\da-f]{32}$" /-->
+	<!--securecookie host="^webmail\.tuxfamily\.org$" name="^(?:SQMSESSID|roundcube_sessid)$" /-->
 
-		- Observed & working non-project subdomains:
+	<securecookie host=".+" name=".+" />
 
-			- faq
-			- logo
-			- panel
-				-->
-	<rule from="^http://([\w\-]+)\.tuxfamily\.org/"
+
+	<rule from="^http://www\.([^.]+)\.tuxfamily\.org/"
 		to="https://$1.tuxfamily.org/" />
 
-	<!--	Cert: web.tuxfamily.net	-->
-	<rule from="^http://bugs\.vhffs\.org/"
-		to="https://bugs.vhffs.org/" />
+		<test url="http://www.xmoto.tuxfamily.org/" />
+		<test url="http://www.zengamer.tuxfamily.org/" />
+
+	<rule from="^http://fr\.flightgear\.tuxfamily\.org/"
+		to="https://fr.flightgear.org/" />
+
+		<test url="http://fr.flightgear.tuxfamily.org/" />
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/TuxIC.nl.xml b/src/chrome/content/rules/TuxIC.nl.xml
new file mode 100644
index 000000000000..ae4dc925e73d
--- /dev/null
+++ b/src/chrome/content/rules/TuxIC.nl.xml
@@ -0,0 +1,16 @@
+<ruleset name="TuxIC.nl">
+
+	<target host="tuxic.nl" />
+	<target host="www.tuxic.nl" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?tuxic\.nl$" name="^(PHPSESSID|SQMSESSID)$" /-->
+
+	<securecookie host="^(?:www\.)?tuxic\.nl$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Tuxedocomputers.com.xml b/src/chrome/content/rules/Tuxedocomputers.com.xml
new file mode 100644
index 000000000000..98aeec921d94
--- /dev/null
+++ b/src/chrome/content/rules/Tuxedocomputers.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="Tuxedocomputers.com">
+	<target host="tuxedocomputers.com" />
+	<target host="www.tuxedocomputers.com" />
+
+	<securecookie host="^(www.)?tuxedocomputers\.com$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Tv-Release.xml b/src/chrome/content/rules/Tv-Release.xml
index f4c09f33d795..430c515df030 100644
--- a/src/chrome/content/rules/Tv-Release.xml
+++ b/src/chrome/content/rules/Tv-Release.xml
@@ -12,7 +12,7 @@
 	<securecookie host="^(?:www\.)?tv-release\.net$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?tv-release\.net/"
+	<rule from="^http://(?:www\.)?tv-release\.net/"
 		to="https://tv-release.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/TvTorrents.xml b/src/chrome/content/rules/TvTorrents.xml
deleted file mode 100644
index b6fec3feb5a2..000000000000
--- a/src/chrome/content/rules/TvTorrents.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="TvTorrents">
-
-	<target host="tvtorrents.com" />
-	<target host="*.tvtorrents.com" />
-
-
-	<rule from="^https?://([^/:@]+)?\.tvtorrents\.com/"
-		to="https://$1.tvtorrents.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Tvheadend.org.xml b/src/chrome/content/rules/Tvheadend.org.xml
new file mode 100644
index 000000000000..48b2563885e6
--- /dev/null
+++ b/src/chrome/content/rules/Tvheadend.org.xml
@@ -0,0 +1,18 @@
+<ruleset name="Tvheadend.org">
+
+	<target host="tvheadend.org" />
+	<target host="www.tvheadend.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.tvheadend\.org$" name="^(?:__cfduid|cf_clearance)$" /-->
+	<!--securecookie host="^(?:www\.)?tvheadend\.org$" name="^_redmine_session$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Tvp.pl.xml b/src/chrome/content/rules/Tvp.pl.xml
new file mode 100644
index 000000000000..306843e24f22
--- /dev/null
+++ b/src/chrome/content/rules/Tvp.pl.xml
@@ -0,0 +1,155 @@
+<!--
+	Active mixed content:
+		- abc.tvp.pl
+		- bawsieslowami.tvp.pl
+		- chopin2015.tvp.pl
+		- festiwalopole.tvp.pl
+		- halopolonia.tvp.pl
+		- krotkahistoria.tvp.pl
+		- magazynzameryki.tvp.pl
+		- magazynzwysp.tvp.pl
+		- oczywoczy.tvp.pl
+		- polonia24.tvp.pl
+		- racjastanu.tvp.pl
+		- rozmowapolonii.tvp.pl
+		- seriale.tvp.pl
+		- tvpkultura.tvp.pl
+		- tvp1.tvp.pl
+		- zziajani.tvp.pl
+		- wilnoteka.tvp.pl
+
+	Connection refused:
+		- ww21.tvp.pl
+
+	Invalid certificate:
+		- ciechocinek.tvp.pl
+		- manager.tvp.pl
+		- menedzer.tvp.pl
+		- sarnowek.tvp.pl
+		- telegazeta.tvp.pl
+
+	Redirects to HTTP:
+		- sport.tvp.pl
+
+	Wildcard certificate and DNS:
+		- *.tvp.pl: All work over HTTPS except for those listed above
+		- *.*.tvp.pl: None work over HTTPS except for www.vod.tvp.pl
+-->
+
+<ruleset name="Tvp.pl">
+	<target host="tvp.pl" />
+	<target host="www.tvp.pl" />
+	<target host="50plus.tvp.pl" />
+	<target host="60latlodz.tvp.pl" />
+	<target host="abonament.tvp.pl" />
+	<target host="agencitarczy.tvp.pl" />
+	<target host="akademia.tvp.pl" />
+	<target host="avod.tvp.pl" />
+	<target host="bakeoff.tvp.pl" />
+	<target host="beta.tvp.pl" />
+	<target host="bialystok.tvp.pl" />
+	<target host="bydgoszcz.tvp.pl" />
+	<target host="centruminformacji.tvp.pl" />
+	<target host="dladzieci.tvp.pl" />
+	<target host="dniotwarte.tvp.pl" />
+	<target host="dwateatry.tvp.pl" />
+	<target host="dystrybucja.tvp.pl" />
+	<target host="dziendobrypolsko.tvp.pl" />
+	<target host="edu.tvp.pl" />
+	<target host="ekoagent.tvp.pl" />
+	<target host="euro2012.tvp.pl" />
+	<target host="eurowizja.tvp.pl" />
+	<target host="extratime.tvp.pl" />
+	<target host="festiwalromow.tvp.pl" />
+	<target host="filmoteka.tvp.pl" />
+	<target host="fryderyki.tvp.pl" />
+	<target host="gdansk.tvp.pl" />
+	<target host="gorzow.tvp.pl" />
+	<target host="hd.tvp.pl" />
+	<target host="historia.tvp.pl" />
+	<target host="hithithurra.tvp.pl" />
+	<target host="iteatr.tvp.pl" />
+	<target host="jaknasodbierac.tvp.pl" />
+	<target host="kabaretop.tvp.pl" />
+	<target host="kabarety.tvp.pl" />
+	<target host="katowice.tvp.pl" />
+	<target host="kielce.tvp.pl" />
+	<target host="kliper.tvp.pl" />
+	<target host="kochamciepolsko.tvp.pl" />
+	<target host="komediowascenadwojki.tvp.pl" />
+	<target host="komunikaty.tvp.pl" />
+	<target host="krakow.tvp.pl" />
+	<target host="licencje.tvp.pl" />
+	<target host="lodz.tvp.pl" />
+	<target host="londyn2012.tvp.pl" />
+	<target host="lublin.tvp.pl" />
+	<target host="magazynekspresureporterow.tvp.pl" />
+	<target host="maklowiczwpodrozy.tvp.pl" />
+	<target host="mjakmilosc.tvp.pl" />
+	<target host="mundial2014.tvp.pl" />
+	<target host="nadobre.tvp.pl" />
+	<target host="nasygnale.tvp.pl" />
+	<target host="niepodleglapolska.tvp.pl" />
+	<target host="ojciecmateusz.tvp.pl" />
+	<target host="olsztyn.tvp.pl" />
+	<target host="omniesieniemartw.tvp.pl" />
+	<target host="opole.tvp.pl" />
+	<target host="panorama.tvp.pl" />
+	<target host="paraolimpiada2016.tvp.pl" />
+	<target host="playoutautomation.tvp.pl" />
+	<target host="polacypolakom.tvp.pl" />
+	<target host="polonia.tvp.pl" />
+	<target host="polskapomaga.tvp.pl" />
+	<target host="poznan.tvp.pl" />
+	<target host="przepisdnia.tvp.pl" />
+	<target host="przetargi.tvp.pl" />
+	<target host="psn.tvp.pl" />
+	<target host="pvr-152.tvp.pl" />
+	<target host="pytanienasniadanie.tvp.pl" />
+	<target host="ranczo.tvp.pl" />
+	<target host="reklamadzieciom.tvp.pl" />
+	<target host="rodzinka.tvp.pl" />
+	<target host="rolnikszukazony.tvp.pl" />
+	<target host="ropat.tvp.pl" />
+	<target host="rozrywka.tvp.pl" />
+	<target host="rsdt-waw201-67.tvp.pl" />
+	<target host="rsdt-waw301-163.tvp.pl" />
+	<target host="rzeszow.tvp.pl" />
+	<target host="s.tvp.pl" />
+	<target host="sales.tvp.pl" />
+	<target host="sdt-plix33-21.tvp.pl" />
+	<target host="sdt-plix43-43.tvp.pl" />
+	<target host="sklep.tvp.pl" />
+	<target host="slodkoiwytrawnie.tvp.pl" />
+	<target host="smolensk.tvp.pl" />
+	<target host="sportmikrocms.tvp.pl" />
+	<target host="strefaigrzyska.tvp.pl" />
+	<target host="swieta.tvp.pl" />
+	<target host="sylwester.tvp.pl" />
+	<target host="szczecin.tvp.pl" />
+	<target host="tanczacyznatura.tvp.pl" />
+	<target host="teleexpress.tvp.pl" />
+	<target host="tvp2.tvp.pl" />
+	<target host="tvp3.tvp.pl" />
+	<target host="tvprozrywka.tvp.pl" />
+	<target host="tvpstream.tvp.pl" />
+	<target host="tygodnik.tvp.pl" />
+	<target host="vod.tvp.pl" />
+	<target host="www.vod.tvp.pl" />
+	<target host="voice.tvp.pl" />
+	<target host="voicekids.tvp.pl" />
+	<target host="warszawa.tvp.pl" />
+	<target host="wiadomosci.tvp.pl" />
+	<target host="wiedza.tvp.pl" />
+	<target host="wielkietesty.tvp.pl" />
+	<target host="wielkitest.tvp.pl" />
+	<target host="wielkitestozdrowiu.tvp.pl" />
+	<target host="wielkitestzhistorii.tvp.pl" />
+	<target host="wieniawski2016.tvp.pl" />
+	<target host="wroclaw.tvp.pl" />
+	<target host="zatrzymajchwile.tvp.pl" />
+	<target host="zusbezgranic.tvp.pl" />
+	<target host="zycieodkuchni.tvp.pl" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Tvsupport.net.xml b/src/chrome/content/rules/Tvsupport.net.xml
index 70991b2b4203..496dfb08d16d 100644
--- a/src/chrome/content/rules/Tvsupport.net.xml
+++ b/src/chrome/content/rules/Tvsupport.net.xml
@@ -1,13 +1,13 @@
 <ruleset name="tvsupport.net">
 
 	<target host="tvsupport.net" />
-	<target host="*.tvsupport.net" />
+	<target host="help.tvsupport.net" />
+	<target host="www.tvsupport.net" />
 
 
 	<securecookie host="^(?:help\.|w*\.)?tvsupport\.net$" name=".+" />
 
 
-	<rule from="^http://(help\.|www\.)?tvsupport\.net/"
-		to="https://$1tvsupport.net/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Twattle.net.xml b/src/chrome/content/rules/Twattle.net.xml
new file mode 100644
index 000000000000..3a707c57d88f
--- /dev/null
+++ b/src/chrome/content/rules/Twattle.net.xml
@@ -0,0 +1,43 @@
+<!--
+	Problematic hosts:
+
+		- www *
+
+	* Redirect loop
+
+
+	Fully covered hosts:
+
+		- (www.)?	(www → ^)
+
+
+	Insecure cookies are set for these
+
+		- twattle.net
+
+-->
+<ruleset name="Twattle.net">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="twattle.net" />
+
+	<!--	Complications:
+				-->
+	<target host="www.twattle.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^twattle\.net$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^twattle\.net$" name=".+" />
+
+
+	<rule from="^http://www\.twattle\.net/"
+		to="https://twattle.net/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TweakHound.com.xml b/src/chrome/content/rules/TweakHound.com.xml
new file mode 100644
index 000000000000..854f241fd553
--- /dev/null
+++ b/src/chrome/content/rules/TweakHound.com.xml
@@ -0,0 +1,15 @@
+<ruleset name="TweakHound.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="tweakhound.com" />
+	<target host="www.tweakhound.com" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Tweakers.net.xml b/src/chrome/content/rules/Tweakers.net.xml
index 00eb936a9d49..f89ddad1f7cc 100644
--- a/src/chrome/content/rules/Tweakers.net.xml
+++ b/src/chrome/content/rules/Tweakers.net.xml
@@ -1,30 +1,35 @@
 <!--
 	Problematic domains:
 
-		- www.ic.tweakimg.net		(mismatched)
+		- www.ic.tweakimg.net *
 
+	* Mismatched
 
-	Mixed images from img.itbanen.nl
 
--->
-<ruleset name="Tweakers.net">
+	Mixed content:
 
-	<target host="tweakers.net" />
-	<target host="*.tweakers.net" />
-	<target host="tweakimg.net" />
-	<target host="*.tweakimg.net" />
+		- Images, from:
+
+			- itbanen.nl
+			- tweakimg.net *
+			- ic.tweakimg.net *
 
+	* Secured by us
 
-	<securecookie host="^\.tweakers\.net$" name=".+" />
+-->
+<ruleset name="Tweakers.net">
 
+	<target host="tweakimg.net" />
+	<target host="ic.tweakimg.net" />
+	<target host="www.tweakimg.net" />
+	<target host="www.ic.tweakimg.net" />
+		<!--
+			https://trac.torproject.org/projects/tor/ticket/8340
+										-->
+		<exclusion pattern="^http://(?:ic\.tweakimg)\.net/crossdomain\.xml$" />
 
-	<rule from="^http://(gathering\.|secure\.|www\.)?tweakers\.net/"
-		to="https://$1tweakers.net/" />
 
 	<rule from="^http://(?:www\.)?(ic\.)?tweakimg\.net/"
 		to="https://$1tweakimg.net/" />
 
-	<!-- https://trac.torproject.org/projects/tor/ticket/8340 -->
-	<exclusion pattern="^http://(?:tweakers|ic\.tweakimg)\.net/crossdomain\.xml$" />
-
 </ruleset>
diff --git a/src/chrome/content/rules/Tweegy.nl.xml b/src/chrome/content/rules/Tweegy.nl.xml
index 97b66781173d..2f5bc2ad84bb 100644
--- a/src/chrome/content/rules/Tweegy.nl.xml
+++ b/src/chrome/content/rules/Tweegy.nl.xml
@@ -1,11 +1,11 @@
-<ruleset name="tweegy.nl" default_off="self-signed">
+<ruleset name="Tweegy.nl">
 
-	<target host="tweegy.nl"/>
-	<target host="www.tweegy.nl"/>
+	<target host="tweegy.nl" />
+	<target host="www.tweegy.nl" />
 
-	<securecookie host="^tweegy\.nl$" name=".*"/>
+	<securecookie host="^tweegy\.nl$" name=".+" />
 
-	<rule from="^http://(?:www\.)?tweegy\.nl/"
-		to="https://tweegy.nl/"/>
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/TweetAdder.com.xml b/src/chrome/content/rules/TweetAdder.com.xml
new file mode 100644
index 000000000000..ec689f8717c2
--- /dev/null
+++ b/src/chrome/content/rules/TweetAdder.com.xml
@@ -0,0 +1,58 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.tweetadder.com/ => https://www.tweetadder.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.tweetadder.com'")
+
+	Nonfunctional subdomains:
+
+		- support *
+
+	* "There is no helpdesk here"
+
+
+	Insecure cookies are set for these hosts:
+
+		- tweetadder.com
+		- www.tweetadder.com
+
+-->
+<ruleset name="TweetAdder.com (partial)" default_off="failed ruleset test">
+
+	<target host="tweetadder.com" />
+	<!--target host="support.tweetadder.com" /-->
+	<target host="www.tweetadder.com" />
+		<!--
+			Redirects to http:
+						-->
+		<!--exclusion pattern="^http://tweetadder\.com/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://tweetadder\.com/(?!\d{4}/wp-content/|favicon\.ico|idevaffiliate(?:$|[?/])|wp-content/)" />
+
+			<test url="http://tweetadder.com/download/" />
+			<test url="http://tweetadder.com/forgot-registration-code/" />
+			<test url="http://tweetadder.com/purchase/" />
+			<test url="http://tweetadder.com/tutorial/" />
+			<test url="http://tweetadder.com/tweetadder-blog/" />
+			<test url="http://tweetadder.com/twitter-affiliate-program/" />
+			<test url="http://tweetadder.com/vpspartner.php" />
+
+			<!--	-ve:
+					-->
+			<test url="http://tweetadder.com/2014/wp-content/uploads/2014/04/macosx.png" />
+			<test url="http://tweetadder.com/favicon.ico" />
+			<test url="http://tweetadder.com/idevaffiliate" />
+			<test url="http://tweetadder.com/wp-content/themes/Avada/style.css" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?tweetadder\.com$" name="^(_s|PHPSESSID)$" /-->
+	<!--securecookie host="^tweetadder\.com$" name="^redirect_count$" /-->
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TweetDeck.xml b/src/chrome/content/rules/TweetDeck.xml
index 212065d45b6e..c266ac6a2145 100644
--- a/src/chrome/content/rules/TweetDeck.xml
+++ b/src/chrome/content/rules/TweetDeck.xml
@@ -1,7 +1,16 @@
-<ruleset name="Tweetdeck">
+<!--
+	For other Twitter coverage, see Twitter.xml.
+
+-->
+<ruleset name="TweetDeck.com">
+
+	<!--	Direct rewrites:
+				-->
   <target host="tweetdeck.com" />
   <target host="www.tweetdeck.com" />
 
-  <exclusion pattern="^http://support\.tweetdeck\.com/"/><!-- cert for wrong domain -->
-  <rule from="^http://(?:www\.)?tweetdeck\.com/" to="https://www.tweetdeck.com/"/>
+  <!--<exclusion pattern="^http://support\.tweetdeck\.com/"/--><!-- cert for wrong domain -->
+
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/TweetMeme.xml b/src/chrome/content/rules/TweetMeme.xml
deleted file mode 100644
index 1a3834f3a4b4..000000000000
--- a/src/chrome/content/rules/TweetMeme.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	tweetmeme.s3.amazonaws.com
-
--->
-<ruleset name="TweetMeme" default_off="expired, mismatch">
-
-	<target host="tweetmeme.com" />
-	<target host="*.tweetmeme.com" />
-
-
-	<!--	Cert: admin.tweetmeme.com	-->
-	<rule from="^https?://(?:(admin\.)|www\.)?tweetmeme\.com/"
-		to="https://$1tweetmeme.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/TweetReach.com.xml b/src/chrome/content/rules/TweetReach.com.xml
new file mode 100644
index 000000000000..95e708f67661
--- /dev/null
+++ b/src/chrome/content/rules/TweetReach.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Wildcard DNS and certificate.
+
+-->
+<ruleset name="TweetReach.com">
+
+	<target host="tweetreach.com" />
+	<target host="*.tweetreach.com" />
+
+		<test url="http://testurl1.tweetreach.com/" />
+		<test url="http://testurl2.tweetreach.com/" />
+		<test url="http://testurl3.tweetreach.com/" />
+		<test url="http://testurl4.tweetreach.com/" />
+
+		<test url="http://assets1.tweetreach.com/stylesheets/skeleton/layout.css" />
+		<test url="http://assets3.tweetreach.com/stylesheets/skeleton/skeleton.css" />
+		<test url="http://blog.tweetreach.com/" />
+		<test url="http://help.tweetreach.com/" />
+		<test url="http://latism.tweetreach.com/login" />
+
+	<securecookie host="^\.tweetreach\.com$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Twenga-Solutions.com.xml b/src/chrome/content/rules/Twenga-Solutions.com.xml
new file mode 100644
index 000000000000..c2d92a96883a
--- /dev/null
+++ b/src/chrome/content/rules/Twenga-Solutions.com.xml
@@ -0,0 +1,57 @@
+<!--
+	Other Twenga Solutions rulesets:
+
+		- C4tw.net.xml
+		- Twenga.com.xml
+
+
+	Problematic hosts in *twenga-solutions.com:
+
+		- go ᴾ
+
+	ᴾ Pardot/mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.twenga-solutions.com
+
+-->
+<ruleset name="Twenga-Solutions.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="twenga-solutions.com" />
+	<target host="www.twenga-solutions.com" />
+
+	<!--	Complications:
+				-->
+	<target host="go.twenga-solutions.com" />
+
+		<exclusion pattern="^http://go\.twenga-solutions\.com/+(?!l/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://go.twenga-solutions.com/en/contact-us" />
+			<test url="http://go.twenga-solutions.com/ECE15" />
+
+			<!--	-ve:
+					-->
+			<test url="http://go.twenga-solutions.com/l/103922/2015-09-08/gmm/103922/2284/form_responsive.css" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.twenga-solutions\.com$" name="^(?:RTS_SID|SERVERID|tws-lang)$" /-->
+
+	<securecookie host="^\." name="^_gat?$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://go\.twenga-solutions\.com/"
+		to="https://pi.pardot.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Twenga.com-falsemixed.xml b/src/chrome/content/rules/Twenga.com-falsemixed.xml
new file mode 100644
index 000000000000..54f15fc8b6ee
--- /dev/null
+++ b/src/chrome/content/rules/Twenga.com-falsemixed.xml
@@ -0,0 +1,17 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://blog.twenga.com/ => https://blog.twenga.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+	For rules not causing false/broken MCB, see Twenga.com.xml.
+
+-->
+<ruleset name="Twenga.com (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
+
+	<target host="blog.twenga.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Twenga.com.xml b/src/chrome/content/rules/Twenga.com.xml
new file mode 100644
index 000000000000..728ae35834a1
--- /dev/null
+++ b/src/chrome/content/rules/Twenga.com.xml
@@ -0,0 +1,73 @@
+<!--
+	For rules causing false/broken MCB, see Twenga.com-falsemixed.xml.
+
+	For other Twenga Solutions coverage, see Twenga-Solutions.com.xml.
+
+
+	(www.)?twenga.com: redirects to http (including login)
+
+
+	Problematic hosts in *twenga.com:
+
+		- blog ᵀ ˣ
+
+	ᵀ Tor users blocked
+	ˣ Mixed css from $self
+
+
+	Fully covered hosts in *twenga.com:
+
+		- dynstatic
+
+		- i\d+:
+
+			- i00
+			- i10
+			- i2[01]
+			- i7[01]
+
+		- r
+
+
+	Mixed content:
+
+		- css on blog from $self *
+		- Images on blog from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Twenga.com (partial)">
+
+	<target host="*.twenga.com" />
+
+		<!--	Avoid false/broken MCB:
+						-->
+		<exclusion pattern="^http://blog\.twenga\.com/+(?!wp-content/|wp-includes/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://blog.twenga.com/" />
+			<test url="http://blog.twenga.com/css.php" />
+			<test url="http://blog.twenga.com/css.php?ts=20180318" />
+			<test url="http://blog.twenga.com/wp-login.php" />
+
+		<test url="http://dynstatic.twenga.com/" /><!-- 403 Forbidden on Travis -->
+		<test url="http://i00.twenga.com/cms/img_75577.jpg" />
+		<test url="http://i20.twenga.com/jewelry/earrings/detachable-10-components-earrings-tp_2387598266290741051b.jpg" />
+		<test url="http://i21.twenga.com/jewelry/earrings/george-kovacs-earring-mini-tp_8713335219619646942b.jpg" />
+		<test url="http://i70.twenga.com/7/tp/46/78/7434967728580144678b.png" />
+		<test url="http://i71.twenga.com/7/tp/48/87/442124624375444887b.png" />
+		<test url="http://i71.twenga.com/7/tp/89/21/3800848892073818921b.png" />
+		<test url="http://r.twenga.com/" />
+
+
+	<!--	Tracking cookies set by r, not secured by server:
+									-->
+	<securecookie host="^\." name="^(?:TW_VISITOR_ID|WSID|twr)" />
+
+
+	<rule from="^http://(blog|dynstatic|i\d+|r)\.twenga\.com/"
+		to="https://$1.twenga.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Twiago.com.xml b/src/chrome/content/rules/Twiago.com.xml
new file mode 100644
index 000000000000..6e08a6139ed3
--- /dev/null
+++ b/src/chrome/content/rules/Twiago.com.xml
@@ -0,0 +1,16 @@
+<ruleset name="Twiago.com">
+
+	<target host="twiago.com" />
+	<target host="www.twiago.com" />
+	<target host="a.twiago.com" />
+	<target host="b.twiago.com" />
+	<target host="cdn.twiago.com" />
+	<target host="control.twiago.com" />
+	<target host="reco.twiago.com" />
+	<target host="sbtool.twiago.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Twiant.com.xml b/src/chrome/content/rules/Twiant.com.xml
deleted file mode 100644
index a48fe91d6826..000000000000
--- a/src/chrome/content/rules/Twiant.com.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	For other PlugRush coverage, see PlugRush.com.xml.
-
--->
-<ruleset name="twiant.com">
-
-	<target host="twiant.com" />
-	<target host="www.twiant.com" />
-
-
-	<rule from="^http://(www\.)?twiant\.com/"
-		to="https://$1twiant.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Twilio.xml b/src/chrome/content/rules/Twilio.xml
index 025e79998818..265d6e3abd10 100644
--- a/src/chrome/content/rules/Twilio.xml
+++ b/src/chrome/content/rules/Twilio.xml
@@ -1,13 +1,42 @@
-<ruleset name="Twilio">
+<!--
+	Nonfunctional hosts:
+
+		- status *
+
+	*Handshake fails
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- www.twilio.com
+		- .www.twilio.com
+
+-->
+<ruleset name="Twilio.com">
 
 	<target host="twilio.com" />
-	<target host="*.twilio.com" />
+	<target host="static0.twilio.com" />
+	<target host="static1.twilio.com" />
+	<target host="static2.twilio.com" />
+	<target host="static3.twilio.com" />
+	<target host="static4.twilio.com" />
+	<target host="static5.twilio.com" />
+	<target host="static6.twilio.com" />
+	<target host="static7.twilio.com" />
+	<target host="static8.twilio.com" />
+	<target host="static9.twilio.com" />
+	<target host="www.twilio.com" />
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.twilio\.com$" name="^X-Mapping-[a-z]{8}$" /-->
+	<!--securecookie host="^\.www\.twilio\.com$" name="^(tw-analytic-event|tw-errors|tw-flash-message|tw-product-signal|tw-signals|tw-values|tw-visitor)$" /-->
 
-	<securecookie host="^\.www\.twilio\.com$" name=".+" />
+	<securecookie host="^\.?www\.twilio\.com$" name=".+" />
 
 
-	<rule from="^http://(static\d\.|www\.)?twilio\.com/"
-		to="https://$1twilio.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Twimg.com.xml b/src/chrome/content/rules/Twimg.com.xml
new file mode 100644
index 000000000000..7bbaa0d008e8
--- /dev/null
+++ b/src/chrome/content/rules/Twimg.com.xml
@@ -0,0 +1,102 @@
+<!--
+	For other Twitter coverage, see Twitter.xml.
+
+
+	CDN buckets:
+
+		- twimg0-0.akamaihd.net
+
+		- d2rdfnizen5apl.cloudfront.net
+
+			- s.twimg.com
+
+
+	Problematic hosts:
+
+		- s *
+
+	* Cloudfront
+
+
+	Fully covered hosts:
+
+		- abs
+		- amp
+		- dnt
+		- ea
+		- g
+		- g2
+		- gu
+		- hca
+		- image-proxy-origin
+		- jp
+		- ma
+		- ma[0123]
+		- o
+		- p
+		- pbs
+		- r
+		- s	(→ d2rdfnizen5apl.cloudfront.net)
+		- syndication
+		- cdn.syndication
+		- syndication-o
+		- tailfeather
+		- ton
+		- widgets
+
+
+	^twimg.com: Dropped over http & https
+
+
+	These altnames don't exist:
+
+		- i3.twimg.com
+		- p-dev.twimg.com
+		- vmtc.twimg.com
+
+-->
+<ruleset name="Twimg.com">
+
+	<!--	Direct rewrites:
+					-->
+	<target host="abs.twimg.com" />
+		<test url="http://abs.twimg.com/favicons/favicon.ico" />
+	<target host="amp.twimg.com" />
+	<target host="dnt.twimg.com" />
+	<target host="ea.twimg.com" />
+	<target host="g.twimg.com" />
+	<target host="g2.twimg.com" />
+	<target host="gu.twimg.com" />
+	<target host="hca.twimg.com" />
+	<target host="image-proxy-origin.twimg.com" />
+	<target host="jp.twimg.com" />
+	<target host="ma.twimg.com" />
+	<target host="ma0.twimg.com" />
+	<target host="ma1.twimg.com" />
+	<target host="ma2.twimg.com" />
+	<target host="ma3.twimg.com" />
+	<target host="o.twimg.com" />
+	<target host="p.twimg.com" />
+	<target host="pbs.twimg.com" />
+		<test url="http://pbs.twimg.com/profile_images/877299816228835328/BzlF5IzF_400x400.jpg" />
+	<target host="r.twimg.com" />
+	<target host="syndication.twimg.com" />
+	<target host="syndication-o.twimg.com" />
+	<target host="cdn.syndication.twimg.com" />
+	<target host="tailfeather.twimg.com" />
+	<target host="ton.twimg.com" />
+	<target host="widgets.twimg.com" />
+
+	<!--	Special cases:
+				-->
+	<target host="s.twimg.com" />
+		<test url="http://s.twimg.com/business/twitter101forbusiness.pdf" />
+
+
+	<rule from="^http://s\.twimg\.com/"
+		to="https://d2rdfnizen5apl.cloudfront.net/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Twimler.com.xml b/src/chrome/content/rules/Twimler.com.xml
index 965f991596e9..94d3f5ffcac5 100644
--- a/src/chrome/content/rules/Twimler.com.xml
+++ b/src/chrome/content/rules/Twimler.com.xml
@@ -1,13 +1,12 @@
 <ruleset name="Twimler.com">
 
 	<target host="twimler.com" />
-	<target host="*.twimler.com" />
+	<target host="www.twimler.com" />
 
 
 	<securecookie host="^\.twimler\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?twimler\.com/"
-		to="https://$1twimler.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Twingly.xml b/src/chrome/content/rules/Twingly.xml
index f34dee8f6a6d..dfe78c9aec07 100644
--- a/src/chrome/content/rules/Twingly.xml
+++ b/src/chrome/content/rules/Twingly.xml
@@ -12,7 +12,6 @@
 	<securecookie host="^api\.twingly\.com$" name=".+" />
 
 
-	<rule from="^http://api\.twingly\.com/"
-		to="https://api.twingly.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Twinings.xml b/src/chrome/content/rules/Twinings.xml
index 348803dd5e2a..f19843ae3872 100644
--- a/src/chrome/content/rules/Twinings.xml
+++ b/src/chrome/content/rules/Twinings.xml
@@ -1,20 +1,13 @@
-<!--
-	Partially covered subdomains:
-
-		- shop		(at least some pages redirect to http)
-
--->
-<ruleset name="Twinings (partial)">
+<ruleset name="Twinings">
 
 	<target host="twinings.co.uk" />
 	<target host="www.twinings.co.uk" />
-		<exclusion pattern="^http://shop.twinings.co.uk/(?!fileadmin/|shop/(?:media|skin)/)" />
-
-
-	<securecookie host="^(?:www\.)?twinings\.co\.uk$" name=".+" />
+	<target host="facebook.twinings.co.uk" />
+	<target host="shop.twinings.co.uk" />
+	<target host="trade.twinings.co.uk" />
 
+	<securecookie host="^(www\.)?twinings\.co\.uk$" name=".+" />
 
-	<rule from="^http://(shop\.|www\.)?twinings\.co\.uk/"
-		to="https://$1twinings.co.uk/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Twinprime.com.xml b/src/chrome/content/rules/Twinprime.com.xml
new file mode 100644
index 000000000000..0f498dfba573
--- /dev/null
+++ b/src/chrome/content/rules/Twinprime.com.xml
@@ -0,0 +1,24 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://twinprime.com/ => https://twinprime.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.twinprime.com/ => https://www.twinprime.com/: (28, 'Connection timed out after 20006 milliseconds')
+Fetch error: http://dashboard.twinprime.com/ => https://dashboard.twinprime.com/: (7, 'Failed to connect to dashboard.twinprime.com port 443: Connection timed out')
+Fetch error: http://support.twinprime.com/ => https://support.twinprime.com/: (28, 'Connection timed out after 20000 milliseconds')
+
+
+	Problematic domains:
+
+		- engineering.twinprime.com (certificate mismatch)
+		- go.twinprime.com (certificate mismatch)
+
+-->
+<ruleset name="Twinprime.com" default_off="failed ruleset test">
+	<target host="twinprime.com" />
+	<target host="www.twinprime.com" />
+
+	<target host="dashboard.twinprime.com" />
+	<target host="support.twinprime.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TwinsOrNot.Net.xml b/src/chrome/content/rules/TwinsOrNot.Net.xml
new file mode 100644
index 000000000000..72357511b5b3
--- /dev/null
+++ b/src/chrome/content/rules/TwinsOrNot.Net.xml
@@ -0,0 +1,17 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://twinsornot.net/ => https://twinsornot.net/: (7, 'Failed to connect to twinsornot.net port 443: Connection timed out')
+
+	For other Microsoft coverage, see Microsoft.xml.
+-->
+
+<ruleset name="TwinsOrNot.Net" default_off="failed ruleset test">
+	<target host=    "twinsornot.net" />
+	<target host="www.twinsornot.net" />
+
+  	<securecookie host="^.*\.twinsornot\.net$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Twisp.xml b/src/chrome/content/rules/Twisp.xml
deleted file mode 100644
index ef56324e21b8..000000000000
--- a/src/chrome/content/rules/Twisp.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<ruleset name="twisp">
-
-	<target host="twisp.*" />
-	<target host="*.twisp.io" />
-	<target host="*.twisp.ly" />
-	<target host="*.twisp.me" />
-
-
-	<securecookie host="^(?:w*\.)?twisp\.(?:io|ly|me)$" name=".+" />
-
-
-	<rule from="^http://(www\.)?twisp\.(io|ly|me)/"
-		to="https://$1twisp.$2/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Twistage.xml b/src/chrome/content/rules/Twistage.xml
index 9e16bccfd66d..d8ad3995befd 100644
--- a/src/chrome/content/rules/Twistage.xml
+++ b/src/chrome/content/rules/Twistage.xml
@@ -24,7 +24,6 @@
 	<securecookie host="^console\.twistage\.com$" name=".+" />
 
 
-	<rule from="^http://console\.twistage\.com/"
-		to="https://console.twistage.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Twisted4Life.xml b/src/chrome/content/rules/Twisted4Life.xml
index 66c66f15c2b8..67df068aacb1 100644
--- a/src/chrome/content/rules/Twisted4Life.xml
+++ b/src/chrome/content/rules/Twisted4Life.xml
@@ -1,8 +1,15 @@
-<ruleset name="Twisted4Life">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://twisted4life.com/ => https://twisted4life.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.twisted4life.com/ => https://www.twisted4life.com/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="Twisted4Life" default_off="failed ruleset test">
   <target host="twisted4life.com" />
   <target host="www.twisted4life.com" />
 
-  <securecookie host="^(.+\.)?twisted4life\.com$" name=".*"/>
+  <securecookie host=".+" name=".+" />
 
-  <rule from="^http://((?:www\.)?twisted4life\.com)/" to="https://$1/"/>
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/TwistedMatrix.xml b/src/chrome/content/rules/TwistedMatrix.xml
index f150b243e50b..1f2070188392 100644
--- a/src/chrome/content/rules/TwistedMatrix.xml
+++ b/src/chrome/content/rules/TwistedMatrix.xml
@@ -1,36 +1,64 @@
-<ruleset name="TwistedMatrix">
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://java.twistedmatrix.com/ => https://java.twistedmatrix.com/: (51, "SSL: no alternative certificate subject name matches target host name 'java.twistedmatrix.com'")
+Fetch error: http://saph.twistedmatrix.com/ => https://saph.twistedmatrix.com/: (51, "SSL: no alternative certificate subject name matches target host name 'saph.twistedmatrix.com'")
+Fetch error: http://speed.twistedmatrix.com/ => https://speed.twistedmatrix.com/: (51, "SSL: no alternative certificate subject name matches target host name 'speed.twistedmatrix.com'")
+
 	As of 2012-06-11, known unprotected subdomains are...
-        Using ghs-ssl.googlehosted.com certificate:
-        - glyph
-        - washort
-        - labs
-        - radix
-        Using *.ik.nu certificate:
-        - planet
-        Not listening on HTTPS:
-        - svn
-        - cvs
-        - wolfwood
-        Non-web/unused subdomains:
-        - ftp
-        - mail
-        - smtp
-        - oloid
-        - irc
-        - projects
-        - xpdev
+
+	Using ghs-ssl.googlehosted.com certificate:
+
+		- washort
+		- labs
+		- radix
+
+	Using *.ik.nu certificate:
+
+		- planet
+
+	Not listening on HTTPS:
+
+		- svn
+		- cvs
+		- wolfwood
+
+	Non-web/unused subdomains:
+
+		- ftp
+		- mail
+		- smtp
+		- oloid
+		- irc
+		- projects
+		- xpdev
+
+
+	Problematic hosts in *twistedmatrix.com:
+
+		- buildbot *
+
+	* Mismatched, CN: www.twistedmatrix.com
+
 -->
-  <target host="twistedmatrix.com" />
-  <target host="www.twistedmatrix.com" />
-  <target host="buildbot.twistedmatrix.com" />
-  <target host="java.twistedmatrix.com" />
-  <target host="saph.twistedmatrix.com" />
-  <target host="speed.twistedmatrix.com" />
-
-  <rule from="^http://(www\.)?twistedmatrix\.com/"
-          to="https://twistedmatrix.com/" />
-
-  <rule from="^http://(java|saph|speed)\.twistedmatrix\.com/"
-          to="https://$1.twistedmatrix.com/" />
+<ruleset name="TwistedMatrix.com" default_off="failed ruleset test">
+
+	<target host="twistedmatrix.com" />
+	<target host="glyph.twistedmatrix.com" />
+	<target host="java.twistedmatrix.com" />
+	<target host="saph.twistedmatrix.com" />
+	<target host="speed.twistedmatrix.com" />
+	<target host="www.twistedmatrix.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^twistedmatrix\.com$" name="(trac_form_token|trac_session)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/TwitCasting.tv.xml b/src/chrome/content/rules/TwitCasting.tv.xml
new file mode 100644
index 000000000000..a7c81bd3d206
--- /dev/null
+++ b/src/chrome/content/rules/TwitCasting.tv.xml
@@ -0,0 +1,20 @@
+<!--
+	Note: *.twitcasting.tv has a wildcard DNS record and certificate.
+
+	Non-functional hosts:
+		Refused:
+		- movie.twitcasting.tv
+-->
+<ruleset name="TwitCasting.tv">
+	<target host="twitcasting.tv" />
+	<target host="www.twitcasting.tv" />
+	<target host="en.twitcasting.tv" />
+	<target host="es.twitcasting.tv" />
+	<target host="ja.twitcasting.tv" />
+	<target host="pt.twitcasting.tv" />
+	<target host="ssl.twitcasting.tv" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TwitCasting.xml b/src/chrome/content/rules/TwitCasting.xml
deleted file mode 100644
index b740ce61d5e8..000000000000
--- a/src/chrome/content/rules/TwitCasting.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<ruleset name="TwitCasting (partial)">
-
-	<target host="twitcasting.tv" />
-	<target host="*.twitcasting.tv" />
-
-
-	<!--	(www.), and cc don't match cert,
-		but these data are on ssl.	-->
-	<rule from="^http://(?:en\.|ja\.|pt\.|www\.)?twitcasting\.tv/(css|img|swf)/"
-		to="https://ssl.twitcasting.tv/$1/" />
-
-	<!--	Same story for movie.	-->
-	<rule from="^http://(?:movie|ssl)\.twitcasting\.tv/"
-		to="https://$1.twitcasting.tv/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/TwitRSS.me.xml b/src/chrome/content/rules/TwitRSS.me.xml
new file mode 100644
index 000000000000..1e203189a1d0
--- /dev/null
+++ b/src/chrome/content/rules/TwitRSS.me.xml
@@ -0,0 +1,8 @@
+<ruleset name="TwitRSS.me">
+
+	<target host="twitrss.me" />
+	<target host="www.twitrss.me" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Twitch.tv.xml b/src/chrome/content/rules/Twitch.tv.xml
new file mode 100644
index 000000000000..9f95382f71f9
--- /dev/null
+++ b/src/chrome/content/rules/Twitch.tv.xml
@@ -0,0 +1,50 @@
+<!--
+	Non-functional hosts
+		Timeout was reached:
+			 - cs.twitch.tv
+			 - justin.tv
+			 - secure.justin.tv
+			 - www.justin.tv
+			 - science.twitch.tv
+			 - darklaunch.tmi.twitch.tv
+
+		Connection closed:
+			 - link.twitch.tv
+-->
+
+<ruleset name="Twitch.tv">
+	<!-- *jtvnw.net -->
+	<target host="s.jtvnw.net" />
+	<target host="static-cdn.jtvnw.net" />
+	<target host="www-cdn.jtvnw.net" />
+	<target host="web-cdn.ttvnw.net" />
+
+	<!-- *ttvnm.net -->
+	<target host="*.hls.ttvnw.net" />
+		<test url="http://video-edge-d59500.iad03.hls.ttvnw.net/" />
+		<test url="http://vod.edgecast.hls.ttvnw.net/" />
+		<test url="http://vod.l3.hls.ttvnw.net/" />
+	<target host="usher.ttvnw.net" />
+
+	<!-- *twitch.tv -->
+	<target host="twitch.tv" />
+	<target host="www.twitch.tv" />
+	<target host="api.twitch.tv" />
+	<target host="blog.twitch.tv" />
+	<target host="chatdepot.twitch.tv" />
+	<target host="client-event-reporter.twitch.tv" />
+	<target host="clips.twitch.tv" />
+	<target host="dev.twitch.tv" />
+	<target host="discuss.dev.twitch.tv" />
+	<target host="help.twitch.tv" />
+	<target host="minixperiment.twitch.tv" />
+	<target host="passport.twitch.tv" />
+	<target host="player.twitch.tv" />
+	<target host="pubster.twitch.tv" />
+	<target host="pubsub-edge.twitch.tv" />
+	<target host="secure.twitch.tv" />
+	<target host="spade.twitch.tv" />
+	<target host="tmi.twitch.tv" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Twitch_Installs.com.xml b/src/chrome/content/rules/Twitch_Installs.com.xml
new file mode 100644
index 000000000000..db91d71f00a1
--- /dev/null
+++ b/src/chrome/content/rules/Twitch_Installs.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .twitchinstalls.com
+
+-->
+<ruleset name="Twitch Installs.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="twitchinstalls.com" />
+	<target host="www.twitchinstalls.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.twitchinstalls\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Twitpic.xml b/src/chrome/content/rules/Twitpic.xml
index 5c119899f6af..e5c5638435a4 100644
--- a/src/chrome/content/rules/Twitpic.xml
+++ b/src/chrome/content/rules/Twitpic.xml
@@ -1,13 +1,40 @@
-<!-- Image contents may be protected via S3 rule?
+<!--
+	For other Twitter coverage, see Twitter.xml.
+
+
+	Image contents may be protected via S3 rule?
+
+
+	CDN buckets:
+
+		- d3j5vwomefv46c.cloudfront.net
+
+
+	Problematic hosts:
+
+		- blog *
+
+	* Mismatched
+
+
+	Insecure cookies are set for these domains:
+
+		- .twitpic.com
 
-	d3j5vwomefv46c.cloudfront.net
 -->
-<ruleset name="TwitPic" platform="mixedcontent">
-  <target host="twitpic.com" />
-	<!--	* for cross-domain cookie	-->
-	<target host="*.twitpic.com" />
+<ruleset name="Twitpic.com (partial)">
+
+	<target host="twitpic.com" />
+	<target host="www.twitpic.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.twitpic\.com$" name="^twitpic1$" /-->
+
+	<securecookie host="^\.twitpic\.com$" name=".+" />
 
-	<securecookie host="^\.twitpic\.com$" name=".*"/>
 
-  <rule from="^http://(?:www\.)?twitpic\.com/" to="https://twitpic.com/"/>
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Twitter-Counter.xml b/src/chrome/content/rules/Twitter-Counter.xml
index d4e11192870d..c8c4e5f2f889 100644
--- a/src/chrome/content/rules/Twitter-Counter.xml
+++ b/src/chrome/content/rules/Twitter-Counter.xml
@@ -1,25 +1,26 @@
 <!--
-	Nonfunctional subdomains
+ 	Problematic hosts in *twittercounter.com:
 
-		- cdn	(cert: *.userzoom.com; 403)
+ 		- help ᵐ
+		- press ᵐ
+		- styleguide ³
+
+	ᵐ Mismatched
+	³: Serves different content on http/https
 
 -->
-<ruleset name="Twitter Counter (partial)">
+<ruleset name="Twitter Counter">
 
 	<target host="twittercounter.com" />
+	<target host="api.twittercounter.com" />
+	<target host="auth.twittercounter.com" />
+	<target host="blog.twittercounter.com" />
+	<target host="button.twittercounter.com" />
+	<target host="cdn.twittercounter.com" />
+	<target host="static.twittercounter.com" />
 	<target host="www.twittercounter.com" />
 
-
-	<!--	- embed/: tracking beacon
-		- Cert only matches //twittercounter.com.
-		- $ 301s to http
-		- lists/ 301s to http
-		- pages/ 301s to http
-		- cdn cert: *.userzoom.com
-		- cdn 403s
-		- when rewritten from cdn, images/ 301s to http
-					-->
-	<rule from="^https?://(?:www\.)?twittercounter\.com/((?:blog|embed)(?:$|[\?/]))"
-		to="https://twittercounter.com/$1" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Twitter.xml b/src/chrome/content/rules/Twitter.xml
index 906ac7423ac2..fee03382ff9b 100644
--- a/src/chrome/content/rules/Twitter.xml
+++ b/src/chrome/content/rules/Twitter.xml
@@ -1,147 +1,160 @@
 <!--
-	Nonfunctional domains:
+	Other Twitter rulesets:
 
-		- blog.twitter.com		(hosted on Blogger)
-		- engineering.twitter.com	(hosted on Blogger; interrupted)
-		- status.twitter.com
-		- status.twitter.jp
+		- ads-twitter.com.xml
+		- Digits.com.xml
+		- T.co.xml
+		- Twimg.com.xml
+		- Twitter_Community.com.xml
+		- Twitter_Inc.com.xml
+		- Vine.co.xml
 
 
 	CDN buckets:
 
 		- a1095.g.akamai.net/=/1095/134446/1d/platform.twitter.com/ | platform2.twitter.com.edgesuite.net
-
-			- platform2.twitter.com
-
 		- twitter-any.s3.amazonaws.com
 		- twitter-blog.s3.amazonaws.com
 
-		- d2rdfnizen5apl.cloudfront.net
-
-			- s.twimg.com
-
 		- ssl2.twitter.com.edgekey.net
 		- twitter.github.com
 
 
-	Problematic domains:
-
-		- twimg.com subdomains:
-
-			- a[12]		(mismatched, CN: gp1.wac.edgecastcdn.net)
-			- a3 *
-			- a4		(mismatched, CN: si0.twimg.com)
-			- a5 *
-			- s		(cloudfront)
-
-		- twitter.com subdomains:
-
-			- urls.api *
-			- platform[0-3]		(403, akamai)
-			- anywhere.platform *
-			- widgets.platform	(mismatched, CN: si0.twimg.com)
-
-	* akamai
-
-
-	Fully covered domains:
-
-		- (www.)t.co		(www → ^)
-
-		- twimg.com subdomains:
-
-			- a\d		(→ si0)
-			- abs
-			- ea
-			- g
-			- gu
-			- hca
-			- jp
-			- ma
-			- ma[0123]
-			- o
-			- p
-			- pbs
-			- r
-			- s		(→ d2rdfnizen5apl.cloudfront.net)
-			- si[0-5]
-			- syndication
-			- cdn.syndication
-			- widgets
-
-		- twitter.com subdomains:
-
-			- (www.)
-			- 201[012]
-			- ads
-			- api
-			- cdn.api
-			- urls.api	(→ cdn.api)
-			- business
-			- preview.cdn
-			- preview-dev.cdn
-			- preview-stage.cdn
-			- de
-			- dev
-			- en
-			- es
-			- firefox
-			- fr
-			- it
-			- ja
-			- jp
-			- m
-			- media
-			- mobile
-			- music
-			- oauth
-			- p
-			- platform
-			- platform[0-3]		(→ platform)
-			- anywhere.platform	(→ platform)
-			- widgets.platform	(→ platform)
-			- search
-			- static
-			- support
-			- transparency
-			- upload
+	Nonfunctional domains:
+
+		- status.twitter.com ¹
+		- status.twitter.jp *
+
+	¹ 404
+	* Tumblr
+
+
+	Problematic hosts in *twitter.com:
+
+		- app.tweet *
+		- widgets.platform *
+
+	* Mismatched
+
+
+	Observed hosts in *twitter.com:
+
+		- (www.)?
+		- 201[0-4]
+		- about
+		- ads
+		- analytics
+		- api
+		- cdn.api
+		- urls.api
+		- urls-real.api
+		- apps
+		- blog
+		- business
+		- cards-dev
+		- cert
+		- dev
+		- engineering
+		- firefox
+		- m
+		- media
+		- mobile
+		- music
+		- partnerstream[12]
+		- pay
+		- pic
+		- platform
+		- widgets.platform
+		- s
+		- search
+		- sitestream
+		- static
+		- stream
+		- support
+		- syndication
+		- cdn.syndication
+		- transparency
+		- upload
+		- userstream
+
+
+	These altnames don't exist:
+
+		- cdn-dev.api.twitter.com
+		- preview.cdn.twitter.com
+		- syndication-o.twitter.com
+
+
+	Insecure cookies are set for these domains:
+
+		- twitter.com
+		- .twitter.com
+		- mobile.twitter.com
 
 -->
-<ruleset name="Twitter">
+<ruleset name="Twitter.com">
 
-	<target host="t.co" />
-	<target host="*.t.co" />
-	<target host="*.twimg.com" />
+	<!--	Direct rewrites:
+					-->
 	<target host="twitter.com" />
 	<target host="*.twitter.com" />
 
-
-	<securecookie host="^\.t\.co$" name=".+" />
-	<securecookie host="^(?:.*\.)?twitter\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?t\.co/"
-		to="https://t.co/" />
-
-	<rule from="^http://a\d\.twimg\.com/"
-		to="https://si0.twimg.com/" />
-
-	<rule from="^http://(abs|ea|gu?|hca|jp|ma\d?|o|p|pbs|r|si\d|(?:cdn\.)?syndication|widgets)\.twimg\.com/"
-		to="https://$1.twimg.com/" />
-
-	<rule from="^http://s\.twimg\.com/"
-		to="https://d2rdfnizen5apl.cloudfront.net/" />
-
-	<rule from="^http://((?:201\d|ads|(?:cdn\.)?api|business|preview(?:-dev|-stage)?\.cdn|de|dev|en|es|firefox|fr|it|ja|jp|m|media|mobile|music|oauth|p|platform|search|static|support|transparency|upload|www)\.)?twitter\.com/"
-		to="https://$1twitter.com/" />
-
-	<rule from="^http://urls\.api\.twitter\.com/"
-		to="https://cdn.api.twitter.com/" />
-
-	<rule from="^http://(?:blo|engineerin)g\.twitter\.com/favicon\.ico"
-		to="https://www.blogger.com/favicon.ico"/>
-
-	<rule from="^http://(?:anywhere\.|widgets\.)?platform\d?\.twitter\.com/"
-		to="https://platform.twitter.com/" />
+		<test url="http://2010.twitter.com/" />
+		<test url="http://2011.twitter.com/" />
+		<test url="http://2012.twitter.com/" />
+		<test url="http://2013.twitter.com/" />
+		<test url="http://2014.twitter.com/" />
+		<test url="http://about.twitter.com/" />
+		<test url="http://ads.twitter.com/" />
+		<test url="http://analytics.twitter.com/" />
+		<test url="http://apps.twitter.com/" />
+		<test url="http://blog.twitter.com/" />
+		<test url="http://api.twitter.com/" />
+		<test url="http://business.twitter.com/" />
+		<test url="http://dev.twitter.com/" />
+		<test url="http://engineering.twitter.com/" />
+		<test url="http://firefox.twitter.com/" />
+		<test url="http://m.twitter.com/" />
+		<test url="http://media.twitter.com/" />
+		<test url="http://mobile.twitter.com/" />
+		<test url="http://music.twitter.com/" />
+		<test url="http://partnerstream1.twitter.com/" />
+		<test url="http://partnerstream2.twitter.com/" />
+		<test url="http://pay.twitter.com/" />
+		<test url="http://pic.twitter.com/" />
+		<test url="http://platform.twitter.com/" />
+		<test url="http://s.twitter.com/" />
+		<test url="http://search.twitter.com/" />
+		<test url="http://sitestream.twitter.com/" />
+		<test url="http://static.twitter.com/" />
+		<test url="http://stream.twitter.com/" />
+		<test url="http://support.twitter.com/" />
+		<test url="http://syndication.twitter.com/" />
+		<test url="http://cdn.syndication.twitter.com/" />
+		<test url="http://transparency.twitter.com/" />
+		<test url="http://upload.twitter.com/" />
+		<test url="http://userstream.twitter.com/" />
+		<test url="http://www.twitter.com/" />
+
+		<exclusion pattern="^http://(?:status|app\.tweet|images\.tweet|click\.e|widgets\.platform)\.twitter\.com/" />
+
+			<test url="http://widgets.platform.twitter.com/" />
+			<test url="http://status.twitter.com/" />
+			<test url="http://app.tweet.twitter.com/" />
+			<test url="http://images.tweet.twitter.com/" />
+			<test url="http://click.e.twitter.com/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^twitter\.com$" name="^external_referer$" /-->
+	<!--securecookie host="^\.twitter\.com$" name="^(?:guest_id|pid)$" /-->
+	<!--securecookie host="^mobile\.twitter\.com$" name="^(?:req_country|req_country_code|req_ip)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Twitter_Community.com.xml b/src/chrome/content/rules/Twitter_Community.com.xml
new file mode 100644
index 000000000000..034df31d236f
--- /dev/null
+++ b/src/chrome/content/rules/Twitter_Community.com.xml
@@ -0,0 +1,14 @@
+<!--
+	For other Twitter coverage, see Twitter.xml.
+
+-->
+<ruleset name="Twitter Community.com">
+
+	<target host="twittercommunity.com" />
+	<target host="www.twittercommunity.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Twitter_Inc.com.xml b/src/chrome/content/rules/Twitter_Inc.com.xml
new file mode 100644
index 000000000000..6e4d022ad281
--- /dev/null
+++ b/src/chrome/content/rules/Twitter_Inc.com.xml
@@ -0,0 +1,13 @@
+<!--
+	For other Twitter coverage, see Twitter.xml.
+
+-->
+<ruleset name="Twitter Inc.com">
+
+	<target host="investor.twitterinc.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Twky.in.xml b/src/chrome/content/rules/Twky.in.xml
new file mode 100644
index 000000000000..0ca9582d5a80
--- /dev/null
+++ b/src/chrome/content/rules/Twky.in.xml
@@ -0,0 +1,20 @@
+<!--
+	Fully covered hosts:
+
+		- twky.in	(→ bit.ly)
+
+
+	www doesn't exist.
+
+-->
+<ruleset name="twky.in">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="twky.in" />
+
+
+	<rule from="^http://twky\.in/"
+		to="https://bit.ly/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Two-Seasons.xml b/src/chrome/content/rules/Two-Seasons.xml
index df5f68798254..88ffdba6f604 100644
--- a/src/chrome/content/rules/Two-Seasons.xml
+++ b/src/chrome/content/rules/Two-Seasons.xml
@@ -1,9 +1,9 @@
-<ruleset name="Two Seasons" default_off="mismatch">
+<ruleset name="Two Seasons" default_off="mismatched">
 
 	<target host="twoseasons.co.uk"/>
 	<target host="www.twoseasons.co.uk"/>
 
-	<securecookie host="^(.*\.)?twoseasons\.co\.uk$" name=".*"/>
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http://(?:www\.)?twoseasons\.co\.uk/"
 		to="https://www.twoseasons.co.uk/"/>
diff --git a/src/chrome/content/rules/Two_Roads.xml b/src/chrome/content/rules/Two_Roads.xml
index 306beff1b05d..9f2eaf4f4e90 100644
--- a/src/chrome/content/rules/Two_Roads.xml
+++ b/src/chrome/content/rules/Two_Roads.xml
@@ -1,13 +1,14 @@
 <ruleset name="Two Roads">
 
 	<target host="2roads.com" />
-	<target host="*.2roads.com" />
+	<target host="fiber.2roads.com" />
+	<target host="news.2roads.com" />
+	<target host="www.2roads.com" />
 
 
 	<securecookie host="^\.2roads\.com$" name=".+" />
 
 
-	<rule from="^http://((?:fiber|news|www)\.)?2roads\.com/"
-		to="https://$12roads.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Two_Sigma.com.xml b/src/chrome/content/rules/Two_Sigma.com.xml
new file mode 100644
index 000000000000..2549baba0637
--- /dev/null
+++ b/src/chrome/content/rules/Two_Sigma.com.xml
@@ -0,0 +1,15 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://twosigma.com/ => https://twosigma.com/: (6, 'Could not resolve host: twosigma.com')
+
+-->
+<ruleset name="Two Sigma.com" default_off="failed ruleset test">
+
+	<target host="twosigma.com" />
+	<target host="www.twosigma.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Twtpoll.com.xml b/src/chrome/content/rules/Twtpoll.com.xml
new file mode 100644
index 000000000000..99ee76f7dd5c
--- /dev/null
+++ b/src/chrome/content/rules/Twtpoll.com.xml
@@ -0,0 +1,28 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://twtpoll.com/ => https://twtpoll.com/: (51, "SSL: no alternative certificate subject name matches target host name 'twtpoll.com'")
+
+	Mixed content:
+
+		- css from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Twtpoll.com" default_off="failed ruleset test">
+
+	<target host="twtpoll.com" />
+	<target host="www.twtpoll.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?twtpoll\.com$" name="^(PHPSESSID|X-Mapping-[a-z]{8})$" /-->
+
+	<securecookie host="^(?:www\.)?twtpoll\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Twylah.com.xml b/src/chrome/content/rules/Twylah.com.xml
new file mode 100644
index 000000000000..24e334676f7c
--- /dev/null
+++ b/src/chrome/content/rules/Twylah.com.xml
@@ -0,0 +1,39 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://twylah.com/ => https://twylah.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.twylah.com/ => https://www.twylah.com/: (28, 'Connection timed out after 20000 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://twylah.com/ => https://twylah.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.twylah.com/ => https://www.twylah.com/: (60, 'SSL certificate problem: certificate has expired')
+	CDN buckets:
+
+		- d2bnh6mf518le4.cloudfront.net
+
+			- assets0
+
+
+	Mixed content:
+
+		- Web bugs from cdn.embed.ly *
+
+	* Secured by us
+
+-->
+<ruleset name="Twylah.com" default_off="failed ruleset test">
+
+	<target host="twylah.com" />
+	<target host="www.twylah.com" />
+
+
+	<securecookie host="^(?:www\.)?twylah\.com$" name=".+" />
+
+
+	<rule from="^http://(www\.)?twylah\.com/"
+		to="https://$1twylah.com/" />
+
+	<rule from="^http://assets0\.twylah\.com/"
+		to="https://d2bnh6mf518le4.cloudfront.net/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Txmblr.com.xml b/src/chrome/content/rules/Txmblr.com.xml
new file mode 100644
index 000000000000..2722d47b29c3
--- /dev/null
+++ b/src/chrome/content/rules/Txmblr.com.xml
@@ -0,0 +1,22 @@
+<!--
+	For other Tumblr coverage, see Tumblr.xml.
+
+
+	Insecure cookies are set for these domains:
+
+		- safe.txmblr.com
+
+-->
+<ruleset name="Txmblr.com">
+
+	<target host="safe.txmblr.com" />
+
+
+	<securecookie host="^safe\.txmblr\.com$" name=".+" />
+
+
+	<!--	When you bareback over the net, you're totally...
+								-->
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Tyk.io.xml b/src/chrome/content/rules/Tyk.io.xml
new file mode 100644
index 000000000000..68d6fc3cc65c
--- /dev/null
+++ b/src/chrome/content/rules/Tyk.io.xml
@@ -0,0 +1,33 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .tyk.io
+
+
+	Mixed content:
+
+		- css on (www.)? from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Tyk.io">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="tyk.io" />
+	<target host="cloud.tyk.io" />
+	<target host="www.tyk.io" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.tyk\.io$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.tyk\.io$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Tyler_Cipriani.com.xml b/src/chrome/content/rules/Tyler_Cipriani.com.xml
new file mode 100644
index 000000000000..408ab61eac47
--- /dev/null
+++ b/src/chrome/content/rules/Tyler_Cipriani.com.xml
@@ -0,0 +1,23 @@
+<!--
+	www.tylercipriani.com: Refused
+
+-->
+<ruleset name="Tyler Cipriani.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="tylercipriani.com" />
+	<target host="analytics.tylercipriani.com" />
+
+	<!--	Complications:
+				-->
+	<target host="www.tylercipriani.com" />
+
+
+	<rule from="^http://www\.tylercipriani\.com/"
+		to="https://tylercipriani.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Tyndall.ie.xml b/src/chrome/content/rules/Tyndall.ie.xml
index 5ffbd24eb844..a46ea5282ee0 100644
--- a/src/chrome/content/rules/Tyndall.ie.xml
+++ b/src/chrome/content/rules/Tyndall.ie.xml
@@ -4,13 +4,10 @@
 -->
 <ruleset name="Tyndall.ie">
 
-	<target host="*.tyndall.ie" />
+	<target host="www.tyndall.ie" />
 
 
-	<securecookie host="^\.tyndall\.ie$" name=".+" />
 
-
-	<rule from="^http://www\.tyndall\.ie/"
-		to="https://www.tyndall.ie/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Tynt-mismatches.xml b/src/chrome/content/rules/Tynt-mismatches.xml
deleted file mode 100644
index edc7ac23c102..000000000000
--- a/src/chrome/content/rules/Tynt-mismatches.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<!--
-	For rules that are on by default, see Tynt.xml.
-
--->
-<ruleset name="Tynt (mismatches)" default_off="Akamai certificate">
-
-	<target host="tcr.tynt.com" />
-
-
-	<rule from="^http://tcr\.tynt\.com/"
-		to="https://tcr.tynt.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Tynt.xml b/src/chrome/content/rules/Tynt.xml
index d1bfe13bbc58..74ffc3adeefe 100644
--- a/src/chrome/content/rules/Tynt.xml
+++ b/src/chrome/content/rules/Tynt.xml
@@ -27,25 +27,27 @@
 	Problematic subdomains:
 
 		- cdn *
-		- tcr *
 
 	* Works; akamai
 
 -->
-<ruleset name="Tynt (partial)">
+<ruleset name="Tynt.com (partial)">
 
-	<target host="*.tynt.com" />
+	<target host="id.tynt.com" />
+	<target host="tcr.tynt.com" />
+
+		<test url="http://tcr.tynt.com/ti.js" />
 
 
 	<!--securecookie host="^\.tynt\.com$" name="^uid$" />
 
-		Tracking cookies:
+		s_\w{2,3}: Tracking cookies:
 					-->
-	<securecookie host="^\.tynt\.com$" name="^s_\w\w\w?$" />
-	<securecookie host="^id\.tynt\.com$" name=".+" />
+	<securecookie host="^\." name="^(?:__cfduid|s_\w\w\w?)$" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^http://id\.tynt\.com/"
-		to="https://id.tynt.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Tyo-ja-elinkeinoministerio.xml b/src/chrome/content/rules/Tyo-ja-elinkeinoministerio.xml
index 32890648dfa1..b73a404d781d 100644
--- a/src/chrome/content/rules/Tyo-ja-elinkeinoministerio.xml
+++ b/src/chrome/content/rules/Tyo-ja-elinkeinoministerio.xml
@@ -1,4 +1,11 @@
-<ruleset name="Ty&#246;- ja elinkeinoministeri&#246;">
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://tem.fi/ (200) => https://www.tem.fi/ (404)
+Non-2xx HTTP code: http://www.tem.fi/ (200) => https://www.tem.fi/ (404)
+
+-->
+<ruleset name="Ty&#246;- ja elinkeinoministeri&#246;" default_off="failed ruleset test">
 	<target host="tem.fi"/>
 	<target host="www.tem.fi"/>
 
diff --git a/src/chrome/content/rules/Tyottomyyskassojen-yhteistyojarjesto.xml b/src/chrome/content/rules/Tyottomyyskassojen-yhteistyojarjesto.xml
index 136d06fd1ae6..4a30b5f1cf54 100644
--- a/src/chrome/content/rules/Tyottomyyskassojen-yhteistyojarjesto.xml
+++ b/src/chrome/content/rules/Tyottomyyskassojen-yhteistyojarjesto.xml
@@ -1,9 +1,8 @@
 <ruleset name="Ty&#246;tt&#246;myyskassojen Yhteisj&#228;rjest&#246;">
-	<target host="tyj.fi"/>
-	<target host="*.tyj.fi"/>
+	<target host="tyj.fi" />
+	<target host="www.tyj.fi" />
 
 	<securecookie host="^\.tyj\.fi$" name="PHPSESSID" />
 
-	<rule from="^http://(www\.)?tyj\.fi/"
-		to="https://$1tyj.fi/"/>
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Typ.io.xml b/src/chrome/content/rules/Typ.io.xml
new file mode 100644
index 000000000000..fd866d9263e9
--- /dev/null
+++ b/src/chrome/content/rules/Typ.io.xml
@@ -0,0 +1,6 @@
+<ruleset name="Typ.io">
+	<target host="typ.io" />
+	<target host="www.typ.io" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TypeRacer.com.xml b/src/chrome/content/rules/TypeRacer.com.xml
new file mode 100644
index 000000000000..4941614280cc
--- /dev/null
+++ b/src/chrome/content/rules/TypeRacer.com.xml
@@ -0,0 +1,11 @@
+<ruleset name="TypeRacer.com">
+	<target host="typeracer.com" />
+	<target host="www.typeracer.com" />
+	<target host="blog.typeracer.com" />
+	<target host="data.typeracer.com" />
+	<target host="play.typeracer.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Typecast.com.xml b/src/chrome/content/rules/Typecast.com.xml
new file mode 100644
index 000000000000..a692f5182a20
--- /dev/null
+++ b/src/chrome/content/rules/Typecast.com.xml
@@ -0,0 +1,21 @@
+<!--
+	Mismatch:
+	- support.typecast.com
+-->
+<ruleset name="Typecast.com (partial)">
+
+	<target host="typecast.com" />
+	<target host="www.typecast.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^typecast\.com$" name="^PHPSESSID$" /-->
+	<securecookie host="^\.typecast\.com$" name="^tca_(?:last_activity|last_visit|tracker)$" />
+
+	<securecookie host="^typecast\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Typekit.net.xml b/src/chrome/content/rules/Typekit.net.xml
new file mode 100644
index 000000000000..5db2939a1262
--- /dev/null
+++ b/src/chrome/content/rules/Typekit.net.xml
@@ -0,0 +1,14 @@
+<!--
+	For other Adobe coverage, see Adobe.xml.
+
+-->
+<ruleset name="Typekit.net">
+
+	<target host="p.typekit.net" />
+	<target host="use.typekit.net" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Typekit.xml b/src/chrome/content/rules/Typekit.xml
index 5448de8b2700..27abd33499b3 100644
--- a/src/chrome/content/rules/Typekit.xml
+++ b/src/chrome/content/rules/Typekit.xml
@@ -2,20 +2,13 @@
 	For other Adobe coverage, see Adobe.xml.
 
 -->
-<ruleset name="Typekit">
+<ruleset name="Typekit.com">
 
 	<target host="typekit.com" />
 	<target host="use.typekit.com" />
-	<target host="*.typekit.net" />
 
 
-	<rule from="^http://typekit\.com/"
-		to="https://typekit.com/" />
-
-	<rule from="^http://p\.typekit\.net/"
-		to="https://p.typekit.net/" />
-
-	<rule from="^http://use\.typekit\.(com|net)/"
-		to="https://use.typekit.$1/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Typepad.xml b/src/chrome/content/rules/Typepad.xml
index 71e69f3fcd1b..2bb0c19508e0 100644
--- a/src/chrome/content/rules/Typepad.xml
+++ b/src/chrome/content/rules/Typepad.xml
@@ -22,7 +22,7 @@
 
 			https://mail1.eff.org/pipermail/https-everywhere-rules/2012-June/001190.html
 							-->
-		<exclusion pattern="http://www\.typepad\.com/(?:services)?($|[\?/])" />
+		<exclusion pattern="http://www\.typepad\.com/(?:services)?(?:$|[\?/])" />
 
 
 	<rule from="^http://(?:www\.)?typepad\.com/"
diff --git a/src/chrome/content/rules/Typesafe.com.xml b/src/chrome/content/rules/Typesafe.com.xml
new file mode 100644
index 000000000000..3d569da70c23
--- /dev/null
+++ b/src/chrome/content/rules/Typesafe.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Problematic subdomains:
+
+		- go *
+
+	* Herokuapp
+
+
+	Fully covered subdomains:
+
+		- (www.)?
+		- new
+		- staging
+
+-->
+<ruleset name="Typesafe.com (partial)">
+
+	<target host="typesafe.com" />
+	<target host="new.typesafe.com" />
+	<target host="staging.typesafe.com" />
+	<target host="www.typesafe.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Typography.com.xml b/src/chrome/content/rules/Typography.com.xml
new file mode 100644
index 000000000000..09945070a1e6
--- /dev/null
+++ b/src/chrome/content/rules/Typography.com.xml
@@ -0,0 +1,33 @@
+<!--
+	Hoefler &amp; Frere-Jones
+
+
+	CDN buckets:
+
+		- fnts.s3.amazonaws.com
+
+
+	Problematic subdomains:
+
+		- ^	(mismatched, CN: *.typography.com)
+
+-->
+<ruleset name="Typography.com (partial)">
+
+	<target host="typography.com" />
+	<target host="www.typography.com" />
+	<target host="cloud.typography.com" />
+	<target host="secure.typography.com" />
+	<target host="ssl.typography.com" />
+
+
+	<securecookie host="^\.typography\.com$" name="^__utm\w+$" />
+
+
+	<rule from="^http://(?:www\.)?typography\.com/(?=account(?:$|[?/])|cart/|favicon\.ico|images/|include/)"
+		to="https://www.typography.com/" />
+
+	<rule from="^http://(cloud|secure|ssl)\.typography\.com/"
+		to="https://$1.typography.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Typora.io.xml b/src/chrome/content/rules/Typora.io.xml
new file mode 100644
index 000000000000..092b47aea5cb
--- /dev/null
+++ b/src/chrome/content/rules/Typora.io.xml
@@ -0,0 +1,11 @@
+<ruleset name="Typora.io">
+
+	<target host="typora.io" />
+	<target host="www.typora.io" />
+	<target host="support.typora.io" />
+	<target host="theme.typora.io" />
+	<target host="typeweb.typora.io" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Typotheque.xml b/src/chrome/content/rules/Typotheque.xml
index 3a30f16d9f79..eebffc174b9f 100644
--- a/src/chrome/content/rules/Typotheque.xml
+++ b/src/chrome/content/rules/Typotheque.xml
@@ -1,31 +1,16 @@
 <!--
-	CDN buckets:
-
-		- tptqimages.s3.amazonaws.com
-
-			- equivalent to d39zsn48xaymk0.cloudfront.net
+	Other Typotheque rulesets:
 
+		+ TPTQ-Arabic.com.xml
+		+ Works_That_Work.com.xml
 -->
-<ruleset name="Typotheque (partial)">
-
+<ruleset name="Typotheque.com (partial)">
 	<target host="typotheque.com" />
-	<target host="*.typotheque.com" />
-
-
-	<securecookie host="^wf\.typotheque\.com$" name=".*" />
-
-
-	<!--	Some pages 302 to http.
-					-->
-	<rule from="^http://(www\.)?typotheque\.com/(css/|images/|my_account|WF-\d{6}-\d{6})"
-		to="https://$1typotheque.com/$2" />
-
-	<rule from="^https?://im\.typotheque\.com/"
-		to="https://tptqimages.s3.amazonaws.com/" />
+	<target host="www.typotheque.com" />
+	<target host="fonts.typotheque.com" />
+	<target host="wf.typotheque.com" />
 
-	<!--	Included on 3rd-party websites.
-						-->
-	<rule from="^http://wf\.typotheque\.com/"
-		to="https://wf.typotheque.com/" />
+	<securecookie host=".+" name=".+" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/U-Bordeaux.fr.xml b/src/chrome/content/rules/U-Bordeaux.fr.xml
new file mode 100644
index 000000000000..82641e852277
--- /dev/null
+++ b/src/chrome/content/rules/U-Bordeaux.fr.xml
@@ -0,0 +1,45 @@
+<!--
+	Problematic hosts in *u-bordeaux.fr:
+
+		- ^ ¹
+		- activation ²
+
+	¹ Mismatched
+	² Server sends no certificate chain, see https://whatsmychaincert.com
+
+
+	Insecure cookies are set for these hosts:
+
+		- personnels.u-bordeaux.fr
+
+-->
+<ruleset name="U-Bordeaux.fr (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<!--target host="activation.u-bordeaux.fr" /-->
+	<target host="cas.u-bordeaux.fr" />
+	<target host="ent.u-bordeaux.fr" />
+	<target host="personnels.u-bordeaux.fr" />
+	<target host="www.u-bordeaux.fr" />
+
+	<!--	Complications:
+				-->
+	<target host="u-bordeaux.fr" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^ent\.u-bordeaux\.fr$" name="^TOMCAT_STICKY$" /-->
+	<!--securecookie host="^personnels\.u-bordeaux\.fr$" name="^eZSESSID$" /-->
+
+	<securecookie host="^(?:ent|personnels)\.u-bordeaux\.fr$" name=".+" />
+
+
+	<rule from="^http://u-bordeaux\.fr/"
+		to="https://www.u-bordeaux.fr/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/U-Tokyo.ac.jp-problematic.xml b/src/chrome/content/rules/U-Tokyo.ac.jp-problematic.xml
new file mode 100644
index 000000000000..123f57ea8388
--- /dev/null
+++ b/src/chrome/content/rules/U-Tokyo.ac.jp-problematic.xml
@@ -0,0 +1,13 @@
+<!--
+	For rules that are on by default, see U-Tokyo.ac.jp.xml.
+
+-->
+<ruleset name="U-Tokyo.ac.jp (problematic)" default_off="expired">
+
+	<target host="user.ecc.u-tokyo.ac.jp" />
+	<target host="www.itc.u-tokyo.ac.jp" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/U-Tokyo.ac.jp.xml b/src/chrome/content/rules/U-Tokyo.ac.jp.xml
new file mode 100644
index 000000000000..11b623b2e56a
--- /dev/null
+++ b/src/chrome/content/rules/U-Tokyo.ac.jp.xml
@@ -0,0 +1,101 @@
+<!--
+	The University of Tokyo
+
+	For problematic rules, see U-Tokyo.ac.jp-problematic.xml.
+
+
+	Nonfunctional subdomains:
+
+		- www.alumni ¹
+		- www.cc ²
+		- www.ecc ³
+		- gensen.dl.itc ²
+		- park.itc ⁴
+		- utroam.nc ²
+		- utf ²
+		- www ²
+
+	¹ Blank page
+	² Refused
+	³ 401
+	⁴ Shows park-ssl.itc
+
+
+	Problematic subdomains:
+
+		- user.ecc ¹
+		- www.itc ²
+
+	¹ Expired 2012, self-signed
+	² Expired 2014
+
+
+	Fully covered subdomains:
+
+		- davm.ecc
+		- davw.ecc
+		- itc-lms.ecc
+		- lecture.ecc
+		- ms.ecc
+		- ras.ecc
+		- secure.ecc
+
+		- mbc.dl.itc
+		- opac.dl.itc
+		- gateway.itc
+		- kiku.itc
+		- park-ssl.itc
+
+		- www.nc
+		- payment.utf
+
+
+	^u-tokyo.ac.jp doesn't exist.
+
+
+	These altnames don't exist:
+
+		- alumni.u-tokyo.ac.jp
+		- ecc.u-tokyo.ac.jp
+
+
+	Insecure cookies are set for these domains:
+
+		- opac.dl.itc
+		- davm.ecc
+		- davw.ecc
+		- itc-lms.ecc
+		- lecture.ecc
+
+-->
+<ruleset name="U-Tokyo.ac.jp (partial)">
+
+	<target host="davm.ecc.u-tokyo.ac.jp" />
+	<target host="davw.ecc.u-tokyo.ac.jp" />
+	<target host="itc-lms.ecc.u-tokyo.ac.jp" />
+	<target host="lecture.ecc.u-tokyo.ac.jp" />
+	<target host="ms.ecc.u-tokyo.ac.jp" />
+	<target host="ras.ecc.u-tokyo.ac.jp" />
+	<target host="secure.ecc.u-tokyo.ac.jp" />
+	<target host="mbc.dl.itc.u-tokyo.ac.jp" />
+	<target host="opac.dl.itc.u-tokyo.ac.jp" />
+	<target host="gateway.itc.u-tokyo.ac.jp" />
+	<target host="kiku.itc.u-tokyo.ac.jp" />
+	<target host="park-ssl.itc.u-tokyo.ac.jp" />
+	<target host="www.nc.u-tokyo.ac.jp" />
+	<target host="payment.utf.u-tokyo.ac.jp" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^dav[mw]\.ecc\.u-tokyo\.ac\.jp$" name="^(JSESSIONID|ServerID)$" /-->
+	<!--securecookie host="^itc-lms\.ecc\.u-tokyo\.ac\.jp$" name="^(B100Serverpoolcookie|gtn\.site\.preference)" /-->
+	<!--securecookie host="^lecture\.ecc\.u-tokyo\.ac\.jp$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^opac\.dl\.itc\.u-tokyo\.ac\.jp$" name="^sto-id-\d+$" /-->
+
+	<securecookie host="^(?:dav[mw]|itc-lms|lecture)\.ecc\.u-tokyo\.ac\.jp$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/U-blox.com.xml b/src/chrome/content/rules/U-blox.com.xml
index 623ea9706edb..7b7faeabd3b4 100644
--- a/src/chrome/content/rules/U-blox.com.xml
+++ b/src/chrome/content/rules/U-blox.com.xml
@@ -1,7 +1,17 @@
-<ruleset name="U-blox.com" default_off="Cert problem">
-  <target host="www.u-blox.com" />
+<!--
+	Mixed content:
+
+		- Images on (www.) from www *
+
+		- favicon on (www.) from www *
+
+	* Secured by us
+
+-->
+<ruleset name="U-blox.com">
   <target host="u-blox.com" />
-  <rule from="^http://www\.u-blox\.com/" to="https://www.u-blox.com/"/>
-  <rule from="^http://u-blox\.com/" to="https://www.u-blox.com/"/>
+	<target host="shop-america.u-blox.com" />
+	<target host="www.u-blox.com" />
+  <rule from="^http:" to="https:" />
 </ruleset>
 
diff --git a/src/chrome/content/rules/U-by-Kotex-Australia.xml b/src/chrome/content/rules/U-by-Kotex-Australia.xml
index 2541e4c7d17e..d1f021d70310 100644
--- a/src/chrome/content/rules/U-by-Kotex-Australia.xml
+++ b/src/chrome/content/rules/U-by-Kotex-Australia.xml
@@ -4,5 +4,5 @@
 
 	<securecookie host="^www\.ubykotex\.com\.au$" name=".+" />
 
-	<rule from="^http://(www\.)?ubykotex\.com\.au/" to="https://$1ubykotex.com.au/" />
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/UA.edu-falsemixed.xml b/src/chrome/content/rules/UA.edu-falsemixed.xml
new file mode 100644
index 000000000000..69406743ec47
--- /dev/null
+++ b/src/chrome/content/rules/UA.edu-falsemixed.xml
@@ -0,0 +1,22 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://as.au.edu/ => https://as.eu.edu/: (6, 'Could not resolve host: as.eu.edu')
+Fetch error: http://www.as.au.edu/ => https://www.as.eu.edu/: (6, 'Could not resolve host: www.as.eu.edu')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://as.au.edu/ => https://as.eu.edu/: (6, 'Could not resolve host: as.au.edu')
+Fetch error: http://www.as.au.edu/ => https://www.as.eu.edu/: (6, 'Could not resolve host: www.as.au.edu')
+	For rules not causing false/broken MCB, see UA.edu.xml.
+
+-->
+<ruleset name="UA.edu (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
+
+	<target host="as.au.edu" />
+	<target host="www.as.au.edu" />
+
+
+	<rule from="^http://(www\.)?as\.au\.edu/"
+		to="https://$1as.eu.edu/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/UA.edu-problematic.xml b/src/chrome/content/rules/UA.edu-problematic.xml
new file mode 100644
index 000000000000..96fdd42da991
--- /dev/null
+++ b/src/chrome/content/rules/UA.edu-problematic.xml
@@ -0,0 +1,13 @@
+<!--
+	For rules that are on by default, see UA.edu.xml.
+
+-->
+<ruleset name="UA.edu (problematic)" default_off="mismatched">
+
+	<target host="directory.ua.edu" />
+	<target host="tour.ua.edu" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/UA.edu.xml b/src/chrome/content/rules/UA.edu.xml
new file mode 100644
index 000000000000..82338d4d6c84
--- /dev/null
+++ b/src/chrome/content/rules/UA.edu.xml
@@ -0,0 +1,111 @@
+<!--
+	The University of Alabama
+
+	For rules causing false/broken MCB, see UA.edu-falsemixed.xml.
+
+	For problematic rules, see UA.edu-problematic.xml.
+
+
+	Nonfunctional subdomains:
+
+		- actcard ¹
+		- alumni ¹
+		- bamadining ²
+		- bamaparking ¹
+		- alabamamaps ³
+		- dialog ²
+		- eop ²
+		- events ²
+		- experts ²
+		- www.fa ²
+		- financialaffairs ⁴
+		- gobama ¹
+		- housing ⁵
+		- hr ¹
+		- maplibrary ³
+		- printing ⁴
+		- registrar ²
+		- research ²
+		- roadclosures ⁴
+		- sacs ¹
+		- www.uafacilities ²
+		- uanews ²
+
+	¹ Shows copingpower
+	² Refused
+	³ Shows another domain
+	⁴ Shows fa-webprod.fa
+	⁵ Shows secure
+
+
+	Problematic subdomains:
+
+		- directory *
+		- tour *
+
+	* Works; mismatched, CN: www.ua.edu
+
+
+	Partially covered subdomains:
+
+		- (www.)as *
+
+	* Avoiding false/broken MCB
+
+
+	Fully covered subdomains:
+
+		- (www.)
+		- home.as
+		- bama
+		- copingpower
+		- fa-webprod.fa
+		- mybama
+		- oirax
+		- onlinegiving
+		- secure.sa
+		- ssb
+
+
+	Mixed content:
+
+		- css, on:
+
+			- www.as from $self *
+			- directory and tour from www *
+
+		- Images, on:
+
+			- www.as from $self
+			- bama, onlinegiving, and tour from www *
+
+		- favicon on (www.), directory, and tour from www *
+
+	* Secured by us
+
+-->
+<ruleset name="UA.edu (partial)">
+
+	<target host="ua.edu" />
+	<target host="as.ua.edu" />
+	<target host="home.as.ua.edu" />
+	<target host="www.as.ua.edu" />
+	<target host="bama.ua.edu" />
+	<target host="copingpower.ua.edu" />
+	<target host="fa-webprod.fa.ua.edu" />
+	<target host="mybama.ua.edu" />
+	<target host="oirax.ua.edu" />
+	<target host="onlinegiving.ua.edu" />
+	<target host="secure.sa.ua.edu" />
+	<target host="ssb.ua.edu" />
+	<target host="www.ua.edu" />
+		<!--exclusion pattern="^http://(actcard|alabamamaps|alumni|bamadining|bamaparking|dialog|directory|eop|events|experts|www\.fa|financialaffairs|gobama|housing|hr|maplibrary|printing|research|registrar|roadclosures|sacs|tour|www\.uafacilities|uanews)\.ua\.edu/" /-->
+		<!--
+			Avoid false/broken MCB:
+						-->
+		<exclusion pattern="^http://(?:www\.)?as\.ua\.edu/+home(?!/wp-content/|/wp-includes/)" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/UAB.edu.xml b/src/chrome/content/rules/UAB.edu.xml
new file mode 100644
index 000000000000..8a0045d6bc55
--- /dev/null
+++ b/src/chrome/content/rules/UAB.edu.xml
@@ -0,0 +1,215 @@
+<!--
+	For subdomains other than www, this ruleset only covers domains which do not redirect.
+	This is due to the fact that many old domains redirect to some location on www.uab.edu,
+	but there may be content still on the subdomain. For example, http://www.music.uab.edu/
+	redirects to https://www.uab.edu/cas/music/, but http://www.music.uab.edu/Studio.html
+	still exists and is not available on www.uab.edu.
+-->
+<ruleset name="UAB.edu (Partial)">
+	<!-- Main site -->
+	<target host="uab.edu" />
+	<target host="www.uab.edu" />
+	<target host="m.uab.edu" />
+
+	<!-- ad.uab.edu -->
+	<target host="irap-apps.ad.uab.edu" />
+	<target host="irapreports.ad.uab.edu" />
+	<target host="itisadglcy.ad.uab.edu" />
+	<target host="itisapps.ad.uab.edu" />
+	<target host="itislcy.ad.uab.edu" />
+	<target host="profiles-extras.ad.uab.edu" />
+	<target host="soncadb.ad.uab.edu" />
+	<target host="surplus.ad.uab.edu" />
+
+	<!-- anesthesiology.uab.edu -->
+	<target host="anes-nextcloud.anesthesiology.uab.edu" />
+	<target host="anes-owncloud.anesthesiology.uab.edu" />
+	<target host="anes-prtg.anesthesiology.uab.edu" />
+	<target host="anes-prtg2.anesthesiology.uab.edu" />
+	<target host="anes-rocket.anesthesiology.uab.edu" />
+	<target host="anes-sccm.anesthesiology.uab.edu" />
+	<target host="anes-vcenter.anesthesiology.uab.edu" />
+	<target host="anes-wiki.anesthesiology.uab.edu" />
+
+	<!-- business.uab.edu -->
+	<target host="ipeer.business.uab.edu" />
+	<target host="sales.business.uab.edu" />
+	<target host="www.business.uab.edu" />
+
+	<!-- cas.uab.edu -->
+	<target host="cas.uab.edu" />
+	<target host="cloud.cas.uab.edu" />
+	<target host="people.cas.uab.edu" />
+	<target host="remote.cas.uab.edu" />
+
+	<!-- cis.uab.edu -->
+	<target host="acm.cis.uab.edu" />
+	<target host="gitlab.cis.uab.edu" />
+	<target host="registry.gitlab.cis.uab.edu" />
+	<target host="info.cis.uab.edu" />
+
+	<!-- cme.uab.edu -->
+	<target host="www.ccts.cme.uab.edu" />
+	<target host="courses.cme.uab.edu" />
+	<target host="fmapp.cme.uab.edu" />
+
+	<!-- cs.uab.edu -->
+	<target host="acm.cs.uab.edu" />
+	<target host="ccl.cs.uab.edu" />
+	<target host="gitlab.cs.uab.edu" />
+	<target host="registry.gitlab.cs.uab.edu" />
+	<target host="info.cs.uab.edu" />
+	<target host="vorlon.cs.uab.edu" />
+
+	<!-- dom.uab.edu -->
+	<target host="apps.dom.uab.edu" />
+	<target host="dmsrv.dom.uab.edu" />
+	<target host="dopm-redcap.dom.uab.edu" />
+	<target host="metrics.dom.uab.edu" />
+	<target host="rctest.dom.uab.edu" />
+	<target host="redcap.dom.uab.edu" />
+	<target host="redcapdev.dom.uab.edu" />
+	<target host="support.dom.uab.edu" />
+	<target host="uablf.dom.uab.edu" />
+
+	<!-- dopm.uab.edu -->
+	<target host="www.cardia.dopm.uab.edu" />
+	<target host="crowdsource.dopm.uab.edu" />
+	<target host="mhrcprojects.dopm.uab.edu" />
+	<target host="dev.mhrcprojects.dopm.uab.edu" />
+
+	<!-- dpo.uab.edu -->
+	<target host="758vpndpo1.dpo.uab.edu" />
+	<target host="758vpndpo2.dpo.uab.edu" />
+	<target host="arkromeo.dpo.uab.edu" />
+	<target host="dropbox.dpo.uab.edu" />
+	<target host="hatteras.dpo.uab.edu" />
+	<target host="padlock.dpo.uab.edu" />
+	<target host="shib.dpo.uab.edu" />
+	<target host="shibdev.dpo.uab.edu" />
+	<target host="vpndpo.dpo.uab.edu" />
+	<target host="www.dpo.uab.edu" />
+
+	<!-- eyes.uab.edu -->
+	<target host="support.eyes.uab.edu" />
+	<target host="survey.eyes.uab.edu" />
+
+	<!-- genome.uab.edu -->
+	<target host="cartwheel.genome.uab.edu" />
+	<target host="galaxy.genome.uab.edu" />
+	<target host="galaxydev.genome.uab.edu" />
+	<target host="wiki.genome.uab.edu" />
+
+	<!-- hs.uab.edu -->
+	<target host="webmail.ad.hs.uab.edu" />
+	<target host="ambassador.hs.uab.edu" />
+	<target host="contact.hs.uab.edu" />
+	<target host="mytoken.hs.uab.edu" />
+	<target host="vpnuabmed.hs.uab.edu" />
+	<target host="webmail.hs.uab.edu" />
+
+	<!-- idm.uab.edu -->
+	<target host="idm.uab.edu" />
+	<target host="apps.idm.uab.edu" />
+	<target host="blazerhubdev.idm.uab.edu" />
+	<target host="idm-shbprdas01.idm.uab.edu" />
+	<target host="padlock.idm.uab.edu" />
+
+	<!-- it.uab.edu -->
+	<target host="ask.it.uab.edu" />
+	<target host="askblaze.it.uab.edu" />
+	<target host="www.askblaze.it.uab.edu" />
+	<target host="lists.it.uab.edu" />
+	<target host="lsv.it.uab.edu" />
+	<target host="remote.it.uab.edu" />
+
+	<!-- lhl.uab.edu -->
+	<target host="dl1.lhl.uab.edu" />
+	<target host="login.ezproxy3.lhl.uab.edu" />
+	<target host="www-clinicalkey-com.ezproxy3.lhl.uab.edu" />
+	<target host="www-uptodate-com.ezproxy3.lhl.uab.edu" />
+	<target host="www.lhl.uab.edu" />
+
+	<!-- library.uab.edu -->
+	<target host="library.uab.edu" />
+	<target host="askus.library.uab.edu" />
+	<target host="libcal.library.uab.edu" />
+	<target host="www.library.uab.edu" />
+
+	<!-- medicine.uab.edu -->
+	<target host="apps.medicine.uab.edu" />
+	<target host="jackie.medicine.uab.edu" />
+	<target host="somvideos.medicine.uab.edu" />
+
+	<!-- peds.uab.edu -->
+	<target host="diagvirolab.peds.uab.edu" />
+	<target host="mail.peds.uab.edu" />
+	<target host="pedsview.peds.uab.edu" />
+	<target host="redcap.peds.uab.edu" />
+	<target host="www.residency.peds.uab.edu" />
+
+	<!-- rc.uab.edu -->
+	<target host="ps-sd.rc.uab.edu" />
+	<target host="torana.rc.uab.edu" />
+	<target host="vislab.rc.uab.edu" />
+	<target host="xnat.rc.uab.edu" />
+
+	<!-- som.uab.edu -->
+	<target host="som.uab.edu" />
+	<target host="admissions.som.uab.edu" />
+	<target host="cmecourses.som.uab.edu" />
+	<target host="specialapp.som.uab.edu" />
+
+	<!-- soph.uab.edu -->
+	<target host="biostat.soph.uab.edu" />
+	<target host="media.soph.uab.edu" />
+	<target host="redcap.soph.uab.edu" />
+	<target host="serve.soph.uab.edu" />
+	<target host="thebeathive.soph.uab.edu" />
+
+	<!-- uabgrid.uab.edu -->
+	<target host="dev.uabgrid.uab.edu" />
+	<target host="docs.uabgrid.uab.edu" />
+	<target host="galaxy.uabgrid.uab.edu" />
+	<target host="projects.uabgrid.uab.edu" />
+	<target host="trac.uabgrid.uab.edu" />
+
+	<!-- Everything else -->
+	<target host="webpearls.aging.uab.edu" />
+	<target host="bb.uab.edu" />
+	<target host="fermentation.bmg.uab.edu" />
+	<target host="businessdegrees.uab.edu" />
+	<target host="calendar.uab.edu" />
+	<target host="voicemail.comm.uab.edu" />
+	<target host="educationabroad.uab.edu" />
+	<target host="go.uab.edu" />
+	<target host="bioitx.informatics.uab.edu" />
+	<target host="discovery.informatics.uab.edu" />
+	<target host="www.ipf.uab.edu" />
+	<target host="irap.uab.edu" />
+	<target host="labs.uab.edu" />
+	<target host="listserv.uab.edu" />
+	<target host="images.main.uab.edu" />
+	<target host="www.medgrad.uab.edu" />
+	<target host="mediaspace.uab.edu" />
+	<target host="www.mycoplasma.uab.edu" />
+	<target host="norc.uab.edu" />
+	<target host="www.norc.uab.edu" />
+	<target host="offcampushousing.uab.edu" />
+	<target host="www.opt.uab.edu" />
+	<target host="www.paging.uab.edu" />
+	<target host="ttpresearchgroup.path.uab.edu" />
+	<target host="profiles.uab.edu" />
+	<target host="prostudies.uab.edu" />
+	<target host="shockcenter.uab.edu" />
+	<target host="sites.uab.edu" />
+	<target host="ssg4.ssg.uab.edu" />
+	<target host="status.uab.edu" />
+	<target host="studentorgs.uab.edu" />
+	<target host="studentwellness.uab.edu" />
+	<target host="portal.uasomh.uab.edu" />
+	<target host="swhelpdesk.uasomh.uab.edu" />
+	<target host="www.vaccine.uab.edu" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/UBM-US.net.xml b/src/chrome/content/rules/UBM-US.net.xml
new file mode 100644
index 000000000000..41fa724939b8
--- /dev/null
+++ b/src/chrome/content/rules/UBM-US.net.xml
@@ -0,0 +1,21 @@
+<!--
+	For other UBM coverage, see UBM.xml.
+
+
+	i.ubm-us.net sets us_ubm_aut wildcard cookie
+	on whichever domain it is loaded from.
+
+-->
+<ruleset name="UBM-US.net">
+
+	<target host="dsimg.ubm-us.net" />
+	<target host="i.ubm-us.net" />
+
+		<test url="http://dsimg.ubm-us.net/asset/360553/382003/DavidCramer.jpg" /><!--	4940 -->
+		<test url="http://i.ubm-us.net/oas/native_clp/css/iwk_nativeclp.css" /><!--	134 -->
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/UBM-mismatches.xml b/src/chrome/content/rules/UBM-mismatches.xml
index 93d3bc5a595a..29254fb8a827 100644
--- a/src/chrome/content/rules/UBM-mismatches.xml
+++ b/src/chrome/content/rules/UBM-mismatches.xml
@@ -20,7 +20,7 @@
 		- (www.)woodbiomass.com			(cert: *.risiinfo.com; shows that domain's data)
 
 -->
-<ruleset name="UBM (mismatches)" default_off="mismatch" platform="mixedcontent">
+<ruleset name="UBM (mismatches)" default_off="mismatched" platform="mixedcontent">
 
 	<!--	Cert: www.oag.com	-->
 	<target host="aircargoworld.com"/>
@@ -60,13 +60,13 @@
 	<target host="ubmelectronics.com"/>
 
 
-	<securecookie host="^pro\.darkreading\.com$" name=".*" />
+	<securecookie host="^pro\.darkreading\.com$" name=".+" />
 	<!--
 		www.deusm.com cookies are handled in DeusM.xml.
 								-->
-	<securecookie host="^www\.drdobbs\.com$" name=".*"/>
-	<securecookie host="^oagcargo\.com$" name=".*"/>
-	<securecookie host="^ubmaviationnews\.com$" name=".*"/>
+	<securecookie host="^www\.drdobbs\.com$" name=".+" />
+	<securecookie host="^oagcargo\.com$" name=".+" />
+	<securecookie host="^ubmaviationnews\.com$" name=".+" />
 
 
 	<!--	!www doesn't work via https.
@@ -91,7 +91,7 @@
 		to="https://reports.informationweek.com/$1s/"/>
 
 	<!--	!www redirects to www.	-->
-	<rule from="^https?://(?:www\.)?insurancetech\.com/"
+	<rule from="^http://(?:www\.)?insurancetech\.com/"
 		to="https://www.insurancetech.com/" />
 
 	<!--	!www doesn't work via https.
diff --git a/src/chrome/content/rules/UBM.xml b/src/chrome/content/rules/UBM.xml
index 70c5f00954c9..15d656014c04 100644
--- a/src/chrome/content/rules/UBM.xml
+++ b/src/chrome/content/rules/UBM.xml
@@ -1,4 +1,6 @@
 <!--
+	ubm.io is handled in Bit.ly_vanity_domains.xml.
+
 	For problematic rules, see UBM-mismatches.xml
 
 
@@ -6,15 +8,18 @@
 
 		- CMP.xml
 		- CRN.xml
+		- Dark_Reading.com.xml
 		- DeusM.xml
 		- EE_Times.xml
 		- InformationWeek.xml
+		- lightreading.com.xml
 		- Network_Computing.xml
 		- OAG.xml
 		- PIERS.xml
 		- PR-Newswire.xml
 		- RISI.xml
 		- TechWeb.xml
+		- UBM-US.net.xml
 
 
 	Nonfunctional subdomains:
@@ -24,25 +29,35 @@
 		- us.legal	(refused)
 		- media *
 		- sustainability *
+		- tech ʳ
 
 	* Times out
+	ʳ Refused
 
 
 	Problematic subdomains:
 
 		- www.events	(cert only matches ^events)
-		- tech		(works; mismatched, CN: events.ubm.com)
 
 -->
-<ruleset name="UBM (partial)">
+<ruleset name="UBM.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="events.ubm.com" />
 
-	<target host="*.ubm.com" />
+	<!--	Complications:
+				-->
+	<target host="www.events.ubm.com" />
 
 
-	<securecookie host="^events\.ubm\.com$" name=".+" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?events\.ubm\.com/"
+	<rule from="^http://www\.events\.ubm\.com/"
 		to="https://events.ubm.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/UBS.xml b/src/chrome/content/rules/UBS.xml
index dcdc0d191fc7..5b36363d275e 100644
--- a/src/chrome/content/rules/UBS.xml
+++ b/src/chrome/content/rules/UBS.xml
@@ -1,84 +1,120 @@
 <!--
-	Nonfunctional ubs.com subdomains:
-
-		- financialservicesinc		(times out)
-		- (www.)ibb			(reset)
-
-
-	Problematic ubs.com subdomains:
-
-		- ^
-
-
-	Partially covered ubs.com subdomains:
-
-		- keyinvest.ibb			(some pages-but not all-404)
-
-
-	Fully covered domains:
-
-		- ubs.com subdomains:
-
-			- ^			(→ www)
-			- apps
-			- apps[12]
-			- assetgateway
-			- connect
-			- connect-ch
-			- connect-ch1
-			- clientlogin.ibb
-			- clientportal.ibb
-
-			- ebanking-\w+
-
-				- ebanking-asia1
-				- ebanking-au
-				- ebanking-de
-				- ebanking-de1
-				- ebanking-es
-				- ebanking-es[12]?
-				- ebanking-it
-				- ebanking-it[12]?
-
-			- ebanking-us
-			- grs
-			- jobs
-			- onesource
-			- onlineservices
-			- sbms
-			- sbms[12]
-			- secure
-			- www
-			- www[12]
-
-		- www.ubs-static.com		(^ doesn't exist)
-
-
-	Targets solely for wildcard cookies:
-
-		- *.www.ubs.com
-
+	Non-functional hosts
+		Couldn't connect to server:
+		- ubs.com
+		- connect.ubs.com
+		- realty.ubs.com
+		- www1.ubs.com
+		- www2.ubs.com
+
+		SSL connect error:
+		- apps.ubs.com
+		- apps1.ubs.com
+		- apps2.ubs.com
+		- assetgateway.ubs.com
+		- fusion.ubs.com
+		- grs.ubs.com
+		- clientlogin.ibb.ubs.com
+		- eqi.ibb.ubs.com
+		- liquidalpha.ibb.ubs.com
+		- skc.ibb.ubs.com
+		- swiskey.ibb.ubs.com
+		- swiskey-certificates.ibb.ubs.com
+		- sbms.ubs.com
+		- sbms1.ubs.com
+		- sbms2.ubs.com
+
+		SSL peer certificate was not OK:
+		- financialservices.ubs.com
+		- portfolio.ibb.ubs.com
+		- topsy.ubs.com
+
+		Peer certificate cannot be authenticated with given CA certificates:
+		- uhnw-gfo.ubs.com
+		- young.ubs.com
+
+		Incomplete certificate chain error:
+		- ibol61.ibb.ubs.com
+		- itanywhere.ibb.ubs.com
+		- keyinvest.ibb.ubs.com
+		- research.ibb.ubs.com
+		- selfservice.ibb.ubs.com
+		- marketsurvey.ubs.com
+		- newsletter-pictures.ubs.com
+
+		Site uses weak encryption (TLSv1.1 or earlier):
+		- cfs.ubs.com
+
+		4xx client error:
+		- janap1.ubs.com
+		- jobs.ubs.com
+		- marketingcentral.ubs.com
+		- microsites.ubs.com
 -->
-<ruleset name="UBS (partial)">
-
+<ruleset name="UBS.com (partial)">
 	<target host="ubs.com" />
-	<target host="*.ubs.com" />
-	<target host="*.ibb.ubs.com" />
-		<exclusion pattern="^http://keyinvest\.ibb\.ubs\.com/(?!images/|styles/)" />
-	<target host="*.www.ubs.com" />
-	<target host="www.ubs-static.com" />
-
-
-	<securecookie host="^.*\.ubs\.com$" name=".+" />
-
-
-	<rule from="^https?://ubs\.com/"
-		to="https://www.ubs.com/" />
-
-	<rule from="^http://(apps[12]?|assetgateway|connect(?:-ch1?)?|ebanking-\w+|grs|(?:client(?:login|portal)|keyinvest)\.ibb|jobs|onesource|onlineservices|sbms[12]?|secure|www[12]?)\.ubs\.com/"
-		to="https://$1.ubs.com/" />
-
-	<rule from="^http://www\.ubs-static\.com/"
-		to="https://www.ubs-static.com/" />
-
-</ruleset>
\ No newline at end of file
+	<target host="www.ubs.com" />
+	<target host="adviceadvantage.ubs.com" />
+	<target host="ais-transport.ubs.com" />
+	<target host="connect-ch.ubs.com" />
+	<target host="connect-ch1.ubs.com" />
+	<target host="connect-ch2.ubs.com" />
+	<target host="donoradvisedfund.ubs.com" />
+	<target host="ebanking-asia1.ubs.com" />
+	<target host="ebanking-ch.ubs.com" />
+	<target host="ebanking-ch2.ubs.com" />
+	<target host="ebanking-de.ubs.com" />
+	<target host="ebanking-de1.ubs.com" />
+	<target host="ebanking-es.ubs.com" />
+	<target host="ebanking-es1.ubs.com" />
+	<target host="ebanking-es2.ubs.com" />
+	<target host="ebanking-it.ubs.com" />
+	<target host="ebanking-it1.ubs.com" />
+	<target host="ebanking-it2.ubs.com" />
+	<target host="emidas.ubs.com" />
+	<target host="etracs.ubs.com" />
+	<target host="eventlounge.ubs.com" />
+	<target host="financialservicesinc.ubs.com" />
+	<target host="forum.ubs.com" />
+	<target host="frame-keyinvest-ch.ubs.com" />
+	<target host="frame-keyinvest-de.ubs.com" />
+	<target host="fundgate.ubs.com" />
+	<target host="delta.ibb.ubs.com" />
+	<target host="investments-au.ubs.com" />
+	<target host="japan1.ubs.com" />
+	<target host="keyinvest-ch.ubs.com" />
+	<target host="keyinvest-ch-en.ubs.com" />
+	<target host="keyinvest-ch-fr.ubs.com" />
+	<target host="keyinvest-de.ubs.com" />
+	<target host="keyinvest-eu.ubs.com" />
+	<target host="keyinvest-it.ubs.com" />
+	<target host="keyinvest-za.ubs.com" />
+	<target host="m.ubs.com" />
+	<target host="microsites.ubs.com" />
+		<test url="http://microsites.ubs.com/iso/fr/" />
+	<target host="mychoicerewards.ubs.com" />
+	<target host="myhomeloan.ubs.com" />
+	<target host="neo.ubs.com" />
+	<target host="onlineservices.ubs.com" />
+	<target host="privatebank-us.ubs.com" />
+	<target host="quotes-global.ubs.com" />
+	<target host="quotes-global1.ubs.com" />
+	<target host="quotes-global2.ubs.com" />
+	<target host="secure.ubs.com" />
+	<target host="echannel.ubssecuritieschina.ubs.com" />
+	<target host="unique-community.ubs.com" />
+	<target host="warrants.ubs.com" />
+	<target host="www1.ubs.com" />
+	<target host="www2.ubs.com" />
+	<target host="xs2a-devportal.ubs.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://(www[12]\.)?ubs\.com/"
+			to="https://www.ubs.com/" />
+	
+	<rule from="^http://japan1\.ubs\.com/"
+		  	to="https://www.ubs.com/jp/ja.html" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/UBank.xml b/src/chrome/content/rules/UBank.xml
new file mode 100644
index 000000000000..80ca898b2912
--- /dev/null
+++ b/src/chrome/content/rules/UBank.xml
@@ -0,0 +1,7 @@
+<ruleset name="UBank">
+	<target host="ubank.com.au" />
+	<target host="www.ubank.com.au" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/UC.xml b/src/chrome/content/rules/UC.xml
new file mode 100644
index 000000000000..9b3ae8297ad4
--- /dev/null
+++ b/src/chrome/content/rules/UC.xml
@@ -0,0 +1,48 @@
+<!--
+	Invalid certificate:
+		open.apps.uc.cn
+		bibei.uc.cn
+		xs.uc.cn
+
+	No working URL known:
+		bench.uc.cn
+		track.uc.cn
+
+	Redirect to http:
+		yun.uc.cn
+
+	Refused:
+		^uc.cn
+		www.uc.cn
+		3g.uc.cn
+		book.uc.cn
+		down2.uc.cn
+		m.down2.uc.cn
+		ibooks.uc.cn
+		school.uc.cn
+		union.uc.cn
+-->
+<ruleset name="UC (partial)">
+	<target host="bbs.uc.cn" />
+	<target host="feedback.uc.cn" />
+		<test url="http://feedback.uc.cn/self_service/web/index" />
+	<target host="fxt.uc.cn" />
+	<target host="fxt1.uc.cn" />
+	<target host="image.uc.cn" />
+	<target host="news.uc.cn" />
+	<target host="api.open.uc.cn" />
+		<test url="http://api.open.uc.cn/cas/forgotaccount/forgotAccountByMobile" />
+	<target host="plus.uc.cn" />
+	<target host="t.uc.cn" />
+
+	<target host="iflow.uczzd.cn" />
+		<test url="http://iflow.uczzd.cn/newsapp/openapp.html" />
+	<target host="s0.uczzd.cn" />
+	<target host="s1.uczzd.cn" />
+	<target host="s2.uczzd.cn" />
+	<target host="s3.uczzd.cn" />
+	<target host="s4.uczzd.cn" />
+	<target host="s5.uczzd.cn" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/UCAR.edu.xml b/src/chrome/content/rules/UCAR.edu.xml
index e5fdff713e6d..44526f22334d 100644
--- a/src/chrome/content/rules/UCAR.edu.xml
+++ b/src/chrome/content/rules/UCAR.edu.xml
@@ -31,13 +31,18 @@
 -->
 <ruleset name="UCAR.edu">
 
-	<target host="*.ucar.edu" />
+	<target host="abuse.ucar.edu" />
+	<target host="www.eol.ucar.edu" />
+	<target host="ncar.ucar.edu" />
+	<target host="www.ncar.ucar.edu" />
+	<target host="security.ucar.edu" />
+	<target host="www.unidata.ucar.edu" />
+	<target host="www.ucar.edu" />
 
 
 	<securecookie host="^(?:www\.eol|\.ncar|www\.unidata)\.ucar\.edu$" name=".+" />
 
 
-	<rule from="^http://(abuse|www\.eol|(?:www\.)?ncar|security|www\.unidata|www2?)\.ucar\.edu/"
-		to="https://$1.ucar.edu/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/UCC.dk.xml b/src/chrome/content/rules/UCC.dk.xml
new file mode 100644
index 000000000000..c6c436b716b6
--- /dev/null
+++ b/src/chrome/content/rules/UCC.dk.xml
@@ -0,0 +1,9 @@
+<ruleset name="UCC.dk">
+
+	<target host="ucc.dk" />
+	<target host="www.ucc.dk" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/UCC.ie.xml b/src/chrome/content/rules/UCC.ie.xml
new file mode 100644
index 000000000000..9178c1039899
--- /dev/null
+++ b/src/chrome/content/rules/UCC.ie.xml
@@ -0,0 +1,48 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://yosemite.ucc.ie/ => https://yosemite.ucc.ie/: (28, 'Connection timed out after 20000 milliseconds')
+
+	Nonfunctional subdomains:
+
+		- lugh *
+		- ocla ¹
+		- pds ²
+
+	* mismatched
+	¹ Shows yosemite; mismatched, CN: yosemite.ucc.ie
+	² Shows yosemite, valid cert
+
+	^ucc.ie doesn't exist.
+
+
+	Mixed content:
+
+		- Images on booleweb from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="UCC.ie (partial)" default_off="failed ruleset test">
+
+	<target host="booleweb.ucc.ie" />
+	<target host="careersfdr.ucc.ie" />
+	<target host="cora.ucc.ie" />
+	<target host="events.ucc.ie" />
+	<target host="library.ucc.ie" />
+	<target host="pacadmin.ucc.ie" />
+	<target host="pensionsonline.ucc.ie" />
+	<target host="www.ucc.ie" />
+	<target host="yosemite.ucc.ie" />
+
+
+	<securecookie host="^(?:booleweb|careersfdr|cora|library|lugh|pacadmin|pensionsonline)\.ucc\.ie$" name=".+" />
+
+
+	<!--	Server drops args but not paths
+						-->
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/UCLA.edu.xml b/src/chrome/content/rules/UCLA.edu.xml
new file mode 100644
index 000000000000..0712ea45bf06
--- /dev/null
+++ b/src/chrome/content/rules/UCLA.edu.xml
@@ -0,0 +1,222 @@
+<!--
+	University of California, Los Angeles
+
+
+	Nonfunctional subdomains:
+
+		- (www.) ¹
+		- tours.admission ²
+		- tours.admissions ²
+		- map.ais ³
+		- ptplv.ais ³
+		- (www.)calendar ⁴
+		- m.dining ⁵
+		- (www.)directory ⁴
+		- giveto ⁶
+		- ha ⁵
+		- admin.happenings ²
+		- m.happenings ⁷
+		- gateway.it ²
+		- (www.)learnit ⁸
+		- catalog.library ⁴
+		- guides.library ⁹
+		- m.library ⁴
+		- lists	 ⁴
+		- newsroom ⁴
+		- m.recreation ᵃ
+		- (www.)registrar ⁴
+		- www.studentincrisis ᵇ
+
+	¹ /.+ redirects to $
+	² Data differ, valid cert
+	³ Dropped
+	⁴ Refused
+	⁵ Shows secure5.ha
+	⁶ Plaintext reply
+	⁷ Shows ^happenings
+	⁸ Shows sheltie.ats
+	⁹ LibGuides
+	ᵃ Shows www.recreation
+	ᵇ 404; mismatched, CN: *.uclanet.ucla.edu
+
+
+	Problematic subdomains:
+
+		- (www.)accessweb ¹
+		- (www.)ada ²
+		- admission ³
+		- admissions ³
+		- shb.ais ⁴
+		- maps ⁵
+		- mwf ⁵
+		- osd ²
+		- www.recreation ⁵
+		- www.ursa ⁴
+
+	¹ Expired 2012
+	² Mismatched, CN: dnn.uclanet.ucla.edu
+	³ Mismatched, CN: www.admission.ucla.edu
+	⁴ Configured for rc4 only
+	⁵ Mixed css
+
+
+	Partially covered subdomains:
+
+		- guides.library	(→ libguides.com)
+		- maps *
+		- mwf *
+		- www.recreation *
+
+	* Avoiding broken MCB
+
+
+	Fully covered subdomains:
+
+		- (www.)admissions	(^ → www)
+		- shb.ais
+		- sheltie.ats
+		- auth
+		- auth-asm1.auth
+		- (www.)bruintech
+		- (www.)ccle
+		- docs.ccle
+		- (www.)dcp
+		- (www.)diversity
+		- welcome.diversity
+		- (www.)events
+		- secure5.ha
+		- (www.)happenings
+		- dev.happenings
+
+		- (www.)it
+		- studentweb.it
+		- wwwprep.it
+
+		- kb
+
+		- (www.)library
+		- www-stage.library
+		- www-test.library
+
+		- (www.)logon
+		- logon-asm1.logon
+		- logon-csb1.logon
+
+		- m
+		- hr.mycareer
+		- (www.)osd		(^ → www)
+		- secure.recreation
+		- computing.sscnet
+		- dnn.uclanet
+		- (www.)ucod
+		- www.ursa
+
+
+	These altnames don't exist:
+
+		- www.auth.ucla.edu
+
+		- drupalstage-auth.library.ucla.edu
+		- drupalstage-edit.library.ucla.edu
+		- drupaltest-auth.library.ucla.edu
+		- drupaltest-edit.library.ucla.edu
+		- www-stooge-auth.library.ucla.edu
+		- www-stooge-edit.library.ucla.edu
+		- www-stooge1-auth.library.ucla.edu
+		- www-stooge1-edit.library.ucla.edu
+		- www-stooge2-auth.library.ucla.edu
+		- www-stooge2-edit.library.ucla.edu
+		- www-stooge3-auth.library.ucla.edu
+		- www-stooge3-edit.library.ucla.edu
+		- www-webhead1-auth.library.ucla.edu
+		- www-webhead1-edit.library.ucla.edu
+		- www-webhead2-auth.library.ucla.edu
+		- www-webhead2-edit.library.ucla.edu
+		- www-webhead3-auth.library.ucla.edu
+		- www-webhead3-edit.library.ucla.edu
+		- www-auth.library.ucla.edu
+		- www-edit.library.ucla.edu
+
+		- ursa.ucla.edu
+
+
+	Insecure cookies are set for these domains:
+
+		- (www.)ada
+		- shb.ais
+		- kb
+		- www.recreation
+		- (www.)osd
+		- dnn.uclanet
+
+
+	Mixed content:
+
+		- css, on:
+
+			- maps from m ¹
+			- www.recreation from $self ¹
+			- www.recreation from code.jquery.com ¹
+
+		- Images, on:
+
+			- (www.)admission and (www.)?admissions from www ²
+			- m from $self ¹
+			- maps from $self ¹
+			- maps from ptplv.ais ³
+			- www.recreation from $self ¹
+			- www.recreation from i.ytimg.com ¹
+
+	¹ Secured by us
+	² Unsecurable
+	³ Unsecurable <= dropped
+
+-->
+<ruleset name="UCLA.edu (partial)">
+
+	<target host="*.ucla.edu" />
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="^http://(www\.)?ucla\.edu/$" /-->
+		<!--
+			Redirect to $:
+					-->
+		<!--exclusion pattern="^http://(www\.)?ucla\.edu/(img/)" /-->
+		<!--
+			Avoid false/broken MCB:
+						-->
+		<exclusion pattern="^http://maps\.ucla\.edu/+m/" />
+		<exclusion pattern="^http://mwf\.ucla\.edu/+(?!css/|img/)" />
+		<exclusion pattern="^http://www\.recreation\.ucla\.edu/+(?!\?css=|images/|scripts/)" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^shb\.ais\.ucla\.edu$" name="^SHB\d+Cookie$" /-->
+	<!--securecookie host="^kb\.ucla\.edu$" name="^(_shibstate_\d+_[0-9a-f]+|_uclakb_session)$" /-->
+	<!--securecookie host="^((www\.)?ada|(www\.)?osd|dnn\.uclanet)\.ucla\.edu$" name="^(\.ASPXANONYMOUS|BIGipServerdnn\.uclanet\.ucla\.edu-pool|b+|dnn_IsMobile)$" /-->
+
+	<securecookie host="^(?:shb\.ais|kb|(?:www\.)?osd|dnn\.uclanet)\.ucla\.edu$" name=".+" />
+	<securecookie host="^www\.recreation\.ucla.edu$" name="^exp_last_(?:activity|visit)$" />
+
+
+	<!--	Domains for which both !www and www exist,
+		but only www is unproblematic.
+						-->
+	<rule from="^http://(?:www\.)?(admissions?|osd)\.ucla\.edu/"
+		to="https://www.$1.ucla.edu/" />
+
+	<!--	Domains for which both !www and www exist,
+		and both are unproblematic.
+						-->
+	<rule from="^http://(www\.)?(bruintech|ccle|dcp|diversity|events|happenings|library|logon|ucod)\.ucla\.edu/"
+		to="https://$1$2.ucla.edu/" />
+
+	<rule from="^http://(shb\.ais|sheltie\.ats|(?:auth-asm1\.)?auth|docs\.ccle|welcome\.diversity|secure5\.ha|dev\.happenings|(?:studentweb|wwwprep)\.it|kb|(?:www-stage|www-test)\.library|logon-(?:asm|csb)1\.logon|m|maps|mwf|hr\.mycareer|(?:secure|www)\.recreation|computing\.sscnet|dnn\.uclanet|www\.ursa)\.ucla\.edu/"
+		to="https://$1.ucla.edu/" />
+
+	<rule from="^http://guides\.library\.ucla\.edu/(?=css\d*/|data/|include/|js\d*/)"
+		to="https://libguides.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/UCLA_Health.xml b/src/chrome/content/rules/UCLA_Health.xml
index d06f4e841412..6c754e44af91 100644
--- a/src/chrome/content/rules/UCLA_Health.xml
+++ b/src/chrome/content/rules/UCLA_Health.xml
@@ -13,7 +13,6 @@
 	<securecookie host="^www\.uclahealth\.org$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?uclahealth\.org/"
-		to="https://www.uclahealth.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/UCM.es.xml b/src/chrome/content/rules/UCM.es.xml
new file mode 100644
index 000000000000..f6de4465ef48
--- /dev/null
+++ b/src/chrome/content/rules/UCM.es.xml
@@ -0,0 +1,71 @@
+<!--
+	Nonfunctional subdomains:
+
+		- eprints ¹
+		- alfama.sim ²
+
+	¹ Prints default page
+	² Refused
+
+
+	Problematic subdomains:
+
+		- biblioteca ¹
+		- cisne.sim ²
+		- 0-papers.nber.org.cisne.sim ³
+		- guaix.fis ⁴
+
+	¹ Mixed css from $self
+	² Mixed iframe from www
+	³ Works; mismatched, CN: cisne.sim.ucm.es
+	⁴ Works, self-signed
+
+
+	Partially covered subdomains:
+
+		- biblioteca *
+		- cisne.sim *
+
+	* Avoiding false/broken MCB
+
+
+	Fully covered subdomains:
+
+		- pendientedemigracion
+		- www
+
+
+	^ucm.es doesn't exist.
+
+
+	Mixed content:
+
+		- iframe on cisne.sim from www *
+
+		- css on biblioteca from $self *
+
+		- Images, on:
+
+			- biblioteca from $self *
+			- cisne.sim from www *
+
+	* Secured by us
+
+-->
+<ruleset name="UCM.es (partial)">
+
+	<target host="biblioteca.ucm.es" />
+	<target host="pendientedemigracion.ucm.es" />
+	<target host="cisne.sim.ucm.es" />
+	<target host="www.ucm.es" />
+		<!--exclusion pattern="^http://(eprints|0-papers\.nber\.org\.cisne\.sim|alfama\.sim)\.ucm\.es/" /-->
+		<!--
+			Avoid false/broken MCB:
+						-->
+		<exclusion pattern="^http://biblioteca\.ucm\.es/+(?!media/|temas/)" />
+		<exclusion pattern="^http://cisne\.sim\.ucm\.es/+(?!screens/|scripts/)" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/UCPI.org.uk.xml b/src/chrome/content/rules/UCPI.org.uk.xml
new file mode 100644
index 000000000000..54babc8aa779
--- /dev/null
+++ b/src/chrome/content/rules/UCPI.org.uk.xml
@@ -0,0 +1,13 @@
+<ruleset name="UCPI.org.uk">
+
+	<target host="ucpi.org.uk" />
+	<target host="www.ucpi.org.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/UCSD.edu-self-signed.xml b/src/chrome/content/rules/UCSD.edu-self-signed.xml
deleted file mode 100644
index f69990b89ccf..000000000000
--- a/src/chrome/content/rules/UCSD.edu-self-signed.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	For rules that are enabled by default, see UCSD.edu.xml.
-
--->
-<ruleset name="UCSD.edu (self-signed)" default_off="mismatched, self-signed">
-
-	<target host="cseweb.ucsd.edu" />
-	<target host="*.www-cse.ucsd.edu" />
-	<target host="iod.ucsd.edu" />
-	<target host="www.iod.ucsd.edu" />
-
-
-	<securecookie host="^\.www-cse\.ucsd\.edu$" name=".+" />
-
-
-	<rule from="^http://cseweb\.ucsd\.edu/"
-		to="https://cseweb.ucsd.edu/" />
-
-	<!--	Cert only matches www.	-->
-	<rule from="^https?://(?:www\.)?iod\.ucsd\.edu/"
-		to="https://www.iod.ucsd.edu/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/UCSD.edu.xml b/src/chrome/content/rules/UCSD.edu.xml
deleted file mode 100644
index 08e92f301794..000000000000
--- a/src/chrome/content/rules/UCSD.edu.xml
+++ /dev/null
@@ -1,245 +0,0 @@
-<!--
-	For problematic rules, see UCSD.edu-self-signed.xml.
-
-
-	Nonfunctional subdomains:
-
-		- apsys11		(shows www.sysnet; mismatched, CN: www.sysnet.ucsd.edu)
-		- hmi			(times out)
-		- oec-vmweb02
-		- (www.)jacobsschool	(404)
-
-
-	Problematic subdomains:
-
-		- cseweb	(expired 2012-08-18)
-
-
-	Nonfunctional subdomains:
-
-		- irps	(redirects to a4.ucsd.edu)
-		- spiff	(cert: www.iod.ucsd.edu, shows that domain's data
-
--->
-<ruleset name="UCSD" platform="mixedcontent">
-<!-- Note from submitter: I do NOT have an official position in UCSD's information technology departments.
-     I prefer not to give out my UCSD-assigned email address, but you should be able to find another email
-     address for me by examining the mailing list. -->
-<!-- E-Check uses quikpayasp.com; TritonCash uses services.jsatech.com
-     These domains belong in separate rulesets because they are not used solely by UCSD.
-     Does uc.sumtotalsystems.com (ultimate destination of uclearning) belong here, or do other UCs use it too?
--->
-<!-- TODOs:
-   <target host="apol-recruit.ucsd.edu" />
-   <target host="m.ucsd.edu" /> (mobile redirection script supports https because it is used on TritonLink)
-   <target host="ogs-calendar.ucsd.edu" />
-   <target host="students.ucsd.edu" /> (used for some embedded content on TritonLink; a rule for the entire _resources folder was tried and caused breakage)
-   <target host="vac.ucsd.edu" /> (Virtual Advising Center - redirects to some page in aventeur)
-   <target host="vcsaforms.ucsd.edu" /> (hit during TritonLink logout; is is sslstrip-vulnerable anywhere?)
-   <target host="webct.ucsd.edu" /> (redirector; check behavior when logged in vs. out)
-   <target host="webctweb.ucsd.edu" /> (superseded by ted)
-   <target host="www-no.ucsd.edu" /> (Network Operations, used by ResNet registration etc. not sure if https enforced.
-                                      www-ono.ucsd.edu seems to exist too - Old Network Operations?)
-   <target host="www.ucsd.edu" /> (supports https for some embedded content on TritonLink)
-
-     TritonLink used to be called StudentLink according to https://sites.google.com/site/ucsdecegsc/information-for-new-students/tips-for-new-students
-     This info is several years old and not worth worrying about.
-
-     Known cases of different content between http and https:
-     emerald.ucsd.edu
-
-     I haven't yet verified the (non-)existence of www subdomains for all cases.
--->
-<!-- normally https only; protect against sslstripping -->
-   <target host="a4.ucsd.edu" />
-   <target host="acs-webmail.ucsd.edu" />
-   <target host="altng.ucsd.edu" />
-   <target host="aventeur.ucsd.edu" />
-   <target host="cinfo.ucsd.edu" />
-   <target host="facilities.ucsd.edu" />
-   <target host="gradapply.ucsd.edu" />
-   <target host="graduateapp.ucsd.edu" />
-   <target host="jacobsstudent.ucsd.edu" />
-   <target host="myucsdchart.ucsd.edu" />
-   <target host="sdacs.ucsd.edu" />
-   <target host="shs.ucsd.edu" />
-   <target host="ted.ucsd.edu" />
-   <target host="ucsdbkst.ucsd.edu" />
-<!-- supports https but doesn't enforce it on all pages
-
-     CSE, ECE, Mechanical and Aerospace Engineering, Nanoengineering, Structural Engineering depts share one server.
-     Its SubjectAltName also mentions the following domains, but I've not written rules for them because they're for private use:
-     oec-vmweb03.ucsd.edu, ece-internal.ucsd.edu, t (unqualified!)
-     There is usually mixed content from www.jacobsschool.ucsd.edu -->
-   <target host="a.ucsd.edu" />
-   <target host="acms.ucsd.edu" />
-   <target host="bookstore.ucsd.edu" />
-   <target host="www.bookstore.ucsd.edu" /><!-- cert mismatch, rule redirects it to domain without www -->
-   <target host="cs.ucsd.edu" />
-   <target host="www.cs.ucsd.edu" />
-   <target host="cse.ucsd.edu" />
-   <target host="www.cse.ucsd.edu" />
-   <target host="ece.ucsd.edu" />
-   <target host="www.ece.ucsd.edu" />
-   <target host="hdh.ucsd.edu" />
-   <target host="www.hdh.ucsd.edu" />
-   <target host="hds.ucsd.edu" />
-   <target host="www.hds.ucsd.edu" /><!-- cert mismatch, rule redirects it to domain without www -->
-   <target host="maeweb.ucsd.edu" />
-   <target host="nanoengineering.ucsd.edu" />
-   <target host="www.nanoengineering.ucsd.edu" />
-   <target host="ne-web.ucsd.edu" />
-   <target host="ne.ucsd.edu" />
-   <target host="neweb.ucsd.edu" />
-   <target host="roger.ucsd.edu" />
-   <target host="www.roger.ucsd.edu" /><!-- cert mismatch, rule redirects it to domain without www -->
-   <target host="se.ucsd.edu" />
-   <target host="structures.ucsd.edu" />
-   <target host="www.structures.ucsd.edu" />
-   <target host="uxt.ucsd.edu" />
-   <target host="www-cs.ucsd.edu" />
-   <target host="www-cse.ucsd.edu" />
-   <target host="www-ne.ucsd.edu" />
-   <target host="www-structures.ucsd.edu" />
-<!-- only some features known to support https; protect them against sslstripping (not Firesheep) -->
-   <target host="act.ucsd.edu" />
-   <target host="health.ucsd.edu" />
-		<!--
-			Redurects to http, along with:
-
-				- news/Pages/
-				- news/releases/Pages/
-								-->
-		<exclusion pattern="^http://health\.ucsd\.edu/_layouts/spsredirect\.aspx" />
-   <target host="libraries.ucsd.edu" />
-   <target host="studenthealth.ucsd.edu" /><!-- XXX: Does this still use ipsCA? -->
-   <target host="www-act.ucsd.edu" />
-<!-- redirectors
-     TODO: full Link Family list at http://blink.ucsd.edu/technology/help-desk/applications/link-family/list.html -->
-   <target host="accesslink.ucsd.edu" />
-   <target host="acs.ucsd.edu" />
-   <target host="cri.ucsd.edu" />
-   <target host="desktop.ucsd.edu" />
-   <target host="financiallink.ucsd.edu" />
-   <target host="iwdc.ucsd.edu" />
-   <target host="marketplace.ucsd.edu" />
-   <target host="mytritonlink.ucsd.edu" />
-   <target host="www.mytritonlink.ucsd.edu" />
-   <target host="resnet.ucsd.edu" />
-   <target host="software.ucsd.edu" />
-   <target host="sysstaff.ucsd.edu" />
-   <target host="tritonlink.ucsd.edu" />
-   <target host="www.tritonlink.ucsd.edu" />
-   <target host="uclearning.ucsd.edu" />
-   <target host="webmail.ucsd.edu" />
-   <target host="www-acs.ucsd.edu" />
-
-<!-- Other things could stand to have securecookie, but these are the most important:
-     a4 is used for login pages and some embedded scripts related to the login system. It doesn't yet flag its cookies as https-only.
-     acs-webmail uses at least two cookies, only one of which is normally flagged https-only. -->
-   <securecookie host="^(.+\.)?a(4|cs-webmail)\.ucsd\.edu$" name=".*" />
-
-   <rule from="^http://a4\.ucsd\.edu/"
-       to="https://a4.ucsd.edu/" />
-   <rule from="^http://(acs-)?webmail\.ucsd\.edu/"
-       to="https://acs-webmail.ucsd.edu/" />
-   <rule from="^http://altng\.ucsd\.edu/"
-       to="https://altng.ucsd.edu/" />
-   <rule from="^http://aventeur\.ucsd\.edu/"
-       to="https://aventeur.ucsd.edu/" />
-   <rule from="^http://cinfo\.ucsd\.edu/"
-       to="https://cinfo.ucsd.edu/" />
-   <rule from="^http://facilities\.ucsd\.edu/"
-       to="https://facilities.ucsd.edu/" />
-   <rule from="^http://gradapply\.ucsd\.edu/"
-       to="https://gradapply.ucsd.edu/" />
-   <rule from="^http://graduateapp\.ucsd\.edu/"
-       to="https://graduateapp.ucsd.edu/" />
-   <rule from="^http://jacobsstudent\.ucsd\.edu/"
-       to="https://jacobsstudent.ucsd.edu/" />
-   <rule from="^http://myucsdchart\.ucsd\.edu/"
-       to="https://myucsdchart.ucsd.edu/" />
-   <rule from="^http://sdacs\.ucsd\.edu/"
-       to="https://sdacs.ucsd.edu/" />
-   <rule from="^http://shs\.ucsd\.edu/"
-       to="https://shs.ucsd.edu/" />
-   <rule from="^http://ted\.ucsd\.edu/"
-       to="https://ted.ucsd.edu/" />
-   <rule from="^http://ucsdbkst\.ucsd\.edu/"
-       to="https://ucsdbkst.ucsd.edu/" />
-
-   <rule from="^http://a\.ucsd\.edu/"
-       to="https://a.ucsd.edu/" />
-   <rule from="^http://acms\.ucsd\.edu/"
-       to="https://acms.ucsd.edu/" />
-   <rule from="^http://(www\.)?bookstore\.ucsd\.edu/"
-       to="https://bookstore.ucsd.edu/" />
-   <rule from="^http://(www[-\.])?cs(e)?\.ucsd\.edu/"
-       to="https://$1cs$2.ucsd.edu/" />
-   <rule from="^http://(www\.)?ece\.ucsd\.edu(:16080)?/"
-       to="https://$1ece.ucsd.edu/" />
-   <rule from="^http://(www\.)?hdh\.ucsd\.edu/"
-       to="https://$1hdh.ucsd.edu/" />
-   <rule from="^http://(www\.)?hds\.ucsd\.edu/"
-       to="https://hds.ucsd.edu/" />
-   <rule from="^http://maeweb\.ucsd\.edu/"
-       to="https://maeweb.ucsd.edu/" />
-   <rule from="^http://(www\.)?nanoengineering\.ucsd\.edu/"
-       to="https://$1nanoengineering.ucsd.edu/" />
-   <rule from="^http://ne(-?web)?\.ucsd\.edu/"
-       to="https://ne$1.ucsd.edu/" />
-   <rule from="^http://(www\.)?roger\.ucsd\.edu/"
-       to="https://roger.ucsd.edu/" />
-   <rule from="^http://se\.ucsd\.edu/"
-       to="https://se.ucsd.edu/" />
-   <rule from="^http://(www\.)?structures\.ucsd\.edu/"
-       to="https://$1structures.ucsd.edu/" />
-   <rule from="^http://uxt\.ucsd\.edu/"
-       to="https://uxt.ucsd.edu/" />
-   <rule from="^http://www-ne\.ucsd\.edu/"
-       to="https://www-ne.ucsd.edu/" />
-   <rule from="^http://www-structures\.ucsd\.edu/"
-       to="https://www-structures.ucsd.edu/" />
-
-   <rule from="^http://health\.ucsd\.edu/(_layouts/|page_ad/|request_appt|Style\ Library/|WebResource\.axd)"
-           to="https://health.ucsd.edu/$1" />
-   <rule from="^http://libraries\.ucsd\.edu/digital/"
-           to="https://libraries.ucsd.edu/digital/" />
-<!-- Most of studenthealth.ucsd.edu does not enforce https.
-     The Ask-A-Question feature, located in the folder /secure/askaquestion/, does enforce https, and it requires login (via a4 page).
-     XXX: Does this still use ipsCA? If so...
-     This rule only protects against sslstripping. The cert error is NOT this rule's fault and would still occur without the rule. -->
-   <rule from="^http://studenthealth\.ucsd\.edu/secure/"
-           to="https://studenthealth.ucsd.edu/secure/" />
-<!-- Link Family is migrating from www-act to act. Redirection exists. Many student-accessible features have CamelCased names like studentDirectDeposit -->
-   <rule from="^http://(www-)?act\.ucsd\.edu/(bsl/home|cgi-bin/[A-Za-z]+link\.pl|classPlanner|marketplace-sso|mytritonlink/view|myTritonlink20|student[A-Z][A-Za-z]+/[A-Za-z]+|travellink/home)"
-           to="https://$1act.ucsd.edu/$2" />
-
-   <rule from="^http://accesslink\.ucsd\.edu/"
-           to="https://altng.ucsd.edu/" />
-<!-- err on the side of not breaking things, hoping that no subpages are used. Replace www-act with act in these? -->
-   <rule from="^http://financiallink\.ucsd\.edu/?$"
-           to="https://www-act.ucsd.edu/cgi-bin/financiallink.pl" />
-   <rule from="^http://marketplace\.ucsd\.edu/?$"
-           to="https://www-act.ucsd.edu/marketplace-sso/signon" />
-   <rule from="^http://(www\.)?(my)?tritonlink\.ucsd\.edu/?$"
-           to="https://act.ucsd.edu/myTritonlink20/display.htm" />
-   <rule from="^http://uclearning\.ucsd\.edu/"
-           to="https://a4.ucsd.edu/lms/" />
-<!-- redirects to acms go below -->
-<!-- cri ultimately redirects to the ACMS homepage because the CRI dept was closed, although this rule is correct for the initial bounce. That isn't our problem
-     NB: These have subpages. resnet has been tested fairly well, except the conference guest registration (resnet.ucsd.edu/conf) which might not exist anymore, but software and maybe iwdc need more testing. -->
-   <rule from="^http://(cri|desktop|iwdc|resnet|software|sysstaff)\.ucsd\.edu/"
-           to="https://acms.ucsd.edu/units/$1/" />
-<!-- was https://acms.ucsd.edu/troublereport/, which is now a redirect; note that a.ucsd.edu is also officially part of ACMS -->
-   <rule from="^http://(www-)?acs\.ucsd\.edu/troublereport/?$"
-           to="https://a.ucsd.edu/troublereport/" />
-   <rule from="^http://www-acs\.ucsd\.edu/?$"
-           to="https://acms.ucsd.edu/index.html" />
-   <rule from="^http://www-acs\.ucsd\.edu/account-tools/oce-intro\.shtml$"
-           to="https://acms.ucsd.edu/students/oce-intro.html" />
-   <rule from="^http://www-acs\.ucsd\.edu/instructional/?$"
-           to="https://acms.ucsd.edu/students/" />
-
-   <securecookie host=".*\.ucsd\.edu" name=".*" />
-</ruleset>
diff --git a/src/chrome/content/rules/UC_Hastings.edu-problematic.xml b/src/chrome/content/rules/UC_Hastings.edu-problematic.xml
new file mode 100644
index 000000000000..a5032d150891
--- /dev/null
+++ b/src/chrome/content/rules/UC_Hastings.edu-problematic.xml
@@ -0,0 +1,18 @@
+<!--
+	For rules that are on by default, see UC_Hastings.edu.xml.
+
+-->
+<ruleset name="UC Hastings.edu (problematic)" default_off="cert-chain">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="uchastings.edu" />
+	<target host="journals.uchastings.edu" />
+	<target host="library.uchastings.edu" />
+	<target host="www.uchastings.edu" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/UC_Hastings.edu.xml b/src/chrome/content/rules/UC_Hastings.edu.xml
new file mode 100644
index 000000000000..b46845238005
--- /dev/null
+++ b/src/chrome/content/rules/UC_Hastings.edu.xml
@@ -0,0 +1,70 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://webadvisor.uchastings.edu/ => https://webadvisor.uchastings.edu/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	For rules causing false/broken MCB, see UC_Hastings.edu-falsemixed.xml.
+	For problematic rules, see UC_Hastings.edu-problematic.xml.
+
+
+	Problematic subdomains:
+
+		- (www.)? ¹
+		- events ²
+		- journals ¹ ²
+		- library ¹ ²
+
+	¹ Server sends no certificate chain, see https://whatsmychaincert.com
+	² Mixed css
+
+
+	These altnames don't exist:
+
+		- www.events.uchastings.edu
+
+
+	Insecure cookies are set for these hosts:
+
+		- events.uchastings.edu
+
+
+	Mixed content:
+
+		- css, on:
+
+			- events, journals from fonts.googleapis.com ¹
+			- events from hws.uchastings.edu ¹
+			- journals, library from (www.)?uchastings.edu ²
+
+		- Images, on (www.)?, hws, journals, library from (www.)?uchastings.edu ²
+		- favicon on journals, library from (www.)?uchastings.edu ²
+
+	¹ Secured by us
+	² Rule disabled by default <= missing certificate chain
+
+-->
+<ruleset name="UC Hastings.edu (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<!--target host="uchastings.edu" /-->
+	<target host="cio2.uchastings.edu" />
+	<!--target host="events.uchastings.edu" /-->
+	<target host="hws.uchastings.edu" />
+	<!--target host="journals.uchastings.edu" /-->
+	<!--target host="library.uchastings.edu" /-->
+	<target host="webadvisor.uchastings.edu" />
+	<!--target host="www.uchastings.edu" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^events\.uchastings\.edu$" name="^ASP\.NET_SessionId$" /-->
+
+	<!--securecookie host="^events\.uchastings\.edu$" name=".+" /-->
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/UCalgary.ca.xml b/src/chrome/content/rules/UCalgary.ca.xml
index fdd280a766f0..e4528958a55b 100644
--- a/src/chrome/content/rules/UCalgary.ca.xml
+++ b/src/chrome/content/rules/UCalgary.ca.xml
@@ -102,7 +102,7 @@
 		- www.su ²
 		- www ¹
 
-	¹ Not secured by us <= impartial support
+	¹ Not secured by us <= partial support
 	² Secured by us
 	³ Not secured by us <= maybe more domains under *.foo
 	⁴ Not secured by us <= no support
diff --git a/src/chrome/content/rules/UCalgary_Mag.ca.xml b/src/chrome/content/rules/UCalgary_Mag.ca.xml
new file mode 100644
index 000000000000..d3e47762d54a
--- /dev/null
+++ b/src/chrome/content/rules/UCalgary_Mag.ca.xml
@@ -0,0 +1,40 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ucalgarymag.ca/ => https://ucalgarymag.ca/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.ucalgarymag.ca/ => https://www.ucalgarymag.ca/: (60, 'SSL certificate problem: certificate has expired')
+
+	For other University of Calgary coverage, see UCalgary.ca.xml.
+
+
+	Insecure cookies are set for these domains:
+
+		- .ucalgarymag.ca
+
+
+	Mixed content:
+
+		- Image from static.ucalgary.ca *
+
+	* Secured by us
+
+-->
+<ruleset name="UCalgary Mag.ca" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ucalgarymag.ca" />
+	<target host="www.ucalgarymag.ca" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.ucalgarymag\.ca$" name="^SESS[\da-f]{32}$" /-->
+
+	<securecookie host="^\.ucalgarymag\.ca$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/UClinics.xml b/src/chrome/content/rules/UClinics.xml
deleted file mode 100644
index 2c93d641db1f..000000000000
--- a/src/chrome/content/rules/UClinics.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="uClinics">
-
-	<target host="uclinics.com" />
-	<target host="*.uclinics.com" />
-
-
-	<securecookie host="^(?:app)?\.uclinics\.com$" name=".+" />
-
-
-	<rule from="^http://(app\.|static\.|www\.)?uclinics\.com/"
-		to="https://$1uclinics.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/UDK.com.xml b/src/chrome/content/rules/UDK.com.xml
index e835bde32f58..06b2ee4a1564 100644
--- a/src/chrome/content/rules/UDK.com.xml
+++ b/src/chrome/content/rules/UDK.com.xml
@@ -1,4 +1,14 @@
-<ruleset name="Unreal Development Kit">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://udk.com/ => https://udk.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.udk.com/ => https://udk.com/: (60, 'SSL certificate problem: certificate has expired')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://udk.com/ => https://udk.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.udk.com/ => https://udk.com/: (60, 'SSL certificate problem: certificate has expired')
+-->
+<ruleset name="Unreal Development Kit" default_off="failed ruleset test">
 	<target host="udk.com" />
 	<target host="www.udk.com" />
 	<rule from="^http://(?:www\.)?udk\.com/" to="https://udk.com/"/>
diff --git a/src/chrome/content/rules/UDN.xml b/src/chrome/content/rules/UDN.xml
new file mode 100644
index 000000000000..27a0ac556906
--- /dev/null
+++ b/src/chrome/content/rules/UDN.xml
@@ -0,0 +1,115 @@
+<!--
+	Service Unavailable:
+		debate.udn.com
+
+	Invalid certificate:
+		act.udn.com
+		album.udn.com
+		blog.udn.com
+		city.udn.com
+		edn.udn.com
+		expo.udn.com
+		func.udn.com
+		funddata.udn.com
+		gmg.udn.com
+		mag.udn.com
+		stock.udn.com
+		uevent.udn.com
+		ugood.udn.com
+		vote2016.udn.com
+
+		cir2b.udngroup.com
+		openup.udngroup.com
+
+		uts.udn.com.tw
+		www.udn.com.tw
+
+	Expired:
+		fund.udngroup.com
+
+	Redirects to http:
+		educoco.udn.com
+
+		www.udngroup.com
+		m.udngroup.com
+		edwstr.udngroup.com
+-->
+<ruleset name="UDN (partial)">
+	<target host="udn.com" />
+	<target host="www.udn.com" />
+		<exclusion pattern="^http://(www\.)?udn\.com/UDN/copyright\.htm" />
+		<test url="http://udn.com/UDN/copyright.htm" />
+		<test url="http://www.udn.com/UDN/copyright.htm" />
+	<target host="a.udn.com" />
+		<exclusion pattern="^http://a\.udn\.com/$" />
+		<test url="http://a.udn.com/focus/2016/12/25/26599/index.html" />
+	<target host="ad1.udn.com" />
+	<target host="ad2.udn.com" />
+	<target host="ad3.udn.com" />
+	<target host="ad4.udn.com" />
+	<target host="ad5.udn.com" />
+	<target host="autos.udn.com" />
+	<target host="cdn.udn.com" />
+	<target host="co.udn.com" />
+	<target host="event.udn.com" />
+		<test url="http://event.udn.com/index/index.html" />
+	<target host="fund.udn.com" />
+	<target host="global.udn.com" />
+	<target host="health.udn.com" />
+	<target host="house.udn.com" />
+		<test url="http://house.udn.com/house/story/5925/2203183" />
+	<target host="img.udn.com" />
+		<test url="http://img.udn.com/art/201308invoice/index3.html" />
+	<target host="m.udn.com" />
+	<target host="mdl1.udn.com" />
+	<target host="mdl2.udn.com" />
+	<target host="mdl3.udn.com" />
+	<target host="mdl4.udn.com" />
+	<target host="mdl5.udn.com" />
+	<target host="member.udn.com" />
+	<target host="mobile.udn.com" />
+	<target host="money.udn.com" />
+	<target host="nba.udn.com" />
+	<target host="novel.udn.com" />
+	<target host="oops.udn.com" />
+	<target host="opinion.udn.com" />
+	<target host="paper.udn.com" />
+	<target host="pv.udn.com" />
+		<test url="http://pv.udn.com/API/af2.php" />
+	<target host="reader.udn.com" />
+	<target host="reading.udn.com" />
+	<target host="rec.udn.com" />
+	<target host="rio2016.udn.com" />
+	<target host="shopping.udn.com" />
+	<target host="ssl1.udn.com" />
+	<target host="stars.udn.com" />
+	<target host="style.udn.com" />
+	<target host="theme.udn.com" />
+	<target host="tickets.udn.com" />
+	<target host="topic.udn.com" />
+	<target host="udntalks.udn.com" />
+	<target host="utravel.udn.com" />
+	<target host="video.udn.com" />
+	<target host="vision.udn.com" />
+
+	<target host="g.udn.com.tw" />
+		<test url="http://g.udn.com.tw/community/img/PSN_MAIN/%20f_yenlinhuang40_2.gif" />
+	<target host="j.udn.com.tw" />
+	<target host="m.udn.com.tw" />
+	<target host="p.udn.com.tw" />
+	<target host="pgw.udn.com.tw" />
+		<test url="http://pgw.udn.com.tw/gw/photo.php?u=https://uc.udn.com.tw/photo/2016/09/07/1/2574959.jpg" />
+	<target host="s.udn.com.tw" />
+		<test url="http://s.udn.com.tw/static/img/sprite.png" />
+	<target host="uc.udn.com.tw" />
+		<test url="http://uc.udn.com.tw/photo/2016/09/07/1/2574959.jpg" />
+
+	<target host="class.udngroup.com" />
+	<target host="eform.udngroup.com" />
+	<target host="ehrd.udngroup.com" />
+	<target host="eip.udngroup.com" />
+	<target host="mail.udngroup.com" />
+	<target host="newssmith.udngroup.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/UD_Media.de.xml b/src/chrome/content/rules/UD_Media.de.xml
index d7f64fd9b5ff..4370aec6db89 100644
--- a/src/chrome/content/rules/UD_Media.de.xml
+++ b/src/chrome/content/rules/UD_Media.de.xml
@@ -37,10 +37,10 @@
 	<rule from="^http://(www\.)?ud-?media\.de/"
 		to="https://$1udmedia.de/" />
 
-	<rule from="^http://hilfe\.udmedia\.de/[^?]*(?=\?.*)?"
+	<rule from="^http://hilfe\.udmedia\.de/[^?]*"
 		to="https://www.udmedia.de/faq/" />
 
-	<rule from="^http://livechat\.udmedia\.de/[^?]*(?=\?.*)?"
+	<rule from="^http://livechat\.udmedia\.de/[^?]*"
 		to="https://messenger.providesupport.com/messenger/udmedia.html" />
 
 	<!--	www redirects to ^ over http,
diff --git a/src/chrome/content/rules/UDimg.com.xml b/src/chrome/content/rules/UDimg.com.xml
new file mode 100644
index 000000000000..062f2cd51382
--- /dev/null
+++ b/src/chrome/content/rules/UDimg.com.xml
@@ -0,0 +1,16 @@
+<!--
+	For other Urban Dictionary coverage, see Urban-Dictionary.xml.
+
+-->
+<ruleset name="UDimg.com" default_off="mismatched">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="a.udimg.com" />
+	<target host="d.udimg.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/UESP.net.xml b/src/chrome/content/rules/UESP.net.xml
new file mode 100644
index 000000000000..42b820e873e4
--- /dev/null
+++ b/src/chrome/content/rules/UESP.net.xml
@@ -0,0 +1,62 @@
+<!--
+	Incomplete certificate chain:
+		- dumps
+		- esobuilds-static
+		- esofiles
+		- esoicons
+		- esolog-static
+		- files1
+		- images
+		- legends
+		- maps
+		- skins
+
+	403 over HTTPS:
+		- dungeonhack (HTTP redirects to dungeonhack.sourceforge.net, which does not support HTTPS)
+		- tamrielrebuilt
+-->
+<ruleset name="UESP.net">
+	<target host="uesp.net" />
+	<target host="www.uesp.net" />
+	<target host="beyondskyrim.uesp.net" />
+	<target host="blog.uesp.net" />
+	<target host="chat.uesp.net" />
+	<target host="content1.uesp.net" />
+	<target host="content2.uesp.net" />
+	<target host="content3.uesp.net" />
+	<target host="cs.uesp.net" />
+	<target host="dave.uesp.net" />
+	<target host="dbmap.uesp.net" />
+	<target host="en.uesp.net" />
+	<target host="eqwiki.uesp.net" />
+	<target host="esoapi.uesp.net" />
+	<target host="esobuilds.uesp.net" />
+	<target host="esochars.uesp.net" />
+	<target host="esoclock.uesp.net" />
+	<target host="esodata.uesp.net" />
+	<target host="esoitem.uesp.net" />
+	<target host="esolog.uesp.net" />
+	<target host="esomap.uesp.net" />
+	<target host="esosales.uesp.net" />
+	<target host="forum.uesp.net" />
+	<target host="forums.uesp.net" />
+	<target host="ftp.uesp.net" />
+	<target host="irc.uesp.net" />
+	<target host="m.uesp.net" />
+	<target host="content3.m.uesp.net" />
+	<target host="en.m.uesp.net" />
+	<target host="monitor.uesp.net" />
+	<target host="mwmap.uesp.net" />
+	<target host="obmap.uesp.net" />
+	<target host="ocp.uesp.net" />
+	<target host="pt.uesp.net" />
+	<target host="search.uesp.net" />
+	<target host="simap.uesp.net" />
+	<target host="squid1.uesp.net" />
+	<target host="srmap.uesp.net" />
+	<target host="ts.uesp.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/UFC_Fit.xml b/src/chrome/content/rules/UFC_Fit.xml
index 48791e3f3c2d..ae3cefa08701 100644
--- a/src/chrome/content/rules/UFC_Fit.xml
+++ b/src/chrome/content/rules/UFC_Fit.xml
@@ -1,13 +1,23 @@
-<ruleset name="UFC Fit">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ufcfit.com/ => https://ufcfit.com/: (60, 'SSL certificate problem: self signed certificate')
+Fetch error: http://launchpad.ufcfit.com/ => https://launchpad.ufcfit.com/: (60, 'SSL certificate problem: self signed certificate')
+Fetch error: http://www.ufcfit.com/ => https://www.ufcfit.com/: (28, 'Operation timed out after 0 milliseconds with 0 out of 0 bytes received')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://ufcfit.com/ => https://ufcfit.com/: (7, 'Failed to connect to ufcfit.com port 443: Connection refused')
+-->
+<ruleset name="UFC Fit" default_off="failed ruleset test">
 
 	<target host="ufcfit.com" />
-	<target host="*.ufcfit.com" />
+	<target host="launchpad.ufcfit.com" />
+	<target host="www.ufcfit.com" />
 
 
 	<securecookie host="^(?:launchpad|www)\.ufcfit\.com$" name=".+" />
 
 
-	<rule from="^http://(launchpad\.|www\.)?ufcfit\.com/"
-		to="https://$1ufcfit.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/UFies.org.xml b/src/chrome/content/rules/UFies.org.xml
index 8ef84987c7fa..ca49dd81eb1f 100644
--- a/src/chrome/content/rules/UFies.org.xml
+++ b/src/chrome/content/rules/UFies.org.xml
@@ -1,4 +1,6 @@
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ufies.org/ => https://ufies.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 	Problematic subdomains:
 
 		- mail	(shows www, valid cert)
@@ -28,4 +30,4 @@
 	<rule from="^http://mail\.ufies\.org/[^?]*(\?.*)?"
 		to="https://ufies.org/mail/$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/UHH-Informatik.xml b/src/chrome/content/rules/UHH-Informatik.xml
index 1dc2db69420e..c5939458b8bc 100644
--- a/src/chrome/content/rules/UHH-Informatik.xml
+++ b/src/chrome/content/rules/UHH-Informatik.xml
@@ -1,5 +1,69 @@
-<ruleset name="UHH_Informatik">
-  <target host="www.informatik.uni-hamburg.de"/>
-  <target host="informatik.uni-hamburg.de"/>
-  <rule from="^http://(?:www\.)?informatik\.uni-hamburg\.de/" to="https://www.informatik.uni-hamburg.de/"/>
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://surfmail.rrz.uni-hamburg.de/ => https://surfmail.rrz.uni-hamburg.de/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	Universitaet Hamburg
+
+	For rules causing false/broken MCB, see Uni-Hamburg.de-falsemixed.xml.
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.commsy.uni-hamburg.de
+		- www.cui.uni-hamburg.de
+		- www.inf.uni-hamburg.de
+		- lecture2go.uni-hamburg.de
+		- www.stine.uni-hamburg.de
+		- www.rrz.uni-hamburg.de
+
+
+	Mixed content:
+
+		- css on www.cui from $self *
+		- Images on www.cui from $self *
+		- Bug on www.cui, www.rrz from www.piwik.uni-hamburg.de *
+
+	* Secured by us
+
+-->
+<ruleset name="Uni-Hamburg.de" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.commsy.uni-hamburg.de" />
+	<!--target host="www.cui.uni-hamburg.de" /-->
+	<target host="www.inf.uni-hamburg.de" />
+
+	<target host="svs.informatik.uni-hamburg.de" />
+	<target host="webmail.informatik.uni-hamburg.de" />
+	<target host="www.informatik.uni-hamburg.de" />
+	<target host="www2.informatik.uni-hamburg.de" />
+
+	<target host="lecture2go.uni-hamburg.de" />
+	<target host="www.olat.uni-hamburg.de" />
+	<target host="www.piwik.uni-hamburg.de" />
+
+	<target host="surfmail.rrz.uni-hamburg.de" />
+	<target host="webmail.rrz.uni-hamburg.de" />
+	<target host="www.rrz.uni-hamburg.de" />
+
+	<target host="www.stine.uni-hamburg.de" />
+	<target host="www.uni-hamburg.de" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.commsy\.uni-hamburg\.de$" name="^(?:COMMSY-C|SID|db_pid)$" /-->
+	<!--securecookie host="^www\.cui\.uni-hamburg\.de$" name="^_icl_(?:current_language|visitor_lang)$" /-->
+	<!--securecookie host="^www\.(?:inf|rrz)\.uni-hamburg\.de$" name="^(?:_fionaapp_session|LIVE\d+)$" /-->
+	<!--securecookie host="^lecture2go\.uni-hamburg\.de$" name="^(?:COOKIE_SUPPORT|GUEST_LANGUAGE_ID|JSESSIONID)$" /-->
+	<!--securecookie host="^www\.stine\.uni-hamburg\.de$" name="^LIVE-C$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/UI-Portal.xml b/src/chrome/content/rules/UI-Portal.xml
index 26d210bb69a0..2394e645a75c 100644
--- a/src/chrome/content/rules/UI-Portal.xml
+++ b/src/chrome/content/rules/UI-Portal.xml
@@ -1,27 +1,34 @@
 <!--
 	For other United Internet coverage, see United-Internet.xml.
 
-
-	Nonfunctional subdomains:
-
-		- (www.)
-
-
-	Fully covered subdomains:
-
-		- img
-		- js
-		- logo
-		- wa
-		- us.wa
-
+	Invalid certificate:
+		ui-portal.de
+		www.ui-portal.de
+
+	Timeout:
+		contract.ui-portal.de
+		video[1-5].ui-portal.de
+		wa-qa.ui-portal.de
 -->
-<ruleset name="UI Portal (partial)">
-
-	<target host="*.ui-portal.de" />
-
-
-	<rule from="^http://(img|js|logo|wa|us\.wa)\.ui-portal\.de/"
-		to="https://$1.ui-portal.de/" />
+<ruleset name="UI-Portal.de (partial)">
+
+	<target host="captcha.ui-portal.de" />
+	<target host="event.ui-portal.de" />
+	<target host="img.ui-portal.de" />
+	<target host="js.ui-portal.de" />
+	<target host="logo.ui-portal.de" />
+	<target host="nct.ui-portal.de" />
+	<target host="rde.ui-portal.de" />
+	<target host="rde-gmx.ui-portal.de" />
+	<target host="rde-webde.ui-portal.de" />
+	<target host="search-mail-help-api.ui-portal.de" />
+	<target host="sentry-suche.ui-portal.de" />
+	<target host="suche-bs.ui-portal.de" />
+	<target host="suggestplugin.ui-portal.de" />
+	<target host="wa.ui-portal.de" />
+	<target host="px.wa.ui-portal.de" />
+	<target host="wa-pre.ui-portal.de" />
+
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/UIC.edu-falsemixed.xml b/src/chrome/content/rules/UIC.edu-falsemixed.xml
new file mode 100644
index 000000000000..ae6374ba2edf
--- /dev/null
+++ b/src/chrome/content/rules/UIC.edu-falsemixed.xml
@@ -0,0 +1,18 @@
+<!--
+	For rules not causing false/broken MCB, see University-Illinois-at-Chicago.xml.
+
+-->
+<ruleset name="UIC.edu (false MCB)" platform="mixedcontent">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="grad.uic.edu" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/UIC_Bookstore.org.xml b/src/chrome/content/rules/UIC_Bookstore.org.xml
new file mode 100644
index 000000000000..188a1bbeddb9
--- /dev/null
+++ b/src/chrome/content/rules/UIC_Bookstore.org.xml
@@ -0,0 +1,22 @@
+<!--
+	For other University of Illinois at Chicago coverage, see University-Illinois-at-Chicago.xml.
+
+-->
+<ruleset name="UIC Bookstore.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.uicbookstore.org" />
+
+	<!--	Complications:
+				-->
+	<target host="uicbookstore.org" />
+
+
+	<rule from="^http://uicbookstore\.org/"
+		to="https://www.uicbookstore.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/UIE.xml b/src/chrome/content/rules/UIE.xml
index 594dd2b27a10..557072f12dbb 100644
--- a/src/chrome/content/rules/UIE.xml
+++ b/src/chrome/content/rules/UIE.xml
@@ -2,7 +2,7 @@
   <target host="uie.com" />
   <target host="www.uie.com" />
 
-  <securecookie host="^(.+\.)?uie\.com$" name=".*"/>
+  <securecookie host=".+" name=".+" />
 
-  <rule from="^http://(?:www\.)?uie\.com/" to="https://www.uie.com/"/>
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/UIUC.edu.xml b/src/chrome/content/rules/UIUC.edu.xml
new file mode 100644
index 000000000000..b10eaca823e3
--- /dev/null
+++ b/src/chrome/content/rules/UIUC.edu.xml
@@ -0,0 +1,100 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://efas.cen.uiuc.edu/ => https://efas.cen.uiuc.edu/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://mail.scs.uiuc.edu/ => https://mail.scs.uiuc.edu/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://dps.uiuc.edu/ => https://dps.illinois.edu/: (51, "SSL: no alternative certificate subject name matches target host name 'police.illinois.edu'")
+Fetch error: http://www.dps.uiuc.edu/ => https://www.dps.illinois.edu/: (51, "SSL: no alternative certificate subject name matches target host name 'police.illinois.edu'")
+Fetch error: http://www.uiuc.edu/ => https://illinois.edu/: Too many redirects while fetching 'https://illinois.edu/'
+
+	For other University of Illinois at Urban-Champaign coverage, see University-of-Illinois-at-Urbana-Champaign.xml.
+
+
+	Nonfunctional hosts in *uiuc.edu:
+
+		- lists.cs
+		- (www.)?isl ¹
+		- syzygy.isl ¹
+		- www.library ²
+		- (www.)?ms-tech ³
+		- www.ospra ⁴
+
+	¹ Times out
+	² Refused
+	³ Shows another domain
+	⁴ Handshake fails
+
+
+	Problematic hosts in *uiuc.edu:
+
+		- (www.)?dps ¹
+		- www.ks ¹
+		- www.mechse ²
+		- www-s.mechse ³
+		- (www.)?union ¹
+		- www ¹
+
+	¹ Mismatched
+	² 404
+	³ Server sends no certificate chain, see https://whatsmychaincert.com
+
+
+	Mixed content:
+
+		- Images on www.igb from www.igb.illinois.edu *
+
+	* Secured by us
+
+-->
+<ruleset name="UIUC.edu (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.atmos.uiuc.edu" />
+	<target host="efas.cen.uiuc.edu" />
+	<target host="passwords.cites.uiuc.edu" />
+	<target host="wiki.cites.uiuc.edu" />
+	<target host="www.igb.uiuc.edu" />
+	<target host="www-s.ks.uiuc.edu" />
+	<!--target host="www-s.mechse.uiuc.edu" /-->
+	<target host="mail.scs.uiuc.edu" />
+
+	<!--	Complications:
+				-->
+	<target host="dps.uiuc.edu" />
+	<target host="www.dps.uiuc.edu" />
+	<target host="www.ks.uiuc.edu" />
+	<target host="www.mechse.uiuc.edu" />
+	<target host="union.uiuc.edu" />
+	<target host="www.union.uiuc.edu" />
+	<target host="www.uiuc.edu" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="\.www\.igb\.illinois\.edu$" name="^SESS[\da-f]{32}$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://(www\.)?(dps|union)\.uiuc\.edu/"
+		to="https://$1$2.illinois.edu/" />
+
+	<rule from="^http://www\.ks\.uiuc\.edu/"
+		to="https://www-s.ks.uiuc.edu/" />
+
+	<!--	Redirect keeps path and args,
+		but not forward slash:
+					-->
+	<rule from="^http://www\.mechse\.uiuc\.edu/+"
+		to="https://mechanical.illinois.edu/" />
+
+		<test url="http://www.mechse.uiuc.edu//home.php" />
+
+	<rule from="^http://www\.uiuc\.edu/"
+		to="https://illinois.edu/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/UI_CDN.com.xml b/src/chrome/content/rules/UI_CDN.com.xml
index e72f522c5135..14e8ba590fdf 100644
--- a/src/chrome/content/rules/UI_CDN.com.xml
+++ b/src/chrome/content/rules/UI_CDN.com.xml
@@ -6,26 +6,27 @@
 
 		- s.uicdn.com.edgesuite.net
 
-			- a1158.g.akamai.net
-
 
 	Problematic subdomains:
 
 		- s	(works, akamai)
 
-
-	Fully covered subdomains:
-
-		- s	(→ sec-s)
-		- sec-s
-
 -->
 <ruleset name="UI CDN.com">
 
-	<target host="*.uicdn.com" />
+	<!--	Direct rewrites:
+				-->
+	<target host="sec-s.uicdn.com" />
+
+	<!--	Complications:
+				-->
+	<target host="s.uicdn.com" />
 
 
-	<rule from="^http://(?:sec-)?s\.uicdn\.com/"
+	<rule from="^http://s\.uicdn\.com/"
 		to="https://sec-s.uicdn.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/UI_CDN.net.xml b/src/chrome/content/rules/UI_CDN.net.xml
index 8b70671506d4..f3da196f23f8 100644
--- a/src/chrome/content/rules/UI_CDN.net.xml
+++ b/src/chrome/content/rules/UI_CDN.net.xml
@@ -1,18 +1,28 @@
 <!--
 	For other United Internet coverage, see United-Internet.xml.
 
+	Non-functional hosts
+		Timeout was reached:
+			 - uicdn.net
 
-	Fully covered subdomains:
-
-		- s[1-8]
-
+		SSL peer certificate was not OK:
+			 - origin.g-ha.uicdn.net
 -->
 <ruleset name="UI CDN.net">
 
-	<target host="*.uicdn.net" />
+	<target host="ce1.uicdn.net" />
+	<target host="ce2.uicdn.net" />
+	<target host="ce3.uicdn.net" />
+	<target host="ce4.uicdn.net" />
+	<target host="cors.uicdn.net" />
+	<target host="cu1.uicdn.net" />
+	<target host="cu2.uicdn.net" />
+	<target host="cu3.uicdn.net" />
+	<target host="cu4.uicdn.net" />
+	<target host="var.uicdn.net" />
 
 
-	<rule from="^http://s([1-8])\.uicdn\.net/"
-		to="https://s$1.uicdn.net/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/UIllinois.edu.xml b/src/chrome/content/rules/UIllinois.edu.xml
new file mode 100644
index 000000000000..8f5cd188f58a
--- /dev/null
+++ b/src/chrome/content/rules/UIllinois.edu.xml
@@ -0,0 +1,171 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://rectpweb.admin.uillinois.edu/ => https://rectpweb.admin.uillinois.edu/: (6, 'Could not resolve host: rectpweb.admin.uillinois.edu')
+Non-2xx HTTP code: http://uofi.uillinois.edu/ (200) => https://uofi.uillinois.edu/ (403)
+
+	For rules causing false/broken MCB, see UIllinois.edu-falsemixed.xml.
+
+
+	Nonfunctional hosts in *uillinois.edu:
+
+		- eastemp.admin ¹
+		- (www.)?bot ²
+		- (www.)?cfo ²
+		- www.legal ²
+		- ogr ¹
+		- (www.)?online ³
+		- www.press ¹
+		- ai.uif ⁴
+		- www.usc ²
+		- (www.)?vpaa ³
+		- www.vpha ³
+		- www.vpr ³
+
+	¹ Refused
+	² Plaintext reply
+	³ Shows another domain
+	⁴ Dropped
+
+
+	Problematic hosts in *uillinois.edu:
+
+		- ^ ¹
+		- conferences ¹
+		- eddie.ds *
+		- www.icac ²
+		- research ³
+
+	¹ 404
+	* Mixed css
+	² Mismatched
+	³ Expired, self-signed
+
+
+	These altnames don't exist:
+
+		- www.icard.uillinois.edu
+		- www.icardnet.uillinois.edu
+		- pb.uillinois.edu
+		- www.web.uillinois.edu
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- ossswebcs.admin.uillinois.edu
+		- www.aits.uillinois.edu
+		- hospital.uillinois.edu
+		- uajobs.hr.uillinois.edu
+		- www.hr.uillinois.edu
+		- .obfs.uillinois.edu
+		- status.uillinois.edu
+		- jobs.uif.uillinois.edu
+
+
+	Mixed content:
+
+		- css on eddie.cs from chidsweb1.admin.uillinois.edu *
+
+		- Images, on:
+
+			- www.icac from illinois.edu
+			- jobs.uif from uat.illinois.hiretouch.com
+			- jobs.uif from uifstaging.hiretouch.com
+			- jobs.uif from uifuat.hiretouch.com
+			- www.uif from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="UIllinois.edu (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="appserv6.admin.uillinois.edu" />
+	<target host="appserv7.admin.uillinois.edu" />
+	<target host="chidsweb1.admin.uillinois.edu" />
+	<target host="collaborate.admin.uillinois.edu" />
+	<target host="eas.admin.uillinois.edu" />
+	<target host="ossswebcs.admin.uillinois.edu" />
+	<target host="rectpweb.admin.uillinois.edu" />
+	<target host="webprod.admin.uillinois.edu" />
+
+	<target host="aits.uillinois.edu" />
+	<target host="www.aits.uillinois.edu" />
+	<target host="answers.uillinois.edu" />
+	<target host="apps.uillinois.edu" />
+	<target host="audits.uillinois.edu" />
+	<target host="www.audits.uillinois.edu" />
+	<target host="auth.uillinois.edu" />
+	<target host="box-signup.uillinois.edu" />
+	<target host="www.conferences.uillinois.edu" />
+	<!--target host="eddie.ds.uillinois.edu" /-->
+	<target host="ethics.uillinois.edu" />
+	<target host="www.ethics.uillinois.edu" />
+	<target host="hospital.uillinois.edu" />
+	<target host="hr.uillinois.edu" />
+	<target host="uajobs.hr.uillinois.edu" />
+	<target host="www.hr.uillinois.edu" />
+	<target host="apps.icard.uillinois.edu" />
+	<target host="www.icard.uillinois.edu" />
+	<target host="www.icardnet.uillinois.edu" />
+	<target host="identity.uillinois.edu" />
+	<target host="intranet.uillinois.edu" />
+	<target host="www.ipay.uillinois.edu" />
+	<target host="itpc.uillinois.edu" />
+	<target host="www.itpc.uillinois.edu" />
+	<target host="myresearch.uillinois.edu" />
+	<target host="obfs.uillinois.edu" />
+
+	<target host="apps.obfs.uillinois.edu" />
+	<target host="training.obfs.uillinois.edu" />
+	<target host="www.obfs.uillinois.edu" />
+
+	<target host="www.ogr.uillinois.edu" />
+	<target host="paymybill.uillinois.edu" />
+	<target host="www.pb.uillinois.edu" />
+	<target host="www.source.uillinois.edu" />
+	<target host="ssn.uillinois.edu" />
+	<target host="www.ssn.uillinois.edu" />
+	<target host="status.uillinois.edu" />
+	<target host="studentmoney.uillinois.edu" />
+	<target host="www.studentmoney.uillinois.edu" />
+	<target host="treasury.uillinois.edu" />
+	<target host="www.treasury.uillinois.edu" />
+	<target host="jobs.uif.uillinois.edu" />
+	<target host="www.uif.uillinois.edu" />
+	<target host="nessie.uihr.uillinois.edu" />
+	<target host="uocpres.uillinois.edu" />
+	<target host="www.uocpres.uillinois.edu" />
+	<target host="uofi.uillinois.edu" />
+	<target host="usfsco.uillinois.edu" />
+	<target host="www.usfsco.uillinois.edu" />
+	<target host="web.uillinois.edu" />
+	<target host="www.uillinois.edu" />
+
+	<!--	Complications:
+				-->
+	<target host="uillinois.edu" />
+	<target host="conferences.uillinois.edu" />
+	<target host="ogr.uillinois.edu" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^ossswebcs\.admin\.uillinois\.edu$" name="^ASPSESSIONID[A-Z]{8}$" /-->
+	<!--securecookie host="^www\.(?:aits|hr)\.uillinois\.edu$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^hospital\.uillinois\.edu$" name="^BIGipServer" /-->
+	<!--securecookie host="^uajobs\.(?:hr|uif)\.uillinois\.edu$" name="^PUBLIC_HIRETOUCH_PUBLIC_[A-Z]+_SESSIONTOKEN$" /-->
+	<!--securecookie host="^\.obfs\.uillinois\.edu$" name="^(?:CFID|CFTOKEN)$" /-->
+	<!--securecookie host="^status\.uillinois\.edu$" name="^JSESSIONID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://(conferences\.|ogr\.)?uillinois\.edu/"
+		to="https://www.$1uillinois.edu/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/UImserv.net.xml b/src/chrome/content/rules/UImserv.net.xml
index a07ca32e3d29..82d43aeb1f3b 100644
--- a/src/chrome/content/rules/UImserv.net.xml
+++ b/src/chrome/content/rules/UImserv.net.xml
@@ -16,15 +16,18 @@
 -->
 <ruleset name="UImserv.net">
 
-	<target host="*.uimserv.net" />
+	<target host="adclient.uimserv.net" />
+	<target host="adimg.uimserv.net" />
+	<target host="advideo.uimserv.net" />
+	<target host="pixelbox.uimserv.net" />
+	<target host="r.uimserv.net" />
+	<target host="uidbox.uimserv.net" />
+	<target host="uir.uimserv.net" />
 
 
 	<!--	name="^(fc1|UserID1)$"
 					-->
-	<securecookie host="^\.uimserv\.net$" name=".+" />
 
-
-	<rule from="^http://(adclient|adimg|advideo|pixelbox|r|uidbox|uir|logout\.webde)\.uimserv\.net/"
-		to="https://$1.uimserv.net/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/UK-2.xml b/src/chrome/content/rules/UK-2.xml
index f45f60392a66..6047347646f3 100644
--- a/src/chrome/content/rules/UK-2.xml
+++ b/src/chrome/content/rules/UK-2.xml
@@ -1,4 +1,12 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://uk2img.net/ => https://uk2img.net/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.uk2img.net/ => https://www.uk2img.net/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://uk2img.net/ => https://uk2img.net/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.uk2img.net/ => https://www.uk2img.net/: (60, 'SSL certificate problem: certificate has expired')
 	Nonfunctional domains:
 
 		- (www.)moreuk2.net	(http reply)
@@ -27,10 +35,17 @@
 		- (www.)uk2img.net
 
 -->
-<ruleset name="UK-2 (partial)">
+<ruleset name="UK-2 (partial)" default_off="failed ruleset test">
 
 	<target host="uk2.net" />
-	<target host="*.uk2.net" />
+	<target host="controlpanel.uk2.net" />
+	<target host="static.controlpanel.uk2.net" />
+	<target host="kb.uk2.net" />
+	<target host="support.uk2.net" />
+	<target host="www.uk2.net" />
+	<target host="blog.uk2.net" />
+	<target host="mail.uk2.net" />
+	<target host="www.mail.uk2.net" />
 	<target host="uk2img.net" />
 	<target host="www.uk2img.net" />
 
@@ -39,8 +54,6 @@
 	<securecookie host="^(?:mail|support)\.uk2\.net$" name=".+" />
 
 
-	<rule from="^http://((?:(?:static\.)?controlpanel|kb|support|www)\.)?uk2\.net/"
-		to="https://$1uk2.net/" />
 
 	<rule from="^http://blog\.uk2\.net/"
 		to="https://www.uk2.net/blog/" />
@@ -48,7 +61,6 @@
 	<rule from="^http://(?:www\.)?mail\.uk2\.net/"
 		to="https://mail.uk2.net/" />
 
-	<rule from="^http://(www\.)?uk2img\.net/"
-		to="https://$1uk2img.net/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/UK-Access-Management-Federation.xml b/src/chrome/content/rules/UK-Access-Management-Federation.xml
index 3121c20964fc..e3b698ace287 100644
--- a/src/chrome/content/rules/UK-Access-Management-Federation.xml
+++ b/src/chrome/content/rules/UK-Access-Management-Federation.xml
@@ -3,10 +3,9 @@
 	<target host="wayf.ukfederation.org.uk" />
 
 
-	<securecookie host="^wayf\.ukfederation\.org\.uk$" name=".*" />
+	<securecookie host="^wayf\.ukfederation\.org\.uk$" name=".+" />
 
 
-	<rule from="^http://wayf\.ukfederation\.org\.uk/"
-		to="https://wayf.ukfederation.org.uk/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/UK-Department-for-Business-Innovation-and-Skills.xml b/src/chrome/content/rules/UK-Department-for-Business-Innovation-and-Skills.xml
index 31eb3349bdea..0c911daae9c3 100644
--- a/src/chrome/content/rules/UK-Department-for-Business-Innovation-and-Skills.xml
+++ b/src/chrome/content/rules/UK-Department-for-Business-Innovation-and-Skills.xml
@@ -1,25 +1,115 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://edrs.sfa.bis.gov.uk/ => https://edrs.sfa.bis.gov.uk/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.edrs.sfa.bis.gov.uk/ => https://edrs.sfa.bis.gov.uk/: (60, 'SSL certificate problem: certificate has expired')
+
+	UK Department for Business, Innovation & Skills
+
+	For rules causing false/broken MCB, see bis.gov.uk-falsemixed.xml.
+
 	For other UK government coverage, see GOV.UK.xml.
 
 
-	Nonfunctional subdomains:
+	CDN buckets:
+
+		- sfa-pd-waf.westeurope.cloudapp.azure.com
+
+
+	Problematic hosts in *bis.gov.uk:
+
+		- (www.)? ᵐ
+		- www.edrs.sfa ᵐ
+		- feconnect.sfa ˣ
+		- (www.)?skillsfundingagency ᵐ
+
+	ᵐ Mismatched
+	ˣ Mixed css, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- edrs.sfa.bis.gov.uk
+		- feconnect.sfa.bis.gov.uk
+		- gateway.sfa.bis.gov.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
 
-		- skillsfundingagency	(401, mismatched, CN: www.lsc.gov.uk)
+	Mixed content:
 
+		- css on feconnect.sfa from $self ˢ
 
-	Problematic subdomains:
+		- Images, on:
 
-		- (www.)		(works; mismatched, CN: cms.bis.gov.uk)
+			- feconnect.sfa from $self ˢ
+			- feconnect.sfa from sfa-pd-waf.westeurope.cloudapp.azure.com
+
+		- Bugs on feconnect.sfa from css.rating-widget.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="UK Department for Business, Innovation &amp; Skills" default_off="expired">
+<ruleset name="BIS.gov.uk (partial)" default_off="failed ruleset test">
 
+	<!--	Direct rewrites:
+				-->
+	<target host="edrs.sfa.bis.gov.uk" />
+	<!--target host="feconnect.sfa.bis.gov.uk" /-->
+	<target host="gateway.sfa.bis.gov.uk" />
+
+	<!--	Complications:
+				-->
 	<target host="bis.gov.uk" />
-	<target host="*.bis.gov.uk" />
+	<target host="www.edrs.sfa.bis.gov.uk" />
+	<target host="skillsfundingagency.bis.gov.uk" />
+	<target host="www.skillsfundingagency.bis.gov.uk" />
+	<target host="www.bis.gov.uk" />
+
+		<!--	\w$ does not redirect:
+						-->
+		<exclusion pattern="^http://(?:www\.)?(?:skillsfundingagency\.)?bis\.gov\.uk/(?!/*(?:$|\?))" />
+
+			<!--	For negative cases see below respective rules.
+
+				+ve:
+					-->
+			<test url="http://bis.gov.uk/default.aspx" />
+			<test url="http://bis.gov.uk/favicon.ico" />
+			<test url="http://bis.gov.uk/index.htm" />
+			<test url="http://www.bis.gov.uk/index.html" />
+			<test url="http://www.bis.gov.uk/index.jsp" />
+			<test url="http://www.bis.gov.uk/index.php" />
+			<test url="http://www.bis.gov.uk/index.xml" />
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:edrs|gateway)\.sfa\.bis\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^feconnect\.sfa\.bis\.gov\.uk$" name="^(?:BNES_)?wfvt_\d+$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<!--	Redirect drops args and forward slash:
+							-->
+	<rule from="^http://(?:www\.)?bis\.gov\.uk/.*"
+		to="https://www.gov.uk/government/organisations/department-for-business-innovation-skills" />
+
+		<test url="http://bis.gov.uk/" />
+		<test url="http://www.bis.gov.uk/" />
+
+	<!--	Redirect drops args and forward slash:
+							-->
+	<rule from="^http://(?:www\.)?skillsfundingagency\.bis\.gov\.uk/.*"
+		to="https://www.gov.uk/government/organisations/skills-funding-agency" />
+
+		<test url="http://skillsfundingagency.bis.gov.uk/" />
+		<test url="http://www.skillsfundingagency.bis.gov.uk/" />
 
+	<rule from="^http://www\.edrs\.sfa\.bis\.gov\.uk/"
+		to="https://edrs.sfa.bis.gov.uk/" />
 
-	<!--	Cert doesn't match !www.	-->
-	<rule from="^http://(?:www\.)?bis\.gov\.uk/"
-		to="https://www.bis.gov.uk/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/UK-Free-Software-Network.xml b/src/chrome/content/rules/UK-Free-Software-Network.xml
index 3a79d818ea9d..5c2fd2ca4f4d 100644
--- a/src/chrome/content/rules/UK-Free-Software-Network.xml
+++ b/src/chrome/content/rules/UK-Free-Software-Network.xml
@@ -1,11 +1,21 @@
-<ruleset name="UK Free Software Network (partial)">
 
-	<target host="ukfsn.org"/>
-	<target host="*.ukfsn.org"/>
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ukfsn.org/ => https://ukfsn.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://manage.ukfsn.org/ => https://manage.ukfsn.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.ukfsn.org/ => https://www.ukfsn.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 
-	<securecookie host=".*\.ukfsn\.org$" name=".*"/>
+Disabled by https-everywhere-checker because:
+Fetch error: http://ukfsn.org/ => https://ukfsn.org/: (28, 'Connection timed out after 10001 milliseconds')
+-->
+<ruleset name="UK Free Software Network (partial)" default_off="failed ruleset test">
 
-	<rule from="^http://(manage\.|www\.)?ukfsn\.org/"
-		to="https://$1ukfsn.org/"/>
+	<target host="ukfsn.org" />
+	<target host="manage.ukfsn.org" />
+	<target host="www.ukfsn.org" />
+
+	<securecookie host=".*\.ukfsn\.org$" name=".+" />
+
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/UK-Information-Commissioners-Office.xml b/src/chrome/content/rules/UK-Information-Commissioners-Office.xml
deleted file mode 100644
index 62564860b80b..000000000000
--- a/src/chrome/content/rules/UK-Information-Commissioners-Office.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	For other UK government coverage, see GOV.UK.xml.
-
--->
-<ruleset name="UK Information Commissioner's Office (partial)">
-
-	<target host="ico.gov.uk"/>
-	<target host="www.ico.gov.uk"/>
-
-	<!--	Cert isn't valid for !www	-->
-	<rule from="^http://ico\.gov\.uk/"
-		to="https://www.ico.gov.uk/"/>
-
-	<!--	Pages redirect to http.		-->
-	<rule from="^http://www\.ico\.gov\.uk/(favicon.ico|(\w+/)?\w+/~/|upload/)"
-		to="https://www.ico.gov.uk/$1"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/UKFast.co.uk.xml b/src/chrome/content/rules/UKFast.co.uk.xml
index fb643983d02b..240add616e67 100644
--- a/src/chrome/content/rules/UKFast.co.uk.xml
+++ b/src/chrome/content/rules/UKFast.co.uk.xml
@@ -1,45 +1,85 @@
 <!--
-	Nonfunctional subdomains:
+	Nonfunctional hosts in *ukfast.co.uk:
 
-		- pdf	(redirects to www; mismatched, CN: www.ukfast.co.uk)
+		- blog *
+		- mirrors ʳ
+		- pdf **
 
+	* Differs from http
+	** Redirects to www.pdf.ukfast.co.uk
+	ʳ Refused
 
-	Problematic subdomains:
 
-		- images	(redirects to www; self-signed, CN: 80.244.177.63.srvlist.ukfast.net)
-		- my2		(expired 2011-06-26, mismatched, CN: my.ukfast.co.uk)
+	Problematic hosts in *ukfast.co.uk:
 
+		- srvlist-24-146-108-109.static ᵉ ᵐ
 
-	Partially covered subdomains:
+	ᵉ Expired
+	ᵐ Mismatched
 
-		- (www.)	(some pages redirect to http)
 
+	Insecure cookies are set for these domains and hosts: ᶜ
 
+		- ukfast.co.uk
+		- .ukfast.co.uk
+		- www.ukfast.co.uk
 
-	Fully covered subdomains:
+	ᶜ See https://owasp.org/index.php/SecureFlag
 
-		- images	(→ www)
-		- my
-		- my2		(→ my)
-
--->
-<ruleset name="UKFast.co.uk (partial)">
-
-	<target host="ukfast.co.uk" />
-	<target host="*.ukfast.co.uk" />
-		<exclusion pattern="^http://www\.ukfast\.co\.uk/(?!favicon\.ico|images/|myukfast\.html|scripts/|stylesheets/)" />
 
+	Mixed content:
 
-	<securecookie host="^(?:my\.)?ukfast\.co\.uk$" name=".+" />
+		- Images on www from $self ˢ
 
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
-	<rule from="^http://(www\.)?ukfast\.co\.uk/"
-		to="https://$1ukfast.co.uk/" />
-
-	<rule from="^http://images\.ukfast\.co\.uk/"
-		to="https://www.ukfast.co.uk/images/" />
-
-	<rule from="^http://my2?\.ukfast\.co\.uk/"
-		to="https://my.ukfast.co.uk/" />
+-->
+<ruleset name="UKFast.co.uk (partial)">
 
-</ruleset>
\ No newline at end of file
+	<target host="ukfast.co.uk" />
+	<target host="images.ukfast.co.uk" />
+	<target host="my.ukfast.co.uk" />
+	<target host="my2.ukfast.co.uk" />
+	<target host="www.ukfast.co.uk" />
+
+		<!--	Redirects to http:
+						-->
+		<exclusion pattern="^http://(?:www\.)?ukfast\.co\.uk/blog/" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.ukfast.co.uk/blog/" />
+			<test url="http://www.ukfast.co.uk/blog/page/2/" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.ukfast.co.uk/about.html" />
+			<test url="http://www.ukfast.co.uk/blog/wp-content/plugins/jetpack/css/jetpack.css" />
+			<test url="http://www.ukfast.co.uk/careers.html" />
+			<test url="http://www.ukfast.co.uk/cloud-hosting.html" />
+			<test url="http://www.ukfast.co.uk/cloud-success-stories.html" />
+			<test url="http://www.ukfast.co.uk/colocation-data-centres-manchester.html" />
+			<test url="http://www.ukfast.co.uk/contact.html" />
+			<test url="http://www.ukfast.co.uk/images/icons/info.gif" />
+			<test url="http://www.ukfast.co.uk/managed-dedicated-servers.html" />
+			<test url="http://www.ukfast.co.uk/partner-programme.html" />
+			<test url="http://www.ukfast.co.uk/public-sector-case-studies.html" />
+			<test url="http://www.ukfast.co.uk/public-sector.html" />
+			<test url="http://www.ukfast.co.uk/request-a-server-quote.html" />
+			<test url="http://www.ukfast.co.uk/stylesheets/module_clientarea_login_whois.css" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^ukfast\.co\.uk$" name="^SERVERID$" /-->
+	<!--securecookie host="^\.ukfast\.co\.uk$" name="^marketing_campaign$" /-->
+	<!--securecookie host="^www\.ukfast\.co\.uk$" name="^(?:PHPSESSID|SERVERID)$" /-->
+
+	<securecookie host="^\." name="^(?:_gat?$|_gat_|marketing_campaign$)" />
+	<securecookie host="^[^.uw]" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/UKFur.xml b/src/chrome/content/rules/UKFur.xml
index 04cda32a64a3..dd8971846c0d 100644
--- a/src/chrome/content/rules/UKFur.xml
+++ b/src/chrome/content/rules/UKFur.xml
@@ -3,5 +3,5 @@
 
   <securecookie host="^forum\.ukfur\.org$" name=".+" />
 
-  <rule from="^http://forum\.ukfur\.org/" to="https://forum.ukfur.org/" />
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/UKLocalGovernment.xml b/src/chrome/content/rules/UKLocalGovernment.xml
index 7c3584eedee5..4a49fa59ccd5 100644
--- a/src/chrome/content/rules/UKLocalGovernment.xml
+++ b/src/chrome/content/rules/UKLocalGovernment.xml
@@ -1,160 +1,65 @@
-<ruleset name="UK Local Government" platform="mixedcontent">
-  <!--
-    These are rules for local government in the UK.
-    Council websites are foo.gov.uk domains.
-    Often there are additional subdomains, for specific departments / apps
-      eg: planning.southend.gov.uk, essexlibraries.essexcc.gov.uk
-    There's no exhaustive list of subdomains, but local councils are listed at:
-      http://www.direct.gov.uk/en/Dl1/Directories/Localcouncils/DG_4003594
-  -->
+<!--
+	NB: p://lgaevents.../$ redirects to
+	s: 403 ?=> fetch check failure
+
+	Local Government Association
+
+
+	There's no exhaustive list of subdomains, but local councils are listed at:
+	http://www.direct.gov.uk/en/Dl1/Directories/Localcouncils/DG_4003594
+
+
+	Nonfunctional hosts in *local.gov.uk:
+
+		- (www.)? ᵈ
+		- 100days ᵖ
+		- clip ʳ
+		- jobs ᵃ
+		- lgaconservatives ᵈ
+		- www.lgaindependent ᵈ
+		- lgalabour ᵈ
+
+	³ 403
+	ᵃ Shows another domain
+	ᵈ Dropped
+	ʳ Refused
 
-  <!-- special and unusual cases go at the top to avoid the catch-all rule below -->
-
-  <target host="www.hinckleyandbosworthonline.org.uk"/><target host="hinckleyandbosworthonline.org.uk"/>
-  <target host="www.hinckley-bosworth.gov.uk"/><target host="hinckley-bosworth.gov.uk"/>
-  <rule from="^http://(?:www\.)?(?:hinckleyandbosworthonline\.org\.uk|hinckley\-bosworth\.gov\.uk)/" to="https://www.hinckley-bosworth.gov.uk/"/>
-
-  <target host="apps.southend.gov.uk"/>
-  <rule from="^http://apps\.southend\.gov\.uk/" to="https://apps.southend.gov.uk/"/>
-
-  <!-- a small number require redirect to secure.example.gov.uk -->
-
-  <target host="broadland.gov.uk"/><target host="www.broadland.gov.uk"/>
-  <target host="manchester.gov.uk"/><target host="www.manchester.gov.uk"/>
-  <target host="monmouthshire.gov.uk"/><target host="www.monmouthshire.gov.uk"/>
-  <target host="northwarks.gov.uk"/><target host="www.northwarks.gov.uk"/>
-  <rule
-    from="^http://(?:www\.)?(broadland\.gov\.uk|kettering\.gov\.uk|manchester\.gov\.uk|monmouthshire\.gov\.uk|northwarks\.gov\.uk)/"
-    to="https://secure.$1/"/>
-
-  <!-- all the remainder use www.example.gov.uk as http and https -->
-
-  <target host="aberdeencity.gov.uk"/><target host="www.aberdeencity.gov.uk"/>
-  <target host="aberdeenshire.gov.uk"/><target host="www.aberdeenshire.gov.uk"/>
-  <target host="angus.gov.uk"/><target host="www.angus.gov.uk"/>
-  <target host="bassetlaw.gov.uk"/><target host="www.bassetlaw.gov.uk"/>
-  <target host="bathnes.gov.uk"/><target host="www.bathnes.gov.uk"/>
-  <target host="blackpool.gov.uk"/><target host="www.blackpool.gov.uk"/>
-  <target host="bournemouth.gov.uk"/><target host="www.bournemouth.gov.uk"/>
-  <target host="bradford.gov.uk"/><target host="www.bradford.gov.uk"/>
-  <target host="braintree.gov.uk"/><target host="www.braintree.gov.uk"/>
-  <target host="brent.gov.uk"/><target host="www.brent.gov.uk"/>
-  <target host="burnley.gov.uk"/><target host="www.burnley.gov.uk"/>
-  <target host="calderdale.gov.uk"/><target host="www.calderdale.gov.uk"/>
-  <target host="camden.gov.uk"/><target host="www.camden.gov.uk"/>
-  <target host="canterbury.gov.uk"/><target host="www.canterbury.gov.uk"/>
-  <target host="ceredigion.gov.uk"/><target host="www.ceredigion.gov.uk"/>
-  <target host="charnwood.gov.uk"/><target host="www.charnwood.gov.uk"/>
-  <target host="cherwell.gov.uk"/><target host="www.cherwell.gov.uk"/>
-  <target host="cheshireeast.gov.uk"/><target host="www.cheshireeast.gov.uk"/>
-  <target host="cityoflondon.gov.uk"/><target host="www.cityoflondon.gov.uk"/>
-  <target host="derby.gov.uk"/><target host="www.derby.gov.uk"/>
-  <target host="devon.gov.uk"/><target host="www.devon.gov.uk"/>
-  <target host="doncaster.gov.uk"/><target host="www.doncaster.gov.uk"/>
-  <target host="dover.gov.uk"/><target host="www.dover.gov.uk"/>
-  <target host="dudley.gov.uk"/><target host="www.dudley.gov.uk"/>
-  <target host="dundeecity.gov.uk"/><target host="www.dundeecity.gov.uk"/>
-  <target host="easthants.gov.uk"/><target host="www.easthants.gov.uk"/>
-  <target host="eastlothian.gov.uk"/><target host="www.eastlothian.gov.uk"/>
-  <target host="east-northamptonshire.gov.uk"/><target host="www.east-northamptonshire.gov.uk"/>
-  <target host="eastriding.gov.uk"/><target host="www.eastriding.gov.uk"/>
-  <target host="edinburgh.gov.uk"/><target host="www.edinburgh.gov.uk"/>
-  <target host="elmbridge.gov.uk"/><target host="www.elmbridge.gov.uk"/>
-  <target host="enfield.gov.uk"/><target host="www.enfield.gov.uk"/>
-  <target host="essex.gov.uk"/><target host="www.essex.gov.uk"/>
-  <target host="falkirk.gov.uk"/><target host="www.falkirk.gov.uk"/>
-  <target host="fareham.gov.uk"/><target host="www.fareham.gov.uk"/>
-  <target host="fenland.gov.uk"/><target host="www.fenland.gov.uk"/>
-  <target host="fifedirect.org.uk"/><target host="www.fifedirect.org.uk"/>
-  <target host="fylde.gov.uk"/><target host="www.fylde.gov.uk"/>
-  <target host="gateshead.gov.uk"/><target host="www.gateshead.gov.uk"/>
-  <target host="glasgow.gov.uk"/><target host="www.glasgow.gov.uk"/>
-  <target host="gloucestershire.gov.uk"/><target host="www.gloucestershire.gov.uk"/>
-  <target host="hackney.gov.uk"/><target host="www.hackney.gov.uk"/>
-  <target host="hants.gov.uk"/><target host="www.hants.gov.uk"/>
-  <target host="hastings.gov.uk"/><target host="www.hastings.gov.uk"/>
-  <target host="herefordshire.gov.uk"/><target host="www.herefordshire.gov.uk"/>
-  <target host="hertsdirect.org"/><target host="www.hertsdirect.org"/>
-  <target host="hillingdon.gov.uk"/><target host="www.hillingdon.gov.uk"/>
-  <target host="ipswich.gov.uk"/><target host="www.ipswich.gov.uk"/>
-  <target host="islington.gov.uk"/><target host="www.islington.gov.uk"/>
-  <target host="iwight.com"/><target host="www.iwight.com"/>
-  <target host="kent.gov.uk"/><target host="www.kent.gov.uk"/>
-  <target host="kettering.gov.uk"/><target host="www.kettering.gov.uk"/>
-  <target host="kirklees.gov.uk"/><target host="www.kirklees.gov.uk"/>
-  <target host="lbhf.gov.uk"/><target host="www.lbhf.gov.uk"/>
-  <target host="leicestershire.gov.uk"/><target host="www.leicestershire.gov.uk"/>
-  <target host="lincolnshire.gov.uk"/><target host="www.lincolnshire.gov.uk"/>
-  <target host="london.gov.uk"/><target host="www.london.gov.uk"/>
-  <target host="maidstone.gov.uk"/><target host="www.maidstone.gov.uk"/>
-  <target host="merton.gov.uk"/><target host="www.merton.gov.uk"/>
-  <target host="midlothian.gov.uk"/><target host="www.midlothian.gov.uk"/>
-  <target host="miltonkeynes.gov.uk"/><target host="www.miltonkeynes.gov.uk"/>
-  <target host="newcastle.gov.uk"/><target host="www.newcastle.gov.uk"/>
-  <target host="n-kesteven.gov.uk"/><target host="www.n-kesteven.gov.uk"/>
-  <target host="north-herts.gov.uk"/><target host="www.north-herts.gov.uk"/>
-  <target host="northnorfolk.org"/><target host="www.northnorfolk.org"/>
-  <target host="nottinghamshire.gov.uk"/><target host="www.nottinghamshire.gov.uk"/>
-  <target host="n-somerset.gov.uk"/><target host="www.n-somerset.gov.uk"/>
-  <target host="pendle.gov.uk"/><target host="www.pendle.gov.uk"/>
-  <target host="peterborough.gov.uk"/><target host="www.peterborough.gov.uk"/>
-  <target host="redbridge.gov.uk"/><target host="www.redbridge.gov.uk"/>
-  <target host="ribblevalley.gov.uk"/><target host="www.ribblevalley.gov.uk"/>
-  <target host="richmondshire.gov.uk"/><target host="www.richmondshire.gov.uk"/>
-  <target host="rochford.gov.uk"/><target host="www.rochford.gov.uk"/>
-  <target host="rossendale.gov.uk"/><target host="www.rossendale.gov.uk"/>
-  <target host="rother.gov.uk"/><target host="www.rother.gov.uk"/>
-  <target host="rotherham.gov.uk"/><target host="www.rotherham.gov.uk"/>
-  <target host="rugby.gov.uk"/><target host="www.rugby.gov.uk"/>
-  <target host="ryedale.gov.uk"/><target host="www.ryedale.gov.uk"/>
-  <target host="scotborders.gov.uk"/><target host="www.scotborders.gov.uk"/>
-  <target host="sevenoaks.gov.uk"/><target host="www.sevenoaks.gov.uk"/>
-  <target host="sheffield.gov.uk"/><target host="www.sheffield.gov.uk"/>
-  <target host="slough.gov.uk"/><target host="www.slough.gov.uk"/>
-  <target host="solihull.gov.uk"/><target host="www.solihull.gov.uk"/>
-  <target host="somerset.gov.uk"/><target host="www.somerset.gov.uk"/>
-  <target host="southampton.gov.uk"/><target host="www.southampton.gov.uk"/>
-  <target host="southend.gov.uk"/><target host="www.southend.gov.uk"/>
-  <target host="southglos.gov.uk"/><target host="www.southglos.gov.uk"/>
-  <target host="southlanarkshire.gov.uk"/><target host="www.southlanarkshire.gov.uk"/>
-  <target host="southwark.gov.uk"/><target host="www.southwark.gov.uk"/>
-  <target host="staffordshire.gov.uk"/><target host="www.staffordshire.gov.uk"/>
-  <target host="staffsmoorlands.gov.uk"/><target host="www.staffsmoorlands.gov.uk"/>
-  <target host="stirling.gov.uk"/><target host="www.stirling.gov.uk"/>
-  <target host="tandridge.gov.uk"/><target host="www.tandridge.gov.uk"/>
-  <target host="tauntondeane.gov.uk"/><target host="www.tauntondeane.gov.uk"/>
-  <target host="threerivers.gov.uk"/><target host="www.threerivers.gov.uk"/>
-  <target host="tmbc.gov.uk"/><target host="www.tmbc.gov.uk"/>
-  <target host="torbay.gov.uk"/><target host="www.torbay.gov.uk"/>
-  <target host="uttlesford.gov.uk"/><target host="www.uttlesford.gov.uk"/>
-  <target host="valeofglamorgan.gov.uk"/><target host="www.valeofglamorgan.gov.uk"/>
-  <target host="walthamforest.gov.uk"/><target host="www.walthamforest.gov.uk"/>
-  <target host="warrington.gov.uk"/><target host="www.warrington.gov.uk"/>
-  <target host="wellingborough.gov.uk"/><target host="www.wellingborough.gov.uk"/>
-  <target host="westdevon.gov.uk"/><target host="www.westdevon.gov.uk"/>
-  <target host="west-lindsey.gov.uk"/><target host="www.west-lindsey.gov.uk"/>
-  <target host="westminster.gov.uk"/><target host="www.westminster.gov.uk"/>
-  <target host="westoxon.gov.uk"/><target host="www.westoxon.gov.uk"/>
-  <target host="westsussex.gov.uk"/><target host="www.westsussex.gov.uk"/>
-  <target host="wigan.gov.uk"/><target host="www.wigan.gov.uk"/>
-  <target host="wirral.gov.uk"/><target host="www.wirral.gov.uk"/>
-  <target host="wolverhampton.gov.uk"/><target host="www.wolverhampton.gov.uk"/>
-  <target host="havering.gov.uk"/><target host="www.havering.gov.uk"/>
+
+	Problematic hosts in *local.gov.uk:
+
+		- knowledgehub ᵐ
+		- lginform ᵏ
+
+	ᵏ Revoked
+	ᵐ Mismatched
+
+-->
+<ruleset name="Local.gov.uk (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="lgaevents.local.gov.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="knowledgehub.local.gov.uk" />
+
+  <!--target host="www.miltonkeynes.gov.uk"/-->
   <!--
   These are self-signed, but probably still work:
-  <target host="coventry.gov.uk"/><target host="www.coventry.gov.uk"/>
   <target host="hartlepool.gov.uk"/><target host="www.hartlepool.gov.uk"/>
-  <target host="lewes.gov.uk"/><target host="www.lewes.gov.uk"/>
   <target host="newcastle-staffs.gov.uk"/><target host="www.newcastle-staffs.gov.uk"/>
-  <target host="telford.gov.uk"/><target host="www.telford.gov.uk"/>
   -->
 
-  <rule
-    from="^http://(?:www\.)?([^/]+)/"
-    to="https://www.$1/"/>
 
-  <!-- place additional rules at the top if you wish to avoid the catch-all rule above -->
+	<!--	Redirect drops all:
+					-->
+	<rule from="^http://knowledgehub\.local\.gov\.uk/.*"
+		to="https://khub.net/" />
+
+		<test url="http://knowledgehub.local.gov.uk/index.htm" />
 
-	<securecookie host="^www\.ceredigion\.gov\.uk$" name=".+" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/UKNOF.org.uk.xml b/src/chrome/content/rules/UKNOF.org.uk.xml
new file mode 100644
index 000000000000..20787920adf9
--- /dev/null
+++ b/src/chrome/content/rules/UKNOF.org.uk.xml
@@ -0,0 +1,24 @@
+<!--
+	(www.): refused
+
+
+	These altnames don't exist:
+
+		- www.lists.uknof.org.uk
+
+-->
+<ruleset name="UKNOF.org.uk (partial)">
+
+	<target host="indico.uknof.org.uk" />
+	<target host="lists.uknof.org.uk" />
+	<target host="wiki.uknof.org.uk" />
+
+
+	<!--	Secured by server:
+					-->
+	<!--securecookie host="^wiki\.uknof\.org\.uk$" name="^uknofwiki_mw_uknof__session$" /-->
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/UK_Intellectual_Property_Office.xml b/src/chrome/content/rules/UK_Intellectual_Property_Office.xml
index bb67016a0324..38e800a05cb4 100644
--- a/src/chrome/content/rules/UK_Intellectual_Property_Office.xml
+++ b/src/chrome/content/rules/UK_Intellectual_Property_Office.xml
@@ -11,7 +11,6 @@
 	<securecookie host="^(?:www\.)?ipo\.gov\.uk$" name=".+" />
 
 
-	<rule from="^http://(www\.)?ipo\.gov\.uk/"
-		to="https://$1ipo.gov.uk/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/UK_Ministry_of_Defence.xml b/src/chrome/content/rules/UK_Ministry_of_Defence.xml
index bf0a975e9afd..652bc699520c 100644
--- a/src/chrome/content/rules/UK_Ministry_of_Defence.xml
+++ b/src/chrome/content/rules/UK_Ministry_of_Defence.xml
@@ -1,13 +1,15 @@
 <!--
     For other UK Government coverage, see GOV.UK.xml.
+
+	Non-functional hosts:
+		Certificate mismatched:
+		- defenceimagery.mod.uk
 -->
 
 <ruleset name="UK Ministry of Defence">
-    <target host="defenceimagery.mod.uk" />
-    <target host="www.defenceimagery.mod.uk" />
+	<target host="defenceimagery.mod.uk" />
+	<target host="www.defenceimagery.mod.uk" />
 
-    <rule from="^https?://defenceimagery\.mod\.uk/"
-        to="https://www.defenceimagery.mod.uk/"/>
-    <rule from="^http://([^/:@]+)?\.defenceimagery\.mod\.uk/"
-        to="https://$1.defenceimagery.mod.uk/" />
+	<rule from="^http://(www\.)?defenceimagery\.mod\.uk/"
+			to="https://www.defenceimagery.mod.uk/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/UK_Payments.org.uk.xml b/src/chrome/content/rules/UK_Payments.org.uk.xml
new file mode 100644
index 000000000000..66d06a72c418
--- /dev/null
+++ b/src/chrome/content/rules/UK_Payments.org.uk.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- www.ukpayments.org.uk
+
+-->
+<ruleset name="UK Payments.org.uk">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ukpayments.org.uk" />
+	<target host="www.ukpayments.org.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.ukpayments\.org\.uk$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^www\.ukpayments\.org\.uk$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/UL.ie-falsemixed.xml b/src/chrome/content/rules/UL.ie-falsemixed.xml
index 3655b4f843dd..d06c6ac4a4eb 100644
--- a/src/chrome/content/rules/UL.ie-falsemixed.xml
+++ b/src/chrome/content/rules/UL.ie-falsemixed.xml
@@ -1,8 +1,13 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ul.ie/ => https://www.ul.ie/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.ul.ie/ => https://www.ul.ie/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
 	For rules not causing false/broken MCB, see UL.ie.xml.
 
 -->
-<ruleset name="UL.ie (false MCB)" platform="mixedcontent">
+<ruleset name="UL.ie (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="ul.ie" />
 	<target host="www.ul.ie" />
diff --git a/src/chrome/content/rules/UL.ie.xml b/src/chrome/content/rules/UL.ie.xml
index b72a9d054995..c3182f76a6b1 100644
--- a/src/chrome/content/rules/UL.ie.xml
+++ b/src/chrome/content/rules/UL.ie.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ul.ie/ => http://ul.ie/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
 	University of Limerick
 
 	For rules causing false/broken MCB, see UL.ie-falsemixed.xml.
@@ -23,10 +27,10 @@
 	* Secured by us
 
 -->
-<ruleset name="UL.ie (partial)">
+<ruleset name="UL.ie (partial)" default_off="failed ruleset test">
 
 	<target host="ul.ie" />
-	<target host="*.ul.ie" />
+	<target host="www.ul.ie" />
 
 
 	<securecookie host="^\.ul\.ie$" name="^__utm\w$" />
diff --git a/src/chrome/content/rules/ULAKBIM.gov.tr.xml b/src/chrome/content/rules/ULAKBIM.gov.tr.xml
index 315e8b498274..1ba784137b85 100644
--- a/src/chrome/content/rules/ULAKBIM.gov.tr.xml
+++ b/src/chrome/content/rules/ULAKBIM.gov.tr.xml
@@ -22,7 +22,10 @@
 <ruleset name="ULAKBIM.gov.tr (partial)" default_off="self-signed">
 
 	<target host="ulakbim.gov.tr" />
-	<target host="*.ulakbim.gov.tr" />
+	<target host="www.ulakbim.gov.tr" />
+	<target host="ekual.ulakbim.gov.tr" />
+	<target host="istatistik.ulakbim.gov.tr" />
+	<target host="stat.ulakbim.gov.tr" />
 
 
 	<securecookie host="^(?:istatistik|stat)\.ulakbim\.gov\.tr$" name=".+" />
@@ -31,7 +34,6 @@
 	<rule from="^http://(?:www\.)?ulakbim\.gov\.tr/"
 		to="https://www.ulakbim.gov.tr/" />
 
-	<rule from="^http://(ekual|istatistik|stat)\.ulakbim\.gov\.tr/"
-		to="https://$1.ulakbim.gov.tr/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/UMBC.edu.xml b/src/chrome/content/rules/UMBC.edu.xml
new file mode 100644
index 000000000000..334b7f99364c
--- /dev/null
+++ b/src/chrome/content/rules/UMBC.edu.xml
@@ -0,0 +1,42 @@
+<!--
+	University of Maryland Baltimore County
+
+
+	Problematic subdomains:
+
+		- csee *
+
+	* Cert only matches www.foo
+
+
+	Fully covered subdomains:
+
+		- assets[1-4]-my
+		- (www.)csee		(^ → www)
+		- publications.csee
+
+-->
+<ruleset name="UMBC.edu (partial)">
+
+	<target host="assets1-my.umbc.edu" />
+	<target host="assets2-my.umbc.edu" />
+	<target host="assets3-my.umbc.edu" />
+	<target host="assets4-my.umbc.edu" />
+	<target host="publications.csee.umbc.edu" />
+	<target host="csee.umbc.edu" />
+	<target host="www.csee.umbc.edu" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^publications\.csee\.umbc\.edu$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^publications\.csee\.umbc\.edu$" name=".+" />
+
+
+
+	<rule from="^http://(?:www\.)?csee\.umbc\.edu/"
+		to="https://www.csee.umbc.edu/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/UMonitor.xml b/src/chrome/content/rules/UMonitor.xml
index bce1bc0789e0..9bdfd8c91f9c 100644
--- a/src/chrome/content/rules/UMonitor.xml
+++ b/src/chrome/content/rules/UMonitor.xml
@@ -1,10 +1,15 @@
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://umonitor.com/ => https://www.umonitor.com/: (28, 'Connection timed out after 10000 milliseconds')
+-->
 <ruleset name="uMonitor">
 
 	<target host="umonitor.com" />
-	<target host="*.umonitor.com" />
+	<target host="www.umonitor.com" />
+	<target host="onelink.umonitor.com" />
 
 
-	<securecookie host="^.*\.umonitor\.com$" name=".*" />
+	<securecookie host="^.*\.umonitor\.com$" name=".+" />
 
 
 	<!--	!www times out.	-->
@@ -12,7 +17,6 @@
 		to="https://www.umonitor.com/" />
 
 	<!--	onelink is used by clients.	-->
-	<rule from="^http://onelink\.umonitor\.com/"
-		to="https://onelink.umonitor.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/UN.org.xml b/src/chrome/content/rules/UN.org.xml
index 4c78424a838f..a02501f1bcc6 100644
--- a/src/chrome/content/rules/UN.org.xml
+++ b/src/chrome/content/rules/UN.org.xml
@@ -1,24 +1,246 @@
+
 <!--
-	For problematic rules, see United-Nations-mismatches.xml.
+Disabled by https-everywhere-checker because:
+Fetch error: http://vcse.unsbv.dfs.un.org/ => https://vcse.unsbv.dfs.un.org/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://moffice.escap.un.org/ => https://moffice.escap.un.org/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://cims.af.one.un.org/ => https://cims.af.one.un.org/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://cims.so.one.un.org/ => https://cims.so.one.un.org/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://sites.un.org/ => https://sites.un.org/: (28, 'Connection timed out after 20000 milliseconds')
 
+For problematic rules, see United-Nations-mismatches.xml.
 
-	Other United Nations rulesets:
+Other United Nations rulesets:
+	- United_Nations_Office_at_Vienna.xml
+	- UN_Multimedia.org.xml
+	- UNDP.org.xml
+	- UNHCR.org.xml
+	- WTO.org.xml
 
-		- United_Nations_Office_at_Vienna.xml
-		- WTO.org.xml
+404 Not Found:
+	endviolence.un.org
 
--->
-<ruleset name="United Nations" platform="mixedcontent">
+503 Service Unavailable:
+	careerfair.un.org
+	cdn.un.org
+	esango.un.org
+	hrits4.un.org
+	iif.un.org
+	itrack.un.org
+	legal.un.org
+	unpan1.un.org
+	unpan3.un.org
+	untreaty.un.org
 
-	<target host="un.org" />
-	<target host="www.un.org" />
+Incomplete certificate chain:
+	autodiscover.un.org
+	directory.one.un.org
+	login.umoja.un.org
+	selfservice.umoja.un.org
+	mail.unite.un.org
 
+Invalid certificate:
+	ask.un.org
+	career.un.org
+	xmobile.dfs.un.org
+	dfs-webmail.un.org
+	isper.escwa.un.org
+	gvamail.un.org
+	icsc.un.org
+	lyncdiscover.cv.jo.un.org
+	www.cm.one.un.org
+	iq.one.un.org
+	www.la.one.un.org
+	lyncdiscover.one.un.org
+	mobileoffice.un.org (SHA-1 With RSA Encryption)
+	www.my.one.un.org
+	www.rw.one.un.org
+	rmu-training.so.one.un.org
+	ss.one.un.org
+	telecommuting.un.org (SHA-1 With RSA Encryption)
+	tz.one.un.org
+	www.tz.one.un.org
+	ug.one.un.org
+	zm.one.un.org
+	www.zm.one.un.org
+	zm.one.un.org
+	www.zw.one.un.org
+	research.un.org
+	unstamps.un.org
 
-	<!--	^ redirects to www over http,
-		so copy that behavior:
-					-->
-	<rule from="^http://(?:www\.)?un\.org/"
-		to="https://www.un.org/" />
+Mixed content:
+	az.one.un.org
+	www.az.one.un.org
+	lk.one.un.org
+	www.lk.one.un.org
+	mw.one.un.org
+	www.mw.one.un.org
+	visit.un.org
 
-</ruleset>
+Refused connection:
+	cerf.un.org
+	data.un.org
+	www.escwa.un.org
+	ggim.un.org
+	ochaonline.un.org
+	autodiscover.one.un.org
+	ba.one.un.org
+	www.et.one.un.org
+	www.gh.one.un.org
+	in.one.un.org
+	kg.one.un.org
+	kp.one.un.org
+	ma.one.un.org
+	md.one.un.org
+	www.md.one.un.org
+	mg.one.un.org
+	rs.one.un.org
+	sd.one.un.org
+	www.sz.one.un.org
+	tm.one.un.org
+	unbisnet.un.org
+	webtv.un.org
+	m.webtv.un.org
+	hrits4.un.org:8080
 
+Timeout:
+	dag.un.org
+	disarmament.un.org
+	autodiscover.cv.jo.un.org
+	peacemaker.un.org
+	repository.un.org
+-->
+<ruleset name="UN.org" default_off="failed ruleset test">
+	<target host="un.org"/>
+	<target host="www.un.org"/>
+	<target host="academicimpact.un.org"/>
+	<target host="ams.un.org"/>
+	<target host="archives.un.org"/>
+	<target host="search.archives.un.org"/>
+	<target host="assessments.un.org"/>
+	<target host="blogs.un.org"/>
+	<target host="business.un.org"/>
+	<target host="www.business.un.org"/>
+	<target host="childrenandarmedconflict.un.org"/>
+	<target host="comtrade.un.org"/>
+	<target host="conf.un.org"/>
+	<target host="crmws.un.org"/>
+	<target host="css-ebolaresponse.un.org"/>
+	<target host="css-refugeesmigrants.un.org"/>
+	<target host="daccess-ods.un.org"/>
+	<target host="autodiscover.dfs.un.org"/>
+	<target host="cop.dfs.un.org"/>
+	<target host="extranet.cosmos.dfs.un.org"/>
+	<target host="efm.dfs.un.org"/>
+	<target host="lyncdialin.dfs.un.org"/>
+	<target host="lyncmeet.dfs.un.org"/>
+	<target host="mail.dfs.un.org"/>
+	<target host="mypassword.dfs.un.org"/>
+	<target host="registermypassword.dfs.un.org"/>
+	<target host="remote.dfs.un.org"/>
+	<target host="rsc.dfs.un.org"/>
+	<target host="rtcc.dfs.un.org"/>
+	<target host="sgitt-gis-fgp.dfs.un.org"/>
+	<target host="tms.dfs.un.org"/>
+	<target host="unops.dfs.un.org"/>
+	<target host="vcse.unsbv.dfs.un.org"/>
+	<target host="vdi.dfs.un.org"/>
+	<target host="vdib.dfs.un.org"/>
+	<target host="vdiv.dfs.un.org"/>
+	<target host="vpn.dfs.un.org"/>
+	<target host="webanalytics.dfs.un.org"/>
+	<target host="disarmament-library.un.org"/>
+	<target host="documents.un.org"/>
+	<target host="documents-dds-ny.un.org"/>
+	<target host="dpko-mobile-reporting.un.org"/>
+	<target host="dss.un.org"/>
+	<target host="lms.dss.un.org"/>
+	<target host="training.dss.un.org"/>
+	<target host="trip.dss.un.org"/>
+	<target host="ebolaresponse.un.org"/>
+	<target host="efilinginternaljustice.un.org"/>
+	<target host="eidmsidf.un.org"/>
+	<target host="elearning.un.org"/>
+	<target host="emed.un.org"/>
+	<target host="epas.un.org"/>
+	<target host="eroom.un.org"/>
+	<target host="esa.un.org"/>
+	<target host="bkkvcse01.escap.un.org"/>
+	<target host="moffice.escap.un.org"/>
+	<target host="vc.escap.un.org"/>
+	<target host="escwa.un.org"/>
+	<target host="gadebate.un.org"/>
+	<target host="gdoc.un.org"/>
+	<target host="genderstats.un.org"/>
+	<target host="hr.un.org"/>
+	<target host="icms.un.org"/>
+	<target host="ilearn.un.org"/>
+	<target host="imdis.un.org"/>
+	<target host="img-ebolaresponse.un.org"/>
+	<target host="img-refugeesmigrants.un.org"/>
+	<target host="ineedservice.un.org"/>
+	<target host="infosec.un.org"/>
+	<target host="inspira.un.org"/>
+	<target host="inspira-apps.un.org"/>
+	<target host="ipsastraining.un.org"/>
+	<target host="iseek.un.org"/>
+	<target host="iseek-external.un.org"/>
+	<target host="jobs.un.org"/>
+	<target host="languagecareers.un.org"/>
+	<target host="lib-thesaurus.un.org"/>
+	<target host="lib-unique.un.org"/>
+	<target host="library.un.org"/>
+	<target host="mdgs.un.org"/>
+	<target host="millenniumindicators.un.org"/>
+	<target host="oceanconference.un.org"/>
+	<target host="oios.un.org"/>
+	<target host="cims.af.one.un.org"/>
+	<target host="sl.one.un.org"/>
+	<target host="www.sl.one.un.org"/>
+	<target host="cims.so.one.un.org"/>
+	<target host="sr.one.un.org"/>
+	<target host="www.sr.one.un.org"/>
+	<target host="outreach.un.org"/>
+	<target host="poweringthefuture.un.org"/>
+	<target host="protocol.un.org"/>
+	<target host="publicadministration.un.org"/>
+	<target host="radio.un.org"/>
+	<target host="refugeesmigrants.un.org"/>
+	<target host="rio20.un.org"/>
+	<target host="scsanctions.un.org"/>
+	<target host="search.un.org"/>
+	<target host="shop.un.org"/>
+	<target host="sites.un.org"/>
+	<target host="soc.un.org"/>
+	<target host="social.un.org"/>
+	<target host="static.un.org"/>
+	<target host="sustainabledevelopment.un.org"/>
+	<target host="together.un.org"/>
+	<target host="treasury.un.org"/>
+	<target host="treaties.un.org"/>
+	<target host="umoja.un.org"/>
+	<target host="unchronicle.un.org"/>
+	<target host="unic.un.org"/>
+	<target host="unishare.un.org"/>
+	<target host="unispal.un.org"/>
+	<target host="unite.un.org"/>
+	<target host="conferences.unite.un.org"/>
+	<target host="connections.unite.un.org"/>
+	<target host="tours.unite.un.org"/>
+	<target host="uniteid.un.org"/>
+	<target host="unitesearch.un.org"/>
+	<target host="unregister.un.org"/>
+	<target host="unstats.un.org"/>
+	<target host="unterm.un.org"/>
+	<target host="untermportal.un.org"/>
+	<target host="unyearbook.un.org"/>
+	<target host="webapps01.un.org"/>
+	<target host="weblog.un.org"/>
+	<target host="webmail.un.org"/>
+	<target host="webmail02.un.org"/>
+	<target host="webmail05.un.org"/>
+	<target host="webmail09.un.org"/>
+	<target host="wess.un.org"/>
+	<target host="wwwupdate.un.org"/>
+
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/UNC.edu.xml b/src/chrome/content/rules/UNC.edu.xml
new file mode 100644
index 000000000000..45bc3004012f
--- /dev/null
+++ b/src/chrome/content/rules/UNC.edu.xml
@@ -0,0 +1,63 @@
+<!--
+	Other University of North Carolina at Chapel Hill rulesets:
+		+ UNC_Lineberger.org.xml
+
+	Non-functional hosts
+		Timeout was reached:
+		- itsapps.unc.edu
+
+		SSL peer certificate was not OK:
+		- www.financeadmin.unc.edu
+		- www.library.unc.edu
+		- www.onecard.unc.edu
+		- www.pid.unc.edu
+-->
+<ruleset name="UNC.edu (partial)">
+	<target host="unc.edu" />
+	<target host="www.unc.edu" />
+
+	<target host="ccinfo.unc.edu" />
+	<target host="cmsp.unc.edu" />
+	<target host="connectcarolina.unc.edu" />
+	<target host="cs.unc.edu" />
+
+	<target host="dir.unc.edu" />
+	<target host="directory.unc.edu" />
+	<target host="diversity.unc.edu" />
+	
+	<target host="enterprises.unc.edu" />
+	<target host="events.unc.edu" />
+
+	<target host="financeadmin.unc.edu" />
+
+	<target host="global.unc.edu" />
+
+	<target host="heelmail.unc.edu" />
+	<target host="help.unc.edu" />
+	<target host="hr.unc.edu" />
+
+	<target host="infoporte.unc.edu" />
+	<target host="its.unc.edu" />
+	<target host="its-commons.unc.edu" />
+
+	<target host="calendar.lib.unc.edu" />
+	<target host="library.unc.edu" />
+
+	<target host="onecard.unc.edu" />
+	<target host="onyen.unc.edu" />
+
+	<target host="pid.unc.edu" />
+
+	<target host="research.unc.edu" />
+
+	<target host="search.unc.edu" />
+	<target host="selfservice.unc.edu" />
+	<target host="sso.unc.edu" />
+
+	<target host="diversity.web.unc.edu" />
+	<target host="webservices.unc.edu" />
+	
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/UNC_Lineberger.org.xml b/src/chrome/content/rules/UNC_Lineberger.org.xml
new file mode 100644
index 000000000000..8528a396c048
--- /dev/null
+++ b/src/chrome/content/rules/UNC_Lineberger.org.xml
@@ -0,0 +1,22 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.unclineberger.org/ => https://www.unclineberger.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.unclineberger.org'")
+
+Automatically by https-everywhere-checker because:
+Fetch error: http://unclineberger.org/ => https://unclineberger.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.unclineberger.org/ => https://www.unclineberger.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+	UNC Lineberger Comprehensive Cancer Center
+
+	For other University of North Carolina at Chapel Hill coverage, see UNC.edu.xml.
+
+-->
+<ruleset name="UNC Lineberger.org" default_off="failed ruleset test">
+
+	<target host="unclineberger.org" />
+	<target host="www.unclineberger.org" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/UNDP.org.xml b/src/chrome/content/rules/UNDP.org.xml
new file mode 100644
index 000000000000..6fbd7b9c3690
--- /dev/null
+++ b/src/chrome/content/rules/UNDP.org.xml
@@ -0,0 +1,39 @@
+<!--
+	United Nations Development Program
+
+	For other United Nations coverage, see UN.org.xml.
+
+
+	Nonfunctional subdomains:
+
+		- (www.)? *
+
+	* Dropped
+
+
+	These altnames don't exist:
+
+		- www.info.undp.org
+
+
+	Insecure cookies are set for these hosts:
+
+		- info.undp.org
+
+-->
+<ruleset name="UNDP.org (partial)">
+
+	<target host="info.undp.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^info\.undp\.org$" name="^BIGipServer" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/UNFPA.org.xml b/src/chrome/content/rules/UNFPA.org.xml
index e1ce44a571cb..c516260027a8 100644
--- a/src/chrome/content/rules/UNFPA.org.xml
+++ b/src/chrome/content/rules/UNFPA.org.xml
@@ -1,7 +1,158 @@
-<ruleset name="UNFPA.org">
-	<target host="www.unfpa.org" />
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+			 - foweb.unfpa.org
+			 - iran.unfpa.org
+			 - mailgw.unfpa.org
+
+		Timeout was reached:
+			 - caribbean.unfpa.org
+			 - profiles.unfpa.org
+			 - web.unfpa.org
+
+		SSL connect error:
+			 - unfpa.org
+			 - argentina.unfpa.org
+			 - cape-verde.unfpa.org
+			 - cosites.unfpa.org
+			 - costa-rica.unfpa.org
+			 - cotedivoire.unfpa.org
+			 - drcongo.unfpa.org
+			 - georgia.unfpa.org
+			 - guatemala.unfpa.org
+			 - guinea.unfpa.org
+			 - japan.unfpa.org
+			 - lebanon.unfpa.org
+			 - mongolia.unfpa.org
+			 - pakistan.unfpa.org
+			 - sudan.unfpa.org
+			 - thegambia.unfpa.org
+			 - tunisia.unfpa.org
+
+		SSL peer certificate was not OK:
+			 - afghanistan.unfpa.org
+			 - angola.unfpa.org
+			 - arabstates.unfpa.org
+			 - armenia.unfpa.org
+			 - asiapacific.unfpa.org
+			 - ba.unfpa.org
+			 - belarus.unfpa.org
+			 - benin.unfpa.org
+			 - bhutan.unfpa.org
+			 - botswana.unfpa.org
+			 - burkinafaso.unfpa.org
+			 - burundi.unfpa.org
+			 - cambodia.unfpa.org
+			 - cameroon.unfpa.org
+			 - car.unfpa.org
+			 - chad.unfpa.org
+			 - colombia.unfpa.org
+			 - comoros.unfpa.org
+			 - congo.unfpa.org
+			 - directory.unfpa.org
+			 - drc.unfpa.org
+			 - ecuador.unfpa.org
+			 - eeca.unfpa.org
+			 - egypt.unfpa.org
+			 - elsalvador.unfpa.org
+			 - esaro.unfpa.org
+			 - ethiopia.unfpa.org
+			 - gcc.unfpa.org
+			 - ghana.unfpa.org
+			 - haiti.unfpa.org
+			 - honduras.unfpa.org
+			 - india.unfpa.org
+			 - iraq.unfpa.org
+			 - prod.japan.unfpa.org
+			 - jordan.unfpa.org
+			 - kazakhstan.unfpa.org
+			 - kenya.unfpa.org
+			 - kyrgyzstan.unfpa.org
+			 - lac.unfpa.org
+			 - lao.unfpa.org
+			 - lesotho.unfpa.org
+			 - madagascar.unfpa.org
+			 - malawi.unfpa.org
+			 - mali.unfpa.org
+			 - mauritania.unfpa.org
+			 - moldova.unfpa.org
+			 - morocco.unfpa.org
+			 - mozambique.unfpa.org
+			 - myanmar.unfpa.org
+			 - nepal.unfpa.org
+			 - nicaragua.unfpa.org
+			 - nigeria.unfpa.org
+			 - palestine.unfpa.org
+			 - panama.unfpa.org
+			 - photolibrary.unfpa.org
+			 - portal.unfpa.org
+			 - rwanda.unfpa.org
+			 - serbia.unfpa.org
+			 - sierraleone.unfpa.org
+			 - somalia.unfpa.org
+			 - southafrica.unfpa.org
+			 - southsudan.unfpa.org
+			 - prod.southsudan.unfpa.org
+			 - srilanka.unfpa.org
+			 - swaziland.unfpa.org
+			 - syria.unfpa.org
+			 - tanzania.unfpa.org
+			 - thailand.unfpa.org
+			 - training.unfpa.org
+			 - turkey.unfpa.org
+			 - turkmenistan.unfpa.org
+			 - uganda.unfpa.org
+			 - ukraine.unfpa.org
+			 - uzbekistan.unfpa.org
+			 - venezuela.unfpa.org
+			 - vietnam.unfpa.org
+			 - wcaro.unfpa.org
+			 - yemen.unfpa.org
+			 - zambia.unfpa.org
+			 - zimbabwe.unfpa.org
+
+		Peer certificate cannot be authenticated with given CA certificates:
+			 - bolivia.unfpa.org
+			 - fpaweb2.lb.unfpa.org
+			 - mx2.unfpa.org
+			 - web2.unfpa.org
+
+		4xx client error:
+			 - inthenews.unfpa.org
+
+		5xx server error:
+			 - mispcalc.unfpa.org
+
+		Mixed content blocking (MCB) tiggered:
+			 - www.unfpa.org
+			 - indonesia.unfpa.org
+			 - mk.unfpa.org
+			 - weblogs.unfpa.org
+-->
+<ruleset name="United Nations Population Fund (partial)" platform="mixedcontent">
 	<target host="unfpa.org" />
-	<rule from="^http://www\.unfpa\.org/" to="https://www.unfpa.org/"/>
-	<rule from="^http://unfpa\.org/" to="https://www.unfpa.org/"/>
-</ruleset>
+	<target host="www.unfpa.org" />
+	<target host="africa.unfpa.org" />
+	<target host="countryoffice.unfpa.org" />
+	<target host="data.unfpa.org" />
+	<target host="europe.unfpa.org" />
+	<target host="executiveboard.unfpa.org" />
+	<target host="extranet.unfpa.org" />
+	<target host="extstage.unfpa.org" />
+	<target host="fgmprevention.unfpa.org" />
+	<target host="indonesia.unfpa.org" />
+	<target host="mk.unfpa.org" />
+	<target host="niger.unfpa.org" />
+	<target host="onevoice.unfpa.org" />
+	<target host="open.unfpa.org" />
+	<target host="support.unfpa.org" />
+	<target host="timor-leste.unfpa.org" />
+	<target host="video.unfpa.org" />
+	<target host="weblogs.unfpa.org" />
+
+	<rule from="^http://unfpa\.org/"
+			to="https://www.unfpa.org/" />
 
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/UNHCR.org.xml b/src/chrome/content/rules/UNHCR.org.xml
new file mode 100644
index 000000000000..2b457cea573e
--- /dev/null
+++ b/src/chrome/content/rules/UNHCR.org.xml
@@ -0,0 +1,31 @@
+<!--
+	For other United Nations coverage, see UN.org.xml.
+
+	Non-functional hosts
+		Couldn't connect to server:
+		- unhcr.org
+		- www.unhcr.org
+		- maps.unhcr.org
+
+		Server returned nothing (no headers, no data):
+		- reporting.unhcr.org
+
+		SSL peer certificate was not OK:
+		- tracks.unhcr.org
+
+		Peer certificate cannot be authenticated with given CA certificates:
+		- data.unhcr.org
+
+		Secure connection redirects to plaintext:
+		- data2.unhcr.org
+		- popstats.unhcr.org
+-->
+<ruleset name="UNHCR.org (partial)">
+	<target host="donate.unhcr.org" />
+	<target host="emergency.unhcr.org" />
+	<target host="media.unhcr.org" />
+	<target host="partner.unhcr.org" />
+	<target host="public.msrp.unhcr.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/UNIBA.sk.xml b/src/chrome/content/rules/UNIBA.sk.xml
new file mode 100644
index 000000000000..7597189abc95
--- /dev/null
+++ b/src/chrome/content/rules/UNIBA.sk.xml
@@ -0,0 +1,25 @@
+<ruleset name="UNIBA.sk">
+
+	<target host="cdv.uniba.sk" />
+	<target host="druzba.uniba.sk" />
+	<target host="mlyny.uniba.sk" />
+	<target host="moja.uniba.sk" />
+	<target host="uniba.sk" />
+	<target host="www.uniba.sk" />
+	<target host="www.cusp.uniba.sk" />
+	<target host="www.fedu.uniba.sk" />
+	<target host="www.fevth.uniba.sk" />
+	<target host="www.flaw.uniba.sk" />
+	<target host="www.fmed.uniba.sk" />
+	<target host="www.fmph.uniba.sk" />
+	<target host="www.fm.uniba.sk" />
+	<target host="www.fns.uniba.sk" />
+	<target host="www.fpharm.uniba.sk" />
+	<target host="www.fphil.uniba.sk" />
+	<target host="www.frcth.uniba.sk" />
+	<target host="www.fses.uniba.sk" />
+	<target host="www.fsport.uniba.sk" />
+	<target host="www.jfmed.uniba.sk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/UNICEF-IRC.org.xml b/src/chrome/content/rules/UNICEF-IRC.org.xml
new file mode 100644
index 000000000000..c032e0b377b7
--- /dev/null
+++ b/src/chrome/content/rules/UNICEF-IRC.org.xml
@@ -0,0 +1,27 @@
+<!--
+	For more UNICEF.org related ruleset, see UNICEF.org.xml
+
+
+	Non-functional hosts
+		Couldn't connect to server:
+			 - www.childimpact.unicef-irc.org
+			 - citrix.unicef-irc.org
+			 - www.facit.unicef-irc.org
+
+		Timeout was reached:
+			 - mx2.unicef-irc.org
+
+		SSL peer certificate was not OK:
+			 - mx1.unicef-irc.org
+
+		4xx client error:
+			 - admin.unicef-irc.org
+-->
+<ruleset name="UNICEF-IRC.org (partial)">
+	<target host="unicef-irc.org" />
+	<target host="www.unicef-irc.org" />
+	<target host="news.unicef-irc.org" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/UNICEF.fi.xml b/src/chrome/content/rules/UNICEF.fi.xml
new file mode 100644
index 000000000000..f7882a84f42a
--- /dev/null
+++ b/src/chrome/content/rules/UNICEF.fi.xml
@@ -0,0 +1,15 @@
+<!--
+
+	For more UNICEF.org related ruleset, see UNICEF.org.xml
+
+-->
+<ruleset name="UNICEF.fi" >
+	<target host="unicef.fi" />
+	<target host="www.unicef.fi" />
+	<target host="kampanja.unicef.fi" />
+	<target host="oma.unicef.fi" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/UNICEF.or.jp.xml b/src/chrome/content/rules/UNICEF.or.jp.xml
new file mode 100644
index 000000000000..420484867878
--- /dev/null
+++ b/src/chrome/content/rules/UNICEF.or.jp.xml
@@ -0,0 +1,36 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://appdev.unicef.or.jp/ => https://appdev.unicef.or.jp/: (60, 'SSL certificate problem: certificate has expired')
+
+	For more UNICEF.org related ruleset, see UNICEF.org.xml
+
+
+	Non-functional hosts
+		Timeout was reached:
+			 - unicef.or.jp
+
+		4xx client error:
+			 - debug.unicef.or.jp
+			 - webd.unicef.or.jp
+			 - webst.unicef.or.jp
+
+		Mixed content blocking (MCB) tiggered:
+			 - google.com on https://www.unicef.or.jp/
+			 - mixi.jp on https://www.unicef.or.jp/news/2017/0075.html
+-->
+<ruleset name="UNICEF.or.jp (partial)" platform="mixedcontent" default_off="failed ruleset test">
+	<target host="unicef.or.jp" />
+	<target host="www.unicef.or.jp" />
+	<target host="appdev.unicef.or.jp" />
+	<target host="www2.unicef.or.jp" />
+		<test url="http://www2.unicef.or.jp/bof/bo.html" />
+		<test url="http://www2.unicef.or.jp/card/hyakkaten_usually.html" />
+		<test url="http://www2.unicef.or.jp/card/sgift/sgifttop.html" />
+
+	<rule from="^http://unicef\.or\.jp/"
+			to="https://www.unicef.or.jp/" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/UNICEF.org.nz.xml b/src/chrome/content/rules/UNICEF.org.nz.xml
new file mode 100644
index 000000000000..94f629df3d42
--- /dev/null
+++ b/src/chrome/content/rules/UNICEF.org.nz.xml
@@ -0,0 +1,36 @@
+<!--
+	For more UNICEF.org related ruleset, see UNICEF.org.xml
+
+
+	Non-functional hosts
+		SSL connect error:
+			 - donate.unicef.org.nz
+
+		Peer certificate cannot be authenticated with given CA certificates:
+			 - 70th-anniversary.unicef.org.nz
+			 - itbeginswithablanket.unicef.org.nz
+			 - syria.unicef.org.nz
+			 - syriawinter.unicef.org.nz
+			 - timor-leste.unicef.org.nz
+			 - timor_leste.unicef.org.nz
+
+		4xx client error:
+			 - api.unicef.org.nz
+			 - u-report-workshop.unicef.org.nz
+-->
+<ruleset name="UNICEF.org.nz (partial)">
+	<target host="unicef.org.nz" />
+	<target host="www.unicef.org.nz" />
+	<target host="childpoverty.unicef.org.nz" />
+	<target host="emergency-partners.unicef.org.nz" />
+	<target host="global-parents.unicef.org.nz" />
+	<target host="landing.unicef.org.nz" />
+	<target host="now.unicef.org.nz" />
+	<target host="www.now.unicef.org.nz" />
+	<target host="nzchildpoverty.unicef.org.nz" />
+	<target host="remote.unicef.org.nz" />
+	<target host="sts.unicef.org.nz" />
+	<target host="vanuatu.unicef.org.nz" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/UNICEF.org.uk.xml b/src/chrome/content/rules/UNICEF.org.uk.xml
new file mode 100644
index 000000000000..093a4526981d
--- /dev/null
+++ b/src/chrome/content/rules/UNICEF.org.uk.xml
@@ -0,0 +1,91 @@
+<!--
+	For more UNICEF.org related ruleset, see UNICEF.org.xml
+
+
+	Non-functional hosts
+		Couldn't connect to server:
+			 - pt01.unicef.org.uk
+			 - stage.unicef.org.uk
+
+		Timeout was reached:
+			 - mta.mailings.unicef.org.uk
+			 - mta2.mailings.unicef.org.uk
+			 - view.mailings.unicef.org.uk
+
+		SSL connect error:
+			 - donate.unicef.org.uk
+			 - fundraise.unicef.org.uk
+			 - myfundraising.unicef.org.uk
+			 - vip5.unicef.org.uk
+
+		SSL peer certificate was not OK:
+			 - unicef.org.uk
+			 - campaign.unicef.org.uk
+			 - click.mailings.unicef.org.uk
+			 - image.mailings.unicef.org.uk
+			 - pages.mailings.unicef.org.uk
+			 - mi.unicef.org.uk
+			 - shop.unicef.org.uk
+			 - vip2.unicef.org.uk
+			 - vip3.unicef.org.uk
+			 - vip4.unicef.org.uk
+
+		Peer certificate cannot be authenticated with given CA certificates:
+			 - appeal.unicef.org.uk
+			 - maintenance.unicef.org.uk
+			 - map.unicef.org.uk
+			 - securesocceraid.unicef.org.uk
+
+		Status code mismatch:
+			 - beatebola.unicef.org.uk
+			 - cbre.unicef.org.uk
+			 - cwg.unicef.org.uk
+			 - halloweenball.unicef.org.uk
+			 	- http://halloweenball.unicef.org.uk/css/bootstrap.min.css
+			 	- http://halloweenball.unicef.org.uk/img/cat_min.png
+			 	- http://halloweenball.unicef.org.uk/js/main.js
+			 - market.unicef.org.uk
+			 	- http://market.unicef.org.uk/assets/images/home/UMUK_HP_IG_20170217.gif
+			 	- http://market.unicef.org.uk/assets/images/plates/homepage-artisan-gifts-201703.jpg
+			 	- http://market.unicef.org.uk/assets/images/plates/homepage-ethical-fashion.jpg
+			 - sportfirst.unicef.org.uk (HTTPS: redirects to Flickr, HTTP: 404)
+
+		4xx client error:
+			 - assets.unicef.org.uk
+			 - dev.corporateshop.unicef.org.uk
+			 - live.unicef.org.uk
+			 - resolution.unicef.org.uk
+			 - styleguide.unicef.org.uk
+			 - vip1.unicef.org.uk
+			 - vip6.unicef.org.uk
+
+		Secure connection redirects to plaintext:
+			- checkout.unicef.org.uk
+-->
+<ruleset name="UNICEF.co.uk (partial)">
+	<target host="unicef.org.uk" />
+	<target host="www.unicef.org.uk" />
+	<target host="act.unicef.org.uk" />
+	<target host="blogs.unicef.org.uk" />
+	<target host="corporateshop.unicef.org.uk" />
+	<target host="www.corporateshop.unicef.org.uk" />
+	<target host="downloads.unicef.org.uk" />
+	<target host="form.unicef.org.uk" />
+	<target host="forms.unicef.org.uk" />
+	<target host="launchpad.unicef.org.uk" />
+	<target host="legacies.unicef.org.uk" />
+	<target host="letsgetin.unicef.org.uk" />
+	<target host="m.unicef.org.uk" />
+	<target host="secure.market.unicef.org.uk" />
+	<target host="newsletters.unicef.org.uk" />
+	<target host="preview.unicef.org.uk" />
+	<target host="secure.unicef.org.uk" />
+	<target host="socceraid.unicef.org.uk" />
+	<target host="wella.unicef.org.uk" />
+
+	<rule from="^http://unicef\.org\.uk/"
+			to="https://www.unicef.org.uk/" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/UNICEF.org.xml b/src/chrome/content/rules/UNICEF.org.xml
new file mode 100644
index 000000000000..cf424184a22b
--- /dev/null
+++ b/src/chrome/content/rules/UNICEF.org.xml
@@ -0,0 +1,273 @@
+
+<!--
+The following targets have been disabled at 2020-04-17 18:38:06:
+
+Fetch error: http://case.unicef.org/ => https://case.unicef.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://case1.unicef.org/ => https://case1.unicef.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://huna.citrix.unicef.org/ => https://huna.citrix.unicef.org/: (35, 'error:14171102:SSL routines:tls_process_server_hello:unsupported protocol')
+Fetch error: http://indk.citrix.unicef.org/ => https://indk.citrix.unicef.org/: (35, 'error:14171102:SSL routines:tls_process_server_hello:unsupported protocol')
+Fetch error: http://indq.citrix.unicef.org/ => https://indq.citrix.unicef.org/: (35, 'error:14171102:SSL routines:tls_process_server_hello:unsupported protocol')
+Fetch error: http://fmp.unicef.org/ => https://fmp.unicef.org/: (7, 'Failed to connect to fmp.unicef.org port 443: No route to host')
+Fetch error: http://geneva.unicef.org/ => https://geneva.unicef.org/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.geneva.unicef.org/ => https://www.geneva.unicef.org/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://ilearn.unicef.org/ => https://ilearn.unicef.org/: (6, 'Could not resolve host: ilearn.unicef.org')
+Fetch error: http://mediaportal.unicef.org/ => https://mediaportal.unicef.org/: (6, 'Could not resolve host: mediaportal.unicef.org')
+Fetch error: http://origin-www.unicef.org/ => https://origin-www.unicef.org/: (35, 'error:14171102:SSL routines:tls_process_server_hello:unsupported protocol')
+Fetch error: http://origin2-www.unicef.org/ => https://origin2-www.unicef.org/: (6, 'Could not resolve host: origin2-www.unicef.org')
+Fetch error: http://qa-www.unicef.org/ => https://qa-www.unicef.org/: (6, 'Could not resolve host: qa-www.unicef.org')
+Fetch error: http://scrm.unicef.org/ => https://scrm.unicef.org/: (51, "SSL: no alternative certificate subject name matches target host name 'scrm.unicef.org'")
+Fetch error: http://uaticon.unicef.org/ => https://uaticon.unicef.org/: (6, 'Could not resolve host: uaticon.unicef.org')
+Fetch error: http://wcmsprd.unicef.org/ => https://wcmsprd.unicef.org/: (6, 'Could not resolve host: wcmsprd.unicef.org')
+Fetch error: http://wcmsqa.unicef.org/ => https://wcmsqa.unicef.org/: (6, 'Could not resolve host: wcmsqa.unicef.org')
+Fetch error: http://www2.unicef.org/ => https://www2.unicef.org/: (7, 'Failed to connect to www2.unicef.org port 443: Connection refused')
+Fetch error: http://www9.unicef.org/ => https://www9.unicef.org/: (35, 'error:14171102:SSL routines:tls_process_server_hello:unsupported protocol')
+
+	UNICEF.org related ruleset:
+		- UNICEF-IRC.org.xml
+		- UNICEF.fi.xml
+		- UNICEF.or.jp.xml
+		- UNICEF.org.nz.xml
+		- UNICEF.org.uk.xml
+		- UNICEF_USA.org.xml
+
+	Non-functional hosts
+		Couldn't connect to server:
+			 - afgatraveler.unicef.org
+			 - autodiscover.unicef.org
+			 - htia.citrix.unicef.org
+			 - jdna.citrix.unicef.org
+			 - cognosep.unicef.org
+			 - cphtraveler.unicef.org
+			 - epas.unicef.org
+			 - ethatraveler.unicef.org
+			 - euq03.unicef.org
+			 - euq04.unicef.org
+			 - cognosep.extgslb.unicef.org
+			 - epas.extgslb.unicef.org
+			 - uatteams.extgslb.unicef.org
+			 - www4.intranet.unicef.org
+			 - menatraveler.unicef.org
+			 - open.unicef.org
+			 - panatraveler.unicef.org
+			 - rosatraveler.unicef.org
+			 - swzatraveler.unicef.org
+			 - wcarotraveler.unicef.org
+       - dialin.unicef.org
+
+		Timeout was reached:
+			 - addvpn.unicef.org
+			 - www.careers.unicef.org
+			 - agent.casetest.unicef.org
+			 - cefd3301.unicef.org
+			 - chinashop.unicef.org
+			 - syra.citrix.unicef.org
+			 - coar.unicef.org
+			 - coar2.unicef.org
+			 - cqs01.unicef.org
+			 - disclosures.unicef.org
+			 - eaprotraveler.unicef.org
+			 - erecruit.unicef.org
+			 - esartraveler.unicef.org
+			 - euq01.unicef.org
+			 - euq02.unicef.org
+			 - portal.extgslb.unicef.org
+			 - extmail01.unicef.org
+			 - extmail02.unicef.org
+			 - extmail03.unicef.org
+			 - www.extranet.unicef.org
+			 - foshare.unicef.org
+			 - ftp-ext.unicef.org
+			 - guestwifi.unicef.org
+			 - lyncdiscover.gva.unicef.org
+			 - sip.gva.unicef.org
+			 - ucc.gva.unicef.org
+			 - uccweb.gva.unicef.org
+			 - wac.gva.unicef.org
+			 - webconf.gva.unicef.org
+			 - iconprep.unicef.org
+			 - ise-1-3un.unicef.org
+			 - ise-1-sg.unicef.org
+			 - ise-3-3un.unicef.org
+			 - ise-3-633.unicef.org
+			 - ise-3-sg.unicef.org
+			 - lt641a52.unicef.org
+			 - nbovpn.unicef.org
+			 - nyhqoutbound.unicef.org
+			 - portal.unicef.org
+			 - secgwy.unicef.org
+			 - sip-ind.unicef.org
+			 - smtpedge01.unicef.org
+			 - smtpedge02.unicef.org
+			 - smtpgate.unicef.org
+			 - smtpout.unicef.org
+			 - snozy.unicef.org
+			 - sowc2015.unicef.org
+       - supply.unicef.org
+			 - thltraveler.unicef.org
+			 - traveler.unicef.org
+			 - webcms.unicef.org
+			 - webcms3.unicef.org
+			 - wsus.unicef.org
+
+		SSL connect error:
+			 - icondev.extgslb.unicef.org
+			 - sts.extgslb.unicef.org
+
+		SSL peer certificate was not OK:
+			 - unicef.org
+			 - allinschool.unicef.org
+			 - reports.casetest.unicef.org
+			 - www.data.unicef.org
+			 - email.unicef.org
+			 - citrix.extgslb.unicef.org
+			 - icon.extgslb.unicef.org
+			 - ilearn.extgslb.unicef.org
+			 - intranet.extgslb.unicef.org
+			 - teams.extgslb.unicef.org
+			 - testicon.extgslb.unicef.org
+			 - uaticon.extgslb.unicef.org
+			 - uniadfs.extgslb.unicef.org
+			 - files.unicef.org
+			 - hybrid.unicef.org
+			 - hybrid1.unicef.org
+			 - images1.unicef.org
+			 - images2.unicef.org
+			 - images3.unicef.org
+			 - images4.unicef.org
+			 - imagine.unicef.org
+			 - jobs.unicef.org
+			 - mail.unicef.org
+			 - mics.unicef.org
+			 - photos.unicef.org
+			 - secure.photos.unicef.org
+			 - portal2.unicef.org
+			 - smtpgway.unicef.org
+			 - dev.support.unicef.org
+			 - staging.support.unicef.org
+			 - thereishope.unicef.org
+			 - ux641a12.unicef.org
+			 - videos.unicef.org
+			 - secure.videos.unicef.org
+			 - wcmssdev.unicef.org
+			 - www.weshare.unicef.org
+			 - secure.weshare.unicef.org
+
+		Failure when receiving data from the peer:
+			 - swzwebcon.unicef.org
+			 - usawebcon.unicef.org
+
+		Peer certificate cannot be authenticated with given CA certificates:
+			 - shop.unicef.org
+			 - china.shop.unicef.org
+			 - mexico.shop.unicef.org
+			 - thai.shop.unicef.org
+			 - talk.unicef.org
+			 - wow.unicef.org
+
+		Incomplete certificate chain error:
+			 - agent.casedev.unicef.org
+			 - pana.citrix.unicef.org
+			 - bana.da.unicef.org
+			 - brza.da.unicef.org
+			 - chea.da.unicef.org
+			 - dana.da.unicef.org
+			 - huna.da.unicef.org
+			 - indq.da.unicef.org
+			 - nepa.da.unicef.org
+			 - nepr.da.unicef.org
+			 - pana.da.unicef.org
+			 - esrtst.unicef.org
+			 - testcitrix.extgslb.unicef.org
+			 - autodiscover.gva.unicef.org
+			 - mail.gva.unicef.org
+			 - www.intranet.unicef.org
+			 - pfpif.unicef.org
+			 - swi.unicef.org
+			 - www.swi.unicef.org
+
+		Status code mismatch:
+			 - casetest.unicef.org
+			 - casetest1.unicef.org
+			 - usaaccess.unicef.org
+
+		4xx client error:
+			 - sandbox.blogs.unicef.org
+			 - staging.blogs.unicef.org
+			 - agent.case.unicef.org
+			 - report.case.unicef.org
+			 - dev-www.unicef.org
+			 - login.unicef.org
+			 - servicemanager.unicef.org
+			 - sfbwebsvc-extg.unicef.org
+			 - sfbwebsvc-extn.unicef.org
+			 - stage-www.unicef.org
+			 - trn-www.unicef.org
+			 - uniowavip-g.unicef.org
+			 - uniowavip-n.unicef.org
+			 - wcmsdev.unicef.org
+			 - wcmsstage.unicef.org
+			 - wcmstrn.unicef.org
+			 - www3.unicef.org
+
+		5xx server error:
+			 - uniadfs.unicef.org
+-->
+<ruleset name="UNICEF.org (partial)">
+	<target host="unicef.org" />
+	<target host="www.unicef.org" />
+	<target host="agora.unicef.org" />
+	<target host="ammvpn.unicef.org" />
+	<target host="bidev.unicef.org" />
+	<target host="bkkvpn.unicef.org" />
+	<target host="blogs.unicef.org" />
+	<!-- target host="case.unicef.org" /-->
+	<!-- target host="case1.unicef.org" /-->
+	<target host="citrix.unicef.org" />
+	<!-- target host="huna.citrix.unicef.org" /-->
+	<!-- target host="indk.citrix.unicef.org" /-->
+	<!-- target host="indq.citrix.unicef.org" /-->
+	<target host="cphvpn.unicef.org" />
+	<target host="dakvpn.unicef.org" />
+	<target host="data.unicef.org" />
+	<!-- <target host="dialin.unicef.org" /> -->
+	<target host="donate.unicef.org" />
+	<target host="etools.unicef.org" />
+	<target host="etools-dev.unicef.org" />
+	<target host="etools-staging.unicef.org" />
+	<!-- target host="fmp.unicef.org" /-->
+	<!-- target host="geneva.unicef.org" /-->
+	<!-- target host="www.geneva.unicef.org" /-->
+	<target host="gvavpn.unicef.org" />
+	<target host="icon.unicef.org" />
+	<!-- target host="ilearn.unicef.org" /-->
+	<target host="intranet.unicef.org" />
+	<target host="lyncdiscover.unicef.org" />
+	<target host="mappsprd.unicef.org" />
+	<target host="mappstst.unicef.org" />
+	<!-- target host="mediaportal.unicef.org" /-->
+	<target host="meet.unicef.org" />
+	<target host="nycvpn.unicef.org" />
+	<target host="nycvpn2.unicef.org" />
+	<!-- target host="origin-www.unicef.org" /-->
+	<!-- target host="origin2-www.unicef.org" /-->
+	<!-- target host="qa-www.unicef.org" /-->
+	<target host="resetmypassword.unicef.org" />
+	<!-- target host="scrm.unicef.org" /-->
+	<target host="sip.unicef.org" />
+	<!-- <target host="supply.unicef.org" /> -->
+	<target host="support.unicef.org" />
+	<target host="swzaccess.unicef.org" />
+	<target host="teams.unicef.org" />
+	<!-- target host="uaticon.unicef.org" /-->
+	<!-- target host="wcmsprd.unicef.org" /-->
+	<!-- target host="wcmsqa.unicef.org" /-->
+	<target host="weshare.unicef.org" />
+	<!-- target host="www2.unicef.org" /-->
+	<!-- target host="www9.unicef.org" /-->
+
+	<rule from="^http://unicef\.org/"
+			to="https://www.unicef.org/" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/UNICEF_USA.org.xml b/src/chrome/content/rules/UNICEF_USA.org.xml
new file mode 100644
index 000000000000..1c59d2bab02d
--- /dev/null
+++ b/src/chrome/content/rules/UNICEF_USA.org.xml
@@ -0,0 +1,99 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://globalaction.unicefusa.org/ => https://globalaction.unicefusa.org/: (60, 'SSL certificate problem: certificate has expired')
+
+	For more UNICEF.org related ruleset, see UNICEF.org.xml
+
+
+	Non-functional hosts
+		Couldn't connect to server:
+			 - email.unicefusa.org
+			 - bounce.email.unicefusa.org
+			 - reply.email.unicefusa.org
+			 - lab.unicefusa.org
+			 - maps.unicefusa.org
+			 - outbreak.unicefusa.org
+			 - www.shopcardsandgifts.unicefusa.org
+			 - training.unicefusa.org
+
+		Timeout was reached:
+			 - autodiscover.unicefusa.org
+			 - casarray.unicefusa.org
+			 - dev.unicefusa.org
+			 - mail5740.email.unicefusa.org
+			 - o1.emailer.unicefusa.org
+			 - everychild.unicefusa.org
+			 - extranet.unicefusa.org
+			 - mystore.unicefusa.org
+			 - secureftp.unicefusa.org
+			 - tap.staging.unicefusa.org
+			 - tap2015.staging.unicefusa.org
+			 - usfconnect.unicefusa.org
+			 - vft.unicefusa.org
+
+		SSL peer certificate was not OK:
+			 - cards.unicefusa.org
+			 - links.email.unicefusa.org
+			 - www.inspiredgifts.unicefusa.org
+			 - lyncdiscover.unicefusa.org
+			 - www.market.unicefusa.org
+			 - savingchildren.unicefusa.org
+			 - shop.unicefusa.org
+			 - shopbusiness.unicefusa.org
+			 - shopcardsandgifts.unicefusa.org
+
+		Peer certificate cannot be authenticated with given CA certificates:
+			 - dev-tap.unicefusa.org
+			 - usfremote.unicefusa.org
+
+		Incomplete certificate chain error:
+			 - unicefusa.org
+			 - mypc.unicefusa.org
+
+		4xx client error:
+			 - staging.unicefusa.org
+			 - trickortreat.unicefusa.org
+
+		5xx server error:
+			 - tapproject.unicefusa.org
+			 - vem.unicefusa.org
+-->
+<ruleset name="UNICEF USA.org (partial)" default_off="failed ruleset test">
+	<target host="unicefusa.org" />
+	<target host="www.unicefusa.org" />
+	<target host="actioncenter.unicefusa.org" />
+	<target host="askcaryl.unicefusa.org" />
+	<target host="brandhub.unicefusa.org" />
+	<target host="business.unicefusa.org" />
+	<target host="donate.unicefusa.org" />
+		<test url="http://donate.unicefusa.org/page/contribute/syriaresponse_paypal_bsd" />
+		<test url="http://donate.unicefusa.org/page/contribute/syriaresponse_bsd" />
+		<test url="http://donate.unicefusa.org/page/contribute/children-in-famine" />
+	<target host="events.unicefusa.org" />
+	<target host="fieldnotes.unicefusa.org" />
+	<target host="findit.unicefusa.org" />
+	<target host="globalaction.unicefusa.org" />
+	<target host="gpfeservicedesk.unicefusa.org" />
+	<target host="inside.unicefusa.org" />
+	<target host="inspiredgifts.unicefusa.org" />
+		<test url="http://inspiredgifts.unicefusa.org/content/help" />
+		<test url="http://inspiredgifts.unicefusa.org/gifts/super-hero-pack" />
+		<test url="http://inspiredgifts.unicefusa.org/shop/schools" />
+	<target host="market.unicefusa.org" />
+	<target host="myactioncenter.unicefusa.org" />
+	<target host="mydesktop.unicefusa.org" />
+	<target host="secure.unicefusa.org" />
+	<target host="snowflake.unicefusa.org" />
+	<target host="tags.unicefusa.org" />
+		<test url="http://tags.unicefusa.org/fp/clear.png" />
+	<target host="tap.unicefusa.org" />
+	<target host="volunteers.unicefusa.org" />
+	<target host="youth.unicefusa.org" />
+
+	<rule from="^http://unicefusa\.org/"
+			to="https://www.unicefusa.org/" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/UNIDO.org.xml b/src/chrome/content/rules/UNIDO.org.xml
index 1872d5f8eff8..817a2f8c97e2 100644
--- a/src/chrome/content/rules/UNIDO.org.xml
+++ b/src/chrome/content/rules/UNIDO.org.xml
@@ -1,5 +1,5 @@
 <ruleset name="UNIDO.org">
 	<target host="www.unido.org" />
-	<rule from="^http://www\.unido\.org/" to="https://www.unido.org/"/>
+	<rule from="^http:" to="https:" />
 </ruleset>
 
diff --git a/src/chrome/content/rules/UNIPO.sk.xml b/src/chrome/content/rules/UNIPO.sk.xml
new file mode 100644
index 000000000000..3a3f71e3a5bf
--- /dev/null
+++ b/src/chrome/content/rules/UNIPO.sk.xml
@@ -0,0 +1,24 @@
+<!--
+
+    University of Presov
+
+    Nonfunctional hosts:
+
+    connection refused:
+        - upc.unipo.sk
+    certificate chain issues:
+        - napulze.unipo.sk
+-->
+
+
+<ruleset name="UNIPO.sk">
+	<target host="unipo.sk" />
+	<target host="www.unipo.sk" />
+	<target host="elearning.unipo.sk" />
+	<target host="moodle.unipo.sk" />
+	<target host="unipacik.unipo.sk" />
+
+	<rule from="^http://unipo\.sk/" to="https://www.unipo.sk/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/UNIZA.sk.xml b/src/chrome/content/rules/UNIZA.sk.xml
new file mode 100644
index 000000000000..e8c131e97b3c
--- /dev/null
+++ b/src/chrome/content/rules/UNIZA.sk.xml
@@ -0,0 +1,12 @@
+<ruleset name="UNIZA.sk">
+	<target host="uniza.sk" />
+	<target host="www.uniza.sk" />
+	<target host="vzdelavanie.uniza.sk" />
+	<target host="karty.uniza.sk" />
+	<target host="strava.uniza.sk" />
+	<target host="ikt.uniza.sk" />
+	<target host="helpdesk.uniza.sk" />
+	<target host="doch3.uniza.sk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/UNM.edu.xml b/src/chrome/content/rules/UNM.edu.xml
new file mode 100644
index 000000000000..190e48f168a3
--- /dev/null
+++ b/src/chrome/content/rules/UNM.edu.xml
@@ -0,0 +1,67 @@
+<!--
+	Non-functional hosts
+		Timeout was reached:
+		- www.cars.unm.edu
+		- mail.cs.unm.edu
+		- directory.unm.edu
+		- ecc.unm.edu
+
+		SSL peer certificate was not OK:
+		- unm.edu
+		- cs.unm.edu
+		- www.ece.unm.edu
+		- www.soe.unm.edu
+
+		Incomplete certificate chain error:
+		- as2.unm.edu
+
+		Redirect to HTTP:
+		- my.unm.edu
+
+		Mixed content blocking (MCB) triggered:
+		- ece.unm.edu
+		- emanage.unm.edu
+		- it.unm.edu
+		- mitigationplan.unm.edu
+-->
+<ruleset name="UNM.edu (partial)">
+	<target host="unm.edu" />
+	<target host="www.unm.edu" />
+	<target host="abqg.unm.edu" />
+	<target host="at.unm.edu" />
+	<target host="cars.unm.edu" />
+	<target host="cascade.unm.edu" />
+	<target host="cio.unm.edu" />
+	<target host="www.cs.unm.edu" />
+	<target host="fastinfo.unm.edu" />
+	<target host="learningcentral.health.unm.edu" />
+	<target host="help.unm.edu" />
+	<target host="hsc.unm.edu" />
+	<target host="hscapp.unm.edu" />
+	<target host="hscssl.unm.edu" />
+	<target host="iservicedesk.unm.edu" />
+	<target host="loboalerts.unm.edu" />
+	<target host="login.unm.edu" />
+	<test url="http://login.unm.edu/cas/login/" />
+	<target host="lynda.unm.edu" />
+	<target host="help.people.unm.edu" />
+	<target host="police.unm.edu" />
+	<target host="portalchannels.unm.edu" />
+	<target host="search.unm.edu" />
+	<target host="shac.unm.edu" />
+	<target host="shea.unm.edu" />
+	<target host="soe.unm.edu" />
+	<target host="soemep.unm.edu" />
+	<target host="srs.unm.edu" />
+	<target host="studentinfo.unm.edu" />
+	<target host="unmevents.unm.edu" />
+	<target host="unmjobs.unm.edu" />
+	<target host="webcore.unm.edu" />
+	<target host="webmaster.unm.edu" />
+
+	<rule from="^http://unm\.edu/"
+		to="https://www.unm.edu/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/UNM.xml b/src/chrome/content/rules/UNM.xml
deleted file mode 100644
index 13445747ad17..000000000000
--- a/src/chrome/content/rules/UNM.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="UNM" platform="mixedcontent">
-  <target host="unm.edu" />
-  <target host="www.unm.edu" />
-  <target host="ece.unm.edu" />
-  <target host="www.ece.unm.edu" />
-
-  <rule from="^http://(?:www\.)?unm\.edu/" to="https://www.unm.edu/"/>
-  <rule from="^http://(?:www\.)?ece\.unm\.edu/" to="https://www.ece.unm.edu/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/UNODC.org.xml b/src/chrome/content/rules/UNODC.org.xml
index 3d76a1394d50..642c3a6dbb8e 100644
--- a/src/chrome/content/rules/UNODC.org.xml
+++ b/src/chrome/content/rules/UNODC.org.xml
@@ -1,7 +1,54 @@
-<ruleset name="UNODC.org" platform="mixedcontent">
-	<target host="www.unodc.org" />
+<!--
+	Private subdomain:
+		arq.unodc.org
+		arq-qat.unodc.org
+		budget.unodc.org
+		crowd.unodc.org
+		cts.unodc.org
+		cybercrime-study.unodc.org
+		firearmstrafficking.unodc.org
+		golearn-integrity.unodc.org
+		gosupport.unodc.org
+		ip.unodc.org
+		iseek-external.un.org
+		jira.unodc.org
+		memberstates.unodc.org
+		profi.unodc.org
+		staffingtable.unodc.org
+		wiki.unodc.org
+
+	No working URL known:
+		cns.unodc.org
+		services2.unodc.org
+		static.unodc.org
+		trackservices.unodc.org
+
+	Invalid certificate:
+		www.track.unodc.org
+
+-->
+<ruleset name="UNODC.org">
+
 	<target host="unodc.org" />
-	<rule from="^http://www\.unodc\.org/" to="https://www.unodc.org/"/>
-	<rule from="^http://unodc\.org/" to="https://www.unodc.org/"/>
-</ruleset>
+	<target host="www.unodc.org" />
+	<target host="adrs.unodc.org" />
+	<target host="css.unodc.org" />
+	<target host="ctlp.unodc.org" />
+	<target host="data.unodc.org" />
+	<target host="goaml.unodc.org" />
+	<target host="gocase.unodc.org" />
+	<target host="goidm.unodc.org" />
+	<target host="golearn.unodc.org" />
+	<target host="goprs.unodc.org" />
+	<target host="gotrace.unodc.org" />
+	<target host="integrity.unodc.org" />
+	<target host="multimedia.unodc.org" />
+	<target host="sherloc.unodc.org" />
+	<target host="stats.unodc.org" />
+	<target host="thefightagainstcorruption.unodc.org" />
+	<target host="www.thefightagainstcorruption.unodc.org" />
+	<target host="track.unodc.org" />
 
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/UNSW.xml b/src/chrome/content/rules/UNSW.xml
index 64eb42a22ce2..d6140a8cd8da 100644
--- a/src/chrome/content/rules/UNSW.xml
+++ b/src/chrome/content/rules/UNSW.xml
@@ -1,7 +1,22 @@
-<ruleset name="UNSW">
-    <target host="*.unsw.edu.au" />
+<!--
+	Fully covered hosts in *unsw.edu.au:
 
-    <rule from="^http://(newsroom\.|www\.)?unsw\.edu\.au/" to="https://$1unsw.edu.au/" />
+		- (www.)?
+		- www.cse
+		- newsroom
+
+-->
+<ruleset name="UNSW.edu.au">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="unsw.edu.au" />
+	<target host="www.cse.unsw.edu.au" />
+	<target host="newsroom.unsw.edu.au" />
+	<target host="www.unsw.edu.au" />
+
+	<rule from="^http:"
+		to="https:" />
     <!--
     This subdomain is signed by CA cert, and some content is missing over
     HTTPS, for instance http://www.gelato.unsw.edu.au/archives/git/
diff --git a/src/chrome/content/rules/UN_Multimedia.org.xml b/src/chrome/content/rules/UN_Multimedia.org.xml
new file mode 100644
index 000000000000..8fd8ccff5178
--- /dev/null
+++ b/src/chrome/content/rules/UN_Multimedia.org.xml
@@ -0,0 +1,16 @@
+<!--
+	For other United Nations coverage, see UN.org.xml.
+
+	Non-functional hosts
+		Timeout was reached:
+		- control.unmultimedia.org
+
+		SSL peer certificate was not OK:
+		- downloads.unmultimedia.org
+-->
+<ruleset name="UN Multimedia.org">
+	<target host="unmultimedia.org" />
+	<target host="www.unmultimedia.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/UOL.xml b/src/chrome/content/rules/UOL.xml
index e995a465cabb..1dce059af37f 100644
--- a/src/chrome/content/rules/UOL.xml
+++ b/src/chrome/content/rules/UOL.xml
@@ -1,26 +1,176 @@
 <!--
+	Other UOL rulesets:
+
+		- ImgUOL.com.xml
+		- JsUOL.com.br.xml
+		- NotaNet.com.br.xml
+
+
 	!functional:
 		- e.busca.uol.com.br	(timeout)
 		- [anr].i.uol.com.br
 		- pubshop.img.uol.com.br
-		- (www.)uol.com.br	(timeout)
-		- imguol.com
 		- ads.imguol.com
 		- host.imguol.com
 		- [eh].imguol.com	(timeout)
-		- jsuol.com		(ditto)
 		- media.imguol.com
 
+
+	Nonfunctional subdomains:
+
+		- (www.)? ¹
+		- adrenaline ¹
+		- uolvideos.blog ²
+		- www.bol ¹
+		- combatarms ²
+		- convergenciadigital ¹
+		- denuncia (cert-chain)
+		- edmotta ²
+		- email ¹
+		- esporte ¹
+		- direito.folha ¹
+		- www.folha ¹
+		- hon ³
+		- img ²
+		- home.img ²
+		- jovempan ¹
+		- levelupgames ²
+		- lib ²
+		- beta.mais ²
+		- metodista ²
+		- mtv ¹
+		- noticias ¹
+		- forum.pagseguro ¹
+		- mais.perfil ²
+		- regras ¹
+		- shopping ²
+		- central.shopping ⁴
+		- tts (500)
+		- comprar.todaoferta ⁵
+		- ed.img.todaoferta ⁶
+		- tudodownloads ²
+		- verifica ¹
+		- xfire ²
+		- www1 ¹
+		- www3 ¹
+
+	¹ Dropped
+	² Refused
+	³ 404
+	⁴ 403
+	⁵ Redirects to todaoferta
+	⁶ Shows user.img.todaoferta
+
+
+	Problematic subdomains:
+
+		- mais ²
+		- todaoferta ²
+
+	¹ Dropped
+	² Mixed css
+
+
+	Fully covered subdomains:
+
+		- acesso
+		- visitante.acesso
+		- cadastro
+		- pagseguro.captcha
+		- go4gold
+		- thumb.mais
+
+		- pagseguro
+		- sandbox.pagseguro
+		- stc.sandbox.pagseguro
+		- stc.pagseguro
+		- ws.pagseguro
+
+		- painelhost
+		- warframe.partner
+		- clicklogger.rm
+		- sac
+		- simg
+		- p.simg
+		- verifica
+
+
+	These altnames don't exist:
+
+		- www.go4gold.uol.com.br
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .uol.com.br
+		- cadastro.uol.com.br
+		- pagseguro.uol.com.br
+		- .pagseguro.uol.com.br
+		- sandbox.pagseguro.uol.com.br
+
+
+	Mixed content:
+
+		- css, on:
+
+			- mais from $self
+			- todaoferta from jsuol.com.br
+
+		- Images, on:
+
+			- mais from mais.imguol.com
+			- mais from img.uol.com.br
+			- mais from thumb.mais.uol.com.br
+			- todaoferta from todaoferta.imguol.com
+			- todaoferta from ed.img.todaoferta.uol.com.br
+
+		- favicon on mais from home.img.uol.com.br
+
+		- Ads on todaoferta from www.googleadservices.com
+
 -->
-<ruleset name="UOL (partial)" platform="mixedcontent">
+<ruleset name="UOL.com.br (partial)">
+
+	<target host="acesso.uol.com.br" />
+	<target host="visitante.acesso.uol.com.br" />
+	<target host="cadastro.uol.com.br" />
+	<target host="click.uol.com.br" />
+	<target host="pagseguro.captcha.uol.com.br" />
+	<target host="go4gold.uol.com.br" />
+	<target host="mais.uol.com.br" />
+	<target host="thumb.mais.uol.com.br" />
+	<target host="pagseguro.uol.com.br" />
+	<target host="sandbox.pagseguro.uol.com.br" />
+	<target host="stc.sandbox.pagseguro.uol.com.br" />
+	<target host="stc.pagseguro.uol.com.br" />
+	<target host="ws.pagseguro.uol.com.br" />
+	<target host="painelhost.uol.com.br" />
+	<target host="warframe.partner.uol.com.br" />
+	<target host="clicklogger.rm.uol.com.br" />
+	<target host="sac.uol.com.br" />
+	<target host="simg.uol.com.br" />
+	<target host="p.simg.uol.com.br" />
+
+		<!--	Avoid broken MCB:
+						-->
+		<exclusion pattern="^http://mais\.uol\.com\.br/+(?!stc/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://mais.uol.com.br/view/14847718" />
+			<test url="http://mais.uol.com.br/view/15402411" />
+
+			<!--	-ve:
+					-->
+			<test url="http://mais.uol.com.br/stc/mais/c/main.css" />
+			<test url="http://mais.uol.com.br/stc/mais/c/thickbox.css" />
 
-	<target host="mtv.uol.com.br"/>
-	<target host="p.simg.uol.com.br"/>
 
-	<!--	encountered cookies:
-			- .uol.com.br	-->
+	<securecookie host="^\.uol\.com\.br$" name="^RMTRK\.ID$" />
+	<securecookie host="^(?:cadastro|(?:sandbox\.)?pagseguro)\.uol\.com\.br$" name=".+" />
+	<securecookie host="^\.pagseguro\.uol\.com\.br$" name="^(?:LAST_SERVER_HIT|TS\w+)$" />
 
-	<rule from="^http://(mtv|p\.simg)\.uol\.com\.br/"
-		to="https://$1.uol.com.br/"/>
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/UOregon.xml b/src/chrome/content/rules/UOregon.xml
index fa9c445ed1d5..b6fccec36ecb 100644
--- a/src/chrome/content/rules/UOregon.xml
+++ b/src/chrome/content/rules/UOregon.xml
@@ -1,11 +1,346 @@
+<!--
+	Nonfunctional subdomains:
+
+		- advising ¹
+		- bias ¹
+		- cassites ²
+		- cep		(Shows academicextension
+		- classes ¹
+		- cllas ¹
+		- dabbler2...:8090	(Plaintext reply
+		- economics ²
+		- envs ³
+		- getinvolved	(404
+		- global ²
+		- healthyoregon	(404
+		- inclusion	(Redirects to campusops
+		- jwj-fm ¹
+		- leadership ¹
+		- map ¹
+		- oied		(Redirects to campusops
+		- outdoorprogram ¹
+		- pages ¹
+		- natural-history ²
+		- pathwayoregon ¹
+		- perec ¹
+		- physiology ²
+		- sa-aoyama ¹
+		- safe		(IIS7 test page
+		- sci		(Redirects to aaa
+		- serve		(IIS7 test page
+		- tobaccofree	(IIS7 test page
+		- uocatalog ¹
+		- uopress	(Redirects to campusops
+		- uoprint	(Redirects to campusops
+		- uorec ¹
+		- uosummer	(Shows academicextension
+		- ups		(Redirects to campusops
+		- waynemorsecenter ²
+
+	¹ Refused
+	² Shows CentOS test page
+	³ Redirects to http
+
+
+	Problematic subdomains:
+
+		- aaeo		($ redirects to adr/
+		- ae		(Mismatched, CN: academicextension.uoregon.edu
+		- aimblog ¹
+		- caspages ¹
+		- cheminfo ¹
+		- chemistry ¹
+		- codac ¹
+		- crwr ¹
+		- duckweb ²
+		- www.emu	(Cert only matches *.uoregon.edu
+		- facultyhiring ³
+		- financialaid ³
+		- geography ¹
+		- giving	(iModules
+		- law		(Mixed css
+		- oa ¹
+		- homelessness.philosophy ¹
+		- lawadmissions	(Mismatched, CN: law.uoregon.edu; mixed css
+		- newsletter	(Refused
+		- physics ¹
+		- prelaw ¹
+		- recovery ¹
+		- (www.)registrar ³
+		- rl ¹
+		- religion ¹
+		- sci		(Redirects to aaa
+		- uorec
+		- vpsa		(Refused
+
+	¹ Mismatched, CN: blogs.uoregon.edu
+	² Configured for rc4 only
+	³ Mismatched, CN: secureserver.uoregon.edu; mixed css
+
+
+	Partially covered subdomains:
+
+		- aaeo ¹
+		- ba ²
+		- (www.)law ³
+		- parking
+		- safetyweb
+		- sapp ³
+
+	¹ $ redirects to adr/
+	² $ redirects to http
+	³ Avoiding mixed css
+
+
+	Fully covered subdomains:
+
+		- (www.)
+		- aaa
+		- academicaffairs
+		- academicextension
+		- admissions
+		- ae			(→ academicextension)
+		- aim
+		- around
+		- asap
+		- blogs
+		- calendar
+		- campusops
+		- career
+		- casadmin
+		- casit
+		- casitdocs
+		- casitforms
+		- casitjobs
+		- casitweb
+		- cinema
+		- videos.cinema
+		- cmae
+		- commencement
+		- conferences
+		- counseling
+		- des
+		- digital
+		- duckid
+		- duckweb
+		- (www.)emu		(www → ^)
+		- english
+		- faprod
+		- ffp
+		- geogadvising
+		- giving		(→ securelb.imodules.com)
+		- gradschool
+		- gradweb
+		- graphicacy
+		- healthcenter
+		- healthycampus
+		- hr
+		- inventory
+		- library
+		- lists
+		- lists-prod
+		- newsletter	(→ studentlife)
+		- oem
+		- pde
+		- proofpoint
+		- sa-web
+		- secureserver
+		- shibboleth
+		- studentlife
+		- sustainablemap
+		- svpe
+		- swat
+		- tembo
+		- uodos
+		- uonews
+		- uoresearch
+		- vpsa		(→ studentlife)
+		- webmail
+
+
+	Insecure cookies are set for these domains:
+
+		- ^
+		- .
+		- academicaffairs
+		- academicextension
+		- admissions
+		- aim
+		- aimblog
+		- around
+		- blackboard
+		- blogs
+		- calendar
+		- campusops
+		- .campusops
+		- .career
+		- .casadmin
+		- casitforms
+		- caspages
+		- cheminfo
+		- chemistry
+		- cmae
+		- codac
+		- commencement
+		- conferences
+		- counseling
+		- crwr
+		- des
+		- .des
+		- digital
+		- .digital
+		- duckid
+		- duckweb
+		- emu
+		- facultyhiring
+		- geogadvising
+		- .geogadvising
+		- geography
+		- gradschool
+		- gradweb
+		- healthcenter
+		- housing
+		- .hr
+		- inventory
+		- it
+		- .it
+		- law
+		- lawadmissions
+		- oa
+		- oem
+		- pde
+		- homelessness.philosophy
+		- physics
+		- prelaw
+		- recovery
+		- .registrar
+		- religion
+		- rl
+		- sapp
+		- studentlife
+		- sustainablemap
+		- svpe
+		- swat
+		- tembo
+		- uodos
+		- uonews
+		- .uonews
+		- uoresearch
+		- .uoresearch
+		- webmail
+		- www
+
+
+	These altnames don't exist:
+
+		- sa-cert.uoregon.edu
+
+
+	Mixed content:
+
+		- css, on:
+
+			- cheminfo, uodos from fonts.googleapis.com ¹
+			- registrar from $self ²
+			- sapp from academicextension ¹
+
+		- Images, on:
+
+			- ^ from $self ¹
+			- around from $self ¹
+			- blogs, chemistry, geography, homelessness.philosophy from blogs ¹
+			- cinema from $self ¹
+			- english from $self ¹
+			- cheminfo, geography, it, and rl from it ¹
+			- financialaid from $self ²
+			- gradschool from $self ¹
+			- registrar from $self ²
+			- uonews from ^ ¹
+
+	¹ Secured by us
+	² Not secured by us <= mismatched
+
+-->
 <ruleset name="UOregon (Partial!)">
+	<target host="uoregon.edu" />
   <target host="*.uoregon.edu" />
-  <rule from="^http://(oregoncis|blackboard|distanceeducation|counseling|duckweb|hr2|ir|it|pcs|budgetmotel|brp|libweb|lcb|odt|scholarsbank|wiki|systems\.cs|www2\.lcb|www\.(cs|law|lcb))\.uoregon\.edu/"
-          to="https://$1.uoregon.edu/"/>
+		<exclusion pattern="^http://aaeo\.uoregon\.edu/+(?!adr(?:$|[?/]))" />
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="^http://ba\.uoregon\.edu/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://ba\.uoregon\.edu/+(?!favicon\.ico|misc/|sites/)" />
+		<!--
+			Avoid broken MCB:
+						-->
+		<exclusion pattern="^http://(?:www\.)?law\.uoregon\.edu/+(?!assets/|favicon\.ico|wp-content/|wp-includes/)" />
+		<exclusion pattern="^http://sapp\.uoregon\.edu/+(?!favicon\.ico|images/|style\.css)" />
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?uoregon\.edu$" name="^wc-www_cookie$" /-->
+	<!--securecookie host="^(academicaffairs|casitforms)\.uoregon\.edu$" name="^_shibstate_\d+_[0-9a-f]+" /-->
+	<!--securecookie host="^(academicaffairs|casitjobs|ffp|geogadvising|gradschool|inventory)\.uoregon\.edu$" name="^uo_drupal_prod_session$" /-->
+	<!--securecookie host="^(academicextension|aim|pde|sapp)\.uoregon\.edu$" name="^sid$" /-->
+	<!--securecookie host="^(admissions|casitforms|emu|oem|studentlife)\.uoregon\.edu$" name="^uo_drupal_prod_session" /-->
+	<!--securecookie host="^(aimblog|blogs|caspages|cheminfo|chemistry|codac|crwr|facultyhiring|geography|oa|homelessness\.philosophy|physics|prelaw|recovery|religion|rl)\.uoregon\.edu$" name="^(spo_\d+_\w+|xid)$" /-->
+	<!--securecookie host="^(around|des|digital|uonews|uoresearch)\.uoregon\.edu$" name="^wc-sites_cookie$" /-->
+	<!--securecookie host="^blackboard\.uoregon\.edu$" name="^(blackboard_cookie|session_id)$" /-->
+	<!--securecookie host="^calendar\.uoregon\.edu$" name="^_session_id$" /-->
+	<!--securecookie host="^campusops\.uoregon\.edu$" name="^_shibstate_[\da-f]{8}$" /-->
+	<!--securecookie host="^\.((campusops|career|casadmin|des|digital|financialaid|geogadvising|hr|it|registrar|uonews|uoresearch)\.)?uoregon\.edu$" name="^SESS[0-9a-f]{32}$" /-->
+	<!--securecookie host="^(cmae|commencement|counseling|healthcenter|svpe|swat|uodos)\.uoregon\.edu$" name="^(\.ASPXANONYMOUS|language)$" /-->
+	<!--securecookie host="^(commencement|counseling|sustainablemap|uodos)\.uoregon\.edu$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^(conferences|crwr|law|lawadmissions)\.uoregon\.edu$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^(duckid|duckweb)\.uoregon\.edu$" name="^TESTID$" /-->
+	<!--securecookie host="^(gradweb|tembo)\.uoregon\.edu$" name="ASPSESSIONID[A-Z]{8}$" /-->
+	<!--securecookie host="^healthcenter\.uoregon\.edu$" name="^(DNNEvents|DNNEvents419)$" /-->
+	<!--securecookie host="^it\.uoregon\.edu$" name="^(UUID|uo_sticky_session)$" /-->
+	<!--securecookie host="^webmail\.uoregon\.edu$" name="^roundcube_sessid$" /-->
+
+	<securecookie host="^(?:(?:academicextension|aim|around|blackboard|blogs|calendar|campusops|\.casadmin|commencement|conferences|counseling|des|digital|emu|ffp|\.?geogadvising|gradschool|gradweb|healthcenter|inventory|it|oem|studentlife|sustainablemap|svpe|swat|tembo|uonews|uoresearch|webmail|www)\.)?uoregon\.edu$" name=".+" />
+
+  <rule from="^http://((?:aaa|aaeo|academicaffairs|academicextension|aim|around|asap|ba|oregoncis|blackboard|blogs|calendar|campusops|career|casadmin|casit(?:docs|forms|jobs|web)?|(?:videos\.)?cinema|cmae|commencement|conferences|distanceeducation|counseling|des|digital|duckid|duckweb|english|faprod|ffp|geogadvising|gradschool|gradweb|graphicacy|healthcenter|healthycampus|housing|hr2?|inventory|ir|it|pcs|budgetmotel|brp|library|libweb|lcb|lists|lists-prod|odt|oem|pde|proofpoint|sa-web|sapp|scholarsbank|secureserver|shibboleth|studentlife|sustainablemap|svpe|swat|tembo|wiki|systems\.cs|uodos|uonews|www2\.lcb|www\.(cs|law|lcb)|uoresearch|webmail|www)\.)?uoregon\.edu/"
+          to="https://$1uoregon.edu/"/>
   <rule from="^http://(ba|safetyweb)\.uoregon\.edu/sites/"
           to="https://$1.uoregon.edu/sites/"/>
+
+	<rule from="^http://ae\.uoregon\.edu/"
+		to="https://academicextension.uoregon.edu/" />
+
+	<!--	Domains for which both !www and www exist,
+		but only !www works unproblematically:
+							-->
+	<rule from="^http://(?:www\.)?emu\.uoregon\.edu/"
+		to="https://emu.uoregon.edu/" />
+
+	<rule from="^http://giving\.uoregon\.edu/(?=$|\?)"
+		to="https://securelb.imodules.com/s/1540/development/start.aspx?gid=2&amp;pgid=61" />
+
+	<rule from="^http://giving\.uoregon\.edu/"
+		to="https://securelb.imodules.com/" />
+
+	<!--	Domains for which both !www and www exist,
+		and both work unproblematically:
+						-->
+	<rule from="^http://(www\.)?law\.uoregon\.edu/"
+		to="https://$1law.uoregon.edu/" />
+
+	<!--	Redirect drops path and args:
+						-->
+	<rule from="^http://newsletter\.uoregon\.edu/.*"
+		to="https://studentlife.uoregon.edu/" />
+
   <rule from="^http://parking\.uoregon\.edu/(sites|misc|_images)/"
           to="https://parking.uoregon.edu/$1/"/>
-          
+
+	<!--	Redirect drops path but not args:
+						-->
+	<rule from="^http://vpsa\.uoregon\.edu/[^?]*"
+		to="https://studentlife.uoregon.edu/" />
+
 </ruleset>
 
diff --git a/src/chrome/content/rules/UPC.cz.xml b/src/chrome/content/rules/UPC.cz.xml
new file mode 100644
index 000000000000..7be2334d0de6
--- /dev/null
+++ b/src/chrome/content/rules/UPC.cz.xml
@@ -0,0 +1,21 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://tvprogram.upc.cz/ => https://tvprogram.upc.cz/: (28, 'Connection timed out after 20004 milliseconds')
+
+-->
+<ruleset name="UPC Česká republika s.r.o." default_off="failed ruleset test">
+    <target host="upc.cz" />
+    <target host="www.upc.cz" />
+    <target host="tvprogram.upc.cz" />
+    <target host="upcmail.upc.cz" />
+    <target host="business.upc.cz" />
+    <target host="origin.www.upc.cz" />
+    <target host="origin.business.upc.cz" />
+    <target host="my.upc.cz" />
+    <target host="eshop.upc.cz" />
+    <target host="app.upc.cz" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/UPC.edu.xml b/src/chrome/content/rules/UPC.edu.xml
new file mode 100644
index 000000000000..2abcf04e6812
--- /dev/null
+++ b/src/chrome/content/rules/UPC.edu.xml
@@ -0,0 +1,25 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- www.cdei.upc.edu
+		- citm.upc.edu
+		- talent.upc.edu
+
+		Incomplete certificate chain error:
+		- de-etseib.upc.edu
+-->
+<ruleset name="UPC.edu (partial)">
+	<target host="upc.edu" />
+	<target host="www.upc.edu" />
+	<target host="cit.upc.edu" />
+	<target host="www.citcea.upc.edu" />
+	<target host="www.citm.upc.edu" />
+	<target host="futur.upc.edu" />
+	<target host="futurcivilcamins.upc.edu" />
+	<target host="www.iri.upc.edu" />
+	<target host="maps.upc.edu" />
+	<target host="prisma-nou.upc.edu" />
+	<target host="www.talent.upc.edu" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/UPC.es.xml b/src/chrome/content/rules/UPC.es.xml
new file mode 100644
index 000000000000..26916597433c
--- /dev/null
+++ b/src/chrome/content/rules/UPC.es.xml
@@ -0,0 +1,106 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+		- aqua.upc.es
+		- bauma.upc.es
+		- ceo-bcn.upc.es
+		- dijkstra.upc.es
+		- alggen.lsi.upc.es
+		- newg1.upc.es
+		- soft0.upc.es
+		- taupres.upc.es
+
+		Timeout was reached:
+		- arrier.upc.es
+		- cafes.cimne.upc.es
+		- hoyoh.cimne.upc.es
+		- dfa.upc.es
+		- disbauxes.upc.es
+		- distorsio.upc.es
+		- sorap.epsevg.upc.es
+		- esf.upc.es
+		- gebrada.upc.es
+		- ieb-srv1.upc.es
+		- jaumetor.upc.es
+		- lewis.upc.es
+		- petrus.upc.es
+		- www-cpsv.upc.es
+		- www-fa.upc.es
+		- www-fen.upc.es
+		- eragon.upc.es:3000
+
+		SSL connect error:
+		- aransa.upc.es
+		- collbaix.upc.es
+		- ctvg.upc.es
+		- www.eupm.upc.es
+		- www-assig.fib.upc.es
+		- www-pagines.fib.upc.es
+		- www.ioc.upc.es
+		- lacova.upc.es
+		- webmail.lsi.upc.es
+		- mitra.upc.es
+		- plus.upc.es
+		- senna.upc.es
+		- www-entel.upc.es
+		- www-eupm.upc.es
+		- ben.upc.es:8080
+
+		SSL peer certificate was not OK:
+		- investigacion.ac.upc.es
+		- research.ac.upc.es
+		- studies.ac.upc.es
+		- biblioteques.upc.es
+		- congress.cimne.upc.es
+		- digsys.upc.es
+		- eragon.upc.es
+		- www.etsav.upc.es
+		- forumtelecos.upc.es
+		- ieee.upc.es
+		- telecogresca.upc.es
+		- www.urus.upc.es
+		- www-etsav.upc.es
+		- www-fnb.upc.es
+		- www-iri.upc.es
+		- zua.upc.es
+
+		Peer certificate cannot be authenticated with given CA certificates:
+		- context.upc.es
+		- www.lab.upc.es
+		- maite29.upc.es
+		- nmg.upc.es
+
+		Incomplete certificate chain error:
+		- cartesius.upc.es
+		- cttc.upc.es
+		- faxtcm.upc.es
+		- learnsql.fib.upc.es
+		- www.jcee.upc.es
+
+		Different content:
+		- mie.esab.upc.es
+
+		Mixed content blocking (MCB) triggered:
+		- ceo.upc.es
+-->
+<ruleset name="UPC.es (partial)">
+	<target host="docencia.ac.upc.es" />
+	<target host="people.ac.upc.es" />
+	<target host="personals.ac.upc.es" />
+	<target host="aess.upc.es" />
+	<target host="www.ccaba.upc.es" />
+	<target host="citmalumnes.upc.es" />
+	<target host="www.cresca.upc.es" />
+	<target host="ct-aules.upc.es" />
+	<target host="www.eel-ct.upc.es" />
+	<target host="everest-ist.upc.es" />
+	<target host="www.laict.upc.es" />
+	<target host="leam.upc.es" />
+	<target host="salesvirtuals.upc.es" />
+	<target host="www.terrassa.upc.es" />
+	<target host="txt.upc.es" />
+	<target host="www-eio.upc.es" />
+	<target host="zelda.upc.es" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/UPC.ie.xml b/src/chrome/content/rules/UPC.ie.xml
new file mode 100644
index 000000000000..63ec435259c3
--- /dev/null
+++ b/src/chrome/content/rules/UPC.ie.xml
@@ -0,0 +1,61 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://as.upc.ie/ => https://as.upc.ie/: (60, 'SSL certificate problem: certificate has expired')
+
+	Problematic hosts in *upc.ie:
+
+		- preprod.business ᶜ
+		- connect ᶜ
+		- dialin ᶜ
+		- mail ᶜ
+		- meet ᶜ
+		- tvguide ᶜ
+		- tv-guide ᶜ
+		- preprod.www ᶜ
+
+	ᶜ Missing certificate chain
+
+
+	These altnames don't exist:
+
+		- autodiscover.upc.ie
+
+
+	Insecure cookies are set for these hosts:
+
+		- mail.upc.ie
+
+-->
+<ruleset name="UPC.ie (partial)" default_off="failed ruleset test">
+
+	<target host="upc.ie" />
+	<target host="as.upc.ie" />
+	<target host="business.upc.ie" />
+	<target host="origin.business.upc.ie" />
+	<!--target host="preprod.business.upc.ie" /-->
+	<!--target host="connect.upc.ie" /-->
+	<!--target host="dialin.upc.ie" /-->
+	<!--target host="mail.upc.ie" /-->
+	<!--target host="meet.upc.ie" /-->
+	<target host="sip.upc.ie" />
+	<target host="sipexternal.upc.ie" />
+	<!--target host="tvguide.upc.ie" /-->
+	<!--target host="tv-guide.upc.ie" /-->
+	<target host="upcmail.upc.ie" />
+	<target host="www.upc.ie" />
+	<target host="origin.www.upc.ie" />
+	<!--target host="preprod.www.upc.ie" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^mail\.upc\.ie$" name="^ClientId$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/UPC.nl.xml b/src/chrome/content/rules/UPC.nl.xml
index 4c946ba25b1c..cafb8dde1e76 100644
--- a/src/chrome/content/rules/UPC.nl.xml
+++ b/src/chrome/content/rules/UPC.nl.xml
@@ -1,34 +1,65 @@
+
 <!--
-	Nonfunctional subdomains:
+Disabled by https-everywhere-checker because:
+Fetch error: http://service.upc.nl/ => https://service.upc.nl/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	Nonfunctional hosts in *upc.nl:
+
+		- assets ʳ
 
-		- assets	(refused)
+	ʳ Refused
 
 
-	Fully covered subdomains:
+	Problematic hosts in *upc.nl:
 
-		- (www.)
-		- business
-		- preprod.business
-		- grootzakelijk
-		- m
-		- tvgids
-		- overupc
-		- service
-		- upcmail
-		- vragen
-		- preprod.www
+		- business ᵐ
+		- preprod.business ᵉ
+		- m ᵉ
+		- overupc ᵐ
+		- tvgids ᵉ
+		- preprod.www ᵉ
+
+	ᵉ Expired
+	ᵐ Mismatched
 
 -->
-<ruleset name="UPC">
+<ruleset name="UPC.nl (partial)" default_off="failed ruleset test">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="upc.nl" />
-	<target host="*.upc.nl" />
+	<target host="grootzakelijk.upc.nl" />
+	<target host="service.upc.nl" />
+	<target host="upcmail.upc.nl" />
+	<target host="vragen.upc.nl" />
+	<target host="www.upc.nl" />
+
+	<!--	Complications:
+				-->
+	<target host="business.upc.nl" />
+	<target host="overupc.upc.nl" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<!--	Redirect keeps path and args,
+		but not forward slash:
+					-->
+	<rule from="^http://business\.upc\.nl/+"
+		to="https://www.upcbusiness.nl/" />
 
+		<test url="http://business.upc.nl/index.php" />
 
-	<securecookie host="^(?:service|upcmail|vragen|www)?\.upc\.nl$" name=".+" />
+	<!--	Redirect drops forward slash
+		and path, but not args:
+					-->
+	<rule from="^http://overupc\.upc\.nl/[^?]*"
+		to="https://www.ziggo.nl/klantenservice/administratief/service/accessoires-shop/" />
 
+		<test url="http://overupc.upc.nl/index.php" />
 
-	<rule from="^http://((?:business|preprod\.(?:business|www)|grootzakelijk|m|tvgids|overupc|service|upcmail|vragen|www)\.)?upc\.nl/"
-		to="https://$1upc.nl/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/UPC_Business.nl.xml b/src/chrome/content/rules/UPC_Business.nl.xml
new file mode 100644
index 000000000000..7436f36b74a1
--- /dev/null
+++ b/src/chrome/content/rules/UPC_Business.nl.xml
@@ -0,0 +1,20 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://origin.www.upcbusiness.nl/ => https://origin.www.upcbusiness.nl/: (7, 'Failed to connect to origin.www.upcbusiness.nl port 443: No route to host')
+
+-->
+<ruleset name="UPC Business.nl" default_off="failed ruleset test">
+
+	<target host="upcbusiness.nl" />
+	<target host="www.upcbusiness.nl" />
+	<target host="origin.www.upcbusiness.nl" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/UPI.com-falsemixed.xml b/src/chrome/content/rules/UPI.com-falsemixed.xml
new file mode 100644
index 000000000000..8e9a0ae1a66d
--- /dev/null
+++ b/src/chrome/content/rules/UPI.com-falsemixed.xml
@@ -0,0 +1,13 @@
+<!--
+	For rules not causing false/broken MCB, see UPI.com.xml.
+
+-->
+<ruleset name="UPI.com (false MCB)" default_off="expired" platform="mixedcontent">
+
+	<target host="www.upi.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/UPI.com.xml b/src/chrome/content/rules/UPI.com.xml
new file mode 100644
index 000000000000..e0229db0ffec
--- /dev/null
+++ b/src/chrome/content/rules/UPI.com.xml
@@ -0,0 +1,34 @@
+<!--
+	United Press International
+
+	For rules causing false/broken MCB, see UPI.com-falsemixed.xml.
+
+
+	Mixed content:
+
+		- css on www from $self *
+
+		- Images, on:
+
+			- www from $self *
+			- www from cdnph *
+
+		- favicon on www from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="UPI.com (partial)" default_off="expired">
+
+	<target host="upi.com" />
+	<target host="cdnph.upi.com" />
+	<target host="www.upi.com" />
+		<!--
+			Avoid broken MCB:
+						-->
+		<exclusion pattern="^http://www\.upi\.com/+(?!favicon\.ico|img/|inc/|upi/dw/css/)" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/UPR.edu.xml b/src/chrome/content/rules/UPR.edu.xml
new file mode 100644
index 000000000000..c5315344f2a3
--- /dev/null
+++ b/src/chrome/content/rules/UPR.edu.xml
@@ -0,0 +1,57 @@
+<!--
+	Other upr.edu related rulesets:
+		- LaEditorialUPR.com.xml
+
+	Non-functional hosts
+		Couldn't connect to server:
+			 - dialogodigital.upr.edu
+			 - exito.upr.edu
+			 - juntauniversitaria.upr.edu
+			 - navegadordeprogramas.upr.edu
+			 - web.rcm.upr.edu
+
+		Timeout was reached:
+			 - portalwww.cayey.upr.edu
+			 - exalumnos.upr.edu
+			 - fondodotal.upr.edu
+			 - ja.upr.edu
+			 - home.uprc.upr.edu
+			 - www.vcertifica.upr.edu
+
+		SSL connect error:
+			 - acweb.upr.edu
+			 - correo.upr.edu
+			 - phl.upr.edu
+
+		SSL peer certificate was not OK:
+			 - www.cayey.upr.edu
+			 - estudiantes.upr.edu
+			 - juntagobierno.upr.edu
+			 - www.rcse.upr.edu
+			 - www.retiro.upr.edu
+
+		Peer certificate cannot be authenticated with given CA certificates:
+			 - nuevaupr.upr.edu
+			 - creced.rcm.upr.edu
+			 - www.rcm.upr.edu
+
+		Incomplete certificate chain error:
+			 - redi.upr.edu
+
+		Mixed content blocking (MCB) tiggered:
+			 - cayey.upr.edu
+			 - www.upr.edu
+-->
+<ruleset name="Universidad de Puerto Rico (partial)">
+	<target host="admisiones.upr.edu" />
+	<target host="hpcf.upr.edu" />
+	<target host="mail.hpcf.upr.edu" />
+	<target host="webmail.hpcf.upr.edu" />
+	<target host="www.hpcf.upr.edu" />
+	<target host="idp.upr.edu" />
+	<target host="patsiprod.upr.edu" />
+	<target host="portal.upr.edu" />
+	<target host="retiro.upr.edu" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/UPS.com.xml b/src/chrome/content/rules/UPS.com.xml
index 7c1b473dc4ac..8ea1a78a0e49 100644
--- a/src/chrome/content/rules/UPS.com.xml
+++ b/src/chrome/content/rules/UPS.com.xml
@@ -1,33 +1,65 @@
 <!--
+
 	Problematic subdomains:
 
 		- ^		(cert only matches www)
 		- campusship	(404, cert only matches www.campusship)
 
 
+	Partially covered subdomains
+
+		- (www.) *		(^ → www)
+
+	* Some (most?) pages started redirecting to http
+
+
 	Fully covered subdomains:
 
-		- (www.)		(^ → www)
 		- www.apps
 		- (www.)campusship	(^ → www)
 		- wwwapps
 
 -->
-<ruleset name="UPS.com">
+<ruleset name="UPS.com (partial)">
 
 	<target host="ups.com" />
-	<target host="*.ups.com" />
-
+		<exclusion pattern="^http://ups.com/$" />
+	<target host="www.ups.com" />
+		<exclusion pattern="^http://www.ups.com/$" />
+	<target host="wwwapps.ups.com" />
+	<target host="www.apps.ups.com" />
+	<target host="campusship.ups.com" />
+	<target host="www.campusship.ups.com" />
 
 	<securecookie host="^www\.campusship\.ups\.com$" name=".+" />
 
-
-	<rule from="^http://(?:www\.)?ups\.com/"
-		to="https://www.ups.com/" />
+	<rule from="^http://(www\.)?ups\.com/(assets/|favicon\.ico|img/|styles/|stylesheets/)"
+		to="https://www.ups.com/$2" />
+		<test url="http://ups.com/assets/" />
+		<test url="http://ups.com/favicon.ico" />
+		<test url="http://ups.com/img/" />
+		<test url="http://ups.com/styles/" />
+		<test url="http://ups.com/stylesheets/" />
+		<test url="http://www.ups.com/assets/" />
+		<test url="http://www.ups.com/favicon.ico" />
+		<test url="http://www.ups.com/img/" />
+		<test url="http://www.ups.com/styles/" />
+		<test url="http://www.ups.com/stylesheets/" />
 
 	<rule from="^http://www(\.)?apps\.ups\.com/"
 		to="https://www$1apps.ups.com/" />
 
+		<!--
+			Now redirects to login:
+						-->
+		<exclusion pattern="^http://www(\.)?apps\.ups\.com/WebTracking/track($|\?)" />
+			<test url="http://wwwapps.ups.com/WebTracking/track" />
+			<test url="http://wwwapps.ups.com/WebTracking/track?" />
+			<test url="http://wwwapps.ups.com/WebTracking/track?foo" />
+			<test url="http://www.apps.ups.com/WebTracking/track" />
+			<test url="http://www.apps.ups.com/WebTracking/track?" />
+			<test url="http://www.apps.ups.com/WebTracking/track?foo" />
+
 	<rule from="^http://(?:www\.)?campusship\.ups\.com/"
 		to="https://www.campusship.ups.com/" />
 
diff --git a/src/chrome/content/rules/UPU.int.xml b/src/chrome/content/rules/UPU.int.xml
index ed734cac81bf..d44139291060 100644
--- a/src/chrome/content/rules/UPU.int.xml
+++ b/src/chrome/content/rules/UPU.int.xml
@@ -1,7 +1,41 @@
-<ruleset name="UPU.int">
-	<target host="www.upu.int" />
-	<target host="upu.int" />
-	<rule from="^http://www\.upu\.int/" to="https://www.upu.int/"/>
-	<rule from="^http://upu\.int/" to="https://www.upu.int/"/>
+<!--
+	www.upu.int: Server sends no certificate chain, see https://whatsmychaincert.com
+
+	^upu.int doesn't exist.
+
+-->
+<ruleset name="UPU.int (partial)">
+	<target host="erecruit.upu.int" />
+	<!--target host="www.upu.int" /-->
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.upu\.int/en\.html" /-->
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="^http://www\.upu\.int/+(?!clear\.gif|en/contentnewsletters/update-e-newsletter/subscription\.html|favicon\.ico|fileadmin/|fr/contenubulletinsdinformations/bulletin-reperes/abonnement\.html|typo3temp/|uploads/)" /-->
+
+			<!--	ve:
+					-->
+			<!--test url="http://www.upu.int/en.html" /-->
+			<!--test url="http://www.upu.int/en/activities.html" /-->
+			<!--test url="http://www.upu.int/fr.html" /-->
+			<!--test url="http://www.upu.int/fr/activites.html" /-->
+			<!--test url="http://www.upu.int/fr/flux-rss.html" /-->
+			<!--test url="http://www.upu.int/fr/lupu/finances.html" /-->
+			<!--test url="http://www.upu.int/fr/lupu/langues.html" /-->
+			<!--test url="http://www.upu.int/fr/lupu/lupu.html" /-->
+
+			<!--	ve:
+					-->
+			<!--test url="http://www.upu.int/clear.gif" /-->
+			<!--test url="http://www.upu.int/favicon.ico" /-->
+			<!--test url="http://www.upu.int/fileadmin/images/layout/bkgdMenuFooter.gif" /-->
+			<!--test url="http://www.upu.int/typo3temp/pics/22b1df46e7.jpg" /-->
+			<!--test url="http://www.upu.int/en/contentnewsletters/update-e-newsletter/subscription.html" /-->
+			<!--test url="http://www.upu.int/fr/contenubulletinsdinformations/bulletin-reperes/abonnement.html" /-->
+
+	<rule from="^http:" to="https:"/>
 </ruleset>
 
diff --git a/src/chrome/content/rules/UPV.cz.xml b/src/chrome/content/rules/UPV.cz.xml
index 35c2953bad28..edf97cead6fc 100644
--- a/src/chrome/content/rules/UPV.cz.xml
+++ b/src/chrome/content/rules/UPV.cz.xml
@@ -1,13 +1,15 @@
-<ruleset name="Úřad průmyslového vlastnictví" default_off="self-signed">
 
-	<target host="upv.cz"/>
-	<target host="isdv.upv.cz"/>
-	<target host="www.upv.cz"/>
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://upv.cz/ => https://upv.cz/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.upv.cz/ => https://www.upv.cz/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 
-	<rule from="^http://upv\.cz/"
-		to="https://www.upv.cz/"/>
+-->
+<ruleset name="Úřad průmyslového vlastnictví" default_off="failed ruleset test">
 
-	<rule from="^http://(\w+)\.upv\.cz/"
-		to="https://$1.upv.cz/"/>
+	<target host="upv.cz" />
+	<target host="www.upv.cz" />
 
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/UPatient.xml b/src/chrome/content/rules/UPatient.xml
deleted file mode 100644
index 27fe5e5d91f7..000000000000
--- a/src/chrome/content/rules/UPatient.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="uPatient">
-
-	<target host="upatient.com" />
-	<target host="*.upatient.com" />
-
-
-	<securecookie host="^(?:app)?\.upatient\.com$" name=".+" />
-
-
-	<rule from="^http://(app\.|www\.)?upatient\.com/"
-		to="https://$1upatient.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/UProd.biz.xml b/src/chrome/content/rules/UProd.biz.xml
new file mode 100644
index 000000000000..91e68289e336
--- /dev/null
+++ b/src/chrome/content/rules/UProd.biz.xml
@@ -0,0 +1,16 @@
+<!--
+	Server sends no certificate chain *
+
+	* See https://whatsmychaincert.com
+
+-->
+<ruleset name="uProd.biz" default_off="cert-chain">
+
+	<target host="uprod.biz" />
+	<target host="www.uprod.biz" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/UProxy.org.xml b/src/chrome/content/rules/UProxy.org.xml
index 3a30662df0df..a9b0e366b828 100644
--- a/src/chrome/content/rules/UProxy.org.xml
+++ b/src/chrome/content/rules/UProxy.org.xml
@@ -1,13 +1,13 @@
 <ruleset name="uProxy.org">
 
 	<target host="uproxy.org" />
-	<target host="*.uproxy.org" />
+	<target host="www.uproxy.org" />
+	<target host="blog.uproxy.org" />
+	<target host="iff.uproxy.org" />
 
+	<securecookie host=".+" name=".+" />
 
-	<securecookie host="^\.uproxy\.org$" name=".+" />
-
-
-	<rule from="^http://(www\.)?uproxy\.org/"
-		to="https://$1uproxy.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/UQWiMAX.xml b/src/chrome/content/rules/UQWiMAX.xml
index 9b9fa7234a6f..1a8dce7ed1c6 100644
--- a/src/chrome/content/rules/UQWiMAX.xml
+++ b/src/chrome/content/rules/UQWiMAX.xml
@@ -1,6 +1,15 @@
-<ruleset name="UQ WiMAX" platform="mixedcontent">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://uqwimax.jp/ => https://www.uqwimax.jp/: Too many redirects while fetching 'https://www.uqwimax.jp/'
+Fetch error: http://www.uqwimax.jp/ => https://www.uqwimax.jp/: Too many redirects while fetching 'https://www.uqwimax.jp/'
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://uqwimax.jp/ => https://www.uqwimax.jp/: (28, 'Connection timed out after 10001 milliseconds')
+-->
+<ruleset name="UQ WiMAX" platform="mixedcontent" default_off="failed ruleset test">
   <target host="uqwimax.jp"/>
   <target host="www.uqwimax.jp"/>
 
-  <rule from="^http://(www\.)?uqwimax\.jp/" to="https://www.uqwimax.jp/"/>
+  <rule from="^http://(?:www\.)?uqwimax\.jp/" to="https://www.uqwimax.jp/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/URAC.xml b/src/chrome/content/rules/URAC.xml
index b0c8590975bc..e6934cea883f 100644
--- a/src/chrome/content/rules/URAC.xml
+++ b/src/chrome/content/rules/URAC.xml
@@ -16,7 +16,9 @@
 	<securecookie host="^www\.urac\.org$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?urac\.org/"
+	<rule from="^http://urac\.org/"
 		to="https://www.urac.org/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/URLParser.com.xml b/src/chrome/content/rules/URLParser.com.xml
index c5d850af8703..2fa0b60a51fa 100644
--- a/src/chrome/content/rules/URLParser.com.xml
+++ b/src/chrome/content/rules/URLParser.com.xml
@@ -8,7 +8,7 @@
 	<target host="www.urlparser.com" />
 
 
-	<rule from="^https?://(?:www\.)?urlparser\.com/"
+	<rule from="^http://(?:www\.)?urlparser\.com/"
 		to="https://urlparser.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/URX.com.xml b/src/chrome/content/rules/URX.com.xml
new file mode 100644
index 000000000000..c58f72f87230
--- /dev/null
+++ b/src/chrome/content/rules/URX.com.xml
@@ -0,0 +1,30 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://urx.com/ => https://urx.com/: (6, 'Could not resolve host: urx.com')
+Fetch error: http://developers.urx.com/ => https://developers.urx.com/: (6, 'Could not resolve host: developers.urx.com')
+Fetch error: http://www.urx.com/ => https://www.urx.com/: (6, 'Could not resolve host: www.urx.com')
+
+	Problematic subdomains:
+
+		- blog *
+
+	* Squarespace
+
+-->
+<ruleset name="URX.com (partial)" default_off="failed ruleset test">
+
+	<target host="urx.com" />
+	<target host="developers.urx.com" />
+	<target host="www.urx.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.urx\.com$" name="^SS_MID$" /-->
+	<!--securecookie host="^blog\.urx\.com$" name="^(JSESSIONID|crumb)$" /-->
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/US-CBO.gov.xml b/src/chrome/content/rules/US-CBO.gov.xml
index 7fdc7ad116c9..dcfcd0e7cee8 100644
--- a/src/chrome/content/rules/US-CBO.gov.xml
+++ b/src/chrome/content/rules/US-CBO.gov.xml
@@ -1,6 +1,15 @@
-<ruleset name="US Congressional Budget Office">
+<!--
+	US Congressional Budget Office
+
+
+-->
+<ruleset name="CBO.gov">
+
 	<target host="cbo.gov" />
 	<target host="www.cbo.gov" />
 
-	<rule from="^http://(?:www\.)?cbo\.gov/" to="https://www.cbo.gov/" />
-</ruleset>
\ No newline at end of file
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/US-Department-of-Housing-and-Urban-Development.xml b/src/chrome/content/rules/US-Department-of-Housing-and-Urban-Development.xml
index 670bd75db2c1..bea55110a0d6 100644
--- a/src/chrome/content/rules/US-Department-of-Housing-and-Urban-Development.xml
+++ b/src/chrome/content/rules/US-Department-of-Housing-and-Urban-Development.xml
@@ -1,24 +1,73 @@
 <!--
-	Nonfunctional subdomains:
+	US Department of Housing and Urban Development
 
-		- (www.)	(times out)
-		- espanol	(ditto)
+
+
+	Nonfunctional hosts in *hud.gov:
+
+		- (www.)? ¹
+		- espanol ²
+		- webtrendscs ²
+
+	¹ Plaintext reply
+	² Dropped
+
+
+	Problematic hosts in *hud.gov:
+
+		- blog ¹ ²
+
+	¹ Mixed css
+	² Self-signed
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .hud.gov
+		- blog.hud.gov
+		- portal.hud.gov
+
+
+	Mixed content:
+
+		- css on blog from $self
+		- Images on blog, portal from $self
+
+		- Bugs, on:
+
+			- portal from s7.addthis.com
+			- portal from webtrendscs.hud.gov
 
 -->
-<ruleset name="US Department of Housing and Urban Development (partial)">
+<ruleset name="HUD.gov (partial)">
 
+	<!--	Direct rewrites:
+				-->
+	<target host="entp.hud.gov" />
+	<target host="portal.hud.gov" />
+
+	<!--	Complications:
+				-->
 	<target host="hud.gov" />
-	<target host="*.hud.gov" />
+	<target host="www.hud.gov" />
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.hud\.gov$" name="^(?:CFID|CFTOKEN)$" /-->
+	<!--securecookie host="^blog\.hud\.gov$" name="^(?:_icl_current_language|wfvt_\d+)$" /-->
+	<!--securecookie host="^portal\.hud\.gov$" name="^JSESSIONID$" /-->
 
-	<securecookie host="^portal\.hud\.gov$" name=".*" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<!--	(www.) doesn't work over https, redirects as so over http.	-->
-	<rule from="^https?://(?:www\.)?hud\.gov/"
+	<!--	(www.)? doesn't work over https,
+		redirects as so over http.
+						-->
+	<rule from="^http://(?:www\.)?hud\.gov/"
 		to="https://portal.hud.gov/portal/page/portal/HUD" />
 
-	<rule from="^http://portal\.hud\.gov/"
-		to="https://portal.hud.gov/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/US-Dept-of-Veterans-Affairs.xml b/src/chrome/content/rules/US-Dept-of-Veterans-Affairs.xml
deleted file mode 100644
index 14abfbdfe5a0..000000000000
--- a/src/chrome/content/rules/US-Dept-of-Veterans-Affairs.xml
+++ /dev/null
@@ -1,111 +0,0 @@
-<!--
-	For other US government coverage, see US-government.xml.
-
--->
-<ruleset name="US Department of Veterans Affairs" platform="mixedcontent">
-
-	<!--	Subdomains in the situation where there is a
-		www. prefix and the prefix should be left in place
-		(The www.vba.va.gov domain is in this category
-		but is covered by the *.vba.va.gov subdomain
-		that appears in a target host tag further down)	-->
-	<target host="www.ebenefits.va.gov" />
-	<target host="www.vendorportal.ecms.va.gov" />
-	<target host="www.vis.fsc.va.gov" />
-	<target host="www.1010ez.med.va.gov" />
-	<target host="www.myhealth.va.gov" />
-	<target host="www.pay.va.gov" />
-	<target host="www.tms.va.gov" />
-	<target host="www.valu.va.gov" />
-	<target host="www.visn2.va.gov" />
-	<target host="www.visn23.va.gov" />
-
-	<!--	Subdomains in the situation
-		where there is no www. prefix
-		and none should be added	-->
-	<target host="iris.va.gov" />
-	<target host="uploads.va.gov" />
-	<target host="www1.va.gov" />
-	<target host="www4.va.gov" />
-
-	<!--	Subdomains in the situation
-		where a www. prefix should be
-		added if one is not present	-->
-	<target host="fasttrack.va.gov" />
-	<target host="www.fasttrack.va.gov" />
-	<target host="gibill.va.gov" />
-	<target host="www.gibill.va.gov" />
-	<target host="move.va.gov" />
-	<target host="www.move.va.gov" />
-	<target host="vacanteen.va.gov" />
-	<target host="www.vacanteen.va.gov" />
-	<target host="vacareers.va.gov" />
-	<target host="www.vacareers.va.gov" />
-	<target host="voa.va.gov" />
-	<target host="www.voa.va.gov" />
-	<target host="vip.vetbiz.gov" />
-	<target host="www.vip.vetbiz.gov" />
-
-	<!--	Subdomains in the situation where a single
-		www. prefix should be removed if one is present.	-->
-	<target host="insurance.va.gov" />
-	<target host="www.insurance.va.gov" />
-	<target host="vaforvets.va.gov" />
-	<target host="*.vaforvets.va.gov" />
-	<target host="www.*.vaforvets.va.gov" />
-	<target host="*.vba.va.gov" />
-	<target host="www.*.vba.va.gov" />
-
-	<target host="va.gov" />
-	<target host="www.va.gov" />
-
-	<!--	The game at http://www.va.gov/kids/k-5/drawer.asp
-		does not appear to work when HTTPS is used	-->
-	<exclusion pattern="^http://www\.va\.gov/kids($|/)" />
-
-	<!--	The jobsearch.vaforvets.va.gov subdomain (among other possible subdomains) does not support HTTPS as of now.
-		Because of subdomains such as this, secure cookies are not applied to the vaforvets.va.gov subdomain or the
-		vba.va.gov subdomain or the va.gov domain. At the same time, secure cookies are applied to certain subdomains
-		of the vaforvets.va.gov subdomain and the vba.va.gov subdomain, such as login.vaforvets.va.gov and tas.vba.va.gov	-->
-	<securecookie host="^www\.(ebenefits|vendorportal\.ecms|vis\.fsc|1010ez\.med|myhealth|pay|tms|valu|vba|visn23?)\.va\.gov$" name=".+" />
-	<securecookie host="^(\.)?(((pki|register)\.eauth)|iris|uploads|www4)\.va\.gov$" name=".+" />
-	<securecookie host="^((www)?\.)?(fasttrack|gibill|move|vacanteen|vacareers|voa)\.va\.gov$" name=".+" />
-	<securecookie host="^www\.vip\.vetbiz\.gov$" name=".+" />
-	<securecookie host="^((www)?\.)?(insurance|((tas|vabenefits|vaonce|vip)\.vba))\.va\.gov$" name=".+" />
-	<securecookie host="^((www)?\.)?((assessments|login|mst|my|users|vct)\.)vaforvets\.va\.gov$" name=".+" />
-	<securecookie host="^www\.va\.gov$" name=".+" />
-
-	<!--	Some "This URL has moved" pages may not automatically redirect
-		when HTTPS is used, so do a redirect via the ruleset	-->
-	<rule from="^https?://(?:www\.)?va\.gov/opa/fact/index\.asp(?:$|\?)"
-		to="https://www.va.gov/opa/publications/factsheets.asp" />
-
-	<rule from="^https?://(?:www\.)?va\.gov/(?:cbo|CBO)/rates\.asp(?:$|\?)"
-		to="https://www.va.gov/CBO/apps/rates/index.asp" />
-
-	<!--	Handle the situation where a subdomain has a www.
-		prefix and the prefix should be left in place	-->
-	<rule from="^http://www\.(ebenefits|vendorportal\.ecms|vis\.fsc|1010ez\.med|myhealth|pay|tms|valu|vba|visn23?)\.va\.gov/"
-		to="https://www.$1.va.gov/" />
-
-	<!--	Handle the situation where a subdomain has no
-		www. prefix and no such prefix should be added	-->
-	<rule from="^http://(iris|uploads|www4)\.va\.gov/"
-		to="https://$1.va.gov/" />
-
-	<!--	Handle the situation where a subdomain might have a www. prefix
-		and such a prefix should be added if not already present	-->
-	<rule from="^https?://(?:www\.)?(fasttrack|gibill|move|vacanteen|vacareers|voa)\.va\.gov/"
-		to="https://www.$1.va.gov/" />
-	<rule from="^http://(www\.)?vip\.vetbiz\.gov/"
-		to="https://www.vip.vetbiz.gov/" />
-
-	<!--	Handle the situation where a subdomain might have a www.
-		prefix and such a prefix should be removed if present	-->
-	<rule from="^https?://(?:www\.)?(insurance|(?:(?:assessments|login|mst|my|users|vct)\.)?vaforvets|(?:tas|vabenefits|vaonce|vip)\.vba)\.va\.gov/"
-		to="https://$1.va.gov/" />
-
-	<rule from="^https?://(?:www1?)\.va\.gov/"
-		to="https://www.va.gov/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/US-Ignite.org.xml b/src/chrome/content/rules/US-Ignite.org.xml
new file mode 100644
index 000000000000..88e7a58f0613
--- /dev/null
+++ b/src/chrome/content/rules/US-Ignite.org.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- us-ignite.org
+
+-->
+<ruleset name="US-Ignite.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="us-ignite.org" />
+	<target host="www.us-ignite.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^us-ignite\.org$" name="^csrftoken$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/US-Immigration-and-Customs-Enforcement.xml b/src/chrome/content/rules/US-Immigration-and-Customs-Enforcement.xml
index fa06dd6f7c82..86cfff31601f 100644
--- a/src/chrome/content/rules/US-Immigration-and-Customs-Enforcement.xml
+++ b/src/chrome/content/rules/US-Immigration-and-Customs-Enforcement.xml
@@ -1,6 +1,5 @@
 <!--
 	For other US government coverage,
-	see US-government.xml.
 
 -->
 <ruleset name="U.S. Immigration and Customs Enforcement">
@@ -9,11 +8,11 @@
 	<target host="www.ice.gov" />
 
 
-	<securecookie host="^.*\.ice\.gov$" name=".*" />
+	<securecookie host="^.*\.ice\.gov$" name=".+" />
 
 
 	<!--	!www doesn't work over https.	-->
-	<rule from="^https://ice\.gov/"
+	<rule from="^http://ice\.gov/"
 		to="https://www.ice.gov/" />
 
 	<rule from="^http://www\.ice\.gov/"
diff --git a/src/chrome/content/rules/US-Internet-Crime-Complaint-Ctr.xml b/src/chrome/content/rules/US-Internet-Crime-Complaint-Ctr.xml
deleted file mode 100644
index 7c78ee6c0415..000000000000
--- a/src/chrome/content/rules/US-Internet-Crime-Complaint-Ctr.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="US Internet Crime Complaint Center">
-	<target host="ic3.gov" />
-	<target host="complaint.ic3.gov" />
-	<target host="www.ic3.gov" />
-
-	<securecookie host="(^|\.)(complaint|www)\.ic3\.gov$" name=".+" />
-
-	<rule from="^http://ic3\.gov/" to="https://www.ic3.gov/" />
-	<rule from="^http://(complaint|www)\.ic3\.gov/" to="https://$1.ic3.gov/" />
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/US-News.com.xml b/src/chrome/content/rules/US-News.com.xml
new file mode 100644
index 000000000000..ee4c303aa6db
--- /dev/null
+++ b/src/chrome/content/rules/US-News.com.xml
@@ -0,0 +1,96 @@
+<!--
+	Non-functional subdomains:
+
+		- articles.bestlawfirms	(m)
+		- link.biz-messaging	(m)
+		- jobs	(m)
+		- live	(m)
+		- m3	(r)
+		- horizon.messaging	(m)
+		- link.messaging	(m)
+		- om	(m)
+		- politics	(m)
+		- rankings	(m)
+		- www.realestate	(m)
+		- redirect	(t)
+		- specs	(t)
+		- static	(m)
+		- t	(m)
+		- teacher-ed	(m)
+		- static.travel	(m)
+		- video	(m)
+		- www-mail1	(r)
+		- click.www-mail1	(r)
+		- imgp.www-mail1	(i)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="U.S. News">
+
+	<target host="usnews.com" />
+	<target host="www.usnews.com" />
+	<target host="admin.usnews.com" />
+	<target host="ai.usnews.com" />
+	<target host="apivip1.usnews.com" />
+	<target host="autos-pre.usnews.com" />
+	<target host="media.beam.usnews.com" />
+	<target host="besthealth.usnews.com" />
+	<target host="bestlawfirms.usnews.com" />
+	<target host="biz-messaging.usnews.com" />
+	<target host="biz-messaging-dev.usnews.com" />
+	<target host="cars.usnews.com" />
+	<target host="clinicahealth.usnews.com" />
+	<target host="creditcards.usnews.com" />
+	<target host="dataportal.usnews.com" />
+	<target host="degreeabroad.usnews.com" />
+	<target host="edu-request.usnews.com" />
+	<target host="emailprefs.usnews.com" />
+	<target host="forum.usnews.com" />
+	<target host="hdi.usnews.com" />
+	<target host="health.usnews.com" />
+	<target host="hospitaldashboard.usnews.com" />
+	<target host="images.usnews.com" />
+	<target host="internabroad.usnews.com" />
+	<target host="lawyers.usnews.com" />
+	<target host="articles.lawyers.usnews.com" />
+	<target host="blog.lawyers.usnews.com" />
+	<target host="loans.usnews.com" />
+	<target host="maptile.usnews.com" />
+	<target host="mediakit.usnews.com" />
+	<target host="messaging.usnews.com" />
+	<target host="messaging-dev.usnews.com" />
+	<target host="money.usnews.com" />
+	<target host="money-origin.usnews.com" />
+	<target host="mypayonline.usnews.com" />
+	<target host="oms.usnews.com" />
+	<target host="poearmy.usnews.com" />
+	<target host="portal.usnews.com" />
+	<target host="premium.usnews.com" />
+	<target host="realestate.usnews.com" />
+	<target host="search.usnews.com" />
+	<target host="secure.usnews.com" />
+	<target host="secure-autos.usnews.com" />
+	<target host="studyabroad.usnews.com" />
+	<target host="techblog.usnews.com" />
+	<target host="travel.usnews.com" />
+	<target host="travel-origin.usnews.com" />
+	<target host="vip001.usnews.com" />
+	<target host="vip002.usnews.com" />
+	<target host="vip003.usnews.com" />
+	<target host="vip004.usnews.com" />
+	<target host="vpn.usnews.com" />
+	<target host="webmail.usnews.com" />
+	<target host="websrv1.usnews.com" />
+	<target host="www-origin.usnews.com" />
+
+  	<securecookie host="^www\.usnews\.com$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/US-Securities-and-Exchange-Commission.xml b/src/chrome/content/rules/US-Securities-and-Exchange-Commission.xml
deleted file mode 100644
index 573db15ab836..000000000000
--- a/src/chrome/content/rules/US-Securities-and-Exchange-Commission.xml
+++ /dev/null
@@ -1,40 +0,0 @@
-<!--
-	For other US government coverage,
-	see US-government.xml.
-
-
-	Nonfunctional:
-
-		- xbrl.sec.gov
-
--->
-<ruleset name="U.S. Securities and Exchange Commission (partial)" platform="mixedcontent">
-
-	<target host="investor.gov" />
-	<target host="www.investor.gov" />
-	<target host="sec.gov" />
-	<target host="www.sec.gov" />
-
-
-	<!--	At least the homepage redirects to http.	-->
-	<rule from="^http://(www\.)?investor\.gov/sites/"
-		to="https://$1investor.gov/sites/" />
-
-	<!--	Cert only matches www.sec.gov.	-->
-	<rule from="^https?://sec\.gov/"
-		to="https://www.sec.gov/" />
-
-	<rule from="^http://www\.sec\.gov/"
-		to="https://www.sec.gov/" />
-
-        <!-- Search results from the HTTPS EDGAR search form are always invalid,
-             regardless of how we get there (even with HTTPS Everywhere disabled,
-             even if the SEC's own HTTPS homepage sends us here!) -->
-        <rule from="^https://www\.sec\.gov/edgar/searchedgar/companysearch\.html"
-              to="http://www.sec.gov/edgar/searchedgar/companysearch.html"
-              downgrade="1" />
-        <!-- Similarly, actual EDGAR results are invalid in HTTPS. -->
-        <rule from="^https://www\.sec\.gov/cgi-bin/browse-edgar"
-              to="http://www.sec.gov/cgi-bin/browse-edgar"
-              downgrade="1" />
-</ruleset>
diff --git a/src/chrome/content/rules/US-Selective-Service-System.xml b/src/chrome/content/rules/US-Selective-Service-System.xml
index 3dd867d8ba75..6d50f37d9a21 100644
--- a/src/chrome/content/rules/US-Selective-Service-System.xml
+++ b/src/chrome/content/rules/US-Selective-Service-System.xml
@@ -1,10 +1,11 @@
-<ruleset name="US Selective Service System" platform="mixedcontent">
+<ruleset name="US Selective Service System">
 	<target host="sss.gov" />
-	<target host="training.sss.gov" />
 	<target host="www.sss.gov" />
 
-	<securecookie host="^(.*\.)?sss\.gov$" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
-	<rule from="^https?://sss\.gov/" to="https://www.sss.gov/" />
-	<rule from="^http://(training|www)\.sss\.gov/" to="https://$1.sss.gov/" />
-</ruleset>
\ No newline at end of file
+	<rule from="^http://sss\.gov/"
+		to="https://www.sss.gov/" />
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/US-Social-Forum.xml b/src/chrome/content/rules/US-Social-Forum.xml
index 61c4327c2cd4..43858684c7e0 100644
--- a/src/chrome/content/rules/US-Social-Forum.xml
+++ b/src/chrome/content/rules/US-Social-Forum.xml
@@ -1,12 +1,17 @@
-<!--	!functional subdomains:
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://community.ussf2010.org/ => https://community.ussf2010.org/: (51, "SSL: no alternative certificate subject name matches target host name 'community.ussf2010.org'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://community.ussf2010.org/ => https://community.ussf2010.org/: (51, "SSL: no alternative certificate subject name matches target host name 'community.ussf2010.org'")	!functional subdomains:
 		- (www.)	(cert: community.ussf2010.org; 404)
 		- ict		(cert: june.mayfirst.org)
 -->
-<ruleset name="US Social Forum (partial)">
+<ruleset name="US Social Forum (partial)" default_off="failed ruleset test">
 
 	<target host="community.ussf2010.org"/>
 
-	<rule from="^http://community\.ussf2010\.org/"
-		to="https://community.ussf2010.org/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/US-government-mismatches.xml b/src/chrome/content/rules/US-government-mismatches.xml
deleted file mode 100644
index 45bf09b5ef03..000000000000
--- a/src/chrome/content/rules/US-government-mismatches.xml
+++ /dev/null
@@ -1,65 +0,0 @@
-<ruleset name="US government (mismatches)" default_off="mismatch, self-signed">
-
-	<!--	*.house.gov	-->
-	<target host="democrats.intelligence.house.gov"/>
-	<!--	self-signed	-->
-	<target host="newscenter.lbl.gov"/>
-	<target host="panews.lbl.gov"/>
-	<!--	self-signed
-				-->
-	<target host="ntrs.nasa.gov" />
-	<target host="ntrs.larc.nasa.gov" />
-	<target host="stiesx2-ntrs.larc.nasa.gov" />
-	<!--	ditto	-->
-	<target host="ngdc.noaa.gov"/>
-	<target host="www.ngdc.noaa.gov"/>
-	<!--	ditto	-->
-	<target host="paymentaccuracy.gov" />
-	<target host="www.paymentaccuracy.gov" />
-	<!--	Akamai	-->
-	<target host="apps.usa.gov"/>
-	<target host="usda.gov"/>
-	<target host="offices.sc.egov.usda.gov"/>
-	<target host="www.usda.gov"/>
-
-	<securecookie host="^(offices\.sc\.egov\.)?usda\.gov$" name=".*"/>
-
-	<rule from="^http://democrats\.intelligence\.house\.gov/(profiles|sites)/"
-		to="https://democrats.intelligence.house.gov/$1/"/>
-
-	<rule from="^http://(?:newscenter|panews)\.lbl\.gov/"
-		to="https://panews.lbl.gov/"/>
-
-	<!--	Cert only matches stiesx2-ntrs.larc.nasa.gov.
-								-->
-	<rule from="^https?://(?:(?:stiesx2-)?ntrs(?:\.larc)?)\.nasa\.gov/"
-		to="https://stiesx2-ntrs.larc.nasa.gov/" />
-
-	<!--	cert !match !www	-->
-	<rule from="^http://(?:www\.)?ngdc\.noaa\.gov/"
-		to="https://www.ngdc.noaa.gov/"/>
-
-	<!--	Cert only matches !www.	-->
-	<rule from="^https://www\.paymentaccuracy\.gov/"
-		to="https://paymentaccuracy.gov/" />
-
-	<!--	At least the homepage redirects to http.	-->
-	<rule from="^http://paymentaccuracy\.gov/(modul|sit)es/"
-		to="https://paymentaccuracy.gov/$1es/" />
-
-	<rule from="^http://apps\.usa\.gov/"
-		to="https://apps.usa.gov/"/>
-
-	<!--	- !www cert: my.usda.gov
-		- www: Akamai
-		- Both !www...$ & www...$ redirect to pws.sc.egov.usda.gov over https
-				-->
-	<rule from="^http://(?:www\.)?usda\.gov/$"
-		to="https://usda.org/wps/portal/usda/usdahome" />
-
-	<!--	offices.sc.egov
-			- cert: oip.usda.gov		-->
-	<rule from="^http://(?:(offices\.sc\.egov\.)|www\.)?usda\.gov/"
-		to="https://$1usda.gov/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/US-government.xml b/src/chrome/content/rules/US-government.xml
deleted file mode 100644
index 2737b9653236..000000000000
--- a/src/chrome/content/rules/US-government.xml
+++ /dev/null
@@ -1,226 +0,0 @@
-<!--
-	Other US government rulesets:
-
-		- Argonne-National-Laboratory.xml
-		- Ashland_Fiber.net.xml
-		- Bonneville_Power_Administration.xml
-		- California_Department_of_Justice.xml
-		- California_Legislative_Information.xml
-		- Catalog-of-Domestic-Federal-Assistance.xml
-		- Central_Intelligence_Agency.xml
-		- City-of-Chicago.xml
-		- City_of_Mountain_View.xml
-		- City_of_Seattle.xml
-		- City-of-Sedona.xml
-		- Colorado_Secretary_of_State.xml
-		- Commodity_Futures_Trading_Commission.xml
-		- Consumer.gov.xml
-		- CPSC.xml
-		- Defense_Nuclear_Facilities_Safety_Board.xml
-		- Distraction.xml
-		- ED.gov.xml
-		- Energy.gov.xml
-		- Federal_Aviation_Administration.xml
-		- Federal_Business_Opportunities.xml
-		- Federal-Communications-Commission.xml
-		- Federal-Deposit-Insurance-Corporation.xml
-		- Federal_Trade_Commission.xml
-		- Fermi_National_Accelerator_Laboratory.xml
-		- FoodSafety.gov.xml
-		- Fuel_Economy.xml
-		- Harry_S_Truman_Library_and_Museum.xml
-		- Hawaii.gov.xml
-		- HowTo.gov.xml
-		- Illinois_Department_of_Financial_and_Professional_Regulation.xml
-		- IT_Dashboard.gov.xml
-		- Lawrence-Livermore-National-Laboratory.xml
-		- Maine.gov.xml
-		- NASA.xml
-		- National_Consumer_Protection_Week.xml
-		- National-Institute-of-Standards-and-Technology.xml
-		- National-Institutes-of-Health.xml
-		- National_Oceanic_and_Atmospheric_Administration.xml
-		- National_Park_Service.xml
-		- National-Science-Foundation.xml
-		- National-Security-Agency.xml
-		- National_Transport_Safety_Board.xml
-		- NCRIC.xml
-		- New-York-City.xml
-		- Oak-Ridge-National-Laboratory.xml
-		- OnGuard_Online.xml
-		- Pay.gov
-		- Sandia-National-Laboratories.xml
-		- Senate.gov.xml
-		- SMFTA.com.xml
-		- SocialSecurity.xml
-		- State_of_Alaska.xml
-		- State_of_Delaware.xml
-		- State_of_Oregon.xml
-		- Texas-Department-of-State-Health-Services.xml
-		- United-States-Department-of-Agriculture.xml
-		- United-States-Department-of-Energy.xml
-		- United-States-Nuclear-Regulatory-Commission.xml
-		- USA.gov
-		- US_Citizenship_and_Immigration_Services.xml
-		- US_Courts.gov.xml
-		- US_Department_of_Commerce.xml
-		- US-Department-of-Housing-and-Urban-Development.xml
-		- US_Department_of_the_Treasury.xml
-		- US-Dept-of-Veterans-Affairs.xml
-		- US_Fish_and_Wildlife_Service.xml
-		- US_Geological_Survey.xml
-		- US-government-mismatches.xml
-		- US-Immigration-and-Customs-Enforcement.xml
-		- US_Patent_and_Trademark_Office.xml
-		- US-Securities-and-Exchange-Commission.xml
-		- US_State_Department.xml
-
-
-	CDN buckets:
-
-		- www.defense.gov.edgesuite.net
-
-	mtrics.cdc.gov/b/ss/cdcgov/
-
-
-	Nonfunctional:
-
-		- arcweb.archives.gov			(times out)
-		- georgewbush-whitehouse.archives.gov	(times out)
-		- dfi.ca.gov **
-		- leginfo.ca.gov *
-		- cdc.gov *
-		- www.cdc.gov				(Akamai; "temporarily unavailable")
-		- factfinder2.census.gov
-		- (www.)civicfed.gov			(cert: secure115.inmotionhosting.com; shows that domain's data)
-		- (www.)compliance.gov			(cert: Plesk; shows default Plesk page)
-		- (www.)copyright.gov			(cert: wwws.loc.gov; shows that domain's data)
-		- (www.)cybercrime.gov			(ssl_error_rx_record_too_long)
-		- www.defense.gov			(Akamai; 301s to http)
-		- water.epa.gov
-		- fs.fed.us
-		- nrs.fs.fed.us
-		- www.fs.fed.us				(Akamai; 302s to http; origin, origin-www, nor www-origin exist)
-		- www.fincen.gov			(shows login, valid cert)
-		- (www.)gao.gov				(prints "No Secure Connection (https://) Required")
-		- www.gpo.gov				(times out)
-		- archive.hhs.gov			(timeout)
-		- aspe.hhs.gov				(refused)
-		- www.hhs.gov				(Akamai, shows 404 page)
-		- appropriations.house.gov		(400)
-		- clerk.house.gov			(timeout)
-		- energycommerce.house.gov		(400)
-		- republicans.energycommerce.house.gov	(400)
-		- iedc.in.gov				(record_too_long)
-		- irs.gov
-		- www.irs.gov				(redirects to http, akamai)
-		- jobs.irs.gov				(503, akamai)
-		- jobs.irs.com				(503, akamai)
-		- www.irs.com				(redirects to http, akamai)
-		- (www.)justice.gov			(ssl_error_rx_record_too_long)
-		- blogs.loc.gov				(shows wwws, CN: wwws.loc.gov)
-		- lccn.loc.gov				(times out)
-		- thomas.loc.gov
-		- www.loc.gov				(cert: wwws.loc.gov)
-		- (www.)manhattanda.org			(times out)
-		- www.ncs.gov				(504, akamai)
-		- mymoney.gov           		(interrupted)
-		- www.mymoney.gov       		(Akamai; shows Microsoft Forefront 403 page)
-		- (www.)nga.gov				(times out)
-		- www.nhtsa.gov				(Akamai; redirects to http)
-		- www.acces.nysed.gov			(timeout)
-		- (www.)pppl.gov			(times out)
-		- (www.)regulations.gov			(times out)
-		- (www.)scstatehouse.gov		(times out)
-		- www.supremecourt.gov			(500; akamai)
-		- (www.)usitc.gov			(times out)
-		- (www.)ustr.gov			(cert: ssl2050.cloudflare.com; "Offline Mode")
-		- wdfw.wa.gov				(works; expired, self-signed)
-
-	* Times out
-	** Reset
-
-
-	Problematic domains:
-
-		- ncs.gov	(works; mismatched, CN: dhs.gov)
-
-
--->
-<ruleset name="US government (partial)" platform="mixedcontent">
-
-	<target host="mtrics.cdc.gov" />
-	<target host="wwwn.cdc.gov" />
-	<target host="census.gov"/>
-	<target host="www.census.gov"/>
-	<target host="cms.gov"/>
-	<target host="*.cms.gov"/>
-	<target host="export.gov"/>
-	<target host="*.export.gov"/>
-	<target host="genome.gov"/>
-	<target host="www.genome.gov"/>
-	<target host="cms.hhs.gov"/>
-	<target host="www.cms.hhs.gov"/>
-	<target host="intelligence.house.gov"/>
-	<target host="wwws.loc.gov" />
-	<target host="medicare.gov"/>
-	<target host="*.medicare.gov"/>
-	<target host="wtr.nhtsa.gov" />
-	<target host="usajobs.gov"/>
-	<target host="*.usajobs.gov"/>
-	<target host="postalinspectors.uspis.gov"/>
-	<target host="uspsoig.gov"/>
-	<target host="www.uspsoig.gov"/>
-	<target host="wwws.whitehouse.gov" />
-
-
-	<securecookie host="^questions\.cms\.gov$" name=".*"/>
-	<securecookie host="^safeharbor\.export\.gov$" name=".*"/>
-	<securecookie host="^(.*\.)?(census|medicare|usajobs)\.gov$" name=".*"/>
-	<securecookie host="^intelligence\.house\.gov$" name=".*"/>
-	<securecookie host="^wtr\.nhtsa\.gov$" name=".+" />
-
-
-	<rule from="^https?://mtrics\.cdc\.gov/"
-		to="https://cdcgov.112.2o7.net/" />
-
-	<rule from="^http://wwwn\.cdc\.gov/"
-		to="https://wwwn.cdc.gov/" />
-
-	<rule from="^http://(?:www\.)?(census|genome|medicare)\.gov/"
-		to="https://www.$1.gov/"/>
-
-	<rule from="^http://(?:www\.)?cms(?:\.hhs)?\.gov/"
-		to="https://www.cms.gov/"/>
-
-	<rule from="^http://assets\.cms\.gov/"
-		to="https://assets.cms.gov/"/>
-
-	<rule from="^http://questions\.(cms|medicare)\.gov/"
-		to="https://questions.$1.gov/"/>
-
-	<rule from="^http://(safeharbor|www)\.export\.gov/"
-		to="https://$1.export.gov/"/>
-
-	<rule from="^http://intelligence\.house\.gov/"
-		to="https://intelligence.house.gov/"/>
-
-	<rule from="^http://wwws\.loc\.gov/"
-		to="https://wwws.loc.gov/" />
-
-	<rule from="^http://wtr\.nhtsa\.gov/"
-		to="https://wtr.nhtsa.gov/" />
-
-	<rule from="^http://([\w\-]+\.)?usajobs\.gov/"
-		to="https://$1usajobs.gov/"/>
-
-	<rule from="^http://postalinspectors\.uspis\.gov/"
-		to="https://postalinspectors.uspis.gov/"/>
-
-	<rule from="^http://(www\.)?uspsoig\.gov/"
-		to="https://$1uspsoig.gov/"/>
-
-	<rule from="^http://wwws\.whitehouse\.gov/"
-		to="https://wwws.whitehouse.gov/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/US-military.xml b/src/chrome/content/rules/US-military.xml
index 392632a9b231..f21caf86cd1f 100644
--- a/src/chrome/content/rules/US-military.xml
+++ b/src/chrome/content/rules/US-military.xml
@@ -22,13 +22,12 @@
 	<target host="dodlive.mil"/>
 	<target host="*.dodlive.mil"/>
 	<target host="reg.dtic.mil"/>
-	<target host="usarmy.*.llnwd.net" />
 	<target host="nrl.navy.mil" />
 
-	<securecookie host="^www\.pica\.army\.mil$" name=".*" />
-	<securecookie host="^apps\.mhf\.dod\.mil$" name=".*"/>
-	<securecookie host="^reg\.dtic\.mil$" name=".*"/>
-	<securecookie host="^(.*\.)?dodlive\.mil$" name=".*"/>
+	<securecookie host="^www\.pica\.army\.mil$" name=".+" />
+	<securecookie host="^apps\.mhf\.dod\.mil$" name=".+" />
+	<securecookie host="^reg\.dtic\.mil$" name=".+" />
+	<securecookie host="^(?:.*\.)?dodlive\.mil$" name=".+" />
 
 	<!--	!www doesn't exist.
 					-->
@@ -51,14 +50,9 @@
 	<rule from="^http://reg\.dtic\.mil/"
 		to="https://reg.dtic.mil/"/>
 
-	<!--	Cert is valid & trusted for *.hs.*.
-							-->
-	<rule from="^https?://usarmy\.(?:hs|vo)\.llnwd\.net/"
-		to="https://usarmy.hs.llnwd.net/" />
-
 	<!--	!www 301s to http.
 					-->
-	<rule from="^https?://(?:www\.)?nrl\.navy\.mil/"
+	<rule from="^http://(?:www\.)?nrl\.navy\.mil/"
 		to="https://www.nrl.navy.mil/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/USA.gov.xml b/src/chrome/content/rules/USA.gov.xml
deleted file mode 100644
index d2d2ca60ef39..000000000000
--- a/src/chrome/content/rules/USA.gov.xml
+++ /dev/null
@@ -1,32 +0,0 @@
-<!--
-	For other US government coverage, see US-government.xml.
-
-
-	apps.usa.gov is handled in US-government-mismatches.xml.
-
-
-	Nonfunctional domains:
-
-		- usa.gov				(Akamai, redirects to http)
-		- ansers.usa.gov			(timeout)
-		- blog.usa.gov
-
--->
-<ruleset name="USA.gov (partial)">
-
-	<target host="*.usa.gov" />
-
-
-	<!--	Observed cookie domains:
-
-			- publications
-			- search
-
-				-->
-	<securecookie host="^.*\.usa\.gov$" name=".*" />
-
-
-	<rule from="^http://(business|publications|search)\.usa\.gov/"
-		to="https://$1.usa.gov/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/USA_Today.xml b/src/chrome/content/rules/USA_Today.xml
index 98285ac42674..464341595ca7 100644
--- a/src/chrome/content/rules/USA_Today.xml
+++ b/src/chrome/content/rules/USA_Today.xml
@@ -1,52 +1,38 @@
 <!--
 	For other Gannett Company coverage, see Gannett-Company.xml.
 
+	Note: usatoday.com has a wildcard DNS record.
 
-	CDN buckets:
+	Dropped:
+		- ^ (fixed by this ruleset)
+		- crosswords
+		- games
+		- puzzles
 
-		- css.usatoday.com.edgesuite.net
-		- images.usatoday.com.edgesuite.net
-		- usatoday30.usatoday.com.edgesuite.net
-		- www.usatoday.com.edgesuite.net
-		- i.usatoday.net.edgesuite.net
-
-
-	Nonfunctional domains:
-
-		- css.usatoday.com *
-		- images.usatoday.com *
-		- usatoday30.usatoday.com *
-		- i.usatoday.net *
-
-	* 503, akamai
-
-
-	 Problematic domains:
-
-		- usatoday.com		(refused)
-		- onlinestore	(pages redirect to http; mismatched, CN: *.nexternal.com)
-		- www.usatoday.com	(works, akamai)
+	Mismatched:
+		- ee (a248.e.akamai.net)
+		- reg.e (gannett.com)
+		- onlinestore (*.nexternal.com)
 
+	Redirect to HTTP:
+		- college
 -->
-<ruleset name="USA Today (partial)">
 
+<ruleset name="USA Today.com">
 	<target host="usatoday.com" />
-	<target host="*.usatoday.com" />
-		<!--
-			news/ points links to akamai.net/$
-
-			global-plain.css links to resources relative to /
-
-		<exclusion pattern="^http://www\.usatoday\.com/(?:global-plain\.css|news/)" /-->
-
-
-	<rule from="^http://(?:www\.)?usatoday\.com/(favicon\.ico|services/|static/images/)"
-		to="https://a248.e.akamai.net/f/534/1/1/www.usatoday.com/$1" />
-
-	<rule from="^http://onlinestore\.usatoday\.com/Net/"
-		to="https://www.nexternal.com/Net/" />
-
-	<rule from="^http://(service|videos)\.usatoday\.com/"
-		to="https://$1.usatoday.com/" />
-
-</ruleset>
\ No newline at end of file
+	<target host="www.usatoday.com" />
+	<target host="css.usatoday.com" />
+	<target host="images.usatoday.com" />
+	<target host="offers.usatoday.com" />
+	<target host="portfoliotracker.usatoday.com" />
+	<target host="service.usatoday.com" />
+	<target host="static.usatoday.com" />
+	<target host="usatoday30.usatoday.com" />
+	<target host="video-network.usatoday.com" />
+	<target host="videos.usatoday.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://usatoday\.com/" to="https://www.usatoday.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/USAlliance.xml b/src/chrome/content/rules/USAlliance.xml
index a324cc7b2186..7e465d7fccc2 100644
--- a/src/chrome/content/rules/USAlliance.xml
+++ b/src/chrome/content/rules/USAlliance.xml
@@ -1,13 +1,12 @@
 <ruleset name="USAlliance">
 
 	<target host="usalliance.org" />
-	<target host="*.usalliance.org" />
+	<target host="www.usalliance.org" />
 
 
 	<securecookie host="^(?:www)?\.usalliance\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?usalliance\.org/"
-		to="https://$1usalliance.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/USAspending.gov.xml b/src/chrome/content/rules/USAspending.gov.xml
new file mode 100644
index 000000000000..e2f3438cbffa
--- /dev/null
+++ b/src/chrome/content/rules/USAspending.gov.xml
@@ -0,0 +1,42 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://openbeta-comm.usaspending.gov/ => https://openbeta-comm.usaspending.gov/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+
+
+
+	^usaspending.gov: Dropped over http & https
+
+
+	These altnames don't exist:
+
+		- gis.usaspending.gov
+
+
+	Insecure cookies are set for these hosts:
+
+		- openbeta-comm.usaspending.gov
+
+-->
+<ruleset name="USAspending.gov" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="apps.usaspending.gov" />
+	<target host="data.usaspending.gov" />
+	<target host="openbeta.usaspending.gov" />
+	<target host="openbeta-comm.usaspending.gov" />
+	<target host="www.usaspending.gov" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^openbeta-comm\.usaspending\.gov$" name="^bb(?:lastactivity|lastvisit|sessionhash)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/USBank.xml b/src/chrome/content/rules/USBank.xml
index 2b2ebef4e246..db0de92b24e0 100644
--- a/src/chrome/content/rules/USBank.xml
+++ b/src/chrome/content/rules/USBank.xml
@@ -1,7 +1,66 @@
+<!--
+	Fully covered subdomains:
+
+		- (www.)
+		- access
+		- espanol
+		- m
+		- mm
+		- ms
+		- ms2
+		- onlinebanking
+		- trustnowessentials
+		- wwws
+
+
+	Insecure cookies are set for these domains:
+
+		- ^
+		- access
+		- m
+		- mm
+		- ms
+		- ms2
+		- onlinebanking
+		- trustnowessentials
+		- www
+		- wwws
+
+
+	These altnames don't exist:
+
+		- MS3.USBANK.COM
+
+-->
 <ruleset name="USBank">
-<target host="usbank.com" />
-<target host="www.usbank.com" />
 
-<rule from="^http://(?:www\.)?usbank\.com/" to="https://www.usbank.com/"/>
-</ruleset>
+	<target host="usbank.com" />
+	<target host="access.usbank.com" />
+	<target host="m.usbank.com" />
+	<target host="mm.usbank.com" />
+	<target host="ms.usbank.com" />
+	<target host="ms2.usbank.com" />
+	<target host="onlinebanking.usbank.com" />
+	<target host="trustnowessentials.usbank.com" />
+	<target host="www.usbank.com" />
+	<target host="wwws.usbank.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(m\.|www\.)?usbank\.com$" name="^www-OBC-https$" /-->
+	<!--securecookie host="^access\.usbank\.com$" name="^(LBACCESS|ObFormLoginCookie)$" /-->
+	<!--securecookie host="^(mm|ms|ms2)\.usbank\.com$" name="^(ASPSESSIONID[A-Z]{8}|uniquesig[\dA-F]{95})$" /-->
+	<!--securecookie host="^mm\.usbank\.com$" name="^(EXTMM|MM)$" /-->
+	<!--securecookie host="^ms\.usbank\.com$" name="^EXTMS-EP$" /-->
+	<!--securecookie host="^ms2\.usbank\.com$" name="^EXTMS2$" /-->
+	<!--securecookie host="^onlinebanking\.usbank\.com$" name="^(ASP.NET_SessionId|EXTOLB|OLBWeb)$" /-->
+	<!--securecookie host="^trustnowessentials\.usbank\.com$" name="^(JSESSIONID_Trust|ObFormLoginCookie|TNEPROD|coreidLogin)$" /-->
+	<!--securecookie host="^wwws\.usbank\.com$" name="^wwws-EP-https$" /-->
+
+	<securecookie host="^(?:(?:access|mm?|ms2?|onlinebanking|trustnowessentials|wwws?)\.)?usbank\.com$" name=".+" />
 
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/USC.edu-falsemixed.xml b/src/chrome/content/rules/USC.edu-falsemixed.xml
new file mode 100644
index 000000000000..fa84f3a1705d
--- /dev/null
+++ b/src/chrome/content/rules/USC.edu-falsemixed.xml
@@ -0,0 +1,18 @@
+<!--
+	For rules not causing false/broken MCB, see University-of-Southern-California.xml.
+
+-->
+<ruleset name="USC.edu (false MCB)" platform="mixedcontent">
+
+	<target host="healthstream.usc.edu" />
+	<target host="keckapps.usc.edu" />
+	<target host="roski.usc.edu" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/USConstitution.net.xml b/src/chrome/content/rules/USConstitution.net.xml
new file mode 100644
index 000000000000..6192044fda5f
--- /dev/null
+++ b/src/chrome/content/rules/USConstitution.net.xml
@@ -0,0 +1,26 @@
+<!--
+	CDN buckets:
+
+		- d3s15m2pa5pup1.cloudfront.net
+
+			- cdn
+			- cdn-7
+
+
+	Nonfunctional subdomains:
+
+		- (www.) *
+
+	* Reset
+
+-->
+<ruleset name="USConstitution.net (partial)">
+
+	<target host="cdn.usconstitution.net" />
+	<target host="cdn-7.usconstitution.net" />
+
+
+	<rule from="^http://cdn(?:-7)?\.usconstitution\.net/"
+		to="https://d3s15m2pa5pup1.cloudfront.net/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/USDA-ARS.xml b/src/chrome/content/rules/USDA-ARS.xml
index 762d4dfed8a2..4ef3735f3745 100644
--- a/src/chrome/content/rules/USDA-ARS.xml
+++ b/src/chrome/content/rules/USDA-ARS.xml
@@ -1,6 +1,16 @@
-<ruleset name="USDA-ARS">
-  <target host="ars.usda.gov" />
-  <target host="www.ars.usda.gov" />
-  <rule from="^http://(?:www\.)?ars\.usda\.gov/"
-          to="https://www.ars.usda.gov/"/>
+<!--
+	For rules that are on by default, see United-States-Department-of-Agriculture.xml.
+
+-->
+<ruleset name="USDA-ARS" default_off="cert-chain">
+
+	<target host="www.ars.usda.gov" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/USENIX.xml b/src/chrome/content/rules/USENIX.xml
index 92afbf6b8fdd..ca83bf4db38e 100644
--- a/src/chrome/content/rules/USENIX.xml
+++ b/src/chrome/content/rules/USENIX.xml
@@ -1,7 +1,7 @@
 <ruleset name="USENIX">
 	<target host="usenix.org" />
 	<target host="www.usenix.org" />
-	<rule from="^https?://www\.usenix\.org/" to="https://www.usenix.org/"/>
-	<rule from="^https?://usenix\.org/" to="https://www.usenix.org/"/>
+	<rule from="^http://www\.usenix\.org/" to="https://www.usenix.org/"/>
+	<rule from="^http://usenix\.org/" to="https://www.usenix.org/"/>
 </ruleset>
 
diff --git a/src/chrome/content/rules/USE_OTR_Project.org.xml b/src/chrome/content/rules/USE_OTR_Project.org.xml
new file mode 100644
index 000000000000..e4268d1cd393
--- /dev/null
+++ b/src/chrome/content/rules/USE_OTR_Project.org.xml
@@ -0,0 +1,16 @@
+<!--
+	www.useotrproject.org: Mismatched
+
+
+	^useotrproject.org does not exist.
+
+-->
+<ruleset name="USE OTR Project.org">
+
+	<target host="www.useotrproject.org" />
+
+
+	<rule from="^http://www\.useotrproject\.org/"
+		to="https://www.otr.im/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/USFSP.edu.xml b/src/chrome/content/rules/USFSP.edu.xml
new file mode 100644
index 000000000000..7857492e3a0d
--- /dev/null
+++ b/src/chrome/content/rules/USFSP.edu.xml
@@ -0,0 +1,17 @@
+<!--
+	For University of South Florida in Tampa see University-of-South-Florida.xml
+
+	Mismatched:
+		- ^
+
+	Incomplete certificate chain:
+		- vpn
+-->
+<ruleset name="USFSP.edu">
+	<target host="usfsp.edu" />
+	<target host="www.usfsp.edu" />
+	<target host="sharemypc.usfsp.edu" />
+
+	<rule from="^http://usfsp\.edu/" to="https://www.usfsp.edu/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/USF_CA.edu.xml b/src/chrome/content/rules/USF_CA.edu.xml
new file mode 100644
index 000000000000..42b4adfb92d6
--- /dev/null
+++ b/src/chrome/content/rules/USF_CA.edu.xml
@@ -0,0 +1,48 @@
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://usfca.edu/ => https://usfca.edu/: (28, 'Connection timed out after 10001 milliseconds')
+	University of San Francisco
+
+
+	Problematic subdomains:
+
+		- hashtag	(mismatched, CN: *.scoop.it)
+
+
+	Partially covered subdomains:
+
+		- hashtag	(→ www.scoop.it, $ redirects to http)
+
+
+	Fully covered subdomains:
+
+		- (www.)
+		- web
+
+
+	Observed cookie domains:
+
+		- ^
+		- hashtag
+		- web
+		- www
+
+-->
+<ruleset name="USF CA.edu (partial)">
+
+	<target host="usfca.edu" />
+	<target host="web.usfca.edu" />
+	<target host="www.usfca.edu" />
+	<target host="hashtag.usfca.edu" />
+
+
+	<securecookie host="^(?:web\.|www\.)?usfca\.edu$" name=".+" />
+
+
+	<rule from="^http://(web\.|www\.)?usfca\.edu/"
+		to="https://$1usfca.edu/" />
+
+	<rule from="^http://hashtag\.usfca\.edu/resources/"
+		to="https://www.scoop.it/resources/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/USFreeads.xml b/src/chrome/content/rules/USFreeads.xml
index a89ea3ffc565..f6beacdd1549 100644
--- a/src/chrome/content/rules/USFreeads.xml
+++ b/src/chrome/content/rules/USFreeads.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(www\.)?usfreeads\.com/(favicon\.ico|files/|modules/|uploads/)"
 		to="https://$1usfreeads.com/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/USMA.edu.xml b/src/chrome/content/rules/USMA.edu.xml
new file mode 100644
index 000000000000..ecabcd3f1915
--- /dev/null
+++ b/src/chrome/content/rules/USMA.edu.xml
@@ -0,0 +1,15 @@
+<!--
+	(www.)?usma.edu: Dropped
+
+-->
+<ruleset name="USMA.edu (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.ctc.usma.edu" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/USNI.org-problematic.xml b/src/chrome/content/rules/USNI.org-problematic.xml
new file mode 100644
index 000000000000..88c355c7c552
--- /dev/null
+++ b/src/chrome/content/rules/USNI.org-problematic.xml
@@ -0,0 +1,13 @@
+<!--
+	For rules that are on by default, see USNI.org.xml.
+
+-->
+<ruleset name="USNI.org (false MCB)" platform="mixedcontent">
+
+	<target host="blog.usni.org" />
+	<target host="news.usni.org" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/USNI.org.xml b/src/chrome/content/rules/USNI.org.xml
new file mode 100644
index 000000000000..e9511926235a
--- /dev/null
+++ b/src/chrome/content/rules/USNI.org.xml
@@ -0,0 +1,59 @@
+<!--
+	For problematic rules, see USNI.org-problematic.xml.
+
+
+	United States Naval Institute
+
+
+	Problematic subdomains:
+
+		- ^ *
+		- cdn0[2346-9] *
+		- news *
+
+	* Expired 2014-08-07
+
+
+	(www.): at least some pages redirect to http
+
+
+	Mixed content:
+
+		- iframe on blog from www.scribd.com *
+
+		- css on blog and news from blog *
+		- css on news from $self *
+		- css on news from fonts.googleapis.com *
+
+		- Images on blog from $self *
+		- Images on blog and news from i[012].wp.com *
+		- Images on news from $self *
+
+		- Bugs on blog and www from i.creativecommons.org *
+		- Bugs on blog from cdn.socialtwist.com *
+		- Bugs on blog from images.socialtwist.com *
+		- Bugs on news from w.sharethis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="USNI.org (partial)">
+
+	<target host="usni.org" />
+	<target host="*.usni.org" />
+		<!--exclusion pattern="^http://(www\.)?usni\.org/(?!(about|cart|membership|user)($|[?/])|sites/)" /-->
+		<!--
+			Avoid false/broken MCB:
+						-->
+		<!--exclusion pattern="^http://blog\.usni\.org/+(?!\?mcsf_action=|favicon\.ico|mc_news\.css|wp-content/|wp-includes/)" /-->
+		<!--exclusion pattern="^http://news\.unsi\.org/+(?!favicon\.ico|wp-content/|wp-includes/)" /-->
+		<exclusion pattern="^http://(?:blog|news)\.usni\.org/+(?!\?mcsf_action=|favicon\.ico|mc_news\.css|wp-content/|wp-includes/)" />
+
+
+	<rule from="^http://(?:www\.)?usni\.org/(?=(?:about|cart|membership|user)(?:$|[?/])|sites/)"
+		to="https://www.usni.org/" />
+
+	<rule from="^http://(blog|cdn\d+|news)\.usni\.org/"
+		to="https://$1.usni.org/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/USNWC.edu.xml b/src/chrome/content/rules/USNWC.edu.xml
new file mode 100644
index 000000000000..6f22522d6229
--- /dev/null
+++ b/src/chrome/content/rules/USNWC.edu.xml
@@ -0,0 +1,32 @@
+<!--
+	U.S. Naval War College
+
+
+	Problematic hosts in *usnwc.edu:
+
+		- stockton ¹ ²
+
+	¹ Mismatched
+	² Mixed css
+
+
+	Mixed content:
+
+		- css on stockton from $self
+
+-->
+<ruleset name="USNWC.edu (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="usnwc.edu" />
+	<target host="www.usnwc.edu" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/USP.br.xml b/src/chrome/content/rules/USP.br.xml
new file mode 100644
index 000000000000..27b4cd36a5c7
--- /dev/null
+++ b/src/chrome/content/rules/USP.br.xml
@@ -0,0 +1,19 @@
+<!--
+	Nonfunctional subdomains:
+
+		- www.gpopai ¹
+		- pedidoemail ¹
+		- (www.)each.uspnet ²
+
+	¹ Refused
+	² 404
+
+-->
+<ruleset name="USP.br (partial)">
+
+	<target host="mail.usp.br" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/USPS.xml b/src/chrome/content/rules/USPS.xml
index 3f8cab86ec5a..057a8ea70c06 100644
--- a/src/chrome/content/rules/USPS.xml
+++ b/src/chrome/content/rules/USPS.xml
@@ -1,35 +1,75 @@
-<!--	!functional:
-		- faq			(refused)
-		- origin-dbcalc		(timeout)
-		- origin-ircalc		(ditto)
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://usps.com/ => https://www.usps.com/: Cycle detected - URL already encountered: https://www.usps.com/root/global/server_responses/webtools-msg.htm
+	Nonfunctional subdomains:
+
+		- faq ¹
+		- origin-dbcalc ²
+		- origin-ircalc ²
 		- origin-pe
-		- origin-postcalc	(timeout)
-		- ircalc		(Akamai, redirects to http)
-		- pe.usps		(ditto)
-		- postcalc		(ditto)
+		- origin-postcalc ²
+		- ircalc ³
+		- pe.usps ²
+		- postcalc ²
+
+	¹ Refused
+	² Dropped
+	³ Redirects to http, Akamai
 
 
 	Fully covered subdomains:
 
+		- (www.)?	(^ → www)
+		- about
 		- cns
+		- fast
 		- gateway
+		- gateway-cat
+		- moversguide
+		- my
+		- poboxes
 		- sdc
+		- shop
 		- store
+		- tools
+
+
+	These altnames don't exist:
+
+		- www.eddm.usps.com
+
+
+	Mixed content:
+
+		- Bug on tools from sdc *
+
+	* Secured by us
 
 -->
-<ruleset name="USPS">
+<ruleset name="USPS.com">
+
+	<target host="usps.com" />
+	<target host="www.usps.com" />
+	<target host="about.usps.com" />
+	<target host="cns.usps.com" />
+	<target host="fast.usps.com" />
+	<target host="gateway.usps.com" />
+	<target host="gateway-cat.usps.com" />
+	<target host="moversguide.usps.com" />
+	<target host="my.usps.com" />
+	<target host="poboxes.usps.com" />
+	<target host="sdc.usps.com" />
+	<target host="shop.usps.com" />
+	<target host="store.usps.com" />
+	<target host="tools.usps.com" />
+
 
-	<target host="usps.com"/>
-	<target host="*.usps.com"/>
+	<securecookie host=".+" name=".+"/>
 
-	<rule from="^http://usps\.com/"
-		to="https://www.usps.com/"/>
 
-	<securecookie host="^(.*\.)?usps\.com$" name=".*"/>
+	<rule from="^http://(?:www\.)?usps\.com/"
+		to="https://www.usps.com/" />
 
-	<!--	fast and gateway-cat are only useful for business
-		customers, but probably still worth listing here	-->
-	<rule from="^http://(about|cns|fast|gateway|gateway-cat|moversguide|sdc|shop|store|tools|www)\.usps\.com/"
-		to="https://$1.usps.com/"/>
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/USRowing.xml b/src/chrome/content/rules/USRowing.xml
index b14ea8e4e90f..751a8979de0a 100644
--- a/src/chrome/content/rules/USRowing.xml
+++ b/src/chrome/content/rules/USRowing.xml
@@ -3,7 +3,7 @@
 	- Some pages redirect to http
 
 -->
-<ruleset name="USRowing (partial)">
+<ruleset name="USRowing (partial)" default_off="refused">
 
 	<target host="usrowing.org" />
 	<target host="www.usrowing.org" />
@@ -12,4 +12,4 @@
 	<rule from="^http://(?:www\.)?usrowing\.org/(App_Themes/|jquery-1.4.2\.js|Libraries/|PopCalendar2008/CSS/|(?:Script|Web)Resource\.axd|[sS]itefinity/)"
 		to="https://www.usrowing.org/$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/UST.hk.xml b/src/chrome/content/rules/UST.hk.xml
new file mode 100644
index 000000000000..b8d4e2b8d827
--- /dev/null
+++ b/src/chrome/content/rules/UST.hk.xml
@@ -0,0 +1,194 @@
+<!--
+	Other UST.hk related rulesets:
+		+ HKUST.edu.cn.xml
+		+ HKUST-GZ.edu.cn.xml
+		+ HKUST.edu.hk.xml
+
+	Non-functional hosts:
+		Timeout was reached:
+		- w7.ab.ust.hk
+		- w8.ab.ust.hk
+		- admission.ust.hk
+		- www.bm.ust.hk
+		- ielm.ust.hk
+		- itsm.ust.hk
+		- lbdb.ust.hk
+		- intranet.math.ust.hk
+		- ustlib.ust.hk
+
+		SSL connect error (TLSv1 or TLSv1.1 earlier):
+		- alum.ust.hk
+
+		SSL connect error:
+		- search.ust.hk
+
+		SSL peer certificate was not OK:
+		- algebra.math.ust.hk
+		- hrmsxprod.psft.ust.hk
+		- sqmail.ust.hk
+		- sci.success.ust.hk
+		- ucalendar.ust.hk
+
+		Peer certificate cannot be authenticated with given CA certificates:
+		- ias.ust.hk
+		- www.sengpp.ust.hk
+
+		Incomplete certificate chain error:
+		- alumni.ust.hk
+		- connect.ust.hk
+		- epst.ust.hk
+		- kt.ust.hk
+		- sfao.ust.hk
+		- ss.ust.hk
+		- tle.seng.ust.hk
+
+		Status code mismatch:
+		- bigdata.cse.ust.hk
+
+		Mixed Content Blocking (MCB) tiggered:
+		- home.cse.ust.hk
+		- home.ust.hk
+		- ihome.ust.hk
+
+-->
+<ruleset name="UST.hk (partial)">
+	<target host="w5.ab.ust.hk" />
+	<test url="http://w5.ab.ust.hk/wcq/cgi-bin/1620/" />
+	<target host="w6.ab.ust.hk" />
+	<test url="http://w6.ab.ust.hk/fbs/" />
+	<target host="www.ab.ust.hk" />
+	<target host="access.ust.hk" />
+	<target host="alumgiving.ust.hk" />
+	<target host="archives.ust.hk" />
+	<target host="arr.ust.hk" />
+	<target host="asset.ust.hk" />
+
+	<target host="bdi.ust.hk" />
+	<target host="bme.ust.hk" />
+	<target host="booking.ust.hk" />
+	<target host="www.bri.ust.hk" />
+
+	<target host="cas.ust.hk" />
+	<target host="calendar.ust.hk" />
+	<target host="canvas.ust.hk" />
+	<target host="career.ust.hk" />
+	<target host="catalog.ust.hk" />
+	<target host="cbe.ust.hk" />
+	<target host="www.cdgt.ust.hk" />
+	<target host="citars.ust.hk" />
+	<target host="cle.ust.hk" />
+	<target host="cantalk.cle.ust.hk" />
+	<target host="adfs.connect.ust.hk" />
+	<target host="congregation.ust.hk" />
+	<target host="course.cse.ust.hk" />
+	<test url="http://course.cse.ust.hk/comp3711/03subarray.pdf" />
+	<target host="counsel.ust.hk" />
+	<test url="http://counsel.ust.hk/uploads/page/43/6f46d8803747383d2efab4249a12b9d8.JPG" />
+	<target host="covid19info.ust.hk" />
+	<target host="cssystem.cse.ust.hk" />
+	<target host="www.cse.ust.hk" />
+	<target host="cso.ust.hk" />
+
+	<target host="dao.ust.hk" />
+	<target host="datahub.ust.hk" />
+	<target host="dataprivacy.ust.hk" />
+	<target host="dataspace.ust.hk" />
+	<target host="digitalimages.ust.hk" />
+	<target host="download.ust.hk" />
+
+	<target host="www.ec.ust.hk" />
+	<target host="ecenter.ust.hk" />
+	<target host="engage.ust.hk" />
+	<target host="owa.exchange.ust.hk" />
+	<target host="lib.ezproxy.ust.hk" />
+	<target host="login.lib.ezproxy.ust.hk" />
+	
+	<target host="facultyprofiles.ust.hk" />
+
+	<target host="giving.ust.hk" />
+	<target host="gz.ust.hk" />
+	
+	<target host="hseo.ust.hk" />
+
+	<target host="iao.ust.hk" />
+	<target host="idp.ust.hk" />
+	<test url="http://idp.ust.hk/idp/images/logo.png" />
+	<target host="iis.ust.hk" />
+	<test url="http://iis.ust.hk/phonebk/dept.asp" />
+	<target host="illiad.ust.hk" />
+	<target host="iso.ust.hk" />
+	<target host="itsc.ust.hk" />
+	<target host="itscapps.ust.hk" />
+	
+	<target host="hkustcareers.ust.hk" />
+
+	<target host="join.ust.hk" />
+
+	<target host="lbapps.ust.hk" />
+	<target host="lbams.ust.hk" />
+	<target host="lbbooking.ust.hk" />
+	<target host="lbcone.ust.hk" />
+	<test url="http://lbcone.ust.hk/booktalk/" />
+	<target host="lbcube.ust.hk" />
+	<target host="lbdata.ust.hk" />
+	<target host="lbdiscover.ust.hk" />
+	<target host="lbezone.ust.hk" />
+	<target host="lbjcrs.ust.hk" />
+	<target host="lbpics.ust.hk" />
+	<target host="lbsearch.ust.hk" />
+	<target host="lbsphere.ust.hk" />
+	<target host="lbstaff.ust.hk" />
+	<target host="libguides.ust.hk" />
+	<target host="library.ust.hk" />
+	<target host="lists.ust.hk" />
+
+	<target host="webwork.math.ust.hk" />
+	<target host="www.math.ust.hk" />
+	<target host="mtpc.ust.hk" />
+	<target host="mtpcnews.ust.hk" />
+	<test url="http://mtpcnews.ust.hk/issue1/feature/" />
+	<target host="my.ust.hk" />
+	<target host="my-ai.ust.hk" />
+	<target host="myaccount.ust.hk" />
+	<target host="mystudyabroad.ust.hk" />
+	
+	<target host="news.ust.hk" />
+
+	<target host="o365.ust.hk" />
+	<target host="onemilliondollar.ust.hk" />
+
+	<target host="pg.ust.hk" />
+	<target host="login.psft.ust.hk" />
+	<target host="sisprod.psft.ust.hk" />
+	<test url="http://sisprod.psft.ust.hk/psp/SISPROD/" />
+	
+	<target host="repository.ust.hk" />
+
+	<target host="sao.ust.hk" />
+	<target host="sdb.science.ust.hk" />
+	<test url="http://sdb.science.ust.hk/mySCI/" />
+	<target host="souvenir.ust.hk" />
+
+	<target host="transcript.ust.hk" />
+
+	<target host="uce.ust.hk" />
+	<target host="urop.ust.hk" />
+	<!-- target host="ucalendar.ust.hk" />
+	<test url="http://ucalendar.ust.hk/cgi-bin/cas_login.php" / -->
+
+	<target host="video.ust.hk" />
+	<target host="vprd.ust.hk" />
+
+	<target host="www.ust.hk" />
+
+	<securecookie host="access\.ust\.hk$" name=".+" />
+	<securecookie host="cas\.ust\.hk$" name=".+" />
+	<securecookie host="canvas\.ust\.hk$" name=".+" />
+	<securecookie host="career\.ust\.hk$" name=".+" />
+	<securecookie host="adfs\.connect\.ust\.hk$" name=".+" />
+	<securecookie host="myaccount\.ust\.hk$" name=".+" />
+	<securecookie host="psft\.ust\.hk$" name=".+" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/USTC.edu.cn.xml b/src/chrome/content/rules/USTC.edu.cn.xml
new file mode 100644
index 000000000000..ea4cc4e6e3f6
--- /dev/null
+++ b/src/chrome/content/rules/USTC.edu.cn.xml
@@ -0,0 +1,115 @@
+<!--
+	Redirect to HTTP:
+		biotech.ustc.edu.cn
+		www.job.ustc.edu.cn
+
+	Refused:
+		cloud.ustc.edu.cn
+		vpn.ustc.edu.cn
+
+	Time out:
+		home.ustc.edu.cn
+		lib.ustc.edu.cn
+		staff.ustc.edu.cn
+		video.cmet.ustc.edu.cn
+		wlkt.ustc.edu.cn
+		wlt.ustc.edu.cn
+		zbh.ustc.edu.cn
+
+	Mixed content:
+		ahips.ustc.edu.cn
+		math.ustc.edu.cn
+		rec.ustc.edu.cn
+-->
+<ruleset name="USTC.edu.cn (partial)">
+	<target host="www.ustc.edu.cn" />
+	<target host="12ddh.ustc.edu.cn" />
+	<target host="arch.ustc.edu.cn" />
+	<target host="auto.ustc.edu.cn" />
+	<target host="bbs.ustc.edu.cn" />
+	<target host="biox.ustc.edu.cn" />
+	<target host="blackip.ustc.edu.cn" />
+	<target host="bs.ustc.edu.cn" />
+	<target host="business.ustc.edu.cn" />
+	<target host="cpst.ustc.edu.cn" />
+	<target host="cs.ustc.edu.cn" />
+	<target host="cswiki.ustc.edu.cn" />
+	<target host="cybersec.ustc.edu.cn" />
+	<target host="djyszw.ustc.edu.cn" />
+	<target host="drstone.ustc.edu.cn" />
+	<target host="dsxt.ustc.edu.cn" />
+	<target host="email.ustc.edu.cn" />
+	<target host="employment.ustc.edu.cn" />
+	<target host="en.ustc.edu.cn" />
+	<target host="en.ess.ustc.edu.cn" />
+	<target host="env.ustc.edu.cn" />
+	<target host="esetc.ustc.edu.cn" />
+	<target host="ess.ustc.edu.cn" />
+	<target host="fc.ustc.edu.cn" />
+	<target host="fgy.ustc.edu.cn" />
+	<target host="finance.ustc.edu.cn" />
+	<target host="gong.ustc.edu.cn" />
+	<target host="gradschool.ustc.edu.cn" />
+	<target host="hr.ustc.edu.cn" />
+	<target host="hsss.ustc.edu.cn" />
+	<target host="i.ustc.edu.cn" />
+	<target host="iat.ustc.edu.cn" />
+	<target host="icqd.ustc.edu.cn" />
+	<target host="linux.ustc.edu.cn" />
+	<target host="lmmr.ustc.edu.cn" />
+	<target host="lswhw.ustc.edu.cn" />
+	<target host="mba.ustc.edu.cn" />
+	<target host="mcg.ustc.edu.cn" />
+	<target host="mf.ustc.edu.cn" />
+	<target host="mis.sse.ustc.edu.cn" />
+	<target host="nanomedicine.ustc.edu.cn" />
+	<target host="netfee.ustc.edu.cn" />
+	<target host="news.ustc.edu.cn" />
+	<target host="nsti.ustc.edu.cn" />
+	<target host="owc.ustc.edu.cn" />
+	<target host="pas.ustc.edu.cn" />
+	<target host="passport.ustc.edu.cn" />
+	<target host="physics.ustc.edu.cn" />
+	<target host="qybx.ustc.edu.cn" />
+	<target host="rec2.ustc.edu.cn" />
+	<target host="rss.ustc.edu.cn" />
+	<target host="safetyse.ustc.edu.cn" />
+	<target host="scc.ustc.edu.cn" />
+	<target host="scgy.ustc.edu.cn" />
+	<target host="scms.ustc.edu.cn" />
+	<target host="sds.ustc.edu.cn" />
+	<target host="ses.ustc.edu.cn" />
+	<target host="sias.ustc.edu.cn" />
+	<target host="sist.ustc.edu.cn" />
+	<target host="sme.ustc.edu.cn" />
+	<target host="sse.ustc.edu.cn" />
+	<target host="step.ustc.edu.cn" />
+	<target host="studyabroad.ustc.edu.cn" />
+	<target host="ustcnet.ustc.edu.cn" />
+	<target host="ustcnet1.ustc.edu.cn" />
+	<target host="www.hfnl.ustc.edu.cn" />
+	<target host="www.snst.ustc.edu.cn" />
+	<target host="www.teach.ustc.edu.cn" />
+	<target host="www2.ustc.edu.cn" />
+	<target host="xxgk.ustc.edu.cn" />
+	<target host="young.ustc.edu.cn" />
+	<target host="yz.ustc.edu.cn" />
+	<target host="zsb.ustc.edu.cn" />
+	<!--USTCLUG Mirrors begin-->
+	<target host="lug.ustc.edu.cn" />
+	<target host="git.lug.ustc.edu.cn" />
+	<target host="mirrors.ustc.edu.cn" />
+	<target host="cernet.mirrors.ustc.edu.cn" />
+	<target host="chinanet.mirrors.ustc.edu.cn" />
+	<target host="cmcc.mirrors.ustc.edu.cn" />
+	<target host="ipv4.mirrors.ustc.edu.cn" />
+	<target host="ipv6.mirrors.ustc.edu.cn" />
+	<target host="unicom.mirrors.ustc.edu.cn" />
+	<target host="pgp.ustc.edu.cn" />
+	<!--USTCLUG reverse proxy begin-->
+	<target host="docker.mirrors.ustc.edu.cn" />
+	<target host="fonts.lug.ustc.edu.cn" />
+	<target host="fonts-gstatic.lug.ustc.edu.cn" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/USUHS.edu.xml b/src/chrome/content/rules/USUHS.edu.xml
new file mode 100644
index 000000000000..2e8ee8899007
--- /dev/null
+++ b/src/chrome/content/rules/USUHS.edu.xml
@@ -0,0 +1,50 @@
+<!--
+	Other Uniformed Services University of the Health Sciences rulesets:
+
+		- USUHS.mil.xml
+
+
+	Nonfunctional hosts in *usuhs.edu:
+
+		- pac.lrc ¹
+		- rcs28.lrc ²
+
+	¹ 502
+	² Differs from http
+
+
+	These altnames don't exist:
+
+		- doc.lrc.usuhs.edu
+		- e-reserve.lrc.usuhs.edu
+
+
+	Insecure cookies are set for these hosts:
+
+		- er.lrc.usuhs.edu
+		- rcs28.lrc.usuhs.edu
+
+-->
+<ruleset name="USUHS.edu (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="cas.usuhs.edu" />
+	<target host="cac.cas.usuhs.edu" />
+	<target host="iwcp.usuhs.edu" />
+	<target host="er.lrc.usuhs.edu" />
+	<target host="www.lrc.usuhs.edu" />
+	<target host="www.usuhs.edu" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:er|rcs28)\.lrc\.usuhs\.edu$" name="^PHPSESSID$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/USUHS.mil.xml b/src/chrome/content/rules/USUHS.mil.xml
new file mode 100644
index 000000000000..af27c10319ea
--- /dev/null
+++ b/src/chrome/content/rules/USUHS.mil.xml
@@ -0,0 +1,18 @@
+<!--
+	For other Uniformed Services University of the Health Sciences coverage, see USUHS.edu.xml.
+
+
+	^usuhs.mil doesn't exist.
+
+-->
+<ruleset name="USUHS.mil">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.usuhs.mil" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/US_Bank_Client_Advocacy.xml b/src/chrome/content/rules/US_Bank_Client_Advocacy.xml
deleted file mode 100644
index d2bb56ade272..000000000000
--- a/src/chrome/content/rules/US_Bank_Client_Advocacy.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="U.S. Bank Client Advocacy">
-
-	<target host="usbclientadvocacy.com" />
-	<target host="*.usbclientadvocacy.com" />
-
-
-	<securecookie host="^(?:www)?\.usbclientadvocacy\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?usbclientadvocacy\.com/"
-		to="https://$1usbclientadvocacy.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/US_Citizenship_and_Immigration_Services.xml b/src/chrome/content/rules/US_Citizenship_and_Immigration_Services.xml
deleted file mode 100644
index 0805555265ce..000000000000
--- a/src/chrome/content/rules/US_Citizenship_and_Immigration_Services.xml
+++ /dev/null
@@ -1,30 +0,0 @@
-<!--
-	For other U.S. government coverage, see US-government.xml.
-
-
-
-	Nonfunctional subdomains:
-
-		- ^	(times out)
-		- blog	(interrupted)
-		- www	(403, akamai)
-
-
-	Partially covered subdomains:
-
-		- infopass	($ redirects to http, css/infopass2.css 404s)
-
--->
-<ruleset name="U.S. Citizenship and Immigration Services (partial)">
-
-	<target host="*.uscis.gov" />
-		<exclusion pattern="^http://infopass\.uscis\.gov/(?:$|css/infopass2\.css)" />
-
-
-	<rule from="^https?://blog\.uscis\.gov/favicon\.ico"	
-		to="https://www.blogger.com/favicon.ico" />
-
-	<rule from="^http://(egov|infopass)\.uscis\.gov/"
-		to="https://$1.uscis.gov/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/US_Courts.gov.xml b/src/chrome/content/rules/US_Courts.gov.xml
index 6b52e6754d3e..6f9e7db9d1a6 100644
--- a/src/chrome/content/rules/US_Courts.gov.xml
+++ b/src/chrome/content/rules/US_Courts.gov.xml
@@ -1,5 +1,4 @@
 <!--
-	For other U.S. government coverage, see US-government.xml.
 
 
 	CDN buckets:
@@ -8,24 +7,28 @@
 
 			- a381.g.akamai.net
 
-		- d3bsvxk93brmko.cloudfront.net
 
-			- cdn.ca9
+	Non-functional hosts
 
+		Timeout was reached:
+			 - coop.ca9.uscourts.gov
+			 - hosting.ca9.uscourts.gov
 
-	Nonfunctional subdomains:
+		Peer certificate cannot be authenticated with given CA certificates:
+			 - ecf-test.ca9.uscourts.gov
+			 - ecf-train.ca9.uscourts.gov
 
-		- ^		(refused)
-		- www.ca9	(dropped)
-		- www		(503, akamai)
+		Incomplete certificate chain error:
+			 - evoucher.ca9.uscourts.gov
 
--->
-<ruleset name="US Courts.gov (partial)">
+		Mixed Content Blocking (MCB) tiggered:
+			- www.ca9.uscourts.gov/rules/
 
+-->
+<ruleset name="US Courts.gov (partial)" platform="mixedcontent">
+	<target host="www.ca9.uscourts.gov" />
 	<target host="cdn.ca9.uscourts.gov" />
+	<target host="ecf.ca9.uscourts.gov" />
 
-
-	<rule from="^http://cdn\.ca9\.uscourts\.gov/"
-		to="https://d3bsvxk93brmko.cloudfront.net/" />
-
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/US_Cyber_Challenge.org.xml b/src/chrome/content/rules/US_Cyber_Challenge.org.xml
new file mode 100644
index 000000000000..65fbfdaa0cc1
--- /dev/null
+++ b/src/chrome/content/rules/US_Cyber_Challenge.org.xml
@@ -0,0 +1,15 @@
+<!--
+	Non-functional hosts
+		Timeout was reached:
+			 - uscyberchallenge.org
+-->
+<ruleset name="US Cyber Challenge.org">
+	<target host="uscyberchallenge.org" />
+	<target host="www.uscyberchallenge.org" />
+
+	<rule from="^http://uscyberchallenge\.org/"
+		  	to="https://www.uscyberchallenge.org/" />
+
+	<rule from="^http:"
+		  	to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/US_Department_of_Commerce.xml b/src/chrome/content/rules/US_Department_of_Commerce.xml
index 343e691b52da..7d4251ecc4b7 100644
--- a/src/chrome/content/rules/US_Department_of_Commerce.xml
+++ b/src/chrome/content/rules/US_Department_of_Commerce.xml
@@ -1,18 +1,35 @@
 <!--
-	For other U.S. government coverage, see US-government.xml.
+	U.S. Department of Commerce
+
 
 
 	Nonfunctional subdomains:
 
 		- efoia.bis	(replies with http)
+		- www2.ntia ʳ
+
+	ʳ Refused
+
+
+	Mixed content:
+
+		- Images on www.ntia from $self *
+
+	* Secured by us
 
 -->
-<ruleset name="U.S. Department of Commerce (partial)">
+<ruleset name="DOC.gov (partial)">
 
-	<target host="*.bis.doc.gov" />
+	<!--	Direct rewrites:
+				-->
+	<target host="mailinglist.bis.doc.gov" />
+	<target host="tac.bis.doc.gov" />
+	<target host="www.bis.doc.gov" />
+	<target host="ntia.doc.gov" />
+	<target host="www.ntia.doc.gov" />
 
 
-	<rule from="^http://(mailinglist|tac|www)\.bis\.doc\.gov/"
-		to="https://$1.bis.doc.gov/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/US_Department_of_the_Treasury.xml b/src/chrome/content/rules/US_Department_of_the_Treasury.xml
index 9b8be22dc99d..4a33aa38a719 100644
--- a/src/chrome/content/rules/US_Department_of_the_Treasury.xml
+++ b/src/chrome/content/rules/US_Department_of_the_Treasury.xml
@@ -1,29 +1,37 @@
 <!--
-	For other U.S. government coverage, see US-government.xml.
+	U.S. Department of the Treasury
 
 
-	Nonfunctional domains:
 
-		- treasury.gov		(times out)
-		- www.treasury.gov	(redirects to http, akamai)
+	Problematic hosts in *treas.gov:
 
+		- ^		(times out)
+		- fms *
+		- ots *
+		- www		(works, akamai)
 
-	Problematic domains:
-
-		- treas.gov		(times out)
-		- ots.treas.gov		(cert only matches www.ots)
-		- www.treas.gov		(works, akamai)
+	* Mismatched
 
 -->
-<ruleset name="U.S. Department of the Treasury (partial)">
+<ruleset name="Treas.gov (partial)">
+
+	<target host="www.fms.treas.gov" />
+	<target host="www.ots.treas.gov" />
+	<target host="arc.publicdebt.treas.gov" />
 
-	<target host="*.treas.gov" />
+	<!--	Complications:
+				-->
+	<target host="fms.treas.gov" />
+	<target host="ots.treas.gov" />
 
 
 	<securecookie host="^www\.ots\.treas\.gov$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?ots\.treas\.gov/"
+	<rule from="^http://ots\.treas\.gov/"
 		to="https://www.ots.treas.gov/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/US_Fish_and_Wildlife_Service.xml b/src/chrome/content/rules/US_Fish_and_Wildlife_Service.xml
deleted file mode 100644
index 4839a45e3652..000000000000
--- a/src/chrome/content/rules/US_Fish_and_Wildlife_Service.xml
+++ /dev/null
@@ -1,26 +0,0 @@
-<!--
-	For other U.S. government coverage, see US-government.xml.
-
-
-	Nonfunctional subdomains:
-
-		- digitalmedia	(no https)
-		- library *
-		- wsfrprograms *
-
-	* Times out
-
-
-	!www: no https
-
--->
-<ruleset name="U.S. Fish and Wildlife Service (partial)">
-
-	<target host="fws.gov" />
-	<target host="www.fws.gov" />
-
-
-	<rule from="^http://(?:www\.)?fws\.gov/"
-		to="https://www.fws.gov/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/US_Geological_Survey.xml b/src/chrome/content/rules/US_Geological_Survey.xml
index 4fd090e8c4a7..faebe01fbf8a 100644
--- a/src/chrome/content/rules/US_Geological_Survey.xml
+++ b/src/chrome/content/rules/US_Geological_Survey.xml
@@ -1,5 +1,4 @@
 <!--
-	For other U.S. government coverage, see US-government.xml.
 
 
 	Nonfunctional subdomains:
@@ -29,10 +28,11 @@
 -->
 <ruleset name="U.S. Geological Survey" platform="mixedcontent">
 
-	<target host="*.usgs.gov" />
+	<target host="answers.usgs.gov" />
+	<target host="nccwsc.usgs.gov" />
+	<target host="water.usgs.gov" />
 
 
-	<rule from="^http://(answers|nccwsc|water)\.usgs\.gov/"
-		to="https://$1.usgs.gov/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/US_Mission.gov.xml b/src/chrome/content/rules/US_Mission.gov.xml
new file mode 100644
index 000000000000..05b0f8cc52ec
--- /dev/null
+++ b/src/chrome/content/rules/US_Mission.gov.xml
@@ -0,0 +1,43 @@
+<!--
+
+
+	These altnames don't exist:
+
+		- www.geneva.usmission.gov
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- osce.usmission.gov
+		- .osce.usmission.gov
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Images on useu from photos.state.gov ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="US Mission.gov (partial)">
+
+	<target host="geneva.usmission.gov" />
+	<target host="osce.usmission.gov" />
+	<target host="useu.usmission.gov" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^geneva\.usmission\.gov$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^osce\.usmission\.gov$" name="^wordpress_google_apps_login$" /-->
+	<!--securecookie host="^\.osce\.usmission\.gov$" name="^pll_language$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/US_Nautic.xml b/src/chrome/content/rules/US_Nautic.xml
index 990cf3ef87cd..b3f1b7da3bb1 100644
--- a/src/chrome/content/rules/US_Nautic.xml
+++ b/src/chrome/content/rules/US_Nautic.xml
@@ -5,10 +5,10 @@
 <ruleset name="US Nautic (partial)">
 
 	<target host="usnautic.com" />
-	<target host="*.usnautic.com" />
+	<target host="www.usnautic.com" />
 
 
 	<rule from="^http://(www\.)?usnautic\.com/([cC]ontent/|en/customer/info|en/login|Plugins/|Themes/)"
 		to="https://$1usnautic.com/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/US_Patent_and_Trademark_Office.xml b/src/chrome/content/rules/US_Patent_and_Trademark_Office.xml
index 2659330a1f6c..0e2665474fde 100644
--- a/src/chrome/content/rules/US_Patent_and_Trademark_Office.xml
+++ b/src/chrome/content/rules/US_Patent_and_Trademark_Office.xml
@@ -44,13 +44,13 @@
 	<target host="*.uspto.gov" />
 
 
-	<securecookie host="^.+\.uspto\.gov$" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
 
 	<rule from="^http://(efs|oedci|ramps|tsdr)\.uspto\.gov/"
 		to="https://$1.uspto.gov/" />
 
-	<rule from="^https?://t(?:ar|d)r\.uspto\.gov/(?:\?.*)?$"
+	<rule from="^http://t(?:ar|d)r\.uspto\.gov/(?:\?.*)?$"
 		to="https://tdsr.uspto.gov/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/US_Pirates.org.xml b/src/chrome/content/rules/US_Pirates.org.xml
new file mode 100644
index 000000000000..b771c725b4af
--- /dev/null
+++ b/src/chrome/content/rules/US_Pirates.org.xml
@@ -0,0 +1,16 @@
+<!--
+	For other Pirate Party coverage, see PirateParty.xml.
+-->
+<ruleset name="US Pirates.org">
+
+	<target host="uspirates.org" />
+	<target host="www.uspirates.org" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/US_State_Department.xml b/src/chrome/content/rules/US_State_Department.xml
index 76b8ba4323d4..90643e846e94 100644
--- a/src/chrome/content/rules/US_State_Department.xml
+++ b/src/chrome/content/rules/US_State_Department.xml
@@ -1,31 +1,380 @@
+
 <!--
-	For other U.S. government coverage, see US-government.xml.
+Disabled by https-everywhere-checker because:
+Fetch error: http://brusselsnewcomernetwork.state.gov/ => https://brusselsnewcomernetwork.state.gov/: (6, 'Could not resolve host: brusselsnewcomernetwork.state.gov')
+Fetch error: http://communitiesx.state.gov/ => https://communitiesx.state.gov/: (6, 'Could not resolve host: communitiesx.state.gov')
+Fetch error: http://evaluations.state.gov/ => https://evaluations.state.gov/: (6, 'Could not resolve host: evaluations.state.gov')
+Fetch error: http://fepp.state.gov/ => https://fepp.state.gov/: (6, 'Could not resolve host: fepp.state.gov')
+Fetch error: http://future.state.gov/ => https://future.state.gov/: (6, 'Could not resolve host: future.state.gov')
+Fetch error: http://gpoi.state.gov/ => https://gpoi.state.gov/: (6, 'Could not resolve host: gpoi.state.gov')
+Fetch error: http://iiphighlights.state.gov/ => https://iiphighlights.state.gov/: (6, 'Could not resolve host: iiphighlights.state.gov')
+Fetch error: http://www.iiphighlights.state.gov/ => https://www.iiphighlights.state.gov/: (6, 'Could not resolve host: www.iiphighlights.state.gov')
+Fetch error: http://openinternet.state.gov/ => https://openinternet.state.gov/: (6, 'Could not resolve host: openinternet.state.gov')
+Fetch error: http://www.openinternet.state.gov/ => https://www.openinternet.state.gov/: (6, 'Could not resolve host: www.openinternet.state.gov')
+Fetch error: http://paie.state.gov/ => https://paie.state.gov/: (6, 'Could not resolve host: paie.state.gov')
+Fetch error: http://parisclubportal.state.gov/ => https://parisclubportal.state.gov/: (6, 'Could not resolve host: parisclubportal.state.gov')
+Fetch error: http://sppd.state.gov/ => https://sppd.state.gov/: (6, 'Could not resolve host: sppd.state.gov')
+Fetch error: http://statebuy.state.gov/ => https://statebuy.state.gov/: (6, 'Could not resolve host: statebuy.state.gov')
+Fetch error: http://www.statebuy.state.gov/ => https://www.statebuy.state.gov/: (6, 'Could not resolve host: www.statebuy.state.gov')
+Fetch error: http://step.state.gov/ => https://step.state.gov/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://travelregistration.state.gov/ => https://travelregistration.state.gov/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://uk.state.gov/ => https://uk.state.gov/: (35, 'Unknown SSL protocol error in connection to uk.state.gov:443 ')
+
+	NB: p://infocentral.../$ redirects to s:// 404
+	?=> fetch check failure
+
+	U.S. Department of State
+
+	For rules causing false/broken MCB, see state.gov-falsemixed.xml.
+
+
+
+	CDN buckets:
+
+		- s3.amazonaws.com/static.history.state.gov/
+
+
+	Nonfunctional hosts in *state.gov:
+
+		- fpc ʰ
+		- (www.)?ibwc ᵈ
+		- mapgive ʳ
+		- overseasbuildings ³
+		- search ᶠ
+		- secondarycities ʳ
+		- translations ᵃ
+		- (www.)?usun *
+		- video ᵈ
+
+	* Blank page
+	³ 503
+	ᵃ Shows another domain
+	ᵈ Dropped
+	ᶠ Handshake fails
+	ʰ Redirects to http
+	ʳ Refused
+
+
+	Problematic hosts in *state.gov:
+
+		- ^ ᵐ ˢ
+		- 2001-2009 ᴬ
+		- www.adoption ᵐ
+		- aoprals ᶜ
+		- art * ᵉ ᵐ
+		- www.blogs ** ᵐ
+		- campususa ᵐ
+		- www.careers ᵐ
+		- www.conferences ᶜ
+		- contact-us ᴬ
+		- csm ᶜ
+		- diplomacy ˣ
+		- ejusa ᵉ ᵐ ˢ
+		- exportcontrol ᶜ
+		- www.f ᶜ
+		- ghaznitowers ᵐ
+		- www.history ᵐ
+		- hiu ᶜ
+		- www.infocentral ᵐ
+		- isn-bps-bwc ᶜ
+		- m ᴬ
+		- www.managingforresults ᶜ
+		- mobilepa ᵉ
+		- www.oig ᵉ ᵐ ˢ
+		- www.passports ᵐ
+		- pmddtc ᵐ
+		- apps.ssl ᵉ
+		- www.tradepromotion ᶜ
+		- www.travel ᵐ
+		- ttip ᵉ ᵐ ˢ
+		- www.usembassy ᵉ ᵐ ˢ
+		- usspaceobjectsregistry ᶜ
+		- www.usvisas ᵐ
+		- welcomecanada ᶜ
+		- www.yali ³ ᵐ
+
+	* Expired cert at equivalent domain
+	** Differs from ^foo
+	³ 403
+	ᴬ Akamai / mismatched
+	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
+	ᵉ Expired
+	ᵐ Mismatched
+	ˢ Self-signed
+	ˣ Mixed css
+
+
+	These altnames do not exist:
+
+		- www.fam.state.gov
+		- www.communitiesx.state.gov
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- .state.gov
+		- americanspaces.state.gov
+		- art.state.gov
+		- careers.state.gov
+		- www.careers.state.gov
+		- www.conferences.state.gov
+		- diplomaticrooms.state.gov
+		- eforms.state.gov
+		- eshop.state.gov
+		- evisaforms.state.gov
+		- fam.state.gov
+		- findit.state.gov
+		- fojems.state.gov
+		- history.state.gov
+		- hiu.state.gov
+		- .infocentral.state.gov
+		- j1visa.state.gov
+		- www.j1visa.state.gov
+		- j1visawaiverrecommendation.state.gov
+		- j1visawaiverstatus.state.gov
+		- pabudget.state.gov
+		- paclearances.state.gov
+		- paitstaging.state.gov
+		- pareviews.state.gov
+		- passportstatus.state.gov
+		- pptform.state.gov
+		- pressguidance2.state.gov
+		- register.state.gov
+		- speakerinvitation.state.gov
+		- speakerrequest.state.gov
+		- www.statebuy.state.gov
+		- step.state.gov
+		- timekat.state.gov
+		- welcomecanada.state.gov
+		- yali.state.gov
+		- youngsoutheastasianleaders.state.gov
 
+	ᶜ See https://owasp.org/index.php/SecureFlag
 
-	Nonfunctional subdomains:
 
-		- travel	(times out)
+	Mixed content:
 
+		- iframes, on:
 
-	Problematic subdomains:
+			- art from www.youtube-nocookie.com ˢ
+			- diplomacy from c.brightcove.com ˢ
 
-		- ^		(interrupted)
-		- oig *
-		- www *
+		- flash on diplomacy from admin.brightcove.com ˢ
 
-	* Works, akamai
+		- css, on:
+
+			- eshop from fonts.googleapis.com ˢ
+			- eshop from code.jquery.com ˢ
+
+		- Images, on:
+
+			- 2001-2009 from www.state.gov ˢ
+			- (www.)?eca from pbs.twimg.com ˢ
+			- diplomaticrooms, j1visa, www.statebuy from $self ˢ
+			- art from $self ᵉ
+			- m from brightcove.vo.llnwd.net
+			- mepi from mepi.seiservices.com
+			- mepi, apps.ssl from photos.state.gov ˢ
+			- openinternet from prod.intgov.getusinfo.com ᶠ
+
+		- Bug on infocentral from sdc.usembassy.com ᶠ
+
+	ᵉ Not secured by us <= expired
+	ᶠ Unsecurable <= handshake fails
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="U.S. State Department (partial)" default_off="mismatched">
+<ruleset name="State.gov (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="adoption.state.gov" />
+	<target host="alumni.state.gov" />
+	<target host="www.alumni.state.gov" />
+	<target host="americanenglish.state.gov" />
+	<target host="www.americanenglish.state.gov" />
+	<target host="americanspaces.state.gov" />
+	<!--target host="aoprals.state.gov" /-->
+	<target host="blogs.state.gov" />
+	<target host="brusselsnewcomernetwork.state.gov" />
+	<target host="careers.state.gov" />
+	<target host="ceac.state.gov" />
+	<target host="childabduction.state.gov" />
+	<target host="communitiesx.state.gov" />
+	<!--target host="www.conferences.state.gov" /-->
+	<!--target host="csm.state.gov" /-->
+	<!--target host="diplomacy.state.gov" /-->
+	<target host="diplomaticrooms.state.gov" />
+	<target host="eca.state.gov" />
+	<target host="www.eca.state.gov" />
+	<target host="educationusa.state.gov" />
+	<target host="www.educationusa.state.gov" />
+	<target host="eforms.state.gov" />
+	<target host="elibraryusa.state.gov" />
+	<target host="eshop.state.gov" />
+	<target host="evaluations.state.gov" />
+	<target host="evisaforms.state.gov" />
+	<target host="exchanges.state.gov" />
+	<target host="www.exchanges.state.gov" />
+	<!--target host="exportcontrol.state.gov" /-->
+	<!--target host="www.f.state.gov" /-->
+	<target host="fam.state.gov" />
+	<target host="fepp.state.gov" />
+	<target host="findit.state.gov" />
+	<target host="foia.state.gov" />
+	<target host="www.foia.state.gov" />
+	<target host="fojems.state.gov" />
+	<target host="future.state.gov" />
+	<target host="gpoi.state.gov" />
+	<target host="gtipphotos.state.gov" />
+	<target host="www.gtipphotos.state.gov" />
+	<!--target host="hiu.state.gov" /-->
+	<target host="history.state.gov" />
+	<target host="*.history.state.gov" /><!--	STS header includes includeSubdomains -->
+	<target host="iiphighlights.state.gov" />
+	<target host="www.iiphighlights.state.gov" />
+	<target host="infocentral.state.gov" />
+	<target host="iocareers.state.gov" />
+	<!--target host="isn-bps-bwc.state.gov" /-->
+	<target host="j1visa.state.gov" />
+	<target host="j1visawaiverrecommendation.state.gov" />
+	<target host="j1visawaiverstatus.state.gov" />
+	<target host="www.j1visa.state.gov" />
+	<target host="leagueofgreenembassies.state.gov" />
+	<!--target host="www.managingforresults.state.gov" /-->
+	<target host="mepi.state.gov" />
+	<target host="mru2.state.gov" />
+	<target host="oig.state.gov" />
+	<target host="openinternet.state.gov" />
+	<target host="www.openinternet.state.gov" />
+	<target host="pabudget.state.gov" />
+	<target host="paclearances.state.gov" />
+	<target host="paie.state.gov" />
+	<target host="paitstaging.state.gov" />
+	<target host="pareviews.state.gov" />
+	<target host="paservices.state.gov" />
+	<target host="passports.state.gov" />
+	<target host="passportstatus.state.gov" />
+	<target host="photos.state.gov" />
+	<target host="www.pmddtc.state.gov" />
+	<target host="parisclubportal.state.gov" />
+	<target host="pptform.state.gov" />
+	<target host="pressguidance.state.gov" />
+	<target host="pressguidance2.state.gov" />
+	<target host="receptiontours.state.gov" />
+	<target host="register.state.gov" />
+	<target host="share.state.gov" />
+	<target host="speakerinvitation.state.gov" />
+	<target host="speakerkit.state.gov" />
+	<target host="speakerrequest.state.gov" />
+	<target host="sppd.state.gov" />
+	<target host="statebuy.state.gov" />
+	<target host="www.statebuy.state.gov" />
+	<target host="step.state.gov" />
+	<target host="studyabroad.state.gov" />
+	<target host="www.studyabroad.state.gov" />
+	<target host="timekat.state.gov" />
+	<target host="touchbase.state.gov" />
+	<!--target host="www.tradepromotion.state.gov" /-->
+	<target host="travel.state.gov" />
+	<target host="travelregistration.state.gov" />
+	<target host="uk.state.gov" />
+	<target host="usembassy.state.gov" />
+	<!--target host="usspaceobjectsregistry.state.gov" /-->
+	<target host="usvisas.state.gov" />
+	<!--target host="welcomecanada.state.gov" /-->
+	<target host="www.state.gov" />
+	<target host="yali.state.gov" />
+	<target host="ylai.state.gov" />
+	<target host="youngafricanleaders.state.gov" />
+	<target host="youngsoutheastasianleaders.state.gov" />
+
+		<!--	includeSubdomains applies to one level only, so:
+									-->
+		<exclusion pattern="^http://(?:[^./]+\.){2,}history\.state\.gov/" />
+
+			<!--	+ve:
+					-->
+			<test url="http://this.host.history.state.gov/" />
+			<test url="http://exists.not.history.state.gov/" />
+
+		<!--	$ shows blank page, so:
+						-->
+		<test url="http://passportstatus.state.gov/opss/OPSS_Status_ip.asp" />
+
+		<test url="http://photos.state.gov/libraries/nigeria/487468/images/twitter_icon_16x16.png" />
+
+		<!--	$ shows default page, so:
+							-->
+		<!--test url="http://apps.ssl.state.gov/50states/" /-->
 
+	<!--	Complications:
+				-->
 	<target host="state.gov" />
-	<target host="*.state.gov" />
+	<target host="www.adoption.state.gov" />
+	<!--target host="art.state.gov" /-->
+	<target host="campususa.state.gov" />
+	<target host="www.careers.state.gov" />
+	<target host="ghaznitowers.state.gov" />
+	<target host="www.infocentral.state.gov" />
+	<target host="www.oig.state.gov" />
+	<target host="www.passports.state.gov" />
+	<target host="pmddtc.state.gov" />
+	<target host="www.travel.state.gov" />
+	<target host="ttip.state.gov" />
+	<target host="www.usembassy.state.gov" />
+	<target host="www.usvisas.state.gov" />
+	<target host="www.yali.state.gov" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:americanspaces|eshop)?\.state\.gov$" name="^dancer\.session$" /-->
+	<!--securecookie host="^(?:art|fojems|pabudget|paclearances|paitstaging|pareviews|register|speakerinvitation|speakerrequest|step|timekat)\.state\.gov$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^(?:www\.)?careers\.state\.gov$" name="^wgSession$" /-->
+	<!--securecookie host="^(?:www\.conferences|diplomaticrooms|hiu|www\.statebuy|usspaceobjectsregistry|welcomecanada)\.state\.gov$" name="^BIGipServer" /-->
+	<!--securecookie host="^eforms\.state\.gov$" name="^(?:\.CerenadeES|ASP\.NET_SessionId)$" /-->
+	<!--securecookie host="^(?:evisaforms|passportstatus|j1visawaiverrecommendation|j1visawaiverstatus)\.state\.gov$" name="^ASPSESSID[A-Z]{8}$" /-->
+	<!--securecookie host="^fam\.state\.gov$" name="^__AntiXsrfToken$" /-->
+	<!--securecookie host="^findit\.state\.gov$" name="^(?:_session_id|request_method)$" /-->
+	<!--securecookie host="^\.infocentral\.state\.gov$" name="^infocentralsession$" /-->
+	<!--securecookie host="^(?:www\.)?j1visa\.state\.gov$" name="^(?:PHPSESSID|wfvt_\d+)$" /-->
+	<!--securecookie host="^pptform\.state\.gov$" name="^(?:ASP\.NET_SessionId|AspxAutoDetectCookieSupport)$" /-->
+	<!--securecookie host="^pressguidance2\.state\.gov$" name="^JSESSIONID$" /-->
+	<!--securecookie host="^(?:yali|youngsoutheastasianleaders)\.state\.gov$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\." name="^(?:__cfduid$|_gat?$|_gat_|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://(pmddtc\.)?state\.gov/"
+		to="https://www.$1state.gov/" />
+
+	<rule from="^http://www\.(adoption|careers|history|infocentral|oig|passports|travel|usembassy|usvisas|yali)\.state\.gov/"
+		to="https://$1.state.gov/" />
+
+	<!--rule from="^http://art\.state\.gov/"
+		to="https://aie1.artinembassies.com/" /-->
+
+	<rule from="^http://campususa\.state\.gov/"
+		to="https://educationusa.state.gov/" />
+
+	<!--	Redirect drops all:
+					-->
+	<rule from="^http://ghaznitowers\.state\.gov/.*"
+		to="https://eca.state.gov/files/bureau/ghazni-towers/index.html" />
+
+		<test url="http://ghaznitowers.state.gov/index.htm" />
 
+	<!--	Redirect drops forward slash
+		and path, but not args:
+					-->
+	<rule from="^http://ttip\.state\.gov/[^?]*"
+		to="https://useu.usmission.gov/ttip.html" />
 
-	<rule from="^https?://(?:www\.)?state\.gov/"
-		to="https://www.state.gov/" />
+		<test url="http://ttip.state.gov/index.htm" />
 
-	<rule from="^http://oig\.state\.gov/"
-		to="https://oig.state.gov/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/UT.ee.xml b/src/chrome/content/rules/UT.ee.xml
new file mode 100644
index 000000000000..ca1753c60182
--- /dev/null
+++ b/src/chrome/content/rules/UT.ee.xml
@@ -0,0 +1,173 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://anatoomikum.ut.ee/ => https://anatoomikum.ut.ee/: (51, "SSL: no alternative certificate subject name matches target host name 'anatoomikum.ut.ee'")
+Fetch error: http://www.anatoomikum.ut.ee/ => https://www.anatoomikum.ut.ee/: (51, "SSL: no alternative certificate subject name matches target host name 'www.anatoomikum.ut.ee'")
+Fetch error: http://botaanikaaed.ut.ee/ => https://botaanikaaed.ut.ee/: (51, "SSL: no alternative certificate subject name matches target host name 'botaanikaaed.ut.ee'")
+Fetch error: http://www.botaanikaaed.ut.ee/ => https://www.botaanikaaed.ut.ee/: (51, "SSL: no alternative certificate subject name matches target host name 'www.botaanikaaed.ut.ee'")
+Fetch error: http://cs.ut.ee/ => https://cs.ut.ee/: (51, "SSL: no alternative certificate subject name matches target host name 'www.endine.cs.ut.ee'")
+
+	Tartu Ülikooli
+
+
+	Nonfunctional hosts in *ut.ee:
+
+		- (www.)?ajakiri	Redirects to www.anatoomikum.ut.ee
+		- elurikkus		Shows iris.ut.ee
+		- ip		Shows siim.ut.ee
+		- (www.)?kunstimuuseum	Redirects to www.anatoomikum.ut.ee
+		- math		Shows default page
+		- www.math	Redirects to www.anatoomikum.ut.ee
+		- (www.)?loodusmuuseum	Shows default page
+		- (www.)?muuseum	Redirects to www.anatoomikum.ut.ee
+		- natarc	Shows blank page
+		- (www.)?natmuseum	Redirects to www.anatoomikum.ut.ee
+		- ois		Shows another domain
+		- securewww	Shows another domain
+		- social	Shows tall.ut.ee
+		- www.tuit	Redirects to www.anatoomikum.ut.ee
+		- virtualtour	Shows siim.ut.ee
+
+
+	Problematic hosts in *ut.ee:
+
+		- arvutiabi	Redirects to jaan.ut.ee
+		- comserv.cs	Server sends no certificate chain, see https://whatsmychaincert.com
+		- parool	Server sends no certificate chain, see https://whatsmychaincert.com
+		- www.sisu	Mismatched
+
+
+	Fully covered hosts in *ut.ee:
+
+		- (www.)?
+		- (www.)?acttea
+		- (www.)?anatoomikum
+		- auth
+		- (www.)?botaanikaaed
+
+		- (www.)?cs
+		- courses.cs
+		- intra.cs
+
+		- tall.it.da
+		- dok
+		- iris
+		- www.is
+		- jaan
+		- m
+		- mailhost
+		- moodle
+		- mysql
+		- owa
+		- passwd
+		- plutof.ut.ee
+		- siseveeb
+		- (www.)?sisu	(www → ^)
+		- (www.)?tahetorn
+		- tall
+		- (www.)?ttl
+		- unite
+		- (www.)?vilistlane
+		- wiki
+
+
+	These altnames don't exist:
+
+		- is.ut.ee
+		- www.moodle.ut.ee
+		- www.mysql.ut.ee
+		- www.siseveeb.ut.ee
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- auth.ut.ee
+		- comserv.cs.ut.ee
+		- courses.cs.ut.ee
+		- .intra.cs.ut.ee
+		- owa.ut.ee
+
+
+	Mixed content:
+
+		- css on www.anatoomikum, www.botaanikaaed, www.cs, www.tahetorn, www from fonts.googleapis.com *
+		- Images on www.anatoomikum, www.botaanikaaed.ut.ee, www from www.ut.ee *
+
+	* Secured by us
+
+-->
+<ruleset name="UT.ee (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ut.ee" />
+	<target host="acttea.ut.ee" />
+	<target host="www.acttea.ut.ee" />
+	<target host="anatoomikum.ut.ee" />
+	<target host="www.anatoomikum.ut.ee" />
+	<target host="auth.ut.ee" />
+	<target host="botaanikaaed.ut.ee" />
+	<target host="www.botaanikaaed.ut.ee" />
+
+	<target host="cs.ut.ee" />
+	<!--target host="comserv.cs.ut.ee" /-->
+	<target host="courses.cs.ut.ee" />
+	<target host="intra.cs.ut.ee" />
+	<target host="www.cs.ut.ee" />
+
+	<target host="dok.ut.ee" />
+	<target host="iris.ut.ee" />
+	<target host="www.is.ut.ee" />
+	<target host="tall.it.da.ut.ee" />
+	<target host="jaan.ut.ee" />
+	<target host="m.ut.ee" />
+	<target host="mailhost.ut.ee" />
+	<target host="moodle.ut.ee" />
+	<target host="mysql.ut.ee" />
+	<target host="owa.ut.ee" />
+	<!--target host="parool.ut.ee" /-->
+	<target host="passwd.ut.ee" />
+	<target host="plutof.ut.ee" />
+	<target host="siim.ut.ee" />
+	<target host="siseveeb.ut.ee" />
+	<target host="sisu.ut.ee" />
+	<target host="tahetorn.ut.ee" />
+	<target host="www.tahetorn.ut.ee" />
+	<target host="tall.ut.ee" />
+	<target host="ttl.ut.ee" />
+	<target host="www.ttl.ut.ee" />
+	<target host="unite.ut.ee" />
+	<target host="vilistlane.ut.ee" />
+	<target host="www.vilistlane.ut.ee" />
+	<target host="wiki.ut.ee" />
+	<target host="www.ut.ee" />
+
+	<!--	Complications:
+				-->
+	<target host="arvutiabi.ut.ee" />
+	<target host="www.sisu.ut.ee" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^auth\.cs\.ut\.ee$" name="^utmultiauth_source_ut-multi$" /-->
+	<!--securecookie host="^comserv\.cs\.ut\.ee$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^courses\.cs\.ut\.ee$" name="^COURSESSID$" /-->
+	<!--securecookie host="^\.intra\.cs\.ut\.ee$" name="^SESS[\da-f]{32}$" /-->
+	<!--securecookie host="^owa\.ut\.ee$" name="^ClientId$$" /-->
+
+	<securecookie host="^(?:auth|courses|owa)\.cs\.ut\.ee$" name=".+" />
+
+
+	<rule from="^http://arvutiabi\.ut\.ee/.*"
+		to="https://wiki.ut.ee/display/AA/Arvutiabi" />
+
+		<test url="http://arvutiabi.ut.ee//" />
+
+	<rule from="^http://www\.sisu\.ut\.ee/"
+		to="https://sisu.ut.ee/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/UTSanDiego.com.xml b/src/chrome/content/rules/UTSanDiego.com.xml
index 20a9dadc99e9..622790060a3f 100644
--- a/src/chrome/content/rules/UTSanDiego.com.xml
+++ b/src/chrome/content/rules/UTSanDiego.com.xml
@@ -1,4 +1,6 @@
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://iservice.uniontrib.com/ => https://iservice.uniontrib.com/: (28, 'Connection timed out after 10000 milliseconds')
 	Problematic domains:
 
 		- utsandiego.com	(cert only matches *.utsandiego.com)
@@ -11,7 +13,9 @@
 
 	<target host="iservice.uniontrib.com" />
 	<target host="utsandiego.com" />
-	<target host="*.utsandiego.com" />
+	<target host="www.utsandiego.com" />
+	<target host="dealmedia.utsandiego.com" />
+	<target host="media.utsandiego.com" />
 
 
 	<securecookie host="^iservice\.uniontrib\.com$" name=".+" />
@@ -20,10 +24,10 @@
 	<rule from="^http://iservice\.uniontrib\.com/"
 		to="https://iservice.uniontrib.com/" />
 
-	<rule from="^https?://(?:www\.)?utsandiego\.com/accounts"
+	<rule from="^http://(?:www\.)?utsandiego\.com/accounts"
 		to="https://www.utsandiego.com/accounts" />
 
 	<rule from="^http://(dealmedia|media)\.utsandiego\.com/"
 		to="https://$1.utsandiego.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/UT_Dallas.edu-problematic.xml b/src/chrome/content/rules/UT_Dallas.edu-problematic.xml
new file mode 100644
index 000000000000..a345c14d21b8
--- /dev/null
+++ b/src/chrome/content/rules/UT_Dallas.edu-problematic.xml
@@ -0,0 +1,19 @@
+<!--
+	For rules that are on by default, see University-of-Texas-at-Dallas.xml.
+
+
+	Problematic subdomains:
+
+		- catalog ¹
+		- honors ¹
+
+-->
+<ruleset name="UT Dallas.edu (problematic)" default_off="mismatched">
+
+	<target host="catalog.utdallas.edu" />
+	<target host="honors.utdallas.edu" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/UTwente.nl.xml b/src/chrome/content/rules/UTwente.nl.xml
index 980266b51e3f..4a88d624cd01 100644
--- a/src/chrome/content/rules/UTwente.nl.xml
+++ b/src/chrome/content/rules/UTwente.nl.xml
@@ -54,7 +54,7 @@
 	<securecookie host="^xs\.utwente\.nl$" name=".+" />
 
 
-	<rule from="^http://((?:webhare(?:\.civ)?|www)\.)?utwente\.nl/"
+	<rule from="^http://((?:webhare(?:\.civ)?|www|www\.abacus)\.)?utwente\.nl/"
 		to="https://$1utwente.nl/" />
 
 	<!--	Server drops path:
diff --git a/src/chrome/content/rules/UU.nl.xml b/src/chrome/content/rules/UU.nl.xml
index 021ba3c08ee9..1600193db87c 100644
--- a/src/chrome/content/rules/UU.nl.xml
+++ b/src/chrome/content/rules/UU.nl.xml
@@ -5,8 +5,17 @@
 	Nonfunctional subdomains:
 
 		- (www.)		(dropped)
+
+		- cs subdomains:
+
+			- legacy ²
+			- people ²
+			- www ²
+
 		- www.fisme.science	(404)
 
+	² Shows wwwsec.cs; mismatched, CN: wwwsec.cs.uu.nl
+
 
 	Problematic subdomains:
 
@@ -24,6 +33,7 @@
 	Fully covered subdomains:
 
 		- caracal
+		- wwwsec.cs
 
 		- science subdomains:
 
@@ -45,6 +55,11 @@
 			- www
 
 
+	These altnames don't exist:
+
+		- wwws.cs.uu.nl
+
+
 	Observed cookie domains:
 
 		- caracal
@@ -79,16 +94,32 @@
 -->
 <ruleset name="UU.nl (partial)">
 
-	<target host="*.uu.nl" />
+	<target host="caracal.uu.nl" />
+	<target host="wwwsec.cs.uu.nl" />
+	<target host="4thfloor.science.uu.nl" />
+	<target host="babaji.science.uu.nl" />
+	<target host="betaplanner.science.uu.nl" />
+	<target host="betaplannerstage.science.uu.nl" />
+	<target host="caracal.science.uu.nl" />
+	<target host="caracalstage.science.uu.nl" />
+	<target host="fa203.science.uu.nl" />
+	<target host="www.projects.science.uu.nl" />
+	<target host="testweb.science.uu.nl" />
+	<target host="upper.science.uu.nl" />
+	<target host="uppersurvey.science.uu.nl" />
+	<target host="webfarm.science.uu.nl" />
+	<target host="webstats.science.uu.nl" />
+	<target host="web.science.uu.nl" />
+	<target host="webstage.science.uu.nl" />
+	<target host="www.science.uu.nl" />
 
 
 	<securecookie host="^(?:caracal|(?:4thfloor|betaplanner|betaplannerstage|caracal|caracalstage|www\.projects|uppersurvey|webfarm)\.science)\.uu\.nl$" name=".+" />
 
 
-	<rule from="^http://(caracal|(?:4thfloor|babaji|betaplanner|betaplannerstage|caracal|caracalstage|fa203|www\.projects|testweb|upper|uppersurvey|webfarm|webstats)\.science)\.uu\.nl/"
-		to="https://$1.uu.nl/" />
 
 	<rule from="^http://w(?:eb|ebstage|ww)\.science\.uu\.nl/"
 		to="https://www.science.uu.nl/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/UU.se.xml b/src/chrome/content/rules/UU.se.xml
index 70495dd2b986..d8c1b3ccaa74 100644
--- a/src/chrome/content/rules/UU.se.xml
+++ b/src/chrome/content/rules/UU.se.xml
@@ -1,43 +1,99 @@
-<!-- Uppsala university -->
-<!-- Not all subdomains suports ssl, here are those that does -->
-<ruleset name="UU.se" platform="mixedcontent">
-	<target host="boxer.bmc.uu.se" />
-	<target host="it.bmc.uu.se" />
-	<target host="www.uu.se" />
-	<target host="helpdesk.uu.se" />
-	<target host="dropbox.uu.se" />
-	<target host="filer.anst.uu.se" />
-	<target host="www.anst.uu.se" />
-	<target host="filer.student.uu.se" />
-	<target host="home.student.uu.se" />
-	<target host="mail.teknik.uu.se" />
-	<target host="tor.uadm.uu.se" />
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://filer.anst.uu.se/ => https://filer.anst.uu.se/: (6, 'Could not resolve host: filer.anst.uu.se')
+Fetch error: http://www-hotel.uu.se/ => https://www-hotel.uu.se/: (6, 'Could not resolve host: www-hotel.uu.se')
+
+	Uppsala university
+
+
+	Nonfunctional subdomains:
+
+		- www.astro ⁴
+		- xray.bmc *
+		- www.botan ³⁵
+		- www.hammerby ³⁵
+		- it ³
+		- user.it ¹
+		- kalendarium ³
+		- www.kalendarium ³
+		- www.linnaeus ³⁵
+		- www.listserv ³
+		- math ³
+		- webmail.math ⁶
+		- www.math ³
+		- www2.math ³⁶
+		- www.physics ³
+		- static ³
+		- www.uaf ²
+		- www.uuinnovation ³
+
+	¹ Dropped
+	* Plaintext reply
+	² Handshake fails
+	³ Mismatched
+	⁴ No local issuer cert provided
+	⁵ Redirects to other domain
+	⁶ Expired
+
+	Other domains not covered:
+
+		- boxer.bmc ¹
+		- filer.student ¹
+
+	¹ Does not respond on port 80 (but does on 443)
+
+
+	Fully covered subdomains:
+
+		- ^
+		- www
+		- filer.anst
+		- dropbox
+		- www.it
+		- katalog
+		- lists
+		- mail
+		- uadm
+		- www.uppmax
+		- webmail
+		- www-hotel
+
+
+	Insecure cookies are set for these domains:
+
+		- www.it
+
+-->
+<ruleset name="UU.se" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
 	<target host="uu.se" />
-	<target host="webmail.uu.se" />
-	<target host="www-hotel.uu.se" />
+	<target host="filer.anst.uu.se" />
+	<target host="dropbox.uu.se" />
 	<target host="www.it.uu.se" />
-	<target host="www.listserv.uu.se" />
-	<target host="www.uaf.uu.se" />
+	<target host="katalog.uu.se" />
+	<target host="lists.uu.se" />
+	<target host="mail.uu.se" />
+	<target host="uadm.uu.se" />
 	<target host="www.uppmax.uu.se" />
-	<target host="www.uuinnovation.uu.se" />
-	<rule from="^http://uu\.se/" to="https://www.uu.se/"/>
-	<rule from="^http://www\.uu\.se/" to="https://www.uu.se/"/>
-	<rule from="^http://www-hotel\.uu\.se/" to="https://www-hotel.uu.se/"/>
-	<rule from="^http://webmail\.uu\.se/" to="https://webmail.uu.se/"/>
-	<rule from="^http://helpdesk\.uu\.se/" to="https://helpdesk.uu.se/"/>
-	<rule from="^http://dropbox\.uu\.se/" to="https://dropbox.uu.se/"/>
-	<rule from="^http://boxer\.bmc\.uu\.se/" to="https://boxer.bmc.uu.se/"/>
-	<rule from="^http://it\.bmc\.uu\.se/" to="https://it.bmc.uu.se/"/>
-	<rule from="^http://filer\.anst\.uu\.se/" to="https://filer.anst.uu.se/"/>
-	<rule from="^http://www\.anst\.uu\.se/" to="https://www.anst.uu.se/"/>
-	<rule from="^http://www\.it\.uu\.se/" to="https://www.it.uu.se/"/>
-	<rule from="^http://www\.listserv\.uu\.se/" to="https://www.listserv.uu.se/"/>
-	<rule from="^http://www\.uaf\.uu\.se/" to="https://www.uaf.uu.se/"/>
-	<rule from="^http://www\.uppmax\.uu\.se/" to="https://www.uppmax.uu.se/"/>
-	<rule from="^http://www\.uuinnovation\.uu\.se/" to="https://www.uuinnovation.uu.se/"/>
-	<rule from="^http://filer\.student\.uu\.se/" to="https://filer.student.uu.se/"/>
-	<rule from="^http://home\.student\.uu\.se/" to="https://home.student.uu.se/"/>
-	<rule from="^http://mail\.teknik\.uu\.se/" to="https://mail.teknik.uu.se/"/>
-	<rule from="^http://tor\.uadm\.uu\.se/" to="https://tor.uadm.uu.se/"/>
-</ruleset>
+	<target host="webmail.uu.se" />
+	<target host="www.uu.se" />
+	<target host="www-hotel.uu.se" />
+
+	<!--	Complications:
+				-->
+	<target host="it.uu.se" />
+
+
+	<securecookie host="^www\.it\.uu\.se$" name=".+" />
 
+
+	<rule from="^http://it\.uu\.se/"
+		to="https://www.it.uu.se/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/UVM.edu.xml b/src/chrome/content/rules/UVM.edu.xml
new file mode 100644
index 000000000000..bac8f6e23eb9
--- /dev/null
+++ b/src/chrome/content/rules/UVM.edu.xml
@@ -0,0 +1,60 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://alumni.uvm.edu/ => https://alumni.uvm.edu/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://login.ezproxy.uvm.edu/ => https://login.ezproxy.uvm.edu/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	University of Vermont
+
+
+	Nonfunctional hosts in *uvm.edu:
+
+		- catalogue ¹
+		- cdi ¹
+		- sfx ¹
+
+	¹ Refused
+
+
+	Problematic hosts in *uvm.edu:
+
+		- researchguide *
+		- scholarworks *
+
+	* Mismatched
+
+
+	Mixed content:
+
+		- Images on library, scholarworks from $self
+
+-->
+<ruleset name="UVM.edu (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="uvm.edu" />
+	<target host="alumni.uvm.edu" />
+	<target host="cas.uvm.edu" />
+	<target host="login.ezproxy.uvm.edu" />
+	<target host="learn.uvm.edu" />
+	<target host="library.uvm.edu" />
+	<target host="myuvm.uvm.edu" />
+	<target host="primo.uvm.edu" />
+	<target host="webauth.uvm.edu" />
+	<target host="www.uvm.edu" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.uvm\.edu$" name="^fos\.web\.server$" /-->
+	<!--securecookie host="^myuvm\.uvm\.edu$" name="^(JSESSIONID|LP_TARGET_URL)$" /-->
+
+	<securecookie host="^\." name="^_gat?$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/UVic.ca.xml b/src/chrome/content/rules/UVic.ca.xml
index d9a53760f15d..a4845723b996 100644
--- a/src/chrome/content/rules/UVic.ca.xml
+++ b/src/chrome/content/rules/UVic.ca.xml
@@ -13,7 +13,9 @@
 <ruleset name="UVic.ca (partial)">
 
 	<target host="uvic.ca" />
-	<target host="*.uvic.ca" />
+	<target host="www.uvic.ca" />
+	<target host="ece.uvic.ca" />
+	<target host="www.ece.uvic.ca" />
 		<!--exclusion pattern="^http://(www\.)?ece\.uvic\.ca/(?!~)" /-->
 
 
diff --git a/src/chrome/content/rules/UW.edu.xml b/src/chrome/content/rules/UW.edu.xml
new file mode 100644
index 000000000000..fddfebee557d
--- /dev/null
+++ b/src/chrome/content/rules/UW.edu.xml
@@ -0,0 +1,109 @@
+<!--
+	For other University of Washington coverage, see University-of-Washington.xml.
+
+	For problematic rules, see University-of-Washington-self-signed.xml.
+
+
+	Nonfunctional hosts in *uw.edu:
+
+		- gmail ʰ
+		- www.health-informatics ᵈ
+		- hsl		Redirects to weblogin.washington.edu
+		- www.ielp ʳ
+		- www.osher ʳ
+		- www.summer-camp ᵈ
+
+	ʰ Handshake fails
+	ᵈ Dropped
+	ʳ Refused
+
+
+	Problematic hosts in *uw.edu:
+
+		- www.eveningdegreecompletion ᵐ
+		- expd ᵐ
+		- www.healthinformationmanagement ᵐ
+		- honors ᵖ
+		- www.ischool ᵐ
+		- guides.lib ᵐ
+		- www.pce ᵐ
+		- tacoma ᵐ
+
+	ᵐ Mismatched
+	ᵖ Shows default page
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- (www.)?grad from depts.washington.edu *
+			- www.pce from www.washington.edu *
+
+		- Bug on www.pce from \d+.fls.doubleclick.net
+
+	* Secured by us
+
+-->
+<ruleset name="UW.edu (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="uw.edu" />
+	<target host="aa.uw.edu" />
+	<target host="www.aa.uw.edu" />
+	<target host="blogs.uw.edu" />
+	<target host="canvas.uw.edu" />
+	<target host="apps.canvas.uw.edu" />
+	<target host="dental.uw.edu" />
+	<target host="www.dental.uw.edu" />
+	<target host="engr.uw.edu" />
+	<target host="www.engr.uw.edu" />
+	<target host="grad.uw.edu" />
+	<target host="apps.grad.uw.edu" />
+	<target host="www.grad.uw.edu" />
+	<target host="ischool.uw.edu" />
+	<target host="www.ischool.uw.edu" />
+	<target host="www.law.uw.edu" />
+	<target host="m.uw.edu" />
+	<target host="mdot.uw.edu" />
+	<target host="mobile.uw.edu" />
+	<target host="my.uw.edu" />
+	<target host="myuw.uw.edu" />
+	<target host="pce.uw.edu" />
+	<target host="sdb.admin.uw.edu" />
+	<target host="spacescout.uw.edu" />
+	<target host="www.tacoma.uw.edu" />
+	<target host="www.uw.edu" />
+
+	<!--	Complications:
+				-->
+	<target host="honors.uw.edu" />
+	<target host="tacoma.uw.edu" />
+
+
+	<securecookie host="^\." name="^_gat$" />
+	<securecookie host="^\w" name=".+" />
+	<securecookie host="^\.tacoma\.uw\.edu$" name=".+" />
+
+
+	<!--	Redirect keeps path and args,
+		but not forward slash:
+					-->
+	<rule from="^http://honors\.uw\.edu/+"
+		to="https://depts.washington.edu/uwhonors/" />
+
+		<test url="http://honors.uw.edu//home.aspx" />
+
+	<rule from="^http://tacoma\.uw\.edu/"
+		to="https://www.tacoma.uw.edu/" />
+
+
+	<rule from="^http://www\.ischool\.uw\.edu/"
+		  to="https://ischool.uw.edu/" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/UWB.edu.xml b/src/chrome/content/rules/UWB.edu.xml
new file mode 100644
index 000000000000..b289a82eebae
--- /dev/null
+++ b/src/chrome/content/rules/UWB.edu.xml
@@ -0,0 +1,59 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://library.uwb.edu/ => https://library.uwb.edu/: (51, "SSL: no alternative certificate subject name matches target host name 'library.uwb.edu'")
+
+	University of Washington Bothell
+
+	For other University of Washington coverage, see University-of-Washington.xml.
+
+
+	Nonfunctional hosts in *uwb.edu:
+
+		- research *
+
+	* Shows default page
+
+
+	Problematic hosts in *uwb.edu:
+
+		- ^ ᵈ
+		- guides.lib ᵐ
+
+	ᵈ Dropped
+	ᵐ Mismatched
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- library from $self *
+			- library from lib.washington.edu *
+			- library from www.lib.washington.edu *
+
+	* Secured by us
+
+-->
+<ruleset name="UWB.edu (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="library.uwb.edu" />
+	<target host="www.uwb.edu" />
+
+	<!--	Complications:
+				-->
+	<target host="uwb.edu" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://uwb\.edu/"
+		to="https://www.uwb.edu/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/UWinnipeg.ca.xml b/src/chrome/content/rules/UWinnipeg.ca.xml
new file mode 100644
index 000000000000..d88b772ec92b
--- /dev/null
+++ b/src/chrome/content/rules/UWinnipeg.ca.xml
@@ -0,0 +1,38 @@
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://uwinnipeg.ca/ => https://uwinnipeg.ca/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+	Nonfunctional subdomains:
+
+		- collegiate
+		- cpan
+		- news-centre
+
+
+	Partially covered subdomains:
+
+		- indigenous	(→ www)
+
+
+	Fully covered subdomains:
+
+		- (www.)
+		- ctlt-resources
+		- ion
+		- nexus
+		- webadv
+		- ww2
+
+-->
+<ruleset name="UWinnipeg.ca (partial)">
+
+	<target host="uwinnipeg.ca" />
+	<target host="*.uwinnipeg.ca" />
+
+
+	<rule from="^http://((?:ctlt-resources|ion|nexus|webadv|ww2|www)\.)?uwinnipeg\.ca/"
+		to="https://$1uwinnipeg.ca/" />
+
+	<rule from="^http://indigenous\.uwinnipeg\.ca/+(?:\?.*)?$"
+		to="https://www.uwinnipeg.ca/index/indigenous-programs-services" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/UX-App.com.xml b/src/chrome/content/rules/UX-App.com.xml
new file mode 100644
index 000000000000..426654614c87
--- /dev/null
+++ b/src/chrome/content/rules/UX-App.com.xml
@@ -0,0 +1,10 @@
+<!--
+	Invalid Certificate:
+		docs.ux-app.com
+-->
+<ruleset name="UX-App.com">
+	<target host="ux-app.com" />
+	<target host="www.ux-app.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/U_Mag.ca.xml b/src/chrome/content/rules/U_Mag.ca.xml
index 42077349b9c8..fe01b18b7b95 100644
--- a/src/chrome/content/rules/U_Mag.ca.xml
+++ b/src/chrome/content/rules/U_Mag.ca.xml
@@ -1,32 +1,32 @@
-<!--
-	For other University of Calgary coverage, see UCalgary.ca.xml.
-
-
-	CN: *.ucalgary.ca
-
 
-	Mixed content:
-
-		- css, on ^ from:
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://umag.ca// => https://www.ucalgarymag.ca/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.umag.ca// => https://www.ucalgarymag.ca/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://umag.ca/ => https://www.ucalgarymag.ca/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.umag.ca/ => https://www.ucalgarymag.ca/: (60, 'SSL certificate problem: certificate has expired')
 
-			- people.ucalgary.ca *
-			- static.ucalgary.ca *
+	For other University of Calgary coverage, see UCalgary.ca.xml.
 
-		- Images on ^ from ^ *
 
-	* Secured by us
+	(www.)?umag.ca: 404
 
 -->
-<ruleset name="U Mag.ca (false MCB)" default_off="mismatched" platform="mixedcontent">
+<ruleset name="U Mag.ca" default_off="failed ruleset test">
 
+	<!--	Complications:
+				-->
 	<target host="umag.ca" />
-	<target host="*.umag.ca" />
-
+	<target host="www.umag.ca" />
 
-	<securecookie host="^\.?umag\.ca$" name=".+" />
 
+	<!--	Redirect drops path and forward
+		slash, but not args:
+					-->
+	<rule from="^http://(?:www\.)?umag\.ca/[^?]*"
+		to="https://www.ucalgarymag.ca/" />
 
-	<rule from="^http://(?:www\.)?umag\.ca/"
-		to="https://umag.ca/" />
+		<test url="http://umag.ca//" />
+		<test url="http://www.umag.ca//" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Ua-hosting.com.ua.xml b/src/chrome/content/rules/Ua-hosting.com.ua.xml
new file mode 100644
index 000000000000..f9dc540d1587
--- /dev/null
+++ b/src/chrome/content/rules/Ua-hosting.com.ua.xml
@@ -0,0 +1,29 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ua-hosting.com.ua/ => https://ua-hosting.com.ua/: (51, "SSL: no alternative certificate subject name matches target host name 'ua-hosting.com.ua'")
+Fetch error: http://www.ua-hosting.com.ua/ => https://ua-hosting.com.ua/: (51, "SSL: no alternative certificate subject name matches target host name 'ua-hosting.com.ua'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://ua-hosting.com.ua/ => https://ua-hosting.com.ua/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.ua-hosting.com.ua/ => https://ua-hosting.com.ua/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+	www: cert only matches ^ua-hosting.com.ua
+
+-->
+<ruleset name="ua-hosting.com.ua" default_off="failed ruleset test">
+
+	<target host="ua-hosting.com.ua" />
+	<target host="www.ua-hosting.com.ua" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^ua-hosting\.com\.ua$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^ua-hosting\.com\.ua$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?ua-hosting\.com\.ua/"
+		to="https://ua-hosting.com.ua/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Uakron.edu.xml b/src/chrome/content/rules/Uakron.edu.xml
new file mode 100644
index 000000000000..aeac7a6c134c
--- /dev/null
+++ b/src/chrome/content/rules/Uakron.edu.xml
@@ -0,0 +1,35 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+			 - ece.uakron.edu
+			 - eohs.uakron.edu
+			 - www.lawalum.uakron.edu
+			 - lawclerk.uakron.edu
+			 - wiep.uakron.edu
+
+		Incomplete certificate chain error:
+			 - lists.uakron.edu
+
+		5xx server error:
+			 - ztv.uakron.edu
+
+		Different content:
+			 - lawscout.uakron.edu
+-->
+<ruleset name="Uakron.edu (partial)">
+	<target host="uakron.edu" />
+	<target host="auth.uakron.edu" />
+	<target host="blogs.uakron.edu" />
+	<target host="id.uakron.edu" />
+	<target host="library.uakron.edu" />
+	<target host="maps.uakron.edu" />
+	<target host="my.uakron.edu" />
+	<target host="springboard.uakron.edu" />
+	<target host="support.uakron.edu" />
+	<target host="supportchat.uakron.edu" />
+	<target host="wayne.uakron.edu" />
+	<target host="www.uakron.edu" />
+	<target host="zipline.uakron.edu" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ual.es.xml b/src/chrome/content/rules/Ual.es.xml
new file mode 100644
index 000000000000..1cc6d1908afe
--- /dev/null
+++ b/src/chrome/content/rules/Ual.es.xml
@@ -0,0 +1,113 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://blade20.ual.es/ => https://blade20.ual.es/: (60, 'SSL certificate problem: self signed certificate')
+Fetch error: http://blade22.ual.es/ => https://blade22.ual.es/: (60, 'SSL certificate problem: self signed certificate')
+Fetch error: http://idpdesa.ual.es/ => https://idpdesa.ual.es/: (7, 'Failed to connect to idpdesa.ual.es port 443: No route to host')
+Fetch error: http://webmail.ual.es/ => https://webmail.ual.es/: (6, 'Could not resolve host: webmail.ual.es')
+Fetch error: http://www2.ual.es/ => https://www2.ual.es/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	Ruleset for ual.es, the University of Almería website.
+	See <https://en.wikipedia.org/wiki/University_of_Almer%C3%ADa>.
+
+	Not supporting HTTPS or using an invalid certificate:
+
+		* ual.es
+
+		* acacia.ual.es
+		* acg.ual.es
+		* acuario.ual.es
+		* aer.ual.es
+		* ae.ual.es
+		* airy.ual.es
+		* almirez.ual.es
+		* antivirus.ual.es
+		* automatricula.ual.es
+		* award.ual.es
+		* bdlsi.ual.es
+		* blackb1.ual.es
+		* blackb2.ual.es
+		* blade14.ual.es
+		* blade28ofmdes.ual.es
+		* blade30.ual.es
+		* blade31.ual.es
+		* blade40adm.ual.es
+		* blade41adm.ual.es
+		* blade73oas.ual.es
+		* bscw.ual.es
+		* catibero.ual.es
+		* cau.ual.es
+		* centrofcontinua.ual.es
+		* cms.ual.es
+		* cna-atc.ual.es
+		* cpccloud.ual.es
+		* dali.hpca.ual.es
+		* desaveal2.ual.es
+		* dns.ual.es
+		* dpdware.ual.es
+		* educa30.ual.es
+		* elvira.ual.es
+		* encuestas.ual.es
+		* evaconnect.ual.es
+		* eva.ual.es
+		* fcontinua.ual.es
+		* formacion.ual.es
+		* ftp.ual.es
+		* funmediterranea.ual.es
+		* ginebra.ual.es
+		* grsocial.ual.es
+		* icarodes.ual.es
+		* inalambrica.ual.es
+		* indalog.ual.es
+		* ingmec.ual.es
+		* irc.ual.es
+		* lbsso.ual.es
+		* levante.ual.es
+		* lms.ual.es
+		* masteracsi.ual.es
+		* mct.ual.es
+		* merlin.ual.es
+		* milocutorio.ual.es
+		* mindfulness.ual.es
+		* news.ual.es
+		* phoenix.ual.es
+		* sauce.ual.es
+		* sorad.ual.es
+		* ualcloud.ual.es
+		* visoracg.ual.es
+		* wifi.ual.es
+		* www.fundacionmediterranea.ual.es
+		* www.hpca.ual.es
+		* www.ieei.ual.es
+		* www.indirural.ual.es
+-->
+<ruleset name="Universidad de Almería" default_off="failed ruleset test">
+
+	<target host="alfresco.ual.es" />
+	<target host="b32cronos.ual.es" />
+	<target host="blade19.ual.es" />
+	<target host="blade20.ual.es" />
+	<target host="blade22.ual.es" />
+	<target host="blade23.ual.es" />
+	<target host="blade24.ual.es" />
+	<target host="citaprevia.ual.es" />
+	<target host="clenguas.ual.es" />
+	<target host="cvirtual.ual.es" />
+	<target host="icaro3.ual.es" />
+	<target host="icaro.ual.es" />
+	<target host="idpdesa.ual.es" />
+	<target host="idp.ual.es" />
+	<target host="nevada.ual.es" />
+	<target host="portafirma.ual.es" />
+	<target host="portal.ual.es" />
+	<target host="sp.ual.es" />
+	<target host="ualacademico.ual.es" />
+	<target host="vpn.ual.es" />
+	<target host="webmail.ual.es" />
+	<target host="www2.ual.es" />
+	<target host="www.ual.es" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/UbNt.com.xml b/src/chrome/content/rules/UbNt.com.xml
new file mode 100644
index 000000000000..200cf88775b0
--- /dev/null
+++ b/src/chrome/content/rules/UbNt.com.xml
@@ -0,0 +1,59 @@
+<!--
+	Other Ubiquiti Networks rulesets:
+
+		- Go_Ubiquiti.com.xml
+
+
+	Nonfunctional hosts in *ubnt.com:
+
+		- ir *
+
+	* Dropped
+
+
+	Fully covered hosts in *ubnt.com:
+
+		- (www.)?
+		- account
+		- community
+		- dl
+		- downloads
+		- store
+		- support
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .ubnt.com
+		- community.ubnt.com
+		- .store.ubnt.com
+
+-->
+<ruleset name="UbNt.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ubnt.com" />
+	<target host="account.ubnt.com" />
+	<target host="community.ubnt.com" />
+	<target host="dl.ubnt.com" />
+	<target host="downloads.ubnt.com" />
+	<target host="store.ubnt.com" />
+	<target host="support.ubnt.com" />
+	<target host="www.ubnt.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.ubnt\.com$" name="^VISITORID$" /-->
+	<!--securecookie host="^community\.ubnt\.com$" name="(LithiumUserInfo|LithiumUserSecure|LithiumVisitor)" /-->
+	<!--securecookie host="^\.store\.ubnt\.com$" name="^frontend$" /-->
+
+	<securecookie host="^\.ubnt\.com$" name="^VISITORID$" />
+	<securecookie host="^(?:community|\.store)\.ubnt\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/UberEnt.com.xml b/src/chrome/content/rules/UberEnt.com.xml
new file mode 100644
index 000000000000..00c155758938
--- /dev/null
+++ b/src/chrome/content/rules/UberEnt.com.xml
@@ -0,0 +1,20 @@
+<!--
+	www: dropped
+
+-->
+<ruleset name="UberEnt.com (partial)">
+
+	<target host="uberent.com" />
+	<target host="forums.uberent.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^forums\.uberent\.com$" name="^xf_session$" /-->
+
+	<securecookie host="^forums\.uberent\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/UberMedia.com.xml b/src/chrome/content/rules/UberMedia.com.xml
new file mode 100644
index 000000000000..db1657c4e8d7
--- /dev/null
+++ b/src/chrome/content/rules/UberMedia.com.xml
@@ -0,0 +1,18 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ubermedia.com/ => https://ubermedia.com/: (7, 'Failed to connect to ubermedia.com port 443: Connection refused')
+Fetch error: http://www.ubermedia.com/ => https://www.ubermedia.com/: (7, 'Failed to connect to www.ubermedia.com port 443: Connection refused')
+
+-->
+<ruleset name="UberMedia.com" default_off="failed ruleset test">
+
+	<target host="ubermedia.com" />
+	<target host="www.ubermedia.com" />
+	<target host="uberads.com" />
+	<target host="www.uberads.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/UberTags-mismatches.xml b/src/chrome/content/rules/UberTags-mismatches.xml
deleted file mode 100644
index 191a3b876994..000000000000
--- a/src/chrome/content/rules/UberTags-mismatches.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<ruleset name="UberTags (mismatches)" default_off="mismatch">
-
-	<target host="usertags.jeremybieger.com"/>
-	<target host="www.usertags.jeremybieger.com"/>
-	<target host="usertags.com"/>
-	<target host="cdn.usertags.com"/>
-	<target host="www.usertags.com"/>
-
-	<!--	cert: *.hostmonster.com
-		retrieving index.php like so triggers recursive redirection.	-->
-	<rule from="^http://(?:www\.)?usertags(?:\.jeremybieger)\.com/(images|wp-content)/"
-		to="https://ubertags.jeremybieger.com/~jeremybi/ubertags/$1/"/>
-
-	<!--	cert: cdn.volunteer2.com, shows that domain's 404 page	-->
-	<rule from="^http://cdn\.usertags\.com/"
-		to="https://ubertags.jeremybieger.com/~jeremybi/ubertags/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/UberTags.xml b/src/chrome/content/rules/UberTags.xml
deleted file mode 100644
index 24858174672f..000000000000
--- a/src/chrome/content/rules/UberTags.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<!--	See UberTags-mismatches for problematic rules.
--->
-<ruleset name="UberTags (partial)">
-
-	<target host="app.ubertags.com"/>
-	<target host="console.ubertags.com"/>
-
-	<securecookie host="^console\.ubertags\.com$" name=".*"/>
-
-	<rule from="^http://(\w+)\.ubertags\.com/"
-		to="https://$1.ubertags.com/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Uber_Technologies.xml b/src/chrome/content/rules/Uber_Technologies.xml
index 8df8b528a65b..2b5e5c6640e5 100644
--- a/src/chrome/content/rules/Uber_Technologies.xml
+++ b/src/chrome/content/rules/Uber_Technologies.xml
@@ -1,16 +1,63 @@
 <!--
-	Problematic subdomains:
+	Uber Technologies
 
-		- blog		(works; mismatched, CN: *.gridserver.com)
+
+	CDN buckets:
+
+		- d1a3f4spazzrp4.cloudfront.net
+		- 2q72xc49mze8bkcog2f01nlh-wpengine.netdna-ssl.com
+
+
+	Problematic hosts in *uber.com:
+
+		- blog ᵉ
+
+	ᵉ Expired
+
+
+	Insecure cookies are set for these hosts:
+
+		- newsroom.uber.com
+		- transparencyreport.uber.com
 
 -->
-<ruleset name="Uber Technologies (partial)">
+<ruleset name="Uber.com">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="uber.com" />
-	<target host="*.uber.com" />
+	<target host="clients.uber.com" />
+	<target host="developer.uber.com" />
+	<target host="get.uber.com" />
+	<target host="help.uber.com" />
+	<target host="login.uber.com" />
+	<target host="newsroom.uber.com" />
+	<target host="riders.uber.com" />
+	<target host="transparencyreport.uber.com" />
+	<target host="www.uber.com" />
+
+	<!--	Complications:
+				-->
+	<target host="blog.uber.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:newsroom|transparencyreport)\.uber\.com$" name="^X-Mapping-" /-->
+
+	<securecookie host="^\." name="^__qca$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<!--	Redirect keeps path and args,
+		but not forward slash:
+					-->
+	<rule from="^http://blog\.uber\.com/+"
+		to="https://newsroom.uber.com/" />
 
+		<test url="http://blog.uber.com/page/2/" />
 
-	<rule from="^http://(clients\.|www\.)?uber\.com/"
-		to="https://$1uber.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Uberspace.xml b/src/chrome/content/rules/Uberspace.xml
index 58526521e978..fdfc79f9e9fc 100644
--- a/src/chrome/content/rules/Uberspace.xml
+++ b/src/chrome/content/rules/Uberspace.xml
@@ -14,6 +14,8 @@
 		- *.cetus *
 		- helium	(→ ^)
 		- *.helium *
+		- menkar
+		- *.menkar *
 
 	* Client subdomains
 
@@ -30,7 +32,7 @@
 	<rule from="^http://(?:helium\.|www\.)?uberspace\.de/"
 		to="https://uberspace.de/" />
 
-	<rule from="^http://((?:[\w-]+\.)?(?:arie|cetu)s|[\w-]+\.helium)\.uberspace\.de/"
+	<rule from="^http://((?:[\w-]+\.)?(?:aries|cetus|menkar)|[\w-]+\.helium)\.uberspace\.de/"
 		to="https://$1.uberspace.de/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Ubertt.org.xml b/src/chrome/content/rules/Ubertt.org.xml
deleted file mode 100644
index 5da1ebac817f..000000000000
--- a/src/chrome/content/rules/Ubertt.org.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!-- This rule was automatically generated based on an HSTS
-     preload rule in the Chromium browser.  See 
-     https://src.chromium.org/viewvc/chrome/trunk/src/net/base/transport_security_state.cc
-     for the list of preloads.  Sites are added to the Chromium HSTS
-     preload list on request from their administrators, so HTTPS should
-     work properly everywhere on this site.
- 
-     Because Chromium and derived browsers automatically force HTTPS for
-     every access to this site, this rule applies only to Firefox. -->
-<ruleset name="Ubertt.org" platform="firefox">
-  <target host="ubertt.org" />
-  <target host="www.ubertt.org" />
-
-  <securecookie host="^ubertt\.org$" name=".+" />
-
-  <rule from="^http://(www\.)?ubertt\.org/" to="https://ubertt.org/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Ubian.sk.xml b/src/chrome/content/rules/Ubian.sk.xml
new file mode 100644
index 000000000000..11c141857dbc
--- /dev/null
+++ b/src/chrome/content/rules/Ubian.sk.xml
@@ -0,0 +1,9 @@
+<ruleset name="Ubian.sk">
+	<target host="ubian.sk" />
+	<target host="www.ubian.sk" />
+	<target host="dopravnakarta.sk" />
+	<target host="www.dopravnakarta.sk" />
+	<target host="eshop.dopravnakarta.sk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ubisoft-Entertainment.xml b/src/chrome/content/rules/Ubisoft-Entertainment.xml
index d1aec1e1f08d..602f002faabd 100644
--- a/src/chrome/content/rules/Ubisoft-Entertainment.xml
+++ b/src/chrome/content/rules/Ubisoft-Entertainment.xml
@@ -1,102 +1,62 @@
 <!--
-	For rules causing false mixed content blocking, see Ubisoft_Entertainment-falsemixed.xml.
-
-	For other Ubisoft Group coverage, see Ubisoft_Group.com.xml.
-
-
-	CDN buckets:
-
-		- Possible bucket at s3.amazonaws.com/ubi/
-
-		- static7.ubi.com.s3.amazonaws.com
-
-			- static7.ubi.com
-
-		- ubisoft.hs.llnwd.net
-
-			- static[79].cdn.ubi.com
-
-
-	Nonfunctional subdomains:
-
-		- (www.) *
-		- forums *
-		- thesettlers.uk *
-
-	* Refused
-
-
-	Problematic subdomains:
-
-		- static7	(amazonws)
-		- video.us	(works; mismatched, CN: *.ubi.com)
-
-
-	Fully covered subdomains:
-
-		- static\d.cdn
-		- cs
-		- engineroom
-		- ghost-recon
-		- hbe
-		- secure
-		- static(?!7)\d
-		- static7	(→ s3.amazonaws.com)
-		- support
-		- tools
-		- ubibar
-		- uts
-
-
-	ToDo: Secure shop pages that don't redirect to http.
-
-
-	Mixed content:
-
-		- Flash:
-
-			- on uplay from www.youtube.com *
-
-		- Javascript:
-
-			- on uplay from static2.cdn *
-			- on uplay from ajax.googleapis.com *
-			- on uplay from www.youtube.com *
-			- on uplay from s.ytimg.com *
-
-		- css:
-
-			- on uplay from static2.cdn *
-
-		- Images:
-
-			- on uplay from static2.cdn *
-			- on uplay from img.youtube.com *
-
-		- Web bugs:
-
-			- on uplay from adserver.adtech.com *
-
-	* Secured by us
-
-
-	NB: We secure all resources, and thus -falsemixed.xml
-	should be merged with this ruleset for Ffx 24.	
-
+	For other Ubisoft Group coverage, see Ubisoft-Group.com.xml.
+
+	Non-functional hosts
+		Timeout was reached:
+		- static12.ubi.com
+
+		SSL connect error:
+		- www.uplay.ubi.com
+
+		SSL peer certificate was not OK:
+		- static.cdn.ubi.com
+		- static10.cdn.ubi.com
+		- static11.cdn.ubi.com
+		- static14.cdn.ubi.com
+		- static17.cdn.ubi.com
+		- static19.cdn.ubi.com
+		- static7.cdn.ubi.com
+		- static9.cdn.ubi.com
+		- static15.ubi.com
+		- static16.ubi.com
+		- static7.ubi.com
 -->
-<ruleset name="Ubisoft Entertainment (partial)">
-
-	<target host="*.ubi.com" />
-		<exclusion pattern="^http://(?:forums|www)\." />
-
-
-	<securecookie host=".*\.ubi\.com$" name=".+" />
-
-
-	<rule from="^http://static7\.ubi\.com/"
-		to="https://s3.amazonaws.com/static7.ubi.com/" />
-
-	<rule from="^http://(cs|engineroom|ghost-recon|hbe|secure|static\d(?:\.cdn)?|support|tools|ubibar|uts)\.ubi\.com/"
-		to="https://$1.ubi.com/" />
-
+<ruleset name="Ubisoft Entertainment">
+	<target host="ubi.com" />
+	<target host="www.ubi.com" />
+	<target host="static2.cdn.ubi.com" />
+	<target host="static3.cdn.ubi.com" />
+	<target host="static5.cdn.ubi.com" />
+	<target host="cs.ubi.com" />
+	<target host="engineroom.ubi.com" />
+	<target host="forums.ubi.com" />
+	<target host="hbe.ubi.com" />
+	<target host="legal.ubi.com" />
+	<target host="secure.ubi.com" />
+	<target host="static1.ubi.com" />
+	<target host="static11.ubi.com" />
+	<target host="static17.ubi.com" />
+	<target host="static19.ubi.com" />
+	<target host="static2.ubi.com" />
+	<target host="static3.ubi.com" />
+	<target host="static4.ubi.com" />
+	<target host="static5.ubi.com" />
+	<target host="static6.ubi.com" />
+	<target host="static8.cdn.ubi.com" />
+	<target host="static8.ubi.com" />
+	<target host="static9.ubi.com" />
+	<target host="store.ubi.com" />
+	<target host="support.ubi.com" />
+	<target host="tools.ubi.com" />
+	<target host="ubibar.ubi.com" />
+	<target host="uplay.ubi.com" />
+	<target host="www.uplay.ubi.com" />
+	<target host="uts.ubi.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://www\.uplay\.ubi\.com/"
+			to="https://uplay.ubi.com/" />
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Ubisoft_Entertainment-falsemixed.xml b/src/chrome/content/rules/Ubisoft_Entertainment-falsemixed.xml
deleted file mode 100644
index 070405168bbd..000000000000
--- a/src/chrome/content/rules/Ubisoft_Entertainment-falsemixed.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<!--
-	For rules not causing false mixed content blockage, see Ubisoft-Entertainment.xml.
-
--->
-<ruleset name="Ubisoft Entertainment (MCB false positives)" platform="mixedcontent">
-
-	<target host="uplay.ubi.com" />
-
-
-	<rule from="^http://uplay\.ubi\.com/"
-		to="https://uplay.ubi.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Ubisoft_Group.com.xml b/src/chrome/content/rules/Ubisoft_Group.com.xml
deleted file mode 100644
index 5cf131f84c82..000000000000
--- a/src/chrome/content/rules/Ubisoft_Group.com.xml
+++ /dev/null
@@ -1,27 +0,0 @@
-<!--
-	Other Ubisoft Group rulesets:
-
-		- Ubisoft-Entertainment.xml
-
-
-	Problematic subdomains:
-
-		- common	(works; mismatched, CN: www.ubisoftgroup.com)
-
--->
-<ruleset name="Ubisoft Group">
-
-	<target host="ubisoftgroup.com" />
-	<target host="*.ubisoftgroup.com" />
-
-
-	<securecookie host="^\.ubisoftgroup\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?ubisoftgroup\.com/"
-		to="https://$1ubisoftgroup.com/" />
-
-	<rule from="^http://common\.ubisoftgroup\.com/"
-		to="https://www.ubisoftgroup.com/comsite_common/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Ubrr.ru.xml b/src/chrome/content/rules/Ubrr.ru.xml
new file mode 100644
index 000000000000..93e5c4609363
--- /dev/null
+++ b/src/chrome/content/rules/Ubrr.ru.xml
@@ -0,0 +1,81 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://demotb.ubrr.ru/ => https://demotb.ubrr.ru/: (6, 'Could not resolve host: demotb.ubrr.ru')
+
+ubrr.ru ⁶
+www.ubrr.ru ⁶
+adler.ubrr.ru ⁶
+arhangelsk.ubrr.ru ⁶
+chel.ubrr.ru ⁶
+devdip.ubrr.ru ³
+em.ubrr.ru ¹
+eng.ubrr.ru ⁶
+ibd.ubrr.ru ³
+ibox.ubrr.ru ³
+idap.ubrr.ru ³
+idemo.ubrr.ru ²
+invest.ubrr.ru ⁶
+ips.ubrr.ru/: (35, 'error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure')
+junior.ubrr.ru ³
+kb.ubrr.ru ¹
+kirov43.ubrr.ru ⁶
+kzn.ubrr.ru ⁶
+landing.ubrr.ru ¹
+landing-t.ubrr.ru ³
+mail.ubrr.ru ³
+maximum.ubrr.ru ¹
+mb.ubrr.ru ³
+mpos.ubrr.ru ³
+msb.ubrr.ru ¹
+msk.ubrr.ru ⁶
+nn.ubrr.ru ⁶
+ntrp.ubrr.ru ³
+omsk.ubrr.ru ⁶
+order.ubrr.ru ¹
+order2.ubrr.ru ³
+penza.ubrr.ru ⁶
+quik.ubrr.ru ³
+relay.ubrr.ru ³
+samara.ubrr.ru ⁶
+scnp.ubrr.ru ³
+spb.ubrr.ru ⁶
+sprosi.ubrr.ru ¹
+tbsl.ubrr.ru ³
+tinvest.ubrr.ru ³
+twpg.ubrr.ru ³
+ubrd.ubrr.ru ³
+ubrr.ubrr.ru ³
+ufa102.ubrr.ru ⁶
+ulyanovsk.ubrr.ru ⁶
+vladimir.ubrr.ru ⁶
+vzwbt.ubrr.ru ⁶
+web.ubrr.ru ¹
+wvp.ubrr.ru ³
+www1.ubrr.ru ³
+tb.ubrr.ru different content
+tbinfo.ubrr.ru different content
+
+
+¹ mismatch
+² refused
+³ timed out
+⁶ redirect
+-->
+<ruleset name="ubrr.ru (partial)" default_off="failed ruleset test">
+	<target host="3ds.ubrr.ru" />
+	<target host="card.ubrr.ru" />
+	<target host="demotb.ubrr.ru" />
+	<target host="i.ubrr.ru" />
+	<target host="ib.ubrr.ru" />
+	<target host="ibc.ubrr.ru" />
+	<target host="isec1047.ubrr.ru" />
+	<target host="oplata.ubrr.ru" />
+	<target host="sales.ubrr.ru" />
+	<target host="start.ubrr.ru" />
+	<target host="www.start.ubrr.ru" />
+	<target host="startup.ubrr.ru" />
+	<target host="sumka.ubrr.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ubuntu-DE.org.xml b/src/chrome/content/rules/Ubuntu-DE.org.xml
new file mode 100644
index 000000000000..fb1eaba9a0eb
--- /dev/null
+++ b/src/chrome/content/rules/Ubuntu-DE.org.xml
@@ -0,0 +1,14 @@
+<ruleset name="Ubuntu-DE.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ubuntu-de.org" />
+	<target host="media-cdn.ubuntu-de.org" />
+	<target host="static-cdn.ubuntu-de.org" />
+	<target host="www.ubuntu-de.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ubuntu-EU.org.xml b/src/chrome/content/rules/Ubuntu-EU.org.xml
new file mode 100644
index 000000000000..51c4769c1c60
--- /dev/null
+++ b/src/chrome/content/rules/Ubuntu-EU.org.xml
@@ -0,0 +1,16 @@
+<!--
+	www.ubuntu-eu.org doesn't exist.
+
+-->
+<ruleset name="Ubuntu-EU.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ubuntu-eu.org" />
+	<target host="lists.ubuntu-eu.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ubuntu-FR.org.xml b/src/chrome/content/rules/Ubuntu-FR.org.xml
new file mode 100644
index 000000000000..353b3f1e1417
--- /dev/null
+++ b/src/chrome/content/rules/Ubuntu-FR.org.xml
@@ -0,0 +1,13 @@
+<ruleset name="Ubuntu-FR.org (partial)">
+	<target host="ubuntu-fr.org" />
+	<target host="www.ubuntu-fr.org" />
+	<target host="doc.ubuntu-fr.org" />
+	<target host="forum.ubuntu-fr.org" />
+	<target host="planet.ubuntu-fr.org" />
+	<target host="tour.ubuntu-fr.org" />
+	<target host="www-static.ubuntu-fr.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ubuntu-MATE.Boutique.xml b/src/chrome/content/rules/Ubuntu-MATE.Boutique.xml
new file mode 100644
index 000000000000..a2a527f79399
--- /dev/null
+++ b/src/chrome/content/rules/Ubuntu-MATE.Boutique.xml
@@ -0,0 +1,28 @@
+<!--
+	For other Ubuntu MATE coverage, see Ubuntu-MATE.org.xml.
+
+
+	Insecure cookies are set for these domains:
+
+		- .ubuntu-mate.boutique
+
+-->
+<ruleset name="Ubuntu-MATE.Boutique">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ubuntu-mate.boutique" />
+	<target host="www.ubuntu-mate.boutique" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.ubuntu-mate\.boutique$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.ubuntu-mate\.boutique$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ubuntu-MATE.org.xml b/src/chrome/content/rules/Ubuntu-MATE.org.xml
new file mode 100644
index 000000000000..f96b933648a3
--- /dev/null
+++ b/src/chrome/content/rules/Ubuntu-MATE.org.xml
@@ -0,0 +1,46 @@
+<!--
+	Other Ubuntu MATE rulesets:
+
+		- Ubuntu-MATE.Boutique.xml
+		- Ubuntu_MATE.Community.xml
+
+
+	NB: Tor users cannot view* this website due to CloudFlare settings.
+
+	See:
+
+		- https://blog.torproject.org/blog/call-arms-helping-internet-services-accept-anonymous-users
+		- https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block-Tor-
+		- https://support.cloudflare.com/hc/en-us/articles/200170206-How-do-I-turn-I-m-Under-Attack-mode-on-
+
+	* without enabling javascript, for security and privacy implications see e.g.:
+
+		- https://www.mozilla.org/security/known-vulnerabilities/firefox.html
+		- https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-fingerprinting
+		- https://panopticlick.eff.org
+
+
+	Insecure cookies are set for these domains:
+
+		- ubuntu-mate.org
+
+-->
+<ruleset name="Ubuntu-MATE.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ubuntu-mate.org" />
+	<target host="www.ubuntu-mate.org" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.ubuntu-mate\.org$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.ubuntu-mate\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ubuntu-NL.org.xml b/src/chrome/content/rules/Ubuntu-NL.org.xml
new file mode 100644
index 000000000000..a2b947a65b06
--- /dev/null
+++ b/src/chrome/content/rules/Ubuntu-NL.org.xml
@@ -0,0 +1,31 @@
+<!--
+	Non-functional hosts
+		Timeout was reached:
+			 - bumblebee.ubuntu-nl.org
+			 - caterpillar.ubuntu-nl.org
+			 - dragonfly.ubuntu-nl.org
+
+		SSL peer certificate was not OK:
+			 - blogs.ubuntu-nl.org
+			 - planet.ubuntu-nl.org
+
+		Problem with the SSL CA cert (path? access rights?):
+			 - chat.ubuntu-nl.org
+
+		Status code mismatch:
+			 - stats.ubuntu-nl.org
+-->
+<ruleset name="Ubuntu-NL.org">
+	<target host="ubuntu-nl.org" />
+	<target host="www.ubuntu-nl.org" />
+	<target host="beta.ubuntu-nl.org" />
+	<target host="forum.ubuntu-nl.org" />
+	<target host="kaart.ubuntu-nl.org" />
+	<target host="lists.ubuntu-nl.org" />
+	<target host="mail.ubuntu-nl.org" />
+	<target host="wiki.ubuntu-nl.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ubuntu-TR.net.xml b/src/chrome/content/rules/Ubuntu-TR.net.xml
new file mode 100644
index 000000000000..5112d354d80e
--- /dev/null
+++ b/src/chrome/content/rules/Ubuntu-TR.net.xml
@@ -0,0 +1,34 @@
+<!--
+	Nonfunctional hosts in *ubuntu-tr.net:
+
+		- gezegen *
+		- wiki *
+
+	* Shows forum.ubuntu-tr.net
+
+
+	Insecure cookies are set for these hosts:
+
+		- forum.ubuntu-tr.net
+
+-->
+<ruleset name="Ubuntu-TR.net (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ubuntu-tr.net" />
+	<target host="forum.ubuntu-tr.net" />
+	<target host="sudo.ubuntu-tr.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^forum\.ubuntu-tr\.net$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^forum\.ubuntu-tr\.net$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ubuntu.com.cn.xml b/src/chrome/content/rules/Ubuntu.com.cn.xml
new file mode 100644
index 000000000000..43dc6c22cdf2
--- /dev/null
+++ b/src/chrome/content/rules/Ubuntu.com.cn.xml
@@ -0,0 +1,14 @@
+<!--
+	For other Ubuntu.com related rulesets, see
+		+ Ubuntu.xml
+-->
+<ruleset name="Ubuntu.com.cn">
+	<target host="ubuntu.com.cn" />
+	<target host="forum.ubuntu.com.cn" />
+	<target host="linux.ubuntu.com.cn" />
+	<target host="paste.ubuntu.com.cn" />
+	<target host="wiki.ubuntu.com.cn" />
+	<target host="www.ubuntu.com.cn" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ubuntu.org.cn.xml b/src/chrome/content/rules/Ubuntu.org.cn.xml
new file mode 100644
index 000000000000..b60528f4f7b6
--- /dev/null
+++ b/src/chrome/content/rules/Ubuntu.org.cn.xml
@@ -0,0 +1,14 @@
+<!--
+	For other Ubuntu.com related rulesets, see
+		+ Ubuntu.xml
+-->
+<ruleset name="Ubuntu.org.cn">
+	<target host="ubuntu.org.cn" />
+	<target host="forum.ubuntu.org.cn" />
+	<target host="linux.ubuntu.org.cn" />
+	<target host="paste.ubuntu.org.cn" />
+	<target host="wiki.ubuntu.org.cn" />
+	<target host="www.ubuntu.org.cn" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ubuntu.xml b/src/chrome/content/rules/Ubuntu.xml
index a686c1c41bc5..5d914972270a 100644
--- a/src/chrome/content/rules/Ubuntu.xml
+++ b/src/chrome/content/rules/Ubuntu.xml
@@ -1,92 +1,89 @@
 <!--
 	Other Ubuntu rulesets:
-
-		- Ubuntu_Forums.org.xml
-
-
-	Nonfunctional subdomains:
-
-		- (www.) ¹
-		- archive ²
-		- cdimage ²
-		- irclogs		(shows irclogs.canonical.com; mismatched, CN: irclogs.canonical.com)
-		- kernel ¹
-		- loco ³
-		- manpages ¹
-		- odm ³
-		- old-releases ²
-		- packages ¹
-		- people ¹
-		- planet		(prints "Page Unavailable"; mismatched, CN: certification.canonical.com)
-		- iso.qa ³
-		- testcases.qa		(redirects to http, self-signed)
-		- pad ²
-		- releases ²
-		- security ²
-		- status ²
-		- summit ²
-
-	¹ Dropped
-	² Refused
-	³ Redirects to testcases.qa; mismatched, CN: testcases.qa.ubuntu.com
-
-
-	Problematic subdomains:
-
-		- shop	(mismatched, CN: shop.canonical.com)
-
-
-	Fully covered domains:
-
-		- ubuntu.com subdomains:
-
-			- apps
-			- assets
-			- cloud
-			- community
-			- developer
-			- myapps.developer
-			- fridge
-			- help
-			- lists
-			- login
-			- maas
-			- one
-			- patches
-			- pay
-			- jenkins.qa
-			- shop		(→ shop.canonical.com)
-			- uds
-			- uec-images
-			- wiki
-
-		- (www.)ubuntuone.com
-
-
-	Mixed content:
-
-		- Images on help from pix.toile-libre.org *
-
-	* Unsecurable, doesn't trip MCB
-
+		+ Ubuntu.com.cn.xml
+		+ Ubuntu.org.cn.xml
+
+	HSTS preloaded:
+		- login.ubuntu.com
+
+	Non-functional hosts
+		Couldn't connect to server:
+		- archive.ubuntu.com
+		- cdimage.ubuntu.com
+		- old-releases.ubuntu.com
+		- security.ubuntu.com
+
+		Timeout was reached:
+		- reports.qa.ubuntu.com
+		- women.ubuntu.com
+
+		SSL connect error:
+		- status.ubuntu.com
+		- summit.ubuntu.com
+
+		SSL peer certificate was not OK:
+		- ask.ubuntu.com
+		- brainstorm.ubuntu.com
+		- bugs.ubuntu.com
+		- upstart.ubuntu.com
+
+		Mixed content blocking (MCB) triggered:
+		- lists.ubuntu.com
+		- odm.ubuntu.com
+		- iso.qa.ubuntu.com
+		- testcases.qa.ubuntu.com
 -->
-<ruleset name="Ubuntu (partial)">
-
-	<target host="*.ubuntu.com" />
-	<target host="ubuntuone.com" />
-	<target host="www.ubuntuone.com" />
-
-
-	<securecookie host="^(?:apps|login|pay|jenkins\.qa|wiki)\.ubuntu\.com$" name=".+" />
-
-
-	<rule from="^http://(apps|assets|cloud|community|(?:myapps\.)?developer|fridge|help|juju|lists|login|maas|one|patches|pay|jenkins\.qa|uds|uec-images|wiki)\.ubuntu\.com/"
-		to="https://$1.ubuntu.com/" />
-
-	<rule from="^http://shop\.ubuntu\.com/"
-		to="https://shop.canonical.com/" />
-
-	<rule from="^http://(www\.)?ubuntuone\.com/"
-		to="https://$1ubuntuone.com/" />
-
+<ruleset name="Ubuntu.com (partial)">
+	<target host="ubuntu.com" />
+	<target host="www.ubuntu.com" />
+	<target host="apps.ubuntu.com" />
+	<target host="assets.ubuntu.com" />
+		<test url="http://assets.ubuntu.com/v1/0df231d4-core-print.css" />
+	<target host="buy.ubuntu.com" />
+	<target host="certification.ubuntu.com" />
+	<target host="changelogs.ubuntu.com" />
+	<target host="cloud.ubuntu.com" />
+	<target host="cloud-images.ubuntu.com" />
+	<target host="community.ubuntu.com" />
+	<target host="design.ubuntu.com" />
+	<target host="developer.ubuntu.com" />
+	<target host="myapps.developer.ubuntu.com" />
+	<target host="entropy.ubuntu.com" />
+	<target host="errors.ubuntu.com" />
+	<target host="font.ubuntu.com" />
+	<target host="fridge.ubuntu.com" />
+	<target host="help.ubuntu.com" />
+	<target host="insights.ubuntu.com" />
+	<target host="irclogs.ubuntu.com" />
+	<target host="jobs.ubuntu.com" />
+	<target host="juju.ubuntu.com" />
+	<target host="kernel.ubuntu.com" />
+	<target host="keyserver.ubuntu.com" />
+	<!-- HTTPS doesn't work on port 11371 -->
+	<exclusion pattern="^http://keyserver\.ubuntu\.com:11371/" />
+		<test url="http://keyserver.ubuntu.com:11371/pks/lookup?op=vindex&amp;search=extension-devs%40eff.org&amp;fingerprint=on" />
+	<target host="loco.ubuntu.com" />
+	<target host="maas.ubuntu.com" />
+	<target host="manpages.ubuntu.com" />
+	<target host="merges.ubuntu.com" />
+	<target host="packages.ubuntu.com" />
+	<target host="packaging.ubuntu.com" />
+	<target host="pad.ubuntu.com" />
+	<target host="partners.ubuntu.com" />
+	<target host="paste.ubuntu.com" />
+	<target host="pastebin.ubuntu.com" />
+	<target host="patches.ubuntu.com" />
+	<target host="people.ubuntu.com" />
+	<target host="planet.ubuntu.com" />
+	<target host="popcon.ubuntu.com" />
+	<target host="releases.ubuntu.com" />
+		<test url="http://releases.ubuntu.com/19.10/SHA256SUMS.gpg" />
+	<target host="tour.ubuntu.com" />
+	<target host="tutorials.ubuntu.com" />
+	<target host="uec-images.ubuntu.com" />
+	<target host="wiki.ubuntu.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/UbuntuUsers.de.xml b/src/chrome/content/rules/UbuntuUsers.de.xml
new file mode 100644
index 000000000000..f7fd3f26718c
--- /dev/null
+++ b/src/chrome/content/rules/UbuntuUsers.de.xml
@@ -0,0 +1,60 @@
+<!--
+
+	Insecure cookies are set for these domains and hosts:
+
+		- ubuntuusers.de
+		- .ubuntuusers.de
+		- forum.ubuntuusers.de
+		- ikhaya.ubuntuusers.de
+		- planet.ubuntuusers.de
+		- wiki.ubuntuusers.de
+
+
+	Mixed content:
+
+		- Images, on:
+
+			-  planet from \d.bp.blogspot.com
+			-  planet from barfoos.blogsport.eu
+			-  planet from blog.christian-stankowic.de
+			-  planet from www.curius.de
+			-  planet from www.finnchristiansen.de
+			-  planet from andre.hemk.es
+			-  planet from www.intux.de
+			-  planet from www.menzer.net
+			-  planet from blog.stefan-betz.net
+			-  planet from s.w.org
+			-  planet from i\d.wp.com
+
+		- Bugs, on:
+
+			-  planet from stats.blogsport.de
+			-  planet from analytics.specint.de
+
+	Invalid cert on:
+			- staticwiki.ubuntuusers.de
+-->
+<ruleset name="UbuntuUsers.de" >
+
+	<target host="admin.ubuntuusers.de"/>
+	<target host="forum.ubuntuusers.de"/>
+	<target host="ikhaya.ubuntuusers.de"/>
+	<target host="paste.ubuntuusers.de"/>
+	<target host="planet.ubuntuusers.de"/>
+	<target host="tour.ubuntuusers.de"/>
+	<target host="ubuntuusers.de"/>
+	<target host="wiki.ubuntuusers.de"/>
+	<target host="www.ubuntuusers.de"/>
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:(?:forum|ikhaya|planet|wiki)\.)?ubuntuusers\.de$" name="^csrftoken$" /-->
+	<!--securecookie host="^\.ubuntuusers\.de$" name="^session$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ubuntu_Forums.org.xml b/src/chrome/content/rules/Ubuntu_Forums.org.xml
index a3d94cdbe532..1baef69a41b2 100644
--- a/src/chrome/content/rules/Ubuntu_Forums.org.xml
+++ b/src/chrome/content/rules/Ubuntu_Forums.org.xml
@@ -1,38 +1,52 @@
 <!--
 	For other Ubuntu coverage, see Ubuntu.xml.
 
-
-	Mixed content:
-
-		- Scripts:
-
-			- On ^ from ^ *
-			- On ^ from yui.yahooapis.com *
-
-		- css:
-
-			- On ^ from ^ *
-			- on ^ from fonts.googleapis.com *
-
-		- Images on ^ from ^ *
-
-	* Secured by us
-
-
-	NB: We secure all resources, and thus
-	platform should be removed with Ffx 24.
-
+	Non-functional hosts
+		SSL peer certificate was not OK:
+			 - www.ubuntuforums.org
+			 - art.ubuntuforums.org
+			 - www.art.ubuntuforums.org
+			 - au.ubuntuforums.org
+			 - www.backports.ubuntuforums.org
+			 - ca.ubuntuforums.org
+			 - california.ubuntuforums.org
+			 - cat.ubuntuforums.org
+			 - egypt.ubuntuforums.org
+			 - elsalvador.ubuntuforums.org
+			 - florida.ubuntuforums.org
+			 - georgia.ubuntuforums.org
+			 - gs1.ubuntuforums.org
+			 - gutsywww.ubuntuforums.org
+			 - indiana.ubuntuforums.org
+			 - maine.ubuntuforums.org
+			 - maryland.ubuntuforums.org
+			 - minnesota.ubuntuforums.org
+			 - newyork.ubuntuforums.org
+			 - ohio.ubuntuforums.org
+			 - ohioloco.ubuntuforums.org
+			 - start.ubuntuforums.org
+			 - swiss.ubuntuforums.org
+			 - tunisie.ubuntuforums.org
+			 - ubuntu.ubuntuforums.org
+			 - ubuntu-ky.ubuntuforums.org
+			 - ubuntu-virginia.ubuntuforums.org
+			 - www.uluga.ubuntuforums.org
+			 - us.ubuntuforums.org
+			 - wiki.ubuntuforums.org
+			 - wwww.ubuntuforums.org
+			 - za.ubuntuforums.org
 -->
-<ruleset name="Ubuntu Forums.org (false MCB)" platform="mixedcontent">
-
+<ruleset name="Ubuntu Forums.org">
 	<target host="ubuntuforums.org" />
-	<target host="*.ubuntuforums.org" />
-
-
-	<securecookie host="^\.ubuntuforums\.org$" name=".+" />
+	<target host="www.ubuntuforums.org" />
+	<target host="admincp.ubuntuforums.org" />
+	<target host="modcp.ubuntuforums.org" />
 
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(www\.)?ubuntuforums\.org/"
-		to="https://$1ubuntuforums.org/" />
+	<rule from="^http://www\.ubuntuforums\.org/"
+			to="https://ubuntuforums.org/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ubuntu_Linux.jp.xml b/src/chrome/content/rules/Ubuntu_Linux.jp.xml
new file mode 100644
index 000000000000..bb2c41e8f2ed
--- /dev/null
+++ b/src/chrome/content/rules/Ubuntu_Linux.jp.xml
@@ -0,0 +1,12 @@
+<ruleset name="Ubuntu Linux.jp" >
+	<target host="ubuntulinux.jp" />
+	<target host="www.ubuntulinux.jp" />
+	<target host="forums.ubuntulinux.jp" />
+	<target host="wiki.ubuntulinux.jp" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://ubuntulinux\.jp/" to="https://www.ubuntulinux.jp/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ubuntu_MATE.Community.xml b/src/chrome/content/rules/Ubuntu_MATE.Community.xml
new file mode 100644
index 000000000000..b5d6b1b961a8
--- /dev/null
+++ b/src/chrome/content/rules/Ubuntu_MATE.Community.xml
@@ -0,0 +1,45 @@
+<!--
+	For other Ubuntu MATE coverage, see Ubuntu-MATE.org.xml.
+
+
+	NB: Tor users cannot view* this website due to CloudFlare settings.
+
+	See:
+
+		- https://blog.torproject.org/blog/call-arms-helping-internet-services-accept-anonymous-users
+		- https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block-Tor-
+		- https://support.cloudflare.com/hc/en-us/articles/200170206-How-do-I-turn-I-m-Under-Attack-mode-on-
+
+	* without enabling javascript, for security and privacy implications see e.g.:
+
+		- https://www.mozilla.org/security/known-vulnerabilities/firefox.html
+		- https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-fingerprinting
+		- https://panopticlick.eff.org
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- ubuntu-mate.community
+		- .ubuntu-mate.community
+
+-->
+<ruleset name="Ubuntu MATE.Community">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ubuntu-mate.community" />
+	<target host="www.ubuntu-mate.community" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^ubuntu-mate\.community$" name="^(?:_forum_session|destination_url)$" /-->
+	<!--securecookie host="^\.ubuntu-mate\.community$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.?ubuntu-mate\.community$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ubuntugnome.org.xml b/src/chrome/content/rules/Ubuntugnome.org.xml
new file mode 100644
index 000000000000..69b59b9fe14a
--- /dev/null
+++ b/src/chrome/content/rules/Ubuntugnome.org.xml
@@ -0,0 +1,6 @@
+<ruleset name="Ubuntugnome.org">
+	<target host="ubuntugnome.org" />
+	<target host="www.ubuntugnome.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ubuntustudio.org.xml b/src/chrome/content/rules/Ubuntustudio.org.xml
new file mode 100644
index 000000000000..773f1079a93c
--- /dev/null
+++ b/src/chrome/content/rules/Ubuntustudio.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="Ubuntustudio.org">
+	<target host="ubuntustudio.org" />
+	<target host="www.ubuntustudio.org" />
+	<rule from="^http://www\.ubuntustudio\.org/"
+	to="https://ubuntustudio.org/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Uclibc-ng.org.xml b/src/chrome/content/rules/Uclibc-ng.org.xml
new file mode 100644
index 000000000000..c9d794fbb514
--- /dev/null
+++ b/src/chrome/content/rules/Uclibc-ng.org.xml
@@ -0,0 +1,10 @@
+<ruleset name="Uclibc-ng.org">
+	<target host="uclibc-ng.org" />
+	<target host="www.uclibc-ng.org" />
+	<target host="cgit.uclibc-ng.org" />
+	<target host="downloads.uclibc-ng.org" />
+	<target host="git.uclibc-ng.org" />
+	<target host="mailman.uclibc-ng.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Uclibc.org.xml b/src/chrome/content/rules/Uclibc.org.xml
new file mode 100644
index 000000000000..ac6814569609
--- /dev/null
+++ b/src/chrome/content/rules/Uclibc.org.xml
@@ -0,0 +1,21 @@
+<!--
+	Nonfunctional hosts in *.uclibc.org:
+		- lists.uclibc.org (m)
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Uclibc.org">
+	<target host="uclibc.org" />
+	<target host="www.uclibc.org" />
+	<target host="bugs.uclibc.org" />
+	<target host="buildroot.uclibc.org" />
+	<target host="cxx.uclibc.org" />
+	<target host="git.uclibc.org" />
+	<target host="sources.uclibc.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ucommand.com.xml b/src/chrome/content/rules/Ucommand.com.xml
new file mode 100644
index 000000000000..bb50370bc793
--- /dev/null
+++ b/src/chrome/content/rules/Ucommand.com.xml
@@ -0,0 +1,22 @@
+<!--
+	For other Level 3 coverage, see Level_3.com.xml.
+
+
+	^ucommand.com doesn't exist.
+
+-->
+<ruleset name="ucommand.com">
+
+	<target host="www.ucommand.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.ucommand\.com$" name="^(ASP\.NET_SessionId|BIGipServerDetroit_uCommand)" /-->
+
+	<securecookie host="^www\.ucommand\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ucuzu.com.xml b/src/chrome/content/rules/Ucuzu.com.xml
new file mode 100644
index 000000000000..4ec86bf70b66
--- /dev/null
+++ b/src/chrome/content/rules/Ucuzu.com.xml
@@ -0,0 +1,26 @@
+<!--
+	For other Arukereso coverage, see Arukereso.xml.
+
+
+	Nonfunctional hosts in *ucuzu.com:
+
+		- blog
+		- is-guvenlik-akkayabisi-botu
+		- kitap
+		- mikrofon
+		- tablet-pc
+		- uydu-alicisi
+		- yuz-kremi
+
+-->
+<ruleset name="Ucuzu.com" default_off="mismatched">
+
+	<target host="ucuzu.com" />
+	<target host="image.ucuzu.com" />
+	<target host="static.ucuzu.com" />
+	<target host="www.ucuzu.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Udacity.com-mismatches.xml b/src/chrome/content/rules/Udacity.com-mismatches.xml
new file mode 100644
index 000000000000..13045fb1bf0c
--- /dev/null
+++ b/src/chrome/content/rules/Udacity.com-mismatches.xml
@@ -0,0 +1,17 @@
+<!--
+	For rules that are on by default, see Udacity.com.xml
+
+-->
+<ruleset name="Udacity.com (mismatches)" default_off="mismatched">
+
+	<target host="blog.udacity.com" />
+	<target host="businessblog.udacity.com" />
+	<target host="career.udacity.com" />
+	<target host="status.udacity.com" />
+	<target host="support.udacity.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Udacity.com.xml b/src/chrome/content/rules/Udacity.com.xml
new file mode 100644
index 000000000000..4efb0c5515fe
--- /dev/null
+++ b/src/chrome/content/rules/Udacity.com.xml
@@ -0,0 +1,33 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ar.udacity.com/ => https://ar.udacity.com/: (6, 'Could not resolve host: ar.udacity.com')
+Fetch error: http://email.udacity.com/ => https://email.udacity.com/: (6, 'Could not resolve host: email.udacity.com')
+
+	For problematic rules, see Udacity.com-mismatches.xml
+
+	Nonfunctional subdomains:
+		- labs 	(refused)
+
+-->
+<ruleset name="Udacity.com (partial)" default_off="failed ruleset test">
+
+	<target host="udacity.com" />
+	<target host="ar.udacity.com" />
+	<target host="classroom.udacity.com" />
+	<target host="discussions.udacity.com" />
+	<target host="email.udacity.com" />
+	<target host="forums.udacity.com" />
+	<target host="profiles.udacity.com" />
+	<target host="review.udacity.com" />
+	<target host="talentsource.udacity.com" />
+	<target host="www.udacity.com" />
+
+
+	<securecookie host="^\.udacity\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Udemy.com.xml b/src/chrome/content/rules/Udemy.com.xml
new file mode 100644
index 000000000000..c5089bb54bf2
--- /dev/null
+++ b/src/chrome/content/rules/Udemy.com.xml
@@ -0,0 +1,67 @@
+<!--
+	CDN buckets:
+
+		- www-udemy-com.global.ssl.fastly.net
+
+
+	Nonfunctional hosts in *udemy.com:
+
+		- httpproxy *
+
+	* 404
+
+
+	Fully covered subdomains:
+
+		- (www.)?
+		- about
+		- blog
+		- business
+		- press
+		- support
+		- teach
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .udemy.com
+		- about.udemy.com
+		- blog.udemy.com
+		- teach.udemy.com
+		- www.udemy.com
+
+
+	Mixed content:
+
+		- favicon on press from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Udemy.com (partial)">
+
+	<target host="udemy.com" />
+	<target host="about.udemy.com" />
+	<target host="blog.udemy.com" />
+	<target host="business.udemy.com" />
+	<target host="press.udemy.com" />
+	<target host="support.udemy.com" />
+	<target host="teach.udemy.com" />
+	<target host="www.udemy.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.udemy\.com$" name="^(__cfduid|cf_clearance)$" /-->
+	<!--securecookie host="^(about|teach)\.udemy\.com$" name="^_icl_current_language$" /-->
+	<!--securecookie host="^(about|blog)\.udemy\.com$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^(blog|www)\.udemy\.com$" name="^__udmyvstr?$" /-->
+	<!--securecookie host="^www\.udemy\.com$" name="^(_prmtn_|access_token|msplash-passed)$" /-->
+
+	<securecookie host="^(?:about|blog|teach|www)?\.udemy\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Udistrital.xml b/src/chrome/content/rules/Udistrital.xml
index 79ee5128b52e..04cbf6100275 100644
--- a/src/chrome/content/rules/Udistrital.xml
+++ b/src/chrome/content/rules/Udistrital.xml
@@ -1,10 +1,63 @@
-<ruleset name="Universidad Distrital" platform="firefox">
 
-       <target host="udistrital.edu.co" />
-       <target host="www.udistrital.edu.co" />
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ceri.udistrital.edu.co/ => https://ceri.udistrital.edu.co/: (7, 'Failed to connect to ceri.udistrital.edu.co port 443: Connection refused')
+Fetch error: http://condor.udistrital.edu.co/ => https://condor.udistrital.edu.co/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://oas.udistrital.edu.co/ => https://oas.udistrital.edu.co/: (28, 'Connection timed out after 20001 milliseconds')
 
+	404 on deep links:
+		- autoevaluacion.udistrital.edu.co
+		- comunidad.udistrital.edu.co
+		- gemini.udistrital.edu.co
+		- ilud.udistrital.edu.co
+		- laud.udistrital.edu.co
+		- mail.udistrital.edu.co
 
-       <rule from="^http://(?:www\.)?udistrital\.edu\.co/"
-		to="https://udistrital.edu.co/" />
+	HTTP response (services run on port 8080):
+		- espambienteydesarrollo.udistrital.edu.co
+		- fasab.udistrital.edu.co
+		- maestriabosques.udistrital.edu.co
+
+	Refused:
+		- cecad.udistrital.edu.co
+		- die.udistrital.edu.co
+		- doctoradoingenieria.udistrital.edu.co
+		- ieee.udistrital.edu.co
+		- ingenieria1.udistrital.edu.co
+		- medioambiente.udistrital.edu.co
+		- repository.udistrital.edu.co
+
+	Timeout:
+		- biblioteca.udistrital.edu.co
+		- celsius.udistrital.edu.co
+		- cidc.udistrital.edu.co
+		- revistas.udistrital.edu.co
+		- gicoge.udistrital.edu.co
+
+	Mixed content:
+		- rita.udistrital.edu.co
+
+	Expired:
+		- sistemadebibliotecas.udistrital.edu.co
+
+	Invalid cert:
+		- herbario.udistrital.edu.co
+		- idexud.udistrital.edu.co
+-->
+<ruleset name="Universidad Distrital (partial)" default_off="failed ruleset test">
+
+	<target host="udistrital.edu.co" />
+	<target host="www.udistrital.edu.co" />
+	<target host="ceri.udistrital.edu.co" />
+	<target host="condor.udistrital.edu.co" />
+	<target host="fciencias.udistrital.edu.co" />
+	<target host="oas.udistrital.edu.co" />
+	<target host="portalws.udistrital.edu.co" />
+	<target host="sgral.udistrital.edu.co" />
+	<target host="tuleap.udistrital.edu.co" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Uformia.com.xml b/src/chrome/content/rules/Uformia.com.xml
new file mode 100644
index 000000000000..f72bb7c5267c
--- /dev/null
+++ b/src/chrome/content/rules/Uformia.com.xml
@@ -0,0 +1,24 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+			 - intek.uformia.com
+
+		SSL peer certificate was not OK:
+			 - help.meshup.uformia.com
+
+		Different content:
+			 - df.uformia.com
+-->
+<ruleset name="Uformia.com">
+	<target host="uformia.com" />
+	<target host="www.uformia.com" />
+	<target host="app.uformia.com" />
+	<target host="mail.uformia.com" />
+	<target host="mail-01.uformia.com" />
+	<target host="play.uformia.com" />
+	<target host="support.uformia.com" />
+
+	<securecookie host="^(www\.)?uformia\.com$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Uformia.xml b/src/chrome/content/rules/Uformia.xml
deleted file mode 100644
index a4a3b59e07cf..000000000000
--- a/src/chrome/content/rules/Uformia.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	CN: staging.uformiaworld.com
-
--->
-<ruleset name="Uformia" default_off="expired, mismatched, self-signed">
-
-	<target host="uformia.com" />
-	<target host="www.uformia.com" />
-
-
-	<securecookie host="^uformia\.com$" name=".+" />
-
-
-	<rule from="^https?://(?:www\.)?uformia\.com/"
-		to="https://uformia.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Ugandan-government.xml b/src/chrome/content/rules/Ugandan-government.xml
index e22b1882f88d..a42ae69e99b3 100644
--- a/src/chrome/content/rules/Ugandan-government.xml
+++ b/src/chrome/content/rules/Ugandan-government.xml
@@ -3,7 +3,7 @@
 	<target host="jlos.go.ug"/>
 	<target host="www.jlos.go.ug"/>
 
-	<securecookie host="^(.*\.)?jlos\.go\.ug$" name=".*"/>
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http://(?:www\.)?jlos\.go\.ug/"
 		to="https://jlos.go.ug/"/>
diff --git a/src/chrome/content/rules/Ugenr.dk.xml b/src/chrome/content/rules/Ugenr.dk.xml
new file mode 100644
index 000000000000..80899f469a48
--- /dev/null
+++ b/src/chrome/content/rules/Ugenr.dk.xml
@@ -0,0 +1,11 @@
+<ruleset name="Ugenr.dk">
+
+	<target host="ugenr.dk" />
+	<target host="www.ugenr.dk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ugly_Mugs.ie.xml b/src/chrome/content/rules/Ugly_Mugs.ie.xml
new file mode 100644
index 000000000000..e33e2474aa85
--- /dev/null
+++ b/src/chrome/content/rules/Ugly_Mugs.ie.xml
@@ -0,0 +1,9 @@
+<ruleset name="Ugly Mugs.ie">
+	<target host="uglymugs.ie" />
+	<target host="www.uglymugs.ie" />
+	<target host="support.uglymugs.ie" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Uguu.se.xml b/src/chrome/content/rules/Uguu.se.xml
new file mode 100644
index 000000000000..41283b707cae
--- /dev/null
+++ b/src/chrome/content/rules/Uguu.se.xml
@@ -0,0 +1,8 @@
+<ruleset name="Uguu.se">
+	<target host="uguu.se" />
+	<target host="www.uguu.se" />
+	<target host="a.uguu.se" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Uhhospitals.org.xml b/src/chrome/content/rules/Uhhospitals.org.xml
index 246bcda5e8a4..95d537d3c0bc 100644
--- a/src/chrome/content/rules/Uhhospitals.org.xml
+++ b/src/chrome/content/rules/Uhhospitals.org.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(www\.)?uhhospitals\.org/(_cassette/|favicon\.ico|(?:.+/)?~/media/)"
 		to="https://$1uhhospitals.org/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Uhrzeit.org.xml b/src/chrome/content/rules/Uhrzeit.org.xml
index decf819dd5f7..39342c1bc5ab 100644
--- a/src/chrome/content/rules/Uhrzeit.org.xml
+++ b/src/chrome/content/rules/Uhrzeit.org.xml
@@ -1,23 +1,45 @@
-<ruleset name="Uhrzeit.org (partial)">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://atomic-clock.org.uk/ => https://www.atomic-clock.org.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'www.atomic-clock.org.uk'")
+Fetch error: http://la-hora.org/ => https://www.la-hora.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.la-hora.org'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://atomic-clock.org.uk/ => https://www.atomic-clock.org.uk/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://la-hora.org/ => https://www.la-hora.org/: (60, 'SSL certificate problem: certificate has expired')
+-->
+<ruleset name="Uhrzeit.org (partial)" default_off="failed ruleset test">
 
 	<!--	* for cross-domain cookie	-->
 	<target host="atomic-clock.org.uk"/>
-	<target host="*.atomic-clock.org.uk"/>
+	<target host="www.atomic-clock.org.uk" />
 	<target host="la-hora.org"/>
 	<!--	ditto	-->
-	<target host="*.la-hora.org"/>
+	<target host="www.la-hora.org" />
 	<target host="uhrzeit.org"/>
-	<target host="www.uhrzeit.org"/>
+	<target host="www.uhrzeit.org" />
+	<target host="watches.uhrzeit.org" />
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="^http://watches\.uhrzeit\.org/+($|\?|favicon\.ico|forum/)" /-->
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="^http://watches\.uhrzeit\.org/+(?!bilder/|img/|shop/|sys/)" /-->
 
-	<securecookie host="^\.(atomic-clock\.org\.uk|la-hora\.org)$" name=".*"/>
+	<securecookie host="^\.(?:atomic-clock\.org\.uk|la-hora\.org)$" name=".+" />
 
-	<rule from="^http://(www\.)?atomic-clock\.org\.uk/"
+	<rule from="^http://(?:www\.)?atomic-clock\.org\.uk/"
 		to="https://www.atomic-clock.org.uk/"/>
 
-	<rule from="^http://(www\.)?la-hora\.org/"
+	<rule from="^http://(?:www\.)?la-hora\.org/"
 		to="https://www.la-hora.org/"/>
 
 	<rule from="^http://(www\.)?uhrzeit\.org/(anmeldung|bilder|img|shop|sys)/"
 		to="https://www.uhrzeit.org/$2/"/>
 
+	<rule from="^http://watches\.uhrzeit\.org/(?=bilder/|img/|shop/|sys/)"
+		to="https://watches.uhrzeit.org/" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/Uhub.xml b/src/chrome/content/rules/Uhub.xml
index 308a49a3dd04..8a8f1e01deb7 100644
--- a/src/chrome/content/rules/Uhub.xml
+++ b/src/chrome/content/rules/Uhub.xml
@@ -1,4 +1,4 @@
-<ruleset name="uhub">
+<ruleset name="uhub.org" default_off="expired">
 
 	<target host="uhub.org" />
 	<target host="www.uhub.org" />
@@ -7,7 +7,7 @@
 	<securecookie host="^(?:www\.)?uhub\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?uhub\.org/"
-		to="https://$1uhub.org/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Ukash.com.xml b/src/chrome/content/rules/Ukash.com.xml
new file mode 100644
index 000000000000..e0c045cf9104
--- /dev/null
+++ b/src/chrome/content/rules/Ukash.com.xml
@@ -0,0 +1,46 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ukash.com/ => https://ukash.com/: (7, 'Failed to connect to ukash.com port 443: Connection refused')
+Fetch error: http://direct.ukash.com/ => https://direct.ukash.com/: (7, 'Failed to connect to direct.ukash.com port 443: Connection refused')
+Fetch error: http://mycard.ukash.com/ => https://mycard.ukash.com/: (7, 'Failed to connect to mycard.ukash.com port 443: Connection refused')
+Fetch error: http://www.ukash.com/ => https://www.ukash.com/: (7, 'Failed to connect to www.ukash.com port 443: Connection refused')
+
+	Fully covered subdomains:
+
+		- (www.)?
+		- direct
+		- mycard
+
+	Domain without https:
+
+		- (www.)?ukashbusiness.com
+
+	Insecure cookies are set for these domains:
+
+		- ukash.com
+		- direct.ukash.com
+		- mycard.ukash.com
+		- www.ukash.com
+
+-->
+<ruleset name="Ukash.com" default_off="failed ruleset test">
+
+	<target host="ukash.com" />
+	<target host="direct.ukash.com" />
+	<target host="mycard.ukash.com" />
+	<target host="www.ukash.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^((direct|mycard|www)\.)?ukash\.com$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^(www\.)?ukash\.com$" name="^(\.ASPXAUTH|EkAnalytics|EktGUID|ecm|ecmSecure)$" /-->
+
+	<securecookie host="^(?:direct\.|mycard\.|www\.)?ukash\.com$" name=".+" />
+
+
+	<rule from="^http:"
+        to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/UkashCardSATIS.xml b/src/chrome/content/rules/UkashCardSATIS.xml
deleted file mode 100644
index 4867a85ae562..000000000000
--- a/src/chrome/content/rules/UkashCardSATIS.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="UkashCardSATIS">
-
-	<target host="ukashcardsatis.com" />
-	<target host="*.ukashcardsatis.com" />
-
-
-	<securecookie host="^\.ukashcardsatis\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?ukashcardsatis\.com/"
-		to="https://$1ukashcardsatis.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Ukeer.de.xml b/src/chrome/content/rules/Ukeer.de.xml
new file mode 100644
index 000000000000..e264eb3d548b
--- /dev/null
+++ b/src/chrome/content/rules/Ukeer.de.xml
@@ -0,0 +1,14 @@
+<!--
+	Expired cert on (www.)?
+-->
+<ruleset name="ukeer.de (partial)">
+
+	<target host="mail.ukeer.de" />
+	<target host="push.ukeer.de" />
+	<target host="webmail.ukeer.de" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/UkiahDailyJournal.com.xml b/src/chrome/content/rules/UkiahDailyJournal.com.xml
new file mode 100644
index 000000000000..d6ed122fcef9
--- /dev/null
+++ b/src/chrome/content/rules/UkiahDailyJournal.com.xml
@@ -0,0 +1,30 @@
+<!--
+	Active mixed content:
+		- www.ukiahdailyjournal.com
+
+	Connection refused:
+		- image.ukiahdailyjournal.com
+
+	Invalid certificate:
+		- ukiahdailyjournal.com, equivalent to www.ukiahdailyjournal.com
+		- newsvideo.ukiahdailyjournal.com
+		- photos.ukiahdailyjournal.com
+
+	Redirects to HTTP:
+		- classifieds.ukiahdailyjournal.com
+-->
+
+<ruleset name="UkiahDailyJournal.com" platform="mixedcontent">
+	<target host="ukiahdailyjournal.com" />
+	<target host="www.ukiahdailyjournal.com" />
+	<target host="businessdirectory.ukiahdailyjournal.com" />
+	<target host="checkout.ukiahdailyjournal.com" />
+	<target host="extras.ukiahdailyjournal.com" />
+	<target host="myaccount.ukiahdailyjournal.com" />
+	<target host="mylocal.ukiahdailyjournal.com" />
+
+	<rule from="^http://ukiahdailyjournal\.com/"
+		to="https://www.ukiahdailyjournal.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ukr.net.xml b/src/chrome/content/rules/Ukr.net.xml
new file mode 100644
index 000000000000..0a108c00e420
--- /dev/null
+++ b/src/chrome/content/rules/Ukr.net.xml
@@ -0,0 +1,15 @@
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ukr.net/ => https://ukr.net/: Cycle detected - URL already encountered: https://www.ukr.net/
+-->
+<ruleset name="Ukr.net">
+
+	<target host="ukr.net" />
+	<target host="counter.ukr.net" />
+	<target host="mail.ukr.net" />
+	<target host="www.ukr.net" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ukrnames.com.xml b/src/chrome/content/rules/Ukrnames.com.xml
new file mode 100644
index 000000000000..68e51e74a153
--- /dev/null
+++ b/src/chrome/content/rules/Ukrnames.com.xml
@@ -0,0 +1,32 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://s.ukrnames.com/ => https://s.ukrnames.com/: (28, 'Connection timed out after 20006 milliseconds')
+
+	Insecure cookies are set for these hosts:
+
+		- support.ukrnames.com
+
+-->
+<ruleset name="Ukrnames.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ukrnames.com" />
+	<target host="blog.ukrnames.com" />
+	<target host="s.ukrnames.com" />
+	<target host="support.ukrnames.com" />
+	<target host="www.ukrnames.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^support\.ukrnames\.com$" name="^SWIFT_sessionid40$" /-->
+
+	<securecookie host="^support\.ukrnames\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Uksrv.co.uk.xml b/src/chrome/content/rules/Uksrv.co.uk.xml
index 22d0610c9fea..7f8b3394f493 100644
--- a/src/chrome/content/rules/Uksrv.co.uk.xml
+++ b/src/chrome/content/rules/Uksrv.co.uk.xml
@@ -1,18 +1,15 @@
 <ruleset name="uksrv.co.uk">
 
-	<target host="*.uksrv.co.uk" />
+	<target host="ceres.uksrv.co.uk" />
+	<target host="eris.uksrv.co.uk" />
+	<target host="pluto.uksrv.co.uk" />
 
 
-	<securecookie host=".+\.uksrv\.co\.uk$" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
 
-	<rule from="^http://ceres\.uksrv\.co\.uk(:2087)?/"
-		to="https://ceres.uksrv.co.uk$1/" />
 
-	<rule from="^http://eris\.uksrv\.co\.uk(:2096)?/"
-		to="https://eris.uksrv.co.uk$1/" />
 
-	<rule from="^http://pluto\.uksrv\.co\.uk/"
-		to="https://pluto.uksrv.co.uk/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ulozenka.cz.xml b/src/chrome/content/rules/Ulozenka.cz.xml
new file mode 100644
index 000000000000..be11a2e12071
--- /dev/null
+++ b/src/chrome/content/rules/Ulozenka.cz.xml
@@ -0,0 +1,11 @@
+<ruleset name="Ulozenka.cz">
+	<target host="ulozenka.cz" />
+	<target host="www.ulozenka.cz" />
+	<target host="api.ulozenka.cz" />
+	<target host="beta.ulozenka.cz" />
+	<target host="m.ulozenka.cz" />
+	<target host="partner.ulozenka.cz" />
+	<target host="tracking.ulozenka.cz" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ulpgc.es.xml b/src/chrome/content/rules/Ulpgc.es.xml
new file mode 100644
index 000000000000..0259058140cc
--- /dev/null
+++ b/src/chrome/content/rules/Ulpgc.es.xml
@@ -0,0 +1,471 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://biblioconecta.ulpgc.es/ => https://biblioconecta.ulpgc.es/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://gestionproyectos-desa2.ulpgc.es/ => https://gestionproyectos-desa2.ulpgc.es/: (6, 'Could not resolve host: gestionproyectos-desa2.ulpgc.es')
+Fetch error: http://videoconfserver.ulpgc.es/ => https://videoconfserver.ulpgc.es/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www4.ulpgc.es/ => https://www4.ulpgc.es/: (6, 'Could not resolve host: www4.ulpgc.es')
+
+	Ruleset for ulpgc.es, the University of Las Palmas de Gran Canaria website.
+	See <https://en.wikipedia.org/wiki/University_of_Las_Palmas_de_Gran_Canaria>.
+
+	HTTPS redirecting to HTTP:
+		* arco.iuma.ulpgc.es
+		* en.iuma.ulpgc.es
+		* epic.iuma.ulpgc.es
+		* ex.iuma.ulpgc.es
+
+	Chain issues (<https://github.com/EFForg/https-everywhere/pull/5052#issuecomment-224543036>):
+		* biblioteca.ulpgc.es
+		* preproduccionbu.ulpgc.es
+		* www.centros.ulpgc.es
+
+	Not supporting HTTPS or using an invalid certificate:
+		* 1234.ulpgc.es
+		* 1251258399.alu.ulpgc.es
+		* 15ega.ulpgc.es
+		* 1608087948.alumnos.ulpgc.es
+		* 16jornadasdesue.ulpgc.es
+		* 1776944552.correolive.ulpgc.es
+		* 5iau.ulpgc.es
+		* 638177360.doctorandos.ulpgc.es
+		* 7ricsma.ulpgc.es
+		* a2techs.ulpgc.es
+		* academico_aplica-temp.ulpgc.es
+		* acapde.ulpgc.es
+		* acceda.ulpgc.es
+		* accesocorreo.ulpgc.es
+		* activatexgaldar.ciber.ulpgc.es
+		* adfs.ulpgc.es
+		* adjuntos.ulpgc.es
+		* aeet-aede.ulpgc.es
+		* aeet.ulpgc.es
+		* aeps.ulpgc.es
+		* afec.ulpgc.es
+		* afedulpgc.ulpgc.es
+		* agora.ulpgc.es
+		* aguayro.ulpgc.es
+		* aicsfp.ulpgc.es
+		* ami.dis.ulpgc.es
+		* amiserver.dis.ulpgc.es
+		* antiguamovilidad.ulpgc.es
+		* aplicaciones11.ulpgc.es
+		* aplicaciones3.ulpgc.es
+		* aplicacionesdesa.ulpgc.es
+		* aplicacioneswebdesa.ulpgc.es
+		* aplicacionesweb.ulpgc.es
+		* aplicadesa.ulpgc.es
+		* aplica-temp.gestion.ulpgc.es
+		* aplica-temp.ulpgc.es
+		* aprateca.ulpgc.es
+		* aqma.ulpgc.es
+		* archivografico.ulpgc.es
+		* artemisat.ulpgc.es
+		* asalgado.ulpgc.es
+		* asap.ulpgc.es
+		* asesoriafiscal.ulpgc.es
+		* atece.ulpgc.es
+		* atetic.ulpgc.es
+		* atlantica.ulpgc.es
+		* atlanticdevils.ulpgc.es
+		* atom.ulpgc.es
+		* auladecine.ulpgc.es
+		* auladeidiomas.ulpgc.es
+		* authwifi.ulpgc.es
+		* autodiscover.aaaa.ulpgc.es
+		* autodiscover.acciones.ulpgc.es
+		* autodiscover.cafma.ulpgc.es
+		* autodiscover.cfc.ulpgc.es
+		* autodiscover.edu.ulpgc.es
+		* autodiscover.eiic.ulpgc.es
+		* autodiscover.eite.ulpgc.es
+		* autodiscover.esccri.ulpgc.es
+		* avisos_parada.ulpgc.es
+		* avisos-parada.ulpgc.es
+		* ayudacorreo.ulpgc.es
+		* b203-3.ccbb.ulpgc.es
+		* bbb.dis.ulpgc.es
+		* bcyt.ulpgc.es
+		* bgtc.ulpgc.es
+		* bibacceda01.ulpgc.es
+		* bibacceda-desa.ulpgc.es
+		* bibgateway01.ulpgc.es
+		* biblioguias.ulpgc.es
+		* bibliotecas.ulpgc.es
+		* bibmdc.ulpgc.es
+		* bibproxy.ulpgc.es
+		* bibwp.ulpgc.es
+		* biocon.ulpgc.es
+		* bioges.ulpgc.es
+		* bizet.dis.ulpgc.es
+		* blogs.cucid.ulpgc.es
+		* blogscucid.ulpgc.es
+		* blogs.dis.ulpgc.es
+		* breddies.ulpgc.es
+		* buconvertdesa.ulpgc.es
+		* buconvert.ulpgc.es
+		* buffalo.ciber.ulpgc.es
+		* bustreamingdesa.ulpgc.es
+		* calidad.ulpgc.es
+		* camara-ip-aula107.ccbb.ulpgc.es
+		* camid.ulpgc.es
+		* campusvirtual.ulpgc.es
+		* canaratlantico.ulpgc.es
+		* canoa.ulpgc.es
+		* catecso.ulpgc.es
+		* catedralacaixa.ulpgc.es
+		* catedraref.ulpgc.es
+		* catedratecnologiamedica.ulpgc.es
+		* catedratelefonica-desa.ulpgc.es
+		* catedratelefonica.ulpgc.es
+		* ccbb-ccbbpub-f214.ulpgc.es
+		* ceicanarias.ulpgc.es
+		* ceipmesaylopez.ciber.ulpgc.es
+		* cest.ulpgc.es
+		* ch.ulpgc.es
+		* cic.ulpgc.es
+		* ciprianoabad.ulpgc.es
+		* cirrus.ulpgc.es
+		* citaprevia.ulpgc.es
+		* claves.ulpgc.es
+		* clionomics.ulpgc.es
+		* clusterclustermysql.ulpgc.es
+		* clusterldap.ulpgc.es
+		* cluster-web-ldap.ulpgc.es
+		* codecraft.ulpgc.es
+		* cody.dis.ulpgc.es
+		* comunicyemocion.ulpgc.es
+		* conferencia-ded.ulpgc.es
+		* confucio.ulpgc.es
+		* congresoref.ulpgc.es
+		* congresos.ulpgc.es
+		* coolbotproject.dis.ulpgc.es
+		* corica.ulpgc.es
+		* correoalu.ulpgc.es
+		* correo.dma.ulpgc.es
+		* correonuevo.ulpgc.es
+		* crue-ic.ulpgc.es
+		* csocial.ulpgc.es
+		* ctim.dis.ulpgc.es
+		* cttoe.ulpgc.es
+		* cucid.ulpgc.es
+		* cudhd.ulpgc.es
+		* cv-teletrabajo.ulpgc.es
+		* dact.ulpgc.es
+		* dcan.ulpgc.es
+		* defcm.ulpgc.es
+		* def.ulpgc.es
+		* deinformatica.ulpgc.es
+		* dellcos.ulpgc.es
+		* demovpl.dis.ulpgc.es
+		* departamentos.ulpgc.es
+		* deportes-desa.ulpgc.es
+		* deportespruebas.ulpgc.es
+		* deportes.ulpgc.es
+		* desarrollofct2.ulpgc.es
+		* desaulaidiomas.ulpgc.es
+		* deteleco.ulpgc.es
+		* develop.ctim.dis.ulpgc.es
+		* dezatfg.ulpgc.es
+		* deza.ulpgc.es
+		* dfe.ulpgc.es
+		* dgeo.ulpgc.es
+		* direcrebiun.ulpgc.es
+		* dis223jg.dis.ulpgc.es
+		* dmc.ulpgc.es
+		* doctoradoteg.ulpgc.es
+		* docuproyectos.ulpgc.es
+		* domotica.dis.ulpgc.es
+		* doycag.ulpgc.es
+		* dp2015.ciber.ulpgc.es
+		* e-administracion.ulpgc.es
+		* ealpgc.ulpgc.es
+		* ea.ulpgc.es
+		* e-bulibros.ulpgc.es
+		* ecoaqua.ulpgc.es
+		* editorial.cda.ulpgc.es
+		* editorial.dca.ulpgc.es
+		* edulpgc.ulpgc.es
+		* eiicgazette.ulpgc.es
+		* eiiconline.ulpgc.es
+		* eii.ulpgc.es
+		* emitic.ulpgc.es
+		* emprendedores.ulpgc.es
+		* emprende.ulpgc.es
+		* empresas.ulpgc.es
+		* empresa.ulpgc.es
+		* encuentroredugi.ulpgc.es
+		* encuestas-desa.ulpgc.es
+		* enedulpgc.ulpgc.es
+		* english.ulpgc.es
+		* eomar.ulpgc.es
+		* eportafolios.ulpgc.es
+		* et.ulpgc.es
+		* e-tutor.ulpgc.es
+		* eurocast2015.ciber.ulpgc.es
+		* exp.ulpgc.es
+		* foroturismomaspalomas2015.ciber.ulpgc.es
+		* geminis.dma.ulpgc.es
+		* gem.ulpgc.es
+		* gias720.dis.ulpgc.es
+		* gmail.ulpgc.es
+		* grancanariaonroute.ciber.ulpgc.es
+		* grancanariatbr.ciber.ulpgc.es
+		* grancanariatribikerun.ciber.ulpgc.es
+		* gsi.ulpgc.es
+		* hes.ulpgc.es
+		* hipatia.dma.ulpgc.es
+		* imp01.ulpgc.es
+		* intermedia.ulpgc.es
+		* itsc2014.ciber.ulpgc.es
+		* itsc2015.ciber.ulpgc.es
+		* iv2015.ciber.ulpgc.es
+		* l4moodle.ciber.ulpgc.es
+		* l4moreno.ciber.ulpgc.es
+		* labsopa.dis.ulpgc.es
+		* ldap.ulpgc.es
+		* live.ulpgc.es
+		* mdc.ulpgc.es
+		* mdgeladoippublica.ccbb.ulpgc.es
+		* mind.ulpgc.es
+		* mi.ulpgc.es
+		* mozart.dis.ulpgc.es
+		* nagle.ciber.ulpgc.es
+		* new-mozart.dis.ulpgc.es
+		* open.ulpgc.es
+		* ope.ulpgc.es
+		* orca.ulpgc.es
+		* osl.ulpgc.es
+		* pct.ulpgc.es
+		* pei.ulpgc.es
+		* pichler.ciber.ulpgc.es
+		* planeta.dis.ulpgc.es
+		* pmo.ulpgc.es
+		* poncho.ulpgc.es
+		* prisma.ulpgc.es
+		* protos.dis.ulpgc.es
+		* retama.dis.ulpgc.es
+		* salema.ciber.ulpgc.es
+		* sar.ulpgc.es
+		* sip.ulpgc.es
+		* sir.ulpgc.es
+		* smtp.dma.ulpgc.es
+		* sopa.dis.ulpgc.es
+		* tetra.ulpgc.es
+		* tides.ulpgc.es
+		* tiendaulpgc01.ulpgc.es
+		* tilde.dis.ulpgc.es
+		* tip.dis.ulpgc.es
+		* triton1.dis.ulpgc.es
+		* triton2.dis.ulpgc.es
+		* triton.dis.ulpgc.es
+		* tui.ulpgc.es
+		* turismo.ulpgc.es
+		* ucami2015.ciber.ulpgc.es
+		* urchin.ulpgc.es
+		* vpl.dis.ulpgc.es
+		* vpn01.ulpgc.es
+		* vpn.ulpgc.es
+		* webdis2.dis.ulpgc.es
+		* webdis.dis.ulpgc.es
+		* webservices-lvs.ulpgc.es
+		* workgroup.canem.ulpgc.es
+		* www11.ulpgc.es
+		* www.16jornadasdesue.ulpgc.es
+		* www2.dsc.ulpgc.es
+		* www2.eite.ulpgc.es
+		* www.365.ulpgc.es
+		* www3.eiic.ulpgc.es
+		* www.7ricsma.ulpgc.es
+		* www.a2techs.ulpgc.es
+		* www.acapde.ulpgc.es
+		* www.acceda.ulpgc.es
+		* www.aceg.ulpgc.es
+		* www.administraciones.ulpgc.es
+		* www.aeet-aede.ulpgc.es
+		* www.aeet.ulpgc.es
+		* www.aeps.ulpgc.es
+		* www.afec.ulpgc.es
+		* www.afedulpgc.ulpgc.es
+		* www.agec.ulpgc.es
+		* www.agora.ulpgc.es
+		* www.agua.ulpgc.es
+		* www.aicsfp.ulpgc.es
+		* www.ambientalcampus.ulpgc.es
+		* www.antiguamovilidad.ulpgc.es
+		* www.aprateca.ulpgc.es
+		* www.aqma.ulpgc.es
+		* www.artemisat.ulpgc.es
+		* www.asap.ulpgc.es
+		* www.atece.ulpgc.es
+		* www.atetic.ulpgc.es
+		* www.atlantida.ulpgc.es
+		* www.audiovisuales.ulpgc.es
+		* www.auladecine.ulpgc.es
+		* www.auladeidiomas.ulpgc.es
+		* www.auladejazz.ulpgc.es
+		* www.aulas.ulpgc.es
+		* www.automatas.dis.ulpgc.es
+		* www.ayudaplanempresa.ulpgc.es
+		* www.banmac.ulpgc.es
+		* www.bcyt.ulpgc.es
+		* www.bgtc.ulpgc.es
+		* www.biblioguias.ulpgc.es
+		* www.bibliotecas.ulpgc.es
+		* www.biocon.ulpgc.es
+		* www.bioges.ulpgc.es
+		* www.breddies.ulpgc.es
+		* www.calidad.ulpgc.es
+		* www.camid.ulpgc.es
+		* www.campussostenible.ulpgc.es
+		* www.campusvirtual.ulpgc.es
+		* www.canatlantico.ulpgc.es
+		* www.candidaturarectorjesusperez.ulpgc.es
+		* www.canem2.ulpgc.es
+		* www.canem.ulpgc.es
+		* www.cardiosen.ulpgc.es
+		* www.catecso.ulpgc.es
+		* www.catedraendesared.ulpgc.es
+		* www.catedraperezgaldos.ulpgc.es
+		* www.catedraref.ulpgc.es
+		* www.catedratelefonica-desa.ulpgc.es
+		* www.catedratelefonica.ulpgc.es
+		* www.catedraunescosalud.ulpgc.es
+		* www.cbm.ulpgc.es
+		* www.ceicanarias.ulpgc.es
+		* www.cest.ulpgc.es
+		* www.cfi.ulpgc.es
+		* www.ch.ulpgc.es
+		* www.ciber.ulpgc.es
+		* www.cicei.ulpgc.es
+		* www.cidia.ulpgc.es
+		* www.clionomics.ulpgc.es
+		* www.competitividadpyme.ulpgc.es
+		* www.comunicacion.ulpgc.es
+		* www.conferencia-ded.ulpgc.es
+		* www.confucio.ulpgc.es
+		* www.congresoref.ulpgc.es
+		* www.congresos.ulpgc.es
+		* www.corica.ulpgc.es
+		* www.correo.ulpgc.es
+		* www.crue-ic.ulpgc.es
+		* www.csocial.ulpgc.es
+		* www.cttoe.ulpgc.es
+		* www.cucid.ulpgc.es
+		* www.dact.ulpgc.es
+		* www.daea.ulpgc.es
+		* www.dbbf.ulpgc.es
+		* www.dbio.ulpgc.es
+		* www.dca.ulpgc.es
+		* www.dcc.ulpgc.es
+		* www.dcjb.ulpgc.es
+		* www.dcmq.ulpgc.es
+		* www.dde.ulpgc.es
+		* www.ddp.ulpgc.es
+		* www.dede.ulpgc.es
+		* www.dedu.ulpgc.es
+		* www.defcm.ulpgc.es
+		* www.defc.ulpgc.es
+		* www.def.ulpgc.es
+		* www.degpa.ulpgc.es
+		* www.deinformatica.ulpgc.es
+		* www.denf.ulpgc.es
+		* www.departamentos.ulpgc.es
+		* www.desarrolloweb.ulpgc.es
+		* www.deteleco.ulpgc.es
+		* www.dfe.ulpgc.es
+		* www.dfis.ulpgc.es
+		* www.dfm.ulpgc.es
+		* www.dgeo.ulpgc.es
+		* www.dic.ulpgc.es
+		* www.die.ulpgc.es
+		* www.dim.ulpgc.es
+		* www.dip.ulpgc.es
+		* www.dis.ulpgc.es
+		* www.dit.ulpgc.es
+		* www.dma.ulpgc.es
+		* www.dmc.ulpgc.es
+		* www.dmor.ulpgc.es
+		* www.doycag.ulpgc.es
+		* www.dpat.ulpgc.es
+		* www.dps.ulpgc.es
+		* www.dsc.ulpgc.es
+		* www.ealpgc.ulpgc.es
+		* www.ea.ulpgc.es
+		* www.ecoaqua.ulpgc.es
+		* www.eees.ulpgc.es
+		* www.eibt.ulpgc.es
+		* www.eiicgazette.ulpgc.es
+		* www.eiiconline.ulpgc.es
+		* www.eiic.ulpgc.es
+		* www.eii.ulpgc.es
+		* www.eite.ulpgc.es
+		* www.eldigital.ulpgc.es
+		* www.emitic.ulpgc.es
+		* www.emprendedores.ulpgc.es
+		* www.emprenderenlosocial.ulpgc.es
+		* www.emprende.ulpgc.es
+		* www.empresas.ulpgc.es
+		* www.encuentroredugi.ulpgc.es
+		* www.encuentrotecnicoshub.ulpgc.es
+		* www.english.ulpgc.es
+		* www.eomar.ulpgc.es
+		* www.esccri.ulpgc.es
+		* wwwproxy.dis.ulpgc.es
+		* www.psc.dis.ulpgc.es
+		* www.tv.ulpgc.es
+		* www.www.ccbb.ulpgc.es
+		* www.www.dim.ulpgc.es
+-->
+<ruleset name="ULPGC.es" default_off="failed ruleset test">
+
+	<target host="ulpgc.es" />
+
+	<target host="1111.ulpgc.es" />
+	<target host="absys01.ulpgc.es" />
+	<target host="absys1.ulpgc.es" />
+	<target host="aplicaciones.ulpgc.es" />
+	<target host="aulaga.dis.ulpgc.es" />
+	<target host="biblioconecta.ulpgc.es" />
+	<target host="bolsaviviendas.imp.ulpgc.es" />
+	<target host="bustreaming.ulpgc.es" />
+	<target host="centros.ulpgc.es" />
+	<target host="correo.ulpgc.es" />
+	<target host="correoweb.ulpgc.es" />
+	<target host="desarrollobu.ulpgc.es" />
+	<target host="discoverer.ulpgc.es" />
+	<target host="encuestas.ulpgc.es" />
+	<target host="espaciosweb.ulpgc.es" />
+	<target host="gestionproyectos-desa2.ulpgc.es" />
+	<target host="gestionproyectos.ulpgc.es" />
+	<target host="gestion.titulospropios.ulpgc.es" />
+	<target host="imp.ulpgc.es" />
+	<target host="listas.ulpgc.es" />
+	<target host="login.bibproxy.ulpgc.es" />
+	<target host="mantis.ulpgc.es" />
+	<target host="nagios2.ibn.ulpgc.es" />
+	<target host="nagios2.ulpgc.es" />
+	<target host="nagios.ulpgc.es" />
+	<target host="ojsspdc.ulpgc.es" />
+	<target host="opac.ulpgc.es" />
+	<target host="otrs-desa.ulpgc.es" />
+	<target host="otrs.ulpgc.es" />
+	<target host="portalcorreotest.ulpgc.es" />
+	<target host="portalcorreo.ulpgc.es" />
+	<target host="residenciasuniversitarias.ulpgc.es" />
+	<target host="tienda.ulpgc.es" />
+	<target host="videoconfserver.ulpgc.es" />
+	<target host="www2.ulpgc.es" />
+	<target host="www4.ulpgc.es" />
+	<target host="www.bolsaviviendas.imp.ulpgc.es" />
+	<target host="www.diea.ulpgc.es" />
+	<target host="www.imp.ulpgc.es" />
+	<target host="www.residenciasuniversitarias.ulpgc.es" />
+	<target host="www.tienda.ulpgc.es" />
+	<target host="www.ulpgc.es" />
+	<target host="zabbix.ulpgc.es" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ulteo.com.xml b/src/chrome/content/rules/Ulteo.com.xml
new file mode 100644
index 000000000000..a7f13c2ff6de
--- /dev/null
+++ b/src/chrome/content/rules/Ulteo.com.xml
@@ -0,0 +1,27 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.ulteo.com/ => https://www.ulteo.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.ulteo.com'")
+
+	Invalid certificate:
+		blog.ulteo.com
+
+	Refused:
+		ulteo.com
+		archive.ulteo.com
+		doc.ulteo.com
+		i18n.ulteo.com
+		ladle.ulteo.com
+		spoon.ulteo.com
+
+-->
+<ruleset name="Ulteo.com" default_off="failed ruleset test">
+	<target host="www.ulteo.com" />
+	<target host="code.ulteo.com" />
+	<target host="docs.ulteo.com" />
+	<target host="project.ulteo.com" />
+	<target host="servicedesk.ulteo.com" />
+	<target host="support.ulteo.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ultimate_Boot_CD.com.xml b/src/chrome/content/rules/Ultimate_Boot_CD.com.xml
new file mode 100644
index 000000000000..418e926292fb
--- /dev/null
+++ b/src/chrome/content/rules/Ultimate_Boot_CD.com.xml
@@ -0,0 +1,25 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ultimatebootcd.com/ => https://ultimatebootcd.com/: Too many redirects while fetching 'https://ultimatebootcd.com/'
+Fetch error: http://www.ultimatebootcd.com/ => https://www.ultimatebootcd.com/: Too many redirects while fetching 'https://www.ultimatebootcd.com/'
+
+	Nonfunctional hosts in *ultimatebootcd.com:
+
+		- wiki *
+
+	* Shows www
+
+-->
+<ruleset name="Ultimate Boot CD.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ultimatebootcd.com" />
+	<target host="www.ultimatebootcd.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ultimate_Poker.xml b/src/chrome/content/rules/Ultimate_Poker.xml
deleted file mode 100644
index 59c09b03dd31..000000000000
--- a/src/chrome/content/rules/Ultimate_Poker.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	Problematic subdomains:
-
-		- www	(no https)
-
--->
-<ruleset name="Ultimate Poker">
-
-	<target host="ultimatepoker.com" />
-	<target host="*.ultimatepoker.com" />
-
-
-	<securecookie host="^(?:upnvportal\.)?ultimatepoker\.com$" name=".+" />
-
-
-	<rule from="^http://(?:(upnvportal\.)|www\.)?ultimatepoker\.com/"
-		to="https://$1ultimatepoker.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/UltraDNS.xml b/src/chrome/content/rules/UltraDNS.xml
index a2c064faee25..6bf29efe39e8 100644
--- a/src/chrome/content/rules/UltraDNS.xml
+++ b/src/chrome/content/rules/UltraDNS.xml
@@ -1,27 +1,26 @@
 <!--
 	For other NeuStar coverage, see NeuStar.xml.
 
+	Non-functional hosts
+		Timeout was reached:
+			 - ultradns.info
+			 - www.ultradns.info
+			 - ultradns.net
+			 - www.ultradns.net
+
+		SSL peer certificate was not OK:
+			 - ultradns.com
+			 - www.ultradns.com
+			 - blog.ultradns.com
+			 - javauilb-useast1b01-01.ct.ultradns.net
+			 - legacyportal.ultradns.net
 -->
-<ruleset name="UltraDNS">
+<ruleset name="UltraDNS (partial)">
+	<target host="portal.ultradns.com" />
+	<target host="smb.ultradns.com" />
+	<target host="testportal.ultradns.com" />
 
-	<target host="ultradns.*" />
-	<target host="www.ultradns.*" />
-
-
-	<securecookie host="^www\.ultradns\.net$" name=".*" />
-
-
-	<!--	Redirect chain like so:
-
-			ultradns.info → neustarultraservices.biz → ultradns.com → neustar.biz
-												-->
-	<rule from="^https?://(?:www\.)?ultradns(?:com|info)/$"
-		to="https://www.neustar.biz/" />
-
-	<!--	- !www times out over https
-		- !www.../$ 302s to www over http
-						-->
-	<rule from="^https?://(?:www\.)?ultradns\.net/"
-		to="https://www.ultradns.net/" />
+	<securecookie host=".+" name=".+" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/UltraHDTV.net.xml b/src/chrome/content/rules/UltraHDTV.net.xml
new file mode 100644
index 000000000000..9789d2a02b23
--- /dev/null
+++ b/src/chrome/content/rules/UltraHDTV.net.xml
@@ -0,0 +1,16 @@
+<!--
+	Invalid certificate:
+		cdn.ultrahdtv.net
+		images.ultrahdtv.net
+		origin.ultrahdtv.net
+
+-->
+<ruleset name="Ultra HDTV" platform="mixedcontent">
+
+	<target host="ultrahdtv.net" />
+	<target host="www.ultrahdtv.net" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/UltraNature_Lean.xml b/src/chrome/content/rules/UltraNature_Lean.xml
deleted file mode 100644
index c82d5c865801..000000000000
--- a/src/chrome/content/rules/UltraNature_Lean.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="UltraNature Lean">
-
-	<target host="ultranaturelean.com" />
-	<target host="*.ultranaturelean.com" />
-
-
-	<securecookie host="^(?:w*\.)?ultranaturelean\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?ultranaturelean\.com/"
-		to="https://$1ultranaturelean.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/UltraTools.com.xml b/src/chrome/content/rules/UltraTools.com.xml
new file mode 100644
index 000000000000..2c1e373a7f5f
--- /dev/null
+++ b/src/chrome/content/rules/UltraTools.com.xml
@@ -0,0 +1,32 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ultratools.com/ => https://ultratools.com/: (51, "SSL: no alternative certificate subject name matches target host name 'ultratools.com'")
+
+	For other Neustar coverage, see NeuStar.xml.
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.ultratools.com
+
+-->
+<ruleset name="UltraTools.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ultratools.com" />
+	<target host="www.ultratools.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.ultratools\.com$" name="^JSESSIONID$" /-->
+
+	<securecookie host="^www\.ultratools\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ultra_Facil.com.br.xml b/src/chrome/content/rules/Ultra_Facil.com.br.xml
index 5318c035f88c..ee59215fbada 100644
--- a/src/chrome/content/rules/Ultra_Facil.com.br.xml
+++ b/src/chrome/content/rules/Ultra_Facil.com.br.xml
@@ -1,13 +1,13 @@
-<ruleset name="Ultra Facil.com.br">
+<ruleset name="Ultra Facil.com.br" default_off="plaintext reply">
 
 	<target host="ultrafacil.com.br" />
-	<target host="*.ultrafacil.com.br" />
+	<target host="www.ultrafacil.com.br" />
 
 
 	<securecookie host="^\.ultrafacil\.com\.br$" name=".+" />
 
 
-	<rule from="^http://(www\.)?ultrafacil\.com\.br/"
-		to="https://$1ultrafacil.com.br/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Ultra_HDTV-problematic.xml b/src/chrome/content/rules/Ultra_HDTV-problematic.xml
deleted file mode 100644
index ad5d3f881ba2..000000000000
--- a/src/chrome/content/rules/Ultra_HDTV-problematic.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	For rules that are on by default, see Ultra_HDTV.xml.
-
-	CN: *.gridserver.com
-
--->
-<ruleset name="Ultra HDTV (problematic)" default_off="mismatched">
-
-	<target host="ultrahdtv.net" />
-	<target host="www.ultrahdtv.net" />
-
-
-	<rule from="^https?://(?:www\.)?ultrahdtv\.net/"
-		to="https://ultrahdtv.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Ultra_HDTV.xml b/src/chrome/content/rules/Ultra_HDTV.xml
deleted file mode 100644
index b96eed9f3f43..000000000000
--- a/src/chrome/content/rules/Ultra_HDTV.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	For problematic rules, see Ultra_HDTV-problematic.xml.
-
-
-	CDN buckets:
-
-		- dcmk2gfkvro5j.cloudfront.net
-
-
-	Problematic subdomains:
-
-		- ^		(works, CN: *.gridserver.com)
-		- cdn		(cloudfront)
-		- www		("DNS Points to Prohibited IP")
-
--->
-<ruleset name="Ultra HDTV (partial)">
-
-	<target host="cdn.ultrahdtv.net" />
-
-
-	<rule from="^https?://cdn\.ultrahdtv\.net/"
-		to="https://dcmk2gfkvro5j.cloudfront.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Ultrabug.fr.xml b/src/chrome/content/rules/Ultrabug.fr.xml
new file mode 100644
index 000000000000..923be7121b23
--- /dev/null
+++ b/src/chrome/content/rules/Ultrabug.fr.xml
@@ -0,0 +1,11 @@
+<ruleset name="Ultrabug.fr">
+
+	<target host="ultrabug.fr" />
+	<target host="www.ultrabug.fr" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ultrabug.xml b/src/chrome/content/rules/Ultrabug.xml
deleted file mode 100644
index 3e1aa6e693fb..000000000000
--- a/src/chrome/content/rules/Ultrabug.xml
+++ /dev/null
@@ -1,29 +0,0 @@
-<!--
-	CN: ssl14.ovh.net
-
-
-	Mixed content:
-
-		- css on www from www *
-
-		- Images on www, from:
-
-			- www *
-			- api.flattr.com *
-
-	* Secured by us
-
--->
-<ruleset name="Ultrabug (false MCB)" default_off="mismatched" platform="mixedcontent">
-
-	<target host="ultrabug.fr" />
-	<target host="www.ultrabug.fr" />
-
-
-	<securecookie host="^www\.ultrabug\.fr$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?ultrabug\.fr/"
-		to="https://www.ultrabug.fr/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Ultrasawt.com.xml b/src/chrome/content/rules/Ultrasawt.com.xml
new file mode 100644
index 000000000000..2f3861be103a
--- /dev/null
+++ b/src/chrome/content/rules/Ultrasawt.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="Ultrasawt.com">
+	<target host="ultrasawt.com" />
+	<target host="www.ultrasawt.com" />
+	<target host="ultrapal.ultrasawt.com" />
+	<target host="ultratunisia.ultrasawt.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ultrasurf.us.xml b/src/chrome/content/rules/Ultrasurf.us.xml
index 3ba54ff2a050..303854eeeefc 100644
--- a/src/chrome/content/rules/Ultrasurf.us.xml
+++ b/src/chrome/content/rules/Ultrasurf.us.xml
@@ -4,7 +4,6 @@
 	<target host="www.ultrasurf.us" />
 
 
-	<rule from="^http://(www\.)?ultrasurf\.us/"
-		to="https://$1ultrasurf.us/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Ulule.com.xml b/src/chrome/content/rules/Ulule.com.xml
new file mode 100644
index 000000000000..233646516c34
--- /dev/null
+++ b/src/chrome/content/rules/Ulule.com.xml
@@ -0,0 +1,79 @@
+<!--
+	Bad certificate:
+		blog.ulule.com
+		blog-de.ulule.com
+		blog-es.ulule.com
+		blog-it.ulule.com
+		www.cfr.ulule.com
+		chouette.ulule.com
+		master.db.ulule.com
+		slave.db.ulule.com
+		www.dev.ulule.com
+		www.fr.ulule.com
+		www.helloplay.ulule.com
+		fr.local.ulule.com
+		www.fr.local.ulule.com
+		m.ulule.com
+		fr.vox.ulule.com
+
+	521 error over https:
+		boutique.ulule.com
+		fondationmonoprix.ulule.com
+
+	Private subdomain:
+		connect.ulule.com
+
+	Refused:
+		developers.ulule.com
+		engage.ulule.com
+		entreprises.ulule.com
+		inspire.ulule.com
+		kickoff.ulule.com
+		legrandsaut.ulule.com
+		maif.ulule.com
+		sportpourelles.ulule.com
+		tour.ulule.com
+		venezinnover.ulule.com
+
+	Redirect to http:
+		forum.ulule.com
+
+-->
+<ruleset name="Ulule">
+
+	<target host="ulule.com" />
+	<target host="www.ulule.com" />
+	<target host="auvergne.ulule.com" />
+	<target host="bordeaux.ulule.com" />
+	<target host="checkout.ulule.com" />
+	<target host="db.ulule.com" />
+	<target host="db1.ulule.com" />
+	<target host="front1.ulule.com" />
+	<target host="front2.ulule.com" />
+	<target host="front3.ulule.com" />
+	<target host="gb.ulule.com" />
+	<target host="helloplay.ulule.com" />
+	<target host="img.ulule.com" />
+		<test url="http://img.ulule.com/display/08a3da6770cd52813be29aa9ee9ced4ff59044de/resize/480x/homepage/inbo2-hd-coupe_tp3.jpg" />
+	<target host="paris.ulule.com" />
+	<target host="pt.ulule.com" />
+	<target host="r.ulule.com" />
+	<target host="service1.ulule.com" />
+	<target host="sp.ulule.com" />
+	<target host="start.ulule.com" />
+	<target host="support.ulule.com" />
+	<target host="ulule-dev.ulule.com" />
+	<target host="vox.ulule.com" />
+
+	<!-- Localized subdomains -->
+	<target host="de.ulule.com" />
+	<target host="en.ulule.com" />
+	<target host="es.ulule.com" />
+	<target host="fr.ulule.com" />
+	<target host="it.ulule.com" />
+	<target host="nl.ulule.com" />
+	<target host="uk.ulule.com" />
+
+    <rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ulyces.co.xml b/src/chrome/content/rules/Ulyces.co.xml
new file mode 100644
index 000000000000..9e938b1c325f
--- /dev/null
+++ b/src/chrome/content/rules/Ulyces.co.xml
@@ -0,0 +1,8 @@
+<ruleset name="Ulyces.co">
+
+	<target host="ulyces.co" />
+	<target host="www.ulyces.co" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Uma.es.xml b/src/chrome/content/rules/Uma.es.xml
deleted file mode 100644
index ea83153afb5c..000000000000
--- a/src/chrome/content/rules/Uma.es.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="Uma.es">
-  <target host="*.cv.uma.es" />
-  <target host="www.sci.uma.es" />
-  <target host="web.satd.uma.es" />
-
-  <rule from="^http://(?:www\.)?([^/:@\.]*)\.cv\.uma\.es/" to="https://$1.cv.uma.es/" />
-  <rule from="^http://www\.sci\.uma\.es/" to="https://www.sci.uma.es/" />
-  <rule from="^http://web\.satd\.uma\.es/" to="https://web.satd.uma.es/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Umano.me.xml b/src/chrome/content/rules/Umano.me.xml
new file mode 100644
index 000000000000..7232173e01ee
--- /dev/null
+++ b/src/chrome/content/rules/Umano.me.xml
@@ -0,0 +1,31 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://umano.me/ => https://umano.me/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.umano.me/ => https://www.umano.me/: (28, 'Connection timed out after 20001 milliseconds')
+
+	Insecure cookies are set for these hosts:
+
+		- umano.me
+		- www.umano.me
+
+-->
+<ruleset name="Umano.me" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="umano.me" />
+	<target host="www.umano.me" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?umano\.me$" name="^connect\.sid$" /-->
+
+	<securecookie host="^(?:www\.)?umano\.me$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Umbel.com.xml b/src/chrome/content/rules/Umbel.com.xml
new file mode 100644
index 000000000000..e8b8be609d0d
--- /dev/null
+++ b/src/chrome/content/rules/Umbel.com.xml
@@ -0,0 +1,56 @@
+<!--
+	CDN buckets:
+
+		- sitemedia-umbel.netdna-ssl.com
+
+
+	api: Loops
+
+
+	^: dropped
+
+
+	Fully covered hosts:
+
+		- (www.)	(^ -> www)
+		- tags.api
+		- audience
+		- [a-z]{16}.capture
+		- media
+
+-->
+<ruleset name="Umbel.com">
+
+	<!--	Direct rewrites:
+				-->
+	<!--target host="api.umbel.com" /-->
+	<target host="tags.api.umbel.com" />
+	<target host="audience.umbel.com" />
+	<target host="*.capture.umbel.com" />
+	<target host="media.umbel.com" />
+	<target host="www.umbel.com" />
+
+	<!--	Complications:
+				-->
+	<target host="umbel.com" />
+
+		<!--	Redirect loop:
+					-->
+		<!--exclusion pattern="^http://api\.umbel\.com/$" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(audience|www)\.umbel\.com$" name="^csrftoken$" /-->
+	<!--securecookie host="^audience\.umbel\.com$" name="^sessionid$" /-->
+
+	<securecookie host="^(?:audience|www)\.umbel\.com$" name=".+" />
+
+
+	<rule from="^http://umbel\.com/"
+		to="https://www.umbel.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Umea_Hackerspace.se.xml b/src/chrome/content/rules/Umea_Hackerspace.se.xml
new file mode 100644
index 000000000000..09cc8fcb9b67
--- /dev/null
+++ b/src/chrome/content/rules/Umea_Hackerspace.se.xml
@@ -0,0 +1,22 @@
+<!--
+	Non-functional hosts
+		Peer certificate cannot be authenticated with given CA certificates:
+			 - asbest.umeahackerspace.se
+			 - gram.umeahackerspace.se
+			 - gumboda.umeahackerspace.se
+-->
+<ruleset name="Umea Hackerspace.se (partial)">
+	<target host="umeahackerspace.se" />
+	<target host="lists.umeahackerspace.se" />
+	<target host="music.umeahackerspace.se" />
+	<target host="musik.umeahackerspace.se" />
+	<target host="social.umeahackerspace.se" />
+	<target host="stuff.umeahackerspace.se" />
+	<target host="stuff-rw.umeahackerspace.se" />
+	<target host="wiki.umeahackerspace.se" />
+
+	<securecookie host="^umeahackerspace\.se$" name=".+" />
+	<securecookie host="^social\.umeahackerspace\.se$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Umea_University.xml b/src/chrome/content/rules/Umea_University.xml
index 3b1bf49a5c15..2e4d98cde996 100644
--- a/src/chrome/content/rules/Umea_University.xml
+++ b/src/chrome/content/rules/Umea_University.xml
@@ -1,51 +1,47 @@
 <!--
-	Nonfunctionla subdomains:
-
-		- ftp.acc	(refused)
-		- dp.foark *
-		- www.foark *
-		- support.its **
-		- (www.)ub **
-		- ovik.ub **
-
-	* Shows RHEL test page; self-signed, CN: localhost.localdomain
-	** Dropped
-
-
-	Partially covered subdomains:
-
-		- (www.) *
-		- (www.)student *
-
-	* Some pages redirect to http
-
-
-	Fully covered subdomains:
-
-		- (www.)anstalld
-		- www.cambro
-		- cas
-		- (www.)servicedesk.its
-		- intra.ub
-
+	Non-functional hosts
+		Couldn't connect to server:
+		- dp.foark.umu.se
+
+		Timeout was reached:
+		- www.anstalld.umu.se
+		- intra.ub.umu.se
+
+		SSL peer certificate was not OK:
+		- its.umu.se
+		- student.umu.se
+		- www.student.umu.se
 -->
 <ruleset name="Umeå University (partial)">
-
 	<target host="umu.se" />
-	<target host="*.umu.se" />
-		<exclusion pattern="^http://(?:www\.)?(?:student\.)?umu\.se/(?!digitalAssets/|DownloadAsset\.action(?:$|\?)|static/)" />
-
-
-	<securecookie host="^(?:(?:www\.)?anstalld|www\.cambro|cas|(?:www\.)?servicedesk\.its)\.umu\.se$" name=".+" />
-
-
-	<rule from="^http://((?:www\.cambro|cas|intra\.ub|www)\.?)umu\.se/"
-		to="https://$1umu.se/" />
-
-	<!--	Domains for which both ^foo and www.foo
-		exist, and both work without caveat:
-							-->
-	<rule from="^http://(www\.)?(anstalld|servicesdesk\.its|student)\.umu\.se/"
-		to="https://$1$2.umu.se/" />
-
-</ruleset>
\ No newline at end of file
+	<target host="www.umu.se" />
+	
+	<target host="ftp.acc.umu.se" />
+	<target host="adfs.umu.se" />
+	
+	<target host="www.cambro.umu.se" />
+	<target host="cas.umu.se" />
+	<target host="cs.umu.se" />
+	<target host="people.cs.umu.se" />
+	<test url="http://people.cs.umu.se/virginia/" />
+	<target host="support.cs.umu.se" />
+	<target host="webapps.cs.umu.se" />
+	<target host="www.cs.umu.se" />
+	
+	<target host="foark.umu.se" />
+	<target host="www.foark.umu.se" />
+	
+	<target host="infocenter.umu.se" />
+	<target host="www.infocenter.umu.se" />
+	
+	<target host="servicedesk.its.umu.se" />
+	<target host="www.servicedesk.its.umu.se" />
+	
+	<target host="ub.umu.se" />
+	<target host="ovik.ub.umu.se" />
+	<target host="www.ub.umu.se" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Umsmash.com.xml b/src/chrome/content/rules/Umsmash.com.xml
new file mode 100644
index 000000000000..a0b63dce0336
--- /dev/null
+++ b/src/chrome/content/rules/Umsmash.com.xml
@@ -0,0 +1,5 @@
+<ruleset name="Umsmash.com">
+	<target host="umsmash.com" />
+	<target host="www.umsmash.com" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Umweltbundesamt.de.xml b/src/chrome/content/rules/Umweltbundesamt.de.xml
new file mode 100644
index 000000000000..1f6e79be06f7
--- /dev/null
+++ b/src/chrome/content/rules/Umweltbundesamt.de.xml
@@ -0,0 +1,28 @@
+<!--
+	For other bund.de coverages, see Verwaltung_Online.xml.
+
+	Invalid certificate:
+		- battg-melderegister.umweltbundesamt.de
+		- bvt.umweltbundesamt.de
+		- www.bvt.umweltbundesamt.de
+		- iir.umweltbundesamt.de
+		- www.pool.umweltbundesamt.de
+		- probas.umweltbundesamt.de
+		- www.probas.umweltbundesamt.de
+
+	Refused:
+		- luftdaten.umweltbundesamt.de
+-->
+<ruleset name="Umweltbundesamt">
+
+	<target host="umweltbundesamt.de" />
+	<target host="www.umweltbundesamt.de" />
+	<target host="alwww.umweltbundesamt.de" />
+	<target host="www.battg-melderegister.umweltbundesamt.de" />
+	<target host="kunstundumwelt.umweltbundesamt.de" />
+	<target host="uwww.umweltbundesamt.de" />
+	<target host="wwww.umweltbundesamt.de" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Un4seen.com.xml b/src/chrome/content/rules/Un4seen.com.xml
new file mode 100644
index 000000000000..2829169edb8f
--- /dev/null
+++ b/src/chrome/content/rules/Un4seen.com.xml
@@ -0,0 +1,18 @@
+<!--
+	Mismatched (www.un4seen.com):
+		- dl
+		- mail
+		- mail2
+		- uk
+		- us
+		- us2
+-->
+
+<ruleset name="Un4seen.com">
+	<target host="un4seen.com" />
+	<target host="www.un4seen.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/UnPAC.xml b/src/chrome/content/rules/UnPAC.xml
index 0121c7798da4..d586995b86da 100644
--- a/src/chrome/content/rules/UnPAC.xml
+++ b/src/chrome/content/rules/UnPAC.xml
@@ -1,4 +1,8 @@
-<ruleset name="unPAC">
+<!--
+	(www.)?: Refused
+
+-->
+<ruleset name="unPAC" default_off="refused">
 
 	<target host="unpac.org" />
 	<target host="www.unpac.org" />
@@ -7,7 +11,6 @@
 	<securecookie host="^www\.unpac\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?unpac\.org/"
-		to="https://$1unpac.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/UnRealWorld.fi.xml b/src/chrome/content/rules/UnRealWorld.fi.xml
new file mode 100644
index 000000000000..67f1a8357f69
--- /dev/null
+++ b/src/chrome/content/rules/UnRealWorld.fi.xml
@@ -0,0 +1,20 @@
+<!--
+	Mismatched:
+	- _jabber._tcp
+	- _xmpp-client._tcp
+	- _xmpp-server._tcp
+	- _sip._udp
+	- imp
+	- jabber
+	- mail
+	- pop3
+	- smtp
+	- squirrel
+	- vpn
+-->
+<ruleset name="UnRealWorld.fi">
+	<target host="unrealworld.fi" />
+	<target host="www.unrealworld.fi" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Unanimis-problematic.xml b/src/chrome/content/rules/Unanimis-problematic.xml
deleted file mode 100644
index f760cd0330c7..000000000000
--- a/src/chrome/content/rules/Unanimis-problematic.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	For rules that are on by default, see Unanimis.xml.
-
--->
-<ruleset name="Unanimis (problematic)" default_off="expired, mismatch, self-signed">
-
-	<target host="unanimis.co.uk" />
-	<target host="www.unanimis.co.uk" />
-
-
-	<!--	!www 301s to www.
-					-->
-	<rule from="^https?://(?:www\.)?unanimis\.co\.uk/"
-		to="https://www.unanimis.co.uk/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Unanimis.xml b/src/chrome/content/rules/Unanimis.xml
deleted file mode 100644
index 743e029f1fe2..000000000000
--- a/src/chrome/content/rules/Unanimis.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	For problematic rules, see Unanimis-problematic.xml.
-
-
-	Nonfunctional domains:
-
-		- (www.)globaldirectmedia.com
-
-
-	Problematic domains:
-
-		- (www.)unanimis.co.uk		(works, expired, self-signed, mismatched, CN: plesk)
-
--->
-<ruleset name="Unanimis (partial)">
-
-	<target host="*.unanimis.co.uk" />
-
-
-	<!--	Ads included on 3rd-party websites.
-							-->
-	<rule from="^http://(a|c|d|ssl-a)\.unanimis\.co\.uk/"
-		to="https://$1.unanimis.co.uk/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Unbit.it.xml b/src/chrome/content/rules/Unbit.it.xml
index 06ac3041a3f8..bfe3efca8763 100644
--- a/src/chrome/content/rules/Unbit.it.xml
+++ b/src/chrome/content/rules/Unbit.it.xml
@@ -1,17 +1,42 @@
-<ruleset name="Unbit.it (partial)" platform="mixedcontent">
 
-	<target host="unbit.it"/>
-	<target host="*.unbit.it"/>
-		<!--	timeout		-->
-		<exclusion pattern="^http://(www\.)?packages\."/>
-	<target host="www.*.unbit.it"/>
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://wiki.unbit.it/ => https://wiki.unbit.it/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.wiki.unbit.it/ => https://wiki.unbit.it/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="Unbit.it (partial)" platform="mixedcontent" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<!--target host="unbit.it"/-->
+	<target host="projects.unbit.it"/>
+	<target host="wiki.unbit.it"/>
+	<target host="www.unbit.it"/>
+
+	<!--	Complications:
+				-->
+	<target host="www.projects.unbit.it"/>
+	<target host="www.wiki.unbit.it"/>
 
-	<securecookie host="^(.*\.)?unbit\.it$" name=".*"/>
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://unbit\.it/($|css/|img/)" /-->
 
-	<rule from="^http://(www\.)?unbit\.it/"
-		to="https://$1unbit.it/"/>
+			<!--	+ve:
+					-->
+			<!--test url="http://unbit.it/css/screen.css" /-->
+			<!--test url="http://unbit.it/img/logo_unbit_header.png" /-->
 
-	<rule from="^http://(?:www\.)?(wiki|projects)\.unbit\.it/"
+		<!--	timeout		-->
+		<!--exclusion pattern="^http://(?:www\.)?packages\.unbit\.it/"/-->
+
+	<securecookie host=".+" name=".+"/>
+
+	<rule from="^http://www\.(projects|wiki)\.unbit\.it/"
 		to="https://$1.unbit.it/"/>
 
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/Unblock-Us.com.xml b/src/chrome/content/rules/Unblock-Us.com.xml
new file mode 100644
index 000000000000..b8b994099ffa
--- /dev/null
+++ b/src/chrome/content/rules/Unblock-Us.com.xml
@@ -0,0 +1,32 @@
+<!--
+	Invalid certificate:
+		pages.unblock-us.com
+		try.unblock-us.com
+
+-->
+<ruleset name="Unblock-Us.com">
+
+	<target host="unblock-us.com" />
+	<target host="www.unblock-us.com" />
+	<target host="affiliate.unblock-us.com" />
+	<target host="affiliates.unblock-us.com" />
+	<target host="api.unblock-us.com" />
+	<target host="check.unblock-us.com" />
+		<test url="http://check.unblock-us.com/pixel_page-home.gif" />
+	<target host="m.unblock-us.com" />
+	<target host="new.unblock-us.com" />
+	<target host="offers.unblock-us.com" />
+	<target host="portal.unblock-us.com" />
+	<target host="promo.unblock-us.com" />
+	<target host="resources.unblock-us.com" />
+		<test url="http://resources.unblock-us.com/logo.png" />
+	<target host="support.unblock-us.com" />
+	<target host="tools.unblock-us.com" />
+	<target host="work.unblock-us.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/UnblockSit.es.xml b/src/chrome/content/rules/UnblockSit.es.xml
new file mode 100644
index 000000000000..325e203f5993
--- /dev/null
+++ b/src/chrome/content/rules/UnblockSit.es.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .unblocksit.es
+
+-->
+<ruleset name="UnblockSit.es">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="unblocksit.es" />
+	<target host="www.unblocksit.es" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.unblocksit\.es$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.unblocksit\.es$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Unblocked.xml b/src/chrome/content/rules/Unblocked.xml
new file mode 100644
index 000000000000..a1334e686ee9
--- /dev/null
+++ b/src/chrome/content/rules/Unblocked.xml
@@ -0,0 +1,62 @@
+<!--
+	Other domains:
+		unblocked.pub
+		unblckd.biz
+
+-->
+<ruleset name="Unblocked">
+
+	<target host="unblocked.red" />
+	<target host="*.unblocked.red" />
+		<test url="http://www.unblocked.red/" />
+		<test url="http://1337x.unblocked.red/" />
+		<test url="http://avxhome.unblocked.red/" />
+		<test url="http://beemp3.unblocked.red/" />
+		<test url="http://ebookee.unblocked.red/" />
+		<test url="http://extratorrent.unblocked.red/" />
+		<test url="http://eztv.unblocked.red/" />
+		<test url="http://freebookspot.unblocked.red/" />
+		<test url="http://kickass.unblocked.red/" />
+		<test url="http://limetorrents.unblocked.red/" />
+		<test url="http://megasearch.unblocked.red/" />
+		<test url="http://movie25.unblocked.red/" />
+		<test url="http://movie4k.unblocked.red/" />
+		<test url="http://putlocker.unblocked.red/" />
+		<test url="http://rarbg.unblocked.red/" />
+		<test url="http://softarchive.unblocked.red/" />
+		<test url="http://tnaflix.unblocked.red/" /><!-- NSFW -->
+		<test url="http://torrentbutler.unblocked.red/" />
+		<test url="http://tubeplus.unblocked.red/" />
+		<test url="http://watchfree.unblocked.red/" />
+		<test url="http://watchseries.unblocked.red/" />
+		<test url="http://watchtvseries.unblocked.red/" />
+
+	<target host="unblocked.li" />
+	<target host="*.unblocked.li" />
+		<test url="http://1337x.unblocked.li/" />
+		<test url="http://eztv.unblocked.li/" />
+		<test url="http://iwatchonline.unblocked.li/" />
+		<test url="http://kickass.unblocked.li/" />
+		<test url="http://libgen.unblocked.li/" />
+		<test url="http://limetorrents.unblocked.li/" />
+		<test url="http://megasearch.unblocked.li/" />
+		<test url="http://primewire.unblocked.li/" />
+		<test url="http://softarchive.unblocked.li/" />
+		<test url="http://solarmovie.unblocked.li/" />
+		<test url="http://torlock.unblocked.li/" />
+		<test url="http://torrentz.unblocked.li/" />
+		<test url="http://watchseries.unblocked.li/" />
+		<test url="http://watchtvseries.unblocked.li/" />
+
+	<target host="unblckd.biz" />
+	<target host="*.unblckd.biz" />
+		<test url="http://livetv.unblckd.biz/" />
+		<test url="http://vipleague.unblckd.biz/" />
+		<test url="http://watchtvseries.unblckd.biz/" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
+
diff --git a/src/chrome/content/rules/Unblu.com.xml b/src/chrome/content/rules/Unblu.com.xml
index a8b5d53b0360..d0bd3d8cd077 100644
--- a/src/chrome/content/rules/Unblu.com.xml
+++ b/src/chrome/content/rules/Unblu.com.xml
@@ -14,7 +14,6 @@
 	<target host="start.unblu.com" />
 
 
-	<rule from="^http://start\.unblu\.com/"
-		to="https://start.unblu.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Unbounce.xml b/src/chrome/content/rules/Unbounce.xml
index fbba777f1002..005576e563eb 100644
--- a/src/chrome/content/rules/Unbounce.xml
+++ b/src/chrome/content/rules/Unbounce.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ubounce.wpengine.netdna-cdn.com/ => https://ubounce.wpengine.netdna-cdn.com/: (6, 'Could not resolve host: ubounce.wpengine.netdna-cdn.com')
+
 	CDN buckets:
 
 		- s3.amazonaws.com/assets.unbounce.com/
@@ -7,47 +11,105 @@
 		- unbounce.wpengine.netdna-cdn.com
 
 
-	Problematic subdomains:
+	Nonfunctional hosts in *unbounce.com: ᶜ
+
+		- documentation ʰ
+		- ecourses ᵈ
+		- inside ʰ
+		- unblog ᵈ
+		- workshops ʰ
+
+	ᵈ Dropped
+	ʰ Redirects to http
+
+
+	Problematic hosts in *unbounce.com: ᶜ
 
-		- (www.)	(wpengine)
-		- assets	(amazonaws)
+		- community ᶜ
 
+	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
 
-	Partially covered domains:
 
-		- (www.)unbounce.com	(→ ubounce.wpengine.com)
+	These altnames do not exist:
 
+		- www.api-interest.unbounce.com
+		- www.get.unbounce.com
 
-	Fully covered domains:
 
-		- ubounce.wpengine.netdna-cdn.com	(→ ubounce.wpengine.com)
+	Insecure cookies are set for these domains and hosts: ᶜ
 
-		- unbounce.com subdomains:
+		- unbounce.com
+		- .unbounce.com
+		- api-interest.unbounce.com
+		- careers.unbounce.com
+		- get.unbounce.com
+		- www.unbounce.com
 
-			- app
-			- assets		(→ s3.amazonaws.com)
-			- go
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css on ^ from $self * ˢ
+		- Image on careers, get from d9hhrg4mnvzow.cloudfront.net ˢ
+		- favicon on get from ubounce.wpengine.netdna-cdn.com ˢ
+
+	* Only fonts
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="Unbounce (partial)">
+<ruleset name="Unbounce.com" default_off="failed ruleset test">
 
-	<target host="ubounce.wpengine.netdna-cdn" />
+	<!--	Direct rewrites:
+				-->
 	<target host="unbounce.com" />
-	<target host="*.unbounce.com" />
-		<exclusion pattern="^http://(?:www\.)?ubounce\.com/(?!\?mcsf_action=main_css|photos/|wp-content/)" />
-
+	<target host="academy.unbounce.com" />
+	<target host="api.unbounce.com" />
+	<target host="api-interest.unbounce.com" />
+	<target host="app.unbounce.com" />
+	<target host="assets.unbounce.com" />
+	<target host="builder-assets.unbounce.com" />
+	<target host="careers.unbounce.com" />
+	<!--target host="community.unbounce.com" /-->
+	<target host="get.unbounce.com" />
+	<target host="go.unbounce.com" />
+	<target host="www.unbounce.com" />
+
+		<test url="http://unbounce.com/blog/" />
+		<test url="http://unbounce.com/features/" />
+		<test url="http://www.unbounce.com/partner/" />
+		<test url="http://www.unbounce.com/pricing/" />
+
+		<test url="http://builder-assets.unbounce.com/published/jquery.ubpoverlay-63159c9.z.css" />
+
+		<!--	$ 404s, so:
+					-->
+		<test url="http://get.unbounce.com/api-access/" />
+
+
+	<!--	Complications:
+				-->
+	<target host="ubounce.wpengine.netdna-cdn.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^unbounce\.com$" name="^(?:_icl_current_language$|X-Mapping-)" /-->
+	<!--securecookie host="^\.unbounce\.com$" name="^ubvt$" /-->
+	<!--securecookie host="^(?:api-interest|careers|get)\.unbounce\.com$" name="^(?:ubpv|ubvs)$" /-->
+	<!--securecookie host="^www\.unbounce\.com$" name="^X-Mapping-" /-->
 
 	<!--securecookie host="^\.unbounce\.com$" name="^_lp-webapp_session$" /-->
-	<securecookie host="^go\.unbounce\.com$" name=".+" />
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?ubounce(?:\.wpengine\.netdna-cdn)?\.com/"
+	<rule from="^http://unbounce\.wpengine\.netdna-cdn\.com/"
 		to="https://unbounce.wpengine.com/" />
 
-	<rule from="^http://(app|go)\.unbounce\.com/"
-		to="https://$1.unbounce.com/" />
+		<test url="http://unbounce.wpengine.netdna-cdn.com/wp-content/themes/unbounce2015/assets/img/arrow_homepage.png" />
 
-	<rule from="^http://assets\.unbounce\.com/"
-		to="https://s3.amazonaws.com/assets.unbounce.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Unbound.net.xml b/src/chrome/content/rules/Unbound.net.xml
new file mode 100644
index 000000000000..9ea72ee3e89e
--- /dev/null
+++ b/src/chrome/content/rules/Unbound.net.xml
@@ -0,0 +1,16 @@
+<!--
+	For other NLnet Labs coverage, see NLnet-Labs.xml.
+
+-->
+<ruleset name="Unbound.net">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="unbound.net"/>
+	<target host="www.unbound.net"/>
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Unbridled.info.xml b/src/chrome/content/rules/Unbridled.info.xml
new file mode 100644
index 000000000000..2ac5c8f8f153
--- /dev/null
+++ b/src/chrome/content/rules/Unbridled.info.xml
@@ -0,0 +1,13 @@
+<ruleset name="Unbridled.info">
+
+	<target host="unbridled.info" />
+	<target host="www.unbridled.info" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Undeadly.org.xml b/src/chrome/content/rules/Undeadly.org.xml
new file mode 100644
index 000000000000..8a1ffe207001
--- /dev/null
+++ b/src/chrome/content/rules/Undeadly.org.xml
@@ -0,0 +1,9 @@
+<ruleset name="Undeadly.org">
+
+	<target host="undeadly.org" />
+	<target host="www.undeadly.org" />
+	<target host="beta.undeadly.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Undergroundgamer.xml b/src/chrome/content/rules/Undergroundgamer.xml
deleted file mode 100644
index d73b46f5a936..000000000000
--- a/src/chrome/content/rules/Undergroundgamer.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="Underground Gamer">
-  <target host="www.underground-gamer.com" />
-  <target host="underground-gamer.com" />
-
-  <rule from="^http://(www\.)?underground-gamer\.com/" to="https://www.underground-gamer.com/"/>
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Underhanded_Crypto.com.xml b/src/chrome/content/rules/Underhanded_Crypto.com.xml
new file mode 100644
index 000000000000..0de11b8d2ccd
--- /dev/null
+++ b/src/chrome/content/rules/Underhanded_Crypto.com.xml
@@ -0,0 +1,30 @@
+<!--
+	Nonfunctional subdomains:
+
+		- lists *
+
+	* Refused
+
+
+	Insecure cookies are set for these domains:
+
+		- .underhandedcrypto.com
+
+-->
+<ruleset name="Underhanded Crypto.com (partial)">
+
+	<target host="underhandedcrypto.com" />
+	<target host="www.underhandedcrypto.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.underhandedcrypto\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.underhandedcrypto\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Underskog.xml b/src/chrome/content/rules/Underskog.xml
index c3f18f381b42..8c4140a8b2c7 100644
--- a/src/chrome/content/rules/Underskog.xml
+++ b/src/chrome/content/rules/Underskog.xml
@@ -2,6 +2,6 @@
   <target host="underskog.no" />
   <target host="www.underskog.no" />
 
-  <rule from="^http://(?:www\.)?underskog\.no/" to="https://underskog.no/"/>
+  <rule from="^http:" to="https:" />
 </ruleset>
 
diff --git a/src/chrome/content/rules/Understood.org.xml b/src/chrome/content/rules/Understood.org.xml
new file mode 100644
index 000000000000..b7256b54a398
--- /dev/null
+++ b/src/chrome/content/rules/Understood.org.xml
@@ -0,0 +1,11 @@
+<ruleset name="Understood.org">
+
+	<target host="understood.org" />
+	<target host="community.understood.org" />
+	<target host="www.understood.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Undertone.xml b/src/chrome/content/rules/Undertone.xml
index 824457614102..4be0cc08854e 100644
--- a/src/chrome/content/rules/Undertone.xml
+++ b/src/chrome/content/rules/Undertone.xml
@@ -5,14 +5,28 @@
 		- blog		(times out; hosted on blogger)
 		- wwwlinks	(Akamai; 503)
 
+
+	ads: Included on 3rd-party websites.
+
+
+	Insecure cookies are set for these hosts:
+
+		- ads.undertone.com
+
 -->
-<ruleset name="Undertone (partial)">
+<ruleset name="Undertone.com (partial)">
 
 	<target host="ads.undertone.com" />
 
 
-	<!--	Included on 3rd-party websites.	-->
-	<rule from="^http://ads\.undertone\.com/"
-		to="https://ads.undertone.com/" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^ads\.undertone\.com$" name="^(?:UTID|UTZ)$" /-->
+
+	<securecookie host="^ads\.undertone\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/UnderwaterWorld.com.au.xml b/src/chrome/content/rules/UnderwaterWorld.com.au.xml
new file mode 100644
index 000000000000..30df053b4cbf
--- /dev/null
+++ b/src/chrome/content/rules/UnderwaterWorld.com.au.xml
@@ -0,0 +1,13 @@
+<!--
+	For other Merlin Entertainments coverage, see Merlin-Entertainments.xml.
+-->
+
+<ruleset name="UnderwaterWorld.com.au">
+	<target host="underwaterworld.com.au" />
+	<target host="www.underwaterworld.com.au" />
+
+	<securecookie host="www\.underwaterworld\.com\.au$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Underwear_Expert.xml b/src/chrome/content/rules/Underwear_Expert.xml
index cd0d96f64db7..5387c98b8042 100644
--- a/src/chrome/content/rules/Underwear_Expert.xml
+++ b/src/chrome/content/rules/Underwear_Expert.xml
@@ -3,7 +3,7 @@
 	<target host="cdn.underwearexpert.com" />
 
 
-	<rule from="^https?://cdn\.underwearexpert\.com/"
+	<rule from="^http://cdn\.underwearexpert\.com/"
 		to="https://d2szvuirvbmbdl.cloudfront.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Uned.es.xml b/src/chrome/content/rules/Uned.es.xml
new file mode 100644
index 000000000000..843aba3c043a
--- /dev/null
+++ b/src/chrome/content/rules/Uned.es.xml
@@ -0,0 +1,158 @@
+<!--
+	Ruleset for uned.es, the National University of Distance Education website.
+	See <https://en.wikipedia.org/wiki/National_University_of_Distance_Education>.
+
+	Not supporting HTTPS or using an invalid certificate:
+
+		* uned.es
+
+		* 2013.cursosvirtuales.uned.es
+		* acacia.intecca.uned.es
+		* adenu.ia.uned.es
+		* adexcop.ieec.uned.es
+		* afrodita.uned.es
+		* ailanto.intecca.uned.es
+		* akademosweb.uned.es
+		* albali.lsi.uned.es
+		* alderamin.lsi.uned.es
+		* amper.ieec.uned.es
+		* app.uned.es
+		* artesplasticas.uned.es
+		* atlaspru.lsi.uned.es
+		* atlas.uned.es
+		* autodiscover.uned.es
+		* avdigital.dia.uned.es
+		* avellano.intecca.uned.es
+		* avicenna.uned.es
+		* aviso.uned.es
+		* bakunin.uned.es
+		* biblio15.uned.es
+		* biblioteca.uned.es
+		* bigdatalab.scc.uned.es
+		* biologia.ccia.uned.es
+		* bode.ieec.uned.es
+		* bubi.ia.uned.es
+		* cabrillo.lsi.uned.es
+		* campus.intecca.uned.es
+		* campusnet.uned.es
+		* campus-noroeste.uned.es
+		* campus-sur.uned.es
+		* catedra.lsi.uned.es
+		* cerezo.intecca.uned.es
+		* cesiti.uned.es
+		* coie-server.uned.es
+		* comunicacion.intecca.uned.es
+		* comunidades.cursosvirtuales.uned.es
+		* contenido.uned.es
+		* cosicologi.dia.uned.es
+		* csdebateabierto.uned.es
+		* debian.adenu.ia.uned.es
+		* demo.iedra.uned.es
+		* dev.adenu.ia.uned.es
+		* dls-pre.uned.es
+		* docnew.lsi.uned.es
+		* doctorado.cursosvirtuales.uned.es
+		* eduardo.meca.uned.es
+		* elparaiso.mat.uned.es
+		* emocion.uned.es
+		* enebro.intecca.uned.es
+		* e-spacio.uned.es
+		* etsii.uned.es
+		* externos.cursosvirtuales.uned.es
+		* friedel.uned.es
+		* gesmant.uned.es
+		* ieec27.ieec.uned.es
+		* ieec7.ieec.uned.es
+		* ii.uned.es
+		* info.uned.es
+		* innova.uned.es
+		* intecca.uned.es
+		* investigauned.uned.es
+		* mail2.uned.es
+		* meteo.ieec.uned.es
+		* open.uned.es
+		* paraisomat.ii.uned.es
+		* polar.lsi.uned.es
+		* revistas.uned.es
+		* sameens.dia.uned.es
+		* sensei.lsi.uned.es
+		* siea.ia.uned.es
+		* sociored.uned.es
+		* sso.uned.es
+		* tallerdigital.uned.es
+		* unilabs.dia.uned.es
+		* virtual.uned.es
+		* volta.ieec.uned.es
+		* wainu.ii.uned.es
+		* wap.uned.es
+		* www2.uned.es
+		* www.calatayud.uned.es
+		* www.cisiad.uned.es
+		* www.cuid.uned.es
+		* www.dia.uned.es
+		* www-etsii.uned.es
+		* www.euclides.dia.uned.es
+		* www.ia.uned.es
+		* www.ieec.uned.es
+		* www.issi.uned.es
+		* www.londres.uned.es
+		* www.lsi.uned.es
+		* www.lugo.uned.es
+		* www.madridsur.uned.es
+		* www.ponferrada.uned.es
+-->
+<ruleset name="UNED.es">
+
+	<target host="2014.cursosvirtuales.uned.es" />
+	<target host="2016.cursosvirtuales.uned.es" />
+	<target host="acceso40.uned.es" />
+	<target host="alpe.adenu.ia.uned.es" />
+	<target host="arce.intecca.uned.es" />
+	<target host="avanza.adenu.ia.uned.es" />
+	<target host="backup.cursosvirtuales.uned.es" />
+	<target host="blogs.uned.es" />
+	<target host="campusverano.innova.uned.es" />
+	<target host="canal.uned.es" />
+	<target host="chopo.intecca.uned.es" />
+	<target host="clubdelectura.uned.es" />
+	<target host="coie.uned.es" />
+	<target host="coma.uned.es" />
+	<target host="congresos.uned.es" />
+	<target host="correo.uned.es" />
+	<target host="cursosvirtuales.uned.es" />
+	<target host="dfmf.uned.es" />
+	<target host="docencia.lsi.uned.es" />
+	<target host="eoral.uned.es" />
+	<target host="eu4all.adenu.ia.uned.es" />
+	<target host="ext.cursosvirtuales.uned.es" />
+	<target host="extension.uned.es" />
+	<target host="ezproxy.uned.es" />
+	<target host="formacionpermanente.cursosvirtuales.uned.es" />
+	<target host="formacionpermanente.uned.es" />
+	<target host="front.uned.es" />
+	<target host="horarioscentros.uned.es" />
+	<target host="horizonteuned50.uned.es" />
+	<target host="idp.coma.uned.es" />
+	<target host="idpsir.uned.es" />
+	<target host="iedra.uned.es" />
+	<target host="listserv.uned.es" />
+	<target host="login.uned.es" />
+	<target host="mantenimiento.uned.es" />
+	<target host="ocw.innova.uned.es" />
+	<target host="portal.uned.es" />
+	<target host="practicas.uned.es" />
+	<target host="qinnova.uned.es" />
+	<target host="sede.uned.es" />
+	<target host="serviweb.uned.es" />
+	<target host="titulospropios.uned.es" />
+	<target host="unedabierta.uned.es" />
+	<target host="www.apsiol.uned.es" />
+	<target host="www.fundacion.uned.es" />
+	<target host="www.innova.uned.es" />
+	<target host="www.intecca.uned.es" />
+	<target host="www.uned.es" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Uneddit.xml b/src/chrome/content/rules/Uneddit.xml
new file mode 100644
index 000000000000..f72a77fd9b53
--- /dev/null
+++ b/src/chrome/content/rules/Uneddit.xml
@@ -0,0 +1,13 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.uneddit.com/ => https://www.uneddit.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.uneddit.com'")
+
+-->
+<ruleset name="Uneddit" default_off="failed ruleset test">
+	<target host="uneddit.com" />
+	<target host="www.uneddit.com" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ungleich.ch.xml b/src/chrome/content/rules/Ungleich.ch.xml
new file mode 100644
index 000000000000..a684a740f319
--- /dev/null
+++ b/src/chrome/content/rules/Ungleich.ch.xml
@@ -0,0 +1,13 @@
+<ruleset name="Ungleich.ch">
+	<target host="ungleich.ch" />
+	<target host="www.ungleich.ch" />
+	<target host="blog.ungleich.ch" />
+	<target host="comic.ungleich.ch" />
+	<target host="digitalebildung.ungleich.ch" />
+	<target host="redmine.ungleich.ch" />
+	<target host="shop.ungleich.ch" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Unglue.it.xml b/src/chrome/content/rules/Unglue.it.xml
new file mode 100644
index 000000000000..4b0489a8829a
--- /dev/null
+++ b/src/chrome/content/rules/Unglue.it.xml
@@ -0,0 +1,37 @@
+<!--
+	CDN buckets:
+
+		- unglueit-files.s3.amazonaws.com
+
+
+	Problematic hosts in *unglue.it:
+
+		- blog *
+
+	* Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- unglue.it
+
+-->
+<ruleset name="unglue.it (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="unglue.it" />
+	<target host="www.unglue.it" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^unglue\.it$" name="^(csrftoken|sessionid)$" /-->
+
+	<securecookie host="^unglue\.it$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Unhosted.xml b/src/chrome/content/rules/Unhosted.xml
index b46d9742c7db..c0fd0e222399 100644
--- a/src/chrome/content/rules/Unhosted.xml
+++ b/src/chrome/content/rules/Unhosted.xml
@@ -1,16 +1,25 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://apps.unhosted.org/ => https://apps.unhosted.org/: (6, 'Could not resolve host: apps.unhosted.org')
+
 	Problematic subdomains:
 
-		- www		(prints "See https://unhosted.org/")
+		- www		(self-signed)
 
 -->
-<ruleset name="Unhosted ">
+<ruleset name="Unhosted" default_off="failed ruleset test">
 
 	<target host="unhosted.org" />
-	<target host="*.unhosted.org" />
+	<target host="www.unhosted.org" />
+	<target host="apps.unhosted.org" />
+
+	<rule from="^http://www\.unhosted\.org/"
+		to="https://unhosted.org/" />
 
+		<test url="http://unhosted.org/" />
 
-	<rule from="^http://(?:(apps\.)|www\.)?unhosted\.org/"
-		to="https://$1unhosted.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Uni-DuE.de.xml b/src/chrome/content/rules/Uni-DuE.de.xml
new file mode 100644
index 000000000000..159c0fd48b61
--- /dev/null
+++ b/src/chrome/content/rules/Uni-DuE.de.xml
@@ -0,0 +1,46 @@
+<!--
+	University of Duisburg-Essen
+
+
+	^uni-due.de: Dropped
+
+
+	Fully covered hosts in *uni-due.de:
+
+		- (www.)?	(^ → www)
+		- campus
+		- lsf
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.uni-due.de
+
+-->
+<ruleset name="Uni-DuE.de">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="campus.uni-due.de" />
+	<target host="lsf.uni-due.de" />
+	<target host="www.uni-due.de" />
+
+	<!--	Complications:
+				-->
+	<target host="uni-due.de" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.uni-due\.de$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^www\.uni-due\.de$" name=".+" />
+
+
+	<rule from="^http://uni-due\.de/"
+		to="https://www.uni-due.de/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Uni-Goettingen.de.xml b/src/chrome/content/rules/Uni-Goettingen.de.xml
index 551bb92a4af2..ee669a198da4 100644
--- a/src/chrome/content/rules/Uni-Goettingen.de.xml
+++ b/src/chrome/content/rules/Uni-Goettingen.de.xml
@@ -2,7 +2,7 @@
 	University of Göttingen
 
 
-	Problematic subdomains:
+	Problematic hosts in *uni-goettingen.de:
 
 		- (www.)coar	(works, self-signed)
 		- grc		(works; mismatched, CN: vweb12.gwdg.de)
@@ -10,42 +10,47 @@
 		- karzer	(shows www, valid cert)
 
 
-	Fully covered subdomains:
-
-		- www.sec.informatik	(→ www)
-		- karzer	(→ www)
-		- www
-
-
 	^uni-goettingen.de times out over http.
 
 
-	Observed cookie domains:
+	These altnames don't exist:
 
-		- grc
+		- sub.uni-goettingen.de
+		- piwik.uni-goettingen.de
+		- www.piwik.uni-goettingen.de
 
 
 	Mixed content:
 
 		- Images on www from www *
+		- Bug on ediss from piwik.gwdg.de *
 
 	* Secured by us
 
 -->
 <ruleset name="Uni-Goettingen.de (partial)">
 
-	<target host="*.uni-goettingen.de" />
+	<!--	Direct rewrites:
+				-->
+	<target host="ediss.uni-goettingen.de" />
+	<target host="www.sub.uni-goettingen.de" />
+	<target host="www.uni-goettingen.de" />
+
+	<!--	Complications:
+				-->
+	<target host="www.sec.informatik.uni-goettingen.de" />
+	<target host="karzer.uni-goettingen.de" />
 
 
-	<rule from="^http://www\.uni-goettingen\.de/"
-		to="https://www.uni-goettingen.de/" />
+	<rule from="^http://karzer\.uni-goettingen\.de/"
+		to="https://www.uni-goettingen.de/de/sh/29360.html" />
 
 	<!--	Server doesn't drop path:
 						-->
 	<rule from="^http://www\.sec\.informatik\.uni-goettingen\.de/"
 		to="https://www.uni-goettingen.de/de/266195.html" />
 
-	<rule from="^http://karzer\.uni-goettingen\.de/"
-		to="https://www.uni-goettingen.de/de/sh/29360.html" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Uni-Hamburg.de-falsemixed.xml b/src/chrome/content/rules/Uni-Hamburg.de-falsemixed.xml
new file mode 100644
index 000000000000..edb2c511c73d
--- /dev/null
+++ b/src/chrome/content/rules/Uni-Hamburg.de-falsemixed.xml
@@ -0,0 +1,18 @@
+<!--
+	For rules not causing false/broken MCB, see UHH-Informatik.xml.
+
+-->
+<ruleset name="Uni-Hamburg.de (false MCB)" platform="mixedcontent">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.cui.uni-hamburg.de" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Uni-Hannover.xml b/src/chrome/content/rules/Uni-Hannover.xml
new file mode 100644
index 000000000000..bc437f490c69
--- /dev/null
+++ b/src/chrome/content/rules/Uni-Hannover.xml
@@ -0,0 +1,55 @@
+<!--
+	University of Hannover
+
+	Other University of Hannover rulesets:
+
+		- MetaGer.de.xml
+
+
+	Problematic hosts in *uni-hannover.de:
+
+		- www2.dcsec *
+
+	* Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.dcsec.uni-hannover.de
+		- www.rrzn.uni-hannover.de
+
+
+	Mixed content:
+
+		- favicon on www.dcsec from $self *
+
+		- Web bugs, on:
+
+			- www.dcsec, www.rrzn from www.piwik.rrzn.uni-hannover.de *
+			- www from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Uni-Hannover.de (partial)">
+
+	<target host="uni-hannover.de" />
+	<target host="cc.dcsec.uni-hannover.de" />
+	<target host="www.dcsec.uni-hannover.de" />
+	<target host="www.piwik.rrzn.uni-hannover.de" />
+	<target host="www.rrzn.uni-hannover.de" />
+	<target host="qis.verwaltung.uni-hannover.de" />
+	<target host="www.uni-hannover.de" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.(dcsec|rrzn)\.uni-hannover\.de$" name="^fe_typo_user$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Uni-Kl.de-falsemixed.xml b/src/chrome/content/rules/Uni-Kl.de-falsemixed.xml
index 69f652c70ad7..45a99af4c531 100644
--- a/src/chrome/content/rules/Uni-Kl.de-falsemixed.xml
+++ b/src/chrome/content/rules/Uni-Kl.de-falsemixed.xml
@@ -1,4 +1,6 @@
 <!--
+Automatically by https-everywhere-checker because:
+Fetch error: http://www.architektur.uni-kl.de/ => https://www.architektur.uni-kl.de/: (51, "SSL: no alternative certificate subject name matches target host name 'www.architektur.uni-kl.de'")
 	For rules not causing false/broken MCB, see Uni-Kl.de.xml.
 
 -->
diff --git a/src/chrome/content/rules/Uni-Potsdam.de-problematic.xml b/src/chrome/content/rules/Uni-Potsdam.de-problematic.xml
new file mode 100644
index 000000000000..60fb9ed7f2a7
--- /dev/null
+++ b/src/chrome/content/rules/Uni-Potsdam.de-problematic.xml
@@ -0,0 +1,16 @@
+<!--
+	For rules that are on by default, see University_of_Potsdam.xml.
+
+-->
+<ruleset name="Uni-Potsdam.de (expired)" default_off="expired">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="epic.hpi.uni-potsdam.de" />
+	<target host="ares.epic.hpi.uni-potsdam.de" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Uni-Saarland.de.xml b/src/chrome/content/rules/Uni-Saarland.de.xml
index f39ca0eb1a18..24991402094f 100644
--- a/src/chrome/content/rules/Uni-Saarland.de.xml
+++ b/src/chrome/content/rules/Uni-Saarland.de.xml
@@ -1,16 +1,120 @@
 <!--
 	Saarland University
 
+
+	Nonfunctional subdomains:
+
+		- (www.)coli ¹
+		- gradschool.cs ²
+		- www.sfb1102 ³
+
+	¹ Shows www-int.coli
+	² Shows ^cs
+	³ Refused
+
+
+	Problematic subdomains:
+
+		- ^ *
+		- mmci *
+
+	* Cert only matches www.foo
+
+
+	Fully covered subdomains:
+
+		- (www.)cispa
+		- www-int.coli
+
+		- (www.)csl.cs
+		- (www.)crypto.cs
+		- (www.)cybersicherheit.cs
+		- epica.cs
+		- (www.)infsec.cs
+		- (www.)lbs.cs
+		- (www.)sps.cs
+		- www-infsec.cs
+		- www-wjp.cs
+
+		- (www.)cybersicherheit
+		- datscha
+		- www.lsf
+		- www.lsv
+		- (www.)mmci		(→ www.mmci)
+
+
+	Insecure cookies are set for these domains:
+
+		- (www.)cispa
+
+		- (www.)cs
+		- (www.)cybersicherheit.cs
+
+		- www.lsv
+		- www.mmci
+
 -->
 <ruleset name="Uni-Saarland.de (partial)">
 
+	<target host="uni-saarland.de" />
+	<target host="mmci.uni-saarland.de" />
+	<target host="www.uni-saarland.de" />
+	<target host="www.mmci.uni-saarland.de" />
+	<target host="www-int.coli.uni-saarland.de" />
 	<target host="epica.cs.uni-saarland.de" />
+	<target host="www-infsec.cs.uni-saarland.de" />
+	<target host="www-wjp.cs.uni-saarland.de" />
+	<target host="datscha.uni-saarland.de" />
+	<target host="www.lsf.uni-saarland.de" />
+	<target host="www.lsv.uni-saarland.de" />
+	<target host="cispa.uni-saarland.de" />
+	<target host="cs.uni-saarland.de" />
+	<target host="crypto.cs.uni-saarland.de" />
+	<target host="csl.cs.uni-saarland.de" />
+	<target host="cybersicherheit.cs.uni-saarland.de" />
+	<target host="infsec.cs.uni-saarland.de" />
+	<target host="lbs.cs.uni-saarland.de" />
+	<target host="sps.cs.uni-saarland.de" />
+	<target host="cybersicherheit.uni-saarland.de" />
+	<target host="www.cispa.uni-saarland.de" />
+	<target host="www.cs.uni-saarland.de" />
+	<target host="www.crypto.cs.uni-saarland.de" />
+	<target host="www.csl.cs.uni-saarland.de" />
+	<target host="www.cybersicherheit.cs.uni-saarland.de" />
+	<target host="www.infsec.cs.uni-saarland.de" />
+	<target host="www.lbs.cs.uni-saarland.de" />
+	<target host="www.sps.cs.uni-saarland.de" />
+	<target host="www.cybersicherheit.uni-saarland.de" />
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="^http://www\.uni-saarland\.de/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.uni-saarland\.de/+(?!favicon\.ico|fileadmin/|typo3temp/|uploads/)" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^((www\.)?cs|www\.lsv|www\.mmci)\.uni-saarland\.de$" name="^fe_typo_user$" /-->
+	<!--securecookie host="^((www\.)?cispa|www\.mmci)\.uni-saarland\.de$" name="^session$" /-->
+	<!--securecookie host="^(www\.)?cybersicherheit\.cs\.uni-saarland\.de$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^(?:(?:www\.)?cispa|(?:epica\.|www\.)?cs|(?:www\.)?cybersicherheit\.cs|www\.lsv)\.uni-saarland\.de$" name=".+" />
+
 
+	<!--	Domains for which both !www and www exist,
+		and both work unproblematically:
+						-->
+	<rule from="^http://(?:www\.)?(mmci\.)?uni-saarland\.de/"
+		to="https://www.$1uni-saarland.de/" />
 
-	<securecookie host="^epica\.cs\.uni-saarland\.de$" name=".+" />
 
+	<!--	Domains for which both !www and www exist,
+		and both work unproblematically:
+						-->
 
-	<rule from="^http://epica\.cs\.uni-saarland\.de/"
-		to="https://epica.cs.uni-saarland.de/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Uni-Stuttgart.de.xml b/src/chrome/content/rules/Uni-Stuttgart.de.xml
new file mode 100644
index 000000000000..9a322c0d4678
--- /dev/null
+++ b/src/chrome/content/rules/Uni-Stuttgart.de.xml
@@ -0,0 +1,37 @@
+<!--
+	Universität Stuttgart
+
+	Non-functional hosts
+		Timeout was reached:
+			 - icp.uni-stuttgart.de
+
+		SSL connect error:
+			 - www-print.rus.uni-stuttgart.de
+
+		Secure connection redirects to plaintext:
+			 - www.rus.uni-stuttgart.de
+			 - www.stud.uni-stuttgart.de
+-->
+<ruleset name="Uni-Stuttgart.de (partial)">
+	<target host="uni-stuttgart.de" />
+	<target host="cert.uni-stuttgart.de" />
+	<target host="www.icp.uni-stuttgart.de" />
+	<target host="mbox.uni-stuttgart.de" />
+	<target host="fex.rus.uni-stuttgart.de" />
+	<target host="www.uni-stuttgart.de" />
+	<target host="mail.uni-stuttgart.de" />
+	<target host="ilias3.uni-stuttgart.de" />
+	<target host="www.ub.uni-stuttgart.de" />
+	<target host="www.student.uni-stuttgart.de" />
+	<target host="www.physik.uni-stuttgart.de" />
+	<target host="www.imt.uni-stuttgart.de" />
+	<target host="www.iff.uni-stuttgart.de" />
+	<target host="fsmach.uni-stuttgart.de" />
+	<target host="www.iabp.uni-stuttgart.de" />
+	<target host="www.ias.uni-stuttgart.de" />
+	<target host="www.ifkb.uni-stuttgart.de" />
+
+	<securecookie host="^www\.icp\.uni-stuttgart\.de$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Uni-Wuerzburg.de.xml b/src/chrome/content/rules/Uni-Wuerzburg.de.xml
index 4285b5ce938b..66bbf9d1114f 100644
--- a/src/chrome/content/rules/Uni-Wuerzburg.de.xml
+++ b/src/chrome/content/rules/Uni-Wuerzburg.de.xml
@@ -23,7 +23,8 @@
 -->
 <ruleset name="Uni-Wuerzburg.de (partial)">
 
-	<target host="*.uni-wuerzburg.de" />
+	<target host="mathematik.uni-wuerzburg.de" />
+	<target host="www.mathematik.uni-wuerzburg.de" />
 
 
 	<rule from="^http://(?:www\.)?mathematik\.uni-wuerzburg\.de/"
diff --git a/src/chrome/content/rules/Uni-heidelberg.de.xml b/src/chrome/content/rules/Uni-heidelberg.de.xml
new file mode 100644
index 000000000000..523ed68e2dea
--- /dev/null
+++ b/src/chrome/content/rules/Uni-heidelberg.de.xml
@@ -0,0 +1,16 @@
+<!--
+  Problematic subdomains:
+    -www.rzuser, see https://github.com/EFForg/https-everywhere/pull/3194
+-->
+<ruleset name="Uni-heidelberg.de">
+  <target host="www.uni-heidelberg.de" />
+  <target host="urz.uni-heidelberg.de" />
+  <target host="www.urz.uni-heidelberg.de" />
+  <target host="www.klinikum.uni-heidelberg.de" />
+  <target host="katalog.ub.uni-heidelberg.de" />
+  <target host="www.mathinf.uni-heidelberg.de" />
+  <target host="www.math.uni-heidelberg.de" />
+  <target host="wwwmail.urz.uni-heidelberg.de" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Uni.Lu.xml b/src/chrome/content/rules/Uni.Lu.xml
new file mode 100644
index 000000000000..d007595be4d2
--- /dev/null
+++ b/src/chrome/content/rules/Uni.Lu.xml
@@ -0,0 +1,17 @@
+<!--
+	Non-functional hosts:
+		Incomplete certificate chain error:
+		- hpc.uni.lu
+-->
+<ruleset name="Uni.Lu (partial)">
+	<target host="uni.lu" />
+	<target host="www.uni.lu" />
+	<target host="orbilu.uni.lu" />
+	<target host="piwik.uni.lu" />
+	<target host="recruitment.uni.lu" />
+	<target host="wwwde.uni.lu" />
+	<target host="wwwen.uni.lu" />
+	<target host="wwwfr.uni.lu" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/UniCDN.net.xml b/src/chrome/content/rules/UniCDN.net.xml
new file mode 100644
index 000000000000..0705b59335e5
--- /dev/null
+++ b/src/chrome/content/rules/UniCDN.net.xml
@@ -0,0 +1,11 @@
+<ruleset name="UniCDN.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="a1s.unicdn.net" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/UniStra.fr-falsemixed.xml b/src/chrome/content/rules/UniStra.fr-falsemixed.xml
new file mode 100644
index 000000000000..1136b2ce734b
--- /dev/null
+++ b/src/chrome/content/rules/UniStra.fr-falsemixed.xml
@@ -0,0 +1,17 @@
+<!--
+	For rules not causing false/broken MCB, see University-of-Strasbourg.xml.
+
+-->
+<ruleset name="UniStra.fr (false MCB)" platform="mixedcontent">
+
+	<target host="engees.unistra.fr" />
+	<target host="typodun.unistra.fr" />
+	<target host="www.unistra.fr" />
+
+
+	<securecookie host="^(?:engees|typodun)\.unistra\.fr$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Uni_Leoben.ac.at.xml b/src/chrome/content/rules/Uni_Leoben.ac.at.xml
new file mode 100644
index 000000000000..e8dda76b3926
--- /dev/null
+++ b/src/chrome/content/rules/Uni_Leoben.ac.at.xml
@@ -0,0 +1,72 @@
+<!--
+	Montanuniversitaet Leoben
+
+
+	Problematic hosts in *unileoben.ac.at:
+
+		- ^ ᶜ *
+		- asi ᶜ *
+		- bibliothek ᶜ *
+		- international ᶜ *
+		- presse ᶜ *
+		- rohstoffaufbereitung ᶜ *
+		- starter ᶜ *
+		- usi ᶜ
+		- wbw ᶜ *
+		- weiterbildung ᶜ *
+		- wild ᶜ *
+		- www ᶜ
+		- www4 *
+		- zid ᶜ *
+
+	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
+	* Mismatched, CN: www.unileoben.ac.at
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- pure.unileoben.ac.at
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Flash on wild from www.usflashmap.com
+		- iframe on bibliothek from www.unileoben.ac.at *
+		- css on bibliothek from www.unileoben.ac.at *
+
+	* See https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Uni Leoben.ac.at (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="online.unileoben.ac.at" />
+	<target host="pure.unileoben.ac.at" />
+	<!--target host="usi.unileoben.ac.at" /-->
+	<target host="usionline.unileoben.ac.at" />
+	<!--target host="www.unileoben.ac.at" /-->
+
+		<!--exclusion pattern="^http://(bibliothek|presse|starter|weiterbildung|www4|zid)\.unileoben\.ac\.at/" /-->
+
+	<!--	Complications:
+				-->
+	<!--target host="unileoben.ac.at" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^pure\.unileoben\.ac\.at$" name="^com\.sun\.aces\.context\.flash\.PostbackRequest$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<!--rule from="^http://unileoben\.ac\.at/"
+		to="https://www.unileoben.ac.at/" /-->
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Unibet_Australia.xml b/src/chrome/content/rules/Unibet_Australia.xml
index 9a206f5c5179..531f306b25fb 100644
--- a/src/chrome/content/rules/Unibet_Australia.xml
+++ b/src/chrome/content/rules/Unibet_Australia.xml
@@ -1,22 +1,36 @@
+
 <!--
-	Problematic subdomains:
+Disabled by https-everywhere-checker because:
+Fetch error: http://m.unibet.com.au/ => https://m.unibet.com.au/: (6, 'Could not resolve host: touch.unibet.com.au')
+
+	Unibet Australia
+
+
+	Insecure cookies are set for these domains and hosts:
 
-		- ^	(cert only matches *.unibet.com.au)
+		- www.unibet.com.au
+		- .www.unibet.com.au
 
 -->
-<ruleset name="Unibet Australia">
+<ruleset name="Unibet.com.au" default_off="failed ruleset test">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="unibet.com.au" />
-	<target host="*.unibet.com.au" />
+	<target host="cdn.unibet.com.au" />
+	<target host="m.unibet.com.au" />
+	<target host="www.unibet.com.au" />
 
 
-	<securecookie host="^(?:www)?\.unibet\.com\.au$" name=".+" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.unibet\.com\.au$" name="^BIGipServer\w+$" /-->
+	<!--securecookie host="^\.www\.unibet\.com\.au$" name="^clientId$" /-->
 
+	<securecookie host="^(?:\.?www)?\.unibet\.com\.au$" name=".+" />
 
-	<rule from="^https?://(?:www\.)?unibet\.com\.au/"
-		to="https://www.unibet.com.au/" />
 
-	<rule from="^http://(cdn|m)\.unibet\.com\.au/"
-		to="https://$1.unibet.com.au/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Uniblue.xml b/src/chrome/content/rules/Uniblue.xml
deleted file mode 100644
index b9d0bcfd8bba..000000000000
--- a/src/chrome/content/rules/Uniblue.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="Uniblue">
-
-	<target host="uniblue.com"/>
-	<target host="www.uniblue.com"/>
-
-	<rule from="^http://(?:www\.)?uniblue\.com/"
-		to="https://d2iq4cp2qrughe.cloudfront.net/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Unica.xml b/src/chrome/content/rules/Unica.xml
index c7887001aa09..6d96caf6f43a 100644
--- a/src/chrome/content/rules/Unica.xml
+++ b/src/chrome/content/rules/Unica.xml
@@ -1,15 +1,15 @@
 <!--
-	Problematic domains:
-
-		- unicaondemand.com	(cert only matches *.unicaondemand.com)
+	^unicaondemand.com: Dropped
+	www.unicaondemand.com: 504 over http & https
 
 -->
-<ruleset name="Unica (partial)">
+<ruleset name="Unica (partial)" default_off="Needs ruleset tests">
 
 	<target host="*.unica.com" />
-	<target host="unicaondemand.com" />
 	<target host="*.unicaondemand.com" />
 
+		<test url="http://pt000126.unica.com/" />
+
 
 	<securecookie host="^pt\d+\.unica\.com$" name=".+" />
 	<securecookie host=".*\.unicaondemand\.com$" name=".+" />
@@ -20,9 +20,6 @@
 	<rule from="^http://pt(\d+)\.unica\.com/"
 		to="https://pt$1.unica.com/" />
 
-	<rule from="^http://(?:www\.)?unicaondemand\.com/"
-		to="https://www.unicaondemand.com/" />
-
 	<rule from="^http://(\d+)\.unicaondemand\.com/"
 		to="https://$1.unicaondemand.com/" />
 
diff --git a/src/chrome/content/rules/Unicom.xml b/src/chrome/content/rules/Unicom.xml
index aae1ae70f5b0..3558e6ba39cb 100644
--- a/src/chrome/content/rules/Unicom.xml
+++ b/src/chrome/content/rules/Unicom.xml
@@ -2,7 +2,6 @@
 
 	<target host="totalrecall.switchingon.com"/>
 
-	<rule from="^http://totalrecall\.switchingon\.com/"
-		to="https://totalrecall.switchingon.com/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Unicorn-engine.org.xml b/src/chrome/content/rules/Unicorn-engine.org.xml
new file mode 100644
index 000000000000..add3abf7ee0e
--- /dev/null
+++ b/src/chrome/content/rules/Unicorn-engine.org.xml
@@ -0,0 +1,14 @@
+<!--
+	Invalid certificate:
+		- unicorn-engine.org, equivalent to www.unicorn-engine.org
+-->
+
+<ruleset name="Unicorn-engine.org">
+	<target host="unicorn-engine.org" />
+	<target host="www.unicorn-engine.org" />
+
+	<rule from="^http://unicorn-engine\.org/"
+		to="https://www.unicorn-engine.org/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Unified_Social.com.xml b/src/chrome/content/rules/Unified_Social.com.xml
new file mode 100644
index 000000000000..f1049edde523
--- /dev/null
+++ b/src/chrome/content/rules/Unified_Social.com.xml
@@ -0,0 +1,51 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://login.unifiedsocial.com/ => https://login.unifiedsocial.com/: (6, 'Could not resolve host: login.unifiedsocial.com')
+
+	Other Unified Social rulesets:
+
+		- Awe.sm.xml
+
+
+	Nonfunctional subdomains:
+
+		- blog ¹
+		- support ²
+
+	¹ Refused
+	² Desk.com
+
+
+	^: Refused
+	www: Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- login.unifiedsocial.com
+
+-->
+<ruleset name="Unified Social.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<!--target host="unifiedsocial.com" /-->
+	<!--target host="blog.unifiedsocial.com" /-->
+	<target host="login.unifiedsocial.com" />
+	<target host="platform.unifiedsocial.com" />
+	<!--target host="support.unifiedsocial.com" /-->
+	<!--target host="www.unifiedsocial.com" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^login\.unifiedsocial\.com$" name="^connect\.sid$" /-->
+
+	<securecookie host="^login\.unifiedsocial\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Unifiedtracking.com.xml b/src/chrome/content/rules/Unifiedtracking.com.xml
new file mode 100644
index 000000000000..f318a3f81a33
--- /dev/null
+++ b/src/chrome/content/rules/Unifiedtracking.com.xml
@@ -0,0 +1,33 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.unifiedtracking.com/ => https://www.unifiedtracking.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://unifiedtracking.com/ => https://www.unifiedtracking.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+	For other Nanigans coverage, see Nanigans.xml
+
+
+	^unifiedtracking.com: Mismatched
+
+-->
+<ruleset name="unifiedtracking.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.unifiedtracking.com" />
+
+	<!--	Complications:
+				-->
+	<target host="unifiedtracking.com" />
+
+
+	<securecookie host="^www\.unifiedtracking\.com$" name=".+" />
+
+
+	<rule from="^http://unifiedtracking\.com/"
+		to="https://www.unifiedtracking.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Uniform_Wares.com.xml b/src/chrome/content/rules/Uniform_Wares.com.xml
new file mode 100644
index 000000000000..97945454c734
--- /dev/null
+++ b/src/chrome/content/rules/Uniform_Wares.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="Uniform Wares.com">
+
+	<target host="uniformwares.com" />
+	<target host="www.uniformwares.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Unigine.xml b/src/chrome/content/rules/Unigine.xml
index 5c65b1ac1205..270d38f2310b 100644
--- a/src/chrome/content/rules/Unigine.xml
+++ b/src/chrome/content/rules/Unigine.xml
@@ -1,11 +1,14 @@
 <ruleset name="Unigine">
 
-	<target host="unigine.com"/>
-	<target host="*.unigine.com"/>
+	<target host="unigine.com" />
+	<target host="developer.unigine.com" />
+	<target host="eu4.unigine.com" />
+	<target host="www.unigine.com" />
 
-	<securecookie host="^(.*\.)?unigine\.com$" name=".*"/>
 
-	<rule from="^http://(eu4\.|www\.)?unigine\.com/"
-		to="https://$1unigine.com/"/>
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Unilever.xml b/src/chrome/content/rules/Unilever.xml
index 8cce4edde976..fb483eb275e4 100644
--- a/src/chrome/content/rules/Unilever.xml
+++ b/src/chrome/content/rules/Unilever.xml
@@ -1,15 +1,15 @@
-<ruleset name="Unilever" default_off="mismatch">
+<ruleset name="Unilever" default_off="mismatched">
 
 	<!--	Akamai	-->
 	<target host="unilever.com" />
-	<target host="*.unilever.com" />
+	<target host="www.unilever.com" />
+	<target host="uimg.unilever.com" />
 
 
 	<!--	!www times out.	-->
-	<rule from="^https?://(?:www\.)?unilever\.com/"
+	<rule from="^http://(?:www\.)?unilever\.com/"
 		to="https://www.unilever.com/" />
 
-	<rule from="^http://uimg\.unilever\.com/"
-		to="https://uimg.unilever.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Unimi.it.xml b/src/chrome/content/rules/Unimi.it.xml
new file mode 100644
index 000000000000..52e8dbca90a0
--- /dev/null
+++ b/src/chrome/content/rules/Unimi.it.xml
@@ -0,0 +1,65 @@
+<!--
+	Nonfunctional subdomains:
+
+		- air ¹
+		- ariel ²
+		- www.cosp ³
+		- ariel.ctu ³
+		- fastutil.di ⁴
+		- lsr.di ⁵
+		- www.docucity ³
+		- www.bpe.europresse.com.pros.lib ⁶
+		- opac ³
+		- portalevideo ³
+		- riviste ⁶
+		- www.sba ³
+		- unimia ³
+		- (www.)vespa ³
+		- eng.vespa ³
+		- www.veterinaria ³
+		- www.vetesc ⁶
+
+	¹ http reply
+	² Interrupted
+	³ Refused
+	⁴ Shows lsr.di; mismatched, CN: lsr.di.unimi.it
+	⁵ Data differ, valid cert
+	⁶ Dropped
+
+
+	^: cert only matches www
+
+-->
+<ruleset name="Unimi.it (partial)">
+
+	<target host="unimi.it" />
+	<target host="*.unimi.it" />
+		<!--exclusion pattern="^http://(ariel|www\.cosp|ariel\.ctu|lsr\.di|www\.docucity|www\.bpe\.europresse\.com\.pros\.lib|opac|portalevideo|riviste|www\.sba|unimia|vespa|(eng|www)\.vespa|www\.veterinaria|www\.vetesc)\.unimi\.it/" /-->
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="^http://www\.unimi\.it/+($|\?|cataloghi/divsi/)" /-->
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="^http://www\.unimi\.it/+(?!css/|img/|registrazione/registra\.keb|registrazione/riepilogo\.keb)" /-->
+
+
+	<!--	Secured by server:
+					-->
+	<!--securecookie host="^securemail\.unimi\.it$" name="^(JROUTE|securemail)$" /-->
+	<!--
+		Not secured by server:
+					-->
+	<!--securecookie host="^securemail\.unimi\.it$" name="^iwc-auth$" /-->
+
+	<securecookie host="^securemail\.unimi\.it$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?unimi\.it/(?=css/|img/|registrazione/\w+\.keb)"
+		to="https://www.unimi.it/" />
+
+	<rule from="^http://(cas|www\.elearning|securemail)\.unimi\.it/"
+		to="https://$1.unimi.it/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Unindented.org.xml b/src/chrome/content/rules/Unindented.org.xml
new file mode 100644
index 000000000000..9f7110721016
--- /dev/null
+++ b/src/chrome/content/rules/Unindented.org.xml
@@ -0,0 +1,9 @@
+<ruleset name="Unindented.org">
+
+	<target host="unindented.org" />
+	<target host="www.unindented.org" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Uninett.xml b/src/chrome/content/rules/Uninett.xml
index 01a08df08407..85f94ca54f21 100644
--- a/src/chrome/content/rules/Uninett.xml
+++ b/src/chrome/content/rules/Uninett.xml
@@ -1,59 +1,112 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://rt.uninett.no/ => https://rt.uninett.no/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://gn3campus.uninett.no/ => https://ow.feide.no/geantcampus:start: (6, 'Could not resolve host: ow.feide.no')
+Fetch error: http://www.gn3campus.uninett.no/ => https://ow.feide.no/geantcampus:start: (6, 'Could not resolve host: ow.feide.no')
+
 	Other Uninett rulesets:
 
 		- Discojuice.org.xml
+		- ECampus.no.xml
 		- Feide.xml
 		- Foodl.org.xml
 
 
-	Nonfunctional subdomains:
+	Nonfunctional hosts in *uninett.no:
+
+		- apt ¹
+		- blog.nav ²
+		- login.paas ³
+
+	¹ Refused
+	² Blogger / handshake fails
+	³ Shows loggregator.paas
+
+
+	Problematic domains:
+
+		- www.gigacampus.no ¹
+		- (www.)?gn3campus.uninett.no ²
 
-		- apt *
-		- search *
+	¹ Shows loggregator.paas.uninett.no, preemptable redirect
+	² Redirects to www
 
-	* Redirects to www
 
+	These altnames don't exist:
 
-	Problematic subdomains:
+		- drupal-nymedia.uninett.no
+		- eureka-nymedia.uninett.no
+		- www.idp.uninett.no
+		- www6.uninett.no
 
-		- (www.)gn3campus	(redirects to www)
 
+	Insecure cookies are set for these domains and hosts: ᶜ
 
-	Fully covered subdomains:
+		- bildebase.uninett.no
+		- .bildebase.uninett.no
+		- eureka.uninett.no
+		- openwiki.uninett.no
+		- uaa.paas.uninett.no
+		- .rt.uninett.no
 
-		- (www.)
-		- ansatt
-		- bildebase
-		- ca
-		- www.dike
-		- disco
-		- drupal
-		- eureka
-		- (www.)gn3campus	(→ ow.feide.no)
-		- metanav
-		- nav
-		- openwiki
-		- rt
-		- surveytest
-		- tjenester
-		- test.tjenester
-		- www3
-		- www-feide
+	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="Uninett (partial)">
+<ruleset name="Uninett.no (partial)" default_off="failed ruleset test">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="uninett.no" />
-	<target host="*.uninett.no" />
+	<target host="agora.uninett.no" />
+	<target host="bildebase.uninett.no" />
+	<target host="ca.uninett.no" />
+	<target host="cert.uninett.no" />
+	<target host="drupal.uninett.no" />
+	<target host="eureka.uninett.no" />
+	<target host="metanav.uninett.no" />
+	<target host="nav.uninett.no" />
+	<target host="openwiki.uninett.no" />
 
+	<target host="api.paas.uninett.no" />
+	<target host="doppler.paas.uninett.no" />
+	<target host="loggregator.paas.uninett.no" />
+	<target host="uaa.paas.uninett.no" />
 
-	<securecookie host="^(?:\.ansatt|\.?bildebase|\.?eureka|nav|openwiki|\.rt|surveytest|\.(?:test\.)?tjenester|\.www)\.uninett\.no$" name=".+" />
+	<target host="piwik.uninett.no" />
+	<target host="rt.uninett.no" />
+	<target host="tjenester.uninett.no" />
+	<target host="www.uninett.no" />
 
+	<!--	Complications:
+				-->
+	<target host="www.gigacampus.no" />
 
-	<rule from="^http://((?:ansatt|bildebase|ca|www\.dike|disco|drupal|eureka|metanav|nav|openwiki|rt|surveytest|(?:test\.)?tjenester|www3?|www-feide)\.)?uninett\.no/"
-		to="https://$1uninett.no/" />
+	<target host="gn3campus.uninett.no" />
+	<target host="www.gn3campus.uninett.no" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:bildebase|eureka|openwiki)\.uninett\.no$" name="^SimpleSAMLSessionID$" /-->
+	<!--securecookie host="^\.bildebase\.uninett\.no$" name="^SESS[\da-f]{32}$" /-->
+	<!--securecookie host="^uaa\.paas\.uninett\.no$" name="^X-Uaa-Csrf$" /-->
+	<!--securecookie host="^\.rt\.uninett\.no$" name="^mellon-ansattcookie$" /-->
+
+	<securecookie host="^(?!\.uninett\.no$)." name=".+" />
+
+
+	<!--	Redirect drops path and args:
+						-->
+	<rule from="^http://www\.gigacampus\.no/.*"
+		to="https://openwiki.uninett.no/gigacampus:start" />
+
+		<test url="http://www.gigacampus.no/index.php" />
 
 	<rule from="^http://(?:www\.)?gn3campus\.uninett\.no/"
 		to="https://ow.feide.no/geantcampus:start" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/UnionPay.com.xml b/src/chrome/content/rules/UnionPay.com.xml
new file mode 100644
index 000000000000..aefe25bf5b4e
--- /dev/null
+++ b/src/chrome/content/rules/UnionPay.com.xml
@@ -0,0 +1,69 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://sign.unionpay.com/ => https://sign.unionpay.com/: (51, "SSL: no alternative certificate subject name matches target host name 'sign.unionpay.com'")
+Fetch error: http://ums.unionpaysecure.com/ => https://ums.unionpaysecure.com/: (51, "SSL: no alternative certificate subject name matches target host name 'ums.unionpaysecure.com'")
+
+	See also
+		95516.com.xml
+
+	Mismatch
+		- haigou.unionpay.com
+		- mpay.unionpay.com
+		- upstudy.unionpay.com
+
+	Incomplete certificate chain
+		- bbs.unionpay.com
+		- portal.unionpay.com
+		- testingservice.unionpayintl.com
+
+	Refused
+		- premium.unionpay.com
+
+	Timeout
+		- product.unionpay.com
+		- supplier.unionpay.com
+		- unionpayintl.com
+		- www.unionpayintl.com
+		- goldenweek.unionpayintl.com
+		- m.unionpayintl.com
+-->
+<ruleset name="UnionPay.com (partial)" default_off="failed ruleset test">
+	<target host="unionpay.com" />
+	<target host="www.unionpay.com" />
+
+	<target host="cn.unionpay.com" />
+	<target host="en.unionpay.com" />
+	<target host="fr.unionpay.com" />
+	<target host="jp.unionpay.com" />
+	<target host="kr.unionpay.com" />
+
+	<target host="95516.unionpay.com" />
+	<target host="billcloud.unionpay.com" />
+		<test url="http://billcloud.unionpay.com/ccfront" />
+	<target host="cert.unionpay.com" />
+	<target host="corporate.unionpay.com" />
+	<target host="ebpp.unionpay.com" />
+	<target host="m.haigou.unionpay.com" />
+	<target host="mail.unionpay.com" />
+	<target host="member.unionpay.com" />
+	<target host="merchant.unionpay.com" />
+	<target host="minipay.unionpay.com" />
+	<target host="mobile.unionpay.com" />
+	<target host="cmsp.mobile.unionpay.com" />
+	<target host="oaweixin.unionpay.com" />
+		<test url="http://oaweixin.unionpay.com/cup_weixin/amcc.html" />
+	<target host="online.unionpay.com" />
+	<target host="open.unionpay.com" />
+	<target host="sign.unionpay.com" />
+
+	<target host="bonus.unionpayintl.com" />
+
+	<target host="unionpaysecure.com" />
+		<test url="http://unionpaysecure.com/api/Pay.action" />
+	<target host="ums.unionpaysecure.com" />
+	<target host="upa.unionpaysecure.com" />
+		<test url="http://upa.unionpaysecure.com/sampler/ubass.js?sysId=upop_portal" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Uniovi.es.xml b/src/chrome/content/rules/Uniovi.es.xml
new file mode 100644
index 000000000000..a77893859a8b
--- /dev/null
+++ b/src/chrome/content/rules/Uniovi.es.xml
@@ -0,0 +1,112 @@
+<!--
+	Ruleset for uniovi.es, the University of Oviedo website.
+	See <https://en.wikipedia.org/wiki/University_of_Oviedo>.
+
+	Not supporting HTTPS or using an invalid certificate:
+
+		* uniovi.es
+
+		* abello2.edv.uniovi.es
+		* adey132.econo.uniovi.es
+		* aic24.aic.uniovi.es
+		* aida.ciencias.uniovi.es
+		* airnas.lsi.uniovi.es
+		* albala.si.uniovi.es
+		* api.uniovi.es
+		* azufre.quimica.uniovi.es
+		* carleos.epv.uniovi.es
+		* cms.mieres.uniovi.es
+		* cms.uniovi.es
+		* degradome.uniovi.es
+		* di002.edv.uniovi.es
+		* di098.edv.uniovi.es
+		* ftp.uniovi.es
+		* gip.uniovi.es
+		* in2test.lsi.uniovi.es
+		* isa.uniovi.es
+		* llar.net.uniovi.es
+		* lsi.uniovi.es
+		* mail.uniovi.es
+		* ocw.uniovi.es
+		* orion.ciencias.uniovi.es
+		* relay.uniovi.es
+		* spi03.sct.uniovi.es
+		* virtual.uniovi.es
+		* web-03.innova.uniovi.es
+		* webunioviedo.innova.uniovi.es
+		* wellpath.uniovi.es
+		* www10.uniovi.es
+		* www6.uniovi.es
+		* www.aic.uniovi.es
+		* www.api.uniovi.es
+		* www.atc.uniovi.es
+		* www.construccion.uniovi.es
+		* www.di.uniovi.es
+		* www.epigijon.uniovi.es
+		* www.geol.uniovi.es
+		* www.hci.uniovi.es
+		* www.indurot.uniovi.es
+		* www.innova.uniovi.es
+		* www.otri.uniovi.es
+		* www.prevencion.uniovi.es
+		* www.sct.uniovi.es
+		* www.si.uniovi.es
+		* xanes.net.uniovi.es
+		* zeus.etsimo.uniovi.es
+-->
+<ruleset name="Universidad de Oviedo">
+
+	<target host="biologia.uniovi.es" />
+	<target host="buo.uniovi.es" />
+	<target host="cassi.uniovi.es" />
+	<target host="cei.uniovi.es" />
+	<target host="cestudiantes.uniovi.es" />
+	<target host="ciencias.uniovi.es" />
+	<target host="cjb.uniovi.es" />
+	<target host="colab.uniovi.es" />
+	<target host="colegioamerica.uniovi.es" />
+	<target host="dcif.uniovi.es" />
+	<target host="deportes.uniovi.es" />
+	<target host="derecho.uniovi.es" />
+	<target host="dieecs.uniovi.es" />
+	<target host="directo.uniovi.es" />
+	<target host="econo.uniovi.es" />
+	<target host="eimem.uniovi.es" />
+	<target host="eleccionesrectorado.uniovi.es" />
+	<target host="empleo.uniovi.es" />
+	<target host="encuestas.uniovi.es" />
+	<target host="epm.uniovi.es" />
+	<target host="euniovi.uniovi.es" />
+	<target host="foroempleo.uniovi.es" />
+	<target host="fpe.uniovi.es" />
+	<target host="fyl.uniovi.es" />
+	<target host="geografia.uniovi.es" />
+	<target host="geologia.uniovi.es" />
+	<target host="historia.uniovi.es" />
+	<target host="ice.uniovi.es" />
+	<target host="intranetfuo.uniovi.es" />
+	<target host="intranet.uniovi.es" />
+	<target host="jovellanos.uniovi.es" />
+	<target host="lacasadelaslenguas.uniovi.es" />
+	<target host="marina.uniovi.es" />
+	<target host="matematicas.uniovi.es" />
+	<target host="mbc.uniovi.es" />
+	<target host="medepor.uniovi.es" />
+	<target host="medicinaysalud.uniovi.es" />
+	<target host="psicologia.uniovi.es" />
+	<target host="quimica.uniovi.es" />
+	<target host="sangregorio.uniovi.es" />
+	<target host="secretaria.uniovi.es" />
+	<target host="sede.uniovi.es" />
+	<target host="selim.uniovi.es" />
+	<target host="sies.uniovi.es" />
+	<target host="sociologia.uniovi.es" />
+	<target host="web.uniovi.es" />
+	<target host="www.campusvirtual.uniovi.es" />
+	<target host="www.uniovi.es" />
+	<target host="xiiirbmp.uniovi.es" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Unique-Filer.xml b/src/chrome/content/rules/Unique-Filer.xml
index 22ef75f2ac24..a90c801d03d7 100644
--- a/src/chrome/content/rules/Unique-Filer.xml
+++ b/src/chrome/content/rules/Unique-Filer.xml
@@ -6,7 +6,7 @@
 	<target host="www.uniquefiler.com" />
 
 
-	<rule from="^https?://(?:www\.)?uniquefiler\.com/"
+	<rule from="^http://(?:www\.)?uniquefiler\.com/"
 		to="https://uniquefiler.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/UniqueOffersSeychelles.xml b/src/chrome/content/rules/UniqueOffersSeychelles.xml
deleted file mode 100644
index 33ac45d455e9..000000000000
--- a/src/chrome/content/rules/UniqueOffersSeychelles.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<ruleset name="UniqueOffersSeychelles" default_off="expired">
-
-	<target host="uniqueoffersghana.com"/>
-	<target host="www.uniqueoffersghana.com"/>
-
-	<securecookie host="^(.*\.)?uniqueoffersghana\.com$" name=".*"/>
-
-	<rule from="^http://(?:www\.)?uniqueoffersghana\.com/"
-		to="https://uniqueoffersghana.com/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Unique_Vintage.xml b/src/chrome/content/rules/Unique_Vintage.xml
index c77640b1411b..934afd92aa32 100644
--- a/src/chrome/content/rules/Unique_Vintage.xml
+++ b/src/chrome/content/rules/Unique_Vintage.xml
@@ -1,7 +1,7 @@
 <ruleset name="Unique Vintage">
 
 	<target host="unique-vintage.com" />
-	<target host="*.unique-vintage.com" />
+	<target host="www.unique-vintage.com" />
 
 
 	<securecookie host="^\.unique-vintage\.com$" name=".+" />
@@ -9,7 +9,7 @@
 
 	<!--	Cert only matches www.
 					-->
-	<rule from="^https?://(?:www\.)?unique-vintage\.com/"
+	<rule from="^http://(?:www\.)?unique-vintage\.com/"
 		to="https://www.unique-vintage.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Uniregistry.com.xml b/src/chrome/content/rules/Uniregistry.com.xml
new file mode 100644
index 000000000000..a8fbcbc778fa
--- /dev/null
+++ b/src/chrome/content/rules/Uniregistry.com.xml
@@ -0,0 +1,36 @@
+<!--
+	Other Uniregistry rulesets:
+
+		- Uniregistry.net.xml
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- uniregistry.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Uniregistry.com">
+
+	<target host="uniregistry.com" />
+	<target host="ap.uniregistry.com" />
+	<target host="mail.uniregistry.com" />
+	<target host="www.uniregistry.com" />
+
+		<!--	Sets cookie without Secure:
+							-->
+		<!--test url="http://uniregistry.com/affiliates/track?q=&amp;fs=&amp;utm_campaign=&amp;utm_medium=&amp;utm_source=&amp;track=" />	for future commit -->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^uniregistry\.com$" name="^(?:session|uap_tracking_identifier)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Uniregistry.net.xml b/src/chrome/content/rules/Uniregistry.net.xml
new file mode 100644
index 000000000000..cadf83612636
--- /dev/null
+++ b/src/chrome/content/rules/Uniregistry.net.xml
@@ -0,0 +1,15 @@
+<!--
+	For other Uniregistry coverage, see Uniregistry.com.xml.
+
+-->
+<ruleset name="Uniregistry.net">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="static.uniregistry.net" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Unisend.com.xml b/src/chrome/content/rules/Unisend.com.xml
new file mode 100644
index 000000000000..c34f1336a5a3
--- /dev/null
+++ b/src/chrome/content/rules/Unisend.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .unisend.com
+
+-->
+<ruleset name="Unisend.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="unisend.com" />
+	<target host="www.unisend.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.unisend\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.unisend\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Unisg.ch.xml b/src/chrome/content/rules/Unisg.ch.xml
index 6d62b2519e4e..f6bb2273cebb 100644
--- a/src/chrome/content/rules/Unisg.ch.xml
+++ b/src/chrome/content/rules/Unisg.ch.xml
@@ -1,6 +1,54 @@
+<!--
+	Invalid Certificate:
+		unisg.ch
+		www.cse.unisg.ch
+	Unable to connect:
+		iwp-db.unisg.ch
+-->
 <ruleset name="Unisg.ch">
-  <target host="unisg.ch" />
-  <target host="www.unisg.ch" />
+	<target host="unisg.ch" />
+	<target host="www.unisg.ch" />
+	<target host="aca.unisg.ch" />
+	<target host="fgn.unisg.ch" />
+	<target host="fim.unisg.ch" />
+	<target host="fir.unisg.ch" />
+	<target host="fwr.unisg.ch" />
+	<target host="ifpm.unisg.ch" />
+	<target host="ifb.unisg.ch" />
+	<target host="iff.unisg.ch" />
+	<target host="imp.unisg.ch" />
+	<target host="iorcf.unisg.ch" />
+	<target host="ipw.unisg.ch" />
+	<target host="irm.unisg.ch" />
+	<target host="irp.unisg.ch" />
+	<target host="item.unisg.ch" />
+	<target host="iwe.unisg.ch" />
+	<target host="iwoe.unisg.ch" />
+	<target host="iwp.unisg.ch" />
+	<target host="kmu.unisg.ch" />
+	<target host="mcm.unisg.ch" />
+	<target host="opsy.unisg.ch" />
+	<target host="sbf.unisg.ch" />
+	<target host="sew.unisg.ch" />
+	<target host="singapore.unisg.ch" />
+	<target host="siaw.unisg.ch" />
+	<target host="acc.unisg.ch" />
+	<target host="cdi.unisg.ch" />
+	<target host="cfac.unisg.ch" />
+	<target host="cfb.unisg.ch" />
+	<target host="cfi.unisg.ch" />
+	<target host="chc.unisg.ch" />
+	<target host="cls.unisg.ch" />
+	<target host="egi.unisg.ch" />
+	<target host="gce.unisg.ch" />
+	<target host="gcei.unisg.ch" />
+	<target host="genderportal.unisg.ch" />
+	<target host="hdz.unisg.ch" />
+	<target host="scil.unisg.ch" />
 
-  <rule from="^http://(www\.)?unisg\.ch/" to="https://www.unisg.ch/" />
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://unisg\.ch/" to="https://www.unisg.ch/" />
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Unistream.ru.xml b/src/chrome/content/rules/Unistream.ru.xml
new file mode 100644
index 000000000000..2af99e45350f
--- /dev/null
+++ b/src/chrome/content/rules/Unistream.ru.xml
@@ -0,0 +1,42 @@
+<!--
+api.unistream.ru ⁴
+www.conference.unistream.ru ¹
+www.corp.unistream.ru ¹
+www.geo.unistream.ru ¹
+inline.geo.unistream.ru ¹
+svyaznoy.geo.unistream.ru ¹
+iw.unistream.ru ³
+lk.unistream.ru ¹
+mail.lk.unistream.ru ¹
+storage.unistream.ru ¹
+conference.unistream.ru mixed content
+
+
+¹ mismatch
+³ timed out
+⁴ self signed
+-->
+<ruleset name="unistream.ru">
+	<target host="unistream.ru" />
+	<target host="www.unistream.ru" />
+	<target host="2016.unistream.ru" />
+	<target host="address.unistream.ru" />
+	<target host="bank.unistream.ru" />
+	<target host="card2card.unistream.ru" />
+	<target host="card2cash.unistream.ru" />
+	<target host="comwww.unistream.ru" />
+	<target host="cp.unistream.ru" />
+	<target host="form.unistream.ru" />
+	<target host="geo.unistream.ru" />
+	<target host="geo2.unistream.ru" />
+	<target host="map.unistream.ru" />
+	<target host="money.unistream.ru" />
+	<target host="nawww.unistream.ru" />
+	<target host="online.unistream.ru" />
+	<target host="online-perevod.unistream.ru" />
+	<target host="shopping.unistream.ru" />
+	<target host="wallet.unistream.ru" />
+	<target host="wwww.unistream.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Unisys.co.jp.xml b/src/chrome/content/rules/Unisys.co.jp.xml
new file mode 100644
index 000000000000..62c1067b59c5
--- /dev/null
+++ b/src/chrome/content/rules/Unisys.co.jp.xml
@@ -0,0 +1,42 @@
+<!--
+	Other Unisys rulesets:
+
+		- LearningCast.jp.xml
+
+
+	Nonfunctional hosts in *unisys.co.jp:
+
+		- c-reaff ᵈ
+		- dr ᵈ
+		- smartoasis ᵈ
+
+	ᵈ Dropped
+
+
+	^unisys.co.jp: Mismatched
+
+-->
+<ruleset name="Unisys.co.jp (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="evesys.unisys.co.jp" />
+	<target host="learning.unisys.co.jp" />
+	<target host="www.unisys.co.jp" />
+
+	<!--	Complications:
+				-->
+	<target host="unisys.co.jp" />
+
+
+	<securecookie host="^\." name="^_gat?$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://unisys\.co\.jp/"
+		to="https://www.unisys.co.jp/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Unisys.com.xml b/src/chrome/content/rules/Unisys.com.xml
index 022ebcdc034a..51084b077e45 100644
--- a/src/chrome/content/rules/Unisys.com.xml
+++ b/src/chrome/content/rules/Unisys.com.xml
@@ -18,14 +18,15 @@
 -->
 <ruleset name="Unisys.com (partial)">
 
-	<target host="*.unisys.com" />
+	<target host="www.app3.unisys.com" />
+	<!--target host="infoselect.unisys.com" /-->
+	<target host="www.support.unisys.com" />
 		<!--exclusion pattern="^http://(blogs|public\.support|webcast|www)\.unisys\.com/" /-->
 
 
 	<securecookie host="^www\.support\.unisys\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.app3|infoselect|www\.support)\.unisys\.com/"
-		to="https://$1.unisys.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Unitarian_Universalist_Association_of_Congregations.xml b/src/chrome/content/rules/Unitarian_Universalist_Association_of_Congregations.xml
index 02ef98233843..1281e5b325e1 100644
--- a/src/chrome/content/rules/Unitarian_Universalist_Association_of_Congregations.xml
+++ b/src/chrome/content/rules/Unitarian_Universalist_Association_of_Congregations.xml
@@ -1,19 +1,33 @@
 <!--
+	Unitarian Universalist Association of Congregations
+
+
 	Nonfunctional subdomains:
 
 		- img	(shows www, valid cert)
 
 
+	^uua.org: Mismatched
+
+
 	Mixed images from img
 
 -->
-<ruleset name="Unitarian Universalist Association of Congregations (partial)">
+<ruleset name="UUA.org (partial)">
 
-	<target host="uua.org" />
+	<!--	Direct rewrites:
+				-->
 	<target host="www.uua.org" />
 
+	<!--	Complications:
+				-->
+	<target host="uua.org" />
+
+
+	<rule from="^http://uua\.org/"
+		to="https://www.uua.org/" />
 
-	<rule from="^http://(www\.)?uua\.org/"
-		to="https://$1uua.org/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/United-Internet.xml b/src/chrome/content/rules/United-Internet.xml
index f1c243df5d54..604f3deb75aa 100644
--- a/src/chrome/content/rules/United-Internet.xml
+++ b/src/chrome/content/rules/United-Internet.xml
@@ -1,17 +1,24 @@
 <!--
 	Other United Internet rulesets:
 
+		- 1u1s.de.xml
+		- 1and1.ca.xml
+		- 1and1.co.uk.xml
 		- 1and1-Internet.xml
 		- 1und1.de.xml
+		- Botfrei.de.xml
 		- Corpimages.de.xml
 		- GMX.xml
-		- Mail.com.xml
+		- initial-website.com.xml
+		- oneandone.net.xml
+		- perfora.net
+		- tifbs.net.xml
 		- Top.de.xml
 		- UI_CDN.com.xml
 		- UI_CDN.net.xml
 		- UImserv.net.xml
 		- UI-Portal.xml
-		- Web.de.xml
+		- Website-start.de.xml
 
 -->
 <ruleset name="United Internet">
@@ -20,11 +27,10 @@
 	<target host="www.united-internet.de" />
 
 
-	<securecookie host="^www\.united-internet\.de$" name=".*" />
+	<securecookie host="^www\.united-internet\.de$" name=".+" />
 
 
 	<!--	Cert only matches www.	-->
-	<rule from="^http://(?:www\.)?united-internet\.de/"
-		to="https://www.united-internet.de/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/United-Nations-mismatches.xml b/src/chrome/content/rules/United-Nations-mismatches.xml
index 55071f00003b..46a9d17c35a8 100644
--- a/src/chrome/content/rules/United-Nations-mismatches.xml
+++ b/src/chrome/content/rules/United-Nations-mismatches.xml
@@ -2,13 +2,13 @@
 	For rules that are on by default, see UN.org.xml.
 
 -->
-<ruleset name="United Nations (mismatches)" default_off="mismatch">
+<ruleset name="United Nations (mismatches)" default_off="mismatched">
 
 	<target host="uncsd2012.org" />
 	<target host="www.uncsd2012.org" />
 
 
-	<securecookie host="^uncsd2012\.org$" name=".*" />
+	<securecookie host="^uncsd2012\.org$" name=".+" />
 
 
 	<rule from="^http://(?:www\.)?uncsd2012\.org/"
diff --git a/src/chrome/content/rules/United-Nuclear-Scientific.xml b/src/chrome/content/rules/United-Nuclear-Scientific.xml
index 4645f6e5f436..c4a78ec305d6 100644
--- a/src/chrome/content/rules/United-Nuclear-Scientific.xml
+++ b/src/chrome/content/rules/United-Nuclear-Scientific.xml
@@ -1,14 +1,14 @@
 <ruleset name="United Nuclear Scientific">
 
 	<target host="unitednuclear.com" />
+	<target host="www.unitednuclear.com" />
 	<!--	* for cross-domain cookies.	-->
-	<target host="*.unitednuclear.com" />
 
 
-	<securecookie host="^(.*\.)?unitednuclear\.com$" name=".*" />
 
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(www\.)?unitednuclear\.com/"
-		to="https://$1unitednuclear.com/" />
+
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/United-San-Antonio-Fed-Credit-Union.xml b/src/chrome/content/rules/United-San-Antonio-Fed-Credit-Union.xml
deleted file mode 100644
index da06e9174c5d..000000000000
--- a/src/chrome/content/rules/United-San-Antonio-Fed-Credit-Union.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<ruleset name="United San Antonio Federal Credit Union">
-
-	<target host="unitedsafcu.org" />
-	<target host="*.unitedsafcu.org" />
-
-
-	<securecookie host="^\.?unitedsafcu\.org$" name=".+" />
-
-
-	<!--	Accessing https://unitedsafcu.org/ does not seem to work.	-->
-	<rule from="^https?://unitedsafcu\.org/"
-		to="https://www.unitedsafcu.org/" />
-
-	<rule from="^http://([\w\-]+)\.unitedsafcu\.org/"
-		to="https://$1.unitedsafcu.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/United-States-Department-of-Agriculture.xml b/src/chrome/content/rules/United-States-Department-of-Agriculture.xml
index b4cc2b19ca7d..4ec6ac7eb5cb 100644
--- a/src/chrome/content/rules/United-States-Department-of-Agriculture.xml
+++ b/src/chrome/content/rules/United-States-Department-of-Agriculture.xml
@@ -1,38 +1,173 @@
+
 <!--
-	For problematic rules, see US-government-mismatches.
+Disabled by https-everywhere-checker because:
+Fetch error: http://myforms.sc.egov.usda.gov/ => https://myforms.sc.egov.usda.gov/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://pws.sc.egov.usda.gov/ => https://pws.sc.egov.usda.gov/: (6, 'Could not resolve host: pws.sc.egov.usda.gov')
+Fetch error: http://usdalinc.sc.egov.usda.gov/ => https://usdalinc.sc.egov.usda.gov/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://my.usda.gov/ => https://my.usda.gov/: (35, 'Unknown SSL protocol error in connection to my.usda.gov:443 ')
+
+	United States Department of Agriculture
+
+	For problematic rules, see USDA-ARS.xml.
+
+
+
+	Nonfunctional hosts in *usda.gov:
+
+		- ^ ᶠ
+		- www.ams ʰ
+		- wt-sdc2.arsnet ᵈ
+		- www.cnpp ʰ
+		- www.csrees ᵈ
+		- www.dm
+
+		- eauth.sc.egov ᶠ
+		- eligability.sc.egov ᶠ
+		- forms.sc.egov ᶠ
+		- offices.sc.egov ᶠ
+		- rdmfhrentals.sc.egov ᶠ
+
+		- www.energymatrix ᵈ
+
+		- snaped.fns ᶠ
+		- www.whatscooking.fns	503
+		- www.fns ᶠ
+
+		- www.fsis	503
+
+		- agclass.nal ᶠ
+		- agricola.nal ᶠ
+		- awic.nal ᶠ
+		- naldc.nal ᶠ
+		- ndb.nal ʳ
+		- organicroots.nal ᶠ
+		- pubag.nal ᶠ
+
+		- www.mo.nrcs ᵈ
+		- climatehubs.oce ᶠ
+		- www.ocfo ʰ
+		- www.ocio ʰ
+		- www.rd ʰ
+		- rdhomeloans ᶠ
+		- www.resales ᶠ
+		- rurdev ᵈ
+		- search ʰ
+		- usdasearch		403
+		- vivo ᶠ
+		- websoilsurvey ᶠ
+		- www ʰ
+
+	ᵈ Dropped
+	ᶠ Handshake fails
+	ʰ Redirects to http
+	ʳ Refused
 
 
-	For other US government coverage, see US-government.xml.
+	Problematic hosts in *usda.gov:
 
+		- www.ars ˣ
+		- origin.drupal.fns ᵐ
+		- fsa ᶠ
+		- (www.)?nifa ᶜ ˣ
+		- www.nrcs ᴬ
+		- www.rurdev ᴬ
 
-		Nonfunctional subdomains:
+	ᴬ Akamai/mismatched
+	ˣ Mixed css
+	ᵐ Mismatched
+	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
+	ᶠ Handshake fails
 
-			- www			(Akaamai, redirects to pws.sc.egov.usda.gov;
-						!www used to work [cert: my.usda.gov], but has been broken
-						along with an undue cert update [presumably intentionally])
-			- www.csrees		(times out)
-			- (www.)eauth.egov
-			- www.nrcs		(Akamai; www redirects to pws.sc.egov.usda.gov; !www times out)
-			- www.mo.nrcs.usda.gov	(times out)
-			- (www.)rurdev		(!www times out)
-			- forms.sc.egov		(timeout)
+
+	Mixed content:
+
+		- css, on:
+
+			- www.ars from code.jquery.com *
+			- (www.)?nifa from fonts.googleapis.com *
+			- (www.)?nifa from nifa.usda.gov
+			- (www.)?nifa from www.nifa.usda.gov
+
+		- Images, on:
+
+			- i5k.nal from media.eol.org
+			- ltar.nal cdn.1001freedownloads.com
+			- audioarchives.oc from $self *
+
+		- Bugs on www.ars from wt-sdc2.arsnet.usda.gov
+
+	* Secured by us
 
 -->
-<ruleset name="United States Department of Agriculture (partial)">
+<ruleset name="USDA.gov (partial)" default_off="failed ruleset test">
 
-	<target host="*.sc.egov.usda.gov" />
+	<!--	Direct rewrites:
+				-->
+	<target host="search.ams.usda.gov" />
+	<target host="www.aphis.usda.gov" />
+	<target host="ars.usda.gov" />
+	<target host="agresearchmag.ars.usda.gov" />
+	<!--target host="www.ars.usda.gov" /-->
+	<target host="www.ascr.usda.gov" />
+	<target host="www.eauth.usda.gov" />
+	<target host="identitymanager.eems.usda.gov" />
+
+	<target host="myforms.sc.egov.usda.gov" />
+	<target host="oip.sc.egov.usda.gov" />
+	<target host="pws.sc.egov.usda.gov" />
+	<target host="usdalinc.sc.egov.usda.gov" />
+
+	<target host="lovingsupport.fns.usda.gov" />
+	<target host="wicnss.fns.usda.gov" />
+	<target host="wicworks.fns.usda.gov" />
+
+	<target host="www.fsa.usda.gov" />
 	<target host="my.usda.gov" />
+
+	<target host="afsic.nal.usda.gov" />
+	<target host="d2.nal.usda.gov" />
+	<target host="data.nal.usda.gov" />
+	<target host="digitop.nal.usda.gov" />
+	<target host="dtnav.nal.usda.gov" />
+	<target host="fnic.nal.usda.gov" />
+	<target host="fsrio.nal.usda.gov" />
+	<target host="healthymeals.nal.usda.gov" />
+	<target host="i5k.nal.usda.gov" />
+	<target host="lovingsupport.nal.usda.gov" />
+	<target host="ltar.nal.usda.gov" />
+	<target host="nutritionhistory.nal.usda.gov" />
+	<target host="ric.nal.usda.gov" />
+	<target host="riley.nal.usda.gov" />
+	<target host="snap.nal.usda.gov" />
+	<target host="specialcollections.nal.usda.gov" />
+	<target host="submit.nal.usda.gov" />
+	<target host="wicnss.nal.usda.gov" />
+	<target host="wicworks.nal.usda.gov" />
+	<target host="wqic.nal.usda.gov" />
+	<target host="www.nal.usda.gov" />
+
+	<target host="newfarmers.usda.gov" />
+	<target host="nfc.usda.gov" />
+	<target host="www.nfc.usda.gov" />
+	<!--target host="nifa.usda.gov" /-->
+	<!--target host="www.nifa.usda.gov" /-->
+	<target host="audioarchives.oc.usda.gov" />
 	<target host="oip.usda.gov" />
+	<target host="supertracker.usda.gov" />
+	<target host="www.supertracker.usda.gov" />
+
+	<!--	Complications:
+				-->
+	<target host="fsa.usda.gov" />
 
 
-	<securecookie host="^my\.usda\.gov$" name=".*" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<!--	cert doesn't match !www		-->
-	<rule from="^http://(?:www\.)?fsa\.usda\.gov/"
+	<rule from="^http://fsa\.usda\.gov/"
 		to="https://www.fsa.usda.gov/" />
 
-	<rule from="^http://(my|oip|(?:oip|pws)\.sc\.egov)\.usda\.gov/"
-		to="https://$1.usda.gov/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/United-States-Department-of-Energy.xml b/src/chrome/content/rules/United-States-Department-of-Energy.xml
index 2801d69682bc..dc5e95bdca62 100644
--- a/src/chrome/content/rules/United-States-Department-of-Energy.xml
+++ b/src/chrome/content/rules/United-States-Department-of-Energy.xml
@@ -11,11 +11,13 @@
 -->
 <ruleset name="United States Department of Energy (partial)">
 
-	<target host="*.doe.gov" />
-	<target host="www.*.doe.gov" />
+	<target host="directives.doe.gov" />
+	<target host="www.directives.doe.gov" />
+	<target host="hss.doe.gov" />
+	<target host="www.hss.doe.gov" />
 
 
-	<securecookie host="^(www\.)?directives\.doe\.gov$" name=".*" />
+	<securecookie host="^(?:www\.)?directives\.doe\.gov$" name=".+" />
 
 
 	<rule from="^http://(www\.)?directives\.doe\.gov/"
diff --git a/src/chrome/content/rules/United-States-Nuclear-Regulatory-Commission.xml b/src/chrome/content/rules/United-States-Nuclear-Regulatory-Commission.xml
index 343076a36302..6ece8e3a1376 100644
--- a/src/chrome/content/rules/United-States-Nuclear-Regulatory-Commission.xml
+++ b/src/chrome/content/rules/United-States-Nuclear-Regulatory-Commission.xml
@@ -1,23 +1,38 @@
 <!--
-	For other US government coverage, see US-government.xml.
+	United States Nuclear Regulatory Commission
+
 
 
 	Nonfunctional subdomains:
 
 		- pbadupws	(times out)
 
+
+	Problematic hosts in *nrc.gov:
+
+		- (www.)? ᵐ
+		- forms ᶜ
+
+	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
+	ᵐ Mismatched
+
 -->
-<ruleset name="United States Nuclear Regulatory Commission" platform="mixedcontent">
+<ruleset name="NRC.gov" default_off="cert-chain">
 
-	<!--	Cert: forms.nrc.gov	-->
-	<target host="nrc.gov" />
+	<!--	Direct rewrites:
+				-->
 	<target host="forms.nrc.gov" />
-	<!--	Akamai	-->
+
+	<!--	Complications:
+				-->
+	<target host="nrc.gov" />
 	<target host="www.nrc.gov" />
 
 
-	<!--	All show the same data.	-->
-	<rule from="^https?://(?:forms\.|www\.)?nrc\.gov/"
+	<rule from="^http://(?:www\.)?nrc\.gov/"
 		to="https://forms.nrc.gov/" />
 
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/United.xml b/src/chrome/content/rules/United.xml
index 0b0c8df46785..4f76cc227186 100644
--- a/src/chrome/content/rules/United.xml
+++ b/src/chrome/content/rules/United.xml
@@ -1,13 +1,67 @@
-<ruleset name="United Airlines">
+<!--
+	United Airlines
+
+
+	Nonfunctional hosts in *united.com:
+
+		- hotels *
+
+	* Redirects to http
+
+
+	Fully covered hosts in *united.com:
+
+		- (www.)?
+		- cruises
+		- hub
+		- mobile
+		- pss
+
+
+	travel: Dropped over http & https
+
+
+	Insecure cookies are set for these hosts:
+
+		- .united.com
+		- cruises.united.com
+		- .cruises.united.com
+		- hub.united.com
+		- mobile.united.com
+		- www.united.com
+
+
+	Mixed content:
+
+		- Image on www from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="United.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
   <target host="united.com" />
-  <target host="www.united.com" />
-  <target host="travel.united.com" />
+	<target host="cruises.united.com" />
+	<target host="hub.united.com" />
+	<target host="mobile.united.com" />
   <target host="pss.united.com" />
-  <target host="ua2go.com" />
-  <target host="www.ua2go.com" />
 
-  <rule from="^http://(?:www\.)?united\.com/" to="https://www.united.com/"/>
-  <rule from="^http://travel\.united\.com/" to="https://travel.united.com/"/>
-  <rule from="^http://pss\.united\.com/" to="https://pss.united.com/"/>
-  <rule from="^http://(?:www\.)?ua2go\.com/"  to="https://www.ua2go.com/"/>
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.united\.com$" name="^(1stSID|ChaseICLastPage|IP|TLTSID|TLTUID|WB03|akaau|cocom|culture|dnn|v1st)$" /-->
+	<!--securecookie host="^cruises\.united\.com$" name="^ASPSESSIONID[A-Z]{8}$" /-->
+	<!--securecookie host="^\.cruises\.united\.com$" name="^WD[UV]ID$" /-->
+	<!--securecookie host="^hub\.united\.com$" name="^hub lb$" /-->
+	<!--securecookie host="^mobile\.united\.com$" name="^(ASP\.NET_SessionId|AspxAutoDetectCookieSupport)$" /-->
+	<!--securecookie host="^www\.united\.com$" name="^(VanityURL|akaau)$" /-->
+
+	<securecookie host="^\.united\.com$" name="^v1st$" />
+	<securecookie host="^(?:\.?cruises|hub|mobile|www)\.united\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/United_Acquisition_Services.xml b/src/chrome/content/rules/United_Acquisition_Services.xml
index e2dcc9185ca6..3e7616748c88 100644
--- a/src/chrome/content/rules/United_Acquisition_Services.xml
+++ b/src/chrome/content/rules/United_Acquisition_Services.xml
@@ -1,15 +1,20 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://mail.uas.biz/ => https://mail.uas.biz/: (28, 'Connection timed out after 20000 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://mail.uas.biz/ => https://mail.uas.biz/: (28, 'Connection timed out after 10000 milliseconds')
 	Nonfunctional subdomains:
 
 		- (www.)	(shows mail; mismatched, CN: mail.uas.biz)
 
 -->
-<ruleset name="United Acquisition Services (partial)">
+<ruleset name="United Acquisition Services (partial)" default_off="failed ruleset test">
 
 	<target host="mail.uas.biz" />
 
 
-	<rule from="^http://mail\.uas\.biz/"
-		to="https://mail.uas.biz/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/United_Computer_Wizards.xml b/src/chrome/content/rules/United_Computer_Wizards.xml
index 7281857f8156..007387532cf8 100644
--- a/src/chrome/content/rules/United_Computer_Wizards.xml
+++ b/src/chrome/content/rules/United_Computer_Wizards.xml
@@ -1,17 +1,10 @@
-<!--
-	Cert only matches www
-
-
-	At least some personal subdomains show www
-
--->
-<ruleset name="United Computer Wizards (partial)" default_off="self-signed">
+<ruleset name="United Computer Wizards (partial)">
 
 	<target host="ucw.cz" />
 	<target host="www.ucw.cz" />
 
 
-	<rule from="^http://(?:www\.)?ucw\.cz/"
-		to="https://www.ucw.cz/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/United_Nations_Office_at_Vienna.xml b/src/chrome/content/rules/United_Nations_Office_at_Vienna.xml
index 2da53ba447bd..ceee64676c22 100644
--- a/src/chrome/content/rules/United_Nations_Office_at_Vienna.xml
+++ b/src/chrome/content/rules/United_Nations_Office_at_Vienna.xml
@@ -13,13 +13,13 @@
 -->
 <ruleset name="United Nations Office at Vienna (partial)">
 
-	<target host="*.unvienna.org" />
+	<target host="unvextn2.unvienna.org" />
+	<target host="www.unvienna.org" />
 
 
 	<securecookie host="^www\.unvienna\.org$" name=".+" />
 
 
-	<rule from="^http://(unvextn2|www)\.unvienna\.org/"
-		to="https://$1.unvienna.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/United_Republic.xml b/src/chrome/content/rules/United_Republic.xml
index 3392d1cb0755..bd6f862f2116 100644
--- a/src/chrome/content/rules/United_Republic.xml
+++ b/src/chrome/content/rules/United_Republic.xml
@@ -22,4 +22,4 @@
 	<rule from="^http://(www\.)?unitedrepublic\.org/(donate(?:$|\?|/)|wp-content/)"
 		to="https://$1unitedrepublic.org/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/United_Stationers.xml b/src/chrome/content/rules/United_Stationers.xml
index 67d9d116d623..38bdfc99fdc8 100644
--- a/src/chrome/content/rules/United_Stationers.xml
+++ b/src/chrome/content/rules/United_Stationers.xml
@@ -1,23 +1,24 @@
 <ruleset name="United Stationers (partial)">
 
 	<target host="oppictures.com" />
-	<target host="*.oppictures.com" />
+	<target host="content.oppictures.com" />
+	<target host="marketingassets.oppictures.com" />
+	<target host="www.oppictures.com" />
 	<target host="ussco.com" />
-	<target host="*.ussco.com" />
+	<target host="www.ussco.com" />
+	<target host="login.ussco.com" />
+	<target host="sso.ussco.com" />
 
 
 	<securecookie host="^.+\.ussco\.com$" name=".+" />
 
 
-	<rule from="^http://(content\.|marketingassets\.|www\.)?oppictures\.com/"
-		to="https://$1oppictures.com/" />
 
 	<!--	Cert only matches www.
 					-->
-	<rule from="^https?://(?:www\.)?ussco\.com/"
+	<rule from="^http://(?:www\.)?ussco\.com/"
 		to="https://www.ussco.com/" />
 
-	<rule from="^http://(login|sso)\.ussco\.com/"
-		to="https://$1.ussco.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Unitedplatform.com.xml b/src/chrome/content/rules/Unitedplatform.com.xml
new file mode 100644
index 000000000000..7e074868e3d4
--- /dev/null
+++ b/src/chrome/content/rules/Unitedplatform.com.xml
@@ -0,0 +1,19 @@
+<!--
+	For other DomainContext coverage, see DomainContext.com.xml.
+
+
+	(www.)?unitedplatform.com: Mismatched
+
+-->
+<ruleset name="unitedplatform.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="st.unitedplatform.com" />
+	<target host="st0.unitedplatform.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Unitn.it.xml b/src/chrome/content/rules/Unitn.it.xml
new file mode 100644
index 000000000000..754116f5713b
--- /dev/null
+++ b/src/chrome/content/rules/Unitn.it.xml
@@ -0,0 +1,29 @@
+<!--
+	Invalid certificate:
+		unitn.it
+		cimec.unitn.it
+		economia.unitn.it
+
+-->
+<ruleset name="Unitn.it (partial)">
+	<target host="unitn.it" />
+	<target host="www.unitn.it" />
+	<target host="alumni.unitn.it" />
+	<target host="centro3a.unitn.it" />
+	<target host="www.centro3a.unitn.it" />
+	<target host="cimec.unitn.it" />
+	<target host="www.cimec.unitn.it" />
+	<target host="gene.disi.unitn.it" />
+	<target host="economia.unitn.it" />
+	<target host="www.economia.unitn.it" />
+	<target host="international.unitn.it" />
+	<target host="knowtransfer.unitn.it" />
+	<target host="phd-researchfellow.unitn.it" />
+	<target host="pressroom.unitn.it" />
+	<target host="unitrentosport.unitn.it" />
+	<target host="webapps.unitn.it" />
+	<target host="webmagazine.unitn.it" />
+
+	<rule from="^http://(cimec\.|economia\.)?unitn\.it/" to="https://www.$1unitn.it/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Unity.xml b/src/chrome/content/rules/Unity.xml
index b566eb073993..c020cc6a9a9f 100644
--- a/src/chrome/content/rules/Unity.xml
+++ b/src/chrome/content/rules/Unity.xml
@@ -1,20 +1,57 @@
 <!--
-	Nonfunctional subdomains:
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- japan.unity3d.com
+		- response.unity3d.com
 
-		- download	(504, akamai)
+		4xx client error:
+		- kharma.unity3d.com
 
+		5xx server error:
+		- assetstore.unity3d.com
+		- www.assetstore.unity3d.com
 
+		Mixed content blocking (MCB) triggered:
+		- answers.unity3d.com
 -->
-<ruleset name="Unity (partial)" platform="mixedcontent">
-
+<ruleset name="Unity (partial)">
+	<!-- *unity.com -->
+	<target host="unity.com" />
+	<target host="www.unity.com" />
+	<target host="api.unity.com" />
+	<target host="certification.unity.com" />
+	<target host="checkout.unity.com" />
+	<target host="id.unity.com" />
+	<target host="madewith.unity.com" />
+	<target host="unite.unity.com" />
+
+	<!-- *unity3d.com -->
 	<target host="unity3d.com" />
-	<target host="*.unity3d.com" />
-
-
-	<securecookie host="^(?:.+\.)?unity3d\.com$" name=".*" />
-
-
-	<rule from="^http://(blogs\.|forum\.|www\.)?unity3d\.com/"
-		to="https://$1unity3d.com/" />
-
+	<target host="www.unity3d.com" />
+	<target host="accounts.unity3d.com" />
+	<target host="publisher.assetstore.unity3d.com" />
+	<target host="beta.unity3d.com" />
+	<target host="blogs.unity3d.com" />
+	<target host="analytics.cloud.unity3d.com" />
+	<target host="build.cloud.unity3d.com" />
+	<target host="data.cloud.unity3d.com" />
+	<target host="developer.cloud.unity3d.com" />
+	<target host="perf.cloud.unity3d.com" />
+	<target host="docs.unity3d.com" />
+	<target host="download.unity3d.com" />
+	<target host="feedback.unity3d.com" />
+	<target host="forum.unity3d.com" />
+	<target host="hwstats.unity3d.com" />
+	<target host="issuetracker.unity3d.com" />
+	<target host="madewith.unity3d.com" />
+	<target host="multiplayer.unity3d.com" />
+	<target host="netstorage.unity3d.com" />
+	<target host="store.unity3d.com" />
+	<target host="support.unity3d.com" />
+	<target host="unityads.unity3d.com" />
+	<target host="wiki.unity3d.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Unitymedia.de.xml b/src/chrome/content/rules/Unitymedia.de.xml
new file mode 100644
index 000000000000..6b682610825b
--- /dev/null
+++ b/src/chrome/content/rules/Unitymedia.de.xml
@@ -0,0 +1,6 @@
+<ruleset name="Unitymedia.de">
+  <target host="unitymedia.de" />
+  <target host="www.unitymedia.de" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Univ-Brest.fr.xml b/src/chrome/content/rules/Univ-Brest.fr.xml
new file mode 100644
index 000000000000..137eeb81d320
--- /dev/null
+++ b/src/chrome/content/rules/Univ-Brest.fr.xml
@@ -0,0 +1,21 @@
+<!--
+	^: cert only matches *.univ-brest.fr
+
+
+	Mixed content:
+
+		- css on www from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Univ-Brest.fr (partial)">
+
+	<target host="univ-brest.fr" />
+	<target host="www.univ-brest.fr" />
+
+
+	<rule from="^http://(?:www\.)?univ-brest\.fr/"
+		to="https://www.univ-brest.fr/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Univ-Montp3.fr.xml b/src/chrome/content/rules/Univ-Montp3.fr.xml
new file mode 100644
index 000000000000..6e0359a451c2
--- /dev/null
+++ b/src/chrome/content/rules/Univ-Montp3.fr.xml
@@ -0,0 +1,32 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://gt5-jres2015.univ-montp3.fr/ => https://gt5-jres2015.univ-montp3.fr/: (7, 'Failed to connect to gt5-jres2015.univ-montp3.fr port 443: No route to host')
+
+-->
+
+<!--
+	Université de Montpellier III Paul-Valéry
+
+
+	Fully covered subdomains:
+
+		- gt5-jres2015
+
+
+	Mixed content:
+
+		- css on gt5-jres2015 from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Univ-Montp3.fr (partial)" default_off="failed ruleset test">
+
+	<target host="gt5-jres2015.univ-montp3.fr" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Univ-SMB.fr.xml b/src/chrome/content/rules/Univ-SMB.fr.xml
new file mode 100644
index 000000000000..c204d0f1a7be
--- /dev/null
+++ b/src/chrome/content/rules/Univ-SMB.fr.xml
@@ -0,0 +1,12 @@
+<!--
+	^univ-smb.fr doesn't exist.
+
+-->
+<ruleset name="Univ-SMB.fr">
+
+	<target host="www.univ-smb.fr" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Univention.de.xml b/src/chrome/content/rules/Univention.de.xml
index b26d316a0257..8965b60f8e30 100644
--- a/src/chrome/content/rules/Univention.de.xml
+++ b/src/chrome/content/rules/Univention.de.xml
@@ -1,28 +1,61 @@
 <!--
-	Problematic subdomains:
-
-		- piwik		(cert only matches www.piwik)
-
-
-	Fully covered subdomains:
-
-		- (www.)
-		- (www.)piwik	(^ → www)
-
+	Problematic (sub)domains:
+
+		- wiki.univention.com ¹
+		- apt.univention.de ¹
+		- download.univention.de ¹
+		- forge.univention.de ¹
+		- forum.univention.de ¹
+		- piwik.univention.de ¹
+		- sdb.univention.de ¹
+		- wiki.univention.de ¹
+		- univention.org ¹
+		- www.univention.org ¹
+		- ucc.software-univention.de different content
+		- ucc2.software-univention.de different content
+
+
+¹ mismatch
 -->
-<ruleset name="Univention.de">
+<ruleset name="Univention">
 
+	<target host="univention.com" />
+	<target host="www.univention.com" />
 	<target host="univention.de" />
-	<target host="*.univention.de" />
-
+	<target host="www.univention.de" />
+	<target host="apt.univention.de" />
+	<target host="demo.univention.de" />
+	<target host="docs.univention.de" />
+	<target host="download.univention.de" />
+	<target host="errata.univention.de" />
+	<target host="forge.univention.de" />
+	<target host="piwik.univention.de" />
+	<target host="www.piwik.univention.de" />
+	<target host="forge.univention.org" />
+	<target host="software-univention.de" />
+	<target host="www.software-univention.de" />
+	<target host="appcenter.software-univention.de" />
+	<target host="docs.software-univention.de" />
+	<target host="errata.software-univention.de" />
+	<target host="updates.software-univention.de" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://piwik\.univention\.de/"
+		to="https://www.piwik.univention.de/" />
 
-	<securecookie host="^www\.univention\.de$" name=".+" />
+	<rule from="^http://forge\.univention\.de/"
+		to="https://forge.univention.org/" />
 
+	<rule from="^http://apt\.univention\.de/"
+		to="https://updates.software-univention.de/" />
 
-	<rule from="^http://(www\.)?univention\.de/"
-		to="https://$1univention.de/" />
+	<rule from="^http://download\.univention\.de/"
+		to="https://updates.software-univention.de/" />
 
-	<rule from="^http://(?:www\.)?piwik\.univention\.de/"
-		to="https://www.piwik.univention.de/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Univers-Libre.net.xml b/src/chrome/content/rules/Univers-Libre.net.xml
new file mode 100644
index 000000000000..0f0bba95077c
--- /dev/null
+++ b/src/chrome/content/rules/Univers-Libre.net.xml
@@ -0,0 +1,12 @@
+<ruleset name="Univers-Libre.net">
+
+	<target host="univers-libre.net" />
+	<target host="www.univers-libre.net" />
+	<target host="dev.univers-libre.net" />
+	<target host="photos.univers-libre.net" />
+	<target host="recettes.univers-libre.net" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/UniversalSubtitles.xml b/src/chrome/content/rules/UniversalSubtitles.xml
deleted file mode 100644
index 458fba84c60f..000000000000
--- a/src/chrome/content/rules/UniversalSubtitles.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="Universal Subtitles">
-  <target host="universalsubtitles.org" />
-  <target host="*.universalsubtitles.org" />
-  <target host="s3.www.universalsubtitles.org" />
-
-  <rule from="^http://universalsubtitles\.org/"
-          to="https://www.universalsubtitles.org/" />
-  <rule from="^http://(blog|www)\.universalsubtitles\.org/"
-          to="https://$1.universalsubtitles.org/" />
-  <rule from="^http://s3\.www\.universalsubtitles\.org/"
-	  to="https://s3.amazonaws.com/s3.www.universalsubtitles.org/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Universe_2.us.xml b/src/chrome/content/rules/Universe_2.us.xml
index 38aed5fff52c..297955b33fd8 100644
--- a/src/chrome/content/rules/Universe_2.us.xml
+++ b/src/chrome/content/rules/Universe_2.us.xml
@@ -1,8 +1,4 @@
-<!--
-	Cert only matches ^universe2.us
-
--->
-<ruleset name="Universe 2.us" default_off="self-signed">
+<ruleset name="Universe 2.us">
 
 	<target host="universe2.us" />
 	<target host="www.universe2.us" />
@@ -11,7 +7,7 @@
 	<securecookie host="^universe2\.us$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?universe2\.us/"
-		to="https://universe2.us/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Universite_Laval.xml b/src/chrome/content/rules/Universite_Laval.xml
new file mode 100644
index 000000000000..aa75feddd6c1
--- /dev/null
+++ b/src/chrome/content/rules/Universite_Laval.xml
@@ -0,0 +1,245 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.aeapri.asso.ulaval.ca/ => https://www.aeapri.asso.ulaval.ca/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.aess.asso.ulaval.ca/ => https://www.aess.asso.ulaval.ca/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.arsq.asso.ulaval.ca/ => https://www.arsq.asso.ulaval.ca/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://galerievirtuelle.bve.ulaval.ca/ => https://galerievirtuelle.bve.ulaval.ca/: (28, 'Connection timed out after 20007 milliseconds')
+Fetch error: http://www.galerievirtuelle.bve.ulaval.ca/ => https://www.galerievirtuelle.bve.ulaval.ca/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://questionnaires.ecn.ulaval.ca/ => https://questionnaires.ecn.ulaval.ca/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.ecn.ulaval.ca/ => https://www.ecn.ulaval.ca/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.questionnaires.ecn.ulaval.ca/ => https://www.questionnaires.ecn.ulaval.ca/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://modules.fd.ulaval.ca/ => https://modules.fd.ulaval.ca/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.cede.fd.ulaval.ca/ => https://www.cede.fd.ulaval.ca/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://phytopedia.fsaa.ulaval.ca/ => https://phytopedia.fsaa.ulaval.ca/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://simulab.fsaa.ulaval.ca/ => https://simulab.fsaa.ulaval.ca/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.fad.fss.ulaval.ca/ => https://www.fad.fss.ulaval.ca/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://reparti.gel.ulaval.ca/ => https://reparti.gel.ulaval.ca/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://vision.gel.ulaval.ca/ => https://vision.gel.ulaval.ca/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://pharmacievirtuelle.pha.ulaval.ca/ => https://pharmacievirtuelle.pha.ulaval.ca/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.pharmacievirtuelle.pha.ulaval.ca/ => https://www.pharmacievirtuelle.pha.ulaval.ca/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.map.pol.ulaval.ca/ => https://www.map.pol.ulaval.ca/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.perception.psy.ulaval.ca/ => https://www.perception.psy.ulaval.ca/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.tfp-quebec.psy.ulaval.ca/ => https://www.tfp-quebec.psy.ulaval.ca/: (51, "SSL: no alternative certificate subject name matches target host name 'www.tfp-quebec.psy.ulaval.ca'")
+Fetch error: http://www.aruc.rlt.ulaval.ca/ => https://www.aruc.rlt.ulaval.ca/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.viraj.ulaval.ca/ => https://www.viraj.ulaval.ca/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	Known nonfunctional sub domains as of 02/2015:
+		- aelies (self signed certificate)
+		- arcticnet (invalid certificate)
+		- bibl (unencrypted search)
+		- bio (css does not load)
+		- bbaf (does not load)
+		- cen (does not load)
+		- chm (self signed certificate)
+		- contact (self signed certificate)
+		- cfdd (css and js do not load)
+		- crulrg (does not load)
+		- dgfc (redirects to http)
+		- distance (does not load)
+		- el (invalid certificate)
+		- forac (does not load)
+		- flsh (does not load)
+		- fmd (invalid certificate)
+		- fp (redirects to http)
+		- fsa (invalid certificate)
+		- fse (redirects to http)
+		- fsi (does not load)
+		- ftsr (does not load)
+		- giref (invalid certificate)
+		- hei (redirects to http)
+		- kiosque (does not load)
+		- mus (does not load)
+		- peps (self-signed certificate without www - while with www css and js do not load)
+		- promo (invalid certificate)
+		- relationsmedias (does not load)
+		- sgc (does not load)
+
+
+	Problematic hosts in *ulaval.ca:
+
+		- www.aide ¹
+		- leel.ecn ²
+		- www.modules.fd ¹
+		- (www.)?fesp ¹
+		- intranet.rh ¹
+		- viraj ¹
+
+	¹ Server sends no certificate chain, see https://whatsmychaincert.com
+	² Expired
+
+-->
+<ruleset name="Universit&#233; Laval (partial)" default_off="failed ruleset test">
+	<target host="ulaval.ca" />
+	<target host="www.ulaval.ca" />
+	<target host="www2.ulaval.ca" />
+
+<!-- Subdomains - A to Z -->
+
+	<!-- act -->
+	<target host="www.act.ulaval.ca" />
+
+	<!-- aide -->
+	<!--target host="www.aide.ulaval.ca" /-->
+
+	<!-- ant -->
+	<target host="www.ant.ulaval.ca" />
+	<target host="www.anthropologie-societes.ant.ulaval.ca" />
+
+	<!-- asso -->
+	<target host="www.acspul.asso.ulaval.ca" />
+	<target host="www.aeapri.asso.ulaval.ca" />
+	<target host="www.aeea.asso.ulaval.ca" />
+	<target host="www.aeepcpul.asso.ulaval.ca" />
+	<target host="www.aess.asso.ulaval.ca" />
+	<target host="www.ageriul.asso.ulaval.ca" />
+	<target host="www.apel.asso.ulaval.ca" />
+	<target host="www.apeul.asso.ulaval.ca" />
+	<target host="www.arsq.asso.ulaval.ca" />
+	<target host="www.asnuul.asso.ulaval.ca" />
+
+	<!-- authentication -->
+	<target host="authentification.ulaval.ca" />
+
+	<!-- bve -->
+	<target host="galerievirtuelle.bve.ulaval.ca" />
+	<target host="www.bve.ulaval.ca" />
+	<target host="www.galerievirtuelle.bve.ulaval.ca" />
+
+	<!-- capsuleweb -->
+	<target host="capsuleweb.ulaval.ca" />
+
+	<!-- connect -->
+	<target host="connect.ulaval.ca" />
+
+	<!-- dti -->
+	<target host="www.dti.ulaval.ca" />
+
+	<!-- ecn-->
+	<!--target host="leel.ecn.ulaval.ca" /-->
+	<target host="questionnaires.ecn.ulaval.ca" />
+	<target host="www.ecn.ulaval.ca" />
+	<target host="www.questionnaires.ecn.ulaval.ca" />
+
+	<!-- esad -->
+	<target host="esad.ulaval.ca" />
+	<target host="www.esad.ulaval.ca" />
+
+	<!-- exchange -->
+	<target host="exchange.ulaval.ca" />
+
+	<!-- fd -->
+	<target host="fd.ulaval.ca" />
+	<target host="modules.fd.ulaval.ca" />
+	<target host="www.cahiersdedroit.fd.ulaval.ca" />
+	<target host="www.cede.fd.ulaval.ca" />
+	<target host="www.fd.ulaval.ca" />
+	<!--target host="www.modules.fd.ulaval.ca" /-->
+
+	<!-- fesp-->
+	<!--target host="fesp.ulaval.ca" /-->
+	<!--target host="www.fesp.ulaval.ca" /-->
+
+	<!-- ffgg -->
+	<target host="ffgg.ulaval.ca" />
+	<target host="www.ffgg.ulaval.ca" />
+
+	<!-- fmed - js and css do not load on main site but some subdomains work-->
+	<target host="extranet.fmed.ulaval.ca" />
+	<target host="infocritique.fmed.ulaval.ca" />
+	<target host="www.intranet.fmed.ulaval.ca" />
+
+	<!-- fsaa - self signed certificate on main site but some subdomains work-->
+	<target host="phytopedia.fsaa.ulaval.ca" />
+	<target host="simulab.fsaa.ulaval.ca" />
+
+	<!-- fsg -->
+	<target host="pixel.fsg.ulaval.ca" />
+	<target host="www.fsg.ulaval.ca" />
+	<target host="www.pixel.fsg.ulaval.ca" />
+
+	<!-- fss -->
+	<!-- https causes layout issues on main site but some subdomains work -->
+	<target host="www.cms.fss.ulaval.ca" />
+	<target host="www.expo-virtuelle.fss.ulaval.ca" />
+	<target host="www.fad.fss.ulaval.ca" />
+
+	<!-- gel -->
+	<!-- https does not work for gel.ulaval.ca but does works for some subdomains -->
+	<target host="reparti.gel.ulaval.ca" />
+	<target host="vision.gel.ulaval.ca" />
+
+	<!-- gelgif -->
+	<target host="www.gelgif.ulaval.ca" />
+
+	<!-- ift -->
+	<target host="monarc.ift.ulaval.ca" />
+	<target host="www.ift.ulaval.ca" />
+
+	<!-- oraweb -->
+	<target host="oraweb.ulaval.ca" />
+
+	<!-- pha -->
+	<target host="pha.ulaval.ca" />
+	<target host="pharmacievirtuelle.pha.ulaval.ca" />
+	<target host="www.pha.ulaval.ca" />
+	<target host="www.pharmacievirtuelle.pha.ulaval.ca" />
+
+	<!-- pol -->
+	<target host="www.map.pol.ulaval.ca" />
+	<target host="www.perfeval.pol.ulaval.ca" />
+	<target host="www.pol.ulaval.ca" />
+
+	<!-- portaildescours -->
+	<target host="portaildescours.ulaval.ca" />
+	<target host="www.portaildescours.ulaval.ca" />
+
+	<!-- psy -->
+	<target host="www.perception.psy.ulaval.ca" />
+	<target host="www.psy.ulaval.ca" />
+	<target host="www.tfp-quebec.psy.ulaval.ca" />
+
+	<!-- rlt -->
+	<target host="www.aruc.rlt.ulaval.ca" />
+	<target host="www.rlt.ulaval.ca" />
+
+	<!-- rh -->
+	<!--target host="intranet.rh.ulaval.ca" /-->
+	<target host="rh.ulaval.ca" />
+	<target host="www.rh.ulaval.ca" />
+
+	<!-- scg -->
+	<target host="scg.ulaval.ca" />
+	<target host="www.scg.ulaval.ca" />
+
+	<!-- soc -->
+	<target host="www.soc.ulaval.ca" />
+
+	<!-- spla -->
+	<target host="complice.spla.ulaval.ca" />
+	<target host="webfolio.spla.ulaval.ca" />
+	<target host="www.spla.ulaval.ca" />
+
+	<!-- svs -->
+	<target host="www.svs.ulaval.ca" />
+	<target host="www.protocolesevaluation.svs.ulaval.ca" />
+
+	<!-- viraj -->
+	<!--target host="viraj.ulaval.ca" /-->
+	<target host="www.viraj.ulaval.ca" />
+
+
+	<!-- 	Secure cookies seem to cause issues on some sub-domains
+	(such as pages not loading) but more testing is needed to see what
+	sub-domains are affected.
+	-->
+	<securecookie host="authentification\.ulaval\.ca$" name=".+" />
+	<securecookie host="capsuleweb\.ulaval\.ca$" name=".+" />
+	<securecookie host="connect\.ulaval\.ca$" name=".+" />
+	<securecookie host="exchange\.ulaval\.ca$" name=".+" />
+	<securecookie host="portaildescours\.ulaval\.ca$" name=".+" />
+
+	<rule from="^http:"
+	  to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Universite_catholique_de_Louvain.xml b/src/chrome/content/rules/Universite_catholique_de_Louvain.xml
index f84913c5f8ce..d0793c60d746 100644
--- a/src/chrome/content/rules/Universite_catholique_de_Louvain.xml
+++ b/src/chrome/content/rules/Universite_catholique_de_Louvain.xml
@@ -36,24 +36,28 @@
 -->
 <ruleset name="Université catholique de Louvain">
 
-	<target host="*.sipr.ucl.ac.be" />
+	<target host="listes-1.sipr.ucl.ac.be" />
+	<target host="listes-2.sipr.ucl.ac.be" />
+	<target host="listes-3.sipr.ucl.ac.be" />
 	<target host="uclouvain.be" />
-	<target host="*.uclouvain.be" />
+	<target host="www.uclouvain.be" />
+	<target host="mysqladm.uclouvain.be" />
+	<target host="perso.uclouvain.be" />
+	<target host="sites.uclouvain.be" />
+	<target host="tools.uclouvain.be" />
+	<target host="webhost-test.uclouvain.be" />
 
 
 	<securecookie host="^listes-[123]\.sipr\.ucl\.ac\.be$" name=".+" />
 	<securecookie host="^(?:mysqladm|www)\.uclouvain\.be$" name=".+" />
 
 
-	<rule from="^http://listes-([123])\.sipr\.ucl\.ac\.be/"
-		to="https://listes-$1.sipr.ucl.ac.be/" />
 
 	<!--	Cert only matches www.
 					-->
-	<rule from="^https?://(?:www\.)?uclouvain\.be/"
+	<rule from="^http://(?:www\.)?uclouvain\.be/"
 		to="https://www.uclouvain.be/" />
 
-	<rule from="^http://(mysqladm|perso|sites|tools|webhost-test)\.uclouvain\.be/"
-		to="https://$1.uclouvain.be/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/University-Illinois-at-Chicago.xml b/src/chrome/content/rules/University-Illinois-at-Chicago.xml
index 4c79919bce60..2af7f5f03cd1 100644
--- a/src/chrome/content/rules/University-Illinois-at-Chicago.xml
+++ b/src/chrome/content/rules/University-Illinois-at-Chicago.xml
@@ -1,27 +1,180 @@
-<ruleset name="University of Illinois at Chicago (partial)" default_off="Searching by department under Find People [https://www.uic.edu/uic/search/] may not work">
 
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://advancement.uic.edu/ => https://advancement.uic.edu/: (51, "SSL: no alternative certificate subject name matches target host name 'advancement.uic.edu'")
+Fetch error: http://www.housing.uic.edu/ => https://www.housing.uic.edu/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://scs.uic.edu/ => https://scs.uic.edu/: (51, "SSL: no alternative certificate subject name matches target host name 'scs.uic.edu'")
+Fetch error: http://uical.uic.edu/ => https://uical.uic.edu/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Non-2xx HTTP code: http://uofi.uic.edu/ (200) => https://uofi.uic.edu/ (403)
+Fetch error: http://www2.uic.edu/ => https://www2.uic.edu/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	For rules causing false/broken MCB, see UIC.edu-falsemixed.xml.
+
+	Other University of Illinois at Chicago rulesets:
+
+		- UIC_Bookstore.org.xml
+
+
+	Nonfunctional hosts in *uic.edu:
+
+		- catalog ¹
+		- www.cmhsrp ²
+		- library ¹
+
+	¹ Refused
+	² Dropped
+
+
+	Problematic hosts in *uic.edu:
+
+		- sms.accc ¹
+		- accessweb ¹
+		- grad ²
+		- hospital ³
+		- hr ³
+		- sexualmisconduct ¹
+		- sustainability ¹
+
+	¹ Untrusted root
+	² Mixed css
+	³ Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- dentistry.uic.edu
+		- exchange.uic.edu
+		- secure.hospital.uic.edu
+		- www.hr.uic.edu
+		- m.uic.edu
+
+
+	Mixed content:
+
+		- css on grad from $self *
+
+		- Images, on:
+
+			- accessweb from accessweb.publish.uic.edu *
+			- disabilityresources, grad from $self *
+			- emergency from publish.uic.edu *
+			- emergency from emergency.publish.uic.edu *
+			- scs from scs.pubish.uic.edu *
+			- sustainability from sustainability.publish.uic.edu *
+
+		- favicon on disabilityresources, emergency, scs from uic.edu *
+		- Bug on oae from s7.addthis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="UIC.edu (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
 	<target host="uic.edu" />
-	<target host="*.uic.edu" />
-		<exclusion pattern="^http://media\.uic\.edu/ensemble/app/(?!(flash/))" />
-		<exclusion pattern="^http://media\.uic\.edu/ensemble/(?!(app/))" />
-		<exclusion pattern="^http://www\.uic\.edu/htbin/((ulist/az(\?|$))|(az(\?|$))|(ldap_search/))" />
+	<!--target host="accc.uic.edu" /-->
+	<!--target host="sms.accc.uic.edu" /-->
+	<!--target host="accessweb.uic.edu" /-->
+	<target host="accountportal.uic.edu" />
+	<target host="admissions.uic.edu" />
+	<target host="advancement.uic.edu" />
+	<target host="aes.uic.edu" />
+	<target host="ui2web2.apps.uillinois.edu" />
+	<target host="blackboard.uic.edu" />
 	<target host="exedweb.cc.uic.edu" />
+	<target host="dentistry.uic.edu" />
+	<target host="www.dentistry.uic.edu" />
+	<target host="disabilityresources.uic.edu" />
+	<target host="economicimpact.uic.edu" />
+	<target host="emergency.uic.edu" />
+	<target host="exchange.uic.edu" />
+	<target host="fmweb.fm.uic.edu" />
+	<!--target host="grad.uic.edu" /-->
+	<target host="helpdesk.uic.edu" />
+	<target host="employee.hospital.uic.edu" />
+	<target host="secure.hospital.uic.edu" />
 	<target host="www.housing.uic.edu" />
+	<target host="www.hr.uic.edu" />
+	<target host="liaison.uic.edu" />
+	<target host="login.uic.edu" />
+	<target host="media.uic.edu" />
+	<target host="m.uic.edu" />
+	<target host="my.uic.edu" />
+	<target host="ness.uic.edu" />
+	<target host="news.uic.edu" />
+	<target host="oae.uic.edu" />
+	<target host="www.ois.uic.edu" />
+	<target host="password.uic.edu" />
+	<target host="paymybill.uic.edu" />
+	<target host="police.uic.edu" />
+	<target host="publish.uic.edu" />
+
+	<target host="accessweb.publish.uic.edu" />
+	<target host="economicimpact.publish.uic.edu" />
+	<target host="scs.publish.uic.edu" />
+	<target host="sustainability.publish.uic.edu" />
+
+	<target host="registrar.uic.edu" />
+	<target host="scs.uic.edu" />
+	<!--target host="sexualmisconduct.uic.edu" /-->
+	<target host="sldvs.uic.edu" />
+	<!--target host="sustainability.uic.edu" /-->
+	<target host="tigger.uic.edu" />
+	<target host="uical.uic.edu" />
+	<target host="uofi.uic.edu" />
+	<target host="webmail.uic.edu" />
+	<target host="www.uic.edu" />
+	<target host="www2.uic.edu" />
+
+	<!--	Complications:
+				-->
+	<target host="hospital.uic.edu" />
+	<target host="hr.uic.edu" />
+
+		<exclusion pattern="^http://media\.uic\.edu/ensemble/(?!app/flash/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://media.uic.edu/ensemble/" />
+			<test url="http://media.uic.edu/ensemble/?" />
+
+			<!--	-ve:
+					-->
+			<test url="http://media.uic.edu/ensemble/app/flash/flowplayer-3.1.5.swf" />
+
+		<!--	404 differs:
+					-->
+		<exclusion pattern="^http://www\.uic\.edu/htbin/az(?:\?|$)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.uic.edu/htbin/az" />
+			<test url="http://www.uic.edu/htbin/az?" />
+			<test url="http://www.uic.edu/htbin/az?foo" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.uic.edu/htbin/ulist/az" />
+			<test url="http://www.uic.edu/ldap_search/" />
+
 
-	<target host="uicbookstore.org" />
-	<target host="www.uicbookstore.org" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:dentistry|secure\.hospital|www\.hr)\.uic\.edu$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^exchange\.uic\.edu$" name="^(?:BIGipServer[\w~.]+|cadata|sessionid)$" /-->
+	<!--securecookie host="^m\.uic\.edu$" name="^(?:_gfouuid|[\da-f]{32}|X-Mapping-jfhppofk|kgoui_Fbanner_Ndismissed)$" /-->
 
+	<securecookie host="^(?!media\.uic\.edu$)\w" name=".+" />
 
-	<rule from="^https?://(?:www\.)?uic\.edu/"
-		to="https://www.uic.edu/" />
 
-	<rule from="^https?://www\.uic\.edu/searchUIC\.html(#|$)"
-		to="https://www.uic.edu/uic/search/$1" />
+	<rule from="^http://hospital\.uic\.edu/"
+		to="https://hospital.uillinois.edu/" />
 
-	<rule from="^http://(blackboard|exedweb\.cc|www\.housing|media|my|ness|tigger|uical|webmail|www2)\.uic\.edu/"
-		to="https://$1.uic.edu/" />
+	<rule from="^http://hr\.uic\.edu/"
+		to="https://www.hr.uic.edu/" />
 
-	<rule from="^https?://(?:www\.)?uicbookstore\.org/"
-		to="https://www.uicbookstore.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/University-Southern-Indiana.xml b/src/chrome/content/rules/University-Southern-Indiana.xml
index a32d9b779fa9..a423d3a00605 100644
--- a/src/chrome/content/rules/University-Southern-Indiana.xml
+++ b/src/chrome/content/rules/University-Southern-Indiana.xml
@@ -2,9 +2,6 @@
 	<target host="usi.edu" />
 	<target host="www.usi.edu" />
 
-	<rule from="^http://(?:www\.)?usi\.edu/" to="https://www.usi.edu/" />
+	<rule from="^http:" to="https:" />
 
-	<!-- Invoking https://usi.edu/ produces a certificate error, so
-	redirect https://usi.edu/ to https://www.usi.edu/ -->
-	<rule from="^https://usi\.edu/" to="https://www.usi.edu/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/University-of-Alaska-Anchorage.xml b/src/chrome/content/rules/University-of-Alaska-Anchorage.xml
deleted file mode 100644
index 5e6098438928..000000000000
--- a/src/chrome/content/rules/University-of-Alaska-Anchorage.xml
+++ /dev/null
@@ -1,60 +0,0 @@
-<!--
-	Unspported subdomains:
-
-	bookstore	(times out)
-	callcenter	(no public access)
-	fpgis		(different HTTP vs HTTPS content)
-	greenandgold	(SSL error: ssl_error_rx_record_too_long)
-	lib		(cert is for *.consortiumlibrary.org and consortiumlibrary.org)
-	math		(self-signed cert is for spangolite.ua.ad.alaska.edu)
-	phb		(cannot connect to server)
-	webmail		(different HTTP vs HTTPS content)
-
-	Subdomains that are handled by cross-domain redirects in this ruleset:
-
-	hosting (sometimes)
-	moodle
-	womens
-
--->
-<ruleset name="University of Alaska Anchorage (partial)" default_off="Additional testing recommended">
-	<target host="classes.uaa.alaska.edu" />
-	<target host="coe.uaa.alaska.edu" />
-	<target host="edit.uaa.alaska.edu" />
-	<target host="elive.uaa.alaska.edu" />
-	<target host="hosting.uaa.alaska.edu" />
-	<target host="kb.uaa.alaska.edu" />
-	<target host="longdistance.uaa.alaska.edu" />
-	<target host="me.uaa.alaska.edu" />
-	<target host="moodle.uaa.alaska.edu" />
-	<target host="owa.uaa.alaska.edu" />
-	<target host="student.uaa.alaska.edu" />
-	<target host="technology.uaa.alaska.edu" />
-	<target host="techsupport.uaa.alaska.edu" />
-	<target host="webaccess.uaa.alaska.edu" />
-	<target host="womens.uaa.alaska.edu" />
-	<target host="www.uaa.alaska.edu" />
-	<target host="edit.www.uaa.alaska.edu" />
-
-	<securecookie host="^(classes|coe|edit|elive|hosting|kb|longdistance|me|owa|student|technology|techsupport|webaccess|www)\.uaa\.alaska\.edu$"
-			name=".+" />
-
-	<exclusion pattern="^http://www\.uaa\.alaska\.edu/map/(CampusMap\.swf|interactive\.cfm)" />
-
-	<rule from="^http://(classes|coe|edit|elive|kb|longdistance|me|owa|student|technology|techsupport|webaccess|www)\.uaa\.alaska\.edu/"
-		to="https://$1.uaa.alaska.edu/" />
-	<rule from="^http://edit\.www\.uaa\.alaska\.edu/"
-		to="https://edit.uaa.alaska.edu/" />
-
-	<rule from="^http://hosting\.uaa\.alaska\.edu/?$"
-		to="https://www.uaa.alaska.edu/informationtechnologyservices/" />
-	<rule from="^http://hosting\.uaa\.alaska\.edu/(.+)"
-		to="https://hosting.uaa.alaska.edu/$1" />
-	<rule from="^http://moodle\.uaa\.alaska\.edu($|/.*)"
-		to="https://www.uaa.alaska.edu/classes/facultyresources/" />
-	<rule from="^http://womens\.uaa\.alaska\.edu($|/.*)"
-		to="https://www.uaa.alaska.edu/womensstudies/" />
-
-	<rule from="^https://www\.uaa\.alaska\.edu/map/interactive\.cfm"
-		to="http://www.uaa.alaska.edu/map/interactive.cfm" downgrade="1" />
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/University-of-Alaska-Jobs.xml b/src/chrome/content/rules/University-of-Alaska-Jobs.xml
deleted file mode 100644
index dac94f9b209e..000000000000
--- a/src/chrome/content/rules/University-of-Alaska-Jobs.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="University of Alaska Jobs (uakjobs.com)">
-	<target host="uakjobs.com" />
-	<target host="www.uakjobs.com" />
-
-	<securecookie host="^(www\.)?uakjobs\.com$" name=".+" />
-
-	<rule from="^http://(?:www\.)?uakjobs\.com/" to="https://www.uakjobs.com/" />
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/University-of-Alaska.xml b/src/chrome/content/rules/University-of-Alaska.xml
deleted file mode 100644
index 30006cafe3ba..000000000000
--- a/src/chrome/content/rules/University-of-Alaska.xml
+++ /dev/null
@@ -1,41 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- greenandgold.uaa	(record_too_long)
-		- krua.uaa *
-		- lib.uaa		(mismatched, CN: *.consortiumlibrary.org)
-		- technology.uaa	(shows www.uaa)
-		- webmail.uaa *
-
-	* Prints "Welcome to the Technology Site"
-
-
-	Problematic subdomains:
-
-		- uaa		(cert only matches *.uaa)
-		- www.uas	(works, expired, self-signed)
-
--->
-<ruleset name="University of Alaska (partial)" platform="mixedcontent">
-
-	<target host="alaska.edu" />
-	<target host="*.alaska.edu" />
-	<target host="www.*.alaska.edu" />
-	<target host="biotech.inbre.alaska.edu" />
-	<target host="lib.uaa.alaska.edu" />
-	<target host="*.vpn.alaska.edu" />
-
-
-	<securecookie host="^www\.uaa\.alaska\.edu$" name=".+" />
-
-
-	<rule from="^https?://(?:www\.)?(uaa\.)?alaska\.edu/"
-		to="https://www.$1alaska.edu/" />
-
-	<rule from="^http://(authserv|(?:www\.)?(avo|uaonline)|cirt|edir|elmo|email|biotech\.inbre|lists|service|(?:swf|uaf)-1\.vpn|yukon)\.alaska\.edu/"
-		to="https://$1.alaska.edu/" />
-
-	<rule from="^https?://lib\.uaa\.alaska\.edu/"
-		to="https://consortiumlibrary.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/University-of-Applied-Sciences-Rapperswil-mismatches.xml b/src/chrome/content/rules/University-of-Applied-Sciences-Rapperswil-mismatches.xml
index eccbad8a981a..fb750ec6a81a 100644
--- a/src/chrome/content/rules/University-of-Applied-Sciences-Rapperswil-mismatches.xml
+++ b/src/chrome/content/rules/University-of-Applied-Sciences-Rapperswil-mismatches.xml
@@ -2,14 +2,14 @@
 	For rules that are on by default, see University-of-Applied-Sciences-Rapperswil.xml.
 
 -->
-<ruleset name="University of Applied Sciences Rapperswil (mismatches)" default_off="mismatch" platform="mixedcontent">
+<ruleset name="University of Applied Sciences Rapperswil (mismatches)" default_off="mismatched" platform="mixedcontent">
 
 	<!--	Cert: log.hsr.ch	-->
 	<target host="ita.hsr.ch" />
 	<target host="www.ita.hsr.ch" />
 
 
-	<securecookie host="^ita\.hsr\.ch$" name=".*" />
+	<securecookie host="^ita\.hsr\.ch$" name=".+" />
 
 
 	<rule from="^http://(?:www\.)?ita\.hsr\.ch/"
diff --git a/src/chrome/content/rules/University-of-Applied-Sciences-Rapperswil.xml b/src/chrome/content/rules/University-of-Applied-Sciences-Rapperswil.xml
index 40c8acc2769a..d550f5bb9753 100644
--- a/src/chrome/content/rules/University-of-Applied-Sciences-Rapperswil.xml
+++ b/src/chrome/content/rules/University-of-Applied-Sciences-Rapperswil.xml
@@ -5,17 +5,17 @@
 <ruleset name="University of Applied Sciences Rapperswil">
 
 	<target host="hsr.ch" />
-	<target host="*.hsr.ch" />
+	<target host="www.hsr.ch" />
+	<target host="log.hsr.ch" />
 
 
-	<securecookie host="^www\.hsr\.ch$" name=".*" />
+	<securecookie host="^www\.hsr\.ch$" name=".+" />
 
 
 	<!--	Cert doesn't match !www.	-->
 	<rule from="^http://(?:www\.)?hsr\.ch/"
 		to="https://www.hsr.ch/" />
 
-	<rule from="^http://log\.hsr\.ch/"
-		to="https://log.hsr.ch/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/University-of-Bern-expired.xml b/src/chrome/content/rules/University-of-Bern-expired.xml
index bad87adc2ba8..6bd7fee9518b 100644
--- a/src/chrome/content/rules/University-of-Bern-expired.xml
+++ b/src/chrome/content/rules/University-of-Bern-expired.xml
@@ -8,7 +8,6 @@
 
 
 	<!--	!www doesn't exist.	-->
-	<rule from="^http://www\.students\.unibe\.ch/"
-		to="https://www.students.unibe.ch/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/University-of-Bern.xml b/src/chrome/content/rules/University-of-Bern.xml
index c88f4157ba0d..4414caee5460 100644
--- a/src/chrome/content/rules/University-of-Bern.xml
+++ b/src/chrome/content/rules/University-of-Bern.xml
@@ -12,17 +12,34 @@
 -->
 <ruleset name="University of Bern (partial)">
 
-	<target host="*.unibe.ch" />
-	<target host="www.*.unibe.ch" />
-
-
-	<securecookie host="^.*\.unibe\.ch$" name=".*" />
+	<target host="cmslive3.unibe.ch" />
+	<target host="www.kommunikation.unibe.ch" />
+	<target host="www.philhist.unibe.ch" />
+	<target host="www.philhum.unibe.ch" />
+	<target host="www.philnat.unibe.ch" />
+	<target host="www.psy.unibe.ch" />
+	<target host="www.rechtswissenschaft.unibe.ch" />
+	<target host="www.risiko.unibe.ch" />
+	<target host="www.uniaktuell.unibe.ch" />
+	<target host="www.vetsuisse.unibe.ch" />
+	<target host="www.wiso.unibe.ch" />
+	<target host="www.zuw.unibe.ch" />
+	<target host="id.unibe.ch" />
+	<target host="medizin.unibe.ch" />
+	<target host="ub.unibe.ch" />
+	<target host="www.id.unibe.ch" />
+	<target host="www.medizin.unibe.ch" />
+	<target host="www.ub.unibe.ch" />
+	<target host="www.medienmitteilungen.unibe.ch" />
+	<target host="www.unilink.unibe.ch" />
+	<target host="www.unipress.unibe.ch" />
+
+
+	<securecookie host=".+" name=".+"/>
 
 
 	<!--	For domains within this nested atom, !www doesn't exist.
 			-->
-	<rule from="^http://(cmslive3|www\.(?:kommunikation|phil(?:hist|hum|nat)|psy|rechtswissenschaft|risiko|uniaktuell|vetsuisse|wiso|zuw))\.unibe\.ch/"
-		to="https://$1.unibe.ch/" />
 
 	<!--
 		//id & //medizin:
@@ -37,7 +54,7 @@
 			- /$ redirects to login page over https
 			- Redirects to www over http
 					-->
-	<rule from="^https?://(?:www\.)?(id|medizin|ub)\.unibe\.ch/"
+	<rule from="^http://(?:www\.)?(id|medizin|ub)\.unibe\.ch/"
 		to="https://www.$1.unibe.ch/" />
 
 	<!--	For medianmitteilungen, unilink, & unipress:
@@ -47,11 +64,12 @@
 			- Redirects to login page over https.
 			- Redirects as so over http.
 				-->
-	<rule from="^https?://www\.medienmitteilungen\.unibe\.ch/"
+	<rule from="^http://www\.medienmitteilungen\.unibe\.ch/"
 		to="https://www.kommunikation.unibe.ch/content/medien/medienmitteilungen/index_ger.html" />
 
 	<!--	See comment above.	-->
-	<rule from="^https?://www\.uni(link|press)\.unibe\.ch/"
+	<rule from="^http://www\.uni(link|press)\.unibe\.ch/"
 		to="https://www.kommunikation.unibe.ch/content/publikationen/uni$1/index_ger.html" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/University-of-California-Berkeley.xml b/src/chrome/content/rules/University-of-California-Berkeley.xml
index 64d7a7738455..88be89d5e368 100644
--- a/src/chrome/content/rules/University-of-California-Berkeley.xml
+++ b/src/chrome/content/rules/University-of-California-Berkeley.xml
@@ -1,181 +1,226 @@
 <!--
-	Nonfunctional domains:
-
-
-		- berkeley.edu subdomains:
-
-			- (www.)		(prints "No access to SSL site.")
-			- alumni-friends	(prints domain name; CN: asterix.berkeley.edu)
-			- gfael.are ¹
-			- areweb ²
-			- atcal-career ³
-			- awards ³
-			- builders ³
-			- cads2 ³
-			- cal-demo		(prints "a" over https; acts as atcal over http)
-			- calparents ⁴
-			- calvm	⁴
-			- campaign ³
-			- campuslife ⁵
-			- cdms			(shows cosmology; mismatched, CN: cosmology.berkeley.edu)
-			- cfr ³
-			- charterday ³
-			- compute.cnr ²
-			- naturebeta.cnr ²
-			- staff.cnr ²
-			- cwh ²
-			- diller ³		(403s over http)
-			- discovercal ³
-			- idsg.eecs		(data differs)
-			- environmentalsciences ²
-			- forestry ²
-			- fundraising ³
-			- hewlett ³
-			- hewlettchallenge ³	(CN: devcomm.urel)
-			- homecoming		(prints domain name)
-			- hrweb ⁵
-			- mailman.icsi		(refused)
-			- identity ³
-			- ieas
-			- ims			(400; times out over https, so status unknown)
-			- inauguration ³
-			- lawcat		(502)
-			- ls
-			- blogs.lib		(shows www.lib)
-			- mdp ²
-			- www.mip		(403)
-			- newalumnichallenge ³
-			- newscenter ⁵
-			- nst ²
-			- nutrition ²
-			- ourenvironment ²
-			- socalevents ⁵
-			- stadium ³
-			- systemstatus
-			- tiencenter		(valid cert; "Site Temporarily Unavailable" over http, so status unknown)
-			- urel ³		(CN: devcomm.urel)
-			- devcomm.urel		(403s over http; redirects to givetocal over https)
-
-		- (www.)ucbsystems.org
-
-	¹ Times out
-	² Shows nature
-	³ Shows givetocal
-	⁴ Prints "No access to the $foo SSL site available."
-	⁵ http reply
-
-
-	Problematic subdomains:
-
-		- are *
-		- callcenter **
-		- cosmology	(works, self-signed)
-		- cs *
-		- eecs *
-		- graduation	(prints domain name; mismatched, CN: asterix.berkeley.edu)
-		- notary.icsi	(works; mismatched, CN: *.bro.org)
-		- law *
-		- oskicat	(some [most?] pages redirect to http, scripts/ redirects to screens/ssoauth.html)
-		- ourpromise **
-
-	* Mismatch
-	** Shows givetocal
-
-
-	Partially covered subdomains:
-
-		- alumni *
-		- blogs *
-		- callcenter	(→ givetocal)
-		- graduation	(→ commencement)
-		- ourpromise	(→ givetocal)
-
-	* At least some pages redirect to http
-
-
-	Fully covered subdomains:
-
-		- (www.)are
-		- auth
-		- beartracks
-		- beartracks-new
-		- callink
-		- calnet.calnet
-		- cas-p[1-4].calnet
-		- net-auth.calnet
-		- (www.)cnr
-		- nature.cnr
-		- code
-		- developer
-		- events
-		- as-code-prod.ist
-		- as-ezsvn-prod.ist
-		- (www.)law
-		- (www.)lib
-		- nature
-		- oskicat	(→ oskicatp)
-		- oskicatp
-		- security
-		- fortuna.security
-		- students
-		- sunsite
-		- wikihub
-		- wikihub-new
-
-
-	Covered wildcard cookies:
-
-		- .events
-		- .fortuna.security
-		- .security
-
-
-	Other wildcard cookie domains observed:
-
-		- .
-		- .blogs.lib
-		- .campuslife
 
--->
-<ruleset name="University of California, Berkeley (partial)">
+	University of California, Berkeley
+	http://www.berkeley.edu/
 
-	<target host="*.berkeley.edu" />
-		<!--
-			These paths 302s to http:
 
-				- $
-				- community$
-				- donate$
-				- donate/new-alumni-challenge$
-				- events$
-				- join$
-						-->
-		<exclusion pattern="^http://alumni\.berkeley\.edu/(?!sites/)" />
-		<exclusion pattern="^http://blogs\.berkeley\.edu/(?:.+/)?(?:$|\?)" />
+	Nonfunctional hosts in *berkeley.edu:
 
+		- admissions      ¹
+		- blog.admissions	Redirects to www.ocf.berkeley.edu
+		- bdrive		    Handshake fails
+		- beartracks-new  ¹
+		- e-news		    Shows www.berkeley.edu
+		- icsi            ¹, equivalent to www.icsi
+		- mailman.icsi    ¹
+		- ls			    200 "Site not found"
+		- research		    Shows blank tree
+		- visit           ²
+		- visitors        ²
 
-	<securecookie host="^(?:\w.*|\.events|(?:\.fortuna)?\.security)\.berkeley\.edu$" name=".+" />
+	¹ Refused
+	² Redirects to HTTP
 
+	Problematic hosts in *berkeley.edu:
+		- asterix       *
+		- beartalk      ᴵ
+		- www.give      *
+		- www.givetocal *
+		- journalism    ᴵ
+		- newstudents   *
+		- students      *
+		- visitors      *
 
-	<rule from="^http://(airbears|alumni|asterix|atcal|atcal-dev|auth|auth-key|beartracks(?:-new)?|blogs|blu|bspace|cal|calagenda|cal-dev|calfutures|callink|calmail|(?:[\w-]+\.)?calnet|career|ccc|ccc-dev|cnr|(nature|www)\.cnr|commencement|convio|code|auto(?:config|discover)\.(?:ee)?cs|developer|(?:auth|buffy)\.eecs|egiving|eureka|events|fellowship|foundation(?:-dev)?|givetocal|haasawards|services\.housing|ihouseonline|inews|international|blu\.is|as-(?:code|ezsvn)-prod\.ist|ist|journalism|kb|lib|www\.lib|nature|or|oskicatp|scholarship|(?:fortuna\.)?security|seniors|(?:new)?students|sunsite|(?:urshare-prod1|wiki)\.urel|wikihub(?:-new)?)\.berkeley\.edu/"
-		to="https://$1.berkeley.edu/" />
+	* Mismatched
+	ᴵ Incomplete certificate chain
 
-	<rule from="^http://(?:www\.)?(are|boinc)\.berkeley\.edu/"
-		to="https://$1.berkeley.edu/" />
+	Insecure cookies are set for these domains:
 
-	<rule from="^http://callcenter\.berkeley\.edu/$"
-		to="https://givetocal.berkeley.edu/browse/?u=191" />
+		- .commencement.berkeley.edu
+		- .events.berkeley.edu
+
+
+	Mixed content:
+
+		- css on news, visit from fonts.googleapis.com *
+
+		- Images, on:
 
-	<rule from="^http://(?:www\.)?(cs|eecs|law)\.berkeley\.edu/"
-		to="https://www.$1.berkeley.edu/" />
+			- news from newsdev.berkeley.edu
+			- news from www.berkeley.edu *
+
+		- Bug on events from s7.addthis.com *
+
+	* Secured by us
+-->
+
+<ruleset name="Berkeley.edu (partial)">
+
+	<!-- Direct rewrites -->
+	
+	<target host="berkeley.edu" />
+	<target host="www.berkeley.edu" />
+	<target host="admissions.berkeley.edu" />
+	<target host="apply.berkeley.edu" />
+	<target host="auth.berkeley.edu" />
+	<target host="awards.berkeley.edu" />
+	<target host="bids.berkeley.edu" />
+	<target host="bitn.berkeley.edu" />
+	<target host="boinc.berkeley.edu" />
+	<target host="bconnected.berkeley.edu" />
+	<target host="bcourses.berkeley.edu" />
+	<target host="bioeng.berkeley.edu" />
+	<target host="cal.berkeley.edu" />
+	<target host="cal1card.berkeley.edu" />
+	<target host="calcentral.berkeley.edu" />
+	<target host="calfutures.berkeley.edu" />
+	<target host="callink.berkeley.edu" />
+	<target host="calmail.berkeley.edu" />
+	<target host="calmessages.berkeley.edu" />
+	<target host="calnet.berkeley.edu" />
+	<target host="calparents.berkeley.edu" />
+	<target host="career.berkeley.edu" />
+	<target host="comfort.cbe.berkeley.edu" />
+	<target host="ccc.berkeley.edu" />
+	<target host="commencement.berkeley.edu" />
+	<target host="course.berkeley.edu" />
+	<target host="datascience.berkeley.edu" />
+	<target host="developer.berkeley.edu" />
+	<target host="diversity.berkeley.edu" />
+	<target host="econ.berkeley.edu" />
+	<target host="www.econ.berkeley.edu" />
+	<target host="eps.berkeley.edu" />
+	<target host="eop.berkeley.edu" />
+	<target host="eureka.berkeley.edu" />
+	<target host="events.berkeley.edu" />
+	<target host="extension.berkeley.edu" />
+	<target host="fellowship.berkeley.edu" />
+	<target host="foundation.berkeley.edu" />
+	<target host="financialaid.berkeley.edu" />
+	<target host="greatergood.berkeley.edu" />
+	<target host="give.berkeley.edu" />
+	<target host="www.give.berkeley.edu" />
+	<target host="givetocal.berkeley.edu" />
+	<target host="ghes.berkeley.edu" />
+	<target host="graduation.berkeley.edu" />
+	<target host="gspp.berkeley.edu" />
+	<target host="kalx.berkeley.edu" />
+	<target host="www.kalx.berkeley.edu" />
+	<target host="haas.berkeley.edu" />
+	<target host="housing.berkeley.edu" />
+	<target host="ist.berkeley.edu" />
+	<target host="law.berkeley.edu" />
+	<target host="www.law.berkeley.edu" />
+	<target host="loyal.berkeley.edu" />
+	<target host="ls.berkeley.edu" />
+	<target host="mba.haas.berkeley.edu" />
+	<target host="me.berkeley.edu" />
+	<target host="met.berkeley.edu" />
+	<target host="myshake.berkeley.edu" />
+	<target host="or.berkeley.edu" />
+	<target host="pt.berkeley.edu" />
+	<target host="recsports.berkeley.edu" />
+	<target host="registrar.berkeley.edu" />
+	<target host="research.berkeley.edu" />
+	<target host="sa.berkeley.edu" />
+	<target host="setiathome.berkeley.edu" />
+	<target host="simons.berkeley.edu" />
+	<target host="skydeck.berkeley.edu" />
+	<target host="shift.berkeley.edu" />
+	<target host="stories.lib.berkeley.edu" />
+	<target host="svsh.berkeley.edu" />
+	<target host="ies.berkeley.edu" />
+	<target host="ihouseonline.berkeley.edu" />
+	<target host="international.berkeley.edu" />
+	<target host="miller.berkeley.edu" />
+	<target host="nature.berkeley.edu" />
+	<target host="netreg.berkeley.edu" />
+	<target host="news.berkeley.edu" />
+	<target host="oskicatp.berkeley.edu" />
+	<target host="publichealth.berkeley.edu" />
+	<target host="scholarship.berkeley.edu" />
+	<target host="security.berkeley.edu" />
+	<target host="seniors.berkeley.edu" />
+	<target host="services.housing.berkeley.edu" />
+	<target host="teaching.berkeley.edu" />
+	<target host="wikihub.berkeley.edu" />
+
+	<!-- International Computer Science Institute -->
+	<target host="www.icsi.berkeley.edu" />
+	<target host="notary.icsi.berkeley.edu" />
+	<target host="www.notary.icsi.berkeley.edu" />
+
+	<!-- Open Computing Facility -->
+	<target host="ocf.berkeley.edu" />
+	<target host="www.ocf.berkeley.edu" />
+	<target host="accounts.ocf.berkeley.edu" />
+	<target host="docs.ocf.berkeley.edu" />
+	<target host="mirrors.ocf.berkeley.edu" />
+	<target host="pma.ocf.berkeley.edu" />
+	<target host="puppet.ocf.berkeley.edu" />
+	<target host="rt.ocf.berkeley.edu" />
+	<target host="ssh.ocf.berkeley.edu" />
+	<target host="static.ocf.berkeley.edu" />
+	<target host="wiki.ocf.berkeley.edu" />
+
+	<!-- University Relations -->
+	<target host="urel.berkeley.edu" />
+	<target host="cd.urel.berkeley.edu" />
+	<target host="wiki.urel.berkeley.edu" />
+
+	<!-- Department of Agriculture and Resource Economics -->
+	<target host="are.berkeley.edu" />
+	<target host="www.are.berkeley.edu" />
+
+	<!-- College of Natural Resources -->
+	<target host="cnr.berkeley.edu" />
+	<target host="nature.cnr.berkeley.edu" />
+	<target host="www.cnr.berkeley.edu" />
+
+	<!-- EECS and CS -->
+	<target host="cs.berkeley.edu" />
+	<target host="www.cs.berkeley.edu" />
+	<target host="autoconfig.cs.berkeley.edu" />
+	<target host="autodiscover.cs.berkeley.edu" />
+	<target host="eecs.berkeley.edu" />
+	<target host="www.eecs.berkeley.edu" />
+	<target host="autoconfig.eecs.berkeley.edu" />
+	<target host="autodiscover.eecs.berkeley.edu" />
+	<target host="buffy.eecs.berkeley.edu" />
+	<target host="chisel.eecs.berkeley.edu" />
+	<target host="hkn.eecs.berkeley.edu" />
+
+	<!-- Complications -->
+	<target host="bmail.berkeley.edu" />
+	<target host="callcenter.berkeley.edu" />
+	<target host="icsi.berkeley.edu" />
+	<target host="mirrors.berkeley.edu" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.commencement\.berkeley\.edu$" name="^SESS[\da-f]{32}$" /-->
+	<!--securecookie host="^\.events\.berkeley\.edu$" name="^sid$" /-->
+
+	<securecookie host="^((?!www\.berkeley\.edu$)\w.*|\.events|(\.fortuna)?\.security)\.berkeley\.edu$" name=".+" />
+
+
+	<!--	Redirect drops forward slash, path, and args:
+								-->
+	<rule from="^http://bmail\.berkeley\.edu/.*"
+		to="https://mail.google.com/a/berkeley.edu" />
+
+		<test url="http://bmail.berkeley.edu/path/is/dropped" />
+
+	<rule from="^http://callcenter\.berkeley\.edu/$"
+		to="https://give.berkeley.edu/browse/index.cfm?u=191" />
 
-	<rule from="^http://graduation\.berkeley\.edu/$"
-		to="https://commencement.berkeley.edu/" />
+	<rule from="^http://icsi\.berkeley\.edu/"
+		  to="https://www.icsi.berkeley.edu/" />
 
-	<rule from="^http://oskicatp?\.berkeley\.edu/"
-		to="https://oskicatp.berkeleye.edu/" />
+	<rule from="^http://mirrors\.berkeley\.edu/"
+		to="https://mirrors.ocf.berkeley.edu/" />
 
-	<rule from="^http://ourpromise\.berkeley\.edu/$"
-		to="https://givetocal.berkeley.edu/browse/?u=174" />
+	<rule from="^http:"	to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/University-of-California-San-Diego.xml b/src/chrome/content/rules/University-of-California-San-Diego.xml
new file mode 100644
index 000000000000..67f2b1f4c1d6
--- /dev/null
+++ b/src/chrome/content/rules/University-of-California-San-Diego.xml
@@ -0,0 +1,170 @@
+<ruleset name="University of California San Diego (partial)"> 
+  <target host="a.ucsd.edu"/>
+  <target host="academicconnections.ucsd.edu"/>
+  <target host="academicintegrity.ucsd.edu"/>
+  <target host="acms.ucsd.edu"/>
+  <target host="act.ucsd.edu"/>
+  <target host="admissions.ucsd.edu"/>
+  <target host="aip.ucsd.edu"/>
+  <target host="apol-recruit.ucsd.edu"/>
+  <target host="apply.grad.ucsd.edu"/>
+  <target host="aquarium.ucsd.edu"/>
+  <target host="artsandhumanities.ucsd.edu"/>
+  <target host="biology.ucsd.edu"/>
+  <target host="blink.ucsd.edu"/>
+  <target host="caesar.ucsd.edu"/>
+  <target host="calendar.ucsd.edu"/>
+  <target host="career.ucsd.edu"/>
+  <target host="ccis.ucsd.edu"/>
+  <target host="cer.ucsd.edu"/>
+  <target host="cfr.ucsd.edu"/>
+  <target host="cgs.ucsd.edu"/>
+  <target host="chancellor.ucsd.edu"/>
+  <target host="chd.ucsd.edu"/>
+  <target host="chemistry.ucsd.edu"/>
+  <target host="china.ucsd.edu"/>
+  <target host="chinesestudies.ucsd.edu"/>
+  <target host="cilas.ucsd.edu"/>
+  <target host="cinfo.ucsd.edu"/>
+  <target host="cmrr.ucsd.edu"/>
+  <target host="commons.ucsd.edu"/>
+  <target host="coronavirus.ucsd.edu"/>
+  <target host="courses.ucsd.edu"/>
+  <target host="create.ucsd.edu"/>
+  <target host="cse.ucsd.edu"/>
+  <target host="cseweb.ucsd.edu"/>
+  <target host="csp.ucsd.edu"/>
+  <target host="cwo.ucsd.edu"/>
+  <target host="dah.ucsd.edu"/>
+  <target host="dbsportal.ucsd.edu"/>
+  <target host="deepdecarbon.ucsd.edu"/>
+  <target host="developer.ucsd.edu"/>
+  <target host="disabilities.ucsd.edu"/>
+  <target host="divelog.ucsd.edu"/>
+  <target host="diversity.ucsd.edu"/>
+  <target host="doctors.ucsd.edu"/>
+  <target host="eaop.ucsd.edu"/>
+  <target host="economics.ucsd.edu"/>
+  <target host="empathyandcompassion.ucsd.edu"/>
+  <target host="ethnicstudies.ucsd.edu"/>
+  <target host="extension.ucsd.edu"/>
+  <target host="facilities.ucsd.edu"/>
+  <target host="facultydiversity.ucsd.edu"/>
+  <target host="foundation.ucsd.edu"/>
+  <target host="giftplanning.ucsd.edu"/>
+  <target host="git.ucsd.edu"/>
+  <target host="globalhealthprogram.ucsd.edu"/>
+  <target host="globalties.ucsd.edu"/>
+  <target host="grad.ucsd.edu"/>
+  <target host="gradlife.ucsd.edu"/>
+  <target host="hdh.ucsd.edu"/>
+  <target host="hds.ucsd.edu"/>
+  <target host="health.ucsd.edu"/>
+  <target host="healthbeat.ucsd.edu"/>
+  <target host="healthsciences.ucsd.edu"/>
+  <target host="history.ucsd.edu"/>
+  <target host="hsreservations.ucsd.edu"/>
+  <target host="igpp.ucsd.edu"/>
+  <target host="igppticket.ucsd.edu"/>
+  <target host="igppwiki.ucsd.edu"/>
+  <target host="isp.ucsd.edu"/>
+  <target host="itrc.ucsd.edu"/>
+  <target host="iwdc.ucsd.edu"/>
+  <target host="japan.ucsd.edu"/>
+  <target host="jobs.ucsd.edu"/>
+  <target host="las.ucsd.edu"/>
+  <target host="lgbt.ucsd.edu"/>
+  <target host="libguides.ucsd.edu"/>
+  <target host="libraries.ucsd.edu"/>
+  <target host="library.ucsd.edu"/>
+  <target host="maps.ucsd.edu"/>
+  <target host="marketplace.ucsd.edu"/>
+  <target host="marshall.ucsd.edu"/>
+  <target host="math.ucsd.edu"/>
+  <target host="mathlink.ucsd.edu"/>
+  <target host="mathlink2.ucsd.edu"/>
+  <target host="meded.ucsd.edu"/>
+  <target host="mentorship.ucsd.edu"/>
+  <target host="mobile.ucsd.edu"/>
+  <target host="muir.ucsd.edu"/>
+  <target host="myextension.ucsd.edu"/>
+  <target host="myosd.ucsd.edu"/>
+  <target host="mytritonlink.ucsd.edu"/>
+  <target host="ncmir.ucsd.edu"/>
+  <target host="ocfr.ucsd.edu"/>
+  <target host="ocga.ucsd.edu"/>
+  <target host="onthego.ucsd.edu"/>
+  <target host="pao.ucsd.edu"/>
+  <target host="parents.ucsd.edu"/>
+  <target host="pharmacy.ucsd.edu"/>
+  <target host="physicalsciences.ucsd.edu"/>
+  <target host="physics.ucsd.edu"/>
+  <target host="podcast.ucsd.edu"/>
+  <target host="polar.ucsd.edu"/>
+  <target host="police.ucsd.edu"/>
+  <target host="polisci.ucsd.edu"/>
+  <target host="preuss.ucsd.edu"/>
+  <target host="profiles.ucsd.edu"/>
+  <target host="providers.ucsd.edu"/>
+  <target host="provost.ucsd.edu"/>
+  <target host="psychology.ucsd.edu"/>
+  <target host="rady.ucsd.edu"/>
+  <target host="recreation.ucsd.edu"/>
+  <target host="research.ucsd.edu"/>
+  <target host="resnet.ucsd.edu"/>
+  <target host="rmp.ucsd.edu"/>
+  <target host="roger.ucsd.edu"/>
+  <target host="roosevelt.ucsd.edu"/>
+  <target host="sarc.ucsd.edu"/>
+  <target host="sciencestudies.ucsd.edu"/>
+  <target host="scripps.ucsd.edu"/>
+  <target host="sdacs.ucsd.edu"/>
+  <target host="sdawp.ucsd.edu"/>
+  <target host="se.ucsd.edu"/>
+  <target host="seventh.ucsd.edu"/>
+  <target host="ships.ucsd.edu"/>
+  <target host="shs.ucsd.edu"/>
+  <target host="sixth.ucsd.edu"/>
+  <target host="socialsciences.ucsd.edu"/>
+  <target host="software.ucsd.edu"/>
+  <target host="structures.ucsd.edu"/>
+  <target host="student.ucsd.edu"/>
+  <target host="studentparents.ucsd.edu"/>
+  <target host="students.ucsd.edu"/>
+  <target host="studentsupport.ucsd.edu"/>
+  <target host="studyabroad.ucsd.edu"/>
+  <target host="sustainability.ucsd.edu"/>
+  <target host="ted.ucsd.edu"/>
+  <target host="transferstudents.ucsd.edu"/>
+  <target host="transportation.ucsd.edu"/>
+  <target host="trio.ucsd.edu"/>
+  <target host="tritoned.ucsd.edu"/>
+  <target host="tritonlink.ucsd.edu"/>
+  <target host="uclearning.ucsd.edu"/>
+  <target host="ucsd.edu"/>
+  <target host="ucsdbkst.ucsd.edu"/>
+  <target host="ucsdfoundation.ucsd.edu"/>
+  <target host="ucsdnews.ucsd.edu"/>
+  <target host="ugcbo.ucsd.edu"/>
+  <target host="ui.ucsd.edu"/>
+  <target host="unex-shibboleth.ucsd.edu"/>
+  <target host="usmex.ucsd.edu"/>
+  <target host="usp.ucsd.edu"/>
+  <target host="vcsa.ucsd.edu"/>
+  <target host="warren.ucsd.edu"/>
+  <target host="wellness.ucsd.edu"/>
+  <target host="women.ucsd.edu"/>
+  <target host="writinghub.ucsd.edu"/>
+  <target host="wts.ucsd.edu"/>
+  <target host="www-acs.ucsd.edu"/>
+  <target host="www-act.ucsd.edu"/>
+  <target host="www-er.ucsd.edu"/>
+  <target host="www-structures.ucsd.edu"/>
+  <target host="www.mod.ucsd.edu"/>
+  <target host="www.structures.ucsd.edu"/>
+  <target host="www.ucsd.edu"/>
+  <target host="yankelovichcenter.ucsd.edu"/>
+
+  <rule from="^http://provost\.ucsd\.edu/" to="https://ugcbo.ucsd.edu/"/>  
+  <rule from="^http:" to="https:"/>  
+</ruleset>
diff --git a/src/chrome/content/rules/University-of-California-mismatches.xml b/src/chrome/content/rules/University-of-California-mismatches.xml
index 98e22ca88e55..858999691a20 100644
--- a/src/chrome/content/rules/University-of-California-mismatches.xml
+++ b/src/chrome/content/rules/University-of-California-mismatches.xml
@@ -1,6 +1,8 @@
 <ruleset name="University of California (mismatches)" default_off="mismatched">
 
-	<target host="*.ucla.edu" />
+	<target host="cnsi.ucla.edu" />
+	<target host="www.cnsi.ucla.edu" />
+	<target host="www1.cnsi.ucla.edu" />
 
 
 	<securecookie host="^www1\.cnsi\.ucla\.edu$" name=".+" />
diff --git a/src/chrome/content/rules/University-of-California.xml b/src/chrome/content/rules/University-of-California.xml
index 628351fee3c7..6c53067cffea 100644
--- a/src/chrome/content/rules/University-of-California.xml
+++ b/src/chrome/content/rules/University-of-California.xml
@@ -10,12 +10,21 @@
 			- www.presidency	(mismatched, CN: secure.lsit.ucsb.edu)
 
 
+	Problematic domains:
+
+		- cs.ucsb.edu *
+
+	* Cert only matches www.cs.ucsb.edu
+
+
 	Fully covered domains:
 
 		- ucsb.edu subdomains:
 
 			- wepawet.cs
+			- apps.education
 			- secure.lsit
+			- analytics.oist
 
 -->
 <ruleset name="University of California (partial)">
@@ -25,8 +34,12 @@
 		<exclusion pattern="^http://extension\.ucsb\.edu/(?!css/|images/|portal/)" />
 
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^analytics\.oist\.ucsb\.edu$" name="^TRACKID$" /-->
+
 	<securecookie host="^(?:.*\.)?ics\.uci\.edu$" name=".+" />
-	<securecookie host="^www\.admissions\.ucsb\.edu$" name=".+" />
+	<securecookie host="^(?:www\.admissions|analytics\.oist)\.ucsb\.edu$" name=".+" />
 	<securecookie host="^wepawet\.cs\.ucsb\.edu$" name=".+" />
 
 
@@ -36,10 +49,10 @@
 	<rule from="^http://(?:www\.)?admissions\.ucsb\.edu/"
 		to="https://www.admissions.ucsb.edu/" />
 
-	<rule from="^http://(wepawet\.cs|www\.cs|extension|ftp|secure\.lsit)\.ucsb\.edu/"
+	<rule from="^http://(wepawet\.cs|www\.cs|apps\.education|extension|ftp|secure\.lsit|analytics\.oist)\.ucsb\.edu/"
 		to="https://$1.ucsb.edu/" />
 
-	<rule from="^http://login\.proxy\.library\.ucsb\.edu(:\d+)?/"
+	<rule from="^http://login\.proxy\.library\.ucsb\.edu(?::\d+)?/"
 		to="https://login.proxy.library.ucsb.edu/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/University-of-Cambridge.xml b/src/chrome/content/rules/University-of-Cambridge.xml
index 05e4f26834a6..89fa52d56576 100644
--- a/src/chrome/content/rules/University-of-Cambridge.xml
+++ b/src/chrome/content/rules/University-of-Cambridge.xml
@@ -1,72 +1,426 @@
 <!--
-	For problematic rules, see Cam.ac.uk-problematic.xml.
+	For a list of University of Cambridge subdomains, please
+		refer to https://www.cam.ac.uk/university-a-z/
 
+	Other University of Cambridge rulesets:
+		+ Light_Blue_Touchpaper.org.xml
 
-	Nonfunctional subdomains:
+	Non-functional hosts
+		Couldn't connect to server:
+		- www-cryst.bioc.cam.ac.uk
+		- www.casp.cam.ac.uk
+		- research-institute.conservation.cam.ac.uk
+		- www.csap.cam.ac.uk
+		- www.dow.cam.ac.uk
+		- www.eng.cam.ac.uk
+		- bullard.esc.cam.ac.uk
+		- www.itg.cam.ac.uk
+		- account.jesus.cam.ac.uk
+		- www.kings.cam.ac.uk
+		- www.magd.cam.ac.uk
+		- www.mrc-epid.cam.ac.uk
+		- outreach.mus.cam.ac.uk
+		- data.plantsci.cam.ac.uk
+		- www.pom.cam.ac.uk
+		- www.srl.cam.ac.uk
+		- www.statslab.cam.ac.uk
 
-		- news.admin	(shows www.admin; mismatched, CN: www.admin.cam.ac.uk)
-		- my.alumni *
-		- www.lib
-		- www.mrc-lmb	(https breaks styling; expired, self-signed)
-		- www.sports
-		- www.ucs	(redirects to shib.raven, valid cert)
-		- www
-		- www.zoo	(dropped)
+		Timeout was reached:
+		- www.botanic.cam.ac.uk
+		- www.bpi.cam.ac.uk
+		- www.cheng.cam.ac.uk
+		- www.cruk.cam.ac.uk
+		- www.fitzmuseum.cam.ac.uk
+		- www-hki.fitzmuseum.cam.ac.uk
+		- lconline.langcen.cam.ac.uk
+		- www.langcen.cam.ac.uk
+		- www.mrao.cam.ac.uk
+		- www.mrc-mbu.cam.ac.uk
+		- www.neurosurg.cam.ac.uk
+		- www.pem.cam.ac.uk
+		- www.societies.cam.ac.uk
+		- www.museum.zoo.cam.ac.uk
 
-	* Dropped
+		SSL connect error:
+		- haddon.archanth.cam.ac.uk
+		- www.cis.cam.ac.uk
+		- www.clare.cam.ac.uk
+		- www.crassh.cam.ac.uk
+		- www.crim.cam.ac.uk
+		- www.ctc.cam.ac.uk
+		- www.qi.damtp.cam.ac.uk
+		- www.econ.cam.ac.uk
+		- www.catalog.group.cam.ac.uk
+		- www.cclp.group.cam.ac.uk
+		- www.gsm.cam.ac.uk
+		- www.human-evol.cam.ac.uk
+		- www.iocs.cam.ac.uk
+		- www.latin-american.cam.ac.uk
+		- www.lcil.cam.ac.uk
+		- www.lucy-cav.cam.ac.uk
+		- maa.cam.ac.uk
+		- www.histecon.magd.cam.ac.uk
+		- www.margaretbeaufort.cam.ac.uk
+		- www.mml.cam.ac.uk
+		- www.nanoforum.cam.ac.uk
+		- www.ridley.cam.ac.uk
+		- www.s-asian.cam.ac.uk
+		- www.theofed.cam.ac.uk
+		- www.tyndale.cam.ac.uk
+		- www.westcott.cam.ac.uk
+		- www.westminster.cam.ac.uk
 
+		SSL peer certificate was not OK:
+		- www.educationalpolicy.admin.cam.ac.uk
+		- www.epe.admin.cam.ac.uk
+		- www.equipment.admin.cam.ac.uk
+		- www.legal.admin.cam.ac.uk
+		- www.misd.admin.cam.ac.uk
+		- www.research-integrity.admin.cam.ac.uk
+		- www-cau.arch.cam.ac.uk
+		- www.archanth.cam.ac.uk
+		- www.brc.cam.ac.uk
+		- www.cambridge-africa.cam.ac.uk
+		- www.cambridgestudents.cam.ac.uk
+		- www.camcors.cam.ac.uk
+		- www.atm.ch.cam.ac.uk
+		- www.iupac-kinetic.ch.cam.ac.uk
+		- www.ozone-sec.ch.cam.ac.uk
+		- www.ch.cam.ac.uk
+		- www-melville.ch.cam.ac.uk
+		- www-ucc.ch.cam.ac.uk
+		- www.clbc.cam.ac.uk
+		- www.ermc.cam.ac.uk
+		- www.esg.cam.ac.uk
+		- www.campop.geog.cam.ac.uk
+		- www.qpg.geog.cam.ac.uk
+		- www.geog.cam.ac.uk
+		- www.canadian-studies.group.cam.ac.uk
+		- www.cc75c.group.cam.ac.uk
+		- www.quaternary.group.cam.ac.uk
+		- www.volcano.group.cam.ac.uk
+		- www.mrl.ims.cam.ac.uk
+		- www.ims.cam.ac.uk
+		- www.cihrm.jbs.cam.ac.uk
+		- www.india.jbs.cam.ac.uk
+		- cflpp.law.cam.ac.uk
+		- specialcollections.blog.lib.cam.ac.uk
+		- towerproject.blog.lib.cam.ac.uk
+		- moore.libraries.cam.ac.uk
+		- www.martynmission.cam.ac.uk
+		- www.metabolism.cam.ac.uk
+		- www.osc.cam.ac.uk
+		- www.bmu.psychiatry.cam.ac.uk
+		- dev.psychiatry.cam.ac.uk
+		- www.publichealth.cam.ac.uk
+		- www.skills.cam.ac.uk
+		- www.wdcgc.spri.cam.ac.uk
+		- www.spri.cam.ac.uk
+		- www.studentadvice.cam.ac.uk
+		- www.study.cam.ac.uk
+		- www.unicen.cam.ac.uk
+		- www.woolf.cam.ac.uk
 
-	Problematic subdomains:
+		Peer certificate cannot be authenticated with given CA certificates:
+		- www.conservation.cam.ac.uk
+		- www-cape.eng.cam.ac.uk
+		- www.escience.cam.ac.uk
+		- www.mrc-ewl.cam.ac.uk
+		- www.hep.phy.cam.ac.uk
+		- print-server.st-edmunds.cam.ac.uk
+		- www.wesley.cam.ac.uk
 
-		- alumni *
-		- damtp		(cert only matches www.damtp)
-		- www.jobs **
-		- www.philanthropy **
-		- www.study	(works; mismatched, CN: www.admin.cam.ac.uk)
+		Incomplete certificate chain error:
+		- www.christs.cam.ac.uk
+		- www-g.eng.cam.ac.uk
+		- jcsu.jesus.cam.ac.uk
+		- zeus.jesus.cam.ac.uk
+		- www.joh.cam.ac.uk
+		- www.newn.cam.ac.uk
 
-	* Cert only matches www.foo
-	** Works; mismatched, CN: www.admin.cam.ac.uk
+		Status code mismatch:
+		- www.lib.cam.ac.uk
 
+		4xx client error:
+		- app4.admin.cam.ac.uk
+		- hrsystems.admin.cam.ac.uk
+		- iceintranet.admin.cam.ac.uk
+		- downloads.sms.cam.ac.uk
 
-	Partially covered subdomains:
-
-		- www.damtp	(^ → www, some pages 404)
-
-
-	Fully covered subdomains:
-
-		- webservices.admin
-		- www.admin
-		- (www.)alumni		(^ → www)
-		- www.cl
-		- www2.mrc-lmb
-		- raven
-		- shib.raven
-		- www.wolfson
-
-
-	Observed cookie domains:
-
-		- www.admin
-		- shib.raven
-		- www.study
+		Secure connection redirects to plaintext:
+		- ipre.educ.cam.ac.uk
+		- web-code.educ.cam.ac.uk
+		- web-style.educ.cam.ac.uk
+		- www.damtp.cam.ac.uk
 
+		Mixed content blocking (MCB) triggered:
+		- news.admin.cam.ac.uk
+		- www.admin.cam.ac.uk
+		- www.cardiovascular.cam.ac.uk
+		- www.ccbi.cam.ac.uk
+		- www.haem.cam.ac.uk
+		- www.iph.cam.ac.uk
+		- www.jobs.cam.ac.uk
+		- www.landecon.cam.ac.uk
+		- www.med.cam.ac.uk
+		- ccge.medschl.cam.ac.uk
+		- emit.medschl.cam.ac.uk
+		- www.neurology.cam.ac.uk
+		- www.neuroscience.cam.ac.uk
+		- www.phpc.cam.ac.uk
+		- www.psychiatry.cam.ac.uk
+		- www.robinson.cam.ac.uk
+		- www.graduate.study.cam.ac.uk
+		- talks.cam.ac.uk
 -->
 <ruleset name="University of Cambridge (partial)">
+	<!-- one and only one rule -->
+	<rule from="^http:" to="https:" />
 
-	<target host="*.cam.ac.uk" />
-
-
-	<securecookie host="^www\.a(?:dmin|lumni)\.cam\.ac\.uk$" name=".+" />
-
-
-	<rule from="^http://(webservices\.admin|www2\.mrc-lmb|(?:shib\.)?raven|www\.(?:admin|cl|wolfson))\.cam\.ac\.uk/"
-		to="https://$1.cam.ac.uk/" />
-
-	<rule from="^http://(?:www\.)?alumni\.cam\.ac\.uk/"
-		to="https://www.alumni.cam.ac.uk/" />
-
-	<rule from="^http://(?:www\.)?damtp\.cam\.ac\.uk/global/"
-		to="https://www.damtp.cam.ac.uk/global/" />
-
+	<target host="cam.ac.uk" />
+	<target host="www.cam.ac.uk" />
+	<target host="www.accommodation.cam.ac.uk" />
+	<target host="www.childcare.admin.cam.ac.uk" />
+	<target host="www.em.admin.cam.ac.uk" />
+	<target host="www.equality.admin.cam.ac.uk" />
+	<target host="www.finance.admin.cam.ac.uk" />
+	<target host="2015.gaobase.admin.cam.ac.uk" />
+	<target host="2016.gaobase.admin.cam.ac.uk" />
+	<target host="www.hr.admin.cam.ac.uk" />
+	<target host="www.information-compliance.admin.cam.ac.uk" />
+	<target host="www.ppd.admin.cam.ac.uk" />
+	<target host="www.registrarysoffice.admin.cam.ac.uk" />
+	<target host="www.research-operations.admin.cam.ac.uk" />
+	<target host="www.student-registry.admin.cam.ac.uk" />
+	<target host="www.studentcomplaints.admin.cam.ac.uk" />
+	<target host="www.ubs.admin.cam.ac.uk" />
+	<target host="ufs.admin.cam.ac.uk" />
+	<target host="webservices.admin.cam.ac.uk" />
+	<target host="www.african.cam.ac.uk" />
+	<target host="www.aha.cam.ac.uk" />
+	<target host="alumni.cam.ac.uk" />
+	<target host="www.alumni.cam.ac.uk" />
+	<target host="www.ames.cam.ac.uk" />
+	<target host="www.access.arch.cam.ac.uk" />
+	<target host="www.arch.cam.ac.uk" />
+	<target host="www.martincentre.arct.cam.ac.uk" />
+	<target host="www.arct.cam.ac.uk" />
+	<target host="www.asnc.cam.ac.uk" />
+	<target host="www.ast.cam.ac.uk" />
+	<target host="www.bigdata.cam.ac.uk" />
+	<target host="bioinfotraining.bio.cam.ac.uk" />
+	<target host="caic.bio.cam.ac.uk" />
+	<target host="www.bio.cam.ac.uk" />
+	<target host="www.bioanth.cam.ac.uk" />
+	<target host="www.bioc.cam.ac.uk" />
+	<target host="www.biology.cam.ac.uk" />
+	<target host="www.cai.cam.ac.uk" />
+	<target host="www.campaign.cam.ac.uk" />
+	<target host="camsis.cam.ac.uk" />
+	<target host="www.camsis.cam.ac.uk" />
+	<target host="camtools.cam.ac.uk" />
+	<target host="www.careers.cam.ac.uk" />
+	<target host="www.caths.cam.ac.uk" />
+	<target host="www.cbr.cam.ac.uk" />
+	<target host="www.ccdc.cam.ac.uk" />
+	<target host="www.cctl.cam.ac.uk" />
+	<target host="www.ceb.cam.ac.uk" />
+	<target host="www.cerf.cam.ac.uk" />
+	<target host="www.cfr.cam.ac.uk" />
+	<target host="como.cheng.cam.ac.uk" />
+	<target host="www.chu.cam.ac.uk" />
+	<target host="www.cimr.cam.ac.uk" />
+	<target host="www.cisl.cam.ac.uk" />
+	<target host="sysdata.cl.cam.ac.uk" />
+	<target host="www.cl.cam.ac.uk" />
+	<target host="www.clarehall.cam.ac.uk" />
+	<target host="www.classics.cam.ac.uk" />
+	<target host="www.communications.cam.ac.uk" />
+	<target host="www.construction.cam.ac.uk" />
+	<target host="www.corpus.cam.ac.uk" />
+	<target host="www.counselling.cam.ac.uk" />
+	<target host="www.ahrcdtp.csah.cam.ac.uk" />
+	<target host="www.csah.cam.ac.uk" />
+	<target host="www.csc.cam.ac.uk" />
+	<target host="esrc-dtc.cshss.cam.ac.uk" />
+	<target host="www.cshss.cam.ac.uk" />
+	<target host="git.csx.cam.ac.uk" />
+	<target host="www.cusu.cam.ac.uk" />
+	<target host="www.darwin.cam.ac.uk" />
+	<target host="www.data.cam.ac.uk" />
+	<target host="www.devstudies.cam.ac.uk" />
+	<target host="www.digitalhumanities.cam.ac.uk" />
+	<target host="www.divinity.cam.ac.uk" />
+	<target host="www.dpmms.cam.ac.uk" />
+	<target host="www.inet.econ.cam.ac.uk" />
+	<target host="alternative-settings.educ.cam.ac.uk" />
+	<target host="caribbeanpoetry.educ.cam.ac.uk" />
+	<target host="conference.educ.cam.ac.uk" />
+	<target host="dialogueiwb.educ.cam.ac.uk" />
+	<target host="engaged.educ.cam.ac.uk" />
+	<target host="instructlab.educ.cam.ac.uk" />
+	<target host="iwbcollaboration.educ.cam.ac.uk" />
+	<target host="jotter.educ.cam.ac.uk" />
+	<target host="learningwithoutlimits.educ.cam.ac.uk" />
+	<target host="sendfiles.educ.cam.ac.uk" />
+	<target host="t-media.educ.cam.ac.uk" />
+	<target host="thinkingtogether.educ.cam.ac.uk" />
+	<target host="web-content.educ.cam.ac.uk" />
+	<target host="www.educ.cam.ac.uk" />
+	<target host="www.emma.cam.ac.uk" />
+	<target host="www.energy.cam.ac.uk" />
+	<target host="www.ifm.eng.cam.ac.uk" />
+	<target host="mi.eng.cam.ac.uk" />
+	<target host="www-csd.eng.cam.ac.uk" />
+	<target host="www-diva.eng.cam.ac.uk" />
+	<target host="www-structures.eng.cam.ac.uk" />
+	<target host="www.english.cam.ac.uk" />
+	<target host="www.enterprise.cam.ac.uk" />
+	<target host="www.esc.cam.ac.uk" />
+	<target host="www.festivalofideas.cam.ac.uk" />
+	<target host="www.fitz.cam.ac.uk" />
+	<target host="www.flyfacility.gen.cam.ac.uk" />
+	<target host="www.gen.cam.ac.uk" />
+	<target host="www.gender.cam.ac.uk" />
+	<target host="www.ccru.geog.cam.ac.uk" />
+	<target host="www.girton.cam.ac.uk" />
+	<target host="www.globalfood.cam.ac.uk" />
+	<target host="www.governance.cam.ac.uk" />
+	<target host="www.gradunion.cam.ac.uk" />
+	<target host="www.graphene.cam.ac.uk" />
+	<target host="www.4cmr.group.cam.ac.uk" />
+	<target host="www.epsrc.group.cam.ac.uk" />
+	<target host="www.finance.group.cam.ac.uk" />
+	<target host="jewishstudies.group.cam.ac.uk" />
+	<target host="ljc.group.cam.ac.uk" />
+	<target host="www.gurdon.cam.ac.uk" />
+	<target host="webmail.hermes.cam.ac.uk" />
+	<target host="www.hist.cam.ac.uk" />
+	<target host="www.hoart.cam.ac.uk" />
+	<target host="www.homerton.cam.ac.uk" />
+	<target host="www.hpc.cam.ac.uk" />
+	<target host="www.hps.cam.ac.uk" />
+	<target host="www.hsps.cam.ac.uk" />
+	<target host="www.hughes.cam.ac.uk" />
+	<target host="www.hutchison-mrc.cam.ac.uk" />
+	<target host="www.ice.cam.ac.uk" />
+	<target host="www.ideaspace.cam.ac.uk" />
+	<target host="www.immunology.cam.ac.uk" />
+	<target host="www.infectiousdisease.cam.ac.uk" />
+	<target host="www.internationalstudents.cam.ac.uk" />
+	<target host="www.jbs.cam.ac.uk" />
+	<target host="conference.jesus.cam.ac.uk" />
+	<target host="www.jesus.cam.ac.uk" />
+	<target host="www.kicc.cam.ac.uk" />
+	<target host="www.cchpr.landecon.cam.ac.uk" />
+	<target host="www.crerc.landecon.cam.ac.uk" />
+	<target host="www.languagesciences.cam.ac.uk" />
+	<target host="www.3cl.law.cam.ac.uk" />
+	<target host="www.cels.law.cam.ac.uk" />
+	<target host="www.cipil.law.cam.ac.uk" />
+	<target host="www.cpl.law.cam.ac.uk" />
+	<target host="www.ctl.law.cam.ac.uk" />
+	<target host="www.squire.law.cam.ac.uk" />
+	<target host="www.law.cam.ac.uk" />
+	<target host="exhibitions.lib.cam.ac.uk" />
+	<target host="bbsrcdtp.lifesci.cam.ac.uk" />
+	<target host="www.gradschl.lifesci.cam.ac.uk" />
+	<target host="lists.cam.ac.uk" />
+	<target host="map.cam.ac.uk" />
+	<target host="www.maths.cam.ac.uk" />
+	<target host="www.mcdonald.cam.ac.uk" />
+	<target host="anaesthetics.medschl.cam.ac.uk" />
+	<target host="cato.medschl.cam.ac.uk" />
+	<target host="gcat.medschl.cam.ac.uk" />
+	<target host="library.medschl.cam.ac.uk" />
+	<target host="medgen.medschl.cam.ac.uk" />
+	<target host="mrcdtp.medschl.cam.ac.uk" />
+	<target host="paediatrics.medschl.cam.ac.uk" />
+	<target host="radiology.medschl.cam.ac.uk" />
+	<target host="surgery.medschl.cam.ac.uk" />
+	<target host="www.medschl.cam.ac.uk" />
+	<target host="www-neurosciences.medschl.cam.ac.uk" />
+	<target host="www.mrc-bsu.cam.ac.uk" />
+	<target host="www.mrc-cbu.cam.ac.uk" />
+	<target host="www.mrc-cu.cam.ac.uk" />
+	<target host="www2.mrc-lmb.cam.ac.uk" />
+	<target host="www.msm.cam.ac.uk" />
+	<target host="www.murrayedwards.cam.ac.uk" />
+	<target host="www.mus.cam.ac.uk" />
+	<target host="www.museums.cam.ac.uk" />
+	<target host="www.nanodtc.cam.ac.uk" />
+	<target host="www.nanoscience.cam.ac.uk" />
+	<target host="www.newtontrust.cam.ac.uk" />
+	<target host="www.obgyn.cam.ac.uk" />
+	<target host="www.ois.cam.ac.uk" />
+	<target host="www.oncology.cam.ac.uk" />
+	<target host="www.opda.cam.ac.uk" />
+	<target host="www.openaccess.cam.ac.uk" />
+	<target host="www.path.cam.ac.uk" />
+	<target host="www.pdn.cam.ac.uk" />
+	<target host="www.pdoc.cam.ac.uk" />
+	<target host="www.pet.cam.ac.uk" />
+	<target host="www.phar.cam.ac.uk" />
+	<target host="www.phil.cam.ac.uk" />
+	<target host="www.philanthropy.cam.ac.uk" />
+	<target host="www.phone.cam.ac.uk" />
+	<target host="exoplanets.phy.cam.ac.uk" />
+	<target host="www.lsc.phy.cam.ac.uk" />
+	<target host="www.me.phy.cam.ac.uk" />
+	<target host="www.np.phy.cam.ac.uk" />
+	<target host="outreach.phy.cam.ac.uk" />
+	<target host="www.smf.phy.cam.ac.uk" />
+	<target host="www.sp.phy.cam.ac.uk" />
+	<target host="www.tcm.phy.cam.ac.uk" />
+	<target host="www.tfm.phy.cam.ac.uk" />
+	<target host="www.winton.phy.cam.ac.uk" />
+	<target host="www.phy.cam.ac.uk" />
+	<target host="www.physsci.cam.ac.uk" />
+	<target host="www.plantsci.cam.ac.uk" />
+	<target host="www.polis.cam.ac.uk" />
+	<target host="www.proctors.cam.ac.uk" />
+	<target host="www.bcni.psychol.cam.ac.uk" />
+	<target host="www.cne.psychol.cam.ac.uk" />
+	<target host="csl.psychol.cam.ac.uk" />
+	<target host="www.psychol.cam.ac.uk" />
+	<target host="www.psychometrics.cam.ac.uk" />
+	<target host="www.publicpolicy.cam.ac.uk" />
+	<target host="www.queens.cam.ac.uk" />
+	<target host="raven.cam.ac.uk" />
+	<target host="shib.raven.cam.ac.uk" />
+	<target host="www.repository.cam.ac.uk" />
+	<target host="search.cam.ac.uk" />
+	<target host="api.search.cam.ac.uk" />
+	<target host="www.scrutiny.cam.ac.uk" />
+	<target host="www.sel.cam.ac.uk" />
+	<target host="www.sensors.cam.ac.uk" />
+	<target host="www.sid.cam.ac.uk" />
+	<target host="www.slcu.cam.ac.uk" />
+	<target host="sms.cam.ac.uk" />
+	<target host="upload.sms.cam.ac.uk" />
+	<target host="www.sms.cam.ac.uk" />
+	<target host="www.socanth.cam.ac.uk" />
+	<target host="www.socialclub.cam.ac.uk" />
+	<target host="www.reprosoc.sociology.cam.ac.uk" />
+	<target host="www.sociology.cam.ac.uk" />
+	<target host="www.sport.cam.ac.uk" />
+	<target host="www.st-edmunds.cam.ac.uk" />
+	<target host="www.stemcells.cam.ac.uk" />
+	<target host="www.undergraduate.study.cam.ac.uk" />
+	<target host="www.synbio.cam.ac.uk" />
+	<target host="www.sysbiol.cam.ac.uk" />
+	<target host="www.tech.cam.ac.uk" />
+	<target host="www.trin.cam.ac.uk" />
+	<target host="www.trinhall.cam.ac.uk" />
+	<target host="www.trophoblast.cam.ac.uk" />
+	<target host="www.ucs.cam.ac.uk" />
+	<target host="www.uis.cam.ac.uk" />
+	<target host="www.vet.cam.ac.uk" />
+	<target host="vle.cam.ac.uk" />
+	<target host="www.vle.cam.ac.uk" />
+	<target host="www.wbic.cam.ac.uk" />
+	<target host="wiki.cam.ac.uk" />
+	<target host="www.wolfson.cam.ac.uk" />
+	<target host="wt-globalhealth.cam.ac.uk" />
+	<target host="www.zoo.cam.ac.uk" />
 </ruleset>
diff --git a/src/chrome/content/rules/University-of-Central-Florida.xml b/src/chrome/content/rules/University-of-Central-Florida.xml
index bf70e324d032..301b4696f740 100644
--- a/src/chrome/content/rules/University-of-Central-Florida.xml
+++ b/src/chrome/content/rules/University-of-Central-Florida.xml
@@ -1,4 +1,10 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ucf.edu/ => https://ucf.edu/: (7, 'Failed to connect to ucf.edu port 443: Connection timed out')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://ucf.edu/ => https://ucf.edu/: (7, 'Failed to connect to ucf.edu port 443: Connection timed out')
 	Nonfunctional subdomains:
 
 		- events		(valid cert; at least some paths 404)
@@ -9,16 +15,26 @@
 		- portal-help		(times out)
 
 -->
-<ruleset name="University of Central Florida (partial)">
+<ruleset name="University of Central Florida (partial)" default_off="failed ruleset test">
 
 	<target host="ucf.edu" />
-	<target host="*.ucf.edu" />
+	<target host="admissions.ucf.edu" />
+	<target host="bot.ucf.edu" />
+	<target host="brand.ucf.edu" />
+	<target host="cdn.ucf.edu" />
+	<target host="communityrelations.ucf.edu" />
+	<target host="fsi.ucf.edu" />
+	<target host="hospitality.ucf.edu" />
+	<target host="my.ucf.edu" />
+	<target host="today.ucf.edu" />
+	<target host="smca.ucf.edu" />
+	<target host="universityheader.ucf.edu" />
+	<target host="www.ucf.edu" />
 
 
-	<securecookie host="^(?:admissions|bot|brand|cdn|communityrelations|fsi|hospitality|my|smca|today|universityheader)\.ucf\.edu$" name=".*" />
+	<securecookie host="^(?:admissions|bot|brand|cdn|communityrelations|fsi|hospitality|my|smca|today|universityheader)\.ucf\.edu$" name=".+" />
 
 
-	<rule from="^http://((?:admissions|bot|brand|cdn|communityrelations|fsi|hospitality|my|today|smca|universityheader|www)\.)?ucf\.edu/"
-		to="https://$1ucf.edu/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/University-of-Chicago-self-signed.xml b/src/chrome/content/rules/University-of-Chicago-self-signed.xml
deleted file mode 100644
index 1cca2a98782c..000000000000
--- a/src/chrome/content/rules/University-of-Chicago-self-signed.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	For rules that are on by default, see University-of-Chicago.xml.
-
--->
-<ruleset name="University of Chicago (self-signed)" default_off="self-signed">
-
-	<target host="astro.uchicago.edu" />
-	<target host="press.ci.uchicago.edu" />
-
-
-	<rule from="^http://(astro|press\.ci)\.uchicago\.edu/"
-		to="https://$1.uchicago.edu/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/University-of-Chicago.xml b/src/chrome/content/rules/University-of-Chicago.xml
index d689a67f0d55..d57aff861bb5 100644
--- a/src/chrome/content/rules/University-of-Chicago.xml
+++ b/src/chrome/content/rules/University-of-Chicago.xml
@@ -1,25 +1,46 @@
 <!--
-	For problematic rules, see University-of-Chicago-self-signed.xml.
+	Non-functional hosts
+		Couldn't connect to server:
+			 - bay.uchicago.edu
 
+		SSL peer certificate was not OK:
+			 - beagle.ci.uchicago.edu
+			 - proxy.uchicago.edu
+
+		Peer certificate cannot be authenticated with given CA certificates:
+			 - hours.lib.uchicago.edu
+
+		Incomplete certificate chain error:
+			 - pads.ci.uchicago.edu
+			 - pokey.ci.uchicago.edu
+			 - press.ci.uchicago.edu
 -->
 <ruleset name="University of Chicago (partial)">
-
 	<target host="uchicago.edu" />
-	<target host="*.uchicago.edu" />
-	<target host="*.ci.uchicago.edu" />
-
-
-	<securecookie host="^.*\.uchicago\.edu$" name=".*" />
-
-
-	<!--	- //uchicago doesn't work over https
-		- //uchicago redirects to www over http
-		- Cert doesn't match //ci
-				-->
-	<rule from="^https?://(?:www\.)?(ci\.)?uchicago\.edu/"
-		to="https://www.$1uchicago.edu/" />
-
-	<rule from="^http://((?:beagle|pads|pokey)\.ci|identity)\.uchicago\.edu/"
-		to="https://$1.uchicago.edu/" />
-
+	<target host="answers.uchicago.edu" />
+	<target host="astro.uchicago.edu" />
+	<target host="blueprint.uchicago.edu" />
+	<target host="ci.uchicago.edu" />
+	<target host="www.ci.uchicago.edu" />
+	<target host="identity.uchicago.edu" />
+	<target host="identitymanagement.uchicago.edu" />
+	<target host="ipo.uchicago.edu" />
+	<target host="itservices.uchicago.edu" />
+	<target host="leadership.uchicago.edu" />
+	<target host="www.lib.uchicago.edu" />
+	<target host="math.uchicago.edu" />
+	<target host="www.math.uchicago.edu" />
+	<target host="proxy.uchicago.edu" />
+	<target host="login.proxy.uchicago.edu" />
+	<target host="www.proxy.uchicago.edu" />
+	<target host="safety-security.uchicago.edu" />
+	<target host="shibboleth2.uchicago.edu" />
+	<target host="studentactivities.uchicago.edu" />
+	<target host="www.uchicago.edu" />
+
+	<rule from="^http://proxy\.uchicago\.edu/"
+			to="https://www.proxy.uchicago.edu/" />
+
+	<rule from="^http:"
+			to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/University-of-Colorado-at-Boulder.xml b/src/chrome/content/rules/University-of-Colorado-at-Boulder.xml
index b5c916269cd3..95396da59157 100644
--- a/src/chrome/content/rules/University-of-Colorado-at-Boulder.xml
+++ b/src/chrome/content/rules/University-of-Colorado-at-Boulder.xml
@@ -1,17 +1,43 @@
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://colorado.edu/ => http://colorado.edu/: Redirect for 'http://colorado.edu/' missing Location
+	University of Colorado at Boulder
+
+
 	Nonfunctional subdomains:
 
+		- ccar ¹
 		- lasp		(403/404)
+		- sciencepolicy ²
+
+	¹ 403
+	² Shows ciresweb
+
+
+	Problematic subdomains:
+
+		- cires ¹
+		- ciresweb ²
+
+	¹ Mismatched, CN: ciresweb.colorado.edu
+	² Expired
 
 
 	Fully covered subdomains:
 
 		- fiske
 		- laspwebmail
+		- oceanus
+
+
+	These altnames don't exist:
+
+		- www.oceanus.coloradu.edu
 
 
 	Mixed content:
 
+		- css on ciresweb from cires
 		- css on fiske from fonts.googleapis.com *
 
 		- Images, on:
@@ -23,10 +49,14 @@
 	** Unsecurable
 
 -->
-<ruleset name="University of Colorado at Boulder (partial)">
+<ruleset name="Colorado.edu (partial)">
 
 	<target host="colorado.edu" />
-	<target host="*.colorado.edu" />
+	<target host="www.colorado.edu" />
+	<target host="fiske.colorado.edu" />
+	<target host="jila.colorado.edu" />
+	<target host="laspwebmail.colorado.edu" />
+	<target host="oceanus.colorado.edu" />
 
 
 	<securecookie host="^laspwebmail\.colorado\.edu$" name=".+" />
@@ -36,7 +66,7 @@
 	<rule from="^http://(www\.)?colorado\.edu/(misc|profiles|sites)/"
 		to="https://$1colorado.edu/$2/" />
 
-	<rule from="^http://(fiske|jila|laspwebmail)\.colorado\.edu/"
+	<rule from="^http://(fiske|jila|laspwebmail|oceanus)\.colorado\.edu/"
 		to="https://$1.colorado.edu/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/University-of-Copenhagen.xml b/src/chrome/content/rules/University-of-Copenhagen.xml
index 1cf1463faa9f..3411e5f78d63 100644
--- a/src/chrome/content/rules/University-of-Copenhagen.xml
+++ b/src/chrome/content/rules/University-of-Copenhagen.xml
@@ -39,10 +39,9 @@
 	<target host="intranet.ku.dk" />
 
 
-	<securecookie host="^\w.*\.ku\.dk$" name=".*" />
+	<securecookie host="^\w.*\.ku\.dk$" name=".+" />
 
 
-	<rule from="^http://(www2\.adm|intranet)\.ku\.dk/"
-		to="https://$1.ku.dk/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/University-of-Delaware.xml b/src/chrome/content/rules/University-of-Delaware.xml
index 5bd9d8a52335..b403b33ba2cd 100644
--- a/src/chrome/content/rules/University-of-Delaware.xml
+++ b/src/chrome/content/rules/University-of-Delaware.xml
@@ -2,8 +2,6 @@
 
 	<target host="udel.edu" />
 	<target host="*.udel.edu" />
-	<target host="*.facilities.udel.edu" />
-	<target host="*.nss.udel.edu" />
 
 
 	<securecookie host="^(?:extension|.*\.nss)\.udel\.edu$" name=".+" />
@@ -24,4 +22,4 @@
 	<rule from="^http://www\.facilities\.udel\.edu/(App_Themes|[dD]ata|Secure)/"
 		to="https://www.facilities.udel.edu/$1/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/University-of-Eastern-Finland.xml b/src/chrome/content/rules/University-of-Eastern-Finland.xml
index f9ef5b4106c1..081e69718db4 100644
--- a/src/chrome/content/rules/University-of-Eastern-Finland.xml
+++ b/src/chrome/content/rules/University-of-Eastern-Finland.xml
@@ -1,13 +1,17 @@
-<!--	!functional:
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cs.joensuu.fi/ => https://cs.joensuu.fi/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+	!functional:
 		- aducate.uef.fi	(valid cert, shows RHEL test page)
 -->
-<ruleset name="University of Eastern Finland (partial)">
+<ruleset name="University of Eastern Finland (partial)" default_off="failed ruleset test">
 
 	<target host="cs.joensuu.fi"/>
 	<target host="uef.fi"/>
 	<target host="www.uef.fi"/>
 
-	<securecookie host="^www\.uef\.fi$" name=".*"/>
+	<securecookie host="^www\.uef\.fi$" name=".+" />
 
 	<rule from="^http://cs\.joensuu\.fi/"
 		to="https://cs.joensuu.fi/"/>
diff --git a/src/chrome/content/rules/University-of-Exeter.xml b/src/chrome/content/rules/University-of-Exeter.xml
index eb18d53a128a..6a6299b82931 100644
--- a/src/chrome/content/rules/University-of-Exeter.xml
+++ b/src/chrome/content/rules/University-of-Exeter.xml
@@ -1,66 +1,48 @@
 <!--
-	Nonfunctional subdomains:
+	Non-functional hosts in *.exeter.ac.uk
+		Timeout:
+		- owa.exeter.ac.uk
 
-		- psychology	(redirects to as)
-		- sshs		(redirects to as)
+		Couldn't connect to server:
+		- gosling.exeter.ac.uk
 
+		Incomplete certificate chain error:
+		- evisit.exeter.ac.uk
 
-	Fully covered domains:
-
-		- newton.ex.ac.uk
-
-		- *.exeter.ac.uk:
-
-			- emps
-
+		Mixed content blocking (MCB) triggered:
+		- apps.exeter.ac.uk
+		- ceder.exeter.ac.uk
+		- education.exeter.ac.uk
+		- sshs.exeter.ac.uk
 -->
 <ruleset name="University of Exeter (partial)">
-
-	<target host="ex.ac.uk" />
-	<target host="*.ex.ac.uk" />
 	<target host="exeter.ac.uk" />
-	<target host="*.exeter.ac.uk" />
-		<exclusion pattern="^http://(?:www\.)?(?:psychology|sshs)\." />
-
-
-	<securecookie host="^(?:.*\.)?exeter\.ac\.uk$" name=".+" />
-
-
-	<rule from="^http://newton\.ex\.ac\.uk/"
-		to="https://newton.ex.ac.uk/" />
-
-	<!--	Observed subdomains:
-
-			- apps
-			- as
-			- biosciences
-			- business-school
-			- education
-			- emps
-			- evisit	(stats beacon)
-			- geography
-			- gosling
-			- humanities
-			- intranet
-			- lib
-			- lifesciences
-			- my
-			- mysso
-			- owa
-			- projects
-			- sid
-			- socialsciences
-			- srs
-			- www
-
-	Cert only matches exeter
-				-->
-	<rule from="^https?://([\w-]+\.)?ex(?:eter)?\.ac\.uk/"
-		to="https://$1exeter.ac.uk/" />
-
-	<!--	Cert only matches //*.exeter
-						-->
-	<rule from="^https?://(?:www\.)?([\w-]+\.)ex(?:eter)?\.ac\.uk/"
-		to="https://$1exeter.ac.uk/" />
-
+	<target host="www.exeter.ac.uk" />
+	<target host="as.exeter.ac.uk" />
+	<target host="biosciences.exeter.ac.uk" />
+	<target host="blogs.exeter.ac.uk" />
+	<target host="business-school.exeter.ac.uk" />
+	<target host="directory.exeter.ac.uk" />
+	<target host="emps.exeter.ac.uk" />
+	<target host="empslocal.ex.ac.uk" />
+	<target host="geography.exeter.ac.uk" />
+	<target host="humanities.exeter.ac.uk" />
+	<target host="intranet.exeter.ac.uk" />
+	<target host="lib.exeter.ac.uk" />
+	<target host="libguides.exeter.ac.uk" />
+	<target host="lifesciences.exeter.ac.uk" />
+	<target host="medicine.exeter.ac.uk" />
+	<target host="my.exeter.ac.uk" />
+	<target host="oao.exeter.ac.uk" />
+	<target host="online.exeter.ac.uk" />
+	<target host="projects.exeter.ac.uk" />
+	<target host="psychology.exeter.ac.uk" />
+	<target host="sid.exeter.ac.uk" />
+	<target host="socialsciences.exeter.ac.uk" />
+	<target host="srs.exeter.ac.uk" />
+	<target host="tarc.exeter.ac.uk" />
+	<target host="tentors.exeter.ac.uk" />
+	<target host="vle.exeter.ac.uk" />
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/University-of-Florida-expired.xml b/src/chrome/content/rules/University-of-Florida-expired.xml
index eea949b0a323..4cc2fb431b89 100644
--- a/src/chrome/content/rules/University-of-Florida-expired.xml
+++ b/src/chrome/content/rules/University-of-Florida-expired.xml
@@ -13,7 +13,7 @@
 
 
 	<!--	Certs only matches //subdomain.	-->
-	<rule from="^https?://(?:www\.)?(admin|hscj)\.ufl\.edu/"
+	<rule from="^http://(?:www\.)?(admin|hscj)\.ufl\.edu/"
 		to="https://$1.ufl.edu/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/University-of-Florida.xml b/src/chrome/content/rules/University-of-Florida.xml
index 4b12b5047d31..aa20fa166606 100644
--- a/src/chrome/content/rules/University-of-Florida.xml
+++ b/src/chrome/content/rules/University-of-Florida.xml
@@ -1,4 +1,10 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.shands.org/ => https://www.shands.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.shands.org'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.shands.org/ => https://www.shands.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.shands.org'")
 	For problematic rules, see University-of-Florida-expired.xml.
 
 
@@ -40,16 +46,16 @@
 		- (www.)ufadvising	(reset)
 		- (www.)umatter		(ssl_error_rx_record_too_long)
 		- (www.)urel		(times out)
-		- www			(times out)
+		- www			(refused)
 
 -->
-<ruleset name="University of Florida (partial)">
+<ruleset name="University of Florida (partial)" default_off="failed ruleset test">
 
 	<target host="www.shands.org" />
 	<target host="*.ufl.edu" />
 
 
-	<securecookie host="^\w[\w\.]*\.ufl\.edu$" name=".*" />
+	<securecookie host="^\w[\w\.]*\.ufl\.edu$" name=".+" />
 
 
 	<!--	- cise, isis, & uff: Cert only matches www
@@ -57,25 +63,25 @@
 		- //crc cert: COMMPOOL.CRC.UFL.EDU
 		- //crc only shows "Under Construction"
 					-->
-	<rule from="^https?://(?:www\.)?(cise|crc|fa|isis|uff)\.ufl\.edu/"
+	<rule from="^http://(?:www\.)?(cise|crc|fa|isis|uff)\.ufl\.edu/"
 		to="https://www.$1.ufl.edu/" />
 
 	<!--	Fails to redirect over https.	-->
-	<rule from="^https?://lists\.ufl\.edu/archives/net-managers-l\.html"
+	<rule from="^http://lists\.ufl\.edu/archives/net-managers-l\.html"
 		to="https://lists.ufl.edu/cgi-bin/wa?A0=NET-MANAGERS-L" />
 
 	<rule from="^http://((?:labs|lss)\.at|catalog|counceling|evaluations|service\.gatorlink|gradschool|security\.health|(?:alerts|asc|etd|static)\.helpdesk|infosec|test\.isis|alerts\.it|lists|login|my|net-services|nms(?:-console)?\.ns|open-systems|(?:images|style)\.webadmin|webmail)\.ufl\.edu/"
 		to="https://$1.ufl.edu/" />
 
 	<!--	Cert only matches *.sites.medinfo	-->
-	<rule from="^https?://forwardtogether\.(?:health|sites\.medinfo).ufl.edu/"
+	<rule from="^http://forwardtogether\.(?:health|sites\.medinfo)\.ufl\.edu/"
 		to="https://forwardtogether.sites.medinfo.ufl.edu/" />
 
 	<!--	- Cert only matches www
 		- At least the homepage redirects to http
 		- Seems that all paths in .+/$ are safe, as they redirect to .+/.*.aspx when unsupported
 					-->
-	<rule from="^https?://(?:www\.)?ufalumni\.ufl\.edu/($|App_Themes/|images/|login\.aspx|membersonly/register|resources/|styles/|WebResource\.axd|[\w\-\./]+/$)"
+	<rule from="^http://(?:www\.)?ufalumni\.ufl\.edu/($|App_Themes/|images/|login\.aspx|membersonly/register|resources/|styles/|WebResource\.axd|[\w\-\./]+/$)"
 		to="https://www.ufalumni.ufl.edu/$1" />
 
 	<rule from="^http://www\.shands\.org/"
diff --git a/src/chrome/content/rules/University-of-Groningen.xml b/src/chrome/content/rules/University-of-Groningen.xml
index 2161afb9efde..01be299ad688 100644
--- a/src/chrome/content/rules/University-of-Groningen.xml
+++ b/src/chrome/content/rules/University-of-Groningen.xml
@@ -1,8 +1,13 @@
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.astro.rug.nl/ => https://www.astro.rug.nl/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+-->
 <ruleset name="University of Groningen (partial)">
 
 	<target host="rug.nl"/>
-	<target host="*.rug.nl"/>
-	<target host="www.astro.rug.nl"/>
+	<target host="www.rug.nl" />
+	<target host="astro.rug.nl" />
+	<target host="www.astro.rug.nl" />
 
 	<rule from="^http://(www\.)?rug\.nl/(_definition/|sterrenkunde/([!_]css|_shared/|onderwijs/index!login))"
 		to="https://$1rug.nl/$2"/>
diff --git a/src/chrome/content/rules/University-of-Helsinki.xml b/src/chrome/content/rules/University-of-Helsinki.xml
index ef8958c5c91e..356984a4da87 100644
--- a/src/chrome/content/rules/University-of-Helsinki.xml
+++ b/src/chrome/content/rules/University-of-Helsinki.xml
@@ -26,14 +26,20 @@
 <ruleset name="University of Helsinki (partial)">
 
 	<target host="helsinki.fi" />
-	<target host="*.helsinki.fi" />
+	<target host="www.helsinki.fi" />
+	<target host="alma.helsinki.fi" />
+	<target host="alumniverkosto.helsinki.fi" />
+	<target host="blogs.helsinki.fi" />
+	<target host="www-db2.helsinki.fi" />
+	<target host="cs.helsinki.fi" />
+	<target host="www.cs.helsinki.fi" />
 
 
 	<!--securecookie host="^\.cs\.helsinki\.fi$" name="^SESS\w{32}$" /-->
 
 
 	<!--	Cert doesn't match !www.	-->
-	<rule from="^https?://helsinki\.fi/"
+	<rule from="^http://helsinki\.fi/"
 		to="https://www.helsinki.fi/" />
 
 	<!--	- Some pages redirect to http
diff --git a/src/chrome/content/rules/University-of-Hertfordshire.xml b/src/chrome/content/rules/University-of-Hertfordshire.xml
index 7331284ccef6..efcb596cd9f4 100644
--- a/src/chrome/content/rules/University-of-Hertfordshire.xml
+++ b/src/chrome/content/rules/University-of-Hertfordshire.xml
@@ -1,30 +1,40 @@
 <!--
+	University of Hertfordshire
+
+
 	Nonfunctional subdomains:
 
-		- (www.)
+		- (www.)?
 		- perseus
 		- sitem
-		- (www.)voyager
+		- (www.)?voyager
+
+
+	Problematic subdomains:
+
+		- go ¹
+		- studynet[12] ²
+
+	¹ Cert only matches www-apps
+	² Cert only matches www.foo
 
 -->
-<ruleset name="University of Hertfordshire (partial)">
+<ruleset name="Herts.ac.uk (partial)">
 
 	<target host="*.herts.ac.uk" />
-	<target host="www.*.herts.ac.uk" />
 
 
-	<!--	Cert only matches www-apps
-		- Redirects like so
-		-->
-	<rule from="^https?://go\.herts\.ac\.uk/(\w*)"
-		to="https://web-apps.herts.ac.uk/go/?go=$1" />
+	<!--	Redirects like so:
+					-->
+	<rule from="^http://go\.herts\.ac\.uk/(?=\w)"
+		to="https://web-apps.herts.ac.uk/go/?go=" />
+
+	<rule from="^http://(?:www\.)?studynet(1|2)?\.herts\.ac\.uk/"
+		to="https://www.studynet$1.herts.ac.uk/" />
 
-	<!--	//studentrecord. doesn't exist.	-->
+	<!--	//studentrecord. doesn't exist.
+						-->
 	<rule from="^http://(www\.studentrecord|web-apps)\.herts\.ac\.uk/"
 		to="https://$1.herts.ac.uk/" />
 
-	<!--	Certs only matches www.studynet[12]?.	-->
-	<rule from="^https?://(?:www\.)?studynet([12])?\.herts\.ac\.uk/"
-		to="https://www.studynet$1.herts.ac.uk/" />
-
 </ruleset>
diff --git a/src/chrome/content/rules/University-of-Idaho.xml b/src/chrome/content/rules/University-of-Idaho.xml
index 001d0f4e2ee1..8e859fe046b1 100644
--- a/src/chrome/content/rules/University-of-Idaho.xml
+++ b/src/chrome/content/rules/University-of-Idaho.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www2.sites.uidaho.edu/ => https://www2.sites.uidaho.edu/: (6, 'Could not resolve host: www2.sites.uidaho.edu')
+
 	dee.uidaho.edu & support.uidaho.edu are handled in WordPress-blogs.xml.
 
 
@@ -18,15 +22,22 @@
 		- www.webs	(cert: www.sci.uidaho.edu; 302s to www.webpages)
 
 -->
-<ruleset name="University of Idaho (partial)">
+<ruleset name="University of Idaho (partial)" default_off="failed ruleset test">
 
 	<target host="uidaho.edu" />
-	<target host="*.uidaho.edu" />
+	<target host="sitecore.uidaho.edu" />
+	<target host="vandalweb.uidaho.edu" />
+	<target host="www.dfa.uidaho.edu" />
+	<target host="www.sci.uidaho.edu" />
+	<target host="www.uiweb.uidaho.edu" />
+	<target host="www.webedit.uidaho.edu" />
+	<target host="www.sites.uidaho.edu" />
+	<target host="www2.sites.uidaho.edu" />
+	<target host="www.uidaho.edu" />
+	<target host="www.its.uidaho.edu" />
 	<!--
 		^dfa, ^its, ^sci, ^sites, ^uiweb, & ^webedit don't exist.
 					-->
-	<target host="www.*.uidaho.edu" />
-	<target host="www2.sites.uidaho.edu" />
 
 
 	<securecookie host="^\w.*\.uidaho\.edu$" name=".+" />
@@ -38,7 +49,7 @@
 	<!--	- Cert: www.webedit
 		- 302s like so
 				-->
-	<rule from="^https?://www\.its\.uidaho\.edu/$"
+	<rule from="^http://www\.its\.uidaho\.edu/$"
 		to="https://www.uidaho.edu/its" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/University-of-Illinois-at-Urbana-Champaign.xml b/src/chrome/content/rules/University-of-Illinois-at-Urbana-Champaign.xml
index c9bedd8d1ad6..4717d8870206 100644
--- a/src/chrome/content/rules/University-of-Illinois-at-Urbana-Champaign.xml
+++ b/src/chrome/content/rules/University-of-Illinois-at-Urbana-Champaign.xml
@@ -1,44 +1,89 @@
+
 <!--
-	Nonfunctional domains:
-
-		-  illinois.edu subdomains:
-
-			- acdis *
-			- admissions		(403 & 404, expired, CN: www-s2.oar.illinois.edu)
-			- blog.admissions *
-			- www.ahs		(shows www.mrp, CN: www.mrp.illinois.edu)
-			- isl.beckman **
-			- (www.)bioen ***
-			- bioengineering ***
-			- (www.)cam ****
-			- cgs
-			- cs			(shows chbe, CN: engineering.illinois.edu)
-			- lists.cs
-			- disability		(prints "The service is unavailable.", expired, self-signed, CN: ED-webdev1.ad.uiuc.edu)
-			- engagement ****
-			- www.grad		(403)
-			- honors ****
-			- i2i ****
-			- ilint ****
-			- (www.)ise ***
-			- www.isss ***
-			- iti ***
-			- www.iti		(shows chbe, mismatched)
-			- (www.)library
-			- (www.)ncsa **
-			- mechanical *****
-			- mechse *****
-			- mrl *****
-			- news ****
-			- npre ******
-			- parallel ******
-
-		- uiuc.edu subdomains:
-
-			- lists.cs
-			- (www.)isl **
-			- syzygy.isl **
-			- (www.)ms-tech		(shows business.illinois.edu; mismatched, CN: business.illinois.edu)
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.cites.illinois.edu/ => https://www.cites.illinois.edu/: (6, 'Could not resolve host: www.cites.illinois.edu')
+Non-2xx HTTP code: http://www.citl.illinois.edu/ (200) => https://www.citl.illinois.edu/ (404)
+Fetch error: http://asplos14.cs.illinois.edu/ => https://asplos14.cs.illinois.edu/: (51, "SSL: no alternative certificate subject name matches target host name 'asplos14.cs.illinois.edu'")
+Fetch error: http://orchid.cs.illinois.edu/ => https://orchid.cs.illinois.edu/: (51, "SSL: no alternative certificate subject name matches target host name 'orchid.cs.illinois.edu'")
+Fetch error: http://dps.illinois.edu/ => https://dps.illinois.edu/: (51, "SSL: no alternative certificate subject name matches target host name 'police.illinois.edu'")
+Fetch error: http://www.dps.illinois.edu/ => https://www.dps.illinois.edu/: (51, "SSL: no alternative certificate subject name matches target host name 'police.illinois.edu'")
+Fetch error: http://wiki.engr.illinois.edu/ => https://wiki.engr.illinois.edu/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://bookstore.law.illinois.edu/ => https://bookstore.law.illinois.edu/: (6, 'Could not resolve host: bookstore.law.illinois.edu')
+Fetch error: http://legacy.illinois.edu/ => https://legacy.illinois.edu/: (51, "SSL: no alternative certificate subject name matches target host name 'legacy.illinois.edu'")
+Fetch error: http://support.lis.illinois.edu/ => https://support.lis.illinois.edu/: (51, "SSL: no alternative certificate subject name matches target host name 'support.lis.illinois.edu'")
+Fetch error: http://mail.scs.illinois.edu/ => https://mail.scs.illinois.edu/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://gargoyle.uni.illinois.edu/ => https://gargoyle.uni.illinois.edu/: (51, "SSL: no alternative certificate subject name matches target host name 'gargoyle.uni.illinois.edu'")
+Non-2xx HTTP code: http://uofi.illinois.edu/ (200) => https://uofi.illinois.edu/ (403)
+Fetch error: http://police.illinois.edu/ => https://dps.illinois.edu/: (51, "SSL: no alternative certificate subject name matches target host name 'police.illinois.edu'")
+
+	Other University of Illinois at Urbana Champaign rulesets:
+
+		- Illinois_Law_Review.org.xml
+		- UIUC.edu.xml
+
+
+	Nonfunctional hosts in *illinois.edu:
+
+		- 4hfoundation		Pages redirect to http
+		- acdis *
+		- aces			Pages redirect to http
+
+		- advancement.aces	Pages redirect to http
+		- pilotplant.aces	Shows another domain
+		- research.aces		Pages redirect to http
+		- techsupport.aces	Shows default page
+
+		- admissions		(403 & 404, expired, CN: www-s2.oar.illinois.edu)
+		- blog.admissions *
+		- www.ahr **
+		- www.ahs		(shows www.mrp, CN: www.mrp.illinois.edu)
+		- (www.)?art		404
+		- stars.astro		Handshake fails
+		- isl.beckman **
+		- (www.)bioen ***
+		- bioengineering ***
+		- (www.)?biomedical	Shows another domain
+		- (www.)?campusrec	Redirects to http
+		- www.carli	Refused
+		- catalog	Refused
+		- cgs
+		- fae20.cita	Refused
+		- whs.crhc	404
+		- fsl.cs		Refused
+		- safecode.cs		Redirects to shibboleth.illinois.edu
+		- synrg.csl		Redirects to shibboleth.illinois.edu
+		- disability		(prints "The service is unavailable.", expired, self-signed, CN: ED-webdev1.ad.uiuc.edu)
+		- ease			Redirects to shibboleth.illinois.edu
+		- eoh.ec		Dropped
+		- engagement ****
+		- engineering.dev.engr	404
+		- hr.engr		404
+		- ada.fs		Handshake fails
+		- g			Shows another domain
+		- (www.)?grad		(403)
+		- 2017.grad		404
+		- i2i ****
+		- ilint ****
+		- (www.)ise ***
+		- www.isss ***
+		- itcs			Pages redirect to http
+		- www.las		Handshake fails
+		- www.lasonline		Handshake fails
+		- (www.)library		Refused
+		- mtl.math		Plaintext reply
+		- mbachicago		Redirects to business.illinois.edu
+		- (www.)?ncsa		Refused
+		- mechse *****
+		- mrl *****
+		- www.parking		404
+		- psychology **
+		- www.psychology	Handshake fails
+		- (www.)?scs		Redirects to http/404
+		- electronics.scs	Redirects to www.scs.illinois.edu
+		- networking.scs	Redirects to www.scs.illinois.edu
+		- sustainability	Plaintext reply
+		- union		Redirects to http
+		- www.urban	Handshake fails
 
 	* Shows lsecure.admin; CN: lsecure.admin.illinois.edu
 	** Times out
@@ -48,155 +93,385 @@
 	****** Shows chbe, cert valid
 
 
-	Problematic domains:
-
-		illinois.edu subdomains:
-
-			- www *
-			- www.business		(expired 2010-05-30, mismatched, CN: www.business.uiuc.edu)
-			- www.chbe *
-			- www.engineering *
-			- www.housing		(cert only matches www-s.housing)
-			- mrp			(cert only matches www.mrp)
-
-		uiuc.edu subdomains:
+	Problematic hosts in *illinois.edu:
 
-			- (www.)		(mismatched, redirects to illinois.edu)
-			- www.ks		(cert only matches www-s.ks.uiuc.edu)
-			- (www.)union		(cert doesn't match uiuc)
+		- (www.)?bioteh *
+		- www.business		404
+		- www1.business *
+		- www.chbe *
+		- fae.cita	self-signed
+		- www.cs *
+		- dmi *
+		- earth		Redirect differs
+		- ece		404
+		- ecs.engineering *
+		- www.engineering *
+		- hpcbio *
+		- (www.)?housing *
+		- identitystandards *
+		- (www.)?iefx *
+		- (www.)?inclusiveillinois *
+		- guides.library *
+		- lis *
+		- (www.)?mechse *
+		- mrp *
+		- otm *		Expired
+		- police *
+		- publicaffairs *
+		- researchpark		Refused
+		- www.researchpark *
+		- senate *
+		- shr *
+		- www.studentaffairs *
+		- (www.)?trainingcenter *
 
-	* Cert doesn't match www
+	* Mismatched
 
 
-	Partially covered domains:
+	Insecure cookies are set for these hosts:
 
-		- illinois.edu subdomains:
+		- asplos14.cs.illinois.edu
+		- pact14.cs.illinois.edu
 
-			- (www.) *
-			- cs		(→ chbe.illinois.edu)
-			- npre		(→ chbe.illinois.edu)
 
-		- (www.)uiuc.edu *
+	Mixed content:
 
-	* Some (most?) pages redirect to http
+		- css, on:
 
+			- ^ from maxcdn.bootstrapcdn.com *
+			- wiki.engr, enrollmentmanagement, careers.scs, strategicplan from fonts.googleapis.com *
 
-	Fully covered domains:
+		- Images, on:
 
-		- illinois.edu
+			- ^, www.igb, gargoyle.uni from $self *
+			- web.housing, www-s.housing from www.housing.illinois.edu *
+			- jobs from uiuuat.hiretouch.com
+			- www.lis from pbs.twimg.com *
+			- my.mechse from mechanical.illinois.edu *
+			- www.researchpark from researchpark.illinois.edu
 
-			- secure.admin
-			- autodiscover
-			- (www.)business	(www → ^)
-			- www1.business
-			- chbe
-			- www.chbe		(→ chbe.illinois.edu)
+		- favicons, on:
 
-			- engineering subdomains:
+			- enrollmentmanagement from ^illinois.edu
+			- humanresources from identitystandards.illinois.edu
+			- www.perform, registrar from $self *
 
-				- ^
-				- blogs
-				- iefx
-				- it
-				- www		(→ engineering.illinois.edu)
+	* Secured by us
 
-			- exchws
-			- (www.)housing		(→ www-s.housing.illinois.edu)
-			- www-s.housing
-			- mrp			(→ www.mrp.illinois.edu)
-			- www.mrp
-			- internal.ncsa
-			- security.ncsa
-			- parallel
-			- (www.)union
-			- webmail
-
-		- uiuc.edu subdomains:
-
-			- (www.)		(→ illinois.edu)
-			- (www.)ks		(→ www-s.ks.uiuc.edu)
-			- www-s.ks
-			- www-s.mechse
-			- (www.)union		(→ [www.]union.illinois.edu)
+-->
+<ruleset name="Illinois.edu (partial)" default_off="failed ruleset test">
 
-		- (www.)illinoislawreview.org
+	<!--	Direct rewrites:
+				-->
+	<target host="illinois.edu" />
 
+	<target host="intlprograms.aces.illinois.edu" />
+	<target host="secure.aces.illinois.edu" />
+	<target host="shared.aces.illinois.edu" />
+
+	<target host="secure.admin.illinois.edu" />
+	<target host="atmos.illinois.edu" />
+	<target host="www.atmos.illinois.edu" />
+	<target host="auth.illinois.edu" />
+	<target host="autodiscover.illinois.edu" />
+	<target host="box.illinois.edu" />
+	<target host="business.illinois.edu" />
+	<target host="cam.illinois.edu" />
+	<target host="www.cam.illinois.edu" />
+	<target host="i-share.carli.illinois.edu" />
+	<target host="vufind.carli.illinois.edu" />
+	<target host="chbe.illinois.edu" />
+	<target host="www.cio.illinois.edu" />
+
+	<target host="courses.cites.illinois.edu" />
+	<target host="emergency.cites.illinois.edu" />
+	<target host="orbit.cites.illinois.edu" />
+	<target host="passwords.cites.illinois.edu" />
+	<target host="wiki.cites.illinois.edu" />
+	<target host="www.cites.illinois.edu" />
+
+	<target host="citl.illinois.edu" />
+	<target host="www.citl.illinois.edu" />
+	<target host="compass.illinois.edu" />
+	<target host="compass2g.illinois.edu" />
+	<target host="copyright.illinois.edu" />
+	<target host="courses.illinois.edu" />
+	<target host="cs.illinois.edu" />
+
+	<target host="asplos14.cs.illinois.edu" />
+	<target host="graphics.cs.illinois.edu" />
+	<target host="lists.cs.illinois.edu" />
+	<target host="my.cs.illinois.edu" />
+	<target host="orchid.cs.illinois.edu" />
+	<target host="pact14.cs.illinois.edu" />
+
+	<target host="csl.illinois.edu" />
+	<target host="datacenter.illinois.edu" />
+	<target host="www.datacenter.illinois.edu" />
+	<target host="discovery.illinois.edu" />
+	<target host="dps.illinois.edu" />
+	<target host="www.dps.illinois.edu" />
+	<target host="www.earth.illinois.edu" />
+	<target host="my.ece.illinois.edu" />
+	<target host="www.ece.illinois.edu" />
+	<target host="education.illinois.edu" />
+	<target host="emergency.illinois.edu" />
+	<target host="engineering.illinois.edu" />
+	<target host="it.engineering.illinois.edu" />
+
+	<target host="my.engr.illinois.edu" />
+	<target host="wiki.engr.illinois.edu" />
+	<target host="ws.engr.illinois.edu" />
+
+	<target host="enrollmentmanagement.illinois.edu" />
+	<target host="etext.illinois.edu" />
+	<target host="www.etext.illinois.edu" />
+	<target host="exchws.illinois.edu" />
+	<target host="web.extension.illinois.edu" />
+	<target host="geog.illinois.edu" />
+	<target host="www.geog.illinois.edu" />
+	<target host="geology.illinois.edu" />
+	<target host="www.geology.illinois.edu" />
+	<target host="give.illinois.edu" />
+	<target host="giving.illinois.edu" />
+	<target host="go.illinois.edu" />
+	<target host="honors.illinois.edu" />
+
+	<target host="space.housing.illinois.edu" />
+	<target host="web.housing.illinois.edu" />
+	<target host="www-s.housing.illinois.edu" />
+	<target host="humanresources.illinois.edu" />
+	<target host="www.humanresources.illinois.edu" />
+
+	<target host="papercut.ics.illinois.edu" />
+	<target host="ieee.illinois.edu" />
+	<target host="www.igb.illinois.edu" />
+	<target host="illiniunion.illinois.edu" />
+	<target host="www.illiniunion.illinois.edu" />
+	<target host="imba.illinois.edu" />
+	<target host="iti.illinois.edu" />
+	<target host="www.iti.illinois.edu" />
+	<target host="jobs.illinois.edu" />
+	<target host="law.illinois.edu" />
+	<target host="bookstore.law.illinois.edu" />
+	<target host="www.law.illinois.edu" />
+	<target host="legacy.illinois.edu" />
+
+	<target host="cas.lis.illinois.edu" />
+	<target host="courses.lis.illinois.edu" />
+	<target host="support.lis.illinois.edu" />
+	<target host="www.lis.illinois.edu" />
+
+	<target host="lists.illinois.edu" />
+	<target host="mba.illinois.edu" />
+	<target host="mechanical.illinois.edu" />
+	<target host="my.mechse.illinois.edu" />
+	<target host="www.mrp.illinois.edu" />
+
+	<target host="internal.ncsa.illinois.edu" />
+	<target host="security.ncsa.illinois.edu" />
+	<target host="wiki.ncsa.illinois.edu" />
+
+	<target host="netmath.illinois.edu" />
+	<target host="news.illinois.edu" />
+	<target host="npre.illinois.edu" />
+	<target host="my.npre.illinois.edu" />
+	<target host="online.illinois.edu" />
+	<target host="opia.illinois.edu" />
+	<target host="parallel.illinois.edu" />
+	<target host="partnercomputing.illinois.edu" />
+	<target host="paymybill.illinois.edu" />
+	<target host="www.perform.illinois.edu" />
+	<target host="physics.illinois.edu" />
+	<target host="van.physics.illinois.edu" />
+	<target host="proposal.illinois.edu" />
+	<target host="www.proposal.illinois.edu" />
+	<target host="provost.illinois.edu" />
+	<target host="publish.illinois.edu" />
+	<target host="www.publish.illinois.edu" />
+	<target host="internal.psychology.illinois.edu" />
+	<target host="research.illinois.edu" />
+
+	<target host="crb.research.illinois.edu" />
+	<target host="new.research.illinois.edu" />
+	<target host="secure.research.illinois.edu" />
+	<target host="www.research.illinois.edu" />
+
+	<target host="registrar.illinois.edu" />
+
+	<target host="careers.scs.illinois.edu" />
+	<target host="computing.scs.illinois.edu" />
+	<target host="mail.scs.illinois.edu" />
+	<target host="www-s.scs.illinois.edu" />
+
+	<target host="seclab.illinois.edu" />
+	<target host="security.illinois.edu" />
+	<target host="shibboleth.illinois.edu" />
+	<target host="sponsoredprograms.illinois.edu" />
+	<target host="status.illinois.edu" />
+	<target host="strategicplan.illinois.edu" />
+	<target host="studentaffairs.illinois.edu" />
+	<target host="techservices.illinois.edu" />
+	<target host="www.techservices.illinois.edu" />
+	<target host="gargoyle.uni.illinois.edu" />
+	<target host="www.union.illinois.edu" />
+	<target host="uofi.illinois.edu" />
+	<target host="vetmed.illinois.edu" />
+	<target host="webmail.illinois.edu" />
+	<target host="webstore.illinois.edu" />
+	<target host="www.illinois.edu" />
+
+	<!--	Complications:
+				-->
+	<target host="www.business.illinois.edu" />
+	<target host="www.chbe.illinois.edu" />
+	<target host="www.cs.illinois.edu" />
+	<target host="earth.illinois.edu" />
+	<target host="www.engineering.illinois.edu" />
+	<target host="ece.illinois.edu" />
+	<target host="housing.illinois.edu" />
+	<target host="www.housing.illinois.edu" />
+	<target host="lis.illinois.edu" />
+	<target host="mechse.illinois.edu" />
+	<target host="www.mechse.illinois.edu" />
+	<target host="mrp.illinois.edu" />
+	<target host="police.illinois.edu" />
+	<target host="www.studentaffairs.illinois.edu" />
+
+		<!--	Redirects to http:
+						-->
+		<exclusion pattern="^http://illinois\.edu/(?:$|\?)" />
+		<!--
+			404:
+				-->
+		<!--exclusion pattern="^http://illinois.edu/(?:arts(?:/?$|/index\.html)|shortUrl/forward)" /-->
+		<!--
+			More conservatively:
+						-->
+		<exclusion pattern="^http://illinois.edu/(?:arts(?:$|[?/])|shortUrl/forward)" />
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="^http://illinois\.edu/+(?!(?:about|academics|athletics|blog|calendar|facultystaff|[fs]b/sec|international|map/view|outreach|resources|students)(?:$|[?/])|assets2?/|favicon\.ico|lb/files/|\.psg/)" /-->
 
-	Targets solely for wildcard cookies:
+			<!--	+ve:
+					-->
+			<test url="http://illinois.edu/?" />
+			<test url="http://illinois.edu/?foo" />
+			<test url="http://illinois.edu/arts" />
+			<test url="http://illinois.edu/arts/" />
+			<test url="http://illinois.edu/arts/index.html" />
+			<test url="http://illinois.edu/shortUrl/forward" />
+
+			<!--	-ve:
+					-->
+			<test url="http://illinois.edu/about/index.html" />
+			<test url="http://illinois.edu/academics/index.html" />
+			<test url="http://illinois.edu/admissions/index.html" />
+			<test url="http://illinois.edu/assets/css/main.css" />
+			<test url="http://illinois.edu/assets/img/branding/wordmark_vertical_alt.png" />
+			<test url="http://illinois.edu/athletics/index.html" />
+			<test url="http://illinois.edu/blog/view/6231" />
+			<test url="http://illinois.edu/calendar" />
+			<test url="http://illinois.edu/calendar/list/3266" />
+			<test url="http://illinois.edu/ds/search" />
+			<test url="http://illinois.edu/favicon.ico" />
+			<test url="http://illinois.edu/fb/sec" />
+			<test url="http://illinois.edu/fb/sec/1454867" />
+			<test url="http://illinois.edu/international/index.html" />
+			<test url="http://illinois.edu/lb/files/2015/05/05/57019.jpg" />
+			<test url="http://illinois.edu/map/view" />
+			<test url="http://illinois.edu/outreach/index.html" />
+			<test url="http://illinois.edu/parents/index.html" />
+			<test url="http://illinois.edu/resources/contact.html" />
+			<test url="http://illinois.edu/sb/sec" />
+			<test url="http://illinois.edu/sb/sec/3737613" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://union\.illinois\.edu/(?:$|~/|css/|images/)" /-->
+
+		<!--	404:
+				-->
+		<!--exclusion pattern="^http://computing\.scs\.illinois\.edu/image-challenge/2015/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://computing\.scs\.illinois\.edu/+(?!$|\?|content/|misc/|sites/)" />
 
-		- *.blogs.engineering.illinois.edu
-		- *.iefx.engineering.illinois.edu
-		- *.it.engineering.illinois.edu
+			<!--	+ve:
+					-->
+			<test url="http://computing.scs.illinois.edu/image-challenge/2015/" />
+			<test url="http://computing.scs.illinois.edu/index.aspx" />
+			<test url="http://computing.scs.illinois.edu/index.htm" />
+			<test url="http://computing.scs.illinois.edu/index.html" />
+			<test url="http://computing.scs.illinois.edu/index.jsp" />
+			<test url="http://computing.scs.illinois.edu/index.php" />
+
+			<!--	-ve:
+					-->
+			<test url="http://computing.scs.illinois.edu/content/windows-xp-end-life-notification" />
+			<test url="http://computing.scs.illinois.edu/misc/feed.png" />
+			<test url="http://computing.scs.illinois.edu/modules/system/system.css" />
+			<test url="http://computing.scs.illinois.edu/sites/default/files/NavEndBar.gif" />
+			<test url="http://computing.scs.illinois.edu/software/gaussian" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.scs\.illinois\.edu/$" /-->
+		<!--
+			404:
+				-->
+		<!--exclusion pattern="^http://(?:www\.)?scs\.illinois\.edu/(?:css|scs-images)/" /-->
+
+			<!--	+ve:
+					-->
+			<!--test url="http://www.scs.illinois.edu/css/scs_int.css" /-->
+			<!--test url="http://www.scs.illinois.edu/scs-images/scs_logo.gif" /-->
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://vetmed\.illinois\.edu/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://vetmed\.illinois\.edu/+(?!wp-content/)" />
 
+			<!--	+ve:
+					-->
+			<test url="http://vetmed.illinois.edu/directory/" />
+			<test url="http://vetmed.illinois.edu/intranet/" />
 
-	This is the result of a cursory trawl.
-	There is much, much more to add.
+			<!--	-ve:
+					-->
+			<test url="http://vetmed.illinois.edu/wp-content/themes/vetmed/img/splash-logo.png" />
 
--->
-<ruleset name="University of Illinois at Urban-Champaign (partial)" platform="mixedcontent">
 
-	<target host="illinois.edu" />
-	<target host="*.illinois.edu" />
-	<target host="illinoislawreview.org" />
-	<target host="www.illinoislawreview.org" />
-	<target host="uiuc.edu" />
-	<target host="*.uiuc.edu" />
-
-
-	<!--	Don't match www, just in case cookies set on
-		securable www pages are needed on unsecurable ones.
-
-		Observed cookies (.illinois.edu):
-
-			- business
-			- .chbe
-			- .engineering
-			- .blogs.engineering
-			- .iefx.engineering
-			- .it.engineering
-			- www-s.housing
-			- mrp
+	<!--	Not secured by server:
 					-->
-	<securecookie host="^.*[^w]\.illinois\.edu$" name=".+" />
-	<securecookie host="^www-s\.mechse\.uiuc\.edu$" name=".+" />
+	<!--securecookie host="^\.(?:chbe|cs|www\.igb|npre|parallel)\.illinois\.edu$" name="^SESS[\da-f]{32}$" /-->
+	<!--securecookie host="aslpos14\.cs\.illinois\.edu$" name="^(?:CRPTestCookie|asplos2014_r)$" /-->
+	<!--securecookie host="pact14\.cs\.illinois\.edu$" name="^(?:CRPTestCookie|cspact2014_db)$" /-->
 
+	<securecookie host=".\.illinois\.edu$" name=".+" />
 
-	<rule from="^https?://(?:www\.)?(?:illinois|uiuc)\.edu/(about/about\.html|academics/academics\.html|assets2?/|athletics/athletics\.html|favicon\.ico|\.psg/)"
-		to="https://illinois.edu/$1" />
 
-	<rule from="^http://(secure\.admin|autodiscover|www1\.business|exchws|(?:internal|security)\.ncsa|webmail)\.illinois\.edu/"
+	<rule from="^http://www\.(business|chbe|cs|engineering|studentaffairs)\.illinois\.edu/"
 		to="https://$1.illinois.edu/" />
 
-	<rule from="^https?://(?:www\.)?(business|chbe)\.illinois\.edu/"
-		to="https://$1.illinois.edu/" />
-
-	<rule from="^https?://(?:cs|npre)\.illinois\.edu/sites/"
-		to="https://chbe.illinois.edu/sites/" />
-
-	<rule from="^https?://(?:((?:blogs|iefx|it)\.)|www\.)?engineering\.illinois\.edu/"
-		to="https://$1engineering.illinois.edu/" />
+	<rule from="^http://(earth|ece|lis|mrp)\.illinois\.edu/"
+		to="https://www.$1.illinois.edu/" />
 
-	<rule from="^https?://(?:www(?:-s)?\.)?housing\.illinois\.edu/"
+	<rule from="^http://(?:www\.)?housing\.illinois\.edu/"
 		to="https://www-s.housing.illinois.edu/" />
 
-	<rule from="^https?://(?:www\.)?mrp\.illinois\.edu/"
-		to="https://www.mrp.illinois.edu/" />
-
-	<rule from="^http://parallel\.illinois\.edu/sites/"
-		to="https://parallel.illinois.edu/sites/" />
-
-	<rule from="^https://(www\.)?union\.(?:uiuc|illinois)\.edu/"
-		to="https://$1union.illinois.edu/" />
-
-	<rule from="^http://(www\.)?illinoislawreview\.org/"
-		to="https://$1illinoislawreview.org/" />
+	<rule from="^http://(?:www\.)?mechse\.illinois\.edu/"
+		to="https://mechanical.illinois.edu/" />
 
-	<rule from="^https?://(?:www(?:-s)?\.)?ks\.uiuc\.edu/"
-		to="https://www-s.ks.uiuc.edu/" />
+	<rule from="^http://police\.illinois\.edu/"
+		to="https://dps.illinois.edu/" />
 
-	<!--	www 302s to mechse.illinois.edu.
-							-->
-	<rule from="^http://www-s\.mechse\.uiuc\.edu/"
-		to="https://www-s.mechse.uiuc.edu/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/University-of-Kansas.xml b/src/chrome/content/rules/University-of-Kansas.xml
index 50c991b7030c..c17d7b0271c1 100644
--- a/src/chrome/content/rules/University-of-Kansas.xml
+++ b/src/chrome/content/rules/University-of-Kansas.xml
@@ -1,10 +1,10 @@
-<ruleset name="University of Kansas (parial)">
+<ruleset name="University of Kansas (partial)">
 
-	<target host="*.ku.edu" />
 	<target host="assets.drupal.ku.edu" />
+	<target host="technology.ku.edu" />
+	<target host="web.ku.edu" />
 
 
-	<rule from="^http://(assets\.drupal|technology|web)\.ku\.edu/"
-		to="https://$1.ku.edu/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/University-of-Manitoba.xml b/src/chrome/content/rules/University-of-Manitoba.xml
index b2932be69adb..ab1e9c2cbffe 100644
--- a/src/chrome/content/rules/University-of-Manitoba.xml
+++ b/src/chrome/content/rules/University-of-Manitoba.xml
@@ -2,7 +2,7 @@
 	Nonfunctional domains:
 
 
-		- umanitoba.ca subdomains: 
+		- umanitoba.ca subdomains:
 
 			- crscalprod1.cc
 			- fasprod.cc		(interrupted)
@@ -13,11 +13,19 @@
 <ruleset name="University of Manitoba (partial)" platform="mixedcontent">
 
 	<target host="umanitoba.ca" />
-	<target host="*.umanitoba.ca" />
-	<target host="*.cc.umanitoba.ca" />
-
-
-	<rule from="^http://((?:aurora|(?:angel|baninb1|home|webapps|webware|wiki)\.cc|iridium|jump|myuminfo|www)\.)?umanitoba\.ca/"
-		to="https://$1umanitoba.ca/" />
+	<target host="aurora.umanitoba.ca" />
+	<target host="angel.cc.umanitoba.ca" />
+	<target host="baninb1.cc.umanitoba.ca" />
+	<target host="home.cc.umanitoba.ca" />
+	<target host="webapps.cc.umanitoba.ca" />
+	<target host="webware.cc.umanitoba.ca" />
+	<target host="wiki.cc.umanitoba.ca" />
+	<target host="iridium.umanitoba.ca" />
+	<target host="jump.umanitoba.ca" />
+	<target host="myuminfo.umanitoba.ca" />
+	<target host="www.umanitoba.ca" />
+
+
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/University-of-Mary-Washington-blogs.xml b/src/chrome/content/rules/University-of-Mary-Washington-blogs.xml
index 00ae788f5f55..90ae590e274c 100644
--- a/src/chrome/content/rules/University-of-Mary-Washington-blogs.xml
+++ b/src/chrome/content/rules/University-of-Mary-Washington-blogs.xml
@@ -7,23 +7,17 @@
 	<!--	Cert: (www.)umwblogs.org	-->
 	<target host="mcclurken.org" />
 	<target host="www.mcclurken.org" />
-	<target host="eagleeye.umw.edu" />
-	<target host="jamesfarmer.umw.edu" />
+
 	<target host="umwblogs.org" />
 	<target host="*.umwblogs.org" />
 
+	<securecookie host="^(?:.*\.)?umwblogs\.org$" name=".+" />
 
-	<securecookie host="^(.*\.)?umwblogs\.org$" name=".*" />
-
-
-	<rule from="^https?://(?:www\.)?mcclurken\.org/"
+	<rule from="^http://(?:www\.)?mcclurken\.org/"
 		to="https://mcclurken.org/" />
 
-	<rule from="^http://(eagleeye|jamesfarmer)\.umw\.edu/"
-		to="https://$1.umw.edu/" />
-
 	<!--	www redirects to !www.	-->
-	<rule from="^https?://(?:www\.)?umwblogs\.org/"
+	<rule from="^http://(?:www\.)?umwblogs\.org/"
 		to="https://umwblogs.org/" />
 
 	<!--	Each blog has a unique subdomain.	-->
diff --git a/src/chrome/content/rules/University-of-Mary-Washington.xml b/src/chrome/content/rules/University-of-Mary-Washington.xml
index b4d3682292e5..d1b0bfa7078b 100644
--- a/src/chrome/content/rules/University-of-Mary-Washington.xml
+++ b/src/chrome/content/rules/University-of-Mary-Washington.xml
@@ -4,25 +4,46 @@
 		- University-of-Mary-Washington-blogs.xml
 
 
-	eagleeye.umw.edu & jamesfarmer.umw.edu are handled in University-of-Mary-Washington-blogs.xml.
-
-
 	Nonfunctional domains:
 
 		- www.library.umw.edu
 		- (www.)umweagles.com
 
+	Mixed content:
+		eagleeye.umw.edu
+
 -->
 <ruleset name="University of Mary Washington (partial)">
 
 	<target host="umw.edu" />
-	<target host="*.umw.edu" />
-
-
-	<securecookie host="^.*\.umw\.edu$" name=".*" />
-
-
-	<rule from="^http://((?:academics|adminfinance|admissions|advancement|athletics|business|cas|dahlgren|diversity|eaglenet|economicdevelopment|(?:educ|found)ation|giving|libraries|president|provost|publications|research|sacs|students|sustainability|technology|www)\.)?umw\.edu/"
-		to="https://$1umw.edu/" />
+	<target host="www.umw.edu" />
+	<target host="academics.umw.edu" />
+	<target host="adminfinance.umw.edu" />
+	<target host="admissions.umw.edu" />
+	<target host="advancement.umw.edu" />
+	<target host="athletics.umw.edu" />
+	<target host="business.umw.edu" />
+	<target host="cas.umw.edu" />
+	<target host="dahlgren.umw.edu" />
+	<target host="diversity.umw.edu" />
+	<target host="economicdevelopment.umw.edu" />
+	<target host="education.umw.edu" />
+	<target host="foundation.umw.edu" />
+	<target host="giving.umw.edu" />
+	<target host="jamesfarmer.umw.edu" />
+	<target host="libraries.umw.edu" />
+	<target host="president.umw.edu" />
+	<target host="provost.umw.edu" />
+	<target host="publications.umw.edu" />
+	<target host="research.umw.edu" />
+	<target host="sacs.umw.edu" />
+	<target host="students.umw.edu" />
+	<target host="sustainability.umw.edu" />
+	<target host="technology.umw.edu" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/University-of-Maryland.xml b/src/chrome/content/rules/University-of-Maryland.xml
index c3758e818fe5..deacfe7cc02c 100644
--- a/src/chrome/content/rules/University-of-Maryland.xml
+++ b/src/chrome/content/rules/University-of-Maryland.xml
@@ -1,16 +1,373 @@
+
 <!--
-	Partially covered subdomains:
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.eng.umd.edu/ => https://www.eng.umd.edu/: (51, "SSL: no alternative certificate subject name matches target host name 'www.eng.umd.edu'")
+Fetch error: http://inform.umd.edu/ => https://inform.umd.edu/: (7, 'Failed to connect to inform.umd.edu port 443: Connection refused')
+Fetch error: http://www.inform.umd.edu/ => https://www.inform.umd.edu/: (7, 'Failed to connect to www.inform.umd.edu port 443: Connection refused')
+Fetch error: http://irpa.umd.edu/ => https://irpa.umd.edu/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.irpa.umd.edu/ => https://www.irpa.umd.edu/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://urhome.umd.edu/ => https://urhome.umd.edu/: (51, "SSL: no alternative certificate subject name matches target host name 'urhome.umd.edu'")
+Fetch error: http://www.urhome.umd.edu/ => https://www.urhome.umd.edu/: (51, "SSL: no alternative certificate subject name matches target host name 'www.urhome.umd.edu'")
+
+	University of Maryland
+
+
+	CDN buckets:
+
+		- s3.amazonaws.com/wrapper.umd.edu/
+
+
+	Nonfunctional hosts in *umd.edu:
+
+		- afrotc	Redirects to http
+		- agnr ¹
+		- alumni ¹
+		- (www.)?armyrotc ²
+		- calendar	503
+		- (www.)?counseling ²
+		- www.careercenter ¹
+		- www.crs ¹
+		- www.cvs ²
+		- dssonline ¹
+		- golf	Handshake fails
+		- kb ³
+		- mith ⁴
+		- (www.)?my ²
+		- (www.)nethics ⁴
+		- (www.)password ²
+		- (www.)president ²
+		- publicsafety		Handshake fails
+		- recwell ¹
+		- registrar ²
+		- (www.)sas ⁵
+		- shc			404
+		- (www.)?start ²
+		- (www.)?studentsuccess ²
+		- www.tce ⁵
+		- (www.)terp ⁶
+		- (www.)?terpgolf	Handshake fails
+		- (www.)terpvision ²
+		- (www.)testudo ⁵
+		- thestamp
+		- (www.)transportation ⁷
+		- (www.)?tutoring ²
+
+	¹ Dropped
+	² Redirects to www
+	³ Plaintext reply
+	⁴ Refused
+	⁵ 401
+	⁶ Shows default page
+	⁷ 500
+
+
+	Problematic hosts in *umd.edu:
+
+		- (www.)?alumni ¹
+		- ares ¹
+		- commencement ¹
+		- www.giving ¹
+		- innovation ¹
+		- lib ¹
+		- password *
+		- www.thestamp ¹
+
+	¹ Mismatched
+	* Redirects to www
+
+
+	Partially covered hosts in *umd.edu:
+
+		- (www.)helpdesk ¹
+		- kb ³			(→ www.itsc)
+		- ldap ¹
+		- www.lib ⁴
+		- (www.)provost ¹
+		- terpconnect ²
+		- thestamp ⁴
+
+	¹ Avoiding broken MCB
+	³ $ doesn't redirect
+	⁴ $ redirects to http
+	² Some data differ from http
+
+
+	These altnames don't exist:
+
+		- sis.umd.edu
+
+
+	These altnames don't exist:
+
+		- suap01cms.ad.umd.edu
+		- www.ldap.umd.edu
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- umd.edu
+		- ejobs.umd.edu
+		- id-card.umd.edu
+		- login.umd.edu
+		- provost.umd.edu
+		- www.provost.umd.edu
+		- .www.umd.edu
+		- www.umd.edu
+
+
+	Mixed content:
+
+		- css, on:
+
+			- commencement from fonts.googleapis.com *
+			- commencement from $self
+			- helpdesk, ldap from www *
+			- www.provost from $self *
+
+		- Images, on:
 
-		- terpconnect	(some data differ from http)
+			- (www.)? from s3.amazonaws.com *
+			- commencement from $self
+			- ldap from www *
+			- (www.)provost from $self *
+			- (www.)?urhome from urhome.umd.edu *
+
+	* Secured by us
 
 -->
-<ruleset name="University of Maryland (partial)">
+<ruleset name="UMd.edu (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="umd.edu" />
+	<target host="advancement.umd.edu" />
+	<target host="arch.umd.edu" />
+	<target host="www.arch.umd.edu" />
+	<target host="carma.astro.umd.edu" />
+	<target host="catalog.umd.edu" />
+	<target host="cgi.umd.edu" />
+	<target host="courseevalum.umd.edu" />
+	<target host="www.courseevalum.umd.edu" />
+	<target host="cs.umd.edu" />
+
+	<target host="undergrad.cs.umd.edu" />
+	<target host="webapps.cs.umd.edu" />
+	<target host="www.cs.umd.edu" />
+
+	<target host="directory.umd.edu" />
+	<target host="www.directory.umd.edu" />
+	<target host="ejobs.umd.edu" />
+	<target host="eng.umd.edu" />
+	<target host="www.eng.umd.edu" />
+	<target host="helpdesk.umd.edu" />
+	<target host="www.helpdesk.umd.edu" />
+	<target host="giving.umd.edu" />
+	<target host="glue.umd.edu" />
+	<target host="www.glue.umd.edu" />
+	<target host="gradschool.umd.edu" />
+	<target host="www.gradschool.umd.edu" />
+	<target host="id-card.umd.edu" />
+	<target host="inform.umd.edu" />
+	<target host="www.inform.umd.edu" />
+	<target host="irpa.umd.edu" />
+	<target host="www.irpa.umd.edu" />
+	<target host="it.umd.edu" />
+	<target host="www.it.umd.edu" />
+	<target host="itsc.umd.edu" />
+	<target host="www.itsc.umd.edu" />
+	<!--target host="ldap.umd.edu" /-->
+	<target host="aeon.lib.umd.edu" />
+	<target host="www.lib.umd.edu" />
+	<target host="login.umd.edu" />
+	<target host="mirror.umd.edu" />
+	<target host="mydrl.umd.edu" />
+	<target host="ntst.umd.edu" />
+	<target host="oes.umd.edu" />
+	<target host="www.oes.umd.edu" />
+	<target host="oit.umd.edu" />
+	<target host="www.oit.umd.edu" />
+	<target host="one.umd.edu" />
+	<target host="provost.umd.edu" />
+	<target host="www.provost.umd.edu" />
+	<target host="researchport.umd.edu" />
+	<target host="www.sis.umd.edu" />
+	<target host="terpconnect.umd.edu" />
+	<target host="thestamp.umd.edu" />
+	<target host="ugst.umd.edu" />
+	<target host="www.ugst.umd.edu" />
+	<target host="umdrightnow.umd.edu" />
+	<target host="www.umdrightnow.umd.edu" />
+	<target host="umiacs.umd.edu" />
+	<target host="wiki.umiacs.umd.edu" />
+	<target host="www.umiacs.umd.edu" />
+	<target host="urhome.umd.edu" />
+	<target host="www.urhome.umd.edu" />
+	<target host="was-3.umd.edu" />
+	<target host="www.umd.edu" />
+
+	<!--	Complications:
+				-->
+	<target host="ares.umd.edu" />
+	<target host="www.giving.umd.edu" />
+	<target host="kb.umd.edu" />
+	<!--target host="lib.umd.edu" /-->
+	<target host="password.umd.edu" />
+	<target host="www.thestamp.umd.edu" />
+
+		<!--	Avoid false/broken MCB:
+						-->
+		<exclusion pattern="^http://helpdesk\.umd\.edu/+(?!favicon\.ico|images/|web\.support/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://helpdesk.umd.edu/contact/" />
+			<test url="http://helpdesk.umd.edu/fpGlobalAlerts/" />
+			<test url="http://helpdesk.umd.edu/podcast/" />
+			<test url="http://helpdesk.umd.edu/menus/menu1/" />
+
+			<!--	-ve:
+					-->
+			<test url="http://helpdesk.umd.edu/favicon.ico" />
+
+		<exclusion pattern="^http://kb\.umd\.edu/+(?!\d)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://kb.umd.edu/index.htm" />
+			<test url="http://kb.umd.edu/index.php" />
+
+			<!--	-ve:
+					-->
+			<test url="http://kb.umd.edu/6158" />
+			<test url="http://kb.umd.edu/6509" />
+			<test url="http://kb.umd.edu/59754" />
+			<test url="http://kb.umd.edu/178176" />
+			<test url="http://kb.umd.edu/198541" />
+			<test url="http://kb.umd.edu/229273" />
+
+		<!--exclusion pattern="^http://ldap\.umd\.edu/+(?!favicon\.ico|images/|Pictures/)" /-->
+
+		<!--	Redirect to http:
+						-->
+		<!--exclusion pattern="^http://www\.lib\.umd\.edu/($|favicon\.ico)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.lib\.umd\.edu/+(?!binaries/|css/|images/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.lib.umd.edu/PUBSERV/spcmck.html" />
+			<test url="http://www.lib.umd.edu/tl/guides/assignment" />
+			<test url="http://www.lib.umd.edu/tl/guides/evaluating-checklist" />
+			<test url="http://www.lib.umd.edu/tl/guides/grad" />
+
+		<exclusion pattern="^http://www\.provost\.umd\.edu/+(?!favicon\.ico|images/|includes/|masthead\.jpg|photos/|resources/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.provost.umd.edu/about/rankin.cfm" />
+			<test url="http://www.provost.umd.edu/about/senior-staff.cfm" />
+			<test url="http://www.provost.umd.edu/calendar/" />
+			<test url="http://www.provost.umd.edu/calendar/14.html" />
+			<test url="http://www.provost.umd.edu/contact_us.cfm" />
+			<test url="http://www.provost.umd.edu/implement.cfm" />
+			<test url="http://www.provost.umd.edu/mission_statement.cfm" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.provost.umd.edu/favicon.ico" />
+			<test url="http://www.provost.umd.edu/includes/screen.css" />
+			<test url="http://www.provost.umd.edu/images/mpower.jpg" />
+			<test url="http://www.provost.umd.edu/masthead.jpg" />
+
+		<!--	404:
+				-->
+		<!--exclusion pattern="^http://(www\.)?start\.umd\.edu/gtd/images/" /-->
+		<!--
+			Redirects tp http:
+						-->
+		<!--exclusion pattern="^http://(www\.)?start\.umd\.edu/gtd/$" /-->
 
-	<target host="*.umd.edu" />
 		<exclusion pattern="^http://terpconnect\.umd\.edu/(?!~)" />
 
+			<!--	+ve:
+					-->
+			<test url="http://terpconnect.umd.edu//" />
+
+			<!--	-ve:
+					-->
+			<test url="http://terpconnect.umd.edu/~baforman/" />
+
+		<!--	Redirects tp http:
+						-->
+		<!--exclusion pattern="^http://thestamp\.umd\.edu/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://thestamp\.umd\.edu/+(?!DesktopModules/|[Pp]ortals/(?:_default/Skins/|_default/default\.css|0/Documents/|0/Images/|0/[^/]*\.(?:jp|pn)g)|favicon\.ico|icons/|images/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://thestamp.umd.edu/Food/Adeles" />
+			<test url="http://thestamp.umd.edu/event_guest_services" />
+			<test url="http://thestamp.umd.edu/food_shops_and_services/stamp_gratis_program" />
+			<test url="http://thestamp.umd.edu/graduate_student_life" />
+			<test url="http://thestamp.umd.edu/leadership_community_service-learning" />
+			<test url="http://thestamp.umd.edu/leadership_community_service-learning/academic_opportunities/faculty_service-learning/defining_service-learning_and_its_importance" />
+			<test url="http://thestamp.umd.edu/multicultural_involvement_community_advocacy/programs/inclusive_language" />
+			<test url="http://thestamp.umd.edu/sorc" />
+			<test url="http://thestamp.umd.edu/special_events_programs/all_niter/schedule_of_events" />
+			<test url="http://thestamp.umd.edu/student_org_resource_center_sorc/contact_us" />
+			<test url="http://thestamp.umd.edu/the_stamp_student_union" />
+			<test url="http://thestamp.umd.edu/the_stamp_student_union/directions_to_stamp/building_map" />
+			<test url="http://thestamp.umd.edu/the_stamp_student_union/employment" />
+
+			<!--	+ve:
+					-->
+			<test url="http://thestamp.umd.edu/DesktopModules/EasyDNNRotator/Controls/ChameleonRotator/static/common/base.css" />
+			<test url="http://thestamp.umd.edu/Portals/0/Documents/Stamp%20Employmnt/W-4%20Instructions.pdf" />
+			<test url="http://thestamp.umd.edu/Portals/0/the_stamp_logo.png" />
+			<test url="http://thestamp.umd.edu/Portals/_default/Skins/Hestia/stylesheets/bootstrap_custom.css" />
+			<test url="http://thestamp.umd.edu/Portals/_default/default.css" />
+			<test url="http://thestamp.umd.edu/favicon.ico" />
+			<test url="http://thestamp.umd.edu/icons/Sigma/Action_16X16_Standard.png" />
+			<test url="http://thestamp.umd.edu/images/UpcomingPrograms/Stamp_Gratis_card.png" />
+			<test url="http://thestamp.umd.edu/images/social_media/fb_icon.png" />
+			<test url="http://thestamp.umd.edu/portals/0/Images/Marketing/Sponsors/University%20View.png" />
+			<test url="http://thestamp.umd.edu/portals/0/Main%20Logo-website-01.jpg" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.?(www\.)?umd\.edu$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^ejobs\.umd\.edu$" name="^(?:_applicant_portal_session_1$|BIGipServer)" /-->
+	<!--securecookie host="^(?:id-card|login)\.umd\.edu$" name="^BIGipServer" /-->
+	<!--securecookie host="^(www\.)?provost\.umd\.edu$" name="^(CFID|CFTOKEN)$" /-->
 
-	<rule from="^http://(carma\.astro|(?:www\.)?eng|terpconnect)\.umd\.edu/"
+	<securecookie host="^(?:(?:ejobs|id-card|login|www)\.)?umd\.edu$" name=".+" />
+
+
+	<rule from="^http://ares\.umd\.edu/"
+		to="https://was-3.umd.edu/" />
+
+	<rule from="^http://www\.(giving|thestamp)\.umd\.edu/"
 		to="https://$1.umd.edu/" />
 
+	<!--	Redirect drops args:
+					-->
+	<rule from="^http://kb\.umd\.edu/+(\d+)(?:\?.*)?"
+		to="https://www.itsc.umd.edu/MRcgi/MRTicketPage.pl?USER=&amp;MRP=0&amp;PROJECTID=1&amp;MR=$1" />
+
+	<!--	Redirect drops path but not args:
+							-->
+	<rule from="^http://password\.umd\.edu/[^?]*"
+		to="https://www.it.umd.edu/password" />
+
+		<test url="http://password.umd.edu/index.htm?foo" />
+		<test url="http://password.umd.edu/index.php" />
+
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/University-of-Massachusetts-Amherst-mismatches.xml b/src/chrome/content/rules/University-of-Massachusetts-Amherst-mismatches.xml
index 848e4ac314d0..90d27a857a00 100644
--- a/src/chrome/content/rules/University-of-Massachusetts-Amherst-mismatches.xml
+++ b/src/chrome/content/rules/University-of-Massachusetts-Amherst-mismatches.xml
@@ -2,7 +2,7 @@
 	For rules that are on by default, see University-of-Massachusetts-Amherst.xml.
 
 -->
-<ruleset name="University of Massachusetts Amherst (mismatches)" default_off="mismatch">
+<ruleset name="University of Massachusetts Amherst (mismatches)" default_off="mismatched">
 
 	<!--	Cert: *.cstv.com
 				-->
@@ -16,10 +16,10 @@
 		- !www 301s to www
 		- umassathletics.cstv.com 301s back
 						-->
-	<rule from="^https?://(?:www\.)?umassathletics\.com/"
+	<rule from="^http://(?:www\.)?umassathletics\.com/"
 		to="https://www.umassathletics.com/" />
 
-	<rule from="^https?://(?:www\.)?umassmag\.com/"
+	<rule from="^http://(?:www\.)?umassmag\.com/"
 		to="https://umassmag.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/University-of-Massachusetts-Amherst.xml b/src/chrome/content/rules/University-of-Massachusetts-Amherst.xml
index 861565a418e0..53daf1996b8a 100644
--- a/src/chrome/content/rules/University-of-Massachusetts-Amherst.xml
+++ b/src/chrome/content/rules/University-of-Massachusetts-Amherst.xml
@@ -23,26 +23,31 @@
 
 	<target host="umassathletics.cstv.com" />
 	<target host="umass.edu" />
-	<target host="*.umass.edu" />
-	<target host="*.oit.umass.edu" />
-	<target host="*.spire.umass.edu" />
+	<target host="blogs.umass.edu" />
+	<target host="moodle.umass.edu" />
+	<target host="oit.umass.edu" />
+	<target host="hds.oit.umass.edu" />
+	<target host="hds05.oit.umass.edu" />
+	<target host="spark.oit.umass.edu" />
+	<target host="udrive.oit.umass.edu" />
+	<target host="umail.oit.umass.edu" />
+	<target host="umweb-3.oit.umass.edu" />
+	<target host="www.oit.umass.edu" />
+	<target host="webapp.spire.umass.edu" />
+	<target host="www.spire.umass.edu" />
+	<target host="umii.umass.edu" />
+	<target host="www.umii.umass.edu" />
 	<!--	* for cross-domain cookie.	-->
-	<target host="*.umii.umass.edu" />
 	<target host="umassulearn.net" />
 	<target host="www.umassulearn.net" />
 
 
-	<securecookie host="^.*\.umass\.edu$" name=".*" />
-	<securecookie host="^www\.umassulearn\.net$" name=".*" />
+	<securecookie host="^.*\.umass\.edu$" name=".+" />
+	<securecookie host="^www\.umassulearn\.net$" name=".+" />
 
 
-	<rule from="^http://umassathletics\.cstv\.com/"
-		to="https://umassathletics.cstv.com/" />
 
-	<rule from="^http://((?:blogs|moodle|(?:(?:hds|hds05|spark|udrive|umail|umweb-3|www)\.)?oit|(?:webapp|www)\.spire|umii|www\.umii)\.)?umass\.edu/"
-		to="https://$1umass.edu/" />
 
-	<rule from="^http://(www\.)?umassulearn\.net/"
-		to="https://$1umassulearn.net/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/University-of-Michigan.xml b/src/chrome/content/rules/University-of-Michigan.xml
index de44d6f337bc..c9a859fffa48 100644
--- a/src/chrome/content/rules/University-of-Michigan.xml
+++ b/src/chrome/content/rules/University-of-Michigan.xml
@@ -1,10 +1,14 @@
 <!--
+	University of Michigan
+
+
 	Nonfunctional umich.edu subdomains:
 
-		- (www.) *
 		- (www.)bi			(CN: www.businessintelligence.umich.edu; 302s there)
 		- (www.)businessintelligence *
 		- (www.)cio *
+		- visicad.eecs		(shows photon.eecs)
+		- (www.)engin ³
 		- (www.)solarcar.engin *
 		- rcgd.isr **
 		- itcs ***
@@ -22,10 +26,15 @@
 		- orsp
 		- (www.)provost *
 		- (www.)regents *
+		- arc.research *
+		- (www.)?safecomputing *
+		- spg *
 		- (www.)sustainablecomputing ***
+		- groups.engin.umd **
 		- www-personal *
 
 	* Redirects to weblogin
+	³ Redirects to http
 	** Times out
 	*** record_too_long
 
@@ -34,30 +43,89 @@
 
 		- cse			(cert only matches www.cse)
 		- www.ctools		(cert only matches ^ctools)
+		- photon.eecs ³
+		- law ¹
 		- lsa			(cert only matches *.lsa)
 		- www.weblogin		(cert only matches ^weblogin)
 
+	¹ Mismatched
+	³ Expired, self-signed
+
 
 	Fully covered subdomains:
 
+		- (www.)
 		- (www.)cse	(^ → www)
+		- web.eecs
+		- password.it
+		- accounts.itcs
+		- friend.weblogin
+		- accounts.www
 
--->
-<ruleset name="University of Michigan (partial)">
 
-	<target host="*.umich.edu" />
+	Insecure cookies are set for these hosts:
 
+		- password.it.umich.edu
+		- friend.weblogin.umich.edu
 
-	<securecookie host="^.+\.umich\.edu$" name=".+" />
+-->
+<ruleset name="UMich.edu (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="umich.edu" />
+	<target host="www.umich.edu" />
+		<exclusion pattern="^http://(www\.)?umich.edu/~" />
+			<test url="http://umich.edu/~historyj/" />
+			<test url="http://www.umich.edu/~cses/" />
+			<test url="http://www.umich.edu/~ocm/" />
+
+	<target host="www.cse.umich.edu" />
+	<target host="ctools.umich.edu" />
+
+	<target host="eecs.umich.edu" />
+	<target host="web.eecs.umich.edu" />
+	<target host="www.eecs.umich.edu" />
+
+	<target host="eram.umich.edu" />
+	<target host="eresearch.umich.edu" />
+	<target host="erpm.umich.edu" />
+	<target host="password.it.umich.edu" />
+	<target host="accounts.itcs.umich.edu" />
+	<!--target host="law.umich.edu" /-->
+	<target host="www.law.umich.edu" />
+	<target host="www.lsa.umich.edu" />
+	<target host="webapps.lsa.umich.edu" />
+	<target host="weblogin.umich.edu" />
+	<target host="wolverineaccess.umich.edu" />
+
+	<!--	Complications:
+				-->
+	<target host="cse.umich.edu" />
+	<target host="www.ctools.umich.edu" />
+	<target host="lsa.umich.edu" />
+	<target host="www.weblogin.umich.edu" />
+	<target host="friend.weblogin.umich.edu" />
+	<target host="accounts.www.umich.edu" />
+
+		<!--exclusion pattern="^http://((photon|visicad)\.eecs|(www\.)?engin|arc\.research)\.umich\.edu/" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^password\.it\.umich\.edu$" name="^PWMCOOKIE$" /-->
+	<!--securecookie host="^friend\.weblogin\.umich\.edu$" name="^cookies$" /-->
 
+	<securecookie host="^.+\.umich\.edu$" name=".+" />
 
-	<rule from="^http://(eram|eresearch|erpm|friend|(www\.)?law|webapps\.lsa|servicerequest|wolverineaccess)\.umich\.edu/"
-		to="https://$1.umich.edu/" />
 
-	<rule from="^http://(?:www\.)?cse\.umich\.edu/"
-		to="https://www.cse.umich.edu/" />
+	<rule from="^http://(cse|lsa)\.umich\.edu/"
+		to="https://www.$1.umich.edu/" />
 
-	<rule from="^http://(?:www\.)?(ctools|lsa|weblogin)\.umich\.edu/"
+	<rule from="^http://www\.(ctools|weblogin)\.umich\.edu/"
 		to="https://$1.umich.edu/" />
 
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/University-of-Minho-mismatches.xml b/src/chrome/content/rules/University-of-Minho-mismatches.xml
index c2c7efe65cbc..39cd2d760a18 100644
--- a/src/chrome/content/rules/University-of-Minho-mismatches.xml
+++ b/src/chrome/content/rules/University-of-Minho-mismatches.xml
@@ -2,6 +2,6 @@
 
 	<target host="cesium.di.uminho.pt"/>
 
-	<rule from="^http://cesium\.di\.uminho\.pt/" to="https://cesium.di.uminho.pt/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/University-of-Minnesota.xml b/src/chrome/content/rules/University-of-Minnesota.xml
index 704622d6a15e..d51cba3733fc 100644
--- a/src/chrome/content/rules/University-of-Minnesota.xml
+++ b/src/chrome/content/rules/University-of-Minnesota.xml
@@ -1,9 +1,21 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://mathinstitutes.ima.umn.edu/ => https://mathinstitutes.ima.umn.edu/: (28, 'Connection timed out after 20001 milliseconds')
+Non-2xx HTTP code: http://www1.umn.edu/ (200) => https://www1.umn.edu/ (404)
+
+	University of Minnesota
+
+
 	Nonfunctional subdomains:
 
+		- mirror.cs ¹
+		- mailman.cs ¹
 		- www.cs		(dropped)
 		- glaros.dtc
 
+	¹ Dropped
+
 
 	Problematic subdomains:
 
@@ -17,6 +29,7 @@
 		- www.dtc
 		- mathinstitutes.ima
 		- www1
+		- onestop
 
 
 	Observed cookie domains:
@@ -31,18 +44,32 @@
 	* Secured by us
 
 -->
-<ruleset name="University of Minnesota (partial)">
+<ruleset name="UMN.edu (partial)" default_off="failed ruleset test">
 
-	<target host="*.umn.edu" />
+	<!--	Direct rewrites:
+				-->
+	<target host="shadow.cs.umn.edu" />
+	<target host="www.dtc.umn.edu" />
+	<target host="hhh.umn.edu" />
+	<target host="www.hhh.umn.edu" />
+	<target host="mathinstitutes.ima.umn.edu" />
+	<target host="onestop.umn.edu" />
+	<target host="www1.umn.edu" />
 
+	<!--	Special cases:
+				-->
+	<target host="dtc.umn.edu" />
+
+		<!--exclusion pattern="^http://mirror\.cs\.umn\.edu/" /-->
 
-	<securecookie host="^www\.dtc\.umn\.edu$" name=".+" />
 
+	<securecookie host="^www\.dtc\.umn\.edu$" name=".+" />
 
-	<rule from="^http://(shadow\.cs|hhh|www\.hhh|mathinstitutes\.ima|www1)\.umn\.edu/"
-		to="https://$1.umn.edu/" />
 
-	<rule from="^http://(?:www\.)?dtc\.umn\.edu/"
+	<rule from="^http://dtc\.umn\.edu/"
 		to="https://www.dtc.umn.edu/" />
 
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/University-of-North-Texas.xml b/src/chrome/content/rules/University-of-North-Texas.xml
index f587706a1ba8..b520208ecf2a 100644
--- a/src/chrome/content/rules/University-of-North-Texas.xml
+++ b/src/chrome/content/rules/University-of-North-Texas.xml
@@ -5,13 +5,13 @@
 
 
 	<!--	Handle subdomains for which the HTTPS
-		subdomain should be preceeded by www.	-->
-	<rule from="^https?://(?:www\.)?((?:ci|coe|hsc|library)\.)?unt\.edu/"
+		subdomain should be preceded by www.	-->
+	<rule from="^http://(?:www\.)?((?:ci|coe|hsc|library)\.)?unt\.edu/"
 		to="https://www.$1unt.edu/" />
 
 	<!--	Handle subdomains for which the HTTPS subdomain
-		should _not_ be preceeded by www.	-->
-	<rule from="^https?://(?:www\.)?((?:studyabroad\.admin)|afrotc|ally|ams|announce|annualreport|anthropology|c3b|calendar|call|careercenter|chile|citc|clear|compliance|conduct|coop|copyright|courses|dcbest|deanofstudents|development|dining|discoverypark|dos|dplife|eagleconnect|ecampus(?:support)?|edo|ee|efec|emds|emergency|endow|eng|engineering|essc|etec|facilities|factbook|financialaid|forms|gallery|gartner|greeklife|healthcenter|home|honors|hr|(?:cme|profile)\.hsc|iarta|ieli|imaging|info|inhouse|international|internships|inthenews|itunes|jaguarconnect|faculty(?:jobs)?|jazz|jobs|journalism|kddi|larc|learningcenter|(?:irservices|iii)\.library|(?:(?:classes|moodle)\.)?lt|messaging|moneymanagement|mtse|music|my|my[fl]s|northtexan|orgs|osprey|paccar|pacs|policy|pps|reac|records|recsports|research|reslife|rms|rtvf|security|smartenergy|spanishmedia|sportpsych|staffcouncil|src|student(?:activities|affairs|legal)|surfaces|sustainable|tams|tara|tcet|telecom|texasbest|thecblor|tours|transfer(?:institute|now)|transition|trio|tsgs|txcdk|union|unt(?:onthesquare|preview|system)|veteranscenter|virtualtour|volunteer|vpaa|vpsd|vtl|web[23]|webadmin|wiki|psychology)\.unt\.edu/"
+		should _not_ be preceded by www.	-->
+	<rule from="^http://(?:www\.)?((?:studyabroad\.admin)|afrotc|ally|ams|announce|annualreport|anthropology|c3b|calendar|call|careercenter|chile|citc|clear|compliance|conduct|coop|copyright|courses|dcbest|deanofstudents|development|dining|discoverypark|dos|dplife|eagleconnect|ecampus(?:support)?|edo|ee|efec|emds|emergency|endow|eng|engineering|essc|etec|facilities|factbook|financialaid|forms|gallery|gartner|greeklife|healthcenter|home|honors|hr|(?:cme|profile)\.hsc|iarta|ieli|imaging|info|inhouse|international|internships|inthenews|itunes|jaguarconnect|faculty(?:jobs)?|jazz|jobs|journalism|kddi|larc|learningcenter|(?:irservices|iii)\.library|(?:(?:classes|moodle)\.)?lt|messaging|moneymanagement|mtse|music|my|my[fl]s|northtexan|orgs|osprey|paccar|pacs|policy|pps|reac|records|recsports|research|reslife|rms|rtvf|security|smartenergy|spanishmedia|sportpsych|staffcouncil|src|student(?:activities|affairs|legal)|surfaces|sustainable|tams|tara|tcet|telecom|texasbest|thecblor|tours|transfer(?:institute|now)|transition|trio|tsgs|txcdk|union|unt(?:onthesquare|preview|system)|veteranscenter|virtualtour|volunteer|vpaa|vpsd|vtl|web[23]|webadmin|wiki|psychology)\.unt\.edu/"
 		to="https://$1.unt.edu/" />
 
 	<!--	As a convenience, redirect http://www.psyc.unt.edu/
@@ -20,15 +20,15 @@
 
 		pyschology.unt.edu no longer has a valid certificate
 
-	<rule from="^https?://(?:www\.)?psyc\.unt\.edu/"
+	<rule from="^http://(?:www\.)?psyc\.unt\.edu/"
 		to="https://psychology.unt.edu/" />
         -->
 
 	<!--	The following two redirects are a convenience for
 		finding policies under what seems to be newer-style URLs. -->
-	<rule from="^https?://(?:www\.)?unt\.edu/policy/UNT_Policy/volume\d/(\d+)_(\d+)\.html$"
+	<rule from="^http://(?:www\.)?unt\.edu/policy/UNT_Policy/volume\d/(\d+)_(\d+)\.html$"
 		to="https://policy.unt.edu/policy/$1-$2" />
 
-	<rule from="^https?://(?:www\.)?unt\.edu/policy/UNT_Policy/volume\d/(\d+)_(\d+)_(\d+)\.html$"
+	<rule from="^http://(?:www\.)?unt\.edu/policy/UNT_Policy/volume\d/(\d+)_(\d+)_(\d+)\.html$"
 		to="https://policy.unt.edu/policy/$1-$2-$3" />
 </ruleset>
diff --git a/src/chrome/content/rules/University-of-Ottawa.xml b/src/chrome/content/rules/University-of-Ottawa.xml
index 274c45917cf8..5abb5362fb1d 100644
--- a/src/chrome/content/rules/University-of-Ottawa.xml
+++ b/src/chrome/content/rules/University-of-Ottawa.xml
@@ -1,9 +1,14 @@
-<ruleset name="University of Ottawa (partial)">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://web5.uottawa.ca/ => https://web5.uottawa.ca/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+-->
+<ruleset name="University of Ottawa (partial)" default_off="failed ruleset test">
 
 	<target host="web5.uottawa.ca" />
 
 
-	<rule from="^http://web5\.uottawa\.ca/"
-		to="https://web5.uottawa.ca/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/University-of-Oxford.xml b/src/chrome/content/rules/University-of-Oxford.xml
index 547832743a73..74c3da840575 100644
--- a/src/chrome/content/rules/University-of-Oxford.xml
+++ b/src/chrome/content/rules/University-of-Oxford.xml
@@ -1,35 +1,468 @@
-<!--	!functional:
-		- www			(timeout)
-		- genizah.bodleian	(timeout)
-		- www.bodleian		(timeout)
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.bfriars.ox.ac.uk/horde/ => https://www.bfriars.ox.ac.uk/horde/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.oxfordtoday.ox.ac.uk/favicon.ico => https://www.oxfordtoday.ox.ac.uk/favicon.ico: Too many redirects while fetching 'https://www.oxfordtoday.ox.ac.uk/favicon.ico'
+Fetch error: http://mail.bfriars.ox.ac.uk/home => https://www.bfriars.ox.ac.uk/horde/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.alumniweekend.ox.ac.uk/ => https://www.alumniweekend.ox.ac.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'www.alumniweekend.ox.ac.uk'")
+Fetch error: http://www.compaign.ox.ac.uk/ => https://www.compaign.ox.ac.uk/: (6, 'Could not resolve host: www.compaign.ox.ac.uk')
+Fetch error: http://cascade.conted.ox.ac.uk/ => https://cascade.conted.ox.ac.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'cascade.conted.ox.ac.uk'")
+Fetch error: http://cll.conted.ox.ac.uk/ => https://cll.conted.ox.ac.uk/: (6, 'Could not resolve host: cll.conted.ox.ac.uk')
+Fetch error: http://podcasts.it.ox.ac.uk/ => https://podcasts.it.ox.ac.uk/: (6, 'Could not resolve host: podcasts.it.ox.ac.uk')
+Fetch error: http://media.podcasts.it.ox.ac.uk/ => https://media.podcasts.it.ox.ac.uk/: (6, 'Could not resolve host: media.podcasts.it.ox.ac.uk')
+Fetch error: http://www.podcasts.it.ox.ac.uk/ => https://www.podcasts.it.ox.ac.uk/: (6, 'Could not resolve host: www.podcasts.it.ox.ac.uk')
+Fetch error: http://portfolio.it.ox.ac.uk/ => https://portfolio.it.ox.ac.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'portfolio.it.ox.ac.uk'")
+Fetch error: http://webedit.medsci.ox.ac.uk/ => https://webedit.medsci.ox.ac.uk/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://www.rarediseases.ox.ac.uk/ => https://www.rarediseases.ox.ac.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'www.rarediseases.ox.ac.uk'")
+Fetch error: http://skillstoolkit.ox.ac.uk/ => https://skillstoolkit.ox.ac.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'skillstoolkit.ox.ac.uk'")
+Fetch error: http://mail.bfriars.ox.ac.uk/ => https://www.bfriars.ox.ac.uk/horde/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	For rules causing false/broken MCB, see Ox.ac.uk-falsemixed.xml.
+
+
+	Other University of Oxford rulesets:
+
+		- Jenner.ac.uk.xml
+
+
+	Nonfunctional hosts in *ox.ac.uk:
+
+		- fido.bfriars		(Blank page)
+		- www.bfriars		(Redirects to http/404s)
+		- www.bodley *
 		- lmb.bioch *
+
+		- digital.bodleian *
+		- genizah.bodleian *
+		- treasures.bodleian *
+
 		- www.campaign
+
+		- blogs.conted ²
+		- onlinesupport.conted *
+		- tallblog.conted ²
+		- trainforpedhiv.conted	("Incorrect access"
+
+		- www.crim	404
+		- www.csls	404
+		- www.economics *
+		- www.migration		("Site Maintenance")
+		- www.iccp ²
+		- www.ict		(Redirects to http
 		- www.inet		(timeout)
+		- mediapub.it		(Redirects to webauth
+		- openspires.it		(Shows default page
+		- www.kennedy		(Redirects to webauth
+		- www.music		Shows maintenance page
+
+		- it.manor-road		401
+		- mrb-web-2012.manor-road	401
+		- orbs.manor-road *
+		- www.manor-road *
+
+		- www.medieval ²
+		- www.migration		("Site Maintenance")
+		- mirror ²
+		- www.neuroscience	(Redirects to webauth
+
+		- blogs.oii ²
+		- cii.oii ²
+		- geography.oii ²
+		- geonet.oii *
+		- sdp.oii ²
+		- webcast.oii *
+		- www.oii *
+
+		- openaccess *
+		- www.oqc *
+		- ora *
 		- www.oxfordmartin	(timeout)
+		- www.oxfordsparks	Plaintext reply
+		- www.oxstar		(Redirects to webauth
+		- media.philosophy	Maintenance page
+		- www-astro.physics ᶠ
+		- blog.politics ²
+		- www.politics *
+		- blog.practicalethics ²
+		- www.psy		(Redirects to webauth
+		- www.psych		(Redirects to webauth
+		- studentprojects.sbs	Plaintext reply
+		- www.sociology *
+		- www.sport		(Shows default page)
+		- talks			(Redirects to webauth
+		- www.tall ²
+		- www.well ʳ
 
 	* Dropped
+	ᶠ Handshake fails
+	² Refused
+	ʳ Refused
 
 
-	Problematic subdomains:
+	Problematic hosts in *ox.ac.uk:
 
-		- (www.)biop
+		- mail.bfriars ¹
+		- (www.)?biop ²
+		- medieval.history		("Site Maintenance")
+		- www.history		Mixed css
+		- www.issf ᵃ
+		- tools.ndm ³
+		- nqit		Mismatched
+		- www.torch	Mismatched
 
-	* Dropped
+	ᵃ Shows another domain
+	¹ Blank page
+	² Dropped
+	³ Server sends no certificate chain, see https://whatsmychaincert.com
+
+
+	Partially covered hosts in *ox.ac.uk:
+
+		- (www.)?biop	(→ www2.mrc-lmb.cam.ac.uk)
+		- solo.bodleian *
+		- solo-prd.bodleian *
+		- www-astro.physics **
 
+	* $ 403s
+	** /*\w does not redirect
 
-	Partially covered subdomains:
 
-		- (www.)biop	(→ www2.mrc-lmb.cam.ac.uk)
+	These altnames don't exist:
+
+		-  www-staging.law.ox.ac.uk
+		- groups.maths.ox.ac.uk
+		- live.writersinspire.ox.ac.uk
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- www.avic.ox.ac.uk
+		- www.cardioscience.ox.ac.uk
+		- www.cardiov.ox.ac.uk
+		- www.cbf.ox.ac.uk
+		- www.ccrf.ox.ac.uk
+		- www.ccmp.ox.ac.uk
+		- www.cti.ox.ac.uk
+		- www.expmedndm.ox.ac.uk
+		- www.imm.ox.ac.uk
+		- www.medsci.ox.ac.uk
+		- www.medawar.ox.ac.uk
+		- www.ndcls.ox.ac.uk
+		- www.ndm.ox.ac.uk
+		- www.ndmrb.ox.ac.uk
+		- .nexus.ox.ac.uk
+		- www.ocmr.ox.ac.uk
+		- www.opdc.ox.ac.uk
+		- www.oxdare.ox.ac.uk
+		- .www2.physics.ox.ac.uk
+		- www.rarediseases.ox.ac.uk
+		- www.rdm.ox.ac.uk
+		- www.stemcells.ox.ac.uk
+		- www.stop-hcv.ox.ac.uk
+		- www.tdi.ox.ac.uk
+		- www.tropicalmedicine.ox.ac.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css, on:
+
+			- www.cardioscience, www.ccouc from vjs.zencdn.net
+			- www.history from $self *
+			- www.avic, www.cardioscience, www.jenner, www.ludwig, www.medawar, www.opdc, www.oxdare, www3.physics, www.stemcells, www.stop-hcv from fonts.googleapis.com *
+
+		- Fonts on www.bodleian from $self *
+
+		- Images, on:
+
+			- www.alumni, www.alumniweb from www.alumni.ox.ac.uk *
+			- www.bodleian from $self *
+			- www.cti, www.ludwig, www.tropicalmedicine from www.google.com *
+			- www.ccouc from ccouc.org
+			- www.ccouc from $self
+			- www.history from www.ox.ac.uk
+			- www.history, blogs.it from $self *
+			- (www.)?podcasts from podcasts.ox.ac.uk *
+			- www.tropicalmedicine from tools.ndm.ox.ac.uk
+
+	* Secured by us
 
 -->
-<ruleset name="University of Oxford (partial)">
+<ruleset name="Ox.ac.uk (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ox.ac.uk" />
+	<target host="www.admin.ox.ac.uk" />
+	<target host="www.alumni.ox.ac.uk" />
+	<target host="www.alumniweb.ox.ac.uk" />
+	<target host="www.alumniweekend.ox.ac.uk" />
+	<target host="www.avic.ox.ac.uk" />
+	<target host="www.bfriars.ox.ac.uk" />
+
+	<target host="solo.bodleian.ox.ac.uk" />
+	<target host="solo-prd.bodleian.ox.ac.uk" />
+	<target host="www.bodleian.ox.ac.uk" />
+
+	<target host="www.cardiov.ox.ac.uk" />
+	<target host="www.cbf.ox.ac.uk" />
+	<target host="www.ccmp.ox.ac.uk" />
+	<target host="www.ccrf.ox.ac.uk" />
+	<target host="www.clarendon.ox.ac.uk" />
+	<target host="www.compaign.ox.ac.uk" />
+
+	<target host="cascade.conted.ox.ac.uk" />
+	<target host="cll.conted.ox.ac.uk" />
+	<target host="www.conted.ox.ac.uk" />
+
+	<target host="www.cs.ox.ac.uk" />
+	<target host="www.cti.ox.ac.uk" />
+	<target host="www.english.ox.ac.uk" />
+	<target host="www.expmedndm.ox.ac.uk" />
+	<!--target host="www.history.ox.ac.uk" /-->
+	<target host="www.imd.ox.ac.uk" />
+	<target host="www.imm.ox.ac.uk" />
+	<target host="www.infosec.ox.ac.uk" />
+
+	<target host="blogs.it.ox.ac.uk" />
+	<target host="courses.it.ox.ac.uk" />
+	<target host="cup-of-tea.it.ox.ac.uk" />
+	<target host="help.it.ox.ac.uk" />
+	<target host="podcasts.it.ox.ac.uk" />
+	<target host="media.podcasts.it.ox.ac.uk" />
+	<target host="www.podcasts.it.ox.ac.uk" />
+	<target host="portfolio.it.ox.ac.uk" />
+	<target host="register.it.ox.ac.uk" />
+	<target host="www.it.ox.ac.uk" />
 
-	<target host="*.ox.ac.uk"/>
+	<!--target host="www.jenner.ox.ac.uk" /-->
+	<target host="law.ox.ac.uk" />
+
+	<target host="alumni.law.ox.ac.uk" />
+	<target host="intranet.law.ox.ac.uk" />
+	<target host="www.law.ox.ac.uk" />
+
+	<target host="www.ludwig.ox.ac.uk" />
+
+	<target host="people.maths.ox.ac.uk" />
+	<target host="www.maths.ox.ac.uk" />
+	<target host="www0.maths.ox.ac.uk" />
+	<target host="www1.maths.ox.ac.uk" />
+	<target host="www2.maths.ox.ac.uk" />
+	<target host="rap.maths.ox.ac.uk" />
+	<target host="minerva.maths.ox.ac.uk" />
+	<target host="owncloud.maths.ox.ac.uk" />
+	<target host="zimbra.maths.ox.ac.uk" />
+
+	<target host="www.medawar.ox.ac.uk" />
+	<target host="webedit.medsci.ox.ac.uk" />
+	<target host="www.medsci.ox.ac.uk" />
+	<target host="www.ndcls.ox.ac.uk" />
+	<target host="www.ndm.ox.ac.uk" />
+	<target host="www.ndmrb.ox.ac.uk" />
+	<target host="owa.nexus.ox.ac.uk" />
+	<target host="sharepoint.nexus.ox.ac.uk" />
+	<target host="infodev-d7-live.nsms.ox.ac.uk" />
+	<target host="www.ocdem.ox.ac.uk" />
+	<target host="www.ocmr.ox.ac.uk" />
+	<target host="www.opdc.ox.ac.uk" />
+	<target host="blogs.oucs.ox.ac.uk" />
+	<target host="www.oucs.ox.ac.uk" />
+	<target host="www.oxdare.ox.ac.uk" />
+	<target host="oxfordtoday.ox.ac.uk" />
+	<target host="www.oxfordtoday.ox.ac.uk" />
+
+	<target host="www.physics.ox.ac.uk" />
+	<target host="www-thphys.physics.ox.ac.uk" />
+	<target host="www2.physics.ox.ac.uk" />
+	<target host="www3.physics.ox.ac.uk" />
+
+	<target host="www.rarediseases.ox.ac.uk" />
+	<target host="www.rdm.ox.ac.uk" />
+	<target host="idp.shibboleth.ox.ac.uk" />
+	<target host="skillstoolkit.ox.ac.uk" />
+	<target host="www.stemcells.ox.ac.uk" />
+	<target host="www.stop-hcv.ox.ac.uk" />
+	<target host="www.tdi.ox.ac.uk" />
+	<target host="www.tropicalmedicine.ox.ac.uk" />
+	<target host="webauth.ox.ac.uk" />
+	<target host="weblearn.ox.ac.uk" />
+	<target host="www.weblearn.ox.ac.uk" />
+	<target host="www.ox.ac.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="biop.ox.ac.uk" />
+	<target host="www.biop.ox.ac.uk" />
+	<target host="mail.bfriars.ox.ac.uk" />
+	<!--target host="medieval.history.ox.ac.uk" /-->
+	<target host="www.issf.ox.ac.uk" />
+	<target host="www-astro.physics.ox.ac.uk" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.bfriars\.ox\.ac\.uk/$" /-->
+		<!--
+			404s:
+				-->
+		<!--exclusion pattern="^http://www\.bfriars\.ox\.ac\.uk/hall/las-casas/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.bfriars\.ox\.ac\.uk/+(?!horde/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.bfriars.ox.ac.uk/hall/las-casas/" />
+			<test url="http://www.bfriars.ox.ac.uk/studium/" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.bfriars.ox.ac.uk/horde/" />
+
+		<exclusion pattern="^http://(?:www\.)?biop\.ox\.ac\.uk/(?!coot)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://biop.ox.ac.uk/www/mol_of_life/Asim.html" />
+
+			<!--	-ve:
+					-->
+			<test url="http://biop.ox.ac.uk/coot" />
+			<test url="http://www.biop.ox.ac.uk/coot" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.eng\.ox\.ac\.uk/home$" /-->
+
+		<!--	403:
+				-->
+		<!--exclusion pattern="^http://solo(-prd)?\.bodleian\.ox\.ac\.uk/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://solo(?:-prd)?\.bodleian\.ox\.ac\.uk/+(?!cgi-bin/|pds\?|shib/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://solo.bodleian.ox.ac.uk/primo_library/libweb/action/myAccountMenu.do?vid=" />
+			<test url="http://solo.bodleian.ox.ac.uk/primo_library/libweb/action/search.do?vid=maps" />
+			<test url="http://solo.bodleian.ox.ac.uk/primo_library/libweb/static_htmls/cookies.html" />
+			<test url="http://solo.bodleian.ox.ac.uk/primo_library/libweb/action/search.do?mode=Basic&amp;vid=&amp;tab=all" />
+			<test url="http://solo.bodleian.ox.ac.uk/primo_library/libweb/action/search.do?mode=Basic&amp;vid=&amp;tab=remote" />
+
+			<!--	-ve:
+					-->
+			<test url="http://solo.bodleian.ox.ac.uk/cgi-bin/login.cgi" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.oxfordtoday\.ox\.ac\.uk/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.oxfordtoday\.ox\.ac\.uk/+(?!favicon\.ico|sites/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.oxfordtoday.ox.ac.uk/culture/poetry-creative-writing/world-after-snowden-alan-rusbridger-21st-century-surveillance-state" />
+			<test url="http://www.oxfordtoday.ox.ac.uk/letters" />
+			<test url="http://www.oxfordtoday.ox.ac.uk/opinion" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.oxfordtoday.ox.ac.uk/favicon.ico" />
+			<test url="http://www.oxfordtoday.ox.ac.uk/sites/default/themes/custom/childship/images/logo.png" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.ox\.ac\.uk/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.ox\.ac\.uk/+(?!favicon\.ico|sites/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.ox.ac.uk/event/colliding-worlds-how-cutting-edge-science-redefining-contemporary-art" />
+			<test url="http://www.ox.ac.uk/events-list" />
+			<test url="http://www.ox.ac.uk/news/arts-blog" />
+			<test url="http://www.ox.ac.uk/students" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.ox.ac.uk/favicon.ico" />
+			<test url="http://www.ox.ac.uk/sites/default/themes/custom/oxweb/images/oxweb-logo-square.svg" />
+
+		<!--	Mixed css:
+					-->
+		<!--test url="http://www.history.ox.ac.uk/research/centre/medieval-history.html" /-->
+		<!--test url="http://www3.physics.ox.ac.uk/confs/RUM2015/programme.asp" /-->
+
+		<!--	Mixed images:
+					-->
+		<test url="http://www.alumni.ox.ac.uk/alumni_home" />
+		<test url="http://www.alumniweb.ox.ac.uk/secure/page.aspx?pid=1330" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.(?:avic|cardioscience|cardiov|cbf|ccmp|ccrf|cti|expmedndm|imm|medawar|ndcls|ndm|ndmrb|ocmr|opdc|oxdare|rarediseases|rdm|stemcells|stop-hcv|tdi|tropicalmedicine)\.ox\.ac\.uk$" name="^NewtSession" /-->
+	<!--securecookie host="^www\.medsci\.ox\.ac\.uk$" name="^SERVERID$" /-->
+	<!--securecookie host="^\.nexus\.ox\.ac\.uk$" name="^OXCOOKIE" /-->
+	<!--securecookie host="^\.www2\.physics\.ox\.ac\.uk$" name="^SESS[\da-f]{32}$" /-->
+
+	<securecookie host="^\.www2\.physics\." name=".+" />
 
-	<rule from="^http://(www\.admin|weblearn)\.ox\.ac\.uk/"
-		to="https://$1.ox.ac.uk/"/>
 
 	<rule from="^http://(?:www\.)?biop\.ox\.ac\.uk/coot"
 		to="https://www2.mrc-lmb.cam.ac.uk/Personal/pemsley/coot" />
 
+	<!--	Redirect drops path but not args:
+							-->
+	<rule from="^http://mail\.bfriars\.ox\.ac\.uk/[^?]*"
+		to="https://www.bfriars.ox.ac.uk/horde/" />
+
+		<test url="http://mail.bfriars.ox.ac.uk/home" />
+
+	<!--	Redirect drops path and forward slash, but not args:
+								-->
+	<!--rule from="^http://medieval\.history\.ox\.ac\.uk/[^?]*"
+		to="https://www.history.ox.ac.uk/research/centre/medieval-history.html" /-->
+
+		<!--test url="http://medieval.history.ox.ac.uk//home.php"/-->
+
+	<!--	Redirect drops path and forward slash, but not args:
+								-->
+	<rule from="^http://www\.issf\.ox\.ac\.uk/[^?]*"
+		to="https://www.medsci.ox.ac.uk/research/internal/funding-directory/issf" />
+
+		<test url="http://www.issf.ox.ac.uk//home.php"/>
+
+	<!--	Redirect keeps args but not forward slash:
+								-->
+	<rule from="^http://www-astro\.physics\.ox\.ac\.uk/[^?]*"
+		to="https://www2.physics.ox.ac.uk/research/astrophysics" />
+
+		<!--	/*\w does not redirect:
+						-->
+		<exclusion pattern="^http://www-astro\.physics.ox.ac.uk/(?!/*(?:$|\?))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www-astro.physics.ox.ac.uk/default.aspx" />
+			<test url="http://www-astro.physics.ox.ac.uk/index.htm" />
+			<test url="http://www-astro.physics.ox.ac.uk/index.html" />
+			<test url="http://www-astro.physics.ox.ac.uk/index.jsp" />
+			<test url="http://www-astro.physics.ox.ac.uk/index.php" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www-astro.physics.ox.ac.uk/?" />
+
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/University-of-Pennsylvania-mismatches.xml b/src/chrome/content/rules/University-of-Pennsylvania-mismatches.xml
index c0a2bd00c308..ce535ec65c13 100644
--- a/src/chrome/content/rules/University-of-Pennsylvania-mismatches.xml
+++ b/src/chrome/content/rules/University-of-Pennsylvania-mismatches.xml
@@ -1,9 +1,8 @@
-<ruleset name="University of Pennsylvania (mismatches)" default_off="mismatch">
+<ruleset name="UPenn.edu (mismatches)" default_off="mismatched">
 
 	<!--	bepress.com	-->
 	<target host="repository.upenn.edu"/>
 
-	<rule from="^http://repository\.upenn\.edu/"
-		to="https://repository.upenn.edu/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/University-of-Pennsylvania.xml b/src/chrome/content/rules/University-of-Pennsylvania.xml
index b1170ac2b10a..5412fcdc0754 100644
--- a/src/chrome/content/rules/University-of-Pennsylvania.xml
+++ b/src/chrome/content/rules/University-of-Pennsylvania.xml
@@ -1,4 +1,7 @@
 <!--
+	University of Pennsylvania
+
+
 	Nonfunctional subdomains:
 
 		- www.psych	(shows www.sas; mismatched, CN: *.sas.upenn.edu)
@@ -7,23 +10,35 @@
 
 	Partially covered subdomains:
 
-		- www.libary	(some pages redirect to http)
+		- www.library	(some pages redirect to http)
 
 
 	Fully covered subdomains:
 
+		- (www.)cis
 		- www.college
 		- weblogin.pennkey
 		- fission.sas
 		- www.sas
+		- webmail.seas
+		- www.seas
 
 
 	^upenn.edu doesn't exist.
 
 -->
-<ruleset name="University of Pennsylvania (partial)">
-
-	<target host="*.upenn.edu"/>
+<ruleset name="UPenn.edu (partial)">
+
+	<target host="cis.upenn.edu" />
+	<target host="www.cis.upenn.edu" />
+	<target host="www.college.upenn.edu" />
+	<target host="medley.isc-seo.upenn.edu" />
+	<target host="www.library.upenn.edu" />
+	<target host="weblogin.pennkey.upenn.edu" />
+	<target host="fission.sas.upenn.edu" />
+	<target host="www.sas.upenn.edu" />
+	<target host="webmail.seas.upenn.edu" />
+	<target host="www.seas.upenn.edu" />
 		<exclusion pattern="^http://www\.library\.upenn\.edu/(?!images/|styles/)" />
 
 
@@ -31,7 +46,6 @@
 	<securecookie host="^(?:weblogin\.pennkey|\.www\.sas)\.upenn\.edu$" name=".+" />
 
 
-	<rule from="^http://(www\.college|medley\.isc-seo|www\.library|weblogin\.pennkey|(?:fission|www)\.sas)\.upenn\.edu/"
-		to="https://$1.upenn.edu/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/University-of-South-Florida-mismatches.xml b/src/chrome/content/rules/University-of-South-Florida-mismatches.xml
deleted file mode 100644
index 98b7cc71466a..000000000000
--- a/src/chrome/content/rules/University-of-South-Florida-mismatches.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	For rules that are on by default, see University-of-South-Florida.xml.
-
--->
-<ruleset name="University of South Florida (mismatches)" default_off="expired, mismatch, self-signed">
-
-	<!--	Cert: *.usf.edu, expired, self-signed	-->
-	<target host="*.blog.usf.edu" />
-	<!--	Cert: *.bepress.com	-->
-	<target host="scholarcommons.usf.edu" />
-	<!--	Cert: *.drupal.publicbroadcasting.net	-->
-	<target host="wusfnews.wusf.usf.edu" />
-
-
-	<!--	Cookies are handled in University-of-South-Florida.xml.	-->
-
-
-	<rule from="^http://((?:brs|rc)\.blog|scholarcommons|wusfnews\.wusf)\.usf\.edu/"
-		to="https://$1.usf.edu/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/University-of-South-Florida.xml b/src/chrome/content/rules/University-of-South-Florida.xml
index 6821f8d847d4..1e10d021c95e 100644
--- a/src/chrome/content/rules/University-of-South-Florida.xml
+++ b/src/chrome/content/rules/University-of-South-Florida.xml
@@ -1,53 +1,46 @@
 <!--
-	For problematic rules, see University-of-South-Florida-mismatches.xml.
+	For University of South Florida Saint Petersburg see USFSP.edu.xml
 
-
-	Nonfunctional usf.edu subdomains:
-
-		- (www.)		(times out)
-		- directory.acomp	(cert: netid.usf.edu; redirects there)
-		- it			(expired, self-signed; 301s to rc.blog.usf.edu/domain-not-found/)
-		- guides.lib		(cert: libguides.com; 404)
-		- (www.)nelson
-		- news
-		- (www.)research
+	Mismatched:
+		- directory.acomp
+		- it
 		- system
-		- tap			(expired, self-signed; 301s to rc.blog.usf.edu/domain-not-found/)
-
--->
-<ruleset name="University of South Florida (partial)">
-
-	<target host="*.usf.edu" />
-	<target host="*.stpete.usf.edu" />
-	<target host="usfsp.edu" />
-	<target host="*.usfsp.edu" />
-
 
-	<!--	Not handling cross-domain cookies as a precaution.	-->
-	<securecookie host="^(\w.*\.)?usf(sp)?\.edu$" name=".*" />
-
-
-	<!--	Cert only matches www.lib.
-						-->
-	<rule from="^https?://(?:www\.)?lib\.usf\.edu/"
-		to="https://www.lib.usf.edu/" />
-
-	<rule from="^http://(my|mysites|netid|usfsts|usfweb2|webauth)\.usf\.edu/"
-		to="https://$1.usf.edu/" />
-
-	<!--	- Cert doesn't match
-		- Redirects like so
-				-->
-	<rule from="^https?://(?:www\.)?stpete\.usf\.edu/"
-		to="https://www.usfsp.edu/" />
+	Refused:
+		- news
 
-	<rule from="^http://((?:dev|vpn|www)\.)?usfsp\.edu/"
-		to="https://$1usfsp.edu/" />
+	Timeout:
+		- tap
 
-	<!--	- Cert only matches sharemypc.stpete.usf
-		- Data appear identical
-				-->
-	<rule from="^https?://sharemypc\.(?:stpete\.usf|usfsp).edu/"
-		to="https://sharemypc.stpete.usf.edu/" />
+	Incomplete certificate chain:
+		- lib
 
+	SSL configuration error:
+		- usfweb2 (see https://www.ssllabs.com/ssltest/analyze.html?d=usfweb2.usf.edu)
+-->
+<ruleset name="University of South Florida (partial)">
+	<target host="usf.edu" />
+	<target host="www.usf.edu" />
+	<target host="it.usf.edu" />
+	<target host="lib.usf.edu" />
+	<target host="www.lib.usf.edu" />
+	<target host="guides.lib.usf.edu" />
+	<target host="my.usf.edu" />
+	<target host="mysites.usf.edu" />
+	<target host="netid.usf.edu" />
+	<target host="news.usf.edu" />
+	<target host="research.usf.edu" />
+	<target host="www.research.usf.edu" />
+	<target host="system.usf.edu" />
+	<target host="webauth.usf.edu" />
+
+	<!-- .* removes the path to match website's own 301 redirect -->
+	<rule from="^http://(it|news|system)\.usf\.edu/.*" to="https://www.usf.edu/$1" />
+	<test url="http://it.usf.edu/abcdef" />
+	<test url="http://news.usf.edu/abcdef" />
+	<test url="http://system.usf.edu/abcdef" />
+
+	<rule from="^http://lib\.usf\.edu/" to="https://www.lib.usf.edu/" />
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/University-of-Southampton.xml b/src/chrome/content/rules/University-of-Southampton.xml
index 8b293195c929..ce42ea5e427b 100644
--- a/src/chrome/content/rules/University-of-Southampton.xml
+++ b/src/chrome/content/rules/University-of-Southampton.xml
@@ -1,13 +1,25 @@
+<!--
+	Fully covered domains:
+
+		- secure.ecs.soton.ac.uk
+
+-->
 <ruleset name="University of Southampton (partial)">
 
 	<target host="noc.ac.uk" />
 	<!--
 		* for cross-domain cookie.
 					-->
-	<target host="*.noc.ac.uk" />
+	<target host="www.noc.ac.uk" />
 	<target host="soton.ac.uk" />
-	<target host="*.soton.ac.uk" />
-	<target host="www.*.soton.ac.uk" />
+	<target host="www.soton.ac.uk" />
+	<target host="secure.ecs.soton.ac.uk" />
+	<target host="jobs.soton.ac.uk" />
+	<target host="www.jobs.soton.ac.uk" />
+	<target host="noc.soton.ac.uk" />
+	<target host="www.noc.soton.ac.uk" />
+	<target host="sussed.soton.ac.uk" />
+	<target host="www.sussed.soton.ac.uk" />
 	<target host="www.southampton.ac.uk" />
 
 
@@ -17,17 +29,18 @@
 
 	<!--	Cert is not valid for www.
 						-->
-	<rule from="^http://www\.noc\.ac\.uk/"
+	<rule from="^http://(www\.)?noc\.ac\.uk/"
 		to="https://noc.ac.uk/" />
 
-	<rule from="^http://noc\.ac\.uk/(f|sites)/"
-		to="https://noc.ac.uk/$1/" />
-
 	<rule from="^http://(?:www\.)?soton\.ac\.uk/"
 		to="https://www.soton.ac.uk/" />
 
-	<rule from="^http://(www\.)?jobs\.soton\.ac\.uk/"
-		to="https://$1jobs.soton.ac.uk/" />
+
+	<test url="http://secure.ecs.soton.ac.uk/mail/" />
+	<test url="http://secure.ecs.soton.ac.uk/login/" />
+
+
+	<test url="http://www.jobs.soton.ac.uk/display.aspx?Id=1253&amp;pid=0" />
 
 	<!--	Cert is not valid for !www.
 						-->
@@ -44,4 +57,5 @@
 	<rule from="^http://www\.southampton\.ac\.uk(?:\:443)?/"
 		to="https://www.southampton.ac.uk/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/University-of-Southern-California-mismatches.xml b/src/chrome/content/rules/University-of-Southern-California-mismatches.xml
index 5eaf1b7d5918..8fd12b41e92d 100644
--- a/src/chrome/content/rules/University-of-Southern-California-mismatches.xml
+++ b/src/chrome/content/rules/University-of-Southern-California-mismatches.xml
@@ -2,7 +2,7 @@
 	For rules that are on by default, see University-of-Southern-California.xml
 
 -->
-<ruleset name="University of Southern California (mismatches)" default_off="mismatch" platform="mixedcontent">
+<ruleset name="University of Southern California (mismatches)" default_off="mismatched" platform="mixedcontent">
 
 	<!--	Cert: *.bluehost.com	-->
 	<target host="think.usc.edu" />
@@ -13,7 +13,7 @@
 	<!--	- www.think doesn't exist
 		- At least $ 404s
 					-->
-	<rule from="^https?://(?:www\.)?think(?:usc.com/(?:~thinkusc/)?|\.usc\.edu)/wp-content/"
+	<rule from="^http://(?:www\.)?think(?:usc\.com/(?:~thinkusc/)?|\.usc\.edu)/wp-content/"
 		to="https://thinkusc.com/~thinkusc/wp-content/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/University-of-Southern-California.xml b/src/chrome/content/rules/University-of-Southern-California.xml
index a7d06e74b427..a764dd09e9dc 100644
--- a/src/chrome/content/rules/University-of-Southern-California.xml
+++ b/src/chrome/content/rules/University-of-Southern-California.xml
@@ -1,43 +1,327 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://mypassword.provost.usc.edu:9251/ => https://mypassword.provost.usc.edu:9251/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://about.usc.edu/ => https://about.usc.edu/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://academics.usc.edu/ => https://academics.usc.edu/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://accreditation.usc.edu/ => https://accreditation.usc.edu/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://benefits.usc.edu/ => https://benefits.usc.edu/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://blackboardhelp.usc.edu/ => https://blackboardhelp.usc.edu/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://businessservices.usc.edu/ => https://businessservices.usc.edu/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://careers.usc.edu/ => https://careers.usc.edu/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://cio.usc.edu/ => https://cio.usc.edu/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://campusactivities.usc.edu/ => https://campusactivities.usc.edu/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://classes.usc.edu/ => https://classes.usc.edu/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://commencement.usc.edu/ => https://commencement.usc.edu/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://cst.usc.edu/ => https://cst.usc.edu/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://customsites.usc.edu/ => https://customsites.usc.edu/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://dentistry.usc.edu/ => https://dentistry.usc.edu/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://dps.usc.edu/ => https://dps.usc.edu/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://dpspreview.usc.edu/ => https://dpspreview.usc.edu/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://dramaticarts.usc.edu/ => https://dramaticarts.usc.edu/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://ecohenshc.usc.edu/ => https://ecohenshc.usc.edu/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://email.usc.edu/ => https://email.usc.edu/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://employees.usc.edu/ => https://employees.usc.edu/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://engemannshc.usc.edu/ => https://engemannshc.usc.edu/: (28, 'Connection timed out after 20003 milliseconds')
+Fetch error: http://stats.fs.usc.edu/ => https://stats.fs.usc.edu/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://google.usc.edu/ => https://google.usc.edu/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://hcda.usc.edu/ => https://hcda.usc.edu/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://hcdapreview.usc.edu/ => https://hcdapreview.usc.edu/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://hpcc.usc.edu/ => https://hpcc.usc.edu/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://hrdivision.usc.edu/ => https://hrdivision.usc.edu/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://iastudents.usc.edu/ => https://iastudents.usc.edu/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://it-security.usc.edu/ => https://it-security.usc.edu/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://italerts.usc.edu/ => https://italerts.usc.edu/: (6, 'Could not resolve host: italerts.usc.edu')
+Fetch error: http://itservices.usc.edu/ => https://itservices.usc.edu/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://itsupport.usc.edu/ => https://itsupport.usc.edu/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://jobs.usc.edu/ => https://jobs.usc.edu/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://kaufman.usc.edu/ => https://kaufman.usc.edu/: (28, 'Connection timed out after 20003 milliseconds')
+Fetch error: http://kortschakcenter.usc.edu/ => https://kortschakcenter.usc.edu/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://learningdesign.usc.edu/ => https://learningdesign.usc.edu/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://lgbtrc.usc.edu/ => https://lgbtrc.usc.edu/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://marshall.usc.edu/ => https://marshall.usc.edu/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://interview.marshall.usc.edu/ => https://interview.marshall.usc.edu/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://managers.usc.edu/ => https://managers.usc.edu/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://marshallapps.usc.edu/ => https://marshallapps.usc.edu/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://myshr.med.usc.edu/ => https://myshr.med.usc.edu/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://music.usc.edu/ => https://music.usc.edu/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://my.usc.edu/ => https://my.usc.edu/: (35, 'error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure')
+Fetch error: http://mymarshall.usc.edu/ => https://mymarshall.usc.edu/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://netid.usc.edu/ => https://netid.usc.edu/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://news.usc.edu/ => https://news.usc.edu/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://online.usc.edu/ => https://online.usc.edu/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://parents.usc.edu/ => https://parents.usc.edu/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://pharmacies.usc.edu/ => https://pharmacies.usc.edu/: (28, 'Connection timed out after 20005 milliseconds')
+Fetch error: http://pharmacycorefacilities.usc.edu/ => https://pharmacycorefacilities.usc.edu/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://pharmacyschool.usc.edu/ => https://pharmacyschool.usc.edu/: (28, 'Connection timed out after 20003 milliseconds')
+Fetch error: http://pharmgradprograms.usc.edu/ => https://pharmgradprograms.usc.edu/: (28, 'Connection timed out after 20003 milliseconds')
+Fetch error: http://policy.usc.edu/ => https://policy.usc.edu/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://preparedness.usc.edu/ => https://preparedness.usc.edu/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://pressroom.usc.edu/ => https://pressroom.usc.edu/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://procurement.usc.edu/ => https://procurement.usc.edu/: (28, 'Connection timed out after 20015 milliseconds')
+Fetch error: http://help.provost.usc.edu/ => https://help.provost.usc.edu/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://mypassword.provost.usc.edu/ => https://mypassword.provost.usc.edu/: (28, 'Connection timed out after 20002 milliseconds')
+Fetch error: http://www.provost.usc.edu/ => https://www.provost.usc.edu/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://regulatory.usc.edu/ => https://regulatory.usc.edu/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://rossier.usc.edu/ => https://rossier.usc.edu/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://rossiercareers.usc.edu/ => https://rossiercareers.usc.edu/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://rossierfaculty.usc.edu/ => https://rossierfaculty.usc.edu/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://rossierstudents.usc.edu/ => https://rossierstudents.usc.edu/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://safety.usc.edu/ => https://safety.usc.edu/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://sarc.usc.edu/ => https://sarc.usc.edu/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://scampus.usc.edu/ => https://scampus.usc.edu/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://strategic.usc.edu/ => https://strategic.usc.edu/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://studenaffairs.usc.edu/ => https://studenaffairs.usc.edu/: (6, 'Could not resolve host: studenaffairs.usc.edu')
+Fetch error: http://studentblackboardhelp.usc.edu/ => https://studentblackboardhelp.usc.edu/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://talent.usc.edu/ => https://talent.usc.edu/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://trojansalert.usc.edu/ => https://trojansalert.usc.edu/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://trojantime.usc.edu/ => https://trojantime.usc.edu/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://test10.usc.edu/ => https://test10.usc.edu/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://uscnow.usc.edu/ => https://uscnow.usc.edu/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://undergrad.usc.edu/ => https://undergrad.usc.edu/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://undergradpreview.usc.edu/ => https://undergradpreview.usc.edu/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://web-app.usc.edu/ => https://web-app.usc.edu/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://webreg.vsoe.usc.edu/ => https://webreg.vsoe.usc.edu/: (6, 'Could not resolve host: webreg.vsoe.usc.edu')
+Fetch error: http://policies.usc.edu/ => https://policy.usc.edu/: (28, 'Connection timed out after 20001 milliseconds')
+
+	University of Southern California
+
+	For rules false/broken MCB, see USC.edu-falsemixed.xml.
+
 	For problematic rules, see University-of-Southern-California-mismatches.xml.
 
 
-	Nonfunctional subdomains:
+	Nonfunctional hosts in *usc.ed:
+
+		- annenberg ¹
+		- chan ²
+		- ee ³
+		- election2012 ⁴
+		- emergency ⁵
+		- gero ⁶
+		- gould ²
+		- ict ¹
+		- (www.)?international ¹
+		- iovine-young ¹
+		- keck ²
+		- (www.)?law ²
+		- libraries-emergency ⁵
+		- mylaw2 ²
+		- passwordreset.provost ²
+		- transnet ¹
+		- trojanlearn ³
+		- viterbi ¹
+
+	¹ Dropped
+	² Refused
+	³ Shows another domain
+	⁴ $ displays white page; paths 404
+	⁵ Handshake fails
+	⁶ Plaintext reply
+
+
+	Problematic hosts in *usc.ed:
+
+		- ^ ¹
+		- adminopsnet ²
+		- caps-intranet ²
+		- capsnet ³ ²
+		- www.dornsife ³
+		- dornsifelive ³ ⁴
+		- healthstream ⁵
+		- keckapps ⁵
+		- service.marshall ⁶
+		- students.marshall ³ ⁴
+		- policies ⁶
+		- pt ³
+		- roski ⁵
+		- think ³
+
+	¹ Refused
+	² Untrusted root
+	³ Mismatched
+	⁴ Expired
+	⁵ Mixed css
+	⁶ Shows another domain
+
+
+	Mixed content:
+
+		- css, on:
 
-		- annenberg	(times out)
-		- ee		(shows another domain, self-signed)
-		- election2012	($ displays white page; paths 404)
-		- viterbi	(no https)
+			- healthstream from keckapps.usc.edu *
+			- keckapps, roski from $self *
 
+		- Images, on:
 
-	Fully covered subdomains:
+			- adminit from zapt4.staticworld.net
+			- arch, iastudents, keckapps, kortschakcenter, www.marshall, pharmacycorefacilities, policy, help.provost, roski, wise, www from $self *
+			- dornsife from dornsifelive.usc.edu *
+			- employees from l.yimg.com *
+			- healthstream from keckapps.usc.edu *
+			- my from feeds.feedburner.com *
+			- policy from www.usc.edu *
+			- sarc from customsites.usc.edu *
+			- wise from www.web-nex.com
+			- www from web-app.usc.edu *
 
-		- vsoeapp1.vsoe
+		- favicon on about, academics, accreditation, benefits, bknpt-web5.bknpt, blackboardhelp, classes, commencement, dentistry, it-security, kaufman, pharmacies, rossierstudents, strategic, studentblackboardhelp from www.usc.edu *
+		- Bug on kaufman from \d+.fls.doubleclick.net
+
+	* Secured by us
 
 -->
-<ruleset name="University of Southern California (partial)">
+<ruleset name="USC.edu (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="about.usc.edu" />
+	<target host="academics.usc.edu" />
+	<target host="accreditation.usc.edu" />
+	<target host="adminit.usc.edu" />
+	<target host="arch.usc.edu" />
+	<target host="benefits.usc.edu" />
+	<target host="bknpt-web5.bknpt.usc.edu" />
+	<target host="blackboard.usc.edu" />
+	<target host="blackboardhelp.usc.edu" />
+	<target host="businessservices.usc.edu" />
+	<target host="careers.usc.edu" />
+	<target host="mail.capsd.usc.edu" />
+	<target host="caps-login.usc.edu" />
+	<target host="capstechops.usc.edu" />
+	<target host="cinema.usc.edu" />
+	<target host="cio.usc.edu" />
+	<target host="campaign.usc.edu" />
+	<target host="campusactivities.usc.edu" />
+	<target host="classes.usc.edu" />
+	<target host="commencement.usc.edu" />
+	<target host="cst.usc.edu" />
+	<target host="customsites.usc.edu" />
+	<target host="dentistry.usc.edu" />
+	<target host="dornsifecms.usc.edu" />
+	<target host="dornsife.usc.edu" />
+	<target host="dps.usc.edu" />
+	<target host="dpspreview.usc.edu" />
+	<target host="dramaticarts.usc.edu" />
+	<target host="ecohenshc.usc.edu" />
+	<target host="email.usc.edu" />
+	<target host="employees.usc.edu" />
+	<target host="engemannshc.usc.edu" />
+	<target host="facultypositions.usc.edu" />
+	<target host="fbs.usc.edu" />
+	<target host="stats.fs.usc.edu" />
+	<target host="giveto.usc.edu" />
+	<target host="google.usc.edu" />
+	<target host="hcda.usc.edu" />
+	<target host="hcdapreview.usc.edu" />
+	<!--target host="healthstream.usc.edu" /-->
+	<target host="housing.usc.edu" />
+	<target host="hpcc.usc.edu" />
+	<target host="hrdivision.usc.edu" />
+	<target host="iastudents.usc.edu" />
+	<target host="istar.usc.edu" />
+	<target host="istar-chla.usc.edu" />
+	<target host="it-security.usc.edu" />
+	<target host="italerts.usc.edu" />
+	<target host="itservices.usc.edu" />
+	<target host="itsupport.usc.edu" />
+	<target host="jobs.usc.edu" />
+	<target host="kaufman.usc.edu" />
+	<!--target host="keckapps.usc.edu" /-->
+	<target host="kfs.usc.edu" />
+	<target host="kortschakcenter.usc.edu" />
+	<target host="learningdesign.usc.edu" />
+	<target host="lgbtrc.usc.edu" />
+	<target host="marshall.usc.edu" />
+	<target host="interview.marshall.usc.edu" />
+	<target host="managers.usc.edu" />
+	<target host="www.marshall.usc.edu" />
+	<target host="marshallapps.usc.edu" />
+	<target host="keckselfservice.med.usc.edu" />
+	<target host="myshr.med.usc.edu" />
+	<target host="music.usc.edu" />
+	<target host="my.usc.edu" />
+	<target host="mydornsife.usc.edu" />
+	<target host="mymarshall.usc.edu" />
+	<target host="netid.usc.edu" />
+	<target host="news.usc.edu" />
+	<target host="online.usc.edu" />
+	<target host="parents.usc.edu" />
+	<target host="pharmacies.usc.edu" />
+	<target host="pharmacycorefacilities.usc.edu" />
+	<target host="pharmacyschool.usc.edu" />
+	<target host="pharmgradprograms.usc.edu" />
+	<target host="policy.usc.edu" />
+	<target host="preparedness.usc.edu" />
+	<target host="pressroom.usc.edu" />
+	<target host="procurement.usc.edu" />
 
+	<target host="help.provost.usc.edu" />
+	<target host="it.provost.usc.edu" />
+	<target host="mypassword.provost.usc.edu" />
+	<target host="www.provost.usc.edu" />
+
+	<target host="regulatory.usc.edu" />
+	<!--target host="roski.usc.edu" /-->
+	<target host="rossier.usc.edu" />
+	<target host="rossiercareers.usc.edu" />
+	<target host="rossierfaculty.usc.edu" />
+	<target host="rossierstudents.usc.edu" />
+	<target host="safety.usc.edu" />
+	<target host="sait.usc.edu" />
+	<target host="sarc.usc.edu" />
+	<target host="scacommunity.usc.edu" />
+	<target host="scampus.usc.edu" />
+	<target host="shibboleth.usc.edu" />
+	<target host="strategic.usc.edu" />
+	<target host="stuaff.usc.edu" />
+	<target host="studenaffairs.usc.edu" />
+	<target host="studentblackboardhelp.usc.edu" />
+	<target host="talent.usc.edu" />
+	<target host="trojansalert.usc.edu" />
+	<target host="trojantime.usc.edu" />
+	<target host="test10.usc.edu" />
+	<target host="uscnow.usc.edu" />
+	<target host="undergrad.usc.edu" />
+	<target host="undergradpreview.usc.edu" />
+	<target host="vsoeapp1.vsoe.usc.edu" />
+	<target host="web-app.usc.edu" />
+	<target host="webreg.vsoe.usc.edu" />
+	<target host="www.usc.edu" />
+
+	<!--	Complications:
+				-->
 	<target host="usc.edu" />
-	<target host="*.usc.edu" />
 	<target host="www.dornsife.usc.edu" />
+	<target host="service.marshall.usc.edu" />
+	<target host="policies.usc.edu" />
 
 
-	<securecookie host="^.*\.usc\.edu$" name=".*" />
+	<securecookie host=".+" name=".+" />
 
 
-	<!--	- !www doesn't work over https
-		- Redirects as so	-->
-	<rule from="^https?://(?:www\.)?usc\.edu/"
+	<rule from="^http://usc\.edu/"
 		to="https://www.usc.edu/" />
 
-	<!--	- Cert only matches //dornsife.
-		- Redirects as so
-				-->
-	<rule from="^https?://(?:www\.)?dornsife\.usc\.edu/"
+	<rule from="^http://www\.dornsife\.usc\.edu/"
 		to="https://dornsife.usc.edu/" />
 
-	<!--	www.news doesn't exist.	-->
-	<rule from="^http://(news|vsoeapp1\.vsoe)\.usc\.edu/"
-		to="https://$1.usc.edu/" />
+	<!--	Redirect drops path, args, and forward slash:
+								-->
+	<rule from="^http://service\.marshall\.usc\.edu/.*"
+		to="https://uscmarshall.service-now.com/" />
+
+		<test url="http://service.marshall.usc.edu//index.aspx" />
+
+	<rule from="^http://mypassword\.provost\.usc\.edu:9251/"
+		to="https://mypassword.provost.usc.edu:9251/" />
+
+		<test url="http://mypassword.provost.usc.edu:9251/" />
+
+	<rule from="^http://policies\.usc\.edu/"
+		to="https://policy.usc.edu/" />
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/University-of-Strasbourg.xml b/src/chrome/content/rules/University-of-Strasbourg.xml
index 30016bca0b3c..9b8f01009d37 100644
--- a/src/chrome/content/rules/University-of-Strasbourg.xml
+++ b/src/chrome/content/rules/University-of-Strasbourg.xml
@@ -1,26 +1,128 @@
 <!--
+	For rules causing false/broken MCB, see UniStra.fr-falsemixed.xml.
+
+
 	Nonfunctional:
 
+		- unistra.fr subdomains:
+
+			- icube-publis ¹
+			- icube-sysinfo ²
+			- icube-web ³
+			- med ⁴
+
+		- udsmed.u-strasbg.fr ⁴
 		- newlsiit.u-strasbg.fr
 
+	¹ Redirects to icube-intranet, valid cert
+	² Shows icube-intranet; mismatched, CN: icube-intranet.unistra.fr
+	³ Shows icube-intranet, valid cert
+	⁴ Dropped
+
+
+	Problematic domains:
+
+		- unistra.fr subdomains:
+
+			- ^ ¹
+			- engees ²
+			- lsiit-cnrs ³
+			- www.physique-ingenierie ⁴
+			- typodun ²
+
+		- icube-intranet.u-strasbg.fr ⁵
+		- typodun30.u-strasbg.fr ¹
+
+	¹ Cert only matches *.unistra.fr
+	² Mixed css from $self
+	³ Self-signed, CN: newlsiit
+	⁵ 400; mismatched, CN: icube-intranet.unistra.fr
+	⁴ Cert only matches *.unistra.fr, ^ redirects to www
+
+
+	Partially covered subdomains:
+
+		- (www.) *	(^ → www)
+		- engees *
+		- typodun *
+
+
+	* Avoiding mixed css from $self
+
+
+	Fully covered domains:
+
+		- unistra.fr subdomains:
+
+			- agenda
+			- alumni
+			- guide-etudiant
+			- icube
+			- icube-intranet
+			- inscriptions
+			- lsiit-cnrs		(→ icube)
+			- mathinfo
+			- physique-ingenierie
+			- reseau-alumni
+			- services-numeriques
+			- typodun2012
+
+		- icube-intranet.u-strasbg.fr	(-> icube-intranet.unistra.fr)
+		- typodun30.u-strasbg.fr	(→ typodun2012.unistra.fr)
+
+
+	Mixed content:
+
+		- css, on:
+
+			- www.physique-ingenierie and www from www *
+			- www.physique-ingenierie from fonts.googleapis.com *
+
+		- Images, on:
+
+			- reseau-alumni from typodun30.u-strasbg.fr *
+			- www from $self *
+
+	* Secured by us
+
 -->
-<ruleset name="University of Strasbourg (partial)" platform="mixedcontent">
+<ruleset name="University of Strasbourg (partial)">
 
 	<target host="unistra.fr" />
 	<target host="*.unistra.fr" />
+		<!--
+			Avoid false/broken MCB:
+						-->
+		<exclusion pattern="^http://engees\.unistra\.fr/+(?!favicon\.ico|site/(?:favicon\.ico|fileadmin/|typo3temp/|uploads/))" />
+		<exclusion pattern="^http://typodun\.unistra\.fr/+(?!fileadmin/|typo3conf/)" />
+		<exclusion pattern="^http://www\.unistra\.fr/+plans(?!/commun/|styles/)" />
+	<target host="*.u-strasbg.fr" />
 
 
-	<!--	Observed cookies:
-
-			- lsiit-cnrs
-				- PHPSESSID
-			- www
-				- fe_typo_user
+	<!--	Not secured by server:
 					-->
-	<securecookie host="^www.unistra.fr$" name=".*" />
+	<!--securecookie host="^(alumni|engees|guide-etudiant|icube|inscriptions|mathinfo|services-numeriques|typodun|typodun2012|www)\.unistra\.fr$" name="^fe_typo_user$" /-->
+	<!--securecookie host="^reseau-alumni\.unistra\.fr$" name="^unistra_alumni(_user_referer)?$" /-->
+	<!--securecookie host="^www\.unistra\.fr$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^(?:guide-etudiant|icube|inscriptions|mathinfo|reseau-alumni|services-numeriques|typodun2012|www)\.unistra\.fr$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?unistra\.fr/"
+		to="https://www.unistra.fr/" />
+
+	<rule from="^http://(agenda|alumni|engees|guide-etudiant|icube|icube-intranet|inscriptions|mathinfo|physique-ingenierie|reseau-alumni|services-numeriques)\.unistra\.fr/"
+		to="https://$1.unistra.fr/" />
+
+	<!--	Redirect keeps path and args:
+						-->
+	<rule from="^http://lsiit-cnrs\.unistra\.fr/+"
+		to="https://icube.unistra.fr/" />
 
+	<rule from="^http://icube-intranet\.u-strasbg\.fr/"
+		to="https://icube-intranet.unistra.fr/" />
 
-	<rule from="^http://(lsiit-cnrs\.|www\.)?unistra\.fr/"
-		to="https://$1unistra.fr/" />
+	<rule from="^http://typodun30\.u-strasbg\.fr/"
+		to="https://typodun2012.unistra.fr/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/University-of-Strathclyde.xml b/src/chrome/content/rules/University-of-Strathclyde.xml
index 11f2e07103b2..25755f3ed196 100644
--- a/src/chrome/content/rules/University-of-Strathclyde.xml
+++ b/src/chrome/content/rules/University-of-Strathclyde.xml
@@ -1,8 +1,37 @@
+<!--
+	Problematic hosts in *.strath.ac.uk:
+
+		- aimarem.eee.strath.ac.uk
+		- lists.strath.ac.uk
+		- moss.strath.ac.uk
+
+	https://cis.strath.ac.uk has certificate valid only
+	for www.cis.strath.ac.uk
+	http://cis.strath.ac.uk redirects to https://www.cis.strath.ac.uk
+-->
+
 <ruleset name="University of Strathclyde (partial)">
 
+	<target host="ben.mis.strath.ac.uk"/>
+	<target host="but.mis.strath.ac.uk"/>
+	<target host="cis.strath.ac.uk"/>
+	<target host="classes.myplace.strath.ac.uk"/>
+	<target host="ewds.strath.ac.uk"/>
+	<target host="pegasus.strath.ac.uk"/>
+	<target host="personal.cis.strath.ac.uk"/>
+	<target host="phys.strath.ac.uk"/>
+	<target host="pols.phys.strath.ac.uk"/>
+	<target host="pureportal.strath.ac.uk"/>
+	<target host="pure.strath.ac.uk"/>
+	<target host="servicecatalogue.strath.ac.uk"/>
+	<target host="status.strath.ac.uk"/>
+	<target host="teledir.strath.ac.uk"/>
+	<target host="www.cis.strath.ac.uk"/>
 	<target host="www.strath.ac.uk"/>
 
-	<rule from="^http://www\.strath\.ac\.uk/"
-		to="https://www.strath.ac.uk/"/>
+	<rule from="^http://cis\.strath\.ac\.uk/"
+		to="https://www.cis.strath.ac.uk/" />
+
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/University-of-Stuttgart-self-signed.xml b/src/chrome/content/rules/University-of-Stuttgart-self-signed.xml
deleted file mode 100644
index 47b7f9982f73..000000000000
--- a/src/chrome/content/rules/University-of-Stuttgart-self-signed.xml
+++ /dev/null
@@ -1,39 +0,0 @@
-<!--
-	For rules that are on by default, see University-of-Stuttgart.xml.
-
--->
-<ruleset name="University of Stuttgart (self-signed)" default_off="self-signed">
-
-	<target host="fex.rus.uni-stuttgart.de" />
-	<target host="icp.uni-stuttgart.de" />
-	<target host="www.icp.uni-stuttgart.de" />
-	<target host="mbox.uni-stuttgart.de" />
-	<target host="www-print.rus.uni-stuttgart.de" />
-	<target host="www.stud.uni-stuttgart.de" />
-
-
-	<securecookie host="^www\.icp\.uni-stuttgart\.de$" name=".*" />
-
-
-	<!--	This is what the server does over http.
-		Over https, it redirects to src/,
-		which probably isn't what's intended.
-			Don't mess with it if it's
-		already pointing to https though,
-		as that probably would be intended.	-->
-	<rule from="^http://(?:www\.)?icp\.uni-stuttgart\.de/$"
-		to="https://www.icp.uni-stuttgart.de/~icp/" />
-
-	<rule from="^http://(?:www\.)?icp\.uni-stuttgart\.de/"
-		to="https://www.icp.uni-stuttgart.de/" />
-
-	<rule from="^http://(mobox|fex\.rus)\.uni-stuttgart\.de/"
-		to="https://$1.uni-stuttgart.de/" />
-
-	<!--	- ^stud times out
-		- At least some pages 302 to http
-					-->
-	<rule from="^http://www\.stud\.uni-stuttgart\.de/(css|img)/"
-		to="https://www.stud.uni-stuttgart.de/$1/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/University-of-Stuttgart.xml b/src/chrome/content/rules/University-of-Stuttgart.xml
deleted file mode 100644
index f69f86843a20..000000000000
--- a/src/chrome/content/rules/University-of-Stuttgart.xml
+++ /dev/null
@@ -1,30 +0,0 @@
-<!--
-	For problematic rules, see University-of-Stuttgart-self-signed.xml.
-
--->
-<ruleset name="University of Stuttgart (partial)">
-
-	<target host="uni-stuttgart.de" />
-	<target host="*.uni-stuttgart.de" />
-	<target host="www.rus.uni-stuttgart.de" />
-
-
-	<!--	Cookie set by piwik.	-->
-	<securecookie host="^\.uni-stuttgart\.de$" name="^BALANCEID$" />
-
-
-	<rule from="^http://(cert\.)?uni-stuttgart\.de/"
-		to="https://$1uni-stuttgart.de/" />
-
-	<!--	Many paths redirect to http.	-->
-	<rule from="^http://www\.uni-stuttgart\.de/(favicon\.ico|piwik/|res/)"
-		to="https://www.uni-stuttgart.de/$1" />
-
-	<!--	- ^rus presents self-signed cert
-		- ^rus times out over http
-		- At least some pages 302 to http
-						-->
-	<rule from="^http://www\.rus\.uni-stuttgart\.de/(css|img)/"
-		to="https://www.rus.uni-stuttgart.de/$1/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/University-of-Texas-Southwestern-Medical-Center.xml b/src/chrome/content/rules/University-of-Texas-Southwestern-Medical-Center.xml
index cd2b173a6296..a01bf1935771 100644
--- a/src/chrome/content/rules/University-of-Texas-Southwestern-Medical-Center.xml
+++ b/src/chrome/content/rules/University-of-Texas-Southwestern-Medical-Center.xml
@@ -21,7 +21,7 @@
 	<!--	- 301s like so
 		- Paths are dropped
 					-->
-	<rule from="^https?://(?:www\.)?utsouthwestern\.edu/intranet(?:$|/.*)"
+	<rule from="^http://(?:www\.)?utsouthwestern\.edu/intranet(?:$|/.*)"
 		to="https://myutsouthwestern.swmed.edu/" />
 
 	<rule from="^http://(mutagenetix|www4)\.utsouthwestern\.edu/"
diff --git a/src/chrome/content/rules/University-of-Texas-System.xml b/src/chrome/content/rules/University-of-Texas-System.xml
index e915723dd1ac..b584db987694 100644
--- a/src/chrome/content/rules/University-of-Texas-System.xml
+++ b/src/chrome/content/rules/University-of-Texas-System.xml
@@ -1,13 +1,22 @@
-<ruleset name="University of Texas System">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://data.utsystem.edu/ => https://data.utsystem.edu/: (7, 'Failed to connect to data.utsystem.edu port 443: Connection refused')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://utsystem.edu/ => https://utsystem.edu/: (51, "SSL: no alternative certificate subject name matches target host name 'utsystem.edu'")
+-->
+<ruleset name="University of Texas System" default_off="failed ruleset test">
 
 	<target host="utsystem.edu" />
-	<target host="*.utsystem.edu" />
+	<target host="data.utsystem.edu" />
+	<target host="outlook.utsystem.edu" />
+	<target host="www.utsystem.edu" />
 
 
-	<securecookie host="^(?:.*\.)?utsystem\.edu$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(data\.|outlook\.|www\.)?utsystem\.edu/"
-		to="https://$1utsystem.edu/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/University-of-Texas-at-Austin-mismatches.xml b/src/chrome/content/rules/University-of-Texas-at-Austin-mismatches.xml
index cf8f611a156e..ae36ef6084c1 100644
--- a/src/chrome/content/rules/University-of-Texas-at-Austin-mismatches.xml
+++ b/src/chrome/content/rules/University-of-Texas-at-Austin-mismatches.xml
@@ -4,18 +4,14 @@
 -->
 <ruleset name="University of Texas at Austin (mismatches)" default_off="mismatch, self-signed">
 
-	<target host="*.as.utexas.edu" />
+	<target host="affirmed.as.utexas.edu" />
+	<target host="www.as.utexas.edu" />
 	<target host="www.cpge.utexas.edu" />
-	<target host="www.tacc.utexas.edu" />
 
 
-	<securecookie host="^.*\.tacc\.utexas\.edu$" name=".*" />
-
-
-	<rule from="^https?://(?:affirmed|www)\.as\.utexas\.edu/"
+	<rule from="^http://(?:affirmed|www)\.as\.utexas\.edu/"
 		to="https://affirmed.as.utexas.edu/" />
 
-	<rule from="^http://www\.(cpge|tacc)\.utexas\.edu/"
-		to="https://www.$1.utexas.edu/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/University-of-Texas-at-Austin.xml b/src/chrome/content/rules/University-of-Texas-at-Austin.xml
index 56fad8611ec6..71650182d6a5 100644
--- a/src/chrome/content/rules/University-of-Texas-at-Austin.xml
+++ b/src/chrome/content/rules/University-of-Texas-at-Austin.xml
@@ -21,6 +21,7 @@
 		- www.geo ***
 		- he			(prints "It works!")
 		- www.hrc
+		- wiki.lib ⁶
 		- nees
 		- ssc **
 		- synergyx.tacc
@@ -32,11 +33,11 @@
 	* Shows affirmed.as
 	** Times out
 	*** Interrupted
+	⁶ Refused
 
 
 	Problematic subdomains:
 
-		- ^ 
 		- www.advertising	(broken redirect to ^advertising)
 		- affirmed.as *
 		- www.affirmed **
@@ -44,12 +45,13 @@
 		- directory
 		- jsg **
 		- (www.)la **
+		- lib ⁴
 		- ma
 		- (www.)music **
-		- www.tacc **
 
 	* Self-signed
 	** Mismatch
+	⁴ Cert only matches www.foo
 
 
 	Partially covered subdomains:
@@ -89,28 +91,42 @@
 		- cbth.ig
 		- www.ig
 		- www.ischool
+
 		- fc.its
 		- help.its
 		- idmanager.its
+		- utlogin-api.its
+		- utlogin-core.its
+		- wc-ops-p01.its
+
 		- apps.jsg
 		- edger.jsg
 		- knightcenter
 		- sites.la
 		- (www.)laits
 		- (www.)landmarks
-		- (www.)lib
+
+		- (www.)lib	(^ → www)
 		- catalog.lib
 		- dev.lib
 		- metalib.lib
 		- repositories.lib
+
+		- login
 		- m
 		- mail
 		- www.mccombs
 		- registrar
 		- www.ph
 		- rtf
+		- security
 		- (www.)soa
+
+		- (www.)tacc
+		- m.tacc
 		- portal.tacc
+		- team.tacc
+
 		- techstaff
 		- utdirect
 		- utmail
@@ -118,6 +134,13 @@
 		- webmail
 		- webspace
 		- wikis
+		- auth.www
+
+
+	These altnames don't exist:
+
+		- wc-ops-p02.its.utexas.edu
+		- senf.security.utexas.edu
 
 
 	Wildcard cookies:
@@ -149,18 +172,18 @@
 	<target host="*.utexas.edu" />
 
 
-	<securecookie host="^.*\.utexas\.edu$" name=".*" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^idmanager\.its\.utexas\.edu$" name="^ut_persist$" /-->
+	<!--securecookie host="^\.lib\.utexas\.edu$" name="^(III_EXPT_FILE|III_SESSION_ID|SESSION_LANGUAGE)$" /-->
+	<!--securecookie host="^catalog\.lib\.utexas\.edu$" name="^SESSION_SCOPE$" /-->
+	<!--securecookie host="^utdirect\.utexas\.edu$" name="^NSC_\w+_443$" /-->
 
+	<securecookie host="^.*\.utexas\.edu$" name=".+" />
 
-	<!--	It appears that HTTPS connections cannot be established to
-		https://utexas.edu/ as of June 1, 2011, so redirect
-		https://utexas.edu/ to https://www.utexas.edu/
-				-->
-	<rule from="^https?://(?:www\.)?utexas\.edu/"
-		to="https://www.utexas.edu/" />
 
-	<rule from="^http://((?:autodiscover|wmail|ww4)\.austin|(?:www\.)?(?:biosci|che|cm|cs|edb|energy|engr|finearts|ig|ischool|laits|landmarks|mccombs|ph|soa)|blogs|(?:advisorycouncil|elements|vhost)\.cns|courses|steelresearch\.geo|giving|ideas|\w+\.ig|\w+\.its|(?:apps|edger)\.jsg|knightcenter|sites\.la|\w+\.lib|m|mail|registrar|rtf|smartvoice|portal\.tacc|techstaff|utdirect|utmail|get\.utmail|webmail|webspace|wikis)\.utexas\.edu/"
-		to="https://$1.utexas.edu/" />
+	<rule from="^http://((?:(?:autodiscover|wmail|ww4)\.austin|(?:www\.)?(?:biosci|che|cm|cs|edb|energy|engr|finearts|ig|ischool|laits|landmarks|mccombs|ph|soa)|blogs|(?:advisorycouncil|elements|vhost)\.cns|courses|steelresearch\.geo|giving|ideas|\w+\.ig|[\w-]+\.its|(?:apps|edger)\.jsg|knightcenter|sites\.la|\w+\.lib|login|m|mail|registrar|rtf|security|smartvoice|(?:(?:m|portal|team|www)\.)?tacc|techstaff|utdirect|utmail|get\.utmail|webmail|webspace|wikis|www|auth\.www)\.)?utexas\.edu/"
+		to="https://$1utexas.edu/" />
 
 	<rule from="^http://(?:www\.)?advertising\.utexas\.edu/(modul|sit)es/"
 		to="https://advertising.utexas.edu/$1es/" />
@@ -168,16 +191,19 @@
 	<rule from="^http://(www\.)?(bealonghorn|commstudies|communication|csd|journalism)\.utexas\.edu/(modul|sit)es/"
 		to="https://$1$2.utexas.edu/$3es/" />
 
-	<rule from="^https?://directory\.utexas\.edu/(?:.*)"
+	<rule from="^http://directory\.utexas\.edu/(?:.*)"
 		to="https://www.utexas.edu/directory/" />
 
-	<rule from="^https?://(?:www\.)?la\.utexas\.edu/(?:.*)"
+	<rule from="^http://(?:www\.)?la\.utexas\.edu/(?:.*)"
 		to="https://www.utexas.edu/cola" />
 
-	<rule from="^https?://(?:www\.)?(jsg|ma)\.utexas\.edu/"
+	<rule from="^http://lib\.utexas\.edu/"
+		to="https://www.lib.utexas.edu/" />
+
+	<rule from="^http://(?:www\.)?(jsg|ma)\.utexas\.edu/"
 		to="https://www.$1.utexas.edu/" />
 
-	<rule from="^https?://(?:www\.)?music\.utexas\.edu/"
+	<rule from="^http://(?:www\.)?music\.utexas\.edu/"
 		to="https://ww4.austin.utexas.edu/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/University-of-Texas-at-Dallas.xml b/src/chrome/content/rules/University-of-Texas-at-Dallas.xml
index bb3d48cd8237..d6c33dfe3587 100644
--- a/src/chrome/content/rules/University-of-Texas-at-Dallas.xml
+++ b/src/chrome/content/rules/University-of-Texas-at-Dallas.xml
@@ -1,6 +1,128 @@
-<ruleset name="University of Texas at Dallas">
+<!--
+	For problematic rules, see UT_Dallas.edu-problematic.xml.
+
+
+	Problematic subdomains:
+
+		- catalog ¹
+		- elearningtest ²
+		- honors ¹
+		- sacscoc ¹
+
+	¹ Works; mismatched, CN: provost.utdallas.edu
+	² Works; mismatched, CN: *.blackboard.com; redirects to https without us
+
+
+	Fully covered subdomains:
+
+		- (www.)		(^ → www)
+		- autodiscover
+		- coursebook
+		- dali
+		- dox
+		- eforms
+		- elearning
+		- elearningpilot
+		- elearningstaging
+		- elearningtest
+		- eval
+		- galaxy
+		- go
+		- goto
+		- input
+		- oue
+		- pages
+		- policy
+		- provost
+		- ptg
+		- qep
+		- rodin
+		- sacs
+		- sacscoc		(→ sacs)
+		- sis-portal-prod
+		- v
+		- webmail
+
+
+	These altnames don't exist:
+
+		- exchange.utdallas.edu
+
+
+	Mixed content:
+
+		- css on pages and provost from provost ¹
+
+		- Images, on:
+
+			- catalog from provost ²
+			- coursebook from provost ²
+			- elearning and elearningpilot from www ²
+			- honors from provost ²
+			- oue from provost ²
+			- sacs and sacscoc from pages ²
+
+		- favicon on coursebook from provost ²
+
+	¹ Secured by us, just custom fonts.
+	² Secured by us
+
+-->
+<ruleset name="University of Texas at Dallas (partial)">
 	<target host="utdallas.edu" />
 	<target host="www.utdallas.edu" />
+	<target host="autodiscover.utdallas.edu" />
+	<target host="coursebook.utdallas.edu" />
+	<target host="dali.utdallas.edu" />
+	<target host="dox.utdallas.edu" />
+	<target host="eforms.utdallas.edu" />
+	<target host="elearning.utdallas.edu" />
+	<target host="elearningpilot.utdallas.edu" />
+	<target host="elearningstaging.utdallas.edu" />
+	<target host="elearningtest.utdallas.edu" />
+	<target host="eval.utdallas.edu" />
+	<target host="galaxy.utdallas.edu" />
+	<target host="go.utdallas.edu" />
+	<target host="goto.utdallas.edu" />
+	<target host="input.utdallas.edu" />
+	<target host="oue.utdallas.edu" />
+	<target host="pages.utdallas.edu" />
+	<target host="policy.utdallas.edu" />
+	<target host="provost.utdallas.edu" />
+	<target host="ptg.utdallas.edu" />
+	<target host="qep.utdallas.edu" />
+	<target host="rodin.utdallas.edu" />
+	<target host="sis-portal-prod.utdallas.edu" />
+	<target host="v.utdallas.edu" />
+	<target host="webmail.utdallas.edu" />
+	<target host="sacs.utdallas.edu" />
+	<target host="sacscoc.utdallas.edu" />
 
+
+	<!--	Secured by server:
+					-->
+	<!--securecookie host="^\.utdallas\.edu$" name="^(ExpirePage|PS_LOGINLIST|PS_TOKEN|PS_TOKENEXPIRE|SignOnDefault)$" /-->
+	<!--securecookie host="^elearning(pilot|staging|test)?\.utdallas\.edu$" name="^(JSESSIONID|s_session_id)$" /-->
+	<!--securecookie host="^elearningtest\.utdallas\.edu$" name="^web_client_cache_guid$" /-->
+	<!--
+		Not secured by server:
+						-->
+	<!--securecookie host="^(www\.)?utdallas\.edu$" name="^(BIGipServerUTD_Prd_main_web_server_pool_443|UTDPHPSESSID)$" /-->
+	<!--securecookie host="^\.utdallas\.edu$" name="^(PTGSESSID|utdpraw-\d+-PORTAL-PSJSESSIONID)$" /-->
+	<!--securecookie host="^(autodiscover|webmail)\.utdallas\.edu$" name="^cookieTest$" /-->
+	<!--securecookie host="^elearning(pilot|staging)?\.utdallas\.edu$" name="^(NSC_\d+_\w+_(\d\.){4}\w+|session_id)$" /-->
+	<!--securecookie host="^elearningtest\.utdallas\.edu$" name="^session_id$" /-->
+	<!--securecookie host="^sis-portal-prod\.utdallas\.edu$" name="^BIGipServerpl_sisepprd-utd_SSL$" /-->
+
+	<securecookie host="^(?:(?:autodiscover|elearning(?:pilot|staging|test)?|sis-portal-prod|webmail|www)\.)?utdallas\.edu$" name=".+" />
+
+
+	<!--	^ redirects to www over http, so copy that behavior:
+									-->
 	<rule from="^http://(?:www\.)?utdallas\.edu/" to="https://www.utdallas.edu/" />
-</ruleset>
\ No newline at end of file
+
+
+	<rule from="^http://sacs(?:coc)?\.utdallas\.edu/"
+		to="https://sacs.utdallas.edu/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/University-of-Utah.xml b/src/chrome/content/rules/University-of-Utah.xml
index 06012048627e..f6e3e08968fc 100644
--- a/src/chrome/content/rules/University-of-Utah.xml
+++ b/src/chrome/content/rules/University-of-Utah.xml
@@ -1,4 +1,15 @@
-<!--	!functional:
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www-misc.chpc.utah.edu/ => https://www-misc.chpc.utah.edu/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://gradschool.utah.edu/ => https://gradschool.utah.edu/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.gradschool.utah.edu/ => https://www.gradschool.utah.edu/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	University of Utah
+
+
+	Nonfunctional hosts in *utah.edu:
+
 		- (www.)
 		- (www.)admissions
 		- (www.)bannerserve
@@ -7,6 +18,7 @@
 		- (www.)campusrec
 		- (www.)careers
 		- (www.)commuterservices
+		- (www.)?csbs		(Refused)
 		- (www.)diversity
 		- (www.)employment
 		- (www.)events	(ssl_error_rx_record_too_long)
@@ -25,49 +37,55 @@
 		- (www.)ucard	(ssl_error_rx_record_too_long)
 		- umail		(prompts for pw)
 		- (www.)unews
+
+
+	Problematic domains:
+
+		- (www.)?dailyutahchronicle.com ¹
+
+		- in *utah.edu:
+
+			- muss.alumni ²
+
+	¹ Self-signed
+	² Expired
+
 -->
-<ruleset name="University of Utah (partial)" platform="mixedcontent">
+<ruleset name="Utah.edu (partial)" default_off="failed ruleset test">
 
-	<target host="dailyutahchronicle.com"/>
-	<target host="www.dailyutahchronicle.com"/>
-	<target host="uofulaw.org"/>
-	<target host="www.uofulaw.org"/>
+	<!--	Direct rewrites:
+				-->
 	<target host="fbs.admin.utah.edu"/>
-	<target host="alumni.utah.edu"/>
-	<target host="muss.alumni.utah.edu"/>
+	<!--target host="muss.alumni.utah.edu"/-->
 	<target host="www.alumni.utah.edu"/>
-	<target host="cs.utah.edu"/>
+	<target host="www-misc.chpc.utah.edu"/>
+	<target host="embed.cs.utah.edu" />
 	<target host="www.cs.utah.edu"/>
-	<target host="csbs.utah.edu"/>
 	<target host="support.csbs.utah.edu"/>
-	<target host="www.csbs.utah.edu"/>
+
+	<target host="ftp.flux.utah.edu" />
+	<target host="web.flux.utah.edu" />
+	<target host="www.flux.utah.edu" />
+
 	<target host="go.utah.edu"/>
 	<target host="gradschool.utah.edu"/>
 	<target host="www.gradschool.utah.edu"/>
-	<target host="law.utah.edu"/>
-	<target host="www.law.utah.edu"/>
 	<target host="www.umail.utah.edu"/>
 	<target host="unid.utah.edu"/>
 
+	<!--	Complications:
+				-->
+	<target host="alumni.utah.edu"/>
+	<target host="cs.utah.edu"/>
 
-	<securecookie host="^(.*\.)?dailyutahchronicle\.com$" name=".*"/>
-	<securecookie host="^(.*\.)?utah\.edu$" name=".*"/>
-
-
-	<rule from="^http://(www\.)?dailyutahchronicle\.com/"
-		to="https://$1dailyutahchronicle.com/"/>
 
-	<rule from="^http://(www\.)?uofulaw\.org/"
-		to="https://$1uofulaw.org/"/>
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(fbs\.admin|muss\.alumni|www-misc\.chpc|(www\.)?csbs|go|(www\.)?gradschool|www\.umail|unid)\.utah\.edu/"
-		to="https://$1.utah.edu/"/>
 
-	<rule from="^http://(?:www\.)?(cs|alumni)\.utah\.edu/"
+	<rule from="^http://(cs|alumni)\.utah\.edu/"
 		to="https://www.$1.utah.edu/"/>
 
-	<!--	presents uofulaw.org cert	-->
-	<rule from="^http://(?:www\.)?law\.utah\.edu/"
-		to="https://uofulaw.org/"/>
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/University-of-Virginia.xml b/src/chrome/content/rules/University-of-Virginia.xml
index 65917a12ccf6..7d7c408d1411 100644
--- a/src/chrome/content/rules/University-of-Virginia.xml
+++ b/src/chrome/content/rules/University-of-Virginia.xml
@@ -1,15 +1,111 @@
 <!--
 	Nonfunctional subdomains:
 
+		- (www.) ¹
+		- calendar ²
+		- (www.)cpe ³
 		- curry		(.* redirects to http.../$, valid cert)
+		- (www.)homedir ³
+		- cti.itc ⁵
+		- its ⁶
+		- www.people ⁷
+		- (www.)seas ⁸
+
+	¹ "You have reached the SSL server"
+	² Redirects to netbadge
+	³ 404
+	⁵ Dropped
+	⁶ Shows www.its
+	⁷ Redirects to admin.people
+	⁸ 403
+
+
+	Problematic subdomains:
+
+		- itc *
+
+	* Cert only matches *.itc
+
+
+	Partially covered subdomains:
+
+		- its *
+
+	* home.php 404s when rewritten to www.its, other pages untested
+
+
+	Fully covered subdomains:
+
+		- sisuva.admin
+		- www.cs
+		- mail.eservices
+		- gwis
+		- (www.)itc	(^ → www)
+		- collab.itc
+		- eventcal.itc
+		- www.its
+		- lists
+		- www.mail
+		- netbadge
+		- news
+		- admin.people
+		- rabi.phys
+		- standard.pki
+		- uvaemergency
+
+
+	Insecure cookies are set for these domains:
+
+		- .admin
+		- sisuva.admin
+		- collab.itc
+
+
+	Mixed content:
+
+		- css on uvaemergency from fast.fonts.net *
+
+	* Secured by us
 
 -->
-<ruleset name="University of Virginia" default_off="expired">
+<ruleset name="University of Virginia (partial)">
+
+	<target host="sisuva.admin.virginia.edu" />
+	<target host="www.cs.virginia.edu" />
+	<target host="mail.eservices.virginia.edu" />
+	<target host="gwis.virginia.edu" />
+	<target host="collab.itc.virginia.edu" />
+	<target host="eventcal.itc.virginia.edu" />
+	<target host="www.its.virginia.edu" />
+	<target host="lists.virginia.edu" />
+	<target host="www.mail.virginia.edu" />
+	<target host="netbadge.virginia.edu" />
+	<target host="news.virginia.edu" />
+	<target host="admin.people.virginia.edu" />
+	<target host="rabi.phys.virginia.edu" />
+	<target host="standard.pki.virginia.edu" />
+	<target host="uvaemergency.virginia.edu" />
+	<target host="itc.virginia.edu" />
+	<target host="www.itc.virginia.edu" />
+	<target host="its.virginia.edu" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="\.admin\.virginia\.edu$" name="^sisuva-PORTAL-PSJSESSIONID$" /-->
+	<!--securecookie host="^sisuva\.admin\.virginia\.edu$" name="^BIGipServer~SIS~SIS(-\d+){3}$" /-->
+	<!--securecookie host="^collab\.itc\.virginia\.edu$" name="^BIGipServercollab-pool$" /-->
+
+	<securecookie host="^(?:sisuva\.admin|collab\.itc)\.virginia\.edu$" name=".+" />
+
 
-	<target host="cti.itc.virginia.edu" />
+	<rule from="^http://(sisuva\.admin|www\.cs|mail\.eservices|gwis|(?:collab|eventcal)\.itc|www\.its|lists|www\.mail|netbadge|news|admin\.people|rabi\.phys|standard\.pki|uvaemergency)\.virginia\.edu/"
+		to="https://$1.virginia.edu/" />
 
+	<rule from="^http://(?:www\.)?itc\.virginia\.edu/"
+		to="https://www.itc.virginia.edu/" />
 
-	<rule from="^http://cti\.itc\.virginia\.edu/"
-		to="https://cti.itc.virginia.edu/" />
+	<rule from="^http://its\.virginia\.edu/(?=css/|images/)"
+		to="https://www.its.virginia.edu/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/University-of-Washington-self-signed.xml b/src/chrome/content/rules/University-of-Washington-self-signed.xml
deleted file mode 100644
index e1a3aed90c4d..000000000000
--- a/src/chrome/content/rules/University-of-Washington-self-signed.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<!--
-	For rules that are on by default, see University-of-Washington.xml
-
--->
-<ruleset name="University of Washington (self-signed)" default_off="self-signed">
-
-	<target host="seclab.cs.washington.edu" />
-
-
-	<rule from="^http://seclab\.cs\.washington\.edu/"
-		to="https://seclab.cs.washington.edu/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/University-of-Washington.xml b/src/chrome/content/rules/University-of-Washington.xml
index 3aa4b1ac02fb..f160307d647d 100644
--- a/src/chrome/content/rules/University-of-Washington.xml
+++ b/src/chrome/content/rules/University-of-Washington.xml
@@ -1,61 +1,222 @@
 <!--
-	For problematic rules, see University-of-Washington-self-signed.xml.
+	University of Washington
 
+	Other University of Washington rulesets:
 
-	Nonfunctional:
+		- UW.edu.xml
+		- UWB.edu.xml
 
-		- (www.)uwb.edu			(reset)
-		- psc.apl.washington.edu
-		- oneswarm.cs.washington.edu
-		- uwmedicine.washington.edu	(reset)
 
+	Nonfunctional hosts in *washington.edu:
 
-	Partially covered subdomains:
+		- psc.apl ʳ
+		- www.bookstore ᵈ
+		- bio.cs	( 200 "Unimplemented")
+		- oneswarm.cs ʳ
+		- exp ᵖ
+		- hsl		Redirects to weblogin.washington.edu
+		- uwmedicine ʰ
 
-		- digital.lib	(findingaids/view 404s)
+	ʳ Refused
+	ᵖ Shows default page
+	ᵈ Dropped
+	ʰ Handshake fails
 
 
-	Fully covered subdomains:
+	Problematic hosts in *washington.edu:
 
-		- sharemenot.cs
+		- carom.cac ᵘ
+		- careers ᵉ
+		- cs ᵐ
+		- dub ᶜ
+		- escience ʷ
+		- evans ᵐ
+		- www.evedegree ᵐ
+		- hfs *
+		- goglobal ᵐ
+		- cloud.ihme ᶜ
+		- jsis ᶜ
+		- www.jsis ᵐ
+		- law ᵐ
+		- guides.lib ᵐ
+		- (www.)?me ᶜ
+		- www.onlinelearning ᵐ
+		- www.summer ᵐ
+
+	ᵘ Untrusted root
+	ᵉ Expired
+	ᵐ Mismatched
+	ᶜ Missing certificate chain
+	ʷ WP Engine/redirects to http
+	* 404
+
+
+	Partially covered hosts in *washington.edu:
+
+		- digital.lib *
+
+	* Findingaids/view 404s
+
+
+	Mixed content:
+
+		- css, on:
+
+			- depts from $self *
+			- sampa.cs, sharemenot.cs, events, (www.)?lib, www.summer from fonts.googleapis.com *
+			- www from depts.washington.edu *
+
+		- Images, on:
+
+			- depts from honors.uw.edu
+			- depts, evans, grail from $self *
+			- depts, mhcid from www.washington.edu *
+			- (www.)?grad from depts.washington.edu *
+			- mhcid from www.richaven.com
+			- mhcid from evans.uw.edu *
+
+		- favicon on sampa.cs from www.cs.washington.edu *
+		- Bug on dub from c10.statcounter.com *
+
+	* Secured by us
 
 -->
-<ruleset name="University of Washington (partial)">
+<ruleset name="Washington.edu (partial)">
 
-	<target host="uw.edu" />
-	<!--	* for cross-subdomain cookie.	-->
-	<target host="*.tacoma.uw.edu" />
-	<target host="*.uw.edu" />
+	<!--	Direct rewrites:
+				-->
 	<target host="washington.edu" />
+	<target host="admit.washington.edu" />
+	<target host="spotseeker.cac.washington.edu" />
+	<target host="courses.washington.edu" />
+
+	<target host="dada.cs.washington.edu" />
+	<target host="djw.cs.washington.edu" />
+	<target host="grail.cs.washington.edu" />
+	<target host="homes.cs.washington.edu" />
+	<target host="idl.cs.washington.edu" />
+	<target host="news.cs.washington.edu" />
+	<target host="norfolk.cs.washington.edu" />
+	<target host="sampa.cs.washington.edu" />
+	<target host="seclab.cs.washington.edu" />
+	<target host="sharemenot.cs.washington.edu" />
+	<target host="syslab.cs.washington.edu" />
+	<target host="www.cs.washington.edu" />
+
+	<target host="dental.washington.edu" />
+	<target host="www.dental.washington.edu" />
+	<target host="depts.washington.edu" />
+	<target host="dub.washington.edu" />
+	<target host="www.ee.washington.edu" />
+	<target host="engr.washington.edu" />
+	<target host="www.engr.washington.edu" />
+	<target host="faculty.washington.edu" />
+	<target host="online.gifts.washington.edu" />
+	<target host="grad.washington.edu" />
+	<target host="www.grad.washington.edu" />
+	<target host="inside.hfs.washington.edu" />
+	<target host="www.hfs.washington.edu" />
 	<target host="cloud.ihme.washington.edu" />
+	<target host="lib.law.washington.edu" />
+	<target host="www.law.washington.edu" />
+	<target host="lib.washington.edu" />
+	<target host="digital.lib.washington.edu" />
 	<target host="www.lib.washington.edu" />
-	<target host="*.washington.edu" />
-		<!--
-			News pages redirect to http:
-						-->
-		<exclusion pattern="^http://(?:www\.)?washington\.edu/news/(?:\d{4}/(?:\d\d/(?:\d\d/(?:[\w-]+/)?)?)?)?(?:\?.*)?$" />
-		<!--
-			404:
+	<target host="m.washington.edu" />
+	<target host="me.washington.edu" />
+	<target host="www.me.washington.edu" />
+	<target host="mhcid.washington.edu" />
+	<target host="mobile.washington.edu" />
+	<target host="myuw.washington.edu" />
+	<target host="staff.washington.edu" />
+	<target host="studyabroad.washington.edu" />
+	<target host="weblogin.washington.edu" />
+	<target host="www.washington.edu" />
+
+	<!--	Complications:
 				-->
-		<exclusion pattern="^http://digital\.lib\.washington\.edu/findingaids/" />
+	<target host="cs.washington.edu" />
+	<target host="hfs.washington.edu" />
+	<target host="law.washington.edu" />
+
+		<!--	https://github.com/EFForg/https-everywhere/issues/3651
 
+			Broken MCB:
+					-->
+		<exclusion pattern="http://(?:www\.)?washington\.edu/home/siteinfo/form" />
 
-	<securecookie host="^cloud\.ihme\.washington\.edu$" name=".*" />
-	<securecookie host="^\.tacoma\.uw\.edu$" name=".*" />
+			<!--	+ve:
+					-->
+			<test url="http://washington.edu/home/siteinfo/form/" />
+			<test url="http://www.washington.edu/home/siteinfo/form/" />
 
+		<!--	Avoid broken MCB:
+					-->
+		<exclusion pattern="^http://depts.washington.edu/gpss/(?!sites/)" />
 
-	<rule from="^http://(blogs\.|www\.(?:tacoma\.)?)?uw\.edu/"
-		to="https://$1uw.edu/" />
+			<!--	+ve:
+					-->
+			<test url="http://depts.washington.edu/gpss/" />
+			<test url="http://depts.washington.edu/gpss/senate/officers" />
 
-	<!--	^tacoma: Cert only valid for www.tacoma.uw.edu.	-->
-	<rule from="^https?://tacoma\.uw\.edu/"
-		to="https://www.tacoma.uw.edu/" />
+			<!--	-ve:
+					-->
+			<test url="http://depts.washington.edu/gpss/sites/all/themes/gpss/uwprint.css" />
 
-	<rule from="^http://((?:courses|sharemenot\.cs|depts|faculty|cloud\.ihme|digital\.lib|myuw|staff|www(?:\.lib)?)\.)?washington\.edu/"
-		to="https://$1washington.edu/" />
+		<!--	404:
+				-->
+		<exclusion pattern="^http://digital\.lib\.washington\.edu/findingaids/" />
+
+			<!--	+ve:
+					-->
+			<test url="http://digital.lib.washington.edu/findingaids/" />
 
-	<!--	^lib: Cert is only valid for *.lib	-->
-	<rule from="^https?://lib\.washington\.edu/"
-		to="https://www.lib.washington.edu/" />
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.ee\.washington\.edu/index\.html" /-->
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="^http://www\.ee\.washington\.edu/+(?!favicon\.ico|images/|(?:about|class|faculty|people)(?:$|[?/]))" /-->
+		<!--
+			More generally:
+					-->
+		<exclusion pattern="^http://www\.ee\.washington\.edu/+(?![^/]+/|favicon\.ico)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.ee.washington.edu/index.html" />
+			<test url="http://www.ee.washington.edu/index.html?test" />
+			<test url="http://www.ee.washington.edu/legal.html" />
+			<test url="http://www.ee.washington.edu/legal.html?quota" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.ee.washington.edu/about/" />
+			<test url="http://www.ee.washington.edu/admissions/" />
+			<test url="http://www.ee.washington.edu/cgi-bin/research/colloquium/display.pl?id=257" />
+			<test url="http://www.ee.washington.edu/class/" />
+			<test url="http://www.ee.washington.edu/favicon.ico" />
+			<test url="http://www.ee.washington.edu/images/rebrand2010/ee_logo_name.gif" />
+			<test url="http://www.ee.washington.edu/news/" />
+			<test url="http://www.ee.washington.edu/people/" />
+			<test url="http://www.ee.washington.edu/people/faculty/index.html" />
+			<test url="http://www.ee.washington.edu/research/" />
+
+		<!--	Formerly redirected to http:
+							-->
+		<test url="http://www.washington.edu/news/2015/10/06/uw-climbs-to-no-11-in-u-s-news-global-university-rankings/" />
+		<test url="http://www.washington.edu/news/2015/10/15/affordable-camera-reveals-hidden-details-invisible-to-the-naked-eye/" />
+
+
+	<securecookie host="^\." name="^__qca$" />
+	<securecookie host="^(?!depts\.|www\.ee\.)\w" name=".+" />
+
+
+	<rule from="^http://(cs|hfs|law)\.washington\.edu/"
+		to="https://www.$1.washington.edu/" />
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/University-of-Waterloo.xml b/src/chrome/content/rules/University-of-Waterloo.xml
index f4a509355fae..6759f4445f9a 100644
--- a/src/chrome/content/rules/University-of-Waterloo.xml
+++ b/src/chrome/content/rules/University-of-Waterloo.xml
@@ -1,49 +1,56 @@
-<!--
-	Problematic subdomains:
-
-		- campaign	(refused)
-		- development	(refused)
-		- cecs		(shows info; mismatched, CN: uwaterloo.ca)
-		- info		(redirects to ^.../$, valid cert)
-
-
-	Partially covered subdomains:
 
-		- campaign	(→ ^)
-		- info		(→ ^)
-
-
-	Fully covered subdomains:
-
-		- (www.)
-		- cecs			(→ ^)
-		- cecspilot.cecssys
-		- (www.)cs
-		- csclub
-		- development		( → ^)
+<!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Fetch error: http://cecspilot.cecssys.uwaterloo.ca/ => https://cecspilot.cecssys.uwaterloo.ca/: (35, 'error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol')
+Fetch error: http://digital.library.uwaterloo.ca/ => https://digital.library.uwaterloo.ca/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://nexusmail.uwaterloo.ca/ => https://nexusmail.uwaterloo.ca/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.nexusmail.uwaterloo.ca/ => https://www.nexusmail.uwaterloo.ca/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://uwspace.uwaterloo.ca/ => https://uwspace.uwaterloo.ca/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	Different HTTP/HTTPS content:
+		development.uwaterloo.ca
+		info.uwaterloo.ca
+		library.uwaterloo.ca
+
+	Invalid certificate:
+		cacr.uwaterloo.ca
+		cecs.uwaterloo.ca
+		mirror.cs.uwaterloo.ca
+		hr.uwaterloo.ca
+		mirror.uwaterloo.ca
 
 -->
 <ruleset name="University of Waterloo (partial)">
-
 	<target host="uwaterloo.ca" />
-	<target host="*.uwaterloo.ca" />
-
-
-	<rule from="^http://((?:cecspilot\.cecssys|csclub|(?:www\.)?cs|www)\.)?uwaterloo\.ca/"
-		to="https://$1uwaterloo.ca/" />
-
-	<rule from="^http://campaign\.uwaterloo\.ca/(\?.*)?$"
-		to="https://uwaterloo.ca/support/$1" />
-
-	<!--	Server drops path:
-					-->
-	<rule from="^http://cecs\.uwaterloo\.ca/.*"
-		to="https://uwaterloo.ca/co-operative-education" />
-
-	<rule from="^http://development\.uwaterloo\.ca/[^\?]*(\?.*)?"
-		to="https://uwaterloo.ca/support/$1" />
-
-	<rule from="^http://info\.uwaterloo\.ca/(\?.*)?$"
-		to="https://uwaterloo.ca/central-stores/$1" />
-
+	<target host="www.uwaterloo.ca" />
+	<!-- target host="cecspilot.cecssys.uwaterloo.ca" /-->
+	<target host="www.civil.uwaterloo.ca" />
+	<target host="crysp.uwaterloo.ca" />
+	<target host="cs.uwaterloo.ca" />
+	<target host="www.cs.uwaterloo.ca" />
+	<target host="mirror.cs.uwaterloo.ca" />
+	<target host="csclub.uwaterloo.ca" />
+	<target host="mirror.csclub.uwaterloo.ca" />
+	<target host="bookings.lib.uwaterloo.ca" />
+	<target host="www.lib.uwaterloo.ca" />
+	<!-- target host="digital.library.uwaterloo.ca" /-->
+	<target host="mailservices.uwaterloo.ca" />
+	<target host="math.uwaterloo.ca" />
+	<target host="cemc.math.uwaterloo.ca" />
+	<target host="www.math.uwaterloo.ca" />
+		<!-- 404 with HTTPS -->
+		<exclusion pattern="^http://www.math.uwaterloo.ca/tsp/" />
+		  <test url="http://www.math.uwaterloo.ca/tsp/" />
+	<target host="mirror.uwaterloo.ca" />
+	<!-- target host="nexusmail.uwaterloo.ca" /-->
+	<!-- target host="www.nexusmail.uwaterloo.ca" /-->
+	<target host="www.reserves.uwaterloo.ca" />
+	<target host="ripple.uwaterloo.ca" />
+	<!-- target host="uwspace.uwaterloo.ca" /-->
+	<target host="wise.uwaterloo.ca" />
+
+	<rule from="^http://mirror\.uwaterloo\.ca/" to="https://mirror.csclub.uwaterloo.ca/" />
+	<rule from="^http://mirror\.cs\.uwaterloo\.ca/" to="https://mirror.csclub.uwaterloo.ca/" />
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/University-of-Western-Australia.xml b/src/chrome/content/rules/University-of-Western-Australia.xml
index 1161a86dff83..1ad390903f39 100644
--- a/src/chrome/content/rules/University-of-Western-Australia.xml
+++ b/src/chrome/content/rules/University-of-Western-Australia.xml
@@ -2,7 +2,7 @@
 	Nonfunctional subdomains:
 
 		- (www.)
-		- websites.psychology	(times out)	
+		- websites.psychology	(times out)
 		- www.news		(rx_record_too_long)
 
 
@@ -12,10 +12,9 @@
 	<target host="static.weboffice.uwa.edu.au" />
 
 
-	<securecookie host="^static\.weboffice\.uwa\.edu\.au$" name=".*" />
+	<securecookie host="^static\.weboffice\.uwa\.edu\.au$" name=".+" />
 
 
-	<rule from="^http://static\.weboffice\.uwa\.edu\.au/"
-		to="https://static.weboffice.uwa.edu.au/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/University-of-Wisconsin-Milwaukee.xml b/src/chrome/content/rules/University-of-Wisconsin-Milwaukee.xml
index 513b8084b3cd..6d1e8b9d19d9 100644
--- a/src/chrome/content/rules/University-of-Wisconsin-Milwaukee.xml
+++ b/src/chrome/content/rules/University-of-Wisconsin-Milwaukee.xml
@@ -1,15 +1,65 @@
-<ruleset name="University of Wisconsin–Milwaukee (partial)">
 
-	<target host="einstein.phys.uwm.edu" />
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cipr.uwm.edu/ => https://cipr.uwm.edu/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://innovwthrdev.uwm.edu/ => https://innovwthrdev.uwm.edu/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://roomscheduling.uwm.edu/ => https://roomscheduling.uwm.edu/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	Timeout:
+		bookstore.uwm.edu
+		access*.r2d2.uwm.edu
+
+	Refused:
+		www.cs.uwm.edu
+		collections.lib.uwm.edu
+		studentorgs.uwm.edu
+		entech-dev.cuir.uwm.edu
+		entech.cuir.uwm.edu
+		everyday.uwm.edu
+
+	Mismatch:
+		dc.uwm.edu
+		guides.library.uwm.edu
+		greatlakesgenomics.uwm.edu
+		www.r2d2.uwm.edu
+		photoarchive.uwm.edu
+		surface.chem.uwm.edu
+		d2l.uwm.edu
+
+	Self-Signed:
+		ccr-test.uits.uwm.edu
+		onemolecule.chem.uwm.edu
+		derecho.math.uwm.edu
+		home.freshwater.uwm.edu
+
+	Access-Restricted, unable to fully test:
+		web.sa.uwm.edu
+		apps.sa.uwm.edu
+		apps.uwm.edu
+		techmallshop.uwm.edu
+-->
+<ruleset name="University of Wisconsin–Milwaukee (partial)" default_off="failed ruleset test">
+
 	<target host="www.uwm.edu" />
+	<target host="uwm.edu" />
 	<target host="www4.uwm.edu" />
+	<target host="kb.uwm.edu" />
+	<target host="jobs.uwm.edu" />
+	<target host="cipr.uwm.edu" />
+	<target host="people.uwm.edu" />
+	<target host="paws.uwm.edu" />
+	<target host="oar.uwm.edu" />
+	<target host="pantherfile.uwm.edu" />
+	<target host="www4dev.uwm.edu" />
+	<target host="innovwthrdev.uwm.edu" />
+	<target host="roomscheduling.uwm.edu" />
+	<target host="www.lsc-group.phys.uwm.edu" />
+	<target host="einstein.phys.uwm.edu" />
 
+	<securecookie host="\.uwm\.edu$" name=".+" />
 
-	<!--	www doesn't work over https.	-->
-	<rule from="^https?://www\.uwm\.edu/$"
-		to="https://www4.uwm.edu/" />
-
-	<rule from="^http://einstein\.phys\.uwm\.edu/"
-		to="https://einstein.phys.uwm.edu/" />
+	<!-- www is currently forwarded to www4 by the server -->
+	<rule from="^http://www\.uwm\.edu/" to="https://www4.uwm.edu/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/University_College_London.xml b/src/chrome/content/rules/University_College_London.xml
index c4eda32e6343..0a2f539ee356 100644
--- a/src/chrome/content/rules/University_College_London.xml
+++ b/src/chrome/content/rules/University_College_London.xml
@@ -9,8 +9,16 @@
 	<target host="ucl.ac.uk" />
 	<target host="www.ucl.ac.uk" />
 
+	<!-- Dropbox rewrite from issue https://github.com/EFForg/https-everywhere/issues/4288 -->
+	<rule from="^http://(www\.)?ucl\.ac\.uk/dropbox/?$"
+		to="https://wwwapps-live.ucl.ac.uk/cgi-bin/dropbox/dropbox.cgi" />
 
-	<rule from="^https?://(?:www\.)?ucl\.ac\.uk/"
+	<rule from="^http://(?:www\.)?ucl\.ac\.uk/"
 		to="https://www.ucl.ac.uk/" />
 
-</ruleset>
\ No newline at end of file
+	<test url="http://ucl.ac.uk/dropbox" />
+	<test url="http://ucl.ac.uk/dropbox/" />
+	<test url="http://www.ucl.ac.uk/dropbox" />
+	<test url="http://www.ucl.ac.uk/dropbox/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/University_Computer_Club.xml b/src/chrome/content/rules/University_Computer_Club.xml
index 93f2a9f65240..5b7f425452f1 100644
--- a/src/chrome/content/rules/University_Computer_Club.xml
+++ b/src/chrome/content/rules/University_Computer_Club.xml
@@ -12,7 +12,6 @@
 	<target host="matt.ucc.asn.au" />
 
 
-	<rule from="^http://matt\.ucc\.asn\.au/"
-		to="https://matt.ucc.asn.au/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/University_at_Buffalo.xml b/src/chrome/content/rules/University_at_Buffalo.xml
index 3ef144571654..284536762aad 100644
--- a/src/chrome/content/rules/University_at_Buffalo.xml
+++ b/src/chrome/content/rules/University_at_Buffalo.xml
@@ -1,50 +1,205 @@
+
 <!--
-	Nonfunctional subdomains:
-
-		- (www.)admissions		(rx_record_too_long)
-		- advising			(CN: prv-web.eng.buffalo.edu; shows that domain)
-		- (www.)academy			(ditto)
-		- (www.)apb			(CN: www.buffalo.edu; shows www)
-		- (www.)cit-helpdesk		(rx_record_too_long)
-		- (www.)computersecurity	(ditto)
-		- (www.)curca			(CN: prv-web.eng.buffalo.edu; shows that domain)
-		- (www.)discoveryseminars	(ditto)
-		- (www.)financialaid		(rx_record_too_long)
-		- (www.)health			(ditto)
-		- helpdesk			(ditto)
-		- (www.)giving			(CN: www.buffalo.edu; shows www)
-		- www.grad			(rx_record_too_long)
-		- (www.)itpolicies		(ditto)
-		- (www.)law
-		- (www.)orientation		(CN: prv-web.eng.buffalo.edu; shows that domain)
-		- (www.)ub-careers		(rx_record_too_long)
-		- undergrad-catalog		(ditto)
-		- universityscholars		(CN: prv-web.eng.buffalo.edu; shows that domain)
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.student-affairs.buffalo.edu/genemail => https://www.student-affairs.buffalo.edu/genemail: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.student-affairs.buffalo.edu/images/ub.gif => https://www.student-affairs.buffalo.edu/images/ub.gif: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://tdm.pharm.buffalo.edu/ => https://tdm.pharm.buffalo.edu/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://research.buffalo.edu/ => https://research.buffalo.edu/: (51, "SSL: no alternative certificate subject name matches target host name 'research.buffalo.edu'")
+Fetch error: http://student-affairs.buffalo.edu/ => https://student-affairs.buffalo.edu/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.student-affairs.buffalo.edu/ => https://www.student-affairs.buffalo.edu/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.wings.buffalo.edu/ => https://www.wings.buffalo.edu/: (51, "SSL: no alternative certificate subject name matches target host name 'www.wings.buffalo.edu'")
+Non-2xx HTTP code: http://www.ubfoundation.buffalo.edu/ (200) => https://ubfoundation.buffalo.edu/ (403)
+
+	University at Buffalo
+
+	For rules causing false/broken MCB, see Buffalo.edu-falsemixed.xml.
+
+	Other University at Buffalo rulesets:
+
+
+
+	Nonfunctional hosts in *buffalo.edu:
+
+		- (www.)?admissions ¹
+		- (www.)?academy ²
+		- advising ²
+		- www.alumni ⁵
+		- (www.)?apb ³
+		- www.cambi ¹
+		- www.chem ¹
+		- (www.)?cit-helpdesk ¹
+		- www.cogsci ¹
+		- (www.)?computersecurity ¹
+		- biocomputing.cse ¹
+		- src.cse ⁴
+		- www.cubs ⁴
+		- (www.)?curca ²
+		- (www.)?discoveryseminars ²
+		- (www.)?financialaid ¹
+		- engineering ⁵
+		- gsa ⁵
+		- (www.)?health ¹
+		- helpdesk ¹
+		- (www.)?hr ⁵
+		- (www.)?giving ⁵
+		- www.grad ¹
+		- www.ise ⁶
+		- (www.)?itpolicies ¹
+		- (www.)?law
+		- library ¹
+		- www.lmva ⁶
+		- www.mae ¹
+		- (www.)?orientation ²
+		- parent ¹
+		- pharmsci ¹
+		- provost ⁷
+		- www.provost ⁵
+		- registrar ¹
+		- security ⁸
+		- (www.)?social-work ⁵
+		- (www.)?ub-careers ⁵
+		- (www.)?ubit ⁵
+		- undergrad-catalog ¹
+		- universityscholars ²
+
+	¹ Plaintext reply
+	² Shows prv-web.eng.buffalo.edu
+	³ Shows www.buffalo.edu
+	⁴ Shows another domain
+	⁵ Refused
+	⁶ Shows default page
+	⁷ Could not resolve host
+	⁸ Expired
+
+	Problematic hosts in *buffalo.edu:
+
+		- www.cedar ¹
+		- www.cse ²
+		- eng ³
+		- ubjobs ⁴
+
+	¹ Mismatched, untrusted root
+	² Missing certificate chain
+	³ Mixed css
+	⁴ Mismatched
+
+
+	These altnames don't exist:
+
+		- www.coeus.buffalo.edu
+		- www.wiki.cse.buffalo.edu
+		- eng.buffalo.edu
+		- www.tdm.pharm.buffalo.edu
+		- www.tprc.pharm.buffalo.edu
+
+
+	Insecure cookies are set for these hosts:
+
+		- cse.buffalo.edu
+		- wiki.cse.buffalo.edu
+		- research.buffalo.edu
+		- www.research.buffalo.edu
+		- student-affairs.buffalo.edu
+		- www.student-affairs.buffalo.edu
+
+
+	Mixed content:
+
+		- css on www.eng from $self *
+		- Images on www.eng from $self *
+		- favicon on www.eng from $self *
+
+	* Secured by us
 
 -->
-<ruleset name="University at Buffalo (partial)">
+<ruleset name="Buffalo.edu (partial)" default_off="failed ruleset test">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="buffalo.edu" />
-	<target host="*.buffalo.edu" />
+	<target host="alumni.buffalo.edu" />
+	<target host="www.alumni.buffalo.edu" />
+	<target host="coeus.buffalo.edu" />
+	<target host="wiki.cse.buffalo.edu" />
+	<target host="ftp.cse.buffalo.edu" />
+	<target host="www.cse.buffalo.edu" />
+	<target host="engineering.buffalo.edu" />
+	<target host="prv-web.eng.buffalo.edu" />
+	<!--target host="www.eng.buffalo.edu" /-->
+	<target host="myub.buffalo.edu" />
+	<target host="www.myub.buffalo.edu" />
+	<target host="inted.oie.buffalo.edu" />
+	<target host="tdm.pharm.buffalo.edu" />
+	<target host="tprc.pharm.buffalo.edu" />
+	<target host="pharmacy.buffalo.edu" />
+	<target host="research.buffalo.edu" />
+	<target host="www.research.buffalo.edu" />
+	<target host="shibboleth.buffalo.edu" />
+	<target host="socialwork.buffalo.edu" />
+	<target host="sphhp.buffalo.edu" />
+	<target host="student-affairs.buffalo.edu" />
+	<target host="www.student-affairs.buffalo.edu" />
+	<target host="ubfoundation.buffalo.edu" />
+	<target host="www.ubjobs.buffalo.edu" />
+	<target host="ublearns.buffalo.edu" />
+	<target host="ubmail.buffalo.edu" />
+	<target host="wings.buffalo.edu" />
+	<target host="www.wings.buffalo.edu" />
+	<target host="www.buffalo.edu" />
+
+	<!--	Complications:
+				-->
+	<target host="www.ubfoundation.buffalo.edu" />
+	<target host="ubjobs.buffalo.edu" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://(?:www\.)?student-affairs\.buffalo\.edu/special/speakers\.php" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://(?:www\.)?student-affairs\.buffalo\.edu/+(?!$|\?|(?:\w+/)?(?:images|style)/|genemail(?:$|\?))" />
 
+			<!--	+ve:
+					-->
+			<test url="http://student-affairs.buffalo.edu/nsp/readub/" />
+			<test url="http://student-affairs.buffalo.edu/nsp/readub/aboutus.php" />
+			<test url="http://student-affairs.buffalo.edu/nsp/readub/book.php" />
+			<test url="http://student-affairs.buffalo.edu/nsp/readub/events.php" />
+			<test url="http://student-affairs.buffalo.edu/special/aboutseries.php" />
+			<test url="http://student-affairs.buffalo.edu/special/aboutus.php" />
+			<test url="http://student-affairs.buffalo.edu/special/announcements.php" />
+			<test url="http://student-affairs.buffalo.edu/special/conference.php" />
+			<test url="http://student-affairs.buffalo.edu/special/distinguishedspeakers.php" />
+			<test url="http://student-affairs.buffalo.edu/special/speakers.php" />
+			<test url="http://student-affairs.buffalo.edu/special/specialevt.php" />
+			<test url="http://student-affairs.buffalo.edu/special/sponsors.php" />
+			<test url="http://student-affairs.buffalo.edu/special/tickets.php" />
 
-	<securecookie host="^.+\.buffalo\.edu$" name=".+" />
+			<!--	-ve:
+					-->
+			<test url="http://www.student-affairs.buffalo.edu/genemail" />
+			<test url="http://www.student-affairs.buffalo.edu/images/ub.gif" />
 
 
-	<rule from="^http://((?:(?:www\.)?(?:alumni|hr|myub|provost|ubit|wings)|prv-web\.eng|inted\.oie|security|shibboleth|ublearns|ubmail|www)\.)?buffalo\.edu/"
-		to="https://$1buffalo.edu/" />
+	<!--	not secured by server:
+					-->
+	<!--securecookie host="^wiki\.cse\.buffalo\.edu$" name="^Cacti$" /-->
+	<!--securecookie host="^(?:www\.)?research\.buffalo\.edu$" name="^(?:CFGLOBALS|CFID|CFTOKEN|ISON)$" /-->
+	<!--securecookie host="^(?:www\.)?student-affairs\.buffalo\.edu$" name="^PHPSESSID$" /-->
 
-	<!--	At least some pages redirect to http.
-							-->
-	<rule from="^http://(www\.)?student-affairs\.buffalo\.edu/(\w+/)?(images|style)/"
-		to="https://$1student-affairs.buffalo.edu/$2$3/" />
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^https?://(?:www\.)?ubfoundation\.buffalo\.edu/"
+	<rule from="^http://www\.alumni\.buffalo\.edu/"
+		to="https://alumni.buffalo.edu/" />
+
+	<rule from="^http://www\.ubfoundation\.buffalo\.edu/"
 		to="https://ubfoundation.buffalo.edu/" />
 
-	<!--	Cert only matches www.ubjobs.
-						-->
-	<rule from="^https?://(?:www\.)?ubjobs\.buffalo\.edu/"
+	<rule from="^http://ubjobs\.buffalo\.edu/"
 		to="https://www.ubjobs.buffalo.edu/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/University_of_Applied_Sciences_Kiel.xml b/src/chrome/content/rules/University_of_Applied_Sciences_Kiel.xml
index 2dc30c9ee3ce..b0c44410556a 100644
--- a/src/chrome/content/rules/University_of_Applied_Sciences_Kiel.xml
+++ b/src/chrome/content/rules/University_of_Applied_Sciences_Kiel.xml
@@ -1,19 +1,30 @@
+<!--
+	Non-functional hosts
+		Timeout was reached:
+		- hrzsophos.hrz.isc.fh-kiel.de
+		- module.fh-kiel.de
+		- vpn.fh-kiel.de
+
+		SSL peer certificate was not OK:
+		- fh-kiel.de
+		- www.student.fh-kiel.de
+-->
 <ruleset name="University of Applied Sciences Kiel">
-
 	<target host="fh-kiel.de" />
-	<target host="*.fh-kiel.de" />
-
+	<target host="www.fh-kiel.de" />
+	<target host="email.fh-kiel.de" />
+	<target host="ida.fh-kiel.de" />
+	<target host="modulanmeldung.fh-kiel.de" />
+	<target host="student.fh-kiel.de" />
+	<target host="www.student.fh-kiel.de" />
 
-	<securecookie host="^(?:(?:(?:www)?|(?:www\.)?(?:email|student)|hrzsophos\.hrz\.isc|ida|modulanmeldung|module|vpn)\.)?fh-kiel.de$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
-
-	<rule from="^http://(?:www\.)?fh-kiel\.de/"
+	<rule from="^http://fh-kiel\.de/"
 		to="https://www.fh-kiel.de/" />
 
-	<rule from="^http://(?:www\.)?(email|student)\.fh-kiel\.de/"
-		to="https://$1.fh-kiel.de/" />
-
-	<rule from="^http://(ida|hrzsophos\.hrz\.isc|modulanmeldung|module|vpn)\.fh-kiel\.de/"
-		to="https://$1.fh-kiel.de/" />
+	<rule from="^http://www\.student\.fh-kiel\.de/"
+		to="https://student.fh-kiel.de/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/University_of_Arizona.xml b/src/chrome/content/rules/University_of_Arizona.xml
index ec89ef010dff..0ed153df3518 100644
--- a/src/chrome/content/rules/University_of_Arizona.xml
+++ b/src/chrome/content/rules/University_of_Arizona.xml
@@ -2,8 +2,11 @@
 	Nonfunctional subdomains:
 
 		- ^		(times out)
+		- wwwvims.lpl ²
 		- www		(no https)
 
+	² Refused
+
 
 	Problematic subdomains:
 
@@ -12,6 +15,12 @@
 			- $ redirects to PDS/, which is identical on hirise.lpl
 			- other paths show a broken version of hirise.lpl
 
+
+	Fully covered subdomains:
+
+		- pirlwww.lpl
+		- www.lpl
+
 -->
 <ruleset name="University of Arizona (partial)">
 
@@ -27,4 +36,7 @@
 	<rule from="^http://hirise(?:-pds)?\.lpl\.arizona\.edu/"
 		to="https://hirise.lpl.arizona.edu/" />
 
+	<rule from="^http://(pirlwww|www)\.lpl\.arizona\.edu/"
+		to="https://$1.lpl.arizona.edu/" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/University_of_Bath.xml b/src/chrome/content/rules/University_of_Bath.xml
index 1e1079d99d40..278fe7f466ca 100644
--- a/src/chrome/content/rules/University_of_Bath.xml
+++ b/src/chrome/content/rules/University_of_Bath.xml
@@ -18,4 +18,4 @@
 	<rule from="^http://(?:www\.)?bath\.ac\.uk/(assets/|common/|external/|favicon\.ico|graphics/|news/system/|system/)"
 		to="https://www.bath.ac.uk/$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/University_of_Bristol.xml b/src/chrome/content/rules/University_of_Bristol.xml
index 147d3f2c443b..77570f9c0ed5 100644
--- a/src/chrome/content/rules/University_of_Bristol.xml
+++ b/src/chrome/content/rules/University_of_Bristol.xml
@@ -1,12 +1,58 @@
-<ruleset name="University of Bristol (partial)">
+<!--
+	University of Bristol
+
+
+	Nonfunctional subdomains:
+
+		- big.cs *
+
+	* Plaintext reply
+
+
+	^: cert only matches www
+
+
+	Fully covered subdomains:
+
+		- www.alumni
+		- shop
+
+
+	Insecure cookies are set for these domains:
+
+		- www.alumni.bris.ac.uk
+		- shop.bris.ac.uk
+
+-->
+<ruleset name="Bris.ac.uk (partial)">
 
 	<target host="survey.bris.ac.uk" />
 	<target host="www.survey.bris.ac.uk" />
+	<target host="www.alumni.bris.ac.uk" />
+	<target host="shop.bris.ac.uk" />
+		<!--
+			Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.bris\.ac\.uk/($|favicon\.gif|news/\d{4}/\w+/[\w-]+\.html$|media-library/protected/css/|media-library/protected/images/|styles/t4/)" /-->
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="^http://www\.bris\.ac\.uk/(?!favicon\.ico)" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.alumni\.bris\.ac\.uk$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^shop\.bris\.ac\.uk$" name="^(ASPSESSIONIDACTQQTRD|WPM%5FStore)$" /-->
+
+	<securecookie host="^(?:www\.alumni|shop)\.bris\.ac\.uk$" name=".+" />
 
 
 	<!--	Cert only matches www.
 					-->
-	<rule from="^https?://(?:www\.)?survey\.bris\.ac\.uk/"
+	<rule from="^http://(?:www\.)?survey\.bris\.ac\.uk/"
 		to="https://www.survey.bris.ac.uk/" />
 
-</ruleset>
\ No newline at end of file
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/University_of_California_San_Francisco-problematic.xml b/src/chrome/content/rules/University_of_California_San_Francisco-problematic.xml
index aaceedb28d10..d0af4422f83e 100644
--- a/src/chrome/content/rules/University_of_California_San_Francisco-problematic.xml
+++ b/src/chrome/content/rules/University_of_California_San_Francisco-problematic.xml
@@ -5,14 +5,12 @@
 <ruleset name="University of California, San Francisco (problematic)" default_off="mismatched">
 
 	<target host="postdocs.ucsf.edu" />
-	<target host="*.postdocs.ucsf.edu" />
 	<target host="support.ucsf.edu" />
 
 
 	<securecookie host="^\.postdocs\.ucsf\.edu$" name=".+" />
 
 
-	<rule from="^http://(postdocs|support)\.ucsf\.edu/"
-		to="https://$1.ucsf.edu/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/University_of_California_San_Francisco.xml b/src/chrome/content/rules/University_of_California_San_Francisco.xml
index 9af10e193b98..667423220696 100644
--- a/src/chrome/content/rules/University_of_California_San_Francisco.xml
+++ b/src/chrome/content/rules/University_of_California_San_Francisco.xml
@@ -18,6 +18,8 @@ vx28.ucsf.edu
 		- brightideas	(redirects to http; mismatched, CN: slotmatching14.salesforce.com)
 		- calendar *
 		- directory *
+		- elsamadlab (no https)
+		- floorlab	(no https)
 		- osl		(shows campuslifeservices)
 		- synapse	(no https)
 
@@ -62,31 +64,88 @@ vx28.ucsf.edu
 		- (www.)warnme		(www → ^)
 
 -->
+
 <ruleset name="University of California, San Francisco (partial)">
 
 	<target host="ucsf.edu" />
-	<target host="*.ucsf.edu" />
-
+	<target host="advancedpractice.ucsf.edu" />
+	<target host="alumni.ucsf.edu" />
+	<target host="amecenter.ucsf.edu" />
+	<target host="anchor.ucsf.edu" />
+	<target host="anesthesia.ucsf.edu" />
+	<target host="aprecruit.ucsf.edu" />
+	<target host="bakarinstitute.ucsf.edu" />
+	<target host="biophysics.ucsf.edu" />
+	<target host="blackburnlab.ucsf.edu" />
+	<target host="bmi.ucsf.edu" />
+	<target host="calendar.ucsf.edu" />
+	<target host="campuslifeservices.ucsf.edu" />
+	<target host="career.ucsf.edu" />
+	<target host="cchp.ucsf.edu" />
+	<target host="chancellor.ucsf.edu" />
+	<target host="changlab.ucsf.edu" />
+	<target host="chc.ucsf.edu" />
+	<target host="clinicaltrials.ucsf.edu" />
+	<target host="cores.ucsf.edu" />
+	<target host="coronavirus.ucsf.edu" />
+	<target host="ctsi.ucsf.edu" />
+	<target host="dp.ucsf.edu" />
+	<target host="dyslexia.ucsf.edu" />
+	<target host="eastbaysurgery.ucsf.edu" />
+	<target host="edtech.ucsf.edu" />
+	<target host="finaid.ucsf.edu" />
+	<target host="gastroenterology.ucsf.edu" />
+	<target host="genomics.ucsf.edu" />
+	<target host="giving.ucsf.edu" />
+	<target host="globalhealthsciences.ucsf.edu" />
+	<target host="graduate.ucsf.edu" />
+	<target host="grinberglab.ucsf.edu" />
+	<target host="hividgm.ucsf.edu" />
+	<target host="insideguide.ucsf.edu" />
+	<target host="interprofessional.ucsf.edu" />
+	<target host="ipqb.ucsf.edu" />
+	<target host="isso.ucsf.edu" />
+	<target host="it.ucsf.edu" />
+	<target host="learn.ucsf.edu" />
+	<target host="legal.ucsf.edu" />
+	<target host="meded.ucsf.edu" />
+	<target host="medicine.ucsf.edu" />
+	<target host="medschool.ucsf.edu" />
+	<target host="myaccess.ucsf.edu" />
+	<target host="neuroscape.ucsf.edu" />
+	<target host="oem.ucsf.edu" />
+	<target host="oir.ucsf.edu" />
+	<target host="osher.ucsf.edu" />
+	<target host="pedsurg.ucsf.edu" />
+	<target host="pharmacy.ucsf.edu" />
+	<target host="police.ucsf.edu" />
+	<target host="precisionmedicine.ucsf.edu" />
+	<target host="priority.ucsf.edu" />
+	<target host="psych.ucsf.edu" />
+	<target host="psychiatry.ucsf.edu" />
+	<target host="registrar.ucsf.edu" />
+	<target host="research.ucsf.edu" />
+	<target host="rrp.ucsf.edu" />
+	<target host="saa.ucsf.edu" />
+	<target host="sds.ucsf.edu" />
+	<target host="studenthealth.ucsf.edu" />
+	<target host="studentlife.ucsf.edu" />
+	<target host="surgicalinnovations.ucsf.edu" />
+	<target host="tobacco.ucsf.edu" />
+	<target host="transcare.ucsf.edu" />
+	<target host="ucoracles.ucsf.edu" />
+	<target host="ucsflife.ucsf.edu" />
+	<target host="vr.ucsf.edu" />
+	<target host="warnme.ucsf.edu" />
+	<target host="websites.ucsf.edu" />
+	<target host="weill.ucsf.edu" />
+	<target host="www.currytbcenter.ucsf.edu" />
+	<target host="www.fresno.ucsf.edu" />
+	<target host="www.library.ucsf.edu" />
+	<target host="www.ucsf.edu" />
+	<target host="www.ucsfhealth.org" />
 
 	<securecookie host="^(?:\.asuc|\.career|dp|\.edtech|\.finaid|\.graduate|\.gsa|\.insideguide|\.interprofessional|\.isso|\.?it|\.learn|makeagift|\.oir|\.registrar|\.?saa|\.sac|\.sds|\.ssmb|studenthealth|www)\.ucsf\.edu$" name=".+" />
 
-
-	<rule from="^http://ucsf\.edu/"
-		to="https://www.ucsf.edu/" />
-
-	<!--	These paths redirect to http first:
-
-			- $
-			- site/PageServer$
-			- site/PageServer?pagename=page_not_found
-						-->
-	<rule from="^http://makeagift\.ucsf\.edu/(?:site/PageServer)?(?:\?pagename=page_not_found)?$"
-		to="https://makeagift.ucsf.edu/site/PageServer?pagename=A1_API_GeneralGivingForm" />
-
-	<rule from="^http://(asuc|career|dp|edtech|finaid|graduate|gsa|insideguide|interprofessional|isso|it|learn|makeagift|myaccess|oir|registrar|saa|sac|sds|ssmb|studenthealth|warnme|www)\.ucsf\.edu/"
-		to="https://$1.ucsf.edu/" />
-
-	<rule from="^http://www\.(career|warnme)\.ucsf\.edu/"
-		to="https://$1.ucsf.edu/" />
-
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"	to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/University_of_California_Santa_Cruz-problematic.xml b/src/chrome/content/rules/University_of_California_Santa_Cruz-problematic.xml
index 965e241f09cf..38248a1b2ede 100644
--- a/src/chrome/content/rules/University_of_California_Santa_Cruz-problematic.xml
+++ b/src/chrome/content/rules/University_of_California_Santa_Cruz-problematic.xml
@@ -1,5 +1,5 @@
 <!--
-	For rules that are on by default, see 
+	For rules that are on by default, see
 
 -->
 <ruleset name="University of California, Santa Cruz (problematic)" default_off="expired, self-signed">
@@ -7,13 +7,11 @@
 	<target host="archaea.ucsc.edu" />
 	<target host="keys.pbsci.ucsc.edu" />
 	<target host="physicalsecurity.ucsc.edu" />
-	<target host="*.physicalsecurity.ucsc.edu" />
 
 
 	<securecookie host="^\.physicalsecurity\.ucsc\.edu$" name=".+" />
 
 
-	<rule from="^http://(archaea|keys\.pbsci|physicalsecurity)\.ucsc\.edu/"
-		to="https://$1.ucsc.edu/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/University_of_California_Santa_Cruz.xml b/src/chrome/content/rules/University_of_California_Santa_Cruz.xml
index 4fba69863c8c..b2e015b049e1 100644
--- a/src/chrome/content/rules/University_of_California_Santa_Cruz.xml
+++ b/src/chrome/content/rules/University_of_California_Santa_Cruz.xml
@@ -1,97 +1,209 @@
+
 <!--
-	CDN buckets:
+Disabled by https-everywhere-checker because:
+Fetch error: http://clery-dev.ucsc.edu/ => https://clery-dev.ucsc.edu/: (7, 'Failed to connect to clery-dev.ucsc.edu port 443: Connection refused')
+Fetch error: http://cancer2.cse.ucsc.edu/ => https://cancer2.cse.ucsc.edu/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.genome.ucsc.edu/ => https://www.genome.ucsc.edu/: (51, "SSL: no alternative certificate subject name matches target host name 'www.genome.ucsc.edu'")
+Fetch error: http://its-proposals-dev.ucsc.edu/ => https://its-proposals-dev.ucsc.edu/: (28, 'Connection timed out after 20001 milliseconds')
+
+	University of California, Santa Cruz
 
-		- edge.live.getpantheon.com
 
-			- maps
+	CDN buckets:
 
+		- edge.live.getpantheon.com	← maps
 		- ucsc.service-now.com
 
 
-	Nonfunctional subdomains:
+	Nonfunctional hosts in *ucsc.edu:
 
-		- (www.) *
+		- (www.)? ʰ
+		- 50years *
+		- academicaffairs ʰ
 		- admissions *
 		- advising *
+		- alumni ʰ
 		- bas-04	(prints default page; mismatched, CN: bas-01.ucsc.edu)
-		- events *
+		- blast ʰ
+		- calstar ʰ
+		- careers ʰ
+		- ches ʰ
+		- currents ʰ
 		- financialaid *
-		- its *
+		- foundation ʰ
+		- giving ʰ
+		- its ʰ
 		- maps-dev-d7	(shows clery-dev, valid cert)
 		- microbes	(shows archaea; expired 2009-02-12, CN: localhost.localdomain)
-		- news *
+		- news ʰ
 		- opers1 *
 		- police *
+		- pps		(403)
+		- purchasing *
 		- reg *
-		- registrar *
+		- reg ʰ
+		- registrar ʰ
+		- review ʰ
 		- risk *
 		- sbs *
 		- seymourcenter		(shows keys.pbsci; mismatched, CN: keys.pbsci.ucsc.edu)
+		- shr ʰ
 		- (www.)ssrc *
 		- ssrc.soe *
-		- static *
 		- studentservices *
 		- tobaccofree *
+		- www1 ʰ
 
+	ʰ Redirects to http
 	* Refused
 
 
-	Problematic subdomains:
+	Problematic hosts in *ucsc.edu:
 
 		- archaea		(works; expired 2009-02-12, CN: localhost.localdomain)
+		- cruzbuy ᵐ
+		- cruzpay ᵐ
 		- email			(interrupted)
 		- hgdownload.cse	(works; CN: hgdownload)
-		- itrequest		(refused)
+		- itrequest ʰ
+		- guides.library ᵐ
 		- maps			(works; mismatched, CN: *.gotpantheon.com)
+		- oca ᵐ
 		- keys.pbsci		(works, self-signed)
 		- physicalsecurity	(works, self-signed)
+		- planning ˣ
 		- soe			(refused)
 		- ugr			(mismatched, CN: *.soe.ucsc.edu)
+		- www2			(Data differ between http and https)
+
+	ʰ Redirects to http
+	ᵐ Mismatched
+	ˣ Mixed css
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .ucsc.edu
+		- cruzcat.ucsc.edu
+		- divdata.ucsc.edu
+		- ecommons.ucsc.edu
+
+
+	Mixed content:
+
+		- css, on:
 
+			- planning from www.ucsc.edu ʰ
+			- planning from www1.ucsc.edu ʰ
 
-	Fully covered subdomains:
-
-		- clery-dev
-		- cruzid
-		- cancer2.cse
-		- genome-cancer.cse
-		- email		(→ mail.google.com)
-		- (www.)genome
-		- genome-cancer
-		- itrequest		(→ ucsc.service-now.com)
-		- its-proposals-dev
-		- my
-		- (www.)soe	(^ → www)
-		- cbse.soe
-		- ugr.ue
-		- ugr		(→ ugr.eu)
-		- www1
+		- Image on planning from $self ˢ
+
+	ʰ Unsecurable <= redirects to http
+	ˢ Secured by us
 
 -->
-<ruleset name="University of California, Santa Cruz (partial)">
+<ruleset name="UCSC.edu (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="clery-dev.ucsc.edu" />
+	<target host="cruzcat.ucsc.edu" />
+	<target host="cruzid.ucsc.edu" />
+	<target host="cancer2.cse.ucsc.edu" />
+	<target host="genome-cancer.cse.ucsc.edu" />
+	<target host="divdata.ucsc.edu" />
+	<target host="ecommons.ucsc.edu" />
+	<target host="events.ucsc.edu" />
+	<target host="financial.ucsc.edu" />
+	<target host="genome.ucsc.edu" />
+	<target host="www.genome.ucsc.edu" />
+	<target host="genome-cancer.ucsc.edu" />
+	<target host="its-prod-www2-1.ucsc.edu" />
+	<target host="its-prod-www2-2.ucsc.edu" />
+	<target host="its-proposals-dev.ucsc.edu" />
+	<target host="library.ucsc.edu" />
+	<target host="my.ucsc.edu" />
+	<target host="login.oca.ucsc.edu" />
+	<target host="www.oca.ucsc.edu" />
+	<!--target host="planning.ucsc.edu" /-->
+
+	<target host="cbse.soe.ucsc.edu" />
+	<target host="classes.soe.ucsc.edu" />
+	<target host="courses.soe.ucsc.edu" />
+	<target host="cs.soe.ucsc.edu" />
+	<target host="gsrce.soe.ucsc.edu" />
+	<target host="intranet.soe.ucsc.edu" />
+	<target host="support.soe.ucsc.edu" />
+	<target host="users.soe.ucsc.edu" />
+	<target host="www.soe.ucsc.edu" />
+
+	<target host="static.ucsc.edu" />
+	<target host="ugr.ue.ucsc.edu" />
+	<target host="wcms-prod-web-3.ucsc.edu" />
+	<target host="wcms-prod-web-4.ucsc.edu" />
+
+	<!--	Complications:
+				-->
+	<target host="cruzbuy.ucsc.edu" />
+	<target host="cruzpay.ucsc.edu" />
+	<target host="email.ucsc.edu" />
+	<target host="itrequest.ucsc.edu" />
+	<target host="oca.ucsc.edu" />
+	<target host="soe.ucsc.edu" />
+	<target host="ugr.ucsc.edu" />
+
+		<!--	Mixed css:
+					-->
+		<!--test url="http://planning.ucsc.edu/wasc/" /-->
 
-	<target host="*.ucsc.edu" />
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.ucsc\.edu$" name="^(?:III_EXPT_FILE|III_SESSION_ID|SESSION_LANGUAGE)$" /-->
+	<!--securecookie host="^cruzcat\.ucsc\.edu$" name="^SESSION_SCOPE$" /-->
+	<!--securecookie host="^divdata\.ucsc\.edu$" name="^_shibstate_\d+_[\da-f]+$" /-->
+	<!--securecookie host="^ecommons\.ucsc\.edu$" name="^ROUTEID$" /-->
 
 	<!--securecookie host="^\.ucsc\.edu$" name="^(?:ais-prod-dmz-4-1610-PORTAL-PSJSESSIONID|SESS\w{32})$" /-->
-	<securecookie host="^(?:cruzid|(?:cancer2|genome-cancer)\.cse|www1)\.ucsc\.edu$" name=".+" />
+	<securecookie host="^\." name="^_gat?$" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^http://(clery-dev|cruzid|(?:cancer2|genome-cancer)\.cse|(?:www\.)?genome|genome-cancer|its-proposals-dev|my|cbse\.soe|ugr\.ue|www1)\.ucsc\.edu/"
-		to="https://$1.ucsc.edu/" />
+	<!--	Redirect drops forward
+		slash, path, and args:
+					-->
+	<rule from="^http://cruzbuy\.ucsc\.edu/.*"
+		to="https://financial.ucsc.edu/Pages/Launch_CruzBuy.aspx" />
+
+		<test url="http://cruzbuy.ucsc.edu/Default.aspx" />
+
+	<!--	Redirect drops forward
+		slash, path, and args:
+					-->
+	<rule from="^http://cruzpay\.ucsc\.edu/.*"
+		to="https://financial.ucsc.edu/Pages/Launch_CruzPay.aspx" />
+
+		<test url="http://cruzpay.ucsc.edu/Default.aspx" />
 
 	<!--	Server drops path:
 					-->
 	<rule from="^http://email\.ucsc\.edu/.*"
 		to="https://mail.google.com/a/ucsc.edu" />
 
-	<rule from="^http://(?:www\.)?soe\.ucsc\.edu/"
-		to="https://www.soe.ucsc.edu/" />
+		<test url="http://email.ucsc.edu/default.aspx" />
+
+	<rule from="^http://itrequest\.ucsc\.edu/[^?]*"
+		to="https://ucsc.service-now.com/ess/" />
+
+		<test url="http://itrequest.ucsc.edu/index.htm" />
+
+	<rule from="^http://(oca|soe)\.ucsc\.edu/"
+		to="https://www.$1.ucsc.edu/" />
 
 	<rule from="^http://ugr\.ucsc\.edu/"
 		to="https://ugr.ue.ucsc.edu/" />
 
-	<rule from="^http://itrequest\.ucsc\.edu/[^\?]*(\?.*)?"
-		to="https://ucsc.service-now.com/ess/$1" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/University_of_Cape_Town.xml b/src/chrome/content/rules/University_of_Cape_Town.xml
index 410ab0d7be89..2ecfa6e320c8 100644
--- a/src/chrome/content/rules/University_of_Cape_Town.xml
+++ b/src/chrome/content/rules/University_of_Cape_Town.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://uct.ac.za/ => https://www.uct.ac.za/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
 	Nonfunctional subdomains:
 
 		- srvwinweb001.wf *
@@ -42,7 +46,7 @@
 	^staff doesn't exist
 
 -->
-<ruleset name="University of Cape Town (partial)">
+<ruleset name="University of Cape Town (partial)" default_off="failed ruleset test">
 
 	<target host="uct.ac.za" />
 	<target host="*.uct.ac.za" />
@@ -79,4 +83,4 @@
 	<rule from="^http://www\.vula\.uct\.ac\.za/(?:\?.*)$"
 		to="https://vula.uct.ac.za/portal" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/University_of_Central_Lancashire.xml b/src/chrome/content/rules/University_of_Central_Lancashire.xml
index 44f22c0b0f3c..8e75c4ba5c97 100644
--- a/src/chrome/content/rules/University_of_Central_Lancashire.xml
+++ b/src/chrome/content/rules/University_of_Central_Lancashire.xml
@@ -1,10 +1,18 @@
-<ruleset name="University of Central Lancashire">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://staff.uclan.ac.uk/ => https://staff.uclan.ac.uk/: (28, 'Connection timed out after 20000 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://uclan.ac.uk/ => https://uclan.ac.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'uclan.ac.uk'")
+-->
+<ruleset name="University of Central Lancashire" default_off="failed ruleset test">
 
 	<target host="uclan.ac.uk" />
-	<target host="*.uclan.ac.uk" />
+	<target host="staff.uclan.ac.uk" />
+	<target host="www.uclan.ac.uk" />
 
 
-	<rule from="^http://(staff\.|www\.)?uclan\.ac\.uk/"
-		to="https://$1uclan.ac.uk/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/University_of_Cincinatti.xml b/src/chrome/content/rules/University_of_Cincinatti.xml
index 587b24d56e23..3a5907ca8a40 100644
--- a/src/chrome/content/rules/University_of_Cincinatti.xml
+++ b/src/chrome/content/rules/University_of_Cincinatti.xml
@@ -26,17 +26,29 @@
 <ruleset name="University of Cincinatti (partial)">
 
 	<target host="uc.edu" />
-	<target host="*.uc.edu" />
+	<target host="www.uc.edu" />
+	<target host="admissions.uc.edu" />
+	<target host="health.uc.edu" />
+	<target host="med.uc.edu" />
+	<target host="medcenter.uc.edu" />
+	<target host="pharmacy.uc.edu" />
+	<target host="researchcompliance.uc.edu" />
+	<target host="www.health.uc.edu" />
+	<target host="www.med.uc.edu" />
+	<target host="www.medcenter.uc.edu" />
+	<target host="www.pharmacy.uc.edu" />
+	<target host="www.researchcompliance.uc.edu" />
+	<target host="intmed.uc.edu" />
+	<target host="ucdirectory.uc.edu" />
 		<exclusion pattern="^http://(?:www\.)?(?:intmed|med|researchcompliance)\.uc\.edu/(?!App_(?:Master|Themes)/|Libraries/|[sS]itefinity/|WebResource\.axd)" />
 
 
 	<securecookie host="^(?!(?:www\.)?(?:intmed|med|researchcompliance)\.).+\.uc\.edu$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?uc\.edu/"
+	<rule from="^http://(?:www\.)?uc\.edu/"
 		to="https://www.uc.edu/" />
 
-	<rule from="^http://(admissions|(?:www\.)?(?:health|med|medcenter|pharmacy|researchcompliance)|intmed|ucdirectory)\.uc\.edu/"
-		to="https://$1.uc.edu/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/University_of_Derby-problematic.xml b/src/chrome/content/rules/University_of_Derby-problematic.xml
index 9412a1d908ad..d99c0fb3cca9 100644
--- a/src/chrome/content/rules/University_of_Derby-problematic.xml
+++ b/src/chrome/content/rules/University_of_Derby-problematic.xml
@@ -12,7 +12,6 @@
 	<!--	Cookies are handled in University_of_Derby.xml.	-->
 
 
-	<rule from="^http://ask\.derby\.ac\.uk/"
-		to="https://ask.derby.ac.uk/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/University_of_Derby.xml b/src/chrome/content/rules/University_of_Derby.xml
index 1d7538a0915b..57ceb6c5dca2 100644
--- a/src/chrome/content/rules/University_of_Derby.xml
+++ b/src/chrome/content/rules/University_of_Derby.xml
@@ -9,16 +9,19 @@
 -->
 <ruleset name="University of Derby (partial)">
 
-	<target host="*.derby.ac.uk" />
+	<target host="erecruitment.derby.ac.uk" />
+	<target host="password.derby.ac.uk" />
+	<target host="pssprd.derby.ac.uk" />
+	<target host="students.derby.ac.uk" />
+	<target host="udo.derby.ac.uk" />
 
 
-	<securecookie host="^.+\.derby\.ac\.uk$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<!--		www.../enrolment$ points to pssprd...8030,
 		which works with or without port appended.
 								-->
-	<rule from="^http://(erecruitment|password|pssprd|students|udo)\.derby\.ac\.uk(:8030)?/"
-		to="https://$1.derby.ac.uk$2/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/University_of_Erlangen-Nuremberg.xml b/src/chrome/content/rules/University_of_Erlangen-Nuremberg.xml
index c716e0c5c109..9f548307339c 100644
--- a/src/chrome/content/rules/University_of_Erlangen-Nuremberg.xml
+++ b/src/chrome/content/rules/University_of_Erlangen-Nuremberg.xml
@@ -7,12 +7,15 @@
 	Problematic domains:
 
 		- (www.)blog.fua.de *
+		- (www.)?eam.fua.de ᶜ
+
 		- (www.)blog.uni-erlangen.de *
 		- (www.)fau.eu			(works; mismatched, CN: www.uni-erlangen.org)
 		- u-erlangen.org ****
 		- www.u-erlangen.org ***
 		- blogs.uni-erlangen.de *
 		- www.blogs.uni-erlangen.de **
+		- (www.)?eam.uni-erlangen.de ᶜ
 		- (www.)home.uni-erlangen.de *
 		- uni-erlangen.com ***
 		- www.uni-erlangen.com ****
@@ -26,50 +29,72 @@
 		- www.university-nuremberg.de ****
 
 	* Prints "Fehler beim Aufbau einer Datenbankverbindung", valid cert
+	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
 	** Prints "Fehler beim Aufbau einer Datenbankverbindung", mismatched
 	*** Works; mismatched, self-signed
 	**** Works, self-signed
 
 
-	Fully covered domains:
+	Insecure cookies are set for these hosts:
+
+		- eam.fau.de
+		- www.eam.fau.de
+		- eam.uni-erlangen.de
+		- www.eam.uni-erlangen.de
 
-		- fau.de subdomains:
 
-			- (www.)
-			- (www.)blog	(→ blogs)
-			- (www.)blogs
-			- www1.cs
-			- (www.)eam
+	Mixed content:
 
-		- uni-erlangen.de subdomains:
+		- Bugs, on:
 
-			- (www.)
-			- (www.)blog		(→ blogs.fau.de)
-			- (www.)blogs		(→ blogs.fau.de)
-			- (www.)eam
-			- (www.)home		(→ blogs.fau.de)
-			- www1.informatik
+			- (www.)?eam.fau.de, (www.)?eam.uni-erlangen.de from infovm9-8.rrze.uni-erlangen.de
 
 -->
 <ruleset name="University of Erlangen-Nuremberg (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="fau.de" />
-	<target host="*.fau.de" />
+	<target host="blogs.fau.de" />
+	<target host="www.blogs.fau.de" />
+	<target host="www1.cs.fau.de" />
+	<!--target host="eam.fau.de" /-->
+	<!--target host="www.eam.fau.de" /-->
+	<target host="ftp.fau.de" />
+	<target host="www.fau.de" />
+	<target host="ftp.rrze.uni-erlangen.de" />
+	<target host="ftp.uni-erlangen.de" />
+
 	<target host="uni-erlangen.de" />
-	<target host="*.uni-erlangen.de" />
+	<!--target host="eam.uni-erlangen.de" /-->
+	<!--target host="www.eam.uni-erlangen.de" /-->
+	<target host="www1.informatik.uni-erlangen.de" />
+	<target host="zuv.cms.rrze.uni-erlangen.de" />
+	<target host="www.uni-erlangen.de" />
+
+	<!--	Complications:
+				-->
+	<target host="blog.fau.de" />
+	<target host="www.blog.fau.de" />
+
+	<target host="blog.uni-erlangen.de" />
+	<target host="www.blog.uni-erlangen.de" />
+	<target host="blogs.uni-erlangen.de" />
+	<target host="www.blogs.uni-erlangen.de" />
+	<target host="home.uni-erlangen.de" />
+	<target host="www.home.uni-erlangen.de" />
 
 
-	<securecookie host="^(?:www\.)?eam\.fau\.de$" name=".+" />
-	<securecookie host="^(?:www\.)?eam\.uni-erlangen\.de$" name=".+" />
+	<!--securecookie host="^(?:www\.)?eam\.fau\.de$" name="^fe_typo_user$" /-->
+	<!--securecookie host="^(?:www\.)?eam\.uni-erlangen\.de$" name="^fe_typo_user$" /-->
 
+	<securecookie host="^\w" name=".+" />
 
-	<rule from="^http://((?:(?:www\.)?blogs|www1\.cs|www)\.)?fau\.de/"
-		to="https://$1fau.de/" />
 
-	<rule from="^http://(?:www\.)?blog(?:\.fau|(?:home|s?)\.uni-erlangen)\.de/"
+	<rule from="^http://(?:www\.)?(?:blog\.fau|(?:blogs?|home)\.uni-erlangen)\.de/"
 		to="https://blogs.fau.de/" />
 
-	<rule from="^http://((?:(?:www\.)?eam|www1\.informatik|www)\.)?uni-erlangen\.de/"
-		to="https://$1uni-erlangen.de/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/University_of_Georgia.xml b/src/chrome/content/rules/University_of_Georgia.xml
index 46b307ea2a0d..8d465177e131 100644
--- a/src/chrome/content/rules/University_of_Georgia.xml
+++ b/src/chrome/content/rules/University_of_Georgia.xml
@@ -3,7 +3,6 @@
 	<target host="news.uga.edu" />
 
 
-	<rule from="^http://news\.uga\.edu/"
-		to="https://news.uga.edu/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/University_of_Greifswald.xml b/src/chrome/content/rules/University_of_Greifswald.xml
deleted file mode 100644
index 408381977c4d..000000000000
--- a/src/chrome/content/rules/University_of_Greifswald.xml
+++ /dev/null
@@ -1,38 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- www.rz *
-		- www *
-
-	* Shows t3cl-hgw.rz; mismatched, CN: t3cl-hgw.rz.uni-greifswald.de
-
-
-	Fully covered subdomains:
-
-		- ilias
-		- t3cl-hgw.rz.uni-greifswald.de
-		- typo3cluster.rz.uni-greifswald.de
-
-
-	^uni-greifswald.de doesn't exist.
-
-
-	Observed cookie domains:
-
-		- ilias
-		- www.rz
-		- www
-
--->
-<ruleset name="University of Greifswald (partial)">
-
-	<target host="*.uni-greifswald.de" />
-
-
-	<securecookie host="^ilias\.uni-greifswald\.de$" name=".+" />
-
-
-	<rule from="^http://(ilias|t3cl-hgw\.rz|typo3cluster\.rz)\.uni-greifswald\.de/"
-		to="https://$1.uni-greifswald.de/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/University_of_Grenada.xml b/src/chrome/content/rules/University_of_Grenada.xml
index f7966673c6cd..ef2e0b96d3b7 100644
--- a/src/chrome/content/rules/University_of_Grenada.xml
+++ b/src/chrome/content/rules/University_of_Grenada.xml
@@ -10,13 +10,12 @@
 -->
 <ruleset name="University of Grenada (partial)">
 
-	<target host="*.ugr.es" />
+	<target host="cruetic.ugr.es" />
 
 
 	<securecookie host="^\.?cruetic\.ugr\.es$" name=".+" />
 
 
-	<rule from="^http://cruetic\.ugr\.es/"
-		to="https://cruetic.ugr.es/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/University_of_Houston.xml b/src/chrome/content/rules/University_of_Houston.xml
index 664bee46c379..752c8c695d69 100644
--- a/src/chrome/content/rules/University_of_Houston.xml
+++ b/src/chrome/content/rules/University_of_Houston.xml
@@ -1,72 +1,53 @@
 <!--
-	Nonfunctional subdomains:
-
-		- bauerticker
-		- distance
-		- orientation.distance	(reset)
-		- www.hrm		(CN: *.contentactive.com; 404)
-		- m.law			(reset)
-		- www.uhsa		(SN: ssl.uh.edu; redirects there)
-		- weekendu		(reset)
-
-
-	Problematic subdomains:
-
-		- www.arch			(CN: ssl.uh.edu; 
-		- eto				(expired; works)
-		- researchstores.nsm.uh.edu	(CN: nsm.uh.edu; works)
-		- www.sw			(CN: ssl.uh.edu;
-
-
-	Fully covered subdomains:
-
-		- ^
-		- accessuh
-		- (www.)bauer
-		- (www.)coe
-		- (www.)egr
-		- (www.)law
-		- fp.my
-		- myuh
-		- nsm
-		- forms.nsm
-		- mail.nsm
-		- mynsm.nsm
-		- mynsmstore.nsm
-		- nsmit.nsm
-		- www.nsm
-		- www.opt
-		- ssl
-		- (www.)tech
-		- vnet
-		- www
-
+	Non-functional hosts
+		Timeout was reached:
+		- bauerticker.uh.edu
+		- orientation.distance.uh.edu
+		- eto.uh.edu
+		- nsm.uh.edu
+		- forms.nsm.uh.edu
+		- nsmit.nsm.uh.edu
+		- researchstores.nsm.uh.edu
+		- www.nsm.uh.edu
+
+		SSL connect error:
+		- m.law.uh.edu
+
+		SSL peer certificate was not OK:
+		- www.arch.uh.edu
+		- bauer.uh.edu
+		- coe.uh.edu
+		- distance.uh.edu
+		- egr.uh.edu
+		- www.hrm.uh.edu
+		- law.uh.edu
+		- mail.nsm.uh.edu
+		- www.sw.uh.edu
+		- www.uhsa.uh.edu
+		- weekendu.uh.edu
+
+		Peer certificate cannot be authenticated with given CA certificates:
+		- myuh.uh.edu
+
+		Incomplete certificate chain error:
+		- tech.uh.edu
+		- www.tech.uh.edu
+		- vnet.uh.edu
+
+		Mixed content blocking (MCB) triggered:
+		- www.law.uh.edu
 -->
 <ruleset name="University of Houston (partial)">
-
-	<target host="*.uh.edu" />
-	<target host="www.*.uh.edu" />
-	<target host="fp.my.uh.edu" />
-	<target host="*.nsm.uh.edu" />
-
-
-	<securecookie host="^.+\.uh\.edu$" name=".+" />
-
-
-	<rule from="^https?://(?:www\.)?uh\.edu/"
-		to="https://ssl.uh.edu/" />
-
-	<rule from="^http://(accessuh|fp\.mh|myuh|(?:forms|mail|mynsm|mynsmstore|nsmit)\.nsm|www\.opt|ssl|vnet)\.uh\.edu/"
-		to="https://$1.uh.edu/" />
-
-	<!--	Certs don't match www.
-					-->
-	<rule from="^https?://(?:www\.)?nsm\.uh\.edu/"
-		to="https://nsm.uh.edu/" />
-
-	<!--	Certs don't match !www.
-					-->
-	<rule from="^https?://(?:www\.)?(bauer|coe|egr|law|tech)\.uh\.edu/"
-		to="https://www.$1.uh.edu/" />
-
-</ruleset>
\ No newline at end of file
+	<target host="uh.edu" />
+	<target host="www.uh.edu" />
+	<target host="accessuh.uh.edu" />
+	<target host="www.bauer.uh.edu" />
+	<target host="www.coe.uh.edu" />
+	<target host="www.egr.uh.edu" />
+	<target host="www.opt.uh.edu" />
+	<target host="ssl.uh.edu" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/University_of_Iowa.xml b/src/chrome/content/rules/University_of_Iowa.xml
index 8c12cc145511..1c601503a69a 100644
--- a/src/chrome/content/rules/University_of_Iowa.xml
+++ b/src/chrome/content/rules/University_of_Iowa.xml
@@ -3,14 +3,51 @@
 
 		- (www.)
 		- iemweb.biz
+		- cio ¹
+		- (www.)?classrooms ²
+		- webcam.iowa ¹
+		- itcommunities ¹
+		- reports.its ¹
+		- maps ¹
+
+	¹ Refused
+	² Dropped
+
+
+	Partially covered subdomains:
+
+		- its *
+
+	* Avoiding broken MCB
+
+
+	Fully covered subdomains:
+
+		- www.dna.its
+		- itsecurity
+		- tippie
+		- wiki
+
+
+	Mixed content:
+
+		- css on its from $self
+		- Images on its from $self
 
 -->
 <ruleset name="University of Iowa (partial)">
 
+	<target host="its.uiowa.edu" />
+	<target host="www.dna.its.uiowa.edu" />
+	<target host="itsecurity.uiowa.edu" />
 	<target host="tippie.uiowa.edu" />
+	<target host="wiki.uiowa.edu" />
+		<!--
+			Avoid broken MCB:
+:						-->
+		<exclusion pattern="^http://its\.uiowa\.edu/+(?!favicon\.ico|files/|sites/)" />
 
 
-	<rule from="^http://tippie\.uiowa\.edu/"
-		to="https://tippie.uiowa.edu/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/University_of_Kent.xml b/src/chrome/content/rules/University_of_Kent.xml
index 158058f8ade4..d8df7f5fc471 100644
--- a/src/chrome/content/rules/University_of_Kent.xml
+++ b/src/chrome/content/rules/University_of_Kent.xml
@@ -1,28 +1,65 @@
+
 <!--
-	Problematic subdomains:
+Disabled by https-everywhere-checker because:
+Fetch error: http://sds-staff.kent.ac.uk/ => https://sds-staff.kent.ac.uk/: (28, 'Connection timed out after 20004 milliseconds')
+
+	University of Kent
+
+
+	Problematic hosts in *kent.ac.uk:
+
+		- cs *
 
-		- cs	(cert only matches www.cs)
+	* Mismatched
 
 
-	Fully covered subdomains:
+	Insecure cookies are set for these domains:
 
-		- (www.)
-		- blogs
-		- (www.)cs	(^ → www)
-		- sds
-		- static
+		- .kent.ac.uk
 
 -->
-<ruleset name="University of Kent (partial)">
+<ruleset name="Kent.ac.uk (partial)" default_off="failed ruleset test">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="kent.ac.uk" />
-	<target host="*.kent.ac.uk" />
+	<target host="blogs.kent.ac.uk" />
+	<target host="owa.connect.kent.ac.uk" />
+	<target host="www.cs.kent.ac.uk" />
+	<target host="dan.kent.ac.uk" />
+	<target host="esd.kent.ac.uk" />
+	<target host="evision.kent.ac.uk" />
+	<target host="sso.id.kent.ac.uk" />
+	<target host="kar.kent.ac.uk" />
+	<target host="live.kent.ac.uk" />
+	<target host="myfolio.kent.ac.uk" />
+	<target host="player.kent.ac.uk" />
+	<target host="sds.kent.ac.uk" />
+	<target host="sds-staff.kent.ac.uk" />
+	<target host="static.kent.ac.uk" />
+	<target host="www.kent.ac.uk" />
 
+	<!--	Complications:
+				-->
+	<target host="cs.kent.ac.uk" />
 
-	<rule from="^http://((?:blogs|sds|static|www)\.)?kent\.ac\.uk/"
-		to="https://$1kent.ac.uk/" />
+		<!--	Sets cookie without Secure:
+							-->
+		<test url="http://owa.connect.kent.ac.uk/OWA" />
 
-	<rule from="^http://(?:www\.)?cs\.kent\.ac\.uk/"
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.kent\.ac\.uk$" name="^cadata[\dA-F]{32}$" /-->
+
+	<securecookie host="^\.kent\.ac\.uk$" name="^cadata[\dA-F]{32}$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://cs\.kent\.ac\.uk/"
 		to="https://www.cs.kent.ac.uk/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/University_of_Leeds.xml b/src/chrome/content/rules/University_of_Leeds.xml
index a08b23ece9d2..327fbee9a577 100644
--- a/src/chrome/content/rules/University_of_Leeds.xml
+++ b/src/chrome/content/rules/University_of_Leeds.xml
@@ -1,179 +1,433 @@
+
 <!--
-	Nonfunctional subdomains:
+Disabled by https-everywhere-checker because:
+Fetch error: http://lubswww.leeds.ac.uk/restricted/login/ => https://lubswww.leeds.ac.uk/restricted/login/: Too many redirects while fetching 'https://lubswww.leeds.ac.uk/restricted/login/'
+Fetch error: http://autodiscover.adm.leeds.ac.uk/ => https://autodiscover.adm.leeds.ac.uk/: (7, 'Failed to connect to autodiscover.adm.leeds.ac.uk port 443: Connection refused')
+Fetch error: http://www.arts.leeds.ac.uk/ => https://www.arts.leeds.ac.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'www.arts.leeds.ac.uk'")
+Fetch error: http://autodiscover.as.leeds.ac.uk/ => https://autodiscover.as.leeds.ac.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'autodiscover.as.leeds.ac.uk'")
+Fetch error: http://asd.leeds.ac.uk/ => https://asd.leeds.ac.uk/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://autodiscover.leeds.ac.uk/ => https://autodiscover.leeds.ac.uk/: (7, 'Failed to connect to autodiscover.leeds.ac.uk port 443: Connection refused')
+Fetch error: http://autodiscover.getech.leeds.ac.uk/ => https://autodiscover.getech.leeds.ac.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'autodiscover.getech.leeds.ac.uk'")
+Fetch error: http://autodiscover.llu.leeds.ac.uk/ => https://autodiscover.llu.leeds.ac.uk/: (6, 'Could not resolve host: autodiscover.llu.leeds.ac.uk')
+Fetch error: http://awesome.leeds.ac.uk/ => https://awesome.leeds.ac.uk/: (6, 'Could not resolve host: awesome.leeds.ac.uk')
+Fetch error: http://blog.leeds.ac.uk/ => https://blog.leeds.ac.uk/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://autodiscover.bmb.leeds.ac.uk/ => https://autodiscover.bmb.leeds.ac.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'autodiscover.bmb.leeds.ac.uk'")
+Fetch error: http://autodiscover.chem.leeds.ac.uk/ => https://autodiscover.chem.leeds.ac.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'autodiscover.chem.leeds.ac.uk'")
+Fetch error: http://cipeg.leeds.ac.uk/ => https://cipeg.leeds.ac.uk/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://cjs.leeds.ac.uk/ => https://cjs.leeds.ac.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'cjs.leeds.ac.uk'")
+Fetch error: http://www.cjs.leeds.ac.uk/ => https://www.cjs.leeds.ac.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'www.cjs.leeds.ac.uk'")
+Fetch error: http://autodiscover.comp.leeds.ac.uk/ => https://autodiscover.comp.leeds.ac.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'autodiscover.comp.leeds.ac.uk'")
+Fetch error: http://www.comp.leeds.ac.uk/ => https://www.comp.leeds.ac.uk/: (7, 'Failed to connect to www.comp.leeds.ac.uk port 443: Connection refused')
+Fetch error: http://www.dentistry.leeds.ac.uk/ => https://www.dentistry.leeds.ac.uk/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.digitalis.leeds.ac.uk/ => https://www.digitalis.leeds.ac.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'www.digitalis.leeds.ac.uk'")
+Fetch error: http://dsalumni3.ds.leeds.ac.uk/ => https://dsalumni3.ds.leeds.ac.uk/: (6, 'Could not resolve host: dsalumni3.ds.leeds.ac.uk')
+Fetch error: http://autodiscover.ee.leeds.ac.uk/ => https://autodiscover.ee.leeds.ac.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'autodiscover.ee.leeds.ac.uk'")
+Fetch error: http://autodiscover.estates.leeds.ac.uk/ => https://autodiscover.estates.leeds.ac.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'autodiscover.estates.leeds.ac.uk'")
+Fetch error: http://impact.leeds.ac.uk/ => https://impact.leeds.ac.uk/: (6, 'Could not resolve host: impact.leeds.ac.uk')
+Fetch error: http://www.iss.leeds.ac.uk/ => https://www.iss.leeds.ac.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'www.iss.leeds.ac.uk'")
+Fetch error: http://lubswww.leeds.ac.uk/ => https://lubswww.leeds.ac.uk/: Too many redirects while fetching 'https://lubswww.leeds.ac.uk/'
+Fetch error: http://lutube.leeds.ac.uk/ => https://lutube.leeds.ac.uk/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://dev.pdr.leeds.ac.uk/ => https://dev.pdr.leeds.ac.uk/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.pvac.leeds.ac.uk/ => https://www.pvac.leeds.ac.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'www.pvac.leeds.ac.uk'")
+Fetch error: http://pvac-cms.leeds.ac.uk/ => https://pvac-cms.leeds.ac.uk/: (6, 'Could not resolve host: pvac-cms.leeds.ac.uk')
+Fetch error: http://www.pvac-cms.leeds.ac.uk/ => https://www.pvac-cms.leeds.ac.uk/: (6, 'Could not resolve host: www.pvac-cms.leeds.ac.uk')
+Fetch error: http://pvac-forum.leeds.ac.uk/ => https://pvac-forum.leeds.ac.uk/: (6, 'Could not resolve host: pvac-forum.leeds.ac.uk')
+Fetch error: http://pvac-webhost.leeds.ac.uk/ => https://pvac-webhost.leeds.ac.uk/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://rothaconference.leeds.ac.uk/ => https://rothaconference.leeds.ac.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'rothaconference.leeds.ac.uk'")
+Fetch error: http://www.rothaconference.leeds.ac.uk/ => https://www.rothaconference.leeds.ac.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'www.rothaconference.leeds.ac.uk'")
+Fetch error: http://doc.see.leeds.ac.uk/ => https://doc.see.leeds.ac.uk/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://stars.leeds.ac.uk/ => https://stars.leeds.ac.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'stars.leeds.ac.uk'")
+Fetch error: http://wpad.leeds.ac.uk/ => https://wpad.leeds.ac.uk/: (6, 'Could not resolve host: wpad.leeds.ac.uk')
+Fetch error: http://www.wpad.leeds.ac.uk/ => https://www.wpad.leeds.ac.uk/: (6, 'Could not resolve host: www.wpad.leeds.ac.uk')
+Fetch error: http://www.cipeg.leeds.ac.uk/ => https://cipeg.leeds.ac.uk/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://digitalis.leeds.ac.uk/ => https://www.digitalis.leeds.ac.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'www.digitalis.leeds.ac.uk'")
+Fetch error: http://pvac.leeds.ac.uk/ => https://www.pvac.leeds.ac.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'www.pvac.leeds.ac.uk'")
+
+	Note: symplecticservices will fail fetch test, since it 302s to https.
+
+	University of Leeds
+
+	For rules causing false/broken MCB, see Leeds.ac.uk-falsemixed.xml.
+
+
+	Nonfunctional hosts in *leeds.ac.uk:
 
 		- www.bmb *
+		- virtual.business	(Redirects to http)
+		- campus		(500)
 		- careerweb **
+		- changemypassword *
 		- www.chem
+		- comms			Shows another domain
 		- (www.)education	(redirects to arts; mismatched, CN: webhost02c.leeds.ac.uk)
 		- (www.)equality ***
 		- www.fbs *
-		- findanexpert		(redirects to changemypassword; mismatched, CN: changemypassword.leeds.ac.uk)
+		- findanexpert		(404)
 		- www.food *
 		- hotspots ***
-		- hr **
 		- www.hr		(shows asd; mismatched, CN: asd.leeds.ac.uk)
 		- italladdsup ***
+		- www.lts ***
+		- office365 *
 		- redeployment		(reset)
+		- reporter		Handshake fails
 		- www.sddu ***
-		- servicesguide		(shows consultancyguidance; mismatched, CN: consultancyguidance.leeds.ac.uk)
+		- servicesguide		(Refused)
 		- sport			(prints "TEST PAGE"; mismatched, CN: stars.leeds.ac.uk)
+		- tldynamic		Refused
 		- tsh ***
 		- www.tsh		(404; mismatched, CN: www.environment.leeds.ac.uk)
 		- webhost02h		(redirects to http)
+		- webprod3		Refused
 
 	* Times out
 	** 503; mismatched, CN: www.leeds.ac.uk
 	*** Redirects to http; mismatched, CN: webhost02h.leeds.ac.uk
 
 
-	Problematic subdomains:
+	Problematic hosts in *leeds.ac.uk:
 
 		- ^			(times out)
 		- adm
 		- www.business		(mismatched, CN: lubsws01.leeds.ac.uk)
-		- campus		(503; mismatched, CN: www.leeds.ac.uk)
 		- www.cipeg *
 		- consultancyguidance	(works, expired 2011-11-10)
+		- courses		Mismatched
 		- www.digitalis **
 		- www.ee		(mismatched, CN: www.engineering.leeds.ac.uk)
 		- environment *
 		- epocs **
-		- jobs			(works; mismatched, CN: *.i-grasp.com)
-		- www.leedsportal	(cert only matches ^leedsportal)
+		- www.geog		Mixed css
+		- helpdesk		Dropped
+		- hr			Mixed css
+		- itinductions *	Mixed css
+		- www.leedsportal *
 		- (www.)music		(works; mismatched, CN: pvac-webhost.leeds.ac.uk)
-		- (www.)portal		(works; mismatched, CN: leedsportal.leeds.ac.uk)
+		- mypassword *		(Expired)
+		- www.portal		(works; mismatched, CN: leedsportal.leeds.ac.uk)
 		- pvac **
+		- staging		(Missing certificate chain)
 		- www.stringeditions	(mismatched, CN: webhost02h.leeds.ac.uk)
 
 	* Mismatched
 	** Mismatched, CN: webhost02c.leeds.ac.uk
 
 
-	Partially covered subdomains:
-
-		- campus	(→ www)
-		- (www.)chase	(some pages redirect to http)
-		- music		(→ pvac-webhost)
-
-
-	Fully covered subdomains:
-
-		- (www.)		(^ → www)
-		- acceptonline
-		- access
-		- adm			(→ www)
-		- (www.)alumni
-		- (www.)arts
-		- autodiscover.adm
-		- autodiscover.as
-		- asd
-		- autodiscover
-		- awesome
-		- www.bioelectronics
-		- blog
-		- autodiscover.bmb
-		- (www.)business	(www → ^)
-		- changemypassword
-		- autodiscover.chem
-		- (www.)cipeg		(www → ^)
-		- (www.)cjs
-		- autodiscover.comp
-		- www.comp
-		- concussion
-		- www.dentistry
-		- (www.)digitalis	(^ → www)
-		- apollo3.ds
-		- apollo4.ds
-		- dsalumni3.ds
-		- (www.)earth
-		- autodiscover.earth
-		- autodiscover.education
-		- www.ee		(→ www.engineering)
-		- autodiscover.ee
-		- (www.)engineering
-		- (www.)env
-		- (www.)environment	(^ → www)
-		- (www.)epocs		(^ → www)
-		- autodiscover.estates
-		- autodiscover.food
-		- autodiscover.getech
-		- www.geog
-		- impact
-		- (www.)iss
-		- autodiscover.its
-		- www.its
-		- jobs			(→ ig29.i-grasp.com)
-		- leedsforlife
-		- (www.)leedsportal	(www → ^)
-		- library
-		- blog.library
-		- autodiscover.llu
-		- autodiscover.lubs
-		- lubsws01
-		- lubswww
-		- lutube
-		- outlook
-		- dev.pdr
-		- www.pdr
-		- (www.)portal		(→ leedsportal)
-		- (www.)pvac		(^ → www)
-		- (www.)pvac-cms
-		- pvac-forum
-		- pvac-webhost
-		- qtool
-		- (www.)rothaconference
-		- (www.)see
-		- bookings.see
-		- doc.see
-		- homepages.see
-		- stars
-		- (www.)stringeditions	(www → ^)
-		- studentservices
-		- vlebb
-		- (www.)wpad
+	These altnames don't exist:
+
+		- dev.xforms.leeds.ac.uk
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .leeds.ac.uk
+		- courses.leeds.ac.uk
+		- hr.leeds.ac.uk
+		- it.leeds.ac.uk
+		- itinductions.leeds.ac.uk
+		- leedsportal.leeds.ac.uk
+		- lubswww.leeds.ac.uk
+		- passwordreset.leeds.ac.uk
+		- portal.leeds.ac.uk
+		- staging.leeds.ac.uk
+		- .staging.leeds.ac.uk
+		- uolr3.leeds.ac.uk
+		- www.leeds.ac.uk
+		- xforms.leeds.ac.uk
+		- .xforms.leeds.ac.uk
+
+
+	Mixed content:
+
+		- css, on:
+
+			- www.geog from $self *
+			- hr from $self *
+			- itinductions from $self
+
+		- Images, on:
+
+			- www.comp from $self *
+			- courses from oci.leeds.wiki
+			- www.geog from $self *
+			- hr from $self *
+
+		- favicon on www.geog from www.leeds.ac.uk *
+
+	* Secured by us
 
 -->
-<ruleset name="University of Leeds (partial)">
+<ruleset name="Leeds.ac.uk (partial)" default_off="failed ruleset test">
 
+	<!--	Direct rewrites:
+				-->
+	<target host="acceptonline.leeds.ac.uk" />
+	<target host="access.leeds.ac.uk" />
+	<target host="adfs.leeds.ac.uk" />
+	<target host="autodiscover.adm.leeds.ac.uk" />
+	<target host="alumni.leeds.ac.uk" />
+	<target host="www.alumni.leeds.ac.uk" />
+	<target host="applyonline.leeds.ac.uk" />
+	<target host="arts.leeds.ac.uk" />
+	<target host="www.arts.leeds.ac.uk" />
+	<target host="autodiscover.as.leeds.ac.uk" />
+	<target host="asd.leeds.ac.uk" />
+	<target host="autodiscover.leeds.ac.uk" />
+	<target host="autodiscover.getech.leeds.ac.uk" />
+	<target host="autodiscover.llu.leeds.ac.uk" />
+	<target host="awesome.leeds.ac.uk" />
+	<target host="www.bioelectronics.leeds.ac.uk" />
+	<target host="blog.leeds.ac.uk" />
+	<target host="autodiscover.bmb.leeds.ac.uk" />
+	<target host="business.leeds.ac.uk" />
+	<target host="staging.business.leeds.ac.uk" />
+	<target host="changemypassword.leeds.ac.uk" />
+	<target host="chase.leeds.ac.uk" />
+	<target host="www.chase.leeds.ac.uk" />
+	<target host="autodiscover.chem.leeds.ac.uk" />
+	<target host="cipeg.leeds.ac.uk" />
+	<target host="cjs.leeds.ac.uk" />
+	<target host="www.cjs.leeds.ac.uk" />
+	<target host="autodiscover.comp.leeds.ac.uk" />
+	<target host="www.comp.leeds.ac.uk" />
+	<target host="concussion.leeds.ac.uk" />
+	<target host="www.dentistry.leeds.ac.uk" />
+	<target host="www.digitalis.leeds.ac.uk" />
+
+	<target host="apollo3.ds.leeds.ac.uk" />
+	<target host="apollo4.ds.leeds.ac.uk" />
+	<target host="dsalumni3.ds.leeds.ac.uk" />
+
+	<target host="earth.leeds.ac.uk" />
+	<target host="autodiscover.earth.leeds.ac.uk" />
+	<target host="www.earth.leeds.ac.uk" />
+	<target host="autodiscover.education.leeds.ac.uk" />
+	<target host="autodiscover.ee.leeds.ac.uk" />
+	<target host="engineering.leeds.ac.uk" />
+	<target host="www.engineering.leeds.ac.uk" />
+	<target host="env.leeds.ac.uk" />
+	<target host="www.env.leeds.ac.uk" />
+	<target host="www.environment.leeds.ac.uk" />
+	<target host="www.epocs.leeds.ac.uk" />
+	<target host="autodiscover.estates.leeds.ac.uk" />
+	<target host="autodiscover.food.leeds.ac.uk" />
+	<!--target host="www.geog.leeds.ac.uk" /-->
+	<!--target host="hr.leeds.ac.uk" /-->
+	<target host="idp.leeds.ac.uk" />
+	<target host="impact.leeds.ac.uk" />
+	<target host="iss.leeds.ac.uk" />
+	<target host="www.iss.leeds.ac.uk" />
+	<target host="it.leeds.ac.uk" />
+	<target host="autodiscover.its.leeds.ac.uk" />
+	<target host="jobs.leeds.ac.uk" />
+	<target host="leedsforlife.leeds.ac.uk" />
+	<target host="leedsportal.leeds.ac.uk" />
+	<target host="library.leeds.ac.uk" />
+	<target host="blog.library.leeds.ac.uk" />
+	<target host="autodiscover.lubs.leeds.ac.uk" />
+	<target host="lubsws01.leeds.ac.uk" />
+	<target host="lubswww.leeds.ac.uk" />
+	<target host="staging.lubswww.leeds.ac.uk" />
+	<target host="lutube.leeds.ac.uk" />
+	<target host="outlook.leeds.ac.uk" />
+	<target host="passport01.leeds.ac.uk" />
+	<target host="passwordreset.leeds.ac.uk" />
+	<target host="dev.pdr.leeds.ac.uk" />
+	<target host="www.pdr.leeds.ac.uk" />
+	<target host="portal.leeds.ac.uk" />
+	<target host="www.pvac.leeds.ac.uk" />
+	<target host="pvac-cms.leeds.ac.uk" />
+	<target host="www.pvac-cms.leeds.ac.uk" />
+	<target host="pvac-forum.leeds.ac.uk" />
+	<target host="pvac-sites.leeds.ac.uk" />
+	<target host="pvac-webhost.leeds.ac.uk" />
+	<target host="qtool.leeds.ac.uk" />
+	<target host="rothaconference.leeds.ac.uk" />
+	<target host="www.rothaconference.leeds.ac.uk" />
+
+	<target host="bookings.see.leeds.ac.uk" />
+	<target host="doc.see.leeds.ac.uk" />
+	<target host="homepages.see.leeds.ac.uk" />
+
+	<target host="ses.leeds.ac.uk" />
+	<!--target host="staging.leeds.ac.uk" /-->
+	<target host="stars.leeds.ac.uk" />
+	<target host="stringeditions.leeds.ac.uk" />
+	<target host="studentservices.leeds.ac.uk" />
+	<target host="symplecticservices.leeds.ac.uk" />
+	<target host="uolr3.leeds.ac.uk" />
+	<target host="vlebb.leeds.ac.uk" />
+	<target host="wpad.leeds.ac.uk" />
+	<target host="www.wpad.leeds.ac.uk" />
+
+	<!--	Complications:
+				-->
 	<target host="leeds.ac.uk" />
-	<target host="*.leeds.ac.uk" />
+	<target host="adm.leeds.ac.uk" />
+	<target host="www.business.leeds.ac.uk" />
+	<target host="campus.leeds.ac.uk" />
+	<target host="www.cipeg.leeds.ac.uk" />
+	<target host="digitalis.leeds.ac.uk" />
+	<target host="www.ee.leeds.ac.uk" />
+	<target host="environment.leeds.ac.uk" />
+	<target host="epocs.leeds.ac.uk" />
+	<target host="helpdesk.leeds.ac.uk" />
+	<target host="www.leedsportal.leeds.ac.uk" />
+	<!--target host="music.leeds.ac.uk" /-->
+	<target host="www.portal.leeds.ac.uk" />
+	<target host="pvac.leeds.ac.uk" />
+	<target host="see.leeds.ac.uk" />
+	<target host="www.see.leeds.ac.uk" />
+	<target host="www.stringeditions.leeds.ac.uk" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://business\.leeds\.ac\.uk/(?:$|privacy/$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://business\.leeds\.ac\.uk/+(?!favicon\.ico|fileadmin/|typo3conf/|typo3temp/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://business.leeds.ac.uk/about-us/" />
+			<test url="http://business.leeds.ac.uk/about-us/our-people/staff-directory/" />
+			<test url="http://business.leeds.ac.uk/alumni/" />
+			<test url="http://business.leeds.ac.uk/contact-us/" />
+			<test url="http://business.leeds.ac.uk/for-business/" />
+			<test url="http://business.leeds.ac.uk/frequently-asked-questions/" />
+			<test url="http://business.leeds.ac.uk/privacy/" />
+
+			<!--	-ve:
+					-->
+			<test url="http://business.leeds.ac.uk/favicon.ico" />
+			<test url="http://business.leeds.ac.uk/fileadmin/public/Logos/EQUIS/EQUIS-dark-35.png" />
+			<test url="http://business.leeds.ac.uk/typo3conf/ext/lubs_template/Resources/Public/images/homeSlider-divide.png" />
+			<test url="http://business.leeds.ac.uk/typo3temp/vhs-assets-css-f1b108be43040a9ee00fa519fb8f5be5.png" />
+
+		<exclusion pattern="^http://campus\.leeds\.ac\.uk/(?!$|(?:accessibility-statement|legal)\.htm)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://campus.leeds.ac.uk/dpa/code.htm" />
+			<test url="http://campus.leeds.ac.uk/isms" />
+			<test url="http://campus.leeds.ac.uk/isms/policies/incident/index.htm" />
+			<test url="http://campus.leeds.ac.uk/phonechange" />
+
+			<!--	-ve:
+					-->
+			<test url="http://campus.leeds.ac.uk/accessibility-statement.htm" />
+			<test url="http://campus.leeds.ac.uk/legal.htm" />
+
 		<exclusion pattern="^http://(?:www\.)?chase\.leeds\.ac\.uk/(?!-/|archive/images/)" />
 
+			<!--	+ve:
+					-->
+			<test url="http://chase.leeds.ac.uk/browse/all/" />
+			<test url="http://chase.leeds.ac.uk/view/work/40" />
+
+		<!--exclusion pattern="^http://music\.leeds\.ac\.uk/(?!wp-content/)" /-->
+
+			<!--	+ve:
+					-->
+			<!--test url="http://music.leeds.ac.uk/about/" /-->
+
+		<!--	Redirects to http, 404s:
+						-->
+		<exclusion pattern="^http://(?:www\.)?see\.leeds\.ac\.uk/+\?" />
+
+			<!--	+ve:
+					-->
+			<test url="http://see.leeds.ac.uk//?" />
+			<test url="http://see.leeds.ac.uk/?" />
+			<test url="http://www.see.leeds.ac.uk//?" />
+			<test url="http://www.see.leeds.ac.uk/?" />
+
+			<!--	-ve:
+					-->
+			<test url="http://see.leeds.ac.uk/afar" />
+			<test url="http://see.leeds.ac.uk/home/" />
+			<test url="http://www.see.leeds.ac.uk/afar/new-afar/about-region/about-afar-region.html" />
+			<test url="http://www.see.leeds.ac.uk/home/" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://ses\.leeds\.ac\.uk/(?:$|events/event/\d+/\w+$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://ses\.leeds\.ac\.uk/+(?!images/|site/)" />
 
-	<securecookie host="^.+\.leeds\.ac\.uk$" name=".+" />
+			<!--	+ve:
+					-->
+			<test url="http://ses.leeds.ac.uk/events/event/157/ses_induction" />
+			<test url="http://ses.leeds.ac.uk/info/21070/quality_assurance" />
+			<test url="http://ses.leeds.ac.uk/info/21900/student_opportunity" />
 
+			<!--	-ve:
+					-->
+			<test url="http://ses.leeds.ac.uk/images/partridge_square.jpg" />
+			<test url="http://ses.leeds.ac.uk/site/custom_scripts/profile.php?id=9" />
+			<test url="http://ses.leeds.ac.uk/site/img/search.png" />
 
-	<rule from="^https?://(?:www\.)?((?:digitalis|environment|epocs|pvac)\.)?leeds\.ac\.uk/"
+		<test url="http://lubswww.leeds.ac.uk/restricted/login/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.leeds\.ac\.uk$" name="^(?:NSC_\w+|fos\.web\.server|runId)$" /-->
+	<!--securecookie host="^(?:hr|it|itinductions|www|xforms)\.leeds\.ac\.uk$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^lubswww\.leeds\.ac\.uk$" name="^(?:PHPSESSID|fe_typo_user)$" /-->
+	<!--securecookie host="^passwordreset\.leeds\.ac\.uk$" name="^(?:ASP\.NET_SessionId|LanguageName|SessionCookie)$" /-->
+	<!--securecookie host="^(?:leeds)?portal\.leeds\.ac\.uk$" name="^(?:UserAgentId|cookies)$" /-->
+	<!--securecookie host="^staging\.leeds\.ac\.uk$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^\.staging\.leeds\.ac\.uk$" name="^NSC_.*" /-->
+	<!--securecookie host="^uolr3\.leeds\.ac\.uk$" name="^sap-(?:appcontext|contextid)$" /-->
+	<!--securecookie host="^\.xforms\.leeds\.ac\.uk$" name="^TestCookie$" /-->
+
+	<securecookie host=".+\.leeds\.ac\.uk$" name=".+" />
+
+
+	<rule from="^http://((?:digitalis|environment|epocs|pvac)\.)?leeds\.ac\.uk/"
 		to="https://www.$1leeds.ac.uk/" />
 
-	<rule from="^http://(acceptonline|access|(?:www\.)?(?:alumni|arts|chase|cjs|earth|engineering|env|iss|pvac-cms|rothaconference|see|wpad)|applyonline|asd|autodiscover(?:(?:adm|as|bmb|chem|comp|earth|education|ee|estates|food|getech|its|llu|lubs)\.)?|awesome|www\.bioelectronics|blog|changemypassword|www\.comp|concussion|www\.dentistry|apollo\d\.ds|dsalumni3\.ds|www\.geo|impact|www\.its|leedsforlife|(?:blog\.)?library|lubsw(?:s01|ww)|lutube|outlook|(?:dev|www)\.pdr|pvac-(?:pvac-forum|webhost)|qtool|(?:bookings|doc|homepages)\.see|stars|studentservices|vlebb)\.leeds\.ac\.uk/"
+	<rule from="^http://adm\.leeds\.ac\.uk/.*"
+		to="https://www.leeds.ac.uk/" />
+
+		<test url="http://adm.leeds.ac.uk//" />
+
+	<rule from="^http://www\.(business|cipeg|leedsportal|portal|stringeditions)\.leeds\.ac\.uk/"
 		to="https://$1.leeds.ac.uk/" />
 
-	<rule from="^https?://adm\.leeds\.ac\.uk/(?:.*)"
-		to="https://www.leeds.ac.uk/" />
+	<rule from="^http://campus\.leeds\.ac\.uk/$"
+		to="https://www.leeds.ac.uk/forstaff/" />
 
-	<rule from="^https?://campus\.leeds\.ac\.uk/accessibility-statement\.htm"
+	<rule from="^http://campus\.leeds\.ac\.uk/accessibility-statement\.htm"
 		to="https://www.leeds.ac.uk/accessibility/" />
 
-	<rule from="^https?://campus\.leeds\.ac\.uk/legal\.htm"
+	<rule from="^http://campus\.leeds\.ac\.uk/legal\.htm"
 		to="https://www.leeds.ac.uk/terms/" />
 
-	<rule from="^https?://(?:www\.)?(business|cipeg|leedsportal|stringeditions)\.leeds\.ac\.uk/"
-		to="https://$1.leeds.ac.uk/" />
+	<rule from="^http://www\.ee\.leeds\.ac\.uk/[^?]*"
+		to="https://www.engineering.leeds.ac.uk/electronic" />
+
+		<test url="http://www.ee.leeds.ac.uk//" />
 
-	<rule from="^https?://www\.ee\.leeds\.ac\.uk/(?:[^\?]*)(\?.*)"
-		to="https://www.engineering.leeds.ac.uk/electronic$1" />
+	<!--	Redirect drops path, args,
+		and forward slash:
+					-->
+	<rule from="^http://helpdesk\.leeds\.ac\.uk/.*"
+		to="https://it.leeds.ac.uk/" />
 
-	<rule from="^https?://jobs\.leeds\.ac\.uk/(?:\?.*)?$"
-		to="https://ig29.i-grasp.com/fe/tpl_universityofleeds01.asp" />
+		<test url="http://helpdesk.leeds.ac.uk/index.php" />
 
-	<rule from="^https?://jobs\.leeds\.ac\.uk/"
-		to="https://ig29.i-grasp.com/" />
+	<!--rule from="^http://music\.leeds\.ac\.uk/wp-content/"
+		to="https://pvac-webhost.leeds.ac.uk/wp-content/" /-->
 
-	<rule from="^https?://music\.leeds\.ac\.uk/wp-content/"
-		to="https://pvac-webhost.leeds.ac.uk/wp-content/" />
+	<rule from="^http://(?:www\.)?see\.leeds\.ac\.uk/+(?=$|\?)"
+		to="https://www.see.leeds.ac.uk/home/" />
 
-	<rule from="^https?://(?:www\.)?portal\.leeds\.ac\.uk/"
-		to="https://leedsportal.leeds.ac.uk/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/University_of_Leicester.xml b/src/chrome/content/rules/University_of_Leicester.xml
index db9bb578663f..f8c962c3aa5d 100644
--- a/src/chrome/content/rules/University_of_Leicester.xml
+++ b/src/chrome/content/rules/University_of_Leicester.xml
@@ -23,7 +23,13 @@
 <ruleset name="University of Leicester (partial)">
 
 	<target host="le.ac.uk" />
-	<target host="*.le.ac.uk" />
+	<target host="www.le.ac.uk" />
+	<target host="myleicester.le.ac.uk" />
+	<target host="www.myleicester.le.ac.uk" />
+	<target host="www2.le.ac.uk" />
+	<target host="swww2.le.ac.uk" />
+	<target host="physics.le.ac.uk" />
+	<target host="www.physics.le.ac.uk" />
 
 
 	<securecookie host="^physics\.le\.ac\.uk" name=".+" />
@@ -32,10 +38,9 @@
 	<rule from="^http://(?:www\.)?le\.ac\.uk/"
 		to="https://www.le.ac.uk/" />
 
-	<rule from="^http://((?:www\.)?myleicester|s?www2)\.le\.ac\.uk/"
-		to="https://$1.le.ac.uk/" />
 
 	<rule from="^http://(?:www\.)?physics\.le\.ac\.uk/"
 		to="https://physics.le.ac.uk/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/University_of_Louisville.xml b/src/chrome/content/rules/University_of_Louisville.xml
index b8db72b034c5..d9162511dce4 100644
--- a/src/chrome/content/rules/University_of_Louisville.xml
+++ b/src/chrome/content/rules/University_of_Louisville.xml
@@ -34,7 +34,7 @@
 
 	<!--	Redirects as so.
 					-->
-	<rule from="^https?://admissions\.louisville\.edu/(?:.*)"
+	<rule from="^http://admissions\.louisville\.edu/(?:.*)"
 		to="https://louisville.edu/admissions/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/University_of_Maine.xml b/src/chrome/content/rules/University_of_Maine.xml
index 153c1b5b2d50..eb8c7b9e907c 100644
--- a/src/chrome/content/rules/University_of_Maine.xml
+++ b/src/chrome/content/rules/University_of_Maine.xml
@@ -26,7 +26,6 @@
 
 	<target host="umaine.edu" />
 	<target host="*.umaine.edu" />
-	<target host="www.*.umaine.edu" />
 	<target host="*.umext.maine.edu" />
 
 
@@ -36,13 +35,13 @@
 	<rule from="^http://((?:mainestreetcs|peportal|plugged-in\.umext|www)\.)?umaine\.edu/"
 		to="https://$1umaine.edu/" />
 
-	<rule from="^https?://(?:www\.)?(calendar(?:-dev)?|extension|go)\.umaine\.edu/"
+	<rule from="^http://(?:www\.)?(calendar(?:-dev)?|extension|go)\.umaine\.edu/"
 		to="https://$1.umaine.edu/" />
 
-	<rule from="^https?://extensionpubs.umext.maine.edu/(?:$|\?.*)"
+	<rule from="^http://extensionpubs\.umext\.maine\.edu/(?:$|\?.*)"
 		to="https://epos2-phx.sequoiars.com/ePOS?store=413&amp;form=shared3%2findex.html" />
 
-	<rule from="^https?://extensionpubs\.umext\.maine\.edu/ePOS"
+	<rule from="^http://extensionpubs\.umext\.maine\.edu/ePOS"
 		to="https://epos2-phx.sequoiars.com/ePOS" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/University_of_Maine_System-problematic.xml b/src/chrome/content/rules/University_of_Maine_System-problematic.xml
index 6360092c4349..724db493e729 100644
--- a/src/chrome/content/rules/University_of_Maine_System-problematic.xml
+++ b/src/chrome/content/rules/University_of_Maine_System-problematic.xml
@@ -2,13 +2,12 @@
 	For rules that are on by default, see University_of_Maine_System.xml.
 
 -->
-<ruleset name="University of Maine System (problematic)" default_off="self-signed">
+<ruleset name="Maine.edu (problematic)" default_off="self-signed">
 
 	<target host="online.maine.edu" />
 	<target host="thinkmissionexcellence.maine.edu" />
 
 
-	<rule from="^http://(online|thinkmissionexcellence)\.maine\.edu/"
-		to="https://$1.maine.edu/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/University_of_Maine_System.xml b/src/chrome/content/rules/University_of_Maine_System.xml
index a4ce372d3260..76543f77d9c8 100644
--- a/src/chrome/content/rules/University_of_Maine_System.xml
+++ b/src/chrome/content/rules/University_of_Maine_System.xml
@@ -1,21 +1,29 @@
 <!--
-	For problematic rules, see University_of_Maine_System-problematic.xml.
-
-
-	Nonfunctional subdomains:
+	University of Maine System
 
-		- ^	(shows tree; expired 2011-07-14, self-signed, CN: cps.maine.edu)
+	For problematic rules, see University_of_Maine_System-problematic.xml.
 
 
 	Problematic subdomains:
 
+		- ^ ¹
+		- web.eece ²
+		- livehelp.its ²
+		- umsweb2013lb.its ³
 		- online			(works; expired 2012-12-19, self-signed)
 		- thinkmissionexcellence	(works, self-signed)
 
+	¹ Refused
+	² Self-signed
+	³ Mismatched
+
 
 	Partially covered subdomains:
 
-		- www	(some data differ)
+		- umsweb2013lb.its *	(→ www)
+		- (www.) *		(^ → www)
+
+	* Avoiding broken MCB
 
 
 	Fully covered subdomains:
@@ -23,20 +31,62 @@
 		- learn
 		- mainestreet
 		- peportal
+		- staticweb
 		- think
 
+
+	Insecure cookies are set for these domains:
+
+		- livehelp.its.maine.edu
+		- think.maine.edu
+		- www.maine.edu
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- online from livehelp.its
+			- online from $self
+			- www from $self *
+			- www from umsweb2013lb.its *
+
+		- css, on:
+
+			- www from $self *
+			- www from fonts.googleapis.com *
+
+	* Secured by us
+
 -->
-<ruleset name="University of Maine System (partial)">
+<ruleset name="Maine.edu (partial)">
 
 	<target host="*.maine.edu" />
-		<exclusion pattern="^http://www\.maine\.edu/(?!favicon\.ico|peoplesearch(?:$|\?|/))" />
+		<!--
+			Avoid broken MCB:
+						-->
+		<exclusion pattern="^http://(?:umsweb2013lb\.its\.|www\.)?maine\.edu/+(?!favicon\.ico|peoplesearch(?:$|\?|/)|wp-content/|wp-includes/)" />
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^livehelp\.its\.maine\.edu$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^think\.maine\.edu$" name="^(BIGipServer~PublicWeb~Think_Maine_ipv4_https.app~Think_Maine_ipv4_https_pool|PHPSESSID)$" /-->
+	<!--securecookie host="^www\.maine\.edu$" name="^avr_(\d+_0){3}$" /-->
 
 	<!--securecookie host="^\.maine\.edu$" name=".+" /-->
-	<securecookie host="^peportal\.maine\.edu$" name=".+" />
+	<securecookie host="^(?:peportal|think)\.maine\.edu$" name=".+" />
+
+
+	<!--	Redirect drops path and args:
+						-->
+	<rule from="^http://maine\.edu/.*"
+		to="https://www.maine.edu/" />
 
+	<rule from="^http://umsweb2013lb\.its\.maine\.edu/"
+		to="https://www.maine.edu/" />
 
-	<rule from="^http://(learn|mainestreet|peportal|think|www)\.maine\.edu/"
+	<rule from="^http://(learn|mainestreet|peportal|staticweb|think|www)\.maine\.edu/"
 		to="https://$1.maine.edu/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/University_of_Mainz-falsemixed.xml b/src/chrome/content/rules/University_of_Mainz-falsemixed.xml
index 54efac13cdd5..51b6f5daf470 100644
--- a/src/chrome/content/rules/University_of_Mainz-falsemixed.xml
+++ b/src/chrome/content/rules/University_of_Mainz-falsemixed.xml
@@ -1,18 +1,17 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.zdv.uni-mainz.de/ => https://www.zdv.uni-mainz.de/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
 	For rules not causing false/broken MCB, see University_of_Mainz.xml.
 
 -->
-<ruleset name="University of Mainz (false MCB)" platform="mixedcontent">
+<ruleset name="Uni-Mainz.de (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
 
-	<target host="www.*.uni-mainz.de" />
-	<target host="www.uni-mainz.de" />
-		<!--
-			Handled in University_of_Mainz.xml:
-								-->
-		<!--exclusion pattern="^http://www(\.sfv|\.sport|\.zdv)?\.uni-mainz\.de/(\w+\.css|\w+\.js|Bilder_(allgemein|zentral)/|config/|favicon\.ico|Illustrationen/|pix/)" /-->
+	<target host="www.zdv.uni-mainz.de" />
 
 
-	<rule from="^http://www(\.sfv|\.sport|\.zdv)?\.uni-mainz\.de/(?!\w+\.css|\w+\.js|Bilder_(?:allgemein|zentral)/|config/|favicon\.ico|Illustrationen/|pix/)"
-		to="https://www$1.uni-mainz.de/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/University_of_Mainz-problematic.xml b/src/chrome/content/rules/University_of_Mainz-problematic.xml
deleted file mode 100644
index d26e50905b7c..000000000000
--- a/src/chrome/content/rules/University_of_Mainz-problematic.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	For rules that are on by default, see University_of_Mainz.xml.
-
-
-	NB: We secure all resources, and thus
-	platform should be removed with Ffx 24.
-
--->
-<ruleset name="University of Mainz (problematic)" default_off="mismatched" platform="mixedcontent">
-
-	<target host="www.e-learning.uni-mainz.de" />
-
-
-	<rule from="^http://www\.e-learning\.uni-mainz\.de/"
-		to="https://www.e-learning.uni-mainz.de/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/University_of_Mainz.xml b/src/chrome/content/rules/University_of_Mainz.xml
index d4ea3147fbc7..bcef5f2261aa 100644
--- a/src/chrome/content/rules/University_of_Mainz.xml
+++ b/src/chrome/content/rules/University_of_Mainz.xml
@@ -1,136 +1,216 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.staff.uni-mainz.de/ => https://www.staff.uni-mainz.de/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.students.uni-mainz.de/ => https://www.students.uni-mainz.de/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://opac-test.ub.uni-mainz.de/ => https://opac-test.ub.uni-mainz.de/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.zdv.uni-mainz.de/ => https://www.zdv.uni-mainz.de/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://uni-mainz.de/ => https://www.$uni-mainz.de/: (6, 'Could not resolve host: www.$uni-mainz.de')
+Fetch error: http://zdv.uni-mainz.de/ => https://www.$uni-mainz.de/: (6, 'Could not resolve host: www.$uni-mainz.de')
+
 	Johannes Gutenberg University of Mainz
 
 	For rules causing false/broken MCB, see University_of_Mainz-falsemixed.xml.
 
-	For problematic rules, see University_of_Mainz-problematic.xml.
-
 
-	Nonfunctional subdomains:
+	Nonfunctional hosts in *uni-mainz.de:
 
+		- www.70jahreA *
 		- www.asta *
-		- www.medienzentrum ***
-		- ftpthep.physik **
-		- wwwthep.physik **
-		- www.rewi ***
-
-		- ub subdomains:
-
-			- appserv	(shows another domain, expired 2007-05-27)
-			- pica41	(reset)
-			- www *
-
-		- wiwi ***
+		- www.botgarten *
+		- www.career *
+		- www.campus-tv *
+		- www.kinderuni *
+		- www.musik *
+		- www.thep.physik *
+		- wwwthep.physik ʳ
+		- www.rewi *
+		- www.sammlungen *
+		- www.stiftung-jgsp *
+		- www.studgen *
+
+		- in *ub:
+
+			- appserv ᵃ
+			- pica41 ᵗ
+
+		- www.puc.verwaltung *
+		- wiwi *
+		- status.zdv *
+		- www.zww *
 
 	* Shows wwwvh.zdv, valid cert
-	** Refused
-	*** Shows wwwvh.zdv; mismatched, CN: wwwvh.zdv.uni-mainz.de
+	ᵃ Shows another domain
+	ʳ Refused
+	ᵗ Reset
 
 
-	Problematic subdomains:
+	Problematic hosts in *uni-mainz.de:
 
-		- www.e-learning	(works; mismatched, CN: wwwvh.zdv.uni-mainz.de)
+		- ^ ⁴
+		- www.e-learning ᵐ
+		- zdv ⁴
 
+	ᵗ 404, preemptable redirect
+	ᵐ Mismatched
 
-	Partially covered subdomains:
 
-		- www.sfz *
-		- www.sport *
+	Partially covered hosts in *uni-mainz.de:
 
-		- ub subdomains:
+		- in *ub:
 
-			- lokalsystem **
-			- lokalsystem-test **
-			- pica71 **
-			- pica81 **
+			- lokalsystem *
+			- lokalsystem-test *
+			- pica71 *
+			- pica81 *
 
-		- www *
-		- www.zdv *
+		- www.zdv ˣ
 
-	* Avoiding false/broken MCB, rest handled in University_of_Mainz-falsemixed.xml
-	** $ differs
+	* $ differs
+	ˣ Avoiding false/broken MCB, rest handled in University_of_Mainz-falsemixed.xml
 
 
-	Fully covered subdomains:
+	These altnames do not exist:
 
-		- www.pruefungsamt.jura
-		- ilias
-		- www.staff
-		- www.students
+		- staff.uni-mainz.de
+		- students.uni-mainz.de
 
-		- ub subdomains:
 
-			- opac
-			- opac-test
-			- pica7
-			- pica8
+	Insecure cookies are set for these hosts:
 
-		- pa.wiwi
-		- webstats.zdv
-		- wwwvh.zdv
+		- ilias.uni-mainz.de
+		- www.international.uni-mainz.de
+		- www.international-office.uni-mainz.de
+		- moodule.uni-mainz.de
+		- opac.ub.uni-mainz.de
+		- opac-test.ub.uni-mainz.de
+		- pica7.ub.uni-mainz.de
+		- pica8.ub.uni-mainz.de
 
 
 	Mixed content:
 
-		- Scripts, on:
-
-			- www.e-learning from www.zdv *
-			- www.sfv from www.zdv *
-			- www.sport from www.zdv *
-			- www from www.zdv *
-			- www.zdv from www.zdv *
-
 		- css, on:
 
-			- www.e-learning from www.zdv *
-			- www.sport from www.zdv *
-			- www from www.zdv *
-			- www.zdv from www.zdv *
-			- wwwvh.zdv from www.zdv **
+			- www.zdv from $self ˢ
+			- wwwvh.zdv from www.zdv *
 
 		- Images, on:
 
-			- www.e-learning from www.zdv *
-			- lokalsystem.ub from appserv.ub ***
-			- www.sfv from www.zdv *
-			- www.sport from www.zdv *
-			- www from www.zdv *
-			- www.zdv from www.zdv *
-
-		- Web bug on www.zdv from webstats.zdv *
+			- www.e-learning, www.ub from www.blogs.uni-mainz.de
+			- www.e-learning from www.uni-mainz.de ˢ
+			- lokalsystem.ub from appserv.ub ᵘ
+			- www.medienzentrum from www.glk.uni-mainz.de
+			- www.zdv from $self ˢ
 
-	* Secured by us
-	** Secured by us, negligible effect
-	*** Unsecurable, doesn't trip MCB
+		- Bugs on univis from webstats.zdv.uni-mainz.de ˢ
 
-
-	www and www.zdv are in a separate falsemixed
-	ruleset due to css and scripts from www.zdv.
-
-	NB: We secure all resources, and thus
-	-falsemixed should be merged for Ffx 24.
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+	* Negligible effect
+	ᵘ Unsecurable, doesn't trip MCB
 
 -->
-<ruleset name="University of Mainz (partial)">
+<ruleset name="Uni-Mainz.de (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.blogs.uni-mainz.de" />
+	<target host="www.campusradio.uni-mainz.de" />
+	<target host="www.cs.uni-mainz.de" />
+	<target host="www.elearning.uni-mainz.de" />
+	<target host="ilias.uni-mainz.de" />
+	<target host="www.international.uni-mainz.de" />
+	<target host="www.international-office.uni-mainz.de" />
+	<target host="jogustine.uni-mainz.de" />
+	<target host="login.uni-mainz.de" />
+	<target host="www.medienzentrum.uni-mainz.de" />
+	<target host="moodle.uni-mainz.de" />
+	<target host="moodle-test.uni-mainz.de" />
+	<target host="www.pruefungsamt.jura.uni-mainz.de" />
+	<target host="reader.uni-mainz.de" />
+	<target host="www.sfz.uni-mainz.de" />
+	<target host="sport.uni-mainz.de" />
+	<target host="www.sport.uni-mainz.de" />
+	<target host="www.staff.uni-mainz.de" />
+	<target host="www.students.uni-mainz.de" />
+	<target host="www.studium.uni-mainz.de" />
+
+	<target host="katalogportalmainz.ub.uni-mainz.de" />
+	<target host="lokalsystem.ub.uni-mainz.de" />
+	<target host="lokalsystem-test.ub.uni-mainz.de" />
+	<target host="opac.ub.uni-mainz.de" />
+	<target host="opac-test.ub.uni-mainz.de" />
+	<target host="pica7.ub.uni-mainz.de" />
+	<target host="pica71.ub.uni-mainz.de" />
+	<target host="pica8.ub.uni-mainz.de" />
+	<target host="pica81.ub.uni-mainz.de" />
+	<target host="www.ub.uni-mainz.de" />
+
+	<target host="univis.uni-mainz.de" />
+	<target host="pa.wiwi.uni-mainz.de" />
+	<target host="www.uni-mainz.de" />
+
+	<target host="webstats.zdv.uni-mainz.de" />
+	<target host="www.zdv.uni-mainz.de" />
+	<target host="wwwvh.zdv.uni-mainz.de" />
+
+		<!--	$ differs:
+					-->
+		<exclusion pattern="^http://(?:lokalsystem(?:-test)?|pica[78]1)\.ub\.uni-mainz\.de/(?!cgi-bin/|OPC-IMAGES(?:-NEW)?/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://lokalsystem.ub.uni-mainz.de/index.htm" />
+			<test url="http://lokalsystem-test.ub.uni-mainz.de/index.htm" />
 
-	<target host="*.uni-mainz.de" />
-		<!--
-			Avoid false/broken MCB:
+			<!--	-ve:
+					-->
+			<test url="http://lokalsystem.ub.uni-mainz.de/OPC-IMAGES-NEW/img_psi/2.0/gui/white.gif" />
+			<test url="http://lokalsystem-test.ub.uni-mainz.de/OPC-IMAGES-NEW/img_psi/2.0/gui/white.gif" />
+			<test url="http://pica71.ub.uni-mainz.de/OPC-IMAGES-NEW/img_psi/2.0/gui/white.gif" />
+			<test url="http://pica81.ub.uni-mainz.de/OPC-IMAGES-NEW/img_psi/2.0/gui/white.gif" />
+			<test url="http://pica71.ub.uni-mainz.de/OPC-IMAGES/hermes/search//bullet.gif" />
+			<test url="http://pica81.ub.uni-mainz.de/OPC-IMAGES/hermes/search//bullet.gif" />
+			<test url="http://lokalsystem.ub.uni-mainz.de/OPC-IMAGES/hermes/search//bullet.gif" />
+			<test url="http://lokalsystem-test.ub.uni-mainz.de/OPC-IMAGES/hermes/search//bullet.gif" />
+
+		<!--	Avoid false/broken MCB:
 						-->
-		<!--exclusion pattern="^http://www\.(sfv|sport)\.uni-mainz\.de/(?!Bilder_allgemein/|Bilder_zentral/|favicon\.ico)" /-->
-		<!--exclusion pattern="^http://www\.uni-mainz\.de/(?!Bilder_allgemein/|Bilder_zentral/|favicon\.ico|Illustrationen/)" /-->
-		<!--exclusion pattern="^http://www\.zdv\.uni-mainz\.de/(?!\w+\.css|\w+\.js|Bilder_allgemein/|Bilder_zentral/|config/|favicon\.ico|Illustrationen/|pix/)" /-->
-		<exclusion pattern="^http://www(?:\.sfv|\.sport|\.zdv)?\.uni-mainz\.de/(?!\w+\.css|\w+\.js|Bilder_(?:allgemein|zentral)/|config/|favicon\.ico|Illustrationen/|pix/)" />
-		<!--
-			$ differs:
+		<exclusion pattern="^http://www\.zdv\.uni-mainz\.de/umleitungen/" />
+
+			<!--	+ve:
 					-->
-		<exclusion pattern="^http://(?:lokalsystem(?:-test)?|pica[78]1)\.ub\.uni-mainz\.de/(?!cgi-bin/|OPC-IMAGES(?:-NEW)?/)" />
+			<test url="http://www.zdv.uni-mainz.de/umleitungen/staff.html" />
+			<test url="http://www.zdv.uni-mainz.de/umleitungen/studierende.html" />
 
+		<!--	$ shows default page, so:
+							-->
+		<test url="http://login.uni-mainz.de/adfs/ls?version=1.0&amp;action=signin&amp;realm=&amp;appRealm=&amp;returnUrl=&amp;client-request-id=" />
+
+	<!--	Complications:
+				-->
+	<target host="uni-mainz.de" />
+	<target host="www.e-learning.uni-mainz.de" />
+	<target host="zdv.uni-mainz.de" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^ilias\.uni-mainz\.de$" name="^(?:iClientId|iltest|PHPSESSID)$" /-->
+	<!--securecookie host="^www\.international(?:-office)?\.uni-mainz\.de$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^moodle\.uni-mainz\.de$" name="^MoodleSession$" /-->
+	<!--securecookie host="^(?:opac|opac-test|pica[78])\.ub\.uni-mainz\.de$" name="^(?:DB|PSC_1)$" /-->
 
 	<securecookie host="^(?:ilias|opac(?:-test)?\.ub|pica[78]\.ub)\.uni-mainz\.de$" name=".+" />
 
 
-	<rule from="^http://(ilias|www\.(?:pruefungsamt\.jura|sfv|staff|students)|(?:(?:lokalsystem|opac)(?:-test)?|pica[78]1?)\.ub|pa\.wiwi|www|(?:webstats|www|wwwvh)\.zdv)\.uni-mainz\.de/"
-		to="https://$1.uni-mainz.de/" />
+	<rule from="^http://(zdv\.)?uni-mainz\.de/"
+		to="https://www.$uni-mainz.de/" />
+
+	<rule from="^http://www\.e-learning\.uni-mainz\.de/"
+		to="https://www.elearning.uni-mainz.de/" />
+
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/University_of_Manchester.xml b/src/chrome/content/rules/University_of_Manchester.xml
index 6679a7808485..1f89f9437cb8 100644
--- a/src/chrome/content/rules/University_of_Manchester.xml
+++ b/src/chrome/content/rules/University_of_Manchester.xml
@@ -22,6 +22,7 @@
 		- assets
 		- cdt.cs
 		- staffnet.cs
+		- utopia.cs
 		- www.cs
 		- login
 
@@ -41,7 +42,7 @@
 	<rule from="^http://(?:www\.)?manchester\.ac\.uk/([\w-]+\.(?:jpg|JPG)$|favicon\.ico|media(?:library)?/)"
 		to="https://www.manchester.ac.uk/$1" />
 
-	<rule from="^http://(assets|(?:cdt|staffnet|www)\.cs|login)\.manchester\.ac\.uk/"
+	<rule from="^http://(assets|(?:cdt|staffnet|utopia|www)\.cs|login)\.manchester\.ac\.uk/"
 		to="https://$1.manchester.ac.uk/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/University_of_North_Carolina_at_Greensboro.xml b/src/chrome/content/rules/University_of_North_Carolina_at_Greensboro.xml
index ca401b20be11..eccf1c8ff613 100644
--- a/src/chrome/content/rules/University_of_North_Carolina_at_Greensboro.xml
+++ b/src/chrome/content/rules/University_of_North_Carolina_at_Greensboro.xml
@@ -61,4 +61,4 @@
 	<rule from="^http://inspirechange\.uncg\.edu/(\?.*)?$"
 		to="https://ure.uncg.edu/features/$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/University_of_Notre_Dame.xml b/src/chrome/content/rules/University_of_Notre_Dame.xml
index f78e0dda4e42..ca980f2d6d06 100644
--- a/src/chrome/content/rules/University_of_Notre_Dame.xml
+++ b/src/chrome/content/rules/University_of_Notre_Dame.xml
@@ -1,84 +1,473 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://nd.edu/ => https://nd.edu/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
 	Nonfunctional subdomains:
 
-		- rarebooks.library	(redirects to ^library, valid cert)
+		- ace ¹
+		- www.alumni ²
+		- archives ¹
+		- www.archives ²
+		- asklib ³
+		- bizmagazine ⁴
+		- conferences ⁴
+		- donate2 ²
+		- esc ¹
+		- grc ⁵
+		- kroc ⁵
+
+		- library subdomains:
+
+			- 50years ⁶
+			- catalog ⁶
+			- ndcatalogplus ⁶
+			- onesearch ⁴
+			- rarebooks ⁷
+
+		- morrisinn ⁸
+		- my ⁹
+		- mynotredame ²
+		- ocw ²
+		- or ⁵
+		- photos ᵃ
+		- undpress ᵇ
+
+	¹ Plaintext reply
+	² Dropped
+	³ Redirects to http
+	⁴ 404
+	⁵ Refused
+	⁶ Redirects to ^library
+	⁷ Redirect loop
+	⁸ Shows enigma; mismatched, CN: enigma.orourkehospitality.com
+	⁹ 403
+	ᵃ 403; mismatched, CN: astra.io
+	ᵇ Shows another domain
 
 
 	Problematic subdomains:
 
-		- ndtoday.alumni **
-		- archives		(http reply)
-		- www.archives		(dropped)
-		- www.corecurriculum *
-		- inside		(mismatched, CN: www3.nd.edu)
-		- internationalalumni **
-		- www.latinostudies *
-		- www.law *
-		- onesearch.library	(data differ)
-		- mynotredame **
-		- www.news *
-		- www.opac *
-		- www.provost *
-		- www.registrar ***
-		- www.today *
-		- youngalumni **
-
-	* 403, cert only matches *.nd.edu
-	** Works; mismatched, CN: *.imodules.com
-	*** Works, cert only matches *.nd.edu
+		- ndtoday.alumni ¹
+		- cancerresearch ²
+		- communityrelations ³
+		- www.corecurriculum ⁴
+		- wiki.crc ⁵
+		- www.dante ⁶
+		- ee ⁷
+		- emergency ⁸
+		- enlighten ³
+		- givingtond ⁹
+		- gmail ᵃ
+		- www.gsu ⁴
+		- internationalalumni ¹
+		- www.latinostudies ⁴
+		- www.law ⁴
+		- onesearch.library ᵇ
+		- map ᶜ
+		- mynotredame ¹
+		- www.news ⁴
+		- www.opac ⁴
+		- orlh ²
+		- www.provost ⁴
+		- www.rarebooks ⁶
+		- www.registrar ⁶
+		- riskmgt ᵈ
+		- www.today ⁴
+		- webmail ᵉ
+		- youngalumni ¹
+
+	¹ Works; mismatched, CN: *.imodules.com
+	² 404
+	³ 403
+	⁴ 403, cert only matches *.nd.edu
+	⁵ Works, self-signed
+	⁶ Works, cert only matches *.nd.edu
+	⁷ Mismatched, CN: engineering.nd.edu
+	⁸ Server is configured for rc4 only
+	⁹ Dropped
+	ᵃ Google
+	ᵇ Data differ
+	ᶜ Works; expired, self-signed
+	ᵈ Mixed css from www
+	ᵉ Works; expired, mismatched
+
+
+	Partially covered subdomains:
+
+		- calendar ¹
+		- (www.)gsu ²		(www → ^)
+		- performingarts ¹
+		- policy ²
+		- www.rarebooks		(→ www.library)
+		- riskmgt ²
+		- www.undpress		(→ www3)
+
+	¹ At least some pages redirect to http.
+	² Avoiding false/broken MCB
 
 
 	Fully covered subdomains:
 
 		- (www.)
+		- accounts
+		- acms
+		- admissions
+		- africana
+		- al
+		- ame
+		- annualreport2013
+		- applymsba
+		- applymsf
 		- apps
+		- architect
+		- architecture
+		- assyst
+		- auxiliaryoperations
+		- biology
+		- blogs
+		- budget
+		- buildingcommunities
+		- business
+		- webapp.business
+		- buy
+		- campusmail
+		- campusministry
+		- campussafety
+		- cancerresearch	(→ harpercancer)
+		- careercenter
+		- cbe
 		- inside-p.cc
+		- ccf
+		- ccsp
+		- cee
+		- ceees
+		- cemetery
+		- centerformath
+		- centerforsocialconcerns
+		- centralreceiving
+		- chemistry
+		- classics
+		- commencement
+		- communityrelations	(→ publicaffairs)
+		- communitystandards
+		- conductor
+		- continuousimprovement
+		- controller
 		- (www.)corecurriculum	(www → ^)
-		- inside		(→ inside-p.cc)
+		- creativecomputing
+		- creekhouse
+		- creo
+		- cse
+		- cslc
+		- csr
+		- csrs
+		- (www.)dante		(www → ^)
+		- disabilityservices
+		- diversity
+		- donate
+		- (www.)ee		(^ → www)
+		- dulac
+		- emergency
+		- endeavor
+		- energy
+		- engineering
+		- english
+		- enlighten
+		- equity
+		- facultyhandbook
+		- fieldhousemall
+		- finance
+		- financialaid
+		- flowershop
+		- food
+		- fsntserv.foodserv
+		- forum2008
+		- fys
+		- generalservices
+		- globalhealth
+		- gmail			(→ mail.google.com)
+		- gradlife
+		- graduateschool
+		- green
+		- harpercancer
+		- help
+		- homeunderthedome
+		- honorcode
+		- housing
+		- hr
+		- greentree.hr
+		- iei
+		- inside
+		- international
+		- investment
+		- irish1card
+		- irishlanguage
+		- irishonline
+		- irishstudies
+		- www.irsurvey
+		- issa
+		- jobs
+		- kaneb
+		- kellogg
+		- lafortune
 		- (www.)latinostudies	(www → ^)
 		- (www.)law		(www → ^)
 		- encore.law
-		- (www.)library
-		- asset.library
+		- innopac.law
+		- learning
+		- least
+
+		- library subdomains:
+
+			- (www.)
+			- alephprod
+			- asset
+			- bic
+			- chemistry
+			- discover
+			- ejl
+			- engineering
+			- eresources
+			- factotum
+			- guides
+			- link
+			- m
+			- onesearch
+			- radlab
+			- xerxes
+
+		- listserv
+		- login
+		- magazine
+		- marcomm
+		- marketplace
+		- medieval
+		- msba
+		- msf
+		- msps
+		- nanovic
+		- ndfd
+		- ndsp
 		- (www.)news		(www → ^)
+		- newsinfo
+		- och
+		- offcampus
+		- oit
+		- oithelp
+		- old2gold
 		- (www.)opac
+		- orlh			(→ housing)
+		- osa
+		- ospir
+		- ott
+		- patentlaw
+		- physics
+		- playlikeachampion
+		- politicalscience
+		- postdocs
+		- precollege
+		- preprofessional
+		- president
+		- prism
 		- (www.)provost		(www → ^)
+		- publicaffairs
+		- realestate
+		- recsports
+		- recycling
 		- (www.)registrar	(www → ^)
+		- remix
+		- renovare
+		- research
+		- riskmanagement
+		- riskmgt
+		- sac
+		- sakai
+		- sakailogin
+		- sao
+		- science
+		- search
+		- shakespeare
+		- shop
 		- sniteartmuseum
+		- socialconcerns
+		- sociology
+		- sp
+		- solution
+		- sri
+		- stemeducation
+		- step
+		- stepancenter
+		- strategicplan
+		- studentaccounts
+		- studentaffairs
+		- studentemployment
+		- supporting
+		- surplus
 		- (www.)today		(www → ^)
+		- transportation
+		- travel
+		- treasury
+		- trio
+		- uc
+		- ucc
+		- uhs
+		- utilities
+		- was
+		- webfile
+		- weddingplanner
+		- wellness
+		- wiki
+		- wireless
 		- www3
+		- youthsports
+
+
+	These altnames don't exist:
+
+		- irsurvey.nd.edu
+
+
+	Mixed content:
+
+		- css, on:
+
+			- admissions, creativecomputing, and registrar from fonts.googleapis.com ¹
+			- budget from finance ²
+			- guides.library from www.library ²
+			- listserv from www ²
+			- policy from $self ¹
+			- riskmgt from www ¹
+
+		- Images, on:
+
+			- apps from www ¹
+			- architect from conductor ¹
+			- architect from news ¹
+			- webapp.business from business ¹
+			- calendar from $self ¹
+			- centerforsocialconcerns from socialconcerns ¹
+			- chemistry from news ¹
+			- csr from conductor ¹
+			- (www.)dante from www ¹
+			- diversity from $self ¹
+			- energy from news ¹
+			- engineering from $self ¹
+			- help from $self ¹
+			- investment from www ¹
+			- least from $self ¹
+			- eresources.library from www.library ¹
+			- marketplace from $self ¹
+			- nanovic from rarebooks.library ³
+			- ndsp from conductor ¹
+			- news from www ¹
+			- old2gold from conductor ¹
+			- ospir from conductor ¹
+			- policy from emergency ¹
+			- preprofessional from news ¹
+			- preprofessional from science ¹
+			- science from news ¹
+			- science from www ¹
+			- socialconcerns from $self ¹
+
+		- Bugs, on:
+
+			- learning from i.creativecommons.org ¹
+			- marketplace from www.google.com ¹
+
+	¹ Secured by us
+	² Secured by us, minor
+	³ Unsecurable
 
 -->
-<ruleset name="University of Notre Dame (partial)">
+<ruleset name="University of Notre Dame (partial)" default_off="failed ruleset test">
 
 	<target host="nd.edu" />
 	<target host="*.nd.edu" />
+		<exclusion pattern="^http://riskmgt\.nd\.ed/+(?!favicon\.ico|images/|stylesheets/)" />
+		<exclusion pattern="^http://calendar\.nd\.edu/+(?!(?:[\w.]+/)?themes/)" />
+		<exclusion pattern="^http://(?:www\.)?gsu\.nd\.edu/+(?!assets/|favicon\.ico|images/|stylesheets/)" />
+		<exclusion pattern="^http://performingarts\.nd\.edu/+(?!css/|favicon\.ico|images/)" />
+		<exclusion pattern="^http://policy\.nd\.edu/+(?!assets/|favicon\.ico)" />
 
 
-	<!--	Can these cookies be secured safely?
-							-->
+	<!--	Secured by server:
+					-->
+	<!--securecookie host="^\.cc\.nd\.edu$" name="^fos\.secure\.web\.server$" /-->
+	<!--securecookie host="^help\.nd\.edu$" name="^ns_s$" /-->
+	<!--securecookie host="^(jobs|login|sakailogin|shop)\.nd\.edu$" name="^JSESSIONID$" /-->
+	<!--securecookie host="^law\.nd\.edu$" name="^_conductor_session$" /-->
+	<!--securecookie host="^\.remix\.nd\.edu$" name="^SSESS[0-9a-f]{32}$" /-->
+	<!--
+		Not secured by server:
+					-->
+	<!--securecookie host="^(ame|cbe|ceees|cse|www\.ee|engineering|least|wireless)\.nd\.edu$" name="^zinstance$" /-->
+	<!--securecookie host="^(applymsba|applymsf|webapp\.business)\.nd\.edu$" name="^(CFID|CFTOKEN|JSESSIONID)$" /-->
+	<!--securecookie host="^apps\.nd\.edu$" name="^(CFID|CFTOKEN|JSESSIONID|SAO_LASTROLE)$" /-->
+	<!--securecookie host="^(assyst|calendar|innopac\.law|onesearch\.library)\.nd\.edu$" name="^JSESSIONID$" /-->
+	<!--securecookie host="^business\.nd\.edu$" name="^(ASP\.NET_SessionId|EkAnalytics|EkAnalytics|ecm)$" /-->
+	<!--securecookie host="^\.cc\.nd\.edu$" name="^(badprotocol|fos\.web\.server)$" /-->
+	<!--securecookie host="^inside-p\.cc\.nd\.edu$" name="^(JSESSIONID|UserAgentId|f5_cspm)$" /-->
+	<!--securecookie host="^grc\.nd\.edu$" name="^(JSESSIONID|MOBILEFORMAT|ORIGINALURLTOKEN|SRVNAME|USERHASH|USERID|cfid|cftoken)$" /-->
+	<!--securecookie host="^www\.irsurvey\.nd\.edu$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^\.law\.nd\.edu$" name="^(III_EXPT_FILE|III_SESSION_ID|SESSION_LANGUAGE)$" /-->
+	<!--securecookie host="^innopac\.law\.nd\.edu$" name="^SESSION_SCOPE$" /-->
+	<!--securecookie host="^library\.nd\.edu$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^\.library\.nd\.edu$" name="^libraryndedu$" /-->
+	<!--securecookie host="^ejl\.library\.nd\.edu$" name="^_ejournal_locator_session$" /-->
+	<!--securecookie host="^guides\.library\.nd\.edu$" name="^_alaCarte_session$" /-->
+	<!--securecookie host="^xerxes\.library\.nd\.edu$" name="^xerxessession__quicksearch$" /-->
+	<!--securecookie host="^was\.nd\.edu$" name="^BIGipServerwas-443-b$" /-->
+	<!--
+		Could any of these cookies be secured safely?
+								-->
 	<!--securecookie host="^\.nd\.edu$" name="^III_ENCORE_PATRON$" /-->
-	<!--securecookie host="^\.cc\.nd\.edu$" name="^(badprotocol|fos\.secure\.web\.server|fos\.web\.server)$" /-->
+	<!--securecookie host="^\.cc\.nd\.edu$" name="^(badprotocol|fos\.web\.server)$" /-->
 	<!--securecookie host="^\.library\.nd\.edu$" name="^libraryndedu$" /-->
-	<securecookie host="^(?:inside-p\.cc|encore\.law)\.nd\.edu$" name=".+" />
 
+	<securecookie host="^(?:ame|applymsba|applymsf|apps|EkAnalytics|business|webapp\.business|cbe|inside-p\.cc|ceees|cse|www\.ee|engineering|grc|www\.irsurvey|law|(?:encore|innopac)?\.law|least|library|(?:ejl|guides|onesearch|xerxes)\.library|applymsba|applymsf|was|wireless)\.nd\.edu$" name=".+" />
 
-	<rule from="^http://((?:apps|calendar|encore\.law|asset\.libary|sniteartmuseum|www3?)\.)?nd\.edu/"
+
+	<rule from="^http://((?:accounts|acms|admissions|africana|al|ame|annualreport2013|applymsba|applymsf|apps|architect|architecture|assyst|auxiliaryoperations|biology|blogs|budget|buildingcommunities|business|webapp\.business|buy|calendar|campus(?:mail|ministry|safety)|careercenter|cbe|inside-p\.cc|ccf|ccsp|cee|ceees|cemetery|centerformath|centerforsocialconcerns|centralreceiving|chemistry|classics|commencement|communitystandards|conductor|continuousimprovement|controller|creativecomputing|creekhouse|creo|cse|cslc|csrs?|disabilityservices|diversity|donate|dulac|emergency|endeavor|energy|engineering|english|equity|facultyhandbook|fieldhousemall|finance|financialaid|flowershop|food|fsntserv\.foodserv|fys|generalservices|globalhealth|gradlife|graduateschool|green|help|homeunderthedome|honorcode|housing|hr|greentree\.hr|iei|inside|international|investment|irish(?:1card|language|online|studies)|www\.irsurvey|issa|jobs|kaneb|kellogg|lafortune|(?:encore|innopac)\.law|learning|least|(?:alephprod|asset|bic|chemistry|discover|ejl|engineering|eresources|factotum|guides|link|m|onesearch|radlab|xerxes)\.library|listserv|login|magazine|marcomm|marketplace|medieval|msba|msf|msps|nanovic|ndfd|ndsp|news|newsinfo|och|offcampus|oit|oithelp|old2gold|osa|ospir|ott|patentlaw|performingarts|physics|playlikeachampion|policy|politicalscience|postdocs|precollege|preprofessional|president|prism|realestate|recsports|recycling|remix|renovare|research|riskmanagement|riskmgt|sac|sakai|sakailogin|sao|science|search|shakespeare|shop|sniteartmuseum|socialconcerns|sociology|sp|solution|sri|stemeducation|step|stepancenter|strategicplan|studentaccounts|studentaffairs|studentemployment|supporting|surplus|transportation|travel|treasury|trio|ucc?|uhs|utilities|was|webfile|weddingplanner|wellness|wiki|wireless|www3?|youthsports)\.)?nd\.edu/"
 		to="https://$1nd.edu/" />
 
-	<rule from="^http://inside(?:-p\.cc)?\.nd\.edu/"
-		to="https://inside-p.cc.nd.edu/" />
+	<rule from="^http://(?:cancerresearch|harpercancer)\.nd\.edu/"
+		to="https://harpercancer.nd.edu/" />
+
+	<rule from="^http://(?:communityrelations|publicaffairs)\.nd\.edu/"
+		to="https://publicaffairs.nd.edu/" />
 
 	<!--	Domains for which both ^foo and www.foo exist,
 		but only ^foo works without caveats:
 							-->
-	<rule from="^http://(?:www\.)?(corecurriculum|latinostudies|law|news|opac|provost|registrar|today)\.nd\.edu/"
+	<rule from="^http://(?:www\.)?(corecurriculum|dante|gsu|latinostudies|law|news|opac|provost|registrar|today)\.nd\.edu/"
 		to="https://$1.nd.edu/" />
 
+	<rule from="^http://(?:www\.)?ee\.nd\.edu/"
+		to="https://www.ee.nd.edu/" />
+
+	<rule from="^http://(?:enlighten|forum2008)\.nd\.edu/"
+		to="https://forum2008.nd.edu/" />
+
+	<rule from="^http://givingtond\.nd\.edu/.*"
+		to="https://supporting.nd.edu/" />
+
+	<rule from="^http://gmail\.nd\.edu/.*"
+		to="https://mail.google.com/a/nd.edu" />
+
 	<!--	Domains for which ^foo and www.foo exist,
 		and both work with valid certs:
 						-->
 	<rule from="^http://(www\.)?(library)\.nd\.edu/"
 		to="https://$1$2.nd.edu/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http://orlh\.nd\.edu/"
+		to="https://housing.nd.edu/" />
+
+	<rule from="^http://www\.rarebooks\.nd\.edu/+(?:$|\?.*)"
+		to="https://www.library.nd.edu/rarebooks/index.shtml" />
+
+	<rule from="^http://www\.undpress\.nd\.edu/+(?:$|\?.*)"
+		to="https://www3.undpress.nd.edu//index.php" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/University_of_Oslo.xml b/src/chrome/content/rules/University_of_Oslo.xml
index 50bde78f7512..f2dbadb31280 100644
--- a/src/chrome/content/rules/University_of_Oslo.xml
+++ b/src/chrome/content/rules/University_of_Oslo.xml
@@ -1,12 +1,19 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.biotek.uio.no/ => https://www.biotek.uio.no/: (51, "SSL: no alternative certificate subject name matches target host name 'www.biotek.uio.no'")
+Fetch error: http://www.diskusjonsforum.uio.no/ => https://www.diskusjonsforum.uio.no/: (51, "SSL: no alternative certificate subject name matches target host name 'www.diskusjonsforum.uio.no'")
+
 	Nonfunctional subdomains:
 
-		- passwords12.at.ifi *
+		- passwords12.at.ifi ¹
 		- ifi
-		- www.ifi *
-		- www.matnat.uio.no	(redirects to mn, mismatched, CN: www.mn.uio.no)
+		- www.ifi ¹
+		- www.matnat.uio.no ²
+		- intra.usit.uio.no
 
-	* 404, CN: heim.ifi.uio.no
+	¹ 404, CN: heim.ifi.uio.no
+	² Redirects to mn, mismatched, CN: www.mn.uio.no)
 
 
 	Partially covered subdomains:
@@ -25,24 +32,96 @@
 		- (www.)ub
 
 -->
-<ruleset name="University of Oslo">
-
+<ruleset name="University of Oslo" default_off="failed ruleset test">
+
+	<target host="apollon.uio.no" />
+	<target host="biotek.uio.no" />
+	<target host="cees.uio.no" />
+	<target host="childwatch.uio.no" />
+	<target host="digforsk.uio.no" />
+	<target host="diskusjonsforum.uio.no" />
+	<target host="epay.uio.no" />
+	<target host="finse.uio.no" />
+	<target host="foreninger.uio.no" />
+	<target host="ifi.uio.no" />
+	<target host="khm.uio.no" />
+	<target host="matnat.uio.no" />
+	<target host="med.uio.no" />
+	<target host="metoxia.uio.no" />
+	<target host="mn.uio.no" />
+	<target host="muv.uio.no" />
+	<target host="ncmm.uio.no" />
+	<target host="nhm.uio.no" />
+	<target host="normer.uio.no" />
+	<target host="odont.uio.no" />
+	<target host="phdcourses-socsci.uio.no" />
+	<target host="sequencing.uio.no" />
+	<target host="stk.uio.no" />
+	<target host="st-petersburg.uio.no" />
+	<target host="sum.uio.no" />
+	<target host="sv.uio.no" />
+	<target host="tf.uio.no" />
+	<target host="ub.uio.no" />
 	<target host="uio.no" />
-	<target host="*.uio.no" />
-	<target host="www.*.uio.no" />
-	<target host="heim.ifi.uio.no" />
+	<target host="uniforum.uio.no" />
+	<target host="unirand.uio.no" />
+	<target host="uv.uio.no" />
+	<target host="www.apollon.uio.no" />
+	<target host="www.biotek.uio.no" />
+	<target host="www.cees.uio.no" />
+	<target host="www.childwatch.uio.no" />
+	<target host="www.digforsk.uio.no" />
+	<target host="www.diskusjonsforum.uio.no" />
+	<target host="www.epay.uio.no" />
+	<target host="www.finse.uio.no" />
+	<target host="www.foreninger.uio.no" />
+	<target host="www.ifi.uio.no" />
+	<target host="www.khm.uio.no" />
+	<target host="www.matnat.uio.no" />
+	<target host="www.med.uio.no" />
+	<target host="www.metoxia.uio.no" />
+	<target host="www.mn.uio.no" />
+	<target host="www.muv.uio.no" />
+	<target host="www.ncmm.uio.no" />
+	<target host="www.nhm.uio.no" />
+	<target host="www.normer.uio.no" />
+	<target host="www.odont.uio.no" />
+	<target host="www.paris.uio.no" />
+	<target host="www.phdcourses-socsci.uio.no" />
+	<target host="www.sequencing.uio.no" />
+	<target host="www.stk.uio.no" />
+	<target host="www.st-petersburg.uio.no" />
+	<target host="www.sum.uio.no" />
+	<target host="www.sv.uio.no" />
+	<target host="www.tf.uio.no" />
+	<target host="www.ub.uio.no" />
+	<target host="www.uio.no" />
+	<target host="www.uniforum.uio.no" />
+	<target host="www.unirand.uio.no" />
+	<target host="www.uv.uio.no" />
 
+	<target host="heim.ifi.uio.no" />
+	<target host="studweb.uio.no" />
 
-	<rule from="^http://((?:(?:www\.)?(?:apollon|mn|ub)|heim\.ifi|studweb|www)\.)?uio\.no/"
-		to="https://$1uio.no/" />
+	<test url="http://ifi.uio.no/it/hjemmeside.html" />
+	<test url="http://www.ifi.uio.no/it/hjemmeside.html" />
 
-	<rule from="^https?://(?:www\.)?ifi\.uio\.no/($|\?.*)"
-		to="https://mn.uio.no/ifi/$1" />
+	<rule from="^http://(?:www\.)?ifi\.uio\.no/(?=$|\?.*)"
+		to="https://mn.uio.no/ifi/" />
 
-	<rule from="^https?://(?:www\.)?ifi\.uio\.no/it/(?:$|hjemmeside\.html$|(\?.*))"
+	<rule from="^http://(?:www\.)?ifi\.uio\.no/it/(?:$|hjemmeside\.html$|(\?.*))"
 		to="https://mn.uio.no/ifi/tjenester/it/$1" />
 
-	<rule from="^https?://(?:www\.)?matnat\.uio\.no/"
+	<rule from="^http://(?:www\.)?matnat\.uio\.no/"
 		to="https://www.mn.uio.no/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http://(?:www\.)?epay\.uio\.no/"
+		to="https://epay.uio.no/" />
+
+	<rule from="^http://(?:www\.)?cees\.uio\.no/"
+		to="https://cees.uio.no/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/University_of_Passau.xml b/src/chrome/content/rules/University_of_Passau.xml
index 02be9e787bc9..bd8ebddd5f60 100644
--- a/src/chrome/content/rules/University_of_Passau.xml
+++ b/src/chrome/content/rules/University_of_Passau.xml
@@ -55,4 +55,4 @@
 	<rule from="^http://(?:www\.)?students\.uni-passau\.de/(\?.*)?$"
 		to="https:///www.uni-passau.de/hochschulgruppen.html$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/University_of_Pittsburgh.xml b/src/chrome/content/rules/University_of_Pittsburgh.xml
index a04d69259c89..e35e6bd020c0 100644
--- a/src/chrome/content/rules/University_of_Pittsburgh.xml
+++ b/src/chrome/content/rules/University_of_Pittsburgh.xml
@@ -27,17 +27,25 @@
 <ruleset name="University of Pittsburgh (partial)">
 
 	<target host="pitt.edu" />
-	<target host="*.pitt.edu" />
+	<target host="cs.pitt.edu" />
+	<target host="people.cs.pitt.edu" />
+	<target host="web.cs.pitt.edu" />
+	<target host="www.cs.pitt.edu" />
+	<target host="my.pitt.edu" />
+	<target host="www.my.pitt.edu" />
+	<target host="pre.pitt.edu" />
+	<target host="www.pitt.edu" />
+	<target host="accounts.pitt.edu" />
+	<target host="www.accounts.pitt.edu" />
 
 
 	<!--securecookie host="^\.pitt\.edu$" name="^SESS\w{32}$" /-->
 	<securecookie host="^(?:(?:www\.)?(?:cs|my)|web\.cs)\.pitt\.edu$" name=".+" />
 
 
-	<rule from="^http://((?:(?:people\.|web\.|www\.)?cs|(?:www\.)?my|pre|www)\.)?pitt\.edu/"
-		to="https://$1pitt.edu/" />
 
 	<rule from="^http://(?:www\.)?accounts\.pitt\.edu/"
 		to="https://accounts.pitt.edu/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/University_of_Potsdam.xml b/src/chrome/content/rules/University_of_Potsdam.xml
index 4a224098aba0..0cc0645cbe37 100644
--- a/src/chrome/content/rules/University_of_Potsdam.xml
+++ b/src/chrome/content/rules/University_of_Potsdam.xml
@@ -1,4 +1,9 @@
 <!--
+	University of Potsdam
+
+	For problematic rules, see Uni-Potsdam.de-problematic.xml.
+
+
 	Nonfunctional subdomains:
 
 		- www.intern *
@@ -21,46 +26,74 @@
 	Problematic subdomains:
 
 		- ^ *
+		- epic.hpi **
+		- ares.epic.hpi **
 		- hpi		(self-signed)
 		- jura *	(shows www over http)
 		- rzblx1	(works, self-signed)
 		- rzblx10	(works; expired 2012-02-09, self-signed)
 
 	* Cert only matches www
+	** Expired
 
 
 	Partially covered subdomains:
 
 		- www.jura	(some pages redirect to http)
 
+-->
+<ruleset name="Uni-Potsdam.de (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.hpi.uni-potsdam.de" />
+	<target host="www.jura.uni-potsdam.de" />
+	<target host="pep.uni-potsdam.de" />
+	<target host="www.pep.uni-potsdam.de" />
+	<target host="puls.uni-potsdam.de" />
+	<target host="webmail.uni-potsdam.de" />
+	<target host="www.uni-potsdam.de" />
+
+	<!--	Complications:
+				-->
+	<target host="uni-potsdam.de" />
+	<target host="hpi.uni-potsdam.de" />
+	<target host="jura.uni-potsdam.de" />
 
-	Fully covered subdomains:
+		<!--exclusion pattern="^http://(ares\.)?epic\.hpi\.uni-potsdam\.de/" /-->
 
-		- (www.)	(^ → www)
-		- (www.)hpi	(^ → www)
-		- jura		(→ www)
-		- (www.)pep
-		- puls
-		- webmail
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.jura\.uni-potsdam\.de/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.jura\.uni-potsdam\.de/+(?!favicon\.ico|_layout/|_medien/)" />
 
--->
-<ruleset name="University of Potsdam (partial)">
+			<!--	+ve:
+					-->
+			<test url="http://www.jura.uni-potsdam.de/fakultaet/" />
+			<test url="http://www.jura.uni-potsdam.de/impressum/" />
+			<test url="http://www.jura.uni-potsdam.de/initiativen/" />
+			<test url="http://www.jura.uni-potsdam.de/international/" />
 
-	<target host="uni-potsdam.de" />
-	<target host="*.uni-potsdam.de" />
-		<exclusion pattern="^http://www\.jura\.uni-potsdam\.de/(?!favicon\.ico|_layout/|_medien/)" />
+			<!--	-ve:
+					-->
+			<test url="http://www.jura.uni-potsdam.de/_layout/logo_jur.gif" />
+			<test url="http://www.jura.uni-potsdam.de/_medien/bilder/fakultaet/wegweiser.min.jpeg" />
+			<test url="http://www.jura.uni-potsdam.de/favicon.ico" />
 
 
 	<securecookie host="^(?:www\.hpi|(?:www\.)?pep|puls|\.webmail)\.uni-potsdam\.de$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?(hpi\.)?uni-potsdam\.de/"
+	<rule from="^http://(hpi\.)?uni-potsdam\.de/"
 		to="https://www.$1uni-potsdam.de/" />
 
 	<rule from="^http://jura\.uni-potsdam\.de/"
 		to="https://www.uni-potsdam.de/" />
 
-	<rule from="^http://(www\.jura|(?:www\.)?pep|puls|webmail)\.uni-potsdam\.de/"
-		to="https://$1.uni-potsdam.de/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/University_of_Puerto_Rico.xml b/src/chrome/content/rules/University_of_Puerto_Rico.xml
deleted file mode 100644
index f51675ddfa8f..000000000000
--- a/src/chrome/content/rules/University_of_Puerto_Rico.xml
+++ /dev/null
@@ -1,34 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)		(http & https differs)
-		- ja			(times out)
-		- dialogodigital *
-		- navegadordeprogramas
-		- phl *
-		- ustudiantes		(redirects to www.uprm.edu/portada/, mismatched, CN: *.uprm.edu)
-
-	* Interrupted
-
-
-  *.uprm.edu , uprm.edu , admin.uprm.edu  
-
--->
-<ruleset name="University of Puerto Rico (partial)">
-
-	<target host="laeditorialupr.com" />
-	<target host="www.laeditorialupr.com" />
-	<target host="*.upr.edu" />
-
-
-	<securecookie host="^(?:www\.)?laeditorialupr\.com$" name=".+" />
-	<securecookie host="^.+\.upr\.edu$" name=".+" />
-
-
-	<rule from="^http://(www\.)?laeditorialupr\.com/"
-		to="https://$1laeditorialupr.com/" />
-
-	<rule from="^http://(fondodotal|patsiprod)\.upr\.edu/"
-		to="https://$1.upr.edu/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/University_of_Reading.xml b/src/chrome/content/rules/University_of_Reading.xml
deleted file mode 100644
index 819b4dbb26c9..000000000000
--- a/src/chrome/content/rules/University_of_Reading.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	Cert only matches www
-
--->
-<ruleset name="University of Reading">
-
-	<target host="reading.ac.uk" />
-	<target host="www.reading.ac.uk" />
-
-
-	<securecookie host="^www\.reading\.ac\.uk$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?reading\.ac\.uk/"
-		to="https://www.reading.ac.uk/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/University_of_Rostock.xml b/src/chrome/content/rules/University_of_Rostock.xml
index 41172178d6e5..f929c5f82110 100644
--- a/src/chrome/content/rules/University_of_Rostock.xml
+++ b/src/chrome/content/rules/University_of_Rostock.xml
@@ -33,14 +33,19 @@
 -->
 <ruleset name="University of Rostock (partial)">
 
-	<target host="*.uni-rostock.de" />
+	<target host="autodiscover.uni-rostock.de" />
+	<target host="lsf.uni-rostock.de" />
+	<target host="aktivierung.rz.uni-rostock.de" />
+	<target host="passwd.rz.uni-rostock.de" />
+	<target host="pwd.rz.uni-rostock.de" />
+	<target host="studip.uni-rostock.de" />
+	<target host="webapp.uni-rostock.de" />
 		<!--exclusion pattern="^http://(bax\.comlab|www\.itmz|www)\." /-->
 
 
 	<securecookie host="^(?:email|lsf|studip|webapp)\.uni-rostock\.de$" name=".+" />
 
 
-	<rule from="^http://(autodiscover|email|lsf|mail|aktivierung\.rz|passwd\.rz|pwd\.rz|studip|webapp)\.uni-rostock\.de/"
-		to="https://$1.uni-rostock.de/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/University_of_Salford.xml b/src/chrome/content/rules/University_of_Salford.xml
index 9f8882f34ad1..f4e5c78f46e0 100644
--- a/src/chrome/content/rules/University_of_Salford.xml
+++ b/src/chrome/content/rules/University_of_Salford.xml
@@ -12,14 +12,14 @@
 -->
 <ruleset name="University of Salford (partial)">
 
-	<target host="*.salford.ac.uk" />
-	<target host="*.www.salford.ac.uk" />
+	<target host="usir.salford.ac.uk" />
+	<target host="webhost.salford.ac.uk" />
+	<target host="www.salford.ac.uk" />
 
 
 	<securecookie host="^\.www\.salford\.ac\.uk$" name=".+" />
 
 
-	<rule from="^http://(usir|webhost|www)\.salford\.ac\.uk/"
-		to="https://$1.salford.ac.uk/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/University_of_Saskatchewan.xml b/src/chrome/content/rules/University_of_Saskatchewan.xml
index 723b23ee4392..23bd019e07e0 100644
--- a/src/chrome/content/rules/University_of_Saskatchewan.xml
+++ b/src/chrome/content/rules/University_of_Saskatchewan.xml
@@ -13,7 +13,6 @@
 	<target host="www.usask.ca" />
 
 
-	<rule from="^http://(?:www\.)?usask\.ca/"
-		to="https://www.usask.ca/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/University_of_Sheffield.xml b/src/chrome/content/rules/University_of_Sheffield.xml
index 8f25adc44cb2..746fed45eea2 100644
--- a/src/chrome/content/rules/University_of_Sheffield.xml
+++ b/src/chrome/content/rules/University_of_Sheffield.xml
@@ -27,22 +27,23 @@
 <ruleset name="University of Sheffield (partial)">
 
 	<target host="shef.ac.uk" />
-	<target host="*.shef.ac.uk" />
+	<target host="guide.dcs.shef.ac.uk" />
+	<target host="onlineshop.shef.ac.uk" />
+	<target host="portal.shef.ac.uk" />
+	<target host="www.shef.ac.uk" />
 	<target host="sheffield.ac.uk" />
-	<target host="*.sheffield.ac.uk" />
+	<target host="www.sheffield.ac.uk" />
+	<target host="portal.sheffield.ac.uk" />
 
 
 	<!--securecookie host="^\.shef\.ac\.uk$" name="^(?:fos\.web\.secure|fos\.web\.server|runId)$" /-->
 	<securecookie host="^(?:onlineshop|portal)\.shef\.ac\.uk$" name=".+" />
 
 
-	<rule from="^http://((?:guide\.dcs|onlineshop|portal|www)\.)?shef\.ac\.uk/"
-		to="https://$1shef.ac.uk/" />
 
-	<rule from="^http://(www\.)?sheffield\.ac\.uk/"
-		to="https://$1sheffield.ac.uk/" />
 
 	<rule from="^http://portal\.sheffield\.ac\.uk/"
 		to="https://portal.shef.ac.uk/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/University_of_Tampa.xml b/src/chrome/content/rules/University_of_Tampa.xml
index 578f4174ca1c..4b0fc84bde2c 100644
--- a/src/chrome/content/rules/University_of_Tampa.xml
+++ b/src/chrome/content/rules/University_of_Tampa.xml
@@ -7,16 +7,18 @@
 <ruleset name="University of Tampa">
 
 	<target host="ut.edu" />
-	<target host="*.ut.edu" />
+	<target host="www.ut.edu" />
+	<target host="jobs.ut.edu" />
+	<target host="sfs.ut.edu" />
+	<target host="spartanweb.ut.edu" />
 
 
 	<securecookie host="^.+\.ut\.edu$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?ut\.edu/"
+	<rule from="^http://(?:www\.)?ut\.edu/"
 		to="https://www.ut.edu/" />
 
-	<rule from="^http://(jobs|sfs|spartanweb)\.ut\.edu/"
-		to="https://$1.ut.edu/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/University_of_Tennessee_Knoxville.xml b/src/chrome/content/rules/University_of_Tennessee_Knoxville.xml
index 6bd495935e7a..c45275ae2ea0 100644
--- a/src/chrome/content/rules/University_of_Tennessee_Knoxville.xml
+++ b/src/chrome/content/rules/University_of_Tennessee_Knoxville.xml
@@ -1,51 +1,41 @@
 <!--
-	Nonfunctional subdomains:
-
-		- uhr.admin	(refused)
-		- chancellor *
-		- commons	(shows lib; mismatched, CN: www.lib.utk.edu)
-		- go *
-		- (www.)law	(redirects to http, wpengine)
-		- provost *
-
-	* Shows secure; mismatched, CN: secure.utk.edu
-
-
-	Fully covered subdomains:
-
-		- (www.)
-		- autodiscover
-		- icl.cs
-		- capricorn.dii
-		- webapps.dii
-		- (www.)directory
-		- ds
-		- (www.)eecs
-		- icl.eecs
-		- help
-		- (www.)lib
-		- listserv
-		- myutk
-		- oit
-		- oit2
-		- online
-		- remedy
-		- secure
-		- tiny
-		- tmail
-		- volmail
-
+	Non-functional hosts
+		Timeout was reached:
+			 - dii.utk.edu
+
+		SSL peer certificate was not OK:
+			 - chancellor.utk.edu
+			 - icl.cs.utk.edu
+			 - www.directory.utk.edu
+			 - eecs.utk.edu
+			 - icl.eecs.utk.edu
+			 - go.utk.edu
+			 - law.utk.edu
+			 - www.law.utk.edu
+			 - provost.utk.edu
 -->
 <ruleset name="University of Tennessee, Knoxville">
-
 	<target host="utk.edu" />
-	<target host="*.utk.edu" />
-
-
-	<securecookie host="^(?:autodiscover|(?:icl|www)\.cs|capricorn\.dii|webapps\.dii|(?:www\.)?directory|ds|myutk|oit2|tiny|tmail)\.utk\.edu$" name=".+" />
-
-
-	<rule from="^http://((?:autodiscover|webapps\.dii|icl\.eecs|(?:www\.)?directory|ds|(?:www\.)?eecs|help|(?:www\.)?lib|listserv|myutk|online|oit2?|remedy|secure|tiny|tmail|volmail|www)\.)?utk\.edu/"
-		to="https://$1utk.edu/" />
-
-</ruleset>
\ No newline at end of file
+	<target host="commons.utk.edu" />
+	<target host="capricorn.dii.utk.edu" />
+	<target host="webapps.dii.utk.edu" />
+	<target host="directory.utk.edu" />
+	<target host="ds.utk.edu" />
+	<target host="www.eecs.utk.edu" />
+	<target host="help.utk.edu" />
+	<target host="lib.utk.edu" />
+	<target host="www.lib.utk.edu" />
+	<target host="listserv.utk.edu" />
+	<target host="myutk.utk.edu" />
+	<target host="oit.utk.edu" />
+	<target host="oit2.utk.edu" />
+	<target host="online.utk.edu" />
+	<target host="remedy.utk.edu" />
+	<target host="secure.utk.edu" />
+	<target host="tiny.utk.edu" />
+	<target host="tmail.utk.edu" />
+	<target host="volmail.utk.edu" />
+	<target host="www.utk.edu" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/University_of_Tennessee_System.xml b/src/chrome/content/rules/University_of_Tennessee_System.xml
index 96667c90602b..ba59f1d00274 100644
--- a/src/chrome/content/rules/University_of_Tennessee_System.xml
+++ b/src/chrome/content/rules/University_of_Tennessee_System.xml
@@ -26,16 +26,20 @@
 		- security
 		- utap1
 
---> 
+-->
 <ruleset name="University of Tennessee System (partial)">
 
-	<target host="*.tennessee.edu" />
+	<target host="andi.tennessee.edu" />
+	<!--target host="autodiscover.tennessee.edu" /-->
+	<target host="irisweb.tennessee.edu" />
+	<target host="its.tennessee.edu" />
+	<target host="security.tennessee.edu" />
+	<target host="utap1.tennessee.edu" />
 
 
 	<securecookie host="^(?:autodiscover|irisweb|my)\.tennessee\.edu$" name=".+" />
 
 
-	<rule from="^http://(andi|autodiscover|irisweb|its|my|security|utap1)\.tennessee\.edu/"
-		to="https://$1.tennessee.edu/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/University_of_Tennessee_at_Martin.xml b/src/chrome/content/rules/University_of_Tennessee_at_Martin.xml
new file mode 100644
index 000000000000..0f680f0791ce
--- /dev/null
+++ b/src/chrome/content/rules/University_of_Tennessee_at_Martin.xml
@@ -0,0 +1,62 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://legacy.utm.edu/ => https://legacy.utm.edu/: (51, "SSL: no alternative certificate subject name matches target host name 'legacy.utm.edu'")
+Fetch error: http://primes.utm.edu/ => https://primes.utm.edu/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	See <https://en.wikipedia.org/wiki/University_of_Tennessee_at_Martin>.
+
+	HTTP only:
+		eviprod.utm.edu
+
+	Refused:
+		twister.utm.edu
+
+	Mismatch:
+		www.iep.utm.edu
+		www.philfilms.utm.edu
+
+	Expired:
+		stem.utm.edu
+
+	Self-signed:
+		catalog.utm.edu
+		ns9200.utm.edu
+
+	Mixed content:
+		utmgive.wpengine.com
+
+--><ruleset name="University of Tennessee at Martin" default_off="failed ruleset test">
+
+	<target host="utm.edu" />
+
+	<target host="accessibility.utm.edu" />
+	<target host="autodiscover.utm.edu" />
+	<target host="banner3.utm.edu" />
+	<target host="banner4.utm.edu" />
+	<target host="banner5.utm.edu" />
+	<target host="beanswitch.utm.edu" />
+	<target host="cie.utm.edu" />
+	<target host="dialin.utm.edu" />
+	<target host="extweb.utm.edu" />
+	<target host="ezproxy.utm.edu" />
+	<target host="help.utm.edu" />
+	<target host="legacy.utm.edu" />
+	<target host="login.ezproxy.utm.edu" />
+	<target host="mars.utm.edu" />
+	<target host="meet.utm.edu" />
+	<target host="new.utm.edu" />
+	<target host="osh.utm.edu" />
+	<target host="primes.utm.edu" />
+	<target host="sharepoint.utm.edu" />
+	<target host="sigep.utm.edu" />
+	<target host="webcast2012.utm.edu" />
+	<target host="www02.utm.edu" />
+	<target host="www.utm.edu" />
+	<target host="xitracs.utm.edu" />
+	<target host="xmail.utm.edu" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/University_of_Toronto-problematic.xml b/src/chrome/content/rules/University_of_Toronto-problematic.xml
index 1c9c7a39187c..5d68b6b7804f 100644
--- a/src/chrome/content/rules/University_of_Toronto-problematic.xml
+++ b/src/chrome/content/rules/University_of_Toronto-problematic.xml
@@ -2,24 +2,26 @@
 	For rules that are on by default, see University_of_Toronto.xml.
 
 -->
-<ruleset name="University of Toronoto (problematic)" default_off="expired, mismatched">
+<ruleset name="UToronoto.ca (problematic)" default_off="expired, mismatched">
 
 	<target host="family.utoronto.ca" />
 	<target host="www.family.utoronto.ca" />
 	<target host="fnh.utoronto.ca" />
 	<target host="www.fnh.utoronto.ca" />
+	<target host="map.utoronto.ca" />
+		<exclusion pattern="^http://map\.utoronto\.ca/(?!/?_assets/)" />
 	<target host="roundcube.utsc.utoronto.ca" />
 	<target host="vpstudentsblog.utoronto.ca" />
 	<target host="www.vpstudentsblog.utoronto.ca" />
 
 
-	<rule from="^https?://(?:www\.)?(family|fnh|vpstudentsblog)\.utoronto\.ca/"
+	<rule from="^http://(?:www\.)?(family|fnh|vpstudentsblog)\.utoronto\.ca/"
 		to="https://www.$1.utoronto.ca/" />
 
 	<rule from="^http://answers\.library\.utoronto\.ca/(?!css\d*/|data/|js/)"
 		to="https://answers.library.utoronto.ca/" />
 
-	<rule from="^http://(main\.library|roundcube\.utsc)\.utoronto\.ca/"
+	<rule from="^http://(main\.library|map|roundcube\.utsc)\.utoronto\.ca/"
 		to="https://$1.utoronto.ca/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/University_of_Toronto.xml b/src/chrome/content/rules/University_of_Toronto.xml
index ffcd39fa3c50..51a18538b353 100644
--- a/src/chrome/content/rules/University_of_Toronto.xml
+++ b/src/chrome/content/rules/University_of_Toronto.xml
@@ -1,4 +1,6 @@
 <!--
+	University of Toronto
+
 	For problematic rules, see University_of_Toronto-problematic.xml.
 
 
@@ -14,6 +16,8 @@
 		- m.bluebook			(shows blank page; expired 2012-01-27, self-signed)
 		- boundless			(shows default H-Sphere page; mismatched, CN: *.hspheredns.com)
 		- (www.)cpah
+		- cs				(Refused)
+		- compbio.cs			(Refused)
 		- www.ctep			(shows oise; mismatched, CN: *.oise.utoronto.ca)
 		- (www.)discover		(shows lamp2; mismatched, CN: lamp2.utoronto.ca)
 		- (www.)food-beverage		(shows lamp; mismatched, CN: lamp.utoronto.ca)
@@ -21,7 +25,9 @@
 		- www.governingcouncil
 		- www.gradschool		(times out)
 		- (www.)graduationandbeyond	(shows lamp2; mismatched, CN: lamp2.utoronto.ca)
+		- www.hrandequity		(Dropped)
 		- caf.icicle			(shows support.icicle; mismatched, CN: support.icicle.utoronto.ca)
+		- staff.its			(shows lamp; mismatched, CN: lamp.utoronto.ca)
 		- www.its			(times out)
 		- (www.)learn			(shows RHEL test page, expired 2012-10-11)
 		- english.learn			(shows RHEL test page, expired 2012-10-11)
@@ -50,6 +56,7 @@
 		- (www.)systemstatus		(shows lampstatus)
 		- (www.)ueat			(shows lamp; mismatched, CN: lamp.utoronto.ca)
 		- labstats.utm			(times out)
+		- (www.)library.utm		(Forbidden; mismatched, CN: *.library.utoronto.ca)
 		- www.viceprovoststudents	(times out)
 		- (www.)wireless		(500; mismatched, CN: connect.utoronto.ca)
 
@@ -65,7 +72,10 @@
 		- www.fnh		(works; expired 2011-12-23, self-signed)
 		- (www.)lampstatus	(works, self-signed)
 		- main.library		(works; expired 2008-07-21, self-signed)
+		- map			(Expired)
 		- (www.)sa		(record_too_long)
+		- www.systemstatus	(StatusPage)
+		- utcc			(Mismatched, CN: cns.utoronto.ca)
 		- www.library.utm	(depth mismatched)
 		- roundcube.utsc	(works; mismatched, CN: webmail.utsc.utoronto.ca)
 		- squirrelmail.utsc	(mismatched, CN: webmail.utsc.utoronto.ca)
@@ -77,7 +87,6 @@
 		- (www.) *
 		- answers.library	(works; mismatched, CN: *.libanswers.com)
 		- guides.library	(redirects to http/404; mismatched, CN: *.libguides.com)
-		- map *
 		- (www.)news *
 		- campusroomfinder.studentlife *
 
@@ -92,11 +101,14 @@
 		- (www.)bluebook
 		- (www.)careers
 		- www.employers.careers
+		- (www.)cns
 		- connect
+		- www.cs
 		- (www.)donate		(www → ^)
 		- www.erin		(→ www.utm)
 		- (www.)events
 		- support.icicle
+		- main.its
 		- (www.)lamp
 		- (www.)lamp2
 
@@ -109,6 +121,7 @@
 			- payfines
 			- tspace
 
+		- m.lms
 		- (www.)oise
 		- cus.oise
 		- (www.)portal
@@ -118,8 +131,8 @@
 		- (www.)studentlife
 		- blogs.studentlife
 		- (www.)ulife
+		- utcc			(→ cns)
 		- (www.)utorid
-		- (www.)library.utm	(www → ^)
 		- www.utm
 
 		- utsc subdomains:
@@ -142,13 +155,18 @@
 		- answers.library	(→ libanswers.com)
 		- guides.library	(→ libguides.com)
 
+
+	These altnames don't exist:
+
+		- www.main.its.utoronto.ca
+		- www.webmail.utoronto.ca
+
 -->
-<ruleset name="University of Toronto (partial)">
+<ruleset name="UToronto.ca (partial)">
 
 	<target host="utoronto.ca" />
 	<target host="*.utoronto.ca" />
 		<exclusion pattern="^http://(?:www\.)?utoronto\.ca/(?!favicon\.ico|__shared/)" />
-		<exclusion pattern="^http://map\.utoronto\.ca/(?!/?_assets/)" />
 		<exclusion pattern="^http://(?:www\.)?news\.utoronto\.ca/(?!sites/)" />
 		<exclusion pattern="^http://campusroomfinder\.studentlife\.utoronto\.ca/(?![cC]ontent/|Login|[sS]cripts/)" />
 
@@ -160,28 +178,28 @@
 	<securecookie host="^\.library\.utoronto\.ca$" name="^__utm\w$" />
 
 
-	<rule from="^http://((?:2learn|alert|(?:www\.)?(?:bluebook|careers|events|lamp2?|news|oise|portal|studentlife|ulife|utorid|utsc)|connect|www\.employers\.careers|support\.icicle|(?:focus|link|login|myaccount|payfines|tspace)\.library|map|cus\.oise|(?:sws|www)\.rosi|(?:blogs|campusroomfinder)\.studentlife|www\.utm|(?:ctl|intranet|joomla|webapps|webmail)\.utsc|voting|weblogin|webmail|www)\.)?utoronto\.ca/"
+	<rule from="^http://((?:2learn|alert|(?:www\.)?(?:bluebook|careers|cns|events|lamp2?|news|oise|portal|studentlife|ulife|utorid|utsc)|connect|www\.employers\.careers|www\.cs|support\.icicle|main\.its|(?:focus|link|login|myaccount|payfines|tspace)\.library|m\.lms|cus\.oise|(?:sws|www)\.rosi|(?:blogs|campusroomfinder)\.studentlife|www\.utm|(?:ctl|intranet|joomla|webapps|webmail)\.utsc|voting|weblogin|webmail|www)\.)?utoronto\.ca/"
 		to="https://$1utoronto.ca/" />
 
-	<rule from="^https?://inbox\.alumni\.utoronto\.ca/(?:.*)"
+	<rule from="^http://inbox\.alumni\.utoronto\.ca/(?:.*)"
 		to="https://mail.google.com/a/alumni.utoronto.ca" />
 
-	<rule from="^https?://(?:www\.)?donate\.utoronto\.ca/"
+	<rule from="^http://(?:www\.)?donate\.utoronto\.ca/"
 		to="https://donate.utoronto.ca/" />
 
-	<rule from="^https?://www\.erin\.utoronto\.ca/"
+	<rule from="^http://www\.erin\.utoronto\.ca/"
 		to="https://www.utm.utoronto.ca/" />
 
-	<rule from="^https?://(answer|guide)s\.library\.utoronto\.ca/(css\d*|data|js)/"
+	<rule from="^http://(answer|guide)s\.library\.utoronto\.ca/(css\d*|data|js)/"
 		to="https://lib$1s.com/$2/" />
 
-	<rule from="^https?://(?:www\.)?sa\.utoronto\.ca/"
+	<rule from="^http://(?:www\.)?sa\.utoronto\.ca/"
 		to="https://www.studentlife.utoronto.ca/" />
 
-	<rule from="^https?://(?:www\.)?library\.utm\.utoronto\.ca/"
-		to="https://library.utm.utoronto.ca/" />
+	<rule from="^http://utcc\.utoronto\.ca/"
+		to="https://cns.utoronto.ca/" />
 
-	<rule from="^https?://squirrelmail\.utsc\.utoronto\.ca/"
+	<rule from="^http://squirrelmail\.utsc\.utoronto\.ca/"
 		to="https://webmail.utsc.utoronto.ca/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/University_of_Tuebingen-problematic.xml b/src/chrome/content/rules/University_of_Tuebingen-problematic.xml
index 4880e9e0c530..c2bf9d58bc15 100644
--- a/src/chrome/content/rules/University_of_Tuebingen-problematic.xml
+++ b/src/chrome/content/rules/University_of_Tuebingen-problematic.xml
@@ -7,7 +7,6 @@
 	<target host="www.zdv.uni-tuebingen.de" />
 
 
-	<rule from="^http://www\.zdv\.uni-tuebingen\.de/"
-		to="https://www.zdv.uni-tuebingen.de/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/University_of_Tuebingen.xml b/src/chrome/content/rules/University_of_Tuebingen.xml
index a3056867b5fc..23992aa40d6b 100644
--- a/src/chrome/content/rules/University_of_Tuebingen.xml
+++ b/src/chrome/content/rules/University_of_Tuebingen.xml
@@ -30,7 +30,10 @@
 <ruleset name="University of Tübingen (partial)">
 
 	<target host="uni-tuebingen.de" />
-	<target host="*.uni-tuebingen.de" />
+	<target host="zdv.uni-tuebingen.de" />
+	<target host="www.uni-tuebingen.de" />
+	<target host="campus.verwaltung.uni-tuebingen.de" />
+	<target host="epv-welt.uni-tuebingen.de" />
 
 
 	<securecookie host="^\.uni-tuebingen\.de$" name="^fe_typo_user$" />
@@ -41,7 +44,6 @@
 	<rule from="^http://(?:zdv\.|www\.)?uni-tuebingen\.de/"
 		to="https://www.uni-tuebingen.de/" />
 
-	<rule from="^http://(campus\.verwaltung|epv-welt)\.uni-tuebingen\.de/"
-		to="https://$1.uni-tuebingen.de/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/University_of_Waikato.xml b/src/chrome/content/rules/University_of_Waikato.xml
index d3ea7a38e9fb..f52f12c89074 100644
--- a/src/chrome/content/rules/University_of_Waikato.xml
+++ b/src/chrome/content/rules/University_of_Waikato.xml
@@ -31,15 +31,18 @@
 <ruleset name="University of Waikato (partial)">
 
 	<target host="waikato.ac.nz" />
-	<target host="*.waikato.ac.nz" />
+	<target host="www.waikato.ac.nz" />
+	<target host="cookie.waikato.ac.nz" />
 	<target host="tools.its.waikato.ac.nz" />
+	<target host="mngt.waikato.ac.nz" />
 	<target host="www.mngt.waikato.ac.nz" />
+	<target host="research.waikato.ac.nz" />
 
 
 	<securecookie host="^.+\.waikato\.ac\.nz$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?waikato\.ac\.nz/"
+	<rule from="^http://(?:www\.)?waikato\.ac\.nz/"
 		to="https://www.waikato.ac.nz/" />
 
 	<rule from="^http://(cookie|tools\.its|mngt|www\.mngt)\.waikato\.ac\.nz/"
@@ -48,4 +51,4 @@
 	<rule from="^http://research\.waikato\.ac\.nz/($|\?)"
 		to="https://www.waikato.ac.nz/research/$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/University_of_Warwick.xml b/src/chrome/content/rules/University_of_Warwick.xml
index 3feae7ba1ab3..54c0f072da7a 100644
--- a/src/chrome/content/rules/University_of_Warwick.xml
+++ b/src/chrome/content/rules/University_of_Warwick.xml
@@ -18,14 +18,18 @@
 <ruleset name="University of Warwick (partial)">
 
 	<target host="warwick.ac.uk" />
-	<target host="*.warwick.ac.uk" />
+	<target host="go.warwick.ac.uk" />
+	<target host="idp.warwick.ac.uk" />
+	<target host="onlinepayment.warwick.ac.uk" />
+	<target host="websignon.warwick.ac.uk" />
+	<target host="www.warwick.ac.uk" />
+	<target host="www2.warwick.ac.uk" />
 		<exclusion pattern="^http://www2\.warwick\.ac\.uk/(?!.+\.(?:gif|jpg|png)|brands/|static_war/)" />
 
 
 	<securecookie host="^(?:idp|onlinepayment)\.warwick\.ac\.uk$" name=".+" />
 
 
-	<rule from="^http://((?:go|idp|onlinepayment|websignon|www2?)\.)?warwick\.ac\.uk/"
-		to="https://$1warwick.ac.uk/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/University_of_Wisconsin-Madison.xml b/src/chrome/content/rules/University_of_Wisconsin-Madison.xml
index 9a2dc5daffba..4b5646b2d289 100644
--- a/src/chrome/content/rules/University_of_Wisconsin-Madison.xml
+++ b/src/chrome/content/rules/University_of_Wisconsin-Madison.xml
@@ -1,57 +1,139 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://wayf.wisc.edu/ => https://wayf.wisc.edu/: (6, 'Could not resolve host: wayf.wisc.edu')
+
 	Nonfunctional subdomains:
 
 		- ^			(redirects to www, mismatched, CN: ldap.services.wisc.edu)
 		- (www.)aos *
 		- www.geology		(shows geoscience; mismatched, CN: geoscience.wisc.edu)
 		- geoscience		(403/404)
+		- library		(mismatched, CN: www.library.wisc.edu)
 		- depot.library *
 		- digital.library
 		- m.library **
 		- madcat.library
-		- search.library	(redirects to wayf login)
 		- studyrooms.library **
 		- uwdc.library **
 		- xerxes.library
-		- (www.)today ***
+		- news ***
+		- www.today		(mismatched, CN: today.wisc.edu)
 		- vip ***
 		- www *
 
 	* Times out
 	** Redirects to www.library
-	*** Shows krakatau.doit
+	*** Shows (servername).doit
 
 
 	Problematic subdomains:
 
 		- krakatau.doit		(expired, self-signed)
 		- services.ldap		(weak crypto)
-
+		- ssc			(breaks Google site search)
+		- www.ssec		(breaks Google site search)
+		- www.uhs		(breaks Google site search)
 
 	Partially covered subdomains:
 
 		- (www.)library		(at least the homepage redirects to http)
+		- pages.cs ²
+		- www.doit.wisc.edu	(search page redirects to HTTP)
+
+	² Personal pages 404
 
 
 	Fully covered subdomains:
 
+		- cs subdomains:
+
+			- condor-wiki
+			- htcondor-wiki
+			- research
+			- www
+
+		- discovery
+		- go
+		- housing		(requires redirect to www.housing.wisc.edu)
+		- kb
 		- learnuw
 		- ecs.library
+		- www.library		(requires redirect to www.library.wisc.edu)
 		- login
+		- www.math
 		- my
 		- mywebspace
 		- wayf
 		- wiscmail
 
--->
-<ruleset name="University of Wisconsin-Madison">
 
-	<target host="*.wisc.edu" />
-	<target host="*.library.wisc.edu" />
-		<exclusion pattern="^http://(?:www\.)?library\.wisc\.edu/(?!css/|images/)" />
+	Mixed content:
 
+		- Images on htcondor-wiki.cs from research.cs *
 
-	<rule from="^http://(learnuw|(?:ecs\.|www\.)?library|login|my|mywebspace|wayf|wiscmail)\.wisc\.edu/"
-		to="https://$1.wisc.edu/" />
+	* Secured by us
 
-</ruleset>
\ No newline at end of file
+-->
+<ruleset name="University of Wisconsin-Madison" default_off="failed ruleset test">
+
+	<target host="condor-wiki.cs.wisc.edu" />
+	<target host="htcondor-wiki.cs.wisc.edu" />
+	<target host="pages.cs.wisc.edu" />
+	<target host="research.cs.wisc.edu" />
+	<target host="discovery.wisc.edu" />
+	<target host="doit.wisc.edu" />
+	<target host="www.doit.wisc.edu" />
+	<target host="go.wisc.edu" />
+	<target host="kb.wisc.edu" />
+	<target host="learnuw.wisc.edu" />
+	<target host="ecs.library.wisc.edu" />
+	<target host="search.library.wisc.edu" />
+	<target host="login.wisc.edu" />
+	<target host="my.wisc.edu" />
+	<target host="mywebspace.wisc.edu" />
+	<target host="wayf.wisc.edu" />
+	<target host="wiscmail.wisc.edu" />
+	<target host="cs.wisc.edu" />
+	<target host="housing.wisc.edu" />
+	<target host="library.wisc.edu" />
+	<target host="math.wisc.edu" />
+	<target host="www.cs.wisc.edu" />
+	<target host="www.housing.wisc.edu" />
+	<target host="www.library.wisc.edu" />
+	<target host="www.math.wisc.edu" />
+
+	<!-- 404: Individual users must enable SSL for their personal pages. -->
+	<exclusion pattern="^http://pages\.cs\.wisc\.edu/+~" />
+	<test url="http://pages.cs.wisc.edu/~hartzheim" />
+
+
+	<test url="http://condor-wiki.cs.wisc.edu/" />
+	<test url="http://htcondor-wiki.cs.wisc.edu/" />
+	<test url="http://pages.cs.wisc.edu/" />
+	<test url="http://discovery.wisc.edu/" />
+	<test url="http://doit.wisc.edu/" />
+	<test url="http://www.doit.wisc.edu/" />
+	<test url="http://go.wisc.edu/" />
+	<test url="http://kb.wisc.edu/" />
+	<test url="http://learnuw.wisc.edu/" />
+	<test url="http://ecs.library.wisc.edu/" />
+	<test url="http://search.library.wisc.edu/" />
+	<test url="http://login.wisc.edu/" />
+	<test url="http://my.wisc.edu/" />
+	<test url="http://mywebspace.wisc.edu/" />
+	<test url="http://wayf.wisc.edu/" />
+	<test url="http://wiscmail.wisc.edu/" />
+
+	<!-- Require redirect to www.* to use SSL -->
+	<rule from="^http://(?:www\.)?(cs|housing|library|math)\.wisc\.edu/"
+	to="https://www.$1.wisc.edu/" />
+
+	<test url="http://cs.wisc.edu/" />
+	<test url="http://housing.wisc.edu/" />
+	<test url="http://library.wisc.edu/" />
+	<test url="http://www.library.wisc.edu/" />
+	<test url="http://math.wisc.edu/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/University_of_Wollongong.xml b/src/chrome/content/rules/University_of_Wollongong.xml
new file mode 100644
index 000000000000..df77289b7bf6
--- /dev/null
+++ b/src/chrome/content/rules/University_of_Wollongong.xml
@@ -0,0 +1,42 @@
+<!--
+	Problematic domains:
+	- uow.edu.au subdomains:
+		- www.library (mismatched)
+		- ^\.[a-zA-Z0-9-]+\.ezproxy$ (login.ezproxy works, example.com.ezproxy does not)
+
+	Nonfunctional domains:
+	- uow.edu.au subdomains:
+		- library (no content)
+-->
+<ruleset name="University of Wollongong">
+
+	<target host="uow.edu.au" />
+	<target host="www.uow.edu.au" />
+	<target host="sols.uow.edu.au" />
+	<target host="unicentre.uow.edu.au" />
+	<target host="unishop.uow.edu.au" />
+	<target host="password.uow.edu.au" />
+	<target host="eis.uow.edu.au" />
+	<target host="ssl.informatics.uow.edu.au" />
+	<target host="media.uow.edu.au" />
+	<target host="getstarted.uow.edu.au" />
+	<target host="api.uow.edu.au" />
+	<target host="coursefinder.uow.edu.au" />
+	<target host="globalchallenges.uow.edu.au" />
+	<target host="intranet.uow.edu.au" />
+	<target host="employment.uow.edu.au" />
+
+	<target host="moodle.uowplatform.edu.au" />
+	<target host="moodledev.uowplatform.edu.au" />
+
+	<target host="uowdubai.ac.ae" />
+	<target host="www.uowdubai.ac.ae" />
+
+
+	<!--securecookie host="^(www\.)?uow.edu.au$" name=".+" /> eg. ezproxy needs to work on http (see top of document) -->
+	<securecookie host="^sols\.uow\.edu\.au$" name=".+" /> <!-- can't see any cookies with this scope yet, but just in case -->
+	<!-- III_EXPT_FILE, III_SESSION_ID, SESSION_LANGUAGE look sensitive but I don't know what they are used for. SOLS appears to pass the session token in the url -->
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/University_of_York.xml b/src/chrome/content/rules/University_of_York.xml
new file mode 100644
index 000000000000..0acb18c4e34a
--- /dev/null
+++ b/src/chrome/content/rules/University_of_York.xml
@@ -0,0 +1,7 @@
+<ruleset name="University of York">
+
+  <target host="www.york.ac.uk" />
+
+  <rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Universityadmissions.se.xml b/src/chrome/content/rules/Universityadmissions.se.xml
index 513bdc21e644..eeb6fd9f867d 100644
--- a/src/chrome/content/rules/Universityadmissions.se.xml
+++ b/src/chrome/content/rules/Universityadmissions.se.xml
@@ -13,7 +13,6 @@
 	<securecookie host="^www\.universityadmissions.se$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?universityadmissions\.se/"
-		to="https://www.universityadmissions.se/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Univie.ac.at.xml b/src/chrome/content/rules/Univie.ac.at.xml
new file mode 100644
index 000000000000..17c38ad63654
--- /dev/null
+++ b/src/chrome/content/rules/Univie.ac.at.xml
@@ -0,0 +1,120 @@
+<!--
+	University of Vienna
+
+
+	Nonfunctional subdomains:
+
+		- rna.tbi *
+
+	* Refused
+
+
+	Partially covered subdomains:
+
+		- blog ¹
+		- data ²
+
+	¹ Avoiding false/broken MCB
+	² index.html redirects to http
+
+
+	Fully covered subdomains:
+
+		- (www.)
+		- aufnahmeverfahren
+		- bibliothek
+		- www.bpc
+		- chemie
+		- cs
+		- ctl
+		- forschungsnewsletter
+		- informatik
+		- international
+		- intra
+		- kalender
+		- medienportal
+		- online
+		- public
+		- sbterminals
+		- studentpoint
+		- studien-lehrwesen
+		- studienservice-lehrwesen
+		- www.tbi
+		- univis
+		- weblogin
+		- webmail
+		- zid
+
+
+	Mixed content:
+
+		- css on blog from $self *
+
+		- Images, on:
+
+			- bibliothek from $self *
+			- blog from $self *
+			- www from $self *
+
+		- favicons, on:
+
+			- www.bpc from $self *
+			- forschungsnewsletter from $self *
+			- international from $self *
+			- kalender from $self *
+			- public and univis from public *
+
+	* Secured by us
+
+-->
+<ruleset name="Univie.ac.at (partial)">
+
+	<target host="univie.ac.at" />
+	<target host="aufnahmeverfahren.univie.ac.at" />
+	<target host="bibliothek.univie.ac.at" />
+	<target host="blog.univie.ac.at" />
+	<target host="www.bpc.univie.ac.at" />
+	<target host="cs.univie.ac.at" />
+	<target host="ctl.univie.ac.at" />
+	<target host="data.univie.ac.at" />
+	<target host="forschungsnewsletter.univie.ac.at" />
+	<target host="informatik.univie.ac.at" />
+	<target host="international.univie.ac.at" />
+	<target host="intra.univie.ac.at" />
+	<target host="kalender.univie.ac.at" />
+	<target host="medienportal.univie.ac.at" />
+	<target host="online.univie.ac.at" />
+	<target host="public.univie.ac.at" />
+	<target host="sbterminals.univie.ac.at" />
+	<target host="studentpoint.univie.ac.at" />
+	<target host="studien-lehrwesen.univie.ac.at" />
+	<target host="studienservice-lehrwesen.univie.ac.at" />
+	<target host="www.tbi.univie.ac.at" />
+	<target host="univis.univie.ac.at" />
+	<target host="weblogin.univie.ac.at" />
+	<target host="webmail.univie.ac.at" />
+	<target host="www.univie.ac.at" />
+	<target host="zid.univie.ac.at" />
+		<!--
+			Avoid false/broken MCB:
+						-->
+		<exclusion pattern="^http://blog\.univie\.ac\.at/+(?!backend/|favicon\.ico)" />
+		<!--
+			Redirect to http:
+						-->
+		<exclusion pattern="^http://data\.univie\.ac\.at/index\.html" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(aufnahmeverfahren|www\.bpc|chemie|cs|ctl|forschungsnewsletter|informatik|international|kalender|medienportal|public|sbterminals|studentpoint|studien-lehrwesen|studienservice-lehrwesen|www|zid)\.univie\.ac\.at$" name="^fe_typo_user$" /-->
+	<!--securecookie host="^univis\.univie\.ac\.at$" name="^(JSESSIONID|aceid-\d+)$" /-->
+	<!--securecookie host="^weblogin\.univie\.ac\.at$" name="^(_idp_authn_lc_key|JSESSIONID)$" /-->
+
+	<securecookie host="^(?:aufnahmeverfahren|www\.bpc|chemie|cs|ctl|forschungsnewsletter|informatik|international|kalender|medienportal|public|sbterminals|studentpoint|studien(?:service)?-lehrwesen|univis|weblogin|www|zid)\.univie\.ac\.at$" name=".+" />
+
+
+	<rule from="^http://((?:aufnahmeverfahren|bibliothek|blog|www\.bpc|cs|ctl|data|forschungsnewsletter|informatik|international|intra|kalender|medienportal|online|public|sbterminals|studentpoint|studien(?:service)?-lehrwesen|www\.tbi|univis|weblogin|webmail|www|zid)\.)?univie\.ac\.at//"
+		to="https://$1univie.ac.at/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Unix4lyfe.org.xml b/src/chrome/content/rules/Unix4lyfe.org.xml
new file mode 100644
index 000000000000..ef1d7395a026
--- /dev/null
+++ b/src/chrome/content/rules/Unix4lyfe.org.xml
@@ -0,0 +1,18 @@
+<!--
+	includeSubDomains is sent in STS header.
+
+-->
+<ruleset name="unix4lyfe.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="unix4lyfe.org" />
+	<target host="*.unix4lyfe.org" />
+
+		<test url="http://www.unix4lyfe.org/" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/UnixStickers.com.xml b/src/chrome/content/rules/UnixStickers.com.xml
new file mode 100644
index 000000000000..1ca64fd29d1c
--- /dev/null
+++ b/src/chrome/content/rules/UnixStickers.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="UnixStickers.com">
+	<target host="unixstickers.com" />
+	<target host="www.unixstickers.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
+
diff --git a/src/chrome/content/rules/Unixmen.com.xml b/src/chrome/content/rules/Unixmen.com.xml
new file mode 100644
index 000000000000..6f73021a1512
--- /dev/null
+++ b/src/chrome/content/rules/Unixmen.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Unixmen.com">
+  <target host="unixmen.com" />
+  <target host="www.unixmen.com" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Unizar.es.xml b/src/chrome/content/rules/Unizar.es.xml
new file mode 100644
index 000000000000..82c9ba80a8a9
--- /dev/null
+++ b/src/chrome/content/rules/Unizar.es.xml
@@ -0,0 +1,538 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://aneto.unizar.es/ => https://aneto.unizar.es/: (7, 'Failed to connect to aneto.unizar.es port 443: Connection refused')
+Fetch error: http://arazas.unizar.es/ => https://arazas.unizar.es/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://arba.unizar.es/ => https://arba.unizar.es/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://arriel.unizar.es/ => https://arriel.unizar.es/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://mularroya10.cps.unizar.es/ => https://mularroya10.cps.unizar.es/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	Ruleset for unizar.es, the University of Zaragoza website.
+	See <https://en.wikipedia.org/wiki/University_of_Zaragoza>.
+
+	Known issues:
+		* mixed content issues on:
+			- cursosextraordinarios.unizar.es
+			- ocw.unizar.es
+		* incomplete certificate chain on sede.unizar.es.
+
+	Known subdomains that does not support HTTPS or have a wrongly
+	configured certificate (incomplete list):
+		* aize.unizar.es
+		* alano.unizar.es
+		* albarracin.unizar.es
+		* alfresco.i3a.unizar.es
+		* alfresco.unizar.es
+		* alfrescopro.unizar.es
+		* almenara.unizar.es
+		* amb.unizar.es
+		* anais.unizar.es
+		* aneto.unizar.es
+		* apl-sigeuz.unizar.es
+		* aralar.unizar.es
+		* arba.unizar.es
+		* arriel.unizar.es
+		* asimov.unizar.es
+		* asin.unizar.es
+		* aulavet04.unizar.es
+		* aulavet11.unizar.es
+		* babel.unizar.es
+		* bash.unizar.es
+
+		* bifi.unizar.es
+		* 3gbifi.bifi.unizar.es
+		* analyzer1.bifi.unizar.es
+		* analyzer2.bifi.unizar.es
+		* biblioteca.bifi.unizar.es
+		* fotocopiadora.bifi.unizar.es
+		* lxbifi11.bifi.unizar.es
+		* lxbifi21.bifi.unizar.es
+		* lxbifi24.bifi.unizar.es
+		* lxbifi37.bifi.unizar.es
+		* lxbifi44.bifi.unizar.es
+		* lxbifi49.bifi.unizar.es
+		* lxbifi72.bifi.unizar.es
+		* proxy-ara.bifi.unizar.es
+		* secretaria.bifi.unizar.es
+		* server2-ciencias.bifi.unizar.es
+		* server4-prg.bifi.unizar.es
+		* srv-17.bifi.unizar.es
+		* srv-18.bifi.unizar.es
+		* wbifi07.bifi.unizar.es
+
+		* bilbo.unizar.es
+		* bioflora.unizar.es
+		* bioq2.unizar.es
+		* bioservidor.unizar.es
+		* brasa.unizar.es
+		* buesa.unizar.es
+		* buz.unizar.es
+		* cae.unizar.es
+		* catedramln.unizar.es
+		* cave.unizar.es
+		* cea.unizar.es
+		* cederul.unizar.es
+		* celadas.unizar.es
+		* celestino.unizar.es
+		* cesar.unizar.es
+		* chato.unizar.es
+		* ciberconta.unizar.es
+		* cicic.unizar.es
+		* cierzo.unizar.es
+		* circelabs.unizar.es
+		* cirugiaveterinaria.unizar.es
+		* clink.unizar.es
+		* complex.unizar.es
+		* contsem.unizar.es
+		* cpanel.unizar.es
+
+		* abelardina.cps.unizar.es
+		* abril.cps.unizar.es
+		* agosto.cps.unizar.es
+		* alkaid.cps.unizar.es
+		* armandina.cps.unizar.es
+		* asic4.cps.unizar.es
+		* azucar.cps.unizar.es
+		* boadicea.cps.unizar.es
+		* cafe.cps.unizar.es
+		* cenarbe.cps.unizar.es
+		* ct.cps.unizar.es
+		* danae-http.cps.unizar.es
+		* diec.cps.unizar.es
+		* diecfw.cps.unizar.es
+		* dihana.cps.unizar.es
+		* duero.cps.unizar.es
+		* egraf9000.cps.unizar.es
+		* eolo.cps.unizar.es
+		* euler.cps.unizar.es
+		* fiona.cps.unizar.es
+		* gallego.cps.unizar.es
+		* giga.cps.unizar.es
+		* gsv02.cps.unizar.es
+		* gtchf4.cps.unizar.es
+		* hendrix-http.cps.unizar.es
+		* iaaaserver.cps.unizar.es
+		* isc.cps.unizar.es
+		* jaca.cps.unizar.es
+		* jnimp.cps.unizar.es
+		* kvm01.cps.unizar.es
+		* kvm02.cps.unizar.es
+		* laloteta.cps.unizar.es
+		* laloteta06.cps.unizar.es
+		* laloteta11.cps.unizar.es
+		* laloteta12.cps.unizar.es
+		* luna2.cps.unizar.es
+		* m28-030.cps.unizar.es
+		* mafalda.cps.unizar.es
+		* monet.cps.unizar.es
+		* mularroya01.cps.unizar.es
+		* mularroya03.cps.unizar.es
+		* mularroya04.cps.unizar.es
+		* mularroya05.cps.unizar.es
+		* mularroya08.cps.unizar.es
+		* mularroya09.cps.unizar.es
+		* mularroya10.cps.unizar.es
+		* mularroya14.cps.unizar.es
+		* mularroya15.cps.unizar.es
+		* nada.cps.unizar.es
+		* odyssea.cps.unizar.es
+		* optica11.cps.unizar.es
+		* osiris.cps.unizar.es
+		* pandora.cps.unizar.es
+		* pantuflo.cps.unizar.es
+		* physionet.cps.unizar.es
+		* produccion.cps.unizar.es
+		* ra-amon.cps.unizar.es
+		* robot26.cps.unizar.es
+		* sol1.cps.unizar.es
+		* viernes.cps.unizar.es
+		* xterm1.cps.unizar.es
+
+		* cta.unizar.es
+		* cuadrodemando.unizar.es
+		* cuarzo.unizar.es
+		* cud.unizar.es
+		* dade.unizar.es
+		* data.i3a.unizar.es
+		* db.unizar.es
+		* dd1-vmarin.unizar.es
+		* dd2-vmarin.unizar.es
+		* desinvenio.unizar.es
+		* dftuz.unizar.es
+		* didac.unizar.es
+		* diploma-ecografia.unizar.es
+		* doe.unizar.es
+		* dominio.unizar.es
+		* eas.unizar.es
+		* eci.unizar.es
+		* empresa.unizar.es
+		* epsh.unizar.es
+		* escarra.unizar.es
+		* estructuraehistoria.unizar.es
+		* eues.unizar.es
+		* evaluacion.unizar.es
+		* ezfac.unizar.es
+		* ezpc05.unizar.es
+		* ezpc10.unizar.es
+		* fa.unizar.es
+		* fiona.unizar.es
+		* firmas.unizar.es
+		* fis.unizar.es
+		* fismat.unizar.es
+		* flexvdi1.unizar.es
+		* flexvdi2.unizar.es
+		* fotoaragon.unizar.es
+		* franky.unizar.es
+		* gallego.unizar.es
+		* gaz.unizar.es
+		* gee.unizar.es
+		* genmico.unizar.es
+		* gestionaformacion.unizar.es
+		* gestionax.unizar.es
+		* gestux.unizar.es
+		* gifna.unizar.es
+		* gios.unizar.es
+		* gitel.unizar.es
+		* gmail.unizar.es
+		* gme.unizar.es
+		* gmg.unizar.es
+		* golem.unizar.es
+		* goya.unizar.es
+		* granjalibre.unizar.es
+		* gte.unizar.es
+		* gtf.unizar.es
+		* hermes.unizar.es
+		* hi.unizar.es
+		* hmc.unizar.es
+		* hospedajeweb.unizar.es
+		* host5.zcam.unizar.es
+		* how.unizar.es
+		* howlabdemo.unizar.es
+		* huecha.unizar.es
+		* huesca.unizar.es
+		* ibon.unizar.es
+		* identidad2.unizar.es
+		* ie.unizar.es
+		* intercambio.unizar.es
+		* ipcam-epsh.unizar.es
+		* ipcam-eupt.unizar.es
+		* isc.unizar.es
+		* isuela.unizar.es
+		* iuca.unizar.es
+		* iumawork.unizar.es
+		* jabber.unizar.es
+		* janovasx.unizar.es
+		* java.unizar.es
+		* kasper.unizar.es
+		* labje.unizar.es
+		* laimuz.unizar.es
+		* lam.unizar.es
+		* laurel.unizar.es
+		* ldap.i3a.unizar.es
+		* lfna.unizar.es
+		* lrf4.unizar.es
+		* lrfp.unizar.es
+		* m013-234.unizar.es
+		* m135-10.unizar.es
+		* m135-11.unizar.es
+		* m135-12.unizar.es
+		* m135-13.unizar.es
+		* m135-77.unizar.es
+		* m135-8.unizar.es
+		* m135-82.unizar.es
+		* m135-83.unizar.es
+		* m135-84.unizar.es
+		* m135-86.unizar.es
+		* m48-061.unizar.es
+		* mae.unizar.es
+		* mantenimiento.unizar.es
+		* marbore.unizar.es
+		* marino.unizar.es
+		* marketing.unizar.es
+		* martin.unizar.es
+		* meba.unizar.es
+		* mesa.unizar.es
+		* meteo.unizar.es
+		* metodosestadisticos.unizar.es
+		* milksci.unizar.es
+		* mistral.unizar.es
+		* moncayo.unizar.es
+		* moodle2ld1.unizar.es
+		* moodle2ld2.unizar.es
+		* moodle2web1.unizar.es
+		* moodle2web2.unizar.es
+		* moodle2web3.unizar.es
+		* moodle2web4.unizar.es
+		* moodle2web5.unizar.es
+		* mysqlweb.unizar.es
+		* noema2bis.unizar.es
+		* ns.unizar.es
+		* ntp.unizar.es
+		* ntp1.unizar.es
+		* nuez.unizar.es
+		* ocs.unizar.es
+		* ode.unizar.es
+		* om4moodle.unizar.es
+		* openmeetings.unizar.es
+		* osluz.unizar.es
+		* osm.unizar.es
+		* otriserv.unizar.es
+		* pandora.unizar.es
+		* pcmap.unizar.es
+		* piedra.unizar.es
+		* plyca3.unizar.es
+		* plyca4.unizar.es
+		* pmoncayo.unizar.es
+		* posta.unizar.es
+		* prensa.unizar.es
+		* proyectista-piping.unizar.es
+		* proyectosocial.unizar.es
+		* psfunizar7.unizar.es
+		* psfunizar9.unizar.es
+		* pulsar.unizar.es
+		* pulsarsrv.unizar.es
+		* puz.unizar.es
+		* qi.unizar.es
+		* radio.unizar.es
+		* relayvirtual1.unizar.es
+		* renaissance.unizar.es
+		* riemann.unizar.es
+		* roble.unizar.es
+		* roble1.unizar.es
+		* roble2.unizar.es
+		* robotics.unizar.es
+		* robots.unizar.es
+		* rrhhexp.unizar.es
+		* s.unizar.es
+		* sage-opt.unizar.es
+		* sai.unizar.es
+		* saturno.unizar.es
+		* score.unizar.es
+		* sede.unizar.es
+		* seim.unizar.es
+		* server2-epsh.unizar.es
+		* server2-eupt.unizar.es
+		* server3-eupt.unizar.es
+		* server4-epsh.unizar.es
+		* server4-eupt.unizar.es
+		* servet.unizar.es
+		* sid01.unizar.es
+		* sipui.unizar.es
+		* smc.unizar.es
+		* softlibre.unizar.es
+		* sorollaformacion.unizar.es
+		* sorollaformacionsso.unizar.es
+		* sorores.unizar.es
+		* sso.unizar.es
+		* stc.unizar.es
+		* subordan.unizar.es
+		* sultan.unizar.es
+		* supercoco.unizar.es
+		* superjuan.unizar.es
+		* tablon.unizar.es
+		* tama.unizar.es
+		* tejo.unizar.es
+		* termograf.unizar.es
+		* tic.unizar.es
+		* tiermas.unizar.es
+		* tiip.eina.unizar.es
+		* titan.unizar.es
+		* titulaciones.unizar.es
+		* torla.unizar.es
+		* tramita.unizar.es
+		* tv.unizar.es
+		* umi.unizar.es
+		* uprl.unizar.es
+		* urraca.unizar.es
+		* ursus.unizar.es
+		* utc.unizar.es
+		* uvt.unizar.es
+		* uxxits1.unizar.es
+		* veterinaria.unizar.es
+		* vibida.unizar.es
+		* vitalinux.unizar.es
+		* vitaweb.unizar.es
+		* vpn1.unizar.es
+		* vpn2.unizar.es
+		* web-ter.unizar.es
+		* webaccess.unizar.es
+		* webadmin.unizar.es
+		* webdev.unizar.es
+		* webeld1.unizar.es
+		* webeld2.unizar.es
+		* webesolr1.unizar.es
+		* webesolr2.unizar.es
+		* webeweb3.unizar.es
+		* webmail.unizar.es (unknown issuer)
+		* webserver.unizar.es
+		* websurveys.unizar.es
+		* wwwad.unizar.es
+		* wzar.unizar.es
+		* xxx.unizar.es
+		* zaramit.unizar.es
+		* zenon.unizar.es
+		* zuriza.unizar.es
+-->
+<ruleset name="Universidad de Zaragoza" default_off="failed ruleset test">
+
+	<target host="unizar.es" />
+	<target host="www.unizar.es" />
+
+	<target host="academico.unizar.es" />
+	<target host="add.unizar.es" />
+	<target host="alojamiento.unizar.es" />
+	<target host="alojamiento01.unizar.es" />
+	<target host="alojamiento02.unizar.es" />
+	<target host="alojamientof.unizar.es" />
+	<target host="anatomiaembriologiagenetica.unizar.es" />
+	<target host="aneto.unizar.es" />
+	<target host="arazas.unizar.es" />
+	<target host="ayudica.unizar.es" />
+	<target host="azuara.unizar.es" />
+	<target host="bb.unizar.es" />
+	<target host="biblioteca.unizar.es" />
+	<target host="biblos.unizar.es" />
+	<target host="server1-ciencias.bifi.unizar.es" />
+	<target host="server4-ciencias.bifi.unizar.es" />
+	<target host="campamentos.unizar.es" />
+	<target host="campushuesca.unizar.es" />
+	<target host="campusteruel.unizar.es" />
+	<target host="catedraaitiip.unizar.es" />
+	<target host="catedradpzdesarrollolocal.unizar.es" />
+	<target host="catedraemprender.unizar.es" />
+	<target host="catedras.unizar.es" />
+	<target host="catedraspfremap.unizar.es" />
+	<target host="cerbuna.unizar.es" />
+	<target host="cgti.unizar.es" />
+	<target host="ciencias.unizar.es" />
+	<target host="cienciastierra.unizar.es" />
+	<target host="cmusantaisabel.unizar.es" />
+	<target host="cody.unizar.es" />
+	<target host="consejosocial.unizar.es" />
+	<target host="correo.unizar.es" />
+	<target host="culm.unizar.es" />
+	<target host="cultura.unizar.es" />
+	<target host="cursosdeespanol.unizar.es" />
+	<target host="dae.unizar.es" />
+	<target host="defensoruniversitario.unizar.es" />
+	<target host="deportes.unizar.es" />
+	<target host="deposita.unizar.es" />
+	<target host="derecho.unizar.es" />
+	<target host="diis.unizar.es" />
+	<target host="discovery.unizar.es" />
+	<target host="documenta.unizar.es" />
+	<target host="documenta1.unizar.es" />
+	<target host="economico.unizar.es" />
+	<target host="econz.unizar.es" />
+	<target host="edu.unizar.es" />
+	<target host="educacion.unizar.es" />
+	<target host="eina.unizar.es" />
+	<target host="encuestas.unizar.es" />
+	<target host="enfermeriahuesca.unizar.es" />
+	<target host="eps.unizar.es" />
+	<target host="escueladoctorado.unizar.es" />
+	<target host="eupt.unizar.es" />
+	<target host="facturaelectronica.unizar.es" />
+	<target host="fantoniogargallo.unizar.es" />
+	<target host="fccsyd.unizar.es" />
+	<target host="fcs.unizar.es" />
+	<target host="fcsh.unizar.es" />
+	<target host="fegp.unizar.es" />
+	<target host="fehm2016.unizar.es" />
+	<target host="filologiainglesa.unizar.es" />
+	<target host="flumen.unizar.es" />
+	<target host="fmc.unizar.es" />
+	<target host="fteorica.unizar.es" />
+	<target host="fyl.unizar.es" />
+	<target host="games.unizar.es" />
+	<target host="gdmz.unizar.es" />
+	<target host="geografia.unizar.es" />
+	<target host="gestiona.unizar.es" />
+	<target host="gi-japon.unizar.es" />
+	<target host="gitlab.unizar.es" />
+	<target host="i3a.unizar.es" />
+	<target host="ina.unizar.es" />
+	<target host="init.unizar.es" />
+	<target host="innovaciondocente.unizar.es" />
+	<target host="iuma.unizar.es" />
+	<target host="janovas.unizar.es" />
+	<target host="janovasformacion.unizar.es" />
+	<target host="javanos.unizar.es" />
+	<target host="laser.unizar.es" />
+	<target host="licitacion.unizar.es" />
+	<target host="listas.unizar.es" />
+	<target host="lma.unizar.es" />
+	<target host="login.unizar.es" />
+	<target host="lucia.unizar.es" />
+	<target host="magister.unizar.es" />
+	<target host="magna.unizar.es" />
+	<target host="mahara.unizar.es" />
+	<target host="mail.unizar.es" />
+	<target host="maplicada.unizar.es" />
+	<target host="medicina.unizar.es" />
+	<target host="metro.unizar.es" />
+	<target host="mfc.unizar.es" />
+	<target host="moodle.unizar.es" />
+	<target host="moodle2.unizar.es" />
+	<target host="nas-ter.unizar.es" />
+	<target host="observatorioigualdad.unizar.es" />
+	<target host="oficinaverde.unizar.es" />
+	<target host="ope.unizar.es" />
+	<target host="otrs.unizar.es" />
+	<target host="ouad.unizar.es" />
+	<target host="papiro.unizar.es" />
+	<target host="patrimoniocultural.unizar.es" />
+	<target host="personal.unizar.es" />
+	<target host="piping.unizar.es" />
+	<target host="platinum.unizar.es" />
+	<target host="platon.unizar.es" />
+	<target host="politicasocial.unizar.es" />
+	<target host="portaltransparencia.unizar.es" />
+	<target host="psfunizar7.unizar.es" />
+	<target host="redmine.unizar.es" />
+	<target host="remotosicuz.unizar.es" />
+	<target host="riemann.unizar.es" />
+	<target host="roble.unizar.es" />
+	<target host="rrhh.unizar.es" />
+	<target host="saludable.unizar.es" />
+	<target host="secregen.unizar.es" />
+	<target host="segeda01.unizar.es" />
+	<target host="semalimentos2014.unizar.es" />
+	<target host="sia.unizar.es" />
+	<target host="sicuz.unizar.es" />
+	<target host="sir.unizar.es" />
+	<target host="sociales.unizar.es" />
+	<target host="somos.unizar.es" />
+	<target host="spinup.unizar.es" />
+	<target host="stratos.unizar.es" />
+	<target host="teruel.unizar.es" />
+	<target host="tiuz.unizar.es" />
+	<target host="tiuzw.unizar.es" />
+	<target host="tiuzwf.unizar.es" />
+	<target host="ucc.unizar.es" />
+	<target host="uez.unizar.es" />
+	<target host="uif.unizar.es" />
+	<target host="unidadcalidad.unizar.es" />
+	<target host="unidadseguridad.unizar.es" />
+	<target host="usuz.unizar.es" />
+	<target host="vehivial.unizar.es" />
+	<target host="vivolab.unizar.es" />
+	<target host="vpn.unizar.es" />
+	<target host="vribota.unizar.es" />
+	<target host="webdiis.unizar.es" />
+	<target host="webe.unizar.es" />
+	<target host="webeweb1.unizar.es" />
+	<target host="webeweb2.unizar.es" />
+	<target host="webpouz.unizar.es" />
+	<target host="webstats.unizar.es" />
+	<target host="wikinformatica.unizar.es" />
+	<target host="zaguan.unizar.es" />
+
+	<test url="http://biblioteca.unizar.es/" />
+	<test url="http://mail.unizar.es/" />
+	<test url="http://eina.unizar.es/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Unizg.hr.xml b/src/chrome/content/rules/Unizg.hr.xml
new file mode 100644
index 000000000000..14b43fbd0d5c
--- /dev/null
+++ b/src/chrome/content/rules/Unizg.hr.xml
@@ -0,0 +1,27 @@
+<!--
+	Invalid certificate:
+		unizg.hr
+		fer.unizg.hr
+
+	Refused:
+		www.unizg.hr
+
+-->
+<ruleset name="Unizg.hr (partial)">
+	<target host="www.fer.unizg.hr" />
+
+	<target host="ferko.fer.hr" />
+
+	<target host="ffzg.unizg.hr" />
+	<target host="www.ffzg.unizg.hr" />
+
+	<!-- pmf.unizg.hr is not in DNS -->
+	<target host="www.pmf.unizg.hr" />
+
+	<!-- vef.unizg.hr is not in DNS -->
+	<target host="www.vef.unizg.hr" />
+
+	<target host="vojni.unizg.hr" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Unknowncheats.me.xml b/src/chrome/content/rules/Unknowncheats.me.xml
index 417c48aad0b1..3af2d4c31cc8 100644
--- a/src/chrome/content/rules/Unknowncheats.me.xml
+++ b/src/chrome/content/rules/Unknowncheats.me.xml
@@ -1,5 +1,24 @@
+<!--
+	Mixed content:
+
+		- Images from $self *
+
+	* Secured by us
+
+-->
 <ruleset name="Unknowncheats.me">
-<target host="www.unknowncheats.me"/>
-<target host="unknowncheats.me"/>
-<rule from="^http://(www\.)?unknowncheats\.me/" to="https://www.unknowncheats.me/"/>
+
+	<target host="unknowncheats.me" />
+	<target host="www.unknowncheats.me" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.unknowncheats\.me$" name="^(bblastactivity|bblastvisit|bbsessionhash)$" /-->
+
+	<securecookie host="^(?:www)?\.unknowncheats\.me$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/Unlicense.org.xml b/src/chrome/content/rules/Unlicense.org.xml
new file mode 100644
index 000000000000..0b3491b62a94
--- /dev/null
+++ b/src/chrome/content/rules/Unlicense.org.xml
@@ -0,0 +1,12 @@
+<!--
+	Mismatch:
+		- webmail.unlicense.org
+		- www.webmail.unlicense.org
+
+-->
+<ruleset name="Unlicense.org">
+	<target host="unlicense.org" />
+	<target host="www.unlicense.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/UnlimitedHost.xml b/src/chrome/content/rules/UnlimitedHost.xml
deleted file mode 100644
index ca177a824c0b..000000000000
--- a/src/chrome/content/rules/UnlimitedHost.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.) *
-		- client *
-
-	* http reply
-
--->
-<ruleset name="UnlimitedHost (partial)">
-
-	<target host="apollo.unlimitedhost.asia" />
-
-
-	<rule from="^http://apollo\.unlimitedhost\.asia/"
-		to="https://apollo.unlimitedhost.asia/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Unlimited_401k.com.xml b/src/chrome/content/rules/Unlimited_401k.com.xml
new file mode 100644
index 000000000000..694f3407a4a5
--- /dev/null
+++ b/src/chrome/content/rules/Unlimited_401k.com.xml
@@ -0,0 +1,31 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .unlimited401k.com
+
+
+	Mixed content:
+
+		- css from www.jeffnabers.com *
+		- Images from www.jeffnabers.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Unlimited 401k.com (false MCB)" platform="mixedcontent">
+
+	<target host="unlimited401k.com" />
+	<target host="www.unlimited401k.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.unlimited401k\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.unlimited401k\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Unmitigated_Risk.com.xml b/src/chrome/content/rules/Unmitigated_Risk.com.xml
new file mode 100644
index 000000000000..d9e416f3f9d0
--- /dev/null
+++ b/src/chrome/content/rules/Unmitigated_Risk.com.xml
@@ -0,0 +1,41 @@
+<!--
+	NB: Tor users cannot view* this website due to CloudFlare settings.
+
+	See:
+
+		- https://blog.torproject.org/blog/call-arms-helping-internet-services-accept-anonymous-users
+		- https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block-Tor-
+		- https://support.cloudflare.com/hc/en-us/articles/200170206-How-do-I-turn-I-m-Under-Attack-mode-on-
+
+	* without enabling javascript, for security and privacy implications see e.g.:
+
+		- https://www.mozilla.org/security/known-vulnerabilities/firefox.html
+		- https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-fingerprinting
+		- https://panopticlick.eff.org
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- unmitigatedrisk.com
+		- .unmitigatedrisk.com
+		- www.unmitigatedrisk.com
+
+-->
+<ruleset name="Unmitigated Risk.com">
+
+	<target host="unmitigatedrisk.com" />
+	<target host="www.unmitigatedrisk.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?unmitigatedrisk\.com$" name="^X-Mapping-" /-->
+	<!--securecookie host="^\.unmitigatedrisk\.com$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Uno.im.xml b/src/chrome/content/rules/Uno.im.xml
new file mode 100644
index 000000000000..9e030ac24964
--- /dev/null
+++ b/src/chrome/content/rules/Uno.im.xml
@@ -0,0 +1,40 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://uno.im/ => https://uno.im/: (6, 'Could not resolve host: uno.im')
+Fetch error: http://pbx.uno.im/ => https://pbx.uno.im/: (6, 'Could not resolve host: pbx.uno.im')
+Fetch error: http://www.uno.im/ => https://www.uno.im/: (6, 'Could not resolve host: www.uno.im')
+
+	Fully covered hosts in *uno.im:
+
+		- (www.)?
+		- pbx
+
+
+	Insecure cookies are set for these domains:
+
+		- .uno.im
+		- .pbx.uno.im
+		- .www.uno.im
+
+-->
+<ruleset name="Uno.im" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="uno.im" />
+	<target host="pbx.uno.im" />
+	<target host="www.uno.im" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.(?:pbx\.|www\.)?uno\.im$" name="^openvbx_session$" /-->
+
+	<securecookie host="^\.(?:pbx\.|www\.)?uno\.im$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/UnoEuro.com.xml b/src/chrome/content/rules/UnoEuro.com.xml
index 5b9a746db3bc..11af8ccbb8f9 100644
--- a/src/chrome/content/rules/UnoEuro.com.xml
+++ b/src/chrome/content/rules/UnoEuro.com.xml
@@ -18,13 +18,18 @@
 <ruleset name="UnoEuro.com (partial)">
 
 	<target host="unoeuro.com" />
-	<target host="*.unoeuro.com" />
+	<target host="de.unoeuro.com" />
+	<target host="en.unoeuro.com" />
+	<target host="lu.unoeuro.com" />
+	<target host="no.unoeuro.com" />
+	<target host="static.unoeuro.com" />
+	<target host="sv.unoeuro.com" />
+	<target host="www.unoeuro.com" />
 
 
 	<securecookie host="^\.unoeuro\.com$" name=".+" />
 
 
-	<rule from="^http://((?:de|en|lu|no|static|sv|www)\.)?unoeuro\.com/"
-		to="https://$1unoeuro.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Unop.uk.xml b/src/chrome/content/rules/Unop.uk.xml
new file mode 100644
index 000000000000..3d84c73a586c
--- /dev/null
+++ b/src/chrome/content/rules/Unop.uk.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these domains: ᶜ
+
+		- .unop.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="unop.uk">
+
+	<target host="unop.uk" />
+	<target host="www.unop.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.unop\.uk$" name="^(?:__cfduid|ARRAffinity|cf_clearance)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Unpaywall.org.xml b/src/chrome/content/rules/Unpaywall.org.xml
new file mode 100644
index 000000000000..cf22855bf86a
--- /dev/null
+++ b/src/chrome/content/rules/Unpaywall.org.xml
@@ -0,0 +1,13 @@
+<!--
+	For related rules, see OADOI.org.xml
+
+-->
+<ruleset name="Unpaywall.org">
+
+	<target host="unpaywall.org" />
+	<target host="api.unpaywall.org" />
+	<target host="search.unpaywall.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Unreal_Engine.xml b/src/chrome/content/rules/Unreal_Engine.xml
index adb98074f589..f446ab13c88e 100644
--- a/src/chrome/content/rules/Unreal_Engine.xml
+++ b/src/chrome/content/rules/Unreal_Engine.xml
@@ -1,17 +1,51 @@
 <!--
 	For other Epic Games coverage, see Epic_Games.xml.
 
+
+	CDN buckets:
+
+		- d26ilriwvtzlb.cloudfront.net
+		- de45xmedrsdbp.cloudfront.net
+
+
+	Insecure cookies are set for these hosts:
+
+		- answers.unrealengine.com
+		- forums.unrealengine.com
+		- wiki.unrealengine.com
+		- www.unrealengine.com
+
+
+	Mixed content:
+
+		- Web bugs, on:
+
+			- docs from www.google.com *
+			- forums from mystatus.skype.com
+
+	* Secured by us
+
 -->
-<ruleset name="Unreal Engine">
+<ruleset name="Unreal Engine.com">
 
 	<target host="unrealengine.com" />
+	<target host="answers.unrealengine.com" />
+	<target host="docs.unrealengine.com" />
+	<target host="forums.unrealengine.com" />
+	<target host="wiki.unrealengine.com" />
 	<target host="www.unrealengine.com" />
 
 
-	<securecookie host="^(?:www\.)?unrealengine\.com$" name=".+" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^answers\.unrealengine\.com$" name="^(AWSELB|TH_CSRF)$" /-->
+	<!--securecookie host="^forums\.unrealengine\.com$" name="^(AWSELB|bb_lastactivity|bb_lastvisit|bb_sessionhash)$" /-->
+	<!--securecookie host="^(wiki|www)\.unrealengine\.com$" name="^AWSELB$" /-->
+
+	<securecookie host="^(?:(?:answers|forums|wiki|www)\.)?unrealengine\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?unrealengine\.com/"
-		to="https://$1unrealengine.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Unreality_TV.xml b/src/chrome/content/rules/Unreality_TV.xml
index a79e96f72274..810210450478 100644
--- a/src/chrome/content/rules/Unreality_TV.xml
+++ b/src/chrome/content/rules/Unreality_TV.xml
@@ -1,21 +1,11 @@
-<!--
-	CDN buckets:
+<ruleset name="Unreality TV" default_off="refused">
 
-		- d2t0hyryl46u6u.cloudfront.net
-			- static.unrealitytv.co.uk
+	<target host="unrealitytv.co.uk" />
+	<target host="primetime.unrealitytv.co.uk" />
+	<target host="www.unrealitytv.co.uk" />
 
 
-	Nonfunctional subdomains:
+	<rule from="^http:"
+		to="https:" />
 
-		- www		(CN Parallels Panel; shows default Media Temple page)
-
--->
-<ruleset name="Unreality TV (partial)">
-
-	<target host="static.unrealitytv.co.uk" />
-
-
-	<rule from="^https?://static\.unrealitytv\.co\.uk/"
-		to="https://d2t0hyryl46u6u.cloudfront.net/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Unrealty.net.xml b/src/chrome/content/rules/Unrealty.net.xml
new file mode 100644
index 000000000000..a27eb6fa593f
--- /dev/null
+++ b/src/chrome/content/rules/Unrealty.net.xml
@@ -0,0 +1,14 @@
+<!--
+	Dropped:
+		- ^ (fixed by this ruleset)
+-->
+
+<ruleset name="Unrealty.net">
+	<target host="unrealty.net" />
+	<target host="www.unrealty.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://unrealty\.net/" to="https://www.unrealty.net/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Unrestrict.li.xml b/src/chrome/content/rules/Unrestrict.li.xml
deleted file mode 100644
index f99b06ba803a..000000000000
--- a/src/chrome/content/rules/Unrestrict.li.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<ruleset name="unrestrict.li">
-
-	<target host="unr.li" />
-	<target host="*.unr.li" />
-	<target host="unrestrict.li" />
-	<target host="*.unrestrict.li" />
-
-
-	<securecookie host="^\.unr(?:estrict)?\.li$" name=".+" />
-
-
-	<rule from="^http://(www\.)?unr(estrict)?\.li/"
-		to="https://$1unr$2.li/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Unsearcher.org.xml b/src/chrome/content/rules/Unsearcher.org.xml
new file mode 100644
index 000000000000..0b11bfb314ce
--- /dev/null
+++ b/src/chrome/content/rules/Unsearcher.org.xml
@@ -0,0 +1,9 @@
+<ruleset name="Unsearcher.org">
+
+	<target host="unsearcher.org" />
+	<target host="www.unsearcher.org" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Unsplash.com.xml b/src/chrome/content/rules/Unsplash.com.xml
new file mode 100644
index 000000000000..044651a931fb
--- /dev/null
+++ b/src/chrome/content/rules/Unsplash.com.xml
@@ -0,0 +1,43 @@
+<!--
+	Non-functional subdomains:
+		- chat		(SSL connection error)
+		- community	(t)
+		- email		(t)
+		- tumblr	(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Unsplash.com">
+
+	<target host="unsplash.com" />
+	<target host="www.unsplash.com" />
+	<target host="1095.unsplash.com" />
+	<target host="1460.unsplash.com" />
+	<target host="730.unsplash.com" />
+	<target host="api.unsplash.com" />
+	<target host="awards.unsplash.com" />
+	<target host="book.unsplash.com" />
+	<target host="changelog.unsplash.com" />
+	<target host="download.unsplash.com" />
+		<test url="http://download.unsplash.com/7/girl-flowers.jpg" />
+	<target host="hd.unsplash.com" />
+	<target host="images.unsplash.com" />
+	<target host="instant.unsplash.com" />
+	<target host="madewith.unsplash.com" />
+	<target host="makeday.unsplash.com" />
+	<target host="pages.unsplash.com" />
+	<target host="slack.unsplash.com" />
+	<target host="source.unsplash.com" />
+	<target host="status.unsplash.com" />
+	<target host="store.unsplash.com" />
+	<target host="tv.unsplash.com" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Untangle.com.xml b/src/chrome/content/rules/Untangle.com.xml
new file mode 100644
index 000000000000..3e229b26362e
--- /dev/null
+++ b/src/chrome/content/rules/Untangle.com.xml
@@ -0,0 +1,57 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://promo.untangle.com/ => https://promo.untangle.com/: (51, "SSL: no alternative certificate subject name matches target host name 'promo.untangle.com'")
+
+	Nonfunctional hosts in *untangle.com:
+
+		- help-icc 	¹
+		- phishupdates 	¹
+		- virus 	¹
+		- wiki 		¹
+		- www5		(mismatch hostname, CN:  *.pardot.com)
+
+	¹ Timeout
+
+
+	Insecure cookies are set for these domains:
+
+		- .untangle.com
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- forums from develop.untangle.com ˢ
+			- forums from www.untangle.com ˢ
+
+		- Ad on forums from $self ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="Untangle.com (partial)" default_off="failed ruleset test">
+
+	<target host="untangle.com" />
+	<target host="bugzilla.untangle.com" />
+	<target host="develop.untangle.com" />
+	<target host="download.untangle.com" />
+	<target host="forums.untangle.com" />
+	<target host="promo.untangle.com" />
+	<target host="support.untangle.com" />
+	<target host="www.untangle.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.untangle\.com$" name="^ubvt$" /-->
+
+	<securecookie host="^\." name="^ubvt$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Untappd.com.xml b/src/chrome/content/rules/Untappd.com.xml
new file mode 100644
index 000000000000..092a10fbc19c
--- /dev/null
+++ b/src/chrome/content/rules/Untappd.com.xml
@@ -0,0 +1,32 @@
+<!--
+	CDN buckets:
+
+		- untappd.akamaized.net
+		- untappd.s3.amazonaws.com
+
+
+	Problematic hosts in *untappd.com:
+
+		- help *
+
+	* Tender
+
+-->
+<ruleset name="Untappd.com (partial)">
+
+	<target host="untappd.com" />
+	<target host="www.untappd.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^untappd\.com$" name="^untappd_com_site_v2$" /-->
+	<!--securecookie host="^help\.untappd\.com$" name="^(?:_tender_session|anon_token)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Untergeschoss.ch.xml b/src/chrome/content/rules/Untergeschoss.ch.xml
new file mode 100644
index 000000000000..2018bacda1e4
--- /dev/null
+++ b/src/chrome/content/rules/Untergeschoss.ch.xml
@@ -0,0 +1,14 @@
+<!--
+	For other ETH Zürich coverage, see ETH_Zurich.xml.
+
+-->
+<ruleset name="Untergeschoss.ch">
+
+	<target host="untergeschoss.ch" />
+	<target host="www.untergeschoss.ch" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Unthem.xml b/src/chrome/content/rules/Unthem.xml
index cbea3e0f2962..3039ede91e39 100644
--- a/src/chrome/content/rules/Unthem.xml
+++ b/src/chrome/content/rules/Unthem.xml
@@ -7,7 +7,6 @@
 	<target host="api.unthem.com" />
 
 
-	<rule from="^http://api\.unthem\.com/"
-		to="https://api.unthem.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Unvanquished.net.xml b/src/chrome/content/rules/Unvanquished.net.xml
index e1d340b3a0ea..9486ed075020 100644
--- a/src/chrome/content/rules/Unvanquished.net.xml
+++ b/src/chrome/content/rules/Unvanquished.net.xml
@@ -7,7 +7,8 @@
 <ruleset name="Unvanquished.net" default_off="self-signed">
 
 	<target host="unvanquished.net" />
-	<target host="*.unvanquished.net" />
+	<target host="www.unvanquished.net" />
+	<target host="forum.unvanquished.net" />
 
 
 	<securecookie host="^\.unvanquished\.net$" name=".+" />
diff --git a/src/chrome/content/rules/Unwanted_Witness.or.ug.xml b/src/chrome/content/rules/Unwanted_Witness.or.ug.xml
new file mode 100644
index 000000000000..16633bf9e42b
--- /dev/null
+++ b/src/chrome/content/rules/Unwanted_Witness.or.ug.xml
@@ -0,0 +1,30 @@
+<!--
+	(www.)?unwantedwitness.or.ug:2095: Handshake fails
+	(www.)?unwantedwitness.or.ug:2096: Mismatched
+
+
+	Mixed content:
+
+		- Images from $self *
+
+	* Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Unwanted Witness.or.ug">
+
+	<target host="unwantedwitness.or.ug" />
+	<target host="www.unwantedwitness.or.ug" />
+
+
+	<!--	Redirect keeps path and args, but not forward slash:
+									-->
+	<rule from="^http://(?:www\.)?unwantedwitness\.or\.ug:209[56]/+"
+		to="https://hos.hostalite.com:2096/" />
+
+		<test url="http://unwantedwitness.or.ug:2095/" />
+		<test url="http://www.unwantedwitness.or.ug:2096/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Unwire.hk.xml b/src/chrome/content/rules/Unwire.hk.xml
new file mode 100644
index 000000000000..2a5780c96ba5
--- /dev/null
+++ b/src/chrome/content/rules/Unwire.hk.xml
@@ -0,0 +1,32 @@
+<!--
+	Non-functional hosts
+		Timeout was reached:
+		- sapp.unwire.hk
+
+		SSL peer certificate was not OK:
+		- career.unwire.hk
+		- event.unwire.hk
+		- link.unwire.hk
+		- static.unwire.hk
+
+		Redirects to HTTP:
+		- ad.unwire.hk
+
+		Different content:
+		- test.unwire.hk
+-->
+<ruleset name="Unwire.hk">
+	<target host="unwire.hk" />
+	<target host="www.unwire.hk" />
+	<target host="cache.unwire.hk" />
+	<target host="cdn.unwire.hk" />
+	<target host="check.unwire.hk" />
+	<target host="edm.unwire.hk" />
+	<target host="preview.unwire.hk" />
+	<target host="startfintech.unwire.hk" />
+	<target host="store.unwire.hk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/UnwiredLtd.com.xml b/src/chrome/content/rules/UnwiredLtd.com.xml
new file mode 100644
index 000000000000..562f42df321d
--- /dev/null
+++ b/src/chrome/content/rules/UnwiredLtd.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="UnwiredLtd.com">
+	<target host="unwiredltd.com" />
+	<target host="www.unwiredltd.com" />
+	<target host="lg.unwiredltd.com" />
+	<target host="svr02-jls.unwiredltd.com" />
+	<target host="svr03-365.unwiredltd.com" />
+	<target host="webmail.unwiredltd.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/UofLPhysicians.com.xml b/src/chrome/content/rules/UofLPhysicians.com.xml
new file mode 100644
index 000000000000..faa1fd99dbd2
--- /dev/null
+++ b/src/chrome/content/rules/UofLPhysicians.com.xml
@@ -0,0 +1,11 @@
+<ruleset name="UofLPhysicians.com">
+  <target host=    "uoflphysicians.com" />
+  <target host="www.uoflphysicians.com" />
+
+  <securecookie host="^www\.uoflphysicians\.com$" name=".+" />
+
+  <rule from="^http://uoflphysicians\.com/"
+	  to="https://www.uoflphysicians.com/" />
+  <rule from="^http:"
+	  to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/UofMHealth.org.xml b/src/chrome/content/rules/UofMHealth.org.xml
new file mode 100644
index 000000000000..02460aada8f6
--- /dev/null
+++ b/src/chrome/content/rules/UofMHealth.org.xml
@@ -0,0 +1,14 @@
+<!-- uofmhealthblogs.org does not provide https -->
+<ruleset name="University of Michigan Health - uofmhealth.org (partial)">
+	<target host=      "uofmhealth.org"/>
+	<target host=  "www.uofmhealth.org"/>
+	<target host=    "myuofmhealth.org"/>
+	<target host="www.myuofmhealth.org"/>
+	<securecookie host="^(www)?\.uofmhealth\.org$" name=".+" />
+	<rule from="^http://uofmhealth\.org/"
+		to="https://www.uofmhealth.org/"/>
+	<rule from="^http://myuofmhealth\.org/"
+		to="https://www.myuofmhealth.org/"/>
+	<rule from="^http:"
+		to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/Up0.net.xml b/src/chrome/content/rules/Up0.net.xml
new file mode 100644
index 000000000000..164a2962df33
--- /dev/null
+++ b/src/chrome/content/rules/Up0.net.xml
@@ -0,0 +1,19 @@
+<!--
+	For other Lyris coverage, see Lyris.xml.
+
+-->
+<ruleset name="up0.net">
+
+	<target host="up0.net"/>
+	<target host="*.up0.net"/>
+
+		<test url="http://www.up0.net/" />
+
+
+	<rule from="^http://up0\.net/"
+		to="https://www.up0.net/"/>
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/UpScore.com.xml b/src/chrome/content/rules/UpScore.com.xml
new file mode 100644
index 000000000000..0be4e6aa6a81
--- /dev/null
+++ b/src/chrome/content/rules/UpScore.com.xml
@@ -0,0 +1,21 @@
+<!--
+	Connection closed:
+		data
+-->
+<ruleset name="UpScore.com">
+
+	<target host="upscore.com" />
+	<target host="www.upscore.com" />
+	<target host="content.upscore.com" />
+	<target host="files.upscore.com" />
+		<test url="http://files.upscore.com/async/upScore.js" />
+	<target host="hit-error.upscore.com" />
+	<target host="hit-pool.upscore.com" />
+	<target host="hit-pool-2.upscore.com" />
+	<target host="positions.upscore.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/UpSploit.com.xml b/src/chrome/content/rules/UpSploit.com.xml
index dff7dfa1dadb..4339f977610b 100644
--- a/src/chrome/content/rules/UpSploit.com.xml
+++ b/src/chrome/content/rules/UpSploit.com.xml
@@ -1,13 +1,16 @@
-<ruleset name="upSploit.com">
+<!--
+	(www.)?: Reset
+
+-->
+<ruleset name="upSploit.com" default_off="connection reset">
 
 	<target host="upsploit.com" />
-	<target host="*.upsploit.com" />
+	<target host="www.upsploit.com" />
 
 
 	<securecookie host="^\.upsploit\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?upsploit\.com/"
-		to="https://$1upsploit.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/UpToLike.com.xml b/src/chrome/content/rules/UpToLike.com.xml
new file mode 100644
index 000000000000..af2666bc8d79
--- /dev/null
+++ b/src/chrome/content/rules/UpToLike.com.xml
@@ -0,0 +1,29 @@
+<!--
+	Insecure cookies are set for these domains and hosts:
+
+		- uptolike.com
+		- .w.uptolike.com
+		- www.uptolike.com
+
+-->
+<ruleset name="UpToLike.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="uptolike.com" />
+	<target host="w.uptolike.com" />
+	<target host="www.uptolike.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?uptolike\.com$" name="^JSESSIONID$" /-->
+	<!--securecookie host="^\.w\.uptolike\.com$" name="^(?:utl_dat|utl_id2)$" /-->
+
+	<securecookie host="^(?:\.w\.|www\.)?uptolike\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Upaiyun.com.xml b/src/chrome/content/rules/Upaiyun.com.xml
new file mode 100644
index 000000000000..ec65cb6f7022
--- /dev/null
+++ b/src/chrome/content/rules/Upaiyun.com.xml
@@ -0,0 +1,25 @@
+<!--
+	See also: Upyun.com.xml
+
+	Invalid certificate:
+		- upaiyun.com
+		- www.upaiyun.com
+-->
+<ruleset name="Upaiyun.com">
+	<target host="upaiyun.com" />
+	<target host="www.upaiyun.com" />
+	<target host="*.b0.upaiyun.com" />
+		<test url="http://apprcn.b0.upaiyun.com/AppleDNS-GUI.png" />
+		<test url="http://honggc.b0.upaiyun.com/romantic-words/" />
+		<test url="http://jbcdn2.b0.upaiyun.com/2017/09/e41e73992d65b40d4d856f068e9d8d62.png" />
+		<test url="http://ko-avatar.b0.upaiyun.com/default/17.png" />
+		<test url="http://ko-avatar.b0.upaiyun.com/default/18.png" />
+		<test url="http://ko-site-cdn.b0.upaiyun.com/" />
+		<test url="http://making-photos.b0.upaiyun.com/photos/c114e153bd2bedbc7594801ddc10ce28.jpg" />
+		<test url="http://mgpyh.b0.upaiyun.com/post_image/a78ea44062d5ee10bc3ef862f8078f9e.jpg" />
+		<test url="http://u77img.b0.upaiyun.com/upload/201711/0312092782.jpg" />
+
+	<rule from="^http://(www\.)?upaiyun\.com/" to="https://www.upyun.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Upay.co.uk.xml b/src/chrome/content/rules/Upay.co.uk.xml
index 98c9b4bf2c94..9ed4278ca6a1 100644
--- a/src/chrome/content/rules/Upay.co.uk.xml
+++ b/src/chrome/content/rules/Upay.co.uk.xml
@@ -1,4 +1,13 @@
-<ruleset name="Upay" platform="mixedcontent">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://upaymobile.co.uk/ => https://www.upaymobile.co.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'www.upaymobile.co.uk'")
+Fetch error: http://www.upaymobile.co.uk/ => https://www.upaymobile.co.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'www.upaymobile.co.uk'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://upay.co.uk/ => https://www.upay.co.uk/: (6, 'Could not resolve host: upay.co.uk')
+-->
+<ruleset name="Upay" platform="mixedcontent" default_off="failed ruleset test">
   <target host="upay.co.uk" />
   <target host="www.upay.co.uk" />
   <target host="upaymobile.co.uk" />
diff --git a/src/chrome/content/rules/Upcase.com.xml b/src/chrome/content/rules/Upcase.com.xml
new file mode 100644
index 000000000000..6fa6a20574ad
--- /dev/null
+++ b/src/chrome/content/rules/Upcase.com.xml
@@ -0,0 +1,28 @@
+<!--
+	For other thoughtbot coverage, see Thoughtbot.com.xml.
+
+
+	Insecure cookies are set for these hosts:
+
+		- upcase.com
+
+-->
+<ruleset name="Upcase.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="upcase.com" />
+	<target host="www.upcase.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^upcase\.com$" name="^_workshops_session$" /-->
+
+	<securecookie host="^upcase\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Upf.edu.xml b/src/chrome/content/rules/Upf.edu.xml
new file mode 100644
index 000000000000..ca014861b81a
--- /dev/null
+++ b/src/chrome/content/rules/Upf.edu.xml
@@ -0,0 +1,140 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://campustreball-proves.upf.edu/ => https://campustreball-proves.upf.edu/: (28, 'Operation timed out after 30001 milliseconds with 341 bytes received')
+Fetch error: http://campustreball.upf.edu/ => https://campustreball.upf.edu/: (28, 'Operation timed out after 30001 milliseconds with 327 bytes received')
+Fetch error: http://erubrica.upf.edu/ => https://erubrica.upf.edu/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://expobibtic.upf.edu/ => https://expobibtic.upf.edu/: (6, 'Could not resolve host: expobibtic.upf.edu')
+Fetch error: http://intserveis-e.upf.edu/ => https://intserveis-e.upf.edu/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://parles.upf.edu/ => https://parles.upf.edu/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://vpn.upf.edu/ => https://vpn.upf.edu/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.iula.upf.edu/ => https://www.iula.upf.edu/: (28, 'Connection timed out after 20001 milliseconds')
+
+	Ruleset for upf.edu, the Pompeu Fabra University website.
+	See <https://en.wikipedia.org/wiki/Pompeu_Fabra_University>.
+
+	Not supporting HTTPS or using an invalid certificate:
+		* aaa.idec.upf.edu
+		* abacdiscoverer.upf.edu
+		* abac.upf.edu
+		* able2include.taln.upf.edu
+		* ankara.upf.edu
+		* aulaglobal2014-2015.upf.edu
+		* aulaglobal2015-2016.upf.edu
+		* bg.upf.edu
+		* bioinformatica.upf.edu
+		* bsm.upf.edu
+		* canigo.upf.edu
+		* cataleg.upf.edu
+		* cercador.upf.edu
+		* complex.upf.edu
+		* computationalgenomics.upf.edu
+		* conspandora.upf.edu
+		* creaciodigital.upf.edu
+		* crm.idec.upf.edu
+		* dallas.upf.edu
+		* data.kroms.upf.edu
+		* dataw.upf.edu
+		* development.gti.upf.edu
+		* dticldap.upf.edu
+		* econ.upf.edu
+		* elearning2.bsm.upf.edu
+		* elearning2.idec.upf.edu
+		* esci.upf.edu
+		* evolutionarygenomics.upf.edu
+		* experiments.upf.edu
+		* freesound.upf.edu
+		* fs-loadbalancer2.upf.edu
+		* gestioninformacion.idec.upf.edu
+		* grib.upf.edu
+		* grosso.upf.edu
+		* grupoweb.upf.edu
+		* gs-lb1.upf.edu
+		* gs-lb2.upf.edu
+		* gtbib.upf.edu
+		* hominis-proves.upf.edu
+		* hominis.upf.edu
+		* hpc.cns.upf.edu
+		* hpc.dtic.upf.edu
+		* ibi.upf.edu
+		* idec.upf.edu
+		* karpov.upf.edu
+		* live.upf.edu
+		* lorien.upf.edu
+		* lportalhominis.upf.edu
+		* luke.upf.edu
+		* marketingfarmaceutico.bsm.upf.edu
+		* marke.upf.edu
+		* mercury.upf.edu
+		* nftp.upf.edu
+		* pascal.upf.edu
+		* patexpert-engine.upf.edu
+		* pharmatrek.upf.edu
+		* philobiblon.upf.edu
+		* phi.upf.edu
+		* pilotaulaglobal2014-2015.upf.edu
+		* plaquid.taln.upf.edu
+		* preaulaglobal27.upf.edu
+		* presso.upf.edu
+		* puna.upf.edu
+		* salc.upf.edu
+		* sare.upf.edu
+		* sbi.upf.edu
+		* shop.upf.edu
+		* sit-web.upf.edu
+		* spamalot.upf.edu
+		* sqp.upf.edu
+		* sso.upf.edu
+		* statebglat.upf.edu
+		* syspharm.upf.edu
+		* tabay.upf.edu
+		* videowork-linux-1.gti.upf.edu
+		* videowork-linux-2.gti.upf.edu
+		* vinson2.upf.edu
+-->
+<ruleset name="Universitat Pompeu Fabra" default_off="failed ruleset test">
+
+	<target host="upf.edu" />
+
+	<target host="argos.upf.edu" />
+	<target host="aula.esci.upf.edu" />
+	<target host="bigfiles.upf.edu" />
+	<target host="campusglobal.upf.edu" />
+	<target host="campustreball-proves.upf.edu" />
+	<target host="campustreball.upf.edu" />
+	<target host="cau.upf.edu" />
+	<target host="cgp.upf.edu" />
+	<target host="correu.upf.edu" />
+	<target host="dunya.compmusic.upf.edu" />
+	<target host="ecampus.bsm.upf.edu" />
+	<target host="erubrica.upf.edu" />
+	<target host="eventum.upf.edu" />
+	<target host="experts-proves.upf.edu" />
+	<target host="expobibtic.upf.edu" />
+	<target host="formscau.upf.edu" />
+	<target host="geca.upf.edu" />
+	<target host="gestioacademicavirtual.esci.upf.edu" />
+	<target host="idm.upf.edu" />
+	<target host="intserveis-e.upf.edu" />
+	<target host="matricula-proves.upf.edu" />
+	<target host="media.upf.edu" />
+	<target host="multimedia.upf.edu" />
+	<target host="occ.upf.edu" />
+	<target host="parles.upf.edu" />
+	<target host="portal.upf.edu" />
+	<target host="preaulaglobal25.upf.edu" />
+	<target host="producciocientifica.upf.edu" />
+	<target host="provesga.upf.edu" />
+	<target host="repositori.upf.edu" />
+	<target host="secretariavirtual-proves.upf.edu" />
+	<target host="serveis-e.upf.edu" />
+	<target host="seuelectronica.upf.edu" />
+	<target host="tac.upf.edu" />
+	<target host="vpn.upf.edu" />
+	<target host="www.iula.upf.edu" />
+	<target host="www.upf.edu" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Upgraded_Self.com.xml b/src/chrome/content/rules/Upgraded_Self.com.xml
new file mode 100644
index 000000000000..256b0e669a50
--- /dev/null
+++ b/src/chrome/content/rules/Upgraded_Self.com.xml
@@ -0,0 +1,18 @@
+<!--
+	For other Bulletproof coverage, see Bulletproof_Exec.com.xml.
+
+-->
+<ruleset name="Upgraded Self.com">
+
+	<target host="upgradedself.com" />
+	<target host="www.upgradedself.com" />
+
+
+	<!--	Server doesn't set Secure for:
+						-->
+	<securecookie host="^www\.upgradedself\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Upic.me-falsemixed.xml b/src/chrome/content/rules/Upic.me-falsemixed.xml
deleted file mode 100644
index 0accab49cc85..000000000000
--- a/src/chrome/content/rules/Upic.me-falsemixed.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	For rules not causing false/broken MCB, see Upic.me.xml.
-
--->
-<ruleset name="upic.me (false MCB)" platform="mixedcontent">
-
-	<target host="upic.me" />
-		<!--
-			Handled in Upic.me.xml:
-						-->
-		<!--exclusion pattern="^http://upic\.me/+(favicon\.ico|images/|jsgzip/|skins/)" /-->
-
-
-	<securecookie host="^upic\.me$" name="^.+" />
-
-
-	<rule from="^http://upic\.me/(?!favicon\.ico|images/|jsgzip/|skins/)"
-		to="https://upic.me/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Upic.me.xml b/src/chrome/content/rules/Upic.me.xml
deleted file mode 100644
index 3b97a3c1ba4a..000000000000
--- a/src/chrome/content/rules/Upic.me.xml
+++ /dev/null
@@ -1,43 +0,0 @@
-<!--
-	For rules causing false/broken MCB, see Upic.me-falsemixed.xml.
-
-
-	Problematic subdomains:
-
-		- th	(works; mismatched, CN: upic.me)
-
-
-	Mixed content:
-
-		- Scripts on ^ from ^ *
-
-		- css on ^ from ^ *
-
-		- Images on ^ from ^ *
-
-		- Web bugs, on ^ from:
-
-			- connect.facebook.net *
-			- tracker.stats.in.th **
-
-	* Secured by us
-	** Unsecurable
-
--->
-<ruleset name="upic.me (partial)">
-
-	<target host="upic.me" />
-	<target host="*.upic.me" />
-		<!--
-			Avoid false/broken MCB:
-						-->
-		<exclusion pattern="^http://upic\.me/+(?!favicon\.ico|images/|jsgzip/|skins/)" />
-
-
-	<securecookie host="^\.upic\.me$" name="^__utm\w" />
-
-
-	<rule from="^http://(?:th\.|(www\.))?upic\.me/"
-		to="https://$1upic.me/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Upickem.net.xml b/src/chrome/content/rules/Upickem.net.xml
new file mode 100644
index 000000000000..7fda3b7efa7c
--- /dev/null
+++ b/src/chrome/content/rules/Upickem.net.xml
@@ -0,0 +1,75 @@
+<!--
+	For other Second Street Media coverage, see Second-Street-Media.xml.
+
+
+	Nonfunctional hosts in *upickem.net:
+
+		- share		(ssl_error_rx_record_too_long)
+
+
+	Problematic hosts in *upickem.net:
+
+		- (www.)? ¹
+		- affiliates ¹
+		- eblastengine ¹
+		- ssm ¹ ²
+		- todd ¹ ²
+
+	¹ Server sends no certificate chain, see https://whatsmychaincert.com
+	² Mixed css
+
+
+	Insecure cookies are set for these hosts:
+
+		- upickem.net
+		- affiliates.upickem.net
+		- eblastengine.upickem.net
+		- ssm.upickem.net
+		- todd.upickem.net
+		- www.upickem.net
+
+
+	Mixed content:
+
+		- css, on:
+
+			- ssm from media.cmgdigital.com *
+			- todd from $self *
+
+		- Images, on:
+
+			- ssm from media.cmgdigital.com *
+			- ssm from media.secondstreetapp.com *
+			- todd from placehold.it *
+
+		- favicon on ssm from media.cmgdigital.com *
+		- Bug on ssm from b.scorecardresearch.com *
+
+	* Secured by us
+
+-->
+<ruleset name="upickem.net (partial)" default_off="cert-chain" platform="mixedcontent">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="upickem.net" />
+	<target host="affiliates.upickem.net" />
+	<target host="eblastengine.upickem.net" />
+	<target host="ssm.upickem.net" />
+	<target host="todd.upickem.net" />
+	<target host="www.upickem.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^((eblastengine|todd|ssm|www)\.)?upickem\.net$" name="^BIGipServer[\w-]+$" /-->
+	<!--securecookie host="^affiliates\.upickem\.net$" name="^UsePromotionsPlatformStyling$" /-->
+	<!--securecookie host="^(ssm|todd)\.upickem\.net$" name="^ASPSESSIONID[A-Z]{8}$" /-->
+
+	<securecookie host="^.*\.upickem\.net$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/UploadHero.co.xml b/src/chrome/content/rules/UploadHero.co.xml
deleted file mode 100644
index 6f7cc031d6e6..000000000000
--- a/src/chrome/content/rules/UploadHero.co.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	Nonfunctional domains:
-
-		- (www.)uploadhero.co *
-		- stats.uploadhero.co *
-
-	* Refused
-
-
-	Problematic domains:
-
-		- s.uploadhero.co	(mismatched, CN: s.uploadhero.com)
-		- s.uploadhero.com	(expired 2013-09-14)
-
--->
-<ruleset name="UploadHero.co (partial)" default_off="expired">
-
-	<target host="s.uploadhero.co" />
-	<target host="s.uploadhero.com" />
-
-
-	<rule from="^http://s\.uploadhero\.com?/"
-		to="https://s.uploadhero.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Uploaded.net.xml b/src/chrome/content/rules/Uploaded.net.xml
index 18cbeb63922b..e3e7136708ab 100644
--- a/src/chrome/content/rules/Uploaded.net.xml
+++ b/src/chrome/content/rules/Uploaded.net.xml
@@ -1,19 +1,33 @@
 <!--
-	Nonfunctional subdomains:
+	Nonfunctional hosts in *uploaded.net:
 
 		- stor\d{4}
 
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- uploaded.net
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
 -->
 <ruleset name="uploaded.net (partial)">
 
 	<target host="uploaded.net" />
+		<!-- Exclusion needed to download files. See #9847. -->
+		<exclusion pattern="^http://uploaded.net/io/ticket/" />
+			<test url="http://uploaded.net/io/ticket/slot/kdbnz4bu" />
+			<test url="http://uploaded.net/io/ticket/captcha/kdbnz4bu" />
 	<target host="www.uploaded.net" />
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^uploaded\.net$" name="^PHPSESSID$" /-->
 
-	<securecookie host="^uploaded\.net$" name=".+" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^http://(www\.)?uploaded\.net/"
-		to="https://$1uploaded.net/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Uploading.com.xml b/src/chrome/content/rules/Uploading.com.xml
index 9bebacce74e3..ecb2994065c8 100644
--- a/src/chrome/content/rules/Uploading.com.xml
+++ b/src/chrome/content/rules/Uploading.com.xml
@@ -1,17 +1,24 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://uploading.com/ => https://uploading.com/: (60, 'SSL certificate problem: certificate has expired')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://uploading.com/ => https://uploading.com/: (60, 'SSL certificate problem: certificate has expired')
 	Cert doesn't match www.
 
 -->
-<ruleset name="Uploading.com (partial)">
+<ruleset name="Uploading.com (partial)" default_off="failed ruleset test">
 
 	<target host="uploading.com" />
-	<target host="*.uploading.com" />
+	<target host="api.uploading.com" />
+	<target host="www.uploading.com" />
 
 
 	<securecookie host="^\.uploading\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:(api\.)|www\.)?uploading\.com/"
+	<rule from="^http://(?:(api\.)|www\.)?uploading\.com/"
 		to="https://$1uploading.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Upo.es.xml b/src/chrome/content/rules/Upo.es.xml
new file mode 100644
index 000000000000..a6fb99f5fbbf
--- /dev/null
+++ b/src/chrome/content/rules/Upo.es.xml
@@ -0,0 +1,60 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://piwik.upo.es/ => https://piwik.upo.es/: (6, 'Could not resolve host: piwik.upo.es')
+Fetch error: http://riemann.upo.es/ => https://riemann.upo.es/: (51, "SSL: no alternative certificate subject name matches target host name 'riemann.upo.es'")
+
+	Ruleset for upo.es, the Pablo de Olavide University website.
+	See <https://en.wikipedia.org/wiki/Pablo_de_Olavide_University>.
+
+	Not supporting HTTPS or using an invalid certificate:
+
+		* upo.es
+
+		* berilio.upo.es
+		* castillo.upo.es
+		* cms-admin.upo.es
+		* cms-riemann.upo.es
+		* crisantemo.upo.es
+		* eco.upo.es
+		* elrond.upo.es
+		* eps.upo.es
+		* helio.upo.es
+		* hpcnodo.upo.es
+		* jazmin.upo.es
+		* maya.upo.es
+		* nice.upo.es
+		* nirvana.upo.es
+		* pitagoras.upo.es
+		* robotics.upo.es
+		* upoemprende.upo.es
+		* www1-admin.upo.es
+		* www1.upo.es
+		* www.bioinfocabd.upo.es
+-->
+<ruleset name="Universidad Pablo de Olavide" default_off="failed ruleset test">
+
+	<target host="agenda.upo.es" />
+	<target host="archivo.upo.es" />
+	<target host="athenea.upo.es" />
+	<target host="automatricula.upo.es" />
+	<target host="cicdat.upo.es" />
+	<target host="ciges.upo.es" />
+	<target host="correo.upo.es" />
+	<target host="filesender.upo.es" />
+	<target host="forms.upo.es" />
+	<target host="marco.upo.es" />
+	<target host="piwik.upo.es" />
+	<target host="portal.upo.es" />
+	<target host="riemann.upo.es" />
+	<target host="rio.upo.es" />
+	<target host="servicios.upo.es" />
+	<target host="sso.upo.es" />
+	<target host="upotv.upo.es" />
+	<target host="uxxiac.upo.es" />
+	<target host="www.upo.es" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/UppSite.xml b/src/chrome/content/rules/UppSite.xml
index 0775d970c813..cb53197e4336 100644
--- a/src/chrome/content/rules/UppSite.xml
+++ b/src/chrome/content/rules/UppSite.xml
@@ -1,25 +1,13 @@
-<!--
-	CDN buckets:
+<ruleset name="UppSite.com" default_off="shows default page">
 
-		- c593846.ssl.cf2.rackcdn.com
-
-
-	Problematic domains:
-
-		- www.upp.st		(mismatched, CN: uppsite.com)
-
--->
-<ruleset name="UppSite (partial)">
-
-	<target host="upp.st" />
 	<target host="uppsite.com" />
 	<target host="www.uppsite.com" />
 
 
-	<securecookie host="^(?:www\.)?uppsite\.com$" name=".+" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^http://(www\.)?upp(\.st|site\.com)/"
-		to="https://upp$2/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Upplandsvasby.se.xml b/src/chrome/content/rules/Upplandsvasby.se.xml
index 136742135e9c..5faa605894d7 100644
--- a/src/chrome/content/rules/Upplandsvasby.se.xml
+++ b/src/chrome/content/rules/Upplandsvasby.se.xml
@@ -1,5 +1,7 @@
 <ruleset name="Upplandsvasby.se">
-  <target host="www.upplandsvasby.se" />
-  <rule from="^http://www\.upplandsvasby\.se/" to="https://www.upplandsvasby.se/"/>
-</ruleset>
+	<target host="upplandsvasby.se" />
+	<target host="www.upplandsvasby.se" />
 
+	<rule from="^http:"
+		to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/Uppsalahem.se.xml b/src/chrome/content/rules/Uppsalahem.se.xml
new file mode 100644
index 000000000000..8dbcb8127a79
--- /dev/null
+++ b/src/chrome/content/rules/Uppsalahem.se.xml
@@ -0,0 +1,16 @@
+<ruleset name="Uppsalahem.se">
+        <target host="uppsalahem.se" />
+	<target host="www.uppsalahem.se" />
+	<!--
+		Commented out due to
+		broken fetch tester:
+					-->
+        <!--target host="kund.uppsalahem.se" /-->
+	<target host="ritningar.uppsalahem.se" />
+
+	<rule from="^http://uppsalahem\.se/"
+		to="https://www.uppsalahem.se/" />
+
+        <rule from="^http:"
+                to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Uprotect.it.xml b/src/chrome/content/rules/Uprotect.it.xml
deleted file mode 100644
index 884422d543bd..000000000000
--- a/src/chrome/content/rules/Uprotect.it.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!-- This rule was automatically generated based on an HSTS
-     preload rule in the Chromium browser.  See 
-     https://src.chromium.org/viewvc/chrome/trunk/src/net/base/transport_security_state.cc
-     for the list of preloads.  Sites are added to the Chromium HSTS
-     preload list on request from their administrators, so HTTPS should
-     work properly everywhere on this site.
- 
-     Because Chromium and derived browsers automatically force HTTPS for
-     every access to this site, this rule applies only to Firefox. -->
-<ruleset name="Uprotect.it" platform="firefox">
-  <target host="uprotect.it" />
-  <target host="www.uprotect.it" />
-
-  <securecookie host="^uprotect\.it$" name=".+" />
-
-  <rule from="^http://(www\.)?uprotect\.it/" to="https://uprotect.it/" />
-</ruleset>
diff --git a/src/chrome/content/rules/UpsideOut.com.xml b/src/chrome/content/rules/UpsideOut.com.xml
deleted file mode 100644
index 4eeb8049e583..000000000000
--- a/src/chrome/content/rules/UpsideOut.com.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)	(prints "There is no website configured at this address", valid cert)
-
-
-	Fully covered subdomains:
-
-		- tally		(web bugs)
-
--->
-<ruleset name="UpsideOut.com (partial)">
-
-	<target host="tally.upsideout.com" />
-
-
-	<rule from="^http://tally\.upsideout\.com/"
-		to="https://tally.upsideout.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Upsilon.cc.xml b/src/chrome/content/rules/Upsilon.cc.xml
new file mode 100644
index 000000000000..a70cb269e499
--- /dev/null
+++ b/src/chrome/content/rules/Upsilon.cc.xml
@@ -0,0 +1,9 @@
+<ruleset name="upsilon.cc">
+
+	<target host="upsilon.cc" />
+	<target host="www.upsilon.cc" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Upstart.xml b/src/chrome/content/rules/Upstart.xml
deleted file mode 100644
index f76ae4962f63..000000000000
--- a/src/chrome/content/rules/Upstart.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<!--
-	CDN buckets:
-
-		- d12jwea8dfj5qq.cloudfront.net
-
-
-	Problematic subdomains:
-
-		- ^	(times out)
-
--->
-<ruleset name="Upstart">
-
-	<target host="upstart.com" />
-	<target host="*.upstart.com" />
-
-
-	<securecookie host="^(?:www)?\.upstart\.com$" name=".+" />
-
-
-	<rule from="^https?://(?:www\.)?upstart\.com/"
-		to="https://www.upstart.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Uptilo.xml b/src/chrome/content/rules/Uptilo.xml
index 87c902fe5586..7a15785293eb 100644
--- a/src/chrome/content/rules/Uptilo.xml
+++ b/src/chrome/content/rules/Uptilo.xml
@@ -9,16 +9,17 @@
 <ruleset name="Uptilo">
 
 	<target host="uptilo.com" />
-	<target host="*.uptilo.com" />
+	<target host="esm.uptilo.com" />
+	<target host="www.uptilo.com" />
+	<target host="assets.uptilo.com" />
 
 
-	<securecookie host="^(?:.*\.)?uptilo\.com$" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
 
-	<rule from="^http://(esm\.|www\.)?uptilo\.com/"
-		to="https://$1uptilo.com/" />
 
-	<rule from="^https?://assets\.uptilo\.com/"
+	<rule from="^http://assets\.uptilo\.com/"
 		to="https://d3rvd86gsdneth.cloudfront.net/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/UptimeRobot.com.xml b/src/chrome/content/rules/UptimeRobot.com.xml
new file mode 100644
index 000000000000..d55001bb8808
--- /dev/null
+++ b/src/chrome/content/rules/UptimeRobot.com.xml
@@ -0,0 +1,24 @@
+<!--
+	Invalid certificate:
+		heartbeat.uptimerobot.com
+
+	No working URL known:
+		userfiles.uptimerobot.com
+
+-->
+<ruleset name="Uptime Robot">
+
+	<target host="uptimerobot.com" />
+	<target host="www.uptimerobot.com" />
+	<target host="api.uptimerobot.com" />
+	<target host="blog.uptimerobot.com" />
+	<target host="rss.uptimerobot.com" />
+		<test url="http://rss.uptimerobot.com/u358785-e4323652448755805d668f1a66506f2f" />
+	<target host="stats.uptimerobot.com" />
+	<target host="status.uptimerobot.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Upton-Home-Hardware.xml b/src/chrome/content/rules/Upton-Home-Hardware.xml
deleted file mode 100644
index 9ec70ac8a485..000000000000
--- a/src/chrome/content/rules/Upton-Home-Hardware.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<ruleset name="Upton Home Hardware" default_off="expired, self-signed">
-
-	<!--	Cert: plesk	-->
-	<target host="uptonhomehardware.co.uk" />
-	<target host="www.uptonhomehardware.co.uk" />
-
-
-	<rule from="^https?://(?:www\.)?uptonhomehardware\.co\.uk/"
-		to="https://uptonhomehardware.co.uk/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Upvoted.com.xml b/src/chrome/content/rules/Upvoted.com.xml
new file mode 100644
index 000000000000..27e52254d0eb
--- /dev/null
+++ b/src/chrome/content/rules/Upvoted.com.xml
@@ -0,0 +1,21 @@
+<!--
+	Mixed content:
+
+		- Bug from b.scorecardresearch.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Upvoted.com">
+
+	<target host="upvoted.com" />
+	<target host="www.upvoted.com" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Upworthy.com.xml b/src/chrome/content/rules/Upworthy.com.xml
index 668d371bf35f..c5559591cfb0 100644
--- a/src/chrome/content/rules/Upworthy.com.xml
+++ b/src/chrome/content/rules/Upworthy.com.xml
@@ -16,7 +16,6 @@
 	<target host="www.upworthy.com" />
 
 
-	<rule from="^http://(www\.)?upworthy\.com/"
-		to="https://$1upworthy.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Upx69.com.xml b/src/chrome/content/rules/Upx69.com.xml
index 291e2fa22b58..bbaf46b44a8f 100644
--- a/src/chrome/content/rules/Upx69.com.xml
+++ b/src/chrome/content/rules/Upx69.com.xml
@@ -1,4 +1,9 @@
 <!--
+	Insecure cookies are set for these domains:
+
+		- .upx69.com
+
+
 	Mixed content:
 
 		- Images on (www.), from:
@@ -10,8 +15,8 @@
 			- www.picdee.com **
 			- www.picloader3.com **
 			- www.picloader4.com **
-			- s18.postimg.org
-			- s2[78].postimg.org
+			- s18.postimg.org *
+			- s2[78].postimg.org *
 			- postto.me *
 			- www.upup69.com **
 			- images100.xvideos.com **
@@ -23,7 +28,7 @@
 			- www.backlinksthai.com **
 			- www.cárdenas.net **
 			- www.counters4u.com **
-			- sstatic1.histats.com **
+			- sstatic1.histats.com *
 			- www.imagescrean.com **
 			- www.lbacklink.com **
 			- www.textbacklinkexchanges.com **
@@ -34,17 +39,24 @@
 	* Secured by us
 	** Unsecurable
 
+
+
 -->
 <ruleset name="upx69.com">
 
 	<target host="upx69.com" />
-	<target host="*.upx69.com" />
+	<target host="xxx.upx69.com" />
+	<target host="www.upx69.com" />
+
 
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.upx69\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
 
 	<securecookie host="^(?:w*\.)?upx69\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?upx69\.com/"
-		to="https://$1upx69.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Upxth.com.xml b/src/chrome/content/rules/Upxth.com.xml
index cc8f87bd0ab3..a06716e32353 100644
--- a/src/chrome/content/rules/Upxth.com.xml
+++ b/src/chrome/content/rules/Upxth.com.xml
@@ -15,7 +15,7 @@
 <ruleset name="upxth.com (false MCB)" default_off="expired, mismatched, self-signed" platform="mixedcontent">
 
 	<target host="upxth.com" />
-	<target host="*.upxth.com" />
+	<target host="www.upxth.com" />
 
 
 	<securecookie host="^(?:www)?\.upxth\.com$" name=".+" />
diff --git a/src/chrome/content/rules/Upyun.com.xml b/src/chrome/content/rules/Upyun.com.xml
new file mode 100644
index 000000000000..d1928e00b290
--- /dev/null
+++ b/src/chrome/content/rules/Upyun.com.xml
@@ -0,0 +1,32 @@
+<!--
+	See also: Upaiyun.com.xml
+
+	Different HTTP/HTTPS content:
+		- useco.upyun.com
+		- wiki.upyun.com
+		- yule.upyun.com
+
+	Invalid Certificate:
+		- io.upyun.com
+		- yule.m.upyun.com
+		- support.upyun.com
+
+	Refused:
+		- purge.upyun.com
+		- updog.upyun.com
+
+-->
+<ruleset name="Upyun.com">
+	<target host="upyun.com" />
+	<target host="www.upyun.com" />
+	<target host="blog.upyun.com" />
+	<target host="console.upyun.com" />
+	<target host="docs.upyun.com" />
+	<target host="madoka.upyun.com" />
+	<target host="nola.upyun.com" />
+	<target host="opentalk.upyun.com" />
+	<target host="ptp-admin.upyun.com" />
+	<target host="robin.upyun.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ur.se.xml b/src/chrome/content/rules/Ur.se.xml
new file mode 100644
index 000000000000..0c19ef52445c
--- /dev/null
+++ b/src/chrome/content/rules/Ur.se.xml
@@ -0,0 +1,64 @@
+<!--
+	Cert expired:
+		- eplikt-media.ur.se
+		- pod.ur.se
+
+	Cert mismatch:
+		- lyncdiscover.ur.se
+		- msoid.ur.se
+		- sip.ur.se
+		- vpn.ur.se
+		- webbshop.ur.se
+
+	Chain issues:
+		- diagnostics1.ur.se
+
+	Redirect to plain:
+		- bloggar.ur.se
+
+	Timeout:
+		- streaming3.ur.se
+		- transfer.ur.se
+		- www4.ur.se
+-->
+<ruleset name="Ur.se">
+
+	<target host="ur.se" />
+	<target host="www.ur.se" />
+
+	<target host="adfs.ur.se" />
+	<target host="appdata.ur.se" />
+	<target host="assets.ur.se" />
+	<target host="autodiscover.ur.se" />
+	<target host="backstage.ur.se" />
+	<target host="barn.ur.se" />
+	<target host="beta.ur.se" />
+	<target host="embed.ur.se" />
+	<target host="epost.ur.se" />
+	<target host="feeds.ur.se" />
+	<target host="gt.ur.se" />
+	<target host="loadbalancer-1112.ur.se" />
+	<target host="m.ur.se" />
+	<target host="mail.ur.se" />
+	<target host="mediator.ur.se" />
+	<target host="metadata.ur.se" />
+	<target host="portal.ur.se" />
+	<target host="services.ur.se" />
+	<target host="some-assets.ur.se" />
+	<target host="start.ur.se" />
+	<target host="streaming-loadbalancer.ur.se" />
+	<target host="streaming4.ur.se" />
+	<target host="trk01.ur.se" />
+	<target host="undertexter-loadbalancer.ur.se" />
+	<target host="undertexter.ur.se" />
+	<target host="valet.ur.se" />
+	<target host="vip96.ur.se" />
+	<target host="webmail.ur.se" />
+	<target host="wpcms.ur.se" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Urban-Dictionary.xml b/src/chrome/content/rules/Urban-Dictionary.xml
index cc1365a8a95c..688908359a59 100644
--- a/src/chrome/content/rules/Urban-Dictionary.xml
+++ b/src/chrome/content/rules/Urban-Dictionary.xml
@@ -1,28 +1,49 @@
 <!--
-	nonfunctional subdomains:
-		blog	(hosted on Tumblr)
+	Other Urban Dictionary rulesets:
+
+		- UDimg.com.xml
+
+	CDN buckets:
+
+		- s3.amazonaws.com/s3.urbandictionary.com/
+
+	Timeout:
+		urbandictionary.com
+		jobs.urbandictionary.com
+		tos.urbandictionary.com
+
+	Invalid certificate:
+		about.urbandictionary.com
+		origin.urbandictionary.com
+
+	Secure connection failed:
+		feeds.urbandictionary.com
+
+	Insecure cookies are set for these domains:
+
+		- .urbandictionary.com
+
 -->
-<ruleset name="Urban Dictionary (partial)" default_off="mismatch">
+<ruleset name="Urban Dictionary.com">
 
 	<target host="urbandictionary.com"/>
-	<target host="*.urbandictionary.com"/>
-		<!--	Handled in TheResumator.com-clients.xml
-			due to this ruleset being off by default.	-->
-		<exclusion pattern="^http://jobs\."/>
-
-	<!--	observed cookies:
-			- ^\.
-				- _urban_session
-			- ^www
-				- country	-->
-	<securecookie host="^(www)?\.urbandictionary\.com$" name=".*"/>
-
-	<!--	www. cert:		Akamai
-		static[0-3] cert:	ditto
-		(origin.) cert:		*.heroku.com
-		!www redirects to www
-		data on static[0-3] appear identical to those on www	-->
-	<rule from="^http://(?:origin\.|static[0-3]\.|www\.)?urbandictionary\.com/"
+	<target host="www.urbandictionary.com"/>
+	<target host="api.urbandictionary.com" />
+		<test url="http://api.urbandictionary.com/v0/define?term=sun" />
+	<target host="help.urbandictionary.com" />
+	<target host="origin.urbandictionary.com"/>
+	<target host="store.urbandictionary.com"/>
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.urbandictionary\.com$" name="^__qca$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://(origin\.)?urbandictionary\.com/"
 		to="https://www.urbandictionary.com/"/>
 
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/Urban-Media.xml b/src/chrome/content/rules/Urban-Media.xml
new file mode 100644
index 000000000000..1ddc3c0acd89
--- /dev/null
+++ b/src/chrome/content/rules/Urban-Media.xml
@@ -0,0 +1,45 @@
+<!--	Connection refused:
+			- anna
+			- analytics
+			- developers
+			- devina
+			- logs
+			- pam
+			- pnn
+			- recovery
+			- stats
+			- tsp.stats
+			- trac
+
+		TimeOut:
+			- autodiscover
+
+		Cert Mismatch:
+			- beilagen
+			- chantal
+			- chayenne
+			- dev
+			- enterpriseenrollment
+			- lyncdiscover
+			- mitfahrgelegenheit
+			- miann
+			- msoid
+			- pdf
+			- sip
+			- sportsdata
+			- static
+			- talkabout
+			- tracking
+			- www
+			- zh
+-->
+<ruleset name="Urban Media (partial)">
+
+	<target host="ads.urban-media.com"/>
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
+
+
diff --git a/src/chrome/content/rules/UrbanFinland.com.xml b/src/chrome/content/rules/UrbanFinland.com.xml
new file mode 100644
index 000000000000..19f20a7f80ff
--- /dev/null
+++ b/src/chrome/content/rules/UrbanFinland.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="UrbanFinland.com">
+	<target host="urbanfinland.com" />
+	<target host="www.urbanfinland.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/UrbanTerror.info.xml b/src/chrome/content/rules/UrbanTerror.info.xml
index 0b72fef8f596..5dd2eb34be5e 100644
--- a/src/chrome/content/rules/UrbanTerror.info.xml
+++ b/src/chrome/content/rules/UrbanTerror.info.xml
@@ -15,7 +15,7 @@
 
 		Removed for now.
 						-->
-	<rule from="^https?://(?:www\.)?urbanterror\.info/((?:cache|css|files|images|members/register)/|downloads/.+\.zip\?key=[\da-f]+)"
+	<rule from="^http://(?:www\.)?urbanterror\.info/((?:cache|css|files|images|members/register)/|downloads/.+\.zip\?key=[\da-f]+)"
 		to="https://www.urbanterror.info/$1" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Urban_Villa.nl.xml b/src/chrome/content/rules/Urban_Villa.nl.xml
new file mode 100644
index 000000000000..2f67cba75e05
--- /dev/null
+++ b/src/chrome/content/rules/Urban_Villa.nl.xml
@@ -0,0 +1,23 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://urbanvilla.nl/ => https://urbanvilla.nl/: (60, 'SSL certificate problem: self signed certificate')
+Fetch error: http://www.urbanvilla.nl/ => https://www.urbanvilla.nl/: (60, 'SSL certificate problem: self signed certificate')
+
+-->
+<ruleset name="Urban Villa.nl" default_off="failed ruleset test">
+
+	<target host="urbanvilla.nl" />
+	<target host="www.urbanvilla.nl" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.urbanvilla\.nl$" name="^osCsid$" /-->
+
+	<securecookie host="^\.urbanvilla\.nl$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Url2Png.xml b/src/chrome/content/rules/Url2Png.xml
new file mode 100644
index 000000000000..dcfa11dec6a2
--- /dev/null
+++ b/src/chrome/content/rules/Url2Png.xml
@@ -0,0 +1,17 @@
+<ruleset name="URL2PNG.com">
+
+	<target host="url2png.com" />
+	<target host="api.url2png.com" />
+	<target host="www.url2png.com" />
+
+		<test url="http://api.url2png.com/v6/PE6D67B7ABE3089/0c857cb571d0e94bb5481cae48b46a90/png/?ttl=604800&amp;url=http%3A%2F%2Fwww.shopspring.com" />
+
+
+	<!-- url2png.com cert has expired but redirects to www. anyway -->
+	<rule from="^http://url2png\.com/"
+		to="https://www.url2png.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/UrlQuery.xml b/src/chrome/content/rules/UrlQuery.xml
deleted file mode 100644
index 575f6ca733e6..000000000000
--- a/src/chrome/content/rules/UrlQuery.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<ruleset name="urlQuery">
-
-	<target host="urlquery.net" />
-	<target host="www.urlquery.net" />
-
-
-	<securecookie host="^urlquery\.net$" name=".+" />
-
-
-	<!--	Cert only matches ^urlquery.net.
-							-->
-	<rule from="^https?://(?:www\.)?urlquery\.net/"
-		to="https://urlquery.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/UrlTrends.xml b/src/chrome/content/rules/UrlTrends.xml
index ea3f67647570..82adfcffb673 100644
--- a/src/chrome/content/rules/UrlTrends.xml
+++ b/src/chrome/content/rules/UrlTrends.xml
@@ -7,7 +7,6 @@
 	<securecookie host="^(?:www\.)?urltrends\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?urltrends\.com/"
-		to="https://$1urltrends.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Urospace.xml b/src/chrome/content/rules/Urospace.xml
index 7acc3175cb1c..bf6b62729e9b 100644
--- a/src/chrome/content/rules/Urospace.xml
+++ b/src/chrome/content/rules/Urospace.xml
@@ -1,4 +1,12 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://urospace.de/ => https://urospace.de/: (51, "SSL: no alternative certificate subject name matches target host name 'urospace.de'")
+Fetch error: http://www.urospace.de/ => https://urospace.de/: (51, "SSL: no alternative certificate subject name matches target host name 'urospace.de'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://urospace.de/ => https://urospace.de/: (60, 'SSL certificate problem: self signed certificate in certificate chain')
+Fetch error: http://www.urospace.de/ => https://urospace.de/: (60, 'SSL certificate problem: self signed certificate in certificate chain')
 	Nonfunctional domains:
 
 		- wiki.urospace.de	(http reply)
@@ -9,7 +17,7 @@
 		- www.urospace.de	(cert only matches ^urospace.de)
 
 -->
-<ruleset name="Urospace (partial)">
+<ruleset name="Urospace (partial)" default_off="failed ruleset test">
 
 	<target host="urospace.de" />
 	<target host="www.urospace.de" />
@@ -25,4 +33,4 @@
 	<rule from="^http://prima\.urospace\.net:2083/"
 		to="https://prima.urospace.net:2083/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Us-cert.gov.xml b/src/chrome/content/rules/Us-cert.gov.xml
index 4fbcba68e6a1..93915c736fa0 100644
--- a/src/chrome/content/rules/Us-cert.gov.xml
+++ b/src/chrome/content/rules/Us-cert.gov.xml
@@ -1,7 +1,23 @@
-<ruleset name="US-Cert.gov">
-	<target host="*.us-cert.gov" />
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://preview.buildsecurityin.us-cert.gov/ => https://preview.buildsecurityin.us-cert.gov/: (6, 'Could not resolve host: preview.buildsecurityin.us-cert.gov')
+
+
+-->
+<ruleset name="US-Cert.gov" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
 	<target host="us-cert.gov" />
-	<rule from="^http://(ics-cert|www)\.us-cert\.gov/" to="https://$1.us-cert.gov/"/>
-	<rule from="^http://us-cert\.gov/" to="https://us-cert.gov/"/>
-</ruleset>
+	<target host="buildsecurityin.us-cert.gov" />
+	<target host="preview.buildsecurityin.us-cert.gov" />
+	<target host="www.buildsecurityin.us-cert.gov" />
+	<target host="ics-cert.us-cert.gov" />
+	<target host="www.us-cert.gov" />
+
 
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Us.es.xml b/src/chrome/content/rules/Us.es.xml
new file mode 100644
index 000000000000..bfa4a290fd49
--- /dev/null
+++ b/src/chrome/content/rules/Us.es.xml
@@ -0,0 +1,124 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://bicicletas.us.es/ => https://bicicletas.us.es/: (51, "SSL: no alternative certificate subject name matches target host name 'bicicletas.us.es'")
+Fetch error: http://fius.us.es/ => https://fius.us.es/: (51, "SSL: no alternative certificate subject name matches target host name 'fius.us.es'")
+Fetch error: http://igualdad.us.es/ => https://igualdad.us.es/: (51, "SSL: no alternative certificate subject name matches target host name 'igualdad.us.es'")
+Fetch error: http://vtt.us.es/ => https://vtt.us.es/: (51, "SSL: no alternative certificate subject name matches target host name 'vtt.us.es'")
+Fetch error: http://www.lsi.us.es/ => https://www.lsi.us.es/: (60, 'SSL certificate problem: certificate has expired')
+
+	Ruleset for us.es, the University of Seville website.
+	See <https://en.wikipedia.org/wiki/University_of_Seville>.
+
+	Not supporting HTTPS or using an invalid certificate:
+
+		* us.es
+
+		* acdc.sav.us.es
+		* aero.us.es
+		* alojamientos.us.es
+		* alojoptico.us.es
+		* area.us.es
+		* asignatura.us.es
+		* backup.us.es
+		* bib.us.es
+		* biopracticasgrado.us.es
+		* bous.us.es
+		* buzon.us.es
+		* cat.us.es
+		* centro.us.es
+		* comunicacion.us.es
+		* congreso.us.es
+		* departamento.us.es
+		* direccioncitius.us.es
+		* disa.us.es
+		* docentes.us.es
+		* ember.us.es
+		* etsa.us.es
+		* euclides.us.es
+		* euler.us.es
+		* expobus.us.es
+		* fama.us.es
+		* fcce.us.es
+		* fceye.us.es
+		* fisica.us.es
+		* fondosdigitales.us.es
+		* fototeca.us.es
+		* geografiaehistoria.us.es
+		* grupo.us.es
+		* icaro.eii.us.es
+		* laplace.us.es
+		* literaturaesp.us.es
+		* ma1.eii.us.es
+		* master.us.es
+		* mediasav.sav.us.es
+		* ocwus.us.es
+		* personal.us.es
+		* pool.us.es
+		* r2h2.us.es
+		* reinus.us.es
+		* sacu.us.es
+		* servicio.us.es
+		* sos.us.es
+		* taylor.us.es
+		* tecnologiaedu.us.es
+		* tempus.us.es
+		* trajano.us.es
+		* tv.us.es
+		* vpn.us.es
+		* webapps.us.es
+		* wifi.us.es
+		* woody.us.es
+		* www.aero.us.es
+		* www.aloj.us.es
+		* www.ccoo.us.es
+		* www.cfp.us.es
+		* www.cienciasdelasalud.us.es
+		* www.color.us.es
+		* www.dinel.us.es
+		* www.doctorado.us.es
+		* www.eps.us.es
+		* www.eup.us.es
+		* www.farmacia.us.es
+		* www.fefp.us.es
+		* www.forpas.us.es
+		* www.fquim.us.es
+		* www.geografia.us.es
+		* www.gte.us.es
+		* www.iaic.us.es
+		* www.internacional.us.es
+		* www.isa.us.es
+		* www.medicina.us.es
+		* www.odontologia.us.es
+		* www.r2h2.us.es
+		* www.sadus.us.es
+		* www.sav.us.es
+		* www.us.es
+-->
+<ruleset name="us.es" default_off="failed ruleset test">
+
+	<target host="bellasartes.us.es" />
+	<target host="bicicletas.us.es" />
+	<target host="cicus.us.es" />
+	<target host="estudiantes.us.es" />
+	<target host="etsie.us.es" />
+	<target host="fcom.us.es" />
+	<target host="fius.us.es" />
+	<target host="ftf.us.es" />
+	<target host="grvc.us.es" />
+	<target host="igualdad.us.es" />
+	<target host="institucional.us.es" />
+	<target host="institutodeidiomas.us.es" />
+	<target host="listas.us.es" />
+	<target host="personales.us.es" />
+	<target host="vtt.us.es" />
+	<target host="www.cs.us.es" />
+	<target host="www.dte.us.es" />
+	<target host="www.etsi.us.es" />
+	<target host="www.informatica.us.es" />
+	<target host="www.lsi.us.es" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Us_Magazine.com.xml b/src/chrome/content/rules/Us_Magazine.com.xml
new file mode 100644
index 000000000000..40f55d8ee1df
--- /dev/null
+++ b/src/chrome/content/rules/Us_Magazine.com.xml
@@ -0,0 +1,29 @@
+<!--
+	Problematic subdomains:
+
+		- cdn *
+
+	* cloudfront, unknown bucket
+
+
+	At least some pages redirect to http.
+
+-->
+<ruleset name="Us Magazine.com (partial)">
+
+	<target host="usmagazine.com" />
+	<target host="assets-s3.usmagazine.com" />
+	<target host="www.usmagazine.com" />
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="^http://(assets-s3|www)\.usmagazine\.com/+($|\?|fonts/)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://(?:assets-s3|www)\.usmagazine\.com/+(?!css/|favicon\.ico|images/|uploads/)" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Usablenet.com.xml b/src/chrome/content/rules/Usablenet.com.xml
index 9eed6a9ef9c6..b81e12fdc532 100644
--- a/src/chrome/content/rules/Usablenet.com.xml
+++ b/src/chrome/content/rules/Usablenet.com.xml
@@ -1,9 +1,25 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- assistive.usablenet.com
+
+-->
 <ruleset name="Usablenet.com">
 
+	<!--	Direct rewrites:
+				-->
+	<target host="assistive.usablenet.com" />
 	<target host="cdns.usablenet.com" />
 
 
-	<rule from="^http://cdns\.usablenet\.com/"
-		to="https://cdns.usablenet.com/" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^assistive\.usablenet\.com$" name="^(K-un_jtt_session-[a-z]+|un_jtt_parameters|un_jtt_session)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Usc.es.xml b/src/chrome/content/rules/Usc.es.xml
new file mode 100644
index 000000000000..f6d29cc469a4
--- /dev/null
+++ b/src/chrome/content/rules/Usc.es.xml
@@ -0,0 +1,78 @@
+<!--
+	Ruleset for usc.es, the University of Santiago de Compostela website.
+	See <https://en.wikipedia.org/wiki/University_of_Santiago_de_Compostela>.
+
+	Not supporting HTTPS or using an invalid certificate:
+		* ac.usc.es
+		* atpemes.usc.es
+		* bgssant.usc.es
+		* caronte.usc.es
+		* codigo.dec.usc.es
+		* ctcloud42.dec.usc.es
+		* cthda02.usc.es
+		* cursosinternacionais.usc.es
+		* cursosinternacionales.usc.es
+		* cv1415.usc.es
+		* decserv03.dec.usc.es
+		* decserv08.dec.usc.es
+		* desoft03.usc.es
+		* dls.usc.es
+		* educa.usc.es
+		* efcpca.usc.es
+		* eio.usc.es
+		* eipc1.usc.es
+		* elgva1.usc.es
+		* evisense.usc.es
+		* facadenet.usc.es
+		* faust.usc.es
+		* fegalaz.usc.es
+		* firgoa.usc.es
+		* fms.usc.es
+		* fpaxp1.usc.es
+		* fpmac116.usc.es
+		* fpsalmon.usc.es
+		* ftp.usc.es
+		* gramatica.usc.es
+		* gva1.dec.usc.es
+		* histagra.usc.es
+		* iacobus.usc.es
+		* igfae.usc.es
+		* laborate.usc.es
+		* mathgene.usc.es
+		* ocartafol.usc.es
+		* prelo.usc.es
+		* redaberta.usc.es
+		* revistas.usc.es
+		* sit.usc.es
+		* stellae.usc.es
+		* tv.usc.es
+		* unisic.usc.es
+		* vm075233.usc.es
+		* vm075242b.usc.es
+		* vm075242.usc.es
+		* webspersoais.usc.es
+		* www-fp.usc.es
+		* www-gsi.dec.usc.es
+		* xornal.usc.es
+-->
+<ruleset name="Universidad de Santiago de Compostela">
+
+	<target host="usc.es" />
+
+	<target host="citius.usc.es" />
+	<target host="cloud.citius.usc.es" />
+	<target host="correoweb.usc.es" />
+	<target host="cv.usc.es" />
+	<target host="dspace.usc.es" />
+	<target host="ilg.usc.es" />
+	<target host="login.usc.es" />
+	<target host="minerva.usc.es" />
+	<target host="owa.usc.es" />
+	<target host="sec-virtual.usc.es" />
+	<target host="www.usc.es" />
+	<target host="xescampus.usc.es" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Uschovna.cz.xml b/src/chrome/content/rules/Uschovna.cz.xml
new file mode 100644
index 000000000000..198f62d259c4
--- /dev/null
+++ b/src/chrome/content/rules/Uschovna.cz.xml
@@ -0,0 +1,8 @@
+<ruleset name="Uschovna.cz">
+	<target host="uschovna.cz" />
+	<target host="www.uschovna.cz" />
+	<target host="sms.uschovna.cz" />
+	<target host="plus.uschovna.cz" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Use-Enco.com.xml b/src/chrome/content/rules/Use-Enco.com.xml
index 512015fb94f8..c4385021501c 100644
--- a/src/chrome/content/rules/Use-Enco.com.xml
+++ b/src/chrome/content/rules/Use-Enco.com.xml
@@ -1,11 +1,17 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://use-enco.com/ => https://www.use-enco.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.use-enco.com'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://use-enco.com/ => https://www.use-enco.com/: (28, 'Connection timed out after 10000 milliseconds')
 	Cert only matches www.
 
 -->
-<ruleset name="Use-Enco.com">
+<ruleset name="Use-Enco.com" default_off="failed ruleset test">
 
 	<target host="use-enco.com" />
-	<target host="*.use-enco.com" />
+	<target host="www.use-enco.com" />
 
 
 	<securecookie host="^(?:www)?\.use-enco\.com$" name=".+" />
diff --git a/src/chrome/content/rules/UseCryptos.com.xml b/src/chrome/content/rules/UseCryptos.com.xml
new file mode 100644
index 000000000000..850a1e6bfb68
--- /dev/null
+++ b/src/chrome/content/rules/UseCryptos.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .usecryptos.com
+
+-->
+<ruleset name="useCryptos.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="usecryptos.com" />
+	<target host="www.usecryptos.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.usecryptos\.com$" name="^(?:__cfduid|cf_clearance|i)$" /-->
+
+	<securecookie host="^\.usecryptos\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/UseRemarkable.com.xml b/src/chrome/content/rules/UseRemarkable.com.xml
new file mode 100644
index 000000000000..16b06fd48902
--- /dev/null
+++ b/src/chrome/content/rules/UseRemarkable.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="UseRemarkable.com">
+
+	<target host="useremarkable.com" />
+	<target host="www.useremarkable.com" />
+	<target host="beta.useremarkable.com" />
+	<target host="data.useremarkable.com" />
+	<target host="docs.useremarkable.com" />
+	<target host="oup.useremarkable.com" />
+		<test url="http://oup.useremarkable.com/production/images/uploads/3677/original/business_letter_template_new_colleague.pdf" />
+	<target host="oupm.useremarkable.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Usenet-Crawler.com.xml b/src/chrome/content/rules/Usenet-Crawler.com.xml
new file mode 100644
index 000000000000..2907ec2d6f67
--- /dev/null
+++ b/src/chrome/content/rules/Usenet-Crawler.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- www.usenet-crawler.com
+
+-->
+<ruleset name="Usenet-Crawler.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="usenet-crawler.com" />
+	<target host="www.usenet-crawler.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.usenet-crawler\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^www\.usenet-crawler\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Usenet-Junction.xml b/src/chrome/content/rules/Usenet-Junction.xml
index 568da3ad88b5..e61a251ae3ac 100644
--- a/src/chrome/content/rules/Usenet-Junction.xml
+++ b/src/chrome/content/rules/Usenet-Junction.xml
@@ -4,10 +4,9 @@
 	<target host="www.usenetjunction.com" />
 
 
-	<securecookie host="^(www\.)?usenetjunction\.com$" name=".*" />
+	<securecookie host="^(?:www\.)?usenetjunction\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?usenetjunction\.com/"
-		to="https://$1usenetjunction.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Usenet.nl.xml b/src/chrome/content/rules/Usenet.nl.xml
new file mode 100644
index 000000000000..5bac2e060e84
--- /dev/null
+++ b/src/chrome/content/rules/Usenet.nl.xml
@@ -0,0 +1,96 @@
+<!--
+	^: cert only matches www
+
+
+	Partially covered domains:
+
+		- \w\w.usenet.nl: *
+
+			- de
+			- en
+			- fr
+			- es
+			- it
+			- nl
+
+	* Some pages redirect to http.
+
+-->
+<ruleset name="Usenet.nl (partial)">
+
+	<target host="*.usenet.nl" />
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="^http://(de|en|es|fr|it|nl)\.usenet\.nl/+($|\?)" /-->
+		<!--exclusion pattern="^http://(de|en|fr|nl)\.usenet\.nl/+service/+($|\?)" /-->
+		<!--exclusion pattern="^http://en\.usenet\.nl/+forgot-password/+($|\?)" /-->
+		<!--exclusion pattern="^http://de\.usenet\.nl/+passwort-vergessen/+($|\?)" /-->
+		<!--exclusion pattern="^http://es\.usenet\.nl/+contrasena-olvidad/+($|\?)" /-->
+		<!--exclusion pattern="^http://es\.usenet\.nl/+servicio/+($|\?)" /-->
+		<!--exclusion pattern="^http://fr\.usenet\.nl/+resiliation-effective/+($|\?)" /-->
+		<!--exclusion pattern="^http://it\.usenet\.nl/+password-dimenticata/+($|\?)" /-->
+		<!--exclusion pattern="^http://it\.usenet\.nl/+assistenza/+($|\?)" /-->
+		<!--exclusion pattern="^http://nl\.usenet\.nl/+succesvol-afgemeld/+($|\?)" /-->
+		<!--
+			In sum:
+				-->
+		<!--exclusion pattern="^http://\w\w\.usenet\.nl/+($|\?|(forgot-password|password-dimenticata|passwort-vergessen|resiliation-effective|service|servicio|succesvol-afgemeld)/+($|\?))" /-->
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="^http://(de|en|es|fr|it|nl)\.usenet\.nl/+(?!UNF/resource/|unf/resource/)" /-->
+		<!--exclusion pattern="^http://de\.usenet\.nl/+(?!anmeldung($|[?/]))" /-->
+		<!--exclusion pattern="^http://de\.usenet\.nl/+(?!service/support-formular/*($|\?))" /-->
+		<!--exclusion pattern="^http://en\.usenet\.nl/+(?!registration($|[?/]))" /-->
+		<!--exclusion pattern="^http://en\.usenet\.nl/+(?!service/support-form/*($|\?))" /-->
+		<!--exclusion pattern="^http://es\.usenet\.nl/+(?!registro($|[?/]))" /-->
+		<!--exclusion pattern="^http://es\.usenet\.nl/+(?!servicio/formulario-de-soporte/*($|\?))" /-->
+		<!--exclusion pattern="^http://fr\.usenet\.nl/+(?!inscription($|[?/]))" /-->
+		<!--exclusion pattern="^http://fr\.usenet\.nl/+(?!service/formulaire-assistance/*($|\?))" /-->
+		<!--exclusion pattern="^http://it\.usenet\.nl/+(?!registrazione($|[?/]))" /-->
+		<!--exclusion pattern="^http://it\.usenet\.nl/+(?!assistenza/modulo-di-assistenza/*($|\?))" /-->
+		<!--exclusion pattern="^http://nl\.usenet\.nl/+(?!aanmelding($|[?/]))" /-->
+		<!--exclusion pattern="^http://nl\.usenet\.nl/+(?!service/support-formulier/*($|\?))" /-->
+		<!--
+			Handled specially:
+						-->
+		<!--exclusion pattern="^http://en\.usenet\.nl/+(?!register-now/*($|\?))" /-->
+		<!--exclusion pattern="^http://de\.usenet\.nl/+(?!jetzt-anmelden/*($\?))" /-->
+		<!--exclusion pattern="^http://es\.usenet\.nl/+(?!registrese-ahora/*($\?))" /-->
+		<!--exclusion pattern="^http://fr\.usenet\.nl/+(?!inscription-maintenant/*($|\?))" /-->
+		<!--exclusion pattern="^http://it\.usenet\.nl/+(?!registratevi-ora/*($|\?))" /-->
+		<!--exclusion pattern="^http://nl\.usenet\.nl/+(?!nu-aanmelden/*($|\?))" /-->
+		<!--
+			In sum:
+				-->
+		<!--exclusion pattern="^http://\w\w\.usenet\.nl/+(?!(aanmelding|anmeldung|inscription|registration|registrazione|registro)($|[?/])|(assistenza/modulo-di-assistenza|inscription-maintenant|jetzt-anmelden|nu-aanmelden|register-now|registratevi-ora|registrese-ahora|service/formulaire-assistance|service/support-form|service/support-formular|service/support-formulier|servicio/formulario-de-soporte)/*($|\?)|UNF/|unf/)" /-->
+
+
+	<rule from="^http://(?:www\.)?usenet\.nl/"
+		to="https://www.usenet.nl/" />
+
+	<!--	Redirects to http first:
+					-->
+	<rule from="^http://en\.usenet\.nl/+register-now/*(?:$|\?.*)"
+		to="https://en.usenet.nl/registration/" />
+
+	<rule from="^http://de\.usenet\.nl/+jetzt-anmelden/*(?:$|\?.*)"
+		to="https://de.usenet.nl/anmeldung/" />
+
+	<rule from="^http://es\.usenet\.nl/+registrese-ahora/*(?:$|\?.*)"
+		to="https://es.usenet.nl/registro/" />
+
+	<rule from="^http://fr\.usenet\.nl/+inscription-maintenant/*(?:$|\?.*)"
+		to="https://fr.usenet.nl/inscription/" />
+
+	<rule from="^http://it\.usenet\.nl/+registratevi-ora/*(?:$|\?.*)"
+		to="https://it.usenet.nl/registrazione/" />
+
+	<rule from="^http://nl\.usenet\.nl/+nu-aanmelden/*(?:$|\?.*)"
+		to="https://nl.usenet.nl/aanmelding/" />
+
+	<rule from="^http://(\w\w)\.usenet\.nl/(?=(?:aanmelding|anmeldung|inscription|registration|registrazione|registro)(?:$|[?/])|(?:assistenza/modulo-di-assistenza|service/formulaire-assistance|service/support-form|service/support-formular|service/support-formulier|servicio/formulario-de-soporte)/*(?:$|\?)|UNF/|unf/)"
+		to="https://$1.usenet.nl/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/UsenetServer.xml b/src/chrome/content/rules/UsenetServer.xml
index 41816d8479a5..295e957d92fa 100644
--- a/src/chrome/content/rules/UsenetServer.xml
+++ b/src/chrome/content/rules/UsenetServer.xml
@@ -1,13 +1,14 @@
 <ruleset name="UsenetServer">
 
 	<target host="usenetserver.com" />
-	<target host="*.usenetserver.com" />
+	<target host="accounts.usenetserver.com" />
+	<target host="globalsearch.usenetserver.com" />
+	<target host="www.usenetserver.com" />
 
 
-	<securecookie host="^.*\.usenetserver\.com$" name=".*" />
+	<securecookie host="^.*\.usenetserver\.com$" name=".+" />
 
 
-	<rule from="^http://((?:accounts|globalsearch|www)\.)?usenetserver\.com/"
-		to="https://$1usenetserver.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/UserEcho-mismatches.xml b/src/chrome/content/rules/UserEcho-mismatches.xml
deleted file mode 100644
index e97c839d426b..000000000000
--- a/src/chrome/content/rules/UserEcho-mismatches.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<ruleset name="UserEcho (mismatches)" default_off="mismatch">
-
-	<target host="blog.userecho.com"/>
-	<target host="feedback.userecho.com"/>
-
-	<securecookie host="^(blog|feedback)\.userecho\.com$" name=".*"/>
-
-	<rule from="^http://(blog|feedback)\.userecho\.com/"
-		to="https://$1userecho.com/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/UserEcho.com.xml b/src/chrome/content/rules/UserEcho.com.xml
new file mode 100644
index 000000000000..1c62cc4bf276
--- /dev/null
+++ b/src/chrome/content/rules/UserEcho.com.xml
@@ -0,0 +1,34 @@
+<!--
+	MCB:
+		jdb.userecho.com/$
+
+	Fully covered:
+		(softwarename).userecho.com
+-->
+
+<ruleset name="UserEcho.com">
+
+	<target host="userecho.com"/>
+
+	<target host="*.userecho.com"/>
+		<test url="http://imgur.userecho.com/" />
+		<test url="http://unchecky.userecho.com/" />
+
+	<!-- MCB: -->
+	<exclusion pattern="^http://jdb\.userecho\.com/$" />
+		<test url="http://jdb.userecho.com/" />
+		<test url="http://jdb.userecho.com/s/assets2.0/css/font-awesome.min.css" />
+
+	<!-- CORS: -->
+	<exclusion pattern="^http://jdb\.userecho\.com/s/assets2\.0/css/font-awesome\.min\.css" />
+		<test url="http://jdb.userecho.com/s/assets2.0/css/font-awesome.min.css" />
+
+	<exclusion pattern="^http://jdb\.userecho\.com/s/assets2\.0/fonts/" />
+		<test url="http://jdb.userecho.com/s/assets2.0/fonts/fontawesome-webfont.ttf" />
+		<test url="http://jdb.userecho.com/s/assets2.0/fonts/fontawesome-webfont.woff" />
+		<test url="http://jdb.userecho.com/s/assets2.0/fonts/fontawesome-webfont.woff2" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/UserEcho.xml b/src/chrome/content/rules/UserEcho.xml
deleted file mode 100644
index ac9fd2d56e0d..000000000000
--- a/src/chrome/content/rules/UserEcho.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<ruleset name="UserEcho (partial)">
-
-	<target host="userecho.com"/>
-	<target host="*.userecho.com"/>
-
-  <!-- 
-       do not secure cookies for arbitrary subdomains!
-       https://trac.torproject.org/projects/tor/ticket/7698
-    -->
-	<securecookie host="^(www\.)?userecho\.com$" name=".*"/>
-
-	<rule from="^http://(?:www\.)?userecho\.com/"
-		to="https://userecho.com/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/UserScape.xml b/src/chrome/content/rules/UserScape.xml
index 5cdbd3865c8e..4b7773b99866 100644
--- a/src/chrome/content/rules/UserScape.xml
+++ b/src/chrome/content/rules/UserScape.xml
@@ -1,13 +1,28 @@
-<ruleset name="UserScape">
 
-	<target host="userscape.com" />
-	<target host="*.userscape.com" />
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://userscape.com/ => https://www.userscape.com/: Too many redirects while fetching 'https://www.userscape.com/'
+Fetch error: http://www.userscape.com/ => https://www.userscape.com/: Too many redirects while fetching 'https://www.userscape.com/'
+Fetch error: http://drop.userscape.com/ => https://www.userscape.com/: Too many redirects while fetching 'https://www.userscape.com/'
 
+	Problematic subdomains:
 
-	<securecookie host="^\.userscape\.com$" name=".+" />
+		- ^ ¹
+		- blog ¹
+		- drop ²
+
+	¹: Serves 404s on all requests
+	²: Mismatch
+-->
+<ruleset name="UserScape" default_off="failed ruleset test">
 
+	<target host="userscape.com" />
+	<target host="www.userscape.com" />
+	<target host="drop.userscape.com" />
+
+	<securecookie host="^\.userscape\.com$" name=".+" />
 
-	<rule from="^http://(www\.)?userscape\.com/"
-		to="https://$1userscape.com/" />
+	<rule from="^http://(www\.|drop\.)?userscape\.com/"
+		to="https://www.userscape.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/UserScripts.xml b/src/chrome/content/rules/UserScripts.xml
deleted file mode 100644
index ce63fadab357..000000000000
--- a/src/chrome/content/rules/UserScripts.xml
+++ /dev/null
@@ -1,33 +0,0 @@
-<!--
-	CDN buckets:
-
-		- s3.amazonaws.com/uso_ss/
-
-
-	Mixed content:
-
-		- Images on ^, from:
-
-			- ^ *
-			- s3.amazonaws.com *
-			- i.creativecommons.org *
-			- i.imgur.com *
-
-		- Ads/web bugs, on ^ from:
-
-			- static.addtoany.com *
-			- pagead2.googlesyndication.com *
-
-	* Secured by us
-
--->
-<ruleset name="UserScripts.org">
-  <target host="userscripts.org" />
-  <target host="www.userscripts.org" />
-
-  <exclusion pattern="^http://(www\.)?userscripts\.org/scripts/source/" />
-  <rule from="^https?://www\.userscripts\.org/"
-	to="https://userscripts.org/"/>
-  <rule from="^http://userscripts\.org/"
-	to="https://userscripts.org/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/User_Local.xml b/src/chrome/content/rules/User_Local.xml
index 721d408c1233..1ddc0a8befad 100644
--- a/src/chrome/content/rules/User_Local.xml
+++ b/src/chrome/content/rules/User_Local.xml
@@ -15,7 +15,7 @@
 	<rule from="^http://(b)?s\.nakanohito\.jp/"
 		to="https://$1s.nakanohito.jp/" />
 
-	<rule from="^https?://b0\d\.nakanohito\.jp/"
+	<rule from="^http://b0\d\.nakanohito\.jp/"
 		to="https://bs.nakanohito.jp/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Userfox.xml b/src/chrome/content/rules/Userfox.xml
index 449da3f418f7..ac799a210a66 100644
--- a/src/chrome/content/rules/Userfox.xml
+++ b/src/chrome/content/rules/Userfox.xml
@@ -1,19 +1,51 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://userfox.com/ => https://www.userfox.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.userfox.com'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://userfox.com/ => https://www.userfox.com/: (6, 'Could not resolve host: userfox.com')
 	CDN buckets:
 
 		- d2y71mjhnajxcg.cloudfront.net
 
+			- static
+
 
 	Problematic subdomains:
 
 		- ^	(works; mismatched, CN: *.heroku.com)
 
+
+	Mixed content:
+
+		- css on www from fonts.googleapis.com *
+
+		- favicon on www from static
+
+	* Secured by us
+
+
+	Fully covered subdomains:
+
+		- (www.)	(^ → www)
+		- app
+		- manage
+		- static	(→ d2y71mjhnajxcg.cloudfront.net)
+
 -->
-<ruleset name="userfox">
+<ruleset name="userfox" default_off="failed ruleset test">
 
 	<target host="userfox.com" />
-	<target host="*.userfox.com" />
+	<target host="www.userfox.com" />
+	<target host="app.userfox.com" />
+	<target host="manage.userfox.com" />
+	<target host="static.userfox.com" />
+
 
+	<!--	Secured by server:
+					-->
+	<!--securecookie host="^app\.userfox\.com$" name="^_userfox-2_session$" /-->
 
 	<securecookie host="^app\.userfox\.com$" name=".+" />
 
@@ -21,7 +53,9 @@
 	<rule from="^http://(?:www\.)?userfox\.com/"
 		to="https://www.userfox.com/" />
 
-	<rule from="^http://(app|manage)\.userfox\.com/"
-		to="https://$1.userfox.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http://static\.userfox\.com/"
+		to="https://d2y71mjhnajxcg.cloudfront.net/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Userium.com.xml b/src/chrome/content/rules/Userium.com.xml
new file mode 100644
index 000000000000..d3de3d1f2174
--- /dev/null
+++ b/src/chrome/content/rules/Userium.com.xml
@@ -0,0 +1,19 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://userium.com/ => https://userium.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.userium.com/ => https://www.userium.com/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="Userium.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="userium.com" />
+	<target host="www.userium.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Userlike.com.xml b/src/chrome/content/rules/Userlike.com.xml
new file mode 100644
index 000000000000..99567732b20d
--- /dev/null
+++ b/src/chrome/content/rules/Userlike.com.xml
@@ -0,0 +1,27 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- userlike.com
+		- www.userlike.com
+
+-->
+<ruleset name="Userlike.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="userlike.com" />
+	<target host="www.userlike.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?userlike\.com$" name="^server_webapp$" /-->
+	<!--securecookie host="^www\.userlike\.com$" name="^csrftoken$" /-->
+
+	<securecookie host="^(?:www\.)?userlike\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Userreport.com.xml b/src/chrome/content/rules/Userreport.com.xml
new file mode 100644
index 000000000000..85075abc7dcf
--- /dev/null
+++ b/src/chrome/content/rules/Userreport.com.xml
@@ -0,0 +1,25 @@
+<!--
+
+	Not covered:
+
+		- admin ¹
+		- sdscdn ²
+
+	¹: Likely works; could not test
+	²: Not in cert
+
+-->
+
+<ruleset name="Userreport.com">
+
+	<target host="userreport.com" />
+	<target host="cdn.userreport.com" />
+	<target host="feedback.userreport.com" />
+	<target host="www.userreport.com" />
+
+	<test url="http://cdn.userreport.com/userreport.js" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Userscontent.net.xml b/src/chrome/content/rules/Userscontent.net.xml
new file mode 100644
index 000000000000..037d2cd0609f
--- /dev/null
+++ b/src/chrome/content/rules/Userscontent.net.xml
@@ -0,0 +1,19 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cdn-eu-i1.userscontent.net/thumbs/662/662020/153_m.jpg => https://cdn-eu-i1.userscontent.net/thumbs/662/662020/153_m.jpg: (60, 'SSL certificate problem: self signed certificate')
+Fetch error: http://cdn-eu-i1.userscontent.net/ => https://cdn-eu-i1.userscontent.net/: (60, 'SSL certificate problem: self signed certificate')
+
+-->
+<ruleset name="userscontent.net" default_off="failed ruleset test">
+
+	<target host="cdn-eu-i1.userscontent.net" />
+	<target host="img1.userscontent.net" />
+
+		<test url="http://cdn-eu-i1.userscontent.net/thumbs/662/662020/153_m.jpg" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Userscripts-mirror.org.xml b/src/chrome/content/rules/Userscripts-mirror.org.xml
new file mode 100644
index 000000000000..821d4dcac91f
--- /dev/null
+++ b/src/chrome/content/rules/Userscripts-mirror.org.xml
@@ -0,0 +1,7 @@
+<ruleset name="Userscripts-mirror.org">
+
+	<target host="userscripts-mirror.org" />
+	<target host="www.userscripts-mirror.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Usersnap.com.xml b/src/chrome/content/rules/Usersnap.com.xml
new file mode 100644
index 000000000000..6f7618f491c2
--- /dev/null
+++ b/src/chrome/content/rules/Usersnap.com.xml
@@ -0,0 +1,32 @@
+<!--
+	Fully covered hosts in *usersnap.com:
+
+		- (www.)?
+		- api
+
+
+	Insecure cookies are set for these hosts:
+
+		- api.usersnap.com
+
+-->
+<ruleset name="Usersnap.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="usersnap.com" />
+	<target host="api.usersnap.com" />
+	<target host="www.usersnap.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^api\.usersnap\.com$" name="^us_lang$" /-->
+
+	<securecookie host="^api\.usersnap\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Uservoice-clients.xml b/src/chrome/content/rules/Uservoice-clients.xml
index 9c9368808c6a..5f96748a3b59 100644
--- a/src/chrome/content/rules/Uservoice-clients.xml
+++ b/src/chrome/content/rules/Uservoice-clients.xml
@@ -1,52 +1,25 @@
-<!--	for Uservoice clients that have no other mismatched rules
--->
-<ruleset name="Uservoice clients" default_off="mismatch">
+<!--
+	For Uservoice clients that have no other mismatched rules.
 
+-->
+<ruleset name="Uservoice clients" default_off="mismatched">
 
-	<target host="support.aerofs.com" />
-		<!--
-			Handled in AeroFS.xml.
-						-->
-		<exclusion pattern="^http://support\.aerofs\.com/track\.gif" />
-	<target host="ideas.hubspot.com" />
 	<target host="ideas.joomla.org" />
-		<!--	Handled in Joomla.xml.	-->
-		<exclusion pattern="^http://ideas\.joomla\.org/track\.gif" />
 	<target host="support.launchrock.com" />
-	<target host="feedback.mendeley.com"/>
-		<!--	handled in Mendeley ruleset	-->
-		<exclusion pattern="^http://feedback\.mendeley\.com/(images/|track\.gif)"/>
-	<target host="mendeley.uservoice.com"/>
-	<target host="feedback.yahoo.com" />
-
 
-	<securecookie host="^support\.aerofs\.com$" name=".+" />
-	<securecookie host="^support\.launchrock\.com$" name=".+" />
-	<securecookie host="^feedback\.mendeley\.com$" name=".*"/>
-	<securecookie host="^mendeley\.uservoice\.com$" name=".*"/>
-	<securecookie host="^feedback\.yahoo\.com$" name=".+" />
-
-
-	<rule from="^http://support\.aerofs\.com/"
-		to="https://support.aerofs.com/" />
+		<!--	Handled in Joomla.xml:
+						-->
+		<exclusion pattern="^http://ideas\.joomla\.org/track\.gif" />
 
-	<!--	Cookies are handled in HubSpot.xml.	-->
-	<rule from="^http://ideas\.hubspot\.com/"
-		to="https://ideas.hubspot.com/" />
+			<!--	+ve:
+					-->
+			<test url="http://ideas.joomla.org/track.gif" />
 
-	<!--	joomla.uservoice.com
-		Cookies are handled in Joomla.xml.	-->
-	<rule from="^http://ideas\.joomla\.org/"
-		to="https://ideas.joomla.org/" />
 
-	<rule from="^http://support\.launchrock\.com/"
-		to="https://support.launchrock.com/" />
+	<securecookie host="^\w" name=".+" />
 
-	<!--	mendeley.uservoice.com	-->
-	<rule from="^http://feedback\.mendeley\.com/"
-		to="https://feedback.mendeley.com/"/>
 
-	<rule from="^http://feedback\.yahoo\.com/"
-		to="https://feedback.yahoo.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Uservoice.xml b/src/chrome/content/rules/Uservoice.xml
index 17e767f05892..6838f86ed208 100644
--- a/src/chrome/content/rules/Uservoice.xml
+++ b/src/chrome/content/rules/Uservoice.xml
@@ -1,31 +1,62 @@
 <!--
-	Fully covered subdomains:
+	Other UserVoice rulesets:
 
-		- app
-		- by
-		- cdn
-		- cdn2
-		- developer
-		- translate
-		- *		(per-client subdomains)
+		- UvCDN.com.xml
 
--->
-<ruleset name="Uservoice (partial)">
-
-	<target host="uservoice.com"/>
-	<target host="*.uservoice.com"/>
-  <!--	https://trac.torproject.org/projects/tor/ticket/7273
-  	https://trac.torproject.org/projects/tor/ticket/8199 -->
-  <exclusion pattern="^http://(?:blog|email|developer)\.uservoice\.com"/>
+	Nonfunctional subdomains:
 
+		- email ¹ ²
+		- email.feedback-poweredby ¹
 
-	<securecookie host="^.*\.uservoice\.com$" name=".*" />
+	¹ Timeout (Mailgun)
+	² <https://trac.torproject.org/projects/tor/ticket/7273>
 
+	Problematic subdomains:
 
-	<rule from="^http://(?:www\.)?uservoice\.com/images/"
-		to="https://cdn.uservoice.com/images/"/>
+		- www6 ¹
 
-	<rule from="^http://(?!www\.)(\w+)\.uservoice\.com/"
-		to="https://$1.uservoice.com/"/>
+	¹ Mismatched, CN: *.pardot.com <https://github.com/EFForg/https-everywhere/issues/4514>
+-->
+<ruleset name="UserVoice">
+
+	<target host="uservoice.com" />
+	<target host="*.uservoice.com" />
+
+	<exclusion pattern="^http://(email|email\.feedback-poweredby|www6)\.uservoice\.com/" />
+
+		<test url="http://email.uservoice.com/" />
+		<!-- Random search result link -->
+		<test url="http://email.uservoice.com/c/ZD1kNTImaT01M2M1MTlhNDM5NmYxXzNiODgzZmMyYWIzZDkzMTg0NDY1NiU0MHVzZXJ2b2ljZS5jb20maD1mYTg5YzU4ZTVjMTRjZjc4NjM4MWQzYmExZmQxZDA1ZiZsPWh0dHBzJTNBJTJGJTJGd3d3LmRpZ2l0YWxvY2Vhbi5jb20lMkZjb21wYW55JTJGYmxvZyUyRmludHJvZHVjaW5nLW91ci1sb25kb24tcmVnaW9uJTJGJTIzY29tbWVudC0xNDg1ODkyODczJnRyYWNraW5nX2NvZGU9M2ZmOWY3ODZhN2I1NmVmNGNiNTBhYjFmN2VmMDM0YzEmcj1tYXR0JTQwejIyc2UuY28udWs" />
+		<test url="http://email.feedback-poweredby.uservoice.com/" />
+		<!-- Random search result link -->
+		<test url="http://email.feedback-poweredby.uservoice.com/c/eJxVj0GOwyAMRU_T7KiAQCgLFrOZa1TEdlLUFCIgieb2A7MbyYsv-z_bH53kQvshOD0hWUUPY4XiTy2sGJeFzGxn8BNoIYW1N8WPQvlMAegO6TO8HBrR5rPRM9cGpKARuhJWeeCIOGzuVetebuPXTX63unak8_5vTesuKR-f0oQQ3HDNjhhOysVv7AoR01XYvvnaXN1cjnWlUkOKf4TUejLGspUq81AbyDBkgpryD-uHWIid9J0YavbwDnF9QkJyBpRtmTmaBRQHwwUqC_bhFy-VnaYhO9hCrC15Purbl_7vL6PJZGg" />
+		<test url="http://www6.uservoice.com/" />
+		<!-- Sign up link on https://www.uservoice.com/ -->
+		<test url="http://www6.uservoice.com/l/17202/2015-10-15/2zbnhz" />
+
+	<securecookie host="^(?!email\.|email\.feedback-poweredby\.|www6\.)\w" name=".+" />
+
+	<test url="http://app.uservoice.com/" />
+	<test url="http://blog.uservoice.com/" />
+	<test url="http://by.uservoice.com/" />
+	<test url="http://cdn.uservoice.com/" />
+	<test url="http://cdn2.uservoice.com/" />
+	<test url="http://community.uservoice.com/" />
+	<test url="http://developer.uservoice.com/" />
+	<test url="http://eng.uservoice.com/" />
+	<test url="http://feedback.uservoice.com/" />
+	<test url="http://status.uservoice.com/" />
+	<test url="http://translate.uservoice.com/" />
+	<test url="http://widget.uservoice.com/" />
+	<test url="http://www.uservoice.com/" />
+
+	<!-- Client wildcard subdomains chosen arbitrarily -->
+	<test url="http://goldenfrog.fb.uservoice.com/" />
+	<test url="http://jomsocial.fb.uservoice.com/" />
+	<test url="http://jomsocial.uservoice.com/" />
+	<test url="http://mailgun.uservoice.com/" />
+
+	<rule from="^http:"
+		to="https:"/>
 
 </ruleset>
diff --git a/src/chrome/content/rules/Usesthis.com.xml b/src/chrome/content/rules/Usesthis.com.xml
new file mode 100644
index 000000000000..41e618d21c88
--- /dev/null
+++ b/src/chrome/content/rules/Usesthis.com.xml
@@ -0,0 +1,18 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.usesthis.com/ => https://www.usesthis.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.usesthis.com'")
+
+-->
+<ruleset name="usesthis.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="usesthis.com" />
+	<target host="www.usesthis.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ushmm.org.xml b/src/chrome/content/rules/Ushmm.org.xml
index e58305658b32..5fb87c0289e7 100644
--- a/src/chrome/content/rules/Ushmm.org.xml
+++ b/src/chrome/content/rules/Ushmm.org.xml
@@ -1,10 +1,12 @@
 <!--
+	(www.)?: 403
+
 	Problematic subdomains:
 
 		- www	(akamai)
 
 -->
-<ruleset name="ushmm.org">
+<ruleset name="ushmm.org" default_off="403">
 
 	<target host="ushmm.org" />
 	<target host="www.ushmm.org" />
@@ -16,4 +18,4 @@
 	<rule from="^http://(?:www\.)?ushmm\.org/"
 		to="https://ushmm.org/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Uslaw.link.xml b/src/chrome/content/rules/Uslaw.link.xml
new file mode 100644
index 000000000000..b96aa76f43e9
--- /dev/null
+++ b/src/chrome/content/rules/Uslaw.link.xml
@@ -0,0 +1,12 @@
+<ruleset name="uslaw.link">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="uslaw.link" />
+	<target host="www.uslaw.link" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Usmile.at.xml b/src/chrome/content/rules/Usmile.at.xml
new file mode 100644
index 000000000000..0ed0c963b839
--- /dev/null
+++ b/src/chrome/content/rules/Usmile.at.xml
@@ -0,0 +1,14 @@
+<!--
+	Note: this site blocks Tor users.
+
+-->
+<ruleset name="usmile.at" default_off="needs clearnet testing">
+
+	<target host="usmile.at" />
+	<target host="www.usmile.at" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/UsplusU.com.xml b/src/chrome/content/rules/UsplusU.com.xml
index 2c07f2cea817..a6262110c696 100644
--- a/src/chrome/content/rules/UsplusU.com.xml
+++ b/src/chrome/content/rules/UsplusU.com.xml
@@ -1,13 +1,20 @@
-<ruleset name="UsplusU.com">
 
+<!--
+	(www.)?: Shopify
+
+-->
+<ruleset name="UsplusU.com" default_off="mismatched">
+
+	<!--	Direct rewrites:
+				-->
 	<target host="usplusu.com" />
-	<target host="*.usplusu.com" />
+	<target host="www.usplusu.com" />
 
 
-	<securecookie host="^\.(?:store\.|www\.)?usplusu\.com$" name=".+" />
+	<securecookie host="^\.(?:www\.)?usplusu\.com$" name=".+" />
 
 
-	<rule from="^http://(store\.|www\.)?usplusu\.com/"
-		to="https://$1usplusu.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/UsrJoy.xml b/src/chrome/content/rules/UsrJoy.xml
deleted file mode 100644
index baa2b9bac413..000000000000
--- a/src/chrome/content/rules/UsrJoy.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="UsrJoy">
-  <target host="usrjoy.com" />
-  <target host="www.usrjoy.com" />
-
-  <securecookie host="^(.+\.)?usrjoy\.com$" name=".*"/>
-
-  <rule from="^http://(?:www\.)?usrjoy\.com/" to="https://www.usrjoy.com/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/Ustatik.com.xml b/src/chrome/content/rules/Ustatik.com.xml
new file mode 100644
index 000000000000..2f7f67528958
--- /dev/null
+++ b/src/chrome/content/rules/Ustatik.com.xml
@@ -0,0 +1,18 @@
+<!--
+	These altnames don't exist:
+
+		- www.ustatik.com
+
+-->
+<ruleset name="Ustatik.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ustatik.com" />
+	<target host="cdn.ustatik.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ustream-mismatches.xml b/src/chrome/content/rules/Ustream-mismatches.xml
index c03b26879984..173c835ee6ed 100644
--- a/src/chrome/content/rules/Ustream-mismatches.xml
+++ b/src/chrome/content/rules/Ustream-mismatches.xml
@@ -1,11 +1,11 @@
-<ruleset name="Ustream (mismatches)" default_off="mismatch">
+<ruleset name="Ustream.tv (mismatches)" default_off="mismatched">
 
 	<!--	Akamai	-->
 	<target host="cdn1.ustream.tv"/>
 	<target host="cdn2.ustream.tv"/>
 	<target host="cdngw.ustream.tv"/>
 
-	<rule from="^http://cdn([12]|gw)\.ustream\.tv/"
-		to="https://cdn$1.ustream.tv/"/>
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Ustream.xml b/src/chrome/content/rules/Ustream.xml
index af3ffd4e5dcd..6776a6405936 100644
--- a/src/chrome/content/rules/Ustream.xml
+++ b/src/chrome/content/rules/Ustream.xml
@@ -1,24 +1,86 @@
 <!--	See Ustream-mismatches.xml for problematic rules.
+
+
+	CDN buckets:
+
+		- ustvstaticcdn2-a.akamaihd.net
+
+
+	Problematic hosts in *ustream.tv:
+
+		- cdn1 ¹
+		- static-cdn[12] ¹
+		- support ²
+
+	¹ Akamai
+	² Mismatched
+
 -->
-<ruleset name="Ustream (buggy)" default_off="breaks video">
+<ruleset name="Ustream.tv (buggy)" default_off="breaks video">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="ustream.tv"/>
-	<target host="*.ustream.tv"/>
+	<target host="community.ustream.tv"/>
+	<target host="secure-static-cdn1.ustream.tv"/>
+	<target host="secure-static-cdn2.ustream.tv"/>
+	<target host="static.ustream.tv"/>
+	<target host="www.ustream.tv"/>
+
+	<!--	Complications:
+				-->
+	<target host="static-cdn1.ustream.tv"/>
+	<target host="static-cdn2.ustream.tv"/>
+	<target host="support.ustream.tv"/>
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.ustream\.tv/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="^http://www\.ustream\.tv/(?!blog/|embed/|en_US/|platform/)" /-->
+		<!--
+			Triggers false MCB:
+						-->
+		<!--exclusion pattern="^http://www\.ustream\.tv/blog/(?!wp-content/)" /-->
+		<!--
+			In sum:
+				-->
+		<exclusion pattern="^http://www\.ustream\.tv/(?!blog/wp-content/|embed/|en_US/|platform/)" />
+
+			<!--	+ve:
+					-->
 
-	<rule from="^http://(?:www\.)?ustream\.tv/(blog|embed|en_US)/"
-		to="https://www.ustream.tv/$1/"/>
+			<test url="http://www.ustream.tv/explore/all" />
+			<test url="http://www.ustream.tv/our-company" />
+			<test url="http://www.ustream.tv/press" />
+			<!--
+				(false MCB):
+						-->
+			<test url="http://www.ustream.tv/blog/" />
 
-	<!-- getsatisfaction.com/ustream.* redirects
-		back to community.ustream.tv			-->
-	<rule from="^http://community\.ustream\.tv/favicon\.ico"
-		to="https://getsatisfaction.com/favicon.ico"/>
+			<!--	-ve:
+					-->
+			<test url="http://www.ustream.tv/platform/plans" />
 
-	<rule from="^http://static\.ustream\.tv/"
-		to="https://static.ustream.tv/"/>
 
-	<!--	Akamai
-		also on static but this is what server does	-->
-	<rule from="^http://static-cdn([12])\.ustream\.tv/"
+	<!--	Redirect keeps path and
+		args, but not forward slash:
+						-->
+	<rule from="^http://support\.ustream\.tv/+(?=$|\?)"
+		to="https://ustream.zendesk.com/home" />
+
+	<!--	(Ditto:)
+			-->
+	<rule from="^http://support\.ustream\.tv/+"
+		to="https://ustream.zendesk.com/" />
+
+	<!--	also on static but this is what server does	-->
+	<rule from="^http://static-cdn(1|2)\.ustream\.tv/"
 		to="https://secure-static-cdn$1.ustream.tv/"/>
 
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/Utah-Education-Network.xml b/src/chrome/content/rules/Utah-Education-Network.xml
index caa0d6bcf6c0..122da7f6ea16 100644
--- a/src/chrome/content/rules/Utah-Education-Network.xml
+++ b/src/chrome/content/rules/Utah-Education-Network.xml
@@ -1,8 +1,18 @@
-<!--	!functional:
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://uen.org/ => https://www.eun.org/: (28, 'Connection timed out after 20000 milliseconds')
+
+-->
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://uen.org/ => https://www.eun.org/: (28, 'Connection timed out after 10000 milliseconds')
+	!functional:
 		- uen.org/^(css|images)+/.+
 		- pioneer.uen.org
 -->
-<ruleset name="Utah Education Network (partial)">
+<ruleset name="Utah Education Network (partial)" default_off="failed ruleset test">
 
 	<target host="uen.org"/>
 	<target host="online.uen.org"/>
@@ -10,7 +20,7 @@
 
 
 	<!--	is cross-domain cookie used anywhere else?	-->
-	<securecookie host="^online\.uen\.org$" name=".*"/>
+	<securecookie host="^online\.uen\.org$" name=".+" />
 
 
 	<rule from="^http://uen\.org/"
diff --git a/src/chrome/content/rules/Utb.ru.xml b/src/chrome/content/rules/Utb.ru.xml
new file mode 100644
index 000000000000..e897f82142d3
--- /dev/null
+++ b/src/chrome/content/rules/Utb.ru.xml
@@ -0,0 +1,49 @@
+<!--
+utb.ru ¹
+cloud.utb.ru ¹
+store.cloud.utb.ru ⁵
+www.iclient.utb.ru ¹
+www.online.utb.ru ¹
+relay.utb.ru ³
+stels.utb.ru ¹
+prosto.utb.ru different content
+telebank.utb.ru different content
+
+
+¹ mismatch
+³ timed out
+⁵ expired
+-->
+<ruleset name="utb.ru">
+	<target host="www.utb.ru" />
+	<target host="acs.utb.ru" />
+	<target host="cards.utb.ru" />
+	<target host="comcred.utb.ru" />
+	<target host="confiscated.utb.ru" />
+	<target host="credit.utb.ru" />
+	<target host="deposit.utb.ru" />
+	<target host="ibank.utb.ru" />
+	<target host="iclient.utb.ru" />
+	<target host="m.utb.ru" />
+	<target host="m-cards.utb.ru" />
+	<target host="m-comcred.utb.ru" />
+	<target host="m-credit.utb.ru" />
+	<target host="m-deposit.utb.ru" />
+	<target host="m-iclient.utb.ru" />
+	<target host="m-online.utb.ru" />
+	<target host="m-potrebcred.utb.ru" />
+	<target host="mb.utb.ru" />
+	<target host="mediabank.utb.ru" />
+	<target host="metal.utb.ru" />
+	<target host="online.utb.ru" />
+	<target host="potrebcred.utb.ru" />
+	<target host="rko.utb.ru" />
+	<target host="tender.utb.ru" />
+
+	<target host="utb.ru" />
+
+	<rule from="^http://utb\.ru/"
+		to="https://www.utb.ru/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Utfs.org.xml b/src/chrome/content/rules/Utfs.org.xml
new file mode 100644
index 000000000000..738cc1fbc72f
--- /dev/null
+++ b/src/chrome/content/rules/Utfs.org.xml
@@ -0,0 +1,40 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+			 - utfs.org
+			 - www.utfs.org
+			 - astronomy.utfs.org
+			 - me.dyn.utfs.org
+			 - fa.utfs.org
+			 - gc1w5c2.utfs.org
+			 - gc2wggr.utfs.org
+			 - gc3rnwm.utfs.org
+			 - gc49cma.utfs.org
+			 - cache.gc49mw0.utfs.org
+			 - mail.utfs.org
+			 - me.utfs.org
+			 - new.utfs.org
+			 - op.utfs.org
+			 - tinny.utfs.org
+
+		Timeout was reached:
+			 - andy.utfs.org
+			 - automat.utfs.org
+			 - esa7.utfs.org
+			 - java.utfs.org
+			 - me2.utfs.org
+			 - old.utfs.org
+			 - shinken.utfs.org
+			 - shinken-packs.utfs.org
+
+		Peer certificate cannot be authenticated with given CA certificates:
+			 - andrea.dyn.utfs.org
+
+		Incomplete certificate chain error:
+			 - metis.utfs.org
+-->
+<ruleset name="Utfs.org">
+	<target host="trent.utfs.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Utica.xml b/src/chrome/content/rules/Utica.xml
index 8efa450219ce..029b72e3b3f8 100644
--- a/src/chrome/content/rules/Utica.xml
+++ b/src/chrome/content/rules/Utica.xml
@@ -2,5 +2,5 @@
   <target host="www.utica.edu" />
   <target host="utica.edu" />
 
-  <rule from="^http://(www\.)?utica\.edu/" to="https://utica.edu/"/>
+  <rule from="^http://(?:www\.)?utica\.edu/" to="https://utica.edu/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/Utopia-Web.xml b/src/chrome/content/rules/Utopia-Web.xml
deleted file mode 100644
index c90baef9951e..000000000000
--- a/src/chrome/content/rules/Utopia-Web.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="Utopia-Web (partial)">
-
-	<target host="secure.utopia-web.com"/>
-
-	<securecookie host="^secure\.utopia-web\.com$" name=".*"/>
-
-	<rule from="^http://secure\.utopia-web\.com/"
-		to="https://secure.utopia-web.com/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Utopia.xml b/src/chrome/content/rules/Utopia.xml
index 8353cffc24c7..8faf2dc6274a 100644
--- a/src/chrome/content/rules/Utopia.xml
+++ b/src/chrome/content/rules/Utopia.xml
@@ -1,13 +1,23 @@
-<ruleset name="Utopia">
+<!--
+
+	Mismatched hosts in *utopia.ai:
+
+		- www
+
+-->
+<ruleset name="Utopia.ai">
 
 	<target host="utopia.ai" />
-	<target host="*.utopia.ai" />
+	<target host="www.utopia.ai" />
 
 
 	<securecookie host="^\.utopia\.ai$" name=".+" />
 
 
-	<rule from="^http://(www\.)?utopia\.ai/"
-		to="https://$1utopia.ai/" />
+	<rule from="^http://www\.utopia\.ai/"
+		to="https://utopia.ai/" />
+
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Utopia_net.org.xml b/src/chrome/content/rules/Utopia_net.org.xml
new file mode 100644
index 000000000000..5aea8c4c2a34
--- /dev/null
+++ b/src/chrome/content/rules/Utopia_net.org.xml
@@ -0,0 +1,37 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- utopianet.org
+		- www.utopianet.org
+
+
+	Mixed content:
+
+		- Images from $self ˢ
+
+		- Bugs, from:
+
+			- ad.doubleclick.net
+			- ib.adnxs.com ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="Utopia net.org">
+
+	<target host="utopianet.org" />
+	<target host="myaccount.utopianet.org" />
+	<target host="www.utopianet.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?utopianet\.org$" name="^(?:PHPSESSID|wfvt_\d+)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Uv.es.xml b/src/chrome/content/rules/Uv.es.xml
new file mode 100644
index 000000000000..85d92d402745
--- /dev/null
+++ b/src/chrome/content/rules/Uv.es.xml
@@ -0,0 +1,121 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://entreu.uv.es/ => https://entreu.uv.es/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://tresor.uv.es/ => https://tresor.uv.es/: (6, 'Could not resolve host: tresor.uv.es')
+
+	Ruleset for uv.es, the University of Valencia website.
+	See <https://en.wikipedia.org/wiki/University_of_Valencia>.
+
+	Not supporting HTTPS or using an invalid certificate:
+
+		* acceso.uv.es
+		* anglogermanica.uv.es
+		* aposta.uv.es
+		* apple.uv.es
+		* artelope.uv.es
+		* art.uv.es
+		* auladeedicion.uv.es
+		* biblioteca.uv.es
+		* blog.uv.es
+		* calendar.uv.es
+		* ca.uv.es
+		* drones.uv.es
+		* electro.uv.es
+		* eneti.uv.es
+		* extensiouni.uv.es
+		* extensio.uv.es
+		* fip.uv.es
+		* formaciospl.uv.es
+		* ftp.uv.es
+		* fundacio.uv.es
+		* gdi.uv.es
+		* gdw.uv.es
+		* glup.irobot.uv.es
+		* hal.ific.uv.es
+		* hal.uv.es
+		* hicido.uv.es
+		* i2sysbio.uv.es
+		* idh.uv.es
+		* iei.uv.es
+		* ific.uv.es
+		* imp.uv.es
+		* indico.ific.uv.es
+		* industrial.uv.es
+		* ipl.uv.es
+		* l.uv.es
+		* mediauni.uv.es
+		* mmedia.uv.es
+		* mupart.uv.es
+		* mural.uv.es
+		* news.uv.es
+		* next.ific.uv.es
+		* next.uv.es
+		* observatori.uv.es
+		* ocs.uv.es
+		* ocw.uv.es
+		* parnaseo.uv.es
+		* peque.ci.uv.es
+		* projeccio.uv.es
+		* puv.uv.es
+		* robotica.uv.es
+		* roderic.uv.es
+		* salpub.uv.es
+		* scsie.uv.es
+		* sefuv.uv.es
+		* server1.uv.es
+		* storage.uv.es
+		* subversion.uv.es
+		* svn.uv.es
+		* tc12.uv.es
+		* trobes.uv.es
+		* ute.uv.es
+		* uvx.uv.es
+		* webific.ific.uv.es
+-->
+<ruleset name="Universitat de Val&#232;ncia" default_off="failed ruleset test">
+
+	<!-- special case for http://uv.es, as https://uv.es does not exist -->
+	<target host="uv.es" />
+	<rule from="^http://uv\.es/" to="https://www.uv.es/" />
+
+	<!-- blogs.uv.es has a wildcard certificate, so every blog will have HTTPS enabled -->
+	<target host="*.blogs.uv.es" />
+	<test url="http://confucio.blogs.uv.es/" />
+	<test url="http://coneixer.blogs.uv.es/" />
+	<test url="http://cperez.blogs.uv.es/" />
+
+	<target host="as.uv.es" />
+	<target host="aulavirtual.uv.es" />
+	<target host="blogs.uv.es" />
+	<target host="card.uv.es" />
+	<target host="correoold.uv.es" />
+	<target host="disco.uv.es" />
+	<target host="entreu.uv.es" />
+	<target host="go.uv.es" />
+	<target host="home.uv.es" />
+	<target host="informatica.uv.es" />
+	<target host="links.uv.es" />
+	<target host="manteniment.uv.es" />
+	<target host="mcuser.uv.es" />
+	<target host="monitor.uv.es" />
+	<target host="moodle.uv.es" />
+	<target host="ojs.uv.es" />
+	<target host="pages.uv.es" />
+	<target host="personal.uv.es" />
+	<target host="portal.uv.es" />
+	<target host="secvirtual.uv.es" />
+	<target host="soft.uv.es" />
+	<target host="software.uv.es" />
+	<target host="sogo.uv.es" />
+	<target host="solitelefons.uv.es" />
+	<target host="targeta.uv.es" />
+	<target host="tresor.uv.es" />
+	<target host="uvalred.uv.es" />
+	<target host="webges.uv.es" />
+	<target host="www.uv.es" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/UvA.nl.xml b/src/chrome/content/rules/UvA.nl.xml
new file mode 100644
index 000000000000..d8bbf51ea33b
--- /dev/null
+++ b/src/chrome/content/rules/UvA.nl.xml
@@ -0,0 +1,108 @@
+<!--
+	University of Amsterdam
+
+
+	Nonfunctional subdomains:
+
+		- lib ¹
+		- opc ²
+		- studiegids ³
+		- (www.)?scriptiesonline.uba ²
+
+	¹ Shows uba-primo.hosted.exlibrisgroup.com
+	² Refused
+	³ Plaintext reply
+
+
+	Problematic subdomains:
+
+		- ^ ¹
+		- (www.)?alumni ²
+		- (www.)?bijzonderecollecties ²
+		- blackboard ³
+		- extranet ³
+		- ray.ic ⁴
+		- medewerker ³
+		- mijn ³
+		- mytimetable ³
+		- staff.science ⁴
+		- secure ³
+		- m.sis ³
+		- (www.)?staff ³
+		- static ³
+		- email.student ⁵
+		- www.student ²
+		- (www.)?uba ²
+		- databases.uba ³
+		- www ³
+
+	¹ Dropped
+	² Mismatched, CN: www.uva.nl
+	³ Insecure renegotiation
+	⁴ Redirect differs
+	⁵ Google
+
+
+	Fully covered subdomains:
+
+		- (www.)?		(^ → www)
+		- blackboard
+		- extranet
+		- staff.fnwi
+		- ray.ic		(→ id)
+		- id
+		- medewerker
+		- mijn
+		- mytimetable
+		- rooster
+		- staff.science
+		- secure
+		- m.sis
+		- (www.)?staff
+		- static
+		- (www.)?student	(www → ^)
+		- email.student		(→ mail.google.com)
+		- databases.uba
+		- diensten.uba
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- diensten from $self *
+			- student from static *
+
+	* Secured by us
+
+-->
+<ruleset name="UvA.nl (partial)">
+
+	<target host="uva.nl" />
+	<target host="*.uva.nl" />
+
+
+	<rule from="^http://(?:www\.)?uva\.nl/"
+		to="https://www.uva.nl/" />
+
+	<rule from="^http://ray\.ic\.uva\.nl/"
+		to="https://id.uva.nl/" />
+
+	<!--	Redirect drops args:
+					-->
+	<rule from="^http://staff\.science\.uva\.nl/+(?:$|\?.*)"
+		to="https://staff.fnwi.uva.nl/" />
+
+	<rule from="^http://(?:www\.)?student\.uva\.nl/"
+		to="https://student.uva.nl/" />
+
+	<!--	Redirect drops path and args:
+						-->
+	<rule from="^http://email\.student\.uva\.nl/.*"
+		to="https://mail.google.com/a/student.uva.nl" />
+
+	<rule from="^http://(blackboard|extranet|staff\.fnwi|id|medewerker|mijn|mytimetable|rooster|staff\.science|secure|m\.sis|(?:www\.)?staff|static|student|d(?:atabases|iensten)\.uba)\.uva\.nl/"
+		to="https://$1.uva.nl/" />
+
+
+</ruleset>
diff --git a/src/chrome/content/rules/UvCDN.com.xml b/src/chrome/content/rules/UvCDN.com.xml
new file mode 100644
index 000000000000..fd437a00179d
--- /dev/null
+++ b/src/chrome/content/rules/UvCDN.com.xml
@@ -0,0 +1,31 @@
+<!--
+	For other Uservoice coverage, see Uservoice.xml.
+
+
+	NB: Tor users cannot view* this website due to CloudFlare settings.
+
+	See:
+
+		- https://blog.torproject.org/blog/call-arms-helping-internet-services-accept-anonymous-users
+		- https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block-Tor-
+		- https://support.cloudflare.com/hc/en-us/articles/200170206-How-do-I-turn-I-m-Under-Attack-mode-on-
+
+	* without enabling javascript, for security and privacy implications see e.g.:
+
+		- https://www.mozilla.org/security/known-vulnerabilities/firefox.html
+		- https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-fingerprinting
+		- https://panopticlick.eff.org
+
+-->
+<ruleset name="UvCDN.com">
+
+	<target host="*.uvcdn.com" />
+
+
+	<securecookie host="^\.uvcdn\.com$" name="^__cfduid$" />
+
+
+	<rule from="^http://assets(\d)\.uvcdn\.com/"
+		to="https://assets$1.uvcdn.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Uvnc.com.xml b/src/chrome/content/rules/Uvnc.com.xml
new file mode 100644
index 000000000000..030d63cd4fa8
--- /dev/null
+++ b/src/chrome/content/rules/Uvnc.com.xml
@@ -0,0 +1,18 @@
+<!--
+	Invalid certificate:
+		forum.uvnc.com
+		www.mail.uvnc.com
+		sponsor4.uvnc.com
+	Time out:
+		forum2.uvnc.com
+		mail.uvnc.com
+		support4.uvnc.com
+-->
+<ruleset name="Uvnc.com">
+	<target host="uvnc.com" />
+	<target host="www.uvnc.com" />
+	<target host="support1.uvnc.com" />
+
+	<rule from="^http://uvnc\.com/" to="https://www.uvnc.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/V-identity.com.xml b/src/chrome/content/rules/V-identity.com.xml
index 10026e5deb15..7bc4db531052 100644
--- a/src/chrome/content/rules/V-identity.com.xml
+++ b/src/chrome/content/rules/V-identity.com.xml
@@ -1,19 +1,23 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://v-identity.com/ => https://www.v-identity.com/: (6, 'Could not resolve host: www.v-identity.com')
+
 	Problematic subdomains:
 
 		- ^	(404)
 
 -->
-<ruleset name="v-identity.com">
+<ruleset name="v-identity.com" default_off="failed ruleset test">
 
 	<target host="v-identity.com" />
-	<target host="*.v-identity.com" />
+	<target host="www.v-identity.com" />
+	<target host="cdn.v-identity.com" />
 
 
 	<rule from="^http://(?:www\.)?v-identity\.com/"
 		to="https://www.v-identity.com/" />
 
-	<rule from="^http://cdn\.v-identity\.com/"
-		to="https://cdn.v-identity.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/V2-Cigs.xml b/src/chrome/content/rules/V2-Cigs.xml
deleted file mode 100644
index a4a4bb277203..000000000000
--- a/src/chrome/content/rules/V2-Cigs.xml
+++ /dev/null
@@ -1,28 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- whoson-gw.v2cigs.com
-
--->
-<ruleset name="V2 Cigs (partial)">
-
-	<target host="v2cigs.com" />
-	<target host="*.v2cigs.com" />
-
-
-	<securecookie host="^money\.v2cigs\.com$" name=".+" />
-
-
-	<!--	- Cert only matches www
-		- Some (most?) pages 301 to http
-							-->
-	<rule from="^http://(?:www\.)?v2cigs\.com/$"
-		to="https://www.v2cigs.com/index.php" />
-
-	<rule from="^https?://(?:www\.)?v2cigs\.com/(addons/|javascript/|lib/|prefetcher/|(?:(?:account|cart|giftcertificates|index|login)\.php|security\.html)(?:$|\?)|templates/)"
-		to="https://www.v2cigs.com/$1" />
-
-	<rule from="^http://(money|whoson-gw)\.v2cigs\.com/"
-		to="https://$1.v2cigs.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/V2ex.co.xml b/src/chrome/content/rules/V2ex.co.xml
new file mode 100644
index 000000000000..f9445059f99b
--- /dev/null
+++ b/src/chrome/content/rules/V2ex.co.xml
@@ -0,0 +1,7 @@
+<ruleset name="v2ex.co">
+	<target host="captive.v2ex.co" />
+	<target host="cdn.v2ex.co" />
+	<target host="i.v2ex.co" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/V3.co.uk.xml b/src/chrome/content/rules/V3.co.uk.xml
index 2c80d2f32d59..a7d9c2633fa1 100644
--- a/src/chrome/content/rules/V3.co.uk.xml
+++ b/src/chrome/content/rules/V3.co.uk.xml
@@ -18,4 +18,4 @@
 	<rule from="^http://(?:www\.)?v3\.co\.uk/(images/loading\.gif|IMG/)"
 		to="https://incmai.incisivemedia.com/$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/V6ak.com.xml b/src/chrome/content/rules/V6ak.com.xml
new file mode 100644
index 000000000000..f6686b8f867b
--- /dev/null
+++ b/src/chrome/content/rules/V6ak.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- v6ak.com
+
+-->
+<ruleset name="V6ak.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="v6ak.com" />
+	<target host="www.v6ak.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^v6ak\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/VARCentral.com.au.xml b/src/chrome/content/rules/VARCentral.com.au.xml
new file mode 100644
index 000000000000..8eb12a10df02
--- /dev/null
+++ b/src/chrome/content/rules/VARCentral.com.au.xml
@@ -0,0 +1,16 @@
+<!--
+	For other Infinet coverage, see Infinet.com.au.xml.
+
+
+	(www.):	expired 2013-05-06
+
+
+-->
+<ruleset name="VARCentral.com.au (partial)">
+
+	<target host="origin.varcentral.com.au" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/VA_Loan_Captain.xml b/src/chrome/content/rules/VA_Loan_Captain.xml
index 0e70286eab16..6e794fef4081 100644
--- a/src/chrome/content/rules/VA_Loan_Captain.xml
+++ b/src/chrome/content/rules/VA_Loan_Captain.xml
@@ -7,13 +7,12 @@
 <ruleset name="VA Loan Captain">
 
 	<target host="valoancaptain.com" />
-	<target host="*.valoancaptain.com" />
+	<target host="www.valoancaptain.com" />
 
 
 	<securecookie host="^\.(?:www\.)?valoancaptain\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?valoancaptain\.com/"
-		to="https://$1valoancaptain.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/VBG.de.xml b/src/chrome/content/rules/VBG.de.xml
new file mode 100644
index 000000000000..f1adb048890c
--- /dev/null
+++ b/src/chrome/content/rules/VBG.de.xml
@@ -0,0 +1,11 @@
+<ruleset name="VBG.de">
+  <target host=    "vbg.de"/>
+  <target host="www.vbg.de"/>
+
+  <securecookie host="^www\.vbg\.de$" name=".+" />
+
+  <rule from="^http://vbg\.de/"
+          to="https://www.vbg.de/"/>
+  <rule from="^http:"
+	  to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/VBSEO.xml b/src/chrome/content/rules/VBSEO.xml
index fd7ae3353d15..13fff2e23368 100644
--- a/src/chrome/content/rules/VBSEO.xml
+++ b/src/chrome/content/rules/VBSEO.xml
@@ -20,4 +20,4 @@
 	<rule from="^http://(?:cdn\.|(www\.))?vbseo\.com/"
 		to="https://$1vbseo.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/VB_static.co.xml b/src/chrome/content/rules/VB_static.co.xml
new file mode 100644
index 000000000000..9b8eeaed6f8e
--- /dev/null
+++ b/src/chrome/content/rules/VB_static.co.xml
@@ -0,0 +1,23 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://curate.vbstatic.co/ => https://curate.vbstatic.co/: (60, 'SSL certificate problem: certificate has expired')
+
+	For other VentureBeat coverage, see VentureBeat.xml.
+
+
+	www.vbstatic.co doesn't exist.
+
+-->
+<ruleset name="VB static.co" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="vbstatic.co" />
+	<target host="curate.vbstatic.co" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/VBulletin.xml b/src/chrome/content/rules/VBulletin.xml
index af758f98063b..1ed56cd29287 100644
--- a/src/chrome/content/rules/VBulletin.xml
+++ b/src/chrome/content/rules/VBulletin.xml
@@ -1,13 +1,14 @@
 <ruleset name="vBulletin">
 
 	<target host="vbulletin.com" />
-	<target host="*.vbulletin.com" />
+	<target host="files.vbulletin.com" />
+	<target host="members.vbulletin.com" />
+	<target host="www.vbulletin.com" />
 
 
-	<securecookie host="^(?:.*\.)?vbulletin\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(files\.|members\.|www\.)?vbulletin\.com/"
-		to="https://$1vbulletin.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/VC-Server.xml b/src/chrome/content/rules/VC-Server.xml
new file mode 100644
index 000000000000..d821d4058ca8
--- /dev/null
+++ b/src/chrome/content/rules/VC-Server.xml
@@ -0,0 +1,21 @@
+<!--
+	Problematic domains:
+
+	Expired certificates:
+		- vc-kundenservice.de
+		- www.vc-kundenservice.de
+-->
+
+<ruleset name="VC-Server">
+	<target host="vc-server.de" />
+	<target host="www.vc-server.de" />
+	<target host="vpsmanager.vc-server.de" />
+
+	<target host="vc-kundencenter.de" />
+	<target host="www.vc-kundencenter.de" />
+
+	<securecookie host="^(?:(?:www|vpsmanager)\.)?vc-server\.de$" name=".+" />
+	<securecookie host="^(?:www\.)?vc-kundencenter\.de$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/VCAB.com.xml b/src/chrome/content/rules/VCAB.com.xml
new file mode 100644
index 000000000000..9dadf63f34fb
--- /dev/null
+++ b/src/chrome/content/rules/VCAB.com.xml
@@ -0,0 +1,21 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://secure.vcab.com/ => https://secure.vcab.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	Problematic subdomains:
+
+		- (www.) *
+		- vms *
+
+	* Works; mismatched, CN: secure.vcab.com
+
+-->
+<ruleset name="VCAB.com (partial)" default_off="failed ruleset test">
+
+	<target host="secure.vcab.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/VCD.org.xml b/src/chrome/content/rules/VCD.org.xml
new file mode 100644
index 000000000000..29676b5d52f0
--- /dev/null
+++ b/src/chrome/content/rules/VCD.org.xml
@@ -0,0 +1,44 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://bildungsservice.vcd.org/ => https://bildungsservice.vcd.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+  Problematic subdomains:
+
+    - cleanair-europe.org
+    - www.cleanair-europe.org
+    - lastenrad.vcd.org ¹
+    - www.lastenrad.vcd.org ²
+    - www.portal.vcd.org ²
+
+  ¹: Redirects to www.vcd.org
+  ²: Mismatch
+-->
+<ruleset name="VCD.org" default_off="failed ruleset test">
+  <target host=                   "vcd.org" />
+  <target host=               "www.vcd.org" />
+  <target host=            "60plus.vcd.org" />
+  <target host=        "www.60plus.vcd.org" />
+  <target host=      "aktivenforum.vcd.org" />
+  <target host=   "bildungsservice.vcd.org" />
+  <target host=                "bw.vcd.org" />
+  <target host=       "develop2050.vcd.org" />
+  <target host= "fahrradfoerderung.vcd.org" />
+  <target host=    "mobilitaet2050.vcd.org" />
+  <target host="www.mobilitaet2050.vcd.org" />
+  <target host=               "nrw.vcd.org" />
+  <target host=            "portal.vcd.org" />
+  <target host=              "shop.vcd.org" />
+  <target host=    "stadtvonmorgen.vcd.org" />
+  <target host=           "tempo30.vcd.org" />
+
+  <securecookie host="^www\.vcd\.org$" name=".+" />
+  <securecookie host="^mobilitaet2050\.vcd\.org" name=".+" />
+
+  <rule from="^http://www\.60plus\.vcd\.org/"
+	  to="https://60plus.vcd.org/" />
+  <rule from="^http://www\.mobilitaet2050\.vcd\.org/"
+          to="https://mobilitaet2050.vcd.org/" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/VCE.com.xml b/src/chrome/content/rules/VCE.com.xml
index 5ac16de6badb..7b65aa0ee2be 100644
--- a/src/chrome/content/rules/VCE.com.xml
+++ b/src/chrome/content/rules/VCE.com.xml
@@ -24,4 +24,4 @@
 	<rule from="^http://support\.vce\.com/"
 		to="https://vce.secure.force.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/VClock.com.xml b/src/chrome/content/rules/VClock.com.xml
new file mode 100644
index 000000000000..e822547af189
--- /dev/null
+++ b/src/chrome/content/rules/VClock.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="VClock.com">
+	<target host="vclock.com" />
+	<target host="www.vclock.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/VDI-Wissensforum.de.xml b/src/chrome/content/rules/VDI-Wissensforum.de.xml
new file mode 100644
index 000000000000..ce6cf8991b52
--- /dev/null
+++ b/src/chrome/content/rules/VDI-Wissensforum.de.xml
@@ -0,0 +1,23 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- www.vdi-wissensforum.de
+
+-->
+<ruleset name="VDI-Wissensforum.de">
+
+	<target host="vdi-wissensforum.de" />
+	<target host="www.vdi-wissensforum.de" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.vdi-wissensforum\.de$" name="^(?:VDI_EL_MARKT|VDI_EL_UNTERMARKT|abtest|fe_typo_user)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/VDQ_Bulbs.com.au.xml b/src/chrome/content/rules/VDQ_Bulbs.com.au.xml
new file mode 100644
index 000000000000..c35133fd4d5c
--- /dev/null
+++ b/src/chrome/content/rules/VDQ_Bulbs.com.au.xml
@@ -0,0 +1,12 @@
+<ruleset name="VDQ Bulbs.com">
+
+	<target host="vdqbulbs.com.au" />
+	<target host="www.vdqbulbs.com.au" />
+
+
+	<securecookie host="^(?:w*\.)?vdqbulbs\.com\.au$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/VDV.de.xml b/src/chrome/content/rules/VDV.de.xml
new file mode 100644
index 000000000000..13306b56fb2f
--- /dev/null
+++ b/src/chrome/content/rules/VDV.de.xml
@@ -0,0 +1,47 @@
+<!--
+	Problematic hosts in *vdv.de:
+
+		- ^ ¹
+		- mitglieder ² ³
+
+	¹ Handshake fails
+	² Mismatched
+	³ Self-signed
+
+
+	Insecure cookies are set for these hosts:
+
+		- crm.vdv.de
+		- mitglieder.vdv.de
+		- www.vdv.de
+
+-->
+<ruleset name="VDV.de (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="crm.vdv.de" />
+	<target host="dms.vdv.de" />
+	<target host="www.vdv.de" />
+
+	<!--	Complications:
+				-->
+	<target host="vdv.de" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^crm\.vdv\.de$" name="^eVEWA2$" /-->
+	<!--securecookie host="^mitglieder\.vdv\.de$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^www\.vdv\.de$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://vdv\.de/"
+		to="https://www.vdv.de/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/VDownloader.xml b/src/chrome/content/rules/VDownloader.xml
index c4fd5ae18162..b2d5facbf55f 100644
--- a/src/chrome/content/rules/VDownloader.xml
+++ b/src/chrome/content/rules/VDownloader.xml
@@ -1,17 +1,17 @@
+<!--
+	Invalid certificate:
+		vdownloader.es
+		www.vdownloader.es
+		mail.vdownloader.es
+
+-->
 <ruleset name="VDownloader">
 
-	<target host="vdownloader.com" />
-	<!--	* for cross-domain cookie.	-->
-	<target host="*.vdownloader.com" />
 	<target host="vdownloader.es" />
-	<target host="www.vdownloader.com" />
-
-
-	<securecookie host="^\.?vdownloader\.com$" name=".*" />
-
+	<target host="www.vdownloader.es" />
 
 	<!--	es redirects to com	-->
-	<rule from="^http://(www\.)?vdownloader\.(?:com|es)/"
-		to="https://$1vdownloader.com/" />
+	<rule from="^http://(www\.)?vdownloader\.es/"
+		to="https://vdownloader.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/VE7SCC.org.xml b/src/chrome/content/rules/VE7SCC.org.xml
new file mode 100644
index 000000000000..918005765d36
--- /dev/null
+++ b/src/chrome/content/rules/VE7SCC.org.xml
@@ -0,0 +1,18 @@
+<!--
+	Timeout:
+		- club.ve7scc.org
+
+	SSL error:
+		- forum.ve7scc.org
+		- new.ve7scc.org
+
+	Refused:
+		- members.ve7scc.org
+		- members2.ve7scc.org
+-->
+<ruleset name="VE7SCC.org">
+	<target host="ve7scc.org" />
+	<target host="www.ve7scc.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/VEGAS_INC.xml b/src/chrome/content/rules/VEGAS_INC.xml
deleted file mode 100644
index 2fe8a9cacb20..000000000000
--- a/src/chrome/content/rules/VEGAS_INC.xml
+++ /dev/null
@@ -1,26 +0,0 @@
-<!--
-	Problematic subdomains:
-
-		- (www.) *
-		- asset *
-		- media *
-		- photo *
-
-	* Mismatch, CN: 138.210.151.149
-
--->
-<ruleset name="VEGAS INC" default_off="expired, mismatched, self-signed">
-
-	<target host="vegasinc.com" />
-	<target host="*.vegasinc.com" />
-
-
-	<rule from="^https?://(?:www\.)?vegasinc\.com/"
-		to="https://www.vegasinc.com/" />
-
-	<!--	All appear the same.
-					-->
-	<rule from="^https?://(?:asset|media|photo)\.vegasinc\.com/"
-		to="https://asset.vegasinc.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/VEVO.xml b/src/chrome/content/rules/VEVO.xml
index a0b538c0a194..195b255a901d 100644
--- a/src/chrome/content/rules/VEVO.xml
+++ b/src/chrome/content/rules/VEVO.xml
@@ -1,16 +1,44 @@
-<ruleset name="VEVO">
+<!--
+	Nonfunctional hosts in *vevo.com:
 
-	<target host="vevo.com" />
-	<target host="*.vevo.com" />
-	<target host="img.cache.vevo.com" />
+		- comingsoon *
+
+	* Refused
+
+	Problematic hosts in *vevo.com:
+
+		- cache ¹
+		- go ²
+		- img.cache ¹
 
+	¹ Mismatched, CN: a248.e.akamai.net
+	² Mismatched, CN: *.awe.sm
 
-	<rule from="^https?://(?:www\.)?vevo\.com/"
-		to="https://www.vevo.com/" />
+	Problematic hosts in *vevocdn.com:
+
+		- aws-cache *
+
+	* Mismatched, CN: *.vevo.com
+-->
+<ruleset name="VEVO">
+	<target host="vevo.com" />
+	<target host="apiv2.vevo.com" />
+	<target host="aws-cache.vevo.com" />
+	<target host="blog.vevo.com" />
+	<target host="cache.vevo.com" />
+	<target host="img.cache.vevo.com" />
+	<target host="h264-aws.vevo.com" />
+	<target host="m.vevo.com" />
+	<target host="o.vevo.com" />
+	<target host="s.vevo.com" />
+	<target host="scache.vevo.com" />
+	<target host="www.vevo.com" />
+	<target host="aws-cache.vevocdn.com" />
+		<test url="http://aws-cache.vevocdn.com/assets/images/57598f48-11cc-47c0-9496-0c3c0a0b0d7b.png?width=281&amp;height=159&amp;resize=fill" />
+	<test url="http://scache.vevo.com/Content/VevoImages/artist/62AE5CCE473B998AFD2DB55B659E23E32013167114452900.jpg?width=98&amp;height=98&amp;resize=round" />
 
-	<!--	cache, img.cache: Akamai
-					-->
-	<rule from="^https?://(?:img\.|s)?cache\.vevo\.com/"
+	<rule from="^http://cache\.vevo\.com/"
 		to="https://scache.vevo.com/" />
 
+	<rule from="^http:"	to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/VFEmail.net.xml b/src/chrome/content/rules/VFEmail.net.xml
index 5edd0e675252..8327baf38b9a 100644
--- a/src/chrome/content/rules/VFEmail.net.xml
+++ b/src/chrome/content/rules/VFEmail.net.xml
@@ -4,7 +4,15 @@
 	<target host="www.vfemail.net" />
 
 
-	<rule from="^http://(www\.)?vfemail\.net/"
-		to="https://$1vfemail.net/" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^vfemail\.net$" name="^(\w{8}|WebMailID|WebMailRegID|tom_lang)$" /-->
+	<!--securecookie host="^\.vfemail\.net$" name="^VFEloginpage$" /-->
+	<!--securecookie host="^\.www\.vfemail\.net$" name="^(HordeGW|auth_key|default_imp_view|imp_key)$" /-->
 
-</ruleset>
\ No newline at end of file
+	<securecookie host="^(?:\.|\.www\.)?vfemail\.net$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/VG-WORT.xml b/src/chrome/content/rules/VG-WORT.xml
index b26456163608..0c20afc0c6cb 100644
--- a/src/chrome/content/rules/VG-WORT.xml
+++ b/src/chrome/content/rules/VG-WORT.xml
@@ -1,19 +1,27 @@
 <!--
-	Nonfunctional domains:
-
-		- \w+.met.vgwort.de	(tracking cookies; unique domain for each client)
+	\w+.met.vgwort.de: Bugs (refused)
 
 -->
-<ruleset name="VG WORT (partial)">
+<ruleset name="VG WORT.de">
 
 	<target host="vgwort.de" />
-	<target host="*.vgwort.de" />
+	<target host="*.met.vgwort.de" />
+	<target host="schulbuchportal.vgwort.de" />
+	<target host="tom.vgwort.de" />
+	<target host="www.vgwort.de" />
+
 
+	<securecookie host=".+" name=".+" />
 
-	<securecookie host="^(?:.*\.)?vgwort\.de$" name=".+" />
 
+	<rule from="^http://vg\d\d\.met\.vgwort\.de/"
+		to="https://ssl-vg03.met.vgwort.de/" />
 
-	<rule from="^http://(schulbuchportal\.|tom\.|www\.)?vgwort\.de/"
+		<test url="http://vg08.met.vgwort.de/blank.gif" />
+
+	<rule from="^http://((?:ssl-vg\d\d\.met|schulbuchportal|tom|www)\.)?vgwort\.de/"
 		to="https://$1vgwort.de/" />
 
+		<test url="http://ssl-vg03.met.vgwort.de/blank.gif" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/VG.no.xml b/src/chrome/content/rules/VG.no.xml
index c7c8c561c4ad..199e0d859c05 100644
--- a/src/chrome/content/rules/VG.no.xml
+++ b/src/chrome/content/rules/VG.no.xml
@@ -1,17 +1,36 @@
-<ruleset name="VG.no" platform="mixedcontent">
-	<target host="vg.no" />
-	<target host="www.vg.no" />
+<!--
+	Redirect:
+		- (www.)vg.no
+		- (www.)vgtv.no
+
+	Refused:
+		- direkte.vg.no
+-->
+<ruleset name="VG.no">
 	<target host="static.vg.no" />
 	<target host="static01.vg.no" />
 	<target host="static02.vg.no" />
 	<target host="static03.vg.no" />
 	<target host="static04.vg.no" />
-	<rule from="^http://www\.vg\.no/" to="https://www.vg.no/"/>
-	<rule from="^http://vg\.no/" to="https://vg.no/"/>
-	<rule from="^http://static\.vg\.no/" to="https://static.vg.no/"/>
-	<rule from="^http://static01\.vg\.no/" to="https://static01.vg.no/"/>
-	<rule from="^http://static02\.vg\.no/" to="https://static02.vg.no/"/>
-	<rule from="^http://static03\.vg\.no/" to="https://static03.vg.no/"/>
-	<rule from="^http://static04\.vg\.no/" to="https://static04.vg.no/"/>
-</ruleset>
+	<target host="touch.vg.no" />
+	<target host="vgc.no" />
+	<target host="0.vgc.no" />
+	<target host="1.vgc.no" />
+	<target host="2.vgc.no" />
+	<target host="3.vgc.no" />
+	<target host="4.vgc.no" />
+	<target host="5.vgc.no" />
+	<target host="6.vgc.no" />
+	<target host="7.vgc.no" />
+	<target host="8.vgc.no" />
+	<target host="9.vgc.no" />
+	<target host="10.vgc.no" />
+	<target host="api.vgc.no" />
+	<target host="cdn.vgc.no" />
+	<target host="imbo.vgc.no" />
+	<target host="svp.vgc.no" />
+	<target host="imbo.vgtv.no" />
 
+	<rule from="^http:"
+		to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/VHLCentral.xml b/src/chrome/content/rules/VHLCentral.xml
new file mode 100644
index 000000000000..e167043b821e
--- /dev/null
+++ b/src/chrome/content/rules/VHLCentral.xml
@@ -0,0 +1,13 @@
+<!--
+	VHLCentral
+
+-->
+<ruleset name="VHL Central">
+
+	<target host="www.vhlcentral.com" />
+	<target host="m3a.vhlcentral.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/VIAF.org.xml b/src/chrome/content/rules/VIAF.org.xml
new file mode 100644
index 000000000000..4b134b123bc9
--- /dev/null
+++ b/src/chrome/content/rules/VIAF.org.xml
@@ -0,0 +1,22 @@
+<!--
+	^viaf.org: Mismatched
+
+-->
+<ruleset name="VIAF.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="viaf.org" />
+
+	<!--	Complications:
+				-->
+	<target host="www.viaf.org" />
+
+
+	<rule from="^http://www\.viaf\.org/"
+		to="https://viaf.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/VIM-Adventures.com.xml b/src/chrome/content/rules/VIM-Adventures.com.xml
new file mode 100644
index 000000000000..407aa6ded6bf
--- /dev/null
+++ b/src/chrome/content/rules/VIM-Adventures.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="VIM-Adventures.com">
+	<target host="vim-adventures.com" />
+	<target host="www.vim-adventures.com" />
+	<target host="beta.vim-adventures.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/VIOFO.com.xml b/src/chrome/content/rules/VIOFO.com.xml
new file mode 100644
index 000000000000..76f55bcfa07a
--- /dev/null
+++ b/src/chrome/content/rules/VIOFO.com.xml
@@ -0,0 +1,11 @@
+<ruleset name="VIOFO.com">
+
+	<target host="viofo.com" />
+	<target host="www.viofo.com" />
+	<target host="support.viofo.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/VIPLeague.cc.xml b/src/chrome/content/rules/VIPLeague.cc.xml
new file mode 100644
index 000000000000..3b6c6a402bfc
--- /dev/null
+++ b/src/chrome/content/rules/VIPLeague.cc.xml
@@ -0,0 +1,14 @@
+<ruleset name="VIPLeague.cc">
+	<target host="vipleague.cc" />
+	<target host="www.vipleague.cc" />
+	<target host="ar.vipleague.cc" />
+	<target host="de.vipleague.cc" />
+	<target host="es.vipleague.cc" />
+	<target host="fr.vipleague.cc" />
+	<target host="it.vipleague.cc" />
+	<target host="ja.vipleague.cc" />
+	<target host="nl.vipleague.cc" />
+	<target host="pt.vipleague.cc" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/VIPserv.org.xml b/src/chrome/content/rules/VIPserv.org.xml
index d490a2e915ef..0617637d5309 100644
--- a/src/chrome/content/rules/VIPserv.org.xml
+++ b/src/chrome/content/rules/VIPserv.org.xml
@@ -22,7 +22,7 @@
 		- Clients have unique x14 subdomains
 		- Those subdomains 404 over https
 				-->
-	<rule from="^https?://x14\.eu/"
+	<rule from="^http://x14\.eu/"
 		to="https://vipserv.org/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/VIRURL.xml b/src/chrome/content/rules/VIRURL.xml
index b9e2320655c5..62b91909c0b0 100644
--- a/src/chrome/content/rules/VIRURL.xml
+++ b/src/chrome/content/rules/VIRURL.xml
@@ -1,4 +1,14 @@
-<ruleset name="VIRURL">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://spn.sr/ => https://spn.sr/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://virurl.com/ => https://virurl.com/: (7, 'Failed to connect to virurl.com port 443: Connection refused')
+Fetch error: http://www.virurl.com/ => https://www.virurl.com/: (6, 'Could not resolve host: www.virurl.com')
+
+Automatically by https-everywhere-checker because:
+Fetch error: http://spn.sr/ => https://spn.sr/: (6, 'Could not resolve host: revv.nu')
+-->
+<ruleset name="VIRURL" default_off="failed ruleset test">
 
 	<target host="spn.sr" />
 	<target host="virurl.com" />
@@ -9,10 +19,6 @@
 	<securecookie host="^(?:www\.)?virurl\.com$" name=".+" />
 
 
-	<rule from="^http://spn\.sr/"
-		to="https://spn.sr/" />
-
-	<rule from="^http://(www\.)?virurl\.com/"
-		to="https://$1virurl.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/VIVE.com.xml b/src/chrome/content/rules/VIVE.com.xml
new file mode 100644
index 000000000000..621cd4c84796
--- /dev/null
+++ b/src/chrome/content/rules/VIVE.com.xml
@@ -0,0 +1,42 @@
+<!--
+	Invalid certificate:
+		- image.email.vive.com
+		- locator.vive.com, equivalent to htcvive.zenlocator.com
+		- sl.vive.com
+
+	Timed out:
+		- pages.email.vive.com
+-->
+
+<ruleset name="VIVE.com">
+	<target host="vive.com" />
+	<target host="www.vive.com" />
+	<target host="store.ap.vive.com" />
+	<target host="arts.vive.com" />
+	<target host="blog.vive.com" />
+	<target host="booking.vive.com" />
+	<target host="community.vive.com" />
+	<target host="customer-api.vive.com" />
+	<target host="developer.vive.com" />
+	<target host="discover.vive.com" />
+	<target host="dl.vive.com" />
+	<target host="enterprise.vive.com" />
+	<target host="store.eu.vive.com" />
+	<target host="hub.vive.com" />
+	<target host="lab.vive.com" />
+	<target host="link.vive.com" />
+	<target host="locator.vive.com" />
+	<target host="stage-hub.vive.com" />
+	<target host="stage-store.vive.com" />
+	<target host="stage-web.vive.com" />
+	<target host="store.vive.com" />
+	<target host="summit.vive.com" />
+	<target host="store.us.vive.com" />
+	<target host="vivex.vive.com" />
+	<target host="vr-hwdl.vive.com" />
+
+	<rule from="^http://locator\.vive\.com/"
+		to="https://htcvive.zenlocator.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/VK-old.xml b/src/chrome/content/rules/VK-old.xml
deleted file mode 100644
index 5aea5947dbc6..000000000000
--- a/src/chrome/content/rules/VK-old.xml
+++ /dev/null
@@ -1,37 +0,0 @@
-<!--
-	Nonfunctional:
-
-		- cs\d*.userapi.com
-
--->
-<ruleset name="VK (partial, old)" default_off="possibly superseded">
-
-	<target host="userapi.com" />
-	<target host="*.userapi.com" />
-	<target host="vk.com" />
-	<target host="*.vk.com" />
-	<target host="vkontakte.ru" />
-	<target host="www.vkontakte.ru" />
-
-
-	<securecookie host="^.*\.vk\.com$" name=".*" />
-
-
-	<rule from="^http://p(p|s)\.userapi\.com/"
-		to="https://p$1.userapi.com/" />
-
-	<!--	Cert doesn't match userapi	-->
-	<rule from="^http://st0\.userapi\.com/"
-		to="https://vk.com/" />
-
-	<!--	Cert: *.vk.com	-->
-	<rule from="^https?://(?:www\.)?userapi\.com/"
-		to="https://vk.com/" />
-
-	<rule from="^http://((?:login|m|www)\.)?vk\.com/"
-		to="https://$1vk.com/" />
-
-	<rule from="^http://(www\.)?vkontakte\.ru/"
-		to="https://$1vkontakte.ru/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/VK.me.xml b/src/chrome/content/rules/VK.me.xml
new file mode 100644
index 000000000000..63a88ff27280
--- /dev/null
+++ b/src/chrome/content/rules/VK.me.xml
@@ -0,0 +1,18 @@
+<!--
+	For other VK coverage, see VK.xml.
+
+-->
+<ruleset name="VK.me" default_off="mismatched">
+
+	<target host="vk.me" />
+	<target host="*.vk.me" />
+
+		<exclusion pattern="^http://cs\w*\.vk.me/" />
+
+			<test url="http://cs610727.vk.me/u93277543/docs/7c23c60c93ed/Advent-kalendar2.pdf?extra=3IV8CSvwKl4eQ0KtoheGkCZKvPEexkFttGiBWQ6rnSmyIIPPLYhD6laDYDI1c0qEi0ACKCkBGIzy8OrHET7ptnTLwAvnaUI" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/VK.se.xml b/src/chrome/content/rules/VK.se.xml
index b77bd740b434..bee3ab532a6c 100644
--- a/src/chrome/content/rules/VK.se.xml
+++ b/src/chrome/content/rules/VK.se.xml
@@ -27,16 +27,16 @@
 -->
 <ruleset name="VK.se (partial)">
 
-	<target host="*.vk.se" />
+	<target host="etidning.vk.se" />
+	<target host="sifomedia.vk.se" />
 
 
 	<securecookie host="^etidning\.vk\.se$" name=".+" />
 
 
-	<rule from="^http://etidning\.vk\.se/"
-		to="https://etidning.vk.se/" />
 
 	<rule from="^http://sifomedia\.vk\.se/"
 		to="https://oasc07.247realmedia.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/VK.xml b/src/chrome/content/rules/VK.xml
index 1f909fc27b4f..447fd8fbfc02 100644
--- a/src/chrome/content/rules/VK.xml
+++ b/src/chrome/content/rules/VK.xml
@@ -1,23 +1,28 @@
-<ruleset name="VK (experimental new rule)">
+<!--
+	Other VK rulesets:
 
-	<target host="vk.com" />
-	<target host="*.vk.com" />
-	<target host="vk.me" />
-	<target host="*.vk.me" />
-	<target host="vkontakte.ru" />
-	<target host="www.vkontakte.ru" />
-
-        <exclusion pattern="^http://cs(\w*\.)vk.me/" />
+		- userapi.com.xml
+		- VK.me.xml
+		- VKontakte.ru.xml
 
-	<securecookie host="^.*\.vk\.com$" name=".*" />
+	Self-signed:
+		- pp.vk.com
+-->
+<ruleset name="VK.com">
 
-	<rule from="^http://([\w+\-\.]+\.)?vk\.me/"
-		to="https://$1vk.me/" />
+	<target host="vk.com" />
+	<target host="away.vk.com" />
+	<target host="login.vk.com" />
+	<target host="m.vk.com" />
+	<target host="www.vk.com" />
 
-	<rule from="^http://((?:login|m|www)\.)?vk\.com/"
-		to="https://$1vk.com/" />
+	<!--
+		securecookie rule breaks external links without securing away.vk.com:
+		https://github.com/EFForg/https-everywhere/issues/9576
+	-->
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://([\w+\-\.]+\.)?vkontakte\.ru/"
-		to="https://$1vk.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/VKontakte.ru.xml b/src/chrome/content/rules/VKontakte.ru.xml
new file mode 100644
index 000000000000..4ebf0a96c9b8
--- /dev/null
+++ b/src/chrome/content/rules/VKontakte.ru.xml
@@ -0,0 +1,14 @@
+<!--
+	For other VK coverage, see VK.xml.
+
+-->
+<ruleset name="VKontakte.ru">
+
+	<target host="vkontakte.ru" />
+	<target host="www.vkontakte.ru" />
+
+
+	<rule from="^http://(www\.)?vkontakte\.ru/"
+		to="https://$1vk.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/VLC-addons.org.xml b/src/chrome/content/rules/VLC-addons.org.xml
new file mode 100644
index 000000000000..eb76e6ee7984
--- /dev/null
+++ b/src/chrome/content/rules/VLC-addons.org.xml
@@ -0,0 +1,12 @@
+<!--
+	For other openDesktop rules, see openDesktop.org.xml
+
+-->
+<ruleset name="VLC-addons.org">
+
+	<target host="vlc-addons.org" />
+	<target host="www.vlc-addons.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/VMware.xml b/src/chrome/content/rules/VMware.xml
index 8bc85682fe30..b75777aa0538 100644
--- a/src/chrome/content/rules/VMware.xml
+++ b/src/chrome/content/rules/VMware.xml
@@ -1,40 +1,137 @@
 <!--
-	s3.amazonaws.com/vmware-partnerpedia-production/product/NNNN/
+	Other VMware rulesets:
+
+
+
+	CDN buckets:
+
+		- s3.amazonaws.com/vmware-partnerpedia-production/product/NNNN/
+		- kb.vmware.com.edgesuite.net
+
+
+	Nonfunctional hosts:
+
+		- ir ¹
+		- link.delivery ³
+		- nlblogs ³
+		- partnerlocator ⁴
+		- vcloud ⁵
+
+	¹ Shareholder
+	² 503, akamai
+	³ Refused
+	⁴ Salesforce
+	⁵ 504, Akamai
+
+
+	Problematic hosts:
+
+		- ^ ¹
+		- info ²
+		- learn ³
+		- store ⁴
+
+	¹ Refused
+	² Eloqua
+	³ Mismatch
+	⁴ Digital River
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .vmware.com
+		- developercenter.vmware.com
+		- blogs.vmware.com
+		- .info.vmware.com
+		- my.vmware.com
+		- mylearn.vmware.com
+		- store.vmware.com
+		- www.vmware.com
+
+
+	Mixed content:
+
+		- css on info from www.vmware.com *
+		- Images on blogs from download3.vmware.com *
+		- favicon on info from www.vmware.com *
+
+		- Bugs, on:
+
+			- blogs from leads.demandbase.com *
+			- blogs from www.demandbase.com *
+			- blogs from www.facebook.com *
+
+	* Secured by us
 
 -->
-<ruleset name="VMware (partial)" platform="mixedcontent">
+<ruleset name="VMware.com (partial)">
 
 	<target host="vmware.com" />
 	<target host="*.vmware.com" />
-		<!--	communities: Akamai; "An error occurred"
-			info is handled in Eloqua-clients.xml.
-			kb times out.	-->
-		<exclusion pattern="^http://(communities|forum|info|kb)\." />
+
+		<exclusion pattern="^http://(?:forum|info|ir|learn|link.delivery|nlblogs|partnerlocator|vcloud)\.vmware\.com/" />
+
+			<test url="http://forum.vmware.com/" />
+			<test url="http://info.vmware.com/" />
+			<test url="http://ir.vmware.com/" />
+			<test url="http://learn.vmware.com/" />
+			<test url="http://link.delivery.vmware.com/" />
+			<test url="http://nlblogs.vmware.com/" />
+			<test url="http://partnerlocator.vmware.com/" />
+			<test url="http://vcloud.vmware.com/" />
+
+		<exclusion pattern="^http://store\.vmware\.com/(?!DRHM/Storefront/Site/|favicon\.ico|promo/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://store.vmware.com/store/vmware/home" />
+			<test url="http://store.vmware.com/store/vmware/en_US/html/pbPage.affiliateprogram" />
+			<test url="http://store.vmware.com/store/vmware/en_US/html/pbPage.howtobuy" />
+			<test url="http://store.vmware.com/store/vmware/en_US/html/pbPage.newfaq" />
+
+			<!--	-ve:
+					-->
+			<test url="http://store.vmware.com/favicon.ico" />
+
+		<test url="http://campaign.vmware.com/" />
+		<test url="http://communities.vmware.com/" />
+		<test url="http://download3.vmware.com/" />
+		<test url="http://downloads.vmware.com/" />
+		<test url="http://my.vmware.com/" />
+		<test url="http://mylearn.vmware.com/" />
+		<test url="http://solutionexchange.vmware.com/" />
+		<test url="http://store.vmware.com/" />
+		<test url="http://www.vmware.com/" />
 
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.vmware\.com$" name="^(JSESSIONID|dtCookie)$" /-->
+	<!--securecookie host="^developercenter\.vmware\.com$" name="^vdc-cookie$" /-->
+	<!--securecookie host="^blogs\.vmware\.com$" name="^blogs-prod-cookie2$" /-->
+	<!--securecookie host="^\.info\.vmware\.com$" name="^ELOQUA$" /-->
+	<!--securecookie host="^my\.vmware\.com$" name="^(COOKIE_SUPPORT|GUEST_LANGUAGE_ID|ObFormLoginCookie|myvmware-www)$" /-->
+	<!--securecookie host="^mylearn\.vmware\.com$" name="^(CFID|CFTOKEN|PORTAL_ALIAS|REGUI|cookie-myln|TS\d+)$" /-->
+	<!--securecookie host="^(mylearn|store)\.vmware\.com$" name="^BIGipServer[\w-]+$" /-->
+	<!--securecookie host="^www\.vmware\.com$" name="^myvmware-wwwa-prod$" /-->
+
 	<!--	Observed cookie domains:
 
-			- /
-			- ^.
 			- ^campaign
 			- ^downloads
-			- ^my
 			- ^solutionexchange
-			- ^www
 					-->
-	<securecookie host="^(.*\.)?vmware\.com$" name=".*" />
+	<securecookie host="^(?!store\.)(?:.*\.)?vmware\.com$" name=".+" />
 
 
-	<!--	Observed subdomains:
+	<!--	Redirect preserves path and args,
+		but not forward slash:
+					-->
+	<rule from="^http://vmware\.com/+"
+		to="https://www.vmware.com/" />
+
+			<test url="http://vmware.com//go/partnercentral" />
 
-			- campaign
-			- download3
-			- downloads
-			- my
-			- solutionexchange
-			- www
-				-->
-	<rule from="^http://(\w+\.)?vmware\.com/"
-		to="https://$1vmware.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/VOA-Islam.com.xml b/src/chrome/content/rules/VOA-Islam.com.xml
new file mode 100644
index 000000000000..ff842ca966e5
--- /dev/null
+++ b/src/chrome/content/rules/VOA-Islam.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="VOA-Islam.com">
+	<target host="voa-islam.com" />
+	<target host="www.voa-islam.com" />
+	<target host="m.voa-islam.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/VOA_Chinese.com.xml b/src/chrome/content/rules/VOA_Chinese.com.xml
new file mode 100644
index 000000000000..d1d663521f84
--- /dev/null
+++ b/src/chrome/content/rules/VOA_Chinese.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="VOA_Chinese.com">
+	<target host="voachinese.com" />
+	<target host="m.voachinese.com" />
+	<target host="www.voachinese.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/VOICE-Daily-Deals.xml b/src/chrome/content/rules/VOICE-Daily-Deals.xml
index 13d4b30e1f5f..81060ccfe76d 100644
--- a/src/chrome/content/rules/VOICE-Daily-Deals.xml
+++ b/src/chrome/content/rules/VOICE-Daily-Deals.xml
@@ -1,14 +1,15 @@
-<ruleset name="VOICE Daily Deals">
+<ruleset name="VOICE Daily Deals.com">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="voicedailydeals.com" />
-	<!--	* for cross-domain cookie.	-->
-	<target host="*.voicedailydeals.com" />
+	<target host="www.voicedailydeals.com" />
 
 
-	<securecookie host="^.*\.voicedailydeals\.com$" name=".*" />
+	<securecookie host=".*\.voicedailydeals\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?voicedailydeals\.com/"
-		to="https://$1voicedailydeals.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/VPAC.org.xml b/src/chrome/content/rules/VPAC.org.xml
new file mode 100644
index 000000000000..9873fb553ead
--- /dev/null
+++ b/src/chrome/content/rules/VPAC.org.xml
@@ -0,0 +1,17 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://vpac.org/ => https://vpac.org/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.vpac.org/ => https://www.vpac.org/: (7, 'Failed to connect to www.vpac.org port 443: Connection refused')
+
+-->
+<ruleset name="VPAC.org" default_off="failed ruleset test">
+
+	<target host="vpac.org" />
+	<target host="www.vpac.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/VPL.ca.xml b/src/chrome/content/rules/VPL.ca.xml
new file mode 100644
index 000000000000..c305b5bbebc6
--- /dev/null
+++ b/src/chrome/content/rules/VPL.ca.xml
@@ -0,0 +1,27 @@
+<!--
+	Invalid certificate:
+		guides.vpl.ca
+		link.vpl.ca
+
+	Invalid response:
+		pwp.vpl.ca
+		www1.vpl.ca
+		www2.vpl.ca
+
+	Refused:
+		bccd.vpl.ca
+		help.vpl.ca (http and https both refused)
+		ipac.vpl.ca
+		ipac2.vpl.ca
+		thisvancouver.vpl.ca
+		www3.vpl.ca
+
+-->
+<ruleset name="Vancouver Public Library">
+	<target host="vpl.ca" />
+	<target host="www.vpl.ca" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/VPN-Service.us.xml b/src/chrome/content/rules/VPN-Service.us.xml
new file mode 100644
index 000000000000..9a37877e01e6
--- /dev/null
+++ b/src/chrome/content/rules/VPN-Service.us.xml
@@ -0,0 +1,13 @@
+<!--
+	Invalid Certificate:
+		ns1.vpn-service.us
+-->
+<ruleset name="VPN-Service.us">
+	<target host="vpn-service.us" />
+	<target host="www.vpn-service.us" />
+	<target host="mail.vpn-service.us" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/VPN4ALL.xml b/src/chrome/content/rules/VPN4ALL.xml
index 0fa9e03d114b..2c528f414310 100644
--- a/src/chrome/content/rules/VPN4ALL.xml
+++ b/src/chrome/content/rules/VPN4ALL.xml
@@ -1,10 +1,14 @@
-<ruleset name="VPN4ALL">
 
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://vpn4all.com/ => https://vpn4all.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.vpn4all.com/ => https://www.vpn4all.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+-->
+<ruleset name="VPN4ALL" default_off="failed ruleset test">
 	<target host="vpn4all.com" />
 	<target host="www.vpn4all.com" />
 
-
-	<rule from="^http://(?:www\.)?vpn4all\.com/"
-		to="https://www.vpn4all.com/" />
-
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/VPNCompare.co.uk.xml b/src/chrome/content/rules/VPNCompare.co.uk.xml
new file mode 100644
index 000000000000..91b5d5216f49
--- /dev/null
+++ b/src/chrome/content/rules/VPNCompare.co.uk.xml
@@ -0,0 +1,6 @@
+<ruleset name="VPNCompare.co.uk">
+	<target host="vpncompare.co.uk" />
+	<target host="www.vpncompare.co.uk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/VPNGate.net.xml b/src/chrome/content/rules/VPNGate.net.xml
new file mode 100644
index 000000000000..92286065cac8
--- /dev/null
+++ b/src/chrome/content/rules/VPNGate.net.xml
@@ -0,0 +1,39 @@
+<!--
+	Mismatched:
+		- vpngate.net
+		- list-server-tmp-2.vpngate.net
+
+	Self-signed:
+		- api.vpngate.net
+		- d.vpngate.net
+		- list-server-tmp-3.vpngate.net
+
+	Timeout:
+		- list-server-tmp-1.vpngate.net
+		- nsj.vpngate.net
+		- nsk.vpngate.net
+		- public-nat-a.vpngate.net
+		- public-nat-b.vpngate.net
+		- public-nat-broadcast.vpngate.net
+		- public-nat-c.vpngate.net
+		- public-nat-d.vpngate.net
+		- public-nat-e.vpngate.net
+		- public-nat-gw.vpngate.net
+		- public-nat-network.vpngate.net
+		- public-nat-z.vpngate.net
+		- public-proxy-a.vpngate.net
+		- public-proxy-b.vpngate.net
+		- public-proxy-c.vpngate.net
+		- public-proxy-d.vpngate.net
+
+	Refused:
+		- vgmail.vpngate.net
+-->
+<ruleset name="VPNGate.net">
+	<target host="vpngate.net" />
+	<target host="www.vpngate.net" />
+	<target host="forum.vpngate.net" />
+
+	<rule from="^http://vpngate\.net/" to="https://www.vpngate.net/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/VPNGlobe.com.xml b/src/chrome/content/rules/VPNGlobe.com.xml
new file mode 100644
index 000000000000..9bfc7f312bd0
--- /dev/null
+++ b/src/chrome/content/rules/VPNGlobe.com.xml
@@ -0,0 +1,19 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://my.vpnglobe.com/ => https://my.vpnglobe.com/: Too many redirects while fetching 'https://my.vpnglobe.com/'
+
+-->
+<ruleset name="VPNGlobe.com" default_off="failed ruleset test">
+
+	<target host="vpnglobe.com" />
+	<target host="my.vpnglobe.com" />
+	<target host="www.vpnglobe.com" />
+
+
+	<securecookie host="^(?:my)?\.vpnglobe\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/VPNOverDNS.com.xml b/src/chrome/content/rules/VPNOverDNS.com.xml
new file mode 100644
index 000000000000..3109fac5ba0a
--- /dev/null
+++ b/src/chrome/content/rules/VPNOverDNS.com.xml
@@ -0,0 +1,11 @@
+<!--
+	Invalid certificate:
+		- ns1.vpnoverdns.com
+-->
+
+<ruleset name="VPNOverDNS.com">
+	<target host="vpnoverdns.com" />
+	<target host="www.vpnoverdns.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/VPNReactor.xml b/src/chrome/content/rules/VPNReactor.xml
index dd3eda25dd6d..7e25bdb557e6 100644
--- a/src/chrome/content/rules/VPNReactor.xml
+++ b/src/chrome/content/rules/VPNReactor.xml
@@ -1,11 +1,11 @@
 <ruleset name="VPNReactor.com">
 
-	<target host="vpnreactor.com"/>
-	<target host="*.vpnreactor.com"/>
+	<target host="vpnreactor.com" />
+	<target host="members.vpnreactor.com" />
+	<target host="www.vpnreactor.com" />
 
-	<securecookie host="^(.*\.)?vpnreactor\.com$" name=".*"/>
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(members\.|www\.)?vpnreactor\.com/"
-		to="https://$1vpnreactor.com/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/VPNSecure.me.xml b/src/chrome/content/rules/VPNSecure.me.xml
new file mode 100644
index 000000000000..6869ef862d5c
--- /dev/null
+++ b/src/chrome/content/rules/VPNSecure.me.xml
@@ -0,0 +1,28 @@
+<!--
+	Insecure cookies are set for these domains and hosts:
+
+		- vpnsecure.me
+		- .vpnsecure.me
+		- www.vpnsecure.me
+
+-->
+<ruleset name="VPNSecure.me">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="vpnsecure.me" />
+	<target host="www.vpnsecure.me" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?vpnsecure\.me$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^\.vpnsecure\.me$" name="^vpnsidc$" /-->
+
+	<securecookie host="^(?:\.|www\.)?vpnsecure\.me$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/VPNService.ru.xml b/src/chrome/content/rules/VPNService.ru.xml
deleted file mode 100644
index 8611a97c72e6..000000000000
--- a/src/chrome/content/rules/VPNService.ru.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="VPNService.ru">
-
-	<target host="vpnservice.ru" />
-	<target host="*.vpnservice.ru" />
-
-
-	<securecookie host="^\.vpnservice\.ru$" name=".+" />
-
-
-	<rule from="^http://(www\.)?vpnservice\.ru/"
-		to="https://$1vpnservice.ru/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/VPN_Critic.com.xml b/src/chrome/content/rules/VPN_Critic.com.xml
new file mode 100644
index 000000000000..f95ee942ba05
--- /dev/null
+++ b/src/chrome/content/rules/VPN_Critic.com.xml
@@ -0,0 +1,20 @@
+<!--
+	Mixed content:
+
+		- css from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="VPN Critic.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="vpncritic.com" />
+	<target host="www.vpncritic.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/VPN_Reviewer.com.xml b/src/chrome/content/rules/VPN_Reviewer.com.xml
new file mode 100644
index 000000000000..c5ce580d89cb
--- /dev/null
+++ b/src/chrome/content/rules/VPN_Reviewer.com.xml
@@ -0,0 +1,18 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.vpnreviewer.com/ => https://www.vpnreviewer.com/: (52, 'Empty reply from server')
+
+-->
+<ruleset name="VPN Reviewer.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="vpnreviewer.com" />
+	<target host="www.vpnreviewer.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/VPS.net-problematic.xml b/src/chrome/content/rules/VPS.net-problematic.xml
new file mode 100644
index 000000000000..531ea96c573e
--- /dev/null
+++ b/src/chrome/content/rules/VPS.net-problematic.xml
@@ -0,0 +1,19 @@
+<!--
+	For rules that are on by default, see VPS.net.xml.
+
+-->
+<ruleset name="VPS.net (missing certificate chain)" default_off="cert-chain">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="vps.net"/>
+	<target host="www.vps.net"/>
+
+
+	<securecookie host="^(?:www\.)?vps\.net$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/VPS.net.xml b/src/chrome/content/rules/VPS.net.xml
index 254f1c60875c..b3e454415bf8 100644
--- a/src/chrome/content/rules/VPS.net.xml
+++ b/src/chrome/content/rules/VPS.net.xml
@@ -1,16 +1,45 @@
-<ruleset name="VPS.net (partial)" platform="mixedcontent">
+<!--
+	For problematic rules, see VPS.net-problematic.xml.
 
-	<target host="vps.net"/>
-	<target host="*.vps.net"/>
-	<target host="www.control.vps.net"/>
 
-	<rule from="^http://(?:www\.)?vps\.net/blog/wp-content/themes/vps/images/(bgshadow\d|logo)\.png$"
-		to="https://control.vps.net/images/dark_night/$1.png"/>
+	Nonfunctional hosts in *vps.net:
 
-	<rule from="^http://(?:www\.)?vps\.net/images/(bgcity\d\.(?:jpg|png)|logo\.png)$"
-		to="https://control.vps.net/images/dark_night/$1"/>
+		- wiki *
 
-	<rule from="^http://(www\.)?control\.vps\.net/"
-		to="https://$1control.vps.net/"/>
+	* Refused
+
+
+	(www.)?vps.net: Server sends no certificate chain, see https://whatsmychaincert.com
+
+
+	Insecure cookies are set for these hosts:
+
+		- vps.net
+		- www.vps.net
+
+
+	These altnames don't exist:
+
+		- www.control.vps.net
+
+-->
+<ruleset name="VPS.net (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<!--target host="vps.net"/-->
+	<target host="control.vps.net"/>
+	<!--target host="www.vps.net"/-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?vps\.net$" name="^(?:PHPSESSID|country_code)$" /-->
+
+	<!--securecookie host="^(?:www\.)?vps\.net$" name=".+" /-->
+
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/VSCo.co.xml b/src/chrome/content/rules/VSCo.co.xml
index 094a5ee6df26..b0a66884cead 100644
--- a/src/chrome/content/rules/VSCo.co.xml
+++ b/src/chrome/content/rules/VSCo.co.xml
@@ -47,4 +47,4 @@
 	<rule from="^http://static\d\.vsco\.co/"
 		to="https://d1484tg77u0d9i.cloudfront.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/VSHosting.xml b/src/chrome/content/rules/VSHosting.xml
new file mode 100644
index 000000000000..709112fa919f
--- /dev/null
+++ b/src/chrome/content/rules/VSHosting.xml
@@ -0,0 +1,14 @@
+<!--
+	Mismatched:
+		- support.vshosting.cz
+
+	Every customer gets his own subdomain. This subdomains don't work with https.
+-->
+<ruleset name="VSHosting">
+	<target host="vshosting.cz" />
+	<target host="www.vshosting.cz" />
+	<target host="soutez.vshosting.cz" />
+	<target host="posta2.vshosting.cz" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/VSIXGallery.com.xml b/src/chrome/content/rules/VSIXGallery.com.xml
new file mode 100644
index 000000000000..24a47c9da1e7
--- /dev/null
+++ b/src/chrome/content/rules/VSIXGallery.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="VSIXGallery.com">
+	<target host="vsixgallery.com" />
+	<target host="www.vsixgallery.com" />
+
+	<rule from="^http://vsixgallery\.com/" to="https://www.vsixgallery.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/VTAC.edu.au.xml b/src/chrome/content/rules/VTAC.edu.au.xml
new file mode 100644
index 000000000000..7c8d28961a1e
--- /dev/null
+++ b/src/chrome/content/rules/VTAC.edu.au.xml
@@ -0,0 +1,13 @@
+<ruleset name="VTAC.edu.au" platform="mixedcontent">
+
+	<target host="vtac.edu.au" />
+	<target host="www.vtac.edu.au" />
+	<target host="blog.vtac.edu.au" />
+	<target host="careersblog.vtac.edu.au" />
+	<target host="delta.vtac.edu.au" />
+	<target host="fs.vtac.edu.au" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/VTB.com.xml b/src/chrome/content/rules/VTB.com.xml
new file mode 100644
index 000000000000..aaf0155bcd5d
--- /dev/null
+++ b/src/chrome/content/rules/VTB.com.xml
@@ -0,0 +1,43 @@
+<!--
+	For other VTB Group coverage, see JSC-VTB-Bank.xml.
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- vtb.com
+		- .vtb.com
+		- m.vtb.com
+		- .m.vtb.com
+		- www.vtb.com
+
+
+	Mixed content:
+
+		- Bugs on m, www from ([\da-f]{2}\.){4}top.mail.ru *
+
+	* Secured by us
+
+-->
+<ruleset name="VTB.com" default_off="mismatched">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="vtb.com"/>
+	<target host="m.vtb.com"/>
+	<target host="www.vtb.com"/>
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.vtb\.com$" name="^(?:_LAT|_LNG|CITY_IP|GLOBAL_CITY_NAME|PHPSESSID)$"/-->
+	<!--securecookie host="^m\.vtb\.ru$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^\.m\.vtb\.ru$" name="^CITY_IP$" /-->
+	<!--securecookie host="^(?:www\.)?vtb\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host=".+" name=".+"/>
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/VTB_Russia.ru.xml b/src/chrome/content/rules/VTB_Russia.ru.xml
new file mode 100644
index 000000000000..3da2b8d9596b
--- /dev/null
+++ b/src/chrome/content/rules/VTB_Russia.ru.xml
@@ -0,0 +1,35 @@
+<!--
+	For other VTB Group coverage, see JSC-VTB-Bank.xml.
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .vtbrussia.ru
+
+
+	Mixed content:
+
+		- Bugs on (www.)? from ([\da-f]{2}\.){4}top.mail.ru *
+
+	* Secured by us
+
+-->
+<ruleset name="VTB Russia.ru" default_off="mismatched">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="vtbrussia.ru"/>
+	<target host="www.vtbrussia.ru"/>
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.vtbrussia\.ru$" name="^CITY_IP$" /-->
+
+	<securecookie host="^\.vtbrussia\.ru$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/VTCSec.ru.xml b/src/chrome/content/rules/VTCSec.ru.xml
new file mode 100644
index 000000000000..fb852e46e6fe
--- /dev/null
+++ b/src/chrome/content/rules/VTCSec.ru.xml
@@ -0,0 +1,18 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://vtcsec.ru/ => https://vtcsec.ru/: (6, 'Could not resolve host: vtcsec.ru')
+
+	www: mismatched, CN: wargame.vtcsec.ru
+
+-->
+<ruleset name="VTCSec.ru" default_off="failed ruleset test">
+
+	<target host="vtcsec.ru" />
+	<target host="www.vtcsec.ru" />
+
+
+	<rule from="^http://(?:www\.)?vtcsec\.ru/"
+		to="https://vtcsec.ru/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/VTEC-Direct.xml b/src/chrome/content/rules/VTEC-Direct.xml
index d56fff4425e6..676f918a8fbc 100644
--- a/src/chrome/content/rules/VTEC-Direct.xml
+++ b/src/chrome/content/rules/VTEC-Direct.xml
@@ -1,15 +1,31 @@
-<ruleset name="VTEC Direct">
+<!--
+	NB: Server sends no certificate chain, see https://whatsmychaincert.com
 
+
+	Mixed content:
+
+		- css on www from vtecdirect.com *
+
+		- Images, from:
+
+			- vtecdirect.com *
+			- www.vtecdirect.com *
+
+	* Secured by us
+
+-->
+<ruleset name="VTEC Direct.com" default_off="expired, missing certificate chain" platform="mixedcontent">
+
+	<!--	Direct rewrites:
+				-->
 	<target host="vtecdirect.com" />
-	<!--	* for cross-domain cookie.	-->
-	<target host="*.vtecdirect.com" />
+	<target host="www.vtecdirect.com" />
 
 
-	<securecookie host="^\.vtecdirect\.com$" name=".*" />
+	<securecookie host="^\.vtecdirect\.com$" name=".+" />
 
 
-	<!--	Cert only matches //vtecdirect.com	-->
-	<rule from="^https?://(?:www\.)?vtecdirect\.com/"
-		to="https://vtecdirect.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/VTLUUG.org.xml b/src/chrome/content/rules/VTLUUG.org.xml
new file mode 100644
index 000000000000..72528a925992
--- /dev/null
+++ b/src/chrome/content/rules/VTLUUG.org.xml
@@ -0,0 +1,15 @@
+<!--
+	www: mismatched, CN: milton.vtluug.org
+
+-->
+<ruleset name="VTLUUG.org">
+
+	<target host="vtluug.org" />
+	<target host="milton.vtluug.org" />
+	<target host="www.vtluug.org" />
+
+
+	<rule from="^http://(?:(milton\.)|www\.)?vtluug\.org/"
+		to="https://$1vtluug.org/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/VTech.com.xml b/src/chrome/content/rules/VTech.com.xml
new file mode 100644
index 000000000000..4e1ecd7787eb
--- /dev/null
+++ b/src/chrome/content/rules/VTech.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- vtech.com
+		- www.vtech.com
+
+-->
+<ruleset name="VTech.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="vtech.com" />
+	<target host="www.vtech.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?vtech\.com$" name="^(?:_icl_current_language|PHPSESSID)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/VTunnel.xml b/src/chrome/content/rules/VTunnel.xml
index 2a0e0e0920ed..153269e1df4a 100644
--- a/src/chrome/content/rules/VTunnel.xml
+++ b/src/chrome/content/rules/VTunnel.xml
@@ -1,4 +1,9 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://vtunnel.com/ => https://vtunnel.com/: (7, 'Failed to connect to vtunnel.com port 443: Connection refused')
+Fetch error: http://www.vtunnel.com/ => https://www.vtunnel.com/: (7, 'Failed to connect to www.vtunnel.com port 443: Connection refused')
+
 	Mixed content:
 
 		- Ads/web bugs, on (www.) from:
@@ -10,16 +15,15 @@
 	* Secured by us
 
 -->
-<ruleset name="VTunnel">
+<ruleset name="VTunnel" default_off="failed ruleset test">
 
 	<target host="vtunnel.com" />
-	<target host="*.vtunnel.com" />
+	<target host="www.vtunnel.com" />
 
 
-	<securecookie host="^(?:.*\.)?vtunnel\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(www\.)?vtunnel\.com/"
-		to="https://$1vtunnel.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/VU.nl.xml b/src/chrome/content/rules/VU.nl.xml
new file mode 100644
index 000000000000..62519c658c74
--- /dev/null
+++ b/src/chrome/content/rules/VU.nl.xml
@@ -0,0 +1,85 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.fbw.vu.nl/ => https://www.fbw.vu.nl/: (51, "SSL: no alternative certificate subject name matches target host name 'www.fbw.vu.nl'")
+Fetch error: http://fbw.vu.nl/ => https://www.fbw.vu.nl/: (51, "SSL: no alternative certificate subject name matches target host name 'www.fbw.vu.nl'")
+
+	VU University Amsterdam
+
+
+	Nonfunctional subdomains:
+
+		- (www.)?falw ⁴
+		- careerservices.feweb ⁴
+		- (www.)?fgb ⁴
+		- (www.)?fgw ⁴
+		- (www.)?fpp ᵃ
+		- (www.)?godgeleerdheid ⁴
+		- (www.)?let ⁴
+		- (www.)?med ⁴
+		- (www.)?rechten ⁴
+		- (www.)?sportcentrum ⁴
+		- (www.)?talma ⁴
+		- psy ⁴
+		- www.psy ᵃ
+		- (www.)?ub ⁴
+
+	ᵃ Shows another domain
+	⁴ 404
+
+
+	Problematic subdomains:
+
+		- cs ᵐ
+		- fbw ᵐ
+		- feweb ᵐ
+
+	ᵐ Mismatched
+
+-->
+<ruleset name="VU.nl (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="vu.nl" />
+	<target host="www.cs.vu.nl" />
+	<target host="www.fbw.vu.nl" />
+	<target host="few.vu.nl" />
+	<target host="www.few.vu.nl" />
+	<target host="www.feweb.vu.nl" />
+
+	<target host="cdn.login.vu.nl" />
+	<target host="forgotpassword.login.vu.nl" />
+	<target host="sts.login.vu.nl" />
+	<target host="stsfed.login.vu.nl" />
+	<target host="vunet.login.vu.nl" />
+
+	<target host="helios.psy.vu.nl" />
+	<target host="vunet.vu.nl" />
+	<target host="www.vu.nl" />
+
+	<!--	Complications:
+				-->
+	<target host="cs.vu.nl" />
+	<target host="fbw.vu.nl" />
+	<target host="feweb.vu.nl" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.login\.vu\.nl$" name="^loginName$" /-->
+	<!--securecookie host="^forgotpassword\.login\.vu\.nl$" name="^ISAWPLB\{[\dA-F-]+\}$" /-->
+	<!--securecookie host="^\.forgotpassword\.login\.vu\.nl$" name="^lcid$" /-->
+	<!--securecookie host="^vunet\.login\.vu\.nl$" name="^ISAWPLB\{[\dA-F-]+\}$" /-->
+	<!--securecookie host="^rooster\.vu\.nl$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://(cs|fbw)\.vu\.nl/"
+		to="https://www.$1.vu.nl/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/VUTBr.cz.xml b/src/chrome/content/rules/VUTBr.cz.xml
new file mode 100644
index 000000000000..608de7d342bc
--- /dev/null
+++ b/src/chrome/content/rules/VUTBr.cz.xml
@@ -0,0 +1,352 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://bank.vutbr.cz/ => https://bank.vutbr.cz/: (6, 'Could not resolve host: bank.vutbr.cz')
+Fetch error: http://jaguar.cis.vutbr.cz/ => https://jaguar.cis.vutbr.cz/: (7, 'Failed to connect to jaguar.cis.vutbr.cz port 443: Connection refused')
+Fetch error: http://wifigw.cis.vutbr.cz/ => https://wifigw.cis.vutbr.cz/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.radio.feec.vutbr.cz/ => https://www.radio.feec.vutbr.cz/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.six.feec.vutbr.cz/ => https://www.six.feec.vutbr.cz/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://ms.urel.feec.vutbr.cz/ => https://ms.urel.feec.vutbr.cz/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.urel.feec.vutbr.cz/ => https://www.urel.feec.vutbr.cz/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://fsinfo.fme.vutbr.cz/ => https://fsinfo.fme.vutbr.cz/: (60, 'SSL certificate problem: self signed certificate in certificate chain')
+Fetch error: http://io-test-gw.vutbr.cz/ => https://io-test-gw.vutbr.cz/: (28, 'Connection timed out after 20003 milliseconds')
+Fetch error: http://www.kam.vutbr.cz/ => https://www.kam.vutbr.cz/: Too many redirects while fetching 'https://www.kam.vutbr.cz/'
+Fetch error: http://lib.vutbr.cz/ => https://lib.vutbr.cz/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://serval.lib.vutbr.cz/ => https://serval.lib.vutbr.cz/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://ent.ro.vutbr.cz/ => https://ent.ro.vutbr.cz/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://jdi.na.ro.vutbr.cz/ => https://jdi.na.ro.vutbr.cz/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://sapgw.ro.vutbr.cz/ => https://sapgw.ro.vutbr.cz/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.skm.vutbr.cz/ => https://www.skm.vutbr.cz/: Too many redirects while fetching 'https://www.skm.vutbr.cz/'
+Fetch error: http://sw.ro.vutbr.cz/ => https://sw.ro.vutbr.cz/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://updates-yum.ro.vutbr.cz/ => https://updates-yum.ro.vutbr.cz/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://wiki.ro.vutbr.cz/ => https://wiki.ro.vutbr.cz/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	Other Brno University of Technology rulesets:
+
+		- Na_VUT.cz.xml
+
+
+	Nonfunctional hosts in *vutbr.cz:
+
+		- www.admas	Refused
+		- coyote.cis	Refused
+		- nav.cis	Refused
+		- podcast.fa	503
+		- www.fa	Shows intra.fa.vutbr.cz
+
+		- knihovna.fbm	Shows web1.fbm.vutbr.cz
+		- trendy.fbm	Shows web1.fbm.vutbr.cz
+		- www.fbm	Shows web1.fbm.vutbr.cz
+
+		- arc.fce	Dropped
+		- library.fce	Dropped
+		- tubo.fce	Refused
+		- vision.fce	Shows fyzika.fce.vutbr.cz
+		- www.fce	Shows intranet.fce.vutbr.cz
+
+		- suk.fch	Dropped
+		- www.fch	Shows intranet.fch.vutbr.cz
+
+		- 3dstudio.ffa		Shows server.ffa.vutbr.cz
+		- galerieaula.ffa	Shows server.ffa.vutbr.cz
+		- wis.fit	Untrusted root
+		- qers.fme	Dropped
+		- www.fp	Shows web1.fbm.vutbr.cz
+		- isc		Redirects to http
+		- primo.lib	403/404
+		- student.hosting.ro	Shows default page
+		- www.student	Shows default page
+		- www.vutium	500
+
+
+	Problematic hosts in *vutbr.cz:
+
+		- best		Expired, mixed css, mismatched, self-signed
+		- www.cesa	Expired
+		- web1.fbm	Self-signed
+		- fyzika.fce	Expired, missing certificate chain
+		- www.feec	Untrusted root
+		- www.fit	Untrusted root
+
+		- fsinfo.fme	Untrusted root
+		- knihovna.fme	Untrusted root
+		- www.tst.fme	Untrusted root
+
+		- best.kn	Expired, mixed css, mismatched, self-signed
+		- aleph.lib	Mixed css
+		- lists		Mismatched, untrusted root
+		- www.lli	Expired
+		- net		Mismatched
+		- primo		Mismatched
+		- sport		Expired, mismatched
+
+
+	These altnames don't exist:
+
+		- ferret.cis.vutbr.cz
+		- apollo.cloud.vutbr.cz
+		- portal.fa.vutbr.cz
+
+		- brain.kn.vutbr.cz
+		- is.kn.vutbr.cz
+		- brain.srv.kn.vutbr.cz
+		- televize.srv.kn.vutbr.cz
+		- web.srv.kn.vutbr.cz
+
+		- mail.vutbr.cz
+		- www.jdi.na.ro.vutbr.cz
+		- terminal.ro.vutbr.cza
+		- sportales.vutbr.cz
+		- www.sportales.vutbr.cz
+		- wifi.vutbr.cz
+
+
+	Insecure cookies are set for these :
+
+		- www.cesa.vutbr.cz
+		- zapis.cesa.vutbr.cz
+		- cas.fbm.vutbr.cz
+		- fyzika.fce.vutbr.cz
+		- intranet.fch.vutbr.cz
+		- www.radio.feec.vutbr.cz
+		- www.feec.vutbr.cz
+		- www.ffa.vutbr.cz
+		- www.tst.fme.vutbr.cz
+		- fsinfo.fme.vutbr.cz
+		- knihovna.fme.vutbr.cz
+		- www.fme.vutbr.cz
+		- www.kam.vutbr.cz
+		- www.lli.vutbr.cz
+		- www.jdi.na.vutbr.cz
+		- dog.ro.vutbr.cz
+		- wiki-vav.ro.vutbr.cz
+		- www.skm.vutbr.cz
+		- www.sport.vutbr.cz
+		- vh1.vutbr.cz
+		- www.vh1.vutbr.cz
+		- vh2.vutbr.cz
+		- www.vh2.vutbr.cz
+		- vh3.vutbr.cz
+		- www.vh3.vutbr.cz
+		- www.vutbr.cz
+
+
+	Mixed content:
+
+		- css, on:
+
+			- best from $self
+			- aleph.lib from $self
+
+		- Images, on:
+
+			- best from $self
+			- www.six.feec from $self
+			- fsinfo.fme from $self
+			- aleph.lib from $self
+			- logovut.ro from $self
+			- www from $self
+
+		- Bug on www.feec from c1.navrcholu.cz	Unsecurable <= refused
+
+-->
+<ruleset name="VUTBr.cz (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="vutbr.cz" />
+	<target host="absolvent.vutbr.cz" />
+	<target host="absolventi.vutbr.cz" />
+	<target host="abuse.vutbr.cz" />
+	<target host="www.abuse.vutbr.cz" />
+	<target host="adfs.vutbr.cz" />
+	<target host="apollo.vutbr.cz" />
+	<target host="bank.vutbr.cz" />
+	<!--target host="best.vutbr.cz" /-->
+	<target host="certs.vutbr.cz" />
+	<target host="www.certs.vutbr.cz" />
+	<target host="zapis.cesa.vutbr.cz" />
+
+	<target host="cis.vutbr.cz" />
+	<target host="jaguar.cis.vutbr.cz" />
+	<target host="netis.cis.vutbr.cz" />
+	<target host="wifigw.cis.vutbr.cz" />
+	<target host="www.cis.vutbr.cz" />
+
+	<target host="csirt.vutbr.cz" />
+	<target host="www.csirt.vutbr.cz" />
+
+	<target host="cvis.vutbr.cz" />
+	<target host="www.cvis.vutbr.cz" />
+	<target host="doctor.vutbr.cz" />
+	<target host="dotaznik.vutbr.cz" />
+	<target host="ds.vutbr.cz" />
+
+	<!--target host="www.cesa.vutbr.cz" /-->
+	<target host="eduroam.vutbr.cz" />
+	<target host="www.eduroam.vutbr.cz" />
+	<target host="elearning.vutbr.cz" />
+	<target host="eprihlaska.vutbr.cz" />
+
+	<target host="intra.fa.vutbr.cz" />
+	<target host="mail.fa.vutbr.cz" />
+	<target host="marge.fa.vutbr.cz" />
+
+	<target host="favu.vutbr.cz" />
+	<target host="www.favu.vutbr.cz" />
+	<target host="cas.fbm.vutbr.cz" />
+	<!--target host="web1.fbm.vutbr.cz" /-->
+
+	<!--target host="fyzika.fce.vutbr.cz" /-->
+	<target host="intranet.fce.vutbr.cz" />
+	<target host="intranet.study.fce.vutbr.cz" />
+
+	<target host="intranet.fch.vutbr.cz" />
+
+	<target host="www.radio.feec.vutbr.cz" />
+	<target host="www.six.feec.vutbr.cz" />
+	<target host="ms.urel.feec.vutbr.cz" />
+	<target host="www.urel.feec.vutbr.cz" />
+	<!--target host="www.feec.vutbr.cz" /-->
+
+	<target host="ffa.vutbr.cz" />
+	<target host="server.ffa.vutbr.cz" />
+	<target host="animal.ffa.vutbr.cz" />
+	<target host="www.ffa.vutbr.cz" />
+
+	<!--target host="wis.fit.vutbr.cz" /-->
+	<!--target host="www.fit.vutbr.cz" /-->
+
+	<target host="fsinfo.fme.vutbr.cz" />
+	<!--target host="knihovna.fme.vutbr.cz" /-->
+	<!--target host="www.tst.fme.vutbr.cz" /-->
+	<target host="www.fme.vutbr.cz" />
+
+	<target host="io-gw.vutbr.cz" />
+	<target host="io-test-gw.vutbr.cz" />
+	<target host="is.vutbr.cz" />
+	<target host="www.is.vutbr.cz" />
+	<target host="www.isc.vutbr.cz" />
+	<target host="isic.vutbr.cz" />
+	<target host="www.kam.vutbr.cz" />
+	<target host="kcentrum.vutbr.cz" />
+
+	<!--target host="best.kn.vutbr.cz" /-->
+	<target host="email.kn.vutbr.cz" />
+	<target host="mail.kn.vutbr.cz" />
+	<target host="spirit.kn.vutbr.cz" />
+	<target host="televize.kn.vutbr.cz" />
+	<target host="web.kn.vutbr.cz" />
+	<target host="webmail.kn.vutbr.cz" />
+	<target host="www.kn.vutbr.cz" />
+
+	<target host="lib.vutbr.cz" />
+	<!--target host="aleph.lib.vutbr.cz" /-->
+	<target host="serval.lib.vutbr.cz" />
+	<target host="www.lib.vutbr.cz" />
+
+	<!--target host="lists.vutbr.cz" /-->
+	<!--target host="www.lli.vutbr.cz" /-->
+	<target host="login.vutbr.cz" />
+	<target host="www.login.vutbr.cz" />
+
+	<target host="mobility.vutbr.cz" />
+	<target host="www.mobility.vutbr.cz" />
+
+	<target host="jdi.na.vutbr.cz" />
+	<target host="www.jdi.na.vutbr.cz" />
+	<target host="www.net.vutbr.cz" />
+	<target host="office.vutbr.cz" />
+	<target host="www.office.vutbr.cz" />
+	<target host="office365.vutbr.cz" />
+	<target host="www.office365.vutbr.cz" />
+	<target host="poptavka.vutbr.cz" />
+	<!--target host="primo.vutbr.cz" /-->
+	<target host="ra.vutbr.cz" />
+
+	<target host="apollo.ro.vutbr.cz" />
+	<target host="dog.ro.vutbr.cz" />
+	<target host="ent.ro.vutbr.cz" />
+	<target host="ffa.ro.vutbr.cz" />
+	<target host="www.ffa.ro.vutbr.cz" />
+	<target host="logovut.ro.vutbr.cz" />
+	<target host="jdi.na.ro.vutbr.cz" />
+	<target host="navut.ro.vutbr.cz" />
+	<target host="ostratest.ro.vutbr.cz" />
+	<target host="sapgw.ro.vutbr.cz" />
+	<target host="www.skm.vutbr.cz" />
+	<target host="sw.ro.vutbr.cz" />
+	<target host="updates-yum.ro.vutbr.cz" />
+	<target host="vh1.ro.vutbr.cz" />
+	<target host="www.vh1.ro.vutbr.cz" />
+	<target host="vh2.ro.vutbr.cz" />
+	<target host="www.vh2.ro.vutbr.cz" />
+	<target host="vh3.ro.vutbr.cz" />
+	<target host="www.vh3.ro.vutbr.cz" />
+	<target host="wiki.ro.vutbr.cz" />
+	<target host="wiki-vav.ro.vutbr.cz" />
+	<target host="wikitest.ro.vutbr.cz" />
+
+	<!--target host="sport.vutbr.cz" /-->
+	<target host="stipendia.vutbr.cz" />
+	<target host="stipendium.vutbr.cz" />
+	<target host="sw.vutbr.cz" />
+	<target host="tt.vutbr.cz" />
+	<target host="www.tt.vutbr.cz" />
+	<target host="usi.vutbr.cz" />
+	<target host="www.usi.vutbr.cz" />
+	<target host="val.vutbr.cz" />
+	<target host="vav.vutbr.cz" />
+	<target host="vavinet.vutbr.cz" />
+	<target host="www.vavinet.vutbr.cz" />
+	<target host="vh1.vutbr.cz" />
+	<target host="www.vh1.vutbr.cz" />
+	<target host="vh2.vutbr.cz" />
+	<target host="www.vh2.vutbr.cz" />
+	<target host="vh3.vutbr.cz" />
+	<target host="www.vh3.vutbr.cz" />
+	<target host="vvztahy.vutbr.cz" />
+	<target host="www.vvztahy.vutbr.cz" />
+	<target host="www.vutbr.cz" />
+
+	<!--	Complications:
+				-->
+	<target host="net.vutbr.cz" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.cesa\.vutbr\.cz$" name="^redirect$" /-->
+	<!--securecookie host="^zapis\.cesa\.vutbr\.cz$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^cas\.fbm\.vutbr\.cz$" name="^(?:cadata|sessionid)$" /-->
+	<!--securecookie host="^fyzika\.fce\.vutbr\.cz$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^intranet\.fch\.vutbr\.cz$" name="^wbi_session_id$" /-->
+
+	<!--securecookie host="^www\.radio\.feec\.vutbr\.cz$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^www\.feec\.vutbr\.cz$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^www\.ffa\.vutbr\.cz$" name="^PHPSESSID$" /-->
+
+	<!--securecookie host="^fsinfo\.fme\.vutbr\.cz$" name="^[\da-f]{32}$" /-->
+	<!--securecookie host="^knihovna\.fme\.vutbr\.cz$" name="^[\da-f]{32}$" /-->
+	<!--securecookie host="^www\.tst\.fme\.vutbr\.cz$" name="^(?:PHPSESSID|fme_auth)$" /-->
+	<!--securecookie host="^www\.fme\.vutbr\.cz$" name="^(?:PHPSESSID|fme_auth)$" /-->
+
+	<!--securecookie host="^www\.jdi\.na\.vutbr\.cz$" name="^(?:PHPSESSID|nosec_sess)$" /-->
+	<!--securecookie host="^www\.kam\.vutbr\.cz$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^dog\.ro\.vutbr\.cz$" name="^SimpleSAMLSessionID$" /-->
+	<!--securecookie host="^wiki\.ro\.vutbr\.cz$" name="^(?:SimpleSAMLSessionID|wikidb_vavinet_\d+_session)$" /-->
+	<!--securecookie host="^www\.skm\.vutbr\.cz$" name="^ASPSESSIONID[A-Z]{8}$" /-->
+	<!--securecookie host="^sport\.vutbr\.cz$" name="^redirect$" /-->
+	<!--securecookie host="^vh[1-3]\.vutbr\.cz$" name="^(?:PHPSESSID|nosec_sess)$" /-->
+	<!--securecookie host="^www\.vutbr\.cz$" name="^(?:PHPSESSID|nosec_sess)$" /-->
+
+	<securecookie host=".+\.vutbr\.cz$" name=".+" />
+
+
+	<rule from="^http://net\.vutbr\.cz/"
+		to="https://www.net.vutbr.cz/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/VVCap.xml b/src/chrome/content/rules/VVCap.xml
index f7d8d757b44f..3ba66076ea35 100644
--- a/src/chrome/content/rules/VVCap.xml
+++ b/src/chrome/content/rules/VVCap.xml
@@ -1,10 +1,11 @@
-<ruleset name="VVCap" default_off="mismatch">
+<ruleset name="VVCap">
 
-	<!--	Cert gcentral.biz	-->
+	<target host="vvcap.com" />
+	<target host="www.vvcap.com" />
 	<target host="vvcap.net" />
 	<target host="www.vvcap.net" />
 
-	<rule from="^http://(?:www\.)?vvcap\.net/"
-		to="https://vvcap.net/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/VZP.cz.xml b/src/chrome/content/rules/VZP.cz.xml
new file mode 100644
index 000000000000..3c8a39fdf93a
--- /dev/null
+++ b/src/chrome/content/rules/VZP.cz.xml
@@ -0,0 +1,19 @@
+<!--
+	Timeouts:
+	- webcall.vzp.cz
+	- edeska.vzp.cz
+-->
+<ruleset name="VZP.cz">
+
+	<target host="vzp.cz" />
+	<target host="ep2.vzp.cz" />
+	<target host="mujucet.vzp.cz" />
+	<target host="point.vzp.cz" />
+	<target host="portal.vzp.cz" />
+	<target host="www.vzp.cz" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Vabali.de.xml b/src/chrome/content/rules/Vabali.de.xml
new file mode 100644
index 000000000000..02531797901a
--- /dev/null
+++ b/src/chrome/content/rules/Vabali.de.xml
@@ -0,0 +1,13 @@
+<!--
+	A few fonts are loaded from
+		bootstrap-live-customizer.com
+	which serves https on a bad cert. Otherwise
+	the entire site works.
+-->
+<ruleset name="Vabali.de (partial)">
+	<target host="vabali.de" />
+	<target host="www.vabali.de" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Vacando.ch.xml b/src/chrome/content/rules/Vacando.ch.xml
new file mode 100644
index 000000000000..58596cfdb28a
--- /dev/null
+++ b/src/chrome/content/rules/Vacando.ch.xml
@@ -0,0 +1,14 @@
+<!--
+	For other Migros coverage, see Migros.xml.
+
+	Mismatch:
+		- ^vacando.ch
+-->
+<ruleset name="Vacando.ch">
+	<target host="vacando.ch" />
+	<target host="www.vacando.ch" />
+
+	<rule from="^http://vacando\.ch/"
+		to="https://www.vacando.ch/"/>
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/VacationRoost.xml b/src/chrome/content/rules/VacationRoost.xml
index 133fa3684390..4a382e498598 100644
--- a/src/chrome/content/rules/VacationRoost.xml
+++ b/src/chrome/content/rules/VacationRoost.xml
@@ -1,9 +1,14 @@
-<ruleset name="VacationRoost">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ajax.vacationroost.com/ => https://ajax.vacationroost.com/: (6, 'Could not resolve host: ajax.vacationroost.com')
+
+-->
+<ruleset name="VacationRoost" default_off="failed ruleset test">
 
 	<target host="ajax.vacationroost.com" />
 
 
-	<rule from="^http://ajax\.vacationroost\.com/"
-		to="https://ajax.vacationroost.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Vacenza.com.xml b/src/chrome/content/rules/Vacenza.com.xml
deleted file mode 100644
index 09e0ddd7f8fd..000000000000
--- a/src/chrome/content/rules/Vacenza.com.xml
+++ /dev/null
@@ -1,28 +0,0 @@
-<!--
-	CDN buckets:
-
-		- d3q4fknzlydddz.cloudfront.net
-		- depg6u1djjhl9.cloudfront.net
-
-
-	Problematic subdomains:
-
-		- ^	(cert only matches www)
-
-
-	Some pages redirect to http.
-
--->
-<ruleset name="vacenza.com (partial)">
-
-	<target host="vacenza.com" />
-	<target host="*.vacenza.com" />
-
-
-	<rule from="^https?://(?:www\.)?vacenza.com/([cC]ontent/|account/signin)"
-		to="https://www.vacenza.com/$1" />
-
-	<rule from="^http://tracking\.vacenza\.com/"
-		to="https://tracking.vacenza.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Vagrantup.com.xml b/src/chrome/content/rules/Vagrantup.com.xml
deleted file mode 100644
index 227e1951be40..000000000000
--- a/src/chrome/content/rules/Vagrantup.com.xml
+++ /dev/null
@@ -1,36 +0,0 @@
-<!--
-	CDN buckets:
-
-		- files.vagrantup.com.s3.amazonaws.com
-
-		- vagrant-downloads.herokuapp.com
-
-			- downloads
-
-
-	Problematic subdomains:
-
-		- ^		(dropped)
-		- downloads	(mismatched, CN: *.herokuapp.com)
-		- files		(amazonws)
-
--->
-<ruleset name="Vagrantup.com (partial)">
-
-	<target host="vagrantup.com" />
-	<target host="*.vagrantup.com" />
-
-
-	<rule from="^http://(?:www\.)?vagrantup\.com/"
-		to="https://www.vagrantup.com/" />
-
-	<rule from="^http://docs\.vagrantup\.com/"
-		to="https://docs.vagrantup.com/" />
-
-	<rule from="^http://downloads\.vagrantup\.com/"
-		to="https://vagrant-downloads.herokuapp.com/" />
-
-	<rule from="^http://files\.vagrantup\.com/"
-		to="https://s3.amazonaws.com/files.vagrantup.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Vajehyab.com.xml b/src/chrome/content/rules/Vajehyab.com.xml
new file mode 100644
index 000000000000..4863d14d4773
--- /dev/null
+++ b/src/chrome/content/rules/Vajehyab.com.xml
@@ -0,0 +1,9 @@
+<!--
+	Wildcard DNS.
+-->
+<ruleset name="Vajehyab.com (partial)">
+	<target host="vajehyab.com"/>
+	<target host="www.vajehyab.com"/>
+
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/ValME.io.xml b/src/chrome/content/rules/ValME.io.xml
new file mode 100644
index 000000000000..c56a8e8ad7b4
--- /dev/null
+++ b/src/chrome/content/rules/ValME.io.xml
@@ -0,0 +1,16 @@
+<!--
+	www.valme.io: Recursive redirect over http & https
+
+-->
+<ruleset name="valME.io">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="valme.io" />
+	<!--target host="www.valme.io" /-->
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Valdhaus.co.xml b/src/chrome/content/rules/Valdhaus.co.xml
new file mode 100644
index 000000000000..7ca5223f084c
--- /dev/null
+++ b/src/chrome/content/rules/Valdhaus.co.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .valdhaus.co
+
+-->
+<ruleset name="Valdhaus.co">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="valdhaus.co" />
+	<target host="www.valdhaus.co" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.valdhaus\.co$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.valdhaus\.co$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Vale_of_Glamorgan.gov.uk.xml b/src/chrome/content/rules/Vale_of_Glamorgan.gov.uk.xml
new file mode 100644
index 000000000000..ffdcf638db92
--- /dev/null
+++ b/src/chrome/content/rules/Vale_of_Glamorgan.gov.uk.xml
@@ -0,0 +1,80 @@
+<!--
+	Vale of Glamorgan Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *valeofglamorgan.gov.uk:
+
+		- accommodation ᵃ
+		- ecitizen ʳ
+		- ldp ʳ
+		- libhip ᵈ
+		- myvale ʳ
+		- thebigfill ʳ
+		- webapp ʳ
+
+	ᵃ Shows another domain
+	ᵈ Dropped
+	ʳ Refused
+
+
+	Problematic hosts in *valeofglamorgan.gov.uk:
+
+		- lg ᵐ
+
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- earlyyears.valeofglamorgan.gov.uk
+		- forms.valeofglamorgan.gov.uk
+		- payments.valeofglamorgan.gov.uk
+		- valeforms.valeofglamorgan.gov.uk
+		- www.valeofglamorgan.gov.uk
+
+
+	These altnames don't exist:
+
+		- valeofglamorgan.gov.uk
+
+
+	Mixed content:
+
+		- css on www from fonts.googleapis.com ˢ
+		- Images on valeforms from www.valeofglamorgan.gov.uk ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="Vale of Glamorgan.gov.uk (partial)">
+
+	<target host="admissions.valeofglamorgan.gov.uk" />
+	<target host="earlyyears.valeofglamorgan.gov.uk" />
+	<target host="forms.valeofglamorgan.gov.uk" />
+	<target host="payments.valeofglamorgan.gov.uk" />
+	<target host="valeforms.valeofglamorgan.gov.uk" />
+	<target host="www.valeofglamorgan.gov.uk" />
+
+		<!--	Set cookies without Secure:
+							-->
+		<!--test url="http://earlyyears.valeofglamorgan.gov.uk/FISO_LIVE/publicenquiry/Search.aspx?letter=D" /-->
+		<!--test url="http://valeforms.valeofglamorgan.gov.uk/ords/f?p=122:1::::::" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^earlyyears\.valeofglamorgan\.gov\.uk$" name="^(?:ASP\.NET_SessionId|PETestCookie)$" /-->
+	<!--securecookie host="^forms\.valeofglamorgan\.gov\.uk$" name="^(?:ASP\.NET_SessionId|ValeWebCookie)$" /-->
+	<!--securecookie host="^payments\.valeofglamorgan\.gov\.uk$" name="^(?:EForm\ LIMIT\ TEST|EForm\ Options|ValeWebCookie)$" /-->
+	<!--securecookie host="^valeforms\.valeofglamorgan\.gov\.uk$" name="^(?:ORA_WWV_APP_122|ValeWebCookie)$" /-->
+	<!--securecookie host="^www\.valeofglamorgan\.gov\.uk$" name="^ValeWebCookie$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ValerieAurora.org.xml b/src/chrome/content/rules/ValerieAurora.org.xml
new file mode 100644
index 000000000000..a145ee0b9623
--- /dev/null
+++ b/src/chrome/content/rules/ValerieAurora.org.xml
@@ -0,0 +1,7 @@
+<ruleset name="ValerieAurora.org">
+	<target host="valerieaurora.org" />
+	<target host="www.valerieaurora.org" />
+	<target host="blog.valerieaurora.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ValerieTarico.com.xml b/src/chrome/content/rules/ValerieTarico.com.xml
new file mode 100644
index 000000000000..412eed73b4dd
--- /dev/null
+++ b/src/chrome/content/rules/ValerieTarico.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="ValerieTarico.com">
+	<target host="valerietarico.com" />
+	<target host="www.valerietarico.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ValidCreditCardNumber.com.xml b/src/chrome/content/rules/ValidCreditCardNumber.com.xml
new file mode 100644
index 000000000000..6f0642a41d2a
--- /dev/null
+++ b/src/chrome/content/rules/ValidCreditCardNumber.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="ValidCreditCardNumber.com">
+	<target host="validcreditcardnumber.com" />
+	<target host="www.validcreditcardnumber.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Valley-First-Credit-Union.xml b/src/chrome/content/rules/Valley-First-Credit-Union.xml
new file mode 100644
index 000000000000..f0954d4c7373
--- /dev/null
+++ b/src/chrome/content/rules/Valley-First-Credit-Union.xml
@@ -0,0 +1,25 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://insurance.valleyfirst.com/ => https://insurance.valleyfirst.com/: (35, 'Unknown SSL protocol error in connection to insurance.valleyfirst.com:443 ')
+
+	Incomplete certificate chain:
+		- dashband.valleyfirst.com
+-->
+
+<ruleset name="Valley First Credit Union" default_off="failed ruleset test">
+	<target host="valleyfirst.com" />
+	<target host="www.valleyfirst.com" />
+	<target host="autodiscover.valleyfirst.com" />
+	<target host="insurance.valleyfirst.com" />
+	<target host="keepingitsimple.valleyfirst.com" />
+	<target host="lyncdiscover.valleyfirst.com" />
+	<target host="mdws.valleyfirst.com" />
+	<target host="meet.valleyfirst.com" />
+	<target host="refer.valleyfirst.com" />
+	<target host="webmail.valleyfirst.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Valley_First_CU.org.xml b/src/chrome/content/rules/Valley_First_CU.org.xml
new file mode 100644
index 000000000000..a8eea0b0827a
--- /dev/null
+++ b/src/chrome/content/rules/Valley_First_CU.org.xml
@@ -0,0 +1,23 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://hb.valleyfirstcu.org/ => https://hb.valleyfirstcu.org/: (28, 'Connection timed out after 20004 milliseconds')
+
+-->
+<ruleset name="Valley First CU.org" default_off="failed ruleset test">
+
+	<target host="valleyfirstcu.org" />
+	<target host="hb.valleyfirstcu.org" />
+	<target host="www.valleyfirstcu.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?valleyfirstcu\.org$" name="^NBS$" /-->
+
+	<securecookie host="^(?:www\.)?valleyfirstcu\.org$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Valtiolle.fi-problematic.xml b/src/chrome/content/rules/Valtiolle.fi-problematic.xml
new file mode 100644
index 000000000000..08e75f928535
--- /dev/null
+++ b/src/chrome/content/rules/Valtiolle.fi-problematic.xml
@@ -0,0 +1,22 @@
+<!--
+	For rules that are on by default, see Valtiolle.fi.xml.
+
+-->
+<ruleset name="Valtiolle.fi (missing certificate chain)" default_off="cert-chain">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="haku.valtiolle.fi"/>
+
+	<!--	Complications:
+				-->
+	<target host="heli.valtiolle.fi"/>
+
+
+	<rule from="^http://heli\.valtiolle\.fi/"
+		to="https://haku.valtiolle.fi/"/>
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Valtiolle.fi.xml b/src/chrome/content/rules/Valtiolle.fi.xml
index c883f4b7c0dc..d1276fa5c02b 100644
--- a/src/chrome/content/rules/Valtiolle.fi.xml
+++ b/src/chrome/content/rules/Valtiolle.fi.xml
@@ -1,20 +1,47 @@
 <!--
-Functional subdomains:
-	- www.
-	- haku.
-Problematic subdomain:
-	- heli.		(cert matches haku.valtiolle.fi)
+	For problematic rules, see Valtiolle.fi-problematic.xml.
+
+
+	Problematic hosts in *valtiolle.fi:
+
+		- haku ²
+		- heli ¹
+
+	¹ Mismatched
+	² Server sends no certificate chain, see https://whatsmychaincert.com
+
+
+	Insecure cookies are set for these hosts:
+
+		- valtiolle.fi
+		- www.valtiolle.fi
+
 -->
-<ruleset name="Valtiolle.fi">
+<ruleset name="Valtiolle.fi (partial)">
+
+	<!--	Direct rewrites:
+				-->
 	<target host="valtiolle.fi"/>
-	<target host="*.valtiolle.fi"/>
+	<!--target host="haku.valtiolle.fi"/-->
+	<target host="www.valtiolle.fi"/>
+
+	<!--	Complications:
+				-->
+	<!--target host="heli.valtiolle.fi"/-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^valtiolle\.fi$" name="^BIGipServer[\w.~]+$" /-->
+	<!--securecookie host="^www\.valtiolle\.fi$" name="^(?:ASP\.NET_SessionId|BIGipServer[\w.~]+)$" /-->
+
+	<securecookie host="^(?:www\.)?valtiolle\.fi$" name=".+" />
+
 
-	<securecookie host="^(?:haku|www)\.valtiolle\.fi$" name=".+" />
+	<!--rule from="^http://heli\.valtiolle\.fi/"
+		to="https://haku.valtiolle.fi/"/-->
 
-	<!-- Cert matches www -->
-	<rule from="^http://(?:www\.)?valtiolle\.fi/"
-		to="https://www.valtiolle.fi/"/>
+	<rule from="^http:"
+		to="https:" />
 
-	<rule from="^http://(?:haku|heli)\.valtiolle\.fi/"
-		to="https://haku.valtiolle.fi/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/Valtion-taloudellinen-tutkimuskeskus.xml b/src/chrome/content/rules/Valtion-taloudellinen-tutkimuskeskus.xml
index 8f23c3e85903..92bdaadb9499 100644
--- a/src/chrome/content/rules/Valtion-taloudellinen-tutkimuskeskus.xml
+++ b/src/chrome/content/rules/Valtion-taloudellinen-tutkimuskeskus.xml
@@ -1,9 +1,15 @@
-<ruleset name="Valtion taloudellinen tutkimuskeskus">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://vatt.fi/ => https://vatt.fi/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.vatt.fi/ => https://www.vatt.fi/: (28, 'Connection timed out after 20000 milliseconds')
+
+-->
+<ruleset name="Valtion taloudellinen tutkimuskeskus" default_off="failed ruleset test">
 	<target host="vatt.fi"/>
 	<target host="www.vatt.fi"/>
 
 	<securecookie host="^(?:www\.)?vatt\.fi$" name=".+" />
 
-	<rule from="^http://(www\.)?vatt\.fi/"
-		to="https://$1vatt.fi/"/>
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Value-Applications.xml b/src/chrome/content/rules/Value-Applications.xml
index fdacdfbfca5f..b67f93216e93 100644
--- a/src/chrome/content/rules/Value-Applications.xml
+++ b/src/chrome/content/rules/Value-Applications.xml
@@ -1,13 +1,20 @@
-<ruleset name="Value Applications">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://valueapplications.com/ => https://www.valueapplications.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.valueapplications.com/ => https://www.valueapplications.com/: (28, 'Connection timed out after 20000 milliseconds')
+
+-->
+<ruleset name="Value Applications" default_off="failed ruleset test">
 
 	<target host="valueapplications.com" />
 	<target host="www.valueapplications.com" />
 
 
-	<securecookie host="^(.*\.)?valueapplications\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?valueapplications\.com/"
+	<rule from="^http://(?:www\.)?valueapplications\.com/"
 		to="https://www.valueapplications.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Value-Domain.com.xml b/src/chrome/content/rules/Value-Domain.com.xml
new file mode 100644
index 000000000000..5143f065dcee
--- /dev/null
+++ b/src/chrome/content/rules/Value-Domain.com.xml
@@ -0,0 +1,19 @@
+<!--
+	Nonfunctional subdomains:
+
+		- help *
+		- mainte *
+
+	* "domain error"
+
+-->
+<ruleset name="Value-Domain.com (partial)">
+
+	<target host="value-domain.com" />
+	<target host="www.value-domain.com" />
+		<!--exclusion pattern="http://(help|mainte)\.value-domain\.com/" /-->
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ValueClick-mismatches.xml b/src/chrome/content/rules/ValueClick-mismatches.xml
index 1b361117895c..6a00e37afc4a 100644
--- a/src/chrome/content/rules/ValueClick-mismatches.xml
+++ b/src/chrome/content/rules/ValueClick-mismatches.xml
@@ -7,11 +7,11 @@
 	<!--	Akamai
 			-->
 	<target host="adrxmedia.com" />
-	<target host="*.adrxmedia.com" />
+	<target host="www.adrxmedia.com" />
 	<target host="modernlivingmedia.com" />
-	<target host="*.modernlivingmedia.com" />
+	<target host="www.modernlivingmedia.com" />
 	<target host="momsmedia.com" />
-	<target host="*.momsmedia.com" />
+	<target host="www.momsmedia.com" />
 	<target host="gocart.valueclickmedia.com" />
 	<target host="cdn-origin.snv.vcmedia.com" />
 
@@ -24,10 +24,7 @@
 	<rule from="^http://(?:www\.)?(adrx|modernliving|moms)media\.com/"
 		to="https://www.$1media.com/"/>
 
-	<rule from="^http://gocart\.valueclickmedia\.com/"
-		to="https://gocart.valueclickmedia.com/"/>
 
-	<rule from="^http://cdn-origin\.snv\.vcmedia\.com/"
-		to="https://cdn-origin.snv.vcmedia.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/ValueClick.xml b/src/chrome/content/rules/ValueClick.xml
index a7f4e8220d48..a949ab649289 100644
--- a/src/chrome/content/rules/ValueClick.xml
+++ b/src/chrome/content/rules/ValueClick.xml
@@ -1,4 +1,13 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://fastclick.com/ (200) => https://www.valueclick.com/ (503)
+Non-2xx HTTP code: http://www.fastclick.com/ (200) => https://www.valueclick.com/ (503)
+Non-2xx HTTP code: http://mediaplex.com/ (200) => https://www.mediaplex.com/ (503)
+Non-2xx HTTP code: http://valueclick.com/ (200) => https://www.valueclick.com/ (503)
+Non-2xx HTTP code: http://www.valueclick.com/ (200) => https://www.valueclick.com/ (503)
+Non-2xx HTTP code: http://valueclickmedia.com/ (200) => https://www.valueclickmedia.com/ (503)
+
 	For problematic rules, see ValueClick-mismatches.xml.
 
 
@@ -43,7 +52,7 @@
 	** Akamai
 
 -->
-<ruleset name="ValueClick (partial)">
+<ruleset name="ValueClick (partial)" default_off="failed ruleset test">
 
 	<target host="*.apmebf.com" />
 	<target host="fastclick.com" />
@@ -66,7 +75,7 @@
 	<rule from="^http://(mp|rd)\.apmebf\.com/"
 		to="https://$1.apmebf.com/" />
 
-	<rule from="^https?://(?:www\.)?(?:fast|value)click(media)?\.com/"
+	<rule from="^http://(?:www\.)?(?:fast|value)click(media)?\.com/"
 		to="https://www.valueclick$1.com/" />
 
 	<rule from="^http://(?:secure\.)?cdn\.fastclick\.net/"
@@ -84,10 +93,10 @@
 	<rule from="^http://(?:secure\.)?img-cdn\.mediaplex\.com/"
 		to="https://secure.img-cdn.mediaplex.com/" />
 
-	<rule from="^https?://(?:www\.)?mediaplex\.com/"
+	<rule from="^http://(?:www\.)?mediaplex\.com/"
 		to="https://www.mediaplex.com/" />
 
-	<rule from="^https?://(?:secure-)?cdn\.mplxtms\.com/"
+	<rule from="^http://(?:secure-)?cdn\.mplxtms\.com/"
 		to="https://secure-cdn.mplxtms.com/" />
 
 	<rule from="^http://admin\.valueclickmedia\.com/"
diff --git a/src/chrome/content/rules/ValueCommerce.xml b/src/chrome/content/rules/ValueCommerce.xml
index f7ab55459395..94f5c0d8551b 100644
--- a/src/chrome/content/rules/ValueCommerce.xml
+++ b/src/chrome/content/rules/ValueCommerce.xml
@@ -17,17 +17,25 @@
 -->
 <ruleset name="ValueCommerce (partial)">
 
+	<!--	Direct rewrites:
+				-->
+	<target host="www.valuecommerce.com" />
+	<target host="www.valuecommerce.ne.jp" />
+
+	<!--	Complications:
+				-->
 	<target host="valuecommerce.com" />
-	<target host="*.valuecommerce.com" />
 	<target host="valuecommerce.ne.jp" />
-	<target host="www.valuecommerce.ne.jp" />
 
 
 	<securecookie host="^\.valuecommerce\.com$" name="^VCIDENTITY$" />
 	<securecookie host="^www\.valuecommerce\.ne\.jp$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?valuecommerce\.(com|ne\.jp)/"
+	<rule from="^http://valuecommerce\.(com|ne\.jp)/"
 		to="https://www.valuecommerce.$1/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ValueHost.ru.xml b/src/chrome/content/rules/ValueHost.ru.xml
index 14c447154d4b..24cc6621a3ce 100644
--- a/src/chrome/content/rules/ValueHost.ru.xml
+++ b/src/chrome/content/rules/ValueHost.ru.xml
@@ -1,13 +1,23 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- www.valuehost.ru
+
+-->
 <ruleset name="ValueHost.ru">
 
 	<target host="valuehost.ru" />
-	<target host="*.valuehost.ru" />
+	<target host="www.valuehost.ru" />
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.valuehost\.ru$" name="^PHPSESSID$" /-->
 
 	<securecookie host="^\.?www\.valuehost\.ru$" name=".+" />
 
 
-	<rule from="^http://(www\.)?valuehost\.ru/"
-		to="https://$1valuehost.ru/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ValueShop.co.uk.xml b/src/chrome/content/rules/ValueShop.co.uk.xml
new file mode 100644
index 000000000000..d7579fe5ac30
--- /dev/null
+++ b/src/chrome/content/rules/ValueShop.co.uk.xml
@@ -0,0 +1,16 @@
+<!--
+	^: cert only matches www
+
+-->
+<ruleset name="ValueShop.co.uk">
+
+	<target host="valueshop.co.uk" />
+	<target host="www.valueshop.co.uk" />
+
+
+	<securecookie host="^www\.valueshop\.co\.uk$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Valued_Opinions.xml b/src/chrome/content/rules/Valued_Opinions.xml
deleted file mode 100644
index 254838f21b75..000000000000
--- a/src/chrome/content/rules/Valued_Opinions.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	Problematic subdomains:
-
-		- ^	(cert only matches www)
-
--->
-<ruleset name="Valued Opinions">
-
-	<target host="valuedopinions.co.uk" />
-	<target host="*.valuedopinions.co.uk" />
-
-
-	<rule from="^https?://(?:www\.)?valuedopinions\.co\.uk/"
-		to="https://www.valuedopinions.co.uk/" />
-
-	<rule from="^http://adtracker\.valuedopinions\.co\.uk/"
-		to="https://adtracker.valuedopinions.co.uk/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Valuedial.com.xml b/src/chrome/content/rules/Valuedial.com.xml
new file mode 100644
index 000000000000..8954e29ef3ca
--- /dev/null
+++ b/src/chrome/content/rules/Valuedial.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="Valuedial.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="valuedial.com" />
+	<target host="www.valuedial.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Valve-mismatches.xml b/src/chrome/content/rules/Valve-mismatches.xml
deleted file mode 100644
index 702f816de500..000000000000
--- a/src/chrome/content/rules/Valve-mismatches.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="Valve (expired)" default_off="expired">
-
-	<target host="storefront.steampowered.com" />
-
-
-	<rule from="^http://storefront\.steampowered\.com/"
-		to="https://storefront.steampowered.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Valve.xml b/src/chrome/content/rules/Valve.xml
deleted file mode 100644
index 83153c3effa3..000000000000
--- a/src/chrome/content/rules/Valve.xml
+++ /dev/null
@@ -1,33 +0,0 @@
-<!--
-	Other Valve rulesets:
-
-		- Steam.xml
-		- Steam_Community.com.xml
-
-
-	CDN buckets:
-
-		- valve.vo.llnwd.net/...
-			- .hs. doesn't exist
-			- www.l4d.com
-
-
-	Nonfunctional domains:
-
-		- www.l4d.com
-		- blogs.valvesoftware.com
-		- (www.)valvesoftware.com	(CN: *.steampowered.com; redirects to store.steampowered.com)
-
--->
-<ruleset name="Valve (partial)">
-
-	<target host="developer.valvesoftware.com" />
-
-
-	<securecookie host="^developer\.valvesoftware\.com$" name=".+" />
-
-
-	<rule from="^http://developer\.valvesoftware\.com/"
-		to="https://developer.valvesoftware.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/ValveSoftware.com.xml b/src/chrome/content/rules/ValveSoftware.com.xml
new file mode 100644
index 000000000000..bf65fee57cba
--- /dev/null
+++ b/src/chrome/content/rules/ValveSoftware.com.xml
@@ -0,0 +1,24 @@
+<!--
+	Other Valve rulesets:
+		+ Dota_2.com.xml
+		+ Steam.xml
+
+	Redirect to HTTP:
+		- ^
+		- www
+
+	Refused:
+		- blogs
+
+	Mismatched:
+		- store (a248.e.akamai.net)
+-->
+
+<ruleset name="ValveSoftware.com (partial)">
+	<target host="developer.valvesoftware.com" />
+	<target host="list.valvesoftware.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/VanAqua.org.xml b/src/chrome/content/rules/VanAqua.org.xml
new file mode 100644
index 000000000000..b309425dfbe7
--- /dev/null
+++ b/src/chrome/content/rules/VanAqua.org.xml
@@ -0,0 +1,22 @@
+<!--
+	Invalid certificate:
+		support.vanaqua.org
+-->
+<ruleset name="VanAqua">
+	<target host="vanaqua.org" />
+	<target host="www.vanaqua.org" />
+	<target host="bbnc.vanaqua.org" />
+	<target host="killerwhale.vanaqua.org" />
+	<target host="onlinesales.vanaqua.org" />
+	<target host="aquanet.vanaqua.org" />
+	<target host="bbnc-dev.vanaqua.org" />
+	<target host="help.vanaqua.org" />
+	<target host="netcommunity.vanaqua.org" />
+	<target host="remote.vanaqua.org" />
+	<target host="sftm.vanaqua.org" />
+	<target host="webmail.vanaqua.org" />
+
+	<securecookie host="^((www|bbnc|killerwhale|onlinesales|aquanet|bbnc-dev|help|netcommunity|remote|sftm|webmail)\.)?vanaqua\.org$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/VanDyke.com.xml b/src/chrome/content/rules/VanDyke.com.xml
new file mode 100644
index 000000000000..7725fa6af7de
--- /dev/null
+++ b/src/chrome/content/rules/VanDyke.com.xml
@@ -0,0 +1,30 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- forums.vandyke.com
+		- secure.vandyke.com
+
+-->
+<ruleset name="VanDyke.com">
+
+	<target host="vandyke.com" />
+	<target host="blog.vandyke.com" />
+	<target host="forums.vandyke.com" />
+	<target host="piwik.vandyke.com" />
+	<target host="secure.vandyke.com" />
+	<target host="whatsnew.vandyke.com" />
+	<target host="www.vandyke.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^forums\.vandyke\.com$" name="^vdsforumsessionhash$" /-->
+	<!--securecookie host="^secure\.vandyke\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^(?:forums|secure)\.vandyke\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Van_Haaren.net.xml b/src/chrome/content/rules/Van_Haaren.net.xml
new file mode 100644
index 000000000000..7ccff9bcbd55
--- /dev/null
+++ b/src/chrome/content/rules/Van_Haaren.net.xml
@@ -0,0 +1,20 @@
+<!--
+	Nonfunctional hosts in *vanhaaren.net:
+
+		- beer *
+
+	* Shows ^vanhaaren.net
+
+-->
+<ruleset name="van Haaren.net (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="vanhaaren.net" />
+	<target host="www.vanhaaren.net" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Van_Lanschot.com.xml b/src/chrome/content/rules/Van_Lanschot.com.xml
new file mode 100644
index 000000000000..1ccd2228109c
--- /dev/null
+++ b/src/chrome/content/rules/Van_Lanschot.com.xml
@@ -0,0 +1,29 @@
+<!--
+	For other Van Lanschot coverage, see Van_Lanschot.nl.xml.
+
+
+	^: cert only matches www
+
+
+	Server is configured for rc4 only.
+
+-->
+<ruleset name="Van Lanschot.com">
+
+	<target host="www.vanlanschot.com" />
+
+
+	<!--	Secured by server:
+					-->
+	<!--securecookie host="^(www\.)?vanlanschot\.com$" name="^PD-S-SESSION-ID$" /-->
+	<!--
+		Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?vanlanschot\.com$" name="^PD_STATEFUL_[\da-f]{7}-([\da-f]-){3}[\da-f]{12}$" /-->
+
+	<securecookie host="^(?:www\.)?vanlanschot\.com$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Van_Lanschot.nl.xml b/src/chrome/content/rules/Van_Lanschot.nl.xml
new file mode 100644
index 000000000000..661269d7099b
--- /dev/null
+++ b/src/chrome/content/rules/Van_Lanschot.nl.xml
@@ -0,0 +1,25 @@
+<!--
+	Other Van Lanschot coverage, see
+
+		- Van_Lanschot.com.xml
+
+
+	^: cert only matches www
+
+-->
+<ruleset name="Van Lanschot.nl">
+
+	<target host="vanlanschot.nl" />
+	<target host="www.vanlanschot.nl" />
+
+
+	<!--	Secured by server:
+					-->
+	<!--securecookie host="^(www\.)?vanlanschot\.nl$" name="^JSESSIONID$" /-->
+
+	<securecookie host="^(?:www\.)?vanlanschot\.nl$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Van_Winkles.com.xml b/src/chrome/content/rules/Van_Winkles.com.xml
new file mode 100644
index 000000000000..f1eed40d1d2b
--- /dev/null
+++ b/src/chrome/content/rules/Van_Winkles.com.xml
@@ -0,0 +1,27 @@
+<!--
+	Insecure cookies are set for these domains and hosts:
+
+		- vanwinkles.com
+		- .vanwinkles.com
+
+-->
+<ruleset name="Van Winkles.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="vanwinkles.com" />
+	<target host="www.vanwinkles.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^vanwinkles\.com$" name="^client_id$" /-->
+	<!--securecookie host="^\.vanwinkles\.com$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.?vanwinkles\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Vancity.xml b/src/chrome/content/rules/Vancity.xml
new file mode 100644
index 000000000000..a8daf8d3d534
--- /dev/null
+++ b/src/chrome/content/rules/Vancity.xml
@@ -0,0 +1,39 @@
+<!--
+	Invalid certificates:
+		- annualreport.vancity.com
+		- bcp.vancity.com
+		- blog.vancity.com
+		- holidays.vancity.com
+		- images.vancity.com
+		- weallprofit.vancity.com
+		- vancityinsurance.com (www. has a valid certificate)
+		- myreloadable.ca (www. has a valid certificate)
+-->
+
+<ruleset name="Vancity">
+	<target host="myreloadable.ca" />
+	<target host="www.myreloadable.ca" />
+	<target host="myvisaaccount.com" />
+	<target host="www.myvisaaccount.com" />
+	<target host="myvisaapplication.com" />
+	<target host="www.myvisaapplication.com" />
+	<target host="myvisarewardsplus.com" />
+	<target host="www.myvisarewardsplus.com" />
+	<target host="vancity.com" />
+	<target host="www.vancity.com" />
+	<target host="adfs1.vancity.com" />
+	<target host="download.vancity.com" />
+	<target host="mdws.vancity.com" />
+	<target host="moveit.vancity.com" />
+	<target host="onlinebusinessplus.vancity.com" />
+	<target host="support.vancity.com" />
+	<target host="webmail.vancity.com" />
+	<target host="vancityinsurance.com" />
+	<target host="www.vancityinsurance.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://vancityinsurance\.com/" to="https://www.vancityinsurance.com/" />
+	<rule from="^http://myreloadable\.ca/" to="https://www.myreloadable.ca/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Vanco-Asiapac.com.xml b/src/chrome/content/rules/Vanco-Asiapac.com.xml
new file mode 100644
index 000000000000..adaef4d43223
--- /dev/null
+++ b/src/chrome/content/rules/Vanco-Asiapac.com.xml
@@ -0,0 +1,18 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://o-zone.vanco-asiapac.com/ => https://o-zone.vanco-asiapac.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://o-zone.vanco-asiapac.com/ => https://o-zone.vanco-asiapac.com/: (28, 'Connection timed out after 10001 milliseconds')
+	(www.): broken redirect
+
+-->
+<ruleset name="Vanco-Asiapac.com (partial)" default_off="failed ruleset test">
+
+	<target host="o-zone.vanco-asiapac.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/VancouverInternationalAutoShow.com.xml b/src/chrome/content/rules/VancouverInternationalAutoShow.com.xml
new file mode 100644
index 000000000000..6adfa36c787d
--- /dev/null
+++ b/src/chrome/content/rules/VancouverInternationalAutoShow.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="VancouverInternationalAutoShow.com">
+	<target host="vancouverinternationalautoshow.com" />
+	<target host="www.vancouverinternationalautoshow.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Vanderbilt-University.xml b/src/chrome/content/rules/Vanderbilt-University.xml
deleted file mode 100644
index 5b40139ab8f3..000000000000
--- a/src/chrome/content/rules/Vanderbilt-University.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="Vanderbilt University (partial)">
-
-	<target host="sitemason.vanderbilt.edu" />
-
-
-	<rule from="^http://sitemason\.vanderbilt\.edu/"
-		to="https://sitemason.vanderbilt.edu/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Vanderbilt.org-falsemixed.xml b/src/chrome/content/rules/Vanderbilt.org-falsemixed.xml
new file mode 100644
index 000000000000..73f92e4b57c6
--- /dev/null
+++ b/src/chrome/content/rules/Vanderbilt.org-falsemixed.xml
@@ -0,0 +1,8 @@
+<!-- see Vanderbilt.org.xml for other rules -->
+<ruleset name="Vanderbilt.edu (false MCB)" platform="mixedcontent">
+	<target host="it.vanderbilt.edu" />
+	<target host="www.vanderbilthealth.com" />
+	<target host=    "vanderbilthealth.com" />
+	<rule from="^http:"
+	        to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Vanderbilt.org.xml b/src/chrome/content/rules/Vanderbilt.org.xml
new file mode 100644
index 000000000000..3c7ddd079f96
--- /dev/null
+++ b/src/chrome/content/rules/Vanderbilt.org.xml
@@ -0,0 +1,20 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://sitemason.vanderbilt.edu/ => https://sitemason.vanderbilt.edu/: (7, 'Failed to connect to sitemason.vanderbilt.edu port 443: No route to host')
+ see Vanderbilt.org-falsemixed.xml for other rules -->
+<ruleset name="Vanderbilt.edu (partial)" default_off="failed ruleset test">
+	<target host=            "hr.vanderbilt.edu" />
+	<target host=        "www.mc.vanderbilt.edu" />
+	<target host=            "mc.vanderbilt.edu" />
+	<target host=            "my.vanderbilt.edu" />
+	<target host="phonedirectory.vanderbilt.edu" />
+	<target host=     "sitemason.vanderbilt.edu" />
+        <securecookie host="^events\.vanderbilt\.edu$" name=".+" />
+        <securecookie host="^www\.mc\.vanderbilt\.edu$" name=".+" />
+	<securecookie host="^mc\.vanderbilt\.edu$" name=".+" />
+        <securecookie host="^my\.vanderbilt\.edu$" name=".+" />
+        <securecookie host="^phonedirectory\.vanderbilt\.edu$" name=".+" />
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Vanilla-Forums.xml b/src/chrome/content/rules/Vanilla-Forums.xml
deleted file mode 100644
index d6260b3b436b..000000000000
--- a/src/chrome/content/rules/Vanilla-Forums.xml
+++ /dev/null
@@ -1,50 +0,0 @@
-<!--
-	CDN buckets:
-
-		- c3409409.r9.cf0.rackcdn.com
-			- cdn.vanillaforums.com
-			- cdn.vni.la
-
-
-	vanillaforums.totemapp.com
-
-
-	Nonfunctional subdomains:
-
-		- cdn	(Akamai; 401)
-
--->
-<ruleset name="Vanilla Forums (partial)">
-
-	<target host="vanillaforums.com" />
-	<target host="*.vanillaforums.com" />
-		<!--	These paths redirect to http.	-->
-		<exclusion pattern="^http://(www\.)?vanillaforums\.com/($|info($|/))" />
-	<target host="*.vanilladev.com" />
-	<target host="cdn.vni.la" />
-
-
-	<rule from="^http://autostatic\.vanilladev\.com/"
-		to="https://autostatic.vanilladev.com/" />
-
-	<!--	Some pages redirect to http.
-
-		Those in the commented out rule have been verified as not doing so.
-		
-	<rule from="^http://(www\.)?vanillaforums\.com/((?:account|applications|blog|entry|features|migrate-your-community|plans|resources|themes|tour)(?:$|/))">
-			-->
-	<rule from="^http://(www\.)?vanillaforums\.com/"
-		to="https://$1vanillaforums.com/" />
-
-	<rule from="^https?://cdn\.v(?:anillaforums\.com|ni\.la)/"
-		to="https://c3409409.ssl.cf0.rackcdn.com/" />
-
-	<!--	- Doesn't work over https
-		- Included on clients' websites
-
-		NB: revisit this, is it working as-is now?
-				-->
-	<rule from="^https?://autostatic-cl1\.vanilladev\.com/(\w+)\.vanillaforums\.com/"
-		to="https://$1.vanillaforums.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/VanillaMastercard.xml b/src/chrome/content/rules/VanillaMastercard.xml
deleted file mode 100644
index a2a3589f9632..000000000000
--- a/src/chrome/content/rules/VanillaMastercard.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="VanillaMastercard">
-	<target host="vanillamastercard.com" />
-	<target host="*.vanillamastercard.com" />
-	<rule from="^http://([^/:@\.]+)\.vanillamastercard\.com/" to="https://$1.vanillamastercard.com/"/>
-</ruleset>
-
diff --git a/src/chrome/content/rules/Vanillicon.com.xml b/src/chrome/content/rules/Vanillicon.com.xml
new file mode 100644
index 000000000000..26549c358357
--- /dev/null
+++ b/src/chrome/content/rules/Vanillicon.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="Vanillicon.com">
+
+	<target host="vanillicon.com" />
+	<target host="www.vanillicon.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Vanity-Fair.xml b/src/chrome/content/rules/Vanity-Fair.xml
index 8062e2b5f3af..b321755475f7 100644
--- a/src/chrome/content/rules/Vanity-Fair.xml
+++ b/src/chrome/content/rules/Vanity-Fair.xml
@@ -1,30 +1,20 @@
 <!--
 	For other Conde Nast coverage, see Conde-Nast.xml.
 
+	Non-functional host:
+		Timeout:
+		- stats.vanityfair.com
 
-	CDN buckets:
-
-		- stag.vanityfair.com.edgesuite.net
-		- www.vanityfair.com.edgesuite.net
-
-
-	Nonfunctional domains:
-
-		- promotions.vf.com
-
+		Mismatched:
+		- stats2.vanityfair.com
 -->
 <ruleset name="Vanity Fair (partial)">
 
-	<target host="*.vanityfair.com" />
-
-
-	<securecookie host="^.*\.vanityfair\.com$" name=".*" />
-
-
-	<rule from="^http://secure\.vanityfair\.com/"
-		to="https://secure.vanityfair.com/" />
+	<target host="vanityfair.com" />
+	<target host="www.vanityfair.com" />
+	<target host="stag.vanityfair.com" />
 
-	<rule from="^https?://stats2\.vanityfair\.com/"
-		to="https://vanityfair-com.122.2o7.net/" />
+	<securecookie host=".+" name=".+"/>
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/VantageOne-Credit-Union.xml b/src/chrome/content/rules/VantageOne-Credit-Union.xml
new file mode 100644
index 000000000000..2b719fa6b0e1
--- /dev/null
+++ b/src/chrome/content/rules/VantageOne-Credit-Union.xml
@@ -0,0 +1,15 @@
+<ruleset name="VantageOne Credit Union">
+	<target host="vantageone.net" />
+	<target host="www.vantageone.net" />
+	<target host="onlinebanking.vantageone.net" />
+	<target host="mdws.vantageone.net" />
+	<target host="vantageonerealty.com" />
+	<target host="www.vantageonerealty.com" />
+	<target host="vantageone.mycumulus.ca" />
+
+	<securecookie host="^(www\.|onlinebanking\.|mdws\.)?vantageone\.net$" name=".+" />
+	<securecookie host="^(www\.)?vantageonerealty\.com$" name=".+" />
+	<securecookie host="^vantageone\.mycumulus\.ca$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Vantiv.com.xml b/src/chrome/content/rules/Vantiv.com.xml
new file mode 100644
index 000000000000..28293faa930e
--- /dev/null
+++ b/src/chrome/content/rules/Vantiv.com.xml
@@ -0,0 +1,27 @@
+<!--
+	Problematic subdomains:
+
+		- investor *
+
+	* corporate-ir.net
+
+
+	Fully covered subdomains:
+
+		- (www.)?
+		- (www.)?clientconnection
+		- sales
+
+-->
+<ruleset name="Vantiv.com (partial)">
+
+	<target host="vantiv.com" />
+	<target host="clientconnection.vantiv.com" />
+	<target host="www.clientconnection.vantiv.com" />
+	<target host="sales.vantiv.com" />
+	<target host="www.vantiv.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Vara.nl.xml b/src/chrome/content/rules/Vara.nl.xml
new file mode 100644
index 000000000000..f56b3c7a8096
--- /dev/null
+++ b/src/chrome/content/rules/Vara.nl.xml
@@ -0,0 +1,81 @@
+<!--
+	^: cert only matches *.vara.nl
+
+
+	Partially covered subdomains:
+
+		- humortv *
+
+	* Avoiding broken MCB
+
+
+	Fully covered subdomains:
+
+		- media-service
+		- omroep
+		- shop
+		- static
+		- tickets
+		- www
+
+
+	These altnames don't exist:
+
+		- www.shop.vara.nl
+
+
+	Insecure cookies are set for these domains:
+
+		- humortv
+		- .humortv
+		- media-service
+		- omroep
+		- .omroep
+		- .shop
+		- static
+		- .tickets
+		- www
+		- .www
+
+
+	Mixed content:
+
+		css on humortv from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Vara.nl (partial)">
+
+	<target host="humortv.vara.nl" />
+	<target host="media-service.vara.nl" />
+	<target host="omroep.vara.nl" />
+	<target host="shop.vara.nl" />
+	<target host="static.vara.nl" />
+	<target host="tickets.vara.nl" />
+	<target host="www.vara.nl" />
+		<!--
+			Avoid false/broken MCB:
+						-->
+		<exclusion pattern="^http://humortv\.vara\.nl/+(?!favicon\.ico|fileadmin/|typo3conf/|typo3temp/)" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^humortv\.vara\.nl$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^(humortv|media-service|omroep|www)\.vara\.nl$" name="^http-cookie-VARA21_[A-Z-]+-PROD$" /-->
+	<!--securecookie host="^(humortv|omroep)\.vara\.nl$" name="^fe_typo_user$" /-->
+	<!--
+		Redirection behavior appears to involve setting
+		npo_cc, so be cautious about securing it...:
+								-->
+	<!--securecookie host="^\.(humortv|omroep|shop|www)\.vara\.nl$" name="^npo_cc$" /-->
+	<!--securecookie host="^\.(shop|tickets)\.vara\.nl$" name="^frontend$" /-->
+
+	<securecookie host="^(?:media-service|omroep|static|www)\.vara\.nl$" name=".+" />
+	<securecookie host="^\.(?:shop|tickets)\.vara\.nl$" name="^frontend$" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Varian.com.xml b/src/chrome/content/rules/Varian.com.xml
new file mode 100644
index 000000000000..1ef550fed4d7
--- /dev/null
+++ b/src/chrome/content/rules/Varian.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Other Varian Medical Systems rulesets:
+
+		- MyVarian.com.xml
+
+
+	Nonfunctional hosts in *varian.com:
+
+		- investors *
+		- newsroom *
+
+	* Dropped
+
+-->
+<ruleset name="Varian.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="varian.com" />
+	<target host="www.varian.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Variety.xml b/src/chrome/content/rules/Variety.xml
index 361de4fffcb0..aff3f4f8d03a 100644
--- a/src/chrome/content/rules/Variety.xml
+++ b/src/chrome/content/rules/Variety.xml
@@ -1,36 +1,64 @@
-<ruleset name="Variety (partial)">
 
-	<target host="variety.com" />
-	<target host="*.variety.com" />
-		<exclusion pattern="^http://images[1-3]\.variety\.com/([gG]lobal|graphics/photos)/" />
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://login.variety.com/ => https://login.variety.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://haas.variety.com/ => https://haas.reedbusiness.nl/: (28, 'Connection timed out after 20000 milliseconds')
+
+	CDN buckets:
+
+		- dxcdzflj3dom3.cloudfront.net
+
+			images[1-3]?
 
 
-	<!--	Many paths 404.	-->
-	<rule from="^http://(www\.)?variety\.com/(css/|graphics/|promo($|\?)|subscribe\.asp|subtxtad$)"
-		to="https://$1variety.com/$2" />
+	Nonfunctional hosts in *variety.com:
 
-	<!--	- Cert only matches (www.)
+		- careers *
 
-		- These paths 404:
+	* Refused
 
-			- global/cssimages/variety/
-			- Global/CSSImages/variety/
-			- graphics/photos/_mugr/
 
-		- These paths don't:
+	Problematic hosts in *variety.com:
 
-			- graphics/exclamation_red_11x16.gif
-			- graphics/css/
-			- graphics/icons/
-			- graphics/images/
-			- graphics/variety/
+		- jobs ¹
+		- www ²
+
+	¹ Adicio
+	² Expired
+
+-->
+<ruleset name="Variety.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
 				-->
-	<rule from="^https?://images[1-3]\.variety\.com/"
-		to="https://www.variety.com/" />
+	<target host="variety.com" />
+	<!--target host="jobs.variety.com" /-->
+	<target host="login.variety.com" />
+
+	<!--	Complications:
+				-->
+	<target host="haas.variety.com" />
+	<target host="images.variety.com" />
+	<target host="images1.variety.com" />
+	<target host="images2.variety.com" />
+	<target host="images3.variety.com" />
+	<target host="www.variety.com" />
+
+
+	<securecookie host=".+" name=".+" />
 
 
+	<rule from="^http://www\.variety\.com/"
+		to="https://variety.com/" />
+
 	<!--	Cert only matches haas.reedbusiness.nl.	-->
-	<rule from="^https?://haas\.variety\.com/"
+	<rule from="^http://haas\.variety\.com/"
 		to="https://haas.reedbusiness.nl/" />
 
+	<rule from="^http://images\d?\.variety\.com/"
+		to="https://dxcdzflj3dom3.cloudfront.net/" />
+
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/Varnish-Cache.org.xml b/src/chrome/content/rules/Varnish-Cache.org.xml
index e4f825abcd02..e3747b18bb04 100644
--- a/src/chrome/content/rules/Varnish-Cache.org.xml
+++ b/src/chrome/content/rules/Varnish-Cache.org.xml
@@ -1,4 +1,7 @@
 <!--
+	For other Varnish Software coverage, see Varnish-Software.com.xml.
+
+
 	subdomains:
 
 		- planet	(works; mismatched, CN: varnish-cache.org)
@@ -12,13 +15,14 @@
 <ruleset name="Varnish-Cache.org">
 
 	<target host="varnish-cache.org" />
+	<target host="repo.varnish-cache.org" />
 	<target host="www.varnish-cache.org" />
 
 
 	<securecookie host="^www\.varnish-cache\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?varnish-cache\.org/"
-		to="https://$1varnish-cache.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Varnish-Software.com.xml b/src/chrome/content/rules/Varnish-Software.com.xml
new file mode 100644
index 000000000000..6e7e636ad9ef
--- /dev/null
+++ b/src/chrome/content/rules/Varnish-Software.com.xml
@@ -0,0 +1,35 @@
+<!--
+	Other Varnish Software rulesets:
+
+		- Varnish-Cache.org.xml
+
+
+	Problematic subdomains:
+
+		- info *
+
+	* Hubspot
+
+
+	Mixed content:
+
+		- favicon on info from cdn1.hubspot.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Varnish-Software.com (partial)">
+
+	<target host="varnish-software.com" />
+	<target host="www.varnish-software.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^info\.varnish-software\.com$" name="^hsPagesViewedThisSession$" /-->
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Varuste.net.xml b/src/chrome/content/rules/Varuste.net.xml
index b218ed230a78..bfda544aa1e9 100644
--- a/src/chrome/content/rules/Varuste.net.xml
+++ b/src/chrome/content/rules/Varuste.net.xml
@@ -4,6 +4,5 @@
 
 	<securecookie host="^www\.varuste\.net$" name=".+" />
 
-	<rule from="^http://(www\.)?varuste\.net/"
-		to="https://$1varuste.net/"/>
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Varusteleka.fi.xml b/src/chrome/content/rules/Varusteleka.fi.xml
new file mode 100644
index 000000000000..559738b547d4
--- /dev/null
+++ b/src/chrome/content/rules/Varusteleka.fi.xml
@@ -0,0 +1,13 @@
+<ruleset name="Varusteleka.fi">
+  <target host="www.varusteleka.fi" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.varusteleka\.fi$" name="^(PHPSESSID|vluser_lang)$" /-->
+
+	<securecookie host="^www\.varusteleka\.fi$" name=".+" />
+
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Vast.xml b/src/chrome/content/rules/Vast.xml
index 5415e69f2b6b..d20ecb8a9d42 100644
--- a/src/chrome/content/rules/Vast.xml
+++ b/src/chrome/content/rules/Vast.xml
@@ -1,14 +1,25 @@
-<ruleset name="Vast (partial)">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://staticv.net/ => https://www.vast.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.vast.com'")
+Fetch error: http://www.staticv.net/ => https://www.vast.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.vast.com'")
+Fetch error: http://vast.com/ => https://www.vast.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.vast.com'")
+
+-->
+<ruleset name="Vast (partial)" default_off="failed ruleset test">
 
 	<!--	mismatch	-->
 	<target host="staticv.net"/>
 	<target host="www.staticv.net"/>
 	<target host="vast.com"/>
-	<target host="*.vast.com"/>
+	<target host="www.vast.com" />
+	<target host="img.vast.com" />
 
-	<securecookie host="^(.*\.)?vast\.com$" name=".*"/>
+	<securecookie host="^(?:.*\.)?vast\.com$" name=".+" />
 
 	<rule from="^http://(?:www\.)?(?:staticv\.net|vast\.com)/"
 		to="https://www.vast.com/"/>
 
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Vast_Interactive.xml b/src/chrome/content/rules/Vast_Interactive.xml
index 34c6f6d46566..841272d433e0 100644
--- a/src/chrome/content/rules/Vast_Interactive.xml
+++ b/src/chrome/content/rules/Vast_Interactive.xml
@@ -1,13 +1,33 @@
-<ruleset name="Vast Interactive (partial)">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://dsply.com/ => https://dsply.com/: (51, "SSL: no alternative certificate subject name matches target host name 'dsply.com'")
+
+	For other Answers Corporation coverage, see Answers.com.xml.
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- dsply.com
+		- .dsply.com
+		- www.dsply.com
+
+-->
+<ruleset name="dsply.com" default_off="failed ruleset test">
 
 	<target host="dsply.com" />
-	<target host="*.dsply.com" />
+	<target host="www.dsply.com" />
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?dsply\.com$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^\.dsply\.com$" name="^adc$" /-->
 
-	<securecookie host="^(?:.*\.)?dsply\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(www\.)?dsply\.com/"
-		to="https://$1dsply.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Vates.fr.xml b/src/chrome/content/rules/Vates.fr.xml
new file mode 100644
index 000000000000..5f3c3713d48f
--- /dev/null
+++ b/src/chrome/content/rules/Vates.fr.xml
@@ -0,0 +1,28 @@
+<!--
+	Invalid certificate:
+		andromeda.vates.fr
+		www.business.vates.fr
+		centaurus.vates.fr
+		orion.vates.fr
+		pegasus.vates.fr
+		xoa.vates.fr
+
+	No working URL known:
+		business.vates.fr
+		shelter.vates.fr
+		web.vates.fr
+		web1.vates.fr
+
+-->
+<ruleset name="Vates.fr">
+
+	<target host="vates.fr" />
+	<target host="www.vates.fr" />
+	<target host="piwik.vates.fr" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Vaultize.com.xml b/src/chrome/content/rules/Vaultize.com.xml
new file mode 100644
index 000000000000..d1a364196daa
--- /dev/null
+++ b/src/chrome/content/rules/Vaultize.com.xml
@@ -0,0 +1,53 @@
+<!--
+	Nonfunctional hosts in *.vaultize.com:
+
+	No publicly-trusted certificate issued:
+		portal.vaultize.com
+		resolve-to.wiki.vaultize.com
+		resolve-to.www.wiki.vaultize.com
+		resources.vaultize.com
+		tech.vaultize.com
+
+	Do not resolve:
+		api.vaultize.com
+		demo.vaultize.com
+		dloplus.vaultize.com
+		intranet.vaultize.com
+		ldaps.vaultize.com
+		offers.vaultize.com
+		trial.vaultize.com
+		try.vaultize.com
+		www.api.vaultize.com
+		www.aws.vaultize.com
+		www.awstest.vaultize.com
+		www.demo.vaultize.com
+		www.dloplus.vaultize.com
+		www.login.vaultize.com
+		www.logintest.vaultize.com
+		www.pune.vaultize.com
+		www.try.vaultize.com
+
+	Invalid certificate:
+		my.vaultize.com
+		www.my.vaultize.com
+
+	Refused:
+		socgen.vaultize.com
+
+-->
+<ruleset name="Vaultize.com">
+	<target host="aws.vaultize.com" />
+	<target host="awstest.vaultize.com" />
+	<target host="login.vaultize.com" />
+	<target host="logintest.vaultize.com" />
+	<target host="pune.vaultize.com" />
+	<target host="support.vaultize.com" />
+	<target host="vaultize.com" />
+	<target host="wiki.vaultize.com" />
+	<target host="www.vaultize.com" />
+	<target host="www.wiki.vaultize.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Vayabe.com.xml b/src/chrome/content/rules/Vayabe.com.xml
index 567592f26853..e670d362b362 100644
--- a/src/chrome/content/rules/Vayabe.com.xml
+++ b/src/chrome/content/rules/Vayabe.com.xml
@@ -21,4 +21,4 @@
 	<rule from="^http://(?:www\.)?vayable\.com/"
 		to="https://www.vayable.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Vb-paradise.de.xml b/src/chrome/content/rules/Vb-paradise.de.xml
new file mode 100644
index 000000000000..25384028896f
--- /dev/null
+++ b/src/chrome/content/rules/Vb-paradise.de.xml
@@ -0,0 +1,6 @@
+<ruleset name="VB-Paradise.de">
+  <target host="vb-paradise.de" />
+  <target host="www.vb-paradise.de" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Vbrr.ru.xml b/src/chrome/content/rules/Vbrr.ru.xml
new file mode 100644
index 000000000000..00fbb9998c0c
--- /dev/null
+++ b/src/chrome/content/rules/Vbrr.ru.xml
@@ -0,0 +1,48 @@
+<!--
+3dsecure.vbrr.ru ³
+antares.vbrr.ru ³
+atlas.vbrr.ru ⁴
+autodiscover.vbrr.ru ⁴
+bmx.vbrr.ru ³
+bss.vbrr.ru ³
+c2.vbrr.ru ¹
+c4.vbrr.ru ¹
+c5.vbrr.ru ¹
+c6.vbrr.ru ¹
+c7.vbrr.ru ¹
+canopus.vbrr.ru ³
+castor.vbrr.ru ³
+gw.vbrr.ru ²
+kruf10.vbrr.ru ³
+lira.vbrr.ru ⁴
+mi1.vbrr.ru ³
+mi2.vbrr.ru ³
+ns.vbrr.ru ³
+nsr.vbrr.ru ³
+pollux.vbrr.ru ³
+qb.vbrr.ru ³
+rx1.vbrr.ru ³
+sirius.vbrr.ru ³
+t1.vbrr.ru ¹
+tpb1.vbrr.ru ²
+vega.vbrr.ru ³
+vx.vbrr.ru ³
+
+
+¹ mismatch
+² refused
+³ timed out
+⁴ self signed
+-->
+<ruleset name="vbrr.ru">
+	<target host="vbrr.ru" />
+	<target host="www.vbrr.ru" />
+	<target host="c1.vbrr.ru" />
+	<target host="nx.vbrr.ru" />
+	<target host="online.vbrr.ru" />
+	<target host="pay.vbrr.ru" />
+	<target host="pb1.vbrr.ru" />
+	<target host="xm.vbrr.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Vc.ru.xml b/src/chrome/content/rules/Vc.ru.xml
new file mode 100644
index 000000000000..b4a39c638970
--- /dev/null
+++ b/src/chrome/content/rules/Vc.ru.xml
@@ -0,0 +1,19 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.vc.ru/ => https://www.vc.ru/: (51, "SSL: no alternative certificate subject name matches target host name 'www.vc.ru'")
+
+-->
+<ruleset name="vc.ru" default_off="failed ruleset test">
+
+	<target host="vc.ru" />
+	<target host="www.vc.ru" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Vcommerce.com.xml b/src/chrome/content/rules/Vcommerce.com.xml
new file mode 100644
index 000000000000..b173c4997062
--- /dev/null
+++ b/src/chrome/content/rules/Vcommerce.com.xml
@@ -0,0 +1,27 @@
+<!--
+	Non-functional hosts
+		Timeout was reached:
+		- uw2a-net01.vcommerce.com
+		- uw2b-net02.vcommerce.com
+		- b2bgis.vcommerce.com
+
+		SSL peer certificate was not OK:
+		- dodgeprojects.construction.com.vcommerce.com
+
+		4xx client error:
+		- services.vcommerce.com
+		- dodgeprojects.construction.com.staging.vcommerce.com
+-->
+<ruleset name="Vcommerce.com">
+	<target host="vcommerce.com" />
+	<target host="www.vcommerce.com" />
+	<target host="mhcpoe.vcomshop.com.staging.vcommerce.com" />
+	<target host="staging.vcommerce.com" />
+	<target host="services.staging.vcommerce.com" />
+	<target host="confluence.vcommerce.com" />
+	<target host="ontrack.vcommerce.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Vcommerce.xml b/src/chrome/content/rules/Vcommerce.xml
deleted file mode 100644
index 04e592fd33c0..000000000000
--- a/src/chrome/content/rules/Vcommerce.xml
+++ /dev/null
@@ -1,28 +0,0 @@
-<!--
-	CDN buckets:
-
-		- s3.amazonaws.com/content.vcommerce.com/
-
-
-	Problematic subdomains:
-
-		- ^		(cert only matches *.vcommerce.com)
-		- content	(403; mismatched, CN: ssl2.cdngc.net)
-
--->
-<ruleset name="Vcommerce (partial)">
-
-	<target host="vcommerce.com" />
-	<target host="*.vcommerce.com" />
-
-
-	<securecookie host="^www\.vcommerce\.com$" name=".+" />
-
-
-	<rule from="^https?://(?:www\.)?vcommerce\.com/"
-		to="https://www.vcommerce.com/" />
-
-	<rule from="^https?://content\.vcommerce\.com/"
-		to="https://s3.amazonaws.com/content.vcommerce.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Vdio.xml b/src/chrome/content/rules/Vdio.xml
index d154f96c82d8..e42840275e0c 100644
--- a/src/chrome/content/rules/Vdio.xml
+++ b/src/chrome/content/rules/Vdio.xml
@@ -1,19 +1,38 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://vdio.com// => https://www.rdio.com/: (7, 'Failed to connect to www.rdio.com port 443: Connection refused')
+Fetch error: http://vdio.com/? => https://www.rdio.com/: (7, 'Failed to connect to www.rdio.com port 443: Connection refused')
+Fetch error: http://www.vdio.com// => https://www.rdio.com/: (7, 'Failed to connect to www.rdio.com port 443: Connection refused')
+Fetch error: http://www.vdio.com/? => https://www.rdio.com/: (7, 'Failed to connect to www.rdio.com port 443: Connection refused')
+Fetch error: http://vdio.com/ => https://www.rdio.com/: (7, 'Failed to connect to www.rdio.com port 443: Connection refused')
+Fetch error: http://www.vdio.com/ => https://www.rdio.com/: (7, 'Failed to connect to www.rdio.com port 443: Connection refused')
+
 	CDN buckets:
 
 		- vdio-a.akamaihd.net
 
+
+	(www.)?vdio.com: Refused
+
 -->
-<ruleset name="Vdio">
+<ruleset name="Vdio.com" default_off="failed ruleset test">
 
+	<!--	Complications:
+				-->
 	<target host="vdio.com" />
-	<target host="*.vdio.com" />
-
+	<target host="www.vdio.com" />
 
-	<securecookie host="^\.vdio\.com$" name=".+" />
 
+	<!--	Redirect keeps path, but not
+		args nor forward slash:
+					-->
+	<rule from="^http://(?:www\.)?vdio\.com/+([^?]*).*"
+		to="https://www.rdio.com/$1" />
 
-	<rule from="^http://(www\.)?vdio\.com/"
-		to="https://$1vdio.com/" />
+		<test url="http://vdio.com//" />
+		<test url="http://vdio.com/?" />
+		<test url="http://www.vdio.com//" />
+		<test url="http://www.vdio.com/?" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Vdopia.xml b/src/chrome/content/rules/Vdopia.xml
index d9f197748a05..ce9f9187c800 100644
--- a/src/chrome/content/rules/Vdopia.xml
+++ b/src/chrome/content/rules/Vdopia.xml
@@ -1,4 +1,14 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ivdopia.com/ => https://www.ivdopia.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.ivdopia.com/ => https://www.ivdopia.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://mobile.sb.vdopia.com/ => https://mobile.sb.vdopia.com/: (60, 'SSL certificate problem: certificate has expired')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://ivdopia.com/ => https://www.ivdopia.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.ivdopia.com'")
+Fetch error: http://www.ivdopia.com/ => https://www.ivdopia.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.ivdopia.com'")
+Fetch error: http://mobile.sb.vdopia.com/ => https://mobile.sb.vdopia.com/: (28, 'Connection timed out after 10000 milliseconds')
 	Problematic domains:
 
 		- ivdopia.com		(mismatched)
@@ -33,26 +43,32 @@
 	* Seems identical to www
 
 -->
-<ruleset name="Vdopia">
+<ruleset name="Vdopia" default_off="failed ruleset test">
 
 	<target host="ivdopia.com" />
 	<target host="www.ivdopia.com" />
 	<target host="vdopia.com" />
-	<target host="*.vdopia.com" />
-		<exclusion pattern="^https?://i2\.vdopia\.com/(?!js/)" />
+	<target host="i2.vdopia.com" />
+	<target host="serve.vdopia.com" />
+	<target host="online.vdopia.com" />
+	<target host="sb.vdopia.com" />
+	<target host="www.vdopia.com" />
+	<target host="cdn.vdopia.com" />
+	<target host="mobile.vdopia.com" />
 	<target host="mobile.sb.vdopia.com" />
+		<exclusion pattern="^http://i2\.vdopia\.com/(?!js/)" />
 
 
 	<securecookie host="^(?:.+\.)?vdopia\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?ivdopia\.com/"
+	<rule from="^http://(?:www\.)?ivdopia\.com/"
 		to="https://www.ivdopia.com/" />
 
-	<rule from="^https?://(?:i2\.|serve\.|(online\.|sb\.|www\.))?vdopia\.com/"
+	<rule from="^http://(?:i2\.|serve\.|(online\.|sb\.|www\.))?vdopia\.com/"
 		to="https://$1vdopia.com/" />
 
 	<rule from="^http://(?:cdn|mobile(\.sb)?)\.vdopia\.com/"
 		to="https://mobile$1.vdopia.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Vdoth.com.xml b/src/chrome/content/rules/Vdoth.com.xml
index 5b04bce4fedb..ff60fa1646fa 100644
--- a/src/chrome/content/rules/Vdoth.com.xml
+++ b/src/chrome/content/rules/Vdoth.com.xml
@@ -1,4 +1,11 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://vdoth.com/ => https://vdoth.com/: (7, 'Failed to connect to vdoth.com port 443: Connection refused')
+Fetch error: http://kodsana.vdoth.com/ => https://kodsana.vdoth.com/: (7, 'Failed to connect to kodsana.vdoth.com port 443: Connection refused')
+Fetch error: http://www.vdoth.com/ => https://www.vdoth.com/: (7, 'Failed to connect to www.vdoth.com port 443: Connection refused')
+Fetch error: http://www.clipth.net/ => https://www.vdoth.com/: (28, 'Connection timed out after 20000 milliseconds')
+
 	Problematic domains:
 
 		- www.clipth.net	(refused)
@@ -10,7 +17,7 @@
 
 		- Ads/web bugs, on (www.) from:
 
-			- sstatic1.histats.com **
+			- sstatic1.histats.com *
 			- www.mypagerank.net **
 			- www.ping-fast.com
 
@@ -18,11 +25,17 @@
 	** Unsecurable
 
 -->
-<ruleset name="Vdoth.com">
+<ruleset name="Vdoth.com" default_off="failed ruleset test">
 
-	<target host="www.clipth.net" />
+	<!--	Direct rewrites:
+				-->
 	<target host="vdoth.com" />
-	<target host="*.vdoth.com" />
+	<target host="kodsana.vdoth.com" />
+	<target host="www.vdoth.com" />
+
+	<!--	Complications:
+				-->
+	<target host="www.clipth.net" />
 
 
 	<securecookie host="^(?:w*\.)?vdoth\.com$" name=".+" />
@@ -31,7 +44,7 @@
 	<rule from="^http://www\.clipth\.net/"
 		to="https://www.vdoth.com/" />
 
-	<rule from="^http://(kodsana\.|www\.)?vdoth\.com/"
-		to="https://$1vdoth.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Ve_Interactive.xml b/src/chrome/content/rules/Ve_Interactive.xml
index 17c2a5129a12..39f5065b646e 100644
--- a/src/chrome/content/rules/Ve_Interactive.xml
+++ b/src/chrome/content/rules/Ve_Interactive.xml
@@ -1,11 +1,14 @@
 <!--
 	Nonfunctional subdomains:
 
-		- (www.)	(shows CentOS teset page; self-signed, CN: VDED10748.servers.dedipower.net)
+		- (www.) *
+
+	* Plaintext reply
 
 
 	Fully covered subdomains:
 
+		- cdsusa
 		- config1
 		- configusa
 		- rcs
@@ -18,13 +21,19 @@
 -->
 <ruleset name="Ve Interactive.com (partial)">
 
-	<target host="*.veinteractive.com" />
+	<target host="cdsusa.veinteractive.com" />
+	<target host="config1.veinteractive.com" />
+	<target host="configusa.veinteractive.com" />
+	<target host="drs2.veinteractive.com" />
+	<target host="mail.veinteractive.com" />
+	<target host="rcs.veinteractive.com" />
+	<target host="vecapture.veinteractive.com" />
+	<target host="vemerchant.veinteractive.com" />
 
 
 	<securecookie host="^(?:mail|vecapture|vecontact|vemerchant)\.veinteractive\.com$" name=".+" />
 
 
-	<rule from="^http://(config1|configusa|drs2|mail|rcs|vecapture|vecontact|vemerchant)\.veinteractive\.com/"
-		to="https://$1.veinteractive.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Veber.co.uk.xml b/src/chrome/content/rules/Veber.co.uk.xml
new file mode 100644
index 000000000000..dec7e52bd472
--- /dev/null
+++ b/src/chrome/content/rules/Veber.co.uk.xml
@@ -0,0 +1,23 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://blog.veber.co.uk/ => https://blog.veber.co.uk/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="Veber.co.uk" default_off="failed ruleset test">
+
+	<target host="veber.co.uk" />
+	<target host="blog.veber.co.uk" />
+	<target host="www.veber.co.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?veber\.co\.uk$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^(?:www\.)?veber\.co\.uk$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Vector-Media-Group.xml b/src/chrome/content/rules/Vector-Media-Group.xml
index 8ec3bd4f9c98..35b486c82b4a 100644
--- a/src/chrome/content/rules/Vector-Media-Group.xml
+++ b/src/chrome/content/rules/Vector-Media-Group.xml
@@ -3,7 +3,6 @@
 	<target host="vectormediagroup.com"/>
 	<target host="www.vectormediagroup.com"/>
 
-	<rule from="^http://(?:www\.)?vectormediagroup\.com/"
-		to="https://www.vectormediagroup.com/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/VectorMagic.com.xml b/src/chrome/content/rules/VectorMagic.com.xml
new file mode 100644
index 000000000000..67a8368f643b
--- /dev/null
+++ b/src/chrome/content/rules/VectorMagic.com.xml
@@ -0,0 +1,12 @@
+<!--
+	Invalid Certificate:
+		media.vectormagic.com
+-->
+<ruleset name="VectorMagic.com">
+	<target host="vectormagic.com"/>
+	<target host="www.vectormagic.com"/>
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/Vedomosti.xml b/src/chrome/content/rules/Vedomosti.xml
deleted file mode 100644
index ce12435b88f3..000000000000
--- a/src/chrome/content/rules/Vedomosti.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<!--
-	Problematic domains:
-
-		- www.vdmsti.ru		(mismatched, CN: *.vedomosti.ru)
-
--->
-<ruleset name="Vedomosti">
-
-	<target host="vdmsti.ru" />
-	<target host="www.vdmsti.ru" />
-	<target host="vedomosti.ru" />
-	<target host="*.vedomosti.ru" />
-
-
-	<securecookie host="^\.vedemosti\.ru$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?vdmsti\.ru/"
-		to="https://vdmsti.ru/" />
-
-	<rule from="^http://(www\.)?vedomosti\.ru/"
-		to="https://$1vedomosti.ru/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Vedphoto.com.xml b/src/chrome/content/rules/Vedphoto.com.xml
deleted file mode 100644
index 63d10203c6da..000000000000
--- a/src/chrome/content/rules/Vedphoto.com.xml
+++ /dev/null
@@ -1,28 +0,0 @@
-<!--
-	CDN buckets:
-
-		- custom.zenfolio.com
-
-			- a1428.g.akamai.net
-			- www.vedphoto.com
-
-
-	Problematic subdomains:
-
-		- ^	(dropped)
-		- www	(works, akamai)
-
-
-	Some pages redirect to http.
-
--->
-<ruleset name="vedphoto.com (partial)">
-
-	<target host="vedphoto.com" />
-	<target host="www.vedphoto.com" />
-
-
-	<rule from="^http://(?:www\.)?vedphoto\.com/(img|zf/photo)/"
-		to="https://a248.e.akamai.net/f/1428/3422/3f/www.vedphoto.com/$1/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/VegFund.org.xml b/src/chrome/content/rules/VegFund.org.xml
new file mode 100644
index 000000000000..268c0bf5ef9f
--- /dev/null
+++ b/src/chrome/content/rules/VegFund.org.xml
@@ -0,0 +1,15 @@
+<!--
+	Refused:
+		vegvids.vegfund.org
+
+-->
+<ruleset name="VegFund">
+
+	<target host="vegfund.org" />
+	<target host="www.vegfund.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/VegasInc.com.xml b/src/chrome/content/rules/VegasInc.com.xml
new file mode 100644
index 000000000000..6aea0e0e5057
--- /dev/null
+++ b/src/chrome/content/rules/VegasInc.com.xml
@@ -0,0 +1,23 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://www.vegasinc.com/ (200) => https://www.vegasinc.com/ (500)
+
+	Non-functional hosts
+		4xx client error:
+			 - admin.vegasinc.com
+
+		Mixed content blocking (MCB) tiggered:
+			 - m.vegasinc.com
+-->
+<ruleset name="VegasInc.com" default_off="failed ruleset test">
+	<target host="vegasinc.com" />
+	<target host="www.vegasinc.com" />
+	<target host="asset.vegasinc.com" />
+	<target host="media.vegasinc.com" />
+	<target host="photo.vegasinc.com" />
+
+	<securecookie host="^(www\.)?vegasinc\.com$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Vegas_Deal_Hunter.xml b/src/chrome/content/rules/Vegas_Deal_Hunter.xml
index 8ab7969b90bb..972bfddd605c 100644
--- a/src/chrome/content/rules/Vegas_Deal_Hunter.xml
+++ b/src/chrome/content/rules/Vegas_Deal_Hunter.xml
@@ -1,17 +1,13 @@
-<!--
-	^ times out
-
--->
-<ruleset name="Vegas Deal Hunter">
+<ruleset name="Vegas Deal Hunter.com" default_off="refused">
 
 	<target host="vegasdealhunter.com" />
-	<target host="*.vegasdealhunter.com" />
+	<target host="www.vegasdealhunter.com" />
 
 
 	<securecookie host="^\.vegasdealhunter\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?vegasdealhunter\.com/"
-		to="https://www.vegasdealhunter.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Vegas_Partner_Lounge.xml b/src/chrome/content/rules/Vegas_Partner_Lounge.xml
index c6cc8c164754..e1422d5f3268 100644
--- a/src/chrome/content/rules/Vegas_Partner_Lounge.xml
+++ b/src/chrome/content/rules/Vegas_Partner_Lounge.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://vegaspartnerlounge.com/ (200) => https://vegaspartnerlounge.com/ (400)
+
 	Fully covered subdomains:
 
 		- (www.)
@@ -6,16 +10,17 @@
 		- starpartner
 
 -->
-<ruleset name="Vegas Partner Lounge">
+<ruleset name="Vegas Partner Lounge" default_off="failed ruleset test">
 
 	<target host="vegaspartnerlounge.com" />
-	<target host="*.vegaspartnerlounge.com" />
+	<target host="secure.vegaspartnerlounge.com" />
+	<target host="starpartner.vegaspartnerlounge.com" />
+	<target host="www.vegaspartnerlounge.com" />
 
 
-	<securecookie host="^(?:.+\.)?vegaspartnerlounge\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://((?:secure|starpartner|www)\.)?vegaspartnerlounge\.com/"
-		to="https://$1vegaspartnerlounge.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Vehicle_Visuals.com.xml b/src/chrome/content/rules/Vehicle_Visuals.com.xml
new file mode 100644
index 000000000000..d35ff4525ea9
--- /dev/null
+++ b/src/chrome/content/rules/Vehicle_Visuals.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="Vehicle Visuals.com">
+
+	<target host="vehiclevisuals.com" />
+	<target host="www.vehiclevisuals.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Vektorbank.com.xml b/src/chrome/content/rules/Vektorbank.com.xml
deleted file mode 100644
index a34ce1e9b611..000000000000
--- a/src/chrome/content/rules/Vektorbank.com.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="vektorbank.com">
-
-	<target host="vektorbank.com" />
-	<target host="*.vektorbank.com" />
-
-
-	<securecookie host="^\.vektorbank\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?vektorbank\.com/"
-		to="https://$1vektorbank.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Velaro-mismatches.xml b/src/chrome/content/rules/Velaro-mismatches.xml
index 8a2162786dd6..9186560d5ad3 100644
--- a/src/chrome/content/rules/Velaro-mismatches.xml
+++ b/src/chrome/content/rules/Velaro-mismatches.xml
@@ -1,11 +1,11 @@
-<ruleset name="Velaro (mismatches)" default_off="mismatch">
+<ruleset name="Velaro.com (mismatches)" default_off="mismatched">
 
 	<!--	*.getsatisfaction.com	-->
 	<target host="community.velaro.com"/>
 		<!--	pages redirect to http	-->
 		<exclusion pattern="^http://community\.velaro\.com/velaro"/>
 
-	<rule from="^http://community\.velaro\.com/"
-		to="https://community.velaro.com/"/>
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Velaro.xml b/src/chrome/content/rules/Velaro.xml
index 88b318abc21c..dd9090bf4b12 100644
--- a/src/chrome/content/rules/Velaro.xml
+++ b/src/chrome/content/rules/Velaro.xml
@@ -3,15 +3,17 @@
 
 	See Velaro-mismatches.xml for problematic rules
 -->
-<ruleset name="Velaro (partial)">
+<ruleset name="Velaro.com (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="c.velaro.com"/>
 	<target host="service.velaro.com"/>
 	<target host="sp.velaro.com"/>
 
-	<securecookie host="^.*\.velaro.com$" name=".*"/>
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(c|service|sp)\.velaro\.com/"
-		to="https://$1.velaro.com/"/>
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Velleman-Group.xml b/src/chrome/content/rules/Velleman-Group.xml
index a495ffa4900b..c6df45b51b85 100644
--- a/src/chrome/content/rules/Velleman-Group.xml
+++ b/src/chrome/content/rules/Velleman-Group.xml
@@ -1,5 +1,17 @@
+
 <!--
-	Unspported domains (non-exhaustive list):
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Non-2xx HTTP code: http://portal.velleman.be/shops (200) => https://portal.velleman.eu/ServicePortal/shops (404)
+Non-2xx HTTP code: http://portal.velleman.be/support (200) => https://portal.velleman.eu/ServicePortal/support (404)
+Fetch error: http://perel.eu/ => https://www.perel.eu/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.perel.eu/ => https://www.perel.eu/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://vellemanusa.com/ => https://www.vellemanusa.com/: (6, 'Could not resolve host: www.vellemanusa.com')
+Fetch error: http://www.vellemanusa.com/ => https://www.vellemanusa.com/: (6, 'Could not resolve host: www.vellemanusa.com')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://perel.eu/ => https://www.perel.eu/: (6, 'Could not resolve host: perel.eu')
+	Unsupported domains (non-exhaustive list):
 
 	hps140.com			(cannot find server)
 	www.hps140.com			(certificate only valid for www.velleman.eu)
@@ -22,29 +34,17 @@
 -->
 <ruleset name="Velleman Group (partial)">
 	<target host="hqpower.eu" />
-	<target host="www.hqpower.eu" />
 
-	<securecookie host="^www\.hqpower\.eu$"
-				name=".+" />
+	<securecookie host="^www\.hqpower\.eu$" name=".+" />
 
-	<rule from="^(http://(www\.)?|https://)hqpower\.eu/"
+	<rule from="^http://(?:www\.)?hqpower\.eu/"
 		to="https://www.hqpower.eu/" />
 
-	<target host="perel.eu" />
-	<target host="www.perel.eu" />
-
-	<securecookie host="^www\.perel\.eu$"
-				name=".+" />
+	<securecookie host="^www\.perel\.eu$" name=".+" />
 
-	<rule from="^(http://(www\.)?|https://)perel\.eu/"
+	<rule from="^http://(?:www\.)?perel\.eu/"
 		to="https://www.perel.eu/" />
 
-	<target host="velleman.be" />
-	<target host="portal.velleman.be" />
-	<target host="www.velleman.be" />
-
-	<rule from="^(http://(www\.)?|https://)velleman\.be/"
-		to="https://www.velleman.eu/" />
 	<!--
 		By default, requests for http://portal.velleman.be/ (where there is nothing after the final slash)
 		seem to redirect to https://portal.velleman.be/ServicePortal/ which gives an error about the SSL
@@ -52,20 +52,15 @@
 		requests to the https://portal.velleman.eu/ServicePortal/ URL. Other HTTP and HTTPS requests in the
 		portal.velleman.be domain are redirected to the equivalent URL in the portal.velleman.eu domain
 		(August 30, 2013.)
-	--> 
-	<rule from="^https?://portal\.velleman\.be/$"
-		to="https://portal.velleman.eu/ServicePortal/" />
-	<rule from="^https?://portal\.velleman\.be/(.+)"
-		to="https://portal.velleman.eu/$1" />
+	-->
 
 	<target host="velleman.eu" />
 	<target host="portal.velleman.eu" />
 	<target host="www.velleman.eu" />
 
-	<securecookie host="^(portal|www)\.velleman\.eu$"
-				name=".+" />
+	<securecookie host="^(?:portal|www)\.velleman\.eu$" name=".+" />
 
-	<rule from="^(http://(www\.)?|https://)velleman\.eu/"
+	<rule from="^http://(?:www\.)?velleman\.eu/"
 		to="https://www.velleman.eu/" />
 	<!--
 		By default, requests for http://portal.velleman.eu/ or https://portal.velleman.eu/ (where there is
@@ -73,18 +68,16 @@
 		gives an error about the SSL certificate only being valid for the portal.velleman.eu domain. As such,
 		this ruleset redirects such requests to the https://portal.velleman.eu/ServicePortal/ URL
 		(August 30, 2013.)
-	--> 
-	<rule from="^https?://portal\.velleman\.eu/$"
+	-->
+	<rule from="^http://portal\.velleman\.eu/$"
 		to="https://portal.velleman.eu/ServicePortal/" />
-	<rule from="^http://portal\.velleman\.eu/(.+)"
-		to="https://portal.velleman.eu/$1" />
 
-	<target host="vellemanusa.com" />
-	<target host="www.vellemanusa.com" />
+	<!-- target host="vellemanusa.com" /-->
+	<!-- target host="www.vellemanusa.com" /-->
 
-	<securecookie host="^www\.vellemanusa\.com$"
-				name=".+" />
+	<securecookie host="^www\.vellemanusa\.com$" name=".+" />
 
-	<rule from="^(http://(www\.)?|https://)vellemanusa\.com/"
+	<rule from="^http://(?:www\.)?vellemanusa\.com/"
 		to="https://www.vellemanusa.com/" />
-</ruleset>
\ No newline at end of file
+
+</ruleset>
diff --git a/src/chrome/content/rules/Velmedia.net.xml b/src/chrome/content/rules/Velmedia.net.xml
index 60bc519c6621..a54716bf052e 100644
--- a/src/chrome/content/rules/Velmedia.net.xml
+++ b/src/chrome/content/rules/Velmedia.net.xml
@@ -10,7 +10,8 @@
 <ruleset name="velmedia.net (partial)" default_off="self-signed">
 
 	<target host="velmedia.net" />
-	<target host="*.velmedia.net" />
+	<target host="ad.velmedia.net" />
+	<target host="www.velmedia.net" />
 
 
 	<securecookie host="^ad\.velmedia\.net$" name=".+" />
@@ -19,4 +20,4 @@
 	<rule from="^http://(?:(ad\.)|www\.)?velmedia\.net/"
 		to="https://$1velmedia.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Velocity-Micro.xml b/src/chrome/content/rules/Velocity-Micro.xml
index b89bd704f552..6a55344f7040 100644
--- a/src/chrome/content/rules/Velocity-Micro.xml
+++ b/src/chrome/content/rules/Velocity-Micro.xml
@@ -9,7 +9,6 @@
 
 	<!--	Cert only matches www.
 					-->
-	<rule from="^https?://(?:www\.)?velocitymicro\.com/"
-		to="https://www.velocitymicro.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/VelocityFrequentFlyer.com.xml b/src/chrome/content/rules/VelocityFrequentFlyer.com.xml
new file mode 100644
index 000000000000..2c590cb26459
--- /dev/null
+++ b/src/chrome/content/rules/VelocityFrequentFlyer.com.xml
@@ -0,0 +1,47 @@
+<!--
+	For other Virgin Australia coverage, see VirginAustralia.com.xml
+
+
+	Nonfunctional subdomains:
+
+		- velocityfrequentflyer.com
+			- birthday	(m)
+			- bp	(m)
+			- m.e	(m)
+			- t.e	(m)
+			- aeom.go	(t)
+			- accounts.gtmns	(m)
+
+		- velocityrewards.com.au
+			- hotels	(m)
+			- shops	(m)
+			- ww	(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Velocity Frequent Flyer">
+
+	<target host="velocityfrequentflyer.com" />
+	<target host="www.velocityfrequentflyer.com" />
+	<target host="accounts.velocityfrequentflyer.com" />
+	<target host="daily.velocityfrequentflyer.com" />
+	<target host="estore.velocityfrequentflyer.com" />
+	<target host="experience.velocityfrequentflyer.com" />
+	<target host="go.velocityfrequentflyer.com" />
+	<target host="view.velocityfrequentflyer.com" />
+
+	<target host="velocityrewards.com.au" />
+	<target host="www.velocityrewards.com.au" />
+
+	<securecookie host="^www\.velocityfrequentflyer\.com$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Veloviewer.com.xml b/src/chrome/content/rules/Veloviewer.com.xml
new file mode 100644
index 000000000000..201bf427deff
--- /dev/null
+++ b/src/chrome/content/rules/Veloviewer.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Veloviewer.com">
+  <target host="veloviewer.com" />
+  <target host="www.veloviewer.com" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Velum-Media.xml b/src/chrome/content/rules/Velum-Media.xml
index b2137592039d..fa9f9ae517ca 100644
--- a/src/chrome/content/rules/Velum-Media.xml
+++ b/src/chrome/content/rules/Velum-Media.xml
@@ -1,29 +1,43 @@
 <!--
-	Other Velum Media rulesets:
+	CDN buckets:
 
-		- Bestcovery.com.xml
+		- wp-ruby-blog.s3.amazonaws.com
 
 
-	CDN buckets:
+	Insecure cookies are set for these hosts: ᶜ
 
-		- wp-ruby-blog.s3.amazonaws.com
+		- www.smallnetbuilder.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
 
 
-	Cert only matches ^smallnetbuilder.com, but ^ redirects to www.
+	Mixed content:
 
-	Expired 2013-03-07
+		- css from $self ˢ
+
+		- Images, from:
+
+			- s3.amazonaws.com ˢ
+			- vma.tgdaily.net
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="Velum Media (partial)" default_off="expired, mismatched, self-signed">
+<ruleset name="SmallNetBuilder.com" platform="mixedcontent">
 
 	<target host="smallnetbuilder.com" />
 	<target host="www.smallnetbuilder.com" />
 
 
-	<securecookie host="^www\.smallnetbuilder\.com$" name=".+" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.smallnetbuilder\.com$" name="^[\da-f]{32}$" /-->
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?smallnetbuilder\.com/"
-		to="https://www.smallnetbuilder.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Velvet_Cache.org.xml b/src/chrome/content/rules/Velvet_Cache.org.xml
new file mode 100644
index 000000000000..7170fe464a30
--- /dev/null
+++ b/src/chrome/content/rules/Velvet_Cache.org.xml
@@ -0,0 +1,17 @@
+<!--
+	CDN buckets:
+
+		- static.velvetcache.org.s3.amazonaws.com
+
+
+	(www.): dropped
+
+-->
+<ruleset name="Velvet Cache.org (partial)">
+
+	<target host="static.velvetcache.org" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Vendercom.xml b/src/chrome/content/rules/Vendercom.xml
index 7a958245f4ee..d1c36a9f0317 100644
--- a/src/chrome/content/rules/Vendercom.xml
+++ b/src/chrome/content/rules/Vendercom.xml
@@ -7,10 +7,10 @@
 <ruleset name="Vendercom (partial)">
 
 	<target host="vendercom.com" />
-	<target host="*.vendercom.com" />
+	<target host="ecomm.vendercom.com" />
+	<target host="www.vendercom.com" />
 
 
-	<rule from="^http://(ecomm\.|www\.)?vendercom\.com/"
-		to="https://$1vendercom.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Vendetta-Online.xml b/src/chrome/content/rules/Vendetta-Online.xml
index 3a8fbab75e67..06db29e0655d 100644
--- a/src/chrome/content/rules/Vendetta-Online.xml
+++ b/src/chrome/content/rules/Vendetta-Online.xml
@@ -16,14 +16,14 @@
 <ruleset name="Vendetta Online (partial)" platform="mixedcontent">
 
 	<target host="vendetta-online.com"/>
-	<target host="*.vendetta-online.com"/>
+	<target host="www.vendetta-online.com" />
+	<target host="images.vendetta-online.com" />
 
-	<securecookie host="^(.*\.)?vendetta-online\.com$" name=".*"/>
+	<securecookie host=".+" name=".+"/>
 
-	<rule from="^http://(www\.)?vendetta-online\.com/"
-		to="https://$1vendetta-online.com/"/>
 
 	<rule from="^http://images\.vendetta-online\.com/"
 		to="https://vendetta-online.com/"/>
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Vendo-Services-mismatches.xml b/src/chrome/content/rules/Vendo-Services-mismatches.xml
index 9d82b101d7d0..046716d46a22 100644
--- a/src/chrome/content/rules/Vendo-Services-mismatches.xml
+++ b/src/chrome/content/rules/Vendo-Services-mismatches.xml
@@ -1,7 +1,7 @@
 <!--	!functioning:
 			(www.)vend-o.com	(ssl_error_rx_record_too_long)
 -->
-<ruleset name="Vendo Services (mismatches)" default_off="mismatch">
+<ruleset name="Vendo Services (mismatches)" default_off="mismatched">
 
 	<!--	securebillingservices.com	-->
 	<target host="secure4.vend-o.com"/>
diff --git a/src/chrome/content/rules/Vendo-Services.xml b/src/chrome/content/rules/Vendo-Services.xml
index 80c7648d20f2..1bc82307c487 100644
--- a/src/chrome/content/rules/Vendo-Services.xml
+++ b/src/chrome/content/rules/Vendo-Services.xml
@@ -1,11 +1,40 @@
-<ruleset name="Vendo Services (partial)">
 
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cdn1.vendocdn.com/ => https://cdn1.vendocdn.com/: (51, "SSL: no alternative certificate subject name matches target host name 'cdn-content.staging.vend-o.com'")
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .vend-o.com
+		- backoffice.vend-o.com
+		- secure.vend-o.com
+		- secure3.vend-o.com
+		- start.vendoservices.com
+
+-->
+<ruleset name="Vendo Services (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="backoffice.vend-o.com"/>
+	<target host="secure.vend-o.com"/>
+	<target host="secure3.vend-o.com"/>
 	<target host="cdn1.vendocdn.com"/>
+	<target host="start.vendoservices.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.vend-o\.com$" name="^VENDO_OMNI$" /-->
+	<!--securecookie host="^(?:backoffice|secure3?)\.vend-o\.com$" name="^wooTracker$" /-->
+	<!--securecookie host="^start\.vendoservices\.com$" name="^wooTracker$" /-->
+
+	<securecookie host="^\.vend-o\.com$" name="^VENDO_OMNI$" />
+	<securecookie host="^(?:backoffice|secure3?)\.vend-o\.com$" name=".+" />
+	<securecookie host="^start\.vendoservices\.com$" name=".+" />
 
-	<rule from="^http://cdn1\.vendocdn\.com/"
-		to="https://cdn1.vendocdn.com/"/>
 
-	<rule from="^http://secure3\.vend-o\.com/"
-		to="https://secure3.vend-o.com/"/>
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Venmo.com.xml b/src/chrome/content/rules/Venmo.com.xml
new file mode 100644
index 000000000000..109a63af33f0
--- /dev/null
+++ b/src/chrome/content/rules/Venmo.com.xml
@@ -0,0 +1,21 @@
+<!--
+	Problematic hosts in *venmo.com:
+
+		- blog *
+		- brand *
+
+	* Mismatched
+
+-->
+<ruleset name="Venmo.com (partial)">
+
+	<target host="venmo.com" />
+	<target host="developer.venmo.com" />
+	<target host="help.venmo.com" />
+	<target host="www.venmo.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ventivmedia.com.xml b/src/chrome/content/rules/Ventivmedia.com.xml
new file mode 100644
index 000000000000..711ee4e28e58
--- /dev/null
+++ b/src/chrome/content/rules/Ventivmedia.com.xml
@@ -0,0 +1,23 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ads.ventivmedia.com/www/admin/index.php => https://ads.ventivmedia.com/www/admin/index.php: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://ads.ventivmedia.com/www/delivery/lg.php?bannerid=&campaignid=&zoneid=&loc=&referer=&cb= => https://ads.ventivmedia.com/www/delivery/lg.php?bannerid=&campaignid=&zoneid=&loc=&referer=&cb=: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://ads.ventivmedia.com/ => https://ads.ventivmedia.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+-->
+<ruleset name="ventivmedia.com" default_off="failed ruleset test">
+
+	<target host="ads.ventivmedia.com" />
+
+		<test url="http://ads.ventivmedia.com/www/admin/index.php" />
+		<test url="http://ads.ventivmedia.com/www/delivery/lg.php?bannerid=&amp;campaignid=&amp;zoneid=&amp;loc=&amp;referer=&amp;cb=" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ventoso.org.xml b/src/chrome/content/rules/Ventoso.org.xml
index c67256a1b1c5..9c0166b5d39c 100644
--- a/src/chrome/content/rules/Ventoso.org.xml
+++ b/src/chrome/content/rules/Ventoso.org.xml
@@ -1,11 +1,11 @@
-<ruleset name="ventoso.org" default_off="mismatch">
+<ruleset name="ventoso.org" default_off="mismatched">
 
 	<!--	Cert: ssl13.ovh.net, 20gp.ovh.net	-->
 	<target host="ventoso.org" />
 	<target host="www.ventoso.org" />
 
 
-	<securecookie host="^ventoso\.org$" name=".*" />
+	<securecookie host="^ventoso\.org$" name=".+" />
 
 
 	<rule from="^http://(?:www\.)?ventoso\.org/"
diff --git a/src/chrome/content/rules/Ventra_Chicago.com.xml b/src/chrome/content/rules/Ventra_Chicago.com.xml
new file mode 100644
index 000000000000..3ee47bf6d4a3
--- /dev/null
+++ b/src/chrome/content/rules/Ventra_Chicago.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="Ventra Chicago.com">
+
+	<target host="ventrachicago.com" />
+	<target host="www.ventrachicago.com" />
+
+
+	<securecookie host="^(?:www)?\.ventrachicago\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/VentureBeat.xml b/src/chrome/content/rules/VentureBeat.xml
index 7c2d2b233def..46848bf66f11 100644
--- a/src/chrome/content/rules/VentureBeat.xml
+++ b/src/chrome/content/rules/VentureBeat.xml
@@ -1,5 +1,7 @@
 <!--
-	(www.) is handled in WordPress-blogs.xml.
+	Other VentureBeat rulesets:
+
+		- VB_static.co.xml
 
 
 	CDN buckets:
@@ -7,13 +9,70 @@
 		- app-stacksocial.netdna-ssl.com
 		- assets-stacksocial.netdna-ssl.com
 
+
+	Nonfunctional hosts in *venturebeat.com:
+
+		- insight *
+
+	* Refused
+
+
+	Problematic hosts in *venturebeat.com:
+
+		- multimedia *
+
+	* Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- venturebeat.com
+		- events.venturebeat.com
+		- www.venturebeat.com
+
+
+	Mixed content:
+
+		- Image on multimedia from $self
+
 -->
-<ruleset name="VentureBeat (partial)">
+<ruleset name="VentureBeat.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="venturebeat.com" />
+	<target host="events.venturebeat.com" />
+	<target host="users.venturebeat.com" />
+	<target host="www.venturebeat.com" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://venturebeat\.com/(?:$|\d{4}/(?:\d\d/){2}[\w-]+/$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://venturebeat\.com/+(?!wp-content/|wp-includes/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://venturebeat.com/2013/03/12/prezi/" />
+			<test url="http://venturebeat.com/about/" />
+			<test url="http://venturebeat.com/contact/" />
+			<test url="http://venturebeat.com/tag/startx/" />
+
+			<!--	-ve:
+					-->
+			<test url="http://venturebeat.com/wp-content/uploads/2015/10/BusinessWire_FeaturedImage.jpg" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:events\.|www\.)?venturebeat\.com$" name="^X-Mapping-fjhppofk$" /-->
 
-	<target host="store.venturebeat.com" />
+	<securecookie host="^events\.venturebeat\.com$" name=".+" />
 
 
-	<rule from="^http://store\.venturebeat\.com/"
-		to="https://store.venturebeat.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Venuscafem.com.xml b/src/chrome/content/rules/Venuscafem.com.xml
new file mode 100644
index 000000000000..15db11c9220b
--- /dev/null
+++ b/src/chrome/content/rules/Venuscafem.com.xml
@@ -0,0 +1,18 @@
+<!--
+	- CN: www.oyunhizmetleri.com
+	- Expired 2013-12-01
+
+-->
+<ruleset name="venuscafem.com" default_off="expired, mismatched">
+
+	<target host="venuscafem.com" />
+	<target host="www.venuscafem.com" />
+
+
+	<securecookie host="^www\.venuscafem\.com$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?venuscafem\.com/"
+		to="https://venuscafem.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/VeraSafe.com.xml b/src/chrome/content/rules/VeraSafe.com.xml
new file mode 100644
index 000000000000..d0c37d9f5a48
--- /dev/null
+++ b/src/chrome/content/rules/VeraSafe.com.xml
@@ -0,0 +1,47 @@
+<ruleset name="VeraSafe.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="verasafe.com" />
+	<target host="www.verasafe.com" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.verasafe\.com/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.verasafe\.com/+(?!favicon\.ico|images/|(?:contactus|dispute-submission|login|register|remind|reset)(?:$|[?/])|templates/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.verasafe.com//" />
+			<test url="http://www.verasafe.com/aboutus" />
+			<test url="http://www.verasafe.com/blog/entry/watch-out-fake-trust-seals-can-damage-your-reputation" />
+			<test url="http://www.verasafe.com/blog/latest" />
+			<test url="http://www.verasafe.com/help" />
+			<test url="http://www.verasafe.com/pricing" />
+			<test url="http://www.verasafe.com/safe-harbor-dispute-procedure" />
+			<test url="http://www.verasafe.com/trust-seal" />
+			<test url="http://www.verasafe.com/trust-seal-faq" />
+			<test url="http://www.verasafe.com/web-security" />
+			<test url="http://www.verasafe.com/website-privacy-program-requirements" />
+			<test url="http://www.verasafe.com/website-security-certification-criteria" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.verasafe.com/contactus" />
+			<test url="http://www.verasafe.com/dispute-submission" />
+			<test url="http://www.verasafe.com/favicon.ico" />
+			<test url="http://www.verasafe.com/images/verasafe_trust/trust-seal4.png" />
+			<test url="http://www.verasafe.com/login" />
+			<test url="http://www.verasafe.com/register" />
+			<test url="http://www.verasafe.com/remind" />
+			<test url="http://www.verasafe.com/reset" />
+			<test url="http://www.verasafe.com/templates/verasafe_trust/images/logo.png" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Veracode.com.xml b/src/chrome/content/rules/Veracode.com.xml
index 986e6a97bc08..a178e6738404 100644
--- a/src/chrome/content/rules/Veracode.com.xml
+++ b/src/chrome/content/rules/Veracode.com.xml
@@ -1,21 +1,37 @@
 <!--
-	Mixed content:
+	^veracode.com: Mismatched
 
-		- Images on info and www from www *
 
-	* Secured by us
+	Insecure cookies are set for these hosts:
+
+		- info.veracode.com
 
 -->
 <ruleset name="Veracode.com">
 
+	<!--	Direct rewrites:
+				-->
+	<target host="analysiscenter.veracode.com" />
+	<target host="blog.veracode.com" />
+	<target host="info.veracode.com" />
+	<target host="www.veracode.com" />
+
+	<!--	Complications:
+				-->
 	<target host="veracode.com" />
-	<target host="*.veracode.com" />
 
 
-	<securecookie host="^analysiscenter\.veracode\.com$" name=".+" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^info\.veracode\.com$" name="^BIGipServerabdweb-ssl4_https$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
 
+	<rule from="^http://veracode\.com/"
+		to="https://www.veracode.com/" />
 
-	<rule from="^http://((?:analysiscenter|info|www)\.)?veracode\.com/"
-		to="https://$1veracode.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Verbling.com.xml b/src/chrome/content/rules/Verbling.com.xml
new file mode 100644
index 000000000000..c8da64305d61
--- /dev/null
+++ b/src/chrome/content/rules/Verbling.com.xml
@@ -0,0 +1,61 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://en.verbling.com/ => https://en.verbling.com/: (6, 'Could not resolve host: en.verbling.com')
+Fetch error: http://pt.verbling.com/ => https://pt.verbling.com/: (6, 'Could not resolve host: pt.verbling.com')
+
+	Fully covered hosts in *verbling.com:
+
+		- (www.)?
+		- ar
+		- en
+		- es
+		- fr
+		- it
+		- pt
+		- ru
+		- tr
+
+
+	Insecure cookies are set for these domains:
+
+		- .verbling.com
+		- .ar.verbling.com
+		- .en.verbling.com
+		- .es.verbling.com
+		- .fr.verbling.com
+		- .it.verbling.com
+		- .pt.verbling.com
+		- .ru.verbling.com
+		- .tr.verbling.com
+		- .www.verbling.com
+
+-->
+<ruleset name="Verbling.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="verbling.com" />
+	<target host="ar.verbling.com" />
+	<target host="en.verbling.com" />
+	<target host="es.verbling.com" />
+	<target host="fr.verbling.com" />
+	<target host="it.verbling.com" />
+	<target host="pt.verbling.com" />
+	<target host="ru.verbling.com" />
+	<target host="tr.verbling.com" />
+	<target host="www.verbling.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.verbling\.com$" name="^(connect\.sid|vlocale)$" /-->
+	<!--securecookie host="^\.(ar|en|es|fr|it|pt|ru|tr|www)\.verbling\.com$" name="^connect\.sid$" /-->
+
+	<securecookie host=".*\.verbling\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Verbraucher-Sicher-Online.xml b/src/chrome/content/rules/Verbraucher-Sicher-Online.xml
deleted file mode 100644
index 5d44b359664b..000000000000
--- a/src/chrome/content/rules/Verbraucher-Sicher-Online.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="Verbraucher-sicher-online.de">
-<target host="verbraucher-sicher-online.de" />
-<target host="www.verbraucher-sicher-online.de" />
-    <rule from="^http://(?:www\.)?verbraucher-sicher-online\.de/" to="https://www.verbraucher-sicher-online.de/" />
-</ruleset>
-
diff --git a/src/chrome/content/rules/Verbraucherzentrale_Nordrhein-Westfalen.xml b/src/chrome/content/rules/Verbraucherzentrale_Nordrhein-Westfalen.xml
index cc5c9e144c50..89701fac0906 100644
--- a/src/chrome/content/rules/Verbraucherzentrale_Nordrhein-Westfalen.xml
+++ b/src/chrome/content/rules/Verbraucherzentrale_Nordrhein-Westfalen.xml
@@ -1,8 +1,13 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://vz-nrw.de/ => https://vz-nrw.de/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.vz-nrw.de/ => https://www.vz-nrw.de/: (60, 'SSL certificate problem: certificate has expired')
+
 	^meine-verbraucherzentrale.de doesn't exist.
 
 -->
-<ruleset name="Verbraucherzentrale Nordrhein-Westfalen">
+<ruleset name="Verbraucherzentrale Nordrhein-Westfalen" default_off="failed ruleset test">
 
 	<target host="www.meine-verbraucherzentrale.de" />
 	<target host="ratgeber-verbraucherzentrale.de" />
@@ -17,4 +22,4 @@
 	<rule from="^http://(www\.)?vz-nrw\.de/"
 		to="https://$1vz-nrw.de/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Verdad_Media.xml b/src/chrome/content/rules/Verdad_Media.xml
deleted file mode 100644
index 5a1bb8584c66..000000000000
--- a/src/chrome/content/rules/Verdad_Media.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	!www: cert only matches *.verdadmedia.com
-
--->
-<ruleset name="Verdad Media">
-
-	<target host="verdadmedia.com" />
-	<target host="www.verdadmedia.com" />
-
-
-	<rule from="^https?://(?:www\.)?verdadmedia\.com/"
-		to="https://www.verdadmedia.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Vereinigte-IKK.xml b/src/chrome/content/rules/Vereinigte-IKK.xml
index f770caeea183..5cf1259ccc15 100644
--- a/src/chrome/content/rules/Vereinigte-IKK.xml
+++ b/src/chrome/content/rules/Vereinigte-IKK.xml
@@ -1,4 +1,14 @@
-<ruleset name="Vereinigte IKK">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.vereinigte-ikk.de/ => https://www.vereinigte-ikk.de/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://vereinigte-ikk.de/ => https://www.vereinigte-ikk.de/: (28, 'Connection timed out after 20000 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.vereinigte-ikk.de/ => https://www.vereinigte-ikk.de/: (51, "SSL: no alternative certificate subject name matches target host name 'www.vereinigte-ikk.de'")
+Fetch error: http://vereinigte-ikk.de/ => https://www.vereinigte-ikk.de/: (51, "SSL: no alternative certificate subject name matches target host name 'www.vereinigte-ikk.de'")
+-->
+<ruleset name="Vereinigte IKK" default_off="failed ruleset test">
 <target host="www.vereinigte-ikk.de" />
 <target host="vereinigte-ikk.de" />
 <rule from="^http://(?:www\.)?vereinigte-ikk\.de/" to="https://www.vereinigte-ikk.de/"/>
diff --git a/src/chrome/content/rules/Verified-Voting.xml b/src/chrome/content/rules/Verified-Voting.xml
index cf3c5068038d..32478fef63ea 100644
--- a/src/chrome/content/rules/Verified-Voting.xml
+++ b/src/chrome/content/rules/Verified-Voting.xml
@@ -1,15 +1,18 @@
-<ruleset name="Verified Voting" platform="mixedcontent">
+<!--
+	Invalid certificate:
+		blog.verifiedvoting.org
+
+-->
+<ruleset name="Verified Voting">
 
 	<target host="verifiedvoting.org" />
 	<target host="www.verifiedvoting.org" />
 	<target host="verifiedvotingfoundation.org" />
 	<target host="www.verifiedvotingfoundation.org" />
 
+	<securecookie host=".+" name=".+" />
 
-	<securecookie host="^(?:www\.)?verifiedvoting(?:foundation)?\.org$" name=".+" />
-
-
-	<rule from="^http://(www\.)?verifiedvoting(foundation)?\.org/"
-		to="https://$1verifiedvoting$2.org/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Verigames.com.xml b/src/chrome/content/rules/Verigames.com.xml
index 94d3a1829cc3..5b40b5360f8b 100644
--- a/src/chrome/content/rules/Verigames.com.xml
+++ b/src/chrome/content/rules/Verigames.com.xml
@@ -1,4 +1,9 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://verigames.com/ => https://verigames.com/: (7, 'Failed to connect to verigames.com port 443: Connection refused')
+Fetch error: http://www.verigames.com/ => https://www.verigames.com/: (7, 'Failed to connect to www.verigames.com port 443: Connection refused')
+
 	Mixed content:
 
 		- Mixed content:
@@ -8,16 +13,15 @@
 	* Unsecurable
 
 -->
-<ruleset name="Verigames.com">
+<ruleset name="Verigames.com" default_off="failed ruleset test">
 
 	<target host="verigames.com" />
-	<target host="*.verigames.com" />
+	<target host="www.verigames.com" />
 
 
 	<securecookie host="^\.verigames\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?verigames\.com/"
-		to="https://$1verigames.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Verio.xml b/src/chrome/content/rules/Verio.xml
index dafeba56b8a4..1a6c8dcd343a 100644
--- a/src/chrome/content/rules/Verio.xml
+++ b/src/chrome/content/rules/Verio.xml
@@ -1,9 +1,4 @@
 <!--
-	Other Verio rulesets:
-
-		- Sslcert14.com.xml
-
-
 	Nonfunctional domains:
 
 		- search.verio.com	(redirects to http; mismatched, CN: foo.ent.google.com)
@@ -15,11 +10,11 @@
 <ruleset name="Verio (partial)">
 
 	<target host="verio.com" />
-	<target host="*.verio.com" />
+	<target host="support.verio.com" />
+	<target host="www.verio.com" />
 		<exclusion pattern="^http://(?:www\.)?verio\.com/(?!images/|myverio/|order/)" />
 
 
-	<rule from="^http://(support\.|www\.)?verio\.com/"
-		to="https://$1verio.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Verisign-Inc.com.xml b/src/chrome/content/rules/Verisign-Inc.com.xml
new file mode 100644
index 000000000000..08c1597dd59c
--- /dev/null
+++ b/src/chrome/content/rules/Verisign-Inc.com.xml
@@ -0,0 +1,49 @@
+<!--
+	For other Verisign coverage, see Verisign.xml
+
+
+	For other Symantec coverage, see Symantec.xml
+
+
+	Non-functional subdomains:
+		- apis	(t)
+		- apisote	(m)
+		- brn1lxvipp	(t)
+		- cpms-gateway	(t)
+		- forms	(m)
+		- investor	(m)
+		- labs	(m)
+		- m	(m)
+		- portal	(i)
+		- prodinta-pds	(i)
+		- prodinta-portal	(n)
+		- qa-trial	(t)
+		- qa1-trial	(t)
+		- qa3-trial	(t)
+		- registrarprograms	(t)
+		- support	(t)
+		- vcsexp	(n)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	n: no route to host
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Verisign-Inc.com">
+
+	<target host="verisigninc.com" />
+	<target host="www.verisigninc.com" />
+	<target host="blogs.verisigninc.com" />
+	<target host="cap.verisigninc.com" />
+	<target host="pds.verisigninc.com" />
+	<target host="rirs.verisigninc.com" />
+	<target host="support-otp.verisigninc.com" />
+	<target host="trial.verisigninc.com" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Verisign-Labs.com.xml b/src/chrome/content/rules/Verisign-Labs.com.xml
new file mode 100644
index 000000000000..b90038939207
--- /dev/null
+++ b/src/chrome/content/rules/Verisign-Labs.com.xml
@@ -0,0 +1,58 @@
+<!--
+	For other Verisign coverage, see Verisign.xml
+
+
+	For other Symantec coverage, see Symantec.xml
+
+
+	Non-functional subdomains:
+		- community	(t)
+		- ddn	(t)
+		- jabber	(HTTP 401 error)
+		- mail	(HTTP 401 error)
+		- nodetolink	(t)
+		- pdn	(i)
+		- porttest	(r)
+		- pslam	(t)
+		- qr	(t)
+		- secspider	(r)
+		- vva	(n)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	n: no route to host
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Verisign Labs.com">
+
+	<target host="verisignlabs.com" />
+	<target host="www.verisignlabs.com" />
+	<target host="dnssec-analyzer.verisignlabs.com" />
+	<target host="dnssec-analyzer-json.verisignlabs.com" />
+	<target host="dnssec-debugger.verisignlabs.com" />
+	<target host="dnssec-debugger-json.verisignlabs.com" />
+	<target host="keysizetest.verisignlabs.com" />
+	<target host="keytool.verisignlabs.com" />
+	<target host="lists.verisignlabs.com" />
+	<target host="rdap.verisignlabs.com" />
+	<target host="testprovider.rdap.verisignlabs.com" />
+	<target host="rdap-pilot.verisignlabs.com" />
+	<target host="registrarrdap.verisignlabs.com" />
+	<target host="scoreboard.verisignlabs.com" />
+	<target host="svn.verisignlabs.com" />
+	<target host="techreports.verisignlabs.com" />
+	<target host="tools.verisignlabs.com" />
+	<target host="trans-trust.verisignlabs.com" />
+	<target host="validator-search.verisignlabs.com" />
+	<target host="vtrdap.verisignlabs.com" />
+	<target host="yazvs.verisignlabs.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Verisign-grs.com.xml b/src/chrome/content/rules/Verisign-grs.com.xml
new file mode 100644
index 000000000000..c610d2d53065
--- /dev/null
+++ b/src/chrome/content/rules/Verisign-grs.com.xml
@@ -0,0 +1,131 @@
+<!--
+	For other Verisign coverage, see Verisign.xml
+
+
+	For other Symantec coverage, see Symantec.xml
+
+
+	Non-functional subdomains:
+		- api-domainscore	(t)
+		- argus	(t)
+		- argus-brn1	(n)
+		- argus-ilg1	(t)
+		- argusstack1-brn1	(n)
+		- argusstack1-ilg1	(t)
+		- argusstack2-brn1	(n)
+		- argusstack2-ilg1	(t)
+		- ccwhois	(t)
+		- csr	(t)
+		- csr-akms	(t)
+		- csr-domainscore	(t)
+		- csrote	(t)
+		- domainscore	(t)
+		- download	(m)
+		- enhancedsuggestions-beta	(t)
+		- epp	(t)
+		- ipv4.epp	(t)
+		- ipv6.epp	(n)
+		- epp-auto	(t)
+		- ipv4.epp-auto	(t)
+		- ipv6.epp-auto	(n)
+		- epp-ote	(t)
+		- ipv4.epp-ote	(t)
+		- ipv6.epp-ote	(n)
+		- epptool	(t)
+		- hud	(t)
+		- hud-ilg1	(t)
+		- hudstack1-brn1	(t)
+		- hudstack1-ilg1	(t)
+		- hudstack2-brn1	(t)
+		- hudstack2-ilg1	(t)
+		- iargus	(r)
+		- mct	(m)
+		- mctapi	(t)
+		- mdns1	(t)
+		- namelocalizer	(t)
+		- namestore	(t)
+		- namestoreftp	(t)
+		- ipv6.namestoreote	(n)
+		- ipv6.namestoreote-otp	(n)
+		- namestoressl	(t)
+		- ipv4.namestoressl	(t)
+		- ipv6.namestoressl	(n)
+		- nameweb	(n)
+		- ns1	(t)
+		- nsmanager	(t)
+		- ipv4.nsmanager	(t)
+		- ipv6.nsmanager	(n)
+		- ipv6.nsmanager-otp	(n)
+		- ote-akms	(t)
+		- ote-nswapi	(m)
+		- ote-sugapi-vdps	(t)
+		- ote-sugepp	(t)
+		- ote-zms-web	(t)
+		- otessl	(t)
+		- ipv4.otessl	(t)
+		- ipv6.otessl	(n)
+		- pacemaker	(t)
+		- paypal-qa-dotgov	(n)
+		- qa-akms	(n)
+		- qa-auth-spa	(r)
+		- qa-csr-akms	(n)
+		- qa-domaindiscovery	(n)
+		- qa-domaindiscovery-admin	(n)
+		- qa-mbv-api	(n)
+		- qa-mbv-builder	(i)
+		- qa-mbv-csrtool	(n)
+		- qa-mbv-mobileview	(i)
+		- qa-mbv-webtool	(t)
+		- qa-mobiledirect	(i)
+		- qa-mobileviewreseller	(i)
+		- qa-namesuggestion	(t)
+		- qa-nsug	(t)
+		- qa-widget	(t)
+		- rzms-kex	(t)
+		- rzms-kex-ote	(SSL handshake failed)
+		- rzms-ote	(t)
+		- rzname	(t)
+		- srsftp	(n)
+		- sugepp	(n)
+		- tvwhois	(t)
+		- vcc-reports	(t)
+		- vscc-cm-brn	(t)
+		- vscc-dacust	(t)
+		- vscc-dacust-brn	(t)
+		- vscc-dacust-ilg	(t)
+		- vscc-hue1-brn	(t)
+		- vscc-rm-ilg	(t)
+		- whois	(t)
+		- whois2	(t)
+		- zms-web	(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	n: no route to host
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Verisign-grs.com">
+
+	<target host="akms.verisign-grs.com" />
+	<target host="auth-whois.verisign-grs.com" />
+	<target host="epptool-ctld.verisign-grs.com" />
+	<target host="ipsapi.verisign-grs.com" />
+	<target host="knowledge.verisign-grs.com" />
+	<target host="namestoreote.verisign-grs.com" />
+	<target host="ipv4.namestoreote.verisign-grs.com" />
+	<target host="namestoreote-otp.verisign-grs.com" />
+	<target host="ipv4.namestoreote-otp.verisign-grs.com" />
+	<target host="naming.verisign-grs.com" />
+	<target host="nsmanager-otp.verisign-grs.com" />
+	<target host="ipv4.nsmanager-otp.verisign-grs.com" />
+	<target host="ote-sugapi.verisign-grs.com" />
+	<target host="registrar.verisign-grs.com" />
+	<target host="sugapi.verisign-grs.com" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Verisign.com.au.xml b/src/chrome/content/rules/Verisign.com.au.xml
new file mode 100644
index 000000000000..e67807eece1f
--- /dev/null
+++ b/src/chrome/content/rules/Verisign.com.au.xml
@@ -0,0 +1,49 @@
+<!--
+	For other Verisign coverage, see Verisign.xml
+
+
+	For other Symantec coverage, see Symantec.xml
+
+
+	Non-functional subdomains:
+		- crl	(t)
+		- crl-pilot	(t)
+		- knowledge	(i)
+		- mygatekeeper	(t)
+		- ocsp-pilot	(m)
+		- personalid	(t)
+		- pilot-ssl-certificate-center	(ssl handshake failed)
+		- pilot-ssl-certificate-center-enterprise	(ssl handshake failed)
+		- pilot-trust-center	(ssl handshake failed)
+		- pki-admin-pilot	(m)
+		- pki-pilot	(m)
+		- query	(ssl handshake failed)
+		- register	(i)
+		- ssl-certificate-center	(t)
+		- ssl-certificate-center-enterprise	(t)
+		- sslcheck	(t)
+		- tracking	(ssl handshake failed)
+		- trust-center	(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	n: no route to host
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Verisign.com.au">
+
+	<target host="verisign.com.au" />
+	<target host="www.verisign.com.au" />
+	<target host="ocsp.verisign.com.au" />
+	<target host="pki.verisign.com.au" />
+	<target host="pki-admin.verisign.com.au" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Verisign.com.br.xml b/src/chrome/content/rules/Verisign.com.br.xml
new file mode 100644
index 000000000000..c17422983e26
--- /dev/null
+++ b/src/chrome/content/rules/Verisign.com.br.xml
@@ -0,0 +1,28 @@
+<!--
+	For other Verisign coverage, see Verisign.xml
+
+
+	For other Symantec coverage, see Symantec.xml
+
+
+	Non-functional subdomains:
+		- query		(SSL handshake failed)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Verisign.com.br">
+
+	<target host="verisign.com.br"/>
+	<target host="www.verisign.com.br"/>
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Verisign.com.hk.xml b/src/chrome/content/rules/Verisign.com.hk.xml
new file mode 100644
index 000000000000..e2d8f52be001
--- /dev/null
+++ b/src/chrome/content/rules/Verisign.com.hk.xml
@@ -0,0 +1,37 @@
+<!--
+	For other Verisign coverage, see Verisign.xml
+
+
+	For other Symantec coverage, see Symantec.xml
+
+
+	Non-functional subdomains:
+		- knowledge	(i)
+		- pilot-ssl-certificate-center	(ssl handshake failed)
+		- pilot-ssl-certificate-center-enterprise	(ssl handshake failed)
+		- pilot-trust-center	(ssl handshake failed)
+		- query	(ssl handshake failed)
+		- ssl-certificate-center	(t)
+		- ssl-certificate-center-enterprise	(t)
+		- tracking	(ssl handshake failed)
+		- trust-center	(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	n: no route to host
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Verisign.com.hk">
+
+	<target host="verisign.com.hk" />
+	<target host="www.verisign.com.hk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Verisign.com.sg.xml b/src/chrome/content/rules/Verisign.com.sg.xml
new file mode 100644
index 000000000000..b8ea68c4ad7f
--- /dev/null
+++ b/src/chrome/content/rules/Verisign.com.sg.xml
@@ -0,0 +1,37 @@
+<!--
+	For other Verisign coverage, see Verisign.xml
+
+
+	For other Symantec coverage, see Symantec.xml
+
+
+	Non-functional subdomains:
+		- knowledge	(i)
+		- pilot-ssl-certificate-center	(ssl handshake failed)
+		- pilot-ssl-certificate-center-enterprise	(ssl handshake failed)
+		- pilot-trust-center	(ssl handshake failed)
+		- query	(ssl handshake failed)
+		- ssl-certificate-center	(t)
+		- ssl-certificate-center-enterprise	(t)
+		- tracking	(ssl handshake failed)
+		- trust-center	(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	n: no route to host
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Verisign.com.sg">
+
+	<target host="verisign.com.sg" />
+	<target host="www.verisign.com.sg" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Verisign.com.tw.xml b/src/chrome/content/rules/Verisign.com.tw.xml
new file mode 100644
index 000000000000..68d773dbdeef
--- /dev/null
+++ b/src/chrome/content/rules/Verisign.com.tw.xml
@@ -0,0 +1,35 @@
+<!--
+	For other Verisign coverage, see Verisign.xml
+
+
+	For other Symantec coverage, see Symantec.xml
+
+
+	Non-functional subdomains:
+		- knowledge	(i)
+		- pilot-ssl-certificate-center	(ssl handshake failed)
+		- pilot-trust-center	(ssl handshake failed)
+		- query	(ssl handshake failed)
+		- ssl-certificate-center	(t)
+		- tracking	(ssl handshake failed)
+		- trust-center	(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	n: no route to host
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Verisign.com.tw">
+
+	<target host="verisign.com.tw" />
+	<target host="www.verisign.com.tw" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Verisign.dk.xml b/src/chrome/content/rules/Verisign.dk.xml
new file mode 100644
index 000000000000..5ae3681d1a1c
--- /dev/null
+++ b/src/chrome/content/rules/Verisign.dk.xml
@@ -0,0 +1,36 @@
+<!--
+	For other Verisign coverage, see Verisign.xml
+
+
+	For other Symantec coverage, see Symantec.xml
+
+
+	Non-functional subdomains:
+		- knowledge	(i)
+		- pilot-ssl-certificate-center	(SSL handshake failed)
+		- pilot-ssl-certificate-center-enterprise	(SSL handshake failed)
+		- pilot-trust-center	(SSL handshake failed)
+		- query	(SSL handshake failed)
+		- ssl-certificate-center	(t)
+		- ssl-certificate-center-enterprise	(t)
+		- trust-center	(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	n: no route to host
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Verisign.dk">
+
+	<target host="verisign.dk" />
+	<target host="www.verisign.dk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Verisign.fr.xml b/src/chrome/content/rules/Verisign.fr.xml
new file mode 100644
index 000000000000..6efac6f441c9
--- /dev/null
+++ b/src/chrome/content/rules/Verisign.fr.xml
@@ -0,0 +1,37 @@
+<!--
+	For other Verisign coverage, see Verisign.xml
+
+
+	For other Symantec coverage, see Symantec.xml
+
+
+	Non-functional subdomains:
+		- ispcenter	(SSL handshake failed)
+		- knowledge	(i)
+		- pilot-ssl-certificate-center	(SSL handshake failed)
+		- pilot-ssl-certificate-center-enterprise	(SSL handshake failed)
+		- pilot-trust-center	(SSL handshake failed)
+		- query	(SSL handshake failed)
+		- ssl-certificate-center	(t)
+		- ssl-certificate-center-enterprise	(t)
+		- trust-center	(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	n: no route to host
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Verisign.fr">
+
+	<target host="verisign.fr" />
+	<target host="www.verisign.fr" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Verisign.se.xml b/src/chrome/content/rules/Verisign.se.xml
new file mode 100644
index 000000000000..b32a04213009
--- /dev/null
+++ b/src/chrome/content/rules/Verisign.se.xml
@@ -0,0 +1,37 @@
+<!--
+	For other Verisign coverage, see Verisign.xml
+
+
+	For other Symantec coverage, see Symantec.xml
+
+
+	Non-functional subdomains:
+		- knowledge	(i)
+		- pilot-ssl-certificate-center	(ssl handshake failed)
+		- pilot-ssl-certificate-center-enterprise	(ssl handshake failed)
+		- pilot-trust-center	(ssl handshake failed)
+		- query	(ssl handshake failed)
+		- ssl-certificate-center	(t)
+		- ssl-certificate-center-enterprise	(t)
+		- tracking	(ssl handshake failed)
+		- trust-center	(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	n: no route to host
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Verisign.se">
+
+	<target host="verisign.se" />
+	<target host="www.verisign.se" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Verisign.xml b/src/chrome/content/rules/Verisign.xml
index 3b787a430619..b2294fd96eb3 100644
--- a/src/chrome/content/rules/Verisign.xml
+++ b/src/chrome/content/rules/Verisign.xml
@@ -1,161 +1,253 @@
 <!--
-	Other Symantec rulesets:
-
-		- Symantec.xml
-
+	For other Symantec coverage, see Symantec.xml
+
+
+	Other Verisign rulesets:
+
+
+	Non-functional subdomains:
+		- access	(t)
+		- access.corparch	(t)
+		- accountsdr	(t)
+		- accountsdr-otp	(t)
+		- accountstatus	(t)
+		- activesync	(t)
+		- autodiscover	(t)
+		- autodiscover.corparch	(t)
+		- av	(t)
+		- av.corparch	(t)
+		- avedge	(ssl handshake failed)
+		- avedge-dr	(ssl handshake failed)
+		- avedge.corparch	(n)
+		- brl1lxsfmaildev01	(n)
+		- brn1lxmailin01	(t)
+		- brn1lxmailin02	(t)
+		- brn1lxmailout01	(n)
+		- brn1lxmailout02	(n)
+		- brn1lxsfmail01	(t)
+		- brn1mailers	(n)
+		- buyerauth	(ssl handshake failed)
+		- buyerauth-post	(t)
+		- c42	(n)
+		- careers	(ssl handshake failed)
+		- cboportal	(t)
+		- certmanager-webservices	(ssl handshake failed)
+		- cic	(m)
+		- cicsensor	(m)
+		- connect-ban	(m)
+		- connect-ilg	(i)
+		- connect-qa	(t)
+		- connect-sfo	(t)
+		- mdm.corparch	(t)
+		- cr-payflow	(t)
+		- crl	(m)
+		- csc3-2010-crl	(m)
+		- cxml-xmlpay	(t)
+		- dnssecforum	(t)
+		- e-lync-dir	(m)
+		- ecasconnector	(ssl handshake failed)
+		- forms	(m)
+		- ibm-enroll	(t)
+		- ibm-krs	(t)
+		- images.payflowlink	(m)
+		- infosecgrc	(n)
+		- investor	(i)
+		- ios	(r)
+		- ips	(t)
+		- ispcenter	(ssl handshake failed)
+		- ispcenter-admin	(ssl handshake failed)
+		- ispcenter-enroll	(ssl handshake failed)
+		- jamf	(i)
+		- join.corparch	(t)
+		- labs	(ssl handshake failed)
+		- legacy	(t)
+		- legacy.corparch	(t)
+		- logindr	(t)
+		- logindr-otp	(t)
+		- lwas	(r)
+		- lws-ext.corparch	(t)
+		- lyncdiscover.corparch	(t)
+		- lyncedge-ext.corparch	(r)
+		- lyncrp	(m)
+		- mail1	(n)
+		- mail2	(n)
+		- mail3	(n)
+		- mail4	(n)
+		- mail5	(n)
+		- mail6	(n)
+		- mdmuat	(ssl handshake failed)
+		- meetings-webex	(n)
+		- mmadmin	(ssl handshake failed)
+		- mmadmin-enroll	(m)
+		- mmadmin-manager	(ssl handshake failed)
+		- mmsmonitor-demo	(t)
+		- mobile.corparch	(t)
+		- mydevice	(r)
+		- netexch.clearing	(t)
+		- ocsp	(m)
+		- ocwa	(t)
+		- onlinecontracts-security-services	(t)
+		- onsite-ocsp	(ssl handshake failed)
+		- ote-accountsdr	(t)
+		- ote-accountsdr-otp	(t)
+		- ote-logindr	(t)
+		- ote-logindr-otp	(t)
+		- owas	(t)
+		- payflow	(t)
+		- payflowpro	(t)
+		- payments	(t)
+		- pciscanning.mss	(t)
+		- pic	(t)
+		- pilot-buyerauth	(t)
+		- pilot-buyerauth-post	(t)
+		- pilot-cboportal	(t)
+		- pilot-certmanager-webservices	(ssl handshake failed)
+		- pilot-cxml-xmlpay	(t)
+		- pilot-eca	(ssl handshake failed)
+		- pilot-eca-krs2048	(ssl handshake failed)
+		- pilot-eca2048	(ssl handshake failed)
+		- pilot-ocsp	(ssl handshake failed)
+		- pilot-payflowpro	(t)
+		- pilot-pkiservices	(ssl handshake failed)
+		- pilot-rms	(t)
+		- pilot-vipservices-auth	(ssl handshake failed)
+		- pilot-vipuserservices-auth	(ssl handshake failed)
+		- pilot-vps-psc	(t)
+		- pilotadmin-manager	(ssl handshake failed)
+		- pilotpayments	(t)
+		- pkiservices	(ssl handshake failed)
+		- pmg-acg-users	(m)
+		- pmg2	(t)
+		- qa-namestudio	(n)
+		- qa.domainscope	(n)
+		- qaweb	(r)
+		- query	(ssl handshake failed)
+		- rms	(t)
+		- salesconference09	(m)
+		- sentinel	(t)
+		- sip.corparch	(t)
+		- sipaccess.corparch	(r)
+		- sipexternal	(t)
+		- spark	(n)
+		- sso	(m)
+		- status	(n)
+		- statuschange-test	(n)
+		- test-admin.contentportal	(t)
+		- test-ssev	(ssl handshake failed)
+		- test-sspev	(ssl handshake failed)
+		- test-wap1.contentportal	(t)
+		- test-web1.contentportal	(t)
+		- ued	(ssl handshake failed)
+		- v-lync	(m)
+		- vdpsreports	(t)
+		- verified-domains	(ssl handshake failed)
+		- verify	(m)
+		- vip-fin	(ssl handshake failed)
+		- vps-psc	(t)
+		- vsc	(t)
+		- vulnerabilityscanning.mss	(t)
+		- webcon	(t)
+		- webcon.corparch	(n)
+		- webconf	(ssl connection error)
+		- webconf-dr	(ssl connection error)
+		- webconf.corparch	(i)
+		- webmail	(t)
+		- webmail.corparch	(t)
+		- webproxydr	(t)
+		- webproxydr-otp	(t)
+		- xml-reg	(t)
+		- xmpp	(n)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	n: no route to host
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
 -->
-<ruleset name="VeriSign (partial)">
-
-	<target host="verisign.be"/>
-	<target host="www.verisign.be"/>
-
-	<target host="verisign.ch"/>
-	<target host="knowledge.verisign.ch"/>
-	<target host="ssl-certificate-center.verisign.ch"/>
-	<target host="trust-center.verisign.ch"/>
-	<target host="www.verisign.ch"/>
-
-	<target host="verisign.com"/>
-	<target host="*.verisign.com" />
-	<!--	Observed subdomains:
-
-			- blogs
-			- enterprise-ssl-admin
-			- extended-validation-ssl
-			- idprotect
-			- idefense
-			- investor
-			- labs
-			- mdns
-			- products
-			- seal
-			- sealinfo
-			- ssl-certificate-center
-			- trust-center
-			- trustsealinfo
-			- vidn
-			- www
-					-->
-
-	<target host="verisign.com.au"/>
-	<target host="knowledge.verisign.com.au"/>
-	<target host="mygatekeeper.verisign.com.au"/>
-	<target host="ssl-certificate-center.verisign.com.au"/>
-	<target host="tracking.verisign.com.au"/>
-	<target host="trust-center.verisign.com.au"/>
-	<target host="www.verisign.com.au"/>
-
-	<target host="verisign.com.br"/>
-	<target host="www.verisign.com.br"/>
-
-	<target host="verisign.com.hk"/>
-	<target host="knowledge.verisign.com.hk"/>
-	<target host="ssl-certificate-center.verisign.com.hk"/>
-	<target host="tracking.verisign.com.hk"/>
-	<target host="trust.verisign.com.hk"/>
-	<target host="www.verisign.com.hk"/>
-
-	<target host="verisign.com.sg"/>
-	<target host="knowledge.verisign.com.sg"/>
-	<target host="ssl-certificate-center.verisign.com.sg"/>
-	<target host="trust-center.verisign.com.sg"/>
-	<target host="www.verisign.com.sg"/>
-
-	<target host="verisign.com.tw"/>
-	<target host="knowledge.verisign.com.tw"/>
-	<target host="ssl-certificate-center.verisign.com.tw"/>
-	<target host="tracking.verisign.com.tw"/>
-	<target host="trust-center.verisign.com.tw"/>
-	<target host="www.verisign.com.tw"/>
-
-	<target host="verisign.co.jp"/>
-	<target host="storefront.verisign.co.jp"/>
-	<target host="www.verisign.co.jp"/>
-
-	<target host="verisign.co.nz"/>
-	<target host="knowledge.verisign.co.nz"/>
-	<target host="tracking.verisign.co.nz"/>
-	<target host="www.verisign.co.nz"/>
-
-	<target host="verisign.co.uk"/>
-	<target host="knowledge.verisign.co.uk"/>
-	<target host="ssl-certificate-center.verisign.co.uk"/>
-	<target host="trust-center.verisign.co.uk"/>
-	<target host="www.verisign.co.uk"/>
-
-	<target host="verisign.dk"/>
-	<target host="knowledge.verisign.dk"/>
-	<target host="ssl-certificate-center.verisign.dk"/>
-	<target host="trust-center.verisign.dk"/>
-	<target host="www.verisign.dk"/>
-
-	<target host="verisign.de"/>
-	<target host="knowledge.verisign.de"/>
-	<target host="ssl-certificate-center.verisign.de"/>
-	<target host="trust-center.verisign.de"/>
-	<target host="www.verisign.de"/>
-
-	<target host="verisign.es"/>
-	<target host="knowledge.verisign.es"/>
-	<target host="ssl-certificate-center.verisign.es"/>
-	<target host="trust-center.verisign.es"/>
-	<target host="www.verisign.es"/>
-
-	<target host="verisign.fr"/>
-	<target host="knowledge.verisign.fr"/>
-	<target host="ssl-certificate-center.verisign.fr"/>
-	<target host="trust-center.verisign.fr"/>
-	<target host="www.verisign.fr"/>
-
-	<target host="verisign.it"/>
-	<target host="ssl-certificate-center.verisign.it"/>
-	<target host="trust-center.verisign.it"/>
-	<target host="www.verisign.it"/>
-
-	<target host="verisign.nl"/>
-	<target host="www.verisign.nl"/>
-
-	<target host="verisign.se"/>
-	<target host="knowledge.verisign.se"/>
-	<target host="ssl-certificate-center.verisign.se"/>
-	<target host="trust-center.verisign.se"/>
-	<target host="www.verisign.se"/>
-
-	<target host="knowledge.verisign-grs.com"/>
-
-	<target host="verisigninc.com"/>
-	<target host="www.verisigninc.com"/>
-
-	<target host="verisign-japan-domain.com"/>
-	<target host="www.verisign-japan-domain.com"/>
-
-	<target host="verisignlabs.com"/>
-	<target host="pip.verisignlabs.com"/>
-	<target host="www.verisignlabs.com"/>
-
-
-	<exclusion pattern="^http://verisigntransition101\.verisign\.[\w\.]{2,6}/"/>
-  <exclusion pattern="^http://[\w\-]*ocsp\.verisign\.com"/>
-
-	<securecookie host="^(.*\.)?verisign(inc)?\.com$" name=".*"/>
-
-
-	<rule from="^https?://verisignlabs\.com/"
-		to="https://www.verisignlabs.com/"/>
-
-	<rule from="^https?://(?:www\.)?verisign\.([\w\.]{2,6})/"
-		to="https://www.verisign.$1/"/>
-
-	<rule from="^http://([\w\-]+)\.verisign\.([\w\.]{2,6})/"
-		to="https://$1.verisign.$2/"/>
-
-	<rule from="^http://knowledge\.verisign-grs\.com/"
-		to="https://knowledge.verisign-grs.com/"/>
-
-	<rule from="^https?://(?:www\.)?verisign(inc|-japan-domain)\.com/"
-		to="https://www.verisign$1.com/"/>
-
-	<rule from="^http://(pip|www)\.verisignlabs\.com/"
-		to="https://$1.verisignlabs.com/"/>
+<ruleset name="VeriSign">
+
+	<target host="verisign.com" />
+	<target host="www.verisign.com" />
+	<target host="accounts-otp.verisign.com" />
+	<target host="admin-manager.verisign.com" />
+	<target host="alertus.verisign.com" />
+	<target host="authentication.verisign.com" />
+	<target host="blog.verisign.com" />
+	<target host="blogs.verisign.com" />
+	<target host="certmanager.verisign.com" />
+	<target host="connect.verisign.com" />
+	<target host="connect-asa.verisign.com" />
+	<target host="connect-brn.verisign.com" />
+	<target host="connect-fri.verisign.com" />
+	<target host="connect-mel.verisign.com" />
+	<target host="developer.verisign.com" />
+	<target host="device.verisign.com" />
+	<target host="device-admin.verisign.com" />
+	<target host="device-admin-enroll.verisign.com" />
+	<target host="device-admin-manager.verisign.com" />
+	<target host="ote-m.domainscope.verisign.com" />
+	<target host="epki-admin.verisign.com" />
+	<target host="extended-validation-ssl.verisign.com" />
+	<target host="idprotect.verisign.com" />
+	<target host="join.verisign.com" />
+	<target host="login.verisign.com" />
+	<target host="login-otp.verisign.com" />
+	<target host="lws-ext.verisign.com" />
+	<target host="lws-ext-dr.verisign.com" />
+	<target host="lyncdiscover.verisign.com" />
+	<target host="mdm1.verisign.com" />
+	<target host="mdns.verisign.com" />
+	<target host="mybetter.verisign.com" />
+	<target host="onsite.verisign.com" />
+	<target host="onsite-admin.verisign.com" />
+	<target host="ote-accounts.verisign.com" />
+	<target host="ote-accounts-otp.verisign.com" />
+	<target host="ote-domainscope.verisign.com" />
+	<target host="ote-login.verisign.com" />
+	<target host="ote-login-otp.verisign.com" />
+	<target host="pilot-authentication.verisign.com" />
+	<target host="pilot-epki-admin.verisign.com" />
+	<target host="pilot-ua.verisign.com" />
+	<target host="pilot-vipmanager.verisign.com" />
+	<target host="pilot-vipservices.verisign.com" />
+	<target host="pilot-vipuserservices.verisign.com" />
+	<target host="pilotonsite.verisign.com" />
+	<target host="pilotonsite-admin.verisign.com" />
+	<target host="pilotsc-admin-enroll.verisign.com" />
+	<target host="publicdnsforum.verisign.com" />
+	<target host="regprofile.verisign.com" />
+	<target host="ro-otp.verisign.com" />
+	<target host="sc-admin-enroll.verisign.com" />
+	<target host="seal.verisign.com" />
+	<target host="sealinfo.verisign.com" />
+	<target host="sip.verisign.com" />
+	<target host="sipaccess.verisign.com" />
+	<target host="sipaccess-dr.verisign.com" />
+	<target host="startonline.verisign.com" />
+	<target host="styleguide.verisign.com" />
+	<target host="toolbar.verisign.com" />
+	<target host="trustseal.verisign.com" />
+	<target host="trustsealinfo.verisign.com" />
+	<target host="ua.verisign.com" />
+	<target host="usertesting.verisign.com" />
+	<target host="vidn.verisign.com" />
+	<target host="vip-ssp.verisign.com" />
+	<target host="vipdesktop.verisign.com" />
+	<target host="vipmobile.verisign.com" />
+	<target host="vipservices.verisign.com" />
+	<target host="viptoolbar.verisign.com" />
+	<target host="vipuserservices.verisign.com" />
+	<target host="votreidee.verisign.com" />
+	<target host="vpn.verisign.com" />
+	<target host="vpn-brn.verisign.com" />
+	<target host="vpn-fri.verisign.com" />
+	<target host="vpn-ilg.verisign.com" />
+	<target host="vpn-mel.verisign.com" />
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Verivox.xml b/src/chrome/content/rules/Verivox.xml
index 9e6af707aa2c..51786cc7a2f6 100644
--- a/src/chrome/content/rules/Verivox.xml
+++ b/src/chrome/content/rules/Verivox.xml
@@ -13,14 +13,15 @@
 
 	<target host="verivox.de" />
 	<target host="www.verivox.de" />
-	<target host="*.vxcdn.com" />
+	<target host="css.vxcdn.com" />
+	<target host="img.vxcdn.com" />
 	<target host="partner.vxcp.de" />
 
 
 	<securecookie host="^partner\.vxcp\.de$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?verivox\.de/(i/|(?:login|PasswordReset|Register)\.aspx)"
+	<rule from="^http://(?:www\.)?verivox\.de/(i/|(?:login|PasswordReset|Register)\.aspx)"
 		to="https://www.verivox.de/$1" />
 
 	<rule from="^http://(css|img)\.vxcdn\.com/"
@@ -29,4 +30,4 @@
 	<rule from="^http://partner\.vxcp\.de/"
 		to="https://partner.vxcp.de/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Verizon-Enterprise.xml b/src/chrome/content/rules/Verizon-Enterprise.xml
new file mode 100644
index 000000000000..7e0ad0befc92
--- /dev/null
+++ b/src/chrome/content/rules/Verizon-Enterprise.xml
@@ -0,0 +1,27 @@
+<!--
+	For other Verizon coverage, see Verizon.xml.
+
+	- !www: mismatched, CN: www.verizonbusiness.com
+	- Some paths redirect to http
+-->
+
+<ruleset name="Verizon Enterprise (partial)">
+	<target host="verizonenterprise.com" />
+	<target host="www.verizonenterprise.com" />
+
+	<!-- Explicitly exclude all but those that match custom rule to pass CI builds -->
+	<exclusion pattern="^http://(www\.)?verizonenterprise\.com/(?!.*gfx|.*templates)" />
+		<test url="http://verizonenterprise.com/about/" />
+		<test url="http://verizonenterprise.com/industry/" />
+		<test url="http://verizonenterprise.com/vdms/" />
+		<test url="http://www.verizonenterprise.com/about/" />
+		<test url="http://www.verizonenterprise.com/industry/" />
+		<test url="http://www.verizonenterprise.com/vdms/" />
+
+	<rule from="^http://(www\.)?verizonenterprise\.com/(gfx|templates)/"
+		to="https://www.verizonenterprise.com/$2/" />
+		<test url="http://verizonenterprise.com/gfx/" />
+		<test url="http://verizonenterprise.com/templates/" />
+		<test url="http://www.verizonenterprise.com/gfx/" />
+		<test url="http://www.verizonenterprise.com/templates/" />
+</ruleset>
diff --git a/src/chrome/content/rules/Verizon-Wireless.xml b/src/chrome/content/rules/Verizon-Wireless.xml
new file mode 100644
index 000000000000..a29ace856828
--- /dev/null
+++ b/src/chrome/content/rules/Verizon-Wireless.xml
@@ -0,0 +1,138 @@
+<!--
+	For other Verizon coverage, see Verizon.xml.
+
+
+	CDN buckets:
+
+		- cache.vzw.com.edgesuite.net
+
+		- ehg-35vzw.1p.hitbox.com
+
+			- www35.vzw.com
+
+
+	Nonfunctional domains:
+
+		- devices.verizonwireless.com		(503)
+		- droiddoes.verizonwireless.com		(redirects to www.droiddoes, akamai)
+		- network4g.verizonwireless.com		(503, akamai)
+
+
+	Problematic domains:
+
+		- verizonwireless.com
+		- analytics.verizonwireless.com		(mismatched, CN: *.112.2o7.net)
+		- community.verizonwireless.com, chain issue (missing intermediate)
+		- m.verizonwireless.com, equivalent to www.verizonwireless.com
+		- vzwworkshops.verizonwireless.com, expired certificate
+		- (www.)vzw.com				(cert only matches verizonwireless.com)
+		- aboutus.vzw.com			(invalid certificate, equivalent to aboutus.verizonwireless.com)
+		- cache.vzw.com				(akamai)
+		- espanol2.vzw.com			(invalid certificate, equivalent to es.verizonwireless.com)
+		- (www.)lte.vzw.com			(times out)
+		- picture.vzw.com, connection refused
+		- s7.vzw.com				(akamai)
+		- www35.vzw.com				(not vital: web bugs; expired 2012-03-03)
+
+
+	Fully covered domains:
+
+		- verizonwireless.com subdomains:
+			- (www.)
+			- aboutus
+			- b2b
+			- billpaysvc
+			- businessportals
+			- login
+			- mblogin
+			- mediastore
+			- myaccount
+			- news
+			- opennetwork
+			- products
+			- psearch
+			- ringtones
+			- sanalytics
+			- videos
+			- wbillpay
+
+		vzw.com subdomains:
+			- (www.)
+			- b2b
+			- cache
+			- ecache
+			- espanol
+			- mediaimages
+			- scache
+			- ss7
+			- text
+			- trade-in
+			- www.trade-in
+-->
+<ruleset name="Verizon Wireless">
+
+	<target host="verizonwireless.com" />
+	<target host="www.verizonwireless.com" />
+	<target host="m.verizonwireless.com" />
+	<target host="aboutus.verizonwireless.com" />
+	<target host="b2b.verizonwireless.com" />
+	<target host="billpaysvc.verizonwireless.com" />
+	<target host="businessportals.verizonwireless.com" />
+	<target host="login.verizonwireless.com" />
+	<target host="mblogin.verizonwireless.com" />
+	<target host="mediastore.verizonwireless.com" />
+	<target host="myaccount.verizonwireless.com" />
+	<target host="news.verizonwireless.com" />
+	<target host="opennetwork.verizonwireless.com" />
+	<target host="products.verizonwireless.com" />
+	<target host="psearch.verizonwireless.com" />
+	<target host="ringtones.verizonwireless.com" />
+	<target host="sanalytics.verizonwireless.com" />
+	<target host="support.verizonwireless.com" />
+	<target host="videos.verizonwireless.com" />
+	<target host="wbillpay.verizonwireless.com" />
+	<target host="analytics.verizonwireless.com" />
+	<target host="vzw.com" />
+	<target host="www.vzw.com" />
+	<target host="aboutus.vzw.com" />
+	<target host="espanol2.vzw.com" />
+	<target host="b2b.vzw.com" />
+	<target host="ecache.vzw.com" />
+	<target host="espanol.vzw.com" />
+	<target host="mediaimages.vzw.com" />
+	<target host="scache.vzw.com" />
+	<target host="text.vzw.com" />
+	<target host="trade-in.vzw.com" />
+	<target host="www.trade-in.vzw.com" />
+
+	<!-- mixed content from scene7.com -->
+	<exclusion pattern="http://www\.verizonwireless\.com/landingpages/verizon-messages/" />
+
+	<!-- breaks video on https://www.verizonwireless.com/wcms/myverizon/smart-rewards.html and
+		http://www.verizonwireless.com/landingpages/verizon-messages/
+		See https://github.com/EFForg/https-everywhere/issues/2430 -->
+	<exclusion pattern="http://s7.vzw.com/" />
+
+	<securecookie host="^.*\.verizonwireless\.com$" name=".+" />
+	<securecookie host="^.*\.vzw\.com$" name=".+" />
+
+
+	<!--	vzw.com redirects like so.
+						-->
+	<rule from="^http://(www\.)?(verizonwireless|vzw)\.com/"
+		to="https://www.verizonwireless.com/" />
+
+	<rule from="^http://m\.verizonwireless\.com/"
+		to="https://www.verizonwireless.com/" />
+
+	<rule from="^http://aboutus\.vzw\.com/"
+		to="https://aboutus.verizonwireless.com/" />
+
+	<rule from="^http://espanol2\.vzw\.com/"
+		  to="https://es.verizonwireless.com/" />
+
+	<rule from="^http://analytics\.verizonwireless\.com/"
+		to="https://verizonwireless.112.2o7.net/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Verizon.xml b/src/chrome/content/rules/Verizon.xml
index 36631e89abf9..773409eaa2a4 100644
--- a/src/chrome/content/rules/Verizon.xml
+++ b/src/chrome/content/rules/Verizon.xml
@@ -2,21 +2,18 @@
 	Other Verizon rulesets:
 
 		- Share_the_Network.xml
-		- Verizon_Enterprise.xml
-		- Verizon_Wireless.xml
+		- verizon.net.xml
+		- verizonbusiness.com.xml
+		- Verizon-Enterprise.xml
+		- Verizon-Wireless.xml
 
 
 	CDN buckets:
 
 		- ak1s.abmr.net/is/www22.verizon.com
 		- vznews.convio.net
-
-		- wildcard.verizon.net.edgekey.net
-			- static-business.verizon.net
-
 		- ehg-verizon.hitbox.com
 		- vzw.jiwire.com
-
 		- vrzn.i.lithium.com
 
 		- vrzn.lithium.com
@@ -29,111 +26,165 @@
 		- (www.)thinkfinity.org
 		- (www.)community.thinkfinity.org
 		- developer.verizon.com *
+		- fiostrending.verizon.com ʰ
 		- foundation.verizon.com	(shows RHEL test page; self-signed, CN: ph1025101.bwi40g.vzbi.caas)
-		- mail.verizon.com *
 		- newscenter2.verizon.com	(no https)
 		- publicpolicy.verizon.com	(redirects to forums; mismatched, CN: responsibility.verizon.com)
-		- webmail.verizon.com *
 
 	* Times out.
+	ʰ Redirects to http
 
 
 	Problematic domains:
 
+		- verizon.com ᵐ
 		- about.verizon.com		(works; self-signed, CN: vz-about-dev.com)
 		- entertainment.verizon.com	(some pages work, at least games/index.php 404s)
+		- entertainmentlogin.verizon.com (expired)
+		- responsibility.verizon.com ʳ
 		- searchresults.verizon.com	(works; mismatched, CN: entertainmentlogin.verizon.com)
-		- verizon.net *
-		- businessforums.verizon.net **
-		- verizonbusiness.com *
 
-	* Cert only matches www
-	** CN: secure02.lithium.com, works. Handled mostly in Lithium-clients.xml.
+	ᵐ Mismatched
+	ʳ Refused; preemptable redirect
 
 
-	Partially covered domains:
+	Partially covered hosts in *verizon.com:
 
-		- collaborateext.verizon.com ¹
-		- collaborateextstg.verizon.com ¹
-		- www22.verizon.com *
-		- www98.verizon.com ***
-		- business.verizon.net **
-		- (www.)verizonbusiness.com ***
+		- (www.)? **
+		- www22 *
+		- www98
 
-	¹ $ redirects to ...:449
+	** ?lid=//global//residential redirects
 
-	* See: 
-		- https://mail1.eff.org/pipermail/https-everywhere/2011-November/001237.html
-		- https://mail1.eff.org/pipermail/https-everywhere-rules/2012-February/001003.html
+	* See:
+		- https://lists.eff.org/pipermail/https-everywhere/2011-November/001237.html
+		- https://lists.eff.org/pipermail/https-everywhere-rules/2012-February/001003.html
 
 	NB: Has this been fixed? It doesn't seem to loop...
 
-	* The login page, and only the login page(!), redirects to http.
-	*** Some (most?) pages redirect to http.
 
+	Insecure cookies are set for these domains and hosts:
 
-	Fully covered domains:
+		- .verizon.com
+		- auth.verizon.com
+		- enterprisecenter.verizon.com
+		- espanol.verizon.com
+		- forums.verizon.com
+		- signin.verizon.com
+		- smallbizrewards.verizon.com
+		- webmail.verizon.com
+		- .webmail.verizon.com
+		- www.verizon.com
+		- www36.verizon.com
+		- www98.verizon.com
 
-		- verizon.com subdomains:
 
-			- (www.)
-			- auth
-			- enterprisecenter
-			- entertainmentlogin
-			- espanol
-			- forums
-			- responsibility
-			- signin
-			- smallbusiness
-			- webmail
+	Mixed content:
 
-		- (www.)verizon.net
-		- static-business.verizon.net
+		- Images on forums, www from $self
 
--->
-<ruleset name="Verizon (partial)">
+		- Ads / bugs, on:
 
+			- www from fls.doubleclick.net
+			- www from \d+.fls.doubleclick.net
+
+-->
+<ruleset name="Verizon.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="auth.verizon.com" />
+	<!--target host="business.verizon.com" /-->
+	<target host="enterprisecenter.verizon.com" />
+	<target host="espanol.verizon.com" />
+	<target host="forums.verizon.com" />
+	<!--target host="mail.verizon.com" /-->
+	<!--target host="mblogin.verizon.com" /-->
+	<!--target host="myverizonenterprise.verizon.com" /-->
+	<!--target host="respframework.verizon.com" /-->
+	<target host="signin.verizon.com" />
+	<!--target host="smallbizrewards.verizon.com" /-->
+	<target host="smallbusiness.verizon.com" />
+	<target host="webmail.verizon.com" />
+	<target host="www.verizon.com" />
+	<target host="www22.verizon.com" />
+	<target host="www98.verizon.com" />
+
+	<!--	Complications:
+				-->
 	<target host="verizon.com" />
-	<target host="*.verizon.com" />
-		<exclusion pattern="^http://collaborateext(?:stg)?\.verizon\.com/(?:$|\?|aims/main/ext_index\.jsp)" />
+	<target host="responsibility.verizon.com" />
+	<target host="www36.verizon.com" />
+
+		<!--	Redirect differs:
+						-->
+		<!--exclusion pattern="^http://www\.verizon\.com/\?lid=//global//residential" /-->
 		<!--
-			investor/DocServlet 404s
+			More conservatively:
+						-->
+		<exclusion pattern="^http://(?:www\.)?verizon\.com/+\?(?:.*&amp;)?lid=" />
+
+			<!--	+ve:
+					-->
+			<test url="http://verizon.com/?lid=" />
+			<test url="http://verizon.com/?lid=//global" />
+			<test url="http://verizon.com/?lid=//global//residential" />
+			<test url="http://www.verizon.com/?lid=" />
+			<test url="http://www.verizon.com/?lid=//global" />
+			<test url="http://www.verizon.com/?lid=//global//residential" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.verizon.com/home/ak-cached/2h/styles/common.css" />
+
+		<!--	investor/DocServlet 404s
 							-->
 		<exclusion pattern="^http://www22\.verizon\.com/(?:Foryourhome/MyAccount/Unprotected|investor/DocServlet|secure/pages/viewbill)/" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www22.verizon.com/Foryourhome/MyAccount/Unprotected/" />
+			<test url="http://www22.verizon.com/investor/DocServlet/" />
+			<test url="http://www22.verizon.com/secure/pages/viewbill/" />
+
+		<!--	Redirects to http:
+						-->
 		<exclusion pattern="^http://www98\.verizon\.com/(?:$|\?)" />
-	<target host="verizon.net" />
-	<target host="*.verizon.net" />
-		<exclusion pattern="^http://business\.verizon\.net/.*SMBPortalWeb/login$" />
-	<target host="verizonbusiness.com" />
-	<target host="www.verizonbusiness.com" />
 
+			<!--	+ve:
+					-->
+			<test url="http://www98.verizon.com/?" />
+			<test url="http://www98.verizon.com/?utm_source=" />
 
-	<securecookie host="^(?:enterprisecenter|espanol|forums|responsibility|signin|smallbusiness|webmail)\.verizon\.com$" name=".+" />
-	<!--securecookie host="^\.verizon\.com$" name=".+" /-->
-	<!--securecookie host="^www22\.verizon\.com$" name=".+" /-->
-	<securecookie host="^(?:www\.)?verizon\.net$" name=".+" />
-	<!--securecookie host="^.*\.verizon\.net$" name=".+" /-->
+			<!--	-ve:
+					-->
+			<test url="http://www98.verizon.com/cs/groups/public/documents/adacct/caret_svg.svg" />
+			<test url="http://www98.verizon.com/home/ak-cached/2h/styles/common.css" />
+			<test url="http://www98.verizon.com/resources/verizonglobalhome/i/buttons/pause.png" />
 
+		<!--	Sets cookies without Secure:
+							-->
+		<test url="http://www36.verizon.com/fiosvoice/signin.aspx?goto=http://www36.verizon.com:80/fiosvoice/members/default.aspx" />
+
+
+	<securecookie host="^(?:enterprisecenter|espanol|forums|responsibility|signin|smallbusiness|webmail)\.verizon\.com$" name=".+" />
 
-	<rule from="^http://(?:www(?:22)?\.)?verizon\.com/(?:$|\?.*)"
-		to="https://www22.verizon.com/home/verizonglobalhome/ghp_landing.aspx" />
 
-	<rule from="^http://(?:www(22|98)?\.)?verizon\.com/"
-		to="https://www$1.verizon.com/" />
+	<rule from="^http://verizon\.com/"
+		to="https://www.verizon.com/" />
 
-	<rule from="^http://(auth|collaborateext(?:stg)?|enterprisecenter|entertainmentlogin|espanol|forums|responsibility|smallbusiness|signon|webmail)\.verizon\.com/"
-		to="https://$1.verizon.com/" />
+	<!--	Redirect drops forward slash, path, and args:
+								-->
+	<rule from="^http://responsibility\.verizon\.com/.*"
+		to="https://www.verizon.com/about/responsibility/" />
 
-	<rule from="^https?://(?:www\.)?verizon\.net/"
-		to="https://www.verizon.net/" />
+		<test url="http://responsibility.verizon.com/default.aspx" />
 
-	<rule from="^http://(static-)?business\.verizon\.net/"
-		to="https://$1business.verizon.net/" />
+	<rule from="^http://www36\.verizon\.com:80/"
+		to="https://www36.verizon.com/" />
 
-	<rule from="^https?://businessforums\.verizon\.net/html/"
-		to="https://forums.verizon.com/html/" />
+		<test url="http://www36.verizon.com:80/fiosvoice/members/default.aspx" />
 
-	<rule from="^https?://(?:www\.)?verizonbusiness\.com/(gfx|support/myaccount|templates)/"
-		to="https://www.verizonbusiness.com/$1/" />
+	<rule from="^http:"	to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Verizon_Enterprise.xml b/src/chrome/content/rules/Verizon_Enterprise.xml
deleted file mode 100644
index 7b569eede0d9..000000000000
--- a/src/chrome/content/rules/Verizon_Enterprise.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	For other Verizon coverag, see Verizon.xml.
-
-
-	- !www: mismatched, CN: www.verizonbusiness.com
-	- Some paths redirect to http
-
--->
-<ruleset name="Verizon Enterprise (partial)">
-
-	<target host="verizonenterprise.com" />
-	<target host="www.verizonenterprise.com" />
-
-
-	<!--	Redirects to http first:
-						-->
-	<rule from="^http://(?:www\.)?verizonenterprise\.com/Support(?:\?.*)?$"
-		to="https://www.verizonenterprise.com/Support/" />
-
-	<rule from="^http://(?:www\.)?verizonenterprise\.com/(gfx|Support|templates)/"
-		to="https://www.verizonenterprise.com/$1/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Verizon_Wireless.xml b/src/chrome/content/rules/Verizon_Wireless.xml
deleted file mode 100644
index 11f8f8a136a6..000000000000
--- a/src/chrome/content/rules/Verizon_Wireless.xml
+++ /dev/null
@@ -1,118 +0,0 @@
-<!--
-	For other Verizon coverage, see Verizon.xml.
-
-
-	CDN buckets:
-
-		- cache.vzw.com.edgesuite.net
-
-		- ehg-35vzw.1p.hitbox.com
-
-			- www35.vzw.com
-
-
-	Nonfunctional domains:
-
-		- devices.verizonwireless.com		(503)
-		- droiddoes.verizonwireless.com		(redirects to www.droiddoes, akamai)
-		- network4g.verizonwireless.com		(503, akamai)
-
-
-	Problematic domains:
-
-		- verizonwireless.com
-		- analytics.verizonwireless.com		(mismatched, CN: *.112.2o7.net)
-		- (www.)vzw.com				(cert only matches verizonwireless.com)
-		- cache.vzw.com				(akamai)
-		- lte.vzw.com				(cert only matches www.lte.wzw.com
-		- trade-in.vzw.com			(cert only matches www.trade-in)
-		- s7.vzw.com				(akamai)
-		- www35.vzw.com				(not vital: web bugs; expired 2012-03-03)
-
-
-	Fully covered domains:
-
-		- verizonwireless.com subdomains:
-
-			- (www.)
-			- aboutus
-			- b2b
-			- billpaysvc
-			- businessportals
-			- community
-			- login
-			- m
-			- mblogin
-			- mediastore
-			- myaccount
-			- news
-			- opennetwork
-			- products
-			- psearch
-			- ringtones
-			- sanalytics
-			- videos
-			- wbillpay
-			- wizard
-			- vzwworkshops
-
-		vzw.com subdomains:
-
-			- (www.)
-			- aboutus
-			- alerts
-			- b2b
-			- cache
-			- ecache
-			- espanol
-			- espanol2
-			- lte		(→ www.lte.vzw.com)
-			- www.lte
-			- mediaimages
-			- picture
-			- s7		(→ ss7)
-			- scache
-			- ss7
-			- text
-			- www.trade-in
-			- wallpaper
-
-
-	Wildcard cookies:
-
-		- *.picture.vzw.com
-
--->
-<ruleset name="Verizon Wireless">
-
-	<target host="verizonwireless.com" />
-	<target host="*.verizonwireless.com" />
-	<target host="vzw.com" />
-	<target host="*.vzw.com" />
-
-
-	<securecookie host="^.*\.verizonwireless\.com$" name=".+" />
-	<securecookie host="^.*\.vzw\.com$" name=".+" />
-
-
-	<!--	vzw.com redirects like so.
-						-->
-	<rule from="^https?://(?:www\.)?v(?:erizonwireless|zw)\.com/"
-		to="https://www.verizonwireless.com/" />
-
-	<rule from="^http://(aboutus|b2b|billpaysvc|businessportals|community|login|m|mblogin|mediastore|myaccount|news|opennetwork|products|psearch|ringtones|sanalytics|support|videos|wbillpay|wizard|vzwworkshops)\.verizonwireless\.com/"
-		to="https://$1.verizonwireless.com/" />
-
-	<rule from="^https?://analytics\.verizonwireless\.com/"
-		to="https://verizonwireless.112.2o7.net/" />
-
-	<rule from="^http://(aboutus|alerts|b2b|ecache|espanol2?|mediaimages|picture|text|wallpaper)\.vzw\.com/"
-		to="https://$1.vzw.com/" />
-
-	<rule from="^https?://(?:www\.)?(lte|trade-in)\.vzw\.com/"
-		to="https://www.$1.vzw.com/" />
-
-	<rule from="^https?://s?(cache|s7)\.vzw\.com/"
-		to="https://s$1.vzw.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Verkkomaksut.fi.xml b/src/chrome/content/rules/Verkkomaksut.fi.xml
index 6f5a7ae6bf52..d68c2e481440 100644
--- a/src/chrome/content/rules/Verkkomaksut.fi.xml
+++ b/src/chrome/content/rules/Verkkomaksut.fi.xml
@@ -6,13 +6,13 @@
 -->
 <ruleset name="Verkkomaksut.fi (partial)">
 
-	<target host="*.verkkomaksut.fi" />
+	<target host="img.verkkomaksut.fi" />
+	<target host="payment.verkkomaksut.fi" />
 
 
 	<securecookie host="^(?:\.?payment)?\.verkkomaksut\.fi$" name=".+" />
 
 
-	<rule from="^http://(img|payment)\.verkkomaksut\.fi/"
-		to="https://$1.verkkomaksut.fi/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Verkkouutiset.fi.xml b/src/chrome/content/rules/Verkkouutiset.fi.xml
new file mode 100644
index 000000000000..47165bdcc331
--- /dev/null
+++ b/src/chrome/content/rules/Verkkouutiset.fi.xml
@@ -0,0 +1,22 @@
+<!--
+	^: dropped
+	www: Herokuapp
+
+
+	Mixed content:
+
+		- css from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Verkkouutiset.fi" default_off="mismatched">
+
+	<target host="verkkouutiset.fi" />
+	<target host="www.verkkouutiset.fi" />
+
+
+	<rule from="^http://(?:www\.)?verkkouutiset\.fi/"
+		to="https://www.verkkouutiset.fi/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/VeronikaMaine.xml b/src/chrome/content/rules/VeronikaMaine.xml
new file mode 100644
index 000000000000..3bb7c9fe5e60
--- /dev/null
+++ b/src/chrome/content/rules/VeronikaMaine.xml
@@ -0,0 +1,7 @@
+<ruleset name="Veronika Maine">
+	<target host="veronikamaine.com.au" />
+	<target host="www.veronikamaine.com.au" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/VersaCart_Systems.xml b/src/chrome/content/rules/VersaCart_Systems.xml
index 8838b228f391..6053894f1dc9 100644
--- a/src/chrome/content/rules/VersaCart_Systems.xml
+++ b/src/chrome/content/rules/VersaCart_Systems.xml
@@ -1,13 +1,12 @@
 <ruleset name="VersaCart Systems">
 
 	<target host="versacart.com" />
-	<target host="*.versacart.com" />
+	<target host="www.versacart.com" />
 
 
 	<securecookie host="^\.versacart\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?versacart\.com/"
-		to="https://$1versacart.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/VersionEye.com.xml b/src/chrome/content/rules/VersionEye.com.xml
new file mode 100644
index 000000000000..5958630eaa3c
--- /dev/null
+++ b/src/chrome/content/rules/VersionEye.com.xml
@@ -0,0 +1,16 @@
+<ruleset name="VersionEye.com">
+
+	<target host="versioneye.com" />
+	<target host="www.versioneye.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.versioneye\.com$" name="^_versioneye_session$" /-->
+
+	<securecookie host="^www\.versioneye\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Verslu.is.xml b/src/chrome/content/rules/Verslu.is.xml
new file mode 100644
index 000000000000..a238ff5fd83d
--- /dev/null
+++ b/src/chrome/content/rules/Verslu.is.xml
@@ -0,0 +1,12 @@
+<ruleset name="Verslu.is">
+
+	<target host="blog.verslu.is" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Versus-Technologies.xml b/src/chrome/content/rules/Versus-Technologies.xml
index 6a6a20249414..653725c9d657 100644
--- a/src/chrome/content/rules/Versus-Technologies.xml
+++ b/src/chrome/content/rules/Versus-Technologies.xml
@@ -1,9 +1,13 @@
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://vstech.net/ => https://vstech.net/: Cycle detected - URL already encountered: https://www.vstech.net/whmcs/index.php
+-->
 <ruleset name="Versus Technologies">
 
 	<target host="vstech.net"/>
 	<target host="*.vstech.net"/>
 
-	<securecookie host="^(.*\.)?vstech\.net$" name=".*"/>
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http://(\w+\.)?vstech\.net/"
 		to="https://$1vstech.net/"/>
diff --git a/src/chrome/content/rules/Vertical-Acuity-mismatches.xml b/src/chrome/content/rules/Vertical-Acuity-mismatches.xml
deleted file mode 100644
index a770dd3205f8..000000000000
--- a/src/chrome/content/rules/Vertical-Acuity-mismatches.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	For rules that are on by default, see Vertical-Acuity.xml.
-
--->
-<ruleset name="Vertical Acuity (mismatches)" default_off="mismatch">
-
-	<target host="verticalacuity.com" />
-	<target host="www.verticalacuity.com" />
-
-
-	<!--	- Cert: *.gridserver.com
-		- !www redirects to www
-						-->
-	<rule from="^https?://(?:www\.)?verticalacuity\.com/"
-		to="https://www.verticalacuity.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Vertical-Acuity.xml b/src/chrome/content/rules/Vertical-Acuity.xml
deleted file mode 100644
index e47e27eaea3f..000000000000
--- a/src/chrome/content/rules/Vertical-Acuity.xml
+++ /dev/null
@@ -1,34 +0,0 @@
-<!--
-	For problematic rules, see Vertical-Acuity-mismatches.xml.
-
-
-	Other Vertical Acuity rulesets:
-
-		- Scribit.xml
-
-
-	blog.verticalacuity.com is handled in WordPress-blogs.xml.
-
-
-	CDN buckets:
-
-		- syndication-lb-65387051.us-east-1.elb.amazonaws.com
-		- tracking-lb-729810930.us-east-1.elb.amazonaws.com
-		- d2frbsrahs9p5r.cloudfront.net
-
-
-	Nonfunctional domains:
-
-		- syn.verticalacuity.com
-		- tm.verticalacuity.com
-
--->
-<ruleset name="Vertical Acuity (partial)">
-
-	<target host="scripts.verticalacuity.com" />
-
-
-	<rule from="^https?://scripts\.verticalacuity\.com/"
-		to="https://d2frbsrahs9p5r.cloudfront.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Vertical-Media.xml b/src/chrome/content/rules/Vertical-Media.xml
index 065568d11be2..453c32e5474a 100644
--- a/src/chrome/content/rules/Vertical-Media.xml
+++ b/src/chrome/content/rules/Vertical-Media.xml
@@ -1,13 +1,18 @@
-<!--	!functional:
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://mail.verticalmedia.com/ => https://mail.verticalmedia.com/: (60, 'SSL certificate problem: self signed certificate')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://mail.verticalmedia.com/ => https://mail.verticalmedia.com/: (60, 'SSL certificate problem: self signed certificate')	!functional:
 		- (www.)alltrips.com
 		- (www.)verticalmedia.com	(cert: *.securesites.net; redirects to www.alltrips.com over http,
 						shows Vertical Media logo and "vmcorp1.serverpros.com" over https)
 -->
-<ruleset name="Vertical Media (partial)">
+<ruleset name="Vertical Media (partial)" default_off="failed ruleset test">
 
 	<target host="mail.verticalmedia.com"/>
 
-	<rule from="^http://mail\.verticalmedia\.com/"
-		to="https://mail.verticalmedia.com/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Vertical-Web-Media.xml b/src/chrome/content/rules/Vertical-Web-Media.xml
index dbf1a92c0532..52beacfa05b1 100644
--- a/src/chrome/content/rules/Vertical-Web-Media.xml
+++ b/src/chrome/content/rules/Vertical-Web-Media.xml
@@ -2,9 +2,9 @@
 
 	<target host="internetretailer.com"/>
 	<!--	* for cross-domain cookie	-->
-	<target host="*.internetretailer.com"/>
+	<target host="www.internetretailer.com" />
 
-	<securecookie host="^(.*\.)?internetretailer\.com$" name=".*"/>
+	<securecookie host=".+" name=".+" />
 
 	<!--	cert !valid for !www	-->
 	<rule from="^http://(?:www\.)?internetretailer\.com/"
diff --git a/src/chrome/content/rules/VerticalResponse.xml b/src/chrome/content/rules/VerticalResponse.xml
index aedcbe42253d..cf978d7b9670 100644
--- a/src/chrome/content/rules/VerticalResponse.xml
+++ b/src/chrome/content/rules/VerticalResponse.xml
@@ -1,5 +1,5 @@
 <ruleset name="VerticalResponse">
   <target host="cts.vresp.com" />
 
-  <rule from="^http://cts\.vresp\.com/" to="https://cts.vresp.com/"/>
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Vertical_Response.com.xml b/src/chrome/content/rules/Vertical_Response.com.xml
new file mode 100644
index 000000000000..038495536560
--- /dev/null
+++ b/src/chrome/content/rules/Vertical_Response.com.xml
@@ -0,0 +1,71 @@
+<!--
+	Nonfunctional subdomains:
+
+		- ^ ¹
+		- developers ²
+		- help ³
+		- marketing ⁴
+		- partner ⁵
+		- www ⁶
+
+	¹ Reset
+	² Mashery
+	³ Dropped
+	⁴ Marketo
+	⁵ Plaintext reply
+	⁶ Redirects to maintenance.vresp.com
+
+
+	Problematic subdomains:
+
+		- helpcenter *
+
+	* Force.com
+
+
+	Partially covered subdomains:
+
+		- helpcenter	(→ vr.force.com)
+		- marketing	(→ na-sjf.marketo.com)
+		- support *	(→ vr.force.com)
+
+	* .+ 404s
+
+
+	Fully covered subdomains:
+
+		- img-ak
+		- vr2
+
+
+	Mixed content:
+
+		- css on helpcenter from fonts.googleapis.com ¹
+		- Images on helpcenter from www ²
+
+	¹ Secured by us
+	² Unsecurable <= redirects to another domain
+
+-->
+<ruleset name="Vertical Response.com (partial)">
+
+	<target host="vr.force.com" />
+	<target host="*.verticalresponse.com" />
+
+
+	<rule from="^http://vr\.force\.com/"
+		to="https://vr.force.com/" />
+
+	<rule from="^http://helpcenter\.verticalresponse\.com/(?=/*$|/*\?)"
+		to="https://vr.force.com/community/Communities/Welcome" />
+
+	<rule from="^http://marketing\.verticalresponse\.com/(?=css/|images/|js/|rs/)"
+		to="https://na-sjf.marketo.com/" />
+
+	<rule from="^http://support\.verticalresponse\.com/$"
+		to="https://vr.force.com/community/" />
+
+	<rule from="^http://(img-ak|vr2)\.verticalresponse\.com/"
+		to="https://$1.verticalresponse.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Vertriebsassistent.de.xml b/src/chrome/content/rules/Vertriebsassistent.de.xml
index ea981c9f99a3..e7e29373fe38 100644
--- a/src/chrome/content/rules/Vertriebsassistent.de.xml
+++ b/src/chrome/content/rules/Vertriebsassistent.de.xml
@@ -12,7 +12,8 @@
 -->
 <ruleset name="Vertriebsassistent.de (partial)">
 
-	<target host="*.vertriebsassistent.de" />
+	<target host="app.vertriebsassistent.de" />
+	<target host="stats.vertriebsassistent.de" />
 
 
 	<!--	Is this safe to secure?
@@ -21,7 +22,6 @@
 	<securecookie host="^stats\.vertriebsassistent\.de$" name=".+" />
 
 
-	<rule from="^http://(app|stats)\.vertriebsassistent\.de/"
-		to="https://$1.vertriebsassistent.de/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Vertx.com.xml b/src/chrome/content/rules/Vertx.com.xml
new file mode 100644
index 000000000000..dd32c649dc40
--- /dev/null
+++ b/src/chrome/content/rules/Vertx.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Vertx.com">
+	<target host="vertx.com" />
+	<target host="www.vertx.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Veruta.com.xml b/src/chrome/content/rules/Veruta.com.xml
deleted file mode 100644
index e0e8e840011c..000000000000
--- a/src/chrome/content/rules/Veruta.com.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	Fully covered subdomains:
-
-		- adserver
-		- w.p
-
--->
-<ruleset name="Veruta.com">
-
-	<target host="*.veruta.com" />
-
-
-	<rule from="^http://(adserver|w\.p)\.veruta\.com/"
-		to="https://$1.veruta.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Verve_Hosting.com-problematic.xml b/src/chrome/content/rules/Verve_Hosting.com-problematic.xml
new file mode 100644
index 000000000000..353fbd3dc38e
--- /dev/null
+++ b/src/chrome/content/rules/Verve_Hosting.com-problematic.xml
@@ -0,0 +1,23 @@
+<!--
+	For rules that are on by default, see Verve_Hosting.com.xml.
+
+-->
+<ruleset name="Verve Hosting.com (problematic)" default_off="expired, missing certificate chain">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="vervehosting.com" />
+	<target host="hudson.vervehosting.com" />
+
+	<!--	Complications:
+				-->
+	<target host="www.vervehosting.com" />
+
+
+	<rule from="^http://www\.vervehosting\.com/"
+		to="https://vervehosting.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Verve_Hosting.xml b/src/chrome/content/rules/Verve_Hosting.xml
index 23f0a24b20b2..eb1e42f63c04 100644
--- a/src/chrome/content/rules/Verve_Hosting.xml
+++ b/src/chrome/content/rules/Verve_Hosting.xml
@@ -1,4 +1,7 @@
 <!--
+	For problematic rules, see Verve_Hosting.com-problematic.xml.
+
+
 	Nonfunctional subdomains:
 
 		- nagios	(refused)
@@ -7,29 +10,44 @@
 
 	Problematic subdomains:
 
-		- www	(cert only matches ^vervehosting.com)
+		- ^ ¹
+		- hudson ²
+		- www ¹ ³
+
+	¹ Expired
+	² Server sends no certificate chain, see https://whatsmychaincert.com
+	³ Mismatched
 
 
-	Fully covered subdomains:
+	Insecure cookies are set for these hosts:
 
-		- (www.)	(www → ^)
-		- cms
-		- hudson
+		- cms.vervehosting.com
 
 -->
-<ruleset name="Verve Hosting (partial)">
+<ruleset name="Verve Hosting.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<!--target host="vervehosting.com" /-->
+	<target host="cms.vervehosting.com" />
+	<!--target host="hudson.vervehosting.com" /-->
+
+	<!--	Complications:
+				-->
+	<!--target host="www.vervehosting.com" /-->
 
-	<target host="vervehosting.com" />
-	<target host="*.vervehosting.com" />
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^cms\.vervehosting\.com$" name="^WHMCS[a-zA-Z]+$" /-->
 
 	<securecookie host="^cms\.vervehosting\.com$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?vervehosting\.com/"
-		to="https://vervehosting.com/" />
+	<!--rule from="^http://www\.vervehosting\.com/"
+		to="https://vervehosting.com/" /-->
 
-	<rule from="^http://(cms|hudson)\.vervehosting\.com/"
-		to="https://$1.vervehosting.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Verwaltung_Online.xml b/src/chrome/content/rules/Verwaltung_Online.xml
index 6e8037f189cb..4c7ce8aecaac 100644
--- a/src/chrome/content/rules/Verwaltung_Online.xml
+++ b/src/chrome/content/rules/Verwaltung_Online.xml
@@ -1,13 +1,45 @@
+<!--
+	Other bund.de rulesets:
+	- badv.bund.de.xml
+	- baf.bund.de.xml
+	- bag.bund.de.xml
+	- bakoev.bund.de.xml
+	- baks.bund.de.xml
+	- bav.bund.de.xml
+	- bbk.bund.de.xml
+	- bbr.bund.de.xml
+	- bbsr.bund.de.xml
+	- BDBOS.bund.de.xml
+	- bescha.bund.de.xml
+	- BEV.bund.de.xml
+	- bfe.bund.de.xml
+	- BfDI.bund.de.xml
+	- BfR.bund.de.xml
+	- BGR.bund.de.xml
+	- BiB.bund.de.xml
+	- BMVg.de.xml
+	- BSH.de.xml
+	- bstu.bund.de.xml
+	- Bundesamt_fuer_Kartographie_und_Geodaesie.xml
+	- Bundesamt_fuer_Strahlenschutz.xml
+	- Bundesministerium_des_Innern.xml
+	- Bundesnachrichtendienst.xml
+	- bvl.bund.de.xml
+	- Federal-Office-for-Information-Security.xml
+	- Federal_Office_of_Administration.xml
+	- KKR.bund.de.xml
+	- lernplattform-bakoev.bund.de.xml
+	- Umweltbundesamt.de.xml
+-->
 <ruleset name="Verwaltung Online">
 
 	<target host="bund.de" />
 	<target host="www.bund.de" />
+	<target host="service.bund.de" />
+	<target host="www.service.bund.de" />
 
+	<securecookie host=".+" name=".+" />
 
-	<securecookie host="^(?:www\.)?bund\.de$" name=".+" />
+	<rule from="^http:" to="https:" />
 
-
-	<rule from="^http://(www\.)?bund\.de/"
-		to="https://$1bund.de/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Verzekeringssite.nl.xml b/src/chrome/content/rules/Verzekeringssite.nl.xml
index 054be9d1b87d..80af66ce5555 100644
--- a/src/chrome/content/rules/Verzekeringssite.nl.xml
+++ b/src/chrome/content/rules/Verzekeringssite.nl.xml
@@ -1,9 +1,15 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://verzekeringssite.nl/ => https://www.verzekeringssite.nl/: (51, "SSL: no alternative certificate subject name matches target host name 'www.verzekeringssite.nl'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://verzekeringssite.nl/ => https://www.verzekeringssite.nl/: (51, "SSL: no alternative certificate subject name matches target host name 'www.verzekeringssite.nl'")
 	- Cert only matches www
 	- blog 404s
 
 -->
-<ruleset name="Verzekeringssite.nl (partial)">
+<ruleset name="Verzekeringssite.nl (partial)" default_off="failed ruleset test">
 
 	<target host="verzekeringssite.nl" />
 	<target host="*.verzekeringssite.nl" />
@@ -12,7 +18,7 @@
 	<securecookie host="^(?:www)?\.verzekeringssite\.nl$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?verzekeringssite\.nl/(?!blog)"
+	<rule from="^http://(?:www\.)?verzekeringssite\.nl/(?!blog)"
 		to="https://www.verzekeringssite.nl/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Vesess-expired.xml b/src/chrome/content/rules/Vesess-expired.xml
deleted file mode 100644
index 05cba7227c67..000000000000
--- a/src/chrome/content/rules/Vesess-expired.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	For rules that are on by default, see Vesess.xml.
-
-
--->
-<ruleset name="Vesess (expired)" default_off="expired">
-
-	<target host="demo.curdbee.com" />
-
-
-	<!--	Cookies are handled in Vesess.xml.	-->
-
-
-	<rule from="^http://demo\.curdbee\.com/"
-		to="https://demo.curdbee.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Vesess.xml b/src/chrome/content/rules/Vesess.xml
index 3d29259aa94a..560458b12aa7 100644
--- a/src/chrome/content/rules/Vesess.xml
+++ b/src/chrome/content/rules/Vesess.xml
@@ -1,5 +1,5 @@
 <!--
-	For problematic rules, see Vesess-expired.xml.
+	For other Vesess coverage, see Hiveage.com.xml.
 
 
 	Bucket at d21xk7v0y9zvyz.cloudfront.net
@@ -7,21 +7,24 @@
 
 	Nonfunctional domains:
 
-		- (www.)curdbee.com	(cert: hotelotravel.com; shows that domain's data)
+		- (www.)curdbee.com	Shows default page
+		- demo.curdbee.com *
 		- (www.)vesess.com	(cert: *.websitewelcome.com; shows directory tree)
 
+	* Shows default page
+
 -->
-<ruleset name="Vesess (partial)">
+<ruleset name="CurdBee.com (partial)" default_off="cert-chain">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="app.curdbee.com" />
 
 
-	<!--	Note: Cross-domain cookies are avoided in case
-		they are used on unsecured domains.	-->
-	<securecookie host="^\w+\.curdbee\.com$" name=".*" />
+	<securecookie host="^\w+\.curdbee\.com$" name=".+" />
 
 
-	<rule from="^http://app\.curdbee\.com/"
-		to="https://app.curdbee.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Vesica.xml b/src/chrome/content/rules/Vesica.xml
index 768466aa622a..3eb62609d511 100644
--- a/src/chrome/content/rules/Vesica.xml
+++ b/src/chrome/content/rules/Vesica.xml
@@ -4,10 +4,9 @@
 	<target host="www.vesica.ws" />
 
 
-	<securecookie host="^vesica\.ws$" name=".*" />
+	<securecookie host="^vesica\.ws$" name=".+" />
 
 
-	<rule from="^http://(www\.)?vesica\.ws/"
-		to="https://$1vesica.ws/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Vesper_Marine.xml b/src/chrome/content/rules/Vesper_Marine.xml
index 5ab72a4f476d..82142ff4e206 100644
--- a/src/chrome/content/rules/Vesper_Marine.xml
+++ b/src/chrome/content/rules/Vesper_Marine.xml
@@ -1,16 +1,35 @@
+<!--
+	Refused:
+		blog.vespermarine.com
+
+	Private subdomain:
+		guardian.vespermarine.com
+		wcp.vespermarine.com
+
+	Invalid certificate:
+		www3.vespermarine.com
+
+-->
 <ruleset name="Vesper Marine">
 
+	<target host="vespermarine.com" />
+	<target host="www.vespermarine.com" />
+	<target host="downloads.vespermarine.com" />
+	<target host="support.vespermarine.com" />
+	<target host="www2.vespermarine.com" />
+
 	<target host="vespermarine.com.au" />
-	<target host="*.vespermarine.com.au" />
-	<target host="vespermarine.co.*" />
-	<target host="*.vespermarine.co.nz" />
-	<target host="*.vespermarine.co.uk" />
+	<target host="www.vespermarine.com.au" />
 
+	<target host="vespermarine.co.nz" />
+	<target host="www.vespermarine.co.nz" />
 
-	<securecookie host="^\.vespermarine\.co(?:m\.au|\.nz|\.uk)$" name=".+" />
+	<target host="vespermarine.co.uk" />
+	<target host="www.vespermarine.co.uk" />
 
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(www\.)?vespermarine\.co(m\.au|\.nz|\.uk)/"
-		to="https://$1vespermarine.co$2/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Vessel.xml b/src/chrome/content/rules/Vessel.xml
index 554574ce4953..9ffa8b55e51b 100644
--- a/src/chrome/content/rules/Vessel.xml
+++ b/src/chrome/content/rules/Vessel.xml
@@ -1,13 +1,12 @@
 <ruleset name="Vessel">
 
 	<target host="vesselbags.com" />
-	<target host="*.vesselbags.com" />
+	<target host="www.vesselbags.com" />
 
 
 	<securecookie host="^\.vesselbags\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?vesselbags\.com/"
-		to="https://$1vesselbags.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Vesta_CP.com.xml b/src/chrome/content/rules/Vesta_CP.com.xml
new file mode 100644
index 000000000000..3cac02104455
--- /dev/null
+++ b/src/chrome/content/rules/Vesta_CP.com.xml
@@ -0,0 +1,31 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- .vestacp.com
+		- bugs.vestacp.com
+		- my.vestacp.com
+
+-->
+<ruleset name="Vesta CP.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="vestacp.com" />
+	<target host="bugs.vestacp.com" />
+	<target host="forum.vestacp.com" />
+	<target host="my.vestacp.com" />
+	<target host="www.vestacp.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.vestacp\.com$" name="^vestacp-forum_(?:k|sid|u)$" /-->
+	<!--securecookie host="^(?:bugs|my)\.vestacp\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host=".*\.vestacp\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/VetDepot.com.xml b/src/chrome/content/rules/VetDepot.com.xml
new file mode 100644
index 000000000000..2eeab99aaa0b
--- /dev/null
+++ b/src/chrome/content/rules/VetDepot.com.xml
@@ -0,0 +1,36 @@
+<!--
+	^vetdepot.com: Mismatched
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .vetdepot.com
+		- www.vetdepot.com
+
+-->
+<ruleset name="VetDepot.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.vetdepot.com" />
+
+	<!--	Complications:
+				-->
+	<target host="vetdepot.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.vetdepot\.com$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^www\.vetdepot\.com$" name="^Session(?:Id|Key)$" /-->
+
+	<securecookie host="^(?:www)?\.vetdepot\.com$" name=".+" />
+
+
+	<rule from="^http://vetdepot\.com/"
+		to="https://www.vetdepot.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Veterans-Aid.net.xml b/src/chrome/content/rules/Veterans-Aid.net.xml
new file mode 100644
index 000000000000..bdf31cd5f9f0
--- /dev/null
+++ b/src/chrome/content/rules/Veterans-Aid.net.xml
@@ -0,0 +1,21 @@
+<!--
+	Mixed content:
+
+		- Image on www from $self ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="Veterans-Aid.net">
+
+	<target host="veterans-aid.net" />
+	<target host="www.veterans-aid.net" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Veuwer.xml b/src/chrome/content/rules/Veuwer.xml
new file mode 100644
index 000000000000..5fed9d30639c
--- /dev/null
+++ b/src/chrome/content/rules/Veuwer.xml
@@ -0,0 +1,23 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://veuwer.com/ => https://veuwer.com/: (7, 'Failed to connect to veuwer.com port 443: Connection refused')
+Fetch error: http://veuwer.com/ => https://veuwer.com/: (7, 'Failed to connect to veuwer.com port 443: Connection refused')
+Fetch error: http://www.veuwer.com/ => https://veuwer.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+-->
+<ruleset name="Veuwer" default_off="failed ruleset test">
+	<target host=    "veuwer.com" />
+	<target host="www.veuwer.com" />
+
+  	<securecookie host="^veuwer\.com$" name=".+" />
+
+	<!-- follow server's behaviour -->
+	<rule from="^http://www\.veuwer\.com/"
+		to="https://veuwer.com/" />
+
+		<test url="http://veuwer.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Vexxhost.com.xml b/src/chrome/content/rules/Vexxhost.com.xml
new file mode 100644
index 000000000000..abe4b0e1481d
--- /dev/null
+++ b/src/chrome/content/rules/Vexxhost.com.xml
@@ -0,0 +1,26 @@
+<!--
+	CDN buckets:
+
+		- d1nnlln0lciqnu.cloudfront.net
+
+
+	Nonfunctional subdomains:
+
+		- (www.) *
+
+	* 503
+
+-->
+<ruleset name="vexxhost.com (partial)">
+
+	<target host="secure.vexxhost.com" />
+
+
+	<!--	Server doesn't set Secure for:
+						-->
+	<securecookie host="^secure\.vexxhost\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Vhs-lkr-ansbach.de.xml b/src/chrome/content/rules/Vhs-lkr-ansbach.de.xml
new file mode 100644
index 000000000000..7f19e5b5db09
--- /dev/null
+++ b/src/chrome/content/rules/Vhs-lkr-ansbach.de.xml
@@ -0,0 +1,6 @@
+<ruleset name="Vhs-lkr-ansbach.de">
+	<target host="vhs-lkr-ansbach.de" />
+	<target host="www.vhs-lkr-ansbach.de" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ViaForensics.com.xml b/src/chrome/content/rules/ViaForensics.com.xml
index 66f92b7b9589..a69696a53cb8 100644
--- a/src/chrome/content/rules/ViaForensics.com.xml
+++ b/src/chrome/content/rules/ViaForensics.com.xml
@@ -1,14 +1,10 @@
-<!--
-	Note: only RC4 supported
-
--->
 <ruleset name="viaForensics.com">
 
 	<target host="viaforensics.com" />
 	<target host="www.viaforensics.com" />
 
 
-	<rule from="^http://(www\.)?viaforensics\.com/"
-		to="https://$1viaforensics.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/ViaMichelin.com.xml b/src/chrome/content/rules/ViaMichelin.com.xml
new file mode 100644
index 000000000000..fd4f7d2f1a67
--- /dev/null
+++ b/src/chrome/content/rules/ViaMichelin.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Nonfunctional subdomains:
+
+		- (www.) ¹
+		- b2capi ²
+		- m ²
+		- mobile ²
+		- mrest ²
+
+	¹ Shows webservices; mismatched, CN: webservices.viamichelin.com
+	² Dropped
+
+-->
+<ruleset name="ViaMichelin.com (partial)">
+
+	<target host="ccu.viamichelin.com" />
+	<target host="download.viamichelin.com" />
+	<target host="webservices.viamichelin.com" />
+
+
+	<securecookie host="^download\.viamichelin\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ViaVerio.com.xml b/src/chrome/content/rules/ViaVerio.com.xml
deleted file mode 100644
index 82b796827cab..000000000000
--- a/src/chrome/content/rules/ViaVerio.com.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="Viaverio.com">
-  <target host="viaverio.com" />
-  <target host="www.viaverio.com" />
-
-  <rule from="^http://(?:www\.)?viaverio\.com/" to="https://www.viaverio.com/" />
-  <securecookie host="^(.*\.)?viaverio\.com$" name=".*" />
-</ruleset>
diff --git a/src/chrome/content/rules/Viacom.xml b/src/chrome/content/rules/Viacom.xml
index 0a2982689031..0fb14c8a5cb7 100644
--- a/src/chrome/content/rules/Viacom.xml
+++ b/src/chrome/content/rules/Viacom.xml
@@ -1,25 +1,35 @@
-<!--
-	Nonfunctional domains:
-
-		- intl.esperanto.mtvi.com	(Akamai; different data)
-		- gameservices.mtvn.com		(Akamai; 503)
-		- www.viacom.com		(Akamai; 401)
 
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://specials.mtvnn.com/ => https://specials.mtvnn.com/: (60, 'SSL certificate problem: self signed certificate')
+
+	Problematic subdomains (mismatch):
+		- intl.esperanto.mtvi.com
+		- bcgames.mtvnn.com
+		- games.mtvnn.com
+		- hold.mtvnn.com
+		- images.mtvnn.com
+		- ops.mtvnn.com
+		- pm7.mtvnn.com
+		- web1.mtvnn.com
+		- www.viacom.com
+
+	Problematic subdomains (not working):
+		- gameservices.mtvn.com
+		- jerseyshore.mtvnn.com
+		- watasu.mtvnn.com
+		- mtvplay.tv
+		- www.mtvplay.tv
 -->
-<ruleset name="Viacom">
-
+<ruleset name="Viacom" default_off="failed ruleset test">
 	<target host="secure.iphone.mtvn.com" />
-	<target host="*.mtvnn.com" />
+	<target host="api.mtvnn.com" />
+	<target host="specials.mtvnn.com" />
+	<target host="utt.mtvnn.com" />
+	<target host="videos.mtvnn.com" />
 	<target host="btg.mtvnservices.com" />
 
-
-	<rule from="^http://secure\.iphone\.mtvn\.com/"
-		to="https://secure.iphone.mtvn.com/" />
-
-	<rule from="^http://(api|specials|videos)\.mtvnn\.com/"
-		to="https://$1.mtvnn.com/" />
-
-	<rule from="^http://btg\.mtvnservices\.com/"
-		to="https://btg.mtvnservices.com/" />
-
+	<rule from="^http:" to="https:" />
+	<exclusion pattern="http://api.mtvnn.com/v2/mrss" /> <!-- needed for videos to load on http://www.mtv.de/charts/5-hitlist-germany-top-100 -->
+	<test url="http://api.mtvnn.com/v2/mrss" />
 </ruleset>
diff --git a/src/chrome/content/rules/Viaduct.io.xml b/src/chrome/content/rules/Viaduct.io.xml
new file mode 100644
index 000000000000..7172ac9ff817
--- /dev/null
+++ b/src/chrome/content/rules/Viaduct.io.xml
@@ -0,0 +1,39 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.viaduct.io/ => https://www.viaduct.io/: (51, "SSL: no alternative certificate subject name matches target host name 'www.viaduct.io'")
+
+	Insecure cookies are set for these hosts:
+
+		- viaduct.io
+		- my.viaduct.io
+		- status.viaduct.io
+
+-->
+<ruleset name="Viaduct.io" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="viaduct.io" />
+	<target host="blog.viaduct.io" />
+	<target host="cdn.viaduct.io" />
+	<target host="my.viaduct.io" />
+	<target host="status.viaduct.io" />
+	<target host="www.viaduct.io" />
+
+		<test url="http://cdn.viaduct.io/blogs/prism.css" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^viaduct\.io$" name="^_viaduct-website_session$" /-->
+	<!--securecookie host="^my\.viaduct\.io$" name="^(?:_viaduct|browser_id)$" /-->
+	<!--securecookie host="^status\.viaduct\.io$" name="^(?:_staytus_session|browser_id)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Viazul.com.xml b/src/chrome/content/rules/Viazul.com.xml
new file mode 100644
index 000000000000..9063cc0d21ce
--- /dev/null
+++ b/src/chrome/content/rules/Viazul.com.xml
@@ -0,0 +1,15 @@
+<!--
+	Nonfunctional hosts in *.viazul.com:
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Viazul.com">
+	<target host="viazul.com" />
+	<target host="www.viazul.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Viber.xml b/src/chrome/content/rules/Viber.xml
index 0d6cef502265..348508d20086 100644
--- a/src/chrome/content/rules/Viber.xml
+++ b/src/chrome/content/rules/Viber.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://helpme.viber.com/ (200) => https://viber.kayako.com/ (404)
+
 	CDN buckets:
 
 		- kayako.cdn.viber.com
@@ -8,32 +12,77 @@
 		- viber.kayako.com
 
 			- helpme.viber.com
-			- support.viber.com
 
 
-	Problematic sudomains:
+	Nonfunctional hosts in *viber.com;
+
+		- chats ʰ
+		- www.chats ᵈ
+
+	ᵈ Dropped
+	ʰ Redirects to http
+
 
-		- ^		(times out)
+	Problematic hosts in *viber.com:
+
+		- ^ ʳ
 		- kayako.cdn	(cloudfront)
 		- helpme *
-		- support *
 
 	* Shows cishelp.kayako.com; mismatched. CN: *.kayako.com
+	ʳ Refused
+
+
+	Insecure cookies are set for these domains: ᶜ
+
+		- .viber.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="Viber (partial)">
+<ruleset name="Viber.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="account.viber.com" />
+
+	<target host="chats.cdn.viber.com" />
+	<target host="pg-vb.cdn.viber.com" />
+	<target host="share.cdn.viber.com" />
+	<target host="vbd.cdn.viber.com" />
+
+	<target host="support.viber.com" />
+	<target host="www.viber.com" />
+
+		<test url="http://chats.cdn.viber.com/static/20160210113655/images/ddc6272.png" />
+		<test url="http://pg-vb.cdn.viber.com/icons/23983082a01646372324c3bfa57abed85bc4271a5a29523337ef5cc76ed2abb7.jpg" />
+		<test url="http://share.cdn.viber.com/pg_download?id=23983082a01646372324c3bfa57abed85bc4271a5a29523337ef5cc76ed2abb7&amp;filetype=jpg&amp;type=icon" />
+		<test url="http://vbd.cdn.viber.com/sites/default/files/cdn/css/https/css_lhZ2r95cVv6XPZeCq2neqJ2WkJfOx4FGwB5NFslhk94.css" />
 
+	<!--	Complications:
+				-->
 	<target host="viber.com" />
-	<target host="*.viber.com" />
+	<target host="helpme.viber.com" />
 
 
-	<rule from="^http://(?:www\.)?viber\.com/"
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.viber\.com$" name="^language$" /-->
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://viber\.com/"
 		to="https://www.viber.com/" />
 
 	<!--rule from="^http://kayako\.cdn\.viber\.com/"
 		to="https://d2jlvwphuziop7.cloudfront.net/" /-->
 
-	<rule from="^http://(?:helpme|support)\.viber\.com/"
+	<rule from="^http://helpme\.viber\.com/"
 		to="https://viber.kayako.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Vibrant.xml b/src/chrome/content/rules/Vibrant.xml
index 601a18af19d4..c68f76421cdf 100644
--- a/src/chrome/content/rules/Vibrant.xml
+++ b/src/chrome/content/rules/Vibrant.xml
@@ -1,20 +1,23 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://vibrantmedia.com/ => https://vibrantmedia.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
 	Nonfunctional domains:
 
 		- images.intellitxt.com	(Akamai; 504)
 		- *.us.intellitxt.com	(times out; where * is a unique subdomain for each client)
 
 -->
-<ruleset name="Vibrant">
+<ruleset name="Vibrant" default_off="failed ruleset test">
 
 	<target host="vibrantmedia.com" />
 	<target host="www.vibrantmedia.com" />
 
 
-	<securecookie host="^(www\.)?vibrantmedia\.com$" name=".*" />
+	<securecookie host="^(?:www\.)?vibrantmedia\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?vibrantmedia\.com/"
-		to="https://$1vibrantmedia.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Vice-problematic.xml b/src/chrome/content/rules/Vice-problematic.xml
deleted file mode 100644
index a372498d45f9..000000000000
--- a/src/chrome/content/rules/Vice-problematic.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	For rules that are on by default, see Vice.xml.
-
--->
-<ruleset name="Vice (self-signed)" default_off="self-signed">
-
-	<target host="manage.vice.com" />
-
-
-	<securecookie host="^manage\.vice\.com$" name=".*" />
-
-
-	<rule from="^http://manage\.vice\.com/"
-		to="https://manage.vice.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Vice.xml b/src/chrome/content/rules/Vice.xml
index 5783e2e58ec0..3b5f662ff7fc 100644
--- a/src/chrome/content/rules/Vice.xml
+++ b/src/chrome/content/rules/Vice.xml
@@ -1,57 +1,78 @@
 <!--
-	For problematic rules, see Vice-problematic.xml.
+	Other Vice Media rulesets:
 
+		- Motherboard.tv.xml
+		- Noisey.com.xml
+		- viceland.com.xml
 
-	Nonfunctional domains:
 
-		- (www.)noisey.cn
-		- (www.)thecreatorsproject.com	(interrupted)
-		- vice.com			(cert: manage.vice.com, self-signed; 503)
-		- www.vice.com
-		- motherboard.vice.com		(reset)
-		- noisey.vice.com
-		- socials.uk.vice.com		(cert: socials.vice.com; reset)
-		- scs.viceland.com		(shows default plesk page; expired 2010-11-15, self-signed)
+	Non-functional hosts:
 
+		Timeout:
+		- socials.uk.vice.com
 
-	CDN buckets:
+		Certificate mismatched:
+		- link.vice.com
+		- assets.thump.vice.com
 
-		- ec2-184-73-100-150.compute-1.amazonaws.com
-		- d19o6jcqbnxtyy.cloudfront.net
-		- d1qzzfctbfyh6r.cloudfront.net
-		- d1ymkg0yqrfr5q.cloudfront.net
-		- d7qfuicnb8zug.cloudfront.net
-		- dm07ef02yemve.cloudfront.net
-		- dz6snzmhpcl6f.cloudfront.net
-
--->
-<ruleset name="Vice (partial)">
-
-	<target host="*.motherboard.tv" />
-	<target host="assets.noisey.*" />
-	<target host="assets.thecreatorsproject.com" />
-	<target host="*.vice.com" />
 
+	Mixed content:
 
-	<rule from="^https?://assets\.motherboard\.tv/"
-		to="https://dz6snzmhpcl6f.cloudfront.net/" />
+		- Images, on:
 
-	<rule from="^https?://assets2\.motherboard\.tv/"
-		to="https://d7qfuicnb8zug.cloudfront.net/" />
+			- link from media.sailthru.com *
+			- munchies from images *
+			- noisey from assets.noisey.com *
+			- thump from assets.thump *
+			- www from assets *
+			- www from scs-assets.s3.amazonaws.com *
 
-	<rule from="^https?://assets\.noisey\.cn/"
-		to="https://d1ymkg0yqrfr5q.cloudfront.net/" />
+		- Bugs, on:
 
-	<rule from="^https?://assets\.noisey\.com/"
-		to="https://d19o6jcqbnxtyy.cloudfront.net/" />
+			- motherboard from s1.2mdn.net *
+			- motherboard, munchies, noisey, thecreatorsproject, www from b.scorecardresearch.com *
+			- www from platform.tumblr.com *
+			- www from platform.twitter.com *
 
-	<rule from="^https?://assets\.thecreatorsproject\.com/"
-		to="https://dm07ef02yemve.cloudfront.net/" />
-
-	<rule from="^https?://assets\.vice\.com/"
-		to="https://d1qzzfctbfyh6r.cloudfront.net/" />
-
-	<rule from="^http://socials\.vice\.com/"
-		to="https://socials.vice.com/" />
+	* Secured by us
+-->
+<ruleset name="Vice.com (partial)">
+
+	<target host="vice.com" />
+	<target host="www.vice.com" />
+	<test url="http://www.vice.com/stuff" />
+	<target host="assets.vice.com" />
+	<target host="assets2.vice.com" />
+	<target host="assets-news.vice.com" />
+	<target host="assets-sports.vice.com" />
+	<target host="broadly.vice.com" />
+	<target host="embeds.vice.com" />
+	<target host="hbo.vice.com" />
+	<target host="i-d.vice.com" />
+	<target host="i-d-images.vice.com" />
+	<target host="images.vice.com" />
+	<target host="manage.vice.com" />
+	<target host="motherboard.vice.com" />
+	<target host="motherboard-cdn-assets.vice.com" />
+	<target host="motherboard-images.vice.com" />
+	<target host="munchies.vice.com" />
+	<target host="news.vice.com" />
+	<test url="http://news.vice.com/shows" />
+	<target host="news-images.vice.com" />
+	<target host="noisey.vice.com" />
+	<target host="scs-assets-cdn.vice.com" />
+	<target host="shop.vice.com" />
+	<target host="sports.vice.com" />
+	<target host="sports-images.vice.com" />
+	<target host="staging-assets-news.vice.com" />
+	<target host="store.vice.com" />
+	<target host="thecreatorsproject.vice.com" />
+	<target host="thecreatorsproject-images.vice.com" />
+	<target host="thump.vice.com" />
+	<target host="vice-sundry-assets-cdn.vice.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Vichan.net.xml b/src/chrome/content/rules/Vichan.net.xml
new file mode 100644
index 000000000000..4c0a7aa10a76
--- /dev/null
+++ b/src/chrome/content/rules/Vichan.net.xml
@@ -0,0 +1,27 @@
+<!--
+	Problematic subdomains:
+
+		- (www.)? ¹
+		- lt ²
+
+	¹ Expired 2013, mismatched, self-signed
+	² Expired 2014
+
+
+	Fully covered subdomains:
+
+		- au
+		- int
+		- pl
+
+-->
+<ruleset name="vichan.net (partial)">
+
+	<target host="au.vichan.net" />
+	<target host="int.vichan.net" />
+	<target host="pl.vichan.net" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/VicinityRewards.ca.xml b/src/chrome/content/rules/VicinityRewards.ca.xml
new file mode 100644
index 000000000000..8dbb090a3868
--- /dev/null
+++ b/src/chrome/content/rules/VicinityRewards.ca.xml
@@ -0,0 +1,19 @@
+<!--
+	Invalid certificate:
+		- go.vicinityrewards.ca
+		- start.vicinityrewards.ca
+
+	Timed out:
+		- vicinityrewards.ca, equivalent to www.vicinityrewards.ca
+-->
+
+<ruleset name="VicinityRewards.ca.xml">
+	<target host="vicinityrewards.ca" />
+	<target host="www.vicinityrewards.ca" />
+	<target host="dashboard.vicinityrewards.ca" />
+
+	<rule from="^http://vicinityrewards\.ca/"
+		  to="https://www.vicinityrewards.ca/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Victi.ms.xml b/src/chrome/content/rules/Victi.ms.xml
new file mode 100644
index 000000000000..8f9aef9324ec
--- /dev/null
+++ b/src/chrome/content/rules/Victi.ms.xml
@@ -0,0 +1,32 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://victi.ms/ => https://victi.ms/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.victi.ms/ => https://www.victi.ms/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://victi.ms/ => https://victi.ms/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.victi.ms/ => https://www.victi.ms/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+	Problematic subdomains:
+
+		- blog *
+
+	* Mismatched, CN: *.rhcloud.com
+
+-->
+<ruleset name="Victi.ms (partial)" default_off="failed ruleset test">
+
+	<target host="victi.ms" />
+	<target host="www.victi.ms" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?victi\.ms$" name="^(_csrf_token|GEAR|victims)$" /-->
+
+	<securecookie host="^(?:www\.)?victi\.ms$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Victor-Chandler.xml b/src/chrome/content/rules/Victor-Chandler.xml
index 8cfbf469ee84..94a4121fa3fd 100644
--- a/src/chrome/content/rules/Victor-Chandler.xml
+++ b/src/chrome/content/rules/Victor-Chandler.xml
@@ -1,4 +1,12 @@
-<ruleset name="Victor Chandler International">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://vcint.com/ => https://vcint.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://vcint.com/ => https://vcint.com/: (28, 'Connection timed out after 10000 milliseconds')
+-->
+<ruleset name="Victor Chandler International" default_off="failed ruleset test">
 
 	<target host="betvictor.com"/>
 	<target host="www.betvictor.com"/>
@@ -9,8 +17,8 @@
 	<!--	for cross-domain cookie	-->
 	<target host="*.banners.victor.com"/>
 
-	<securecookie host="^(.*\.)?banners\.victor\.com$" name=".*"/>
-	<securecookie host="^webmail\.vcint\.com$" name=".*"/>
+	<securecookie host="^(?:.*\.)?banners\.victor\.com$" name=".+" />
+	<securecookie host="^webmail\.vcint\.com$" name=".+" />
 
 	<rule from="^http://betvictor\.com/"
 		to="https://www.betvictor.com/"/>
diff --git a/src/chrome/content/rules/VictorOps.com.xml b/src/chrome/content/rules/VictorOps.com.xml
new file mode 100644
index 000000000000..6a553635bd96
--- /dev/null
+++ b/src/chrome/content/rules/VictorOps.com.xml
@@ -0,0 +1,21 @@
+<!--
+	Mixed content:
+
+		- Images on ^ from $self *
+
+	* Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="VictorOps.com">
+
+	<target host="victorops.com" />
+	<target host="portal.victorops.com" />
+	<target host="www.victorops.com" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Victorias_Secret.xml b/src/chrome/content/rules/Victorias_Secret.xml
index 40aa88414dca..ec8883cc5837 100644
--- a/src/chrome/content/rules/Victorias_Secret.xml
+++ b/src/chrome/content/rules/Victorias_Secret.xml
@@ -1,35 +1,70 @@
+
 <!--
-	Problematic subdomains:
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Time: 2020-09-25 16:20:22
+ Fetch error: http://espanol.victoriassecret.com// => https://www.victoriassecret.com/: (6, 'Could not resolve host: .victoriassecret.com')
+Fetch error: http://secure.victoriassecret.com/ => https://secure.victoriassecret.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://secure-media.victoriassecret.com/ => https://secure-media.victoriassecret.com/: (6, 'Could not resolve host: secure-media.victoriassecret.com')
+Time: 2020-09-25 16:20:22
+ Fetch error: http://www.victoriassecret.com/ => https://www.victoriassecret.com/: (6, 'Could not resolve host: .victoriassecret.com')
+Time: 2020-09-25 16:20:22
+ Fetch error: http://espanol.victoriassecret.com/ => https://www.victoriassecret.com/: (6, 'Could not resolve host: .victoriassecret.com')
+
+	Victoria's Secret
+
+	Other Victoria's Secret rulesets:
+
 
-		- ^		(akamai)
-		- media		(works; mismatched, CN: secure-media.victoriassecret.com)
-		- vsallaccess	(works; akamai)
-		- www		(mismatched, CN: secure.victoriassecret.com)
 
+	Nonfunctional subdomains:
+
+		- dm ¹
+		- vsallaccess *
+
+	¹ Reset
+	* Shows media
+
+
+	Problematic hosts in *victoriassecret.com:
+
+		- espanol ¹
+		- media		(works; mismatched, CN: secure-media.victoriassecret.com)
 
-	Fully covered subdomains:
+	¹ Mismatched, CN: victoriassecret.com
 
-		- (www.)	(→ secure)
-		- espanol
-		- secure-media
 
+	Insecure cookies are set for these domains and hosts:
 
-	Mixed images from media.
+		- .victoriassecret.com
+		- www.victoriassecret.com
+		- .www.victoriassecret.com
 
 -->
-<ruleset name="Victoria's Secret (partial)">
+<ruleset name="Victorias Secret.com (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="victoriassecret.com" />
-	<target host="*.victoriassecret.com" />
+	<!--target host="dm.victoriassecret.com" /-->
+	<!-- target host="secure.victoriassecret.com" /-->
+	<!-- target host="secure-media.victoriassecret.com" /-->
+	<!-- target host="www.victoriassecret.com" /-->
 
+	<!--	Complications:
+				-->
+	<!-- target host="espanol.victoriassecret.com" /-->
 
-	<securecookie host="^(?:espanol|secure)?\.victoriassecret\.com$" name=".+" />
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.victoriassecret\.com$" name="^(abcTestBucket|di)$" /-->
+	<!--securecookie host="^www\.victoriassecret\.com$" name="^(AOS-[\da-f]{16}-[\da-f]{32}|UID|VSSESSION|X-Mapping-\d+|dcc|vsPopUnder)$" /-->
+	<!--securecookie host="^\.www\.victoriassecret\.com$" name="^dcc$" /-->
 
-	<rule from="^http://(?:secure\.|www\.)?victoriassecret\.com/"
-		to="https://secure.victoriassecret.com/" />
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(espanol|secure-media)\.victoriassecret\.com/"
-		to="https://$1.victoriassecret.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Victorinox.xml b/src/chrome/content/rules/Victorinox.xml
index 07b86cf5a0f8..c01869d26594 100644
--- a/src/chrome/content/rules/Victorinox.xml
+++ b/src/chrome/content/rules/Victorinox.xml
@@ -1,9 +1,72 @@
-<ruleset name="Victorinox">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://images.victorinox.com/ => https://images.victorinox.com/: (6, 'Could not resolve host: images.victorinox.com')
+Fetch error: http://static.victorinox.com/ => https://static.victorinox.com/: (6, 'Could not resolve host: static.victorinox.com')
+
+	Nonfunctional hosts in *victorinox.com:
+
+		- rsrc ᶠ
+
+	ᶠ Handshake fails
+
+
+	Mixed content:
+
+		- Image on www from maps.googleapis.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Victorinox.com (partial)" default_off="failed ruleset test">
+
     <target host="victorinox.com" />
-    <target host="*.victorinox.com" />
+	<target host="assets.victorinox.com" />
+	<target host="images.victorinox.com" />
+	<target host="static.victorinox.com" />
+	<target host="www.victorinox.com" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.victorinox\.com/global/en(?:/Explore/Company/Press-Contacts/cms/press-contacts|/Explore/Company/cms/company|/Products/Apparel/c/FAS|/Service/Corporate-Gifts/cms/service-corporate-gifts|/Service/FAQ/cms/service-faq|/Service/Product-support/cms/product-support|/jobs|/storeFinder)?$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://(?:www\.)?victorinox\.com/(?!/*(?:_ui/static/|global/\w\w/(?:Privacy-Policy/cms/privacy-policy|Service/Contact/cms/contact|login|myVictorinox|register)/*(?:$|\?)))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.victorinox.com/global/en" />
+			<test url="http://www.victorinox.com/global/en/Explore/Company/Press-Contacts/cms/press-contacts" />
+			<test url="http://www.victorinox.com/global/en/Explore/Company/cms/company" />
+			<test url="http://www.victorinox.com/global/en/Products/Apparel/c/FAS" />
+			<test url="http://www.victorinox.com/global/en/Service/Corporate-Gifts/cms/service-corporate-gifts" />
+			<test url="http://www.victorinox.com/global/en/Service/FAQ/cms/service-faq" />
+			<test url="http://www.victorinox.com/global/en/Service/Product-support/cms/product-support" />
+			<test url="http://www.victorinox.com/global/en/jobs" />
+			<test url="http://www.victorinox.com/global/en/storeFinder" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.victorinox.com/_ui/static/media/icons/icon_global.svg" />
+			<test url="http://www.victorinox.com/global/en/Explore/Visit-Us/cms/visit-us" />
+			<test url="http://www.victorinox.com/global/en/Privacy-Policy/cms/privacy-policy" />
+			<test url="http://www.victorinox.com/global/en/Service/Contact/cms/contact" /><!--	mixed image	-->
+			<test url="http://www.victorinox.com/global/en/login" />
+			<test url="http://www.victorinox.com/global/en/myVictorinox" />
+			<test url="http://www.victorinox.com/global/en/register" />
+
+		<test url="http://assets.victorinox.com/_ui/static/media/victorinox-logo.svg" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.victorinox\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^[^.vw]" name=".+" />
+
 
-    <rule from="^https?://victorinox\.com/"
-        to="https://www.victorinox.com/" />
-    <rule from="^https?://(images|static|www\.)?victorinox\.com/"
-        to="https://$1victorinox.com/" />
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Vid.ly.xml b/src/chrome/content/rules/Vid.ly.xml
index b467a21c7e7c..c3655ee24d60 100644
--- a/src/chrome/content/rules/Vid.ly.xml
+++ b/src/chrome/content/rules/Vid.ly.xml
@@ -1,9 +1,42 @@
-<ruleset name="Vid.ly (partial)" default_off="mismatch">
+<!--
+	CDN buckets:
 
+		- d132d9vcg4o0oh.cloudfront.net
+
+			- s
+
+		- d3fenhwk93s16g.cloudfront.net
+
+			- cf.cdn
+
+
+	Nonfunctional subdomains:
+
+		- api *
+
+	* Refused
+
+-->
+<ruleset name="Vid.ly (partial)">
+
+	<target host="vid.ly" />
+	<target host="m.vid.ly" />
+	<target host="www.vid.ly" />
 	<target host="cf.cdn.vid.ly" />
+	<target host="s.vid.ly" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="\.vid\.ly$" name="^vidly_session$" /-->
+
+	<securecookie host="\.vid\.ly$" name=".+" />
+
+
+	<rule from="^http://(?:(m\.)|www\.)?vid\.ly/"
+		to="https://$1vid.ly/" />
 
 
-	<rule from="^http://cf\.cdn\.vid\.ly/"
-		to="https://cf.cdn.vid.ly/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/VidStore.xml b/src/chrome/content/rules/VidStore.xml
index d425fe9a8f8f..62dbf47a1c16 100644
--- a/src/chrome/content/rules/VidStore.xml
+++ b/src/chrome/content/rules/VidStore.xml
@@ -12,7 +12,6 @@
 	<securecookie host="^ads\.vidstore\.com$" name=".+" />
 
 
-	<rule from="^http://ads\.vidstore\.com/"
-		to="https://ads.vidstore.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Vida_y_Salud.com.xml b/src/chrome/content/rules/Vida_y_Salud.com.xml
index 3b1d3682eeaa..60333fc4801d 100644
--- a/src/chrome/content/rules/Vida_y_Salud.com.xml
+++ b/src/chrome/content/rules/Vida_y_Salud.com.xml
@@ -23,4 +23,4 @@
 	<rule from="^http://(?:www\.)?vidaysalud\.com/wp-content/"
 		to="https://www.vidaysalud.com/wp-content/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Vidahost.xml b/src/chrome/content/rules/Vidahost.xml
index 3268cefc159d..4b3d9935b0fe 100644
--- a/src/chrome/content/rules/Vidahost.xml
+++ b/src/chrome/content/rules/Vidahost.xml
@@ -12,13 +12,13 @@
 <ruleset name="Vidahost (partial)">
 
 	<target host="vidahost.com" />
-	<target host="*.vidahost.com" />
+	<target host="my.vidahost.com" />
+	<target host="www.vidahost.com" />
 
 
 	<securecookie host="^(?:my|www)\.vidahost\.com$" name=".+" />
 
 
-	<rule from="^http://(my\.|www\.)?vidahost\.com/"
-		to="https://$1vidahost.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Vidarholen.net.xml b/src/chrome/content/rules/Vidarholen.net.xml
index 7638de732b6f..a5fed4c33cf9 100644
--- a/src/chrome/content/rules/Vidarholen.net.xml
+++ b/src/chrome/content/rules/Vidarholen.net.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(?:www\.)?vidarholen\.net/"
 		to="https://vidarholen.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Vidble.com.xml b/src/chrome/content/rules/Vidble.com.xml
new file mode 100644
index 000000000000..ff5fb76af7b5
--- /dev/null
+++ b/src/chrome/content/rules/Vidble.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- vidble.com
+		- www.vidble.com
+
+-->
+<ruleset name="Vidble.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="vidble.com" />
+	<target host="www.vidble.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?vidble\.com$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^(?:www\.)?vidble\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Viddler.com-mismatches.xml b/src/chrome/content/rules/Viddler.com-mismatches.xml
index 005096f4e33b..902cbc69aac5 100644
--- a/src/chrome/content/rules/Viddler.com-mismatches.xml
+++ b/src/chrome/content/rules/Viddler.com-mismatches.xml
@@ -10,7 +10,6 @@
 	<securecookie host="^blog\.viddler\.com$" name=".+" />
 
 
-	<rule from="^http://blog\.viddler\.com/"
-		to="https://blog.viddler.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Videa.hu.xml b/src/chrome/content/rules/Videa.hu.xml
new file mode 100644
index 000000000000..a2671451070c
--- /dev/null
+++ b/src/chrome/content/rules/Videa.hu.xml
@@ -0,0 +1,15 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.videa.hu/ => https://www.videa.hu/: (51, "SSL: no alternative certificate subject name matches target host name 'www.videa.hu'")
+
+	Assets loaded via HTTP:
+	images (static.origos.hu)
+-->
+<ruleset name="Videa.hu" default_off="failed ruleset test">
+	<target host="www.videa.hu" />
+	<target host="videa.hu" />
+
+	<rule from="^http:"
+		  to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/VideoBloom.com.xml b/src/chrome/content/rules/VideoBloom.com.xml
deleted file mode 100644
index 435b807e0efb..000000000000
--- a/src/chrome/content/rules/VideoBloom.com.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)	(http reply)
-
-
-	Fully covered subdomains:
-
-		- my
-
--->
-<ruleset name="VideoBloom.com (partial)">
-
-	<target host="my.videobloom.com" />
-
-
-	<!--	Is this cookie used on more than my?
-							-->
-	<!--securecookie host="^\.videobloom\.com$" name="SESS\w{32}" /-->
-
-
-	<rule from="^http://my\.videobloom\.com/"
-		to="https://my.videobloom.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/VideoCardz.com.xml b/src/chrome/content/rules/VideoCardz.com.xml
new file mode 100644
index 000000000000..e650b2114387
--- /dev/null
+++ b/src/chrome/content/rules/VideoCardz.com.xml
@@ -0,0 +1,11 @@
+<ruleset name="VideoCardz.com">
+	<target host="videocardz.com" />
+	<target host="www.videocardz.com" />
+	<target host="cdn.videocardz.com" />
+	<target host="forums.videocardz.com" />
+	<target host="static.videocardz.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/VideoGameGeek.com.xml b/src/chrome/content/rules/VideoGameGeek.com.xml
new file mode 100644
index 000000000000..766e06c34b2a
--- /dev/null
+++ b/src/chrome/content/rules/VideoGameGeek.com.xml
@@ -0,0 +1,12 @@
+<!--
+	For other BoardGameGeek coverage, see BoardGameGeek.com.xml.
+-->
+<ruleset name="VideoGameGeek.com">
+	<target host="videogamegeek.com" />
+	<target host="www.videogamegeek.com" />
+
+	<securecookie host="^(\.|www\.)?videogamegeek\.com$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/VideoGold.de.xml b/src/chrome/content/rules/VideoGold.de.xml
new file mode 100644
index 000000000000..426010ae0755
--- /dev/null
+++ b/src/chrome/content/rules/VideoGold.de.xml
@@ -0,0 +1,13 @@
+<ruleset name="VideoGold.de">
+
+	<target host="videogold.de" />
+	<target host="www.videogold.de" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/VideoHub.tv.xml b/src/chrome/content/rules/VideoHub.tv.xml
index 93a73d7e964a..c670066722b4 100644
--- a/src/chrome/content/rules/VideoHub.tv.xml
+++ b/src/chrome/content/rules/VideoHub.tv.xml
@@ -5,25 +5,69 @@
 	Nonfunctional subdomains:
 
 		- (www.)	(refused)
+		- marketplace *
 
+	* Refused
 
-	Fully covered subdomains:
+	Cert mismatch:
 
-		- data
-		- marketplace
-		- portal
-		- publishers
+		- tags.videohub.tv
+		- ads.videohub.tv
+		- dt.videohub.tv
+		- l0.videohub.tv
+		- ads.sc.videohub.tv
+
+	Chain issues:
+		- ads.videohub.tv
+		- app.videohub.tv
+		- dsp.videohub.tv
+		- dsp.iad1.videohub.tv
+		- pixel.videohub.tv
+		- l0-secure.videohub.tv
+		- app.stag.videohub.tv
+		- dsp.stag.videohub.tv
+
+	Timeout:
+		- autodiscover.videohub.tv
+		- dsp3.videohub.tv
+		- data.stag.videohub.tv
+		- dare.videohub.tv
+		- portal.dev.videohub.tv
+		- docs.videohub.tv
+		- portal.stag.videohub.tv
+		- preview.videohub.tv
+		- ads.test.videohub.tv
+		- app.test.videohub.tv
+		- data.test.videohub.tv
+		- dsp.test.videohub.tv
+		- tagvalidator.videohub.tv
+		- portal.test.videohub.tv
+
+	Broken content received:
+		- data.videohub.tv
 
 -->
 <ruleset name="VideoHub.tv (partial)">
 
-	<target host="*.videohub.tv" />
+	<!--	Direct rewrites:
+				-->
+	<target host="ads.videohub.tv" />
+	<target host="ads-secure.videohub.tv" />
+	<target host="cdn-secure.videohub.tv" />
+	<target host="dt.videohub.tv" />
+	<target host="dt-secure.videohub.tv" />
+	<target host="objects-secure.videohub.tv" />
+	<target host="portal.videohub.tv" />
+	<target host="ads.sc.videohub.tv" />
+	<target host="ads-secure.sc.videohub.tv" />
 
+	<securecookie host="^(?:data|\.?portal)\.videohub\.tv$" name=".+" />
 
-	<securecookie host="^(?:data|marketplace|\.?portal)\.videohub\.tv$" name=".+" />
+	<rule from="^http://ads\.sc\.videohub\.tv/" to="https://ads-secure.sc.videohub.tv/" />
 
+	<rule from="^http://(ads|dt)\.videohub\.tv/" to="https://$1-secure.videohub.tv/" />
 
-	<rule from="^http://(data|marketplace|portal|publishers)\.videohub\.tv/"
-		to="https://$1.videohub.tv/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/VideoLAN.org.xml b/src/chrome/content/rules/VideoLAN.org.xml
new file mode 100644
index 000000000000..46ddde5d8b1a
--- /dev/null
+++ b/src/chrome/content/rules/VideoLAN.org.xml
@@ -0,0 +1,79 @@
+<!--
+	Bad gateway:
+		translate.videolan.org
+
+	Invalid certificate:
+		api.addons.videolan.org
+		albiero.videolan.org
+		crash.videolan.org
+		developers.videolan.org
+		freedb.videolan.org
+		ftp.videolan.org
+		goldeneye.videolan.org
+		goldeneye2.videolan.org
+		top-ix.mirror.videolan.org
+		natalya.videolan.org
+		nightly.videolan.org
+		ns0.videolan.org
+		ns1.videolan.org
+		oddjob.videolan.org
+
+	Different content http/https:
+		hg.videolan.org
+		lists.videolan.org
+		mailstats.videolan.org
+
+	Mixed content:
+		planet.videolan.org
+
+	Refused:
+		win.crashes.videolan.org
+
+	Timeout:
+		irc.videolan.org
+-->
+<ruleset name="VideoLAN.org">
+
+	<target host="videolan.org" />
+	<target host="www.videolan.org" />
+	<target host="addons.videolan.org" />
+	<target host="api.addons.videolan.org" />
+	<target host="alerts.videolan.org" />
+	<target host="anonsvn.videolan.org" />
+	<target host="api-addons.videolan.org" />
+	<target host="artifacts.videolan.org" />
+	<target host="code.videolan.org" />
+	<target host="crashes.videolan.org" />
+	<target host="get.dc2.videolan.org" />
+	<target host="get.dc3.videolan.org" />
+	<target host="download.videolan.org" />
+	<target host="downloads.videolan.org" />
+	<target host="fingerprint.videolan.org" />
+	<target host="forum.videolan.org" />
+	<target host="get.videolan.org" />
+	<target host="get-dc2.videolan.org" />
+	<target host="get-dc3.videolan.org" />
+	<target host="git.videolan.org" />
+	<target host="images.videolan.org" />
+	<target host="jenkins.videolan.org" />
+	<target host="mailman.videolan.org" />
+	<target host="mb.videolan.org" />
+	<target host="munin.videolan.org" />
+	<target host="nightlies.videolan.org" />
+	<target host="patches.videolan.org" />
+	<target host="people.videolan.org" />
+	<target host="registry.videolan.org" />
+	<target host="streams.videolan.org" />
+	<target host="svn.videolan.org" />
+	<target host="trac.videolan.org" />
+	<target host="update.videolan.org" />
+	<target host="update-test.videolan.org" />
+	<target host="vdd.videolan.org" />
+	<target host="wiki.videolan.org" />
+	<target host="zorin.videolan.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"	to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/VideoLAN.xml b/src/chrome/content/rules/VideoLAN.xml
deleted file mode 100644
index ea0e538e1310..000000000000
--- a/src/chrome/content/rules/VideoLAN.xml
+++ /dev/null
@@ -1,61 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- albiero *
-		- download **
-		- ganesh **
-		- people *
-		- rsync **
-		- sirius ***
-		- stats **
-		- update **
-		- www2 ***
-
-	* Refused
-	** Shows www
-	*** Images 404
-
-
-	Problematic subdomains:
-
-		- addons	(mismatched, CN: *.opendesktop.org)
-
-
-	Fully covered subdomains:
-
-		- (www.)
-		- forum
-		- get
-		- git
-		- images
-		- images1
-		- mailman
-		- trac
-		- wiki
-		- www1
-
-
-	Wildcard cookies:
-
-		- .forum.videolan.org
-
--->
-<ruleset name="VideoLAN (partial)">
-
-	<target host="videolan.org" />
-	<target host="*.videolan.org" />
-
-
-	<securecookie host="(?:.*\.)?videolan\.org$" name=".+" />
-
-
-	<rule from="^http://((?:forum|get|git|images1?|mailman|trac|wiki|www1?)\.)?videolan\.org/"
-		to="https://$1videolan.org/" />
-
-	<!--	- Show www's data over https
-		- Redirect like so over http
-						-->
-	<rule from="^http://(?:ganesh|rsync|stats)\.videolan\.org/$"
-		to="https://www.videolan.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/VideoPP.com.xml b/src/chrome/content/rules/VideoPP.com.xml
deleted file mode 100644
index 05a93eab287c..000000000000
--- a/src/chrome/content/rules/VideoPP.com.xml
+++ /dev/null
@@ -1,27 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- server3	(403; expired 2012-06-23, self-signed, CN: dummy)
-
-
-	Problematic subdomains:
-
-		- www	(works, cert only matches ^videopp.com)
-
-
-	Mixed images on ^videopp.com from server3
-
--->
-<ruleset name="VideoPP.com (partial)">
-
-	<target host="videopp.com" />
-	<target host="www.videopp.com" />
-
-
-	<securecookie host="^videopp\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?videopp\.com/"
-		to="https://videopp.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/VideoPros.xml b/src/chrome/content/rules/VideoPros.xml
index 04c3202fb8a1..11afe3ad1122 100644
--- a/src/chrome/content/rules/VideoPros.xml
+++ b/src/chrome/content/rules/VideoPros.xml
@@ -1,13 +1,9 @@
 <ruleset name="VideoPros">
-
 	<target host="videopros.com" />
 	<target host="www.videopros.com" />
 
+	<securecookie host=".+" name=".+" />
 
-	<securecookie host="^(?:www\.)?videopros\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?videopros\.com/"
-		to="https://$1videopros.com/" />
-
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Video_Aided_Instruction.xml b/src/chrome/content/rules/Video_Aided_Instruction.xml
index e75d848ef23a..3dc4490bda10 100644
--- a/src/chrome/content/rules/Video_Aided_Instruction.xml
+++ b/src/chrome/content/rules/Video_Aided_Instruction.xml
@@ -13,7 +13,6 @@
 	<securecookie host="^www\.videoaidedinstruction\.com$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?videoaidedinstruction\.com/"
-		to="https://www.videoaidedinstruction.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Video_Dean.xml b/src/chrome/content/rules/Video_Dean.xml
index f3d9016df152..1ed20e7f66b4 100644
--- a/src/chrome/content/rules/Video_Dean.xml
+++ b/src/chrome/content/rules/Video_Dean.xml
@@ -1,13 +1,21 @@
-<ruleset name="Video Dean">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://video-dean.com/ => https://video-dean.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.video-dean.com/ => https://www.video-dean.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://video-dean.com/ => https://video-dean.com/: (51, "SSL: no alternative certificate subject name matches target host name 'video-dean.com'")
+-->
+<ruleset name="Video Dean" default_off="failed ruleset test">
 
 	<target host="video-dean.com" />
-	<target host="*.video-dean.com" />
+	<target host="www.video-dean.com" />
 
 
 	<securecookie host="^(?:www)?\.video-dean\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?video-dean\.com/"
-		to="https://$1video-dean.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Video_Interchange.xml b/src/chrome/content/rules/Video_Interchange.xml
index ad4973005178..88c25ea9f688 100644
--- a/src/chrome/content/rules/Video_Interchange.xml
+++ b/src/chrome/content/rules/Video_Interchange.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(?:www\.)?videointerchange\.com/"
 		to="https://videointerchange.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Videodroid.org.xml b/src/chrome/content/rules/Videodroid.org.xml
new file mode 100644
index 000000000000..06af4c7d2599
--- /dev/null
+++ b/src/chrome/content/rules/Videodroid.org.xml
@@ -0,0 +1,10 @@
+<!--
+	403:
+		- www
+-->
+<ruleset name="Videodroid.org">
+	<target host="videodroid.org" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Videoemail.com.xml b/src/chrome/content/rules/Videoemail.com.xml
new file mode 100644
index 000000000000..1a1409002d49
--- /dev/null
+++ b/src/chrome/content/rules/Videoemail.com.xml
@@ -0,0 +1,19 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://sc.videoemail.com/ => https://sc.videoemail.com/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="Videoemail.com" default_off="failed ruleset test">
+
+	<target host="sc.videoemail.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<securecookie host="^sc\.videoemail\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Videojs.com.xml b/src/chrome/content/rules/Videojs.com.xml
new file mode 100644
index 000000000000..692699d448aa
--- /dev/null
+++ b/src/chrome/content/rules/Videojs.com.xml
@@ -0,0 +1,15 @@
+<!--
+	Invalid certificate:
+		- slack.videojs.com
+		- www1.videojs.com
+		- www2.videojs.com
+-->
+
+<ruleset name="Videojs.com">
+	<target host="videojs.com" />
+	<target host="www.videojs.com" />
+	<target host="blog.videojs.com" />
+	<target host="docs.videojs.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Videolicious.com.xml b/src/chrome/content/rules/Videolicious.com.xml
new file mode 100644
index 000000000000..b692fd832f3a
--- /dev/null
+++ b/src/chrome/content/rules/Videolicious.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- videolicious.com
+
+-->
+<ruleset name="Videolicious.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="videolicious.com" />
+	<target host="www.videolicious.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^videolicious\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^videolicious\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Videoly.co.xml b/src/chrome/content/rules/Videoly.co.xml
new file mode 100644
index 000000000000..63aaae959613
--- /dev/null
+++ b/src/chrome/content/rules/Videoly.co.xml
@@ -0,0 +1,15 @@
+<ruleset name="Videoly.co">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="videoly.co" />
+	<target host="www.videoly.co" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Videoplaza.tv.xml b/src/chrome/content/rules/Videoplaza.tv.xml
new file mode 100644
index 000000000000..5d24f06cd7ef
--- /dev/null
+++ b/src/chrome/content/rules/Videoplaza.tv.xml
@@ -0,0 +1,95 @@
+<!--
+	Cert mismatch:
+		- a.videoplaza.tv
+		- de-ipd.a.videoplaza.tv
+		- nl-sanoma.a.videoplaza.tv
+		- uk-dev-stv.a.videoplaza.tv
+		- (*.)cdn.videoplaza.tv
+		- in-starlive.videoplaza.tv
+		- se-tv4.llnw.videoplaza.tv
+
+-->
+<ruleset name="Videoplaza.tv (partial)">
+
+	<target host="www.videoplaza.tv" />
+
+	<target host="asia-pixelmedia.videoplaza.tv" />
+	<target host="asia-pixelslimited.videoplaza.tv" />
+	<target host="be-rtl.videoplaza.tv" />
+	<target host="bv-eldeber.videoplaza.tv" />
+	<target host="core.videoplaza.tv" />
+	<target host="de-dev-ipd.videoplaza.tv" />
+	<target host="de-ipd.videoplaza.tv" />
+	<target host="de-videovalis.videoplaza.tv" />
+	<target host="dk-berlingske.videoplaza.tv" />
+	<target host="dk-jyllandsposten.videoplaza.tv" />
+	<target host="dk-politiken.videoplaza.tv" />
+	<target host="es-antena3.videoplaza.tv" />
+	<target host="es-aunia.videoplaza.tv" />
+	<target host="es-elconfidencial.videoplaza.tv" />
+	<target host="es-grupogodo.videoplaza.tv" />
+	<target host="es-mediaset.videoplaza.tv" />
+	<target host="es-movistartest.videoplaza.tv" />
+	<target host="es-netsonic.videoplaza.tv" />
+	<target host="es-plus.videoplaza.tv" />
+	<target host="es-spotbid.videoplaza.tv" />
+	<target host="es-suncopperland.videoplaza.tv" />
+	<target host="es-sunicontent.videoplaza.tv" />
+	<target host="es-suntaringa.videoplaza.tv" />
+	<target host="es-vocento.videoplaza.tv" />
+	<target host="fi-mtv.videoplaza.tv" />
+	<target host="fi-mtv3.videoplaza.tv" />
+	<target host="fr-canalplus.videoplaza.tv" />
+	<target host="fr-groupe01.videoplaza.tv" />
+	<target host="fr-m6.videoplaza.tv" />
+	<target host="geo-intermedia.videoplaza.tv" />
+	<target host="hk-nextmedia.videoplaza.tv" />
+	<target host="ie-tv3.videoplaza.tv" />
+	<target host="in-star.videoplaza.tv" />
+	<target host="in-starint.videoplaza.tv" />
+	<target host="in-starlive-preroll.videoplaza.tv" />
+	<target host="in-viacom18.videoplaza.tv" />
+	<target host="mx-sunmedia.videoplaza.tv" />
+	<target host="nl-sanoma.videoplaza.tv" />
+	<target host="nl-sbs.videoplaza.tv" />
+	<target host="no-vg.videoplaza.tv" />
+	<target host="origin.videoplaza.tv" />
+	<target host="pa-tvnpanama.videoplaza.tv" />
+	<target host="proxy.videoplaza.tv" />
+	<target host="pt-controlinveste.videoplaza.tv" />
+	<target host="pulse-demo.videoplaza.tv" />
+	<target host="se-aftonbladet.videoplaza.tv" />
+	<target host="se-mk.videoplaza.tv" />
+	<target host="se-tv4.videoplaza.tv" />
+	<target host="service.videoplaza.tv" />
+	<target host="sg-mediacorp.videoplaza.tv" />
+	<target host="ssp.videoplaza.tv" />
+	<target host="th-nation.videoplaza.tv" />
+	<target host="th-otv.videoplaza.tv" />
+	<target host="tr-vidyoda.videoplaza.tv" />
+	<target host="uk-extreme.videoplaza.tv" />
+	<target host="uk-mhd.videoplaza.tv" />
+	<target host="us-beet.videoplaza.tv" />
+	<target host="us-breitbart.videoplaza.tv" />
+	<target host="us-byu.videoplaza.tv" />
+	<target host="us-byutvi.videoplaza.tv" />
+	<target host="us-defymedia.videoplaza.tv" />
+	<target host="us-haymon.videoplaza.tv" />
+	<target host="us-runnerspace.videoplaza.tv" />
+	<target host="us-theberrics.videoplaza.tv" />
+	<target host="us-theonion.videoplaza.tv" />
+	<target host="us-transportnation.videoplaza.tv" />
+	<target host="us-videum.videoplaza.tv" />
+	<target host="vp.videoplaza.tv" />
+	<target host="fr-groupe01.vp.videoplaza.tv" />
+	<target host="vp-akhilesh.videoplaza.tv" />
+	<target host="vp-federico.videoplaza.tv" />
+	<target host="vp-nabvalue.videoplaza.tv" />
+	<target host="vp-uriel1.videoplaza.tv" />
+	<target host="vp-validation.videoplaza.tv" />
+	<target host="x-traffic-director.videoplaza.tv" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
+
diff --git a/src/chrome/content/rules/Videotron.ca.xml b/src/chrome/content/rules/Videotron.ca.xml
new file mode 100644
index 000000000000..bb88164b2abc
--- /dev/null
+++ b/src/chrome/content/rules/Videotron.ca.xml
@@ -0,0 +1,20 @@
+<!--
+	For other Videotron coverage, see Videotron.com.xml.
+
+-->
+<ruleset name="Videotron.ca (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="courrielweb.videotron.ca" />
+
+
+	<!--	Not secured by server:
+					-->
+	<securecookie host="^courrielweb\.videotron\.ca$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Videotron.com-mixed.xml b/src/chrome/content/rules/Videotron.com-mixed.xml
deleted file mode 100644
index a3ca6c2983be..000000000000
--- a/src/chrome/content/rules/Videotron.com-mixed.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	For rules not causing mixed content, see Videotron.com.xml.
-
-
-	Mixed css & images from static-illicoweb
-
--->
-<ruleset name="Videotron.com (mixed content)" platform="mixedcontent">
-
-	<target host="illicoweb.videotron.com" />
-
-
-	<securecookie host="^illicoweb\.videotron\.com$" name=".+" />
-
-
-	<rule from="^http://illicoweb\.videotron\.com/"
-		to="https://illicoweb.videotron.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Videotron.com.xml b/src/chrome/content/rules/Videotron.com.xml
index ce364faee2bc..f75a13a8c94d 100644
--- a/src/chrome/content/rules/Videotron.com.xml
+++ b/src/chrome/content/rules/Videotron.com.xml
@@ -1,5 +1,7 @@
 <!--
-	For rules causing mixed content, see Videotron.com-mixed.xml.
+	Other Videotron rulesets:
+
+		- Videotron.ca.xml
 
 
 	CDN buckets:
@@ -7,47 +9,72 @@
 		- static-illicoweb.videotron.com.edgesuite.net
 
 
-	Nonfunctional domains:
+	Nonfunctional hosts in *videotron.com:
+
+		- boutiquemobile	(refused)
+		- corpo			(some pages redirect to http, others 404; mismatched, CN: www.videotron.com)
+		- soutien		Handshake fails
+		- static-illicoweb	(redirects to illicoweb, akamai)
 
-		- boutiquemobile.videotron.com		(refused)
-		- corpo.videotron.com			(some pages redirect to http, others 404; mismatched, CN: www.videotron.com)
-		- static-illicoweb.videotron.com	(redirects to illicoweb, akamai)
 
+	^videotron.com: Cert only matches www
 
-	Problematic domains:
 
-		- videotron.com			(cert only matches www)
-		- illicoweb.videotron.com	(mixed css from static-illicoweb)
-		- soutien.videotron.com		(works; mismatched, CN: *.altitude3.net)
+	Insecure cookies are set for these hosts:
 
+		- courrielweb.videotron.com
 
-	Fully covered domains:
 
-		- courrielweb.videotron.ca
-		- clavardage.videotron.com
+	Mixed content:
 
+		- Bug on courrielweb from videotronres.112.2o7.net *
 
-	Some pages redirect to http
+	* Secured by us
 
 -->
 <ruleset name="Videotron.com (partial)">
 
-	<target host="courrielweb.videotron.ca" />
+	<!--	Direct rewrites:
+				-->
+	<target host="clavardage.videotron.com" />
+	<target host="clubillico.videotron.com" />
+	<target host="courrielweb.videotron.com" />
+	<target host="illicoweb.videotron.com" />
+	<target host="www.videotron.com" />
+
+	<!--	Complications:
+				-->
 	<target host="videotron.com" />
-	<target host="*.videotron.com" />
+
+		<!--	Some pages redirect to http.
+							-->
+		<exclusion pattern="^http://www\.videotron\.com/+(?!client/|resources/|vcom/)" />
+
+			<!--	+ve:
+					-->
+
+			<test url="http://www.videotron.com/optimization" />
+			<test url="http://www.videotron.com/residential" />
+			<test url="http://www.videotron.com/residentiel" />
+			<test url="http://www.videotron.com/service/" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.videotron.com/client/residentiel/courrielweb.do" />
+			<test url="http://www.videotron.com/vcom/static/img/logo/videotron-logo-yellow.png" />
 
 
-	<securecookie host="^courrielweb\.videotron\.ca$" name=".+" />
-	<securecookie host="^clavardage\.videotron\.com$" name=".+" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^courrielweb\.videotron\.com$" name="^(?:JROUTE|JSESSIONID)$" /-->
 
+	<securecookie host="^(?:clavardage|courrielweb|illicoweb)\.videotron\.com$" name=".+" />
 
-	<rule from="^http://courrielweb\.videotron\.ca/"
-		to="https://courrielweb.videotron.ca/" />
 
-	<rule from="^http://(?:www\.)?videotron\.com/(client|resources|vcom)/"
-		to="https://www.videotron.com/$1/" />
+	<rule from="^http://videotron\.com/"
+		to="https://www.videotron.com/" />
 
-	<rule from="^http://clavardage\.videotron\.com/"
-		to="https://clavardage.videotron.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Vidi_Emi.xml b/src/chrome/content/rules/Vidi_Emi.xml
index fed5e9a48666..478544401871 100644
--- a/src/chrome/content/rules/Vidi_Emi.xml
+++ b/src/chrome/content/rules/Vidi_Emi.xml
@@ -1,18 +1,21 @@
 <!--
-	Nonfunctional subdomains:
 
-		- (www.)
+	(www.)?vidiemi.com: Refused
 
 -->
-<ruleset name="Vidi Emi (partial)">
+<ruleset name="Vidi Emi.com (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="snap.vidiemi.com" />
 
+		<test url="http://snap.vidiemi.com/veove.aspx?" />
+
 
 	<securecookie host="^snap\.vidiemi\.com$" name=".+" />
 
 
-	<rule from="^http://snap\.vidiemi\.com/"
-		to="https://snap.vidiemi.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Vidplay.net.xml b/src/chrome/content/rules/Vidplay.net.xml
new file mode 100644
index 000000000000..1cc551e48864
--- /dev/null
+++ b/src/chrome/content/rules/Vidplay.net.xml
@@ -0,0 +1,32 @@
+<!--
+	CN: Parallels Panel
+
+
+	www times out over http.
+
+
+	Mixed content:
+
+		- iframe from api.solvemedia.com ¹
+
+		- css from $self ²
+
+		- Images from $self ²
+
+	¹ Unsecurable <= refused
+	² Secured by us
+
+-->
+<ruleset name="vidplay.net" default_off="self-signed">
+
+	<target host="vidplay.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<securecookie host="^\.vidplay\.net$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Vidup.me-falsemixed.xml b/src/chrome/content/rules/Vidup.me-falsemixed.xml
new file mode 100644
index 000000000000..c7042a974764
--- /dev/null
+++ b/src/chrome/content/rules/Vidup.me-falsemixed.xml
@@ -0,0 +1,22 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://beta.vidup.me/ => https://beta.vidup.me/: Too many redirects while fetching 'https://beta.vidup.me/'
+
+	For rules not causing false/broken MCB, see Vidup.me.xml.
+
+-->
+<ruleset name="Vidup.me (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="beta.vidup.me" />
+
+
+	<securecookie host="^\.vidup\.me$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Vidup.me.xml b/src/chrome/content/rules/Vidup.me.xml
new file mode 100644
index 000000000000..b17eece3dd0f
--- /dev/null
+++ b/src/chrome/content/rules/Vidup.me.xml
@@ -0,0 +1,75 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://img.vidup.me/ => https://img.vidup.me/: Too many redirects while fetching 'https://img.vidup.me/'
+Fetch error: http://www.vidup.me/ => https://www.vidup.me/: Too many redirects while fetching 'https://www.vidup.me/'
+Fetch error: http://vidup.me/ => https://www.vidup.me/: Too many redirects while fetching 'https://www.vidup.me/'
+
+	For rules causing false/broken MCB, see Vidup.me-falsemixed.xml.
+
+
+	NB: Tor users cannot view* this website due to CloudFlare settings.
+
+	See:
+
+		- https://blog.torproject.org/blog/call-arms-helping-internet-services-accept-anonymous-users
+		- https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block-Tor-
+		- https://support.cloudflare.com/hc/en-us/articles/200170206-How-do-I-turn-I-m-Under-Attack-mode-on-
+
+	* without enabling javascript, for security and privacy implications see e.g.:
+
+		- https://www.mozilla.org/security/known-vulnerabilities/firefox.html
+		- https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-fingerprinting
+		- https://panopticlick.eff.org
+
+
+	^vidup.me: Refused
+
+
+	Insecure cookies are set for these domains:
+
+		- .vidup.me
+
+
+	Mixed content:
+
+		- css, on:
+
+			- beta from $self *
+			- beta from fonts.googleapis.com *
+
+		- Images, on:
+
+			- beta from $self *
+			- beta from img.vidup.me *
+
+		- Ads on beta from code.theads.me
+
+	* Secured by us
+
+-->
+<ruleset name="Vidup.me (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<!--target host="beta.vidup.me" /-->
+	<target host="img.vidup.me" />
+	<target host="www.vidup.me" />
+
+	<!--	Complications:
+				-->
+	<target host="vidup.me" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.vidup\.me$" name="^(?:__cfduid|cf_clearance|lang)$" /-->
+
+
+	<rule from="^http://vidup\.me/"
+		to="https://www.vidup.me/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Vidyard.xml b/src/chrome/content/rules/Vidyard.xml
index 765751f0fb11..9efbe4ee3cfc 100644
--- a/src/chrome/content/rules/Vidyard.xml
+++ b/src/chrome/content/rules/Vidyard.xml
@@ -1,26 +1,31 @@
 <!--
-	blog is handled in Posterous-clients.xml.
+	Mixed content:
 
+		- css on www from fonts.googleapis.com *
+		- Images on www from $self *
 
-	Problematic subdomains:
-
-		- (www.)	(mismatched, CN: *.heroku.com)
-		- blog		(works, mismatched, CN: *.posterous.com)
+	* Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="Vidyard (partial)">
+<ruleset name="Vidyard.com">
 
 	<target host="vidyard.com" />
-	<target host="*.vidyard.com" />
+	<target host="assets.vidyard.com" />
+	<target host="blog.vidyard.com" />
+	<target host="cdn.vidyard.com" />
+	<target host="embed.vidyard.com" />
+	<target host="play.vidyard.com" />
+	<target host="secure.vidyard.com" />
+	<target host="www.vidyard.com" />
 
+		<test url="http://assets.vidyard.com/assets/manifest_hub_layout_dull_silence-1e0ec1956ccb20340d4be19c984e4dd67fa7338a358ceba81afa464bc9269592.css" />
+		<test url="http://cdn.vidyard.com/thumbnails/custom/68dd6a4a-6853-4f49-adc3-4e7693bea853.jpg" />
 
-	<securecookie host="^seure\.vidyard\.com$" name=".+" />
 
+	<securecookie host="^\w" name=".+" />
 
-	<rule from="^https?://(?:secure\.|www\.)?vidyard\.com/"
-		to="https://secure.vidyard.com/" />
 
-	<rule from="^http://(embed|play)\.vidyard\.com/"
-		to="https://$1.vidyard.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Vie_Pratique.fr.xml b/src/chrome/content/rules/Vie_Pratique.fr.xml
new file mode 100644
index 000000000000..cefc0b624a78
--- /dev/null
+++ b/src/chrome/content/rules/Vie_Pratique.fr.xml
@@ -0,0 +1,53 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://viepratique.fr/ => https://www.viepratique.fr/: Too many redirects while fetching 'https://www.viepratique.fr/'
+
+-->
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://viepratique.fr/ (200) => https://www.viepratique.fr/ (521)
+
+	Nonfunctional subdomains:
+
+		- coffretgourmand *
+
+	* Refused
+
+
+	Problematic subdomains:
+
+		- ^ *
+		- sf1 *
+		- sf2 *
+
+	* "HTTP_NOT_FOUND"
+
+
+	Mixed content:
+
+		- css on gourmand & www from fonts.googleapis.com *
+
+		- Images on gourmand & www from $self & sf[12] *
+
+	* Secured by us
+
+-->
+<ruleset name="Vie Pratique.fr (partial)" default_off="failed ruleset test">
+
+	<target host="viepratique.fr" />
+	<target host="*.viepratique.fr" />
+		<!--exclusion pattern="^http://coffretgourmand\.viepratique\.fr/" /-->
+
+
+	<securecookie host="^(?:gourmand|www)?\.viepratique\.fr$" name=".+" />
+
+
+	<rule from="^http://(?:sf\d\.|www\.)?viepratique\.fr/"
+		to="https://www.viepratique.fr/" />
+
+	<rule from="^http://gourmand\.viepratique\.fr/"
+		to="https://gourmand.viepratique.fr/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Vienna_University_of_Technology.xml b/src/chrome/content/rules/Vienna_University_of_Technology.xml
index 9ce9789c5587..e031500461b6 100644
--- a/src/chrome/content/rules/Vienna_University_of_Technology.xml
+++ b/src/chrome/content/rules/Vienna_University_of_Technology.xml
@@ -32,7 +32,15 @@
 <ruleset name="Vienna University of Technology (partial)">
 
 	<target host="tuwien.ac.at" />
-	<target host="*.tuwien.ac.at" />
+	<target host="www.tuwien.ac.at" />
+	<target host="mail.tuwien.ac.at" />
+	<target host="pop.tuwien.ac.at" />
+	<target host="mail.student.tuwien.ac.at" />
+	<target host="webmail.tuwien.ac.at" />
+	<target host="ui.zid.tuwien.ac.at" />
+	<target host="www.zid.tuwien.ac.at" />
+	<target host="mail.zserv.tuwien.ac.at" />
+	<target host="webstats.zserv.tuwien.ac.at" />
 		<!--exclusion pattern="^http://www\.zid\.tuwien\.ac\.at/(?:$|campussoftware/|impressum/|systempflege/|webmail/)" /-->
 		<!--exclusion pattern="^http://www.zid\.tuwien\.ac\.at/sts/(?:$|\?|it_beratung/|sts/quick_links/)" /-->
 		<exclusion pattern="^http://www.zid\.tuwien\.ac\.at/sts/(?!campussoftware|studentensoftware)" />
@@ -44,7 +52,6 @@
 	<rule from="^http://(?:www\.)?tuwien\.ac\.at/"
 		to="https://www.tuwien.ac.at/" />
 
-	<rule from="^http://(mail|pop|mail\.student|webmail|(?:ui|www)\.zid|(?:mail|webstats)\.zserv)\.tuwien\.ac\.at/"
-		to="https://$1.tuwien.ac.at/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Viestintavirasto.fi.xml b/src/chrome/content/rules/Viestintavirasto.fi.xml
new file mode 100644
index 000000000000..7fa5a10a4855
--- /dev/null
+++ b/src/chrome/content/rules/Viestintavirasto.fi.xml
@@ -0,0 +1,36 @@
+<!--
+	^viestintavirasto.fi: Refused
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.viestintavirasto.fi
+
+-->
+<ruleset name="Viestintavirasto.fi">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.viestintavirasto.fi" />
+
+	<!--	Complications:
+				-->
+	<target host="viestintavirasto.fi" />
+
+		<test url="http://www.viestintavirasto.fi/neta.html.stx?NetaPath=" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.viestintavirasto\.fi$" name="^(?:Neta\.w\.UserId|TS[\da-f]{8}|f5_cspm|viestintavirasto)$" /-->
+
+	<securecookie host="^www\.viestintavirasto\.fi$" name=".+" />
+
+
+	<rule from="^http://viestintavirasto\.fi/"
+		to="https://www.viestintavirasto.fi/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/VieuxBiclou.org.xml b/src/chrome/content/rules/VieuxBiclou.org.xml
new file mode 100644
index 000000000000..79805051ffbc
--- /dev/null
+++ b/src/chrome/content/rules/VieuxBiclou.org.xml
@@ -0,0 +1,25 @@
+<!--
+	Invalid certificate:
+		vieuxbiclou.org
+
+	Mixed content:
+		www.vieuxbiclou.org (from font.googleapis.com and $self)
+
+	Login required:
+		cloud.vieuxbiclou.org
+		galette.vieuxbiclou.org
+		klaxon.vieuxbiclou.org
+
+-->
+<ruleset name="Le Vieux Biclou" platform="mixedcontent">
+
+	<target host="vieuxbiclou.org" />
+	<target host="www.vieuxbiclou.org" />
+
+	<rule from="^http://vieuxbiclou\.org/"
+		to="https://www.vieuxbiclou.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ViewSourceConf.org.xml b/src/chrome/content/rules/ViewSourceConf.org.xml
new file mode 100644
index 000000000000..1f9e6a5db7f5
--- /dev/null
+++ b/src/chrome/content/rules/ViewSourceConf.org.xml
@@ -0,0 +1,9 @@
+<ruleset name="ViewSourceConf.org" >
+	<target host="viewsourceconf.org" />
+	<target host="www.viewsourceconf.org" />
+	<target host="stage.viewsourceconf.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/View_Central.com.xml b/src/chrome/content/rules/View_Central.com.xml
index bef69a913d02..4c523d5aa03d 100644
--- a/src/chrome/content/rules/View_Central.com.xml
+++ b/src/chrome/content/rules/View_Central.com.xml
@@ -1,12 +1,12 @@
 <ruleset name="View Central.com (partial)">
 
-	<target host="*.viewcentral.com" />
+	<target host="admin.viewcentral.com" />
+	<target host="inter.viewcentral.com" />
 
 
 	<securecookie host="^(?:admin|inter)\.viewcentral\.com$" name=".+" />
 
 
-	<rule from="^http://(admin|inter)\.viewcentral\.com/"
-		to="https://$1.viewcentral.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/VigLink.com.xml b/src/chrome/content/rules/VigLink.com.xml
new file mode 100644
index 000000000000..46c65837cf5a
--- /dev/null
+++ b/src/chrome/content/rules/VigLink.com.xml
@@ -0,0 +1,29 @@
+<!--
+	Mismatched:
+		- info (*.pardot.com)
+
+	Self-signed:
+		- blog
+-->
+
+<ruleset name="VigLink.com">
+	<target host="viglink.com" />
+	<target host="www.viglink.com" />
+	<target host="api.viglink.com" />
+	<target host="apicdn.viglink.com" />
+	<target host="blog.viglink.com" />
+	<target host="cdn.viglink.com" />
+	<target host="info.viglink.com" />
+	<target host="publishers.viglink.com" />
+	<target host="redirect.viglink.com" />
+	<target host="support.viglink.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://blog\.viglink\.com/" to="https://www.viglink.com/blog/" />
+
+	<!-- see http://help.pardot.com/customer/portal/articles/2126640-how-to-ssl-enable-http-secure-pardot-urls -->
+	<rule from="^http://info\.viglink\.com/" to="https://go.pardot.com/" />
+
+	<rule from="^http:"	to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/VigLink.xml b/src/chrome/content/rules/VigLink.xml
deleted file mode 100644
index 1f3f891ca997..000000000000
--- a/src/chrome/content/rules/VigLink.xml
+++ /dev/null
@@ -1,34 +0,0 @@
-<!--
-
-	CDN buckets:
-
-		- dp2drdtly304p.cloudfront.net/api/
-			- apicdn.viglink.com
-			- cdn.viglink.com
-
-
-	Nonfunctional subdomains:
-
-		- blog	(ssl_error_rx_record_too_long)
-
--->
-<ruleset name="VigLink">
-
-	<target host="viglink.com" />
-	<target host="*.viglink.com" />
-
-
-	<!--securecookie host="^\.viglink\.com$" name="^vglnk\.Agent\.p$" /-->
-	<securecookie host="^.*\.viglink\.com$" name=".*" />
-
-
-	<rule from="^http://(api\.|www\.)?viglink\.com/"
-		to="https://$1viglink.com/" />
-
-	<rule from="^http://(?:api)?cdn\.viglink\.com/"
-		to="https://dp2drdtly304p.cloudfront.net/" />
-
-        <rule from="^http://support\.viglink\.com/(assets|generated|images|registration|system)/"
-                to="https://viglink.zendesk.com/$1/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/VikingVPN.com.xml b/src/chrome/content/rules/VikingVPN.com.xml
index 39c251e3fbab..2011808cdb68 100644
--- a/src/chrome/content/rules/VikingVPN.com.xml
+++ b/src/chrome/content/rules/VikingVPN.com.xml
@@ -1,36 +1,14 @@
 <!--
-	Problematic subdomains:
-
-		- www	(dropped)
-
-
-	Mixed content:
-
-		- Images on ^ from i.imgur.com *
-
-	* Secured by us
-
+	Mismatched:
+		- www (fixed by this ruleset)
 -->
-<ruleset name="VikingVPN.com">
 
+<ruleset name="VikingVPN.com">
 	<target host="vikingvpn.com" />
 	<target host="www.vikingvpn.com" />
 
+	<securecookie host=".+" name=".+" />
 
-	<securecookie host="^vikingvpn\.com$" name=".+" />
-
-
-	<rule from="^http://vikingvpn\.com/"
-		to="https://vikingvpn.com/" />
-
-	<!--	Server preserves args without paths:
-							-->
-	<rule from="^http://www\.vikingvpn\.com/+(?=\?.+)"
-		to="https://vikingvpn.com/" />
-
-	<!--	But not paths nor args with paths:
-							-->
-	<rule from="^http://www\.vikingvpn\.com/.*"
-		to="https://vikingvpn.com/" />
-
+	<rule from="^http://www\.vikingvpn\.com/" to="https://vikingvpn.com/" />
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Vildling.xml b/src/chrome/content/rules/Vildling.xml
index 0247f7d330ed..2d13f71752eb 100644
--- a/src/chrome/content/rules/Vildling.xml
+++ b/src/chrome/content/rules/Vildling.xml
@@ -1,15 +1,15 @@
-<ruleset name="Vidling" default_off="mismatch">
+<ruleset name="Vidling" default_off="mismatched">
 
 	<!--	Cert: *.heroku.com	-->
 	<target host="vidling.com" />
 	<target host="www.vidling.com" />
 
 
-	<securecookie host="^vidling\.com$" name=".*" />
+	<securecookie host="^vidling\.com$" name=".+" />
 
 
 	<!--	www redirects to !www.	-->
-	<rule from="^https?://(?:www\.)?vidling\.com/"
+	<rule from="^http://(?:www\.)?vidling\.com/"
 		to="https://vidling.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Villa-Saint-Exupery-mismatches.xml b/src/chrome/content/rules/Villa-Saint-Exupery-mismatches.xml
index cdbd9becb9c0..04b468fa4b9b 100644
--- a/src/chrome/content/rules/Villa-Saint-Exupery-mismatches.xml
+++ b/src/chrome/content/rules/Villa-Saint-Exupery-mismatches.xml
@@ -2,13 +2,12 @@
 	For rules that are on by default, see Villa-Saint-Exupery.xml.
 
 -->
-<ruleset name="Villa Saint Exupéry (mismatches)" default_off="mismatch">
+<ruleset name="Villa Saint Exupéry (mismatches)" default_off="mismatched">
 
-	<!--	Cert only matches www.	-->
 	<target host="media.villahostels.com" />
 
 
-	<rule from="^http://media\.villahostels\.com/"
-		to="https://media.villahostels.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Villa-Saint-Exupery.xml b/src/chrome/content/rules/Villa-Saint-Exupery.xml
index 6f927ee995db..a59740a9ec24 100644
--- a/src/chrome/content/rules/Villa-Saint-Exupery.xml
+++ b/src/chrome/content/rules/Villa-Saint-Exupery.xml
@@ -4,17 +4,36 @@
 
 	secure.bookhostels.com/villasaintexupery.com/
 
+
+	Problematic hosts in *villahostels.com:
+
+		- media *
+
+	* Self-signed
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.villahostels.com
+
 -->
 <ruleset name="Villa Saint Exupéry (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="villahostels.com" />
+	<!--target host="media.villahostels.com" /-->
 	<target host="www.villahostels.com" />
 
 
-	<!--	- Cert only matches www
-		- At least some pages redirect to http
+	<!--	Not secured by server:
 					-->
-	<rule from="^https?://(?:www\.)?villahostels\.com/(c-css\.php|images/|themes/|[\w\-]+\.dimg$)"
-		to="https://www.villahostels.com/$1" />
+	<!--securecookie host="^www\.villahostels\.com$" name="^(?:_icl_current_language|PHPSESSID)$" /-->
+
+	<securecookie host="^www\.villahostels\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Villas.com.xml b/src/chrome/content/rules/Villas.com.xml
new file mode 100644
index 000000000000..7e12cdba6a55
--- /dev/null
+++ b/src/chrome/content/rules/Villas.com.xml
@@ -0,0 +1,49 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://r-ec.vcomstatic.com/ => https://r-ec.vcomstatic.com/: (6, 'Could not resolve host: r-ec.vcomstatic.com')
+
+	For other Booking.com coverage, see Booking.com.xml.
+
+
+	Insecure cookies are set for these domains: ᶜ
+
+		- .villas.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Villas.com" default_off="failed ruleset test">
+
+	<target host="villas.com" />
+	<target host="*.villas.com" />
+	<target host="*.vcomstatic.com" />
+
+		<exclusion pattern="^http://(?:[^./]+\.){2,}v(?:comstatic|illas)\.com/" />
+
+			<!--	+ve:
+					-->
+			<test url="http://this.host.villas.com/" />
+			<test url="http://exists.not.villas.com/" />
+			<test url="http://this.host.vcomstatic.com/" />
+			<test url="http://exists.not.vcomstatic.com/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.villas\.com$" name="^bkng$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+		<test url="http://secure.villas.com/" />
+		<test url="http://www.villas.com/" />
+
+		<test url="http://r-ec.vcomstatic.com/" />
+		<test url="http://s-ec.vcomstatic.com/static/img/transparent/85e02501df1560d359a473f544224481a83c9aa7.png" />
+		<test url="http://t-ec.vcomstatic.com/villas/img/dropdown/7287c551b7fa657e8d3a3b7fe1e419679cd605a3.png" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Vim.org.xml b/src/chrome/content/rules/Vim.org.xml
new file mode 100644
index 000000000000..e5dfb3f9ea05
--- /dev/null
+++ b/src/chrome/content/rules/Vim.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="Vim.org (partial)">
+
+	<target host="www.vim.org" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Vimention.com.xml b/src/chrome/content/rules/Vimention.com.xml
deleted file mode 100644
index b914419d9a66..000000000000
--- a/src/chrome/content/rules/Vimention.com.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<ruleset name="Vimention.com (partial)">
-  <target host="vimention.com"/>
-  <target host="www.vimention.com"/>
-  <target host="static.vimention.com"/>
-  <target host="static-eu1.vimention.com"/>
-  <target host="pictures.vimention.com"/>
-  <target host="users.vimention.com"/>
-  <target host="vimention.mobi"/>
-  <target host="www.vimention.mobi"/>
-
-  <rule from="^http://(www\.)?vimention\.com/" to="https://vimention.com/"/>
-  <rule from="^http://(users|pictures|static-eu1|static)\.vimention\.com/" to="https://$1.vimention.com/" />
-  <rule from="^https?://(www\.)?vimention\.mobi/" to="https://m.vimention.com/"/>
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Vimeo.xml b/src/chrome/content/rules/Vimeo.xml
deleted file mode 100644
index b6eaf5563012..000000000000
--- a/src/chrome/content/rules/Vimeo.xml
+++ /dev/null
@@ -1,72 +0,0 @@
-<!--
-	CDN buckets:
-
-		- av.vimeo.com.edgesuite.net
-
-			- a808.g.akamai.net
-
-		- pdl.vimeocdn.com.edgesuite.net
-
-			- a1189.g.akamai.net
-
-
-	Problematic subdomains:
-
-		- av	(pdl.../crossdomain.xml restricts to port 80)
-		- pdl	(works, akamai)
-
-
-	Partially covered subdomains:
-
-		- developer	(some pages redirect to http)
-		- pdl		(→ akamai)
-
-
-	Fully covered subdomains:
-
-		- (www.)
-		- secure
-
-
-Default off per https://trac.torproject.org/projects/tor/ticket/7569 -->
-<ruleset name="Vimeo (default off)" default_off="breaks some video embedding">
-
-	<target host="vimeo.com" />
-	<target host="*.vimeo.com" />
-		<exclusion pattern="^http://av\.vimeo\.com/crossdomain\.xml" />
-		<!--exclusion pattern="^http://developer\.vimeo\.com/($|\?|(apps|guidelines|help|player)($|[?/]))" /-->
-		<exclusion pattern="^http://developer\.vimeo\.com/(?!apis(?:$|[?/])|favicon\.ico)" />
-	<target host="*.vimeocdn.com" />
-		<!--
-			Uses crossdomain.xml from s3.amazonaws.com, which sets secure="false"
-
-				https://mail1.eff.org/pipermail/https-everywhere/2012-October/001583.html
-			-->
-		<exclusion pattern="^http://a\.vimeocdn\.com/p/flash/moogaloop/" />
-
-		<!--	We cannot secure streams because crossdomain.xml
-			restricts to port 80 :(
-						-->
-		<exclusion pattern="^http://pdl\.vimeocdn\.com/(?!crossdomain\.xml)" />
-
-
-	<!--	Tracking cookies:
-					-->
-	<securecookie host="^\.(?:player\.)?vimeo\.com$" name="^__utm\w$" />
-
-
-	<rule from="^http://((?:developer|player|secure|www)\.)?vimeo\.com/"
-		to="https://$1vimeo.com/" />
-
-	<rule from="^http://av\.vimeo\.com/"
-		to="https://a248.e.akamai.net/f/808/9207/8m/av.vimeo.com/" />
-
-	<!--	a & b: Akamai	-->
-	<rule from="^http://(?:secure-)?([ab])\.vimeocdn\.com/"
-		to="https://secure-$1.vimeocdn.com/" />
-
-	<rule from="^http://pdl\.vimeocdn\.com/"
-		to="https://a248.e.akamai.net/f/1189/4415/8d/pdl.vimeocdn.com/" />
-
-</ruleset>
-
diff --git a/src/chrome/content/rules/Vimeo_Pro.com.xml b/src/chrome/content/rules/Vimeo_Pro.com.xml
new file mode 100644
index 000000000000..e75a33fa6c69
--- /dev/null
+++ b/src/chrome/content/rules/Vimeo_Pro.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="Vimeo Pro.com">
+	<target host="vimeopro.com" />
+	<target host="www.vimeopro.com" />
+	<target host="*.vimeocdn.com" />
+		<test url="http://f.vimeocdn.com/fonts/mobile/mobile.woff" />
+		<test url="http://f.vimeocdn.com/styles/css_opt/explore_combined.min.css" />
+		<test url="http://i.vimeocdn.com/portrait/1430976_16x16.jpg" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Vin-DiCarlo.xml b/src/chrome/content/rules/Vin-DiCarlo.xml
index 87c2d92b199d..4ec3ec8943b7 100644
--- a/src/chrome/content/rules/Vin-DiCarlo.xml
+++ b/src/chrome/content/rules/Vin-DiCarlo.xml
@@ -1,11 +1,11 @@
-<ruleset name="Vin DiCarlo (partial)" platform="mixedcontent">
+<ruleset name="Vin DiCarlo (partial)" default_off="redirects to http">
 
 	<target host="3questionsgetthegirl.com"/>
-	<target host="*.3questionsgetthegirl.com"/>
+	<target host="www.3questionsgetthegirl.com"/>
 
-	<securecookie host="^(.*\.)?3questionsgetthegirl\.com$" name=".*"/>
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(?:www\.)?(secure\.)?3questionsgetthegirl\.com/"
-		to="https://$13questionsgetthegirl.com/"/>
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Vindico.com.xml b/src/chrome/content/rules/Vindico.com.xml
new file mode 100644
index 000000000000..1c5212d436d4
--- /dev/null
+++ b/src/chrome/content/rules/Vindico.com.xml
@@ -0,0 +1,32 @@
+<!--
+	Other Vindico rulesets:
+
+		- Vindico_suite.com.xml
+
+
+	CN: *.gridserver.com
+
+
+	Mixed content:
+
+		- Video from $self *
+
+		- Flash from releases.flowplayer.org *
+
+		- css from $self *
+
+		- Image from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Vindico.com" default_off="mismatched">
+
+	<target host="vindico.com" />
+	<target host="www.vindico.com" />
+
+
+	<rule from="^http://(?:www\.)?vindico\.com/"
+		to="https://vindico.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Vindico_suite.com.xml b/src/chrome/content/rules/Vindico_suite.com.xml
new file mode 100644
index 000000000000..8d9b94408bbe
--- /dev/null
+++ b/src/chrome/content/rules/Vindico_suite.com.xml
@@ -0,0 +1,34 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.vindicosuite.com/ => https://www.vindicosuite.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+	For other Vindico coverage, see Vindico.com.xml.
+
+
+	^vindicosuite.com doesn't exist.
+
+
+	Insecure cookies are set for these domains:
+
+		- .vindicosuite.com
+
+-->
+<ruleset name="Vindico suite.com" default_off="failed ruleset test">
+
+	<target host="mpp.vindicosuite.com" />
+	<target host="mpp2.vindicosuite.com" />
+	<target host="www.vindicosuite.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.vindicosuite\.com$" name="^ug$" /-->
+
+	<securecookie host="^\.vindicosuite\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Vine.co.xml b/src/chrome/content/rules/Vine.co.xml
new file mode 100644
index 000000000000..a445029a566f
--- /dev/null
+++ b/src/chrome/content/rules/Vine.co.xml
@@ -0,0 +1,34 @@
+<!--
+	For other Twitter coverage, see Twitter.xml.
+
+
+	Nonfunctional hosts in *vine.co:
+
+		- blog *
+		- engineering *
+
+	* Tumblr
+
+
+	Fully covered hosts in *vine.co:
+
+		- (www.)?
+		- mtc.cdn
+		- v.cdn
+
+-->
+<ruleset name="Vine.co (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="vine.co" />
+	<target host="mtc.cdn.vine.co" />
+	<target host="platform.vine.co" />
+	<target host="v.cdn.vine.co" />
+	<target host="www.vine.co" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Vineyard_Vines.com.xml b/src/chrome/content/rules/Vineyard_Vines.com.xml
new file mode 100644
index 000000000000..e8fff37bf6ff
--- /dev/null
+++ b/src/chrome/content/rules/Vineyard_Vines.com.xml
@@ -0,0 +1,57 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://m.vineyardvines.com/ => https://m.vineyardvines.com/: (51, "SSL: no alternative certificate subject name matches target host name 'm.vineyardvines.com'")
+
+	Problematic hosts in *vineyardvines.com:
+
+		- ^ *
+
+	* Mismatched
+
+
+	Fully covered hosts in *vineyardvines.com:
+
+		- (www.)?	(^ → www)
+		- m
+
+
+	Insecure cookies are set for these hosts:
+
+		- m.vineyardvines.com
+		- www.vineyardvines.com
+
+
+	Mixed content:
+
+		- Images on www from demandware.edgesuite.net *
+
+	* Secured by us
+
+-->
+<ruleset name="Vineyard Vines.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="m.vineyardvines.com" />
+	<target host="www.vineyardvines.com" />
+
+	<!--	Complications:
+				-->
+	<target host="vineyardvines.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(m|www)\.vineyardvines\.com$" name="^(dwac_[\da-zA-Z]+|dwanonymous_[\da-f]{32}|dwpersonalization_[\da-f]{32}|dwsid|sid)$" /-->
+
+	<securecookie host="^(?:m|www)\.vineyardvines\.com$" name=".+" />
+
+
+	<rule from="^http://vineyardvines\.com/"
+		to="https://www.vineyardvines.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Vinilox.eu.xml b/src/chrome/content/rules/Vinilox.eu.xml
new file mode 100644
index 000000000000..ab84994ccd69
--- /dev/null
+++ b/src/chrome/content/rules/Vinilox.eu.xml
@@ -0,0 +1,45 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://vinilox.eu/ => https://vinilox.eu/: (51, "SSL: no alternative certificate subject name matches target host name 'wiki.vinilox.eu'")
+Fetch error: http://conference.vinilox.eu/ => https://conference.vinilox.eu/: (51, "SSL: no alternative certificate subject name matches target host name 'wiki.vinilox.eu'")
+Fetch error: http://wiki.vinilox.eu/ => https://wiki.vinilox.eu/: (51, "SSL: no alternative certificate subject name matches target host name 'wiki.vinilox.eu'")
+
+	Non-functional hosts
+		Timeout was reached:
+			 - upload.vinilox.eu
+
+		SSL peer certificate was not OK:
+			 - anacreon.vinilox.eu
+			 - blog.vinilox.eu
+			 - demeter.vinilox.eu
+			 - galacticnova.vinilox.eu
+			 - irc.vinilox.eu
+			 - kitscolaire.vinilox.eu
+			 - micro.vinilox.eu
+			 - phpmyadmin.vinilox.eu
+			 - pubsub.vinilox.eu
+			 - s.vinilox.eu
+			 - stats.vinilox.eu
+			 - status.vinilox.eu
+			 - wallabag.vinilox.eu
+			 - webmail.vinilox.eu
+
+		Incomplete certificate chain error:
+			 - paste.vinilox.eu
+
+		4xx client error:
+			 - mail.vinilox.eu
+-->
+<ruleset name="Vinilox.eu" default_off="failed ruleset test">
+	<target host="vinilox.eu" />
+	<target host="cloud.vinilox.eu" />
+	<target host="conference.vinilox.eu" />
+	<target host="git.vinilox.eu" />
+	<target host="home.vinilox.eu" />
+	<target host="jasonyx.vinilox.eu" />
+	<target host="munin.vinilox.eu" />
+	<target host="wiki.vinilox.eu" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/VintageCellars.com.au.xml b/src/chrome/content/rules/VintageCellars.com.au.xml
new file mode 100644
index 000000000000..8b8df60c56d0
--- /dev/null
+++ b/src/chrome/content/rules/VintageCellars.com.au.xml
@@ -0,0 +1,23 @@
+<!--
+	For other Coles coverage, see Coles.com.au.xml
+
+
+	Non-functional subdomains:
+		- beta		(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Vintage Cellars">
+
+	<target host="vintagecellars.com.au" />
+	<target host="www.vintagecellars.com.au" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Vinumeris.com.xml b/src/chrome/content/rules/Vinumeris.com.xml
new file mode 100644
index 000000000000..df7c2b5af6fa
--- /dev/null
+++ b/src/chrome/content/rules/Vinumeris.com.xml
@@ -0,0 +1,31 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://vinumeris.com/ => https://vinumeris.com/: (7, 'Failed to connect to vinumeris.com port 443: Connection refused')
+Fetch error: http://www.vinumeris.com/ => https://www.vinumeris.com/: (7, 'Failed to connect to www.vinumeris.com port 443: Connection refused')
+
+	Insecure cookies are set for these hosts:
+
+		- vinumeris.com
+		- www.vinumeris.com
+
+-->
+<ruleset name="Vinumeris.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="vinumeris.com" />
+	<target host="www.vinumeris.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?vinumeris\.com$" name="^NINJA_FLASH$" /-->
+
+	<securecookie host="^(?:www\.)?vinumeris\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Vinuthomas.com.xml b/src/chrome/content/rules/Vinuthomas.com.xml
index 39acb966f6dd..68238c81ab64 100644
--- a/src/chrome/content/rules/Vinuthomas.com.xml
+++ b/src/chrome/content/rules/Vinuthomas.com.xml
@@ -1,10 +1,9 @@
-<ruleset name="vinuthomas.com (partial)" default_off="mismatch">
+<ruleset name="vinuthomas.com (partial)" default_off="mismatched">
 
 	<!--	Cert: *.server275.com	-->
 	<target host="blogs.vinuthomas.com" />
 
 
-	<rule from="^http://blogs\.vinuthomas\.com/"
-		to="https://blogs.vinuthomas.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Vinyl-on-demand.com.xml b/src/chrome/content/rules/Vinyl-on-demand.com.xml
new file mode 100644
index 000000000000..a47191445973
--- /dev/null
+++ b/src/chrome/content/rules/Vinyl-on-demand.com.xml
@@ -0,0 +1,15 @@
+<!--
+	Nonfunctional hosts in *.vinyl-on-demand.com:
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Vinyl-on-demand.com">
+	<target host="vinyl-on-demand.com" />
+	<target host="www.vinyl-on-demand.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Violet_Darkling.com.xml b/src/chrome/content/rules/Violet_Darkling.com.xml
index bebd492ee86f..b8dee00ef730 100644
--- a/src/chrome/content/rules/Violet_Darkling.com.xml
+++ b/src/chrome/content/rules/Violet_Darkling.com.xml
@@ -1,13 +1,19 @@
-<ruleset name="Violet Darkling.com">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://violetdarkling.com/ => https://violetdarkling.com/: (7, 'Failed to connect to violetdarkling.com port 443: Connection refused')
+Fetch error: http://www.violetdarkling.com/ => https://www.violetdarkling.com/: (7, 'Failed to connect to www.violetdarkling.com port 443: Connection refused')
+
+-->
+<ruleset name="Violet Darkling.com" default_off="failed ruleset test">
 
 	<target host="violetdarkling.com" />
-	<target host="*.violetdarkling.com" />
+	<target host="www.violetdarkling.com" />
 
 
 	<securecookie host="^\.(?:www\.)?violetdarkling\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?violetdarkling\.com/"
-		to="https://$1violetdarkling.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Violet_Indigo.xml b/src/chrome/content/rules/Violet_Indigo.xml
index ce2148889fb9..0978c53e849b 100644
--- a/src/chrome/content/rules/Violet_Indigo.xml
+++ b/src/chrome/content/rules/Violet_Indigo.xml
@@ -7,13 +7,15 @@
 <ruleset name="Violet Indigo">
 
 	<target host="violetindigo.com.au" />
-	<target host="*.violetindigo.com.au" />
+	<target host="static.violetindigo.com.au" />
+	<target host="static2.violetindigo.com.au" />
+	<target host="www.violetindigo.com.au" />
 
 
 	<securecookie host="^(?:www)?\.violetindigo\.com\.au$" name=".+" />
 
 
-	<rule from="^https?://(?:static2?\.|(www\.))?violetindigo\.com\.au/"
+	<rule from="^http://(?:static2?\.|(www\.))?violetindigo\.com\.au/"
 		to="https://$1violetindigo.com.au/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/VipCell.xml b/src/chrome/content/rules/VipCell.xml
deleted file mode 100644
index e57a5e679295..000000000000
--- a/src/chrome/content/rules/VipCell.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="VipCell">
-
-	<target host="vipcell.com.tr" />
-	<target host="www.vipcell.com.tr" />
-
-
-	<securecookie host="^(www\.)?vipcell\.com\.tr$" name=".*" />
-
-
-	<rule from="^http://(www\.)?vipcell\.com\.tr/"
-		to="https://www.vipcell.com.tr/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/VipMobile.rs.xml b/src/chrome/content/rules/VipMobile.rs.xml
new file mode 100644
index 000000000000..dcc598a97aa2
--- /dev/null
+++ b/src/chrome/content/rules/VipMobile.rs.xml
@@ -0,0 +1,14 @@
+<!--
+	Incomplete certificate chain:
+		- cdn
+-->
+<ruleset name="VipMobile.rs (partial)">
+	<target host="vipmobile.rs" />
+	<target host="www.vipmobile.rs" />
+	<target host="automanager.vipmobile.rs" />
+	<target host="asmp.vipmobile.rs" />
+	<target host="drugeprice.vipmobile.rs" />
+	<target host="vipdrop.vipmobile.rs" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/VipVPN.com.xml b/src/chrome/content/rules/VipVPN.com.xml
deleted file mode 100644
index 448c84f58d93..000000000000
--- a/src/chrome/content/rules/VipVPN.com.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	Expired 2012-11-30
-
--->
-<ruleset name="VipVPN.com" default_off="expired">
-
-	<target host="vipvpn.com" />
-	<target host="www.vipvpn.com" />
-
-
-	<securecookie host="^vipvpn\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?vipvpn\.com/"
-		to="https://vipvpn.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Vippy.co.xml b/src/chrome/content/rules/Vippy.co.xml
index 7ebcb951ee56..8d2fcb296f88 100644
--- a/src/chrome/content/rules/Vippy.co.xml
+++ b/src/chrome/content/rules/Vippy.co.xml
@@ -27,7 +27,11 @@
 <ruleset name="Vippy.co">
 
 	<target host="vippy.co" />
-	<target host="*.vippy.co" />
+	<target host="www.vippy.co" />
+	<target host="cdn1.vippy.co" />
+	<target host="cdn2.vippy.co" />
+	<target host="cdn3.vippy.co" />
+	<target host="cdn4.vippy.co" />
 
 
 	<securecookie host="^\.?vippy\.co$" name=".+" />
@@ -48,4 +52,4 @@
 	<rule from="^http://cdn4\.vippy\.co/"
 		to="https://dfe23o0oezpl4.cloudfront.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/VirWoX.com.xml b/src/chrome/content/rules/VirWoX.com.xml
new file mode 100644
index 000000000000..62e9012ce983
--- /dev/null
+++ b/src/chrome/content/rules/VirWoX.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="VirWoX.com">
+
+	<target host="virwox.com" />
+	<target host="www.virwox.com" />
+
+
+	<securecookie host="^(?:www\.)?virwox\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Virag.si.xml b/src/chrome/content/rules/Virag.si.xml
new file mode 100644
index 000000000000..422d421c3a40
--- /dev/null
+++ b/src/chrome/content/rules/Virag.si.xml
@@ -0,0 +1,15 @@
+<ruleset name="Virag.si">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="virag.si" />
+	<target host="www.virag.si" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Vircurex.com.xml b/src/chrome/content/rules/Vircurex.com.xml
new file mode 100644
index 000000000000..3c8ba7a21006
--- /dev/null
+++ b/src/chrome/content/rules/Vircurex.com.xml
@@ -0,0 +1,28 @@
+<!--
+	Insecure cookies are set for these domains and hosts:
+
+		- vircurex.com
+		- .vircurex.com
+		- www.vircurex.com
+
+-->
+<ruleset name="Vircurex.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="vircurex.com" />
+	<target host="www.vircurex.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?vircurex\.com$" name="^\w\d+session$" /-->
+	<!--securecookie host="^\.vircurex\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^(?:\.|www\.)?vircurex\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Virgin-mismatches.xml b/src/chrome/content/rules/Virgin-mismatches.xml
index c1565fc4e4e5..8f5de9b33d60 100644
--- a/src/chrome/content/rules/Virgin-mismatches.xml
+++ b/src/chrome/content/rules/Virgin-mismatches.xml
@@ -5,7 +5,7 @@
 		- VirginMobile.xml
 
 -->
-<ruleset name="Virgin (mismatches)" default_off="mismatch">
+<ruleset name="Virgin (mismatches)" default_off="mismatched">
 
 
 	<target host="answers.virginmobileusa.com" />
@@ -17,7 +17,6 @@
 		  has an invalid cert too.
 		- Ditto for virginmobileusa.ugc.bazaarvoice.com
 						-->
-	<rule from="^http://(answer|review)s\.virginmobileusa\.com/"
-		to="https://$1s.virginmobileusa.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/VirginAustralia.xml b/src/chrome/content/rules/VirginAustralia.xml
index c782f534175f..f2fa04cd6c20 100644
--- a/src/chrome/content/rules/VirginAustralia.xml
+++ b/src/chrome/content/rules/VirginAustralia.xml
@@ -1,9 +1,135 @@
+<!--
+	Other Virgin Australia rulesets:
+		- VelocityFrequentFlyer.com.xml
+
+	Nonfunctional subdomains:
+
+		- agent		(HTTP 503 error)
+		- agents		(HTTP 503 error)
+		- cert.agents		(HTTP 403 error)
+		- av		(SSL handshake failed)
+		- aviatorsclub		(m)
+		- aviatorsclub		(m)
+		- conf		(SSL connection error)
+		- connect	(m)
+		- corporate	(t)
+		- m.e	(m)
+		- t.e	(m)
+		- flightchanges		(m)
+		- cert.fly		(SSL connection error)
+		- fs.gtmns		(m)
+		- hbaportal.gtmns	(m)
+		- lyncweb.gtmns		(m)
+		- gtmns1	(t)
+		- gtmns2	(t)
+		- hermeswebmessenger	(t)
+		- hire-cars	(connection error)
+		- hotels	(m)
+		- ved.iseek	(t)
+		- learningedge	(t)
+		- meet	(t)
+		- nanalytics		(m)
+		- newsroom		(m)
+		- northernterritory	(e)
+		- northernterritory-prd		(m)
+		- ns1		(t)
+		- ns1		(t)
+		- ourexperience		(e)
+		- prp	(t)
+		- sentry	(SSL handshake failed)
+		- services-mssl	(SSL handshake failed)
+		- sts	(t)
+		- tasmania		(m)
+		- webapp	(SSL connection error)
+		- ws	(t)
+		- wwww		(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
 <ruleset name="Virgin Australia">
-  <target host="virginaustralia.com" />
-  <target host="*.virginaustralia.com" />
-
-  <rule from="^http://virginaustralia\.com/"
-          to="https://www.virginaustralia.com/" />
-  <rule from="^http://(insurance|www)\.virginaustralia\.com/"
-          to="https://$1.virginaustralia.com/" />
-</ruleset>
\ No newline at end of file
+	<target host="virginaustralia.com" />
+	<target host="www.virginaustralia.com" />
+	<target host="access.virginaustralia.com" />
+	<target host="activate.virginaustralia.com" />
+	<target host="agency.virginaustralia.com" />
+	<target host="analytics.virginaustralia.com" />
+	<target host="apps.virginaustralia.com" />
+	<target host="apps-test.virginaustralia.com" />
+	<target host="as.virginaustralia.com" />
+	<target host="autodiscover.virginaustralia.com" />
+	<target host="blog.virginaustralia.com" />
+	<target host="businesslogin.virginaustralia.com" />
+	<target host="businesslogintest.virginaustralia.com" />
+	<target host="cap.virginaustralia.com" />
+	<target host="cartrawler.virginaustralia.com" />
+	<target host="charter.virginaustralia.com" />
+	<target host="check-in.virginaustralia.com" />
+	<target host="check-testin.virginaustralia.com" />
+	<target host="checkin.virginaustralia.com" />
+	<target host="club.virginaustralia.com" />
+	<target host="club-test.virginaustralia.com" />
+	<target host="connected.virginaustralia.com" />
+	<target host="covermore.virginaustralia.com" />
+	<target host="developer.virginaustralia.com" />
+	<target host="dialin.virginaustralia.com" />
+	<target host="flights.virginaustralia.com" />
+	<target host="flightstatus.virginaustralia.com" />
+	<target host="fly.virginaustralia.com" />
+	<target host="cn.fly.virginaustralia.com" />
+	<target host="zh.fly.virginaustralia.com" />
+	<target host="fs.virginaustralia.com" />
+	<target host="gso.virginaustralia.com" />
+	<target host="happyhour.virginaustralia.com" />
+	<target host="happyhour-test.virginaustralia.com" />
+	<target host="idp.virginaustralia.com" />
+	<target host="img.virginaustralia.com" />
+	<target host="info.virginaustralia.com" />
+	<target host="intranet.virginaustralia.com" />
+	<target host="intranet-test.virginaustralia.com" />
+	<target host="login.virginaustralia.com" />
+	<target host="lyncdiscover.virginaustralia.com" />
+	<target host="lyncweb.virginaustralia.com" />
+	<target host="mail.virginaustralia.com" />
+	<target host="mail2.virginaustralia.com" />
+	<target host="mdm.virginaustralia.com" />
+	<target host="mobile.virginaustralia.com" />
+	<target host="mobile-test.virginaustralia.com" />
+	<target host="mysterybreaks.virginaustralia.com" />
+	<target host="portal.virginaustralia.com" />
+	<target host="publications.virginaustralia.com" />
+	<target host="reservations.virginaustralia.com" />
+	<target host="services.virginaustralia.com" />
+	<target host="services-prodsupport.virginaustralia.com" />
+	<target host="sharepoint.virginaustralia.com" />
+	<target host="sip.virginaustralia.com" />
+	<target host="smtp.virginaustralia.com" />
+	<target host="soaing.virginaustralia.com" />
+	<target host="soatest1.virginaustralia.com" />
+	<target host="soatest1-mssl.virginaustralia.com" />
+	<target host="soatest2.virginaustralia.com" />
+	<target host="soatst4.virginaustralia.com" />
+	<target host="specials.virginaustralia.com" />
+	<target host="specials-test.virginaustralia.com" />
+	<target host="sso.virginaustralia.com" />
+	<target host="subscribers.virginaustralia.com" />
+	<target host="travel.virginaustralia.com" />
+	<target host="travelbank.virginaustralia.com" />
+	<target host="vaffa.virginaustralia.com" />
+	<target host="vaffa-test.virginaustralia.com" />
+	<target host="videos.virginaustralia.com" />
+	<target host="www-test.virginaustralia.com" />
+
+	<target host="va.aero" />
+
+	<securecookie host="^www\.virginaustralia\.com$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/VirginMobile.xml b/src/chrome/content/rules/VirginMobile.xml
index bf57abc746fb..fbed419a08ec 100644
--- a/src/chrome/content/rules/VirginMobile.xml
+++ b/src/chrome/content/rules/VirginMobile.xml
@@ -13,17 +13,22 @@
 <ruleset name="Virgin Mobile">
 
 	<target host="virginmobileusa.com" />
-	<target host="*.virginmobileusa.com" />
+	<target host="www.virginmobileusa.com" />
+	<target host="www1.virginmobileusa.com" />
+	<target host="espanol.virginmobileusa.com" />
+	<target host="origin-www-ls.virginmobileusa.com" />
+	<target host="shop.virginmobileusa.com" />
+	<target host="newsroom.virginmobileusa.com" />
 	<target host="www.virginmobile.com.au" />
 
 
-	<securecookie host="^.*\.virginmobileusa\.com$" name=".*" />
+	<securecookie host="^.*\.virginmobileusa\.com$" name=".+" />
 
 
 	<!--	- !www cert: origin-www-ls
 		- !www redirects to www over http
 							-->
-	<rule from="^https?://(?:www(1)?\.)?virginmobileusa\.com/"
+	<rule from="^http://(?:www(1)?\.)?virginmobileusa\.com/"
 		to="https://www$1.virginmobileusa.com/" />
 
 	<rule from="^http://(espanol|origin-www-ls|shop)\.virginmobileusa\.com/"
@@ -32,7 +37,7 @@
 	<!--	- At least some pages redirect back from virginmobileusa.newshq.businesswire.com
 		- At least some pages redirect to http from https
 						-->
-	<rule from="^https?://newsroom\.virginmobileusa\.com/sites/"
+	<rule from="^http://newsroom\.virginmobileusa\.com/sites/"
 		to="https://virginmobileusa.newshq.businesswire.com/sites/" />
 
 	<rule from="^http://www\.virginmobile\.com\.au/"
diff --git a/src/chrome/content/rules/Virgin_Media.com.xml b/src/chrome/content/rules/Virgin_Media.com.xml
index d2c16caf4c84..64e8a1080ceb 100644
--- a/src/chrome/content/rules/Virgin_Media.com.xml
+++ b/src/chrome/content/rules/Virgin_Media.com.xml
@@ -1,55 +1,158 @@
-<!--
-	Nonfunctional subdomains:
-
-		- anywhere	(refused)
-
-
-	Problematic subdomains:
-
-		- ^			(cert only matches www)
-		- static-content	(refused)
 
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://national.virginmedia.com/ => https://national.virginmedia.com/: (28, 'Connection timed out after 20010 milliseconds')
+Fetch error: http://allyours.virginmedia.com/ => https://allyours.virginmedia.com/: Too many redirects while fetching 'https://allyours.virginmedia.com/'
+Fetch error: http://checkout.virginmedia.com/ => https://checkout.virginmedia.com/: Too many redirects while fetching 'https://checkout.virginmedia.com/'
+Fetch error: http://keepup.virginmedia.com/ => https://keepup.virginmedia.com/: Too many redirects while fetching 'https://keepup.virginmedia.com/'
+Fetch error: http://mobilebill.virginmedia.com/ => https://mobilebill.virginmedia.com/: Too many redirects while fetching 'https://mobilebill.virginmedia.com/'
+Fetch error: http://onlinemovies.virginmedia.com/ => https://onlinemovies.virginmedia.com/: (6, 'Could not resolve host: onlinemovies.virginmedia.com')
+Fetch error: http://store.virginmedia.com/ => https://store.virginmedia.com/: Too many redirects while fetching 'https://store.virginmedia.com/'
+Fetch error: http://cablemystreet.virginmedia.com/ => https://cablemystreet.virginmedia.com/: Too many redirects while fetching 'https://cablemystreet.virginmedia.com/'
+Fetch error: http://myphotos4.virginmedia.com/ => https://myphotos4.virginmedia.com/: (7, 'Failed to connect to myphotos4.virginmedia.com port 443: Connection refused')
+
+	Other Virgin rulesets:
+
+		- VirginAustralia.xml
+		- Virgin-mismatches.xml
+		- VirginMobile.xml
 
-	Partially covered subdomains:
+	Nonfunctional subdomains:
 
-		- (www.) *
-		- onlinemovies *
+		- about *
+		- admin *
+		- advancedsearch2 *
+		- adserver *
+		- anywhere *
+		- careers *
+		- cms *
+		- contact *
+		- dev *
+		- downloads *
+		- ebill *
+		- email *
+		- energy *
+		- events *
+		- fedora *
+		- finance *
+		- ftp *
+		- identity2 *
+		- m *
+		- mediacentre *
+		- mirrors *
+		- netreport *
+		- news *
+		- ntp *
+		- nt *
+		- onlinemovies-cache *
+		- origin *
+		- php *
+		- pop3 *
+		- press *
+		- redirect *
+		- redirects *
+		- samba *
+		- search *
+		- search2 *
 		- shop *
+		- static-content *
+		- smtp *
+		- tools *
+		- tv *
+		- ubuntu *
+		- wap *
+		- webcache *
+
+		- accessibility **
+		- chat **
+		- forums **
+		- guides **
+		- health **
+		- jobs **
+		- mailing **
+		- metrics **
+		- old **
+		- profile **
+		- static **
+		- web **
+		- wwww **
+
+		- social ***
+
+		- www.mail	(http redirects to https://mail2.virginmedia.com, https returns "Invalid request")
+		- myphotos	(mixed active content blocked from http://static.sf-cdn.com)
+		- myphotos1	(mixed active content blocked from http://static.sf-cdn.com)
+		- myphotos2	(mixed active content blocked from http://static.sf-cdn.com)
+		- myphotos3	(mixed active content blocked from http://static.sf-cdn.com)
+
+	* unable to connect or (https) connection refused
+	** certificate name mismatch
+	*** certificate expired
 
-	* $ redirects to http
+	Partially covered subdomains:
 
+		- ^		(302 redirects to http://www.virginmedia.com except certain directories)
+		- allyours	(301 redirects to http://shop.virginmedia.com)
+		- checkout	(302 redirects to http://store.virginmedia.com/virgin-media-mobile/pay-monthly-phones.html)
+		- keepup	(302 redirects to http://store.virginmedia.com)
+		- mobilebill	(301 redirects to http://store.virginmedia.com/virgin-media-mobile.html)
+		- onlinemovies	(302 redirects to http://onlinemovies.virginmedia.com except certain directories)
+		- store		(302 redirects to http://store.virginmedia.com)
 
 	Fully covered subdomains:
 
-		- allyours
+		- assets
+		- cablemystreet
+		- community
 		- da
-		- help
+		- ebill2
+		- help		(requires assets rule to prevent mixed-content)
+		- login
+		- mail		(301 redirects to https://mail2.virginmedia.com)
+		- mail2
+		- mobile
+		- my
+		- myphotos4
+		- payments
+		- websafe
+		- www
 		- identity
-		- mail
 		- national
-		- my
-		- static-content	(→ www)
 
 -->
-<ruleset name="Virgin Media.com (partial)">
-
-	<target host="virginmedia.com" />
-	<target host="*.virginmedia.com" />
-		<exclusion pattern="^http://(?:www\.)?virginmedia\.com/(?!favicon\.ico|images/|img/|styles/)" />
-		<exclusion pattern="^http://onlinemovies\.virginmedia\.com/(?!App_Themes/|[cC]ommon/|COMMON/|favicon\.ico|js/|rfc\d+\.gif|WebResource\.axd)" />
-		<exclusion pattern="^http://store\.virginmedia\.com/(?!assets/|content/|etc/|images/|includes/)" />
+<ruleset name="Virgin Media.com (partial)" default_off="failed ruleset test">
 
+	<target host="identity.virginmedia.com" />
+	<target host="national.virginmedia.com" />
 
-	<!--	Tracking cookies:
-					-->
+	<target host="virginmedia.com" />
+	<target host="allyours.virginmedia.com" />
+	<target host="checkout.virginmedia.com" />
+	<target host="keepup.virginmedia.com" />
+	<target host="mobilebill.virginmedia.com" />
+	<target host="onlinemovies.virginmedia.com" />
+	<target host="store.virginmedia.com" />
+
+	<target host="assets.virginmedia.com" />
+	<target host="cablemystreet.virginmedia.com" />
+	<target host="community.virginmedia.com" />
+	<target host="da.virginmedia.com" />
+	<target host="ebill2.virginmedia.com" />
+	<target host="help.virginmedia.com" />
+	<target host="login.virginmedia.com" />
+	<target host="mail.virginmedia.com" />
+	<target host="mail2.virginmedia.com" />
+	<target host="mobile.virginmedia.com" />
+	<target host="my.virginmedia.com" />
+	<target host="myphotos4.virginmedia.com" />
+	<target host="payments.virginmedia.com" />
+	<target host="websafe.virginmedia.com" />
+	<target host="www.virginmedia.com" />
+
+	<!--	Tracking cookies (TODO: update hosts)	-->
 	<securecookie host="^\.virginmedia\.com$" name="^(?:gpv_p\w|s_\w+)$" />
 	<securecookie host="^(?:da|help|identity|my|national)\.virginmedia\.com$" name=".+" />
 
+	<rule from="^http:" to="https:" />
 
-	<rule from="^http://(?:static-content\.|www\.)?virginmedia\.com/"
-		to="https://www.virginmedia.com/" />
-
-	<rule from="^http://(allyours|da|help|identity|mail|my|national|onlinemovies|store)\.virginmedia\.com/"
-		to="https://$1.virginmedia.com/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Virgin_Media.ie.xml b/src/chrome/content/rules/Virgin_Media.ie.xml
new file mode 100644
index 000000000000..ca68945fa690
--- /dev/null
+++ b/src/chrome/content/rules/Virgin_Media.ie.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- support.virginmedia.ie
+
+-->
+<ruleset name="Virgin Media.ie">
+
+	<target host="virginmedia.ie" />
+	<target host="support.virginmedia.ie" />
+	<target host="www.virginmedia.ie" />
+	<target host="origin.www.virginmedia.ie" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^support\.virginmedia\.ie$" name="^cp_session$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Virginia-Mason-Hospital.xml b/src/chrome/content/rules/Virginia-Mason-Hospital.xml
index bca8bf79a154..41a295847e1d 100644
--- a/src/chrome/content/rules/Virginia-Mason-Hospital.xml
+++ b/src/chrome/content/rules/Virginia-Mason-Hospital.xml
@@ -4,10 +4,9 @@
 	<target host="www.virginiamason.org" />
 
 
-	<securecookie host="^(.*\.)?virginiamason\.org$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http(?:://(?:www\.)?|s://)virginiamason\.org/"
-		to="https://www.virginiamason.org/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Virginia-Polytechnic-Institute-and-State-University.xml b/src/chrome/content/rules/Virginia-Polytechnic-Institute-and-State-University.xml
index 06097bdd2864..47a13daf3940 100644
--- a/src/chrome/content/rules/Virginia-Polytechnic-Institute-and-State-University.xml
+++ b/src/chrome/content/rules/Virginia-Polytechnic-Institute-and-State-University.xml
@@ -1,9 +1,23 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://auth.vt.edu/ => https://auth.vt.edu/: (7, 'Failed to connect to auth.vt.edu port 443: Connection refused')
+Fetch error: http://research.cals.vt.edu/ => https://research.cals.vt.edu/: (6, 'Could not resolve host: research.cals.vt.edu')
+Fetch error: http://www.research.cals.vt.edu/ => https://www.research.cals.vt.edu/: (51, "SSL: no alternative certificate subject name matches target host name 'www.research.cals.vt.edu'")
+Fetch error: http://hipl.hnfe.vt.edu/ => https://hipl.hnfe.vt.edu/: (6, 'Could not resolve host: hipl.hnfe.vt.edu')
+Fetch error: http://www.hipl.hnfe.vt.edu/ => https://www.hipl.hnfe.vt.edu/: (6, 'Could not resolve host: www.hipl.hnfe.vt.edu')
+Fetch error: http://dev.research.vt.edu/ => https://dev.research.vt.edu/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://unirel.vt.edu/ => https://unirel.vt.edu/: (51, "SSL: no alternative certificate subject name matches target host name 'unirel.vt.edu'")
+Fetch error: http://www.unirel.vt.edu/ => https://www.unirel.vt.edu/: (51, "SSL: no alternative certificate subject name matches target host name 'www.unirel.vt.edu'")
+
+	Virginia Polytechnic Institute and State University
+
+
 	Nonfunctional subdomains:
 
 		- calendar		(cert: secure.hosting.vt.edu; 404)
-		- www.cnr
 		- mirror.ece		(refused)
+		- filebox		(Refused)
 		- (www.)fishwild
 		- (www.)frec
 		- (www.)geography
@@ -12,6 +26,7 @@
 		- www.tec.lib			(shows secure.hosting. CN: secure.hosting)
 		- www.podcasts			(shows secure.hosting. CN: secure.hosting)
 		- (www.)auction.research	(404)
+		- confluence.research		(Dropped)
 		- (www.)sbio
 		- www.directory.unirel		(shows secure.hosting, CN: secure.hosting)
 		- ossie.wireless	(self-signed, expired; shows CentOS Apache test page)
@@ -21,6 +36,7 @@
 
 		- ^
 		- bioinformatics
+		- www.cnr
 		- scrooge.lib				(expired, self-signed)
 		- www.oesrc.researchcompliance *
 		- vbi *
@@ -53,7 +69,7 @@
 
 			- aqua
 			- login.ezproxy.lib...:2443
-			- ulfs
+			- vtechworks
 			- www
 
 		- my
@@ -62,7 +78,6 @@
 		- research subdomains:
 
 			- (www.)
-			- confluence
 			- dev
 			- help
 			- secure
@@ -73,6 +88,7 @@
 			- (www.)oesrc			(www → ^)
 			- (www.)ibc
 
+		- security
 		- (www.)unirel
 
 		- (www.)vaes
@@ -81,30 +97,104 @@
 		- (www.)vtnews
 
 -->
-<ruleset name="Virginia Polytechnic Institute and State University (partial)">
+<ruleset name="VT.edu (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="addison.vt.edu" />
+	<target host="m.addison.vt.edu" />
+	<target host="assessment.vt.edu" />
+	<target host="www.assessment.vt.edu" />
+	<target host="auth.vt.edu" />
+	<target host="bioinformatics.vt.edu" />
+	<target host="bse.vt.edu" />
+	<target host="www.bse.vt.edu" />
+
+	<target host="cals.vt.edu" />
+	<target host="research.cals.vt.edu" />
+	<target host="www.research.cals.vt.edu" />
+	<target host="www.cals.vt.edu" />
+
+	<target host="cnre.vt.edu" />
+	<target host="www.cnre.vt.edu" />
+
+	<target host="ext.vt.edu" />
+	<target host="pubs.ext.vt.edu" />
+	<target host="www.pubs.ext.vt.edu" />
+	<target host="www.ext.vt.edu" />
+
+	<target host="vectorborne.fralin.vt.edu" />
+	<target host="www.vectorborne.fralin.vt.edu" />
+	<target host="www.fralin.vt.edu" />
+
+	<target host="hipl.hnfe.vt.edu" />
+	<target host="www.hipl.hnfe.vt.edu" />
+	<target host="www.hnfe.vt.edu" />
 
-	<target host="vt.edu" />
-	<target host="*.vt.edu" />
 	<target host="secure.hosting.vt.edu" />
 
+	<target host="aqua.lib.vt.edu" />
+	<!--target host="ulfs.lib.vt.edu" /-->
+	<target host="vtechworks.lib.vt.edu" />
+	<target host="www.lib.vt.edu" />
+
+	<target host="my.vt.edu" />
+	<target host="osp.vt.edu" />
+	<target host="www.osp.vt.edu" />
+
+	<target host="research.vt.edu" />
+	<target host="dev.research.vt.edu" />
+	<target host="help.research.vt.edu" />
+	<target host="secure.research.vt.edu" />
+	<target host="www.research.vt.edu" />
+
+	<target host="researchcompliance.vt.edu" />
+	<target host="ibc.researchcompliance.vt.edu" />
+	<target host="www.ibc.researchcompliance.vt.edu" />
+	<target host="oesrc.researchcompliance.vt.edu" />
+	<target host="www.researchcompliance.vt.edu" />
+
+	<target host="security.vt.edu" />
+	<target host="www.security.vt.edu" />
+	<target host="unirel.vt.edu" />
+	<target host="www.unirel.vt.edu" />
+
+	<target host="vaes.vt.edu" />
+	<target host="arec.vaes.vt.edu" />
+	<target host="www.vaes.vt.edu" />
+
+	<target host="vbi.vt.edu" />
+	<target host="vtnews.vt.edu" />
+	<target host="www.vtnews.vt.edu" />
+	<target host="www.vt.edu" />
+
+	<!--	Special cases:
+				-->
+	<target host="vt.edu" />
+	<target host="www.bioinformatics.vt.edu" />
+	<target host="www.cnr.vt.edu" />
+	<target host="www.oesrc.researchcompliance.vt.edu" />
+	<target host="www.vbi.vt.edu" />
+
+		<!--	403:
+				-->
+		<!--exclusion pattern="^http://ulfs\.lib\.vt\.edu/$" /-->
+
 
-	<securecookie host="^(?:(?:m?\.)?addison|auth|www\.(?:bioinformatics|vbi)|(?:\.vectorborne)?\.fralin|(?:confluence|help|secure)?\.research|(?:\.ibc|\.oesrc)?\.researchcompliance)\.vt\.edu$" name=".+" />
+	<securecookie host="^(?:(?:m?\.)?addison|auth|www\.(?:bioinformatics|vbi)|(?:\.vectorborne)?\.fralin|(?:help|secure)?\.research|(?:\.ibc|\.oesrc)?\.researchcompliance)\.vt\.edu$" name=".+" />
 	<!--securecookie host="^\.vt\.edu$" name=".+" /-->
 
 
-	<rule from="^https?://(?:www\.)?(bioinformatics\.|vbi\.)?vt\.edu/"
+	<rule from="^http://(bioinformatics\.|vbi\.)?vt\.edu/"
 		to="https://www.$1vt.edu/" />
 
-	<rule from="^http://((?:m\.)?addison|auth|www\.(?:fralin|hnfe|lib)|(?:www\.)?(?:assessment|bse|cals|cnre|ext|pubs\.ext|vectorborne\.fralin|hipl\.hnfe|osp|research(?:\.cals)?|(?:ibc\.)?researchcompliance|unirel|vaes|vtnews)|secure\.hosting|(?:aqua|ulfs)\.lib|my|(?:confluence|dev|help|secure)\.research|arec\.vaes)\.vt\.edu/"
-		to="https://$1.vt.edu/" />
-
-	<rule from="^https?://www\.cnr\.vt\.edu/"
+	<rule from="^http://www\.cnr\.vt\.edu/"
 		to="https://cnre.vt.edu/" />
 
-	<rule from="^http://login\.ezproxy\.lib\.vt\.edu:2443/"
-		to="https://login.ezproxy.lib.vt.edu:2443/" />
-
-	<rule from="^https?://(?:www\.)?oesrc\.researchcompliance\.vt\.edu/"
+	<rule from="^http://www\.oesrc\.researchcompliance\.vt\.edu/"
 		to="https://oesrc.researchcompliance.vt.edu/" />
 
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/Virk.dk.xml b/src/chrome/content/rules/Virk.dk.xml
new file mode 100644
index 000000000000..21752e5037e3
--- /dev/null
+++ b/src/chrome/content/rules/Virk.dk.xml
@@ -0,0 +1,50 @@
+<!--
+	Nonfunctional hosts in *virk.dk:
+
+		- datahub *
+
+	* Dropped
+
+
+	Fully covered hosts in *virk.dk:
+
+		- (www.)?
+		- data
+		- datacvr
+		- hjaelp
+		- indberet
+		- startvaekst
+
+
+	Insecure cookies are set for these hosts:
+
+		- data.virk.dk
+		- hjaelp.virk.dk
+		- indberet.virk.dk
+		- startvaekst.virk.dk
+
+-->
+<ruleset name="Virk.dk (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="virk.dk" />
+	<target host="data.virk.dk" />
+	<target host="datacvr.virk.dk" />
+	<target host="hjaelp.virk.dk" />
+	<target host="indberet.virk.dk" />
+	<target host="startvaekst.virk.dk" />
+	<target host="www.virk.dk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:data|hjaelp|indberet|startvaekst)\.virk\.dk$" name="^JSESSIONID$" /-->
+
+	<securecookie host="^(?:data|hjaelp|indberet|startvaekst)\.virk\.dk$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Virool.com.xml b/src/chrome/content/rules/Virool.com.xml
new file mode 100644
index 000000000000..523287b7176f
--- /dev/null
+++ b/src/chrome/content/rules/Virool.com.xml
@@ -0,0 +1,32 @@
+<!--
+	Nonfunctional subdomains:
+
+		- discuss *
+
+	* Refused
+
+
+	Insecure cookies are set for these domains:
+
+		- .virool.com
+		- channel.virool.com
+		- tools.virool.com
+
+-->
+<ruleset name="Virool.com (partial)">
+
+	<target host="virool.com" />
+	<target host="www.virool.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.virool\.com$" name="^_virool_session$" /-->
+	<!--securecookie host="^(channel|tools)\.virool\.com$" name="^_session_id$" /-->
+
+	<securecookie host="^(?:channel|tools)?\.virool\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Virt-manager.org.xml b/src/chrome/content/rules/Virt-manager.org.xml
new file mode 100644
index 000000000000..9e057a868713
--- /dev/null
+++ b/src/chrome/content/rules/Virt-manager.org.xml
@@ -0,0 +1,9 @@
+<ruleset name="virt-manager.org">
+
+	<target host="virt-manager.org" />
+	<target host="www.virt-manager.org" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/VirtKick.io.xml b/src/chrome/content/rules/VirtKick.io.xml
new file mode 100644
index 000000000000..ac3b6860d9e7
--- /dev/null
+++ b/src/chrome/content/rules/VirtKick.io.xml
@@ -0,0 +1,54 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://press.virtkick.io/ => https://press.virtkick.io/: (6, 'Could not resolve host: press.virtkick.io')
+
+	For other Virtkick coverage, see Virtkick.com.xml.
+
+
+	NB: Tor users cannot view* this website due to CloudFlare settings.
+
+	See:
+
+		- https://blog.torproject.org/blog/call-arms-helping-internet-services-accept-anonymous-users
+		- https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block-Tor-
+		- https://support.cloudflare.com/hc/en-us/articles/200170206-How-do-I-turn-I-m-Under-Attack-mode-on-
+
+	* without enabling javascript, for security and privacy implications see e.g.:
+
+		- https://www.mozilla.org/security/known-vulnerabilities/firefox.html
+		- https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-fingerprinting
+		- https://panopticlick.eff.org
+
+
+	Fully covered hosts in *virtkick.io:
+
+		- (www.)?
+		- press
+
+
+	Insecure cookies are set for these domains:
+
+		- .virtkick.io
+
+-->
+<ruleset name="Virtkick.io" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="virtkick.io" />
+	<target host="press.virtkick.io" />
+	<target host="www.virtkick.io" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.virtkick\.io$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^(?:\.|www\.)?virtkick\.io$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Virtkick.com.xml b/src/chrome/content/rules/Virtkick.com.xml
new file mode 100644
index 000000000000..758adea01efb
--- /dev/null
+++ b/src/chrome/content/rules/Virtkick.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Other Virtkick rulesets:
+
+		- VirtKick.io.xml
+
+
+	Fully covered hosts in *virtkick.com:
+
+		- (www.)?
+		- demo
+
+-->
+<ruleset name="Virtkick.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="virtkick.com" />
+	<target host="demo.virtkick.com" />
+	<target host="www.virtkick.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Virtual-Privacy-Office.xml b/src/chrome/content/rules/Virtual-Privacy-Office.xml
index f102d7727a50..e25e7671c354 100644
--- a/src/chrome/content/rules/Virtual-Privacy-Office.xml
+++ b/src/chrome/content/rules/Virtual-Privacy-Office.xml
@@ -4,7 +4,6 @@
 	<target host="www.datenschutz.de"/>
 
 	<!--	!www:	!found	-->
-	<rule from="^http://(?:www\.)?datenschutz\.de/"
-		to="https://www.datenschutz.de/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/VirtualBox.org.xml b/src/chrome/content/rules/VirtualBox.org.xml
new file mode 100644
index 000000000000..27b15fe1f56d
--- /dev/null
+++ b/src/chrome/content/rules/VirtualBox.org.xml
@@ -0,0 +1,22 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- forum.virtualbox.org
+		- registration.virtualbox.org
+
+-->
+<ruleset name="VirtualBox.org">
+	<target host="virtualbox.org" />
+	<target host="www.virtualbox.org" />
+	<target host="download.virtualbox.org" />
+	<target host="forum.virtualbox.org" />
+	<target host="forums.virtualbox.org" />
+	<target host="update.virtualbox.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://forum\.virtualbox\.org/"
+		to="https://forums.virtualbox.org/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/VirtualBox.xml b/src/chrome/content/rules/VirtualBox.xml
deleted file mode 100644
index 4c5464a166c8..000000000000
--- a/src/chrome/content/rules/VirtualBox.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	For other Oracle coverage, see Oracle.xml.
-
-
-	Problematic subdomains:
-
-		- ^	(CN: www.virtualbox.org)
-
--->
-<ruleset name="VirtualBox">
-
-	<target host="virtualbox.org" />
-	<target host="*.virtualbox.org" />
-
-
-	<securecookie host="^(?:\.forums|www)\.virtualbox\.org$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?virtualbox\.org/"
-		to="https://www.virtualbox.org/" />
-
-	<rule from="^http://forums\.virtualbox\.org/"
-		to="https://forums.virtualbox.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/VirtualBoxImages.com.xml b/src/chrome/content/rules/VirtualBoxImages.com.xml
new file mode 100644
index 000000000000..e5cc25ed74ff
--- /dev/null
+++ b/src/chrome/content/rules/VirtualBoxImages.com.xml
@@ -0,0 +1,30 @@
+<!--
+	Mixed content:
+
+		- Bugs, on:
+
+			- (www.)? from pr.prchecker.info ¹
+			- (www.)? from img.revresponse.com ²
+
+	¹ Unsecurable <= handshake fails
+	² Not secured by us <= mismatched
+
+-->
+<ruleset name="VirtualBoxImages.com">
+
+	<target host="virtualboximages.com" />
+	<target host="images.virtualboximages.com" />
+	<target host="www.virtualboximages.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.virtualboximages\.com$" name="^SESS[\da-f]{32}$" /-->
+
+	<securecookie host="^\.virtualboximages\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/VirtualQube.com.xml b/src/chrome/content/rules/VirtualQube.com.xml
new file mode 100644
index 000000000000..bd2ed39aafe9
--- /dev/null
+++ b/src/chrome/content/rules/VirtualQube.com.xml
@@ -0,0 +1,31 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://virtualqube.com/ => https://virtualqube.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.virtualqube.com/ => https://www.virtualqube.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+	Insecure cookies are set for these hosts:
+
+		- virtualqube.com
+		- www.virtualqube.com
+
+-->
+<ruleset name="VirtualQube.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="virtualqube.com" />
+	<target host="www.virtualqube.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?virtualqube\.com$" name="^(?:PHPSESSID|wfvt_\d+)$" /-->
+
+	<securecookie host="^(?:www\.)?virtualqube\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/VirtualTourist.xml b/src/chrome/content/rules/VirtualTourist.xml
index b338534e9358..734d79e7b728 100644
--- a/src/chrome/content/rules/VirtualTourist.xml
+++ b/src/chrome/content/rules/VirtualTourist.xml
@@ -42,13 +42,13 @@
 	<securecookie host="^vpn\.virtualtourist\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?virtualtourist\.com/ajax/"
+	<rule from="^http://(?:www\.)?virtualtourist\.com/ajax/"
 		to="https://www.virtualtourist.com/ajax/" />
 
 	<rule from="^http://(meetings|members|vpn)\.virtualtourist\.com/"
 		to="https://$1.virtualtourist.com/" />
 
-	<rule from="^https?://(?:(?:cdn\d|p).v|(?:cache|p)\.virtual)tourist.com/"
+	<rule from="^http://(?:(?:cdn\d|p)\.v|(?:cache|p)\.virtual)tourist\.com/"
 		to="https://members.virtualtourist.com/_assets/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Virtual_Inventions.com.xml b/src/chrome/content/rules/Virtual_Inventions.com.xml
new file mode 100644
index 000000000000..cea6ddf027aa
--- /dev/null
+++ b/src/chrome/content/rules/Virtual_Inventions.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="Virtual Inventions.com" default_off="expired">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="virtualinventions.com" />
+	<target host="www.virtualinventions.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Virtual_News_Center.xml b/src/chrome/content/rules/Virtual_News_Center.xml
index ca6d3d25b4a8..a6a31b070417 100644
--- a/src/chrome/content/rules/Virtual_News_Center.xml
+++ b/src/chrome/content/rules/Virtual_News_Center.xml
@@ -6,20 +6,35 @@
 			- ssl does not exist
 
 -->
-<ruleset name="Virtual News Center">
+<ruleset name="Virtual News Center.com" default_off="redirects to http">
 
-	<target host="virtualnewscenter.wpengine.netdna-cdn.com" />
+	<!--	Direct rewrites:
+				-->
 	<target host="virtualnewscenter.com" />
-	<target host="*.virtualnewscenter.com" />
+	<target host="www.virtualnewscenter.com" />
+
+	<!--	Complications:
+				-->
+	<target host="virtualnewscenter.wpengine.netdna-cdn.com" />
 
 
-	<securecookie host="^\.virtualnewscenter.com$" name=".+" />
+		<!--	Redirects to http:
+						-->
+		<exclusion pattern="^http://(?:www\.)?virtualnewscenter\.com/+(?:$|wp-content/|wp-login\.php)" />
 
+			<!--	+ve:
+					-->
+			<test url="http://virtualnewscenter.com/wp-content/uploads/target_128.png" />
+			<test url="http://virtualnewscenter.com/wp-login.php" />
+
+
+	<!--securecookie host="^\.virtualnewscenter.com$" name=".+" /-->
 
-	<rule from="^http://(www\.)?virtualnewscenter\.com/"
-		to="https://$1virtualnewscenter.com/" />
 
 	<rule from="^http://virtualnewscenter\.wpengine\.netdna-cdn\.com/"
 		to="https://virtualnewscenter.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Virtual_Spirits.xml b/src/chrome/content/rules/Virtual_Spirits.xml
index e5a216e3a6ee..4c26bf6a70b1 100644
--- a/src/chrome/content/rules/Virtual_Spirits.xml
+++ b/src/chrome/content/rules/Virtual_Spirits.xml
@@ -1,4 +1,14 @@
-<ruleset name="Virtual Sprits">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://virtualspirits.com/ => https://virtualspirits.com/: Too many redirects while fetching 'https://virtualspirits.com/'
+Fetch error: http://www.virtualspirits.com/ => https://www.virtualspirits.com/: Too many redirects while fetching 'https://www.virtualspirits.com/'
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://virtualspirits.com/ => https://virtualspirits.com/: Cycle detected - URL already encountered: https://virtualspirits.com/Default.aspx
+Fetch error: http://www.virtualspirits.com/ => https://www.virtualspirits.com/: Cycle detected - URL already encountered: https://www.virtualspirits.com/Default.aspx
+-->
+<ruleset name="Virtual Sprits" default_off="failed ruleset test">
 
 	<target host="virtualspirits.com" />
 	<target host="www.virtualspirits.com" />
@@ -7,7 +17,6 @@
 	<securecookie host="^(?:www\.)?virtualspirits\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?virtualspirits\.com/"
-		to="https://$1virtualspirits.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Virtualearth.net.xml b/src/chrome/content/rules/Virtualearth.net.xml
index 5dc9c63f5229..4d9294bd999f 100644
--- a/src/chrome/content/rules/Virtualearth.net.xml
+++ b/src/chrome/content/rules/Virtualearth.net.xml
@@ -2,25 +2,55 @@
 	For other Microsoft coverage, see Microsoft.xml.
 
 
-	Fully covered domains:
+	Problematic hosts in *virtualearth.net:
 
-		- virtualearth.net subdomains:
+		- (www.)? *
+		- fb.ecn.api.tiles *
 
-			- dev
-			- ecn.dev
-			- ecn.t[0-7].tiles
-			- venuemaps
+	* Mismatched
 
 -->
-<ruleset name="virtualearth.net">
+<ruleset name="Virtual Earth.net">
 
-	<target host="*.virtualearth.net" />
+	<!--	Direct rewrites:
+				-->
+	<target host="dev.virtualearth.net" />
+	<target host="ecn.dev.virtualearth.net" />
 
+	<target host="api.tiles.virtualearth.net" />
+	<target host="ecn.t0.tiles.virtualearth.net" />
+	<target host="ecn.t1.tiles.virtualearth.net" />
+	<target host="ecn.t2.tiles.virtualearth.net" />
+	<target host="ecn.t3.tiles.virtualearth.net" />
+	<target host="ecn.t4.tiles.virtualearth.net" />
+	<target host="ecn.t5.tiles.virtualearth.net" />
+	<target host="ecn.t6.tiles.virtualearth.net" />
+	<target host="ecn.t7.tiles.virtualearth.net" />
 
-	<securecookie host="^.*\.virtualearth\.net$" name=".+" />
+	<target host="venuemaps.virtualearth.net" />
 
+	<!--	Complications:
+				-->
+	<target host="virtualearth.net" />
+	<target host="fb.ecn.api.tiles.virtualearth.net" />
+	<target host="www.virtualearth.net" />
 
-	<rule from="^http://(dev|ecn\.(?:dev|t\d\.tiles)|api\.tiles|venuemaps)\.virtualearth\.net/"
-		to="https://$1.virtualearth.net/" />
 
-</ruleset>
\ No newline at end of file
+	<securecookie host=".+" name=".+" />
+
+
+	<!--	Redirect drops forward slash, path, and args:
+								-->
+	<rule from="^http://(?:www\.)?virtualearth\.net/.*"
+		to="https://www.bing.com/maps/" />
+
+		<test url="http://virtualearth.net//index.aspx" />
+		<test url="http://www.virtualearth.net//index.aspx" />
+
+	<rule from="^http://fb\.ecn\.api\.tiles\.virtualearth\.net/"
+		to="https://api.tiles.virtualearth.net/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Virtualization_Review.com.xml b/src/chrome/content/rules/Virtualization_Review.com.xml
new file mode 100644
index 000000000000..e44adca1ad56
--- /dev/null
+++ b/src/chrome/content/rules/Virtualization_Review.com.xml
@@ -0,0 +1,28 @@
+<!--
+	For other 1105 Media coverage, see 1105_Media.com.xml.
+
+
+	Insecure cookies are set for these hosts:
+
+		- virtualizationreview.com
+
+-->
+<ruleset name="Virtualization Review.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="virtualizationreview.com" />
+	<target host="www.virtualizationreview.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^virtualizationreview\.com$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^virtualizationreview\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/VirtusOnline.org.xml b/src/chrome/content/rules/VirtusOnline.org.xml
new file mode 100644
index 000000000000..7813981089af
--- /dev/null
+++ b/src/chrome/content/rules/VirtusOnline.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="VirtusOnline.org">
+	<target host="virtusonline.org" />
+	<target host="www.virtusonline.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/VirusTotal.xml b/src/chrome/content/rules/VirusTotal.xml
index 71ee1c764ad9..42c15785894a 100644
--- a/src/chrome/content/rules/VirusTotal.xml
+++ b/src/chrome/content/rules/VirusTotal.xml
@@ -1,19 +1,16 @@
 <!--
-	Nonfunctional subdomains:
-
-		- blog	(blogspot)
-
+	Connection closed:
+		- blog
 -->
-<ruleset name="VirusTotal">
 
+<ruleset name="VirusTotal.com">
 	<target host="virustotal.com" />
 	<target host="www.virustotal.com" />
+	<target host="legacy.virustotal.com" />
+	<target host="developers.virustotal.com" />
+	<target host="support.virustotal.com" />
 
+	<securecookie host=".+" name=".+" />
 
-	<securecookie host="^www\.virustotal\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?virustotal\.com/"
-		to="https://www.virustotal.com/" />
-
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Virus_Bulletin.xml b/src/chrome/content/rules/Virus_Bulletin.xml
index 39d172e57dd3..04b6150e7803 100644
--- a/src/chrome/content/rules/Virus_Bulletin.xml
+++ b/src/chrome/content/rules/Virus_Bulletin.xml
@@ -1,17 +1,30 @@
 <!--
-	Cert doesn't match !www.
+	Invalid certificate:
+		virusbtn.com
+		www.virusbtn.com (broken chain)
+
+	Different content http/https:
+		abs.virusbulletin.com
+		conference.virusbulletin.com
 
 -->
 <ruleset name="Virus Bulletin">
 
+	<!-- Old domain automatically forwards to virusbulletin.com -->
 	<target host="virusbtn.com" />
 	<target host="www.virusbtn.com" />
+	<target host="spamtrial.virusbtn.com" />
 
+	<!-- New domain -->
+	<target host="virusbulletin.com" />
+	<target host="www.virusbulletin.com" />
+	<target host="extranet.virusbulletin.com" />
+	<target host="photos.virusbulletin.com" />
 
-	<securecookie host="^www\.virusbtn\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
+	<rule from="^http://(www\.)?virusbtn\.com/" to="https://www.virusbulletin.com/" />
 
-	<rule from="^https?://(?:www\.)?virusbtn\.com/"
-		to="https://www.virusbtn.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Virus_Tracker.net.xml b/src/chrome/content/rules/Virus_Tracker.net.xml
new file mode 100644
index 000000000000..dd8a3283484a
--- /dev/null
+++ b/src/chrome/content/rules/Virus_Tracker.net.xml
@@ -0,0 +1,36 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://map.virustracker.net/ => https://map.virustracker.net/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	Fully covered hosts *virustracker.net:
+
+		- (www.)?
+		- map
+
+
+	Insecure cookies are set for these hosts:
+
+		- virustracker.net
+
+-->
+<ruleset name="Virus Tracker.net" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="virustracker.net" />
+	<target host="map.virustracker.net" />
+	<target host="www.virustracker.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^virustracker\.net$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^virustracker\.net$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Virusec.com.xml b/src/chrome/content/rules/Virusec.com.xml
index 1e905dffd0a4..44f06662fc00 100644
--- a/src/chrome/content/rules/Virusec.com.xml
+++ b/src/chrome/content/rules/Virusec.com.xml
@@ -1,5 +1,17 @@
-<!-- Av vendor. -->
-<ruleset name="Virusec.com">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.escan.com/ => https://www.virusec.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.virusec.com'")
+Fetch error: http://escan.com/ => https://www.virusec.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.virusec.com'")
+Fetch error: http://www.virusec.com/ => https://www.virusec.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.virusec.com'")
+Fetch error: http://virusec.com/ => https://www.virusec.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.virusec.com'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.escan.com/ => https://www.virusec.com/: (60, 'SSL certificate problem: self signed certificate')
+Fetch error: http://escan.com/ => https://www.virusec.com/: (60, 'SSL certificate problem: self signed certificate')
+Fetch error: http://www.virusec.com/ => https://www.virusec.com/: (60, 'SSL certificate problem: self signed certificate')
+Fetch error: http://virusec.com/ => https://www.virusec.com/: (60, 'SSL certificate problem: self signed certificate') Av vendor. -->
+<ruleset name="Virusec.com" default_off="failed ruleset test">
 	<target host="www.escan.com" />
 	<target host="escan.com" />
 	<target host="www.virusec.com" />
diff --git a/src/chrome/content/rules/Visa.com.xml b/src/chrome/content/rules/Visa.com.xml
new file mode 100644
index 000000000000..bdfed44db04c
--- /dev/null
+++ b/src/chrome/content/rules/Visa.com.xml
@@ -0,0 +1,66 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://developer.visa.com/ (200) => https://developer.visa.com/ (403)
+
+	Other Visa rulesets:
+		- Visa_Buxx.com.xml
+		- VisaEurope.xml
+
+	403 by travis:
+		developer.visa.com
+
+	Different http/https content:
+		(www.)?visa\.com/atmlocator/
+		benefitsource.visa.com
+		cis.visa.com
+
+	Invalid certificate:
+		bd.visa.com
+		design.visa.com
+		drjc1.visa.com
+		investor.visa.com
+		pressreleases.visa.com
+		rvcom-qa.visa.com
+		rvcom-qa.vc.visa.com
+
+	Redirect to http:
+		lac.visa.com
+		rs.visa.com
+		www.schoolofpublicpolicy.visa.com
+
+	Timeout:
+		jobs.visa.com
+-->
+
+<ruleset name="Visa.com" default_off="failed ruleset test">
+	<target host="visa.com" />
+	<target host="www.visa.com" />
+	<target host="aw.visa.com" />
+	<target host="business.visa.com" />
+	<target host="checkout.visa.com" />
+	<target host="secure.checkout.visa.com" />
+	<target host="sandbox.secure.checkout.visa.com" />
+	<target host="corporate.visa.com" />
+	<target host="developer.visa.com" />
+	<target host="community.developer.visa.com" />
+	<target host="icicibank.intellilink.visa.com" />
+	<target host="intellilink.visa.com" />
+	<target host="loyaltyoffer.visa.com" />
+	<target host="mssip.visa.com" />
+	<target host="multinationalpremiumsolutions.visa.com" />
+	<target host="promociones.visa.com" />
+	<target host="purchasealerts.visa.com" />
+	<target host="research.visa.com" />
+	<target host="smail.visa.com" />
+	<target host="technologypartner.visa.com" />
+	<target host="travel.visa.com" />
+	<target host="usa.visa.com" />
+
+	<!-- /atmlocator returns 404 with https -->
+	<exclusion pattern="^http://(www.)?visa\.com/atmlocator/" />
+		<test url="http://visa.com/atmlocator/" />
+		<test url="http://www.visa.com/atmlocator/index.jsp" />
+
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/Visa.xml b/src/chrome/content/rules/Visa.xml
deleted file mode 100644
index c4a3070d4179..000000000000
--- a/src/chrome/content/rules/Visa.xml
+++ /dev/null
@@ -1,32 +0,0 @@
-<!--
-	Other Visa rulesets:
-
-		- Visa_Europe.xml
-
-
-	Problematic subdomains:
-
-		- ^	(akamai)
-
--->
-<ruleset name="Visa (partial)">
-
-	<target host="visa.com" />
-	<target host="*.visa.com" />
-
-
-	<rule from="^https?://(?:www\.)?visa\.com/"
-		to="https://www.visa.com/" />
-
-	<rule from="^http://corporate\.visa\.com/_(cs|image)s/"
-		to="https://corporate.visa.com/_$1s/" />
-
-	<rule from="^http://usa\.visa\.com/(css|ext|img|merchants)/"
-		to="https://usa.visa.com/$1/" />
-
-	<!--	Doesn't redirect to http automatically (404s).
-		Linked to from merchants/.	-->
-	<rule from="^https://usa\.visa\.com/(?=about_visa/|download/|personal/|sitewide/)"
-		to="http://usa.visa.com/" downgrade="1" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/VisaEurope.xml b/src/chrome/content/rules/VisaEurope.xml
new file mode 100644
index 000000000000..7b856fbb1353
--- /dev/null
+++ b/src/chrome/content/rules/VisaEurope.xml
@@ -0,0 +1,33 @@
+<!--
+	For other Visa coverage, see Visa.xml.
+
+	Failed:
+		visaeurope.pl
+		www.visaeurope.pl
+
+	Mismatch:
+		apprentices.visaeurope.com
+-->
+<ruleset name="VisaEurope">
+	<target host="visaeurope.com" />
+	<target host="www.visaeurope.com" />
+	<target host="futures.visaeurope.com" />
+	<target host="vision.visaeurope.com" />
+
+	<target host="visaeurope.at" />
+	<target host="www.visaeurope.at" />
+
+	<target host="visaeurope.ch" />
+	<target host="www.visaeurope.ch" />
+
+	<target host="visaeurope.es" />
+	<target host="www.visaeurope.es" />
+
+	<target host="visaeurope.lu" />
+	<target host="www.visaeurope.lu" />
+
+	<target host="visaeurope.si" />
+	<target host="www.visaeurope.si" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/VisaForChina.org.xml b/src/chrome/content/rules/VisaForChina.org.xml
new file mode 100644
index 000000000000..6e89e9e1e378
--- /dev/null
+++ b/src/chrome/content/rules/VisaForChina.org.xml
@@ -0,0 +1,21 @@
+<!--
+
+	Problematic hosts in *visaforchina.org:
+
+		- mail (no https)
+		- mailhk (no https)
+		- meta (no https)
+		- new (mismatched)
+		- win (mismatched)
+
+-->
+<ruleset name="VisaForChina.org">
+
+	<target host="visaforchina.org" />
+	<target host="www.visaforchina.org" />
+	<target host="bio.visaforchina.org" />
+
+	<rule from="^http:"
+		to="https:"/>
+
+</ruleset>
diff --git a/src/chrome/content/rules/VisaHQ.xml b/src/chrome/content/rules/VisaHQ.xml
index 09a04e0b10b8..6a74b658bef1 100644
--- a/src/chrome/content/rules/VisaHQ.xml
+++ b/src/chrome/content/rules/VisaHQ.xml
@@ -2,7 +2,7 @@
     <target host="visahq.com" />
     <target host="www.visahq.com" />
 
-    <rule from="^https?://visahq\.com/"
+    <rule from="^http://visahq\.com/"
         to="https://www.visahq.com/"/>
     <rule from="^http://([^/:@]+)?\.visahq\.com/"
         to="https://$1.visahq.com/" />
diff --git a/src/chrome/content/rules/Visa_Buxx.com.xml b/src/chrome/content/rules/Visa_Buxx.com.xml
new file mode 100644
index 000000000000..59d74a44b064
--- /dev/null
+++ b/src/chrome/content/rules/Visa_Buxx.com.xml
@@ -0,0 +1,28 @@
+
+<!--
+Entire ruleset disabled at 2020-09-25 16:20:22
+
+Fetch error: http://visabuxx.com/ => https://visabuxx.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.visabuxx.com/ => https://www.visabuxx.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://usbank.visabuxx.com/ => https://usbank.visabuxx.com/: (28, 'Connection timed out after 20000 milliseconds')
+
+	For other Visa coverage, see Visa.xml.
+
+
+	(www.): refused
+
+-->
+<ruleset name="Visa Buxx.com (partial)" default_off="failed ruleset test">
+
+	<target host="visabuxx.com" />
+	<target host="www.visabuxx.com" />
+	<target host="usbank.visabuxx.com" />
+
+	<securecookie host="^usbank\.visabuxx\.com$" name=".+" />
+
+	<!--	302 to 400 on redirected page-->
+	<!-- <rule from="^http://(?:www\.)?visabuxx\.com/$"
+		to="https://usa.visa.com/personal/cards/prepaid/visa_buxx.html" /> -->
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Visa_Europe.xml b/src/chrome/content/rules/Visa_Europe.xml
deleted file mode 100644
index a91fdfbd18f8..000000000000
--- a/src/chrome/content/rules/Visa_Europe.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	For other Visa coverage, see Visa.xml.
-
-
-	Cert only matches www.
-
--->
-<ruleset name="Visa Europe (partial)">
-
-	<target host="visaeurope.com" />
-	<target host="www.visaeurope.com" />
-
-
-	<rule from="^https?://(?:www\.)?visaeurope\.com/(\w\w/idoc\.ashx|\w\w/member_area\.aspx|assets|favicon\.ico|plugins|templates|WebResource\.axd)($|\?|/)"
-		to="https://www.visaeurope.com/$1$2" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Visa_to_Vietnam.xml b/src/chrome/content/rules/Visa_to_Vietnam.xml
index a7f576ec2852..2f1668dde35f 100644
--- a/src/chrome/content/rules/Visa_to_Vietnam.xml
+++ b/src/chrome/content/rules/Visa_to_Vietnam.xml
@@ -1,13 +1,12 @@
 <ruleset name="Visa to Vietnam">
 
 	<target host="visatovietnam.org" />
-	<target host="*.visatovietnam.org" />
+	<target host="www.visatovietnam.org" />
 
 
 	<securecookie host="^(?:w*\.)?visatovietnam\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?visatovietnam\.org/"
-		to="https://$1visatovietnam.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Visaforchina.org.xml b/src/chrome/content/rules/Visaforchina.org.xml
deleted file mode 100644
index 7124db274d85..000000000000
--- a/src/chrome/content/rules/Visaforchina.org.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="Visaforchina.org">
-    <target host="visaforchina.org" />
-    <target host="www.visaforchina.org" />
-
-    <rule from="^https?://visaforchina\.org/"
-        to="https://www.visaforchina.org/"/>
-    <rule from="^http://([^/:@]+)?\.visaforchina\.org/"
-        to="https://$1.visaforchina.org/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Visalia_Times-Delta.xml b/src/chrome/content/rules/Visalia_Times-Delta.xml
index 3d80a4b070cd..717d975f2661 100644
--- a/src/chrome/content/rules/Visalia_Times-Delta.xml
+++ b/src/chrome/content/rules/Visalia_Times-Delta.xml
@@ -1,5 +1,7 @@
 <!--
-	For other Gannett Company coverage, see Gannett-Company.xml.	
+Disabled by https-everywhere-checker because:
+Fetch error: http://visaliatimesdelta.com/ => https://www.visaliatimesdelta.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.visaliatimesdelta.com'")
+	For other Gannett Company coverage, see Gannett-Company.xml.
 
 
 	Nonfunctional domains:
@@ -23,7 +25,10 @@
 <ruleset name="Visalia Times-Delta">
 
 	<target host="visaliatimesdelta.com" />
-	<target host="*.visaliatimesdelta.com" />
+	<target host="cmsimg.visaliatimesdelta.com" />
+	<target host="www.visaliatimesdelta.com" />
+	<target host="advertise.visaliatimesdelta.com" />
+	<target host="deals.visaliatimesdelta.com" />
 
 
 	<!--	Cookie domains:
@@ -37,10 +42,9 @@
 	<rule from="^http://(?:cmsimg\.|www\.)?visaliatimesdelta\.com/"
 		to="https://www.visaliatimesdelta.com/" />
 
-	<rule from="^http://advertise\.visaliatimesdelta\.com/"
-		to="https://advertise.visaliatimesdelta.com/" />
 
 	<rule from="^http://deals\.visaliatimesdelta\.com/"
 		to="https://visalia.planetdiscover.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Visaplace.com.xml b/src/chrome/content/rules/Visaplace.com.xml
new file mode 100644
index 000000000000..c0c1543c6f29
--- /dev/null
+++ b/src/chrome/content/rules/Visaplace.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Visaplace.com">
+	<target host="visaplace.com" />
+	<target host="www.visaplace.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/VisiStat.com.xml b/src/chrome/content/rules/VisiStat.com.xml
index e4c5da2d498b..a53693ff7cf9 100644
--- a/src/chrome/content/rules/VisiStat.com.xml
+++ b/src/chrome/content/rules/VisiStat.com.xml
@@ -1,4 +1,6 @@
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://visistat.com/ => https://visistat.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 	Nonfunctional subdomains:
 
 		- partner *
@@ -29,7 +31,10 @@
 	<target host="sa-as.com" />
 	<target host="www.sa-as.com" />
 	<target host="visistat.com" />
-	<target host="*.visistat.com" />
+	<target host="sniff.visistat.com" />
+	<target host="www.visistat.com" />
+	<target host="stats.visistat.com" />
+	<target host="demo.visistat.com" />
 
 
 	<securecookie host="^(?:www\.)?visistat\.com$" name=".+" />
@@ -47,4 +52,4 @@
 	<rule from="^http://demo\.visistat\.com/"
 		to="https://www.visistat.com/demo-login.php" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Visiba.com.xml b/src/chrome/content/rules/Visiba.com.xml
new file mode 100644
index 000000000000..41e221a28711
--- /dev/null
+++ b/src/chrome/content/rules/Visiba.com.xml
@@ -0,0 +1,16 @@
+<ruleset name="Visiba.com">
+
+	<target host="visiba.com" />
+	<target host="www.visiba.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.visiba\.com$" name="^WHMCS\w{12}$" /-->
+
+	<securecookie host="^www\.visiba\.com$" name="^" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Visible-Measures.xml b/src/chrome/content/rules/Visible-Measures.xml
index 877a822f0333..f429d6a61315 100644
--- a/src/chrome/content/rules/Visible-Measures.xml
+++ b/src/chrome/content/rules/Visible-Measures.xml
@@ -1,40 +1,65 @@
 <!--
-	Nonfunctional visiblemeasures.com subdomains:
+	Other Visible Measures rulesets:
 
-		- $
-		- corp
-		- www	(interrupted)
+		- viewablemedia.net.xml
 
 
 	Problematic domains:
 
-		- viewablemedia.net		(times out)
-		- od2.visiblemeasures.com	(cert only matches [www.]video.od)
+		- ^ ᵈ
+		- video.od ᵐ
 
+	ᵈ Dropped, preemptable redirect
+	ᵐ Mismatched
 
-	visiblemeasures.hubspot.com/$ redirects to visiblemeasures.com.
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- auth.visiblemeasures.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- www from vmcdev2016.wpengine.com
+			- www from $self ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="Visible Measures (partial)">
+<ruleset name="Visible Measures.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="auth.visiblemeasures.com" />
+	<target host="cdn.visiblemeasures.com" />
+	<target host="corp.visiblemeasures.com" />
+	<target host="od2.visiblemeasures.com" />
+	<target host="www.visiblemeasures.com" />
 
-	<target host="*.visiblemeasures.com" />
-	<target host="viewablemedia.net" />
-	<target host="*.viewablemedia.net" />
+	<!--	Complications:
+				-->
+	<target host="visiblemeasures.com" />
+	<target host="video.od.visiblemeasures.com" />
 
 
-	<securecookie host="^auth\.visiblemeasures\.com$" name=".+" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^auth\.visiblemeasures\.com$" name="^_session_id$" /-->
 
+	<securecookie host="^\w" name=".+" />
 
-	<rule from="^http://(auth|cdn)\.visiblemeasures\.com/"
-		to="https://$1.visiblemeasures.com/" />
 
-	<rule from="^https?://(?:od2|video\.od)\.visiblemeasures\.com/"
-		to="https://video.od.visiblemeasures.com/" />
+	<rule from="^http://visiblemeasures\.com/"
+		to="https://www.visiblemeasures.com/" />
 
-	<rule from="^http://(?:www\.)?viewablemedia\.net/"
-		to="https://www.viewablemedia.net/" />
+	<rule from="^http://video\.od\.visiblemeasures\.com/"
+		to="https://od2.visiblemeasures.com/" />
 
-	<rule from="^http://ad\.viewablemedia\.net/"
-		to="https://ad.viewablemedia.net/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/VisibleGains.com.xml b/src/chrome/content/rules/VisibleGains.com.xml
deleted file mode 100644
index bff3b267b6f5..000000000000
--- a/src/chrome/content/rules/VisibleGains.com.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)	(refused)
-		- blog		(dropped)
-
-
-	Fully covered subdomains:
-
-		- my
-		- player
-
--->
-<ruleset name="VisibleGains.com (partial)">
-
-	<target host="*.visiblegains.com" />
-
-
-	<securecookie host="^my\.visiblegains\.com$" name=".+" />
-
-
-	<rule from="^http://(my|player)\.visiblegains\.com/"
-		to="https://$1.visiblegains.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Visible_Technologies.xml b/src/chrome/content/rules/Visible_Technologies.xml
index 9e490e89a929..48a0477b365f 100644
--- a/src/chrome/content/rules/Visible_Technologies.xml
+++ b/src/chrome/content/rules/Visible_Technologies.xml
@@ -1,13 +1,19 @@
-<ruleset name="Visible Technologies">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://visibletechnologies.com/ => https://visibletechnologies.com/: (7, 'Failed to connect to visibletechnologies.com port 443: Connection refused')
+Fetch error: http://www.visibletechnologies.com/ => https://www.visibletechnologies.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.visibletechnologies.com'")
+
+-->
+<ruleset name="Visible Technologies" default_off="failed ruleset test">
 
 	<target host="visibletechnologies.com" />
-	<target host="*.visibletechnologies.com" />
+	<target host="www.visibletechnologies.com" />
 
 
 	<securecookie host="^\.visibletechnologies\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?visibletechnologies\.com/"
-		to="https://$1visibletechnologies.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Visiblebody.com.xml b/src/chrome/content/rules/Visiblebody.com.xml
new file mode 100644
index 000000000000..0a2b13378173
--- /dev/null
+++ b/src/chrome/content/rules/Visiblebody.com.xml
@@ -0,0 +1,27 @@
+<!--
+	Mismatch:
+		- aandp.visiblebody.com
+		- www.aandp.visiblebody.com
+		- de.visiblebody.com
+		- es.visiblebody.com
+		- fr.visiblebody.com
+		- inst.visiblebody.com
+		- installers.visiblebody.com   (Akamai)
+		- jp.visiblebody.com
+		- maintenance.visiblebody.com
+		- ovid.visiblebody.com
+		- spinstallers.visiblebody.com (Akamai)
+-->
+<ruleset name="Visiblebody.com">
+	<target host="www.visiblebody.com" />
+	<target host="email.visiblebody.com" />
+		<test url="http://email.visiblebody.com/stroke-email" />
+	<target host="go.visiblebody.com" />
+	<target host="info.visiblebody.com" />
+	<target host="learn.visiblebody.com" />
+	<target host="m.visiblebody.com" />
+	<target host="shop.visiblebody.com" />
+	<target host="support.visiblebody.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/VisionAirlines.xml b/src/chrome/content/rules/VisionAirlines.xml
index e684831e9874..66588c669dda 100644
--- a/src/chrome/content/rules/VisionAirlines.xml
+++ b/src/chrome/content/rules/VisionAirlines.xml
@@ -1,7 +1,17 @@
-<ruleset name="Vision Airlines">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://visionairlines.com/ => https://www.visionairlines.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.visionairlines.com/ => https://www.visionairlines.com/: (28, 'Connection timed out after 20000 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://visionairlines.com/ => https://www.visionairlines.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.visionairlines.com/ => https://www.visionairlines.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+-->
+<ruleset name="Vision Airlines" default_off="failed ruleset test">
   <target host="visionairlines.com" />
   <target host="www.visionairlines.com" />
 
   <rule from="^http://(?:www\.)?visionairlines\.com/"
           to="https://www.visionairlines.com/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Vision_Art_Forum.com.xml b/src/chrome/content/rules/Vision_Art_Forum.com.xml
index 01027416644f..8a3a2da975ac 100644
--- a/src/chrome/content/rules/Vision_Art_Forum.com.xml
+++ b/src/chrome/content/rules/Vision_Art_Forum.com.xml
@@ -10,7 +10,6 @@
 		<exclusion pattern="^http://(?:www\.)?visionartforum\.com/(?:content\.php)?(?:\?.*)?$" />
 
 
-	<rule from="^http://(www\.)?visionartforum\.com/"
-		to="https://$1visionartforum.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Vision_Critical.com.xml b/src/chrome/content/rules/Vision_Critical.com.xml
new file mode 100644
index 000000000000..e2884558880f
--- /dev/null
+++ b/src/chrome/content/rules/Vision_Critical.com.xml
@@ -0,0 +1,78 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://info.mkto.visioncritical.com/css/mktLPSupport.css (200) => https://na-abk.marketo.com/css/mktLPSupport.css (403)
+Non-2xx HTTP code: http://info.mkto.visioncritical.com/rs/visioncritical/images/doltone-house-apac-summit-banner-2.jpg (200) => https://na-abk.marketo.com/rs/visioncritical/images/doltone-house-apac-summit-banner-2.jpg (403)
+Fetch error: http://de.visioncritical.com/ => https://de.visioncritical.com/: (51, "SSL: no alternative certificate subject name matches target host name 'de.visioncritical.com'")
+Fetch error: http://fr.visioncritical.com/ => https://fr.visioncritical.com/: (51, "SSL: no alternative certificate subject name matches target host name 'fr.visioncritical.com'")
+
+	Other Vision Critical rulesets:
+
+		- Vision_Critical_Panels.com.xml
+
+
+	Nonfunctional hosts in *visioncritical.com:
+
+		- info.mkto ᵃ
+		- vcu ʳ
+		- webcam ʳ
+
+	ᵃ Marketo / shows another domain
+	ʳ Refused
+
+
+	Problematic hosts in *visioncritical.com:
+
+		- ilovecustomers ᵐ
+
+	ᵐ Mismatched
+
+-->
+<ruleset name="Vision Critical.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="visioncritical.com" />
+	<target host="de.visioncritical.com" />
+	<target host="fr.visioncritical.com" />
+	<target host="www.visioncritical.com" />
+
+	<!--	Complications:
+				-->
+	<target host="info.mkto.visioncritical.com" />
+
+		<exclusion pattern="^http://info\.mkto\.visioncritical\.com/(?!/*(?:$|\?|css/|images/|rs/))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://info.mkto.visioncritical.com/20120418WebinarNewMRBehaviouralEcon.html" />
+			<test url="http://info.mkto.visioncritical.com/20120528_VCSurveys_Allocation_Video.html" />
+			<test url="http://info.mkto.visioncritical.com/Email-Unsubscribe.html" />
+			<test url="http://info.mkto.visioncritical.com/ForumThemes.html" />
+			<test url="http://info.mkto.visioncritical.com/RAC-VCU.html" />
+			<test url="http://info.mkto.visioncritical.com/Request-a-Call-Back-Footer-Form.html" />
+			<test url="http://info.mkto.visioncritical.com/VID_WeightinginQuickReports_24.08.12.html" />
+			<test url="http://info.mkto.visioncritical.com/forumexports.html" />
+
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^[^.i]" name=".+" />
+
+
+	<!--	Redirect drops args and forward slash:
+							-->
+	<rule from="^http://info\.mkto\.visioncritical\.com/+(?:\?.*)?$"
+		to="https://www.visioncritical.com/" />
+
+		<test url="http://info.mkto.visioncritical.com/?" />
+
+	<rule from="^http://info\.mkto\.visioncritical\.com/"
+		to="https://na-abk.marketo.com/" />
+
+		<test url="http://info.mkto.visioncritical.com/css/mktLPSupport.css" />
+		<test url="http://info.mkto.visioncritical.com/rs/visioncritical/images/doltone-house-apac-summit-banner-2.jpg" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Vision_Critical_Panels.com.xml b/src/chrome/content/rules/Vision_Critical_Panels.com.xml
new file mode 100644
index 000000000000..6a0bd572ec97
--- /dev/null
+++ b/src/chrome/content/rules/Vision_Critical_Panels.com.xml
@@ -0,0 +1,23 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://logos.visioncriticalpanels.com/ => https://logos.visioncriticalpanels.com/: (6, 'Could not resolve host: logos.visioncriticalpanels.com')
+
+	For other Vision Critical coverage, see Vision_Critical.com.xml.
+
+
+	(www.)?visioncriticalpanels.com does not exist.
+
+-->
+<ruleset name="Vision Critical Panels.com" default_off="failed ruleset test">
+
+	<target host="logos.visioncriticalpanels.com" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Visit_the_Capitol.gov.xml b/src/chrome/content/rules/Visit_the_Capitol.gov.xml
new file mode 100644
index 000000000000..33afa0a18de5
--- /dev/null
+++ b/src/chrome/content/rules/Visit_the_Capitol.gov.xml
@@ -0,0 +1,16 @@
+<!--
+
+-->
+<ruleset name="Visit the Capitol.gov">
+
+	<target host="visitthecapitol.gov" />
+	<target host="www.visitthecapitol.gov" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Visitestonia.com.xml b/src/chrome/content/rules/Visitestonia.com.xml
new file mode 100644
index 000000000000..c185c59545f9
--- /dev/null
+++ b/src/chrome/content/rules/Visitestonia.com.xml
@@ -0,0 +1,60 @@
+<!--
+	CDN buckets:
+
+		- d1y50j8vst3j8d.cloudfront.net
+		- d3otexg1kysjv4.cloudfront.net
+
+
+	Nonfunctional subdomains:
+
+		- campaign *
+		- mailer *
+		- photos *
+
+	* Refused
+
+
+	Problematic subdomains:
+
+		- cache *
+		- camp *
+		- static[12] *
+
+	* Cloudfront
+
+
+	Fully covered subdomains:
+
+		- (www.)?
+		- cache		(→ d1y50j8vst3j8d.cloudfront.net)
+		- prelive
+		- static[12]	(→ d3otexg1kysjv4.cloudfront.net)
+
+
+	Mixed content:
+
+		- Ads on (www.)? from campaign *
+
+	* Unsecurable <= refused
+
+-->
+<ruleset name="Visitestonia.com (partial)">
+
+	<target host="visitestonia.com" />
+	<target host="prelive.visitestonia.com" />
+	<target host="www.visitestonia.com" />
+	<target host="cache.visitestonia.com" />
+	<target host="static1.visitestonia.com" />
+	<target host="static2.visitestonia.com" />
+
+
+
+
+	<!--rule from="^http://camp\.visitestonia\.com/"
+		to="https://???.cloudfront.net/" /-->
+
+	<rule from="^http://static[12]\.visitestonia\.com/"
+		to="https://d3otexg1kysjv4.cloudfront.net/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Visophyte.org.xml b/src/chrome/content/rules/Visophyte.org.xml
new file mode 100644
index 000000000000..e0ab2cefbff4
--- /dev/null
+++ b/src/chrome/content/rules/Visophyte.org.xml
@@ -0,0 +1,13 @@
+<!-- cert mismatch on:
+	- reviews
+-->
+<ruleset name="Visophyte.org" >
+
+	<target host="visophyte.org" />
+	<target host="www.visophyte.org" />
+	<target host="clicky.visophyte.org" />
+	<target host="www.clicky.visophyte.org" />
+
+	<rule from="^http:" to="https:"/>
+
+</ruleset>
diff --git a/src/chrome/content/rules/Vispa-self-signed.xml b/src/chrome/content/rules/Vispa-self-signed.xml
deleted file mode 100644
index 44c2d0562ae1..000000000000
--- a/src/chrome/content/rules/Vispa-self-signed.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="Vispa (self-signed)" default_off="self-signed">
-
-	<target host="webmail.vispa.com"/>
-
-	<securecookie host="^webmail\.vispa\.com$" name=".*"/>
-
-	<rule from="^http://webmail\.vispa\.com/"
-		to="https://webmail.vispa.com/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Vispa.net.uk.xml b/src/chrome/content/rules/Vispa.net.uk.xml
new file mode 100644
index 000000000000..2abe125ef233
--- /dev/null
+++ b/src/chrome/content/rules/Vispa.net.uk.xml
@@ -0,0 +1,17 @@
+<!--
+	Non-functional hosts:
+		Incomplete certificate chain:
+		- mx.vispa.net.uk
+
+		Different content:
+		- vispa.net.uk
+-->
+<ruleset name="Vispa.net.uk (partial)">
+	<target host="cp.vispa.net.uk" />
+	<target host="engage.vispa.net.uk" />
+	<target host="secure.vispa.net.uk"/>
+	<target host="signup.vispa.net.uk" />
+	<target host="support.vispa.net.uk" />
+	
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Vispa.xml b/src/chrome/content/rules/Vispa.xml
deleted file mode 100644
index da105848a7fb..000000000000
--- a/src/chrome/content/rules/Vispa.xml
+++ /dev/null
@@ -1,28 +0,0 @@
-<!--
-	Nonfunctional domains:
-
-		- helpdesk.vispa.net
-
--->
-<ruleset name="Vispa (partial)" platform="mixedcontent">
-
-	<target host="secure.vispa.net.uk"/>
-	<target host="www.vispahost.com"/>
-	<target host="vispashop.com"/>
-	<target host="www.vispashop.com"/>
-	<target host="*.www.vispashop.com"/>
-
-	<securecookie host="^secure\.vispa\.net\.uk$" name=".*"/>
-	<securecookie host="^(.*\.)?vispa(host|shop)\.com$" name=".*"/>
-
-	<rule from="^http://secure\.vispa\.net\.uk/"
-		to="https://secure.vispa.net.uk/"/>
-
-	<!--	!www doesn't exist.	-->
-	<rule from="^http://www\.vispahost\.com/"
-		to="https://www.vispahost.com/" />
-
-	<rule from="^http://(www\.)?vispashop\.com/"
-		to="https://$1vispashop.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Vistech-Communications.xml b/src/chrome/content/rules/Vistech-Communications.xml
index 2d038227b8e7..45c17f660d3f 100644
--- a/src/chrome/content/rules/Vistech-Communications.xml
+++ b/src/chrome/content/rules/Vistech-Communications.xml
@@ -1,9 +1,10 @@
 <ruleset name="Vistech Communications" platform="mixedcontent">
 
 	<target host="vistech.net"/>
-	<target host="*.vistech.net"/>
+	<target host="bundy.vistech.net" />
+	<target host="www.vistech.net" />
 
-	<securecookie host="^(.*\.)?vistech\.net$" name=".*"/>
+	<securecookie host=".+" name=".+" />
 
 	<!--	data appear the same
 		cert only valid for bundy	-->
diff --git a/src/chrome/content/rules/Visual-Paradigm.xml b/src/chrome/content/rules/Visual-Paradigm.xml
index 5f77348411b7..8ee96ff5c2bb 100644
--- a/src/chrome/content/rules/Visual-Paradigm.xml
+++ b/src/chrome/content/rules/Visual-Paradigm.xml
@@ -11,7 +11,7 @@
 	<target host="www.visual-paradigm.com" />
 
 
-	<securecookie host="^www\.visual-paradigm\.com$" name=".*" />
+	<securecookie host="^www\.visual-paradigm\.com$" name=".+" />
 
 
 	<!--	Data are also in www.visual-paradigm.com/simages/
diff --git a/src/chrome/content/rules/VisualDNA.com.xml b/src/chrome/content/rules/VisualDNA.com.xml
new file mode 100644
index 000000000000..e3e9d9d7217f
--- /dev/null
+++ b/src/chrome/content/rules/VisualDNA.com.xml
@@ -0,0 +1,45 @@
+<!--
+	Cert mismatch:
+		- fs.visualdna.com
+		- info.visualdna.com
+
+	Timeout:
+		- utilweb.visualdna.com
+-->
+<ruleset name="VisualDNA">
+
+	<target host="www.visualdna.com" />
+
+	<target host="blog.visualdna.com" />
+	<target host="data.visualdna.com" />
+	<target host="datablog.visualdna.com" />
+	<target host="e.visualdna.com" />
+	<target host="ev.visualdna.com" />
+	<target host="life.visualdna.com" />
+	<target host="login.visualdna.com" />
+	<target host="my.visualdna.com" />
+	<target host="vip-01.visualdna.com" />
+	<target host="w.visualdna.com" />
+	<target host="whoami.visualdna.com" />
+	<target host="why.visualdna.com" />
+	<target host="whyanalytics.visualdna.com" />
+	<target host="whysupport.visualdna.com" />
+	<target host="ws.visualdna.com" />
+	<target host="you.visualdna.com" />
+
+	<target host="a1.vdna-assets.com" />
+	<target host="a2.vdna-assets.com" />
+	<target host="a3.vdna-assets.com" />
+	<target host="a4.vdna-assets.com" />
+	<target host="a5.vdna-assets.com" />
+	<target host="a6.vdna-assets.com" />
+	<target host="a7.vdna-assets.com" />
+	<target host="a8.vdna-assets.com" />
+	<target host="a9.vdna-assets.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/VisualWebsiteOptimizer.xml b/src/chrome/content/rules/VisualWebsiteOptimizer.xml
index 9bd9c794bc95..285b07851023 100644
--- a/src/chrome/content/rules/VisualWebsiteOptimizer.xml
+++ b/src/chrome/content/rules/VisualWebsiteOptimizer.xml
@@ -1,7 +1,9 @@
 <ruleset name="Visual Website Optimizer (partial)">
 
 	<target host="visualwebsiteoptimizer.com" />
-	<target host="*.visualwebsiteoptimizer.com" />
+	<target host="dev.visualwebsiteoptimizer.com" />
+	<target host="v2.visualwebsiteoptimizer.com" />
+	<target host="www.visualwebsiteoptimizer.com" />
 		<!--
 			These paths 301 to http:
 
@@ -29,10 +31,10 @@
 				- terms-conditions.php$
 				- testimonials.php$
 						-->
-		<exclusion pattern="^http://visualwebsiteoptimizer\.com/($|.+/$|(about-us|affiliates|careers|case-studies|(certified-|tech-)?partners|comparison|customers|faqs|feature(-list|s)|ideafox|privacy-policy|terms-conditions|testimonials)\.php($|\?))" />
+		<exclusion pattern="^http://visualwebsiteoptimizer\.com/(?:$|.+/$|(?:about-us|affiliates|careers|case-studies|(?:certified-|tech-)?partners|comparison|customers|faqs|feature(?:-list|s)|ideafox|privacy-policy|terms-conditions|testimonials)\.php(?:$|\?))" />
 
 
-	<securecookie host="^[^w].*\.visualwebsiteoptimizer\.com$" name=".*" />
+	<securecookie host="^[^w].*\.visualwebsiteoptimizer\.com$" name=".+" />
 
 
 	<!--	Observed working paths:
@@ -48,7 +50,7 @@
 			- signup.php$
 			- split-testing-blog/wp-content/
 				-->
-	<rule from="^https?://(?:(dev\.|v2\.)|www\.)?visualwebsiteoptimizer\.com/"
+	<rule from="^http://(?:(dev\.|v2\.)|www\.)?visualwebsiteoptimizer\.com/"
 		to="https://$1visualwebsiteoptimizer.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Visual_Revenue.xml b/src/chrome/content/rules/Visual_Revenue.xml
index 9aa7ab73daab..40d6213ec95c 100644
--- a/src/chrome/content/rules/Visual_Revenue.xml
+++ b/src/chrome/content/rules/Visual_Revenue.xml
@@ -1,16 +1,31 @@
 <!--
+	CDN buckets:
+
+		- www.outbrain.com.edgesuite.net
+
+			- a
+
+		- chi2only.outbrain.com
+
+			- p
+			- t
+
+
 	Nonfunctional domains:
 
 		- a		(503, akamai)
-		- p *
-		- t *
+		- p ²
 
-	* Refused
+	² 500; mismatched, CN: *.outbrain.com
 
 
 	Problematic subdomains:
 
 		- (www.)	(some pages redirect to http; expired 2009-06-03, CN: plesk)
+		- t ²
+		- t1 ²
+
+	² Works; mismatched, CN: *.editorial.outbrain.com
 
 
 	a sets the following wildcard cookies on
@@ -27,13 +42,12 @@
 -->
 <ruleset name="Visual Revenue (partial)">
 
-	<target host="*.visualrevenue.com" />
+	<target host="platform.visualrevenue.com" />
 
 
 	<securecookie host="^\.platform\.visualrevenue\.com$" name=".+" />
 
 
-	<rule from="^http://platform\.visualrevenue\.com/"
-		to="https://platform.visualrevenue.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Visual_Studio.com.xml b/src/chrome/content/rules/Visual_Studio.com.xml
new file mode 100644
index 000000000000..13398a403f55
--- /dev/null
+++ b/src/chrome/content/rules/Visual_Studio.com.xml
@@ -0,0 +1,37 @@
+<!--
+
+	For other Microsoft coverage, see Microsoft.xml.
+
+
+	Nonfunctional hosts in *visualstudio.com:
+
+		- events *
+		- landinghub ¹
+		- msdnadmin ¹
+		- stories ¹
+		- webtooling ¹
+
+	* Dropped
+	¹ Mismatch
+
+	Insecure cookies are set for these domains:
+
+		- .code.visualstudio.com
+
+-->
+<ruleset name="Visual Studio.com (partial)">
+	<target host="visualstudio.com" />
+	<target host="code.visualstudio.com" />
+	<target host="connect.visualstudio.com" />
+	<target host="dungnv173.visualstudio.com" />
+	<target host="java.visualstudio.com" />
+	<target host="marketplace.visualstudio.com" />
+	<target host="msdnadminprodscussu1.app.msdnadmin.visualstudio.com" />
+	<target host="taco.visualstudio.com" />
+	<target host="app.vssps.visualstudio.com" />
+	<target host="www.visualstudio.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"	to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Visualcapitalist.xml b/src/chrome/content/rules/Visualcapitalist.xml
new file mode 100644
index 000000000000..0c76c36fa370
--- /dev/null
+++ b/src/chrome/content/rules/Visualcapitalist.xml
@@ -0,0 +1,11 @@
+<ruleset name="VisualCapitalist">
+
+	<target host="visualcapitalist.com"/>
+	<target host="www.visualcapitalist.com"/>
+
+	<target host="money.visualcapitalist.com"/>
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Visualising_Advocacy.org.xml b/src/chrome/content/rules/Visualising_Advocacy.org.xml
new file mode 100644
index 000000000000..aba38ca0dd32
--- /dev/null
+++ b/src/chrome/content/rules/Visualising_Advocacy.org.xml
@@ -0,0 +1,21 @@
+<!--
+	For other Tactical Technology coverage, see Tactical_Tech.org.xml.
+
+
+	Mixed content:
+
+		- Bugs from i.creativecommons.org *
+
+	* Secured by us
+
+-->
+<ruleset name="Visualising Advocacy.org">
+
+	<target host="visualisingadvocacy.org" />
+	<target host="www.visualisingadvocacy.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/VisualizingPalestine.org.xml b/src/chrome/content/rules/VisualizingPalestine.org.xml
new file mode 100644
index 000000000000..1410dc50789a
--- /dev/null
+++ b/src/chrome/content/rules/VisualizingPalestine.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="VisualizingPalestine.org">
+	<target host="visualizingpalestine.org" />
+	<target host="www.visualizingpalestine.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/VitalAds.xml b/src/chrome/content/rules/VitalAds.xml
index c17a13f80d2b..e2252a816c33 100644
--- a/src/chrome/content/rules/VitalAds.xml
+++ b/src/chrome/content/rules/VitalAds.xml
@@ -1,11 +1,20 @@
-<ruleset name="VitalAds (partial)">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://vitalads.com/ => https://vitalads.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.vitalads.com/ => https://www.vitalads.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://vitalads.com/ => https://vitalads.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.vitalads.com/ => https://www.vitalads.com/: (60, 'SSL certificate problem: certificate has expired')
+-->
+<ruleset name="VitalAds (partial)" default_off="failed ruleset test">
 
 	<target host="vitalads.com"/>
 	<target host="www.vitalads.com"/>
 
-	<securecookie host="^(.*\.)?vitalads\.com$" name=".*"/>
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(www\.)?vitalads\.com/"
-		to="https://$1vitalads.com/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/VitalMend.com.xml b/src/chrome/content/rules/VitalMend.com.xml
new file mode 100644
index 000000000000..a0478f8b24b4
--- /dev/null
+++ b/src/chrome/content/rules/VitalMend.com.xml
@@ -0,0 +1,35 @@
+<!--
+	Other VitalMend rulesets:
+
+		- Garcinia_Cambogia_VitalMend.com.xml
+
+
+	Mixed content:
+
+		- Script from code.jquery.com *
+
+	* Present regardless of our activity.
+	  Secured by us.
+
+
+	Some pages redirect to http.
+
+-->
+<ruleset name="VitalMend.com (partial)">
+
+	<target host="vitalmend.com" />
+	<target host="www.vitalmend.com" />
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="^http://(www\.)?vitalmend.com/+($|\?)" /-->
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="^http://(www\.)?vitalmend.com/+(favicon\.ico|images/|my-account($|[?/])|wp-content/|wp-includes/)" /-->
+
+
+	<rule from="^http://(www\.)?vitalmend\.com/(?=favicon\.ico|images/|my-account(?:$|[?/])|wp-content/|wp-includes/)"
+		to="https://$1vitalmend.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Vital_Gamers.com.xml b/src/chrome/content/rules/Vital_Gamers.com.xml
new file mode 100644
index 000000000000..6e0215efb3ce
--- /dev/null
+++ b/src/chrome/content/rules/Vital_Gamers.com.xml
@@ -0,0 +1,17 @@
+<!--
+	CN: Parallels Panel
+
+
+	Mixed images from various domains
+
+-->
+<ruleset name="Vital Gamers.com" default_off="self-signed">
+
+	<target host="vitalgamers.com" />
+	<target host="www.vitalgamers.com" />
+
+
+	<rule from="^http://(?:www\.)?vitalgamers\.com/"
+		to="https://vitalgamers.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Vitalwerks-mismatches.xml b/src/chrome/content/rules/Vitalwerks-mismatches.xml
index b1de228cf0c7..c74b83a1e83f 100644
--- a/src/chrome/content/rules/Vitalwerks-mismatches.xml
+++ b/src/chrome/content/rules/Vitalwerks-mismatches.xml
@@ -1,4 +1,4 @@
-<ruleset name="Vitalwerks (mismatches)" default_off="mismatch">
+<ruleset name="Vitalwerks (mismatches)" default_off="mismatched">
 
 	<target host="canyouseeme.org"/>
 	<target host="www.canyouseeme.org"/>
diff --git a/src/chrome/content/rules/Vitalwerks.xml b/src/chrome/content/rules/Vitalwerks.xml
index c0b86b92bdf6..4350308ca187 100644
--- a/src/chrome/content/rules/Vitalwerks.xml
+++ b/src/chrome/content/rules/Vitalwerks.xml
@@ -5,10 +5,11 @@
 	<target host="no-ip.com"/>
 	<target host="*.no-ip.com"/>
 
-	<rule from="^http://cdn\.no-ip\.com/"
-		to="https://noipcdn.s3.amazonaws.com/"/>
+	<test url="http://blog.no-ip.com/" />
+	<test url="http://cdn.no-ip.com/" />
+	<test url="http://www.no-ip.com/" />
 
-	<rule from="^http://(?:www\.)?no-ip\.com/(client/|company/[^$]|favicon\.ico|images/|login|(?:1click|newUser)\.php)"
-		to="https://www.no-ip.com/$1"/>
+	<rule from="^http:"
+		to="https:"/>
 
 </ruleset>
diff --git a/src/chrome/content/rules/Vitamin-T.xml b/src/chrome/content/rules/Vitamin-T.xml
index f84dffefa923..4587387aca7b 100644
--- a/src/chrome/content/rules/Vitamin-T.xml
+++ b/src/chrome/content/rules/Vitamin-T.xml
@@ -4,9 +4,8 @@
 	<!--	cert: aquent.com	-->
 	<target host="www.vitamintalent.com"/>
 
-	<securecookie host="^vitamintalent\.com$" name=".*"/>
+	<securecookie host="^vitamintalent\.com$" name=".+" />
 
-	<rule from="^http://(?:www\.)?vitamintalent\.com/"
-		to="https://vitamintalent.com/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Vitamin_D_Council.xml b/src/chrome/content/rules/Vitamin_D_Council.xml
index 4dc080bbe0ad..2ba6ad62eff9 100644
--- a/src/chrome/content/rules/Vitamin_D_Council.xml
+++ b/src/chrome/content/rules/Vitamin_D_Council.xml
@@ -7,7 +7,6 @@
 	<securecookie host="^(?:www\.)?vitamindcouncil\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?vitamindcouncil\.org/"
-		to="https://$1vitamindcouncil.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Vitamin_Shoppe.xml b/src/chrome/content/rules/Vitamin_Shoppe.xml
new file mode 100644
index 000000000000..8c22e23e3be7
--- /dev/null
+++ b/src/chrome/content/rules/Vitamin_Shoppe.xml
@@ -0,0 +1,50 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://vitaminshoppe.com/ => https://www.vitaminshoppe.com/: Too many redirects while fetching 'https://www.vitaminshoppe.com/'
+
+	vitaminshoppe.liveclicker.com
+
+		- video
+
+
+	Problematic subdomains:
+
+		- ^ ¹
+		- video ²
+
+	¹ Mismatched, CN: m.vitaminshoppe.com
+	² Works; mismatched, CN: *.liveclicker.com
+
+
+	Mixed content:
+
+		- Images, on video from:
+
+			- www ¹
+			- wpc.79a8.edgecastcdn.net ¹
+			- normalizer01.liveclicker.com ²
+			- ecdn.liveclicker.net
+
+	¹ Secured by us
+	² Unsecurable <= dropped
+
+-->
+<ruleset name="Vitamin Shoppe.com (partial)">
+
+	<target host="vitaminshoppe.com" />
+	<target host="www.vitaminshoppe.com" />
+	<target host="m.vitaminshoppe.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<securecookie host="^(?:m|www)?\.vitaminshoppe\.com" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?vitaminshoppe\.com/"
+		to="https://www.vitaminshoppe.com/" />
+
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Vitelity.xml b/src/chrome/content/rules/Vitelity.xml
index b6b83b57af4c..ca79afc0816f 100644
--- a/src/chrome/content/rules/Vitelity.xml
+++ b/src/chrome/content/rules/Vitelity.xml
@@ -1,5 +1,5 @@
 <ruleset name="Vitelity">
   <target host="portal.vitelity.net" />
 
-  <rule from="^http://portal\.vitelity\.net/" to="https://portal.vitelity.net/" />
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Viu.com.xml b/src/chrome/content/rules/Viu.com.xml
new file mode 100644
index 000000000000..09585c295137
--- /dev/null
+++ b/src/chrome/content/rules/Viu.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="Viu.com">
+	<target host="viu.com" />
+	<target host="www.viu.com" />
+	<target host="web.viu.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Vivaciti.xml b/src/chrome/content/rules/Vivaciti.xml
index 23c646ac5602..051517da412e 100644
--- a/src/chrome/content/rules/Vivaciti.xml
+++ b/src/chrome/content/rules/Vivaciti.xml
@@ -4,7 +4,7 @@
 	<target host="www.vivaciti.net"/>
 		<exclusion pattern="^http://www\.vivaciti\.net/forum/$"/>
 
-	<securecookie host="^vivaciti\.net$" name=".*"/>
+	<securecookie host="^vivaciti\.net$" name=".+" />
 
 	<rule from="^http://(?:www\.)?vivaciti\.net/"
 		to="https://vivaciti.net/"/>
diff --git a/src/chrome/content/rules/Vivanuncios.com.mx.xml b/src/chrome/content/rules/Vivanuncios.com.mx.xml
new file mode 100644
index 000000000000..c1823f395b34
--- /dev/null
+++ b/src/chrome/content/rules/Vivanuncios.com.mx.xml
@@ -0,0 +1,32 @@
+<!--
+	Non-functional subdomains:
+
+		- desarrollos	(m)
+		- inmuebles	(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+
+	Host has wildcard DNS
+-->
+<ruleset name="Vivanuncios.com.mx">
+
+	<target host="vivanuncios.com.mx" />
+	<target host="www.vivanuncios.com.mx" />
+	<target host="academiaprotool.vivanuncios.com.mx" />
+	<target host="ayuda.vivanuncios.com.mx" />
+	<target host="blog.vivanuncios.com.mx" />
+	<target host="ecg-api.vivanuncios.com.mx" />
+	<target host="ecg-api-partners.vivanuncios.com.mx" />
+	<target host="ecg-apis.vivanuncios.com.mx" />
+	<target host="ecg-apis-partners.vivanuncios.com.mx" />
+	<target host="protool.vivanuncios.com.mx" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Viveris.fr.xml b/src/chrome/content/rules/Viveris.fr.xml
new file mode 100644
index 000000000000..9bfe822dddb8
--- /dev/null
+++ b/src/chrome/content/rules/Viveris.fr.xml
@@ -0,0 +1,25 @@
+<!--
+	^: 404
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.viveris.fr
+
+-->
+<ruleset name="Viveris.fr">
+
+	<target host="viveris.fr" />
+	<target host="www.viveris.fr" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.viveris\.fr$" name="^[\da-f]{32}$" /-->
+
+	<securecookie host="^www\.viveris\.fr$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Viviscal.xml b/src/chrome/content/rules/Viviscal.xml
index 5feb5a6b2e3f..dec4b8a89f1c 100644
--- a/src/chrome/content/rules/Viviscal.xml
+++ b/src/chrome/content/rules/Viviscal.xml
@@ -1,10 +1,19 @@
-<ruleset name="Viviscal" platform="mixedcontent">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://viviscal.co.uk/ => https://viviscal.co.uk/: Too many redirects while fetching 'https://viviscal.co.uk/'
+Fetch error: http://www.viviscal.co.uk/ => https://www.viviscal.co.uk/: Too many redirects while fetching 'https://www.viviscal.co.uk/'
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://viviscal.co.uk/ => https://viviscal.co.uk/: Cycle detected - URL already encountered: https://viviscal.co.uk/
+Fetch error: http://www.viviscal.co.uk/ => https://www.viviscal.co.uk/: Cycle detected - URL already encountered: https://www.viviscal.co.uk/
+-->
+<ruleset name="Viviscal" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="viviscal.co.uk" />
 	<target host="www.viviscal.co.uk" />
 
 
-	<rule from="^http://(www\.)?viviscal\.co\.uk/"
-		to="https://$1viviscal.co.uk/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Vizury.com.xml b/src/chrome/content/rules/Vizury.com.xml
new file mode 100644
index 000000000000..93f50cb02a88
--- /dev/null
+++ b/src/chrome/content/rules/Vizury.com.xml
@@ -0,0 +1,37 @@
+<!--
+	Nonfunctional hosts in *vizury.com:
+
+		- ^ ¹
+		- hub ¹
+		- web ²
+
+	¹ Refused
+	² Dropped
+
+
+	Insecure cookies are set for these domains: ᶜ
+
+		- .vizury.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Vizury.com (partial)">
+
+	<target host="www.vizury.com" />
+
+		<test url="http://www.vizury.com/analyze/analyze.php" />
+		<test url="http://www.vizury.com/analyze/log.php" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.vizury\.com$" name="^(OAID|r|vizid|vizp|vs)$" /-->
+
+	<securecookie host="^\." name="^(?:OAID|r|vizid|vizp|vs)$" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Vizzit.se.xml b/src/chrome/content/rules/Vizzit.se.xml
index bfddb95e83bf..4feb05f322a1 100644
--- a/src/chrome/content/rules/Vizzit.se.xml
+++ b/src/chrome/content/rules/Vizzit.se.xml
@@ -1,6 +1,6 @@
 <!-- yet another 1px tracking host :-( -->
 <ruleset name="Vizzit.se">
 	<target host="www.vizzit.se" />
-	<rule from="^http://www\.vizzit\.se/" to="https://www.vizzit.se/"/>
+	<rule from="^http:" to="https:" />
 </ruleset>
 
diff --git a/src/chrome/content/rules/Vliegtickets.nl.xml b/src/chrome/content/rules/Vliegtickets.nl.xml
new file mode 100644
index 000000000000..329fa19aa291
--- /dev/null
+++ b/src/chrome/content/rules/Vliegtickets.nl.xml
@@ -0,0 +1,15 @@
+<!--
+
+  autohuur.vliegtickets.nl - Incorrect certificate
+  vakanties.vliegtickets.nl - Redirects to http
+
+-->
+<ruleset name="Vliegtickets.nl">
+  <target host="vliegtickets.nl" />
+  <target host="www.vliegtickets.nl" />
+  <target host="static.vliegtickets.nl" />
+  <target host="engine.vliegtickets.nl" />
+
+  <rule from="^http://vliegtickets\.nl/" to="https://www.vliegtickets.nl/" />
+  <rule from="^http://([^/:@]+)\.vliegtickets\.nl/" to="https://$1.vliegtickets.nl/" />
+</ruleset>
diff --git a/src/chrome/content/rules/Vm.ag.xml b/src/chrome/content/rules/Vm.ag.xml
new file mode 100644
index 000000000000..ecf5a4240b1d
--- /dev/null
+++ b/src/chrome/content/rules/Vm.ag.xml
@@ -0,0 +1,13 @@
+<ruleset name="Vm.ag">
+
+	<target host="vm.ag" />
+	<target host="www.vm.ag" />
+	<target host="piwik.vm.ag" />
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Vmail.me.xml b/src/chrome/content/rules/Vmail.me.xml
deleted file mode 100644
index 0301fd4b7fc2..000000000000
--- a/src/chrome/content/rules/Vmail.me.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="Vmail.me">
-  <target host="vmail.me" />
-  <target host="www.vmail.me" />
-
-  <rule from="^http://(www\.)?vmail\.me/" to="https://www.vmail.me/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Vmcdn.de.xml b/src/chrome/content/rules/Vmcdn.de.xml
new file mode 100644
index 000000000000..e828367fda8e
--- /dev/null
+++ b/src/chrome/content/rules/Vmcdn.de.xml
@@ -0,0 +1,17 @@
+<!--
+	These altnames don't exist:
+
+		- www.vmcdn.de
+
+-->
+<ruleset name="vmcdn.de">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="vmcdn.de" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Vn5socks.com.xml b/src/chrome/content/rules/Vn5socks.com.xml
deleted file mode 100644
index ac180b1538ce..000000000000
--- a/src/chrome/content/rules/Vn5socks.com.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="vn5socks.com">
-
-	<target host="vn5socks.com" />
-	<target host="www.vn5socks.com" />
-
-
-	<securecookie host="^www\.vn5socks\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?vn5socks\.com/"
-		to="https://$1vn5socks.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/VoDLocker.to.xml b/src/chrome/content/rules/VoDLocker.to.xml
new file mode 100644
index 000000000000..7377d66d41a4
--- /dev/null
+++ b/src/chrome/content/rules/VoDLocker.to.xml
@@ -0,0 +1,12 @@
+<!--
+	Redirects to HTTP:
+		- dl.vodlocker.to
+-->
+<ruleset name="VoDLocker.to">
+	<target host="vodlocker.to" />
+	<target host="www.vodlocker.to" />
+	<target host="api.vodlocker.to" />
+	<target host="cdn.vodlocker.to" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/VoIPDistributor.net.xml b/src/chrome/content/rules/VoIPDistributor.net.xml
deleted file mode 100644
index 5c25844d6456..000000000000
--- a/src/chrome/content/rules/VoIPDistributor.net.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="VoIPDistributor.net">
-
-	<target host="voipdistributor.net" />
-	<target host="*.voipdistributor.net" />
-
-
-	<securecookie host="^\.?voipdistributor\.net$" name=".+" />
-
-
-	<rule from="^http://(www\.)?voipdistributor\.net/"
-		to="https://$1voipdistributor.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Voat.co.xml b/src/chrome/content/rules/Voat.co.xml
new file mode 100644
index 000000000000..db84620330b4
--- /dev/null
+++ b/src/chrome/content/rules/Voat.co.xml
@@ -0,0 +1,43 @@
+<!--
+	NB: Tor users cannot view* this website due to CloudFlare settings.
+
+	See:
+
+		- https://blog.torproject.org/blog/call-arms-helping-internet-services-accept-anonymous-users
+		- https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block-Tor-
+		- https://support.cloudflare.com/hc/en-us/articles/200170206-How-do-I-turn-I-m-Under-Attack-mode-on-
+
+	* without enabling javascript, for security and privacy implications see e.g.:
+
+		- https://www.mozilla.org/security/known-vulnerabilities/firefox.html
+		- https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-fingerprinting
+		- https://panopticlick.eff.org
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- voat.co
+		- .voat.co
+		- www.voat.co
+
+-->
+<ruleset name="Voat.co">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="voat.co" />
+	<target host="www.voat.co" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?voat\.co$" name="^(?:__RequestVerificationToken|NotFirstTime)$" /-->
+	<!--securecookie host="^\.voat\.co$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^(?:\.|www\.)?voat\.co$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Vocaroo.com.xml b/src/chrome/content/rules/Vocaroo.com.xml
new file mode 100644
index 000000000000..32c519e8b2de
--- /dev/null
+++ b/src/chrome/content/rules/Vocaroo.com.xml
@@ -0,0 +1,19 @@
+<!--
+
+	Mismatched hosts in *vocaroo.com:
+
+		- www
+
+-->
+<ruleset name="Vocaroo.com">
+
+	<target host="vocaroo.com" />
+	<target host="www.vocaroo.com" />
+
+	<rule from="^http://www\.vocaroo\.com/"
+		to="https://vocaroo.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Vocativ.com.xml b/src/chrome/content/rules/Vocativ.com.xml
new file mode 100644
index 000000000000..5cd79630a43d
--- /dev/null
+++ b/src/chrome/content/rules/Vocativ.com.xml
@@ -0,0 +1,49 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.vocativ.com/?PageSpeed=noscript => https://www.vocativ.com/?PageSpeed=noscript: Too many redirects while fetching 'https://www.vocativ.com/?PageSpeed=noscript'
+Fetch error: http://www.vocativ.com/content/themes/vocativ/images/vocativ-logo-2x.png => https://www.vocativ.com/content/themes/vocativ/images/vocativ-logo-2x.png: Too many redirects while fetching 'https://www.vocativ.com/content/themes/vocativ/images/vocativ-logo-2x.png'
+
+	Mixed content:
+
+		- Bug on www from b.scorecardresearch.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Vocativ.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="vocativ.com" />
+	<target host="media.vocativ.com" />
+	<target host="www.vocativ.com" />
+	<target host="www1.vocativ.com" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.vocativ\.com/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.vocativ\.com/+(?!\?PageSpeed=noscript|content/|favicon\.ico)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.vocativ.com/contacts/" />
+			<test url="http://www.vocativ.com/culture/" />
+			<test url="http://www.vocativ.com/jobs/" />
+			<test url="http://www.vocativ.com/money/" />
+			<test url="http://www.vocativ.com/tech/" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.vocativ.com/?PageSpeed=noscript" />
+			<test url="http://www.vocativ.com/content/themes/vocativ/images/vocativ-logo-2x.png" />
+			<test url="http://www.vocativ.com/favicon.ico" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Vodafone.co.nz.xml b/src/chrome/content/rules/Vodafone.co.nz.xml
new file mode 100644
index 000000000000..eed058777288
--- /dev/null
+++ b/src/chrome/content/rules/Vodafone.co.nz.xml
@@ -0,0 +1,125 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://stores.vodafone.co.nz/ => https://stores.vodafone.co.nz/: (51, "SSL: no alternative certificate subject name matches target host name 'stores.vodafone.co.nz'")
+Fetch error: http://wholesale.vodafone.co.nz/ => https://wholesale.vodafone.co.nz/: (51, "SSL: no alternative certificate subject name matches target host name 'wholesale.vodafone.co.nz'")
+
+	For other Vodafone Group coverage, see Vodafone.xml.
+
+
+	Nonfunctional hosts in *vodafone.co.nz:
+
+		- feedback-reporting ¹
+		- foundation ¹
+		- search ¹
+		- topmodel ¹
+		- tradein ²
+		- vmusic ³
+
+	¹ Blank page
+	² Handshake fails
+	³ Plaintext reply
+
+
+	Problematic hosts in *vodafone.co.nz:
+
+		- forum *
+
+		- www.wholesale *
+
+	* Mismatched
+
+
+	These altnames don't exist:
+
+		- blogs.vodafone.co.nz
+		- games.vodafone.co.nz
+		- firstmobile.vodafone.co.nz
+		- storybook.vodafone.co.nz
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- vodafone.co.nz
+		- community.vodafone.co.nz
+		- feedback.vodafone.co.nz
+		- help.vodafone.co.nz
+		- m.vodafone.co.nz
+		- .wholesale.vodafone.co.nz
+		- www.vodafone.co.nz
+
+
+	Mixed content:
+
+		- Images on help from $self *
+		- Bug on www from a.tribalfusion.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Vodafone.co.nz (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="vodafone.co.nz" />
+	<target host="community.vodafone.co.nz" />
+	<target host="feedback.vodafone.co.nz" />
+	<target host="help.vodafone.co.nz" />
+	<target host="m.vodafone.co.nz" />
+	<target host="stores.vodafone.co.nz" />
+	<target host="webmail.vodafone.co.nz" />
+	<target host="wholesale.vodafone.co.nz" />
+	<target host="www.vodafone.co.nz" />
+
+	<!--	Complications:
+				-->
+	<target host="forum.vodafone.co.nz" />
+	<target host="search.vodafone.co.nz" />
+
+		<!--	/\w.* 404s:
+					-->
+		<exclusion pattern="^http://search\.vodafone\.co\.nz/+(?!$|\?)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://search.vodafone.co.nz/f" />
+			<test url="http://search.vodafone.co.nz/o" />
+			<test url="http://search.vodafone.co.nz//o" />
+			<test url="http://search.vodafone.co.nz/b" />
+			<test url="http://search.vodafone.co.nz/a" />
+
+		<test url="http://feedback.vodafone.co.nz/analytics/ga.php?utmac=" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?vodafone\.co\.nz$" name="^bIPs$" /-->
+	<!--securecookie host="^communityfeedback\.vodafone\.co\.nz$" name="^LithiumVisitor$" /-->
+	<!--securecookie host="^feedback\.vodafone\.co\.nz$" name="^__utmmobile$" /-->
+	<!--securecookie host="^help\.vodafone\.co\.nz$" name="^cp_session$" /-->
+	<!--securecookie host="^m\.vodafone\.co\.nz$" name="^(?:BIGipServer\w+|JSESSIONID)$" /-->
+	<!--securecookie host="^\.wholesale\.vodafone\.co\.nz$" name="^(?:ANON|VIS)ID\d+$" /-->
+
+	<securecookie host=".+" name=".+"/>
+
+
+	<!--	Redirect keeps path and args,
+		but not forward slash:
+					-->
+	<rule from="^http://forum\.vodafone\.co\.nz/+"
+		to="https://community.vodafone.co.nz/" />
+
+		<test url="http://forum.vodafone.co.nz//" />
+
+	<!--	Redirect drops args and forward slash:
+							-->
+	<rule from="^http://search\.vodafone\.co\.nz/.*"
+		to="https://www.vodafone.co.nz/search" />
+
+		<test url="http://search.vodafone.co.nz/?f" />
+		<test url="http://search.vodafone.co.nz/?o" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Vodafone.co.uk.xml b/src/chrome/content/rules/Vodafone.co.uk.xml
new file mode 100644
index 000000000000..ad5eda59e1f2
--- /dev/null
+++ b/src/chrome/content/rules/Vodafone.co.uk.xml
@@ -0,0 +1,113 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://iphone.vodafone.co.uk/ => https://iphone.vodafone.co.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'iphone.vodafone.co.uk'")
+Fetch error: http://pp-shop.vodafone.co.uk/ => https://pp-shop.vodafone.co.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'pp-shop.vodafone.co.uk'")
+Fetch error: http://vip.vodafone.co.uk/ => https://vip.vodafone.co.uk/: (6, 'Could not resolve host: vip.vodafone.co.uk')
+
+	For other Vodafone Group coverage, see Vodafone.xml.
+
+
+	CDN buckets:
+
+		- s3.blog.vodafone.co.uk.s3.amazonaws.com
+
+
+	Nonfunctional hosts in *vodafone.com:
+
+
+	Problematic hosts in *vodafone.co.uk:
+
+		- blog *
+		- rewardz *
+
+	* Mismatched
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .vodafone.co.uk
+		- forum.vodafone.co.uk
+		- .forum.vodafone.co.uk
+		- freesim.vodafone.co.uk
+		- pp-shop.vodafone.co.uk
+		- rewards.vodafone.co.uk
+		- shop.vodafone.co.uk
+		- www.vodafone.co.uk
+
+
+	cms-consumer: Dropped over http & https
+
+
+	Mixed content:
+
+		- css on blog from $self ¹
+
+		- Image, on:
+
+			- blog, mediacentre from s3.blog.vodafone.co.uk.s3.amazonaws.com
+			- blog from $self ¹
+			- careers from $self *
+			- iphone, pp-shop, shop from assets.vodafone.co.uk *
+			- iphone, pp-shop, rewards from www.vodafone.co.uk *
+
+		- Bugs, on:
+
+			- blog from vodafoneuk.122.2o7.net *
+			- blog from www.facebook.com *
+
+	¹ Not secured by us <= mismatched
+	* Secured by us
+
+-->
+<ruleset name="Vodafone.co.uk (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="vodafone.co.uk" />
+	<target host="assets.vodafone.co.uk" />
+	<target host="careers.vodafone.co.uk" />
+	<target host="freesim.vodafone.co.uk" />
+	<target host="help.vodafone.co.uk" />
+	<target host="iphone.vodafone.co.uk" />
+	<target host="mediacentre.vodafone.co.uk" />
+	<target host="online.vodafone.co.uk" />
+	<target host="pp-shop.vodafone.co.uk" />
+	<target host="rewards.vodafone.co.uk" />
+	<target host="shop.vodafone.co.uk" />
+	<target host="support.vodafone.co.uk" />
+	<target host="tradein.vodafone.co.uk" />
+	<target host="vip.vodafone.co.uk" />
+	<target host="www.vodafone.co.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="rewardz.vodafone.co.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.vodafone\.co\.uk$" name="^(?:ObSSOCookie|vf_returning_visitor)$" /-->
+	<!--securecookie host="^forum\.vodafone\.co\.uk$" name="^(?:LiSESSIONID|LithiumUserSecure|LithiumUserInfo|LithiumVisitor)$" /-->
+	<!--securecookie host="^\.forum\.vodafone\.co\.uk$" name="^recentlyViewedPosts$" /-->
+	<!--securecookie host="freesim\.vodafone\.co\.uk$" name="^(?:ci_session|csrf_cookie_name)$" /-->
+	<!--securecookie host="^rewards\.vodafone\.co\.uk$" name="^freebees$" /-->
+	<!--securecookie host="^(?:pp-)?shop\.vodafone\.co\.uk$" name="^(?:DYN_USER_CONFIRM|DYN_USER_ID|JSESSIONID)$" /-->
+	<!--securecookie host="^www\.vodafone\.co\.uk$" name="^(?:JSESSIONID|VFCOOKIE)$" /-->
+
+	<securecookie host="^\.vodafone\.co\.uk$" name="^vf_returning_visitor$" />
+	<securecookie host=".+\.vodafone\.co\.uk$" name=".+" />
+
+
+	<!--	Redirect keeps path and args,
+		but not forward slash:
+					-->
+	<rule from="^http://rewardz\.vodafone\.co\.uk/+"
+		to="https://rewards.vodafone.co.uk/" />
+
+		<test url="http://rewardz.vodafone.co.uk//" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Vodafone.de.xml b/src/chrome/content/rules/Vodafone.de.xml
new file mode 100644
index 000000000000..d0dd16ef73b3
--- /dev/null
+++ b/src/chrome/content/rules/Vodafone.de.xml
@@ -0,0 +1,83 @@
+<!--
+	For other Vodafone Group coverage, see Vodafone.xml.
+
+
+		- vodafonede.i.lithium.com
+
+			- forum.vodafone.de
+
+		- vodafone01.secure.lithium.com
+
+
+	Problematic hosts in *vodafone.de:
+
+		- www.dsl ¹
+		- www.dslshop ²
+		- m ¹
+
+	¹ Refused
+	² Cert only matches ^dslshop
+
+
+	Fully covered hosts in *vodafone.de:
+
+		- (www.)?dsl		(www → ^)
+		- (www.)?dslshop	(www → ^)
+		- forum
+		- hilfe
+		- media
+		- vfd2dyn
+		- was
+
+-->
+<ruleset name="Vodafone.de (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="vodafone.de" />
+	<target host="dsl.vodafone.de" />
+	<target host="dslshop.vodafone.de" />
+	<target host="forum.vodafone.de" />
+	<target host="hilfe.vodafone.de" />
+	<target host="media.vodafone.de" />
+	<target host="vfd2dyn.vodafone.de" />
+	<target host="shop.vodafone.de" />
+	<target host="www.vodafone.de" />
+
+	<!--	Complications:
+				-->
+	<target host="www.dsl.vodafone.de" />
+	<target host="www.dslshop.vodafone.de" />
+	<target host="m.vodafone.de" />
+
+		<!--	/+(?!$|\?) 404s:
+					-->
+		<exclusion pattern="^http://m\.vodafone\.de/+(?!$|\?)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://m.vodafone.de/index.htm" />
+			<test url="http://m.vodafone.de//index.htm" />
+			<test url="http://m.vodafone.de/index.php" />
+			<test url="http://m.vodafone.de/index.php?foo" />
+			<test url="http://m.vodafone.de//index.php" />
+
+
+	<securecookie host="^\.vodafone\.de$" name="^(?:DYN_USER_(?:CONFIRM|ID)|oshop|s_vi)$" />
+	<securecookie host="^(?:dsl|dslshop|forum|hilfe|shop|www)\.vodafone\.de$" name=".+" />
+
+
+	<rule from="^http://www\.dsl(shop)?\.vodafone\.de/"
+		to="https://dsl$1.vodafone.de/" />
+
+	<!--	Redirect keeps args but not forward slash:
+							-->
+	<rule from="^http://m\.vodafone\.de/+"
+		to="https://www.vodafone.de/mobil/privat/index.html" />
+
+		<test url="http://m.vodafone.de/?f" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Vodafone.ie.xml b/src/chrome/content/rules/Vodafone.ie.xml
new file mode 100644
index 000000000000..0ba85778e69f
--- /dev/null
+++ b/src/chrome/content/rules/Vodafone.ie.xml
@@ -0,0 +1,56 @@
+<!--
+	For other Vodafone Group coverage, see Vodafone.xml.
+
+
+	Nonfunctional hosts in *vodafone.ie:
+
+		- deviceguides *
+		- onlineforms	(certificate has expired)
+
+	* Handshake fails
+
+
+	Insecure cookies are set for these hosts:
+
+		- community.vodafone.ie
+		- shop.vodafone.ie
+		- support.vodafone.ie
+		- www.vodafone.ie
+
+
+	Mixed content:
+
+		- Image on support from www.vodafone.ie *
+		- favicon on support from www.vodafone.ie *
+
+	* Secured by us
+
+	Some pages redirect to HTTP:
+		shop.vodafone.ie
+			<test url="http://shop.vodafone.ie/shop/phonesAndPlans/phonesAndPlansHome.jsp?subPage=phones&planFilter=onAccount" />
+		Keeping partial coverage causes CORS issues
+
+	Mixed content:
+		community.vodafone.ie
+
+-->
+<ruleset name="Vodafone.ie (partial)">
+
+	<target host="vodafone.ie" />
+	<target host="www.vodafone.ie" />
+	<target host="nac.vodafone.ie" />
+	<target host="sso.vodafone.ie" />
+	<target host="support.vodafone.ie" />
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^nac\.vodafone\.ie$" name="^CAKEPHP$" /-->
+	<!--securecookie host="^support\.vodafone\.ie$" name="^(?:AJUDACLUSTER|eGain_eService_JSESSIONID)$" /-->
+	<!--securecookie host="^www\.vodafone\.ie$" name="^(?:JSESSIONID|SITESELECTION)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Vodafone.pt.xml b/src/chrome/content/rules/Vodafone.pt.xml
new file mode 100644
index 000000000000..7c305348a2e7
--- /dev/null
+++ b/src/chrome/content/rules/Vodafone.pt.xml
@@ -0,0 +1,24 @@
+<ruleset name="Vodafone.pt">
+	<target host="www.vodafone.pt" />
+	<target host="vodafone.pt" />
+	<target host="ajuda.vodafone.pt" />
+	<target host="loja.vodafone.pt" />
+	<target host="onenetuk.vodafone.pt" />
+	<target host="negocios.vodafone.pt" />
+	<target host="onenet.vodafone.pt" />
+	<target host="conferencing.vodafone.pt" />
+	<target host="forum.vodafone.pt" />
+	<target host="tvnetvoz.vodafone.pt" />
+	<target host="securenet.vodafone.pt" />
+	<target host="www.facturanahora.vodafone.pt" />
+	<target host="rbtweb.vodafone.pt" />
+	<target host="sms.vodafone.pt" />
+	<target host="webfecs.vodafone.pt" />
+	<target host="webgen.vodafone.pt" />
+	<target host="admin.net.vodafone.pt" />
+	<target host="at.vodafone.pt" />
+	<target host="my.vodafone.pt" />
+	<target host="mail.vodafone.pt" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Vodafone.xml b/src/chrome/content/rules/Vodafone.xml
index 56c8fe064f99..0623ce5e9a08 100644
--- a/src/chrome/content/rules/Vodafone.xml
+++ b/src/chrome/content/rules/Vodafone.xml
@@ -1,59 +1,25 @@
 <!--
-		- vodafonegroup.122.2o7.net
-		- vodafone.ivwbox.de
+	Other Vodafone rulesets:
 
-		- vodafonede.i.lithium.com
+		- Firsts.com.xml
+		- Vodafone.co.uk.xml
+		- Vodafone.co.nz.xml
+		- Vodafone.de.xml
+		- Vodafone.ie.xml
 
-			- forum.vodafone.de
+	Nonfunctional hosts in *vodafone.com:
 
-		- vodafone01.secure.lithium.com
+		- ^ (mismatched)
+		- cms-vp (timeout)
 
 
-	Problematic domains:
-
-		- www.dsl.vodafone.de		(refused)
-		- www.dslshop.vodafone.de	(cert only matches ^dslshop)
-
-
-	Fully covered domains:
-
-		- vodafone.de subdomains:
-
-			- (www.)dsl	(www → ^)
-			- (www.)dslshop	(www → ^)
-			- forum
-			- hilfe
-			- media
-			- vfd2dyn
-			- was
-
 -->
-<ruleset name="Vodafone" platform="mixedcontent">
-  <target host="vodafone.ie" />
-  <target host="www.vodafone.ie" />
-  <target host="vodafone.co.uk" />
-  <target host="www.vodafone.co.uk" />
-  <target host="online.vodafone.co.uk" />
-  <target host="shop.vodafone.co.uk" />
-  <target host="vodafone.de" />
-  <target host="*.vodafone.de" />
-  <target host="shop.vodafone.de" />
-  <target host="vodafone.co.nz" />
-  <target host="www.vodafone.co.nz" />
-
-
-	<securecookie host="^\.vodafone\.de$" name="^(?:DYN_USER_(?:CONFIRM|ID)|oshop|s_vi)$" />
-	<securecookie host="^(?:dsl|dslshop|forum|hilfe|shop|www)\.vodafone\.de$" name=".+" />
-
-
-  <rule from="^http://(?:www\.)?vodafone\.(co\.nz|co\.uk|de|ie)/" to="https://www.vodafone.$1/"/>
-  <rule from="^http://online\.vodafone\.co\.uk/" to="https://online.vodafone.co.uk/"/>
-  <rule from="^http://shop\.vodafone\.(co\.uk|de)/" to="https://shop.vodafone.$1/"/>
+<ruleset name="Vodafone.com (partial)">
 
-	<rule from="^http://(?:www\.)?dsl(shop)?\.vodafone\.de/"
-		to="https://dsl$1.vodafone.de/" />
+	<target host="vodafone.com" />
+	<target host="www.vodafone.com" />
 
-	<rule from="^http://(forum|hilfe|media|vfd2dyn|was)\.vodafone\.de/"
-		to="https://$1.vodafone.de/" />
+	<rule from="^http://(www\.)?vodafone\.com/"
+		to="https://www.vodafone.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Voffka.xml b/src/chrome/content/rules/Voffka.xml
index f977cc93d80b..3777ac1fbf2e 100644
--- a/src/chrome/content/rules/Voffka.xml
+++ b/src/chrome/content/rules/Voffka.xml
@@ -1,24 +1,67 @@
 <!--
-	Nonfunctional subdomains:
-
-		- i	(403/404)
-
-
-	Problematic subdomains:
-
-		- mail		(works, expired, mismatched, CN: id.kapranoff.ru)
-
-
-	i serves images only.
-
+	Invalid certificate:
+		ad.voffka.com
+		chat.voffka.com
+		www.chat.voffka.com
+		duo.voffka.com
+		j1.duo.voffka.com
+		j2.duo.voffka.com
+		j3.duo.voffka.com
+		j4.duo.voffka.com
+		mailer.duo.voffka.com
+		mysql.duo.voffka.com
+		forum.voffka.com
+		www.forum.voffka.com
+		forum-pda.voffka.com
+		gcore.voffka.com
+		i.voffka.com
+		imap-old.voffka.com
+		img.voffka.com
+		love.voffka.com
+		top.love.voffka.com
+		mail.voffka.com
+		mailer.voffka.com
+		maillist.voffka.com
+		monitoring.voffka.com
+		mx.voffka.com
+		ns.voffka.com
+		photo.voffka.com
+		www.photo.voffka.com
+		mail.photo.voffka.com
+		pop3-old.voffka.com
+		s05.voffka.com
+		s06.voffka.com
+		smtp-old.voffka.com
+		top.voffka.com
+		img.vozer.voffka.com
+		vref.voffka.com
+		xeon.voffka.com
+		j2.xeon.voffka.com
+		j3.xeon.voffka.com
+		j4.xeon.voffka.com
+	Refused:
+		mx1.voffka.com
+		mx2.voffka.com
+		mx3.voffka.com
+		ns2.voffka.com
+		old.voffka.com
+	Time out:
+		home.voffka.com
+		imap.voffka.com
+		pop3.voffka.com
+		smtp.voffka.com
+		stat.voffka.com
 -->
-<ruleset name="Voffka (partial)" platform="cacert">
-
+<ruleset name="voffka.com">
 	<target host="voffka.com" />
 	<target host="www.voffka.com" />
+	<target host="admin.voffka.com" />
+	<target host="mt.voffka.com" />
+	<target host="export.voffka.com" />
+	<target host="vozer.voffka.com" />
+	<target host="i.vozer.voffka.com" />
+	<target host="vozer2.voffka.com" />
 
-
-	<rule from="^http://(www\.)?voffka\.com/"
-		to="https://$1voffka.com/" />
-
-</ruleset>
\ No newline at end of file
+	<rule from="^http://www\.voffka\.com/" to="https://voffka.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Vogel.de.xml b/src/chrome/content/rules/Vogel.de.xml
new file mode 100644
index 000000000000..dc108df1dfe9
--- /dev/null
+++ b/src/chrome/content/rules/Vogel.de.xml
@@ -0,0 +1,24 @@
+<!--
+	Mixed content:
+
+		- Images on www from files *
+
+	* Secured by us
+
+-->
+<ruleset name="Vogel.de">
+
+	<target host="vogel.de" />
+	<target host="files.vogel.de" />
+	<target host="images.vogel.de" />
+	<target host="www.vogel.de" />
+
+
+	<!--	Not secured by server:
+					-->
+	<securecookie host="^(?:www\.)?vogel\.de$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Voice.fi.xml b/src/chrome/content/rules/Voice.fi.xml
index 1bd4acebe1f3..d9b13788f989 100644
--- a/src/chrome/content/rules/Voice.fi.xml
+++ b/src/chrome/content/rules/Voice.fi.xml
@@ -1,6 +1,19 @@
-<ruleset name="Voice.fi (broken)" default_off="breaks site, cert expired">
-  <target host="voice.fi"/>
-  <target host="www.voice.fi"/>
-  <rule from="^http://voice\.fi/" to="https://voice.fi/"/>
-  <rule from="^http://www\.voice\.fi/" to="https://www.voice.fi/"/>
+<!--
+	Non-functional hosts
+		Timeout was reached:
+			 - mail.voice.fi
+
+		SSL peer certificate was not OK:
+			 - voice.fi
+			 - m.voice.fi
+-->
+<ruleset name="Voice.fi (partial)">
+	<target host="voice.fi" />
+	<target host="www.voice.fi" />
+
+	<rule from="^http://voice\.fi/"
+		  	to="https://www.voice.fi/" />
+
+	<rule from="^http:"
+		  	to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/VoiceFive.xml b/src/chrome/content/rules/VoiceFive.xml
index 89cbb6923361..130ee20148d7 100644
--- a/src/chrome/content/rules/VoiceFive.xml
+++ b/src/chrome/content/rules/VoiceFive.xml
@@ -1,18 +1,20 @@
 <ruleset name="VoiceFive">
 
 	<target host="voicefive.com" />
-	<target host="*.voicefive.com" />
+	<target host="ar.voicefive.com" />
+	<target host="www.voicefive.com" />
+	<target host="b.voicefive.com" />
+	<target host="sb.voicefive.com" />
 
 
-	<securecookie host="^(.*\.)?voicefive\.com$" name=".*" />
+	<securecookie host=".+" name=".+"/>
 
 
-	<rule from="^http://(ar\.|www\.)?voicefive\.com/"
-		to="https://$1voicefive.com/" />
 
 	<!--	This is what the server does.
 						-->
-	<rule from="^https?://s?b\.voicefive\.com/"
+	<rule from="^http://s?b\.voicefive\.com/"
 		to="https://sb.voicefive.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/VoiceThread.com.xml b/src/chrome/content/rules/VoiceThread.com.xml
new file mode 100644
index 000000000000..2182185efb22
--- /dev/null
+++ b/src/chrome/content/rules/VoiceThread.com.xml
@@ -0,0 +1,38 @@
+<!--
+	Nonfunctional hosts in *voicethread.com:
+
+		- blog *
+
+	* Shows docs.voicethread.com
+
+
+	These altnames don't exist:
+
+		- www.docs.voicethread.com
+
+
+	Insecure cookies are set for these domains:
+
+		- .voicethread.com
+
+-->
+<ruleset name="VoiceThread.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="voicethread.com" />
+	<target host="docs.voicethread.com" />
+	<target host="www.voicethread.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.voicethread\.com$" name="^(?:VTSESSID|VTSESSID_START)$" /-->
+
+	<securecookie host="^\.voicethread\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Voice_Republic.com.xml b/src/chrome/content/rules/Voice_Republic.com.xml
new file mode 100644
index 000000000000..d0439de01970
--- /dev/null
+++ b/src/chrome/content/rules/Voice_Republic.com.xml
@@ -0,0 +1,47 @@
+<!--
+	Nonfunctional hosts in *voicerepublic.com:
+
+		- blog *
+
+	* Shows cp
+
+
+	Problematic hosts in *voicerepublic.com:
+
+		- status *
+
+	* Herokuapp
+
+
+	Insecure cookies are set for these hosts:
+
+		- voicerepublic.com
+		- www.voicerepublic.com
+
+
+	Mixed content:
+
+		- Images on status from blog.voicerepublic.com *
+
+	* Unsecurable <= 404
+
+-->
+<ruleset name="Voice Republic.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="voicerepublic.com" />
+	<target host="www.voicerepublic.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?voicerepublic\.com$" name="^(_\w+_session|XSRF-TOKEN)$" /-->
+
+	<securecookie host="^(?:www\.)?voicerepublic\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Voices.com.xml b/src/chrome/content/rules/Voices.com.xml
index 6777fa2d2b7b..ccc25d4f449b 100644
--- a/src/chrome/content/rules/Voices.com.xml
+++ b/src/chrome/content/rules/Voices.com.xml
@@ -17,7 +17,7 @@
 	<!--	- Cert only matches www
 		- Some pages redirect to http
 					-->
-	<rule from="^https?://(?:www\.)?voices\.com/((?:answers|apps|articles|client|community|company|css|directory|ebooks|find|help|images|img|industries|infographics|languages|login|newsroom|rates|resources|royalty-free-music|rss|rss_feeds|scripts|security|service|signup|site_map|tag|talents|videos)(?:$|[\?/])|(?:faq|surepay)\./html(?:$|\?)|talent/\w)"
+	<rule from="^http://(?:www\.)?voices\.com/((?:answers|apps|articles|client|community|company|css|directory|ebooks|find|help|images|img|industries|infographics|languages|login|newsroom|rates|resources|royalty-free-music|rss|rss_feeds|scripts|security|service|signup|site_map|tag|talents|videos)(?:$|[\?/])|(?:faq|surepay)\./html(?:$|\?)|talent/\w)"
 		to="https://www.voices.com/$1" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/VoidLinux.org.xml b/src/chrome/content/rules/VoidLinux.org.xml
new file mode 100644
index 000000000000..64a3b8cb9e06
--- /dev/null
+++ b/src/chrome/content/rules/VoidLinux.org.xml
@@ -0,0 +1,26 @@
+<!--
+	HTTP ≠ HTTPS:
+		- auto
+		- alpha.de.repo
+		- vm2.a-lej-de.m
+-->
+<ruleset name="VoidLinux.org.xml">
+	<target host="voidlinux.org" />
+	<target host="www.voidlinux.org" />
+	<target host="build.voidlinux.org" />
+	<target host="docs.voidlinux.org" />
+	<target host="infradocs.voidlinux.org" />
+	<target host="a-hel-fi.m.voidlinux.org" />
+	<target host="vm1.a-lej-de.m.voidlinux.org" />
+	<target host="man.voidlinux.org" />
+	<target host="monitoring.voidlinux.org" />
+	<target host="beta.de.repo.voidlinux.org" />
+	<target host="sources.voidlinux.org" />
+	<target host="terraform.voidlinux.org" />
+	<target host="wiki.voidlinux.org" />
+	<target host="xq-api.voidlinux.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Volatile_Systems.com-problematic.xml b/src/chrome/content/rules/Volatile_Systems.com-problematic.xml
index f962c5c270a0..88ffbf203c4b 100644
--- a/src/chrome/content/rules/Volatile_Systems.com-problematic.xml
+++ b/src/chrome/content/rules/Volatile_Systems.com-problematic.xml
@@ -7,7 +7,6 @@
 	<target host="lists.volatilesystems.com" />
 
 
-	<rule from="^http://lists\.volatilesystems\.com/"
-		to="https://lists.volatilesystems.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Volatile_Systems.com.xml b/src/chrome/content/rules/Volatile_Systems.com.xml
index 0280bd46ad54..bec9cef9c502 100644
--- a/src/chrome/content/rules/Volatile_Systems.com.xml
+++ b/src/chrome/content/rules/Volatile_Systems.com.xml
@@ -1,4 +1,12 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://volatilesystems.com/ => https://www.volatilesystems.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.volatilesystems.com/ => https://www.volatilesystems.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://volatilesystems.com/ => https://www.volatilesystems.com/: (28, 'Connection timed out after 10000 milliseconds')
+Fetch error: http://www.volatilesystems.com/ => https://www.volatilesystems.com/: (28, 'Connection timed out after 10001 milliseconds')
 	For problematic rules, see Volatile_Systems.com-problematic.xml.
 
 
@@ -7,7 +15,7 @@
 		- lists		(works; expired 2008-12-15, mismatched, CN: www.volatilesystems.com)
 
 -->
-<ruleset name="Volatile Systems.com (partial)">
+<ruleset name="Volatile Systems.com (partial)" default_off="failed ruleset test">
 
 	<target host="volatilesystems.com" />
 	<target host="www.volatilesystems.com" />
@@ -22,4 +30,4 @@
 	<rule from="^http://(?:www\.)?volatilesystems\.com/"
 		to="https://www.volatilesystems.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/VolcanoEcigs.xml b/src/chrome/content/rules/VolcanoEcigs.xml
index 9de08d5ba0d1..d122115a559a 100644
--- a/src/chrome/content/rules/VolcanoEcigs.xml
+++ b/src/chrome/content/rules/VolcanoEcigs.xml
@@ -2,5 +2,5 @@
   <target host="volcanoecigs.com"/>
   <target host="www.volcanoecigs.com"/>
 
-  <rule from="^http://(?:www\.)?volcanoecigs\.com/" to="https://www.volcanoecigs.com/"/>
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Volexity.com.xml b/src/chrome/content/rules/Volexity.com.xml
new file mode 100644
index 000000000000..4acd7698a8ca
--- /dev/null
+++ b/src/chrome/content/rules/Volexity.com.xml
@@ -0,0 +1,36 @@
+<!--
+	(www.)?volexity.com: Server sends no certificate chain, see https://whatsmychaincert.com
+
+
+	Insecure cookies are set for these hosts:
+
+		- app-portal.volexity.com
+		- portal.volexity.com
+
+
+	Mixed content:
+
+		- css on (www.)? from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Volexity.com (partial)">
+
+	<!--target host="volexity.com" /-->
+	<target host="app-portal.volexity.com" />
+	<target host="portal.volexity.com" />
+	<!--target host="www.volexity.com" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:app-)?portal\.volexity\.com$" name="^BIGipServer" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Volgistics.com.xml b/src/chrome/content/rules/Volgistics.com.xml
new file mode 100644
index 000000000000..2feff7a140c0
--- /dev/null
+++ b/src/chrome/content/rules/Volgistics.com.xml
@@ -0,0 +1,24 @@
+<!--
+	Invalid certificate:
+		volgistics.com
+
+	Connection reset:
+		blog.volgistics.com
+
+	Login required:
+		promo.volgistics.com
+
+-->
+<ruleset name="Volgistics">
+
+	<target host="volgistics.com" />
+	<target host="www.volgistics.com" />
+	<target host="sample.volgistics.com" />
+
+	<rule from="^http://volgistics\.com/"
+		to="https://www.volgistics.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Volgistics.xml b/src/chrome/content/rules/Volgistics.xml
deleted file mode 100644
index 4a6aaf8d2b66..000000000000
--- a/src/chrome/content/rules/Volgistics.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="Volgistics (partial)">
-	<target host="volgistics.com" />
-	<target host="www.volgistics.com" />
-
-	<rule from="^(http://(www\.)?|https://)volgistics\.com/"
-		to="https://www.volgistics.com/" />
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Volia.com.xml b/src/chrome/content/rules/Volia.com.xml
new file mode 100644
index 000000000000..69c12a325950
--- /dev/null
+++ b/src/chrome/content/rules/Volia.com.xml
@@ -0,0 +1,45 @@
+<!--
+volia.com timed out
+www.volia.com timed out
+bilacerkva.volia.com timed out
+vinnitsa.volia.com timed out
+volochisk.volia.com timed out
+dnepropetrovsk.volia.com timed out
+dobrotvir.volia.com timed out
+zhytomyr.volia.com timed out
+zaporozhye.volia.com timed out
+kirovograd.volia.com timed out
+kramatorsk.volia.com timed out
+kremenets.volia.com timed out
+krivoyrog.volia.com timed out
+lutsk.volia.com timed out
+lviv.volia.com timed out
+novomoskovsk.volia.com timed out
+obukhiv.volia.com timed out
+poltava.volia.com timed out
+putyvl.volia.com timed out
+rivne.volia.com timed out
+solonitsevka.volia.com timed out
+sumy.volia.com timed out
+terebovlia.volia.com timed out
+ternopil.volia.com timed out
+truskavets.volia.com timed out
+ukrainka.volia.com timed out
+fastiv.volia.com timed out
+kharkov.volia.com timed out
+kherson.volia.com timed out
+khmelnitsky.volia.com timed out
+cherkassy.volia.com timed out
+chernivtsi.volia.com timed out
+chortkiv.volia.com timed out
+dc.volia.com mismatch
+www.dc.volia.com mismatch
+my.dc.volia.com mismatch
+ftp.dc.volia.com timed out
+-->
+<ruleset name="Volia.com (partial)">
+	<target host="my.volia.com" />
+	<target host="club.volia.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Volksverschluesselung.xml b/src/chrome/content/rules/Volksverschluesselung.xml
new file mode 100644
index 000000000000..5b58a05254d0
--- /dev/null
+++ b/src/chrome/content/rules/Volksverschluesselung.xml
@@ -0,0 +1,10 @@
+<ruleset name="Volksverschlüsselung">
+
+	<target host="volksverschluesselung.sit.fraunhofer.de" />
+	<target host="volksverschluesselung.de" />
+	<target host="www.volksverschluesselung.de" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/VolkswagenBank.xml b/src/chrome/content/rules/VolkswagenBank.xml
index 404053727a38..43f269aa55c2 100644
--- a/src/chrome/content/rules/VolkswagenBank.xml
+++ b/src/chrome/content/rules/VolkswagenBank.xml
@@ -1,7 +1,8 @@
 <ruleset name="Volkswagen Bank" platform="mixedcontent">
-  <target host="*.volkswagenbank.de" />
+  <target host="www.volkswagenbank.de" />
+  <target host="online-banking.volkswagenbank.de" />
   <target host="volkswagenbank.de" />
 
   <rule from="^http://(?:www\.)?volkswagenbank\.de/" to="https://www.volkswagenbank.de/" />
-  <rule from="^http://online-banking\.volkswagenbank\.de/" to="https://online-banking.volkswagenbank.de/" />
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Volotea.com.xml b/src/chrome/content/rules/Volotea.com.xml
index 0710a0489e76..3eb045d44658 100644
--- a/src/chrome/content/rules/Volotea.com.xml
+++ b/src/chrome/content/rules/Volotea.com.xml
@@ -13,13 +13,18 @@
 <ruleset name="Volotea.com">
 
 	<target host="volotea.com" />
-	<target host="*.volotea.com" />
+	<target host="auto.volotea.com" />
+	<target host="cars.volotea.com" />
+	<target host="coches.volotea.com" />
+	<target host="media.volotea.com" />
+	<target host="static.volotea.com" />
+	<target host="voitures.volotea.com" />
+	<target host="www.volotea.com" />
 
 
 	<securecookie host="^(?:www)?\.volotea\.com$" name=".+" />
 
 
-	<rule from="^http://((?:auto|cars|coches|media|static|voitures|www)\.)?volotea\.com/"
-		to="https://$1volotea.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Voltaic_Systems.com.xml b/src/chrome/content/rules/Voltaic_Systems.com.xml
new file mode 100644
index 000000000000..4d9f23a326b3
--- /dev/null
+++ b/src/chrome/content/rules/Voltaic_Systems.com.xml
@@ -0,0 +1,21 @@
+<!--
+	Nonfunctional hosts in *voltaicsystems.com:
+
+		- support ᴰ
+
+	ᴰ Desk.com/redirects to http
+
+-->
+<ruleset name="Voltaic Systems.com (partial)">
+
+	<target host="voltaicsystems.com" />
+	<target host="www.voltaicsystems.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Volunteer2.xml b/src/chrome/content/rules/Volunteer2.xml
index 0d88ec32de7d..0d4c7f414431 100644
--- a/src/chrome/content/rules/Volunteer2.xml
+++ b/src/chrome/content/rules/Volunteer2.xml
@@ -5,14 +5,14 @@
 -->
 <ruleset name="Volunteer² (partial)">
 
-	<target host="*.volunteer2.com"/>
+	<target host="app.volunteer2.com" />
+	<target host="cdn.volunteer2.com" />
 	<target host="myvolunteerpage.com"/>
 	<target host="www.myvolunteerpage.com"/>
 
 	<rule from="^http://(?:app\.volunteer2|(?:www\.)?myvolunteerpage)\.com/"
 		to="https://app.volunteer2.com/"/>
 
-	<rule from="^http://cdn\.volunteer2\.com/"
-		to="https://cdn.volunteer2.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Volunteer_Centers_of_Michigan.xml b/src/chrome/content/rules/Volunteer_Centers_of_Michigan.xml
index e2a39c3e64d7..713c5e690fc8 100644
--- a/src/chrome/content/rules/Volunteer_Centers_of_Michigan.xml
+++ b/src/chrome/content/rules/Volunteer_Centers_of_Michigan.xml
@@ -14,4 +14,4 @@
 	<rule from="^http://(?:www\.)?mivolunteers\.org/"
 		to="https://mivolunteers.org/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Volunteer_Matters.xml b/src/chrome/content/rules/Volunteer_Matters.xml
index 24dbd5f92222..818289f6f91c 100644
--- a/src/chrome/content/rules/Volunteer_Matters.xml
+++ b/src/chrome/content/rules/Volunteer_Matters.xml
@@ -2,7 +2,7 @@
 	For other Closerware coverage, see Closerware.xml.
 
 -->
-<ruleset name="Volunteer Matters">
+<ruleset name="Volunteer Matters.com">
 
 	<target host="volunteermatters.com" />
 	<target host="www.volunteermatters.com" />
@@ -11,7 +11,7 @@
 	<securecookie host="^(?:www\.)?volunteermatters\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?volunteermatters\.com/"
-		to="https://$1volunteermatters.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Volusion.xml b/src/chrome/content/rules/Volusion.xml
index 3447759c4bd4..2476b2ca6c12 100644
--- a/src/chrome/content/rules/Volusion.xml
+++ b/src/chrome/content/rules/Volusion.xml
@@ -33,6 +33,7 @@
 		- volusion.com subdomains:
 
 			- (www.)	(^ → www)
+			- cdn3
 			- forums
 			- my
 			- store
@@ -42,21 +43,24 @@
 <ruleset name="Volusion (partial)">
 
 	<target host="volusion.co.uk" />
-	<target host="*.volusion.co.uk" />
+	<target host="store.volusion.co.uk" />
+	<target host="www.volusion.co.uk" />
 	<target host="volusion.com" />
-	<target host="*.volusion.com" />
+	<target host="cdn3.volusion.com" />
+	<target host="forums.volusion.com" />
+	<target host="my.volusion.com" />
+	<target host="store.volusion.com" />
+	<target host="vchangedesign.volusion.com" />
+	<target host="www.volusion.com" />
 
 
-	<securecookie host="^(?:.*\.)?volusion\.co(?:\.uk|m)$" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
 
-	<rule from="^http://(store\.|www\.)?volusion\.co\.uk/"
-		to="https://$1volusion.co.uk/" />
 
-	<rule from="^https?://volusion\.com/"
+	<rule from="^http://volusion\.com/"
 		to="https://www.volusion.com/" />
 
-	<rule from="^http://(forums|my|store|vchangedesign|www)\.volusion\.com/"
-		to="https://$1.volusion.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/VooPlayer.com.xml b/src/chrome/content/rules/VooPlayer.com.xml
new file mode 100644
index 000000000000..9e414e8aa954
--- /dev/null
+++ b/src/chrome/content/rules/VooPlayer.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="vooPlayer.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="vooplayer.com" />
+	<target host="www.vooplayer.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Voodoo.com.xml b/src/chrome/content/rules/Voodoo.com.xml
index ffdc5b010a21..a6ce3f415847 100644
--- a/src/chrome/content/rules/Voodoo.com.xml
+++ b/src/chrome/content/rules/Voodoo.com.xml
@@ -12,7 +12,8 @@
 <ruleset name="Voodoo.com (partial)">
 
 	<target host="voodoo.com" />
-	<target host="*.voodoo.com" />
+	<target host="secure.voodoo.com" />
+	<target host="www.voodoo.com" />
 
 
 	<securecookie host="^\.voodoo\.com$" name=".+" />
@@ -21,4 +22,4 @@
 	<rule from="^http://(?:secure\.|www\.)?voodoo\.com/"
 		to="https://secure.voodoo.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Voodoo_Ping.com.xml b/src/chrome/content/rules/Voodoo_Ping.com.xml
index a931b4b9df0a..5a225364bfd2 100644
--- a/src/chrome/content/rules/Voodoo_Ping.com.xml
+++ b/src/chrome/content/rules/Voodoo_Ping.com.xml
@@ -1,13 +1,21 @@
-<ruleset name="Voodoo Ping.com">
+<!--
+	Problematic hosts in *voodooping.com:
+
+		- (www.)? *
+
+	* Expired
+
+-->
+<ruleset name="Voodoo Ping.com" default_off="expired">
 
 	<target host="voodooping.com" />
-	<target host="*.voodooping.com" />
+	<target host="www.voodooping.com" />
 
 
 	<securecookie host="^(?:w*\.)?voodooping\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?voodooping\.com/"
-		to="https://$1voodooping.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Voost.xml b/src/chrome/content/rules/Voost.xml
index a493a2145871..d0755f564a54 100644
--- a/src/chrome/content/rules/Voost.xml
+++ b/src/chrome/content/rules/Voost.xml
@@ -1,13 +1,12 @@
 <ruleset name="Voost!">
 
 	<target host="voo.st" />
-	<target host="*.voo.st" />
+	<target host="www.voo.st" />
 
 
 	<securecookie host="^\.voo\.st$" name=".+" />
 
 
-	<rule from="^http://(www\.)?voo\.st/"
-		to="https://$1voo.st/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Vooxe.com.xml b/src/chrome/content/rules/Vooxe.com.xml
new file mode 100644
index 000000000000..62723b65240a
--- /dev/null
+++ b/src/chrome/content/rules/Vooxe.com.xml
@@ -0,0 +1,55 @@
+<!--
+	Cert expired:
+		- des.vooxe.com
+		- les.vooxe.com
+		- onepage.vooxe.com
+
+	Cert mismatch:
+		- ^
+		- www
+		- activation.vooxe.com
+		- cdn.static.vooxe.com
+		- svcone1.vooxe.com
+		- testweb.vooxe.com
+
+	Chain issues:
+		- webapi.reports.vooxe.com
+		- system.vooxe.com
+
+	Redirect to plain:
+		- gdp.vooxe.com
+		- video.vooxe.com
+
+	Self-signed cert:
+		- matrix.vooxe.com
+
+	Timeout:
+		- demo.vooxe.com
+
+	TLS error:
+		- mx.vooxe.com
+		- mail.vooxe.com
+		- monkey.vooxe.com
+		- walkthrough.vooxe.com
+-->
+<ruleset name="Vooxe (partial)">
+
+	<target host="adtag.vooxe.com" />
+	<target host="analytics.vooxe.com" />
+	<target host="banner-api.vooxe.com" />
+	<target host="adtag-static.vooxe.com" />
+	<target host="common-static.vooxe.com" />
+	<target host="display-static.vooxe.com" />
+	<target host="downloads.vooxe.com" />
+	<target host="html5-static.vooxe.com" />
+	<target host="html5games.vooxe.com" />
+	<target host="reports.vooxe.com" />
+	<target host="video-static.vooxe.com" />
+	<target host="cdn.walkthrough.vooxe.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Vorpal.io.xml b/src/chrome/content/rules/Vorpal.io.xml
index b2559a8b37a8..5647108a93e4 100644
--- a/src/chrome/content/rules/Vorpal.io.xml
+++ b/src/chrome/content/rules/Vorpal.io.xml
@@ -1,4 +1,9 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://vorpal.io/ => https://vorpal.io/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.vorpal.io/ => https://www.vorpal.io/: (60, 'SSL certificate problem: certificate has expired')
+
 	CDN buckets:
 
 		- 4bcca1fb85221aaaee1b-af531ed5706c8a9d5cdcbdd606df6b55.ssl.cf2.rackcdn.com
@@ -8,25 +13,17 @@
 		- c15024195.ssl.cf2.rackcdn.com
 		- c929457.ssl.cf2.rackcdn.com
 
-
-	Observed cookie domains:
-
-		- ^
-		- .
-		- www
-		- .www
-
 -->
-<ruleset name="Vorpal.io">
+<ruleset name="Vorpal.io" default_off="failed ruleset test">
 
 	<target host="vorpal.io" />
-	<target host="*.vorpal.io" />
+	<target host="www.vorpal.io" />
 
 
-	<securecookie host="^(?:.*\.)?vorpal\.io$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(www\.)?vorpal\.io/"
-		to="https://$1vorpal.io/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/VosCast.com.xml b/src/chrome/content/rules/VosCast.com.xml
new file mode 100644
index 000000000000..d2c5b82b148e
--- /dev/null
+++ b/src/chrome/content/rules/VosCast.com.xml
@@ -0,0 +1,22 @@
+<!--
+	Mixed content:
+
+		- Web bug from www.facebook.com *
+
+	* Secured by us
+
+-->
+<ruleset name="VosCast.com">
+
+	<target host="voscast.com" />
+	<target host="www.voscast.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<securecookie host="^(?:w*\.)?voscast\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/VoteWatch.eu.xml b/src/chrome/content/rules/VoteWatch.eu.xml
index 6b8fc923cfca..de6e3f6e3b3f 100644
--- a/src/chrome/content/rules/VoteWatch.eu.xml
+++ b/src/chrome/content/rules/VoteWatch.eu.xml
@@ -1,15 +1,25 @@
-<ruleset name="VoteWatch.eu">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://votewatch.eu/ => https://www.votewatch.eu/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.votewatch.eu/ => https://www.votewatch.eu/: (60, 'SSL certificate problem: certificate has expired')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://votewatch.eu/ => https://www.votewatch.eu/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.votewatch.eu/ => https://www.votewatch.eu/: (60, 'SSL certificate problem: certificate has expired')
+-->
+<ruleset name="VoteWatch.eu" default_off="failed ruleset test">
 
 	<target host="votewatch.eu" />
 	<target host="www.votewatch.eu" />
 
 
-	<securecookie host="^www\.votewatch\.eu$" name=".*" />
+	<securecookie host="^www\.votewatch\.eu$" name=".+" />
 
 
 	<!--	Cert only matches www.
 					-->
-	<rule from="^https?://(?:www\.)?votewatch\.eu/"
+	<rule from="^http://(?:www\.)?votewatch\.eu/"
 		to="https://www.votewatch.eu/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/VoterVOICE.xml b/src/chrome/content/rules/VoterVOICE.xml
index dfbd748c9c27..9fc078c94538 100644
--- a/src/chrome/content/rules/VoterVOICE.xml
+++ b/src/chrome/content/rules/VoterVOICE.xml
@@ -2,5 +2,5 @@
 	<target host="votervoice.net" />
 	<target host="www.votervoice.net" />
 
-	<rule from="^http://(?:www\.)?votervoice\.net/" to="https://www.votervoice.net/" />
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/VouchedFor.co.uk.xml b/src/chrome/content/rules/VouchedFor.co.uk.xml
new file mode 100644
index 000000000000..805c2b97bbd1
--- /dev/null
+++ b/src/chrome/content/rules/VouchedFor.co.uk.xml
@@ -0,0 +1,36 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://partners.vouchedfor.co.uk/ => https://partners.vouchedfor.co.uk/: (6, 'Could not resolve host: partners.vouchedfor.co.uk')
+
+	Fully covered hosts in *vouchedfor.co.uk:
+
+		- (www.)?
+		- partners
+
+
+	Insecure cookies are set for these domains:
+
+		- .vouchedfor.co.uk
+
+-->
+<ruleset name="VouchedFor.co.uk" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="vouchedfor.co.uk" />
+	<target host="partners.vouchedfor.co.uk" />
+	<target host="www.vouchedfor.co.uk" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.vouchedfor\.co\.uk$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.vouchedfor\.co\.uk$" name="^(?:__cfduid|cf_clearance)$" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Vovici.com.xml b/src/chrome/content/rules/Vovici.com.xml
index a9b21d3c1e43..3d77ad8a1acc 100644
--- a/src/chrome/content/rules/Vovici.com.xml
+++ b/src/chrome/content/rules/Vovici.com.xml
@@ -1,4 +1,15 @@
-<ruleset name="Vovici.com (partial)">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://desktop.vovici.com/ => https://desktop.vovici.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://vovici.com/ => https://vovici.com/: (28, 'Operation timed out after 0 milliseconds with 0 out of 0 bytes received')
+Fetch error: http://desktop.vovici.com/ => https://desktop.vovici.com/: (28, 'Operation timed out after 0 milliseconds with 0 out of 0 bytes received')
+Fetch error: http://system.vovici.com/ => https://system.vovici.com/: (28, 'Operation timed out after 0 milliseconds with 0 out of 0 bytes received')
+Fetch error: http://www.vovici.com/ => https://vovici.com/: (28, 'Operation timed out after 0 milliseconds with 0 out of 0 bytes received')
+-->
+<ruleset name="Vovici.com (partial)" default_off="failed ruleset test">
 
 	<target host="vovici.com" />
 	<target host="desktop.vovici.com" />
diff --git a/src/chrome/content/rules/Vox-CDN.com.xml b/src/chrome/content/rules/Vox-CDN.com.xml
new file mode 100644
index 000000000000..a4e7309272a2
--- /dev/null
+++ b/src/chrome/content/rules/Vox-CDN.com.xml
@@ -0,0 +1,29 @@
+<!--
+	For other Vox Media coverage, see Vox.com.xml.
+
+
+	Note: platform is so as not to increase non-Tor
+	distinguishability, given that no pages are covered
+	and no mixed content secured.
+
+-->
+<ruleset name="Vox-CDN.com" platform="mixedcontent">
+
+	<target host="cdn0.vox-cdn.com" />
+	<target host="cdn1.vox-cdn.com" />
+	<target host="cdn2.vox-cdn.com" />
+	<target host="cdn3.vox-cdn.com" />
+	<target host="ea.vox-cdn.com" />
+	<target host="volume.vox-cdn.com" />
+
+		<test url="http://cdn0.vox-cdn.com/uploads/chorus_asset/file/4199355/vox.0.svg" />
+		<test url="http://cdn1.vox-cdn.com/uploads/chorus_asset/file/6075175/curbed-white.0.svg" />
+		<test url="http://cdn2.vox-cdn.com/uploads/chorus_asset/file/4199305/eater.0.svg" />
+		<test url="http://cdn3.vox-cdn.com/uploads/chorus_asset/file/5344285/content_distribution.0.svg" />
+		<test url="http://ea.vox-cdn.com/production/voxmedia-year-in-review-2015/images/assets/adweek-logo-a324bd41.png" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Vox.com.xml b/src/chrome/content/rules/Vox.com.xml
new file mode 100644
index 000000000000..e636dfa5b91f
--- /dev/null
+++ b/src/chrome/content/rules/Vox.com.xml
@@ -0,0 +1,31 @@
+<!--
+	Other Vox rulesets:
+
+		- Cstatic.net.xml
+		- Curbed.cc.xml
+		- Curbed.com.xml
+		- Eater.xml
+		- Racked.com.xml
+		- Recode.net.xml
+		- The-Verge.xml
+		- Vox-CDN.com.xml
+		- Vox_Media.com.xml
+
+
+	Nonfunctional hosts in *vox.com:
+
+		- tiffany ʳ
+
+	ʳ Refused
+
+-->
+<ruleset name="Vox.com">
+
+	<target host="vox.com" />
+	<target host="www.vox.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Vox_Media.com.xml b/src/chrome/content/rules/Vox_Media.com.xml
new file mode 100644
index 000000000000..e6e34bad33ab
--- /dev/null
+++ b/src/chrome/content/rules/Vox_Media.com.xml
@@ -0,0 +1,275 @@
+<!--
+	For rules covering resources which do not secure
+	mixed content, see voxmedia.com-resources.xml.
+
+	For other Vox Media coverage, see Vox.com.xml.
+
+
+	CDN buckets:
+
+		- d3jpjf0yeaswad.cloudfront.net	← cdn.hymnal
+		- d8wuu9msfgurd.cloudfront.net	← ea-cdn
+
+
+	Nonfunctional hosts in *voxmedia.com:
+
+		- blog *
+		- pixelpunch ²
+
+	ʰ Redirects to http
+	* Tumblr
+	² 500
+	¹ Refused
+
+
+	Problematic hosts in *voxmedia.com:
+
+		- ^ ¹
+		- cdn.hymnal ²
+		- jobs ¹
+		- status ³
+
+	¹ Refused, preemptable redirect
+	² Fastly / mismatched
+	³ StatusPage / mismatched
+
+
+	Partially covered hosts in *voxmedia.com:
+
+		- marketing ʰ
+		- product ʰ
+
+	ʰ Some pages redirect to http
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- marketing.voxmedia.com
+		- product.voxmedia.com
+		- www.voxmedia.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Vox Media.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="voxmedia.com" />
+	<!--target host="ea-cdn.voxmedia.com" /-->
+	<!--target host="fonts.voxmedia.com" /-->
+	<target host="marketing.voxmedia.com" />
+	<target host="optimize-stats.voxmedia.com" />
+	<!--target host="phonograph-static.voxmedia.com" /-->
+	<!--target host="phonograph2.voxmedia.com" /-->
+	<target host="product.voxmedia.com" />
+	<!--target host="providence.voxmedia.com" /-->
+	<target host="www.voxmedia.com" />
+
+		<!--
+		<test url="http://ea-cdn.voxmedia.com/production/voxmedia/images/about/chorus-e232d7e7.svg" />
+		<test url="http://fonts.voxmedia.com/unison/voxmedia/voxmedia.css" />
+		<test url="http://phonograph2.voxmedia.com/pickup.js" />
+		<test url="http://phonograph-static.voxmedia.com/beacon-min.js" />
+		-->
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.voxmedia\.com/(?:$|\?|a/|(?:.+/)?\d{4}/)" /-->
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="^http://www\.voxmedia\.com/(?!(?!(?:.*/)?\d{4}/)/*(?:(?:about-vox-media|admin|brands|contact|google_news_sitemap|login|networks|pages|press|racked|reader|recode|rss|security|style|the-verge|trending|users|vox-creative)(?:$|[?/])|favicon\.ico|robots\.txt))" /-->
+		<!--
+			Avoid porential XHR problems:
+							-->
+		<!--exclusion pattern="^http://www\.voxmedia\.com/(?:/*sbn_scoreboard/|.+\.js(?:$|\?))" /-->
+		<!--
+			Lessen non-Tor distinguishability:
+								-->
+		<!--exclusion pattern="^http://(?:www\.)?voxmedia\.com/*(?:favicon\.ico|styles/)" /-->
+		<!--
+			In combination:
+					-->
+		<exclusion pattern="^http://(?:www\.)?voxmedia\.com/(?!(?!.+\.js(?:$|\?)|(?:.*/)?\d{4}/)/*(?:(?:about-vox-media|admin|brands|contact|google_news_sitemap|login|networks|pages|press|racked|reader|recode|rss|security|the-verge|trending|users|vox-creative)(?:$|[?/])|robots\.txt))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.voxmedia.com/2015/12/21/10641582/new-york-times-vox-media-adds-re-code-to-its-stable-of-websites" />
+			<test url="http://www.voxmedia.com/2015/12/21/10641604/adweek-vox-media-sings-the-praises-of-chorus" />
+			<test url="http://www.voxmedia.com/2015/12/21/10641664/digiday-the-agency-view-on-vox-media-the-modern-day-conde-nast" />
+			<test url="http://www.voxmedia.com/2015/12/21/10641680/business-insider-vox-medias-jim-bankoff-on-silicon-alley-100" />
+			<test url="http://www.voxmedia.com/2015/12/21/10641738/wsj-vox-ceo-says-quality-will-trump-clickbait" />
+			<test url="http://www.voxmedia.com/2015/12/21/10641754/digiday-vox-com-is-snapchat-s-newest-discover-partner" />
+			<test url="http://www.voxmedia.com/2015/12/21/10641780/fortune-vox-media-becomes-a-startup-unicorn-with-nbcu-funding" />
+			<test url="http://www.voxmedia.com/2016/1/15/10777470/news-from-vox-media" />
+			<test url="http://www.voxmedia.com/2016/1/4/10711422/vp-chad-mumm-named-forbes-30-under-30" />
+			<test url="http://www.voxmedia.com/2016/3/1/11139200/get-ready-for-panorama" />
+			<test url="http://www.voxmedia.com/2016/3/1/11139200/get-ready-for-panorama" />
+			<test url="http://www.voxmedia.com/2016/4/28/11526430/win-a-vip-brunch-experience-with-eater-and-uber" />
+			<test url="http://www.voxmedia.com/2016/8/9/12411460/vox-com-and-eater-join-the-vox-media-collection-on-flipboard" />
+			<test url="http://www.voxmedia.com/?" />
+			<test url="http://www.voxmedia.com/?foo" />
+			<test url="http://www.voxmedia.com/a/year-in-review-2015" />
+			<test url="http://www.voxmedia.com/about-vox-media/2016/4/4/11357412/concert-largest-premium-quality-content-and-audience-marketplace" />
+			<test url="http://www.voxmedia.com/about-vox-media/2016/7/13/12167138/trending-pokemon-invade-the-vox-media-office" />
+			<test url="http://www.voxmedia.com/about-vox-media/2016/7/26/12284406/bloomberg-sb-nation-expands-into-radio-programming-with-gow-media" />
+			<test url="http://www.voxmedia.com/press/2016/2/25/11117512/melissa-bell-on-google-s-accelerated-mobile-pages" />
+			<test url="http://www.voxmedia.com/press/2016/3/14/11221528/silicon-valley-re-codes-kara-swisher-says-it-s-time-for-silicon" />
+			<test url="http://www.voxmedia.com/press/2016/3/2/11147202/cnbc-the-verges-nilay-patel-re-codes-edmund-lee-on-privacy-vs-security" />
+			<test url="http://www.voxmedia.com/press/2016/4/1/11350712/marketing-land-vox-media-discusses-the-third-party-measurement" />
+			<test url="http://www.voxmedia.com/press/2016/4/1/11350728/digiday-vox-media-moves-into-experiential-marketing" />
+			<test url="http://www.voxmedia.com/press/2016/4/4/11359982/bloomberg-nbcu-vox-media-tell-advertisers-real-viewers-will-see-their" />
+			<test url="http://www.voxmedia.com/press/2016/7/11/12148692/cnbc-will-snapchat-keep-cool-factor" />
+			<test url="http://www.voxmedia.com/recode/2016/2/25/11117918/re-code-media-with-peter-kafka-adrian-wojnarowski-editor-of-the" />
+			<test url="http://www.voxmedia.com/recode/2016/2/25/11117922/code-media-full-video-interview-with-espn-boss-john-skipper" />
+			<test url="http://www.voxmedia.com/sbn_scoreboard/ajax_leagues_and_events" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.voxmedia.com/about-vox-media" />
+			<test url="http://www.voxmedia.com/admin" />
+			<test url="http://www.voxmedia.com/brands/vox/" />
+			<test url="http://www.voxmedia.com/contact" />
+			<test url="http://www.voxmedia.com/google_news_sitemap" />
+			<test url="http://www.voxmedia.com/login" />
+			<test url="http://www.voxmedia.com/networks/enter_private_mode_password" />
+			<test url="http://www.voxmedia.com/pages/pgp-public-key" />
+			<test url="http://www.voxmedia.com/press" />
+			<test url="http://www.voxmedia.com/racked" />
+			<test url="http://www.voxmedia.com/reader" />
+			<test url="http://www.voxmedia.com/recode" />
+			<test url="http://www.voxmedia.com/robots.txt" />
+			<test url="http://www.voxmedia.com/rss/smartnews.xml" />
+			<test url="http://www.voxmedia.com/security" />
+			<!--
+			<test url="http://www.voxmedia.com/style/39ba52252694457a2ece9335b34f6733/chorus.css" />
+			-->
+			<test url="http://www.voxmedia.com/the-verge" />
+			<test url="http://www.voxmedia.com/trending" />
+			<test url="http://www.voxmedia.com/users/VoxMedia" />
+			<test url="http://www.voxmedia.com/vox-creative" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://marketing\.voxmedia\.com/(?:$|\?|(?:.+/)?\d{4}/)" /-->
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="^http://marketing\.voxmedia\.com/(?!(?!(?:.+/)?\d{4}/)/*(?:case-studies|page)(?:$|[?/]))" /-->
+		<!--
+			Avoid porential XHR problems:
+							-->
+		<!--exclusion pattern="^http://marketing\.voxmedia\.com/.+\.js(?:$|\?)" /-->
+		<!--
+			In combination:
+					-->
+		<exclusion pattern="^http://marketing\.voxmedia\.com/(?!(?!.+\.js(?:$|\?)|(?:.+/)?\d{4}/)/*(?:case-studies|page)(?:$|[?/]))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://marketing.voxmedia.com/2015/10/14/9531041/vox-in-your-inbox-vox-sentences-gets-personal-with-email-marketing" />
+			<test url="http://marketing.voxmedia.com/2015/10/2/9441139/the-latest-news-from-vox-media" />
+			<test url="http://marketing.voxmedia.com/2015/10/23/9605572/the-latest-news-from-vox-media" />
+			<test url="http://marketing.voxmedia.com/2015/10/29/9640284/new-york-treat-yourself-to-a-flavorful-weekend-with-mofad-lab-and" />
+			<test url="http://marketing.voxmedia.com/2015/11/11/9714382/vox-media-launches-on-notify" />
+			<test url="http://marketing.voxmedia.com/2015/12/22/10447668/sb-nation-names-the-first-ever-winner-of-the-piesman-trophy" />
+			<test url="http://marketing.voxmedia.com/2015/3/23/8276159/welcome-the-vox-media-marketing-blog" />
+			<test url="http://marketing.voxmedia.com/2015/4/3/8320575/social-amplification-how-we-expand-our-audience" />
+			<test url="http://marketing.voxmedia.com/2015/8/12/9144537/nbcuniversal-announces-strategic-investment-in-vox-media" />
+			<test url="http://marketing.voxmedia.com/2016/1/22/10817010/the-latest-news-from-vox-media" />
+			<test url="http://marketing.voxmedia.com/2016/2/10/10943252/join-vox-media-at-sxsw" />
+			<test url="http://marketing.voxmedia.com/2016/2/22/11083046/reintroducing-curbed-love-where-you-live" />
+
+			<!--	-ve:
+					-->
+			<test url="http://marketing.voxmedia.com/case-studies" />
+			<test url="http://marketing.voxmedia.com/page/2" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://product\.voxmedia\.com/(?:$|\?|a/|(?:.+/)?\d{4}/)" /-->
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="^http://product\.voxmedia\.com/(?!(?!(?:.*/)?\d{4}/)/*(?:archives|authors|development|events|interns|pages|source|style|til|trending|vax)(?:$|[?/]))" /-->
+		<!--
+			Avoid porential XHR problems:
+							-->
+		<!--exclusion pattern="^http://product\.voxmedia\.com/.+\.js(?:$|\?)" /-->
+		<!--
+			Lessen non-Tor distinguishability:
+							-->
+		<!--exclusion pattern="^http://product\.voxmedia\.com/+styles/" /-->
+		<!--
+			In combination:
+					-->
+		<exclusion pattern="^http://product\.voxmedia\.com/(?!(?!.+\.js(?:$|\?)|(?:.*/)?\d{4}/)/*(?:archives|authors|development|events|interns|pages|source|til|trending|vax)(?:$|[?/]))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://product.voxmedia.com/2012/5/4/5426770/earn-while-working-from-home-keeping-a-close-knit-team-with-far-flung" />
+			<test url="http://product.voxmedia.com/2012/6/15/5426782/introducing-syllabus-vox-medias-s3-powered-liveblog-platform" />
+			<test url="http://product.voxmedia.com/2012/7/31/5426792/better-grids-for-a-responsive-world" />
+			<test url="http://product.voxmedia.com/2013/1/24/5426808/an-inside-peek-into-the-polygon-design-process" />
+			<test url="http://product.voxmedia.com/2013/1/31/5426810/vox-medias-design-interns-redesigning-the-way-you-see-the-web" />
+			<test url="http://product.voxmedia.com/2013/12/6/5426882/driving-for-distraction-how-do-we-survive-the-premium-media-onslaught" />
+			<test url="http://product.voxmedia.com/2013/2/20/5426816/vax-13-vox-media-product-teams-first-hack-week-in-austin-texas" />
+			<test url="http://product.voxmedia.com/2014/10/15/6982751/all-aboard-bringing-teams-together-to-talk-shippin" />
+			<test url="http://product.voxmedia.com/2014/2/21/5433452/verge-fanboys-web-design-as-troll" />
+			<test url="http://product.voxmedia.com/2014/6/25/5842182/vax-14-day-1-so-you-want-to-have-a-hack-week" />
+			<test url="http://product.voxmedia.com/2014/6/6/5673934/nine-weeks-to-launch-vox" />
+			<test url="http://product.voxmedia.com/2014/8/4/5968419/you-should-be-the-vox-media-2015-opennews-fellow" />
+			<test url="http://product.voxmedia.com/2015/10/28/9631108/afk-day-2015" />
+			<test url="http://product.voxmedia.com/2015/6/12/8771459/vax-15-generate-your-project-name-today-and-get-to-work" />
+			<test url="http://product.voxmedia.com/2016/5/26/11787530/remote-user-testing-at-vox" />
+			<test url="http://product.voxmedia.com/2016/6/16/11920356/reducing-the-start-render-time-on-chorus" />
+			<test url="http://product.voxmedia.com/a/communication-2025" />
+			<test url="http://product.voxmedia.com/interns/2016/6/29/11964076/meet-our-summer-2016-intern-class" />
+			<test url="http://product.voxmedia.com/post/21784396576/all-together-now-introducing-the-vox-product-blog-and" />
+			<test url="http://product.voxmedia.com/til/2016/1/22/10814518/css-injection-with-browsersync-gulp-and-the-rails-asset-pipeline" />
+
+			<!--	-ve:
+					-->
+			<test url="http://product.voxmedia.com/archives" />
+			<test url="http://product.voxmedia.com/authors/winston-hearn" />
+			<test url="http://product.voxmedia.com/development" />
+			<test url="http://product.voxmedia.com/events" />
+			<test url="http://product.voxmedia.com/interns" />
+			<test url="http://product.voxmedia.com/pages/team" />
+			<test url="http://product.voxmedia.com/source" />
+			<!--
+			<test url="http://product.voxmedia.com/style/a4599c476fee06f907e34d73f5302974/chorus.css" />
+			-->
+			<test url="http://product.voxmedia.com/til" />
+			<test url="http://product.voxmedia.com/trending" />
+			<test url="http://product.voxmedia.com/vax" />
+
+	<!--	Complications:
+				-->
+	<target host="jobs.voxmedia.com" />
+	<target host="status.voxmedia.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:marketing|product|www)\.voxmedia\.com$" name="^_chorus_unison_testing_v4$" /-->
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+
+
+	<!--	Redirect drops path but not args:
+							-->
+	<rule from="^http://jobs\.voxmedia\.com/[^?]*"
+		to="https://www.voxmedia.com/careers" />
+
+		<test url="http://jobs.voxmedia.com//" />
+		<test url="http://jobs.voxmedia.com///" />
+
+	<rule from="^http://status\.voxmedia\.com/"
+		to="https://voxmedia.statuspage.io/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Voxel.xml b/src/chrome/content/rules/Voxel.xml
index fb9ed673b7cd..f2aa6e268377 100644
--- a/src/chrome/content/rules/Voxel.xml
+++ b/src/chrome/content/rules/Voxel.xml
@@ -5,7 +5,7 @@
 	<target host="*.voxcdn.com"/>
 
 
-	<securecookie host="^(.*\.)?vox(cdn\.com|el\.net)$" name=".*" />
+	<securecookie host=".+" name=".+"/>
 
 
 	<rule from="^http://(www\.|portal\.)?voxel\.net/"
diff --git a/src/chrome/content/rules/Voxer.xml b/src/chrome/content/rules/Voxer.xml
index ed5d3ab88e60..63ff55f1c4f7 100644
--- a/src/chrome/content/rules/Voxer.xml
+++ b/src/chrome/content/rules/Voxer.xml
@@ -5,19 +5,70 @@
 
 	Nonfunctional subdomains:
 
-		- blog
+		- blog *
+
+	* Refused
+
+
+	Problematic subdomains:
+
+		- dev-10 *
+
+	* Refused
+
+
+	Partially covered subdomains:
+
+		- dev-10 *	(→ ^)
+
+	* Being cautious wrt possibly differing paths
+
+
+	Fully covered subdomains:
+
+		- (www.)
+		- business
+		- one
+		- support
+		- web
+
+
+	Mixed content:
+
+		- Images, on (www.) from:
+
+			- ^ *
+			- dev-10 *
+
+	* Secured by us
 
 -->
 <ruleset name="Voxer (partial)">
 
 	<target host="voxer.com" />
-	<target host="*.voxer.com" />
+	<target host="business.voxer.com" />
+	<target host="one.voxer.com" />
+	<target host="support.voxer.com" />
+	<target host="web.voxer.com" />
+	<target host="www.voxer.com" />
+	<target host="dev-10.voxer.com" />
+		<!--
+			Some paths may be different(?):
+								-->
+		<!--exclusion pattern="^http://dev-10\.voxer\.com/+(?!assets/)" /-->
 
 
-	<securecookie host="^.+\.voxer\.com$" name=".*" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^business\.voxer\.com$" name="^is_enterprise$" /-->
 
+	<securecookie host=".+\.voxer\.com$" name=".+" />
 
-	<rule from="^http://(business\.|support\.|www\.)?voxer\.com/"
+
+	<rule from="^http://((?:business|one|support|web|www)\.)?voxer\.com/"
 		to="https://$1voxer.com/" />
 
+	<rule from="^http://dev-10\.voxer\.com/assets/"
+		to="https://voxer.com/assets/" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/Voxility.com.xml b/src/chrome/content/rules/Voxility.com.xml
new file mode 100644
index 000000000000..2277b72bbb0b
--- /dev/null
+++ b/src/chrome/content/rules/Voxility.com.xml
@@ -0,0 +1,13 @@
+<!--
+	^: expired 2014-07-08
+
+-->
+<ruleset name="Voxility.com">
+
+	<target host="voxility.com" />
+	<target host="www.voxility.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Voyage-Prive.co.uk.xml b/src/chrome/content/rules/Voyage-Prive.co.uk.xml
new file mode 100644
index 000000000000..73bb9840469a
--- /dev/null
+++ b/src/chrome/content/rules/Voyage-Prive.co.uk.xml
@@ -0,0 +1,43 @@
+<!--
+	For other Voyage Privé coverage, see Voyage-Prive.com.xml.
+
+
+	^voyage-prive.co.uk: Mismatched
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .voyage-prive.co.uk
+		- www.voyage-prive.co.uk
+
+-->
+<ruleset name="Voyage-Prive.co.uk">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ea.voyage-prive.co.uk" />
+	<target host="front-admin.voyage-prive.co.uk" />
+	<target host="m.voyage-prive.co.uk" />
+	<target host="secure.voyage-prive.co.uk" />
+	<target host="www.voyage-prive.co.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="voyage-prive.co.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.votage-prive\.co\.uk$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^www\.votage-prive\.co\.uk$" name="^ablim$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://voyage-prive\.co\.uk/"
+		to="https://www.voyage-prive.co.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Voyage-Prive.com.xml b/src/chrome/content/rules/Voyage-Prive.com.xml
new file mode 100644
index 000000000000..c86ac89bb1e1
--- /dev/null
+++ b/src/chrome/content/rules/Voyage-Prive.com.xml
@@ -0,0 +1,46 @@
+<!--
+	Other Voyage Privé rulesets:
+
+		- Voyage-Prive.co.uk.xml
+		- Voyage-Prive.it.xml
+
+
+	^voyage-prive.com: Mismatched
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .voyage-prive.com
+		- www.voyage-prive.com
+
+-->
+<ruleset name="Voyage-Prive.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="eulerian.voyage-prive.com" />
+	<target host="front-admin.voyage-prive.com" />
+	<target host="m.voyage-prive.com" />
+	<target host="secure.voyage-prive.com" />
+	<target host="www.voyage-prive.com" />
+
+	<!--	Complications:
+				-->
+	<target host="voyage-prive.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.voyage-prive\.com$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^www\.voyage-prive\.com$" name="^ablim$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://voyage-prive\.com/"
+		to="https://www.voyage-prive.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Voyage-Prive.it.xml b/src/chrome/content/rules/Voyage-Prive.it.xml
new file mode 100644
index 000000000000..3446901b17ad
--- /dev/null
+++ b/src/chrome/content/rules/Voyage-Prive.it.xml
@@ -0,0 +1,50 @@
+<!--
+	For other Voyage Privé coverage, see Voyage-Prive.com.xml.
+
+
+	^voyage-prive.it: Mismatched
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .voyage-prive.it
+		- www.voyage-prive.it
+
+
+	Mixed content:
+
+		- Images on www from images\d.bovpg.net *
+
+	* Secured by us
+
+-->
+<ruleset name="Voyage-Prive.it">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ea.voyage-prive.it" />
+	<target host="front-admin.voyage-prive.it" />
+	<target host="m.voyage-prive.it" />
+	<target host="secure.voyage-prive.it" />
+	<target host="www.voyage-prive.it" />
+
+	<!--	Complications:
+				-->
+	<target host="voyage-prive.it" />
+
+
+	<!--	Not secured by server:
+					-->
+	<securecookie host="^\.votage-prive\.it$" name="^PHPSESSID$" />
+	<securecookie host="^www\.votage-prive\.it$" name="^ablim$" />
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://voyage-prive\.it/"
+		to="https://www.voyage-prive.it/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Voyage_Group.com.xml b/src/chrome/content/rules/Voyage_Group.com.xml
new file mode 100644
index 000000000000..d6e55f59b059
--- /dev/null
+++ b/src/chrome/content/rules/Voyage_Group.com.xml
@@ -0,0 +1,29 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://boat.voyagegroup.com/ => https://boat.voyagegroup.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+	www.voyagegroup.com: Mismatched
+
+-->
+<ruleset name="Voyage Group.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="voyagegroup.com" />
+	<target host="boat.voyagegroup.com" />
+	<target host="contact.boat.voyagegroup.com" />
+	<target host="contact.voyagegroup.com" />
+
+	<!--	Complications:
+				-->
+	<target host="www.voyagegroup.com" />
+
+
+	<rule from="^http://www\.voyagegroup\.com/"
+		to="https://voyagegroup.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Voys.nl.xml b/src/chrome/content/rules/Voys.nl.xml
new file mode 100644
index 000000000000..2e39fb4f51a8
--- /dev/null
+++ b/src/chrome/content/rules/Voys.nl.xml
@@ -0,0 +1,13 @@
+<ruleset name="Voys.nl">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="voys.nl" />
+	<target host="freedom.voys.nl" />
+	<target host="www.voys.nl" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Vozpopuli.com.xml b/src/chrome/content/rules/Vozpopuli.com.xml
new file mode 100644
index 000000000000..313cddec6e17
--- /dev/null
+++ b/src/chrome/content/rules/Vozpopuli.com.xml
@@ -0,0 +1,23 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://vozpopuli.com/ => https://vozpopuli.com/: Too many redirects while fetching 'https://vozpopuli.com/'
+Fetch error: http://www.vozpopuli.com/ => https://www.vozpopuli.com/: Too many redirects while fetching 'https://www.vozpopuli.com/'
+Fetch error: http://tendencias.vozpopuli.com/ => https://tendencias.vozpopuli.com/: Too many redirects while fetching 'https://tendencias.vozpopuli.com/'
+
+	Mismatched:
+	* social.vozpopuli.com
+	* gestion.vozpopuli.com
+	* bolsa.vozpopuli.com
+-->
+<ruleset name="Vozpopuli.com" default_off="failed ruleset test">
+
+	<target host="vozpopuli.com" />
+	<target host="www.vozpopuli.com" />
+	<target host="estatico.vozpopuli.com" />
+	<target host="tendencias.vozpopuli.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Vpnbook.com.xml b/src/chrome/content/rules/Vpnbook.com.xml
index 3d7549ac6675..65b13721403e 100644
--- a/src/chrome/content/rules/Vpnbook.com.xml
+++ b/src/chrome/content/rules/Vpnbook.com.xml
@@ -1,7 +1,8 @@
 <ruleset name="vpnbook.com">
 
 	<target host="vpnbook.com" />
-	<target host="*.vpnbook.com" />
+	<target host="www.vpnbook.com" />
+	<target host="webproxy.vpnbook.com" />
 
 
 	<securecookie host="^(?:webproxy)?\.vpnbook\.com$" name=".+" />
@@ -13,7 +14,6 @@
 	<rule from="^http://(?:www\.)?vpnbook\.com/"
 		to="https://www.vpnbook.com/" />
 
-	<rule from="^http://webproxy\.vpnbook\.com/"
-		to="https://webproxy.vpnbook.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Vr-mfr.de.xml b/src/chrome/content/rules/Vr-mfr.de.xml
new file mode 100644
index 000000000000..60bd4b529bc6
--- /dev/null
+++ b/src/chrome/content/rules/Vr-mfr.de.xml
@@ -0,0 +1,7 @@
+<ruleset name="Vr-mfr.de">
+	<target host="vr-mfr.de" />
+	<target host="www.vr-mfr.de" />
+	<target host="kontofinder.vr-mfr.de" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Vr.org.xml b/src/chrome/content/rules/Vr.org.xml
index 7539bf6f3c83..2d7728e39f39 100644
--- a/src/chrome/content/rules/Vr.org.xml
+++ b/src/chrome/content/rules/Vr.org.xml
@@ -18,7 +18,6 @@
 	<securecookie host="^www\.vr\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?vr\.org/"
-		to="https://$1vr.org/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Vrr.de.xml b/src/chrome/content/rules/Vrr.de.xml
new file mode 100644
index 000000000000..64f0b5bbd45a
--- /dev/null
+++ b/src/chrome/content/rules/Vrr.de.xml
@@ -0,0 +1,41 @@
+<!--
+	Nonfunctional hosts in *.vrr.de:
+		- aiv.vrr.de (s)
+		- efa3.vrr.de (r)
+		- erhebung2017.vrr.de (i)
+		- event.vrr.de (t)
+		- fahrtenplaner.vrr.de (t)
+		- mobiel.vrr.de (r)
+		- mobil.vrr.de (m)
+		- pda.vrr.de (r)
+		- schnupperabo.vrr.de (m)
+		- wap.vrr.de (r)
+		- weihnachtsmaerkte.vrr.de (m)
+		- zerp.vrr.de (i)
+		- zvis.vrr.de (r)
+
+
+	i :invalid cert
+	m: certificate mismatch
+	r: connection refused
+	s: secure connection failed
+	t: timeout on https
+-->
+<ruleset name="Vrr.de">
+	<target host="vrr.de" />
+	<target host="www.vrr.de" />
+	<target host="abfahrtsmonitor.vrr.de" />
+	<target host="anzeiger.vrr.de" />
+	<target host="app.vrr.de" />
+	<target host="ausschreibungen.vrr.de" />
+	<target host="blog.vrr.de" />
+	<target host="campus.vrr.de" />
+	<target host="delfi.vrr.de" />
+	<target host="efa.vrr.de" />
+	<target host="haltestellenmonitor.vrr.de" />
+	<target host="mediencenter.vrr.de" />
+	<target host="rheinbahn.vrr.de" />
+		<test url="http://rheinbahn.vrr.de/?id=0" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Vrsinfo.de.xml b/src/chrome/content/rules/Vrsinfo.de.xml
new file mode 100644
index 000000000000..11c827aeb06d
--- /dev/null
+++ b/src/chrome/content/rules/Vrsinfo.de.xml
@@ -0,0 +1,34 @@
+<!--
+	Nonfunctional hosts in *.vrsinfo.de:
+		- android.vrsinfo.de (t)
+		- auskunft.vrsinfo.de (mixed content, example: https://auskunft.vrsinfo.de/koeln/cgi/)
+		- auskunft2.vrsinfo.de (t)
+		- ekapwebcache.vrsinfo.de (t)
+		- m.vrsinfo.de (m)
+		- partner.vrsinfo.de (mixed content, example: https://partner.vrsinfo.de/koeln/cgi/)
+		- piwik.vrsinfo.de (403)
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Vrsinfo.de">
+	<target host="vrsinfo.de" />
+	<target host="www.vrsinfo.de" />
+	<target host="auskunft1.vrsinfo.de" />
+	<target host="download.vrsinfo.de" />
+	<target host="ekapweb.vrsinfo.de" />
+	<target host="festival.vrsinfo.de" />
+	<target host="gewinnspiele.vrsinfo.de" />
+	<target host="handyticket.vrsinfo.de" />
+	<target host="sdnet.vrsinfo.de" />
+	<target host="seiten.vrsinfo.de" />
+	<target host="static.vrsinfo.de" />
+	<target host="tarif.vrsinfo.de" />
+	<target host="test.vrsinfo.de" />
+	<target host="umfrage.vrsinfo.de" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Vrt.be.xml b/src/chrome/content/rules/Vrt.be.xml
new file mode 100644
index 000000000000..fb05eeade4f7
--- /dev/null
+++ b/src/chrome/content/rules/Vrt.be.xml
@@ -0,0 +1,35 @@
+<!--
+	Other VRT rulesets:
+		Deredactie.be.xml
+		Sporza.be.xml
+		Vrtnieuws.net.xml
+
+	Invalid certificate:
+		bedrijfsbezoek.vrt.be
+	Refused:
+		media.vrt.be
+		vrtpop.vrt.be
+	HTTP 404:
+		pers.vrt.be
+        Mixed Content:
+                radiospotcel.vrt.be (Missing CSS)
+  Timeout
+    css.vrt.be
+-->
+<ruleset name="VRT.be">
+    <target host="vrt.be" />
+    <target host="www.vrt.be" />
+    <target host="aha.vrt.be" />
+    <target host="bigband.vrt.be" />
+    <target host="communicatie.vrt.be" />
+    <target host="communicatieradio.vrt.be" />
+    <!-- <target host="css.vrt.be" /> -->
+    <target host="images.vrt.be" />
+    <target host="innovatie.vrt.be" />
+    <target host="sandbox.vrt.be" />
+    <target host="services.vrt.be" />
+    <target host="syndicatie.vrt.be" />
+    <target host="taal.vrt.be" />
+
+    <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Vrtnieuws.net.xml b/src/chrome/content/rules/Vrtnieuws.net.xml
new file mode 100644
index 000000000000..db9ea7984420
--- /dev/null
+++ b/src/chrome/content/rules/Vrtnieuws.net.xml
@@ -0,0 +1,12 @@
+<!--
+	For other VRT coverage, see Vrt.be.xml
+
+	Invalid certificate:
+		vrtnieuws.net
+		www.vrtnieuws.net
+-->
+<ruleset name="VRTnieuws.net">
+    <target host="media.vrtnieuws.net" />
+
+    <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Vse.sk.xml b/src/chrome/content/rules/Vse.sk.xml
new file mode 100644
index 000000000000..585ba37fa8fe
--- /dev/null
+++ b/src/chrome/content/rules/Vse.sk.xml
@@ -0,0 +1,27 @@
+<!--
+	Nonfunctional hosts in *.vse.sk:
+
+	connection refused:
+		- b2w.vse.sk
+	timeout on https:
+		- login.vse.sk
+		- gw.vse.sk
+		- mailgw.vse.sk
+		- www.mailgw.vse.sk
+		- pomoc.vse.sk
+		- sts.vse.sk
+		- www.sts.vse.sk
+		- wlc.vse.sk
+-->
+<ruleset name="Vse.sk">
+	<target host="vse.sk" />
+	<target host="www.vse.sk" />
+	<target host="b2b.vse.sk" />
+	<target host="csg.vse.sk" />
+	<target host="mail.vse.sk" />
+	<target host="nsg.vse.sk" />
+	<target host="pdasync.vse.sk" />
+	<target host="vpn.vse.sk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Vsearch2.net.xml b/src/chrome/content/rules/Vsearch2.net.xml
deleted file mode 100644
index ac8dc326ceb6..000000000000
--- a/src/chrome/content/rules/Vsearch2.net.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="vsearch2.net">
-
-	<target host="vsearch2.net" />
-	<target host="www.vsearch2.net" />
-
-
-	<securecookie host="^vsearch2\.net$" name=".+" />
-
-
-	<rule from="^http://(www\.)?vsearch2\.net/"
-		to="https://$1vsearch2.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Vsexshop.ru.xml b/src/chrome/content/rules/Vsexshop.ru.xml
index 5eab7c8bea91..5971aab5c0d8 100644
--- a/src/chrome/content/rules/Vsexshop.ru.xml
+++ b/src/chrome/content/rules/Vsexshop.ru.xml
@@ -4,11 +4,12 @@
 -->
 <ruleset name="vsexshop.ru (partial)">
 
-	<target host="*.vimgs.ru" />
+	<target host="l.vimgs.ru" />
+	<target host="m.vimgs.ru" />
 	<target host="vsexshop.ru" />
 
 
 	<rule from="^http://(?:[lm]\.vimgs|vsexshop)\.ru/images/"
 		to="https://vsexshop.ru/images/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Vshn.ch.xml b/src/chrome/content/rules/Vshn.ch.xml
new file mode 100644
index 000000000000..1dfc900ecd08
--- /dev/null
+++ b/src/chrome/content/rules/Vshn.ch.xml
@@ -0,0 +1,12 @@
+<ruleset name="Vshn.ch">
+	<target host="vshn.ch" />
+	<target host="www.vshn.ch" />
+	<target host="blog.vshn.ch" />
+	<target host="register.vshn.ch" />
+	<target host="status.vshn.ch" />
+	<target host="test.vshn.ch" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Vszp.sk.xml b/src/chrome/content/rules/Vszp.sk.xml
new file mode 100644
index 000000000000..ca1057b758be
--- /dev/null
+++ b/src/chrome/content/rules/Vszp.sk.xml
@@ -0,0 +1,17 @@
+<!--
+	Invalid certificate:
+		- vszp.sk
+		- gw.vszp.sk
+		- old.vszp.sk
+		- rezervacia.vszp.sk
+-->
+<ruleset name="Vszp.sk">
+	<target host="vszp.sk" />
+	<target host="www.vszp.sk" />
+	<target host="portal.vszp.sk" />
+
+	<rule from="^http://vszp\.sk/"
+		to="https://www.vszp.sk/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Vtiger.com.xml b/src/chrome/content/rules/Vtiger.com.xml
new file mode 100644
index 000000000000..84c883992906
--- /dev/null
+++ b/src/chrome/content/rules/Vtiger.com.xml
@@ -0,0 +1,34 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://blogs.vtiger.com/ => https://blogs.vtiger.com/: (7, 'Failed to connect to blogs.vtiger.com port 443: Connection refused')
+
+	Insecure cookies are set for these domains: ˢ
+
+		- .vtiger.com
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Vtiger.com" default_off="failed ruleset test">
+
+	<target host="vtiger.com" />
+	<target host="blogs.vtiger.com" />
+	<target host="discussions.vtiger.com" />
+	<target host="forums.vtiger.com" />
+	<target host="plantsolution.od1.vtiger.com" />
+	<target host="wiki.vtiger.com" />
+	<target host="www.vtiger.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.vtiger\.com$" name="^_vtvcn$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Vtracy.de.xml b/src/chrome/content/rules/Vtracy.de.xml
new file mode 100644
index 000000000000..35295cbd04e3
--- /dev/null
+++ b/src/chrome/content/rules/Vtracy.de.xml
@@ -0,0 +1,15 @@
+<!-- Timeout:
+		- www & ^
+-->
+<ruleset name="Vtracy" >
+
+	<target host="cc.vtracy.de"/>
+	<target host="cnt.vtracy.de"/>
+	<target host="onsite.vtracy.de"/>
+	<target host="goldbach.onsite.vtracy.de"/>
+	<target host="pt.vtracy.de"/>
+	<target host="red.vtracy.de"/>
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/VuFind.org.xml b/src/chrome/content/rules/VuFind.org.xml
new file mode 100644
index 000000000000..5482a62a80d9
--- /dev/null
+++ b/src/chrome/content/rules/VuFind.org.xml
@@ -0,0 +1,17 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+			 - www.vufind.org
+-->
+<ruleset name="VuFind.org">
+	<target host="vufind.org" />
+	<target host="www.vufind.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://www\.vufind\.org/"
+			to="https://vufind.org/" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Vub.sk.xml b/src/chrome/content/rules/Vub.sk.xml
new file mode 100644
index 000000000000..255b3fd71cb3
--- /dev/null
+++ b/src/chrome/content/rules/Vub.sk.xml
@@ -0,0 +1,8 @@
+<ruleset name="Vub.sk">
+  <target host="vub.sk" />
+  <target host="www.vub.sk" />
+  <target host="nib.vub.sk" />
+
+  <rule from="^http://(?:www\.)?vub\.sk/" to="https://www.vub.sk/" />
+  <rule from="^http://nib\.vub\.sk/" to="https://nib.vub.sk/" />
+</ruleset>
diff --git a/src/chrome/content/rules/Vuejs.xml b/src/chrome/content/rules/Vuejs.xml
new file mode 100644
index 000000000000..28db6ac3e094
--- /dev/null
+++ b/src/chrome/content/rules/Vuejs.xml
@@ -0,0 +1,24 @@
+
+<!--
+	Problematic domains:
+
+		- vuejs.org.cn (Incomplete certificate chain)
+
+-->
+
+<ruleset name="Vuejs">
+
+	<target host="vuejs.org" />
+	<target host="011.vuejs.org" />
+	<target host="012.vuejs.org" />
+	<target host="cn.vuejs.org" />
+	<target host="forum.vuejs.org" />
+	<target host="jp.vuejs.org" />
+	<target host="it.vuejs.org" />
+	<target host="router.vuejs.org" />
+	<target host="vuex.vuejs.org" />
+	<target host="www.vuejs.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Vueling.xml b/src/chrome/content/rules/Vueling.xml
index 1203b3ac14f1..3d301a00cbd1 100644
--- a/src/chrome/content/rules/Vueling.xml
+++ b/src/chrome/content/rules/Vueling.xml
@@ -1,7 +1,7 @@
 <ruleset name="Vueling">
   <target host="vueling.com" />
   <target host="*.vueling.com" />
-  
+
   <rule from="^http://vueling\.com/" to="https://vueling.com/"/>
   <rule from="^http://([^/:@\.]+)\.vueling\.com/" to="https://$1.vueling.com/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/VulnHub.com.xml b/src/chrome/content/rules/VulnHub.com.xml
new file mode 100644
index 000000000000..89baa58a6418
--- /dev/null
+++ b/src/chrome/content/rules/VulnHub.com.xml
@@ -0,0 +1,34 @@
+<!--
+	Fully covered hosts in *vulnhub.com:
+
+		- (www.)?
+		- blog
+		- ctf-team
+
+
+	Insecure cookies are set for these domains:
+
+		- .vulnhub.com
+
+-->
+<ruleset name="VulnHub.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="vulnhub.com" />
+	<target host="blog.vulnhub.com" />
+	<target host="ctf-team.vulnhub.com" />
+	<target host="www.vulnhub.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.vulnhub\.com$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.vulnhub\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Vulnscan.org.xml b/src/chrome/content/rules/Vulnscan.org.xml
deleted file mode 100644
index 8dd1ae104004..000000000000
--- a/src/chrome/content/rules/Vulnscan.org.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="Vulnscan.org">
-
-	<target host="vulnscan.org" />
-	<target host="www.vulnscan.org" />
-
-
-	<rule from="^http://(www\.)?vulnscan\.org/"
-		to="https://$1vulnscan.org/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Vultr.com.xml b/src/chrome/content/rules/Vultr.com.xml
new file mode 100644
index 000000000000..d2f257e9590a
--- /dev/null
+++ b/src/chrome/content/rules/Vultr.com.xml
@@ -0,0 +1,17 @@
+<ruleset name="Vultr.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="vultr.com" />
+	<target host="discuss.vultr.com" />
+	<target host="my.vultr.com" />
+	<target host="www.vultr.com" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Vulture.com.xml b/src/chrome/content/rules/Vulture.com.xml
deleted file mode 100644
index bd70913e3f89..000000000000
--- a/src/chrome/content/rules/Vulture.com.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-		- vulture.com.112.2o7.net
-
-			- stats
-
-
-	Nonfunctional subdomains:
-
-		- (www.)	(dropped)
-
--->
-<ruleset name="Vulture.com (partial)">
-
-	<target host="*.vulture.com" />
-
-
-	<!--	Omniture tracking cookies:
-						-->
-	<securecookie host="^\.vulture\.com$" name="^s_\w+$" />
-
-
-	<rule from="^http://stats\.vulture\.com/"
-		to="https://vulture-com.112.2o7.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Vumanity.net.xml b/src/chrome/content/rules/Vumanity.net.xml
new file mode 100644
index 000000000000..7e87c6e8b6a3
--- /dev/null
+++ b/src/chrome/content/rules/Vumanity.net.xml
@@ -0,0 +1,23 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://vumanity.net/ => https://vumanity.net/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.vumanity.net/ => https://www.vumanity.net/: (28, 'Connection timed out after 20004 milliseconds')
+
+	Nonfunctional subdomains:
+
+		- help	(dropped)
+
+-->
+<ruleset name="Vumanity.net (partial)" default_off="failed ruleset test">
+
+	<target host="vumanity.net" />
+	<target host="www.vumanity.net" />
+
+
+	<securecookie host="^\.vumanity\.net$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Vungle.com-falsemixed.xml b/src/chrome/content/rules/Vungle.com-falsemixed.xml
new file mode 100644
index 000000000000..368af0cc1ba2
--- /dev/null
+++ b/src/chrome/content/rules/Vungle.com-falsemixed.xml
@@ -0,0 +1,14 @@
+<!--
+	For rules not causing false/broken MCB, see Vungle.xml.
+
+-->
+<ruleset name="Vungle.com (false MCB)" platform="mixedcontent">
+
+	<target host="blog.vungle.com" />
+	<target host="www.vungle.com" />
+
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Vungle.xml b/src/chrome/content/rules/Vungle.xml
index ff628c3bdea0..539a6b033f12 100644
--- a/src/chrome/content/rules/Vungle.xml
+++ b/src/chrome/content/rules/Vungle.xml
@@ -1,19 +1,60 @@
 <!--
+	For rules causing false/broken MCB, see Vungle.com-falsemixed.xml.
+
+
+	CDN buckets:
+
+		- vungle.wpengine.com
+
+			- blog
+
 
 	Problematic subdomains:
 
-		- (www.)	(works; self-signed, CN: Parallels Panel)
+		- www ¹
+		- blog ²
+
+	¹ Mixed css from $self
+	² wpengine
+
+
+	Partially covered subdomains:
+
+		- blog *
+		- www *
+
+	* Avoiding false/broken MCB
+
+
+	Mixed content:
+
+		- css on www from $self *
+
+		- Images on www from $self *
+		- Images on www from blog *
+
+	* Secured by us
 
 -->
 <ruleset name="Vungle (partial)">
 
+	<target host="vungle.com" />
+	<target host="blog.vungle.com" />
 	<target host="v.vungle.com" />
+	<target host="www.vungle.com" />
+		<!--
+			Avoid false/broken MCB:
+						-->
+		<exclusion pattern="^http://(?:blog|www)\.vungle\.com/+(?!wp-content/|wp-includes/)" />
 
 
 	<securecookie host="^v\.vungle\.com$" name=".+" />
 
 
-	<rule from="^http://v\.vungle\.com/"
-		to="https://v.vungle.com/" />
+	<rule from="^http://(v\.|www\.)?vungle\.com/"
+		to="https://$1vungle.com/" />
+
+	<rule from="^http://blog\.vungle\.com/"
+		to="https://www.vungle.com/blog/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Vuze.com-falsemixed.xml b/src/chrome/content/rules/Vuze.com-falsemixed.xml
new file mode 100644
index 000000000000..9d545f9692b2
--- /dev/null
+++ b/src/chrome/content/rules/Vuze.com-falsemixed.xml
@@ -0,0 +1,17 @@
+<!--
+	For rules not causing false/broken MCB, see Vuze.xml.
+
+-->
+<ruleset name="Vuze.com (false MCB)" platform="mixedcontent">
+
+	<target host="forum.vuze.com" />
+	<target host="remote.vuze.com" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Vuze.xml b/src/chrome/content/rules/Vuze.xml
index c511da8ab4b9..b8667cfb5e7a 100644
--- a/src/chrome/content/rules/Vuze.xml
+++ b/src/chrome/content/rules/Vuze.xml
@@ -1,33 +1,105 @@
 <!--
+	For rules causing false/broken MCB, see Vuze.com-falsemixed.xml.
+
+
 	CDN buckets:
 
-		- web-www-1660276444.us-east-1.elb.amazonaws.com 
+		- web-www-1660276444.us-east-1.elb.amazonaws.com
 		- d1ov8b9v5fwdrf.cloudfront.net
 
 		- d2ojrr2o5sghfq.cloudfront.net
 
 			- hwcdn01.vuze.com
 
+
+	Nonfunctional hosts in *vuze.com:
+
+		- blog *
+
+	* Handshake fails
+
+
+	Problematic hosts in *vuze.com:
+
+		- ^ ¹
+		- vote ² ³
+
+	¹ Dropped
+	² Mismatched
+	³ Blocks Tor users
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .vuze.com
+		- plugins.vuze.com
+		- psearch.vuze.com
+		- search.vuze.com
+
+
+	Mixed content:
+
+		- css, on:
+
+			- forum from $self *
+			- remote from www.vuze.com *
+
+		- Images, on:
+
+			- forum from cf1.vuze.com *
+			- forum from $self *
+			- remote from www.vuze.com *
+
+		- Ads/bugs, on:
+
+			- remote from pixel.quantserve.com *
+			- www from conversion.7search.com *
+
+	* Secured by us
+
 -->
-<ruleset name="Vuze" platform="mixedcontent">
+<ruleset name="Vuze.com (partial)">
 
+	<!--	Direct rewrites:
+				-->
+	<target host="cf1.vuze.com" />
+	<target host="cf2.vuze.com" />
+	<!--target host="forum.vuze.com" /-->
+	<target host="hwcdn01.vuze.com" />
+	<target host="plugins.vuze.com" />
+	<target host="psearch.vuze.com" />
+	<!--target host="remote.vuze.com" /-->
+	<target host="search.vuze.com" />
+	<target host="wiki.vuze.com" />
+	<target host="www.vuze.com" />
+
+	<!--	Complications:
+				-->
 	<target host="vuze.com" />
-	<target host="*.vuze.com" />
 
-	<securecookie host="^w(?:iki|ww)\.vuze\.com$" name=".*" />
+		<test url="http://cf1.vuze.com/logo/full_logo_107x60.png" />
 
-	<rule from="^https?://(?:www\.)?vuze\.com/"
-		to="https://www.vuze.com/" />
+		<!--	Mixed ads:
+					-->
+		<test url="http://www.vuze.com/download.php" />
+		<test url="http://www.vuze.com/vuze-leap/" />
 
-	<rule from="^http://(blog|forum|plugins|p?search|remote|wiki)\.vuze\.com/"
-		to="https://$1.vuze.com/" />
 
-	<!--	Data are also on www.
+	<!--	Not secured by server:
 					-->
-	<rule from="^https?://cf2\.vuze\.com/"
-		to="https://d1ov8b9v5fwdrf.cloudfront.net/" />
+	<!--securecookie host="^\.vuze\.com$" name="^(?:__cfduid|__qca|cf_clearance|mybb\[last(?:active|visit)\]|sid)$" /-->
+	<!--securecookie host="^plugins\.vuze\.com$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^psearch\.vuze\.com$" name="^AWSELB$" /-->
+	<!--securecookie host="^search\.vuze\.com$" name="^(?:PHPSESSID|wid)$" /-->
+
+	<securecookie host="^\.vuze\.com$" name="^(?:__cfduid|__qca|cf_clearance)$" />
+	<securecookie host=".+\.vuze\.com$" name=".+" />
+
+
+	<rule from="^http://vuze\.com/"
+		to="https://www.vuze.com/" />
 
-	<rule from="^http://hwcdn01\.vuze\.com/"
-		to="https://d2ojrr2o5sghfq.cloudfront.net/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Vwd_services.com.xml b/src/chrome/content/rules/Vwd_services.com.xml
new file mode 100644
index 000000000000..0baa5696e670
--- /dev/null
+++ b/src/chrome/content/rules/Vwd_services.com.xml
@@ -0,0 +1,13 @@
+<!--
+	^vwdservices.com doesn't exist.
+
+-->
+<ruleset name="vwd services.com (partial)">
+
+	<target host="charting.vwdservices.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Vwp.su.xml b/src/chrome/content/rules/Vwp.su.xml
new file mode 100644
index 000000000000..1b0b7bd4036d
--- /dev/null
+++ b/src/chrome/content/rules/Vwp.su.xml
@@ -0,0 +1,23 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .vwp.su
+
+-->
+<ruleset name="vwp.su">
+
+	<target host="vwp.su" />
+	<target host="www.vwp.su" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.vwp\.su$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/VxStream-Sandbox.com.xml b/src/chrome/content/rules/VxStream-Sandbox.com.xml
new file mode 100644
index 000000000000..b2a706286dac
--- /dev/null
+++ b/src/chrome/content/rules/VxStream-Sandbox.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="VxStream-Sandbox.com">
+
+	<target host="vxstream-sandbox.com" />
+	<target host="www.vxstream-sandbox.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/VyprVPN.com.xml b/src/chrome/content/rules/VyprVPN.com.xml
new file mode 100644
index 000000000000..b005a7013da9
--- /dev/null
+++ b/src/chrome/content/rules/VyprVPN.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="VyprVPN.com (partial)">
+	<target host="vyprvpn.com" />
+	<target host="www.vyprvpn.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Vzaar.xml b/src/chrome/content/rules/Vzaar.xml
index ca852afe3de4..2677035c1884 100644
--- a/src/chrome/content/rules/Vzaar.xml
+++ b/src/chrome/content/rules/Vzaar.xml
@@ -1,15 +1,18 @@
-<ruleset name="vzaar (partial)">
+<ruleset name="vzaar.com (partial)">
+	<target host="vzaar.com" />
+	<target host="www.vzaar.com" />
+	<target host="assets1.vzaar.com" />
+	<target host="assets2.vzaar.com" />
+	<target host="download.vzaar.com" />
+	<target host="framegrabs.vzaar.com" />
+	<target host="player.vzaar.com" />
+	<target host="resources.vzaar.com" />
+	<target host="static.vzaar.com" />
+	<target host="video.vzaar.com" />
+	<target host="view.vzaar.com" />
 
-	<target host="vzaar.com"/>
-	<target host="*.vzaar.com"/>
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(www\.)?vzaar\.com/(blog/|favicon\.ico$|help/|images/|login$|stylesheets/)"
-		to="https://vzaar.com/$2"/>
-
-	<rule from="^http://(assets[12]|framegrabs|resources|view)\.vzaar\.com/"
-		to="https://$1.vzaar.com/"/>
-
-	<rule from="^http://static\.vzaar\.com/"
-		to="https://s3.amazonaws.com/static.vzaar.com/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/W-x.co.xml b/src/chrome/content/rules/W-x.co.xml
new file mode 100644
index 000000000000..4ea5edf704d6
--- /dev/null
+++ b/src/chrome/content/rules/W-x.co.xml
@@ -0,0 +1,8 @@
+<ruleset name="W-x.Co">
+
+	<target host="s.w-x.co" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/W00tads.com.xml b/src/chrome/content/rules/W00tads.com.xml
new file mode 100644
index 000000000000..87e0c2415232
--- /dev/null
+++ b/src/chrome/content/rules/W00tads.com.xml
@@ -0,0 +1,18 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://w00tads.com/ => https://w00tads.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://delivery.w00tads.com/ => https://delivery.w00tads.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.w00tads.com/ => https://www.w00tads.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+-->
+<ruleset name="w00tads.com" default_off="failed ruleset test">
+
+	<target host="w00tads.com" />
+	<target host="delivery.w00tads.com" />
+	<target host="www.w00tads.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/W1.fi.xml b/src/chrome/content/rules/W1.fi.xml
new file mode 100644
index 000000000000..ebbf727d1ca8
--- /dev/null
+++ b/src/chrome/content/rules/W1.fi.xml
@@ -0,0 +1,12 @@
+<ruleset name="w1.fi">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="w1.fi" />
+	<target host="www.w1.fi" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/W3C-Test.org.xml b/src/chrome/content/rules/W3C-Test.org.xml
new file mode 100644
index 000000000000..6ae6a5285743
--- /dev/null
+++ b/src/chrome/content/rules/W3C-Test.org.xml
@@ -0,0 +1,28 @@
+<!--
+	Mismatch:
+		www2.w3c-test.org
+	Punycode:
+		lve-6lad => élève
+		n8j6ds53lwwkrqhv28a => 天気の良い日
+	Non-Standard HTTP Port:
+		n8j6ds53lwwkrqhv28a.www2.w3c-test.org:82
+	Note:
+		Double dash not allowed in XML comment; punycode prefix removed.
+	Related:
+		W3C.xml
+-->
+<ruleset name="W3C-test.org">
+	<target host="w3c-test.org" />
+	<target host="www.w3c-test.org" />
+	<target host="www1.w3c-test.org" />
+	<target host="www2.w3c-test.org" />
+	<target host="xn--lve-6lad.w3c-test.org" />
+	<target host="xn--n8j6ds53lwwkrqhv28a.w3c-test.org" />
+		<test url="http://xn--n8j6ds53lwwkrqhv28a.w3c-test.org:82/" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://www2\.w3c-test\.org/" to="https://www.w3c-test.org/" />
+	<rule from="^http://xn--n8j6ds53lwwkrqhv28a\.w3c-test\.org:82/" to="https://xn--n8j6ds53lwwkrqhv28a.w3c-test.org/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/W3C.xml b/src/chrome/content/rules/W3C.xml
index 30cf1c4b0333..6e612d5fa1ff 100644
--- a/src/chrome/content/rules/W3C.xml
+++ b/src/chrome/content/rules/W3C.xml
@@ -1,25 +1,42 @@
 <!--
-	Nonfunctional subdomains:
+	W3C
 
-		- dev *
-		- jigsaw *
-		- lists		(redirects to http)
-		- validator	(404, valid cert)
+	Nonfunctional subdomains:
 
-	* Dropped
+		- flanders (mismatch)
+		- herman (timeout)
+		- irc (401)
+		- people (mixed content)
+		- services (mixed content)
+		- test (no longer exists on server)
 
+	Related:
+		W3C-Test.org.xml
 -->
-<ruleset name="W3C (partial)" default_off="W3C does not have a proper HTTPS deployment">
+<ruleset name="W3.org">
 
 	<target host="w3.org" />
-	<target host="*.w3.org" />
-		<exclusion pattern="^http://(?:www\.)?w3\.org/.+(?:/+|\.html)(?:$|\?)" />
-
-
-	<rule from="^http://(?:www\.)?w3\.org/(?=.+/)"
-		to="https://www.w3.org/" />
-
-	<rule from="^http://dvcs\.w3\.org/"
-		to="https://dvcs.w3.org/" />
+                <test url="http://w3.org/Consortium/" />
+	<target host="www.w3.org" />
+                <test url="http://www.w3.org/Consortium/" />
+	<target host="dev.w3.org" />
+                <test url="http://dev.w3.org/cvsweb/" />
+	<target host="dvcs.w3.org" />
+                <test url="http://dvcs.w3.org/hg" />
+	<target host="jigsaw.w3.org" />
+                <test url="http://jigsaw.w3.org/Distrib/" />
+	<target host="labs.w3.org" />
+                <test url="http://www.w3.org/2015/labs/" />
+	<target host="lists.w3.org" />
+                <test url="http://lists.w3.org/Archives/Public/" />
+<!-- No tests for media.w3.org as no subfolders or other pages seem to be present -->
+	<target host="media.w3.org" />
+	<target host="validator.w3.org" />
+                <test url="http://validator.w3.org/docs/help.html" />
+<!-- No tests for validator-suite.w3.org as it is a redirect -->
+	<target host="validator-suite.w3.org" />
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/W3Counter.com.xml b/src/chrome/content/rules/W3Counter.com.xml
index d095a17522a6..1f28d370c5c1 100644
--- a/src/chrome/content/rules/W3Counter.com.xml
+++ b/src/chrome/content/rules/W3Counter.com.xml
@@ -1,20 +1,9 @@
-<!--
-	Some pages redirect to http, including login and registration.
-
--->
 <ruleset name="W3Counter.com">
-
 	<target host="w3counter.com" />
-	<target host="*.w3counter.com" />
-		<exclusion pattern="^http://(?:www\.)?w3counter\.com/(?!css/|favicon\.ico|images/|js/|tracker\.(?:js|php))" />
-
-
-	<!--	Tracking cookie set by tracker.php
-							-->
-	<securecookie host="^\.w3counter\.com$" name="^_\d+_visitFlag$" />
-
+	<target host="www.w3counter.com" />
+	<target host="pulse.w3counter.com" />
 
-	<rule from="^http://(pulse\.|www\.)?w3counter\.com/"
-		to="https://$1w3counter.com/" />
+	<securecookie host=".+" name=".+" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/W3schools.com.xml b/src/chrome/content/rules/W3schools.com.xml
new file mode 100644
index 000000000000..d7ec7292e10f
--- /dev/null
+++ b/src/chrome/content/rules/W3schools.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="W3schools.com">
+	<target host="w3schools.com" />
+	<target host="www.w3schools.com" />
+	<target host="tryit.w3schools.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/W55c.net.xml b/src/chrome/content/rules/W55c.net.xml
new file mode 100644
index 000000000000..8a8448bc7dc1
--- /dev/null
+++ b/src/chrome/content/rules/W55c.net.xml
@@ -0,0 +1,34 @@
+<!--
+	For other DataXu coverage, see DataXu.xml.
+
+
+	Insecure cookies are set for these domains: ᶜ
+
+		- .w55c.net
+
+	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
+
+
+	Bugs included on 3rd-party websites.
+
+-->
+<ruleset name="w55c.net">
+
+	<target host="cdn.w55c.net" />
+	<target host="cti.w55c.net" />
+	<target host="dco-cdn.w55c.net" />
+	<target host="i.w55c.net" />
+	<target host="tags.w55c.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.w55c\.net$" name="^(matchgoogle|wfivefivec)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/WAE_Plus.xml b/src/chrome/content/rules/WAE_Plus.xml
deleted file mode 100644
index 0e7597009806..000000000000
--- a/src/chrome/content/rules/WAE_Plus.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="WAE+" default_off="some 3rd-party images fail to load">
-
-	<target host="waeplus.co.uk" />
-	<target host="*.waeplus.co.uk" />
-
-
-	<securecookie host="^\.waeplus\.co\.uk$" name=".+" />
-
-
-	<rule from="^http://(www\.)?waeplus\.co\.uk/"
-		to="https://$1waeplus.co.uk/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/WANdisco.com.xml b/src/chrome/content/rules/WANdisco.com.xml
new file mode 100644
index 000000000000..910bd397c1a3
--- /dev/null
+++ b/src/chrome/content/rules/WANdisco.com.xml
@@ -0,0 +1,23 @@
+<!--
+	Nonfunctional subdomains:
+
+		- blogs
+
+-->
+<ruleset name="WANdisco.com (partial)">
+
+	<target host="wandisco.com" />
+	<target host="support.wandisco.com" />
+	<target host="www.wandisco.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^support\.wandisco\.com$" name="^(SWIFT_client|SWIFT_sessionid40)$" /-->
+
+	<securecookie host="^support\.wandisco\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/WAPY.xml b/src/chrome/content/rules/WAPY.xml
index 997477c4c05e..e82dafdffeaa 100644
--- a/src/chrome/content/rules/WAPY.xml
+++ b/src/chrome/content/rules/WAPY.xml
@@ -2,7 +2,8 @@
 
 	<!--	Cert: localhost.localdomain	-->
 	<target host="wapy.com" />
-	<target host="*.wapy.com" />
+	<target host="dev1.wapy.com" />
+	<target host="www.wapy.com" />
 
 
 	<!--	- dev1 presents the same cert
@@ -10,7 +11,7 @@
 		- $ presents login page
 		- entiz/read.php.+: "Can't connect to local MySQL server"
 					-->
-	<rule from="^https?://(?:dev1\.|www\.)?wapy\.com/(css|imagedb|images)/"
-		to="https://wapy.com/$1" />
+	<rule from="^http://(?:dev1\.|www\.)?wapy\.com/(css|imagedb|images)/"
+		to="https://wapy.com/$1/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/WASTE.xml b/src/chrome/content/rules/WASTE.xml
deleted file mode 100644
index 09741d52a85e..000000000000
--- a/src/chrome/content/rules/WASTE.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<ruleset name="W.A.S.T.E." default_off="self-signed">
-
-	<target host="waste.org" />
-	<target host="www.waste.org" />
-
-
-	<!--	Cert only matches /waste.org.	-->
-	<rule from="^http://(?:www\.)?waste\.org/"
-		to="https://waste.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/WAYF.dk.xml b/src/chrome/content/rules/WAYF.dk.xml
new file mode 100644
index 000000000000..2d3a25a8586a
--- /dev/null
+++ b/src/chrome/content/rules/WAYF.dk.xml
@@ -0,0 +1,56 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://janus.wayf.dk/module.php/multiauth/selectsource.php?AuthState=&source=mailtoken (200) => https://janus.wayf.dk/module.php/multiauth/selectsource.php?AuthState=&source=mailtoken (500)
+
+	Nonfunctional hosts in *wayf.dk:
+
+		- blog ¹
+		- www ²
+
+	¹ Shows www.wayf.dk
+	² Redirects to http
+
+
+	Insecure cookies are set for these hosts:
+
+		- janus.wayf.dk
+
+-->
+<ruleset name="WAYF.dk (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="consentmgt.wayf.dk" />
+	<target host="janus.wayf.dk" />
+	<target host="nemlogin.wayf.dk" />
+	<target host="wayf.wayf.dk" />
+	<target host="wayfsp.wayf.dk" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.wayf\.dk/(?:$|images/|modules/|plugins/|templates/)" /-->
+
+			<!--	+ve:
+					-->
+			<!--test url="http://www.wayf.dk/images/stories/logo_link.png" /-->
+			<!--test url="http://www.wayf.dk/modules/mod_jflanguageselection/tmpl/mod_jflanguageselection.css" /-->
+			<!--test url="http://www.wayf.dk/plugins/system/jat3/base-themes/default/css/css3.css" /-->
+			<!--test url="http://www.wayf.dk/templates/ja_t3_blank/local/themes/testsider.dk/images/wayf-logo-2-h75px.png" /-->
+
+		<test url="http://janus.wayf.dk/module.php/multiauth/selectsource.php?AuthState=&amp;source=mailtoken" />
+		<test url="http://nemlogin.wayf.dk/saml2/idp/SSOService.php?SAMLRequest=&amp;SigAlg=&amp;Signature=" />
+		<test url="http://wayf.wayf.dk/saml2/idp/SSOService.php?SAMLRequest=&amp;SigAlg=&amp;Signature=" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^janus\.wayf\.dk$" name="^multiauth_source_janus-multiauth$" /-->
+
+	<securecookie host="^janus\.wayf\.dk$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/WB_Play.com.xml b/src/chrome/content/rules/WB_Play.com.xml
new file mode 100644
index 000000000000..340206413283
--- /dev/null
+++ b/src/chrome/content/rules/WB_Play.com.xml
@@ -0,0 +1,16 @@
+<!--
+	For other Warner Bros coverage, see Warner_Bros.com.xml.
+
+-->
+<ruleset name="WB Play.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="wbplay.com" />
+	<target host="www.wbplay.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/WD2go.com.xml b/src/chrome/content/rules/WD2go.com.xml
index 9b3370160799..02b1dbc9fd31 100644
--- a/src/chrome/content/rules/WD2go.com.xml
+++ b/src/chrome/content/rules/WD2go.com.xml
@@ -4,11 +4,11 @@
 	<target host="www.wd2go.com" />
 
 
-	<securecookie host="^www\.wd2go\.com$" name=".*" />
+	<securecookie host="^www\.wd2go\.com$" name=".+" />
 
 
 	<!--	Cert only matches *.wd2go.com	-->
-	<rule from="^https?://(?:www\.)?wd2go\.com/"
+	<rule from="^http://(?:www\.)?wd2go\.com/"
 		to="https://www.wd2go.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/WDWS.xml b/src/chrome/content/rules/WDWS.xml
index 3f42aea9d8af..dd01bf0b3e52 100644
--- a/src/chrome/content/rules/WDWS.xml
+++ b/src/chrome/content/rules/WDWS.xml
@@ -15,4 +15,4 @@
 	<rule from="^http://(?:www\.)?wdws\.com/(misc/|sites/|user(?:$|\?|/))"
 		to="https://www.wdws.com/$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/WDpromedia.com.xml b/src/chrome/content/rules/WDpromedia.com.xml
deleted file mode 100644
index 3313d4fc4490..000000000000
--- a/src/chrome/content/rules/WDpromedia.com.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<!--
-	Web bugs.
-
--->
-<ruleset name="WDpromedia.com">
-
-	<target host="analytics.wdpromedia.com" />
-
-
-	<rule from="^http://analytics\.wdpromedia\.com/"
-		to="https://a248.e.akamai.net/f/1092/1/5m/analytics.wdpromedia.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/WEBxMedia.xml b/src/chrome/content/rules/WEBxMedia.xml
index 45ab15d95177..d8b3fa62d8f1 100644
--- a/src/chrome/content/rules/WEBxMedia.xml
+++ b/src/chrome/content/rules/WEBxMedia.xml
@@ -1,13 +1,19 @@
-<ruleset name="WEBxMedia">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://webxmedia.co.uk/ => https://webxmedia.co.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'webxmedia.co.uk'")
+Fetch error: http://www.webxmedia.co.uk/ => https://www.webxmedia.co.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'www.webxmedia.co.uk'")
+
+-->
+<ruleset name="WEBxMedia" default_off="failed ruleset test">
 
 	<target host="webxmedia.co.uk" />
-	<target host="*.webxmedia.co.uk" />
+	<target host="www.webxmedia.co.uk" />
 
 
 	<securecookie host="^\.webxmedia\.co\.uk$" name=".+" />
 
 
-	<rule from="^http://(www\.)?webxmedia\.co\.uk/"
-		to="https://$1webxmedia.co.uk/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/WEDOS.xml b/src/chrome/content/rules/WEDOS.xml
new file mode 100644
index 000000000000..96a0c2beffc7
--- /dev/null
+++ b/src/chrome/content/rules/WEDOS.xml
@@ -0,0 +1,22 @@
+<!--
+	Mismatched:
+	- wedos.cz
+	- www.wedos.cz
+	- wedos.org
+	- www.wedos.org
+	- soutez.wedos.com
+	- dod.wedos.com
+	- webpagetest.wedos.com
+	- *.wedos.ws
+
+	Redirect loop:
+	- www.wedos.com
+-->
+<ruleset name="WEDOS">
+	<target host="webftp.wedos.net" />
+	<target host="webmail.wedos.net" />
+	<target host="pma-old.wedos.net" />
+	<target host="pma.wedos.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/WEForum.org.xml b/src/chrome/content/rules/WEForum.org.xml
new file mode 100644
index 000000000000..438a0ba188a2
--- /dev/null
+++ b/src/chrome/content/rules/WEForum.org.xml
@@ -0,0 +1,23 @@
+<!--
+	Connection reset:
+		weforum.org
+
+	Invalid certificate:
+		chinese.weforum.org
+
+-->
+<ruleset name="WE Forum.org (partial)">
+
+	<target host="weforum.org" />
+	<target host="www.weforum.org" />
+	<target host="agenda.weforum.org" />
+	<target host="toplink.weforum.org" />
+	<target host="widgets.weforum.org" />
+
+	<rule from="^http://weforum\.org/"
+		to="https://www.weforum.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/WF_NC_News.com.xml b/src/chrome/content/rules/WF_NC_News.com.xml
new file mode 100644
index 000000000000..6964ef9e0759
--- /dev/null
+++ b/src/chrome/content/rules/WF_NC_News.com.xml
@@ -0,0 +1,34 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .wfncnews.com
+
+
+	Mixed content:
+
+		- css from $self *
+		- Images from $self *
+		- Bug from www.facebook.com *
+
+	* Secured by us
+
+-->
+<ruleset name="WF NC News.com" platform="mixedcontent">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="wfncnews.com" />
+	<target host="www.wfncnews.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.wfncnews\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.wfncnews\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/WHIcdn.com.xml b/src/chrome/content/rules/WHIcdn.com.xml
new file mode 100644
index 000000000000..232b39782dbe
--- /dev/null
+++ b/src/chrome/content/rules/WHIcdn.com.xml
@@ -0,0 +1,15 @@
+<!--
+	For other WeHeartIt.com related rulesets, see WeHeartIt.com.xml
+
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- whicdn.com
+-->
+<ruleset name="WHIcdn.com">
+	<target host="assets.whicdn.com" />
+	<target host="data.whicdn.com" />
+		<test url="http://data.whicdn.com/images/338953799/superthumb.jpg" />
+		<test url="http://data.whicdn.com/images/338956271/superthumb.jpg" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/WHMCS.xml b/src/chrome/content/rules/WHMCS.xml
index d1b75dbebed7..2b4208d4d2d0 100644
--- a/src/chrome/content/rules/WHMCS.xml
+++ b/src/chrome/content/rules/WHMCS.xml
@@ -1,24 +1,61 @@
 <!--
 	Nonfunctional subdomains:
 
-		- blog *
-		- docs *
-		- forum *
+		- blog ¹
+		- changelog ²
+		- docs ¹
+		- download ²
+		- go ²
 
-	* Shows www, valid cert
+	¹ Redirects ot http
+	² Shows www.whmcs.com
+
+
+	Insecure cookies are set for these domains:
+
+		- .whmcs.com
+
+
+	Mixed content:
+
+		- css on (www.)?, vsix from fonts.googleapis.com *
+		- Ad on forum from www.whmcs.com *
+
+	* Secured by us
 
 -->
-<ruleset name="WHMCS (partial)">
+<ruleset name="WHMCS.com (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="whmcs.com" />
-	<target host="*.whmcs.com" />
-		<exclusion pattern="^http://(?:blog|docs|forum)\." />
+	<target host="cdn.whmcs.com" />
+	<target host="forum.whmcs.com" />
+	<target host="vsix.whmcs.com" />
+	<target host="www.whmcs.com" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://docs\.whmcs\.com/(?:$|Main_Page$)" /-->
+		<!--exclusion pattern="^http://blog\.whmcs\.com/(?:$|images/)" /-->
+
+		<!--exclusion pattern="^http://(?:blog|docs|changelog|downloads|go)\.whmcs\.com/" /-->
+
+			<!--test url="http://blog.whmcs.com/" /-->
+			<!--test url="http://changelog.whmcs.com/" /-->
+			<!--test url="http://docs.whmcs.com/" /-->
+			<!--test url="http://download.whmcs.com/" /-->
+			<!--test url="http://go.whmcs.com/" /-->
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.whmcs\.com$" name="^(?:__cfduid|bb_sessionhash|cf_clearance)$" /-->
 
-	<securecookie host="^(?:.*\.)?whmcs\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(\w+\.)?whmcs\.com/"
-		to="https://$1whmcs.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/WHMS-FM.xml b/src/chrome/content/rules/WHMS-FM.xml
index 96ed4b262f8d..d4746af05b08 100644
--- a/src/chrome/content/rules/WHMS-FM.xml
+++ b/src/chrome/content/rules/WHMS-FM.xml
@@ -15,4 +15,4 @@
 	<rule from="^http://(?:www\.)?whms\.com/(misc/|sites/|user(?:$|\?|/))"
 		to="https://www.whms.com/$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/WHSmith.xml b/src/chrome/content/rules/WHSmith.xml
index 96721871f188..5b7c0be553d3 100644
--- a/src/chrome/content/rules/WHSmith.xml
+++ b/src/chrome/content/rules/WHSmith.xml
@@ -2,38 +2,40 @@
 	wbiprod.storedvalue.com
 
 
-	Problematic subdomains:
+	Problematic hosts in *whsmith.co.uk:
 
-		- (www.)	(mismatched, CN: secure.whsmith.co.uk)
+		- (www.)?magazines ᵐ
+
+	ᵐ Mismatched
 
 -->
 <ruleset name="WHSmith (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="whsmith.co.uk" />
-	<target host="*.whsmith.co.uk" />
-		<!--
-			Nonfunctional paths:
-
-				- $				(redirects back)
-				- ComputingAndElectronics/ *
-				- eb_eBooks/ *
-				- GiftsGamesAndToys$ *
-				- GiftsGamesAndToys/$ *
-				- StationeryAndCards *
-				- StationeryAndCards/$		(403)
+	<target host="blog.whsmith.co.uk" />
+	<target host="images.blog.whsmith.co.uk" />
+	<target host="btmedia.whsmith.co.uk" />
+	<target host="local.whsmith.co.uk" />
+	<target host="www.local.whsmith.co.uk" />
+	<target host="www.whsmith.co.uk" />
 
-			* 404
-							-->
-		<exclusion pattern="^https?://(?:www\.)?whsmith\.co\.uk/(?!App_Themes/|(?:Books|CatalogAndSearch|E?Products|GiftCardProducts|Voting)(?:$|\?|/)|favicon\.ico|GiftsGamesAndToys/\w|[iI]mages/|Script/|StationeryAndCards/\w|[sS]upport/|WebResource\.axd)" />
+	<!--	Complications:
+				-->
+	<target host="magazines.whsmith.co.uk" />
+	<target host="www.magazines.whsmith.co.uk" />
 
 
-	<securecookie host="^(?:www\.)?magazines\.whsmith\.co\.uk$" name=".+" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^https?://(?:secure\.|www\.)?whsmith\.co\.uk/"
-		to="https://secure.whsmith.co.uk/" />
+	<!--	Redirect drops all:
+					-->
+	<rule from="^http://(?:www\.)?magazines\.whsmith\.co\.uk/.*"
+		to="https://www.whsmith.co.uk/magazines" />
 
-	<rule from="^http://(www\.)?magazines\.whsmith\.co\.uk/"
-		to="https://$1magazines.whsmith.co.uk/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/WHYMAP.org.xml b/src/chrome/content/rules/WHYMAP.org.xml
new file mode 100644
index 000000000000..b6eefc604420
--- /dev/null
+++ b/src/chrome/content/rules/WHYMAP.org.xml
@@ -0,0 +1,7 @@
+<ruleset name="WHYMAP.org">
+
+	<target host="www.whymap.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/WHYY.org.xml b/src/chrome/content/rules/WHYY.org.xml
new file mode 100644
index 000000000000..dda0dc1aff83
--- /dev/null
+++ b/src/chrome/content/rules/WHYY.org.xml
@@ -0,0 +1,33 @@
+<!--
+	Mixed content:
+
+		- Images, from:
+
+			- $self ¹
+			- newsworks.org ²
+
+		- Ads/web bugs, from:
+
+			- www.google.com ¹
+			- partner.googleadservices.com ¹
+
+	¹ Secured by us
+	² Unsecurable <= refused
+
+
+	^: cert only matches www
+
+-->
+<ruleset name="WHYY.org">
+
+	<target host="whyy.org" />
+	<target host="www.whyy.org" />
+
+
+	<securecookie host="^\.whyy\.org$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?whyy\.org/"
+		to="https://www.whyy.org/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/WIMM.com.xml b/src/chrome/content/rules/WIMM.com.xml
deleted file mode 100644
index a891aa5d02fe..000000000000
--- a/src/chrome/content/rules/WIMM.com.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	CDN buckets:
-
-		- s3.amazonaws.com/store.wimm.com/
-
-
-	Nonfunctional subdomains:
-
-		- (www.)	(refused)
-
--->
-<ruleset name="WIMM.com (partial)">
-
-	<target host="*.wimm.com" />
-
-
-	<securecookie host="^\.?my\.wimm\.com$" name=".+" />
-
-
-	<rule from="^http://my\.wimm\.com/"
-		to="https://my.wimm.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/WIPO.int.xml b/src/chrome/content/rules/WIPO.int.xml
new file mode 100644
index 000000000000..9b6f17ec1502
--- /dev/null
+++ b/src/chrome/content/rules/WIPO.int.xml
@@ -0,0 +1,16 @@
+<!--
+	Mismatched:
+		- wipo.int
+-->
+<ruleset name="WIPO.int (partial)">
+	<target host="wipo.int" />
+	<target host="www.wipo.int" />
+	<target host="www3.wipo.int" />
+	<target host="webcomponents.wipo.int" />
+	<target host="wipolex.wipo.int" />
+
+	<rule from="^http://wipo\.int/"
+		to="https://www.wipo.int/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/WIPmania.xml b/src/chrome/content/rules/WIPmania.xml
index 39c3bb5f6a1b..1ee264fe2823 100644
--- a/src/chrome/content/rules/WIPmania.xml
+++ b/src/chrome/content/rules/WIPmania.xml
@@ -1,7 +1,9 @@
-<ruleset name="WIPmania">
-  <target host="www.wipmania.com" />
-  <target host="wipmania.com" />
+<ruleset name="WIPmania" default_off="expired cert">
+	<target host="wipmania.com" />
+	<target host="www.wipmania.com" />
+	<target host="api.wipmania.com" />
+	<target host="static.wipmania.com" />
 
-  <rule from="^http://(?:www\.)?wipmania\.com/" to="https://www.wipmania.com/"/>
-  <rule from="^http://wipmania\.com/" to="https://wipmania.com/"/>
+	<rule from="^http:"
+		to="https:"/>
 </ruleset>
diff --git a/src/chrome/content/rules/WLD_CDN.net.xml b/src/chrome/content/rules/WLD_CDN.net.xml
new file mode 100644
index 000000000000..2c091eba3125
--- /dev/null
+++ b/src/chrome/content/rules/WLD_CDN.net.xml
@@ -0,0 +1,11 @@
+<ruleset name="WLD CDN.net">
+
+	<target host="s.wldcdn.net" />
+
+		<test url="http://s.wldcdn.net/media/gpl/bootstrap/css/bootstrap-responsive.css" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/WLxrs.com.xml b/src/chrome/content/rules/WLxrs.com.xml
new file mode 100644
index 000000000000..a9b10b3c42a6
--- /dev/null
+++ b/src/chrome/content/rules/WLxrs.com.xml
@@ -0,0 +1,31 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://js2.wlxrs.com/ => https://js2.wlxrs.com/: (51, "SSL: no alternative certificate subject name matches target host name 'js2.wlxrs.com'")
+Fetch error: http://secure.wlxrs.com/ => https://secure.wlxrs.com/: (51, "SSL: no alternative certificate subject name matches target host name 'secure.wlxrs.com'")
+
+	For other Microsoft coverage, see Microsoft.xml.
+
+
+	Fully covered domains:
+
+		- \w+.wlxrs.com:
+
+			- js2
+			- secure
+
+-->
+<ruleset name="WLxrs.com" default_off="failed ruleset test">
+
+	<target host="*.wlxrs.com" />
+
+		<!--	Direct rewrites:
+					-->
+		<test url="http://js2.wlxrs.com/" />
+		<test url="http://secure.wlxrs.com/" />
+
+
+	<rule from="^http://(\w+)\.wlxrs\.com/"
+		to="https://$1.wlxrs.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/WM_Jobs.co.uk.xml b/src/chrome/content/rules/WM_Jobs.co.uk.xml
new file mode 100644
index 000000000000..133753f73f25
--- /dev/null
+++ b/src/chrome/content/rules/WM_Jobs.co.uk.xml
@@ -0,0 +1,25 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://wmjobs.co.uk/ => https://wmjobs.co.uk/: (60, 'SSL certificate problem: certificate has expired')
+
+	Mixed content:
+
+		- iframe from player.vimeo.com ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="WM Jobs.co.uk" default_off="failed ruleset test">
+
+	<target host="wmjobs.co.uk" />
+	<target host="www.wmjobs.co.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/WNYC.xml b/src/chrome/content/rules/WNYC.xml
index e5d57aeb19f4..f0036b6fa7f1 100644
--- a/src/chrome/content/rules/WNYC.xml
+++ b/src/chrome/content/rules/WNYC.xml
@@ -1,26 +1,41 @@
 <!--
-	Problematic domains:
+	Nonfunctional hosts in *wnyc.org:
 
-		- media40.wnyc.net	(mismatch)
+		- audio ʳ
+		- project	(refused)
 
+	ʳ Refused
 
-	Nonfunctional subdomains:
 
-		- audio
-		- project	(refused)
+	Insecure cookies are set for these domains:
+
+		- .wnyc.org
+
+
+	Mixed content:
+
+		- Image on www from $self *
+
+	* Secured by us
 
 -->
-<ruleset name="WNYC">
+<ruleset name="WNYC.org">
 
-	<target host="media40.wnyc.net" />
 	<target host="wnyc.org" />
-	<target host="*.wnyc.org" />
+	<target host="culture.wnyc.org" />
+	<target host="media.wnyc.org" />
+	<target host="media2.wnyc.org" />
+	<target host="www.wnyc.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.wnyc\.org$" name="^__qca$" /-->
 
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(culture\.|media\.|www\.)?wnyc\.org/"
-		to="https://$1wnyc.org/" />
 
-	<rule from="^https?://media40\.wnyc\.net/"
-		to="https://media.wnyc.org/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/WOVN.io.xml b/src/chrome/content/rules/WOVN.io.xml
new file mode 100644
index 000000000000..8b063c032d25
--- /dev/null
+++ b/src/chrome/content/rules/WOVN.io.xml
@@ -0,0 +1,19 @@
+<!--
+
+	Nonfunctional subdomains:
+
+		- t	(refused)
+
+-->
+<ruleset name="WOVN.io">
+
+	<target host="wovn.io" />
+	<target host="j.wovn.io" />
+	<target host="www.wovn.io" />
+
+	<test url="http://j.wovn.io/0" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/WOW_Analytics.co.uk.xml b/src/chrome/content/rules/WOW_Analytics.co.uk.xml
new file mode 100644
index 000000000000..0a08338d803b
--- /dev/null
+++ b/src/chrome/content/rules/WOW_Analytics.co.uk.xml
@@ -0,0 +1,42 @@
+<!--
+	Problematic subdomains:
+
+		- (www.) ¹
+		- news ²
+
+	¹ Works; mismatched, CN: secure.vcab.com
+	² Works; mismatched, CN: *.communigator.co.uk
+
+
+	Fully covered subdomains:
+
+		- app
+		- t
+		- test.t
+
+
+	Mixed content:
+
+		- css on news from www ¹
+
+		- Images on news and www from www ¹
+
+		- Bugs, on:
+
+			- www from news ¹
+			- www from s7.addthis.com ²
+
+	¹ Not secured by us <= mismatched
+	² Secured by us
+
+-->
+<ruleset name="WOW Analytics.co.uk (partial)">
+
+	<target host="app.wowanalytics.co.uk" />
+	<target host="t.wowanalytics.co.uk" />
+	<target host="test.t.wowanalytics.co.uk" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/WP-Engine.xml b/src/chrome/content/rules/WP-Engine.xml
index cfb73db36e7d..f7630719288f 100644
--- a/src/chrome/content/rules/WP-Engine.xml
+++ b/src/chrome/content/rules/WP-Engine.xml
@@ -1,4 +1,9 @@
 <!--
+	Other WP Engine rulesets:
+
+		- WP_Engine_Status.com.xml
+
+
 	CDN buckets:
 
 		- wpe.wpengine.netdna-cdn.com
@@ -9,36 +14,80 @@
 
 	Problematic subdomains:
 
-		- cdn		(404; mismatched, CN: *.netdna-ssl.com)
-		- press		(mismatched, CN: *.heroku.com)
+		- cdn			(404; mismatched, CN: *.netdna-ssl.com)
+		- *.*.wpengine.com	(mismatched, CN: *.wpengine.com)
 
 
 	Fully covered subdomains:
 
 		- (www.)
-		- cdn		(→ www)
+		- cdn		(→ ^)
 		- devbox
 		- my
-		- press		(→ wpengine.totemapp.com)
+		- press
+		- signup
 		- support
+		- \w+ *
+
+	* Per-account domains
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- wpengine.com
+		- .wpengine.com
+		- signup.wpengine.com
+
+
+	Mixed content:
+
+		- css, on:
+
+			- ^ from fast.fonts.net *
+			- ^ from fonts.googleapis.com *
+
+		- Images, on:
+
+			- ^ from wpengine.com *
+			- ^ from cdn.wpengine.com *
+
+	* Secured by us
 
 -->
-<ruleset name="WP Engine" platform="mixedcontent">
+<ruleset name="WP Engine.com">
 
 	<target host="wpengine.com" />
 	<target host="*.wpengine.com" />
 
+		<test url="http://cdn.wpengine.com/" />
+		<test url="http://devbox.wpengine.com/" />
+		<test url="http://my.wpengine.com/" />
+		<test url="http://press.wpengine.com/" />
+		<test url="http://signup.wpengine.com/" />
+		<test url="http://support.wpengine.com/" />
+		<test url="http://www.wpengine.com/" />
+		<test url="http://www.wpengine.com/blog" />
 
-	<securecookie host="^(?:.*\.)?wpengine\.com$" name=".+" />
+	<!-- deeper domains cause certificate mismatch error -->
+	<exclusion pattern="^http://([\w.-]+)\.([\w-]+)\.wpengine\.com"/>
 
+		<test url="http://talkdesk.staging.wpengine.com/"/>
+		<test url="http://kelvin.staging.wpengine.com/"/>
+		<test url="http://cfps.staging.wpengine.com/"/>
 
-	<rule from="^https?://cdn\.wpengine\.com/"
-		to="https://wpengine.com/" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(signup\.)?wpengine\.com$" name="^X-Mapping-[a-z]{8}$" /-->
+	<!--securecookie host="^\.wpengine\.com$" name="^(__cfduid|cf_clearance)$" /-->
+	<!--securecookie host="^signup\.wpengine\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host=".+" name=".+"/>
 
-	<rule from="^https?://press\.wpengine\.com/"
-		to="https://wpengine.totemapp.com/" />
 
-	<rule from="^http://(\w+\.)?wpengine\.com/"
-		to="https://$1wpengine.com/" />
+	<rule from="^http://cdn\.wpengine\.com/"
+		to="https://wpengine.com/" />
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/WP.pl-problematic.xml b/src/chrome/content/rules/WP.pl-problematic.xml
deleted file mode 100644
index 8e55e58c6695..000000000000
--- a/src/chrome/content/rules/WP.pl-problematic.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	For rules that are on by default, see WP.pl.xml.
-
--->
-<ruleset name="WP.pl (problematic)" default_off="mismatched">
-
-	<target host="diety.wp.pl" />
-
-
-	<securecookie host="^diety\.wp\.pl$" name=".+" />
-
-
-	<rule from="^http://diety\.wp\.pl/"
-		to="https://diety.wp.pl/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/WP.pl.xml b/src/chrome/content/rules/WP.pl.xml
index 98aa2a22a1c7..3262b3b08093 100644
--- a/src/chrome/content/rules/WP.pl.xml
+++ b/src/chrome/content/rules/WP.pl.xml
@@ -1,159 +1,135 @@
 <!--
 	Wirtualna Polska SA
 
-	For problematic rules, see WP.pl-problematic.xml.
-
-
-	CDN buckets:
-
-		- wp.ebrokerpartner.pl
-
-			- finansomat.wp.pl
-
-		- calisto.netpr.pl 
-
-			- dlaprasy.wp.pl
-
-
-	Nonfunctional domains:
-
-		- wp.pl subdomains:
+	Other Wirtualna Polska rulesets:
 
-			- (www.) *
-			- biznes *
-			- dlaprasy	(shows secure.netpr.pl; mismatched, CN: secure.netpr.pl)
-			- dzieci *
-			- ebiznes *
-			- ekstraklasa *
-			- erotyka *
-			- euro *
-			- facet *
-			- fantasyliga *
-			- i.fantasyliga *
-			- film *
-			- finanse *
-			- finansomat	(shows panel.cod.org.pl; mismatched, CN: panel.cod.org.pl)
-			- fitness **
-			- i.fitness **
-			- gielda *
-			- gry **
-			- i.gry **
-			- horoskop *
-			- kalendarz *
-			- kobieta *
-			- kontakty *
-			- info.mini *
-			- mobilna *
-			- moto *
-			- muzyka *
-			- newsletter *
-			- ogloszenia *
-			- onas *
-			- outbox *
-			- poczta	(redirects to profil, valid cert)
-			- pogoda *
-			- pomoc *
-			- prawnikonline *
-			- przewodnik *
-			- reklama **
-			- i.reklama **
-			- rekrutacja *
-			- rss *
-			- rtvagd *
-			- sport *
-			- biznes.szukaj *
-			- tech *
-			- topnews *
-			- tv *
-			- twojeip *
-			- wiadomosci *
-			- wikipedia *
-			- get-2.wpapi *
+		- businessclick.com.xml
+		- wpimg.pl.xml
 
-		- x.wpimg.pl *
-		- y.wpimg.pl *
+	Non-functional hosts
+		Couldn't connect to server:
+		- kontakty.wp.pl
+		- muzyka.wp.pl
+		- outbox.wp.pl
 
-	* Refused
-	** Dropped
+		SSL peer certificate was not OK:
+		- fantasyliga.wp.pl
+		- i.fantasyliga.wp.pl
+		- info.mini.wp.pl
+		- i.reklama.wp.pl
 
+		Status code mismatch:
+		- twojeip.wp.pl
 
-	Problematic domains:
+		Mixed content blocking (MCB) triggered:
+		- reklama.wp.pl
 
-		- diety.wp.pl	(works; mismatched, CN: *.vitalia.pl)
-		- b.wpimg.pl	(works; mismatched, CN: a.wpimg.pl)
-		- c.wpimg.pl	(works; mismatched, CN: i.wp.pl)
-		- i.wpimg.pl *
-		- j.wpimg.pl *
-
-	* Works; mismatched, CN: ir.i.wp.pl
-
-
-	Partially covered subdomains:
-
-		- agito *
-		- profil *
-
-	* Some pages redirect to http
-
-
-	Fully covered domains:
-
-		- wp.pl subdomains:
-
-			- i
-			- ir.i
-			- m.poczta
-			- adv.reklama
-			- si
-			- ticket.www
-
-		- wplimg.pl subdomains:
-
-			- a
-			- b	(→ a)
-			- c	(→ i.wp.pl)
-			- i	(→ ir.i.wp.pl)
-			- j	(→ ir.i.wp.pl)
-
-
-	Mixed content:
-
-		- Images on ticket.www.wp.pl from i.wp.pl *
-
-	* Secured by us, doesn't trip MCB
+		Some pages redirect to http:
+		- profil.wp.pl
 
 -->
 <ruleset name="WP.pl (partial)">
 
-	<target host="*.wp.pl" />
-		<!--exclusion pattern="^http://agito\.wp\.pl/(?:$|\?)" /-->
-		<exclusion pattern="^http://agito\.wp\.pl/(?!favicon\.ico|skin/)" />
+	<target host="wp.pl" />
+	<target host="www.wp.pl" />
+	<target host="agito.wp.pl" />
+	<target host="banki.wp.pl" />
+	<target host="biznes.wp.pl" />
+	<target host="diety.wp.pl" />
+	<target host="dlaprasy.wp.pl" />
+	<target host="dzieci.wp.pl" />
+	<target host="ebiznes.wp.pl" />
+	<target host="ekstraklasa.wp.pl" />
+	<target host="erotyka.wp.pl" />
+	<target host="euro.wp.pl" />
+	<target host="facet.wp.pl" />
+	<target host="film.wp.pl" />
+	<target host="finanse.wp.pl" />
+	<target host="finansomat.wp.pl" />
+	<target host="fitness.wp.pl" />
+	<target host="i.fitness.wp.pl" />
+	<target host="get-2.wpapi.wp.pl" />
+	<target host="gielda.wp.pl" />
+	<target host="gry.wp.pl" />
+	<target host="horoskop.wp.pl" />
+	<target host="i.wp.pl" />
+	<target host="ir.i.wp.pl" />
+	<target host="kalendarz.wp.pl" />
+	<target host="kobieta.wp.pl" />
+	<target host="mobilna.wp.pl" />
+	<target host="moto.wp.pl" />
+	<target host="newsletter.wp.pl" />
+	<target host="ogloszenia.wp.pl" />
+	<target host="onas.wp.pl" />
+	<target host="pasazfin.wp.pl" />
+	<target host="poczta.wp.pl" />
+	<target host="m.poczta.wp.pl" />
+	<target host="pogoda.wp.pl" />
+	<target host="pomoc.wp.pl" />
+	<target host="prawnikonline.wp.pl" />
+	<target host="profil.wp.pl" />
+	<target host="przewodnik.wp.pl" />
+	<target host="adv.reklama.wp.pl" />
+	<target host="rekrutacja.wp.pl" />
+	<target host="rss.wp.pl" />
+	<target host="rtvagd.wp.pl" />
+	<target host="si.wp.pl" />
+	<target host="sport.wp.pl" />
+	<target host="tech.wp.pl" />
+	<target host="ticket.www.wp.pl" />
+	<target host="topnews.wp.pl" />
+	<target host="turystyka.wp.pl" />
+	<target host="tv.wp.pl" />
+	<target host="wiadomosci.wp.pl" />
+	<target host="wikipedia.wp.pl" />
+
+		<!--	Redirect to http:
+						-->
 		<!--exclusion pattern="^http://profil\.wp\.pl/(?:wizytowka\.html)?(?:$|\?)" /-->
-		<exclusion pattern="^http://profile\.wp\.pl/(?!css/|favicon\.ico|login\.html|obrazek\.html)" />
-		<!--exclusion pattern="^http://www\." /-->
-	<target host="*.wpimg.pl" />
-
-
-	<securecookie host="^\.wp\.pl$" name="^statid$" />
-	<!--
-		Can we secure any of these safely?
-							-->
-	<!--securecookie host="^\.wp\.pl$" name="^(reksticket|rekticket|smarjfyrggredticket|smgredticket|smgrodticket|testwpd|WP-cookie-info|wpdticket)$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://profil\.wp\.pl/(?!css/|favicon\.ico|(?:login|obrazek|rejestracja)\.html)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://profil.wp.pl/loginbloog.html" />
+			<test url="http://profil.wp.pl/logout.html" />
+			<test url="http://profil.wp.pl/mlogin.html" />
+			<test url="http://profil.wp.pl/mlogin_poczta.html" />
+			<test url="http://profil.wp.pl/wizytowka.html" />
+
+			<!--	-ve:
+					-->
+			<test url="http://profil.wp.pl/css/nepal.css" />
+			<test url="http://profil.wp.pl/favicon.ico" />
+			<test url="http://profil.wp.pl/login.html" />
+			<test url="http://profil.wp.pl/obrazek.html" />
+			<test url="http://profil.wp.pl/rejestracja.html" />
+
+		<!--	404:
+				-->
+		<!--test url="http://agrobiznes.money.pl/artykul/produkty-tradycyjne-lista-z-woj,24,0,2018584.html" /-->
+		<!--
+			!404:
+				-->
+		<!--test url="http://agrobiznes.money.pl/" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.wp\.pl$" name="^(?:rekticket|sm\w+ticket|statid|wpdticket)$" /-->
+	<!--securecookie host="^\.(?:finanse|pasazfin|poczta)\.wp\.pl$" name="^(?:reksticket|wpsticket)$" /-->
 	<!--securecookie host="^\.poczta\.wp\.pl$" name="^s$" /-->
-	<securecookie host="^(?:i|adv\.reklama|ticket\.www)\.wp\.pl$" name=".+" />
-	<securecookie host="^a\.wpimg\.pl$" name=".+" />
+	<!--securecookie host="^\.www\.wp\.pl$" name="^(?:reksticket|sm\w+dticket)$" /-->
+	<!--securecookie host="^ticket\.www\.wp\.pl$" name="^statid$" /-->
 
+	<securecookie host="^\.wp\.pl$" name="^statid$" />
+	<securecookie host="^(?!profil\.)\w" name=".+" />
+	<securecookie host="^\.pasazfin\." name=".+" />
 
-	<rule from="^http://(agito|s?i|ir\.i|m\.poczta|profil|adv\.reklama|ticket\.www)\.wp\.pl/"
-		to="https://$1.wp.pl/" />
-
-	<rule from="^http://[ab]\.wpimg\.pl/"
-		to="https://a.wpimg.pl/" />
-
-	<rule from="^http://c\.wpimg\.pl/"
-		to="https://i.wp.pl/" />
 
-	<rule from="^http://[ij]\.wpimg\.pl/"
-		to="https://ir.i.wp.pl/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/WPP.xml b/src/chrome/content/rules/WPP.xml
index ebcd4f0fd8b8..4fa96c0dbb87 100644
--- a/src/chrome/content/rules/WPP.xml
+++ b/src/chrome/content/rules/WPP.xml
@@ -1,19 +1,44 @@
 <!--
-	Problematic subdomains:
+	^wpp.com: Mismatched
 
-		- (www.)	(mismatched, CN; secure.wpp.com)
+
+	Insecure cookies are set for these hosts:
+
+		- inside.wpp.com
+		- www.wpp.com
+
+
+	Mixed content:
+
+		- css on www from fonts.googleapis.com *
+
+	* Secured by us
 
 -->
-<ruleset name="WPP">
+<ruleset name="WPP.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="inside.wpp.com" />
+	<target host="www.wpp.com" />
 
+	<!--	Complications:
+				-->
 	<target host="wpp.com" />
-	<target host="*.wpp.com" />
 
 
-	<securecookie host="^secure\.wpp\.com$" name=".+" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^inside\.wpp\.com$" name="^website_inside#lang$" /-->
+	<!--securecookie host="^www\.wpp\.com$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^(?:inside|www)\.wpp\.com$" name=".+" />
+
 
+	<rule from="^http://wpp\.com/"
+		to="https://www.wpp.com/" />
 
-	<rule from="^http://(?:secure\.|www\.)?wpp\.com/"
-		to="https://secure.wpp.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/WP_Engine_Status.com.xml b/src/chrome/content/rules/WP_Engine_Status.com.xml
new file mode 100644
index 000000000000..6905f9fea271
--- /dev/null
+++ b/src/chrome/content/rules/WP_Engine_Status.com.xml
@@ -0,0 +1,24 @@
+<!--
+	For other WP Engine coverage, see WP-Engine.xml.
+
+
+	www: Cert only matches ^wpenginestatus.com
+
+
+	Mixed content:
+
+		- favicon from wpenginestatus.com *
+
+	* Secured by us
+
+-->
+<ruleset name="WP Engine Status.com">
+
+	<target host="wpenginestatus.com" />
+	<target host="www.wpenginestatus.com" />
+
+
+	<rule from="^http://(?:www\.)?wpenginestatus\.com/"
+		to="https://wpenginestatus.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/WP_digital.net.xml b/src/chrome/content/rules/WP_digital.net.xml
new file mode 100644
index 000000000000..2dcae0256bd9
--- /dev/null
+++ b/src/chrome/content/rules/WP_digital.net.xml
@@ -0,0 +1,52 @@
+<!--
+	For other Washington Post Company coverage, see Washington-Post-Company.xml.
+
+
+	CDN buckets:
+
+		- api.echoenabled.com
+
+			- echoapi
+
+		- css.wpdigital.net.edgesuite.net
+		- img[23]?.wpdigital.net.edgesuite.net
+
+		- washingtonpost-001.inscname.net
+
+			- translator
+
+
+	Nonfunctional subdomains:
+
+		- css *		(data also exist on www.washingtonpost.com)
+		- img *
+		- img[23] *
+		- translator	(404; mismatched, CN: ssl001.insnw.net)
+
+	* 504, akamai
+
+
+	Problematic subdomains:
+
+		- echoapi	(mismatched, CN: *.echoenabled.com)
+
+
+	Fully covered subdomains:
+
+		- css		(→ ssl.washingtonpost.com)
+		- echoapi	(→ api.echoenabled.com)
+
+-->
+<ruleset name="WP digital.net (partial)">
+
+	<target host="css.wpdigital.net" />
+	<target host="echoapi.wpdigital.net" />
+
+
+	<rule from="^http://css\.wpdigital\.net/"
+		to="https://ssl.washingtonpost.com/" />
+
+	<rule from="^http://echoapi\.wpdigital\.net/"
+		to="https://api.echoenabled.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/WRAL.com.xml b/src/chrome/content/rules/WRAL.com.xml
index 2af27b2428d7..bdaa473b58df 100644
--- a/src/chrome/content/rules/WRAL.com.xml
+++ b/src/chrome/content/rules/WRAL.com.xml
@@ -1,22 +1,28 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://wral.com/ => https://wral.com/: Too many redirects while fetching 'https://wral.com/'
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://wral.com/ => https://wral.com/: Cycle detected - URL already encountered: https://www.wral.com/
 	Problematic subdomains:
 
 		- wwwcache	(akamai)
 
 -->
-<ruleset name="WRAL.com">
+<ruleset name="WRAL.com" default_off="failed ruleset test">
 
 	<target host="wral.com" />
-	<target host="*.wral.com" />
+	<target host="www.wral.com" />
+	<target host="wwwcache.wral.com" />
 
 
 	<securecookie host="^\.wral\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?wral\.com/"
-		to="https://$1wral.com/" />
 
-	<rule from="^https?://wwwcache\.wral\.com/"
+	<rule from="^http://wwwcache\.wral\.com/"
 		to="https://www.wral.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/WSJ.net.xml b/src/chrome/content/rules/WSJ.net.xml
new file mode 100644
index 000000000000..3d777d77c323
--- /dev/null
+++ b/src/chrome/content/rules/WSJ.net.xml
@@ -0,0 +1,68 @@
+<!--
+	For other News Corporation coverage, see News-Corporation.xml.
+
+	CDN buckets:
+		- a248.e.akamai.net/f/248/67675/6h/si.wsj.net/
+		- a248.e.akamai.net/f/1731/67675/12h/(m|s[1-4ci]?).wsj.net/
+		- images.conferences.wsj.net.s3.amazonaws.com
+		- sc.wsj.net.edgesuite.net
+
+	403:
+		- stvquotes.wsj.net
+
+	Mismatched:
+		- wsj.net
+		- www.wsj.net
+		- barrons.wsj.net
+		- ereader.wsj.net
+		- images.conferences.wsj.net
+-->
+
+<ruleset name="WSJ.net">
+	<target host="art-secure.wsj.net" />
+		<test url="http://art-secure.wsj.net/api/photos/aee4b61b3d4d4ed6b56e6f42c50312ac/fit?width=78" />
+	<target host="asset.wsj.net" />
+		<test url="http://asset.wsj.net/public/snippet.production-3d262e16.css" />
+	<target host="fonts.wsj.net" />
+		<test url="http://fonts.wsj.net/HCo_Whitney/font_HCo_Whitney.css" />
+	<target host="m.wsj.net" />
+		<test url="http://m.wsj.net/video/20120612/061212nfl/061212nfl_115x65.jpg" />
+	<target host="m-secure.wsj.net" />
+		<test url="http://m-secure.wsj.net/video/" />
+	<target host="ore.wsj.net" />
+		<test url="http://ore.wsj.net/fp/assets/fonts/wsj-fonts.css" />
+	<target host="refer.wsj.net" />
+	<target host="s.wsj.net" />
+		<test url="http://s.wsj.net/blogs/swf/professor.swf" />
+		<test url="http://s.wsj.net/media/swf/main.swf" />
+		<test url="http://s.wsj.net/static_html_files/pushdownAd.css" />
+		<test url="http://s.wsj.net/video/public/vendor.min-c9c585e0.js" />
+		<test url="http://s.wsj.net/video/public/videocenter.min-a269c50b.css" />
+	<target host="s1.wsj.net" />
+		<test url="http://s1.wsj.net/img/orange_bullet.gif" />
+	<target host="s2.wsj.net" />
+		<test url="http://s2.wsj.net/img/hightlights_dottedLine.gif" />
+	<target host="s3.wsj.net" />
+		<test url="http://s3.wsj.net/img/blue_dotted_strip.gif" />
+	<target host="s4.wsj.net" />
+		<test url="http://s4.wsj.net/img/icon_entry.gif" />
+	<target host="sc.wsj.net" />
+		<test url="http://sc.wsj.net/css/standalone_partner_hat.css" />
+	<target host="sfonts.wsj.net" />
+		<test url="http://sfonts.wsj.net/HCo_Whitney/font_HCo_Whitney.css" />
+	<target host="si.wsj.net" />
+		<test url="http://si.wsj.net/public/resources/images/BN-OA783_sugar0_Z120_20160516145348.jpg" />
+	<target host="sj.wsj.net" />
+	<target host="cdn.store.wsj.net" />
+		<test url="http://cdn.store.wsj.net/252743668dc493935bcf6328389bd1006b03d211/img/000000-0.png" />
+	<target host="sts3.wsj.net" />
+		<test url="http://sts3.wsj.net/identity/lifp-files/static/promo/20160404/14372-WSJ-US-AprilSale-LoginScrim-598x106-25June16.jpg" />
+	<target host="vir.wsj.net" />
+		<test url="http://vir.wsj.net/fp/assets/app-b3f3f98a.js" />
+	<target host="wsjstream.wsj.net" />
+		<test url="http://wsjstream.wsj.net/bg/api/connect.ashx" />
+
+	<securecookie host="^\w" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/WSO2.com.xml b/src/chrome/content/rules/WSO2.com.xml
new file mode 100644
index 000000000000..4036cc877d49
--- /dev/null
+++ b/src/chrome/content/rules/WSO2.com.xml
@@ -0,0 +1,37 @@
+<!--
+	Fully covered subdomains:
+
+		- connect
+		- \w.content
+		- support
+		- www
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- ^ from connect *
+			- ^ from \d.content *
+
+	* Secured by us
+
+-->
+<ruleset name="WSO2.com (partial)">
+
+	<target host="wso2.com" />
+	<target host="*.wso2.com" />
+		<!--
+			Redirects to http:
+						-->
+		<!--exclusion pattern="^http://wso2\.com/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://wso2\.com/+(?!favicon\.ico|user(?:$|[?/]))" />
+
+
+	<rule from="^http://((?:connect|\w\.content|support|www)\.)?wso2\.com/"
+		to="https://$1wso2.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/WSPRnet.org.xml b/src/chrome/content/rules/WSPRnet.org.xml
new file mode 100644
index 000000000000..02bc23509a74
--- /dev/null
+++ b/src/chrome/content/rules/WSPRnet.org.xml
@@ -0,0 +1,13 @@
+<!--
+	Mismatched
+		- www.wsprnet.org
+		- dev.wsprnet.org
+		- ftp.wsprnet.org
+-->
+<ruleset name="WSPRnet.org">
+	<target host="wsprnet.org" />
+	<target host="www.wsprnet.org" />
+
+	<rule from="^http://www\.wsprnet\.org/" to="https://wsprnet.org/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/WSWS.xml b/src/chrome/content/rules/WSWS.xml
index 16b5ad73c914..9dc05980dafa 100644
--- a/src/chrome/content/rules/WSWS.xml
+++ b/src/chrome/content/rules/WSWS.xml
@@ -1,7 +1,23 @@
-<ruleset name="World Socialist Web Site">
-  <target host="wsws.org" />
-  <target host="*.wsws.org" />
+<!--
+	World Socialist Web Site
+
+
+	^wsws.org: Refused
+
+-->
+<ruleset name="WSWS.org">
+
+	<target host="wsws.org" />
+	<target host="*.wsws.org" />
+
+		<test url="http://piwik.wsws.org/analytics/piwik/piwik.php?idsite=1&amp;rec=1" />
+		<test url="http://www.wsws.org/" />
+
+
+	<rule from="^http://wsws\.org/"
+		to="https://www.wsws.org/" />
+
+	<rule from="^http:"
+		to="https:" />
 
-  <rule from="^http://(?:www\.)?wsws\.org/" to="https://www.wsws.org/"/>
-  <rule from="^http://([^/:@\.]+)\.wsws\.org/" to="https://$1.wsws.org/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/WTFUzz.com.xml b/src/chrome/content/rules/WTFUzz.com.xml
index 02e268be851a..9a4c54a577cb 100644
--- a/src/chrome/content/rules/WTFUzz.com.xml
+++ b/src/chrome/content/rules/WTFUzz.com.xml
@@ -1,7 +1,6 @@
 <ruleset name="WTFuzz.com">
 	<target host="wtfuzz.com" />
 	<target host="www.wtfuzz.com" />
-	<rule from="^http://www\.wtfuzz\.com/" to="https://www.wtfuzz.com/"/>
-	<rule from="^http://wtfuzz\.com/" to="https://www.wtfuzz.com/"/>
+	<rule from="^http:" to="https:" />
 </ruleset>
 
diff --git a/src/chrome/content/rules/WTFismyIP.xml b/src/chrome/content/rules/WTFismyIP.xml
deleted file mode 100644
index f5bb01345c46..000000000000
--- a/src/chrome/content/rules/WTFismyIP.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="WTFismyIP">
-	<target host="wtfismyip.com" />
-	<target host="ipv4.wtfismyip.com" />
-	<target host="ipv6.wtfismyip.com" />
-
-	<rule from="^http://(ipv4\.|ipv6\.)?wtfismyip\.com/" to="https://$1wtfismyip.com/" />
-</ruleset>
diff --git a/src/chrome/content/rules/WTO.org.xml b/src/chrome/content/rules/WTO.org.xml
index 936b264f089d..a177ac4d46f0 100644
--- a/src/chrome/content/rules/WTO.org.xml
+++ b/src/chrome/content/rules/WTO.org.xml
@@ -42,14 +42,20 @@
 -->
 <ruleset name="WTO.org (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="wto.org" />
-	<target host="*.wto.org" />
+	<target host="docs.wto.org" />
+	<target host="docsonline.wto.org" />
+	<target host="erecruitment.wto.org" />
+	<target host="etraining.wto.org" />
+	<target host="www.wto.org" />
 
 
 	<securecookie host="^(?:docs|erecruitment|etraining)\.wto\.org$" name=".+" />
 
 
-	<rule from="^http://((?:docs|docsonline|erecruitment|etraining|www)\.)?wto\.org/"
-		to="https://$1wto.org/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/WURFUL.xml b/src/chrome/content/rules/WURFUL.xml
new file mode 100644
index 000000000000..95ac55a67cc1
--- /dev/null
+++ b/src/chrome/content/rules/WURFUL.xml
@@ -0,0 +1,15 @@
+<ruleset name="WURFL">
+
+	<target host="wurfl.io" />
+	<target host="data.wurfl.io" />
+	<target host="demo.wurfl.io" />
+	<target host="web.wurfl.io" />
+	<target host="wit.wurfl.io" />
+	<target host="www.wurfl.io" />
+	<target host="wurfljs.com" />
+	<target host="www.wurfljs.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/WVU.edu.xml b/src/chrome/content/rules/WVU.edu.xml
new file mode 100644
index 000000000000..17cdcd3be922
--- /dev/null
+++ b/src/chrome/content/rules/WVU.edu.xml
@@ -0,0 +1,96 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+		- wvu.edu
+		- catalog.wvu.edu
+		- hr.wvu.edu
+
+	Incomplete certificate chain error:
+		- www.math.wvu.edu
+-->
+<ruleset name="WVU.edu (partial)">
+	<target host="wvu.edu" />
+	<target host="www.wvu.edu" />
+
+	<target host="admissions.wvu.edu" />
+	<target host="appstatus.wvu.edu" />
+
+	<target host="biology.wvu.edu" />
+	<target host="bog.wvu.edu" />
+
+	<target host="calendar.wvu.edu" />
+	<target host="campusmap.wvu.edu" />
+	<target host="careers.wvu.edu" />
+	<target host="cehs.wvu.edu" />
+	<target host="consumerinformation.wvu.edu" />
+
+	<target host="diningservices.wvu.edu" />
+	<target host="directory.wvu.edu" />
+
+	<target host="eberly.wvu.edu" />
+	<target host="ecampus.wvu.edu" />
+	<target host="emergency.wvu.edu" />
+	<target host="energy.wvu.edu" />
+	<target host="extension.wvu.edu" />
+
+	<target host="financialaid.wvu.edu" />
+
+	<target host="give.wvu.edu" />
+	<target host="graduateadmissions.wvu.edu" />
+
+	<target host="housing.wvu.edu" />
+	<target host="benefits.hr.wvu.edu" />
+	<target host="employmentservices.hr.wvu.edu" />
+
+	<target host="isc.wvu.edu" />
+	<target host="it.wvu.edu" />
+
+	<target host="lib.wvu.edu" />
+	<target host="onview.lib.wvu.edu" />
+	<target host="libguides.wvu.edu" />
+	<target host="library.wvu.edu" />
+	<target host="login.wvu.edu" />
+	
+	<target host="math.wvu.edu" />
+	<target host="www.math.wvu.edu" />
+	<target host="control.math.wvu.edu" />
+	<target host="myprinting.wvu.edu" />
+
+	<target host="office365.wvu.edu" />
+	<target host="online.wvu.edu" />
+
+	<target host="patterns.wvu.edu" />
+	<target host="photos.wvu.edu" />
+	<target host="portal.wvu.edu" />
+	<target host="provost.wvu.edu" />
+	<target host="prtstatus.wvu.edu" />
+
+	<target host="rba.wvu.edu" />
+	<target host="registrar.wvu.edu" />
+	<target host="research.wvu.edu" />
+
+	<target host="search.wvu.edu" />
+	<target host="star.wvu.edu" />
+	<target host="static.wvu.edu" />
+	<target host="stemcenter.wvu.edu" />
+	<target host="studentaccounts.wvu.edu" />
+
+	<target host="talentandculture.wvu.edu" />
+	<target host="titleix.wvu.edu" />
+	<target host="tour.wvu.edu" />
+
+	<target host="visit.wvu.edu" />
+
+	<target host="webstandards.wvu.edu" />
+	<target host="wvutoday.wvu.edu" />
+	
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://wvu\.edu/"
+		  to="https://www.wvu.edu/" />
+	
+	<rule from="^http://www\.math\.wvu\.edu/"
+		  to="https://math.wvu.edu/" />
+	
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/WWE.com.xml b/src/chrome/content/rules/WWE.com.xml
new file mode 100644
index 000000000000..856ae5c9d5ce
--- /dev/null
+++ b/src/chrome/content/rules/WWE.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="WWE.com (partial)">
+
+	<target host="community.wwe.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/WWF.ch.xml b/src/chrome/content/rules/WWF.ch.xml
new file mode 100644
index 000000000000..712a2df9c1ea
--- /dev/null
+++ b/src/chrome/content/rules/WWF.ch.xml
@@ -0,0 +1,30 @@
+<!--
+	For more WorldWildlife.org related ruleset, see WorldWildlife.org.xml
+
+	Different content:
+		- stageassets
+
+	Mismatch:
+		- www.pandaction
+-->
+<ruleset name="WWF Schweiz">
+	<target host="wwf.ch"/>
+	<target host="www.wwf.ch"/>
+	<target host="asset9.wwf.ch"/>
+	<target host="assets.wwf.ch"/>
+	<target host="assets9.wwf.ch"/>
+	<target host="climate.wwf.ch"/>
+	<target host="freiwilligenportal.wwf.ch"/>
+	<target host="innovation.wwf.ch"/>
+	<target host="mobile.wwf.ch"/>
+	<target host="pandaction.wwf.ch"/>
+	<target host="www.pandaction.wwf.ch"/>
+	<target host="reef.wwf.ch"/>
+	<target host="shop.wwf.ch"/>
+	<target host="support.wwf.ch"/>
+
+	<rule from="^http://www\.pandaction\.wwf\.ch/"
+		to="https://pandaction.wwf.ch/"/>
+	<rule from="^http:"
+		to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/WWF.or.jp.xml b/src/chrome/content/rules/WWF.or.jp.xml
new file mode 100644
index 000000000000..0f228a8c8f5a
--- /dev/null
+++ b/src/chrome/content/rules/WWF.or.jp.xml
@@ -0,0 +1,33 @@
+<!--
+	For more WorldWildlife.org related ruleset, see WorldWildlife.org.xml
+
+	Non-functional hosts
+		SSL peer certificate was not OK:
+			 - crm.wwf.or.jp
+			 - earthhour.wwf.or.jp
+
+		Peer certificate cannot be authenticated with given CA certificates:
+			 - web01.wwf.or.jp
+			 - web02.wwf.or.jp
+			 - www1.wwf.or.jp
+
+		4xx client error:
+			 - test.wwf.or.jp
+
+		Mixed Content Blocking (MCB) tiggered:
+			 - https://www.wwf.or.jp/campaign/2017_sm/
+-->
+<ruleset name="WWF.or.jp" platform="mixedcontent">
+	<target host="wwf.or.jp" />
+	<target host="www.wwf.or.jp" />
+	<target host="join.wwf.or.jp" />
+		<test url="http://join.wwf.or.jp/Landing/Admission.aspx" />
+		<test url="http://join.wwf.or.jp/Landing/ChangeCardInfo.aspx" />
+		<test url="http://join.wwf.or.jp/Landing/RequestDocument.aspx" />
+	<target host="shop.wwf.or.jp" />
+
+	<securecookie host="^wwf\.or\.jp$" name=".+" />
+	<securecookie host="^www\.wwf\.or\.jp$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/WWF.org.xml b/src/chrome/content/rules/WWF.org.xml
new file mode 100644
index 000000000000..faede20d812f
--- /dev/null
+++ b/src/chrome/content/rules/WWF.org.xml
@@ -0,0 +1,12 @@
+<!--
+	For more WorldWildlife.org related ruleset, see WorldWildlife.org.xml
+
+-->
+<ruleset name="WWF.org">
+	<target host="wwf.org" />
+	<target host="www.wwf.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/WWTE.xml b/src/chrome/content/rules/WWTE.xml
index 1d6f27862be4..646e775312fc 100644
--- a/src/chrome/content/rules/WWTE.xml
+++ b/src/chrome/content/rules/WWTE.xml
@@ -1,4 +1,38 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://wwte1.com/ => https://wwte1.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.wwte2.com/ => https://travel.wwte1.com/pubspec/scripts/eap.asp?eapid=0-30001: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.wwte3.com/ => https://travel.wwte1.com/pubspec/scripts/eap.asp?eapid=0-30001: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://wwte4.com/ => https://uk.wwte4.com/Default.aspx: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://uk.wwte4.com/ => https://uk.wwte4.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://wwte7.com/ => https://euro.wwte7.com/Default.aspx: (28, 'Connection timed out after 20007 milliseconds')
+Fetch error: http://wwte8.com/ => https://aus.wwte8.com/Default.aspx: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://aus.wwte8.com/ => https://aus.wwte8.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://wwte9.com/ => https://se.wwte9.com/Default.aspx: (7, 'Failed to connect to se.wwte9.com port 443: No route to host')
+Fetch error: http://se.wwte9.com/ => http://se.wwte9.com/: (7, 'Failed to connect to se.wwte9.com port 80: No route to host')
+Fetch error: http://wwte10.com/ => https://travel.wwte1.com/pubspec/scripts/eap.asp?eapid=0-30001: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.wwte11.com/ => https://travel.wwte1.com/pubspec/scripts/eap.asp?eapid=0-30001: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.wwte12.com/ => https://travel.wwte1.com/pubspec/scripts/eap.asp?eapid=0-30001: (28, 'Connection timed out after 20003 milliseconds')
+Fetch error: http://www.wwte13.com/ => https://travel.wwte1.com/pubspec/scripts/eap.asp?eapid=0-30001: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.wwte14.com/ => https://travel.wwte1.com/pubspec/scripts/eap.asp?eapid=0-30001: (28, 'Connection timed out after 20000 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://wwte1.com/ => https://wwte1.com/: (28, 'Connection timed out after 10000 milliseconds')
+Fetch error: http://www.wwte2.com/ => https://travel.wwte1.com/pubspec/scripts/eap.asp?eapid=0-30001: (28, 'Connection timed out after 10001 milliseconds')
+Fetch error: http://www.wwte3.com/ => https://travel.wwte1.com/pubspec/scripts/eap.asp?eapid=0-30001: (28, 'Connection timed out after 10001 milliseconds')
+Fetch error: http://wwte4.com/ => https://uk.wwte4.com/Default.aspx: (28, 'Connection timed out after 10001 milliseconds')
+Fetch error: http://uk.wwte4.com/ => https://uk.wwte4.com/: (28, 'Connection timed out after 10000 milliseconds')
+Fetch error: http://wwte7.com/ => https://euro.wwte7.com/Default.aspx: (28, 'Connection timed out after 10001 milliseconds')
+Fetch error: http://wwte8.com/ => https://aus.wwte8.com/Default.aspx: (28, 'Connection timed out after 10001 milliseconds')
+Fetch error: http://aus.wwte8.com/ => https://aus.wwte8.com/: (28, 'Connection timed out after 10000 milliseconds')
+Fetch error: http://wwte9.com/ => https://se.wwte9.com/Default.aspx: (28, 'Connection timed out after 10000 milliseconds')
+Fetch error: http://se.wwte9.com/ => http://se.wwte9.com/: (28, 'Connection timed out after 10000 milliseconds')
+Fetch error: http://wwte10.com/ => https://travel.wwte1.com/pubspec/scripts/eap.asp?eapid=0-30001: (28, 'Connection timed out after 10000 milliseconds')
+Fetch error: http://www.wwte11.com/ => https://travel.wwte1.com/pubspec/scripts/eap.asp?eapid=0-30001: (28, 'Connection timed out after 10000 milliseconds')
+Fetch error: http://www.wwte12.com/ => https://travel.wwte1.com/pubspec/scripts/eap.asp?eapid=0-30001: (28, 'Connection timed out after 10000 milliseconds')
+Fetch error: http://www.wwte13.com/ => https://travel.wwte1.com/pubspec/scripts/eap.asp?eapid=0-30001: (28, 'Connection timed out after 10000 milliseconds')
+Fetch error: http://www.wwte14.com/ => https://travel.wwte1.com/pubspec/scripts/eap.asp?eapid=0-30001: (28, 'Connection timed out after 10000 milliseconds')
 	Problematic domains:
 
 		- wwte.com *
@@ -14,7 +48,7 @@
 	* Mismatched, CN: *.wwte1.com
 
 -->
-<ruleset name="WWTE (partial)">
+<ruleset name="WWTE (partial)" default_off="failed ruleset test">
 
 	<target host="media.wwte.com" />
 	<target host="wwte1.com" />
@@ -52,34 +86,34 @@
 
 	<!--	Redirects like so:
 									-->
-	<rule from="^https?://www\.wwte(?:2|3|1\d)\.com/(?:default\.htm|pubspec/scripts/default\.asp)?(?:\?.*)?$"
+	<rule from="^http://www\.wwte(?:2|3|1\d)\.com/(?:default\.htm|pubspec/scripts/default\.asp)?(?:\?.*)?$"
 		to="https://travel.wwte1.com/pubspec/scripts/eap.asp?eapid=0-30001" />
 
-	<rule from="^https?://wwte4\.com/(\?.*)?$"
+	<rule from="^http://wwte4\.com/(\?.*)?$"
 		to="https://uk.wwte4.com/Default.aspx$1" />
 
 	<rule from="^http://uk\.wwte4\.com/"
 		to="https://uk.wwte4.com/" />
 
-	<rule from="^https?://wwte7\.com/(\?.*)?$"
+	<rule from="^http://wwte7\.com/(\?.*)?$"
 		to="https://euro.wwte7.com/Default.aspx$1" />
 
 	<rule from="^http://euro\.wwte7\.com/"
 		to="https://euro.wwte7.com/" />
 
-	<rule from="^https?://wwte8\.com/(\?.*)?$"
+	<rule from="^http://wwte8\.com/(\?.*)?$"
 		to="https://aus.wwte8.com/Default.aspx$1" />
 
 	<rule from="^http://aus\.wwte8\.com/"
 		to="https://aus.wwte8.com/" />
 
-	<rule from="^https?://wwte9\.com/(\?.*)?$"
+	<rule from="^http://wwte9\.com/(\?.*)?$"
 		to="https://se.wwte9.com/Default.aspx$1" />
 
-	<rule from="^https?://wwte10\.com/(?:default\.htm|pubspec/scripts/default\.asp)?(?:\?.*)?$"
+	<rule from="^http://wwte10\.com/(?:default\.htm|pubspec/scripts/default\.asp)?(?:\?.*)?$"
 		to="https://travel.wwte1.com/pubspec/scripts/eap.asp?eapid=0-30001" />
 
 	<rule from="^http://travel\.wwte10\.com/"
 		to="https://travel.wwte10.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/WaPo_Labs.com.xml b/src/chrome/content/rules/WaPo_Labs.com.xml
deleted file mode 100644
index 36af32ba7823..000000000000
--- a/src/chrome/content/rules/WaPo_Labs.com.xml
+++ /dev/null
@@ -1,26 +0,0 @@
-<!--
-	For other Washington Post Company coverage, see Washington-Post-Company.xml.
-
-
-	CDN buckets:
-
-		- d2pe20ur0h0p8p.cloudfront.net
-
-			- bunsen
-
-
-	Nonfunctional subdomains:
-
-		- ^	(refused)
-		- www	(dropped)
-
--->
-<ruleset name="WaPo Labs.com (partial)">
-
-	<target host="bunsen.wapolabs.com" />
-
-
-	<rule from="^http://bunsen\.wapolabs\.com/"
-		to="https://d2pe20ur0h0p8p.cloudfront.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Waag.org.xml b/src/chrome/content/rules/Waag.org.xml
new file mode 100644
index 000000000000..bdc26616c54d
--- /dev/null
+++ b/src/chrome/content/rules/Waag.org.xml
@@ -0,0 +1,10 @@
+<ruleset name="Waag.org">
+
+	<target host="waag.org" />
+	<target host="www.waag.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Wachovia.xml b/src/chrome/content/rules/Wachovia.xml
index 53a752972136..3590f9ff3f00 100644
--- a/src/chrome/content/rules/Wachovia.xml
+++ b/src/chrome/content/rules/Wachovia.xml
@@ -1,9 +1,31 @@
-<ruleset name="Wachovia">
-  <target host="wachovia.com" />
-  <target host="*.wachovia.com" />
-
-  <rule from="^http://wachovia\.com/"
-          to="https://wachovia.com/" />
-  <rule from="^http://(myed|odpsla|onlineservices|www)\.wachovia\.com/"
-          to="https://$1.wachovia.com/" />
-</ruleset>
\ No newline at end of file
+<!--
+	For other Wells Fargo coverage, see WellsFargo.xml.
+
+
+	(www.)?: Untrusted root
+
+
+	Insecure cookies are set for these hosts:
+
+		- myed.wachovia.com
+
+-->
+<ruleset name="Wachovia.com (partial)" default_off="cert-chain">
+
+	<!--	Direct rewrites:
+				-->
+	<!--target host="wachovia.com" /-->
+	<target host="myed.wachovia.com" />
+	<!--target host="www.wachovia.com" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^myed\.wachovia\.com$" name="^(?:ASP\.NET_SessionId|MyEDModeV2)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Wacken.com.xml b/src/chrome/content/rules/Wacken.com.xml
new file mode 100644
index 000000000000..7cee099c4f2a
--- /dev/null
+++ b/src/chrome/content/rules/Wacken.com.xml
@@ -0,0 +1,19 @@
+<!--
+	Wacken related domains not covered here:
+		- banner.wacken.com (CN mismatch)
+		- forum.wacken.com (403 on https)
+		- gallery.wacken.com (404 on https)
+		- full-metal-army.com (CN mismatch)
+		- metal-battle.com (refused)
+-->
+<ruleset name="Wacken.com (partial)">
+	<target host="wacken.com" />
+	<target host="www.wacken.com" />
+
+	<rule from="^http:"
+		to="https:" />
+	<!-- https breaks the widget -->
+	<exclusion pattern="^http://www\.wacken\.com/anfahrt-widget/index-(de|en)\.php" />
+		<test url="http://www.wacken.com/anfahrt-widget/index-de.php" />
+		<test url="http://www.wacken.com/anfahrt-widget/index-en.php" />
+</ruleset>
diff --git a/src/chrome/content/rules/Waeckerlin.org.xml b/src/chrome/content/rules/Waeckerlin.org.xml
new file mode 100644
index 000000000000..9b5e100bfefe
--- /dev/null
+++ b/src/chrome/content/rules/Waeckerlin.org.xml
@@ -0,0 +1,15 @@
+<!--
+	(www.): 403
+
+-->
+<ruleset name="Waeckerlin.org">
+
+	<target host="waeckerlin.org" />
+	<target host="marc.waeckerlin.org" />
+	<target host="www.waeckerlin.org" />
+
+
+	<rule from="^http://(?:marc\.|www\.)?waeckerlin\.org/"
+		to="https://marc.waeckerlin.org/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Waffles.fm.xml b/src/chrome/content/rules/Waffles.fm.xml
index 28484994f6ad..97aa8b3023de 100644
--- a/src/chrome/content/rules/Waffles.fm.xml
+++ b/src/chrome/content/rules/Waffles.fm.xml
@@ -1,5 +1,18 @@
-<ruleset name="Waffles.fm">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://waffles.fm/ => https://waffles.fm/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.waffles.fm/ => https://www.waffles.fm/: (28, 'Connection timed out after 20000 milliseconds')
+
+	Mixed content:
+
+		- css from $self *
+
+	* Secured by us, site redirects to https without us
+
+-->
+<ruleset name="Waffles.fm" default_off="failed ruleset test">
 	<target host="waffles.fm" />
 	<target host="www.waffles.fm" />
-	<rule from="^http://www\.waffles\.fm/" to="https://waffles.fm/"/>
+	<rule from="^http:" to="https:"/>
 </ruleset>
diff --git a/src/chrome/content/rules/Wageworks.com.xml b/src/chrome/content/rules/Wageworks.com.xml
new file mode 100644
index 000000000000..5cbdead387a1
--- /dev/null
+++ b/src/chrome/content/rules/Wageworks.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Wageworks.com">
+  <target host="wageworks.com" />
+  <target host="www.wageworks.com" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Wagner.xml b/src/chrome/content/rules/Wagner.xml
index 19aa596c94b7..ed5b4eaab641 100644
--- a/src/chrome/content/rules/Wagner.xml
+++ b/src/chrome/content/rules/Wagner.xml
@@ -2,5 +2,5 @@
   <target host="www.wagner.edu" />
   <target host="wagner.edu" />
 
-  <rule from="^http://(www\.)?wagner\.edu/" to="https://wagner.edu/"/>
+  <rule from="^http://(?:www\.)?wagner\.edu/" to="https://wagner.edu/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/Wahanda.net.xml b/src/chrome/content/rules/Wahanda.net.xml
new file mode 100644
index 000000000000..35ee8c9048ce
--- /dev/null
+++ b/src/chrome/content/rules/Wahanda.net.xml
@@ -0,0 +1,12 @@
+<ruleset name="Wahanda.net (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="cdneu.wahanda.net" />
+	<target host="cdneu2.wahanda.net" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Wahiduddin.net.xml b/src/chrome/content/rules/Wahiduddin.net.xml
new file mode 100644
index 000000000000..e8be035ec514
--- /dev/null
+++ b/src/chrome/content/rules/Wahiduddin.net.xml
@@ -0,0 +1,11 @@
+<!--
+	Invalid certificate:
+	- mail.wahiduddin.net
+
+-->
+<ruleset name="Wahiduddin.net">
+	<target host="wahiduddin.net" />
+	<target host="www.wahiduddin.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Waindigo.org.xml b/src/chrome/content/rules/Waindigo.org.xml
new file mode 100644
index 000000000000..ea3803d43b3c
--- /dev/null
+++ b/src/chrome/content/rules/Waindigo.org.xml
@@ -0,0 +1,9 @@
+<ruleset name="Waindigo.org">
+
+	<target host="waindigo.org" />
+	<target host="www.waindigo.org" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Waitrose.com.xml b/src/chrome/content/rules/Waitrose.com.xml
new file mode 100644
index 000000000000..2f4906bec45c
--- /dev/null
+++ b/src/chrome/content/rules/Waitrose.com.xml
@@ -0,0 +1,38 @@
+<!--
+	Other Waitrose rulesets:
+
+		- Waitrose_Direct.com.xml
+
+
+	CDN buckets:
+
+		- d1v30bmd12dhid.cloudfront.net
+		- dfjml3xf3svvu.cloudfront.net
+
+
+	Nonfunctional subdomains:
+
+		- helpandsupport	(dropped)
+
+
+	^: cert only matches www
+
+
+	Some pages redirect to http.
+
+-->
+<ruleset name="Waitrose.com (partial)">
+
+	<target host="waitrose.com" />
+	<target host="www.waitrose.com" />
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="^http://(www\.)?waitrose\.com/+($|\?|shop/(Browse/Groceries|MyList)($|\?))" /-->
+		<!--exclusion pattern="^http://(www\.)?waitrose\.com/+(?!content/|errors/error_images/|favicon\.ico|home/mywaitrose/|images/|(shop/(GetCustomerOrders|MyAccount|MyAddresses)|webapp/wcs/stores/servlet/LogonForm)($|\?))" /-->
+
+
+	<rule from="^http://(?:www\.)?waitrose\.com/(?=content/|favicon\.ico|(?:errors/error_)?images/|home/mywaitrose/|(?:shop/(?:GetCustomerOrders|MyAccount|MyAddresses)|webapp/wcs/stores/servlet/LogonForm)(?:$|\?))"
+		to="https://www.waitrose.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Waitrose_Direct.com.xml b/src/chrome/content/rules/Waitrose_Direct.com.xml
new file mode 100644
index 000000000000..3540085c2818
--- /dev/null
+++ b/src/chrome/content/rules/Waitrose_Direct.com.xml
@@ -0,0 +1,36 @@
+<!--
+	For other Waitrose coverage, see Waitrose.com.xml.
+
+
+	^ & images: cert only matches www
+
+
+	Some pages redirect to http.
+
+
+	Mixed content:
+
+		- Images on www from images ¹
+
+		- Ads on www from www.freshmjolk.com ²
+
+	¹ Secured by us
+	² Unsecurable
+
+-->
+<ruleset name="Waitrose Direct.com (partial)">
+
+	<target host="waitrosedirect.com" />
+	<target host="images.waitrosedirect.com" />
+	<target host="www.waitrosedirect.com" />
+		<!--
+			Redirect to http
+						-->
+		<!--exclusion pattern="^http://(www\.)?waitrosedirect\.com/+($|\?|(gifts|help|home)($|\?)|product/)" /-->
+		<exclusion pattern="^http://(?:www\.)?waitrosedirect\.com/+(?!favicon\.ico|info/|wcsstore/SharedStoreFront/Custom/|webapp/)" />
+
+
+	<rule from="^http://(?:images\.|www\.)?waitrosedirect\.com/"
+		to="https://www.waitrosedirect.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Wakelet.com.xml b/src/chrome/content/rules/Wakelet.com.xml
new file mode 100644
index 000000000000..d23e0b25b686
--- /dev/null
+++ b/src/chrome/content/rules/Wakelet.com.xml
@@ -0,0 +1,37 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://img3.wakelet.com/ => https://img3.wakelet.com/: (6, 'Could not resolve host: img3.wakelet.com')
+
+	CDN buckets:
+
+		- wakelet-style-static.s3.amazonaws.com
+
+
+	Insecure cookies are set for these hosts:
+
+		- wakelet.com
+
+-->
+<ruleset name="Wakelet.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="wakelet.com" />
+	<target host="embed.wakelet.com" />
+	<target host="embed-assets.wakelet.com" />
+	<target host="img3.wakelet.com" />
+	<target host="www.wakelet.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^wakelet\.com$" name="^(?:HS|JSESSIONID|homeV)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Wal.co.xml b/src/chrome/content/rules/Wal.co.xml
new file mode 100644
index 000000000000..2276fbf3b639
--- /dev/null
+++ b/src/chrome/content/rules/Wal.co.xml
@@ -0,0 +1,29 @@
+<!--
+	For other Walmart coverage, see Walmart.com.xml.
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- b.wal.co
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Wal.co">
+
+	<target host="a14.wal.co" />
+	<target host="b.wal.co" />
+	<target host="ll-us-i5.wal.co" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^b\.wal\.co$" name="^(?:b30msc|bsc|btc)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Wald.Intevation.org.xml b/src/chrome/content/rules/Wald.Intevation.org.xml
new file mode 100644
index 000000000000..805dfb07b202
--- /dev/null
+++ b/src/chrome/content/rules/Wald.Intevation.org.xml
@@ -0,0 +1,18 @@
+<!--
+	Remark: *.wald.intevation.org has a wildcard DNS record.
+
+	Other Intevation rulesets:
+
+		- Greenbone.xml
+		- Intevation-GmbH.xml
+-->
+<ruleset name="wald.intevation.org" default_off="mismatched">
+
+	<target host="wald.intevation.org" />
+	<target host="lists.wald.intevation.org" />
+
+	<securecookie host="^wald\.intevation\.org$" name=".+" />
+
+	<rule from="^http:"
+		  to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Walder_Wyss.com.xml b/src/chrome/content/rules/Walder_Wyss.com.xml
new file mode 100644
index 000000000000..45b8b2d2d13c
--- /dev/null
+++ b/src/chrome/content/rules/Walder_Wyss.com.xml
@@ -0,0 +1,14 @@
+<!--
+	^: cert only matches www
+
+-->
+<ruleset name="Walder Wyss.com">
+
+	<target host="walderwyss.com" />
+	<target host="www.walderwyss.com" />
+
+
+	<rule from="^http://(?:www\.)?walderwyss\.com/"
+		to="https://www.walderwyss.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Wales.gov.uk.xml b/src/chrome/content/rules/Wales.gov.uk.xml
new file mode 100644
index 000000000000..79a15483bc05
--- /dev/null
+++ b/src/chrome/content/rules/Wales.gov.uk.xml
@@ -0,0 +1,60 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://business.wales.gov.uk/ => https://business.wales.gov.uk/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://cssiw.wales.gov.uk/ => https://cssiw.wales.gov.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'cssiw.wales.gov.uk'")
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *wales.gov.uk:
+
+		- apw ᵃ
+		- law ᵃ
+		- prp ᵃ
+
+	ᵃ Shows another domain
+
+
+	Problematic hosts in *wales.gov.uk:
+
+		- (www.)? ᵐ
+		- lle ᵐ
+		- mylocalhealthservice ᵐ
+		- mylocalschool ᵐ
+
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .wales.gov.uk
+		- statswales.wales.gov.uk
+
+-->
+<ruleset name="Wales.gov.uk (partial)" default_off="failed ruleset test">
+
+	<target host="adfs.wales.gov.uk" />
+	<target host="bcomm.wales.gov.uk" />
+	<target host="business.wales.gov.uk" />
+	<target host="carrierbagcharge.wales.gov.uk" />
+	<target host="change4life.wales.gov.uk" />
+	<target host="cssiw.wales.gov.uk" />
+	<target host="hwb.wales.gov.uk" />
+	<target host="login.hwb.wales.gov.uk" />
+	<target host="statswales.wales.gov.uk" />
+	<target host="twf.wales.gov.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.wales\.gov\.uk$" name="^hwb$" /-->
+	<!--securecookie host="^statswales\.wales\.gov\.uk$" name="^\.ASPXANONYMOUS$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Walgreens.xml b/src/chrome/content/rules/Walgreens.xml
index 69d3403d0008..d02e3cf7c1c4 100644
--- a/src/chrome/content/rules/Walgreens.xml
+++ b/src/chrome/content/rules/Walgreens.xml
@@ -13,7 +13,9 @@
 <ruleset name="Walgreens (partial)">
 
 	<target host="walgreens.com" />
-	<target host="*.walgreens.com" />
+	<target host="img2.walgreens.com" />
+	<target host="news.walgreens.com" />
+	<target host="www.walgreens.com" />
 		<exclusion pattern="^http://(?:www\.)?walgreens\.com/(?!common/|images/)" />
 
 
@@ -22,7 +24,6 @@
 	<securecookie host="^\.walgreens\.com$" name="^s_\w\w$" />
 
 
-	<rule from="^http://((?:img2|news|www)\.)?walgreens\.com/"
-		to="https://$1walgreens.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Walking_Men.xml b/src/chrome/content/rules/Walking_Men.xml
index 6f9977e22953..d2fd059ac497 100644
--- a/src/chrome/content/rules/Walking_Men.xml
+++ b/src/chrome/content/rules/Walking_Men.xml
@@ -1,17 +1,26 @@
 <!--
 	^	-	 self-signed
 
+
+	Mixed content:
+
+		- css from fonts.googleapis.com *
+
+		- favicon from ^ *
+
+	* Secured by us
+
 -->
 <ruleset name="Walking Men">
 
 	<target host="walkingmen.com" />
-	<target host="*.walkingmen.com" />
+	<target host="www.walkingmen.com" />
 
 
 	<securecookie host="^\.walkingmen\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?walkingmen\.com/"
+	<rule from="^http://(?:www\.)?walkingmen\.com/"
 		to="https://www.walkingmen.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Wall-Street-Journal.xml b/src/chrome/content/rules/Wall-Street-Journal.xml
new file mode 100644
index 000000000000..9c9f4e2da194
--- /dev/null
+++ b/src/chrome/content/rules/Wall-Street-Journal.xml
@@ -0,0 +1,125 @@
+<!--
+	For other News Corporation coverage, see News-Corporation.xml.
+
+	Nonfunctional hosts in *wsj.com:
+		- blogs ᵃ (e.g. http://blogs.wsj.com/wtk/)
+		- cfonetwork ʳ
+		- cionetwork ʳ
+		- dj ᵈ
+		- europesubs ⁴
+		- guides ² (e.g. http://guides.wsj.com/wine/)
+		- help ʰ
+		- info ʳ
+		- peac ʳ
+		- portfolio ʳ
+		- projects ᵃ (e.g. https://projects.wsj.com/buzzwords2014/)
+		- realtime ʰ
+		- (www.)?stepahead ⁴
+		- admin.stream ³
+		- student ³
+		- synccontent
+		- wn ᵗ
+		- womenin ʳ
+		- wsjdconference ᵈ
+	ᵃ Active mixed content
+	² 502
+	³ 503
+	⁴ 404
+	⁵ 504
+	ᵈ Dropped
+	ʰ Redirects to http
+	ʳ Refused
+	ᵗ Timeout
+
+	Problematic hosts in *wsj.com:
+		- cn ᵐ
+		- m.cn ᵐ
+		- djx ᶜ
+		- indo ᵐ
+		- m.jp ᵐ
+		- kr ᵐ
+		- live ᵐ
+		- m ᵐ
+		- now ᵐ
+		- projoin.origin ᵐ
+		- stream ᵐ
+		- www.subscribe ᵗ
+		- topics ᵐ
+		- uk ᵐ
+		- ore.www ᵐ
+		- vir.www ᵐ
+	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
+	ᵐ Mismatched
+	ᵗ Timeout
+
+	Problematic hosts in *wsje.com:
+		- ^ ᵐ
+		- www ᵐ
+	ᵐ Mismatched
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+		- .wsj.com
+		- blue-store.wsj.com
+		- customercenter.wsj.com
+		- .customercenter.wsj.com
+		- services.wsj.com
+		- store.wsj.com
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+	Mixed content:
+		- Image on customercenter from s2.wsj.net ˢ
+		- Bug on classified, classifieds from dowjones.122.2o7.net ˢ
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+-->
+
+<ruleset name="Wall Street Journal (partial)">
+	<!-- dowjones.com -->
+	<target host="djrc.portal.dowjones.com" />
+
+	<!-- wsj.com -->
+	<target host="wsj.com" />
+	<target host="www.wsj.com" />
+	<target host="blue-store.wsj.com" />
+	<target host="buy.wsj.com" />
+		<test url="http://buy.wsj.com/maywsjus/" />
+	<target host="cbuy.wsj.com" />
+	<target host="city.wsj.com" />
+	<target host="classified.wsj.com" />
+	<target host="classifieds.wsj.com" />
+	<target host="conferences.wsj.com" />
+	<target host="converge.wsj.com" />
+	<target host="customercenter.wsj.com" />
+	<target host="deloitte.wsj.com" />
+	<target host="dlive.wsj.com" />
+	<target host="education.wsj.com" />
+	<target host="graphics.wsj.com" />
+	<target host="graphicsweb.wsj.com" />
+	<target host="id.wsj.com" />
+	<target host="jp.wsj.com" />
+	<target host="online.wsj.com" />
+	<target host="professor.wsj.com" />
+	<target host="quotes.wsj.com" />
+	<target host="services.wsj.com" />
+	<target host="signin.wsj.com" />
+	<target host="store.wsj.com" />
+	<target host="subscribe.wsj.com" />
+	<target host="subscription.wsj.com" />
+	<target host="video-api.wsj.com" />
+		<test url="http://video-api.wsj.com/api-video/player/v2/css/play_btn_50.png" />
+	<target host="wsjdlive.wsj.com" />
+
+
+	<!-- Not secured by server -->
+	<!--securecookie host="^\.wsj\.com$" name="^(LPLogin|djcs_route|wsjregion)$" /-->
+	<!--securecookie host="^(blue-)?store\.wsj\.com$" name="^AWSELB$" /-->
+	<!--securecookie host="^customercenter\.wsj\.com$" name="^(defaultLocale|slanguage|slocale)$" /-->
+	<!--securecookie host="^\.customercenter\.wsj\.com$" name="^djcs_int$" /-->
+	<!--securecookie host="^services\.wsj\.com$" name="^JSESSIONID$" /-->
+
+	<securecookie host="^\." name="^(_gat?$|_gat_|s_v)" />
+	<securecookie host="^\.customercenter\." name=".+" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Wallet.La.xml b/src/chrome/content/rules/Wallet.La.xml
new file mode 100644
index 000000000000..6a17b7ebaf14
--- /dev/null
+++ b/src/chrome/content/rules/Wallet.La.xml
@@ -0,0 +1,22 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://wallet.la/ => https://wallet.la/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.wallet.la/ => https://www.wallet.la/: (7, '')
+
+-->
+<ruleset name="Wallet.La" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="wallet.la" />
+	<target host="www.wallet.la" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/WalletGenerator.net.xml b/src/chrome/content/rules/WalletGenerator.net.xml
new file mode 100644
index 000000000000..f9f06273712a
--- /dev/null
+++ b/src/chrome/content/rules/WalletGenerator.net.xml
@@ -0,0 +1,25 @@
+<!--
+	NB: Server sends no certificate chain, see https://whatsmychaincert.com
+
+
+	www.walletgenerator.net: Shows default page
+
+-->
+<ruleset name="WalletGenerator.net" default_off="cert-chain">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="walletgenerator.net" />
+
+	<!--	Complications:
+				-->
+	<target host="www.walletgenerator.net" />
+
+
+	<rule from="^http://www\.walletgenerator\.net/"
+		to="https://walletgenerator.net/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Wallpaperstoday.xml b/src/chrome/content/rules/Wallpaperstoday.xml
deleted file mode 100644
index ce186d0b42c2..000000000000
--- a/src/chrome/content/rules/Wallpaperstoday.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Wallpaperstoday">
-
-	<target host="wallpapers-today.com" />
-	<target host="*.wallpapers-today.com" />
-
-
-	<securecookie host="^(?:www)?\.wallpapers-today\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?wallpapers-today\.com/"
-		to="https://$1wallpapers-today.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/WallstreetCN.xml b/src/chrome/content/rules/WallstreetCN.xml
new file mode 100644
index 000000000000..417a19685db4
--- /dev/null
+++ b/src/chrome/content/rules/WallstreetCN.xml
@@ -0,0 +1,37 @@
+<!--
+	Mismatch:
+		- stage.api.wallstreetcn.com
+		- download.bao.wallstreetcn.com
+		- image.bao.wallstreetcn.com
+		- dl.wallstreetcn.com
+		- api.markets.wallstreetcn.com
+
+		- cdn.wallstcn.com
+		- post.cdn.wallstcn.com
+		- markets.wallstcn.com
+		- post.wallstcn.com
+		- s.wallstcn.com
+		- markets.s.wallstcn.com
+		- static.wallstcn.com
+
+	Time out:
+		- www	( http://www Redirect to ^ auto by server. )
+-->
+
+<ruleset name="WallstreetCN (partial)">
+
+	<target host="wallstreetcn.com" />
+	<target host="activity.wallstreetcn.com" />
+		<test url="http://activity.wallstreetcn.com/activities/2016_us_presidential/banner/" />
+	<target host="api.wallstreetcn.com" />
+		<test url="http://api.wallstreetcn.com/v2/stars/" />
+	<target host="bao.wallstreetcn.com" />
+	<target host="live.wallstreetcn.com" />
+	<target host="m.wallstreetcn.com" />
+	<target host="markets.wallstreetcn.com" />
+
+	<target host="walicdn.wallstcn.com" />
+	<target host="wpimg.wallstcn.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Walmart.com.xml b/src/chrome/content/rules/Walmart.com.xml
new file mode 100644
index 000000000000..1e006740a7ef
--- /dev/null
+++ b/src/chrome/content/rules/Walmart.com.xml
@@ -0,0 +1,76 @@
+<!--
+	Other Wal-Mart rulesets:
+		- ASDA.xml
+		- asdacalltime.com.xml
+		- asdagoodliving.co.uk.xml
+		- asdapriceguarantee.co.uk.xml
+		- assets-asda.com.xml
+		- toyou.co.uk.xml
+		- Walmart_images.com.xml
+
+	Non-functional hosts
+		Timeout was reached:
+		- beacon.stage.walmart.com
+
+		SSL peer certificate was not OK:
+		- localad.walmart.com
+		- weeklyad.walmart.com
+
+		Status code mismatched:
+		- es.foundation.walmart.com
+
+		5xx server error:
+		- cartservice.walmart.com
+		- suppliercenter.walmart.com
+-->
+<ruleset name="Walmart.com (partial)">
+	<target host="walmart.com" />
+	<target host="www.walmart.com" />
+
+	<target host="accionistas.walmart.com" />
+	<target host="affil.walmart.com" />
+	<target host="beacon.affil.walmart.com" />
+	<target host="c.affil.walmart.com" />
+	<target host="affiliates.walmart.com" />
+
+	<target host="beacon.walmart.com" />
+	<target host="beacon.beta.walmart.com" />
+	<target host="blog.walmart.com" />
+
+	<target host="careers.walmart.com" />
+	<target host="beacon.classrooms.walmart.com" />
+	<target host="corporate.walmart.com" />
+	<target host="cdn.corporate.walmart.com" />
+	<target host="cms.corporate.walmart.com" />
+	<target host="es.corporate.walmart.com" />
+	<target host="corporativo.walmart.com" />
+
+	<target host="fonts.walmart.com" />
+	<target host="foundation.walmart.com" />
+	<target host="fundacion.walmart.com" />
+
+	<target host="help.walmart.com" />
+
+	<target host="learn.walmart.com" />
+
+	<target host="mobile.walmart.com" />
+
+	<target host="news.walmart.com" />
+	<target host="es.news.walmart.com" />
+
+	<target host="p13n-assets.walmart.com" />
+	<target host="partner.walmart.com" />
+
+	<target host="savingscatcher.walmart.com" />
+	<target host="beacon.savingscatcher.walmart.com" />
+	<target host="stock.walmart.com" />
+	<target host="es.stock.walmart.com" />
+
+	<target host="wm13.walmart.com" />
+	<target host="wm15.walmart.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Walmart_images.com.xml b/src/chrome/content/rules/Walmart_images.com.xml
new file mode 100644
index 000000000000..677dc63f3bdf
--- /dev/null
+++ b/src/chrome/content/rules/Walmart_images.com.xml
@@ -0,0 +1,48 @@
+
+<!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Fetch error: http://i2.walmartimages.com/css/global_ie6.css => https://i-secure.walmartimages.com/css/global_ie6.css: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://i-secure.walmartimages.com/ => https://i-secure.walmartimages.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://secure.walmartimages.com/ => https://secure.walmartimages.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://i.walmartimages.com/ => https://i-secure.walmartimages.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://i2.walmartimages.com/ => https://i-secure.walmartimages.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+
+	For other Walmart coverage, see Walmart.com.xml.
+
+
+	CDN buckets:
+
+		- i.walmartimages.com.edgesuite.net
+
+
+	Insecure cookies are set for these hosts:
+
+		- secure.walmartimages.com
+
+-->
+<ruleset name="Walmart images.com">
+
+	<!--	Direct rewrites:
+				-->
+	<!-- target host="i-secure.walmartimages.com" /-->
+	<target host="i5.walmartimages.com" />
+	<target host="i6.walmartimages.com" />
+	<target host="i7.walmartimages.com" />
+	<!-- target host="secure.walmartimages.com" /-->
+
+	<!--	Complications:
+				-->
+	<!-- target host="i.walmartimages.com" /-->
+	<!-- target host="i2.walmartimages.com" /-->
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^secure\.walmartimages\.com$" name="^NSC.+" /-->
+
+	<securecookie host="^secure\.walmartimages\.com$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Waltham_Forest.gov.uk.xml b/src/chrome/content/rules/Waltham_Forest.gov.uk.xml
new file mode 100644
index 000000000000..559328325be4
--- /dev/null
+++ b/src/chrome/content/rules/Waltham_Forest.gov.uk.xml
@@ -0,0 +1,76 @@
+<!--
+	London Borough of Waltham Forest Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *walthamforest.gov.uk:
+
+		- csd ʰ
+		- democracy ⁴
+		- pcbookings ʳ
+
+	⁴ 404
+	ʰ Redirects to http
+	ʳ Refused
+
+
+	^walthamforest.gov.uk: Redirect differs
+
+
+	Insecure cookies are set for these hosts:
+
+		- myplace.walthamforest.gov.uk
+		- portal.walthamforest.gov.uk
+		- propertylicensing.walthamforest.gov.uk
+		- spocc.walthamforest.gov.uk
+
+
+	Mixed content:
+
+		- Images on blogs from $self ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="Waltham Forest.gov.uk (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="blogs.walthamforest.gov.uk" />
+	<target host="ecitizen.walthamforest.gov.uk" />
+	<target host="eclaim.walthamforest.gov.uk" />
+	<target host="myplace.walthamforest.gov.uk" />
+	<target host="myplacelive.walthamforest.gov.uk" />
+	<target host="planning.walthamforest.gov.uk" />
+	<target host="portal.walthamforest.gov.uk" />
+	<target host="press.walthamforest.gov.uk" />
+	<target host="propertylicensing.walthamforest.gov.uk" />
+	<target host="spocc.walthamforest.gov.uk" />
+	<target host="thehub.walthamforest.gov.uk" />
+	<target host="www.walthamforest.gov.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="walthamforest.gov.uk" />
+
+		<!--	Sets cookie without Secure:
+							-->
+		<!--test url="http://propertylicensing.walthamforest.gov.uk/PRPL/ServiceRequests/Default/MyServicesLogin" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:myplace|propertylicensing|spocc)\.walthamforest\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^portal\.walthamforest\.gov\.uk$" name="^(?:AWSELB|AchieveFormsRedirectLink|X-FS-RET)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://walthamforest\.gov\.uk/"
+		to="https://www.walthamforest.gov.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Walthers.xml b/src/chrome/content/rules/Walthers.xml
index 0252f92bea3f..81ede7f3fcfc 100644
--- a/src/chrome/content/rules/Walthers.xml
+++ b/src/chrome/content/rules/Walthers.xml
@@ -2,5 +2,5 @@
   <target host="www.walthers.com" />
   <target host="walthers.com" />
 
-  <rule from="^http://(www\.)?walthers\.com/" to="https://walthers.com/"/>
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Wamba.com.xml b/src/chrome/content/rules/Wamba.com.xml
new file mode 100644
index 000000000000..d3ce4c99e9bc
--- /dev/null
+++ b/src/chrome/content/rules/Wamba.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Other Wamba rulesets:
+		+ Mamba.xml
+		+ Wamba_CDN.net.xml
+
+	wamba.com has both a wildcard DNS record and a wildcard certificate.
+-->
+
+<ruleset name="Wamba.com">
+	<target host="wamba.com" />
+	<target host="*.wamba.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+	<test url="http://www.wamba.com/" />
+	<test url="http://corp.wamba.com/" />
+	<test url="http://partner.wamba.com/" />
+
+	<test url="http://ermgw4vcq52y3mm8wzyk.wamba.com/" />
+	<test url="http://3yari6sl2tnv4fo6fq3a.wamba.com/" />
+	<test url="http://vjjmbf91sj523vrpxosp.wamba.com/" />
+	<test url="http://yz1ahazbbfq58h3qpqy7.wamba.com/" />
+	<test url="http://flmwkdfd300k1ehphgwn.wamba.com/" />
+</ruleset>
diff --git a/src/chrome/content/rules/Wamba_CDN.net.xml b/src/chrome/content/rules/Wamba_CDN.net.xml
new file mode 100644
index 000000000000..c1365a7d4c5d
--- /dev/null
+++ b/src/chrome/content/rules/Wamba_CDN.net.xml
@@ -0,0 +1,20 @@
+<!--
+	For other Wamba coverage, see Wamba.com.xml.
+
+
+	Nonfunctional subdomains:
+
+		- social *
+
+	* Shows partner.wamba.com
+
+-->
+<ruleset name="Wamba CDN.net (partial)">
+
+	<target host="images.wambacdn.net" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Wand.com.xml b/src/chrome/content/rules/Wand.com.xml
new file mode 100644
index 000000000000..ae3b1ab4507d
--- /dev/null
+++ b/src/chrome/content/rules/Wand.com.xml
@@ -0,0 +1,29 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://wand.com/ => https://wand.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.wand.com/ => https://www.wand.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+	Insecure cookies are set for these hosts:
+
+		- wand.com
+		- www.wand.com
+
+-->
+<ruleset name="Wand.com" default_off="failed ruleset test">
+
+	<target host="wand.com" />
+	<target host="www.wand.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?wand\.com$" name="^(ASP\.NET_SessionId|ASPSESSIONID[A-Z]{8}|mylanguage)$" /-->
+
+	<securecookie host="^(?:www\.)?wand\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Wandoujia.xml b/src/chrome/content/rules/Wandoujia.xml
new file mode 100644
index 000000000000..47b18eb1802d
--- /dev/null
+++ b/src/chrome/content/rules/Wandoujia.xml
@@ -0,0 +1,57 @@
+<!--
+	404:
+		www.wandoujia.com/	( Only ok in homepage. Test: https://www.wandoujia.com/screen )
+		click.wandoujia.com	https://click.wandoujia.com/3/i/com.tencent.reading/40854/1589162.gif
+		developer.wandoujia.com	https://developer.wandoujia.com/terms/
+		open.wandoujia.com
+		uowechat.wandoujia.com	https://uowechat.wandoujia.com/feedback
+
+	Mismatch:
+		appindex.wandoujia.com
+		help.wandoujia.com
+
+		a.wdjcdn.com	https://a.wdjcdn.com/release/files/phoenix/5.24.2.12070/wandoujia-wandoujia-web_direct_binded_5.24.2.12070.apk
+		nc-dl.wdjcdn.com	http://nc-dl.wdjcdn.com/files/release2/WanDouJia_2.exe
+		t.wdjcdn.com	https://t.wdjcdn.com/upload/o2o/tag-s8079beb9a2.png
+
+		img.wdjimg.com	https://img.wdjimg.com/mms/icon/v1/8/98/4aff90d4c64d62be54cef926650a0988_48_48.png
+		s.wdjimg.com	https://s.wdjimg.com/style/images/mms/pattern_bg.png
+		ss.wdjimg.com
+		static.wdjimg.com	https://static.wdjimg.com/gaea/a185c85bbbf34a8517bc969afe189d0d.gif
+
+	Redirect to http:
+		www.wandoujia.com/apps/
+-->
+
+<ruleset name="Wandoujia (partial)">
+	<!--	Complications:	-->
+	<target host="wandoujia.com" />
+	<target host="www.wandoujia.com" />
+	<exclusion pattern="^http://(www\.)?wandoujia\.com/\S+" />
+		<test url="http://wandoujia.com/apps/com.danielstudio.app.wowtu" />
+		<test url="http://www.wandoujia.com/apps/com.danielstudio.app.wowtu" />
+		<test url="http://www.wandoujia.com/screen" />
+		<test url="http://www.wandoujia.com/eyepetizer" />
+		<test url="http://www.wandoujia.com/pay" />
+
+	<target host="apps.wandoujia.com" />
+	<exclusion pattern="^http://apps.wandoujia.com/(?!api/)" />
+		<test url="http://apps.wandoujia.com/tag/" />
+		<test url="http://apps.wandoujia.com/api/v1/apps?type=weeklytopgame" />
+
+	<!--	Directly:	-->
+	<target host="account.wandoujia.com" />
+	<target host="dl.wandoujia.com" />
+		<test url="http://dl.wandoujia.com/files/phoenix/latest/wandoujia-wandoujia_web.apk" />
+	<target host="mir.wandoujia.com" />
+		<test url="http://mir.wandoujia.com/getwdj/homepage_" />
+	<target host="suggest2.wandoujia.com" />
+		<test url="http://suggest2.wandoujia.com/search_sug" />
+
+	<target host="sm.wdjcdn.com" />
+		<test url="http://sm.wdjcdn.com/release/files/jupiter/5.6.1.8925/wandoujia-wandoujia_web.apk" />
+	<target host="st.wdjcdn.com" />
+		<test url="http://st.wdjcdn.com/frontend/misc/javascripts/analytics.js" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Wangyin.com.xml b/src/chrome/content/rules/Wangyin.com.xml
new file mode 100644
index 000000000000..34b46a46ef39
--- /dev/null
+++ b/src/chrome/content/rules/Wangyin.com.xml
@@ -0,0 +1,47 @@
+<!--
+	Nonfunctional hosts in *wangyin.com:
+
+		- help *
+		- job *
+
+	* Dropped
+
+
+	^wangyin.com: Mismatched
+
+
+	Mixed content:
+
+		- Images from img10.360buyimg.com *
+
+	* Secured by us
+
+-->
+<ruleset name="wangyin.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="biz.wangyin.com" />
+	<target host="static.wangyin.com" />
+	<target host="www.wangyin.com" />
+
+	<!--	Complications:
+				-->
+	<target host="wangyin.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<!--	Redirect keeps path, args, but not
+		forward slashe(s):
+					-->
+	<rule from="^http://wangyin\.com/+"
+		to="https://www.wangyin.com/" />
+
+		<test url="http://wangyin.com/help/index.htm" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Wanikani.com.xml b/src/chrome/content/rules/Wanikani.com.xml
new file mode 100644
index 000000000000..2fa978747c6d
--- /dev/null
+++ b/src/chrome/content/rules/Wanikani.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="WaniKani">
+  <target host="www.wanikani.com" />
+  <target host="wanikani.com" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Wantful.xml b/src/chrome/content/rules/Wantful.xml
deleted file mode 100644
index be36d0a85b26..000000000000
--- a/src/chrome/content/rules/Wantful.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Wantful">
-
-	<target host="wantful.com" />
-	<target host="*.wantful.com" />
-
-
-	<securecookie host="^(?:.*\.)?wantful\.com$" name=".+" />
-
-
-	<rule from="^http://(assets\.|www\.)?wantful\.com/"
-		to="https://$1wantful.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Waqf.info.xml b/src/chrome/content/rules/Waqf.info.xml
new file mode 100644
index 000000000000..b1edd87947e0
--- /dev/null
+++ b/src/chrome/content/rules/Waqf.info.xml
@@ -0,0 +1,8 @@
+<ruleset name="Waqf.info">
+	<target host="waqf.info" />
+	<target host="www.waqf.info" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Waqi.info.xml b/src/chrome/content/rules/Waqi.info.xml
new file mode 100644
index 000000000000..7eaf24d3358e
--- /dev/null
+++ b/src/chrome/content/rules/Waqi.info.xml
@@ -0,0 +1,53 @@
+<!--
+	Other related ruleset:
+		- Aqicn.org.xml
+
+	Mismatched:
+		- www
+		- cwop2
+		- data
+		- feed
+		- img
+		- jp1n
+		- jp2
+		- jp3
+		- mail
+		- sg1
+		- static
+		- sw3
+		- test
+
+	Connection error:
+		- api
+		- epi
+		- ipi
+
+	Connection refused:
+		- cwop1
+		- mapqb
+		- online
+		- stat
+		- sw-wind
+		- sw2
+
+	Expired:
+		- git
+		- jp1
+		- tiles2
+-->
+<ruleset name="Waqi.info">
+	<target host="waqi.info" />
+	<target host="www.waqi.info" />
+	<target host="cwop.waqi.info" />
+	<target host="forecast.waqi.info" />
+	<target host="tiles.waqi.info" />
+	<target host="widgets.waqi.info" />
+	<target host="wind.waqi.info" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://www\.waqi\.info/"
+		to="https://waqi.info/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/War_Z.xml b/src/chrome/content/rules/War_Z.xml
deleted file mode 100644
index d6b208e0a0ed..000000000000
--- a/src/chrome/content/rules/War_Z.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="The War Z">
-
-	<target host="playwarz.com" />
-	<target host="*.playwarz.com" />
-
-
-	<securecookie host="^(?:account)?\.playwarz\.com$" name=".+" />
-
-
-	<rule from="^http://(account\.|forums\.|www\.)?playwarz\.com/"
-		to="https://$1playwarz.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/WardahBooks.com.xml b/src/chrome/content/rules/WardahBooks.com.xml
new file mode 100644
index 000000000000..b7318cf74945
--- /dev/null
+++ b/src/chrome/content/rules/WardahBooks.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="WardahBooks.com">
+	<target host="wardahbooks.com" />
+	<target host="www.wardahbooks.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Warez-BB.org-problematic.xml b/src/chrome/content/rules/Warez-BB.org-problematic.xml
deleted file mode 100644
index f73585e29ad1..000000000000
--- a/src/chrome/content/rules/Warez-BB.org-problematic.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	For rules that are on by default, see Warez-BB.org.xml.
-
--->
-<ruleset name="Warez-BB.org (problematic)" default_off="expired">
-
-	<target host="warez-bb.org" />
-	<target host="www.warez-bb.org" />
-
-
-	<securecookie host="^www\.warez-bb\.org$" name=".+" />
-
-
-	<rule from="^https?://(?:www\.)?warez-bb\.org/"
-		to="https://www.warez-bb.org/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Warez-BB.org.xml b/src/chrome/content/rules/Warez-BB.org.xml
index f319697f7fb2..11862441ac99 100644
--- a/src/chrome/content/rules/Warez-BB.org.xml
+++ b/src/chrome/content/rules/Warez-BB.org.xml
@@ -1,18 +1,28 @@
 <!--
-	For problematic rules, see Warez-BB.org-problematic.xml.
-
-
-	Problematic subdomains:
-
-		- (www.)	(expired 2012-05-17)
+	No working URL known:
+		avt4.warez-bb.org
+		avt5.warez-bb.org
+		blog.warez-bb.org
 
 -->
-<ruleset name="Warez-BB.org (partial)">
+<ruleset name="Warez-BB.org">
 
+	<target host="warez-bb.org" />
+	<target host="www.warez-bb.org" />
+	<target host="img8.warez-bb.org" />
+		<test url="http://img8.warez-bb.org/wbb3_theme/logos/cellpic_bkg.jpg" />
 	<target host="img9.warez-bb.org" />
+		<test url="http://img9.warez-bb.org/wbb3_theme/logos/cellpic_bkg.jpg" />
+	<target host="img10.warez-bb.org" />
+		<test url="http://img10.warez-bb.org/wbb3_theme/logos/cellpic_bkg.jpg" />
+	<target host="img11.warez-bb.org" />
+		<test url="http://img11.warez-bb.org/wbb3_theme/logos/cellpic_bkg.jpg" />
+	<target host="img12.warez-bb.org" />
+		<test url="http://img12.warez-bb.org/wbb3_theme/logos/cellpic_bkg.jpg" />
 
+	<securecookie host="^www\.warez-bb\.org$" name=".+" />
 
-	<rule from="^http://img9\.warez-bb\.org/"
-		to="https://img9.warez-bb.org/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Warframe.com.xml b/src/chrome/content/rules/Warframe.com.xml
new file mode 100644
index 000000000000..d92d0dd2e904
--- /dev/null
+++ b/src/chrome/content/rules/Warframe.com.xml
@@ -0,0 +1,66 @@
+<!--
+	Problematic subdomains:
+
+		- store ¹
+		- support ²
+
+	¹ Shopify
+	² Zendesk
+
+
+	Fully covered subdomains:
+
+		- (www.)?
+		- forums
+		- store		(→ digital-extremes.myshopify.com)
+		- support	(→ digitalextremes.zendesk.com)
+
+
+	Insecure cookies are set for these domains:
+
+		- .warframe.com
+
+
+	Mixed content:
+
+		- css on store from fonts.googleapis.com *
+		- Images on forums from i.imgur.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Warframe.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="warframe.com" />
+	<target host="forums.warframe.com" />
+	<target host="www.warframe.com" />
+
+	<!--	Special cases:
+				-->
+	<target host="store.warframe.com" />
+	<target host="support.warframe.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.warframe\.com$" name="^(wf_forumsmodpids|wf_forumssession_id)$" /-->
+
+	<securecookie host="^\.warframe\.com$" name=".+" />
+
+
+	<rule from="^http://store\.warframe\.com/"
+		to="https://digital-extremes.myshopify.com/" />
+
+	<!--	Redirect drops path and args:
+						-->
+	<rule from="^http://support\.warframe\.com/.*"
+		to="https://digitalextremes.zendesk.com/hc" />
+
+		<test url="http://support.warframe.com/hc" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Wargaming.net.xml b/src/chrome/content/rules/Wargaming.net.xml
deleted file mode 100644
index b8b7e16dd725..000000000000
--- a/src/chrome/content/rules/Wargaming.net.xml
+++ /dev/null
@@ -1,30 +0,0 @@
-<!--
-	Other Wargaming.net rulesets:
-
-		- World_of_Warplanes.xml
-		- World_of_Warships.xml
-
-
-	Problematic domains:
-
-		- www.wargaming.com	(mismatched)
-
--->
-<ruleset name="Wargaming.net">
-
-	<target host="wargaming.com" />
-	<target host="www.wargaming.com" />
-	<target host="wargaming.net" />
-	<target host="*.wargaming.net" />
-
-
-	<securecookie host="^wargaming\.com$" name=".+" />
-
-
-	<rule from="^https?://(?:www\.)?wargaming\.com/"
-		to="https://wargaming.com/" />
-
-	<rule from="^http://((?:eu|na|ru|sea|www)\.)?wargaming\.net/"
-		to="https://$1wargaming.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Wargaming.xml b/src/chrome/content/rules/Wargaming.xml
new file mode 100644
index 000000000000..5b3e16bd3267
--- /dev/null
+++ b/src/chrome/content/rules/Wargaming.xml
@@ -0,0 +1,93 @@
+<!--
+	Other Wargaming rulesets:
+		- World-of-Warships.xml
+
+	wargaming.com:
+		Invalid certificate:
+			- press.wargaming.com, equivalent to wargaming.assetbank-server.com
+
+		Redirects to HTTP:
+			- dava.wargaming.net
+			- davaus.wargaming.net
+			- gotocyprus.wargaming.com
+			- wglc.wargaming.net
+
+		Wrong server:
+			- gotominsk.wargaming.com
+
+
+	wargaming.net:
+		Connection refused:
+			- dba.wargaming.net
+
+		Invalid certificate:
+			- cdn-frm-eu.wargaming.net
+			- cdn-frm-sg.wargaming.net
+			- cdn-frm-us.wargaming.net
+			- content.wargaming.net
+			- dl-support.wargaming.net
+			- dl-wot-gc.wargaming.net
+			- dl-wows-gc.wargaming.net
+			- legal.kr.wargaming.net
+			- link-eu.wargaming.net
+			- link-na.wargaming.net
+			- link-ru.wargaming.net
+			- survey.wargaming.net
+			- wds-gc.wargaming.net
+-->
+
+<ruleset name="Wargaming">
+	<!-- wargaming.com -->
+	<target host="wargaming.com" />
+	<target host="www.wargaming.com" />
+	<target host="affiliate.wargaming.com" />
+	<target host="press.wargaming.com" />
+	<target host="wgforge.wargaming.com" />
+
+	<rule from="^http://press\.wargaming\.com/"
+		to="https://wargaming.assetbank-server.com/" />
+
+
+	<!-- wargaming.net -->
+	<target host="wargaming.net" />
+	<target host="www.wargaming.net" />
+	<target host="asia.wargaming.net" />
+	<target host="legal.asia.wargaming.net" />
+	<target host="bugs.wargaming.net" />
+	<target host="cds.wargaming.net" />
+	<target host="cm-ru.wargaming.net" />
+	<target host="cm-sg.wargaming.net" />
+	<target host="cm-us.wargaming.net" />
+	<target host="cpm.wargaming.net" />
+	<target host="ct.wargaming.net" />
+	<target host="developers.wargaming.net" />
+	<target host="eu.wargaming.net" />
+	<target host="legal.eu.wargaming.net" />
+	<target host="kr.wargaming.net" />
+	<target host="na.wargaming.net" />
+	<target host="legal.na.wargaming.net" />
+	<target host="red.wargaming.net" />
+	<target host="redir.wargaming.net" />
+	<target host="ru.wargaming.net" />
+	<target host="lc.wargaming.net" />
+	<target host="legal.ru.wargaming.net" />
+	<target host="redirect.wargaming.net" />
+	<target host="share.wargaming.net" />
+	<target host="sso.wargaming.net" />
+	<target host="st1.wargaming.net" />
+	<target host="st13.wargaming.net" />
+	<target host="st30.wargaming.net" />
+	<target host="st31.wargaming.net" />
+	<target host="surveys.wargaming.net" />
+	<target host="tgs2017eng.wargaming.net" />
+	<target host="tgs2017jp.wargaming.net" />
+	<target host="vitrina.wargaming.net" />
+	<target host="wgdg.wargaming.net" />
+	<target host="wgie.wargaming.net" />
+	<target host="wgsh-wotru.wargaming.net" />
+	<target host="wgsh-wotus.wargaming.net" />
+	<target host="wiki.wargaming.net" />
+
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Warmcat.com.xml b/src/chrome/content/rules/Warmcat.com.xml
new file mode 100644
index 000000000000..bfd55134f1be
--- /dev/null
+++ b/src/chrome/content/rules/Warmcat.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="warmcat.com">
+
+	<target host="warmcat.com" />
+	<target host="www.warmcat.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/WarmlyYours.xml b/src/chrome/content/rules/WarmlyYours.xml
deleted file mode 100644
index 7a5673a598bb..000000000000
--- a/src/chrome/content/rules/WarmlyYours.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="WarmlyYours">
-
-	<target host="warmlyyours.com" />
-	<target host="*.warmlyyours.com" />
-
-
-	<securecookie host="^.*\.warmlyyours\.com$" name=".+" />
-
-
-	<rule from="^http://(cdn\.|crm\.|www\.)?warmlyyours\.com/"
-		to="https://$1warmlyyours.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Warner-Artists.xml b/src/chrome/content/rules/Warner-Artists.xml
index e80d0e1a018a..f509122980bf 100644
--- a/src/chrome/content/rules/Warner-Artists.xml
+++ b/src/chrome/content/rules/Warner-Artists.xml
@@ -6,7 +6,7 @@
 
 	<!--	Cert only matches *.warnerartists.com.
 							-->
-	<rule from="^https?://(?:www\.)?warnerartists\.com/"
+	<rule from="^http://(?:www\.)?warnerartists\.com/"
 		to="https://www.warnerartists.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Warner_Bros.com.xml b/src/chrome/content/rules/Warner_Bros.com.xml
new file mode 100644
index 000000000000..0d0eb70b23cf
--- /dev/null
+++ b/src/chrome/content/rules/Warner_Bros.com.xml
@@ -0,0 +1,33 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://registration.warnerbros.com/ => https://registration.warnerbros.com/: (7, 'Failed to connect to registration.warnerbros.com port 443: Connection timed out')
+
+	Other Warner Bros rulesets:
+
+		- Community.wbgames.com.xml
+		- Shadow_of_Mordor.com.xml
+		- WB_Play.com.xml
+
+
+	Nonfunctional hosts in *warnerbros.com:
+
+		- ^ ¹
+		- www ²
+		- www2 ¹
+
+	¹ Dropped
+	² Redirects to http
+
+-->
+<ruleset name="Warner Bros.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="registration.warnerbros.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Warosu.org.xml b/src/chrome/content/rules/Warosu.org.xml
new file mode 100644
index 000000000000..e7429216a358
--- /dev/null
+++ b/src/chrome/content/rules/Warosu.org.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .warosu.org
+
+-->
+<ruleset name="warosu.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="warosu.org" />
+	<target host="i.warosu.org" />
+	<target host="www.warosu.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.warosu\.org$" name="^(?:__cfduid|__qca|cf_clearance)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Warrington.gov.uk.xml b/src/chrome/content/rules/Warrington.gov.uk.xml
new file mode 100644
index 000000000000..a47e3dfcc200
--- /dev/null
+++ b/src/chrome/content/rules/Warrington.gov.uk.xml
@@ -0,0 +1,56 @@
+<!--
+	London Borough of Hillingdon
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *warrington.gov.uk:
+
+		- burialrecords ³
+		- happoksad ³
+		- myplanning ᵈ
+		- partnership ³
+		- sensorycentre ³
+		- sys ᵈ
+		- thewire ᵈ
+
+	³ 403
+	ᵈ Dropped
+
+
+	These altnames don't exist:
+
+		- www.admissions.warrington.gov.uk
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- askollie.warrington.gov.uk
+		- .askollie.warrington.gov.uk
+
+-->
+<ruleset name="Warrington.gov.uk (partial)">
+
+	<target host="warrington.gov.uk" />
+	<target host="admissions.warrington.gov.uk" />
+	<target host="allaboutus.warrington.gov.uk" />
+	<target host="askollie.warrington.gov.uk" />
+	<target host="elms.warrington.gov.uk" />
+	<target host="licensing.warrington.gov.uk" />
+	<target host="schoolmeals.warrington.gov.uk" />
+	<target host="warringtondirect.warrington.gov.uk" />
+	<target host="www.warrington.gov.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^askollie\.warrington\.gov\.uk$" name="^\w{16}$" /-->
+	<!--securecookie host="^\.askollie\.warrington\.gov\.uk$" name="^askollie-cookietest$" /-->
+
+	<securecookie host="^(?!\.warrington\.gov\.uk$)." name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/WartStick.com.xml b/src/chrome/content/rules/WartStick.com.xml
new file mode 100644
index 000000000000..cebe2f63b879
--- /dev/null
+++ b/src/chrome/content/rules/WartStick.com.xml
@@ -0,0 +1,22 @@
+<!--
+	Mixed content:
+
+		- css from $self *
+
+		- Images from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="WartStick.com (false MCB)" platform="mixedcontent">
+
+	<target host="wartstick.com" />
+	<target host="www.wartstick.com" />
+
+
+	<securecookie host="^\.wartstick\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Warwick-Castle.xml b/src/chrome/content/rules/Warwick-Castle.xml
new file mode 100644
index 000000000000..6014d33f2dc4
--- /dev/null
+++ b/src/chrome/content/rules/Warwick-Castle.xml
@@ -0,0 +1,17 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://warwick-castle.com/ => https://warwick-castle.com/: (28, 'Connection timed out after 20000 milliseconds')
+
+	For other Merlin Entertainments coverage, see Merlin-Entertainments.xml.
+-->
+<ruleset name="Warwick Castle" default_off="failed ruleset test">
+	<target host="warwick-castle.com" />
+	<target host="secure.warwick-castle.com" />
+	<target host="www.warwick-castle.com" />
+
+	<securecookie host="www\.warwick-castle\.com$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/WarwickshirePolice.xml b/src/chrome/content/rules/WarwickshirePolice.xml
new file mode 100644
index 000000000000..8d8e7de9b420
--- /dev/null
+++ b/src/chrome/content/rules/WarwickshirePolice.xml
@@ -0,0 +1,6 @@
+<ruleset name="Warwickshire Police">
+	<target host="warwickshire.police.uk" />
+	<target host="www.warwickshire.police.uk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Warzone2100.xml b/src/chrome/content/rules/Warzone2100.xml
deleted file mode 100644
index 1566cc75f00b..000000000000
--- a/src/chrome/content/rules/Warzone2100.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<ruleset name="Warzone2100 (CAcert)" platform="cacert">
-  <target host="wz2100.net" />
-  <target host="*.wz2100.net" />
-
-	<securecookie host="^(.*\.)?wz2100\.net$" name=".*"/>
-
-	<!--	Cert only matches *.wz2100.net.
-						-->
-  <rule from="^http://wz2100\.net/" to="https://www.wz2100.net/"/>
-  <rule from="^http://([^/:@\.]+)\.wz2100\.net/" to="https://$1.wz2100.net/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/Wash_Post.com.xml b/src/chrome/content/rules/Wash_Post.com.xml
new file mode 100644
index 000000000000..3f77835bbefe
--- /dev/null
+++ b/src/chrome/content/rules/Wash_Post.com.xml
@@ -0,0 +1,30 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://media.washpost.com/ => https://media.washpost.com/: (28, 'Connection timed out after 20002 milliseconds')
+
+	For other Washington Post Company coverage, see Washington-Post-Company.xml.
+
+
+	Problematic hosts in *washpost.com:
+
+		- subscription
+		- www
+
+
+	^washpost.com doesn't exist
+
+-->
+<ruleset name="Wash Post.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="media.washpost.com" />
+	<!--target host="subscription.washpost.com" /-->
+	<!--target host="www.washpost.com" /-->
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Washington-Post-Company-mismatches.xml b/src/chrome/content/rules/Washington-Post-Company-mismatches.xml
index 61a343a16ca3..b2d9ce26f9b9 100644
--- a/src/chrome/content/rules/Washington-Post-Company-mismatches.xml
+++ b/src/chrome/content/rules/Washington-Post-Company-mismatches.xml
@@ -10,10 +10,10 @@
 	<target host="www.washpostco.com" />
 
 
-	<rule from="^https?://(?:www\.)?washingtonpostmedia\.com/"
+	<rule from="^http://(?:www\.)?washingtonpostmedia\.com/"
 		to="https://www.washingtonpostmedia.com/" />
 
-	<rule from="^https?://(?:www\.)?washpostco\.com/"
+	<rule from="^http://(?:www\.)?washpostco\.com/"
 		to="https://www.washpostco.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Washington-Post-Company.xml b/src/chrome/content/rules/Washington-Post-Company.xml
index 335d908a2213..1cf8d14bafa0 100644
--- a/src/chrome/content/rules/Washington-Post-Company.xml
+++ b/src/chrome/content/rules/Washington-Post-Company.xml
@@ -1,14 +1,30 @@
+
 <!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Fetch error: http://wordpressmultisite.washingtonpost.com/ => https://wordpressmultisite.washingtonpost.com/: (60, 'SSL certificate problem: certificate has expired')
+
+	For rules causing false/broken MCB, see washingtonpost.com-falsemixed.xml.
+
 	For problematic rules, see Washington-Post-Company-mismatches.xml.
 
+	slate.me and wapo.st are handled in Bit.ly_vanity_domains.xml.
+
 
 	Other Washington Post Company rulesets:
 
-		- WaPo_Labs.com.xml
+		- Wash_Post.com.xml
+		- WP_digital.net.xml
 
 
 	CDN buckets:
 
+		- washingtonpost.com.112.2o7.net
+
+			- metrics
+
+		- washpost.bloomberg.com
+
 		- d2t2kgdkdgawhh.cloudfront.net
 
 			- wp-eng-static.washingtonpost.com
@@ -18,8 +34,7 @@
 		- media[23]?.washingtonpost.com.edgesuite.net
 		- projects.washingtonpost.com.edgesuite.net
 		- www.washingtonpost.com.edgesuite.net
-		- css.wpdigital.net.edgesuite.net
-		- img[23]?.wpdigital.net.edgesuite.net
+		- knowmore.washingtonpost.com.inscname.net
 
 		- washingtonpost-001.inscname.net
 
@@ -29,83 +44,172 @@
 
 			- help.washingtonpost.com
 
+		- pqasb.pqarchiver.com/washingtonpost/
+
+
+	Nonfunctional hosts in *washingtonpost.com:
+
+		- feeds			Refused
+		- games ᵈ
+		- knowmore		(404)
+		- live			(404)
+		- media2 *
+		- origin		(refused, redirects to www)
+		- projects		404
+		- realestate		Dropped
+		- voices ᵗ
+
+	* 504, akamai
+	** 503, akamai
+	ᵈ Dropped
+	⁵ Redirects to http
+	ᵗ Reset
+
 
 	Problematic domains:
 
-		- help.washingtonpost.com		(works; mismatched, CN: *.parature.com)
-		- wp-eng-static.washingtonpost.com	(cloudfront)
+		- (www.)?wapo.st	Handshake fails
 
+		- in *washingtonpost.com:
 
-	Nonfunctional domains:
+			- findnsave		(mismatched, CN: *.findnsave.com)
+			- help			(works; mismatched, CN: *.parature.com)
+			- metrics		(mismatched, CN: *.112.2o7.net)
+			- wp-eng-static		(cloudfront)
+			- wpcomics ᵐ
 
-		- www.slate.com *
+		- (www.)washingtonpostmedia.com		(mismatched, CN: washpost.com)
+		- (www.)washpostco.com			(akamai, mostly corporate-ir.net)
 
-		- washingtonpost.com subdomains:
+	ᵐ Mismatched
 
-			- ^
-			- apps			(404; mismatched, CN: ssl001.insnw.net)
-			- css **
-			- findnsave		(times out)
-			- img *
-			- js *
-			- media[23]? **
-			- origin		(redirects to www)
-			- projects **
-			- www *
 
-		- wpdigital.net subdomains:
+	Insecure cookies are set for these domains and hosts:
 
-			- css *		(data also exist on www.washingtonpost.com)
-			- img *
-			- img[23] *
+		- .washingtonpost.com
+		- account.washingtonpost.com
+		- id.washingtonpost.com
+		- postpoints.washingtonpost.com
+		- ssl1.washingtonpost.com
+		- subscribe.washingtonpost.com
+		- subscription.washingtonpost.com
+		- www.washingtonpost.com
 
-	* 504, akamai
-	** 503, akamai
 
+	Mixed content:
 
-	Problematic domains:
+		- css, on:
 
-		- (www.)wapo.st				(times out)
-		- (www.)washingtonpostmedia.com		(mismatched, CN: washpost.com)
-		- (www.)washpostco.com			(akamai, mostly corporate-ir.net)
+			- postpoints from netdna.bootstrapcdn.com ¹
+			- nie from css.wpdigitalink.net ²
+
+		- Font on syndication from img.wpdigital.net ¹
 
+		- Images, on:
 
-	www no longer works when rewritten to ssl.
+			- nie from www.washingtonpost.com ¹
+			- postpoints from wordpressmultisite.washingtonpost.com ¹
+			- postpoints from wordpressmultisite.wpprivate.com
+			- syndication from $self ¹
+			- www from commerce.washingtonpost.com ¹
+			- www from media.washingtonpost.com ¹
+			- www from media3.washingtonpost.com
+
+	¹ Secured by us
+	² Nonexistent, also requested from another source
 
 -->
-<ruleset name="Washington Post Company (unreliable)" default_off="needs testing">
-
-	<target host="wapo.st" />
-	<target host="washpost.com" />
-	<target host="*.washpost.com" />
-	<target host="*.washingtonpost.com" />
-		<!--
-			404 when rewritten to ssl1.
+<ruleset name="Washington Post.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="washingtonpost.com" />
+	<target host="account.washingtonpost.com" />
+	<target host="advertising.washingtonpost.com" />
+	<target host="apps.washingtonpost.com" />
+	<target host="commerce.washingtonpost.com" />
+	<target host="css.washingtonpost.com" />
+	<target host="developer.washingtonpost.com" />
+	<target host="id.washingtonpost.com" />
+	<target host="images.washingtonpost.com" />
+	<target host="img.washingtonpost.com" />
+	<target host="js.washingtonpost.com" />
+	<target host="m.washingtonpost.com" />
+	<target host="media.washingtonpost.com" />
+	<target host="media3.washingtonpost.com" />
+	<target host="nie.washingtonpost.com" />
+	<target host="postpoints.washingtonpost.com" />
+	<target host="pwapi.washingtonpost.com" />
+	<target host="ssl.washingtonpost.com" />
+	<target host="ssl1.washingtonpost.com" />
+	<target host="subscribe.washingtonpost.com" />
+	<target host="syndication.washingtonpost.com" />
+	<!-- target host="wordpressmultisite.washingtonpost.com" /-->
+
+	<!--	Complications:
+				-->
+	<target host="metrics.washingtonpost.com" />
+	<target host="wp-eng-static.washingtonpost.com" />
+	<target host="www.washingtonpost.com" />
+
+		<!--	Redirects to http:
+						-->
+		<exclusion pattern="^http://www\.washingtonpost\.com/(?:sf/national/+[^/]|wp-srv/graphics/templates/mobile/css/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.washingtonpost.com/sf/national/2015/12/27/aianxiety/" />
+			<test url="http://www.washingtonpost.com/sf/national/?foo" />
+			<test url="http://www.washingtonpost.com/sf/national#foo" />
+			<test url="http://www.washingtonpost.com/sf/national/wp-content/themes/enterprise-theme-nav/images/wp_logo_white.png" />
+			<test url="http://www.washingtonpost.com/wp-srv/graphics/templates/mobile/css/font-awesome-v4.2-min.css" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.washingtonpost.com/sf/national" />
+
+		<test url="http://media.washingtonpost.com/wp-srv/css/layout/oring970.css" />
+		<test url="http://media3.washingtonpost.com/wpost/css/combo?context=wpost&amp;c=true&amp;m=false&amp;r=/3.0.0/twp.reset-3.0.0.css&amp;r=/3.0.0/twp.structure-3.0.0.css&amp;r=/3.0.0/twp.base-3.0.0.css&amp;r=/3.0.0/twp.modules-3.0.0.css" />
+
+
+	<!--	Not secured by server:
 							-->
-	<exclusion pattern="^https?://(?:js\.|www\.)?washingtonpost\.com/wp-srv/(?:ad|javascript|blogs)/" />
-	<target host="*.wpdigital.net" />
-
+	<!--securecookie host="^\.washingtonpost\.com$" name="^(AWSELB|X-WP-Split|client_region|de|devicetype|galleryPlays|osfam|rpld0|rpld1|s_pers|s_sess|s_vi|wapo_last_ip|wapo_saved_ip|wapo_sess_id|wapo_vis_id|wp_pageview)$" /-->
+	<!--securecookie host="^account\.washingtonpost\.com$" name="^sto-id-\d+$" /-->
+	<!--securecookie host="^findnsave\.washingtonpost\.com$" name="^csrftoken$" /-->
+	<!--securecookie host="^knowmore.washingtonpost.com$" name="^wpni_poe$" /-->
+	<!--securecookie host="^postpoints\.washingtonpost\.com$" name="^AWSELB$" /-->
+	<!--securecookie host="^ssl1\.washingtonpost\.com$" name="^sto-id-\d+$" /-->
+	<!--securecookie host="^subscribe\.washingtonpost\.com$" name="^sto-id-\d+$" /-->
+	<!--securecookie host="^subscription\.washingtonpost\.com$" name="^(?:JSESSIONID|sto-id-\d+)$" /-->
+	<!--securecookie host="^www\.washingtonpost\.com$" name="^(JROUTE|JSESSIONID|backplane-channel|photoJSONAdConfig|wpni_poe)$" /-->
 
-	<!--securecookie host="^.*\.washingtonpost\.com$" name=".+" /-->
-	<securecookie host="^(?:account|id)\.washingtonpost\.com$" name=".+" />
+	<!--securecookie host="." name="." /-->
 
+	<!-- CORS -->
+	<exclusion pattern="^http://www\.washingtonpost\.com/wp-srv/graphics/templates/mobile/" />
+		<test url="http://www.washingtonpost.com/wp-srv/graphics/templates/mobile/assets/fonts/webtype/Franklin-ITC-Pro-Bold/e9e4c4dc-e548-4fef-9aa1-80c9cd0f02ce-3.woff" />
+	<!-- Fix #4891 -->
+	<exclusion pattern="^http://js\.washingtonpost\.com/video/static/js/posttv/vendor/jw/jwplayer\.flash\.swf" />
+		<test url="http://js.washingtonpost.com/video/static/js/posttv/vendor/jw/jwplayer.flash.swf" />
 
-	<rule from="^http://wapo\.st/"
-		to="https://bit.ly/" />
+	<securecookie host="^\w" name=".+" />
 
-	<rule from="^http://(account|id|ssl1?|subscription|voices)\.washingtonpost\.com/"
-		to="https://$1.washingtonpost.com/" />
 
-	<rule from="^http://(?:css|js|media)\.washingtonpost\.com/"
-		to="https://ssl.washingtonpost.com/" />
+	<rule from="^http://metrics\.washingtonpost\.com/"
+		to="https://washingtonpost.112.2o7.net/" />
 
 	<rule from="^http://wp-eng-static\.washingtonpost\.com/"
 		to="https://d2t2kgdkdgawhh.cloudfront.net/" />
 
-	<rule from="^http://((?:media|subscription|www)\.)?washpost\.com/"
-		to="https://$1washpost.com/" />
+	<!--	Redirects to http first:
+					-->
+	<rule from="^http://www\.washingtonpost\.com/sf/national/?($|\?|#)"
+		to="https://www.washingtonpost.com/national/$1" />
+
+		<test url="http://www.washingtonpost.com/sf/national/" />
 
-	<rule from="^http://css\.wpdigital\.net/"
-		to="https://ssl.washingtonpost.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Washington_Free_Beacon-problematic.xml b/src/chrome/content/rules/Washington_Free_Beacon-problematic.xml
deleted file mode 100644
index 4abf414dd863..000000000000
--- a/src/chrome/content/rules/Washington_Free_Beacon-problematic.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	For rules that are on by default, see Washington_Free_Beacon.xml.
-
--->
-<ruleset name="Washington Free Beacon (problematic)" default_off="self-signed">
-
-	<target host="freebeacon.com" />
-	<target host="www.freebeacon.com" />
-
-
-	<rule from="^http://(?:www\.)?freebeacon\.com/"
-		to="https://freebeacon.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Washington_Free_Beacon.xml b/src/chrome/content/rules/Washington_Free_Beacon.xml
deleted file mode 100644
index a404cc1867a6..000000000000
--- a/src/chrome/content/rules/Washington_Free_Beacon.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<!--
-	For problematic rules, see Washington_Free_Beacon-problematic.xml.
-
-
-	CDN buckets:
-
-		- s[1-4].freebeacon.com.edgesuite.net
-
-
-	Problematic subdomains:
-
-		- (www.)	(self-signed, CN: 69.60.8.26)
-		- s[1-4]	(works, akamai)
-
--->
-<ruleset name="Washington Free Beacon (partial)">
-
-	<target host="*.freebeacon.com" />
-
-
-	<rule from="^http://s([1-4])\.freebeacon\.com/"
-		to="https://a248.e.akamai.net/f/1910/2849/6d/s$1.freebeacon.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Washington_Times.xml b/src/chrome/content/rules/Washington_Times.xml
index 417b8ced3a72..baecc7141f64 100644
--- a/src/chrome/content/rules/Washington_Times.xml
+++ b/src/chrome/content/rules/Washington_Times.xml
@@ -1,29 +1,74 @@
 <!--
-	Nonfunctional domains:
+	Other Washington Times related rulesets:
+		+ Washtimes.com.xml
 
-		- media.washtimes.com *
+	Non-functional hosts
+		Couldn't connect to server:
+		- advstage.washingtontimes.com
+		- classified.washingtontimes.com
+		- directory.washingtontimes.com
+		- email.washingtontimes.com
+		- webmail.washingtontimes.com
 
-		- washingtontimes.com subdomains:
+		Timeout was reached:
+		- admin.washingtontimes.com
+		- communities.washingtontimes.com
+		- e-edition.washingtontimes.com
+		- eedition.washingtontimes.com
+		- energy.washingtontimes.com
+		- freeze.washingtontimes.com
+		- ims.washingtontimes.com
+		- mobile.washingtontimes.com
+		- newsstand.washingtontimes.com
+		- redirect.washingtontimes.com
+		- travel.washingtontimes.com
+		- twt.washingtontimes.com
 
-			- communities	(redirects to http; mismatched, CN: www.washingtontimes.com)
-			- directory	(504; mismatched, CN: gp1.adn.edgecastcdn.net)
-			- eedition	(times out)
-			- media *
-			- origin-media	(no https)
-			- www		(redirects to http, valid cert)
+		SSL connect error:
+		- podcast.washingtontimes.com
+		- andyparks.radio.washingtontimes.com
+		- constantine.radio.washingtontimes.com
+		- humphries.radio.washingtontimes.com
+		- mackowiak.radio.washingtontimes.com
+		- norquist.radio.washingtontimes.com
+		- thomloverro.radio.washingtontimes.com
+		- williams.radio.washingtontimes.com
 
-	*  404; mismatched, CN: *.netdna-ssl.com
-
--->
-<ruleset name="The Washington Times (partial)">
-
-	<target host="*.washingtontimes.com" />
+		SSL peer certificate was not OK:
+		- iservicestest.washingtontimes.com
+		- stat.washingtontimes.com
+		- video.washingtontimes.com
+		- weekly-ads.washingtontimes.com
 
+		Peer certificate cannot be authenticated with given CA certificates:
+		- affinity.washingtontimes.com
+		- payment.affinity.washingtontimes.com
+		- constitution.washingtontimes.com
+		- payway.washingtontimes.com
+		- subscription.washingtontimes.com
 
-	<securecookie host="^(?:iservices|subscription)\.washingtontimes\.com$" name=".+" />
-
-
-	<rule from="^http://(iservices|subscription)\.washingtontimes\.com/"
-		to="https://$1.washingtontimes.com/" />
+		Self-signed certificate chain error:
+		- paywaytest.washingtontimes.com
+-->
+<ruleset name="Washington Times.com">
+	<target host="washingtontimes.com" />
+	<target host="www.washingtontimes.com" />
+	<target host="amp.washingtontimes.com" />
+	<target host="blogs.washingtontimes.com" />
+	<target host="contribution.washingtontimes.com" />
+		<exclusion pattern="^http://contribution\.washingtontimes\.com/$" />
+		<test url="http://contribution.washingtontimes.com/sites/all/themes/nde/logo.png" />
+	<target host="iservices.washingtontimes.com" />
+	<target host="m.washingtontimes.com" />
+	<target host="merch.washingtontimes.com" />
+	<target host="nde.washingtontimes.com" />
+		<test url="http://nde.washingtontimes.com/register" />
+		<test url="http://nde.washingtontimes.com/user" />
+		<test url="http://nde.washingtontimes.com/user/password" />
+	<target host="nde2.washingtontimes.com" />
+	<target host="opensource.washingtontimes.com" />
+	<target host="p.washingtontimes.com" />
+	<target host="vpn.washingtontimes.com" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Washington_University_in_St_Louis-problematic.xml b/src/chrome/content/rules/Washington_University_in_St_Louis-problematic.xml
index cedcbd47b96e..192b2777eb06 100644
--- a/src/chrome/content/rules/Washington_University_in_St_Louis-problematic.xml
+++ b/src/chrome/content/rules/Washington_University_in_St_Louis-problematic.xml
@@ -2,7 +2,7 @@
 	For rules that are on by default, see Washington_University_in_St_Louis.xml.
 
 -->
-<ruleset name="Washington University in St. Louis (problematic)" default_off="mismatched, self-signed">
+<ruleset name="WUStL.edu (problematic)" default_off="mismatched, self-signed">
 
 	<target host="digitalcommons.wustl.edu" />
 		<!--
@@ -12,22 +12,17 @@
 	<target host="meded.dom.wustl.edu" />
 	<target host="intranet.engineering.wustl.edu" />
 	<target host="libanswers.wustl.edu" />
-		<!--
-			Handled in Washington_University_in_St_Louis.xml:
-									-->
-		<exclusion pattern="^http://libanswers\.wustl\.edu/(?:css\d*|data|include|js\d*)/" />
 	<target host="prism.nts.wustl.edu" />
 	<target host="olinblog.wustl.edu" />
 	<target host="openscholarship.wustl.edu" />
 	<target host="helpdesk.samfox.wustl.edu" />
 	<target host="lli.ucollege.wustl.edu" />
-	<target host="*.lli.ucollege.wustl.edu" />
 
 
 	<securecookie host="^(?:digitalcommons|\.?meded\.dom|openscholarship|helpdesk\.|samfox|\.?lli\.ucollege)\.wustl\.edu$" name=".+" />
 
 
-	<rule from="^http://(digitalcommons|meded\.dom|intranet\.engineering|libanswers|prism\.nts|olinblog|openscholarship|helpdesk\.samfox|lli\.ucollege)\.wustl\.edu/"
-		to="https://$1.wustl.edu/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Washington_University_in_St_Louis.xml b/src/chrome/content/rules/Washington_University_in_St_Louis.xml
index 2b09ccb7ba8a..f4ca98576f96 100644
--- a/src/chrome/content/rules/Washington_University_in_St_Louis.xml
+++ b/src/chrome/content/rules/Washington_University_in_St_Louis.xml
@@ -1,4 +1,26 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://wusmproserv.wustl.edu/index.aspx (200) => https://facilities.med.wustl.edu/security/index.aspx (404)
+Fetch error: http://www.acm.wustl.edu/ => https://www.acm.wustl.edu/: (51, "SSL: no alternative certificate subject name matches target host name 'www.acm.wustl.edu'")
+Fetch error: http://cait.wustl.edu/ => https://cait.wustl.edu/: (51, "SSL: no alternative certificate subject name matches target host name 'cait.wustl.edu'")
+Fetch error: http://cornerstone.wustl.edu/ => https://cornerstone.wustl.edu/: (51, "SSL: no alternative certificate subject name matches target host name 'cornerstone.wustl.edu'")
+Fetch error: http://essweb.wustl.edu/ => https://essweb.wustl.edu/: (6, 'Could not resolve host: essweb.wustl.edu')
+Fetch error: http://glo.wustl.edu/ => https://glo.wustl.edu/: (6, 'Could not resolve host: glo.wustl.edu')
+Fetch error: http://globaldatabase.wustl.edu/ => https://globaldatabase.wustl.edu/: (6, 'Could not resolve host: globaldatabase.wustl.edu')
+Fetch error: http://testreserveaspace.wustl.edu/ => https://testreserveaspace.wustl.edu/: (6, 'Could not resolve host: testreserveaspace.wustl.edu')
+Fetch error: http://mail.wusm.wustl.edu/ => https://mail.wusm.wustl.edu/: Too many redirects while fetching 'https://mail.wusm.wustl.edu/'
+Fetch error: http://wusmapply.wustl.edu/ => https://wusmapply.wustl.edu/: (6, 'Could not resolve host: wusmapply.wustl.edu')
+Fetch error: http://wusmdar1.wustl.edu/ => https://wusmdar1.wustl.edu/: (35, 'error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure')
+Fetch error: http://www.biostat.wustl.edu/ => https://www.biostat.wustl.edu/: (51, "SSL: no alternative certificate subject name matches target host name 'www.biostat.wustl.edu'")
+Fetch error: http://www.cait.wustl.edu/ => https://cait.wustl.edu/: (51, "SSL: no alternative certificate subject name matches target host name 'cait.wustl.edu'")
+Fetch error: http://www.cornerstone.wustl.edu/ => https://cornerstone.wustl.edu/: (51, "SSL: no alternative certificate subject name matches target host name 'cornerstone.wustl.edu'")
+Fetch error: http://www.glo.wustl.edu/ => https://glo.wustl.edu/: (6, 'Could not resolve host: glo.wustl.edu')
+Non-2xx HTTP code: http://hipaa.wustl.edu/ (200) => https://secpriv.wusm.wustl.edu/privacy/default.aspx (404)
+Fetch error: http://www.insurance.wustl.edu/ => https://www.insurance.wustl.edu/: (51, "SSL: no alternative certificate subject name matches target host name 'www.insurance.wustl.edu'")
+
+	Washington University in St. Louis
+
 	For problematic rules, see Washington_University_in_St_Louis-problematic.xml.
 
 
@@ -24,131 +46,140 @@
 		- wusm.service-now.com
 
 
-	Nonfunctional subdomains:
+	Nonfunctional hosts in *wustl.edu:
 
-		- (www.)aerosols *
+		- (www.)?aerosols	Handshake fails
+		- (www.)?anest ᵇ
 		- www.arch ***
 		- publications.artsci	(redirects to computing.artsci; mismatched, CN: artsci.wustl.edu)
 		- awn ***
-		- beckerarchives **
+		- bacus ***
+		- beckerarchives	403
 		- beckercat ***
 		- beckerimages		(redirects to http; mismatched, CN: *.contentdm.oclc.org)
 		- (www.)biomedrap	(shows intranet.dbbs; mismatched, CN: mysites.dbbs.wustl.edu)
-		- brownschool		(times out)
 		- buildolin		("error"/404; mismatched, CN: olincareers.wustl.edu)
+		- bulletin ***
 		- bus *******
 		- (www.)cerl		(shows globaldatabase; mismatched, CN: globaldatabase.wustl.edu)
 		- cghid **
-		- courses		(shows acadinfo; mismatched, CN: ACADINFO.WUSTL.EDU)
-		- crtc			(shows isadom; mismatched, CN: *.dom.wustl.edu)
+		- crtc			(shows isadom.wustl.edu)
+		- datafedwiki ***
 		- (www.)dbbs		(shows intranet.dbbs; mismatched, CN: mysites.dbbs.wustl.edu)
 		- dbbssummerresearch	(shows intranet.dbbs; mismatched, CN: mysites.dbbs.wustl.edu)
+		- dermatology		Dropped
+		- digital ᵇ
 		- allergy.dom **
 		- bmd.dom **
 		- ecfc *****
 		- (www.)eece ****
 		- moon.eece *
-		- (www.)engineering ***
 		- eit.engineering ***
-		- (www.)gephardtinstitute	(times out)
+		- fltc				(403, valid cert)
+		- gamma			Shows empty tree
+		- gis ***
 		- umang.grad			(shows drupal setup page; mismatched, CN: gradpages.wustl.edu)
 		- wutgsa.grad			(shows drupal setup page; mismatched, CN: gradpages.wustl.edu)
-		- gradcenter			(shows drupal setup page; mismatched, CN: gradpages.wustl.edu)
-		- gpc				(shows drupal setup page; mismatched, CN: gradpages.wustl.edu)
 		- (www.)gps ***
-		- (www.)gwbweb			(times out)
 		- (www.)healthyliving ***
+		- homeplate		Shows default page
 		- hpslc ***
-		- hrpo ***
-		- (www.)icts		(shows isadom; mismatched, CN: *.dom.wustl.edu)
-		- (www.)illiad ***
+		- (www.)?icts		(shows isadom)
 		- immunobiology ***
-		- internalmed			(shows isadom; mismatched, CN: *.dom.wustl.edu)
+		- internalmed **
 		- (www.)kemperartmuseum ***
+		- apply.law ***
 		- mastercalendar.law		(shows law; mismatched, CN: WMSvc-WEB2K8-LAW01)
 		- libcat ***
-		- (www.)library ***
 		- (www.)mageep *
-		- medschool *****
-		- medicine *****
-		- (www.)medschooldiversity *****
-		- (www.)mphs **
+		- hr.med		404
+		- microbiology ᵈ
+		- (www.)?mphs **
 		- mrce ***
 		- msg ***
 		- (www.)mstp		(shows intranet.dbbs; mismatched, CN: mysites.dbbs.wustl.edu)
-		- nss ******
+		- www.neuro **
 		- nts ******
+		- (www.)?olin		200 "File Not Found"
 		- omse ***
-		- (www.)onlinelaw	(redirects to http, valid cert)
 		- (www.)pathology ***
+		- pcg **
+		- peds ***
 		- postdoc		(shows intranet.dbbs; mismatched, CN: mysites.dbbs.wustl.edu)
-		- (www.)reslife
+		- (www.)?psychiatry	Handshake fails
 		- s40fitness ******
 		- www.samfox ***
-		- (www.)samfoxschool ***
+		- (www.)?samfoxschool ***
 		- islandpress.samfoxschool ***
 		- (www.)scholarlycommunications ***
 		- admin.seas ****
 		- sever ****
 		- (www.)sfac ***
-		- (www.)simulation **
+		- (www.)?simulation **
 		- (www.)studentunion **
 		- (www.)su			(http reply)
 		- (www.)sustainabilitypledge **
+		- thalamus ***
 		- (www.)tyson ***
+		- virologyhistory	Dropped
 		- (www.)wugps ***
 		- orb.wulib ***
 		- (www.)staffdirectory.wulib ***
-		- wumsfinaid *****
-		- wusmregistrar ***
+		- webfiles.wulib ***
+		- wumsfinaid		Shows another domain
 		- ysp ***
 
 	* Shows secure.engineering; mismatched, CN: secure.engineering.wustl.edu
-	** 403, valid cert
-	*** No https
+	** 403
+	*** Refused
 	**** Shows intranet.engineering; mismatched, CN: intranet.engineering.wustl.edu
 	***** $ redirects to http://medschool, other paths 404; CN: localhost.localdomain
 	****** Shows prism.nts; mismatched, CN: prism.nts.wustl.edu
+	ᵇ Shows default page
+	ᵈ Dropped
 
 
-	Problematic subdomains:
+	Problematic hosts in *wustl.edu:
 
-		- ^ *
 		- www.alumni *
-		- apap **
 		- artsci		(pages redirect to http, resources redirect to computing.artsci)
 		- www.artsci		(cert only matches ^artsci)
-		- asc			(403, valid cert)
-		- www.bearsports *
+		- (www.)?bearsports *
 		- www.becker ***
+		- beckerguides *
 		- beckerweb2 ***
 		- www.login.beckerproxy	(cert only matches *.beckerproxy)
 		- www.biology ***
 		- biology4 ***
 		- www.biostatistics			(mismatched, CN: secure.biostat)
-		- www.bulletinoftheschoolofmedicine *
-		- cait					(cert only matches www.cait)
-		- (www.)campusy		(http reply)
+		- www.cait *
+		- campusy		Shows default page
 		- www.card *
 		- www.careercenter *
-		- careers **
 		- www.careers *
-		- (www.)codeofconduct *
+		- catalog *
+		- www.codeofconduct *
 		- www.communityservice *
 		- www.complianceoffice *
-		- digitalcommons ****
+		- www.cornerstone *
+		- digitalcommons *
 		- www.diningservices *
 		- meded.dom		(works; mismatched, CN: *.worldsecuresystems.com)
 		- www.ehs *
-		- eliotsocietyvolunteer **
 		- www.eliotsocietyvolunteer *
 		- www.emergency *
 		- intranet.engineering		(works, self-signed)
+		- www.engineering *
+		- epars				(Tor users blocked by CloudFlare settings)
 		- evals				(mismatched, CN: artsci.wustl.edu)
+		- facultysenate			Tor users blocked by CloudFlare settings
 		- www.facultysenate *
-		- fltc				(403, valid cert)
+		- fppeducation		Missing certificate chain
+		- genome			Dropped
+		- www.gephardtinstitute *
 		- www.getinvolved *
 		- www.glo *
+		- gme		Missing cert chain
 
 		- grad subdomains:
 
@@ -158,34 +189,53 @@
 			- ican			(mismatched, CN: gradpages.wustl.edu)
 			- kgsa			(mismatched, CN: gradpages.wustl.edu)
 
+		- gradpages		Missing cert chain
 		- hipaa ***
+		- www.i-cares *
 		- www.icares *
-		- www.internalaudit *
-		- isadom			(works; mismatched, CN: isadom)
-		- www.law			(cert only matches ^law)
-		- libanswers			(works; mismatched, CN: *.libanswers.com)
-		- libguides			(shows another domain; mismatched, CN: *.libguides.com)
-		- m				(403, valid cert)
+		- www.illiad *
+		- www.insurance *
+		- (www.)?internalaudit *
+		- libguides.law *
+		- www.law *
+		- libanswers *
+		- libguides *
+		- www.library *
+		- (www.)?math			Expired, self-signed
+		- mcdonnell *
+		- medadmissions			Shows another domain
+		- www.medicine *
+		- medschoolhr			Missing cert chain
+		- medstudents3			Supports RC4 only
+		- mir *
 		- myreslife			(mismatched, CN: reslife.wustl.edu)
+		- nimbus.nts			Self-signed
 		- prism.nts			(works, self-signed)
+		- www.ois *
 		- www.oisshome *
 		- olinblog			(works; mismatched, CN: olincareers.wustl.edu)
 		- openscholarship ****
-		- otm				(403, valid cert)
+		- ot *
 		- outgrads			(mismatched, CN: gradpages.wustl.edu)
 		- www.pacs *
 		- www.parents *
 		- www.parking *
 		- www.police *
+		- publicaffairs *
 		- www.publichealth *
 		- www.registrar *
-		- researchgateway		(403, valid cert)
+		- residency			Missing cert chain
+		- autodiscover.samfox ***
+		- (www.)?email.samfox		Expired
 		- helpdesk.samfox		(works; self-signed, CN: HelpDesk)
 		- www.sc *
 		- www.schoolpartnership *
+		- sites				Tor users blocked by CloudFlare settings
+		- skandalaris			Tor users blocked by CloudFlare settings
 		- www.spa *
-		- www.spokane			(mismatched, CN: spokane.wustl.edu)
-		- studentrecords		(500/404, valid cert)
+		- www.spokane *
+		- studentrecords		Shows another domain
+		- www.sustainability *
 		- www.teachingcenter *
 
 		- ucollege subdomains:
@@ -194,379 +244,718 @@
 			- swi *
 			- www			(mismatched, CN: artsci.wustl.edu)
 
+		- undergraduatecouncil		Tor users blocked by CloudFlare settings
 		- www.undergraduatecouncil *
-		- www.universitycompliance *
+		- (www.)?universitycompliance *
 		- ur				(mismatched, CN: artsci.wustl.edu)
-		- visitor			(403, valid cert)
 		- www.visitor *
-		- www.writingcenter *
+		- (www.)?writingcenter *
 		- www.wulife *
 		- www.wupd *
-		- (www.)wuphysicians		(mismatched, CN: secure.wuphysicians.wustl.edu)
+		- fpp.wusm *
+		- wusmdar1		Configured for RC4 only
 		- www.wusmhealth *
-		- wusmproserv **
+		- wusmproserv		Shows another domain
 
-	* Cert only matches *.wustl.edu
+	* Mismatched
 	** 404, valid cert
-	*** No https
+	*** Refused
 	**** Works; mismatched, CN: *.bepress.com
 
 
-	Partially covered subdomains:
+	Partially covered hosts in *wustl.edu:
 
-		- admissions		(at least Pages/default.aspx redirects to http)
 		- (www.)artsci		(→ computing.artsci)
-		- www.biology		(→ wubio)
-		- www.biology4		(→ wubio)
+		- www.biology		(→ wubio; /+[^?]+ doesn't redirect)
+		- www.biology4		(→ wubio; /+[^?]+ doesn't redirect)
 		- digitalcommons	(→ dcwustl.bepress.com)
-		- libanswers		(→ libanswers.com)
-		- libguides		(→ libguides.com)
-		- myreslife		(→ reslife)
+		- myreslife		(→ reslife; /+[^?]+ doesn't redirect)
 		- openscholarship	(→ dcwustlmain.bepress.com)
-		- (www.)ot		(some pages redirect to http)
+		- www.ot		(some pages redirect to http)
+		- tlcenter *
 		- ur			(→ undergradresearch)
 		- (www.)studentrecords	(→ registrar)
 
+	* Some pages redirect to http
 
-	Fully covered subdomains:
-
-		- (www.)		(^ → www)
-		- acadinfo
-		- aishelp
-		- aiswiki
-		- aladdin
-		- (www.)alumni		(www → ^)
-		- apap			(→ alumni)
-
-		- artsci subdomains:
-
-			- asapps
-			- college
-			- computing
-			- thought
-
-		- assemblyseries
-		- bb
-		- (www.)bearsports	(www → ^)
-		- (www.)becker		(www → ^)
-		- becker1
-		- (www.)beckerproxy
-		- login.beckerproxy
-		- beckerweb2		(→ becker)
-		- secure.biostat
-		- (www.)biostatistics	(www → ^)
-		- brand
-		- bulletin
-		- bulletin-int
-		- (www.)bulletinoftheschoolofmedicine	(www → ^)
-		- (www.)cait				(^ → www)
-		- (www.)campusy		(→ www.ymcastlouis.org)
-		- (www.)card		(www → ^)
-		- (www.)careercenter	(www → ^)
-		- (www.)careers		(→ careercenter)
-		- ccs
-		- circl
-		- cits
-		- cme
-		- (www.)codeofconduct		(www → ^)
-		- (www.)communityservice	(www → ^)
-		- (www.)complianceoffice	(www → ^)
-		- connect
-		- connecthelp
-		- (www.)cornerstone
-		- danforthuniversitycenter
-		- dc
-		- (www.)diningservices	(www → ^)
-		- diversity
-		- dropbox
-		- duc
-		- (www.)ehs		(www → ^)
-		- ehsaweb
-		- (www.)eliotsocietyvolunteer	(→ alumni)
-		- secure.engineering
-		- epars
-		- essweb
-		- facilities
-		- (www.)facultysenate	(www → ^)
-		- firstyear
-		- fishelp
-		- fppeducation
-		- (www.)getinvolved	(www → ^)
-		- gifts
-		- (www.)glo		(www → ^)
-		- global
-		- globaldatabase
-		- gme
-		- go
 
-		- grad subdomains:
+	These altnames don't exist:
+
+		- www.sts.wustl.edu
+		- wusm.wustl.edu
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- dcminfo.wustl.edu
+		- .mir.wustl.edu
+		- research.wustl.edu
+
 
-			- bec		(→ gradpages)
-			- bgc		(→ gradpages)
-			- cssa		(→ gradpages)
-			- ican		(→ gradpages)
-			- kgsa		(→ gradpages)
-
-		- gradpages
-		- graduateschool
-		- grantsandcontracts
-		- helpdesk
-		- hipaa			(→ secpriv.wusm)
-		- historyofmedicine
-		- hr
-		- hrpo
-		- (www.)icares		(www → ^)
-		- inside
-		- insideolin
-		- (www.)internalaudit	(www → ^)
-		- istcs
-		- (www.)law		(www → ^)
-		- login
-		- loopliving
-		- m			(→ www)
-		- magazine
-		- mcdonnell
-		- medadmissions
-		- medfacilities
-		- mednews
-		- medportal
-		- medschoolhr
-		- minimed
-		- mylaw
-		- news
-		- news-info
-		- notesplace
-		- nso
-		- (www.)oisshome	(www → ^)
-		- (www.)olin
-		- apps.olin
-		- olincareers
-		- apply.onlinelaw
-		- otm			(→ research)
-		- outgrads		(→ gradpages)
-		- (www.)pacs		(www → ^)
-		- pages
-		- (www.)parents		(www → ^)
-		- (www.)parking		(www → ^)
-		- physicaltherapy
-		- (www.)police		(www → ^)
-		- provost
-		- pt
-		- (www.)publichealth	(www → ^)
-		- radsafety
-		- record
-		- (www.)registrar	(www → ^)
-		- research
-		- researchgateway	(→ research)
-		- reslife
-		- rprportal
-		- autodiscover.samfox
-		- (www.)email.samfox
-		- (www.)sc			(www → ^)
-		- (www.)schoolpartnership	(www → ^)
-		- casarray.seas
-		- sharedtech
-		- shs
-		- (www.)spa		(www → ^)
-		- (www.)spokane		(www → ^)
-		- sts
-		- summerexperiences
-		- summerschool
-		- (www.)teachingcenter	(www → ^)
-		- technology
-		- telesis
-		- together
-		- train2web
-		- (www.)ucollege	(www → ^)
-		- swi.ucollege			(→ summerschool)
-		- undergradresearch
-		- (www.)undergraduatecouncil	(www → ^)
-		- (www.)universitycompliance	(www → ^)
-		- vfh
-		- (www.)visitor			(→ www)
-		- webstac
-		- (www.)writingcenter	(www → ^)
-		- wubio
-		- wuissrv20
-		- (www.)wulife		(www → ^)
-		- wumsapply
-		- (www.)wupd		(www → ^)
-		- (www.)wuphysicians	(→ secure.wuphysicians)
-		- secure.wuphysicians
-		- wuro
-
-		- wusm subdomains:
-
-			- anest
-			- citpmo
-			- citservices
-			- dptcourses
-			- dxdialog
-			- facultyaffairs
-			- fpp
-			- mail
-			- portal
-			- ppdpt
-			- risk
-			- secpriv
-			- wumatrix
-			- wusmeducation
-
-		- wusmdar1
-		- (www.)wusmhealth	(www → ^)
-		- wusmhelp
-		- wusmproserv	(→ medfacilities)
-		- wustlkey
+	Mixed content:
+
+		- iframe on growleadchange, studentconduct from www.youtube.com *
+
+		- css, on:
+
+			- (www.)?, (www.)?bearsports, brownschool, growleadchange, historyofmedicine, hrpo, facilities.med, olincareers, pacs, reader, tlcenter from fonts.googleapis.com *
+			- growleadchange from maxcdn.bootstrapcdn.com *
+
+		- Images, on:
+
+			- hdw.artsci from talus.artsci.wustl.edu
+			- (www.)?bearsports from cdn\d+.psbin.com
+			- box, card, cio, danforthuniversitycenter, diningservices, diversity, eventmanagement, global, hrpo, mdadmissions, pacs, provost, publichealth, reserveaspace, reslife, schoolpartnership, sts, facultyaffairs.wusm from $self *
+			- engineering from images.ak.instagram.com
+			- onlinelaw from 2tor-test.s3.amazonaws.com
+			- sustain from sustainability.wustl.edu *
+
+		- favicon on gifts from www.wustl.edu *
+
+		- Bugs, on:
+
+			- thought.artsci from stitcher.com
+			- (www.)?bearsports from pixel.quantserve.com *
+
+	* Secured by us
 
 -->
-<ruleset name="Washington University in St. Louis (partial)">
+<ruleset name="WUStL.edu (partial)" default_off="failed ruleset test">
 
 	<target host="wustl.edu" />
-	<target host="*.wustl.edu" />
-		<exclusion pattern="^http://admissions\.wustl\.edu/(?!HomePageRotatingImages/|images/|js/|_layouts/|request/|SiteCollectionImages/|Style\ Library/|WebResource\.axd)" />
-		<exclusion pattern="^http://(?:www\.)?ot\.wustl\.edu/(?!css/|fonts/|images/|js/|mm/images/|RadControls/|(?:Script|Web)Resource\.axd|UltimateSearchInclude/)" />
+	<target host="acadinfo.wustl.edu" />
+	<target host="acm.wustl.edu" />
+	<target host="www.acm.wustl.edu" />
+	<target host="addiction-partnership.wustl.edu" />
+	<target host="admissions.wustl.edu" />
+	<target host="aishelp.wustl.edu" />
+	<target host="aisinfo.wustl.edu" />
+	<target host="aiswiki.wustl.edu" />
+	<target host="alumni.wustl.edu" />
+	<target host="apap.wustl.edu" />
+	<target host="ares.wustl.edu" />
+
+	<target host="asapps.artsci.wustl.edu" />
+	<target host="college.artsci.wustl.edu" />
+	<target host="computing.artsci.wustl.edu" />
+	<target host="hdw.artsci.wustl.edu" />
+	<target host="pad.artsci.wustl.edu" />
+	<target host="thought.artsci.wustl.edu" />
+
+	<target host="asc.wustl.edu" />
+	<target host="assemblyseries.wustl.edu" />
+	<target host="bb.wustl.edu" />
+	<target host="becker.wustl.edu" />
+	<target host="becker1.wustl.edu" />
+	<target host="beckerproxy.wustl.edu" />
+	<target host="login.beckerproxy.wustl.edu" />
+	<target host="www.beckerproxy.wustl.edu" />
+	<target host="biostat.wustl.edu" />
+	<target host="biostatistics.wustl.edu" />
+	<target host="box.wustl.edu" />
+	<target host="brand.wustl.edu" />
+	<target host="brownschool.wustl.edu" />
+	<target host="bulletin-int.wustl.edu" />
+	<target host="bulletinoftheschoolofmedicine.wustl.edu" />
+	<target host="cait.wustl.edu" />
+	<target host="card.wustl.edu" />
+	<target host="careercenter.wustl.edu" />
+	<target host="careers.wustl.edu" />
+	<target host="cctools.wustl.edu" />
+	<target host="ccs.wustl.edu" />
+	<target host="cio.wustl.edu" />
+	<target host="circl.wustl.edu" />
+	<target host="circle.wustl.edu" />
+	<target host="cits.wustl.edu" />
+	<target host="cme.wustl.edu" />
+	<target host="cme-online.wustl.edu" />
+	<target host="cmeonline.wustl.edu" />
+	<target host="codeofconduct.wustl.edu" />
+	<target host="communityservice.wustl.edu" />
+	<target host="complianceoffice.wustl.edu" />
+	<target host="connect.wustl.edu" />
+	<target host="connecthelp.wustl.edu" />
+	<target host="cornerstone.wustl.edu" />
+	<target host="courses.wustl.edu" />
+	<target host="intranet.dbbs.wustl.edu" />
+	<target host="danforthuniversitycenter.wustl.edu" />
+	<target host="dcminfo.wustl.edu" />
+	<target host="dermpath.wustl.edu" />
+	<target host="diningservices.wustl.edu" />
+	<target host="diversity.wustl.edu" />
+	<target host="dropbox.wustl.edu" />
+	<target host="duc.wustl.edu" />
+	<target host="ehs.wustl.edu" />
+	<target host="eliotsocietyvolunteer.wustl.edu" />
+	<target host="email.wustl.edu" />
+	<target host="emergency.wustl.edu" />
+	<target host="engineering.wustl.edu" />
+	<target host="secure.engineering.wustl.edu" />
+	<target host="epars.wustl.edu" />
+	<target host="essweb.wustl.edu" />
+	<target host="eventmanagement.wustl.edu" />
+	<target host="f5rsrc.wustl.edu" />
+	<target host="facilities.wustl.edu" />
+	<target host="facultyinformationhandbook.wustl.edu" />
+	<target host="facultysenate.wustl.edu" />
+	<target host="fishelp.wustl.edu" />
+	<target host="fpp.wustl.edu" />
+	<!--target host="fppeducation.wustl.edu" /-->
+	<target host="gephardtinstitute.wustl.edu" />
+	<target host="getinvolved.wustl.edu" />
+	<target host="gifts.wustl.edu" />
+	<target host="glo.wustl.edu" />
+	<target host="global.wustl.edu" />
+	<target host="globaldatabase.wustl.edu" />
+	<!--target host="gme.wustl.edu" /-->
+	<target host="go.wustl.edu" />
+	<target host="gpc.wustl.edu" />
+	<target host="gradcenter.wustl.edu" />
+	<!--target host="gradpages.wustl.edu" /-->
+	<target host="graduateschool.wustl.edu" />
+	<target host="grantsandcontracts.wustl.edu" />
+	<target host="growleadchange.wustl.edu" />
+	<target host="gwbweb.wustl.edu" />
+	<target host="helpdesk.wustl.edu" />
+	<target host="historyofmedicine.wustl.edu" />
+	<target host="hr.wustl.edu" />
+	<target host="hrpo.wustl.edu" />
+	<target host="i-cares.wustl.edu" />
+	<target host="icares.wustl.edu" />
+	<target host="illiad.wustl.edu" />
+	<target host="informationsecurity.wustl.edu" />
+	<target host="inside.wustl.edu" />
+	<target host="insurance.wustl.edu" />
+	<target host="isadom.wustl.edu" />
+	<target host="labconnect.wustl.edu" />
+	<target host="law.wustl.edu" />
+	<target host="library.wustl.edu" />
+	<target host="login.wustl.edu" />
+	<target host="loopliving.wustl.edu" />
+	<target host="m.wustl.edu" />
+	<target host="magazine.wustl.edu" />
+	<target host="mdadmissions.wustl.edu" />
+
+	<target host="citservices.med.wustl.edu" />
+	<target host="facilities.med.wustl.edu" />
+	<target host="finaid.med.wustl.edu" />
+
+	<target host="medapps.wustl.edu" />
+	<target host="medicine.wustl.edu" />
+	<target host="mednews.wustl.edu" />
+	<target host="medportal.wustl.edu" />
+	<target host="medschool.wustl.edu" />
+	<target host="medschooldiversity.wustl.edu" />
+	<!--target host="medschoolhr.wustl.edu" /-->
+	<target host="medstudents3.wustl.edu" />
+	<target host="minimed.wustl.edu" />
+	<target host="mirweb.mir.wustl.edu" />
+	<target host="www.mir.wustl.edu" />
+	<target host="mylaw.wustl.edu" />
+	<target host="netpartnerstudent.wustl.edu" />
+	<target host="news.wustl.edu" />
+	<target host="news-info.wustl.edu" />
+	<target host="notesplace.wustl.edu" />
+	<target host="nso.wustl.edu" />
+	<target host="nss.wustl.edu" />
+	<target host="oiss.wustl.edu" />
+	<target host="oisshome.wustl.edu" />
+	<target host="apps.olin.wustl.edu" />
+	<target host="olincareers.wustl.edu" />
+	<target host="onlinelaw.wustl.edu" />
+
+	<target host="apply.onlinelaw.wustl.edu" />
+	<target host="cdn0.onlinelaw.wustl.edu" />
+	<target host="cdn1.onlinelaw.wustl.edu" />
+	<target host="cdn2.onlinelaw.wustl.edu" />
+	<target host="www.onlinelaw.wustl.edu" />
+
+	<target host="www.ot.wustl.edu" />
+	<target host="otapps.wustl.edu" />
+	<target host="otm.wustl.edu" />
+	<target host="outlook.wustl.edu" />
+	<target host="pacs.wustl.edu" />
+	<target host="pages.wustl.edu" />
+	<target host="parents.wustl.edu" />
+	<target host="parking.wustl.edu" />
+	<target host="pathologyservices.wustl.edu" />
+	<target host="wii.pcf.wustl.edu" />
+	<target host="physicaltherapy.wustl.edu" />
+	<target host="police.wustl.edu" />
+	<target host="provost.wustl.edu" />
+	<target host="pt.wustl.edu" />
+	<target host="publichealth.wustl.edu" />
+	<target host="radsafety.wustl.edu" />
+	<target host="raps.wustl.edu" />
+	<target host="reader.wustl.edu" />
+	<target host="record.wustl.edu" />
+	<target host="redcap.wustl.edu" />
+	<target host="referral.wustl.edu" />
+	<target host="registrar.wustl.edu" />
+	<target host="repsvcs-prod2.wustl.edu" />
+	<target host="research.wustl.edu" />
+	<target host="researchgateway.wustl.edu" />
+	<target host="reserveaspace.wustl.edu" />
+	<!--target host="residency.wustl.edu" /-->
+	<target host="reslife.wustl.edu" />
+	<target host="rprportal.wustl.edu" />
+	<!--target host="email.samfox.wustl.edu" /-->
+	<!--target host="www.email.samfox.wustl.edu" /-->
+	<target host="sc.wustl.edu" />
+	<target host="schoolpartnership.wustl.edu" />
+	<target host="sexualviolence.wustl.edu" />
+	<target host="sfs.wustl.edu" />
+	<target host="sharedtech.wustl.edu" />
+	<target host="shs.wustl.edu" />
+	<!--target host="sites.wustl.edu" /> <- needs clearnet testing -->
+	<!--target host="skandalaris.wustl.edu" /> <- needs clearnet testing -->
+	<target host="spa.wustl.edu" />
+	<target host="spokane.wustl.edu" />
+	<target host="m.spokane.wustl.edu" />
+	<target host="sts.wustl.edu" />
+	<target host="studentaccounting.wustl.edu" />
+	<target host="studentconduct.wustl.edu" />
+	<target host="studenthealth.wustl.edu" />
+	<target host="studentinvolvement.wustl.edu" />
+	<target host="summerexperiences.wustl.edu" />
+	<target host="summerschool.wustl.edu" />
+	<target host="sustain.wustl.edu" />
+	<target host="sustainability.wustl.edu" />
+	<target host="teachingcenter.wustl.edu" />
+	<target host="technology.wustl.edu" />
+	<target host="telesis.wustl.edu" />
+	<target host="testreserveaspace.wustl.edu" />
+	<target host="tlcenter.wustl.edu" />
+	<target host="together.wustl.edu" />
+	<target host="train2web.wustl.edu" />
+	<target host="uavisitscheduler.wustl.edu" />
+	<target host="ucollege.wustl.edu" />
+	<target host="undergraduatecouncil.wustl.edu" />
+	<target host="undergradresearch.wustl.edu" />
+	<target host="vfh.wustl.edu" />
+	<target host="visitor.wustl.edu" />
+	<target host="webevent.wustl.edu" />
+	<target host="webstac.wustl.edu" />
+	<target host="wubio.wustl.edu" />
+	<target host="wuissrv20.wustl.edu" />
+	<target host="wulife.wustl.edu" />
+	<target host="wumath.wustl.edu" />
+	<target host="wupath.wustl.edu" />
+	<target host="wuphysicians.wustl.edu" />
+	<target host="wupd.wustl.edu" />
+	<target host="wuro.wustl.edu" />
+
+	<target host="anest.wusm.wustl.edu" />
+	<target host="citpmo.wusm.wustl.edu" />
+	<target host="classrecordings.wusm.wustl.edu" />
+	<target host="dptcourses.wusm.wustl.edu" />
+	<target host="dxdialog.wusm.wustl.edu" />
+	<target host="ehsaweb.wusm.wustl.edu" />
+	<target host="facultyaffairs.wusm.wustl.edu" />
+	<target host="insidegme.wusm.wustl.edu" />
+	<target host="mail.wusm.wustl.edu" />
+	<target host="medapps.wusm.wustl.edu" />
+	<target host="portal.wusm.wustl.edu" />
+	<target host="risk.wusm.wustl.edu" />
+	<target host="secpriv.wusm.wustl.edu" />
+	<target host="tsonlinepermit.wusm.wustl.edu" />
+	<target host="wumatrix.wusm.wustl.edu" />
+	<target host="wumsweb.wusm.wustl.edu" />
+	<target host="wusmeducation.wusm.wustl.edu" />
+	<target host="ysp.wusm.wustl.edu" />
+
+	<target host="wusmaccount.wustl.edu" />
+	<target host="wusmapply.wustl.edu" />
+	<target host="wusmdar1.wustl.edu" />
+	<target host="wusmforms.wustl.edu" />
+	<target host="wusmhealth.wustl.edu" />
+	<target host="wusmhelp.wustl.edu" />
+	<target host="wusmregistrar.wustl.edu" />
+	<target host="wustlkey.wustl.edu" />
+	<target host="www.wustl.edu" />
+
+	<!--	Complications:
+				-->
+	<target host="www.alumni.wustl.edu" />
+	<target host="artsci.wustl.edu" />
+	<target host="www.artsci.wustl.edu" />
+	<target host="www.becker.wustl.edu" />
+	<target host="beckerweb.wustl.edu" />
+	<target host="beckerweb2.wustl.edu" />
+	<target host="www.biology.wustl.edu" />
+	<target host="biology4.wustl.edu" />
+	<target host="www.biostat.wustl.edu" />
+	<target host="www.biostatistics.wustl.edu" />
+	<target host="www.bulletinoftheschoolofmedicine.wustl.edu" />
+	<target host="www.cait.wustl.edu" />
+	<!--target host="campusy.wustl.edu" /-->
+	<target host="www.card.wustl.edu" />
+	<target host="www.careercenter.wustl.edu" />
+	<target host="www.careers.wustl.edu" />
+	<target host="catalog.wustl.edu" />
+	<target host="www.codeofconduct.wustl.edu" />
+	<target host="www.communityservice.wustl.edu" />
+	<target host="www.complianceoffice.wustl.edu" />
+	<target host="www.diningservices.wustl.edu" />
+	<target host="www.cornerstone.wustl.edu" />
+	<target host="digitalcommons.wustl.edu" />
+	<target host="www.ehs.wustl.edu" />
+	<target host="www.eliotsocietyvolunteer.wustl.edu" />
+	<target host="www.emergency.wustl.edu" />
+	<target host="www.engineering.wustl.edu" />
+	<target host="evals.wustl.edu" />
+	<target host="www.facultysenate.wustl.edu" />
+	<target host="www.gephardtinstitute.wustl.edu" />
+	<target host="www.getinvolved.wustl.edu" />
+	<target host="www.glo.wustl.edu" />
+
+	<!--target host="bec.grad.wustl.edu" /-->
+	<!--target host="bgc.grad.wustl.edu" /-->
+	<!--target host="cssa.grad.wustl.edu" /-->
+	<!--target host="ican.grad.wustl.edu" /-->
+	<!--target host="kgsa.grad.wustl.edu" /-->
+
+	<target host="hipaa.wustl.edu" />
+	<target host="www.i-cares.wustl.edu" />
+	<target host="www.icares.wustl.edu" />
+	<target host="www.illiad.wustl.edu" />
+	<target host="www.insurance.wustl.edu" />
+	<target host="www.law.wustl.edu" />
+	<target host="www.library.wustl.edu" />
+	<target host="www.medicine.wustl.edu" />
+	<target host="mir.wustl.edu" />
+	<target host="myreslife.wustl.edu" />
+	<target host="www.oiss.wustl.edu" />
+	<target host="www.oisshome.wustl.edu" />
+	<target host="openscholarship.wustl.edu" />
+	<target host="ot.wustl.edu" />
+	<!--target host="outgrads.wustl.edu" /-->
+	<target host="www.pacs.wustl.edu" />
+	<target host="www.parents.wustl.edu" />
+	<target host="www.parking.wustl.edu" />
+	<target host="www.police.wustl.edu" />
+	<target host="www.publichealth.wustl.edu" />
+	<target host="www.registrar.wustl.edu" />
+	<target host="autodiscover.samfox.wustl.edu" />
+	<target host="www.sc.wustl.edu" />
+	<target host="www.schoolpartnership.wustl.edu" />
+	<target host="www.spa.wustl.edu" />
+	<target host="www.spokane.wustl.edu" />
+	<target host="studentrecords.wustl.edu" />
+	<target host="www.studentrecords.wustl.edu" />
+	<target host="www.sustainability.wustl.edu" />
+	<target host="www.teachingcenter.wustl.edu" />
+	<target host="swi.ucollege.wustl.edu" />
+	<target host="www.ucollege.wustl.edu" />
+	<target host="www.undergraduatecouncil.wustl.edu" />
+	<target host="ur.wustl.edu" />
+	<target host="www.visitor.wustl.edu" />
+	<target host="www.wulife.wustl.edu" />
+	<target host="www.wupd.wustl.edu" />
+	<target host="fpp.wusm.wustl.edu" />
+	<target host="www.wusmhealth.wustl.edu" />
+	<target host="wusmproserv.wustl.edu" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.ot\.wustl\.edu/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.ot\.wustl\.edu/(?!css/|fonts/|images/|js/|mm/images/|RadControls/|(?:Script|Web)Resource\.axd|UltimateSearchInclude/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.ot.wustl.edu/FPtech/powerpole.htm" />
+			<test url="http://www.ot.wustl.edu/about-103" />
+			<test url="http://www.ot.wustl.edu/admissions-102" />
+			<test url="http://www.ot.wustl.edu/alumni-108" />
+			<test url="http://www.ot.wustl.edu/education/masters-msot/application-process-requirements-138" />
+			<test url="http://www.ot.wustl.edu/fptech/" />
+			<test url="http://www.ot.wustl.edu/fptech/atticwork.htm" />
+			<test url="http://www.ot.wustl.edu/fptech/floorjoist.htm" />
+			<test url="http://www.ot.wustl.edu/research-105" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.ot.wustl.edu/RadControls/Menu/Menu.css" />
+			<test url="http://www.ot.wustl.edu/css/typography.min.css" />
+			<test url="http://www.ot.wustl.edu/fonts/modernpictograms/stylesheet.css" />
+			<test url="http://www.ot.wustl.edu/images/wusm-logo.jpg" />
+			<test url="http://www.ot.wustl.edu/mm/images/us-news-world-report-logo.png" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://tlcenter\.wustl\.edu/index\.jsp" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://tlcenter\.wustl\.edu/+(?!coursebasket/publicCourseBasket\.do|css/|images/|portal(?:$|[?/])|restricted/|srs/upload/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://tlcenter.wustl.edu/contentManagement.do?method=load&amp;code=WUSTL0001" />
+			<test url="http://tlcenter.wustl.edu/contentManagement.do?method=load&amp;code=WUSTL0002" />
+			<test url="http://tlcenter.wustl.edu/contentManagement.do?method=load&amp;code=WUSTL0003" />
+			<test url="http://tlcenter.wustl.edu/coursebasket/publicCourseBasket.do?method=load" />
+			<test url="http://tlcenter.wustl.edu/index.jsp" />
+			<test url="http://tlcenter.wustl.edu/public/category/programArea.do?method=load&amp;selectedProgramAreaId=16201" />
+			<test url="http://tlcenter.wustl.edu/search/publicCourseSearchDetails.do?method=load&amp;courseId=16497" />
+			<test url="http://tlcenter.wustl.edu/search/publicCourseSearchDetails.do?method=load&amp;courseId=16687" />
+			<test url="http://tlcenter.wustl.edu/search/publicCourseSearchDetails.do?method=load&amp;courseId=16826&amp;selectedProgramAreaId=16201&amp;selectedProgramStreamId=16465" />
+			<test url="http://tlcenter.wustl.edu/search/publicCourseSearchDetails.do?method=load&amp;courseId=16890" />
+
+			<!--	-ve:
+					-->
+			<test url="http://tlcenter.wustl.edu/coursebasket/publicCourseBasket.do?method=load" />
+			<test url="http://tlcenter.wustl.edu/css/customBase.css" />
+			<test url="http://tlcenter.wustl.edu/images/PE_leadership_web_2%5B1%5D.jpg" />
+			<test url="http://tlcenter.wustl.edu/portal/logon.do" />
+			<test url="http://tlcenter.wustl.edu/portal/logonInstructor.do" />
+			<test url="http://tlcenter.wustl.edu/restricted/3rdPartyTools/icomoon/icomoon.css" />
+			<test url="http://tlcenter.wustl.edu/srs/upload/Wk%20of%2011.16.15%20Courses.JPG" />
 
 
-	<securecookie host="^(?:acadinfo|[af]ishelp|alumni|(?:asapps|college|computing|thought)\.artsci|assemblyseries|bearsports|becker1?|\.secure\.biostat|brand|bulletin|card|careercenter|ccs|cme|codeofconduct|communityservice|complianceoffice|connect(?:help)?|(?:www\.)?cornerstone|danforthuniversitycenter|du?c|epars|facilities|facultysenate|firstyear|getinvolved|gifts|glo|globaldatabase|go|gradpages|graduateschool|grantsandcontracts|helpdesk|hr|hrpo|icares|inside(?:olin)?|internalaudit|istcs|login|magazine|mcdonnell|med(?:facilities|news|portal|schoolhr)|mylaw|news|news-info|notesplace|nso|oisshome|apps\.olin|apply\.onlinelaw|pages|parents|parking|physicaltherapy|police|provost|pt|publichealth|radsafety|record|research|reslife|rprportal|(?:www\.)?email\.samfox|sc|casarray\.seas|sharedtech|shs|spokane|summer(?:experiences|school)|teachingcenter|telesis|together|train2web|ucollege|undergrad(?:research|uatecouncil)|universitycompliance|wubio|wuissrv20|wulife|wumsapply|wupd|wuro|(?:anest|citservices|dptcourses|dxdialog|facultyaffairs|fpp|mail|portal|ppdpt|risk|secpriv|wusmeducation)\.wusm|wustlkey|www)\.wustl\.edu$" name=".+" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:(?:acadinfo|admissions|aisinfo|alumni|asc|assemblyseries|brand|careercenter|careers|ccs|codeofconduct|complianceoffice|connect|connecthelp|courses|dcminfo|dropbox|ehs|eliotsocietyvolunteer|engineering|f5rsrc|facilities|firstyear|getinvolved|gifts|glo|grantsandcontracts|growleadchange|gwbweb|helpdesk|i-?cares|insurance|login|loopliving|m|mednews|news|news-info|nso|nss|otm|outlook|parking|police|raps|referral|research|researchgateway|sexualviolence|sfs|sharedtech|shs|studentaccounting|studentinvolvement|telesis|together|uavisitscheduler|visitor|webevent|wuissrv20|wulife|wupd|wuro|wustlkey|www)\.)?wustl\.edu$" name="^BIGipServer" /-->
+	<!--securecookie host="^\.wustl\.edu$" name="^(?:__cfduid|III_EXPT_FILE|III_SESSION_ID|PS_TOKEN|cf_clearance)$" /-->
+	<!--securecookie host="^acadinfo\.wustl\.edu$" name="^ASPSESSIONID[A-Z]{8}$" /-->
+	<!--securecookie host="^(?:www\.)?acm\.wustl\.edu$" name="^_acm_app_session$" /-->
+	<!--securecookie host="^aisinfo\.wustl\.edu$" name="-PSJSESSIONID$" /-->
+	<!--securecookie host="^bb\.wustl\.edu$" name="^session_id$" /-->
+	<!--securecookie host="^cait\.wustl\.edu$" name="^JSESSIONID$" /-->
+	<!--securecookie host="^(?:connect|courses|labconnect|uavisitscheduler|wumsapply|(?:wusmaccount|ysp)\.wusm)\.wustl\.edu$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^cornerstone\.wustl\.edu$" name="^(?:\.ASPXANONYMOUS|language)$" /-->
+	<!--securecookie host="^(?:cctools|connect|sharedtech)\.wustl\.edu$" name="^_shibstate_\d+_[\da-f]+$" /-->
+	<!--securecookie host="^(?:globaldatabase|mcdonnell|universitycompliance)\.wustl\.edu$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^labconnect\.wustl\.edu$" name="^ITF_PortalCookie$" /-->
+	<!--securecookie host="^law\.wustl\.edu$" name="^EktGUID$" /-->
+	<!--securecookie host="^(?:mcdonnell|universitycompliance)\.wustl\.edu$" name="^xid$" /-->
+	<!--securecookie host="^medportal\.wustl\.edu$" name="^(?:NSC_|block$|wums$)" /-->
+	<securecookie host="^\.mir\.wustl\.edu$" name="^cadata[\dA-F]{32}$" />
+	<!--securecookie host="^(?:cdn[0-2]\.)?onlinelaw\.wustl\.edu$" name="^AWSELB$" /-->
+	<!--securecookie host="^redcap\.wustl\.edu$" name="^survey$" /-->
+	<!--securecookie host="^(?:www\.)?email\.samfox\.wustl\.edu$" name="^(?:cadata|sessionid)$" /-->
+	<!--securecookie host="^(?:m\.)?spokane\.wustl\.edu$" name="^SESSION_SCOPE$" /-->
+	<!--securecookie host="^\.spokane\.wustl\.edu$" name="^SESSION_LANGUAGE$" /-->
+	<!--securecookie host="^wuphysicians\.wustl\.edu$" name="^(?:\.ASPXANONYMOUS|__RequestVerificationToken|dnn_IsMobile|language)$" /-->
+	<!--securecookie host="^mail\.wusm\.wustl\.edu$" name="^ClientId$" /-->
+	<!--securecookie host="^wusmdar1\.wustl\.edu$" name="^(?:block|wums)$" /-->
+
+	<securecookie host="^(?!ot\.|www\.ot\.|tlcenter\.)\w" name=".+" />
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance|__qca)$" />
+	<securecookie host="^\.secure\.biostat\.wustl\.edu$" name=".+" />
 	<!--
 		Being cautious with wildcard cookies:
 
 	<securecookie host="^\.wustl\.edu$" name="^(AISPROD-80-PORTAL-PSJSESSIONID|III_EXPT_FILE|III_SESSION_ID|SESS\w{32}|SESSION_LANGUAGE)$" />
-	<securecookie host="^\.(college\.artsci|becker|summerexperiences|vfh|ucollege)\.wustl\.edu$" name="^SESS\w{32}$" /-->
-
+	<securecookie host="^\.(college\.artsci|becker|vfh|ucollege)\.wustl\.edu$" name="^SESS\w{32}$" /-->
 
-	<rule from="^http://(?:www\.)?(cait\.)?wustl\.edu/"
-		to="https://www.$1wustl.edu/" />
-
-	<rule from="^http://(acadinfo|admissions|[af]ishelp|aiswiki|aladdin|alumni|(?:asapps|college|computing|thought)\.artsci|assemblyseries|bb|becker1?|(?:login\.|www\.)?beckerproxy|secure\.biostat|biostatistics|brand|bulletin(?:-int|oftheschoolofmedicine)?|www\.cait|ccs|circle|cits|connect(?:help)?|(?:www\.)?cornerstone|danforthuniversitycenter|du?c|diningservices|diversity|dropbox|ehs|ehsaweb|secure\.engineering|epars|essweb|facilities|firstyear|fppeducation|gifts|global(?:database)?|gme|go|gradpages|graduateschool|grantsandcontracts|helpdesk|historyofmedicine|hr|hrpo|inside(?:olin)?|istcs|law|login|loopliving|magazine|mcdonnell|med(?:admissions|facilities|news|portal|schoolhr)|minimed|mylaw|news|news-info|notesplace|nso|(?:apps\.|www\.)?olin|olincareers|apply\.onlinelaw|(?:www\.)?ot|pages|physicaltherapy|police|provost|pt|radsafety|record|research|reslife|rprportal|(?:autodiscover|(?:www\.)?email)\.samfox|casarray\.seas|sharedtech|s[ht]s|summer(?:experiences|school)|technology|telesis|together|train2web|undergradresearch|universitycompliance|vfh|webstac|wubio|wuissrv20|wumsapply|secure\.wuphysicians|wuro|(?:anest|citpmo|citservices|dptcourses|dxdialog|facultyaffairs|fpp|mail|portal|ppdpt|risk|secpriv|wumatrix|wusmeducation)\.wusm|wusmdar1|wusmhelp|wustlkey)\.wustl\.edu/"
-		to="https://$1.wustl.edu/" />
 
 	<!--	Server drops path like so, sans trailing slash:
 								-->
-	<rule from="^http://www\.(alumni|bulletinoftheschoolofmedicine|ehs)\.wustl\.edu/.*"
+	<rule from="^http://www\.(alumni|biostatistics|bulletinoftheschoolofmedicine|diningservices)\.wustl\.edu/.*"
 		to="https://$1.wustl.edu/" />
 
-	<!--	Server drops path like so:
-						-->
-	<rule from="^http://apap\.wustl\.edu/.*"
-		to="https://alumni.wustl.edu/getinvolved/apap/Pages/default.aspx" />
+		<test url="http://www.alumni.wustl.edu/index.aspx" />
 
-	<!--	At least some in files/ doesn't exist on computing:
-									-->
-	<rule from="^http://(?:www\.)?artsci\.wustl\.edu/sites/"
-		to="https://computing.artsci.wustl.edu/sites/" />
+	<rule from="^http://(?:www\.)?artsci\.wustl\.edu/"
+		to="https://computing.artsci.wustl.edu/" />
 
-	<!--	Server drops path like so:
-						-->
-	<rule from="^http://asc\.wustl\.edu/.*"
-		to="https://research.wustl.edu/Offices_Committees/ASC/Pages/default.aspx" />
+		<!--	At least some in files/ doesn't exist on computing:
+										-->
+		<exclusion pattern="^http://(?:www\.)?artsci\.wustl\.edu/(?!sites/)" />
 
-	<rule from="^http://(?:www\.)?(bearsports|card|careercenter|codeofconduct|communityservice|complianceoffice|emergency|facultysenate|getinvolved|glo|icares|internalaudit|law|oisshome|pacs|parents|parking|publichealth|registrar|sc|schoolpartnership|spa|spokane|teachingcenter|ucollege|undergraduatecouncil|writingcenter|wulife|wupd|wusmhealth)\.wustl\.edu/"
-		to="https://$1.wustl.edu/" />
+			<!--	+ve:
+					-->
+			<test url="http://artsci.wustl.edu/index.aspx" />
 
 	<!--	$ redirects successfully:
 						-->
-	<rule from="^http://(?:www\.becker|beckerweb)\.wustl\.edu/(?:\?.*)?$"
+	<rule from="^http://(?:www\.becker|beckerweb2?)\.wustl\.edu/(?:\?.*)?$"
 		to="https://becker.wustl.edu/" />
 
 	<!--	Other paths redirect like so:
 						-->
-	<rule from="^http://(?:www\.becker|beckerweb)\.wustl\.edu/.*"
+	<rule from="^http://(?:www\.becker|beckerweb2?)\.wustl\.edu/.*"
 		to="https://becker.wustl.edu/wip/404.html" />
 
-	<rule from="^http://www\.biology4?\.wustl\.edu/(?:\?.*)?$"
+		<test url="http://www.becker.wustl.edu/index.html" />
+		<test url="http://beckerweb.wustl.edu/index.html" />
+
+	<!--	Redirect drops forward slash and args:
+							-->
+	<rule from="^http://(?:www\.biology|biology4)\.wustl\.edu/.*"
 		to="https://wubio.wustl.edu/" />
 
-	<!--	Server drops path like so:
-						-->
-	<rule from="^http://www\.biostatistics\.wustl\.edu/.*"
-		to="https://biostatistics.wustl.edu/" />
+		<!--	/+[^?]+ doesn't redirect:
+							-->
+		<exclusion pattern="^http://(?:www\.biology|biology4)\.wustl\.edu/+(?!$|\?)" />
 
-	<rule from="^http://(?:www\.)?campusy\.wustl\.edu/"
-		to="https://www.ymcastlouis.org/washington-university-campus-ymca" />
+			<test url="http://www.biology.wustl.edu/index.asp" />
+			<test url="http://www.biology.wustl.edu/index.aspx" />
+			<test url="http://www.biology.wustl.edu/index.html" />
+			<test url="http://biology4.wustl.edu/index.asp" />
+			<test url="http://biology4.wustl.edu/index.aspx" />
+			<test url="http://biology4.wustl.edu/index.html" />
 
-	<!--	Server drops path like so:
-						-->
-	<rule from="^http://(?:www\.)?careers\.wustl\.edu/.*"
-		to="https://careercenter.wustl.edu/" />
+	<rule from="^http://www\.(cait|card|communityservice|complianceoffice|careercenter|careers|codeofconduct|cornerstone|ehs|eliotsocietyvolunteer|emergency|engineering|facultysenate|gephardtinstitute|getinvolved|glo|i-?cares|illiad|library|law|medicine|pacs|parents|parking|oiss|oisshome|police|publichealth|registrar|sc|schoolpartnership|spa|spokane|sustainability|teachingcenter|ucollege|undergraduatecouncil|visitor|wulife|wupd|wusmhealth)\.wustl\.edu/"
+		to="https://$1.wustl.edu/" />
 
-	<rule from="^http://digitalcommons\.wustl\.edu/assets/"
-		to="https://dcwustl.bepress.com/assets/" />
+	<!--	Missing cert chain at destination:
+							-->
+	<!--rule from="^http://campusy\.wustl\.edu/"
+		to="https://www.ymcastlouis.org/washington-university-campus-ymca" /-->
 
-	<!--	Server drops path like so:
-						-->
-	<rule from="^http://www\.diningservices\.wustl\.edu/.*"
-		to="https://diningservices.wustl.edu/" />
+	<rule from="^http://catalog\.wustl\.edu/"
+		to="https://spokane.wustl.edu/" />
 
-	<!--	Server drops path like so:
-						-->
-	<rule from="^http://(?:www\.)?eliotsocietyvolunteer\.wustl\.edu/.*"
-		to="https://alumni.wustl.edu/give/annualfund/givingclubs/eliot/volunteers/Pages/default.aspx" />
+	<rule from="^http://digitalcommons\.wustl\.edu/"
+		to="https://dcwustl.bepress.com/" />
 
-	<rule from="^http://evals\.wustl\.edu/(?:\?.*)?$"
-		to="https://asapps.artsci.wustl.edu/evals/login.asp" />
+		<exclusion pattern="^http://digitalcommons\.wustl\.edu/(?!assets/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://digitalcommons.wustl.edu/about.html" />
+
+			<!--	-ve:
+					-->
+			<test url="http://digitalcommons.wustl.edu/assets/styles/ir-left.css" />
+			<test url="http://digitalcommons.wustl.edu/assets/styles/ir-network.css" />
 
-	<rule from="^http://evals\.wustl\.edu/"
-		to="https://artsci.wustl.edu/~college/Redirect/index.html" />
+	<!--	Redirect keeps args, but not forward slash nor path:
+									-->
+	<rule from="^http://evals\.wustl\.edu/[^?]*"
+		to="https://asapps.artsci.wustl.edu/evals/login.asp" />
 
-	<rule from="^http://(bec|bgc|cssa|ican|kgsa)\.grad\.wustl\.edu/"
-		to="https://gradpages.wustl.edu/$1/" />
+		<test url="http://evals.wustl.edu//index.aspx" />
 
 	<rule from="^http://hipaa\.wustl\.edu/"
 		to="https://secpriv.wusm.wustl.edu/privacy/default.aspx" />
 
-	<rule from="^http://lib(answer|guide)s\.wustl\.edu/(css\d*|data|include|js\d*)/"
-		to="https://lib$1s.com/$2/" />
+	<!--	Redirect keeps args but not forward slash:
+							-->
+	<rule from="^http://myreslife\.wustl\.edu/+"
+		to="https://reslife.wustl.edu/" />
 
-	<!--	Server drops path like so:
-						-->
-	<rule from="^http://m\.wustl\.edu/.*"
-		to="https://wustl.edu/apps" />
+		<!--	/+[^?]+ doesn't redirect:
+							-->
+		<exclusion pattern="^http://myreslife\.wustl\.edu/+(?!$|\?)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://myreslife.wustl.edu/index.asp" />
+			<test url="http://myreslife.wustl.edu/index.aspx" />
+			<test url="http://myreslife.wustl.edu/index.htm" />
+			<test url="http://myreslife.wustl.edu/index.php" />
+
+			<!--	-ve:
+					-->
+			<test url="http://myreslife.wustl.edu//?test" />
+			<test url="http://myreslife.wustl.edu/?quota" />
 
-	<rule from="^http://myreslife\.wustl\.edu/(\?.*)?$"
-		to="https://reslife.wustl.edu/$1" />
+	<rule from="^http://openscholarship\.wustl\.edu/"
+		to="https://dcwustlmain.bepress.com/" />
 
-	<rule from="^http://openscholarship\.wustl\.edu/assets/"
-		to="https://dcwustlmain.bepress.com/assets/" />
+		<exclusion pattern="^http://openscholarship\.wustl\.edu/(?!assets/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://openscholarship.wustl.edu/announcements.html" />
+			<test url="http://openscholarship.wustl.edu/communities.html" />
+			<test url="http://openscholarship.wustl.edu/faq.html" />
 
-	<!--	Server drops path like so:
+			<!--	-ve:
+					-->
+			<test url="http://openscholarship.wustl.edu/assets/styles/ir-left.css" />
+			<test url="http://openscholarship.wustl.edu/assets/styles/ir-reset.css" />
+
+	<rule from="^http://(mir|ot)\.wustl\.edu/"
+		to="https://www.$1.wustl.edu/" />
+
+	<!--rule from="^http://(bec|bgc|cssa|ican|kgsa)\.grad\.wustl\.edu/"
+		to="https://gradpages.wustl.edu/$1/" /-->
+
+	<!--rule from="^http://outgrads\.wustl\.edu/"
+		to="https://gradpages.wustl.edu/outgrads/" /-->
+
+	<!--	Redirect drops forward slash:
 						-->
-	<rule from="^http://otm\.wustl\.edu/.*"
-		to="https://research.wustl.edu/Offices_Committees/otm/Pages/OTM.aspx" />
+	<rule from="^http://autodiscover\.samfox\.wustl\.edu/+$"
+		to="https://outlook.office365.com/owa/?realm=samfox.wustl.edu&amp;vd=autodiscover" />
 
-	<rule from="^http://outgrads\.wustl\.edu/"
-		to="https://gradpages.wustl.edu/outgrads/" />
+		<test url="http://autodiscover.samfox.wustl.edu//" />
 
-	<!--	Server drops path like so:
+	<!--	Redirect prepends path:
+					-->
+	<rule from="^http://autodiscover\.samfox\.wustl\.edu/+([^?]+)$"
+		to="https://outlook.office365.com/$1?realm=samfox.wustl.edu&amp;vd=autodiscover" />
+
+		<test url="http://autodiscover.samfox.wustl.edu/index.php" />
+		<test url="http://autodiscover.samfox.wustl.edu/index.asp" />
+		<test url="http://autodiscover.samfox.wustl.edu/index.aspx" />
+
+	<!--	Redirect prepends path and args:
 						-->
-	<rule from="^http://researchgateway\.wustl\.edu/.*"
-		to="https://research.wustl.edu/pages/researchgateway.aspx" />
+	<rule from="^http://autodiscover\.samfox\.wustl\.edu/+(.+)"
+		to="https://outlook.office365.com/$1&amp;realm=samfox.wustl.edu&amp;vd=autodiscover" />
+
+		<test url="http://autodiscover.samfox.wustl.edu/index.php?fill" />
+		<test url="http://autodiscover.samfox.wustl.edu/index.asp?test" />
+		<test url="http://autodiscover.samfox.wustl.edu/index.aspx?quota" />
+
+	<rule from="^http://(?:www\.)?studentrecords\.wustl\.edu/AcadCalendar"
+		to="https://registrar.wustl.edu/academic-calendars/" />
 
-	<rule from="^http://(?:www\.)?studentrecords\.wustl\.edu/(\?.*)?$"
-		to="https://registrar.wustl.edu/$1" />
+	<rule from="^http://(?:www\.)?studentrecords\.wustl\.edu/"
+		to="https://registrar.wustl.edu/" />
 
-	<rule from="^http://(?:www\.)?studentrecords\.wustl\.edu/AcadCalendar(\?.*)?$"
-		to="https://registrar.wustl.edu/academic-calendars/$1" />
+		<exclusion pattern="^http://(?:www\.)?studentrecords\.wustl\.edu/(?!$|\?|AcadCalendar(?:$|\?))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.studentrecords.wustl.edu/index.asp" />
+			<test url="http://www.studentrecords.wustl.edu/index.aspx" />
+			<test url="http://www.studentrecords.wustl.edu/index.cgi" />
+			<test url="http://www.studentrecords.wustl.edu/index.htm" />
+			<test url="http://www.studentrecords.wustl.edu/index.html" />
+			<test url="http://www.studentrecords.wustl.edu/index.jsp" />
+			<test url="http://www.studentrecords.wustl.edu/index.php" />
+			<test url="http://www.studentrecords.wustl.edu/index.xhtml" />
 
 	<rule from="^http://swi\.ucollege\.wustl\.edu/"
 		to="https://summerschool.wustl.edu/swi/" />
 
-	<rule from="^http://ur\.wustl\.edu/(\?.*)?$"
-		to="https://undergradresearch.wustl.edu/$1" />
+	<rule from="^http://ur\.wustl\.edu/+"
+		to="https://undergradresearch.wustl.edu/" />
 
-	<!--	Server drops path like so:
-						-->
-	<rule from="^http://(?:www\.)?visitor\.wustl\.edu/.*"
-		to="https://www.wustl.edu/community/visitors" />
+		<exclusion pattern="^http://ur\.wustl\.edu/+(?!$|\?)" />
 
-	<!--	All appear the same:
+			<!--	+ve:
 					-->
-	<rule from="^http://(?:secure\.|www\.)?wuphysicians\.wustl\.edu/"
-		to="https://secure.wuphysicians.wustl.edu/" />
+			<test url="http://ur.wustl.edu/index.asp" />
+			<test url="http://ur.wustl.edu/index.aspx" />
+			<test url="http://ur.wustl.edu/index.htm" />
+			<test url="http://ur.wustl.edu/index.html" />
+			<test url="http://ur.wustl.edu/index.php" />
 
-	<!--	Server drops path like so:
-						-->
-	<rule from="^http://wusmproserv\.wustl\.edu/.*"
-		to="https://medfacilities.wustl.edu/SECURITY/Pages/Home.aspx" />
+			<!--	-ve:
+					-->
+			<test url="http://ur.wustl.edu/?foo" />
+
+	<rule from="^http://fpp\.wusm\.wustl\.edu/"
+		to="https://fpp.wustl.edu/" />
+
+	<!--	Keeps path and args, but not forward slash:
+							-->
+	<rule from="^http://wusmproserv\.wustl\.edu/+"
+		to="https://facilities.med.wustl.edu/security/" />
+
+		<test url="http://wusmproserv.wustl.edu/index.aspx" />
+
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Washington_University_in_St_Louis_Alumni_Association.xml b/src/chrome/content/rules/Washington_University_in_St_Louis_Alumni_Association.xml
index 2dbe9a2f75f0..9af0dd9c149d 100644
--- a/src/chrome/content/rules/Washington_University_in_St_Louis_Alumni_Association.xml
+++ b/src/chrome/content/rules/Washington_University_in_St_Louis_Alumni_Association.xml
@@ -1,8 +1,8 @@
 <!--
-	For other Washington University in St. Louis coverage, see Washington_University_in_St_Louis_Alumni_Association.xml.
+	For other Washington University in St. Louis coverage, see Washington_University_in_St_Louis.xml.
 
 
-	Cert only matches www
+	(www.)?wustlconnections.com: Mismatched
 
 -->
 <ruleset name="Washington University in St. Louis Alumni Association">
@@ -11,10 +11,12 @@
 	<target host="www.wustlconnections.com" />
 
 
-	<securecookie host="^www\.wustlconnections\.com$" name=".+" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?wustlconnections\.com/"
-		to="https://www.wustlconnections.com/" />
+	<!--	Redirect drops path and args, but not forward slash:
+									-->
+	<rule from="^http://(?:www\.)?wustlconnections\.com/[^?]*"
+		to="https://alumni.wustl.edu/Pages/default.aspx" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Washtimes.com.xml b/src/chrome/content/rules/Washtimes.com.xml
new file mode 100644
index 000000000000..9021e94f5323
--- /dev/null
+++ b/src/chrome/content/rules/Washtimes.com.xml
@@ -0,0 +1,23 @@
+<!--
+	For other Washington Times related rulesets, see
+		+ Washington_Times.xml
+
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- washtimes.com
+		- www.washtimes.com
+		- oascentral.washtimes.com
+
+		5xx server error:
+		- altmedia.washtimes.com
+-->
+<ruleset name="Washtimes.com">
+	<target host="media.washtimes.com" />
+	<target host="twt-assets.washtimes.com" />
+	<target host="twt-ee.washtimes.com" />
+	<target host="twt-media.washtimes.com" />
+	<target host="twt-static.washtimes.com" />
+	<target host="twt-thumbs.washtimes.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Wasilczyk.pl.xml b/src/chrome/content/rules/Wasilczyk.pl.xml
new file mode 100644
index 000000000000..cfb5b8ec7046
--- /dev/null
+++ b/src/chrome/content/rules/Wasilczyk.pl.xml
@@ -0,0 +1,17 @@
+<ruleset name="Wasilczyk.pl">
+
+	<target host="wasilczyk.pl" />
+	<target host="blog.wasilczyk.pl" />
+	<target host="www.wasilczyk.pl" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.blog\.wasilczyk\.pl$" name="^pll_language$" /-->
+
+	<securecookie host="^\.blog\.wasilczyk\.pl$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Waste.org.xml b/src/chrome/content/rules/Waste.org.xml
new file mode 100644
index 000000000000..77877993a4b4
--- /dev/null
+++ b/src/chrome/content/rules/Waste.org.xml
@@ -0,0 +1,18 @@
+<!--
+	Non-functional hosts
+		Timeout was reached:
+			 - refuse.waste.org
+
+		SSL peer certificate was not OK:
+			 - mail.waste.org
+			 - ns.waste.org
+-->
+<ruleset name="Waste.org">
+	<target host="waste.org" />
+	<target host="www.waste.org" />
+	<target host="ink.waste.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/WatchMedier.xml b/src/chrome/content/rules/WatchMedier.xml
new file mode 100644
index 000000000000..600aa65f264c
--- /dev/null
+++ b/src/chrome/content/rules/WatchMedier.xml
@@ -0,0 +1,23 @@
+<!--
+	Works but note that most of the hosts that it draws resources from,
+	i.e. FinansWatch, ShippingWatch, etc., currently can not be secured.
+
+	www.watchmedier.dk certificate mismatches
+-->
+<ruleset name="Watch Medier.dk">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="watchmedier.dk" />
+
+	<!--	Complications:
+				-->
+	<target host="www.watchmedier.dk" />
+
+
+	<rule from="^http://www\.watchmedier\.dk/"
+		to="https://watchmedier.dk/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Watchmaxx.xml b/src/chrome/content/rules/Watchmaxx.xml
new file mode 100644
index 000000000000..9d2a7646b694
--- /dev/null
+++ b/src/chrome/content/rules/Watchmaxx.xml
@@ -0,0 +1,7 @@
+<ruleset name="WatchMaxx">
+    <target host="watchmaxx.com" />
+    <target host="www.watchmaxx.com" />
+
+    <rule from="^http:"
+        to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Water-Challenge.com.xml b/src/chrome/content/rules/Water-Challenge.com.xml
index 0a55bc180a33..e0c28329a096 100644
--- a/src/chrome/content/rules/Water-Challenge.com.xml
+++ b/src/chrome/content/rules/Water-Challenge.com.xml
@@ -14,4 +14,4 @@
 	<rule from="^http://(www\.)?water-challenge\.com/(image\.axd|Styles/|themes/)"
 		to="https://$1water-challenge.com/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Water.org.xml b/src/chrome/content/rules/Water.org.xml
index ea6562f1046a..4d39542f071b 100644
--- a/src/chrome/content/rules/Water.org.xml
+++ b/src/chrome/content/rules/Water.org.xml
@@ -10,7 +10,9 @@
 <ruleset name="Water.org (partial)">
 
 	<target host="water.org" />
-	<target host="*.water.org" />
+	<target host="www.water.org" />
+	<target host="contribute.water.org" />
+	<target host="give.water.org" />
 		<exclusion pattern="^http://(?:give\.|www\.)?water\.org/(?!favicon\.ico|media/|static/)" />
 
 
@@ -20,7 +22,6 @@
 	<rule from="^http://(?:www\.)?water\.org/"
 		to="https://water.org/" />
 
-	<rule from="^http://(contribut|giv)e\.water\.org/"
-		to="https://$1e.water.org/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Water_Marquee.xml b/src/chrome/content/rules/Water_Marquee.xml
index 62af8444c15c..dda9df8bb8cb 100644
--- a/src/chrome/content/rules/Water_Marquee.xml
+++ b/src/chrome/content/rules/Water_Marquee.xml
@@ -1,13 +1,12 @@
 <ruleset name="Water Marquee">
 
 	<target host="watermarquee.com" />
-	<target host="*.watermarquee.com" />
+	<target host="www.watermarquee.com" />
 
 
-	<securecookie host="^(?:.*\.)?watermarquee\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(www\.)?watermarquee\.com/"
-		to="https://$1watermarquee.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Waterfox_project.org.xml b/src/chrome/content/rules/Waterfox_project.org.xml
new file mode 100644
index 000000000000..2e7f3c115041
--- /dev/null
+++ b/src/chrome/content/rules/Waterfox_project.org.xml
@@ -0,0 +1,9 @@
+<ruleset name="Waterfox project.org">
+
+	<target host="waterfoxproject.org" />
+	<target host="www.waterfoxproject.org" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Watershed.xml b/src/chrome/content/rules/Watershed.xml
index 5beef38c86fc..0e3401ac47b5 100644
--- a/src/chrome/content/rules/Watershed.xml
+++ b/src/chrome/content/rules/Watershed.xml
@@ -1,19 +1,25 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://watershed.co.uk/ => https://www.watershed.co.uk/: Too many redirects while fetching 'https://www.watershed.co.uk/'
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://watershed.co.uk/ => https://www.watershed.co.uk/: Cycle detected - URL already encountered: https://www.watershed.co.uk/
 	Problematic domains:
 
 		- ^	(redirects to http)
 
 -->
-<ruleset name="Watershed">
+<ruleset name="Watershed" default_off="failed ruleset test">
 
 	<target host="watershed.co.uk" />
-	<target host="*.watershed.co.uk" />
+	<target host="www.watershed.co.uk" />
+	<target host="piwik.watershed.co.uk" />
 
 
 	<rule from="^http://(?:www\.)?watershed\.co\.uk/"
 		to="https://www.watershed.co.uk/" />
 
-	<rule from="^http://piwik\.watershed\.co\.uk/"
-		to="https://piwik.watershed.co.uk/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Watkins.edu.xml b/src/chrome/content/rules/Watkins.edu.xml
index 6d7e5518f7ad..3189e8b527c4 100644
--- a/src/chrome/content/rules/Watkins.edu.xml
+++ b/src/chrome/content/rules/Watkins.edu.xml
@@ -1,4 +1,12 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://watkins.edu/ => https://watkins.edu/: (51, "SSL: no alternative certificate subject name matches target host name 'watkins.edu'")
+Fetch error: http://www.watkins.edu/ => https://www.watkins.edu/: (51, "SSL: no alternative certificate subject name matches target host name 'www.watkins.edu'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://watkins.edu/ => https://watkins.edu/: Cycle detected - URL already encountered: https://watkins.edu/
+Fetch error: http://www.watkins.edu/ => https://www.watkins.edu/: (51, "SSL: no alternative certificate subject name matches target host name 'www.watkins.edu'")
 	Mixed content:
 
 		- Images on www from www *
@@ -11,13 +19,12 @@
 	* Secured by us
 
 -->
-<ruleset name="Watkins.edu">
+<ruleset name="Watkins.edu" default_off="failed ruleset test">
 
 	<target host="watkins.edu" />
 	<target host="www.watkins.edu" />
 
 
-	<rule from="^http://(www\.)?watkins\.edu/"
-		to="https://$1watkins.edu/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Watsi.org.xml b/src/chrome/content/rules/Watsi.org.xml
new file mode 100644
index 000000000000..575c1b702c34
--- /dev/null
+++ b/src/chrome/content/rules/Watsi.org.xml
@@ -0,0 +1,14 @@
+<!--
+	www: refused
+
+-->
+<ruleset name="Watsi.org">
+
+	<target host="watsi.org" />
+	<target host="www.watsi.org" />
+
+
+	<rule from="^http://(?:www\.)?watsi\.org/"
+		to="https://watsi.org/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Watson_Institute.org.xml b/src/chrome/content/rules/Watson_Institute.org.xml
index fc55e63493c6..c708c6e6636b 100644
--- a/src/chrome/content/rules/Watson_Institute.org.xml
+++ b/src/chrome/content/rules/Watson_Institute.org.xml
@@ -25,4 +25,4 @@
 	<rule from="^http://(?:www\.)?watsoninstitute\.org/"
 		to="https://watsoninstitute.org/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Watsons.com.hk.xml b/src/chrome/content/rules/Watsons.com.hk.xml
new file mode 100644
index 000000000000..7ea68c527c34
--- /dev/null
+++ b/src/chrome/content/rules/Watsons.com.hk.xml
@@ -0,0 +1,37 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+		- m.watsons.com.hk
+		- stagem.watsons.com.hk
+
+		Timeout was reached:
+		- sit.m.watsons.com.hk
+		- uat.watsons.com.hk
+		- uatm.watsons.com.hk
+
+		SSL connect error:
+		- prodm.watsons.com.hk
+
+		SSL peer certificate was not OK:
+		- game.watsons.com.hk
+
+		Incomplete certificate chain error:
+		- dev.watsons.com.hk
+		- preview.watsons.com.hk
+
+		4xx client error:
+		- qiakqr1.watsons.com.hk
+-->
+<ruleset name="Watsons.com.hk">
+	<target host="watsons.com.hk" />
+	<target host="www.watsons.com.hk" />
+	<target host="interactive.watsons.com.hk" />
+	<test url="http://interactive.watsons.com.hk/watsbagclawmachine" />
+	<target host="mcms.watsons.com.hk" />
+	<target host="mshare.watsons.com.hk" />
+	<target host="queue.watsons.com.hk" />
+	<target host="reg.watsons.com.hk" />
+	<target host="supplierportal.watsons.com.hk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Wattpad.com.xml b/src/chrome/content/rules/Wattpad.com.xml
new file mode 100644
index 000000000000..20644c2a08d1
--- /dev/null
+++ b/src/chrome/content/rules/Wattpad.com.xml
@@ -0,0 +1,51 @@
+<!--
+	Nonfunctional hosts in *wattpad.com:
+
+		- business *
+
+	* Refused
+
+
+	Problematic hosts in *wattpad.com:
+
+		- blog *
+
+	* Wordpress
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .wattpad.com
+		- shop.wattpad.com
+		- www.wattpad.com
+
+
+	Mixed content:
+
+		- favicon on shop from a.wattpad.net
+
+-->
+<ruleset name="Wattpad.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="wattpad.com" />
+	<target host="a.wattpad.com" />
+	<target host="shop.wattpad.com" />
+	<target host="support.wattpad.com" />
+	<target host="www.wattpad.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.wattpad\.com$" name="^(?:PHPSESSID|lang|locale|wp_id)$" /-->
+	<!--securecookie host="^shop\.wattpad\.com$" name="^htscallerid$" /-->
+	<!--securecookie host="^www\.wattpad\.com$" name="^(?:laravel_session|session_payload)$" /-->
+
+	<securecookie host="^(?:shop|www)?\.wattpad\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/WaveCon.de.xml b/src/chrome/content/rules/WaveCon.de.xml
new file mode 100644
index 000000000000..e37fc5593b59
--- /dev/null
+++ b/src/chrome/content/rules/WaveCon.de.xml
@@ -0,0 +1,9 @@
+<ruleset name="WaveCon.de">
+
+	<target host="wavecon.de" />
+	<target host="www.wavecon.de" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Wavpin.xml b/src/chrome/content/rules/Wavpin.xml
index e5e47e9f7f6c..dfdea6c2d7f9 100644
--- a/src/chrome/content/rules/Wavpin.xml
+++ b/src/chrome/content/rules/Wavpin.xml
@@ -1,17 +1,21 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://wavpin.com/ => https://wavpin.com/: (7, 'Failed to connect to wavpin.com port 443: Connection refused')
+Fetch error: http://www.wavpin.com/ => https://www.wavpin.com/: (7, 'Failed to connect to www.wavpin.com port 443: Connection refused')
+
 	Mixed images from 3rd-party news websites.
 
 -->
-<ruleset name="Wavpin">
+<ruleset name="Wavpin" default_off="failed ruleset test">
 
 	<target host="wavpin.com" />
-	<target host="*.wavpin.com" />
+	<target host="www.wavpin.com" />
 
 
 	<securecookie host="^\.wavpin\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?wavpin\.com/"
-		to="https://$1wavpin.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Way2Allah.com.xml b/src/chrome/content/rules/Way2Allah.com.xml
new file mode 100644
index 000000000000..6ac18d139c5f
--- /dev/null
+++ b/src/chrome/content/rules/Way2Allah.com.xml
@@ -0,0 +1,14 @@
+<!--
+	401 Unauthorized
+		e3jaz.way2allah.com
+-->
+<ruleset name="Way2Allah.com" >
+	<target host="way2allah.com" />
+	<target host="www.way2allah.com" />
+	<target host="forums.way2allah.com" />
+	<target host="montage.way2allah.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/WayOut.lgbt.xml b/src/chrome/content/rules/WayOut.lgbt.xml
new file mode 100644
index 000000000000..666ef69d4931
--- /dev/null
+++ b/src/chrome/content/rules/WayOut.lgbt.xml
@@ -0,0 +1,8 @@
+<ruleset name="WayOut.lgbt">
+	<target host="wayout.lgbt" />
+	<target host="www.wayout.lgbt" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/WayTools.com.xml b/src/chrome/content/rules/WayTools.com.xml
new file mode 100644
index 000000000000..23d2ebe4299a
--- /dev/null
+++ b/src/chrome/content/rules/WayTools.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="WayTools.com">
+
+	<target host="waytools.com" />
+	<target host="www.waytools.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Waymoot.org.xml b/src/chrome/content/rules/Waymoot.org.xml
new file mode 100644
index 000000000000..4f82a9db7607
--- /dev/null
+++ b/src/chrome/content/rules/Waymoot.org.xml
@@ -0,0 +1,16 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.waymoot.org/ => https://www.waymoot.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.waymoot.org'")
+
+-->
+<ruleset name="waymoot.org" default_off="failed ruleset test">
+
+	<target host="waymoot.org" />
+	<target host="www.waymoot.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Wayneashworthart.com.xml b/src/chrome/content/rules/Wayneashworthart.com.xml
new file mode 100644
index 000000000000..1c45cdbd2567
--- /dev/null
+++ b/src/chrome/content/rules/Wayneashworthart.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="Wayneashworthart.com">
+    <target host="wayneashworthart.com" />
+    <target host="www.wayneashworthart.com" />
+
+    <securecookie host=".+" name=".+" />
+
+    <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Wazapp.xml b/src/chrome/content/rules/Wazapp.xml
index 39a242b7ef06..c021cb7be52e 100644
--- a/src/chrome/content/rules/Wazapp.xml
+++ b/src/chrome/content/rules/Wazapp.xml
@@ -6,7 +6,7 @@
 
 	<!--	CN: premium.supportindeed.com
 						-->
-	<rule from="^https?://(?:www\.)?wazapp\.im/"
+	<rule from="^http://(?:www\.)?wazapp\.im/"
 		to="https://wazapp.im/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Waze.com.xml b/src/chrome/content/rules/Waze.com.xml
new file mode 100644
index 000000000000..ff79af685932
--- /dev/null
+++ b/src/chrome/content/rules/Waze.com.xml
@@ -0,0 +1,25 @@
+<!--
+	For other Google coverage, see GoogleServices.xml.
+
+
+	Nonfunctional hosts in *waze.com:
+
+		- blog *
+
+	* Blogger
+
+-->
+<ruleset name="Waze.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="waze.com" />
+	<target host="biz.waze.com" />
+	<target host="biz.world.waze.com" />
+	<target host="www.waze.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Wccftech.com.xml b/src/chrome/content/rules/Wccftech.com.xml
new file mode 100644
index 000000000000..424a7caaec0f
--- /dev/null
+++ b/src/chrome/content/rules/Wccftech.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="Wccftech.com">
+	<target host="wccftech.com" />
+	<target host="www.wccftech.com" />
+	<target host="cdn.wccftech.com" />
+	<target host="deals.wccftech.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Wcfan.de.xml b/src/chrome/content/rules/Wcfan.de.xml
new file mode 100644
index 000000000000..5d39ee67e133
--- /dev/null
+++ b/src/chrome/content/rules/Wcfan.de.xml
@@ -0,0 +1,29 @@
+<!--
+www.bans.wcfan.de ¹
+chat.wcfan.de ¹
+dl.wcfan.de ¹
+download.wcfan.de ¹
+fastdl.wcfan.de ¹
+foren.wcfan.de ¹
+git.wcfan.de ¹
+www.git.wcfan.de ¹
+kronos.wcfan.de ²
+news.wcfan.de ¹
+p1agnut.wcfan.de ¹
+smtp.wcfan.de ¹
+www.wwi.wcfan.de ¹
+
+
+¹ mismatch
+² refused
+-->
+<ruleset name="wcfan.de">
+	<target host="wcfan.de" />
+	<target host="www.wcfan.de" />
+	<target host="bans.wcfan.de" />
+	<target host="hlstats.wcfan.de" />
+	<target host="mail.wcfan.de" />
+	<target host="wwi.wcfan.de" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Wdr.de.xml b/src/chrome/content/rules/Wdr.de.xml
index e4e2e23f1600..4f281c719889 100644
--- a/src/chrome/content/rules/Wdr.de.xml
+++ b/src/chrome/content/rules/Wdr.de.xml
@@ -1,6 +1,126 @@
-<ruleset name="Wdr.de">
-<target host="www.wdr.de"/>
-<target host="wdr.de"/>
-<rule from="^http://(www\.)?wdr\.de/" to="https://www.wdr.de/"/>
+<!--
+	Connection closed:
+		- www.wintersport.sportschau.de
+
+	No valid Cert for:
+		- adaptiv.wdr.de
+		- podcast.wdr.de
+		- print.wdr.de
+		- www.einslivekrone.de
+		- www.kiraka.wdr.de
+		- www.kirche.wdr.de
+		- www.kirche-im-wdr.de
+		- www.lindenstrasse.de
+		- www.wdrmaus.de
+		- ^wdr.de
+		- barcelona.sportschau.de
+		- (www.)?berlin.sportschau.de
+		- (www.)?bundesligaplaner.sportschau.de
+		- clipassets-[i|p].sportschau.de
+		- clipsapi.sportschau.de
+		- livestreamapi.sportschau.de
+		- m.sportschau.de
+		- (www.)multicam.sportschau.de
+		- www.multimedia.sportschau.de
+		- www.rio.sportschau.de
+		- (cdni.|cdnv.)?secondscreen.sportschau.de
+		- sportsfreund.sportschau.de
+		- ssltest.sportschau.de
+		- (livemain|vod)?-i.umsp.sportschau.de
+		- (www.)?wmplaner.sportschau.de
+
+	certificatechain broken on:
+		- freundeskreis.einslive.de
+
+	Redirect to plain http on:
+		- www.einsfestival.de
+		- wdrmaus.de
+
+	Refused:
+		- (www.)?tourtipp.sportschau.de
+
+	Time-out on:
+		- dom360.wdr.de
+		- klangkiste.wdr.de
+		- lindenstrasse.de
+		- neuneinhalb.wdr.de
+		- (www.)?europlaner.sportschau.de
+-->
+<ruleset name="Westdeutscher Rundfunk">
+
+	<target host="www.wdr.de" />
+	<target host="www1.wdr.de" />
+	<target host="www01.wdr.de" />
+	<target host="bewerbung.wdr.de" />
+	<target host="blog.wdr.de" />
+	<target host="containerids-id1.wdr.de" />
+	<target host="containerids-id2.wdr.de" />
+	<target host="containerids-id3.wdr.de" />
+	<target host="containerids-id4.wdr.de" />
+	<target host="containerids.wdr.de" />
+	<target host="cosmocat.wdr.de" />
+	<target host="deviceids-meda-id1.wdr.de" />
+	<target host="deviceids-meda-id2.wdr.de" />
+	<target host="deviceids-meda-id3.wdr.de" />
+	<target host="deviceids-meda-id4.wdr.de" />
+	<target host="deviceids-meda.wdr.de" />
+	<target host="deviceids-medp-id1.wdr.de" />
+	<target host="deviceids-medp-id2.wdr.de" />
+	<target host="deviceids-medp-id3.wdr.de" />
+	<target host="deviceids-medp-id4.wdr.de" />
+	<target host="deviceids-medp.wdr.de" />
+	<target host="deviceids-meds-id1.wdr.de" />
+	<target host="deviceids-meds-id2.wdr.de" />
+	<target host="deviceids-meds-id3.wdr.de" />
+	<target host="deviceids-meds-id4.wdr.de" />
+	<target host="deviceids-meds.wdr.de" />
+	<target host="deviceids-medt-id1.wdr.de" />
+	<target host="deviceids-medt-id2.wdr.de" />
+	<target host="deviceids-medt-id3.wdr.de" />
+	<target host="deviceids-medt-id4.wdr.de" />
+	<target host="deviceids-medt.wdr.de" />
+	<target host="digit.wdr.de" />
+	<target host="elefant.wdr.de" />
+	<target host="elefantenapp.wdr.de" />
+	<target host="exporte.wdr.de" />
+	<target host="kandidatencheck.wdr.de" />
+	<target host="kiraka.wdr.de" />
+	<target host="mobiltext.wdr.de" />
+	<target host="presse.wdr.de" />
+	<target host="reportage.wdr.de" />
+	<target host="superkuehe.wdr.de" />
+
+	<target host="www.einslive.de" />
+	<target host="www.funkhauseuropa.de" />
+
+	<target host="planet-wissen.de" />
+	<target host="www.planet-wissen.de" />
+
+	<target host="sportschau.de" />
+	<target host="www.sportschau.de" />
+	<target host="ecs.sportschau.de" />
+	<target host="fifafrauenwm.sportschau.de" />
+	<target host="laem.sportschau.de" />
+	<target host="lawm.sportschau.de" />
+	<target host="multimedia.sportschau.de" />
+	<target host="orig.sportschau.de" />
+	<target host="recherche.sportschau.de" />
+	<target host="rio.sportschau.de" />
+	<target host="spielerzeugnis.sportschau.de" />
+	<target host="ticker.sportschau.de" />
+	<target host="tokio.sportschau.de" />
+	<target host="uefafrauenem.sportschau.de" />
+	<target host="wa.sportschau.de" />
+	<target host="wintersport.sportschau.de" />
+	<target host="www1.sportschau.de" />
+
+	<target host="www.wdr2.de" />
+	<target host="www.wdr3.de" />
+	<target host="www.wdr4.de" />
+	<target host="www.wdr5.de" />
+
+	<target host="www.wdrmaus.de" />
+
+	<rule from="^http:"	to="https:" />
+
 </ruleset>
- 
diff --git a/src/chrome/content/rules/We-Energies.com.xml b/src/chrome/content/rules/We-Energies.com.xml
new file mode 100644
index 000000000000..5d88bd76f3af
--- /dev/null
+++ b/src/chrome/content/rules/We-Energies.com.xml
@@ -0,0 +1,43 @@
+<!--
+	^we-energies.com: Mismatched
+
+
+	Fully covered hosts in *we-energies.com:
+
+		- (www.)?	(^ → www)
+		- profile
+
+
+	Insecure cookies are set for these hosts:
+
+		- profile.we-energies.com
+		- www.we-energies.com
+
+-->
+<ruleset name="We-Energies.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="profile.we-energies.com" />
+	<target host="www.we-energies.com" />
+
+	<!--	Complications:
+				-->
+	<target host="we-energies.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^profile\.we-energies\.com$" name="^OAM_REQ$" /-->
+	<!--securecookie host="^www\.we-energies\.com$" name="^(JSESSIONID|ObSSOCookie)$" /-->
+
+	<securecookie host="^(?:profile|www)\.we-energies\.com$" name=".+" />
+
+
+	<rule from="^http://we-energies\.com/"
+		to="https://www.we-energies.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/We-Heart-It.xml b/src/chrome/content/rules/We-Heart-It.xml
deleted file mode 100644
index abab834272f5..000000000000
--- a/src/chrome/content/rules/We-Heart-It.xml
+++ /dev/null
@@ -1,28 +0,0 @@
-<!--
-	CDN buckets:
-
-		- cs95.wac.edgecastcdn.net/...
-			- assets.whicdn.com
-			- data.whicdn.com
-			- stats.whicdn.com
-
-		- assets & data show AWS 403 message
-
--->
-<ruleset name="We Heart It">
-
-	<target host="weheartit.com" />
-	<target host="*.weheartit.com" />
-	<target host="*.whicdn.com" />
-
-
-	<securecookie host="^\.?weheartit\.com$" name=".+" />
-
-
-	<rule from="^http://(m\.|www\.)?weheartit\.com/"
-		to="https://$1weheartit.com/" />
-
-	<rule from="^http://(assets|data)\.whicdn\.com/"
-		to="https://$1.whicdn.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/WeChat.xml b/src/chrome/content/rules/WeChat.xml
index f7622bb6a2b0..897e462feb8f 100644
--- a/src/chrome/content/rules/WeChat.xml
+++ b/src/chrome/content/rules/WeChat.xml
@@ -1,21 +1,32 @@
 <!--
-	Nonfunctional domains:
+	Non-functional hosts
+		4xx client error:
+			 - file1.wechat.com
 
-		- support.wechat.com	(mismatched, CN: weixin.qq.com)
-
-
-	Problematic domains:
-
-		- www.wechat.com	(mismatched, CN: www.wechatapp.com)
+		5xx server error:
+			 - file2.wechat.com
 
+		Secure connection redirects to plaintext:
+			 -
 -->
 <ruleset name="WeChat (partial)">
-
 	<target host="wechat.com" />
-	<target host="*.wechat.com" />
-
-
-	<rule from="^https?://(?:www\.)?wechat\.com/"
-		to="https://wechat.com/" />
-
-</ruleset>
\ No newline at end of file
+	<target host="www.wechat.com" />
+	<target host="admin.wechat.com" />
+	<target host="compass.admin.wechat.com" />
+	<target host="api.wechat.com" />
+	<target host="login.wechat.com" />
+	<target host="res.wechat.com" />
+	<target host="support.wechat.com" />
+	<target host="video.wechat.com" />
+	<target host="web.wechat.com" />
+	<target host="web1.wechat.com" />
+	<target host="web2.wechat.com" />
+	<target host="webpush.wechat.com" />
+	<target host="webpush1.wechat.com" />
+	<target host="webpush2.wechat.com" />
+
+	<securecookie host="^(www\.|admin\.|login\.)?wechat\.com$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/WeExist.lgbt.xml b/src/chrome/content/rules/WeExist.lgbt.xml
new file mode 100644
index 000000000000..9015228d2c3c
--- /dev/null
+++ b/src/chrome/content/rules/WeExist.lgbt.xml
@@ -0,0 +1,8 @@
+<ruleset name="WeExist.lgbt">
+	<target host="weexist.lgbt" />
+	<target host="www.weexist.lgbt" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/WeFightCensorship.org.xml b/src/chrome/content/rules/WeFightCensorship.org.xml
new file mode 100644
index 000000000000..8fee1f704294
--- /dev/null
+++ b/src/chrome/content/rules/WeFightCensorship.org.xml
@@ -0,0 +1,15 @@
+<!--
+	Time out:
+		beta.wefightcensorship.org
+		submit.wefightcensorship.org
+		submit2.wefightcensorship.org
+
+-->
+<ruleset name="We Fight Censorship" default_off="mismatched">
+
+	<target host="wefightcensorship.org" />
+	<target host="www.wefightcensorship.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/WeGotEd.com.xml b/src/chrome/content/rules/WeGotEd.com.xml
new file mode 100644
index 000000000000..f77559ff5313
--- /dev/null
+++ b/src/chrome/content/rules/WeGotEd.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Mixed content:
+
+		- css from fonts.googleapis.com *
+
+		- Images from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="WeGotEd.com" default_off="expired">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="wegoted.com" />
+	<target host="www.wegoted.com" />
+
+
+	<securecookie host="^(?:www\.)?wegoted\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/WeGotWax.com.xml b/src/chrome/content/rules/WeGotWax.com.xml
deleted file mode 100644
index 14346049faaa..000000000000
--- a/src/chrome/content/rules/WeGotWax.com.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<ruleset name="WeGotWax.com">
-
-	<target host="wegotwax.com" />
-	<target host="*.wegotwax.com" />
-
-
-	<securecookie host="^(?:www)?\.wegotwax.com$" name=".+" />
-
-
-	<!--	^ redirects to www over http,
-		so copy that behavior:
-					-->
-	<rule from="^http://(?:www\.)?wegotwax\.com/"
-		to="https://www.wegotwax.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/WeHeartIt.com.xml b/src/chrome/content/rules/WeHeartIt.com.xml
new file mode 100644
index 000000000000..6320356b7ea5
--- /dev/null
+++ b/src/chrome/content/rules/WeHeartIt.com.xml
@@ -0,0 +1,15 @@
+<!--
+	Other WeHeartIt.com related rulesets:
+		+ WHIcdn.com.xml
+
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- help.weheartit.com
+-->
+<ruleset name="WeHeartIt.com">
+	<target host="weheartit.com" />
+	<target host="www.weheartit.com" />
+	<target host="m.weheartit.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/WeNeedToKnow.info.xml b/src/chrome/content/rules/WeNeedToKnow.info.xml
new file mode 100644
index 000000000000..f98b4c13114a
--- /dev/null
+++ b/src/chrome/content/rules/WeNeedToKnow.info.xml
@@ -0,0 +1,8 @@
+<ruleset name="We Need to Know.info">
+	<target host="weneedtoknow.info" />
+	<target host="www.weneedtoknow.info" />
+
+	<securecookie host="^\.weneedtoknow\.info$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/WePay.xml b/src/chrome/content/rules/WePay.xml
index af821ec6704c..9aaaff46ee3c 100644
--- a/src/chrome/content/rules/WePay.xml
+++ b/src/chrome/content/rules/WePay.xml
@@ -12,13 +12,16 @@
 <ruleset name="WePay (partial)">
 
 	<target host="wepay.com" />
-	<target host="*.wepay.com" />
+	<target host="stage.wepay.com" />
+	<target host="static.wepay.com" />
+	<target host="support.wepay.com" />
+	<target host="t.wepay.com" />
+	<target host="www.wepay.com" />
 
 
 	<securecookie host="^.+\.wepay\.com$" name=".+" />
 
 
-	<rule from="^http://((?:stage|static|support|t|www)\.)?wepay\.com/"
-		to="https://$1wepay.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/WeSwap.com.xml b/src/chrome/content/rules/WeSwap.com.xml
new file mode 100644
index 000000000000..0cea631804d2
--- /dev/null
+++ b/src/chrome/content/rules/WeSwap.com.xml
@@ -0,0 +1,27 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- weswap.com
+		- www.weswap.com
+
+-->
+<ruleset name="WeSwap.com">
+
+	<target host="weswap.com" />
+	<target host="app.weswap.com" />
+	<target host="www.weswap.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^weswap\.com$" name="^X-Mapping-" /-->
+	<!--securecookie host="^www\.weswap\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+	<securecookie host="^\." name="^_gat?$" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/WeTransfer.xml b/src/chrome/content/rules/WeTransfer.xml
index e40f12f385a5..74cb04d2d12f 100644
--- a/src/chrome/content/rules/WeTransfer.xml
+++ b/src/chrome/content/rules/WeTransfer.xml
@@ -7,7 +7,6 @@
 	<securecookie host="^(?:www\.)?wetransfer\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?wetransfer\.com/"
-		to="https://$1wetransfer.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/WeUseCoins.xml b/src/chrome/content/rules/WeUseCoins.xml
index 6541d8592c8a..d4c75b944017 100644
--- a/src/chrome/content/rules/WeUseCoins.xml
+++ b/src/chrome/content/rules/WeUseCoins.xml
@@ -1,9 +1,23 @@
-<ruleset name="WeUseCoins">
-    <target host="weusecoins.com" />
-    <target host="*.weusecoins.com" />
-
-    <rule from="^https?://weusecoins\.com/"
-        to="https://www.weusecoins.com/" />
-    <rule from="^http://([^/:@]+)?\.weusecoins\.com/"
-        to="https://$1.weusecoins.com/" />
+<!--
+	Insecure cookies are set for these domains:
+
+		- .weusecoins.com
+
+-->
+<ruleset name="We Use Coins.com">
+
+	<target host="weusecoins.com" />
+	<target host="www.weusecoins.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.weusecoins\.com$" name="^cf_clearance$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/We_Are_Wizards.io.xml b/src/chrome/content/rules/We_Are_Wizards.io.xml
new file mode 100644
index 000000000000..f8310b6fba57
--- /dev/null
+++ b/src/chrome/content/rules/We_Are_Wizards.io.xml
@@ -0,0 +1,26 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.wearewizards.io/ => https://www.wearewizards.io/: (51, "SSL: no alternative certificate subject name matches target host name 'www.wearewizards.io'")
+
+	Fully covered subdomains:
+
+		- (www.)?
+		- blog
+
+
+	These altnames don't exist:
+
+		- www.blog.wearewizards.io
+
+-->
+<ruleset name="We Are Wizards.io" default_off="failed ruleset test">
+
+	<target host="wearewizards.io" />
+	<target host="blog.wearewizards.io" />
+	<target host="www.wearewizards.io" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/We_Fight_Censorship.xml b/src/chrome/content/rules/We_Fight_Censorship.xml
deleted file mode 100644
index bccdfd4b0c99..000000000000
--- a/src/chrome/content/rules/We_Fight_Censorship.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="We Fight Censorship">
-
-	<target host="wefightcensorship.org" />
-	<target host="www.wefightcensorship.org" />
-
-
-	<rule from="^http://(www\.)?wefightcensorship\.org/"
-		to="https://$1wefightcensorship.org/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/We_Need_to_Know.info.xml b/src/chrome/content/rules/We_Need_to_Know.info.xml
deleted file mode 100644
index 1474a7fa9d68..000000000000
--- a/src/chrome/content/rules/We_Need_to_Know.info.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	For other Center for Democracy & Technology coverage, see CDT.xml.
-
--->
-<ruleset name="We Need to Know.info">
-
-	<target host="weneedtoknow.info" />
-	<target host="*.weneedtoknow.info" />
-
-
-	<securecookie host="^\.weneedtoknow\.info$" name=".+" />
-
-
-	<rule from="^http://(www\.)?weneedtoknow\.info/"
-		to="https://$1weneedtoknow.info/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Weakdh.org.xml b/src/chrome/content/rules/Weakdh.org.xml
new file mode 100644
index 000000000000..0f89e8daf820
--- /dev/null
+++ b/src/chrome/content/rules/Weakdh.org.xml
@@ -0,0 +1,12 @@
+<ruleset name="weakdh.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="weakdh.org" />
+	<target host="www.weakdh.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Weather-Underground.xml b/src/chrome/content/rules/Weather-Underground.xml
deleted file mode 100644
index 08749dfeee07..000000000000
--- a/src/chrome/content/rules/Weather-Underground.xml
+++ /dev/null
@@ -1,49 +0,0 @@
-<!--
-	CDN buckets:
-
-		- icons-ak.wxug.com.edgesuite.net/...
-			- icons.wxug.com
-			- icons-ak.wxug.com
-
-
-	Nonfunctional domains:
-
-		- banners.wunderground.com	(times out)
-		- weathersticker.wunderground.com
-		- wublast.wunderground.com	
-
--->
-<ruleset name="Weather Underground (buggy)" default_off="breaks storm reports">
-
-	<target host="wunderground.com" />
-	<target host="*.wunderground.com" />
-	<target host="icons.wxug.com" />
-	<target host="icons-ak.wxug.com" />
-
-
-		<!--
-			These paths 302s to http:
-
-				- $
-				- autoasp/
-				- autobrand/
-				- blog$
-				- blog/
-				- data/wximagenew/
-				- graphics/
-				- hurricane/\d{5}/\w+.jpg$
-				- i/
-				- metgraphics/
-
-			These paths don't:
-
-				- css/
-				- i/w/
-				- i/wu/
-				- login.asp
-				- members/signup.asp
-					-->
-	<rule from="^https?://(?:icons(?:-ak)?\.|www\.)?w(?:underground|xug)\.com/(css/|i/wu?/|(?:login|members/signup)\.asp(?:$|\?))"
-		to="https://www.wunderground.com/$1" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Weather.com.xml b/src/chrome/content/rules/Weather.com.xml
new file mode 100644
index 000000000000..6ddbd32fc696
--- /dev/null
+++ b/src/chrome/content/rules/Weather.com.xml
@@ -0,0 +1,17 @@
+<ruleset name="Weather.com (partial)">
+
+	<target host="weather.com" />
+	<target host="www.weather.com" />
+	<target host="careers.weather.com" />
+	<target host="feedback.weather.com" />
+	<target host="forecastfactor.weather.com" />
+	<target host="press.weather.com" />
+	<target host="preview.weather.com" />
+	<target host="profile.weather.com" />
+	<target host="redirector.weather.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"	to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Weather.gov.xml b/src/chrome/content/rules/Weather.gov.xml
new file mode 100644
index 000000000000..89755d323380
--- /dev/null
+++ b/src/chrome/content/rules/Weather.gov.xml
@@ -0,0 +1,86 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://nws.weather.gov/nthmp/ (200) => https://nws.weather.gov/nthmp/ (404)
+
+
+
+	Nonfunctional hosts in *weather.gov:
+
+		- airquality ᵈ
+		- cell ᵈ
+		- digital ⁵
+		- espotter ᵈ
+		- forecasts ʳ
+		- graphical ⁵
+		- marine ᵈ
+		- mobile ᵈ
+		- ndfd ʳ
+		- preview ᵈ
+		- radar ⁵
+		- www.srh ᵈ
+		- tadd ʳ
+		- w1 ⁵
+		- w2 ᵈ
+		- water ᵈ
+
+	⁵ 504
+	ᵈ Dropped
+	ʳ Refused
+
+
+	Problematic hosts in *weather.gov:
+
+		- ^ ᵐ
+		- alerts ᶜ
+		- apps ᵉ
+		- forecast A
+		- nws ⁴ ᵉ
+		- ocwws ᵉ
+		- products ᵉ
+		- ptwc ᵐ
+		- www A
+
+	⁴ >= 1 page 404s
+	ᴬ Akamai / mismatched
+	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
+	ᵉ Expired
+	ᵐ Mismatched
+
+
+	These altnames do not exist:
+
+		- www.apps.weather.gov
+		- ucc.weather.gov
+		- www.ucc.weather.gov
+
+
+	Insecure cookies are set for these hosts:
+
+		- apps.weather.gov
+		- ocwws.weather.gov
+
+-->
+<ruleset name="Weather.gov (partial)" default_off="failed ruleset test">
+
+	<!--target host="alerts.weather.gov" /-->
+	<target host="nwschat.weather.gov" />
+	<target host="ra4-gifs.weather.gov" />
+	<target host="vpn.weather.gov" />
+
+		<!--	404:
+				-->
+		<test url="http://nws.weather.gov/nthmp/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:app|ocww)s\.weather\.gov$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/WeatherSpark.xml b/src/chrome/content/rules/WeatherSpark.xml
new file mode 100644
index 000000000000..0344dea87090
--- /dev/null
+++ b/src/chrome/content/rules/WeatherSpark.xml
@@ -0,0 +1,7 @@
+<ruleset name="WeatherSpark">
+	<target host="weatherspark.com" />
+	<target host="www.weatherspark.com" />
+
+	<!-- https on www does not work -->
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Weather_Decision_Technologies.xml b/src/chrome/content/rules/Weather_Decision_Technologies.xml
index 6e798d6411f1..b342069e524e 100644
--- a/src/chrome/content/rules/Weather_Decision_Technologies.xml
+++ b/src/chrome/content/rules/Weather_Decision_Technologies.xml
@@ -10,10 +10,10 @@
 	<target host="*.wdtinc.com" />
 
 
-	<rule from="^https?://support\.wdtinc\.com/(?:$|\?.*)"
+	<rule from="^http://support\.wdtinc\.com/(?:$|\?.*)"
 		to="https://wdt.zendesk.com/" />
 
 	<rule from="^http://weather\.wdtinc\.com/"
 		to="https://weather.wdtinc.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Weatherzone.xml b/src/chrome/content/rules/Weatherzone.xml
index dbca4ff055bc..943c6fd0ab98 100644
--- a/src/chrome/content/rules/Weatherzone.xml
+++ b/src/chrome/content/rules/Weatherzone.xml
@@ -19,13 +19,14 @@
 <ruleset name="Weatherzone (partial)">
 
 	<target host="weatherzone.com.au" />
-	<target host="*.weatherzone.com.au" />
+	<target host="www.weatherzone.com.au" />
+	<target host="resources.weatherzone.com.au" />
 		<!--	wz/images/ads/ & wz/images/openx don't
 			follow the pattern described below.	-->
-		<exclusion pattern="^http://resources\.weatherzone\.com\.au/(images/widgets/graphics|wz/images/(ads|openx|widgets/graphics))/" />
+		<exclusion pattern="^http://resources\.weatherzone\.com\.au/(?:images/widgets/graphics|wz/images/(?:ads|openx|widgets/graphics))/" />
 
 	<!--	Cert doesn't match !www.	-->
-	<rule from="^https?://weatherzone\.com\.au/"
+	<rule from="^http://weatherzone\.com\.au/"
 		to="https://www.weatherzone.com.au/" />
 
 	<rule from="^http://www\.weatherzone\.com\.au/(customise\.jsp|i(mag|nclud)es/|join/)"
@@ -34,7 +35,7 @@
 	<!--	Cert is valid for resources, but resources
 		appears to point to www over https.
 			Resources.../wz/foo/ maps to www.../foo/.	-->
-	<rule from="^https?://resources\.weatherzone\.com\.au/(?:wz/)?i(mag|nclud)es/"
+	<rule from="^http://resources\.weatherzone\.com\.au/(?:wz/)?i(mag|nclud)es/"
 		to="https://www.weatherzone.com.au/i$1es/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Web-Hosting-Search.xml b/src/chrome/content/rules/Web-Hosting-Search.xml
index def6b25ad0a6..a7ae7ce95f35 100644
--- a/src/chrome/content/rules/Web-Hosting-Search.xml
+++ b/src/chrome/content/rules/Web-Hosting-Search.xml
@@ -3,7 +3,7 @@
 	<target host="stat.webhostingsearch.com" />
 
 
-	<rule from="^https?://stat\.webhostingsearch\.com/"
+	<rule from="^http://stat\.webhostingsearch\.com/"
 		to="https://webhostingsearch.122.2o7.net/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Web-Hosting-Talk.xml b/src/chrome/content/rules/Web-Hosting-Talk.xml
index a971893fce82..7a1c769541c1 100644
--- a/src/chrome/content/rules/Web-Hosting-Talk.xml
+++ b/src/chrome/content/rules/Web-Hosting-Talk.xml
@@ -1,14 +1,31 @@
-<ruleset name="Web Hosting Talk">
+<!--
+	For other iNET Interactive coverage, see INet-Interactive.xml.
+
+
+	webhostingtalk.directoriesinc.com <=> research.webhostingtalk.com
+
+
+	Nonfunctional subdomains:
+
+		- helpdesk ¹
+		- research ²
+
+	¹ Plaintext reply
+	² Shows default page
+
+-->
+<ruleset name="Web Hosting Talk (partial)">
 
 	<target host="webhostingtalk.com" />
+	<target host="www.webhostingtalk.com" />
 	<!--	* for cross-domain cookie.	-->
-	<target host="*.webhostingtalk.com" />
+
+		<!--exclusion pattern="^http://(helpdesk|research)\.webhostingtalk\.com/" /-->
 
 
-	<securecookie host="^\.webhostingtalk\.com$" name=".*" />
+	<securecookie host="^\.webhostingtalk\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?webhostingtalk\.com/"
-		to="https://$1webhostingtalk.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Web-Inspector-App.xml b/src/chrome/content/rules/Web-Inspector-App.xml
deleted file mode 100644
index d0bbc2f34808..000000000000
--- a/src/chrome/content/rules/Web-Inspector-App.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	Separated from Web-Inspector.xml because app.webinspector.com has mixed
-	content.
--->
-<ruleset name="Web Inspector App (partial)" platform="mixedcontent">
-	<target host="app.webinspector.com" />
-
-
-<!--	<securecookie host="^app\.webinspector\.com$" name=".+" />	-->
-
-
-	<!-- Redirect to reduce mixed content -->
-	<rule from="^https?://app\.webinspector\.com/online_scan$"
-		to="https://app.webinspector.com/" />
-
-	<rule from="^http://app\.webinspector\.com/"
-		to="https://app.webinspector.com/" />
-
-	<exclusion pattern="^http://app\.webinspector\.com/(online_scan|public|recent_detections)" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Web-Inspector.xml b/src/chrome/content/rules/Web-Inspector.xml
index 97862efbb352..c288240721ca 100644
--- a/src/chrome/content/rules/Web-Inspector.xml
+++ b/src/chrome/content/rules/Web-Inspector.xml
@@ -1,15 +1,40 @@
 <!--
-	Subdomain app.webinspector.com has mixed content and is therefore
-	separated to Web-Inspector-App.xml
+	For other Comodo coverage, see Comodo.xml.
+
+
+	Fully covered hosts in *webinspector.com:
+
+		- (www.)?
+		- app
+
+
+	Insecure cookies are set for these hosts:
+
+		- app.webinspector.com
+
+
+	Mixed content:
+
+		- favicon on app from $self *
+
+	* Secured by us
+
 -->
-<ruleset name="Web Inspector">
+<ruleset name="Web Inspector.com">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="webinspector.com" />
+	<target host="app.webinspector.com" />
 	<target host="www.webinspector.com" />
 
-	<securecookie host="^www\.webinspector\.com$" name=".+" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^app\.webinspector\.com$" name="^(_WI_session|list|risk|task)$" /-->
+
+	<securecookie host="^(?:app|www)\.webinspector\.com$" name=".+" />
 
-	<rule from="^http://(www\.)?webinspector\.com/"
-		to="https://$1webinspector.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Web-Power.xml b/src/chrome/content/rules/Web-Power.xml
index 03e45fba255b..2324fdb20bd0 100644
--- a/src/chrome/content/rules/Web-Power.xml
+++ b/src/chrome/content/rules/Web-Power.xml
@@ -3,9 +3,8 @@
 	<target host="webpower.nl"/>
 	<target host="www.webpower.nl"/>
 
-	<securecookie host="^www\.webpower\.nl$" name=".*"/>
+	<securecookie host="^www\.webpower\.nl$" name=".+" />
 
-	<rule from="^http://(?:www\.)?webpower\.nl/"
-		to="https://www.webpower.nl/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Web-Reservations-International.xml b/src/chrome/content/rules/Web-Reservations-International.xml
index 08be31bdd3c0..c98d0e9749d6 100644
--- a/src/chrome/content/rules/Web-Reservations-International.xml
+++ b/src/chrome/content/rules/Web-Reservations-International.xml
@@ -1,4 +1,5 @@
 <!--
+	Disabled per https://github.com/EFForg/https-everywhere/issues/1316
 	Nonfunctional domains:
 
 		- (www.)backpackonline.com		(times out)
@@ -16,49 +17,53 @@
 		- shccd.hwstatic.com		(works; mismatched, CN: ssl.cdngc.net)
 
 -->
-<ruleset name="Web Reservations International (partial)">
+<ruleset name="Web Reservations International (partial)" default_off="Breaks site">
 
 	<target host="secure.bookhostels.com" />
 	<target host="images.hostels.com" />
-	<target host="*.hostelworld.com" />
-	<target host="*.hwstatic.com" />
-	<target host="*.webresint.com" />
+	<target host="images.hostelworld.com" />
+	<target host="vsecure.hostelworld.com" />
+	<target host="www.hostelworld.com" />
+	<target host="ccd.hwstatic.com" />
+	<target host="scd.hwstatic.com" />
+	<target host="shccd.hwstatic.com" />
+	<target host="icd.hwstatic.com" />
+	<target host="ihccd.hwstatic.com" />
+	<target host="ucd.hwstatic.com" />
+	<target host="images.webresint.com" />
+	<target host="static.webresint.com" />
+	<target host="secure.webresint.com" />
 
 
-	<securecookie host="^secure\.bookhostels\.com$" name=".*" />
-	<securecookie host="^vsecure\.hostelworld\.com$" name=".*" />
-	<securecookie host="^secure\.webresint\.com$" name=".*" />
+	<securecookie host="^secure\.bookhostels\.com$" name=".+" />
+	<securecookie host="^vsecure\.hostelworld\.com$" name=".+" />
+	<securecookie host="^secure\.webresint\.com$" name=".+" />
 
 
-	<rule from="^http://secure\.bookhostels\.com/"
-		to="https://secure.bookhostels.com/" />
 
 	<!--	- images.hostels.com cert: static.webresint.com
 		- images.hostelworld.com times out
 		- images.webresint.com cert: static.webresint.com
 					-->
-	<rule from="^https?://(?:images.hostel(?:s|world)|(?:images|static)\.webresint)\.com/"
+	<rule from="^http://(?:images\.hostel(?:s|world)|(?:images|static)\.webresint)\.com/"
 		to="https://static.webresint.com/" />
 
 	<!--	- www: cert only matches vsecure
 		- Data on vsecure & www appear identical
 				-->
-	<rule from="^https?://(?:vsecure|www)\.hostelworld\.com/"
+	<rule from="^http://(?:vsecure|www)\.hostelworld\.com/"
 		to="https://vsecure.hostelworld.com/" />
 
 	<rule from="^http://ccd\.hwstatic\.com/"
 		to="https://ucd.hwstatic.com/" />
 
-	<rule from="^https?://scd\.hwstatic\.com/"
+	<rule from="^http://scd\.hwstatic\.com/"
 		to="https://icd.hwstatic.com/" />
 
-	<rule from="^htps?://shccd\.hwstatic\.com/"
+	<rule from="^http://shccd\.hwstatic\.com/"
 		to="https://ihccd.hwstatic.com/" />
 
-	<rule from="^http://(icd|ihccd|ucd)\.hwstatic\.com/"
-		to="https://$1.hwstatic.com/" />
 
-	<rule from="^http://secure\.webresint\.com/"
-		to="https://secure.webresint.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Web-Stat.net.xml b/src/chrome/content/rules/Web-Stat.net.xml
index 303d53b122d3..451180f25936 100644
--- a/src/chrome/content/rules/Web-Stat.net.xml
+++ b/src/chrome/content/rules/Web-Stat.net.xml
@@ -19,7 +19,7 @@
 <ruleset name="Web-Stat.net">
 
 	<target host="web-stat.net" />
-	<target host="*.web-stat.net" />
+	<target host="www.web-stat.net" />
 
 
 	<securecookie host="^\.web-stat\.net$" name=".+" />
@@ -28,4 +28,4 @@
 	<rule from="^http://(?:www\.)?web-stat\.net/"
 		to="https://www.web-stat.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Web-hosting.com.xml b/src/chrome/content/rules/Web-hosting.com.xml
new file mode 100644
index 000000000000..9b2a8cf4182b
--- /dev/null
+++ b/src/chrome/content/rules/Web-hosting.com.xml
@@ -0,0 +1,69 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://web-hosting.com/ => https://web-hosting.com/: (7, 'Failed to connect to web-hosting.com port 443: Connection refused')
+Fetch error: http://www.web-hosting.com/ => https://www.web-hosting.com/: (7, 'Failed to connect to www.web-hosting.com port 443: Connection refused')
+
+	For other Namecheap coverage, see NameCheap.xml.
+
+
+	Nonfunctional subdomains:
+
+		- status *
+
+	* Refused
+
+
+	Problematic subdomains:
+
+		- kb *
+
+	* Mismatched, CN: *.simplekb.com
+
+
+	Fully covered hosts in *web-hosting.com:
+
+		- (www.)?
+		- kb		(→ web-hosting.simplekb.com)
+		- support
+
+
+	Insecure cookies are set for these hosts:
+
+		- support.web-hosting.com
+
+
+	Mixed content:
+
+		- favicon on web-hosting.simplekb.com from www *
+
+	* Secured by us
+
+-->
+<ruleset name="web-hosting.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="web-hosting.com" />
+	<target host="support.web-hosting.com" />
+	<target host="www.web-hosting.com" />
+
+	<!--	Complications:
+				-->
+	<target host="kb.web-hosting.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^support\.web-hosting\.com$" name="^(SWIFT_client|SWIFT_sessionid40)$" /-->
+
+	<securecookie host="^support\.web-hosting\.com$" name=".+" />
+
+
+	<rule from="^http://kb\.web-hosting\.com/"
+		to="https://web-hosting.simplekb.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Web-registry.com.xml b/src/chrome/content/rules/Web-registry.com.xml
index d86804c832ee..211fb93bb33f 100644
--- a/src/chrome/content/rules/Web-registry.com.xml
+++ b/src/chrome/content/rules/Web-registry.com.xml
@@ -1,9 +1,19 @@
-<ruleset name="web-registry.com">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://web-registry.com/ => https://web-registry.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.web-registry.com/ => https://web-registry.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://web-registry.com/ => https://web-registry.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.web-registry.com/ => https://web-registry.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+-->
+<ruleset name="web-registry.com" default_off="failed ruleset test">
 
 	<target host="web-registry.com"/>
 	<target host="www.web-registry.com"/>
 
-	<rule from="^http://(www\.)?web-registry\.com/"
+	<rule from="^http://(?:www\.)?web-registry\.com/"
 		to="https://web-registry.com/"/>
 
 </ruleset>
diff --git a/src/chrome/content/rules/Web-servers.com.au.xml b/src/chrome/content/rules/Web-servers.com.au.xml
index 37de292aa9a2..de27800e006d 100644
--- a/src/chrome/content/rules/Web-servers.com.au.xml
+++ b/src/chrome/content/rules/Web-servers.com.au.xml
@@ -3,10 +3,10 @@
 	<target host="*.web-servers.com.au" />
 
 
-	<securecookie host=".*\.web-servers\.com\.au$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http://s(\d+)\.web-servers\.com\.au/"
 		to="https://s$1.web-servers.com.au/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Web-stat.com.xml b/src/chrome/content/rules/Web-stat.com.xml
index bc07bc28f944..bfa496f9c58a 100644
--- a/src/chrome/content/rules/Web-stat.com.xml
+++ b/src/chrome/content/rules/Web-stat.com.xml
@@ -6,20 +6,17 @@
 
 		- c563042.r42.cf2.rackcdn.com
 
-
-	Fully covered subdomains:
-
-		- (www.)
-		- server[234]
-
 -->
 <ruleset name="web-stat.com">
 
 	<target host="web-stat.com" />
-	<target host="*.web-stat.com" />
+	<target host="server2.web-stat.com" />
+	<target host="server3.web-stat.com" />
+	<target host="server4.web-stat.com" />
+	<target host="www.web-stat.com" />
 
 
-	<rule from="^http://(server[234]\.|www\.)?web-stat\.com/"
-		to="https://$1web-stat.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Web.com-expired.xml b/src/chrome/content/rules/Web.com-expired.xml
index 85e2e4af2180..8bfacff9f37b 100644
--- a/src/chrome/content/rules/Web.com-expired.xml
+++ b/src/chrome/content/rules/Web.com-expired.xml
@@ -7,7 +7,6 @@
 	<target host="webhosting.web.com" />
 
 
-	<rule from="^http://webhosting\.web\.com/"
-		to="https://webhosting.web.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Web.com.xml b/src/chrome/content/rules/Web.com.xml
index 300c1e230422..810e039136e4 100644
--- a/src/chrome/content/rules/Web.com.xml
+++ b/src/chrome/content/rules/Web.com.xml
@@ -2,16 +2,18 @@
 	For problematic rules, see Web.com-expired.xml.
 
 
+	CDN buckets:
+
+		- wpc.016b.edgecastcdn.net/00016B/
+
+
 	Other Web.com rulesets:
 
 		- Cactus_Complete_Commerce.xml
-		- LogoYes.xml
 		- Mcssl.com.xml
 		- Myregisteredsite.com.xml
-		- Renovation_Experts.xml
 		- Securepurchaseserver.com.xml
 		- Solid_Cactus.xml
-		- Star_Product_Reviews.xml
 
 
 	ne.edgecastcdn.net/00016B/
@@ -21,22 +23,49 @@
 	Nonfunctional subdomains:
 
 		- ir	(times out)
+    - wpc.016b.edgecastcdn.net
+
+
+	^: cert only matches www
+
+
+	Mixed content:
+
+		- css on www.web.com from wpc.016b.edgecastcdn.net ¹
+
+		- Bugs, on:
+
+			- www.web.com from fls.doubleclick.net ²
+			- www.web.com from pixel.fetchback.com ³
+
+	¹ Secured by us, causes slight alignment difference
+	² Rule disabled by default
+	³ Secured by us
 
 -->
 <ruleset name="Web.com (partial)">
 
+	<!-- <target host="wpc.016b.edgecastcdn.net" /> -->
 	<target host="web.com" />
-	<target host="*.web.com" />
-
+	<target host="www.web.com" />
+	<target host="support.web.com" />
+	<target host="webmail.web.com" />
 
-	<securecookie host="^.*\.web\.com$" name=".*" />
+	<!--	Secured by server:
+					-->
+	<!--securecookie host="^secure2\.web\.com$" name="^(ASP\.NET_SessionId|pname)$" /-->
+	<!--
+		Not secured by server:
+					-->
+	<!--securecookie host="^(support)?\.web\.com$" name="^(affdata|inurl)$" /-->
+	<!--securecookie host="^((support|www)\.)?web\.com$" name="^ASP\.NET_SessionId$" /-->
 
+	<securecookie host="^(?:.*\.)?web\.com$" name=".+" />
 
 	<!--	Cert only matches www.	-->
-	<rule from="^https?://(?:www\.)?web\.com/"
+	<rule from="^http://(?:www\.)?web\.com/"
 		to="https://www.web.com/" />
 
-	<rule from="^http://(support|webmail)\.web\.com/"
-		to="https://$1.web.com/" />
+  <rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Web.de.xml b/src/chrome/content/rules/Web.de.xml
deleted file mode 100644
index ff8faac2119b..000000000000
--- a/src/chrome/content/rules/Web.de.xml
+++ /dev/null
@@ -1,107 +0,0 @@
-<!--
-	For other United Internet coverage, see United-Internet.xml.
-
-
-	CDN buckets:
-
-		- i0.web.de.edgesuite.net
-
-			- a1123.g.akamai.net
-
-		- ui.webde.gd.gameduell.net
-
-			- duellspiele.web.de
-
-		- webdssl.ivwbox.de
-
-		- allianceframework.monster.com
-
-			- jobboerse.web.de
-
-
-	Nonfunctional subdomains:
-
-		- duellspiele	(prints "test"; expired 2011-05-25, self-signed, CN: media-5)
-		- jobboerse	(dropped)
-		- kino		(redirects to www.con-tech.de; mismatched, CN: ct-cds.con-tech.de)
-		- route		($ redirects to http, .+ redirects to $; mismatched, CN: web.de)
-		- status	($ redirects to http, .+ redirects to $; valid cert)
-		- tv		(shows ^web.de; mismatched, CN: web.de)
-		- user		(redirects to http; mismatched, CN: portal.gmx.net)
-
-
-	Problematic subdomains:
-
-		- i0		(works, akamai)
-		- magazine	(redirects to http; mismatched, CN: portal.gmx.net)
-
-
-	Partially covered subdomains:
-
-		- magazine	(→ ^)
-
-
-	Fully covered subdomains:
-
-		- (www.)
-		- agb
-		- dl
-		- exklusiv
-		- freemail
-		- hilfe.freemail
-		- giroloyal
-		- hilfe
-		- i0		(→ akamai)
-		- img
-		- jobs
-		- www2.jobs
-		- js
-		- kundencenter
-		- kundenservice
-		- www2.kundenservice
-		- lotto
-		- maildomain
-		- millionenklick
-		- netbank-ratenkredit
-		- oekostrom
-		- pc-sicherheit
-		- www2.pc-sicherheit
-		- produkte
-		- r
-		- registrierung
-		- sec-i0
-		- shop
-		- targobank-kredit
-		- webde-freemail-cards
-
-
-	Observed cookie domains:
-
-		- kundencenter
-		- lotto
-		- millionenklick
-		- produkte
-		- registrierung
-		- shop
-
--->
-<ruleset name="web.de (buggy)" default_off="breaks videos">
-
-	<target host="web.de" />
-	<target host="*.web.de" />
-		<!--exclusion pattern="^http://(duellspiele|jobboerse|kino|route|status|tv|user)\." /-->
-
-
-	<securecookie host="^(?:.*\.)?web\.de$" name=".+" />
-
-
-	<rule from="^http://((?:agb|dl|exklusiv|(?:hilfe\.)?freemail|giroloyal|hilfe|img|(?:www2\.)?jobs|js|kundencenter|(?:www2\.)?kundenservice|lotto|maildomain|millionenklick|netbank-ratenkredit|oekostrom|(?:www2\.)?pc-sicherheit|produkte|r|registrierung|sec-i0|shop|targobank-kredit|webde-freemail-cards|www)\.)?web\.de/"
-		to="https://$1web.de/" />
-
-	<rule from="^http://i0\.web\.de/"
-		to="https://a248.e.akamai.net/f/1123/498/7m/i0.web.de/" />
-
-	<rule from="^http://magazine\.web\.de/+(\?.*)?$"
-		to="https://web.de/magazine/nachrichten/index.html" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Web4U.xml b/src/chrome/content/rules/Web4U.xml
index 6124e7b8def8..c3275fe38fae 100644
--- a/src/chrome/content/rules/Web4U.xml
+++ b/src/chrome/content/rules/Web4U.xml
@@ -9,6 +9,6 @@
 	<rule from="^http://(\w+)\.web4u\.cz/"
 		to="https://$1.web4u.cz/"/>
 
-	<securecookie host="^\w*\.web4u\.cz$" name=".*"/>
+	<securecookie host="^\w*\.web4u\.cz$" name=".+" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Web4all.fr.xml b/src/chrome/content/rules/Web4all.fr.xml
new file mode 100644
index 000000000000..0de484ac3e48
--- /dev/null
+++ b/src/chrome/content/rules/Web4all.fr.xml
@@ -0,0 +1,71 @@
+
+<!--
+The following targets have been disabled at 2020-04-17 18:38:06:
+
+Fetch error: http://faq.web4all.fr/ => https://faq.web4all.fr/: (35, 'error:14094458:SSL routines:ssl3_read_bytes:tlsv1 unrecognized name')
+Fetch error: http://forums.web4all.fr/ => https://forums.web4all.fr/: (35, 'error:14094458:SSL routines:ssl3_read_bytes:tlsv1 unrecognized name')
+Fetch error: http://guides.web4all.fr/ => https://guides.web4all.fr/: (35, 'error:14094458:SSL routines:ssl3_read_bytes:tlsv1 unrecognized name')
+Fetch error: http://manager.web4all.fr/ => https://manager.web4all.fr/: (35, 'error:14094458:SSL routines:ssl3_read_bytes:tlsv1 unrecognized name')
+Fetch error: http://pma.web4all.fr/ => https://pma.web4all.fr/: (35, 'error:14094458:SSL routines:ssl3_read_bytes:tlsv1 unrecognized name')
+Fetch error: http://push.web4all.fr/ => https://push.web4all.fr/: (51, "SSL: no alternative certificate subject name matches target host name 'push.web4all.fr'")
+Fetch error: http://stats.web4all.fr/ => https://stats.web4all.fr/: (35, 'error:14094458:SSL routines:ssl3_read_bytes:tlsv1 unrecognized name')
+Fetch error: http://travaux.web4all.fr/ => https://travaux.web4all.fr/: (35, 'error:14094458:SSL routines:ssl3_read_bytes:tlsv1 unrecognized name')
+Fetch error: http://webmail.web4all.fr/ => https://webmail.web4all.fr/: (35, 'error:14094458:SSL routines:ssl3_read_bytes:tlsv1 unrecognized name')
+
+	Other Web4all rulesets:
+
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .web4all.fr
+		- guides.web4all.fr
+		- manager.web4all.fr
+		- push.web4all.fr
+		- travaux.web4all.fr
+		- webmail.web4all.fr
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- blog from ressources.w4a.fr *
+			- guides from forums.web4all.fr *
+
+		- Bugs on blog, forums, guides, www from stats.web4all.fr *
+
+	* Secured by us
+
+-->
+<ruleset name="Web4all.fr">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="web4all.fr" />
+	<!-- target host="faq.web4all.fr" /-->
+	<!-- target host="forums.web4all.fr" /-->
+	<!-- target host="guides.web4all.fr" /-->
+	<!-- target host="manager.web4all.fr" /-->
+	<!-- target host="pma.web4all.fr" /-->
+	<!-- target host="push.web4all.fr" /-->
+	<!-- target host="stats.web4all.fr" /-->
+	<!-- target host="travaux.web4all.fr" /-->
+	<!-- target host="webmail.web4all.fr" /-->
+	<target host="www.web4all.fr" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.web4all\.fr$" name="^session_id$" /-->
+	<!--securecookie host="^guides\.web4all\.fr$" name="^JSESSIONID$" /-->
+	<!--securecookie host="^(manager|travaux)\.web4all\.fr$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^(push|webmail)\.web4all\.fr$" name="^ZM_TEST$" /-->
+
+	<securecookie host="^(?:guides|manager|push|travaux|webmail)?\.web4all\.fr$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/WebAssembly.studio.xml b/src/chrome/content/rules/WebAssembly.studio.xml
new file mode 100644
index 000000000000..047b05b85995
--- /dev/null
+++ b/src/chrome/content/rules/WebAssembly.studio.xml
@@ -0,0 +1,6 @@
+<ruleset name="WebAssembly.studio">
+	<target host="webassembly.studio" />
+	<target host="www.webassembly.studio" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/WebAssign.xml b/src/chrome/content/rules/WebAssign.xml
index da77a9691e38..1709a6432200 100644
--- a/src/chrome/content/rules/WebAssign.xml
+++ b/src/chrome/content/rules/WebAssign.xml
@@ -1,9 +1,23 @@
+<!--
+	Connection refused:
+	- waug.webassign.com
+
+	Invalid certificate:
+	- feedback.webassign.net
+-->
+
 <ruleset name="WebAssign">
-  <target host="www.webassign.net" />
-  <target host="demo.webassign.net" />
-  <target host="webassign.net" />
-  <securecookie host="webassign\.net/" name=".*" />
+	<target host="webassign.com" />
+	<target host="www.webassign.com" />
+	<target host="blog.webassign.com" />
+	<target host="placeu.webassign.com" />
+	<target host="webassign.net" />
+	<target host="www.webassign.net" />
+	<target host="api.webassign.net" />
+	<target host="demo.webassign.net" />
+	<target host="web.webassign.net" />
+	<target host="webassignwired.webassign.net" />
+	<securecookie host="webassign\.net" name=".+" />
 
-  <rule from="^http://(www\.)?webassign\.net/" to="https://webassign.net/"/>
-  <rule from="^http://demo\.webassign\.net/" to="https://demo.webassign.net/"/>
+	<rule from="^http:" to="https:"/>
 </ruleset>
diff --git a/src/chrome/content/rules/WebChuck_hosting.com.xml b/src/chrome/content/rules/WebChuck_hosting.com.xml
index b0717263a577..6778e0c5b81a 100644
--- a/src/chrome/content/rules/WebChuck_hosting.com.xml
+++ b/src/chrome/content/rules/WebChuck_hosting.com.xml
@@ -9,13 +9,12 @@
 -->
 <ruleset name="WebChuck hosting.com (partial)" default_off="expired, self-signed">
 
-	<target host="*.webchuckhosting.com" />
+	<target host="apps.webchuckhosting.com" />
 
 
 	<securecookie host="^\.apps\.webchuckhosting\.com$" name=".+" />
 
 
-	<rule from="^http://apps\.webchuckhosting\.com/"
-		to="https://apps.webchuckhosting.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/WebCijfers.nl.xml b/src/chrome/content/rules/WebCijfers.nl.xml
new file mode 100644
index 000000000000..82eb91188ba4
--- /dev/null
+++ b/src/chrome/content/rules/WebCijfers.nl.xml
@@ -0,0 +1,12 @@
+<ruleset name="WebCijfers.nl">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="webcijfers.nl" />
+	<target host="www.webcijfers.nl" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/WebCitation.org.xml b/src/chrome/content/rules/WebCitation.org.xml
new file mode 100644
index 000000000000..e367b4a259ef
--- /dev/null
+++ b/src/chrome/content/rules/WebCitation.org.xml
@@ -0,0 +1,16 @@
+<!--
+	No working URL known:
+		webdisk.webcitation.org
+
+-->
+<ruleset name="WebCite">
+
+	<target host="webcitation.org" />
+	<target host="www.webcitation.org" />
+	<target host="cpanel.webcitation.org" />
+	<target host="mail.webcitation.org" />
+	<target host="webmail.webcitation.org" />
+
+	<rule from="^http:"	to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/WebCitz.xml b/src/chrome/content/rules/WebCitz.xml
index adeff061f411..e8f32e557ce4 100644
--- a/src/chrome/content/rules/WebCitz.xml
+++ b/src/chrome/content/rules/WebCitz.xml
@@ -1,13 +1,12 @@
 <ruleset name="WebCitz">
 
 	<target host="webcitz.com" />
-	<target host="*.webcitz.com" />
+	<target host="www.webcitz.com" />
 
 
 	<securecookie host="^(?:w*\.)?webcitz\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?webcitz\.com/"
-		to="https://$1webcitz.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/WebDAM_DB.com.xml b/src/chrome/content/rules/WebDAM_DB.com.xml
new file mode 100644
index 000000000000..33aac92f54fb
--- /dev/null
+++ b/src/chrome/content/rules/WebDAM_DB.com.xml
@@ -0,0 +1,29 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://secure.webdam.com/ => https://secure.webdam.com/: (60, 'SSL certificate problem: certificate has expired')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://webdam.com/ => https://webdam.com/: (35, 'error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol')
+	Insecure cookies are set for these domains:
+
+		- secure
+
+-->
+<ruleset name="WebDAM DB.com" default_off="failed ruleset test">
+
+	<target host="webdam.com" />
+	<target host="secure.webdam.com" />
+	<target host="www.webdam.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^secure\.webdamdb\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^secure\.webdamdb\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/WebDevStudios.xml b/src/chrome/content/rules/WebDevStudios.xml
index e25cc8b69305..b60c79c02611 100644
--- a/src/chrome/content/rules/WebDevStudios.xml
+++ b/src/chrome/content/rules/WebDevStudios.xml
@@ -1,29 +1,35 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.webdevstudios.com/ => https://www.webdevstudios.com/: Too many redirects while fetching 'https://www.webdevstudios.com/'
+
 	Other WebDevStudios rulesets:
 
+		- EWebScapes.com.xml
 		- StartBox.xml
 
 
-	Problematic domains:
-
-		- (www.)ewebscapes.com	(shows another domain; mismatched, CN: clientarea.ewebscapes.com)
-		- www.webdevstudios.com	(mismatched, CN: *.wpengine.com)
-
+	Insecure cookies are set for these hosts:
 
-	Some pages redirect to http.
+		 - webdevstudios.com
+		 - www.webdevstudios.com
 
 -->
-<ruleset name="WebDevStudios (partial)">
+<ruleset name="WebDevStudios.com" default_off="failed ruleset test">
 
-	<target host="clientarea.ewebscapes.com" />
 	<target host="webdevstudios.com" />
 	<target host="www.webdevstudios.com" />
 
 
-	<rule from="^http://clientarea\.ewebscapes\.com/"
-		to="https://clientarea.ewebscapes.com/" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?webdevstudios\.com$" name="^X-Mapping-fjhppofk$" /-->
+
+	<securecookie host="^(?:www\.)?webdevstudios\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
-	<rule from="^http://(?:www\.)?webdevstudios\.com/wp-content/"
-		to="https://webdevstudios.com/wp-content/" />
+</ruleset>
 
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/WebDiplomacy.net.xml b/src/chrome/content/rules/WebDiplomacy.net.xml
new file mode 100644
index 000000000000..d7f43017923c
--- /dev/null
+++ b/src/chrome/content/rules/WebDiplomacy.net.xml
@@ -0,0 +1,14 @@
+<!--
+	Mismatched:
+		- forum
+
+	SSL error:
+		- tournaments
+-->
+<ruleset name="WebDiplomacy.net">
+	<target host="webdiplomacy.net" />
+	<target host="www.webdiplomacy.net" />
+	<target host="mysql.webdiplomacy.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/WebEx-Communications.xml b/src/chrome/content/rules/WebEx-Communications.xml
deleted file mode 100644
index 6578e7dc3e7a..000000000000
--- a/src/chrome/content/rules/WebEx-Communications.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<ruleset name="WebEx Communications">
-
-	<target host="*.webex.com" />
-		<!--	Neither /web... nor www exist.	-->
-		<exclusion pattern="^http://www\." />
-
-
-	<securecookie host="^.*\.webex\.com$" name=".*" />
-
-
-	<!--	Clients have unique subdomains, e.g.
-			ebscotraining.webex.com		-->
-	<rule from="^http://(\w+\.)?webex\.com/"
-		to="https://$1webex.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/WebFWD.org.xml b/src/chrome/content/rules/WebFWD.org.xml
new file mode 100644
index 000000000000..96bc63b9facf
--- /dev/null
+++ b/src/chrome/content/rules/WebFWD.org.xml
@@ -0,0 +1,28 @@
+<!--
+	For other Mozilla coverage, see Mozilla.xml.
+
+
+	Nonfunctional hosts in *webfwd.org:
+
+		- blog *
+
+	* Dropped
+
+
+	Fully covered hosts in *webfwd.org:
+
+		- (www.)?
+
+-->
+<ruleset name="WebFWD.org (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="webfwd.org" />
+	<target host="www.webfwd.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/WebFaction.xml b/src/chrome/content/rules/WebFaction.xml
index 6ea20e0b9b14..1c0a9b17c1e3 100644
--- a/src/chrome/content/rules/WebFaction.xml
+++ b/src/chrome/content/rules/WebFaction.xml
@@ -1,10 +1,13 @@
 <ruleset name="Web Faction">
 
 	<target host="webfaction.com" />
-	<target host="*.webfaction.com" />
+	<target host="blog.webfaction.com" />
+	<target host="docs.webfaction.com" />
+	<target host="help.webfaction.com" />
+	<target host="my.webfaction.com" />
+	<target host="www.webfaction.com" />
 
 
-	<rule from="^http://((?:blog|docs|help|my|www)\.)?webfaction\.com/"
-		to="https://$1webfaction.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/WebGo.xml b/src/chrome/content/rules/WebGo.xml
new file mode 100644
index 000000000000..2c2cdbd18691
--- /dev/null
+++ b/src/chrome/content/rules/WebGo.xml
@@ -0,0 +1,34 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.website.webgo.de/ => https://www.website.webgo.de/: (6, 'Could not resolve host: www.website.webgo.de')
+
+	Nonfunctional subdomains:
+		- $
+		- www.login   -> wrong domain
+		- hilfe       -> wrong domain
+		- partner     -> wrong domain
+		- www.support -> no DNS record
+		- ...
+
+	Subdomains covered:
+		- www
+		- website
+		- www.website
+		- login
+		- support
+
+-->
+<ruleset name="WebGo.de" default_off="failed ruleset test">
+	<target host="www.webgo.de" />
+	<target host="website.webgo.de" />
+	<target host="www.website.webgo.de" />
+	<target host="login.webgo.de" />
+	<target host="support.webgo.de" />
+	<!-- <target host="www.support.webgo.de" /> -->
+
+	<securecookie host="^(www\.|website\.|www\.website|login\.|support\.)?webgo\.de$" name=".+" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/WebGo24.de.xml b/src/chrome/content/rules/WebGo24.de.xml
new file mode 100644
index 000000000000..bad8abde3dc5
--- /dev/null
+++ b/src/chrome/content/rules/WebGo24.de.xml
@@ -0,0 +1,42 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://login.webgo24.de/ => https://login.webgo24.de/: (51, "SSL: no alternative certificate subject name matches target host name 'login.webgo24.de'")
+
+	Nonfunctional subdomains:
+
+		- faq *
+		- support (only /live is securable)
+
+	* Shows another domain
+
+	Mixed content:
+
+		- Images, on www from:
+
+			- ^ ¹
+			- $self ¹
+			- www.denic.de ¹
+			- badges.mariadb.org ²
+
+	¹ Secured by us
+	² Unsecurable
+
+-->
+<ruleset name="WebGo24.de" default_off="failed ruleset test">
+
+	<target host="webgo24.de" />
+	<target host="www.webgo24.de" />
+	<target host="login.webgo24.de" />
+	<target host="hilfe.webgo24.de" />
+	<target host="partner.webgo24.de" />
+
+	<securecookie host="^(www\.|support\.|login\.|hilfe\.|partner\.)?webgo24\.de$" name=".+" />
+	<!--
+		Server sets Secure for:
+					-->
+	<!--securecookie host="^login\.webgo24\.de$" name=".+" /-->
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/WebHamster.ru.xml b/src/chrome/content/rules/WebHamster.ru.xml
new file mode 100644
index 000000000000..6d29249975df
--- /dev/null
+++ b/src/chrome/content/rules/WebHamster.ru.xml
@@ -0,0 +1,8 @@
+<ruleset name="WebHamster.ru">
+	<target host="webhamster.ru" />
+	<target host="www.webhamster.ru" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/WebHost4Life.xml b/src/chrome/content/rules/WebHost4Life.xml
index 521c9e08a87e..7bb57bba7d8d 100644
--- a/src/chrome/content/rules/WebHost4Life.xml
+++ b/src/chrome/content/rules/WebHost4Life.xml
@@ -1,13 +1,13 @@
 <ruleset name="WebHost4Life">
 
 	<target host="webhost4life.com" />
-	<target host="*.webhost4life.com" />
+	<target host="secure.webhost4life.com" />
+	<target host="www.webhost4life.com" />
 
 
 	<securecookie host="^\.webhost4life\.com$" name=".+" />
 
 
-	<rule from="^http://(secure\.|www\.)?webhost4life\.com/"
-		to="https://$1webhost4life.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/WebHostingStuff.xml b/src/chrome/content/rules/WebHostingStuff.xml
index 00089476be2e..424c95e77dc9 100644
--- a/src/chrome/content/rules/WebHostingStuff.xml
+++ b/src/chrome/content/rules/WebHostingStuff.xml
@@ -1,14 +1,15 @@
-<ruleset name="WebHostingStuff (partial)">
+<ruleset name="WebHostingStuff.com (partial)" default_off="Needs ruleset tests">
 
 	<target host="webhostingstuff.com" />
 	<target host="www.webhostingstuff.com" />
 
+		<!--	Lots of paths redirect to www.
+			There may be more that don't.
+							-->
+		<exclusion pattern="^http://www\.webhostingstuff\.com/(?!images/|socialmedia\.html|stuffstyle\.css)" />
 
-	<rule from="^http://webhostingstuff\.com/"
-		to="https://webhostingstuff.com/" />
 
-	<!--	Lots of paths redirect to www.  There may be more that don't.	-->
-	<rule from="^http://www\.webhostingstuff\.com/(images/|socialmedia\.html|stuffstyle\.css)"
-		to="https://www.webhostingstuff.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/WebINK.com.xml b/src/chrome/content/rules/WebINK.com.xml
new file mode 100644
index 000000000000..d9ceed94c9ca
--- /dev/null
+++ b/src/chrome/content/rules/WebINK.com.xml
@@ -0,0 +1,70 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://webink.com/ => https://webink.com/: (6, 'Could not resolve host: webink.com')
+Fetch error: http://fnt.webink.com/ => https://fnt.webink.com/: (51, "SSL: no alternative certificate subject name matches target host name 'fnt.webink.com'")
+Fetch error: http://www.webink.com/ => https://www.webink.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.webink.com'")
+
+	For other Celartem coverage, see Celartem.xml.
+
+
+	CDN buckets:
+
+		- dlrhyanfg4sdu.cloudfront.net
+
+
+	Problematic hosts:
+
+		- fontfuse *
+
+	* Mismatched
+
+
+	Fully covered subdomains:
+
+		- (www.)
+		- fnt
+
+
+	Observed cookie domains:
+
+		- ^ *
+		- www *
+
+	* Secured by us
+
+
+	Mixed content:
+
+		- Images on www from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="WebINK.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="webink.com" />
+	<target host="fnt.webink.com" />
+	<target host="www.webink.com" />
+
+	<!--	Complications:
+				-->
+	<!--target host="fontfuse.webink.com" /-->
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://app\.webink\.com/$" /-->
+
+
+	<securecookie host="^(?:www\.)?webink\.com$" name=".+" />
+
+
+	<!--rule from="^http://fontfuse\.webink\.com/"
+		to="https://???.cloudront.net/" /-->
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/WebIslam.com.xml b/src/chrome/content/rules/WebIslam.com.xml
new file mode 100644
index 000000000000..b831ace1a51d
--- /dev/null
+++ b/src/chrome/content/rules/WebIslam.com.xml
@@ -0,0 +1,13 @@
+<!--
+	Invalid certificate:
+		old.webislam.com
+-->
+<ruleset name="WebIslam.com">
+	<target host="webislam.com" />
+	<target host="www.webislam.com" />
+	<target host="foro.webislam.com" />
+
+	<securecookie host="^(www|foro)\.webislam\.com$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/WebKite.com.xml b/src/chrome/content/rules/WebKite.com.xml
new file mode 100644
index 000000000000..74e47b6e1135
--- /dev/null
+++ b/src/chrome/content/rules/WebKite.com.xml
@@ -0,0 +1,32 @@
+<!--
+	CDN buckets:
+
+		- s3.amazonaws.com/iago.webkite.org/
+		- s3.amazonaws.com/jafar.webkite.org/
+
+
+	Problematic subdomains:
+
+		- support *
+
+	* Uservoice
+
+-->
+<ruleset name="WebKite.com (partial)">
+
+	<target host="webkite.com" />
+	<target host="auth.webkite.com" />
+	<target host="errors.webkite.com" />
+	<target host="fb.webkite.com" />
+	<target host="iago.webkite.com" />
+	<target host="jafar.webkite.com" />
+	<target host="results.webkite.com" />
+	<target host="www.webkite.com" />
+
+
+	<securecookie host="^\.admin\.webkite\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/WebMD.xml b/src/chrome/content/rules/WebMD.xml
index be10b1039703..d63b40c87d1d 100644
--- a/src/chrome/content/rules/WebMD.xml
+++ b/src/chrome/content/rules/WebMD.xml
@@ -1,58 +1,65 @@
 <!--
 	Other WebMD rulesets:
-
 		- MedicineNet.com.xml
 		- WebMD_Health.xml
 		- WebMD_Health_Services.xml
 
+	Non-functional hosts
+		Timeout was reached:
+		- www.m.webmd.com
 
-	Nonfunctional subdomains:
-
-		- (www.)	(some [all?] pages redirect to 404)
-		- answers *
-		- blogs *
-		- diabetes **
-		- dictionary **
-		- exchanges *
-		- firstaid **
-		- men **
-		- symptoms **
-
-	* Refused
-	** Shows www; mismatched, CN: www.webmd.com
-
-
-	Problematic subdomains:
-
-		- ls		(mismatched)
-		- std.o		(2o7.net)
-
-
-	Fully covered subdomains:
+		SSL peer certificate was not OK:
+		- www.exchanges.webmd.com
+		- www.iad1.webmd.com
+		- doctor.iad1.webmd.com
+		- click.messages.webmd.com
+		- pages.messages.webmd.com
 
-		- as
-		- css
-		- doctor
-		- healthmanager
-		- img
-		- member
+		Status code mismatch:
+		- firstaid.webmd.com
 
+		Mixed content blocking (MCB) triggered:
+		- mediakit.webmd.com
+		- origin-mediakit.webmd.com
 -->
 <ruleset name="WebMD (partial)">
-
-	<target host="*.webmd.com" />
-
-
-	<securecookie host="^(?:as|doctor|healthmanager|member)\.webmd\.com$" name=".+" />
-
-
-	<rule from="^http://(as|css|doctor|healthmanager|img|member)\.webmd\.com/"
-		to="https://$1.webmd.com/" />
-
-	<rule from="^http://ls\.turn\.com/"
-		to="https://oasc18.247realmedia.com/" />
-
-	<rule from="^http://std\.o\.webmd\.com/"
-		to="https://webmdglobal.122.2o7.net/" />
-
+	<target host="webmd.com" />
+	<target host="www.webmd.com" />
+	<target host="answers.webmd.com" />
+	<target host="arthritis.webmd.com" />
+	<target host="blogs.webmd.com" />
+	<target host="children.webmd.com" />
+	<target host="customercare.webmd.com" />
+	<target host="data.webmd.com" />
+		<test url="http://data.webmd.com/sdclive/sdcform.aspx?formid=l2uRegistration" />
+	<target host="dentalsavings.webmd.com" />
+	<target host="diabetes.webmd.com" />
+	<target host="dictionary.webmd.com" />
+	<target host="doctor.webmd.com" />
+	<target host="education.webmd.com" />
+	<target host="exchanges.webmd.com" />
+	<target host="fit.webmd.com" />
+	<target host="forums.webmd.com" />
+	<target host="foxnews.webmd.com" />
+	<target host="healthboards.webmd.com" />
+	<target host="img.webmd.com" />
+		<test url="http://img.webmd.com/dtmcms/live/webmd/consumer_assets/site_images/magazine/digital_issues_pdf/webmd_diabetes_sept_13.pdf" />
+	<target host="member.webmd.com" />
+	<target host="men.webmd.com" />
+	<target host="messageboards.webmd.com" />
+	<target host="pets.webmd.com" />
+	<target host="psychologytoday.webmd.com" />
+	<target host="rss.webmd.com" />
+	<target host="rssfeeds.webmd.com" />
+	<target host="img.staging.webmd.com" />
+		<test url="http://img.staging.webmd.com/dtmcms/staging/webmd/consumer_assets/site_images/magazine/digital_issues_pdf/webmd_diabetes_november_2013.pdf" />
+	<target host="symptomchecker.webmd.com" />
+	<target host="symptoms.webmd.com" />
+	<target host="symptomsbeta.webmd.com" />
+	<target host="teens.webmd.com" />
+	<target host="women.webmd.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/WebMD_Health.xml b/src/chrome/content/rules/WebMD_Health.xml
index 30d37ff4107f..75af262c8213 100644
--- a/src/chrome/content/rules/WebMD_Health.xml
+++ b/src/chrome/content/rules/WebMD_Health.xml
@@ -10,7 +10,7 @@
 <ruleset name="WebMD Health">
 
 	<target host="webmdhealth.com" />
-	<target host="*.webmdhealth.com" />
+	<target host="www.webmdhealth.com" />
 
 
 	<securecookie host="^(?:www)?\.webmdhealth\.com$" name=".+" />
@@ -19,4 +19,4 @@
 	<rule from="^http://(?:www\.)?webmdhealth\.com/"
 		to="https://www.webmdhealth.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/WebMD_Health_Services.xml b/src/chrome/content/rules/WebMD_Health_Services.xml
index 6c3247e3720e..f9f1ff410f16 100644
--- a/src/chrome/content/rules/WebMD_Health_Services.xml
+++ b/src/chrome/content/rules/WebMD_Health_Services.xml
@@ -10,7 +10,8 @@
 <ruleset name="WebMD Health Services">
 
 	<target host="webmdhealthservices.com" />
-	<target host="*.webmdhealthservices.com" />
+	<target host="www.webmdhealthservices.com" />
+	<target host="insights.webmdhealthservices.com" />
 
 
 	<securecookie host="^(?:insights|www)\.webmdhealthservices\.com$" name=".+" />
@@ -19,7 +20,6 @@
 	<rule from="^http://(?:www\.)?webmdhealthservices\.com/"
 		to="https://www.webmdhealthservices.com/" />
 
-	<rule from="^http://insights\.webmdhealthservices\.com/"
-		to="https://insights.webmdhealthservices.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/WebM_Project.org.xml b/src/chrome/content/rules/WebM_Project.org.xml
new file mode 100644
index 000000000000..c63faf6ee781
--- /dev/null
+++ b/src/chrome/content/rules/WebM_Project.org.xml
@@ -0,0 +1,28 @@
+<!--
+	For other Google coverage, see GoogleServices.xml.
+
+	Nonfunctional subdomains:
+
+		Interrupted
+			- blog
+			- wiki
+
+		Certificate mismatch:
+			- demos
+			- downloads
+
+		Unable to get local issuer certificate:
+			- build
+
+		Others:
+			- ^ redirects to www.google.com
+
+-->
+<ruleset name="WebM Project.org (partial)">
+
+	<target host="webmproject.org" />
+	<target host="www.webmproject.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/WebMediaBrands.xml b/src/chrome/content/rules/WebMediaBrands.xml
index 6db578672a1a..5e41a0ed815b 100644
--- a/src/chrome/content/rules/WebMediaBrands.xml
+++ b/src/chrome/content/rules/WebMediaBrands.xml
@@ -1,10 +1,16 @@
 <!--	!functional:
+		- (www.)devx.com *
+		- assets.devx.com *
 		(mocks.|www.)webmediabrands.com		(timeout)
+
+	* http reply
+
 -->
-<ruleset name="WebMediaBrands (partial)" default_off="expired">
+<ruleset name="WebMediaBrands (partial)" default_off="broken">
 
 	<target host="devx.com"/>
-	<target host="*.devx.com"/>
+	<target host="www.devx.com" />
+	<target host="assets.devx.com" />
 
 	<!--	assets/ are on assets.devx, too.	-->
 	<rule from="^http://(?:www\.)?devx\.com/(assets/|icom_includes/|styles/)"
diff --git a/src/chrome/content/rules/WebMerge.me.xml b/src/chrome/content/rules/WebMerge.me.xml
new file mode 100644
index 000000000000..aeb72f1bdccc
--- /dev/null
+++ b/src/chrome/content/rules/WebMerge.me.xml
@@ -0,0 +1,27 @@
+<!--
+	Insecure cookies are set for these domains and hosts:
+
+		- .webmerge.me
+		- www.webmerge.me
+
+-->
+<ruleset name="WebMerge.me">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="webmerge.me" />
+	<target host="www.webmerge.me" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.webmerge\.me$" name="^landing_page$" /-->
+	<!--securecookie host="^www\.webmerge\.me$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^(?:www)?\.webmerge\.me$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/WebMoney.xml b/src/chrome/content/rules/WebMoney.xml
index d85981572e8d..a9b54046a054 100644
--- a/src/chrome/content/rules/WebMoney.xml
+++ b/src/chrome/content/rules/WebMoney.xml
@@ -1,22 +1,33 @@
 <!--
 	Other WebMoney rulesets:
-
-		- MegaStock.xml
-
+		- Capitaller.ru.xml
+		- Shareholder.ru.xml
 -->
-<ruleset name="WebMoney (partial)">
-
-	<target host="*.webmoney.ru" />
-	<target host="*.wmtransfer.com" />
-
 
-	<securecookie host="^.+\.w(?:ebmoney\.ru|mtransfer\.com)$" name=".+" />
-
-
-	<rule from="^http://(arbitrage|debt|events|link|my|passport|security|support|wiki)\.webmoney\.ru/"
-		to="https://$1.webmoney.ru/" />
-
-	<rule from="^http://(advisor|arbitrage|debt|link|login|my|passport|security|stats|support|wiki)\.wmtransfer\.com/"
-		to="https://$1.wmtransfer.com/" />
-
-</ruleset>
\ No newline at end of file
+<ruleset name="WebMoney (partial)">
+	<target host="arbitrage.webmoney.ru" />
+	<target host="debt.webmoney.ru" />
+	<target host="events.webmoney.ru" />
+	<target host="my.webmoney.ru" />
+	<target host="passport.webmoney.ru" />
+	<target host="security.webmoney.ru" />
+	<target host="support.webmoney.ru" />
+	<target host="wiki.webmoney.ru" />
+	<target host="advisor.wmtransfer.com" />
+	<target host="arbitrage.wmtransfer.com" />
+	<target host="blog.wmtransfer.com" />
+	<target host="debt.wmtransfer.com" />
+	<target host="link.wmtransfer.com" />
+	<target host="login.wmtransfer.com" />
+	<target host="my.wmtransfer.com" />
+	<target host="news.wmtransfer.com" />
+	<target host="passport.wmtransfer.com" />
+	<target host="security.wmtransfer.com" />
+	<target host="stats.wmtransfer.com" />
+	<target host="support.wmtransfer.com" />
+	<target host="wiki.wmtransfer.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/WebNMS.com.xml b/src/chrome/content/rules/WebNMS.com.xml
new file mode 100644
index 000000000000..410899d5e2ee
--- /dev/null
+++ b/src/chrome/content/rules/WebNMS.com.xml
@@ -0,0 +1,35 @@
+<!--
+	For other Zoho coverage, see Zoho.xml.
+
+
+	Nonfunctional hosts in *webnms.com:
+
+		- blogs *
+
+	* 404
+
+
+	Insecure cookies are set for these hosts:
+
+		- forums.webnms.com
+
+-->
+<ruleset name="WebNMS.com">
+
+	<target host="webnms.com" />
+	<!--target host="blogs.webnms.com" /-->
+	<target host="forums.webnms.com" />
+	<target host="www.webnms.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^forums\.webnms\.com$" name="^(JSESSIONID|[\da-f]{10})$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/WebOas.is.xml b/src/chrome/content/rules/WebOas.is.xml
new file mode 100644
index 000000000000..b33316e2dee2
--- /dev/null
+++ b/src/chrome/content/rules/WebOas.is.xml
@@ -0,0 +1,6 @@
+<ruleset name="WebOas.is">
+	<target host="weboas.is" />
+	<target host="www.weboas.is" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/WebPG.org.xml b/src/chrome/content/rules/WebPG.org.xml
new file mode 100644
index 000000000000..822717402aa6
--- /dev/null
+++ b/src/chrome/content/rules/WebPG.org.xml
@@ -0,0 +1,12 @@
+<ruleset name="WebPG.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="webpg.org" />
+	<target host="www.webpg.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/WebPlatform.org.xml b/src/chrome/content/rules/WebPlatform.org.xml
new file mode 100644
index 000000000000..a92779645031
--- /dev/null
+++ b/src/chrome/content/rules/WebPlatform.org.xml
@@ -0,0 +1,10 @@
+<ruleset name="WebPlatform.org">
+	<target host="webplatform.org" />
+	<target host="www.webplatform.org" />
+	<target host="blog.webplatform.org" />
+	<target host="docs.webplatform.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/WebProspector.xml b/src/chrome/content/rules/WebProspector.xml
index 5620275ad897..e03f3fabe4c7 100644
--- a/src/chrome/content/rules/WebProspector.xml
+++ b/src/chrome/content/rules/WebProspector.xml
@@ -5,14 +5,15 @@
 <ruleset name="WebProspector (partial)">
 
 	<target host="webprospector.de" />
-	<target host="*.webprospector.de" />
+	<target host="mein.webprospector.de" />
+	<target host="trs.webprospector.de" />
+	<target host="www.webprospector.de" />
 		<exclusion pattern="^http://www\.webprospector\.de/(?!app/|(?:preise-)?bestellen|css/|img/|js/|kostenlos-(?:flatrate-)?testen|pixel\.php)" />
 
 
 	<securecookie host="^mein\.webprospector\.de$" name=".+" />
 
 
-	<rule from="^http://(mein\.|trs\.|www\.)?webprospector\.de/"
-		to="https://$1webprospector.de/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/WebRTC-Experiment.com.xml b/src/chrome/content/rules/WebRTC-Experiment.com.xml
new file mode 100644
index 000000000000..a4cd87746496
--- /dev/null
+++ b/src/chrome/content/rules/WebRTC-Experiment.com.xml
@@ -0,0 +1,25 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.cdn.webrtc-experiment.com/ => https://www.cdn.webrtc-experiment.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.cdn.webrtc-experiment.com'")
+
+	Fully covered hosts in *webrtc-experiment.com:
+
+		- (www.)?
+		- (www.)?cdn
+
+-->
+<ruleset name="WebRTC-Experiment.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="webrtc-experiment.com" />
+	<target host="cdn.webrtc-experiment.com" />
+	<target host="www.cdn.webrtc-experiment.com" />
+	<target host="www.webrtc-experiment.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/WebSanity.xml b/src/chrome/content/rules/WebSanity.xml
index a975f87050ae..663300825215 100644
--- a/src/chrome/content/rules/WebSanity.xml
+++ b/src/chrome/content/rules/WebSanity.xml
@@ -1,16 +1,21 @@
-<ruleset name="WebSanity">
+<!--
+	Nonfunctional hosts in *websanity.com:
 
-	<target host="websanity.com" />
-	<target host="traffic.websanity.com" />
+		- ^ ¹
+		- www ²
 
+	¹ Shows gawain.websanity.com
+	² Refused
 
-	<securecookie host="^traffic\.websanity\.com$" name=".*" />
+-->
+<ruleset name="WebSanity.com (partial)" default_off="self-signed">
 
+	<!--	Direct rewrites:
+				-->
+	<target host="gawain.websanity.com" />
 
-	<!--	- www times out over https
-		- www 302s recursively over http
-							-->
-	<rule from="^http://(traffic\.)?websanity\.com/"
-		to="https://$1websanity.com/" />
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/WebSense.xml b/src/chrome/content/rules/WebSense.xml
index 55de8ab60493..bcbe91172e90 100644
--- a/src/chrome/content/rules/WebSense.xml
+++ b/src/chrome/content/rules/WebSense.xml
@@ -3,17 +3,22 @@
 
 		- investor	(cert: *.shareholder.com; 403)
 
--->
-<ruleset name="Websense (partial)">
+	Problematic subdomains:
 
-	<target host="websense.com" />
-	<target host="*.websense.com" />
+		- community (redirection loop)
 
+-->
+<ruleset name="Websense.com (partial)">
 
-	<securecookie host="^.*\.websense\.com$" name=".*" />
+	<!--	Direct rewrites:
+				-->
+	<target host="websense.com" />
+	<target host="securitylabs.websense.com" />
+	<target host="www.websense.com" />
 
+	<securecookie host="^.*\.websense\.com$" name=".+" />
 
-	<rule from="^http://(community\.|securitylabs\.|www\.)?websense\.com/"
-		to="https://$1websense.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/WebShopRevolution.com.xml b/src/chrome/content/rules/WebShopRevolution.com.xml
new file mode 100644
index 000000000000..a1d442f6f573
--- /dev/null
+++ b/src/chrome/content/rules/WebShopRevolution.com.xml
@@ -0,0 +1,19 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://webshoprevolution.com/ => https://webshoprevolution.com/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="WebShop Revolution">
+
+    <!-- WebShop Revolution Sites and Client Shops -->
+    <target host="webshoprevolution.com" />
+    <target host="*.webshoprevolution.com" />
+
+    <!-- Rule for no subdomain - http://webshoprevolution.com -->
+    <rule from="^http://webshoprevolution\.com/" to="https://webshoprevolution.com/" />
+
+    <!-- Rule for any subdomain - http://*.webshoprevolution.com -->
+    <rule from="^http://([\w-]+)\.webshoprevolution\.com/" to="https://$1.webshoprevolution.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/WebSite.ws.xml b/src/chrome/content/rules/WebSite.ws.xml
new file mode 100644
index 000000000000..5a7888438bd0
--- /dev/null
+++ b/src/chrome/content/rules/WebSite.ws.xml
@@ -0,0 +1,38 @@
+<!--
+	^website.ws: Mismatched
+
+
+	Insecure cookies are set for these domains:
+
+		- .website.ws
+
+-->
+<ruleset name="WebSite.ws">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.website.ws" />
+
+	<!--	Complications:
+				-->
+	<target host="website.ws" />
+
+		<!--	Sets cookies without Secure:
+							-->
+		<test url="http://www.website.ws/signup/index.dhtml?sponsor=&amp;src=&amp;last_page=&amp;cookie_id=" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.website\.ws$" name="^(?:X_SESSION_ID|cookie_id|entry_ip|entry_time|referer)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://website\.ws/"
+		to="https://www.website.ws/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/WebSocial.ly.xml b/src/chrome/content/rules/WebSocial.ly.xml
index f03d8c8b6587..8816cf3735eb 100644
--- a/src/chrome/content/rules/WebSocial.ly.xml
+++ b/src/chrome/content/rules/WebSocial.ly.xml
@@ -12,4 +12,4 @@
 	<rule from="^http://([\w-]+\.)?websocially\.com/(assets/|sign-up(?:$|\?|/)|wp-content/)"
 		to="https://$1websocially.com/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/WebSocket.org.xml b/src/chrome/content/rules/WebSocket.org.xml
new file mode 100644
index 000000000000..e6d2a01cb5ae
--- /dev/null
+++ b/src/chrome/content/rules/WebSocket.org.xml
@@ -0,0 +1,18 @@
+<!--
+	Fully covered hosts in *websocket.org:
+
+		- (www.)?
+
+-->
+<ruleset name="WebSocket.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="websocket.org" />
+	<target host="www.websocket.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/WebSpectator.com.xml b/src/chrome/content/rules/WebSpectator.com.xml
index 738bdc60238a..9fdcf45b8d22 100644
--- a/src/chrome/content/rules/WebSpectator.com.xml
+++ b/src/chrome/content/rules/WebSpectator.com.xml
@@ -8,28 +8,31 @@
 		- dfdbz2tdq3k01.cloudfront.net
 
 
-	Nonfunctional subdomains:
+	Fully covered subdomains:
 
-		- (www.)	(dropped)
+		- (www.)
+		- scripts
+		- services
 
 
-	Problematic subdomains:
+	Mixed content:
 
-		- scripts	(cloudfront)
+		- Web bug on (www.) from widget.quantcast.com *
 
--->
-<ruleset name="WebSpectator.com (partial)">
+	* Secured by us
 
-	<target host="*.webspectator.com" />
+-->
+<ruleset name="WebSpectator.com">
 
+	<target host="webspectator.com" />
+	<target host="scripts.webspectator.com" />
+	<target host="services.webspectator.com" />
+	<target host="www.webspectator.com" />
 
-	<!--securecookie host="^\.webspectator\.com$" name="^\d\d:webspectracking$" /-->
 
+	<securecookie host="^\.webspectator\.com$" name=".+" />
 
-	<rule from="^http://scripts\.webspectator\.com/"
-		to="https://d1a9mcs2flbk7j.cloudfront.net/" />
 
-	<rule from="^http://services\.webspectator\.com/"
-		to="https://services.webspectator.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/WebStarts.xml b/src/chrome/content/rules/WebStarts.xml
index 6a7f90a4eff1..00b21cd282a3 100644
--- a/src/chrome/content/rules/WebStarts.xml
+++ b/src/chrome/content/rules/WebStarts.xml
@@ -7,13 +7,14 @@
 <ruleset name="WebStarts">
 
 	<target host="webstarts.com" />
-	<target host="*.webstarts.com" />
+	<target host="static.webstarts.com" />
+	<target host="www.webstarts.com" />
 
 
 	<securecookie host="^(?:www\.)?webstarts\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:static\.|(www\.))?webstarts\.com/"
+	<rule from="^http://(?:static\.|(www\.))?webstarts\.com/"
 		to="https://$1webstarts.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/WebSupport.at.xml b/src/chrome/content/rules/WebSupport.at.xml
new file mode 100644
index 000000000000..2a5a4da113fc
--- /dev/null
+++ b/src/chrome/content/rules/WebSupport.at.xml
@@ -0,0 +1,49 @@
+<!--
+	For other WebSupport coverage, see Websupport_sk_cz_at_hu.xml.
+
+
+	Problematic hosts:
+
+		- mail.websupport.at *
+		- webmail.websupport.at *
+
+	* Server sends no certificate chain, see https://whatsmychaincert.com
+
+
+	Insecure cookies are set for these hosts:
+
+		- websupport.at
+		- www.websupport.at
+
+
+	Mixed content:
+
+		- css on blog.websupport.at from fonts.googleapis.com *
+		- Images on blog.websupport.at from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="WebSupport.at (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="websupport.at" />
+	<target host="blog.websupport.at" />
+	<!--target host="mail.websupport.at" /-->
+	<!--target host="webmail.websupport.at" /-->
+	<target host="www.websupport.at" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?websupport\.at$" name="^(?:[\da-f]{32}|PHPSESSID)$" /-->
+	<!--securecookie host="^admin\.websupport\.at$" name="^(?:PHPSESSID|YII_CSRF_TOKEN|lang)$" /-->
+
+	<securecookie host=".+\.websupport\.at$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/WebSupport.cz.xml b/src/chrome/content/rules/WebSupport.cz.xml
new file mode 100644
index 000000000000..f27e3f2bdd5a
--- /dev/null
+++ b/src/chrome/content/rules/WebSupport.cz.xml
@@ -0,0 +1,31 @@
+<!--
+	For other WebSupport coverage, see Websupport_sk_cz_at_hu.xml.
+
+
+	Insecure cookies are set for these hosts:
+
+		- admin.websupport.cz
+		- www.websupport.cz
+
+-->
+<ruleset name="WebSupport.cz">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="websupport.cz" />
+	<target host="admin.websupport.cz" />
+	<target host="mail.websupport.cz" />
+	<target host="www.websupport.cz" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.websupport\.cz$" name="^(?:[\da-f]{32}|PHPSESSID)$" /-->
+
+	<securecookie host=".+\.websupport\.cz$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/WebTrust.xml b/src/chrome/content/rules/WebTrust.xml
index 11f353dbfa50..15d4f33b31e9 100644
--- a/src/chrome/content/rules/WebTrust.xml
+++ b/src/chrome/content/rules/WebTrust.xml
@@ -1,16 +1,24 @@
+
 <!--
+Entire ruleset disabled at 2020-09-25 16:20:22
+
+Fetch error: http://cert.webtrust.org/ => https://cert.webtrust.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
 	Nonfunctional subdomains:
 
-		- (www.)	(cert: secure.cica.ca; redirects to www.cica.ca)
+		- (www.) *
+    - entrust
 
+	* Reset
 
 -->
-<ruleset name="WebTrust (partial)">
+<ruleset name="WebTrust.org (partial)" default_off="failed ruleset test">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="cert.webtrust.org" />
 
-
-	<rule from="^http://cert\.webtrust\.org/"
-		to="https://cert.webtrust.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/WebType-mismatches.xml b/src/chrome/content/rules/WebType-mismatches.xml
deleted file mode 100644
index 2b351dde79c5..000000000000
--- a/src/chrome/content/rules/WebType-mismatches.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="WebType (mismatches)" default_off="bluehost certificate">
-
-	<target host="blog.webtype.com"/>
-
-	<rule from="^http://blog\.webtype\.com/"
-		to="https://blog.webtype.com/~webtypec/blog/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/WebType.com.xml b/src/chrome/content/rules/WebType.com.xml
new file mode 100644
index 000000000000..959fbeeb923a
--- /dev/null
+++ b/src/chrome/content/rules/WebType.com.xml
@@ -0,0 +1,29 @@
+<!--
+	Remark: *.webtype.com has a wildcard DNS record.
+
+	Non-functional hosts
+		Invalid certificate:
+			 - bentonmodern.webtype.com
+			 - bigcaslon.webtype.com
+			 - mckl.webtype.com
+			 - monokrom.webtype.com
+			 - news.webtype.com
+			 - nittimostro.webtype.com
+			 - tickandtock.webtype.com
+
+		Different content:
+			 - status.webtype.com
+
+		Mixed content blocking (MCB) triggered:
+			 - blog.webtype.com
+-->
+<ruleset name="WebType.com (partial)">
+	<target host="webtype.com" />
+	<target host="www.webtype.com" />
+	<target host="cloud.webtype.com" />
+	<target host="demo.webtype.com" />
+	<target host="gallery.webtype.com" />
+	<target host="pls.webtype.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/WebType.xml b/src/chrome/content/rules/WebType.xml
deleted file mode 100644
index c321e8d4d2ae..000000000000
--- a/src/chrome/content/rules/WebType.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	gp1.wac.edgecastcdn.net/001AC1/
--->
-<ruleset name="WebType (partial)">
-
-	<target host="webtype.com"/>
-	<target host="*.webtype.com"/>
-
-	<rule from="^http://www\.webtype\.com/(global|local)/"
-		to="https://www.webtype.com/$1/"/>
-
-	<rule from="^http://(cloud\.|pls\.)?webtype\.com/"
-		to="https://$1webtype.com/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/WebUrbanist.com.xml b/src/chrome/content/rules/WebUrbanist.com.xml
index c62255740098..c2469d07fe5d 100644
--- a/src/chrome/content/rules/WebUrbanist.com.xml
+++ b/src/chrome/content/rules/WebUrbanist.com.xml
@@ -19,11 +19,12 @@
 <ruleset name="WebUrbanist.com (partial)" default_off="self-signed">
 
 	<target host="weburbanist.com" />
-	<target host="*.weburbanist.com" />
+	<target host="img.weburbanist.com" />
+	<target host="www.weburbanist.com" />
 		<exclusion pattern="^http://(?:www\.)?weburbanist\.com/(?!wp-content/)" />
 
 
 	<rule from="^http://(?:img\.|www\.)?weburbanist\.com/"
 		to="https://weburbanist.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/WebWeWant.org.xml b/src/chrome/content/rules/WebWeWant.org.xml
new file mode 100644
index 000000000000..dc7d04ead1a9
--- /dev/null
+++ b/src/chrome/content/rules/WebWeWant.org.xml
@@ -0,0 +1,12 @@
+<ruleset name="WebWeWant.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="webwewant.org" />
+	<target host="www.webwewant.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/WebXakep.Net.xml b/src/chrome/content/rules/WebXakep.Net.xml
new file mode 100644
index 000000000000..d91772e0f526
--- /dev/null
+++ b/src/chrome/content/rules/WebXakep.Net.xml
@@ -0,0 +1,27 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://infotech-team.com/ => https://infotech-team.com/: (6, 'Could not resolve host: infotech-team.com')
+Fetch error: http://webxakep.net/ => https://webxakep.net/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://infotech-team.com/ => https://infotech-team.com/: (6, 'Could not resolve host: infotech-team.com')
+	Mixed content:
+
+		- Web bug from hit\d+.hotlog.ru
+
+-->
+<ruleset name="WebXakep.Net" default_off="failed ruleset test">
+
+	<target host="infotech-team.com" />
+	<target host="webxakep.net" />
+	<target host="www.infotech-team.com" />
+	<target host="www.webxakep.net" />
+
+
+	<securecookie host="^\.(?:infotech-team\.com|webxakep\.net)$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/WebZilla.xml b/src/chrome/content/rules/WebZilla.xml
index ba6c201543a8..b1a6a6c185ea 100644
--- a/src/chrome/content/rules/WebZilla.xml
+++ b/src/chrome/content/rules/WebZilla.xml
@@ -1,10 +1,12 @@
-<ruleset name="WebZilla">
+<ruleset name="WebZilla.com">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="webzilla.com" />
 	<target host="www.webzilla.com" />
 
 
-	<rule from="^http://(www\.)?webzilla\.com/"
-		to="https://$1webzilla.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Web_Design_Marketing.xml b/src/chrome/content/rules/Web_Design_Marketing.xml
index 116c3e205b35..61826abfc426 100644
--- a/src/chrome/content/rules/Web_Design_Marketing.xml
+++ b/src/chrome/content/rules/Web_Design_Marketing.xml
@@ -1,13 +1,12 @@
 <ruleset name="Web Design Marketing">
 
 	<target host="webdesignmarketing.eu" />
-	<target host="*.webdesignmarketing.eu" />
+	<target host="www.webdesignmarketing.eu" />
 
 
 	<securecookie host="^\.webdesignmarketing.eu$" name=".+" />
 
 
-	<rule from="^http://(www\.)?webdesignmarketing\.eu/"
-		to="https://$1webdesignmarketing.eu/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Web_Forest.eu.xml b/src/chrome/content/rules/Web_Forest.eu.xml
index 8887494e3e20..01aaa79e980b 100644
--- a/src/chrome/content/rules/Web_Forest.eu.xml
+++ b/src/chrome/content/rules/Web_Forest.eu.xml
@@ -13,7 +13,6 @@
 	<securecookie host="^webforest\.eu$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?webforest\.eu/"
-		to="https://webforest.eu/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Web_Foundation.org.xml b/src/chrome/content/rules/Web_Foundation.org.xml
new file mode 100644
index 000000000000..8af16631e41e
--- /dev/null
+++ b/src/chrome/content/rules/Web_Foundation.org.xml
@@ -0,0 +1,24 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://public.webfoundation.org/ => https://public.webfoundation.org/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://labs.webfoundation.org/ => https://labs.webfoundation.org/: (51, "SSL: no alternative certificate subject name matches target host name 'labs.webfoundation.org'")
+
+	Redirect
+		- (www.)
+
+	401:
+		- media
+		- dev
+
+	Expired:
+		- data
+		- mlabs
+-->
+<ruleset name="WebFoundation.org (partial)" platform="mixedcontent" default_off="failed ruleset test">
+	<target host="public.webfoundation.org" />
+	<target host="labs.webfoundation.org" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Web_Hosting_Geeks.com.xml b/src/chrome/content/rules/Web_Hosting_Geeks.com.xml
index cfff669fe63f..7e55396579d7 100644
--- a/src/chrome/content/rules/Web_Hosting_Geeks.com.xml
+++ b/src/chrome/content/rules/Web_Hosting_Geeks.com.xml
@@ -23,7 +23,8 @@
 <ruleset name="Web Hosting Geeks.com">
 
 	<target host="webhostinggeeks.com" />
-	<target host="*.webhostinggeeks.com" />
+	<target host="www.webhostinggeeks.com" />
+	<target host="acf.webhostinggeeks.com" />
 
 
 	<securecookie host="^webhostinggeeks\.com$" name=".+" />
@@ -35,4 +36,4 @@
 	<rule from="^http://acf\.webhostinggeeks\.com/"
 		to="https://d2qa8wpyt2chna.cloudfront.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Web_Hosting_Pad.xml b/src/chrome/content/rules/Web_Hosting_Pad.xml
index 80752f15dc9e..ff4b94e05df8 100644
--- a/src/chrome/content/rules/Web_Hosting_Pad.xml
+++ b/src/chrome/content/rules/Web_Hosting_Pad.xml
@@ -5,14 +5,16 @@
 <ruleset name="Web Hosting Pad (partial)">
 
 	<target host="webhostingpad.com" />
-	<target host="*.webhostingpad.com" />
+	<target host="livesupport.webhostingpad.com" />
+	<target host="secure.webhostingpad.com" />
+	<target host="support.webhostingpad.com" />
+	<target host="www.webhostingpad.com" />
 		<exclusion pattern="^http://(?:www\.)?webhostingpad\.com/(?!\w+\.css$|images/)" />
 
 
 	<securecookie host="^s(?:ecure|upport)\.webhostingpad\.com$" name=".+" />
 
 
-	<rule from="^http://((?:livesupport|secure|support|www)\.)?webhostingpad\.com/"
-		to="https://$1webhostingpad.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Web_Service_Award.xml b/src/chrome/content/rules/Web_Service_Award.xml
index a445d771752f..24daabe01d2e 100644
--- a/src/chrome/content/rules/Web_Service_Award.xml
+++ b/src/chrome/content/rules/Web_Service_Award.xml
@@ -9,7 +9,6 @@
 	<target host="ssl.webserviceaward.com" />
 
 
-	<rule from="^http://ssl\.webserviceaward\.com/"
-		to="https://ssl.webserviceaward.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Web_Tune_Factory.xml b/src/chrome/content/rules/Web_Tune_Factory.xml
index 2e62d3cff48f..47676533bccb 100644
--- a/src/chrome/content/rules/Web_Tune_Factory.xml
+++ b/src/chrome/content/rules/Web_Tune_Factory.xml
@@ -1,14 +1,19 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://w-tune.com/ => https://www.w-tune.com/: (6, 'Could not resolve host: www.w-tune.com')
+Fetch error: http://www.w-tune.com/ => https://www.w-tune.com/: (6, 'Could not resolve host: www.w-tune.com')
+
 	!www: cert only matches www
 
 -->
-<ruleset name="Web Tune Factory">
+<ruleset name="Web Tune Factory" default_off="failed ruleset test">
 
 	<target host="w-tune.com" />
 	<target host="www.w-tune.com" />
 
 
-	<rule from="^https?://(?:www\.)?w-tune\.com/"
+	<rule from="^http://(?:www\.)?w-tune\.com/"
 		to="https://www.w-tune.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Web_of_Knowledge.xml b/src/chrome/content/rules/Web_of_Knowledge.xml
index 36450dac2a0b..e7b580faff35 100644
--- a/src/chrome/content/rules/Web_of_Knowledge.xml
+++ b/src/chrome/content/rules/Web_of_Knowledge.xml
@@ -1,4 +1,6 @@
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.isiknowledge.com/ => https://www.isiknowledge.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.isiknowledge.com'")
 	For other Thomson Reuters coverage, see Thomson-Reuters.xml.
 
 
@@ -12,16 +14,19 @@
 	<target host="isiknowledge.com" />
 	<target host="www.isiknowledge.com" />
 	<target host="webofknowledge.com" />
-	<target host="*.webofknowledge.com" />
+	<target host="apps.webofknowledge.com" />
+	<target host="cm.webofknowledge.com" />
+	<target host="ets.webofknowledge.com" />
+	<target host="images.webofknowledge.com" />
+	<target host="sub3.webofknowledge.com" />
+	<target host="wcs.webofknowledge.com" />
+	<target host="www.webofknowledge.com" />
 
 
 	<securecookie host="^.*\.webofknowledge\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?isiknowledge\.com/"
-		to="https://$1isiknowledge.com/" />
 
-	<rule from="^http://((?:apps|cm|ets|images|sub3|wcs|www)\.)?webofknowledge\.com/"
-		to="https://$1webofknowledge.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Webarch.net.xml b/src/chrome/content/rules/Webarch.net.xml
new file mode 100644
index 000000000000..2ffd795498fd
--- /dev/null
+++ b/src/chrome/content/rules/Webarch.net.xml
@@ -0,0 +1,23 @@
+<!--
+	For other Webarchitects coverage, see Webarchitects.coop.xml.
+
+
+	These altnames don't exist:
+
+		- www.docs.webarch.net
+
+-->
+<ruleset name="Webarch.net">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="webarch.net" />
+	<target host="docs.webarch.net" />
+	<target host="stats.webarch.net" />
+	<target host="www.webarch.net" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Webarchitects.coop.xml b/src/chrome/content/rules/Webarchitects.coop.xml
new file mode 100644
index 000000000000..9d242ed28c96
--- /dev/null
+++ b/src/chrome/content/rules/Webarchitects.coop.xml
@@ -0,0 +1,18 @@
+<!--
+	Other Webarchitects rulesets:
+
+		- Webarch.net.xml
+
+-->
+<ruleset name="Webarchitects.coop">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="webarchitects.coop" />
+	<target host="www.webarchitects.coop" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Webby-Awards.xml b/src/chrome/content/rules/Webby-Awards.xml
index 0b9b2961e37a..0cd66f6cc485 100644
--- a/src/chrome/content/rules/Webby-Awards.xml
+++ b/src/chrome/content/rules/Webby-Awards.xml
@@ -1,13 +1,21 @@
-<!--	!functional:
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://webbyawards.com/ => https://www.webbyawards.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.webbyawards.com'")
+Fetch error: http://www.webbyawards.com/ => https://www.webbyawards.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.webbyawards.com'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://webbyawards.com/ => https://www.webbyawards.com/: (7, 'Failed to connect to www.webbyawards.com port 443: Connection timed out')
+Fetch error: http://www.webbyawards.com/ => https://www.webbyawards.com/: (7, 'Failed to connect to www.webbyawards.com port 443: Connection timed out')	!functional:
 		- (www.)netted.net
 		- pv.webbyawards.com	(timeout)
 -->
-<ruleset name="Webby Awards (partial)" platform="mixedcontent">
+<ruleset name="Webby Awards (partial)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="webbyawards.com"/>
 	<target host="www.webbyawards.com"/>
 
-	<securecookie host="^www\.webbyawards\.com$" name=".*"/>
+	<securecookie host="^www\.webbyawards\.com$" name=".+" />
 
 	<!--	cert !match !www	-->
 	<rule from="^http://(?:www\.)?webbyawards\.com/"
diff --git a/src/chrome/content/rules/WebcamBoys.xml b/src/chrome/content/rules/WebcamBoys.xml
deleted file mode 100644
index 20b51fb2a529..000000000000
--- a/src/chrome/content/rules/WebcamBoys.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- thumbs	(no https)
-
--->
-<ruleset name="WebcamBoys (partial)">
-
-	<target host="webcamboys.us" />
-	<target host="*.webcamboys.us" />
-
-
-	<securecookie host="^\.webcamboys\.us$" name=".+" />
-
-
-	<rule from="^http://(www\.)?webcamboys\.us/"
-		to="https://$1webcamboys.us/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Webcompat.com.xml b/src/chrome/content/rules/Webcompat.com.xml
new file mode 100644
index 000000000000..d25b037c0080
--- /dev/null
+++ b/src/chrome/content/rules/Webcompat.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="webcompat.com">
+
+	<target host="webcompat.com" />
+	<target host="www.webcompat.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Webcontrolcenter.com.xml b/src/chrome/content/rules/Webcontrolcenter.com.xml
deleted file mode 100644
index 7403be7b84c8..000000000000
--- a/src/chrome/content/rules/Webcontrolcenter.com.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	Observed subdomains:
-
-		- piwik
-
--->
-<ruleset name="webcontrolcenter.com">
-
-	<target host="webcontrolcenter.com" />
-	<target host="*.webcontrolcenter.com" />
-
-
-	<securecookie host="^(?:.+\.)?webcontrolcenter\.com$" name=".+" />
-
-
-	<rule from="^http://([\w-]+\.)?webcontrolcenter\.com/"
-		to="https://$1webcontrolcenter.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Webcruiter.xml b/src/chrome/content/rules/Webcruiter.xml
index 367e3d851b7a..27a2d40848a1 100644
--- a/src/chrome/content/rules/Webcruiter.xml
+++ b/src/chrome/content/rules/Webcruiter.xml
@@ -13,7 +13,6 @@
 	<securecookie host="^(?:www\.)?webcruiter\.no$" name=".+" />
 
 
-	<rule from="^http://(www\.)?webcruiter\.no/"
-		to="https://$1webcruiter.no/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Webento.xml b/src/chrome/content/rules/Webento.xml
index 218b6ab221a6..a5a7e5137a6d 100644
--- a/src/chrome/content/rules/Webento.xml
+++ b/src/chrome/content/rules/Webento.xml
@@ -1,13 +1,25 @@
-<ruleset name="Webento">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://webento.com/ => https://webento.com/: (35, 'Unknown SSL protocol error in connection to webento.com:443 ')
+Fetch error: http://www.webento.com/ => https://www.webento.com/: (35, 'Unknown SSL protocol error in connection to www.webento.com:443 ')
+
+-->
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://webento.com/ => https://webento.com/: (35, 'error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error')
+
+-->
+<ruleset name="Webento" default_off="failed ruleset test">
 
 	<target host="webento.com" />
-	<target host="*.webento.com" />
+	<target host="www.webento.com" />
 
 
-	<securecookie host="^(?:.*\.)?webento\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(www\.)?webento\.com/"
-		to="https://$1webento.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Webex.com.xml b/src/chrome/content/rules/Webex.com.xml
new file mode 100644
index 000000000000..d32b107b390d
--- /dev/null
+++ b/src/chrome/content/rules/Webex.com.xml
@@ -0,0 +1,22 @@
+<!--
+	Refused:
+		lg.webex.com
+
+-->
+<ruleset name="Webex.com">
+
+	<target host="webex.com" />
+	<target host="*.webex.com" />
+		<exclusion pattern="^http://lg\.webex\.com/" />
+
+	<securecookie host=".+" name=".+" />
+
+	<!--	Clients have unique subdomains	-->
+	<rule from="^http://(\w+\.)?webex\.com/"
+		to="https://$1webex.com/" />
+
+		<test url="http://www.webex.com/" />
+		<test url="http://ebscotraining.webex.com/" />
+		<test url="http://signin.webex.com/collabs/auth" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Webfest_Global.xml b/src/chrome/content/rules/Webfest_Global.xml
index 474e24a99f91..6e8105d00e90 100644
--- a/src/chrome/content/rules/Webfest_Global.xml
+++ b/src/chrome/content/rules/Webfest_Global.xml
@@ -1,13 +1,8 @@
 <!--
 	For other Oversee.net coverage, see Oversee.xml.
 
-
-	Problematic subdomains:
-
-		- ^	(cert only matches www)
-
 -->
-<ruleset name="Webfest Global">
+<ruleset name="Webfest Global.com" default_off="refused">
 
 	<target host="webfestglobal.com" />
 	<target host="www.webfestglobal.com" />
@@ -16,7 +11,7 @@
 	<securecookie host="^www\.webfestglobal\.com$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?webfestglobal\.com/"
-		to="https://www.webfestglobal.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Webfusion.xml b/src/chrome/content/rules/Webfusion.xml
deleted file mode 100644
index 4ad267fdc611..000000000000
--- a/src/chrome/content/rules/Webfusion.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<ruleset name="webfusion (partial)">
-
-	<target host="webfusion.co.uk" />
-	<target host="www.webfusion.co.uk" />
-	<target host="fusion.webfusion-secure.co.uk" />
-	<target host="webfusion-support.co.uk" />
-	<target host="www.webfusion-support.co.uk" />
-
-
-	<securecookie host="^www\.webfusion\.co\.uk$" name=".*" />
-
-
-	<rule from="^http://(www\.)?webfusion(-support)?\.co\.uk/"
-		to="https://$1webfusion$2.co.uk/" />
-
-	<rule from="^http://fusion\.webfusion-secure\.co\.uk/"
-		to="https://fusion.webfusion-secure.co.uk/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Webgility.xml b/src/chrome/content/rules/Webgility.xml
index 4e941f56f4cd..72784a4b4fc8 100644
--- a/src/chrome/content/rules/Webgility.xml
+++ b/src/chrome/content/rules/Webgility.xml
@@ -1,4 +1,15 @@
-<ruleset name="Webgility (partial)" platform="mixedcontent">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://webgility.com/ => https://webgility.com/: Too many redirects while fetching 'https://webgility.com/'
+Fetch error: http://www.webgility.com/ => https://webgility.com/: Too many redirects while fetching 'https://webgility.com/'
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://webgility.com/ => https://webgility.com/: Cycle detected - URL already encountered: https://webgility.com/
+Fetch error: http://portal.webgility.com/ => https://portal.webgility.com/: Redirect for 'http://portal.webgility.com/' missing Location
+Fetch error: http://www.webgility.com/ => https://webgility.com/: Cycle detected - URL already encountered: https://webgility.com/
+-->
+<ruleset name="Webgility (partial)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="webgility.com"/>
 	<target host="portal.webgility.com"/>
@@ -7,6 +18,6 @@
 	<rule from="^http://(www\.)?(portal\.)?webgility\.com/"
 		to="https://$2webgility.com/"/>
 
-	<securecookie host="^portal\.webgility\.com$" name=".*"/>
+	<securecookie host="^portal\.webgility\.com$" name=".+" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Webglobe.sk.xml b/src/chrome/content/rules/Webglobe.sk.xml
new file mode 100644
index 000000000000..75306865e0b7
--- /dev/null
+++ b/src/chrome/content/rules/Webglobe.sk.xml
@@ -0,0 +1,6 @@
+<ruleset name="Webglobe.sk">
+  <target host="webglobe.sk" />
+  <target host="www.webglobe.sk" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Webhost.biz.xml b/src/chrome/content/rules/Webhost.biz.xml
new file mode 100644
index 000000000000..e4b22f2a2ae2
--- /dev/null
+++ b/src/chrome/content/rules/Webhost.biz.xml
@@ -0,0 +1,50 @@
+<!--
+	For other Ecommerce coverage, see Ecommerce.xml.
+
+
+	Problematic hosts in *webhost.biz:
+
+		- (www.)? ¹
+		- manage ²
+
+	¹ Mismatched
+	² Expired
+
+
+	Insecure cookies are set for these hosts:
+
+		- manage.webhost.biz
+
+-->
+<ruleset name="webhost.biz">
+
+	<!--	Complications:
+				-->
+	<target host="webhost.biz" />
+	<target host="manage.webhost.biz" />
+	<target host="www.webhost.biz" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^manage\.webhost\.biz$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^manage\.webhost\.biz$" name=".+" />
+
+
+	<!--	Redirect keeps path and args,
+		but not forward slash:
+					-->
+	<rule from="^http://(?:www\.)?webhost\.biz/+"
+		to="https://www.ixwebhosting.com/" />
+
+		<test url="http://www.webhost.biz//" />
+
+	<!--	Redirect drops path and args:
+						-->
+	<rule from="^http://manage\.webhost\.biz/.*"
+		to="https://www.ixwebhosting.com/" />
+
+		<test url="http://manage.webhost.biz//" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Webhostlist.de.xml b/src/chrome/content/rules/Webhostlist.de.xml
deleted file mode 100644
index 958dff14b058..000000000000
--- a/src/chrome/content/rules/Webhostlist.de.xml
+++ /dev/null
@@ -1,31 +0,0 @@
-<!--
-	CDN buckets:
-
-		- d11hqfd01dzvm8.cloudfront.net
-		- d29imb9ewfvgco.cloudfront.net
-
-
-	Mixed content:
-
-		- Images on www from:
-
-			- d11hqfd01dzvm8.cloudfront.net *
-			- www.providertarife.de **
-
-	* Secured by us
-	** Unsecurable
-
--->
-<ruleset name="webhostlist.de">
-
-	<target host="webhostlist.de" />
-	<target host="*.webhostlist.de" />
-
-
-	<securecookie host="^(?:www)?\.webhostlist\.de$" name=".+" />
-
-
-	<rule from="^http://(www\.)?webhostlist\.de/"
-		to="https://$1webhostlist.de/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Webjet.xml b/src/chrome/content/rules/Webjet.xml
new file mode 100644
index 000000000000..22f718b2d453
--- /dev/null
+++ b/src/chrome/content/rules/Webjet.xml
@@ -0,0 +1,38 @@
+<!--
+	Nonfunctional TLD:
+		- .com
+		- .co.uk
+		- .ca
+		- .co.za (mixed content)
+		- .com.mx
+
+	Nonfunctional subdomains:
+		- hotels
+		- exclusives
+		- packages
+		- investor
+		- cms
+-->
+
+<ruleset name="Webjet">
+	<target host=        "webjet.com.au" />
+	<target host=    "www.webjet.com.au" />
+	<target host=   "cars.webjet.com.au" />
+	<target host="cruises.webjet.com.au" />
+	<target host="flights.webjet.com.au" />
+
+	<target host=        "webjet.co.nz" />
+	<target host=    "www.webjet.co.nz" />
+	<target host=   "cars.webjet.co.nz" />
+	<target host="cruises.webjet.co.nz" />
+	<target host="flights.webjet.co.nz" />
+
+  	<securecookie host="^.*\.webjet\.(com\.au|co\.nz)$" name=".+" />
+
+	<!-- cert only match www -->
+	<rule from="^http://webjet\.(com\.au|co\.nz)/"
+		to="https://www.webjet.$1/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Webkit.org.xml b/src/chrome/content/rules/Webkit.org.xml
index f94c7f2cbf95..99b423db477d 100644
--- a/src/chrome/content/rules/Webkit.org.xml
+++ b/src/chrome/content/rules/Webkit.org.xml
@@ -1,4 +1,12 @@
 <!--
+	Nonfunctional subdomains:
+
+		- nightly *
+		- builds.nightly *
+
+	* http reply
+
+
 	Mixed content:
 
 		- Images on www from (www.) *
@@ -8,14 +16,19 @@
 -->
 <ruleset name="Webkit.org">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="webkit.org" />
-	<target host="*.webkit.org" />
+	<target host="bugs.webkit.org" />
+	<target host="lists.webkit.org" />
+	<target host="trac.webkit.org" />
+	<target host="www.webkit.org" />
 
 
-	<securecookie host="^(?:trac|www)?\.webkit\.org$" name=".+" />
+	<securecookie host="^(?:bugs|trac|www)?\.webkit\.org$" name=".+" />
 
 
-	<rule from="^http://(trac\.|www\.)?webkit\.org/"
-		to="https://$1webkit.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Webkit.xml b/src/chrome/content/rules/Webkit.xml
deleted file mode 100644
index 28b6797baf0b..000000000000
--- a/src/chrome/content/rules/Webkit.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--	!functional:
-		- piwik.wk1.net		(cert: pageloc.com; shows that domain's data)
--->
-<ruleset name="Webkit" default_off="expired">
-
-	<target host="pageloc.com"/>
-	<target host="www.pageloc.com"/>
-
-	<securecookie host="^pageloc\.com$" name=".*"/>
-
-	<rule from="^http://(?:www\.)?pageloc\.com/"
-		to="https://pageloc.com/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Webkitgtk.org.xml b/src/chrome/content/rules/Webkitgtk.org.xml
new file mode 100644
index 000000000000..6d351a7586fb
--- /dev/null
+++ b/src/chrome/content/rules/Webkitgtk.org.xml
@@ -0,0 +1,9 @@
+<ruleset name="Webkitgtk.org">
+	<target host="webkitgtk.org" />
+	<target host="www.webkitgtk.org" />
+	<target host="planet.webkitgtk.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Weblog_Awards.xml b/src/chrome/content/rules/Weblog_Awards.xml
index 577e26005857..b8ab859c599c 100644
--- a/src/chrome/content/rules/Weblog_Awards.xml
+++ b/src/chrome/content/rules/Weblog_Awards.xml
@@ -1,13 +1,13 @@
 <ruleset name="Weblog Awards">
 
 	<target host="weblogawards.org" />
-	<target host="*.weblogawards.org" />
+	<target host="2006.weblogawards.org" />
+	<target host="www.weblogawards.org" />
 
 
 	<securecookie host="^\.weblogawards\.org$" name=".+" />
 
 
-	<rule from="^http://(2006\.|www\.)?weblogawards\.org/"
-		to="https://$1weblogawards.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Webmail-Loxinfo.xml b/src/chrome/content/rules/Webmail-Loxinfo.xml
deleted file mode 100644
index 7ef44f6b5b3a..000000000000
--- a/src/chrome/content/rules/Webmail-Loxinfo.xml
+++ /dev/null
@@ -1,5 +0,0 @@
-<ruleset name="Webmail.loxinfo.co.th">
-  <target host="webmail.loxinfo.co.th" />
-
-  <rule from="^http://webmail\.loxinfo\.co\.th/" to="https://webmail.loxinfo.co.th/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Webmasterplan.com.xml b/src/chrome/content/rules/Webmasterplan.com.xml
deleted file mode 100644
index 0e5031d08fa9..000000000000
--- a/src/chrome/content/rules/Webmasterplan.com.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Webmasterplan.com">
-
-	<target host="*.webmasterplan.com" />
-
-
-	<securecookie host="^\.webmasterplan\.com$" name="^affili_\d+$" />
-	<securecookie host="^(?:bann|partn)ers\.webmasterplan\.com$" name=".+" />
-
-
-	<rule from="^http://(bann|partn)ers\.webmasterplan\.com/"
-		to="https://$1ers.webmasterplan.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Webmate.io.xml b/src/chrome/content/rules/Webmate.io.xml
new file mode 100644
index 000000000000..796a1a3a3dbb
--- /dev/null
+++ b/src/chrome/content/rules/Webmate.io.xml
@@ -0,0 +1,11 @@
+<ruleset name="Webmate.io">
+
+	<target host="webmate.io" />
+	<target host="app.webmate.io" />
+	<target host="www.webmate.io" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Webmetrics.com.xml b/src/chrome/content/rules/Webmetrics.com.xml
new file mode 100644
index 000000000000..aa0474ca7971
--- /dev/null
+++ b/src/chrome/content/rules/Webmetrics.com.xml
@@ -0,0 +1,54 @@
+<!--
+	For other Neustar coverage, see NeuStar.xml.
+
+
+	Problematic hosts:
+
+		- (www.)? *
+
+	* Mismatched
+
+
+	Fully covered hosts:
+
+		- (www.)?	(→ www.neustar.biz)
+		- www2
+
+
+	Insecure cookies are set for these hosts:
+
+		- www2.webmetrics.com
+
+-->
+<ruleset name="webmetrics.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www2.webmetrics.com" />
+
+	<!--	Complications:
+				-->
+	<target host="webmetrics.com" />
+	<target host="www.webmetrics.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www2\.webmetrics\.com$" name="^neustar_cookie$" /-->
+
+	<securecookie host="^www2\.webmetrics\.com$" name=".+" />
+
+
+	<!--	Redirect drops forward slash and
+		and path, but not args:
+					-->
+	<rule from="^http://(?:www\.)?webmetrics\.com/[^?]*"
+		to="https://www.neustar.biz/services/web-performance" />
+
+		<test url="http://www.webmetrics.com/products/eco_mgmnt.html" />
+		<test url="http://www.webmetrics.com//products/eco_mgmnt.html" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Webnium.co.jp.xml b/src/chrome/content/rules/Webnium.co.jp.xml
new file mode 100644
index 000000000000..fe9835dbc12a
--- /dev/null
+++ b/src/chrome/content/rules/Webnium.co.jp.xml
@@ -0,0 +1,22 @@
+<!--
+	Other Webnium rulesets:
+
+		- Flagrate.org.xml
+		- Yabumi.cc.xml
+
+-->
+<ruleset name="Webnium.co.jp">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="webnium.co.jp" />
+	<target host="www.webnium.co.jp" />
+
+
+	<securecookie host="^\.webnium\.co\.jp$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Webonic.hu.xml b/src/chrome/content/rules/Webonic.hu.xml
new file mode 100644
index 000000000000..05c934d9d897
--- /dev/null
+++ b/src/chrome/content/rules/Webonic.hu.xml
@@ -0,0 +1,48 @@
+<!--
+	For other WebSupport coverage, see Websupport_sk_cz_at_hu.xml.
+
+
+	Problematic hosts in *webonic.hu:
+
+		- support ᵉ *
+
+	ᵉ Expired
+	* Server sends no certificate chain, see https://whatsmychaincert.com
+
+
+	Insecure cookies are set for these hosts:
+
+		- admin.webonic.hu
+		- www.webonic.hu
+
+
+	Mixed content:
+
+		- Images on blog.webonic.hu from $self *
+		- Ad on blog.webonic.hu from www.googleadservices.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Webonic.hu">
+
+	<target host="webonic.hu" />
+	<target host="admin.webonic.hu" />
+	<target host="blog.webonic.hu" />
+	<target host="mail.webonic.hu" />
+	<!--target host="support.webonic.hu" /-->
+	<target host="www.webonic.hu" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^admin\.webonic\.hu$" name="^(?:PHPSESSID|YII_CSRF_TOKEN|lang)$" /-->
+	<!--securecookie host="^www\.webonic\.hu$" name="^(?:[\da-f]{32}|PHPSESSID)$" /-->
+
+	<securecookie host=".\.webonic\.hu$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Weboolu.xml b/src/chrome/content/rules/Weboolu.xml
index 19ee7f8dec1c..b51f5938e8b6 100644
--- a/src/chrome/content/rules/Weboolu.xml
+++ b/src/chrome/content/rules/Weboolu.xml
@@ -1,24 +1,35 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://weboolu.com/ => https://weboolu.com/: (60, 'SSL certificate problem: self signed certificate')
+Fetch error: http://publisher.weboolu.com/ => https://publisher.weboolu.com/: (6, 'Could not resolve host: publisher.weboolu.com')
+Fetch error: http://www.weboolu.com/ => https://www.weboolu.com/: (60, 'SSL certificate problem: self signed certificate')
+Fetch error: http://webooluinc.com/ => https://webooluinc.com/: (6, 'Could not resolve host: webooluinc.com')
+Fetch error: http://www.webooluinc.com/ => https://www.webooluinc.com/: (6, 'Could not resolve host: www.webooluinc.com')
+
+-->
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://weboolu.com/ => https://weboolu.com/: (7, 'Failed to connect to weboolu.com port 443: Connection refused')
+
 	Nonfunctional domains:
 
 		- developer.weboolu.com
 
 -->
-<ruleset name="Weboolu (partial)">
+<ruleset name="Weboolu (partial)" default_off="failed ruleset test">
 
 	<target host="weboolu.com" />
-	<target host="*.weboolu.com" />
+	<target host="publisher.weboolu.com" />
+	<target host="www.weboolu.com" />
 	<target host="webooluinc.com" />
-	<target host="*.webooluinc.com" />
+	<target host="www.webooluinc.com" />
 
 
 	<securecookie host="^(?:w*\.)?weboolu(?:inc)?\.com$" name=".+" />
 
 
-	<rule from="^http://(publisher\.|www\.)?weboolu\.com/"
-		to="https://$1weboolu.com/" />
-
-	<rule from="^http://(www\.)?webooluinc\.com/"
-		to="https://$1webooluinc.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Weborama.xml b/src/chrome/content/rules/Weborama.xml
index 7643b2139b61..0968f85877d8 100644
--- a/src/chrome/content/rules/Weborama.xml
+++ b/src/chrome/content/rules/Weborama.xml
@@ -1,33 +1,47 @@
-<!--	gs1.wpc.edgecastcdn.net/001F34/
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ssl.weborama.fr/ => https://ssl.weborama.fr/: (7, 'Failed to connect to ssl.weborama.fr port 443: Connection refused')
+Fetch error: http://static.weborama.fr/ => https://ssl.weborama.fr/: (7, 'Failed to connect to ssl.weborama.fr port 443: Connection refused')
+	gs1.wpc.edgecastcdn.net/001F34/
 
 	cstatic.weborama.fr/transp.gif	=	ssl.weborama.fr/images/transp.gif
 
 	(www.)weborama.fr doesn't work
 -->
-<ruleset name="Weborama (partial)">
+<ruleset name="Weborama.fr (partial)" default_off="failed ruleset test">
 
-	<target host="*.weborama.fr"/>
+	<!--	Direct rewrites:
+				-->
+	<target host="cstatic.weborama.fr"/>
 	<target host="*.solution.weborama.fr"/>
-	<!--	for cross-domain cookies	-->
-	<target host="*.sfr.solution.weborama.fr"/>
-	<target host="*.webo.solution.weborama.fr"/>
+	<target host="ssl.weborama.fr"/>
+
+	<!--	Complications:
+				-->
+	<target host="astatic.weborama.fr"/>
+	<target host="elstatic.weborama.fr"/>
+	<target host="perf.weborama.fr"/>
+	<target host="static.weborama.fr"/>
+
+		<test url="http://cstatic.weborama.fr/iframe/customers/premium.html" />
+		<test url="http://cstatic.weborama.fr/iframe/customers/premium.html?idEditeur=" />
+
+
+	<securecookie host="^\.\w+\.solution\.weborama\.fr$" name=".+" />
 
-	<securecookie host="^\.\w+\.solution\.weborama\.fr$" name=".*"/>
 
 	<!--	mismatch (EdgeCast)	-->
 	<rule from="^http://(?:a|el)static\.weborama\.fr/"
 		to="https://gs1.wpc.edgecastcdn.net/001F34/"/>
 
-	<rule from="^http://cstatic\.weborama\.fr/"
-		to="https://cstatic.weborama.fr/"/>
-
 	<rule from="^http://perf\.weborama\.fr/"
 		to="https://webo.solution.weborama.fr/"/>
 
-	<rule from="^http://(\w+)\.solution\.weborama\.fr/"
-		to="https://$1.solution.weborama.fr/"/>
-
-	<rule from="^http://s(?:sl|tatic)\.weborama\.fr/"
+	<rule from="^http://static\.weborama\.fr/"
 		to="https://ssl.weborama.fr/"/>
 
+	<rule from="^http://(cstatic|\w+\.solution|ssl)\.weborama\.fr/"
+		to="https://$1.weborama.fr/"/>
+
 </ruleset>
diff --git a/src/chrome/content/rules/Webpay.cl.xml b/src/chrome/content/rules/Webpay.cl.xml
new file mode 100644
index 000000000000..fbc44ca30240
--- /dev/null
+++ b/src/chrome/content/rules/Webpay.cl.xml
@@ -0,0 +1,43 @@
+<!--
+	Problematic hosts in *webpay.cl:
+
+		- certificacion ᵉ
+		- transbank ⁴
+
+	ᵉ Expired
+	⁴ Configured for RC4 only
+
+
+	^webpay.cl: Dropped over http & https
+
+
+	These altnames don't exist:
+
+		- webpay3g.transbank.cl
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.webpay.cl
+
+-->
+<ruleset name="Webpay.cl (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<!--target host="certificacion.webpay.cl" /-->
+	<!--target host="transbank.webpay.cl" /-->
+	<target host="www.webpay.cl" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.webpay\.cl$" name="^(?:BIGipServer|JSESSIONID$)" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Webroot.com.xml b/src/chrome/content/rules/Webroot.com.xml
new file mode 100644
index 000000000000..9b044a4cff6d
--- /dev/null
+++ b/src/chrome/content/rules/Webroot.com.xml
@@ -0,0 +1,34 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://webroot.com/ => https://webroot.com/: (28, 'Resolving timed out after 10519 milliseconds')
+
+	Mixed content:
+
+		- Images on community from $self *
+
+	* Secured by us
+
+
+	www: some pages redirect to http
+
+-->
+<ruleset name="Webroot.com (partial)">
+
+	<target host="webroot.com" />
+	<target host="blog.webroot.com" />
+	<target host="community.webroot.com" />
+	<target host="www.webroot.com" />
+		<exclusion pattern="^http://www\.webroot\.com/(?!favicon\.ico|shared/)" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^community\.webroot\.com$" name="^(LiSESSIONID|LithiumVisitor)$" /-->
+
+	<securecookie host="^community\.webroot\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Webropolsurveys.com.xml b/src/chrome/content/rules/Webropolsurveys.com.xml
index 68f7acb57f3e..3d61e53130a7 100644
--- a/src/chrome/content/rules/Webropolsurveys.com.xml
+++ b/src/chrome/content/rules/Webropolsurveys.com.xml
@@ -2,5 +2,5 @@
   <target host="webropolsurveys.com" />
   <target host="www.webropolsurveys.com" />
 
-  <rule from="^http://(www\.)?webropolsurveys\.com/" to="https://www.webropolsurveys.com/" />
+  <rule from="^http://(?:www\.)?webropolsurveys\.com/" to="https://www.webropolsurveys.com/" />
 </ruleset>
diff --git a/src/chrome/content/rules/WebrtcHacks.com.xml b/src/chrome/content/rules/WebrtcHacks.com.xml
new file mode 100644
index 000000000000..209a6f753d50
--- /dev/null
+++ b/src/chrome/content/rules/WebrtcHacks.com.xml
@@ -0,0 +1,29 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.webrtchacks.com/ => https://www.webrtchacks.com/: Too many redirects while fetching 'https://www.webrtchacks.com/'
+
+	Insecure cookies are set for these domains:
+
+		- .webrtchacks.com
+
+-->
+<ruleset name="webrtcHacks.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="webrtchacks.com" />
+	<target host="www.webrtchacks.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.webrtchacks\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.webrtchacks\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Webs.com.xml b/src/chrome/content/rules/Webs.com.xml
new file mode 100644
index 000000000000..60109d963180
--- /dev/null
+++ b/src/chrome/content/rules/Webs.com.xml
@@ -0,0 +1,19 @@
+<!--
+	Other Webs.com related rulesets:
+		+ Websimages.com.xml
+
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- stats.webs.com
+-->
+<ruleset name="Webs.com (partial)">
+	<target host="webs.com" />
+	<target host="www.webs.com" />
+	<target host="blogs.webs.com" />
+	<target host="images.webs.com" />
+	<target host="members.webs.com" />
+	<target host="premium.members.webs.com" />
+	<target host="thumbs.webs.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Webs.xml b/src/chrome/content/rules/Webs.xml
deleted file mode 100644
index a88fd11185f1..000000000000
--- a/src/chrome/content/rules/Webs.xml
+++ /dev/null
@@ -1,69 +0,0 @@
-<!--
-	CDN buckets:
-
-		- static.webs.com.edgesuite.net
-
-			- a1129.g.akamai.net
-			- images.freewebs.com
-			- images.webs.com
-			- static.websimages.com
-
-		- www.webs.com.edgesuite.net
-
-
-	Nonfunctional domains:
-
-		- staticthumbs.freewebs.com *
-
-		- webs.com subdomains:
-
-			- ^ *
-			- blog		(refused)
-			- collector.stats *
-			- thumbs *
-			- www		("Webs is temporarily unavailable", akamai)
-			- \w+ *		(per-client subdomains)
-
-	* Dropped
-
-
-	Problematic domains:
-
-		- images.freewebs.com *
-		- images.webs.com *
-		- static.websimages.com *
-
-	* Works, akamai
-
-
-	Fully covered domains:
-
-		- images.freewebs.com *
-
-		- webs.com subdomains:
-
-			- images *
-			- members
-
-		- static.websimages.com *
-
-	* → akamai
-
--->
-<ruleset name="Webs (partial)">
-
-	<target host="images.freewebs.com" />
-	<target host="*.webs.com"/>
-	<target host="static.websimages.com" />
-
-
-	<securecookie host="^\.?members\.webm\.com$" name=".+" />
-
-
-	<rule from="^http://((?:es\.)?premium\.)?members\.webs\.com/"
-		to="https://$1members.webs.com/"/>
-
-	<rule from="^http://(images\.(?:free)?web|static\.websimage)s\.com/"
-		to="https://a248.e.akamai.net/f/1129/8333/3m/$1s.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Websec_Weekly.org.xml b/src/chrome/content/rules/Websec_Weekly.org.xml
new file mode 100644
index 000000000000..6afa256a62ad
--- /dev/null
+++ b/src/chrome/content/rules/Websec_Weekly.org.xml
@@ -0,0 +1,45 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://websecweekly.org/ => https://websecweekly.org/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://www.websecweekly.org/ => https://www.websecweekly.org/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+
+	NB: Tor users cannot view* this website due to CloudFlare settings.
+
+	See:
+
+		- https://blog.torproject.org/blog/call-arms-helping-internet-services-accept-anonymous-users
+		- https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block-Tor-
+		- https://support.cloudflare.com/hc/en-us/articles/200170206-How-do-I-turn-I-m-Under-Attack-mode-on-
+
+	* without enabling javascript, for security and privacy implications see e.g.:
+
+		- https://www.mozilla.org/security/known-vulnerabilities/firefox.html
+		- https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-fingerprinting
+		- https://panopticlick.eff.org
+
+
+	Insecure cookies are set for these domains:
+
+		- .websecweekly.org
+
+-->
+<ruleset name="Websec Weekly.org" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="websecweekly.org" />
+	<target host="www.websecweekly.org" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.websecweekly\.org$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.websecweekly\.org$" name="^(?:__cfduid|cf_clearance)$" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Websecurify.com.xml b/src/chrome/content/rules/Websecurify.com.xml
new file mode 100644
index 000000000000..1c6d55215c94
--- /dev/null
+++ b/src/chrome/content/rules/Websecurify.com.xml
@@ -0,0 +1,28 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://learn.websecurify.com/ => https://learn.websecurify.com/: (6, 'Could not resolve host: learn.websecurify.com')
+Fetch error: http://suite.websecurify.com/ => https://suite.websecurify.com/: (6, 'Could not resolve host: suite.websecurify.com')
+
+-->
+<ruleset name="Websecurify.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="websecurify.com" />
+	<target host="learn.websecurify.com" />
+	<target host="suite.websecurify.com" />
+	<target host="www.websecurify.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^suite\.websecurify\.com$" name="^sid$" /-->
+
+	<securecookie host="^(?:suite)?\.websecurify\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Webshopapp.com.xml b/src/chrome/content/rules/Webshopapp.com.xml
new file mode 100644
index 000000000000..375953576704
--- /dev/null
+++ b/src/chrome/content/rules/Webshopapp.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="Webshopapp.com">
+
+	<target host="webshopapp.com" />
+	<target host="*.webshopapp.com" />
+
+
+	<rule from="^http://([\w-]+\.)?webshopapp\.com/"
+		to="https://$1webshopapp.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Websimages.com.xml b/src/chrome/content/rules/Websimages.com.xml
new file mode 100644
index 000000000000..2d2fb4105299
--- /dev/null
+++ b/src/chrome/content/rules/Websimages.com.xml
@@ -0,0 +1,10 @@
+<!--
+	For other Webs.com related rulesets, see Webs.com.xml
+-->
+<ruleset name="Websimages.com (partial)">
+	<target host="websimages.com" />
+	<target host="www.websimages.com" />
+	<target host="secure.websimages.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Website-start.de.xml b/src/chrome/content/rules/Website-start.de.xml
new file mode 100644
index 000000000000..a8e281ac92ce
--- /dev/null
+++ b/src/chrome/content/rules/Website-start.de.xml
@@ -0,0 +1,28 @@
+<!--
+	For other United Internet coverage, see United-Internet.xml.
+
+
+	(www.)? doesn't exist
+
+
+	Insecure cookies are set for these domains:
+
+		- cms01
+
+-->
+<ruleset name="website-start.de">
+
+	<target host="cdn.website-start.de" />
+	<target host="cms01.website-start.de" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^cms01\.website-start\.de$" name="^DIY_SB$" /-->
+
+	<securecookie host="^cms01\.website-start\.de$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/WebsiteAlive.xml b/src/chrome/content/rules/WebsiteAlive.xml
index 9ed65b26c83a..de8958c1e3e0 100644
--- a/src/chrome/content/rules/WebsiteAlive.xml
+++ b/src/chrome/content/rules/WebsiteAlive.xml
@@ -1,7 +1,14 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://monitoring.websitealive.com/ => https://monitoring.websitealive.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://team.websitealive.com/ => https://team.websitealive.com/: (28, 'Connection timed out after 20001 milliseconds')
+
 	Nonfunctional domains:
 
-		- buzz.websitealive.com		(http reply)
+		- buzz.websitealive.com *
+
+	* Shows default page
 
 
 	Problematic domains:
@@ -11,93 +18,75 @@
 
 	* Works; mismatched, CN: secure.websitealive.com
 
-
-	Fully covered domains:
-
-		- websitealive.com subdomains:
-
-			- (www.)
-			- a[0-5]
-			- api-stage
-			- api-v1
-			- api-v1-stage
-			- cn1
-			- floorforce
-			- go
-			- godzilla
-			- mmos
-			- monitoring
-			- orrick
-			- pcm
-			- pcmall
-			- team
-			- todaysdigitalsolutions
-			- tracking
-			- tracking-stage
-			- www-stage
-
-		- (www.)websitealive[0-9].com	(^ → www)
-		- (www.)websitealive10.com	(^ → www)
-
-
-	Observed cookie domains:
-
-		- *.websitesalive.com:
-
-			- ^
-			- .
-			- a[0-5]
-			- go
-			- images
-			- mmos
-			- cm
-			- pcmall
-			- secure
-			- tracking
-			- tracking-stage
-			- www
-			- .www
-			- www-stage
-			- .www-stage
-
-		- www.websitealive\d+.com
-
 -->
-<ruleset name="WebsiteAlive (partial)">
-
+<ruleset name="WebsiteAlive (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="a0.websitealive.com" />
+	<target host="a1.websitealive.com" />
+	<target host="a2.websitealive.com" />
+	<target host="a3.websitealive.com" />
+	<target host="a4.websitealive.com" />
+	<target host="a5.websitealive.com" />
+	<target host="api-stage.websitealive.com" />
+	<target host="api-v1-stage.websitealive.com" />
+	<target host="api-v1.websitealive.com" />
+	<target host="c1.websitealive.com" />
+	<target host="cn1.websitealive.com" />
+	<target host="floorforce.websitealive.com" />
+	<target host="go.websitealive.com" />
+	<target host="godzilla.websitealive.com" />
+	<target host="images.websitealive.com" />
+	<target host="mmos.websitealive.com" />
+	<target host="monitoring.websitealive.com" />
+	<target host="orrick.websitealive.com" />
+	<target host="pcm.websitealive.com" />
+	<target host="pcmall.websitealive.com" />
+	<target host="secure.websitealive.com" />
+	<target host="team.websitealive.com" />
+	<target host="todaysdigitalsolutions.websitealive.com" />
+	<target host="tracking-stage.websitealive.com" />
+	<target host="tracking.websitealive.com" />
 	<target host="websitealive.com" />
-	<target host="*.websitealive.com" />
-		<!--exclusion pattern="^http://buzz\.websitealive\.com/" /-->
-	<target host="websitealive1.com" />
+	<target host="www-stage.websitealive.com" />
+	<target host="www.websitealive.com" />
+
 	<target host="www.websitealive1.com" />
-	<target host="websitealive2.com" />
+	<target host="www.websitealive10.com" />
 	<target host="www.websitealive2.com" />
-	<target host="websitealive3.com" />
 	<target host="www.websitealive3.com" />
-	<target host="websitealive4.com" />
 	<target host="www.websitealive4.com" />
-	<target host="websitealive5.com" />
 	<target host="www.websitealive5.com" />
-	<target host="websitealive6.com" />
 	<target host="www.websitealive6.com" />
-	<target host="websitealive7.com" />
 	<target host="www.websitealive7.com" />
-	<target host="websitealive8.com" />
 	<target host="www.websitealive8.com" />
-	<target host="websitealive9.com" />
 	<target host="www.websitealive9.com" />
+
+	<!--	Complications:
+				-->
+	<target host="websitealive1.com" />
 	<target host="websitealive10.com" />
-	<target host="www.websitealive10.com" />
+	<target host="websitealive2.com" />
+	<target host="websitealive3.com" />
+	<target host="websitealive4.com" />
+	<target host="websitealive5.com" />
+	<target host="websitealive6.com" />
+	<target host="websitealive7.com" />
+	<target host="websitealive8.com" />
+	<target host="websitealive9.com" />
 
+		<test url="http://c1.websitealive.com/3762/visitor/image/?code_id=3089" />
+		<test url="http://images.websitealive.com/images/hosted/upload/69206.png" />
 
-	<securecookie host="^(?:.*\.)?websitealive\.com$" name=".+" />
-	<securecookie host="^www\.websitealive\d+\.com$" name=".+" />
 
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://((?:a\d|api|api-(?:v1-)?stage|api-v1|cn1|floorforce|go|godzilla|images|mmos|monitoring|orrick|pcm|pcmall|secure|team|todaysdigitalsolutions|(?:tracking|www)(?:-stage)?)\.)?websitealive\.com/"
-		to="https://$1websitealive.com/" />
 
-	<rule from="^http://(?:www\.)?websitealive(\d+)\.com/"
+	<rule from="^http://websitealive(\d+)\.com/"
 		to="https://www.websitealive$1.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/WebsiteGrowers.com.xml b/src/chrome/content/rules/WebsiteGrowers.com.xml
index 7796cb6eb923..1d2492ba9736 100644
--- a/src/chrome/content/rules/WebsiteGrowers.com.xml
+++ b/src/chrome/content/rules/WebsiteGrowers.com.xml
@@ -1,13 +1,12 @@
 <ruleset name="WebsiteGrowers.com">
 
 	<target host="websitegrowers.com" />
-	<target host="*.websitegrowers.com" />
+	<target host="www.websitegrowers.com" />
 
 
 	<securecookie host="^(?:www)?\.websitegrowers\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?websitegrowers\.com/"
-		to="https://$1websitegrowers.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/WebsiteSEOChecker.com.xml b/src/chrome/content/rules/WebsiteSEOChecker.com.xml
new file mode 100644
index 000000000000..5febe0fdf78a
--- /dev/null
+++ b/src/chrome/content/rules/WebsiteSEOChecker.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="WebsiteSEOChecker.com">
+	<target host="websiteseochecker.com" />
+	<target host="www.websiteseochecker.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Website_Pipeline.xml b/src/chrome/content/rules/Website_Pipeline.xml
index e39a9b98305f..c2ccdc086971 100644
--- a/src/chrome/content/rules/Website_Pipeline.xml
+++ b/src/chrome/content/rules/Website_Pipeline.xml
@@ -1,11 +1,15 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://gweb03.webstorepackage.com/ => https://gweb03.webstorepackage.com/: (35, 'Unknown SSL protocol error in connection to gweb03.webstorepackage.com:443 ')
+
 	 domains:
 
 		- (www.)websitepipeline.com	(shows gweb03; mismatched, CN: gweb03.webstorepackage.com)
 		- (www.)webstorepackage.com	(redirects to www.websitepipeline.com; expired 2013-03-09, mismatched, CN: www.ebiz4idiots.com)
 
 -->
-<ruleset name="Website Pipeline (partial)">
+<ruleset name="Website Pipeline (partial)" default_off="failed ruleset test">
 
 	<target host="extranet.websitepipeline.com" />
 	<target host="gweb03.webstorepackage.com" />
@@ -15,10 +19,6 @@
 	<securecookie host="^gweb03\.webstorepackage\.com$" name=".+" />
 
 
-	<rule from="^http://extranet\.websitepipeline\.com/"
-		to="https://extranet.websitepipeline.com/" />
-
-	<rule from="^http://gweb03\.webstorepackage\.com/"
-		to="https://gweb03.webstorepackage.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Websitesettings.com.xml b/src/chrome/content/rules/Websitesettings.com.xml
index 8f40ffc831e1..b8ae910b1657 100644
--- a/src/chrome/content/rules/Websitesettings.com.xml
+++ b/src/chrome/content/rules/Websitesettings.com.xml
@@ -7,7 +7,6 @@
 	<securecookie host="^www\.websitesettings\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?websitesettings\.com/"
-		to="https://$1websitesettings.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Websmithing.com.xml b/src/chrome/content/rules/Websmithing.com.xml
new file mode 100644
index 000000000000..0f8a6d05b4b1
--- /dev/null
+++ b/src/chrome/content/rules/Websmithing.com.xml
@@ -0,0 +1,19 @@
+<ruleset name="websmithing.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="websmithing.com" />
+	<target host="www.websmithing.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?websmithing\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^(?:www\.)?websmithing\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Webspace4All.xml b/src/chrome/content/rules/Webspace4All.xml
index 00504244ee73..5e48619913a8 100644
--- a/src/chrome/content/rules/Webspace4All.xml
+++ b/src/chrome/content/rules/Webspace4All.xml
@@ -16,4 +16,4 @@
 	<rule from="^http://(?:www\.)?webspace4all\.eu/"
 		to="https://www.webspace4all.eu/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Webspace4Clans.de.xml b/src/chrome/content/rules/Webspace4Clans.de.xml
index bef5ac21fcaf..06bfd915c7c9 100644
--- a/src/chrome/content/rules/Webspace4Clans.de.xml
+++ b/src/chrome/content/rules/Webspace4Clans.de.xml
@@ -24,4 +24,4 @@
 	<rule from="^http://(?:www\.)?webspace4clans\.de/(?=components/|favicon\.ico|images/|index\.php\?option=com_aicontactsafe&amp;sTask=captcha&amp;task=captcha&amp;pf=1&amp;r_id=\d+&amp;lang=\w\w&amp;format=raw|index\.php/(?:domainparking|hosting|only-mail)(?:$|[?/]|\.html)|modules/|plugins/|templates/|ticketsystem(?:$|[?/]))"
 		to="https://webspace4clans.de/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Webstat.com.xml b/src/chrome/content/rules/Webstat.com.xml
index fcc48a256cbd..9cfced6ae104 100644
--- a/src/chrome/content/rules/Webstat.com.xml
+++ b/src/chrome/content/rules/Webstat.com.xml
@@ -12,7 +12,8 @@
 -->
 <ruleset name="webstat.com">
 
-	<target host="*.webstat.com" />
+	<target host="hv3.webstat.com" />
+	<target host="secure.webstat.com" />
 
 
 	<rule from="^http://(?:hv3|secure)\.webstat\.com/"
diff --git a/src/chrome/content/rules/Webstaurant_Store.xml b/src/chrome/content/rules/Webstaurant_Store.xml
index abef3438f7c8..f5ff009c2b90 100644
--- a/src/chrome/content/rules/Webstaurant_Store.xml
+++ b/src/chrome/content/rules/Webstaurant_Store.xml
@@ -1,15 +1,17 @@
 <!--
-	Some pages redirect to http.
-
--->
-<ruleset name="The Webstaurant Store (partial)">
+  Nonfunctional CDN references:
+    403
+    - cdnimg[1-3].webstaurantstore.com
+ -->
+<ruleset name="The Webstaurant Store">
 
 	<target host="webstaurantstore.com" />
 	<target host="www.webstaurantstore.com" />
-		<exclusion pattern="^http://(?:www\.)?webstaurantstore\.com/(favicon\.ico|myaccount\.html|template/)" />
-
+	<target host="cdn.webstaurantstore.com" />
+	<target host="cdnimg.webstaurantstore.com" />
+	<target host="chat.webstaurantstore.com" />
 
-	<rule from="^http://(cdn\.|cdnimg\.|www\.)?webstaurantstore\.com/"
-		to="https://$1webstaurantstore.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Websterwood.com.xml b/src/chrome/content/rules/Websterwood.com.xml
new file mode 100644
index 000000000000..dcbe2af22289
--- /dev/null
+++ b/src/chrome/content/rules/Websterwood.com.xml
@@ -0,0 +1,28 @@
+<!--
+	Invalid certificate:
+		websterwood.com
+		www.websterwood.com
+		consulting.websterwood.com
+		lists.websterwood.com
+		trac.websterwood.com
+
+	No working URL known:
+		arwen.websterwood.com
+		static.websterwood.com
+
+-->
+<ruleset name="websterwood.com">
+
+	<target host="websterwood.com" />
+	<target host="www.websterwood.com" />
+	<target host="blog.websterwood.com" />
+	<target host="debian.websterwood.com" />
+	<target host="dynamic.websterwood.com" />
+
+	<rule from="^http://(www\.)?websterwood\.com/+"
+		to="https://blog.websterwood.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Webstyle.ch.xml b/src/chrome/content/rules/Webstyle.ch.xml
new file mode 100644
index 000000000000..7f281bca24ac
--- /dev/null
+++ b/src/chrome/content/rules/Webstyle.ch.xml
@@ -0,0 +1,19 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://zimbra.webstyle.ch/ => https://zimbra.webstyle.ch/: (6, 'Could not resolve host: zimbra.webstyle.ch')
+
+-->
+<ruleset name="webstyle.ch" default_off="failed ruleset test">
+	<target host="webstyle.ch" />
+	<target host="www.webstyle.ch" />
+	<target host="webmail.webstyle.ch" />
+	<target host="zimbra.webstyle.ch" />
+
+	<!--	Server sets Secure for:
+					-->
+	<!--securecookie host="^webmail\.webstyle\.ch$" name=".+" /-->
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Websupport_sk_cz_at_hu.xml b/src/chrome/content/rules/Websupport_sk_cz_at_hu.xml
new file mode 100644
index 000000000000..e14dbf4aa9a6
--- /dev/null
+++ b/src/chrome/content/rules/Websupport_sk_cz_at_hu.xml
@@ -0,0 +1,60 @@
+<!--
+	Websupport
+	web hosting company
+
+	Other WebSupport rulesets:
+
+		- WebSupport.at.xml
+		- WebSupport.cz.xml
+		- Webonic.hu.xml
+
+
+	Insecure cookies are set for these hosts:
+
+		- admin.websupport.sk
+		- mail103.websupport.sk
+		- www.websupport.sk
+
+
+	Mixed content:
+
+		- css on www.websupport.sk from fonts.googleapis.com *
+		- Images on www.websupport.sk from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="WebSupport.sk">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="websupport.sk" />
+	<target host="admin.websupport.sk" />
+	<target host="blog.websupport.sk" />
+	<target host="mail.websupport.sk" />
+	<target host="mail-latest.websupport.sk" />
+	<target host="mail082.websupport.sk" />
+	<target host="mail103.websupport.sk" />
+	<target host="smail.websupport.sk" />
+	<target host="support.websupport.sk" />
+	<target host="webmail.websupport.sk" />
+	<target host="www.websupport.sk" />
+
+		<!--	Mixed content:
+					-->
+		<test url="http://www.websupport.sk/blog/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^admin\.websupport\.sk$" name="^(?:PHPSESSID|YII_CSRF_TOKEN|lang)$" /-->
+	<!--securecookie host="^mail103\.websupport\.sk$" name="^roundcube_sessid$" /-->
+	<!--securecookie host="^www\.websupport\.sk$" name="^(?:[\da-f]{32}|PHPSESSID|visitor_la_sid)$" /-->
+
+	<securecookie host=".\.websupport\.sk$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Webtask.io.xml b/src/chrome/content/rules/Webtask.io.xml
new file mode 100644
index 000000000000..62c9ec4a945d
--- /dev/null
+++ b/src/chrome/content/rules/Webtask.io.xml
@@ -0,0 +1,37 @@
+<!--
+	Problematic hosts in *webtask.io:
+
+		- chat *
+		- www *
+
+	* Mismatched
+
+
+	www.webtask.io is different from ^webtask.io
+
+
+	Insecure cookies are set for these domains:
+
+		- .webtask.io
+
+-->
+<ruleset name="webtask.io (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="webtask.io" />
+	<!--target host="cdn.webtask.io" /-->
+	<!--target host="www.webtask.io" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.webtask\.io$" name="^ARRAffinity$" /-->
+
+	<securecookie host="^\.webtask\.io$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Webtatic.com.xml b/src/chrome/content/rules/Webtatic.com.xml
new file mode 100644
index 000000000000..54bd80b16fa6
--- /dev/null
+++ b/src/chrome/content/rules/Webtatic.com.xml
@@ -0,0 +1,15 @@
+<ruleset name="Webtatic.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="webtatic.com" />
+	<target host="www.webtatic.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Webtimeclock.com.xml b/src/chrome/content/rules/Webtimeclock.com.xml
new file mode 100644
index 000000000000..1f2798fcfc24
--- /dev/null
+++ b/src/chrome/content/rules/Webtimeclock.com.xml
@@ -0,0 +1,15 @@
+<ruleset name="Webtimeclock.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="webtimeclock.com" />
+	<target host="www.webtimeclock.com" />
+
+
+	<securecookie host="^(?:w*\.)?webtimeclock\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Webtracker.jp.xml b/src/chrome/content/rules/Webtracker.jp.xml
index 9f0450d772be..249c9c35a0d4 100644
--- a/src/chrome/content/rules/Webtracker.jp.xml
+++ b/src/chrome/content/rules/Webtracker.jp.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://t.webtracker.jp/ => https://t.webtracker.jp/: (7, 'Failed to connect to t.webtracker.jp port 443: No route to host')
+
 	CDN buckets:
 
 		- spacyz.vo.llnwd.net
@@ -14,25 +18,33 @@
 
 	Fully covered subdomains:
 
-		- (www.)
 		- t
 		- a.t
 		- i.t	(→ a.t)
 
+
+	(www.)?: Dropped over http & https
+
 -->
-<ruleset name="Webtracker.jp">
+<ruleset name="Webtracker.jp" default_off="failed ruleset test">
 
-	<target host="webtracker.jp" />
-	<target host="*.webtracker.jp" />
+	<!--	Direct rewrites:
+				-->
+	<target host="t.webtracker.jp" />
+	<target host="a.t.webtracker.jp" />
 
+	<!--	Complications:
+				-->
+	<target host="i.t.webtracker.jp" />
 
-	<securecookie host="^www\.webtracker\.jp$" name=".+" />
 
+	<securecookie host="^www\.webtracker\.jp$" name=".+" />
 
-	<rule from="^http://(t\.|www\.)?webtracker\.jp/"
-		to="https://$1webtracker.jp/" />
 
-	<rule from="^http://[ai]\.t\.webtracker\.jp/"
+	<rule from="^http://i\.t\.webtracker\.jp/"
 		to="https://a.t.webtracker.jp/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/WebtraffIQ.com.xml b/src/chrome/content/rules/WebtraffIQ.com.xml
index 41df0a7f6980..0a9083661aec 100644
--- a/src/chrome/content/rules/WebtraffIQ.com.xml
+++ b/src/chrome/content/rules/WebtraffIQ.com.xml
@@ -21,7 +21,9 @@
 <ruleset name="WebtraffIQ.com (partial)">
 
 	<target host="webtraffiq.com" />
-	<target host="*.webtraffiq.com" />
+	<target host="secure.webtraffiq.com" />
+	<target host="dev.secure.webtraffiq.com" />
+	<target host="www.webtraffiq.com" />
 		<exclusion pattern="^http://(?:www\.)?webtraffiq\.com/(?!images/|styles/)" />
 
 
diff --git a/src/chrome/content/rules/Webtraffic.se.xml b/src/chrome/content/rules/Webtraffic.se.xml
index 91928f4b19e3..cdd4d7816ddc 100644
--- a/src/chrome/content/rules/Webtraffic.se.xml
+++ b/src/chrome/content/rules/Webtraffic.se.xml
@@ -1,12 +1,19 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://dyn.webtraffic.se/ => https://dyn.webtraffic.se/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
 	Nonfunctional subdomains:
 
 		 - (www.)	(403; mismatched, CN; dyn.webtraffic.se)
 
 -->
-<ruleset name="Webtraffic.se (partial)">
+<ruleset name="Webtraffic.se (partial)" default_off="failed ruleset test">
 
-	<target host="*.webtraffic.se" />
+	<!--	Direct rewrites:
+				-->
+	<target host="adsby.webtraffic.se" />
+	<target host="dyn.webtraffic.se" />
 
 
 	<!--	Set by adsby:
@@ -15,7 +22,7 @@
 	<securecookie host="^\.adsby\.webtraffic\.se$" name=".+" />
 
 
-	<rule from="^http://(adsby|dyn)\.webtraffic\.se/"
-		to="https://$1.webtraffic.se/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Webtranslateit.xml b/src/chrome/content/rules/Webtranslateit.xml
index 0a4400670aa6..bccc3e104940 100644
--- a/src/chrome/content/rules/Webtranslateit.xml
+++ b/src/chrome/content/rules/Webtranslateit.xml
@@ -1,6 +1,10 @@
+<!--
+	www: cert only matches ^webtranslateit.com
+
+-->
 <ruleset name="Webtranslateit">
   <target host="webtranslateit.com" />
   <target host="www.webtranslateit.com" />
 
-  <rule from="^http://(www\.)?webtranslateit\.com/" to="https://webtranslateit.com/" />
+  <rule from="^http://(?:www\.)?webtranslateit\.com/" to="https://webtranslateit.com/" />
 </ruleset>
diff --git a/src/chrome/content/rules/Webtraxs.com.xml b/src/chrome/content/rules/Webtraxs.com.xml
index 20a5bd73bd45..4a78d8d83292 100644
--- a/src/chrome/content/rules/Webtraxs.com.xml
+++ b/src/chrome/content/rules/Webtraxs.com.xml
@@ -1,12 +1,19 @@
 <!--
+	For other ThomasNet coverage, see ThomasNet.com.xml.
+
+
 	Nonfunctional subdomains:
 
-		- clients	(refused)
+		- clients *
+
+	* Prints name
 
 
 	Problematic subdomains:
 
-		- ^	(dropped)
+		- ^ *
+
+	* Refused
 
 
 	Web bugs.
@@ -24,4 +31,4 @@
 	<rule from="^http://(?:www\.)?webtraxs\.com/"
 		to="https://www.webtraxs.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Webtrekk.net.xml b/src/chrome/content/rules/Webtrekk.net.xml
index 65fa2107fb2a..383a504b84cb 100644
--- a/src/chrome/content/rules/Webtrekk.net.xml
+++ b/src/chrome/content/rules/Webtrekk.net.xml
@@ -1,6 +1,56 @@
-<!-- yet another 1px tracking host :-( -->
+<!--
+	Fully covered hosts in *webtrekk.net:
+
+		- q3
+		- report8
+		- www
+		- \w+ *
+
+	* Clients have unique subdomains, which serve web bugs.
+
+	Cert expired:
+		- rtx.wbtrk.net
+
+-->
 <ruleset name="Webtrekk.net">
-	<target host="gigaset01.webtrekk.net" />
-	<rule from="^http://gigaset01\.webtrekk\.net/" to="https://gigaset01.webtrekk.net/"/>
-</ruleset>
 
+	<target host="fbc.wcfbc.net" />
+	<target host="*.webtrekk.net" />
+	<target host="*.wt-eu02.net" />
+	<target host="responder.wt-safetag.com" />
+
+	<target host="advertiser.wbtrk.net" />
+	<target host="cdn.wbtrk.net" />
+	<target host="geid.wbtrk.net" />
+	<target host="macstatic.wbtrk.net" />
+	<target host="reco.wbtrk.net" />
+	<target host="rtx-de.wbtrk.net" />
+	<target host="um.wbtrk.net" />
+
+	<target host="www.webtrekk.com" />
+
+		<test url="http://gigaset01.webtrekk.net/" />
+		<test url="http://idealo01.webtrekk.net/" />
+		<test url="http://q3.webtrekk.net/" />
+		<test url="http://www.webtrekk.net/" />
+		<test url="http://grunerjahr01.wt-eu02.net/" />
+		<test url="http://flixbusweb01.wt-eu02.net/" />
+		<test url="http://fotoservicebenl01.wt-eu02.net/" />
+		<test url="http://fotoservicech01.wt-eu02.net/" />
+
+		<!--	Sets cookie without Secure:
+							-->
+		<test url="http://tiscaliadv01.webtrekk.net/1/wt.pl?p=," />
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(client_domain)\.webtrekk\.net$" name="(wt_nbg_Q3|wteid_\d+|wtsid_\d+)$" /-->
+	<!--securecookie host="www\.webtrekk\.net$" name="^wt_\w+_\w+$" /-->
+
+	<securecookie host=".\.webtrekk\.net$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Webtrekk.xml b/src/chrome/content/rules/Webtrekk.xml
deleted file mode 100644
index db4d463b14a0..000000000000
--- a/src/chrome/content/rules/Webtrekk.xml
+++ /dev/null
@@ -1,29 +0,0 @@
-<!--
-	Fully covered subdomains:
-
-		- ^
-		- report8
-		- www
-		- \w+ *
-
-	* Clients have unique subdomains, which serve web bugs.
-
--->
-<ruleset name="Webtrekk">
-
-	<target host="webtrekk.net" />
-	<target host="*.webtrekk.net" />
-
-
-	<securecookie host="^.*\.webtrekk\.net$" name=".+" />
-
-
-	<!--	Cert only matches *.webtrekk.net.
-							-->
-	<rule from="^https?://webtrekk\.net/"
-		to="https://www.webtrekk.net/" />
-
-	<rule from="^http://([\w\-]+)\.webtrekk\.net/"
-		to="https://$1.webtrekk.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Webtrends.com.xml b/src/chrome/content/rules/Webtrends.com.xml
index f1325e5cb521..9acfe47adf75 100644
--- a/src/chrome/content/rules/Webtrends.com.xml
+++ b/src/chrome/content/rules/Webtrends.com.xml
@@ -1,17 +1,23 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://autodiscover.webtrends.com/ => https://autodiscover.webtrends.com/: (7, 'Failed to connect to autodiscover.webtrends.com port 443: Connection refused')
+Fetch error: http://connect.webtrends.com/ => https://connect.webtrends.com/: Too many redirects while fetching 'https://connect.webtrends.com/'
+Fetch error: http://email.webtrends.com/ => https://email.webtrends.com/: (51, "SSL: no alternative certificate subject name matches target host name 'email.webtrends.com'")
+Fetch error: http://m.webtrends.com/ => https://m.webtrends.com/: (6, 'Could not resolve host: m.webtrends.com')
+
 	Tracking network, included on lots of sites. may carry banners.
 	If we are to download their content, at least do it by https.
 
 
 	Other Webtrends rulesets:
 
+		- Reinvigorate.net.xml
 		- Webtrendslive.com.xml
 
 
 	CDN buckets:
 
-		- denvua8xbp3vs.cloudfront.net
-
 		- optimize.webtrends.com.edgekey.net
 
 			- e2550.b.akamaiedge.net/.../
@@ -19,48 +25,118 @@
 
 	Nonfunctional webtrends.com subdomains:
 
-		- (www.)	(kind folks at Webtrends saw fit to break us [now redirects to http])
-		- blog		(shows CentOS Apache 2 test page, CN: pweb2.wt.redux)
-		- engage *
-		- forums	(redirects to http, mismatched, CN: *.getsatisfaction.com)
-		- go		(shows app-q.marketo.com, mismatched, CN: *.marketo.com)
-		- help
-		- kb		(reset, CN: webtrends.com)
-		- optimize	(503, cert valid; hosted on Akamai)
-		- portal	(redirects to http, mismatched, CN: slotmatching5.salesforce.com)
-		- releasenotes *
-		- sharepoint *
-
-	* Redirects to http, mismatched, CN: webtrends.com
+		- developer ¹
+		- go		(Marketo)
+		- kb		(Salesforce)
+		- optimize	(503)
 
+	¹ Dropped
 
-	Fully covered subdomains:
 
-		- ots.optimize
+	Problematic hosts in *webtrends.com:
 
--->
-<ruleset name="Webtrends (partial)" platform="mixedcontent">
+		- forums *
 
-	<target host="reinvigorate.net" />
-	<target host="*.reinvigorate.net" />
-	<target host="*.webtrends.com" />
+	* Untrusted root
 
 
-	<securecookie host="^.*\.webtrendslive\.com$" name=".+" />
-
-
-	<!--	data are also on track.
-						-->
-	<rule from="^http://include\.reinvigorate\.net/"
-		to="https://denvua8xbp3vs.cloudfront.net/" />
-
-	<rule from="^http://(report\.|track\.|www\.)?reinvigorate\.net/"
-		to="https://$1reinvigorate.net/" />
+	Fully covered subdomains:
 
-	<rule from="^http://(ads|analytics|s?auth|autodiscover|blackberry|(?:(?:apps\.)?uat\.)?connect|developer|email|generator|itservices|m|mobile|ondemand(?:ui)?|ots\.optimize|s|segments|social|tagbuilder)\.webtrends\.com/"
-		to="https://$1.webtrends.com/"/>
+		- (www.)?
+		- ads
+		- analytics
+		- autodiscover
+		- blog
+		- cdn
+		- connect
+		- email
+		- engage
+		- generator
+		- help
+		- itservices
+		- m
+		- mobile
+		- ondemand
+		- ondemandui
+		- ots.optimize
+		- portal
+		- producthelp
+		- s
+		- sauth
+		- segmentssocial
+		- sharepoint
+		- releasenotes
+		- tagbuilder
+
+
+	auth: Dropped over http & https
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .webtrends.com
+		- blog.webtrends.com
+		- cdn.webtrends.com
+		- engage.webtrends.com
+		- help.webtrends.com
+		- itservices.webtrends.com
+		- m.webtrends.com
+		- portal.webtrends.com
+		- producthelp.webtrends.com
+		- releasenotes.webtrends.com
+		- sharepoint.webtrends.com
+		- www.webtrends.com
+		- .www.webtrends.com
 
-	<rule from="^http://forums\.webtrends\.com/(assets/|favicon\.png)"
-		to="https://getsatisfaction.com/$1" />
+-->
+<ruleset name="Webtrends.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="webtrends.com" />
+	<target host="ads.webtrends.com" />
+	<target host="analytics.webtrends.com" />
+	<target host="autodiscover.webtrends.com" />
+	<target host="blog.webtrends.com" />
+	<target host="cdn.webtrends.com" />
+	<target host="connect.webtrends.com" />
+	<target host="email.webtrends.com" />
+	<target host="engage.webtrends.com" />
+	<!--target host="forums.webtrends.com" /-->
+	<target host="generator.webtrends.com" />
+	<target host="help.webtrends.com" />
+	<target host="itservices.webtrends.com" />
+	<target host="m.webtrends.com" />
+	<target host="mobile.webtrends.com" />
+	<target host="ondemand.webtrends.com" />
+	<target host="ondemandui.webtrends.com" />
+	<target host="ots.optimize.webtrends.com" />
+	<target host="producthelp.webtrends.com" />
+	<target host="releasenotes.webtrends.com" />
+	<target host="s.webtrends.com" />
+	<target host="sauth.webtrends.com" />
+	<target host="segments.webtrends.com" />
+	<target host="social.webtrends.com" />
+	<target host="sharepoint.webtrends.com" />
+	<target host="tagbuilder.webtrends.com" />
+	<target host="understanding.webtrends.com" />
+	<target host="www.webtrends.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.webtrends\.com$" name="^(incap_ses_\d+_\d+|visid_incap_\d+)$" /-->
+	<!--securecookie host="^(blog|cdn|engage|help|itservices|portal|producthelp|releasenotes|sharepoint|www)\.webtrends\.com$" name="^___utmv[abm][A-Za-z]+$" /-->
+	<!--securecookie host="^help\.webtrends\.com$" name="^help\.webtrends\.com$" /-->
+	<!--securecookie host="^m\.webtrends\.com$" name="^ACOOKIE$" /-->
+	<!--securecookie host="^www\.webtrends\.com$" name="^_icl_current_language$" /-->
+	<!--securecookie host="^\.www\.webtrends\.com$" name="^wt_session$" /-->
+
+	<securecookie host="^\.webtrends\.com$" name="^(?:incap_ses_\d+|visid_incap)_\d+$" />
+	<securecookie host="^(?:blog|cdn|engage|help|itservices|m|portal|producthelp|releasenotes|sharepoint|\.?www)\.webtrends\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Webtrendslive.com.xml b/src/chrome/content/rules/Webtrendslive.com.xml
index a9bcc71ce0cb..ac5912f61888 100644
--- a/src/chrome/content/rules/Webtrendslive.com.xml
+++ b/src/chrome/content/rules/Webtrendslive.com.xml
@@ -3,16 +3,27 @@
 
 	For other Webtrends coverage, see Webtrends.com.xml.
 
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- statse.webtrendslive.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
 -->
 <ruleset name="Webtrendslive.com">
 
-	<target host="*.webtrendslive.com" />
+	<target host="statse.webtrendslive.com" />
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^statse\.webtrendslive\.com$" name="^ACOOKIE$" /-->
 
-	<securecookie host=".*\.webtrendslive\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://statse\.webtrendslive\.com/"
-		to="https://statse.webtrendslive.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Webtru.st.xml b/src/chrome/content/rules/Webtru.st.xml
deleted file mode 100644
index 6f927316ea8b..000000000000
--- a/src/chrome/content/rules/Webtru.st.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="Webtru.st Keyserver">
-  <target host="pgp.webtru.st"/>
-  <target host="www.pgp.webtru.st"/>
-
-  <rule from="^http://(www\.)?pgp\.webtru\.st/" to="https://pgp.webtru.st/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/Webyog.com.xml b/src/chrome/content/rules/Webyog.com.xml
new file mode 100644
index 000000000000..a55c39ccc54b
--- /dev/null
+++ b/src/chrome/content/rules/Webyog.com.xml
@@ -0,0 +1,19 @@
+<!--
+	Nonfunctional subdomains:
+		- forums	¹
+		- blog		¹
+		- faq		¹
+		- sqlyogkb	(hostname mismatch, CN: *.helpscoutdocs.com, helpscoutdocs.com)
+
+	¹ redirects to http
+-->
+<ruleset name="Webyog.com">
+	<target host=       "webyog.com" />
+	<target host=   "www.webyog.com" />
+	<target host="static.webyog.com" />
+
+  	<securecookie host="^www\.webyog\.com$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/WeeChat.org.xml b/src/chrome/content/rules/WeeChat.org.xml
new file mode 100644
index 000000000000..9f0ba179aed7
--- /dev/null
+++ b/src/chrome/content/rules/WeeChat.org.xml
@@ -0,0 +1,10 @@
+<ruleset name="WeeChat.org">
+
+	<target host="weechat.org" />
+	<target host="www.weechat.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Weebly-mixed.xml b/src/chrome/content/rules/Weebly-mixed.xml
deleted file mode 100644
index 1b8688db793e..000000000000
--- a/src/chrome/content/rules/Weebly-mixed.xml
+++ /dev/null
@@ -1,35 +0,0 @@
-<!--
-	For rules that don't cause mixed content, see Weebly.xml
-
-
-	Mixed css & images from *.editmysite.com
-
--->
-<ruleset name="Weebly (mixed content)" platform="mixedcontent">
-
-	<target host="*.editmysite.com" />
-		<!--
-			Handled in Weebly.xml:
-						-->
-		<exclusion pattern="^https://cdn\d\.editmysite\.com/(?:editor/(?:font|image|librarie)s/|images/(?:404background\.jpg|404_textbox\.png))" />
-	<target host="weebly.com" />
-	<target host="www.weebly.com" />
-		<!--
-			Started redirecting to http:
-							-->
-		<exclusion pattern="^http://(?:www\.)?weebly\.com/(?:$|\?)" />
-		<!--
-			Handled in Weebly.xml:
-						-->
-		<exclusion pattern="^http://(?:www\.)?weebly\.com/images/" />
-
-
-	<rule from="^http://(www\.)?weebly\.com/"
-		to="https://$1weebly.com/" />
-
-	<!--	Pointed to from weebly.com:
-						-->
-	<rule from="^https://cdn(1|2)\.editmysite\.com/"
-		to="http://cdn$1.editmysite.com/" downgrade="1" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Weebly.xml b/src/chrome/content/rules/Weebly.xml
index 8474c21d37c9..61517964c406 100644
--- a/src/chrome/content/rules/Weebly.xml
+++ b/src/chrome/content/rules/Weebly.xml
@@ -1,59 +1,47 @@
 <!--
-	For rules that cause mixed content, see Weebly-mixed.xml.
+	Other Weebly rulesets:
 
+		- Editmysite.com.xml
 
-	CDN buckets:
 
-		- cdn1.editmysite.com.cdngc.net
-		- cdn2.editmysite.com.cdngc.net
+	CDN buckets:
 
 		- cdn1.weebly.com.cdngc.net
 
 			- static-cdn.weebly.com
 
+	Redirect to http:
+		partnerblog.weebly.com
+		partnerwith.weebly.com
 
-	Nonfunctional domains:
-
-		- editmysite.com subdomains:
-
-			- (www.) *
-			- cdn[12]	(403; mismatched, CN: ssl2.cdngc.net)
-			- preview *
-			- static *
-
-		- weebly.com subdomains:
-
-			- affiliate *
-			- affiliates *
-			- blog *
-			- help *
-			- kb *
-			- partnerblog *
-			- partnerwith *
-			- static-cdn	(403; mismatched, CN: *.pantherssl.com)
-			- support *
-
-	* Times out
-
-
-	Problematic domains:
+	Connection reset:
+		static-cdn.weebly.com
 
-		- (www.)weebly.com	(mixed css & images from *.editmysite.com)
-
-
-	Fully covered subdomains:
-
-		- teffect
+	Customer subdomains redirect to http.
 
 -->
-<ruleset name="Weebly (partial)">
+<ruleset name="Weebly.com (partial)">
 
-	<target host="cdn1.editmysite.com" />
-	<target host="cdn2.editmysite.com" />
 	<target host="weebly.com" />
-	<target host="*.weebly.com" />
-		<exclusion pattern="^http://(?:www\.)?weebly\.com/(?!editor/(?:app|font|image|librarie)s|images/)" />
+	<target host="www.weebly.com" />
+	<target host="affiliate.weebly.com" />
+	<target host="affiliates.weebly.com" />
+	<target host="blog.weebly.com" />
+	<target host="help.weebly.com" />
+	<target host="hc.weebly.com" />
+	<target host="mobileapi.weebly.com" />
+	<target host="secure.weebly.com" />
+	<target host="support.weebly.com" />
 
+	<!--
+		Customer subdomains redirect to http:
+
+	<target host="*.weebly.com" />
+		<test url="http://teffect.weebly.com/" />
+		<test url="http://xinfos.weebly.com/" />
+		<test url="http://universalstarters.weebly.com/" />
+		<test url="http://toddtaylor.weebly.com/" />
+	-->
 
 	<!--	Set by editor/apps/showCommentForm-v2.php
 								-->
@@ -63,11 +51,7 @@
 								-->
 	<securecookie host="^www\.weebly\.com$" name="^wt-\w{6}$" />
 
+	<rule from="^http:"
+		to="https:" />
 
-	<rule from="^https?://cdn\d\.editmysite\.com/(editor/(?:font|image|librarie)s/|images/(?:404background\.jpg|404_textbox\.png))"
-		to="https://www.weebly.com/$1" />
-
-	<rule from="^http://((?:mobileapi|secure|teffect|www)\.)?weebly\.com/"
-		to="https://$1weebly.com/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/WeedTraQR.com.xml b/src/chrome/content/rules/WeedTraQR.com.xml
new file mode 100644
index 000000000000..5b31696d5f2b
--- /dev/null
+++ b/src/chrome/content/rules/WeedTraQR.com.xml
@@ -0,0 +1,48 @@
+<!--
+	For other Edoceo coverage, see Edoceo.com.xml.
+
+
+	www.weedtraqr.com: Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- weedtraqr.com
+
+
+	Mixed content:
+
+		- css from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="WeedTraQR.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="weedtraqr.com" />
+
+	<!--	Complications:
+				-->
+	<target host="www.weedtraqr.com" />
+
+		<!--	Sets cookie without Secure:
+							-->
+		<test url="http://weedtraqr.com/auth/sign-in" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^weedtraqr\.com$" name="^wtqr$" /-->
+
+	<securecookie host="^weedtraqr\.com$" name=".+" />
+
+
+	<rule from="^http://www\.weedtraqr\.com/"
+		to="https://weedtraqr.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Week_Plan.xml b/src/chrome/content/rules/Week_Plan.xml
index b124e23c7d37..29378c5dedee 100644
--- a/src/chrome/content/rules/Week_Plan.xml
+++ b/src/chrome/content/rules/Week_Plan.xml
@@ -1,13 +1,20 @@
-<ruleset name="Week Plan">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://weekplan.net/ => https://weekplan.net/: Too many redirects while fetching 'https://weekplan.net/'
+Fetch error: http://www.weekplan.net/ => https://www.weekplan.net/: Too many redirects while fetching 'https://www.weekplan.net/'
+
+-->
+<ruleset name="Week Plan" default_off="failed ruleset test">
 
 	<target host="weekplan.net" />
-	<target host="*.weekplan.net" />
+	<target host="app.weekplan.net" />
+	<target host="www.weekplan.net" />
 
 
 	<securecookie host="^\.weekplan\.net$" name=".+" />
 
 
-	<rule from="^http://(app\.|www\.)?weekplan\.net/"
-		to="https://$1weekplan.net/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Weekend_Edition.xml b/src/chrome/content/rules/Weekend_Edition.xml
index dda25e37ce6c..70a747c341c1 100644
--- a/src/chrome/content/rules/Weekend_Edition.xml
+++ b/src/chrome/content/rules/Weekend_Edition.xml
@@ -1,16 +1,33 @@
-<!--
-	Problematic subdomains:
-
-		- (www.)	(mismatched, CN: secure1.ingenuity.net.au)
-
--->
-<ruleset name="The Weekend Edition">
+<ruleset name="The Weekend Edition.com.au (partial)">
 
 	<target host="theweekendedition.com.au" />
 	<target host="www.theweekendedition.com.au" />
 
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://theweekendedition\.com\.au/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://theweekendedition\.com\.au/+(?!favicon\.ico|subscribe(?:$|[?/])|wp-content/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://theweekendedition.com.au/about/" />
+			<test url="http://theweekendedition.com.au/captured" />
+			<test url="http://theweekendedition.com.au/destination/category/local-travel/" />
+			<test url="http://theweekendedition.com.au/food-drink/category/food-news" />
+			<test url="http://theweekendedition.com.au/gold-coast" />
+			<test url="http://theweekendedition.com.au/stumble-guide" />
+
+			<!--	-ve:
+					-->
+			<test url="http://theweekendedition.com.au/favicon.ico" />
+			<test url="http://theweekendedition.com.au/subscribe/" />
+			<test url="http://theweekendedition.com.au/wp-content/themes/theweekendedition-v2/images/logo.png" />
+
 
-	<rule from="^http://(?:www\.)?theweekendedition\.com\.au/"
-		to="https://twe.wpengine.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/WeeklyPlus.xml b/src/chrome/content/rules/WeeklyPlus.xml
index e1c1ff953cc1..a0853fcd3071 100644
--- a/src/chrome/content/rules/WeeklyPlus.xml
+++ b/src/chrome/content/rules/WeeklyPlus.xml
@@ -1,19 +1,19 @@
 <!--
-	Some pages redirect to http.
+	(www.)?: Dropped
 
 -->
-<ruleset name="WeeklyPlus (partial)">
+<ruleset name="WeeklyPlus.com (partial)" default_off="refused">
 
 	<target host="weeklyplus.com" />
 	<target host="www.weeklyplus.com" />
 
 
-	<rule from="^http://(www\.)?weeklyplus\.com/(\w+/membership/|cdn-cgi/|members/|themes/)"
-		to="https://$1weeklyplus.com/$2" />
-
 	<!--	Sans-slash, redirects to http:
 						-->
-	<rule from="^http://(www\.)?weeklyplus\.com/(\w+/membership|members)(\?.*)?$"
-		to="https://$1weeklyplus.com/$1/$3" />
+	<rule from="^http://(www\.)?weeklyplus\.com/(\w+/membership|members)(?=$|\?)"
+		to="https://$1weeklyplus.com/$2/" />
+
+	<rule from="^http://(www\.)?weeklyplus\.com/(?=\w+/membership/|cdn-cgi/|members/|themes/)"
+		to="https://$1weeklyplus.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Weeklyosm.eu.xml b/src/chrome/content/rules/Weeklyosm.eu.xml
new file mode 100644
index 000000000000..2bf93500df07
--- /dev/null
+++ b/src/chrome/content/rules/Weeklyosm.eu.xml
@@ -0,0 +1,7 @@
+<ruleset name="Weeklyosm.eu">
+	<target host="weeklyosm.eu" />
+	<target host="www.weeklyosm.eu" />
+	<target host="beta.weeklyosm.eu" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Wegenwiki.nl.xml b/src/chrome/content/rules/Wegenwiki.nl.xml
new file mode 100644
index 000000000000..3b75a333a3ca
--- /dev/null
+++ b/src/chrome/content/rules/Wegenwiki.nl.xml
@@ -0,0 +1,10 @@
+<ruleset name="Wegenwiki.nl">
+
+	<target host="wegenwiki.nl" />
+	<target host="www.wegenwiki.nl" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Wego_Health.com-problematic.xml b/src/chrome/content/rules/Wego_Health.com-problematic.xml
new file mode 100644
index 000000000000..9c039fd86d8a
--- /dev/null
+++ b/src/chrome/content/rules/Wego_Health.com-problematic.xml
@@ -0,0 +1,12 @@
+<!--
+	For rules that are on by default, see Wego_Health.com.xml.
+
+-->
+<ruleset name="Wego Health.com (mismatched)" default_off="mismatched">
+
+	<target host="blog.wegohealth.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Wego_Health.com.xml b/src/chrome/content/rules/Wego_Health.com.xml
new file mode 100644
index 000000000000..b3450803e4b4
--- /dev/null
+++ b/src/chrome/content/rules/Wego_Health.com.xml
@@ -0,0 +1,92 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://wegohealth.com/ => https://wegohealth.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	For problematic rules, see Wego_Health.com-problematic.xml.
+
+
+	CDN buckets:
+
+		- s3.amazonaws.com/wegohealthtvprod/
+		- d3vr1uk8na0dn7.cloudfront.net
+
+
+	Nonfunctional subdomains:
+
+		- sharinghub *
+
+	* Shows CentOS test page; self-signed, CN: gridhead.blueboxgrid.com
+
+
+	Problematic subdomains:
+
+		- blog *
+
+	* Works; mismatched, CN: *.gridserver.com.
+
+
+	Fully covered subdomains:
+
+		- (www.)
+		- tv
+
+
+	Observed cookie domains:
+
+		- ^ ¹
+		- . ²
+		- awards ³
+		- www ¹
+
+	¹ Secured by server
+	² Secured by us
+	³ Not secured by us <= incomplete support
+
+
+	Mixed content:
+
+		- css, on:
+
+			- blog from $self
+			- tv from fonts.googleapis.com *
+
+		- Images, on:
+
+			- awards from d3vr1uk8na0dn7.cloudfront.net *
+			- blog from $self
+			- tv from s3.amazonaws.com *
+			- tv from pbs.twimg.com *
+			- www from blog
+
+	* Secured by us
+
+-->
+<ruleset name="Wego Health.com (partial)" default_off="failed ruleset test">
+
+	<target host="wegohealth.com" />
+	<target host="awards.wegohealth.com" />
+	<target host="tv.wegohealth.com" />
+	<target host="www.wegohealth.com" />
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="^http://awards\.wegohealth\.com/+($|\?)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://awards\.wegohealth\.com/+(?!nominees(?:$|\?))" />
+
+
+	<!--	Server sets Secure for:
+					-->
+	<!--securecookie host="^(www\.)?wegohealth\.com$" name=".+" /-->
+	<!--
+		But not for:
+				-->
+	<securecookie host="^\.wegohealth\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Weho.st.xml b/src/chrome/content/rules/Weho.st.xml
new file mode 100644
index 000000000000..39afcda9d21c
--- /dev/null
+++ b/src/chrome/content/rules/Weho.st.xml
@@ -0,0 +1,16 @@
+<ruleset name="Weho.st">
+	<target host="weho.st" />
+	<target host="cloud.weho.st" />
+	<target host="chat.weho.st" />
+	<target host="search.weho.st" />
+	<target host="pad.weho.st" />
+	<target host="calc.weho.st" />
+	<target host="git.weho.st" />
+	<target host="cryptpad.weho.st" />
+	<target host="social.weho.st" />
+	<target host="draw.weho.st" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Weibo.cn.xml b/src/chrome/content/rules/Weibo.cn.xml
new file mode 100644
index 000000000000..61a07a8e6dc7
--- /dev/null
+++ b/src/chrome/content/rules/Weibo.cn.xml
@@ -0,0 +1,27 @@
+<!--
+	For other Weibo coverage, see Weibo.com.xml.
+
+	sslv3 alert handshake failure:
+		tpssl.weibo.cn		http://tpssl.weibo.cn/3244140934/50/5714990600/0
+
+	CDN buckets:
+		img([1-5])?.app.wcdn.cn
+-->
+<ruleset name="Weibo.cn">
+	<target host="weibo.cn" />
+	<target host="www.weibo.cn" />
+	<target host="c.weibo.cn" />
+	<target host="m.weibo.cn" />
+	<target host="manhua.weibo.cn" />
+	<target host="media.weibo.cn" />
+	<target host="music.weibo.cn" />
+	<target host="open.weibo.cn" />
+		<test url="http://open.weibo.cn/oauth2/authorize" />
+	<target host="passport.weibo.cn" />
+		<test url="http://passport.weibo.cn/signin/login" />
+	<target host="place.weibo.cn" />
+	<target host="toutiao.weibo.cn" />
+	<target host="tvassl.weibo.cn" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Weibo.com.xml b/src/chrome/content/rules/Weibo.com.xml
new file mode 100644
index 000000000000..6b852d6a0bdd
--- /dev/null
+++ b/src/chrome/content/rules/Weibo.com.xml
@@ -0,0 +1,45 @@
+<!--
+	Other Weibo coverage:
+		Weibo.cn.xml
+		WeiboPay.com.xml
+
+	MCB:
+		game.weibo.com
+
+	not enough values to unpack:
+		captcha.weibo.com	https://travis-ci.org/github/EFForg/https-everywhere/jobs/686172096#L343
+
+	Redirect to http:
+		static.book.weibo.com
+		sg2.game.weibo.com
+		manhua.weibo.com
+
+	Timeout:
+		app.weibo.com		https://travis-ci.org/github/EFForg/https-everywhere/jobs/686176000#L341
+-->
+<ruleset name="Weibo.com">
+	<target host="weibo.com" />
+	<target host="www.weibo.com" />
+	<target host="api.weibo.com" />
+		<test url="http://api.weibo.com/chat/#/" />
+	<target host="rm.api.weibo.com" />
+		<test url="http://rm.api.weibo.com/2/remind/unread_count.json" />
+	<target host="upload.api.weibo.com" />
+		<test url="http://upload.api.weibo.com/2/statuses/upload.json" />
+	<target host="book.weibo.com" />
+	<target host="e.weibo.com" />
+	<target host="help.weibo.com" />
+	<target host="open.weibo.com" />
+	<target host="passport.weibo.com" />
+	<target host="s.weibo.com" />
+	<target host="security.weibo.com" />
+		<test url="http://security.weibo.com/app/js/v1/apps/account/jQuery1.7.1.js" />
+	<target host="vdisk.weibo.com" />
+	<target host="video.weibo.com" />
+		<test url="http://video.weibo.com/show?fid=1034:4312779088411554" />
+	<target host="widget.weibo.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/WeiboPay.com.xml b/src/chrome/content/rules/WeiboPay.com.xml
new file mode 100644
index 000000000000..4255383b63f3
--- /dev/null
+++ b/src/chrome/content/rules/WeiboPay.com.xml
@@ -0,0 +1,24 @@
+<!--
+	For other Weibo coverage, see Weibo.com.xml.
+-->
+
+<ruleset name="WeiboPay.com">
+	<target host="weibopay.com" />
+	<target host="www.weibopay.com" />
+	<target host="css.weibopay.com" />
+	<target host="help.weibopay.com" />
+	<target host="i1.weibopay.com" />
+	<target host="i2.weibopay.com" />
+	<target host="js.weibopay.com" />
+	<target host="static.weibopay.com" />
+
+		<test url="http://css.weibopay.com/f/cms/styles/app/index/home.css" />
+		<test url="http://i1.weibopay.com/f/img/app/op_gold/home/5.png" />
+		<test url="http://i2.weibopay.com/cms/img/94e96da9c26fdeca7a89f69ee3766cea.png" />
+		<test url="http://js.weibopay.com/sinapay/scripts/base-299dda6f28.js" />
+		<test url="http://static.weibopay.com/merchant-wallet/css/unique/index.css" />
+
+	<securecookie host="^\w" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Weilde_Beuger_Solmecke.xml b/src/chrome/content/rules/Weilde_Beuger_Solmecke.xml
deleted file mode 100644
index abe811911823..000000000000
--- a/src/chrome/content/rules/Weilde_Beuger_Solmecke.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	Problematic subdomains:
-
-		- ^	(self-signed, mismatched; CN: 17833.whserv.de)		
-
--->
-<ruleset name="Weilde Beuger Solmecke">
-
-	<target host="wbs-law.de" />
-	<target host="www.wbs-law.de" />
-
-
-	<securecookie host="^www\.wbs-law\.de$" name=".+" />
-
-
-	<rule from="^https?://(?:www\.)?wbs-law\.de/"
-		to="https://www.wbs-law.de/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Weiss-Research.xml b/src/chrome/content/rules/Weiss-Research.xml
index 54b9dec0439a..dd6da9a8e367 100644
--- a/src/chrome/content/rules/Weiss-Research.xml
+++ b/src/chrome/content/rules/Weiss-Research.xml
@@ -1,4 +1,6 @@
 <!--
+Automatically by https-everywhere-checker because:
+Fetch error: http://moneyandmarkets.com/ => https://moneyandmarkets.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 	Nonfunctional domains:
 
 		- a.weissinc.com
@@ -7,18 +9,17 @@
 <ruleset name="Weiss Research">
 
 	<target host="moneyandmarkets.com" />
-	<target host="*.moneyandmarkets.com" />
+	<target host="www.moneyandmarkets.com" />
 	<target host="weissinc.com" />
-	<target host="*.weissinc.com" />
+	<target host="cdn.weissinc.com" />
+	<target host="images.weissinc.com" />
+	<target host="www.weissinc.com" />
 
 
-	<securecookie host="^.*\.moneyandmarkets\.com$" name=".*" />
+	<securecookie host="^.*\.moneyandmarkets\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?moneyandmarkets\.com/"
-		to="https://$1moneyandmarkets.com/" />
 
-	<rule from="^http://((?:cdn|images|www)\.)?weissinc\.com/"
-		to="https://$1weissinc.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Welcome.lgbt.xml b/src/chrome/content/rules/Welcome.lgbt.xml
new file mode 100644
index 000000000000..59f93e554702
--- /dev/null
+++ b/src/chrome/content/rules/Welcome.lgbt.xml
@@ -0,0 +1,8 @@
+<ruleset name="Welcome.lgbt">
+	<target host="welcome.lgbt" />
+	<target host="www.welcome.lgbt" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/WelcomeCottages.com.xml b/src/chrome/content/rules/WelcomeCottages.com.xml
new file mode 100644
index 000000000000..e01bd9750078
--- /dev/null
+++ b/src/chrome/content/rules/WelcomeCottages.com.xml
@@ -0,0 +1,18 @@
+<!--
+	For other Wyndham related rulesets, see WyndhamHotels.com.xml
+
+	Non-functional hosts
+		Timeout was reached:
+		- welcomecottages.com
+
+-->
+<ruleset name="WelcomeCottages.com (partial)" platform="mixedcontent">
+	<target host="welcomecottages.com" />
+	<target host="www.welcomecottages.com" />
+
+	<rule from="^http://welcomecottages\.com/"
+		to="https://www.welcomecottages.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Welect.de.xml b/src/chrome/content/rules/Welect.de.xml
new file mode 100644
index 000000000000..a69f26f77b25
--- /dev/null
+++ b/src/chrome/content/rules/Welect.de.xml
@@ -0,0 +1,32 @@
+<!--
+	This domain contains a wildcard DNS record.
+
+	Invalid certificate:
+		www.s
+-->
+<ruleset name="Welect.de">
+
+	<target host="welect.de" />
+	<target host="www.welect.de" />
+	<target host="ssl.1.damoh.welect.de" />
+	<target host="ssl.2.damoh.welect.de" />
+	<target host="ssl.3.damoh.welect.de" />
+	<target host="de.welect.de" />
+	<target host="www.de.welect.de" />
+	<target host="example.welect.de" />
+	<target host="go.welect.de" />
+	<target host="go-staging.welect.de" />
+	<target host="integrator.welect.de" />
+	<target host="internal.welect.de" />
+	<target host="noserver.welect.de" />
+	<target host="production.welect.de" />
+	<target host="redirect-staging.welect.de" />
+	<target host="s.welect.de" />
+	<target host="staging.welect.de" />
+	<target host="static.welect.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Welk.sc.xml b/src/chrome/content/rules/Welk.sc.xml
new file mode 100644
index 000000000000..757455854977
--- /dev/null
+++ b/src/chrome/content/rules/Welk.sc.xml
@@ -0,0 +1,14 @@
+<!--
+	cloudfront, unknown bucket(s).
+
+-->
+<ruleset name="Walk.sc" default_off="mismatched">
+
+	<target host="pp.walk.sc" />
+	<target host="pp2.walk.sc" />
+	<target host="pp3.walk.sc" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Wellbid.com.xml b/src/chrome/content/rules/Wellbid.com.xml
index e27988efb841..67577524c7ef 100644
--- a/src/chrome/content/rules/Wellbid.com.xml
+++ b/src/chrome/content/rules/Wellbid.com.xml
@@ -1,13 +1,13 @@
 <ruleset name="wellbid.com">
 
 	<target host="wellbid.com" />
-	<target host="*.wellbid.com" />
+	<target host="static.wellbid.com" />
+	<target host="www.wellbid.com" />
 
 
 	<securecookie host="^(?:w*\.)?wellbid\.com$" name=".+" />
 
 
-	<rule from="^http://(static\.|www\.)?wellbid\.com/"
-		to="https://$1wellbid.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Wellcome-HK-Lucky-Draws.xml b/src/chrome/content/rules/Wellcome-HK-Lucky-Draws.xml
new file mode 100644
index 000000000000..47988e1dbff6
--- /dev/null
+++ b/src/chrome/content/rules/Wellcome-HK-Lucky-Draws.xml
@@ -0,0 +1,16 @@
+<!--
+	Non-functional hosts
+		No content on HTTPS:
+		- wellcomehappystamp.com
+		- www.wellcomehappystamp.com
+		- worldwinefairluckydraw.com
+		- www.worldwinefairluckydraw.com
+-->
+<ruleset name="Wellcome HK Lucky Draws">
+	<target host="easy2winluckydraw.com" />
+	<target host="www.easy2winluckydraw.com" />
+	<target host="summercoolluckydraw.com" />
+	<target host="www.summercoolluckydraw.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Wellcome-Trust-Sanger-Institute.xml b/src/chrome/content/rules/Wellcome-Trust-Sanger-Institute.xml
index c1d842d6a25d..c43b7f721d3b 100644
--- a/src/chrome/content/rules/Wellcome-Trust-Sanger-Institute.xml
+++ b/src/chrome/content/rules/Wellcome-Trust-Sanger-Institute.xml
@@ -1,9 +1,9 @@
-<ruleset name="Wellcome Trust Sanger Institute (partial)">
+<ruleset name="Wellcome Trust Sanger Institute (partial)" default_off="redirects to http">
 
 	<target host="sanger.ac.uk"/>
 	<target host="www.sanger.ac.uk"/>
 
-	<securecookie host="^www\.sanger\.ac\.uk$" name=".*"/>
+	<securecookie host="^www\.sanger\.ac\.uk$" name=".+" />
 
 	<rule from="^http://(?:www\.)?sanger\.ac\.uk/"
 		to="https://www.sanger.ac.uk/"/>
diff --git a/src/chrome/content/rules/Wellingborough.gov.uk.xml b/src/chrome/content/rules/Wellingborough.gov.uk.xml
new file mode 100644
index 000000000000..06ed37ac058b
--- /dev/null
+++ b/src/chrome/content/rules/Wellingborough.gov.uk.xml
@@ -0,0 +1,38 @@
+<!--
+	Borough Council of Wellingborough Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *wellingborough.gov.uk:
+
+		- pawebsrv ᵈ
+
+	ᵈ Dropped
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- wellingborough.gov.uk
+		- www.wellingborough.gov.uk
+		- .www.wellingborough.gov.uk
+
+-->
+<ruleset name="Wellingborough.gov.uk (partial)">
+
+	<target host="wellingborough.gov.uk" />
+	<target host="www.wellingborough.gov.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?wellingborough\.gov\.uk$" name="^\w{16}$" /-->
+	<!--securecookie host="^\.www\.wellingborough\.gov\.uk$" name="^TestCookie$" /-->
+
+	<securecookie host="^(?!\.wellingborough\.gov\.uk$)\." name="\." />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Wello.com.xml b/src/chrome/content/rules/Wello.com.xml
new file mode 100644
index 000000000000..b3ed09f6ec4f
--- /dev/null
+++ b/src/chrome/content/rules/Wello.com.xml
@@ -0,0 +1,23 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://wello.com/ => https://wello.com/: (7, 'Failed to connect to wello.com port 443: Connection refused')
+Fetch error: http://www.wello.com/ => https://www.wello.com/: (7, 'Failed to connect to www.wello.com port 443: Connection refused')
+
+-->
+<ruleset name="Wello.com" default_off="failed ruleset test">
+
+	<target host="wello.com" />
+	<target host="www.wello.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.wello\.com$" name="^csrftoken$" /-->
+
+	<securecookie host="^(?:www)?\.wello\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/WellsFargo.xml b/src/chrome/content/rules/WellsFargo.xml
index af7c3af8cbeb..722f5c8652dc 100644
--- a/src/chrome/content/rules/WellsFargo.xml
+++ b/src/chrome/content/rules/WellsFargo.xml
@@ -1,7 +1,22 @@
-<ruleset name="Wells Fargo">
+<!--
+	Other Wells Fargo rulesets:
+		- Wachovia.xml
+
+	Mixed content:
+		- Image on blogs from 187hrynv8uv1zp0cw32838b1aoz-wpengine.netdna-ssl.com
+-->
+
+<ruleset name="Wells Fargo.com">
   <target host="wellsfargo.com" />
   <target host="*.wellsfargo.com" />
 
-  <rule from="^http://wellsfargo\.com/" to="https://www.wellsfargo.com/" />
-  <rule from="^http://([^/:@\.]+)\.wellsfargo\.com/" to="https://$1.wellsfargo.com/" />
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"	to="https:" />
+
+	<test url="http://financial.wellsfargo.com/" />
+	<test url="http://mortgage.wellsfargo.com/" />
+	<test url="http://myed.wellsfargo.com/" />
+	<test url="http://onlineservices.wellsfargo.com/" />
+	<test url="http://www.wellsfargo.com/" />
 </ruleset>
diff --git a/src/chrome/content/rules/Welsh-Country-Cottages.co.uk.xml b/src/chrome/content/rules/Welsh-Country-Cottages.co.uk.xml
new file mode 100644
index 000000000000..c07457f0f3d5
--- /dev/null
+++ b/src/chrome/content/rules/Welsh-Country-Cottages.co.uk.xml
@@ -0,0 +1,20 @@
+<!--
+	For other Wyndham related rulesets, see WyndhamHotels.com.xml
+
+	Non-functional hosts
+		Timeout was reached:
+		- welsh-country-cottages.co.uk
+
+		Mixed content blocking (MCB) triggered:
+		- www.welsh-country-cottages.co.uk
+-->
+<ruleset name="Welsh-Country-Cottages.co.uk" platform="mixedcontent">
+	<target host="welsh-country-cottages.co.uk" />
+	<target host="www.welsh-country-cottages.co.uk" />
+
+	<rule from="^http://welsh-country-cottages\.co\.uk/"
+		to="https://www.welsh-country-cottages.co.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Welt.de.xml b/src/chrome/content/rules/Welt.de.xml
new file mode 100644
index 000000000000..7dbd0fae49e2
--- /dev/null
+++ b/src/chrome/content/rules/Welt.de.xml
@@ -0,0 +1,78 @@
+<!--
+	Connection closed:
+		- welt.de
+		- wetter.welt.de
+
+	Invalid certificate:
+		- biowetter.welt.de
+		- bundle.welt.de
+		- klassiker.welt.de
+		- kompakt.welt.de
+		- kosmos.welt.de
+		- liveticker.welt.de
+		- m.liveticker.welt.de
+		- luxusautos.welt.de
+		- luxusuhren.welt.de
+		- m.welt.de
+		- reisewetter.welt.de
+		- schmid.welt.de
+		- service.welt.de
+		- to.welt.de
+
+	Mismatch:
+		- apps.welt.de
+
+	Refused:
+		- epaper.apps.welt.de
+		- donnerunddoria.welt.de
+		- epaper.welt.de
+		- freie.welt.de
+		- medien.welt.de
+-->
+<ruleset name="Welt.de (Partial)">
+	<target host="www.welt.de" />
+		<!-- HTTP redirect -->
+		<exclusion pattern="^http://www\.welt\.de/((article)?\d{9}|icon|lesestueck|storytorial)/" />
+		<test url="http://www.welt.de/157702604/?noredirect=true&amp;config=langeslestueck&amp;ref&amp;refresh2" />
+		<test url="http://www.welt.de/article157741535/?noredirect=true&amp;config=lesestueckbiga&amp;refresh2" />
+		<test url="http://www.welt.de/icon/" />
+		<test url="http://www.welt.de/lesestueck/" />
+		<test url="http://www.welt.de/storytorial/escada/" />
+	<target host="abo.welt.de" />
+	<target host="codewidget.welt.de" />
+	<target host="css.welt.de" />
+	<target host="gutscheine.welt.de" />
+	<target host="img.welt.de" />
+	<target host="investigativ.welt.de" />
+	<target host="jobs.welt.de" />
+	<target host="js.welt.de" />
+	<target host="resources-production.la.welt.de" />
+		<test url="http://resources-production.la.welt.de/loader/la-loader-default.js" />
+	<target host="luxus.welt.de" />
+	<target host="mobil.welt.de" />
+	<target host="mobile.welt.de" />
+	<target host="online.welt.de" />
+	<target host="stepstone.welt.de" />
+	<target host="tv.welt.de" />
+	<target host="zeitung.welt.de" />
+	<!-- *.apps.welt.de -->
+		<target host="iqtest.apps.welt.de" />
+		<target host="static.apps.welt.de" />
+			<!-- serves wrong content (404 pages also look different, but that's trivial -->
+			<exclusion pattern="^http://static\.apps\.welt\.de/lesestueck/" />
+			<test url="http://static.apps.welt.de/lesestueck/" />
+	<!-- *.la.welt.de (^la.welt.de does not exist) -->
+		<target host="api-co.la.welt.de" />
+		<target host="co.la.welt.de" />
+		<target host="judge.la.welt.de" />
+		<target host="lo.la.welt.de" />
+		<target host="loader.la.welt.de" />
+		<target host="schrotty.la.welt.de" />
+
+	<test url="http://codewidget.welt.de/beta-promotion/css/betapromotion.css" />
+	<test url="http://css.welt.de/skins/welt/css/693/reset.css" />
+	<test url="http://img.welt.de/img/config_master_header/orig149433181/3270004236/welt-logo-trans.png" />
+
+	<rule from="^http:" to="https:" />
+	
+</ruleset>
diff --git a/src/chrome/content/rules/Weltbild.ch.xml b/src/chrome/content/rules/Weltbild.ch.xml
index 8ff03d75c449..9b022b1b3357 100644
--- a/src/chrome/content/rules/Weltbild.ch.xml
+++ b/src/chrome/content/rules/Weltbild.ch.xml
@@ -1,7 +1,8 @@
-<ruleset name="Weltbild.ch" platform="mixedcontent">
-        <target host="weltbild.ch" />
-        <target host="www.weltbild.ch" />
-        <securecookie host="^(.*\.)?weltbild\.ch$" name=".*" />
+<ruleset name="Weltbild.ch">
+	<target host="weltbild.ch" />
+	<target host="www.weltbild.ch" />
 
-        <rule from="^http://(?:www\.)?weltbild\.ch/" to="https://www.weltbild.ch/"/>
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Wemadethis.co.uk.xml b/src/chrome/content/rules/Wemadethis.co.uk.xml
new file mode 100644
index 000000000000..e0c87d5f956e
--- /dev/null
+++ b/src/chrome/content/rules/Wemadethis.co.uk.xml
@@ -0,0 +1,6 @@
+<ruleset name="Wemadethis.co.uk">
+	<target host="wemadethis.co.uk" />
+	<target host="www.wemadethis.co.uk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Wemakeprice.com.xml b/src/chrome/content/rules/Wemakeprice.com.xml
new file mode 100644
index 000000000000..3dd137ffd157
--- /dev/null
+++ b/src/chrome/content/rules/Wemakeprice.com.xml
@@ -0,0 +1,14 @@
+<!--
+	Nonfunctional subdomains:
+
+		- (www.)	(dropped)
+
+-->
+<ruleset name="wemakeprice.com (partial)">
+
+	<target host="image.wemakeprice.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Wemfbox.ch.xml b/src/chrome/content/rules/Wemfbox.ch.xml
index 1c685f463b27..6db5a9763fa5 100644
--- a/src/chrome/content/rules/Wemfbox.ch.xml
+++ b/src/chrome/content/rules/Wemfbox.ch.xml
@@ -1,17 +1,455 @@
 <!--
-	Web bugs
+	For other NET-Metrix coverage, see Net-metrix.ch.xml.
 
+	Note:	Customer get their own subdomains, but not all of them support HTTPS.
+		Most of them use an alias for HTTPS support (most common is *-ssl.wemfbox.ch).
+
+	Connection refused:
+		- ^
+		- 24heures.wemfbox.ch
+		- baz.wemfbox.ch
+		- actinnoc.wemfbox.ch
+		- annabe.wemfbox.ch
+		- aufemin.wemfbox.ch
+		- autoric.wemfbox.ch
+		- avguide.wemfbox.ch
+		- aznetz.wemfbox.ch
+		- beobacht.wemfbox.ch
+		- bielertb.wemfbox.ch
+		- bilan.wemfbox.ch
+		- bilanz.wemfbox.ch
+		- billnet.wemfbox.ch
+		- blickmob.wemfbox.ch
+		- blogwerk.wemfbox.ch
+		- bnjtv.wemfbox.ch
+		- bolero.wemfbox.ch
+		- box30026.wemfbox.ch
+		- box30027.wemfbox.ch
+		- box30028.wemfbox.ch
+		- box30029.wemfbox.ch
+		- box30030.wemfbox.ch
+		- box30031.wemfbox.ch
+		- box30032.wemfbox.ch
+		- box30033.wemfbox.ch
+		- box30034.wemfbox.ch
+		- box30035.wemfbox.ch
+		- box30036.wemfbox.ch
+		- box30037.wemfbox.ch
+		- caffe.wemfbox.ch
+		- canal3.wemfbox.ch
+		- car4you.wemfbox.ch
+		- cdt.wemfbox.ch
+		- cine.wemfbox.ch
+		- cineman.wemfbox.ch
+		- cineroma.wemfbox.ch
+		- codexflo.wemfbox.ch
+		- derbund.wemfbox.ch
+		- digpostc.wemfbox.ch
+		- director.wemfbox.ch
+		- edicom.wemfbox.ch
+		- edipr.wemfbox.ch
+		- ended.wemfbox.ch
+		- events.wemfbox.ch
+		- famleben.wemfbox.ch
+		- femina.wemfbox.ch
+		- femleb.wemfbox.ch
+		- fitlife.wemfbox.ch
+		- friendsc.wemfbox.ch
+		- frimag.wemfbox.ch
+		- gdp.wemfbox.ch
+		- gfm.wemfbox.ch
+		- ghi.wemfbox.ch
+		- gruyere.wemfbox.ch
+		- handelsz.wemfbox.ch
+		- hausinfo.wemfbox.ch
+		- help.wemfbox.ch
+		- homegate.wemfbox.ch
+		- hrtoday.wemfbox.ch
+		- ideesuis.wemfbox.ch
+		- idgcompu.wemfbox.ch
+		- idgpctip.wemfbox.ch
+		- illustre.wemfbox.ch
+		- itaste.wemfbox.ch
+		- itresell.wemfbox.ch
+		- jobs.wemfbox.ch
+		- jobsct.wemfbox.ch
+		- jobup.wemfbox.ch
+		- jobwch.wemfbox.ch
+		- journal.wemfbox.ch
+		- jungfrau.wemfbox.ch
+		- lemadi.wemfbox.ch
+		- lematin.wemfbox.ch
+		- lemenu.wemfbox.ch
+		- letemps.wemfbox.ch
+		- liberte.wemfbox.ch
+		- likemag.wemfbox.ch
+		- loisirs.wemfbox.ch
+		- lokalin.wemfbox.ch
+		- lqj.wemfbox.ch
+		- lusonz.wemfbox.ch
+		- magazin.wemfbox.ch
+		- manitoo.wemfbox.ch
+		- mattinon.wemfbox.ch
+		- medpulse.wemfbox.ch
+		- microsof.wemfbox.ch
+		- montresp.wemfbox.ch
+		- motosct.wemfbox.ch
+		- mtv.wemfbox.ch
+		- myswiss.wemfbox.ch
+		- myvideo.wemfbox.ch
+		- natuerli.wemfbox.ch
+		- netlog.wemfbox.ch
+		- netzwoch.wemfbox.ch
+		- newsch.wemfbox.ch
+		- newsnetz.wemfbox.ch
+		- nick.wemfbox.ch
+		- nouvell.wemfbox.ch
+		- nrjleman.wemfbox.ch
+		- partygui.wemfbox.ch
+		- petsite.wemfbox.ch
+		- plz.wemfbox.ch
+		- quick.wemfbox.ch
+		- radmunot.wemfbox.ch
+		- ricardo.wemfbox.ch
+		- rjb.wemfbox.ch
+		- romandie.wemfbox.ch
+		- ronorp.wemfbox.ch
+		- rsr.wemfbox.ch
+		- rtr.wemfbox.ch
+		- rtsi.wemfbox.ch
+		- saison.wemfbox.ch
+		- schaffh.wemfbox.ch
+		- seniorw.wemfbox.ch
+		- sevenone.wemfbox.ch
+		- sftv.wemfbox.ch
+		- shn.wemfbox.ch
+		- sistyle.wemfbox.ch
+		- sixx.wemfbox.ch
+		- sonntags.wemfbox.ch
+		- sportail.wemfbox.ch
+		- sprechzi.wemfbox.ch
+		- srf.wemfbox.ch
+		- srg.wemfbox.ch
+		- stocks.wemfbox.ch
+		- swissgui.wemfbox.ch
+		- swissinf.wemfbox.ch
+		- tagesanz.wemfbox.ch
+		- tagesw.wemfbox.ch
+		- tdg.wemfbox.ch
+		- tele.wemfbox.ch
+		- telebiel.wemfbox.ch
+		- teletext.wemfbox.ch
+		- ticinews.wemfbox.ch
+		- tierwelt.wemfbox.ch
+		- toasted.wemfbox.ch
+		- toptrave.wemfbox.ch
+		- transfer.wemfbox.ch
+		- tsr.wemfbox.ch
+		- tsrch.wemfbox.ch
+		- tucherch.wemfbox.ch
+		- turf.wemfbox.ch
+		- tvair.wemfbox.ch
+		- usgang.wemfbox.ch
+		- vitamag.wemfbox.ch
+		- volksbl.wemfbox.ch
+		- vornamen.wemfbox.ch
+		- watson.wemfbox.ch
+		- wilmaa.wemfbox.ch
+		- winti.wemfbox.ch
+		- wirelter.wemfbox.ch
+		- zattoo.wemfbox.ch
+		- zsz.wemfbox.ch
+		- zuonline.wemfbox.ch
 -->
 <ruleset name="wemfbox.ch (partial)">
 
-	<target host="*.wemfbox.ch" />
+	<target host="www.wemfbox.ch" />
+
+	<target host="20minde.wemfbox.ch" />
+	<target host="20minde-ssl.wemfbox.ch" />
+
+	<target host="20minro.wemfbox.ch" />
+	<target host="20minro-ssl.wemfbox.ch" />
+
+	<target host="24heures.wemfbox.ch" />
+	<target host="24heures-ssl.wemfbox.ch" />
+
+	<target host="annabe.wemfbox.ch" />
+	<target host="anna-ssl.wemfbox.ch" />
+
+	<target host="arcinfo.wemfbox.ch" />
+	<target host="arci-ssl.wemfbox.ch" />
+
+	<target host="autosct.wemfbox.ch" />
+	<target host="asct-ssl.wemfbox.ch" />
+	<target host="baaonl-ssl.wemfbox.ch" />
+
+	<target host="anibis.wemfbox.ch" />
+	<target host="anib-ssl.wemfbox.ch" />
+
+	<target host="argovia.wemfbox.ch" />
+	<target host="argovia-ssl.wemfbox.ch" />
+
+	<target host="aznetz.wemfbox.ch" />
+	<target host="az-ssl.wemfbox.ch" />
+
+	<target host="baz.wemfbox.ch" />
+	<target host="baz-ssl.wemfbox.ch" />
+
+	<target host="blickonl.wemfbox.ch" />
+	<target host="blickonl-ssl.wemfbox.ch" />
+
+	<target host="blue-ssl.wemfbox.ch" />
+
+	<target host="cash.wemfbox.ch" />
+	<target host="cash-ssl.wemfbox.ch" />
+
+	<target host="chba-ssl.wemfbox.ch" />
+	<target host="chbauer.wemfbox.ch" />
+
+	<target host="cinema.wemfbox.ch" />
+	<target host="cinema-ssl.wemfbox.ch" />
+
+	<target host="cineman.wemfbox.ch" />
+	<target host="cineman-ssl.wemfbox.ch" />
+
+	<target host="coop.wemfbox.ch" />
+	<target host="coop-ssl.wemfbox.ch" />
+	<target host="coopz.wemfbox.ch" />
+	<target host="coopz-ssl.wemfbox.ch" />
+
+	<target host="dood-ssl.wemfbox.ch" />
+
+	<target host="derbund.wemfbox.ch" />
+	<target host="derbund-ssl.wemfbox.ch" />
+
+	<target host="energyzh.wemfbox.ch" />
+	<target host="engy-ssl.wemfbox.ch" />
+
+	<target host="finan-ssl.wemfbox.ch" />
+	<target host="finanzen.wemfbox.ch" />
+	<target host="fininfo.wemfbox.ch" />
+	<target host="fininfo-ssl.wemfbox.ch" />
+
+	<target host="flug-ssl.wemfbox.ch" />
+
+	<target host="gmx-ssl.wemfbox.ch" />
+	<target host="gmxch.wemfbox.ch" />
+
+	<target host="golf-ssl.wemfbox.ch" />
+	<target host="golfs.wemfbox.ch" />
+
+	<target host="hebd-ssl.wemfbox.ch" />
+	<target host="hebdo.wemfbox.ch" />
+
+	<target host="help.wemfbox.ch" />
+	<target host="help-ssl.wemfbox.ch" />
+
+	<target host="illustre.wemfbox.ch" />
+	<target host="illu-ssl.wemfbox.ch" />
+
+	<target host="ippi-ssl.wemfbox.ch" />
+	<target host="isct-ssl.wemfbox.ch" />
+
+	<target host="laco-ssl.wemfbox.ch" />
+
+	<target host="loca-ssl.wemfbox.ch" />
+
+	<target host="luz-ssl.wemfbox.ch" />
+
+	<target host="mediapulse.wemfbox.ch" />
+
+	<target host="migmag.wemfbox.ch" />
+	<target host="mima-ssl.wemfbox.ch" />
+	<target host="mobpro-ssl.wemfbox.ch" />
+
+	<target host="moneyh.wemfbox.ch" />
+	<target host="monh-ssl.wemfbox.ch" />
+
+	<target host="netmetrix-ssl.wemfbox.ch" />
+	<target host="netmx.wemfbox.ch" />
+
+	<target host="newhome.wemfbox.ch" />
+	<target host="nhom-ssl.wemfbox.ch" />
+
+	<target host="newsnetz.wemfbox.ch" />
+	<target host="newsnetz-ssl.wemfbox.ch" />
+
+	<target host="nzz.wemfbox.ch" />
+	<target host="nzz-ssl.wemfbox.ch" />
+	<target host="olki-ssl.wemfbox.ch" />
+
+	<target host="partygui.wemfbox.ch" />
+	<target host="pgui-ssl.wemfbox.ch" />
+
+	<target host="pilatus-ssl.wemfbox.ch" />
+
+	<target host="qs.wemfbox.ch" />
+	<target host="qs-ssl.wemfbox.ch" />
+
+	<target host="regione.wemfbox.ch" />
+	<target host="regione-ssl.wemfbox.ch" />
+
+	<target host="rro.wemfbox.ch" />
+	<target host="rro-ssl.wemfbox.ch" />
+
+	<target host="rtn.wemfbox.ch" />
+	<target host="rtn-ssl.wemfbox.ch" />
+
+	<target host="rts.wemfbox.ch" />
+	<target host="rts-ssl.wemfbox.ch" />
+
+	<target host="sbb.wemfbox.ch" />
+	<target host="sbb-ssl.wemfbox.ch" />
 
+	<target host="search.wemfbox.ch" />
+	<target host="search-ssl.wemfbox.ch" />
+
+	<target host="sftv.wemfbox.ch" />
+	<target host="sftv-ssl.wemfbox.ch" />
+
+	<target host="sinf-ssl.wemfbox.ch" />
+
+	<target host="smilk.wemfbox.ch" />
+	<target host="smilk-ssl.wemfbox.ch" />
+
+	<target host="sportal.wemfbox.ch" />
+	<target host="sportal-ssl.wemfbox.ch" />
+
+	<target host="star-ssl.wemfbox.ch" />
+
+	<target host="sued-ssl.wemfbox.ch" />
+	<target host="survey.wemfbox.ch" />
+
+	<target host="swissmom.wemfbox.ch" />
+	<target host="swissmom-ssl.wemfbox.ch" />
+	<target host="tag-ssl.wemfbox.ch" /> <!-- not clear which plain domain belongs to this -->
+
+	<target host="tagesw.wemfbox.ch" />
+	<target host="tagesw-ssl.wemfbox.ch" />
+
+	<target host="tagesanz.wemfbox.ch" />
+	<target host="tagi-ssl.wemfbox.ch" />
+
+	<target host="teleboy.wemfbox.ch" />
+	<target host="teleboy-ssl.wemfbox.ch" />
+
+	<target host="temp-ssl.wemfbox.ch" />
+	<target host="tempslib.wemfbox.ch" />
+
+	<target host="tdg.wemfbox.ch" />
+	<target host="tdg-ssl.wemfbox.ch" />
+
+	<target host="ticinonl.wemfbox.ch" />
+	<target host="ticinonl-ssl.wemfbox.ch" />
+
+	<target host="tutt-ssl.wemfbox.ch" />
+	<target host="tvsvizz-ssl.wemfbox.ch" />
+
+	<target host="usgang.wemfbox.ch" />
+	<target host="usgang-ssl.wemfbox.ch" />
+
+	<target host="vate-ssl.wemfbox.ch" />
+	<target host="vice-ssl.wemfbox.ch" />
+
+	<target host="watson.wemfbox.ch" />
+	<target host="watson-ssl.wemfbox.ch" />
+
+	<target host="wirelter.wemfbox.ch" />
+	<target host="we-ssl.wemfbox.ch" />
+
+	<target host="wildeis.wemfbox.ch" />
+	<target host="wildeis-ssl.wemfbox.ch" />
+
+	<target host="wilmaa.wemfbox.ch" />
+	<target host="wilm-ssl.wemfbox.ch" />
+
+	<target host="woz.wemfbox.ch" />
+	<target host="woz-ssl.wemfbox.ch" />
+
+	<target host="zip.wemfbox.ch" />
+	<target host="zip-ssl.wemfbox.ch" />
+
+	<target host="zsz.wemfbox.ch" />
+	<target host="zsz-ssl.wemfbox.ch" />
+
+	<target host="zurinet-ssl.wemfbox.ch" />
 
 	<securecookie host="^\.wemfbox\.ch$" name="^i00$" />
 	<securecookie host="^\w+-ssl\.wemfbox\.ch$" name=".+" />
 
+		<rule from="^http://annabe\.wemfbox\.ch/"
+			to="https://anna-ssl.wemfbox.ch/" />
+
+		<rule from="^http://anibis\.wemfbox\.ch/"
+			to="https://anib-ssl.wemfbox.ch/" />
+
+		<rule from="^http://arcinfo\.wemfbox\.ch/"
+			to="https://arci-ssl.wemfbox.ch/" />
+
+		<rule from="^http://autosct\.wemfbox\.ch/"
+			to="https://asct-ssl.wemfbox.ch/" />
+
+		<rule from="^http://aznetz\.wemfbox\.ch/"
+			to="https://az-ssl.wemfbox.ch/" />
+
+		<rule from="^http://chbauer\.wemfbox\.ch/"
+			to="https://chba-ssl.wemfbox.ch/" />
+
+		<rule from="^http://energyzh\.wemfbox\.ch/"
+			to="https://engy-ssl.wemfbox.ch/" />
+
+		<rule from="^http://finanzen\.wemfbox\.ch/"
+			to="https://finan-ssl.wemfbox.ch/" />
+
+		<rule from="^http://gmxch\.wemfbox\.ch/"
+			to="https://gmx-ssl.wemfbox.ch/" />
+
+		<rule from="^http://golfs\.wemfbox\.ch/"
+			to="https://golf-ssl.wemfbox.ch/" />
+
+		<rule from="^http://hebdo\.wemfbox\.ch/"
+			to="https://hebd-ssl.wemfbox.ch/" />
+
+		<rule from="^http://illustre\.wemfbox\.ch/"
+			to="https://illu-ssl.wemfbox.ch/" />
+
+		<rule from="^http://migmag\.wemfbox\.ch/"
+			to="https://mima-ssl.wemfbox.ch/" />
+
+		<rule from="^http://moneyh\.wemfbox\.ch/"
+			to="https://monh-ssl.wemfbox.ch/" />
+
+		<rule from="^http://newhome\.wemfbox\.ch/"
+			to="https://nhom-ssl.wemfbox.ch/" />
+
+		<rule from="^http://netmx\.wemfbox\.ch/"
+			to="https://netmetrix-ssl.wemfbox.ch/" />
+
+		<rule from="^http://partygui\.wemfbox\.ch/"
+			to="https://pgui-ssl.wemfbox.ch/" />
+
+		<!-- Note 2018-02-24: qs-ssl.wemfbox.ch serves an incomplete cert chain. -->
+		<rule from="^http://qs-ssl\.wemfbox\.ch/"
+			to="https://qs.wemfbox.ch/" />
+
+		<rule from="^http://tagesanz\.wemfbox\.ch/"
+			to="https://tagi-ssl.wemfbox.ch/" />
+
+		<rule from="^http://tempslib\.wemfbox\.ch/"
+			to="https://temp-ssl.wemfbox.ch/" />
+
+		<rule from="^http://wirelter\.wemfbox\.ch/"
+			to="https://we-ssl.wemfbox.ch/" />
+
+		<rule from="^http://wilmaa\.wemfbox\.ch/"
+			to="https://wilm-ssl.wemfbox.ch/" />
+
+		<!-- Refused without "*-ssl" suffix -->
+		<rule from="^http://(20minde|20minro|24heures|argovia|baz|blickonl|cash|cinema|cineman|coop|coopz|derbund|fininfo|help|newsnetz|nzz|regione|rro|rtn|rts|sbb|search|sftv|smilk|sportal|swissmom|tagesw|teleboy|tdg|ticinonl|usgang|watson|wildeis|woz|zip|zsz)\.wemfbox\.ch/"
+			to="https://$1-ssl.wemfbox.ch/" />
 
-	<rule from="^http://(\w+)-ssl\.wemfbox\.ch/"
-		to="https://$1-ssl.wemfbox.ch/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Wemineltc.com.xml b/src/chrome/content/rules/Wemineltc.com.xml
deleted file mode 100644
index e2b89b5f356b..000000000000
--- a/src/chrome/content/rules/Wemineltc.com.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="Wemineltc.com">
-  <target host="wemineltc.com" />
-  <target host="www.wemineltc.com" />
-
-  <rule from="^http://(www\.)?wemineltc\.com/" to="https://www.wemineltc.com/" />
-
-  <securecookie host="^(www\.)?wemineltc\.com$" name=".*" />
-</ruleset>
diff --git a/src/chrome/content/rules/Wennect.info.xml b/src/chrome/content/rules/Wennect.info.xml
new file mode 100644
index 000000000000..cbe620325a6e
--- /dev/null
+++ b/src/chrome/content/rules/Wennect.info.xml
@@ -0,0 +1,15 @@
+<!--
+	www: mismatched, CN: admin.wennect.info
+
+-->
+<ruleset name="Wennect.info">
+
+	<target host="wennect.info" />
+	<target host="admin.wennect.info" />
+	<target host="www.wennect.info" />
+
+
+	<rule from="^http://(?:(admin\.)|www\.)?wennect\.info/"
+		to="https://$1wennect.info/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Weoinvoice.xml b/src/chrome/content/rules/Weoinvoice.xml
index e0f3b7b36287..3cf87f14a5e5 100644
--- a/src/chrome/content/rules/Weoinvoice.xml
+++ b/src/chrome/content/rules/Weoinvoice.xml
@@ -2,5 +2,5 @@
   <target host="www.weoinvoice.com"/>
   <target host="weoinvoice.com"/>
 
-  <rule from="^http://(www\.)?weoinvoice\.com/" to="https://www.weoinvoice.com/"/>
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Werstreamt.es.xml b/src/chrome/content/rules/Werstreamt.es.xml
new file mode 100644
index 000000000000..c72e9f67dce0
--- /dev/null
+++ b/src/chrome/content/rules/Werstreamt.es.xml
@@ -0,0 +1,9 @@
+<ruleset name="Werstreamt.es">
+
+	<target host="werstreamt.es"/>
+	<target host="www.werstreamt.es"/>
+
+	<rule from="^http:"
+	to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Wes_Bos.xml b/src/chrome/content/rules/Wes_Bos.xml
new file mode 100644
index 000000000000..44cde7078b9c
--- /dev/null
+++ b/src/chrome/content/rules/Wes_Bos.xml
@@ -0,0 +1,15 @@
+<!--
+    Invalid certificate:
+            catchoftheday.wesbos.com
+
+-->
+<ruleset name="Wes Bos">
+    <target host="wesbos.com" />
+    <target host="www.wesbos.com" />
+    <target host="cheddar.wesbos.com" />
+    <target host="courses.wesbos.com" />
+
+    <securecookie host=".+" name=".+" />
+
+    <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Wesnoth.xml b/src/chrome/content/rules/Wesnoth.xml
index 9f7484b5735d..330ae6226994 100644
--- a/src/chrome/content/rules/Wesnoth.xml
+++ b/src/chrome/content/rules/Wesnoth.xml
@@ -1,31 +1,53 @@
-<!--
-	Nonfunctional subdomains, all of which point to the homepage:
 
-		- addons
-		- forums
-		- replays
-		- units
-		- wiki
+<!--
+	http://*.wesnoth.org is a valid mirror of http://wesnoth.org but mismatched
+
+	Mirrors of addons.wesnoth.org (mismatched):
+		add-on.wesnoth.org
+		add-ons.wesnoth.org
+		addon.wesnoth.org
+		www.addons.wesnoth.org
+		addonlist.wesnoth.org
+		campaign.wesnoth.org
+		campaigns.wesnoth.org
+
+	Invalid certificate:
+		changelog.wesnoth.org (→ github.com)
+		coc.wesnoth.org
+		dev-addons.wesnoth.org
+		devhelp.wesnoth.org
+		www.forums.wesnoth.org
+		gettext.wesnoth.org
+		git.wesnoth.org (→ github.com)
+		irclog.wesnoth.org
+		irclogs.wesnoth.org
+		manual.wesnoth.org
+		patches.wesnoth.org (→ github.com)
+		stable-addons.wesnoth.org
+		trunk-addonlist.wesnoth.org
+
+	Mixed content (handled in wesnoth.org-falsemixed.xml):
+		collectd.wesnoth.org
 
 -->
-<ruleset name="Battle for Wesnoth (partial)" platform="cacert">
+<ruleset name="Battle for Wesnoth">
 
 	<target host="wesnoth.org" />
-	<target host="*.wesnoth.org" />
-		<exclusion pattern="^http://(addons|replays)\.wesnoth\.org/icons/$" />
-		<exclusion pattern="^http://(units|wiki)\.wesnoth\.org/skins/$" />
-
-
-	<rule from="^http://(?:((?:addonlist|bugs|changelog|dev(?:-addons|docs)|eclipse|gettext|irclogs|manual|patches|stable-(?:addons|changelog)|(?:web)?svn|wesnothd)\.)|www\.)?wesnoth\.org/"
-		to="https://$1wesnoth.org/" />
-
-	<rule from="^http://(addons|replays)\.wesnoth\.org/icons/"
-		to="https://$1.wesnoth.org/icons/" />
-
-	<rule from="^https?://(?:units|wiki)\.wesnoth\.org/skins/"
-		to="https://wesnoth.org/mw/skins/" />
-
-	<rule from="^http://wiki\.wesnoth\.org/favicon\.ico$"
-		to="https://wiki.wesnoth.org/favicon.ico" />
+	<target host="www.wesnoth.org" />
+	<target host="addons.wesnoth.org" />
+	<target host="bugs.wesnoth.org" />
+	<target host="devdocs.wesnoth.org" />
+	<target host="files.wesnoth.org" />
+	<target host="forum.wesnoth.org" />
+	<target host="forums.wesnoth.org" />
+	<target host="replays.wesnoth.org" />
+	<target host="status.wesnoth.org" />
+	<target host="units.wesnoth.org" />
+	<target host="wiki.wesnoth.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/West-Lindsey.gov.uk.xml b/src/chrome/content/rules/West-Lindsey.gov.uk.xml
new file mode 100644
index 000000000000..34bf63572783
--- /dev/null
+++ b/src/chrome/content/rules/West-Lindsey.gov.uk.xml
@@ -0,0 +1,57 @@
+<!--
+	West Lindsey District Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *west-lindsey.gov.uk:
+
+		- committee ³
+		- docs ³
+		- planning ³
+
+	³ 403
+
+
+	Problematic hosts in *west-lindsey.gov.uk:
+
+		- www2 ᵐ
+
+	ᵐ Mismatched
+
+
+	These altnames don't exist:
+
+		- west-lindsey.gov.uk
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.west-lindsey.gov.uk
+		- www2.west-lindsey.gov.uk
+
+
+	Mixed content:
+
+		- Images on www from $self ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="West-Lindsey.gov.uk (partial)">
+
+	<target host="licensing.west-lindsey.gov.uk" />
+	<target host="www.west-lindsey.gov.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www2?\.west-lindsey\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/WestJet.xml b/src/chrome/content/rules/WestJet.xml
index c4357b79280a..6a1ebd8a141d 100644
--- a/src/chrome/content/rules/WestJet.xml
+++ b/src/chrome/content/rules/WestJet.xml
@@ -1,9 +1,9 @@
 <ruleset name="West Jet">
   <target host="westjet.com" />
-  <target host="*.westjet.com" />
+  <target host="hg.westjet.com" />
+  <target host="www.westjet.com" />
 
   <rule from="^http://westjet\.com/"
           to="https://www.westjet.com/" />
-  <rule from="^http://(hg|www)\.westjet\.com/"
-          to="https://$1.westjet.com/" />
-</ruleset>
\ No newline at end of file
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/WestMerciaPolice.xml b/src/chrome/content/rules/WestMerciaPolice.xml
new file mode 100644
index 000000000000..8388f6474cc4
--- /dev/null
+++ b/src/chrome/content/rules/WestMerciaPolice.xml
@@ -0,0 +1,6 @@
+<ruleset name="West Mercia Police">
+	<target host="westmercia.police.uk" />
+	<target host="www.westmercia.police.uk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/WestMidlandsPolice.xml b/src/chrome/content/rules/WestMidlandsPolice.xml
new file mode 100644
index 000000000000..10bd4b15ccdd
--- /dev/null
+++ b/src/chrome/content/rules/WestMidlandsPolice.xml
@@ -0,0 +1,27 @@
+<!--
+  For West Midlands Police
+
+    Works:
+
+      - www
+
+    Doesn't Work:
+
+      - $ (gives a 404)
+
+    Mixed Content:
+
+      - foi.west-midlands.police.uk
+      - behindthecrime.west-midlands.police.uk
+      - jobs.west-midlands.police.uk
+      - saferstudents.west-midlands.police.uk
+      - safestreet.west-midlands.police.uk
+
+
+-->
+<ruleset name="West Midlands Police">
+  <target host="west-midlands.police.uk" />
+  <target host="www.west-midlands.police.uk" />
+
+  <rule from="^http://(www\.)?west-midlands\.police\.uk/" to="https://www.west-midlands.police.uk/" />
+</ruleset>
diff --git a/src/chrome/content/rules/West_Devon.gov.uk.xml b/src/chrome/content/rules/West_Devon.gov.uk.xml
new file mode 100644
index 000000000000..cbdb7fe4f27e
--- /dev/null
+++ b/src/chrome/content/rules/West_Devon.gov.uk.xml
@@ -0,0 +1,53 @@
+<!--
+	West Devon Borough Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *westdevon.gov.uk:
+
+		- apps ⁵
+
+	⁵ 500
+
+
+	NB: Server sends no certificate chain, see https://whatsmychaincert.com
+
+-->
+<ruleset name="West Devon.gov.uk (partial)" default_off="cert-chain">
+
+	<target host="westdevon.gov.uk" />
+	<target host="www.westdevon.gov.uk" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://(?:www\.)?westdevon\.gov\.uk/(?:article/10664/LoginRegisterLogout$|login$|myaccount$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://(?:www\.)?westdevon\.gov\.uk/+(?!\w+/(?:images/|scripts/.+\.css|template/)|civica/Bundles/|media/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.westdevon.gov.uk/Boundaries" />
+			<test url="http://www.westdevon.gov.uk/HMO" />
+			<test url="http://www.westdevon.gov.uk/appeal" />
+			<test url="http://www.westdevon.gov.uk/article/10664/LoginRegisterLogout" />
+			<test url="http://www.westdevon.gov.uk/login" />
+			<test url="http://www.westdevon.gov.uk/myaccount" />
+			<test url="http://www.westdevon.gov.uk/newname" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.westdevon.gov.uk/civica/Bundles/common.min.css" />
+			<test url="http://www.westdevon.gov.uk/media/iconlink/l/2/facebook.png" />
+			<test url="http://www.westdevon.gov.uk/westdevon/css/styleprint.css" />
+			<test url="http://www.westdevon.gov.uk/westdevon/images/toplevel.gif" />
+			<test url="http://www.westdevon.gov.uk/westdevon/scripts/jquery/css/flick/jquery-ui-1.8.16.custom.css" />
+			<test url="http://www.westdevon.gov.uk/westdevon/template/landing/css/landing.css" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/West_Orange_History.xml b/src/chrome/content/rules/West_Orange_History.xml
index 45d39c04b2fd..0429d895d2df 100644
--- a/src/chrome/content/rules/West_Orange_History.xml
+++ b/src/chrome/content/rules/West_Orange_History.xml
@@ -17,4 +17,4 @@
 	<rule from="^http://(?:www\.)?westorangehistory\.com/"
 		to="https://westorangehistory.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/West_Sussex.gov.uk.xml b/src/chrome/content/rules/West_Sussex.gov.uk.xml
new file mode 100644
index 000000000000..34f63765f45c
--- /dev/null
+++ b/src/chrome/content/rules/West_Sussex.gov.uk.xml
@@ -0,0 +1,74 @@
+<!--
+	West Sussex County Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *westsussex.gov.uk:
+
+		- buildings ʳ
+		- cyclejourneyplanner ᵇ
+		- love ᶠ
+		- www2 ᵈ
+
+	ᵇ Shows default page
+	ᵈ Dropped
+	ᶠ Handshake fails
+	ʳ Refused
+
+
+	Problematic hosts in *westsussex.gov.uk:
+
+		- jsna ᵐ ˣ
+		- viewpoint ᵐ
+
+	ᵐ Mismatched
+	ˣ Mixed css
+
+
+	^westsussex.gov.uk doesn't exist.
+
+
+	Insecure cookies are set for these hosts:
+
+		- familyinfoservice.westsussex.gov.uk
+		- jsna.westsussex.gov.uk
+
+
+	Mixed content:
+
+		- css, on:
+
+			- jsna from fonts.googleapis.com ˢ
+			- jsna from $self ᵐ
+
+		- Images on jsna from $self ᵐ
+
+	ᵐ Not secured by us <= mismatched
+	ˢ Secured by us
+
+-->
+<ruleset name="West Sussex.gov.uk (partial)">
+
+	<target host="arena.westsussex.gov.uk" />
+	<target host="eadmissions.westsussex.gov.uk" />
+	<target host="eregistrar.westsussex.gov.uk" />
+	<target host="familyinfoservice.westsussex.gov.uk" />
+	<target host="haveyoursay.westsussex.gov.uk" />
+	<target host="performance.westsussex.gov.uk" />
+	<target host="www.westsussex.gov.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^familyinfoservice\.westsussex\.gov\.uk$" name="^PE(?:Language|Test)Cookie$" /-->
+	<!--securecookie host="^jsna\.westsussex\.gov\.uk$" name="^(?:_clef_state|DYNSRV|wfvt_\d+)$" /-->
+
+	<securecookie host="^\." name="^_gat?$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/West_Virginia_University-problematic.xml b/src/chrome/content/rules/West_Virginia_University-problematic.xml
deleted file mode 100644
index 18bcf504d2af..000000000000
--- a/src/chrome/content/rules/West_Virginia_University-problematic.xml
+++ /dev/null
@@ -1,27 +0,0 @@
-<!--
-	For rules that are on by default, see West_Virginia_University.xml.
-
--->
-<ruleset name="West Virginia University (problematic)" default_off="mismatched">
-
-	<target host="beta.campusmap.wvu.edu" />
-	<target host="*.hr.wvu.edu" />
-	<target host="simpleforms.scripts.wvu.edu" />
-	<target host="*.slate.wvu.edu" />
-		<!--
-			Handled in West_Virginia_University.xml:
-								-->
-		<exclusion pattern="^http://(?:www\.)?assets\.slate\.wvu\.edu/resources/" />
-	<target host="*.ur.wvu.edu" />
-
-
-	<securecookie host="^(?:beta\.campusmap|(?:benefits(?:admin)?|classcomp|employee(?:relation|wellnes)s|employmentservices|medicalmanagement|mountaineertemps|studentemployment|tnd)\.hr|(?:oric|osp)\.research|simpleforms\.scripts|assets\.slate|web\.ur)\.wvu\.edu$" name=".+" />
-
-
-	<rule from="^http://(beta\.campusmap|employmentservices\.hr|simpleforms\.scripts)\.wvu\.edu/"
-		to="https://$1.wvu.edu/" />
-
-	<rule from="^http://(?:www\.)?((?:benefits(?:admin)?|classcomp|employee(?:relation|wellnes)s|employment|medicalmanagement|mountaineertemps|studentemployment|tnd)\.hr|(?:oric|osp)\.research|assets\.slate|web\.ur)\.wvu\.edu/"
-		to="https://$1.wvu.edu/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/West_Virginia_University.xml b/src/chrome/content/rules/West_Virginia_University.xml
deleted file mode 100644
index aea8a4c0fc6c..000000000000
--- a/src/chrome/content/rules/West_Virginia_University.xml
+++ /dev/null
@@ -1,201 +0,0 @@
-<!--
-	For problematic rules, see West_Virginia_University-problematic.xml.
-
-
-	Nonfunctional subdomains:
-
-		- www.ce *
-		- directory	(http reply)
-		- fom **
-		- (www.)health *
-
-		- hsc subdomains:
-
-			- dentistry *
-			- directory	(reset)
-			- home *
-			- nursing *
-			- pharmacy *
-			- publichealth *
-
-		- kuali ***
-
-		- lib subdomains:
-
-			- agnic **
-			- findingaids **
-			- iai **
-			- illiad ***
-			- mountainlynx **
-			- wvrhc		(shows enginecms.lib; mismatched, CN: enginecms.lib.wvu.edu)
-
-		- search
-		- idquery.wvu-ad ***
-
-	* Shows www.hsc; mismatched, CN: www.hsc.wvu.edu
-	** Refused
-	*** Dropped
-
-
-	Problematic domains:
-
-		- www.admissions *
-		- beta.campusmap *
-		- www.eberly *
-		- www.emergency *
-		- www.finaid *
-
-		- hr subdomains:
-
-			- (www.)benefits *
-			- (www.)benefitsadmin *
-			- (www.)classcomp *
-			- (www.)employeerelations *
-			- (www.)employeewellness *
-			- (www.)employment *
-			- employmentservices *
-			- (www.)medicalmanagement *
-			- (www.)mountaineertemps *
-			- (www.)studentemployment *
-			- (www.)tnd *
-			- www *
-
-		- hsc		(\w+ 404s, valid cert)
-		- medicine.hsc	(shows www.hsc)
-		- www.itunes *
-		- www.law *
-		- libguides	(mismatched, CN: *.libguides.com)
-		- libraries	(cert only matches www.libraries)
-		- www.mix *
-		- www.oit *
-		- www.protected *
-		- (www.)oric.research *
-		- (www.)osp.research *
-		- www.research *
-		- (www.)simpleforms.scripts *
-		- (www.)assets.slate *
-		- www.slate
-		- www.slatecms *
-		- (www.)web.ur *
-		- www.wvutoday *
-
-	* Works, cert only matches *.wvu.edu
-
-
-	Partially covered subdomains:
-
-		- medicine.hsc		(→ www.hsc)
-		- libguides			(→ libguides.com, $ redirects to http)
-		- www.simpleforms.scripts	(→ www)
-		- (www.)assets.slate		(→ slate)
-
-
-	Fully covered subdomains:
-
-		- (www.)
-		- about
-		- (www.)admissions	(www → ^)
-		- apply
-		- brand
-		- cal
-		- calendar
-		- careerservices
-		- cas
-		- connect
-		- (www.)eberly		(www → ^)
-		- facebook
-		- (www.)finaid		(www → ^)
-		- financialaid
-		- (www.)emergency	(www → ^)
-		- ferpa
-		- grad
-		- (www.)hr		(www → ^)
-
-		- hsc subdomains:
-
-			- autodiscover
-			- exweb
-			- sole
-			- www
-
-		- (www.)itunes		(www → ^)
-		- kc
-		- (www.)law		(www → ^)
-
-		- lib subdomains:
-
-			- enginecms
-			- mediasite
-			- mediasitehscmed
-			- reserves
-			- systems
-
-		- (www.)libraries	(^ → www)
-		- map
-		- (www.)mix		(www → ^)
-		- mixinfo
-		- myaccess
-		- myapps
-		- myid
-		- nanosafe
-		- (www.)oit		(www → ^)
-		- (www.)protected	(www → ^)
-		- (www.)research	(www → ^)
-		- researchoffice
-		- sharedresearchfacilities
-		- (www.)slate		(www → ^)
-		- (www.)slatecms	(www → ^)
-		- studentaccounts
-		- tour
-		- twitter
-		- webservices
-		- wvudownloads
-		- wvugw
-		- (www.)wvutoday	(www → ^)
-
--->
-<ruleset name="West Virginia University (partial)">
-
-	<target host="wvu.edu" />
-	<target host="*.wvu.edu" />
-
-
-	<!--securecookie host="^\.wvu\.edu$" name="^fos\.web\.server$" /-->
-	<securecookie host="^\.wvu\.edu$" name="^(?:fos\.secure\.web\.server|slate_\w{32}|_wvutodaystaging_1\.0\.0)$" />
-	<securecookie host="^(?:about|admissions|apply|brand|cal|calendar|careerservices|cas|connect|eberly|emergency|facebook|ferpa|finaid|financialaid|grad|hr|(?:exweb|www)\.hsc|itunes|kc|law|(?:enginecms|mediasite(?:hscmed)?|reserves|systems)\.lib|www\.libraries|map|mix|mixinfo|myapps|myid|nanosafe|research(?:office)?|sharedresearchfacilities|slate|slatecms|studentaccounts|tour|twitter|webservices|wvudownloads|wvugw|wvutoday|www)\.wvu\.edu$" name=".+" />
-
-
-	<rule from="^http://((?:about|apply|brand|cal|calendar|careerservices|cas|connect|facebook|ferpa|financialaid|grad|(?:autodiscover|exweb|sole|www)\.hsc|kc|(?:enginecms|mediasite(?:hscmed)?|reserves|systems)\.lib|map|mixinfo|myaccess|myapps|myid|nanosafe|researchoffice|sharedresearchfacilities|tour|twitter|webservices|wvudownloads|wvugw|www)\.)?wvu\.edu/"
-		to="https://$1wvu.edu/" />
-
-	<!--	Domains for which both ^ & www exist, but cert is only valid for ^:
-											-->
-	<rule from="^http://(?:www\.)?(admissions|eberly|emergency|finaid|hr|itunes|law|mix|oit|protected|research|slate|slatecms|studentaccounts|wvutoday)\.wvu\.edu/"
-		to="https://$1.wvu.edu/" />
-
-	<rule from="^http://libguides\.wvu\.edu/(css\d*/|data/|favicon\.ico|images/|include/|js\d*/)"
-		to="https://libguides.com/$1" />
-
-	<rule from="^http://(?:www\.)?libraries\.wvu\.edu/"
-		to="https://www.libraries.wvu.edu/" />
-
-	<rule from="^http://medicine\.hsc\.wvu\.edu/(?:\?.*)$"
-		to="https://www.hsc.wvu.edu/som" />
-
-	<!--	Everything but $ redirects like so:
-							-->
-	<rule from="^http://www\.simpleforms\.scripts\.wvu\.edu/(?!\?).+"
-		to="https://www.wvu.edu/error/404.html" />
-
-	<!--	This avoids some mixed images on connect, ferpa, financialaid, grad, hr, law, map, nanosafe, research, & slatecms.
-		Note that assets.slate.../$ and slate.../$ are not identical.
-									-->
-	<rule from="^http://(?:www\.)?assets\.slate\.wvu\.edu/resources/"
-		to="https://slate.wvu.edu/resources/" />
-
-	<!--	Server drops path:
-					-->
-	<rule from="^http://www\.slate\.wvu\.edu/[^?]*(\?.*)?"
-		to="https://slate.wvu.edu/$1" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/West_Yorkshire_Observatory.org.xml b/src/chrome/content/rules/West_Yorkshire_Observatory.org.xml
new file mode 100644
index 000000000000..357ca5d1c50b
--- /dev/null
+++ b/src/chrome/content/rules/West_Yorkshire_Observatory.org.xml
@@ -0,0 +1,55 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://westyorkshireobservatory.org/ => https://westyorkshireobservatory.org/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.westyorkshireobservatory.org/ => https://westyorkshireobservatory.org/: (60, 'SSL certificate problem: certificate has expired')
+
+	www.westyorkshireobservatory.org: Mismatched
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- westyorkshireobservatory.org
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Images, from:
+
+			- observatory.bradford.gov.uk ᵐ
+			- observatory.calderdale.gov.uk ᵐ
+			- observatory.kirklees.gov.uk ᵐ
+			- observatory.leeds.gov.uk ˢ
+			- observatory.wakefield.gov.uk
+
+	ᵐ Not secured by us <= mismatched
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="West Yorkshire Observatory.org" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="westyorkshireobservatory.org" />
+
+	<!--	Complications:
+				-->
+	<target host="www.westyorkshireobservatory.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^westyorkshireobservatory\.org$" name="(?:ASP\.NET_SessionId|ias\.Locale|ias\.PreferredItemCount)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://www\.westyorkshireobservatory\.org/"
+		to="https://westyorkshireobservatory.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Westconsin_Credit_Union.xml b/src/chrome/content/rules/Westconsin_Credit_Union.xml
index 195d1810b7e6..b3d6da049874 100644
--- a/src/chrome/content/rules/Westconsin_Credit_Union.xml
+++ b/src/chrome/content/rules/Westconsin_Credit_Union.xml
@@ -7,7 +7,7 @@
 <ruleset name="Westconsin Credit Union">
 
 	<target host="westconsincu.org" />
-	<target host="*.westconsincu.org" />
+	<target host="www.westconsincu.org" />
 	<target host="westconsincuhb.org" />
 	<target host="www.westconsincuhb.org" />
 
@@ -16,10 +16,9 @@
 	<securecookie host="^www\.westconsincuhb\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?westconsincu\.org/"
-		to="https://$1westconsincu.org/" />
 
 	<rule from="^http://(?:www\.)?westconsincuhb\.org/"
 		to="https://www.westconsincuhb.org/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Western_Union.xml b/src/chrome/content/rules/Western_Union.xml
index 6f2cbf1a07ad..0018789531cc 100644
--- a/src/chrome/content/rules/Western_Union.xml
+++ b/src/chrome/content/rules/Western_Union.xml
@@ -1,4 +1,10 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://westernunion.com/ (200) => https://westernunion.com/ (403)
+
+	Other Western Union rulesets:
+
 		- westernunion.com.d1.sc.omtrdc.net
 
 			- metrics
@@ -6,12 +12,12 @@
 
 	Nonfunctional subdomains:
 
-		- (www.)		(redirects to http, valid cert)
 		- (www.)business *
-		- corporate		(http reply)
+		- corporate		(Handshake fails)
 		- foundation *
 		- ir			(refused)
-		- onlinefx *
+		- onlinefx		(Refused)
+		- www			(redirects to http, valid cert)
 
 	* Times out
 
@@ -24,31 +30,49 @@
 
 	Fully covered domains:
 
-		- westernunion.com subdomains:
-
-			- agentportal
+		- ^
+		- agentportal
 
-			- globalpay subdomains:
+		- globalpay subdomains:
 
-				- ^
-				- demo
-				- payee
+			- ^
+			- demo
+			- payee
 
-			- marketing
-			- metrics		(→ westernunion-com.d1.sc.omtrdc.net)
-			- online
-			- secure
-			- wumt
+		- marketing
+		- metrics		(→ westernunion-com.d1.sc.omtrdc.net)
+		- online
+		- secure
+		- wumt
 
-		- (www.)wupaymentsolutions.com
 
--->
-<ruleset name="Western Union (partial)">
+	Insecure cookies are set for these hosts:
 
-	<target host="*.westernunion.com" />
-	<target host="wupaymentsolutions.com" />
-	<target host="www.wupaymentsolutions.com" />
+		- agentportal.westernunion.com
 
+-->
+<ruleset name="Western Union.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="westernunion.com" />
+	<target host="agentportal.westernunion.com" />
+	<target host="globalpay.westernunion.com" />
+	<target host="demo.globalpay.westernunion.com" />
+	<target host="payee.globalpay.westernunion.com" />
+	<target host="marketing.westernunion.com" />
+	<target host="online.westernunion.com" />
+	<target host="secure.westernunion.com" />
+	<target host="wumt.westernunion.com" />
+
+	<!--	Complications:
+				-->
+	<target host="metrics.westernunion.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^agentportal\.westernunion\.com$" name="^(JSESSIONID|StaticCookieNameWU)$" /-->
 
 	<!--	Omniture cookies:
 					-->
@@ -56,13 +80,10 @@
 	<securecookie host="^(?:agentportal|(?:demo\.)?globalpay|marketing|online|secure|wumt)\.westernunion\.com$" name=".+" />
 
 
-	<rule from="^http://(agentportal|(?:demo\.|payee\.)?globalpay|marketing|online|secure|wumt)\.westernunion\.com/"
-		to="https://$1.westernunion.com/" />
-
 	<rule from="^http://metrics\.westernunion\.com/"
 		to="https://westernunion-com.d1.sc.omtrdc.net/" />
 
-	<rule from="^http://(www\.)?wupaymentsolutions\.com/"
-		to="https://$1wupaymentsolutions.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/WestlandUtrecht.xml b/src/chrome/content/rules/WestlandUtrecht.xml
index ee1aa13e5125..6cf2588156fd 100644
--- a/src/chrome/content/rules/WestlandUtrecht.xml
+++ b/src/chrome/content/rules/WestlandUtrecht.xml
@@ -1,4 +1,11 @@
-<ruleset name="WestlandUtrecht Bank" platform="mixedcontent">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.mijnwestlandutrecht.nl/ => https://mijnwestlandutrecht.nl/: (7, 'Failed to connect to mijnwestlandutrecht.nl port 443: Connection refused')
+Fetch error: http://mijnwestlandutrecht.nl/ => https://mijnwestlandutrecht.nl/: (7, 'Failed to connect to mijnwestlandutrecht.nl port 443: Connection refused')
+
+-->
+<ruleset name="WestlandUtrecht Bank" platform="mixedcontent" default_off="failed ruleset test">
   <!-- Rule created by Jeroen van der Gun -->
 
   <target host="www.westlandutrecht.nl" />
diff --git a/src/chrome/content/rules/Westlaw.com.xml b/src/chrome/content/rules/Westlaw.com.xml
new file mode 100644
index 000000000000..692d141e01df
--- /dev/null
+++ b/src/chrome/content/rules/Westlaw.com.xml
@@ -0,0 +1,74 @@
+<!--
+	For other Thomson Reuters coverage, see Thomson-Reuters.xml.
+
+
+	Problematic hosts in *westlaw.com:
+
+		- ^ *
+		- store *
+
+	* Mismatched
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- .westlaw.com
+		- .firmcentral.westlaw.com
+		- lawschool.westlaw.com
+		- .next.westlaw.com
+		- 1.next.westlaw.com
+		- m.next.westlaw.com
+		- onepass.westlaw.com
+		- store.westlaw.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Westlaw.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="compliance.westlaw.com" />
+	<target host="firmcentral.westlaw.com" />
+	<target host="forms.westlaw.com" />
+	<target host="lawschool.westlaw.com" />
+	<target host="next.westlaw.com" />
+
+	<target host="1.next.westlaw.com" />
+	<target host="c1.next.westlaw.com" />
+	<target host="i1.next.westlaw.com" />
+	<target host="m.next.westlaw.com" />
+
+	<target host="onepass.westlaw.com" />
+	<target host="images.store.westlaw.com" />
+	<target host="text.westlaw.com" />
+	<target host="web2.westlaw.com" />
+	<target host="westcapitolwatch.westlaw.com" />
+	<target host="www.westlaw.com" />
+
+		<test url="http://c1.next.westlaw.com/StaticContent_32.5.1019/css/v2/scss/partials/mobile/v1/base.css" />
+		<test url="http://i1.next.westlaw.com/StaticContent_32.5.1019/images/mobile/v1/signIn.gif" />
+
+	<!--	Complications:
+				-->
+	<target host="westlaw.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.firmcentral\.westlaw\.com$" name="^Co_SessionToken$" /-->
+	<!--securecookie host="^lawschool\.westlaw\.com$" name="^(ASP\.NET_SessionId|BIGipServerLAWSCHOOL-80)$" /-->
+	<!--securecookie host="^\.next\.westlaw\.com$" name="^(?:BindingKey|mob_pm)$" /-->
+	<!--securecookie host="^(?:[1m]\.next|store)\.westlaw\.com$" name="^BIGipServer" /-->
+	<!--securecookie host="^onepass\.westlaw\.com$" name="^bhCookie(?:Perm|Sess)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://westlaw\.com/"
+		to="https://www.westlaw.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Westlotto.xml b/src/chrome/content/rules/Westlotto.xml
new file mode 100644
index 000000000000..f693d4e14d27
--- /dev/null
+++ b/src/chrome/content/rules/Westlotto.xml
@@ -0,0 +1,4 @@
+<ruleset name="Westlotto.com">
+<target host="wlresults.westlotto.com" />
+<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Westminster-Savings-Credit-Union.xml b/src/chrome/content/rules/Westminster-Savings-Credit-Union.xml
new file mode 100644
index 000000000000..6f7512893acf
--- /dev/null
+++ b/src/chrome/content/rules/Westminster-Savings-Credit-Union.xml
@@ -0,0 +1,18 @@
+<!--
+	Invalid certificates:
+		- westminstersavings.com
+		- www.westminstersavings.com
+		- refer.westminstersavings.com
+-->
+
+<ruleset name="Westminster Savings Credit Union">
+	<target host="wscu.com" />
+	<target host="www.wscu.com" />
+	<target host="access.wscu.com" />
+	<target host="apps.wscu.com" />
+	<target host="mdws.wscu.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Westminster.gov.uk.xml b/src/chrome/content/rules/Westminster.gov.uk.xml
new file mode 100644
index 000000000000..80e8a97fef85
--- /dev/null
+++ b/src/chrome/content/rules/Westminster.gov.uk.xml
@@ -0,0 +1,108 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ehcb.westminster.gov.uk/ => https://ehcb.westminster.gov.uk/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://openforum.westminster.gov.uk/ => https://openforum.westminster.gov.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'openforum.westminster.gov.uk'")
+Fetch error: http://partnerweb.westminster.gov.uk/ => https://partnerweb.westminster.gov.uk/: (6, 'Could not resolve host: partnerweb.westminster.gov.uk')
+
+	Westminster City Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *westminster.gov.uk:
+
+		- bookapc ᵈ
+		- committees ⁴
+		- idoxpa ᵈ
+		- myparks ʳ
+		- petitions ᵗ
+		- specialevents ʳ
+		- transact ʳ
+		- www3 ʳ
+
+	⁴ 404
+	ᵈ Dropped
+	ʳ Refused
+	ᵗ Reset
+
+
+	Problematic hosts in *westminster.gov.uk:
+
+		- ^ ᵐ
+		- citysave ᵉ
+		- cleanstreets ᵉ ᵐ ˢ
+
+	ᵉ Expired
+	ᵐ Mismatched
+	ˢ Self-signed
+
+
+	These altnames don't exist:
+
+		- www.fisd.westminster.gov.uk
+
+
+	Insecure cookies are set for these hosts:
+
+		- ehcb.westminster.gov.uk
+		- fisd.westminster.gov.uk
+		- openforum.westminster.gov.uk
+		- payments.westminster.gov.uk
+		- revenuesbenefits.westminster.gov.uk
+
+
+	Mixed content:
+
+		- css on openforum from fonts.googleapis.com ˢ
+
+		- Images, on:
+
+			- cleanstreets from $self
+			- elibrary from trib.ent.sirsidynix.net.uk ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="Westminster.gov.uk (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<!--target host="citysave.westminster.gov.uk" /-->
+	<target host="commercialwaste.westminster.gov.uk" />
+	<target host="ehcb.westminster.gov.uk" />
+	<target host="elibrary.westminster.gov.uk" />
+	<target host="fisd.westminster.gov.uk" />
+	<target host="jobs.westminster.gov.uk" />
+	<target host="openforum.westminster.gov.uk" />
+	<target host="parkright.westminster.gov.uk" />
+	<target host="partnerweb.westminster.gov.uk" />
+	<target host="payments.westminster.gov.uk" />
+	<target host="payments-parkright.westminster.gov.uk" />
+	<target host="revenuesbenefits.westminster.gov.uk" />
+	<target host="www.westminster.gov.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="westminster.gov.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^ehcb\.westminster\.gov\.uk$" name="^(?:ASP\.NET_SessionId|CMSPreferredCulture|CurrentVisitStatus)$" /-->
+	<!--securecookie host="^fisd\.westminster\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^openforum\.westminster\.gov\.uk$" name="^_e(?:hq_uid|ngagementhq_v2)$" /-->
+	<!--securecookie host="^payments\.westminster\.gov\.uk$" name="^CF(?:ID|TOKEN)$" /-->
+	<!--securecookie host="^revenuesbenefits\.westminster\.gov\.uk$" name="^\.ASPXAUTH" /-->
+
+	<securecookie host="^\." name="^_gat?$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://westminster\.gov\.uk/"
+		to="https://www.westminster.gov.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Westoxon.gov.uk.xml b/src/chrome/content/rules/Westoxon.gov.uk.xml
new file mode 100644
index 000000000000..8d18a0988e27
--- /dev/null
+++ b/src/chrome/content/rules/Westoxon.gov.uk.xml
@@ -0,0 +1,72 @@
+<!--
+	West Oxfordshire District Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *westoxon.gov.uk:
+
+		- cmis ᵈ
+		- localplan ⁴
+		- parking ᶠ
+		- my ᵈ
+
+	⁴ 404
+	ᵈ Dropped
+	ᶠ Handshake fails
+
+
+	Problematic hosts in *westoxon.gov.uk:
+
+		- forms ᶜ
+		- planningconsultation ᵐ
+		- publicaccess ᶜ
+
+	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
+	ᵐ Mismatched
+
+
+	These altnames don't exist:
+
+		- westoxon.gov.uk
+
+
+	Insecure cookies are set for these domains:
+
+		- .www.westoxon.gov.uk
+
+
+	Mixed content:
+
+		- css on publicaccess from $self
+		- Images on publicaccess from $self
+
+-->
+<ruleset name="Westoxon.gov.uk">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="forms.westoxon.gov.uk" />
+	<target host="publicaccess.westoxon.gov.uk" />
+	<target host="www.westoxon.gov.uk" />
+
+		<!--	Reset => would make fetch test fail
+							-->
+		<exclusion pattern="^http://forms\.westoxon\.gov\.uk/$" />
+
+		<!--test url="http://forms.westoxon.gov.uk/eforms/ufsmain?formid=WODC_CONTAINER_REQUEST&amp;C_PRM__ORG=wodc&amp;C_PRM__UPRN=&amp;C_PRM__UID_ACCESSKEY=3c774fab929cc2fc" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^publicaccess\.westoxon\.gov\.uk$" name="^JSESSIONID$" /-->
+	<!--securecookie host="^www\.westoxon\.gov\.uk$" name="^ARRAffinity$" /-->
+
+	<securecookie host="^\.www\." name=".+" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Westpac.com.au.xml b/src/chrome/content/rules/Westpac.com.au.xml
new file mode 100644
index 000000000000..305ad8b161aa
--- /dev/null
+++ b/src/chrome/content/rules/Westpac.com.au.xml
@@ -0,0 +1,324 @@
+<!--
+	Non-functional subdomains:
+
+		- westpac.com.au	(r)
+		- 02973504_www	(m)
+		- alliance	(r)
+		- analytics	(e)
+		- gw.api	(t)
+		- gw-partner.api	(t)
+		- gw-partner-r.api	(t)
+		- gw-partner-w.api	(t)
+		- gw-r.api	(t)
+		- gw-w.api	(t)
+		- portal.api	(t)
+		- gw-partner.sandpit.api	(t)
+		- gw-partner.sit1.api	(t)
+		- gw.staging.api	(t)
+		- gw-partner.svp.api	(t)
+		- gw-partner-r.svp.api	(t)
+		- gw-partner.uat.api	(r)
+		- gw-partner.uat1.api	(t)
+		- autodiscoverdev	(t)
+		- piv.banking	(t)
+		- piv-r.banking	(t)
+		- piv-w.banking	(t)
+		- sit1.banking	(t)
+		- sit2.banking	(t)
+		- svp.banking	(t)
+		- piv.svp.banking	(t)
+		- piv-r.svp.banking	(t)
+		- piv-w.svp.banking	(t)
+		- sys1.banking	(t)
+		- sys2.banking	(t)
+		- uat.banking	(t)
+		- uat2.banking	(t)
+		- bluechip20	(r)
+		- www.bluechip20	(r)
+		- broking	(r)
+		- admin.broking	(m)
+		- private.broking	(m)
+		- businessiq	(r)
+		- www.businessworkshops	(r)
+		- m.comms	(r)
+		- t.comms	(r)
+		- connect	(t)
+		- a.content1	(m)
+		- secureonline.corp	(e)
+		- accountinfo.corp-svp	(t)
+		- administration.corp-svp	(t)
+		- agency.corp-svp	(t)
+		- audnzd.corp-svp	(t)
+		- online.corp-svp	(t)
+		- payments.corp-svp	(t)
+		- receipts.corp-svp	(t)
+		- termdeposit.corp-svp	(t)
+		- dashboard	(s)
+		- dns5	(t)
+		- dr	(m)
+		- vpn.ld4.efm	(t)
+		- vpn.ny4.efm	(t)
+		- t.email	(m)
+		- email11	(m)
+		- email6	(t)
+		- a.email6	(m)
+		- a.email7	(m)
+		- amta1.email7	(t)
+		- a.email8	(m)
+		- eolsmtpindev	(t)
+		- explore	(r)
+		- altwood1.extnonprod	(t)
+		- altwood2.extnonprod	(t)
+		- altwood1.extprod	(t)
+		- altwood2.extprod	(t)
+		- flexiloanecc	(r)
+		- b2b-mft.ftps	(t)
+		- gcc-test	(t)
+		- gold	(t)
+		- gtsjira	(r)
+		- help	(e)
+		- www.ilink	(m)
+		- www.info	(r)
+		- investmentlending	(r)
+		- uat.investmentlending	(r)
+		- itsmx	(t)
+		- itsmxtest	(t)
+		- kiosk-service-1	(r)
+		- kiosk-service-2	(r)
+		- know	(r)
+		- library	(t)
+		- lifescape	(s)
+		- locator	(m)
+		- mail10	(m)
+		- maildev	(t)
+		- mastercardapi	(t)
+		- mastercardapi-sit	(t)
+		- mastercardapi-svp	(t)
+		- metrics	(m)
+		- mft	(t)
+		- mfttest	(t)
+		- migrantbanking	(m)
+		- mmw	(m)
+		- www.morello-dr-introducers	(e)
+		- movingtoaustralia	(m)
+		- autodiscover.nonprod.mte	(t)
+		- eolsmtpindev.nonprod.mte	(t)
+		- maildev.nonprod.mte	(t)
+		- admin.onlineinvesting	(m)
+		- websvc.onlineinvesting	(t)
+		- websvc-uat.onlineinvesting	(t)
+		- e5dr.pl	(too many redirects)
+		- e5drreporting.pl	(too many redirects)
+		- e5reports.pl	(too many redirects)
+		- e5test.pl	(too many redirects)
+		- app.test.pl	(too many redirects)
+		- portfoliomanager	(e)
+		- pp-api	(t)
+		- pp-api-sit	(t)
+		- pp-api-svp	(t)
+		- pp-api-uat	(t)
+		- administration-corp.online.prod	(m)
+		- fiserv.purple	(t)
+		- optus.purple	(t)
+		- oracle.purple	(t)
+		- rbblearning	(e)
+		- silver	(t)
+		- sipdr	(t)
+		- sipprod	(t)
+		- siprcc	(404)
+		- sipwsdc	(404)
+		- wibinsights.sit	(s)
+		- www.mls.etrade.srv	(t)
+		- www.uat-mls.etrade.srv	(t)
+		- 3dsecure.prod.srv	(t)
+		- sslvpn	(s)
+		- btweb.sss	(t)
+		- btweb.sit.sss	(t)
+		- web.sit.sss	(t)
+		- web.svp.sss	(t)
+		- web.uat.sss	(t)
+		- web.sss	(t)
+		- static	(m)
+		- wibinsights.svp	(s)
+		- b2b-mft.ftps.test	(t)
+		- visaapi	(t)
+		- visaapi-sit	(t)
+		- visaapi-svp	(t)
+		- sit1.wibdigital	(t)
+		- sit2.wibdigital	(t)
+		- sit3.wibdigital	(t)
+		- sit4.wibdigital	(t)
+		- uat.wibdigital	(t)
+		- wibinsights	(s)
+		- piv.wmau	(t)
+		- piv-r.wmau	(t)
+		- piv-w.wmau	(t)
+		- sit1.wmau	(t)
+		- sit2.wmau	(t)
+		- svp.wmau	(t)
+		- piv.svp.wmau	(t)
+		- piv-r.svp.wmau	(t)
+		- piv-w.svp.wmau	(t)
+		- sys1.wmau	(t)
+		- sys2.wmau	(t)
+		- uat.wmau	(t)
+		- uat2.wmau	(t)
+		- ww2	(t)
+		- xylofx	(r)
+		- yellow	(t)
+		- www.yourbankyoursay	(m)
+
+	e: expired certificate
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+
+-->
+<ruleset name="Westpac">
+
+	<target host="westpac.com.au" />
+	<target host="www.westpac.com.au" />
+	<target host="banking.westpac.com.au" />
+	<target host="bfr.westpac.com.au" />
+	<target host="businesslink.westpac.com.au" />
+	<target host="businessonline.westpac.com.au" />
+	<target host="businfo.westpac.com.au" />
+	<target host="www.businfo.westpac.com.au" />
+	<target host="cmsservices.westpac.com.au" />
+	<target host="www.cmsservices.westpac.com.au" />
+	<target host="sit.www.cmsservices.westpac.com.au" />
+	<target host="colbcp.westpac.com.au" />
+	<target host="www.colbcp.westpac.com.au" />
+	<target host="accountinfo.corp.westpac.com.au" />
+	<target host="administration.corp.westpac.com.au" />
+	<target host="agency.corp.westpac.com.au" />
+	<target host="audnzd.corp.westpac.com.au" />
+	<target host="online.corp.westpac.com.au" />
+	<target host="onlinefx.corp.westpac.com.au" />
+	<target host="payments.corp.westpac.com.au" />
+	<target host="receipts.corp.westpac.com.au" />
+	<target host="research.corp.westpac.com.au" />
+	<target host="termdeposit.corp.westpac.com.au" />
+	<target host="creditcardoffers.westpac.com.au" />
+	<target host="donate.westpac.com.au" />
+	<target host="click.e.westpac.com.au" />
+	<target host="image.e.westpac.com.au" />
+	<target host="pages.e.westpac.com.au" />
+	<target host="view.e.westpac.com.au" />
+	<target host="www.eacademy.westpac.com.au" />
+	<target host="www.eacademy-dev.westpac.com.au" />
+	<target host="www.eacademy-dr.westpac.com.au" />
+	<target host="pages.email.westpac.com.au" />
+	<target host="esign.westpac.com.au" />
+	<target host="events.westpac.com.au" />
+	<target host="forms.westpac.com.au" />
+	<target host="forms1.westpac.com.au" />
+	<target host="gcc.westpac.com.au" />
+	<target host="hlc1.westpac.com.au" />
+	<target host="tst1.hrservices.westpac.com.au" />
+	<target host="tst2.hrservices.westpac.com.au" />
+	<target host="ilink.westpac.com.au" />
+	<target host="industry.westpac.com.au" />
+	<target host="info.westpac.com.au" />
+	<target host="insights.westpac.com.au" />
+	<target host="forms.insurance.westpac.com.au" />
+	<target host="introducers.westpac.com.au" />
+	<target host="www.iswitch.westpac.com.au" />
+	<target host="lyncdiscover.westpac.com.au" />
+	<target host="meet.westpac.com.au" />
+	<target host="merchantapplication.westpac.com.au" />
+	<target host="merchantonline.westpac.com.au" />
+	<target host="proxyauth.prod.mte.westpac.com.au" />
+	<target host="olb.westpac.com.au" />
+	<target host="online.westpac.com.au" />
+	<target host="onlineinvesting.westpac.com.au" />
+	<target host="app.onlineinvesting.westpac.com.au" />
+	<target host="research.onlineinvesting.westpac.com.au" />
+	<target host="shy.onlineinvesting.westpac.com.au" />
+	<target host="p1.webiress.onlineinvesting.westpac.com.au" />
+	<target host="orion.westpac.com.au" />
+	<target host="orion-test.westpac.com.au" />
+	<target host="paymentsplus.westpac.com.au" />
+	<target host="app.pl.westpac.com.au" />
+	<target host="drapp.pl.westpac.com.au" />
+	<target host="e5prod.pl.westpac.com.au" />
+	<target host="premiumfeedback.westpac.com.au" />
+	<target host="privatebank.westpac.com.au" />
+	<target host="www.privatebank.westpac.com.au" />
+	<target host="dev.www.privatebank.westpac.com.au" />
+	<target host="dev01.www.privatebank.westpac.com.au" />
+	<target host="dev02.www.privatebank.westpac.com.au" />
+	<target host="dev03.www.privatebank.westpac.com.au" />
+	<target host="sit.www.privatebank.westpac.com.au" />
+	<target host="sit01.www.privatebank.westpac.com.au" />
+	<target host="sit02.www.privatebank.westpac.com.au" />
+	<target host="sit03.www.privatebank.westpac.com.au" />
+	<target host="svp.www.privatebank.westpac.com.au" />
+	<target host="svp01.www.privatebank.westpac.com.au" />
+	<target host="svp02.www.privatebank.westpac.com.au" />
+	<target host="svp03.www.privatebank.westpac.com.au" />
+	<target host="uat.www.privatebank.westpac.com.au" />
+	<target host="uat01.www.privatebank.westpac.com.au" />
+	<target host="uat02.www.privatebank.westpac.com.au" />
+	<target host="uat03.www.privatebank.westpac.com.au" />
+	<target host="quickservice.westpac.com.au" />
+	<target host="quickstream.westpac.com.au" />
+	<target host="api.quickstream.westpac.com.au" />
+	<target host="quicksuper.westpac.com.au" />
+	<target host="quickweb.westpac.com.au" />
+	<target host="red.westpac.com.au" />
+	<target host="rose.westpac.com.au" />
+	<target host="rose-test.westpac.com.au" />
+	<target host="search.westpac.com.au" />
+	<target host="secureshopping.westpac.com.au" />
+	<target host="securities.westpac.com.au" />
+	<target host="serialiseddepositbooks.westpac.com.au" />
+	<target host="servicefeedback.westpac.com.au" />
+	<target host="servicerecovery.westpac.com.au" />
+	<target host="services.westpac.com.au" />
+	<target host="www.services.westpac.com.au" />
+	<target host="www.services2.westpac.com.au" />
+	<target host="smetrics.westpac.com.au" />
+	<target host="surveys.westpac.com.au" />
+	<target host="webapps.westpac.com.au" />
+	<target host="westpaciq.westpac.com.au" />
+	<target host="www.westpaciq.westpac.com.au" />
+	<target host="wib.westpac.com.au" />
+	<target host="www.wib.westpac.com.au" />
+	<target host="wibdigital.westpac.com.au" />
+	<target host="wibgetonboard.westpac.com.au" />
+	<target host="wibiq.westpac.com.au" />
+	<target host="test.wibiq.westpac.com.au" />
+	<target host="wibs.westpac.com.au" />
+	<target host="wintrade.westpac.com.au" />
+	<target host="wmau.westpac.com.au" />
+	<target host="wpb.westpac.com.au" />
+	<target host="wss.westpac.com.au" />
+	<target host="dev01.www.westpac.com.au" />
+	<target host="dev02.www.westpac.com.au" />
+	<target host="dev03.www.westpac.com.au" />
+	<target host="prp01.www.westpac.com.au" />
+	<target host="prp02.www.westpac.com.au" />
+	<target host="prp03.www.westpac.com.au" />
+	<target host="prp.services.www.westpac.com.au" />
+	<target host="sit.services.www.westpac.com.au" />
+	<target host="sit01.www.westpac.com.au" />
+	<target host="sit02.www.westpac.com.au" />
+	<target host="sit03.www.westpac.com.au" />
+	<target host="uat01.www.westpac.com.au" />
+	<target host="uat02.www.westpac.com.au" />
+	<target host="uat03.www.westpac.com.au" />
+	<target host="yourbankyoursay.westpac.com.au" />
+
+  	<securecookie host="^www\.westpac\.com\.au$" name=".+" />
+
+	<!-- Connection refused -->
+	<rule from="^http://westpac\.com\.au/"
+		to="https://www.westpac.com.au/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Westpac.xml b/src/chrome/content/rules/Westpac.xml
deleted file mode 100644
index 2410a6a95cd1..000000000000
--- a/src/chrome/content/rules/Westpac.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="Westpac">
-  <target host="westpac.com.au" />
-  <target host="*.westpac.com.au" />
-
-  <rule from="^http://westpac\.com\.au/"
-          to="https://www.westpac.com.au/" />
-  <rule from="^http://(businessonline|info|introducers|m\.onlineinvesting|onlineinvesting|services|www)\.westpac\.com\.au/"
-          to="https://$1.westpac.com.au/" />
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/WetStone-Technologies.xml b/src/chrome/content/rules/WetStone-Technologies.xml
new file mode 100644
index 000000000000..1c919e3aae24
--- /dev/null
+++ b/src/chrome/content/rules/WetStone-Technologies.xml
@@ -0,0 +1,13 @@
+<!--
+	Non-functional domain:
+		- wetstonetech.com		(cert only matches www)
+-->
+
+<ruleset name="WetStone Technologies">
+	<target host="www.wetstonetech.com" />
+
+  	<securecookie host="^www\.wetstonetech\.com$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Weta-Workshop.xml b/src/chrome/content/rules/Weta-Workshop.xml
new file mode 100644
index 000000000000..86f45c0fa996
--- /dev/null
+++ b/src/chrome/content/rules/Weta-Workshop.xml
@@ -0,0 +1,18 @@
+<!--
+	Non-functional domains:
+		- (www.)wetaworkshop.com	(Connection refused)
+-->
+
+<ruleset name="Weta Workshop">
+	<target host=    "wetanz.com" />
+	<target host="www.wetanz.com" />
+
+  	<securecookie host="^www\.wetanz\.com$" name=".+" />
+
+	<!-- cert only matches www -->
+	<rule from="^http://wetanz\.com/"
+		to="https://www.wetanz.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Wettergefahren.de.xml b/src/chrome/content/rules/Wettergefahren.de.xml
new file mode 100644
index 000000000000..3dd3ab94e6ba
--- /dev/null
+++ b/src/chrome/content/rules/Wettergefahren.de.xml
@@ -0,0 +1,10 @@
+<ruleset name="Wettergefahren.de">
+
+	<target host="wettergefahren.de" />
+	<target host="www.wettergefahren.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Whamcat.xml b/src/chrome/content/rules/Whamcat.xml
index d3a7a8bbacae..378e40c585da 100644
--- a/src/chrome/content/rules/Whamcat.xml
+++ b/src/chrome/content/rules/Whamcat.xml
@@ -6,7 +6,7 @@
 
 	<!--	Cert only matches ^whamcat.com.
 						-->
-	<rule from="^https?://(?:www\.)?whamcat\.com/"
+	<rule from="^http://(?:www\.)?whamcat\.com/"
 		to="https://whamcat.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Whappodo.xml b/src/chrome/content/rules/Whappodo.xml
new file mode 100644
index 000000000000..7339ae0bc456
--- /dev/null
+++ b/src/chrome/content/rules/Whappodo.xml
@@ -0,0 +1,10 @@
+<ruleset name="Whappodo.COM! GmbH">
+
+	<target host="app.whappodo.com"/>
+	<target host="cdn.whappodo.com"/>
+	<target host="demo.whappodo.com"/>
+	<target host="www.whappodo.com"/>
+
+	<rule from="^http:" to="https:"/>
+
+</ruleset>
diff --git a/src/chrome/content/rules/WhatBrowser.xml b/src/chrome/content/rules/WhatBrowser.xml
new file mode 100644
index 000000000000..15de55395ca8
--- /dev/null
+++ b/src/chrome/content/rules/WhatBrowser.xml
@@ -0,0 +1,9 @@
+<ruleset name="WhatBrowser.org">
+
+	<target host="whatbrowser.org" />
+	<target host="www.whatbrowser.org" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/WhatCD.xml b/src/chrome/content/rules/WhatCD.xml
deleted file mode 100644
index 11761669852c..000000000000
--- a/src/chrome/content/rules/WhatCD.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="WhatCD">
-
-	<target host="what.cd" />
-	<target host="*.what.cd" />
-
-  <rule from="^http://(www\.)?what\.cd/" to="https://what.cd/"/>
-  <rule from="^http://(m|ssl)\.what\.cd/" to="https://$1.what.cd/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/WhatCanIDoForMozilla.org.xml b/src/chrome/content/rules/WhatCanIDoForMozilla.org.xml
new file mode 100644
index 000000000000..355d396e1b15
--- /dev/null
+++ b/src/chrome/content/rules/WhatCanIDoForMozilla.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="WhatCanIDoForMozilla.org">
+	<target host="whatcanidoformozilla.org" />
+	<target host="www.whatcanidoformozilla.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/WhatDoTheyKnow.com.xml b/src/chrome/content/rules/WhatDoTheyKnow.com.xml
new file mode 100644
index 000000000000..3516eb52ff12
--- /dev/null
+++ b/src/chrome/content/rules/WhatDoTheyKnow.com.xml
@@ -0,0 +1,16 @@
+<!--
+	For other mySociety coverage, see MySociety.co.uk.xml.
+
+-->
+<ruleset name="WhatDoTheyKnow.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="whatdotheyknow.com" />
+	<target host="www.whatdotheyknow.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/WhatIsMyIP.com.xml b/src/chrome/content/rules/WhatIsMyIP.com.xml
new file mode 100644
index 000000000000..8e240f1ee5d7
--- /dev/null
+++ b/src/chrome/content/rules/WhatIsMyIP.com.xml
@@ -0,0 +1,24 @@
+<!--
+	Wildcard DNS and certificate
+
+	But different content for:
+		http://testurl.whatismyip.com
+		https://testurl.whatismyip.com
+
+	Different content http/https:
+		test.whatismyip.com
+
+-->
+<ruleset name="WhatIsMyIP">
+
+	<target host="whatismyip.com" />
+	<target host="www.whatismyip.com" />
+	<target host="api.whatismyip.com" />
+		<test url="http://api.whatismyip.com/ip.php?key=ABCDEF123456789ABCDEF123456789AB" />
+	<target host="forum.whatismyip.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/WhatIsMyIP.xml b/src/chrome/content/rules/WhatIsMyIP.xml
deleted file mode 100644
index 5b82a8f78ed9..000000000000
--- a/src/chrome/content/rules/WhatIsMyIP.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="WhatIsMyIP" platform="mixedcontent">
-
-	<target host="whatismyip.com" />
-	<target host="*.whatismyip.com" />
-
-
-	<securecookie host="^(?:.*\.)?whatismyip\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?whatismyip\.com/"
-		to="https://$1whatismyip.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/WhatIsMyIPAddress.com.xml b/src/chrome/content/rules/WhatIsMyIPAddress.com.xml
new file mode 100644
index 000000000000..137d4d527214
--- /dev/null
+++ b/src/chrome/content/rules/WhatIsMyIPAddress.com.xml
@@ -0,0 +1,23 @@
+<!--
+	Invalid certificate:
+		redir.whatismyipaddress.com
+
+	No working URL known:
+		static.whatismyipaddress.com
+-->
+<ruleset name="What Is My IP Address">
+
+	<target host="whatismyipaddress.com" />
+	<target host="www.whatismyipaddress.com" />
+	<target host="bot.whatismyipaddress.com" />
+	<target host="cdn.whatismyipaddress.com" />
+		<test url="http://cdn.whatismyipaddress.com/favicon.ico" />
+	<target host="forums.whatismyipaddress.com" />
+	<target host="ipv4bot.whatismyipaddress.com" />
+	<target host="support.whatismyipaddress.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/WhatPulse.org.xml b/src/chrome/content/rules/WhatPulse.org.xml
new file mode 100644
index 000000000000..2d81c5514a1a
--- /dev/null
+++ b/src/chrome/content/rules/WhatPulse.org.xml
@@ -0,0 +1,23 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://api.whatpulse.org/ => https://api.whatpulse.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	Mismatch:
+		- amcdn.whatpulse.org
+		- direct.whatpulse.org
+		- help.whatpulse.org
+		- www.whatpulse.org
+
+	Missing intermediate certificate:
+		- developer.whatpulse.org (https://github.com/EFForg/https-everywhere/pull/4882)
+
+-->
+<ruleset name="WhatPulse.org" default_off="failed ruleset test">
+	<target host="whatpulse.org" />
+	<target host="api.whatpulse.org" />
+
+	<securecookie host="^\.?whatpulse\.org$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/WhatReallyHappened.com.xml b/src/chrome/content/rules/WhatReallyHappened.com.xml
new file mode 100644
index 000000000000..fba7a6159ba9
--- /dev/null
+++ b/src/chrome/content/rules/WhatReallyHappened.com.xml
@@ -0,0 +1,12 @@
+<!-- whatreallyhappened.com has both a wildcard DNS record and a wildcard certificate. Any subdomain is valid, but all have same content. -->
+<ruleset name="WhatReallyHappened.com">
+	<target host="whatreallyhappened.com" />
+	<target host="*.whatreallyhappened.com" />
+
+	<rule from="^http:" to="https:" />
+
+	<test url="http://www.whatreallyhappened.com/" />
+	<test url="http://yzyhzsu6sn6ckav9.whatreallyhappened.com/" />
+	<test url="http://ypuouw3c3v84zsdr.whatreallyhappened.com/" />
+	<test url="http://x1gygz1l79oaecia.whatreallyhappened.com/" />
+</ruleset>
diff --git a/src/chrome/content/rules/What_Is_My_Spirit_Animal.com.xml b/src/chrome/content/rules/What_Is_My_Spirit_Animal.com.xml
new file mode 100644
index 000000000000..67c91b2c30f9
--- /dev/null
+++ b/src/chrome/content/rules/What_Is_My_Spirit_Animal.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="What Is My Spirit Animal.com">
+	<target host="whatismyspiritanimal.com" />
+	<target host="www.whatismyspiritanimal.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Whatbox.ca.xml b/src/chrome/content/rules/Whatbox.ca.xml
index 08ce83bc5c7a..b607cc56a5c2 100644
--- a/src/chrome/content/rules/Whatbox.ca.xml
+++ b/src/chrome/content/rules/Whatbox.ca.xml
@@ -1,8 +1,11 @@
-<ruleset name="Whatbox">
+<ruleset name="Whatbox.ca">
 
 	<target host="whatbox.ca" />
-	<target host="*.whatbox.ca" />
+	<target host="m.whatbox.ca" />
+	<target host="ssl.whatbox.ca" />
+	<target host="www.whatbox.ca" />
 
-  <rule from="^http://(www\.)?whatbox\.ca/" to="https://whatbox.ca/"/>
-  <rule from="^http://(m|ssl)\.whatbox\.ca/" to="https://$1.whatbox.ca/"/>
-</ruleset>
\ No newline at end of file
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Whatimg.com.xml b/src/chrome/content/rules/Whatimg.com.xml
deleted file mode 100644
index eb0c11a31c55..000000000000
--- a/src/chrome/content/rules/Whatimg.com.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="Whatimg.com">
-  <target host="whatimg.com" />
-  <target host="www.whatimg.com" />
-
-  <rule from="^http://(www\.)?whatimg\.com/" to="https://whatimg.com/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Whats_My_DNS.net.xml b/src/chrome/content/rules/Whats_My_DNS.net.xml
new file mode 100644
index 000000000000..b675ea734917
--- /dev/null
+++ b/src/chrome/content/rules/Whats_My_DNS.net.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- www.whatsmydns.net
+
+-->
+<ruleset name="Whats My DNS.net">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="whatsmydns.net" />
+	<target host="www.whatsmydns.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.whatsmydns\.net$" name="^(XSRF-TOKEN|whatsmydns_session)$" /-->
+
+	<securecookie host="^www\.whatsmydns\.net$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Whatsbroadcast.com.xml b/src/chrome/content/rules/Whatsbroadcast.com.xml
new file mode 100644
index 000000000000..a5019bd05996
--- /dev/null
+++ b/src/chrome/content/rules/Whatsbroadcast.com.xml
@@ -0,0 +1,25 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.widget.whatsbroadcast.com/ => https://www.widget.whatsbroadcast.com/: (6, 'Could not resolve host: www.widget.whatsbroadcast.com')
+Fetch error: http://www2.whatsbroadcast.com/ => https://www2.whatsbroadcast.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www2.whatsbroadcast.com'")
+
+-->
+<ruleset name="Whatsbroadcast" default_off="failed ruleset test">
+
+	<target host="whatsbroadcast.com"/>
+	<target host="api.whatsbroadcast.com"/>
+	<target host="api2.whatsbroadcast.com"/>
+	<target host="img.wbcsrv.com"/>
+	<target host="my.whatsbroadcast.com"/>
+	<target host="my2.whatsbroadcast.com"/>
+	<target host="widget.whatsbroadcast.com"/>
+	<target host="www.widget.whatsbroadcast.com"/>
+	<target host="www.whatsbroadcast.com"/>
+	<target host="www2.whatsbroadcast.com"/>
+
+	<!-- Cert mismatch on www.wbcsrv.com & wbcsrv.com -->
+
+	<rule from="^http:" to="https:"/>
+
+</ruleset>
diff --git a/src/chrome/content/rules/Wheel.sk.xml b/src/chrome/content/rules/Wheel.sk.xml
index 7d425c1f0600..f3e3103debdd 100644
--- a/src/chrome/content/rules/Wheel.sk.xml
+++ b/src/chrome/content/rules/Wheel.sk.xml
@@ -1,9 +1,9 @@
 <ruleset name="Wheel.sk">
 
 	<target host="wheel.sk" />
-	<target host="*.wheel.sk" />
+	<target host="gentoo.wheel.sk" />
+	<target host="www.wheel.sk" />
 
-	<rule from="^http://(gentoo\.|www\.)?wheel\.sk/"
-		to="https://$1wheel.sk/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Where.com.xml b/src/chrome/content/rules/Where.com.xml
index 318147678265..f31afa724e67 100644
--- a/src/chrome/content/rules/Where.com.xml
+++ b/src/chrome/content/rules/Where.com.xml
@@ -1,33 +1,45 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ads2.where.com/mds/imp?addeviceid= => https://ads2.where.com/mds/imp?addeviceid=: (7, 'Failed to connect to ads2.where.com port 443: Connection refused')
+Fetch error: http://ads2.where.com/ => https://ads2.where.com/: (7, 'Failed to connect to ads2.where.com port 443: Connection refused')
+Fetch error: http://upstream.where.com/ => https://upstream.where.com/: (7, 'Failed to connect to upstream.where.com port 443: Connection refused')
+
 	Ads.
 
 	For other PayPal coverage. see PayPal.xml.
 
 
-	Fully covered subdomains:
-
-		- ad
-		- paypal.adtag
-		- upstream
-		- (www.)
+	(www.)?where.com: Dropped over http & https
 
 
-	Observed cookie domains:
+	Insecure cookies are set for these domains:
 
-		- ad
-		- upstream
+		- .where.com
 
 -->
-<ruleset name="Where.com">
+<ruleset name="Where.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ad.where.com" />
+	<target host="ads.where.com" />
+	<target host="ads2.where.com" />
+	<target host="paypal.adtag.where.com" />
+	<target host="upstream.where.com" />
+
+		<test url="http://ads2.where.com/mds/imp?addeviceid=" />
 
-	<target host="where.com" />
-	<target host="*.where.com" />
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.where\.com$" name="^m_p_tc$" /-->
 
+	<securecookie host="^\.where\.com$" name="^m_p_tc$" />
 	<securecookie host="^ad\.where\.com$" name=".+" />
 
 
-	<rule from="^http://((?:ad|paypal\.adtag|upstream|www)\.)?where\.com/"
-		to="https://$1where.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Where2GetIt.com.xml b/src/chrome/content/rules/Where2GetIt.com.xml
new file mode 100644
index 000000000000..23a9925f8bd3
--- /dev/null
+++ b/src/chrome/content/rules/Where2GetIt.com.xml
@@ -0,0 +1,31 @@
+<!--
+	Different content http/https:
+		where2getit.com
+		www.where2getit.com
+
+	Invalid certificate:
+		blog.where2getit.com
+		knowledge.where2getit.com
+
+	Mixed content:
+		direct.where2getit.com
+		hosted.where2getit.com
+
+	Refused:
+		static.where2getit.com
+
+-->
+<ruleset name="Where2GetIt.com (partial)">
+
+	<target host="ignite.where2getit.com" />
+	<target host="info.where2getit.com" />
+	<target host="mobile.where2getit.com" />
+	<target host="social.where2getit.com" />
+		<test url="http://social.where2getit.com/lenoxcorporation/" />
+
+	<securecookie host="^ignite\.where2getit\.com$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Where_2_Get_It.xml b/src/chrome/content/rules/Where_2_Get_It.xml
deleted file mode 100644
index 6b635a92ea47..000000000000
--- a/src/chrome/content/rules/Where_2_Get_It.xml
+++ /dev/null
@@ -1,50 +0,0 @@
-<!--
-	CDN buckets:
-
-		- br-w2gi.s3.amazonaws.com
-
-
-	Nonfunctional subdomains:
-
-		- ^	(shows direct; mismatched, CN: direct.where2getit.com)
-		- blog	(http reply)
-		- www	(no https)
-
-
-	Problematic subdomains:
-
-		- mobile	(mismatched, CN: hosted.where2getit.com)
-		- static	(times out)
-
-
-	Partially covered subdomains:
-
-		- mobile	(→ hosted)
-		- static	(→ hosted)
-
-
-	Fully covered subdomains:
-
-		- direct
-		- hosted
-		- ignite
-
--->
-<ruleset name="Where 2 Get It (partial)">
-
-	<target host="*.where2getit.com" />
-
-
-	<securecookie host="^\.(?:hosted|ignite)\.where2getit\.com$" name=".+" />
-
-
-	<rule from="^http://(direct|hosted|ignite)\.where2getit\.com/"
-		to="https://$1.where2getit.com/" />
-
-	<rule from="^http://mobile\.where2getit\.com/([\w-]+)/(images|javascript)/"
-		to="https://hosted.where2getit.com/$1/$2/" />
-
-	<rule from="^http://static\.where2getit\.com/w2gi/"
-		to="https://hosted.where2getit.com/w2gi/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Which.xml b/src/chrome/content/rules/Which.xml
index e2a94e893f4e..f3dbc65be7c8 100644
--- a/src/chrome/content/rules/Which.xml
+++ b/src/chrome/content/rules/Which.xml
@@ -1,26 +1,132 @@
+<!--
+	Problematic domains:
+
+		- which.resultspage.com ¹
+		- staticwhich.co.uk ²
+		- search.which.co.uk ³
+		- static.which.net ⁴
+		- subscribe.which.net ⁵
+
+	¹ Mixed css from search.which.co.uk, www.staticwhich.co.uk, and www.which.co.uk
+	² Mixed css from www.staticwhich.co.uk
+	³ Redirects to http; mismatched, CN: *.resultspage.com
+	⁴ Works; mismatched, CN: www.staticwhich.co.uk
+	⁵ Shows another domain, expired 2013-04-30
+
+
+	Partially covered domains:
+
+		- staticwhich.co.uk ¹
+
+		- blogs.which.co.uk ²
+		- search.which.co.uk ³
+		- www.which.co.uk ²
+
+		- (www.)which.net ²
+
+	¹ Avoiding mixed css from www.staticwhich.co.uk
+	² At least some pages redirect to http
+	³ Avoiding mixed css from (search|www).which.co.uk and www.staticwhich.co.uk
+
+
+	Fully covered domains:
+
+		- www.staticwhich.net
+		- info.which.co.uk
+		- subscribe.which.net	(→ www.which.net)
+
+
+	These altnames don't exist:
+
+		- www.blogs.which.co.uk
+		- www.subscribe.which.net
+
+
+	Mixed content:
+
+		- iframe on staticwhich.co.uk from www.youtube.com *
+
+		- css, on:
+
+			- which.resultspage.com from www.staticwhich.co.uk *
+			- which.resultspage.com from search.which.co.uk *
+			- which.resultspage.com from www.which.co.uk *
+			- staticwhich.co.uk from www.staticwhich.co.uk *
+
+		- Images on staticwhich.co.uk from www.staticwhich.co.uk *
+
+		- favicon, on:
+
+			- which.resultspage.com from search.which.co.uk *
+			- which.resultspage.com from www.which.co.uk *
+
+	* Secured by us
+
+-->
 <ruleset name="Which? (partial)">
 
-	<target host="which.co.uk" />
-	<target host="*.which.co.uk" />
-	<target host="static.which.net" />
 	<target host="staticwhich.co.uk" />
 	<target host="www.staticwhich.co.uk" />
+	<target host="which.co.uk" />
+	<target host="*.which.co.uk" />
+		<!--
+			Avoid false/broken MCB:
+						-->
+		<exclusion pattern="^http://staticwhich\.co\.uk/+(?:$|\?)" />
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="^http://blogs\.which\.co\.uk/+($|\?)" /-->
+		<!--exclusion pattern="^http://www\.which\.co\.uk/+($|\?|(accessibility|privacy-policy/cookie-policy)/?($|\?))" /-->
+		<!--exclusion pattern="^http://www\.which\.net/+($|\?)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://blogs\.which\.co\.uk/+(?!\w+/(?:(?:login|register)(?:$|[?/])|wp-(?:content|includes)/)|favicon\.ico)" />
+		<exclusion pattern="^http://www\.which\.co\.uk/+(?!assets/|components/eprivacy\.html|favicon\.ico|(?:login|signup)(?:$|[?/])|media/)" />
+		<!--exclusion pattern="^http://(www\.)?which\.net/+(?!(about|account|services|support|webmail)($|[?/])|assets/|favicon\.ico|images/|styles/)" /-->
+	<target host="which.net" />
+	<target host="*.which.net" />
+
+
+	<!--	Secured by server:
+					-->
+	<!--securecookie host="^www\.which\.net$" name="^SQMSESSID$" /-->
+	<!--
+		Not secured by server:
+					-->
+	<!--securecookie host="^staticwhich\.co\.uk$" name="^(JSESSIONID|b1Pz|lastPageName)$" /-->
+	<!--securecookie host="^(www\.)?staticwhich\.co\.uk$" name="^b1P$" /-->
+	<securecookie host="^which\.net$" name="^SQMSESSID$" />
+	<!--securecookie host="^(www\.)?which\.net$" name="^INFO$" /-->
 
+	<securecookie host="^(?:www\.)?staticwhich\.co\.uk$" name=".+" />
 
-	<securecookie host="^(www\.)?staticwhich\.co\.uk$" name=".*" />
 
+	<rule from="^http://(www\.)?staticwhich\.co\.uk/"
+		to="https://$1staticwhich.co.uk/" />
 
-	<rule from="^http://(www\.)?which\.co\.uk/(assets/|favicon\.ico|login/?$|media/|signup/?$)"
-		to="https://$1which.co.uk/$2" />
+	<rule from="^http://((?:blogs|info|www)\.)?which\.co\.uk/"
+		to="https://$1which.co.uk/" />
 
-	<rule from="^http://info\.which\.co\.uk/"
-		to="https://info.which.co.uk/" />
+	<rule from="^http://search\.which\.co\.uk/(?=favicon\.ico|sli_styles\.css)"
+		to="https://which.resultspage.com/" />
+
+	<rule from="^http://(www\.)?which\.net/(?=(?:about|services|support)(?:$|[?/])|assets/|favicon\.ico|images/|styles/)"
+		to="https://$1which.net/" />
+
+	<!--	^ redirects to www over http,
+		so copy that behavior:
+					-->
+	<rule from="^http://(?:www\.)?which\.net/(?=(?:account|webmail)(?:$|[?/]))"
+		to="https://www.which.net/" />
 
-	<!--	Cert doesn't match.	-->
 	<rule from="^http://static\.which\.net/"
-		to="https://staticwhich.co.uk/" />
+		to="https://www.staticwhich.co.uk/" />
 
-	<rule from="^http://(www\.)?staticwhich\.co\.uk/"
-		to="https://$1staticwhich.co.uk/" />
+	<!--	Redirect drops path but not args:
+							-->
+	<rule from="^http://subscribe\.which\.net/+[^?]*"
+		to="https://www.which.net/account" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Which_MBA.com.xml b/src/chrome/content/rules/Which_MBA.com.xml
new file mode 100644
index 000000000000..f7bc63c35d38
--- /dev/null
+++ b/src/chrome/content/rules/Which_MBA.com.xml
@@ -0,0 +1,58 @@
+<!--
+	For other Economist Group coverage, see Economist.xml.
+
+
+	^whichmba.com: Refused
+
+
+	Insecure cookies are set for these domains:
+
+		- .whichmba.com
+
+-->
+<ruleset name="Which MBA.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ads.whichmba.com" />
+
+	<!--	Complications:
+				-->
+	<target host="whichmba.com" />
+
+		<!--	\w.* 404s:
+						-->
+		<exclusion pattern="^http://whichmba\.com/+(?!$|\?)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://whichmba.com/d" />
+			<test url="http://whichmba.com/o" />
+			<test url="http://whichmba.com/i" />
+			<test url="http://whichmba.com/4" />
+			<test url="http://whichmba.com/0" />
+			<test url="http://whichmba.com//4" />
+
+			<!--	-ve:
+					-->
+			<test url="http://whichmba.com//" />
+			<test url="http://whichmba.com/?" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.whichmba\.com$" name="^(?:OAID|OAVARS\[[\da-f]{8}\])" /-->
+
+	<securecookie host="^\.whichmba\.com$" name=".+" />
+
+
+	<!--	Redirect keeps args but
+		not forward slash:
+					-->
+	<rule from="^http://whichmba\.com/+"
+		to="https://www.economist.com/whichmba" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/WhippleHill.com.xml b/src/chrome/content/rules/WhippleHill.com.xml
new file mode 100644
index 000000000000..1855bf92a110
--- /dev/null
+++ b/src/chrome/content/rules/WhippleHill.com.xml
@@ -0,0 +1,16 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+		- whipplehill.com
+		- www.whipplehill.com
+
+		SSL peer certificate was not OK:
+		- content.whipplehill.com
+		- videos.whipplehill.com
+		- www2.whipplehill.com
+-->
+<ruleset name="WhippleHill.com">
+	<target host="webservice.whipplehill.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/WhippleHill.xml b/src/chrome/content/rules/WhippleHill.xml
deleted file mode 100644
index adf0e23ad97c..000000000000
--- a/src/chrome/content/rules/WhippleHill.xml
+++ /dev/null
@@ -1,33 +0,0 @@
-<!--
-	CDN buckets:
-
-		- schoolpress.cdn.whipplehill.net.s3.amazonaws.com
-
-
-	Problematic domains:
-
-		- www2.whipplehill.com		(works; mismatched, CN: *.pardot.com)
-
-
-	Nonfunctional domains:
-
-		- (www.)whipplehill.com		(refused)
-
--->
-<ruleset name="WilliamHill (partial)">
-
-	<target host="www2.whipplehill.com" />
-		<!--
-			Redirects to www:
-						-->
-		<exclusion pattern="^http://www2\.whipplehill\.com/(?:\?.*)?$" />
-	<target host="schoolpress.cdn.whipplehill.net" />
-
-
-	<rule from="^http://www2\.whipplehill\.com/"
-		to="https://go.pardot.com/" />
-
-	<rule from="^http://schoolpress\.cdn\.whipplehill\.net/"
-		to="https://s3.amazonaws.com/schoolpress.cdn.whipplehill.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Whirlpool.xml b/src/chrome/content/rules/Whirlpool.xml
deleted file mode 100644
index be5f6d28bbb6..000000000000
--- a/src/chrome/content/rules/Whirlpool.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Whirlpool">
-
-	<target host="whirlpool.net.au" />
-	<target host="*.whirlpool.net.au" />
-
-
-	<securecookie host="^\.whirlpool\.net\.au$" name=".+" />
-
-
-	<rule from="^http://(bc\.|forums\.|www\.)?whirlpool\.net\.au/"
-		to="https://$1whirlpool.net.au/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Whiskey-Media.xml b/src/chrome/content/rules/Whiskey-Media.xml
deleted file mode 100644
index e80972619729..000000000000
--- a/src/chrome/content/rules/Whiskey-Media.xml
+++ /dev/null
@@ -1,38 +0,0 @@
-<!--
-	CDN buckets:
-
-		- ddjhyz888xk1m.cloudfront.net
-		- dh3vbjnk0bnfa.cloudfront.net
-
-
-	Nonfunctional domains:
-
-		- comicvine.com		(cert: auth.whiskeymedia.com; redirects there)
-		- www.comicvine.com	(ditto)
-		- giantbomb.com		(cert: auth.whiskeymedia.com; redirects there)
-		- store.giantbomb.com	(cert: *.myshopify.com; redirects to http)
-		- www.giantbomb.com	(cert: auth.whiskeymedia.com; redirects there)
-		- tested.com
-		- www.tested.com
-		- whiskeymedia.com	(cert: auth.whiskeymedia.com; redirects there)
-		- www.whiskeymedia.com	(ssl_error_rx_record_too_long)
-
--->
-<ruleset name="Whiskey Media (partial)">
-
-	<target host="*.comicvine.com" />
-	<target host="media.screened.com" />
-	<target host="files.tested.com" />
-	<target host="auth.whiskeymedia.com" />
-	<target host="media.corp.whiskeymedia.com" />
-
-	<rule from="^http://auth\.(comicvine|whiskeymedia)\.com/"
-		to="https://auth.$1.com/" />
-
-	<rule from="^https?://media\.(comicvine|screened|corp\.whiskeymedia)\.com/"
-		to="https://s3.amazonaws.com/media.$1.com/" />
-
-	<rule from="^http://files\.tested\.com/"
-		to="https://ddjhyz888xk1m.cloudfront.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Whisky.de.xml b/src/chrome/content/rules/Whisky.de.xml
new file mode 100644
index 000000000000..3af4e16e7f80
--- /dev/null
+++ b/src/chrome/content/rules/Whisky.de.xml
@@ -0,0 +1,29 @@
+<!--
+	Invalid certificate:
+		- download.whisky.de
+		- webdisk.news.whisky.de
+
+	Login required:
+		- test.whisky.de
+
+	Mixed content:
+		- www.whisky.de
+		- shophe.whisky.de
+
+	Unable to connect:
+		- pdf.whisky.de
+		- remote.whisky.de
+
+	Wildcard DNS record and certificate.
+-->
+<ruleset name="Whisky.de">
+	<target host="whisky.de" />
+	<target host="www.whisky.de" />
+	<target host="news.whisky.de" />
+	<target host="proxy.whisky.de"/>
+	<target host="shophe.whisky.de"/>
+	<target host="typo3.whisky.de"/>
+	<target host="vanilla.whisky.de"/>
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Whisper-Gifts.xml b/src/chrome/content/rules/Whisper-Gifts.xml
index 38addc0cca2b..f53c911e6a9d 100644
--- a/src/chrome/content/rules/Whisper-Gifts.xml
+++ b/src/chrome/content/rules/Whisper-Gifts.xml
@@ -1,16 +1,17 @@
+<!--
+	Nonfunctional subdomains:
+		- whispergifts.com	(invalid cert)
+-->
 <ruleset name="Whisper Gifts (partial)">
 
 	<target host="whispergifts.com" />
 	<target host="www.whispergifts.com" />
 
 
-	<!--	Unsupported paths redirect to www, so this is safe.	-->
-	<rule from="^https://whispergifts\.com/"
-		to="https://whispergifts.com/" />
+	<rule from="^http://whispergifts\.com/"
+		to="https://www.whispergifts.com/" />
 
-	<!--	There may be more paths than are
-		handled here that don't redirect to http.	-->
-	<rule from="^http://www\.whispergifts/(media/|whisper/(?:login|manage|signup))"
-		to="https://www.whispergifts/$1" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Whisper.sh.xml b/src/chrome/content/rules/Whisper.sh.xml
new file mode 100644
index 000000000000..7ab5d0d9862f
--- /dev/null
+++ b/src/chrome/content/rules/Whisper.sh.xml
@@ -0,0 +1,25 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://whisper.sh/ => https://whisper.sh/: Too many redirects while fetching 'https://whisper.sh/'
+Fetch error: http://www.whisper.sh/ => https://www.whisper.sh/: Too many redirects while fetching 'https://www.whisper.sh/'
+
+	CDN buckets:
+		- s3.amazonaws.com
+		- cdn-webimages.wimages.net
+
+		*secured by us
+
+	Non-functional subdomain:
+		- support		(hostname mismatch, CN: *.desk.com, desk.com)
+		- your-voice.org        (connection refused)
+-->
+<ruleset name="Whisper.sh (partial)" default_off="failed ruleset test">
+	<target host=    "whisper.sh" />
+	<target host="www.whisper.sh" />
+
+  	<securecookie host="^whisper\.sh$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/WhisperSystems.org.xml b/src/chrome/content/rules/WhisperSystems.org.xml
new file mode 100644
index 000000000000..0756389ee388
--- /dev/null
+++ b/src/chrome/content/rules/WhisperSystems.org.xml
@@ -0,0 +1,15 @@
+<!--
+	Invalid certificate:
+		bithub.whispersystems.org
+
+-->
+<ruleset name="Open Whisper Systems">
+
+	<target host="whispersystems.org" />
+	<target host="www.whispersystems.org" />
+	<target host="support.whispersystems.org" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/WhisperSystems.xml b/src/chrome/content/rules/WhisperSystems.xml
deleted file mode 100644
index 47e4eac527ef..000000000000
--- a/src/chrome/content/rules/WhisperSystems.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="WhisperSystems">
-
-	<target host="whispersystems.org" />
-	<target host="www.whispersystems.org" />
-
-
-	<rule from="^http://(www\.)?whispersystems\.org/"
-		to="https://$1whispersystems.org/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/WhistleOut.xml b/src/chrome/content/rules/WhistleOut.xml
index e0883de3d86a..3da11af3d470 100644
--- a/src/chrome/content/rules/WhistleOut.xml
+++ b/src/chrome/content/rules/WhistleOut.xml
@@ -1,18 +1,29 @@
-<ruleset name="WhistleOut (partial)">
+<ruleset name="WhistleOut">
 
 	<target host="whistleout.com" />
-	<target host="*.whistleout.com" />
+	<target host="www.whistleout.com" />
+	<target host="androidcentral.whistleout.com" />
+	<target host="androidpit.whistleout.com" />
+	<target host="comparecom.whistleout.com" />
+	<target host="gizmag.whistleout.com" />
+	<target host="help.whistleout.com" />
+	<target host="moneytalksnews.whistleout.com" />
+	<target host="r1.whistleout.com" />
+	<target host="r2.whistleout.com" />
+	<target host="r3.whistleout.com" />
+	<target host="res3.whistleout.com" />
+	<target host="techradar.whistleout.com" />
+	<target host="telegraph.whistleout.com" />
+	<target host="test.whistleout.com" />
+	<target host="trustedreviews.whistleout.com" />
+
 	<target host="whistleout.com.au" />
 	<target host="www.whistleout.com.au" />
+
 	<target host="whistleout.co.uk" />
 	<target host="www.whistleout.co.uk" />
 
-
-	<!--	At least some pages redirect to http.	-->
-	<rule from="^http://(www\.)?whistleout\.co(m|m\.au|\.uk)/(blog/wp-content/|css/|ImageLibrary/)"
-		to="https://$1whistleout.co$2/$3" />
-
-	<rule from="^http://resources([123])\.whistleout\.com/"
-		to="https://resources$1.whistleout.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/WhiteFence.com.xml b/src/chrome/content/rules/WhiteFence.com.xml
deleted file mode 100644
index 19807f241eb0..000000000000
--- a/src/chrome/content/rules/WhiteFence.com.xml
+++ /dev/null
@@ -1,44 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- affiliateprogram *
-		- b2b			(redirects to 404; mismatched, CN: www.whitefence.com)
-		- energy *
-		- green **
-		- information *
-		- partners **
-		- savings *
-		- wfindex *
-
-	* Shows ordersearch; mismatched, CN: ordersearch.whitefence.com
-	** Shows connectmyphone.com; mismatched, CN: www.connectmyphone.com
-
-
-	Problematic subdomains:
-
-		- ^	(cert only matches www)
-		- www2	(works, expired 2010-10-24)
-
-
-	Fully covered subdomains:
-
-		- (www.)
-		- ox-d
-
--->
-<ruleset name="WhiteFence.com (partial)">
-
-	<target host="whitefence.com" />
-	<target host="*.whitefence.com" />
-
-
-	<securecookie host="^ox-d\.whitefence\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?whitefence\.com/"
-		to="https://www.whitefence.com/" />
-
-	<rule from="^http://ox-d\.whitefence\.com/"
-		to="https://ox-d.whitefence.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/WhiteHat_Security.xml b/src/chrome/content/rules/WhiteHat_Security.xml
index fd01d27f1068..6c5e15f835ea 100644
--- a/src/chrome/content/rules/WhiteHat_Security.xml
+++ b/src/chrome/content/rules/WhiteHat_Security.xml
@@ -1,13 +1,26 @@
+<!--
+	Mixed content:
+
+		- Image on info from $self *
+
+	* Secured by us
+
+-->
 <ruleset name="WhiteHat Security">
 
 	<target host="whitehatsec.com" />
-	<target host="*.whitehatsec.com" />
+	<target host="blog.whitehatsec.com" />
+	<target host="info.whitehatsec.com" />
+	<target host="www.whitehatsec.com" />
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^info\.whitehatsec\.com$" name="^BIGipServerab01web1-ssl3_https$" /-->
 
-	<securecookie host="^blog\.whitehatsec\.com$" name=".+" />
+	<securecookie host="^(?:blog|info)\.whitehatsec\.com$" name=".+" />
 
 
-	<rule from="^http://(blog\.|www\.)?whitehatsec\.com/"
-		to="https://$1whitehatsec.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/WhiteThreadInstitute.org.xml b/src/chrome/content/rules/WhiteThreadInstitute.org.xml
new file mode 100644
index 000000000000..74d9ef2bde38
--- /dev/null
+++ b/src/chrome/content/rules/WhiteThreadInstitute.org.xml
@@ -0,0 +1,6 @@
+<ruleset name="WhiteThreadInstitute.org">
+	<target host="whitethreadinstitute.org" />
+	<target host="www.whitethreadinstitute.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/WhiteThreadPress.com.xml b/src/chrome/content/rules/WhiteThreadPress.com.xml
new file mode 100644
index 000000000000..b485ceec7338
--- /dev/null
+++ b/src/chrome/content/rules/WhiteThreadPress.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="WhiteThreadPress.com">
+	<target host="whitethreadpress.com" />
+	<target host="www.whitethreadpress.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/White_Cat_Publications.xml b/src/chrome/content/rules/White_Cat_Publications.xml
deleted file mode 100644
index ed245e49454c..000000000000
--- a/src/chrome/content/rules/White_Cat_Publications.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	!www: http reply
-
--->
-<ruleset name="White Cat Publications">
-
-	<target host="whitecatpublications.com" />
-	<target host="*.whitecatpublications.com" />
-
-
-	<securecookie host="^(?:www)?\.whitecatpublications\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?whitecatpublications\.com/"
-		to="https://www.whitecatpublications.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/White_Lisbon.com.xml b/src/chrome/content/rules/White_Lisbon.com.xml
new file mode 100644
index 000000000000..34c907b22f7a
--- /dev/null
+++ b/src/chrome/content/rules/White_Lisbon.com.xml
@@ -0,0 +1,20 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://mail.whitelisbon.com/ => https://mail.whitelisbon.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+-->
+<ruleset name="White Lisbon.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="mail.whitelisbon.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Whitehathouston.com.xml b/src/chrome/content/rules/Whitehathouston.com.xml
deleted file mode 100644
index 1d5efaab5483..000000000000
--- a/src/chrome/content/rules/Whitehathouston.com.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="whitehathouston.com" default_off="expired">
-
-	<target host="whitehathouston.com"/>
-	<target host="www.whitehathouston.com"/>
-
-	<rule from="^http://(www\.)?whitehathouston\.com/"
-		to="https://whitehathouston.com/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Whitelabel.net.xml b/src/chrome/content/rules/Whitelabel.net.xml
index b7fb224d4353..c58f651fa191 100644
--- a/src/chrome/content/rules/Whitelabel.net.xml
+++ b/src/chrome/content/rules/Whitelabel.net.xml
@@ -1,13 +1,16 @@
+<!--
+	For other Serato coverage, see Serato.com.xml.
+
+-->
 <ruleset name="Whitelabel.net">
 
 	<target host="whitelabel.net" />
-	<target host="*.whitelabel.net" />
+	<target host="www.whitelabel.net" />
 
 
 	<securecookie host="^\.?whitelabel\.net$" name=".+" />
 
 
-	<rule from="^http://(www\.)?whitelabel\.net/"
-		to="https://$1whitelabel.net/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Whitepages.com.xml b/src/chrome/content/rules/Whitepages.com.xml
new file mode 100644
index 000000000000..03a48f5fd626
--- /dev/null
+++ b/src/chrome/content/rules/Whitepages.com.xml
@@ -0,0 +1,86 @@
+<!--
+	Nonfunctioanl domains:
+
+		- names.whitepages.com *
+
+	* Dropped
+
+
+	Problematic domains:
+
+		- www.pro.whitepages.com ¹
+		- www.support.whitepages.com ²
+
+	¹ Mismatched
+	² Refused
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .whitepages.com
+		- apiportal.whitepages.com
+
+
+	Mixed content:
+
+		- Image on pro.lookup from $self
+		- css on secure from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Whitepages.com (partial)">
+
+	<target host="apiportal.whitepages.com" />
+	<target host="pro.lookup.whitepages.com"/>
+	<target host="pro.whitepages.com"/>
+	<target host="secure.whitepages.com"/>
+	<target host="support.whitepages.com" />
+	<target host="whitepages.com"/>
+	<target host="www.whitepages.com"/>
+	<target host="www.pro.whitepages.com"/>
+
+	<!--	Complications:
+				-->
+	<target host="www.support.whitepages.com" />
+
+		<!--	Redirect to http:
+						-->
+		<!--exclusion pattern="^http://www\.whitepages\.com/($|3rdr/assets/stylesheets/|common/images/|favicon\.ico)" /-->
+		<!--exclusion pattern="^http://pro\.whitepages\.com/$" /-->
+
+			<!--	+ve:
+					-->
+			<test url="http://pro.whitepages.com/blog/" />
+			<test url="http://pro.whitepages.com/developer/" />
+			<test url="http://pro.whitepages.com/features/whitepages-pro-api/" />
+
+			<!--	+ve:
+					-->
+			<test url="http://pro.whitepages.com/wp-content/themes/roots/assets/css/main.min.css" />
+	        <test url="http://www.pro.whitepages.com/features/whitepages-pro-api/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.whitepages\.com$" name="^(_whitepages_session|rsi_segs)$" /-->
+	<!--securecookie host="^apiportal\.whitepages\.com$" name="^_session_id$" /-->
+	<!--securecookie host="^secure\.whitepages\.com$" name="^(eb|ewp|ipu|wp_endemic_provider|wp_pid)$" /-->
+
+	<securecookie host="^(?:apiportal|secure)\.whitepages\.com$" name=".+" />
+
+	<!--	Redirect keeps path and args,
+		but not forward slash:
+					-->
+	<rule from="^http://www\.pro\.whitepages\.com/+"
+		to="https://pro.whitepages.com/"/>
+
+	<!--	Redirect keeps path, args, and forward slash:
+								-->
+	<rule from="^http://www\.support\.whitepages\.com/"
+		to="https://support.whitepages.com/"/>
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Whitepaperdb.de.xml b/src/chrome/content/rules/Whitepaperdb.de.xml
new file mode 100644
index 000000000000..8024aa589fa2
--- /dev/null
+++ b/src/chrome/content/rules/Whitepaperdb.de.xml
@@ -0,0 +1,28 @@
+<!--
+	Cert mismatch:
+		- connect.whitepaperdb.de
+		- connected-home.whitepaperdb.de
+		- mail.whitepaperdb.de
+		- pc-magazin.whitepaperdb.de
+		- webmail.whitepaperdb.de
+-->
+
+<ruleset name="Whitepaper DB Gmbh">
+
+	<target host="whitepaperdb.de" />
+	<target host="www.whitepaperdb.de" />
+
+	<target host="evm.whitepaperdb.de" />
+	<target host="faz.whitepaperdb.de" />
+	<target host="golem.whitepaperdb.de" />
+	<target host="handelsblatt.whitepaperdb.de" />
+	<target host="links.whitepaperdb.de" />
+	<target host="lnks.whitepaperdb.de" />
+	<target host="sueddeutsche.whitepaperdb.de" />
+	<target host="transfer.whitepaperdb.de" />
+	<target host="wiwo.whitepaperdb.de" />
+	<target host="wm.whitepaperdb.de" />
+	<target host="zeit.whitepaperdb.de" />
+
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/WhitneyWisconsinFans.com.xml b/src/chrome/content/rules/WhitneyWisconsinFans.com.xml
new file mode 100644
index 000000000000..082a47ea9c17
--- /dev/null
+++ b/src/chrome/content/rules/WhitneyWisconsinFans.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="WhitneyWisconsinFans.com">
+	<target host="whitneywisconsinfans.com" />
+	<target host="www.whitneywisconsinfans.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Who.is.xml b/src/chrome/content/rules/Who.is.xml
new file mode 100644
index 000000000000..c5dac804a631
--- /dev/null
+++ b/src/chrome/content/rules/Who.is.xml
@@ -0,0 +1,7 @@
+<ruleset name="Who.is">
+	<target host="who.is" />
+	<target host="www.who.is" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/WhoIsJuan.me.xml b/src/chrome/content/rules/WhoIsJuan.me.xml
new file mode 100644
index 000000000000..8e9814f7f2a8
--- /dev/null
+++ b/src/chrome/content/rules/WhoIsJuan.me.xml
@@ -0,0 +1,14 @@
+<!--
+	Invalid certificate:
+		- whoisjuan.me, equivalent to www.whoisjuan.me
+-->
+
+<ruleset name="WhoIsJuan.me">
+	<target host="whoisjuan.me" />
+	<target host="www.whoisjuan.me" />
+
+	<rule from="^http://whoisjuan\.me/"
+		to="https://www.whoisjuan.me/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/WhoSampled.com.xml b/src/chrome/content/rules/WhoSampled.com.xml
new file mode 100644
index 000000000000..4bca801186a9
--- /dev/null
+++ b/src/chrome/content/rules/WhoSampled.com.xml
@@ -0,0 +1,31 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://whosampled.com/ => http://whosampled.com/: (7, 'Failed to connect to whosampled.com port 80: Connection refused')
+Fetch error: http://www.whosampled.com/ => http://www.whosampled.com/: (7, 'Failed to connect to www.whosampled.com port 80: Connection refused')
+
+	Mixed content:
+
+		- iframe on blog from api.mixcloud.com *
+
+	* Secured by us
+
+-->
+<ruleset name="WhoSampled.com (partial)" default_off="failed ruleset test">
+
+	<target host="whosampled.com" />
+	<target host="www.whosampled.com" />
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="^http://www\.whosampled.com/+($|\?)" /-->
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="^http://www\.whosampled.com/+(?!accounts/(login|registration)($|[?/])|static/)" /-->
+
+
+	<rule from="^http://(www\.)?whosampled\.com/(?=accounts/(?:login|registration)(?:$|[?/])|static/)"
+		to="https://$1whosampled.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/WhoSpendsMoney.com.xml b/src/chrome/content/rules/WhoSpendsMoney.com.xml
new file mode 100644
index 000000000000..39a4d01d1077
--- /dev/null
+++ b/src/chrome/content/rules/WhoSpendsMoney.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="WhoSpendsMoney.com">
+	<target host="whospendsmoney.com" />
+	<target host="www.whospendsmoney.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/WhoTargets.me.xml b/src/chrome/content/rules/WhoTargets.me.xml
new file mode 100644
index 000000000000..87b953fe48e2
--- /dev/null
+++ b/src/chrome/content/rules/WhoTargets.me.xml
@@ -0,0 +1,8 @@
+<ruleset name="WhoTargets.me">
+	<target host="whotargets.me" />
+	<target host="www.whotargets.me" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Who_do_you.trust.xml b/src/chrome/content/rules/Who_do_you.trust.xml
new file mode 100644
index 000000000000..c89a2199d0e1
--- /dev/null
+++ b/src/chrome/content/rules/Who_do_you.trust.xml
@@ -0,0 +1,30 @@
+<!--
+	For other NCC Group coverage, see NCC_Group.com.xml.
+
+
+	Insecure cookies are set for these hosts:
+
+		- whodoyou.trust
+		- www.whodoyou.trust
+
+-->
+<ruleset name="who do you.trust">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="whodoyou.trust" />
+	<target host="www.whodoyou.trust" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?whodoyou\.trust$" name="^(?:___utmv[abm]\w+|incap_ses_\d+_\d+|visid_incap_\d+)$" /-->
+	<!--securecookie host="^www\.whodoyou\.trust$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^(?:www\.)?whodoyou\.trust$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Whoer.net.xml b/src/chrome/content/rules/Whoer.net.xml
new file mode 100644
index 000000000000..5debae8b0753
--- /dev/null
+++ b/src/chrome/content/rules/Whoer.net.xml
@@ -0,0 +1,72 @@
+<!--
+	Could not resolve host:
+		gkskm1438867.br.whoer.net
+		rbysz1438864.br.whoer.net
+		nl3-speed.whoer.net
+		www.tcp.whoer.net
+		tcp9.whoer.net
+		ua3-speed.whoer.net
+		uk2-speed.whoer.net
+
+	OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to:
+		ca1-speed.whoer.net
+		ca2-speed.whoer.net
+		ch1-speed.whoer.net
+		ch2-speed.whoer.net
+		de1-speed.whoer.net
+		de2-speed.whoer.net
+		de3-speed.whoer.net
+		es1-speed.whoer.net
+		fr1-speed.whoer.net
+		fr2-speed.whoer.net
+		fr3-speed.whoer.net
+		hk1-speed.whoer.net
+		it1-speed.whoer.net
+		nl1-speed.whoer.net
+		nl2-speed.whoer.net
+		nl88-speed.whoer.net
+		nl99-speed.whoer.net
+		pl1-speed.whoer.net
+		ro1-speed.whoer.net
+		ru1-speed.whoer.net
+		ru2-speed.whoer.net
+		ru3-speed.whoer.net
+		ru4-speed.whoer.net
+		se1-speed.whoer.net
+		se2-speed.whoer.net
+		sg1-speed.whoer.net
+		tcp.whoer.net
+		tr1-speed.whoer.net
+		ua1-speed.whoer.net
+		ua2-speed.whoer.net
+		uk1-speed.whoer.net
+		us1-speed.whoer.net
+		us2-speed.whoer.net
+		us3-speed.whoer.net
+		us4-speed.whoer.net
+
+	Connnection Refused:
+		mail.whoer.net (r)
+		nl33-speed.whoer.net
+		nl44-speed.whoer.net
+		nl55-speed.whoer.net
+		nl66-speed.whoer.net
+
+	Connnection timed out:
+		nl4-speed.whoer.net
+		nl5-speed.whoer.net
+
+	Failed to connect, No route to host:
+		us5-speed.whoer.net
+
+	r: connection refused
+-->
+<ruleset name="Whoer.net">
+	<target host="whoer.net" />
+	<target host="www.whoer.net" />
+	<!-- hosts referenced here were enumerated by `python3 sublist3r.py -d whoer.net` -->
+	<target host="vpnapi.whoer.net"/>
+	<target host="wime.whoer.net"/>
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/WhoisIp.ovh.xml b/src/chrome/content/rules/WhoisIp.ovh.xml
new file mode 100644
index 000000000000..9118f320c7a7
--- /dev/null
+++ b/src/chrome/content/rules/WhoisIp.ovh.xml
@@ -0,0 +1,11 @@
+<ruleset name="WhoisIp.ovh">
+	<target host="whoisip.ovh" />
+	<target host="www.whoisip.ovh" />
+	<target host="ssl.whoisip.ovh" />
+
+	<target host="cdn.where.ovh" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Whoisology.xml b/src/chrome/content/rules/Whoisology.xml
new file mode 100644
index 000000000000..1228759da284
--- /dev/null
+++ b/src/chrome/content/rules/Whoisology.xml
@@ -0,0 +1,9 @@
+<ruleset name="Whoisology">
+	<target host=    "whoisology.com" />
+	<target host="www.whoisology.com" />
+
+  	<securecookie host="^whoisology\.com$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Whole-Earth-Catalog.xml b/src/chrome/content/rules/Whole-Earth-Catalog.xml
index aa914a430a02..1cb8e512053e 100644
--- a/src/chrome/content/rules/Whole-Earth-Catalog.xml
+++ b/src/chrome/content/rules/Whole-Earth-Catalog.xml
@@ -1,14 +1,14 @@
-<ruleset name="Whole Earth Catalog" default_off="mismatch">
+<ruleset name="Whole Earth Catalog" default_off="mismatched">
 
 	<!--	Cert: *.gridserver.com	-->
 	<target host="wholeearth.com" />
 	<target host="www.wholeearth.com" />
 
 
-	<securecookie host="^wholeearth\.com$" name=".*" />
+	<securecookie host="^wholeearth\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?wholeearth\.com/"
+	<rule from="^http://(?:www\.)?wholeearth\.com/"
 		to="https://wholeearth.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Whole_Earth_Lectronic_Link.xml b/src/chrome/content/rules/Whole_Earth_Lectronic_Link.xml
index d89d976ee926..1fb1d0ed78c9 100644
--- a/src/chrome/content/rules/Whole_Earth_Lectronic_Link.xml
+++ b/src/chrome/content/rules/Whole_Earth_Lectronic_Link.xml
@@ -1,7 +1,9 @@
 <ruleset name="Whole Earth 'Lectronic Link (partial)">
 
 	<target host="well.com" />
-	<target host="*.well.com" />
+	<target host="www.well.com" />
+	<target host="iris.well.com" />
+	<target host="user.well.com" />
 
 
 	<securecookie host="^(?:iris|user)\.well\.com$" name=".+" />
@@ -11,10 +13,10 @@
 		- At least some pages 302 to http
 		- At least some paths 404
 							-->
-	<rule from="^https?://(?:www\.)?well\.com/(images/|(?:cgi-bin/)?newpass/|well\.css)"
+	<rule from="^http://(?:www\.)?well\.com/(images/|(?:cgi-bin/)?newpass/|well\.css)"
 		to="https://www.well.com/$1" />
 
 	<rule from="^http://(iris|user)\.well\.com/"
 		to="https://$1.well.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Whole_Foods_Market.com.xml b/src/chrome/content/rules/Whole_Foods_Market.com.xml
new file mode 100644
index 000000000000..c0cba652a2bc
--- /dev/null
+++ b/src/chrome/content/rules/Whole_Foods_Market.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Mixed content:
+
+		- Images on www from pbs.twimg.com *
+
+		- Web bugs on www from cdn.quilt.janrain.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Whole Foods Market.com">
+
+	<target host="wholefoodsmarket.com" />
+	<target host="users.wholefoodsmarket.com" />
+	<target host="www.wholefoodsmarket.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<securecookie host="^users\.wholefoodsmarket\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Whonix.org.xml b/src/chrome/content/rules/Whonix.org.xml
index 8f5cc675ec90..41441a004044 100644
--- a/src/chrome/content/rules/Whonix.org.xml
+++ b/src/chrome/content/rules/Whonix.org.xml
@@ -1,17 +1,24 @@
 <!--
 	Requested: https://trac.torproject.org/projects/tor/ticket/9143
 
+
+	Fully covered subdomains:
+
+		- (www.)?
+		- phabricator
+
 -->
 <ruleset name="Whonix.org">
 
 	<target host="whonix.org" />
+	<target host="phabricator.whonix.org" />
 	<target host="www.whonix.org" />
 
 
 	<securecookie host="^(?:www\.)?whonix\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?whonix\.org/"
-		to="https://$1whonix.org/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Whos.amung.us.xml b/src/chrome/content/rules/Whos.amung.us.xml
index 206062ad37cc..81c9efd72f56 100644
--- a/src/chrome/content/rules/Whos.amung.us.xml
+++ b/src/chrome/content/rules/Whos.amung.us.xml
@@ -2,38 +2,83 @@
 	whos.amung.us Inc
 
 
-	Nonfunctional subdomains:
+	Problematic hosts in *amung.us:
 
-		- (www.)	(403, valid cert)
+		- feeds ¹
+		- whos ²
 
+	¹ Feedburner
+	² Mixed css
 
-	Problematic subdomains:
 
-		- whos		(some paths 403)
+	Mixed content:
 
+		- css, on:
 
-	Partially covered subdomains:
+			- whos from assets.amung.us *
+			- whos from fonts.googleapis.com *
 
-		- whos
+		- Images, on:
 
+			- whos from assets.amung.us *
+			- whos from widgets.amung.us *
 
-	Fully covered subdomains:
+		- Bug on whos from $self *
 
-		- assets
-		- widgets
+	* Secured by us
 
 -->
 <ruleset name="whos.amung.us (partial)">
 
-	<target host="*.amung.us" />
-		<!--
-			403:
+	<!--	Direct rewrites:
+				-->
+	<target host="amung.us" />
+	<target host="assets.amung.us" />
+	<target host="whos.amung.us" />
+	<target host="widgets.amung.us" />
+	<target host="www.amung.us" />
+
+	<!--	Complications:
 				-->
-		<!--exclusion pattern="^http://whos\.amung\.us/+($|\?|(about|blog|contact|learnmore|legal|pro(?!/login/)|showcase)($|[?/])|favicon\.ico|widget/)" /-->
-		<exclusion pattern="^http://whos\.amung\.us/(?!colorgen/|flash/|pro/login/)" />
+	<target host="feeds.amung.us" />
+
+		<!--	Mixed css:
+					-->
+		<!--exclusion pattern="^http://whos\.amung\.us/(?:$|(?:about|blog|contact|help|legal|learnmore|showcase|stats)/?$|pro(?!/login/))" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://whos\.amung\.us/(?!colorgen/|favicon\.ico|flash/|pro/login/|show/|swidget/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://whos.amung.us/about" />
+			<test url="http://whos.amung.us/blog" />
+			<test url="http://whos.amung.us/contact" />
+			<test url="http://whos.amung.us/help" />
+			<test url="http://whos.amung.us/learnmore" />
+			<test url="http://whos.amung.us/legal" />
+			<test url="http://whos.amung.us/pro" />
+			<test url="http://whos.amung.us/showcase" />
+			<test url="http://whos.amung.us/stats" />
+
+			<!--	-ve:
+					-->
+			<test url="http://whos.amung.us/favicon.ico" />
+			<test url="http://whos.amung.us/pro/login/" />
+
+		<test url="http://widgets.amung.us/small/00/1.png" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^whos\.amung\.us$" name="^uid$" /-->
+
 
+	<rule from="^http://feeds\.amung\.us/"
+		to="https://feeds.feedburner.com/" />
 
-	<rule from="^http://(asset|who|widget)s\.amung\.us/"
-		to="https://$1s.amung.us/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/WhosOn.com.xml b/src/chrome/content/rules/WhosOn.com.xml
index ef850b41efbb..732d5c25ea44 100644
--- a/src/chrome/content/rules/WhosOn.com.xml
+++ b/src/chrome/content/rules/WhosOn.com.xml
@@ -1,23 +1,39 @@
 <!--
-	Problematic subdomains:
+	For other Parker Software coverage, see Parker_Soft.co.uk.xml.
 
-		- (www.)	(works; mismatched, CN: *.azurewebsites.net)
+
+	Nonfunctional subdomains:
+
+		- ^ ¹
+		- www ²
+
+	¹ Refused
+	² Dropped
 
 
 	Fully covered subdomains:
 
 		- chat
-		- gateway6 *
-
-	* Server is configured for rc4 only
+		- gateway
+		- gateway[3-9]
+		- gateway1[01]
 
 -->
 <ruleset name="WhosOn.com (partial)">
 
-	<target host="*.whoson.com" />
+	<target host="chat.whoson.com" />
+	<target host="gateway.whoson.com" />
+	<target host="gateway3.whoson.com" />
+	<target host="gateway4.whoson.com" />
+	<target host="gateway5.whoson.com" />
+	<target host="gateway6.whoson.com" />
+	<target host="gateway7.whoson.com" />
+	<target host="gateway8.whoson.com" />
+	<target host="gateway9.whoson.com" />
+	<target host="gateway10.whoson.com" />
+	<target host="gateway11.whoson.com" />
 
 
-	<rule from="^http://(chat|gateway6)\.whoson\.com/"
-		to="https://$1.whoson.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Whosgamingnow.net.xml b/src/chrome/content/rules/Whosgamingnow.net.xml
new file mode 100644
index 000000000000..7fd7e619a715
--- /dev/null
+++ b/src/chrome/content/rules/Whosgamingnow.net.xml
@@ -0,0 +1,6 @@
+<ruleset name="Whosgamingnow.net">
+  <target host="whosgamingnow.net" />
+  <target host="www.whosgamingnow.net" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Wi-Fi-Alliance.xml b/src/chrome/content/rules/Wi-Fi-Alliance.xml
deleted file mode 100644
index b6d0bcaa2a4f..000000000000
--- a/src/chrome/content/rules/Wi-Fi-Alliance.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<ruleset name="Wi-Fi Alliance">
-
-	<target host="wi-fi.org" />
-	<target host="*.wi-fi.org" />
-
-
-	<securecookie host="^(?:certifications|www)\.wi-fi\.org$" name=".*" />
-
-
-	<!--	Cert only matches www.	-->
-	<rule from="^https?://(?:www\.)?wi-fi\.org/"
-		to="https://www.wi-fi.org/" />
-
-	<rule from="^http://certifications\.wi-fi\.org/"
-		to="https://certifications.wi-fi.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Wi-Fi.org.xml b/src/chrome/content/rules/Wi-Fi.org.xml
new file mode 100644
index 000000000000..ef8576761881
--- /dev/null
+++ b/src/chrome/content/rules/Wi-Fi.org.xml
@@ -0,0 +1,26 @@
+<!--
+	Login required:
+		certv1.wi-fi.org
+		login.wi-fi.org
+
+	Invalid certificate:
+		mobile.wi-fi.org
+
+-->
+<ruleset name="Wi-Fi Alliance">
+
+	<target host="wi-fi.org" />
+	<target host="www.wi-fi.org" />
+	<target host="certifications.wi-fi.org" />
+	<target host="groups.wi-fi.org" />
+	<target host="certifications.prod.wi-fi.org" />
+		<test url="http://certifications.prod.wi-fi.org/pdf/certificate/public/download?cid=WFA65598" />
+	<target host="certifications.staging.wi-fi.org" />
+		<test url="http://certifications.staging.wi-fi.org/pdf/certificate/public/download?cid=WFA65598" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/WiFiDB.net.xml b/src/chrome/content/rules/WiFiDB.net.xml
new file mode 100644
index 000000000000..d9f2cabeaee7
--- /dev/null
+++ b/src/chrome/content/rules/WiFiDB.net.xml
@@ -0,0 +1,42 @@
+<!--
+	Problematic hosts:
+
+		- wifidb.net ¹
+		- www.wifidb.net ²
+
+	¹ Refused
+	² Mismatched
+
+-->
+<ruleset name="WiFiDB.net">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="live.wifidb.net" />
+
+	<!--	Complications:
+				-->
+	<target host="wifidb.net" />
+	<target host="www.wifidb.net" />
+
+
+	<!--	Redirect drops path, args,
+		and forward slash:
+				-->
+	<rule from="^http://wifidb\.net/.*"
+		to="https://github.com/pferland/WiFiDB/" />
+
+		<test url="http://wifidb.net//" />
+
+	<!--	Redirect keeps path and args,
+		but not forward slash:
+					-->
+	<rule from="^http://www\.wifidb\.net/+"
+		to="https://github.com/pferland/WiFiDB/" />
+
+		<test url="http://www.wifidb.net//" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/WiGLE.xml b/src/chrome/content/rules/WiGLE.xml
deleted file mode 100644
index e81b5af33079..000000000000
--- a/src/chrome/content/rules/WiGLE.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="WiGLE" platform="mixedcontent">
-
-	<target host="wigle.net" />
-	<target host="*.wigle.net" />
-
-
-	<securecookie host="^\.wigle\.net$" name=".+" />
-
-
-	<rule from="^http://(www\.)?wigle\.net/"
-		to="https://$1wigle.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/WiKirby.com.xml b/src/chrome/content/rules/WiKirby.com.xml
new file mode 100644
index 000000000000..9860bf14e2a0
--- /dev/null
+++ b/src/chrome/content/rules/WiKirby.com.xml
@@ -0,0 +1,16 @@
+<!--
+	WiKirby.com has a wildcard DNS record.
+-->
+
+<ruleset name="WiKirby.com">
+	<target host="wikirby.com" />
+	<target host="www.wikirby.com" />
+	<target host="cpanel.wikirby.com" />
+	<target host="mail.wikirby.com" />
+	<target host="webdisk.wikirby.com" />
+	<target host="webmail.wikirby.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/WiMP.no.xml b/src/chrome/content/rules/WiMP.no.xml
new file mode 100644
index 000000000000..e28dd5f3a998
--- /dev/null
+++ b/src/chrome/content/rules/WiMP.no.xml
@@ -0,0 +1,32 @@
+<!--
+	For other WiMP Music coverage, see WiMP_Music.com.xml.
+
+
+	Nonfunctional subdomains:
+
+		- magazine *
+
+	* Refused
+
+
+	Mixed content:
+
+		- Images on (www.)? from static.aspiro.com
+
+-->
+<ruleset name="WiMP.no (partial)">
+
+	<target host="wimp.no" />
+	<target host="www.wimp.no" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?wimp\.no$" name="^JSESSIONID$" /-->
+
+	<securecookie host="^(?:www\.)?wimp\.no$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/WiMP_Music.com.xml b/src/chrome/content/rules/WiMP_Music.com.xml
new file mode 100644
index 000000000000..2465a3982c24
--- /dev/null
+++ b/src/chrome/content/rules/WiMP_Music.com.xml
@@ -0,0 +1,55 @@
+<!--
+	Other WiMP Music rulesets:
+
+		- WiMP.no.xml
+
+
+	Nonfunctional subdomains:
+
+		- pro ¹
+		- proadmin ²
+
+	¹ Dropped
+	² Redirects to http
+
+
+	Problematic subdomains:
+
+		- about *
+
+	* Mismatched, CN: *.wimp.no
+
+
+	Fully covered subdomains:
+
+		- (www.)?
+		- images
+		- play
+
+
+	Insecure cookies are set for these domains:
+
+		- wimpmusic.com
+		- about.wimpmusic.com
+		- www.wimpmusic.com
+
+-->
+<ruleset name="WiMP Music.com (partial)">
+
+	<target host="wimpmusic.com" />
+	<target host="images.wimpmusic.com" />
+	<target host="play.wimpmusic.com" />
+	<target host="www.wimpmusic.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?wimpmusic\.com$" name="^PLAY_SESSION$" /-->
+	<!--securecookie host="^about\.wimpmusic\.com$" name="^JSESSIONID$" /-->
+
+	<securecookie host="^(?:www\.)?wimpmusic\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/WiMo.com.xml b/src/chrome/content/rules/WiMo.com.xml
new file mode 100644
index 000000000000..224c04c3089a
--- /dev/null
+++ b/src/chrome/content/rules/WiMo.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="WiMo.com">
+
+	<target host="wimo.com" />
+	<target host="www.wimo.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/WiTopia.net.xml b/src/chrome/content/rules/WiTopia.net.xml
index 52f942f93955..dc592b53b2d6 100644
--- a/src/chrome/content/rules/WiTopia.net.xml
+++ b/src/chrome/content/rules/WiTopia.net.xml
@@ -2,12 +2,16 @@
 	Problematic subdomains:
 
 		- ^	(mismatched)
+		- www ²
+
+	² Blocks Tor users
 
 -->
 <ruleset name="WiTopia.net">
 
 	<target host="witopia.net" />
-	<target host="*.witopia.net" />
+	<target host="www.witopia.net" />
+	<target host="my.witopia.net" />
 
 
 	<securecookie host="^my\.witopia\.net$" name=".+" />
@@ -16,7 +20,6 @@
 	<rule from="^http://(?:www\.)?witopia\.net/"
 		to="https://www.witopia.net/" />
 
-	<rule from="^http://my\.witopia\.net/"
-		to="https://my.witopia.net/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/WiWo.de.xml b/src/chrome/content/rules/WiWo.de.xml
new file mode 100644
index 000000000000..bfc7d19b7976
--- /dev/null
+++ b/src/chrome/content/rules/WiWo.de.xml
@@ -0,0 +1,137 @@
+<!--
+	Cert mismatch:
+		- beratung.wiwo.de
+		- www.club.wiwo.de
+		- www.green.wiwo.de
+		- jobturbo.green.wiwo.de
+		- images.info-angebot.wiwo.de
+		- images.info-boersenwoche.wiwo.de
+		- images.mailservice.wiwo.de
+		- lead.wiwo.de
+		- personalmarkt.wiwo.de
+		- software.wiwo.de
+		- www.tool.wiwo.de
+		- wetter.wiwo.de
+		- wikifolio.wiwo.de
+		- qa.wikifolio.wiwo.de
+		- www1.wiwo.de
+
+	Connection closed:
+		- bauspar.rechner.wiwo.de
+
+	Connection refused:
+		- arztsuche.wiwo.de
+		- krankenkassenvergleich.wiwo.de
+		- managementcup.wiwo.de
+		- m.managementcup.wiwo.de
+		- pda.wiwo.de
+		- shop.wiwo.de
+		- wap.wiwo.de
+		- www2.wiwo.de
+
+	Redirect loop:
+		- advent.wiwo.de
+
+	Timeout:
+		- bc1.wiwo.de
+		- cms.wiwo.de
+		- epaper.wiwo.de
+		- feeds.wiwo.de
+		- gwp.wiwo.de
+		- lb.wiwo.de
+		- livetest-quiz.wiwo.de
+		- news.wiwo.de
+		- partner.wiwo.de
+		- static.wiwo.de
+		- static1.wiwo.de
+		- static2.wiwo.de
+		- static3.wiwo.de
+		- template.wiwo.de
+		- test-green.wiwo.de
+		- tools.wiwo.de
+		- whitepaperdb.wiwo.de
+
+	Unable to get local issuer certificate:
+		- maklerempfehlung.wiwo.de
+-->
+<ruleset name="WiWo.de">
+
+	<target host="wiwo.de"/>
+	<target host="www.wiwo.de"/>
+	<target host="abo.wiwo.de"/>
+	<target host="amp.wiwo.de"/>
+	<target host="angebot.wiwo.de"/>
+	<target host="app.wiwo.de"/>
+	<target host="apps.wiwo.de"/>
+	<target host="archiv.wiwo.de"/>
+	<target host="arvato-cm.wiwo.de"/>
+	<target host="assign.wiwo.de"/>
+	<target host="award.wiwo.de"/>
+	<target host="awards.wiwo.de"/>
+	<target host="beta.wiwo.de"/>
+	<target host="blog.wiwo.de"/>
+	<target host="boerse.wiwo.de"/>
+	<target host="boersetest.wiwo.de"/>
+	<target host="cdn-origin.wiwo.de"/>
+	<target host="club.wiwo.de"/>
+	<target host="clubnews.wiwo.de"/>
+	<target host="cme2e.wiwo.de"/>
+	<target host="community.wiwo.de"/>
+	<target host="dailychallenge.wiwo.de" />
+	<target host="dev-www.wiwo.de"/>
+	<target host="digitalchampionsaward.wiwo.de"/>
+	<target host="emagazin.wiwo.de"/>
+	<target host="go.wiwo.de"/>
+	<target host="green.wiwo.de"/>
+	<target host="gruender.wiwo.de"/>
+	<target host="gruendermail.wiwo.de"/>
+	<target host="herz.wiwo.de"/>
+	<target host="info.wiwo.de"/>
+	<target host="info-angebot.wiwo.de"/>
+	<target host="info-boersenwoche.wiwo.de"/>
+	<target host="jobagent.wiwo.de"/>
+	<target host="jobs.wiwo.de" />
+	<target host="kunde.wiwo.de"/>
+	<target host="mailservice.wiwo.de"/>
+	<target host="mittelstands-archiv.wiwo.de"/>
+	<target host="mobil.wiwo.de"/>
+	<target host="mobile.wiwo.de"/>
+	<target host="newsletter.wiwo.de"/>
+	<target host="offer.wiwo.de"/>
+	<target host="preview-www.wiwo.de"/>
+	<target host="quiz.wiwo.de"/>
+	<target host="angebot.rechner.wiwo.de"/>
+	<target host="anlage.rechner.wiwo.de"/>
+	<target host="auszahlplan.rechner.wiwo.de"/>
+	<target host="autofinanz.rechner.wiwo.de"/>
+	<target host="bundesschatzbrief.rechner.wiwo.de"/>
+	<target host="effektivzins.rechner.wiwo.de"/>
+	<target host="fdarlehen.rechner.wiwo.de"/>
+	<target host="festgeld.rechner.wiwo.de"/>
+	<target host="forward.rechner.wiwo.de"/>
+	<target host="geldanlage.rechner.wiwo.de"/>
+	<target host="giro.rechner.wiwo.de"/>
+	<target host="grundbuch.rechner.wiwo.de"/>
+	<target host="hypotheken.rechner.wiwo.de"/>
+	<target host="kassensturz.rechner.wiwo.de"/>
+	<target host="kredit.rechner.wiwo.de"/>
+	<target host="ratenkredit.rechner.wiwo.de"/>
+	<target host="rendite.rechner.wiwo.de"/>
+	<target host="renten.rechner.wiwo.de"/>
+	<target host="riester.rechner.wiwo.de"/>
+	<target host="sparbrief.rechner.wiwo.de"/>
+	<target host="sparplan.rechner.wiwo.de"/>
+	<target host="studenten.rechner.wiwo.de"/>
+	<target host="tagesgeld.rechner.wiwo.de"/>
+	<target host="tilgung.rechner.wiwo.de"/>
+	<target host="wertpapier.rechner.wiwo.de"/>
+	<target host="reisen.wiwo.de"/>
+	<target host="secure.wiwo.de"/>
+	<target host="seniorenheimsuche.wiwo.de"/>
+	<target host="signup.wiwo.de"/>
+	<target host="test-www.wiwo.de"/>
+	<target host="tool.wiwo.de"/>
+
+	<rule from="^http:" to="https:"/>
+
+</ruleset>
diff --git a/src/chrome/content/rules/Wicked-Lasers.xml b/src/chrome/content/rules/Wicked-Lasers.xml
index b419b6fdc352..241a3ae4d34e 100644
--- a/src/chrome/content/rules/Wicked-Lasers.xml
+++ b/src/chrome/content/rules/Wicked-Lasers.xml
@@ -1,16 +1,25 @@
-<ruleset name="Wicked Lasers" platform="mixedcontent">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://wickedlasers.com/ => https://wickedlasers.com/: (7, 'Failed to connect to wickedlasers.com port 443: Connection refused')
+Fetch error: http://www.wickedlasers.com/ => https://www.wickedlasers.com/: (7, 'Failed to connect to www.wickedlasers.com port 443: Connection refused')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://wickedlasers.com/ => https://wickedlasers.com/: (7, 'Failed to connect to wickedlasers.com port 443: Connection refused')
+Fetch error: http://www.wickedlasers.com/ => https://www.wickedlasers.com/: (7, 'Failed to connect to www.wickedlasers.com port 443: Connection refused')
+-->
+<ruleset name="Wicked Lasers" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="wickedlasers.com" />
 	<target host="www.wickedlasers.com" />
 	<!--	* for cross-domain cookie.	-->
-	<target host="*.www.wickedlasers.com" />
 
 
-	<securecookie host="^\.?www\.wickedlasers\.com$" name=".*" />
+
+	<securecookie host="^\.?www\.wickedlasers\.com$" name=".+" />
 
 
 	<!--	Cert doesn't match !www.	-->
-	<rule from="^http://(www\.)?wickedlasers\.com/"
-		to="https://$1wickedlasers.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Wicked_Fiber.xml b/src/chrome/content/rules/Wicked_Fiber.xml
index 898a2064e858..d8d74051f80a 100644
--- a/src/chrome/content/rules/Wicked_Fiber.xml
+++ b/src/chrome/content/rules/Wicked_Fiber.xml
@@ -1,4 +1,14 @@
-<ruleset name="Wicked Fiber">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://wickedfiber.com/ => https://wickedfiber.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.wickedfiber.com/ => https://www.wickedfiber.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://wickedfiber.com/ => https://wickedfiber.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.wickedfiber.com/ => https://www.wickedfiber.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+-->
+<ruleset name="Wicked Fiber" default_off="failed ruleset test">
 
 	<target host="wickedfiber.com" />
 	<target host="www.wickedfiber.com" />
@@ -7,7 +17,6 @@
 	<securecookie host="^(?:www\.)?wickedfiber\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?wickedfiber\.com/"
-		to="https://$1wickedfiber.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Wickr.com.xml b/src/chrome/content/rules/Wickr.com.xml
new file mode 100644
index 000000000000..6848a306943c
--- /dev/null
+++ b/src/chrome/content/rules/Wickr.com.xml
@@ -0,0 +1,14 @@
+<ruleset name="Wickr.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="mywickr.com" />
+	<target host="www.mywickr.com" />
+	<target host="wickr.com" />
+	<target host="www.wickr.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Widgetbox.com.xml b/src/chrome/content/rules/Widgetbox.com.xml
deleted file mode 100644
index 83a45997236e..000000000000
--- a/src/chrome/content/rules/Widgetbox.com.xml
+++ /dev/null
@@ -1,73 +0,0 @@
-<!--
-	For other Flite coverage, see Flite.xml.
-
-
-	CDN buckets:
-
-		- data-api-987953370.us-east-1.elb.amazonaws.com
-			- data.widgetserver.com
-
-		- ne.edgecastcdn.net/...
-			- cdn.widgetbox.com
-
-
-	Nonfunctional domains:
-
-		- widgetbox.com subdomains:
-
-			- ^
-			- runtime		(EdgeCast CDN)
-			- support		(CN: *.zendesk.com; redirects to http)
-
-		- widgetserver.com
-
-
-	Problematic domains:
-
-			- data.widgetserver.com		(seems to work, CN: *.flite.com)
-
-
-	Partially covered domains:
-
-		- support.widgetbox.com
-
-
-	Fully covered domains:
-
-		- (www.)widgetbox.com
-		- pub.widgetbox.com
-
-		- widgetserver.com subdomains:
-
-			- (www.)
-			- cdn
-			- p
-			- t
-
--->
-<ruleset name="Widgetbox.com (partial)" platform="mixedcontent">
-
-	<target host="widgetbox.com" />
-	<target host="*.widgetbox.com" />
-	<target host="widgetserver.com" />
-	<target host="*.widgetserver.com" />
-
-
-	<securecookie host="^www\.widgetbox\.com$" name=".+" />
-
-
-	<!--	!www doesn't work over https.
-						-->
-	<rule from="^http://(?:www\.)?widget(box|server)\.com/"
-		to="https://www.widget$1.com/" />
-
-	<rule from="^http://pub\.widgetbox\.com/"
-		to="https://pub.widgetbox.com/" />
-
-	<rule from="^https?://support\.widgetbox\.com/generated/"
-		to="https://generated.zendesk.com/generated/" />
-
-	<rule from="^http://(cdn|p|t)\.widgetserver\.com/"
-		to="https://$1.widgetserver.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/WiebeTech.com.xml b/src/chrome/content/rules/WiebeTech.com.xml
index d83f8030dced..6c2734c827be 100644
--- a/src/chrome/content/rules/WiebeTech.com.xml
+++ b/src/chrome/content/rules/WiebeTech.com.xml
@@ -1,25 +1,26 @@
-<!--
-	Problematic subdomains:
-
-		- ^	(cert only matches www)
-
 
-	Mixed content:
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://www.wiebetech.com/default.aspx (200) => https://www.cru-inc.com/default.aspx (404)
 
-		- Images on www from www *
+	For other CRU Acquisition Group coverage, see CRU-Inc.com.xml.
 
-		- Web bug on www from www.cru-inc.com
 
-	 * Secured by us
+	(www.)?wiebetech.com: Mismatched
 
 -->
-<ruleset name="WiebeTech.com" default_off="self-signed">
+<ruleset name="WiebeTech.com" default_off="failed ruleset test">
 
 	<target host="wiebetech.com" />
 	<target host="www.wiebetech.com" />
 
 
-	<rule from="^http://(?:www\.)?weibetech\.com/"
-		to="https://www.weibetech.com/" />
+	<!--	Redirect keeps path and args,
+		but not forward slash:
+					-->
+	<rule from="^http://(?:www\.)?wiebetech\.com/+"
+		to="https://www.cru-inc.com/" />
+
+		<test url="http://www.wiebetech.com/default.aspx" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Wien-IT.xml b/src/chrome/content/rules/Wien-IT.xml
new file mode 100644
index 000000000000..6059207bb251
--- /dev/null
+++ b/src/chrome/content/rules/Wien-IT.xml
@@ -0,0 +1,89 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://extranet.fernwaermewien.at/ => https://extranet.fernwaermewien.at/: (51, "SSL: no alternative certificate subject name matches target host name 'extranet.fernwaermewien.at'")
+Fetch error: http://www.fernwaerme-partner.at/ => https://www.fernwaerme-partner.at/: (51, "SSL: no alternative certificate subject name matches target host name 'www.fernwaerme-partner.at'")
+Fetch error: http://extranet.fernwaermewien.at/ => https://extranet.fernwaermewien.at/: (51, "SSL: no alternative certificate subject name matches target host name 'extranet.fernwaermewien.at'")
+Fetch error: http://www.fernwaerme-partner.at/ => https://www.fernwaerme-partner.at/: (51, "SSL: no alternative certificate subject name matches target host name 'www.fernwaerme-partner.at'")
+
+-->
+<ruleset name="WienIT EDV Dienstleistungsgesellschaft mbH" default_off="failed ruleset test">
+
+	<target host="api.wienenergie.at" />
+	<target host="api.wienerstadtwerke.at" />
+	<target host="cam.wienerstadtwerke.at" />
+	<target host="extranet-gemeinsam.wienerstadtwerke.at" />
+	<target host="extranet.bfwien.at" />
+	<target host="extranet.fernwaermewien.at" />
+	<target host="extranet.wienenergie.at" />
+	<target host="extranet.wienerlinien.at" />
+	<target host="extranet.wienernetze.at" />
+	<target host="extranet.wienerstadtwerke.at" />
+	<target host="extranet.wienit.at" />
+	<target host="extranet.wlb.at" />
+	<target host="netzservice.wienenergie.at" />
+	<target host="partner.wienernetze.at" />
+	<target host="service.tanke-wienenergie.at" />
+	<target host="service.wienenergie.at" />
+	<target host="service.wienernetze.at" />
+	<target host="service.wienerstadtwerke.at" />
+	<target host="service.wienit.at" />
+	<target host="styles.wienerstadtwerke.at" />
+	<target host="veranstaltungen.wienenergie.at" />
+	<target host="www.bestattungwien.at" />
+	<target host="www.buergerkraftwerke.at" />
+	<target host="www.easyhomecontrol.at" />
+	<target host="www.energiecomfort.at" />
+	<target host="www.energiesparcheck.at" />
+	<target host="www.fernwaerme-partner.at" />
+	<target host="www.friedhoefewien.at" />
+	<target host="www.wienenergie.at" />
+	<target host="www.wienerlinien.at" />
+	<target host="www.wienernetze.at" />
+	<target host="www.wienerstadtwerke.at" />
+	<target host="www.wienmobil-karte.at" />
+	<target host="www.wienit.at" />
+	<target host="www.wlb.at" />
+	<target host="zmr.wienit.at" />
+
+	<test url="http://api.wienenergie.at/" />
+	<test url="http://api.wienerstadtwerke.at/" />
+	<test url="http://cam.wienerstadtwerke.at/" />
+	<test url="http://extranet-gemeinsam.wienerstadtwerke.at/" />
+	<test url="http://extranet.bfwien.at/" />
+	<test url="http://extranet.fernwaermewien.at/" />
+	<test url="http://extranet.wienenergie.at/" />
+	<test url="http://extranet.wienerlinien.at/" />
+	<test url="http://extranet.wienernetze.at/" />
+	<test url="http://extranet.wienerstadtwerke.at/" />
+	<test url="http://extranet.wienit.at/" />
+	<test url="http://extranet.wlb.at/" />
+	<test url="http://netzservice.wienenergie.at/" />
+	<test url="http://partner.wienernetze.at/" />
+	<test url="http://service.tanke-wienenergie.at/" />
+	<test url="http://service.wienenergie.at/" />
+	<test url="http://service.wienernetze.at/" />
+	<test url="http://service.wienerstadtwerke.at/" />
+	<test url="http://service.wienit.at/" />
+	<test url="http://styles.wienerstadtwerke.at/" />
+	<test url="http://veranstaltungen.wienenergie.at/" />
+	<test url="http://www.bestattungwien.at/" />
+	<test url="http://www.buergerkraftwerke.at/" />
+	<test url="http://www.easyhomecontrol.at/" />
+	<test url="http://www.energiecomfort.at/" />
+	<test url="http://www.energiesparcheck.at/" />
+	<test url="http://www.fernwaerme-partner.at/" />
+	<test url="http://www.friedhoefewien.at/" />
+	<test url="http://www.wienenergie.at/" />
+	<test url="http://www.wienerlinien.at/" />
+	<test url="http://www.wienernetze.at/" />
+	<test url="http://www.wienerstadtwerke.at/" />
+	<test url="http://www.wienit.at/" />
+	<test url="http://www.wienmobil-karte.at/" />
+	<test url="http://www.wlb.at/" />
+	<test url="http://zmr.wienit.at/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
+
diff --git a/src/chrome/content/rules/WifiWX.com.xml b/src/chrome/content/rules/WifiWX.com.xml
new file mode 100644
index 000000000000..f35bf2a8e69c
--- /dev/null
+++ b/src/chrome/content/rules/WifiWX.com.xml
@@ -0,0 +1,28 @@
+<!--
+403:
+        app.wifiwx.com
+        (
+        Broke apk download.
+        Test:
+        http://app.wifiwx.com/download/android.php?ver=3.0
+        http://app.wifiwx.com/js/stat.js
+        )
+
+404:
+        event
+        fapi.
+        hd.
+        html.
+        wxbb-api.
+        www3.
+-->
+
+<ruleset name="WifiWX.com (partial)">
+
+        <target host="wifiwx.com" />
+        <target host="event.wifiwx.com" />
+        <target host="www.wifiwx.com" />
+
+        <rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Wigan.gov.uk.xml b/src/chrome/content/rules/Wigan.gov.uk.xml
new file mode 100644
index 000000000000..546c584b5866
--- /dev/null
+++ b/src/chrome/content/rules/Wigan.gov.uk.xml
@@ -0,0 +1,73 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://kinnear.wigan.gov.uk/ => https://kinnear.wigan.gov.uk/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://rylands.wigan.gov.uk/ => https://rylands.wigan.gov.uk/: (7, 'Failed to connect to rylands.wigan.gov.uk port 443: No route to host')
+
+	Wigan Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *wigan.gov.uk:
+
+		- archives ʰ
+		- emarketplace ᵃ
+		- fis *
+		- kinnear ᵃ
+		- planningdocuments ᵈ
+
+	* Redirects to search3.openobjects.com
+	ᵃ Shows another domain
+	ᵈ Dropped
+	ʰ Redirects to http
+
+
+	Problematic hosts in *wigan.gov.uk:
+
+		- ^ ᵃ
+		- gormley ᵉ ᵘ
+
+	ᵃ Shows gormley
+	ᵉ Expired
+	ᵘ Untrusted root
+
+
+	Insecure cookies are set for these hosts:
+
+		- myaccount.wigan.gov.uk
+		- rylands.wigan.gov.uk
+		- www.wigan.gov.uk
+
+-->
+<ruleset name="Wigan.gov.uk (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="finforms.wigan.gov.uk" />
+	<target host="kinnear.wigan.gov.uk" />
+	<target host="myaccount.wigan.gov.uk" />
+	<target host="rylands.wigan.gov.uk" />
+	<target host="www.wigan.gov.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="wigan.gov.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^myacount\.wigan\.gov\.uk$" name="^(?:\.ASPXFORMSAUTH|ASP\\.NET_SessionId)$" /-->
+	<!--securecookie host="^rylands\.wigan\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^www\.wigan\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://wigan\.gov\.uk/"
+		to="https://www.wigan.gov.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Wiggle.xml b/src/chrome/content/rules/Wiggle.xml
index 85196fb0d552..e5ef599079f6 100644
--- a/src/chrome/content/rules/Wiggle.xml
+++ b/src/chrome/content/rules/Wiggle.xml
@@ -11,7 +11,10 @@
 <ruleset name="Wiggle (partial)">
 
 	<target host="wiggle.co.uk" />
-	<target host="*.wiggle.co.uk" />
+	<target host="www.wiggle.co.uk" />
+	<target host="ajax.wiggle.co.uk" />
+	<target host="s.wiggle.co.uk" />
+	<target host="s-dyni.wiggle.co.uk" />
 	<target host="www.wigglestatic.com" />
 
 
diff --git a/src/chrome/content/rules/Wiiings.com.xml b/src/chrome/content/rules/Wiiings.com.xml
index 471ba999cb55..335ea068270d 100644
--- a/src/chrome/content/rules/Wiiings.com.xml
+++ b/src/chrome/content/rules/Wiiings.com.xml
@@ -1,4 +1,12 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://dms.wiiings.com/ => https://dms.wiiings.com/: (51, "SSL: no alternative certificate subject name matches target host name 'dms.wiiings.com'")
+Fetch error: http://dms-d.wiiings.com/ => https://dms-d.wiiings.com/: (51, "SSL: no alternative certificate subject name matches target host name 'dms-d.wiiings.com'")
+Fetch error: http://dms-q.wiiings.com/ => https://dms-q.wiiings.com/: (51, "SSL: no alternative certificate subject name matches target host name 'dms-q.wiiings.com'")
+Fetch error: http://www.wiiings.com/ => https://www.wiiings.com/: invalid group reference at position 13 ^http://(?:launchpad|twtvsl)\.redbullusa\.com/
+Fetch error: http://wiiings.com/ => https://www.wiiings.com/: invalid group reference at position 13 ^http://(?:launchpad|twtvsl)\.redbullusa\.com/
+
 	For other Red Bull coverage, see Red_Bull.xml.
 
 
@@ -18,19 +26,30 @@
 		- stage-mas
 
 -->
-<ruleset name="Wiiings.com">
-
+<ruleset name="Wiiings.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="dms.wiiings.com" />
+	<target host="dms-d.wiiings.com" />
+	<target host="dms-q.wiiings.com" />
+	<target host="int-mas.wiiings.com" />
+	<target host="mas.wiiings.com" />
+	<target host="stage-mas.wiiings.com" />
+	<target host="www.wiiings.com" />
+
+	<!--	Complications:
+				-->
 	<target host="wiiings.com" />
-	<target host="*.wiiings.com" />
 
 
 	<securecookie host="^(?:dms|dms-[dq]|int-mas|mas|stage-mas|www)\.wiiings\.com$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?wiiings\.com/"
+	<rule from="^http://wiiings\.com/"
 		to="https://www.wiiings.com/" />
 
-	<rule from="^http://(dms|dms-[dq]|int-mas|mas|stage-mas)\.wiiings\.com/"
-		to="https://$1.wiiings.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/WikiBound.info.xml b/src/chrome/content/rules/WikiBound.info.xml
new file mode 100644
index 000000000000..aeb03d8d6dec
--- /dev/null
+++ b/src/chrome/content/rules/WikiBound.info.xml
@@ -0,0 +1,12 @@
+<ruleset name="WikiBound.info">
+	<target host="wikibound.info" />
+	<target host="www.wikibound.info" />
+	<target host="cpanel.wikibound.info" />
+	<target host="mail.wikibound.info" />
+	<target host="webdisk.wikibound.info" />
+	<target host="webmail.wikibound.info" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/WikiFur.xml b/src/chrome/content/rules/WikiFur.xml
index ca1303fba498..7f9d45e8fb9d 100644
--- a/src/chrome/content/rules/WikiFur.xml
+++ b/src/chrome/content/rules/WikiFur.xml
@@ -1,8 +1,38 @@
 <ruleset name="WikiFur">
-  <target host="wikifur.com" />
-  <target host="*.wikifur.com" />
-
-  <securecookie host="^([a-z][a-z]\.)?wikifur\.com$" name=".+" />
-
-  <rule from="^http://([a-z][a-z]\.)?wikifur\.com/" to="https://$1wikifur.com/" />
+	<target host="wikifur.com" />
+	<target host="www.wikifur.com" />
+	<target host="be.wikifur.com" />
+	<target host="be-tarask.wikifur.com" />
+	<target host="board.wikifur.com" />
+	<target host="by.wikifur.com" />
+	<target host="cs.wikifur.com" />
+	<target host="da.wikifur.com" />
+	<target host="de.wikifur.com" />
+	<target host="dk.wikifur.com" />
+	<target host="dumps.wikifur.com" />
+	<target host="en.wikifur.com" />
+	<target host="eo.wikifur.com" />
+	<target host="es.wikifur.com" />
+	<target host="et.wikifur.com" />
+	<target host="fr.wikifur.com" />
+	<target host="fursuit.wikifur.com" />
+	<target host="hu.wikifur.com" />
+	<target host="it.wikifur.com" />
+	<target host="ja.wikifur.com" />
+	<target host="ko.wikifur.com" />
+	<target host="nb.wikifur.com" />
+	<target host="nl.wikifur.com" />
+	<target host="no.wikifur.com" />
+	<target host="ny.wikifur.com" />
+	<target host="pl.wikifur.com" />
+	<target host="pool.wikifur.com" />
+	<target host="pt.wikifur.com" />
+	<target host="ru.wikifur.com" />
+	<target host="stats.wikifur.com" />
+	<target host="tl.wikifur.com" />
+	<target host="uk.wikifur.com" />
+	<target host="zh.wikifur.com" />
+  
+	<securecookie host=".+" name=".+"/>
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/WikiLeaks.xml b/src/chrome/content/rules/WikiLeaks.xml
deleted file mode 100644
index 977709d2d502..000000000000
--- a/src/chrome/content/rules/WikiLeaks.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="WikiLeaks">
-
-	<target host="wikileaks.org" />
-	<target host="*.wikileaks.org" />
-
-
-	<securecookie host="^(?:w*\.)?wikileaks\.org$" name=".+" />
-
-
-	<rule from="^http://((?:chat|search|shop|www)\.)?wikileaks\.org/"
-		to="https://$1wikileaks.org/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/WikiLeaksParty.org.au.xml b/src/chrome/content/rules/WikiLeaksParty.org.au.xml
new file mode 100644
index 000000000000..55338cf868e3
--- /dev/null
+++ b/src/chrome/content/rules/WikiLeaksParty.org.au.xml
@@ -0,0 +1,17 @@
+<!--
+	Non-functional hosts
+		Peer certificate cannot be authenticated with given CA certificates:
+			 - connect.wikileaksparty.org.au
+			 - mail.wikileaksparty.org.au
+
+-->
+<ruleset name="WikiLeaks Party.org.au">
+	<target host="wikileaksparty.org.au" />
+	<target host="www.wikileaksparty.org.au" />
+	<target host="box.wikileaksparty.org.au" />
+	<target host="shop.wikileaksparty.org.au" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Wikia.xml b/src/chrome/content/rules/Wikia.xml
index 67d348650d93..7c76f1b42d47 100644
--- a/src/chrome/content/rules/Wikia.xml
+++ b/src/chrome/content/rules/Wikia.xml
@@ -1,34 +1,38 @@
 <!--
-	CDN buckets:
+	At site administrator's request, please do not rewrite nocookie.net subdomains to HTTPS. See https://github.com/EFForg/https-everywhere/pull/4888 for more information.
 
-		- images2.wikia.nocookie.net
-		- slot1.images[1-4]?.wikia.nocookie.net
+	Nonfunctional domains:
+
+		- (www.)wikia.com ¹
+		- images.wikia.com ²
+
+	¹ Redirect to http, valid cert
+	² Redirect to http; mismatched, CN: *.a.ssl.fastly.net
 
 
 	Problematic domains:
 
-		- wikia.com	(mismatched)
 		- a.wikia-beacon.com	(works, mismatched, CN: *.a.ssl.fastly.net)
 
 -->
-<ruleset name="Wikia">
+<ruleset name="Wikia (broken)" default_off="no longer supports SSL">
 
-	<target host="*.wikia.nocookie.net" />
-	<target host="slot1.*.wikia.nocookie.net" />
 	<target host="wikia.com" />
 	<target host="*.wikia.com" />
+		<!--
+			Redirects to http:
+						-->
+		<!--exclusion pattern="^http://images\.wikia\.com/(favicon\.ico|$account_name/\w\w/images/)" /-->
+		<exclusion pattern="^http://images\.wikia\.com/(?:favicon\.ico|\w+/\w\w/images/)" />
 
 
 	<securecookie host="^.*\.wikia\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:slot\d\.)?images\d?\.wikia\.nocookie\.net/"
-		to="https://images.wikia.com/" />
-
-	<rule from="^https?://(?:www\.)?wikia\.com/"
+	<rule from="^http://(?:www\.)?wikia\.com/"
 		to="https://www.wikia.com/" />
 
 	<rule from="^http://([\w-]+)\.wikia\.com/"
 		to="https://$1.wikia.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Wikidevi.com.xml b/src/chrome/content/rules/Wikidevi.com.xml
new file mode 100644
index 000000000000..e5c463b6d005
--- /dev/null
+++ b/src/chrome/content/rules/Wikidevi.com.xml
@@ -0,0 +1,16 @@
+<!--
+	NB: This site blocks Tor users.
+
+-->
+<ruleset name="wikidevi.com" default_off="needs clearnet testing">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="wikidevi.com" />
+	<target host="www.wikidevi.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Wikidot.xml b/src/chrome/content/rules/Wikidot.xml
deleted file mode 100644
index dd00fb6ce754..000000000000
--- a/src/chrome/content/rules/Wikidot.xml
+++ /dev/null
@@ -1,40 +0,0 @@
-<!--	d2qhngyckgiutd.cloudfront.net	←	avatar bucket
--->
-<ruleset name="Wikidot (partial)" platform="mixedcontent">
-
-	<target host="wdfiles.com"/>
-	<target host="*.wdfiles.com"/>
-	<target host="1.*.wdfiles.com"/>
-	<target host="2.*.wdfiles.com"/>
-	<target host="3.*.wdfiles.com"/>
-	<target host="4.*.wdfiles.com"/>
-	<target host="5.*.wdfiles.com"/>
-	<target host="6.*.wdfiles.com"/>
-	<target host="7.*.wdfiles.com"/>
-	<target host="8.*.wdfiles.com"/>
-	<target host="9.*.wdfiles.com"/>
-	<target host="wikidot.com"/>
-	<target host="*.wikidot.com"/>
-		<exclusion pattern="^http://blog\.wikidot\.com/($|blog:.+[^/].*)"/>
-		<exclusion pattern="^http://snippets\.wikidot\.com/($|.+[^:].*)"/>
-
-
-	<rule from="^http://([\w\-_]+\.)?wdfiles\.com/"
-		to="https://$1wdfiles.com/"/>
-
-	<rule from="^http://(?:\d)\.([\w\-_]+)\.wdfiles\.com/"
-		to="https://$1.wdfiles.com/"/>
-
-	<rule from="^http://wikidot\.com/"
-		to="https://www.wikidot.com/"/>
-
-	<rule from="^http://([\w\-_]+)\.wikidot\.com/local-"
-		to="https://$1.wikidot.com/local-"/>
-
-	<rule from="^http://(blog|snippets|static(-\d)?|www)\.wikidot\.com/"
-		to="https://$1.wikidot.com/"/>
-
-
-	<securecookie host=".*\.wdfiles\.com$" name=".*"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Wikileaks_Party.xml b/src/chrome/content/rules/Wikileaks_Party.xml
deleted file mode 100644
index 4eb7e0bcf77b..000000000000
--- a/src/chrome/content/rules/Wikileaks_Party.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	CDN buckets:
-
-		- wikileaksparty.r.worldssl.net
-
-
-	Most pages redirect to http.
-
--->
-<ruleset name="Wikileaks Party (partial)">
-
-	<target host="wikileaksparty.org.au" />
-	<target host="www.wikileaksparty.org.au" />
-
-
-	<rule from="^http://(www\.)?wikileaksparty\.org\.au/(component|form|image|plugin|template)s/"
-		to="https://$1wikileaksparty.org.au/$2s/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Wikimedia.xml b/src/chrome/content/rules/Wikimedia.xml
index 9baf75f77ff8..ffe6947c6540 100644
--- a/src/chrome/content/rules/Wikimedia.xml
+++ b/src/chrome/content/rules/Wikimedia.xml
@@ -1,59 +1,145 @@
+
 <!--
+
 	Wikipedia and other Wikimedia Foundation wikis previously had no real HTTPS support, and
 	URLs had to be rewritten to https://secure.wikimedia.org/$wikitype/$language/ . This is no
 	longer the case, see https://blog.wikimedia.org/2011/10/03/native-https-support-enabled-for-all-wikimedia-foundation-wikis/ ,
 	so this file is a lot simpler these days.
 
+	Insecure cookies are set for these domains and hosts:
+
+		- .wikibooks.org
+		- wikidata.org
+		- .wikidata.org
+		- www.wikidata.org
+		- .wikimediafoundation.org
+		- .wikipedia.org
+		- en.wikipedia.org
+		- .wikiversity.org
+
+
 -->
 <ruleset name="Wikimedia">
 
 	<target host="enwp.org" />
 	<target host="frwp.org" />
-	<target host="mediawiki.org" />
-	<target host="www.mediawiki.org" />
-	<target host="wikibooks.org" />
-	<target host="*.wikibooks.org" />
-	<target host="wikidata.org" />
-	<target host="*.wikidata.org" />
-	<target host="wikimedia.org" />
-	<target host="*.wikimedia.org" />
-		<exclusion pattern="^http://(?:apt|bayes|bayle|brewster|bug-attachment|cs|cz|dataset2|download|dumps|ekrem|emery|ersch|etherpad|harmon|hume|(?:ipv4|ipv6and4|results)\.labs|m|project2|search|sitemap|snapshot3|stafford|statu?s|torrus|ubuntu|wiki-mail|wlm|yongle)\.wikimedia\.org" />
-		<!-- https://mail1.eff.org/pipermail/https-everywhere-rules/2012-June/001189.html -->
-		<exclusion pattern="^http://lists\.wikimedia\.org/pipermail(?:$|/)" />
-	<target host="wikimediafoundation.org" />
-	<target host="www.wikimediafoundation.org" />
-	<target host="wikinews.org" />
-	<target host="*.wikinews.org" />
-	<target host="wikipedia.org" />
-	<target host="*.wikipedia.org" />
-		<exclusion pattern="^http://(?:download|static)\.wikipedia\.org/" />
-	<target host="*.m.wikipedia.org" />
-	<target host="wikiquote.org" />
-	<target host="*.wikiquote.org" />
-	<target host="wikisource.org" />
-	<target host="*.wikisource.org" />
-	<target host="wikiversity.org" />
-	<target host="*.wikiversity.org" />
-	<target host="wikivoyage.org" />
-	<target host="*.wikivoyage.org" />
-	<target host="wiktionary.org" />
-	<target host="*.wiktionary.org" />
-
-	<securecookie host="^.+\.wikipedia\.org$" name=".+" />
 
-	<rule from="^http://(en|fr)wp\.org/"
-		to="https://$1.wikipedia.org/wiki/" />
+	<!-- Wikimedia Tool Labs -->
+	<target host="*.wmflabs.org" />
+	<target host="wmflabs.org" />
+		<test url="http://accounts-dev.wmflabs.org/" />
+		<test url="http://tools.wmflabs.org/" />
+		<test url="http://paws.wmflabs.org/" />
+		<test url="http://utrs.wmflabs.org/" />
+		<test url="http://xtools.wmflabs.org/" />
+		<test url="http://en.wikipedia.beta.wmflabs.org/" />
+
+	<!-- Wikimedia chapters that support HTTPS, incomplete list -->
+
+	<target host="wikimedia.ch" />
+	<target host="*.wikimedia.ch" />
+		<test url="http://www.wikimedia.ch/" />
+		<test url="http://glam.wikimedia.ch/" />
+		<test url="http://intern.wikimedia.ch/" />
+		<test url="http://members.wikimedia.ch/" />
+		<test url="http://portal.wikimedia.ch/" />
+		<test url="http://test.wikimedia.ch/" />
+		<test url="http://upload-www.wikimedia.ch/" />
+
+	<!-- wikimedia.cz uses an invalid certificate, redirecting to www -->
+	<target host="wikimedia.cz" />
+	<target host="www.wikimedia.cz" />
+	<target host="lists.wikimedia.cz" />
+	<target host="tracker.wikimedia.cz" />
+	<!--
+		Known subdomains not supporting HTTPS or using an invalid certificate:
+			* blog.wikimedia.cz
+			* ceny.wikimedia.cz
+			* chu.wikimedia.cz
+			* facebook.wikimedia.cz
+			* seniori.wikimedia.cz
+			* studenti.wikimedia.cz
+			* twitter.wikimedia.cz
+	-->
 
-	<rule from="^http://(?:www\.)?mediawiki\.org/"
-		to="https://www.mediawiki.org/" />
+	<target host="wikimedia.de" />
+	<target host="*.wikimedia.de" />
+		<!-- mismatch on tools.wikimedia.de -->
+		<exclusion pattern="^http://tools\.wikimedia\.de/" />
+			<test url="http://tools.wikimedia.de/" />
+		<!-- incomplete cert chain on civicrm.wikimedia.de -->
+		<exclusion pattern="^http://civicrm\.wikimedia\.de/" />
+			<test url="http://civicrm.wikimedia.de/" />
+		<test url="http://www.wikimedia.de/" />
+		<test url="http://spenden.wikimedia.de/" />
+		<test url="http://test.wikimedia.de/" />
+		<test url="http://backend.wikimedia.de/" />
+		<test url="http://ffw.wikimedia.de/" />
+		<test url="http://wke.wikimedia.de/" />
+		<test url="http://redmine.wikimedia.de/" />
+		<test url="http://blog.wikimedia.de/" />
 
-	<rule from="^http://([^@:/]+\.)?wik(ibooks|idata|imedia|inews|ipedia|iquote|isource|iversity|ivoyage|tionary)\.org/"
-		to="https://$1wik$2.org/" />
+	<target host="wikimedia.es" />
+	<target host="*.wikimedia.es" />
+		<test url="http://www.wikimedia.es/" />
+		<test url="http://blog.wikimedia.es/" />
+		<test url="http://listas.wikimedia.es/" />
+		<test url="http://servidor.wikimedia.es/" />
+	<target host="wikilov.es" />
+	<target host="www.wikilov.es" />
+
+	<!-- (www.)wikimedia.or.id uses invalid certificate
+	<target host="wikimedia.or.id" />
+	<target host="www.wikimedia.or.id" />
+	-->
+
+	<target host="wikimedia.org.au" />
+	<!-- All subdomains *.wikimedia.org.au use an invalid security certificate. -->
+
+	<target host="wikimedia.org.il" />
+	<target host="www.wikimedia.org.il" />
+	<!--
+		blog.wikimedia.org.il uses an invalid security certificate.
+		The certificate is only valid for www.wikimedia.org.il and wikimedia.org.il.
+	-->
+
+	<target host="wikimedia.org.uk" />
+	<target host="blog.wikimedia.org.uk" />
+	<target host="donate.wikimedia.org.uk" />
+	<target host="office.wikimedia.org.uk" />
+	<target host="tech.wikimedia.org.uk" />
+	<target host="www.wikimedia.org.uk" />
+	<!--
+		Known subdomains not supporting HTTPS or using an invalid certificate:
+			* en.qrwp.wikimedia.org.uk
+			* lists.wikimedia.org.uk
+			* qrpedia.wikimedia.org.uk
+			* qrwp.wikimedia.org.uk (redirects to qrpedia.org)
+	-->
+
+	<!-- Deprecated hosts -->
+	<target host="toolserver.org" />
+	<target host="www.toolserver.org" />
+
+	<!--	Not secured by server: -->
+	<!--securecookie host="^(?:www\.)?wikidata\.org$" name="^WMF-Last-Access$" /-->
+	<!--securecookie host="^en\.wikipedia\.org$" name="^(CentralAuthAnon|mediaWiki\.user\.sessionId|uls-previous-languages)$" /-->
+
+	<securecookie host="^(?:www\.)?mediawiki\.org$" name=".+" />
+	<securecookie host="^\.wik(?:ibooks|idata|imedia|imediafoundation|inews|ipedia|iquote|isource|iversity|ivoyage|tionary)\.org$" name="^GeoIP$" />
+	<securecookie host="^(?:[^@:/]+\.)?wik(?:ibooks|idata|inews|ipedia|iquote|isource|iversity|ivoyage|tionary)\.org$" name=".+" />
+	<securecookie host="^(?:species|commons|meta|incubator|wikitech)\.wikimedia\.org$" name=".+" />
+	<securecookie host="^wikimediafoundation\.org$" name=".+" />
+
+	<rule from="^http://(en|fr)wp\.org/"
+		to="https://$1.wikipedia.org/wiki/" />
 
-	<rule from="^http://([^@:/]+)\.planet\.wikimedia\.org/"
-		to="https://$1.planet.wikimedia.org/" />
+	<rule from="^http://wikimedia\.cz/"
+		to="https://www.wikimedia.cz/" />
 
-	<rule from="^http://(www\.)?wikimediafoundation\.org/"
-		to="https://$1wikimediafoundation.org/" />
+	<rule from="^http://www\.wikimedia\.org\.uk/"
+		to="https://wikimedia.org.uk/" />
 
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Wikimonde.com.xml b/src/chrome/content/rules/Wikimonde.com.xml
new file mode 100644
index 000000000000..8e7a4e038190
--- /dev/null
+++ b/src/chrome/content/rules/Wikimonde.com.xml
@@ -0,0 +1,16 @@
+<!--
+	Invalid certificate:
+		mail.wikimonde.com
+		mobile.wikimonde.com
+		www.plus.wikimonde.com
+
+-->
+<ruleset name="Wikimonde.com">
+
+	<target host="wikimonde.com" />
+	<target host="www.wikimonde.com" />
+	<target host="plus.wikimonde.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Wikinvest.xml b/src/chrome/content/rules/Wikinvest.xml
index 13cdb1fd8139..b11b20f1d0cd 100644
--- a/src/chrome/content/rules/Wikinvest.xml
+++ b/src/chrome/content/rules/Wikinvest.xml
@@ -1,8 +1,9 @@
 <ruleset name="Wikinvest">
 
 	<target host="wikinvest.com" />
-	<target host="*.wikinvest.com" />
-	<target host="*.www.wikinvest.com" />
+	<target host="ad.wikinvest.com" />
+	<target host="cdn.wikinvest.com" />
+	<target host="www.wikinvest.com" />
 
 
 	<securecookie host="^\.www\.wikinvest\.com$" name=".+" />
@@ -10,7 +11,7 @@
 
 	<!--	CDN: edgecast
 				-->
-	<rule from="^https?://(?:ad\.|cdn\.|www\.)?wikinvest\.com/"
+	<rule from="^http://(?:ad\.|cdn\.|www\.)?wikinvest\.com/"
 		to="https://www.wikinvest.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Wikiscan.xml b/src/chrome/content/rules/Wikiscan.xml
new file mode 100644
index 000000000000..b94fd1f6545f
--- /dev/null
+++ b/src/chrome/content/rules/Wikiscan.xml
@@ -0,0 +1,13 @@
+<!--
+	wikiscan.org has both a wildcard DNS record and a wildcard certificate.
+-->
+<ruleset name="Wikiscan">
+	<target host="wikiscan.org" />
+	<target host="*.wikiscan.org" />
+
+	<rule from="^http:" to="https:" />
+
+	<test url="http://en.wikiscan.org/" />
+	<test url="http://frwiktionary.wikiscan.org/" />
+	<test url="http://eswikisource.wikiscan.org/" />
+</ruleset>
diff --git a/src/chrome/content/rules/Wikisimpsons.xml b/src/chrome/content/rules/Wikisimpsons.xml
new file mode 100644
index 000000000000..45d0e6b85e24
--- /dev/null
+++ b/src/chrome/content/rules/Wikisimpsons.xml
@@ -0,0 +1,13 @@
+<!--
+	Nonfunctional domains:
+	www.simpsonwiki.com (Mismatched certificate)
+-->
+<ruleset name="Wikisimpsons">
+	<target host="simpsonswiki.com" />
+	<target host="sv.simpsonswiki.com" />
+	<target host="static.simpsonswiki.com" />
+	<target host="answers.simpsonswiki.com" />
+	<target host="news.simpsonswiki.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Wikispooks.xml b/src/chrome/content/rules/Wikispooks.xml
new file mode 100644
index 000000000000..27a6ebc98cd8
--- /dev/null
+++ b/src/chrome/content/rules/Wikispooks.xml
@@ -0,0 +1,13 @@
+<ruleset name="WikiSpooks.com">
+
+	<target host="wikispooks.com" />
+	<target host="*.wikispooks.com" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://([^/:@]+\.)?wikispooks\.com/"
+		to="https://$1wikispooks.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Wikivs.com.xml b/src/chrome/content/rules/Wikivs.com.xml
deleted file mode 100644
index e780a0330d3a..000000000000
--- a/src/chrome/content/rules/Wikivs.com.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="Wikivs.com">
-  <target host="www.wikivs.com"/>
-  <target host="wikivs.com"/>
-  <rule from="^http://(www\.)?wikivs\.com/" to="https://www.wikivs.com/"/>
-</ruleset>
-<!-- Rule generated by HTTPS Finder 0.85 -->
\ No newline at end of file
diff --git a/src/chrome/content/rules/Wild-West-Domains.xml b/src/chrome/content/rules/Wild-West-Domains.xml
deleted file mode 100644
index 625c0355ac92..000000000000
--- a/src/chrome/content/rules/Wild-West-Domains.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<ruleset name="Wild West Domains">
-
-	<target host="wildwestdomains.com" />
-	<target host="*.wildwestdomains.com" />
-	<target host="wwdomains.com" />
-	<target host="www.wwdomains.com" />
-
-
-	<securecookie host="^.*\.wildwestdomains\.com$" name=".*" />
-
-
-	<rule from="^http://((?:cart|img|who|www)\.)?wildwestdomains\.com/"
-		to="https://$1wildwestdomains.com/" />
-
-	<!--	- Cert for both: email.secureserver.net
-		- Redirect like so
-						-->
-	<rule from="^https?://(e|web)mail\.wildwestdomains\.com/"
-		to="https://login.secureserver.net/index.php?app=wbe&amp;domain=$1mail.wildwestdomains.com" />
-
-	<!--	Redirects like so.	-->
-	<rule from="^https?://(?:www\.)?wwdomains\.com/"
-		to="https://wildwestdomains.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/WildLeaks.org.xml b/src/chrome/content/rules/WildLeaks.org.xml
new file mode 100644
index 000000000000..6289ea37725c
--- /dev/null
+++ b/src/chrome/content/rules/WildLeaks.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="WildLeaks.org">
+
+	<target host="wildleaks.org" />
+	<target host="www.wildleaks.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/WildPlanetPhotoMagazine.com.xml b/src/chrome/content/rules/WildPlanetPhotoMagazine.com.xml
new file mode 100644
index 000000000000..80ace83b9d17
--- /dev/null
+++ b/src/chrome/content/rules/WildPlanetPhotoMagazine.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="Wild Planet Photo Magazine">
+
+	<target host="wildplanetphotomagazine.com" />
+	<target host="www.wildplanetphotomagazine.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/WildStar-online.com.xml b/src/chrome/content/rules/WildStar-online.com.xml
new file mode 100644
index 000000000000..7828d718a1bb
--- /dev/null
+++ b/src/chrome/content/rules/WildStar-online.com.xml
@@ -0,0 +1,35 @@
+<!--
+	For other NCsoft coverage, see NCsoft.com.xml.
+
+
+	^: cert only matches www
+
+
+	Mixed content:
+
+		- Bugs, on www from:
+
+			- bs.serving-sys.com *
+			- ds.serving-sys.com *
+
+	* Secured by us
+
+-->
+<ruleset name="WildStar online.com">
+
+	<target host="account.wildstar-online.com" />
+	<target host="forums.wildstar-online.com" />
+	<target host="login.wildstar-online.com" />
+	<target host="shop.wildstar-online.com" />
+	<target host="static.wildstar-online.com" />
+	<target host="support.wildstar-online.com" />
+	<target host="wildstar-online.com" />
+	<target host="www.wildstar-online.com" />
+
+	<rule from="^http://wildstar-online\.com/"
+		to="https://www.wildstar-online.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Wild_Apricot.org.xml b/src/chrome/content/rules/Wild_Apricot.org.xml
index 03b90b23df90..42820ae3dcb6 100644
--- a/src/chrome/content/rules/Wild_Apricot.org.xml
+++ b/src/chrome/content/rules/Wild_Apricot.org.xml
@@ -7,7 +7,8 @@
 <ruleset name="Wild Apricot.org">
 
 	<target host="wildapricot.org" />
-	<target host="*.wildapricot.org" />
+	<target host="f.wildapricot.org" />
+	<target host="www.wildapricot.org" />
 
 
 	<!--securecookie host="^\.wildpricot\.org$" name="^ARF$" /-->
@@ -17,4 +18,4 @@
 	<rule from="^http://(?:(f\.)|www\.)?wildapricot\.org/"
 		to="https://$1wildapricot.org/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Wildcard_Corp.com.xml b/src/chrome/content/rules/Wildcard_Corp.com.xml
deleted file mode 100644
index 20d2efc5c22b..000000000000
--- a/src/chrome/content/rules/Wildcard_Corp.com.xml
+++ /dev/null
@@ -1,42 +0,0 @@
-<!--
-	Other Wildcard Corp rulesets:
-
-		- Cdig.me.xml
-
-
-	Problematic domains:
-
-		- www.assemblys.net	(mismatched, CN: *.wildcardcorp.com)
-
-
-	Mixed content:
-
-		- css, on:
-
-			- assemblys.net from fonts.googleapis.com *
-			- www.wildcardcorp.com from fonts.googleapis.com *
-
-	* Secured by us
-
--->
-<ruleset name="Wildcard Corp.com">
-
-	<target host="assemblys.net" />
-	<target host="*.assemblys.net" />
-	<target host="wildcardcorp.com" />
-	<target host="*.wildcardcorp.com" />
-
-
-	<securecookie host="^\.(?:assemblys\.net|wildcardcorp\.com)$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?assemblys\.net/"
-		to="https://assemblys.net/" />
-
-	<!--	^ redirects to www over http,
-		so copy that behavior:
-					-->
-	<rule from="^http://(?:www\.)?wildcardcorp\.com/"
-		to="https://www.wildcardcorp.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Wilde_Beuger_Solmecke.xml b/src/chrome/content/rules/Wilde_Beuger_Solmecke.xml
new file mode 100644
index 000000000000..8f692bd19876
--- /dev/null
+++ b/src/chrome/content/rules/Wilde_Beuger_Solmecke.xml
@@ -0,0 +1,27 @@
+<!--
+	Wilde Beuger Solmecke
+
+
+	Problematic subdomains:
+
+		- ^	(self-signed, mismatched; CN: 17833.whserv.de)
+
+-->
+<ruleset name="WBS-law.de">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.wbs-law.de" />
+
+	<!--	Complications:
+				-->
+	<target host="wbs-law.de" />
+
+	<securecookie host="^www\.wbs-law\.de$" name=".+" />
+
+	<rule from="^http://wbs-law\.de/"
+		to="https://www.wbs-law.de/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Wilders-Security-Forums.xml b/src/chrome/content/rules/Wilders-Security-Forums.xml
index bf27b44d1ecb..86ddde9c1dde 100644
--- a/src/chrome/content/rules/Wilders-Security-Forums.xml
+++ b/src/chrome/content/rules/Wilders-Security-Forums.xml
@@ -1,15 +1,10 @@
-<ruleset name="Wilders Security Forums" default_off="self-signed">
+<ruleset name="Wilders Security Forums">
 
 	<target host="wilderssecurity.com" />
-	<!--	* for cross-domain cookies.	-->
-	<target host="*.wilderssecurity.com" />
+	<target host="www.wilderssecurity.com" />
 
+	<securecookie host=".+" name=".+" />
 
-	<securecookie host="^\.wilderssecurity\.com$" name=".*" />
-
-
-	<!--	Cert doesn't match !www.	-->
-	<rule from="^http://(?:www\.)?wilderssecurity\.com/"
-		to="https://www.wilderssecurity.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Wildfiregames.com.xml b/src/chrome/content/rules/Wildfiregames.com.xml
new file mode 100644
index 000000000000..f4fd98c1d6e6
--- /dev/null
+++ b/src/chrome/content/rules/Wildfiregames.com.xml
@@ -0,0 +1,24 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://releases.wildfiregames.com/ => https://releases.wildfiregames.com/: (51, "SSL: no alternative certificate subject name matches target host name 'releases.wildfiregames.com'")
+
+    Nonfunctional subdomains:
+        - feedback
+        - irclogs
+        - os
+        - svn
+
+    Other rulesets for related sites:
+        - Play0ad.com.xml
+-->
+<ruleset name="Wildfiregames.com" default_off="failed ruleset test">
+    <target host="wildfiregames.com" />
+    <target host="www.wildfiregames.com" />
+    <target host="releases.wildfiregames.com" />
+
+    <securecookie host="^(www\.|releases\.)?wildfiregames\.com" name=".+" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Wildlifesydney.com.au.xml b/src/chrome/content/rules/Wildlifesydney.com.au.xml
new file mode 100644
index 000000000000..dac8fd9a5866
--- /dev/null
+++ b/src/chrome/content/rules/Wildlifesydney.com.au.xml
@@ -0,0 +1,25 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://secure.wildlifesydney.com.au/ => https://secure.wildlifesydney.com.au/: (6, 'Could not resolve host: secure.wildlifesydney.com.au')
+
+	For other Merlin Entertainments coverage, see Merlin-Entertainments.xml.
+
+	Nonfunctional subdomains:
+		- calendar		(cert mismatch)
+-->
+<ruleset name="WILD LIFE Sydney Zoo" default_off="failed ruleset test">
+	<target host="wildlifesydney.com.au" />
+	<target host="m.wildlifesydney.com.au" />
+	<target host="secure.wildlifesydney.com.au" />
+	<target host="www.wildlifesydney.com.au" />
+
+	<securecookie host=".*\.wildlifesydney\.com\.au$" name=".+" />
+
+	<!-- HTTP 404: -->
+	<rule from="^http://wildlifesydney\.com\.au/"
+		to="https://www.wildlifesydney.com.au/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Wildwestdomains.com.xml b/src/chrome/content/rules/Wildwestdomains.com.xml
new file mode 100644
index 000000000000..06663eef6616
--- /dev/null
+++ b/src/chrome/content/rules/Wildwestdomains.com.xml
@@ -0,0 +1,16 @@
+<!--
+	Chain issue (missing intermediate):
+		- who.wildwestdomains.com
+
+	Invalid certificate:
+		- email.wildwestdomains.com
+		- webmail.wildwestdomains.com
+-->
+
+<ruleset name="Wildwestdomains.com">
+	<target host="wildwestdomains.com" />
+	<target host="www.wildwestdomains.com" />
+	<target host="api.wildwestdomains.com" />
+	<target host="api.ote.wildwestdomains.com" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Wiley.xml b/src/chrome/content/rules/Wiley.xml
index ffa970900aed..3a2d93c6374c 100644
--- a/src/chrome/content/rules/Wiley.xml
+++ b/src/chrome/content/rules/Wiley.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://sp.onlinelibrary.wiley.com/ (200) => https://sp.onlinelibrary.wiley.com/ (403)
+
 	Nonfunctional subdomains:
 
 		- bcs		(no https)
@@ -20,11 +24,9 @@
 
 	<target host="wiley.com"/>
 	<target host="*.wiley.com"/>
-	<target host="onlinelibrarystatic.wiley.com"/>
-	<target host="sp.onlinelibrary.wiley.com" />
 
 
-	<securecookie host="^sp\.onlinelibrary\.wiley\.com$" name=".*" />
+	<securecookie host="^sp\.onlinelibrary\.wiley\.com$" name=".+" />
 
 
 	<rule from="^http://(?:www\.)?wiley\.com/(?:remcover\.cg|WileyRemoteAPI/Cover\.rap)i\?isbn=(\d{8})(\w\w)"
diff --git a/src/chrome/content/rules/Wilhelm-gym.net.xml b/src/chrome/content/rules/Wilhelm-gym.net.xml
index c88e22b8a282..f45b083af105 100644
--- a/src/chrome/content/rules/Wilhelm-gym.net.xml
+++ b/src/chrome/content/rules/Wilhelm-gym.net.xml
@@ -4,7 +4,6 @@
 	<target host="www.wilhelm-gym.net" />
 
 
-	<rule from="^http://(www\.)?wilhelm-gym\.net/"
-		to="https://$1wilhelm-gym.net/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Will_Leather_Goods.xml b/src/chrome/content/rules/Will_Leather_Goods.xml
index bea07e53d305..5c21ee606432 100644
--- a/src/chrome/content/rules/Will_Leather_Goods.xml
+++ b/src/chrome/content/rules/Will_Leather_Goods.xml
@@ -1,13 +1,12 @@
 <ruleset name="Will Leather Goods">
 
 	<target host="willleathergoods.com" />
-	<target host="*.willleathergoods.com" />
+	<target host="www.willleathergoods.com" />
 
 
-	<securecookie host="^(?:.*\.)?willleathergoods\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(www\.)?willleathergoods\.com/"
-		to="https://$1willleathergoods.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Willamette_Week.xml b/src/chrome/content/rules/Willamette_Week.xml
index 1925abf5cb2d..a28b5ff48257 100644
--- a/src/chrome/content/rules/Willamette_Week.xml
+++ b/src/chrome/content/rules/Willamette_Week.xml
@@ -15,4 +15,4 @@
 	<rule from="^http://(?:www\.)?wweek\.com/"
 		to="https://www.wweek.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Willhaben.at.xml b/src/chrome/content/rules/Willhaben.at.xml
new file mode 100644
index 000000000000..688fa2bd9084
--- /dev/null
+++ b/src/chrome/content/rules/Willhaben.at.xml
@@ -0,0 +1,30 @@
+<!--
+	Nonfunctional subdomains:
+
+		- (www.) ¹
+		- cache ²
+
+	¹ Redirects to http/404
+	² Refused
+
+
+	Insecure cookies are set for these domains:
+
+		- mobile.willhaben.at
+
+-->
+<ruleset name="Willhaben.at (partial)">
+
+	<target host="mobile.willhaben.at" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^mobile\.willhaben\.at$" name="^(JSESSIONID|testf5|visitor|whm-idclient)$" /-->
+
+	<securecookie host="^mobile\.willhaben\.at$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/William-Hill-mismatches.xml b/src/chrome/content/rules/William-Hill-mismatches.xml
index 15a9a111b313..6a363a37cd47 100644
--- a/src/chrome/content/rules/William-Hill-mismatches.xml
+++ b/src/chrome/content/rules/William-Hill-mismatches.xml
@@ -2,19 +2,15 @@
 	For rules that are on by default, see William-Hill.xml.
 
 -->
-<ruleset name="William Hill (mismatches)" default_off="mismatch">
+<ruleset name="William Hill.com (mismatches)" default_off="mismatched">
 
-	<!--	Cert: www.williamhill.com	-->
 	<target host="bingo.williamhill.com" />
 	<target host="casino.williamhill.com" />
 	<target host="poker.williamhill.com" />
 	<target host="vegas.williamhill.com" />
 
 
-	<!--	Cookies are handled in the main ruleset.	-->
-
-
-	<rule from="^http://(bingo|casino|poker|vegas)\.williamhill\.com/"
-		to="https://$1.williamhill.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/William-Hill.xml b/src/chrome/content/rules/William-Hill.xml
index 7b8b5fb7f11e..8629a3aecc7a 100644
--- a/src/chrome/content/rules/William-Hill.xml
+++ b/src/chrome/content/rules/William-Hill.xml
@@ -1,4 +1,9 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://serve.williamhill.com/ => https://serve.williamhill.com/: (35, 'error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure')
+Fetch error: http://cacheserve.williamhill.com/ => https://serve.williamhill.com/: (35, 'error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure')
+
 	For problematic rules, see William-Hill-mismatches.xml
 
 
@@ -12,64 +17,130 @@
 		- jobs-williamhill.com		(self-signed; shows Apache status)
 		- (www.)williamhillmedia.com	(times out)
 		- careers.williamhillplc.com	(interrupted)
-		- www.williamhillplc.com	(cert: www2.myinvestis.com, expired, self-signed; ssl_error_handshake_failure_alert)
+		- www.williamhillplc.com	(Refused)
 
 
-	Fully covered domains:
+	Problematic hosts in *williamhill.com:
 
-		- cmscdn.staticcache.org
+		- ^ ¹
+		- bingo ¹
+		- casino ¹
+		- financials ¹
+		- games ¹
+		- gaming ²
+		- news ¹
+		- poker ¹
+		- vegas ¹
+		- whdn		(400
 
-		- williamhill.com subdomains:
+	¹ Mismatched
+	² Server sends no certificate chain, see https://whatsmychaincert.com
 
-			- files
 
--->
-<ruleset name="William Hill (partial)" platform="mixedcontent">
+	Insecure cookies are set for these domains and hosts:
+
+		- .williamhill.com
+		- ads2.williamhill.com
+		- sports.williamhill.com
+		- www.williamhill.com
+
+
+	Mixed content:
+
+		- css on casino, games, poker from whdn.williamhill.com
 
-	<target host="cmscdn.staticcache.org" />
+		- Images, on:
+
+			- auth, casino, games, poker, www from whdn.williamhill.com *
+
+	* Secured by us
+
+-->
+<ruleset name="William Hill.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ads2.williamhill.com" />
+	<target host="auth.williamhill.com" />
+	<target host="cachemobile.williamhill.com" />
+	<target host="files.williamhill.com" />
+	<!--target host="gaming.williamhill.com" /-->
+	<target host="mobilegaming.williamhill.com" />
+	<target host="scratchcards.williamhill.com" />
+	<target host="secdn.williamhill.com" />
+	<target host="serve.williamhill.com" />
+	<target host="sports.williamhill.com" />
+	<target host="www.williamhill.com" />
+
+	<!--	Complications:
+				-->
 	<target host="williamhill.com" />
-	<target host="*.williamhill.com" />
+	<target host="cacheserve.williamhill.com" />
+	<target host="whdn.williamhill.com" />
 
+		<!--	At least some pages redirect to http.
 
-	<!--
-		Tracking cookies:
+			Exceptions:
 					-->
-	<securecookie host="^\.williamhill\.com$" name="^(?:banner_(?:domain)?click|clickinfo|fd_click|exp_\w+)" />
-	<!--	Lots of cross-domain cookies.  Are any used on
-		(unsecurable) sports?	-->
-	<!--securecookie host="^\.williamhill\.com$" name="^zname_extension$" /-->
-	<securecookie host="^\w+\.williamhill\.com$" name=".*" />
+		<exclusion pattern="^http://sports\.williamhill\.com/(?!acc/)" />
+
+			<test url="http://sports.williamhill.com/bet/en-gb" />
+			<test url="http://sports.williamhill.com/bet/en-gb/betting/y/5/Football.html" />
+			<test url="http://sports.williamhill.com/bet/en-gb/betting/y/9/Horse%2dRacing.html" />
 
+		<!--	Sets cookies without Secure:
+							-->
+		<test url="http://ads2.williamhill.com/redirect.aspx?pid=&amp;lpid=&amp;bid=" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.williamhill\.com$" name="^(CSRF_COOKIE|SQ_SYSTEM_SESSION|banner_click|clickinfo|cust_lang|cust_login|cust_prefs|exp_last_activity|exp_last_visit|exp_tracker|source_NR|vars_info|vegas_visit|whUserData|zname_extension)$" /-->
+	<!--securecookie host="^(sports)?\.williamhill\.com$" name="^TS[\da-f]{8}$" /-->
+	<!--securecookie host="^ads2\.williamhill\.com$" name="^NetRefer(?:_CookieUniTrack_C|SPS)" /-->
+	<!--securecookie host="^(?:sports|www)\.williamhill\.com$" name="^TS[\da-f]{8}_\d\d$" /-->
+
+	<!--	Tracking cookies:
+					-->
+	<securecookie host="^\.williamhill\.com$" name="^(?:banner_(?:domain)?click|clickinfo|fd_click|exp_\w+)" />
+	<!--securecookie host="^\w+\.williamhill\.com$" name=".*" /-->
+	<securecookie host="^(?:ads2|www)\.williamhill\.com$" name=".+" />
 
-	<rule from="^http://cmscdn\.staticcache\.org/"
-		to="https://cmscdn.staticcache.org/" />
 
 	<!--	Cert only matches www.	-->
-	<rule from="^http://(?:www\.)?williamhill\.com/"
+	<rule from="^http://williamhill\.com/"
 		to="https://www.williamhill.com/" />
 
-	<rule from="^http://(cachemobile|files)\.williamhill\.com/"
-		to="https://$1.williamhill.com/" />
-
 	<!--	Advertisements included on 3rd-party websites.
 
 		NB: serve redirects to cacheserve with a different
 		path.  When rewritten to serve again with this
 		different path, it *doesn't* redirect back.
 					-->
-	<rule from="^http://(?:cache)?serve\.williamhill\.com/"
+	<rule from="^http://cacheserve\.williamhill\.com/"
 		to="https://serve.williamhill.com/" />
 
-	<!--	whdn:
-			- Cert: *.hs.llnwd.net
-			- Displays blank page
-			- Not on www
-					-->
-	<rule from="^http://(?:sec|wh)dn\.williamhill\.com/"
+	<!--	- 400
+		- Not on www
+				-->
+	<rule from="^http://whdn\.williamhill\.com/"
 		to="https://secdn.williamhill.com/" />
 
-	<!--	At least some pages redirect to http.	-->
-	<rule from="^http://sports\.williamhill\.com/acc/"
-		to="https://sports.williamhill.com/acc/" />
+		<!--	$400s:
+				-->
+		<exclusion pattern="^http://whdn\.williamhill\.com/+(?:$|\?)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://whdn.williamhill.com/?f" />
+			<test url="http://whdn.williamhill.com/?o" />
+			<test url="http://whdn.williamhill.com/??o" />
+
+			<!--	-ve:
+					-->
+			<test url="http://whdn.williamhill.com/cms/images/dotSpacer.gif" />
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Williams-College-self-signed.xml b/src/chrome/content/rules/Williams-College-self-signed.xml
deleted file mode 100644
index b85bee7f41ed..000000000000
--- a/src/chrome/content/rules/Williams-College-self-signed.xml
+++ /dev/null
@@ -1,40 +0,0 @@
-<!--
-	For rules that are on by default, see Williams-College.xml.
-
--->
-<ruleset name="Williams College (self-signed)" default_off="self-signed, mismatch" platform="mixedcontent">
-
-	<!--	archives, chapin, & library cert: web.williams.edu	-->
-	<target host="archives.williams.edu" />
-	<target host="biology.williams.edu" />
-	<target host="ces.williams.edu" />
-	<target host="chapin.williams.edu" />
-	<target host="chemistry.williams.edu" />
-	<target host="committees.williams.edu" />
-	<target host="communications.williams.edu" />
-	<target host="conferences.williams.edu" />
-	<target host="dean.williams.edu" />
-	<target host="dean-faculty.williams.edu" />
-	<target host="facultynotes.williams.edu" />
-	<target host="hmf.williams.edu" />
-	<target host="hr.williams.edu" />
-	<target host="library.williams.edu" />
-	<target host="math.williams.edu" />
-	<target host="mobile-services.williams.edu" />
-	<target host="oit.williams.edu" />
-	<target host="parents.williams.edu" />
-	<target host="physics.williams.edu" />
-	<target host="president.williams.edu" />
-	<target host="science.williams.edu" />
-	<target host="sustainability.williams.edu" />
-
-
-	<!--	Cookies are handled in Williams-College.xml.
-
-
-		Some data on oit are also available on it, which has a trusted cert.	-->
-
-	<rule from="^http://(archives|biology|ces|chapin|chemistry|committees|communications|conferences|dean|dean-faculty|facultynotes|hmf|hr|library|math|mobile-services|oit|parents|physics|president|science|sustainability)\.williams\.edu/"
-		to="https://$1.williams.edu/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Williams-College.xml b/src/chrome/content/rules/Williams-College.xml
index a65a29327688..7001fda7a265 100644
--- a/src/chrome/content/rules/Williams-College.xml
+++ b/src/chrome/content/rules/Williams-College.xml
@@ -1,44 +1,58 @@
 <!--
-	For problematic rules, see Williams-College-self-signed.xml.
+	Non-functional hosts
+		Timeout was reached:
+			 - cf.williams.edu
 
+		SSL peer certificate was not OK:
+			 - archives.williams.edu
+			 - chapin.williams.edu
 
-	Nonfunctional subdomains:
-
-		- 62center	(cert: cf.williams.edu; shows that domain's data)
-		- alumni
-		- (www.)cs	(cert only matches www.cs; redirects to webmail login)
-		- sysnet.cs
-		- emuseum	(times out)
-		- music
-
+		Status code mismatch:
+			 - williams.edu
+			 - people.williams.edu
 -->
 <ruleset name="Williams College (partial)">
-
 	<target host="williams.edu" />
-	<target host="*.williams.edu" />
-
-
-	<!--	There's a cross-domain cookie set by webprspct, which
-		is not handled in case it's used on unsecurable pages
-				-->
-	<securecookie host="^\w+\.williams\.edu$" name=".*" />
-
-
-
-	<!--	- !www redirects to www.williams.edu/wp-signup.php over https
-		- wp-signup.php redirects infinitely
-		- !www redirects to www.../$ over http
-					-->
-	<rule from="^https?://(?:www\.)?williams\.edu/"
-		to="https://www.williams.edu/" />
-
-	<rule from="^http://(admission|cf|francis|glow|it|roomscheduler|sarah|sites|wcma|web|webprspct)\.williams\.edu/"
-		to="https://$1.williams.edu/" />
-
-	<!--	- Cert only matches sites
-		- people redirects to sites
-				-->
-	<rule from="^https?://people\.williams\.edu/"
-		to="https://sites.williams.edu/" />
-
+	<target host="www.williams.edu" />
+	<target host="62center.williams.edu" />
+	<target host="admission.williams.edu" />
+	<target host="alumni.williams.edu" />
+	<target host="biology.williams.edu" />
+	<target host="ces.williams.edu" />
+	<target host="chemistry.williams.edu" />
+	<target host="committees.williams.edu" />
+	<target host="communications.williams.edu" />
+	<target host="conferences.williams.edu" />
+	<target host="csci.williams.edu" />
+	<target host="dean.williams.edu" />
+	<target host="dean-faculty.williams.edu" />
+	<target host="facultynotes.williams.edu" />
+	<target host="glow.williams.edu" />
+	<target host="hmf.williams.edu" />
+	<target host="hr.williams.edu" />
+	<target host="it.williams.edu" />
+	<target host="library.williams.edu" />
+	<target host="math.williams.edu" />
+	<target host="music.williams.edu" />
+	<target host="oit.williams.edu" />
+	<target host="parents.williams.edu" />
+	<target host="people.williams.edu" />
+	<target host="physics.williams.edu" />
+	<target host="president.williams.edu" />
+	<target host="roomscheduler.williams.edu" />
+	<target host="sarah.williams.edu" />
+	<target host="science.williams.edu" />
+	<target host="sites.williams.edu" />
+	<target host="sustainability.williams.edu" />
+	<target host="wcma.williams.edu" />
+	<target host="web.williams.edu" />
+
+	<rule from="^http://williams\.edu/"
+			to="https://www.williams.edu/" />
+
+	<rule from="^http://people\.williams\.edu/"
+			to="https://sites.williams.edu/" />
+
+	<rule from="^http:"
+			to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Willow-Garage.xml b/src/chrome/content/rules/Willow-Garage.xml
index 0680d22ba8e5..f4256f04878f 100644
--- a/src/chrome/content/rules/Willow-Garage.xml
+++ b/src/chrome/content/rules/Willow-Garage.xml
@@ -1,4 +1,10 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://willowgarage.com/ => https://www.willowgarage.com/: (60, 'SSL certificate problem: certificate has expired')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://willowgarage.com/ => https://www.willowgarage.com/: (28, 'Connection timed out after 10000 milliseconds')
 	Nonfunctional subdomains:
 
 		- pr2support
@@ -10,10 +16,10 @@
 		- ^	(cert only matches www)
 
 -->
-<ruleset name="Willow Garage (partial)">
+<ruleset name="Willow Garage (partial)" default_off="failed ruleset test">
 
 	<target host="willowgarage.com" />
-	<target host="*.willowgarage.com" />
+	<target host="www.willowgarage.com" />
 
 
 	<securecookie host="^(?:www)?\.willowgarage\.com$" name=".+" />
diff --git a/src/chrome/content/rules/Willy-Brandt.de.xml b/src/chrome/content/rules/Willy-Brandt.de.xml
new file mode 100644
index 000000000000..51585a8a9ae3
--- /dev/null
+++ b/src/chrome/content/rules/Willy-Brandt.de.xml
@@ -0,0 +1,12 @@
+<ruleset name="Willy-Brandt.de">
+	<!-- Federal Chancellor Willy Brandt Foundation -->
+
+	<target host="willy-brandt.de" />
+	<target host="www.willy-brandt.de" />
+	<target host="statistik.willy-brandt.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/WilmerHale.com.xml b/src/chrome/content/rules/WilmerHale.com.xml
new file mode 100644
index 000000000000..c8d9119e1011
--- /dev/null
+++ b/src/chrome/content/rules/WilmerHale.com.xml
@@ -0,0 +1,36 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- www.wilmerhale.com
+
+
+	Mixed content:
+
+		- Image on webmail from www.wilmerhale.com *
+		- Bug on www from wilmerhale.d1.sc.omtrdc.net *
+
+	* Secured by us
+
+-->
+<ruleset name="WilmerHale.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="wilmerhale.com" />
+	<target host="connect.wilmerhale.com" />
+	<target host="connectproxy.wilmerhale.com" />
+	<target host="webmail.wilmerhale.com" />
+	<target host="www.wilmerhale.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.wilmerhale\.com$" name="^(?:ASP\.NET_SessionId|EktGUID|EkAnalytics|ecm)$" /-->
+
+	<securecookie host="^www\.wilmerhale\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Wilmington_University.xml b/src/chrome/content/rules/Wilmington_University.xml
new file mode 100644
index 000000000000..c608c9ef47f2
--- /dev/null
+++ b/src/chrome/content/rules/Wilmington_University.xml
@@ -0,0 +1,8 @@
+<ruleset name="Wilmington University (partial)">
+  <target host="wilmu.edu" />
+  <target host="www.wilmu.edu" />
+  <target host="webcampus.wilmu.edu" />
+  <target host="www.webcampus.wilmu.edu" />
+  <rule from="^http://(?:www\.)?wilmu\.edu/" to="https://www.wilmu.edu/" />
+  <rule from="^http://(?:www\.)?webcampus\.wilmu\.edu/" to="https://webcampus.wilmu.edu/" />
+</ruleset>
diff --git a/src/chrome/content/rules/Wilsch.lgbt.xml b/src/chrome/content/rules/Wilsch.lgbt.xml
new file mode 100644
index 000000000000..09d7419f2c23
--- /dev/null
+++ b/src/chrome/content/rules/Wilsch.lgbt.xml
@@ -0,0 +1,8 @@
+<ruleset name="Wilsch.lgbt">
+	<target host="wilsch.lgbt" />
+	<target host="www.wilsch.lgbt" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/WilsonTimes.com.xml b/src/chrome/content/rules/WilsonTimes.com.xml
new file mode 100644
index 000000000000..1783c91631dc
--- /dev/null
+++ b/src/chrome/content/rules/WilsonTimes.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="WilsonTimes.com">
+	<target host="wilsontimes.com" />
+	<target host="www.wilsontimes.com" />
+	<target host="wheels.wilsontimes.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Wilson_Center.org.xml b/src/chrome/content/rules/Wilson_Center.org.xml
new file mode 100644
index 000000000000..0742ac528801
--- /dev/null
+++ b/src/chrome/content/rules/Wilson_Center.org.xml
@@ -0,0 +1,12 @@
+<ruleset name="Wilson Center.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="wilsoncenter.org" />
+	<target host="www.wilsoncenter.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Wimdu.co.uk.xml b/src/chrome/content/rules/Wimdu.co.uk.xml
new file mode 100644
index 000000000000..0b2f73f8388c
--- /dev/null
+++ b/src/chrome/content/rules/Wimdu.co.uk.xml
@@ -0,0 +1,18 @@
+<!--
+	CDN buckets:
+
+		- d1u74ms2r7alyn.cloudfront.net
+
+-->
+<ruleset name="Wimdu.co.uk">
+
+	<target host="wimdu.co.uk" />
+	<target host="www.wimdu.co.uk" />
+
+
+	<securecookie host="^[.w]*\.wimdu\.co\.uk$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Wimp.com.xml b/src/chrome/content/rules/Wimp.com.xml
new file mode 100644
index 000000000000..5c4c715a7fd6
--- /dev/null
+++ b/src/chrome/content/rules/Wimp.com.xml
@@ -0,0 +1,46 @@
+<!--
+	Nonfunctional subdomains:
+
+		- beverly.crusher
+		- m
+
+
+	Insecure cookies are set for these domains:
+
+		- .wimp.com
+
+
+	Mixed content:
+
+		- Web bugs, on www from:
+
+			- www.facebook.com *
+			- c.statcounter.com *
+
+		- Images, on:
+
+			- www from www *
+			- www from beverly.crusher.wimp.com
+
+		- favicon on www from $self
+
+	* Secured by us
+
+-->
+<ruleset name="Wimp.com (partial)" default_off="self-signed">
+
+	<target host="wimp.com" />
+	<target host="www.wimp.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.wimp$" name="^(__qca|country|goog|img_server|mobile_server|server)$" /-->
+
+	<securecookie host="^\.wimp$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Win-rd.jp.xml b/src/chrome/content/rules/Win-rd.jp.xml
new file mode 100644
index 000000000000..65792e9f1f4a
--- /dev/null
+++ b/src/chrome/content/rules/Win-rd.jp.xml
@@ -0,0 +1,26 @@
+<!--
+	For other GMO coverage, see GMO_Internet.xml.
+
+
+	(www.) doesn't exist
+
+-->
+<ruleset name="Win-rd.jp">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="cp.win-rd.jp" />
+	<target host="cp8.win-rd.jp" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^cp8?\.win-rd\.jp$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^cp8?\.win-rd\.jp$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/WinPcap.xml b/src/chrome/content/rules/WinPcap.xml
index 12922d3ecf5c..71aff0efba03 100644
--- a/src/chrome/content/rules/WinPcap.xml
+++ b/src/chrome/content/rules/WinPcap.xml
@@ -1,7 +1,20 @@
-<ruleset name="WinPcap" platform="mixedcontent">
+<!--
+	Insecure cookies are set for these domains:
+
+		- .winpcap.org
+
+-->
+<ruleset name="WinPcap.org">
   <target host="winpcap.org" />
   <target host="www.winpcap.org" />
 
-  <rule from="^http://winpcap\.org/" to="https://winpcap.org/"/>
-  <rule from="^http://www\.winpcap\.org/" to="https://www.winpcap.org/"/>
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.winpcap\.org$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.winpcap\.org$" name=".+" />
+
+
+  <rule from="^http:" to="https:"/>
 </ruleset>
diff --git a/src/chrome/content/rules/WinRAR.xml b/src/chrome/content/rules/WinRAR.xml
index 6eeab10c2b25..05e2eaeda7bd 100644
--- a/src/chrome/content/rules/WinRAR.xml
+++ b/src/chrome/content/rules/WinRAR.xml
@@ -1,15 +1,30 @@
-<ruleset name="WinRAR">
-
-	<target host="win-rar.com" />
-	<!--	* for cross-domain cookies.	-->
-	<target host="*.win-rar.com" />
+<!--
+	Other WinRAR.com related rulesets:
 
+	Non-functional hosts
+		Timeout was reached:
+		- covermount.win-rar.com
+		- gate.win-rar.com
+		- gate.intern.win-rar.com
+		- ns3.win-rar.com
+		- ukr.win-rar.com
+		- webmail.win-rar.com
 
-	<securecookie host="^.*\.win-rar\.com$" name=".*" />
+		SSL peer certificate was not OK:
+		- mailing.win-rar.com
 
+		4xx client error:
+		- piwik.win-rar.com
+-->
+<ruleset name="WinRAR">
+	<target host="win-rar.com" />
+	<target host="www.win-rar.com" />
+	<target host="admin.win-rar.com" />
+	<target host="downloads.win-rar.com" />
+	<target host="notifier.win-rar.com" />
+	<target host="shop.win-rar.com" />
+	<target host="stats.win-rar.com" />
+	<target host="zimbra.win-rar.com" />
 
-	<!--	Cert only matches www.	-->
-	<rule from="^http://(?:www\.)?win-rar\.com/"
-		to="https://www.win-rar.com/" />
-
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/WinSCP.xml b/src/chrome/content/rules/WinSCP.xml
new file mode 100644
index 000000000000..bf67e2dcb0d8
--- /dev/null
+++ b/src/chrome/content/rules/WinSCP.xml
@@ -0,0 +1,11 @@
+<ruleset name="WinSCP">
+	<target host="winscp.net" />
+	<target host="www.winscp.net" />
+
+	<securecookie host="(^|\.)winscp\.net$" name=".+" />
+
+	<rule from="^http://www\.winscp\.net/"
+		to="https://winscp.net/" />
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/WinSuperSite.com.xml b/src/chrome/content/rules/WinSuperSite.com.xml
deleted file mode 100644
index ca19f804a9c5..000000000000
--- a/src/chrome/content/rules/WinSuperSite.com.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	- Cert only matches ^winsupersite.com
-	- Some pages redirect to http
-
--->
-<ruleset name="WinSuperSite.com (partial)">
-
-	<target host="winsupersite.com" />
-	<target host="www.winsupersite.com" />
-
-
-	<rule from="^http://(?:www\.)?winsupersite\.com/(?=site-files/|sites/)"
-		to="https://winsupersite.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/WinTieWin.xml b/src/chrome/content/rules/WinTieWin.xml
deleted file mode 100644
index 1c92cfbe111d..000000000000
--- a/src/chrome/content/rules/WinTieWin.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="WinTieWin">
-
-	<target host="wintiewin.com" />
-	<target host="*.wintiewin.com" />
-
-
-	<securecookie host="^\.wintiewin\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?wintiewin\.com/"
-		to="https://$1wintiewin.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/WinZip.com.xml b/src/chrome/content/rules/WinZip.com.xml
new file mode 100644
index 000000000000..18735152c0c7
--- /dev/null
+++ b/src/chrome/content/rules/WinZip.com.xml
@@ -0,0 +1,70 @@
+<!--
+	Remark: www redirects to plaintext with JavaScript,
+		e.g. https://www.winzip.com/win/en/
+
+	Non-functional hosts
+		Couldn't connect to server:
+			 - activate.winzip.com
+			 - api.winzip.com
+			 - free.winzip.com
+			 - mac.winzip.com
+			 - msg.winzip.com
+			 - systemtools.winzip.com
+			 - tools.winzip.com
+			 - utilities.winzip.com
+
+		Timeout was reached:
+			 - dl.winzip.com
+			 - download-origin.winzip.com
+			 - ftp.winzip.com
+			 - internet01.winzip.com
+			 - kb.winzip.com
+			 - 1.outbound1.mail.winzip.com
+			 - 1.outbound2.mail.winzip.com
+			 - man-smtprelay.winzip.com
+			 - openvpn.winzip.com
+			 - secure.winzip.com
+			 - wzmail3.winzip.com
+			 - wzvoip.winzip.com
+			 - wzweb.winzip.com
+
+		SSL peer certificate was not OK:
+			 - download.winzip.com
+			 - download1.winzip.com
+			 - download2.winzip.com
+			 - download4.winzip.com
+			 - help.winzip.com
+			 - http2.winzip.com
+			 - image.winzip.com
+			 - imagewz.winzip.com
+			 - inst.winzip.com
+			 - install.winzip.com
+			 - mail.winzip.com
+			 - refresh-origin.winzip.com
+			 - subscribe.winzip.com
+			 - tray.winzip.com
+			 - update.winzip.com
+			 - updatedu.winzip.com
+			 - updatero.winzip.com
+			 - updatess.winzip.com
+			 - web-origin.winzip.com
+			 - www2.winzip.com
+			 - www3.winzip.com
+			 - www4.winzip.com
+			 - www6.winzip.com
+
+		Peer certificate cannot be authenticated with given CA certificates:
+			 - shopm.winzip.com
+			 - shopm226.winzip.com
+
+		5xx server error:
+			 - updaterv.winzip.com
+-->
+<ruleset name="WinZip.com (partial)" default_off="other">
+	<target host="winzip.com" />
+	<target host="www.winzip.com" />
+	<target host="shop.winzip.com" />
+	<target host="store.winzip.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Winbond.com.xml b/src/chrome/content/rules/Winbond.com.xml
new file mode 100644
index 000000000000..2b1c5912d5fa
--- /dev/null
+++ b/src/chrome/content/rules/Winbond.com.xml
@@ -0,0 +1,25 @@
+<!--
+	^winbond.com doesn't exist.
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.winbond.com
+
+-->
+<ruleset name="Winbond.com">
+
+	<target host="www.winbond.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.winbond\.com$" name="^JSESSIONID$" /-->
+
+	<securecookie host="^www\.winbond\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Wincent.com.xml b/src/chrome/content/rules/Wincent.com.xml
new file mode 100644
index 000000000000..018d2c19b897
--- /dev/null
+++ b/src/chrome/content/rules/Wincent.com.xml
@@ -0,0 +1,13 @@
+<!--
+	git & www: redirects to http
+
+-->
+<ruleset name="Wincent.com">
+
+	<target host="wincent.com" />
+	<target host="www.wincent.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Wind.com.gr.xml b/src/chrome/content/rules/Wind.com.gr.xml
new file mode 100644
index 000000000000..ae74343ae26e
--- /dev/null
+++ b/src/chrome/content/rules/Wind.com.gr.xml
@@ -0,0 +1,16 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.wind.com.gr/ => https://www.wind.com.gr/: (51, "SSL: no alternative certificate subject name matches target host name 'www.wind.com.gr'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.wind.com.gr/ => https://www.wind.com.gr/: (51, "SSL: no alternative certificate subject name matches target host name 'www.wind.com.gr'") This ruleset is experimental. If you experience problems please
+	 open an issue at https://github.com/kargig/https-everywhere-greek-rules -->
+
+<ruleset name="Wind" default_off="failed ruleset test">
+  <target host="www.wind.com.gr" />
+
+	<securecookie host="^www\.wind\.com\.gr$" name=".+" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Wind.it.xml b/src/chrome/content/rules/Wind.it.xml
new file mode 100644
index 000000000000..8d5d7e66109c
--- /dev/null
+++ b/src/chrome/content/rules/Wind.it.xml
@@ -0,0 +1,8 @@
+<ruleset name="Wind.it (partial)">
+	<target host="wind.it" />
+	<target host="www.wind.it" />
+	<target host="mdm.wind.it" />
+	<target host="start.wind.it" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Wind_River.com-problematic.xml b/src/chrome/content/rules/Wind_River.com-problematic.xml
new file mode 100644
index 000000000000..a0239d23e517
--- /dev/null
+++ b/src/chrome/content/rules/Wind_River.com-problematic.xml
@@ -0,0 +1,18 @@
+<!--
+	For rules that are on by default, see Wind_River.com.xml.
+
+-->
+<ruleset name="Wind River.com (problematic)" default_off="expired, mismatched">
+
+	<target host="windriver.com" />
+	<target host="secure.windriver.com" />
+	<target host="www.windriver.com" />
+
+
+	<securecookie host="^windriver\.com$" name="^PHPSESSID$" />
+
+
+	<rule from="^http://(?:(secure\.)|www\.)?windriver\.com/"
+		to="https://$1windriver.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Wind_River.com.xml b/src/chrome/content/rules/Wind_River.com.xml
new file mode 100644
index 000000000000..7445e0f60daf
--- /dev/null
+++ b/src/chrome/content/rules/Wind_River.com.xml
@@ -0,0 +1,37 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://developer.windriver.com/ => https://developer.windriver.com/: (60, 'SSL certificate problem: certificate has expired')
+
+	For problematic coverage, see Wind_River.com-problematic.xml.
+
+
+	^: mismatched, CN: secure.windriver.com
+	www: akamai
+
+	secure: Expired 2012-10-04
+
+
+	Insecure cookies are set for these domains:
+
+		- windriver.com
+		- developer.windriver.com
+
+-->
+<ruleset name="Wind River.com (partial)" default_off="failed ruleset test">
+
+	<target host="developer.windriver.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^windriver\.com$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^developer\.windriver\.com$" name="^(BIGipServer\w{6}-\d+-pool|JSESSIONID|jive\.server\.info)$" /-->
+
+	<securecookie host="^developer\.windriver\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Window-Maker-mismatches.xml b/src/chrome/content/rules/Window-Maker-mismatches.xml
deleted file mode 100644
index f34ca6c4b5f0..000000000000
--- a/src/chrome/content/rules/Window-Maker-mismatches.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	For rules that are on by default, see Window-Maker.xml.
-
--->
-<ruleset name="Window Maker (mismatches)" default_off="mismatch" platform="cacert">
-
-	<target host="windowmaker.org" />
-	<target host="*.windowmaker.org" />
-
-
-	<!--	- !www: cert is only valid for www
-		- www cert: CAcert
-		- www redirects to !www
-		- dockapps cert: mail.offline.org
-					-->
-	<rule from="^http://(dockapps\.|www\.)?windowmaker\.org/"
-		to="https://$1windowmaker.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Window-Maker.xml b/src/chrome/content/rules/Window-Maker.xml
deleted file mode 100644
index efc4fad132df..000000000000
--- a/src/chrome/content/rules/Window-Maker.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<!--
-	For problematic rules, see Window-Maker-mismatches.xml.
-
--->
-<ruleset name="Window Maker (partial)" platform="cacert">
-
-	<target host="lists.windowmaker.org" />
-
-
-	<rule from="^http://lists\.windowmaker\.org/"
-		to="https://lists.windowmaker.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/WindowMaker.org.xml b/src/chrome/content/rules/WindowMaker.org.xml
new file mode 100644
index 000000000000..66bac74afe93
--- /dev/null
+++ b/src/chrome/content/rules/WindowMaker.org.xml
@@ -0,0 +1,17 @@
+<!--
+	Invalid certificate:
+		amanda.windowmaker.org
+		dockapps.windowmaker.org
+		lists.windowmaker.org
+		a.mx.windowmaker.org
+
+-->
+<ruleset name="WindowMaker.org">
+
+	<target host="windowmaker.org" />
+	<target host="www.windowmaker.org" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Window_Switch.xml b/src/chrome/content/rules/Window_Switch.xml
index d7f33e578d94..fc5e0afd40b6 100644
--- a/src/chrome/content/rules/Window_Switch.xml
+++ b/src/chrome/content/rules/Window_Switch.xml
@@ -1,16 +1,30 @@
-<ruleset name="Window Switch">
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- winswitch.org
+		- www.winswitch.org
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Win Switch.org">
 
 	<target host="winswitch.org" />
 	<target host="www.winswitch.org" />
 
-
-	<securecookie host="^winswitch\.org$" name=".+" />
+		<!--	Sets cookies without Secure:
+							-->
+		<!--test url="http://winswitch.org/trac/" /-->
 
 
-	<!--	www redirects to ^ over http,
-		so copy that behavior:
+	<!--	Not secured by server:
 					-->
-	<rule from="^http://(?:www\.)?winswitch\.org/"
-		to="https://winswitch.org/" />
+	<!--securecookie host="^(?:www\.)?winswitch\.org$" name="^trac_(?:form_token|session)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Windows.com.xml b/src/chrome/content/rules/Windows.com.xml
new file mode 100644
index 000000000000..66dce3837c82
--- /dev/null
+++ b/src/chrome/content/rules/Windows.com.xml
@@ -0,0 +1,39 @@
+<!--
+	For other Microsoft coverage, see Microsoft.xml.
+
+
+	Insecure cookies are set for these hosts:
+
+		- dev.windows.com
+
+
+	Mixed content:
+
+		- Images on dev, developer from assets.windowsphone.com *
+		- Bug on dev, developer from c.microsoft.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Windows.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="windows.com" />
+	<target host="www.windows.com" />
+	<target host="blogs.windows.com" />
+	<target host="dev.windows.com" />
+	<target host="developer.windows.com" />
+	<target host="insider.windows.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^dev\.windows\.com$" name="^ssostate$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Windows.net.xml b/src/chrome/content/rules/Windows.net.xml
index eb2ef3a9698e..c97410f3b438 100644
--- a/src/chrome/content/rules/Windows.net.xml
+++ b/src/chrome/content/rules/Windows.net.xml
@@ -1,3 +1,4 @@
+
 <!--
 	For other Microsoft coverage, see Microsoft.xml.
 
@@ -6,11 +7,6 @@
 
 		- windows.net				(times out)
 
-
-	Fully covered domains:
-
-		- msngpm.accesscontrol.windows.net
-
 -->
 <ruleset name="Windows.net">
 
@@ -18,6 +14,19 @@
 	<target host="*.blob.core.windows.net" />
 	<target host="www.windows.net" />
 
+		<!--
+		<test url="http://advertiseonbing.blob.core.windows.net/blob/bingads/media/library/home/homepage/benefits-mobile-gbl-360x360.jpg?ext=.jpg" />
+		-->
+		<test url="http://appexbingfin1.blob.core.windows.net/logo/Zillo.png" />
+		<test url="http://bingblog.blob.core.windows.net/bing/2015/01/MLK_Nashville-304x158.jpg" />
+		<test url="http://modernumbraco.blob.core.windows.net/cdn/stylesheet/cdn/css/pages/homepageV6.less/5618216245ebf20893bd9c960ffd3da76c4f2f25.css" />
+		<test url="http://mscorp.blob.core.windows.net/mscorpmedia/2015/04/Build2015_Satya-Nadella_FINAL-640x4271-75x55.jpg" />
+		<test url="http://mscorpnews.blob.core.windows.net/ncmedia/2014/09/introducing-windows-10-the-best-windows-yet-181x94.jpg" />
+		<test url="http://officeblogswest.blob.core.windows.net/wp-content/2014/01/SUMMARY_O365_300x166-220x122.jpg" />
+		<!--test url="http://pcclivewww.blob.core.windows.net/wordpress-uploads/womens-pathfinder-English-325x247.jpg" /-->
+		<!--test url="http://swplive.blob.core.windows.net/wordpress-uploads/Police-tape1-150x1501.jpg" /-->
+		<test url="http://venturesblob.blob.core.windows.net/sitethemefiles/normalize.min.css" />
+
 
 	<rule from="^http://(?:www\.)?windows\.net/$"
 		to="https://www.microsoft.com/net" />
@@ -27,7 +36,4 @@
 	<rule from="^http://(\w+)\.blob\.core\.windows\.net/"
 		to="https://$1.blob.core.windows.net/" />
 
-	<rule from="^http://msngpm\.accesscontrol\.windows\.net/"
-		to="https://msngpm.accesscontrol.windows.net/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Windows_7_Forums.xml b/src/chrome/content/rules/Windows_7_Forums.xml
deleted file mode 100644
index e2cb46032eb3..000000000000
--- a/src/chrome/content/rules/Windows_7_Forums.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	HTTPS is not responding anymore:
-	- https://trac.torproject.org/projects/tor/ticket/8535
-
--->
-<ruleset name="Windows 7 Forums (broken)" default_off="broken">
-
-	<target host="sevenforums.com" />
-	<target host="*.sevenforums.com" />
-
-
-	<securecookie host="^\.sevenforums\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?sevenforums\.com/"
-		to="https://$1sevenforums.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Windows_Azure.xml b/src/chrome/content/rules/Windows_Azure.xml
index ce653c4efd67..9f99827bbb62 100644
--- a/src/chrome/content/rules/Windows_Azure.xml
+++ b/src/chrome/content/rules/Windows_Azure.xml
@@ -17,21 +17,39 @@
 		- (www.)	(^ → www)
 		- account
 		- manage
+		- www.remoteapp
+
+
+	Insecure cookies are set for these domains:
+
+		- www.remoteapp
 
 -->
-<ruleset name="Windows Azure">
+<ruleset name="Windows Azure.com">
 
+	<!--	Direct rewrites:
+				-->
+	<target host="account.windowsazure.com" />
+	<target host="manage.windowsazure.com" />
+	<target host="www.remoteapp.windowsazure.com" />
+	<target host="www.windowsazure.com" />
+
+	<!--	Complications:
+				-->
 	<target host="windowsazure.com" />
-	<target host="*.windowsazure.com" />
 
 
-	<securecookie host="^\.windowsazure\.com$" name=".+" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.remoteapp\.windowsazure\.com$" name="^ActivityId$" /-->
+
+	<securecookie host="^(?:www\.remoteapp)?\.windowsazure\.com$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?windowsazure\.com/"
+	<rule from="^http://windowsazure\.com/"
 		to="https://www.windowsazure.com/" />
 
-	<rule from="^http://(account|manage)\.windowsazure\.com/"
-		to="https://$1.windowsazure.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Windows_IT_Pro.xml b/src/chrome/content/rules/Windows_IT_Pro.xml
deleted file mode 100644
index 86aad40ddf40..000000000000
--- a/src/chrome/content/rules/Windows_IT_Pro.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	For other Penton Media coverage, see Penton_Media.xml.
-
-
-	Problematic subdomains:
-
-		- forms		(works; mismatched, CN: secure.eloqua.com)
-		- www		(cert only matches ^windowsitpro.com)
-
-
-	Some pages redirect to http, including login and registration pages.
-
--->
-<ruleset name="Windows IT Pro (partial)">
-
-	<target host="windowsitpro.com" />
-	<target host="www.windowsitpro.com" />
-
-
-	<rule from="^https?://(?:www\.)?windowsitpro\.com/(cart/checkout(?:$|\?|/)|site-files/|sites/)"
-		to="https://windowsitpro.com/$1" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Windows_Phone.xml b/src/chrome/content/rules/Windows_Phone.xml
index 61c3dd91eac2..af82a79c23cc 100644
--- a/src/chrome/content/rules/Windows_Phone.xml
+++ b/src/chrome/content/rules/Windows_Phone.xml
@@ -2,47 +2,68 @@
 	For other Microsoft coverage, see Microsoft.xml.
 
 
-	Nonfunctional domains:
+	Problematic hosts in *windowsphone.com:
 
-		- wpdev.ms	(times out)
+		- ^ *
+		- images.partner *
+
+	* Mismatched
 
 
 	Fully covered windowsphone.com domains:
 
-		- ^
+		- ^		(^ → www)
+		- assets
 		- cmsresources
 		- dev
 		- developer
-		- images.partner
+		- images.partner	(→ wmoxy.vo.msecnd.net)
 		- resources
-		- www
+
+
+	Insecure cookies are set for these hosts:
+
+		- developer.windowsphone.com
 
 -->
-<ruleset name="Windows Phone (partial)">
+<ruleset name="Windows Phone.com">
 
+	<!--	Direct rewrites:
+				-->
+	<target host="assets.windowsphone.com" />
+	<target host="cmsresources.windowsphone.com" />
+	<target host="dev.windowsphone.com" />
+	<target host="developer.windowsphone.com" />
+	<target host="resources.windowsphone.com" />
+	<target host="www.windowsphone.com" />
+
+	<!--	Complications:
+				-->
 	<target host="windowsphone.com" />
-	<target host="*.windowsphone.com" />
+	<target host="images.partner.windowsphone.com" />
+
+		<test url="http://cmsresources.windowsphone.com/devcenter/en-us/DevCenter_v4/css/site.css" />
 
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^developer\.windowsphone\.com$" name="^(UT|ssostate)$" /-->
+
 	<!--	Observed cookie subdomains:
 
 			- dev
 			- www
 				-->
-	<securecookie host="^.+\.windowsphone\.com$" name=".+" />
+	<securecookie host=".+\.windowsphone\.com$" name=".+" />
 
 
-	<!--	!www: cert only matches resources.windowsphone.com.
-									-->
-	<rule from="^https?://(?:www\.)?windowsphone\.com/"
+	<rule from="^http://windowsphone\.com/"
 		to="https://www.windowsphone.com/" />
 
-	<rule from="^http://((?:cms)?resources|dev|developer|images\.partner)\.windowsphone\.com/"
-		to="https://$1.windowsphone.com/" />
+	<rule from="^http://images\.partner\.windowsphone\.com/"
+		to="https://wmoxy.vo.msecnd.net/" />
 
-	<!--	$ redirects like so.
-					-->
-	<rule from="^https://wpdev\.ms/$"
-		to="https://bitly.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Windows_Secrets.com.xml b/src/chrome/content/rules/Windows_Secrets.com.xml
new file mode 100644
index 000000000000..dabcdc9f2529
--- /dev/null
+++ b/src/chrome/content/rules/Windows_Secrets.com.xml
@@ -0,0 +1,35 @@
+<!--
+	For other iNET Interactive coverage, see INet-Interactive.xml.
+
+
+	At least some paths redirect to http.
+
+
+	Mixed content:
+
+		- css from $self ¹
+
+		- Images from $self ²
+
+	¹ forums/css.php; unsecurable, present without us
+	² Secured by us
+
+-->
+<ruleset name="Windows Secrets.com (partial)">
+
+	<target host="windowssecrets.com" />
+	<target host="www.windowssecrets.com" />
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="http://(www\.)?windowssecrets\.com/+($|\?|forums/css\.php|forums/images/)" /-->
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="http://(www\.)?windowssecrets\.com/+(?!favicon\.ico|subscription-preferences($|[?/])|wp-content/|wp-includes/)" /-->
+
+
+	<rule from="^http://(www\.)?windowssecrets\.com/(?=favicon\.ico|subscription-preferences(?:$|[?/])|wp-content/|wp-includes/)"
+		to="https://$1windowssecrets.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Windstream_Business.xml b/src/chrome/content/rules/Windstream_Business.xml
index 3a259cc2e027..744060fe57c8 100644
--- a/src/chrome/content/rules/Windstream_Business.xml
+++ b/src/chrome/content/rules/Windstream_Business.xml
@@ -2,21 +2,52 @@
 	For other Windstream Communications coverage, see Windstream_Communications.xml.
 
 
-	Problematic subdomains:
+	Nonfunctional hosts in *windstreambusiness.com:
 
-		- ^	(cert only matches *.windstreambusiness.com)
+		- referralpartner *
+
+	* Refused
+
+
+	Problematic hosts in *windstreambusiness.com:
+
+		- ^ *
+		- carrier *
+
+	* Mismatched
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .windstreambusiness.com
+		- www.windstreambusiness.com
 
 -->
-<ruleset name="Windstream Business">
+<ruleset name="Windstream Business.com (partial)">
 
-	<target host="windstreambusiness.com" />
+	<!--	Direct rewrites:
+				-->
+	<!--target host="carrier.windstreambusiness.com" /-->
 	<target host="www.windstreambusiness.com" />
 
+	<!--	Complications:
+				-->
+	<target host="windstreambusiness.com" />
+
+
+	<!--	Incapsula cookies:
+					-->
+	<!--securecookie host="^\.windstreambusiness\.com$" name="^(?:incap_ses_\d+|visid_incap)_\d+$" /-->
+	<!--securecookie host="^www\.windstreambusiness\.com$" name="^___utm[abm]\w+$" /-->
 
+	<securecookie host="^\.windstreambusiness\.com$" name="^(?:incap_ses_\d+|visid_incap)_\d+$" />
 	<securecookie host="^www\.windstreambusiness\.com$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?windstreambusiness\.com/"
+	<rule from="^http://windstreambusiness\.com/"
 		to="https://www.windstreambusiness.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Windstream_Communications.xml b/src/chrome/content/rules/Windstream_Communications.xml
index c9085d6e6ea3..31ef1e686460 100644
--- a/src/chrome/content/rules/Windstream_Communications.xml
+++ b/src/chrome/content/rules/Windstream_Communications.xml
@@ -32,4 +32,4 @@
 	<rule from="^http://rebates\.windstream\.com/.*"
 		to="https://rebates.windstream.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Wine-Staging.xml b/src/chrome/content/rules/Wine-Staging.xml
new file mode 100644
index 000000000000..3207c24c7ed3
--- /dev/null
+++ b/src/chrome/content/rules/Wine-Staging.xml
@@ -0,0 +1,10 @@
+<ruleset name="Wine-Staging">
+
+	<target host="wine-staging.com"/>
+	<target host="www.wine-staging.com"/>
+	<target host="bugs.wine-staging.com"/>
+	<target host="repos.wine-staging.com"/>
+
+	<rule from="^http:" to="https:"/>
+
+</ruleset>
diff --git a/src/chrome/content/rules/WineAustraliaCorporation.xml b/src/chrome/content/rules/WineAustraliaCorporation.xml
new file mode 100644
index 000000000000..7cfd3e1b13b8
--- /dev/null
+++ b/src/chrome/content/rules/WineAustraliaCorporation.xml
@@ -0,0 +1,7 @@
+<ruleset name="Wine Australia Corporation">
+	<target host="wineaustralia.com" />
+	<target host="www.wineaustralia.com" />
+
+	<rule from="^http://(?:www\.)?wineaustralia\.com/"
+		to="https://www.wineaustralia.com/" />
+</ruleset>
diff --git a/src/chrome/content/rules/WineHQ.xml b/src/chrome/content/rules/WineHQ.xml
index d9d0b25a1c0f..5a513bb0b0d5 100644
--- a/src/chrome/content/rules/WineHQ.xml
+++ b/src/chrome/content/rules/WineHQ.xml
@@ -1,29 +1,19 @@
-<!--
-	Nonfunctional subdomains:
 
-		- wiki		(shows lattica.com; mismatched, CN: lattica.com)
-
-
-	Fully covered subdomains:
-
-		- (www.)
-		- appdb
-		- bugs
-		- forum
-		- source
-		- test
-
--->
-<ruleset name="WineHQ (partial) ">
+<ruleset name="WineHQ.org">
 
 	<target host="winehq.org" />
-	<target host="*.winehq.org" />
-
+	<target host="appdb.winehq.org" />
+	<target host="bugs.winehq.org" />
+	<target host="forum.winehq.org" />
+	<target host="forums.winehq.org" />
+	<target host="source.winehq.org" />
+	<target host="test.winehq.org" />
+	<target host="dl.winehq.org" />
+	<target host="wiki.winehq.org" />
+	<target host="www.winehq.org" />
 
 	<securecookie host="^(?:appdb|\.bugs|\.forum)\.winehq\.org$" name=".+" />
 
-
-	<rule from="^http://((?:appdb|bugs|forum|source|test|www)\.)?winehq\.org/"
-		to="https://$1winehq.org/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Wingolog.org.xml b/src/chrome/content/rules/Wingolog.org.xml
new file mode 100644
index 000000000000..2edb831b3182
--- /dev/null
+++ b/src/chrome/content/rules/Wingolog.org.xml
@@ -0,0 +1,14 @@
+<!--
+	www: cert only matches ^wingolog.org
+
+-->
+<ruleset name="wingolog.org">
+
+	<target host="wingolog.org" />
+	<target host="www.wingolog.org" />
+
+
+	<rule from="^http://(?:www\.)?wingolog\.org/"
+		to="https://wingolog.org/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Wingware.com.xml b/src/chrome/content/rules/Wingware.com.xml
new file mode 100644
index 000000000000..1475d1d052c3
--- /dev/null
+++ b/src/chrome/content/rules/Wingware.com.xml
@@ -0,0 +1,32 @@
+<!--
+	Nonfunctional hosts in *wingware.com:
+
+		- wiki *
+
+	* Refused
+
+
+	www.wingware.com: Mismatched
+
+-->
+<ruleset name="Wingware.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="wingware.com" />
+
+	<!--	Complications:
+				-->
+	<target host="www.wingware.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://www\.wingware\.com/"
+		to="https://wingware.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Wingz.me.xml b/src/chrome/content/rules/Wingz.me.xml
new file mode 100644
index 000000000000..6e65491d5bc5
--- /dev/null
+++ b/src/chrome/content/rules/Wingz.me.xml
@@ -0,0 +1,19 @@
+<!--
+	Nonfunctional hosts in *.wingz.me:
+		- blog.wingz.me (m)
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Wingz.me">
+	<target host="wingz.me" />
+	<target host="www.wingz.me" />
+	<target host="app.wingz.me" />
+	<target host="auth.wingz.me" />
+	<target host="help.wingz.me" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Winhawille.edu.hel.fi.xml b/src/chrome/content/rules/Winhawille.edu.hel.fi.xml
deleted file mode 100644
index 45dc36502379..000000000000
--- a/src/chrome/content/rules/Winhawille.edu.hel.fi.xml
+++ /dev/null
@@ -1,5 +0,0 @@
-<ruleset name="Winhawille.edu.hel.fi">
-  <target host="winhawille.edu.hel.fi"/>
-  <rule from="^http://winhawille\.edu\.hel\.fi/" to="https://winhawille.edu.hel.fi/"/>
-</ruleset>
-<!-- Rule generated by HTTPS Finder 0.85 -->
diff --git a/src/chrome/content/rules/Winhistory-Forum.xml b/src/chrome/content/rules/Winhistory-Forum.xml
deleted file mode 100644
index 01c199411713..000000000000
--- a/src/chrome/content/rules/Winhistory-Forum.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<ruleset name="Winhistory Forum">
-
-	<target host="winhistory-forum.net" />
-	<target host="www.winhistory-forum.net" />
-	<target host="*.www.winhistory-forum.net" />
-
-
-	<securecookie host="^\.?www\.winhistory-forum\.net$" name=".+" />
-
-
-	<rule from="^http://(www\.)?winhistory-forum\.net/"
-		to="https://$1winhistory-forum.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Winkdex.com.xml b/src/chrome/content/rules/Winkdex.com.xml
new file mode 100644
index 000000000000..2c9461fe9234
--- /dev/null
+++ b/src/chrome/content/rules/Winkdex.com.xml
@@ -0,0 +1,14 @@
+<!--
+
+	Nonfunctional domains:
+
+		- docs (timeout)
+
+-->
+<ruleset name="Winkdex.com">
+	<target host="winkdex.com" />
+	<target host="www.winkdex.com" />
+	<target host="blog.winkdex.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Winner.com.xml b/src/chrome/content/rules/Winner.com.xml
index 18f0c7631597..0c9c091c5ed5 100644
--- a/src/chrome/content/rules/Winner.com.xml
+++ b/src/chrome/content/rules/Winner.com.xml
@@ -55,12 +55,33 @@
 		- securelivecasino
 		- securemobile
 		- service
-		- wap		
+		- wap
 
 -->
 <ruleset name="Winner.com (partial)">
 
-	<target host="*.winner.com" />
+	<target host="casino.winner.com" />
+	<target host="bannercasino.winner.com" />
+	<target host="chat-winnercasino.winner.com" />
+	<target host="mcasino.winner.com" />
+	<target host="cdn-bingo.winner.com" />
+	<target host="login.winner.com" />
+	<target host="m.winner.com" />
+	<target host="mbingo.winner.com" />
+	<target host="poker.winner.com" />
+	<target host="secure.winner.com" />
+	<target host="service.winner.com" />
+	<target host="static.winner.com" />
+	<target host="wap.winner.com" />
+	<target host="bingo.winner.com" />
+	<target host="games.winner.com" />
+	<target host="livecasino.winner.com" />
+	<target host="mobile.winner.com" />
+	<target host="securebingo.winner.com" />
+	<target host="securegames.winner.com" />
+	<target host="securelivecasino.winner.com" />
+	<target host="securemobile.winner.com" />
+	<target host="cachepoker.winner.com" />
 		<exclusion pattern="^http://casino\.winner\.com/(?!media/)" />
 		<exclusion pattern="^http://poker\.winner\.com/(?!style/|tpl/)" />
 		<exclusion pattern="^http://static\.winner\.com/www/" />
@@ -70,13 +91,12 @@
 	<securecookie host=".+\.winner\.com$" name=".+" />
 
 
-	<rule from="^http://((?:banner|chat-winner|m)?casino|cdn-bingo|login|m|mbingo|poker|secure|service|static|wap)\.winner\.com/"
-		to="https://$1.winner.com/" />
 
 	<rule from="^http://(?:secure)?(bingo|games|livecasino|mobile)\.winner\.com/"
 		to="https://secure$1.winner.com/" />
 
-	<rule from="^https?://cachepoker\.winner\.com/"
+	<rule from="^http://cachepoker\.winner\.com/"
 		to="https://poker.winner.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Wintotal.de.xml b/src/chrome/content/rules/Wintotal.de.xml
new file mode 100644
index 000000000000..f0f2f31a6c46
--- /dev/null
+++ b/src/chrome/content/rules/Wintotal.de.xml
@@ -0,0 +1,13 @@
+<!--  certificate mismatch:
+			- community.wintotal.de
+			- wintotal.de
+	-->
+<ruleset name="Wintotal.de">
+
+	<target host="wintotal.de"/>
+	<target host="www.wintotal.de"/>
+
+	<rule from="^http://wintotal\.de/" to="https://www.wintotal.de/"/>
+	<rule from="^http:" to="https:"/>
+
+</ruleset>
diff --git a/src/chrome/content/rules/Wippies.xml b/src/chrome/content/rules/Wippies.xml
index 2bb18696f620..31c028a18659 100644
--- a/src/chrome/content/rules/Wippies.xml
+++ b/src/chrome/content/rules/Wippies.xml
@@ -1,5 +1,9 @@
+<!--
+Automatically by https-everywhere-checker because:
+Fetch error: http://webmail.wippies.com/ => https://webmail.wippies.com/: (28, 'Operation timed out after 0 milliseconds with 0 out of 0 bytes received')
+-->
 <ruleset name="Wippies Webmail">
   <target host="webmail.wippies.com" />
 
-  <rule from="^http://webmail\.wippies\.com/" to="https://webmail.wippies.com/" />
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Wire.innocraft.cloud.xml b/src/chrome/content/rules/Wire.innocraft.cloud.xml
new file mode 100644
index 000000000000..e3a3ca8c2485
--- /dev/null
+++ b/src/chrome/content/rules/Wire.innocraft.cloud.xml
@@ -0,0 +1,8 @@
+<ruleset name="Wire.innocraft.cloud">
+
+	<target host="wire.innocraft.cloud" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/WireEdit.com.xml b/src/chrome/content/rules/WireEdit.com.xml
new file mode 100644
index 000000000000..9e69fe0a264c
--- /dev/null
+++ b/src/chrome/content/rules/WireEdit.com.xml
@@ -0,0 +1,15 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.wireedit.com/ => https://www.wireedit.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.wireedit.com'")
+
+-->
+<ruleset name="WireEdit.com" default_off="failed ruleset test">
+
+	<target host="wireedit.com" />
+	<target host="www.wireedit.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/WireGuard.xml b/src/chrome/content/rules/WireGuard.xml
new file mode 100644
index 000000000000..4a66b2990957
--- /dev/null
+++ b/src/chrome/content/rules/WireGuard.xml
@@ -0,0 +1,6 @@
+<ruleset name="WireGuard">
+	<target host="wireguard.com" />
+	<target host="www.wireguard.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/WireTarget.com.xml b/src/chrome/content/rules/WireTarget.com.xml
new file mode 100644
index 000000000000..30ad5c3d5091
--- /dev/null
+++ b/src/chrome/content/rules/WireTarget.com.xml
@@ -0,0 +1,17 @@
+<!--
+	For other GameCopyWorld coverage, see GameCopyWorld.com.xml.
+-->
+
+<ruleset name="WireTarget.com">
+	<target host="wiretarget.com" />
+	<target host="www.wiretarget.com" />
+	<target host="files-gamefix-275.wiretarget.com" />
+	<target host="g.wiretarget.com" />
+	<target host="gamefix.wiretarget.com" />
+	<target host="gf.wiretarget.com" />
+	<target host="gfx.wiretarget.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Wireclub.com.xml b/src/chrome/content/rules/Wireclub.com.xml
new file mode 100644
index 000000000000..e90cfcda04a4
--- /dev/null
+++ b/src/chrome/content/rules/Wireclub.com.xml
@@ -0,0 +1,30 @@
+<!--
+	CDN buckets:
+
+		- wireclub-a.akamaihd.net
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.wireclub.com
+
+-->
+<ruleset name="Wireclub.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="wireclub.com" />
+	<target host="www.wireclub.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.wireclub\.com$" name="^[\da-f-]+$" /-->
+
+	<securecookie host="^www\.wireclub\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Wired.com.xml b/src/chrome/content/rules/Wired.com.xml
new file mode 100644
index 000000000000..1746f106f363
--- /dev/null
+++ b/src/chrome/content/rules/Wired.com.xml
@@ -0,0 +1,41 @@
+<!--
+	For other Condé Nast coverage, see Conde-Nast.xml.
+
+	Mismatch:
+		- insights.wired.com
+		- www.insights.wired.com
+		- stats.wired.com
+
+	Refused:
+		- feeds.wired.com
+		- howto.wired.com
+		- innovationinsights.wired.com
+		- video.wired.com
+-->
+<ruleset name="WIRED">
+	<target host="wired.com" />
+	<target host="www.wired.com" />
+	<target host="accounts.wired.com" />
+	<target host="api-accounts.wired.com" />
+	<target host="archive.wired.com" />
+	<target host="assets.wired.com" />
+		<test url="http://assets.wired.com/photos/w_373,h_210/wp-content/uploads/2017/01/GettyImages-631335270-1-600x338.jpg" />
+		<test url="http://assets.wired.com/photos/w_163,h_163/wp-content/uploads/2017/01/GettyImages-631431762-500x500.jpg" />
+	<target host="awsbeta.wired.com" />
+	<target host="beta.wired.com" />
+	<target host="blog.wired.com" />
+	<target host="downloads.wired.com" />
+		<test url="http://downloads.wired.com/podcasts/xml/geekdads.xml" />
+	<target host="live.wired.com" />
+	<target host="sstats.wired.com" />
+	<target host="stag2.wired.com" />
+	<target host="stag3.wired.com" />
+	<target host="static.wired.com" />
+	<target host="subscribe.wired.com" />
+	<target host="subscriptions.wired.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
+
diff --git a/src/chrome/content/rules/Wired.xml b/src/chrome/content/rules/Wired.xml
deleted file mode 100644
index 7a114165cea6..000000000000
--- a/src/chrome/content/rules/Wired.xml
+++ /dev/null
@@ -1,44 +0,0 @@
-<!--
-	For other Condé Nast coverage, see Conde-Nast.xml.
-
-
-	CDN buckets:
-
-		- s3.amazonaws.com/img.wired.co.uk/	| d2f0ban6dhfdsw.cloudfront.net
-			- AWS permanently redirects.
-
-		- howto.wired.com.edgesuite.net
-
-
-	Nonfunctional domains:
-
-		- howto.wired.com	(Akamai; 503)
-
-
-	Some pages redirect to http, including:
-
-		- epicenter/wp-content/
-		- favicon.ico
-		- images_blogs/
-		- opinion/wp-content/
-
--->
-<ruleset name="Wired (partial; buggy)" default_off="strange behavior with images">
-
-	<target host="wired.com" />
-	<target host="*.wired.com" />
-	<target host="cdni.wired.co.uk" />
-        	<!--exclusion pattern="^http://(?:www\.)?wired\.com/images/1x1\.trans\.gif" /-->
-		<exclusion pattern="^https?://(?:www\.)?wired\.com/(?!css/|images/(?!1x1\.trans\.gif)|js/|sandbox/|usr/log(?:in|out))" />
-
-
-	<rule from="^https?://(?:secure\.|www\.)?wired\.com/"
-		to="https://secure.wired.com/" />
-
-	<rule from="^http://subscri(?:be|ptions)\.wired\.com/"
-		to="https://subscri$1.wired.com/" />
-
-	<rule from="^https?://cdni\.wired\.co\.uk/"
-		to="https://d2f0ban6dhfdsw.cloudfront.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/WiredMinds.xml b/src/chrome/content/rules/WiredMinds.xml
index 8e77fba1bc77..c40787ab2337 100644
--- a/src/chrome/content/rules/WiredMinds.xml
+++ b/src/chrome/content/rules/WiredMinds.xml
@@ -1,4 +1,9 @@
+
 <!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Fetch error: http://st1.wiredminsds.de/ => https://st1.wiredminsds.de/: (6, 'Could not resolve host: st1.wiredminsds.de')
+
 	Partially covered subdomains:
 
 		- (www.)	(some pages redirect to http)
@@ -15,15 +20,14 @@
 <ruleset name="WiredMinds (partial)">
 
 	<target host="wiredminds.de" />
-	<target host="*.wiredminds.de" />
-		<exclusion pattern="^http://(?:www\.)?wiredminds\.de/(?!/?assets/|favicon\.ico)" />
-
+  <target host="www.wiredminds.de" />
+	<!-- target host="st1.wiredminsds.de" /-->
+	<target host="test.wiredminds.de" />
+	<target host="wm.wiredminds.de" />
+	<target host="wmapp.wiredminds.de" />
 
 	<securecookie host="\.wiredminds\.de$" name="^WMSESSNAME$" />
 	<securecookie host="^(?:st1|test|wm)\.wiredminds\.de$" name=".+" />
 
-
-	<rule from="^http://((?:st1|test|wm|wmapp|www)\.)?wiredminds\.de/"
-		to="https://$1wiredminds.de/" />
-
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/WiredSafety.org.xml b/src/chrome/content/rules/WiredSafety.org.xml
new file mode 100644
index 000000000000..19a8f1cb6eb0
--- /dev/null
+++ b/src/chrome/content/rules/WiredSafety.org.xml
@@ -0,0 +1,31 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://wiredsafety.org/ => https://wiredsafety.org/: (35, 'error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error')
+Fetch error: http://www.wiredsafety.org/ => https://www.wiredsafety.org/: Too many redirects while fetching 'https://www.wiredsafety.org/'
+
+	Insecure cookies are set for these hosts:
+
+		- wiredsafety.org
+		- www.wiredsafety.org
+
+-->
+<ruleset name="WiredSafety.org" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="wiredsafety.org" />
+	<target host="www.wiredsafety.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?wiredsafety\.org$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^(?:www\.)?wiredsafety\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Wiredjs.com.xml b/src/chrome/content/rules/Wiredjs.com.xml
new file mode 100644
index 000000000000..628887ece194
--- /dev/null
+++ b/src/chrome/content/rules/Wiredjs.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="Wiredjs.com">
+	<target host="wiredjs.com" />
+	<target host="www.wiredjs.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Wireless.org.au.xml b/src/chrome/content/rules/Wireless.org.au.xml
new file mode 100644
index 000000000000..47b998d29994
--- /dev/null
+++ b/src/chrome/content/rules/Wireless.org.au.xml
@@ -0,0 +1,13 @@
+<!--
+	(www.)?: Shows web.crchosting.net.au
+
+-->
+<ruleset name="Wireless.org.au (partial)">
+
+	<target host="lists.wireless.org.au" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/WirelessLeiden.nl.xml b/src/chrome/content/rules/WirelessLeiden.nl.xml
new file mode 100644
index 000000000000..76ff9336049f
--- /dev/null
+++ b/src/chrome/content/rules/WirelessLeiden.nl.xml
@@ -0,0 +1,21 @@
+<!--
+	Invalid certificate:
+		www.wirelessleiden.nl
+
+-->
+<ruleset name="Wireless Leiden.nl">
+
+	<target host="wirelessleiden.nl" />
+	<target host="www.wirelessleiden.nl" />
+	<target host="lijst.wirelessleiden.nl" />
+	<target host="svn.wirelessleiden.nl" />
+	<target host="webfolder.wirelessleiden.nl" />
+	<target host="wiki.wirelessleiden.nl" />
+
+	<rule from="^http://www\.wirelessleiden\.nl/"
+		to="https://wirelessleiden.nl/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Wireshark.xml b/src/chrome/content/rules/Wireshark.xml
deleted file mode 100644
index 70aa3e9ec3cb..000000000000
--- a/src/chrome/content/rules/Wireshark.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	Fully covered subdomains:
-
-		- (www.)
-		- anonsvn
-		- blog
-
--->
-<ruleset name="Wireshark">
-
-	<target host="wireshark.org" />
-	<target host="*.wireshark.org" />
-
-
-	<rule from="^http://((?:anonsvn|blog|www)\.)?wireshark\.org/"
-		to="https://$1wireshark.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Wirral.gov.uk-falsemixed.xml b/src/chrome/content/rules/Wirral.gov.uk-falsemixed.xml
new file mode 100644
index 000000000000..eae3cd90d304
--- /dev/null
+++ b/src/chrome/content/rules/Wirral.gov.uk-falsemixed.xml
@@ -0,0 +1,30 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://democracy.wirral.gov.uk:443/ => https://democracy.wirral.gov.uk/: (28, 'Operation timed out after 30005 milliseconds with 0 bytes received')
+Fetch error: http://democracy.wirral.gov.uk/ => https://democracy.wirral.gov.uk/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+
+	For rules not causing false/broken MCB, see Wirral.gov.uk.xml.
+
+-->
+<ruleset name="Wirral.gov.uk (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
+
+	<!--	Complications:
+				-->
+	<target host="democracy.wirral.gov.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<!--	s:.../$ redirects to:
+					-->
+	<rule from="^http://democracy\.wirral\.gov\.uk:443/"
+		to="https://democracy.wirral.gov.uk/" />
+
+		<test url="http://democracy.wirral.gov.uk:443/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Wirral.gov.uk.xml b/src/chrome/content/rules/Wirral.gov.uk.xml
new file mode 100644
index 000000000000..fd15d8e8573e
--- /dev/null
+++ b/src/chrome/content/rules/Wirral.gov.uk.xml
@@ -0,0 +1,96 @@
+<!--
+	Wirral Metropolitan Borough Council
+
+	For rules causing false/broken MCB, see Wirral.gov.uk-falsemixed.xml.
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *wirral.gov.uk:
+
+		- sportbooking ᵈ
+		- talislds ᵈ
+
+	ᵈ Dropped
+
+
+	Problematic hosts in *wirral.gov.uk:
+
+		- democracy * ˣ
+
+	* s:.../$ redirects to p:...:443/
+	ˣ Mixed css
+
+
+	Insecure cookies are set for these hosts:
+
+		- wirral.gov.uk
+		- anycommson.wirral.gov.uk
+		- democracy.wirral.gov.uk
+		- licensing.wirral.gov.uk
+		- mypension.wirral.gov.uk
+		- provider.wirral.gov.uk
+		- rbss.wirral.gov.uk
+		- wescom.wirral.gov.uk
+		- www.wirral.gov.uk
+		- ww2.wirral.gov.uk
+
+
+	Mixed content:
+
+		- css on democracy www.wirral.gov.uk ˢ
+		- Images on democracy, schooladmissions from www.wirral.gov.uk ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="Wirral.gov.uk (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="wirral.gov.uk" />
+	<target host="anycommson.wirral.gov.uk" />
+	<target host="ereturns.wirral.gov.uk" />
+	<target host="licensing.wirral.gov.uk" />
+	<target host="mypension.wirral.gov.uk" />
+	<target host="myview.wirral.gov.uk" />
+	<target host="provider.wirral.gov.uk" />
+	<target host="rbss.wirral.gov.uk" />
+	<target host="schooladmissions.wirral.gov.uk" />
+	<target host="wescom.wirral.gov.uk" />
+	<target host="ww2.wirral.gov.uk" />
+	<target host="www.wirral.gov.uk" />
+
+	<!--	Complications:
+				-->
+	<!--target host="democracy.wirral.gov.uk" /-->
+
+		<!--	Sets cookies without Secure:
+							-->
+		<!--test url="http://licensing.wirral.gov.uk/MVM/Online/CallCentre/Connect_Licensing/Logon.aspx?ReturnUrl=&amp;pageid=" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?wirral\.gov\.uk$" name="^ROUTEID$" /-->
+	<!--securecookie host="^(?:anycommson|democracy|provider)\.wirral\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^ereturns\.wirral\.gov\.uk$" name="^(?:__LOGINCOOKIE__|ASP\.NET_SessionId)$" /-->
+	<!--securecookie host="^licensing\.wirral\.gov\.uk$" name="^(?:\.MVMONLINE|ASP\.NET_SessionId|MVMSession)$" /-->
+	<!--securecookie host="^mypension\.wirral\.gov\.uk$" name="^(?:JSESSIONID|javax\.faces\.ClientToken|scheEmp)$" /-->
+	<!--securecookie host="^(?:rbss|ww2)\.wirral\.gov\.uk$" name="^ASPSESSIONID[A-Z]{8}$" /-->
+	<!--securecookie host="^wescom\.wirral\.gov\.uk$" name="^SESS[\da-f]{32}$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<!--	s:.../$ redirects to:
+					-->
+	<!--rule from="^http://democracy\.wirral\.gov\.uk:443/"
+		to="https://democracy.wirral.gov.uk/" /-->
+
+		<!--test url="http://democracy.wirral.gov.uk:443/" /-->
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Wishabi.xml b/src/chrome/content/rules/Wishabi.xml
deleted file mode 100644
index 34ec51070a85..000000000000
--- a/src/chrome/content/rules/Wishabi.xml
+++ /dev/null
@@ -1,51 +0,0 @@
-<!--
-	Other Wishabi rulesets:
-
-		- Circular_Hub.xml
-
-
-	CDN buckets:
-
-		- f.wishabi.ca.s3.amazonaws.com
-			- f.wishabi.ca
-
-		- d2e0sxz09bo7k2.cloudfront.net
-
-			- f1.wishabi.ca
-
-
-	Nonfunctional domains:
-
-		- (www.)wishabi.ca *
-		- (www.)wishabi.com *
-
-	* Refused
-
-
-	Fully covered wishabi.ca subdomains:
-
-		- analytics
-		- f		(→ s3.amazonaws.com)
-		- f1		(→ d2e0sxz09bo7k2.cloudfront.net)
-		- merchants
-		- editorials.merchants
-
--->
-<ruleset name="Wishabi">
-
-	<target host="*.wishabi.ca" />
-
-
-	<securecookie host="^\.merchants\.wishabi\.ca$" name=".+" />
-
-
-	<rule from="^https?://f.wishabi.ca/"
-		to="https://s3.amazonaws.com/f.wishabi.ca/" />
-
-	<rule from="^http://f1\.wishabi\.ca/"
-		to="https://d2e0sxz09bo7k2.cloudfront.net/" />
-
-	<rule from="^http://(analytic|(?:editorials\.)?merchant)s\.wishabi\.ca/"
-		to="https://$1s.wishabi.ca/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Wishlist_Granted.com.xml b/src/chrome/content/rules/Wishlist_Granted.com.xml
new file mode 100644
index 000000000000..5c06e1861591
--- /dev/null
+++ b/src/chrome/content/rules/Wishlist_Granted.com.xml
@@ -0,0 +1,22 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://wishlistgranted.com/ => https://wishlistgranted.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.wishlistgranted.com/ => https://wishlistgranted.com/: (60, 'SSL certificate problem: certificate has expired')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://wishlistgranted.com/ => https://wishlistgranted.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.wishlistgranted.com/ => https://wishlistgranted.com/: (60, 'SSL certificate problem: certificate has expired')
+	www: cert only matches ^wishlistgranted.com
+
+-->
+<ruleset name="Wishlist Granted.com" default_off="failed ruleset test">
+
+	<target host="wishlistgranted.com" />
+	<target host="www.wishlistgranted.com" />
+
+
+	<rule from="^http://(?:www\.)?wishlistgranted\.com/"
+		to="https://wishlistgranted.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Wishpot.com.xml b/src/chrome/content/rules/Wishpot.com.xml
new file mode 100644
index 000000000000..75b0ce87803f
--- /dev/null
+++ b/src/chrome/content/rules/Wishpot.com.xml
@@ -0,0 +1,35 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://wishpot.com/ => https://www.wishpot.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+
+	CDN buckets:
+
+		- wishpot.s3.amazonaws.com
+
+
+	^: 404
+
+-->
+<ruleset name="Wishpot.com" default_off="failed ruleset test">
+
+	<target host="wishpot.com" />
+	<target host="www.wishpot.com" />
+	<target host="it.wishpot.com" />
+	<target host="uk.wishpot.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.wishpot\.com$" name="^(WP_SessionId_wishpot\.com|lcntry)$" /-->
+	<!--securecookie host="^(it|uk|www)\.wishpot\.com$" name="^(cuid|vid2)$" /-->
+
+	<securecookie host="^(?:it|uk|www)?\.wishpot\.com$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?wishpot\.com/"
+		to="https://www.wishpot.com/" />
+
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Wissenschaftsjahr.de.xml b/src/chrome/content/rules/Wissenschaftsjahr.de.xml
new file mode 100644
index 000000000000..0e0ea7b9db8b
--- /dev/null
+++ b/src/chrome/content/rules/Wissenschaftsjahr.de.xml
@@ -0,0 +1,9 @@
+<ruleset name="Wissenschaftsjahr.de">
+
+	<target host="wissenschaftsjahr.de" />
+	<target host="www.wissenschaftsjahr.de" />
+	<target host="datentransfer.wissenschaftsjahr.de" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Wistia.net.xml b/src/chrome/content/rules/Wistia.net.xml
new file mode 100644
index 000000000000..ed57776f0b9c
--- /dev/null
+++ b/src/chrome/content/rules/Wistia.net.xml
@@ -0,0 +1,13 @@
+<!--
+	For other Wistia coverage, see Wistia.xml.
+
+-->
+<ruleset name="Wistia.net">
+
+	<target host="fast.wistia.net" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Wistia.xml b/src/chrome/content/rules/Wistia.xml
index 5e469ea9e789..846085fd904e 100644
--- a/src/chrome/content/rules/Wistia.xml
+++ b/src/chrome/content/rules/Wistia.xml
@@ -1,4 +1,14 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://embed.wistia.com/ => https://wistia.sslcs.cdngc.net/: (6, 'Could not resolve host: wistia.sslcs.cdngc.net')
+Fetch error: http://fast.wistia.com/ => https://fast.wistia.com/: Too many redirects while fetching 'https://fast.wistia.com/'
+
+	Other Wistia rulesets:
+
+		- Wistia.net.xml
+
+
 	CDN buckets:
 
 		- 50grove-cdn.wistia.com.cdngc.net
@@ -32,10 +42,22 @@
 			- prime
 
 -->
-<ruleset name="Wistia (partial)">
+<ruleset name="Wistia.com (partial)" default_off="failed ruleset test">
+
+	<target host="app.wistia.com" />
+	<target host="buy.wistia.com" />
+	<target host="embed.wistia.com" />
+	<target host="embed-ssl.wistia.com" />
+	<target host="fast.wistia.com" />
+	<!--target host="grove-cdn.wistia.com" /-->
+	<target host="home.wistia.com" />
+	<target host="prime.wistia.com" />
+	<target host="rs-static.wistia.com" />
+	<target host="secure.wistia.com" />
+	<target host="static.wistia.com" />
+		<exclusion pattern="^http://home\.wistia\.com/(?!images/)" />
 
-	<target host="*.wistia.com" />
-	<target host="fast.wistia.net" />
+			<test url="http://home.wistia.com//" />
 
 
 	<!--	Set by login page on secure:
@@ -44,16 +66,10 @@
 	<securecookie host="^(?:embed-ssl|prime)\.wistia\.com$" name=".+" />
 
 
-	<rule from="^http://(app|buy|embed-ssl|fast|prime|(?:rs-)?static|secure)\.wistia\.com/"
-		to="https://$1.wistia.com/" />
-
-	<rule from="^http://(?:embed|grove-cdn)\.wistia\.com/"
+	<rule from="^http://embed\.wistia\.com/"
 		to="https://wistia.sslcs.cdngc.net/" />
 
-	<rule from="^http://home\.wistia\.com/images/"
-		to="https://home.wistia.com/images/" />
-
-	<rule from="^http://fast\.wistia\.net/"
-		to="https://fast.wistia.net/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/With_Google.com.xml b/src/chrome/content/rules/With_Google.com.xml
new file mode 100644
index 000000000000..1694418723bd
--- /dev/null
+++ b/src/chrome/content/rules/With_Google.com.xml
@@ -0,0 +1,23 @@
+<!--
+	For other Google coverage, see GoogleServices.xml.
+
+	Invalid certificate:
+		www.*.withgoogle.com
+
+-->
+<ruleset name="With Google.com">
+
+	<target host="withgoogle.com" />
+	<target host="*.withgoogle.com" />
+
+		<test url="http://iamremarkable.withgoogle.com/" />
+		<test url="http://rework.withgoogle.com/" />
+		<test url="http://santadive.withgoogle.com/" />
+		<test url="http://summerofcode.withgoogle.com/" />
+
+	<securecookie host="^[\w-]+\.withgoogle\.com$" name=".+" />
+
+	<rule from="^http://([\w-]+\.)?withgoogle\.com/"
+		to="https://$1withgoogle.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Withknown.com.xml b/src/chrome/content/rules/Withknown.com.xml
new file mode 100644
index 000000000000..205b104b74ea
--- /dev/null
+++ b/src/chrome/content/rules/Withknown.com.xml
@@ -0,0 +1,15 @@
+<ruleset name="Withknown.com">
+  <target host="withknown.com" />
+  <target host="*.withknown.com" />
+
+  <exclusion pattern="^http://(?:assets|docs|stream)\.withknown\.com/"/>
+
+			<test url="http://assets.withknown.com/" />
+			<test url="http://docs.withknown.com/" />
+			<test url="http://stream.withknown.com/" />
+
+		<test url="http://fee.withknown.com/" />
+		<test url="http://mlncn.withknown.com/" />
+
+  <rule from="^http://([\w-]+\.)?withknown\.com/" to="https://$1withknown.com/" />
+</ruleset>
diff --git a/src/chrome/content/rules/Witness.org.xml b/src/chrome/content/rules/Witness.org.xml
index 990bd7321b65..2517b6edc415 100644
--- a/src/chrome/content/rules/Witness.org.xml
+++ b/src/chrome/content/rules/Witness.org.xml
@@ -1,18 +1,28 @@
 <!--
-	- Expired 2010-09-02
-	- CN: *.acquia-sites.com
+	Mixed content:
+
+		- css on ^, ar, es, fr, portugues, training from fonts.googleapis.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="Witness.org" default_off="expired, mismatched, self-signed">
+<ruleset name="Witness.org">
 
 	<target host="witness.org" />
+	<target host="ar.witness.org" />
+	<target host="blog.witness.org" />
+	<target host="es.witness.org" />
+	<target host="fr.witness.org" />
+	<target host="portugues.witness.org" />
+	<target host="pt.witness.org" />
+	<target host="training.witness.org" />
 	<target host="www.witness.org" />
 
 
-	<securecookie host="^\.?witness\.org$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?witness\.org/"
-		to="https://witness.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Wix.xml b/src/chrome/content/rules/Wix.xml
index d686c209608c..0cdde3705751 100644
--- a/src/chrome/content/rules/Wix.xml
+++ b/src/chrome/content/rules/Wix.xml
@@ -1,77 +1,50 @@
 <!--
-	CDN buckets:
+	Other Wix rulesets:
+		- Parastorage.com.xml
+		- Wix_static.com.xml
 
+	CDN buckets:
+		- d2eyqiy4n03ve6.cloudfront.net
 		- www.wix.com.edgesuite.net
-
-			- static.parastorage.com
-			- static.wix.com
-			- static.wixstatic.com
-
 		- wix.go2cloud.org
 			- tracking.wix.com
 
-		- ghs.google.com
-
-			- archive.google.com
-
-
-	Nonfunctional wix.com subdomains:
-
-		- archive *
-		- beat		(interrupted)
-		- jobs		(cert: dns.lc.wix.com; 403)
-
-	* archive
-
-
-	Problematic domains:
-
-		- static.parastorage.com *
-		- static.wix.com *
-		- static.wixstatic.com *
-
-	* Works, akamai
+	Nonfunctional hosts in *wix.com:
+		- archive (unknown SSL protocol error)
+		- arena ¹
+		- beat (interrupted)
+		- dns.lc
+		- investors ²
+		- jobs (cert: dns.lc.wix.com; 403)
 
+	¹ Refused
+	² Dropped
 
-	Partially covered domains:
-
-		- archive.wix.com	(→ akamai)
-
-
-	Fully covered domains:
-
-		- publicorigin.wix.com
-		- static.wix.com	(→ akamai)
-		- static.wixstatic.com	(→ akamai)
+	Problematic hosts in *wix.com:
+		- tracking *
 
+	* Mismatched
 -->
-<ruleset name="Wix (partial)" platform="mixedcontent">
 
-	<target host="static.parastorage.com" />
-		<exclusion pattern="^https?://static\.parastorage\.com/media/" />
+<ruleset name="Wix.com (partial)">
 	<target host="wix.com" />
-	<target host="*.wix.com" />
-	<target host="dns.lc.wix.com" />
-	<target host="www.dns.lc.wix.com" />
-	<target host="static.wixstatic.com" />
-
-
-	<securecookie host="^\.wix\.com$" name=".+" />
-
-
-	<rule from="^http://(frog\.|(?:www\.)?dns\.lc\.|publicorigin\.|www\.)?wix\.com/"
-		to="https://$1wix.com/" />
-
-	<rule from="^http://archive\.wix\.com/sites/"
-		to="https://a248.e.akamai.net/f/1778/1/5m/static.wix.com/sites/" />
-
-	<rule from="^https?://users\.(?:parastorage|wix)\.com/"
-		to="https://users.wix.com/" />
-
-	<rule from="^https?://tracking\.wix\.com/"
-		to="https://wix.go2cloud.org/" />
-
-	<rule from="^http://static\.wix(static)?\.com/"
-		to="https://a248.e.akamai.net/f/1778/1/5m/static.wix$1.com/" />
-
+	<target host="www.wix.com" />
+	<target host="dev.wix.com" />
+	<target host="fallback.wix.com" />
+	<target host="frog.wix.com" />
+	<target host="editor.wix.com" />
+	<target host="media.wix.com" />
+	<target host="shoutout.wix.com" />
+	<target host="sslstatic.wix.com" />
+	<target host="static.wix.com" />
+	<target host="tracking.wix.com" />
+	<target host="users.wix.com" />
+
+	<!-- Securing all cookies will result in issues, see
+	https://github.com/EFForg/https-everywhere/issues/13347 -->
+	<securecookie host="^\." name="(?:incap_ses_\d+|visid_incap)_\d+$" />
+
+	<rule from="^http://tracking\.wix\.com/" to="https://wix.go2cloud.org/" />
+
+	<rule from="^http:"	to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Wix_static.com.xml b/src/chrome/content/rules/Wix_static.com.xml
new file mode 100644
index 000000000000..0046b251d3d8
--- /dev/null
+++ b/src/chrome/content/rules/Wix_static.com.xml
@@ -0,0 +1,16 @@
+<!--
+	For other Wix coverage, see Wix.xml.
+
+-->
+<ruleset name="Wix static.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="static.wixstatic.com" />
+	<target host="staticorigin.wixstatic.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Wiz.biz.xml b/src/chrome/content/rules/Wiz.biz.xml
deleted file mode 100644
index 62a4b105037b..000000000000
--- a/src/chrome/content/rules/Wiz.biz.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!-- This rule was automatically generated based on an HSTS
-     preload rule in the Chromium browser.  See
-     https://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.h
-     for the list of preloads.  Sites are added to the Chromium HSTS
-     preload list on request from their administrators, so HTTPS should
-     work properly everywhere on this site.
-
-     Because Chromium and derived browsers automatically force HTTPS for
-     every access to this site, this rule applies only to Firefox. -->
-<ruleset name="Wiz.biz" platform="firefox">
-<target host="wiz.biz" />
-
-<securecookie host="^wiz\.biz$" name=".+" />
-
-<rule from="^http://wiz\.biz/" to="https://wiz.biz/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Wiz.cn.xml b/src/chrome/content/rules/Wiz.cn.xml
new file mode 100644
index 000000000000..981569b041c1
--- /dev/null
+++ b/src/chrome/content/rules/Wiz.cn.xml
@@ -0,0 +1,39 @@
+<!--
+	Timeout:
+		^	https://travis-ci.org/EFForg/https-everywhere/jobs/418257579#L599
+
+	Different http/https content:
+		app.wiz.cn
+
+	Mismatch:
+		release.wiz.cn
+		upgrade.wiz.cn
+
+	Redirect to http:
+		note.wiz.cn/pages/*.html
+-->
+<ruleset name="Wiz.cn">
+	<!--Complications:-->
+	<target host="wiz.cn" />
+	<rule from="^http://wiz\.cn/" to="https://www.wiz.cn/" />
+
+	<target host="note.wiz.cn" />
+	<exclusion pattern="^http://note\.wiz\.cn/\S+\.html" />
+		<test url="http://note.wiz.cn/pages/updateYourClient.html" />
+		<test url="http://note.wiz.cn/pages/client/welcome.html" />
+		<test url="http://note.wiz.cn/url2wiz" />
+
+	<!--Directly:-->
+	<target host="www.wiz.cn" />
+	<target host="api.wiz.cn" />
+	<target host="as.wiz.cn" />
+		<test url="http://as.wiz.cn/wizas/xmlrpc" />
+	<target host="bbs.wiz.cn" />
+	<target host="blog.wiz.cn" />
+	<target host="cdn.wiz.cn" />
+	<target host="cdn2.wiz.cn" />
+	<target host="get.wiz.cn" /><!-- Find get.wiz.cn tests at: https://www.wiz.cn/downloads-windows.html -->
+	<target host="url.wiz.cn" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Wizard-Internet-Services.xml b/src/chrome/content/rules/Wizard-Internet-Services.xml
index e69ebd42b92c..ee229eb963b3 100644
--- a/src/chrome/content/rules/Wizard-Internet-Services.xml
+++ b/src/chrome/content/rules/Wizard-Internet-Services.xml
@@ -1,26 +1,20 @@
 <!--
 	Other Wizard Internet Services rulesets:
 
-		- City-Mail.xml
+		+ CityEmail.com.xml
 
 
 	Nonfunctional subdomains:
 
-		- (www.)
-		- hosting	(rx_record_too_long)
+		- wizard.ca
+		- www.wizard.ca
+		- mail.wizard.ca
 
 -->
 <ruleset name="Wizard Internet Services (partial)">
 
-	<target host="*.wizard.ca" />
-
-
-	<!--	Cert mismatch, redirects like so.
-							-->
-	<rule from="^https?://mail\.wizard\.ca/"
-		to="https://www.cityemail.com/" />
-
-	<rule from="^http://secure\.wizard\.ca/"
-		to="https://secure.wizard.ca/" />
+	<target host="secure.wizard.ca" />
+	<target host="hosting.wizard.ca" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Wizards-of-the-Coast-problematic.xml b/src/chrome/content/rules/Wizards-of-the-Coast-problematic.xml
deleted file mode 100644
index c27e3b53656e..000000000000
--- a/src/chrome/content/rules/Wizards-of-the-Coast-problematic.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<!--
-	For rules that are on by default, see Wizards.xml.
-
--->
-<ruleset name="Wizards of the Coast (expired)" default_off="expired">
-
-	<target host="community.wizards.com" />
-
-
-	<rule from="^http://community\.wizards\.com/"
-		to="https://community.wizards.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Wizards.com-problematic.xml b/src/chrome/content/rules/Wizards.com-problematic.xml
new file mode 100644
index 000000000000..7cb38da2fa7d
--- /dev/null
+++ b/src/chrome/content/rules/Wizards.com-problematic.xml
@@ -0,0 +1,24 @@
+<!--
+	For rules that are on by default, see Wizards.com.xml
+
+-->
+<ruleset name="Wizards.com (problematic)" default_off="cert-chain">
+
+	<target host="wizards.com" />
+	<target host="www.wizards.com" />
+	<target host="accounts.wizards.com" />
+	<target host="archive.wizards.com" />
+		<test url="http://archive.wizards.com/magic/displaythemedeck.asp?set=worldchampionshipdecks2003&amp;decknum=2&amp;lang=en" />
+		<test url="http://archive.wizards.com/dci/judge/main.asp?x=articles/jc20010722a" />
+		<!-- Different content http/https -->
+		<exclusion pattern="^http://archive\.wizards\.com/default.asp\?x=dnd/" />
+			<test url="http://archive.wizards.com/default.asp?x=dnd/we/20040522a" />
+			<test url="http://archive.wizards.com/default.asp?x=dnd/arch/pc" />
+			<test url="http://archive.wizards.com/default.asp?x=dnd/we/20060327a" />
+	<target host="ww2.wizards.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Wizards.com.xml b/src/chrome/content/rules/Wizards.com.xml
new file mode 100644
index 000000000000..29733628825f
--- /dev/null
+++ b/src/chrome/content/rules/Wizards.com.xml
@@ -0,0 +1,40 @@
+<!--
+	For rules that are disabled by default, see Wizards.com-problematic.xml
+
+	Non-functional hosts
+		Timeout was reached:
+		- community.wizards.com
+		- ddi.wizards.com
+		- gatherer.wizards.com
+		- locator.wizards.com
+		- status.wizards.com
+
+		SSL peer certificate was not OK:
+		- www.wpn.wizards.com
+
+		Status code mismatch:
+		- avalonhill.wizards.com
+
+		4xx client error:
+		- webapp.wizards.com
+
+		Mixed content blocking (MCB) triggered:
+		- dnd.wizards.com
+
+-->
+<ruleset name="Wizards.com (partial)">
+
+	<target host="company.wizards.com" />
+	<target host="judge.wizards.com" />
+	<target host="magic.wizards.com" />
+	<target host="media.wizards.com" />
+		<test url="http://media.wizards.com/2015/images/magic/gatherer/Magic_Logo.png" />
+	<target host="membership.wizards.com" />
+	<target host="accounts.onlinegaming.wizards.com" />
+	<target host="wpn.wizards.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Wizards.xml b/src/chrome/content/rules/Wizards.xml
deleted file mode 100644
index 9f31622a3c91..000000000000
--- a/src/chrome/content/rules/Wizards.xml
+++ /dev/null
@@ -1,33 +0,0 @@
-<!--
-	For problematic rules, see Wizards-of-the-Coast-problematic.xml.
-
-
-	Nonfunctional subdomains:
-
-		- locator
-
-
-	Cert presented by ww2 is only valid for (www.). ww2
-	appears only to redirect to locator, which doesn't
-	work, so there's not much point handling it.
-
--->
-<ruleset name="Wizards of the Coast (partial)">
-
-	<target host="wizards.com" />
-	<target host="images.community.wizards.com" />
-	<target host="www.wizards.com" />
-
-
-	<securecookie host="^(?:.+\.)?wizards\.com$" name=".+" />
-
-
-	<rule from="^http://(accounts\.|www\.)?wizards\.com/"
-		to="https://$1wizards.com/" />
-
-	<!--	Expired certificate.
-					-->
-	<rule from="^https?://images\.community\.wizards\.com/"
-		to="https://images.onesite.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Wizbang.xml b/src/chrome/content/rules/Wizbang.xml
index 7f428731ad43..f5c9eeea5aee 100644
--- a/src/chrome/content/rules/Wizbang.xml
+++ b/src/chrome/content/rules/Wizbang.xml
@@ -1,13 +1,12 @@
 <ruleset name="Wizbang">
 
 	<target host="wizbangblog.com" />
-	<target host="*.wizbangblog.com" />
+	<target host="www.wizbangblog.com" />
 
 
 	<securecookie host="^\.wizbangblog\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?wizbangblog\.com/"
-		to="https://$1wizbangblog.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Wizbang_Pop.xml b/src/chrome/content/rules/Wizbang_Pop.xml
deleted file mode 100644
index 7dfec2ce6d63..000000000000
--- a/src/chrome/content/rules/Wizbang_Pop.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Wizbang Pop">
-
-	<target host="wizbangpop.com" />
-	<target host="*.wizbangpop.com" />
-
-
-	<securecookie host="^\.wizbangpop\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?wizbangpop\.com/"
-		to="https://$1wizbangpop.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Wizchan.org.xml b/src/chrome/content/rules/Wizchan.org.xml
new file mode 100644
index 000000000000..831451848dd7
--- /dev/null
+++ b/src/chrome/content/rules/Wizchan.org.xml
@@ -0,0 +1,9 @@
+<ruleset name="Wizchan.org">
+	<target host="wizchan.org" />
+	<target host="www.wizchan.org" />
+	<target host="lore.wizchan.org" />
+	<target host="text.wizchan.org" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Wj32.org.xml b/src/chrome/content/rules/Wj32.org.xml
new file mode 100644
index 000000000000..bbf1cebcc500
--- /dev/null
+++ b/src/chrome/content/rules/Wj32.org.xml
@@ -0,0 +1,11 @@
+<ruleset name="Wj32.org">
+    <target host="wj32.org" />
+    <target host="www.wj32.org" />
+    <target host="nyc-lane.wj32.org" />
+    <target host="git.wj32.org" />
+
+    <securecookie host="^(www\.|nyc-lane\.|git\.)?wj32\.org" name=".+" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Wk3.org.xml b/src/chrome/content/rules/Wk3.org.xml
index 1df5d0d57275..3e44cb68e556 100644
--- a/src/chrome/content/rules/Wk3.org.xml
+++ b/src/chrome/content/rules/Wk3.org.xml
@@ -10,7 +10,6 @@
 	<securecookie host="^wk3\.org$" name=".+" />
 
 
-	<rule from="^http://wk3\.org/"
-		to="https://wk3.org/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/WoSign.cn.xml b/src/chrome/content/rules/WoSign.cn.xml
new file mode 100644
index 000000000000..fa10cc4ae1af
--- /dev/null
+++ b/src/chrome/content/rules/WoSign.cn.xml
@@ -0,0 +1,18 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://wosign.cn/ => https://wosign.cn/: (51, "SSL: no alternative certificate subject name matches target host name 'wosign.cn'")
+Fetch error: http://www.wosign.cn/ => https://www.wosign.cn/: (51, "SSL: no alternative certificate subject name matches target host name 'www.wosign.cn'")
+
+	For other WoSign coverage, see WoSign.com.xml.
+
+-->
+<ruleset name="WoSign.cn" default_off="failed ruleset test">
+
+	<target host="wosign.cn" />
+	<target host="www.wosign.cn" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/WoSign.com.xml b/src/chrome/content/rules/WoSign.com.xml
new file mode 100644
index 000000000000..d743b488279f
--- /dev/null
+++ b/src/chrome/content/rules/WoSign.com.xml
@@ -0,0 +1,43 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://wosign.com/ => https://wosign.com/: (51, "SSL: no alternative certificate subject name matches target host name 'wosign.com'")
+Fetch error: http://support.wosign.com/ => https://support.wosign.com/: (6, 'Could not resolve host: support.wosign.com')
+
+	Other WoSign rulesets:
+		- WoSign.cn.xml
+
+	Nonfunctional subdomains:
+		- api[589].wosign.com ¹
+		- collect.wosign.com  ⁴
+		- csdbapi.wosign.com  ¹
+		- evonsite.wosign.com ²
+		- hn.wosign.com       ⁴
+		- mailsec.wosign.com  ²
+		- signing.wosign.com  ¹
+	¹ Differs from http
+	² Invalid certificate
+	⁴ 404
+-->
+<ruleset name="WoSign.com" default_off="failed ruleset test">
+	<target host="wosign.com" />
+	<target host="www.wosign.com" />
+	<target host="api.wosign.com" />
+	<target host="api2.wosign.com" />
+	<target host="bbs.wosign.com" />
+	<target host="buy.wosign.com" />
+	<target host="cerlogin.wosign.com" />
+	<target host="csrchecker.wosign.com" />
+	<target host="ctlog.wosign.com" />
+	<target host="epki.wosign.com" />
+	<target host="login.wosign.com" />
+	<target host="m.wosign.com" />
+	<target host="mlogin.wosign.com" />
+	<target host="my.wosign.com" />
+	<target host="partner.wosign.com" />
+	<target host="seal.wosign.com" />
+	<target host="sslchecker.wosign.com" />
+	<target host="support.wosign.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/WoWInterface.xml b/src/chrome/content/rules/WoWInterface.xml
new file mode 100644
index 000000000000..7cb212e68d81
--- /dev/null
+++ b/src/chrome/content/rules/WoWInterface.xml
@@ -0,0 +1,11 @@
+<ruleset name="WoWInterface">
+
+	<target host="wowinterface.com"/>
+	<target host="secure.wowinterface.com"/>
+	<target host="www.wowinterface.com"/>
+
+	<securecookie host="^\w" name=".+" />
+
+	<rule from="^http:" to="https:"/>
+
+</ruleset>
diff --git a/src/chrome/content/rules/Woahh.xml b/src/chrome/content/rules/Woahh.xml
deleted file mode 100644
index 1320c4b08e9d..000000000000
--- a/src/chrome/content/rules/Woahh.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Woahh">
-
-	<target host="woahh.com" />
-	<target host="*.woahh.com" />
-
-
-	<securecookie host="^\.woahh\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?woahh\.com/"
-		to="https://$1woahh.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/WolfeBransonZipline.com.xml b/src/chrome/content/rules/WolfeBransonZipline.com.xml
new file mode 100644
index 000000000000..36cf83c5eefd
--- /dev/null
+++ b/src/chrome/content/rules/WolfeBransonZipline.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="Branson Zipline at Wolfe Mountain">
+	<target host="wolfemountainbranson.com" />
+	<target host="www.wolfemountainbranson.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Wolfire-Games.xml b/src/chrome/content/rules/Wolfire-Games.xml
index 68f94f08b9a4..4b59670a2485 100644
--- a/src/chrome/content/rules/Wolfire-Games.xml
+++ b/src/chrome/content/rules/Wolfire-Games.xml
@@ -1,27 +1,27 @@
+
 <!--
-	Nonfunctional subdomains:
+Disabled by https-everywhere-checker because:
+Fetch error: http://discourse.wolfire.com/ => https://discourse.wolfire.com/: (7, 'Failed to connect to discourse.wolfire.com port 443: No route to host')
 
-		- irc		(cert: trac.wolfire.com, expired; shows trac's data)
-		- forums	(ditto)
+	Nonfunctional subdomains:
 
+		- www.wolfire.com (refused)
+		- amazon.wolfire.com (self-signed)
+		- www.amazon.wolfire.com (self-signed)
+		- blog.wolfire.com (refused)
+		- feeds.wolfire.com (refused)
+		- forums.wolfire.com (diffrent content, 401)
+		- irc.wolfire.com (self-signed)
+		- legacy.wolfire.com (self-signed)
+		- wiki.wolfire.com (self-signed)
 -->
-<ruleset name="Wolfire Games (partial)" default_off="expired, mismatch">
-
-	<!--	- Cert for all but trac: ghs-ssl.googlehosted.com
-		- trac's cert has expired
-			-->
+<ruleset name="Wolfire Games (partial)" default_off="failed ruleset test">
 	<target host="wolfire.com" />
-	<target host="*.wolfire.com" />
-
-
-	<!--	- !www cert: trac.wolfire.com
-		- !www shows trac's data over https
-		- !www 301s to www over http
-				-->
-	<rule from="^https?://(?:www\.)?wolfire\.com/"
-		to="https://www.wolfire.com/" />
+	<target host="cdn.wolfire.com" />
+		<test url="http://cdn.wolfire.com/blog/discord.png" />
+	<target host="discourse.wolfire.com" />
 
-	<rule from="^http://(blog|trac)\.wolfire\.com/"
-		to="https://$1.wolfire.com/" />
 
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Wolfram.com.xml b/src/chrome/content/rules/Wolfram.com.xml
index 41277b6b4ce2..a58cf764f810 100644
--- a/src/chrome/content/rules/Wolfram.com.xml
+++ b/src/chrome/content/rules/Wolfram.com.xml
@@ -1,29 +1,42 @@
 <!--
-	Other Wolfram Research rulesets:
+	For other Wolfram Research coverage:
 
-		- Wolfram_Alpha.xml
+		- WolframAlpha.com.xml
 		- Wolfram_CDN.com.xml
+		- Wolframcloud.com.xml
+		- Wolframscience.com.xml
 
+	Problematic hosts in *wolfram.com:
 
-	Nonfunctional subdomains:
+		- challenges ᵐ
+		- datarepository ᵐ
+		- mvid ᵐ
+		- open.exploration ᵐ
+		- open.sandbox ᵐ
+		- streamingmedia (timeout)
 
-		- support	(times out)
+	ᵐ Mismatched
+
+	Invalid certificate:
+		calendar.wolfram.com
 
 -->
-<ruleset name="Wolfram.com (partial) ">
+<ruleset name="Wolfram (partial)">
 
 	<target host="wolfram.com" />
-	<target host="*.wolfram.com" />
-
+	<target host="www.wolfram.com" />
+	<target host="account.wolfram.com" />
+	<target host="amoeba.wolfram.com" />
+	<target host="billing.wolfram.com" />
+	<target host="blog.wolfram.com" />
+	<target host="community.wolfram.com" />
+	<target host="education.wolfram.com" />
+	<target host="reference.wolfram.com" />
+	<target host="user.wolfram.com" />
 
-	<!--securecookie host="^\.wolfram\.com$" name="^WR_SID$" /-->
 	<securecookie host="^user\.wolfram\.com$" name=".+" />
 
-
-	<rule from="^http://(?:www\.)?wolfram\.com/"
-		to="https://www.wolfram.com/" />
-
-	<rule from="^http://user\.wolfram\.com/"
-		to="https://user.wolfram.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/WolframAlpha.com.xml b/src/chrome/content/rules/WolframAlpha.com.xml
new file mode 100644
index 000000000000..811835fab63f
--- /dev/null
+++ b/src/chrome/content/rules/WolframAlpha.com.xml
@@ -0,0 +1,67 @@
+<!--
+	For other Wolfram Research coverage, see Wolfram.com.xml
+
+	Refused hosts:
+		- citi
+		- community
+
+	Invalid certificate
+		- api-cn
+		- api-maps
+		- api-tw
+		- www[0-9][0-9]
+
+	SHA-1 certificate hosts:
+
+		- cvsrx
+		- nielsen
+		- www-cn
+		- www-tw
+
+	Timed out hosts:
+
+		- ^
+		- blog
+		- homeworkday
+		www10.wolframalpha.com
+		www20.wolframalpha.com
+		www30.wolframalpha.com
+		www40.wolframalpha.com
+
+-->
+<ruleset name="Wolfram Alpha">
+
+	<target host="wolframalpha.com" />
+	<target host="www.wolframalpha.com" />
+	<target host="api.wolframalpha.com" />
+	<target host="api-cn.wolframalpha.com" />
+	<target host="api-maps.wolframalpha.com" />
+	<target host="api-tw.wolframalpha.com" />
+	<target host="developer.wolframalpha.com" />
+	<target host="m.wolframalpha.com" />
+	<target host="preview.wolframalpha.com" />
+	<target host="products.wolframalpha.com" />
+	<target host="wc.wolframalpha.com" />
+	<target host="www1.wolframalpha.com" />
+	<target host="www3.wolframalpha.com" />
+	<target host="www4b.wolframalpha.com" />
+	<target host="www4c.wolframalpha.com" />
+	<target host="www4d.wolframalpha.com" />
+	<target host="www4f.wolframalpha.com" />
+	<target host="www5a.wolframalpha.com" />
+		<test url="http://www5a.wolframalpha.com/Calculate/MSP/MSP22951ebg8ah1a34673c800000gg7999a909270gg?MSPStoreType=image%2Fgif&amp;s=41&amp;w=62.&amp;h=18." />
+	<target host="www5b.wolframalpha.com" />
+
+	<exclusion pattern="http://www\.wolframalpha\.com/widgets/view\.jsp" />
+		<test url="http://www.wolframalpha.com/widgets/view.jsp?id=4b64c77d42179cb4d37d342045ddd836" />
+
+	<rule from="^http://wolframalpha\.com/"
+		to="https://www.wolframalpha.com/" />
+
+	<rule from="^http://api-(cn|maps|tw)\.wolframalpha\.com/"
+		to="https://www.wolframalpha.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Wolfram_Alpha.xml b/src/chrome/content/rules/Wolfram_Alpha.xml
deleted file mode 100644
index 6fe45d095b31..000000000000
--- a/src/chrome/content/rules/Wolfram_Alpha.xml
+++ /dev/null
@@ -1,89 +0,0 @@
-<!--
-	For other Wolfram Research coverage, see Wolfram.com.xml.
-
-
-	CDN buckets:
-
-		- wac.36f4.edgecastcdn.net/0036F4/
-
-
-	Nonfunctional subdomains:
-
-		- blog *
-		- community	(refused)
-		- products *
-
-	* Dropped
-
-
-	Problematic subdomains:
-
-		- ^	(dropped)
-
-
-	Partially covered subdomains:
-
-		- www\d *
-		- www\d\w *
-
-	* Securing some scripts breaks search
-
-
-	Fully covered subdomains:
-
-		- (www.)	(^ → www)
-		- volunteer
-
-
-	Mixed content:
-
-		- Scripts, on www from:
-
-			- www\d *
-			- www\d\w *
-
-		- Images, on www from:
-
-			- www\d **
-			- www\d\w **
-
-		- Ads/web bugs, on www from:
-
-			- w.sharethis.com **
-			- www.wolframcdn.com **
-
-	* Securing these breaks search
-	** Secured by us
-
--->
-
-<!-- this ruleset creates mixeed content, but it doesn't seem to break anything anymore -->
-<ruleset name="Wolfram Alpha (experimental)">
-
-	<target host="wolframalpha.com" />
-	<target host="*.wolframalpha.com" />
-		<!--
-			These break search:
-								-->
-		<exclusion pattern="^http://www\d\w?\.wolframalpha\.com/input/(?:pod|recalculate)\.jsp" />
-
-
-	<!--securecookie host="^(.*\.)?wolframalpha\.com$" name=".+"/-->
-	<!--
-		Could we secure any of these safely?
-							-->
-	<!--securecookie host="^\.wolframalpha\.com$" name="^(wa_pro_first|wa_pro_firstprovisit|WolframAlphaSessionVisits|WolframResultsPageVisits|WR_SID)$" /-->
-	<!--
-		Tracking cookies:
-					-->
-	<securecookie host="^\.wolframalpha\.com$" name="^__utm\w$" />
-	<securecookie host="^(?:volunteer|www)\.wolframalpha\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?wolframalpha\.com/"
-		to="https://www.wolframalpha.com/" />
-
-	<rule from="^http://(volunteer|www\d\w?)\.wolframalpha\.com/"
-		to="https://$1.wolframalpha.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Wolfram_CDN.com.xml b/src/chrome/content/rules/Wolfram_CDN.com.xml
index c5c71d43983f..5267c0720bd9 100644
--- a/src/chrome/content/rules/Wolfram_CDN.com.xml
+++ b/src/chrome/content/rules/Wolfram_CDN.com.xml
@@ -1,13 +1,19 @@
 <!--
-	For other Wolfram Research coverage, see Wolfram.com.xml.
+	For other Wolfram Research coverage, see Wolfram.com.xml
+
+	Problematic hosts in *wolframcdn.com:
+
+		- ^ (https timeout)
 
 -->
 <ruleset name="Wolfram CDN.com">
 
 	<target host="www.wolframcdn.com" />
+	<target host="dl.wolframcdn.com" />
 
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://www\.wolframcdn\.com/"
-		to="https://www.wolframcdn.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Wolframcloud.com.xml b/src/chrome/content/rules/Wolframcloud.com.xml
new file mode 100644
index 000000000000..8c7dbba49567
--- /dev/null
+++ b/src/chrome/content/rules/Wolframcloud.com.xml
@@ -0,0 +1,32 @@
+<!--
+
+	For other Wolfram Research coverage, see Wolfram.com.xml
+
+	Problematic hosts in *wolframcloud.com:
+
+		- ^ (no https)
+
+-->
+<ruleset name="Wolframcloud.com">
+
+	<target host="wolframcloud.com" />
+	<target host="www.wolframcloud.com" />
+	<target host="billing.wolframcloud.com" />
+	<target host="channelbroker.wolframcloud.com" />
+	<target host="datadrop.wolframcloud.com" />
+	<target host="datarepository.wolframcloud.com" />
+	<target host="develop.wolframcloud.com" />
+	<target host="lab.wolframcloud.com" />
+	<target host="mathematica.wolframcloud.com" />
+	<target host="one.wolframcloud.com" />
+	<target host="open.wolframcloud.com" />
+	<target host="programming.wolframcloud.com" />
+	<target host="reference.wolframcloud.com" />
+
+	<rule from="^http://wolframcloud\.com/"
+		to="https://www.wolframcloud.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Wolframscience.com.xml b/src/chrome/content/rules/Wolframscience.com.xml
new file mode 100644
index 000000000000..3d42c07070cc
--- /dev/null
+++ b/src/chrome/content/rules/Wolframscience.com.xml
@@ -0,0 +1,10 @@
+<!--
+	For other Wolfram rulesets, see Wolfram.com.xml
+
+-->
+<ruleset name="Wolframscience.com">
+  <target host="wolframscience.com" />
+  <target host="www.wolframscience.com" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Wolfson-Microelectronics.xml b/src/chrome/content/rules/Wolfson-Microelectronics.xml
index d2b792aee8d3..debce826f0e7 100644
--- a/src/chrome/content/rules/Wolfson-Microelectronics.xml
+++ b/src/chrome/content/rules/Wolfson-Microelectronics.xml
@@ -1,21 +1,21 @@
 <!--
 	Nonfunctional subdomains:
 
+		- (www.)? ¹
 		- opensource	(404)
 
+	¹ Refused
+
 -->
-<ruleset name="Wolfson Microelectronics (partial)" default_off="expired, mismatch, self-signed">
+<ruleset name="Wolfson Microelectronics (partial)" default_off="refused">
 
-	<!--	Cert: wlftst.com	-->
 	<target host="wolfsonmicro.com" />
 	<target host="www.wolfsonmicro.com" />
 
 
-	<securecookie host="^www\.wolfsonmicro\.com$" name=".*" />
+	<securecookie host="^www\.wolfsonmicro\.com$" name=".+" />
 
 
-	<!--	!www redirects to www.	-->
-	<rule from="^https?://(?:www\.)?wolfsonmicro\.com/"
-		to="https://www.wolfsonmicro.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Wolrdssl.net.xml b/src/chrome/content/rules/Wolrdssl.net.xml
new file mode 100644
index 000000000000..13417e674cb6
--- /dev/null
+++ b/src/chrome/content/rules/Wolrdssl.net.xml
@@ -0,0 +1,31 @@
+<!--
+	(www.)?wolrdssl.net: Mismatched
+
+
+	Insecure cookies are set for these domains:
+
+		- .wolrdssl.net
+
+-->
+<ruleset name="wolrdssl.net (partial)">
+
+	<target host="*.wolrdssl.net" />
+
+		<exclusion pattern="^http://www\.wolrdssl\.net/" />
+
+			<test url="http://www.wolrdssl.net/" />
+
+		<test url="http://y6t1b307823dtubck.wolrdssl.net/wp-content/themes/DolarToday/img/bg-menu-item.png" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.wolrdssl\.net$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/WoltLab.com.xml b/src/chrome/content/rules/WoltLab.com.xml
index eddb627c38a9..42349f4cf63e 100644
--- a/src/chrome/content/rules/WoltLab.com.xml
+++ b/src/chrome/content/rules/WoltLab.com.xml
@@ -1,13 +1,12 @@
 <ruleset name="WoltLab.com">
 
 	<target host="woltlab.com" />
-	<target host="*.woltlab.com" />
+	<target host="www.woltlab.com" />
 
 
 	<securecookie host="^(?:www)?\.woltlab\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?woltlab\.com/"
-		to="https://$1woltlab.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Wolverhampton.gov.uk.xml b/src/chrome/content/rules/Wolverhampton.gov.uk.xml
new file mode 100644
index 000000000000..733caae05416
--- /dev/null
+++ b/src/chrome/content/rules/Wolverhampton.gov.uk.xml
@@ -0,0 +1,137 @@
+<!--
+	Wolverhampton City Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *wolverhampton.gov.uk:
+
+		- data ⁵ ʳ
+		- search ʳ
+
+	⁵ 500
+	ʳ Refused
+
+
+	Partially covered hosts in *wolverhampton.gov.uk:
+
+		- (www.)? ʰ
+		- m ʰ
+
+	ʰ Some pages redirect to http
+
+
+	^wolverhampton.gov.uk: Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- m.wolverhampton.gov.uk
+		- public.wolverhampton.gov.uk
+		- www.wolverhampton.gov.uk
+
+-->
+<ruleset name="Wolverhampton.gov.uk (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ems.wolverhampton.gov.uk" />
+	<target host="m.wolverhampton.gov.uk" />
+	<target host="public.wolverhampton.gov.uk" />
+	<target host="www.wolverhampton.gov.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="wolverhampton.gov.uk" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="http://m\.wolverhampton\.gov\.uk/(?:$|home$|pay$|mailing-list$|paycounciltax$|reportit$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://m\.wolverhampton\.gov\.uk/+(?!CHttpHandler\.ashx|(?:article/(?:1165/Contact-form|2614/Request-a-new-bin|4771/Report-a-missed-bin|5115/Website-feedback|6/Login)|reportflytipping)(?:$|[?/])|media/|wolverhampton/(?:css/|images/|scripts/.+\.css))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://m.wolverhampton.gov.uk/1908" />
+			<test url="http://m.wolverhampton.gov.uk/article/2622/Choosing-childcare-childminders-and-day-nurseries" />
+			<test url="http://m.wolverhampton.gov.uk/article/2907/Agendas-minutes-and-reports" />
+			<test url="http://m.wolverhampton.gov.uk/article/2908/Full-Council" />
+			<test url="http://m.wolverhampton.gov.uk/article/3123/Bilston-Craft-Gallery" />
+			<test url="http://m.wolverhampton.gov.uk/article/3842/Roads" />
+			<test url="http://m.wolverhampton.gov.uk/article/4869/Healthy-eating" />
+			<test url="http://m.wolverhampton.gov.uk/article/5179/Wolverhampton-Carer-Support-Team" />
+			<test url="http://m.wolverhampton.gov.uk/article/6127/Right-to-rent" />
+			<test url="http://m.wolverhampton.gov.uk/article/6257/The-Communication-Trust" />
+			<test url="http://m.wolverhampton.gov.uk/home" />
+			<test url="http://m.wolverhampton.gov.uk/mailing-list" />
+			<test url="http://m.wolverhampton.gov.uk/pay" />
+			<test url="http://m.wolverhampton.gov.uk/paycounciltax" />
+			<test url="http://m.wolverhampton.gov.uk/reportit" />
+			<test url="http://m.wolverhampton.gov.uk/search" />
+
+			<!--	-ve:
+					-->
+			<test url="http://m.wolverhampton.gov.uk/article/1165/Contact-form" />
+			<test url="http://m.wolverhampton.gov.uk/article/2614/Request-a-new-bin" />
+			<test url="http://m.wolverhampton.gov.uk/article/4771/Report-a-missed-bin" />
+			<test url="http://m.wolverhampton.gov.uk/article/5115/Website-feedback" />
+			<test url="http://m.wolverhampton.gov.uk/article/6/Login" />
+			<test url="http://m.wolverhampton.gov.uk/media/icon_link/6/t/flickr_icon_hover.png" />
+			<test url="http://m.wolverhampton.gov.uk/reportflytipping" />
+			<test url="http://m.wolverhampton.gov.uk/wolverhampton/css/feedback.css" />
+			<test url="http://m.wolverhampton.gov.uk/wolverhampton/images/gradient.png" />
+			<test url="http://m.wolverhampton.gov.uk/wolverhampton/scripts/jquery/css/flick/jquery-ui.css" />
+			<test url="http://m.wolverhampton.gov.uk/wolverhampton/template/home/images/haveyoursay.png" />
+
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="http://www\.wolverhampton\.gov\.uk/(?:$|article/6592/Ask-a-question$|article/6671/Welcome$|home$|mailing-list$|social-media$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://(?:www\.)?wolverhampton\.gov\.uk/+(?!(?:article/6/Login|myaccount)(?:$|[?/])|media/|moderngov/wcc/|wolverhampton/(?:css|images|template)/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.wolverhampton.gov.uk/2372" />
+			<test url="http://www.wolverhampton.gov.uk/article/6592/Ask-a-question" />
+			<test url="http://www.wolverhampton.gov.uk/article/6671/Welcome" />
+			<test url="http://www.wolverhampton.gov.uk/home" />
+			<test url="http://www.wolverhampton.gov.uk/housing" />
+			<test url="http://www.wolverhampton.gov.uk/mailing-list" />
+			<test url="http://www.wolverhampton.gov.uk/parking" />
+			<test url="http://www.wolverhampton.gov.uk/propertyreview" />
+			<test url="http://www.wolverhampton.gov.uk/search" />
+			<test url="http://www.wolverhampton.gov.uk/social-media" />
+
+			<!--	-ve:
+					-->
+			<test url="http://wolverhampton.gov.uk/article/6/Login?return=" />
+			<test url="http://www.wolverhampton.gov.uk/media/icon_link/3/e/facebook_icon_hover.png" />
+			<test url="http://www.wolverhampton.gov.uk/moderngov/wcc/override.css" />
+			<test url="http://www.wolverhampton.gov.uk/myaccount" />
+			<test url="http://www.wolverhampton.gov.uk/wolverhampton/css/feedback.css" />
+			<test url="http://www.wolverhampton.gov.uk/wolverhampton/images/gradient.png" />
+			<test url="http://www.wolverhampton.gov.uk/wolverhampton/template/home/css/home.css" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^m\.wolverhampton\.gov\.uk$" name="^(?:ASP\.NET_SessionId|TextOnlyX|clientvars|mode)$" /-->
+	<!--securecookie host="^public\.wolverhampton\.gov\.uk$" name="^(?:ASPSESSIONID[A-Z]{8}|SSRV_AUTHENTICATION|uniquesig[\dA-F]{64})$" /-->
+	<!--securecookie host="^www\.wolverhampton\.gov\.uk$" name="^(?:ASP\.NET_SessionId|clientvars)$" /-->
+
+	<securecookie host="^\." name="^_gat?$" />
+	<securecookie host="^(?!m\.|www\.)\w" name=".+" />
+
+
+	<rule from="^http://wolverhampton\.gov\.uk/"
+		to="https://www.wolverhampton.gov.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/WolverineWorldwide.com.xml b/src/chrome/content/rules/WolverineWorldwide.com.xml
new file mode 100644
index 000000000000..1e5f79cd72fc
--- /dev/null
+++ b/src/chrome/content/rules/WolverineWorldwide.com.xml
@@ -0,0 +1,16 @@
+<!--
+	Timed out:
+		- img.wolverineworld.com, equivalent to wolverine-o.scene7.com
+-->
+
+<ruleset name="WolverineWorldwide.com">
+	<target host="wolverineworldwide.com" />
+	<target host="www.wolverineworldwide.com" />
+	<target host="img.wolverineworldwide.com" />
+
+	<rule from="^http://img\.wolverineworldwide\.com/"
+		to="https://wolverine-o.scene7.com/" />
+		<test url="http://img.wolverineworldwide.com/is/image/WolverineWorldWide/WBS-R-F11-1K-1000Mile_Tan-11" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Women-Innovate-Mobile.xml b/src/chrome/content/rules/Women-Innovate-Mobile.xml
index d611d370d82c..b8125066361a 100644
--- a/src/chrome/content/rules/Women-Innovate-Mobile.xml
+++ b/src/chrome/content/rules/Women-Innovate-Mobile.xml
@@ -1,4 +1,4 @@
-<ruleset name="Women Innovate Mobile" default_off="mismatch">
+<ruleset name="Women Innovate Mobile" default_off="mismatched">
 
 	<!--	Cert: *.squarespace.com	-->
 	<target host="womeninnovatemobile.com" />
@@ -6,7 +6,7 @@
 
 
 	<!--	At least some pages redirect to http.	-->
-	<rule from="^https?://(?:www\.)?womeninnovatemobile\.com/(display|layout|storage|universal)/"
+	<rule from="^http://(?:www\.)?womeninnovatemobile\.com/(display|layout|storage|universal)/"
 		to="https://womeninnovatemobile.com/$1/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Women_on_Web.xml b/src/chrome/content/rules/Women_on_Web.xml
index a1781652ae5b..2f346ea5a225 100644
--- a/src/chrome/content/rules/Women_on_Web.xml
+++ b/src/chrome/content/rules/Women_on_Web.xml
@@ -1,4 +1,10 @@
-<ruleset name="Women on Web">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://womenonweb.org/ => https://womenonweb.org/: (51, "SSL: no alternative certificate subject name matches target host name 'womenonweb.org'")
+
+-->
+<ruleset name="Women on Web" default_off="failed ruleset test">
 
 	<target host="womenonweb.org" />
 	<target host="www.womenonweb.org" />
@@ -7,7 +13,6 @@
 	<securecookie host="^www\.womenonweb\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?womenonweb\.org/"
-		to="https://$1womenonweb.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Womenonwaves.org.xml b/src/chrome/content/rules/Womenonwaves.org.xml
new file mode 100644
index 000000000000..b5d7241a65fc
--- /dev/null
+++ b/src/chrome/content/rules/Womenonwaves.org.xml
@@ -0,0 +1,6 @@
+<ruleset name="Womenonwaves.org">
+  <target host="womenonwaves.org" />
+  <target host="www.womenonwaves.org" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Womens-Aid.xml b/src/chrome/content/rules/Womens-Aid.xml
index ee1e671e29e5..fb68654142b3 100644
--- a/src/chrome/content/rules/Womens-Aid.xml
+++ b/src/chrome/content/rules/Womens-Aid.xml
@@ -1,10 +1,39 @@
-<ruleset name="Women's Aid">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://womensaid.ie/ => https://womensaid.ie/: (51, "SSL: no alternative certificate subject name matches target host name 'womensaid.ie'")
+
+-->
+<ruleset name="Womens Aid.com (partial)" default_off="failed ruleset test">
 
 	<target host="womensaid.ie" />
 	<target host="www.womensaid.ie" />
 
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.womensaid\.ie/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.womensaid\.ie/+(?!common/|donate(?:$|[?/])|imglibrary/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.womensaid.ie/campaigns/" />
+			<test url="http://www.womensaid.ie/contact/" />
+			<test url="http://www.womensaid.ie/help/safeviewing.html" />
+			<test url="http://www.womensaid.ie/newsevents/" />
+			<test url="http://www.womensaid.ie/sitemap/" />
+			<test url="http://www.womensaid.ie/support/ourshops.html" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.womensaid.ie/common/images/navigation/css_newlogo_header2013.png" />
+			<test url="http://www.womensaid.ie/donate/" />
+			<test url="http://www.womensaid.ie/imglibrary/2010/06/201006301657111_sq.jpg" />
+
 
-	<rule from="^http://(www\.)?womensaid\.ie/"
-		to="https://$1womensaid.ie/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Womens_Health_Specialists.xml b/src/chrome/content/rules/Womens_Health_Specialists.xml
index c70d57092b43..7d44a6de043a 100644
--- a/src/chrome/content/rules/Womens_Health_Specialists.xml
+++ b/src/chrome/content/rules/Womens_Health_Specialists.xml
@@ -16,4 +16,4 @@
 	<rule from="^http://(?:www\.)?womenshealthspecialists\.org/(app/|css/|images/|scripts/|.+\?type=pdf)"
 		to="https://www.womenshealthspecialists.org/$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Womenshealth.de.xml b/src/chrome/content/rules/Womenshealth.de.xml
new file mode 100644
index 000000000000..5a457b7d803d
--- /dev/null
+++ b/src/chrome/content/rules/Womenshealth.de.xml
@@ -0,0 +1,11 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.womenshealth.de/ => https://www.womenshealth.de/: (51, "SSL: no alternative certificate subject name matches target host name 'www.womenshealth.de'")
+
+-->
+<ruleset name="Womenshealth.de" platform="mixedcontent" default_off="failed ruleset test">
+<target host="www.womenshealth.de"/>
+<target host="images.womenshealth.de"/>
+<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Wonderlandmovies.xml b/src/chrome/content/rules/Wonderlandmovies.xml
index fb324c7d26c8..bf168c1b9c2c 100644
--- a/src/chrome/content/rules/Wonderlandmovies.xml
+++ b/src/chrome/content/rules/Wonderlandmovies.xml
@@ -5,13 +5,13 @@
 <ruleset name="Wonderlandmovies">
 
 	<target host="wonderlandmovies.de" />
-	<target host="*.wonderlandmovies.de" />
+	<target host="www.wonderlandmovies.de" />
 
 
 	<securecookie host="^(?:www)?\.wonderlandmovies\.de$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?wonderlandmovies\.de/"
+	<rule from="^http://(?:www\.)?wonderlandmovies\.de/"
 		to="https://www.wonderlandmovies.de/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Wonderwall.com.xml b/src/chrome/content/rules/Wonderwall.com.xml
new file mode 100644
index 000000000000..ebc3a76201c4
--- /dev/null
+++ b/src/chrome/content/rules/Wonderwall.com.xml
@@ -0,0 +1,38 @@
+<!--
+	For other Microsoft coverage, see Microsoft.xml.
+
+
+	CDN buckets:
+
+		- wonderwall.vo.msecnd.net
+
+			- static.wonderwall.com
+			- static[1-5].wonderwall.com
+
+
+	Problematic hosts in *wonderwall.com:
+
+		- static *
+		- static[1-5] *
+
+	* 400; mismatched, CN: images.partner.windowsphone.com
+
+-->
+<ruleset name="Wonderwall.com (partial)" default_off="expired, untrusted root">
+
+	<!--	Complications:
+				-->
+	<target host="static.wonderwall.com" />
+	<target host="static1.wonderwall.com" />
+	<target host="static2.wonderwall.com" />
+	<target host="static3.wonderwall.com" />
+	<target host="static4.wonderwall.com" />
+	<target host="static5.wonderwall.com" />
+
+
+	<!--	wonderwall.vo.msecnd.net 400s:
+						-->
+	<rule from="^http://static\d?\.wonderwall\.com/"
+		to="https://wonderwall.msn.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Wonga.com.xml b/src/chrome/content/rules/Wonga.com.xml
index 4784df575e00..77a2e1779bd1 100644
--- a/src/chrome/content/rules/Wonga.com.xml
+++ b/src/chrome/content/rules/Wonga.com.xml
@@ -13,7 +13,6 @@
 	<securecookie host="^www\.wonga\.com$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?wonga\.com/"
-		to="https://www.wonga.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/WooConf.com.xml b/src/chrome/content/rules/WooConf.com.xml
new file mode 100644
index 000000000000..8fc36dc52197
--- /dev/null
+++ b/src/chrome/content/rules/WooConf.com.xml
@@ -0,0 +1,50 @@
+<ruleset name="WooConf.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="wooconf.com" />
+	<target host="2014.wooconf.com" />
+	<target host="www.wooconf.com" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://(?:www\.)?wooconf\.com/(?:$|speaker-submission/$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://(?:www\.)?wooconf\.com/+(?!_static/|wp-content/)" />
+
+			<!--	ve:
+					-->
+			<test url="http://wooconf.com//speaker-submission/" />
+			<test url="http://wooconf.com/speaker-submission/" />
+			<test url="http://www.wooconf.com/speaker-submission/" />
+
+			<!--	ve:
+					-->
+			<test url="http://wooconf.com/wp-content/themes/wooconf/img/logo-wooconf.svg" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://2014\.wooconf\.com/(?:$|my-account/$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://2014\.wooconf\.com/+(?!_static/|wp-content/)" />
+
+			<!--	ve:
+					-->
+			<test url="http://2014.wooconf.com/cart/" />
+			<test url="http://2014.wooconf.com/checkout/" />
+			<test url="http://2014.wooconf.com/my-account/" />
+			<test url="http://2014.wooconf.com/news/" />
+
+			<!--	ve:
+					-->
+			<test url="http://2014.wooconf.com/wp-content/uploads/2014/08/shipwire.png" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/WooThemes.xml b/src/chrome/content/rules/WooThemes.xml
index 725e44185025..17b4063a3008 100644
--- a/src/chrome/content/rules/WooThemes.xml
+++ b/src/chrome/content/rules/WooThemes.xml
@@ -1,22 +1,31 @@
 <!--
+	For other Automattic coverage, see Automattic.xml.
+
+
 	- woothemes.uservoice.com
 	- woocommercedoc.wpengine.com
 
+
+	Nonfunctional hosts in *woothemes.com:
+
+		- ideas ³
+
+	³ 403
+
 -->
-<ruleset name="WooThemes (partial)">
+<ruleset name="WooThemes.com (partial)">
 
 	<target host="woothemes.com" />
+	<target host="docs.woothemes.com" />
+	<target host="support.woothemes.com" />
 	<target host="www.woothemes.com" />
 
 
-	<!--	At least some pages 301 to http.
-							-->
-	<rule from="^http://(www\.)?woothemes\.com/wp-(content|includes)/"
-		to="https://$1woothemes.com/wp-$2/" />
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
 
-	<!--	wcdocs 403s.
-				-->
-	<rule from="^https?://wcdocs\.woothemes\.com/"
-		to="https://woocommercedoc.wpengine.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Woobox.com.xml b/src/chrome/content/rules/Woobox.com.xml
new file mode 100644
index 000000000000..c01d45054064
--- /dev/null
+++ b/src/chrome/content/rules/Woobox.com.xml
@@ -0,0 +1,31 @@
+<!--
+	These altnames don't exist:
+
+		- www.blog.woobox.com
+
+-->
+<ruleset name="Woobox.com (partial)">
+
+	<target host="woobox.com" />
+	<target host="blog.woobox.com" />
+	<target host="www.woobox.com" />
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="^http://blog\.woobox\.com/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://blog\.woobox\.com/+(?!wp-content/|wp-includes/)" />
+
+
+	<!--securecookie host="^(www\.)?woobox\.com$" name="^(\w+|\w+_pastviews|\w+_visit)$" /-->
+	<!--securecookie host="^\.woobox\.com$" name="^(ci_session|visitor_id)$" /-->
+	<!--securecookie host="^blog\.woobox\.com$" name="^redirect_count$" /-->
+
+	<securecookie host="^(?:\.|www\.)?woobox\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Wood_Green.org.uk.xml b/src/chrome/content/rules/Wood_Green.org.uk.xml
new file mode 100644
index 000000000000..894fc1ccc5d9
--- /dev/null
+++ b/src/chrome/content/rules/Wood_Green.org.uk.xml
@@ -0,0 +1,28 @@
+<!--
+	Other Wood Green rulesets:
+
+
+
+	^: cert only matches www
+
+
+	Some (all?) pages redirect to http.
+
+-->
+<ruleset name="Wood Green.org.uk (partial)">
+
+	<target host="woodgreen.org.uk" />
+	<target host="www.woodgreen.org.uk" />
+		<!--
+			Redirect to http:
+						-->
+		<!--exclusion pattern="^http://www\.woodgreen\.org\.uk/+(community|login)?($|\?)" /-->
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="^http://www\.woodgreen\.org\.uk/+(?!assets/|favicon\.ico|images/|stylesheets/)" /-->
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Wood_Tree_Swings.xml b/src/chrome/content/rules/Wood_Tree_Swings.xml
index 3affdadcc630..1fe752462343 100644
--- a/src/chrome/content/rules/Wood_Tree_Swings.xml
+++ b/src/chrome/content/rules/Wood_Tree_Swings.xml
@@ -1,13 +1,12 @@
 <ruleset name="Wood Tree Swings">
 
 	<target host="woodtreeswing.com" />
-	<target host="*.woodtreeswing.com" />
+	<target host="www.woodtreeswing.com" />
 
 
 	<securecookie host="^\.?woodtreeswing\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?woodtreeswing\.com/"
-		to="https://$1woodtreeswing.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Wooga.xml b/src/chrome/content/rules/Wooga.xml
index 1fc90ecd9ff0..af8d78e7c812 100644
--- a/src/chrome/content/rules/Wooga.xml
+++ b/src/chrome/content/rules/Wooga.xml
@@ -8,7 +8,8 @@
 -->
 <ruleset name="Wooga (partial)">
 
-	<target host="*.wooga.com" />
+	<target host="cdn12.wooga.com" />
+	<target host="cdn-mkt.wooga.com" />
 
 
 	<rule from="^http://cdn(?:12|-mkt)\.wooga\.com/"
diff --git a/src/chrome/content/rules/Woolworths.com.au.xml b/src/chrome/content/rules/Woolworths.com.au.xml
new file mode 100644
index 000000000000..58f12ed6b67f
--- /dev/null
+++ b/src/chrome/content/rules/Woolworths.com.au.xml
@@ -0,0 +1,207 @@
+<!--
+The following targets have been disabled at 2020-10-14 19:04:33:
+
+Fetch error: http://webchatau.woolworths.com.au/ => https://webchatau.woolworths.com.au/: (7, 'Failed to connect to webchatau.woolworths.com.au port 443: Connection refused')
+Fetch error: http://webchatnz.woolworths.com.au/ => https://webchatnz.woolworths.com.au/: (7, 'Failed to connect to webchatnz.woolworths.com.au port 443: Connection refused')
+
+-->
+
+<!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Fetch error: http://emailonline.woolworths.com.au/ => https://emailonline.woolworths.com.au/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+
+<!--
+The following targets have been disabled at 2020-04-17 18:38:06:
+
+Fetch error: http://apply-carloans.woolworths.com.au/ => https://apply-carloans.woolworths.com.au/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://cobrowseau.woolworths.com.au/ => https://cobrowseau.woolworths.com.au/: (7, 'Failed to connect to cobrowseau.woolworths.com.au port 443: Connection refused')
+Fetch error: http://corporate-vpn-ec.woolworths.com.au/ => https://corporate-vpn-ec.woolworths.com.au/: (35, 'error:14171102:SSL routines:tls_process_server_hello:unsupported protocol')
+Fetch error: http://corporate-vpn-nw.woolworths.com.au/ => https://corporate-vpn-nw.woolworths.com.au/: (35, 'error:14171102:SSL routines:tls_process_server_hello:unsupported protocol')
+Fetch error: http://ftp.woolworths.com.au/ => https://ftp.woolworths.com.au/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://uat.ftp.woolworths.com.au/ => https://uat.ftp.woolworths.com.au/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://i.woolworths.com.au/ => https://i.woolworths.com.au/: (6, 'Could not resolve host: i.woolworths.com.au')
+Fetch error: http://msite.woolworths.com.au/ => https://msite.woolworths.com.au/: (6, 'Could not resolve host: msite.woolworths.com.au')
+Fetch error: http://partner-vpn-ec.woolworths.com.au/ => https://partner-vpn-ec.woolworths.com.au/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://partner-vpn-nw.woolworths.com.au/ => https://partner-vpn-nw.woolworths.com.au/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://shoutout.woolworths.com.au/ => https://shoutout.woolworths.com.au/: (60, 'SSL certificate problem: certificate has expired')
+
+	Other related rulesets:
+		- bigw.com.au.xml
+		- bws.com.au.xml
+		- Cellarmasters.com.au.xml
+		- Countdown.co.nz.xml
+		- danmurphys.com.au.xml
+		- EverydayGiftCards.com.au.xml
+		- EziBuy.com.xml
+		- Langtons.com.au.xml
+		- Masters.com.au.xml
+		- WoolworthsMobile.com.au.xml
+		- WoolworthsPetrol.com.au.xml
+		- WoolworthsPay.com.au.xml
+		- WoolworthsRewards.com.au.xml
+
+
+	Non-functional domains:
+		- (www.)woolworthsglobalroaming.com.au		(h)
+		- (www.)woolworthslimited.com.au		(r)
+
+
+	Non-functional subdomains:
+
+		- woolworths.com.au
+			- appsplus	(r)
+			- email.bunch	(t)
+			- catalogue	(m)
+			- ebm.catalogue		(m)
+			- f.catalogue	(m)
+			- e-services	(t)
+			- click.e-services	(m)
+			- image.e-services	(m)
+			- view.e-services	(m)
+			- ebiz	(s)
+			- ebusiness	(s)
+			- ecri	(t)
+			- fabcot	(e)
+			- foodie	(e)
+			- getconnected	(SSL connection failed)
+			- heroes	(e)
+			- m.heroes	(e)
+			- uat.heroes	(e)
+			- devwebpay.intdns	(i)
+			- gfsconnect.intdns	(HTTP 404 error)
+			- ssmt.intdns	(t)
+			- webpay.intdns	(t)
+			- uatwebpay.intdns	(i)
+			- uatwoolworthsmoney.intdns	(i)
+			- wowconnect.intdns	(m)
+			- letsgoshopping	(e)
+			- magazine	(m)
+			- mail1		(t)
+			- meetingrooms		(t)
+			- bunch.mobile-api	(m)
+			- static-uat.mobile-api	(m)
+			- fuel.prod.v2.mobile-api	(r)
+			- mts		(t)
+			- mts2		(t)
+			- mwowremote	(e)
+			- online		(t)
+			- producepilot		(t)
+			- sfftppro	(SSL connection failed)
+			- sftpuat	(s)
+			- telcobilling	(SSL connection failed)
+			- woweas	(SSL handshake failed)
+			- wowesm	(i)
+			- wowlink	(m)
+			- tms.wowlink	(i)
+			- wowlinklogin	(m)
+			- wowremote1	(m)
+			- wowsfemail	(t)
+			- wqacert	(e)
+
+		-woolworthsonline.com.au
+			- catalogues	(m)
+			- games	(m)
+			- magazines	(m)
+			- promotions	(e,m)
+
+	(t) Timeout
+	(e) Expired cert
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Woolworths.com.au">
+	<target host="woolworths.com.au" />
+	<target host="www.woolworths.com.au" />
+	<target host="api.woolworths.com.au" />
+	<!-- target host="apply-carloans.woolworths.com.au" /-->
+	<target host="appsplus1.woolworths.com.au" />
+	<target host="appsplusdev2.woolworths.com.au" />
+	<target host="appsplusuat.woolworths.com.au" />
+	<target host="bunch.woolworths.com.au" />
+	<target host="cards.woolworths.com.au" />
+	<target host="www.cards.woolworths.com.au" />
+	<!-- target host="cobrowseau.woolworths.com.au" /-->
+	<target host="contact.woolworths.com.au" />
+	<!-- target host="corporate-vpn-ec.woolworths.com.au" /-->
+	<!-- target host="corporate-vpn-nw.woolworths.com.au" /-->
+	<target host="developer.woolworths.com.au" />
+	<target host="devwebpay.woolworths.com.au" />
+	<target host="dr.woolworths.com.au" />
+	<!-- target host="emailonline.woolworths.com.au" /-->
+	<!-- target host="ftp.woolworths.com.au" /-->
+	<!-- target host="uat.ftp.woolworths.com.au" /-->
+	<target host="help.woolworths.com.au" />
+	<target host="homelogin.woolworths.com.au" />
+	<!-- target host="i.woolworths.com.au" /-->
+	<target host="images.woolworths.com.au" />
+	<target host="insurance.woolworths.com.au" />
+	<target host="www.insurance.woolworths.com.au" />
+	<target host="listeningtoyou.woolworths.com.au" />
+	<target host="m.woolworths.com.au" />
+	<target host="media1.woolworths.com.au" />
+	<target host="media2.woolworths.com.au" />
+	<target host="media3.woolworths.com.au" />
+	<target host="media4.woolworths.com.au" />
+	<target host="mobile.woolworths.com.au" />
+	<target host="www.mobile.woolworths.com.au" />
+	<target host="dev.mobile-api.woolworths.com.au" />
+	<target host="images.mobile-api.woolworths.com.au" />
+	<target host="prod.mobile-api.woolworths.com.au" />
+	<target host="test.mobile-api.woolworths.com.au" />
+	<target host="uat.mobile-api.woolworths.com.au" />
+	<!-- target host="msite.woolworths.com.au" /-->
+	<!-- target host="partner-vpn-ec.woolworths.com.au" /-->
+	<!-- target host="partner-vpn-nw.woolworths.com.au" /-->
+	<target host="pies-apiuat.woolworths.com.au" />
+	<target host="services.woolworths.com.au" />
+	<target host="www.services.woolworths.com.au" />
+	<!-- target host="shoutout.woolworths.com.au" /-->
+	<target host="talk.woolworths.com.au" />
+	<target host="www.talk.woolworths.com.au" />
+	<target host="tms.woolworths.com.au" />
+	<target host="uat.woolworths.com.au" />
+	<target host="uat-cards.woolworths.com.au" />
+	<target host="www.uat-cards.woolworths.com.au" />
+	<target host="uat-digital.woolworths.com.au" />
+	<target host="uat-insurance.woolworths.com.au" />
+	<target host="www.uat-insurance.woolworths.com.au" />
+	<target host="uat-mobile.woolworths.com.au" />
+	<target host="www.uat-mobile.woolworths.com.au" />
+	<target host="uat-services.woolworths.com.au" />
+	<target host="www.uat-services.woolworths.com.au" />
+	<target host="uat-talk.woolworths.com.au" />
+	<target host="www.uat-talk.woolworths.com.au" />
+	<target host="uat2app.woolworths.com.au" />
+	<target host="uatcontact.woolworths.com.au" />
+	<target host="uatwebpay.woolworths.com.au" />
+	<!-- target host="webchatau.woolworths.com.au" /-->
+	<!-- target host="webchatnz.woolworths.com.au" /-->
+	<target host="webpay.woolworths.com.au" />
+	<target host="wowpeople.woolworths.com.au" />
+	<target host="wowremote.woolworths.com.au" />
+	<target host="wowremotetoken.woolworths.com.au" />
+
+	<target host="woolworthsonline.com.au" />
+	<target host="www.woolworthsonline.com.au" />
+	<target host="app.woolworthsonline.com.au" />
+	<target host="drapp.woolworthsonline.com.au" />
+	<target host="m.woolworthsonline.com.au" />
+	<target host="www2.woolworthsonline.com.au" />
+
+	<target host="woolworths.media" />
+	<target host="www.woolworths.media" />
+	<target host="cdn0.woolworths.media" />
+	<target host="cdn1.woolworths.media" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/WoolworthsMobile.com.au.xml b/src/chrome/content/rules/WoolworthsMobile.com.au.xml
new file mode 100644
index 000000000000..14dae60497ee
--- /dev/null
+++ b/src/chrome/content/rules/WoolworthsMobile.com.au.xml
@@ -0,0 +1,35 @@
+<!--
+	For other Woolworths coverage, see Woolworths.com.au.xml
+
+
+	Nonfunctional subdomains:
+
+		- woolworthsmobile.com.au
+			- it	(connection refused)
+			- shoutout	(mismatch hostname, CN: shoutout.woolworths.com.au)
+
+		- woolworthsconnect.com.au
+			- care	(timeout)
+			- test.care	(timeout)
+			- uat.care	(timeout)
+
+	¹ Timeout
+
+-->
+<ruleset name="Woolworths Mobile">
+
+	<target host="woolworthsmobile.com.au" />
+	<target host="www.woolworthsmobile.com.au" />
+
+	<target host="woolworthsconnect.com.au" />
+	<target host="www.woolworthsconnect.com.au" />
+	<target host="ccare.woolworthsconnect.com.au" />
+	<target host="dev1.woolworthsconnect.com.au" />
+	<target host="dev2.woolworthsconnect.com.au" />
+	<target host="dev3.woolworthsconnect.com.au" />
+	<target host="test-care.woolworthsconnect.com.au" />
+	<target host="uat.woolworthsconnect.com.au" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/WoolworthsPay.com.au.xml b/src/chrome/content/rules/WoolworthsPay.com.au.xml
new file mode 100644
index 000000000000..b78661ad7394
--- /dev/null
+++ b/src/chrome/content/rules/WoolworthsPay.com.au.xml
@@ -0,0 +1,23 @@
+<!--
+	For other Woolworths coverage, see Woolworths.com.au.xml
+
+
+	Nonfunctional subdomains:
+
+		- m.dev		(mismatch hostname, CN: woolworths.com.au)
+		- m.uat		(mismatch hostname, CN: woolworths.com.au)
+
+-->
+<ruleset name="Woolworths Pay">
+
+	<target host="woolworthspay.com.au" />
+	<target host="www.woolworthspay.com.au" />
+	<target host="dev.woolworthspay.com.au" />
+	<target host="www.dev.woolworthspay.com.au" />
+	<target host="m.woolworthspay.com.au" />
+	<target host="uat.woolworthspay.com.au" />
+	<target host="www.uat.woolworthspay.com.au" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/WoolworthsPetrol.com.au.xml b/src/chrome/content/rules/WoolworthsPetrol.com.au.xml
new file mode 100644
index 000000000000..5ac9ca8ac67b
--- /dev/null
+++ b/src/chrome/content/rules/WoolworthsPetrol.com.au.xml
@@ -0,0 +1,24 @@
+<!--
+	For other Woolworths coverage, see Woolworths.com.au.xml
+
+
+	Nonfunctional subdomains:
+
+		- woolworthspetrol.com.au	(mismatch hostname, CN: woolworths.com.au)
+		- topgear	(timeout)
+
+	¹ Timeout
+
+-->
+<ruleset name="Woolworths Petrol">
+
+	<target host="woolworthspetrol.com.au" />
+	<target host="www.woolworthspetrol.com.au" />
+
+	<!-- mismatch hostname -->
+	<rule from="^http://woolworthspetrol\.com\.au/"
+		to="https://www.woolworthspetrol.com.au/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/WoolworthsRewards.com.au.xml b/src/chrome/content/rules/WoolworthsRewards.com.au.xml
new file mode 100644
index 000000000000..41ee08a583c1
--- /dev/null
+++ b/src/chrome/content/rules/WoolworthsRewards.com.au.xml
@@ -0,0 +1,50 @@
+<!--
+	For other Woolworths coverage, see Woolworths.com.au.xml
+
+
+	Nonfunctional subdomains:
+
+		- woolworthsrewards.com.au
+			- email		¹
+			- image.email		(mismatch hostname, CN: a248.e.akamai.net)
+
+		- everydayrewards.com.au
+			- email		¹
+			- click.email		(mismatch hostname, CN: *.s6.exacttarget.com)
+			- image.email		(mismatch hostname, CN: a248.e.akamai.net)
+			- view.email		(mismatch hostname, CN: *.s6.exacttarget.com)
+			- support	(expired cert)
+			- uat	¹
+			- uatcreditcard		(connection refused)
+			- webchatau		(connection refused)
+			- webchatnz		(connection refused)
+
+	¹ Timeout
+
+-->
+<ruleset name="Woolworths Rewards">
+
+	<target host="woolworthsrewards.com.au" />
+	<target host="www.woolworthsrewards.com.au" />
+	<target host="analytics.woolworthsrewards.com.au" />
+	<target host="cms.woolworthsrewards.com.au" />
+	<target host="click.email.woolworthsrewards.com.au" />
+	<target host="pages.email.woolworthsrewards.com.au" />
+	<target host="my.woolworthsrewards.com.au" />
+	<target host="coa-api.my.woolworthsrewards.com.au" />
+	<target host="test.my.woolworthsrewards.com.au" />
+	<target host="pilot.woolworthsrewards.com.au" />
+	<target host="support.woolworthsrewards.com.au" />
+	<target host="supportuat.woolworthsrewards.com.au" />
+	<target host="supportuat2.woolworthsrewards.com.au" />
+	<target host="uat.woolworthsrewards.com.au" />
+	<target host="uat2.woolworthsrewards.com.au" />
+
+	<target host="everydayrewards.com.au" />
+	<target host="www.everydayrewards.com.au" />
+
+	<securecookie host="^www\.woolworthsrewards\.com\.au$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Woolyss.com.xml b/src/chrome/content/rules/Woolyss.com.xml
new file mode 100644
index 000000000000..5923412ecadc
--- /dev/null
+++ b/src/chrome/content/rules/Woolyss.com.xml
@@ -0,0 +1,17 @@
+<!--
+	Mismatch:
+		- chipmusic.woolyss.com
+-->
+<ruleset name="Woolyss.com">
+	<target host="woolyss.com" />
+	<target host="www.woolyss.com" />
+	<target host="chromium.woolyss.com" />
+	<target host="info.woolyss.com" />
+	<target host="tools.woolyss.com" />
+
+	<!-- Subdomain redirects to a 403 -->
+	<exclusion pattern="^http://tools\.woolyss\.com/$" />
+		<test url="http://tools.woolyss.com/html5-audio-video-tester/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Woopra.xml b/src/chrome/content/rules/Woopra.xml
index 6a0605f7d38c..e3d6f9a91452 100644
--- a/src/chrome/content/rules/Woopra.xml
+++ b/src/chrome/content/rules/Woopra.xml
@@ -1,23 +1,21 @@
 <!--
-	Fully covered subdomains:
-
-		- (www.)
-
-
 	static sets wooTracker wildcard cookie on
 	on whichever domain it is loaded from.
 
 -->
-<ruleset name="Woopra (partial)">
+<ruleset name="Woopra.com (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="woopra.com" />
-	<target host="*.woopra.com" />
+	<target host="static.woopra.com" />
+	<target host="www.woopra.com" />
 
 
 	<securecookie host="^(?:w*\.)?woopra\.com$" name=".+" />
 
 
-	<rule from="^http://(static\.|www\.)?woopra\.com/"
-		to="https://$1woopra.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Woot.com.xml b/src/chrome/content/rules/Woot.com.xml
new file mode 100644
index 000000000000..12bafacfedd7
--- /dev/null
+++ b/src/chrome/content/rules/Woot.com.xml
@@ -0,0 +1,33 @@
+<ruleset name="Woot.com (partial)">
+	<target host="woot.com" />
+	<target host="www.woot.com" />
+	<target host="accessories.woot.com" />
+	<target host="account.woot.com" />
+	<target host="apipanda.woot.com" />
+	<target host="auth.woot.com" />
+	<target host="bidet.woot.com" />
+	<target host="computers.woot.com" />
+	<target host="deals.woot.com" />
+	<target host="debug.woot.com" />
+	<target host="developer.woot.com" />
+	<target host="electronics.woot.com" />
+	<target host="error.woot.com" />
+	<target host="games.woot.com" />
+	<target host="holiday.woot.com" />
+	<target host="home.woot.com" />
+	<target host="kids.woot.com" />
+	<target host="moofi.woot.com" />
+	<target host="optinside.woot.com" />
+	<target host="pizza.woot.com" />
+	<target host="production.woot.com" />
+	<target host="r.woot.com" />
+	<target host="sellout.woot.com" />
+	<target host="shirt.woot.com" />
+	<target host="sport.woot.com" />
+	<target host="survey.woot.com" />
+	<target host="tools.woot.com" />
+	<target host="vendorportal.woot.com" />
+	<target host="wine.woot.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Woot.xml b/src/chrome/content/rules/Woot.xml
deleted file mode 100644
index 768cdc8be69f..000000000000
--- a/src/chrome/content/rules/Woot.xml
+++ /dev/null
@@ -1,66 +0,0 @@
-<!--
-	s3.amazonaws.com/images.deals.woot.com/
-	s3.amazonaws.com/image.w00t.com/
-		- Equivalent to d15xkf1ye01a0m.cloudfront.net
-	s3.amazonaws.com/gzip.static.woot.com/
-	s3.amazonaws.com/wootblogimages/
-
--->
-<ruleset name="Woot (partial)">
-
-	<target host="w00t.com" />
-	<target host="*.w00t.com" />
-	<target host="woot.com" />
-	<target host="*.woot.com" />
-		<!--exclusion pattern="^http://www\.woot\.com/(forums|(jobs|recalls|sponsorus|terms|writeus)\.aspx|User)" /-->
-	<target host="images.deals.woot.com" />
-	<target host="gzip.static.woot.com" />
-
-
-	<!--	403s :(
-	<rule from="^https?://image(?:cache)?\.w00t\.com/"
-		to="https://s3.amazonaws.com/image.w00t.com/" />
-
-	
-		These paths redirect to http:
-
-			- blog
-			- forums
-			- jobs.aspx
-			- recalls.aspx
-			- sponsorus.aspx
-			- terms.aspx
-			- User
-			- writeus.aspx
-
-		These paths don't redirect to http (shh!):
-
-			- account/login?
-			- App_Themes
-			- Blog
-			- blog/rss.aspx
-			- Forums
-			- images
-			- Images
-			- Jobs.aspx
-			- Recalls.aspx
-			- Search
-			- SponsorUs.aspx
-			- Terms.aspx
-			- wantone
-			- WhatIsWoot.aspx
-			- WriteUs.aspx
-
-
-		Cert only matches *.woot.com.
-					-->
-	<rule from="^https?://(?:www\.)?w[0o]{2}t\.com/((?:account|App_Themes|Blog|Forums|[iI]mages|Search)(?:$|/)|(?:blog/rss|Jobs|Recalls|SponsorUs|Terms|WhatIsWoot|WriteUs)\.aspx)"
-		to="https://www.woot.com/$1" />
-
-	<rule from="^http://(account|members)\.woot\.com/"
-		to="https://$1.woot.com/" />
-
-	<rule from="^https?://(avatar|images\.deals|(?:gzip\.)?static)\.woot\.com/"
-		to="https://s3.amazonaws.com/$1.woot.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Wooting.nl.xml b/src/chrome/content/rules/Wooting.nl.xml
new file mode 100644
index 000000000000..868353fbe018
--- /dev/null
+++ b/src/chrome/content/rules/Wooting.nl.xml
@@ -0,0 +1,9 @@
+<ruleset name="Wooting.nl">
+	<target host="wooting.nl" />
+	<target host="www.wooting.nl" />
+	<target host="blog.wooting.nl" />
+	<target host="shopint.wooting.nl" />
+	<target host="shopna.wooting.nl" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Wopsa.xml b/src/chrome/content/rules/Wopsa.xml
index 2c5e8281291b..cb97c94dea5f 100644
--- a/src/chrome/content/rules/Wopsa.xml
+++ b/src/chrome/content/rules/Wopsa.xml
@@ -4,7 +4,7 @@
 		- (www.)	(replies with http)
 
 -->
-<ruleset name="Wopsa (partial)">
+<ruleset name="Wopsa (partial)" default_off="http redirect">
 
 	<target host="kundarea.wopsa.se" />
 
@@ -12,7 +12,7 @@
 	<securecookie host="kundarea\.wopsa\.se$" name=".+" />
 
 
-	<rule from="^http://kundarea\.wopsa\.se/"
-		to="https://kundarea.wopsa.se/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Worcester-Polytechnic-Institute.xml b/src/chrome/content/rules/Worcester-Polytechnic-Institute.xml
index cd90e757c9fe..ecfb3d94c8d2 100644
--- a/src/chrome/content/rules/Worcester-Polytechnic-Institute.xml
+++ b/src/chrome/content/rules/Worcester-Polytechnic-Institute.xml
@@ -12,11 +12,11 @@
 	<target host="www.wpi.edu" />
 
 
-	<securecookie host="^my\.wpi\.edu$" name=".*" />
+	<securecookie host="^my\.wpi\.edu$" name=".+" />
 
 
 	<!--	Cert only matches www.	-->
-	<rule from="^https?://(?:www\.)?wpi\.edu/"
+	<rule from="^http://(?:www\.)?wpi\.edu/"
 		to="https://www.wpi.edu/" />
 
 	<rule from="^http://my\.wpi\.edu/"
diff --git a/src/chrome/content/rules/WordCamp.xml b/src/chrome/content/rules/WordCamp.xml
index 5ad830694258..0556aa26191c 100644
--- a/src/chrome/content/rules/WordCamp.xml
+++ b/src/chrome/content/rules/WordCamp.xml
@@ -1,12 +1,21 @@
-<ruleset name="WordCamp (partial)" default_off="expired, mismatch">
+<!--
+	Nonfunctional subdomains:
 
-	<!--	cert: 2010.sf.wordcamp.org	-->
-	<target host="central.wordcamp.org"/>
-	<target host="2009.newyork.wordcamp.org"/>
-	<target host="2010.sf.wordcamp.org"/>
-	<target host="2011.sf.wordcamp.org"/>
+		- central *
+		- 2009.newyork *
+		- 2014.miami *
+		- 2014.paris *
+		- 2010.sf *
+		- 2011.sf *
 
-	<rule from="^http://(central|2009\.newyork|201[01]\.sf)\.wordcamp\.org/"
-		to="https://$1.wordcamp.org/"/>
+	* Redirects to http
+
+-->
+<ruleset name="WordCamp (partial)">
+
+	<target host="wordcamp.org" />
+	<target host="www.wordcamp.org" />
+
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/WordPress-blogs.xml b/src/chrome/content/rules/WordPress-blogs.xml
index a99425ab9d5c..2d6529b342cd 100644
--- a/src/chrome/content/rules/WordPress-blogs.xml
+++ b/src/chrome/content/rules/WordPress-blogs.xml
@@ -1,288 +1,13 @@
-<!--	for blogs which redirect from wordpress subdomain and which otherwise have no rules
-
-
-	Fully covered domains:
-
-		- blog.feedly.com	
-		- safeandsavvy.f-secure.com
-		- (www.)irrlab.com	(www → ^)
-		- blog.loomio.org
-		- blog.magellanmodels.com
-		- (www.)metro.co.uk	(www → ^)
-		- (www.)rare.us
-		- blog.rstudio.org
-		- blog.zamzar.com
-
+<!--
+	For blogs which redirect from wordpress subdomain and which otherwise have no rules.
 -->
-<ruleset name="WordPress blogs" default_off="mismatch">
 
-	<target host="9to5mac.com" />
-	<target host="www.9to5mac.com" />
-	<target host="annotum.org" />
-	<target host="www.annotum.org" />
-	<target host="armservers.com" />
-	<target host="www.armservers.com" />
-	<target host="blog.bandcamp.com" />
-	<target host="betabeat.com" />
-	<target host="www.betabeat.com" />
-	<target host="bgr.com" />
-	<target host="www.bgr.com" />
-	<target host="blogmaverick.com" />
-	<target host="www.blogmaverick.com" />
-	<target host="dictionaryblog.cambridge.org" />
-	<target host="charles-carreon.com" />
-	<target host="www.charles-carreon.com" />
-	<target host="eatocracy.cnn.com" />
-	<target host="globalpublicsquare.blogs.cnn.com" />
-	<target host="tech.fortune.cnn.com" />
-	<target host="codepoet.com" />
-	<target host="www.codepoet.com" />
-	<target host="dietrolldie.com" />
-	<target host="www.dietrolldie.com" />
+<ruleset name="WordPress blogs">
 	<target host="news.efinancialcareers.com" />
-	<target host="emubrightfutures.org" />
-	<target host="www.emubrightfutures.org" />
-	<target host="blog.evidon.com" />
-	<target host="blog.feedly.com" />
-	<target host="fightcopyrighttrolls.com" />
-	<target host="www.fightcopyrighttrolls.com" />
-	<target host="code.flickr.com" />
-	<target host="*.flickr.net" />
-	<target host="safeandsavvy.f-secure.com" />
-	<target host="about.gigaom.com" />
-	<target host="event.gigaom.com" />
-	<target host="blog.gitorious.org" />
-	<target host="blog.gravity.com" />
-	<target host="hackaday.com" />
-	<target host="www.hackaday.com" />
-	<target host="irrlab.com" />
-	<target host="www.irrlab.com" />
-	<target host="johnrennie.net" />
-	<target host="www.johnrennie.net" />
-	<target host="krystalstatus.co.uk" />
-	<target host="www.krystalstatus.co.uk" />
-	<target host="lbo-news.com" />
-	<target host="www.lbo-news.com" />
-	<target host="blog.legacy.com" />
-	<target host="blog.loomio.org" />
-	<target host="blog.magellanmodels.com" />
-	<target host="metro.co.uk" />
-	<target host="www.metro.co.uk" />
-	<target host="blog.mybb.com" />
 	<target host="blog.nanigans.com" />
-	<target host="observer.com" />
-	<target host="www.observer.com" />
-	<target host="blog.opendz.org" />
-	<target host="blog.opengroup.org" />
-	<target host="blog.peopleschoice.com" />
-	<target host="perspectives-project.org" />
-	<target host="www.perspectives-project.org" />
-	<target host="rare.us" />
-	<target host="www.rare.us" />
-	<target host="magazine.redhat.com" />
-	<target host="servicesblog.redhat.com" />
-	<target host="blog.side.cr" />
-	<target host="blog.rstudio.org" />
-	<target host="techcrunch.com" />
-	<target host="www.techcrunch.com" />
-	<target host="*.time.com" />
-	<target host="blog.tinypic.com" />
-	<target host="tppinfo.org" />
-	<target host="www.tppinfo.org" />
-	<target host="dee.uidaho.edu" />
-	<target host="support.uidaho.edu" />
-	<target host="variety.com" />
-	<target host="www.variety.com" />
-	<target host="venturebeat.com" />
-	<!--	* for cross-domain cookie.	-->
-	<target host="*.venturebeat.com" />
-	<target host="blog.verticalacuity.com" />
-	<target host="wordpress.tv" />
-	<target host="*.wordpress.tv" />
-	<target host="blog.zamzar.com" />
-
-
-	<securecookie host="^dictionaryblog\.cambridge\.org$" name=".*" />
-	<securecookie host="^eatocracy\.cnn\.com$" name=".*" />
-	<securecookie host="^blog\.flickr\.net$" name=".+" />
-	<securecookie host="^hackaday\.com$" name=".*" />
-	<securecookie host="^(?:www)?\.variety\.com$" name=".+" />
-	<securecookie host="^\.?venturebeat\.com$" name=".*" />
-
-
-	<rule from="^https?://(?:www\.)?9to5mac\.com/"
-		to="https://9to5mac.com/" />
-
-	<!--	ID: annotum	-->
-	<rule from="^https?://(?:www\.)?annotum\.org/"
-		to="https://annotum.org/" />
-
-	<rule from="^https?://(?:www\.)?armservers\.com/"
-		to="https://armservers.com/" />
-
-	<rule from="^http://blog\.bandcamp\.com/"
-		to="https://blog.bandcamp.com/" />
-
-	<rule from="^https?://(?:www\.)?betabeat\.com/"
-		to="https://betabeat.com/" />
-
-	<rule from="^http://(?:www\.)?bgr\.com/"
-		to="https://bgr.com/" />
-
-	<rule from="^https?://(?:www\.)?blogmaverick\.com/"
-		to="https://blogmaverick.com/" />
-
-	<!--	ID: cambridgewords	-->
-	<rule from="^http://dictionaryblog\.cambridge\.org/"
-		to="https://dictionaryblog.cambridge.org/" />
-
-	<rule from="^https?://(?:www\.)?charles-carreon\.com/"
-		to="https://charles-carreon.com/" />
-
-	<!--	eatocracy ID: cnneatocracy		-->
-	<rule from="^http://(eatocracy|tech\.fortune|globalpublicsquare)\.cnn\.com/"
-		to="https://$1.cnn.com/" />
-
-	<rule from="^https?://(?:www\.)?codepoet\.com/"
-		to="https://codepoet.com/" />
-
-	<rule from="^https?://(?:www\.)?dietrolldie.com/"
-		to="https://dietrolldie.com/" />
-
-	<rule from="^http://news\.efinancialcareers\.com/"
-		to="https://news.efinancialcareers.com/" />
-
-	<rule from="^https?://(?:www\.)?emubrightfutures\.org/"
-		to="https://emubrightfutures.org/" />
-
-	<rule from="^http://blog\.evidon\.com/"
-		to="https://blog.evidon.com/" />
-
-	<rule from="^http://blog\.feedly\.com/"
-		to="https://blog.feedly.com/" />
-
-	<!--	ID: fightcopyrighttrolls	-->
-	<rule from="^https?://(?:www\.)?fightcopyrighttrolls\.com/"
-		to="https://fightcopyrighttrolls.com/" />
-
-	<rule from="^http://code\.flickr\.com/"
-		to="https://code.flickr.net/" />
-
-	<rule from="^http://(blog|code)\.flickr\.net/"
-		to="https://$1.flickr.net/" />
-
-	<rule from="^http://safeandsavvy\.f-secure\.com/"
-		to="https://safeandsavvy.f-secure.com/" />
-
-	<rule from="^http://(abou|even)t\.gigaom\.com/"
-		to="https://$1t.gigaom.com/" />
-
-	<!--	ID: gitorious	-->
-	<rule from="^http://blog\.gitorious\.org/"
-		to="https://blog.gitorious.org/" />
-
-	<rule from="^http://blog\.gravity\.com/"
-		to="https://blog.gravity.com/" />
-
-	<!--	ID: hackaday	-->
-	<rule from="^https?://(?:www\.)?hackaday\.com/"
-		to="https://hackaday.com/" />
-
-	<rule from="^http://(?:www\.)?irrlab\.com/"
-		to="https://irrlab.com/" />
-
-	<rule from="^https?://(?:www\.)?johnrennie\.net/"
-		to="https://johnrennie.net/" />
-
-	<rule from="^https?://(?:www\.)?krystalstatus\.co\.uk/"
-		to="https://krystalstatus.co.uk/" />
-
-	<!--	ID: doughenwood	-->
-	<rule from="^https?://(?:www\.)?lbo-news\.com/"
-		to="https://lbo-news.com/" />
-
-	<rule from="^http://blog\.legacy\.com/"
-		to="https://blog.legacy.com/" />
-
-	<rule from="^http://blog\.loomio\.org/"
-		to="https://blog.loomio.org/" />
-
-	<rule from="^http://blog\.magellanmodels\.com/"
-		to="https://blog.magellanmodels.com/" />
-
-	<rule from="^http://(?:www\.)?metro\.co\.uk/"
-		to="https://metro.co.uk/" />
-
-	<rule from="^http://blog\.mybb\.com/"
-		to="https://blog.mybb.com/" />
-
-	<rule from="^http://blog\.nanigans\.com/"
-		to="https://blog.nanigans.com/" />
-
-	<!--	ID: nyoobserver	-->
-	<rule from="^https?://(?:www\.)?observer\.com/"
-		to="https://observer.com/" />
-
-	<rule from="^http://blog\.opendz\.org/"
-		to="https://blog.opendz.org/" />
-
-	<rule from="^http://blog\.opengroup\.org/"
-		to="https://blog.opengroup.org/" />
-
-	<rule from="^http://blog\.peopleschoice\.com/"
-		to="https://blog.peopleschoice.com/" />
-
-	<rule from="^http://(?:www\.)?perspectives-project\.org/"
-		to="https://perspectives-project.org/" />
-
-	<rule from="^http://(?:www\.)?rare\.us/"
-		to="https://rare.us/" />
-
-	<rule from="^http://(magazine|servicesblog)\.redhat\.com/"
-		to="https://$1.redhat.com/" />
-
-	<rule from="^http://blog\.rstudio\.org/"
-		to="https://blog.rstudio.org/" />
-
-	<rule from="^http://blog\.side\.cr/"
-		to="https://blog.side.cr/" />
-
-	<!--	ID: tctechcrunch2011	-->
-	<rule from="^https?://(?:www\.)?techcrunch\.com/"
-		to="https://techcrunch.com/" />
-
-	<rule from="^http://(business|entertainment|healthland|ideas|keepingscore|lightbox|nation|newsfeed|science|style|swampland|techland|world)\.time\.com/"
-		to="https://$1.time.com/" />
-
-
-	<rule from="^http://blog\.tinypic\.com/"
-		to="https://blog.tinypic.com/" />
-
-	<rule from="^https?://(?:www\.)?tppinfo\.org/"
-		to="https://tppinfo.org/" />
-
-	<rule from="^http://(dee|support)\.uidaho\.edu/"
-		to="https://$1.uidaho.edu/" />
-
-	<!--	www's cert is valid, but redirects to !www
-							-->
-	<rule from="^http://(www\.)?variety\.com/"
-		to="https://$1variety.com/" />
-
-	<!--	ID: venturebeat	-->
-	<rule from="^https?://(?:www\.)?venturebeat\.com/"
-		to="https://venturebeat.com/" />
-
-	<rule from="^http://blog\.verticalacuity\.com/"
-		to="https://blog.verticalacuity.com/" />
-
-	<rule from="^https?://(?:www\.)?wordpress\.tv/"
-		to="https://wordpress.tv/" />
 
-	<rule from="^http://blog\.wordpress\.tv/"
-		to="https://blog.wordpress.tv/" />
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://blog\.zamzar\.com/"
-		to="https://blog.zamzar.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/WordPress.tv.xml b/src/chrome/content/rules/WordPress.tv.xml
new file mode 100644
index 000000000000..7af416568d07
--- /dev/null
+++ b/src/chrome/content/rules/WordPress.tv.xml
@@ -0,0 +1,17 @@
+<!--
+	Wildcard DNS but without wildcard certificate.
+
+	All other subdomains are mismatched.
+
+-->
+<ruleset name="WordPress.tv">
+
+	<target host="wordpress.tv" />
+	<target host="www.wordpress.tv" />
+	<target host="blog.wordpress.tv" />
+	<target host="www.blog.wordpress.tv" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/WordPress.xml b/src/chrome/content/rules/WordPress.xml
index f9e268f6f6fd..137f3c553130 100644
--- a/src/chrome/content/rules/WordPress.xml
+++ b/src/chrome/content/rules/WordPress.xml
@@ -1,117 +1,34 @@
 <!--
-	Nonfunctional domains:
-
-		- s-plugins.wordpress.org *
-
-	* How so?
-
-
-	Problematic domains:
-
-		- *.blog.files.wordpress.com *
-		- *.forums.wordpress.com **
-		- *.support.wordpress.com **
-
-	* Works; mismatched, CN: *.files.wordpress.com
-	** Works; mismatched, CN: *.wordpess.com
-
-
-	Partially covered domains:
-
-		- wordpress.com subdomains:
-
-			- ^
-			- *.blog	(per-locale blogs)
-			- botd
-			- botd2
-			- *.files	(per-blog subdomains)
-			- *.blog.files	(→ *-blog.files)
-			- r-login
-			- s		(→ www)
-			- s\d		(→ secure)
-			- signup
-			- ssl-stats
-			- s-ssl
-			- stats
-			- s.stats	(→ stats)
-			- *		(per-blog subdomains)
-
-		- wordpress.org subdomains:
-
-			- ^
-			- s	(→ www)
-			- s\d	(→ secure)
-			- *.svn
-			- *.trac
-
-
-	Fully covered domains:
-
-		- wp.com subdomains:
-
-			- i[012]
-			- s
-			- s\d
-
-
-	Mixed content:
-
-		- css on ^wordpress.org from s.wordpress.org **
-		- Images on *.blog.wordpress.com from *.blog.files.wordpress.com *
-
-	** Secured by us, absence alters table style slightly
-	* Secured by us, doesn't trip MCB anyway
+	Wildcard DNS recodes and SSL Certificates
 
+	strict-transport-security:max-age=15552000
 -->
-<ruleset name="WordPress (partial)">
-
+<ruleset name="WordPress">
 	<target host="wordpress.com" />
 	<target host="*.wordpress.com" />
-		<exclusion pattern="^http://(?:[^/:@\.]+\.)?wordpress\.com/latex\.php(?:\?.*)?$" />
-		<!--
-			These aren't targeted anyway...
+		<test url="http://www.wordpress.com/" />
+		<test url="http://en.wordpress.com/" />
+		<test url="http://zh-cn.wordpress.com/" />
 
-		<exclusion pattern="^http://([^/:@\.]+)\.(forums|support)\.wordpress\.com/" /-->
-        	<exclusion pattern="^http://s-plugins\.wordpress\.org/" />
 	<target host="wordpress.org" />
 	<target host="*.wordpress.org" />
-	<target host="*.wp.com" />
-
-
-	<securecookie host="^wordpress\.com$" name="^wordpress_homepage$" />
-	<securecookie host="^\.wordpress\.com$" name="^(?:km_\w\w|kvcd|optimizely\w+)$" />
-	<securecookie host="^wordpress\.org$" name=".+" />
-	<securecookie host=".*\.wordpress\.(?:com|org)$" name="^__utm\w$" />
+		<test url="http://apps.wordpress.org/" />
+		<test url="http://learn.wordpress.org/" />
+		<test url="http://make.wordpress.org/" />
 
+	<target host="w.org" />
+	<target host="*.w.org" />
+		<test url="http://make.w.org/" />
+		<test url="http://ps.w.org/" />
+		<test url="http://translate.w.org/" />
 
-	<rule from="^http://wordpress\.(com|org)/"
-		to="https://wordpress.$1/"/>
-
-	<rule from="^http://([^/:@\.]+)\.(blog|files)\.wordpress\.com/"
-		to="https://$1.$2.wordpress.com/"/>
-
-	<rule from="^http://(\w+)\.blog\.files\.wordpress\.com/"
-		to="https://$1-blog.files.wordpress.com/" />
-
-	<rule from="^http://s\.wordpress\.(com|org)/"
-		to="https://www.wordpress.$1/"/>
-
-	<rule from="^http://s\d\.wordpress\.(com|org)/"
-		to="https://secure.wordpress.$1/"/>
-
-	<rule from="^http://([^/:@\.]+)\.wordpress\.(com|org)/"
-		to="https://$1.wordpress.$2/"/>
-
-	<!--	- Cert: gp1.wac.edgecastcdn.net
-		- 404s over https
-					-->
-	<rule from="^http://s\.stats\.wordpress\.com/"
-		to="https://stats.wordpress.com/" />
-
-	<rule from="^http://([^/:@\.]+)\.(trac|svn)\.wordpress\.org/"
-		to="https://$1.$2.wordpress.org/"/>
+	<target host="wp.com" />
+	<target host="*.wp.com" />
+		<test url="http://www.wp.com/" />
+		<test url="http://www.wp.com/music" />
+		<test url="http://get.wp.com/" />
 
-	<rule from="^http://(i[012]|s\d*)\.wp\.com/"
-		to="https://$1.wp.com/" />
+	<securecookie host=".+" name="^(?!wordpress_logged_in$).+" />
 
+	<rule from="^http:" to="https:"/>
 </ruleset>
diff --git a/src/chrome/content/rules/WordRider.net.xml b/src/chrome/content/rules/WordRider.net.xml
new file mode 100644
index 000000000000..9823fefc8a3c
--- /dev/null
+++ b/src/chrome/content/rules/WordRider.net.xml
@@ -0,0 +1,13 @@
+<!--
+	Mismatched:
+		- bugtracker
+		- svn
+-->
+<ruleset name="WordRider.net">
+	<target host="wordrider.net" />
+	<target host="www.wordrider.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Word_Pro.xml b/src/chrome/content/rules/Word_Pro.xml
index f52c9533da63..8da88e2ff618 100644
--- a/src/chrome/content/rules/Word_Pro.xml
+++ b/src/chrome/content/rules/Word_Pro.xml
@@ -13,7 +13,7 @@
 <ruleset name="The Word Pro">
 
 	<target host="thewordpro.com" />
-	<target host="*.thewordpro.com" />
+	<target host="www.thewordpro.com" />
 
 
 	<securecookie host="^\.thewordpro\.com$" name=".+" />
@@ -22,4 +22,4 @@
 	<rule from="^http://(?:www\.)?thewordpro\.com/"
 		to="https://www.thewordpro.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Word_to_the_Wise.com.xml b/src/chrome/content/rules/Word_to_the_Wise.com.xml
new file mode 100644
index 000000000000..ace8c210cbfe
--- /dev/null
+++ b/src/chrome/content/rules/Word_to_the_Wise.com.xml
@@ -0,0 +1,20 @@
+<!--
+	Nonfunctional hosts in *wordtothewise.com:
+
+		- dist *
+
+	* Refused
+
+-->
+<ruleset name="Word to the Wise.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="wordtothewise.com" />
+	<target host="www.wordtothewise.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Wordentropy.org.xml b/src/chrome/content/rules/Wordentropy.org.xml
new file mode 100644
index 000000000000..66eeb95ab6c1
--- /dev/null
+++ b/src/chrome/content/rules/Wordentropy.org.xml
@@ -0,0 +1,14 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://wordentropy.org/ => https://wordentropy.org/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://www.wordentropy.org/ => https://www.wordentropy.org/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+
+-->
+<ruleset name="Wordentropy.org" default_off="failed ruleset test">
+	<target host="wordentropy.org" />
+	<target host="www.wordentropy.org" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Wordfence.com.xml b/src/chrome/content/rules/Wordfence.com.xml
new file mode 100644
index 000000000000..e139d877b24f
--- /dev/null
+++ b/src/chrome/content/rules/Wordfence.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- www.wordfence.com
+
+-->
+<ruleset name="Wordfence.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="wordfence.com" />
+	<target host="support.wordfence.com" />
+	<target host="www.wordfence.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.wordfence\.com$" name="^(?:PHPSESSID|wfvt_\d+|wordpress_test_cookie)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Wordnik.xml b/src/chrome/content/rules/Wordnik.xml
index e442bb88936b..2fa17582e2cd 100644
--- a/src/chrome/content/rules/Wordnik.xml
+++ b/src/chrome/content/rules/Wordnik.xml
@@ -1,14 +1,14 @@
 <ruleset name="Wordnik">
 
 	<target host="wordnik.com" />
+	<target host="www.wordnik.com" />
 	<!--	* for cross-domain cookie.	-->
-	<target host="*.wordnik.com" />
 
 
-	<securecookie host="^(www)?\.wordnik\.com$" name=".*" />
 
+	<securecookie host="^(?:www)?\.wordnik\.com$" name=".+" />
 
-	<rule from="^http://(www\.)?wordnik\.com/"
-		to="https://$1wordnik.com/" />
+
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/WordsAPI.com.xml b/src/chrome/content/rules/WordsAPI.com.xml
new file mode 100644
index 000000000000..6fbed5fd2541
--- /dev/null
+++ b/src/chrome/content/rules/WordsAPI.com.xml
@@ -0,0 +1,23 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .wordsapi.com
+
+-->
+<ruleset name="WordsAPI.com">
+
+	<target host="wordsapi.com" />
+	<target host="www.wordsapi.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.wordsapi\.com$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.wordsapi\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Work4_Labs.xml b/src/chrome/content/rules/Work4_Labs.xml
index 27e46e84e267..10ae25d96826 100644
--- a/src/chrome/content/rules/Work4_Labs.xml
+++ b/src/chrome/content/rules/Work4_Labs.xml
@@ -1,13 +1,13 @@
 <ruleset name="Work4 Labs">
 
 	<target host="work4labs.com" />
-	<target host="*.work4labs.com" />
+	<target host="app.work4labs.com" />
+	<target host="www.work4labs.com" />
 
 
 	<securecookie host="^(?:\.?www)?\.work4labs.com$" name=".+" />
 
 
-	<rule from="^http://(app\.|www\.)?work4labs\.com/"
-		to="https://$1work4labs.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/WorkKafe.com.xml b/src/chrome/content/rules/WorkKafe.com.xml
deleted file mode 100644
index bea6dee30d45..000000000000
--- a/src/chrome/content/rules/WorkKafe.com.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	CN: *.netfirms.com
-
--->
-<ruleset name="WorkKafe.com" default_off="mismatched">
-
-	<target host="workkafe.com" />
-	<target host="www.workkafe.com" />
-
-
-	<rule from="^http://(?:www\.)?workkafe\.com/"
-		to="https://www.workkafe.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/WorkWithColor.xml b/src/chrome/content/rules/WorkWithColor.xml
index 98e00edda014..a83a921f5c08 100644
--- a/src/chrome/content/rules/WorkWithColor.xml
+++ b/src/chrome/content/rules/WorkWithColor.xml
@@ -1,12 +1,14 @@
-<ruleset name="WorkWithColor" default_off="mismatch, self-signed">
+<!--
+	CN: webserver.ispgateway.de.
+
+-->
+<ruleset name="WorkWithColor.com" default_off="mismatch, self-signed">
 
-	<!--	Cert: webserver.ispgateway.de.	-->
 	<target host="workwithcolor.com" />
 	<target host="www.workwithcolor.com" />
 
 
-	<!--	!www redirects to www.	-->
-	<rule from="^http://(?:www\.)?workwithcolor\.com/"
-		to="https://www.workwithcolor.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Workable.com.xml b/src/chrome/content/rules/Workable.com.xml
new file mode 100644
index 000000000000..6baf9b74e7bd
--- /dev/null
+++ b/src/chrome/content/rules/Workable.com.xml
@@ -0,0 +1,52 @@
+<!--
+	Nonfunctional subdomains:
+
+		- blog *
+		- resources *
+		- support *
+
+	* WP Engine
+
+
+	Fully covered subdomains:
+
+		- (www.)?
+		- * ¹
+
+	¹ Per-client domains
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- workable.com
+		- .workable.com
+		- www.workable.com
+
+-->
+<ruleset name="Workable.com (partial)">
+
+	<target host="workable.com" />
+	<target host="*.workable.com" />
+
+		<exclusion pattern="^http://(?:blog|resources|support)\.workable\.com/" />
+
+			<test url="http://blog.workable.com/" />
+			<test url="http://resources.workable.com/" />
+			<test url="http://support.workable.com/" />
+
+		<test url="http://infogram.workable.com/" />
+		<test url="http://www.workable.com/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?workable\.com$" name="^_workable_visitor$" /-->
+	<!--securecookie host="^\.workable\.com$" name="^_workable_session$" /-->
+
+	<securecookie host="^(?:\.|www\.)?workable\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Workaround.org.xml b/src/chrome/content/rules/Workaround.org.xml
new file mode 100644
index 000000000000..76bac1759d70
--- /dev/null
+++ b/src/chrome/content/rules/Workaround.org.xml
@@ -0,0 +1,17 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://fry.workaround.org/ => https://fry.workaround.org/: (51, "SSL: no alternative certificate subject name matches target host name 'fry.workaround.org'")
+Fetch error: http://www.workaround.org/ => https://www.workaround.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.workaround.org'")
+
+-->
+<ruleset name="workaround.org" default_off="failed ruleset test">
+
+	<target host="workaround.org" />
+	<target host="fry.workaround.org" />
+	<target host="www.workaround.org" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Workforce_Hosting.com.xml b/src/chrome/content/rules/Workforce_Hosting.com.xml
new file mode 100644
index 000000000000..c8bc3a9800c8
--- /dev/null
+++ b/src/chrome/content/rules/Workforce_Hosting.com.xml
@@ -0,0 +1,19 @@
+<!--
+	(www.): shows default cPanel page
+
+-->
+<ruleset name="Workforce Hosting.com (partial)">
+
+	<target host="sdsurf.workforcehosting.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^sdsurf\.workforcehosting\.com$" name="^srv_id$" /-->
+
+	<securecookie host="^sdsurf\.workforcehosting\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Workiva.com.xml b/src/chrome/content/rules/Workiva.com.xml
new file mode 100644
index 000000000000..f95bc71e9b6d
--- /dev/null
+++ b/src/chrome/content/rules/Workiva.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .workiva.com
+
+-->
+<ruleset name="Workiva.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="workiva.com" />
+	<target host="techblog.workiva.com" />
+	<target host="www.workiva.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.workiva\.com$" name="^__qca$" /-->
+
+	<securecookie host="^\.workiva\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Workplace-Giving.xml b/src/chrome/content/rules/Workplace-Giving.xml
deleted file mode 100644
index 783345bc6fd1..000000000000
--- a/src/chrome/content/rules/Workplace-Giving.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<ruleset name="Workplace Giving" platform="mixedcontent">
-
-	<target host="workplacegiving.co.uk" />
-	<target host="www.workplacegiving.co.uk" />
-
-
-	<!--	Cert only matches www.	-->
-	<rule from="^https?://(?:www\.)?workplacegiving\.co\.uk/"
-		to="https://www.workplacegiving.co.uk/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/WorkplaceGenderEqualityAgency.xml b/src/chrome/content/rules/WorkplaceGenderEqualityAgency.xml
new file mode 100644
index 000000000000..9eb0cf95b438
--- /dev/null
+++ b/src/chrome/content/rules/WorkplaceGenderEqualityAgency.xml
@@ -0,0 +1,7 @@
+<ruleset name="Workplace Gender Equality Agency">
+	<target host="wgea.gov.au" />
+	<target host="www.wgea.gov.au" />
+
+	<rule from="^http://(?:www\.)?wgea\.gov\.au/"
+		to="https://www.wgea.gov.au/" />
+</ruleset>
diff --git a/src/chrome/content/rules/Works_That_Work.com.xml b/src/chrome/content/rules/Works_That_Work.com.xml
new file mode 100644
index 000000000000..fec7e38bb0bd
--- /dev/null
+++ b/src/chrome/content/rules/Works_That_Work.com.xml
@@ -0,0 +1,30 @@
+<!--
+	For other Typotheque coverage, see Typotheque.xml.
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.worksthatwork.com
+
+-->
+<ruleset name="Works That Work.com">
+
+	<target host="worksthatwork.com" />
+	<target host="www.worksthatwork.com" />
+
+		<!--	Sets cookie without Secure:
+							-->
+		<!--test url="http://worksthatwork.com/login/" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.worksthatwork\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Workzeitung.ch.xml b/src/chrome/content/rules/Workzeitung.ch.xml
new file mode 100644
index 000000000000..d1d98fc2a338
--- /dev/null
+++ b/src/chrome/content/rules/Workzeitung.ch.xml
@@ -0,0 +1,6 @@
+<ruleset name="Workzeitung.ch">
+	<target host="workzeitung.ch" />
+	<target host="www.workzeitung.ch" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/World-Football-Extra.xml b/src/chrome/content/rules/World-Football-Extra.xml
deleted file mode 100644
index 5beae8153720..000000000000
--- a/src/chrome/content/rules/World-Football-Extra.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	CDN buckets:
-
-		- blog.wfe.netdna-cdn.com
-			- blog-wfe.netdna-ssl.com doesn't exist
-
--->
-<ruleset name="World Football Extra">
-
-	<target host="worldfootballextra.com" />
-	<target host="*.worldfootballextra.com" />
-
-
-	<securecookie host="^(www\.)?worldfootballextra\.com$" name=".*" />
-
-
-	<!--	- cdn cert: *.netdna-ssl.com
-		- cdn 404s
-				-->
-	<rule from="^https?://(?:cdn\.|(www\.))?worldfootballextra\.com/"
-		to="https://$1worldfootballextra.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/World-Nuclear-News.org.xml b/src/chrome/content/rules/World-Nuclear-News.org.xml
new file mode 100644
index 000000000000..263a0a96b959
--- /dev/null
+++ b/src/chrome/content/rules/World-Nuclear-News.org.xml
@@ -0,0 +1,13 @@
+<!--
+	Connection closed:
+		- track
+
+	Mismatched:
+		- wbsnhes
+-->
+<ruleset name="World-Nuclear-News.org">
+	<target host="world-nuclear-news.org" />
+	<target host="www.world-nuclear-news.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/World-of-Warships.xml b/src/chrome/content/rules/World-of-Warships.xml
new file mode 100644
index 000000000000..f0601fbcefac
--- /dev/null
+++ b/src/chrome/content/rules/World-of-Warships.xml
@@ -0,0 +1,91 @@
+<!--
+	For other Wargaming.net coverage, see Wargaming.xml.
+
+	Invalid certificate:
+		asus.worldofwarships.com
+		eu.worldofwarships.com
+		gigabyte.worldofwarships.com
+		ru.worldofwarships.com
+		static-upd-v4r4h10x.worldofwarships.com
+		static-wguscs.worldofwarships.com
+
+		cdn.worldofwarships.ru
+
+	Different content http/https:
+		forum-eu.worldofwarships.com
+		forum-na.worldofwarships.com
+		forum-ru.worldofwarships.com
+		santa.worldofwarships.com
+		teams.worldofwarships.com
+
+		santa.worldofwarships.eu
+		teams.worldofwarships.eu
+
+		auth-pt.worldofwarships.ru
+		teams.worldofwarships.ru
+
+	Redirect to http:
+		update.worldofwarships.com
+		update-v4r4h10x.worldofwarships.com
+
+		update.worldofwarships.eu
+		update-v4r4h10x.worldofwarships.eu
+
+		update.worldofwarships.ru
+		update-v4r4h10x.worldofwarships.ru
+
+	No working URL known:
+		wguscs.worldofwarships.com
+
+		wguscs.worldofwarships.eu
+
+		csis-wowspt.worldofwarships.ru
+		hole.worldofwarships.ru
+
+	Secure connection failed:
+		obt.worldofwarships.eu
+
+	Login required:
+		bugs-st.worldofwarships.ru
+-->
+
+<ruleset name="World of Warships">
+	<!-- worldofwarships.com -->
+	<target host="worldofwarships.com" />
+	<target host="www.worldofwarships.com" />
+	<target host="api.worldofwarships.com" />
+	<target host="auth.worldofwarships.com" />
+	<target host="blog.worldofwarships.com" />
+	<target host="forum.worldofwarships.com" />
+	<target host="playtogether.worldofwarships.com" />
+	<target host="vortex.worldofwarships.com" />
+	<target host="warehouse.worldofwarships.com" />
+
+	<!-- worldofwarships.eu -->
+	<target host="worldofwarships.eu" />
+	<target host="www.worldofwarships.eu" />
+	<target host="api.worldofwarships.eu" />
+	<target host="auth.worldofwarships.eu" />
+	<target host="blog.worldofwarships.eu" />
+	<target host="forum.worldofwarships.eu" />
+	<target host="playtogether.worldofwarships.eu" />
+	<target host="vortex.worldofwarships.eu" />
+
+	<!-- worldofwarships.ru -->
+	<target host="worldofwarships.ru" />
+	<target host="www.worldofwarships.ru" />
+	<target host="api.worldofwarships.ru" />
+	<target host="auth.worldofwarships.ru" />
+	<target host="blog.worldofwarships.ru" />
+	<target host="forum.worldofwarships.ru" />
+	<target host="forum-new.worldofwarships.ru" />
+	<target host="playtogether.worldofwarships.ru" />
+	<target host="portal-pt.worldofwarships.ru" />
+	<target host="pt.worldofwarships.ru" />
+	<target host="st.worldofwarships.ru" />
+	<target host="vortex.worldofwarships.ru" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/WorldCat.xml b/src/chrome/content/rules/WorldCat.xml
index 86f2b85fd4b2..93aec856babb 100644
--- a/src/chrome/content/rules/WorldCat.xml
+++ b/src/chrome/content/rules/WorldCat.xml
@@ -1,13 +1,211 @@
-<ruleset name="WorldCat">
+<ruleset name="WorldCat.org">
 
 	<target host="worldcat.org" />
-	<target host="*.worldcat.org" />
 
+	<target host="549.worldcat.org" />
+	<target host="alaska.worldcat.org" />
+	<target host="alasu.worldcat.org" />
+	<target host="americanunivofnigeria.worldcat.org" />
+	<target host="anderson.worldcat.org" />
+	<target host="antioch.worldcat.org" />
+	<target host="augsburg.worldcat.org" />
+	<target host="auis.worldcat.org" />
+	<target host="aum.worldcat.org" />
+	<target host="aurarialibrary.worldcat.org" />
+	<target host="avemariauniversity.worldcat.org" />
+	<target host="bc.worldcat.org" />
+	<target host="beacon.worldcat.org" />
+	<target host="bergencc.worldcat.org" />
+	<target host="berkeley.worldcat.org" />
+	<target host="berry.worldcat.org" />
+	<target host="brenau.worldcat.org" />
+	<target host="brkl.worldcat.org" />
+	<target host="bsclibrary.worldcat.org" />
+	<target host="bucknell.worldcat.org" />
+	<target host="buffalo.worldcat.org" />
+	<target host="burrittlibrary.worldcat.org" />
+	<target host="buswell.worldcat.org" />
+	<target host="calacademy.worldcat.org" />
+	<target host="californiagenealogicalsoc.worldcat.org" />
+	<target host="california.worldcat.org" />
+	<target host="cambridgelibrary.worldcat.org" />
+	<target host="camino.worldcat.org" />
+	<target host="catawba.worldcat.org" />
+	<target host="ccrls.worldcat.org" />
+	<target host="cedarcrestcollegecressmanlibrary.worldcat.org" />
+	<target host="chemeketa.worldcat.org" />
+	<target host="christendom.worldcat.org" />
+	<target host="clclibrary.worldcat.org" />
+	<target host="clevelandstate.worldcat.org" />
+	<target host="cod.worldcat.org" />
+	<target host="colelibrary.worldcat.org" />
+	<target host="colum.worldcat.org" />
+	<target host="comlibrary.worldcat.org" />
+	<target host="cornell.worldcat.org" />
+	<target host="coverart.worldcat.org" />
+	<target host="cpclib.worldcat.org" />
+	<target host="cput.worldcat.org" />
+	<target host="ctsfw.worldcat.org" />
+	<target host="dchs.worldcat.org" />
+	<target host="depaul.worldcat.org" />
+	<target host="dmu.worldcat.org" />
+	<target host="doane.worldcat.org" />
+	<target host="eastcarolina.worldcat.org" />
+	<target host="edwardsvillelibrary.worldcat.org" />
+	<target host="ewu.worldcat.org" />
+	<target host="floridanav.worldcat.org" />
+	<target host="franklincollege.worldcat.org" />
+	<target host="franklinpierce.worldcat.org" />
+	<target host="fullertonpubliclibrary.worldcat.org" />
+	<target host="fuller.worldcat.org" />
+	<target host="georgian.worldcat.org" />
+	<target host="gouchercollege.worldcat.org" />
+	<target host="grinnellcollege.worldcat.org" />
+	<target host="gsk.worldcat.org" />
+	<target host="guilford.worldcat.org" />
+	<target host="gwlaw.worldcat.org" />
+	<target host="his.worldcat.org" />
+	<target host="hiu.worldcat.org" />
+	<target host="hnulibrary.worldcat.org" />
+	<target host="hoopestonpubliclibrary.worldcat.org" />
+	<target host="hsrc.worldcat.org" />
+	<target host="huielibrary.worldcat.org" />
+	<target host="iadt.worldcat.org" />
+	<target host="idaho.worldcat.org" />
+	<target host="ie.worldcat.org" />
+	<target host="jacksonvilleuniversity.worldcat.org" />
+	<target host="jerseyvillelibrary.worldcat.org" />
+	<target host="kb.worldcat.org" />
+	<target host="latourette.worldcat.org" />
+	<target host="lbclibrary.worldcat.org" />
+	<target host="lincolnlibrary.worldcat.org" />
+	<target host="lindenwoodcollege.worldcat.org" />
+	<target host="link.worldcat.org" />
+	<target host="lmelibrary.worldcat.org" />
+	<target host="londonmet.worldcat.org" />
+	<target host="lsulibraries.worldcat.org" />
+	<target host="luclibrary.worldcat.org" />
+	<target host="macalester.worldcat.org" />
+	<target host="mahasarakhamuniv.worldcat.org" />
+	<target host="mcd.worldcat.org" />
+	<target host="mcgill.worldcat.org" />
+	<target host="melvyl.worldcat.org" />
+	<target host="mineralcountypubliclibrary.worldcat.org" />
+	<target host="missouri.worldcat.org" />
+	<target host="mit.worldcat.org" />
+	<target host="molloy.worldcat.org" />
+	<target host="msjc.worldcat.org" />
+	<target host="mthood.worldcat.org" />
+	<target host="mtsu.worldcat.org" />
+	<target host="muhlenberg.worldcat.org" />
+	<target host="ncat.worldcat.org" />
+	<target host="neiulibrary.worldcat.org" />
+	<target host="newmanregionallibrary.worldcat.org" />
+	<target host="newpaltz.worldcat.org" />
+	<target host="niod.worldcat.org" />
+	<target host="nnu.worldcat.org" />
+	<target host="noble.worldcat.org" />
+	<target host="northeastern.worldcat.org" />
+	<target host="north.worldcat.org" />
+	<target host="npl.worldcat.org" />
+	<target host="nu.worldcat.org" />
+	<target host="oclclibrary.worldcat.org" />
+	<target host="ocwms.worldcat.org" />
+	<target host="ohsulibrary.worldcat.org" />
+	<target host="osu.worldcat.org" />
+	<target host="outulsa.worldcat.org" />
+	<target host="oxy.worldcat.org" />
+	<target host="panolacollege.worldcat.org" />
+	<target host="pepperdine.worldcat.org" />
+	<target host="pittsburgstate.worldcat.org" />
+	<target host="portia.worldcat.org" />
+	<target host="portlandstate.worldcat.org" />
+	<target host="radforduniversity.worldcat.org" />
+	<target host="sabinet.worldcat.org" />
+	<target host="sandiegostate.worldcat.org" />
+	<target host="sbcc.worldcat.org" />
+	<target host="sbts.worldcat.org" />
+	<target host="sfuad.worldcat.org" />
+	<target host="sjfc.worldcat.org" />
+	<target host="snac.worldcat.org" />
+	<target host="stanfordhealthlibrary.worldcat.org" />
+	<target host="stanleypubliclibrary.worldcat.org" />
+	<target host="statelibraryok.worldcat.org" />
+	<target host="static1.worldcat.org" />
+	<target host="stfrancisuniversity.worldcat.org" />
+	<target host="stjohnsem.worldcat.org" />
+	<target host="stkate.worldcat.org" />
+	<target host="sulibrary.worldcat.org" />
+	<target host="talonline.worldcat.org" />
+	<target host="tamiu.worldcat.org" />
+	<target host="temple.worldcat.org" />
+	<target host="terengganu.worldcat.org" />
+	<target host="texasgroup.worldcat.org" />
+	<target host="tilburguniversity.worldcat.org" />
+	<target host="tjportal.worldcat.org" />
+	<target host="tlc.worldcat.org" />
+	<target host="towsonuniversity.worldcat.org" />
+	<target host="tufts.worldcat.org" />
+	<target host="uab.worldcat.org" />
+	<target host="ua.worldcat.org" />
+	<target host="uci.worldcat.org" />
+	<target host="ucla.worldcat.org" />
+	<target host="ucmerced.worldcat.org" />
+	<target host="uconn.worldcat.org" />
+	<target host="ucsb.worldcat.org" />
+	<target host="ucsc.worldcat.org" />
+	<target host="ucsd.worldcat.org" />
+	<target host="ucsf.worldcat.org" />
+	<target host="uidaho.worldcat.org" />
+	<target host="uindy.worldcat.org" />
+	<target host="uisbrookenslibrary.worldcat.org" />
+	<target host="uky.worldcat.org" />
+	<target host="ule.worldcat.org" />
+	<target host="umahidol.worldcat.org" />
+	<target host="umaryland.worldcat.org" />
+	<target host="umassmed.worldcat.org" />
+	<target host="umbc.worldcat.org" />
+	<target host="umemphis.worldcat.org" />
+	<target host="umhb.worldcat.org" />
+	<target host="uml.worldcat.org" />
+	<target host="unb.worldcat.org" />
+	<target host="uncc.worldcat.org" />
+	<target host="uncfsu.worldcat.org" />
+	<target host="uncg.worldcat.org" />
+	<target host="uncsa.worldcat.org" />
+	<target host="unesco-ihe.worldcat.org" />
+	<target host="universityofarizona.worldcat.org" />
+	<target host="universityofncarolinaatpembroke.worldcat.org" />
+	<target host="universityofsouthflorida.worldcat.org" />
+	<target host="univofpretoria.worldcat.org" />
+	<target host="unm.worldcat.org" />
+	<target host="unomaha.worldcat.org" />
+	<target host="uolibraries.worldcat.org" />
+	<target host="uprrp.worldcat.org" />
+	<target host="usal.worldcat.org" />
+	<target host="uttarlton.worldcat.org" />
+	<target host="uum.worldcat.org" />
+	<target host="uwashington.worldcat.org" />
+	<target host="uwc.worldcat.org" />
+	<target host="uwest.worldcat.org" />
+	<target host="uwglibrary.worldcat.org" />
+	<target host="uwinnipeg.worldcat.org" />
+	<target host="valpo.worldcat.org" />
+	<target host="vut.worldcat.org" />
+	<target host="washingtonstate.worldcat.org" />
+	<target host="watzek.worldcat.org" />
+	<target host="wellesley.worldcat.org" />
+	<target host="westmont.worldcat.org" />
+	<target host="whitman.worldcat.org" />
+	<target host="wild.worldcat.org" />
+	<target host="williams.worldcat.org" />
+	<target host="wits.worldcat.org" />
+	<target host="www.worldcat.org" />
+	<target host="xavier.worldcat.org" />
 
-	<securecookie host="^.*\.worldcat\.org$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
+	<rule from="^http:"
+		to="https:" />
 
-	<rule from="^http://(coverart\.|static1\.|www\.)?worldcat\.org/"
-		to="https://$1worldcat.org/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/WorldCommunityGrid.xml b/src/chrome/content/rules/WorldCommunityGrid.xml
index 2c05505cade6..be5b91491726 100644
--- a/src/chrome/content/rules/WorldCommunityGrid.xml
+++ b/src/chrome/content/rules/WorldCommunityGrid.xml
@@ -1,20 +1,19 @@
 <!--
-	!www: cert only matches *.worldcommunitygrid.org
-
+	Deep links to worldcommunitygrid.org don't work when using HTTPS.
+	For example, the following link will fail, so forward it to www.
+	https://worldcommunitygrid.org/research/viewAllProjects.do
 -->
 <ruleset name="World Community Grid">
 
 	<target host="worldcommunitygrid.org" />
-	<target host="*.worldcommunitygrid.org" />
-
+	<target host="www.worldcommunitygrid.org" />
+	<target host="secure.worldcommunitygrid.org" />
+	<target host="scheduler.worldcommunitygrid.org" />
+	<target host="grid.worldcommunitygrid.org" />
 
 	<securecookie host="^\.worldcommunitygrid\.org$" name=".+" />
 
-
-	<rule from="^https?://worldcommunitygrid\.org/"
-		to="https://secure.worldcommunitygrid.org/" />
-
- 	<rule from="^http://(secure|www)\.worldcommunitygrid\.org/"
-		to="https://$1.worldcommunitygrid.org/" />
+	<rule from="^http://worldcommunitygrid\.org/" to="https://www.worldcommunitygrid.org/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/WorldDAB.org.xml b/src/chrome/content/rules/WorldDAB.org.xml
new file mode 100644
index 000000000000..0520f28b9c44
--- /dev/null
+++ b/src/chrome/content/rules/WorldDAB.org.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .worlddab.org
+
+-->
+<ruleset name="WorldDAB.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="worlddab.org" />
+	<target host="members.worlddab.org" />
+	<target host="www.worlddab.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.worlddab\.org$" name="^_worlddmb_session$" /-->
+
+	<securecookie host="^\.worlddab\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/WorldMarkByWyndham.com.xml b/src/chrome/content/rules/WorldMarkByWyndham.com.xml
new file mode 100644
index 000000000000..806456f090f3
--- /dev/null
+++ b/src/chrome/content/rules/WorldMarkByWyndham.com.xml
@@ -0,0 +1,17 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- worldmarkbywyndham.com
+		- metrics.worldmarkbywyndham.com
+		- link.sub.worldmarkbywyndham.com
+-->
+<ruleset name="WorldMarkByWyndham.com">
+	<target host="worldmarkbywyndham.com" />
+	<target host="www.worldmarkbywyndham.com" />
+
+	<rule from="^http://worldmarkbywyndham\.com/"
+			to="https://www.worldmarkbywyndham.com/" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/WorldMate.com.xml b/src/chrome/content/rules/WorldMate.com.xml
new file mode 100644
index 000000000000..56e4347174e2
--- /dev/null
+++ b/src/chrome/content/rules/WorldMate.com.xml
@@ -0,0 +1,22 @@
+<!--
+	^: cert only matches www
+
+-->
+<ruleset name="WorldMate.com">
+
+	<target host="worldmate.com" />
+	<target host="www.worldmate.com" />
+	<target host="cdn.worldmate.com" />
+
+
+	<!--	Secured by server:
+					-->
+	<!--securecookie host="^www\.worldmate\.com$" name="^NSC_Xfc-\w+_\w+$" /-->
+
+
+	<rule from="^http://(?:www\.)?worldmate\.com/"
+		to="https://www.worldmate.com/" />
+
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/WorldNow.com.xml b/src/chrome/content/rules/WorldNow.com.xml
index bf8a76120781..4a0824749647 100644
--- a/src/chrome/content/rules/WorldNow.com.xml
+++ b/src/chrome/content/rules/WorldNow.com.xml
@@ -9,6 +9,7 @@
 
 			- a1628.g.akamai.net
 			- kmsp.images.worldnow.com
+			- wnyw.images.worldnow.com
 
 
 	Nonfunctional subdomains:
@@ -37,20 +38,10 @@
 -->
 <ruleset name="WorldNow.com (partial)">
 
-	<target host="*.worldnow.com" />
+	<target host="content.worldnow.com" />
 		<!--exclusion pattern="^http://(images|www)\." /-->
 
-
-	<rule from="^http://content\.worldnow\.com/"
-		to="https://content.worldnow.com/" />
-
-	<rule from="^http://ftpcontent\.worldnow\.com/"
-		to="https://a248.e.akamai.net/f/1452/7216/9/ftpcontent.worldnow.com/" />
-
-	<!--	Presumably this could be generalized for all
-		in *.images, but that hasn't been tested.
-							-->
-	<rule from="^http://kmsp\.images\.worldnow\.com/"
-		to="https://a248.e.akamai.net/f/1628/2991/2/kmsp.images.worldnow.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/WorldOfGames.xml b/src/chrome/content/rules/WorldOfGames.xml
new file mode 100644
index 000000000000..56d233ea5968
--- /dev/null
+++ b/src/chrome/content/rules/WorldOfGames.xml
@@ -0,0 +1,7 @@
+<ruleset name="World of Games">
+	<target host="wog.ch"/>
+	<target host="www.wog.ch"/>
+
+	<rule from="^http://(?:www\.)?wog\.ch/"
+		to="https://www.wog.ch/"/>
+</ruleset>
diff --git a/src/chrome/content/rules/WorldOfGothic.com.xml b/src/chrome/content/rules/WorldOfGothic.com.xml
new file mode 100644
index 000000000000..92175ba1763a
--- /dev/null
+++ b/src/chrome/content/rules/WorldOfGothic.com.xml
@@ -0,0 +1,32 @@
+<!--
+	Mismatched:
+		- exodus
+		- ignis
+		- khorana
+
+	SSL handshake error:
+		- alix
+		- almanach
+		- ftp
+		- imap
+		- legendofahssun
+		- legendofkataris
+		- mail
+		- modstar
+		- odysseemodteam
+		- oparilames
+		- openmod
+		- pop
+		- relay
+		- smtp
+		- soulfire
+		- varus
+		- velaya
+		- wiki
+-->
+<ruleset name="WorldOfGothic.com">
+	<target host="worldofgothic.com" />
+	<target host="www.worldofgothic.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/WorldOfPlayers.ru.xml b/src/chrome/content/rules/WorldOfPlayers.ru.xml
new file mode 100644
index 000000000000..61877374142a
--- /dev/null
+++ b/src/chrome/content/rules/WorldOfPlayers.ru.xml
@@ -0,0 +1,23 @@
+<!--
+	Mismatched:
+		- www
+		- dl
+		- dl1
+		- forum
+		- media
+		- nv
+		- old
+		- s
+		- wiki
+
+	Connection reset:
+		- mail
+-->
+<ruleset name="WorldOfPlayers.ru">
+	<target host="worldofplayers.ru" />
+	<target host="www.worldofplayers.ru" />
+	<target host="forum.worldofplayers.ru" />
+
+	<rule from="^http://(www|forum)\.worldofplayers\.ru/" to="https://worldofplayers.ru/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/WorldOfWarcraft.xml b/src/chrome/content/rules/WorldOfWarcraft.xml
new file mode 100644
index 000000000000..daeeea80aad9
--- /dev/null
+++ b/src/chrome/content/rules/WorldOfWarcraft.xml
@@ -0,0 +1,65 @@
+<!--	Cert expired:
+			- forums
+
+		Cert mismatch:
+			- ak (akamai)
+			- armory (battle.net)
+			- fortune
+			- media
+			- test
+
+		Chain issues:
+			- forums
+			- signup
+			- upgrade
+
+		RFC 1918 Adress:
+			- guardian.bl1
+
+		Timeout:
+			- content
+			- errors
+			- guardian
+			- eu.logon
+			- kr.logon
+			- tw.logon
+			- us.logon
+			- mail
+			- qa
+			- staging
+			- status
+			- us.repair
+			- eu.scan
+			- kr.scan
+			- us.scan
+			- cn.tracker
+			- eu.tracker
+			- tw.tracker
+			- us.tracker
+			- cn.version
+			- eu.version
+			- kr.version
+			- tw.version
+			- us.version
+-->
+<ruleset name="WorldOfWarcraft">
+
+	<target host="worldofwarcraft.com" />
+	<target host="www.worldofwarcraft.com" />
+	<target host="comic.worldofwarcraft.com" />
+	<target host="fail.worldofwarcraft.com" />
+	<target host="launcher.worldofwarcraft.com" />
+	<target host="on.worldofwarcraft.com" />
+	<target host="prod.worldofwarcraft.com" />
+	<target host="render-api-cn.worldofwarcraft.com" />
+	<target host="render-api-eu.worldofwarcraft.com" />
+	<target host="render-api-kr.worldofwarcraft.com" />
+	<target host="render-api-tw.worldofwarcraft.com" />
+	<target host="render-api-us.worldofwarcraft.com" />
+	<target host="render-eu.worldofwarcraft.com" />
+	<target host="render-us.worldofwarcraft.com" />
+	<target host="support.worldofwarcraft.com" />
+
+	<rule from="^http:" to="https:"/>
+
+</ruleset>
diff --git a/src/chrome/content/rules/WorldRemit.com.xml b/src/chrome/content/rules/WorldRemit.com.xml
new file mode 100644
index 000000000000..648b0d82ef6c
--- /dev/null
+++ b/src/chrome/content/rules/WorldRemit.com.xml
@@ -0,0 +1,24 @@
+<!--
+	^: mismatched
+
+-->
+<ruleset name="WorldRemit.com">
+
+	<target host="worldremit.com" />
+	<target host="www.worldremit.com" />
+	<target host="agents.worldremit.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(agents|www)\.worldremit\.com$" name="^(ASP\.NET_SessionId|SERVERID)$" /-->
+
+	<securecookie host="^(?:agents|www)\.worldremit\.com$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?worldremit\.com/"
+		to="https://www.worldremit.com/" />
+
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/WorldWildlife.org.xml b/src/chrome/content/rules/WorldWildlife.org.xml
new file mode 100644
index 000000000000..19a286b9b401
--- /dev/null
+++ b/src/chrome/content/rules/WorldWildlife.org.xml
@@ -0,0 +1,27 @@
+<!--
+	WorldWildlife.org related ruleset:
+		 - WWF.ch.xml
+		 - WWF.org.xml
+
+	Non-functional hosts
+		SSL peer certificate was not OK:
+			 - assets.worldwildlife.org
+			 - mobileapp.worldwildlife.org
+			 - takeaction.worldwildlife.org
+			 - wwf.worldwildlife.org
+-->
+<ruleset name="World Wildlife.org">
+	<target host="worldwildlife.org" />
+	<target host="www.worldwildlife.org" />
+	<target host="apps.worldwildlife.org" />
+	<target host="content.worldwildlife.org" />
+	<target host="fyia.worldwildlife.org" />
+	<target host="gifts.worldwildlife.org" />
+	<target host="secure.worldwildlife.org" />
+	<target host="secure2.worldwildlife.org" />
+	<target host="support.worldwildlife.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/World_Chamber_of_Commerce_Directory.xml b/src/chrome/content/rules/World_Chamber_of_Commerce_Directory.xml
deleted file mode 100644
index feca46cca1de..000000000000
--- a/src/chrome/content/rules/World_Chamber_of_Commerce_Directory.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	Some pages redirect to http.
-
--->
-<ruleset name="World Chamber of Commerce Directory (partial)">
-
-	<target host="worldchamberdirectoryonline.com" />
-	<target host="www.worldchamberdirectoryonline.com" />
-
-
-	<rule from="^http://(www\.)?worldchamberdirectoryonline\.com/(checkout(?:$|\?|/)|favicon\.ico|memb/|wp-content/|wp-includes/)"
-		to="https://$1worldchamberdirectoryonline.com/$2" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/World_City_Card.xml b/src/chrome/content/rules/World_City_Card.xml
deleted file mode 100644
index 54b1c45a2c45..000000000000
--- a/src/chrome/content/rules/World_City_Card.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="World City Card">
-
-	<target host="worldcitycard.com" />
-	<target host="*.worldcitycard.com" />
-
-
-	<securecookie host="^(?:www)?\.worldcitycard\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?worldcitycard\.com/"
-		to="https://$1worldcitycard.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/World_Development_Movement.xml b/src/chrome/content/rules/World_Development_Movement.xml
index dc1f3b913b72..3387a28a3b63 100644
--- a/src/chrome/content/rules/World_Development_Movement.xml
+++ b/src/chrome/content/rules/World_Development_Movement.xml
@@ -1,13 +1,12 @@
 <ruleset name="World Development Movement">
 
 	<target host="wdm.org.uk" />
-	<target host="*.wdm.org.uk" />
+	<target host="www.wdm.org.uk" />
 
 
 	<securecookie host="^\.wdm\.org\.uk$" name=".+" />
 
 
-	<rule from="^http://(www\.)?wdm\.org\.uk/"
-		to="https://$1wdm.org.uk/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/World_Food_Prize.xml b/src/chrome/content/rules/World_Food_Prize.xml
index e96cfd520481..8aa1611879a3 100644
--- a/src/chrome/content/rules/World_Food_Prize.xml
+++ b/src/chrome/content/rules/World_Food_Prize.xml
@@ -1,4 +1,10 @@
-<ruleset name="The World Food Prize">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://worldfoodprize.org/ => https://worldfoodprize.org/: (51, "SSL: no alternative certificate subject name matches target host name 'worldfoodprize.org'")
+
+-->
+<ruleset name="The World Food Prize" default_off="failed ruleset test">
 
 	<target host="worldfoodprize.org" />
 	<target host="www.worldfoodprize.org" />
@@ -7,7 +13,6 @@
 	<securecookie host="^(?:www\.)?worldfoodprize\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?worldfoodprize\.org/"
-		to="https://$1worldfoodprize.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/World_Landscape_Architecture.xml b/src/chrome/content/rules/World_Landscape_Architecture.xml
index 02a7b58ac406..8fdcf91679d4 100644
--- a/src/chrome/content/rules/World_Landscape_Architecture.xml
+++ b/src/chrome/content/rules/World_Landscape_Architecture.xml
@@ -1,13 +1,12 @@
 <ruleset name="World Landscape Architecture">
 
 	<target host="worldlandscapearchitect.com" />
-	<target host="*.worldlandscapearchitect.com" />
+	<target host="www.worldlandscapearchitect.com" />
 
 
 	<securecookie host="^\.worldlandscapearchitect\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?worldlandscapearchitect\.com/"
-		to="https://$1worldlandscapearchitect.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/World_Precision_Instruments.xml b/src/chrome/content/rules/World_Precision_Instruments.xml
index 70ea0f62bf24..35b37ed707df 100644
--- a/src/chrome/content/rules/World_Precision_Instruments.xml
+++ b/src/chrome/content/rules/World_Precision_Instruments.xml
@@ -15,7 +15,6 @@
 	<securecookie host="^store\.wpiinc\.com$" name=".+" />
 
 
-	<rule from="^http://store\.wpiinc\.com/"
-		to="https://store.wpiinc.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/World_Television.xml b/src/chrome/content/rules/World_Television.xml
index 7c959967b052..b8af9e5787fb 100644
--- a/src/chrome/content/rules/World_Television.xml
+++ b/src/chrome/content/rules/World_Television.xml
@@ -14,13 +14,13 @@
 -->
 <ruleset name="World Television">
 
-	<target host="*.world-television.com" />
+	<target host="doddsegrads.world-television.com" />
+	<target host="streamstudio.world-television.com" />
 
 
 	<securecookie host="^streamstudio\.world-television\.com$" name=".+" />
 
 
-	<rule from="^http://(doddsegrads|streamstudio)\.world-television\.com/"
-		to="https://$1.world-television.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/World_e-ID_Congress.xml b/src/chrome/content/rules/World_e-ID_Congress.xml
index 0fb53fefc971..80bbd4c09d76 100644
--- a/src/chrome/content/rules/World_e-ID_Congress.xml
+++ b/src/chrome/content/rules/World_e-ID_Congress.xml
@@ -15,4 +15,4 @@
 	<rule from="^http://(?:www\.)?worlde-idcongress\.com/"
 		to="https://www.worlde-idcongress.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/World_for_Pets.com.au.xml b/src/chrome/content/rules/World_for_Pets.com.au.xml
index ac5bd920c28a..1ca39cf18d51 100644
--- a/src/chrome/content/rules/World_for_Pets.com.au.xml
+++ b/src/chrome/content/rules/World_for_Pets.com.au.xml
@@ -7,7 +7,6 @@
 	<securecookie host="^www\.worldforpets\.com\.au$" name=".+" />
 
 
-	<rule from="^http://(www\.)?worldforpets\.com\.au/"
-		to="https://$1worldforpets.com.au/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/World_of_Warplanes.xml b/src/chrome/content/rules/World_of_Warplanes.xml
deleted file mode 100644
index 69e1a7a0481e..000000000000
--- a/src/chrome/content/rules/World_of_Warplanes.xml
+++ /dev/null
@@ -1,29 +0,0 @@
-<!--
-	For other Wargaming.net coverage, see Wargaming.net.xml.
-
-
-	Problematic domains:
-
-		- www.worldofwarplanes.com	(expired)
-		- www.worldofwarplanes.ru	(mismatched)
-
--->
-<ruleset name="World of Warplanes (partial)">
-
-	<target host="worldofwarplanes.*" />
-		<exclusion pattern="^http://(?:www\.)?worldofwarplanes.(?:com|eu|ru)/(?!(?:auth|captcha|registration)(?:$|\?|/)|dcont/|l?static/)" />
-	<target host="*.worldofwarplanes.com" />
-	<target host="*.worldofwarplanes.eu" />
-	<target host="*.worldofwarplanes.ru" />
-
-
-	<securecookie host="^forum\.worldofwarplanes\.(?:com|eu|ru)$" name=".+" />
-
-
-	<rule from="^https?://(?:(forum\.|support\.)|www\.)?worldofwarplanes\.(com|ru)/"
-		to="https://$1worldofwarplanes.$2/" />
-
-	<rule from="^http://(forum\.|www\.)?worldofwarplanes\.eu/"
-		to="https://$1worldofwarplanes.eu/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/World_of_Warships.xml b/src/chrome/content/rules/World_of_Warships.xml
deleted file mode 100644
index 2d01fed80ab9..000000000000
--- a/src/chrome/content/rules/World_of_Warships.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	For other Wargaming.net coverage, see Wargaming.net.xml.
-
-
-	Nonfunctional domains:
-
-		- (www.)worldofwarships.com
-		- (www.)worldofwarships.eu
-		- (www.)worldofwarships.ru
-
--->
-<ruleset name="World of Warships (partial)">
-
-	<target host="forum.worldofwarships.*" />
-
-
-	<securecookie host="^forum\.worldofwarships\.(?:com|eu|ru)$" name=".+" />
-
-
-	<rule from="^http://forum\.worldofwarships\.(com|eu|ru)/"
-		to="https://forum.worldofwarships.$1/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Worldhealth.net.xml b/src/chrome/content/rules/Worldhealth.net.xml
new file mode 100644
index 000000000000..95271eb92d43
--- /dev/null
+++ b/src/chrome/content/rules/Worldhealth.net.xml
@@ -0,0 +1,21 @@
+<!--
+	Mixed content:
+
+		- Images from www.worldhealth.net *
+
+	* Secured by us
+
+-->
+<ruleset name="Worldhealth.net">
+
+	<target host="worldhealth.net" />
+	<target host="www.worldhealth.net" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/WorldofWarplanes.xml b/src/chrome/content/rules/WorldofWarplanes.xml
new file mode 100644
index 000000000000..14b62d0f7698
--- /dev/null
+++ b/src/chrome/content/rules/WorldofWarplanes.xml
@@ -0,0 +1,50 @@
+<!--
+	For other Wargaming.net coverage, see Wargaming.net.xml.
+
+
+	Redirect to http:
+		worldofwarplanes.com
+		www.worldofwarplanes.com
+		blog.worldofwarplanes.com
+		forum.worldofwarplanes.com
+		forum-na.worldofwarplanes.com
+		na.worldofwarplanes.com
+		supertest.worldofwarplanes.com
+		upd-st13.worldofwarplanes.com
+		update.worldofwarplanes.com
+		update-us.worldofwarplanes.com
+
+		blog.worldofwarplanes.eu
+		forum.worldofwarplanes.eu
+		update.worldofwarplanes.eu
+
+		blog.worldofwarplanes.ru
+		forum.worldofwarplanes.ru
+		update.worldofwarplanes.ru
+
+	Login required:
+		bugs-st13.worldofwarplanes.com
+
+	Refused:
+		cpm.worldofwarplanes.com
+
+	Invalid certificate:
+		update-ru.worldofwarplanes.com
+
+		cdn.forum.worldofwarplanes.eu
+		static-upd.worldofwarplanes.eu
+
+		cdn.forum.worldofwarplanes.ru
+
+-->
+<ruleset name="World of Warplanes (partial)">
+
+	<target host="api.worldofwarplanes.com" />
+	<target host="api.worldofwarplanes.eu" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Worldometers.info.xml b/src/chrome/content/rules/Worldometers.info.xml
new file mode 100644
index 000000000000..14f4f21b92ad
--- /dev/null
+++ b/src/chrome/content/rules/Worldometers.info.xml
@@ -0,0 +1,21 @@
+<ruleset name="Worldometers.info">
+	<target host="worldometers.info" />
+	<target host="www.worldometers.info" />
+	<target host="autodiscover.worldometers.info" />
+	<target host="cpanel.worldometers.info" />
+	<target host="ftp.worldometers.info" />
+	<target host="host2.worldometers.info" />
+	<target host="host3.worldometers.info" />
+	<target host="host4.worldometers.info" />
+	<target host="host5.worldometers.info" />
+	<target host="host6.worldometers.info" />
+	<target host="ipv6.worldometers.info" />
+	<target host="m.worldometers.info" />
+	<target host="mail.worldometers.info" />
+	<target host="ns.worldometers.info" />
+	<target host="srv1.worldometers.info" />
+	<target host="webdisk.worldometers.info" />
+	<target host="webmail.worldometers.info" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Worldpanelinfo.xml b/src/chrome/content/rules/Worldpanelinfo.xml
deleted file mode 100644
index 259b7b451fb7..000000000000
--- a/src/chrome/content/rules/Worldpanelinfo.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	For other Kantar rulesets, see TNS-Global.xml.
-
--->
-<ruleset name="Wordpanelinfo">
-
-	<target host="worldpanelinfo.com" />
-	<target host="*.worldpanelinfo.com" />
-
-
-	<securecookie host="^.*\.worldpanelinfo\.com$" name=".*" />
-
-
-	<!--	!www doesn't work over https,
-		redirects to www over http.	-->
-	<rule from="^http://(?:www\.)?worldpanelinfo\.com/"
-		to="https://www.worldpanelinfo.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Worldreader.org.xml b/src/chrome/content/rules/Worldreader.org.xml
new file mode 100644
index 000000000000..f97a7c7f1b65
--- /dev/null
+++ b/src/chrome/content/rules/Worldreader.org.xml
@@ -0,0 +1,20 @@
+<!--
+	Wildcard DNS and certificate.
+
+	Time out:
+		bot.worldreader.org
+		m.worldreader.org
+
+-->
+<ruleset name="Worldreader.org">
+
+	<target host="worldreader.org" />
+	<target host="www.worldreader.org" />
+	<target host="comms.worldreader.org" />
+		<test url="http://comms.worldreader.org/wp-content/themes/worldreader/style.css.gzip" />
+	<target host="read.worldreader.org" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Worldtimebuddy.com.xml b/src/chrome/content/rules/Worldtimebuddy.com.xml
new file mode 100644
index 000000000000..98ef8951f272
--- /dev/null
+++ b/src/chrome/content/rules/Worldtimebuddy.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="World Time Buddy">
+	<target host="worldtimebuddy.com" />
+	<target host="www.worldtimebuddy.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Worn-Through.xml b/src/chrome/content/rules/Worn-Through.xml
index 035523ad5f2b..51629fb554bc 100644
--- a/src/chrome/content/rules/Worn-Through.xml
+++ b/src/chrome/content/rules/Worn-Through.xml
@@ -1,11 +1,26 @@
-<ruleset name="Worn Through (partial)" default_off="mismatch">
+<!--
+	^wornthrough.com: Refused
+	www: Mismatched, CN: *.gridserver.com
+
+
+	Mixed content:
+
+		- css from www.wornthrough.com
+
+		- Images, from:
+
+			- farm\d.staticflickr.com
+			- wornthrough.com
+			- www.wornthrough.com
+
+-->
+<ruleset name="Worn Through.com" default_off="mismatched">
 
-	<!--	Cert: *.gridserver.com	-->
 	<target host="wornthrough.com" />
 	<target host="www.wornthrough.com" />
 
 
-	<rule from="^https?://(?:www\.)?wornthrough\.com/blog/wp-content/"
-		to="https://wornthrough.com/blog/wp-content/" />
+	<rule from="^http://(?:www\.)?wornthrough\.com/"
+		to="https://www.wornthrough.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/WorstPills.org.xml b/src/chrome/content/rules/WorstPills.org.xml
index 1e9d428f353f..6850e13f1d54 100644
--- a/src/chrome/content/rules/WorstPills.org.xml
+++ b/src/chrome/content/rules/WorstPills.org.xml
@@ -2,5 +2,5 @@
 	<target host="worstpills.org" />
 	<target host="www.worstpills.org" />
 
-	<rule from="^http://(?:www\.)?worstpills\.org/" to="https://www.worstpills.org/" />
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Woz.ch.xml b/src/chrome/content/rules/Woz.ch.xml
index a83326c92a7f..dc185f12459a 100644
--- a/src/chrome/content/rules/Woz.ch.xml
+++ b/src/chrome/content/rules/Woz.ch.xml
@@ -1,6 +1,11 @@
+<!--
+	Mismatch:
+		- webmail.woz.ch
+-->
 <ruleset name="Woz.ch">
-<target host="www.woz.ch"/>
-<target host="woz.ch"/>
-<rule from="^http://(www\.)?woz\.ch/" to="https://www.woz.ch/"/>
+	<target host="www.woz.ch"/>
+	<target host="woz.ch"/>
+
+	<rule from="^http:"
+		to="https:"/>
 </ruleset>
- 
diff --git a/src/chrome/content/rules/WpX.ne.jp.xml b/src/chrome/content/rules/WpX.ne.jp.xml
index 0af6f7a8a9e9..a3ede6aa3004 100644
--- a/src/chrome/content/rules/WpX.ne.jp.xml
+++ b/src/chrome/content/rules/WpX.ne.jp.xml
@@ -1,16 +1,17 @@
 <!--
 	For other Xserver coverage, see Xserver.xml.
 
-
-	^wpx.ne.jp does not exist
-
 -->
 <ruleset name="wpX.ne.jp">
 
+	<target host="wpx.ne.jp" />
 	<target host="www.wpx.ne.jp" />
 
 
-	<rule from="^http://www\.wpx\.ne\.jp/"
-		to="https://www.wpx.ne.jp/" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Wpmudev.org.xml b/src/chrome/content/rules/Wpmudev.org.xml
index c29e33414d7d..aae8d76cc6ab 100644
--- a/src/chrome/content/rules/Wpmudev.org.xml
+++ b/src/chrome/content/rules/Wpmudev.org.xml
@@ -1,24 +1,27 @@
 <!--
-	Problematic subdomains:
+	No working URL known:
+		seobox.wpmudev.org
+		smushpro.wpmudev.org
+		staging.wpmudev.org
 
-		- (www.)	(mismatched, CN: premium.wpmudev.org)
+	Invalid certificate:
+		www.premium.wpmudev.org
+		videos.wpmudev.org
 
 -->
 <ruleset name="wpmudev.org">
 
 	<target host="wpmudev.org" />
-	<target host="*.wpmudev.org" />
+	<target host="www.wpmudev.org" />
+	<target host="premium.wpmudev.org" />
+	<target host="www.premium.wpmudev.org" />
 
+	<securecookie host=".+" name=".+" />
 
-	<securecookie host="^\.?premium\.wpmudev\.org$" name=".+" />
-
-
-	<!--	Server drops paths:
-					-->
-	<rule from="^http://(?:www\.)?wpmudev\.org/.*"
+	<rule from="^http://www\.premium\.wpmudev\.org/"
 		to="https://premium.wpmudev.org/" />
 
-	<rule from="^http://premium\.wpmudev\.org/"
-		to="https://premium.wpmudev.org/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Wpveda.com.xml b/src/chrome/content/rules/Wpveda.com.xml
new file mode 100644
index 000000000000..bd176cd4d733
--- /dev/null
+++ b/src/chrome/content/rules/Wpveda.com.xml
@@ -0,0 +1,29 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.wpveda.com/ => https://www.wpveda.com/: (6, 'Could not resolve host: www.wpveda.com')
+
+	Insecure cookies are set for these domains:
+
+		- .wpveda.com
+
+-->
+<ruleset name="wpveda.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="wpveda.com" />
+	<target host="www.wpveda.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.wpveda\.com$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.wpveda\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/WrapBootstrap.com.xml b/src/chrome/content/rules/WrapBootstrap.com.xml
new file mode 100644
index 000000000000..d5f3352c607e
--- /dev/null
+++ b/src/chrome/content/rules/WrapBootstrap.com.xml
@@ -0,0 +1,30 @@
+<!--
+	Problematic subdomains:
+
+		- support *
+		- www *
+
+	* Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- wrapbootstrap.com
+
+-->
+<ruleset name="WrapBootstrap.com (partial)">
+
+	<target host="wrapbootstrap.com" />
+	<target host="www.wrapbootstrap.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^wrapbootstrap\.com$" name="^ref$" /-->
+
+	<securecookie host="^wrapbootstrap\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Wrapadviser.co.uk.xml b/src/chrome/content/rules/Wrapadviser.co.uk.xml
index cfdadebebcd8..fc56eab730e0 100644
--- a/src/chrome/content/rules/Wrapadviser.co.uk.xml
+++ b/src/chrome/content/rules/Wrapadviser.co.uk.xml
@@ -3,10 +3,10 @@
 	<target host="*.wrapadviser.co.uk" />
 
 
-	<securecookie host=".+\.wrapadviser\.co\.uk$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http://([\w-]+)\.wrapadviser\.co\.uk/"
 		to="https://$1.wrapadviser.co.uk/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Wrating.com.xml b/src/chrome/content/rules/Wrating.com.xml
new file mode 100644
index 000000000000..0365c2fdf96e
--- /dev/null
+++ b/src/chrome/content/rules/Wrating.com.xml
@@ -0,0 +1,48 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://dsl.wrating.com/a.gif?a=&c= => https://dsl.wrating.com/a.gif?a=&c=: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://sohu.wrating.com/a.gif?a=&c= => https://dsl.wrating.com/a.gif?a=&c=: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://dsl.wrating.com/ => https://dsl.wrating.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://sohu.wrating.com/ => https://dsl.wrating.com/: (60, 'SSL certificate problem: certificate has expired')
+
+	Problematic hosts in *wrating.com:
+
+		- sohu *
+
+	* Mismatched
+
+
+	Insecure cookies are set for these domains:
+
+		- .wrating.com
+
+-->
+<ruleset name="wrating.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="dsl.wrating.com" />
+
+	<!--	Complications:
+				-->
+	<target host="sohu.wrating.com" />
+
+		<test url="http://dsl.wrating.com/a.gif?a=&amp;c=" />
+		<test url="http://sohu.wrating.com/a.gif?a=&amp;c=" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.wrating\.com$" name="^vjsid$" /-->
+
+	<securecookie host="^\." name="^vjsid$" />
+
+
+	<rule from="^http://sohu\.wrating\.com/"
+		to="https://dsl.wrating.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/WriteTheDocs.org.xml b/src/chrome/content/rules/WriteTheDocs.org.xml
new file mode 100644
index 000000000000..aeed976fcde8
--- /dev/null
+++ b/src/chrome/content/rules/WriteTheDocs.org.xml
@@ -0,0 +1,29 @@
+<!--
+	Invalid certificate:
+		docs.writethedocs.org
+		slack.writethedocs.org
+
+	Time out:
+		writethedocs.org
+		eutickets.writethedocs.org
+		natickets.writethedocs.org
+
+	Refused:
+		videos.writethedocs.org
+
+-->
+<ruleset name="WriteTheDocs.org">
+
+	<target host="writethedocs.org" />
+	<target host="www.writethedocs.org" />
+	<target host="conf.writethedocs.org" />
+	<target host="forum.writethedocs.org" />
+	<target host="jobs.writethedocs.org" />
+	<target host="podcast.writethedocs.org" />
+
+	<rule from="^http://writethedocs\.org/"
+		  to="https://www.writethedocs.org/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Writeapp.me.xml b/src/chrome/content/rules/Writeapp.me.xml
deleted file mode 100644
index 93396ea60ed8..000000000000
--- a/src/chrome/content/rules/Writeapp.me.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!-- This rule was automatically generated based on an HSTS
-     preload rule in the Chromium browser.  See
-     https://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.h
-     for the list of preloads.  Sites are added to the Chromium HSTS
-     preload list on request from their administrators, so HTTPS should
-     work properly everywhere on this site.
-
-     Because Chromium and derived browsers automatically force HTTPS for
-     every access to this site, this rule applies only to Firefox. -->
-<ruleset name="Writeapp.me" platform="firefox">
-<target host="writeapp.me" />
-
-<securecookie host="^writeapp\.me$" name=".+" />
-
-<rule from="^http://writeapp\.me/" to="https://writeapp.me/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Writelatex.com.xml b/src/chrome/content/rules/Writelatex.com.xml
new file mode 100644
index 000000000000..acb2dbe40202
--- /dev/null
+++ b/src/chrome/content/rules/Writelatex.com.xml
@@ -0,0 +1,13 @@
+<!--
+	^: refused
+
+-->
+<ruleset name="writeLaTeX.com">
+
+	<target host="writelatex.com" />
+	<target host="www.writelatex.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/WritingStreak.io.xml b/src/chrome/content/rules/WritingStreak.io.xml
new file mode 100644
index 000000000000..8e173e6a5d0f
--- /dev/null
+++ b/src/chrome/content/rules/WritingStreak.io.xml
@@ -0,0 +1,10 @@
+<!--
+	www doesn't exist.
+-->
+<ruleset name="WritingStreak.io">
+	<target host="writingstreak.io" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Wrong_Planet.net.xml b/src/chrome/content/rules/Wrong_Planet.net.xml
new file mode 100644
index 000000000000..f9c5875206d8
--- /dev/null
+++ b/src/chrome/content/rules/Wrong_Planet.net.xml
@@ -0,0 +1,53 @@
+<!--
+	Problematic hosts in *wrongplanet.net:
+
+		- dev *
+
+	* Mismatched, self-signed
+
+
+	Fully covered hosts in *wrongplanet.net:
+
+		- (www.)?
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- wrongplanet.net
+		- .wrongplanet.net
+		- www.wrongplanet.net
+
+
+	Mixed content:
+
+		- css, from:
+
+			- fonts.googleapis.com *
+			- $self *
+
+		- Images from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Wrong Planet.net (broken MCB, partial)" platform="mixedcontent">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="wrongplanet.net" />
+	<target host="www.wrongplanet.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?wrongplanet\.net$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^wrongplanet\.net$" name="^wordpress_test_cookie$" /-->
+	<!--securecookie host="^\.wrongplanet\.net$" name="^(__cfduid|cf_clearance|phpbb3_[\da-z]+_(k|sid|u))$" /-->
+
+	<securecookie host="^(?:\.|www\.)?wrongplanet\.net$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Wrzuta.pl.xml b/src/chrome/content/rules/Wrzuta.pl.xml
index 49086ce97db7..96ac7035f979 100644
--- a/src/chrome/content/rules/Wrzuta.pl.xml
+++ b/src/chrome/content/rules/Wrzuta.pl.xml
@@ -1,4 +1,10 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://wrzuta.pl/static/opensearch/search.xml => https://ssl.wrzuta.pl/static/opensearch/search.xml: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.wrzuta.pl/static/opensearch/search.xml => https://ssl.wrzuta.pl/static/opensearch/search.xml: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://ssl.wrzuta.pl/static/opensearch/search.xml => https://ssl.wrzuta.pl/static/opensearch/search.xml: (60, 'SSL certificate problem: certificate has expired')
+
 	Nonfunctional subdomains:
 
 		- c	(dropped)
@@ -9,14 +15,19 @@
 		- (www.)	(mismatched, CN: ssl.wrzuta.pl)
 
 -->
-<ruleset name="Wrzuta.pl (partial)">
+<ruleset name="Wrzuta.pl (partial)" default_off="failed ruleset test">
 
 	<target host="wrzuta.pl" />
-	<target host="*.wrzuta.pl" />
+	<target host="ssl.wrzuta.pl" />
+	<target host="www.wrzuta.pl" />
 		<exclusion pattern="^http://(?:www\.)?wrzuta\.pl/(?!static/)" />
 
 
 	<rule from="^http://(?:ssl\.|www\.)?wrzuta\.pl/"
 		to="https://ssl.wrzuta.pl/" />
 
+	<test url="http://wrzuta.pl/static/opensearch/search.xml" />
+	<test url="http://www.wrzuta.pl/static/opensearch/search.xml" />
+	<test url="http://ssl.wrzuta.pl/static/opensearch/search.xml" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/Wservices.ch.xml b/src/chrome/content/rules/Wservices.ch.xml
index 4f6f0dfa1787..7fb60462a3a0 100644
--- a/src/chrome/content/rules/Wservices.ch.xml
+++ b/src/chrome/content/rules/Wservices.ch.xml
@@ -18,4 +18,4 @@
 	<rule from="^http://([\w-]+\.)?wservices\.ch/"
 		to="https://$1wservices.ch/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Wtop.com.xml b/src/chrome/content/rules/Wtop.com.xml
new file mode 100644
index 000000000000..ca1e9d18321c
--- /dev/null
+++ b/src/chrome/content/rules/Wtop.com.xml
@@ -0,0 +1,14 @@
+<!--
+	Some pages redirect to http.
+
+-->
+<ruleset name="Wtop.com (partial)">
+
+	<target host="wtop.com" />
+	<target host="www.wtop.com" />
+
+
+	<rule from="^http://(www\.)?wtop\.com/(?=css/|emedia/|favicon\.ico|images/|jqueryO/)"
+		to="https://$1wtop.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Wuala.xml b/src/chrome/content/rules/Wuala.xml
index cd9a1b666aad..949927ce36e9 100644
--- a/src/chrome/content/rules/Wuala.xml
+++ b/src/chrome/content/rules/Wuala.xml
@@ -1,9 +1,6 @@
-<ruleset name="wuala">
-  <target host="wuala.com" />
-  <target host="*.wuala.com" />
+<ruleset name="Wuala.com">
+	<target host="wuala.com" />
+	<target host="www.wuala.com" />
 
-  <securecookie host="^(?:(www|forum|stats|thumb\d+)\.)?wuala\.com$" name=".*"/>
-
-  <rule from="^http://wuala\.com/" to="https://wuala.com/"/>
-  <rule from="^http://(www|forum|stats|thumb\d+)\.wuala\.com/" to="https://$1.wuala.com/"/>
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Wufoo.xml b/src/chrome/content/rules/Wufoo.xml
index 6bf6834ac922..16f6d08d2239 100644
--- a/src/chrome/content/rules/Wufoo.xml
+++ b/src/chrome/content/rules/Wufoo.xml
@@ -11,12 +11,14 @@
 			- help.wufoo.com
 
 
-	Nonfunctional subdomains:
+	Nonfunctional hosts in *wufoo.com:
 
-		- help		(mismatched, CN: slotmatching4.salesforce.com)
+		- help *
 
+	* Mismatched, CN: slotmatching4.salesforce.com
 
-	Fully covered subdomains:
+
+	Fully covered hosts in *wufoo.com:
 
 		- (www.)
 		- secure
@@ -27,13 +29,19 @@
 
 	<target host="wufoo.com" />
 	<target host="*.wufoo.com" />
+
 		<exclusion pattern="^http://help\." />
 
+			<test url="http://help.wufoo.com/" />
+
+		<test url="http://secure.wufoo.com/" />
+		<test url="http://www.wufoo.com/" />
+
 
-	<securecookie host="^(?:.*\.)?wufoo\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http://([\w-]+\.)?wufoo\.com/"
 		to="https://$1wufoo.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Wunderground.com.xml b/src/chrome/content/rules/Wunderground.com.xml
new file mode 100644
index 000000000000..09fdb312f028
--- /dev/null
+++ b/src/chrome/content/rules/Wunderground.com.xml
@@ -0,0 +1,44 @@
+<!--
+	Weather Underground rulesets:
+		+ Wxug.com.xml
+
+	Non-functional hosts
+		5xx server error:
+		- newspaper-edit.wunderground.com
+		- newspaper-server.wunderground.com
+-->
+<ruleset name="Wunderground.com">
+	<target host="wunderground.com" />
+	<target host="www.wunderground.com" />
+	<target host="amex.wunderground.com" />
+	<target host="api.wunderground.com" />
+	<target host="api-ak.wunderground.com" />
+	<target host="api-ak-aws.wunderground.com" />
+	<target host="api-ak1.wunderground.com" />
+	<target host="api-ak2.wunderground.com" />
+	<target host="api-ak3.wunderground.com" />
+	<target host="api-origin-sf.wunderground.com" />
+	<target host="apicommunity.wunderground.com" />
+	<target host="apissl.wunderground.com" />
+	<target host="autobrand.wunderground.com" />
+	<target host="czech.wunderground.com" />
+	<target host="espanol.wunderground.com" />
+	<target host="estonian.wunderground.com" />
+	<target host="french.wunderground.com" />
+	<target host="horizon.wunderground.com" />
+	<target host="hungarian.wunderground.com" />
+	<target host="ical.wunderground.com" />
+	<target host="macedonian.wunderground.com" />
+	<target host="maps.wunderground.com" />
+	<target host="marine.wunderground.com" />
+	<target host="mobile.wunderground.com" />
+	<target host="nihongo.wunderground.com" />
+	<target host="pashto.wunderground.com" />
+	<target host="portuguese.wunderground.com" />
+	<target host="punjabi.wunderground.com" />
+	<target host="resize.wunderground.com" />
+	<target host="weathersnoop.wunderground.com" />
+	<target host="www-ak.wunderground.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Wunderkraut.fi.xml b/src/chrome/content/rules/Wunderkraut.fi.xml
new file mode 100644
index 000000000000..c90dd79467f5
--- /dev/null
+++ b/src/chrome/content/rules/Wunderkraut.fi.xml
@@ -0,0 +1,12 @@
+<ruleset name="Wunderkraut.fi">
+
+	<target host="wunderkraut.fi" />
+	<target host="www.wunderkraut.fi" />
+
+
+	<securecookie host="^\.wunderkraut\.fi$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Wunderlist.xml b/src/chrome/content/rules/Wunderlist.xml
deleted file mode 100644
index 5db964c2ebbf..000000000000
--- a/src/chrome/content/rules/Wunderlist.xml
+++ /dev/null
@@ -1,31 +0,0 @@
-<!--
-	Other 6Wunderkinder rulesets:
-
-		- 6Wunderkinder.xml
-
-
-	s3.amazonaws.com/wlstatic/
-	s3.amazonaws.com/wunderkit-sales/
-	d1htdqde56shlg.cloudfront.net
-
-
-	Nonfunctional:
-
-		- blog.wunderlist.com
-		- support.wunderlist.com	(cert: *.assistly.com; redirects to http)
-
--->
-<ruleset name="Wunderlist (partial)">
-
-	<target host="wunderlist.com" />
-	<target host="www.wunderlist.com" />
-
-
-	<securecookie host="^www\.wunderlist\.com$" name=".*" />
-
-
-	<!--	!www times out.	-->
-	<rule from="^https?://(?:www\.)?wunderlist\.com/"
-		to="https://www.wunderlist.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Wush.Net.xml b/src/chrome/content/rules/Wush.Net.xml
new file mode 100644
index 000000000000..19810a695911
--- /dev/null
+++ b/src/chrome/content/rules/Wush.Net.xml
@@ -0,0 +1,52 @@
+<!--
+	Problematic subdomains:
+
+		- status *
+
+	* Shows support; mismatched, CN: wush.net
+
+
+	Fully covered subdomains:
+
+		- (www.)
+		- billing
+		- portal
+		- status	(→ portal)
+		- support
+
+
+	Mixed content:
+
+		- Web bugs on (www.) from i.creativecommons.org *
+
+	* Secured by us
+
+-->
+<ruleset name="Wush.Net">
+
+	<target host="wush.net" />
+	<target host="*.wush.net" />
+
+
+	<!--	Secured by server:
+					-->
+	<!--securecookie host="^(portal\.|www\.)?wush\.net$" name="^wushapp_session$" /-->
+	<!--securecookie host="^billing\.wush\.net$" name="^PHPSESSID$" /-->
+	<!--
+		Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?wush\.net$" name="^(trac_form_token|trac_session)$" /-->
+	<!--securecookie host="^(status|support)\.wush\.net$" name="^(SWIFT_client|SWIFT_sessionid\d+)$" /-->
+
+	<securecookie host="^(?:(?:status|support|www)\.)?wush\.net$" name=".+" />
+
+
+	<rule from="^http://((?:billing|portal|support|www)\.)?wush\.net/"
+		to="https://$1wush.net/" />
+
+	<!--	Redirect keeps path and args:
+						-->
+	<rule from="^http://status\.wush\.net/+"
+		to="https://portal.wush.net/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Www.cable-tv-deals.com.xml b/src/chrome/content/rules/Www.cable-tv-deals.com.xml
deleted file mode 100644
index abdc65b3db62..000000000000
--- a/src/chrome/content/rules/Www.cable-tv-deals.com.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="www.cable-tv-deals.com">
-
-	<target host="cable-tv-deals.com" />
-	<target host="*.cable-tv-deals.com" />
-
-
-	<securecookie host="^\.cable-tv-deals\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?cable-tv-deals\.com/"
-		to="https://$1cable-tv-deals.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Wxug.com.xml b/src/chrome/content/rules/Wxug.com.xml
new file mode 100644
index 000000000000..2ac3ec5c179f
--- /dev/null
+++ b/src/chrome/content/rules/Wxug.com.xml
@@ -0,0 +1,13 @@
+<!--
+	For other Weather Underground rulesets, see
+		+ Wunderground.com.xml
+-->
+<ruleset name="Wxug.com">
+	<target host="wxug.com" />
+	<target host="www.wxug.com" />
+	<target host="api.wxug.com" />
+	<target host="icons.wxug.com" />
+	<target host="icons-ak.wxug.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Wyenet.co.uk.xml b/src/chrome/content/rules/Wyenet.co.uk.xml
new file mode 100644
index 000000000000..68e8cdf8ac55
--- /dev/null
+++ b/src/chrome/content/rules/Wyenet.co.uk.xml
@@ -0,0 +1,14 @@
+<!--
+	Self-signed:
+		- (www\.)?
+-->
+<ruleset name="Wyenet.co.uk">
+
+	<target host="jupiter.wyenet.co.uk" />
+	<target host="wallace.wyenet.co.uk" />
+	<target host="webmail.wyenet.co.uk" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Wyenet.xml b/src/chrome/content/rules/Wyenet.xml
deleted file mode 100644
index 7f6b30b160c8..000000000000
--- a/src/chrome/content/rules/Wyenet.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Wyenet" default_off="expired">
-
-	<target host="wyenet.co.uk"/>
-	<target host="www.wyenet.co.uk"/>
-	<target host="wyenet.net"/>
-	<target host="www.wyenet.net"/>
-
-	<securecookie host="^(.*\.)?wyenet\.co\.uk$" name=".*"/>
-
-	<rule from="^http://(?:www\.)?wyenet\.(?:co\.uk|net)/"
-		to="https://www.wyenet.co.uk/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Wykop.pl.xml b/src/chrome/content/rules/Wykop.pl.xml
index 2fcc8748dd7a..5c498f422567 100644
--- a/src/chrome/content/rules/Wykop.pl.xml
+++ b/src/chrome/content/rules/Wykop.pl.xml
@@ -19,7 +19,6 @@
 	<securecookie host="^(?:www\.)?wykop\.pl$" name=".+" />
 
 
-	<rule from="^http://(www\.)?wykop\.pl/"
-		to="https://$1wykop.pl/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Wyndham-mismatches.xml b/src/chrome/content/rules/Wyndham-mismatches.xml
deleted file mode 100644
index d97d2d5b064b..000000000000
--- a/src/chrome/content/rules/Wyndham-mismatches.xml
+++ /dev/null
@@ -1,32 +0,0 @@
-<ruleset name="Wyndham (mismatches)" default_off="mismatches">
-
-	<!--	hostmonster.com	-->
-	<target host="ourvacationcentre.net"/>
-	<!--	landal.*	-->
-	<target host="landalskilife.fr"/>
-	<target host="www.landalskilife.fr"/>
-	<target host="landalskilife.com"/>
-	<target host="www.landalskilife.com"/>
-	<target host="rcicruiseholidays.ourvacationcentre.net"/>
-	<target host="www.ourvacationcentre.net"/>
-	<target host="rcicruiseholidays.com"/>
-	<target host="www.rcicruiseholidays.com"/>
-	<!--	*.careerbuilder.com	-->
-	<target host="wyndhamjobs.com"/>
-	<target host="www.wyndhamjobs.com"/>
-
-
-
-	<rule from="^http://(?:www\.)?landalskilife\.(com|fr)/(bp|db|favicons|img)/"
-		to="https://www.landalskilife.$1/$2/"/>
-
-	<rule from="^http://(?:www\.)?ourvacationcentre\.net/"
-		to="https://www.ourvacationcentre.net/~ourvacat/"/>
-
-	<rule from="^http://(?:rcicruiseholidays\.ourvacationcentre\.net|(?:www\.)?rcicruiseholidays\.com)/"
-		to="https://rcicruiseholidays.ourvacationcentre.net/~ourvacat/rcicruise/"/>
-
-	<rule from="^http://(?:www\.)?wyndhamjobs\.com/"
-		to="https://www.wyndhamjobs.com/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Wyndham.xml b/src/chrome/content/rules/Wyndham.xml
deleted file mode 100644
index 57802b630a1e..000000000000
--- a/src/chrome/content/rules/Wyndham.xml
+++ /dev/null
@@ -1,180 +0,0 @@
-<!--	Buckets:
-		d2bae186y49u92.cloudfront.net	(used on landal.(com|nl), landalskilife.com)
-		d2yr1lcnwqnwfx.cloudfront.net	(ditto)
-
-	Nonfunctional:
-		- www.blakes.co.uk		(shows howseasons.co.uk)
-		- dales-holiday-cottages.com	(404)
-		- dansommer.d[ek]		(timeout)
-		- holidaycottagesgroup.com	(redirects to thehoseasonsgroup.co.uk)
-		- static.landal.com		(cert: redhotminute.com, listing denied)
-		- novasol.(d[ek]|n[lo])		(timeout)
-		- www.rci.com			(valid cert, Akamai: "Service Unavailable")
-		- www.resortquest.com		(cert: www.resortrequestsecure.com, shows that domain's data)
-		- thehoseasonsgroup.co.uk	(timeout)
-		- wmowners.com			(cert: *.accountservergroup.com, shows site5 page)
-		- worldmapsp			(cert: wyndhamvrap.com, "It Works!")
-		- wyndhamvrap.com		(cert: secure1.onthenet.net, "It Works!")
-		- www.wyndhamworldwide.com
-
-	wyndhamjobs.com	(cert: *.careerbuilder.com)
--->
-<ruleset name="Wyndham (partial)" platform="mixedcontent">
-
-	<target host="canvasholidays.co.uk"/>
-	<target host="www.canvasholidays.co.uk"/>
-	<target host="cheznous.com"/>
-	<target host="www.cheznous.com"/>
-	<target host="competitionsbywyndham.com.au"/>
-	<target host="www.competitionsbywyndham.com.au"/>
-	<target host="cottages4you.co.uk"/>
-	<target host="*.cottages4you.co.uk"/>
-	<target host="cottagesdirect.co.uk"/>
-	<target host="www.cottagesdirect.co.uk"/>
-	<target host="cottageselection.co.uk"/>
-	<target host="www.cottageselection.co.uk"/>
-	<target host="easycottages.com"/>
-	<target host="www.easycottages.com"/>
-	<target host="english-country-cottages.co.uk"/>
-	<!--	for cross-domain cookie	-->
-	<target host="*.english-country-cottages.co.uk"/>
-	<target host="french-country-cottages.co.uk"/>
-	<!--	ditto	-->
-	<target host="*.french-country-cottages.co.uk"/>
-	<target host="hoseasons.co.uk"/>
-	<target host="*.hoseasons.co.uk"/>
-	<target host="individual-villas.co.uk"/>
-	<target host="www.individual-villas.co.uk"/>
-	<target host="irish-country-cottages.co.uk"/>
-	<!--	for cross-domain cookie	-->
-	<target host="*.irish-country-cottages.co.uk"/>
-	<target host="italian-country-cottages.co.uk"/>
-	<!--	ditto	-->
-	<target host="*.italian-country-cottages.co.uk"/>
-	<target host="jamesvillas.co.uk"/>
-	<target host="www.jamesvillas.co.uk"/>
-	<target host="landal.*"/>
-	<target host="secure.landal.com"/>
-	<target host="www.landal.*"/>
-	<target host="landalgreenparks.com"/>
-	<target host="www.landalgreenparks.com"/>
-	<target host="landalcampings.be"/>
-	<target host="www.landalcampings.be"/>
-	<target host="landalcampings.de"/>
-	<target host="www.landalcampings.de"/>
-	<target host="landalcampings.nl"/>
-	<target host="www.landalcampings.nl"/>
-	<target host="landalparkshop.*"/>
-	<target host="www.landalparkshop.*"/>
-	<target host="landalskilife.*"/>
-	<target host="www.landalskilife.*"/>
-		<!--	handled in mismatches	-->
-		<exclusion pattern="^http://(www\.)?landalskilife\.(com|fr)/"/>
-	<target host="mijnlandal.nl"/>
-	<target host="www.mijnlandal.nl"/>
-	<target host="ovscruise.com"/>
-	<target host="www.ovscruise.com"/>
-	<target host="prep.rci.com"/>
-	<target host="rcitravelstore.co.uk"/>
-	<target host="www.rcitravelstore.co.uk"/>
-	<target host="resortquestsecure.com"/>
-	<target host="www.resortquestsecure.com"/>
-	<target host="secureholidays.com"/>
-	<target host="www.secureholidays.com"/>
-	<target host="scottish-country-cottages.co.uk"/>
-	<target host="www.scottish-country-cottages.co.uk"/>
-	<target host="villas4you.co.uk"/>
-	<target host="www.villas4you.co.uk"/>
-	<target host="welcomecottages.com"/>
-	<target host="www.welcomecottages.com"/>
-	<target host="welsh-country-cottages.co.uk"/>
-	<target host="www.welsh-country-cottages.co.uk"/>
-	<target host="worldmarkbywyndham.com"/>
-	<target host="www.worldmarkbywyndham.com"/>
-	<target host="wyndham.com"/>
-	<target host="*.wyndham.com"/>
-	<target host="wyndhamrentals.com"/>
-	<target host="www.wyndhamrentals.com"/>
-	<target host="*.wyndhamvrap.com"/>
-		<exclusion pattern="^http://www\.wyndhamvrap\."/>
-
-
-	<!--	incomplete	-->
-	<securecookie host="^(.*\.)?(canvasholidays|cheznous|cottages(direct|4you)|english-country-cottages|hoseasons|(individual-|james)villas)\.co\.uk$" name=".*"/>
-	<securecookie host="^(www\.)?competitionsbywyndham\.com\.au$" name=".*"/>
-	<securecookie host="^secure\.landal\.com$" name=".*"/>
-	<securecookie host="^www\.ourvacationstore\.com$" name=".*"/>
-	<securecookie host="^(www\.)?ovscruise\.com$" name=".*"/>
-	<securecookie host="^new\.wyndhamvrap\.com$" name=".*"/>
-
-
-	<rule from="^http://(?:www\.)?(canvasholidays|cheznous|cottages(?:4you|direct|election)|(?:english|french|irish|italian|scottish|welsh)-country-cottages|(?:individual-|james)villas|villas4you)\.co\.uk/"
-		to="https://www.$1.co.uk/"/>
-
-	<rule from="^http://(www\.)?competitionsbywyndham\.com\.au/"
-		to="https://$1competitionsbywyndham.com.au/"/>
-
-	<rule from="^http://blog\.cottages4you\.co\.uk/"
-		to="https://blog.cottages4you.co.uk/"/>
-
-	<rule from="^http://(?:www\.)?((?:easy|welcome)cottages|resortquestsecure|secureholidays|worldmarkbywyndham|wyndhamrentals)\.com/"
-		to="https://www.$1.com/"/>
-
-	<rule from="^http://(images\.|www\.)?hoseasons\.co\.uk/"
-		to="https://$1hoseasons.co.uk/"/>
-
-	<!--	don't match landalskilife\.cz here, cert invalid	-->
-	<rule from="^http://landal(skilife)?\.(\w[\w^z]\w?)/"
-		to="https://www.landal$1.$2/"/>
-
-	<!--	ditto	-->
-	<rule from="^http://www\.landal(skilife)?\.(\w[\w^z]\w?)/(bp|db|favicons|img)/"
-		to="https://www.landal$1.$2/$3/"/>
-
-	<!--	...skilife.cz redirects as so	-->
-	<rule from="^http://(?:www\.)?landal(?:skilife)?\.cz/"
-		to="https://www.landal.cz/"/>
-
-	<!--	webshop only for be & nl	-->
-	<rule from="^http://landal(campings|parkshop)\.([bd]e|nl)/"
-		to="https://www.landal$1.$2/"/>
-
-	<rule from="^http://www\.landacampings\.([bd]e|nl)/(css|favicons|img)/"
-		to="https://www.landalcampings.$1/$2/"/>
-
-	<!--	redirects as so	-->
-	<rule from="^http://(?:www\.)?landalparkshop\.de/"
-		to="https://www.landal.de/"/>
-
-	<rule from="^http://secure\.landal\.com/"
-		to="https://secure.landal.com/"/>
-
-	<!--	redirects as so	-->
-	<rule from="^http://(?:www\.)?landalgreenparks\.com/"
-		to="https://www.landal.com/"/>
-
-	<rule from="^http://(www\.)?mijnlandal\.nl/"
-		to="https://$1mijnlandal.nl/"/>
-
-	<rule from="^http://(www\.)?ovscruise\.com/"
-		to="https://$1ovscruise.com/"/>
-
-	<rule from="^http://prep\.rci\.com/"
-		to="https://prep.rci.com/"/>
-
-	<rule from="^http://(www\.)?rcitravelstore\.co\.uk/(images/|includes/|managebooking/login\.asp|shortlist/)"
-		to="https://$1rcitravelstore.co.uk/$2"/>
-
-	<rule from="^http://wyndham\.com/"
-		to="https://www.wyndham.com/"/>
-
-	<rule from="^http://www\.wyndham\.com/(cms_content|hotels/images|resources)"
-		to="https://www.wyndham.com/$1/"/>
-
-	<rule from="^http://wynres\.wyndham\.com/"
-		to="https://wynres.wyndham.com/"/>
-
-	<rule from="^http://(hotels|new)\.wyndhamvrap\.com/"
-		to="https://$1.wyndhamvrap.com/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/WyndhamHotels.com.xml b/src/chrome/content/rules/WyndhamHotels.com.xml
new file mode 100644
index 000000000000..581ae3a540de
--- /dev/null
+++ b/src/chrome/content/rules/WyndhamHotels.com.xml
@@ -0,0 +1,77 @@
+
+<!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Fetch error: http://pulse.wyndhamhotels.com/ => https://pulse.wyndhamhotels.com/: (51, "SSL: no alternative certificate subject name matches target host name 'pulse.wyndhamhotels.com'")
+
+-->
+
+<!--
+The following targets have been disabled at 2020-04-17 18:38:06:
+
+Fetch error: http://dev4.wyndhamhotels.com/ => https://dev4.wyndhamhotels.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://fqa.wyndhamhotels.com/ => https://fqa.wyndhamhotels.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+
+	Other Wyndham related rulesets:
+		+ CanvasHolidays.co.uk.xml
+		+ Cheznous.com.xml
+		+ CompetitionsByWyndham.com.au.xml
+		+ Cottages.com.xml
+		+ Cottages4you.co.uk.xml
+		+ Cottagesdirect.co.uk.xml
+		+ English-Country-Cottages.co.uk.xml
+		+ French-Country-Cottages.co.uk.xml
+		+ Hoseasons.co.uk.xml
+		+ Irish-Country-Cottages.co.uk.xml
+		+ Italian-Country-Cottages.co.uk.xml
+		+ JamesVillas.co.uk.xml
+		+ Ovscruise.com.xml
+		+ RCI.com.xml
+		+ Scottish-Country-Cottages.co.uk.xml
+		+ WelcomeCottages.com.xml
+		+ Welsh-Country-Cottages.co.uk.xml
+		+ WyndhamJobs.com.xml
+		+ WyndhamVacationRentals.com.xml
+		+ Wyndhamvrap.com.xml
+		+ Landal.xml
+		+ landalskilife.be.xml
+		+ landalskilife.ch.xml
+		+ landalskilife.com.xml
+		+ landalskilife.cz.xml
+		+ landalskilife.de.xml
+		+ landalskilife.fr.xml
+		+ landalskilife.nl.xml
+
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- wyndhamhotels.com
+		- mi.wyndhamhotels.com
+		- origin-www.wyndhamhotels.com
+
+		Status code mismatch:
+		- rqax.wyndhamhotels.com
+
+		4xx client error:
+		- preview.wyndhamhotels.com
+		- previewx.wyndhamhotels.com
+
+-->
+<ruleset name="WyndhamHotels.com">
+	<target host="wyndhamhotels.com" />
+	<target host="www.wyndhamhotels.com" />
+	<target host="dev2.wyndhamhotels.com" />
+	<target host="dev3.wyndhamhotels.com" />
+	<!-- target host="dev4.wyndhamhotels.com" /-->
+	<target host="devx.wyndhamhotels.com" />
+	<!-- target host="fqa.wyndhamhotels.com" /-->
+	<target host="fqax.wyndhamhotels.com" />
+	<!-- target host="pulse.wyndhamhotels.com" /-->
+	<target host="rqa.wyndhamhotels.com" />
+	<target host="smetrics.wyndhamhotels.com" />
+
+	<rule from="^http://wyndhamhotels\.com/"
+			to="https://www.wyndhamhotels.com/" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/WyndhamJobs.com.xml b/src/chrome/content/rules/WyndhamJobs.com.xml
new file mode 100644
index 000000000000..f0b40a980284
--- /dev/null
+++ b/src/chrome/content/rules/WyndhamJobs.com.xml
@@ -0,0 +1,16 @@
+<!--
+	For other Wyndham related rulesets, see WyndhamHotels.com.xml
+
+	Non-functional hosts
+		Timeout was reached:
+		- wyndhamjobs.com
+		- www.wyndhamjobs.com
+		- oascentral.wyndhamjobs.com
+-->
+<ruleset name="WyndhamJobs.com" default_off="timeout">
+	<target host="wyndhamjobs.com" />
+	<target host="www.wyndhamjobs.com" />
+	<target host="oascentral.wyndhamjobs.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/WyndhamVacationRentals.com.xml b/src/chrome/content/rules/WyndhamVacationRentals.com.xml
new file mode 100644
index 000000000000..dc868dc3ccba
--- /dev/null
+++ b/src/chrome/content/rules/WyndhamVacationRentals.com.xml
@@ -0,0 +1,29 @@
+<!--
+	For other Wyndham related rulesets, see WyndhamHotels.com.xml
+
+	Non-functional hosts
+		Couldn't connect to server:
+		- mobile.wyndhamvacationrentals.com
+
+		Timeout was reached:
+		- mta.mail.wyndhamvacationrentals.com
+
+		SSL connect error:
+		- blog.wyndhamvacationrentals.com
+
+		SSL peer certificate was not OK:
+		- m.wyndhamvacationrentals.com
+		- click.mail.wyndhamvacationrentals.com
+		- image.mail.wyndhamvacationrentals.com
+		- view.mail.wyndhamvacationrentals.com
+
+		Peer certificate cannot be authenticated with given CA certificates:
+		- email.wyndhamvacationrentals.com
+		- secure.wyndhamvacationrentals.com
+-->
+<ruleset name="WyndhamVacationRentals.com">
+	<target host="wyndhamvacationrentals.com" />
+	<target host="www.wyndhamvacationrentals.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Wyndhamvrap.com.xml b/src/chrome/content/rules/Wyndhamvrap.com.xml
new file mode 100644
index 000000000000..08e00fb05ba1
--- /dev/null
+++ b/src/chrome/content/rules/Wyndhamvrap.com.xml
@@ -0,0 +1,42 @@
+<!--
+	For other Wyndham related rulesets, see WyndhamHotels.com.xml
+
+	Non-functional hosts
+		Timeout was reached:
+		- mail.wyndhamvrap.com
+		- mdm.wyndhamvrap.com
+		- meet.wyndhamvrap.com
+		- smtp.wyndhamvrap.com
+		- webmail.wyndhamvrap.com
+
+		SSL connect error:
+		- sip.wyndhamvrap.com
+
+		SSL peer certificate was not OK:
+		- wyndhamvrap.com
+		- www.wyndhamvrap.com
+		- booking.wyndhamvrap.com
+		- www.booking.wyndhamvrap.com
+		- cma.wyndhamvrap.com
+		- hotels.wyndhamvrap.com
+		- images.wyndhamvrap.com
+		- newsletters.wyndhamvrap.com
+		- pitstop.wyndhamvrap.com
+		- pr.wyndhamvrap.com
+		- shop.wyndhamvrap.com
+
+		4xx client error:
+		- lync.wyndhamvrap.com
+		- owners.wyndhamvrap.com
+-->
+<ruleset name="Wyndhamvrap.com (partial)">
+	<target host="dialin.wyndhamvrap.com" />
+	<target host="lyncdiscover.wyndhamvrap.com" />
+	<target host="new.wyndhamvrap.com" />
+	<target host="office.wyndhamvrap.com" />
+	<target host="secure.wyndhamvrap.com" />
+	<target host="upgrades.wyndhamvrap.com" />
+	<target host="webservice.wyndhamvrap.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/WyzerMe.xml b/src/chrome/content/rules/WyzerMe.xml
index ce2d7706c8db..47cb0cebb889 100644
--- a/src/chrome/content/rules/WyzerMe.xml
+++ b/src/chrome/content/rules/WyzerMe.xml
@@ -1,13 +1,16 @@
-<ruleset name="WyzerMe">
 
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://wyzerme.com/ => https://wyzerme.com/: (51, "SSL: no alternative certificate subject name matches target host name 'wyzerme.com'")
+Fetch error: http://www.wyzerme.com/ => https://www.wyzerme.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.wyzerme.com'")
+
+-->
+<ruleset name="WyzerMe" default_off="failed ruleset test">
 	<target host="wyzerme.com" />
 	<target host="www.wyzerme.com" />
 
-
 	<securecookie host="^www\.wyzerme\.com$" name=".+" />
 
-
-	<rule from="^http://(www\.)?wyzerme\.com/"
-		to="https://$1wyzerme.com/" />
-
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Wza.us.xml b/src/chrome/content/rules/Wza.us.xml
new file mode 100644
index 000000000000..202a207dd89e
--- /dev/null
+++ b/src/chrome/content/rules/Wza.us.xml
@@ -0,0 +1,23 @@
+<!--
+	Different content http/https:
+		admin.wza.us
+		jabber.wza.us
+
+	Invalid certificate:
+		www.wza.us
+		bootsie.wza.us
+		a.mx.wza.us
+		b.mx.wza.us
+		a.ns.wza.us
+		b.ns.wza.us
+
+-->
+<ruleset name="wza.us">
+
+	<target host="wza.us" />
+	<target host="mail.wza.us" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/X-Cart.com.xml b/src/chrome/content/rules/X-Cart.com.xml
new file mode 100644
index 000000000000..d19732b610ab
--- /dev/null
+++ b/src/chrome/content/rules/X-Cart.com.xml
@@ -0,0 +1,68 @@
+<!--
+	Other X-Cart rulesets:
+
+		- XCart.com.xml
+
+
+	Nonfunctional hosts in *x-cart.com:
+
+		- kb *
+
+	* Refused
+
+
+	Problematic hosts in *x-cart.com:
+
+		- ideas *
+
+	* Uservoice
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- bt.x-cart.com
+		- .demostore.x-cart.com
+		- ideas.x-cart.com
+		- secure.x-cart.com
+
+
+	These altnames don't exist:
+
+		- www.demostore.x-cart.com
+
+-->
+<ruleset name="X-Cart.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="x-cart.com" />
+	<target host="blog.x-cart.com" />
+	<target host="bt.x-cart.com" />
+	<target host="css.x-cart.com" />
+	<target host="demostore.x-cart.com" />
+	<target host="forum.x-cart.com" />
+	<target host="help.x-cart.com" />
+	<!--target host="ideas.x-cart.com" /-->
+	<target host="img.x-cart.com" />
+	<target host="partners.x-cart.com" />
+	<target host="secure.x-cart.com" />
+	<target host="www.x-cart.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.x-cart\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+	<!--securecookie host="^bt\.x-cart\.com$" name="^start_page_url_[\da-f]{32}$" /-->
+	<!--securecookie host="^\.demostore\.x-cart\.com$" name="^(?:demolng|xid)$" /-->
+	<!--securecookie host="^ideas\.x-cart\.com$" name="^(?:_rf|_session_id)$" /-->
+	<!--securecookie host="^secure\.x-cart\.com$" name="^XBusinessSession$" /-->
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+	<securecookie host="^\.demostore\.x-cart\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/X-PRIZE-Foundation.xml b/src/chrome/content/rules/X-PRIZE-Foundation.xml
index 1b9cf9e3d8f5..0caedc899295 100644
--- a/src/chrome/content/rules/X-PRIZE-Foundation.xml
+++ b/src/chrome/content/rules/X-PRIZE-Foundation.xml
@@ -1,13 +1,100 @@
-<ruleset name="X PRIZE Foundation (partial)">
+<!--
+	X PRIZE Foundation
 
-	<target host="xprize.org" />
+
+	CDN buckets:
+
+		- s3.amazonaws.com/skipsolabs_xprize/
+
+
+	Nonfunctional hosts in *xprize.org:
+
+		- annualreport *
+
+	* Dropped
+
+
+	Many pages redirect to http
+	donate/.+ redirects to http
+
+
+	Insecure cookies are set for these hosts:
+
+		- oceandiscoveryportal.xprize.org
+
+-->
+<ruleset name="X PRIZE.org (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="oceandiscovery.xprize.org" />
+	<target host="oceandiscoveryportal.xprize.org" />
 	<target host="www.xprize.org" />
 
+	<!--	Complications:
+				-->
+	<target host="xprize.org" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://oceandiscovery\.xprize\.org/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://oceandiscovery\.xprize\.org/+(?!files/|misc/|profiles/\w+/themes/|sites/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://oceandiscovery.xprize.org/about/contact" />
+			<test url="http://oceandiscovery.xprize.org/about/media-room/press-kit" />
+			<test url="http://oceandiscovery.xprize.org/about/media-room/story-ideas" />
+			<test url="http://oceandiscovery.xprize.org/news/blog/discovering-new-planet" />
+			<test url="http://oceandiscovery.xprize.org/news/do-humans-have-future-deep-sea-exploration" />
+			<test url="http://oceandiscovery.xprize.org/press-release/new-7-million-xprize-competition-seeks-usher-new-era-of-ocean" />
+
+			<!--	-ve:
+					-->
+			<test url="http://oceandiscovery.xprize.org/profiles/xprize_profile/themes/custom/imagine/logo.png" />
+			<test url="http://oceandiscovery.xprize.org/sites/default/files/prize-logos/shell_ocean_discovery_logo.png" />
+			<test url="http://oceandiscovery.xprize.org/misc/menu-expanded.png" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://oceandiscovery\.xprize\.org/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.xprize\.org/+(?!donate(?:/?$|\?)|files/|profiles/\w+/themes/|sites/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.xprize.org/about" />
+			<test url="http://www.xprize.org/about/contact" />
+			<test url="http://www.xprize.org/benefactors" />
+			<test url="http://www.xprize.org/grand-challenges" />
+			<test url="http://www.xprize.org/news" />
+			<test url="http://www.xprize.org/privacy-policy" />
+			<test url="http://www.xprize.org/signup" />
+			<test url="http://www.xprize.org/ted-rules" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.xprize.org/donate" />
+			<test url="http://www.xprize.org/misc/menu-leaf.png" />
+			<test url="http://www.xprize.org/profiles/xprize_profile/themes/custom/imagine/logo.png" />
+
 
-	<!--	- Many pages redirect to http
-		- donate/.+ redirects to http
+	<!--	Not secured by server:
 					-->
-	<rule from="^http://(www\.)?xprize\.org/(donate(?:/?$|\?)|files/|sites/)"
-		to="https://$1xprize.org/$2" />
+	<!--securecookie host="^oceandiscoveryportal\.xprize\.org$" name="^(?:AWSELB|skipso_f(?:irst_visit|rontend))$" /-->
+
+	<securecookie host="^oceandiscoveryportal\.xprize\.org$" name=".+" />
+
+
+	<rule from="^http://xprize\.org/"
+		to="https://www.xprize.org/" />
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/X-blog.jp.xml b/src/chrome/content/rules/X-blog.jp.xml
index d0941e274f2b..6214d65d4d37 100644
--- a/src/chrome/content/rules/X-blog.jp.xml
+++ b/src/chrome/content/rules/X-blog.jp.xml
@@ -1,18 +1,10 @@
-<!--
-	Nonfunctional subdomains:
-
-		- www	(403)
-
-
-	CN: *.wp-x.jp
-
--->
-<ruleset name="x-blog.jp" default_off="mismatched">
+<ruleset name="x-blog.jp">
 
 	<target host="x-blog.jp" />
+	<target host="www.x-blog.jp" />
 
 
-	<rule from="^http://x-blog\.jp/"
-		to="https://x-blog.jp/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/X.Org.xml b/src/chrome/content/rules/X.Org.xml
new file mode 100644
index 000000000000..b3991fcb64c3
--- /dev/null
+++ b/src/chrome/content/rules/X.Org.xml
@@ -0,0 +1,26 @@
+<!--
+	Invalid certificate:
+		ns1.x.org
+
+	Refused:
+		ns2.x.org
+		ns3.x.org
+		tinderbox.x.org
+-->
+<ruleset name="X.Org">
+
+	<target host="x.org" />
+	<target host="www.x.org" />
+	<target host="foundation.x.org" />
+	<target host="ftp.x.org" />
+	<target host="lists.x.org" />
+	<target host="members.x.org" />
+	<target host="planet.x.org" />
+	<target host="wiki.x.org" />
+	<target host="xdc2018.x.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/X10Hosting.xml b/src/chrome/content/rules/X10Hosting.xml
index be409dc82f05..62d0a9df8022 100644
--- a/src/chrome/content/rules/X10Hosting.xml
+++ b/src/chrome/content/rules/X10Hosting.xml
@@ -1,19 +1,23 @@
 <!--
-	Nonfunctional subdomains:
+	Nonfunctional hosts in *x10hosting.com:
 
 		- status
 
 -->
-<ruleset name="x10Hosting (partial)">
+<ruleset name="x10Hosting.com (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="x10hosting.com" />
-	<target host="*.x10hosting.com" />
+	<target host="clients.x10hosting.com" />
+	<target host="static.x10hosting.com" />
+	<target host="www.x10hosting.com" />
 
 
-	<securecookie host="^(?:.*\.)?x10hosting\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(clients\.|static\.|www\.)?x10hosting\.com/"
-		to="https://$1x10hosting.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/X2AI.xml b/src/chrome/content/rules/X2AI.xml
new file mode 100644
index 000000000000..192c90336ed3
--- /dev/null
+++ b/src/chrome/content/rules/X2AI.xml
@@ -0,0 +1,17 @@
+<!--
+	Refused:
+		- tess2mkorb55pl7i.onion
+		- www.tess2mkorb55pl7i.onion
+-->
+
+<ruleset name="X2AI">
+	<target host="x2.ai" />
+	<target host="www.x2.ai" />
+
+	<target host="tess.ai" />
+	<target host="www.tess.ai" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/X2Go.org.xml b/src/chrome/content/rules/X2Go.org.xml
index ec51f077cba8..caa3ea4bf289 100644
--- a/src/chrome/content/rules/X2Go.org.xml
+++ b/src/chrome/content/rules/X2Go.org.xml
@@ -1,31 +1,51 @@
 <!--
-	Problematic subdomains:
+	Nonfunctional hosts in *x2go.org:
 
-		- ^	(redirects to orga.obviously-nice.de; mismatched, CN: orga.obviously-nice.de)
+		- packages *
 
+	* Shows bugs.x2go.org
 
-	Fully covered subdomains:
 
-		- (www.)	(^ → www)
-		- japsand
-		- new
-		- todo
-		- wiki
+	Problematic hosts in *x2go.org:
 
--->
-<ruleset name="X2Go.org" default_off="self-signed">
+		- ^ ¹
+		- bugs ²
+
+	¹ Redirects to orga.obviously-nice.de
+	² Mismatched
 
+-->
+<ruleset name="X2Go.org" default_off="cert-chain">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="code.x2go.org" />
+	<target host="git.x2go.org" />
+	<target host="japsand.x2go.org" />
+	<target host="jenkins.x2go.org" />
+	<target host="lists.x2go.org" />
+	<target host="new.x2go.org" />
+	<target host="todo.x2go.org" />
+	<target host="wiki.x2go.org" />
+
+	<!--	Complications:
+				-->
 	<target host="x2go.org" />
-	<target host="*.x2go.org" />
+	<target host="bugs.x2go.org" />
 
+		<test url="http://jenkins.x2go.org:8443/" />
 
-	<securecookie host=".+\.x2go\.org$" name=".+" />
 
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(?:www\.)?x2go\.org/"
+
+	<rule from="^http://x2go\.org/"
 		to="https://www.x2go.org/" />
 
-	<rule from="^http://(japsand|new|todo|wiki)\.x2go\.org/"
-		to="https://$1.x2go.org/" />
+	<rule from="^http://bugs\.x2go\.org/"
+		to="https://packages.x2go.org/" />
+
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/X5.ru.xml b/src/chrome/content/rules/X5.ru.xml
new file mode 100644
index 000000000000..de6443c95c5f
--- /dev/null
+++ b/src/chrome/content/rules/X5.ru.xml
@@ -0,0 +1,76 @@
+<!--
+fr.x5.ru ³
+gpsdata.x5.ru non-2xx http code
+lync.x5.ru ²
+mx.x5.ru ²
+mx0.x5.ru ²
+mx1.x5.ru ²
+mx2.x5.ru ²
+mx3.x5.ru ²
+mx4.x5.ru ²
+mx5.x5.ru ²
+mx7.x5.ru ²
+navi.x5.ru ²
+ns2.x5.ru ²
+pa.x5.ru ²
+pline.x5.ru ⁵
+spv.x5.ru non-2xx http code
+stockoptions.x5.ru ⁴
+www.tender.x5.ru ¹
+video.x5.ru ⁴
+webconf.x5.ru/: (56, 'SSL read: error:00000000:lib(0):func(0):reason(0), errno 104')
+tsom.lab.x5.ru different content
+wrstest.x5.ru different content
+
+
+¹ mismatch
+² refused
+³ timed out
+⁴ self signed
+⁵ expired
+-->
+<ruleset name="x5.ru">
+	<target host="x5.ru" />
+	<target host="www.x5.ru" />
+	<target host="auth.x5.ru" />
+	<target host="awac.x5.ru" />
+	<target host="awds.x5.ru" />
+	<target host="devscape01.x5.ru" />
+	<target host="emails.x5.ru" />
+	<target host="extintegration.x5.ru" />
+	<target host="fivepma.x5.ru" />
+	<target host="ftp.x5.ru" />
+	<target host="gitlab.x5.ru" />
+	<target host="gocargo.x5.ru" />
+	<target host="gps.x5.ru" />
+	<target host="help.x5.ru" />
+	<target host="kudama.x5.ru" />
+	<target host="lasercad.x5.ru" />
+	<target host="mail.x5.ru" />
+	<target host="map.x5.ru" />
+	<target host="media.x5.ru" />
+	<target host="mediaportal.x5.ru" />
+	<target host="ns.x5.ru" />
+	<target host="ns1.x5.ru" />
+	<target host="omsprk.x5.ru" />
+	<target host="opros.x5.ru" />
+	<target host="partner.x5.ru" />
+	<target host="portal.x5.ru" />
+	<target host="pvp.x5.ru" />
+	<target host="rdg.x5.ru" />
+	<target host="rmd.x5.ru" />
+	<target host="share.x5.ru" />
+	<target host="sip.x5.ru" />
+	<target host="som.x5.ru" />
+	<target host="srm.x5.ru" />
+	<target host="ssl.x5.ru" />
+	<target host="sslvpn.x5.ru" />
+	<target host="sts2.x5.ru" />
+	<target host="study.x5.ru" />
+	<target host="tck.x5.ru" />
+	<target host="tcx.x5.ru" />
+	<target host="tender.x5.ru" />
+	<target host="wrs.x5.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/X86.fr.xml b/src/chrome/content/rules/X86.fr.xml
new file mode 100644
index 000000000000..e4aac6a8c586
--- /dev/null
+++ b/src/chrome/content/rules/X86.fr.xml
@@ -0,0 +1,11 @@
+<!--
+	Invalid certificate:
+		www.x86.fr
+
+-->
+<ruleset name="x86.fr">
+	<target host="x86.fr" />
+	<target host="valid.x86.fr" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/XAGYL.com.xml b/src/chrome/content/rules/XAGYL.com.xml
new file mode 100644
index 000000000000..1ff96433a865
--- /dev/null
+++ b/src/chrome/content/rules/XAGYL.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Other XAGYL Communications rulesets:
+
+		- XAGYL.us.xml
+
+
+	Mixed content:
+
+		- Image from www.xagyl.com *
+
+	* Secured by us
+
+-->
+<ruleset name="XAGYL.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="xagyl.com" />
+	<target host="www.xagyl.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/XAGYL.us.xml b/src/chrome/content/rules/XAGYL.us.xml
new file mode 100644
index 000000000000..898d938b835b
--- /dev/null
+++ b/src/chrome/content/rules/XAGYL.us.xml
@@ -0,0 +1,21 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://xagyl.us/ => https://xagyl.us/: (60, 'SSL certificate problem: self signed certificate')
+Fetch error: http://www.xagyl.us/ => https://www.xagyl.us/: (60, 'SSL certificate problem: self signed certificate')
+
+	For other XAGYL Communications coverage, see XAGYL.com.xml.
+
+-->
+<ruleset name="XAGYL.us" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="xagyl.us" />
+	<target host="www.xagyl.us" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/XAP.com.xml b/src/chrome/content/rules/XAP.com.xml
new file mode 100644
index 000000000000..a50ad4390644
--- /dev/null
+++ b/src/chrome/content/rules/XAP.com.xml
@@ -0,0 +1,20 @@
+<!--
+	Fully covered subdomains:
+
+		- (www.)?
+		- content
+
+-->
+<ruleset name="XAP.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="xap.com" />
+	<target host="content.xap.com" />
+	<target host="www.xap.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/XBRL.org.xml b/src/chrome/content/rules/XBRL.org.xml
new file mode 100644
index 000000000000..758b17bf4a18
--- /dev/null
+++ b/src/chrome/content/rules/XBRL.org.xml
@@ -0,0 +1,38 @@
+<!--
+	Nonfunctional hosts in *.xbrl.org:
+		- archive.xbrl.org    (m)
+		- www2.xbrl.org       (m)
+
+	No working URL known (these subdomains return HTTP 401 unauthorized):
+		- cn.xbrl.org
+		- eu.xbrl.org
+		- fr.xbrl.org
+		- kr.xbrl.org
+		- lu.xbrl.org
+		- sa.xbrl.org
+		- svn.xbrl.org
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="XBRL.org">
+	<target host="xbrl.org" />
+	<target host="www.xbrl.org" />
+	<target host="ca.xbrl.org" />
+	<target host="conference.xbrl.org" />
+	<target host="de.xbrl.org" />
+	<target host="in.xbrl.org" />
+	<target host="it.xbrl.org" />
+	<target host="nl.xbrl.org" />
+	<target host="ru.xbrl.org" />
+	<target host="software.xbrl.org" />
+	<target host="specifications.xbrl.org" />
+	<target host="taxonomies.xbrl.org" />
+	<target host="us.xbrl.org" />
+	<target host="za.xbrl.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/XCAT.nl.xml b/src/chrome/content/rules/XCAT.nl.xml
new file mode 100644
index 000000000000..d9a7eca7e422
--- /dev/null
+++ b/src/chrome/content/rules/XCAT.nl.xml
@@ -0,0 +1,30 @@
+<!--
+	Other xCAT rulesets:
+
+		- ISPam.nl.xml
+		- ISPID.nl.xml
+		- KralenStart.nl.xml
+
+
+	Server sends no certificate chain *
+
+	* See https://whatsmychaincert.com
+
+
+	Mixed content:
+
+		- Images from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="xCAT.nl" default_off="expired, missing certificate chain">
+
+	<target host="xcat.nl" />
+	<target host="www.xcat.nl" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/XCDN.co.xml b/src/chrome/content/rules/XCDN.co.xml
new file mode 100644
index 000000000000..cde175745415
--- /dev/null
+++ b/src/chrome/content/rules/XCDN.co.xml
@@ -0,0 +1,25 @@
+<!--
+	For other MAGIX coverage, see MAGIX.xml.
+
+
+	Insecure cookies are set for these domains:
+
+		- .xcdn.co
+
+-->
+<ruleset name="XCDN.co">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="xcdn.co" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<securecookie host="^\.xcdn\.co$" name="^(?:__cfduid|cf_clearance)$" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/XCart.com.xml b/src/chrome/content/rules/XCart.com.xml
new file mode 100644
index 000000000000..7863741d3664
--- /dev/null
+++ b/src/chrome/content/rules/XCart.com.xml
@@ -0,0 +1,30 @@
+<!--
+	For other X-Cart coverage, see X-Cart.com.xml.
+
+
+	Insecure cookies are set for these domains:
+
+		- .xcart.com
+
+-->
+<ruleset name="XCart.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="img.xcart.com" />
+	<target host="img1.xcart.com" />
+	<target host="img2.xcart.com" />
+	<target host="img3.xcart.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.xcart\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/XChatData.net.xml b/src/chrome/content/rules/XChatData.net.xml
new file mode 100644
index 000000000000..5519442bb357
--- /dev/null
+++ b/src/chrome/content/rules/XChatData.net.xml
@@ -0,0 +1,19 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://xchatdata.net/ => https://xchatdata.net/: (51, "SSL: no alternative certificate subject name matches target host name 'xchatdata.net'")
+Fetch error: http://www.xchatdata.net/ => https://www.xchatdata.net/: (51, "SSL: no alternative certificate subject name matches target host name 'www.xchatdata.net'")
+
+-->
+<ruleset name="XChatData.net" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="xchatdata.net" />
+	<target host="www.xchatdata.net" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/XDA-Developers.com-falsemixed.xml b/src/chrome/content/rules/XDA-Developers.com-falsemixed.xml
deleted file mode 100644
index bc4bf7d556a9..000000000000
--- a/src/chrome/content/rules/XDA-Developers.com-falsemixed.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	For rules not causing false/broken MCB, see XDA-Developers.xml.
-
--->
-<ruleset name="XDA-Developers.com (false MCB)" platform="mixedcontent">
-
-	<target host="xda-developers.com" />
-	<target host="www.xda-developers.com" />
-		<!--
-			Handled in XDA-Developers.xml:
-							-->
-		<exclusion pattern="^http://(www\.)?xda-developers\.com/+(favicon\.ico|wp-content/|wp-includes/)" />
-
-
-	<securecookie host="^(?:www\.)?xda-developers\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?xda-developers\.com/(?!favicon\.ico|wp-content/|wp-includes/)"
-		to="https://$1xda-developers.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/XDA-Developers.com.xml b/src/chrome/content/rules/XDA-Developers.com.xml
new file mode 100644
index 000000000000..ec1b7659bc19
--- /dev/null
+++ b/src/chrome/content/rules/XDA-Developers.com.xml
@@ -0,0 +1,48 @@
+<!--
+	Related: xda-cdn.com.xml
+
+	Different http/https content: (http redirect to forum)
+		direct.xda-developers.com
+		ns1.xda-developers.com
+		ssl.xda-developers.com
+
+	Invalid certificate:
+		ns2.xda-developers.com
+		sites.xda-developers.com
+    media.xda-developers.com
+
+	Non-2xx HTTP code:
+		http://api.xda-developers.com/ (200) => https://api.xda-developers.com/ (404)
+		api.xda-developers.com redirects to https by server. Test: http://api.xda-developers.com/user
+
+	Redirect to http:	( Test: https://*.xda-developers.com/assets/css/styles.css )
+		cdn-www.xda-developers.com
+		feedback.xda-developers.com
+		images.xda-developers.com
+		js1999.xda-developers.com
+		rwestergren.xda-developers.com
+		svetius.xda-developers.com
+-->
+
+<ruleset name="XDA-Developers.com (partial)">
+
+	<target host="xda-developers.com" />
+	<target host="www.xda-developers.com" />
+		<test url="http://www.xda-developers.com/?nocache=1" />
+	<target host="auth.xda-developers.com" />
+	<target host="cdn1.xda-developers.com" />
+		<test url="http://cdn1.xda-developers.com/album.php" />
+	<target host="cdn2.xda-developers.com" />
+		<test url="http://cdn2.xda-developers.com/group.php" />
+	<target host="cdn3.xda-developers.com" />
+		<test url="http://cdn3.xda-developers.com/private.php" />
+	<target host="cdn4.xda-developers.com" />
+		<test url="http://cdn4.xda-developers.com/profile.php" />
+	<target host="depot.xda-developers.com" />
+	<target host="forum.xda-developers.com" />
+		<test url="http://forum.xda-developers.com/showthread.php?t=3034811" />
+	<target host="labs.xda-developers.com" />
+		<test url="http://labs.xda-developers.com/static/css/main.css" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/XDA-Developers.xml b/src/chrome/content/rules/XDA-Developers.xml
deleted file mode 100644
index 0ce4d7f4f576..000000000000
--- a/src/chrome/content/rules/XDA-Developers.xml
+++ /dev/null
@@ -1,101 +0,0 @@
-<!--
-	For rules causing false/broken MCB, see XDA-Developers.com-falsemixed.xml.
-
-
-	CDN buckets:
-
-		- wac.8244.edgecastcdn.net/??8244/
-
-			- buttons.media
-			- cdn.media
-			- icons.media
-			- images.media
-			- img.media
-			- img[1-4].media
-			- cdn.www
-
-
-	Problematic subdomains:
-
-		- images	(dropped)
-
-		- media subdomains:
-
-			- ^ *
-			- buttons *
-			- cdn *
-			- icons *
-			- images *
-			- img *
-			- img[1-4] *
-
-		- cdn.www **
-
-	* Works; mismatched, CN: gp1.wac.edgecastcdn.net
-	** 404; mismatched, CN: gp1.wac.edgecastcdn.net
-
-
-	Partially covered subdomains:
-
-		- (www.)	(avoiding false/broken MCB)
-		- forum		(at least some pages redirect to http)
-
-
-	Fully covered subdomains:
-
-		- images *
-
-		- media subdomains: *
-
-			- ^
-			- buttons
-			- cdn
-			- icons
-			- img
-			- img\d
-
-		- cdn.www	(→ www)
-
-	* → forum
-
-
-	Mixed content:
-
-		- Scripts on, www from:
-
-			- cdn.media *
-			- cdn.www *
-			- gdata.youtube.com *
-
-		- css on www from cdn.media *
-
-		- Images, on www from:
-
-			- cdn.media *
-			- www *
-			- cdn.www *
-
-	* Secured by us
-
--->
-<ruleset name="XDA Developers (partial)">
-
-	<target host="xda-developers.com" />
-	<target host="*.xda-developers.com" />
-		<!--
-			Avoid false/broken MCB:
-						-->
-		<exclusion pattern="^http://(?:www\.)?xda-developers\.com/+(?!favicon\.ico|wp-content/|wp-includes/)" />
-		<exclusion pattern="^http://forum\.xda-developers\.com/(?!clientscript/|css/|favicon\.ico|images/)" />
-
-
-	<rule from="^http://(forum\.|www\.)?xda-developers\.com/"
-		to="https://$1xda-developers.com/" />
-
-	<rule from="^http://(?:images|(?:(?:buttons|cdn|icons|img\d?)\.)?media)\.xda-developers\.com/"
-		to="https://forum.xda-developers.com/" />
-
-	<rule from="^http://cdn\.www\.xda-developers\.com/"
-		to="https://www.xda-developers.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/XE.com.xml b/src/chrome/content/rules/XE.com.xml
new file mode 100644
index 000000000000..506441f77d27
--- /dev/null
+++ b/src/chrome/content/rules/XE.com.xml
@@ -0,0 +1,38 @@
+<!--
+	Non-functional hosts
+		Multiple problems:
+			 - www.xe.com
+			 - community.xe.com
+-->
+<ruleset name="XE.com (partial)">
+	<!-- direct rewrite -->
+	<target host="xe.com" />
+	<target host="auth.xe.com" />
+	<target host="fx2.xe.com" />
+	<target host="s.xe.com" />
+		<test url="http://s.xe.com/themes/xe/images/appbadges/badge-android-blue.png" />
+	<target host="transfer.xe.com" />
+	<target host="xera.xe.com" />
+
+	<!-- complications -->
+	<target host="www.xe.com" />
+		<exclusion pattern="^http://www\.xe\.com/$" />
+		<test url="http://www.xe.com/themes/xe/images/xemt/flags/large/uk.png" />
+		<test url="http://www.xe.com/gen/css/default.7.css" />
+	<target host="community.xe.com" />
+		<exclusion pattern="^http://community\.xe\.com/(blog|forum|rss-feed|s3|$)" />
+		<!-- match exclusion -->
+		<test url="http://community.xe.com/blog/xe-market-analysis" />
+		<test url="http://community.xe.com/forum/xe-currency-data/api-usage" />
+		<test url="http://community.xe.com/rss-feed" />
+		<test url="http://community.xe.com/s3/files/styles/large/s3/image_1022.jpg?itok=GI0FUOMO" />
+
+		<!-- do not match exclusion -->
+		<test url="http://community.xe.com/themes/xe/images/xe_logo_print.png" />
+
+	<rule from="^http://(auth\.|community\.|fx2\.|s\.|transfer\.|xera\.)?xe\.com/"
+			to="https://$1xe.com/" />
+
+	<rule from="^http://www\.xe\.com/(themes/|gen/css/)"
+			to="https://www.xe.com/$1" />
+</ruleset>
diff --git a/src/chrome/content/rules/XE.xml b/src/chrome/content/rules/XE.xml
deleted file mode 100644
index 5e4c3bfca97d..000000000000
--- a/src/chrome/content/rules/XE.xml
+++ /dev/null
@@ -1,33 +0,0 @@
-<!--
-	CDN buckets:
-
-		- wac.157D.edgecastcdn.net/00157D/
-
-			- s
-
-
-	Problematic subdomains:
-
-		- ^	(cert only matches www)
-		- s	(works; mismatched, CN: gp1.wac.edgecastcdn.net)
-
-
-	Some (most?) pages redirect to http.
-
--->
-<ruleset name="XE (partial)">
-
-	<target host="xe.com" />
-	<target host="*.xe.com" />
-
-
-	<rule from="^https?://(?:www\.)?xe\.com/(themes/|xetrade/(?:help/)?login)"
-		to="https://www.xe.com/$1" />
-
-	<rule from="^http://fx2\.xe\.com/"
-		to="https://fx2.xe.com/" />
-
-	<rule from="^http://s\.xe\.com/"
-		to="https://gp1.wac.edgecastcdn.net/00157D/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/XEU.com.xml b/src/chrome/content/rules/XEU.com.xml
new file mode 100644
index 000000000000..24f244e62b1a
--- /dev/null
+++ b/src/chrome/content/rules/XEU.com.xml
@@ -0,0 +1,28 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://shop.xeu.com/ => https://shop.xeu.com/: (51, "SSL: no alternative certificate subject name matches target host name 'shop.xeu.com'")
+
+	These altnames don't exist:
+
+		- www.shop.xeu.com
+
+-->
+<ruleset name="XEU.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="shop.xeu.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.shop\.xeu\.com$" name="^frontend$" /-->
+
+	<securecookie host="^\.shop\.xeu\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/XFCE-help.org.xml b/src/chrome/content/rules/XFCE-help.org.xml
new file mode 100644
index 000000000000..169ce978861d
--- /dev/null
+++ b/src/chrome/content/rules/XFCE-help.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="XFCE-help.org">
+
+	<target host="xfce-help.org" />
+	<target host="www.xfce-help.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/XFCE-look.org.xml b/src/chrome/content/rules/XFCE-look.org.xml
new file mode 100644
index 000000000000..fa855ed2b68f
--- /dev/null
+++ b/src/chrome/content/rules/XFCE-look.org.xml
@@ -0,0 +1,12 @@
+<!--
+	For other openDesktop rules, see openDesktop.org.xml
+
+-->
+<ruleset name="XFCE-look.org">
+
+	<target host="xfce-look.org" />
+	<target host="www.xfce-look.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/XFCE.org-self-signed.xml b/src/chrome/content/rules/XFCE.org-self-signed.xml
deleted file mode 100644
index 19f3cb6a8c68..000000000000
--- a/src/chrome/content/rules/XFCE.org-self-signed.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<!--
-	For rules that are on by default, see XFCE.org.xml.
-
--->
-<ruleset name="XFCE.org (self-signed)" default_off="self-signed">
-
-	<target host="tibeti.xfce.org" />
-
-
-	<rule from="^http://tibeti\.xfce\.org/"
-		to="https://tibeti.xfce.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/XFCE.org.xml b/src/chrome/content/rules/XFCE.org.xml
index aed51367f641..f1796233799c 100644
--- a/src/chrome/content/rules/XFCE.org.xml
+++ b/src/chrome/content/rules/XFCE.org.xml
@@ -1,33 +1,55 @@
 <!--
-	See XFCE.org-self-signed.xml for problematic rules.
-
-
-	Nonfunctional subdomains:
-
-		- ^		(cert valid; 404)
-		- archive(.be) *
-		- blog **
-		- cdn *
-		- docs **
-		- git *
-		- goodies ***
-		- squeeze ***
-		- users *
-
-	* 404, CN: tibeti.xfce.org
-	** 404, CN: (www.)xfce.org
-	*** 404, CN: wiki.xfce.org
-
+	This domain contains a wildcard DNS record.
+
+	Invalid certificate:
+		archive.be2.xfce.org
+		bugs.xfce.org
+		buildbot.xfce.org
+		doc.xfce.org
+		earlgrey.xfce.org
+		everywhere.xfce.org
+		foundation.xfce.org
+		i18n.xfce.org
+		installit.xfce.org
+		mocha.xfce.org
+		ns[1-4].xfce.org
+		pyxfce.xfce.org
+		squeeze.xfce.org
+		svn.xfce.org
+		thunar.xfce.org
+		translations.xfce.org
+		users.xfce.org
+		www-test.xfce.org
+		www.tx-us.xfce.org
+		www.us.xfce.org
+		xarchiver.xfce.org
+		xfc.xfce.org
 -->
-<ruleset name="XFCE (partial)">
-
-	<target host="*.xfce.org" />
-
-
-	<securecookie host="^(?:.*\.)xfce\.org$" name=".+" />
-
-
-	<rule from="^http://(bugzilla|forum|translations|wiki)\.xfce\.org/"
- 	        to="https://$1.xfce.org/" />
+<ruleset name="Xfce.org (partial)">
+
+	<target host="xfce.org" />
+	<target host="www.xfce.org" />
+	<target host="archive.al-us.xfce.org" />
+	<target host="archive.xfce.org" />
+	<target host="archive.be.xfce.org" />
+	<target host="blog.xfce.org" />
+	<target host="bug-attachment.xfce.org" />
+	<target host="bugzilla.xfce.org" />
+	<target host="cdn.xfce.org" />
+	<target host="docs.xfce.org" />
+	<target host="forum.xfce.org" />
+	<target host="geoip.xfce.org" />
+	<target host="git.xfce.org" />
+	<target host="gitlab.xfce.org" />
+	<target host="goodies.xfce.org" />
+	<target host="mail.xfce.org" />
+	<target host="releases.xfce.org" />
+	<target host="static.xfce.org" />
+	<target host="tibeti.xfce.org" />
+	<target host="wiki.xfce.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/XGaming.xml b/src/chrome/content/rules/XGaming.xml
index 6f2ee0f37e90..f4976fc1b4e3 100644
--- a/src/chrome/content/rules/XGaming.xml
+++ b/src/chrome/content/rules/XGaming.xml
@@ -1,5 +1,7 @@
-<ruleset name="XGaming">
+<ruleset name="XGaming.com">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="xgaming.com" />
 	<target host="www.xgaming.com" />
 
@@ -7,7 +9,7 @@
 	<securecookie host="^www\.xgaming\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?xgaming\.com/"
-		to="https://$1xgaming.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/XGraph.xml b/src/chrome/content/rules/XGraph.xml
deleted file mode 100644
index 9768af8eda31..000000000000
--- a/src/chrome/content/rules/XGraph.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<!--
-	For other Clearspring coverage, see AddThis.xml
-
-
-	- Nonfunctional domains:
-
-		- (www.)xgraph.com	(cert: dev.xgraph.net, expired; displays blank page)
-
-
-	CDN buckets:
-
-		- sxcdn.xgraph.net.edgekey.net/.../
-			- e3210.c.akamaiedge.net/.../
-
--->
-<ruleset name="XGraph (partial)">
-
-	<target host="sxcdn.xgraph.net" />
-
-
-	<rule from="^http://sxcdn\.xgraph\.net/"
-		to="https://sxcdn.xgraph.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/XH_CDN.com.xml b/src/chrome/content/rules/XH_CDN.com.xml
new file mode 100644
index 000000000000..c72ffca3b100
--- /dev/null
+++ b/src/chrome/content/rules/XH_CDN.com.xml
@@ -0,0 +1,159 @@
+<!--
+	For other xHamster coverage, see XHamster.com.xml.
+
+
+	Nonfunctional hosts in *xhcdn.com:
+
+		- ept *
+		- up5 *
+	⁴ 404
+	* Dropped
+
+
+	Problematic hosts in *xhcdn.com:
+
+		- stec-t0[0-9] ⁴
+		- stec-t1[0-3] ⁴
+		- stec-site ⁴
+		- txh ⁴
+
+	⁴ 404, equivalent to another domain
+
+-->
+<ruleset name="xH CDN.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="0.xhcdn.com" />
+	<target host="1.xhcdn.com" />
+	<target host="2.xhcdn.com" />
+	<target host="3.xhcdn.com" />
+	<target host="4.xhcdn.com" />
+	<target host="5.xhcdn.com" />
+	<target host="6.xhcdn.com" />
+	<target host="7.xhcdn.com" />
+	<target host="8.xhcdn.com" />
+	<target host="9.xhcdn.com" />
+
+	<target host="et00.xhcdn.com" />
+	<target host="et01.xhcdn.com" />
+	<target host="et02.xhcdn.com" />
+	<target host="et03.xhcdn.com" />
+	<target host="et04.xhcdn.com" />
+	<target host="et05.xhcdn.com" />
+	<target host="et06.xhcdn.com" />
+	<target host="et07.xhcdn.com" />
+	<target host="et08.xhcdn.com" />
+	<target host="et09.xhcdn.com" />
+	<target host="et10.xhcdn.com" />
+	<target host="et11.xhcdn.com" />
+	<target host="et12.xhcdn.com" />
+	<target host="et13.xhcdn.com" />
+
+	<target host="eu-st.xhcdn.com" />
+	<target host="thumb-v-ec.xhcdn.com" />
+	<target host="static-ec.xhcdn.com" />
+
+	<target host="ut00.xhcdn.com" />
+	<target host="ut01.xhcdn.com" />
+	<target host="ut02.xhcdn.com" />
+	<target host="ut03.xhcdn.com" />
+	<target host="ut04.xhcdn.com" />
+	<target host="ut05.xhcdn.com" />
+	<target host="ut06.xhcdn.com" />
+	<target host="ut07.xhcdn.com" />
+	<target host="ut08.xhcdn.com" />
+	<target host="ut09.xhcdn.com" />
+	<target host="ut10.xhcdn.com" />
+	<target host="ut11.xhcdn.com" />
+	<target host="ut12.xhcdn.com" />
+	<target host="ut13.xhcdn.com" />
+
+		<test url="http://et00.xhcdn.com/t/087/avatar_863087_s_1463752276.jpg" />
+		<test url="http://et01.xhcdn.com/t/051/6_5927051.jpg" />
+		<test url="http://et02.xhcdn.com/t/236/7_6217236.jpg" />
+		<test url="http://et03.xhcdn.com/t/303/1_6214303.jpg" />
+		<test url="http://et04.xhcdn.com/t/735/avatar_4855735_s_1463563629.jpg" />
+		<test url="http://et05.xhcdn.com/t/404/avatar_707404_s_1463752276.jpg" />
+		<test url="http://et06.xhcdn.com/t/981/avatar_11434981_s_1465591449.jpg" />
+		<test url="http://et07.xhcdn.com/t/610/8_6195610.jpg" />
+		<test url="http://et08.xhcdn.com/t/348/7_5998348.jpg" />
+		<test url="http://et09.xhcdn.com/t/187/2_6217187.jpg" />
+		<test url="http://et10.xhcdn.com/t/252/avatar_2250252_s_1463563629.jpg" />
+		<test url="http://et11.xhcdn.com/t/337/1_6215337.jpg" />
+		<test url="http://et12.xhcdn.com/t/444/6_6215444.jpg" />
+		<test url="http://et13.xhcdn.com/t/393/avatar_9599393_s_1463752276.jpg" />
+
+		<test url="http://static-ec.xhcdn.com/images/spacer.gif" /><!--	43 -->
+		<test url="http://eu-st.xhcdn.com/images/spacer.gif" />
+		<test url="http://thumb-v-ec.xhcdn.com/t/675/7_6688675.jpg" /><!--	5480 -->
+
+		<test url="http://ut00.xhcdn.com/t/417/4_6217417.jpg" />
+		<test url="http://ut01.xhcdn.com/t/617/4_6217617.jpg" />
+		<test url="http://ut02.xhcdn.com/t/727/6_6217727.jpg" />
+		<test url="http://ut03.xhcdn.com/t/435/7_6217435.jpg" />
+		<test url="http://ut04.xhcdn.com/t/445/2_6217445.jpg" />
+		<test url="http://ut05.xhcdn.com/t/313/6_6214313.jpg" />
+		<test url="http://ut06.xhcdn.com/t/653/4_6217653.jpg" />
+		<test url="http://ut07.xhcdn.com/t/665/5_6217665.jpg" />
+		<test url="http://ut08.xhcdn.com/t/672/3_6217672.jpg" />
+		<test url="http://ut09.xhcdn.com/t/277/7_6183277.jpg" />
+		<test url="http://ut10.xhcdn.com/t/484/8_6217484.jpg" />
+		<test url="http://ut11.xhcdn.com/t/687/1_6217687.jpg" />
+		<test url="http://ut12.xhcdn.com/t/757/avatar_4984757_s_1463563629.jpg" />
+		<test url="http://ut13.xhcdn.com/t/296/7_6213296.jpg" />
+
+	<!--	Complications:
+				-->
+	<target host="stec-site.xhcdn.com" />
+
+	<target host="stec-t00.xhcdn.com" />
+	<target host="stec-t01.xhcdn.com" />
+	<target host="stec-t02.xhcdn.com" />
+	<target host="stec-t03.xhcdn.com" />
+	<target host="stec-t04.xhcdn.com" />
+	<target host="stec-t05.xhcdn.com" />
+	<target host="stec-t06.xhcdn.com" />
+	<target host="stec-t07.xhcdn.com" />
+	<target host="stec-t08.xhcdn.com" />
+	<target host="stec-t09.xhcdn.com" />
+	<target host="stec-t10.xhcdn.com" />
+	<target host="stec-t11.xhcdn.com" />
+	<target host="stec-t12.xhcdn.com" />
+	<target host="stec-t13.xhcdn.com" />
+
+	<target host="txh.xhcdn.com" />
+
+
+	<rule from="^http://stec-site\.xhcdn\.com/"
+		to="https://eu-st.xhcdn.com/" />
+
+		<test url="http://stec-site.xhcdn.com/id87/images/tpl2/pagerItemBgSel.png" />
+
+	<rule from="^http://stec-t(\d\d)\.xhcdn\.com/"
+		to="https://et$1.xhcdn.com/" />
+
+		<test url="http://stec-t00.xhcdn.com/t/485/avatar_10109485_s_1463563629.jpg" />
+		<test url="http://stec-t01.xhcdn.com/t/585/avatar_9825585_s_1463563629.jpg" />
+		<test url="http://stec-t02.xhcdn.com/t/976/5_148976.jpg" />
+		<test url="http://stec-t03.xhcdn.com/t/595/8_6214595.jpg" />
+		<test url="http://stec-t04.xhcdn.com/t/411/avatar_3749411_s_1463563629.jpg" />
+		<test url="http://stec-t05.xhcdn.com/t/359/avatar_10509359_s_1463563629.jpg" />
+		<test url="http://stec-t06.xhcdn.com/t/240/avatar_7262240_s_1463563629.jpg" />
+		<test url="http://stec-t07.xhcdn.com/t/793/avatar_3981793_s_1463752276.jpg" />
+		<test url="http://stec-t08.xhcdn.com/t/410/avatar_4716410_s_1463563629.jpg" />
+		<test url="http://stec-t09.xhcdn.com/t/041/avatar_6435041_s_1463563629.jpg" />
+		<test url="http://stec-t10.xhcdn.com/t/302/avatar_3786302_s_1463563629.jpg" />
+		<test url="http://stec-t11.xhcdn.com/t/989/4_6202989.jpg" />
+		<test url="http://stec-t12.xhcdn.com/t/742/avatar_124742_s_1463563629.jpg" />
+		<test url="http://stec-t13.xhcdn.com/t/742/avatar_3775742_s_1463834070.jpg" />
+
+	<rule from="^http://txh\.xhcdn\.com/"
+		to="https://ut00.xhcdn.com/" />
+
+		<test url="http://txh.xhcdn.com/t/394/8_6288394.jpg" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/XHamster.com.xml b/src/chrome/content/rules/XHamster.com.xml
index 4936416bf6ab..a2c5f91a7464 100644
--- a/src/chrome/content/rules/XHamster.com.xml
+++ b/src/chrome/content/rules/XHamster.com.xml
@@ -1,73 +1,157 @@
 <!--
-	CDN buckets:
+	Other xHamster rulesets:
 
-		- xhamster.uservoice.com
+		- XH_CDN.com.xml
+		- XHamster_Premium_Pass.com.xml
 
-			- suggestions
 
+	xHamster uses *.xhcdn.com and cdn13.com
+	As far as I can tell all of cdn13.com either only supports http or redirects from https to something else.
 
-	Nonfunctional subdomains:
 
-		- et\d *
-		- et1\d *
-		- m **
-		- mobile	(shows www)
-		- p1 *
-		- partners *
-		- upload *
+	Nonfunctional hosts in *cdn13.com:
 
-	* Times out
-	** Shows www; mismatched, CN: xhamster.com)
+		- a8-19.clients
 
 
-	Problematic subdomains:
+	CDN buckets:
 
-		- suggestions	(works, uservoice.com)
+		- xhamster.uservoice.com	← suggestions
 
 
-	Fully covered subdomains:
+	Nonfunctional hosts in *xhamster.com:
 
-		- (www.)
-		- eu-st
-		- static
+		- et\d *
+		- et1\d *
+		- suggestions ³
 
+	³ 403
+	* Dropped
 
-	Mixed content:
 
-		- Images, on www from:
+	Problematic hosts in *xhamster.com:
 
-			- et\d *
-			- et1\d *
-			- eu-st **
-			- p1 *
+		- [\da-f]{6} ¹
+		- mobile ¹
 
-		- Web/ads bug on www from adscnt2 ***
-		- Web bug on www from cnt1 ***
-		- Web/ads bug on www from cnt2 ***
-		- Web bug on www from syndication.traffichaus.com ***
+	¹ Mismatched
+	² uservoice.com
 
-	* Unsecurable, doesn't trip MCB anyway
-	** Secured by us, doesn't trip MCB anyway
-	*** Unsecurable
 
--->
-<ruleset name="xHamster.com (buggy)" default_off="reportedly breaks videos">
+	Insecure cookies are set for these domains and hosts: ᶜ
 
-	<target host="xhamster.com" />
-	<target host="*.xhamster.com" />
+		- .xhamster.com
 
+		- m.xhamster.com
+		- .m.xhamster.com
+		- de.m.xhamster.com
+		- es.m.xhamster.com
+		- fr.m.xhamster.com
+		- it.m.xhamster.com
+		- jp.m.xhamster.com
+		- nl.m.xhamster.com
+		- pl.m.xhamster.com
+		- pt.m.xhamster.com
+		- ru.m.xhamster.com
 
-	<securecookie host="^\.xhamster\.com$" name="^(?:splash-\d+|stats|uvts)$" />
-	<!--
-		Can these be secured safely?
-						-->
-	<!--securecookie host="^\.xhamster\.com$" name="^(mdg:uid|mobileType|prid)$" /-->
+		- partners.xhamster.com
 
+	ᶜ See https://owasp.org/index.php/SecureFlag
 
-	<rule from="^http://((?:eu-st|secure|static|www)\.)?xhamster\.com/"
-		to="https://$1xhamster.com/" />
+-->
+<ruleset name="xHamster.com (partial)">
 
-	<rule from="^http://suggestions\.xhamster\.com/track\.gif"
-		to="https://xhamster.uservoice.com/track.gif" />
+	<!--	Direct rewrites:
+				-->
+	<target host="xhamster.com" />
+	<target host="de.xhamster.com" />
+	<target host="es.xhamster.com" />
+	<target host="eu-st.xhamster.com" />
+	<target host="fr.xhamster.com" />
+	<target host="it.xhamster.com" />
+	<target host="jp.xhamster.com" />
+	<target host="m.xhamster.com" />
+
+	<target host="de.m.xhamster.com" />
+	<target host="es.m.xhamster.com" />
+	<target host="fr.m.xhamster.com" />
+	<target host="it.m.xhamster.com" />
+	<target host="jp.m.xhamster.com" />
+	<target host="nl.m.xhamster.com" />
+	<target host="pl.m.xhamster.com" />
+	<target host="pt.m.xhamster.com" />
+	<target host="ru.m.xhamster.com" />
+
+	<target host="nl.xhamster.com" />
+	<target host="partners.xhamster.com" />
+	<target host="pl.xhamster.com" />
+	<target host="pt.xhamster.com" />
+	<target host="ru.xhamster.com" />
+	<target host="secure.xhamster.com" />
+	<target host="static.xhamster.com" />
+	<target host="upload.xhamster.com" />
+	<target host="us-st.xhamster.com" />
+	<target host="www.xhamster.com" />
+
+		<!--	Formerly redirected to http:
+							-->
+		<test url="http://xhamster.com/billing.php" />
+		<test url="http://xhamster.com/contact.php" />
+		<test url="http://xhamster.com/dating" />
+		<test url="http://xhamster.com/faq.php" />
+		<test url="http://xhamster.com/premium.php" />
+		<test url="http://xhamster.com/privacy.php" />
+		<test url="http://xhamster.com/stories" />
+		<test url="http://xhamster.com/stories/new/2.html" />
+		<test url="http://xhamster.com/user/Dark_Witch" />
+
+		<test url="http://de.xhamster.com/contact.php" />
+		<test url="http://es.xhamster.com/contact.php" />
+		<test url="http://fr.xhamster.com/contact.php" />
+		<test url="http://it.xhamster.com/contact.php" />
+		<test url="http://jp.xhamster.com/contact.php" />
+		<test url="http://m.xhamster.com/stories.html" />
+		<test url="http://nl.xhamster.com/contact.php" />
+		<test url="http://pl.xhamster.com/contact.php" />
+		<test url="http://pt.xhamster.com/contact.php" />
+		<test url="http://ru.xhamster.com/contact.php" />
+
+		<!--	Sets cookie without Secure:
+							-->
+		<!--test url="http://xhamster.com/?fromMobile" /-->
+		<!--test url="http://m.xhamster.com/?light=1" /-->
+
+		<!--	Without this videos break when using flash:
+									 -->
+		<exclusion pattern="^http://static\.xhamster\.com/crossdomain\.xml" />
+
+			<test url="http://static.xhamster.com/crossdomain.xml" />
+			<test url="http://static.xhamster.com/crossdomain.xml?foo" />
+
+	<!--	Complications:
+				-->
+	<target host="mobile.xhamster.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.xhamster\.com$" name="^(?:first_visit|lang|mobileUse|prid|prs|stats_id)$" /-->
+	<!--securecookie host="^((de|es|fr|it|jp|nl|pl|pt|ru)\.)?m\.xhamster\.com$" name="^mobileRef$" /-->
+	<!--securecookie host="^\.m\.xhamster\.com$" name="^simple$" /-->
+	<!--securecookie host="^partners\.xhamster\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\." name="^(?:first_visit$|mobileRef$|splash-|stats|uvts$)" />
+	<securecookie host="^(?!\.xhamster\.com$)." name=".+" />
+
+
+	<!--	Redirect drops all:
+					-->
+	<rule from="^http://mobile\.xhamster\.com/.*"
+		to="https://m.xhamster.com/" />
+
+		<test url="http://mobile.xhamster.com/index.htm" />
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/XHamster_Premium_Pass.com.xml b/src/chrome/content/rules/XHamster_Premium_Pass.com.xml
new file mode 100644
index 000000000000..04b78eb5001c
--- /dev/null
+++ b/src/chrome/content/rules/XHamster_Premium_Pass.com.xml
@@ -0,0 +1,77 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://e0.xhamsterpremiumpass.com/ => https://e0.xhamsterpremiumpass.com/: (51, "SSL: no alternative certificate subject name matches target host name 'e0.xhamsterpremiumpass.com'")
+Fetch error: http://e1.xhamsterpremiumpass.com/ => https://e1.xhamsterpremiumpass.com/: (51, "SSL: no alternative certificate subject name matches target host name 'e1.xhamsterpremiumpass.com'")
+Fetch error: http://e2.xhamsterpremiumpass.com/ => https://e2.xhamsterpremiumpass.com/: (51, "SSL: no alternative certificate subject name matches target host name 'e2.xhamsterpremiumpass.com'")
+Fetch error: http://e3.xhamsterpremiumpass.com/ => https://e3.xhamsterpremiumpass.com/: (51, "SSL: no alternative certificate subject name matches target host name 'e3.xhamsterpremiumpass.com'")
+Fetch error: http://e4.xhamsterpremiumpass.com/ => https://e4.xhamsterpremiumpass.com/: (51, "SSL: no alternative certificate subject name matches target host name 'e4.xhamsterpremiumpass.com'")
+Fetch error: http://e5.xhamsterpremiumpass.com/ => https://e5.xhamsterpremiumpass.com/: (51, "SSL: no alternative certificate subject name matches target host name 'e5.xhamsterpremiumpass.com'")
+Fetch error: http://e6.xhamsterpremiumpass.com/ => https://e6.xhamsterpremiumpass.com/: (51, "SSL: no alternative certificate subject name matches target host name 'e6.xhamsterpremiumpass.com'")
+Fetch error: http://e7.xhamsterpremiumpass.com/ => https://e7.xhamsterpremiumpass.com/: (51, "SSL: no alternative certificate subject name matches target host name 'e7.xhamsterpremiumpass.com'")
+Fetch error: http://e8.xhamsterpremiumpass.com/ => https://e8.xhamsterpremiumpass.com/: (51, "SSL: no alternative certificate subject name matches target host name 'e8.xhamsterpremiumpass.com'")
+Fetch error: http://e9.xhamsterpremiumpass.com/ => https://e9.xhamsterpremiumpass.com/: (51, "SSL: no alternative certificate subject name matches target host name 'e9.xhamsterpremiumpass.com'")
+Fetch error: http://e10.xhamsterpremiumpass.com/ => https://e10.xhamsterpremiumpass.com/: (51, "SSL: no alternative certificate subject name matches target host name 'e10.xhamsterpremiumpass.com'")
+Fetch error: http://e11.xhamsterpremiumpass.com/ => https://e11.xhamsterpremiumpass.com/: (51, "SSL: no alternative certificate subject name matches target host name 'e11.xhamsterpremiumpass.com'")
+Fetch error: http://e12.xhamsterpremiumpass.com/ => https://e12.xhamsterpremiumpass.com/: (51, "SSL: no alternative certificate subject name matches target host name 'e12.xhamsterpremiumpass.com'")
+Fetch error: http://e13.xhamsterpremiumpass.com/ => https://e13.xhamsterpremiumpass.com/: (51, "SSL: no alternative certificate subject name matches target host name 'e13.xhamsterpremiumpass.com'")
+Fetch error: http://e14.xhamsterpremiumpass.com/ => https://e14.xhamsterpremiumpass.com/: (51, "SSL: no alternative certificate subject name matches target host name 'e14.xhamsterpremiumpass.com'")
+Fetch error: http://e15.xhamsterpremiumpass.com/ => https://e15.xhamsterpremiumpass.com/: (51, "SSL: no alternative certificate subject name matches target host name 'e15.xhamsterpremiumpass.com'")
+Fetch error: http://e16.xhamsterpremiumpass.com/ => https://e16.xhamsterpremiumpass.com/: (51, "SSL: no alternative certificate subject name matches target host name 'e16.xhamsterpremiumpass.com'")
+Fetch error: http://e17.xhamsterpremiumpass.com/ => https://e17.xhamsterpremiumpass.com/: (51, "SSL: no alternative certificate subject name matches target host name 'e17.xhamsterpremiumpass.com'")
+Fetch error: http://e18.xhamsterpremiumpass.com/ => https://e18.xhamsterpremiumpass.com/: (51, "SSL: no alternative certificate subject name matches target host name 'e18.xhamsterpremiumpass.com'")
+Fetch error: http://e19.xhamsterpremiumpass.com/ => https://e19.xhamsterpremiumpass.com/: (51, "SSL: no alternative certificate subject name matches target host name 'e19.xhamsterpremiumpass.com'")
+
+	For other xHamster coverage, see XHamster.com.xml.
+
+
+	(www.)?xhamsterpremiumpass.com: Redirects to http
+
+
+	Problematic hosts in *xhamsterpremiumpass.com:
+
+		- static *
+
+	* Mismatched
+
+-->
+<ruleset name="xHamster Premium Pass.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="e0.xhamsterpremiumpass.com" />
+	<target host="e1.xhamsterpremiumpass.com" />
+	<target host="e2.xhamsterpremiumpass.com" />
+	<target host="e3.xhamsterpremiumpass.com" />
+	<target host="e4.xhamsterpremiumpass.com" />
+	<target host="e5.xhamsterpremiumpass.com" />
+	<target host="e6.xhamsterpremiumpass.com" />
+	<target host="e7.xhamsterpremiumpass.com" />
+	<target host="e8.xhamsterpremiumpass.com" />
+	<target host="e9.xhamsterpremiumpass.com" />
+	<target host="e10.xhamsterpremiumpass.com" />
+	<target host="e11.xhamsterpremiumpass.com" />
+	<target host="e12.xhamsterpremiumpass.com" />
+	<target host="e13.xhamsterpremiumpass.com" />
+	<target host="e14.xhamsterpremiumpass.com" />
+	<target host="e15.xhamsterpremiumpass.com" />
+	<target host="e16.xhamsterpremiumpass.com" />
+	<target host="e17.xhamsterpremiumpass.com" />
+	<target host="e18.xhamsterpremiumpass.com" />
+	<target host="e19.xhamsterpremiumpass.com" />
+
+	<!--	Complications:
+				-->
+	<target host="static.xhamsterpremiumpass.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://static\.xhamsterpremiumpass\.com/"
+		to="https://static.xhamster.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/XILO-Communications.xml b/src/chrome/content/rules/XILO-Communications.xml
deleted file mode 100644
index 89e0edfd2266..000000000000
--- a/src/chrome/content/rules/XILO-Communications.xml
+++ /dev/null
@@ -1,34 +0,0 @@
-<!--
-	CDN buckets:
-
-		- contentdn.net/x/
-		- contentdn.net/nx/
-
-
-	Problematic subdomains:
-
-		- (www.)	(weak cipher)
-
-
-	Fully covered subdomains:
-
-		- discuss
-
--->
-<ruleset name="XILO Communications (partial)">
-
-	<target host="*.xilo.net" />
-
-
-	<securecookie host="^discuss\.xilo\.net$" name=".+" />
-
-
-	<rule from="^http://discuss\.xilo\.net/"
-		to="https://discuss.xilo.net/" />
-
-	<!--	Redirects like so.
-					-->
-	<rule from="^http://(?:my|login)\.xilo\.net/"
-		to="https://my.xilo.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/XLHost.com.xml b/src/chrome/content/rules/XLHost.com.xml
new file mode 100644
index 000000000000..831cc92abc94
--- /dev/null
+++ b/src/chrome/content/rules/XLHost.com.xml
@@ -0,0 +1,39 @@
+<!--
+	Nonfunctional hosts:
+
+		- blog ¹
+		- support ²
+
+	¹ 503, Akamai
+	² Dropped
+
+
+	These altnames don't exist:
+
+		- www.grande.xlhost.com
+		- c7.d.de.static.xlhost.com
+
+
+	Insecure cookies are set for these hosts:
+
+		- grande.xlhost.com
+
+-->
+<ruleset name="XLHost.com (partial)">
+
+	<target host="xlhost.com" />
+	<target host="grande.xlhost.com" />
+	<target host="www.xlhost.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^grande\.xlhost\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^grande\.xlhost\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/XM-CDN.com.xml b/src/chrome/content/rules/XM-CDN.com.xml
new file mode 100644
index 000000000000..e4756fde72d1
--- /dev/null
+++ b/src/chrome/content/rules/XM-CDN.com.xml
@@ -0,0 +1,22 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://static.xm-cdn.com/assets/img/common/logo/xm.png => https://static.xm-cdn.com/assets/img/common/logo/xm.png: (6, 'Could not resolve host: static.xm-cdn.com')
+Fetch error: http://static.xm-cdn.com/ => https://static.xm-cdn.com/: (6, 'Could not resolve host: static.xm-cdn.com')
+
+	For other XEMarkets coverage, see XM.com.xml.
+
+-->
+<ruleset name="XM-CDN.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="static.xm-cdn.com" />
+
+		<test url="http://static.xm-cdn.com/assets/img/common/logo/xm.png" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/XM.com.xml b/src/chrome/content/rules/XM.com.xml
index 383fd5046318..e76ea8b3b297 100644
--- a/src/chrome/content/rules/XM.com.xml
+++ b/src/chrome/content/rules/XM.com.xml
@@ -1,51 +1,52 @@
-<!--
-	XEMarkets
-
-
-	CDN buckets:
-
-		- 516e0f094ba8bcd6f737-06236ff1a8d1cb70b4d1d2dfd24a568e.ssl.cf1.rackcdn.com
 
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://bo.xm.com/ => https://bo.xm.com/: (28, 'Connection timed out after 20001 milliseconds')
 
-	Problematic subdomains:
-
-		- ^	(works, cert only matches www)
+	XEMarkets
 
+	Other XEMarkets rulesets:
 
-	Fully covered subdomains:
+		- XM-CDN.com.xml
 
-		- (www.)	(^ → www)
-		- bo
-		- my
 
+	CDN buckets:
 
-	Mixed content:
+		- 516e0f094ba8bcd6f737-06236ff1a8d1cb70b4d1d2dfd24a568e.ssl.cf1.rackcdn.com
 
-		- css on www from www *
 
-	* Secured by us, negligible (no?) effect
+	^xm.com: Refused
 
 
-	Observed cookie domains:
+	Insecure cookies are set for these domains:
 
-		- .
-		- bo
-		- my
+		- .xm.com
 
 -->
-<ruleset name="XM.com">
+<ruleset name="XM.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="bo.xm.com" />
+	<target host="my.xm.com" />
+	<target host="www.xm.com" />
 
+	<!--	Complications:
+				-->
 	<target host="xm.com" />
-	<target host="*.xm.com" />
 
 
-	<securecookie host=".*\.xm\.com$" name=".+" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.xm\.com$" name="^xmcntr$" /-->
+
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?xm\.com/"
+	<rule from="^http://xm\.com/"
 		to="https://www.xm.com/" />
 
-	<rule from="^http://(bo|my)\.xm\.com/"
-		to="https://$1.xm.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/XML-Sitemaps.com.xml b/src/chrome/content/rules/XML-Sitemaps.com.xml
new file mode 100644
index 000000000000..614d866f3fd7
--- /dev/null
+++ b/src/chrome/content/rules/XML-Sitemaps.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="XML-Sitemaps.com">
+	<target host="xml-sitemaps.com" />
+	<target host="www.xml-sitemaps.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/XML.com.xml b/src/chrome/content/rules/XML.com.xml
new file mode 100644
index 000000000000..e49a11969dae
--- /dev/null
+++ b/src/chrome/content/rules/XML.com.xml
@@ -0,0 +1,19 @@
+<!--
+	Wildcard DNS but without wildcard certificate
+
+	Time out:
+		xml.com
+
+-->
+<ruleset name="XML.com">
+
+	<target host="xml.com" />
+	<target host="www.xml.com" />
+
+	<rule from="^http://xml\.com/"
+		to="https://www.xml.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/XMLSiteMapGenerator.org.xml b/src/chrome/content/rules/XMLSiteMapGenerator.org.xml
new file mode 100644
index 000000000000..4962dc61f11a
--- /dev/null
+++ b/src/chrome/content/rules/XMLSiteMapGenerator.org.xml
@@ -0,0 +1,16 @@
+<!--
+	Secure Connection Failed:
+		blog.xmlsitemapgenerator.org
+	404:
+		www.xmlsitemapgenerator.org
+-->
+<ruleset name="XMLSiteMapGenerator.org">
+	<target host="xmlsitemapgenerator.org" />
+	<target host="www.xmlsitemapgenerator.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://www\.xmlsitemapgenerator\.org/" to="https://xmlsitemapgenerator.org/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/XMMS2.org.xml b/src/chrome/content/rules/XMMS2.org.xml
index a06663ff4b3c..66fe5cf73dc2 100644
--- a/src/chrome/content/rules/XMMS2.org.xml
+++ b/src/chrome/content/rules/XMMS2.org.xml
@@ -6,14 +6,23 @@
 -->
 <ruleset name="XMMS2.org">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="xmms2.org" />
-	<target host="*.xmms2.org" />
+	<target host="bugs.xmms2.org" />
+
+	<!--	Complications:
+				-->
+	<target host="www.xmms2.org" />
 
 
 	<securecookie host="^bugs\.xmms2\.org$" name=".+" />
 
 
-	<rule from="^http://(?:(bugs\.)|www\.)?xmms2\.org/"
-		to="https://$1xmms2.org/" />
+	<rule from="^http://www\.xmms2\.org/"
+		to="https://xmms2.org/" />
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/XMOS.xml b/src/chrome/content/rules/XMOS.xml
index 57649d290176..ee07b6d6b9d6 100644
--- a/src/chrome/content/rules/XMOS.xml
+++ b/src/chrome/content/rules/XMOS.xml
@@ -1,9 +1,39 @@
-<ruleset name="XMOS (partial)">
+<ruleset name="XMOS.com (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="xmos.com"/>
 	<target host="www.xmos.com"/>
 
-	<rule from="^http://(www\.)?xmos\.com/(download/|favicon\.ico|files/|misc/|register|sites/|system/|/user/)"
-		to="https://$1xmos.com/$2/"/>
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.xmos\.com/$" /-->
+
+		<!--	Exceptions:
+					-->
+		<exclusion pattern="^http://www\.xmos\.com/+(?!download/|favicon\.ico|files/|misc/|register|sites/|system/|/user/)" />
+
+		<!--	+ve:
+				-->
+		<test url="http://www.xmos.com/applications/industrialcomms" />
+		<test url="http://www.xmos.com/blog" />
+		<test url="http://www.xmos.com/buy" />
+		<test url="http://www.xmos.com/contact" />
+		<test url="http://www.xmos.com/news" />
+		<test url="http://www.xmos.com/published/xs1lcheck" />
+		<test url="http://www.xmos.com/resources" />
+		<test url="http://www.xmos.com/support/videos" />
+
+		<!--	-ve:
+				-->
+		<test url="http://www.xmos.com/favicon.ico" />
+		<test url="http://www.xmos.com/files/images/appnote-thumb2.png" />
+		<test url="http://www.xmos.com/register" />
+		<test url="http://www.xmos.com/sites/all/themes/newxmos/images/footer-bg.jpg" />
+		<test url="http://www.xmos.com/user/login" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/XMPP.jp.xml b/src/chrome/content/rules/XMPP.jp.xml
new file mode 100644
index 000000000000..ce96e2ae2cf3
--- /dev/null
+++ b/src/chrome/content/rules/XMPP.jp.xml
@@ -0,0 +1,31 @@
+<!--
+	Fully covered hosts:
+
+		- (www.)?
+
+
+	Insecure cookies are set for these hosts:
+
+		- xmpp.jp
+		- www.xmpp.jp
+
+-->
+<ruleset name="XMPP.jp">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="xmpp.jp" />
+	<target host="www.xmpp.jp" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?xmpp\.jp$" name="^session$" /-->
+
+	<securecookie host="^(?:www\.)?xmpp\.jp$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/XMPP.org.xml b/src/chrome/content/rules/XMPP.org.xml
new file mode 100644
index 000000000000..411f8f043b85
--- /dev/null
+++ b/src/chrome/content/rules/XMPP.org.xml
@@ -0,0 +1,32 @@
+<!--
+	Invalid certificate:
+		blog.xmpp.org
+		howto.xmpp.org
+		gsoc.xmpp.org
+		new.xmpp.org
+		tracker.xmpp.org
+
+	No working URL known:
+		wiki.xmpp.org (503)
+
+-->
+<ruleset name="XMPP.org (partial)">
+
+	<target host="xmpp.org" />
+	<target host="www.xmpp.org" />
+	<target host="blog.xmpp.org" />
+	<target host="muc.xmpp.org" />
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^xmpp\.org$" name="^wordpress_test_cookie$" /-->
+
+	<securecookie host="^xmpp\.org$" name=".+" />
+
+	<rule from="^http://blog\.xmpp\.org/"
+		to="https://xmpp.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/XMPP.ru.net.xml b/src/chrome/content/rules/XMPP.ru.net.xml
new file mode 100644
index 000000000000..bbf3bef62584
--- /dev/null
+++ b/src/chrome/content/rules/XMPP.ru.net.xml
@@ -0,0 +1,46 @@
+<!--
+	Problematic hosts:
+
+		- xmpp.ru.net *
+
+	* Mismatched
+
+
+	Fully covered hosts:
+
+		- (www.)?	(^ → www)
+
+
+	Insecure cookies are set for these domains:
+
+		- .xmpp.ru.net
+
+-->
+<ruleset name="XMPP.ru.net">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.xmpp.ru.net" />
+
+	<!--	Complications:
+				-->
+	<target host="xmpp.ru.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.xmpp\.ru\.net$" name="^SESS[\da-f]{32}$" /-->
+
+	<securecookie host="^\.xmpp\.ru\.net$" name=".+" />
+
+
+	<!--	Redirect keeps forward
+		slash, path, and args:
+					-->
+	<rule from="^http://xmpp\.ru\.net/"
+		to="https://www.xmpp.ru.net/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/XMind.net.xml b/src/chrome/content/rules/XMind.net.xml
index defac2efc7ba..a553a1acf702 100644
--- a/src/chrome/content/rules/XMind.net.xml
+++ b/src/chrome/content/rules/XMind.net.xml
@@ -23,13 +23,21 @@
 -->
 <ruleset name="XMind.net (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="xmind.net" />
 	<target host="www.xmind.net" />
-		<exclusion pattern="^http://(?:www\.)?xmind\.net/(?:$|\?|(?:blog|download)(?:$|\?|/))" />
-		<!--exclusion pattern="^http://(?:www\.)?xmind\.net/(?!(?:contact|demos|developer|embed|faq|features|forgotpassword|license|m|pricing|privacy|s|share|signin|signup|sitemap|terms)(?:$|\?|/)|favicon\.ico|s/)" /-->
 
+		<exclusion pattern="^http://www\.xmind\.net/(?:blog|download)(?:$|[?/])" />
+		<!--exclusion pattern="^http://www\.xmind\.net/(?!$|\?|(?:contact|demos|developer|embed|faq|features|forgotpassword|license|m|pricing|privacy|s|share|signin|signup|sitemap|terms)(?:$|\?|/)|favicon\.ico|s/)" /-->
 
-	<rule from="^http://(www\.)?xmind\.net/"
-		to="https://$1xmind.net/" />
+			<test url="http://www.xmind.net/blog/" />
+			<test url="http://www.xmind.net/blog/en/about/" />
+			<test url="http://www.xmind.net/download/" />
+			<test url="http://www.xmind.net/download/win/" />
 
-</ruleset>
\ No newline at end of file
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/XMission.com-problematic.xml b/src/chrome/content/rules/XMission.com-problematic.xml
new file mode 100644
index 000000000000..b57e6617430f
--- /dev/null
+++ b/src/chrome/content/rules/XMission.com-problematic.xml
@@ -0,0 +1,23 @@
+<!--
+	For rules that are on by default, see XMission.xml.
+
+
+	Server sends no certificate chain *
+
+	* see https://whatsmychaincert.com
+
+-->
+<ruleset name="XMission.com (missing certificate chain)" default_off="cert-chain">
+
+	<target host="accounting.xmission.com" />
+	<target host="asset.xmission.com" />
+	<target host="my.xmission.com" />
+
+
+	<securecookie host="^accounting\.xmission\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/XMission.xml b/src/chrome/content/rules/XMission.xml
index 03cf104f7873..e64056b8bfce 100644
--- a/src/chrome/content/rules/XMission.xml
+++ b/src/chrome/content/rules/XMission.xml
@@ -1,36 +1,79 @@
 <!--
+	For problematic rules, see XMission.com-problematic.xml.
+
+
 	Nonfunctional subdomains:
 
 		- anon		(dropped)
 		- maddox *
-		- wiki *
+		- speedtest	(Refused)
 
 	* http reply
 
 
-	Observed subdomains:
+	Problematic hosts:
+
+		- accounting *
+		- asset *
+		- my *
+
+	* Server sends no certificate chain, see https://whatsmychaincert.com
+
+
+	Fully covered hosts:
 
-		- anon
-		- asset
+		- (www.)?
+		- livesupport
 		- mail
-		- my
+		- postmaster
 		- stats
 		- transmission
 		- webmail
-		- www
+		- mirrors
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- xmission.com
+		- accounting.xmission.com
+		- .mail.xmission.com
+		- .webmail.xmission.com
+		- wiki.xmission.com
 
 -->
-<ruleset name="XMission (partial)">
+<ruleset name="XMission.com (partial)">
 
 	<target host="xmission.com" />
-	<target host="*.xmission.com" />
-		<exclusion pattern="^http://(?:anon|maddox|wiki)\." />
+	<!--target host="accounting.xmission.com" /-->
+	<!--target host="asset.xmission.com" /-->
+	<target host="livesupport.xmission.com" />
+	<target host="mail.xmission.com" />
+	<!--target host="my.xmission.com" /-->
+	<target host="postmaster.xmission.com" />
+	<target host="stats.xmission.com" />
+	<target host="transmission.xmission.com" />
+	<target host="webmail.xmission.com" />
+	<target host="www.xmission.com" />
+	<target host="mirrors.xmission.com" />
+
+		<!--exclusion pattern="^http://(?:accounting|anon|asset|maddox|my|speedtest)\.xmission\.com/" /-->
+
+			<!--test url="http://accounting.xmission.com" /-->
+			<!--test url="http://asset.xmission.com/" /-->
+			<!--test url="http://my.xmission.com/" /-->
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^xmission\.com$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^accounting\.xmission\.com$" name="^SESSION_ID$" /-->
+	<!--securecookie host="^\.(mail|webmail)\.comxmission\.com$" name="^Horde$" /-->
+	<!--securecookie host="^wiki\.xmission\.com$" name="^pubwiki2_session$" /-->
 
-	<securecookie host="^(?:.*\.)?xmission\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(\w+\.)?xmission\.com/"
-		to="https://$1xmission.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/XNET.cz.xml b/src/chrome/content/rules/XNET.cz.xml
new file mode 100644
index 000000000000..e05d926d18bf
--- /dev/null
+++ b/src/chrome/content/rules/XNET.cz.xml
@@ -0,0 +1,20 @@
+<!--
+    Mismatched:
+    - www.xnet.cz
+    - wiki.xnet.cz
+    - blog.xnet.cz
+
+    Refused
+    - webftp.xnet.cz
+    - redirect.xnet.cz
+    - ads2.xnet.cz
+-->
+<ruleset name="XNET s.r.o.">
+    <target host="xnet.cz" />
+    <target host="www.xnet.cz" />
+    <target host="admin.xnet.cz" />
+    <target host="email.xnet.cz" />
+
+    <rule from="^http://www\.xnet\.cz/" to="https://xnet.cz/" />
+    <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/XO-Communications.xml b/src/chrome/content/rules/XO-Communications.xml
index 2b25ce771d91..f9387d94ccd0 100644
--- a/src/chrome/content/rules/XO-Communications.xml
+++ b/src/chrome/content/rules/XO-Communications.xml
@@ -1,26 +1,29 @@
 <!--
+	Other XO Communications rulesets:
 
-	Nonfunctional domains:
+		- Cnchost.com.xml
 
-		- (www.)xo.com
 
+	Nonfunctional domains:
 
-	cnchost.com (cert: cnchost.com) redirects to xo.com.
+		- (www.)xo.com
 
--->
-<ruleset name="XO Communications (partial)">
 
-	<target host="*.cnchost.com" />
-	<target host="*.xo.com" />
+	Fully covered hosts in *xo.com:
 
+		- apps
+		- channelink
 
-	<securecookie host="^secure\.chchost\.com$" name=".*" />
+-->
+<ruleset name="XO.com (partial)">
 
+	<!--	Direct rewrites:
+				-->
+	<target host="apps.xo.com" />
+	<target host="channelink.xo.com" />
 
-	<rule from="^http://(register|secure)\.cnchost\.com/"
-		to="https://$1.cnchost.com/" />
 
-	<rule from="^http://(apps|channelink)\.xo\.com/"
-		to="https://$1.xo.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/XOSkins.com.xml b/src/chrome/content/rules/XOSkins.com.xml
deleted file mode 100644
index 39686d0d91d0..000000000000
--- a/src/chrome/content/rules/XOSkins.com.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="XO Skins" platform="mixedcontent">
-  <target host="xoskins.com" />
-  <target host="www.xoskins.com" />
-
-  <rule from="^http://(?:www\.)?xoskins\.com/" to="https://xoskins.com/"/>
-</ruleset>
-
diff --git a/src/chrome/content/rules/XPD.se.xml b/src/chrome/content/rules/XPD.se.xml
deleted file mode 100644
index 47f7c850b5d3..000000000000
--- a/src/chrome/content/rules/XPD.se.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="XPD.se">
-	<target host="xpd.se" />
-	<target host="www.xpd.se" />
-	<rule from="^http://www\.xpd\.se/" to="https://www.xpd.se/"/>
-	<rule from="^http://xpd\.se/" to="https://xpd.se/"/>
-</ruleset>
-
diff --git a/src/chrome/content/rules/XPic_only.xml b/src/chrome/content/rules/XPic_only.xml
index e0d26d012c33..f301de43daef 100644
--- a/src/chrome/content/rules/XPic_only.xml
+++ b/src/chrome/content/rules/XPic_only.xml
@@ -1,13 +1,22 @@
-<ruleset name="XPic only">
 
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://xpiconly.com/ => https://xpiconly.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://www.xpiconly.com/ => https://www.xpiconly.com/: (28, 'Operation timed out after 30002 milliseconds with 0 bytes received')
+
+-->
+<ruleset name="XPic only.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
 	<target host="xpiconly.com" />
-	<target host="*.xpiconly.com" />
+	<target host="www.xpiconly.com" />
 
 
-	<securecookie host="^(?:w*\.)?xpiconly\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(www\.)?xpiconly\.com/"
-		to="https://$1xpiconly.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/XS4ALL.xml b/src/chrome/content/rules/XS4ALL.xml
index fd46f8b023b6..cc214626b34b 100644
--- a/src/chrome/content/rules/XS4ALL.xml
+++ b/src/chrome/content/rules/XS4ALL.xml
@@ -1,20 +1,30 @@
-<ruleset name="XS4ALL (partial)">
-
-	<target host="xs4all.nl" />
-	<target host="*.xs4all.nl" />
-		<exclusion pattern="^http://(?:www\.)?xs4all.nl/(?:(?:%7E)|~)+" />
-	<target host="*.service.xs4all.nl" />
+<!--
+	Problematic hosts in *xs4all.nl:
 
+		- freegw *
 
-	<securecookie host="^.+\.xs4all\.nl$" name=".+" />
+	* Self-signed
 
+-->
+<ruleset name="XS4ALL.nl (partial)">
 
-	<!--	!www: reset
+	<!--	Direct rewrites:
 				-->
-	<rule from="^http://(?:www\.)?xs4all\.nl/"
-		to="https://www.xs4all.nl/" />
+	<target host="xs4all.nl" />
+	<target host="blog.xs4all.nl" />
+	<target host="cdn.xs4all.nl" />
+	<target host="download.xs4all.nl" />
+	<target host="service.xs4all.nl" />
+	<target host="wachtwoord.xs4all.nl" />
+	<target host="webmail.xs4all.nl" />
+	<target host="webstatistieken.xs4all.nl" />
+	<target host="www.xs4all.nl" />
+
+
+	<securecookie host=".\.xs4all\.nl$" name=".+" />
+
 
-	<rule from="^http://(blog|cdn|service|wachtwoord|webmail|webstatistieken)\.xs4all\.nl/"
-		to="https://$1.xs4all.nl/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/XSSposed.org.xml b/src/chrome/content/rules/XSSposed.org.xml
new file mode 100644
index 000000000000..b87fb9755b05
--- /dev/null
+++ b/src/chrome/content/rules/XSSposed.org.xml
@@ -0,0 +1,19 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://xssposed.org/ => https://xssposed.org/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.xssposed.org/ => https://www.xssposed.org/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="XSSposed.org" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="xssposed.org" />
+	<target host="www.xssposed.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/XVideos-cdn.com.xml b/src/chrome/content/rules/XVideos-cdn.com.xml
new file mode 100644
index 000000000000..7d097f7ec662
--- /dev/null
+++ b/src/chrome/content/rules/XVideos-cdn.com.xml
@@ -0,0 +1,23 @@
+<!--
+	See also XVideos.com.xml.
+
+-->
+<ruleset name="XVideos-cdn.com (partial)">
+	<target host="hls-hw.xvideos-cdn.com"/>
+	<target host="hls1-l3.xvideos-cdn.com"/>
+	<target host="hls2-l3.xvideos-cdn.com"/>
+	<target host="hls3-l3.xvideos-cdn.com"/>
+	<target host="hls4-l3.xvideos-cdn.com"/>
+	<target host="images-llnw.xvideos-cdn.com"/>
+	<target host="img-egc.xvideos-cdn.com"/>
+		<test url="http://img-egc.xvideos-cdn.com/videos/profiles/profthumb/ae/44/ec/hands-on-hardcore/profile_3_big.jpg"/>
+	<target host="img-hw.xvideos-cdn.com"/>
+	<target host="vid-egc.xvideos-cdn.com"/>
+	<target host="vid1-l3.xvideos-cdn.com"/>
+	<target host="vid2-l3.xvideos-cdn.com"/>
+	<target host="vid3-l3.xvideos-cdn.com"/>
+	<target host="vid4-l3.xvideos-cdn.com"/>
+	<target host="video-hw.xvideos-cdn.com"/>
+
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/XVideos.com.xml b/src/chrome/content/rules/XVideos.com.xml
new file mode 100644
index 000000000000..c017cd01e472
--- /dev/null
+++ b/src/chrome/content/rules/XVideos.com.xml
@@ -0,0 +1,52 @@
+<!--
+	See also XVideos-cdn.com.xml.
+
+	Invalid certificate:
+		img100.xvideos.com
+		lw-video.xvideos.com
+		profile-cdn.xvideos.com
+		profile-pics-cdn.xvideos.com
+
+	No working URL known:
+		content.xvideos.com
+		cdn-hw-hls.xvideos.com
+		cdn1-l3-cdn.xvideos.com
+		cdn2-l3-cdn.xvideos.com
+		cdn3-l3-cdn.xvideos.com
+		cdn4-l3-cdn.xvideos.com
+		edgecast-video.xvideos.com
+		videos1.xvideos.com
+		videos2.xvideos.com
+		videos3.xvideos.com
+		videos4.xvideos.com
+
+	Timeout:
+		surveys.xvideos.com
+
+-->
+<ruleset name="XVideos.com">
+	<target host="xvideos.com"/>
+	<target host="www.xvideos.com"/>
+	<target host="cdn-highwinds.xvideos.com"/>
+		<test url="http://cdn-highwinds.xvideos.com/videos/thumbslll/06/34/6f/06346fb54facefa53a64eb1961f8bb58/06346fb54facefa53a64eb1961f8bb58.30.jpg"/>
+	<target host="control.xvideos.com"/>
+	<target host="image100-037.xvideos.com"/>
+		<test url="http://image100-037.xvideos.com/videos/thumbs/xvideos.gif"/>
+	<target host="image100-933.xvideos.com"/>
+		<test url="http://image100-933.xvideos.com/videos/thumbs/xvideos.gif"/>
+	<target host="img-egc.xvideos.com"/>
+		<test url="http://img-egc.xvideos.com/videos/profiles/profthumb/ae/44/ec/hands-on-hardcore/profile_3_big.jpg"/>
+	<target host="img-hw.xvideos.com"/>
+		<test url="http://img-hw.xvideos.com/videos/thumbs/xvideos.gif"/>
+	<target host="img100-108.xvideos.com"/>
+	<target host="img100-875.xvideos.com"/>
+	<target host="info.xvideos.com"/>
+	<target host="jp.xvideos.com"/>
+	<target host="static.xvideos.com"/>
+	<target host="static-hw.xvideos.com"/>
+	<target host="static-l3.xvideos.com"/>
+	<target host="trade-admin.xvideos.com"/>
+	<target host="upload.xvideos.com"/>
+
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/Xagasoft.xml b/src/chrome/content/rules/Xagasoft.xml
deleted file mode 100644
index fe562020584c..000000000000
--- a/src/chrome/content/rules/Xagasoft.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Xagasoft">
-
-	<target host="xagasoft.com" />
-	<target host="www.xagasoft.com" />
-
-
-	<securecookie host="^(www\.)?xagasoft\.com$" name=".*" />
-
-
-	<rule from="^http://(www\.)?xagasoft\.com/"
-		to="https://$1xagasoft.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Xakep.ru.xml b/src/chrome/content/rules/Xakep.ru.xml
new file mode 100644
index 000000000000..3fe3a8b24db7
--- /dev/null
+++ b/src/chrome/content/rules/Xakep.ru.xml
@@ -0,0 +1,21 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://dvd.xakep.ru/ => https://dvd.xakep.ru/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://forum.xakep.ru/ => https://forum.xakep.ru/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://group.xakep.ru/ => https://group.xakep.ru/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="Xakep.ru" default_off="failed ruleset test">
+
+	<target host="xakep.ru" />
+	<target host="dvd.xakep.ru" />
+	<target host="forum.xakep.ru" />
+	<target host="group.xakep.ru" />
+	<target host="www.xakep.ru" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Xamarin.com.xml b/src/chrome/content/rules/Xamarin.com.xml
new file mode 100644
index 000000000000..0a18f4c02d53
--- /dev/null
+++ b/src/chrome/content/rules/Xamarin.com.xml
@@ -0,0 +1,150 @@
+<!--
+	Problematic hosts in *xamarin.com:
+
+		- iosapi *
+		- macapi *
+		- planet ¹
+		- support ²
+
+	* Shows another domain
+	¹ Mixed css
+	² Dropped
+
+
+	Partially covered hosts in *xamarin.com:
+
+		- planet *
+
+	* Avoiding broken MCB
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .xamarin.com
+		- components.xamarin.com
+		- .planet.xamarin.com
+		- .scan.xamarin.com
+		- store.xamarin.com
+		- university.xamarin.com
+		- .university.xamarin.com
+
+
+	Mixed content:
+
+		- iframes, on:
+
+			- planet from app.stitcher.com
+			- planet from www.youtube.com ¹
+
+		- css, on:
+
+			- planet from fonts.googleapis.com ¹
+			- planet from i\d.wp.com ¹
+
+		- Images, on:
+
+			- planet from www.cazzulino.com
+			- planet from feeds.feedburner.com ¹
+			- planet from www.michaelridland.com
+			- planet from blogs.plainconcepts.com
+			- planet from solola.ca
+			- planet from blog.verslu.is
+			- planet from feeds.wordpress.com
+			- planet from i\d.wp.com ¹
+			- planet from cdn1.xamarin.com ¹
+			- scan from download.microsoft.com ¹
+			- scan from go.microsoft.com ¹
+
+		- favicon on developer, docs from ^xamarin.com  ¹
+
+		- Ads/bugs, on:
+
+			- planet from www.googleadservices.com ¹
+			- planet from pixel.wp.com ¹
+
+	¹ Secured by us
+	² Unsecurable <= refused
+
+-->
+<ruleset name="Xamarin.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="xamarin.com" />
+	<target host="androidapi.xamarin.com" />
+	<target host="blog.xamarin.com" />
+	<target host="bugzilla.xamarin.com" />
+	<target host="cdn1.xamarin.com" />
+	<target host="components.xamarin.com" />
+	<target host="developer.xamarin.com" />
+	<target host="docs.xamarin.com" />
+	<target host="forums.xamarin.com" />
+	<target host="planet.xamarin.com" />
+	<target host="scan.xamarin.com" />
+	<target host="store.xamarin.com" />
+	<target host="university.xamarin.com" />
+	<target host="www.xamarin.com" />
+
+	<!--	Complications:
+				-->
+	<target host="iosapi.xamarin.com" />
+	<target host="macapi.xamarin.com" />
+	<target host="support.xamarin.com" />
+
+		<!--	Avoid broken MCB:
+						-->
+		<exclusion pattern="^http://planet\.xamarin\.com/+(?:$|\?)" />
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="^http://planet\.xamarin\.com/+(?!Resources/|favicon\.ico|feed/|images/)" /-->
+
+			<!--	+ve:
+					-->
+			<test url="http://planet.xamarin.com//" />
+			<test url="http://planet.xamarin.com/?foo" />
+			<test url="http://planet.xamarin.com/?bar" />
+
+			<!--	-ve:
+					-->
+			<test url="http://planet.xamarin.com/Resources/Styles/style.css" />
+			<test url="http://planet.xamarin.com/favicon.ico" />
+			<test url="http://planet.xamarin.com/feed/" />
+			<test url="http://planet.xamarin.com/images/twitter16.png" />
+
+
+	<!--securecookie host="^xamarin\.com$" name="__RequestVerificationToken_Lw__" /-->
+	<!--securecookie host="^(components\.)?xamarin\.com$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^\.(planet|scan|university)\.xamarin\.com$" name="^ARRAffinity$" /-->
+	<!--securecookie host="^store\.xamarin\.com$" name="^(__RequestVerificationToken|Nop\.CustomerSessionGUIDCookie)$" /-->
+	<!--securecookie host="^university\.xamarin\.com$" name="^__RequestVerificationToken$" /-->
+
+	<securecookie host="^\w" name=".+" />
+	<securecookie host="^\." name="^(?:_gat?|ARRAffinity)$" />
+
+
+	<!--	Redirect drops path but not args:
+							-->
+	<rule from="^http://iosapi\.xamarin\.com/[^?]*"
+		to="https://developer.xamarin.com/api/root/ios-unified/" />
+
+		<test url="http://iosapi.xamarin.com/home.htm" />
+
+	<!--	Redirect drops path but not args:
+							-->
+	<rule from="^http://macapi\.xamarin\.com/[^?]*"
+		to="https://developer.xamarin.com/api/root/monomac-lib" />
+
+		<test url="http://macapi.xamarin.com/home.htm" />
+
+	<!--	Redirect drops path but not args:
+							-->
+	<rule from="^http://support\.xamarin\.com/[^?]*"
+		to="https://xamarin.com/support" />
+
+		<test url="http://support.xamarin.com/home.htm" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Xapo.com.xml b/src/chrome/content/rules/Xapo.com.xml
new file mode 100644
index 000000000000..741e8ff81c7e
--- /dev/null
+++ b/src/chrome/content/rules/Xapo.com.xml
@@ -0,0 +1,40 @@
+<!--
+	Problematic subdomains:
+
+		- help *
+
+	* Mismatched, CN: support.xapo.com
+
+
+	Fully covered subdomains:
+
+		- (www.)?
+		- account
+		- blog
+		- developers
+		- help		(→ support.xapo.com)
+		- support
+
+-->
+<ruleset name="Xapo.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="xapo.com" />
+	<target host="www.xapo.com" />
+	<target host="account.xapo.com" />
+	<target host="blog.xapo.com" />
+	<target host="developers.xapo.com" />
+	<target host="support.xapo.com" />
+
+	<!--	Complications:
+				-->
+	<target host="help.xapo.com" />
+
+	<rule from="^http://help\.xapo\.com/"
+		to="https://support.xapo.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Xara.com-mixedcontent.xml b/src/chrome/content/rules/Xara.com-mixedcontent.xml
new file mode 100644
index 000000000000..e0ac3c8f51e0
--- /dev/null
+++ b/src/chrome/content/rules/Xara.com-mixedcontent.xml
@@ -0,0 +1,31 @@
+<!--
+	For rules not causing valid MCB, see Xara.com.xml.
+
+-->
+<ruleset name="Xara.com (MCB)" platform="mixedcontent">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.xara.com" />
+
+	<!--	Complications:
+				-->
+	<target host="xara.com" />
+
+		<!--	Redirects to http:
+						-->
+		<exclusion pattern="^http://www\.xara\.com/readxaraonlinecookie\.php" />
+
+			<test url="http://www.xara.com/readxaraonlinecookie.php?" />
+
+
+	<securecookie host="^\.xara\.com$" name="^(?:__cfduid|cf_clearance)$" />
+
+
+	<rule from="^http://xara\.com/"
+		to="https://www.xara.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Xara.com.xml b/src/chrome/content/rules/Xara.com.xml
new file mode 100644
index 000000000000..280ebc4b95f7
--- /dev/null
+++ b/src/chrome/content/rules/Xara.com.xml
@@ -0,0 +1,53 @@
+<!--
+	For rules causing valid MCB, see Xara.com-falsemixed.xml.
+
+	For other MAGIX coverage, see MAGIX.xml.
+
+
+	^xara.com: Dropped
+
+
+	Insecure cookies are set for these domains:
+
+		- .xara.com
+
+
+	Mixed content:
+
+		- iframe on www from app.xaraonline.com *
+
+	* Rule disabled by default <= expired
+
+-->
+<ruleset name="Xara.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="service.xara.com" />
+	<!--target host="www.xara.com" /-->
+
+	<!--	Complications:
+				-->
+	<!--target host="xara.com" /-->
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.xara\.com/readxaraonlinecookie\.php" /-->
+
+			<!--test url="http://www.xara.com/readxaraonlinecookie.php?" /-->
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.xara\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.xara\.com$" name="^(?:__cfduid|cf_clearance)$" />
+
+
+	<!--rule from="^http://xara\.com/"
+		to="https://www.xara.com/" /-->
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Xara_online.com.xml b/src/chrome/content/rules/Xara_online.com.xml
new file mode 100644
index 000000000000..bca5bf5b932a
--- /dev/null
+++ b/src/chrome/content/rules/Xara_online.com.xml
@@ -0,0 +1,42 @@
+<!--
+	For other MAGIX coverage, see MAGIX.xml.
+
+
+	Problematic hosts in *xaraonline.com:
+
+		- app ¹ ²
+		- secure ² ³
+
+	¹ Mismatched
+	² Expired
+	³ Mixed iframe
+
+
+	Mixed content:
+
+		- iframe on secure from www.xara.com
+
+-->
+<ruleset name="Xara online.com (partial)" platform="mixedcontent" default_off="expired">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="secure.xaraonline.com" />
+
+	<!--	Complications:
+				-->
+	<target host="app.xaraonline.com" />
+
+		<!--	Mixed iframe:
+					-->
+		<test url="http://app.xaraonline.com/_stratus/readcookie.aspx?passto=" />
+		<test url="http://secure.xaraonline.com/_stratus/readcookie.aspx?passto=" />
+
+
+	<rule from="^http://app\.xaraonline\.com/"
+		to="https://secure.xaraonline.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Xato.net.xml b/src/chrome/content/rules/Xato.net.xml
new file mode 100644
index 000000000000..6894086d2673
--- /dev/null
+++ b/src/chrome/content/rules/Xato.net.xml
@@ -0,0 +1,28 @@
+<!--
+	Insecure cookies are set for these domains and hosts:
+
+		- xato.net
+		- .xato.net
+		- www.xato.net
+
+-->
+<ruleset name="Xato.net">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="xato.net" />
+	<target host="www.xato.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?xato\.net$" name="^(PHPSESSID|X-Mapping-\w+)$" /-->
+	<!--securecookie host="^\.xato\.net$" name="^(__cfduid|cf_clearance)" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Xav.com.xml b/src/chrome/content/rules/Xav.com.xml
new file mode 100644
index 000000000000..e8279a65c537
--- /dev/null
+++ b/src/chrome/content/rules/Xav.com.xml
@@ -0,0 +1,20 @@
+<!--
+	Nonfunctional subdomains:
+
+		- forum *
+
+	* plaintext reply
+
+-->
+<ruleset name="xav.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="xav.com" />
+	<target host="www.xav.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Xavisys.xml b/src/chrome/content/rules/Xavisys.xml
index 6fb88da768fe..7b0b89275eeb 100644
--- a/src/chrome/content/rules/Xavisys.xml
+++ b/src/chrome/content/rules/Xavisys.xml
@@ -1,13 +1,39 @@
-<ruleset name="Xavisys">
 
-	<target host="xavisys.com" />
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.xavisys.com/ => https://xavisys.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://xavisys.com/ => https://xavisys.com/: (60, 'SSL certificate problem: certificate has expired')
+
+	www: Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- xavisys.com
+
+-->
+<ruleset name="Xavisys.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
 	<target host="www.xavisys.com" />
 
+	<!--	Complications:
+				-->
+	<target host="xavisys.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^xavisys\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^xavisys\.com$" name=".+" />
 
-	<securecookie host="^xavisys\.com$" name=".*" />
 
+	<rule from="^http://www\.xavisys\.com/"
+		to="https://xavisys.com/" />
 
-	<rule from="^http://(www\.)?xavisys\.com/"
-		to="https://$1xavisys.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Xbee.net.xml b/src/chrome/content/rules/Xbee.net.xml
deleted file mode 100644
index 02fb4e828074..000000000000
--- a/src/chrome/content/rules/Xbee.net.xml
+++ /dev/null
@@ -1,26 +0,0 @@
-<!--
-	CN: *.wdmedia-hebergement.net
-
-
-	Fully covered subdomains:
-
-		- (www.)
-		- thehive
-
-
-	Note that ^xbee.net and www.xbee.net differ.
-
--->
-<ruleset name="xbee.net" default_off="mismatched">
-
-	<target host="xbee.net" />
-	<target host="*.xbee.net" />
-
-
-	<securecookie host="^(?:thehive\.|www\.)?xbee\.net$" name=".+" />
-
-
-	<rule from="^http://(thehive\.|www\.)?xbee\.net/"
-		to="https://$1xbee.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Xbetsport.com.xml b/src/chrome/content/rules/Xbetsport.com.xml
new file mode 100644
index 000000000000..14acce3336c0
--- /dev/null
+++ b/src/chrome/content/rules/Xbetsport.com.xml
@@ -0,0 +1,19 @@
+<!--
+	For other 1xbet coverage, see 1xbet.com.xml.
+
+-->
+<ruleset name="xbetsport.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="xbetsport.com" />
+	<target host="www.xbetsport.com" />
+
+
+	<securecookie host="^(?:w*\.)?xbetsport\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Xbox-problematic.xml b/src/chrome/content/rules/Xbox-problematic.xml
deleted file mode 100644
index 7ac32410f2b4..000000000000
--- a/src/chrome/content/rules/Xbox-problematic.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-
-	For rules that are on by default, see Xbox.xml.
-
--->
-<ruleset name="Xbox (problematic)" default_off="mismatched">
-
-	<target host="nxeassets.xbox.com" />
-	<target host="avatar.xboxlive.com" />
-
-
-	<rule from="^http://nxeassets\.xbox\.com/"
-		to="https://nxeassets.xbox.com/" />
-
-	<rule from="^http://avatar\.xboxlive\.com/"
-		to="https://avatar.xboxlive.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Xbox.xml b/src/chrome/content/rules/Xbox.xml
index 8c6cd92c4f82..a737015635bc 100644
--- a/src/chrome/content/rules/Xbox.xml
+++ b/src/chrome/content/rules/Xbox.xml
@@ -1,7 +1,4 @@
 <!--
-	For problematic rules, see Xbox-problematic.xml.
-
-
 	For other Microsoft coverage, see Microsoft.xml.
 
 
@@ -15,60 +12,137 @@
 		- xbox.com subdomains:
 
 			- ^		(times out)
+			- forums **
 			- gamercard *
 			- gearsofwar
+			- help (timeout)
 			- marketplace **
-			- news		(times out)
+			- news *
+			- service (timeout)
+			- sonos ⁴
 			- tiles *
 			- www **
 
-		- compass.xboxlive.com	(404; mismatched, CN: *.hs.llnwd.net)
 		- press.xbox360.com
 
 	* 504, akamai
 	** Redirects to http, valid cert
+	⁴ Differs from http
 
 
-	Problematic domains:
-
-		- xbox.com subdomains:
-
-			- nxeassets *
-			- o		(mismatched, CN: *.112.2o7.net)
-			- piflc		(works, mismatched, CN: *.xboxlive.com)
+	Problematic hosts in *xbox.com:
 
-		- avatar.xboxlive.com *
+		- compass ¹
+		- feedback (timeout)
+		- feedbacklogin (mismatched)
+		- myservice (mismatched)
+		- nxeassets *
+		- o		(mismatched, CN: *.112.2o7.net)
+		- piflc		(works, mismatched, CN: *.xboxlive.com)
 
+	¹ 400
+	² Mismatched
 	* Works, akamai
 
 
-	Partially covered domains:
+	Partially covered hosts in *xbox.com:
 
-		- rewards.xbox.com *
-		- support.xbox.com *
+		- rewards *
 
 	* Some pages redirect to http
 
--->
-<ruleset name="Xbox (partial)">
 
-	<target host="*.xbox.com" />
-		<exclusion pattern="^http://support\.xbox\.com/(?:en-US/)?(?:$|\?)" />
-		<exclusion pattern="^http://rewards\.xbox\.com/(?!join-now|(?:localized_)?media/)" />
-	<target host="piflc.xboxlive.com" />
+	Fully covered subdomains:
+
+		- account
+		- c
+		- compass	(→ compass-ssl.xbox.com)
+		- compass-ssl
+		- halo
+		- live
+		- music-cache
+		- myservice
+		- nxeassets	(→ nxeassets-ssl.xbox.com)
+		- nxeassets-ssl
+		- o		(→ xbox-com.112.2o7.net)
+		- s
+		- service
+		- support
+
+
+	solutions: Reset over http, handshake fails over http
 
 
+	Insecure cookies are set for these domains and hosts:
+
+		- .xbox.com
+		- music.xbox.com
+
+
+	Mixed content:
+
+		- Image on support from compass.xboxlive.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Xbox.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="account.xbox.com" />
+	<target host="c.xbox.com" />
+	<target host="compass-ssl.xbox.com" />
+	<target host="halo.xbox.com" />
+	<target host="live.xbox.com" />
+	<target host="music-cache.xbox.com" />
+	<target host="nxeassets-ssl.xbox.com" />
+	<target host="rewards.xbox.com" />
+	<target host="support.xbox.com" />
+
+	<!--	Complications:
+				-->
+	<target host="compass.xbox.com" />
+	<target host="nxeassets.xbox.com" />
+	<target host="o.xbox.com" />
+	<target host="piflc.xbox.com" />
+
+		<!--	Exceptions:
+					-->
+		<exclusion pattern="^http://rewards\.xbox\.com/(?!css/|favicon\.ico|(?:localized_)?media/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://rewards.xbox.com/faq/" />
+			<test url="http://rewards.xbox.com/get-yours/promotion/binge/" />
+			<test url="http://rewards.xbox.com/mymissions/" />
+			<test url="http://rewards.xbox.com/myrewards/" />
+
+			<!--	-ve:
+					-->
+			<test url="http://rewards.xbox.com/dynamic/css/welcome.css/" />
+			<test url="http://rewards.xbox.com/favicon.ico" />
+			<test url="http://rewards.xbox.com/media/images/img_header_logo.png" />
+
+		<test url="http://support.xbox.com/en-US/" />
+
+
+	<!--	Not secured by server:
+					-->
 	<securecookie host="^\.xbox\.com$" name="^s_vi$" />
-	<securecookie host="^(?:help|live|myservice)\.xbox\.com$" name=".+" />
+	<securecookie host="^(?:help|live|music|myservice)\.xbox\.com$" name=".+" />
 
 
-	<rule from="^http://(c|halo|help|live|(?:my)?service|retailer|rewards|solutions|support)\.xbox\.com/"
-		to="https://$1.xbox.com/" />
+	<rule from="^http://(compas|nxeasset)s\.xbox\.com/"
+		to="https://$1s-ssl.xbox.com/" />
 
-	<rule from="^https?://o\.xbox\.com/"
+	<rule from="^http://o\.xbox\.com/"
 		to="https://xbox-com.112.2o7.net/" />
 
-	<rule from="^https?://piflc\.xbox(?:live)?\.com/"
+	<rule from="^http://piflc\.xbox\.com/"
 		to="https://piflc.xboxlive.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Xbox_Live.com.xml b/src/chrome/content/rules/Xbox_Live.com.xml
new file mode 100644
index 000000000000..1cf1ea9198b2
--- /dev/null
+++ b/src/chrome/content/rules/Xbox_Live.com.xml
@@ -0,0 +1,43 @@
+<!--
+	For other Microsoft coverage, see Microsoft.xml.
+
+
+	Problematic hosts in *xboxlive.com:
+
+		- avatar ¹
+		- compass ²
+
+	¹ Works, Akamai
+	² 404, llwnd.net
+
+
+	Fully covered hosts in *xboxlive.com:
+
+		- avatar	(→ avatar-ssl.xboxlive.com)
+		- avatar-ssl
+		- compass	(→ compass-ssl.xboxlive.com)
+		- compass-ssl
+		- piflc
+
+-->
+<ruleset name="Xbox Live.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="avatar-ssl.xboxlive.com" />
+	<target host="compass-ssl.xboxlive.com" />
+	<target host="piflc.xboxlive.com" />
+
+	<!--	Complications:
+				-->
+	<target host="avatar.xboxlive.com" />
+	<target host="compass.xboxlive.com" />
+
+
+	<rule from="^http://(avatar|compass)\.xboxlive\.com/"
+		to="https://$1-ssl.xboxlive.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Xchan.xml b/src/chrome/content/rules/Xchan.xml
new file mode 100644
index 000000000000..ea2c4f92ae6f
--- /dev/null
+++ b/src/chrome/content/rules/Xchan.xml
@@ -0,0 +1,14 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://old.xchan.pw/ => https://old.xchan.pw/: (6, 'Could not resolve host: old.xchan.pw')
+
+-->
+<ruleset name="Xchan" default_off="failed ruleset test">
+	<target host="xchan.pw" />
+	<target host="www.xchan.pw" />
+	<target host="old.xchan.pw" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Xdebug.org.xml b/src/chrome/content/rules/Xdebug.org.xml
new file mode 100644
index 000000000000..57f3903707a2
--- /dev/null
+++ b/src/chrome/content/rules/Xdebug.org.xml
@@ -0,0 +1,17 @@
+<!--
+    Nonfunctional subdomains:
+        - www
+-->
+<ruleset name="Xdebug.org">
+    <target host="xdebug.org" />
+    <target host="bugs.xdebug.org" />
+    <target host="www.xdebug.org" />
+
+    <securecookie host="^(bugs\.)?xdebug\.org" name=".+" />
+
+    <rule from="^http://www\.xdebug\.org/"
+            to="https://xdebug.org/" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Xdomain.ne.jp.xml b/src/chrome/content/rules/Xdomain.ne.jp.xml
new file mode 100644
index 000000000000..f97b792bb590
--- /dev/null
+++ b/src/chrome/content/rules/Xdomain.ne.jp.xml
@@ -0,0 +1,18 @@
+<!--
+	For other Xserver coverage, see Xserver.xml.
+
+-->
+<ruleset name="Xdomain.ne.jp">
+
+	<target host="xdomain.ne.jp" />
+	<target host="secure.xdomain.ne.jp" />
+	<target host="www.xdomain.ne.jp" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/XeNTaX.com.xml b/src/chrome/content/rules/XeNTaX.com.xml
new file mode 100644
index 000000000000..dd9a9aa568b1
--- /dev/null
+++ b/src/chrome/content/rules/XeNTaX.com.xml
@@ -0,0 +1,19 @@
+<!--
+	Mismatched:
+		- mail.*
+		- c64
+		- wiki
+-->
+
+<ruleset name="XeNTaX.com">
+	<target host="xentax.com" />
+	<target host="www.xentax.com" />
+	<target host="forum.xentax.com" />
+	<target host="www.forum.xentax.com" />
+	<target host="multiex.xentax.com" />
+	<target host="www.multiex.xentax.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Xelerance.com.xml b/src/chrome/content/rules/Xelerance.com.xml
index 79c9de1a2749..d2560e120b07 100644
--- a/src/chrome/content/rules/Xelerance.com.xml
+++ b/src/chrome/content/rules/Xelerance.com.xml
@@ -1,14 +1,9 @@
 <!--
-	Problematic subdomains:
-
-		- ^	(works; mismatched, CN: proxy.xelerence.com)
-		- proxy	(data differ)
-
-
 	Fully covered subdomains:
 
-		- (www.)	(^ → www)
+		- (www.)
 		- dane
+		- proxy
 
 
 	Mixed content:
@@ -18,16 +13,17 @@
 	* Secured by us, doesn't trip MCB
 
 -->
-<ruleset name="Xelerence.com" platform="cacert">
+<ruleset name="Xelerence.com">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="xelerance.com" />
-	<target host="*.xelerance.com" />
-
+	<target host="dane.xelerance.com" />
+	<target host="proxy.xelerance.com" />
+	<target host="www.xelerance.com" />
 
-	<rule from="^http://(?:www\.)?xelerance\.com/"
-		to="https://www.xelerance.com/" />
 
-	<rule from="^http://dane\.xelerence\.com/"
-		to="https://dane.xelerence.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Xen-Orchestra.com.xml b/src/chrome/content/rules/Xen-Orchestra.com.xml
new file mode 100644
index 000000000000..302e0af4acd5
--- /dev/null
+++ b/src/chrome/content/rules/Xen-Orchestra.com.xml
@@ -0,0 +1,15 @@
+<ruleset name="Xen-Orchestra.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="xen-orchestra.com" />
+	<target host="www.xen-orchestra.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/XenServer.org.xml b/src/chrome/content/rules/XenServer.org.xml
new file mode 100644
index 000000000000..27d10bf09bc2
--- /dev/null
+++ b/src/chrome/content/rules/XenServer.org.xml
@@ -0,0 +1,52 @@
+<!--
+
+	For other Citrix coverage, see Citrix.
+
+
+	Nonfunctional subdomains:
+
+		- (www.)? ¹
+		- wiki (mismatch)
+		- hcl ²
+
+	¹ Plaintext reply
+	² Dropped
+
+
+	Fully covered subdomains:
+
+		- bugs
+		- crowd
+		- lists
+
+
+	Insecure cookies are set for these hosts:
+
+		- crowd.xenserver.org
+
+
+	Mixed content:
+
+		- favicon in wiki from xenserver.org *
+
+	* Unsecurable <= plaintext reply
+
+-->
+<ruleset name="XenServer.org" >
+
+	<target host="bugs.xenserver.org" />
+	<target host="crowd.xenserver.org" />
+	<target host="lists.xenserver.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^crowd\.xenserver\.org$" name="^JSESSIONID$" /-->
+
+	<securecookie host="^crowd\.xenserver\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Xen_Project.org.xml b/src/chrome/content/rules/Xen_Project.org.xml
new file mode 100644
index 000000000000..af998550f3d5
--- /dev/null
+++ b/src/chrome/content/rules/Xen_Project.org.xml
@@ -0,0 +1,27 @@
+<!--
+	For other Linux Foundation coverage, see LinuxFoundation.xml.
+
+
+	Nonfunctional hosts in xenproject.org:
+
+		- (www.)? ᵃ
+		- wiki ²
+		- www-archive ᵃ
+
+	ᵃ Shows another domain
+	² Refused
+
+-->
+<ruleset name="Xen Project.org (partial)">
+
+	<target host="blog.xenproject.org" />
+	<target host="downloads.xenproject.org" />
+	<target host="lists.xenproject.org" />
+	<target host="mail.xenproject.org" />
+	<target host="xenbits.xenproject.org" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Xeneris.net.xml b/src/chrome/content/rules/Xeneris.net.xml
new file mode 100644
index 000000000000..8970069131b2
--- /dev/null
+++ b/src/chrome/content/rules/Xeneris.net.xml
@@ -0,0 +1,51 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://mail.xeneris.net/ => https://mail.xeneris.net/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	Nonfunctional hosts in *xeneris.net:
+
+		- (www.)? *
+		- admin *
+		- hilfe *
+		- mailboxen *
+
+	* Shows kronix.xeneris.net:443
+
+
+	Problematic hosts in *xeneris.net:
+
+		- administration *
+
+	* Mismatched
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .mail.xeneris.net
+		- kronix.xeneris.net:8443
+
+-->
+<ruleset name="Xeneris.net (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="kronix.xeneris.net" />
+	<target host="mail.xeneris.net" />
+	<target host="roundcube.xeneris.net" />
+
+		<test url="http://kronix.xeneris.net:8443/login.php3" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^kronix\.xeneris\.net$" name="^psaContext$" /-->
+	<!--securecookie host="^\.mail\.xeneris\.net$" name="^Horde5$" /-->
+
+	<securecookie host="^(?:kronix|\.mail)\.xeneris\.net$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Xenforo.com.xml b/src/chrome/content/rules/Xenforo.com.xml
index 3c2af03d110c..1d7e57cda3a1 100644
--- a/src/chrome/content/rules/Xenforo.com.xml
+++ b/src/chrome/content/rules/Xenforo.com.xml
@@ -1,14 +1,10 @@
-<!--
-	Some pages redirect to http.
-
--->
-<ruleset name="XenForo.com (partial)">
+<ruleset name="XenForo.com">
 
 	<target host="xenforo.com" />
 	<target host="www.xenforo.com" />
 
 
-	<rule from="^http://(www\.)?xenforo\.com/(?!/*community(?!/styles/))"
-		to="https://$1xenforo.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Xengrade.xml b/src/chrome/content/rules/Xengrade.xml
index 99e9b912ed5b..bb1c47e61765 100644
--- a/src/chrome/content/rules/Xengrade.xml
+++ b/src/chrome/content/rules/Xengrade.xml
@@ -4,12 +4,14 @@
 		- (www.)	(shows registration; mismatched, CN: registration.xenegrade.com)
 
 -->
-<ruleset name="Xengrade (partial)">
+<ruleset name="Xengrade.com (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="registration.xenegrade.com" />
 
 
-	<rule from="^http://registration\.xenegrade\.com/"
-		to="https://registration.xenegrade.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/XenoNode.com.xml b/src/chrome/content/rules/XenoNode.com.xml
new file mode 100644
index 000000000000..6a9801bc78ab
--- /dev/null
+++ b/src/chrome/content/rules/XenoNode.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="XenoNode.com (partial)">
+	<target host="xenonode.com" />
+	<target host="www.xenonode.com" />
+	<target host="my.xenonode.com" />
+
+	<securecookie host=".+" name=".+"/>
+
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/Xenobite.eu.xml b/src/chrome/content/rules/Xenobite.eu.xml
new file mode 100644
index 000000000000..2452c46bb4f0
--- /dev/null
+++ b/src/chrome/content/rules/Xenobite.eu.xml
@@ -0,0 +1,20 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://xenobite.eu/ => https://xenobite.eu/: (51, "SSL: no alternative certificate subject name matches target host name 'xenobite.eu'")
+
+	www doesn't exist.
+
+-->
+<ruleset name="Xenobite.eu" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="xenobite.eu" />
+	<target host="torcheck.xenobite.eu" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Xenomai.org.xml b/src/chrome/content/rules/Xenomai.org.xml
new file mode 100644
index 000000000000..c5b3420afde2
--- /dev/null
+++ b/src/chrome/content/rules/Xenomai.org.xml
@@ -0,0 +1,7 @@
+<ruleset name="Xenomai.org">
+  <target host="xenomai.org" />
+  <target host="www.xenomai.org" />
+  <target host="git.xenomai.org" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Xero_mag.com.xml b/src/chrome/content/rules/Xero_mag.com.xml
new file mode 100644
index 000000000000..416b9a25f31c
--- /dev/null
+++ b/src/chrome/content/rules/Xero_mag.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- www.xeromag.com
+
+-->
+<ruleset name="Xero mag.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="xeromag.com" />
+	<target host="www.xeromag.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.xeromag\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^www\.xeromag\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Xetra.com.xml b/src/chrome/content/rules/Xetra.com.xml
new file mode 100644
index 000000000000..8990590ab032
--- /dev/null
+++ b/src/chrome/content/rules/Xetra.com.xml
@@ -0,0 +1,35 @@
+<!--
+	For other Deutsche Börse Group coverage, see Deutsche_Boerse.xml.
+
+-->
+<ruleset name="Xetra.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="xetra.com" />
+	<target host="www.xetra.com" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.xetra\.com/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.xetra\.com/+(?!blob/|image/|resources/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.xetra.com/xetra-de/handel/handelsinformationen/handelszeiten" />
+			<test url="http://www.xetra.com/xetra-en/instruments/instruments" />
+			<test url="http://www.xetra.com/xetra-en/newsroom/fwb-announcements" />
+			<test url="http://www.xetra.com/xetra-en/newsroom/trading-calendar" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.xetra.com/blob/1208948/2cfdb09c1f3483d5a64260e8e6f3679a/data/xetra-logo.png" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Xetum.com.xml b/src/chrome/content/rules/Xetum.com.xml
new file mode 100644
index 000000000000..e4f895d4ed88
--- /dev/null
+++ b/src/chrome/content/rules/Xetum.com.xml
@@ -0,0 +1,21 @@
+<!--
+	Some pages redirect to http.
+
+
+	Mixed content:
+
+		- favicon from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Xetum.com (partial)">
+
+	<target host="xetum.com" />
+	<target host="www.xetum.com" />
+
+
+	<rule from="^http://(www\.)?xetum\.com/(?=[^?/]+/+[^?/]+|checkout(?:$|[?/])|favicon\.ico|static/)"
+		to="https://$1xetum.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Xfire.xml b/src/chrome/content/rules/Xfire.xml
index da8978cc9151..b97f3f5a1c3e 100644
--- a/src/chrome/content/rules/Xfire.xml
+++ b/src/chrome/content/rules/Xfire.xml
@@ -1,14 +1,51 @@
-<ruleset name="Xfire (partial)">
+<!--
+	Nonfunctional hosts in *xfire.com:
 
-	<target host="*.xfire.com"/>
+		- blog ¹
+		- business ²
+		- media ³
+		- secure ²
+		- social ²
+		- support ²
 
-	<rule from="^http://(www\.)?xfire\.com/lo(gin|st_password)"
-		to="https://$1xfire.com/lo$2"/>
+	¹ Shows gravity.tinyrocketserver.com
+	² Refused
+	³ 404
 
-	<rule from="^http://(?:secure-)?media\.xfire\.com/"
-		to="https://secure-media.xfire.com/"/>
 
-	<rule from="^http://secure\.xfire\.com/"
-		to="https://secure.xfire.com/"/>
+	(www.)?: Server sends no certificate chain, see https://whatsmychaincert.com
+
+
+	Insecure cookies are set for these hosts:
+
+		- xfire.com
+		- www.xfire.com
+
+
+	Mixed content:
+
+		- css on ^ from fonts.googleapis.com *
+		- Fonts on ^ from fonts.gstatic.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Xfire.com (partial)" default_off="cert-chain">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="xfire.com" />
+	<target host="www.xfire.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?xfire\.com$" name="^(AWSELB|PHPSESSID)$" /-->
+
+	<securecookie host="^(?:www\.)?xfire\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Xg4ken.com.xml b/src/chrome/content/rules/Xg4ken.com.xml
index ca9ddf9db864..7b3eccf4b429 100644
--- a/src/chrome/content/rules/Xg4ken.com.xml
+++ b/src/chrome/content/rules/Xg4ken.com.xml
@@ -19,4 +19,4 @@
 	<rule from="^http://(\d\d)\.xg4ken\.com/"
 		to="https://$1.xg4ken.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/XiTi.com.xml b/src/chrome/content/rules/XiTi.com.xml
index f252113205ef..c7197ff87daf 100644
--- a/src/chrome/content/rules/XiTi.com.xml
+++ b/src/chrome/content/rules/XiTi.com.xml
@@ -1,13 +1,17 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://logs142.xiti.com/hit.xiti?s= => https://logs142.xiti.com/hit.xiti?s=: (6, 'Could not resolve host: logs142.xiti.com')
+
 	Nonfunctional domains:
 
 		- www.atinternet.com				(timeout)
 		- (www.)xiti.com				(!www times out)
-		- log(c22|c180|c210|i6|i125).xiti.com		(tracking cookies)
 
 
-	Problematic subdomains:
+	Problematic hists in *xiti.com:
 
+		- log(c22|c180|c210|i6|i125)	(tracking cookies)
 		- logc2 *
 		- logc142	(refused)
 		- logc20[56] *
@@ -15,57 +19,101 @@
 		- logc400 *
 		- logi9 *
 		- logi10 *
+		- logi118 *
 		- logi242 *
 
 	* Refused
 
 
-	Fully covered subdomains:
+	Fully covered hists in *xiti.com:
 
 		- logc2		(→ logs2)
 		- logc20[56]	(→ s1204)
 		- logc279	(→ logs)
 		- logc400	(→ logs)
-		- logi9		(→ logs)
+		- logc\d+	(→ logs.xiti.com)
 		- logi10	(→ logs13)
+		- logi\d+	(→ logs)
 		- logs2
 		- logs13
+		- logs1136
 		- logs1142
 		- logs1204
 		- logs1279
+		- logs\d+
 		- secured75
 
+
+	Insecure cookies are set for these domains: ᶜ
+
+		- .xiti.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
 -->
-<ruleset name="XiTi.com (partial)">
+<ruleset name="XiTi.com (partial)" default_off="failed ruleset test">
 
 	<target host="*.xiti.com" />
 
 
-	<securecookie host="^\.xiti\.com$" name="^(?:idrxvr|tmst)$" />
-	<securecookie host="^(?:secured|v)75\.xiti\.com$" name=".*" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.xiti\.com$" name="^(idrxvr|tmst)$" /-->
 
+	<securecookie host="^\." name="^(?:idrxvr|tmst)$" />
+	<securecookie host="^\w" name=".+" />
 
-	<rule from="^http://(logs13|logs[12]42|logs1204|logs1279|secured75|v75)\.xiti\.com/"
-		to="https://$1.xiti.com/" />
 
-	<!--	Seems to work, and if it doesn't, noone cares:
+	<!--	Seems to work, and if it doesn't, no one cares:
 								-->
 	<rule from="^http://logc142\.xiti\.com/"
 		to="https://logs1142.xiti.com/" />
 
-	<rule from="^http://log[cs]2\.xiti\.com/"
+		<test url="http://logc142.xiti.com/hit.xiti?s=" />
+
+	<rule from="^http://logc2\.xiti\.com/"
 		to="https://logs2.xiti.com/" />
 
+		<test url="http://logc2.xiti.com/hit.xiti?s=" />
+
 	<rule from="^http://logi10\.xiti\.com/"
 		to="https://logs13.xiti.com/" />
 
+		<test url="http://logi10.xiti.com/hit.xiti?s=" />
+
 	<rule from="^http://logc20[56]\.xiti\.com/"
 		to="https://logs1204.xiti.com/" />
 
+		<test url="http://logc205.xiti.com/hit.xiti?s=" />
+		<test url="http://logc206.xiti.com/hit.xiti?s=" />
+
 	<rule from="^http://log[ci]242\.xiti\.com/"
 		to="https://logs1242.xiti.com/" />
 
-	<rule from="^http://log(?:c279|c400|i9)\.xiti\.com/"
+		<test url="http://logc242.xiti.com/hit.xiti?s=" />
+		<test url="http://logi242.xiti.com/hit.xiti?s=" />
+
+	<rule from="^http://log[ci]\d+\.xiti\.com/"
 		to="https://logs.xiti.com/" />
 
+		<test url="http://logc247.xiti.com/hit.xiti?s=" />
+		<test url="http://logc279.xiti.com/hit.xiti?s=" />
+		<test url="http://logc286.xiti.com/hit.xiti?s=" />
+		<test url="http://logc400.xiti.com/hit.xiti?s=" />
+		<test url="http://logi9.xiti.com/hit.xiti?s=" />
+		<test url="http://logi118.xiti.com/hit.xiti?s=&amp;s2=&amp;p=&amp;di=&amp;an=&amp;ac=&amp;Rdt=" />
+
+	<rule from="^http://(logs\d*|secured75|v75)\.xiti\.com/"
+		to="https://$1.xiti.com/" />
+
+		<test url="http://logs.xiti.com/hit.xiti?s=" />
+		<test url="http://logs1136.xiti.com/hit.xiti?s=" />
+		<test url="http://logs13.xiti.com/hit.xiti?s=" />
+		<test url="http://logs142.xiti.com/hit.xiti?s=" />
+		<test url="http://logs1204.xiti.com/hit.xiti?s=" />
+		<test url="http://logs1279.xiti.com/hit.xiti?s=" />
+		<test url="http://logs2.xiti.com/hit.xiti?s=" />
+		<test url="http://secured75.xiti.com/" />
+		<test url="http://v75.xiti.com/" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/Xiami.xml b/src/chrome/content/rules/Xiami.xml
new file mode 100644
index 000000000000..c1741e67a151
--- /dev/null
+++ b/src/chrome/content/rules/Xiami.xml
@@ -0,0 +1,27 @@
+<!--
+    Redirected to HTTP:
+		- xiami.com
+        - www.xiami.com
+
+    Broken:
+		- api.xiami.com (Connection times out outside China)
+        - i.xiami.com (404)
+        - res.xiami.net (Bad TLS connection)
+-->
+<ruleset name="Xiami (partial)">
+    <!-- Xiami.com rules -->
+    <target host="act.xiami.com" />
+    <target host="h.xiami.com" />
+        <test url="http://h.xiami.com/favicon.ico" />
+
+    <!-- Xiami.net rules -->
+    <target host="img.xiami.net" />
+        <test url="http://img.xiami.net/favicon.ico" />
+	<target host="m128.xiami.net" />
+	<target host="m192.xiami.net" />
+    <target host="m320.xiami.net" />
+    <target host="pic.xiami.net" />
+        <test url="http://pic.xiami.net/favicon.ico" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Xiaomi.cn.xml b/src/chrome/content/rules/Xiaomi.cn.xml
new file mode 100644
index 000000000000..8fde3cfa66f3
--- /dev/null
+++ b/src/chrome/content/rules/Xiaomi.cn.xml
@@ -0,0 +1,47 @@
+
+<!--
+	For other domains belong to xiaomi, see Xiaomi.com.xml
+
+	Break content:
+		^	( equal to www. )
+
+	MCB:
+		bbs.xiaomi.cn
+		hd.xiaomi.cn	( test : http://hd.xiaomi.cn/mipop/2016dl/ )
+		rom.xiaomi.cn
+		static.xiaomi.cn
+
+	Invalid certificate:
+		kong.bbs.xiaomi.cn
+		buglist.xiaomi.cn
+		mi3.hd.xiaomi.cn
+		michina.hd.xiaomi.cn
+		zhen.hd.xiaomi.cn
+		error.www.xiaomi.cn
+
+	No acess:
+		home.xiaomi.cn
+-->
+
+<ruleset name="Xiaomi.cn">
+	<target host="xiaomi.cn" />
+	<target host="www.xiaomi.cn" />
+	<target host="city.xiaomi.cn" />
+	<target host="down.xiaomi.cn" />
+	<target host="m.xiaomi.cn" />
+	<target host="pai.xiaomi.cn" />
+	<target host="s1.bbs.xiaomi.cn" />
+	<target host="uvip.xiaomi.cn" />
+	<target host="wan.xiaomi.cn" />
+	<target host="xue.xiaomi.cn" />
+
+	<target host="static.xiaomi.cn" />
+	<exclusion pattern="^http://static\.xiaomi\.cn/(?!xiaomicms/)" />
+		<test url="http://static.xiaomi.cn/xiaomicms/statics/css/v3/default_v3.min.css" />
+		<test url="http://static.xiaomi.cn/xiaomicms/uploadfile/2012/0809/20120809020546414.png" />
+		<test url="http://static.xiaomi.cn/115" />
+
+	<rule from="^http://xiaomi\.cn/" to="https://www.xiaomi.cn/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Xiaomi.com.xml b/src/chrome/content/rules/Xiaomi.com.xml
new file mode 100644
index 000000000000..7b3690bd318e
--- /dev/null
+++ b/src/chrome/content/rules/Xiaomi.com.xml
@@ -0,0 +1,84 @@
+<!--
+	Other rulesets for xiaomi:
+		- AppMifile.com.xml
+		- Mi.com.xml
+		- Mi-img.com.xml
+		- Mifile.cn.xml
+		- Mipay.com.xml
+		- MIUI.com.xml
+		- Xiaomi.cn.xml
+		- Xiaomi.net.xml
+
+	Incomplete cert chain:
+		o2o.api.xiaomi.com	https://o2o.api.xiaomi.com/tracker
+
+	Mismatch
+		- designer.xiaomi.com
+		- hr.xiaomi.com
+		- hk.xiaomi.com
+		- stats.xiaomi.com
+		- tw.xiaomi.com
+		- t(\d).market.xiaomi.com
+
+	Null response
+		- hm.xiaomi.com
+
+	Portocol error
+		- dev.xiaomi.com
+
+	Timeout
+		- ^
+		- www.xiaomi.com
+		- app.xiaomi.com
+		- apps.xiaomi.com
+		- bbs.xiaomi.com
+		- blog.xiaomi.com
+		- game.xiaomi.com
+		- m.xiaomi.com
+		- mi.xiaomi.com
+		- yingyong.xiaomi.com
+
+	Mixed content On
+		hao.xiaomi.com		From
+			- f[1-5].market.mi-img.com
+			- t[1-5].market.mi-img.com
+		sec.xiaomi.com		From
+			- cdn.cnbj1.fds.api.mi-img.com
+			- lxcdn.dl.files.xiaomi.net
+		zhuti.xiaomi.com	From
+			- i1.ml.mi-img.com
+			- t[1-5].market.mi-img.com
+			- file.market.xiaomi.com
+			- t[1-5].market.xiaomi.com
+			- resource.xiaomi.net*
+
+	MCB
+		hao.xiaomi.com/816		From
+			- cdn.hao.mi-img.com
+		zhuti.xiaomi.com	From
+			- static.xiaomi.net*
+-->
+<ruleset name="Xiaomi.com (partial)">
+	<target host="account.xiaomi.com" />
+	<target host="awsbj0-cdn.fds-ssl.api.xiaomi.com" />
+		<test url="http://awsbj0-cdn.fds-ssl.api.xiaomi.com/aos-pro/10400201/index.html#/olympicIndex" />
+	<target host="weatherapi.market.xiaomi.com" />
+	<target host="mibi.xiaomi.com" />
+	<target host="static.mibi.xiaomi.com" />
+		<test url="http://static.mibi.xiaomi.com/dist/libs/bower_components/requirejs/177879fb.require.min.js" />
+	<target host="api.pay.xiaomi.com" />
+		<test url="http://api.pay.xiaomi.com/creditCard/wap" />
+	<target host="sec.xiaomi.com" />
+	<target host="static.pay.xiaomi.com" />
+	<target host="a.stat.xiaomi.com" />
+		<test url="http://a.stat.xiaomi.com/js/mstr.js" />
+
+	<!-- MCB -->
+	<target host="hao.xiaomi.com" />
+		<exclusion pattern="^http://hao\.xiaomi\.com/816/" />
+		<test url="http://hao.xiaomi.com/816/intro/" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Xiaomi.net.xml b/src/chrome/content/rules/Xiaomi.net.xml
new file mode 100644
index 000000000000..9d3b8ca3123d
--- /dev/null
+++ b/src/chrome/content/rules/Xiaomi.net.xml
@@ -0,0 +1,25 @@
+<!--
+	For other domains belong to xiaomi, see Xiaomi.com.xml
+
+	404
+		- api.chat.xiaomi.net
+
+	Mismatch:
+		sec-cdn.static.xiaomi.net
+
+	Timeout
+		- ^
+		- www.xiaomi.net
+		- lxcdn.dl.files.xiaomi.net	( Test by Tor: https://lxcdn.dl.files.xiaomi.net/mfsv2/avatar/s008/p01fFwFjmMmP/tyole5yOXfikhG.png )
+
+-->
+<ruleset name="Xiaomi.net (partial)">
+	<target host="land.xiaomi.net" />
+	<target host="static.micloud.xiaomi.net" />
+	<target host="resource.xiaomi.net" />
+		<test url="http://resource.xiaomi.net/miuimarket/rank_small.png" />
+	<target host="static.xiaomi.net" />
+		<test url="http://static.xiaomi.net/176023/scripts/market/module/rankStar.js" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Xignite.xml b/src/chrome/content/rules/Xignite.xml
index eabfcad8430d..810fc91d20cd 100644
--- a/src/chrome/content/rules/Xignite.xml
+++ b/src/chrome/content/rules/Xignite.xml
@@ -32,20 +32,38 @@
 		- Support/SupportPlans.aspx$
 
 -->
-<ruleset name="Xignite (partial)">
+<ruleset name="Xignite.com (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="xignite.com" />
-	<target host="*.xignite.com" />
-		<exclusion pattern="^http://(?:www\.)?xignite\.com/(?:$|\?|Documents/|market-data/|Products/|Support/)" />
+	<target host="www.xignite.com" />
 
+	<!--	Complications:
+				-->
+	<target host="cdn.xignite.com" />
 
-	<!--securecookie host="^(?:www\.)?xignite\.com$" name=".+" /-->
+		<!--	Redirects to http:
+					-->
+		<exclusion pattern="^http://www\.xignite\.com/(?:$|\?|Documents/|market-data/|Products/|Support/)" />
+
+			<test url="http://www.xignite.com/?" />
+			<test url="http://www.xignite.com/Documents/" />
+			<test url="http://www.xignite.com/market-data/" />
+			<test url="http://www.xignite.com/market-data/contact-us/" />
+			<test url="http://www.xignite.com/Products/" />
+			<test url="http://www.xignite.com/Support/" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.xignite.com/Register" />
+			<test url="http://www.xignite.com/css/global/ie8.css" />
+			<test url="http://www.xignite.com/img/global/logo-text.png" />
 
 
-	<rule from="^http://(www\.)?xignite\.com/"
-		to="https://$1xignite.com/" />
+	<!--securecookie host="^(?:www\.)?xignite\.com$" name=".+" /-->
+
 
-	<rule from="^https?://cdn\.xignite\.com/"
-		to="https://d238gk3mw72oe2.cloudfront.net/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Xine-project.org.xml b/src/chrome/content/rules/Xine-project.org.xml
index 27ae7643d700..273890c1f68c 100644
--- a/src/chrome/content/rules/Xine-project.org.xml
+++ b/src/chrome/content/rules/Xine-project.org.xml
@@ -17,7 +17,7 @@
 	<target host="www.xine-project.org" />
 
 
-	<rule from="^http://(www\.)?xine-project\.org/"
-		to="https://$1xine-project.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Xing.xml b/src/chrome/content/rules/Xing.xml
index 5d42dbd60495..71e9f0184fb7 100644
--- a/src/chrome/content/rules/Xing.xml
+++ b/src/chrome/content/rules/Xing.xml
@@ -24,6 +24,11 @@
 	<target host="x1.xingassets.com" />
 
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="\.xing\.com$" name="^c_$" /-->
+	<!--securecookie host="www\.xing\.com$" name="^language$" /-->
+
 	<securecookie host=".*\.xing\.com$" name=".+" />
 
 
diff --git a/src/chrome/content/rules/Xiph.org.xml b/src/chrome/content/rules/Xiph.org.xml
index e0e693586ecb..89ce7d8ecf1b 100644
--- a/src/chrome/content/rules/Xiph.org.xml
+++ b/src/chrome/content/rules/Xiph.org.xml
@@ -1,4 +1,9 @@
 <!--
+	Other Xiph rulesets:
+
+		- AreWeCompressedYet.com.xml
+
+
 	Nonfunctional subdomains:
 
 		- downloads *
@@ -21,12 +26,18 @@
 <ruleset name="Xiph.org">
 
 	<target host="xiph.org" />
-	<target host="*.xiph.org" />
+	<target host="git.xiph.org" />
+	<target host="media.xiph.org" />
+	<target host="people.xiph.org" />
+	<target host="svn.xiph.org" />
+	<target host="trac.xiph.org" />
+	<target host="wiki.xiph.org" />
+	<target host="www.xiph.org" />
 
 
-	<securecookie host="^.*\.xiph\.org$" name=".*" />
+	<securecookie host="^.*\.xiph\.org$" name=".+" />
 
 
-	<rule from="^http://((?:git|media|people|svn|wiki|trac|www)\.)?xiph\.org/"
-		to="https://$1xiph.org/" />
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Xiscosoft.es.xml b/src/chrome/content/rules/Xiscosoft.es.xml
index 5c29fa58bc99..dd49640a0266 100644
--- a/src/chrome/content/rules/Xiscosoft.es.xml
+++ b/src/chrome/content/rules/Xiscosoft.es.xml
@@ -1,4 +1,17 @@
 <!--
+	Problematic hosts:
+
+		- (www.)?xiscosoft.com *
+		- (www.)?xiscosoft.com.es *
+		- (www.)?xiscosoft.es *
+		- klondike.xiscosoft.es *
+		- (www.)?xiscosoft.info *
+		- xiscosoft.net *
+		- (www.)?xiscosoft.org *
+
+	* Server sends no certificate chain, see https://whatsmychaincert.com
+
+
 	Fully covered subdomains:
 
 		- (www.)xiscosoft.com
@@ -6,7 +19,7 @@
 		- (www.)xiscosoft.es
 		- klondike.xiscosoft.es
 		- (www.)xiscosoft.info
-		- (www.)xiscosoft.net
+		- xiscosoft.net
 		- (www.)xiscosoft.org
 
 
@@ -17,19 +30,30 @@
 	* Secured by us, doesn't trip MCB
 
 -->
-<ruleset name="Xiscosoft.es" platform="cacert">
+<ruleset name="Xiscosoft.es" default_off="cert-chain">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="xiscosoft.com" />
+	<target host="www.xiscosoft.com" />
 
-	<target host="xiscosoft.*" />
-	<target host="www.xiscosoft.*" />
 	<target host="xiscosoft.com.es" />
 	<target host="www.xiscosoft.com.es" />
+
+	<target host="xiscosoft.es" />
 	<target host="klondike.xiscosoft.es" />
+	<target host="www.xiscosoft.es" />
+
+	<target host="xiscosoft.net" />
+
+	<target host="xiscosoft.org" />
+	<target host="www.xiscosoft.org" />
 
+	<target host="xiscosoft.info" />
+	<target host="www.xiscosoft.info" />
 
-	<rule from="^http://(www\.)?xiscosoft\.(com|com\.es|es|info|net|org)/"
-		to="https://$1xiscosoft.$2/" />
 
-	<rule from="^http://klondike\.xiscosoft\.es/"
-		to="https://klondike.xiscosoft.es/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Xm1_Math.net.xml b/src/chrome/content/rules/Xm1_Math.net.xml
index 9e14cb078c0e..1a0551c39499 100644
--- a/src/chrome/content/rules/Xm1_Math.net.xml
+++ b/src/chrome/content/rules/Xm1_Math.net.xml
@@ -1,6 +1,12 @@
 <!--
 	CN: ssl6.ovh.net
 
+
+	Insecure cookies are set for these hosts:
+
+		- xm1math.net
+		- www.xm1math.net
+
 -->
 <ruleset name="Xm1 Math.net" default_off="mismatched">
 
@@ -8,10 +14,12 @@
 	<target host="www.xm1math.net" />
 
 
-	<securecookie host="^xm1math\.net$" name=".+" />
+	<!--securecookie host="^(www\.)?xm1math\.net$" name="^(mediaplan|mediaplanBAK)$" /-->
+
+	<securecookie host="^(?:www\.)?xm1math\.net$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?xm1math\.net/"
-		to="https://xm1math.net/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Xmarks.xml b/src/chrome/content/rules/Xmarks.xml
deleted file mode 100644
index c34e445742b0..000000000000
--- a/src/chrome/content/rules/Xmarks.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<ruleset name="Xmarks">
-
-	<target host="xmarks.com"/>
-	<target host="*.xmarks.com"/>
-
-	<securecookie host="^(.*\.)?xmarks.com$" name=".*"/>
-
-	<rule from="^http://(?:www\.)?xmarks\.com/"
-		to="https://www.xmarks.com/"/>
-
-	<rule from="^http://(buy|download|login|my|static|thumbs)\.xmarks\.com/"
-		to="https://$1.xmarks.com/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Xnimg.cn.xml b/src/chrome/content/rules/Xnimg.cn.xml
new file mode 100644
index 000000000000..a8e5e3b1f220
--- /dev/null
+++ b/src/chrome/content/rules/Xnimg.cn.xml
@@ -0,0 +1,32 @@
+<!--
+	Problematic hosts in *xnimg.cn:
+
+		- a ³
+		- s ³
+
+	³ 403
+
+-->
+<ruleset name="xnimg.cn">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ssl.a.xnimg.cn" />
+	<target host="ssl.s.xnimg.cn" />
+
+	<!--	Complications:
+				-->
+	<target host="a.xnimg.cn" />
+	<target host="s.xnimg.cn" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://(a|s)\.xnimg\.cn/"
+		to="https://ssl.$1.xnimg.cn/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Xnxx-cdn.com.xml b/src/chrome/content/rules/Xnxx-cdn.com.xml
new file mode 100644
index 000000000000..ddcc9b38deea
--- /dev/null
+++ b/src/chrome/content/rules/Xnxx-cdn.com.xml
@@ -0,0 +1,22 @@
+<!--
+	See also Xnxx.com.xml.
+
+-->
+<ruleset name="Xnxx-cdn.com (partial)">
+	<target host="hls-hw.xnxx-cdn.com" />
+	<target host="hls1-l3.xnxx-cdn.com" />
+	<target host="hls2-l3.xnxx-cdn.com" />
+	<target host="hls3-l3.xnxx-cdn.com" />
+	<target host="hls4-l3.xnxx-cdn.com" />
+	<target host="images-llnw.xnxx-cdn.com" />
+	<target host="img-egc.xnxx-cdn.com" />
+	<target host="img-hw.xnxx-cdn.com" />
+	<target host="vid-egc.xnxx-cdn.com" />
+	<target host="vid1-l3.xnxx-cdn.com" />
+	<target host="vid2-l3.xnxx-cdn.com" />
+	<target host="vid3-l3.xnxx-cdn.com" />
+	<target host="vid4-l3.xnxx-cdn.com" />
+	<target host="video-hw.xnxx-cdn.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Xnxx.com.xml b/src/chrome/content/rules/Xnxx.com.xml
new file mode 100644
index 000000000000..d811e5fe75c4
--- /dev/null
+++ b/src/chrome/content/rules/Xnxx.com.xml
@@ -0,0 +1,29 @@
+<!--
+	See also Xnxx-cdn.com.xml.
+
+	Connection refused:
+		galleries.xnxx.com
+		games.xnxx.com
+		videos.xnxx.com
+
+	Invalid certificate:
+		gfx.xnxx.com
+		pics.xnxx.com (incomplete certificate chain)
+
+-->
+<ruleset name="Xnxx.com">
+	<target host="xnxx.com" />
+	<target host="www.xnxx.com" />
+	<target host="account.xnxx.com" />
+	<target host="forum.xnxx.com" />
+	<target host="forums.xnxx.com" />
+	<target host="jokes.xnxx.com" />
+	<target host="m.xnxx.com" />
+	<target host="mobile.xnxx.com" />
+	<target host="multi.xnxx.com" />
+	<target host="poems.xnxx.com" />
+	<target host="stories.xnxx.com" />
+	<target host="video.xnxx.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Xonotic.org.xml b/src/chrome/content/rules/Xonotic.org.xml
new file mode 100644
index 000000000000..567f29d97f9b
--- /dev/null
+++ b/src/chrome/content/rules/Xonotic.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="Xonotic.org">
+	<target host="xonotic.org" />
+	<target host="www.xonotic.org" />
+	<target host="dl.xonotic.org" />
+	<target host="stats.xonotic.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Xparkmedia.com.xml b/src/chrome/content/rules/Xparkmedia.com.xml
index ce6c5e0366d0..c059bc28292c 100644
--- a/src/chrome/content/rules/Xparkmedia.com.xml
+++ b/src/chrome/content/rules/Xparkmedia.com.xml
@@ -1,13 +1,15 @@
 <ruleset name="Xparkmedia.com">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="xparkmedia.com" />
-	<target host="*.xparkmedia.com" />
+	<target host="www.xparkmedia.com" />
 
 
-	<securecookie host="^\.xparkmedia\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(www\.)?xparkmedia\.com/"
-		to="https://$1xparkmedia.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/XpdfReader.com.xml b/src/chrome/content/rules/XpdfReader.com.xml
new file mode 100644
index 000000000000..20e8cd918768
--- /dev/null
+++ b/src/chrome/content/rules/XpdfReader.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="XpdfReader.com">
+
+	<target host="xpdfreader.com" />
+	<target host="www.xpdfreader.com" />
+	<target host="forum.xpdfreader.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Xperia_Studio.xml b/src/chrome/content/rules/Xperia_Studio.xml
index 68afd8103279..b44c9b641ef6 100644
--- a/src/chrome/content/rules/Xperia_Studio.xml
+++ b/src/chrome/content/rules/Xperia_Studio.xml
@@ -12,7 +12,7 @@
 	<target host="www.xperiastudio.com" />
 
 
-	<rule from="^https?://(?:www\.)?xperiastudio\.com/wp-content/"
+	<rule from="^http://(?:www\.)?xperiastudio\.com/wp-content/"
 		to="https://www.xperiastudio.com/wp-content/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Xperience-Days.xml b/src/chrome/content/rules/Xperience-Days.xml
deleted file mode 100644
index 43622b717a57..000000000000
--- a/src/chrome/content/rules/Xperience-Days.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<ruleset name="Xperience Days">
-	<target host="xperiencedays.com" />
-	<target host="secure.xperiencedays.com" />
-	<target host="static.xperiencedays.com" />
-	<target host="www.xperiencedays.com" />
-
-	<securecookie host="^secure\.xperiencedays\.com$"
-			name=".+" />
-
-	<rule from="^http://secure\.xperiencedays\.com/"
-		to="https://secure.xperiencedays.com/" />
-	<rule from="^https?://((static|www)\.)?xperiencedays\.com/"
-		to="https://secure.xperiencedays.com/" />
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/XperienceDays.com.xml b/src/chrome/content/rules/XperienceDays.com.xml
new file mode 100644
index 000000000000..926ef00aca18
--- /dev/null
+++ b/src/chrome/content/rules/XperienceDays.com.xml
@@ -0,0 +1,16 @@
+<!--
+	Time out:
+		static.xperiencedays.com
+
+-->
+<ruleset name="Xperience Days.com">
+
+	<target host="xperiencedays.com" />
+	<target host="www.xperiencedays.com" />
+	<target host="media.xperiencedays.com" />
+		<test url="http://media.xperiencedays.com/ProdImages/Kayaking-Tours-Kayaking-Lessons.jpg" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Xplosion_interactive.xml b/src/chrome/content/rules/Xplosion_interactive.xml
index c92be3ea789c..c452543b7d00 100644
--- a/src/chrome/content/rules/Xplosion_interactive.xml
+++ b/src/chrome/content/rules/Xplosion_interactive.xml
@@ -1,13 +1,24 @@
-<ruleset name="xplosion interactive">
+<!--
+	xplosion interactive
 
-	<target host="xplosion.de" />
-	<target host="*.xplosion.de" />
+-->
+<ruleset name="Xplosion.de">
 
+	<!--	Direct rewrites:
+				-->
+	<target host="cdn.emetriq.de" />
+	<target host="dyn.emetriq.de" />
+	<target host="uss.emetriq.de" />
+	<target host="xplosion.de" />
+	<target host="cdn.xplosion.de" />
+	<target host="pimages.xplosion.de" />
+	<target host="ups.xplosion.de" />
+	<target host="www.xplosion.de" />
 
-	<securecookie host="^.+\.xplosion\.de$" name=".+" />
 
+	<securecookie host=".\.xplosion\.de$" name=".+" />
 
-	<rule from="^http://(16042\.pi\.|pimages\.|www\.)?xplosion\.de/"
-		to="https://$1xplosion.de/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Xplr.xml b/src/chrome/content/rules/Xplr.xml
index f8aa93e4576f..c68b3c3b2a76 100644
--- a/src/chrome/content/rules/Xplr.xml
+++ b/src/chrome/content/rules/Xplr.xml
@@ -1,13 +1,14 @@
-<ruleset name="Xplr">
+<ruleset name="Xplr.com" default_off="expired">
 
 	<target host="xplr.com" />
-	<target host="*.xplr.com" />
+	<target host="piwik.xplr.com" />
+	<target host="www.xplr.com" />
 
 
-	<securecookie host="^(?:piwik\.|www\.)?xplr\.com$" name=".+" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^http://(piwik\.|www\.)?xplr\.com/"
-		to="https://$1xplr.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Xpra.xml b/src/chrome/content/rules/Xpra.xml
index c541f9bdc2e1..b989b848e337 100644
--- a/src/chrome/content/rules/Xpra.xml
+++ b/src/chrome/content/rules/Xpra.xml
@@ -1,13 +1,15 @@
-<ruleset name="Xpra">
+<ruleset name="Xpra.org">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="xpra.org" />
 	<target host="www.xpra.org" />
 
 
-	<securecookie host="^www\.xpra\.org$" name=".*" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^http://(www\.)?xpra\.org/"
-		to="https://$1xpra.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Xramp.com.xml b/src/chrome/content/rules/Xramp.com.xml
new file mode 100644
index 000000000000..61119f39ec07
--- /dev/null
+++ b/src/chrome/content/rules/Xramp.com.xml
@@ -0,0 +1,16 @@
+<!--
+	For other Trustwave coverage, see Trustwave.xml.
+
+-->
+<ruleset name="xramp.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="seal.xramp.com" />
+	<target host="sitedata.xramp.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Xrel.to.xml b/src/chrome/content/rules/Xrel.to.xml
new file mode 100644
index 000000000000..e128f1554096
--- /dev/null
+++ b/src/chrome/content/rules/Xrel.to.xml
@@ -0,0 +1,14 @@
+<!--
+	Problematic subdomains:
+		- mail.xrel.to
+-->
+
+<ruleset name="xREL.to">
+	<target host="xrel.to" />
+	<target host="api.xrel.to" />
+	<target host="ssl.xrel.to" />
+	<target host="static.xrel.to" />
+	<target host="www.xrel.to" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Xroxy.com.xml b/src/chrome/content/rules/Xroxy.com.xml
new file mode 100644
index 000000000000..b23a6939b3fe
--- /dev/null
+++ b/src/chrome/content/rules/Xroxy.com.xml
@@ -0,0 +1,34 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://xroxy.com/ => https://xroxy.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.xroxy.com/ => https://www.xroxy.com/: (60, 'SSL certificate problem: certificate has expired')
+
+	Insecure cookies are set for these domains: ᶜ
+
+		- .xroxy.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="xroxy.com" default_off="failed ruleset test">
+
+	<target host="xroxy.com" />
+	<target host="www.xroxy.com" />
+
+		<!--	Sets cookies without Secure:
+							-->
+		<!--test url="http://www.xroxy.com/xorum/" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.xroxy\.com$" name="^phpbb2mysql_(?:data|sid)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Xsens.com.xml b/src/chrome/content/rules/Xsens.com.xml
new file mode 100644
index 000000000000..c59354d660e6
--- /dev/null
+++ b/src/chrome/content/rules/Xsens.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="Xsens.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="xsens.com" />
+	<target host="www.xsens.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Xserver.xml b/src/chrome/content/rules/Xserver.xml
index ea2502779e03..def959d11697 100644
--- a/src/chrome/content/rules/Xserver.xml
+++ b/src/chrome/content/rules/Xserver.xml
@@ -9,12 +9,13 @@
 -->
 <ruleset name="Xserver (partial)">
 
-	<target host="xserver.*.jp" />
-	<target host="www.xserver.*.jp" />
+	<target host="xserver.co.jp" />
+	<target host="xserver.ne.jp" />
+	<target host="www.xserver.co.jp" />
+	<target host="www.xserver.ne.jp" />
 		<exclusion pattern="^http://(?:www\.)?xserver\.(?:co|ne)\.jp/(?:\?.*)?$" />
 
 
-	<rule from="^http://(www\.)?xserver\.(co|ne)\.jp/"
-		to="https://$1xserver.$2.jp/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Xsolla.xml b/src/chrome/content/rules/Xsolla.xml
index 696e9965468a..e084705469db 100644
--- a/src/chrome/content/rules/Xsolla.xml
+++ b/src/chrome/content/rules/Xsolla.xml
@@ -1,29 +1,42 @@
 <!--
-	Nonfunctional xsolla.com subdomains:
-
-		- (www.)	(times out)
-		- analytics	(handshake fails)
-		- help		(403; mismatched, CN: ps.xsolla.com)
-
-
-	Problematic domains:
-
-		- tools.xsolla.com	(works, self-signed)
-
+	Other Xsolla rulesets:
+		- 2pay.ru.xml
+
+	Problematic subdomains:
+		- analytics (expired)
+		- blog (403)
+		- cdn (SSL protocol error)
+		- status (mismatched, statuspage.io)
 -->
-<ruleset name="Xsolla (partial)">
-
-	<target host="2pay.ru" />
-	<target host="*.xsolla.com" />
-
-
-	<securecookie host="^.+\.xsolla\.com$" name=".+" />
-
-
-	<rule from="^http://2pay\.ru/"
-		to="https://2pay.ru/" />
-
-	<rule from="^http://((?:dev-)?account|cdn|ps|secure|static)\.xsolla\.com/"
-		to="https://$1.xsolla.com/" />
 
-</ruleset>
\ No newline at end of file
+<ruleset name="Xsolla.com (partial)">
+	<target host="xsolla.com" />
+	<target host="www.xsolla.com" />
+	<target host="account.xsolla.com" />
+	<target host="blog.xsolla.com" />
+	<target host="cdn3.xsolla.com" />
+	<target host="demo-merchant.xsolla.com" />
+	<target host="developers.xsolla.com" />
+	<target host="forum.xsolla.com" />
+	<target host="h.xsolla.com" />
+	<target host="help.xsolla.com" />
+	<target host="inside.xsolla.com" />
+	<target host="livedemo.xsolla.com" />
+	<target host="merchant.xsolla.com" />
+	<target host="ps.xsolla.com" />
+	<target host="publisher.xsolla.com" />
+	<target host="secure.xsolla.com" />
+	<target host="static.xsolla.com" />
+	<target host="status.xsolla.com" />
+	<target host="support.xsolla.com" />
+	<target host="tools.xsolla.com" />
+	<target host="verify.xsolla.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://blog\.xsolla\.com/" to="https://xsolla.com/blog/" />
+
+	<rule from="^http://status\.xsolla\.com/" to="https://xsolla.statuspage.io/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Xt-Commerce-mismatches.xml b/src/chrome/content/rules/Xt-Commerce-mismatches.xml
index 749938e7d0af..d2b0c2f50e9e 100644
--- a/src/chrome/content/rules/Xt-Commerce-mismatches.xml
+++ b/src/chrome/content/rules/Xt-Commerce-mismatches.xml
@@ -2,19 +2,19 @@
 	For rules that are on by default, see Xt-Commerce.xml
 
 -->
-<ruleset name="xt:Commerce (mismatches)" default_off="mismatch">
+<ruleset name="xt:Commerce (mismatches)" default_off="mismatched">
 
 	<target host="xt-commerce.co.uk" />
 	<target host="www.xt-commerce.co.uk" />
 
 
-	<securecookie host="^www\.xt-commerce\.co\.uk$" name=".*" />
+	<securecookie host="^www\.xt-commerce\.co\.uk$" name=".+" />
 
 
 	<!--	- Cert only matches .com
 		- !www redirects to www
 				-->
-	<rule from="^https?://(?:www\.)?xt-commerce\.co.uk/"
+	<rule from="^http://(?:www\.)?xt-commerce\.co\.uk/"
 		to="https://www.xt-commerce.co.uk/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Xt-Commerce.xml b/src/chrome/content/rules/Xt-Commerce.xml
index ea75e8c94c0a..15e7e17d8bfa 100644
--- a/src/chrome/content/rules/Xt-Commerce.xml
+++ b/src/chrome/content/rules/Xt-Commerce.xml
@@ -2,27 +2,46 @@
 	For problematic rules, see Xt-Commerce-mismatches.xml.
 
 
-	Nonfunctional domains:
+	Mixed content:
 
-		- addons.xt-commerce.com	(cert: plesk, self-signed, expired;
-						shows default Plesk page)
+		- css addons, www from $self *
+
+		- Images, on:
+
+			- www from www.google.com *
+			- addons, www from $self *
+			- addons from www.xt-commerce.com *
+
+		- Ads on www from googleads.g.doubleclick.net
+
+	* Secured by us
 
 -->
-<ruleset name="xt:Commerce (partial)" platform="mixedcontent">
+<ruleset name="xt:Commerce (false MCB)" platform="mixedcontent">
 
-	<target host="xt-commerce.com" />
+	<!--	Direct rewrites:
+				-->
+	<target host="addons.xt-commerce.com" />
 	<target host="www.xt-commerce.com" />
-	<!--	* for cross-domain cookie.	-->
-	<target host="*.www.xt-commerce.com" />
 
+	<!--	Complications:
+				-->
+	<target host="xt-commerce.com" />
 
-	<securecookie host="^www\.xt-commerce\.com$" name=".*" />
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.xt-commerce\.com$" name="^(?:incap_ses_\d+|visid_incap)_\d+$" /-->
+	<!--securecookie host="^www\.xt-commerce\.com$" name="^(?:___utm[abm]\w+|x[\da-f]+)$" /-->
 
-	<!--	- Cert only matches www
-		- !www redirects to www
-				-->
-	<rule from="^https?://(?:www\.)?xt-commerce\.com/"
+	<securecookie host="^\." name="^(?:incap_ses_\d+|visid_incap)_\d+$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://xt-commerce\.com/"
 		to="https://www.xt-commerce.com/" />
 
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/XtGem.com-problematic.xml b/src/chrome/content/rules/XtGem.com-problematic.xml
index 8487a9711525..96d9bc0ddcc6 100644
--- a/src/chrome/content/rules/XtGem.com-problematic.xml
+++ b/src/chrome/content/rules/XtGem.com-problematic.xml
@@ -6,14 +6,13 @@
 
 	<target host="blog.xtgem.com" />
 	<target host="bucklink.xtgem.com" />
-	<target host="*.bucklink.xtgem.com" />
 	<target host="syntax.xtgem.com" />
 
 
-	<securecookie host="^(?:blog|\.bucklink|syntax)\.xtgem\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(blog|bucklink|syntax)\.xtgem\.com/"
-		to="https://$1.xtgem.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/XtGem.com.xml b/src/chrome/content/rules/XtGem.com.xml
index efc58141f11a..cc04941a0a16 100644
--- a/src/chrome/content/rules/XtGem.com.xml
+++ b/src/chrome/content/rules/XtGem.com.xml
@@ -2,55 +2,73 @@
 	For problematic rules, see XtGem.com-problematic.xml.
 
 
-	Problematic subdomains:
+	Problematic hosts in *xtgem.com:
 
-		- www		(cert only matches ^xtgem.com)
-		- blog *
-		- bucklink *
-		- syntax *
+		- blog ᵐ
+		- bucklink ᵐ
+		- syntax ᵐ
+		- www ᵐ
 
-	* Works; expired 2013-10-23, mismatched, CN: xtgem.com
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- xtgem.com
+		- .xtgem.com
+		- blog.xtgem.com
 
 
 	Mixed content:
 
 		- css, on:
 
-			- ^ from fonts.googleapis.com *
-			- blog from blog *
-			- blog from fonts.googleapis.com *
-			- syntax from syntax *
-			- syntax from fonts.googleapis.com *
+			- blog from blog ˢ
+			- blog from fonts.googleapis.com ˢ
+			- syntax from syntax ˢ
+			- syntax from fonts.googleapis.com ˢ
 
 		- Images, on:
 
-			- blog from ^ *
-			- syntax from ^ *
+			- blog from ^ ˢ
+			- syntax from ^ ˢ
 			- syntax from www4.clustrmaps.com **
 			- syntax from tutorial.graham.yn.lt
 
 		- Web bugs, on:
 
-			- ^ from pixel.quantserve.com *
-			- blog from www.google-analytics.com *
-			- blog from pixel.quantserve.com *
-			- syntax from www.google-analytics.com *
-			- syntax from pixel.quantserve.com *
+			- blog from www.google-analytics.com ˢ
+			- blog from pixel.quantserve.com ˢ
+			- syntax from www.google-analytics.com ˢ
+			- syntax from pixel.quantserve.com ˢ
 
-	* Secured by us
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 	** Unsecurable
 
 -->
 <ruleset name="XtGem.com (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="xtgem.com" />
-	<target host="*.xtgem.com" />
 
+	<!--	Complications:
+				-->
+	<target host="www.xtgem.com" />
 
-	<securecookie host="^\.xtgem\.com$" name=".+" />
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^xtgem\.com$" name="^_(?:_lang|_template|xta_vid)$" /-->
+	<!--securecookie host="^(?:blog)?\.xtgem\.com$" name="^session$" /-->
 
-	<rule from="^http://(?:www\.)?xtgem\.com/"
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://www\.xtgem\.com/"
 		to="https://xtgem.com/" />
 
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/Xtendmedia.com.xml b/src/chrome/content/rules/Xtendmedia.com.xml
deleted file mode 100644
index 9f376b719f72..000000000000
--- a/src/chrome/content/rules/Xtendmedia.com.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	For other Matomy Media coverage, see Matomy-Media.xml.
-
-
-	Problematic subdomains:
-
-		- creative	(works, akamai)
-
--->
-<ruleset name="xtendmedia.com">
-
-	<target host="ad.xtendmedia.com" />
-
-
-	<!--	- Cert doesn't match
-		- Data seem identical
-				-->
-	<rule from="^https?://ad\.xtendmedia\.com/"
-		to="https://ad.rmxads.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Xtenit.xml b/src/chrome/content/rules/Xtenit.xml
index 5718d4834ae5..e0b166cab53d 100644
--- a/src/chrome/content/rules/Xtenit.xml
+++ b/src/chrome/content/rules/Xtenit.xml
@@ -21,4 +21,4 @@
 	<rule from="^http://([\w-]+)\.secure\.xtenit\.com/"
 		to="https://$1.secure.xtenit.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Xtnetwork.fr.xml b/src/chrome/content/rules/Xtnetwork.fr.xml
new file mode 100644
index 000000000000..de4a452a6b7c
--- /dev/null
+++ b/src/chrome/content/rules/Xtnetwork.fr.xml
@@ -0,0 +1,15 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cdn.realdebrid.xtnetwork.fr/ => https://cdn.realdebrid.xtnetwork.fr/: (35, 'error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error')
+
+-->
+<ruleset name="xtnetwork.fr" default_off="failed ruleset test">
+
+	<target host="cdn.realdebrid.xtnetwork.fr" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Xtremepapers.xml b/src/chrome/content/rules/Xtremepapers.xml
new file mode 100644
index 000000000000..581fe1274081
--- /dev/null
+++ b/src/chrome/content/rules/Xtremepapers.xml
@@ -0,0 +1,27 @@
+<!--
+	Mixed content:
+
+		- Images, on:
+
+			- papers from papers.xtremepapers.com *
+			- papers from www.xtremepapers.com *
+
+	* Secured by us
+
+-->
+<ruleset name="XTREMEPAPERS.com">
+
+	<target host="xtremepapers.com" />
+	<target host="papers.xtremepapers.com" />
+	<target host="www.xtremepapers.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Xtube.com.xml b/src/chrome/content/rules/Xtube.com.xml
index b76d7ee0bf43..55a2bc260bce 100644
--- a/src/chrome/content/rules/Xtube.com.xml
+++ b/src/chrome/content/rules/Xtube.com.xml
@@ -1,6 +1,100 @@
-<ruleset name="Xtube.com">
-  <target host="xtube.com" />
-  <target host="www.xtube.com" />
+<!--
+	CDN buckets:
+
+		- cdn1.static.xtube.com.swiftcdn1.com
+
+
+	Nonfunctional hosts in *xtube.com:
+
+		- mobile ¹
+		- cdn[12].publicphoto ²
+		- cdn[12].static ²
+		- support ¹
+		- i0.cdn1.videothumbs ²
+
+	¹ Refused
+	² Dropped
+
+
+	Problematic hosts in *xtube.com:
+
+		- feedback *
+
+	* Uservoice
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- xtube.com
+		- .xtube.com
+		- feedback.xtube.com
+		- www.xtube.com
+
+
+	Mixed content:
+
+		- css from cdn1.static.xtube.com ¹
+
+		- Images, from:
+
+			-  cdn[12].publicphoto.xtube.com ²
+			-  cdn[12].static.xtube.com ¹
+			-  i\d.cdn1.videothumbs.xtube.com ²
+
+		- Ads from ss.phncdn.com ²
+
+	¹ Secured by us
+	² Unsecurable <= dropped
+
+-->
+<ruleset name="Xtube.com" platform="mixedcontent">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="xtube.com" />
+	<target host="www.xtube.com" />
+
+	<!--	Complications:
+				-->
+	<target host="cdn1.static.xtube.com" />
+	<target host="cdn2.static.xtube.com" />
+
+		<exclusion pattern="^http://cdn\d\.static\.xtube\.com/(?!img/|newcss/|newjs/|theme/|xtube/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://cdn1.static.xtube.com//" />
+			<test url="http://cdn1.static.xtube.com//?" />
+			<test url="http://cdn1.static.xtube.com/?" />
+			<test url="http://cdn2.static.xtube.com//" />
+			<test url="http://cdn2.static.xtube.com//?" />
+			<test url="http://cdn2.static.xtube.com/?" />
+
+			<!--	-ve:
+					-->
+			<test url="http://cdn1.static.xtube.com/img/interface/icons/icn-rate-on.gif" />
+			<test url="http://cdn1.static.xtube.com/newcss/mainstyle.css" />
+			<test url="http://cdn1.static.xtube.com/newjs/xjs/vendor/fancyBox-2.1.5/source/jquery.fancybox.css" />
+			<test url="http://cdn1.static.xtube.com/theme/v2/build/css/xtube.oldstyle.min.css?cb=" />
+			<test url="http://cdn1.static.xtube.com/ximg/categories/bdsm.jpg?cb=" />
+			<test url="http://cdn2.static.xtube.com/img/RTA_logo.png" />
+			<test url="http://cdn2.static.xtube.com/img/interface/icons/icn-rate-off.gif" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?xtube\.com$" name="^RNLBSERVERID$" /-->
+	<!--securecookie host="^\.xtube\.com$" name="^(IM_NUM|PHPSESSID|is_really_pc|split)$" /-->
+	<!--securecookie host="^feedback\.xtube\.com$" name="^(_session_id|_rf)$" /-->
+	<!--securecookie host="^www\.xtube\.com$" name="cookiesAccepted$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://cdn\d\.static\.xtube\.com/"
+		to="https://www.xtube.com/" />
+
+	<rule from="^http:"
+		to="https:" />
 
-  <rule from="^http://(www\.)?xtube\.com/" to="https://www.xtube.com/" />
 </ruleset>
diff --git a/src/chrome/content/rules/Xtwo.ne.jp.xml b/src/chrome/content/rules/Xtwo.ne.jp.xml
index ef3afff898e7..ad0ac47d39e8 100644
--- a/src/chrome/content/rules/Xtwo.ne.jp.xml
+++ b/src/chrome/content/rules/Xtwo.ne.jp.xml
@@ -1,20 +1,33 @@
 <!--
 	For other Xserver coverage, see Xserver.xml.
 
-
-	Partially covered subdomains:
-
-		 (www.)		($ redirects to http)
-
 -->
 <ruleset name="Xtwo.ne.jp (partial)">
 
 	<target host="xtwo.ne.jp" />
-	<target host="*.xtwo.ne.jp" />
-		<exclusion pattern="^http://(?:www\.)?xtwo\.ne\.jp/(?:\?.*)?$" />
+	<target host="secure.xtwo.ne.jp" />
+	<target host="www.xtwo.ne.jp" />
+
+		<!--	Redirects to http:
+						-->
+		<exclusion pattern="^http://www\.xtwo\.ne\.jp/(?:\?.*)?$" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.xtwo.ne.jp/?" />
+			<test url="http://www.xtwo.ne.jp/?foo" />
+			<test url="http://www.xtwo.ne.jp/?bar" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.xtwo.ne.jp/css/base.css?date=" />
+			<test url="http://www.xtwo.ne.jp/home/privacy.php" />
+			<test url="http://www.xtwo.ne.jp/images/common/header_logo.png" />
+			<test url="http://www.xtwo.ne.jp/price/payment.php" />
+			<test url="http://www.xtwo.ne.jp/support/support.php" />
 
 
-	<rule from="^http://(secure\.|www\.)?xtwo\.ne\.jp/"
-		to="https://$1xtwo.ne.jp/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Xubuntu.org.xml b/src/chrome/content/rules/Xubuntu.org.xml
new file mode 100644
index 000000000000..93c90dbd0851
--- /dev/null
+++ b/src/chrome/content/rules/Xubuntu.org.xml
@@ -0,0 +1,14 @@
+<!--
+	Non working:
+	docs.xubuntu.org
+	wiki.xubuntu.org
+	static.xubuntu.org
+	contest.xubuntu.org
+	dev.xubuntu.org
+-->
+<ruleset name="Xubuntu.org">
+	<target host="xubuntu.org" />
+	<target host="www.xubuntu.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Xumaa.com.xml b/src/chrome/content/rules/Xumaa.com.xml
deleted file mode 100644
index d3fe8556c21b..000000000000
--- a/src/chrome/content/rules/Xumaa.com.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	Some pages redirect to http, others to $
-
--->
-<ruleset name="Xumaa.com (partial)">
-
-	<target host="xumaa.com" />
-	<target host="www.xumaa.com" />
-
-
-	<rule from="^http://(www\.)?xumaa\.com/(favicon\.ico|images/|includes/)"
-		to="https://$1xumaa.com/$2" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Xwiki.org.xml b/src/chrome/content/rules/Xwiki.org.xml
new file mode 100644
index 000000000000..991fda3aafeb
--- /dev/null
+++ b/src/chrome/content/rules/Xwiki.org.xml
@@ -0,0 +1,29 @@
+<!--
+	Plaintext response:
+		- lists.xwiki.org
+
+	Host has wildcard DNS but no wildcard cert.
+-->
+<ruleset name="Xwiki.org">
+	<target host="xwiki.org" />
+	<target host="www.xwiki.org" />
+	<target host="commons.xwiki.org" />
+	<target host="design.xwiki.org" />
+	<target host="dev.xwiki.org" />
+	<target host="enterprise.xwiki.org" />
+	<target host="extensions.xwiki.org" />
+	<target host="forum.xwiki.org" />
+	<target host="jira.xwiki.org" />
+	<target host="manager.xwiki.org" />
+	<target host="maven.xwiki.org" />
+	<target host="nexus.xwiki.org" />
+	<target host="platform.xwiki.org" />
+	<target host="playground.xwiki.org" />
+	<target host="playgroundtemplate.xwiki.org" />
+	<target host="rendering.xwiki.org" />
+	<target host="snippets.xwiki.org" />
+	<target host="test.xwiki.org" />
+	<target host="xclams.xwiki.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Xww.ro.xml b/src/chrome/content/rules/Xww.ro.xml
new file mode 100644
index 000000000000..ea537f3e0958
--- /dev/null
+++ b/src/chrome/content/rules/Xww.ro.xml
@@ -0,0 +1,38 @@
+<!--
+	www.xww.ro: Mismatched
+
+
+	Insecure cookies are set for these domains:
+
+		- .xww.ro
+
+-->
+<ruleset name="xww.ro">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="xww.ro" />
+	<target host="cdn.xww.ro" />
+
+	<!--	Complications:
+				-->
+	<target host="www.xww.ro" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.xww\.ro$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<!--	Redirect keeps forward
+		slash, path, and args:
+				-->
+	<rule from="^http://www\.xww\.ro/"
+		to="https://xww.ro/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Xxx24hr.com.xml b/src/chrome/content/rules/Xxx24hr.com.xml
new file mode 100644
index 000000000000..9c818b7c5ecc
--- /dev/null
+++ b/src/chrome/content/rules/Xxx24hr.com.xml
@@ -0,0 +1,58 @@
+<!--
+	NB: Tor users cannot view* this website due to CloudFlare settings.
+
+	See:
+
+		- https://blog.torproject.org/blog/call-arms-helping-internet-services-accept-anonymous-users
+		- https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block-Tor-
+		- https://support.cloudflare.com/hc/en-us/articles/200170206-How-do-I-turn-I-m-Under-Attack-mode-on-
+
+	* without enabling javascript, for security and privacy implications see e.g.:
+
+		- https://www.mozilla.org/security/known-vulnerabilities/firefox.html
+		- https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-fingerprinting
+		- https://panopticlick.eff.org
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- xxx24hr.com
+		- .xxx24hr.com
+		- www.xxx24hr.com
+
+
+	Mixed content:
+
+		- Images, from:
+
+			- thumbnails\d{3}.imagebam.com ¹
+			- s\d{1,2}.postimg.org ²
+			- img-l3.xvideos.com ¹
+			- img100-\d{3}.xvideos.com ³
+
+		- Bug from sstatic1.histats.com ˢ
+
+	¹ Unsecurable <= refused
+	² Rule disabled by default <= mismatched
+	³ Unsecurable <= 400
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="xxx24hr.com">
+
+	<target host="xxx24hr.com" />
+	<target host="www.xxx24hr.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?xxx24hr\.com$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^\.xxx24hr\.com$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Xxxbunker.com.xml b/src/chrome/content/rules/Xxxbunker.com.xml
deleted file mode 100644
index df235f83e9be..000000000000
--- a/src/chrome/content/rules/Xxxbunker.com.xml
+++ /dev/null
@@ -1,44 +0,0 @@
-<!--
-	CDN buckets:
-
-		- xxxbunker.cachefly.net
-		- 759425240.r.cdn77.net
-
-
-	Nonfunctional subdomains:
-
-		- cdn *
-		- m *
-		- thumbs
-
-	* Redirects to ^xxxbunker.com
-
-
-	Many pages redirect to http, others 404.
-
--->
-<ruleset name="xxxbunker.com (partial)">
-
-	<target host="109.201.146.247" />
-	<target host="759425240.r.cdn77.net" />
-		<exclusion pattern="^https?://759425240\.r\.cdn77\.net/(?:css/|images/tbc_|js/)" />
-	<target host="xxxbunker.com" />
-	<target host="*.xxxbunker.com" />
-		<exclusion pattern="^http://(?:www\.)?xxxbunker\.com/(?!\w{8}(?:-\d)?\.jpg|css/|(?:ajaxCommand|download|forgotPassword|iframePlayer|joinUs|video(?:List|Player|Vote))\.php|favicon\.ico|js/)" />
-
-
-	<rule from="^https?://(?:109\.201\.146\.247|759425240\.r\.cdn77\.net)/"
-		to="https://xxxbunker.com/" />
-
-	<!--	404s on www:
-				-->
-	<rule from="^http://(?:www\.)?xxxbunker\.com/js/functions_(\d{4})\.js"
-		to="https://xxxbunker.cachefly.net/js/functions_$1.js" />
-
-	<rule from="^http://((?:cdn\.)?flash\.|www\.)?xxxbunker\.com/"
-		to="https://$1xxxbunker.com/" />
-
-	<rule from="^https://(www\.)?xxxbunker\.com/tos\.php"
-		to="http://$1xxxbunker.com/tos.php" downgrade="1" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Xyntekinc.com.xml b/src/chrome/content/rules/Xyntekinc.com.xml
deleted file mode 100644
index 5929c7009a2e..000000000000
--- a/src/chrome/content/rules/Xyntekinc.com.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<ruleset name="Xyntekinc.com" default_off="Certificate mismatch">
-
-	<target host="xyntekinc.com"/>
-	<target host="www.xyntekinc.com"/>
-
-	<rule from="^http://(?:www\.)?xyntekinc\.com/"
-		to="https://xyntekinc.com/"/>
-
-	<securecookie host="^(?:www\.)?xyntekinc\.com$" name=".*"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Xyratex.com-problematic.xml b/src/chrome/content/rules/Xyratex.com-problematic.xml
deleted file mode 100644
index 94032a49e50e..000000000000
--- a/src/chrome/content/rules/Xyratex.com-problematic.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	For rules that are on by default, see Xyratex.com.xml.
-
--->
-<ruleset name="Xyratex.com (problematic)" default_off="mismatched">
-
-	<target host="xyratex.com" />
-	<target host="www.xyratex.com" />
-
-
-	<securecookie host="^(?:www\.)?xyratex\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?xyratex\.com/"
-		to="https://www.xyratex.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Xyratex.com.xml b/src/chrome/content/rules/Xyratex.com.xml
index 192e7a5ecfbd..2302a24c4d1a 100644
--- a/src/chrome/content/rules/Xyratex.com.xml
+++ b/src/chrome/content/rules/Xyratex.com.xml
@@ -1,21 +1,27 @@
-<!--
-	For problematic rules, see Xyratex.com-problematic.xml.
-
 
-	Problematic subdomains:
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://xyratex.com/ => https://xyratex.com/: (51, "SSL: no alternative certificate subject name matches target host name 'xyratex.com'")
+Fetch error: http://projectlava.xyratex.com/ => https://projectlava.xyratex.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.xyratex.com/ => https://www.xyratex.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.xyratex.com'")
 
-		- (www.)	(works; mismatched, CN: *.acquia-sites.com)
+	For other Seagate coverage, see Seagate.com.xml.
 
 -->
-<ruleset name="Xyratex.com (partial)">
+<ruleset name="Xyratex.com" default_off="failed ruleset test">
 
-	<target host="*.xyratex.com" />
+	<!--	Direct rewrites:
+				-->
+	<target host="xyratex.com" />
+	<target host="my.xyratex.com" />
+	<target host="projectlava.xyratex.com" />
+	<target host="www.xyratex.com" />
 
 
-	<securecookie host="^projectlava\.xyratex\.com$" name=".+" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^http://(my|projectlava)\.xyratex\.com/"
-		to="https://$1.xyratex.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/YBitcoin_Magazine.com.xml b/src/chrome/content/rules/YBitcoin_Magazine.com.xml
new file mode 100644
index 000000000000..e384a8496fbb
--- /dev/null
+++ b/src/chrome/content/rules/YBitcoin_Magazine.com.xml
@@ -0,0 +1,44 @@
+<!--
+	For other BTC Media coverage, see BTC_Media.org.xml.
+
+
+	www: Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- ybitcoinmagazine.com
+
+
+	Mixed content:
+
+		- css from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="yBitcoin Magazine.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ybitcoinmagazine.com" />
+
+	<!--	Complications:
+				-->
+	<target host="www.ybitcoinmagazine.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^ybitcoinmagazine\.com$" name="^X-Mapping-fjhppofk$" /-->
+
+	<securecookie host="^ybitcoinmagazine\.com$" name=".+" />
+
+
+	<rule from="^http://www\.ybitcoinmagazine\.com/"
+		to="https://ybitcoinmagazine.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/YCharts.com.xml b/src/chrome/content/rules/YCharts.com.xml
new file mode 100644
index 000000000000..7b3d56fd3587
--- /dev/null
+++ b/src/chrome/content/rules/YCharts.com.xml
@@ -0,0 +1,38 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- ycharts.com
+
+
+	Mixed content:
+
+		- Bug on ^ from b.scorecardresearch.com *
+
+	* Secured by us
+
+-->
+<ruleset name="YCharts.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ycharts.com" />
+	<target host="charts.ycharts.com" />
+	<target host="media-dev.ycharts.com" />
+	<target host="staging.ycharts.com" />
+	<target host="staging-charts.ycharts.com" />
+	<target host="static.ycharts.com" />
+	<target host="static-dev.ycharts.com" />
+	<target host="www.ycharts.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^ycharts\.com$" name="^(?:page_view_ctr|sessionid)$" /-->
+
+	<securecookie host="^ycharts\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/YEAH.xml b/src/chrome/content/rules/YEAH.xml
index c8cbae8511a9..5e0aa949ca6d 100644
--- a/src/chrome/content/rules/YEAH.xml
+++ b/src/chrome/content/rules/YEAH.xml
@@ -1,8 +1,13 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://yeahtv.com/ => https://www.yeahtv.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.yeahtv.com/ => https://www.yeahtv.com/: (28, 'Connection timed out after 20001 milliseconds')
+
 	!www times out.
 
 -->
-<ruleset name="YEAH!">
+<ruleset name="YEAH!" default_off="failed ruleset test">
 
 	<target host="yeahtv.com" />
 	<target host="www.yeahtv.com" />
@@ -11,4 +16,4 @@
 	<rule from="^http://(?:www\.)?yeahtv\.com/"
 		to="https://www.yeahtv.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/YFS.ca.xml b/src/chrome/content/rules/YFS.ca.xml
new file mode 100644
index 000000000000..a9fc890f2798
--- /dev/null
+++ b/src/chrome/content/rules/YFS.ca.xml
@@ -0,0 +1,6 @@
+<ruleset name="YFS.ca">
+	<target host="yfs.ca" />
+	<target host="www.yfs.ca" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/YGTech.Tools.xml b/src/chrome/content/rules/YGTech.Tools.xml
new file mode 100644
index 000000000000..9130385325f7
--- /dev/null
+++ b/src/chrome/content/rules/YGTech.Tools.xml
@@ -0,0 +1,23 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ygtech.tools/ => https://ygtech.tools/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.ygtech.tools/ => https://www.ygtech.tools/: (28, 'Connection timed out after 20000 milliseconds')
+
+	Fully covered hosts:
+
+		- (www.)?
+
+-->
+<ruleset name="YGTech.Tools" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ygtech.tools" />
+	<target host="www.ygtech.tools" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/YIFY-Torrent.org.xml b/src/chrome/content/rules/YIFY-Torrent.org.xml
new file mode 100644
index 000000000000..b23f83780407
--- /dev/null
+++ b/src/chrome/content/rules/YIFY-Torrent.org.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .yify-torrent.org
+
+-->
+<ruleset name="YIFY-Torrent.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="yify-torrent.org" />
+	<target host="pic.yify-torrent.org" />
+	<target host="www.yify-torrent.org" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.yify-torrent\.org$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.yify-torrent\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/YIFY_Torrents.xml b/src/chrome/content/rules/YIFY_Torrents.xml
deleted file mode 100644
index 9708c12071dc..000000000000
--- a/src/chrome/content/rules/YIFY_Torrents.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<ruleset name="YIFY Torrents">
-
-	<target host="yify-torrents.com" />
-	<target host="*.yify-torrents.com" />
-	<target host="yify-torrents.im" />
-	<target host="*.yify-torrents.im" />
-
-
-	<securecookie host="^\.yify-torrents\.(?:com|im)$" name=".+" />
-
-
-	<rule from="^http://(static\.|www\.)?yify-torrents\.(com|im)/"
-		to="https://$1yify-torrents.$2/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/YJtag.jp.xml b/src/chrome/content/rules/YJtag.jp.xml
new file mode 100644
index 000000000000..78ecbe548cd2
--- /dev/null
+++ b/src/chrome/content/rules/YJtag.jp.xml
@@ -0,0 +1,13 @@
+<!--
+	For other Yahoo coverage, see Yahoo.xml
+
+-->
+<ruleset name="YJtag.jp">
+
+	<target host="s.yjtag.jp" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/YMCA_of_Greater_St_Louis.xml b/src/chrome/content/rules/YMCA_of_Greater_St_Louis.xml
index 088987d5226b..61d539257189 100644
--- a/src/chrome/content/rules/YMCA_of_Greater_St_Louis.xml
+++ b/src/chrome/content/rules/YMCA_of_Greater_St_Louis.xml
@@ -1,20 +1,30 @@
 <!--
-	!www: cert only matches www
+	NB: Server sends no certificate chain, see https://whatsmychaincert.com
+
+
+	^ymcastlouis.org: Cert only matches www.ymcastlouis.org
 
 -->
-<ruleset name="YMCA of Greater St. Louis">
+<ruleset name="YMCA of Greater St. Louis" default_off="cert-chain">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="payroll-remote.ymcastlouis.org" />
+	<target host="registration.ymcastlouis.org" />
+	<target host="www.ymcastlouis.org" />
 
+	<!--	Complications:
+				-->
 	<target host="ymcastlouis.org" />
-	<target host="*.ymcastlouis.org" />
 
 
-	<securecookie host="^(?:payroll-remote|registration|\.www)\.ymcastlouis\.org$" name=".+" />
+	<securecookie host="^(?!\.ymcastlouis\.org$)." name=".+" />
 
 
-	<rule from="^http://(?:www\.)?ymcastlouis\.org/"
+	<rule from="^http://ymcastlouis\.org/"
 		to="https://www.ymcastlouis.org/" />
 
-	<rule from="^http://(payroll-remote|registration)\.ymcastlouis\.org/"
-		to="https://$1.ymcastlouis.org/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/YMCMB_Official_Merch.xml b/src/chrome/content/rules/YMCMB_Official_Merch.xml
index 8304ecdff1ec..f01702a60054 100644
--- a/src/chrome/content/rules/YMCMB_Official_Merch.xml
+++ b/src/chrome/content/rules/YMCMB_Official_Merch.xml
@@ -13,7 +13,7 @@
 	<target host="www.ymcmbofficial.com" />
 
 
-	<rule from="^https?://(?:www\.)?ymcmbofficial\.com/stores/(account_login\.php|images/|skins_ymcmb/)"
+	<rule from="^http://(?:www\.)?ymcmbofficial\.com/stores/(account_login\.php|images/|skins_ymcmb/)"
 		to="https://www.ymcmbofficial.com/stores/$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/YMcdn.com.xml b/src/chrome/content/rules/YMcdn.com.xml
deleted file mode 100644
index a31085d3648b..000000000000
--- a/src/chrome/content/rules/YMcdn.com.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="YMcdn.com">
-
-	<target host="c.ymcdn.com" />
-
-
-	<rule from="^http://c\.ymcdn\.com/"
-		to="https://c.ymcdn.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/YMstat.com.xml b/src/chrome/content/rules/YMstat.com.xml
new file mode 100644
index 000000000000..78158e433956
--- /dev/null
+++ b/src/chrome/content/rules/YMstat.com.xml
@@ -0,0 +1,14 @@
+<!--
+	For other YouMail coverage, see YouMail.xml.
+
+-->
+<ruleset name="YMstat.com">
+
+	<target host="ymstat.com" />
+	<target host="www.ymstat.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/YP_bot.net.xml b/src/chrome/content/rules/YP_bot.net.xml
new file mode 100644
index 000000000000..4680cdb2b567
--- /dev/null
+++ b/src/chrome/content/rules/YP_bot.net.xml
@@ -0,0 +1,36 @@
+<!--
+	For other YellowBot coverage, see YellowBot.com.xml.
+
+
+	CDN buckets:
+
+		- static.solfoinc.netdna-cdn.com <=> solfo.pimg.net
+
+			- -ssl. doesn't exist
+			- st
+			- st[12]
+
+
+	Nonfunctional subdomains:
+
+		- media-cache *
+
+	* Dropped
+
+
+	CN: *.pimg.net
+
+-->
+<ruleset name="YP bot.net (partial)">
+
+	<target host="static.solfoinc.netdna-cdn.com" />
+	<target host="st.ypbot.net" />
+	<target host="st1.ypbot.net" />
+	<target host="st2.ypbot.net" />
+		<exclusion pattern="^http://media-cache\.ypbot\.net/" />
+
+
+	<rule from="^http://(?:static\.solfoinc\.netdna-cdn\.com|st[12]?\.ypbot\.net)/"
+		to="https://solfo.pimg.net/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/YUI_Library.xml b/src/chrome/content/rules/YUI_Library.xml
index a1ef74264007..598b0b4bb30e 100644
--- a/src/chrome/content/rules/YUI_Library.xml
+++ b/src/chrome/content/rules/YUI_Library.xml
@@ -1,6 +1,5 @@
 <!--
 	For other Yahoo coverage, see Yahoo.xml.
-
 -->
 <ruleset name="YUI Library">
 
@@ -8,7 +7,10 @@
 	<target host="www.yuilibrary.com" />
 
 
-	<rule from="^http://(www\.)?yuilibrary\.com/"
-		to="https://$1yuilibrary.com/" />
+	<securecookie host="^yuilibrary\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Ya.ru.xml b/src/chrome/content/rules/Ya.ru.xml
new file mode 100644
index 000000000000..263f5e31da66
--- /dev/null
+++ b/src/chrome/content/rules/Ya.ru.xml
@@ -0,0 +1,209 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://auto.ya.ru/ => https://auto.ya.ru/: (6, 'Could not resolve host: auto.ya.ru')
+Fetch error: http://rabota.ya.ru/ => https://rabota.ya.ru/: (51, "SSL: no alternative certificate subject name matches target host name 'rabota.ya.ru'")
+Fetch error: http://realty.ya.ru/ => https://realty.ya.ru/: (51, "SSL: no alternative certificate subject name matches target host name 'realty.ya.ru'")
+
+	For other Yandex coverage, see Yandex.xml.
+
+
+	Nonfunctional subdomains:
+
+		- autoconfig *
+		- clubs *
+		- disk-blog *
+		- feedback *
+		- my *
+		- support *
+		- translate-blog *
+		- webmaster *
+		- wow *
+		- yatechnologies *
+		- [\w-]+ ²
+
+	* Redirects to http
+	² Per-user domains, redirect to http
+
+
+	Problematic subdomains:
+
+		- ^ ¹
+		- (www.)?cal ²
+		- pda.cal ²
+		- pda.calendar ²
+		- (www.)?events		(Mismatched)
+		- www.ewent		(Mismatched)
+		- (www.)?ewents		(Mismatched)
+		- ical ²
+		- pda.ical ²
+		- (www.)?ivents		(Mismatched)
+		- (www.)?m.metro ³
+		- (www.)?site ⁴
+		- sobitia	Mismatched
+		- (www.)?wc ²
+		- pda.wc ²
+		- (www.)?webcal ²
+		- pda.webcal ²
+
+	¹ Redirects to www.yandex.ru
+	² Mismatched, CN: calendar.yandex.ru
+	³ 404
+	⁴ Redirect differs, mismatched
+
+
+	Fully covered subdomains:
+
+		- (www.)?	(^ → www)
+		- auto
+		- autodiscover
+		- pass.beta
+		- disk
+		- www.ewent		(→ events.yandex.ru)
+		- (www.)?ewents		(→ events.yandex.ru)
+		- (www.)?event
+		- (www.)?events		(→ events.yandex.ru)
+		- (www.)?ivent
+		- (www.)?ivents		(→ events.yandex.ru)
+		- m
+		- mail
+		- metrica
+		- metrika
+
+		- (www.)?metro
+		- (www.)?m.metro	(→ m.soft.yandex.ru)
+		- pda.metro
+
+		- p
+		- rabota
+		- realty
+		- (www.)?site		(→ site.yandex.ru)
+		- sobitia		(→ events.yandex.ru)
+		- taxi
+		- m.taxi
+		- w
+
+
+	Insecure cookies are set for these domains:
+
+		- auto.ya.ru
+		- realty.ya.ru
+
+
+	Mixed content:
+
+		- Ads on www from kiks.yandex.ru *
+
+	* Secured by us
+
+-->
+<ruleset name="Ya.ru (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="auto.ya.ru" />
+	<target host="autodiscover.ya.ru" />
+	<target host="pass.beta.ya.ru" />
+	<target host="disk.ya.ru" />
+	<target host="m.ya.ru" />
+	<target host="mail.ya.ru" />
+	<target host="metrica.ya.ru" />
+	<target host="metrika.ya.ru" />
+	<target host="metro.ya.ru" />
+	<target host="pda.metro.ya.ru" />
+	<target host="www.metro.ya.ru" />
+	<target host="p.ya.ru" />
+	<target host="rabota.ya.ru" />
+	<target host="realty.ya.ru" />
+	<target host="taxi.ya.ru" />
+	<target host="m.taxi.ya.ru" />
+	<target host="w.ya.ru" />
+	<target host="www.ya.ru" />
+
+	<!--	Special cases:
+				-->
+	<target host="ya.ru" />
+	<target host="events.ya.ru" />
+	<target host="www.events.ya.ru" />
+	<target host="www.ewent.ya.ru" />
+	<target host="ewents.ya.ru" />
+	<target host="www.ewents.ya.ru" />
+	<target host="ivents.ya.ru" />
+	<target host="www.ivents.ya.ru" />
+	<target host="m.metro.ya.ru" />
+	<target host="www.m.metro.ya.ru" />
+	<target host="site.ya.ru" />
+	<target host="www.site.ya.ru" />
+	<target host="sobitia.ya.ru" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://(autoconfig|support|wow)\.ya\.ru/$" /-->
+		<!--exclusion pattern="^http://clubs\.ya\.ru/($|favicon\.ico|update_session\.xml)" /-->
+		<!--
+			Remove this if you do never post entries or comments on my.ya.ru
+								-->
+		<!--exclusion pattern="^http://(?:www\.)?[^.]+\.ya\.ru/" /-->
+		<!--
+			2. Simple redirections:
+						-->
+		<!--exclusion pattern="^http://(?:blogs|fotki|images|music|probki|video|wdgt)\.ya\.ru/" /-->
+		<!--
+			Miscellaneous:
+					-->
+		<!--exclusion pattern="^http://(?:autoconfig|(?:pda\.|www\.)?cal|pda\.calendar|clubs|(?:pda\.)?ical|my|support|translate-blog|(?:www\.)?webcal|(?:pda\.|www\.)?wc|(?:pda\.|www\.)?webcal|wow|yatechnologies)\.ya\.ru/" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(auto|realty)\.ya\.ru$" name="^uid$" /-->
+
+	<securecookie host="^(?:auto|realty)\.ya\.ru$" name=".+" />
+
+
+
+	<rule from="^http://ya\.ru/"
+		to="https://www.ya.ru/" />
+
+	<!--	Redirect keeps path and args,
+		but not forward slash:
+					-->
+	<rule from="^http://(?:www\.ewent|(?:www\.)?(?:e[vw]|iv)ents)\.ya\.ru/+"
+		to="https://events.yandex.ru/" />
+
+		<test url="http://www.ewent.ya.ru//" />
+		<test url="http://events.ya.ru//" />
+		<test url="http://ewents.ya.ru//" />
+		<test url="http://ivents.ya.ru//" />
+
+	<!--	Redirect drops path but not args:
+							-->
+	<rule from="^http://(?:www\.)?m\.metro\.ya\.ru/[^?]*"
+		to="https://m.soft.yandex.ru/metro/" />
+
+		<test url="http://m.metro.ya.ru/foo" />
+		<test url="http://www.m.metro.ya.ru/foo" />
+
+	<!--	Redirect keeps path and	args,
+		but not forward slash:
+					-->
+	<rule from="^http://sobitia\.ya\.ru/+"
+		to="https://events.yandex.ru/" />
+
+		<test url="http://sobitia.ya.ru//" />
+
+	<!--	Redirect drops path but not args:
+							-->
+	<rule from="^http://(?:www\.)?site\.ya\.ru/[^?]*"
+		to="https://site.yandex.ru/" />
+
+		<test url="http://site.ya.ru/foo" />
+		<test url="http://www.site.ya.ru/foo" />
+
+	<!--rule from="^http://(?:www\.)?([^.]+)\.ya\.ru/"
+		to="https://$1.ya.ru/" /-->
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/YaDi.sk.xml b/src/chrome/content/rules/YaDi.sk.xml
new file mode 100644
index 000000000000..354bab0520a0
--- /dev/null
+++ b/src/chrome/content/rules/YaDi.sk.xml
@@ -0,0 +1,29 @@
+<!--
+	For other Yandex coverage, see Yandex.xml.
+
+
+	Insecure cookies are set for these hosts:
+
+		- yadi.sk
+		- www.yadi.sk
+
+-->
+<ruleset name="YaDi.sk">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="yadi.sk" />
+	<target host="www.yadi.sk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?yadi\.sk$" name="^yandexuid$" /-->
+
+	<securecookie host="^(?:www\.)?yadi\.sk$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Yabumi.cc.xml b/src/chrome/content/rules/Yabumi.cc.xml
new file mode 100644
index 000000000000..fe15b0ddabaa
--- /dev/null
+++ b/src/chrome/content/rules/Yabumi.cc.xml
@@ -0,0 +1,28 @@
+<!--
+	For othe Webnium coverage, see Webnium.co.jp.xml.
+
+
+	Fully covered hosts in *yabumi.cc:
+
+		- ^
+		- direct
+
+
+	www.yabumi.cc doesn't exist.
+
+-->
+<ruleset name="Yabumi.cc">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="yabumi.cc" />
+	<target host="direct.yabumi.cc" />
+
+
+	<securecookie host="^\.yabumi\.cc$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Yacuna.com.xml b/src/chrome/content/rules/Yacuna.com.xml
new file mode 100644
index 000000000000..30311a2cbdf1
--- /dev/null
+++ b/src/chrome/content/rules/Yacuna.com.xml
@@ -0,0 +1,25 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://yacuna.com/ => https://yacuna.com/: (7, 'Failed to connect to yacuna.com port 443: Connection refused')
+Fetch error: http://analytics.yacuna.com/ => https://analytics.yacuna.com/: (6, 'Could not resolve host: analytics.yacuna.com')
+Fetch error: http://www.yacuna.com/ => https://www.yacuna.com/: (6, 'Could not resolve host: www.yacuna.com')
+
+	Mixed content:
+
+		- Bugs from analytics *
+
+	* Secured by us
+
+-->
+<ruleset name="Yacuna.com" default_off="failed ruleset test">
+
+	<target host="yacuna.com" />
+	<target host="analytics.yacuna.com" />
+	<target host="www.yacuna.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Yadro.ru.xml b/src/chrome/content/rules/Yadro.ru.xml
index 265f7073734a..20ee84a10020 100644
--- a/src/chrome/content/rules/Yadro.ru.xml
+++ b/src/chrome/content/rules/Yadro.ru.xml
@@ -1,23 +1,15 @@
 <!--
-	For other LiveInternet coverage, see LiveInternet.xml.
-
-
-	Nonfunctional subdomains:
-
-		- slinks	(dropped)
+	For other LiveInternet coverage, see LiveInternet.ru.xml.
 
+	Dropped:
+		- slinks
 -->
-<ruleset name="Yadro.ru (partial)">
-
-	<target host="*.yadro.ru" />
-
-
-	<!--	name="^(FTID|VID)$"
-					-->
-	<securecookie host="^\.yadro\.ru$" name=".+" />
-
+<ruleset name="Yadro.ru">
+	<target host="counter.yadro.ru" />
+	<target host="sticker.yadro.ru" />
+		<test url="http://sticker.yadro.ru/i/logo_small.gif" />
 
-	<rule from="^http://counter\.yadro\.ru/"
-		to="https://counter.yadro.ru/" />
+	<securecookie host=".+" name=".+" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Yagg.com.xml b/src/chrome/content/rules/Yagg.com.xml
new file mode 100644
index 000000000000..e5f32bcbaa71
--- /dev/null
+++ b/src/chrome/content/rules/Yagg.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="Yagg.com (partial)">
+
+	<target host="yagg.com" />
+	<target host="www.yagg.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Yagi-antennas.com.xml b/src/chrome/content/rules/Yagi-antennas.com.xml
deleted file mode 100644
index fafd2b9ce594..000000000000
--- a/src/chrome/content/rules/Yagi-antennas.com.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	CN: Parallels Panel
-
--->
-<ruleset name="Yagi-antennas.com" default_off="self-signed">
-
-	<target host="yagi-antennas.com" />
-	<target host="www.yagi-antennas.com" />
-
-
-	<rule from="^http://(?:www\.)?yagi-antennas\.com/"
-		to="https://yagi-antennas.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Yagina.com.xml b/src/chrome/content/rules/Yagina.com.xml
deleted file mode 100644
index f78d8f8ac729..000000000000
--- a/src/chrome/content/rules/Yagina.com.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Yagina.com">
-
-	<target host="yagina.com" />
-	<target host="*.yagina.com" />
-
-
-	<securecookie host="^\.yagina\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?yagina\.com/"
-		to="https://$1yagina.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Yaha.xml b/src/chrome/content/rules/Yaha.xml
index 12a14d1df616..c141dfa024c2 100644
--- a/src/chrome/content/rules/Yaha.xml
+++ b/src/chrome/content/rules/Yaha.xml
@@ -1,7 +1,11 @@
-<ruleset name="Yaha">
+<ruleset name="Yaha.no">
+
+	<!--	Direct rewrites:
+				-->
   <target host="yaha.no" />
   <target host="www.yaha.no" />
 
-  <rule from="^http://yaha\.no/" to="https://yaha.no/"/>
-  <rule from="^http://www\.yaha\.no/" to="https://www.yaha.no/"/>
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/Yahoo-help.jp.xml b/src/chrome/content/rules/Yahoo-help.jp.xml
new file mode 100644
index 000000000000..880beefbad66
--- /dev/null
+++ b/src/chrome/content/rules/Yahoo-help.jp.xml
@@ -0,0 +1,38 @@
+<!--
+	For other Yahoo coverage, see Yahoo.xml
+
+
+	Fully covered hosts:
+
+		- www.yahoo-help.jp
+
+
+	^yahoo-help.jp does not exist.
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.yahoo-help.jp
+
+
+	Mixed content:
+
+		- Images from i.yimg.jp
+
+-->
+<ruleset name="Yahoo-help.jp">
+
+	<target host="www.yahoo-help.jp" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.yahoo-help\.jp$" name="^cp_session$" /-->
+
+	<securecookie host="^www\.yahoo-help\.jp$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Yahoo.com-falsemixed.xml b/src/chrome/content/rules/Yahoo.com-falsemixed.xml
new file mode 100644
index 000000000000..9310da5d7541
--- /dev/null
+++ b/src/chrome/content/rules/Yahoo.com-falsemixed.xml
@@ -0,0 +1,14 @@
+<!--
+	For rules not causing false/broken MCB, see Yahoo.xml.
+-->
+<ruleset name="Yahoo.com (false MCB)" platform="mixedcontent">
+
+	<target host="au.gwn7.yahoo.com" />
+	<target host="au.rss.news.yahoo.com" />
+	<target host="au.prime7.yahoo.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Yahoo.com.tw.xml b/src/chrome/content/rules/Yahoo.com.tw.xml
new file mode 100644
index 000000000000..ca1751797355
--- /dev/null
+++ b/src/chrome/content/rules/Yahoo.com.tw.xml
@@ -0,0 +1,22 @@
+<!--
+	For other Yahoo coverage, see Yahoo.xml.
+
+
+	Nonfunctional subdomains:
+
+		- mail *
+
+	* Refused
+
+-->
+<ruleset name="Yahoo.com.tw (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="buy.yahoo.com.tw" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Yahoo.net.xml b/src/chrome/content/rules/Yahoo.net.xml
new file mode 100644
index 000000000000..ed3422baf6fb
--- /dev/null
+++ b/src/chrome/content/rules/Yahoo.net.xml
@@ -0,0 +1,200 @@
+<!--
+	For other Yahoo coverage, see Yahoo.xml.
+
+
+	CDN buckets:
+
+		- contextualads.yahoo.net.edgesuite.net
+
+			- a1907.g.akamai.net
+
+		- health.yahoo.net.edgesuite.net
+
+		- yahoogames.minver.com
+
+			- uk.slot.games.yahoo.net
+
+
+	Nonfunctional subdomains:
+
+		- br.autos	(redirects to http; mismatched, CN: www.webmotors.com.br)
+		- mx.autocosmos ⁴
+		- tw.fashion.campaign ⁴
+		- clube ¹
+		- games ²
+		- health ³
+		- co.horoscopo ⁴
+		- espanol.horoscopo ⁴
+		- ar.juegos ¹
+		- espanol.juegos ¹
+		- uk.match ⁴
+		- uk.matchaffinity ⁴
+		- tw.music ⁴
+		- es.shopping ¹
+		- fr.shopping ¹
+		- i1.discount.vip.tw1 ⁴
+		- r1.discount.vip.tw1 ⁴
+		- i1.campaign.fashion.vip.tw1 ⁴
+
+	¹ Refused
+	² Recursive redirect
+	³ 504, akamai
+	⁴ Dropped
+
+
+	Problematic subdomains:
+
+		- tw.marketing.campaign		(mismatched, CN: *.tw.campaign.yahoo.net)
+		- tw.house.campaign		(mismatched, CN: *.tw.campaign.yahoo.net)
+		- contextualads ¹
+		- br.games ²
+		- uk.slot.games ³
+		- hk.realestate	(works; mismatched, CN: *.vicosys.com.hk)
+		- replay ⁵
+		- rp1.monday.vip.tw1 ⁶
+
+	¹ Works, akamai
+	² Works; mismatched, CN: secure.atrativa.com.br
+	³ Redirects to yahoogames.minver.com; mismatched, CN: *.st-minver.com
+	⁵ Works; mismatched, CN: replay.yahoo.com
+	⁶ Mismatched, CN: tw.m.yimg.com
+
+
+	Partially covered subdomains:
+
+		- contextualads		(→ akamai, avoiding user-visible paths)
+		- br.games		(→ secure.atrativa.com.br)
+		- investor		(→ investor.shareholder.com)
+		- uk.health.lifestyle	(→ s.yimg.com)
+
+
+	Fully covered subdomains:
+
+		- \w\w.autocosmos:
+
+			- ar
+			- co
+			- mx
+
+		- tw.bigdeals
+		- m.tw.bigdeals
+		- tw.house.campaign	(→ house.tw.campaign)
+
+		- tw.campaign subdomains:
+
+			- fashion
+			- house
+			- games.m
+			- promo
+			- travel
+			- yimg
+
+		- tw.marketing.campaign		(→ marketing.tw.campaign)
+		- espanol.cine
+		- cinema
+		- developer			(→ developer.yahoo.com)
+		- tw.rimg.discount
+		- tw.discount
+		- tw.uimg.fashion
+		- tw.urcosme.fashion
+		- tw.quote.finance
+		- tw.screener.finance
+		- tw.gamedb.games
+
+		- games subdomains:
+
+			- es
+			- fr
+			- uk
+			- uk.slot		(→ yahoogames.minver.com)
+
+		- investor
+		- image-c.c.yom.mail
+		- tw.music
+		- hk.promotion
+		- lib.store
+		- order.store
+		- rp1.monday.vip.tw1	(→ tw.m.yimg.com)
+		- s.wc
+
+
+	Observed cookie domains:
+
+		- . *
+		- fashion.tw.campaign **
+		- promo.tw.campaign **
+		- tw.discount **
+		- tw.screener.finance ²
+		- investor ²
+		- hk.promotion **
+
+	* Not secured by use <= accounting for possible use on unsecurable domains
+	** Secured by us
+	² Secured by server
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- espanol.cine from movienewsletters.o.yimg.com ²
+
+			- hk.realestate from $self
+
+	¹ Unsecurable
+	² Secured by us
+
+-->
+<ruleset name="Yahoo.net (partial)">
+
+	<target host="*.yahoo.net" />
+		<!--
+			Avoid user-visible paths:
+							-->
+		<!--exclusion pattern="^http://contextualads\.yahoo\.net/(?!js/|style/)" /-->
+		<!--
+			Links images relative to /
+							-->
+		<!--exclusion pattern="^http://contextualads\.yahoo\.net/style/screen\.css" /-->
+
+
+	<!--	Secured by server:
+					-->
+	<!--securecookie host="^tw\.screener\.finance\.yahoo\.net$" name="^JSESSIONID$" /-->
+	<!--securecookie host="^\.investor\.yahoo\.net$" name="^(YHOO_BRIEFCASE|YHOO_SESSION)$" /-->
+	<!--
+		Not secured by server:
+					-->
+	<!--securecookie host="^\.yahoo\.net$" name="^BX$" /-->
+	<!--securecookie host="^(fashion|promo)\.tw\.campaign\.yahoo\.net$" name="^PHPSESSID$" /-->
+	<securecookie host="^hk\.promotion\.yahoo\.net$" name="^YLBID$" />
+
+	<securecookie host="(?:(?:fashion|promo)\.tw\.campaign|tw\.discount|.+-c\.c\.yom\.mail|hk\.promotion)\.yahoo\.net$" name=".+" />
+
+
+	<rule from="^http://br\.games\.yahoo\.net/img/"
+		to="https://secure.atrativa.com.br/img/" />
+
+	<rule from="^http://(\w\w\.autocosmos|(?:m\.)?tw\.bigdeals|(?:fashion|house|games\.m|marketing|promo|travel|yimg)\.tw\.campaign|espanol\.cine|cinema|tw\.(?:rimg\.)?discount|tw\.uimg\.fashion|tw\.urcosme\.fashion|tw\.(?:quote|screener)\.finance|tw\.gamedb\.games|(?:es|fr|uk)\.games|investor|[\w-]+\.c\.yom\.mail|tw\.music|hk\.promotion|(?:lib|order)\.store|s\.wc)\.yahoo\.net/"
+		to="https://$1.yahoo.net/" />
+
+	<!--	Redirects like so:
+					-->
+	<rule from="^http://tw\.(house|marketing)\.campaign\.yahoo\.net/+"
+		to="https://$1.tw.campaign.yahoo.net/" />
+
+	<!--	Redirect drops path but not args:
+							-->
+	<rule from="^http://developer\.yahoo\.net/[^?]*"
+		to="https://developer.yahoo.com/" />
+
+	<rule from="^http://uk\.slot\.games\.yahoo\.net/"
+		to="https://yahoogames.minver.com/" />
+
+	<rule from="^http://uk\.health\.lifestyle\.yahoo\.net/images/"
+		to="https://s.yimg.com/lq/lib/lsl/i/uk/" />
+
+	<rule from="^http://rp1\.monday\.vip\.tw1\.yahoo\.net/"
+		to="https://tw.m.yimg.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Yahoo.xml b/src/chrome/content/rules/Yahoo.xml
index a80cfbb6ea8c..e9b72850c23d 100644
--- a/src/chrome/content/rules/Yahoo.xml
+++ b/src/chrome/content/rules/Yahoo.xml
@@ -2,117 +2,474 @@
 	Other Yahoo rulesets:
 
 		- Flickr.xml
+		- Lexity.com.xml
 		- Right-Media.xml
+		- Yahoo.com.tw.xml
+		- Yahoo.net.xml
 		- Yahoo_APIs.xml
 		- Yahoo_Japan.xml
+		- Yho.com.xml
 		- Yimg.com.xml
 		- YUI_Library.xml
 
-	feedback.yahoo.com is handled in Uservoice-clients.xml.
-
 
 	CDN buckets:
 
-		- contextualads.yahoo.net.edgesuite.net
-
-			- a1907.g.akamai.net
-
+		- ipgcdn-a.akamaihd.net
+		- yahootv.flyingfishes.com.br
 		- yahoosports.teamfanshop.com
 
 
 	Nonfunctional domains:
 
-		- cm.npc-morris.overture.com	(dropped)
-		- cm.npc-nydn.overture.com	(dropped)
-
 		- yahoo.com subdomains:
 
-			- (www.)			($ redirects to http, other paths 404; valid cert)
-			- advertising **
-			- advertisingcentral		(refused)
-			- answers ****
-			- malaysia.answers ****
-			- cn
-			- help.cn
-			- docs				(refused)
-			- fr.docs
-			- en-maktoob			(redirects to http; mismatched, CN: www.yahoo.com)
-			- everything
-			- finance			(redirects to 404, valid cert)
-			- chart.finance
-			- ichart.finance		(no https)
-			- streamerapi.finance *
-			- groups ***
-			- moderators.groups		(redirects to gh.bouncer.login.yahoo.com; mismatched, CN: groups.yahoo.com)
-			- hsrd				(no https)
-			- visit.webhosting *
-			- ichart
-			- suggestions
-			- info **
-			- m ****
-			- us.m ****
-			- webservices.mobile *
-			- movies ****
-			- my ****
-			- news ****
-			- notepad			(cert: *.calendar.yahoo.com; shows calendar's data)
-			- img.omg *
-			- opi				(refused)
-			- ar.rd
-			- research
-			- rightmedia			(cert: www.ce1.com; redirects there)
-			- search *
-			- screen **
-			- gossip-ss.us.search
-			- images.search
-			- sports **
-			- suggestions			(refused)
-			- tv **
-			- uk ***
-			- us ***
-			- qos.video			(404; mismatched, CN: *.manhattan.yahoo.com)
-			- voices			(redirects to http)
-			- weather **
-			- visit.webhosting *
-			- count.yisou
-			- dmros.ysm			(refused)
-
-		- yahoo.net subdomains:
-
-			- uk.match
-			- uk.matchaffinity
+			- account ⁵
+			- cn.adspecs ¹
+			- tw.adspecs ¹
+			- alerts ¹
+
+			- co.astrology ⁵
+			- espanol.astrology ⁵
+			- mx.astrology ⁵
+
+			- auction ¹
+
+			- biz subdomains:
+
+				- au.rss ¹
+				- nz.rss ¹
+
+			- bookmarks ⁵
+			- buzz ¹
+
+			- cn subdomains:
+
+				- ^ ¹
+				- help ¹
+				- news ¹
+
+			- docs subdomains:
+
+				- ^ ⁵
+				- ar ⁵
+				- fr ⁵
+				- uk ⁵
+
+			- au.rss.food	(403, valid cert)
+			- au.forums ¹
+			- ar.games ⁵
+			- help.cc.hk ⁵
+			- hsrd ¹
+			- labs ¹
+
+			- lifestyle subdomains:
+
+				- tw.ipeen ¹
+				- au.rss ³
+				- nz.rss ³
+				- tw ⁵
+
+			- cn.overview.mail ¹
+
+			- cf.maps	(404; mismatched, CN: www.yahoo.com)
+			- gws2.maps ¹
+			- kr.mobile ⁵
+			- tw.music ⁵
+
+			- my subdomains:
+
+				- ar ⁵
+				- au ²
+				- br ²
+				- ca ²
+				- de ²
+				- es ²
+				- fr ²
+				- hk ²
+				- ie ¹
+				- in ²
+				- it ²
+				- kr ¹
+				- mx ²
+				- nz ²
+				- qc ²
+				- sg ²
+				- tw ²
+				- cm.tw ⁸
+				- uk ²
+
+			- \w\w.news:
+
+				- cn ¹
+				- kr ¹
+				- se ¹
+
+			- opi ¹
+			- au.pfinance ²
+			- ar.rd ¹
+			- research ¹
+			- rightmedia			(shows speakers.watersmartinnovations.com; mismatched, CN: *.watersmartinnovations.com)
+
+			- search subdomains:
+
+				- us.recipes ¹
+				- gossip-ss.us ¹
+
+				- \w\w.yhs:
+
+					- ar ¹
+					- au ¹
+					- br ¹
+					- ca ¹
+					- de ¹
+					- es ¹
+					- fr ¹
+					- hk ¹
+					- in ¹
+					- it ¹
+					- kr ¹
+					- mx ¹
+					- my ¹
+					- nz ¹
+					- ph ¹
+					- se ¹
+					- sg ¹
+					- tw ¹
+					- uk ¹
+					- us ¹
+					- vn ¹
+
+			- searchmarketing ¹
+			- au.shopping ⁹
+			- es.shopping ⁵
+			- suggestions ⁵
+			- au.rss.thehype ³
+
+			- video subdomains:
+
+				- malaysia ¹
+				- my ¹
+				- ph ¹
+				- sg ¹
+				- tw ¹
+
+			- voices ⁵
+			- cn.weather ¹
+			- visit.webhosting ⁵
+			- count.yisou ¹
+
+			- youth subdomains:
+
+				- au.rss ³
+				- nz.rss ³
 
 		- ypolicyblog.com		(reset)
 		- www.ypolicyblog.com
 
-	* Times out
-	** 404; mismatched, CN: www.yahoo.com
-	*** Redirects to http, valid cert
-	**** 404, valid cert
-
+	¹ Refused
+	² Redirects to http, valid cert
+	³ 404, valid cert
+	⁴ Redirects to http; mismatched, CN: www.yahoo.com
+	⁵ Dropped
+	⁶ Recursive redirect
+	⁷ 404; mismatched, CN: *.news.yahoo.com
+	⁸ Redirects to http; mismatched, CN: *.news.yahoo.com
+	⁹ "Incorrect Host in URL"
 
 	Problematic domains:
 
-		- i.acdn.us
-		- (www.)totaltravel.com *
-		- (www.)totaltravel.co.uk *
-		- yhoo.it		(times out; bit.ly alias)
+		- i.acdn.us ¹
+		- cm.npc-morris.overture.com ²
+		- cm.npc-nydn.overture.com ²
+		- totaltravel.co.uk ³
+		- www.totaltravel.co.uk ⁴
+		- totaltravel.com ³
+		- www.totaltravel.com ⁴
 
 		yahoo.com subdomains:
 
-			- dps		(times out)
-			- feedback	(works, mismatched, CN: *.uservoice.com)
-			- help		(valid cert; 404)
-			- r.m		(404, CN: *.mail.yahoo.com)
-			- us-locdrop.query **
-			- video.query **
-
-		- contextualads.yahoo.net	(works, akamai)
-		- investor.yahoo.net	(dropped)
-
-	* Self-signed
-	** Works; mismatched, CN: yql.yahooapis.com
-	*** Dropped
+			- fr.actualites ⁴
+			- advertisingcentral ⁴
+
+			- cl.answers ⁴
+			- co.answers ⁴
+			- pe.answers ⁴
+			- ve.answers ⁴
+
+			- au.astrology ⁷
+			- ca.astrology ⁴
+			- nz.astrology ⁷
+
+			- ar.autos ⁴
+			- de.autos ⁴
+			- fr.autos ⁴
+			- mx.autos ⁴
+
+			- axis ¹
+			- id.berita ⁵
+
+			- au.biz ⁷
+			- nz.biz ⁷
+
+			- \w\w.careers:		(works; mismatched, CN: www.yahoo.com)
+
+				- au
+				- ca
+				- de
+				- fr
+				- hk
+				- id
+				- ie
+				- in
+				- it
+				- jp
+				- my
+				- no
+				- ph
+				- qc ¹
+				- sg
+				- tw
+				- uk
+				- us
+				- vn
+
+			- malaysia.careers ¹
+			- cars ¹
+			- tw.help.cc ¹
+			- cine ¹
+			- cn		(reset)
+			- connectedtv	(works; mismatched, CN: smarttv.yahoo.com)
+			- cl.deportes ⁴
+			- co.deportes ⁴
+			- es.deportes ⁴
+			- pe.deportes ⁴
+			- ve.deportes ⁴
+			- www.developer ¹
+			- au.dir ⁷
+			- au.docs	(works; mismatched, CN: *.yahoo7.com.au)
+			- hk.ent ⁴
+			- br.esportes ⁴
+			- es.everything ⁴
+			- fr.eurosport ⁴
+			- fr.divertissement ⁵
+			- dk ⁴
+			- fantasysports ⁴
+			- es.laliga.fantasysports ⁴
+			- tw.fashion ⁵
+			- feedback ⁴
+			- chart.finance ⁴
+			- ichart.finance ⁴
+			- ie.finance ⁴
+			- kr.finance	(404, valid cert)
+			- au.food	(403; mismatched, CN: *.yahoo7.com.au)
+			- nz.food	(403; mismatched, CN: *.yahoo7.com.au)
+			- au.forums ⁷
+
+			- games subdomains:
+
+				- br ⁴
+				- de ⁴
+				- es ⁴
+				- fr ⁴
+				- id ⁴
+				- it ⁴
+				- malaysia ⁴
+				- nz ⁴
+				- ph ⁴
+
+			- it.giochi ⁵
+			- ie.groups ⁴
+			- kr.gugi ⁴
+			- au.gwn7	(mixed css from l.yimg.com)
+			- fr.help ⁴
+			- help.cc.hk ⁴
+			- home ⁴
+			- fr.jeux ⁵
+			- es.juegos ⁵
+			- kr ⁴
+
+			- lifestyle subdomains:
+
+				- ar ⁴
+				- br ⁴
+				- ca ⁴
+				- es ⁴
+				- es-us ⁴
+				- fr ⁴
+				- ie ⁴
+				- it ⁴
+
+			- ca.local	(dropped, redirect destination cert mismatched)
+			- fr.local ⁴
+			- es.maps ⁴
+			- in.maps ⁴
+			- kr.maps ⁴
+			- mx.maps ⁴
+			- nz.maps ⁴
+
+			- external.global.media ⁵
+			- au.messages ⁷
+			- ie.messenger ⁴
+			- nz.messenger ⁷
+			- tw.messenger ⁴
+			- dk.mobile ⁴
+			- ie.mobile ⁴
+			- no.mobile ⁴
+			- webservices.mobile	(works, self-signed)
+			- tw.atm.money		(works; mismatched, CN: tw.campaign.money.yahoo.com)
+
+			- br.movies ¹
+			- fr.movies ¹
+			- es.movies ⁴
+			- es-us.movies ⁴
+			- it.movies ⁴
+
+			- br.mulher ⁵
+			- hk.music ¹
+			- tw.music ⁵
+			- fr.musique ⁵
+
+			- news subdomains:
+
+				- ar ⁴
+				- br ⁴
+				- cl ⁴
+				- co ⁴
+				- de ⁴
+				- dk ⁴
+				- id ⁴
+				- ie ⁴
+				- it ⁴
+				- mx ⁴
+				- pe ⁴
+				- qc ⁴
+				- au.rss	(mixed css from l.yimg.com)
+				- ve ⁴
+
+			- no ⁴
+			- notepad	(works; mismatched, CN: *.calendar.yahoo.com)
+			- it.notizie ⁵
+
+			- on ⁴
+			- it.oroscopo ⁵
+			- fr.pourelles ⁵
+			- br.esporteinterativo ⁵
+			- id.olahraga ⁵
+			- au.prime7	(mixed css from l.yimg.com)
+			- realestate ⁴
+			- ru ⁴
+
+			- safely subdomains: ⁴
+
+				- ar
+				- br
+				- cl
+				- es
+				- es-us
+				- malaysia
+				- pe
+				- ve
+				- vn
+
+			- cn.search ⁴
+			- my.images.search ⁴
+			- kr.images.search ⁴
+			- nz.maps.search ⁴
+			- my.search ⁴
+			- my.video.search ⁴
+			- kr.searchad ¹
+
+			- ph.she ⁵
+			- fr.sites ⁵
+
+			- de.solutions ¹
+			- es.solutions ¹
+			- fr.solutions ¹
+			- it.solutions ¹
+			- nz.solutions ⁷
+			- uk.solutions ¹
+
+			- sport ⁴
+
+			- sports subdomains:
+
+				- ar ⁴
+				- br ⁴
+				- de ⁴
+				- es ⁴
+				- id ⁴
+				- in ⁴
+				- uk ⁴
+
+			- br.tempo ⁵
+			- es.tendencias ⁵
+			- au.todaytonight	(403, valid cert)
+
+			- au.travel ⁷
+			- ca.travel ⁴
+			- id.travel ⁴
+			- my.travel ⁴
+			- nz.travel ⁷
+			- ph.travel ⁴
+			- uk.travel ⁴
+			- ca.tv ⁴
+			- pe.tv ⁴
+
+			- video subdomains:
+
+				- ^ ⁴
+				- ar ⁴
+				- au ⁴
+				- br ⁴
+				- ca ⁴
+				- co ⁴
+				- de ⁴
+				- es ⁴
+				- es-us ⁴
+				- fr ⁴
+				- hk ⁴
+				- in ⁴
+				- it ⁴
+				- pe ⁴
+				- mx ⁴
+				- uk ⁴
+				- ve ⁴
+
+			- fr.voyage	(works; expired 2013-01-08, mismatched, CN: uk.travel.yahoo.com)
+
+			- weather subdomains:
+
+				- ar ⁴
+				- au ⁴
+				- br ⁴
+				- cl ⁴
+				- co ⁴
+				- de ⁴
+				- es ⁴
+				- espanol ⁴
+				- fr ⁴
+				- it ⁴
+				- kr ⁴
+				- mx ⁴
+				- pe ⁴
+				- tw ⁴
+				- mx ⁴
+				- ve ⁴
+
+			- widgets		(works; mismatched, CN: smarttv.yahoo.com)
+			- au.youth		(works; mismatched, CN: yahoo.com.au)
+
+
+		- (www.)yhoo.it ⁴		(bit.ly alias)
+
+	¹ Dropped
+	² Works, mismatched, CN: *.ysm.yahoo.com
+	³ Works; mismatched, CN: builder.totaltravel.com
+	⁴ Refused
+	⁵ Works; mismatched, CN: *.news.yahoo.com
+	⁶ Works; mismatched, CN: address.yahoo.com
+	⁷ "Incorrect Host in URL"
 
 
 	Partially covered domains:
@@ -121,16 +478,13 @@
 
 		- yahoo.com subdomains:
 
-			- contributor *
-			- uk.contributor *
-			- developer		(homepage redirects to http)
-			- java.europe		(→ s.yimg.com)
+			- advertisingcentral ¹	(→ advertising)
+			- fantasysports ¹	(-> sports)
+			- in.sports		(→ cricket, /*(?!$) doesn't redirect)
+			- nz.video		(→ nz.news, \w.* 404s)
 
-		- contextualads.yahoo.net	(→ akamai, avoiding user-visible paths)
-		- investor.yahoo.net		(→ investor.shareholder.com)
-		- uk.health.lifestyle.yahoo.net	(→ s.yimg.com)
-
-	* Ssome (most?) pages redirect to http
+	¹ Some paths other than root don't redirect
+	⁵ Avoiding false/broken MCB
 
 
 	Fully covered domains:
@@ -139,18 +493,183 @@
 
 		- (www.)totaltravel.co.uk	(→ au.totaltravel.yahoo.com)
 
-		yahoo.com subdomains:
+		- yahoo.com subdomains:
+
+			- (www.)
+
+			- \w\w:
+
+				- ar
+				- au
+				- br
+				- ca
+				- cl
+				- cn	(→ sg)
+				- co
+				- de
+				- dk	(→ www)
+				- e1	(→ espanol)
+				- es
+				- fr
+				- gr
+				- hk
+				- id
+				- ie
+				- in
+				- it
+				- kr	(→ tools.search)
+				- mx
+				- no	(→ www)
+				- nz
+				- pe
+				- ph
+				- qc
+				- ru	(→ www)
+				- se
+				- sg
+				- tw
+				- ve
+				- vn
+				- uk
+				- us
+
+			- fr.actualites		(→ fr.news)
+			- fr-ca.actualites
+			- address
+
+			- \w\w.address:
+
+				- ca
+				- e1
+				- fr
+				- hk
+				- nz
+
+			- admanager
+
+			- \w\w.adserver:
+
+				- au
+				- uk
+				- us
+
+			- global.adserver
+			- adspecs
+
+			- \w+.adspecs:
+
+				- au
+				- de
+				- es
+				- fr
+				- hk
+				- in
+				- it
+				- latam
+				- nz
+				- sea
+				- uk
+
+			- \w+.adspecs-new:
+
+				- in
+				- sea
+
+			- advertising
+
+			- \w\w.advertising:
+
+				- au
+				- ca
+				- fr
+				- nz
 
-			- uk.adserver
-			- us.adserver
 			- beap.adx
 			- c5.ah
+			- c5a.ah
 			- cookex.amp
 			- s-cookex.amp
-			- [aoyz].analytics
-			- y3.analytics
+
+			- analytics subdomains:
+
+				- [aoyz]
+				- apac
+				- y3
+
+			- anc
+			- answers
+
+			- \w\w.answers:
+
+				- ar
+				- au
+				- br
+				- ca
+				- cl	(→ espanol.answers)
+				- co	(→ espanol.answers)
+				- de
+				- es
+				- fr
+				- id
+				- in
+				- it
+				- mx
+				- nz
+				- pe	(→ espanol.answers)
+				- ph
+				- qc
+				- sg
+				- uk
+				- ve	(→ espanol.answers)
+				- vn
+
+			- espanol.answers
+			- malaysia.answers
+
+			- antispam
+
+			- \w\w.antispam:
+
+				- ca
+				- dk
+				- fr
+				- in
+
+			- vn.antoan
+			- au.apps
 			- global.ard
 
+			- \w\w.astrology:
+
+				- au	(→ au.lifestyle)
+				- ca	(→ ca.shine)
+				- es
+				- fr
+				- nz	(→ nz.lifestyle)
+				- uk
+
+			- auctions subdomains:
+
+				- hk
+				- hk.info
+				- hk.f1.master
+				- hk.f1.page
+				- hk.search
+				- hk.store
+				- hk.edit.store
+				- hk.user
+
+			- autos
+
+			- \w\w.autos:
+
+				- ca
+				- ar	(→ ar.autocosmos.yahoo.net)
+				- de	(→ de.cars)
+				- fr	(→ fr.cars)
+				- mx	(→ mx.autocosmos.yahoo.net)
+				- tw
+
 			- bc subdomains:
 
 				- clicks.beap
@@ -159,29 +678,569 @@
 				- row
 				- us
 
+			- axis		(→ www)
+			- ar.ayuda
+
+			- bid subdomains:
+
+				- tw.campaign
+				- tw.master
+				- tw.mb
+				- tw.page
+				- tw.search
+				- tw.store
+				- tw
+				- tw.user
+
+			- tw.bigdeals
+			- m.tw.bigdeals
+			- tw.billing
+			- biz
+			- au.biz	(→ au.finance)
+			- nz.biz	(→ nz.finance)
+			- boss
+			- tw.partner.buy
+			- tw.buy
+			- calendar
+
+			- \w\w.calendar:
+
+				- ar
+				- au
+				- br
+				- ca
+				- de
+				- dk
+				- es
+				- fr
+				- gr
+				- hk
+				- ie
+				- in
+				- it
+				- no
+				- nz
+				- se
+				- sg
+				- tw
+				- uk
+				- us
+
+			- careers
+
+			- \w\w.careers	(→ careers)
+
+				- ar
+				- au
+				- br
+				- ca
+				- cl
+				- de
+				- fr
+				- es
+				- hk
+				- id
+				- ie
+				- in
+				- it
+				- jp
+				- mx
+				- my
+				- no
+				- ph
+				- qc
+				- nz
+				- sg
+				- tw
+				- uk
+				- us
+				- vn
+
+			- malaysia.careers	(→ careers)
+
+			- cars		(→ autos)
+
+			- \w\w.cars:
+
+				- de
+				- es
+				- fr
+				- it
+				- uk
+
+			- \w\w.celebridades:
+
+				- ar
+				- br
+				- co
+				- mx
+
+			- es-us.celebridades
+
+			- celebrity
+
+			- \w\w.celebrity:
+
+				- ca
+				- es
+				- gr
+				- id
+				- in
+				- it
+				- hk
+				- ph
+				- tw
+				- uk
+
+			- tw.help.cc	(→ help)
+			- tw.charity
+			- chart
+			- cine		(→ es-us.cine)
+
+			- \w\w.cine:
+
+				- cl
+				- co
+				- es
+				- mx
+				- pe
+				- ve
+
+			- es-us.cine
+
+			- \w\w.cinema:
+
+				- br
+				- fr
+				- it
+
+			- \w\w.clima:
+
+				- cl
+				- co
+				- mx
+				- pe
+				- ve
+
+			- es-us.clima
 			- migration.cn
+			- commercecentral
+			- developers.commercecentral
+			- connectedtv			(→ smarttv)
 			- br.contribuidores
-			- edit
-			- na.edit
+			- contributor
+			- uk.contributor
+			- cricket
+			- csync
+			- au.dating
+
+			- \w\w.deportes:
+
+				- ar
+				- cl	(→ es-us.deportes)
+				- co	(→ es-us.deportes)
+				- es	(→ es.eurosport)
+				- mx
+				- pe	(→ pe-us.deportes)
+				- ve	(→ ve-us.deportes)
+
+			- es-us.deportes
+			- (www.)developer	(www → ^)
+			- tw.dictionary
+			- dir
+			- au.dir	(→ au.search)
+			- downloads
+			- s-b.dp
+
+			- edit subdomains:
+
+				- ^
+				- eu
+				- na
+				- sa
+				- tw
+
+			- tw.emarketing
+			- tw.ysm.emarketing
+			- en-maktoob
+			- hk.ent		(→ hk.celebrity)
+
+			- \w\w.entertainment:
+
+				- my
+				- nz
+
+			- espanol
 			- edit.europe
+			- java.europe		(→ adgallery.zenfs.com)
+
+			- eurosport subdomains:
+
+				- ^
+				- de
+				- es
+				- fr	(→ fr.sports)
+				- it
+				- uk
+
+			- everything
+
+			- \w\w.everything:
+
+				- ca
+				- es		(→ es.todo)
+				- nz
+				- ph
+				- pt
+				- tw
+				- uk
+
+			- au.fango
+
+			- \w+.fantasysports:
+
+				- baseball
+				- football
+				- golf
+				- hockey
+				- racing
+
+			- es.laliga.fantasysports	(→ es.eurosport)
+			- tw.fashion
+			- feedback		(→ yahoo.uservoice.com)
+			- br.financas
+			- finance
+
+			- \w\w.finance:
+
+				- ar
+				- au
+				- br
+				- ca
+				- de
+				- es
+				- fr
+				- hk
+				- ie		(→ uk.finance)
+				- in
+				- it
+				- kr		(→ tools.search)
+				- mx
+				- nz
+				- sg
+				- tw
+				- uk
+
+			- chart.finance		(→ chart)
+			- tw.chart.finance
+			- espanol.finance
+			- tw.futures.finance
+			- ichart.finance	(→ ichart)
+			- streamerapi.finance
+
+			- \w\w.finanzas:
+
+				- ar
+				- mx
+
+			- es-us.finanzas
+
+			- food subdomains:
+
+				- au		(→ au.lifestyle)
+				- nz		(→ nz.lifestyle)
+				- nz.rss
+
+			- au.forums		(→ au.answers)
+			- nz.forums
+
+			- games subdomains:
+
+				- ^
+				- au
+				- ca
+				- de		(→ de.spiele)
+				- id		(→ games)
+				- malaysia	(→ games)
+				- nz.games	(→ games)
+				- ph		(→ games)
+				- uk
+
 			- geo
+			- gma
+			- groups
+
+			- \w\w.groups:
+
+				- ar
+				- au
+				- br
+				- ca
+				- de
+				- dk
+				- es
+				- fr
+				- hk
+				- ie	(→ uk.groups)
+				- in
+				- it
+				- kr
+				- mx
+				- nz
+				- ph
+				- sg
+				- tw
+				- uk
+				- us
+
+			- asia.groups
+			- espanol.groups
+			- es-us.groups
+			- fr-ca.groups
+			- moderators.groups
+			- kr.gugi	(→ tools.search)
+			- health
 			- help
+
+			- \w\w.help:
+
+				- au
+				- br
+				- ca
+				- dk
+				- fr	(→ help)
+				- hk
+				- io
+				- tw
+				- uk
+
 			- secure.help
+			- help.cc.hk	(→ help)
+			- home		(→ homes)
+			- homes
+			- tw.house
+			- tw.v2.house
+			- ichart
+			- info
+
+			- \w\w.info:
+
+				- tw
+
+			- tw.tool.ks
+			- au.launch
 			- legalredirect
+
+			- \w\w.lifestyle:
+
+				- ar	(→ ar.mujer)
+				- au
+				- ca	(→ ca.shine)
+				- de
+				- hk
+				- ie	(→ uk.lifestyle)
+				- in
+				- it
+				- mx	(→ mx.mujer)
+				- nz
+				- uk
+
+			- es-us.lifestyle	(→ ar.mujer)
 			- login
-			- us.lrd
 			- gh.bouncer.login
-			- r.m			(→ s.yimg.com)
+			- us.lrd
+			- local
+
+			- \w\w.local:
+
+				- au
+				- de
+				- fr	(→ fr)
+				- uk
+
+			- m
+			- r.m
+
+			- \w\w.m:
+
+				- ar
+				- au
+				- br
+				- ca
+				- cn
+				- de
+				- es
+				- fr
+				- hk
+				- id
+				- ie
+				- in
+				- it
+				- kr
+				- ph
+				- qc
+				- se
+				- sg
+				- mx
+				- tw
+				- uk
+				- us
+				- vn
+
 			- mail
 
 			- *.mail:
 
+				- ar
+				- au
+				- co
+				- e1
+				- es
+				- fr
+				- it
+				- mrd
+				- my
 				- overview
+
+				- \w\w.overview:
+
+					- br
+					- ca
+					- co
+					- e1
+					- hk
+					- ph
+					- tw
+					- uk
+					- us
+
+				- ph
+				- th
+				- tw
 				- us-mg6
+				- vn
 				- c.c.yom
 				- \w+-c.c.yom
 
+			- maktoob
+			- malaysia
+			- tw.mall
+			- tw.user.mall
+			- maps
+
+			- \w\w.maps:
+
+				- au
+				- ca
+				- de
+				- es	(→ es.search)
+				- fr
+				- in	(→ maps)
+				- it
+				- kr	(→ tools.search)
+				- mx	(→ espanol.maps)
+				- nz	(→ nz.search)
+				- qc
+				- tw
+				- uk
+
+			- espanol.maps
+			- sgws2.maps
+			- au.messages	(→ au.answers)
+			- messenger
+
+			- \w\w.messenger:
+
+				- ar
+				- au
+				- br
+				- ca
+				- cf
+				- cl
+				- co
+				- de
+				- e1
+				- es
+				- fr
+				- hk
+				- id
+				- ie	(→ uk.messenger)
+				- in
+				- it
+				- kr
+				- mx
+				- my
+				- nz	(→ messenger)
+				- pe
+				- ph
+				- qc
+				- sg
+				- th
+				- tw	(→ hk)
+				- uk
+				- us
+				- ve
+				- vn
+
+			- malaysia.messenger
+			- \w\w.meteo:
+
+				- fr
+				- it
+
 			- mlogin
+			- mobile
+
+			- \w\w.mobile:
+
+				- ar
+				- au
+				- br
+				- ca
+				- de
+				- dk	(→ www)
+				- es
+				- fr
+				- hk
+				- id
+				- ie	(→ uk.mobile)
+				- in
+				- it
+				- mx
+				- my
+				- nz
+				- no	(→ www)
+				- ph
+				- qc
+				- sg
+				- th
+				- tw
+				- uk
+				- us
+				- vn
+
+			- espanol.mobile
+			- malaysia.mobile
+			- tw.campaign.money
+			- tw.money
+
+			- tw.movie
+
+			- movies subdomains:
+
+				- ^
+				- au
+				- br		(→ br.cinema)
+				- ca
+				- es		(→ es.cine)
+				- espanol	(→ es-us.cine)
+				- fr		(→ fr.cinema)
+				- it		(→ it.cinema)
+				- nz
+				- au.rss
+				- nz.rss
+				- tw
+				- uk
 
 			- *.msg:
 
@@ -193,25 +1252,664 @@
 				- ycpi-mail-rest-core
 				- ycpi-mail-rest-core2
 
+			- \w\w.mujer:
+
+				- ar
+				- co
+				- mx
+
+			- es-us.mujer
+
+			- music subdomains:
+
+				- ^
+				- ca
+				- hk	(→ hk.celebrity)
+				- tw	(→ tw.music.yahoo.net)
+
+			- [\w-]+\.musica:
+
+				- es-us
+				- mx
+
+			- my
+			- add.my
+			- us.my
+			- de.nachrichten
 			- ucs.netsvs
+
+			- news subdomains:
+
+				- ^
+				- ar	(→ ar.noticias)
+				- au
+				- br	(→ br.noticias)
+				- au
+				- ca
+				- cl	(→ cl.noticias)
+				- co	(→ co.noticias)
+				- dk	(→ www)
+				- es	(→ es.noticias)
+				- fr
+				- gr
+				- hk
+				- ie	(→ uk.news)
+				- in
+				- mx	(→ mx.noticias)
+				- my
+				- nz
+				- pe	(→ pe.noticias)
+				- ph
+				- nz.rss
+				- sg
+				- tw
+				- uk
+				- ve	(→ ve.noticias)
+				- vn
+
 			- cookiex.ngd
+
+			- \w\w.noticias
+
+				- ar
+				- br
+				- cl
+				- co
+				- es
+				- mx
+				- pe
+				- ve
+
+			- es-us.noticias
+			- omg
+
+			- \w\w.omg:
+
+				- ar
+				- br
+				- co
+				- es
+				- it
+				- mx
+				- ph
+				- tw
+
+			- es-us.omg
+			- on		(→ pilotx1)
+			- au.oztips
 			- rtb.pclick
-			- analytics.query
-			- mailapps.query
-			- media.query
-			- ucs.query
+			- pilotx1
+			- pipes
+			- play
+			- playerio
+			- privacy
+			- profile
+			- tw.promo
+
+			- au.promotions
+			- hk.promotions
+			- nz.promotions
+
+			- publishing
+
+			- query subdomains:
+
+				- analytics
+				- mailapps
+				- media
+				- ucs
+				- us-locdrop
+				- video
+
+			- realestate	(→ homes)
+			- tw.rd
 			- us.rd
+
+			- safely
+
+			- \w\w.safely:
+
+				- ar	(→ ar.seguridad)
+				- au
+				- ca
+				- cl	(→ cl.seguridad)
+				- co
+				- de
+				- fr
+				- hk
+				- id
+				- in
+				- it
+				- mx	(→ mx.seguridad)
+				- my
+				- nz
+				- pe	(→ pe.seguridad)
+				- ph
+				- sg
+				- tw
+				- uk
+				- ve	(→ ve.seguridad)
+
+			- es-us.safely		(→ es.us.seguridad)
+			- fr-ca.safely
+			- malaysia.safely	(→ my.safely)
+
+			- screen
+
+			- \w\w.screen:
+
+				- ar
+				- br
+				- ca
+				- co
+				- de
+				- es
+				- fr
+				- hk
+				- in
+				- it
+				- mx
+				- tw
+				- uk
+
+			- es-us.screen
+			- scribe
+
+			- search subdomains:
+
+				- ^
+
+				- \w\w:
+
+					- ar
+					- au
+					- be
+					- br
+					- ca
+					- cl
+					- cn	(→ sg)
+					- co
+					- de
+					- dk
+					- es
+					- fi
+					- fr
+					- gr
+					- hk
+					- id
+					- ie
+					- in
+					- it
+					- kr
+					- mx
+					- my	(→ malaysia)
+					- nl
+					- no
+					- nz
+					- pe
+					- ph
+					- ru
+					- se
+					- sg
+					- tw
+					- uk
+					- ve
+					- vn
+
+				- \w\w.blog:
+
+					- tw
+
+				- \w\w.dictionary:
+
+					- tw
+
+				- finance
+
+				- \w\w.finance:
+
+					- au
+					- nz
+
+				- images
+
+				- \w\w.images:
+
+					- ar
+					- au
+					- br
+					- ca
+					- cn	(→ sg.images.search)
+					- de
+					- dk
+					- es
+					- fi
+					- fr
+					- hk
+					- id
+					- in
+					- it
+					- kr	(→ kr.search)
+					- nl
+					- mx
+					- my	(→ malaysia.images.search)
+					- no
+					- nz
+					- pe
+					- ph
+					- qc
+					- ru
+					- se
+					- sg
+					- tw
+					- uk
+					- ve
+					- vn
+
+				- malaysia.images
+
+				- \w\w.knowledge:
+
+					- tw
+
+				- \w\w.lifestyle:
+
+					- au
+					- nz
+
+				- \w\w.local:
+
+					- tw
+
+				- malaysia
+
+				- nz.maps	(→ nz.search)
+
+				- \w\w.news:
+
+					- ar
+					- au
+					- ca
+					- de
+					- fr
+					- sg
+					- tw
+					- uk
+
+				- malaysia.news
+
+				- movies
+
+				- \w\w.movies:
+
+					- au
+					- ca
+					- es
+					- fr
+					- it
+					- nz
+					- sg
+					- uk
+
+				- news
+
+				- \w\w.news:
+
+					- ar
+					- au
+					- br
+					- es
+					- fr
+					- it
+					- nz
+					- pe
+					- sg
+					- uk
+
+				- r
+				- recipes
+
+				- \w\w.recipes:
+
+					- ar
+					- au
+					- br
+					- es
+					- fr
+					- it
+					- mx
+					- nz
+					- tw
+					- uk
+
+				- shine
+				- shopping
+
+				- \w\w.shopping:
+
+					- tw
+
+				- sports
+
+				- \w\w.sports:
+
+					- au
+					- nz
+
+				- profiles.sports
+				- tools
+				- au.tv
+				- video
+
+				- \w\w.video:
+
+					- ar
+					- au
+					- br
+					- ca
+					- de
+					- es
+					- fr
+					- hk
+					- id
+					- in
+					- it
+					- mx
+					- my	(→ malaysia.video)
+					- nz
+					- ph
+					- qc
+					- sg
+					- tw
+					- uk
+					- vn
+
+				- malaysia.video
+
+			- kr.searchad		(→ tools.search)
+			- lh.secure
 			- rtb.pclick.secure
+			- security
+			- tw.security
+
+			- \w\w.seguranca:
+
+				- br
+
+			- \w\w.seguridad:
+
+				- ar
+				- cl
+				- co
+				- mx
+				- pe
+				- ve
+
+			- es-us.seguridad
+
+			- \w\w.seguro:
+
+				- seguro
+
+			- tw.serviceplus
+			- settings
+			- shine
+			- ca.shine
+			- shopping
+			- ca.shopping
+
+			- \w+.sitios:
+
+				- co
+				- mx
+
+			- dashboard.slingstone
+
+			- smallbusiness
+			- au.smallbusiness
 			- order.smallbusiness
+
+			- smarttv
+
+			- de.solutions	(→ de.adspecs)
+			- es.solutions	(→ es.adspecs)
+			- fr.solutions	(→ fr.adspecs)
+			- it.solutions	(→ it.adspecs)
+			- nz.solutions	(→ nz.advertising)
+			- uk.solutions	(→ uk.adspecs)
+
+			- rd.software
+			- de.spiele
+
+			- sport		(→ sports)
+
+			- sports subdomains:
+
+				- ^
+				- au
+				- ca
+				- de	(→ de.eurosport)
+				- es	(→ es.eurosport)
+				- fr
+				- hk
+				- nz
+				- ph
+				- au.rss
+				- nz.rss
+				- tw
+				- uk	(→ uk.eurosport)
+
+			- tw.stock
+			- subscribe
+			- au.thehype
+
+			- \w\w.tiempo:
+
+				- ar
+				- es
+
+			- au.todaytonight	(→ au.news)
+			- es.todo
+			- toolbar
+
+			- \w\w.toolbar:
+
+				- ar
+				- au
+				- br
+				- ca
+				- cl
+				- cn
+				- co
+				- de
+				- es
+				- fr
+				- hk
+				- id
+				- in
+				- it
+				- mx
+				- my
+				- nz
+				- pe
+				- ph
+				- sg
+				- tw
+				- uk
+				- ve
+				- vn
+
 			- data.toolbar
+			- malaysia.toolbar
 			- au.totaltravel
-			- yep.video
+			- nz.totaltravel
+			- transparency
+			- travel
+			- au.travel	(→ au.totaltravel)
+			- ca.travel	(→ travel)
+			- my.travel	(→ my.news)
+			- nz.travel	(→ nz.totaltravel)
+			- ph.travel	(→ ph.news)
+			- tw.travel
+			- uk.travel	(→ uk.lifestyle)
+
+			- tv subdomains:
+
+				- ^
+				- ar
+				- au
+				- br
+				- ca	(→ tv)
+				- de
+				- es
+				- es-us
+				- fr
+				- hk	(→ hk.celebrity)
+				- it
+				- mx
+				- nz
+				- pe	(→ es-us.tv)
+				- au.rss
+				- uk
+
+			- tw.uwant
+
+			- video subdomains:
+
+				- ^	(→ screen)
+				- ar	(→ ar.screen)
+				- au	(→ au.tv)
+				- br	(→ br.screen)
+				- ca	(→ ca.screen)
+				- co	(→ co.screen)
+				- de	(→ de.screen)
+				- es	(→ es.screen)
+				- es-us	(→ es-us.screen)
+				- fr	(→ fr.screen)
+				- hk	(→ help)
+				- in	(→ in.screen)
+				- it	(→ it.screen)
+				- mh
+				- mx	(→ mx.screen)
+				- nz
+				- pe	(→ es-us.screen)
+				- qos
+				- uk	(→ uk.screen)
+				- ve	(→ es-us.screen)
+				- yep
+
+			- weather subdomains:
+
+				- ^
+				- ar		(→ ar.tiempo)
+				- au
+				- ca
+				- cl		(→ cl.clima)
+				- co		(→ co.clima)
+				- es		(→ es.tiempo)
+				- espanol	(→ es-us.clima)
+				- fr		(→ fr.meteo)
+				- hk
+				- in
+				- it		(→ it.meteo)
+				- mx		(→ mx.clima)
+				- nz
+				- pe		(→ pe.clima)
+				- ph
+				- sg
+				- tw		(→ tw.news)
+				- uk
+				- us
+				- ve		(→ ve.clima)
+
+			- de.wetter
+			- widgets	(→ www)
+			- au.yel
+			- video.media.yql
+			- dmros.ysm
+
+
+	These altnames don't exist:
+
+		- manhattan.yahoo.com
+		- tw.moderation.money.yahoo.com
+
+
+	Observed cookie domains:
+
+		- . ¹
+		- .answers ²
+		- .auctions ¹
+		- .bid ¹
+		- .buy ⁴
+		- commercecentral
+		- developers.commercecentral ²
+		- .contributor ⁵
+		- tw.ysm.emarketing ³
+		- games ³
+		- homes ³
+		- au.local ³
+		- .maps ³
+		- .playerio ³
+		- profile ³
+		- .search ⁴
+		- .\w\w.tv ³
+		- tw.uwant ³
+		- .voices ⁵
+		- .www ³
 
-		- yahoo.net subdomains:
+	¹ Partially secured by us <= accounting for possible use on unsecurable domains
+	² Secured by server
+	⁵ Some secured by server, rest by us
+	³ Secured by us <= not secured by server
+	⁴ Not secured by us <= accounting for possible use on unsecurable domains
+	⁵ Not secured by us <= no tls support
 
-			- image-c.c.yom.mail
-			- lib.store
-			- order.store
+
+	Insecure cookies are set for these hosts:
+
+		- ads.yahoo.com
+
+
+	Mixed content:
+
+		- css, on:
+
+			- au.gwn7, tw.money, au.rss.news, and au.prime7 from l[13]?.yimg.com ¹
+
+		- Ads/web bugs, on:
+
+			- au.games from secure-us.imrworldwide.com ¹
+			- \w\w.celebrity, m, \w\w.m, and ar.mujer from csc.beap.bc.yahoo.com ¹
+			- au.news from au.adserver.yahoo.com ¹
+			- shine from www.facebook.com ¹
+
+		- Images, on:
+
+			- au.local from dacsisb9yvy2v.cloudfront.net ¹
+			- au.advertising, nz.advertising, au.answers, nz.answers, ph.answers, sg.answers, au, biz, \w\w.celebrity, cricket, nz.entertainment, eurosport, \w\w.eurosport, everything, au.fango, games, ichart, au.launch, nz.lifestyle, au.local, sg.messenger, tw.money, au.movies, nz.movies, au.news, nz.news, au.oztips, au.promotions, \w\w.safely, fr-ca.safely, search, \w\w.seguridad, es-us.seguridad, es.seguro, au.smallbusiness, au.rss.sports, nz.rss.sports, au.thehype, tw.toolbar, au.totaltravel, nz.totaltravel, au.tv, nz.tv, au.rss.tv, and nz.weather from l.yimg.com ¹
+			- ca.autos from yui.yahooapis.com ¹
+			- tw.info from l.yimg.com ¹
+			- tw.knowledge from tw.tool.ks ¹
+			- tw.knowledge from l.yimg.com ¹
+			- tw.money from ichart ¹
+			- tw.money from tw.news2.yimg.com ²
+			- tw.promo from www.adobe.com ¹
+			- au.totaltravel and nz.totaltravel from www.totaltravel.com ²
+			- \w\w.weather and de.wetter from media.zenfs.com ¹
+
+		- faivcon on tw from tw *
+
+		- Ads, on:
+
+			- fr.finance from www.borse.it ³
+			- tw.promo from www.facebook.com ¹
+			- de.kino from yahoo.quizaction.de ¹
+			- my.news from widgets.wego.com ²
+
+	¹ Secured by us
+	² Unsecurable
+	³ Unsecurable <= redirects to http
 
 
 	Reported to fix bug
@@ -227,31 +1925,32 @@
 	<target host="i.acdn.us" />
 	<target host="rocketmail.com" />
 	<target host="www.rocketmail.com" />
-	<target host="totaltravel.com" />
-	<target host="www.totaltravel.com" />
-		<exclusion pattern="^https?://(?:www\.)?totaltravel\.com/images/" />
-	<target host="totaltravel.co.uk" />
-	<target host="www.totaltravel.co.uk" />
+	<target host="yahoo.com" />
 	<target host="*.yahoo.com" />
-		<exclusion pattern="^http://(?:uk\.)?contributor\.yahoo\.com/(?!$|\?|account/|contributor/|help/|signup/)" />
-		<exclusion pattern="^https?://developer\.yahoo\.com/(?:$|\?)" />
-	<target host="*.yahoo.net" />
 		<!--
-			Avoid user-visible paths:
-							-->
-		<exclusion pattern="^http://contextualads\.yahoo\.net/(?!js/|style/)" />
+			Refused:
+					-->
+		<exclusion pattern="^http://(?:(?:cn|kr|tw)\.adspecs|(?:co|espanol|mx)\.astrology|kr\.mobile)\.yahoo\.com/" />
+		<!--
+			Redirect destination cert mismatched:
+								-->
+		<exclusion pattern="^http://ca\.local\.yahoo\.com/" />
+		<!--
+			Refused:
+					-->
+		<exclusion pattern="^http://cn\.overview\.mail\.yahoo\.com/" />
+		<!--exclusion pattern="^http://(cn|de|dk|id|ie|it|qc)\.news\.yahoo\.com/" /-->
 		<!--
-			Links images relative to /
+			Destination has mismatched cert:
 							-->
-		<exclusion pattern="^http://contextualads\.yahoo\.net/style/screen\.css" />
+		<exclusion pattern="^http://(?:br|es)\.safely\.yahoo\.com/" />
 	<target host="*.yahoofs.com" />
-	<target host="yhoo.it" />
 	<target host="ymail.com" />
 	<target host="www.ymail.com" />
 	<target host="*.zenfs.com" />
 
 
-	<!--	*All* Yahoo cookies are cross-domain cookies.
+	<!--	Some Yahoo cookies are cross-domain cookies.
 		It's a case of figuring out which ones
 		aren't needed on unsecurable pages.
 
@@ -287,156 +1986,470 @@
 
 				- Y
 
+		-->
+	<!--
+		Secured by server:
+					-->
+	<!--securecookie host="^\.answers\.yahoo\.com$" name="^answers3$" /-->
+	<!--securecookie host="^(developers\.)?commercecentral\.yahoo\.com$" name="^_rockstar_session$" /-->
+	<!--securecookie host="^\.contributor\.yahoo\.com$" name="^c$" /-->
+	<!--
+		Not secured by server:
+					-->
+	<!--securecookie host="^\.yahoo\.com$" name="^(AO|B|PH|T|Y|YLS|au_ytv|tt_currency|ypcdb)$" /-->
+	<securecookie host="^ads\.yahoo\.com$" name="^B$" />
+	<!--securecookie host="^\.auctions\.yahoo\.com$" name="^hkRecentHistory$" /-->
+	<!--securecookie host="^\.bid\.yahoo\.com$" name="^twRecentHistory$" /-->
+	<!--securecookie host="^commercecentral\.yahoo\.com$" name="^first_referer$" /-->
+	<!--securecookie host="^\.contributor\.yahoo\.com$" name="^ACSESS$" /-->
+	<!--securecookie host="^(\w\w\.celebridades|\w\w\.cinema|everything|\w\w\.financas|games|homes|\w\w\.news)\.yahoo\.com$" name="^AO$" /-->
+	<!--securecookie host="^tw\.ysm\.emarketing\.yahoo\.com$" name="^(device|is_c|tw_ysm_soeasy)$" /-->
+	<!--securecookie host="^(uk\.)?help\.yahoo\.com$" name="^(JSESSIONID|scav|scwysiwygparams)$" /-->
+	<!--securecookie host="^au\.local\.yahoo\.com$" name="^(aunz\.aulocal\.cookie|au_yloc)$" /-->
+	<!--securecookie host="^\.maktoob\.yahoo\.com$" name="^hpc$" /-->
+	<!--securecookie host="^\.maps\.yahoo\.com$" name="^MYCFL$" /-->
+	<!--securecookie host="^\.playerio\.yahoo\.com$" name="^playcodes-\d+$" /-->
+	<!--securecookie host="^profile\.yahoo\.com$" name="^YPRF$" /-->
+	<!--securecookie host="^\.search\.yahoo\.com$" name="^(SMW|sS|sSN)$" /-->
+	<!--securecookie host="^\.es\.tv\.yahoo\.com$" name="^tv_listings_last_time$" /-->
+	<!--securecookie host="^tw\.uwant\.yahoo\.com$" name="^uwwtutorial$" /-->
+	<!--securecookie host="^\.www\.yahoo\.com$" name="^fpc$" /-->
 
-			- images.search.yahoo.com
-
-				-jr
-
-					- \d
-
-			- news.yahoo.com
-
-				- AO
-
-					- o=1&s=1&dnt=1
+	<securecookie host="^\.yahoo\.com$" name="^(?:AO|B|SSL)$" />
+	<securecookie host="^(?:ads|\.analytics|\w\w\.celebridades|\w\w\.cinema|commercecentral|\.contributor|tw\.ysm\.emarketing|everything|\w\w\.financas|games|help|\w\w\.help|homes|\w\w\.local|\.mail|\.maps|\.maktoob|movies|\.?news|\w\w.news|\.playerio|profile|(?:us-locdrop|video)\.query|images\.search|fr\.images\.search|\.toolbar|\.\w\w\.tv|\.uk|\.?us|tw\.uwant|\.www)\.yahoo\.com$" name=".+" />
+	<securecookie host="^\.bid\.yahoo\.com$" name="^twRecentHistory$" />
+	<securecookie host="^\.auctions\.yahoo\.com$" name="^hkRecentHistory$" />
+	<securecookie host="^\.zenfs\.com$" name="^BX$" />
 
-				- grvinsights	(set by rma-api.gravity.com)
+	<!--	Could we secure any of these safely?
+							-->
+	<!--securecookie host="^\.yahoo\.com$" name="^(DK|PH|au_ytv|tt_currency)$" /-->
+	<!--securecookie host="^\.buy\.yahoo\.com$" name="^YAct$" /-->
+	<!--securecookie host="^\.my\.yahoo\.com$" name="^(myc|MYTMI|U_mtupes)$" /-->
+	<!--securecookie host="^\.search\.yahoo\.com$" name="^sSN$" /-->
 
-					- \w{32}
 
-				- ywadp\d+
+	<rule from="^http://i\.acdn\.us/"
+		to="https://s.yimg.com/ck/" />
 
-					- \d+
+	<rule from="^http://(?:www\.)?(?:rocket|y)mail\.com/"
+		to="https://mail.yahoo.com/" />
 
-			- .news.yahoo.com
+	<!--	Redirect drops path and args:
+						-->
+	<rule from="^http://fr\.actualites\.yahoo\.com/.*"
+		to="https://fr.news.yahoo.com/" />
 
-				- ywadp\d+
+	<rule from="^http://advertisingcentral\.yahoo\.com/+(?=$|\?)"
+		to="https://advertising.yahoo.com/" />
 
-					- \d+
+	<!--	Redirect preserves path and args:
+							-->
+	<rule from="^http://(?:cl|co|pe|ve)\.answers\.yahoo\.com/+"
+		to="https://espanol.answers.yahoo.com/" />
 
-			- .uk.yahoo.com
+	<!--	Redirect drops path but not args:
+							-->
+	<rule from="^http://(au|nz)\.astrology\.yahoo\.com/[^?]*"
+		to="https://$1.lifestyle.yahoo.com/horoscopes/" />
 
-				- epc
+	<!--	Redirect drops path and args:
+						-->
+	<rule from="^http://ca\.astrology\.yahoo\.com/.*"
+		to="https://ca.shine.yahoo.com/horoscope/" />
 
-					- 1
+	<!--	Redirect keeps path and args:
+						-->
+	<rule from="^http://(ar|mx)\.autos\.yahoo\.com/+"
+		to="https://$1.autocosmos.yahoo.net/" />
 
-				- fpc
+	<!--	Redirect keeps path and args:
+						-->
+	<rule from="^http://(de|fr)\.autos\.yahoo\.com/+"
+		to="https://$1.cars.yahoo.com/" />
 
-					- d=(\w+.){7}\w+- -&v=1
+	<!--	Redirect drops path but not args:
+							-->
+	<rule from="^http://(au|nz)\.biz\.yahoo\.com/[^?]*"
+		to="https://$1.finance.yahoo.com/news" />
+
+	<!--	Redirect keeps path and args:
+						-->
+	<rule from="^http://(ar|au|br|ca|cl|de|fr|es|hk|id|ie|in|it|jp|mx|my|no|nz|ph|sg|tw|uk|us|vn)\.careers\.yahoo\.com/+"
+		to="https://careers.yahoo.com/$1/" />
+
+	<!--	Redirect keeps path and args:
+						-->
+	<rule from="^http://malaysia\.careers\.yahoo\.com/+"
+		to="https://careers.yahoo.com/my/" />
+
+	<!--	Redirect keeps path and args:
+						-->
+	<rule from="^http://qc\.careers\.yahoo\.com/+"
+		to="https://careers.yahoo.com/ca/" />
+
+	<!--	Redirect preserves forward slash, path, and args:
+								-->
+	<rule from="^http://cars\.yahoo\.com/"
+		to="https://autos.yahoo.com/" />
+
+	<!--	Redirect drops path and args:
+						-->
+	<rule from="^http://(?:tw\.help\.cc|help\.cc\.tw)\.yahoo\.com/.*"
+		to="https://help.yahoo.com/kb/index?page=home&amp;locale=zh_TW" />
+
+	<!--	Redirect keeps path and args:
+						-->
+	<rule from="^http://cn\.yahoo\.com/+"
+		to="https://sg.yahoo.com/" />
+
+	<!--	Redirect keeps path and args:
+						-->
+	<rule from="^http://(?:cine|espanol\.movies)\.yahoo\.com/+"
+		to="https://es-us.cine.yahoo.com/" />
+
+	<!--	Redirect keeps path and args:
+						-->
+	<rule from="^http://(?:cl|co|pe|ve)\.deportes\.yahoo\.com/+"
+		to="https://es-us.deportes.yahoo.com/" />
+	<!--	Redirect keeps path and args:
+						-->
+	<rule from="^http://es\.deportes\.yahoo\.com/+"
+		to="https://es.eurosport.yahoo.com/" />
+
+	<!--	Redirect drops path but not args:
+						-->
+	<rule from="^http://www\.developer\.yahoo\.com/[^?]*"
+		to="https://developer.yahoo.com/" />
+
+	<!--	Redirect keeps path but not args:
+							-->
+	<rule from="^http://au\.dir\.yahoo\.com/+([^?]*).*"
+		to="https://au.search.yahoo.com/web?fr=$1" />
 
-				- FPCK
+	<rule from="^http://(?:dk|no|ru)\.yahoo\.com/+"
+		to="https://www.yahoo.com/" />
 
-					- \w{50}
+	<!--	Redirect keeps path and args:
+						-->
+	<rule from="^http://e1\.yahoo\.com/+"
+		to="https://espanol.yahoo.com/" />
 
-				- fpc_s
+	<rule from="^http://hk\.ent\.yahoo\.com/+"
+		to="https://hk.celebrity.yahoo.com/" />
 
-					- d=(\w+.){7}\w+- -&v=1
+	<rule from="^http://java\.europe\.yahoo\.com/"
+		to="https://adgallery.zenfs.com/" />
 
-				- fpt
+	<rule from="^http://fr\.eurosport\.yahoo\.com/"
+		to="https://fr.sports.yahoo.com/" />
 
-					- d=(\w+.){7}\w+- -&v=1
+	<!--	Server drops path and args:
+						-->
+	<rule from="^http://es\.everything\.yahoo\.com/.*"
+		to="https://es.todo.yahoo.com/" />
 
-				- fpps
+	<rule from="^http://fantasysports\.yahoo\.com/(?=$|\?)"
+		to="https://sports.yahoo.com/fantasy" />
 
-					- _page=%7B%22wsid%22%3A%22\d{10}%22%7D
+	<!--	Server drops path but not args:
+						-->
+	<rule from="^http://es\.laliga\.fantasysports\.yahoo\.com/+"
+		to="https://es.eurosport.yahoo.com/fantasy/la-liga/" />
 
-			- us.yahoo.com
+	<rule from="^http://feedback\.yahoo\.com/"
+		to="https://yahoo.uservoice.com/" />
 
-				- FBISC
+	<rule from="^http://(i)?chart\.finance\.yahoo\.com/"
+		to="https://$1chart.yahoo.com/" />
 
-					- \d{10}
+	<!--	Redirect drops path buy not args:
+							-->
+	<rule from="^http://connectedtv\.yahoo\.com/[^?]*"
+		to="https://smarttv.yahoo.com/" />
 
-				- ywadp\d+
+	<!--	Server keeps path and args:
+						-->
+	<rule from="^http://kr\.finance\.yahoo\.com/"
+		to="https://tools.search.yahoo.com/kr-eol.html" />
 
-					- \d+
+	<rule from="^http://(au|nz)\.food\.yahoo\.com/"
+		to="https://$1.lifestyle.yahoo.com/food/" />
 
-			- .us.yahoo.com
+	<!--	Server keeps path and args:
+						-->
+	<rule from="^http://de\.games\.yahoo\.com/+"
+		to="https://de.spiele.yahoo.com/" />
 
-				- fpc
+	<!--	Server keeps path and args:
+						-->
+	<rule from="^http://(?:id|malaysia|nz|ph)\.games\.yahoo\.com/+"
+		to="https://games.yahoo.com/" />
 
-					- d=(\w+.){4}\w+-&v=2
+	<!--	Redirect drops path and args:
+						-->
+	<rule from="^http://ie\.(finance|groups|lifestyle)\.yahoo\.com/.*"
+		to="https://uk.$1.yahoo.com/" />
 
-				- fpms
+	<!--	Redirect drops path but not args:
+							-->
+	<rule from="^http://au\.(?:answer|forum)s\.yahoo\.com/[^?]*"
+		to="https://au.answers.yahoo.com/" />
+
+	<!--	Redirect drops path and args:
+						-->
+	<rule from="^http://kr\.(?:gugi|maps|searchad)\.yahoo\.com/.*"
+		to="https://tools.search.yahoo.com/kr-eol.html" />
+
+	<rule from="^http://fr\.help\.yahoo\.com/+"
+		to="https://help.yahoo.com/l/fr/yahoo/helpcentral/" />
+
+	<!--	Redirect drops path and args:
+						-->
+	<rule from="^http://help\.cc\.hk\.yahoo\.com/.*"
+		to="https://help.yahoo.com/kb/index?page=home&amp;locale=zh_HK" />
+
+	<!--	Redirect keeps path and args:
+						-->
+	<rule from="^http://(?:home|realestate)\.yahoo\.com/+"
+		to="https://homes.yahoo.com/" />
+
+	<!--	Redirect keeps path and args:
+						-->
+	<rule from="^http://(ar|es-us|mx)\.lifestyle\.yahoo\.com/+"
+		to="https://$1.mujer.yahoo.com/" />
+
+	<rule from="^http://ca\.(?:lifestyle|shine)\.yahoo\.com/"
+		to="https://ca.shine.yahoo.com/" />
+
+	<!--	Redirect drops path and args:
+						-->
+	<rule from="^http://fr\.local\.yahoo\.com/.*"
+		to="https://fr.yahoo.com/" />
+
+
+	<!--	Redirect drops path and args:
+						-->
+	<rule from="^http://es\.maps\.yahoo\.com/.*"
+		to="https://es.search.yahoo.com/search/es?p=callejero+itinerarios&amp;y=y" />
+
+	<!--	Redirect drops path and args:
+						-->
+	<rule from="^http://in\.maps\.yahoo\.com/.*"
+		to="https://maps.yahoo.com/" />
+
+	<!--	Redirect keeps path and args:
+						-->
+	<rule from="^http://mx\.maps\.yahoo\.com/+"
+		to="https://espanol.maps.yahoo.com/" />
+
+	<!--	Redirect keeps path and args:
+						-->
+	<rule from="^http://nz\.maps\.yahoo\.com/+"
+		to="https://nz.search.yahoo.com/search/maps/" />
+
+	<!--	Redirect drops path and args:
+						-->
+	<rule from="^http://ie\.messenger\.yahoo\.com/.*"
+		to="https://uk.messenger.yahoo.com/" />
+
+	<!--	Redirect drops path but not args:
+							-->
+	<rule from="^http://nz\.messenger\.yahoo\.com/[^?].*"
+		to="https://messenger.yahoo.com/" />
+
+	<!--	Redirect drops path and args:
+						-->
+	<rule from="^http://ie\.mobile\.yahoo\.com/.*"
+		to="https://uk.mobile.yahoo.com/" />
+
+	<!--	Redirect keeps path and args:
+						-->
+	<rule from="^http://tw\.music\.yahoo\.com/+"
+		to="https://tw.music.yahoo.net/" />
+
+	<!--	Redirect drops path and args:
+						-->
+	<rule from="^http://(?:axis|(?:dk|no)\.mobile|dk\.news)\.yahoo\.com/.*"
+		to="https://www.yahoo.com/" />
+
+	<!--	Redirect keeps path and args:
+						-->
+	<rule from="^http://es\.movies\.yahoo\.com/+"
+		to="https://es.cine.yahoo.com/" />
+
+	<!--	Redirect keeps path and args:
+						-->
+	<rule from="^http://(br|fr|it)\.movies\.yahoo\.com/+"
+		to="https://$1.cinema.yahoo.com/" />
+
+	<!--	This rule must be above the main one:
+							-->
+	<rule from="^http://dps\.msg\.yahoo\.com/"
+		to="https://ycpi-mail-dps.msg.yahoo.com/" />
 
-					- p_\d{8}=%7B%22stream_filter%22%3A%22%3A%3A\d{13}%22%7D
+	<!--	Redirect drops path and args:
+						-->
+	<rule from="^http://hk\.(?:music|tv)\.yahoo\.com/.*"
+		to="https://hk.celebrity.yahoo.com/music/" />
 
-				- fpt
+	<rule from="^http://(ar|br|co|es|mx|pe)\.news\.yahoo\.com/+"
+		to="https://$1.noticias.yahoo.com/" />
 
-					- d=\w+.\w+.\w+&v=1
+	<!--	Redirect drops paths and args:
+						-->
+	<rule from="^http://ie\.news\.yahoo\.com/.*"
+		to="https://uk.news.yahoo.com/n/news_ireland.html" />
 
-			- .www.yahoo.com
-				- fpc
-					- d=.\w{14}.\w{56}.\w{27}.\w{22}._.\w{39}.\w{4}.\w{28}-&v=\d
-			- .s.yimg.com
-				- XCNM
+	<rule from="^http://on\.yahoo\.com/+"
+		to="https://pilotx1.yahoo.com/" />
 
-		Others observed:
+	<!--	Cert only matches us.rd,
+		all appear equivalent.
+					-->
+	<rule from="^http://rds?\.yahoo\.com/"
+		to="https://us.rd.yahoo.com/" />
 
-			- .search.yahoo.com
-				- sSN
-					-  \w{63}\.\w{22}\-{2}
+	<rule from="^http://(ar|cl|co|es-us|mx|pe|ve)\.safely\.yahoo\.com/+"
+		to="https://$1.seguridad.yahoo.com/" />
 
-		-->
-	<securecookie host="^\.yahoo\.com$" name="^(?:AO|B|SSL)$" />
-	<securecookie host="^\.(?:analytics|mail)\.yahoo\.com$" name=".+" />
-	<securecookie host="^news\.yahoo\.com$" name="^grvinsights$" />
-	<securecookie host="^.+-c\.c\.yom\.mail\.yahoo\.net$" name=".+" />
-	<securecookie host="^\.zenfs\.com$" name="^BX$" />
+	<rule from="^http://malaysia\.safely\.yahoo\.com/+"
+		to="https://my.safely.yahoo.com/" />
 
+	<!--	Redirect drops paths and args:
+						-->
+	<rule from="^http://cn\.search\.yahoo\.com/.*"
+		to="https://sg.search.yahoo.com/" />
 
-	<rule from="^http://i\.acdn\.us/"
-		to="https://s.yimg.com/ck/" />
+	<!--	Redirect drops paths and args:
+						-->
+	<rule from="^http://kr\.(?:images\.)?search\.yahoo\.com/.*"
+		to="https://kr.search.yahoo.com/" />
 
-	<rule from="^http://(?:www\.)?totaltravel\.co(?:m|\.uk)/"
-		to="https://au.totaltravel.yahoo.com/" />
+	<rule from="^http://my\.images\.search\.yahoo\.com/"
+		to="https://malaysia.images.search.yahoo.com/" />
 
-	<rule from="^http://(?:www\.)?(?:rocket|y)mail\.com/"
-		to="https://mail.yahoo.com/" />
+	<!--	Redirect keeps path and args:
+						-->
+	<rule from="^http://nz\.maps\.search\.yahoo\.com/+"
+		to="https://nz.search.yahoo.com/" />
 
-	<rule from="^http://java\.europe\.yahoo\.com/uk/"
-		to="https://s.yimg.com/zz/java.europe.yahoo.com/uk/" />
+	<rule from="^http://my\.search\.yahoo\.com/+"
+		to="https://malaysia.search.yahoo.com/" />
 
-	<rule from="^http://dps\.msg\.yahoo\.com/"
-		to="https://ycpi-mail-dps.msg.yahoo.com/" />
+	<!--	Redirect drops path but not args:
+							-->
+	<rule from="^http://(de|es|fr|it|uk)\.solutions\.yahoo\.com/[^?]*"
+		to="https://$1.adspecs.yahoo.com/" />
 
-	<rule from="^http://(u[ks]\.adserver|beap\.adx|c5\.ah|y\.analytics|calendar|(?:s-)?cookex\.amp|(?:[aosz]|y3)\.analytics|global\.ard|(?:clicks\.beap|csc\.beap|pn1|row|us)\.bc|migration\.cn|br\.contribuidores|(?:uk\.)?contributor|developer|(?:na\.)?edit|edit\.europe|geo|legalredirect|(?:gh\.bouncer\.)?login|us\.l?rd|(?:[\w-]+\.)?mail|mlogin|[\w\.-]+\.msg|ucs\.netsvs|cookiex\.ngd|rtb\.pclick|(?:analytics|mailapps|media|ucs)\.query|sec|rtb\.pclick\.secure|order\.smallbusiness|data\.toolbar|au\.totaltravel|yep\.video)\.yahoo\.com/"
-		to="https://$1.yahoo.com/" />
+	<rule from="^http://sport\.yahoo\.com/+"
+		to="https://sports.yahoo.com/" />
 
-	<rule from="^http://uk\.health\.lifestyle\.yahoo\.net/images/"
-		to="https://s.yimg.com/lq/lib/lsl/i/uk/" />
+	<rule from="^http://(de|es|uk)\.sports\.yahoo\.com/+"
+		to="https://$1.eurosport.yahoo.com/" />
 
-	<rule from="^http://(?:secure\.)?help\.yahoo\.com/"
-		to="https://secure.help.yahoo.com/" />
+	<rule from="^http://in\.sports\.yahoo\.com/+$"
+		to="https://cricket.yahoo.com/" />
 
-	<rule from="^http://r\.m\.yahoo\.com/"
-		to="https://s.yimg.com/zz/jg/" />
+	<!--	Server drops paths but not args:
+							-->
+	<rule from="^http://au\.todaytonight\.yahoo\.com/+\??$"
+		to="https://au.news.yahoo.com/today-tonight/" />
 
-	<rule from="^http://([\w-]+)\.c\.yom\.mail\.yahoo\.(com|net)/"
-		to="https://$1.c.yom.mail.yahoo.$2/" />
+	<rule from="^http://au\.todaytonight\.yahoo\.com/[^?]*"
+		to="https://au.news.yahoo.com/today-tonight/" />
 
-	<!--	Cert only matches us.rd,
-		all appear equivalent.
+	<!--	Redirect drops path but not args:
+							-->
+	<rule from="^http://(au|nz)\.travel\.yahoo\.com/[^?]*"
+		to="https://$1.totaltravel.yahoo.com/" />
+
+	<!--	Redirect keeps path and args:
+						-->
+	<rule from="^http://ca\.travel\.yahoo\.com/+"
+		to="https://travel.yahoo.com/" />
+
+	<!--	Redirect drops path and args:
+						-->
+	<rule from="^http://(my|ph)\.travel\.yahoo\.com/.*"
+		to="https://$1.news.yahoo.com/travel/" />
+
+	<!--	Redirect drops path and args:
+						-->
+	<rule from="^http://uk\.travel\.yahoo\.com/.*"
+		to="https://uk.lifestyle.yahoo.com/travel/" />
+
+	<rule from="^http://ca\.tv\.yahoo\.com/+"
+		to="https://tv.yahoo.com/" />
+
+	<!--	Redirect keeps path and args:
+						-->
+	<rule from="^http://pe\.tv\.yahoo\.com/+"
+		to="https://es-us.tv.yahoo.com/" />
+
+	<rule from="^http://((?:br|ca|de|es|es-us|fr|it|mx|uk)\.)?video\.yahoo\.com/+"
+		to="https://$1screen.yahoo.com/" />
+
+	<!--	Redirect drops path and args:
+						-->
+	<rule from="^http://(ar|co|in)\.video\.yahoo\.com/.*"
+		to="https://$1.screen.yahoo.com/" />
+
+	<!--	Redirect drops path and args:
+						-->
+	<rule from="^http://au\.video\.yahoo\.com/.*"
+		to="https://au.tv.yahoo.com/plus7/" />
+
+	<!--	Redirect keeps path and args:
+						-->
+	<rule from="^http://[pv]e\.video\.yahoo\.com/+"
+		to="https://es-us.screen.yahoo.com/" />
+
+	<!--	Redirect drops path and args:
+						-->
+	<rule from="^http://hk\.video\.yahoo\.com/.*"
+		to="https://help.yahoo.com/kb/index?page=home&amp;locale=zh_HK" />
+
+	<!--	Server doesn't redirect:
 					-->
-	<rule from="^http://rds?\.yahoo\.com/"
-		to="https://us.rd.yahoo.com/" />
-
-	<!--	This needs a craptonne of effort to work, as *every* link
-		points towards s.yimg.com/foo instead of shine.yahoo.com/foo.
-
-	<rule from="^https?://shine\.yahoo\.com/"
-		to="https://s.yimg.com/zz/shine.yahoo.com/" /-->
-
-	<rule from="^http://smallbusiness\.yahoo\.com/servicecheck\.php"
-		to="https://smallbusiness.yahoo.com/servicecheck.php" />
-
-	<rule from="^http://contextualads\.yahoo\.net/"
-		to="https://a248.e.akamai.net/f/1907/9547/9m/contextualads.yahoo.net/" />
-
-	<rule from="^http://investor\.yahoo\.net/common/"
-		to="https://investor.shareholder.com/common/" />
-
-	<rule from="^http://(lib|order)\.store\.yahoo\.net/"
-		to="https://$1.store.yahoo.net/" />
+	<rule from="^http://my\.video\.yahoo\.com/"
+		to="https://malaysia.video.yahoo.com/" />
+
+	<rule from="^http://nz\.video\.yahoo\.com/+(?:\?.*)?$"
+		to="https://nz.news.yahoo.com/video/" />
+
+	<!--	Redirect keeps path and args:
+						-->
+	<rule from="^http://(ar|es)\.weather\.yahoo\.com/+"
+		to="https://$1.tiempo.yahoo.com/" />
+
+	<!--	Redirect keeps path and args:
+						-->
+	<rule from="^http://(cl|co|mx|pe|ve)\.weather\.yahoo\.com/+"
+		to="https://$1.clima.yahoo.com/" />
+
+	<!--	Redirect keeps path and args:
+						-->
+	<rule from="^http://espanol\.weather\.yahoo\.com/+"
+		to="https://es-us.clima.yahoo.com/" />
+
+	<!--	Redirect keeps path and args:
+						-->
+	<rule from="^http://(fr|it)\.weather\.yahoo\.com/+"
+		to="https://$1.meteo.yahoo.com/" />
+
+	<!--	Redirect drops path and args:
+						-->
+	<rule from="^http://tw\.weather\.yahoo\.com/.*"
+		to="https://tw.news.yahoo.com/weather-forecast/" />
+
+	<!--	Redirect drops path but not args:
+						-->
+	<rule from="^http://widgets\.yahoo\.com/[^?]*"
+		to="https://www.yahoo.com/" />
+
+	<rule from="^http://((?:\w\w|fr-ca\.actualites|address|\w\w\.address|admanager|(?:\w\w|global)\.adserver|adspecs|\w+\.adspecs|\w+\.adspecs-new|advertising|\w\w\.advertising|beap\.adx|c5a?\.ah|(?:s-)?cookex\.amp|(?:[aosz]|apac|y3?)\.analytics|anc|answers|(?:\w\w|espanol|malaysia)\.answers|antispam|\w\w\.antispam|vn\.antoan|au\.apps|global\.ard|astrology|\w\w\.astrology|hk\.(?:(?:info|f1\.master|f1\.page|search|store|edit\.store|user)\.)?auctions|autos|\w\w\.autos|ar\.ayuda|(?:clicks\.beap|csc\.beap|pn1|row|us)\.bc|tw\.bid|tw\.(?:campaign|master|mb|page|search|store|user)\.bid|(?:m\.)?tw\.bigdeals|tw\.billing|biz|boss|(?:tw\.partner|tw)\.buy|(?:\w\w\.)?calendar|careers|\w\w\.cars|(?:\w\w|es-us)\.celebridades|(?:\w\w\.)?celebrity|tw\.charity|i?chart|(?:\w\w|es-us)\.cine|\w\w\.cinema|(?:\w\w|es-us)\.clima|migration\.cn|(?:deveopers\.)?commercecentral|br\.contribuidores|(?:uk\.)?contributor|csync|au\.dating|(?:\w\w|es-us)\.deportes|developer|tw\.dictionary|dir|downloads|s-b\.dp|(?:eu\.|na\.|sa\.|tw\.)?edit|tw\.(?:ysm\.)?emarketing|en-maktoob|\w\w\.entertainment|espanol|edit\.europe|eurosport|(?:de|es|it|uk)\.eurosport|everything|\w\w\.everything|\w+\.fantasysports|au\.fango|tw\.fashion|br\.financas|finance|(?:\w\w|tw\.chart|espanol|tw\.futures|streamerapi)\.finance|(?:\w\w|es-us)\.finanzas|nz\.rss\.food|nz\.forums|games|(?:au|ca|uk)\.games|geo|gma|groups|(?:\w\w|asia|espanol|es-us|fr-ca|moderators)\.groups|health|help|(?:\w\w|secure)\.help|homes|(?:tw|tw\.v2)\.house|info|\w\w\.info|tw\.tool\.ks|au\.launch|legalredirect|(?:\w\w)\.lifestyle|(?:gh\.bouncer\.)?login|us\.l?rd|local|\w\w\.local|m|r\.m|\w\w\.m|mail|(?:\w\w\.overview|[\w-]+(?:\.c\.yom)?)\.mail|maktoob|malaysia|tw\.(?:user\.)?mall|maps|(?:\w\w|espanol|sgws2)\.maps|messenger|(?:\w\w|malaysia)\.messenger|\w\w\.meteo|mlogin|mobile|(?:\w\w|espanol|malaysia)\.mobile|tw\.(?:campaign\.)?money|tw\.movie|movies|(?:au|ca|nz|au\.rss|nz\.rss|tw|uk)\.movies|[\w.-]+\.msg|(?:\w\w|es-us)\.mujer|music|ca\.music|[\w-]+\.musica|my|add\.my|us\.my|de\.nachrichten|ucs\.netsvs|news|(?:au|ca|fr|gr|hk|in|nz|ph|nz\.rss|sg|tw|uk)\.news|cookiex\.ngd|(?:\w\w|es-us)\.noticias|omg|(?:\w\w|es-us)\.omg|au\.oztips|rtb\.pclick|pilotx1|pipes|play|playerio|privacy|profile|tw\.promo|(?:au|hk|nz)\.promotions|publishing|(?:analytics|mailapps|media|ucs|us-locdrop|video)\.query|hk\.rd|(?:\w\w\.|fr-ca\.)?safely|screen|(?:\w\w|es-us)\.screen|scribe|search|(?:\w\w|w\w\.blog|\w\w\.dictionary|finance|\w\w\.finance|images|\w\w\.images|\w\w\.knowledge|\w\w\.lifestyle|\w\w\.local|malaysia|movies|\w\w\.movies|news|\w\w\.news|malaysia\.news|r|recipes|\w\w\.recipes|shine|shopping|\w\w\.shopping|sports|\w\w\.sports|tools|au\.tv|video|\w\w\.video|malaysia\.video)\.search|sec|lh\.secure|rtb\.pclick\.secure|security|tw\.security|\w\w\.seguranca|\w\w\.seguridad|es-us\.seguridad|\w\w\.seguro|tw\.serviceplus|settings|shine|ca\.shine|shopping|ca\.shopping|\w+\.sitios|dashboard\.slingstone|(?:au\.|order\.)?smallbusiness|smarttv|rd\.software|de\.spiele|sports|store|subscribe|(?:au|ca|fr|hk|nz|ph|profiles|au\.rss|nz\.rss|tw)\.sports|tw\.stock|au\.thehype|\w\w\.tiempo|es\.todo|toolbar|(?:\w\w|data|malaysia)\.toolbar|(?:au|nz)\.totaltravel|transparency|travel|tw\.travel||tv|(?:ar|au|de|fr|es|es-us|it|mx|nz|au\.rss|uk)\.tv|tw\.uwant|(?:mh|nz|qos|yep)\.video|weather|(?:au|ca|hk|in|nz|sg|ph|uk|us)\.weather|de\.wetter|www|au\.yel|video\.media\.yql|dmros\.ysm)\.)?yahoo\.com/"
+		to="https://$1yahoo.com/" />
 
 	<rule from="^http://([\w-]+)\.yahoofs\.com/"
 		to="https://$1.yahoofs.com/" />
diff --git a/src/chrome/content/rules/Yahoo_APIs.xml b/src/chrome/content/rules/Yahoo_APIs.xml
index 69964f44aa21..180f233626d7 100644
--- a/src/chrome/content/rules/Yahoo_APIs.xml
+++ b/src/chrome/content/rules/Yahoo_APIs.xml
@@ -2,7 +2,7 @@
 	For other Yahoo coverage, see Yahoo.xml.
 
 
-	Nonfunctional subdomains:
+	Nonfunctional hosts in *yahooapis.com:
 
 		- analyze
 		- bp *
@@ -11,37 +11,54 @@
 	* 404; mismatched, CN: s.yimg.com
 
 
-	Problematic subdomains:
+	Problematic hosts in *yahooapis.com:
 
 		- ^			(reset)
 		- search
 		- www			(works, mismatched, CN: developer.yahoo.com, differs from developer)
+		- yui ⁴
 
-
-	Fully covered subdomains:
-
-		- ^			(→ developer.yahoo.com)
-		- open.login
-		- query
-		- search		(→ developer.yahoo.com)
-		- yui			(→ yui-s.yahooapis.com)
-		- yui-s
+	⁴ 404; mismatched, CN: *.yimg.com; rewriting to yui-s doesn't always seem to work
 
 -->
-<ruleset name="Yahoo APIs (partial)">
+<ruleset name="Yahoo APIs.com (partial)">
 
-	<target host="yahooapis.com" />
-	<target host="*.yahooapis.com" />
+	<!--	Direct rewrites:
+				-->
+	<target host="csync.yahooapis.com" />
 	<target host="open.login.yahooapis.com" />
+	<target host="query.yahooapis.com" />
+	<target host="yui-s.yahooapis.com" />
+
+	<!--	Complications:
+				-->
+	<target host="yahooapis.com" />
+	<target host="yui.yahooapis.com" />
 
+		<exclusion pattern="^http://yui\.yahooapis\.com/+(?!2\.7\.0/build/fonts/|pure/)" />
 
-	<rule from="^http://(open\.login|query)\.yahooapis\.com/"
-		to="https://$1.yahooapis.com/" />
+			<!--	+ve:
+					-->
+			<test url="http://yui.yahooapis.com/2.9.0/build/yahoo-dom-event/yahoo-dom-event.js" />
+			<test url="http://yui.yahooapis.com/3.18.1/build/yui/yui-min.js" />
+			<test url="http://yui.yahooapis.com/3.7.2/build/loader/loader-min.js" />
+			<test url="http://yui.yahooapis.com/combo" />
 
-	<rule from="^http://(?:search\.)?yahooapis\.com/(?:.*)"
+			<!--	-ve:
+					-->
+			<test url="http://yui.yahooapis.com/2.7.0/build/fonts/fonts-min.css" />
+			<test url="http://yui.yahooapis.com/pure/0.6.0/pure-min.css" />
+
+
+	<rule from="^http://yahooapis\.com/.*"
 		to="https://developer.yahoo.com/" />
 
-	<rule from="^http://yui(?:-s)?\.yahooapis\.com/"
+		<test url="http://yahooapis.com//" />
+
+	<rule from="^http://yui\.yahooapis\.com/"
 		to="https://yui-s.yahooapis.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Yahoo_Japan.xml b/src/chrome/content/rules/Yahoo_Japan.xml
index ecb178103bb8..2f834ade6055 100644
--- a/src/chrome/content/rules/Yahoo_Japan.xml
+++ b/src/chrome/content/rules/Yahoo_Japan.xml
@@ -1,224 +1,193 @@
 <!--
 	For other Yahoo coverage, see Yahoo.xml
 
-
-	Nonfunctional domains:
-
-		- yahoo.co.jp subdomains:
-
-			- (www.) *
-			- advertising *
-			- rd.ane *
-
-			- auctions subdomains:
-
-				- ^ *
-				- closeduser *
-				- special *
-
-			- avtimg *
-			- blogs *
-			- img5.blogs *
-			- bookmarks *
-			- business *
-			- card **
-
-			- chiebukuro subdomains:
-
-				- answer *
-				- detail *
-				- list *
-				- my *
-				- note *
-
-			- commerceapp *
-			- creative-award *
-			- crowdsourcing *
-
-			- dailynews subdomains:
-
-				- ^ *
-				- backnumber *
-				- polls *
-
-			- docs *
-			- business.ec *
-			- guide.ec *
-			- geocities *
-			- headlines *
-			- kaitori	(redirects to http, valid cert)
-			- listing *
-			- loco *
-			- locoplace *
-			- mail *
-			- info.mail *
-
-			- news subdomains:
-
-				- bylines *
-				- promo *
-				- public *
-				- zasshi *
-
-			- otonato *
-			- im.ecnavi.ov *
-			- im.ov *
-
-			- partner subdomains:
-
-				- ^ *
-				- edit *
-				- event *
-				- search *
-
-			- premium **
-			- privacy *
-			- promotion *
-			- promotionalads *
-			- rd *
-			- rdsig *
-			- renai *
-			- otona.renai *
-
-			- search subdomains:
-
-				- ^ *
-				- chiebukuro *
-				- info *
-				- news *
-				- promo *
-
-			- searchblog *
-			- searchranking *
-			- seiji **
-			- senkyo *
-
-			- shopping subdomains:
-
-				- ^ *
-				- store *
-				- topics *
-				- tpoint *
-
-			- smartapp *
-			- spmanager *
-			- webtraining.stepup *
-			- worldfriends.stepup *
-			- bs.store *
-			- urd *
-			- yjaxc *
-
-	* Times out
-	** 404, valid cert
-
-	Problematic domains:
-
-		- id.yahoo.co.jp	(works; mismatched, CN: docs.id.yahoo.co.jp)
-		- stepup.yahoo.co.jp	(mismatched, CN: secure.stepup.yahoo.co.jp)
-		- item.shopping.c.yimg.jp	(works; mismatched, CN: *.c.yimg.jp)
-		- i.yimg.co.jp ***
-		- k.yimg.jp ***
-
-	*** Dropped
-
-
-	Partially covered domains:
-
-		- omiai.yahoo.co.jp		(at least some pages redirect to http)
-		- custom.search.yahoo.co.jp	(at least $ redirects to http)
-
-
-	Fully covered domains:
-
-		- yahoo.co.jp subdomains:
-
-			- adserver
-			- contact.advertising
-			- ard
-			- b[35-9]
-			- b10
-
-			- business subdomains:
-
-				- forms
-				- ols
-				- yadui
-
-			- biz-form.ec
-			- help
-			- docs.id
-			- login
-			- ms
-			- form.ms
-			- details.payment
-			- pclick
-			- points
-			- biz.points
-			- secure.promotionalads
-			- lot.sample
-			- s.sample
-			- odhistory.shopping
-			- stepup	(→ secure.stepup)
-			- secure.stepup
-			- order.store
-			- yeas
-
-		- www.yahoo-help.jp
-
-		- yimg.jp subdomains:
-
-			- ai		(→ s.yimg.jp)
-
-			- *.c:
-				- amd
-				- chie
-				- ident
-				- im
-				- lpt
-				- news
-				- puffer
-				- qr
-				- rpr
-
-			- i		(→ s.yimg.jp)
-			- k		(→ s.yimg.jp)
-			- s
-
-
-	^yahoo-help.jp does not exist.
-
+	Non-functional hosts
+		Couldn't connect to server:
+			 - bookmarks.yahoo.co.jp
+			 - backnumber.dailynews.yahoo.co.jp
+			 - help.yahoo.co.jp
+			 - kaitori.yahoo.co.jp
+			 - locoplace.yahoo.co.jp
+			 - public.news.yahoo.co.jp
+			 - spmanager.yahoo.co.jp
+
+		Timeout was reached:
+			 - img5.blogs.yahoo.co.jp
+			 - info.mail.yahoo.co.jp
+			 - chiebukuro.search.yahoo.co.jp
+			 - news.search.yahoo.co.jp
+			 - bs.store.yahoo.co.jp
+
+		Peer certificate cannot be authenticated with given CA certificates:
+			 - b12.yahoo.co.jp
+
+		SSL peer certificate was not OK:
+			 - polls.dailynews.yahoo.co.jp
+			 - business.ec.yahoo.co.jp
+			 - guide.ec.yahoo.co.jp
+			 - edit.partner.yahoo.co.jp
+			 - event.partner.yahoo.co.jp
+			 - search.partner.yahoo.co.jp
+			 - info.search.yahoo.co.jp
+			 - promo.search.yahoo.co.jp
+			 - webtraining.stepup.yahoo.co.jp
+
+		Incomplete certificate chain error:
+			 - lot.sample.yahoo.co.jp
+
+		Status code mismatch:
+			 - zasshi.news.yahoo.co.jp
+
+		4xx client error:
+			 - rd.ane.yahoo.co.jp
+			 - closeduser.auctions.yahoo.co.jp
+			 - special.auctions.yahoo.co.jp
+			 - listing.yahoo.co.jp
+			 - topics.shopping.yahoo.co.jp
+			 - odhistory.shopping.yahoo.co.jp
+
+		Secure connection redirects to plaintext:
+			 - commerceapp.yahoo.co.jp
 -->
-<ruleset name="Yahoo! Japan (partial)">
-
-	<target host="*.yahoo.co.jp" />
-		<exclusion pattern="^http://custom\.search\.yahoo\.co\.jp/(?!favicon\.ico|images/)" />
-		<exclusion pattern="^http://omiai\.yahoo\.co\.jp/(?!favicon\.ico)" />
-	<target host="www.yahoo-help.jp" />
-	<target host="*.yimg.jp" />
-	<target host="s.yjtag.jp" />
-
-
-	<securecookie host="^\.yahoo\.co\.jp$" name="^B$" />
-	<securecookie host="^\.forms\.business\.yahoo\.co\.jp$" name=".+" />
-	<securecookie host="^www\.yahoo-help\.jp$" name=".+" />
-
-
-	<rule from="^http://(adserver|contact\.advertising|ard|b\d+|(?:forms|ols|yadui)\.business|biz-form\.ec|help|docs\.id|login|ms|form\.ms|omiai|details\.payment|pclick|(?:biz\.)?points|secure\.promotionalads|(?:lot|s)\.sample|custom\.search|odhistory\.shopping|order\.store|yeas)\.yahoo\.co\.jp/"
-		to="https://$1.yahoo.co.jp/" />
-
-	<rule from="^http://(?:secure\.)?stepup\.yahoo\.co\.jp/"
-		to="https://secure.stepup.yahoo.co.jp/" />
-
-	<rule from="^http://www\.yahoo-help\.jp/"
-		to="https://www.yahoo-help.jp/" />
-
-	<rule from="^http://(?:a[hi]?|[ik]|s)\.yimg\.jp/"
-		to="https://s.yimg.jp/" />
-
-	<rule from="^http://([\w-]+)\.c\.yimg\.jp/"
-		to="https://$1.c.yimg.jp/" />
-
-	<rule from="^http://s\.yjtag\.jp/"
-		to="https://s.yjtag.jp/" />
-
+<ruleset name="Yahoo.co.JP (partial)">
+	<target host="yahoo.co.jp" />
+	<target host="www.yahoo.co.jp" />
+
+	<target host="about.yahoo.co.jp" />
+	<target host="advertising.yahoo.co.jp" />
+	<target host="ard.yahoo.co.jp" />
+	<target host="auctions.yahoo.co.jp" />
+
+	<target host="b11.yahoo.co.jp" />
+	<target host="b3.yahoo.co.jp" />
+	<target host="b4.yahoo.co.jp" />
+	<target host="b5.yahoo.co.jp" />
+	<target host="b6.yahoo.co.jp" />
+	<target host="b7.yahoo.co.jp" />
+	<target host="b8.yahoo.co.jp" />
+	<target host="b9.yahoo.co.jp" />
+	<target host="b90.yahoo.co.jp" />
+	<target host="b91.yahoo.co.jp" />
+	<target host="b92.yahoo.co.jp" />
+	<target host="b93.yahoo.co.jp" />
+	<target host="b94.yahoo.co.jp" />
+	<target host="b95.yahoo.co.jp" />
+	<target host="b96.yahoo.co.jp" />
+	<target host="b97.yahoo.co.jp" />
+	<target host="beauty.yahoo.co.jp" />
+	<target host="blogs.yahoo.co.jp" />
+	<target host="bookstore.yahoo.co.jp" />
+	<target host="box.yahoo.co.jp" />
+	<target host="btcs.yahoo.co.jp" />
+		<test url="http://btcs.yahoo.co.jp/b?f=2080327396" />
+	<target host="business.yahoo.co.jp" />
+	<target host="forms.business.yahoo.co.jp" />
+	<target host="ols.business.yahoo.co.jp" />
+	<target host="yadui.business.yahoo.co.jp" />
+
+	<target host="calendar.yahoo.co.jp" />
+	<target host="card.yahoo.co.jp" />
+	<target host="carview.yahoo.co.jp" />
+	<target host="csr.yahoo.co.jp" />
+	<target host="chiebukuro.yahoo.co.jp" />
+	<target host="answer.chiebukuro.yahoo.co.jp" />
+	<target host="detail.chiebukuro.yahoo.co.jp" />
+	<target host="list.chiebukuro.yahoo.co.jp" />
+	<target host="my.chiebukuro.yahoo.co.jp" />
+	<target host="note.chiebukuro.yahoo.co.jp" />
+	<target host="creative-award.yahoo.co.jp" />
+	<target host="crowdsourcing.yahoo.co.jp" />
+
+	<target host="docs.yahoo.co.jp" />
+
+	<target host="biz-form.ec.yahoo.co.jp" />
+	<target host="account.edit.yahoo.co.jp" />
+
+	<target host="finance.yahoo.co.jp" />
+	<target host="fortune.yahoo.co.jp" />
+
+	<target host="games.yahoo.co.jp" />
+	<target host="geocities.yahoo.co.jp" />
+	<target host="gyao.yahoo.co.jp" />
+
+	<target host="headlines.yahoo.co.jp" />
+	<target host="hr.yahoo.co.jp" />
+
+	<target host="id.yahoo.co.jp" />
+	<target host="indival.yahoo.co.jp" />
+	<target host="ir.yahoo.co.jp" />
+
+	<target host="loco.yahoo.co.jp" />
+	<target host="login.yahoo.co.jp" />
+	<target host="lh.login.yahoo.co.jp" />
+	<target host="logql.yahoo.co.jp" />
+		<test url="http://logql.yahoo.co.jp/v1/public/yql" />
+
+	<target host="m.yahoo.co.jp" />
+	<target host="mail.yahoo.co.jp" />
+	<target host="map.yahoo.co.jp" />
+	<target host="movies.yahoo.co.jp" />
+	<target host="form.ms.yahoo.co.jp" />
+	<target host="notice.ms.yahoo.co.jp" />
+
+	<target host="news.yahoo.co.jp" />
+	<target host="bylines.news.yahoo.co.jp" />
+	<target host="promo.news.yahoo.co.jp" />
+
+	<target host="omiai.yahoo.co.jp" />
+	<target host="im.ov.yahoo.co.jp" />
+		<test url="http://im.ov.yahoo.co.jp/js_flat/v2/" />
+
+	<target host="partner.yahoo.co.jp" />
+	<target host="details.payment.yahoo.co.jp" />
+	<target host="pclick.yahoo.co.jp" />
+	<target host="points.yahoo.co.jp" />
+	<target host="biz.points.yahoo.co.jp" />
+	<target host="premium.yahoo.co.jp" />
+	<target host="privacy.yahoo.co.jp" />
+	<target host="promotion.yahoo.co.jp" />
+	<target host="promotionalads.yahoo.co.jp" />
+	<target host="secure.promotionalads.yahoo.co.jp" />
+
+	<target host="rdsig.yahoo.co.jp" />
+	<target host="renai.yahoo.co.jp" />
+	<target host="realestate.yahoo.co.jp" />
+
+	<target host="s.sample.yahoo.co.jp" />
+	<target host="search.yahoo.co.jp" />
+	<target host="custom.search.yahoo.co.jp" />
+	<target host="searchblog.yahoo.co.jp" />
+	<target host="searchranking.yahoo.co.jp" />
+	<target host="security.yahoo.co.jp" />
+	<target host="seiji.yahoo.co.jp" />
+	<target host="senkyo.yahoo.co.jp" />
+	<target host="services.yahoo.co.jp" />
+	<target host="shopping.yahoo.co.jp" />
+	<target host="store.shopping.yahoo.co.jp" />
+	<target host="tpoint.shopping.yahoo.co.jp" />
+	<target host="special.yahoo.co.jp" />
+	<target host="sports.yahoo.co.jp" />
+	<target host="order.store.yahoo.co.jp" />
+
+	<target host="textream.yahoo.co.jp" />
+	<target host="transit.yahoo.co.jp" />
+	<target host="travel.yahoo.co.jp" />
+	<target host="tv.yahoo.co.jp" />
+
+	<target host="weather.yahoo.co.jp" />
+
+	<target host="yads.yahoo.co.jp" />
+	<target host="ybx.yahoo.co.jp" />
+		<test url="http://ybx.yahoo.co.jp/p?s=2078983862" />
+	<target host="yeas.yahoo.co.jp" />
+	<target host="yjtag.yahoo.co.jp" />
+
+	<securecookie host="^yahoo\.co\.jp$" name=".+" />
+	<securecookie host="^www\.yahoo\.co\.jp$" name=".+" />
+	<securecookie host="^login\.yahoo\.co\.jp$" name=".+" />
+	<securecookie host="^m\.yahoo\.co\.jp$" name=".+" />
+	<securecookie host="^mail\.yahoo\.co\.jp$" name=".+" />
+	<securecookie host="^search\.yahoo\.co\.jp$" name=".+" />
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Yakala.co.xml b/src/chrome/content/rules/Yakala.co.xml
index e6954dca825e..66783f6c4e5e 100644
--- a/src/chrome/content/rules/Yakala.co.xml
+++ b/src/chrome/content/rules/Yakala.co.xml
@@ -1,8 +1,50 @@
-<ruleset name="Yakala.co" platform="mixedcontent">
-  <target host="www.yakala.co" />
-  <target host="yakala.co" />
-
-  <securecookie host="^(.*\.)?yakala\.co$" name=".*" />
-
-  <rule from="^http://(www\.)?yakala\.co/" to="https://www.yakala.co/" />
-</ruleset>
\ No newline at end of file
+<!--
+	Nonfunctional hosts in *yakala.co:
+
+		- static *
+
+	* Dropped
+
+
+	^yakala.co: Refused
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.yakala.co
+
+
+	Mixed content:
+
+		- Images from static.yakala.co ¹
+		- favicon from $self ²
+
+	¹ Unsecurable <= dropped
+	² Secured by us
+
+-->
+<ruleset name="Yakala.co (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.yakala.co" />
+
+	<!--	Complications:
+				-->
+	<target host="yakala.co" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.yakala\.co$" name="^(?:LastSelectedCity|Nop\.customer|NSC_[a-z]+-[a-z]+)$" /-->
+
+	<securecookie host=".+" name=".+"/>
+
+
+	<rule from="^http://yakala\.co/"
+		to="https://www.yakala.co/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Yale.edu.xml b/src/chrome/content/rules/Yale.edu.xml
new file mode 100644
index 000000000000..df9ef1c0a4d9
--- /dev/null
+++ b/src/chrome/content/rules/Yale.edu.xml
@@ -0,0 +1,56 @@
+<!--
+	Yale University
+
+
+	Nonfunctional subdomains:
+
+		- (www.)	(data differ)
+		- calendar *
+		- dedis.cs *
+		- giving *
+		- www.law	(shows secure.law; mismatched, CN: SECURE.LAW.YALE.EDU)
+		- world *
+
+	* Refused
+
+
+	Fully covered subdomains:
+
+		- law subdomains:
+
+			- affiliate
+			- fa
+			- inside
+			- seatgen
+			- secure
+			- share
+			- students
+
+		- messages
+
+-->
+<ruleset name="Yale.edu (partial)">
+
+	<target host="e360.yale.edu" />
+
+	<target host="eeb.yale.edu" />
+
+	<target host="affiliate.law.yale.edu" />
+	<target host="fa.law.yale.edu" />
+	<target host="inside.law.yale.edu" />
+	<target host="seatgen.law.yale.edu" />
+	<target host="secure.law.yale.edu" />
+	<target host="share.law.yale.edu" />
+	<target host="students.law.yale.edu" />
+
+	<target host="messages.yale.edu" />
+
+	<target host="prumlab.yale.edu" />
+
+	<securecookie host="^seatgen\.law\.yale\.edu$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Yale_University.xml b/src/chrome/content/rules/Yale_University.xml
deleted file mode 100644
index 79d583b9222b..000000000000
--- a/src/chrome/content/rules/Yale_University.xml
+++ /dev/null
@@ -1,37 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)	(data differ)
-		- calendar *
-		- dedis.cs *
-		- giving *
-		- www.law	(shows secure.law; mismatched, CN: SECURE.LAW.YALE.EDU)
-		- world *
-
-	* Refused
-
-
-	Fully covered subdomains:
-
-		- law subdomains:
-
-			- fa
-			- inside
-			- seatgen
-			- secure
-			- share
-			- students
-
--->
-<ruleset name="Yale University (partial)">
-
-	<target host="*.law.yale.edu" />
-
-
-	<securecookie host="^seatgen\.law\.yale\.edu$" name=".+" />
-
-
-	<rule from="^http://(affiliate|fa|inside|seatgen|secure|share|students)\.law\.yale\.edu/"
-		to="https://$1.law.yale.edu/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Yaler.net.xml b/src/chrome/content/rules/Yaler.net.xml
new file mode 100644
index 000000000000..3b302466f796
--- /dev/null
+++ b/src/chrome/content/rules/Yaler.net.xml
@@ -0,0 +1,20 @@
+<!--
+	Nonfunctional subdomains:
+
+		- blog *
+
+	* Refused
+
+-->
+<ruleset name="Yaler.net (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="yaler.net" />
+	<target host="www.yaler.net" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Yam.xml b/src/chrome/content/rules/Yam.xml
new file mode 100644
index 000000000000..2a5b1d2a5403
--- /dev/null
+++ b/src/chrome/content/rules/Yam.xml
@@ -0,0 +1,62 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://s1-josho.yamedia.tw/ => https://s1-josho.yamedia.tw/: (35, 'Unknown SSL protocol error in connection to s1-josho.yamedia.tw:443 ')
+Fetch error: http://s1-money.yamedia.tw/ => https://s1-money.yamedia.tw/: (35, 'Unknown SSL protocol error in connection to s1-money.yamedia.tw:443 ')
+Fetch error: http://s1-world.yamedia.tw/ => https://s1-world.yamedia.tw/: (35, 'Unknown SSL protocol error in connection to s1-world.yamedia.tw:443 ')
+
+	Invalid certificate:
+		love.yam.com
+		member.yam.com
+
+		p1-josho.yamedia.tw
+		p1-kids.yamedia.tw
+		p1-money.yamedia.tw
+		p1-news.yamedia.tw
+		p1-world.yamedia.tw
+		p1-xtv.yamedia.tw
+		s1-kids.yamedia.tw
+
+	Time out:
+		blog.yam.com
+		fate.yam.com
+		game.yam.com
+		kids.yam.com
+		money.yam.com
+		n.yam.com
+		news.yam.com
+		api.n.yam.com
+		video.n.yam.com
+		pk.yam.com
+		weather.yam.com
+		xtv.yam.com
+
+		mailpics.yamedia.tw
+		p1-www.yamedia.tw
+		pics.yamedia.tw		(http://pics.yamedia.tw/images/blank.gif)
+		profile.yamedia.tw	(http://profile.yamedia.tw/n/i/nigili5/sindex.jpg)
+-->
+
+<ruleset name="Yam (partial)" default_off="failed ruleset test">
+
+	<target host="yam.com" />
+	<target host="admd.yam.com" />
+	<target host="buyhouse.yam.com" />
+	<target host="c.yam.com" />
+	<target host="fpscdn.yam.com" />
+	<target host="help.yam.com" />
+	<target host="josho.yam.com" />
+	<target host="movie.yam.com" />
+	<target host="travel.yam.com" />
+	<target host="world.yam.com" />
+	<target host="www.yam.com" />
+
+	<target host="s1-josho.yamedia.tw" />
+	<target host="s1-news.yamedia.tw" />
+	<target host="s1-money.yamedia.tw" />
+	<target host="s1-world.yamedia.tw" />
+	<target host="s1-www.yamedia.tw" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Yamli.com.xml b/src/chrome/content/rules/Yamli.com.xml
new file mode 100644
index 000000000000..aea3928a691e
--- /dev/null
+++ b/src/chrome/content/rules/Yamli.com.xml
@@ -0,0 +1,20 @@
+<!--
+	Invalid Certificate:
+		yamli.com
+-->
+<ruleset name="Yamli.com">
+	<target host="yamli.com" />
+	<target host="www.yamli.com" />
+	<target host="2.yamli.com" />
+	<target host="api.yamli.com" />
+	<target host="ar.yamli.com" />
+	<target host="mmm.yamli.com" />
+	<target host="w.yamli.com" />
+	<target host="search.yamli.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://yamli\.com/" to="https://www.yamli.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/YamliAPI.xml b/src/chrome/content/rules/YamliAPI.xml
deleted file mode 100644
index f2a82e40baf2..000000000000
--- a/src/chrome/content/rules/YamliAPI.xml
+++ /dev/null
@@ -1,5 +0,0 @@
-<ruleset name="Yamli API">
-  <target host="api.yamli.com" />
-
-  <rule from="^http://api\.yamli\.com/" to="https://api.yamli.com/" />
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Yammer-problematic.xml b/src/chrome/content/rules/Yammer-problematic.xml
index 70a13bcc41ba..b2bd274d0f96 100644
--- a/src/chrome/content/rules/Yammer-problematic.xml
+++ b/src/chrome/content/rules/Yammer-problematic.xml
@@ -2,18 +2,23 @@
 	Yammer.xml
 
 -->
-<ruleset name="Yammer (problematic)" default_off="mismatched">
+<ruleset name="Yammer.com (problematic)" default_off="mismatched">
 
-	<target host="feedback.yammer.com" />
+	<!--	Direct rewrites:
+				-->
 	<target host="research.yammer.com" />
 	<target host="success.yammer.com" />
 	<target host="status.yammer.com" />
 
+	<!--	Complications:
+				-->
+	<target host="feedback.yammer.com" />
+
 
-	<rule from="^https?://(?:feedback|research)\.yammer\.com/"
+	<rule from="^http://feedback\.yammer\.com/"
 		to="https://research.yammer.com/" />
 
-	<rule from="^http://s(tatu|ucces)s\.yammer\.com/"
-		to="https://s$1s.yammer.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Yammer.xml b/src/chrome/content/rules/Yammer.xml
index c3f954c3ecf1..e99976b91a49 100644
--- a/src/chrome/content/rules/Yammer.xml
+++ b/src/chrome/content/rules/Yammer.xml
@@ -1,47 +1,99 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://sites.yammer.com/ => https://sites.yammer.com/: (6, 'Could not resolve host: sites.yammer.com')
+Fetch error: http://design.staging.yammer.com/ => https://design.staging.yammer.com/: (6, 'Could not resolve host: design.staging.yammer.com')
+Fetch error: http://developer.staging.yammer.com/ => https://developer.staging.yammer.com/: (6, 'Could not resolve host: developer.staging.yammer.com')
+Fetch error: http://eng.staging.yammer.com/ => https://eng.staging.yammer.com/: (6, 'Could not resolve host: eng.staging.yammer.com')
+
 	For problematic coverage, see Yammer-problematic.xml.
 
+	For other Microsoft coverage, see Microsoft.xml.
+
+	Other Yammer rulesets:
+
+		- Assets-Yammer.com.xml
+
 
 	yammer.pagely.com
 
 
-	Nonfunctional domains:
+	Nonfunctional hosts in *yammer.com:
+
+		- marketing *
+
+	* Redirects to app-sj04.marketo.com
 
-		- marketing.yammer.com		(redirects to app-sj04.marketo.com)
 
+	Problematic hosts in *yammer.com:
 
-	Problematic domains:
+		- blog ¹
+		- feedback ²
+		- research ²
+		- status ³
+		- success ⁴
 
-		- feedback *
-		- research *
-		- status		(works, mismatched, CN: *.wordpress.com)
-		- success		(works, mismatched, CN: page.ly)
-		- whatsnew.staging	(mismatched, CN: yammer.pagely.com)
+	¹ Dropped
+	² Works, mismatched, CN: sites.yammer.com
+	³ Works, mismatched, CN: *.wordpress.com
+	⁴ Works, mismatched, CN: page.ly
 
 
-	* Works, mismatched, CN: sites.yammer.com
+	Insecure cookies are set for these hosts:
+
+		- about.yammer.com
+		- devices.yammer.com
 
 -->
-<ruleset name="Yammer">
+<ruleset name="Yammer.com" default_off="failed ruleset test">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="yammer.com" />
-	<target host="*.yammer.com" />
-	<target host="c64.assets-yammer.com" />
+	<target host="about.yammer.com" />
+	<target host="design.yammer.com" />
+	<target host="developer.yammer.com" />
+	<target host="devices.yammer.com" />
+	<target host="eng.yammer.com" />
+	<target host="help.yammer.com" />
+	<target host="sites.yammer.com" />
+
+	<target host="design.staging.yammer.com" />
+	<target host="developer.staging.yammer.com" />
+	<target host="eng.staging.yammer.com" />
+
+	<target host="www.yammer.com" />
+
+	<!--	Complications:
+				-->
+	<target host="blog.yammer.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(about|devices)\.yammer\.com$" name="^X-Mapping-[a-z]+$" /-->
 
+	<securecookie host=".+" name=".+" />
 
-	<securecookie host="^.*\.yammer\.com$" name=".*" />
 
+	<!--	Redirect drops args:
+					-->
+	<rule from="^http://blog\.yammer\.com/(?:\?.*)?$"
+		to="https://about.yammer.com/yammer-blog/" />
 
-	<rule from="^http://c64\.assets-yammer\.com/"
-		to="https://c64.assets-yammer.com/" />
+		<test url="http://blog.yammer.com/?f" />
+		<test url="http://blog.yammer.com/?o" />
+		<test url="http://blog.yammer.com/?b" />
 
-	<rule from="^http://((?:(?:design|developer|eng|sites)(?:\.staging)?|help|whatsnew|www)\.)?yammer\.com/"
-		to="https://$1yammer.com/" />
+	<!--	Direct keeps path and args, and
+		prefixes with forward slash:
+						-->
+	<rule from="^http://blog\.yammer\.com/"
+		to="https://about.yammer.com//" />
 
-	<rule from="^http://blog\.yammer\.com/(images|blog/wp-content)/"
-		to="https://secure.bluehost.com/~yammerco/$1/" />
+		<test url="http://blog.yammer.com//" />
 
-	<rule from="^http://whatsnew\.staging\.yammer\.com/"
-		to="https://sites.staging.yammer.com/summer-release-2012/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Yandex.by.xml b/src/chrome/content/rules/Yandex.by.xml
new file mode 100644
index 000000000000..515398b9b163
--- /dev/null
+++ b/src/chrome/content/rules/Yandex.by.xml
@@ -0,0 +1,386 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://auto.yandex.by/ => https://auto.yandex.by/: (6, 'Could not resolve host: auto.yandex.by')
+Fetch error: http://www.cat.yandex.by/ => https://www.cat.yandex.by/: (51, "SSL: no alternative certificate subject name matches target host name 'www.cat.yandex.by'")
+Fetch error: http://www.catalog.yandex.by/ => https://www.catalog.yandex.by/: (51, "SSL: no alternative certificate subject name matches target host name 'www.catalog.yandex.by'")
+Fetch error: http://www.catalogue.yandex.by/ => https://www.catalogue.yandex.by/: (51, "SSL: no alternative certificate subject name matches target host name 'www.catalogue.yandex.by'")
+Fetch error: http://clock.yandex.by/ => https://clock.yandex.by/: (51, "SSL: no alternative certificate subject name matches target host name 'clock.yandex.by'")
+Fetch error: http://www.katalog.yandex.by/ => https://www.katalog.yandex.by/: (51, "SSL: no alternative certificate subject name matches target host name 'www.katalog.yandex.by'")
+Fetch error: http://master.yandex.by/ => https://master.yandex.by/: (51, "SSL: no alternative certificate subject name matches target host name 'master.yandex.by'")
+Fetch error: http://www.master.yandex.by/ => https://www.master.yandex.by/: (51, "SSL: no alternative certificate subject name matches target host name 'www.master.yandex.by'")
+Fetch error: http://passport-ckicheck.yandex.by/ => https://passport-ckicheck.yandex.by/: (51, "SSL: no alternative certificate subject name matches target host name 'passport-ckicheck.yandex.by'")
+Fetch error: http://api.rasp.yandex.by/ => https://api.rasp.yandex.by/: (51, "SSL: no alternative certificate subject name matches target host name 'api.rasp.yandex.by'")
+Fetch error: http://suggests.rasp.yandex.by/ => https://suggests.rasp.yandex.by/: (51, "SSL: no alternative certificate subject name matches target host name 'suggests.rasp.yandex.by'")
+
+	For other Yandex coverage, see Yandex.xml.
+
+
+	Nonfunctional subdomains:
+
+		- an ¹
+		- beta ¹
+		- bs ¹
+		- bs-meta ¹
+		- clck ¹
+		- contact ¹
+		- m.contact ¹
+		- contact2 ¹
+		- informer ¹
+		- interactive-answers ²
+		- m.internet ¹
+		- islands ¹
+		- market ³
+		- mc ¹
+		- news ¹
+		- m.news ¹
+		- pda.news ¹
+		- (www.)?store ¹
+		- www.video ²
+		- interactive-answers.webmaster ³
+
+	¹ Dropped
+	² Differs from http
+	³ Redirects to http
+
+
+	Problematic subdomains:
+
+		- www.browser ¹
+		- m ²
+		- mobile ²
+		- money ³
+		- opera ²
+		- www.rasp ²
+		- (www.)?site ⁴
+		- (www.)?webmaster ⁴
+
+	¹ 404
+	² Redirect differs
+	³ Blocks Tor users
+	⁴ Mismatched
+
+
+	Fully covered subdomains:
+
+		- (www.)?
+		- advertising
+		- advq
+		- afisha
+		- analytics
+		- avia
+		- auto
+		- autoconfig
+		- autodiscover
+		- awaps
+		- b
+		- ba
+
+		- blogs
+		- m.blogs
+		- pda.blogs
+
+		- (www.)?browser	(www → ^)
+		- (www.)?cat
+		- (www.)?catalog
+		- (www.)?catalogue
+		- city
+		- clock
+		- clocks
+		- direct
+		- disk
+		- element
+		- elements
+		- export
+		- feedback
+		- feedback2
+		- (www.)?fotki
+		- m.fotki
+		- fx
+		- gorod
+		- help
+		- images
+		- internet
+		- islands
+		- (www.)?katalog
+		- kiks
+		- legal
+		- m			(→ m.yandex.ru)
+		- mail
+		- (www.)?maps
+		- (www.)?m.maps
+		- (www.)?master
+		- mbrowser
+		- metric
+		- metrica
+		- metrika
+		- (www.)?metro
+		- money
+		- mobile		(→ mobile.yandex.ru)
+		- music
+		- opera			(→ opera.yandex.ru)
+		- partner
+		- partners
+		- pass
+		- passport
+		- passport-ckicheck
+		- pda-passport
+		- people
+		- (www.)?pogoda
+		- m.pogoda
+		- rabota
+		- m.rabota
+
+		- rasp
+		- api.rasp
+		- m.rasp
+		- suggests.rasp
+		- t.rasp
+		- www.rasp		(→ rasp.yandex.ru)
+
+		- realty
+		- (www.)?site		(→ site.yandex.ru)
+		- slovari
+		- m.slovari
+		- sprav
+		- stat
+		- ticket
+		- time
+		- translate
+		- tune
+		- m.tune
+		- (www.)?tv
+		- video
+		- vremya
+		- watch
+		- (www.)?weather
+		- (www.)?webmaster	(→ webmaster.yandex.ru)
+		- widgets
+		- wordstat
+		- xml
+		- xmlsearch
+		- yabs
+		- (www.)?yaca
+
+
+	These altnames don't exist:
+
+		- m.feedback2.yandex.by
+		- support.yandex.by
+
+
+	Insecure cookies are set for these domains:
+
+		- .yandex.by
+		- auto.yandex.by
+		- city.yandex.by
+		- internet.yandex.by
+		- mail.yandex.by
+		- rabota.yandex.by
+		- realty.yandex.by
+		- translate.yandex.by
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- b, export from awaps.yandex.ru ¹
+			- m.blogs from img.yandex.net ¹
+			- m.pogoda from img.yandex.net ¹
+			- www from yastatic.net ¹
+
+		- favicon on legal from yandex.st ¹
+
+		- Bugs, on:
+
+			- advq, ba, blogs, (www.)?cat, (www.)?catalog, (www.)?catalogue, direct, (www.)?katalog, maps, rabota, wordstat, yaca from kiks.yandex.ru ¹
+			- m.blogs from clck.yandex.ru ¹
+			- m.fotki from c.waplog.net ²
+
+	¹ Secured by us
+	² Unsecurable <= dropped
+
+-->
+<ruleset name="Yandex.by (partial)" default_off="failed ruleset test">
+
+	<target host="yandex.by" />
+	<target host="advertising.yandex.by" />
+	<target host="advq.yandex.by" />
+	<target host="afisha.yandex.by" />
+	<target host="analytics.yandex.by" />
+	<target host="avia.yandex.by" />
+	<target host="auto.yandex.by" />
+	<target host="autoconfig.yandex.by" />
+	<target host="autodiscover.yandex.by" />
+	<target host="awaps.yandex.by" />
+	<target host="b.yandex.by" />
+	<target host="ba.yandex.by" />
+	<target host="blogs.yandex.by" />
+	<target host="m.blogs.yandex.by" />
+	<target host="pda.blogs.yandex.by" />
+	<target host="browser.yandex.by" />
+	<target host="cat.yandex.by" />
+	<target host="www.cat.yandex.by" />
+	<target host="catalog.yandex.by" />
+	<target host="www.catalog.yandex.by" />
+	<target host="catalogue.yandex.by" />
+	<target host="www.catalogue.yandex.by" />
+	<target host="city.yandex.by" />
+	<target host="clock.yandex.by" />
+	<target host="clocks.yandex.by" />
+	<target host="direct.yandex.by" />
+	<target host="disk.yandex.by" />
+	<target host="element.yandex.by" />
+	<target host="elements.yandex.by" />
+	<target host="export.yandex.by" />
+	<target host="feedback.yandex.by" />
+	<target host="feedback2.yandex.by" />
+	<target host="fotki.yandex.by" />
+	<target host="m.fotki.yandex.by" />
+	<target host="www.fotki.yandex.by" />
+	<target host="fx.yandex.by" />
+	<target host="gorod.yandex.by" />
+	<target host="help.yandex.by" />
+	<target host="images.yandex.by" />
+	<target host="internet.yandex.by" />
+	<target host="islands.yandex.by" />
+	<target host="katalog.yandex.by" />
+	<target host="www.katalog.yandex.by" />
+	<target host="kiks.yandex.by" />
+	<target host="legal.yandex.by" />
+	<target host="mail.yandex.by" />
+	<target host="maps.yandex.by" />
+	<target host="m.maps.yandex.by" />
+	<target host="www.m.maps.yandex.by" />
+	<target host="www.maps.yandex.by" />
+	<target host="master.yandex.by" />
+	<target host="www.master.yandex.by" />
+	<target host="mbrowser.yandex.by" />
+	<target host="metric.yandex.by" />
+	<target host="metrica.yandex.by" />
+	<target host="metrika.yandex.by" />
+	<target host="metro.yandex.by" />
+	<target host="www.metro.yandex.by" />
+	<target host="money.yandex.by" />
+	<target host="music.yandex.by" />
+	<target host="partner.yandex.by" />
+	<target host="partners.yandex.by" />
+	<target host="pass.yandex.by" />
+	<target host="passport-ckicheck.yandex.by" />
+	<target host="pda-passport.yandex.by" />
+	<target host="people.yandex.by" />
+	<target host="pogoda.yandex.by" />
+	<target host="m.pogoda.yandex.by" />
+	<target host="www.pogoda.yandex.by" />
+	<target host="rabota.yandex.by" />
+	<target host="m.rabota.yandex.by" />
+	<target host="rasp.yandex.by" />
+	<target host="api.rasp.yandex.by" />
+	<target host="m.rasp.yandex.by" />
+	<target host="suggests.rasp.yandex.by" />
+	<target host="t.rasp.yandex.by" />
+	<target host="realty.yandex.by" />
+	<target host="slovari.yandex.by" />
+	<target host="m.slovari.yandex.by" />
+	<target host="sprav.yandex.by" />
+	<target host="stat.yandex.by" />
+	<target host="ticket.yandex.by" />
+	<target host="time.yandex.by" />
+	<target host="translate.yandex.by" />
+	<target host="tune.yandex.by" />
+	<target host="m.tune.yandex.by" />
+	<target host="tv.yandex.by" />
+	<target host="www.tv.yandex.by" />
+	<target host="video.yandex.by" />
+	<target host="vremya.yandex.by" />
+	<target host="watch.yandex.by" />
+	<target host="weather.yandex.by" />
+	<target host="www.weather.yandex.by" />
+	<target host="widgets.yandex.by" />
+	<target host="wordstat.yandex.by" />
+	<target host="www.yandex.by" />
+	<target host="xml.yandex.by" />
+	<target host="xmlsearch.yandex.by" />
+	<target host="yabs.yandex.by" />
+	<target host="yaca.yandex.by" />
+	<target host="www.yaca.yandex.by" />
+
+	<!--	Special cases:
+				-->
+	<target host="www.browser.yandex.by" />
+	<target host="m.yandex.by" />
+	<target host="mobile.yandex.by" />
+	<target host="opera.yandex.by" />
+	<target host="www.rasp.yandex.by" />
+	<target host="site.yandex.by" />
+	<target host="www.site.yandex.by" />
+	<target host="webmaster.yandex.by" />
+	<target host="www.webmaster.yandex.by" />
+
+		<!--
+			Redirects to http:
+						-->
+		<!--exclusion pattern="^http://(family|market)\.yandex\.by/$" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.yandex\.by$" name="^Cookie_check$" /-->
+	<!--securecookie host="^internet\.yandex\.by$" name="^(csrftoken|test)$" /-->
+	<!--securecookie host="^(auto|city|rabota|realty)\.yandex\.by$" name="^uid$" /-->
+	<!--securecookie host="^realty\.yandex\.by$" name="^from$" /-->
+	<!--securecookie host="^translate\.yandex\.by$" name="^(first_visit_src|stoken)$" /-->
+
+	<securecookie host="^(?:auto|city|internet|mail|rabota|realty|translate)\.yandex\.by$" name=".+" />
+
+
+	<!--	Domains for which both !www and www exist,
+		but only !www works without caveat:
+							-->
+	<rule from="^http://www\.browser\.yandex\.by/"
+		to="https://browser.yandex.by/" />
+
+	<!--	Redirect drops path but not args:
+						-->
+	<rule from="^http://m(obile)?\.yandex\.by/[^?]*"
+		to="https://m$1.yandex.ru/" />
+
+		<test url="http://m.yandex.by/?" />
+		<test url="http://m.yandex.by/a" />
+		<test url="http://mobile.yandex.by/?" />
+		<test url="http://mobile.yandex.by/a" />
+
+	<!--	Redirect keeps path and args:
+						-->
+	<rule from="^http://opera\.yandex\.by/+"
+		to="https://opera.yandex.ru/" />
+
+		<test url="http://opera.yandex.by//" />
+
+	<!--	Redirect keeps path and args:
+						-->
+	<rule from="^http://www\.rasp\.yandex\.by/+"
+		to="https://rasp.yandex.ru/" />
+
+		<test url="http://www.rasp.yandex.by//" />
+
+	<!--	Redirect drops path but not args:
+						-->
+	<rule from="^http://(?:www\.)?(site|webmaster)\.yandex\.by/[^?]*"
+		to="https://$1.yandex.ru/" />
+
+		<test url="http://site.yandex.by/?" />
+		<test url="http://site.yandex.by/a" />
+		<test url="http://www.site.yandex.by/?" />
+		<test url="http://www.site.yandex.by/a" />
+		<test url="http://webmaster.yandex.by/?" />
+		<test url="http://webmaster.yandex.by/a" />
+		<test url="http://www.webmaster.yandex.by/?" />
+		<test url="http://www.webmaster.yandex.by/a" />
+
+	<rule from="^http:"
+		to="https:" />
+
+
+</ruleset>
diff --git a/src/chrome/content/rules/Yandex.com.tr.xml b/src/chrome/content/rules/Yandex.com.tr.xml
new file mode 100644
index 000000000000..c3b40b6e7ecd
--- /dev/null
+++ b/src/chrome/content/rules/Yandex.com.tr.xml
@@ -0,0 +1,498 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://expert.yandex.com.tr// => https://uzman.yandex.com.tr/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://feedback.yandex.com.tr// => https://contact.yandex.com.tr/: (51, "SSL: no alternative certificate subject name matches target host name 'contact.yandex.com.tr'")
+Fetch error: http://gazeta.yandex.com.tr// => https://haber.yandex.com.tr/mynews: (6, 'Could not resolve host: haber.yandex.com.tr')
+Fetch error: http://auto.yandex.com.tr/ => https://auto.yandex.com.tr/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://bnbym.yandex.com.tr/ => https://bnbym.yandex.com.tr/: (51, "SSL: no alternative certificate subject name matches target host name 'bnbym.yandex.com.tr'")
+Fetch error: http://contact.yandex.com.tr/ => https://contact.yandex.com.tr/: (51, "SSL: no alternative certificate subject name matches target host name 'contact.yandex.com.tr'")
+Fetch error: http://dev.yandex.com.tr/ => https://dev.yandex.com.tr/: (51, "SSL: no alternative certificate subject name matches target host name 'dev.yandex.com.tr'")
+Fetch error: http://haber.yandex.com.tr/ => https://haber.yandex.com.tr/: (6, 'Could not resolve host: haber.yandex.com.tr')
+Fetch error: http://master.yandex.com.tr/ => https://master.yandex.com.tr/: (51, "SSL: no alternative certificate subject name matches target host name 'master.yandex.com.tr'")
+Fetch error: http://www.master.yandex.com.tr/ => https://www.master.yandex.com.tr/: (51, "SSL: no alternative certificate subject name matches target host name 'www.master.yandex.com.tr'")
+Fetch error: http://news.yandex.com.tr/ => https://news.yandex.com.tr/: (6, 'Could not resolve host: news.yandex.com.tr')
+Fetch error: http://oto.yandex.com.tr/ => https://oto.yandex.com.tr/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://oyun.yandex.com.tr/ => https://oyun.yandex.com.tr/: Too many redirects while fetching 'https://oyun.yandex.com.tr/'
+Fetch error: http://passport-ckicheck.yandex.com.tr/ => https://passport-ckicheck.yandex.com.tr/: (51, "SSL: no alternative certificate subject name matches target host name 'passport-ckicheck.yandex.com.tr'")
+Fetch error: http://qas2.yandex.com.tr/ => https://qas2.yandex.com.tr/: (51, "SSL: no alternative certificate subject name matches target host name 'qas2.yandex.com.tr'")
+Fetch error: http://rasp.yandex.com.tr/ => https://rasp.yandex.com.tr/: (51, "SSL: no alternative certificate subject name matches target host name 'rasp.yandex.com.tr'")
+Fetch error: http://api.rasp.yandex.com.tr/ => https://api.rasp.yandex.com.tr/: (51, "SSL: no alternative certificate subject name matches target host name 'api.rasp.yandex.com.tr'")
+Fetch error: http://m.rasp.yandex.com.tr/ => https://m.rasp.yandex.com.tr/: (51, "SSL: no alternative certificate subject name matches target host name 'm.rasp.yandex.com.tr'")
+Fetch error: http://suggests.rasp.yandex.com.tr/ => https://suggests.rasp.yandex.com.tr/: (51, "SSL: no alternative certificate subject name matches target host name 'suggests.rasp.yandex.com.tr'")
+Fetch error: http://t.rasp.yandex.com.tr/ => https://t.rasp.yandex.com.tr/: (51, "SSL: no alternative certificate subject name matches target host name 't.rasp.yandex.com.tr'")
+Fetch error: http://m.seferler.yandex.com.tr/ => https://m.seferler.yandex.com.tr/: (51, "SSL: no alternative certificate subject name matches target host name 'm.seferler.yandex.com.tr'")
+Fetch error: http://suggests.seferler.yandex.com.tr/ => https://suggests.seferler.yandex.com.tr/: (6, 'Could not resolve host: suggests.seferler.yandex.com.tr')
+Fetch error: http://ticket.seferler.yandex.com.tr/ => https://ticket.seferler.yandex.com.tr/: (51, "SSL: no alternative certificate subject name matches target host name 'ticket.seferler.yandex.com.tr'")
+Fetch error: http://ticket.yandex.com.tr/ => https://ticket.yandex.com.tr/: (51, "SSL: no alternative certificate subject name matches target host name 'ticket.yandex.com.tr'")
+Fetch error: http://tv.yandex.com.tr/ => https://tv.yandex.com.tr/: (51, "SSL: no alternative certificate subject name matches target host name 'tv.yandex.com.tr'")
+Fetch error: http://www.tv.yandex.com.tr/ => https://www.tv.yandex.com.tr/: (51, "SSL: no alternative certificate subject name matches target host name 'www.tv.yandex.com.tr'")
+Fetch error: http://uzman.yandex.com.tr/ => https://uzman.yandex.com.tr/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://expert.yandex.com.tr/ => https://uzman.yandex.com.tr/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://feedback.yandex.com.tr/ => https://contact.yandex.com.tr/: (51, "SSL: no alternative certificate subject name matches target host name 'contact.yandex.com.tr'")
+Fetch error: http://gazeta.yandex.com.tr/ => https://haber.yandex.com.tr/mynews: (6, 'Could not resolve host: haber.yandex.com.tr')
+
+	For other Yandex coverage, see Yandex.xml.
+
+
+	Nonfunctional subdomains:
+
+		- aile ¹
+		- an ²
+		- bar ²
+		- bm ²
+		- bs ²
+		- bs-beta ²
+		- family ³
+		- informer ²
+		- interactive-answers ²
+		- m.internet ²
+		- islands ²
+		- (www.)?league ²
+		- (www.)?lig ²
+		- (www.)?liga ²
+		- mc ²
+		- (www.)?pogoda ²
+		- qas ²
+		- api.seferler ⁵
+		- t.seferler ⁵
+		- soft ²
+		- interactive-answers.webmaster ⁴
+		- wdgt ⁶
+		- xmlsearch ⁵
+
+	¹ Shows another domain
+	² Dropped
+	³ Redirect loop
+	⁴ Redirects to http
+	⁵ Differs from http
+	⁶ 403
+
+
+	Problematic subdomains:
+
+		- www.browser ²
+		- m.ceviri ¹
+		- expert ²
+		- feedback ¹
+		- gazeta ³
+		- m.haber *
+		- pda.haber *
+		- help ¹
+		- www.mobil ²
+		- (www.)?mobile ⁵
+
+	¹ Mismatched
+	² 404
+	³ Dropped
+	* Mixed css
+	⁵ Redirect differs
+
+
+	Fully covered subdomains:
+
+		- (www.)?
+		- advertising
+		- advq
+		- api
+		- auto
+		- autoconfig
+		- autodiscover
+		- awaps
+		- b
+		- ba
+		- bnbym
+		- (www.)?browser	(www → ^)
+		- ceviri
+		- city
+		- clck
+		- company
+		- contact
+		- m.contact
+		- contact2
+		- m.contact2
+		- dev
+		- direct
+		- disc
+
+		- disk
+		- beta.disk
+		- downloader.disk
+
+		- display
+		- element
+		- elements
+		- expert	(→ uzman)
+		- export
+		- family
+		- feedback	(→ contact)
+		- m.feedback
+		- feedback2
+		- files
+		- firefox
+		- fx
+		- game
+		- games
+		- gazeta	(→ haber)
+		- gorod
+		- gorsel
+		- haber
+		- (www.)?harita
+		- eski.harita
+		- old.harita
+		- (www.)?haritalar
+		- (www.)?hava
+		- m.hava
+		- help		(→ yardim)
+		- ie
+		- images
+		- internet
+		- kiks
+		- legal
+		- m.legal
+		- m
+		- mail
+		- maps
+		- (www.)?constructor.maps
+		- market
+		- (www.)?master
+		- mbrowser
+		- metrica
+		- metrika
+		- (www.)?mobil	(www → ^)
+		- (www.)?mobile	(→ mobil)
+		- myfiles
+		- news
+		- opera
+		- oto
+		- oyun
+		- ozel
+		- pass
+		- passport
+		- passport-ckicheck
+		- pda-passport
+		- play
+		- posta
+		- prefetch-maps
+		- qas2
+
+		- rasp
+		- api.rasp
+		- m.rasp
+		- suggests.rasp
+		- t.rasp
+
+		- rehber
+		- saat
+
+		- seferler
+		- m.seferler
+		- suggests.seferler
+		- ticket.seferler
+
+		- serpdisplay
+		- sirket
+		- (www.)?site
+		- m.soft
+		- sprav
+		- ticket
+		- time
+		- tops
+		- trafik
+		- trafikozeti
+		- translate
+		- tune
+		- m.tune
+		- (www.)?tv
+		- uni
+		- uzman
+		- validator
+		- video
+		- (www.)?weather
+		- (www.)?webmaster
+		- widgets
+		- wordstat
+		- xml
+		- yabs
+		- yardim
+
+
+	These altnames don't exist:
+
+		- m.feedback2.yandex.com.tr
+		- www.ozel.yandex.com.tr
+		- support.yandex.com.tr
+
+
+	Insecure cookies are set for these domains:
+
+		- .yandex.com.tr
+		- ceviri.yandex.com.tr
+		- city.yandex.com.tr
+		- contact2.yandex.com.tr
+		- gorod.yandex.com.tr
+		- haber.yandex.ru
+		- .haber.yandex.ru
+		- pda.haber.yandex.ru
+		- .pda.haber.yandex.ru
+		- .hava.yandex.com.tr
+		- internet.yandex.com.tr
+		- m.yandex.com.tr
+		- .m.yandex.com.tr
+		- mail.yandex.com.tr
+		- market.yandex.com.tr
+		- (www.)?master.yandex.com.tr
+		- mobil.yandex.com.tr
+		- mobile.yandex.com.tr
+		- oto.yandex.com.tr
+		- www.yandex.com.tr
+		- .www.yandex.com.tr
+
+
+	Mixed content:
+
+		- iframe on sirket from www.youtube.com *
+
+		- css on m.haber, pda.haber from yandex.st *
+
+		- Images, on:
+
+			- advertising, haber, m.haber from avatars.yandex.net *
+			- b, export, pda.haber, m.hava, m.legal from img.yandex.net *
+			- b, export, m.legal from awaps.yandex.ru *
+			- m.contact, www from yastatic.net *
+			- uzman from yandex.st *
+			- yardom from favicon.yandex.ru
+
+		- favicon on contact2, legal from yandex.st *
+
+		- Ads/bugs, on:
+
+			- (www.)?, advq, direct, eski.harita, old.harita, serpdisplay, wordstat from kiks.yandex.ru *
+			- downloader.disk from clck.yandex.ru *
+			- pda.haber from www.tns-counter.ru *
+
+	* Secured by us
+
+-->
+<ruleset name="Yandex.com.tr (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="yandex.com.tr" />
+	<target host="advertising.yandex.com.tr" />
+	<target host="advq.yandex.com.tr" />
+	<target host="api.yandex.com.tr" />
+	<target host="auto.yandex.com.tr" />
+	<target host="autoconfig.yandex.com.tr" />
+	<target host="autodiscover.yandex.com.tr" />
+	<target host="awaps.yandex.com.tr" />
+	<target host="b.yandex.com.tr" />
+	<target host="ba.yandex.com.tr" />
+	<target host="bnbym.yandex.com.tr" />
+	<target host="browser.yandex.com.tr" />
+	<target host="ceviri.yandex.com.tr" />
+	<target host="city.yandex.com.tr" />
+	<target host="clck.yandex.com.tr" />
+	<target host="company.yandex.com.tr" />
+	<target host="contact.yandex.com.tr" />
+	<target host="m.contact.yandex.com.tr" />
+	<target host="contact2.yandex.com.tr" />
+	<target host="m.contact2.yandex.com.tr" />
+	<target host="dev.yandex.com.tr" />
+	<target host="direct.yandex.com.tr" />
+	<target host="disc.yandex.com.tr" />
+	<target host="disk.yandex.com.tr" />
+	<target host="beta.disk.yandex.com.tr" />
+	<target host="downloader.disk.yandex.com.tr" />
+	<target host="display.yandex.com.tr" />
+	<target host="element.yandex.com.tr" />
+	<target host="elements.yandex.com.tr" />
+	<target host="export.yandex.com.tr" />
+	<target host="family.yandex.com.tr" />
+	<target host="m.feedback.yandex.com.tr" />
+	<target host="feedback2.yandex.com.tr" />
+	<target host="files.yandex.com.tr" />
+	<target host="firefox.yandex.com.tr" />
+	<target host="fx.yandex.com.tr" />
+	<target host="game.yandex.com.tr" />
+	<target host="games.yandex.com.tr" />
+	<target host="gorod.yandex.com.tr" />
+	<target host="gorsel.yandex.com.tr" />
+	<target host="haber.yandex.com.tr" />
+	<target host="harita.yandex.com.tr" />
+	<target host="eski.harita.yandex.com.tr" />
+	<target host="old.harita.yandex.com.tr" />
+	<target host="www.harita.yandex.com.tr" />
+	<target host="haritalar.yandex.com.tr" />
+	<target host="www.haritalar.yandex.com.tr" />
+	<target host="hava.yandex.com.tr" />
+	<target host="m.hava.yandex.com.tr" />
+	<target host="www.hava.yandex.com.tr" />
+	<target host="ie.yandex.com.tr" />
+	<target host="images.yandex.com.tr" />
+	<target host="internet.yandex.com.tr" />
+	<target host="kiks.yandex.com.tr" />
+	<target host="legal.yandex.com.tr" />
+	<target host="m.legal.yandex.com.tr" />
+	<target host="m.yandex.com.tr" />
+	<target host="mail.yandex.com.tr" />
+	<target host="maps.yandex.com.tr" />
+	<target host="constructor.maps.yandex.com.tr" />
+	<target host="www.constructor.maps.yandex.com.tr" />
+	<target host="market.yandex.com.tr" />
+	<target host="master.yandex.com.tr" />
+	<target host="www.master.yandex.com.tr" />
+	<target host="metrica.yandex.com.tr" />
+	<target host="metrika.yandex.com.tr" />
+	<target host="mobil.yandex.com.tr" />
+	<target host="myfiles.yandex.com.tr" />
+	<target host="news.yandex.com.tr" />
+	<target host="opera.yandex.com.tr" />
+	<target host="oto.yandex.com.tr" />
+	<target host="oyun.yandex.com.tr" />
+	<target host="ozel.yandex.com.tr" />
+	<target host="pass.yandex.com.tr" />
+	<target host="passport-ckicheck.yandex.com.tr" />
+	<target host="pda-passport.yandex.com.tr" />
+	<target host="play.yandex.com.tr" />
+	<target host="posta.yandex.com.tr" />
+	<target host="prefetch-maps.yandex.com.tr" />
+	<target host="qas2.yandex.com.tr" />
+	<target host="rasp.yandex.com.tr" />
+	<target host="api.rasp.yandex.com.tr" />
+	<target host="m.rasp.yandex.com.tr" />
+	<target host="suggests.rasp.yandex.com.tr" />
+	<target host="t.rasp.yandex.com.tr" />
+	<target host="rehber.yandex.com.tr" />
+	<target host="saat.yandex.com.tr" />
+	<target host="seferler.yandex.com.tr" />
+	<target host="m.seferler.yandex.com.tr" />
+	<target host="site.yandex.com.tr" />
+	<target host="www.site.yandex.com.tr" />
+	<target host="suggests.seferler.yandex.com.tr" />
+	<target host="ticket.seferler.yandex.com.tr" />
+	<target host="serpdisplay.yandex.com.tr" />
+	<target host="sirket.yandex.com.tr" />
+	<target host="m.soft.yandex.com.tr" />
+	<target host="sprav.yandex.com.tr" />
+	<target host="ticket.yandex.com.tr" />
+	<target host="time.yandex.com.tr" />
+	<target host="tops.yandex.com.tr" />
+	<target host="trafik.yandex.com.tr" />
+	<target host="trafikozeti.yandex.com.tr" />
+	<target host="translate.yandex.com.tr" />
+	<target host="tune.yandex.com.tr" />
+	<target host="m.tune.yandex.com.tr" />
+	<target host="tv.yandex.com.tr" />
+	<target host="www.tv.yandex.com.tr" />
+	<target host="uni.yandex.com.tr" />
+	<target host="uzman.yandex.com.tr" />
+	<target host="validator.yandex.com.tr" />
+	<target host="video.yandex.com.tr" />
+	<target host="weather.yandex.com.tr" />
+	<target host="www.weather.yandex.com.tr" />
+	<target host="webmaster.yandex.com.tr" />
+	<target host="www.webmaster.yandex.com.tr" />
+	<target host="wordstat.yandex.com.tr" />
+	<target host="www.yandex.com.tr" />
+	<target host="xml.yandex.com.tr" />
+	<target host="yabs.yandex.com.tr" />
+	<target host="yardim.yandex.com.tr" />
+
+	<!--	Complications:
+				-->
+	<target host="www.browser.yandex.com.tr" />
+	<target host="m.ceviri.yandex.com.tr" />
+	<target host="expert.yandex.com.tr" />
+	<target host="feedback.yandex.com.tr" />
+	<target host="gazeta.yandex.com.tr" />
+	<target host="help.yandex.com.tr" />
+	<target host="www.mobil.yandex.com.tr" />
+	<target host="mobile.yandex.com.tr" />
+	<target host="www.mobile.yandex.com.tr" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.yandex\.com\.tr$" name="^(my|yandexuid|ys)$" /-->
+	<!--securecookie host="^(\?.m\.|\.?www)?\.yandex\.com\.tr$" name="^yp$" /-->
+	<!--securecookie host="^ceviri\.yandex\.com\.tr$" name="^(first_visit_src|stoken)$" /-->
+	<!--securecookie host="^contact2\.yandex\.com\.tr$" name="^feedback2-sid$" /-->
+	<!--securecookie host="^(pda\.)?haber\.yandex\.ru$" name="^news_lang$" /-->
+	<!--securecookie host="^\.(pda\.)?haber\.yandex\.ru$" name="^mynews$" /-->
+	<!--securecookie host="^\.hava\.yandex\.com\.tr$" name="^yw_lc$" /-->
+	<!--securecookie host="^internet\.yandex\.com\.tr$" name="^(csrftoken|test)$" /-->
+	<!--securecookie host="^mail\.yandex\.com\.tr$" name="^ni$" /-->
+	<!--securecookie host="^(city|gorod|market|master|www\.master)\.yandex\.com\.tr$" name="^uid$" /-->
+	<!--securecookie host="^mobile?\.yandex\.com\.tr$" name="^family$" /-->
+	<!--securecookie host="^oto\.yandex\.com\.tr$" name="^(from|from_lifetime)$" /-->
+
+	<securecookie host="^(?:ceviri|city|contact2|gorod|haber|internet|m|mail|market|(?:www\.)?master|mobile?|oto|\.?www)\.yandex\.com\.tr$" name=".+" />
+
+
+	<!--	Redirect keeps path and args,
+		but not forward slash:
+					-->
+	<rule from="^http://www\.browser\.yandex\.com\.tr/+"
+		to="https://browser.yandex.com.tr/" />
+
+		<test url="http://www.browser.yandex.com.tr//" />
+
+	<!--	Redirect keeps path, args, and forward slash:
+								-->
+	<rule from="^http://m\.ceviri\.yandex\.com\.tr/"
+		to="https://ceviri.yandex.com.tr/" />
+
+		<test url="http://m.ceviri.yandex.com.tr/?" />
+		<test url="http://m.ceviri.yandex.com.tr//" />
+		<test url="http://m.ceviri.yandex.com.tr//?" />
+		<test url="http://m.ceviri.yandex.com.tr//?foo" />
+
+	<!--	Redirect keeps path and args:
+						-->
+	<rule from="^http://expert\.yandex\.com\.tr/+"
+		to="https://uzman.yandex.com.tr/" />
+
+		<test url="http://expert.yandex.com.tr//" />
+
+	<!--	Redirect keeps path and args:
+						-->
+	<rule from="^http://feedback\.yandex\.com\.tr/+"
+		to="https://contact.yandex.com.tr/" />
+
+		<test url="http://feedback.yandex.com.tr//" />
+
+	<!--	Redirect drops path and args:
+						-->
+	<rule from="^http://gazeta\.yandex\.com\.tr/.*"
+		to="https://haber.yandex.com.tr/mynews" />
+
+		<test url="http://gazeta.yandex.com.tr//" />
+
+	<!--	Redirect keeps path and args:
+						-->
+	<rule from="^http://help\.yandex\.com\.tr/+"
+		to="https://yardim.yandex.com.tr/" />
+
+		<test url="http://help.yandex.com.tr//" />
+
+	<!--	Redirect keeps path and args,
+		but not forward slash:
+					-->
+	<rule from="^http://www\.mobil\.yandex\.com\.tr/+"
+		to="https://mobil.yandex.com.tr/" />
+
+		<test url="http://www.mobil.yandex.com.tr//" />
+
+	<!--	Redirect keeps path and args:
+						-->
+	<rule from="^http://(?:www\.)?mobile\.yandex\.com\.tr/+"
+		to="https://mobil.yandex.com.tr/" />
+
+		<test url="http://www.mobile.yandex.com.tr//" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Yandex.com.ua.xml b/src/chrome/content/rules/Yandex.com.ua.xml
new file mode 100644
index 000000000000..019784508277
--- /dev/null
+++ b/src/chrome/content/rules/Yandex.com.ua.xml
@@ -0,0 +1,110 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://clock.yandex.com.ua/ => https://clock.yandex.com.ua/: (51, "SSL: no alternative certificate subject name matches target host name 'clock.yandex.com.ua'")
+Fetch error: http://clocks.yandex.com.ua/ => https://clocks.yandex.com.ua/: (51, "SSL: no alternative certificate subject name matches target host name 'yandex.com.ua'")
+Fetch error: http://taras.yandex.com.ua/ => https://taras.yandex.com.ua/: (51, "SSL: no alternative certificate subject name matches target host name 'taras.yandex.com.ua'")
+Fetch error: http://time.yandex.com.ua/ => https://time.yandex.com.ua/: (51, "SSL: no alternative certificate subject name matches target host name 'yandex.com.ua'")
+Fetch error: http://www.tv.yandex.com.ua/ => https://www.tv.yandex.com.ua/: (51, "SSL: no alternative certificate subject name matches target host name 'www.tv.yandex.com.ua'")
+Fetch error: http://vremya.yandex.com.ua/ => https://vremya.yandex.com.ua/: (51, "SSL: no alternative certificate subject name matches target host name 'yandex.com.ua'")
+Fetch error: http://watch.yandex.com.ua/ => https://watch.yandex.com.ua/: (51, "SSL: no alternative certificate subject name matches target host name 'yandex.com.ua'")
+Fetch error: http://www.taras.yandex.com.ua/ => https://taras.yandex.com.ua/: (51, "SSL: no alternative certificate subject name matches target host name 'taras.yandex.com.ua'")
+
+	For other Yandex coverage, see Yandex.xml.
+
+
+	Nonfunctional subdomains:
+
+		- (www.)?store *
+		- (www.)?weather *
+
+	* Dropped
+
+
+	Problematic subdomains:
+
+		- (www.)?browser *
+		- (www.)?mobile *
+		- www.taras *
+
+	* 404
+
+
+	Fully covered subdomains:
+
+		- advq
+		- awaps
+		- (www.)?browser	(www → ^)
+		- clock
+		- clocks
+		- direct
+		- element
+		- elements
+		- mail
+		- (www.)?mobile		(→ mobile.yandex.ua)
+		- (www.)?pogoda
+		- (www.)?taras		(www → ^)
+		- time
+		- (www.)?tv
+		- vremya
+		- watch
+		- wordstat
+
+
+	These altnames don't exist:
+
+		- disk.yandex.com.ua
+		- mail.yandex.com.ua
+
+-->
+<ruleset name="Yandex.com.ua (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="advq.yandex.com.ua" />
+	<target host="awaps.yandex.com.ua" />
+	<target host="clock.yandex.com.ua" />
+	<target host="clocks.yandex.com.ua" />
+	<target host="direct.yandex.com.ua" />
+	<target host="element.yandex.com.ua" />
+	<target host="elements.yandex.com.ua" />
+	<target host="pogoda.yandex.com.ua" />
+	<target host="www.pogoda.yandex.com.ua" />
+	<target host="taras.yandex.com.ua" />
+	<target host="time.yandex.com.ua" />
+	<target host="tv.yandex.com.ua" />
+	<target host="www.tv.yandex.com.ua" />
+	<target host="vremya.yandex.com.ua" />
+	<target host="watch.yandex.com.ua" />
+	<target host="wordstat.yandex.com.ua" />
+
+	<!--	Special cases:
+				-->
+	<target host="browser.yandex.com.ua" />
+	<target host="www.browser.yandex.com.ua" />
+	<target host="mobile.yandex.com.ua" />
+	<target host="www.mobile.yandex.com.ua" />
+	<target host="www.taras.yandex.com.ua" />
+
+
+	<!--	Redirect keeps, path and args, but
+		but not forward slash:
+					-->
+	<rule from="^http://(?:www\.)?browser\.yandex\.com\.ua/+"
+		to="https://browser.yandex.ua/" />
+
+		<test url="http://browser.yandex.com.ua//" />
+
+	<rule from="^http://(?:www\.)?mobile\.yandex\.com\.ua/"
+		to="https://mobile.yandex.ua/" />
+
+	<!--	Domains for which both !www and www exist,
+		but only !www works without caveat:
+							-->
+	<rule from="^http://www\.taras\.yandex\.com\.ua/"
+		to="https://taras.yandex.com.ua/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Yandex.com.xml b/src/chrome/content/rules/Yandex.com.xml
new file mode 100644
index 000000000000..80235272e593
--- /dev/null
+++ b/src/chrome/content/rules/Yandex.com.xml
@@ -0,0 +1,130 @@
+<!--
+	For other Yandex coverage, see Yandex.xml.
+
+	Yandex.com has a wildcard DNS record, so any subdomain resolves, but doesn't neccessarily work.
+
+	Nonfunctional subdomains:
+		- an ¹
+		- bs ¹
+		- bs-meta ¹
+		- contact ¹
+		- contact2 ¹
+		- gazeta ¹
+		- informer ¹
+		- interactive-answers ²
+		- m.internet ¹
+		- islands ³
+		- ir ¹
+		- mc ¹
+		- news ¹
+		- m.news ¹
+		- pda.news ¹
+		- shad ³
+		- store ¹
+		- www.store ¹
+		- wdgt ⁴
+		- xmlsearch ³
+		- yabs ¹
+
+	¹ Dropped
+	² 404
+	³ Redirects to http
+	⁴ 403
+
+	Problematic subdomains:
+		- www.browser ¹
+		- downloader.disk ²
+		- www.constructor.maps ³
+		- api.rasp ³
+		- site ³
+		- www.video ³
+
+	¹ 404
+	² Mixed css
+	³ Mismatched
+-->
+
+<ruleset name="Yandex.com (partial)">
+	<target host="yandex.com" />
+	<target host="www.yandex.com" />
+	<target host="advertising.yandex.com" />
+	<target host="advq.yandex.com" />
+	<target host="analytics.yandex.com" />
+	<target host="api.yandex.com" />
+	<target host="autoconfig.yandex.com" />
+	<target host="autodiscover.yandex.com" />
+	<target host="b.yandex.com" />
+	<target host="ba.yandex.com" />
+	<target host="browser.yandex.com" />
+	<target host="city.yandex.com" />
+	<target host="clck.yandex.com" />
+	<target host="clocks.yandex.com" />
+	<target host="company.yandex.com" />
+	<target host="contest.yandex.com" />
+	<target host="algorithm.contest.yandex.com" />
+	<target host="intern.contest.yandex.com" />
+	<target host="official.contest.yandex.com" />
+	<target host="shad.contest.yandex.com" />
+	<target host="direct.yandex.com" />
+	<target host="disc.yandex.com" />
+	<target host="disk.yandex.com" />
+	<target host="beta.disk.yandex.com" />
+	<target host="1.downloader.disk.yandex.com" />
+	<target host="element.yandex.com" />
+	<target host="elements.yandex.com" />
+	<target host="expert.yandex.com" />
+	<target host="export.yandex.com" />
+	<target host="feedback.yandex.com" />
+	<target host="m.feedback.yandex.com" />
+	<target host="feedback2.yandex.com" />
+	<target host="files.yandex.com" />
+	<target host="gorod.yandex.com" />
+	<target host="help.yandex.com" />
+	<target host="images.yandex.com" />
+	<target host="internet.yandex.com" />
+	<target host="kiks.yandex.com" />
+	<target host="legal.yandex.com" />
+	<target host="m.legal.yandex.com" />
+	<target host="mail.yandex.com" />
+	<target host="maps.yandex.com" />
+	<target host="www.maps.yandex.com" />
+	<target host="constructor.maps.yandex.com" />
+	<target host="router-quality.maps.yandex.com" />
+	<target host="partner.market.yandex.com" />
+	<target host="metric.yandex.com" />
+	<target host="metrica.yandex.com" />
+	<target host="metrika.yandex.com" />
+	<target host="myfiles.yandex.com" />
+	<target host="partner.yandex.com" />
+	<target host="partners.yandex.com" />
+	<target host="pass.yandex.com" />
+	<target host="pda-passport.yandex.com" />
+	<target host="prefetch-maps.yandex.com" />
+	<target host="m.rasp.yandex.com" />
+	<target host="t.rasp.yandex.com" />
+	<target host="site.yandex.com" />
+	<target host="www.site.yandex.com" />
+	<target host="subs.yandex.com" />
+	<target host="support.yandex.com" />
+	<target host="taxi.yandex.com" />
+	<target host="m.taxi.yandex.com" />
+	<target host="tech.yandex.com" />
+	<target host="api.tech.yandex.com" />
+	<target host="ticket.yandex.com" />
+	<target host="time.yandex.com" />
+	<target host="translate.yandex.com" />
+	<target host="tune.yandex.com" />
+	<target host="m.tune.yandex.com" />
+	<target host="video.yandex.com" />
+	<target host="vremya.yandex.com" />
+	<target host="watch.yandex.com" />
+	<target host="webmaster.yandex.com" />
+	<target host="www.webmaster.yandex.com" />
+	<target host="widgets.yandex.com" />
+	<target host="wordstat.yandex.com" />
+	<target host="xml.yandex.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Yandex.kz.xml b/src/chrome/content/rules/Yandex.kz.xml
new file mode 100644
index 000000000000..5a2433a44e1a
--- /dev/null
+++ b/src/chrome/content/rules/Yandex.kz.xml
@@ -0,0 +1,361 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://auto.yandex.kz/ => https://auto.yandex.kz/: (6, 'Could not resolve host: auto.yandex.kz')
+Fetch error: http://clock.yandex.kz/ => https://clock.yandex.kz/: (51, "SSL: no alternative certificate subject name matches target host name 'clock.yandex.kz'")
+Fetch error: http://master.yandex.kz/ => https://master.yandex.kz/: (51, "SSL: no alternative certificate subject name matches target host name 'master.yandex.kz'")
+Fetch error: http://www.master.yandex.kz/ => https://www.master.yandex.kz/: (51, "SSL: no alternative certificate subject name matches target host name 'www.master.yandex.kz'")
+Fetch error: http://passport-ckicheck.yandex.kz/ => https://passport-ckicheck.yandex.kz/: (51, "SSL: no alternative certificate subject name matches target host name 'passport-ckicheck.yandex.kz'")
+Fetch error: http://api.rasp.yandex.kz/ => https://api.rasp.yandex.kz/: (51, "SSL: no alternative certificate subject name matches target host name 'api.rasp.yandex.kz'")
+Fetch error: http://suggests.rasp.yandex.kz/ => https://suggests.rasp.yandex.kz/: (51, "SSL: no alternative certificate subject name matches target host name 'suggests.rasp.yandex.kz'")
+
+	For other Yandex coverage, see Yandex.xml.
+
+
+	Nonfunctional subdomains:
+
+		- an ¹
+		- beta ¹
+		- bs ¹
+		- bs-meta ¹
+		- clck ¹
+		- contact ¹
+		- contact2 ¹
+		- family ²
+		- informer ¹
+		- m.internet ¹
+		- islands ¹
+		- market ²
+		- mc ¹
+		- news ¹
+		- m.news ¹
+		- pda.news ¹
+		- soft ¹
+		- (www.)?store ¹
+		- wdgt ³
+		- interactive-answers.webmaster ²
+
+	¹ Dropped
+	² Redirects to http
+	³ 403
+
+
+	Problematic subdomains:
+
+		- www.browser ¹
+		- interactive-answers ²
+		- m ³
+		- mobile ³
+		- money ⁴
+		- opera ¹
+		- (www.)?site ¹
+		- (www.)?webmaster ¹
+		- (www.)?yaca ¹
+
+	¹ 404
+	² Mismatched
+	* Mismatched cert at redirect destination
+	³ Differs from http
+	⁴ Blocks Tor users
+
+
+	Fully covered subdomains:
+
+		- (www.)?
+		- advertising
+		- advq
+		- auto
+		- autoconfig
+		- autodiscover
+		- avia
+		- awaps
+		- b
+		- ba
+
+		- blogs
+		- m.blogs
+		- pda.blogs
+
+		- (www.)?browser	(www → ^)
+		- city
+		- clock
+		- clocks
+		- direct
+		- disk
+		- element
+		- elements
+		- feedback
+		- m.feedback
+		- feedback2
+		- (www.)?fotki
+		- m.fotki
+		- fx
+		- gorod
+		- help
+		- images
+		- internet
+		- kiks
+		- legal
+		- m			(→ m.yandex.ru)
+		- mail
+		- (www.)?maps
+		- (www.)?m.maps
+		- (www.)?master
+		- mbrowser
+		- metric
+		- metrica
+		- metrika
+		- (www.)?metro
+		- money
+		- music
+		- opera			(→ opera.yandex.ru)
+		- partner
+		- partners
+		- pass
+		- passport
+		- passport-ckicheck
+		- pda-passport
+		- people
+		- (www.)?pogoda
+		- m.pogoda
+		- rabota
+		- m.rabota
+
+		- rasp
+		- api.rasp
+		- m.rasp
+		- suggests.rasp
+		- t.rasp
+
+		- realty
+		- (www.)?site		(→ site.yandex.ru)
+		- slovari
+		- m.slovari
+		- sprav
+		- ticket
+		- time
+		- translate
+		- tune
+		- m.tune
+		- (www.)?tv
+		- (www.)?video
+		- vremya
+		- watch
+		- (www.)?weather
+		- (www.)?webmaster	(→ webmaster.yandex.ru)
+		- widgets
+		- wordstat
+		- xml
+		- xmlsearch
+		- yabs
+		- (www.)?yaca		(→ yaca.yandex.ru)
+
+
+	These altnames don't exist:
+
+		- beta.disk.yandex.kz
+		- m.feedback2.yandex.kz
+		- support.yandex.kz
+
+
+	Insecure cookies are set for these domains:
+
+		- .yandex.kz
+		- auto.yandex.kz
+		- city.yandex.kz
+		- feedback2.yandex.kz
+		- gorod.yandex.kz
+		- internet.yandex.kz
+		- islands.yandex.kz
+		- mail.yandex.kz
+		- www.master.yandex.kz
+		- pogoda.yandex.kz
+		- rabota.yandex.kz
+		- m.rabota.yandex.kz
+		- realty.yandex.kz
+		- slovari.yandex.kz
+		- m.slovari.yandex.kz
+		- translate.yandex.kz
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- b, m.blogs, export, m.pogoda from img.yandex.net ¹
+			- b, export from awaps.yandex.ru ¹
+			- m.feedback from yandex.st ¹
+
+		- favicon on legal from yandex.st ¹
+
+		- Bugs, on:
+
+			- advq, ba, blogs, direct, rabota, wordstat, from kiks.yandex.ru ¹
+			- m.blogs from clck.yandex.ru ¹
+			- m.fotki from c.waplog.net ²
+
+	¹ Secured by us
+	² Unsecurable <= dropped
+
+-->
+<ruleset name="Yandex.kz (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="yandex.kz" />
+	<target host="advertising.yandex.kz" />
+	<target host="advq.yandex.kz" />
+	<target host="auto.yandex.kz" />
+	<target host="autoconfig.yandex.kz" />
+	<target host="autodiscover.yandex.kz" />
+	<target host="avia.yandex.kz" />
+	<target host="awaps.yandex.kz" />
+	<target host="b.yandex.kz" />
+	<target host="ba.yandex.kz" />
+	<target host="blogs.yandex.kz" />
+	<target host="m.blogs.yandex.kz" />
+	<target host="pda.blogs.yandex.kz" />
+	<target host="browser.yandex.kz" />
+	<target host="city.yandex.kz" />
+	<target host="clock.yandex.kz" />
+	<target host="clocks.yandex.kz" />
+	<target host="direct.yandex.kz" />
+	<target host="disk.yandex.kz" />
+	<target host="element.yandex.kz" />
+	<target host="elements.yandex.kz" />
+	<target host="export.yandex.kz" />
+	<target host="feedback.yandex.kz" />
+	<target host="m.feedback.yandex.kz" />
+	<target host="feedback2.yandex.kz" />
+	<target host="fotki.yandex.kz" />
+	<target host="m.fotki.yandex.kz" />
+	<target host="www.fotki.yandex.kz" />
+	<target host="fx.yandex.kz" />
+	<target host="gorod.yandex.kz" />
+	<target host="help.yandex.kz" />
+	<target host="images.yandex.kz" />
+	<target host="internet.yandex.kz" />
+	<target host="kiks.yandex.kz" />
+	<target host="legal.yandex.kz" />
+	<target host="mail.yandex.kz" />
+	<target host="maps.yandex.kz" />
+	<target host="m.maps.yandex.kz" />
+	<target host="www.m.maps.yandex.kz" />
+	<target host="www.maps.yandex.kz" />
+	<target host="master.yandex.kz" />
+	<target host="www.master.yandex.kz" />
+	<target host="mbrowser.yandex.kz" />
+	<target host="metric.yandex.kz" />
+	<target host="metrica.yandex.kz" />
+	<target host="metrika.yandex.kz" />
+	<target host="metro.yandex.kz" />
+	<target host="www.metro.yandex.kz" />
+	<target host="money.yandex.kz" />
+	<target host="music.yandex.kz" />
+	<target host="partner.yandex.kz" />
+	<target host="partners.yandex.kz" />
+	<target host="pass.yandex.kz" />
+	<target host="passport-ckicheck.yandex.kz" />
+	<target host="pda-passport.yandex.kz" />
+	<target host="people.yandex.kz" />
+	<target host="pogoda.yandex.kz" />
+	<target host="m.pogoda.yandex.kz" />
+	<target host="www.pogoda.yandex.kz" />
+	<target host="rabota.yandex.kz" />
+	<target host="m.rabota.yandex.kz" />
+	<target host="rasp.yandex.kz" />
+	<target host="api.rasp.yandex.kz" />
+	<target host="m.rasp.yandex.kz" />
+	<target host="suggests.rasp.yandex.kz" />
+	<target host="t.rasp.yandex.kz" />
+	<target host="realty.yandex.kz" />
+	<target host="slovari.yandex.kz" />
+	<target host="m.slovari.yandex.kz" />
+	<target host="sprav.yandex.kz" />
+	<target host="ticket.yandex.kz" />
+	<target host="time.yandex.kz" />
+	<target host="translate.yandex.kz" />
+	<target host="tune.yandex.kz" />
+	<target host="m.tune.yandex.kz" />
+	<target host="tv.yandex.kz" />
+	<target host="www.tv.yandex.kz" />
+	<target host="video.yandex.kz" />
+	<target host="www.video.yandex.kz" />
+	<target host="vremya.yandex.kz" />
+	<target host="watch.yandex.kz" />
+	<target host="weather.yandex.kz" />
+	<target host="www.weather.yandex.kz" />
+	<target host="widgets.yandex.kz" />
+	<target host="wordstat.yandex.kz" />
+	<target host="www.yandex.kz" />
+	<target host="xml.yandex.kz" />
+	<target host="xmlsearch.yandex.kz" />
+	<target host="yabs.yandex.kz" />
+
+	<!--	Special cases:
+				-->
+	<target host="www.browser.yandex.kz" />
+	<target host="m.yandex.kz" />
+	<!--target host="mobile.yandex.kz" /-->
+	<target host="opera.yandex.kz" />
+	<target host="site.yandex.kz" />
+	<target host="www.site.yandex.kz" />
+	<target host="webmaster.yandex.kz" />
+	<target host="www.webmaster.yandex.kz" />
+	<target host="yaca.yandex.kz" />
+	<target host="www.yaca.yandex.kz" />
+
+		<!--
+			Redirects to http:
+						-->
+		<!--exclusion pattern="^http://market\.yandex\.kz/($|search\.xml)" /-->
+		<!--exclusion pattern="^http://interactive-answers\.webmaster\.yandex\.kz/$" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.yandex\.kz$" name="^(yabs-frequency|yandexuid|ys)$" /-->
+	<!--securecookie host="^feedback2\.yandex\.kz$" name="^feedback2-sid$" /-->
+	<!--securecookie host="^internet\.yandex\.kz$" name="^(csrftoken|test)$" /-->
+	<!--securecookie host="^mail\.yandex\.kz$" name="^ni$" /-->
+	<!--securecookie host="^(auto|city|gorod|islands|www\.master|rabota|m\.rabota|realty|slovari|m\.slovari)\.yandex\.kz$" name="^uid$" /-->
+	<!--securecookie host="^pogoda\.yandex\.kz$" name="^yw_lc$" /-->
+	<!--securecookie host="^realty\.yandex\.kz$" name="^from$" /-->
+	<!--securecookie host="^slovari\.yandex\.kz$" name="^slovari-state$" /-->
+	<!--securecookie host="^translate\.yandex\.kz$" name="^(first_visit_src|stoken)$" /-->
+
+	<securecookie host="^\.yandex\.kz$" name="^yabs-frequency$" />
+	<securecookie host="^(?:auto|city|feedback2|gorod|internet|islands|mail|www\.master|pogoda|rabota|m\.rabota|realty|slovari|m\.slovari|translate)\.yandex\.kz$" name=".+" />
+
+
+	<!--	Domains for which both !www and www exist,
+		but only !www works without caveat:
+							-->
+	<rule from="^http://www\.browser\.yandex\.kz/"
+		to="https://browser.yandex.kz/" />
+
+	<!--	Redirect drops path but not args:
+							-->
+	<rule from="^http://m(obile)?\.yandex\.kz/[^?]*"
+		to="https://m$1.yandex.ru/" />
+
+		<test url="http://m.yandex.kz/foo" />
+		<test url="http://m.yandex.kz/original.xml" />
+		<test url="http://mobile.yandex.kz/original.xml" />
+
+	<!--	Redirect keeps path and args:
+						-->
+	<rule from="^http://opera\.yandex\.kz/+"
+		to="https://opera.yandex.ru/" />
+
+		<test url="http://opera.yandex.kz//" />
+
+	<!--	Redirect drops path but not args:
+							-->
+	<rule from="^http://(?:www\.)?(site|webmaster|yaca)\.yandex\.kz/[^?]*"
+		to="https://$1.yandex.ru/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Yandex.net.xml b/src/chrome/content/rules/Yandex.net.xml
new file mode 100644
index 000000000000..c1a5cadb467d
--- /dev/null
+++ b/src/chrome/content/rules/Yandex.net.xml
@@ -0,0 +1,254 @@
+<!--
+	For other Yandex coverage, see Yandex.xml.
+
+
+	Nonfunctional subdomains:
+
+		- mobile.photo *
+		- pythonbp *
+
+	* Differs from http
+
+
+	Problematic subdomains:
+
+		- api-yaru ¹
+		- pix.blogs ¹
+		- pix2.blogs ¹
+		- download-cdn ⁴
+		- tv-front.content ¹
+		- direct **
+		- element ²
+		- elements ***
+		- img.encyc *
+		- msoffice.maps ¹
+		- vec.maps ***
+		- vec0[1-4].maps ⁴
+		- static.video ⁵
+
+	¹ Invalid certificate
+	² Mismatched
+	** Redirect destination doesn't exist => makes fetch checker complain
+	*** Mismatched cert for redirect destination
+	* Mismatched, CN: yastatic.net
+	⁴ Unspecified effect[?]
+	⁵ Apparently breaks video
+
+
+	Fully covered subdomains:
+
+		- internetometr.download.cdn
+		- sandbox.api.maps
+		- 0\d.pvec.maps		([1-4])
+
+		- ((www.)?[^.]+|[^.]+.[^.]+): *	(www → ^)
+
+			- awaps
+
+			- avatars
+			- \d+.avatars
+			- default.avatars
+
+			- avatars-fast
+			- ba
+
+			- captcha
+
+			- cache-ams0[13-6].cdn
+			- cache-default04e.cdn
+			- cache-default05h.cdn
+			- sba.cdn
+
+			- ceviri
+			- resizer.corba
+			- css
+			- disk
+			- downloader
+			- favicon
+			- img-css.friends
+			- img
+			- img-fotki
+			- img\d-fotki
+			- img
+			- img[1-7]-fotki
+			- imgl
+			- st.kp
+			- audio.lingvo
+			- webattach.mail
+			- mailstatic
+			- vec.maps
+			- money
+			- resizer-mobile.photo
+
+			- api.rasp
+			- static.rasp
+			- suburban-widget.rasp
+
+			- resize
+			- site
+			- static
+			- lego.static
+			- translate
+			- uc-static
+			- upics
+			- video
+			- wbms
+			- info.weather
+			- img-css.webchat2
+			- wfarm
+			- wi
+			- wimg
+
+	* Except where excluded below
+
+
+	These altnames don't exist:
+
+		- downloader.disk.yandex.net
+		- webattach-v6.mail.yandex.net
+		- mailstatic-v6.yandex.net
+		- music.yandex.net
+		- pogoda.yandex.net
+		- www.pogoda.yandex.net
+		- www.weather.yandex.net
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- wfarm from yastatic.net *
+			- pythonbp from img.yandex.net *
+
+		- favicon on wfarm from yastatic.net *
+
+		- Ads/bugs on ba from kiks.yandex.ru *
+
+	* Secured by us
+
+-->
+<ruleset name="Yandex.net (partial)">
+
+	<target host="yandex.net" />
+	<target host="*.yandex.net" />
+		<!--
+			Data clusters for Maps and Video:
+								-->
+		<exclusion pattern="^http://(?:jgo|vec\d+|stv\d+)\.maps\.yandex\.net/" />
+
+			<test url="http://jgo.maps.yandex.net/" />
+			<test url="http://stv1.maps.yandex.net/" />
+			<test url="http://stv2.maps.yandex.net/" />
+			<test url="http://vec1.maps.yandex.net/" />
+			<test url="http://vec2.maps.yandex.net/" />
+
+		<!--	What does this fix?
+						-->
+		<exclusion pattern="^http://[^.]+-tub(?:-[^.]+)?\.yandex\.net/" />
+
+			<test url="http://im0-tub-by.yandex.net/" />
+			<test url="http://im0-tub-com.yandex.net/" />
+			<test url="http://im0-tub-kz.yandex.net/" />
+			<test url="http://im0-tub-ru.yandex.net/" />
+			<test url="http://im0-tub-ua.yandex.net/" />
+		<!--
+			Search suggestions:
+						-->
+		<exclusion pattern="^http://suggest-[a-z]+\.yandex\.net/" />
+
+			<test url="http://suggest-a.yandex.net/" />
+			<test url="http://suggest-b.yandex.net/" />
+		<!--
+			Needed for Yandex video player to work:
+								-->
+		<exclusion pattern="^http://[^.]+\.video\.yandex\.net/" />
+
+			<test url="http://static.video.yandex.net/" />
+			<test url="http://static.video.yandex.net//" />
+		<!--
+			Needed for kinopoisk charts to work:
+								-->
+		<exclusion pattern="^http://st\.kp\.yandex\.net/crossdomain\.xml" />
+		<exclusion pattern="^http://st\.kp\.yandex\.net/shab/chart_settings/" />
+
+			<test url="http://st.kp.yandex.net/crossdomain.xml" />
+			<test url="http://st.kp.yandex.net/shab/chart_settings/votes_graph_settings.xml" />
+
+		<!--
+			Miscellaneous:
+					-->
+		<exclusion pattern="^http://(?:api-yaru|direct|elements?|mobile\.photo|pythonbp)\.yandex\.net/" />
+
+			<test url="http://api-yaru.yandex.net/" />
+			<test url="http://direct.yandex.net/" />
+			<test url="http://element.yandex.net/" />
+			<test url="http://elements.yandex.net/" />
+			<test url="http://mobile.photo.yandex.net/" />
+			<test url="http://pythonbp.yandex.net/" />
+
+		<test url="http://awaps.yandex.net/" />
+		<test url="http://avatars.yandex.net/" />
+		<test url="http://1.avatars.yandex.net/" />
+		<test url="http://default.avatars.yandex.net/" />
+		<test url="http://avatars-fast.yandex.net/" />
+		<test url="http://ba.yandex.net/" />
+		<test url="http://captcha.yandex.net/" />
+		<test url="http://download.cdn.yandex.net/browser/yandex/ru/beta/Yandex.deb" />
+		<test url="http://sba.cdn.yandex.net/" />
+		<test url="http://ceviri.yandex.net/" />
+		<test url="http://resizer.corba.yandex.net/" />
+		<test url="http://css.yandex.net/" />
+		<test url="http://disk.yandex.net/" />
+		<test url="http://downloader.yandex.net/" />
+		<test url="http://favicon.yandex.net/" />
+		<test url="http://img-css.friends.yandex.net/" />
+		<test url="http://img.yandex.net/" />
+		<test url="http://img-fotki.yandex.net/" />
+		<test url="http://img1-fotki.yandex.net/" />
+		<test url="http://imgl.yandex.net/" />
+		<test url="http://st.kp.yandex.net/" />
+		<test url="http://audio.lingvo.yandex.net/" />
+		<test url="http://webattach.mail.yandex.net/" />
+		<test url="http://mailstatic.yandex.net/" />
+		<test url="http://money.yandex.net/" />
+		<test url="http://resizer-mobile.photo.yandex.net/" />
+		<test url="http://api.rasp.yandex.net/" />
+		<test url="http://static.rasp.yandex.net/" />
+		<test url="http://suburban-widget.rasp.yandex.net/" />
+		<test url="http://resize.yandex.net/" />
+		<test url="http://site.yandex.net/" />
+		<test url="http://static.yandex.net/" />
+		<test url="http://lego.static.yandex.net/" />
+		<test url="http://translate.yandex.net/" />
+		<test url="http://uc-static.yandex.net/" />
+		<test url="http://upics.yandex.net/" />
+		<test url="http://video.yandex.net/" />
+		<test url="http://wbms.yandex.net/" />
+		<test url="http://info.weather.yandex.net/" />
+		<test url="http://img-css.webchat2.yandex.net/" />
+		<test url="http://wfarm.yandex.net/" />
+		<test url="http://wi.yandex.net/" />
+		<test url="http://wimg.yandex.net/" />
+
+		<test url="http://internetometr.download.cdn.yandex.net/" />
+		<test url="http://sandbox.api.maps.yandex.net/" />
+		<test url="http://01.pvec.maps.yandex.net/" />
+
+	<rule from="^http://(?:www\.)?([^.]+)\.yandex\.net/"
+		to="https://$1.yandex.net/" />
+
+	<rule from="^http://(internetometr\.download\.cdn|sandbox\.api\.maps|0\d\.pvec\.maps)\.yandex\.net/"
+		to="https://$1.yandex.net/" />
+
+	<!--	Here we can enable 4+ level domains with a single regexp,
+		but I've never seen any domains more that 4 levels deep
+		in Yandex network, so I wouldn't enable them now -
+		it may be inconvenient and may broke some services.
+		Only 4-level domains match.
+						-->
+	<rule from="^http://([^.]+)\.([^.]+)\.yandex\.net/"
+		to="https://$1.$2.yandex.net/" />
+
+	<rule from="^http://yandex\.net/"
+		to="https://yandex.ru/" />
+</ruleset>
diff --git a/src/chrome/content/rules/Yandex.st.xml b/src/chrome/content/rules/Yandex.st.xml
new file mode 100644
index 000000000000..b3dd101926d9
--- /dev/null
+++ b/src/chrome/content/rules/Yandex.st.xml
@@ -0,0 +1,16 @@
+<!--
+	For other Yandex coverage, see Yandex.xml.
+
+-->
+<ruleset name="Yandex.st">
+
+	<target host="yandex.st" />
+
+
+	<rule from="^http://(?:www\.)?([^.]+)\.yandex\.st/"
+		to="https://$1.yandex.st/" />
+
+	<rule from="^http://(?:www\.)?yandex\.st/"
+		to="https://yandex.st/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Yandex.ua.xml b/src/chrome/content/rules/Yandex.ua.xml
new file mode 100644
index 000000000000..28647971a22e
--- /dev/null
+++ b/src/chrome/content/rules/Yandex.ua.xml
@@ -0,0 +1,84 @@
+<!--
+	For other Yandex coverage, see Yandex.xml.
+
+	Nonfunctional subdomains:
+		- an ¹
+		- auto ³
+		- beta ¹
+		- bm ¹
+		- bs-meta ¹
+		- clck ¹
+		- contact ¹
+		- contact2 ¹
+		- dns ¹
+		- family ²
+		- informer ¹
+		- m.internet ¹
+		- islands ¹
+		- market ³
+		- mc ¹
+		- news ¹
+		- m.news ¹
+		- pda.news ¹
+		- store ¹
+		- www.store ¹
+		- mobile.yandex.uamobile ¹
+		- interactive-answers.webmaster ³
+		- wdgt ⁴
+
+	¹ Dropped
+	² Redirect differs
+	³ Redirects to http
+	⁴ 403
+
+	Problematic subdomains:
+		- www.browser ¹
+		- interactive-answers ²
+		- m ³
+		- www.mobile ³
+		- money ⁴
+		- www.taras ¹
+
+	¹ 404
+	² Mismatched
+	³ Differs from http
+	⁴ Blocks Tor users
+-->
+
+<ruleset name="Yandex.ua (partial)">
+	<target host="yandex.ua" />
+	<target host="www.yandex.ua" />
+	<target host="avia.yandex.ua" />
+	<target host="awaps.yandex.ua" />
+	<target host="blogs.yandex.ua" />
+	<target host="browser.yandex.ua" />
+	<target host="city.yandex.ua" />
+	<target host="disk.yandex.ua" />
+	<target host="feedback.yandex.ua" />
+	<target host="m.feedback.yandex.ua" />
+	<target host="fotki.yandex.ua" />
+	<target host="m.fotki.yandex.ua" />
+	<target host="gorod.yandex.ua" />
+	<target host="help.yandex.ua" />
+	<target host="images.yandex.ua" />
+	<target host="kiks.yandex.ua" />
+	<target host="legal.yandex.ua" />
+	<target host="m.legal.yandex.ua" />
+	<target host="m.yandex.ua" />
+	<target host="mail.yandex.ua" />
+	<target host="maps.yandex.ua" />
+	<target host="mobile.yandex.ua" />
+	<target host="pass.yandex.ua" />
+	<target host="slovari.yandex.ua" />
+	<target host="stat.yandex.ua" />
+	<target host="translate.yandex.ua" />
+	<target host="tune.yandex.ua" />
+	<target host="video.yandex.ua" />
+	<target host="webmaster.yandex.ua" />
+	<target host="yabs.yandex.ua" />
+	<target host="zno.yandex.ua" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Yandex.xml b/src/chrome/content/rules/Yandex.xml
index c86d6f7718c3..ac75c7cc143d 100644
--- a/src/chrome/content/rules/Yandex.xml
+++ b/src/chrome/content/rules/Yandex.xml
@@ -1,209 +1,519 @@
 <!--
-	Other Yandex rulests:
+The following targets have been disabled at 2020-09-25 16:20:22:
 
-		- Loginza.ru.xml
-
-
-    For any questions please contact Artyom Gavrichenkov <ximaera@yandex.ru>.
-
-    I'm not in any way a Yandex employee, however, this set of rules is
-    already working for a long time with all Yandex services, being used very
-    intensively, and thus is being shared with community in order to prevent
-    scam and stealing from Money.Yandex.ru (and other services as well).
-
-    If you want to know about license terms, here they are:
-
-    DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE
-    Version 2, December 2004
-
-    Copyright (C) 2004 Sam Hocevar <sam@hocevar.net>
-
-    Everyone is permitted to copy and distribute verbatim or modified
-    copies of this license document, and changing it is allowed as long
-    as the name is changed.
-
-    DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE
-    TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
-
-    0. You just DO WHAT THE FUCK YOU WANT TO.
-
-
-    Nonfunctional domains:
-
-        - clubs.ya.ru       (redirects to http)
+Time: 2020-09-25 16:20:22
+ Fetch error: http://www.maps.yandex.ru/ => https://maps.yandex.ru/: (6, 'Could not resolve host: www.maps.yandex.ru')
 
-		- yandex.ru subdomains:
+	Other Yandex rulesets:
 
-			- advertising	(dropped)
-
-
-	Problematic domains:
-
-		- www.yandex.ru		(dropped)
-
-
-	Partially covered domains:
-
-		- www.yandex.ru		(→ ^)
-
-
-	Fully covered domains:
-
-		- awaps.yandex.by
-		- awaps.yandex.com.au
-		- awaps.yandex.kz
-		- favicon.yandex.net
-		- awaps.yandex.ru
-		- awaps.yandex.ua
-		- awaps.yandex.ru
+		- BEM.info.xml
+		- Loginza.ru.xml
+		- Moikrug.ru.xml
+		- Ya.ru.xml
+		- YaDi.sk.xml
+		- Yandex.com.xml
+		- Yandex.com.ua.xml
+		- Yandex.com.tr.xml
+		- Yandex.kz.xml
+		- Yandex.net.xml
+		- Yandex.st.xml
+		- Yandex.ua.xml
+		- Yandex.by.xml
+		- Yandex_ad_exchange.net.xml
+		- Yaprobki.ru.xml
+		- Yastatic.net.xml
+
+
+	For any questions please contact Artyom Gavrichenkov <ximaera@yandex.ru>.
+
+	I'm not in any way a Yandex employee, however, this set of rules is
+	already working for a long time with all Yandex services, being used very
+	intensively, and thus is being shared with community in order to prevent
+	scam and stealing from Money.Yandex.ru (and other services as well).
+
+
+	Nonfunctional subdomains:
+
+		- apps ¹
+		- android-us.apps ¹
+		- us.apps ¹
+
+		- beta-feedback ³
+		- blog ³
+		- bm ³
+		- business ²
+		- cards ³
+		- contact ³
+		- contact2 ³
+		- copy ³
+		- dns ³
+		- encyclopedia *
+    - ewent
+		- family ¹
+		- b.feedback ³
+		- gazeta ³
+		- informer ³
+		- interactive-answers *
+		- m.internet ³
+		- ir ³
+		- iseg ³
+		- islands ¹
+		- kapersky ³
+		- kaspersky ³
+		- kassa ⁴
+		- labs ³
+		- large ³
+		- lingvo ³
+		- m ¹
+		- (www.)?market ¹
+		- (www.)?m.metro ⁶
+		- mirror ³
+		- narod ²
+		- navigator ³
+
+		- (www.)?news ³
+		- m.news ³
+		- pda.news ³
+
+		- notanymore ³
+		- online ⁷
+		- op ¹
+		- presocial ⁶
+		- prestable-pogoda ³
+		- punto ⁶
+		- api.rasp *
+		- repo ³
+		- shad ¹
+		- soft ³
+		- terms ³
+		- uslugi ¹
+		- interactive-answers.webmaster ¹
+		- wdgt ⁵
+
+	¹ Redirects to http
+	² Refused
+	³ Dropped
+	* Differs from http
+	⁴ Reset
+	⁶ 404
+	⁷ Shows mail
+	⁵ 403
+
+
+	Problematic subdomains:
+
+		- www.advertising ¹
+		- panoramas.api-maps *
+		- appsearch ¹
+		- www.browser **
+		- pda.calendar ¹
+		- collection ²
+		- dict ¹
+		- favicon ¹
+		- m.market ⁵
+		- www.mobile **
+		- mobile-feedback ³
+
+		- money ⁴
+		- m.money ¹
+		- pda.money ¹
+		- start.money ⁴
+
+		- skype ⁸
+		- www.taras **
+		- twitter ¹
+		- upics ¹
+		- streaming.video ⁹
+		- webcal ¹
+		- ym-promo ⁴
+
+	¹ Mismatched
+	* Unspecified effect[?]
+	** 404
+	² Mismatched, CN: bar.yandex.com.tr
+	⁵ Revoked
+	³ Mismatched, CN: validator.yandex.ru)
+	⁴ Blocks Tor users
+	⁸ Dropped
+	⁹ Apparently breaks video player
+
+
+	Partially covered subdomains:
+
+		- (www.)?video *
+
+	¹ Some pages redirect to http
+	* Apparently breaks player
+
+
+	Fully covered subdomains:
+
+		- (www.)?
+		- (www.)?academy
+		- (www.)?adresa
+		- (www.)?atlas
+		- dict			(→ slovari)
+		- \d+.downloader.disk
+		- (www.)?ewents
+		- (www.)?event
+		- (www.)?events
+		- favicon		(→ favicon.yandex.net)
+		- (www.)?fotki
+		- (www.)?internet
+		- (www.)?ivent
+		- (www.)?ivents
+		- (www.)?karti
+
+		- (www.)?maps
+		- sandbox.api.maps
+		- (www.)?beta.maps
+		- (www.)?constructor.maps
+		- (www.)?m.maps
+		- (www.)?n.maps
+		- (www.)?router-quality.maps
+
+		- (www.)?master
+		- (www.)?metro
+		- mobile-feedback	(→ m.feedback)
+		- (www.)?mshad
+		- (www.)?music
+		- (www.)?maps.pda
+		- (www.)?pogoda
+		- (www.)?probki
+		- (www.)?research
+		- (www.)?site
+		- skype			(→ ^)
+		- (www.)?startups
+		- (www.)?tech
+		- (www.)?tv
+		- twitter		(→ www)
+		- upics			(→ upics.yandex.net)
+		- (www.)?weather
+		- (www.)?yaca
+
+		- ((www.)?[^.]+|[^.].[^.]): *	(www → ^)
+
+			- (www.)?advertising
+			- agency.advertising
+			- welcome.advertising
+
+			- advq
+			- afisha
+			- an
+			- analytics
+			- api
+			- api-lenta
+			- api-maps
+			- arin.api-maps
+			- enterprise.api-maps
+			- api-yaru
+
+			- auto
+			- dealer.auto
+			- m.auto
+			- partner.auto
+			- pda.auto
+
+			- autoconfig
+			- autodiscover
+			- avia
+			- awaps
+			- b
+			- ba
+			- bar
+			- bayan
+			- beta.bayan
+			- beta
+
+			- blogs
+			- m.blogs
+			- pda.blogs
+
+			- blogs-http
+			- (www.)?browser
+			- browsers
+			- bs
+			- bs-meta
+			- buki
+			- business-maps
+			- calendar
+			- widgets.calendar
+			- captcha
+			- changepassword
+			- city
+			- clck
+			- clock
+			- clocks
+			- company
+
+			- contest
+			- algorithm.contest
+			- intern.contest
+			- official.contest
+
+			- corba-https-export
+			- corba-https-export-ng1
+			- css
+			- dev
+			- direct
+			- disc
+
+			- disk
+			- beta.disk
+			- downloader.disk
+
+			- display
+			- element
+			- elements
+			- www.ewent
+			- export
+			- feedback
+			- m.feedback
+			- feedback2
+			- files
+			- firefox
+
+			- img.fotki
+			- m.fotki
+			- r-img.fotki
+
+			- fx
+			- gadget
+			- geocode-maps
+			- geocontext
+			- gorod
+			- help
+			- hw
+			- i
+			- ie
+			- images
+			- img
+			- img-fotki
+			- img[1-7]-fotki
+			- ipv4.internet
+			- ipv6.internet
+			- keyboard
+			- kiks
+			- legal
+			- m.legal
+			- mail
+			- pda.mail
+
+			- har.maps
+			- mpro.maps
+			- mtquality.maps
+			- npro.maps
+			- pda.maps
+			- points.maps
+			- r.maps
+
+			- constructor.maps
+			- partner.market
+			- mbrowser
+			- mc
+			- mdata
+			- metr
+			- metric
+			- metrica
+			- metrika
+			- pda.metro
+			- (www.)?mobile
+			- money
+			- start.money
+			- myfiles
+			- partner.news
+			- opera
+			- partner
+			- partners
+			- pass
+			- passport
+			- passport-ckicheck
+			- probki.pda
+			- traffic.pda
+			- pda-passport
+			- people
+			- pdd
+			- m.pogoda
+			- mini.pogoda
+			- prefetch-maps
+			- probki
+			- pda.probki
+			- psearch-maps
+			- pythonlbp-s
+			- qas
+			- qas2
+			- rabota
+			- m.rabota
+			- radioprobki
+			- radioprobki2
+
+			- rasp
+			- fi.rasp
+			- m.rasp
+			- suggests.rasp
+			- suburban-widget.rasp
+			- t.rasp
+
+			- realty
+			- partner.realty
+			- route-maps
+			- safety
+			- search-maps
+			- arin.search-maps
+			- slovari
+			- m.slovari
+			- sobitia
+			- m.soft
+			- api.sport
+			- sprav
+			- spravochnik
+			- stat
+			- subs
+			- suggest-maps
+			- taras
+			- taxi
+			- taxi-exam
+			- api.tech
+			- developer.tech
+			- technologies
+			- ticket
+			- time
+			- tolstoy
+			- pda.traffic
+			- traffic-maps
+			- translate
+			- tune
+			- m.tune
+			- umbrella
+			- validator
+			- vb-update
+			- video
+			- static.video
+			- vremya
+			- watch
+			- api.weather
+			- mini.weather
+			- webmaster
+			- widgets
+			- wy
+			- xml
+			- xmlsearch
+			- yabs
+			- m.yaca
+			- pda.yaca
+			- ye-update
+			- ym-promo
+			- m.zakladki
+
+	* Except where excluded below
+
+
+	These altnames don't exist:
+
+		- m.feedback2.yandex.ru
+		- store.yandex.ru
+		- www.store.yandex.ru
+		- support.yandex.ru
+		- www.webmaster.yandex.ru
+
+
+	Insecure cookies are set for these domains:
+
+		- .yandex.ru
+		- academy.yandex.ru
+		- afisha.yandex.ru
+		- auto.yandex.ru
+		- bs.yandex.ru
+		- captcha.yandex.ru
+		- .captcha.yandex.ru
+		- contest.yandex.ru
+		- intern.contest.yandex.ru
+		- shad.contest.yandex.ru
+		- display.yandex.ru
+		- feedback2.yandex.ru
+		- .fotki.yandex.ru
+		- gorod.yandex.ru
+		- hw.yandex.ru
+		- .hw.yandex.ru
+		- internet.yandex.ru
+		- ipv4.internet.yandex.ru
+		- ipv6.internet.yandex.ru
+		- mail.yandex.ru
+		- partner.market.yandex.ru
+		- mobile.yandex.ru
+		- pass.yandex.ru
+		- pogoda.yandex.ru
+		- rabota.yandex.ru
+		- m.rabota.yandex.ru
+		- suggests.rasp.yandex.ru
+		- .suggests.rasp.yandex.ru
+		- realty.yandex.ru
+		- partner.realty.yandex.ru
+		- slovari.yandex.ru
+		- startups.yandex.ru
+		- stat.yandex.ru
+		- tech.yandex.ru
+		- developer.tech.yandex.ru
+		- translate.yandex.ru
+		- tune.yandex.ru
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- ^, b, corba-https-export, export, umbrella, vb-update, wy, ye-update from awaps.yandex.ru ¹
+			- advertising from avatars.yandex.net ¹
+			- advertising, b, m.blogs, corba-https-export, export, m.legal, umbrella, vb-update, wy, ye-update from img.yandex.net ¹
+			- m.feedback, mobile-feedback, www from yastatic.net ¹
+			- tech from api.yandex.ru ¹
+
+		- favicons, on:
+
+			- m.feedback from img.yandex.net ¹
+			- agency.advertising, help, legal, m.legal from yandex.st ¹
+
+		- Bugs, on:
+
+			- m.blogs, downloader.disk, from clck.yandex.ru ¹
+			- m.fotki from c.waplog.net ²
+			- advq, ba, blogs, direct, maps, partner.market, maps.pda, rabota, wordstat, (www.)?yaca from kiks.yandex.ru ¹
+
+	¹ Secured by us
+	² Unsecurable <= dropped
 
 -->
 <ruleset name="Yandex">
 
-    <target host="moikrug.ru" />
-    <target host="*.moikrug.ru" />
-    <target host="ya.ru" />
-    <target host="*.ya.ru" />
-	<target host="awaps.yandex.*" />
-    <target host="yandex.net" />
-    <target host="*.yandex.net" />
-    <target host="yandex.ru" />
-    <target host="*.yandex.ru" />
-
-
-	<!--securecookie host="^\.yandex\.ru$" name="^yandexuid$" /-->
-    <securecookie host="(?:mc|\.video)\.yandex\.ru$" name=".*" />
-
-
-    <!--
-        Rather than enumerating domains that support SSL,
-        we enable SSL for all services and then exclude those
-        which become broken:
-
-
-        1. Public services without HTTPS support (or with broken support)
-                                        -->
-    <exclusion pattern="^http://(?:bar-widgets|blogs|cards|cs-ellpic|cs-thumb|dict|dzen|encyclopedia|feedback|fotki|images|lingvo|ll|metro|mirror|music|newmoscow|news|openid|pogoda|presocial|rasp|slovari|sprav|static-maps|tv|wdgt|weather|wordstat|xml)\.yandex\.ru/" />
-		<exclusion pattern="^http://www\.yandex\.ru/(?!cycounter(?:$|\?))" />
-
-    <!--
-            Needed for Yandex video player to work. 
-                                                                                -->
-
-    <exclusion pattern="^http://video\.yandex\.ru/iframe/" />
-    <exclusion pattern="^http://[^.]+\.video\.yandex\.net/" />
-    <exclusion pattern="^http://streaming\.video\.yandex\.ru/" />
-    <exclusion pattern="^http://[^.]+\.video\.yandex\.ru/q-upload/" />
-    <!--
-        Remove this if you do never post entries or comments on my.ya.ru
-                                        -->
-    <exclusion pattern="^http://(?:www\.)?[^.]+\.ya\.ru/" />
-
-    <!--    2. Simple redirections
-                    -->
-    <exclusion pattern="^http://probki\.yandex\.ru/" />
-    <exclusion pattern="^http://(?:blogs|fotki|images|music|probki|video|wdgt|www)\.ya\.ru" />
-
-    <!--    3. Narod.ru.
-
-        Narod.ru doesn't use auth data from Yandex,
-        so we don't need to encrypt its pages.
-        The only exception is Narod.Disk, but it doesn't provide HTTPS
-                                        -->
-    <exclusion pattern="^http://narod\d*\.yandex\.ru/" />
-
-    <!--    4. Search suggestions
-                    -->
-    <exclusion pattern="^http://suggest\.yandex\.ru/" />
-    <exclusion pattern="^http://suggest-[a-z]+\.yandex\.(?:net|ru)/" />
-
-    <!--    5. Webmaster
-                -->
-    <exclusion pattern="^http://content\.webmaster\.yandex\.ru/" />
-
-    <!--    6. Mobile services
-                    -->
-    <exclusion pattern="^http://(?:m|mobile)\.yandex\.ru/" />
-
-    <!--    7. Internet.Yandex.Ru (connection rate detection breaks with HTTPS)
-                                            -->
-    <exclusion pattern="^http://internet\.yandex\.ru/" />
-
-    <!--    8. Various click counters and content storages.
-                                -->
-    <exclusion pattern="^http://(?:clck|copy|hghltd|kiks|print|market-click\d+|wrz)\.yandex\.ru/" />
-    <exclusion pattern="^http://mdata\.yandex\.(?:ru|net)/" />
-
-    <!--    9. Data clusters for Maps and Video
-                            -->
-    <exclusion pattern="^http://(?:jgo|vec\d+)\.maps\.yandex\.(?:net|ru)/" />
-    <exclusion pattern="^http://[^.]+-tub(?:-[^.]+)?\.yandex\.(?:net|ru)/" />
-
-    <!--    10. More subdomains without SSL from Aleksey Kosterin.
-                                    -->
-    <exclusion pattern="^http://(?:advertising|afisha|api|browser|business|collection|fx|help|kapersky|keyboard|large|market|nahodki|navigator|online|opera|punto|site|skype|time|yaca|zakladki)\.yandex\.ru/" />
-
-    <!--    11. Some cert warnings.
-                    -->
-    <exclusion pattern="^http://(?:ie|soft|widgets)\.yandex\.ru/" />
-
-    <!--    12. Drop down menu UI bugs -->
-
-    <exclusion pattern="^http://tune\.yandex\.ru/" />
-
-
-
-    <!--    Rewriting rules.
-                -->
-	<rule from="^http://www\.yandex\.ru/cycounter(?=$|\?)"
-		to="https://yandex.ru/cycounter" />
-
-    <rule from="^http://(?:www\.)?([^.]+)\.yandex\.(net|ru|st)/"
-        to="https://$1.yandex.$2/" />
-
-    <rule from="^http://(?:www\.)?yandex\.(net|st)/"
-        to="https://yandex.$1/" />
-
-    <!--    Redirects to www for pages.
-            In particular, this catches counters.
-                                -->
-    <rule from="^http://yandex\.ru/"
-        to="https://yandex.ru/" />
-
-    <!--
-        Here we can enable 4+ level domains with a single regexp,
-        but I've never seen any domains more that 4 levels deep
-        in Yandex network, so I wouldn't enable them now -
-        it may be unconvenient and may broke some services.
-        Only 4-level domains match.
-                        -->
-    <rule from="^http://([^.]+)\.([^.]+)\.yandex\.(net|ru)/"
-        to="https://$1.$2.yandex.$3/" />
-
-    <rule from="^http://(?:www\.)?([^.]+)\.ya\.ru/"
-        to="https://$1.ya.ru/" />
-
-    <rule from="^http://(?:www\.)?moikrug\.ru/"
-        to="https://moikrug.ru/" />
-
-	<rule from="^http://awaps\.yandex\.(com\.au|by|kz|ua)/"
-		to="https://awaps.yandex.$1/" />
-
-
-    <!--    timeout
-        Example:    https://market.yandex.ru/search.xml?text=draytek&hid=91083&srnum=233
-        List:       https://mail1.eff.org/pipermail/https-everywhere-rules/2012-April/001094.html
-                                -->
-    <rule from="^https://(cs-ellpic|mdata)\.yandex\.net/"
-        to="http://$1.yandex.net/" downgrade="1" />
-
-    <!--    "<error><status>401</status><message>Unauthorized</message><cause>Incorrect referer</cause></error>"
-        https doesn't give a referrer, so images don't load.
-        Example:    https://market.yandex.ru/search.xml?text=draytek&hid=91083&srnum=233
-        List:       https://mail1.eff.org/pipermail/https-everywhere-rules/2012-April/001094.html
-                                -->
-    <rule from="^https://static-maps\.yandex\.ru/"
-        to="http://static-maps.yandex.ru/" downgrade="1" />
+	<target host="yandex.ru" />
+	<target host="*.yandex.ru" />
+    <test url="http://audience.yandex.ru/" />
+    <test url="http://disk.yandex.ru/" />
+    <test url="http://download.yandex.ru/" />
+    <test url="http://academy.yandex.ru/" />
+    <test url="http://video.yandex.ru/" />
+    <test url="http://events.yandex.ru/" />
+
+	<rule from="^http://(?:www\.)?([^.]+)\.yandex\.ru/"
+		to="https://$1.yandex.ru/" />
+    <test url="http://www.disk.yandex.ru/" />
+    <test url="http://www.webmaster.yandex.ru/" />
+    <test url="http://www.kassa.yandex.ru/" />
+
+	<!--	Here we can enable 4+ level domains with a single regexp,
+		but I've never seen any domains more that 4 levels deep
+		in Yandex network, so I wouldn't enable them now -
+		it may be inconvenient and may brake some services.
+		Only 4-level domains match.
+						-->
+	<rule from="^http://([^.]+)\.([^.]+)\.yandex\.ru/"
+		to="https://$1.$2.yandex.ru/" />
+    <test url="http://points.maps.yandex.ru/" />
+    <test url="http://beta.dialogs.yandex.ru/" />
+    <test url="http://shad.contest.yandex.ru/" />
+
+  <securecookie host=".+" name=".+" />
+
+  <rule from="^http:" to="https:" />
 
 </ruleset>
-
diff --git a/src/chrome/content/rules/Yandex_ad_exchange.net.xml b/src/chrome/content/rules/Yandex_ad_exchange.net.xml
new file mode 100644
index 000000000000..837368eca81d
--- /dev/null
+++ b/src/chrome/content/rules/Yandex_ad_exchange.net.xml
@@ -0,0 +1,16 @@
+<!--
+	For other Yandex coverage, see Yandex.xml.
+
+
+	www doesn't exist.
+
+-->
+<ruleset name="Yandex ad exchange.net">
+
+	<target host="yandexadexchange.net" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Yannick.net.xml b/src/chrome/content/rules/Yannick.net.xml
index c538b646511f..24967c53e2e9 100644
--- a/src/chrome/content/rules/Yannick.net.xml
+++ b/src/chrome/content/rules/Yannick.net.xml
@@ -1,13 +1,22 @@
-<ruleset name="Yannick.net">
+<ruleset name="Yannick.net" default_off="redirects to http">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="yannick.net" />
-	<target host="*.yannick.net" />
+	<target host="www.yannick.net" />
+
+		<!--	Redirects to http:
+						-->
+		<exclusion pattern="^http://(?:www\.)?yannick\.net/(?:$|css/|images/)" />
+
+			<test url="http://www.yannick.net/css/styles.css" />
+			<test url="http://www.yannick.net/images/yannickweb_logo.png" />
 
 
 	<securecookie host="^\.yannick\.net$" name=".+" />
 
 
-	<rule from="^http://(www\.)?yannick\.net/"
-		to="https://$1yannick.net/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Yaprobki.ru.xml b/src/chrome/content/rules/Yaprobki.ru.xml
new file mode 100644
index 000000000000..ba6756b47c48
--- /dev/null
+++ b/src/chrome/content/rules/Yaprobki.ru.xml
@@ -0,0 +1,17 @@
+<!--
+	For other Yandex coverage, see Yandex.xml.
+
+
+	www: Mismatched
+	!www is in Russian, www in English.
+
+-->
+<ruleset name="Yaprobki.ru (partial)">
+
+	<target host="yaprobki.ru" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/YaqeenInstitute.org.xml b/src/chrome/content/rules/YaqeenInstitute.org.xml
new file mode 100644
index 000000000000..f53f3d962a16
--- /dev/null
+++ b/src/chrome/content/rules/YaqeenInstitute.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="YaqeenInstitute.org">
+	<target host="yaqeeninstitute.org" />
+	<target host="www.yaqeeninstitute.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Yard_Digital.com.xml b/src/chrome/content/rules/Yard_Digital.com.xml
index 7f4e91f75976..3dff4e69a5b3 100644
--- a/src/chrome/content/rules/Yard_Digital.com.xml
+++ b/src/chrome/content/rules/Yard_Digital.com.xml
@@ -15,4 +15,4 @@
 	<rule from="^http://(?:www\.)?yarddigital\.com/"
 		to="https://yarddigital.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Yassine.net.xml b/src/chrome/content/rules/Yassine.net.xml
new file mode 100644
index 000000000000..01b98e6952ec
--- /dev/null
+++ b/src/chrome/content/rules/Yassine.net.xml
@@ -0,0 +1,14 @@
+<!--
+	Different HTTP/HTTPS content:
+		siraj.yassine.net
+	Invalid Security Certificate:
+		en.yassine.net
+-->
+<ruleset name="Yassine.net">
+	<target host="yassine.net" />
+	<target host="www.yassine.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Yastatic.net.xml b/src/chrome/content/rules/Yastatic.net.xml
new file mode 100644
index 000000000000..97113309ed51
--- /dev/null
+++ b/src/chrome/content/rules/Yastatic.net.xml
@@ -0,0 +1,19 @@
+<!--
+	For other Yandex coverage, see Yandex.xml.
+
+
+	Fully covered subdomains:
+
+		- i
+
+-->
+<ruleset name="Yastatic.net">
+
+	<target host="yastatic.net" />
+	<target host="i.yastatic.net" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Yatima.org.xml b/src/chrome/content/rules/Yatima.org.xml
new file mode 100644
index 000000000000..accb03c48810
--- /dev/null
+++ b/src/chrome/content/rules/Yatima.org.xml
@@ -0,0 +1,7 @@
+<ruleset name="Yatima.org">
+        <target host="yatima.org" />
+        <target host="www.yatima.org" />
+
+        <rule from="^http:"
+                to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Yawoot.xml b/src/chrome/content/rules/Yawoot.xml
deleted file mode 100644
index 63fe388bc975..000000000000
--- a/src/chrome/content/rules/Yawoot.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="Yawoot (partial)" platform="mixedcontent">
-
-	<target host="img.yawoot.com"/>
-	<target host="t.yawoot.com"/>
-
-	<rule from="^http://(img|t)\.yawoot\.com/"
-		to="https://$1.yawoot.com/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Yeah.net.xml b/src/chrome/content/rules/Yeah.net.xml
new file mode 100644
index 000000000000..9b90d8f46b00
--- /dev/null
+++ b/src/chrome/content/rules/Yeah.net.xml
@@ -0,0 +1,14 @@
+<!--
+	Invalid certificate: Too much to list them all.
+		www.yeah.net
+		ming.yeah.net
+		wap.yeah.net
+		yxplus.yeah.net
+-->
+<ruleset name="Yeah.net (partial)">
+	<target host="yeah.net" />
+	<target host="mail.yeah.net" />
+	<target host="passport.yeah.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Yed24hr.com.xml b/src/chrome/content/rules/Yed24hr.com.xml
index 50d5d18f03a7..98e92abe1c32 100644
--- a/src/chrome/content/rules/Yed24hr.com.xml
+++ b/src/chrome/content/rules/Yed24hr.com.xml
@@ -3,8 +3,10 @@
 
 		- (www.)movzeed.com *
 		- (www.)mov24hr.com *
+		- (www.)?yed24hr.com ²
 
 	* Refused
+	² *.lxlabs.com
 
 
 	Mixed content:
@@ -17,7 +19,7 @@
 			- www.picdee.com **
 			- (www.)picloader3.com **
 			- www.picloader4.com **
-			- s22.postimg.org
+			- s22.postimg.org *
 			- postto.me *
 			- cat.postto.me *
 			- th.upic.me *
@@ -37,7 +39,7 @@
 			- www.cpm-banner.com **
 			- www.cárdenas.net **
 			- ads.clipxvip.com **
-			- sstatic1.histats.com **
+			- sstatic1.histats.com *
 			- www.imagescream.com **
 			- www.lbacklink.com **
 			- www.ping-fast.com
@@ -59,14 +61,19 @@
 	** Unsecurable
 
 -->
-<ruleset name="yed24hr.com">
+<ruleset name="yed24hr.com" default_off="mismatched, self-signed">
 
+	<!--	Direct rewrites:
+				-->
+	<target host="yed24hr.com" />
+	<target host="www.yed24hr.com" />
+
+	<!--	Complications:
+				-->
 	<target host="mov24hr.com" />
 	<target host="www.mov24hr.com" />
 	<target host="movzeed.com" />
 	<target host="www.movzeed.com" />
-	<target host="yed24hr.com" />
-	<target host="*.yed24hr.com" />
 
 
 	<securecookie host="^(?:w*\.)?yed24hr\.com$" name=".+" />
@@ -75,7 +82,7 @@
 	<rule from="^http://(?:www\.)?mov(?:24hr|zeed)\.com/"
 		to="https://www.yed24hr.com/" />
 
-	<rule from="^http://(www\.)?yed24hr\.com/"
-		to="https://$1yed24hr.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Yedxxx24hr.com.xml b/src/chrome/content/rules/Yedxxx24hr.com.xml
new file mode 100644
index 000000000000..8d67ccdafa2e
--- /dev/null
+++ b/src/chrome/content/rules/Yedxxx24hr.com.xml
@@ -0,0 +1,32 @@
+<!--
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- yedxxx24hr.com
+		- .yedxxx24hr.com
+		- www.yedxxx24hr.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed images and ads from various domains.
+
+-->
+<ruleset name="yedxxx24hr.com">
+
+	<target host="yedxxx24hr.com" />
+	<target host="www.yedxxx24hr.com" />
+	<target host="xxx.yedxxx24hr.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?yedxxx24hr\.com$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^\.yedxxx24hr\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Yeggi.com.xml b/src/chrome/content/rules/Yeggi.com.xml
new file mode 100644
index 000000000000..9ef68ce907a9
--- /dev/null
+++ b/src/chrome/content/rules/Yeggi.com.xml
@@ -0,0 +1,14 @@
+<ruleset name="Yeggi.com">
+	<target host="yeggi.com" />
+	<target host="www.yeggi.com" />
+	<target host="img1.yeggi.com" />
+	<target host="img2.yeggi.com" />
+	<target host="img3.yeggi.com" />
+	<target host="img4.yeggi.com" />
+	<target host="img5.yeggi.com" />
+	<target host="img6.yeggi.com" />
+	<target host="imgwl.yeggi.com" />
+	<target host="m.yeggi.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Yellow-Pages-IMA.xml b/src/chrome/content/rules/Yellow-Pages-IMA.xml
index 0e42f8cf9be7..e63ffc56e2f6 100644
--- a/src/chrome/content/rules/Yellow-Pages-IMA.xml
+++ b/src/chrome/content/rules/Yellow-Pages-IMA.xml
@@ -1,21 +1,70 @@
-<ruleset name="Yellow Pages IMA (partial)">
 
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.localsearchassociation.org/Integrations/JQuery/Themes/Stable/Root/jquery-ui.css => https://www.localsearchassociation.org/Integrations/JQuery/Themes/Stable/Root/jquery-ui.css: (51, "SSL: no alternative certificate subject name matches target host name 'www.localsearchassociation.org'")
+Fetch error: http://www.localsearchassociation.org/Modules/DynamicNavigation/Styles.css.aspx => https://www.localsearchassociation.org/Modules/DynamicNavigation/Styles.css.aspx: (51, "SSL: no alternative certificate subject name matches target host name 'www.localsearchassociation.org'")
+Fetch error: http://www.localsearchassociation.org/SiteTypes/Default.master.css.aspx => https://www.localsearchassociation.org/SiteTypes/Default.master.css.aspx: (51, "SSL: no alternative certificate subject name matches target host name 'www.localsearchassociation.org'")
+Fetch error: http://www.localsearchassociation.org/Uploads/Public/Documents/Styles/lsa-3-31-14.css => https://www.localsearchassociation.org/Uploads/Public/Documents/Styles/lsa-3-31-14.css: (51, "SSL: no alternative certificate subject name matches target host name 'www.localsearchassociation.org'")
+Fetch error: http://www.localsearchassociation.org/Uploads/Public/Images/Design/top_nav_bg_left.jpg => https://www.localsearchassociation.org/Uploads/Public/Images/Design/top_nav_bg_left.jpg: (51, "SSL: no alternative certificate subject name matches target host name 'www.localsearchassociation.org'")
+Fetch error: http://localsearchassociation.org/ => https://localsearchassociation.org/: (51, "SSL: no alternative certificate subject name matches target host name 'localsearchassociation.org'")
+Fetch error: http://ypassociation.org/ => https://localsearchassociation.org/: (51, "SSL: no alternative certificate subject name matches target host name 'localsearchassociation.org'")
+Fetch error: http://www.ypassociation.org/ => https://localsearchassociation.org/: (51, "SSL: no alternative certificate subject name matches target host name 'localsearchassociation.org'")
+
+	(www.)?localsearchassociation.org: Some pages redirect to http
+
+
+	Other Yellow Pages IMA rulesets:
+
+		- Yellow_Pages_Opt_Out.com.xml
+
+-->
+<ruleset name="Yellow Pages IMA (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
 	<target host="localsearchassociation.org"/>
-	<target host="*.localsearchassociation.org"/>
-	<target host="yellowpagesoptout.com"/>
-	<target host="*.yellowpagesoptout.com"/>
+	<target host="www.localsearchassociation.org"/>
+
+	<!--	Complications:
+				-->
 	<target host="ypassociation.org"/>
 	<target host="www.ypassociation.org"/>
 
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.localsearchassociation\.org/Main/(Home|JoinNow)\.aspx" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.localsearchassociation\.org/(?!Integrations/|Modules/|SiteTypes/Default\.master\.css\.aspx|[Uu]ploads/[Pp]ublic/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.localsearchassociation.org/Home.aspx" />
+			<test url="http://www.localsearchassociation.org/Index.aspx" />
+			<test url="http://www.localsearchassociation.org/Main/Home.aspx" />
+			<test url="http://www.localsearchassociation.org/Main/JoinNow.aspx" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.localsearchassociation.org/Integrations/JQuery/Themes/Stable/Root/jquery-ui.css" />
+			<test url="http://www.localsearchassociation.org/Modules/DynamicNavigation/Styles.css.aspx" />
+			<test url="http://www.localsearchassociation.org/SiteTypes/Default.master.css.aspx" />
+			<test url="http://www.localsearchassociation.org/Uploads/Public/Documents/Styles/lsa-3-31-14.css" />
+			<test url="http://www.localsearchassociation.org/Uploads/Public/Images/Design/top_nav_bg_left.jpg" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?localsearchassociation\.org$" name="^(ASP\.NET_SessionId|CPAUDIENCEID_CDA2)$" /-->
 
-	<securecookie host="^(.*\.)?localsearchassociation\.org$" name=".*"/>
-	<securecookie host="^(.*\.)?yellowpagesoptout\.com$" name=".*"/>
+	<!--securecookie host="^(?:.*\.)?localsearchassociation\.org$" name=".*"/-->
 
 
-	<rule from="^http://(?:www\.)?(?:localsearch|yp)association\.org/"
+	<rule from="^http://(?:www\.)?ypassociation\.org/"
 		to="https://localsearchassociation.org/"/>
 
-	<rule from="^http://(?:www\.)?yellowpagesoptout\.com/"
-		to="https://www.yellowpagesoptout.com/"/>
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/YellowBot.xml b/src/chrome/content/rules/YellowBot.xml
new file mode 100644
index 000000000000..d568cf95b8aa
--- /dev/null
+++ b/src/chrome/content/rules/YellowBot.xml
@@ -0,0 +1,49 @@
+<!--
+	Other YellowBot rulesets:
+
+		- YP_bot.net.xml
+
+
+	CDN buckets:
+
+		- media-cache.ypbot.net
+
+			- media
+
+
+	Nonfunctional subdomains:
+
+		- (www.)^ °
+		- blog ¹
+		- m ²
+		- media ¹
+
+	¹ Dropped
+	² Redirects to http; mismatched, CN: www.yellowbot.com
+	° Redirects to http
+
+
+	Observed cookie domains:
+
+		- . ¹
+		- login ²
+
+	¹ Not secured by us <= accounting for possible use on unsecurable pages
+	² Secured by us <= not secured by server
+
+
+-->
+<ruleset name="YellowBot.com (partial)">
+
+	<target host="login.yellowbot.com" />
+
+	<!--
+		Not secured by server:
+					-->
+	<securecookie host="^login\.yellowbot\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/YellowPages.ca-problematic.xml b/src/chrome/content/rules/YellowPages.ca-problematic.xml
new file mode 100644
index 000000000000..f6edfe254f38
--- /dev/null
+++ b/src/chrome/content/rules/YellowPages.ca-problematic.xml
@@ -0,0 +1,25 @@
+<!--
+	For rules on by default, see YellowPages.ca.xml.
+
+-->
+<ruleset name="YellowPages.ca (problematic)" default_off="mismatched">
+
+	<target host="yellowpages.ca" />
+	<target host="*.yellowpages.ca" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?yellowpages\.ca$" name="^(TS01[\da-f]{6}|ypgLang)$" /-->
+	<!--securecookie host="^yahoo\.aws\.yellowpages\.ca$" name="^ypgLang$" /-->
+
+	<securecookie host="^(?:\w+\.aws\.|www\.)?yellowpages\.ca$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?yellowpages\.ca/"
+		to="https://www.yellowpages.ca/" />
+
+	<rule from="^http://(\w+)\.aws\.yellowpages\.ca/"
+		to="https://$1.aws.yellowpages.ca/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/YellowPages.ca.xml b/src/chrome/content/rules/YellowPages.ca.xml
new file mode 100644
index 000000000000..8c093ae00d73
--- /dev/null
+++ b/src/chrome/content/rules/YellowPages.ca.xml
@@ -0,0 +1,44 @@
+<!--
+	For problematic rules, see YellowPages.ca-problematic.xml.
+
+
+	Problematic subdomains:
+
+		- (www.) *
+		- yahoo.aws *
+
+	* Works; mismatched, CN: secure.yellowpages.ca
+
+
+	Mixed content:
+
+		- css on (www.) and yahoo.aws from cdn.cb.yp.ca *
+
+	Unsecurable <= 400
+
+-->
+<ruleset name="YellowPages.ca (partial)">
+
+	<target host="secure.yellowpages.ca" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^secure\.yellowpages\.ca$" name="^TS01[\da-f]{6}$" /-->
+	<!--securecookie host="^\.yellowpages\.ca$" name="^psid_ypca$" /-->
+
+	<!--	psid_ypca appears to identify clients' pages and appears not to
+		be used on secure.
+			So, if we handle it whenever we can - that is, whenever
+		the browser navigates to any applicable domain over tls, we
+		shouldn't cause any problems. In this way, Secure is set when
+		users fetch problematic domains over tls without enabling the
+		problematic ruleset.
+					-->
+	<securecookie host="^\.yellowpages\.ca$" name="^psid_ypca$" />
+	<securecookie host="^secure\.yellowpages\.ca$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Yellow_Pages_Opt_Out.com.xml b/src/chrome/content/rules/Yellow_Pages_Opt_Out.com.xml
new file mode 100644
index 000000000000..5313da688293
--- /dev/null
+++ b/src/chrome/content/rules/Yellow_Pages_Opt_Out.com.xml
@@ -0,0 +1,37 @@
+<!--
+	For other Yellow Pages IMA coverage, see Yellow-Pages-IMA.xml.
+
+
+	^: Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.yellowpagesoptout.com
+
+-->
+<ruleset name="Yellow Pages Opt Out.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.yellowpagesoptout.com" />
+
+	<!--	Complications:
+				-->
+	<target host="yellowpagesoptout.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.yellowpagesoptout\.com$" name="^SESS[\da-f]$" /-->
+
+	<securecookie host=".+" name=".+"/>
+
+
+	<rule from="^http://yellowpagesoptout\.com/"
+		to="https://www.yellowpagesoptout.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Yelp.xml b/src/chrome/content/rules/Yelp.xml
index 83556a2d124e..b770d16d7874 100644
--- a/src/chrome/content/rules/Yelp.xml
+++ b/src/chrome/content/rules/Yelp.xml
@@ -1,34 +1,38 @@
 <!--
-	CDN buckets:
+	Other Yelp rulesets:
 
-		- wildcard.ak.yelpcdn.com.edgekey.net
+		- yelpblog.com.xml
+		- yelpreservations.com.xml
 
-			- s3-media[0-4].ak.yelpcdn.com
 
+	Mismatch:
+		- (www.)yelp-ir.com
+		- (www.)yelp-support.com
 
-	Nonfunctional domains:
 
-		- officialblog.yelp.com		(times out)
-
-
-	Some pages redirect to http.
+	^yelcdn.com does not exist
 
 -->
-<ruleset name="Yelp (partial)">
-
-	<target host="yelp.com" />
-	<target host="*.yelp.com" />
-		<exclusion pattern="^http://(?:www\.)?yelp\.com/(?!(?:forgot|login|signup)(?:$|\?|/))" />
-	<target host="*.ak.yelpcdn.com" />
-
+<ruleset name="Yelp">
 
-	<securecookie host="^\.biz\.yelp\.com$" name=".+" />
+	<target host="*.yelpcdn.com" />
 
+		<test url="http://s3-media0.fl.yelpcdn.com/assets/srv0/yelp_styleguide/bf3b130e5a1a/assets/img/logos/header_logo_desktop.png" />
+		<test url="http://s3-media1.fl.yelpcdn.com/assets/srv0/yelp_styleguide/bf3b130e5a1a/assets/img/logos/header_logo_desktop.png" />
+		<test url="http://s3-media2.fl.yelpcdn.com/assets/srv0/yelp_styleguide/bf3b130e5a1a/assets/img/logos/header_logo_desktop.png" />
+		<test url="http://s3-media3.fl.yelpcdn.com/assets/srv0/yelp_styleguide/bf3b130e5a1a/assets/img/logos/header_logo_desktop.png" />
+		<test url="http://s3-media4.fl.yelpcdn.com/assets/srv0/yelp_styleguide/bf3b130e5a1a/assets/img/logos/header_logo_desktop.png" />
+		<test url="http://s3-media5.fl.yelpcdn.com/assets/srv0/yelp_styleguide/bf3b130e5a1a/assets/img/logos/header_logo_desktop.png" />
+		<test url="http://s3-media0.ak.yelpcdn.com/assets/srv0/yelp_styleguide/bf3b130e5a1a/assets/img/logos/header_logo_desktop.png" />
+		<test url="http://s3-media1.ak.yelpcdn.com/assets/srv0/yelp_styleguide/bf3b130e5a1a/assets/img/logos/header_logo_desktop.png" />
+		<test url="http://s3-media2.ak.yelpcdn.com/assets/srv0/yelp_styleguide/bf3b130e5a1a/assets/img/logos/header_logo_desktop.png" />
+		<test url="http://s3-media3.ak.yelpcdn.com/assets/srv0/yelp_styleguide/bf3b130e5a1a/assets/img/logos/header_logo_desktop.png" />
+		<test url="http://s3-media4.ak.yelpcdn.com/assets/srv0/yelp_styleguide/bf3b130e5a1a/assets/img/logos/header_logo_desktop.png" />
+		<test url="http://s3-media5.ak.yelpcdn.com/assets/srv0/yelp_styleguide/bf3b130e5a1a/assets/img/logos/header_logo_desktop.png" />
 
-	<rule from="^http://(www\.)?(biz\.)?yelp\.com/"
-		to="https://$1$2yelp.com/" />
+	<securecookie host="^\w" name=".+" />
 
-	<rule from="^http://s3-media(\d)\.ak\.yelpcdn\.com/"
-		to="https://s3-media$1.ak.yelpcdn.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Yemeksepeti.xml b/src/chrome/content/rules/Yemeksepeti.xml
index fa44d941cb87..41d9cc8829b0 100644
--- a/src/chrome/content/rules/Yemeksepeti.xml
+++ b/src/chrome/content/rules/Yemeksepeti.xml
@@ -1,11 +1,17 @@
-<ruleset name="Yemeksepeti">
-  <target host="yemeksepeti.com" />
-  <target host="images.yemeksepetim.com" />
-  <target host="*.yemeksepeti.com" />
-
-  <securecookie host="^(.*\.)?yemeksepeti\.com$" name=".*" />
-
-  <rule from="^http://images\.yemeksepetim\.com/" to="https://images.yemeksepeti.com/" />
-  <rule from="^http://yemeksepeti\.com/" to="https://www.yemeksepeti.com/" />
-  <rule from="^http://([^/:@]*)\.yemeksepeti\.com/" to="https://$1.yemeksepeti.com/" />
-</ruleset>
\ No newline at end of file
+<ruleset name="Yemeksepeti.com">
+  <target host=             "yemeksepeti.com" />
+  <target host=         "cdn.yemeksepeti.com" />
+  <target host=      "images.yemeksepeti.com" />
+  <target host=     "images.yemeksepetim.com" />
+  <target host="siparistakip.yemeksepeti.com" />
+  <target host=         "www.yemeksepeti.com" />
+
+  <securecookie host="^(?:.*\.)?yemeksepeti\.com$" name=".+" />
+
+  <rule from="^http://yemeksepeti\.com/"
+	  to="https://www.yemeksepeti.com/" />
+  <rule from="^http://images\.yemeksepetim\.com/"
+	  to="https://images.yemeksepeti.com/" />
+  <rule from="^http:"
+	  to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/YeniAkit.com.tr.xml b/src/chrome/content/rules/YeniAkit.com.tr.xml
new file mode 100644
index 000000000000..e77e797b7a44
--- /dev/null
+++ b/src/chrome/content/rules/YeniAkit.com.tr.xml
@@ -0,0 +1,9 @@
+<ruleset name="YeniAkit.com.tr">
+	<target host="yeniakit.com.tr" />
+	<target host="www.yeniakit.com.tr" />
+	<target host="m.yeniakit.com.tr" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Yeshiva.xml b/src/chrome/content/rules/Yeshiva.xml
index 635f461454b7..ad10abc01f36 100644
--- a/src/chrome/content/rules/Yeshiva.xml
+++ b/src/chrome/content/rules/Yeshiva.xml
@@ -1,4 +1,11 @@
-<ruleset name="Yeshiva University">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.yu.edu/ => https://yu.edu/: Too many redirects while fetching 'https://yu.edu/'
+Fetch error: http://yu.edu/ => https://yu.edu/: Too many redirects while fetching 'https://yu.edu/'
+
+-->
+<ruleset name="Yeshiva University" default_off="failed ruleset test">
   <target host="www.yu.edu" />
   <target host="yu.edu" />
 
diff --git a/src/chrome/content/rules/Yespic69.com.xml b/src/chrome/content/rules/Yespic69.com.xml
deleted file mode 100644
index 10dbda0112c6..000000000000
--- a/src/chrome/content/rules/Yespic69.com.xml
+++ /dev/null
@@ -1,38 +0,0 @@
-<!--
-	Mixed content:
-
-		- Images, on (www.) from:
-
-			- www *
-			- \d.bp.blogspot.com *
-			- www.filepic.net **
-			- www.imagescream.com **
-			- www.picloader3.com **
-			- www.upxth.com
-			- img100.xvideos.com **
-
-		- Ads, on (www.) from:
-
-			- www.auto-ping.com **
-			- www.counters4u.com **
-			- sstatic1.histats.com **
-			- image.ohozaa.com **
-			- www.upx69.com *
-
-	* Secured by us
-	** Unsecurable
-
--->
-<ruleset name="yespic69.com">
-
-	<target host="yespic69.com" />
-	<target host="*.yespic69.com" />
-
-
-	<securecookie host="^(?:w*\.)?yespic69\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?yespic69\.com/"
-		to="https://$1yespic69.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Yesss.at.xml b/src/chrome/content/rules/Yesss.at.xml
new file mode 100644
index 000000000000..4ce702cb3885
--- /dev/null
+++ b/src/chrome/content/rules/Yesss.at.xml
@@ -0,0 +1,13 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://nulleuro.yesss.at/ => https://nulleuro.yesss.at/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="Yesss.at" default_off="failed ruleset test">
+	<target host="yesss.at" />
+	<target host="www.yesss.at" />
+	<target host="nulleuro.yesss.at" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ygnition.xml b/src/chrome/content/rules/Ygnition.xml
index 0290212fd36d..bffca910dba5 100644
--- a/src/chrome/content/rules/Ygnition.xml
+++ b/src/chrome/content/rules/Ygnition.xml
@@ -1,23 +1,27 @@
+
 <!--
-	Nonfunctional:
+Disabled by https-everywhere-checker because:
+Fetch error: http://ygnition.com/ => https://ygnition.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.ygnition.com/ => https://www.ygnition.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://yoda.ygnition.com/ => https://yoda.ygnition.com/: (28, 'Connection timed out after 20001 milliseconds')
 
-		- mail.ygnition.com
-		- mail2.ygnition.com
-		- ygnitionnetworks.com		(cert: www.ygnition.com; shows that domain's data)
-		- www.ygnitionnetworks.com	(ditto)
+	Nonfunctional:
+		- (www.)ygnitionnetworks.com	(timeout)
+		- portal			(expired)
+		- yoda02			(refused)
 
 -->
-<ruleset name="Ygnition (partial)">
+<ruleset name="Ygnition (partial)" default_off="failed ruleset test">
 
 	<target host="ygnition.com" />
-	<!--	* for cross-domain cookies.	-->
-	<target host="*.ygnition.com" />
+	<target host="www.ygnition.com" />
+	<target host="yoda.ygnition.com" />
 
 
-	<securecookie host="^(.*\.)?ygnition\.com$" name=".*" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(www\.)?ygnition\.com/"
-		to="https://$1ygnition.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Yho.com.xml b/src/chrome/content/rules/Yho.com.xml
new file mode 100644
index 000000000000..41627b950372
--- /dev/null
+++ b/src/chrome/content/rules/Yho.com.xml
@@ -0,0 +1,22 @@
+<!--
+	For other Yahoo coverage, see Yahoo.xml.
+
+
+	www doesn't exist.
+
+-->
+<ruleset name="Yho.com">
+
+	<target host="yho.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^yho\.com$" name="^visitor_uuid$" /-->
+
+	<securecookie host="^yho\.com$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/YieldSelect.com.xml b/src/chrome/content/rules/YieldSelect.com.xml
new file mode 100644
index 000000000000..082e8af1a6cd
--- /dev/null
+++ b/src/chrome/content/rules/YieldSelect.com.xml
@@ -0,0 +1,33 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://yieldselect.com/ => https://yieldselect.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://ads-by.yieldselect.com/ => https://ads-by.yieldselect.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.yieldselect.com/ => https://www.yieldselect.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- yieldselect.com
+		- www.yieldselect.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="YieldSelect.com" default_off="failed ruleset test">
+
+	<target host="yieldselect.com" />
+	<target host="ads-by.yieldselect.com" />
+	<target host="www.yieldselect.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?yieldselect\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Yieldbot.xml b/src/chrome/content/rules/Yieldbot.xml
index 2eb71c47b587..957fd06d8911 100644
--- a/src/chrome/content/rules/Yieldbot.xml
+++ b/src/chrome/content/rules/Yieldbot.xml
@@ -19,12 +19,12 @@
 
 	<target host="cdn.yb0t.com" />
 	<target host="i.yldbt.com" />
-
+	<target host="cdn.yldbt.com" />
 
 	<rule from="^http://cdn\.yb0t\.com/"
 		to="https://dqckmuwjiytix.cloudfront.net/" />
 
-	<rule from="^http://i\.yldbt\.com/"
-		to="https://i.yldbt.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Yieldlab.de.xml b/src/chrome/content/rules/Yieldlab.de.xml
index 25b68319e078..6c84807fead5 100644
--- a/src/chrome/content/rules/Yieldlab.de.xml
+++ b/src/chrome/content/rules/Yieldlab.de.xml
@@ -4,8 +4,14 @@
 		- Yieldlab.net.xml
 
 
-	- Expired 2012-03-15
-	- CN: Parallels Panel
+	- ^: Self-signed
+	- www: Mismatched
+
+
+	Mixed content:
+
+		- Images from $self
+		- Bug from www.facebook.com
 
 -->
 <ruleset name="Yieldlab.de" default_off="expired, self-signed">
@@ -17,7 +23,7 @@
 	<securecookie host="^www\.yieldlab\.de$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?yieldlab\.de/"
-		to="https://www.yieldlab.de/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Yieldlab.net.xml b/src/chrome/content/rules/Yieldlab.net.xml
index 5b67e897188d..3102214cc6f2 100644
--- a/src/chrome/content/rules/Yieldlab.net.xml
+++ b/src/chrome/content/rules/Yieldlab.net.xml
@@ -4,15 +4,16 @@
 -->
 <ruleset name="Yieldlab.net">
 
-	<target host="*.yieldlab.net" />
+	<target host="ad.yieldlab.net" />
+	<target host="probe.yieldlab.net" />
+	<target host="p.yieldlab.net" />
 
 
 	<!--	Tracking cookie set by ad:
 						-->
 	<securecookie host="^\.yieldlab\.net$" name="^id$" />
 
+	<rule from="^http:"
+		to="https:" />
 
-	<rule from="^http://ad\.yieldlab\.net/"
-		to="https://ad.yieldlab.net/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Yieldlove.com.xml b/src/chrome/content/rules/Yieldlove.com.xml
new file mode 100644
index 000000000000..ca5e84352d61
--- /dev/null
+++ b/src/chrome/content/rules/Yieldlove.com.xml
@@ -0,0 +1,19 @@
+<ruleset name="Yieldlove.com">
+
+	<target host="yieldlove.com" />
+	<target host="www.yieldlove.com" />
+	<target host="cdn-a.yieldlove.com" />
+	<target host="cdn-abc.yieldlove.com" />
+	<target host="cdn-xxx.yieldlove.com" />
+	<target host="dashboard.yieldlove.com" />
+	<target host="dbaord-frontend.dev.yieldlove.com" />
+	<target host="pbs.dev.yieldlove.com" />
+	<target host="opt.yieldlove.com" />
+	<target host="passbolt.yieldlove.com" />
+	<target host="platform.yieldlove.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Yieldoptimizer.com.xml b/src/chrome/content/rules/Yieldoptimizer.com.xml
new file mode 100644
index 000000000000..fd117d8b72e1
--- /dev/null
+++ b/src/chrome/content/rules/Yieldoptimizer.com.xml
@@ -0,0 +1,37 @@
+<!--
+	For other Adara Media coverage, see Adara-Media.xml.
+
+
+	Fully covered hosts in *yieldoptimizer.com:
+
+		- cs
+		- tag
+
+
+	tag: Included on 3rd-party websites
+
+
+	Insecure cookies are set for these domains:
+
+		- .yieldoptimizer.com
+
+-->
+<ruleset name="Yieldoptimizer.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="cs.yieldoptimizer.com" />
+	<target host="tag.yieldoptimizer.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.yieldoptimizer\.com$" name="^(cktst|dph|ph)$" /-->
+
+	<securecookie host="^\.yieldoptimizer\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Yimg.com.xml b/src/chrome/content/rules/Yimg.com.xml
index 35fbdc7cf177..1121df877aa4 100644
--- a/src/chrome/content/rules/Yimg.com.xml
+++ b/src/chrome/content/rules/Yimg.com.xml
@@ -1,78 +1,39 @@
 <!--
 	For other Yahoo! coverage, see Yahoo.xml.
 
+	Non-functional hosts
+		Timeout:
+		- yimg.com
 
-	CDN buckets:
-
-		- a248.e.akamai.net/sec.yimg.com/i/
-
-
-	Undiscovered:
-
-		- ei/
-		- d.yimg.com/nl/
-		- d.yimg.com/hn/p/i/bcst/yp/cnbc2/
-		- d.yimg.com/oq/
-		- ec.yimg.com/ec?url=
-		- ext.yimg.com/ec?url=
-		- sm-a[1-4].yimg.com
-		- thm-a0[1-4].yimg.com
-
-
-	Nonfunctional domains:
-
-		- cn.yimg.com
-		- ybinst3.ec.yimg.com	(CN: *.l.yimg.com; 404)
-		- xp.yimg.com		(404, not on sxp; mismatched, CN: s.yimg.com)
-
-
-	Problematic domains:
-
-		- ep.yimg.com
-
-
-	Fully covered domains:
-
-		- yimg.com subdomains:
-
-			- ep		(→ sep)
-			- s
-			- sep
-			- sec
+		SSL connect error:
+		- movienewsletters.o.yimg.com
 
+		SSL peer certificate was not OK:
+		- tw.ent3.yimg.com
 -->
 <ruleset name="Yimg.com (partial)">
 
-	<target host="*.yimg.com" />
-
-
-	<securecookie host="^\.s\.yimg\.com$" name=".+" />
-
-
-	<rule from="^http://ads\.yimg\.com/"
-		to="https://s.yimg.com/zz/" />
-
-	<!--	- l1 to l7 exist.
-		- a appears equivalent to l, except hosted on Akamai.
-			-->
-	<rule from="^http://(?:d|(?:a\.)?l\d?|us\.(?:a2|i1|js2?))\.yimg\.com/(?:a|d|us(?:\.js)?\.yimg\.com)/"
-		to="https://s.yimg.com/lq/" />
-
-	<rule from="^http://(?:d|(?:a\.)?l\d?|mail)\.yimg\.com/(ao|ck|cv|dh|ea|kj|kx|lo|mi|nt|ok|pj|pp|qa|rq|rx|ss|ugcwidgets|zz)/"
-		to="https://s.yimg.com/$1/" />
-
-	<rule from="^http://(?:d|(?:a\.)?l\d?|us\.js1?|mail|xa)\.yimg\.com/(bb|bt|dg|(?:eur|us)\.yimg\.com|fg|[ghijqt]|gh|ho|j[ghn]|kq|lh|lm|ml|nn|nq|os|pb|pv|qb|qw|qz|r[luwz]|sc|ts)/"
-		to="https://s.yimg.com/zz/$1/" />
-
-	<rule from="^http://s(ec|xp)?\.yimg\.com/"
-		to="https://s$1.yimg.com/" />
-
-	<rule from="^http://s?ep\.yimg\.com/"
-		to="https://sep.yimg.com/" />
-
-	<!--	s://developer. breakage
-					-->
-	<rule from="^https://s\.yimg\.com/common/img/"
-		to="https://s.yimg.com/kj/ydn/common/img/" />
-
+	<target host="ec.yimg.com" />
+	<target host="ybinst3.ec.yimg.com" />
+	<target host="ep.yimg.com" />
+	<target host="ext.yimg.com" />
+	<target host="l.yimg.com" />
+	<target host="tw.news2.yimg.com" />
+	<target host="s.yimg.com" />
+	<target host="s1.yimg.com" />
+	<target host="s2.yimg.com" />
+	<target host="s3.yimg.com" />
+	<target host="sec.yimg.com" />
+	<target host="sep.yimg.com" />
+	<target host="sp.yimg.com" />
+	<target host="sxh.yimg.com" />
+	<target host="sxp.yimg.com" />
+	<target host="tw.yimg.com" />
+	<target host="xa.yimg.com" />
+	<target host="xh.yimg.com" />
+	<target host="xp.yimg.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Yimg.jp.xml b/src/chrome/content/rules/Yimg.jp.xml
new file mode 100644
index 000000000000..c4b4406332e8
--- /dev/null
+++ b/src/chrome/content/rules/Yimg.jp.xml
@@ -0,0 +1,66 @@
+<!--
+	For other Yahoo coverage, see Yahoo.xml
+
+
+	Problematic hosts:
+
+		- item.shopping.c.yimg.jp       (works; mismatched, CN: *.c.yimg.jp)
+		- i.yimg.co.jp ***
+		- k.yimg.jp ***
+
+	*** Dropped
+
+
+
+	Fully covered hosts:
+
+		- ah		(→ s.yimg.jp)
+		- ai		(→ s.yimg.jp)
+
+		- [^.]*.c:
+			- amd
+			- chie
+			- ident
+			- im
+			- lpt
+			- news
+			- puffer
+			- qr
+			- rpr
+
+		- i		(→ s.yimg.jp)
+		- k		(→ s.yimg.jp)
+		- s
+
+-->
+<ruleset name="Yimg.jp (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="*.c.yimg.jp" />
+	<target host="s.yimg.jp" />
+
+	<!--	Complications:
+				-->
+	<target host="a.yimg.jp" />
+	<target host="ah.yimg.jp" />
+	<target host="ai.yimg.jp" />
+	<target host="i.yimg.jp" />
+	<target host="k.yimg.jp" />
+
+		<!--	Mismatched:
+					-->
+		<exclusion pattern="^http://.+\..+\.c\.yimg\.jp/" />
+
+			<test url="http://item.shopping.c.yimg.jp/i/l/mu-tairiku_aa-884" />
+			<test url="http://item.shopping.c.yimg.jp/i/l/starline_bag32" />
+			<test url="http://item.shopping.c.yimg.jp/i/l/starline_bag32_1" />
+
+
+	<rule from="^http://(?:a[hi]?|[ik])\.yimg\.jp/"
+		to="https://s.yimg.jp/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Yle.fi.xml b/src/chrome/content/rules/Yle.fi.xml
new file mode 100644
index 000000000000..00def15a5272
--- /dev/null
+++ b/src/chrome/content/rules/Yle.fi.xml
@@ -0,0 +1,57 @@
+<!--
+	CDN buckets:
+
+		- /=/7544/211591/1h/kuva-api-production-eu-cld-reso.cloudinary.com/
+
+			- images.cdn
+
+
+	Nonfunctional subdomains:
+
+		- (www.)? ¹
+		- blogit ¹
+		- images.cdn ²
+		- img ¹
+		- oppiminen
+		- stat ¹
+		- yleshop ³
+
+	¹ Dropped
+	² 403
+	³ Shows aishop.simpleservers.co.uk
+
+
+	Problematic subdomains:
+
+		- ohjelmaopas *
+
+	* Mismatched
+
+
+	Fully covered subdomains:
+
+		- da
+
+
+	Mixed content:
+
+		- css on ohjelmaopas from ^ ¹
+		- Images on ohjelmaopas from ^ ¹
+		- Images on ohjelmaopas from images.cdn ²
+
+		- Bugs on ohjelmaopas from da ³
+
+	¹ Unsecurable <= dropped
+	² Unsecurable <= 403
+	³ Secured by us
+
+-->
+<ruleset name="Yle.fi (partial)">
+
+	<target host="da.yle.fi" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ynet.io.xml b/src/chrome/content/rules/Ynet.io.xml
new file mode 100644
index 000000000000..909e9b65d8f6
--- /dev/null
+++ b/src/chrome/content/rules/Ynet.io.xml
@@ -0,0 +1,36 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://s.ynet.io/ => https://s.ynet.io/: (28, 'Connection timed out after 20000 milliseconds')
+
+	(www.)?ynet.io doesn't exist.
+
+
+	These altnames don't exist:
+
+		- www.s.ynet.io
+
+
+	Insecure cookies are set for these domains:
+
+		- .ynet.io
+
+-->
+<ruleset name="Ynet.io" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="s.ynet.io" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.ynet\.io$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.ynet\.io$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Yocto_Project.org.xml b/src/chrome/content/rules/Yocto_Project.org.xml
index 6c49c89a01d0..f30d1ab3b761 100644
--- a/src/chrome/content/rules/Yocto_Project.org.xml
+++ b/src/chrome/content/rules/Yocto_Project.org.xml
@@ -17,17 +17,40 @@
 		- lists
 		- wiki
 
+
+	Observed cookie domains:
+
+		- bugzilla ¹
+		- .eula-downloads ¹
+		- wiki ²
+
+	¹ Secured by us <= not secured by server
+	² Secured by server
+
 -->
 <ruleset name="Yocto Project.org (partial)">
 
 	<target host="yoctoproject.org" />
-	<target host="*.yoctoproject.org" />
+	<target host="bugzilla.yoctoproject.org" />
+	<target host="eula-downloads.yoctoproject.org" />
+	<target host="git.yoctoproject.org" />
+	<target host="lists.yoctoproject.org" />
+	<target host="wiki.yoctoproject.org" />
+	<target host="www.yoctoproject.org" />
+
 
+	<!--	Secured by server:
+					-->
+	<!--securecookie host="^wiki\.yoctoproject\.org$" name="^pokylinux_wiki_session$" /-->
+	<!--
+		Not secured by server:
+					-->
+	<!--securecookie host="^bugzilla\.yoctoproject\.org$" name="^DEFAULTFORMAT$" /-->
+	<!--securecookie host="^\.eula-downloads.yoctoproject.org$" name="^SESS[\da-f]{32}$" /-->
 
-	<securecookie host="^(?:.*\.)?yoctoproject\.org$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://((?:bugzilla|eula-downloads|git|lists|wiki|www)\.)?yoctoproject\.org/"
-		to="https://$1yoctoproject.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/YogaDNS.com.xml b/src/chrome/content/rules/YogaDNS.com.xml
new file mode 100644
index 000000000000..69ec2c6f7f08
--- /dev/null
+++ b/src/chrome/content/rules/YogaDNS.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="YogaDNS.com">
+	<target host="yogadns.com" />
+	<target host="www.yogadns.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Yokl.com.xml b/src/chrome/content/rules/Yokl.com.xml
new file mode 100644
index 000000000000..b8727b46745f
--- /dev/null
+++ b/src/chrome/content/rules/Yokl.com.xml
@@ -0,0 +1,41 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://yokl.com/ => https://yokl.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://api.yokl.com/ => https://api.yokl.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.yokl.com/ => https://yokl.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	www.yokl.com: Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- yokl.com
+
+-->
+<ruleset name="Yokl.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="yokl.com" />
+	<target host="api.yokl.com" />
+
+	<!--	Complications:
+				-->
+	<target host="www.yokl.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^yokl\.com$" name="^(?:OptVals|clid|dsp|isp|keyword|sid)$" /-->
+
+	<securecookie host="^yokl\.com$" name=".+" />
+
+
+	<rule from="^http://www\.yokl\.com/"
+		to="https://yokl.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/YoklAPI.com.xml b/src/chrome/content/rules/YoklAPI.com.xml
new file mode 100644
index 000000000000..e634f46e7f23
--- /dev/null
+++ b/src/chrome/content/rules/YoklAPI.com.xml
@@ -0,0 +1,29 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://yoklapi.com/ => https://api.yokl.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	For other Yokl coverage, see Yokl.com.xml.
+
+
+	^yoklapi.com: Mismatched
+
+
+	Mixed content:
+
+		- Images from d[1-4]-pub.bizrate.com *
+
+	* Not secured by us <= mismatched
+
+-->
+<ruleset name="YoklAPI.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="yoklapi.com" />
+
+
+	<rule from="^http://yoklapi\.com/"
+		to="https://api.yokl.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Yooco.de.xml b/src/chrome/content/rules/Yooco.de.xml
new file mode 100644
index 000000000000..25718aa3553e
--- /dev/null
+++ b/src/chrome/content/rules/Yooco.de.xml
@@ -0,0 +1,12 @@
+<!--
+    Cloudflare SSL
+-->
+<ruleset name="Yooco.de">
+    <target host="yooco.de" />
+    <target host="www.yooco.de" />
+
+    <securecookie host="^(www\.)?yooco\.de" name=".+" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Yoox.biz.xml b/src/chrome/content/rules/Yoox.biz.xml
index 64a6215f7e2a..97188f64cfc3 100644
--- a/src/chrome/content/rules/Yoox.biz.xml
+++ b/src/chrome/content/rules/Yoox.biz.xml
@@ -15,16 +15,10 @@
 -->
 <ruleset name="Yoox.biz">
 
-	<target host="*.yoox.biz" />
+	<target host="media.yoox.biz" />
 
 
-	<rule from="^http://cdn\.yoox\.biz/"
-		to="https://a248.e.akamai.net/f/1250/9104/5f/cdn.yoox.biz/" />
+	<rule from="^http:"
+		to="https:" />
 
-	<rule from="^http://cdn2\.yoox\.biz/"
-		to="https://a248.e.akamai.net/f/1129/7497/10f/cdn2.yoox.biz/" />
-
-	<rule from="^http://media\.yoox\.biz/"
-		to="https://media.yoox.biz/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Yopto.com.xml b/src/chrome/content/rules/Yopto.com.xml
index 09262a4ab65e..dac497603069 100644
--- a/src/chrome/content/rules/Yopto.com.xml
+++ b/src/chrome/content/rules/Yopto.com.xml
@@ -1,51 +1,26 @@
 <!--
-	CDN buckets:
-
-		- yotposupport.zendesk.com
-
-			- support
-
-
-	Problematic subdomains:
-
-		- support	(zendesk)
-
-
-	Partially covered subdomains:
-
-		- support	(→ yotposupport.zendesk.com)
-
-
 	Fully covered subdomains:
 
 		- (www.)
-		- api
-		- staticwidget
-		- staticwww
-		- widget
 
 
 	Observed cookie domains:
 
-		- api
-		- support
 		- www
 
 -->
-<ruleset name="Yopto.com (partial)">
+<ruleset name="Yopto.com" default_off="mismatched">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="yopto.com" />
-	<target host="*.yopto.com" />
-		<!--exclusion pattern="^http://support\.yopto\.com/(?!favicon\.ico|generated/|system/|widgets/)" /-->
-
+	<target host="www.yopto.com" />
 
-	<securecookie host="^(?:api|www)\.yopto\.com$" name=".+" />
 
+	<securecookie host="^(?:www)\.yopto\.com$" name=".+" />
 
-	<rule from="^http://(api\.|(?:static)?w(?:idget|ww)\.)?yopto\.com/"
-		to="https://$1yopto.com/" />
 
-	<rule from="^http://support\.yopto\.com/(?=favicon\.ico|generated/|system/|widgets/)"
-		to="https://yotposupport.zendesk.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/York.edu.xml b/src/chrome/content/rules/York.edu.xml
new file mode 100644
index 000000000000..d82d52a1e760
--- /dev/null
+++ b/src/chrome/content/rules/York.edu.xml
@@ -0,0 +1,34 @@
+<!--
+	Invalid certificate:
+		york.edu
+
+	Private subdomain:
+		ecampus.york.edu
+
+	No working URL known:
+		remote.york.edu
+
+	Secure connection failed:
+		mail.york.edu
+
+-->
+<ruleset name="York College of Nebraska">
+
+	<target host="york.edu" />
+	<target host="www.york.edu" />
+	<target host="auth.york.edu" />
+	<target host="cats.york.edu" />
+	<target host="koha.york.edu" />
+	<target host="library.york.edu" />
+	<target host="online.york.edu" />
+	<target host="panthernet.york.edu" />
+	<target host="smtp.york.edu" />
+	<target host="yorkjics-test.york.edu" />
+
+	<rule from="^http://york\.edu/"
+		to="https://www.york.edu/"/>
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/York.xml b/src/chrome/content/rules/York.xml
deleted file mode 100644
index 3b2554d00809..000000000000
--- a/src/chrome/content/rules/York.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="York College of Nebraska" default_off="Certificates are invalid">
-  <target host="www.york.edu" />
-  <target host="york.edu" />
-
-  <rule from="^http://(?:www\.)?york\.edu/" to="https://york.edu/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/YorkNY.xml b/src/chrome/content/rules/YorkNY.xml
index 2c91b34617d8..a18a44470f7f 100644
--- a/src/chrome/content/rules/YorkNY.xml
+++ b/src/chrome/content/rules/YorkNY.xml
@@ -1,6 +1,8 @@
 <ruleset name="York College of New York">
-  <target host="www.york.cuny.edu" />
-  <target host="york.cuny.edu" />
 
-  <rule from="^http://(?:www\.)?york\.cuny\.edu/" to="https://york.cuny.edu/"/>
+	<target host="york.cuny.edu" />
+	<target host="www.york.cuny.edu" />
+
+	<rule from="^http:" to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/York_Fitness.xml b/src/chrome/content/rules/York_Fitness.xml
index 9b8c3c074463..6963b1bc48b0 100644
--- a/src/chrome/content/rules/York_Fitness.xml
+++ b/src/chrome/content/rules/York_Fitness.xml
@@ -7,7 +7,6 @@
 	<securecookie host="^www\.yorkfitness\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?yorkfitness\.com/"
-		to="https://$1yorkfitness.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Yosemite_News.info.xml b/src/chrome/content/rules/Yosemite_News.info.xml
new file mode 100644
index 000000000000..43ea8169e6b8
--- /dev/null
+++ b/src/chrome/content/rules/Yosemite_News.info.xml
@@ -0,0 +1,19 @@
+<!--
+	Mixed content:
+
+		- Ad from ad.linksynergy.com
+
+-->
+<ruleset name="Yosemite News.info">
+
+	<target host="yosemitenews.info" />
+	<target host="www.yosemitenews.info" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Yospace.com.xml b/src/chrome/content/rules/Yospace.com.xml
index 5726874c47c4..8506fac50895 100644
--- a/src/chrome/content/rules/Yospace.com.xml
+++ b/src/chrome/content/rules/Yospace.com.xml
@@ -15,7 +15,6 @@
 	<securecookie host="^cds1\.yospace\.com$" name=".+" />
 
 
-	<rule from="^http://cds1\.yospace\.com/"
-		to="https://cds1.yospace.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Yotsuba-Archiver-mismatches.xml b/src/chrome/content/rules/Yotsuba-Archiver-mismatches.xml
deleted file mode 100644
index ea9b9d46dcae..000000000000
--- a/src/chrome/content/rules/Yotsuba-Archiver-mismatches.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	For rules that are on by default, see Yotsuba-Archiver.xml.
--->
-<ruleset name="Yotsuba Archiver (mismatches)" default_off="mismatch">
-
-	<!--	All: cert: archive.installgentoo.net	-->
-	<target host="noodlebox.dyndns.info" />
-	<target host="installgentoo.net" />
-	<target host="youshould.installgentoo.net" />
-	<target host="www.installgentoo.net" />
-
-
-	<rule from="^http://noodlebox\.dyndns\.info/"
-		to="https://noodlebox.dyndns.info/" />
-
-	<!--	!www redirects to www.	-->
-	<rule from="^http://(?:www\.)?installgentoo\.net/"
-		to="https://www.installgentoo.net/" />
-
-	<rule from="^http://youshould\.installgentoo\.net/"
-		to="https://youshould.installgentoo.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Yotsuba-Archiver.xml b/src/chrome/content/rules/Yotsuba-Archiver.xml
deleted file mode 100644
index 6225c4473824..000000000000
--- a/src/chrome/content/rules/Yotsuba-Archiver.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<!--
-	For problematic rules, see Yotsuba-Archiver-mismatches.xml.
-
--->
-<ruleset name="Yotsuba Archiver (partial)">
-
-	<target host="archive.installgentoo.net" />
-
-	<rule from="^http://archive\.installgentoo\.net/"
-		to="https://archive.installgentoo.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Yottaa.net.xml b/src/chrome/content/rules/Yottaa.net.xml
index 6fe47ede6bff..c94ac73b5d75 100644
--- a/src/chrome/content/rules/Yottaa.net.xml
+++ b/src/chrome/content/rules/Yottaa.net.xml
@@ -11,14 +11,17 @@
 	Fully covered subdomains:
 
 		- cdn-eu
+		- cdn-[\da-f]{12} *
+
+	* Per-client domains
 
 -->
 <ruleset name="Yottaa.net (partial)">
 
-	<target host="cdn-eu.yottaa.net" />
+	<target host="*.yottaa.net" />
 
 
-	<rule from="^http://cdn-eu\.yottaa\.net/"
-		to="https://cdn-eu.yottaa.net/" />
+	<rule from="^http://cdn-(eu|[\da-f]{12})\.yottaa\.net/"
+		to="https://cdn-$1.yottaa.net/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Yottaa.xml b/src/chrome/content/rules/Yottaa.xml
index 9fae84174bb7..3e9bedf7c0d9 100644
--- a/src/chrome/content/rules/Yottaa.xml
+++ b/src/chrome/content/rules/Yottaa.xml
@@ -28,13 +28,17 @@
 -->
 <ruleset name="Yottaa (partial)">
 
-	<target host="*.yottaa.com" />
+	<target host="api.yottaa.com" />
+	<target host="api-dev.yottaa.com" />
+	<target host="api-dev-new.yottaa.com" />
+	<target host="apps.yottaa.com" />
+	<target host="apps-dev.yottaa.com" />
+	<target host="apps-dev-new.yottaa.com" />
 
 
 	<securecookie host="^apps(?:-dev|-dev-new)?\.yottaa\.com$" name=".+" />
 
 
-	<rule from="^http://ap(i|ps)(-dev|-dev-new)?\.yottaa\.com/"
-		to="https://ap$1$2.yottaa.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/You-Have-Downloaded.xml b/src/chrome/content/rules/You-Have-Downloaded.xml
deleted file mode 100644
index 3e17209cf1ec..000000000000
--- a/src/chrome/content/rules/You-Have-Downloaded.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="You Have Downloaded">
-
-	<target host="youhavedownloaded.com" />
-	<target host="www.youhavedownloaded.com" />
-
-	<rule from="^http://(www\.)?youhavedownloaded\.com/"
-		to="https://$1youhavedownloaded.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/YouCanBook.Me.xml b/src/chrome/content/rules/YouCanBook.Me.xml
new file mode 100644
index 000000000000..923801724e67
--- /dev/null
+++ b/src/chrome/content/rules/YouCanBook.Me.xml
@@ -0,0 +1,37 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://fwd.youcanbook.me/ => https://fwd.youcanbook.me/: (60, 'SSL certificate problem: certificate has expired')
+
+	Insecure cookies are set for these hosts:
+
+		- ga.youcanbook.me
+		- gb.youcanbook.me
+		- upload.youcanbook.me
+
+-->
+<ruleset name="YouCanBook.Me" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="youcanbook.me" />
+	<target host="fwd.youcanbook.me" />
+	<target host="ga.youcanbook.me" />
+	<target host="gb.youcanbook.me" />
+	<target host="peer5.youcanbook.me" />
+	<target host="upload.youcanbook.me" />
+	<target host="www.youcanbook.me" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^g[ab]\.youcanbook\.me$" name="^sesh$" /-->
+	<!--securecookie host="^upload\.youcanbook\.me$" name="^AWSELB$" /-->
+
+	<securecookie host=".+\.youcanbook\.me$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/YouCaring.com.xml b/src/chrome/content/rules/YouCaring.com.xml
new file mode 100644
index 000000000000..0561c0ce9903
--- /dev/null
+++ b/src/chrome/content/rules/YouCaring.com.xml
@@ -0,0 +1,69 @@
+<!--
+	These altnames don't exist:
+
+		- www.help.youcaring.com
+
+
+	Insecure cookies are set for these hosts:
+
+		- youcaring.com
+		- www.youcaring.com
+
+-->
+<ruleset name="YouCaring.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="youcaring.com" />
+	<target host="help.youcaring.com" />
+	<target host="static.youcaring.com" />
+	<target host="www.youcaring.com" />
+
+	<!--	Complications:
+				-->
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.youcaring\.com/(?:emergency-fundraiser/[\w-]+/\d+(?:/*$|/*\?)|fundraisers/emergencies-disasters|search/go)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.youcaring\.com/+(?!create-fundraiser\.aspx|create-fundraiser-account\.aspx|emergency-fundraiser/[\w-]+/\d+/donate|external-link\.htm|favicon\.ico|img/)" />
+		<exclusion pattern="^http://static\.youcaring\.com/js/" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.youcaring.com/about-us" />
+			<test url="http://www.youcaring.com/blog/" />
+			<test url="http://www.youcaring.com/emergency-fundraiser" />
+			<test url="http://www.youcaring.com/emergency-fundraiser/the-green-arrow-fund/348182" />
+			<test url="http://www.youcaring.com/external-link.htm" />
+			<test url="http://www.youcaring.com/fundraisers/emergencies-disasters" />
+			<test url="http://www.youcaring.com/medical-fundraising" />
+			<test url="http://www.youcaring.com/search/go" />
+			<test url="http://www.youcaring.com/sitemap.aspx" />
+			<test url="http://www.youcaring.com/success-stories" />
+
+			<test url="http://static.youcaring.com/js/" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.youcaring.com/create-fundraiser.aspx" />
+			<test url="http://www.youcaring.com/create-fundraiser-account.aspx" />
+			<test url="http://www.youcaring.com/emergency-fundraiser/help-stage-restaurant-reopen/346459/donate" />
+			<test url="http://www.youcaring.com/favicon.ico" />
+			<test url="http://www.youcaring.com/img/cms_images/landing_pages/help-tip-1.jpg" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^youcaring\.com$" name="^X-Mapping-fjhppofk$" /-->
+	<!--securecookie host="^www\.youcaring\.com$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^youcaring\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/YouGov.de.xml b/src/chrome/content/rules/YouGov.de.xml
new file mode 100644
index 000000000000..1f3a080dc271
--- /dev/null
+++ b/src/chrome/content/rules/YouGov.de.xml
@@ -0,0 +1,12 @@
+<ruleset name="YouGov.de">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="yougov.de" />
+	<target host="www.yougov.de" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/YouMail.xml b/src/chrome/content/rules/YouMail.xml
index 42934bca74a1..da16262845a8 100644
--- a/src/chrome/content/rules/YouMail.xml
+++ b/src/chrome/content/rules/YouMail.xml
@@ -1,8 +1,47 @@
-<ruleset name="YouMail (buggy)" default_off="wasn't tested">
-  <!-- for random instance, https://www.youmail.com/community/greetings.do is
-  broken -->
-  <target host="www.youmail.com"/>
+<!--
+	Other YouMail rulesets:
+
+		- YMstat.com.xml
+
+
+	Nonfunctional domains:
+
+		- blog.youmail.com *
+
+	* Refused
+
+
+	Insecure cookies are set for these domains:
+
+		- .youmail.com
+
+
+	These altnames don't exist:
+
+		- www.store.youmail.com
+		- www.support.youmail.com
+
+-->
+<ruleset name="YouMail.com (partial)">
+
   <target host="youmail.com"/>
+	<target host="business.youmail.com" />
+	<target host="premium.youmail.com" />
+	<target host="readit.youmail.com" />
+	<target host="store.youmail.com" />
+	<target host="support.youmail.com" />
+  <target host="www.youmail.com"/>
+
+		<test url="http://www.youmail.com/community/greetings.do" />
+		<test url="http://www.youmail.com/login/signin" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.youmail\.com$" name="^(youmail_country|youmail_referrer|youmail_scv)$" /-->
+
+	<securecookie host="^\.youmail\.com$" name=".+" />
+
 
-  <rule from="^http://(?:www\.)?youmail\.com/" to="https://www.youmail.com/"/>
+  <rule from="^http:" to="https:"/>
 </ruleset>
diff --git a/src/chrome/content/rules/YouNeedABudget.xml b/src/chrome/content/rules/YouNeedABudget.xml
new file mode 100644
index 000000000000..8e27ee1dbaad
--- /dev/null
+++ b/src/chrome/content/rules/YouNeedABudget.xml
@@ -0,0 +1,14 @@
+<ruleset name="You Need A Budget">
+	<target host="youneedabudget.com" />
+	<target host="www.youneedabudget.com" />
+	<target host="purchase.youneedabudget.com" />
+
+	<exclusion pattern="^http://(www\.)?youneedabudget\.com/blog/" />
+		<test url="http://www.youneedabudget.com/blog/" />
+		<test url="http://www.youneedabudget.com/blog/?s=test" />
+		<test url="http://youneedabudget.com/blog/" />
+		<test url="http://youneedabudget.com/blog/?s=test" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/YouSendIt.xml b/src/chrome/content/rules/YouSendIt.xml
index 2bd1d3a7cd1a..8ccc39cc769d 100644
--- a/src/chrome/content/rules/YouSendIt.xml
+++ b/src/chrome/content/rules/YouSendIt.xml
@@ -1,8 +1,14 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://a15.ysicdo002.com/ => https://a15.ysicdo002.com/: (6, 'Could not resolve host: a15.ysicdo002.com')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://a15.ysicdo002.com/ => https://a15.ysicdo002.com/: (51, "SSL: no alternative certificate subject name matches target host name 'a15.ysicdo002.com'")
 	Cert only matches *.yousendit.com
 
 -->
-<ruleset name="YouSendIt">
+<ruleset name="YouSendIt" default_off="failed ruleset test">
 
 	<target host="yousendit.com" />
 	<target host="www.yousendit.com" />
@@ -12,10 +18,10 @@
 	<securecookie host="^(?:www)?\.yousendit\.com$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?yousendit\.com/"
+	<rule from="^http://(?:www\.)?yousendit\.com/"
 		to="https://www.yousendit.com/" />
 
 	<rule from="^http://a15\.ysicdo002\.com/"
 		to="https://a15.ysicdo002.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/YouTorrent.xml b/src/chrome/content/rules/YouTorrent.xml
deleted file mode 100644
index b5351429df88..000000000000
--- a/src/chrome/content/rules/YouTorrent.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	Nonfunctional domains:
-
-		- (www.)youtorrent.com
-		- blog.youtorrent.com	(times out)
-
--->
-<ruleset name="YouTorrent (partial)">
-
-	<target host="t.ytcdn.net" />
-
-
-	<rule from="^https?://t\.ytcdn\.net/"
-		to="https://s3.amazonaws.com/t.ytcdn.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/YouTube.xml b/src/chrome/content/rules/YouTube.xml
index d8c1b30ce02e..120d79ff0000 100644
--- a/src/chrome/content/rules/YouTube.xml
+++ b/src/chrome/content/rules/YouTube.xml
@@ -1,35 +1,242 @@
-<ruleset name="YouTube (partial)">
+<!--
+	Time out over both http and https:
+		youtube.tn
+		youtube.com.tn
+		www.youtube.com.tn
 
-	<target host="youtube.com" />
-	<target host="*.youtube.com" />
-		<exclusion pattern="^http://(?:www\.)?youtube\.com/crossdomain\.xml"/>
-	<target host="*.ytimg.com" />
-	<target host="youtu.be" />
-	<target host="youtube-nocookie.com"/>
-	<target host="www.youtube-nocookie.com"/>
+	Insecure cookies are set for these domains:
+
+		- .youtube.com
 
-	<!--	observed ^. cookies:
-			- use_hitbox
-			- VISITOR_INFO1_LIVE
-			- recently_watched_video_id_list
-			- .youtube.com		-->
-	<securecookie host="^\.youtube\.com" name=".*"/>
+	HSTS Preloaded:
+		youtube.com
+		*.youtube.com
 
+-->
+<ruleset name="YouTube">
 
-	<rule from="^http://(www\.)?youtube\.com/"
-		to="https://$1youtube.com/"/>
+	<target host="*.ytimg.com" />
+		<test url="http://i.ytimg.com/i/-9-kyTW8ZkZNDHQJ6FgpwQ/1.jpg" />
+		<test url="http://i1.ytimg.com/i/-9-kyTW8ZkZNDHQJ6FgpwQ/1.jpg" />
+		<test url="http://i2.ytimg.com/i/-9-kyTW8ZkZNDHQJ6FgpwQ/1.jpg" />
+		<test url="http://i3.ytimg.com/i/-9-kyTW8ZkZNDHQJ6FgpwQ/1.jpg" />
+		<test url="http://i4.ytimg.com/i/-9-kyTW8ZkZNDHQJ6FgpwQ/1.jpg" />
+		<test url="http://i9.ytimg.com/i/-9-kyTW8ZkZNDHQJ6FgpwQ/1.jpg" />
+		<test url="http://s.ytimg.com/yts/img/favicon-vflz7uhzw.ico" />
+
+	<target host="*.googlevideo.com"/>
+		<test url="http://r2---sn-25ge7nsl.googlevideo.com/videoplayback?keepalive=yes" />
+		<test url="http://r4---sn-q4f7sn7e.googlevideo.com/videoplayback?keepalive=yes" />
+		<test url="http://r1---sn-p5qlsns7.googlevideo.com/videoplayback?keepalive=yes" />
 
-	<rule from="^http://(br|de|es|fr|il|img|insight|jp|m|nl|uk)\.youtube\.com/"
-		to="https://$1.youtube.com/"/>
+        <!-- Regional domains -->
+	<target host="youtube.ae"/>
+	<target host="www.youtube.ae"/>
+	<target host="youtube.co.ae"/>
+	<target host="www.youtube.co.ae"/>
+	<target host="youtube.com.ar"/>
+	<target host="www.youtube.com.ar"/>
+	<target host="youtube.at"/>
+	<target host="www.youtube.at"/>
+	<target host="youtube.co.at"/>
+	<target host="www.youtube.co.at"/>
+	<target host="youtube.com.au"/>
+	<target host="www.youtube.com.au"/>
+	<target host="youtube.ba"/>
+	<target host="www.youtube.ba"/>
+	<target host="youtube.be"/>
+	<target host="www.youtube.be"/>
+	<target host="youtube.bg"/>
+	<target host="www.youtube.bg"/>
+	<target host="youtube.bh"/>
+	<target host="www.youtube.bh"/>
+	<target host="youtube.com.bh"/>
+	<target host="www.youtube.com.bh"/>
+	<target host="youtube.com.br"/>
+	<target host="www.youtube.com.br"/>
+	<target host="youtube.ca"/>
+	<target host="www.youtube.ca"/>
+	<target host="youtube.ch"/>
+	<target host="www.youtube.ch"/>
+	<target host="youtube.cl"/>
+	<target host="www.youtube.cl"/>
+	<target host="youtube.co"/>
+	<target host="www.youtube.co"/>
+	<target host="youtube.com.co"/>
+	<target host="www.youtube.com.co"/>
+	<target host="youtube.cz"/>
+	<target host="www.youtube.cz"/>
+	<target host="youtube.de"/>
+	<target host="www.youtube.de"/>
+	<target host="youtube.dk"/>
+	<target host="www.youtube.dk"/>
+	<target host="www.youtube.ee"/>
+	<target host="youtube.com.ee"/>
+	<target host="www.youtube.com.ee"/>
+	<target host="youtube.com.eg"/>
+	<target host="www.youtube.com.eg"/>
+	<target host="youtube.es"/>
+	<target host="www.youtube.es"/>
+	<target host="youtube.com.es"/>
+	<target host="www.youtube.com.es"/>
+	<target host="youtube.fi"/>
+	<target host="www.youtube.fi"/>
+	<target host="youtube.fr"/>
+	<target host="www.youtube.fr"/>
+	<target host="youtube.com.gh"/>
+	<target host="www.youtube.com.gh"/>
+	<target host="youtube.gr"/>
+	<target host="www.youtube.gr"/>
+	<target host="youtube.com.gr"/>
+	<target host="www.youtube.com.gr"/>
+	<target host="youtube.hk"/>
+	<target host="www.youtube.hk"/>
+	<target host="youtube.com.hk"/>
+	<target host="www.youtube.com.hk"/>
+	<target host="youtube.hr"/>
+	<target host="www.youtube.hr"/>
+	<target host="youtube.com.hr"/>
+	<target host="www.youtube.com.hr"/>
+	<target host="youtube.hu"/>
+	<target host="www.youtube.hu"/>
+	<target host="youtube.co.hu"/>
+	<target host="www.youtube.co.hu"/>
+	<target host="youtube.co.id"/>
+	<target host="www.youtube.co.id"/>
+	<target host="youtube.ie"/>
+	<target host="www.youtube.ie"/>
+	<target host="youtube.co.il"/>
+	<target host="www.youtube.co.il"/>
+	<target host="youtube.in"/>
+	<target host="www.youtube.in"/>
+	<target host="youtube.co.in"/>
+	<target host="www.youtube.co.in"/>
+	<target host="youtube.it"/>
+	<target host="www.youtube.it"/>
+	<target host="youtube.jo"/>
+	<target host="www.youtube.jo"/>
+	<target host="youtube.com.jo"/>
+	<target host="www.youtube.com.jo"/>
+	<target host="youtube.co.ke"/>
+	<target host="www.youtube.co.ke"/>
+	<target host="youtube.kr"/>
+	<target host="www.youtube.kr"/>
+	<target host="youtube.co.kr"/>
+	<target host="www.youtube.co.kr"/>
+	<target host="youtube.com.kw"/>
+	<target host="www.youtube.com.kw"/>
+	<target host="youtube.com.lb"/>
+	<target host="www.youtube.com.lb"/>
+	<target host="youtube.lv"/>
+	<target host="www.youtube.lv"/>
+	<target host="youtube.com.lv"/>
+	<target host="www.youtube.com.lv"/>
+	<target host="youtube.lt"/>
+	<target host="www.youtube.lt"/>
+	<target host="youtube.ma"/>
+	<target host="www.youtube.ma"/>
+	<target host="youtube.co.ma"/>
+	<target host="www.youtube.co.ma"/>
+	<target host="youtube.me"/>
+	<target host="www.youtube.me"/>
+	<target host="youtube.mk"/>
+	<target host="www.youtube.mk"/>
+	<target host="youtube.com.mk"/>
+	<target host="www.youtube.com.mk"/>
+	<target host="youtube.mx"/>
+	<target host="www.youtube.mx"/>
+	<target host="youtube.com.mx"/>
+	<target host="www.youtube.com.mx"/>
+	<target host="youtube.my"/>
+	<target host="www.youtube.my"/>
+	<target host="youtube.com.my"/>
+	<target host="www.youtube.com.my"/>
+	<target host="youtube.ng"/>
+	<target host="www.youtube.ng"/>
+	<target host="youtube.com.ng"/>
+	<target host="www.youtube.com.ng"/>
+	<target host="youtube.nl"/>
+	<target host="www.youtube.nl"/>
+	<target host="youtube.no"/>
+	<target host="www.youtube.no"/>
+	<target host="youtube.co.nz"/>
+	<target host="www.youtube.co.nz"/>
+	<target host="youtube.com.om"/>
+	<target host="www.youtube.com.om"/>
+	<target host="youtube.pe"/>
+	<target host="www.youtube.pe"/>
+	<target host="youtube.com.pe"/>
+	<target host="www.youtube.com.pe"/>
+	<target host="youtube.ph"/>
+	<target host="www.youtube.ph"/>
+	<target host="youtube.com.ph"/>
+	<target host="www.youtube.com.ph"/>
+	<target host="youtube.pl"/>
+	<target host="www.youtube.pl"/>
+	<target host="youtube.pr"/>
+	<target host="www.youtube.pr"/>
+	<target host="youtube.pt"/>
+	<target host="www.youtube.pt"/>
+	<target host="youtube.com.pt"/>
+	<target host="www.youtube.com.pt"/>
+	<target host="youtube.qa"/>
+	<target host="www.youtube.qa"/>
+	<target host="youtube.com.qa"/>
+	<target host="www.youtube.com.qa"/>
+	<target host="youtube.ro"/>
+	<target host="www.youtube.ro"/>
+	<target host="youtube.com.ro"/>
+	<target host="www.youtube.com.ro"/>
+	<target host="youtube.rs"/>
+	<target host="www.youtube.rs"/>
+	<target host="youtube.ru"/>
+	<target host="www.youtube.ru"/>
+	<target host="youtube.sa"/>
+	<target host="www.youtube.sa"/>
+	<target host="youtube.com.sa"/>
+	<target host="www.youtube.com.sa"/>
+	<target host="youtube.se"/>
+	<target host="www.youtube.se"/>
+	<target host="youtube.sg"/>
+	<target host="www.youtube.sg"/>
+	<target host="youtube.com.sg"/>
+	<target host="www.youtube.com.sg"/>
+	<target host="youtube.si"/>
+	<target host="www.youtube.si"/>
+	<target host="youtube.sk"/>
+	<target host="www.youtube.sk"/>
+	<target host="youtube.sn"/>
+	<target host="www.youtube.sn"/>
+	<target host="youtube.co.th"/>
+	<target host="www.youtube.co.th"/>
+	<!--target host="youtube.tn"/-->
+	<target host="www.youtube.tn"/>
+	<!--target host="youtube.com.tn"/-->
+	<!--target host="www.youtube.com.tn"/-->
+	<target host="youtube.com.tr"/>
+	<target host="www.youtube.com.tr"/>
+	<target host="youtube.com.tw"/>
+	<target host="www.youtube.com.tw"/>
+	<target host="youtube.ua"/>
+	<target host="www.youtube.ua"/>
+	<target host="youtube.com.ua"/>
+	<target host="www.youtube.com.ua"/>
+	<target host="youtube.ug"/>
+	<target host="www.youtube.ug"/>
+	<target host="youtube.co.ug"/>
+	<target host="www.youtube.co.ug"/>
+	<target host="youtube.co.uk"/>
+	<target host="www.youtube.co.uk"/>
+	<target host="youtube.co.za"/>
+	<target host="www.youtube.co.za"/>
 
-	<rule from="^http://([^/@:\.]+)\.ytimg\.com/"
-		to="https://$1.ytimg.com/"/>
 
-	<rule from="^http://youtu\.be/"
-		to="https://youtu.be/"/>
+        <!-- Alternate domains -->
+	<target host="youtu.be" />
+	<target host="www.youtube-nocookie.com"/>
 
 
-	<rule from="^http://(?:www\.)?youtube-nocookie\.com/"
-		to="https://www.youtube-nocookie.com/"/>
+	<rule from="^http:"
+		to="https:"/>
 
 </ruleset>
diff --git a/src/chrome/content/rules/YouVersion.com.xml b/src/chrome/content/rules/YouVersion.com.xml
new file mode 100644
index 000000000000..8ef0fbe12f54
--- /dev/null
+++ b/src/chrome/content/rules/YouVersion.com.xml
@@ -0,0 +1,29 @@
+<!--
+	Non-functional hosts
+		Timeout was reached:
+		- bibleseries.youversion.com
+		- web-assets.youversion.com
+
+		SSL connect error:
+		- essential100.youversion.com
+		- featuredplans.youversion.com
+		- focusonthefamily.youversion.com
+		- oneyearbible.youversion.com
+		- relentless.youversion.com
+		- sharethebible.youversion.com
+		- thistlebend.youversion.com
+
+		SSL peer certificate was not OK:
+		- webcast.youversion.com
+
+		Mixed content blocking (MCB) triggered:
+		- blog.youversion.com
+-->
+<ruleset name="YouVersion.com">
+	<target host="youversion.com" />
+	<target host="www.youversion.com" />
+	<target host="analytics.youversion.com" />
+	<target host="help.youversion.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/YouVersion.xml b/src/chrome/content/rules/YouVersion.xml
deleted file mode 100644
index 3b0d4ce834cc..000000000000
--- a/src/chrome/content/rules/YouVersion.xml
+++ /dev/null
@@ -1,29 +0,0 @@
-<!--
-	Problematic domains:
-
-		- bible.com *
-		- youversion.com *
-
-	* Times out
-
--->
-<ruleset name="YouVersion">
-
-	<target host="bible.com" />
-	<target host="*.bible.com" />
-	<target host="*.biblesociety.co.za" />
-	<target host="youversion.com" />
-	<target host="*.youversion.com" />
-
-
-	<securecookie host="^(?:www)?\.(?:bible|youversion)\.com$" name=".+" />
-	<securecookie host="^\.biblesociety\.co\.za$" name="^_youversion-web_session$" />
-
-
-	<rule from="^http?://(?:www\.)?(bible|yourversion)\.com/"
-		to="https://www.$1.com/" />
-
-	<rule from="^http://bibles\.biblesociety\.co\.za/"
-		to="https://bibles.biblesociety.co.za/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/YouVisit.com.xml b/src/chrome/content/rules/YouVisit.com.xml
index b1ea527fe627..747f72ed1464 100644
--- a/src/chrome/content/rules/YouVisit.com.xml
+++ b/src/chrome/content/rules/YouVisit.com.xml
@@ -7,7 +7,6 @@
 	<securecookie host="^(?:www\.)?youvisit\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?youvisit\.com/"
-		to="https://$1youvisit.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/You_Betrayed_us.org.xml b/src/chrome/content/rules/You_Betrayed_us.org.xml
new file mode 100644
index 000000000000..3dd25f76b9f0
--- /dev/null
+++ b/src/chrome/content/rules/You_Betrayed_us.org.xml
@@ -0,0 +1,15 @@
+<!--
+	For other Fight for the Future coverage, see Fight-for-the-Future.xml.
+
+-->
+<ruleset name="You Betrayed us.org">
+
+	<target host="youbetrayedus.org" />
+	<target host="www.youbetrayedus.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/You_Got_Posted.xml b/src/chrome/content/rules/You_Got_Posted.xml
deleted file mode 100644
index d3e9a4630e5b..000000000000
--- a/src/chrome/content/rules/You_Got_Posted.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	Problematic domains:
-
-		- (www.)yougotposted.com	(refused)
-
--->
-<ruleset name="You Got Posted">
-
-	<target host="ugotposted.com" />
-	<target host="*.ugotposted.com" />
-	<target host="yougotposted.com" />
-	<target host="www.yougotposted.com" />
-
-
-	<securecookie host="^(?:w*\.)?ugotposted\.com$" name=".+" />
-
-
-	<rule from="^https?://(www\.)?(?:yo)?ugotposted\.com/"
-		to="https://$1ugotposted.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Youku.com.xml b/src/chrome/content/rules/Youku.com.xml
new file mode 100644
index 000000000000..7ab6e1d6136d
--- /dev/null
+++ b/src/chrome/content/rules/Youku.com.xml
@@ -0,0 +1,136 @@
+<!--
+	Related:
+		ykimg.com.xml
+
+	403, HTTPS only:
+		- login 			( example: https://login.youku.com/user/signup?user=login )
+
+	Break videos to play:
+		k.youku.com
+		play-ali.youku.com
+
+	Different http/https content:
+		nc.youku.com		( https://nc.youku.com/index_playlog?callback=tuijsonp4 )
+		notify.youku.com
+
+	MCB:
+		bigvoyage.youku.com	https://bigvoyage.youku.com/bigvoyage/overview/index
+		c.youku.com
+		gh.youku.com		( https://gh.youku.com/topic_page/topic_list )
+		i.youku.com			( example: https://i.youku.com/i/UNTI4NDU4OTgw )
+		laifeng.youku.com
+		lv.youku.com
+		mobile.youku.com	( break the login information )
+		open.youku.com
+		tds.ott.youku.com
+		top.youku.com
+		user.youku.com		( test in https://user.youku.com/page/usc/index )
+		userlive.youku.com	( test in http://i.youku.com/i/UNTI4NDU4OTgw )
+		v.youku.com			( break HTML5 videos )
+
+	Invalid certificate:
+		pcclient.download.youku.com
+		edu.youku.com
+		res.youku.com		( equal to res.ykimg.com )
+
+	Redirector to http:
+		club.youku.com
+		yj.youku.com
+		youxi.youku.com
+
+	Refused:
+		index.youku.com
+		cfg.ykpp.navi.youku.com	( https://cfg.ykpp.navi.youku.com/crossdomain.xml )
+		wan.youku.com
+
+	Timeout:
+		ykatr.youku.com
+
+	Strange travis error:
+		^
+-->
+<ruleset name="Youku.com">
+	<!-- Directly: -->
+	<target host="www.youku.com" />
+	<target host="account.youku.com" />
+	<target host="actives.youku.com" />
+	<target host="html.atm.youku.com" />
+	<target host="static.atm.youku.com" />
+	<target host="valf.atm.youku.com" />
+	<target host="auto.youku.com" />
+	<target host="baby.youku.com" />
+	<target host="child.youku.com" />
+	<target host="cloud.youku.com" />
+	<target host="cmstool.youku.com" />
+	<target host="comic.youku.com" />
+	<target host="p.comments.youku.com" />
+	<target host="cps.youku.com" />
+	<target host="cvip.youku.com" />
+	<target host="service.danmu.youku.com" />
+	<target host="ding.youku.com" />
+	<target host="dot.youku.com" />
+	<target host="dv.youku.com" />
+	<target host="ent.youku.com" />
+	<target host="fashion.youku.com" />
+	<target host="faxian.youku.com" />
+	<target host="finance.youku.com" />
+	<target host="fun.youku.com" />
+	<target host="game.youku.com" />
+	<target host="gongyi.youku.com" />
+	<target host="iku.youku.com" />
+	<target host="jilupian.youku.com" />
+	<target host="life.youku.com" />
+	<target host="list.youku.com" />
+	<target host="live.youku.com" />
+	<target host="m.youku.com" />
+	<target host="mapp.youku.com" />
+	<target host="module.youku.com" />
+	<target host="movie.youku.com" />
+	<target host="msg.youku.com" />
+	<target host="music.youku.com" />
+	<target host="news.youku.com" />
+	<target host="paike.youku.com" />
+	<target host="pay.youku.com" />
+	<target host="pd.youku.com" />
+	<target host="hudong.pl.youku.com" />
+	<target host="qr.youku.com" />
+	<target host="rz.youku.com" />
+	<target host="shamigui.youku.com" />
+	<target host="share.youku.com" />
+	<target host="sports.youku.com" />
+	<target host="static.youku.com" />
+	<target host="tech.youku.com" />
+	<target host="travel.youku.com" />
+	<target host="tv.youku.com" />
+	<target host="vip.youku.com" />
+	<target host="vip-stat.youku.com" />
+	<target host="vr.youku.com" />
+	<target host="ykrec.youku.com" />
+	<target host="yuanxian.youku.com" />
+	<target host="z.youku.com" />
+	<target host="zipindao.youku.com" />
+	<target host="zy.youku.com" />
+		<test url="http://actives.youku.com/task/show/index#20161227" />
+		<test url="http://static.atm.youku.com/idea/201505/0518/71799/310-50-b.jpg" />
+		<test url="http://valf.atm.youku.com/crossdomain.xml" />
+		<test url="http://cmstool.youku.com/cms/tool/pub/get_putdata.json" />
+		<test url="http://p.comments.youku.com/ycp/comment/pc/navigationBar" />
+		<test url="http://cvip.youku.com/zpd_api/get_pay_channels_num" />
+		<test url="http://service.danmu.youku.com/profile" />
+		<test url="http://ding.youku.com/a/id_XMTY2NDYw.html" />
+		<test url="http://ding.youku.com/u/subscribeUpdate" />
+		<test url="http://m.youku.com/video/id_XMjUxOTAwMTEyOA.html" />
+		<test url="http://mapp.youku.com/service/20130209" />
+		<test url="http://msg.youku.com/api/push/getpopupmsg?appid=1001" />
+		<test url="http://hudong.pl.youku.com/interact/libs/get/plugins" />
+		<test url="http://static.youku.com/v/js/blank.html" />
+		<test url="http://vip-stat.youku.com/vip-dds/vip-dds-core/push" />
+
+	<!-- Complication: -->
+	<target host="res.youku.com" />
+	<rule from="^http://res\.youku\.com/" to="https://res.ykimg.com/" />
+		<test url="http://res.youku.com/100120080909172151D87163EB1944481E2EE41F48B7645C1E" />
+		<test url="http://res.youku.com/100120101123154754EC3423A23ADE1462EA80300B24F73BC9" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Youm7.com-falsemixed.xml b/src/chrome/content/rules/Youm7.com-falsemixed.xml
deleted file mode 100644
index 0cbee6df7ff2..000000000000
--- a/src/chrome/content/rules/Youm7.com-falsemixed.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	For rules not causing false/broken MCB, see Youm7.com.xml.
-
--->
-<ruleset name="Youm7.com (false MCB)" platform="mixedcontent">
-
-	<target host="youm7.com" />
-	<target host="*.youm7.com" />
-		<!--
-			Handled in Youm7.com.xml:
-							-->
-		<exclusion pattern="^http://(?:www1?\.)?youm7\.com/+(?:cdn-cgi/|favicon\.ico|images/|layoutnew\.css|newsbar_files/)" />
-		<!--exclusion pattern="^http://(the)?cairopost\.youm7\.com/+(favicon\.ico|wp-content/|wp-includes/)" /-->
-
-
-	<securecookie host="^\.?youm7\.com$" name=".+" />
-
-
-	<rule from="^http://(img\.|www1?\.)?youm7\.com/"
-		to="https://$1youm7.com/" />
-
-	<rule from="^http://(?:the)?cairopost\.youm7\.com/(?!favicon\.ico|wp-content/|wp-includes/)"
-		to="https://thecairopost.youm7.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Youm7.com.xml b/src/chrome/content/rules/Youm7.com.xml
index d62cda16de2d..f19070a6643d 100644
--- a/src/chrome/content/rules/Youm7.com.xml
+++ b/src/chrome/content/rules/Youm7.com.xml
@@ -1,74 +1,60 @@
-<!--
-	For rules causing false/broken MCB, see Youm7.com-falsemixed.xml.
-
-
-	Problematic subdomains:
-
-		- cairopost	(shows default cpanel page)
 
+<!--
 
-	Partially covered subdomains:
+	Nonfunctional hosts in *youm7.com:
 
-		- (www.) *
-		- cairopost *	(→ thecairopost)
+		- cairopost *
 		- thecairopost *
-		- www1 *
+		- youm7app ²
 
-	* Avoiding false MCB
+	* 522
+	² Dropped
 
 
 	Fully covered subdomains:
 
+		- (www.)?
 		- img
-		- www2
-
+		- img1
+		- www[12]
 
-	Mixed content:
 
-		- css, on:
+	Insecure cookies are set for these domains:
 
-			- (www.) from img *
-			- thecairopost from thecairopost *
-			- thecairopost from fonts.googleapis.com *
-			- www1 from img *
+		- .youm7.com
 
-		- Images, on:
 
-			- (www.) from img *
-			- (www.) from (www.) *
-			- thecairopost from cairopost
-			- thecairopost from thecairopost
-			- www1 from img *
-
-		- Ads/web bugs, on:
+	Mixed content:
 
-			- www1 from ^ *
-			- www1 from platform.twitter.com *
-			- www2 from www2 *
+		- css on www from fonts.googleapis.com *
+		- Images on www from img.youm7.com *
+		- favicon on www from img.youm7.com *
+		- Bug on www from platform.twitter.com *
 
 	* Secured by us
 
 -->
-<ruleset name="Youm7.com (partial)">
+<ruleset name="Youm7.com (partial)" >
 
+	<!--	Direct rewrites:
+				-->
 	<target host="youm7.com" />
-	<target host="img1.youm7.com" />
-	<target host="cairopost.youm7.com" />
-	<target host="thecairopost.youm7.com" />
+	<target host="img.youm7.com" />
 	<target host="www.youm7.com" />
 	<target host="www1.youm7.com" />
 	<target host="www2.youm7.com" />
-		<!--
-			Avoiding false/broken MCB:
-							-->
-		<exclusion pattern="^http://(?:www1?\.)?youm7\.com/+(?!cdn-cgi/|favicon\.ico|images/|layoutnew\.css|newsbar_files/)" />
-		<!--exclusion pattern="^http://(the)?cairopost\.youm7\.com/+(?!favicon\.ico|wp-content/|wp-includes/)" /-->
 
 
-	<rule from="^http://(img\.|www\d?\.)?youm7\.com/"
-		to="https://$1youm7.com/" />
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.youm7\.com$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<!--	(avoiding cf_clearance <= mixed content):
+							-->
+	<securecookie host="^\.youm7\.com$" name="^__cfduid$" />
+
 
-	<rule from="^http://(?:the)?cairopost\.youm7\.com/(?=favicon\.ico|wp-content/|wp-includes/)"
-		to="https://thecairopost.youm7.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Youmix.xml b/src/chrome/content/rules/Youmix.xml
deleted file mode 100644
index 608afdac5848..000000000000
--- a/src/chrome/content/rules/Youmix.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="Youmix (partial)">
-
-	<target host="t.album.youmix.co.uk"/>
-	<target host="static.youmix.co.uk"/>
-	<target host="t.track.youmix.co.uk"/>
-
-	<rule from="^http://(t\.(album|track)|static)\.youmix\.co\.uk/"
-		to="https://s3.amazonaws.com/$1.youmix.co.uk/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Young-Pirates.Eu.xml b/src/chrome/content/rules/Young-Pirates.Eu.xml
new file mode 100644
index 000000000000..05ec6522c103
--- /dev/null
+++ b/src/chrome/content/rules/Young-Pirates.Eu.xml
@@ -0,0 +1,35 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://forum.young-pirates.eu/ => https://forum.young-pirates.eu/: (6, 'Could not resolve host: forum.young-pirates.eu')
+Fetch error: http://lists.young-pirates.eu/ => https://lists.young-pirates.eu/: (6, 'Could not resolve host: lists.young-pirates.eu')
+Fetch error: http://wiki.young-pirates.eu/ => https://wiki.young-pirates.eu/: (6, 'Could not resolve host: wiki.young-pirates.eu')
+
+	Young Pirates of Europe
+
+
+	www.young-pirates.eu doesn't exist.
+
+
+	Mixed content:
+
+		- Images on ^ from multiweb.junge-piraten.de ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="Young-Pirates.Eu" default_off="failed ruleset test">
+
+	<target host="young-pirates.eu" />
+	<target host="forum.young-pirates.eu" />
+	<target host="lists.young-pirates.eu" />
+	<target host="wiki.young-pirates.eu" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/YoungMinds.org.uk.xml b/src/chrome/content/rules/YoungMinds.org.uk.xml
new file mode 100644
index 000000000000..71ab7fd3038d
--- /dev/null
+++ b/src/chrome/content/rules/YoungMinds.org.uk.xml
@@ -0,0 +1,20 @@
+<!--
+	^: dropped
+
+-->
+<ruleset name="YoungMinds.org.uk">
+
+	<target host="youngminds.org.uk" />
+	<target host="www.youngminds.org.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.youngminds\.org\.uk$" name="^_youngminds_session$" /-->
+
+	<securecookie host="^www\.youngminds\.org\.uk$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Young_Rewired_State.org.xml b/src/chrome/content/rules/Young_Rewired_State.org.xml
new file mode 100644
index 000000000000..cea0d760666e
--- /dev/null
+++ b/src/chrome/content/rules/Young_Rewired_State.org.xml
@@ -0,0 +1,36 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://youngrewiredstate.org/ => https://youngrewiredstate.org/: (6, 'Could not resolve host: youngrewiredstate.org')
+Fetch error: http://www.youngrewiredstate.org/ => https://youngrewiredstate.org/: (6, 'Could not resolve host: youngrewiredstate.org')
+
+	Insecure cookies are set for these domains:
+
+		- .youngrewiredstate.org
+
+-->
+<ruleset name="Young Rewired State.org" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="youngrewiredstate.org" />
+
+	<!--	Complications:
+				-->
+	<target host="www.youngrewiredstate.org" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.youngrewiredstate\.org$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\.?youngrewiredstate\.org$" name=".+" />
+
+
+	<rule from="^http://www\.youngrewiredstate\.org/"
+		to="https://youngrewiredstate.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Younited.com.xml b/src/chrome/content/rules/Younited.com.xml
deleted file mode 100644
index 2a63214e0724..000000000000
--- a/src/chrome/content/rules/Younited.com.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	Mixed content:
-
-		- css, on www from:
-
-			- netdna.bootstrapcdn.com *
-			- cloud.typography.com *
-
-		- Web bugs on www from fsecure.122.2o7.net *
-
-	* Secured by us
-
--->
-<ruleset name="younited.com">
-
-	<target host="younited.com" />
-	<target host="*.younited.com" />
-
-
-	<rule from="^http://(community\.|www\.)?younited\.com/"
-		to="https://$1younited.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Your-File-System.com.xml b/src/chrome/content/rules/Your-File-System.com.xml
index 5f623e2d755a..7d1ecba8bf17 100644
--- a/src/chrome/content/rules/Your-File-System.com.xml
+++ b/src/chrome/content/rules/Your-File-System.com.xml
@@ -1,4 +1,11 @@
-<ruleset name="Your-File-System.com">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://your-file-system.com/ => https://your-file-system.com/: (7, 'Failed to connect to your-file-system.com port 443: Connection refused')
+Fetch error: http://www.your-file-system.com/ => https://www.your-file-system.com/: (7, 'Failed to connect to www.your-file-system.com port 443: Connection refused')
+
+-->
+<ruleset name="Your-File-System.com" default_off="failed ruleset test">
 
 	<target host="your-file-system.com" />
 	<target host="www.your-file-system.com" />
@@ -7,7 +14,6 @@
 	<securecookie host="^(?:www\.)?your-file-system\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?your-file-system\.com/"
-		to="https://$1your-file-system.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Your-Freedom.xml b/src/chrome/content/rules/Your-Freedom.xml
index be2546928ccb..bc2aecc903f1 100644
--- a/src/chrome/content/rules/Your-Freedom.xml
+++ b/src/chrome/content/rules/Your-Freedom.xml
@@ -2,5 +2,5 @@
   <target host="your-freedom.net" />
   <target host="www.your-freedom.net" />
 
-  <rule from="^http://(?:www\.)?your-freedom\.net/" to="https://www.your-freedom.net/"/>
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Your-Mailing-List-Provider.xml b/src/chrome/content/rules/Your-Mailing-List-Provider.xml
index 236beb98d2a2..ec339dfe77b9 100644
--- a/src/chrome/content/rules/Your-Mailing-List-Provider.xml
+++ b/src/chrome/content/rules/Your-Mailing-List-Provider.xml
@@ -1,17 +1,11 @@
 <ruleset name="Your Mailing List Provider">
 	<target host="ymlp.com" />
-	<target host="chiclet.ymlp.com" />
 	<target host="www.ymlp.com" />
+	<target host="chiclet.ymlp.com" />
+	<target host="img.ymlp.com" />
+
 	<target host="yourmailinglistprovider.com" />
 	<target host="www.yourmailinglistprovider.com" />
 
-	<securecookie host="^(chiclet|www)\.ymlp\.com$"
-			name=".+" />
-
-	<rule from="^(https://|http://(www\.)?)ymlp\.com/"
-		to="https://www.ymlp.com/" />
-	<rule from="^http://chiclet\.ymlp\.com/"
-		to="https://chiclet.ymlp.com/" />
-	<rule from="^http://(www\.)?yourmailinglistprovider\.com/"
-		to="https://www.ymlp.com/" />
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/YourBittorrent.xml b/src/chrome/content/rules/YourBittorrent.xml
deleted file mode 100644
index 68a206cd49de..000000000000
--- a/src/chrome/content/rules/YourBittorrent.xml
+++ /dev/null
@@ -1,30 +0,0 @@
-<!--
-	CDN buckets:
-
-		- ybt.cdn.netdna-cdn.com
-
-			- -ssl doesn't exist
-			- i.yourbittorrent.com
-
-
-	Problematic subdomains:
-
-		- i	(404)
-
--->
-<ruleset name="YourBittorrent">
-
-	<target host="yourbittorrent.com" />
-	<target host="*.yourbittorrent.com" />
-
-
-	<securecookie host="^\.yourbittorrent\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?yourbittorrent\.com/"
-		to="https://$1yourbittorrent.com/" />
-
-	<rule from="^https?://i\.yourbittorrent\.com/"
-		to="https://yourbittorrent.com/images/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/YourBrainOnPorn.com.xml b/src/chrome/content/rules/YourBrainOnPorn.com.xml
new file mode 100644
index 000000000000..34c690d6d2ff
--- /dev/null
+++ b/src/chrome/content/rules/YourBrainOnPorn.com.xml
@@ -0,0 +1,10 @@
+<!--
+	Invalid Certificate:
+		mail.yourbrainonporn.com
+-->
+<ruleset name="YourBrainOnPorn.com">
+	<target host="yourbrainonporn.com" />
+	<target host="www.yourbrainonporn.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/YourLogicalFallacyIs.com.xml b/src/chrome/content/rules/YourLogicalFallacyIs.com.xml
new file mode 100644
index 000000000000..cb420f9e335e
--- /dev/null
+++ b/src/chrome/content/rules/YourLogicalFallacyIs.com.xml
@@ -0,0 +1,17 @@
+<!--
+	Invalid certificate:
+		m.yourlogicalfallacyis.com
+		mail.yourlogicalfallacyis.com
+		store.yourlogicalfallacyis.com
+		tim.yourlogicalfallacyis.com
+
+-->
+<ruleset name="YourLogicalFallacyIs.com">
+
+	<target host="yourlogicalfallacyis.com" />
+	<target host="www.yourlogicalfallacyis.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/YourMechanic.com.xml b/src/chrome/content/rules/YourMechanic.com.xml
new file mode 100644
index 000000000000..826519681623
--- /dev/null
+++ b/src/chrome/content/rules/YourMechanic.com.xml
@@ -0,0 +1,23 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- www.yourmechanic.com
+
+-->
+<ruleset name="YourMechanic.com">
+
+	<target host="yourmechanic.com" />
+	<target host="www.yourmechanic.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.yourmechanic\.com$" name="^(?:casa|casa_t|cj_affiliate)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/YourMembership.com.xml b/src/chrome/content/rules/YourMembership.com.xml
new file mode 100644
index 000000000000..e68d80b0bcb9
--- /dev/null
+++ b/src/chrome/content/rules/YourMembership.com.xml
@@ -0,0 +1,30 @@
+<!--
+	NB: Server sends no certificate chain, see https://whatsmychaincert.com
+
+
+	Mixed content:
+
+		- css, from:
+
+			- $self *
+			- fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="YourMembership.com" default_off="cert-chain">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="yourmembership.com" />
+	<target host="www.yourmembership.com" />
+
+		<!--	Mixed social button:
+						-->
+		<test url="http://www.yourmembership.com/resource-library/blog/" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/YourPSHome.net.xml b/src/chrome/content/rules/YourPSHome.net.xml
index 3a6e223e7cdb..69aafdb4cdf2 100644
--- a/src/chrome/content/rules/YourPSHome.net.xml
+++ b/src/chrome/content/rules/YourPSHome.net.xml
@@ -1,42 +1,20 @@
-<!--
-	CDN buckets:
-
-		- yourplaystationhome.yourplaystationh.netdna-cdn.com
-
-			- -ssl doesn't exist
-			- cdn
-
-
-	Problematic subdomains:
-
-		- cdn	(404; mismatched, CN: *.netdna-ssl.com)
-
 
-	CN: Parallels Panel
-
-
-	Mixed content:
-
-		- Images, on www from:
-
-			- cdn *
-			- www *
-
-		- Ads on www from www *
-
-	* Secured by us
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cdn.yourpshome.net/ => https://cdn.yourpshome.net/: (6, 'Could not resolve host: cdn.yourpshome.net')
 
 -->
-<ruleset name="YourPSHome.net" default_off="self-signed">
+<ruleset name="YourPSHome.net" default_off="failed ruleset test">
 
 	<target host="yourpshome.net" />
-	<target host="*.yourpshome.net" />
+	<target host="cdn.yourpshome.net" />
+	<target host="www.yourpshome.net" />
 
 
-	<securecookie host="^www\.yourpshome\.net$" name=".+" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^http://(?:cdn\.|www\.)?yourpshome\.net/"
-		to="https://www.yourpshome.net/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/YourWorldOfText.com.xml b/src/chrome/content/rules/YourWorldOfText.com.xml
new file mode 100644
index 000000000000..dd495bd32059
--- /dev/null
+++ b/src/chrome/content/rules/YourWorldOfText.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="YourWorldOfText.com">
+	<target host="yourworldoftext.com" />
+	<target host="www.yourworldoftext.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/YourYU.ca.xml b/src/chrome/content/rules/YourYU.ca.xml
new file mode 100644
index 000000000000..fe6c227e0399
--- /dev/null
+++ b/src/chrome/content/rules/YourYU.ca.xml
@@ -0,0 +1,6 @@
+<ruleset name="YourYU.ca">
+	<target host="youryu.ca" />
+	<target host="www.youryu.ca" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Your_Date_Link.xml b/src/chrome/content/rules/Your_Date_Link.xml
index 865e89bac2fd..4e27526ae715 100644
--- a/src/chrome/content/rules/Your_Date_Link.xml
+++ b/src/chrome/content/rules/Your_Date_Link.xml
@@ -1,13 +1,21 @@
-<ruleset name="Your Date Link">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://yourdatelink.com/ => https://yourdatelink.com/: (51, "SSL: no alternative certificate subject name matches target host name 'yourdatelink.com'")
+Fetch error: http://www.yourdatelink.com/ => https://www.yourdatelink.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.yourdatelink.com'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://yourdatelink.com/ => https://yourdatelink.com/: (51, "SSL: no alternative certificate subject name matches target host name 'yourdatelink.com'")
+-->
+<ruleset name="Your Date Link" default_off="failed ruleset test">
 
 	<target host="yourdatelink.com" />
-	<target host="*.yourdatelink.com" />
+	<target host="www.yourdatelink.com" />
 
 
 	<securecookie host="^(?:w*\.)?yourdatelink\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?yourdatelink\.com/"
-		to="https://$1yourdatelink.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Your_Karma.com.xml b/src/chrome/content/rules/Your_Karma.com.xml
new file mode 100644
index 000000000000..5846a2da448a
--- /dev/null
+++ b/src/chrome/content/rules/Your_Karma.com.xml
@@ -0,0 +1,15 @@
+<ruleset name="your Karma.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="yourkarma.com" />
+	<target host="blog.yourkarma.com" />
+	<target host="go.yourkarma.com" />
+	<target host="login.yourkarma.com" />
+	<target host="www.yourkarma.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Your_Local_Edge.com.xml b/src/chrome/content/rules/Your_Local_Edge.com.xml
index ad31085e6c91..0ef7842abb46 100644
--- a/src/chrome/content/rules/Your_Local_Edge.com.xml
+++ b/src/chrome/content/rules/Your_Local_Edge.com.xml
@@ -1,4 +1,10 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://yourlocaledge.com/ => https://yourlocaledge.com/: (7, 'Failed to connect to yourlocaledge.com port 443: Connection refused')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://yourlocaledge.com/ => https://yourlocaledge.com/: (28, 'Connection timed out after 10000 milliseconds')
 	Problematic subdomains:
 
 		- ^	(works, cert only matches ^yourlocaledge.com)
@@ -11,10 +17,10 @@
 	* Secured by us
 
 -->
-<ruleset name="Your Local Edge.com">
+<ruleset name="Your Local Edge.com" default_off="failed ruleset test">
 
 	<target host="yourlocaledge.com" />
-	<target host="*.yourlocaledge.com" />
+	<target host="www.yourlocaledge.com" />
 
 
 	<securecookie host="^\.yourlocaledge\.com$" name=".+" />
@@ -23,4 +29,4 @@
 	<rule from="^http://(?:www\.)?yourlocaledge\.com/"
 		to="https://yourlocaledge.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Your_Sole.com.xml b/src/chrome/content/rules/Your_Sole.com.xml
new file mode 100644
index 000000000000..af51e0384e53
--- /dev/null
+++ b/src/chrome/content/rules/Your_Sole.com.xml
@@ -0,0 +1,41 @@
+<!--
+	(www.)?yoursole.com: Dropped
+
+
+	Fully covered hosts in *yoursole.com:
+
+		- (www.)?	(→ secure.yoursole.com)
+		- secure
+
+
+	Insecure cookies are set for these domains:
+
+		- .yoursole.com
+
+-->
+<ruleset name="Your Sole.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="secure.yoursole.com" />
+
+	<!--	Complications:
+				-->
+	<target host="yoursole.com" />
+	<target host="www.yoursole.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.yoursole\.com$" name="^MV_SESSION_ID$" /-->
+
+	<securecookie host="^\.yoursole\.com$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?yoursole\.com/"
+		to="https://secure.yoursole.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Your_Support_Services.co.uk.xml b/src/chrome/content/rules/Your_Support_Services.co.uk.xml
new file mode 100644
index 000000000000..c183261a7335
--- /dev/null
+++ b/src/chrome/content/rules/Your_Support_Services.co.uk.xml
@@ -0,0 +1,13 @@
+<!--
+	^: redirects to http, valid cert
+
+-->
+<ruleset name="Your Support Services.co.uk">
+
+	<target host="yoursupportservices.co.uk" />
+	<target host="www.yoursupportservices.co.uk" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Your_Video_Host.com.xml b/src/chrome/content/rules/Your_Video_Host.com.xml
new file mode 100644
index 000000000000..fa4903df03cc
--- /dev/null
+++ b/src/chrome/content/rules/Your_Video_Host.com.xml
@@ -0,0 +1,42 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://yourvideohost.com/ => https://yourvideohost.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.yourvideohost.com/ => https://www.yourvideohost.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+	Insecure cookies are set for these domains: ᶜ
+
+		- .yourvideohost.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css, from:
+
+			- fonts.googleapis.com ˢ
+			- yourvideohost.com ˢ
+
+		- Images from yourvideohost.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Your Video Host.com (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
+
+	<target host="yourvideohost.com" />
+	<target host="www.yourvideohost.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.yourvideohost\.com$" name="^(?:__cfduid|cf_clearance|lang)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Yourcounciljobs.co.uk.xml b/src/chrome/content/rules/Yourcounciljobs.co.uk.xml
new file mode 100644
index 000000000000..8e0c75387af4
--- /dev/null
+++ b/src/chrome/content/rules/Yourcounciljobs.co.uk.xml
@@ -0,0 +1,29 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://yourcounciljobs.co.uk/ => https://yourcounciljobs.co.uk/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.yourcounciljobs.co.uk/ => https://www.yourcounciljobs.co.uk/: (28, 'Connection timed out after 20003 milliseconds')
+
+	Insecure cookies are set for these hosts:
+
+		- yourcounciljobs.co.uk
+		- www.yourcounciljobs.co.uk
+
+-->
+<ruleset name="yourcounciljobs.co.uk" default_off="failed ruleset test">
+
+	<target host="yourcounciljobs.co.uk" />
+	<target host="www.yourcounciljobs.co.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?yourcounciljobs\.co\.uk$" name="^ASP\\.NET_SessionId$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Yourfone.de.xml b/src/chrome/content/rules/Yourfone.de.xml
index 83bd0d93ada2..cf852f80f5a3 100644
--- a/src/chrome/content/rules/Yourfone.de.xml
+++ b/src/chrome/content/rules/Yourfone.de.xml
@@ -15,16 +15,22 @@
 <ruleset name="yourfone.de">
 
 	<target host="yourfone.de" />
-	<target host="*.yourfone.de" />
+	<target host="www.yourfone.de" />
+	<target host="gfx.yourfone.de" />
+	<target host="handyshop.yourfone.de" />
+	<target host="hilfe.yourfone.de" />
+	<target host="www.gfx.yourfone.de" />
+	<target host="www.handyshop.yourfone.de" />
+	<target host="www.hilfe.yourfone.de" />
 
 
 	<securecookie host="^.*\.yourfone\.de$" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?yourfone\.de/"
+	<rule from="^http://(?:www\.)?yourfone\.de/"
 		to="https://www.yourfone.de/" />
 
-	<rule from="^https?://(?:www\.)?(gfx|handyshop|hilfe)\.yourfone\.de/"
+	<rule from="^http://(?:www\.)?(gfx|handyshop|hilfe)\.yourfone\.de/"
 		to="https://$1.yourfone.de/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Yourhosting.xml b/src/chrome/content/rules/Yourhosting.xml
index 221f7b9a83e5..b5378db8feee 100644
--- a/src/chrome/content/rules/Yourhosting.xml
+++ b/src/chrome/content/rules/Yourhosting.xml
@@ -5,14 +5,14 @@
 	<target host="*.yourhosting.nl" />
 
 
-	<securecookie host="^.*\.yourhosting\.nl$" name=".*" />
+	<securecookie host="^.*\.yourhosting\.nl$" name=".+" />
 
 
 	<!--	302s like so.
 
 		https://mail1.eff.org/pipermail/https-everywhere-rules/2012-July/001235.html
 												-->
-	<rule from="^https?://webmail\.server1\.firstfind\.nl/(?:.*)"
+	<rule from="^http://webmail\.server1\.firstfind\.nl/(?:.*)"
 		to="https://webmail.yourhosting.nl/" />
 
 	<rule from="^http://(webmail\.|www\.)?yourhosting\.nl/"
diff --git a/src/chrome/content/rules/Yourmoney.ch.xml b/src/chrome/content/rules/Yourmoney.ch.xml
deleted file mode 100644
index 70aee9a2506c..000000000000
--- a/src/chrome/content/rules/Yourmoney.ch.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<ruleset name="Yourmoney.ch">
-    <target host="yourmoney.ch" />
-    <target host="*.yourmoney.ch" />
-
-    <securecookie host="^(.*\.)?yourmoney\.ch$" name=".+" />
-
-    <rule from="^https?://yourmoney\.ch/"
-        to="https://www.yourmoney.ch/"/>
-    <rule from="^http://([^/:@]+)?\.yourmoney\.ch/"
-        to="https://$1.yourmoney.ch/" />
-</ruleset>
diff --git a/src/chrome/content/rules/YoursAV.com.xml b/src/chrome/content/rules/YoursAV.com.xml
index 8d7e1fe5fae2..a94cfa382212 100644
--- a/src/chrome/content/rules/YoursAV.com.xml
+++ b/src/chrome/content/rules/YoursAV.com.xml
@@ -1,16 +1,17 @@
+
 <!--
-	CN: Parallels Panel
+Disabled by https-everywhere-checker because:
+Fetch error: http://yoursav.com/ => https://yoursav.com/: (51, "SSL: no alternative certificate subject name matches target host name 'yoursav.com'")
+Fetch error: http://www.yoursav.com/ => https://www.yoursav.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.yoursav.com'")
 
 -->
-<ruleset name="YoursAV.com" default_off="self-signed">
+<ruleset name="YoursAV.com" default_off="failed ruleset test">
 
 	<target host="yoursav.com" />
 	<target host="www.yoursav.com" />
-	<target host="yoursav.net" />
-	<target host="www.yoursav.net" />
 
 
-	<rule from="^http://(?:www\.)?yoursav\.(com|net)/"
-		to="https://yoursav.$1/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Yourvideofile.org.xml b/src/chrome/content/rules/Yourvideofile.org.xml
new file mode 100644
index 000000000000..4dcd47cdc4df
--- /dev/null
+++ b/src/chrome/content/rules/Yourvideofile.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="Yourvideofile.org">
+
+	<target host="yourvideofile.org" />
+	<target host="www.yourvideofile.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Yroo.com.xml b/src/chrome/content/rules/Yroo.com.xml
new file mode 100644
index 000000000000..23adf77c6bda
--- /dev/null
+++ b/src/chrome/content/rules/Yroo.com.xml
@@ -0,0 +1,28 @@
+<!--
+	Insecure cookies are set for these domains and hosts:
+
+		- yroo.com
+		- .yroo.com
+		- www.yroo.com
+
+-->
+<ruleset name="yroo.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="yroo.com" />
+	<target host="www.yroo.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?yroo\.com$" name="^___utmv[abm]\w+$" /-->
+	<!--securecookie host="^\.yroo\.com$" name="^(?:incap_ses_\d+|nlbi|visid_incap)_\d+$" /-->
+
+	<securecookie host="^(?:\.|www\.)?yroo\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ysu.edu.xml b/src/chrome/content/rules/Ysu.edu.xml
new file mode 100644
index 000000000000..3e9750bcb87e
--- /dev/null
+++ b/src/chrome/content/rules/Ysu.edu.xml
@@ -0,0 +1,67 @@
+<!--
+	Mismatch:
+		- alert
+		- artdept
+		- artdept
+		- bcoe
+		- cac
+		- cc
+		- commdept
+		- cwcs
+		- epay
+		- info
+		- kc
+		- maag
+		- maag.guides
+		- maagblog
+		- mbur
+		- mcdonoughmuseum
+		- melnick
+		- newsroom
+		- nosb
+		- *.people
+		- philrel
+		- sga
+		- steelvalleyvoices
+		- stem
+		- times2dine
+		- web
+
+
+	Refused:
+		- proteomics.ysu.edu
+
+	Mixed content:
+
+		- Fonts, on ^ from:
+
+			- fonts.googleapis.com *
+
+		- Scripts, on ^ from:
+
+			- code.jquery.com *
+
+		- Iframe, on ^ from:
+
+			- www.meltwaternews.com *
+
+	* Secured by us
+-->
+<ruleset name="Youngstown State University (partial)" platform="mixedcontent">
+	<target host="ysu.edu" />
+	<target host="www.ysu.edu" />
+	<target host="my.ysu.edu" />
+	<target host="csis.ysu.edu" />
+	<target host="www.csis.ysu.edu" />
+	<target host="cfweb.cc.ysu.edu" />
+	<target host="people.ysu.edu" />
+	<target host="www.people.ysu.edu" />
+	<target host="mypassword.ysu.edu" />
+	<target host="jupiter.ysu.edu" />
+
+	<rule from="^http://(www\.)?ysu\.edu/"
+		to="https://swww.ysu.edu/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Yt-dl.org.xml b/src/chrome/content/rules/Yt-dl.org.xml
index 5c2e4ea71d5f..bcc468f9f59a 100644
--- a/src/chrome/content/rules/Yt-dl.org.xml
+++ b/src/chrome/content/rules/Yt-dl.org.xml
@@ -4,7 +4,6 @@
 	<target host="www.yt-dl.org" />
 
 
-	<rule from="^http://(www\.)?yt-dl\.org/"
-		to="https://$1yt-dl.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Yubico.xml b/src/chrome/content/rules/Yubico.xml
deleted file mode 100644
index 6524a27687b9..000000000000
--- a/src/chrome/content/rules/Yubico.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Yubico" platform="mixedcontent">
-  <target host="yubico.com" />
-  <target host="www.yubico.com" />
-  <target host="store.yubico.com" />
-  <target host="openid.yubico.com" />
-  <target host="api.yubico.com" />
-  <target host="upload.yubico.com" />
-
-  <securecookie host="^(?:.+\.)?yubico\.com$" name=".*"/>
-
-  <rule from="^http://yubico\.com/" to="https://yubico.com/"/>
-  <rule from="^http://(www|store|openid|api|upload)\.yubico\.com/" to="https://$1.yubico.com/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/Yuku.xml b/src/chrome/content/rules/Yuku.xml
deleted file mode 100644
index 78182757bedf..000000000000
--- a/src/chrome/content/rules/Yuku.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)
-		- $member
-
--->
-<ruleset name="Yuku (partial)">
-
-	<target host="*.yuku.com" />
-
-	<rule from="^http://(images|static)\.yuku\.com/"
-		to="https://s3.amazonaws.com/$1.yuku.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Yumpu.com.xml b/src/chrome/content/rules/Yumpu.com.xml
new file mode 100644
index 000000000000..94c927d8d7dd
--- /dev/null
+++ b/src/chrome/content/rules/Yumpu.com.xml
@@ -0,0 +1,32 @@
+<!--
+	Nonfunctional hosts in *yumpu.com:
+
+		- en.blog ʰ
+		- developers ʰ
+		- support ᵃ
+		- en.support ᵃ
+
+	ᵃ Shows CP
+	ʰ Redirects to http
+
+
+	Problematic hosts in *yumpu.com:
+
+		- adfree ˢ
+		- blog ˢ
+
+	ˢ Self-signed
+
+-->
+<ruleset name="Yumpu.com (partial)">
+
+	<target host="yumpu.com" />
+	<target host="assets.yumpu.com" />
+	<target host="img.yumpu.com" />
+	<target host="www.yumpu.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/YunOS.com-falsemixed.xml b/src/chrome/content/rules/YunOS.com-falsemixed.xml
new file mode 100644
index 000000000000..50c14b67613a
--- /dev/null
+++ b/src/chrome/content/rules/YunOS.com-falsemixed.xml
@@ -0,0 +1,15 @@
+<!--
+	For rules not causing false/broken MCB, see YunOS.com.xml.
+
+-->
+<ruleset name="YunOS.com (false MCB)" platform="mixedcontent">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="apps.yunos.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/YunOS.com.xml b/src/chrome/content/rules/YunOS.com.xml
new file mode 100644
index 000000000000..566bb3cf9bfd
--- /dev/null
+++ b/src/chrome/content/rules/YunOS.com.xml
@@ -0,0 +1,51 @@
+<!--
+	For rules causing false/broken MCB, see YunOS.com-falsemixed.xml.
+
+	For other Alibaba Group coverage, see Alibaba.xml.
+
+
+	Nonfunctional hosts in *yunos.com:
+
+		- (www.)? *
+		- appdev *
+		- bbs *
+		- open *
+		- zhushou *
+		- download.zhushou *
+		- zhuti *
+
+	* 403
+
+
+	Problematic hosts in *yunos.com:
+
+		- apps *
+
+	* Mixed css
+
+
+	Mixed content:
+
+		- css on apps from m.alicdn.com *
+
+		- Images, on:
+
+			- apps from gtms02.alicdn.com *
+			- apps from m.alicdn.com *
+			- apps from img01.taobaocdn.com *
+
+	* Secured by us
+
+-->
+<ruleset name="YunOS.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="account.yunos.com" />
+	<target host="my.yunos.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Yunbi.com.xml b/src/chrome/content/rules/Yunbi.com.xml
new file mode 100644
index 000000000000..30cca90d8236
--- /dev/null
+++ b/src/chrome/content/rules/Yunbi.com.xml
@@ -0,0 +1,65 @@
+<!--
+	Nonfunctional subdomains:
+
+		- bbs *
+		- t *
+
+	* Dropped
+
+
+	Problematic hosts in *yunbi.com:
+
+		- www *
+		- yun *
+
+	* Mismatched
+
+
+	Fully covered subdomains:
+
+		- (www.)?	(www → ^)
+		- yun		(→ yunbi.com)
+
+
+	slanger: Dropped over http & https
+
+
+	These altnames don't exist:
+
+		- d.yunbi.com
+
+
+	Insecure cookies are set for these hosts:
+
+		- yunbi.com
+
+-->
+<ruleset name="Yunbi.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="yunbi.com" />
+
+	<!--	Complications:
+				-->
+	<target host="www.yunbi.com" />
+	<target host="yun.yunbi.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^yunbi\.com$" name="^(_peatio_session|XSRF-TOKEN)$" /-->
+
+	<securecookie host="^yunbi\.com$" name=".+" />
+
+
+	<!--	Redirect keeps path, args,
+		and forward slash:
+					-->
+	<rule from="^http://(?:www|yun)\.yunbi\.com/"
+		to="https://yunbi.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/YunoHost.org.xml b/src/chrome/content/rules/YunoHost.org.xml
new file mode 100644
index 000000000000..b1e4b1cab0e0
--- /dev/null
+++ b/src/chrome/content/rules/YunoHost.org.xml
@@ -0,0 +1,30 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://doc.yunohost.org/ => https://doc.yunohost.org/: (51, "SSL: no alternative certificate subject name matches target host name 'doc.yunohost.org'")
+
+	Insecure cookies are set for these hosts:
+
+		- forum.yunohost.org
+
+-->
+<ruleset name="YunoHost.org" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="yunohost.org" />
+	<target host="doc.yunohost.org" />
+	<target host="forum.yunohost.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^forum\.yunohost\.org$" name="^_forum_session$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Yuri-ism.xml b/src/chrome/content/rules/Yuri-ism.xml
new file mode 100644
index 000000000000..7c82a3800b86
--- /dev/null
+++ b/src/chrome/content/rules/Yuri-ism.xml
@@ -0,0 +1,21 @@
+<!--
+	Problematic hosts in *yuri-ism.com:
+
+		- download *
+		- reader *
+
+	* Mismatch, CN: yuri-ism.net
+-->
+<ruleset name="Yuri-ism">
+	<target host="yuri-ism.com" />
+	<target host="download.yuri-ism.com" />
+	<target host="reader.yuri-ism.com" />
+	<target host="www.yuri-ism.com" />
+	<target host="yuri-ism.net" />
+	<target host="www.yuri-ism.net" />
+
+	<rule from="^http://(download|reader)\.yuri-ism\.com/"
+		to="https://www.yuri-ism.net/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Yuri.org.uk.xml b/src/chrome/content/rules/Yuri.org.uk.xml
new file mode 100644
index 000000000000..976238aa3667
--- /dev/null
+++ b/src/chrome/content/rules/Yuri.org.uk.xml
@@ -0,0 +1,12 @@
+<!--
+	^yuri.org.uk doesn't exist.
+
+-->
+<ruleset name="Yuri.org.uk">
+
+	<target host="www.yuri.org.uk" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ywxi.net.xml b/src/chrome/content/rules/Ywxi.net.xml
new file mode 100644
index 000000000000..dc25dca84f61
--- /dev/null
+++ b/src/chrome/content/rules/Ywxi.net.xml
@@ -0,0 +1,32 @@
+<!--
+	Web bugs.
+
+	For other Intel coverage, see Intel.xml.
+
+
+	(www.) doesn't exist.
+
+
+	Insecure cookies are set for these hosts:
+
+		- cdn.ywxi.net
+
+-->
+<ruleset name="ywxi.net">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="cdn.ywxi.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^cdn\.ywxi\.net$" name="^server$" /-->
+
+	<securecookie host="^cdn\.ywxi\.net$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ZB45.nl.xml b/src/chrome/content/rules/ZB45.nl.xml
new file mode 100644
index 000000000000..e939f1a31247
--- /dev/null
+++ b/src/chrome/content/rules/ZB45.nl.xml
@@ -0,0 +1,10 @@
+<ruleset name="ZB45.nl">
+
+	<target host="zb45.nl" />
+	<target host="www.zb45.nl" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ZCarot.com.xml b/src/chrome/content/rules/ZCarot.com.xml
new file mode 100644
index 000000000000..5d6782eca9ec
--- /dev/null
+++ b/src/chrome/content/rules/ZCarot.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="zCarot.com">
+
+	<target host="zcarot.com" />
+	<target host="www.zcarot.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ZComm.org.xml b/src/chrome/content/rules/ZComm.org.xml
new file mode 100644
index 000000000000..32cd2d1de48b
--- /dev/null
+++ b/src/chrome/content/rules/ZComm.org.xml
@@ -0,0 +1,38 @@
+<!--
+	NB: Tor users cannot view* this website due to CloudFlare settings.
+
+	See:
+
+		- https://blog.torproject.org/blog/call-arms-helping-internet-services-accept-anonymous-users
+		- https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block-Tor-
+		- https://support.cloudflare.com/hc/en-us/articles/200170206-How-do-I-turn-I-m-Under-Attack-mode-on-
+
+	* without enabling javascript, for security and privacy implications see e.g.:
+
+		- https://www.mozilla.org/security/known-vulnerabilities/firefox.html
+		- https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-fingerprinting
+		- https://panopticlick.eff.org
+
+
+	Insecure cookies are set for these domains:
+
+		- .zcomm.org
+
+-->
+<ruleset name="ZComm.org">
+
+	<target host="zcomm.org" />
+	<target host="www.zcomm.org" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.zcomm\.org$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ZDNet.xml b/src/chrome/content/rules/ZDNet.xml
index 9a83aaa7739c..1d55a3ba3bf4 100644
--- a/src/chrome/content/rules/ZDNet.xml
+++ b/src/chrome/content/rules/ZDNet.xml
@@ -28,7 +28,7 @@
 			- bwp			(refused)
 			- cdn-origin *
 			- cdn-static		(redirects to cdn-origin, Akamai)
-			- downloads *
+			- downloads **
 			- i **			(not on www nor origin)
 			- origin *
 			- www			(redirects to http, valid cert)
@@ -46,11 +46,39 @@
 	** 504, akamai
 	*** Shows fileupload.intl.cbs.com; mismatched, CN: *.intl.cbs.com)
 
+
+	Insecure cookies are set for these domains:
+
+		- .zdnet.com
+
 -->
 <ruleset name="ZDNet (partial)">
 
+	<!--	Direct rewrites:
+				-->
+	<target host="secure.zdnet.com" />
+
+	<!--	Complications:
+				-->
 	<target host="zdnet.com.au" />
-	<target host="*.zdnet.com.au" />
+	<target host="om.zdnet.com.au" />
+	<target host="www.zdnet.com.au" />
+
+		<exclusion pattern="^http://(?:www\.)?zdnet\.com\.au/(?!secure-au\.imrworldwide\.com/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://zdnet.com.au/blogs/nerdcam/" />
+
+			<!--	-ve
+					-->
+			<test url="http://zdnet.com.au/secure-au.imrworldwide.com/" />
+			<test url="http://www.zdnet.com.au/secure-au.imrworldwide.com/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.zdnet\.com$" name="^fly_session$" /-->
 
 
 	<rule from="^http://(?:www\.)?zdnet\.com\.au/secure-au\.imrworldwide\.com/"
@@ -59,4 +87,7 @@
 	<rule from="^http://om\.zdnet\.com\.au/"
 		to="https://zdau-zdnetbeta.122.2o7.net/" />
 
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/ZDTronic.xml b/src/chrome/content/rules/ZDTronic.xml
index 69086e514ed6..9c23a53c6880 100644
--- a/src/chrome/content/rules/ZDTronic.xml
+++ b/src/chrome/content/rules/ZDTronic.xml
@@ -1,14 +1,13 @@
-<ruleset name="ZDTronic">
+<ruleset name="ZDTronic.com">
 
 	<target host="zdtronic.com" />
 	<target host="www.zdtronic.com" />
-	<target host="*.www.zdtronic.com" />
 
 
-	<securecookie host="^.+\.zdtronic\.com$" name=".+" />
+	<securecookie host=".\.zdtronic\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?zdtronic\.com/"
-		to="https://$1zdtronic.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ZDbb.net.xml b/src/chrome/content/rules/ZDbb.net.xml
new file mode 100644
index 000000000000..69ab3479a002
--- /dev/null
+++ b/src/chrome/content/rules/ZDbb.net.xml
@@ -0,0 +1,34 @@
+<!--
+	For other Ziff Davis coverage, see Ziff-Davis.xml.
+
+
+	Fully covered domains:
+
+		- zdbb.net
+
+
+	Insecure cookies are set for these domains:
+
+		- .zdbb.net
+
+-->
+<ruleset name="ZDbb.net">
+
+	<target host="zdbb.net" />
+	<target host="cdn.static.zdbb.net" />
+
+	<!--	Complications:
+				-->
+	<target host="static.zdbb.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.zdbb\.net$" name="^zdbb$" /-->
+
+	<securecookie host="^\.zdbb\.net$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ZDmcirc.com.xml b/src/chrome/content/rules/ZDmcirc.com.xml
new file mode 100644
index 000000000000..ec40a2a33dad
--- /dev/null
+++ b/src/chrome/content/rules/ZDmcirc.com.xml
@@ -0,0 +1,24 @@
+<!--
+	For other Ziff Davis coverage, see Ziff-Davis.xml.
+
+
+	(www.)?zdmcirc.com: Server sends no certificate chain, see https://whatsmychaincert.com
+
+
+	Mixed content:
+
+		Bug from zdbb.net *
+
+	* Secured by us
+
+-->
+<ruleset name="ZDmcirc.com" default_off="cert-chain">
+
+	<target host="zdmcirc.com" />
+	<target host="www.zdmcirc.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ZERODIUM.xml b/src/chrome/content/rules/ZERODIUM.xml
new file mode 100644
index 000000000000..ac4572e29cc9
--- /dev/null
+++ b/src/chrome/content/rules/ZERODIUM.xml
@@ -0,0 +1,13 @@
+<ruleset name="ZERODIUM.com">
+
+	<target host=    "zerodium.com" />
+	<target host="www.zerodium.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ZKM.de.xml b/src/chrome/content/rules/ZKM.de.xml
new file mode 100644
index 000000000000..1c282ae2daea
--- /dev/null
+++ b/src/chrome/content/rules/ZKM.de.xml
@@ -0,0 +1,148 @@
+<!--
+	Invalid certificate:
+		- aaa.zkm.de
+		- basic-research.zkm.de
+		- container.zkm.de
+		- copyme.zkm.de
+		- dumbmail.zkm.de
+		- eu-koordination.zkm.de
+		- facebook.zkm.de
+		- fmserv.zkm.de
+		- www.foerdere.zkm.de
+		- ima.zkm.de
+		- www.ima.zkm.de
+		- interviewstream.zkm.de
+		- jtb.zkm.de
+		- lac.zkm.de
+		- mail2.zkm.de
+		- mailhost.zkm.de
+		- maptory.zkm.de
+		- mobile.zkm.de
+		- moments.zkm.de
+		- muskom-wiki.zkm.de
+		- rorty.zkm.de
+		- salon-digital.zkm.de
+		- shop.zkm.de
+		- www.shop.zkm.de
+		- signatur.zkm.de
+		- smtp1.zkm.de
+		- social.zkm.de
+		- soonmail.zkm.de
+		- testmail.zkm.de
+		- veranst.zkm.de
+		- vpn.zkm.de
+		- webform.zkm.de
+		- www0[1|2|3|7].zkm.de
+		- www1.zkm.de
+		- zkmp3.zkm.de
+		- zkmserv3.zkm.de
+
+	Refused:
+		- animalfarm.zkm.de
+		- aoys.zkm.de
+		- at.zkm.de
+		- m.at.zkm.de
+		- biblio.zkm.de
+		- blog.zkm.de
+		- blurting-in.zkm.de
+		- codechain.zkm.de:3000 (https://codechain.zkm.de/ redirects to http://codechain.zkm.de:3000)
+		- ctrl-space.zkm.de
+		- ctrlspace.zkm.de
+		- flick.zkm.de
+		- flickka.zkm.de
+		- hosting.zkm.de
+		- icie.zkm.de
+		- ijie.zkm.de
+		- intermaps.zkm.de
+		- itunesu.zkm.de
+		- mkn.zkm.de
+		- molecules.zkm.de
+		- moon.zkm.de
+		- msmk.zkm.de
+		- multiplechoices.zkm.de
+		- mycity-mysounds.zkm.de
+		- next-city-sounds.zkm.de
+		- orbit.zkm.de
+		- www.orbit.zkm.de
+		- mobile.orbit.zkm.de
+		- soundart.zkm.de
+		- spaceplace.zkm.de
+		- unmovie.zkm.de
+		- vm-moon.zkm.de
+		- www06.zkm.de
+		- yourcity.zkm.de
+
+	Timeout:
+		- 2009.zkm.de
+		- benu.zkm.de
+		- digitalbody.zkm.de
+		- farm3.zkm.de
+		- gam2.zkm.de
+		- history.zkm.de
+		- lac2005.zkm.de
+		- mail1.zkm.de
+		- makingthingspublic.zkm.de
+		- mediaserver.zkm.de
+		- medienkunstpreis.zkm.de
+		- mtp.zkm.de
+		- net.zkm.de
+		- net-i.zkm.de
+		- oasis.zkm.de
+		- ova.zkm.de
+		- prtg.zkm.de
+		- qilin.zkm.de
+		- radio-c.zkm.de
+		- reddit.zkm.de
+		- remoteatzkm.zkm.de
+		- roundearth.zkm.de
+		- tartaros.zkm.de
+		- vm-bild-1.zkm.de
+		- vm-musik.zkm.de
+		- www[2|3].zkm.de
+		- youniverse.zkm.de
+
+	Unable to get local issuer certificate:
+		- dam2cms.zkm.de
+		- obelix.zkm.de
+		- occ.zkm.de
+-->
+<ruleset name="ZKM.de">
+
+	<target host="zkm.de" />
+	<target host="www.zkm.de" />
+	<target host="bild.zkm.de" />
+	<target host="cloud.zkm.de" />
+	<target host="coding-culture.zkm.de" />
+	<target host="dct.zkm.de" />
+	<target host="demoshop.zkm.de" />
+	<target host="digital-culture-techniques.zkm.de" />
+	<target host="europa.zkm.de" />
+	<target host="genesis.zkm.de" />
+	<target host="helpdesk.zkm.de" />
+	<target host="hertz-gitlab.zkm.de" />
+	<target host="ical.zkm.de" />
+	<target host="kirin.zkm.de" />
+	<target host="mail.zkm.de" />
+	<target host="mailer.zkm.de" />
+	<target host="mars.zkm.de" />
+	<target host="mfg.zkm.de" />
+	<target host="motionpicture.zkm.de" />
+	<target host="motionpicture2.zkm.de" />
+	<target host="mp2.zkm.de" />
+	<target host="newsletter.zkm.de" />
+	<target host="open-codes.zkm.de" />
+	<target host="opencodes.zkm.de" />
+	<target host="phoenix.zkm.de" />
+	<target host="status.zkm.de" />
+	<target host="tickets.zkm.de" />
+	<target host="wawi.zkm.de" />
+	<target host="wawi-demo.zkm.de" />
+	<target host="web-residencies.zkm.de" />
+	<target host="webshop-demo.zkm.de" />
+	<target host="xmas.zkm.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ZMap.io.xml b/src/chrome/content/rules/ZMap.io.xml
new file mode 100644
index 000000000000..e1ab100518be
--- /dev/null
+++ b/src/chrome/content/rules/ZMap.io.xml
@@ -0,0 +1,10 @@
+<ruleset name="ZMap.io">
+
+	<target host="zmap.io" />
+	<target host="www.zmap.io" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ZNC.in.xml b/src/chrome/content/rules/ZNC.in.xml
new file mode 100644
index 000000000000..330fe519be5d
--- /dev/null
+++ b/src/chrome/content/rules/ZNC.in.xml
@@ -0,0 +1,13 @@
+<!--
+	Timeout:
+		- people
+-->
+<ruleset name="ZNC.im">
+	<target host="znc.in" />
+	<target host="www.znc.in" />
+	<target host="docs.znc.in" />
+	<target host="jenkins.znc.in" />
+	<target host="wiki.znc.in" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ZONZA.tv.xml b/src/chrome/content/rules/ZONZA.tv.xml
deleted file mode 100644
index 90ded454e5fd..000000000000
--- a/src/chrome/content/rules/ZONZA.tv.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<ruleset name="ZONZA">
-
-	<target host="zonza.tv" />
-	<target host="*.zonza.tv" />
-
-
-	<!--securecookie host="^\.zonza\.tv$" name="^(csrftoken|__utm\w)$" /-->
-	<securecookie host="^w*\.zonza\.tv$" name=".+" />
-
-
-	<rule from="^http://([^/:@]+\.)?zonza\.tv/"
-		to="https://$1zonza.tv/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/ZOTAC.xml b/src/chrome/content/rules/ZOTAC.xml
new file mode 100644
index 000000000000..9d8c852d206c
--- /dev/null
+++ b/src/chrome/content/rules/ZOTAC.xml
@@ -0,0 +1,25 @@
+<!--
+	Non-functional subdomain:
+		- zotac-cup.com		(self-signed)
+		- china			²
+		- dlasia		¹
+		- downloads		¹
+		- hkftp			²
+		- old			²
+		- webuat		²
+
+	¹ refused
+	² timeout
+-->
+<ruleset name="ZOTAC">
+	<target host="zotac.com" />
+	<target host="webdev.zotac.com" />
+	<target host="www.zotac.com" />
+	<target host="zotacusa.com" />
+	<target host="www.zotacusa.com" />
+
+	<securecookie host="^www\.zotac\.com$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ZOUM.xml b/src/chrome/content/rules/ZOUM.xml
index 88fc8ce10168..53e5a11b1a24 100644
--- a/src/chrome/content/rules/ZOUM.xml
+++ b/src/chrome/content/rules/ZOUM.xml
@@ -1,4 +1,11 @@
-<ruleset name="ZOUM">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://zoum.ca/ => https://zoum.ca/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.zoum.ca/ => https://www.zoum.ca/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="ZOUM.ca" default_off="failed ruleset test">
 
 	<target host="zoum.ca" />
 	<target host="www.zoum.ca" />
@@ -7,7 +14,7 @@
 	<securecookie host="^(?:www\.)?zoum\.ca$" name=".+" />
 
 
-	<rule from="^http://(www\.)?zoum\.ca/"
-		to="https://$1zoum.ca/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ZPChips.com.xml b/src/chrome/content/rules/ZPChips.com.xml
index 47be39fb9da7..bb123e9f371a 100644
--- a/src/chrome/content/rules/ZPChips.com.xml
+++ b/src/chrome/content/rules/ZPChips.com.xml
@@ -1,13 +1,17 @@
-<ruleset name="ZPChips.com">
+<!--
+	(www.)?: 521
+
+-->
+<ruleset name="ZPChips.com" default_off="broken">
 
 	<target host="zpchips.com" />
-	<target host="*.zpchips.com" />
+	<target host="www.zpchips.com" />
 
 
 	<securecookie host="^\.zpchips\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?zpchips\.com/"
-		to="https://$1zpchips.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ZQTK.net.xml b/src/chrome/content/rules/ZQTK.net.xml
new file mode 100644
index 000000000000..9d97e1d8353a
--- /dev/null
+++ b/src/chrome/content/rules/ZQTK.net.xml
@@ -0,0 +1,8 @@
+<ruleset name="ZQTK.net">
+
+	<target host="segment-data.zqtk.net" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ZSR.sk.xml b/src/chrome/content/rules/ZSR.sk.xml
new file mode 100644
index 000000000000..cb30d94bee4b
--- /dev/null
+++ b/src/chrome/content/rules/ZSR.sk.xml
@@ -0,0 +1,16 @@
+<!--
+	Refused:
+		zsr.sk
+
+	http://zsr.sk redirects to http://www.zsr.sk
+-->
+
+<ruleset name="ZSR.sk">
+	<target host="zsr.sk" />
+	<target host="www.zsr.sk" />
+
+	<rule from="^http://zsr\.sk/"
+		to="https://www.zsr.sk/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ZTunnel.xml b/src/chrome/content/rules/ZTunnel.xml
deleted file mode 100644
index ebeabb9a225f..000000000000
--- a/src/chrome/content/rules/ZTunnel.xml
+++ /dev/null
@@ -1,31 +0,0 @@
-<!--
-	Fully covered subdomains:
-
-		- (www.)
-
-
-	Mixed content:
-
-		- Ads/web bugs, on www from:
-
-			- ad.aim4media.com *
-			- creative.m2pub.com *
-			- cookex.amp.yahoo.com *
-			- ad.yieldmanager.com *
-
-	* Secured by us
-
-
-	We don't care about web bugs, so don't
-	mark this ruleset as mixedcontent.
-
--->
-<ruleset name="ZTunnel">
-  <target host="ztunnel.com" />
-  <target host="*.ztunnel.com" />
-
-	<!--securecookie host="^\.ztunnel\.com$" name="^__utm\w$" /-->
-  <securecookie host="^(w*\.)?ztunnel\.com$" name=".*"/>
-
-  <rule from="^http://(www\.)?ztunnel\.com/" to="https://$1ztunnel.com/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/ZUNO.sk.xml b/src/chrome/content/rules/ZUNO.sk.xml
new file mode 100644
index 000000000000..eae82281a292
--- /dev/null
+++ b/src/chrome/content/rules/ZUNO.sk.xml
@@ -0,0 +1,23 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://m.zuno.sk/ => https://m.zuno.sk/: (6, 'Could not resolve host: m.zuno.sk')
+
+	For other ZUNO.eu coverage, see ZUNO.eu.xml
+
+	Insecure cookies are set for these hosts:
+		- moje.zuno.sk
+		- www.zuno.sk
+-->
+<ruleset name="ZUNO.sk" default_off="failed ruleset test">
+	<target host="zuno.sk" />
+	<target host="chat.zuno.sk" />
+	<target host="m.zuno.sk" />
+	<target host="mobile.zuno.sk" />
+	<target host="moje.zuno.sk" />
+	<target host="www.zuno.sk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ZUS.pl.xml b/src/chrome/content/rules/ZUS.pl.xml
new file mode 100644
index 000000000000..f0c06d8eda54
--- /dev/null
+++ b/src/chrome/content/rules/ZUS.pl.xml
@@ -0,0 +1,17 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ssl.zus.pl/ => https://ssl.zus.pl/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+-->
+<ruleset name="ZUS.pl (partial)" default_off="failed ruleset test">
+
+	<target host="ssl.zus.pl" />
+	<target host="pue.zus.pl" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ZX2C4.com.xml b/src/chrome/content/rules/ZX2C4.com.xml
new file mode 100644
index 000000000000..9e9caf2c29ac
--- /dev/null
+++ b/src/chrome/content/rules/ZX2C4.com.xml
@@ -0,0 +1,18 @@
+<!--
+	Mismatched:
+		- old
+		- software.old
+		- webdesign.old
+-->
+<ruleset name="ZX2C4.com">
+	<target host="zx2c4.com" />
+	<target host="www.zx2c4.com" />
+	<target host="blog.zx2c4.com" />
+	<target host="data.zx2c4.com" />
+	<target host="git.zx2c4.com" />
+	<target host="golang.zx2c4.com" />
+	<target host="lists.zx2c4.com" />
+	<target host="music.zx2c4.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ZXIDP.org.xml b/src/chrome/content/rules/ZXIDP.org.xml
new file mode 100644
index 000000000000..071a6c82f89c
--- /dev/null
+++ b/src/chrome/content/rules/ZXIDP.org.xml
@@ -0,0 +1,16 @@
+<!--
+	Server sends no certificate chain, See https://whatsmychaincert.com
+
+	www.zxidp.org: cert only matches ^zxidp.org
+
+-->
+<ruleset name="ZXIDP.org" default_off="cert-chain">
+
+	<target host="zxidp.org" />
+	<target host="www.zxidp.org" />
+
+
+	<rule from="^http://(?:www\.)?zxidp\.org/"
+		to="https://zxidp.org/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ZZounds.com.xml b/src/chrome/content/rules/ZZounds.com.xml
new file mode 100644
index 000000000000..5339a86bbbbd
--- /dev/null
+++ b/src/chrome/content/rules/ZZounds.com.xml
@@ -0,0 +1,82 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://c0.zzounds.com/ => https://c0.zzounds.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	CDN buckets:
+
+		- cachepe.zzounds.com.cdngc.net
+
+			- c[1-4]
+			- cachepe
+
+		- zzz.m.netdna-cdn.com
+
+			- c[5-8]
+
+
+	Problematic hosts in *zzounds.com:
+
+		- c[1-4] *
+		- cachepe *
+
+	* 403; mismatched, CN: ( ssl.cdngc.net | support3.cdnetworks.net )
+
+
+	Fully covered hosts in *zzounds.com
+
+		- (www.)?
+
+		- c1		(→ c5)
+		- c2		(→ c6)
+		- c3		(→ c7)
+		- c4		(→ c8)
+
+		- c\d+:
+
+			- c[05-8]
+
+		- cachepe	(→ delivery)
+		- delivery
+
+-->
+<ruleset name="zZounds.com" default_off="failed ruleset test">
+
+	<target host="zzounds.com" />
+	<target host="*.zzounds.com" />
+
+		<test url="http://c0.zzounds.com/" />
+		<test url="http://c1.zzounds.com/" />
+		<test url="http://c2.zzounds.com/" />
+		<test url="http://c3.zzounds.com/" />
+		<test url="http://c4.zzounds.com/" />
+		<test url="http://c5.zzounds.com/" />
+		<test url="http://cachepe.zzounds.com/" />
+		<test url="http://delivery.zzounds.com/" />
+		<test url="http://www.zzounds.com/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<securecookie host="^(?:delivery)?\.zzounds\.com$" name=".+" />
+
+
+	<rule from="^http://c1\.zzounds\.com/"
+		to="https://c5.zzounds.com/" />
+
+	<rule from="^http://c2\.zzounds\.com/"
+		to="https://c6.zzounds.com/" />
+
+	<rule from="^http://c3\.zzounds\.com/"
+		to="https://c7.zzounds.com/" />
+
+	<rule from="^http://c4\.zzounds\.com/"
+		to="https://c8.zzounds.com/" />
+
+	<rule from="^http://cachepe\.zzounds\.com/"
+		to="https://delivery.zzounds.com/" />
+
+	<rule from="^http://((?:c\d+|delivery|www)\.)?zzounds\.com/"
+		to="https://$1zzounds.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Z_Natural_Foods.com.xml b/src/chrome/content/rules/Z_Natural_Foods.com.xml
new file mode 100644
index 000000000000..eca2cb9551db
--- /dev/null
+++ b/src/chrome/content/rules/Z_Natural_Foods.com.xml
@@ -0,0 +1,15 @@
+<ruleset name="Z Natural Foods.com">
+
+	<target host="znaturalfoods.com" />
+	<target host="www.znaturalfoods.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<securecookie host="^\.znaturalfoods\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Zabbix.com.xml b/src/chrome/content/rules/Zabbix.com.xml
new file mode 100644
index 000000000000..e1268127d447
--- /dev/null
+++ b/src/chrome/content/rules/Zabbix.com.xml
@@ -0,0 +1,18 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- svn.zabbix.com
+
+		Different content:
+		- assets.zabbix.com
+-->
+<ruleset name="Zabbix.com">
+	<target host="zabbix.com" />
+	<target host="www.zabbix.com" />
+	<target host="blog.zabbix.com" />
+	<target host="repo.zabbix.com" />
+	<target host="share.zabbix.com" />
+	<target host="support.zabbix.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Zabbix.xml b/src/chrome/content/rules/Zabbix.xml
deleted file mode 100644
index 4e20da11cb4f..000000000000
--- a/src/chrome/content/rules/Zabbix.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- blog		(times out)
-		- (www.)	(ditto)
-
--->
-<ruleset name="Zabbix (partial)">
-
-	<target host="support.zabbix.com"/>
-
-
-	<securecookie host="^support\.zabbix\.com$" name=".*"/>
-
-
-	<rule from="^http://support\.zabbix\.com/"
-		to="https://support.zabbix.com/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Zabihah.com.xml b/src/chrome/content/rules/Zabihah.com.xml
new file mode 100644
index 000000000000..43c2ead24697
--- /dev/null
+++ b/src/chrome/content/rules/Zabihah.com.xml
@@ -0,0 +1,15 @@
+<!--
+	Invalid certificate:
+	- blog.zabihah.com
+
+-->
+<ruleset name="Zabihah.com">
+	<target host="zabihah.com" />
+	<target host="www.zabihah.com" />
+	<target host="i.zabihah.com" />
+	<target host="m.zabihah.com" />
+
+	<securecookie host="^www\.zabihah\.com$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Zacks_Investment_Research.xml b/src/chrome/content/rules/Zacks_Investment_Research.xml
index f7218842a9cf..3bec4ad3f5b3 100644
--- a/src/chrome/content/rules/Zacks_Investment_Research.xml
+++ b/src/chrome/content/rules/Zacks_Investment_Research.xml
@@ -44,4 +44,4 @@
 	<rule from="^http://cloud\.staticzacks\.net/"
 		to="https://b7d61a7c6b8c307bf531-a92a66b9587e2a0aa805bd4e70b98407.ssl.cf2.rackcdn.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Zadara_Storage.com-falsemixed.xml b/src/chrome/content/rules/Zadara_Storage.com-falsemixed.xml
new file mode 100644
index 000000000000..347efd3edcd6
--- /dev/null
+++ b/src/chrome/content/rules/Zadara_Storage.com-falsemixed.xml
@@ -0,0 +1,17 @@
+<!--
+	For rules not causing false/broken MCB, see Zadara_Storage.xml.
+
+-->
+<ruleset name="Zadara Storage.com (false MCB)" platform="mixedcontent">
+
+	<target host="zadarastorage.com" />
+	<target host="www.zadarastorage.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Zadara_Storage.xml b/src/chrome/content/rules/Zadara_Storage.xml
index df6e41b2351f..9189986f758b 100644
--- a/src/chrome/content/rules/Zadara_Storage.xml
+++ b/src/chrome/content/rules/Zadara_Storage.xml
@@ -1,45 +1,49 @@
 <!--
+	For rules causing false/broken MCB, see Zadara_Storage.com-falsemixed.xml.
+
+
 	CDN buckets:
 
 		- zadarastorage.s3.amazonaws.com
 		- zadarastorage-public.s3.amazonaws.com
-
+		- zadarastorage.com.s177074.gridserver.com ← www.zadarastorage.com
 		- zadara-web.herokuapp.com
 
-			- www
 
+	Nonfunctional hosts in *zadarastorage.com:
 
-	Nonfunctional subdomains:
+		- vpsa-api *
 
-		- support	(zendesk)
+	* Dropped
 
 
-	Problematic subdomains:
+	Mixed content:
 
-		- ^		(refused)
-		- www		(works; mismatched, CN; *.herokuapp.com)
+		- css, on:
 
--->
-<ruleset name="Zadara Storage (partial)">
+			- www from $self *
+			- www from fonts.googleapis.com *
 
-	<target host="zadarastorage.com" />
-	<target host="*.zadarastorage.com" />
-		<!--
-			Presumably, altering the visible domain would not be appreciated:
-												-->
-		<exclusion pattern="^http://(?:www\.)?zadarastorage\.com/(?!favicon\.ico|static/)" />
+		- Images, on:
 
+			- www from zadarastorage.com.s177074.gridserver.com
+			- www from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Zadara Storage.com (partial)">
 
-	<securecookie host="^manage\.zadarastorage\.com$" name=".+" />
+	<!--target host="zadarastorage.com" /-->
+	<target host="manage.zadarastorage.com" />
+	<target host="support.zadarastorage.com" />
+	<!--target host="www.zadarastorage.com" /-->
 
 
-	<rule from="^http://(?:www\.)?zadarastorage\.com/"
-		to="https://zadara-web.herokuapp.com/" />
+	<securecookie host="^\w" name=".+" />
 
-	<rule from="^http://manage\.zadarastorage\.com/"
-		to="https://manage.zadarastorage.com/" />
 
-	<rule from="^http://support\.zadarastorage\.com/(generated|system)/"
-		to="https://assets.zendesk.com/$1/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Zadolba.li.xml b/src/chrome/content/rules/Zadolba.li.xml
new file mode 100644
index 000000000000..ef26e1d69b96
--- /dev/null
+++ b/src/chrome/content/rules/Zadolba.li.xml
@@ -0,0 +1,9 @@
+<ruleset name="Zadolba.li">
+	<target host="zadolba.li" />
+	<target host="www.zadolba.li" />
+	<target host="oni.zadolba.li" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Zaehlwerk.net.xml b/src/chrome/content/rules/Zaehlwerk.net.xml
index b13b12c55eaa..f55073f37ac2 100644
--- a/src/chrome/content/rules/Zaehlwerk.net.xml
+++ b/src/chrome/content/rules/Zaehlwerk.net.xml
@@ -1,13 +1,29 @@
-<ruleset name="zaehlwerk.net">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://mail.zaehlwerk.net/ => https://mail.zaehlwerk.net/: (51, "SSL: no alternative certificate subject name matches target host name 'mail.zaehlwerk.net'")
+
+	Other Zählwerk rulesets:
+
+		- Zwmail.de.xml
+
+-->
+<ruleset name="Zaehlwerk.net" default_off="failed ruleset test">
 
 	<target host="zaehlwerk.net" />
-	<target host="*.zaehlwerk.net" />
+	<target host="cloud.zaehlwerk.net" />
+	<target host="lists.zaehlwerk.net" />
+	<target host="mail.zaehlwerk.net" />
+	<target host="owncloud.zaehlwerk.net" />
+	<target host="seacloud.zaehlwerk.net" />
+	<target host="stats.zaehlwerk.net" />
+	<target host="www.zaehlwerk.net" />
 
 
-	<securecookie host="^stats\.zaehlwerk\.net$" name=".+" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^http://(stats\.|www\.)?zaehlwerk\.net/"
-		to="https://$1zaehlwerk.net/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Zagony.ru.xml b/src/chrome/content/rules/Zagony.ru.xml
index c31717461508..8409d0d905ff 100644
--- a/src/chrome/content/rules/Zagony.ru.xml
+++ b/src/chrome/content/rules/Zagony.ru.xml
@@ -18,7 +18,7 @@
 <ruleset name="zagony.ru" default_off="self-signed">
 
 	<target host="zagony.ru" />
-	<target host="*.zagony.ru" />
+	<target host="www.zagony.ru" />
 
 
 	<securecookie host="^\.?zagony\.ru$" name=".+" />
diff --git a/src/chrome/content/rules/Zahnarzt-herrieden.de.xml b/src/chrome/content/rules/Zahnarzt-herrieden.de.xml
new file mode 100644
index 000000000000..eb7d8b7b41ee
--- /dev/null
+++ b/src/chrome/content/rules/Zahnarzt-herrieden.de.xml
@@ -0,0 +1,6 @@
+<ruleset name="Zahnarzt-herrieden.de">
+	<target host="zahnarzt-herrieden.de" />
+	<target host="www.zahnarzt-herrieden.de" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Zaif.jp.xml b/src/chrome/content/rules/Zaif.jp.xml
new file mode 100644
index 000000000000..095bdeb216e7
--- /dev/null
+++ b/src/chrome/content/rules/Zaif.jp.xml
@@ -0,0 +1,35 @@
+<!--
+	www.zaif.jp doesn't exist.
+
+
+	Insecure cookies are set for these hosts:
+
+		- zaif.jp
+
+
+	Mixed content:
+
+		- css on corp from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Zaif.jp">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="zaif.jp" />
+	<target host="corp.zaif.jp" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^zaif\.jp$" name="^session$" /-->
+
+	<securecookie host="^zaif\.jp$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Zakir_D.com.xml b/src/chrome/content/rules/Zakir_D.com.xml
new file mode 100644
index 000000000000..0d03398230b7
--- /dev/null
+++ b/src/chrome/content/rules/Zakir_D.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="Zakir D.com">
+
+	<target host="zakird.com" />
+	<target host="www.zakird.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Zakonypreludi.sk.xml b/src/chrome/content/rules/Zakonypreludi.sk.xml
new file mode 100644
index 000000000000..cf4454dafbc3
--- /dev/null
+++ b/src/chrome/content/rules/Zakonypreludi.sk.xml
@@ -0,0 +1,24 @@
+<!--
+	Nonfunctional hosts in *.zakonypreludi.sk:
+
+	certificate mismatch:
+	    - zakonypreludi.sk
+	    - mobile.zakonypreludi.sk
+	Wildcard DNS but without wildcard certificate:
+	    - m.zakonypreludi.sk
+
+https://zakonypreludi.sk has certificate mismatch, but
+http://zakonypreludi.sk redirects to http://www.zakonypreludi.sk
+https://www.zakonypreludi.sk has correct certificate
+
+-->
+<ruleset name="Zakonypreludi.sk">
+	<target host="zakonypreludi.sk" />
+	<target host="www.zakonypreludi.sk" />
+	<target host="beta.zakonypreludi.sk" />
+
+	<rule from="^http://zakonypreludi\.sk/"
+		to="https://www.zakonypreludi.sk/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Zakonyprolidi.cz.xml b/src/chrome/content/rules/Zakonyprolidi.cz.xml
new file mode 100644
index 000000000000..55b7b10bcd0b
--- /dev/null
+++ b/src/chrome/content/rules/Zakonyprolidi.cz.xml
@@ -0,0 +1,28 @@
+<!--
+	Zakonyprolidi.cz website
+
+	// Do not cover whole domain - some subdomains have no valid certficate!
+
+	Invalid certificate:
+		zakonyprolidi.cz
+		m.zakonyprolidi.cz
+		atom.zakonyprolidi.cz
+
+https://zakonyprolidi.cz has certificate mismatch, but
+http://zakonyprolidi.cz redirects to http://zakonyprolidi.cz
+https://zakonyprolidi.cz has correct certificate
+-->
+<ruleset name="Zakonyprolidi.cz">
+	<target host="zakonyprolidi.cz" />
+	<target host="www.zakonyprolidi.cz" />
+	<target host="new.zakonyprolidi.cz" />
+
+	<securecookie host="^(?:www\.)?zakonyprolidi\.cz$" name="\.AUTH" />
+
+	<rule from="^http://zakonyprolidi\.cz/"
+	to="https://www.zakonyprolidi.cz/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Zalando.xml b/src/chrome/content/rules/Zalando.xml
new file mode 100644
index 000000000000..2500b8d60bec
--- /dev/null
+++ b/src/chrome/content/rules/Zalando.xml
@@ -0,0 +1,132 @@
+<!--
+	Expired:
+		- modenews.zalando.de
+		- modenews.zalando.fr
+		- appuntidimoda.zalando.it
+		- fashionnews.zalando.co.uk
+
+	Refused:
+		- projectz.zalando.de
+
+	Mismatch:
+		- docs.auth.zalando.com
+		- ivypark.zalando.co.uk
+		- ivypark.zalando.com
+		- ivypark.zalando.dk
+		- ivypark.zalando.fr
+		- share.zalando.com
+
+	Timeout:
+		- brandsolutions.zalando.com
+
+	Incomplete cert chain:
+		help.zalando.at
+		help.zalando.be
+		help.zalando.ch
+		help.zalando.co.uk
+		help.zalando.de
+		help.zalando.dk
+		help.zalando.es
+		help.zalando.fi
+		help.zalando.fr
+		help.zalando.it
+		help.zalando.nl
+		help.zalando.no
+		help.zalando.pl
+		help.zalando.se
+-->
+<ruleset name="Zalando">
+
+	<!-- CDN, no ^or www -->
+		<target host="secure-skin.ztat.net" />
+		<target host="secure-media.ztat.net" />
+		<target host="a1276.ztat.net" />
+		<target host="i1.ztat.net" />
+		<target host="onsite.ztat.net" />
+		<target host="media.ztat.net" />
+		<target host="optse.ztat.net" />
+		<target host="skin.ztat.net" />
+
+	<target host="zalando.com" />
+		<target host="www.zalando.com" />
+		<target host="api.zalando.com" />
+		<target host="auth.zalando.com" />
+		<target host="blog.zalando.com" />
+		<target host="business.zalando.com" />
+		<target host="content.solutions.zalando.com" />
+		<target host="corporate.zalando.com" />
+		<target host="fashion.zalando.com" />
+		<target host="logistics.zalando.com" />
+		<target host="lookbook.zalando.com" />
+		<target host="marketing.zalando.com" />
+		<target host="mediasolutions.zalando.com" />
+		<target host="tech.zalando.com" />
+
+	<target host="zalando.at" />
+		<target host="www.zalando.at" />
+		<target host="corporate.zalando.at" />
+		<target host="m.zalando.at" />
+
+	<target host="zalando.be" />
+		<target host="www.zalando.be" />
+		<target host="fr.zalando.be" />
+		<target host="m.zalando.be" />
+
+	<target host="zalando.ch" />
+		<target host="www.zalando.ch" />
+		<target host="fr.zalando.ch" />
+		<target host="m.zalando.ch" />
+
+	<target host="zalando.de" />
+		<target host="www.zalando.de" />
+		<target host="m.zalando.de" />
+		<target host="jobs.zalando.de" />
+		<target host="corporate.zalando.de" />
+		<target host="tech.zalando.de" />
+		<target host="blog.zalando.de" />
+		<target host="geschaeftsbericht.zalando.de" />
+		<target host="fashion.zalando.de" />
+		<target host="newsl.zalando.de" />
+
+	<target host="zalando.dk" />
+		<target host="www.zalando.dk" />
+		<target host="m.zalando.dk" />
+
+	<target host="zalando.es" />
+		<target host="www.zalando.es" />
+		<target host="m.zalando.es" />
+
+	<target host="zalando.fi" />
+		<target host="www.zalando.fi" />
+		<target host="m.zalando.fi" />
+
+	<target host="zalando.fr" />
+		<target host="www.zalando.fr" />
+		<target host="m.zalando.fr" />
+
+	<target host="zalando.it" />
+		<target host="www.zalando.it" />
+		<target host="m.zalando.it" />
+
+	<target host="zalando.nl" />
+		<target host="www.zalando.nl" />
+		<target host="m.zalando.nl" />
+
+	<target host="zalando.no" />
+		<target host="www.zalando.no" />
+		<target host="m.zalando.no" />
+
+	<target host="zalando.pl" />
+		<target host="www.zalando.pl" />
+		<target host="m.zalando.pl" />
+
+	<target host="zalando.se" />
+		<target host="www.zalando.se" />
+		<target host="m.zalando.se" />
+
+	<target host="zalando.co.uk" />
+		<target host="www.zalando.co.uk" />
+		<target host="m.zalando.co.uk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Zam.xml b/src/chrome/content/rules/Zam.xml
new file mode 100644
index 000000000000..307a2224a569
--- /dev/null
+++ b/src/chrome/content/rules/Zam.xml
@@ -0,0 +1,87 @@
+<!--
+	Cert expired:
+		- www.destinydb.com
+		-secure.zam.com
+
+	Cert mismatch:
+		- static.wowhead.com
+		- google.analytics.zam.com
+		- mb.zam.com, only valid for sv.monkeybroker.net
+		- ox-i.zam.com
+		- lolstatic.zam.com
+		- hearthstone.services.zam.com
+		- lolleaderboard.services.zam.com
+		- lolleague.services.zam.com
+		- lolriotstats.services.zam.com
+		- lolstats.services.zam.com
+		- lolsummoner-stats.services.zam.com
+		- lolsummoner.services.zam.com
+		- replay.services.zam.com
+
+	Chain issues:
+		- aion.zam.com
+		- www.daoc.zam.com
+		- eq.zam.com
+		- www.eq.zam.com
+		- eve.zam.com
+		- eww.zam.com
+		- www.lotro.zam.com
+		- www.lualua.zam.com
+		- m.zam.com
+		- rift.zam.com
+		- www.rift.zam.com
+		- premium.services.zam.com
+		- sha.zam.com
+		- smtp.zam.com
+		- tera.zam.com
+		- wow.zam.com
+		- zameq2.zam.com
+
+	TLS error:
+		- logging.services.zam.com
+
+	Non-200 statuscode, no known test url:
+		- ffxiv.zam.com
+
+	Redirect to plain and no known test url:
+		- lkcss.zamimg.com
+		- lkjs.zamimg.com
+-->
+<ruleset name="Zam Network (partial)" >
+
+	<target host="aov.zam.com" />
+	<target host="eq2.zam.com" />
+	<target host="fr.zam.com" />
+	<target host="*.g00.zam.com" />
+
+	<target host="auth.services.zam.com" />
+	<target host="cms.services.zam.com" />
+	<target host="comment.services.zam.com" />
+	<target host="favorite.services.zam.com" />
+	<target host="loldata.services.zam.com" />
+	<target host="media.services.zam.com" />
+	<target host="media-staging.services.zam.com" />
+
+	<target host="cdn.zamimg.com"/>
+	<target host="descss.zamimg.com"/>
+	<target host="desimg.zamimg.com"/>
+	<target host="desjs.zamimg.com"/>
+
+	<target host="lkimg.zamimg.com"/>
+	<target host="wow.zamimg.com"/>
+	<target host="wowcss.zamimg.com"/>
+	<target host="wowimg.zamimg.com"/>
+	<target host="wowjs.zamimg.com"/>
+
+	<rule from="^http:"
+	to="https:" />
+		<exclusion pattern="^http://lkimg\.zamimg\.com/$" />
+
+	<test url="http://tu9srvbirvvtmtikawiuywruehmuy29t.g00.zam.com/" />
+	<test url="http://tu9srvbirvvtmtikbgf4ms1pyi5hzg54cy5jb200.g00.zam.com/" />
+	<test url="http://tu9srvbirvvtmtikbwf0y2gudgfib29sys5jb200.g00.zam.com/" />
+
+	<test url="http://lkimg.zamimg.com/images/lkfish.png" />
+	<test url="http://lkimg.zamimg.com/images/v2/header/logo-text.png" />
+	<test url="http://lkimg.zamimg.com/images/v2/header/logo-urf-circle.png" />
+</ruleset>
diff --git a/src/chrome/content/rules/Zamg.ac.at.xml b/src/chrome/content/rules/Zamg.ac.at.xml
new file mode 100644
index 000000000000..71ef689854fe
--- /dev/null
+++ b/src/chrome/content/rules/Zamg.ac.at.xml
@@ -0,0 +1,6 @@
+<ruleset name="Zamg.ac.at">
+	<target host="zamg.ac.at" />
+	<target host="www.zamg.ac.at" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Zammad.com.xml b/src/chrome/content/rules/Zammad.com.xml
new file mode 100644
index 000000000000..ff975e0f510a
--- /dev/null
+++ b/src/chrome/content/rules/Zammad.com.xml
@@ -0,0 +1,14 @@
+<!--
+	Other Zammad rulesets:
+	- Zammad.org.xml
+-->
+
+<ruleset name="Zammad.com">
+	<target host="zammad.com" />
+	<target host="www.zammad.com" />
+	<target host="online.zammad.com" />
+
+	<securecookie host="^(www.|online.)?zammad\.com" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Zammad.org.xml b/src/chrome/content/rules/Zammad.org.xml
new file mode 100644
index 000000000000..6094750a4afc
--- /dev/null
+++ b/src/chrome/content/rules/Zammad.org.xml
@@ -0,0 +1,16 @@
+<!--
+	Other Zammad rulesets:
+	- Zammad.com.xml
+
+	Nonfunctional subdomains:
+		- days		-> mixed content
+-->
+
+<ruleset name="Zammad.org">
+	<target host="zammad.org" />
+	<target host="www.zammad.org" />
+
+	<securecookie host="^(www.)?zammad\.org" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Zamzar.com.xml b/src/chrome/content/rules/Zamzar.com.xml
index d0dbce911aec..3af518ed4b8c 100644
--- a/src/chrome/content/rules/Zamzar.com.xml
+++ b/src/chrome/content/rules/Zamzar.com.xml
@@ -1,44 +1,25 @@
 <!--
-	Problematic subdomains:
+	Redirect to http:
+		zamzar.com
+		www.zamzar.com
+		www\d.zamzar.com
+		secure.zamzar.com
 
-		- blog		(wordpress, handled in WordPress-blogs.xml)
+	See also https://github.com/EFForg/https-everywhere/issues/4147
 
+	No working URL known:
+		api.zamzar.com
 
-	Partially covered subdomains:
-
-		- (www.)	($ redirects to http)
-
-
-	Fully covered subdomains:
-
-		- secure
-
-
-	Observed cookie domains:
-
-		- .
-		- secure
-		- www
+	Invalid certificate:
+		files.zamzar.com
 
 -->
 <ruleset name="Zamzar.com (partial)">
 
-	<target host="zamzar.com" />
-	<target host="*.zamzar.com" />
-		<!--exclusion pattern="^http://(www\.)?zamzar\.com/+($|\?)" /-->
-		<!--exclusion pattern="^http://(www\.)?zamzar\.com/+(?!blank\.htm|common/|[\w-]+\.css|favicon\.ico|images/|(signup|tools)($|[?/])|uploader/css/)" /-->
-
-
-	<securecookie host="^secure\.zamzar\.com$" name=".+" />
-
-
-	<!--	^ redirects to www over http,
-		so copy that behavior:
-					-->
-	<rule from="^http://(?:www\.)?zamzar\.com/(?!/*$|/*\?)"
-		to="https://www.zamzar.com/" />
+	<target host="blog.zamzar.com" />
+	<target host="developers.zamzar.com" />
 
-	<rule from="^http://secure\.zamzar\.com/"
-		to="https://secure.zamzar.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Zanbase.com.xml b/src/chrome/content/rules/Zanbase.com.xml
new file mode 100644
index 000000000000..233f85512ec8
--- /dev/null
+++ b/src/chrome/content/rules/Zanbase.com.xml
@@ -0,0 +1,15 @@
+<ruleset name="Zanbase.com">
+
+	<target host="zanbase.com" />
+	<target host="www.zanbase.com" />
+	<target host="cart.zanbase.com" />
+	<target host="css.zanbase.com" />
+	<target host="support.zanbase.com" />
+	<target host="uidesign.zanbase.com" />
+	<target host="user.zanbase.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Zanesville_Times_Recorder.xml b/src/chrome/content/rules/Zanesville_Times_Recorder.xml
index 4ae2f67acff0..c9d4af5cb9bd 100644
--- a/src/chrome/content/rules/Zanesville_Times_Recorder.xml
+++ b/src/chrome/content/rules/Zanesville_Times_Recorder.xml
@@ -2,39 +2,42 @@
 	For other Gannett Company coverage, see Gannett-Company.xml.
 
 
-	Nonfunctional domains:
+	Nonfunctional hosts in *zanesvilletimesrecorder.com:
 
-		- zanesvilletimesrecorder.gon.gannettonline.com		(no https)
+		- ^ ʳ
+		- classifieds ʳ
+		- offers ʰ
+		- www ⁵
 
+	ʳ Refused
+	ʰ Redirects to http
+	⁵ 504
 
-	Problematic zanesvilletimesrecorder.com subdomains:
 
-		- ^		(no https)
-		- cmsimg	(503, akamai)
-		- findnsave	(pages redirect to http; mismatched, CN: *.findnsave.com)
+	Problematic hosts in *zanesvilletimesrecorder.com:
 
+		- findnsave *
+		- static *
 
-	Mixed images from:
-
-		- bcdownload.gannett.edgesuite.net
-		- bc_gvpc.edgesuite.net
-		- www.gannett-cdn.com
-		- gon.gannettonline.com
+	* Mismatched
 
 -->
-<ruleset name="Zanesville Times Recorder">
+<ruleset name="Zanesville Times Recorder.com (partial)">
 
-	<target host="zanesvilletimesrecorder.com" />
-	<target host="*.zanesvilletimesrecorder.com" />
+	<target host="account.zanesvilletimesrecorder.com" />
+	<target host="accountsolution.zanesvilletimesrecorder.com" />
+	<target host="staticassets.zanesvilletimesrecorder.com" />
+	<target host="subscribe.zanesvilletimesrecorder.com" />
 
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="http://offers.zanesvilletimesrecorder.com/specialoffer" /-->
 
-	<securecookie host="^(?:www)?\.zanesvilletimesrecorder\.com$" name=".+" />
 
+	<securecookie host="^\w" name=".+" />
 
-	<rule from="^http://(?:cmsimg\.|www\.)?zanesvilletimesrecorder\.com/"
-		to="https://www.zanesvilletimesrecorder.com/" />
 
-	<rule from="^http://findnsave\.zanesvilletimesrecorder\.com/static/"
-		to="https://zanesville.findnsave.com/static/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Zanox.com-falsemixed.xml b/src/chrome/content/rules/Zanox.com-falsemixed.xml
new file mode 100644
index 000000000000..679434920e15
--- /dev/null
+++ b/src/chrome/content/rules/Zanox.com-falsemixed.xml
@@ -0,0 +1,16 @@
+<!--
+	For rules not causing false/broken MCB, see Zanox.xml.
+
+-->
+<ruleset name="Zanox.com (false MCB)" platform="mixedcontent">
+
+	<target host="blog.zanox.com" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Zanox.xml b/src/chrome/content/rules/Zanox.xml
index 5d32f3261238..95233dc77d54 100644
--- a/src/chrome/content/rules/Zanox.xml
+++ b/src/chrome/content/rules/Zanox.xml
@@ -1,28 +1,52 @@
+
 <!--
-	Nonfunctional domains:
+Disabled by https-everywhere-checker because:
+Fetch error: http://ad.zanox.com/ => https://ad.zanox.com/: (60, 'SSL certificate problem: certificate has expired')
+
+	For rules causing false/broken MCB, see Zanox.com-falsemixed.xml.
+
+
+	Nonfunctional hosts in *zanox.com:
+
+		- help *
+
+	* Refused
 
-		- blog.zanox.com	(shows www.stu; mismatched, CN: stu.kundenserver42.de)
-		- help.zanox.com	(no https)
 
+	Mixed content:
 
-	Problematic domains:
+		- iframe on blog from www.zanox.com *
 
-		- zanox.com	(cert only matches *.zanox.com)
+		- css, on:
+
+			- blog from $self *
+			- blog from www.zanox.com *
+
+		- Images,on:
+
+			- blog from $self
+			- blog from www.zanox.com *
+			- www from ui.zanox.com *
+
+		- Bug on blog from www.facebook.com *
+
+	* Secured by us
 
 -->
-<ruleset name="Zanox (partial)">
+<ruleset name="Zanox.com (partial)" default_off="failed ruleset test">
 
 	<target host="zanox.com" />
-	<target host="*.zanox.com" />
-
+	<target host="ad.zanox.com" />
+	<!--target host="blog.zanox.com" /-->
+	<target host="marketplace.zanox.com" />
+	<target host="ui.zanox.com" />
+	<target host="www.zanox.com" />
 
-	<securecookie host="^(?:ad|www)\.zanox\.com$" name=".+" />
 
+	<securecookie host="^\w" name=".+" />
 
-	<rule from="^http://(?:www\.)?zanox\.com/"
-		to="https://www.zanox.com/" />
 
-	<rule from="^http://(ad|ui)\.zanox\.com/"
-		to="https://$1.zanox.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Zap2it.xml b/src/chrome/content/rules/Zap2it.xml
index e6a190162524..1d4ce271c01b 100644
--- a/src/chrome/content/rules/Zap2it.xml
+++ b/src/chrome/content/rules/Zap2it.xml
@@ -1,27 +1,72 @@
 <!--
+	CDN buckets:
+
+		- d1mxyp5ceukbya.cloudfront.net
+
+			- image-cdn
+
+		- images.zap2it.com.edgesuite.net
+
+
 	Nonfunctional domains:
 
-		- ^		(dropped)
-		- images.zap2it.com	(Akamai; 503)
-		- www *
+		- login *
+		- tvbythenumbers *
 
-	* 503, akamai
+	* Refused
+
+
+	Problematic subdomains:
+
+		- (www.)? ¹
+		- image-cdn ²
+		- images ²
+
+	¹ Expired
+	² Mismatched
 
 
 	Fully covered subdomains:
 
-		- login
+		- (www.)?
+		- image-cdn	(→ d1mxyp5ceukbya.cloudfront.net)
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.zap2it.com
+
+
+	Mixed content:
+
+		- Images on www from image-cdn.zap2it.com *
+
+	* Secured by us
 
 -->
-<ruleset name="Zap2it (partial)">
+<ruleset name="Zap2it.com (partial)" default_off="expired, mismatched">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="zap2it.com" />
+	<target host="www.zap2it.com" />
+
+	<!--	Complications:
+				-->
+	<target host="image-cdn.zap2it.com" />
+
 
-	<target host="login.zap2it.com" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.zap2it\.com$" name="^^(fuelcid|rmcookie)$" /-->
 
+	<securecookie host="^www\.zap2it\.com$" name=".+" />
 
-	<securecookie host="^login\.zap2it\.com$" name=".+" />
 
+	<rule from="^http://image-cdn\.zap2it\.com/"
+		to="https://d1mxyp5ceukbya.cloudfront.net/" />
 
-	<rule from="^http://login\.zap2it\.com/"
-		to="https://login.zap2it.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/ZapChain.com.xml b/src/chrome/content/rules/ZapChain.com.xml
new file mode 100644
index 000000000000..3f0d1c09c820
--- /dev/null
+++ b/src/chrome/content/rules/ZapChain.com.xml
@@ -0,0 +1,35 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.zapchain.com/ => https://www.zapchain.com/: (6, 'Could not resolve host: www.zapchain.com')
+Fetch error: http://zapchain.com/ => https://www.zapchain.com/: (6, 'Could not resolve host: www.zapchain.com')
+
+	^zapchain.com: Dropped
+
+
+	Mixed content:
+
+		- Image from files.parsetfss.com *
+		- Image from www.rbs-businesssense.co.uk *
+
+	* Not secured by us <= mismatched
+
+-->
+<ruleset name="ZapChain.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.zapchain.com" />
+
+	<!--	Complications:
+				-->
+	<target host="zapchain.com" />
+
+
+	<rule from="^http://zapchain\.com/"
+		to="https://www.zapchain.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Zap_Lab.xml b/src/chrome/content/rules/Zap_Lab.xml
index c1254b9cca3d..c529109b22b1 100644
--- a/src/chrome/content/rules/Zap_Lab.xml
+++ b/src/chrome/content/rules/Zap_Lab.xml
@@ -1,13 +1,43 @@
-<ruleset name="The Zap Lab">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://thezaplab.com/ => https://thezaplab.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.thezaplab.com/ => https://www.thezaplab.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+	NB: Tor users cannot view* this website due to CloudFlare settings.
+
+	See:
+
+		- https://blog.torproject.org/blog/call-arms-helping-internet-services-accept-anonymous-users
+		- https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block-Tor-
+		- https://support.cloudflare.com/hc/en-us/articles/200170206-How-do-I-turn-I-m-Under-Attack-mode-on-
+
+	* without enabling javascript, for security and privacy implications see e.g.:
+
+		- https://www.mozilla.org/security/known-vulnerabilities/firefox.html
+		- https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-fingerprinting
+		- https://panopticlick.eff.org
+
+
+	Insecure cookies are set for these domains:
+
+		- .thezaplab.com
+
+-->
+<ruleset name="The Zap Lab.com" default_off="failed ruleset test">
 
 	<target host="thezaplab.com" />
-	<target host="*.thezaplab.com" />
+	<target host="www.thezaplab.com" />
+
 
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.thezaplab\.com$" name="^(__cfduid|cf_clearance)$" /-->
 
-	<securecookie host="^(?:.*\.)?thezaplab\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(www\.)?thezaplab\.com/"
-		to="https://$1thezaplab.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Zappos.xml b/src/chrome/content/rules/Zappos.xml
index a459ad42d275..c10421054d5b 100644
--- a/src/chrome/content/rules/Zappos.xml
+++ b/src/chrome/content/rules/Zappos.xml
@@ -34,10 +34,10 @@
 			- download/
 			- sites/
 					-->
-	<rule from="^https?://(?:www\.)?zappos\.com/(account(?:$|\?|/)|(?:assets|boutiques|css|images|imgs?|styles)/)"
+	<rule from="^http://(?:www\.)?zappos\.com/(account(?:$|\?|/)|(?:assets|boutiques|css|images|imgs?|styles)/)"
 		to="https://secure-www.zappos.com/$1" />
 
-	<rule from="^https?://(?:www\.)?zappos\.com/[\w\-]+/imgs/"
+	<rule from="^http://(?:www\.)?zappos\.com/[\w\-]+/imgs/"
 		to="https://secure-www.zappos.com/imgs/" />
 
 	<rule from="^http://secure-www\.zappos\.com/"
@@ -47,7 +47,7 @@
 		- a[123]? 301s like so over https
 		- l3 & l4 time out
 						-->
-	<rule from="^https?://(?:a[123]?|l[34])\.zassets\.com/"
+	<rule from="^http://(?:a[123]?|l[34])\.zassets\.com/"
 		to="https://secure-www.zappos.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Zapsibkombank.ru.xml b/src/chrome/content/rules/Zapsibkombank.ru.xml
new file mode 100644
index 000000000000..d96e9d523adf
--- /dev/null
+++ b/src/chrome/content/rules/Zapsibkombank.ru.xml
@@ -0,0 +1,34 @@
+<!--
+zapsibkombank.ru ³
+www.zapsibkombank.ru ³
+ekaterinburg.zapsibkombank.ru ³
+www.ekaterinburg.zapsibkombank.ru ³
+ibank.zapsibkombank.ru ³
+www.inetbank.zapsibkombank.ru ¹
+kazan.zapsibkombank.ru ³
+kemerovo.zapsibkombank.ru ³
+mail.zapsibkombank.ru ⁵
+nefteyugansk.zapsibkombank.ru ³
+nizhniy-novgorod.zapsibkombank.ru ³
+www.nizhniy-novgorod.zapsibkombank.ru ³
+novosibirsk.zapsibkombank.ru ³
+www.novosibirsk.zapsibkombank.ru ³
+raduzhnyi.zapsibkombank.ru ³
+inetbank.zapsibkombank.ru different content
+inetbank.zapsibkombank.ru:8443 different content
+
+
+¹ mismatch
+³ timed out
+⁵ expired
+-->
+<ruleset name="zapsibkombank.ru (partial)">
+	<target host="acs.zapsibkombank.ru" />
+	<target host="acst.zapsibkombank.ru" />
+	<target host="cards.zapsibkombank.ru" />
+	<target host="data.zapsibkombank.ru" />
+	<target host="ib.zapsibkombank.ru" />
+	<target host="paymentgate.zapsibkombank.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Zaption.xml b/src/chrome/content/rules/Zaption.xml
index 2ff4eda1b99f..f752afdd3001 100644
--- a/src/chrome/content/rules/Zaption.xml
+++ b/src/chrome/content/rules/Zaption.xml
@@ -1,13 +1,19 @@
-<ruleset name="Zaption">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://zaption.com/ => https://zaption.com/: (51, "SSL: no alternative certificate subject name matches target host name 'zaption.com'")
+Fetch error: http://www.zaption.com/ => https://www.zaption.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.zaption.com'")
+
+-->
+<ruleset name="Zaption" default_off="failed ruleset test">
 
 	<target host="zaption.com" />
-	<target host="*.zaption.com" />
+	<target host="www.zaption.com" />
 
 
 	<securecookie host="^(?:www)?\.zaption\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?zaption\.com/"
-		to="https://$1zaption.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Zapunited.xml b/src/chrome/content/rules/Zapunited.xml
deleted file mode 100644
index 270e7d42abfe..000000000000
--- a/src/chrome/content/rules/Zapunited.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	At least some pages redirect to http.
-
-
-	Problematic subdomains:
-
-		- www.media	(mismatched, CN: zapunited.com)
-
--->
-<ruleset name="zapunited (partial)">
-
-	<target host="zapunited.com" />
-	<target host="*.zapunited.com" />
-	<target host="www.media.zapunited.com" />
-
-
-	<rule from="^http://(www\.)?zapunited\.com/(w/)"
-		to="https://$1zapunited.com/$2" />
-
-	<rule from="^https?://(?:www\.)?media\.zapunited\.com/"
-		to="https://media.zapunited.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Zarafa.com.xml b/src/chrome/content/rules/Zarafa.com.xml
new file mode 100644
index 000000000000..2f6d7b39af78
--- /dev/null
+++ b/src/chrome/content/rules/Zarafa.com.xml
@@ -0,0 +1,60 @@
+<!--
+	Problematic hosts in *zarafa.com:
+
+		- wiki *
+
+	* Blocks Tor users
+
+
+	Fully covered hosts in *zarafa.com:
+
+		- (www.)?
+		- community
+		- doc
+		- download
+		- forums
+		- jira
+		- portal
+		- wiki
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- zarafa.com
+		- .zarafa.com
+		- community.zarafa.com
+		- forums.zarafa.com
+		- .portal.zarafa.com
+		- www.zarafa.com
+
+-->
+<ruleset name="Zarafa.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="zarafa.com" />
+	<target host="community.zarafa.com" />
+	<target host="doc.zarafa.com" />
+	<target host="download.zarafa.com" />
+	<target host="forums.zarafa.com" />
+	<target host="jira.zarafa.com" />
+	<target host="portal.zarafa.com" />
+	<target host="wiki.zarafa.com" />
+	<target host="www.zarafa.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?zarafa\.com$" name="^(_icl_current_language|PHPSESSID)$" /-->
+	<!--securecookie host="^\.zarafa\.com$" name="^(__cfduid|cf_clearance)$" /-->
+	<!--securecookie host="^community\.zarafa\.com$" name="^Elgg$" /-->
+	<!--securecookie host="^forums\.zarafa\.com$" name="^bb_sessionhash$" /-->
+	<!--securecookie host="^\.portal\.zarafa\.com$" name="^SESS[\da-f]{32}$" /-->
+
+	<securecookie host="^(?:(?:^community|forums|\.portal|www)?\.)?zarafa\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Zarb.org.xml b/src/chrome/content/rules/Zarb.org.xml
index fff5a962727a..bf5f54987c79 100644
--- a/src/chrome/content/rules/Zarb.org.xml
+++ b/src/chrome/content/rules/Zarb.org.xml
@@ -15,7 +15,14 @@
 
 	Problematic subdomains:
 
-		- ^	(cert only matches www)
+		- ^ ¹
+		- plf ²
+		- rpm4 ²
+		- youri ²
+		- www ²
+
+	¹ Mismatched
+	² Self-signed
 
 
 	Fully covered subdomains:
@@ -28,17 +35,25 @@
 -->
 <ruleset name="zarb.org (partial)" default_off="self-signed">
 
+	<!--	Direct rewrites:
+				-->
+	<target host="plf.zarb.org" />
+	<target host="rpm4.zarb.org" />
+	<target host="www.zarb.org" />
+	<target host="youri.zarb.org" />
+
+	<!--	Complications:
+				-->
 	<target host="zarb.org" />
-	<target host="*.zarb.org" />
 
 
 	<securecookie host="^www\.zarb\.org$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?zarb\.org/"
+	<rule from="^http://zarb\.org/"
 		to="https://www.zarb.org/" />
 
-	<rule from="^http://(plf|rpm4|youri)\.zarb\.org/"
-		to="https://$1.zarb.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Zareason.com.xml b/src/chrome/content/rules/Zareason.com.xml
index bf73d46b1037..ec6201191ede 100644
--- a/src/chrome/content/rules/Zareason.com.xml
+++ b/src/chrome/content/rules/Zareason.com.xml
@@ -1,13 +1,12 @@
 <ruleset name="Zareason.com">
 
 	<target host="zareason.com" />
-	<target host="*.zareason.com" />
+	<target host="www.zareason.com" />
 
 
 	<securecookie host="^\.zareason\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?zareason\.com/"
-		to="https://$1zareason.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Zark_Zork.com-problematic.xml b/src/chrome/content/rules/Zark_Zork.com-problematic.xml
new file mode 100644
index 000000000000..e4270413148f
--- /dev/null
+++ b/src/chrome/content/rules/Zark_Zork.com-problematic.xml
@@ -0,0 +1,15 @@
+<!--
+	For rules that are on by default, see Zark_Zork.com.xml.
+
+-->
+<ruleset name="Zark Zork.com (expired)" default_off="expired">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="buhta.zarkzork.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Zark_Zork.com.xml b/src/chrome/content/rules/Zark_Zork.com.xml
new file mode 100644
index 000000000000..52ebf8604dfa
--- /dev/null
+++ b/src/chrome/content/rules/Zark_Zork.com.xml
@@ -0,0 +1,33 @@
+<!--
+	For problematic rules, see Zark_Zork.com-problematic.xml.
+
+
+	Problematic hosts:
+
+		- buhta ³
+		- www ¹ ² ³
+
+	¹ Server sends no certificate chain, see https://whatsmychaincert.com
+	² Mismatched, CN: buhta.zarkzork.com
+	³ Expired
+
+-->
+<ruleset name="Zark Zork.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="zarkzork.com" />
+	<!--target host="buhta.zarkzork.com" /-->
+
+	<!--	Complications:
+				-->
+	<target host="www.zarkzork.com" />
+
+
+	<rule from="^http://www\.zarkzork\.com/"
+		to="https://zarkzork.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Zataz.com-falsemixed.xml b/src/chrome/content/rules/Zataz.com-falsemixed.xml
deleted file mode 100644
index 37fee08b9caa..000000000000
--- a/src/chrome/content/rules/Zataz.com-falsemixed.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	For rules not causing false/broken MCB, see Zataz.xml.
-
--->
-<ruleset name="Zataz (false MCB)" platform="mixedcontent">
-
-	<target host="zataz.com" />
-	<target host="*.zataz.com" />
-		<!--
-			Handled in Zataz.xml:
-						-->
-		<exclusion pattern="^http://(?:www\.)?zataz\.com/(?:css/|favicon\.ico|images/)" />
-		<exclusion pattern="^http://eromang\.zataz\.com/(?:favicon\.ico|wp-content/)" />
-
-
-	<securecookie host="^(?:.*\.)?zataz\.com$" name=".+" />
-
-
-	<rule from="^http://(eromang\.|www\.)?zataz\.com/"
-		to="https://$1zataz.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Zataz.com.xml b/src/chrome/content/rules/Zataz.com.xml
new file mode 100644
index 000000000000..12834e245beb
--- /dev/null
+++ b/src/chrome/content/rules/Zataz.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Mixed content:
+		- fonts from googleapis.com
+		- ads
+
+	Refused:
+		jean-jacoby.zataz.com
+
+	Invalid certificate:
+		m.zataz.com
+
+-->
+<ruleset name="Zataz.com">
+
+	<target host="zataz.com" />
+	<target host="www.zataz.com" />
+	<target host="archives.zataz.com" />
+	<target host="eromang.zataz.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Zataz.xml b/src/chrome/content/rules/Zataz.xml
deleted file mode 100644
index 45476766919d..000000000000
--- a/src/chrome/content/rules/Zataz.xml
+++ /dev/null
@@ -1,52 +0,0 @@
-<!--
-	For rules that cause false/broken MCB, see Zataz.com-falsemixed.xml.
-
-
-	CDN buckets:
-
-		- i[01].wp.com/eromang.zataz.com/
-
-
-	Partially covered subdomains:
-
-		- (www.) *
-		- eromang *
-
-	* Avoiding false/broken MCB, rest handled in Zataz.com-falsemixed.xml
-
-
-	Mixed content:
-
-		- css, on:
-
-			- eromang from eromang *
-			- www from www *
-
-		- Images, on:
-
-			- eromang from eromang *
-			- www from www *
-
-	* Secured by us
-
-
-	NB: We secure all resources, and thus
-	-falsemixed should be merged for Ffx 24.
-
--->
-<ruleset name="Zataz (partial)">
-
-	<target host="zataz.com" />
-	<target host="eromang.zataz.com" />
-	<target host="www.zataz.com" />
-		<!--
-			Avoid false/broken MCB:
-						-->
-		<exclusion pattern="^http://(?:www\.)?zataz\.com/(?!css/|favicon\.ico|images/)" />
-		<exclusion pattern="^http://eromang\.zataz\.com/(?!favicon\.ico|wp-content/)" />
-
-
-	<rule from="^http://(eromang\.|www\.)?zataz\.com/"
-		to="https://$1zataz.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Zattoo.com.xml b/src/chrome/content/rules/Zattoo.com.xml
new file mode 100644
index 000000000000..ecf30df11489
--- /dev/null
+++ b/src/chrome/content/rules/Zattoo.com.xml
@@ -0,0 +1,30 @@
+<!--
+	400 bad request:
+		- download.zattoo.com
+		- sport.zattoo.com
+
+	Mismatch:
+		- ads.zattoo.com
+
+	redirects to mismatching embed-zattoo.com:
+		- partner.zattoo.com
+-->
+<ruleset name="Zattoo.com">
+
+	<target host="zattoo.com" />
+	<target host="www.zattoo.com" />
+	<target host="support.zattoo.com" />
+	<target host="wdp.zattoo.com" />
+	<target host="classic.zattoo.com" />
+
+	<target host="embed-zattoo.com" />
+
+	<target host="zattic.com"/>
+	<target host="epix.zattic.com"/>
+	<target host="images.zattic.com"/>
+	<target host="logos.zattic.com"/>
+	<target host="thumb.zattic.com"/>
+	<target host="thumbod.zattic.com"/>
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Zayo.com.xml b/src/chrome/content/rules/Zayo.com.xml
index 64c6ffe3c3b4..dca2784c0082 100644
--- a/src/chrome/content/rules/Zayo.com.xml
+++ b/src/chrome/content/rules/Zayo.com.xml
@@ -1,33 +1,47 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://zayo.com/ => https://zayo.com/: Too many redirects while fetching 'https://zayo.com/'
+Fetch error: http://www.zayo.com/ => https://www.zayo.com/: Too many redirects while fetching 'https://www.zayo.com/'
+
 	Zayo Group
 
 
-	- Expired 2011-06-30
-	- CN: plesk
+	Insecure cookies are set for these domains:
+
+		- .zayo.com
 
 
 	Mixed content:
 
+		- iframe on www from zayo.formstack.com ¹
+
 		- css, on www from:
 
 			- www *
 			- fonts.googleapis.com *
+			- cdn.jsdelivr.net *
 
 		- Images on www from www *
 
+	¹ Unsecurable <= redirects to http
 	* Secured by us
 
 -->
-<ruleset name="Zayo.com" default_off="expired, self-signed" platform="mixedcontent">
+<ruleset name="Zayo.com (mixed content)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="zayo.com" />
-	<target host="*.zayo.com" />
+	<target host="www.zayo.com" />
+
 
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.zayo\.com$" name="^(__cfduid|cf_clearance)$" /-->
 
 	<securecookie host="^(?:www)?\.zayo\.com$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?zayo\.com/"
-		to="https://www.zayo.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Zaytuna.edu.xml b/src/chrome/content/rules/Zaytuna.edu.xml
new file mode 100644
index 000000000000..9455991bb0b4
--- /dev/null
+++ b/src/chrome/content/rules/Zaytuna.edu.xml
@@ -0,0 +1,15 @@
+<ruleset name="Zaytuna.edu">
+	<target host="zaytuna.edu" />
+	<target host="www.zaytuna.edu" />
+	<target host="blog.zaytuna.edu" />
+	<target host="bookstore.zaytuna.edu" />
+	<target host="dev.zaytuna.edu" />
+	<target host="info.zaytuna.edu" />
+		<test url="http://info.zaytuna.edu/usc/" />
+	<target host="plannedgiving.zaytuna.edu" />
+	<target host="renovatio.zaytuna.edu" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Zazzle-mismatches.xml b/src/chrome/content/rules/Zazzle-mismatches.xml
index 34b72241802d..ebb5ac41e544 100644
--- a/src/chrome/content/rules/Zazzle-mismatches.xml
+++ b/src/chrome/content/rules/Zazzle-mismatches.xml
@@ -1,10 +1,10 @@
-<ruleset name="Zazzle (mismatches)" default_off="mismatch">
+<ruleset name="Zazzle (mismatches)" default_off="mismatched">
 
 	<!--	worldsecuresystems.com (Adobe)	-->
 	<target host="artsprojekt.com"/>
-	<target host="*.artsprojekt.com"/>
+	<target host="www.artsprojekt.com" />
 
-	<securecookie host="^(.*\.)?artsprojekt\.com$" name=".*"/>
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http://(?:www\.)?artsprojekt\.com/"
 		to="https://www.artsprojekt.com/"/>
diff --git a/src/chrome/content/rules/Zazzle.xml b/src/chrome/content/rules/Zazzle.xml
index c8225b112332..8c898844f189 100644
--- a/src/chrome/content/rules/Zazzle.xml
+++ b/src/chrome/content/rules/Zazzle.xml
@@ -1,4 +1,9 @@
 <!--
+	Other Zazzle rulesets:
+
+		- Zcache.com.xml
+
+
 		- www.zazzle.com.112.2o7.net
 
 			- track.www
@@ -15,51 +20,100 @@
 
 	Partially covered subdomains:
 
-		- (www.)	(some pages redirect to http)
+		- www		(some pages redirect to http)
 
 
 	Fully covered domains:
 
 		- zazzle.com subdomains:
 
-			- asset		( → www)
+			- blog
+			- forum
 			- track.www	(→ www-zazzle-com.112.2o7.net)
 			- tracks.www
 
-		- rlv.zcache.com	(→ www.zazzle.com)
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .zazzle.com
+		- forum.zazzle.com
+		- www.zazzle.com
+		- .www.zazzle.com
+
+
+	Mixed content:
+
+		- Images on blog from $self
+		- Ad on www from hire.jobvite.com
 
 -->
-<ruleset name="Zazzle (partial)">
+<ruleset name="Zazzle.com (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="zazzle.com"/>
+	<target host="blog.zazzle.com" />
+	<target host="forum.zazzle.com" />
 	<target host="www.zazzle.com"/>
-		<exclusion pattern="^http://www\.zazzle\.com/($|[\w\+]+pillows|gift|[\w\+]+macbook\+sleeves|printed\+envelopes)"/>
 	<target host="tracks.www.zazzle.com"/>
-	<!--	Akamai	-->
-	<target host="*.zcache.com"/>
 
+	<!--	Special cases:
+				-->
+	<target host="track.www.zazzle.com" />
 
-	<!--	Omniture cookie:
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.zazzle\.com/(?:$|[\w\+]+pillows|gift|[\w\+]+macbook\+sleeves|printed\+envelopes)"/-->
+		<!--
+			Exceptions:
 					-->
-	<securecookie host="^\.zazzle\.com$" name="^s_vi$" />
-
-
-	<rule from="^http://zazzle\.com/"
-		to="https://www.zazzle.com/"/>
-
-	<rule from="^http://www\.zazzle\.com/(assets/|(\w+\+)?cases|c[ro]/|create|css/|custom/|keychains|(kitchen|\w+\+holiday)\+gifts|lgn/|macbook\+sleeves|m[ky]/|newcustomgifts|pd/|pillows|rlv/|svc/|zazzleblack|\w+-\d{10,20})"
-		to="https://www.zazzle.com/$1"/>
+		<exclusion pattern="^http://www\.zazzle\.com/(?!assets/|(\w+\+)?cases|c[ro]/|create|css/|custom/|keychains|(kitchen|\w+\+holiday)\+gifts|lgn/|macbook\+sleeves|m[ky]/|newcustomgifts|pd/|pillows|rlv/|svc/|zazzleblack|\w+-\d{10,20})" />
+
+			<test url="http://www.zazzle.com/aprons" />
+			<test url="http://www.zazzle.com/art" />
+			<test url="http://www.zazzle.com/backpacks" />
+			<test url="http://www.zazzle.com/bumperstickers" />
+			<test url="http://www.zazzle.com/brands" />
+			<test url="http://www.zazzle.com/brandswelove" />
+			<test url="http://www.zazzle.com/businesscards" />
+			<test url="http://www.zazzle.com/cards" />
+			<test url="http://www.zazzle.com/cases" />
+			<test url="http://www.zazzle.com/clipboards" />
+			<test url="http://www.zazzle.com/flasks" />
+			<test url="http://www.zazzle.com/flyers" />
+			<test url="http://www.zazzle.com/gift" />
+			<test url="http://www.zazzle.com/groupon_birthday_cards" />
+			<test url="http://www.zazzle.com/holiday+gifts" />
+			<test url="http://www.zazzle.com/hoodies" />
+			<test url="http://www.zazzle.com/journals" />
+			<test url="http://www.zazzle.com/letterhead" />
+			<test url="http://www.zazzle.com/mousepads" />
+			<test url="http://www.zazzle.com/notebooks" />
+			<test url="http://www.zazzle.com/photocards" />
+			<test url="http://www.zazzle.com/printed+envelopes" />
+			<test url="http://www.zazzle.com/ribbon" />
+			<test url="http://www.zazzle.com/stationery" />
+			<test url="http://www.zazzle.com/sunglasses" />
+			<test url="http://www.zazzle.com/tablecloths" />
+			<test url="http://www.zazzle.com/tiles" />
+			<test url="http://www.zazzle.com/wrappingpaper" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.zazzle\.com$" name="^(abt|bs|general_maturity|us|zm|zs)$" /-->
+	<!--securecookie host="^forum\.zazzle\\.com$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^www\.zazzle\.com$" name="^bs$" /-->
+	<!--securecookie host="^\.www\.zazzle\.com$" name="^s_vi$" /-->
 
-	<rule from="^http://asset\.zcache\.com/"
-		to="https://www.zazzle.com/"/>
+	<securecookie host="^forum.zazzle\.com$" name=".+" />
+	<securecookie host="^\.www\.zazzle\.com$" name="^s_vi$" />
 
-	<rule from="^http://rlv\.zcache\.com/"
-		to="https://www.zazzle.com/rlv/"/>
 
 	<rule from="^http://track\.www\.zazzle\.com/"
 		to="https://www-zazzle-com.112.2o7.net/" />
 
-	<rule from="^http://tracks\.www\.zazzle\.com/"
-		to="https://tracks.www.zazzle.com/"/>
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Zcache.com.xml b/src/chrome/content/rules/Zcache.com.xml
new file mode 100644
index 000000000000..7d6de74406da
--- /dev/null
+++ b/src/chrome/content/rules/Zcache.com.xml
@@ -0,0 +1,25 @@
+<!--
+	For other Zazzle coverage, see Zazzle.xml.
+
+
+	Fully covered domains:
+
+		- asset.zcache.com	( → www.zazzle.com)
+		- rlv.zcache.com	(→ www.zazzle.com)
+
+-->
+<ruleset name="Zcache.com">
+
+	<!--	(Fastly):
+			-->
+	<target host="asset.zcache.com" />
+	<target host="rlv.zcache.com" />
+
+
+	<rule from="^http://asset\.zcache\.com/"
+		to="https://www.zazzle.com/"/>
+
+	<rule from="^http://rlv\.zcache\.com/"
+		to="https://www.zazzle.com/rlv/"/>
+
+</ruleset>
diff --git a/src/chrome/content/rules/Zdassets.com.xml b/src/chrome/content/rules/Zdassets.com.xml
new file mode 100644
index 000000000000..230d27b8dd27
--- /dev/null
+++ b/src/chrome/content/rules/Zdassets.com.xml
@@ -0,0 +1,39 @@
+<!--
+	For other Zendesk coverage, see Zendesk.com.xml.
+
+
+	Fully covered domains:
+
+		- p[1-6].zdassets.com:
+
+-->
+<ruleset name="Zdassets.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="p1.zdassets.com" />
+	<target host="p2.zdassets.com" />
+	<target host="p3.zdassets.com" />
+	<target host="p4.zdassets.com" />
+	<target host="p5.zdassets.com" />
+	<target host="p6.zdassets.com" />
+
+		<test url="http://p1.zdassets.com/images/composite.gif" />
+		<test url="http://p2.zdassets.com/images/composite.gif" />
+		<test url="http://p3.zdassets.com/images/composite.gif" />
+		<test url="http://p4.zdassets.com/images/composite.gif" />
+		<test url="http://p5.zdassets.com/images/composite.gif" />
+		<test url="http://p6.zdassets.com/images/composite.gif" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^p[1-6]\.zdassets\.com$" name="^(_zendesk_shared_session|_zendesk_session)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ze.tt.xml b/src/chrome/content/rules/Ze.tt.xml
new file mode 100644
index 000000000000..e1c5cc5aa1af
--- /dev/null
+++ b/src/chrome/content/rules/Ze.tt.xml
@@ -0,0 +1,14 @@
+<!-- for more Zeit-Online rules  see Zeit.de.xml -->
+<ruleset name="Ze.tt">
+
+	<target host="ze.tt" />
+	<target host="www.ze.tt" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ZeHosting.xml b/src/chrome/content/rules/ZeHosting.xml
deleted file mode 100644
index e094c6207b25..000000000000
--- a/src/chrome/content/rules/ZeHosting.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)	("temporarily unavailable"; self-signed, CN: ne-r004-060cl)
-
--->
-<ruleset name="ZeHosting (partial)">
-
-	<target host="secure.zehosting.com" />
-
-
-	<securecookie host="^secure\.zehosting\.com$" name=".+" />
-
-
-	<rule from="^http://secure\.zehosting\.com/"
-		to="https://secure.zehosting.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Zedo.xml b/src/chrome/content/rules/Zedo.xml
index 8c261d0ad8e0..f7ffbc103def 100644
--- a/src/chrome/content/rules/Zedo.xml
+++ b/src/chrome/content/rules/Zedo.xml
@@ -77,46 +77,22 @@
 	* Secured by us, and no one cares
 
 -->
-<ruleset name="Zedo (partial)">
+<ruleset name="Zedo.com (partial)">
 
-	<target host="*.zedo.com" />
+	<target host="ss1.zedo.com" />
+	<target host="target.zedo.com" />
+	<target host="saxp.zedo.com" />
+	<target host="axp.zedo.com" />
 
 
 	<!--securecookie host="^\.zedo\.com$" name="^(FF\w\w|FFad|FFcat|FFgeo|FFIDA|ZCBC|ZEDOIDA|ZEDOIDX|ZTCEC|ZZRSYNC)" /-->
 	<securecookie host="^(?:target)?\.zedo\.com$" name=".+" />
 
 
-	<rule from="^http://s?axp\.zedo\.com/"
+	<rule from="^http://axp\.zedo\.com/"
 		to="https://saxp.zedo.com/" />
 
-	<rule from="^http://(?:d[1-3]|r1)\.zedo\.com/"
-		to="https://a248.e.akamai.net/f/355/9953/5m/d1.zedo.com/" />
-
-	<rule from="^http://c5\.zedo\.com/"
-		to="https://a248.e.akamai.net/f/426/2931/1h/c5.zedo.com/" />
-
-	<rule from="^http://c7\.zedo\.com/"
-		to="https://a248.e.akamai.net/f/1979/2136/7m/c7.zedo.com/" />
-
-	<rule from="^http://d4\.zedo\.com/"
-		to="https://a248.e.akamai.net/f/296/2092/8/d4.zedo.com/" />
-
-	<rule from="^http://d5\.zedo\.com/"
-		to="https://a248.e.akamai.net/f/724/5364/5m/d5.zedo.com/" />
-
-	<rule from="^http://d6\.zedo\.com/"
-		to="https://a248.e.akamai.net/f/535/6454/9m/d6.zedo.com/" />
-
-	<rule from="^http://d7\.zedo\.com/"
-		to="https://a248.e.akamai.net/f/124/2263/10/d7.zedo.com/" />
-
-	<rule from="^http://d8\.zedo\.com/"
-		to="https://a248.e.akamai.net/f/489/1101/5m/d8.zedo.com/" />
-
-	<rule from="^http://d9\.zedo\.com/"
-		to="https://a248.e.akamai.net/f/48/9886/2m/d9.zedo.com/" />
-
-	<rule from="^http://(ss1|target)\.zedo\.com/"
-		to="https://$1.zedo.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Zee_Agency.com.xml b/src/chrome/content/rules/Zee_Agency.com.xml
new file mode 100644
index 000000000000..2d2fde673df1
--- /dev/null
+++ b/src/chrome/content/rules/Zee_Agency.com.xml
@@ -0,0 +1,17 @@
+<!--
+	CDN buckets:
+
+		- d3ntwnijawp16n.cloudfront.net
+
+-->
+<ruleset name="Zee Agency.com (partial)">
+
+	<!--	Complications:
+				-->
+	<target host="cdn.zeeagency.com" />
+
+
+	<rule from="^http://cdn\.zeeagency\.com/"
+		to="https://d3ntwnijawp16n.cloudfront.net/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Zeedpic69.com.xml b/src/chrome/content/rules/Zeedpic69.com.xml
index cc0ca58dbbd2..26766b313297 100644
--- a/src/chrome/content/rules/Zeedpic69.com.xml
+++ b/src/chrome/content/rules/Zeedpic69.com.xml
@@ -1,21 +1,18 @@
 <!--
-	Mixed content:
+	(www.)?: Connection dropped
 
-		- Images on (www.) from images100.xvideos.com *
-
-	* Unsecurable
 
 -->
-<ruleset name="zeedpic69.com">
+<ruleset name="zeedpic69.com" default_off="refused">
 
 	<target host="zeedpic69.com" />
-	<target host="*.zeedpic69.com" />
+	<target host="www.zeedpic69.com" />
 
 
 	<securecookie host="^(?:w*\.)?zeedpic69\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?zeedpic69\.com/"
-		to="https://$1zeedpic69.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Zefflin.com.xml b/src/chrome/content/rules/Zefflin.com.xml
new file mode 100644
index 000000000000..f32cef302f07
--- /dev/null
+++ b/src/chrome/content/rules/Zefflin.com.xml
@@ -0,0 +1,38 @@
+<!--
+	^zefflin.com: Mismatched
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- www.zefflin.com
+		- .www.zefflin.com
+
+-->
+<ruleset name="Zefflin.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.zefflin.com" />
+
+	<!--	Complications:
+				-->
+	<target host="zefflin.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.zefflin\.com$" name="^language$" /-->
+	<!--securecookie host="^\.www\.zefflin\.com$" name="^is_mobile$" /-->
+
+	<securecookie host="^\." name="^__(?:qca$|utm)" />
+	<securecookie host="^\w" name=".+" />
+	<securecookie host="^\.www\." name=".+" />
+
+
+	<rule from="^http://zefflin\.com/"
+		to="https://www.zefflin.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Zeit.de.xml b/src/chrome/content/rules/Zeit.de.xml
new file mode 100644
index 000000000000..0eae628dd75d
--- /dev/null
+++ b/src/chrome/content/rules/Zeit.de.xml
@@ -0,0 +1,218 @@
+<!--
+	Connection refused:
+		- a2.zeit.de
+		- alumni.zeit.de
+		- api.zeit.de
+		- apollo.zeit.de
+		- archiv.zeit.de
+		- www.archiv.zeit.de
+		- arztsuche.zeit.de
+		- audio.zeit.de
+		- buch.zeit.de
+		- cc01.zeit.de
+		- ccreport.zeit.de
+		- cmsdev.zeit.de
+		- community01.zeit.de
+		- counter.zeit.de
+		- www.debatte.zeit.de
+		- developer.zeit.de
+		- fb.zeit.de
+		- freepda.zeit.de
+		- frenzy.zeit.de
+		- hermes.zeit.de
+		- horchen.zeit.de
+		- ipadbe-stage.zeit.de
+		- hangman.k8s.zeit.de
+		- images.k8s.zeit.de
+		- master.k8s.zeit.de
+		- nixnginx.k8s.zeit.de
+		- prometheus.k8s.zeit.de
+		- prometheus-alerts.k8s.zeit.de
+		- prometheus-pushgw.k8s.zeit.de
+		- puzzle.k8s.zeit.de
+		- puzzle-staging.k8s.zeit.de
+		- rancher.k8s.zeit.de
+		- registry.k8s.zeit.de
+		- zeus.k8s.zeit.de
+		- leto.zeit.de
+		- leto2.zeit.de
+		- m.zeit.de
+		- ma.zeit.de
+		- mail-gw.zeit.de
+		- mailing.zeit.de
+		- media.zeit.de
+		- medien.zeit.de
+		- meinestartseite.zeit.de
+		- member.zeit.de
+		- minos.zeit.de
+		- mobil.zeit.de
+		- mobile.zeit.de
+		- news.zeit.de
+		- www.news.zeit.de
+		- newsletter.zeit.de
+		- onlineftp.zeit.de
+		- ns3.zeit.de
+		- partnersuche.zeit.de
+		- payment.zeit.de
+		- pdf.zeit.de
+		- pdfarchiv.zeit.de
+		- phpscripts.zeit.de
+		- presse.zeit.de
+		- service.zeit.de
+		- reach.zeit.de
+		- redirects.zeit.de
+		- rezensionen.zeit.de
+		- www.rezensionen.zeit.de
+		- schach-alt.zeit.de
+		- schule.zeit.de
+		- shoptest.zeit.de
+		- spiele.zeit.de
+		- tc-angebote.zeit.de
+		- studium.zeit.de
+		- veranstaltungen.zeit.de
+		- vertigo.zeit.de
+		- videoxfer.zeit.de
+		- xml.zeit.de
+		- zeitverlag.zeit.de
+
+	Self-signed cert:
+		- a4-ilo.zeit.de
+		- cds.zeit.de
+		- cds2.zeit.de
+		- e1.zeit.de
+		- ftp.zeit.de
+		- id.zeit.de
+		- mail01.zeit.de
+		- www.mut-zur-nachhaltigkeit.zeit.de
+		- openvpn.zeit.de
+		- remotezv.zeit.de
+		- senioren.zeit.de
+
+	Cert mismatch:
+		- altesblog.zeit.de
+		- angebote.zeit.de
+		- automarkt.zeit.de
+		- hire.boa.zeit.de
+		- cuk.zeit.de
+		- filemaker12.zeit.de
+		- ipadbe2.zeit.de
+		- kunst.zeit.de
+		- mdm.zeit.de
+		- rawrengage.zeit.de
+		- www.premium.zeit.de
+		- premium01.zeit.de
+		- www.ranking.zeit.de
+		- ranking2.zeit.de
+		- studenten.zeit.de
+		- studiengaenge2.zeit.de
+		- uni.zeit.de
+		- veranstaltung.zeit.de
+		- video.zeit.de
+		- www.zeitreisen.zeit.de
+
+	Cert expired:
+		- newblog.zeit.de
+		- schach-test.zeit.de
+		- talk.zeit.de
+		- webapp.zeit.de
+
+	Timeout:
+		- anzeigen.zeit.de
+		- cs-prod.zeit.de
+		- cs-prod-test.zeit.de
+		- immobilien.zeit.de
+		- logging.zeit.de
+		- mantis.zeit.de
+		- services.zeit.de
+		- vivi.zeit.de
+		- web1.zeit.de
+		- webmail3.zeit.de
+		- zip6.zeit.de
+
+	Chain issues:
+		- editor.zeit.de
+		- editor-2.zeit.de
+
+	TLS error:
+		- c4.zeit.de
+		- ferienwohnungen.zeit.de
+		- immowelt.zeit.de
+-->
+<ruleset name="Zeit.de (partial)">
+
+	<target host="zeit.de" />
+	<target host="www.zeit.de" />
+
+	<target host="abo.zeit.de" />
+	<target host="wiki.adpoint.zeit.de" />
+	<target host="autodiscover.zeit.de" />
+	<target host="bitpoll.zeit.de" />
+	<target host="boa.zeit.de" />
+	<target host="blog.zeit.de" />
+	<target host="community.zeit.de" />
+	<target host="community-admin.zeit.de" />
+	<target host="community-api.zeit.de" />
+	<target host="devsudoku.zeit.de" />
+	<target host="epaper.zeit.de" />
+	<target host="fbia.zeit.de" />
+	<target host="hades2.zeit.de" />
+	<target host="hsm.zeit.de" />
+	<target host="herstellung.zeit.de" />
+	<target host="images.zeit.de" />
+	<target host="img.zeit.de" />
+	<target host="inserieren.zeit.de" />
+	<target host="interactive.zeit.de" />
+	<target host="interessentest.zeit.de" />
+	<target host="ipadbe.zeit.de" />
+	<target host="jobs.zeit.de" />
+	<target host="www.jobs.zeit.de" />
+	<target host="mobil.jobs.zeit.de" />
+	<target host="kickerticker.zeit.de" />
+	<target host="kommentare.zeit.de" />
+	<target host="leserservice.zeit.de" />
+	<target host="likes.zeit.de" />
+	<target host="live0.zeit.de" />
+	<target host="mail.zeit.de" />
+	<target host="mailarchiv.zeit.de" />
+	<target host="mailjet.zeit.de" />
+	<target host="marktplatz.zeit.de" />
+	<target host="mailserverbdcas.zeit.de" />
+	<target host="mailserverhhcas.zeit.de" />
+	<target host="meine.zeit.de" />
+	<target host="newsfeed.zeit.de" />
+	<target host="newsletterversand.zeit.de" />
+	<target host="opendata.zeit.de" />
+	<target host="premium.zeit.de" />
+	<target host="push.zeit.de" />
+	<target host="quiz.zeit.de" />
+	<target host="ranking.zeit.de" />
+	<target host="schach.zeit.de" />
+	<target host="schulen.zeit.de" />
+	<target host="share.zeit.de" />
+	<target host="shop.zeit.de" />
+	<target host="www.shop.zeit.de" />
+	<target host="ssl.zeit.de" />
+	<target host="ssl-proxy.zeit.de" />
+	<target host="srv-mail-hhcas.zeit.de" />
+	<target host="static.zeit.de" />
+	<target host="strassennamen.zeit.de" />
+	<target host="stiftungsnewsletter.zeit.de" />
+	<target host="studienfuehrer-test.zeit.de" />
+	<target host="studiengaenge.zeit.de" />
+	<target host="sudoku.zeit.de" />
+	<target host="sudoku-services.zeit.de" />
+	<target host="t.zeit.de" />
+	<target host="verlag.zeit.de" />
+	<target host="verlag-dev.zeit.de" />
+	<target host="z2x.zeit.de" />
+	<target host="zeitreisen.zeit.de" />
+	<target host="zeitakademie.zeit.de" />
+	<target host="zeus.zeit.de" />
+	<target host="zsm.zeit.de" />
+	<target host="zuender.zeit.de" />
+	<target host="www.zuender.zeit.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ZeldaWiki.org.xml b/src/chrome/content/rules/ZeldaWiki.org.xml
new file mode 100644
index 000000000000..4539ccc64c89
--- /dev/null
+++ b/src/chrome/content/rules/ZeldaWiki.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="ZeldaWiki.org">
+	<target host="zeldawiki.org" />
+	<target host="www.zeldawiki.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Zello.com.xml b/src/chrome/content/rules/Zello.com.xml
new file mode 100644
index 000000000000..1cb8f071c424
--- /dev/null
+++ b/src/chrome/content/rules/Zello.com.xml
@@ -0,0 +1,29 @@
+<!--
+	Non-functional subdomains:
+		- a	(HTTP 403 error)
+		- buratino	(e)
+		- i	(HTTP 403 error)
+		- secure	(r)
+		- translate	(HTTP 403 error)
+		- zelloserver65	(t)
+		- zelloserver66	(s)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Zello.com">
+
+	<target host="zello.com" />
+	<target host="www.zello.com" />
+	<target host="blog.zello.com" />
+	<target host="cms-admin.zello.com" />
+	<target host="support.zello.com" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Zeltser.com.xml b/src/chrome/content/rules/Zeltser.com.xml
new file mode 100644
index 000000000000..ccccca58f3f6
--- /dev/null
+++ b/src/chrome/content/rules/Zeltser.com.xml
@@ -0,0 +1,19 @@
+<!--
+	These altnames don't exist:
+
+		- www.cdn.zeltser.com
+
+-->
+<ruleset name="Zeltser.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="zeltser.com" />
+	<target host="cdn.zeltser.com" />
+	<target host="www.zeltser.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Zemanta.xml b/src/chrome/content/rules/Zemanta.xml
index 3f07e57ed4ac..bc6cb8706f2e 100644
--- a/src/chrome/content/rules/Zemanta.xml
+++ b/src/chrome/content/rules/Zemanta.xml
@@ -1,43 +1,53 @@
 <!--
-	CDN buckets:
-
-		- img.zemanta.com.s3.amazonaws.com
-
-		- d1r7mnnsvydqxs.cloudfront.net
-
-			- i.zemanta.com
-
-		- d25rszouhfu52v.cloudfront.net
-
-			- content.zemanta.com
-
-
-	Nonfunctional domains:
-
+	Cert mismatch:
+		- content.zemanta.com
+		- help.zemanta.com
+		- prefs.zemanta.com
+		- reports.zemanta.com
+		- rsscloud.zemanta.com
+
+	Redirect to plain:
 		- (www.)zemanta.com
 
-			- www doesn't work
-			- at least some pages redirect to http
-			- smedia/ 504
-
-		- developer.zemanta.com		(404s)
-		- prefs.zemanta.com		(404s)
-		- (www.)zemantamedia.com	(cert: *.zemanta.com; redirects there)
+	Timeout:
+		- dev.zemanta.com
 
+	TLS error:
+		- ada.zemanta.com
+		- adoops.zemanta.com
+		- edward.zemanta.com
 -->
-<ruleset name="Zemanta (partial)">
-
-	<target host="*.zemanta.com" />
-
-
-	<!--	Tracking beacon.	-->
-	<rule from="^http://img\.zemanta\.com/"
-		to="https://s3.amazonaws.com/img.zemanta.com/" />
-
-	<rule from="^http://content\.zemanta\.com/"
-		to="https://d25rszouhfu52v.cloudfront.net/" />
-
-	<rule from="^http://i\.zemanta\.com/"
-		to="https://d1r7mnnsvydqxs.cloudfront.net/" />
+<ruleset name="Zemanta.com">
+
+	<target host="api.zemanta.com" />
+	<target host="b1-apac1.zemanta.com" />
+	<target host="b1-euc1.zemanta.com" />
+	<target host="b1-lsw-euc1.zemanta.com" />
+	<target host="b1-lsw-use1.zemanta.com" />
+	<target host="b1-us-west-1.zemanta.com" />
+	<target host="b1-use1.zemanta.com" />
+	<target host="b1-use2.zemanta.com" />
+	<target host="b1-usw1.zemanta.com" />
+	<target host="b1.zemanta.com" />
+	<target host="b1t-use1.zemanta.com" />
+	<target host="cookiepixie.zemanta.com" />
+	<target host="fstatic.zemanta.com" />
+	<target host="i.zemanta.com" />
+	<target host="images2.zemanta.com" />
+	<target host="one.zemanta.com" />
+	<target host="oneapi.zemanta.com" />
+	<target host="p1.zemanta.com" />
+	<target host="paid.zemanta.com" />
+	<target host="r1.zemanta.com" />
+	<target host="sapi.zemanta.com" />
+	<target host="static.zemanta.com" />
+	<target host="testr1.zemanta.com" />
+	<target host="thumbs.zemanta.com" />
+	<target host="videos.zemanta.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Zen-Internet.xml b/src/chrome/content/rules/Zen-Internet.xml
index ad92ff7b2eca..4a65d5b8d16b 100644
--- a/src/chrome/content/rules/Zen-Internet.xml
+++ b/src/chrome/content/rules/Zen-Internet.xml
@@ -1,79 +1,44 @@
 <!--
-	For rules causing false/broken MCB, see Zen_Internet-falsemixed.xml.
+	Zen Internet
 
 
-	Problematic subdomains:
+	Problematic hosts in *zen.co.uk:
 
-		- blog	(shows PHP page, CN: localhost.localdomain)
+		- livechat *
 
-
-	Fully covered subdomains:
-
-		- forum
-		- livesupport
-		- myaccount
-		- order
-		- portal
-		- status
-		- webmail
-
-
-	Partially covered subdomains:
-
-		- (www.) *	(^ → www)
-		- blog *	(→ www)
-		- support *
-
-	* Avoiding broken MCB
-
-
-	Mixed content:
-
-		- Scripts on www from blog *
-
-		- css:
-
-			- on support from support *
-			- On www from blog *
-			- On www from www *
-			- On www from fast.fonts.com *
-
-		- Images on support from support *
-
-		- Web bug on www from apis.google.com *
-
-	* Secured by us
-
-
-	NB: We secure all active resources, and thus
-	-falsemixed should be merged for Ffx 24.
+	* Server sends no certificate chain, see https://whatsmychaincert.com
 
 -->
-<ruleset name="Zen Internet (partial)">
+<ruleset name="Zen.co.uk (partial)">
 
 	<target host="zen.co.uk" />
-	<target host="*.zen.co.uk" />
-		<!--
-			Avoid false/broken MCB:
-						-->
-		<exclusion pattern="^http://(?:www\.)?zen\.co\.uk/blog(?!/wp-content/|/wp-includes/)" />
-		<exclusion pattern="^http://support\.zen\.co\.uk/(?!kb/(?:(?:Knowledgebase/)?BotDetectCaptcha\.ashx|Globalization/|js/|Logon/|(?:Script|Web)Resource\.axd|Skins/)|template/)" />
-
-
-	<!--securecookie host="^\.zen\.co\.uk$" name="^(NavigationUrlCookie|__utm\w|ZenAnonIdCookie)$" /-->
-	<securecookie host="(?!support\.).*\.zen\.co\.uk$" name=".+" />
+	<target host="blog.zen.co.uk" />
+	<target host="forum.zen.co.uk" />
+	<!--target host="livechat.zen.co.uk" /-->
+	<target host="myaccount.zen.co.uk" />
+	<target host="order.zen.co.uk" />
+	<target host="portal.zen.co.uk" />
+	<target host="status.zen.co.uk" />
+	<target host="support.zen.co.uk" />
+	<target host="webmail.zen.co.uk" />
+	<target host="www.zen.co.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.zen\.co\.uk$" name="^(NavigationUrlCookie|ZenAnonIdCookie)$" /-->
+	<!--securecookie host="^forum\.zen\.co\.uk$" name="^(CommunityServer-LastVisitUpdated-\d+|CommunityServer-UserCookie\d+)$" /-->
+	<!--securecookie host="^((myaccount|order|portal|status|www)\.)?zen\.co\.uk$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^myaccount\.zen\.co\.uk$" name="^CookiesAllowed$" /-->
+	<!--securecookie host="^support\.zen\.co\.uk$" name="^(IKB_CurrentURL|IKB_InstantKBLastVisit)$" /-->
+	<!--securecookie host="^webmail\.zen\.co\.uk$" name="^PHPSESSID$" /-->
 
+	<!--securecookie host="^\.zen\.co\.uk$" name="^__utm\w$" /-->
 
-	<!--	^ redirects to www over http,
-		so copy that behavior:
-					-->
-	<rule from="^http://(?:www\.)?zen\.co\.uk/"
-		to="https://www.zen.co.uk/" />
+	<securecookie host=".+" name=".+"/>
 
-	<rule from="^http://blog\.zen\.co\.uk/wp-(content|includes)/"
-		to="https://www.zen.co.uk/blog/wp-$1/" />
 
-	<rule from="^http://(forum|livesupport|myaccount|order|portal|status|support|webmail)\.zen\.co\.uk/"
-		to="https://$1.zen.co.uk/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/ZenCDN.net.xml b/src/chrome/content/rules/ZenCDN.net.xml
new file mode 100644
index 000000000000..42851cc95380
--- /dev/null
+++ b/src/chrome/content/rules/ZenCDN.net.xml
@@ -0,0 +1,17 @@
+<!--
+	For other Brightcove coverage, see Brightcove.xml.
+
+-->
+<ruleset name="ZenCDN.net">
+
+	<target host="a.zencdn.net"/>
+	<target host="vjs.zencdn.net"/>
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:"/>
+
+</ruleset>
diff --git a/src/chrome/content/rules/ZenCache.com.xml b/src/chrome/content/rules/ZenCache.com.xml
new file mode 100644
index 000000000000..f64ab64d4284
--- /dev/null
+++ b/src/chrome/content/rules/ZenCache.com.xml
@@ -0,0 +1,16 @@
+<!--
+	For other WebSharks coverage, see WebSharks-Inc.com.xml.
+
+-->
+<ruleset name="ZenCache.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="zencache.com" />
+	<target host="www.zencache.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ZenClerk.com.xml b/src/chrome/content/rules/ZenClerk.com.xml
new file mode 100644
index 000000000000..2a6d6aec3812
--- /dev/null
+++ b/src/chrome/content/rules/ZenClerk.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="ZenClerk">
+
+	<target host="f1.zenclerk.com" />
+
+	<exclusion pattern="^http://f1\.zenclerk\.com/$" />
+
+	<test url="http://f1.zenclerk.com/publish/ponpare.js" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ZenHAX.com.xml b/src/chrome/content/rules/ZenHAX.com.xml
new file mode 100644
index 000000000000..fd858e1e487e
--- /dev/null
+++ b/src/chrome/content/rules/ZenHAX.com.xml
@@ -0,0 +1,18 @@
+<!--
+	ZenHAX.com has a wildcard DNS record. Non-existant subdomains have a self-signed certificate.
+
+	Mismatched:
+		- old
+
+	Refused:
+		- kotakubackup
+-->
+
+<ruleset name="ZenHAX.com">
+	<target host="zenhax.com" />
+	<target host="www.zenhax.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ZenMate.com.xml b/src/chrome/content/rules/ZenMate.com.xml
new file mode 100644
index 000000000000..9ea522325d3a
--- /dev/null
+++ b/src/chrome/content/rules/ZenMate.com.xml
@@ -0,0 +1,159 @@
+<!--
+	NB: Tor users cannot view* this website due to CloudFlare settings.
+
+	See:
+
+		- https://blog.torproject.org/blog/call-arms-helping-internet-services-accept-anonymous-users
+		- https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block-Tor-
+		- https://support.cloudflare.com/hc/en-us/articles/200170206-How-do-I-turn-I-m-Under-Attack-mode-on-
+
+	* without enabling javascript, for security and privacy implications see e.g.:
+
+		- https://www.mozilla.org/security/known-vulnerabilities/firefox.html
+		- https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-fingerprinting
+		- https://panopticlick.eff.org
+
+
+	Insecure cookies are set for these domains:
+
+		- .zenmate.com
+
+go.zenmate.com ¹
+email.zenmate.com ⁶
+www.zenmate.cl ¹
+
+
+¹ mismatch
+⁶ redirect
+-->
+<ruleset name="ZenMate.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="zenmate.com" />
+	<target host="www.zenmate.com" />
+	<target host="au.zenmate.com" />
+	<target host="blog.zenmate.com" />
+	<target host="business.zenmate.com" />
+	<target host="cz.zenmate.com" />
+	<target host="de.zenmate.com" />
+	<target host="geo.zenmate.com" />
+	<target host="sa.zenmate.com" />
+	<target host="secure.zenmate.com" />
+	<target host="support.zenmate.com" />
+	<target host="tr.zenmate.com" />
+	<target host="ua.zenmate.com" />
+	<target host="zenmate.ae" />
+	<target host="www.zenmate.ae" />
+	<target host="zenmate.at" />
+	<target host="www.zenmate.at" />
+	<target host="zenmate.be" />
+	<target host="www.zenmate.be" />
+	<target host="fr.zenmate.be" />
+	<target host="zenmate.ca" />
+	<target host="www.zenmate.ca" />
+	<target host="fr.zenmate.ca" />
+	<target host="zenmate.ch" />
+	<target host="www.zenmate.ch" />
+	<target host="fr.zenmate.ch" />
+	<target host="it.zenmate.ch" />
+	<target host="zenmate.cl" />
+	<target host="www.zenmate.cl" />
+	<target host="zenmate.co" />
+	<target host="www.zenmate.co" />
+	<target host="zenmate.co.id" />
+	<target host="www.zenmate.co.id" />
+	<target host="zenmate.co.il" />
+	<target host="www.zenmate.co.il" />
+	<target host="zenmate.co.nz" />
+	<target host="www.zenmate.co.nz" />
+	<target host="zenmate.co.uk" />
+	<target host="www.zenmate.co.uk" />
+	<target host="zenmate.com.ar" />
+	<target host="www.zenmate.com.ar" />
+	<target host="zenmate.com.br" />
+	<target host="www.zenmate.com.br" />
+	<target host="zenmate.com.pa" />
+	<target host="www.zenmate.com.pa" />
+	<target host="zenmate.com.pe" />
+	<target host="www.zenmate.com.pe" />
+	<target host="zenmate.com.ph" />
+	<target host="www.zenmate.com.ph" />
+	<target host="zenmate.com.ru" />
+	<target host="www.zenmate.com.ru" />
+	<target host="zenmate.com.ve" />
+	<target host="www.zenmate.com.ve" />
+	<target host="zenmate.de" />
+	<target host="www.zenmate.de" />
+	<target host="zenmate.dk" />
+	<target host="www.zenmate.dk" />
+	<target host="zenmate.es" />
+	<target host="www.zenmate.es" />
+	<target host="zenmate.fi" />
+	<target host="www.zenmate.fi" />
+	<target host="zenmate.fr" />
+	<target host="www.zenmate.fr" />
+	<target host="zenmate.hk" />
+	<target host="www.zenmate.hk" />
+	<target host="zenmate.hu" />
+	<target host="www.zenmate.hu" />
+	<target host="zenmate.ie" />
+	<target host="www.zenmate.ie" />
+	<target host="zenmate.in" />
+	<target host="www.zenmate.in" />
+	<target host="hi.zenmate.in" />
+	<target host="zenmate.is" />
+	<target host="www.zenmate.is" />
+	<target host="zenmate.it" />
+	<target host="www.zenmate.it" />
+	<target host="zenmate.jp" />
+	<target host="www.zenmate.jp" />
+	<target host="zenmate.kr" />
+	<target host="www.zenmate.kr" />
+	<target host="zenmate.li" />
+	<target host="www.zenmate.li" />
+	<target host="zenmate.lt" />
+	<target host="www.zenmate.lt" />
+	<target host="zenmate.lu" />
+	<target host="www.zenmate.lu" />
+	<target host="zenmate.lv" />
+	<target host="www.zenmate.lv" />
+	<target host="zenmate.ma" />
+	<target host="www.zenmate.ma" />
+	<target host="zenmate.mx" />
+	<target host="www.zenmate.mx" />
+	<target host="zenmate.my" />
+	<target host="www.zenmate.my" />
+	<target host="zenmate.nl" />
+	<target host="www.zenmate.nl" />
+	<target host="zenmate.pk" />
+	<target host="www.zenmate.pk" />
+	<target host="zenmate.pl" />
+	<target host="www.zenmate.pl" />
+	<target host="zenmate.pt" />
+	<target host="www.zenmate.pt" />
+	<target host="zenmate.ro" />
+	<target host="www.zenmate.ro" />
+	<target host="zenmate.se" />
+	<target host="www.zenmate.se" />
+	<target host="zenmate.sg" />
+	<target host="www.zenmate.sg" />
+	<target host="zenmate.vn" />
+	<target host="www.zenmate.vn" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.zenmate\.com$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+
+
+	<rule from="^http://www\.zenmate\.cl/"
+		to="https://zenmate.cl/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Zen_Cart.xml b/src/chrome/content/rules/Zen_Cart.xml
index d37776d8ff74..bb6048949079 100644
--- a/src/chrome/content/rules/Zen_Cart.xml
+++ b/src/chrome/content/rules/Zen_Cart.xml
@@ -1,19 +1,21 @@
 <!--
-	Nonfunctional subdomains:
+	Nonfunctional hosts in *zen-cart.com:
 
-		- tutorials	(shows www; mismatched, CN: zen-cart.com
+		- tutorials *
+
+	* Shows www.zen-cart.com
 
 -->
-<ruleset name="Zen Cart (partial)">
+<ruleset name="Zen-Cart.com (partial)">
 
 	<target host="zen-cart.com" />
 	<target host="www.zen-cart.com" />
 
 
-	<securecookie host="^www\.zen-cart\.com$" name=".+" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^http://(www\.)?zen-cart\.com/"
-		to="https://$1zen-cart.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Zen_Internet-falsemixed.xml b/src/chrome/content/rules/Zen_Internet-falsemixed.xml
deleted file mode 100644
index cffd8c523ae6..000000000000
--- a/src/chrome/content/rules/Zen_Internet-falsemixed.xml
+++ /dev/null
@@ -1,34 +0,0 @@
-<!--
-	For rules that don't cause false/broken MCB, see Zen-Internet.xml.
-
--->
-<ruleset name="Zen Internet (false MCB)" platform="mixedcontent">
-
-	<target host="zen.co.uk" />
-	<target host="blog.zen.co.uk" />
-	<target host="support.zen.co.uk" />
-		<!--exclusion pattern="^http://support\.zen\.co\.uk/(kb/((Knowledgebase/)?BotDetectCaptcha\.ashx|Globalization/|js/|Logon/|(Script|Web)Resource\.axd|Skins/)|template/)" /-->
-	<target host="www.zen.co.uk" />
-		<!--
-			Handled in Zen-Internet.xml:
-							-->
-		<exclusion pattern="^http://(?:www\.)?zen\.co\.uk/(?!blog(?!/wp-content/|wp-includes/))" />
-		<exclusion pattern="^http://blog\.zen\.co\.uk/wp-(?:content|includes)/" />
-
-
-	<securecookie host="^support\.zen\.co\.uk$" name=".+" />
-
-
-	<!--	^ redirects to www over http,
-		so copy that behavior:
-					-->
-	<rule from="^http://(?:www\.)?zen\.co\.uk/"
-		to="https://www.zen.co.uk/" />
-
-	<rule from="^http://blog\.zen\.co\.uk/"
-		to="https://www.zen.co.uk/blog/" />
-
-	<rule from="^http://support\.zen\.co\.uk/(?!kb/(?:(?:Knowledgebase/)?BotDetectCaptcha\.ashx|Globalization/|js/|Logon/|(?:Script|Web)Resource\.axd|Skins/)|template/)"
-		to="https://support.zen.co.uk/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Zencoder.xml b/src/chrome/content/rules/Zencoder.xml
index 53b0f2c722c3..d0ddd31f75ab 100644
--- a/src/chrome/content/rules/Zencoder.xml
+++ b/src/chrome/content/rules/Zencoder.xml
@@ -1,27 +1,54 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://blog.zencoder.com/ => https://blog.zencoder.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
 	For other Brightcove coverage, see Brightcove.xml.
 
 
-	Fully covered subdomains:
+	Problematic hosts in *zencoder.com:
+
+		- help ʳ
+		- status ʳ
+
+	ʳ Refused
+
 
-		- (www.)
-		- app
+	Mixed content:
+
+		- Images from photos\d.meetupstatic.com *
+
+	* Secured by us
 
 -->
-<ruleset name="Zencoder (partial)">
+<ruleset name="Zencoder.com (partial)" default_off="failed ruleset test">
 
-	<target host="*.zencdn.net"/>
+	<!--	Direct rewrites:
+				-->
 	<target host="zencoder.com" />
-	<target host="*.zencoder.com" />
+	<target host="app.zencoder.com" />
+	<target host="blog.zencoder.com" />
+	<target host="www.zencoder.com" />
+
+	<!--	Complications:
+				-->
+	<target host="help.zencoder.com" />
+	<!--target host="status.zencoder.com" /-->
+
 
+	<securecookie host=".+" name=".+" />
 
-	<securecookie host="^(?:app)?\.zencoder\.com$" name=".+" />
 
+	<!--	Redirect keeps path, args,
+		and forward slash:
+					-->
+	<rule from="^http://help\.zencoder\.com/"
+		to="https://app.zencoder.com/docs/" />
 
-	<rule from="^http://(a|vjs)\.zencdn\.net/"
-		to="https://$1.zencdn.net/"/>
+	<!--rule from="^http://status\.zencoder\.com/"
+		to="https://status.brightcove.com/" /-->
 
-	<rule from="^http://(app\.|www\.)?zencoder\.com/"
-		to="https://$1zencoder.com/" />
+	<rule from="^http:"
+		to="https:"/>
 
 </ruleset>
diff --git a/src/chrome/content/rules/Zend.com-falsemixed.xml b/src/chrome/content/rules/Zend.com-falsemixed.xml
deleted file mode 100644
index f931bd62d3ef..000000000000
--- a/src/chrome/content/rules/Zend.com-falsemixed.xml
+++ /dev/null
@@ -1,28 +0,0 @@
-<!--
-	For rules that don't cause false/broken MCB, see Zend.xml.
-
--->
-<ruleset name="Zend (false MCB)" platform="mixedcontent">
-
-	<target host="zend.com" />
-	<target host="shop.zend.com" />
-	<!--	* for wildcard cookie:	-->
-	<target host="*.shop.zend.com" />
-	<target host="www.zend.com" />
-		<!--
-			Handled in Zend.xml:
-						-->
-		<exclusion pattern="^http://(?:www\.)?zend\.com/(?:favicon\.ico|\w\w/user(?:$|[?/]))" />
-		<exclusion pattern="^http://shop\.zend\.com/(?:checkout(?:$|[?/])|favicon\.ico)" />
-
-
-	<securecookie host=".+\.zend\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?zend\.com/"
-		to="https://www.zend.com/" />
-
-	<rule from="^http://shop\.zend\.com/"
-		to="https://shop.zend.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Zend.xml b/src/chrome/content/rules/Zend.xml
index 9fd977f8e368..2f8dd5f46ee3 100644
--- a/src/chrome/content/rules/Zend.xml
+++ b/src/chrome/content/rules/Zend.xml
@@ -1,5 +1,11 @@
+
 <!--
-	For rules that cause false/broken MCB, see Zend.com-falsemixed.xml.
+Disabled by https-everywhere-checker because:
+Fetch error: http://support.zend.com/ => https://support.zend.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	Other Zend rulesets:
+
+		- Apigility.org.xml
 
 
 	CDN buckets:
@@ -8,93 +14,71 @@
 		- static-zend.pantherssl.com
 
 
-	Nonfunctional subdomains:
+	Nonfunctional hosts in *zend.com:
 
-		- forums	(dropped)
-		- framework	(reset)
+		- blog *
+		- forums *
 
+	* 403
 
-	Problematic subdomains:
 
-		- ^	(works, cert only matches www)
+	Problematic hosts in *zend.com:
 
-
-	Observed cookie domains:
-
-		- .
-		- forums
-		- .forums
+		- ^ *
 		- framework *
-		- .framework
-		- shop *
-		- .shop
-
-	* Tracking cookies only
-
-
-	Fully covered subdomains:
-
-		- static	(→ (shop|static)-zend.pantherssl.com)
-
 
-	Partially covered subdomains:
+	* Mismatched
 
-		- (www.) *	(^ → www)
-		- shop *
 
-	* Avoiding false/broken MCB, rest handled in Zend.com-falsemixed.xml
+	Insecure cookies are set for these domains and hosts:
 
+		- .zend.com
+		- pages.zend.com
+		- shop.zend.com *
+		- .shop.zend.com
+		- www.zend.com
 
-	Mixed content:
-
-		- Script on www from static *
-
-		- css, on:
+	* Tracking cookies only
 
-			- shop from static *
-			- www from static *
 
-		- Images, on:
+	These altnames don't exist:
 
-			- shop from static *
-			- www from static *
+		- www.pages.zend.com
 
-	* Secured by us
+-->
+<ruleset name="Zend.com (partial)" default_off="failed ruleset test">
 
+	<!--	Direct rewrites:
+				-->
+	<target host="pages.zend.com" />
+	<target host="shop.zend.com" />
+	<target host="support.zend.com" />
+	<target host="www.zend.com" />
 
-	NB: We secure all resources, and thus
-	-falsemixed should be merged for Ffx 24.
+	<!--	Complications:
+				-->
+	<target host="zend.com" />
+	<target host="static.zend.com" />
 
--->
-<ruleset name="Zend (partial)">
+		<test url="http://static.zend.com/shop/" />
 
-	<target host="zend.com" />
-	<target host="*.zend.com" />
-		<!--
-			Avoiding false/broken MCB:
-							-->
-		<exclusion pattern="^http://(?:www\.)?zend\.com/(?!favicon\.ico|\w\w/user(?:$|[?/]))" />
-		<exclusion pattern="^http://shop\.zend\.com/(?!checkout(?:$|[?/])|favicon\.ico)" />
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.zend\.com$" name="^iep$" /-->
+	<!--securecookie host="^pages\.zend\.com$" name="^BIGipServer.*" /-->
+	<!--securecookie host="^shop\.zend\.com$" name="^(?:\d{8}-SKEY|\d{8}-VID|HumanClickSiteContainerID_\d{8}|lpFPCtest|VIEWED_PRODUCTS)$" /-->
+	<!--securecookie host="^\.shop\.zend\.com$" name="^frontend$" /-->
+	<!--securecookie host="^www\.zend\.com$" name="^PHPSESSID$" /-->
 
 	<securecookie host="^\.zend\.com$" name="^__utm\w$" />
-	<!--
-		Is this safe to secure here?
-						-->
-	<!--securecookie host="^\.zend\.com$" name="^iep$" /-->
-	<!--
-		Uncomment this when -falsemixed.xml is merged:
-								-->
-	<!--securecookie host="^.*\.zend\.com$" name=".*" /-->
-	<securecookie host="^shop\.zend\.com$" name="^(?:\d{8}-SKEY|\d{8}-VID|HumanClickSiteContainerID_\d{8}|lpFPCtest|VIEWED_PRODUCTS)$" />
+	<securecookie host="^\.shop\.zend\.com$" name=".+" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?zend\.com/"
+	<rule from="^http://zend\.com/"
 		to="https://www.zend.com/" />
 
-	<rule from="^http://shop\.zend\.com/"
-		to="https://shop.zend.com/" />
-
 	<!--	NB: Must catch this before the next rule.	-->
 	<rule from="^http://static\.zend\.com/shop/"
 		to="https://shop-zend.pantherssl.com/" />
@@ -102,4 +86,6 @@
 	<rule from="^http://static\.zend\.com/"
 		to="https://static-zend.pantherssl.com/" />
 
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Zend2.com.xml b/src/chrome/content/rules/Zend2.com.xml
new file mode 100644
index 000000000000..cdb689987ce4
--- /dev/null
+++ b/src/chrome/content/rules/Zend2.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="Zend2.com">
+	<target host="zend2.com" />
+	<target host="www.zend2.com" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Zendesk.com.xml b/src/chrome/content/rules/Zendesk.com.xml
index ce67d5dada12..95ea82e95a80 100644
--- a/src/chrome/content/rules/Zendesk.com.xml
+++ b/src/chrome/content/rules/Zendesk.com.xml
@@ -1,4 +1,9 @@
 <!--
+	Other Zendesk rulesets:
+
+		- Zdassets.com.xml
+
+
 	CDN buckets:
 
 		- s3.amazonaws.com/zd-assets/ | d16cvnquvjw7pr.cloudfront.net
@@ -14,36 +19,72 @@
 		- widgets/
 
 
+	Problematic domains:
+
+		- cdn.zendesk.com *
+		- hello.zendesk.com *
+		- app.hello.zendesk.com *
+		- radar.zendesk.com *
+
+	* Mismatched
+
 	Fully covered domains:
 
-		- p1.zdassets.com
+		- p6assets.zendesk.com
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- www from s3.amazonaws.com
+			- www from d26a57ydsghvgx.cloudfront.net
 
 -->
-<ruleset name="Zendesk (partial)" platform="mixedcontent">
+<ruleset name="Zendesk.com (partial)">
 
-	<target host="p1.zdassets.com" />
 	<target host="zendesk.com" />
 	<target host="*.zendesk.com" />
-		<!--
-			https://trac.torproject.org/projects/tor/ticket/8198
-								-->
-		<exclusion pattern="^http://(?:video|developer)\." />
-		<!--
-			Redirects to http:
-						-->
-		<exclusion pattern="^http://[\w-]+\.zendesk\.com/forums(?:$|\?)" />
 
+		<exclusion pattern="^http://hello\.zendesk\.com/" />
+		<test url="http://hello.zendesk.com/" />
+
+		<!-- See https://github.com/EFForg/https-everywhere/issues/9159 -->
+		<exclusion pattern="^http://app\.hello\.zendesk\.com/" />
+		<test url="http://app.hello.zendesk.com/" />
+
+		<exclusion pattern="^http://radar\.zendesk\.com/" />
+		<test url="http://radar.zendesk.com/" />
+
+		<exclusion pattern="^http://video\.zendesk\.com/" />
+		<test url="http://video.zendesk.com/" />
+
+		<!--	Direct rewrites:
+					-->
+		<test url="http://developer.zendesk.com/" />
+		<test url="http://support.zendesk.com/" />
+		<test url="http://www.zendesk.com/" />
+
+		<!--	Special cases:
+					-->
+		<test url="http://cdn.zendesk.com/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.zendesk\.com$" name="^(__cfduid|__qca|cf_clearance)$" /-->
+	<!--securecookie host="^p6assets\.zendesk\.com$" name="^(_zendesk_session|_zendesk_shared_session)$" /-->
 
 	<!--securecookie host="^(.*\.)?zendesk\.com$" name=".+" /-->
 
+	<securecookie host="^\.zendesk\.com$" name="^(?:__cfduid|__qca|cf_clearance)$" />
+	<securecookie host="^p\dassets\.zendesk\.com$" name=".+" />
 
-	<rule from="^http://p1\.zdassets\.com/"
-		to="https://p1.zdassets.com/" />
 
 	<rule from="^http://cdn\.zendesk\.com/"
 		to="https://d16cvnquvjw7pr.cloudfront.net/" />
 
-	<rule from="^http://([\w-]+\.)?zendesk\.com/"
-		to="https://$1zendesk.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Zendy_Labs.xml b/src/chrome/content/rules/Zendy_Labs.xml
deleted file mode 100644
index a7cc8454adfd..000000000000
--- a/src/chrome/content/rules/Zendy_Labs.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Zendy Labs">
-
-	<target host="zendylabs.com" />
-	<target host="*.zendylabs.com" />
-
-
-	<securecookie host="^(?:w*\.)?zendylabs\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?zendylabs\.com/"
-		to="https://$1zendylabs.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Zenfolio.xml b/src/chrome/content/rules/Zenfolio.xml
index 860989a0eb60..213bc332b659 100644
--- a/src/chrome/content/rules/Zenfolio.xml
+++ b/src/chrome/content/rules/Zenfolio.xml
@@ -1,4 +1,4 @@
-<ruleset name="Zenfolio (partial)">
+<ruleset name="Zenfolio (partial)" default_off="Needs ruleset tests">
 
 	<target host="zenfolio.com" />
 	<target host="*.zenfolio.com" />
@@ -14,11 +14,11 @@
 
 	<!--	Akamai; "An error occurred"	-->
 	<rule from="^http://cdn\.zenfolio\.net/"
-		to="https://www.zenfolio.com/" />
+		to="https://secure.zenfolio.com/" />
+
 
-	
-	<rule from="^http://(?:www\.)?zenfolio\.com/zf/(css/|img/|login\.aspx)"
-		to="https://secure.zenfolio.com/zf/$1" />
+	<rule from="^http://(?:www\.)?zenfolio\.com/zf/(?=css/|img/|login\.aspx)"
+		to="https://secure.zenfolio.com/zf/" />
 
 	<rule from="^http://(?:www\.)?zenfolio\.com/zf/transfer/s/"
 		to="https://secure.zenfolio.com/zf/" />
diff --git a/src/chrome/content/rules/Zenger.nl.xml b/src/chrome/content/rules/Zenger.nl.xml
new file mode 100644
index 000000000000..d83541d6e39c
--- /dev/null
+++ b/src/chrome/content/rules/Zenger.nl.xml
@@ -0,0 +1,28 @@
+<!--
+	^zenger.nl: Shows freedominc.nl
+	www.zenger.nl: Mismatched
+
+-->
+<ruleset name="Zenger.nl (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="rejo.zenger.nl" />
+
+	<!--	Complications:
+				-->
+	<target host="www.zenger.nl" />
+
+
+	<!--	Redirect keeps path and args,
+		but not forward slash:
+					-->
+	<rule from="^http://www\.zenger\.nl/+"
+		to="https://www.axelarnbak.nl/" />
+
+		<test url="http://www.zenger.nl//" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ZeniMax-Media-mismatches.xml b/src/chrome/content/rules/ZeniMax-Media-mismatches.xml
deleted file mode 100644
index abfa6935b474..000000000000
--- a/src/chrome/content/rules/ZeniMax-Media-mismatches.xml
+++ /dev/null
@@ -1,30 +0,0 @@
-<!--
-	For rules that are on by default, see ZeniMax-Media.xml.
-
--->
-<ruleset name="ZeniMax Media (mismatches)" default_off="mismatch">
-
-	<target host="bethblog.com" />
-	<target host="www.bethblog.com" />
-	<target host="dishonored.com" />
-	<target host="www.dishonored.com" />
-	<target host="elderscrolls.com" />
-	<target host="www.elderscrolls.com" />
-	<target host="zenimax.com" />
-	<target host="*.zenimax.com" />
-	<target host="zenimaxonline.com" />
-	<target host="www.zenimaxonline.com" />
-
-
-	<securecookie host="^(?:.*\.)?(?:bethblog|dishonored|elderscrolls|zenimax)\.com$" name=".+" />
-
-
-	<!--	!www redirects to www.
-						-->
-	<rule from="^http://(?:www\.)?(bethblog|dishonored|elderscrolls|zenimax(?:online)?)\.com/"
-		to="https://www.$1.com/" />
-
-	<rule from="^http://jobs\.zenimax\.com/"
-		to="https://jobs.zenimax.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/ZeniMax-Media.xml b/src/chrome/content/rules/ZeniMax-Media.xml
deleted file mode 100644
index 550e40ba9be5..000000000000
--- a/src/chrome/content/rules/ZeniMax-Media.xml
+++ /dev/null
@@ -1,51 +0,0 @@
-<!--
-	For problematic rules, see ZeniMax-Media-mismatches.xml.
-
-
-	Other ZeniMax Media rulesets:
-
-		- Arkane-Studios.xml
-		- Bethsoft.com.xml
-		- Id-Software.xml
-
-
-	There's a bucket at s3.amazonaws.com/zenimax/
-
-	Possibly another bucket at zm-static.s3.amazonaws.com
-
-
-	CDN buckets:
-
-		- d1z7bw3wiqzsm4.cloudfront.net
-			- static.zenimax.com
-
-
-	Problematic domains:
-
-		- (www.)bethblog.com *
-		- (www.)dishonored.com *
-		- (www.)elderscrolls.com *
-		- (www.)zenimax.com *
-		- jobs.zenimax.com *
-		- (www.)zenimaxonline.com *
-
-	* Mismatch, CN: *.bethsoft.com
-
-
-	Fully covered domains:
-
-		- static.zenimax.com
-
--->
-<ruleset name="ZeniMax Media (partial)">
-
-	<target host="cms.elderscrolls.com" />
-	<target host="static.zenimax.com" />
-
-
-	<!--	Protocol-relative links on forums.bethsoft.com:
-								-->
-	<rule from="^https?://static\.zenimax\.com/"
-		to="https://d1z7bw3wiqzsm4.cloudfront.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/ZeniMax.com.xml b/src/chrome/content/rules/ZeniMax.com.xml
new file mode 100644
index 000000000000..14408de6f152
--- /dev/null
+++ b/src/chrome/content/rules/ZeniMax.com.xml
@@ -0,0 +1,38 @@
+<!--
+	Other ZeniMax Media rulesets:
+
+		- Arkane-Studios.com.xml
+		- Bethsoft.com.xml
+		- ElderScrolls.com.xml
+		- Elder_Scrolls_Online.com.xml
+		- Dishonored.com.xml
+		- ZeniMaxOnline.com.xml
+
+	Timeout:
+		dialin.zenimax.com
+
+	Login required:
+		ausvpn.zenimax.com
+
+	Invalid certificate:
+		cdn.zenimax.com
+
+	No working URL known:
+		lyncwebext.zenimax.com
+		meet.zenimax.com
+
+-->
+<ruleset name="ZeniMax.com">
+
+	<target host="zenimax.com" />
+	<target host="www.zenimax.com" />
+	<target host="download.zenimax.com" />
+	<target host="jobs.zenimax.com" />
+	<target host="static.zenimax.com" />
+		<test url="http://static.zenimax.com/bethblog/oldcontent/bright_shiny.jpg" />
+		<test url="http://static.zenimax.com/forums.bethsoft.com/public/style_emoticons/default/tes.gif" />
+		<test url="http://static.zenimax.com/bethblog/oldcontent/Akaviri_banner.jpg" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ZeniMaxOnline.com.xml b/src/chrome/content/rules/ZeniMaxOnline.com.xml
new file mode 100644
index 000000000000..7b16cd9b636b
--- /dev/null
+++ b/src/chrome/content/rules/ZeniMaxOnline.com.xml
@@ -0,0 +1,21 @@
+<!--
+	For other ZeniMax Media rules, see ZeniMax.com.xml
+
+	Invalid certificate:
+		zenimaxonline.com
+
+	Login required:
+		spam.zenimaxonline.com
+
+-->
+<ruleset name="ZeniMax Online.com">
+
+	<target host="zenimaxonline.com" />
+	<target host="www.zenimaxonline.com" />
+
+	<rule from="^http://zenimaxonline\.com/"
+		to="https://www.zenimaxonline.com/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ZenithMedia.net.xml b/src/chrome/content/rules/ZenithMedia.net.xml
new file mode 100644
index 000000000000..fe4929c73ff6
--- /dev/null
+++ b/src/chrome/content/rules/ZenithMedia.net.xml
@@ -0,0 +1,8 @@
+<ruleset name="ZenithMedia.net">
+	<target host="zenithmedia.net" />
+	<target host="www.zenithmedia.net" />
+	<target host="analytics.zenithmedia.net" />
+	<target host="baltazar.zenithmedia.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Zenodo.org.xml b/src/chrome/content/rules/Zenodo.org.xml
new file mode 100644
index 000000000000..a524d7f1456f
--- /dev/null
+++ b/src/chrome/content/rules/Zenodo.org.xml
@@ -0,0 +1,21 @@
+<!--
+	Invalid certificate:
+		about.zenodo.org
+		blog.zenodo.org
+		developers.zenodo.org
+		help.zenodo.org
+
+-->
+<ruleset name="Zenodo.org">
+
+	<target host="zenodo.org" />
+	<target host="www.zenodo.org" />
+	<target host="sandbox.zenodo.org" />
+	<target host="status.zenodo.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Zenos_Forensic_Site.xml b/src/chrome/content/rules/Zenos_Forensic_Site.xml
index 14957eaf4cf3..90f47d3ed2aa 100644
--- a/src/chrome/content/rules/Zenos_Forensic_Site.xml
+++ b/src/chrome/content/rules/Zenos_Forensic_Site.xml
@@ -1,13 +1,17 @@
-<ruleset name="Zeno's Forensic Site">
+<!--
+	Zeno's Forensic Site
+
+-->
+<ruleset name="Forensic.to" default_off="expired">
 
 	<target host="forensic.to" />
 	<target host="www.forensic.to" />
 
 
-	<securecookie host="^(?:www\.)?forensic\.to$" name=".+" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^http://(www\.)?forensic\.to/"
-		to="https://$1forensic.to/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Zenspider.com.xml b/src/chrome/content/rules/Zenspider.com.xml
index 4816fc0459ba..bb7c456cefce 100644
--- a/src/chrome/content/rules/Zenspider.com.xml
+++ b/src/chrome/content/rules/Zenspider.com.xml
@@ -1,9 +1,16 @@
-<ruleset name="zenspider.com (partial)">
+<!--
+	Invalid certificate:
+		blog.zenspider.com
+		new.zenspider.com
+		p.zenspider.com
 
-	<target host="envy.zenspider.com" />
+-->
+<ruleset name="ZenSpider.com">
 
+	<target host="zenspider.com" />
+	<target host="www.zenspider.com" />
+	<target host="envy.zenspider.com" />
 
-	<rule from="^http://envy\.zenspider\.com/"
-		to="https://envy.zenspider.com/" />
+	<rule from="^http:"	to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Zentyal.com.xml b/src/chrome/content/rules/Zentyal.com.xml
new file mode 100644
index 000000000000..dfd0d1ae2385
--- /dev/null
+++ b/src/chrome/content/rules/Zentyal.com.xml
@@ -0,0 +1,23 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://store.zentyal.com/ => https://store.zentyal.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	Copied from Zentyal.org.xml for the sake of one subdomain.
+
+	This ruleset is otherwise entirely and woefully incomplete.
+-->
+<ruleset name="Zentyal.com (partial)" default_off="failed ruleset test">
+
+	<target host="store.zentyal.com" />
+
+	<!--    Not secured by server:
+                                        -->
+	<!--securecookie host="^\.store\.zentyal\.com$" name="^(frontend|store)$" /-->
+
+	<securecookie host="^\.store\.zentyal\.com$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Zentyal.org.xml b/src/chrome/content/rules/Zentyal.org.xml
new file mode 100644
index 000000000000..195e64a9bc15
--- /dev/null
+++ b/src/chrome/content/rules/Zentyal.org.xml
@@ -0,0 +1,50 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://forum.zentyal.org/ => https://forum.zentyal.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://tracker.zentyal.org/ => https://tracker.zentyal.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://wiki.zentyal.org/ => https://wiki.zentyal.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	For other Zentyal coverage, see Zentyal.com.xml.
+
+
+	Nonfunctional subdomains:
+
+		- (www.) *
+		- blogs *
+		- doc *
+		- labs *
+		- planet *
+		- translate *
+
+	* Shows default page, valid cert
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- forum.zentyal.org
+		- tracker.zentyal.org
+		- wiki.zentyal.org
+
+-->
+<ruleset name="Zentyal.org (partial)" default_off="failed ruleset test">
+
+	<target host="forum.zentyal.org" />
+	<target host="tracker.zentyal.org" />
+	<target host="wiki.zentyal.org" />
+		<!--exclusion pattern="^http://(blogs|doc|labs|planet|translate|www)\.zentyal\.org/" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^forum\.zentyal\.org$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^tracker\.zentyal\.org$" name="^_redmine_session$" /-->
+	<!--securecookie host="^wiki\.zentyal\.org$" name="^wikiorg_session$" /-->
+
+	<securecookie host="^(?:forum|tracker|wiki)\.zentyal\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Zerigo.com.xml b/src/chrome/content/rules/Zerigo.com.xml
new file mode 100644
index 000000000000..270c33636ee3
--- /dev/null
+++ b/src/chrome/content/rules/Zerigo.com.xml
@@ -0,0 +1,26 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://zerigo.com/ => https://zerigo.com/: (6, 'Could not resolve host: zerigo.com')
+Fetch error: http://manage.zerigo.com/ => https://manage.zerigo.com/: (6, 'Could not resolve host: manage.zerigo.com')
+Fetch error: http://www.zerigo.com/ => https://www.zerigo.com/: (6, 'Could not resolve host: www.zerigo.com')
+
+	Fully covered hosts in *zerigo.com:
+
+		- (www.)?
+		- manage
+
+-->
+<ruleset name="Zerigo.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="zerigo.com" />
+	<target host="manage.zerigo.com" />
+	<target host="www.zerigo.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Zeringo.xml b/src/chrome/content/rules/Zeringo.xml
deleted file mode 100644
index 6396923e6e41..000000000000
--- a/src/chrome/content/rules/Zeringo.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Zeringo">
-
-	<target host="zeringo.com" />
-	<target host="*.zeringo.com" />
-
-
-	<securecookie host="^\.zeringo\.com$" name=".+" />
-
-
-	<rule from="^http://(manage\.|www\.)?zeringo\.com/"
-		to="https://$1zeringo.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Zerista.xml b/src/chrome/content/rules/Zerista.xml
index e389e28d42e3..2337f65a4e4e 100644
--- a/src/chrome/content/rules/Zerista.xml
+++ b/src/chrome/content/rules/Zerista.xml
@@ -5,19 +5,23 @@
 			- zerista.zippykid.netdna-cdn.com
 				- zerista-zippykid.netdna-ssl.com doesn't exist
 
-	Nonfunctional subdomains:
 
-		- (www.)
+	(www.)?zerista.com: Shows default page
 
 -->
-<ruleset name="Zerista (partial)">
+<ruleset name="Zerista.com (partial)">
 
 	<target host="*.zerista.com" />
-		<exclusion pattern="^http://www\." />
+
+		<exclusion pattern="^http://www\.zerista\.com/" />
+
+			<test url="http://www.zerista.com/" />
+
+		<test url="http://assets.zerista.com/" />
+		<test url="http://my.zerista.com/" />
 
 
 	<!--	Clients have unique subdomains.
-		Also handles my.zerista.com.
 						-->
 	<rule from="^http://(\w+)\.zerista\.com/"
 		to="https://$1.zerista.com/" />
diff --git a/src/chrome/content/rules/Zero-Robotics.xml b/src/chrome/content/rules/Zero-Robotics.xml
index 5bea49fe826c..7c3b3e1c2b7c 100644
--- a/src/chrome/content/rules/Zero-Robotics.xml
+++ b/src/chrome/content/rules/Zero-Robotics.xml
@@ -1,11 +1,19 @@
-<ruleset name="Zero Robotics">
 
-	<target host="zerorobotics.org"/>
-	<target host="*.zerorobotics.org"/>
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://zerorobotics.org/ => https://zerorobotics.org/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.zerorobotics.org/ => https://www.zerorobotics.org/: (28, 'Connection timed out after 20003 milliseconds')
 
-	<securecookie host="^(.*\.)?zerorobotics\.org$" name=".*"/>
+Disabled by https-everywhere-checker because:
+Fetch error: http://zerorobotics.org/ => https://zerorobotics.org/: (28, 'Connection timed out after 10001 milliseconds')
+-->
+<ruleset name="Zero Robotics" default_off="failed ruleset test">
 
-	<rule from="^http://(www\.)?zerorobotics\.org/"
-		to="https://$1zerorobotics.org/"/>
+	<target host="zerorobotics.org" />
+	<target host="www.zerorobotics.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/ZeroBin.net.xml b/src/chrome/content/rules/ZeroBin.net.xml
index 2ac23d28db4b..2ed93c804848 100644
--- a/src/chrome/content/rules/ZeroBin.net.xml
+++ b/src/chrome/content/rules/ZeroBin.net.xml
@@ -4,7 +4,6 @@
 	<target host="www.zerobin.net" />
 
 
-	<rule from="^http://(www\.)?zerobin\.net/"
-		to="https://$1zerobin.net/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ZeroC.com.xml b/src/chrome/content/rules/ZeroC.com.xml
new file mode 100644
index 000000000000..958d572f19b2
--- /dev/null
+++ b/src/chrome/content/rules/ZeroC.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="ZeroC.com">
+
+	<target host="www.zeroc.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ZeroCater.com.xml b/src/chrome/content/rules/ZeroCater.com.xml
new file mode 100644
index 000000000000..4af8011fade3
--- /dev/null
+++ b/src/chrome/content/rules/ZeroCater.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Nonfunctional hosts in *zerocater.com:
+
+		- blog *
+
+	* WP Engine
+
+-->
+<ruleset name="ZeroCater.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.zerocater.com" />
+
+	<!--	Complications:
+				-->
+	<target host="zerocater.com" />
+
+
+	<rule from="^http://zerocater\.com/"
+		to="https://www.zerocater.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ZeroTier.com.xml b/src/chrome/content/rules/ZeroTier.com.xml
new file mode 100644
index 000000000000..e3228747d341
--- /dev/null
+++ b/src/chrome/content/rules/ZeroTier.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="ZeroTier.com">
+
+	<target host="zerotier.com" />
+	<target host="www.zerotier.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ZeroXX.xml b/src/chrome/content/rules/ZeroXX.xml
deleted file mode 100644
index 92fad465b6d4..000000000000
--- a/src/chrome/content/rules/ZeroXX.xml
+++ /dev/null
@@ -1,29 +0,0 @@
-<!--
-	Fully covered subdomains:
-
-		- (www.)
-
-
-	Mixed content:
-
-		- Web bug on www from s7.addthis.com
-
-
-	We don't care about web bugs, so don't
-	mark this ruleset as mixedcontent.
-
--->
-<ruleset name="ZeroXX">
-
-	<target host="zeroxx.nl" />
-	<target host="*.zeroxx.nl" />
-
-
-	<!--securecookie host="^\.zeroxx\.nl$" name="^__utm\w$" /-->
-	<securecookie host="^w*\.zeroxx\.nl$" name=".+" />
-
-
-	<rule from="^http://(www\.)?zeroxx\.nl/"
-		to="https://$1zeroxx.nl/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Zero_Day_Initiative.com.xml b/src/chrome/content/rules/Zero_Day_Initiative.com.xml
new file mode 100644
index 000000000000..61c089ba808d
--- /dev/null
+++ b/src/chrome/content/rules/Zero_Day_Initiative.com.xml
@@ -0,0 +1,12 @@
+<!--
+	For other Trend Micro coverage, see Trend_Micro.xml.
+-->
+
+<ruleset name="Zero Day Initiative.com">
+
+	<target host="zerodayinitiative.com" />
+	<target host="www.zerodayinitiative.com" />
+
+	<rule from="^http:" to="https:"/>
+
+</ruleset>
diff --git a/src/chrome/content/rules/Zeromq.org.xml b/src/chrome/content/rules/Zeromq.org.xml
new file mode 100644
index 000000000000..c44460bf2042
--- /dev/null
+++ b/src/chrome/content/rules/Zeromq.org.xml
@@ -0,0 +1,9 @@
+<ruleset name="zeromq.org" default_off="mismatched">
+
+	<target host="zeromq.org" />
+	<target host="www.zeromq.org" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Zeromq.xml b/src/chrome/content/rules/Zeromq.xml
deleted file mode 100644
index 8aedb52eafcb..000000000000
--- a/src/chrome/content/rules/Zeromq.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="zeromq (partial)">
-
-	<target host="zeromq.org" />
-	<target host="www.zeromq.org" />
-
-
-	<rule from="^https?://(?:www\.)?zeromq\.org/local--theme/"
-		to="https://zeromq.wdfiles.com/local--theme/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Zerowater.com.xml b/src/chrome/content/rules/Zerowater.com.xml
new file mode 100644
index 000000000000..494fa1ed3ddd
--- /dev/null
+++ b/src/chrome/content/rules/Zerowater.com.xml
@@ -0,0 +1,20 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://zerowater.com/ (200) => https://zerowater.com/ (404)
+Fetch error: http://help-flint-mi.zerowater.com/ => https://help-flint-mi.zerowater.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+
+	Nonfunctional domains:
+
+		- www2 (connection reset)
+		- consumerinfo (issue with cert chain)
+
+-->
+<ruleset name="Zerowater.com" default_off="failed ruleset test">
+	<target host="zerowater.com" />
+	<target host="www.zerowater.com" />
+	<target host="help-flint-mi.zerowater.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Zerties.org.xml b/src/chrome/content/rules/Zerties.org.xml
new file mode 100644
index 000000000000..2a49ec1f31f6
--- /dev/null
+++ b/src/chrome/content/rules/Zerties.org.xml
@@ -0,0 +1,37 @@
+<!--
+	Nonfunctional subdomains:
+
+		- wiki *
+
+	* Shows www
+
+
+	^zerties.org: cert only matches *.zerties.org
+
+
+	Mixed content:
+
+		- Images on blog, www from blog.zerties.org
+
+-->
+<ruleset name="zerties.org (partial)" default_off="self-signed">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="blog.zerties.org" />
+	<target host="list.zerties.org" />
+	<!--target host="wiki.zerties.org" /-->
+	<target host="www.zerties.org" />
+
+	<!--	Complications:
+				-->
+	<target host="zerties.org" />
+
+
+	<rule from="^http://zerties\.org/"
+		to="https://www.zerties.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Zerve.xml b/src/chrome/content/rules/Zerve.xml
deleted file mode 100644
index 7a7678646d70..000000000000
--- a/src/chrome/content/rules/Zerve.xml
+++ /dev/null
@@ -1,30 +0,0 @@
-<!--
-	CDN buckets:
-
-		- d3ks0ua4wrpv20.cloudfront.net
-
-			- img-static.cdn.zerve.com
-
-
-	Problematic subdomains:
-
-		- ^			(cert only matches www)
-		- img-static.cdn	(cloudfront)
-
-
-	Some pages redirect to http.
-
--->
-<ruleset name="Zerve">
-
-	<target host="zerve.com" />
-	<target host="*.zerve.com" />
-
-
-	<rule from="^http://(?:www\.)?zerve\.com/(cookie_check\.php|(?:directory/)?(?:css|img)/|raa/raa3_2\.php)"
-		to="https://www.zerve.com/$1" />
-
-	<rule from="^http://img-static\.cdn\.zerve\.com/"
-		to="https://d3ks0ua4wrpv20.cloudfront.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Zerzar.xml b/src/chrome/content/rules/Zerzar.xml
index 81208107231a..2bc585403188 100644
--- a/src/chrome/content/rules/Zerzar.xml
+++ b/src/chrome/content/rules/Zerzar.xml
@@ -1,13 +1,28 @@
-<ruleset name="Zerzar">
+<!--
+	^zerzar.com: Self-signed
+	www.zerzar.com: Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.zerzar.com
+
+-->
+<ruleset name="Zerzar.com" default_off="mismatched, self-signed">
 
 	<target host="zerzar.com" />
-	<target host="*.zerzar.com" />
+	<target host="www.zerzar.com" />
+
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.zerzar.com$" name="^^PHPSESSID$" /-->
+	<!--securecookie host="^www\.zerzar.com$" name="^^(country_by_ip|lc_city|lc_city_path|lc_lang_front|lc_region|lc_region_path)$" /-->
 
 	<securecookie host="^(?:www)?\.zerzar.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?zerzar\.com/"
-		to="https://$1zerzar.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Zetel.de.xml b/src/chrome/content/rules/Zetel.de.xml
new file mode 100644
index 000000000000..bf120732b3f8
--- /dev/null
+++ b/src/chrome/content/rules/Zetel.de.xml
@@ -0,0 +1,21 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://intranet.zetel.de/ => https://intranet.zetel.de/: (51, "SSL: no alternative certificate subject name matches target host name 'intranet.zetel.de'")
+
+
+	Nonfunctional domains:
+
+		- ^ (ERR_CERT_COMMON_NAME_INVALID)
+		- mail (self-signed)
+
+
+-->
+<ruleset name="Zetel.de" default_off="failed ruleset test">
+	<target host="zetel.de" />
+	<target host="www.zetel.de" />
+	<target host="intranet.zetel.de" />
+
+	<rule from="^http://(?:www\.)?zetel\.de/" to="https://www.zetel.de/"/>
+	<rule from="^http://intranet\.zetel\.de/" to="https://intranet.zetel.de/" />
+</ruleset>
diff --git a/src/chrome/content/rules/Zetetic.net.xml b/src/chrome/content/rules/Zetetic.net.xml
new file mode 100644
index 000000000000..c598f3d0244f
--- /dev/null
+++ b/src/chrome/content/rules/Zetetic.net.xml
@@ -0,0 +1,26 @@
+<!--
+	Other Zetetic rulesets:
+
+		- KeepTempo.com.xml
+
+
+	^zetetic.net: Mismatched
+
+-->
+<ruleset name="Zetetic.net">
+
+	<target host="discuss.zetetic.net" />
+	<target host="www.zetetic.net" />
+
+	<!--	Complications:
+				-->
+	<target host="zetetic.net" />
+
+
+	<rule from="^http://zetetic\.net/"
+		to="https://www.zetetic.net/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Zeuscat.com.xml b/src/chrome/content/rules/Zeuscat.com.xml
new file mode 100644
index 000000000000..50c7d932e990
--- /dev/null
+++ b/src/chrome/content/rules/Zeuscat.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="zeuscat.com">
+
+	<target host="zeuscat.com" />
+	<target host="www.zeuscat.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Zeusclicks.com.xml b/src/chrome/content/rules/Zeusclicks.com.xml
index 43b00e9ba8c3..1fea83690c14 100644
--- a/src/chrome/content/rules/Zeusclicks.com.xml
+++ b/src/chrome/content/rules/Zeusclicks.com.xml
@@ -1,19 +1,53 @@
 <!--
 	Nonfunctional subdomains:
 
-		- (www.)	(shows kip; expired 2013-07-14; self-signed, CN: kip.simplecom.net)
 		- cdn		(refused)
 
+
+	Problematic hosts in *zeusclicks.com:
+
+		- (www.)? ¹ ²
+		- ads2 ³
+
+	¹ Mismatched
+	² Mixed css
+	³ Server sends no certificate chain, see https://whatsmychaincert.com
+
+
+	These altnames don't exist:
+
+		- www.ads2.zeusclicks.com
+
+
+	Insecure cookies are set for these hosts:
+
+		- zeusclicks.com
+		- ads2.zeusclicks.com
+		- www.zeusclicks.com
+
+
+	Mixed content:
+
+		- css on (www.)? from ^zeusclicks.com
+		- Images on (www.)? from ^zeusclicks.com
+
 -->
-<ruleset name="ZeusClicks.com (partial)">
+<ruleset name="ZeusClicks.com (partial)" default_off="cert-chain">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="ads2.zeusclicks.com" />
 
 
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^ads2\.zeusclicks\.com$" name="^JSESSIONID$" /-->
+	<!--securecookie host="^(www\.)?zeusclicks\.com$" name="^csrf_c_zeus$" /-->
+
 	<securecookie host="^ads2\.zeusclicks\.com$" name=".+" />
 
 
-	<rule from="^http://ads2\.zeusclicks\.com/"
-		to="https://ads2.zeusclicks.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Zhaw.ch.xml b/src/chrome/content/rules/Zhaw.ch.xml
new file mode 100644
index 000000000000..14ee4c254b10
--- /dev/null
+++ b/src/chrome/content/rules/Zhaw.ch.xml
@@ -0,0 +1,87 @@
+<!--
+
+Non-functional:
+	- radar.zhaw.ch
+
+Redirects to HTTP:
+	- accessibility.zhaw.ch
+
+Timeout on HTTPS:
+	- stundenplan.zhaw.ch
+
+unable to get local issuer certificate:
+	- pd.zhaw.ch
+
+-->
+<ruleset name="ZHAW">
+	<target host="zhaw.ch" />
+	<target host="www.zhaw.ch" />
+	<!--<target host="stundenplan.zhaw.ch" />-->
+	<target host="olat.zhaw.ch" />
+	<target host="aai.zhaw.ch" />
+	<target host="blog.zhaw.ch" />
+	<target host="dublin.zhaw.ch" />
+	<target host="weiterbildung.zhaw.ch" />
+	<target host="digitalcollection.zhaw.ch" />
+	<target host="home.zhaw.ch" />
+	<target host="studiportal.gesundheit.zhaw.ch" />
+	<target host="www.studiportal.gesundheit.zhaw.ch" />
+	<target host="ba-pub.engineering.zhaw.ch" />
+	<target host="modulmanagement.sml.zhaw.ch" />
+	<target host="studyabroad.sml.zhaw.ch" />
+	<target host="english-training.sml.zhaw.ch" />
+	<target host="gpmpublic.zhaw.ch" />
+	<target host="adressverzeichnis.sozialearbeit.zhaw.ch" />
+
+	<!-- Internal tools -->
+	<target host="intra.zhaw.ch" />
+	<target host="moodle.zhaw.ch" />
+	<target host="servicedesk.zhaw.ch" />
+	<target host="selfadmin.zhaw.ch" />
+	<target host="eventoweb.zhaw.ch" />
+	<target host="mail.zhaw.ch" />
+	<target host="piwik.zhaw.ch" />
+	<target host="vdi.zhaw.ch" />
+	<target host="github.engineering.zhaw.ch" />
+	<target host="swords.zhaw.ch" />
+	<target host="praxistool.zhaw.ch" />
+	<target host="tat.zhaw.ch" />
+	<target host="evaluation.zhaw.ch" />
+	<target host="spam.zhaw.ch" />
+	<target host="wiki.sml.zhaw.ch" />
+	<target host="mystudybox.sml.zhaw.ch" />
+	<target host="collab.zhaw.ch" />
+	<target host="ras.zhaw.ch" />
+	<target host="eportfolio.zhaw.ch" />
+	<target host="zec.zhaw.ch" />
+
+	<!-- Department redirection pages -->
+	<target host="gesundheit.zhaw.ch" />
+	<target host="www.gesundheit.zhaw.ch" />
+	<target host="www.sml.zhaw.ch" />
+	<target host="sml.zhaw.ch" />
+	<target host="engineering.zhaw.ch" />
+	<target host="www.engineering.zhaw.ch" />
+	<target host="sozialearbeit.zhaw.ch" />
+	<target host="www.sozialearbeit.zhaw.ch" />
+
+	<!-- Institute redirection subdomains -->
+	<target host="ines.zhaw.ch" />
+	<target host="init.zhaw.ch" />
+	<target host="iamp.zhaw.ch" />
+	<target host="idp.zhaw.ch" />
+	<target host="iefe.zhaw.ch" />
+	<target host="imes.zhaw.ch" />
+	<target host="ims.zhaw.ch" />
+	<target host="ine.zhaw.ch" />
+	<target host="icp.zhaw.ch" />
+	<target host="impe.zhaw.ch" />
+	<target host="zav.zhaw.ch" />
+	<target host="zpp.zhaw.ch" />
+	<target host="zsn.zhaw.ch" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Zhihu.xml b/src/chrome/content/rules/Zhihu.xml
new file mode 100644
index 000000000000..3e26724c64ed
--- /dev/null
+++ b/src/chrome/content/rules/Zhihu.xml
@@ -0,0 +1,44 @@
+<!--
+	Mismatch:
+		- news.at.zhihu.com	（ equal to news-at.zhihu.com ）
+		- static.daily.zhihu.com
+		- zhimg.com
+			- club
+			- d0
+			- p[1-4]	https://p1.zhimg.com/87/6b/876b711566a4dab75dbfd5420de4e458_m.jpg
+			- s[1-4]
+
+	Mixcontent but no function issue:
+		daily.zhihu.com
+		news-at.zhihu.com
+		worldcup2014.zhihu.com
+-->
+
+<ruleset name="Zhihu">
+
+	<target host="news.at.zhihu.com" />
+	<rule from="^http://news\.at\.zhihu\.com/" to="https://news-at.zhihu.com/" />
+		<test url="http://news.at.zhihu.com/css/news_qa.6.css" />
+
+	<target host="zhihu.com" />
+	<target host="www.zhihu.com" />
+	<target host="api.zhihu.com" />
+	<target host="daily.zhihu.com" />
+	<target host="dudu.zhihu.com" />
+	<target host="link.zhihu.com" />
+	<target host="liukanshan.zhihu.com" />
+	<target host="news-at.zhihu.com" />
+	<target host="static.zhihu.com" />
+	<target host="sugar.zhihu.com" />
+	<target host="worldcup2014.zhihu.com" />
+	<target host="zhihu-web-analytics.zhihu.com" />
+	<target host="zhstatic.zhihu.com" />
+	<target host="zhuanlan.zhihu.com" />
+
+	<target host="pic1.zhimg.com" />
+	<target host="pic2.zhimg.com" />
+	<target host="pic3.zhimg.com" />
+	<target host="pic4.zhimg.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Zidisha.org.xml b/src/chrome/content/rules/Zidisha.org.xml
new file mode 100644
index 000000000000..ed9e7ca8666a
--- /dev/null
+++ b/src/chrome/content/rules/Zidisha.org.xml
@@ -0,0 +1,17 @@
+<!--
+	Invalid certificate:
+		mpesa.zidisha.org
+
+-->
+<ruleset name="Zidisha.org">
+
+	<target host="zidisha.org" />
+	<target host="www.zidisha.org" />
+	<target host="forum.zidisha.org" />
+	<target host="p2p-microlending-blog.zidisha.org" />
+	<target host="www.p2p-microlending-blog.zidisha.org" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ziedot.lv.xml b/src/chrome/content/rules/Ziedot.lv.xml
new file mode 100644
index 000000000000..c2e7c3407b03
--- /dev/null
+++ b/src/chrome/content/rules/Ziedot.lv.xml
@@ -0,0 +1,13 @@
+<ruleset name="Ziedot.lv">
+
+	<target host="ziedot.lv" />
+	<target host="www.ziedot.lv" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Zierer.com.xml b/src/chrome/content/rules/Zierer.com.xml
new file mode 100644
index 000000000000..3fff40a351d9
--- /dev/null
+++ b/src/chrome/content/rules/Zierer.com.xml
@@ -0,0 +1,15 @@
+<ruleset name="Zierer.com">
+
+	<target host="zierer.com" />
+	<target host="www.zierer.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<!-- Invalid certificate on https://zierer.com/,
+	http://zierer.com/ redirects to http://www.zierer.com/.-->
+	<rule from="^http://zierer\.com/"
+			to="https://www.zierer.com/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ziff-Davis-mismatches.xml b/src/chrome/content/rules/Ziff-Davis-mismatches.xml
deleted file mode 100644
index 126d40857e6f..000000000000
--- a/src/chrome/content/rules/Ziff-Davis-mismatches.xml
+++ /dev/null
@@ -1,26 +0,0 @@
-<!--
-	For rules that are on by default, see Ziff-Davis.xml.
-
-
-	ToDo: Find Akamai buckets
-
--->
-<ruleset name="Ziff Davis (mismatches)" default_off="mismatched">
-
-	<target host="extremetech.com" />
-	<target host="www.extremetech.com" />
-		<!--
-			Handled in Extreme_Tech.com.xml:
-							-->
-		<exclusion pattern="^http://(?:www\.)?extremetech\.com/(?:cobrand_header|wp-content|wp-includes)/" />
-	<target host="ziffdavis.com" />
-	<target host="www.ziffdavis.com" />
-
-
-	<securecookie host="^www\.extremetech\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?(extremetech|ziffdavis)\.com/"
-		to="https://www.$1.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Ziff-Davis.xml b/src/chrome/content/rules/Ziff-Davis.xml
index 3a8b9fb57d4f..d2fc5aa6b7d0 100644
--- a/src/chrome/content/rules/Ziff-Davis.xml
+++ b/src/chrome/content/rules/Ziff-Davis.xml
@@ -1,11 +1,11 @@
 <!--
-	For problematic rules, see Ziff-Davis-mismatches.xml.
-
-
 	Other Ziff Davis rulesets:
 
-		- Extreme_Tech.com.xml
+		- ExtremeTech.com.xml
 		- Geek.com.xml
+		- IT_Toolbox.com.xml
+		- ZDbb.net.xml
+		- ZDmcirc.com.xml
 
 
 	CDN buckets:
@@ -41,13 +41,26 @@
 			- www **
 
 		- (www.)pcmag.com **
+		- au.pcmag.com ³
+		- br.pcmag.com ³
+		- fr.pcmag.com ³
+		- gr.pcmag.com ³
+		- nl.pcmag.com ³
+		- securitywatch.pcmag.com **
+		- uk.pcmag.com ³
 		- www\d.pcmag.com **
+
 		- it.toolbox.com		(times out)
+		- ziffdavis.com ⁴
+		- www.ziffdavis.com **
+		- im.ziffdavisinternational.com ³
 		- common.ziffdavisinternet.com *
 		- common.nyq.ziffdavisinternet.com *
 
 	* 504, akamai
 	** 503, akamai
+	³ Refused
+	⁴ Shows www.zdmcirc.com
 
 
 	origin-www.ziffdavis.com presents self-signed cert for www.extremetech.com;
@@ -60,41 +73,21 @@
 
 	* Akamai
 
-
-	Fully covered domains:
-
-		- zdbb.net
-
 -->
 <ruleset name="Ziff Davis (partial)">
 
 	<target host="static.adziff.com" />
 	<target host="metrics.geek.com" />
 	<target host="metrics.pcmag.com" />
-	<target host="zdbb.net" />
-	<target host="*.zdbb.net" />
 	<target host="static.ziffdavis.com" />
 
 
-	<securecookie host="^\.zdbb\.net$" name=".+" />
-
-
-	<rule from="^http://static\.adziff\.com/"
-		to="https://d3dd6h0gw79f7z.cloudfront.net/" />
-
 	<rule from="^http://metrics\.geek\.com/"
 		to="https://geek-com.122.2o7.net/"/>
 
 	<rule from="^http://metrics\.pcmag\.com/"
 		to="https://ziffdavis-com.112.2o7.net/" />
 
-	<rule from="^http://(cdn\.static\.)?zdbb\.net/"
-		to="https://$1zdbb.net/" />
-
-	<rule from="^http://static\.zdbb\.net/"
-		to="https://d8r7hw7bvlsxi.cloudfront.net/" />
-
-	<rule from="^http://static\.ziffdavis\.com/"
-		to="https://static.ziffdavis.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Ziggo.xml b/src/chrome/content/rules/Ziggo.xml
index 170c1382195f..a1f8cbd77263 100644
--- a/src/chrome/content/rules/Ziggo.xml
+++ b/src/chrome/content/rules/Ziggo.xml
@@ -1,6 +1,34 @@
-<ruleset name="Ziggo">
-  <target host="*.ziggo.nl" />
-  <target host="*.ziggo.com" />
+<!--
+	Other Ziggo rulesets:
 
-  <rule from="^http://(?:www\.)?ziggo\.(nl|com)/" to="https://www.ziggo.$1/"/>
+		- Ziggo_Zakelijk.nl.xml
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.ziggo.nl
+
+-->
+<ruleset name="Ziggo.nl">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ziggo.nl" />
+	<target host="mail.ziggo.nl" />
+	<target host="www.ziggo.nl" />
+
+		<!--	Sets cookies without Secure:
+							-->
+		<test url="http://www.ziggo.nl/klantenservice/administratief/service/accessoires-shop/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.ziggo\.nl$" name="^(?:JSESSIONID|renderid)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Ziggo_Zakelijk.nl.xml b/src/chrome/content/rules/Ziggo_Zakelijk.nl.xml
new file mode 100644
index 000000000000..16ff4ce2f41b
--- /dev/null
+++ b/src/chrome/content/rules/Ziggo_Zakelijk.nl.xml
@@ -0,0 +1,33 @@
+<!--
+	For other Ziggo coverage, see Ziggo.xml.
+
+
+	These altnames don't exist:
+
+		- www.mobielbreedband.ziggozakelijk.nl
+
+
+	Insecure cookies are set for these hosts:
+
+		- mobielbreedband.ziggozakelijk.nl
+
+-->
+<ruleset name="Ziggo Zakelijk.nl">
+
+	<target host="ziggozakelijk.nl" />
+	<target host="mobielbreedband.ziggozakelijk.nl" />
+	<target host="www.ziggozakelijk.nl" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^mobielbreedband\.ziggozakelijk\.nl$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\." name="^_gat?$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Zillow-problematic.xml b/src/chrome/content/rules/Zillow-problematic.xml
deleted file mode 100644
index 424e0c7e83ba..000000000000
--- a/src/chrome/content/rules/Zillow-problematic.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<!--
-	For rules that are on by default, see Zillow.xml
-
--->
-<ruleset name="Zillow (problematic)" default_off="mismatched">
-
-	<target host="rentalpro.zillow.com" />
-
-
-	<rule from="^http://rentalpro\.zillow\.com/"
-		to="https://rentalpro.zillow.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Zillow.com.xml b/src/chrome/content/rules/Zillow.com.xml
new file mode 100644
index 000000000000..bd3d7c25d8a4
--- /dev/null
+++ b/src/chrome/content/rules/Zillow.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Non-functional hosts
+		Timeout was reached:
+		- engineering.zillow.com
+
+		Certificate mismatched:
+		- investors.zillow.com
+
+		Status code mismatch:
+		- mortgageapi.zillow.com
+-->
+<ruleset name="Zillow.com (partial)">
+	<target host="zillow.com" />
+	<target host="www.zillow.com" />
+	<target host="info.zillow.com" />
+	<target host="premieragent.zillow.com" />
+	<target host="photos1.zillow.com" />
+	<target host="photos2.zillow.com" />
+	<target host="photos3.zillow.com" />
+		<test url="http://photos1.zillow.com/i_g/ISatx8mbaxt0v7.jpg" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Zillow.xml b/src/chrome/content/rules/Zillow.xml
deleted file mode 100644
index 9064e0f93522..000000000000
--- a/src/chrome/content/rules/Zillow.xml
+++ /dev/null
@@ -1,85 +0,0 @@
-<!--
-	For problematic rules, see Zillow-problematic.xml
-
-
-	CDN buckets:
-
-		- d155excyarmp3n.cloudfront.net
-		- rentjuice.desk.com
-
-
-	Nonfunctional domains:
-
-		- rentalshelp.zillow.com	(redirects to http, mismatched, CN: *.desk.com)
-
-
-	Problematic domains:
-
-		- photos[123].zillow.com	(akamai)
-		- rentalpro.zillow.com		(works, mismatched, CN: *.rentalapp.zillow.com)
-
-
-	Partially covered domains:
-
-		- (www.)zillow.com
-
-			These paths redirect to http:
-
-				- $
-				- blog$
-				- ca
-				- facelift
-				- homedetails
-				- homes
-				- profile
-				- reviews
-				- wikipages
-
-			- These paths 404:
-
-				- blog/
-
-
-	Fully covered domains:
-
-		- zillow.com subdomains:
-
-			- engineering
-			- mortgageapi
-			- photos
-			- photos\d		(→ photos)
-			- rentalapp
-
-		- (www.)zillowstatic.com
-
-
-	Mixed content:
-
-		- Images on www from www.zillowstatic.com *
-
-	* Secured by us, doesn't trip MCB anyway
-
--->
-<ruleset name="Zillow (partial)">
-
-	<target host="zillow.com" />
-	<target host="*.zillow.com" />
-		<!--exclusion pattern="^http://(www\.)?zillow\.com/(facelift|homes)($|[?/])" /-->
-		<exclusion pattern="^http://(?:www\.)?zillow\.com/(?!.*\$LoginLink|favicon\.ico|(?:advertising|advice(?:pages|-thread)|agents|app|corp|directory|fhs-loan|foreclosures|for-sale-by-owner|help|home-(?:equity-loan|improvement-dueling-digs)|howto|imaging|learnmore|local-info|make-me-move|mobile|mortgage-(?:calculator|glossary|rates)|post-re(?:al-estate|ntal)-listings|refinance|search|static|visuals|webtools)(?:$|\?|/))" />
-	<target host="zillowstatic.com" />
-	<target host="www.zillowstatic.com" />
-
-
-	<securecookie host="^engineering\.zillow\.com$" name=".+" />
-
-
-	<rule from="^http://((?:engineering|mortgageapi|rentalapp|www)\.)?zillow\.com/"
-		to="https://$1zillow.com/" />
-
-	<rule from="^http://photos\d?\.zillow\.com/"
-		to="https://photos.zillow.com/" />
-
-	<rule from="^http://(www\.)?zillowstatic\.com/"
-		to="https://$1zillowstatic.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Zillowstatic.com.xml b/src/chrome/content/rules/Zillowstatic.com.xml
new file mode 100644
index 000000000000..e3a8212df0f6
--- /dev/null
+++ b/src/chrome/content/rules/Zillowstatic.com.xml
@@ -0,0 +1,25 @@
+<!--
+  Host not resolved:
+    iss.zillowstatic.com
+ -->
+
+<ruleset name="Zillowstatic.com">
+	<target host="zillowstatic.com" />
+	<target host="www.zillowstatic.com" />
+	<!-- <target host="iss.zillowstatic.com" /> -->
+	<target host="photos.zillowstatic.com" />
+	<target host="photos1.zillowstatic.com" />
+	<target host="photos2.zillowstatic.com" />
+	<target host="photos3.zillowstatic.com" />
+		<test url="http://photos1.zillowstatic.com/i_g/ISatx8mbaxt0v7.jpg" />
+	<target host="s.zillowstatic.com" />
+		<test url="http://s.zillowstatic.com/homepage/71ea6cf/_next/fb2c2732-cd15-4dfb-823c-0c0a1dd29e4a/page/sell.js" />
+	<target host="videos.zillowstatic.com" />
+		<test url="http://videos.zillowstatic.com/homepage/video_buy_20170503_1800.mp4" />
+	<target host="wp.zillowstatic.com" />
+		<test url="http://wp.zillowstatic.com/1/vert-one-resized-169851.jpg" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Zimbatm.com.xml b/src/chrome/content/rules/Zimbatm.com.xml
new file mode 100644
index 000000000000..f5ea3716346b
--- /dev/null
+++ b/src/chrome/content/rules/Zimbatm.com.xml
@@ -0,0 +1,18 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.zimbatm.com/ => https://www.zimbatm.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.zimbatm.com'")
+
+-->
+<ruleset name="zimbatm.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="zimbatm.com" />
+	<target host="www.zimbatm.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Zimbra.com.xml b/src/chrome/content/rules/Zimbra.com.xml
new file mode 100644
index 000000000000..7301987b4899
--- /dev/null
+++ b/src/chrome/content/rules/Zimbra.com.xml
@@ -0,0 +1,35 @@
+<!--
+	Non-functional hosts
+		Timeout was reached:
+		- docs.zimbra.com
+
+		SSL peer certificate was not OK:
+		- forums.zimbra.com
+
+		Status code mismatch:
+		- mail.zimbra.com
+		- stg-www.zimbra.com
+-->
+<ruleset name="Zimbra.com">
+	<target host="zimbra.com" />
+	<target host="www.zimbra.com" />
+	<target host="blog.zimbra.com" />
+	<target host="bugzilla.zimbra.com" />
+	<target host="demox.zimbra.com" />
+	<target host="downloads.zimbra.com" />
+	<target host="edge01e.zimbra.com" />
+	<target host="edge02e.zimbra.com" />
+	<target host="edge04e.zimbra.com" />
+	<target host="files.zimbra.com" />
+	<target host="files2.zimbra.com" />
+	<target host="gallery.zimbra.com" />
+	<target host="help.zimbra.com" />
+	<target host="info.zimbra.com" />
+	<target host="repo.zimbra.com" />
+	<target host="support.zimbra.com" />
+	<target host="wiki.zimbra.com" />
+	
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Zimbra.xml b/src/chrome/content/rules/Zimbra.xml
deleted file mode 100644
index ac65b6b5acde..000000000000
--- a/src/chrome/content/rules/Zimbra.xml
+++ /dev/null
@@ -1,90 +0,0 @@
-<!--
-	CDN buckets:
-
-		- files.zimbra.com.s3.amazonaws.com
-
-		- files2.zimbra.com.edgesuite.net
-
-			- a1843.g.akamai.net
-
-
-	Problematic domains:
-
-		- zimbra.com subdomains:
-
-			- files		(amazonws)
-			- files2	(works, akamai)
-
-		- (www.)zimbrablog.com	(works; mismatched, CN: *.zimbra.com)
-
-
-	Fully covered domains:
-
-		- *.zimbra.com:
-
-			- (www.)
-			- blog
-			- files *
-			- files2 *
-			- gallery
-			- help
-
-		- (www.)zimbrablog.com	(→ blog.zimbra.com)
-
-	* → s3.amazonaws.com/files.zimbra.com/
-
-
-	Mixed content:
-
-		- Scripts:
-
-			- On blog from www.google.com *
-			- On help from www.google.com *
-			- On www from www *
-			- On www from www.google.com *
-
-		- css:
-
-			- On blog from blog *
-			- On blog from www.google.com *
-			- On www from www *
-			- On www from www.google.com *
-
-		- Images, on www from:
-
-			- www *
-			- feeds2.feedburner.com **
-
-		- Web bug on www from munchkin.marketo.net *
-
-	* Secured by us
-	** Unsecurable, doesn't trip MCB anyway
-
-
-	NB: We secure all resources, and thus
-	platform should be removed with Ffx 24.
-
--->
-<ruleset name="Zimbra (false MCB)" platform="mixedcontent">
-
-	<target host="zimbra.com" />
-	<target host="*.zimbra.com" />
-	<target host="zimbrablog.com" />
-	<target host="www.zimbrablog.com" />
-
-
-	<!--securecookie host="^\.zimbra\.com$" name="^(_mkto_trk|optimizely\w+|__utm\w)$" /-->
-	<securecookie host="^(?:.*\.)?zimbra\.com$" name=".+" />
-
-
-	<rule from="^http://files2?\.zimbra\.com/"
-		to="https://s3.amazonaws.com/files.zimbra.com/" />
-
-	<rule from="^http://([^/:@\.]+\.)?zimbra\.com/"
-		to="https://$1zimbra.com/" />
-
-	<rule from="^http://(?:www\.)?zimbrablog\.com/"
-		to="https://blog.zimbra.com/" />
-
-</ruleset>
-
diff --git a/src/chrome/content/rules/Zimperium.xml b/src/chrome/content/rules/Zimperium.xml
new file mode 100644
index 000000000000..2193dc37f794
--- /dev/null
+++ b/src/chrome/content/rules/Zimperium.xml
@@ -0,0 +1,8 @@
+<ruleset name="Zimperium">
+	<target host="zimperium.com" />
+	<target host="www.zimperium.com" />
+	<target host="blog.zimperium.com" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Zing_Checkout.com-problematic.xml b/src/chrome/content/rules/Zing_Checkout.com-problematic.xml
new file mode 100644
index 000000000000..d87bdfd014d1
--- /dev/null
+++ b/src/chrome/content/rules/Zing_Checkout.com-problematic.xml
@@ -0,0 +1,17 @@
+<!--
+	For rules that are on by default, see Zing_Checkout.com.xml.
+
+-->
+<ruleset name="Zing Checkout.com (broken)" default_off="refused">
+
+	<target host="zingcheckout.com" />
+	<target host="www.zingcheckout.com" />
+
+
+	<securecookie host="^\.zingcheckout\.com$" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?zingcheckout\.com/"
+		to="https://zingcheckout.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Zing_Checkout.com.xml b/src/chrome/content/rules/Zing_Checkout.com.xml
new file mode 100644
index 000000000000..2c0bf747b355
--- /dev/null
+++ b/src/chrome/content/rules/Zing_Checkout.com.xml
@@ -0,0 +1,31 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://app.zingcheckout.com/ => https://app.zingcheckout.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+	For problematic rules, see Zing_Checkout.com-problematic.xml.
+
+
+	(www.)?: 404
+
+
+	Mixed content:
+
+		- css, on ^ from:
+
+			- $self *
+			- fonts.googleapis.com *
+
+		- Images from www *
+
+	* Secured by us
+
+-->
+<ruleset name="Zing Checkout.com (partial)" default_off="failed ruleset test">
+
+	<target host="app.zingcheckout.com" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Zipcar.xml b/src/chrome/content/rules/Zipcar.xml
index 89e9a345da31..81f3aa8e9025 100644
--- a/src/chrome/content/rules/Zipcar.xml
+++ b/src/chrome/content/rules/Zipcar.xml
@@ -1,29 +1,76 @@
+
 <!--
-	Problematic subdomains:
+	^zipcar.com: Times out
+	^zipcar.co.uk: Times out
+	businesscalculator.zipcar.co.uk: Connection refused
+
+
+	Partially covered hosts in *zipcar.com:
+
+		- members *
+
+	* Some pages redirect to http
 
-		- ^	(times out)
 
+	- Mixed content:
 
-	Partially covered subdomains:
+		- favicon on www from $self *
 
-		- members	(some pages redirect to http)
+	* Secured by us
 
 -->
-<ruleset name="Zipcar">
+<ruleset name="Zipcar.com" default_off="failed ruleset test">
 
+	<!--	Direct rewrites:
+				-->
+	<target host="drive.zipcar.com" />
+	<target host="dru-cdn.zipcar.com" />
+	<target host="media.zipcar.com" />
+	<target host="members.zipcar.com" />
+	<target host="members.zipcar.co.uk" />
+	<target host="www.members.zipcar.com" />
+	<target host="www.zipcar.com" />
+	<target host="www.zipcar.co.uk" />
+
+	<!--	Complications:
+				-->
 	<target host="zipcar.com" />
-	<target host="*.zipcar.com" />
-		<exclusion pattern="http://members\.zipcar\.com/(?!apply|regist)" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://members\.zipcar\.com/site/privacy" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://members\.zipcar\.com/+(?!$|\?|apply|images/|regist|styles/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://members.zipcar.com/about/jobs" />
+			<test url="http://members.zipcar.com/business" />
+			<test url="http://members.zipcar.com/contact/" />
+			<test url="http://members.zipcar.com/gift/" />
+			<test url="http://members.zipcar.com/members/refer" />
+			<test url="http://members.zipcar.com/press/" />
+			<test url="http://members.zipcar.com/site/privacy" />
+			<test url="http://members.zipcar.com/universities" />
+
+			<!--	-ve:
+					-->
+			<test url="http://members.zipcar.com/images/responsive-menu-icon.svg" />
+			<test url="http://members.zipcar.com/register/" />
+			<test url="http://members.zipcar.com/styles/template/widgets.css" />
+			<test url="http://members.zipcar.com/user/set-locale?locale=en-US&amp;return_url=" />
 
 
-	<securecookie host="^\.zipcar\.com$" name="^ad_\w+$" />
-	<securecookie host="^www\.zipcar\.com$" name=".+" />
+	<securecookie host="^\." name="^(?:_gat?$|ad_)" />
+	<securecookie host="^(?!members\.)\w" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?zipcar\.com/"
+	<rule from="^http://zipcar\.com/"
 		to="https://www.zipcar.com/" />
 
-	<rule from="^http://(dru-cdn|media|members)\.zipcar\.com/"
-		to="https://$1.zipcar.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Zipler.ru.xml b/src/chrome/content/rules/Zipler.ru.xml
new file mode 100644
index 000000000000..ff2938166724
--- /dev/null
+++ b/src/chrome/content/rules/Zipler.ru.xml
@@ -0,0 +1,41 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- www.zipler.co.il
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- www from g0\d.a.alicdn.com ˢ
+			- www from i.ebayimg.com
+
+	ˢ Secured by us
+
+-->
+<ruleset name="Zipler.ru">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.zipler.ru" />
+
+	<!--	Complications:
+				-->
+	<target host="zipler.ru" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.zipler\.ru$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^www\.zipler\.ru$" name=".+" />
+
+
+	<rule from="^http://zipler\.ru/"
+		to="https://www.zipler.ru/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ziplist.com.xml b/src/chrome/content/rules/Ziplist.com.xml
deleted file mode 100644
index 3be89ed2e586..000000000000
--- a/src/chrome/content/rules/Ziplist.com.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="Ziplist.com">
-  <target host="ziplist.com" />
-  <target host="www.ziplist.com" />
-
-  <rule from="^http://(?:www\.)?ziplist\.com/" to="https://www.ziplist.com/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Zipy.co.il.xml b/src/chrome/content/rules/Zipy.co.il.xml
new file mode 100644
index 000000000000..8a30dd6e4f52
--- /dev/null
+++ b/src/chrome/content/rules/Zipy.co.il.xml
@@ -0,0 +1,42 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://analytics.zipy.co.il/ => https://analytics.zipy.co.il/: (6, 'Could not resolve host: analytics.zipy.co.il')
+Fetch error: http://m.zipy.co.il/ => https://m.zipy.co.il/: (51, "SSL: no alternative certificate subject name matches target host name 'm.zipy.co.il'")
+
+	Insecure cookies are set for these hosts:
+
+		- www.zipy.co.il
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- www from g0\d.a.alicdn.com ˢ
+			- www from i.ebayimg.com
+
+	ˢ Secured by us
+
+-->
+<ruleset name="Zipy.co.il" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="zipy.co.il" />
+	<target host="analytics.zipy.co.il" />
+	<target host="m.zipy.co.il" />
+	<target host="www.zipy.co.il" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.zipy\.co\.il$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^www\.zipy\.co\.il$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Zissousecure.com.xml b/src/chrome/content/rules/Zissousecure.com.xml
index ad7c7f8f9445..03d0b9e7c7b0 100644
--- a/src/chrome/content/rules/Zissousecure.com.xml
+++ b/src/chrome/content/rules/Zissousecure.com.xml
@@ -1,13 +1,19 @@
+<!--
+	^zissousecure.com: Dropped over http & https
+
+-->
 <ruleset name="zissousecure.com">
 
-	<target host="zissousecure.com" />
 	<target host="*.zissousecure.com" />
 
+		<test url="http://easterncongo.zissousecure.com/" />
+		<test url="http://givegreen.zissousecure.com/" />
+
 
-	<securecookie host="^(?:.+\.)?zissousecure\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://([\w-]+\.)?zissousecure\.com/"
-		to="https://$1zissousecure.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Zkb.ch.xml b/src/chrome/content/rules/Zkb.ch.xml
new file mode 100644
index 000000000000..acc23d0c32ce
--- /dev/null
+++ b/src/chrome/content/rules/Zkb.ch.xml
@@ -0,0 +1,18 @@
+<!--
+	Incomplete certificate chain:
+		- edl.zkb.ch
+-->
+<ruleset name="Zkb.ch">
+	<target host="zkb.ch" />
+	<target host="www.zkb.ch" />
+	<target host="2020.zkb.ch" />
+	<target host="etradingpro.zkb.ch" />
+	<target host="kundenzufriedenheit.zkb.ch" />
+	<target host="onba.zkb.ch" />
+	<target host="testplattform.zkb.ch" />
+	<target host="webmail.zkb.ch" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Zlatkovic.com.xml b/src/chrome/content/rules/Zlatkovic.com.xml
new file mode 100644
index 000000000000..ee8a89864faa
--- /dev/null
+++ b/src/chrome/content/rules/Zlatkovic.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="Zlatkovic.com">
+
+	<target host="zlatkovic.com" />
+	<target host="www.zlatkovic.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Zlavadna.sk.xml b/src/chrome/content/rules/Zlavadna.sk.xml
new file mode 100644
index 000000000000..c2acdca1f4d1
--- /dev/null
+++ b/src/chrome/content/rules/Zlavadna.sk.xml
@@ -0,0 +1,6 @@
+<ruleset name="Zlavadna.sk">
+  <target host="zlavadna.sk" />
+  <target host="www.zlavadna.sk" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Zlavy.odpadnes.sk.xml b/src/chrome/content/rules/Zlavy.odpadnes.sk.xml
new file mode 100644
index 000000000000..0ade5322c9cd
--- /dev/null
+++ b/src/chrome/content/rules/Zlavy.odpadnes.sk.xml
@@ -0,0 +1,7 @@
+<ruleset name="Zlavy.odpadnes.sk">
+  <target host="odpadnes.sk" />
+  <target host="www.odpadnes.sk" />
+  <target host="zlavy.odpadnes.sk" />
+
+  <rule from="^http://(?:www\.|zlavy\.)?odpadnes\.sk/" to="https://zlavy.odpadnes.sk/" />
+</ruleset>
diff --git a/src/chrome/content/rules/Zmanda.xml b/src/chrome/content/rules/Zmanda.xml
index 466631bb8133..bcfb45031ac1 100644
--- a/src/chrome/content/rules/Zmanda.xml
+++ b/src/chrome/content/rules/Zmanda.xml
@@ -2,22 +2,55 @@
 	Problematic subdomains:
 
 		- archives	(times out)
-		- mysqlbackup *
-		- wiki *
+		- mysqlbackup ²
 
-	* Works, expired 2012-04-09
+	² Redirect differs
+
+
+	Insecure cookies are set for these hosts:
+
+		- forums.zmanda.com
+		- mysqlbackup.zmanda.com
+		- wiki.zmanda.com
 
 -->
-<ruleset name="Zmanda (partial)">
+<ruleset name="Zmanda.com (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="zmanda.com" />
-	<target host="*.zmanda.com" />
+	<target host="amanda.zmanda.com" />
+	<target host="forums.zmanda.com" />
+	<target host="network.zmanda.com" />
+	<target host="wiki.zmanda.com" />
+	<target host="www.zmanda.com" />
+
+	<!--	Complications:
+				-->
+	<target host="mysqlbackup.zmanda.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(mysqlbackup|wiki)\.zmanda\.com$" name="^bb2_screener$" /-->
+	<!--securecookie host="^forums\.zmanda\.com$" name="^bb_sessionhash$" /-->
+
+	<securecookie host="^(?:(?:forums|mysqlbackup|\.?network|wiki))\.zmanda\.com$" name=".+" />
 
 
-	<securecookie host="^(?:forums|\.?network)\.zmanda\.com$" name=".+" />
+	<!--	Redirects as so over http:
+						-->
+	<rule from="^http://mysqlbackup\.zmanda\.com/+(?:\??$|(index\.php(?:$|[?/])))"
+		to="https://wiki.zmanda.com/$1" />
 
+		<test url="http://mysqlbackup.zmanda.com/?" />
+		<test url="http://mysqlbackup.zmanda.com//" />
+		<test url="http://mysqlbackup.zmanda.com/index.php" />
+		<test url="http://mysqlbackup.zmanda.com/index.php?" />
+		<test url="http://mysqlbackup.zmanda.com//index.php" />
+		<test url="http://mysqlbackup.zmanda.com//index.php?" />
 
-	<rule from="^http://((?:forums|network|www)\.)?zmanda\.com/"
-		to="https://$1zmanda.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Zoho-mismatches.xml b/src/chrome/content/rules/Zoho-mismatches.xml
index 2ba0212c3c80..7c8c7315ee7e 100644
--- a/src/chrome/content/rules/Zoho-mismatches.xml
+++ b/src/chrome/content/rules/Zoho-mismatches.xml
@@ -2,21 +2,15 @@
 	For rules that are on by default, see Zoho.xml.
 
 -->
-<ruleset name="Zoho (mismatches)" default_off="mismatch">
+<ruleset name="Zoho (mismatched)" default_off="mismatched">
 
-	<!--	Cert:	*.manageengine.com	-->
-	<target host="webnms.com" />
-	<target host="www.webnms.com" />
 	<target host="lounge.zohocrm.com" />
 
 
-	<securecookie host="^lounge\.zohocrm\.com$" name=".*" />
+	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?webnms\.com/"
-		to="https://webnms.com/" />
-
-	<rule from="^http://lounge\.zohocrm\.com/"
-		to="https://lounge.zohocrm.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Zoho.jp.xml b/src/chrome/content/rules/Zoho.jp.xml
index 4954f020a122..df2cc56b6211 100644
--- a/src/chrome/content/rules/Zoho.jp.xml
+++ b/src/chrome/content/rules/Zoho.jp.xml
@@ -1,4 +1,8 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.zoho.co.jp/ => https://www.zoho.co.jp/: (51, "SSL: no alternative certificate subject name matches target host name 'www.zoho.co.jp'")
+
 	For other Zoho coverage, see Zoho.xml.
 
 
@@ -6,28 +10,23 @@
 
 		- Images, on blogs from:
 
-			- blogs *
-			- blogs.site24x7.com *
+			- tools.manageengine.com *
+			- www.manageengine.com *
+
+		- Bug on www from www.facebook.com *
 
 	* Secured by us
 
 -->
-<ruleset name="Zoho.jp (partial)">
+<ruleset name="Zoho.jp" default_off="failed ruleset test">
 
 	<target host="zoho.jp" />
-	<target host="*.zoho.jp" />
+	<target host="blogs.zoho.jp" />
 	<target host="ssl.zoho.co.jp" />
+	<target host="www.zoho.co.jp" />
 
 
-	<securecookie host="^forums\.zoho\.jp$" name=".+" />
-
-
-	<!--	Unsupported //zoho.jp paths redirect to http://www.
-									-->
-	<rule from="^http://(blogs\.|forums\.)?zoho\.jp/"
-		to="https://$1zoho.jp/" />
-
-	<rule from="^http://ssl\.zoho\.co\.jp/"
-		to="https://ssl.zoho.co.jp/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Zoho.xml b/src/chrome/content/rules/Zoho.xml
index 47ec5cda612a..d398b39b6af7 100644
--- a/src/chrome/content/rules/Zoho.xml
+++ b/src/chrome/content/rules/Zoho.xml
@@ -5,62 +5,141 @@
 	Other Zoho rulesets:
 
 		- ManageEngine.xml
+		- ManageEngine.jp.xml
 		- Site24x7.xml
+		- WebNMS.com.xml
 		- Zoho.jp.xml
+		- Zoho_static.com.xml
 
 
-	Nonfunctional domains:
+	Nonfunctional hosts in *zoho.com:
 
-		- (www.)swissql.com	(cert: *.manageengine.com; $ redirects to http; .+ redirects to that domain and 404s)
+		- crmkbase.zoho.com ʰ
 
+	ʰ Redirects to http
 
-	Problematic domains:
 
-		- customer-discussions.zoho.com		(works, redirects to forum.zoho-china.com)
-		- forum.zoho-china.com			(mismatched)
+	Problematic hosts in *zoho.com:
 
--->
-<ruleset name="Zoho (partial)">
-
-	<target host="forums.webnms.com" />
-	<target host="zoho.com" />
-	<target host="*.zoho.com" />
-	<target host="zohoblogs.com" />
-	<target host="www.zohoblogs.com" />
-	<target host="zohocorp.com" />
-	<target host="www.zohocorp.com" />
-	<target host="*.zohostatic.com" />
+		- www.blogs ᵐ
+		- kbase.creator ᵐ
+		- www.creator ᵈ
+		- customer-discussions	(works, redirects to forum.zoho-china.com)
+		- www.forums ᵐ
+		- signup-dr ˣ
 
+	ᵐ Mismatched
+	ᵈ Dropped
+	ˣ Mixed css/iframe
 
-	<securecookie host="^forums\.webnms\.com$" name=".+" />
-	<securecookie host="^.*\.zoho\.com$" name=".+" />
-	<securecookie host="^(?:www\.)?zohoblogs\.com$" name=".+" />
 
+	Wildcards covered:
 
-	<rule from="^http://forums\.webnms\.com/"
-		to="https://forums.webnms.com/" />
-
-	<!--	Observed wiki subdomains:
+		- *.wiki.zoho.com:
 
 			- arvindnatarajan
 			- vbmacros
 			- zohocrm
 			- zohocrmapi
 			- zohodiscussions
+
+
+	These altnames don't exist:
+
+		- customer-blogs.zoho.com
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .zoho.com
+		- accounts.zoho.com
+		- contacts.zoho.com
+		- creator.zoho.com
+
+
+	Mixed content:
+
+		- iframe on signup-dr from $self *
+		- css on signup-dr from www.zoho.com *
+		- Image on signup-dr from www.zoho.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Zoho.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="zoho.com" />
+	<target host="accounts.zoho.com" />
+	<target host="assist.zoho.com" />
+	<target host="blog.zoho.com" />
+	<target host="blogs.zoho.com" />
+	<target host="business.zoho.com" />
+	<target host="chat.zoho.com" />
+	<target host="contacts.zoho.com" />
+
+	<target host="creator.zoho.com" />
+	<target host="api.creator.zoho.com" />
+	<target host="help.creator.zoho.com" />
+
+	<target host="crm.zoho.com" />
+	<target host="discuss.zoho.com" />
+	<target host="discussions.zoho.com" />
+	<target host="help.discussions.zoho.com" />
+	<target host="docs.zoho.com" />
+	<target host="forums.zoho.com" />
+	<target host="help.zoho.com" />
+	<target host="invoice.zoho.com" />
+	<target host="iplocation.zoho.com" />
+	<target host="mail.zoho.com" />
+	<target host="meeting.zoho.com" />
+	<target host="notebook.zoho.com" />
+	<target host="personal.zoho.com" />
+	<target host="projects.zoho.com" />
+	<target host="recruit.zoho.com" />
+	<target host="reports.zoho.com" />
+	<target host="people.zoho.com" />
+	<target host="search.zoho.com" />
+	<target host="sheet.zoho.com" />
+	<target host="show.zoho.com" />
+	<!--target host="signup-dr.zoho.com" /-->
+	<target host="support.zoho.com" />
+	<target host="wiki.zoho.com" />
+	<target host="*.wiki.zoho.com" />
+	<target host="writer.zoho.com" />
+	<target host="www.zoho.com" />
+
+	<!--	Complications:
+				-->
+	<target host="www.blogs.zoho.com" />
+	<!--target host="kbase.creator.zoho.com" /-->
+	<target host="www.creator.zoho.com" />
+	<target host="www.forums.zoho.com" />
+
+		<!--	Redirects to http:
 						-->
-	<rule from="^http://((?:accounts|assist|(?:customer-|www\.)?blogs|business|chat|(?:(?:api|help|kbase|lounge|www)\.)?creator|crm|crmkbase|discuss|(?:help\.)?discussions|docs|forums|invoice|iplocation|mail|meeting|notebook|personal|planner|projects|recruit|reports|people|search|share|sheet|show2?|support|viewer|(?:\w+\.)?wiki|export\.writer|writer2?|www)\.)?zoho\.com/"
-		to="https://$1zoho.com/" />
+		<!--exclusion pattern="^http://crmkbase\.zoho\.com/($|wp-content/)" /-->
 
-	<rule from="^http://(www\.)?zoho(blogs|corp)\.com/"
-		to="https://$1zoho$2.com/" />
+		<!--	Sets cookies without Secure:
+							-->
+		<test url="http://contacts.zoho.com/file?ot=8&amp;ID=47070489&amp;t=serviceorg" />
 
-	<!--	Observed subdomains:
 
-			- css
-			- img
-			- js
+	<!--	Not secured by server:
 					-->
-	<rule from="^http://(\w+)\.zohostatic\.com/"
-		to="https://$1.zohostatic.com/"/>
+	<!--securecookie host="^\.zoho\.com$" name="^ztk$" /-->
+	<!--securecookie host="^(?:accounts|help|sheet|show|wiki)\.zoho\.com$" name="^(JSESSIONID|[\da-f]{10})$" /-->
+	<!--securecookie host="^contacts\.zoho\.com$" name="^[\da-f]{10}$" /-->
+	<!--securecookie host="^creator\.zoho\.com$" name="^[\da-f]{10}$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://www\.(blogs|creator|forums)\.zoho\.com/"
+		to="https://$1.zoho.com/" />
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Zoho_Corp.com.xml b/src/chrome/content/rules/Zoho_Corp.com.xml
new file mode 100644
index 000000000000..e9633fa5a1b9
--- /dev/null
+++ b/src/chrome/content/rules/Zoho_Corp.com.xml
@@ -0,0 +1,14 @@
+<!--
+	For other Zoho coverage, see Zoho.xml.
+
+-->
+<ruleset name="Zoho Corp.com">
+
+	<target host="zohocorp.com" />
+	<target host="www.zohocorp.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Zoho_Discussions.com.xml b/src/chrome/content/rules/Zoho_Discussions.com.xml
new file mode 100644
index 000000000000..3959d8822915
--- /dev/null
+++ b/src/chrome/content/rules/Zoho_Discussions.com.xml
@@ -0,0 +1,42 @@
+<!--
+	For other Zoho coverage, see Zoho.xml.
+
+
+	www.zohodiscussions.com: Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- zohodiscussions.com
+		- pre.zohodiscussions.com
+
+-->
+<ruleset name="Zoho Discussions.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="zohodiscussions.com" />
+	<target host="pre.zohodiscussions.com" />
+
+	<!--	Complications:
+				-->
+	<target host="www.zohodiscussions.com" />
+
+		<test url="http://zohodiscussions.com/getCustomFile.do" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(pre\.)?zohodiscussions\.com$" name="^JSESSIONID" /-->
+	<!--securecookie host="^zohodiscussions\.com$" name="^[\da-f]{10}$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://www\.zohodiscussions\.com/"
+		to="https://zohodiscussions.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Zoho_static.com.xml b/src/chrome/content/rules/Zoho_static.com.xml
new file mode 100644
index 000000000000..4a7c4494c613
--- /dev/null
+++ b/src/chrome/content/rules/Zoho_static.com.xml
@@ -0,0 +1,25 @@
+<!--
+	For other Zoho coverage, see Zoho.xml.
+
+
+	Fully covered domains:
+
+		- *.zohostatic.com:
+
+			- css
+			- img
+			- js
+
+-->
+<ruleset name="Zoho static.com">
+
+	<target host="*.zohostatic.com" />
+
+		<test url="http://css.zohostatic.com/support/rq_v21/css/ProximaNova.css" />
+		<test url="http://img.zohostatic.com/discussions/v1/images/defaultPhoto.png" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Zoklet.net.xml b/src/chrome/content/rules/Zoklet.net.xml
index da8c32717c13..5a74108c42ec 100644
--- a/src/chrome/content/rules/Zoklet.net.xml
+++ b/src/chrome/content/rules/Zoklet.net.xml
@@ -1,6 +1,6 @@
-<ruleset name="Zoklet.net">
-  <target host="www.zoklet.net"/>
-  <target host="zoklet.net"/>
-  <securecookie host="^(.*\.)?zoklet\.net$" name=".*"/>
-  <rule from="^http://(www\.)?zoklet\.net/" to="https://www.zoklet.net/"/>
-</ruleset>
+<ruleset name="Zoklet.net" default_off="refused">
+  <target host="www.zoklet.net"/>
+  <target host="zoklet.net"/>
+  <securecookie host=".+" name=".+" />
+  <rule from="^http://(?:www\.)?zoklet\.net/" to="https://www.zoklet.net/"/>
+</ruleset>
diff --git a/src/chrome/content/rules/Zom.im.xml b/src/chrome/content/rules/Zom.im.xml
new file mode 100644
index 000000000000..8dae3b5d7dbf
--- /dev/null
+++ b/src/chrome/content/rules/Zom.im.xml
@@ -0,0 +1,39 @@
+<!--
+	NB: Tor users cannot view* this website due to CloudFlare settings.
+
+	See:
+
+		- https://blog.torproject.org/blog/call-arms-helping-internet-services-accept-anonymous-users
+		- https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block-Tor-
+		- https://support.cloudflare.com/hc/en-us/articles/200170206-How-do-I-turn-I-m-Under-Attack-mode-on-
+
+	* without enabling javascript, for security and privacy implications see e.g.:
+
+		- https://www.mozilla.org/security/known-vulnerabilities/firefox.html
+		- https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-fingerprinting
+		- https://panopticlick.eff.org
+
+
+	Insecure cookies are set for these domains:
+
+		- .zom.im
+
+-->
+<ruleset name="Zom.im">
+
+	<target host="zom.im" />
+	<target host="www.zom.im" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.zom\.im$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Zomato.com.xml b/src/chrome/content/rules/Zomato.com.xml
new file mode 100644
index 000000000000..6fedf98441a2
--- /dev/null
+++ b/src/chrome/content/rules/Zomato.com.xml
@@ -0,0 +1,38 @@
+<!--
+	Other Zomato rulesets:
+
+		- zmtcdn.com.xml
+
+
+	Nonfunctional hosts in *zomato.com:
+
+		- blog ʳ
+
+	ʳ Tumblr / refused
+
+
+	Insecure cookies are set for these domains:
+
+		- .zomato.com
+
+-->
+<ruleset name="Zomato.com (partial)">
+
+	<target host="zomato.com" />
+	<target host="business-blog.zomato.com" />
+	<target host="culture.zomato.com" />
+	<target host="developers.zomato.com" />
+	<target host="www.zomato.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.zomato\.com$" name="^(?:_gat?|fbcity|fbtrack|zl)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Zombie-Watch.xml b/src/chrome/content/rules/Zombie-Watch.xml
index 950be45276bb..bb41b1bc833f 100644
--- a/src/chrome/content/rules/Zombie-Watch.xml
+++ b/src/chrome/content/rules/Zombie-Watch.xml
@@ -1,13 +1,13 @@
-<ruleset name="Zombie Watch">
+<ruleset name="Zombie Watch.org">
 
 	<target host="zombeewatch.org" />
 	<target host="www.zombeewatch.org" />
 
 
-	<securecookie host="^www\.zombeewatch\.org$" name=".*" />
+	<securecookie host="^www\.zombeewatch\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?zombeewatch\.org/"
-		to="https://$1zombeewatch.org/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Zona.media.xml b/src/chrome/content/rules/Zona.media.xml
new file mode 100644
index 000000000000..816170a839c1
--- /dev/null
+++ b/src/chrome/content/rules/Zona.media.xml
@@ -0,0 +1,6 @@
+<ruleset name="Zona.media">
+	<target host="zona.media" />
+	<target host="www.zona.media" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Zone-H.org.xml b/src/chrome/content/rules/Zone-H.org.xml
new file mode 100644
index 000000000000..be72505eb302
--- /dev/null
+++ b/src/chrome/content/rules/Zone-H.org.xml
@@ -0,0 +1,13 @@
+<ruleset name="Zone-H.org">
+
+	<target host="zone-h.org" />
+	<target host="www.zone-h.org" />
+
+
+	<securecookie host="^\." name="^__utm" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ZoneEdit.xml b/src/chrome/content/rules/ZoneEdit.xml
index 769bbe5513eb..1c42ed732f8f 100644
--- a/src/chrome/content/rules/ZoneEdit.xml
+++ b/src/chrome/content/rules/ZoneEdit.xml
@@ -1,12 +1,45 @@
-<ruleset name="ZoneEdit (partial)">
+<!--
+	For other easyDNS coverage, see EasyDNS.xml.
+
+
+	Problematic hosts in *zoneedit.com:
+
+		- blog ¹
+		- cp ²
+
+	¹ Mismatched
+	² Blocks Tor users
+
+
+	Insecure cookies are set for these hosts:
+
+		- cp.zoneedit.com
+		- support.zoneedit.com
+
+
+	Mixed content:
+
+		- Images on blog from $self
+
+-->
+<ruleset name="ZoneEdit.com (partial)">
 
 	<target host="zoneedit.com" />
+	<!--target host="blog.zoneedit.com" /-->
+	<target host="cp.zoneedit.com" />
+	<target host="support.zoneedit.com" />
 	<target host="www.zoneedit.com" />
 
 
-	<!--	Some (most?) pages redirect to http.
-							-->
-	<rule from="^http://(www\.)?zoneedit\.com/(css/|img/|js/|signUp\.html)"
-		to="https://$1zoneedit.com/$2" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^cp\.zoneedit\.com$" name="^easydns_language$" /-->
+	<!--securecookie host="^support\.zoneedit\.com$" name="^(SWIFT_client|SWIFT_sessionid40)$" /-->
+
+	<securecookie host="^(?:cp|support)\.zoneedit\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Zoner.fi.xml b/src/chrome/content/rules/Zoner.fi.xml
index 0478a3b8f53b..cfe33508a795 100644
--- a/src/chrome/content/rules/Zoner.fi.xml
+++ b/src/chrome/content/rules/Zoner.fi.xml
@@ -1,21 +1,22 @@
-<!--
-	Mixed content:
-
-		- Images on www from www *
-
-	* Secured by us
-
--->
 <ruleset name="Zoner.fi">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="zoner.fi" />
+	<target host="oma.zoner.fi" />
+	<target host="tuki.zoner.fi" />
 	<target host="www.zoner.fi" />
 
 
-	<securecookie host="^www\.zoner\.fi$" name=".+" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^oma\.zoner\.fi$" name="^csrftoken$" /-->
+	<!--securecookie host="^tuki\.zoner\.fi$" name="^(SWIFT_client|SWIFT_sessionid40)$" /-->
+
+	<securecookie host="^(?:oma|tuki|www)\.zoner\.fi$" name=".+" />
 
 
-	<rule from="^http://(www\.)?zoner\.fi/"
-		to="https://$1zoner.fi/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Zones.com.xml b/src/chrome/content/rules/Zones.com.xml
new file mode 100644
index 000000000000..0ac7ba1ad85e
--- /dev/null
+++ b/src/chrome/content/rules/Zones.com.xml
@@ -0,0 +1,15 @@
+<!--
+	Invalid certificate:
+		- blog.zones.com
+		- careers.zones.com
+-->
+
+<ruleset name="Zones.com">
+	<target host="zones.com" />
+	<target host="www.zones.com" />
+	<target host="media.zones.com" />
+	<target host="test.zones.com" />
+	<target host="uk.zones.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Zong.xml b/src/chrome/content/rules/Zong.xml
deleted file mode 100644
index cb295d5edcd9..000000000000
--- a/src/chrome/content/rules/Zong.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	CDN buckets:
-
-		- d12ssnlxl22ufg.cloudfront.net
-
--->
-<ruleset name="Zong (partial)">
-
-	<target host="pay02.zong.com" />
-
-
-	<rule from="^http://pay02\.zong\.com/"
-		to="https://pay02.zong.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Zonomi.xml b/src/chrome/content/rules/Zonomi.xml
index 5d3c95e442a3..4a50f8a7abfd 100644
--- a/src/chrome/content/rules/Zonomi.xml
+++ b/src/chrome/content/rules/Zonomi.xml
@@ -1,6 +1,56 @@
-<ruleset name="Zonomi">
-  <target host="www.zonomi.com" />
-  <target host="zonomi.com" />
-  <rule from="^http://(www\.)?zonomi\.com/" to="https://zonomi.com/"/>
-  <securecookie host="^zonomi.com$" name=".*" />
-</ruleset>
\ No newline at end of file
+<!--
+	^: Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- zonomi.com
+
+
+	Mixed content:
+
+		- favicon from $self
+
+-->
+<ruleset name="Zonomi.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+  <target host="zonomi.com" />
+
+	<!--	Complications:
+				-->
+  <target host="www.zonomi.com" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://zonomi\.com/$" /-->
+
+		<!--	Exceptions:
+					-->
+		<exclusion pattern="^http://zonomi\.com/+(?!css/|favicon\.ico|images/|r/css$|type-face/)" />
+
+			<test url="http://zonomi.com/?foo" />
+			<test url="http://zonomi.com//" />
+			<test url="http://zonomi.com/foo" />
+			<test url="http://zonomi.com/foo?bar" />
+			<test url="http://zonomi.com/howto/vanity-name-servers" />
+			<test url="http://zonomi.com/zoneinfo.jsp" />
+
+			<!--	-ve:
+					-->
+			<test url="http://zonomi.com/favicon.ico" />
+			<test url="http://zonomi.com/r/css" />
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^zonomi\.com$" name="^uv$" /-->
+
+  <!--securecookie host="^zonomi.com$" name=".*" /-->
+
+  <rule from="^http://www\.zonomi\.com/" to="https://zonomi.com/"/>
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Zoo.org.xml b/src/chrome/content/rules/Zoo.org.xml
new file mode 100644
index 000000000000..c54939739388
--- /dev/null
+++ b/src/chrome/content/rules/Zoo.org.xml
@@ -0,0 +1,22 @@
+<!--
+	Different HTTP/HTTPS content:
+		- education1.zoo.org
+		- mail.zoo.org
+
+	Secure connection failed:
+		- blog.zoo.org
+
+	Unable to connect:
+		- elephants.zoo.org
+		- mymail.zoo.org
+-->
+<ruleset name="Zoo.org">
+	<target host="zoo.org" />
+	<target host="www.zoo.org" />
+	<target host="education.zoo.org" />
+	<target host="shop.zoo.org" />
+	<target host="specialoffer.zoo.org" />
+	<target host="zoostore.zoo.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Zoo24.de.xml b/src/chrome/content/rules/Zoo24.de.xml
deleted file mode 100644
index fe730b99043b..000000000000
--- a/src/chrome/content/rules/Zoo24.de.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!-- This rule was automatically generated based on an HSTS
-     preload rule in the Chromium browser.  See
-     https://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.h
-     for the list of preloads.  Sites are added to the Chromium HSTS
-     preload list on request from their administrators, so HTTPS should
-     work properly everywhere on this site.
-
-     Because Chromium and derived browsers automatically force HTTPS for
-     every access to this site, this rule applies only to Firefox. -->
-<ruleset name="Zoo24.de" platform="firefox">
-<target host="zoo24.de" />
-
-<securecookie host="^zoo24\.de$" name=".+" />
-
-<rule from="^http://zoo24\.de/" to="https://zoo24.de/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Zooko.com.xml b/src/chrome/content/rules/Zooko.com.xml
new file mode 100644
index 000000000000..ae9adcc75bca
--- /dev/null
+++ b/src/chrome/content/rules/Zooko.com.xml
@@ -0,0 +1,24 @@
+<!--
+	Nonfunctional hosts in *zooko.com:
+
+		- lists *
+
+	* Refused
+
+
+	(www.)?: Dropped over http & https
+
+-->
+<ruleset name="Zooko.com" default_off="refused">
+
+	<target host="zooko.com" />
+	<target host="www.zooko.com" />
+
+
+	<securecookie host="^zooko\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Zooku.xml b/src/chrome/content/rules/Zooku.xml
index 524d17edfb80..6b9ffdad0131 100644
--- a/src/chrome/content/rules/Zooku.xml
+++ b/src/chrome/content/rules/Zooku.xml
@@ -1,13 +1,14 @@
-<ruleset name="Zooku">
+<ruleset name="Zooku.ro">
 
 	<target host="zooku.ro" />
-	<target host="*.zooku.ro" />
+	<target host="secure.zooku.ro" />
+	<target host="www.zooku.ro" />
 
 
-	<securecookie host="^(?:.+\.)?zooku\.ro$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(secure\.|www\.)?zooku\.ro/"
-		to="https://$1zooku.rp/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Zoological_Society_of_London.xml b/src/chrome/content/rules/Zoological_Society_of_London.xml
index 0518b5843158..2c7ce9ef9147 100644
--- a/src/chrome/content/rules/Zoological_Society_of_London.xml
+++ b/src/chrome/content/rules/Zoological_Society_of_London.xml
@@ -1,27 +1,35 @@
 <!--
+	Zoological Society of London
+
 	Nonfunctional subdomains:
 
+		- shop		(connection refused)
 		- sites		(record_too_long)
 
 
 	Problematic subdomains:
 
 		- ^	(cert only matches www)
+		- static ²
+
+	² Expired
 
 -->
-<ruleset name="Zoological Society of London (partial)">
+<ruleset name="ZSL.org (partial)">
 
 	<target host="zsl.org" />
-	<target host="*.zsl.org" />
+	<target host="admin.zsl.org" />
+	<!--target host="static.zsl.org" /-->
+	<target host="www.zsl.org" />
 
 
 	<securecookie host="^www\.zsl\.org$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?zsl\.org/"
+	<rule from="^http://zsl\.org/"
 		to="https://www.zsl.org/" />
 
-	<rule from="^http://static\.zsl\.org/"
-		to="https://static.zsl.org/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Zoom.com.br.xml b/src/chrome/content/rules/Zoom.com.br.xml
new file mode 100644
index 000000000000..2724e32fb4b1
--- /dev/null
+++ b/src/chrome/content/rules/Zoom.com.br.xml
@@ -0,0 +1,26 @@
+<!--
+	Other Zoom rulesets:
+
+		- Zst.com.br.xml
+
+
+	Nonfunctional hosts in *zoom.com.br:
+
+		- (www.)? ¹
+		- anunciante ²
+
+	¹ Redirects to http
+	² Dropped
+
+-->
+<ruleset name="Zoom.com.br (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="distribution.zoom.com.br" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Zoom.us.xml b/src/chrome/content/rules/Zoom.us.xml
new file mode 100644
index 000000000000..726cda656433
--- /dev/null
+++ b/src/chrome/content/rules/Zoom.us.xml
@@ -0,0 +1,38 @@
+<!--
+	Remark: Zoom.us uses a wildcard certificate to serve the corporate URL
+	To avoid critical breakage, a wildcard target not is used during the
+	time of SARS-CoV-2 coronavirus global pandemic.
+
+	Non-functional hosts:
+		Mixed content blocking (MCB) triggered:
+		- csun.zoom.us
+		- oracle.zoom.us
+		- tamu.zoom.us
+-->
+<ruleset name="Zoom.us (partial)">
+	<target host="zoom.us" />
+	<target host="www.zoom.us" />
+	<target host="adelaide.zoom.us" />
+	<target host="auckland.zoom.us" />
+	<target host="bryant.zoom.us" />
+	<target host="dcc.zoom.us" />
+	<target host="deloitte.zoom.us" />
+	<target host="ecu.zoom.us" />
+	<target host="hkust.zoom.us" />
+	<target host="jhjhm.zoom.us" />
+	<target host="jhubluejays.zoom.us" />
+	<target host="ksu.zoom.us" />
+	<target host="lemoyne.zoom.us" />
+	<target host="msu.zoom.us" />
+	<target host="operative.zoom.us" />
+	<target host="roosevelt.zoom.us" />
+	<target host="seattleu.zoom.us" />
+	<target host="transifex.zoom.us" />
+	<target host="ufl.zoom.us" />
+	<target host="uncsph.zoom.us" />
+	<target host="unsw.zoom.us" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ZoomEye.org.xml b/src/chrome/content/rules/ZoomEye.org.xml
new file mode 100644
index 000000000000..b932125426f4
--- /dev/null
+++ b/src/chrome/content/rules/ZoomEye.org.xml
@@ -0,0 +1,21 @@
+<!--
+	Nonfunctional hosts in *zoomeye.org:
+
+		- ics *
+
+	* Shows ^zoomeye.org
+
+-->
+<ruleset name="ZoomEye.org (partial)">
+
+	<target host="zoomeye.org" />
+	<target host="www.zoomeye.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Zoomerang.xml b/src/chrome/content/rules/Zoomerang.xml
index 477c81d127f1..0ea175b7c8bf 100644
--- a/src/chrome/content/rules/Zoomerang.xml
+++ b/src/chrome/content/rules/Zoomerang.xml
@@ -1,11 +1,11 @@
-<!--
-	For other SurveyMonkey coverage, see SurveyMonkey.xml.
-
 
-	Fully covered subdomains:
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://zoomerang.com/ => https://zoomerang.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://static.zoomerang.com/ => https://static.zoomerang.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.zoomerang.com/ => https://www.zoomerang.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 
-		- (www.)
-		- static
+	For other SurveyMonkey coverage, see SurveyMonkey.xml.
 
 
 	Mixed content:
@@ -19,17 +19,20 @@
 	mark this ruleset as mixedcontent.
 
 -->
-<ruleset name="Zoomerang">
+<ruleset name="Zoomerang.com" default_off="failed ruleset test">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="zoomerang.com" />
-	<target host="*.zoomerang.com" />
+	<target host="static.zoomerang.com" />
+	<target host="www.zoomerang.com" />
 
 
 	<!--securecookie host="^\.zoomerang\.com$" name="^(__qca|__utm\w|zTrack)$" /-->
-	<securecookie host="^\.zoomerang\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(static\.|www\.)?zoomerang\.com/"
-		to="https://$1zoomerang.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Zoomshare.xml b/src/chrome/content/rules/Zoomshare.xml
index 1ac0c30aa3ce..f37b544a2d9b 100644
--- a/src/chrome/content/rules/Zoomshare.xml
+++ b/src/chrome/content/rules/Zoomshare.xml
@@ -3,13 +3,20 @@
 
 		- (www.)	(refused)
 
+
+	Problematic subdomains:
+
+		- ssl *
+
+	* Server sends no certificate chain, see https://whatsmychaincert.com
+
 -->
-<ruleset name="Zoomshare (partial)">
+<ruleset name="Zoomshare.com (partial)" default_off="cert-chain">
 
 	<target host="ssl.zoomshare.com" />
 
 
-	<rule from="^http://ssl\.zoomshare\.com/"
-		to="https://ssl.zoomshare.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Zooniverse.xml b/src/chrome/content/rules/Zooniverse.xml
index 66d404ec870a..3142c9eb98fc 100644
--- a/src/chrome/content/rules/Zooniverse.xml
+++ b/src/chrome/content/rules/Zooniverse.xml
@@ -1,22 +1,46 @@
 <!--
+	(www.)? redirects to login back
+
+
 	Problematic subdomains:
 
-		- ^	(times out)
+		- daily *
+		- live *
+
+	* Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- login.zooniverse.org
+
+
+	Mixed content:
+
+		- css on live.zooniverse.org from fonts.googleapis.com *
+
+	* Secured by us
 
 -->
-<ruleset name="Zooniverse">
+<ruleset name="Zooniverse.org (partial)">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="zooniverse.org" />
+	<!--target host="daily.zooniverse.org" /-->
+	<!--target host="live.zooniverse.org" /-->
+	<target host="login.zooniverse.org" />
 	<target host="www.zooniverse.org" />
 
 
-	<securecookie host="^.+\.zooniverse\.org$" name=".+" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^login\.zooniverse\.org$" name="^lang$" /-->
 
+	<securecookie host="^.+\.zooniverse\.org$" name=".+" />
 
-	<rule from="^http://(?:www\.)?zooinverse\.org/"
-		to="https://www.zooniverse.org/" />
 
-	<rule from="^http://login\.zooniverse\.org/"
-		to="https://login.zooniverse.org/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Zoosk.com.xml b/src/chrome/content/rules/Zoosk.com.xml
index 2d176b2eef1f..113957ea7bac 100644
--- a/src/chrome/content/rules/Zoosk.com.xml
+++ b/src/chrome/content/rules/Zoosk.com.xml
@@ -1,6 +1,20 @@
-<ruleset name="Zoosk.com">
-  <target host="zoosk.com" />
-  <target host="www.zoosk.com" />
 
-  <rule from="^http://(?:www\.)?zoosk\.com/" to="https://www.zoosk.com/" />
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://zoosk.com/ (200) => https://zoosk.com/ (403)
+
+-->
+<ruleset name="Zoosk.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="zoosk.com" />
+	<target host="about.zoosk.com" />
+	<target host="dating.zoosk.com" />
+	<target host="www.zoosk.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/Zopa.xml b/src/chrome/content/rules/Zopa.xml
deleted file mode 100644
index d4333d48421a..000000000000
--- a/src/chrome/content/rules/Zopa.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="Zopa (partial)">
-
-	<target host="zopa.com"/>
-	<target host="uk.zopa.com"/>
-	<target host="www.zopa.com"/>
-
-	<rule from="^http://(?:uk\.|www\.)?zopa\.com/"
-		to="https://uk.zopa.com/"/>
-
-	<securecookie host="^\.zopa\.com$" name=".*"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Zopim.com.xml b/src/chrome/content/rules/Zopim.com.xml
new file mode 100644
index 000000000000..859a080bdfc5
--- /dev/null
+++ b/src/chrome/content/rules/Zopim.com.xml
@@ -0,0 +1,29 @@
+<ruleset name="Zopim.com">
+	<target host="zopim.com" />
+	<target host="www.zopim.com" />
+	<target host="account.zopim.com" />
+	<target host="accounts.zopim.com" />
+	<target host="api.zopim.com" />
+	<target host="blog.zopim.com" />
+	<target host="cdn.zopim.com" />
+	<target host="classic.zopim.com" />
+	<target host="dashboard.zopim.com" />
+	<target host="de.zopim.com" />
+	<target host="de04.zopim.com" />
+	<target host="es.zopim.com" />
+	<target host="fr.zopim.com" />
+	<target host="message.zopim.com" />
+	<target host="reseller.zopim.com" />
+	<target host="ru.zopim.com" />
+	<target host="status.zopim.com" />
+	<target host="tickets.zopim.com" />
+	<target host="tr.zopim.com" />
+	<target host="translate.zopim.com" />
+	<target host="us10.zopim.com" />
+	<target host="us14.zopim.com" />
+	<target host="v2.zopim.com" />
+	<target host="www2.zopim.com" />
+	<target host="zendesk.zopim.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Zopim.xml b/src/chrome/content/rules/Zopim.xml
deleted file mode 100644
index 3d01e223c279..000000000000
--- a/src/chrome/content/rules/Zopim.xml
+++ /dev/null
@@ -1,44 +0,0 @@
-<!--
-	zopim.zendesk.com
-
-
-	Fully covered subdomains:
-
-		- (www.)
-		- api
-		- blog
-		- cdn
-		- classic
-		- dashboard
-
-		- de\d\d:
-
-			- de04
-
-		- status
-		- status
-		- status0[12]
-		- tickets
-		- translate
-		- v2
-
-		- us\d\d:
-
-			- us1[04]
-
-		- wiki
-
--->
-<ruleset name="Zopim">
-
-	<target host="zopim.com" />
-	<target host="*.zopim.com" />
-
-
-	<securecookie host="^.*\.zopim\.com$" name=".+" />
-
-
-	<rule from="^http://((?:api|blog|cdn|classic|dashboard|de\d\d|status\d*|tickets|us\d\d|v2|wiki|www)\.)?zopim\.com/"
-		to="https://$1zopim.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Zorpia.xml b/src/chrome/content/rules/Zorpia.xml
index d5936e1f7381..66d8ba0d1a6f 100644
--- a/src/chrome/content/rules/Zorpia.xml
+++ b/src/chrome/content/rules/Zorpia.xml
@@ -120,16 +120,31 @@
 <ruleset name="Zorpia (false MCB)" platform="mixedcontent">
 
 	<target host="zorpia.com" />
-	<target host="*.zorpia.com" />
-	<target host="*.zpcdn.com" />
+	<target host="en.zorpia.com" />
+	<target host="h150.zorpia.com" />
+	<target host="lrg131.zorpia.com" />
+	<target host="me.zorpia.com" />
+	<target host="mini.zorpia.com" />
+	<target host="search.zorpia.com" />
+	<target host="ths.zorpia.com" />
+	<target host="tns.zorpia.com" />
+	<target host="www.zorpia.com" />
+	<target host="static.zorpia.com" />
+	<target host="static.zpcdn.com" />
+	<target host="ec.static.zpcdn.com" />
+	<target host="h150.zpcdn.com" />
+	<target host="ths.zpcdn.com" />
+	<target host="tns.zpcdn.com" />
+	<target host="ec.h150.zpcdn.com" />
+	<target host="ec.ths.zpcdn.com" />
+	<target host="ec.tns.zpcdn.com" />
+	<target host="lrg131.zpcdn.com" />
 
 
 	<!--securecookie host="^\.zorpia\.com$" name="^(switch_to_en|timezone|zorpia_session)$" /-->
 	<securecookie host=".*\.zorpia\.com$" name=".+" />
 
 
-	<rule from="^http://((?:en|h150|lrg131|me|mini|search|t[hn]s|www)\.)?zorpia\.com/"
-		to="https://$1zorpia.com/" />
 
 	<rule from="^http://(?:static\.zorpia|(?:ec\.)?static\.zpcdn)\.com/"
 		to="https://zorpia.com/" />
@@ -140,4 +155,5 @@
 	<rule from="^http://lrg131\.zpcdn\.com/"
 		to="https://lrg131.zorpia.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ZorroVPN.com.xml b/src/chrome/content/rules/ZorroVPN.com.xml
index 7a8ba22ecf27..29e24c69b169 100644
--- a/src/chrome/content/rules/ZorroVPN.com.xml
+++ b/src/chrome/content/rules/ZorroVPN.com.xml
@@ -1,13 +1,15 @@
 <ruleset name="ZorroVPN.com">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="zorrovpn.com" />
-	<target host="*.zorrovpn.com" />
+	<target host="www.zorrovpn.com" />
 
 
 	<securecookie host="^\.zorrovpn\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?zorrovpn\.com/"
-		to="https://$1zorrovpn.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Zotero.xml b/src/chrome/content/rules/Zotero.xml
deleted file mode 100644
index 1f3201097b8a..000000000000
--- a/src/chrome/content/rules/Zotero.xml
+++ /dev/null
@@ -1,27 +0,0 @@
-<!--
-	CDN buckets:
-
-		- d20yc6ste5hadj.cloudfront.net
-
-			- download
-
--->
-<ruleset name="Zotero">
-
-	<target host="zotero.org" />
-	<target host="*.zotero.org" />
-
-
-	<securecookie host="^(?:.*\.)?zotero\.org$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?zotero\.org/"
-		to="https://www.zotero.org/" />
-
-	<rule from="^http://download\.zotero\.org/"
-		to="https://d20yc6ste5hadj.cloudfront.net/" />
-
-	<rule from="^http://forums\.zotero\.org/"
-		to="https://forums.zotero.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Zoznam.sk.xml b/src/chrome/content/rules/Zoznam.sk.xml
new file mode 100644
index 000000000000..7f06af353017
--- /dev/null
+++ b/src/chrome/content/rules/Zoznam.sk.xml
@@ -0,0 +1,64 @@
+<!--
+    certificate chain issues:
+	- farmerama.pauzicka.zoznam.sk
+	- khanwars.pauzicka.zoznam.sk
+	- piratestorm.pauzicka.zoznam.sk
+
+-->
+
+<ruleset name="Zoznam.sk">
+	<target host="zoznam.sk" />
+	<target host="www.zoznam.sk" />
+	<target host="20rokov.zoznam.sk" />
+	<target host="androidportal.zoznam.sk" />
+	<target host="bleskovky.zoznam.sk" />
+	<target host="calendar.zoznam.sk" />
+	<target host="cdn.magazines.zoznam.sk" />
+	<target host="coolmobil.zoznam.sk" />
+	<target host="dlznik.zoznam.sk" />
+	<target host="downloads.zoznam.sk" />
+	<target host="dromedar.zoznam.sk" />
+	<target host="feminity.zoznam.sk" />
+	<target host="free.zoznam.sk" />
+	<target host="gamesite.zoznam.sk" />
+	<target host="glob.zoznam.sk" />
+	<target host="hashtag.zoznam.sk" />
+	<target host="hudba.zoznam.sk" />
+	<target host="karierainfo.zoznam.sk" />
+	<target host="kariera.zoznam.sk" />
+	<target host="mail.zoznam.sk" />
+	<target host="mapa.zoznam.sk" />
+	<target host="media.zoznam.sk" />
+	<target host="mojasvadba.zoznam.sk" />
+	<target host="mojdom.zoznam.sk" />
+	<target host="m.zoznam.sk" />
+	<target host="openiazoch.zoznam.sk" />
+	<target host="pauzicka.zoznam.sk" />
+	<target host="bigfarm.pauzicka.zoznam.sk" />
+	<target host="empire.pauzicka.zoznam.sk" />
+	<target host="pc.zoznam.sk" />
+	<target host="player.zoznam.sk" />
+	<target host="plnielanu.zoznam.sk" />
+	<target host="podkapotou.zoznam.sk" />
+	<target host="predpredaj.zoznam.sk" />
+	<target host="projektyrd.zoznam.sk" />
+	<target host="recycle.zoznam.sk" />
+	<target host="rexik.zoznam.sk" />
+	<target host="sibyla.zoznam.sk" />
+	<target host="smsbrana.zoznam.sk" />
+	<target host="sportky.zoznam.sk" />
+	<target host="sportoviska.zoznam.sk" />
+	<target host="spuntik.zoznam.sk" />
+	<target host="stary.zoznam.sk" />
+	<target host="static-images.zoznam.sk" />
+	<target host="telefonny.zoznam.sk" />
+	<target host="telkac.zoznam.sk" />
+	<target host="tv.zoznam.sk" />
+	<target host="urobsisam.zoznam.sk" />
+	<target host="uschovna.zoznam.sk" />
+	<target host="vysetrenie.zoznam.sk" />
+	<target host="webslovnik.zoznam.sk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
+
diff --git a/src/chrome/content/rules/Zozs.se.xml b/src/chrome/content/rules/Zozs.se.xml
new file mode 100644
index 000000000000..4cfed88cc483
--- /dev/null
+++ b/src/chrome/content/rules/Zozs.se.xml
@@ -0,0 +1,16 @@
+<!--
+	www.zozs.se doesn't exist.
+
+-->
+<ruleset name="zozs.se">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="zozs.se" />
+	<target host="lund.zozs.se" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Zscaler.xml b/src/chrome/content/rules/Zscaler.xml
index 6bc83367152f..c73f9f4985bc 100644
--- a/src/chrome/content/rules/Zscaler.xml
+++ b/src/chrome/content/rules/Zscaler.xml
@@ -1,5 +1,100 @@
-<ruleset name="Zscaler">
-  <target host="www.zscaler.com" />
 
-  <rule from="^http://www\.zscaler\.com/" to="https://www.zscaler.com/"/>
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://info.zscaler.com/css/mktLPSupport.css (200) => https://na-abm.marketo.com/css/mktLPSupport.css (403)
+Non-2xx HTTP code: http://info.zscaler.com/images/forms/backRequiredGray.gif (200) => https://na-abm.marketo.com/images/forms/backRequiredGray.gif (403)
+
+	Nonfunctional hosts in *zscaler.com:
+
+		- info ᴹ
+		- research ᴮ
+		- scrapbook ᴮ
+		- securitypreview ᵈ
+		- zap ʳ
+		- zulu ᵖ
+
+	ᴹ Marketo
+	ᴮ Blogger/handshake fails
+	ᵖ Plaintext reply
+	ᵈ Dropped
+	ʳ Refused
+
+
+	Problematic hosts in *zscaler.com:
+
+		- blog ᵐ
+		- staging ᵐ ˢ
+
+	ᵐ Mismatched
+	ˢ Self-signed
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.zscaler.com
+
+
+	Mixed content:
+
+		- css on blog from $self ᵐ
+		- Images on blog from $self ᵐ
+
+	ᵐ Not secured by us <= mismatched
+
+-->
+<ruleset name="Zscaler.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="zscaler.com" />
+	<target host="help.zscaler.com" />
+	<target host="trust.zscaler.com" />
+	<target host="www.zscaler.com" />
+	<target host="zmtr.zscaler.com" />
+
+	<!--	Complications:
+				-->
+	<target host="info.zscaler.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.zscaler\.com$" name="^(?:NO_CACHE|SimpleSAMLSessionID)$" /-->
+
+	<securecookie host="^\." name="^_gat?$" />
+	<securecookie host="^(?!info\.)\w" name=".+" />
+
+
+	<!--	Redirect drops forward slash and args:
+							-->
+	<rule from="^http://info\.zscaler\.com/+(?:\?.*)?$"
+		to="https://www.zscaler.com/" />
+
+		<test url="http://info.zscaler.com/?foo" />
+		<test url="http://info.zscaler.com/?bar" />
+
+	<rule from="^http://info\.zscaler\.com/"
+		to="https://na-abm.marketo.com/" />
+
+		<exclusion pattern="^http://info\.zscaler\.com/+(?!$|\?|css/|images/|rs/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://info.zscaler.com/GlobalStandardTemp.html" />
+			<test url="http://info.zscaler.com/GlobalStandardTemp.html?mkt_tok=" />
+			<test url="http://info.zscaler.com/IDCWebcastAug2012APAC.html" />
+			<test url="http://info.zscaler.com/IDCWebcastAug2012APAC.html?mkt_tok=" />
+			<test url="http://info.zscaler.com/UnsubscribePage.html" />
+			<test url="http://info.zscaler.com/UnsubscribePage.html?mkt_unsubscribe=1" />
+			<test url="http://info.zscaler.com/UnsubscribePage.html?mkt_unsubscribe=1&amp;mkt_tok=" />
+			<test url="http://info.zscaler.com/index.html" />
+
+			<!--	-ve:
+					-->
+			<test url="http://info.zscaler.com/css/mktLPSupport.css" />
+			<test url="http://info.zscaler.com/images/forms/backRequiredGray.gif" />
+
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/Zse.sk.xml b/src/chrome/content/rules/Zse.sk.xml
new file mode 100644
index 000000000000..19a1c0d543d7
--- /dev/null
+++ b/src/chrome/content/rules/Zse.sk.xml
@@ -0,0 +1,18 @@
+<!--
+	Nonfunctional hosts in *.zse.sk:
+
+	certificate mismatch:
+		- prodzz.zse.sk
+		- sutaz.zse.sk
+	connection refused:
+		- testzz.zse.sk
+		- www.testzz.zse.sk
+-->
+<ruleset name="Zse.sk">
+	<target host="zse.sk" />
+	<target host="www.zse.sk" />
+	<target host="podpora.zse.sk" />
+	<target host="skolenie.zse.sk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Zsim.de.xml b/src/chrome/content/rules/Zsim.de.xml
new file mode 100644
index 000000000000..fd89f21ac498
--- /dev/null
+++ b/src/chrome/content/rules/Zsim.de.xml
@@ -0,0 +1,31 @@
+<!--
+	Fully covered hosts:
+
+		- (www.)?
+
+
+	Insecure cookies are set for these hosts:
+
+		- zsim.de
+		- www.zsim.de
+
+-->
+<ruleset name="zsim.de">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="zsim.de" />
+	<target host="www.zsim.de" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?zsim\.de$" name="^csrftoken$" /-->
+
+	<securecookie host="^(?:www\.)?zsim\.de$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Zst.com.br.xml b/src/chrome/content/rules/Zst.com.br.xml
new file mode 100644
index 000000000000..5a4301f4e7ad
--- /dev/null
+++ b/src/chrome/content/rules/Zst.com.br.xml
@@ -0,0 +1,19 @@
+<!--
+	For other Zoom coverage, see Zoom.com.br.xml.
+
+-->
+<ruleset name="Zst.com.br">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="i1.zst.com.br" />
+	<target host="i2.zst.com.br" />
+	<target host="i3.zst.com.br" />
+	<target host="i4.zst.com.br" />
+	<target host="s.zst.com.br" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Zsz.ch.xml b/src/chrome/content/rules/Zsz.ch.xml
new file mode 100644
index 000000000000..f01fede96979
--- /dev/null
+++ b/src/chrome/content/rules/Zsz.ch.xml
@@ -0,0 +1,14 @@
+<!--
+	Mismatch:
+		- ebalance.zsz.ch
+ -->
+<ruleset name="Zsz.ch">
+	<target host="zsz.ch" />
+	<target host="www.zsz.ch" />
+	<target host="abo.zsz.ch" />
+	<target host="agenda.zsz.ch" />
+	<target host="epaper.zsz.ch" />
+	<target host="mobile2.zsz.ch" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Zt03.net.xml b/src/chrome/content/rules/Zt03.net.xml
new file mode 100644
index 000000000000..f6f58ee5137b
--- /dev/null
+++ b/src/chrome/content/rules/Zt03.net.xml
@@ -0,0 +1,22 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://secure.zt03.net/ => https://secure.zt03.net/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	(www.): shows secure
+
+
+	These altnames don't exist:
+
+		- www.secure.zt03.net
+
+-->
+<ruleset name="zt03.net (partial)" default_off="failed ruleset test">
+
+	<target host="secure.zt03.net" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Zueri_wie_neu.ch.xml b/src/chrome/content/rules/Zueri_wie_neu.ch.xml
new file mode 100644
index 000000000000..455872296ac0
--- /dev/null
+++ b/src/chrome/content/rules/Zueri_wie_neu.ch.xml
@@ -0,0 +1,16 @@
+<!--
+	Organisation und Informatik der Stadt Zuerich
+
+
+	^zueriwieneu.ch doesn't exist.
+
+-->
+<ruleset name="Zueri wie neu.ch">
+
+	<target host="www.zueriwieneu.ch" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Zugaina-mismatches.xml b/src/chrome/content/rules/Zugaina-mismatches.xml
index e1a3b8930867..d5dedc5c6269 100644
--- a/src/chrome/content/rules/Zugaina-mismatches.xml
+++ b/src/chrome/content/rules/Zugaina-mismatches.xml
@@ -1,14 +1,14 @@
 <!--
-	For rules that are on by default, see Zugaina.xml.
+	For other Zugaina coverage, see Zugaina.xml.
 
 -->
-<ruleset name="Zugaina (mismatches)" default_off="mismatched" platform="cacert mixedcontent">
+<ruleset name="Zugaina.com (partial)" default_off="mismatched">
 
 	<target host="zugaina.com" />
 	<target host="www.zugaina.com" />
 
 
-	<rule from="^http://(?:www\.)?zugaina\.com/"
-		to="https://zugaina.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Zugaina.org.xml b/src/chrome/content/rules/Zugaina.org.xml
new file mode 100644
index 000000000000..b7408d19823f
--- /dev/null
+++ b/src/chrome/content/rules/Zugaina.org.xml
@@ -0,0 +1,23 @@
+<!--
+	Invalid certificate:
+		zugaina.org
+		www.zugaina.org
+		blog.zugaina.org
+		distfiles.zugaina.org
+		linux.zugaina.org
+		roundcube.zugaina.org
+		xmpp.zugaina.org
+
+-->
+<ruleset name="Zugaina (partial)">
+
+	<target host="bgo.zugaina.org" />
+	<target host="gentoo.zugaina.org" />
+	<target host="gentoo-overlays.zugaina.org" />
+	<target host="gpo.zugaina.org" />
+	<target host="data.gpo.zugaina.org" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Zugaina.xml b/src/chrome/content/rules/Zugaina.xml
deleted file mode 100644
index 2eeff17b094c..000000000000
--- a/src/chrome/content/rules/Zugaina.xml
+++ /dev/null
@@ -1,40 +0,0 @@
-<!--
-	For problematic rules, see Zugaina-mismatches.xml.
-
-
-	Nonfunctional domains:
-
-		- commerce.zugaina.com	(shows www.zugaina.org; mismatched, CN: *.zugaina.org)
-
-		- zugaina.org subdomains:
-
-			- gentoo-overlays	(refused)
-			- gpo *
-			- linux *
-			- xerus
-
-	* Shows www
-
-
-	Problematic domains:
-
-		- (www.)zugaina.com	(works; mismatched, CN: *.zugaina.org)
-		- zugaina.org		(cert only matches *.zugaina.org)
-
-
-	yews.zugaina.org times out over http => status unknown.
-
--->
-<ruleset name="Zugaina (partial)" platform="cacert">
-
-	<target host="zugaina.org" />
-	<target host="*.zugaina.org" />
-
-
-	<rule from="^http://(?:www\.)?zugaina\.org/"
-		to="https://www.zugaina.org/" />
-
-	<rule from="^http://(blog|funtoo-portage|gentoo)\.zugaina\.org/"
-		to="https://$1.zugaina.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Zuger_Kantonalbank.xml b/src/chrome/content/rules/Zuger_Kantonalbank.xml
deleted file mode 100644
index 73a31d44bda2..000000000000
--- a/src/chrome/content/rules/Zuger_Kantonalbank.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<ruleset name="Zuger Kantonalbank">
-    <target host="zugerkb.ch" />
-    <target host="*.zugerkb.ch" />
-
-    <securecookie host="^(.*\.)?zugerkb\.ch$" name=".+" />
-
-    <rule from="^https?://zugerkb\.ch/"
-        to="https://www.zugerkb.ch/"/>
-    <rule from="^http://([^/:@]+)?\.zugerkb\.ch/"
-        to="https://$1.zugerkb.ch/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Zuhah.com.xml b/src/chrome/content/rules/Zuhah.com.xml
new file mode 100644
index 000000000000..8f920d11c80a
--- /dev/null
+++ b/src/chrome/content/rules/Zuhah.com.xml
@@ -0,0 +1,22 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://zuhah.com/ => https://zuhah.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://cdn.zuhah.com/ => https://cdn.zuhah.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.zuhah.com/ => https://www.zuhah.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+-->
+<ruleset name="Zuhah.com" default_off="failed ruleset test">
+
+	<target host="zuhah.com" />
+	<target host="cdn.zuhah.com" />
+	<target host="www.zuhah.com" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Zulius.com.xml b/src/chrome/content/rules/Zulius.com.xml
new file mode 100644
index 000000000000..ec706a24011e
--- /dev/null
+++ b/src/chrome/content/rules/Zulius.com.xml
@@ -0,0 +1,16 @@
+<!--
+	STS header includes includeSubdomains:
+
+-->
+<ruleset name="Zulius.com">
+
+	<target host="zulius.com" />
+	<target host="*.zulius.com" />
+
+		<test url="http://www.zulius.com/" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Zumzi.xml b/src/chrome/content/rules/Zumzi.xml
deleted file mode 100644
index 063fb1871be4..000000000000
--- a/src/chrome/content/rules/Zumzi.xml
+++ /dev/null
@@ -1,69 +0,0 @@
-<!--
-	Nonfunctional domains:
-
-		- zunzi.com subdomains:
-
-			- img *
-			- s **
-			- ss *
-
-		- afiliere.zumzi.ro *
-
-	* Dropped
-	** Redirects to www.zumzi.ro; mismatched, CN: www.zumzi.ro
-
-
-	Problematic domains:
-
-		- biz.zumzi.md		(works; mismatched, CN: www.zumzi.md)
-		- biz.zumzi.ro		(works; mismatched, CN: www.zumzi.ro)
-
-
-	Mixed content:
-
-		- Script, on www from:
-
-			- ss *
-			- maps.google.com **
-			- www.google.com **
-			- maps.googleapis.com **
-			- maps.gstatic.com **
-
-		- css on www from ss *
-
-		- Images, on www from:
-
-			- img *
-			- s *
-			- www.google.com **
-			- mt[01].googleapis.com **
-			- maps.gstatic.com **
-
-		- Ads/web bugs, on www from:
-
-			- afiliere *
-			- www.google.com **
-			- www.googleadservices.com **
-
-	* Unsecurable
-	** Secured by us
-
-
-	NB: We cannot remove platform until an alternative
-	path for ss scripts and css is provided/found.
-
--->
-<ruleset name="Zumzi (partial)" platform="mixedcontent">
-
-	<target host="zumzi.*" />
-	<target host="*.zumzi.md" />
-	<target host="*.zumzi.ro" />
-
-
-	<securecookie host="^(?:www)?\.zumzi\.(?:md|ro)$" name=".+" />
-
-
-	<rule from="^http://(www\.)?zumzi\.(md|ro)/"
-		to="https://$1zumzi.$2/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Zurcher_Kantonalbank.xml b/src/chrome/content/rules/Zurcher_Kantonalbank.xml
deleted file mode 100644
index 6cbef095bb41..000000000000
--- a/src/chrome/content/rules/Zurcher_Kantonalbank.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<ruleset name="Zürcher Kantonalbank">
-    <target host="zkb.ch" />
-    <target host="*.zkb.ch" />
-    <target host="zkb.is-teledata.ch" />
-
-    <securecookie host="^(.*\.)?zkb\.ch$" name=".+" />
-
-    <rule from="^https?://zkb\.ch/"
-        to="https://www.zkb.ch/"/>
-    <rule from="^http://([^/:@]+\.)?zkb\.ch/"
-        to="https://$1zkb.ch/" />
-
-    <rule from="^https?://zkb\.is-teledata\.ch/"
-        to="https://zkb.is-teledata.ch/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Zuse-Crew.de.xml b/src/chrome/content/rules/Zuse-Crew.de.xml
new file mode 100644
index 000000000000..4053b6433bed
--- /dev/null
+++ b/src/chrome/content/rules/Zuse-Crew.de.xml
@@ -0,0 +1,23 @@
+<!--
+	Mixed content:
+
+		- css from fonts.googleapis.com *
+		- Images from $self *
+		- Ads from $self *
+
+	* Secured by us
+
+-->
+<ruleset name="Zuse-Crew.de">
+
+	<target host="zuse-crew.de" />
+	<target host="www.zuse-crew.de" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Zwame.pt.xml b/src/chrome/content/rules/Zwame.pt.xml
index cd7d927e0f5a..a6be8a6191a3 100644
--- a/src/chrome/content/rules/Zwame.pt.xml
+++ b/src/chrome/content/rules/Zwame.pt.xml
@@ -1,6 +1,28 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+		- mailsrv.zwame.pt
+
+		SSL peer certificate was not OK:
+		- go.zwame.pt
+-->
 <ruleset name="Zwame.pt">
-  <target host="zwame.pt" />
-  <target host="www.zwame.pt" />
+	<target host="zwame.pt" />
+	<target host="www.zwame.pt" />
+	<target host="cdn.zwame.pt" />
+	<target host="comparador.zwame.pt" />
+	<target host="comparador-click.zwame.pt" />
+	<target host="forum.zwame.pt" />
+	<target host="img.zwame.pt" />
+	<target host="jogos.zwame.pt" />
+	<target host="magazine.zwame.pt" />
+	<target host="nperf.zwame.pt" />
+	<target host="podcast.zwame.pt" />
+	<target host="portal.zwame.pt" />
+	<target host="pr.zwame.pt" />
+	<target host="showcasept.zwame.pt" />
+	<target host="static.zwame.pt" />
+	<target host="zcp.zwame.pt" />
 
-  <rule from="^http://(www\.)?zwame\.pt/" to="https://www.zwame.pt/" />
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Zwiebelfreunde.de.xml b/src/chrome/content/rules/Zwiebelfreunde.de.xml
new file mode 100644
index 000000000000..7fee6dd92d0d
--- /dev/null
+++ b/src/chrome/content/rules/Zwiebelfreunde.de.xml
@@ -0,0 +1,6 @@
+<ruleset name="Zwiebelfreunde.de">
+	<target host="zwiebelfreunde.de" />
+	<target host="www.zwiebelfreunde.de" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Zwmail.de.xml b/src/chrome/content/rules/Zwmail.de.xml
new file mode 100644
index 000000000000..dbd697a6b6a1
--- /dev/null
+++ b/src/chrome/content/rules/Zwmail.de.xml
@@ -0,0 +1,33 @@
+<!--
+	For other Zählwerk coverage, see Zaehlwerk.net.xml.
+
+
+	www.zwmail.de: Mismatched
+
+-->
+<ruleset name="Zwmail.de">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="zwmail.de" />
+
+	<!--	Complications:
+				-->
+	<target host="www.zwmail.de" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<!--	Redirect drops forward slash
+		and path, but not args:
+					-->
+	<rule from="^http://www\.zwmail\.de/[^?]*"
+		to="https://www.zaehlwerk.net/" />
+
+		<test url="http://www.zwmail.de/index.php" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Zylom.com.xml b/src/chrome/content/rules/Zylom.com.xml
new file mode 100644
index 000000000000..a29845df4a22
--- /dev/null
+++ b/src/chrome/content/rules/Zylom.com.xml
@@ -0,0 +1,59 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://media.zylom.com/ => https://media.zylom.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://secure2.zylom.com/ => https://secure2.zylom.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://cdn.media.zylom.com/ => https://media.zylom.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	CDN buckets:
+
+		- gamehouse.http.internapcdn.net
+
+			- cdn.media
+
+
+	Problematic hosts in *zylom.com:
+
+		- (www.)? ᶜ
+		- cdn.media *
+
+	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
+	* 403; mismatched, CN: *.https.internapcdn.net
+
+
+	Mixed content:
+
+		- css, on:
+
+			- www from cdn.ghstatic.com *
+			- www from fonts.googleapis.com *
+
+		- Images, on:
+
+			- www from cdn.ghstatic.com *
+			- www from cdn.media.zylom.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Zylom.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<!--target host="zylom.com" /-->
+	<target host="media.zylom.com" />
+	<target host="secure2.zylom.com" />
+	<!--target host="www.zylom.com" /-->
+
+	<!--	Complications:
+				-->
+	<target host="cdn.media.zylom.com" />
+
+
+	<rule from="^http://cdn\.media\.zylom\.com/"
+		to="https://media.zylom.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Zylon.net.xml b/src/chrome/content/rules/Zylon.net.xml
index 6b3e82388955..21001c0a8d4d 100644
--- a/src/chrome/content/rules/Zylon.net.xml
+++ b/src/chrome/content/rules/Zylon.net.xml
@@ -1,23 +1,6 @@
-<!--
-	Zylon Internet Services
-
-
-	Mixed content:
-
-		- css on (www.) from www *
-
-		- Images on (www.) from www *
-
-	* Secured by us
-
--->
-<ruleset name="Zylon.net (false MCB)" platform="mixedcontent">
-
+<ruleset name="Zylon.net (partial)">
 	<target host="zylon.net" />
 	<target host="www.zylon.net" />
 
-
-	<rule from="^http://(www\.)?zylon\.net/"
-		to="https://$1zylon.net/" />
-
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Zynga.tm.xml b/src/chrome/content/rules/Zynga.tm.xml
new file mode 100644
index 000000000000..ddac84d71bf5
--- /dev/null
+++ b/src/chrome/content/rules/Zynga.tm.xml
@@ -0,0 +1,25 @@
+<!--
+	For other Zynga coverage, see Zynga.xml.
+
+
+	Insecure cookies are set for these domains:
+
+		- .zynga.tm
+
+-->
+<ruleset name="Zynga.tm" default_off="mismatched">
+
+	<target host="zynga.tm" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.zynga\.tm$" name="^snowball$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Zynga.xml b/src/chrome/content/rules/Zynga.xml
index 94dd2a8cb0b2..e30b646057d2 100644
--- a/src/chrome/content/rules/Zynga.xml
+++ b/src/chrome/content/rules/Zynga.xml
@@ -1,38 +1,52 @@
 <!--
+	Other Zynga rulesets:
+
+		- Zynga.tm.xml
+		- Zynga_Player_Support.com.xml
+
+
 	CDN buckets:
 
 		- zynga1-a.akamaihd.net
 		- zynga2-a.akamaihd.net
 
 
-	Nonfunctional zynga.com subdomains:
+	Nonfunctional hosts in *zynga.com:
 
-		- forums
-		- productblog	(times out; 302s to zyngablog.typepad.com/zynga/ over http)
-		- support	(cert: slotmatching7.salesforce.com; 301s to http)
+		- forums ʳ
+		- investor ᵈ
+		- productblog ᵈ
 
--->
-<ruleset name="Zynga (partial)">
+	ʳ Refused
+	ᵈ Dropped
 
-	<target host="userimages.static.zgncdn.com" />
-	<target host="zynga.com" />
-	<target host="*.zynga.com" />
 
+	Problematic hosts in *zynga.com:
+
+		- blog ᵐ
+
+	ᵐ Mismatched
 
-	<!--	Cross-domain cookies appear to be used only on (www.).
-									-->
-	<securecookie host="^\.zynga\.com$" name=".*" />
+
+	Mixed content:
+
+		- Image on blog from $self
+
+-->
+<ruleset name="Zynga.com (partial)">
+
+	<target host="zynga.com" />
+	<target host="company.zynga.com" />
+	<target host="support.zynga.com" />
+	<target host="www.zynga.com" />
 
 
-	<rule from="^http://userimages\.static\.zgncdn\.com/"
-		to="https://userimages.static.zgncdn.com/" />
+	<!--	Wildcard cookies appear to be used only on (www.)?
+								-->
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(www\.)?zynga\.com/"
-		to="https://$1zynga.com/" />
 
-	<!--	At least some pages 302 to http.
-						-->
-	<rule from="^http://company\.zynga\.com/(img|nfs|sites)/"
-		to="https://company.zynga.com/$1/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Zynga_Player_Support.com.xml b/src/chrome/content/rules/Zynga_Player_Support.com.xml
new file mode 100644
index 000000000000..dfdb1d788244
--- /dev/null
+++ b/src/chrome/content/rules/Zynga_Player_Support.com.xml
@@ -0,0 +1,14 @@
+<!--
+	For other Zynga coverage, see Zynga.xml.
+
+-->
+<ruleset name="Zynga Player Support.com">
+
+	<target host="zyngaplayersupport.com" />
+	<target host="www.zyngaplayersupport.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/aaau.org.xml b/src/chrome/content/rules/aaau.org.xml
new file mode 100644
index 000000000000..20ece7e500e0
--- /dev/null
+++ b/src/chrome/content/rules/aaau.org.xml
@@ -0,0 +1,31 @@
+<!--
+	Other American Arbitration Association rulesets:
+
+		- adr.org.xml
+		- adreducation.org.xml
+
+
+	Insecure cookies are set for these hosts:
+
+		- aaau.org
+		- www.aaau.org
+
+-->
+<ruleset name="AAAU.org">
+
+	<target host="aaau.org" />
+	<target host="www.aaau.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^aaau\.org$" name="^TS[\da-f]{8}$" /-->
+	<!--securecookie host="^www\.aaau\.org$" name="^(?:ASP\.NET_SessionId|TS[\da-f]{8})$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/aab.ru.xml b/src/chrome/content/rules/aab.ru.xml
new file mode 100644
index 000000000000..8eca16583756
--- /dev/null
+++ b/src/chrome/content/rules/aab.ru.xml
@@ -0,0 +1,15 @@
+<!--
+ns1.aab.ru ¹
+ns2.aab.ru ²
+whois.aab.ru ¹
+
+
+¹ mismatch
+² refused
+-->
+<ruleset name="aab.ru">
+	<target host="aab.ru" />
+	<target host="www.aab.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/aabbir.com.xml b/src/chrome/content/rules/aabbir.com.xml
new file mode 100644
index 000000000000..cba0ee1179ff
--- /dev/null
+++ b/src/chrome/content/rules/aabbir.com.xml
@@ -0,0 +1,12 @@
+<!--
+	Redirects to HTTP:
+		video.aabbir.com
+-->
+<ruleset name="aabbir.com">
+	<target host="aabbir.com" />
+	<target host="www.aabbir.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/aarresaari.net.xml b/src/chrome/content/rules/aarresaari.net.xml
new file mode 100644
index 000000000000..3145438c4be5
--- /dev/null
+++ b/src/chrome/content/rules/aarresaari.net.xml
@@ -0,0 +1,8 @@
+<ruleset name="aarresaari.net">
+	<target host="aarresaari.net" />
+	<target host="www.aarresaari.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ab4all.com.xml b/src/chrome/content/rules/ab4all.com.xml
new file mode 100644
index 000000000000..e6aa5d2a2f19
--- /dev/null
+++ b/src/chrome/content/rules/ab4all.com.xml
@@ -0,0 +1,29 @@
+<!--
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- ab4all.com
+		- .npjnb.ab4all.com
+		- www.ab4all.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="ab4all.com">
+
+	<target host="ab4all.com" />
+	<target host="npjnb.ab4all.com" />
+	<target host="www.ab4all.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?ab4all\.com$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^\.npjnb\.ab4all\.com$" name="^tid$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/abbott.com.xml b/src/chrome/content/rules/abbott.com.xml
new file mode 100644
index 000000000000..bd998af4df45
--- /dev/null
+++ b/src/chrome/content/rules/abbott.com.xml
@@ -0,0 +1,11 @@
+<!--
+	Mismatched:
+		^
+-->
+<ruleset name="abbott.com (partial)">
+	<target host="www.abbott.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/abc.se.xml b/src/chrome/content/rules/abc.se.xml
new file mode 100644
index 000000000000..f95fbb3c2b29
--- /dev/null
+++ b/src/chrome/content/rules/abc.se.xml
@@ -0,0 +1,18 @@
+<!--
+	Invalid Security Certificate:
+		violet.abc.se
+		webkom.abc.se
+-->
+<ruleset name="abc.se (partial)">
+	<target host="abc.se" />
+	<target host="www.abc.se" />
+	<target host="bele.abc.se" />
+	<target host="etna.abc.se" />
+	<target host="webmail.abc.se" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://abc\.se/" to="https://www.abc.se/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/aberystwythartscentre.co.uk.xml b/src/chrome/content/rules/aberystwythartscentre.co.uk.xml
new file mode 100644
index 000000000000..ee63769c3014
--- /dev/null
+++ b/src/chrome/content/rules/aberystwythartscentre.co.uk.xml
@@ -0,0 +1,8 @@
+<ruleset name="Aberystwyth Arts Centre.co.uk">
+	<target host="aberystwythartscentre.co.uk" />
+	<target host="www.aberystwythartscentre.co.uk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/abestpremium.com.xml b/src/chrome/content/rules/abestpremium.com.xml
new file mode 100644
index 000000000000..06d6ee81abd6
--- /dev/null
+++ b/src/chrome/content/rules/abestpremium.com.xml
@@ -0,0 +1,28 @@
+<!--
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- abestpremium.com
+		- .abestpremium.com
+		- www.abestpremium.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="A Best Premium.com" default_off="expired, untrusted root">
+
+	<target host="abestpremium.com" />
+	<target host="www.abestpremium.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?abestpremium\.com$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^\.abestpremium\.com$" name="^(?:currency|language)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/abload.de.xml b/src/chrome/content/rules/abload.de.xml
new file mode 100644
index 000000000000..9450eaba594f
--- /dev/null
+++ b/src/chrome/content/rules/abload.de.xml
@@ -0,0 +1,36 @@
+<!--
+	Invalid certificate:
+		h1.abload.de
+		h2.abload.de
+		...
+		h19.abload.de
+		pool.abload.de
+
+-->
+
+<ruleset name="abload.de (partial)">
+	<target host="abload.de" />
+		<test url="http://abload.de/login.php" />
+		<test url="http://abload.de/register.php" />
+		<test url="http://abload.de/spenden.php" />
+		<test url="http://abload.de/spenden_en.php" />
+		<test url="http://abload.de/img/128px-https_everywherwps4q.png" />
+		<test url="http://abload.de/thumb/128px-https_everywherwps4q.png" />
+		<test url="http://abload.de/res/styles/main.css" />
+		<exclusion pattern="^http://abload\.de/$" />
+	<target host="www.abload.de" />
+		<test url="http://www.abload.de/login.php" />
+		<test url="http://www.abload.de/register.php" />
+		<test url="http://www.abload.de/spenden.php" />
+		<test url="http://www.abload.de/spenden_en.php" />
+		<test url="http://www.abload.de/img/128px-https_everywherwps4q.png" />
+		<test url="http://www.abload.de/thumb/128px-https_everywherwps4q.png" />
+		<test url="http://www.abload.de/res/styles/main.css" />
+		<exclusion pattern="^http://www\.abload\.de/$" />
+
+	<!-- most files within root directory (index.php, dateien.php, tool.php,
+	blog.php, hilfe.php, contact.php, legal.php, team.php, partner.php,
+	embedding.php, partner.php and jobs.php) redirect to http -->
+	<rule from="^http://(www\.)?abload\.de/(login\.php|register\.php|spenden\.php|spenden_en\.php|img/|res/|thumb/)"
+		to="https://$1abload.de/$2" />
+</ruleset>
diff --git a/src/chrome/content/rules/abma.de.xml b/src/chrome/content/rules/abma.de.xml
new file mode 100644
index 000000000000..2099e621b990
--- /dev/null
+++ b/src/chrome/content/rules/abma.de.xml
@@ -0,0 +1,24 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+			 - mail.abma.de
+
+		SSL peer certificate was not OK:
+			 - www.abma.de
+
+		Peer certificate cannot be authenticated with given CA certificates:
+			 - ssl.abma.de
+-->
+<ruleset name="abma.de">
+	<target host="abma.de" />
+	<target host="www.abma.de" />
+	<target host="ssl.abma.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://(www\.|ssl\.)abma\.de/"
+			to="https://abma.de/" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/abookapart.com.xml b/src/chrome/content/rules/abookapart.com.xml
new file mode 100644
index 000000000000..23375d80e131
--- /dev/null
+++ b/src/chrome/content/rules/abookapart.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- abookapart.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="A Book Apart.com">
+
+	<target host="abookapart.com" />
+	<target host="www.abookapart.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^abookapart\.com$" name="^(?:_landing_page|_orig_referrer|cart_sig)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/about.com.xml b/src/chrome/content/rules/about.com.xml
new file mode 100644
index 000000000000..e373ebfabb63
--- /dev/null
+++ b/src/chrome/content/rules/about.com.xml
@@ -0,0 +1,58 @@
+<!--
+	For rules causing false/broken MCB, see about.com-falsemixed.xml.
+
+
+	(www.)?about.com: refused
+
+
+	Problematic hosts in *about.com:
+
+		- index ᵐ
+
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- .about.com
+		- www.index.about.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Images on mediakit from $self ˢ
+		- Bug on mediakit from bcp.crwdcntrl.net ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="About.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.index.about.com" />
+	<target host="mediakit.about.com" />
+
+	<!--	Complications:
+				-->
+	<target host="index.about.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.about\.com$" name="^(?:ucs?|user)$" /-->
+	<!--securecookie host="^www\.index\.about\.com$" name="^[\da-f]{32}$" /-->
+
+	<securecookie host="^\." name="^_ga" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://index\.about\.com/"
+		to="https://www.index.about.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/abpchina.org.xml b/src/chrome/content/rules/abpchina.org.xml
new file mode 100644
index 000000000000..2c83a7ae36cb
--- /dev/null
+++ b/src/chrome/content/rules/abpchina.org.xml
@@ -0,0 +1,12 @@
+<ruleset name="abpchina.org" platform="mixedcontent">
+	<target host="abpchina.org" />
+	<target host="www.abpchina.org" />
+
+	<!-- Redirect to http: -->
+	<exclusion pattern="^http://abpchina\.org/forum/portal\.php\?mod=list&amp;catid=\d+" />
+		<test url="http://abpchina.org/forum/portal.php?mod=list&amp;catid=3" />
+		<test url="http://abpchina.org/forum/portal.php?mod=list&amp;catid=5" />
+		<test url="http://abpchina.org/forum/portal.php?mod=list&amp;catid=6" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/abuledu.org.xml b/src/chrome/content/rules/abuledu.org.xml
new file mode 100644
index 000000000000..3d24a5daaf05
--- /dev/null
+++ b/src/chrome/content/rules/abuledu.org.xml
@@ -0,0 +1,16 @@
+<!--livres. mismatch
+ftp. timed out-->
+<ruleset name="abuledu.org">
+	<target host="abuledu.org" />
+	<target host="www.abuledu.org" />
+	<target host="data.abuledu.org" />
+	<target host="raconte-moi.abuledu.org" />
+	<target host="videos.abuledu.org" />
+	<target host="planete.abuledu.org" />
+	<target host="thesaurus.abuledu.org" />
+	<target host="docs.abuledu.org" />
+	<target host="abcd.abuledu.org" />
+	<target host="bd.abuledu.org" />
+	<target host="opentablet.abuledu.org" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/abuse.net.xml b/src/chrome/content/rules/abuse.net.xml
new file mode 100644
index 000000000000..6cf6a3f1c865
--- /dev/null
+++ b/src/chrome/content/rules/abuse.net.xml
@@ -0,0 +1,8 @@
+<ruleset name="abuse.net">
+  <target host="abuse.net"/><!-- wrong cert: CN=www.abuse.net -->
+  <target host="www.abuse.net"/>
+  <target host="verify.abuse.net"/><!-- used for links in confirmation emails after submitting database updates -->
+
+  <rule from="^http://abuse\.net/" to="https://www.abuse.net/"/>
+  <rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/abw.blue.xml b/src/chrome/content/rules/abw.blue.xml
new file mode 100644
index 000000000000..b0d2ef9a955f
--- /dev/null
+++ b/src/chrome/content/rules/abw.blue.xml
@@ -0,0 +1,17 @@
+<!--
+	Invalid certificate:
+		ftp.abw.blue
+		imap.abw.blue
+		mail.abw.blue
+		pop3.abw.blue
+		smtp.abw.blue
+	
+	Refused:
+		autodiscover.abw.blue
+-->
+<ruleset name="abw.blue">
+	<target host="abw.blue" />
+	<target host="www.abw.blue" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/academ.info.xml b/src/chrome/content/rules/academ.info.xml
new file mode 100644
index 000000000000..4b744e886d2a
--- /dev/null
+++ b/src/chrome/content/rules/academ.info.xml
@@ -0,0 +1,40 @@
+<!--
+	Invalid certificate:
+		dev.academ.info
+		dev2.academ.info
+		storage.academ.info
+
+	Time out:
+		stat.academ.info
+-->
+<ruleset name="academ.info">
+	<target host="academ.info" />
+	<target host="www.academ.info" />
+	<target host="academbanner.academ.info" />
+	<target host="www.academbanner.academ.info" />
+	<target host="banner1.academ.info" />
+	<target host="forum.academ.info" />
+	<target host="www.forum.academ.info" />
+	<target host="job.academ.info" />
+	<target host="www.job.academ.info" />
+	<target host="ladies.academ.info" />
+	<target host="m.ladies.academ.info" />
+	<target host="www.ladies.academ.info" />
+	<target host="lao.academ.info" />
+	<target host="m.academ.info" />
+	<target host="navigline.academ.info" />
+	<target host="www.navigline.academ.info" />
+	<target host="pets.academ.info" />
+	<target host="www.pets.academ.info" />
+	<target host="phpma.academ.info" />
+	<target host="pix.academ.info" />
+	<target host="www.pix.academ.info" />
+	<target host="reklama.academ.info" />
+	<target host="www.reklama.academ.info" />
+	<target host="wl.academ.info" />
+	<target host="yadro.academ.info" />
+	<target host="www.yadro.academ.info" />
+
+	<rule from="^http://www\.academ\.info/" to="https://academ.info/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/acast.com.xml b/src/chrome/content/rules/acast.com.xml
new file mode 100644
index 000000000000..d3a8950da1ae
--- /dev/null
+++ b/src/chrome/content/rules/acast.com.xml
@@ -0,0 +1,24 @@
+<!--
+	Timeout:
+		- ^
+
+	Mismatched:
+		- status
+
+	HTTP != HTTPS (due to link signatures):
+		- stitcher
+-->
+<ruleset name="acast.com">
+	<target host="acast.com" />
+	<target host="www.acast.com" />
+	<target host="ads-creative-cdn.acast.com" />
+	<target host="embed.acast.com" />
+	<target host="flex.acast.com" />
+	<target host="media.acast.com" />
+	<target host="rss.acast.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://acast\.com/" to="https://www.acast.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/accel-ppp.org.xml b/src/chrome/content/rules/accel-ppp.org.xml
new file mode 100644
index 000000000000..0414ee8e753e
--- /dev/null
+++ b/src/chrome/content/rules/accel-ppp.org.xml
@@ -0,0 +1,13 @@
+<ruleset name="Accel-PPP.org">
+
+	<target host="accel-ppp.org" />
+	<target host="www.accel-ppp.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/accelus.com.xml b/src/chrome/content/rules/accelus.com.xml
new file mode 100644
index 000000000000..08ac3bc7761c
--- /dev/null
+++ b/src/chrome/content/rules/accelus.com.xml
@@ -0,0 +1,30 @@
+<!--
+	For other Thomson Reuters coverage, see Thomson-Reuters.xml.
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- orgid.accelus.com
+		- regint.accelus.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="accelus.com">
+
+	<target host="app.accelus.com" />
+	<target host="orgid.accelus.com" />
+	<target host="regint.accelus.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:orgid|regint)\.accelus\.com$" name="^BIGipServer" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/accessedge.com.xml b/src/chrome/content/rules/accessedge.com.xml
new file mode 100644
index 000000000000..ebba144c0157
--- /dev/null
+++ b/src/chrome/content/rules/accessedge.com.xml
@@ -0,0 +1,52 @@
+<!--
+	For other Bank of New York Mellon coverage, see bnymellon.com.xml.
+
+
+	Problematic hosts in *accessedge.com:
+
+		- www * ᶜ
+		- www1 * ᶜ
+		- www2 * ᶜ
+
+	* Redirect differs
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.accessedge.com
+		- www1.accessedge.com
+		- www2.accessedge.com
+
+-->
+<ruleset name="AccessEdge.com" default_off="cert-chain">
+
+	<!--	Complications:
+				-->
+	<target host="www.accessedge.com" />
+	<target host="www1.accessedge.com" />
+	<target host="www2.accessedge.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www[12]?\.accessedge\.com$" name="^(?:BIGipServer|JSESSIONID|TS[\da-f]+)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<!--	Redirect drops all:
+					-->
+	<rule from="^http://www1?\.accessedge\.com/.*"
+		to="https://www1.accessedge.com/" />
+
+		<test url="http://www.accessedge.com/default.aspx" />
+		<test url="http://www1.accessedge.com/index.htm" />
+
+	<!--	Redirect drops all:
+					-->
+	<rule from="^http://www2\.accessedge\.com/.*"
+		to="https://www2.accessedge.com/" />
+
+		<test url="http://www2.accessedge.com/default.aspx" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/accessify.com.xml b/src/chrome/content/rules/accessify.com.xml
new file mode 100644
index 000000000000..676a2fb4bcc5
--- /dev/null
+++ b/src/chrome/content/rules/accessify.com.xml
@@ -0,0 +1,15 @@
+<ruleset name="accessify.com">
+
+	<target host="accessify.com" />
+	<target host="www.accessify.com" />
+	<target host="pic.accessify.com" />
+
+		<test url="http://pic.accessify.com/thumbnails/320x245/s/soapspoiler.de.png" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/achaea.xml b/src/chrome/content/rules/achaea.xml
new file mode 100644
index 000000000000..5a5cc181f10c
--- /dev/null
+++ b/src/chrome/content/rules/achaea.xml
@@ -0,0 +1,5 @@
+<ruleset name="Achaea">
+    <target host="achaea.com" />
+    <target host="www.achaea.com" />
+    <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/achieveservice.com.xml b/src/chrome/content/rules/achieveservice.com.xml
new file mode 100644
index 000000000000..2031444a231a
--- /dev/null
+++ b/src/chrome/content/rules/achieveservice.com.xml
@@ -0,0 +1,35 @@
+<!--
+	For other Firmstep coverage, see firmstep.com.xml.
+
+
+	Insecure cookies are set for these hosts:
+
+		- (client_vhost).achieveservice.com
+
+-->
+<ruleset name="achieveservice.com">
+
+	<target host="bracknell-forest.achieveservice.com" />
+	<target host="n-kesteven-ss.achieveservice.com" />
+	<target host="nederbyshire-ss.achieveservice.com" />
+	<target host="northhertfordshire-self.achieveservice.com" />
+	<target host="northlincs-self.achieveservice.com" />
+	<target host="nwleics-self.achieveservice.com" />
+	<target host="ombudsman.achieveservice.com" />
+	<target host="plymouth-self.achieveservice.com" />
+	<target host="scarborough-self.achieveservice.com" />
+	<target host="self.achieveservice.com" />
+	<target host="southribble-ss.achieveservice.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(client_vhost)\.achieveservice\.com$" name="^AWSELB$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/acme.com.xml b/src/chrome/content/rules/acme.com.xml
new file mode 100644
index 000000000000..f62d818b7f5f
--- /dev/null
+++ b/src/chrome/content/rules/acme.com.xml
@@ -0,0 +1,33 @@
+<!--
+	Disabled by https-everywhere-checker because:
+		Fetch error: http://rr.acme.com/ => https://rr.acme.com/: (6, 'Could not resolve host: rr.acme.com')
+		Fetch error: http://mail.rr.acme.com/ => https://mail.rr.acme.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+		Fetch error: http://www.rr.acme.com/ => https://www.rr.acme.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	Invalid certificate:
+		burner.acme.com
+		patton.acme.com
+		ftp.patton.acme.com
+		mail.patton.acme.com
+		www.patton.acme.com
+
+	Refused:
+		beepbeep.acme.com
+		broadcast.acme.com
+		music.acme.com
+		www.music.acme.com
+
+	Time out:
+		dns1-charta.acme.com
+		watches.acme.com
+
+	Unreachable:
+		gate6.acme.com
+-->
+<ruleset name="acme.com">
+	<target host="acme.com" />
+	<target host="www.acme.com" />
+	<target host="root.acme.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/acmp.ru.xml b/src/chrome/content/rules/acmp.ru.xml
new file mode 100644
index 000000000000..f824f1ac2b1a
--- /dev/null
+++ b/src/chrome/content/rules/acmp.ru.xml
@@ -0,0 +1,21 @@
+<!--
+	Mismatched:
+		- bsn
+		- c
+		- chat
+		- d
+		- dp
+		- julia
+		- m
+
+	HTTP =/= HTTPS:
+		- www
+-->
+<ruleset name="acmp.ru">
+	<target host="acmp.ru" />
+	<target host="www.acmp.ru" />
+	<target host="w.acmp.ru" />
+
+	<rule from="^http://www\.acmp\.ru/" to="https://acmp.ru/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/act-on.co.uk.xml b/src/chrome/content/rules/act-on.co.uk.xml
new file mode 100644
index 000000000000..11ecc9ef160f
--- /dev/null
+++ b/src/chrome/content/rules/act-on.co.uk.xml
@@ -0,0 +1,22 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://act-on.co.uk/ => https://act-on.co.uk/: (28, 'Connection timed out after 20000 milliseconds')
+
+	For other Act-On Software coverage, see act-on.com.xml.
+
+-->
+<ruleset name="Act-On.co.uk" default_off="failed ruleset test">
+
+	<target host="act-on.co.uk" />
+	<target host="www.act-on.co.uk" />
+
+
+	<securecookie host="^\." name="^(?:_gat?$|_gat_|optimizely)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/act.org.xml b/src/chrome/content/rules/act.org.xml
new file mode 100644
index 000000000000..3c49bddadef2
--- /dev/null
+++ b/src/chrome/content/rules/act.org.xml
@@ -0,0 +1,205 @@
+<!--
+	Invalid certificate:
+		email.act.org
+		go.act.org
+		hfms.act.org
+		www.hfms.act.org
+		hfms-dev.act.org
+		hfms-test.act.org
+		intl.act.org
+		media.act.org
+		pages.operations.act.org
+		research.act.org
+		share.act.org
+		signin.act.org
+		statetesting.act.org
+		success-dev.act.org
+		success-test.act.org
+		success-stress.act.org
+		webmail.rumpire.wisdomweb.ru
+
+	Redirect to HTTP:
+		forms.act.org
+		pages.act.org
+		services.act.org
+
+	Refused:
+		www.act-remote.act.org
+		acthighered.act.org
+		actrs10.act.org
+		actrs11.act.org
+		api.act.org
+		api-stress.act.org
+		applications-stress.act.org
+		assessmentplanner.act.org
+		autodiscover.act.org
+		commonscoring.act.org
+		csservices-stress.act.org
+		ebsprd1-fin.act.org
+		engage.act.org
+		ewk-stress.act.org
+		forms-stress.act.org
+		g3test.act.org
+		internalapps.act.org
+		internalapps-test.act.org
+		internalapps-stress.act.org
+		leadershipblog.act.org
+		list.act.org
+		localhost.operations.act.org
+		prubs001.act.org
+		publisher.act.org
+		www.readiness.act.org
+		www.readiness-stress.act.org
+		www.remote.act.org
+		rsp-stress.act.org
+		skillprostress.act.org
+		scoringservices-stress.act.org
+		stubs001.act.org
+		teubs001.act.org
+		www.tutorcertification.act.org
+		validus.act.org
+		vtc-stress.act.org
+		vtcinternal.act.org
+		vtcinternal-stress.act.org
+		vtcpublishingstress.act.org
+
+	Time out:
+		acs.act.org
+		actappsstress.act.org
+		acs-stress.act.org
+		actwebsys21.act.org
+		api-dev.act.org
+		api-test.act.org
+		csapis-stress.act.org
+		ebsstr1-fin.act.org
+		ebsstr1-sws.act.org
+		email.onlineprep.act.org
+		ewk.act.org
+		firepass.act.org
+		ftp04.act.org
+		g3stress.act.org
+		inusmtp01.act.org
+		inusmtp02.act.org
+		inusmtp03.act.org
+		inusmtp04.act.org
+		inwav06.act.org
+		operations.act.org
+		click.operations.act.org
+		mta.operations.act.org
+		my-dev.act.org
+		myworkkeysstress.act.org
+		pse-stress2.act.org
+		scorestress.act.org
+		sftp.act.org
+		skillpro-test.act.org
+		skillprotest.act.org
+		smtp01.act.org
+		smtp02.act.org
+		srps-stress.act.org
+		storefront.act.org
+		support.act.org
+		taa-dev.act.org
+		tcm-dev.act.org
+		tess.act.org
+		testadministration-stress.act.org
+		testregistration-stress.act.org
+
+	Unsupported protocol:
+		smtp.act.org
+-->
+<ruleset name="act.org">
+	<target host="act.org" />
+	<target host="www.act.org" />
+	<target host="academy.act.org" />
+	<target host="accgwy.act.org" />
+	<target host="ace.act.org" />
+	<target host="act-remote.act.org" />
+	<target host="actacademy.act.org" />
+	<target host="actapps.act.org" />
+	<target host="actiam.act.org" />
+	<target host="actiam-stress.act.org" />
+	<target host="tn.actonline.act.org" />
+	<target host="training.actonline.act.org" />
+	<target host="agile.act.org" />
+	<target host="agile-np.act.org" />
+	<target host="api-tn.actonline.act.org" />
+	<target host="analytics.act.org" />
+	<target host="analytics-stress.act.org" />
+	<target host="api2.act.org" />
+	<target host="api2-dev.act.org" />
+	<target host="api2-test.act.org" />
+	<target host="api2-stress.act.org" />
+	<target host="api3.act.org" />
+	<target host="api3-dev.act.org" />
+	<target host="api3-test.act.org" />
+	<target host="api3-stress.act.org" />
+	<target host="api4.act.org" />
+	<target host="api4-dev.act.org" />
+	<target host="api4-stress.act.org" />
+	<target host="api5.act.org" />
+	<target host="api5-dev.act.org" />
+	<target host="api5-sandbox.act.org" />
+	<target host="api5-stress.act.org" />
+	<target host="api5-test.act.org" />
+	<target host="applications.act.org" />
+	<target host="aspire.act.org" />
+	<target host="training.aspire.act.org" />
+	<target host="author-prod.act.org" />
+	<target host="commonscoring-stress.act.org" />
+	<target host="content.act.org" />
+	<target host="csapis.act.org" />
+	<target host="discoverer.act.org" />
+	<target host="equityinlearning.act.org" />
+	<target host="forms.act.org" />
+	<target host="frameworks.act.org" />
+	<target host="frameworks-staging.act.org" />
+	<target host="identity.act.org" />
+	<target host="identity-stress.act.org" />
+	<target host="knowledge.act.org" />
+	<target host="mftweb-np.act.org" />
+	<target host="www.my.act.org" />
+	<target host="my.act.org" />
+	<target host="mysuccess.act.org" />
+	<target host="myworkkeys.act.org" />
+	<target host="nextgen.act.org" />
+	<target host="nextgen-stress.act.org" />
+	<target host="onlineprep.act.org" />
+	<target host="order.act.org" />
+	<target host="pages2.act.org" />
+	<target host="pse.act.org" />
+	<target host="pse-stress.act.org" />
+	<target host="pse2.act.org" />
+	<target host="publisher-stress.act.org" />
+	<target host="readiness.act.org" />
+	<target host="readiness-stress.act.org" />
+	<target host="recommends.act.org" />
+	<target host="remote.act.org" />
+	<target host="rsp.act.org" />
+	<target host="score.act.org" />
+	<target host="scoringservices.act.org" />
+	<target host="skillpro.act.org" />
+	<target host="sso.act.org" />
+	<target host="success.act.org" />
+	<target host="srps.act.org" />
+	<target host="taa.act.org" />
+	<target host="tableau.act.org" />
+	<target host="tableau-stress.act.org" />
+	<target host="tableauprototypes.act.org" />
+	<target host="tableauprototypes-stress.act.org" />
+	<target host="tcm.act.org" />
+	<target host="testadmin.act.org" />
+	<target host="training.testadmin.act.org" />
+	<target host="uat.testadmin.act.org" />
+	<target host="tutorcertification.act.org" />
+	<target host="vault.act.org" />
+	<target host="vdimfa.act.org" />
+	<target host="vtc.act.org" />
+	<target host="vtcpublishing.act.org" />
+	<target host="vtcsupport-stress.act.org" />
+	<target host="workforce.act.org" />
+	<target host="workkeyscurriculum.act.org" />
+	<target host="wse.act.org" />
+	<target host="wse-dev.act.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/actiac.org.xml b/src/chrome/content/rules/actiac.org.xml
new file mode 100644
index 000000000000..a92c7a2dbeac
--- /dev/null
+++ b/src/chrome/content/rules/actiac.org.xml
@@ -0,0 +1,71 @@
+<!--
+	Nonfunctional hosts in *actiac.org:
+
+		- cyberinitiative ᵇ
+
+	ᵇ Shows default page
+
+
+	These altnames do not eixst:
+
+		- www.members.actiac.org
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- .actiac.org
+		- members.actiac.org
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="ACT IAC.org (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="actiac.org" />
+	<target host="members.actiac.org" />
+	<target host="www.actiac.org" />
+
+		<!--	$ 403s, so:
+					-->
+		<test url="http://members.actiac.org/eweb/StartPage.aspx?Site=act2014" />
+
+		<!--	Sets cookie without Secure:
+							-->
+		<!--test url="http://www.actiac.org/membership/join-act-iac/join-act-iac" /-->
+
+	<!--	Complications:
+				-->
+	<target host="cyberinitiative.actiac.org" />
+
+		<exclusion pattern="^http://cyberinitiative\.actiac\.org/(?!/*(?:$|\?))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://cyberinitiative.actiac.org/default.aspx" />
+			<test url="http://cyberinitiative.actiac.org/a/community/login" />
+			<test url="http://cyberinitiative.actiac.org/a/register" />
+			<test url="http://cyberinitiative.actiac.org/index.htm" />
+			<test url="http://cyberinitiative.actiac.org/index.html" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.actiac\.org$" name="^UUID$" /-->
+	<!--securecookie host="^members\.actiac\.org$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^[^c]" name=".+" />
+
+
+	<!--	Redirect drops args and forward slash:
+							-->
+	<rule from="^http://cyberinitiative\.actiac\.org/.*"
+		to="https://actiaccyberinitiative.ideascale.com/" />
+
+		<test url="http://cyberinitiative.actiac.org/?" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/actionnetwork.org.xml b/src/chrome/content/rules/actionnetwork.org.xml
new file mode 100644
index 000000000000..e53da93bf1e3
--- /dev/null
+++ b/src/chrome/content/rules/actionnetwork.org.xml
@@ -0,0 +1,31 @@
+<!--
+	CDN buckets:
+
+		- can2-prod.s3.amazonaws.com
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- actionnetwork.org
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Action Network.org">
+
+	<target host="actionnetwork.org" />
+	<target host="www.actionnetwork.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^actionnetwork\.org$" name="^_can2_session$" /-->
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/actis.ru.xml b/src/chrome/content/rules/actis.ru.xml
new file mode 100644
index 000000000000..b949778ab149
--- /dev/null
+++ b/src/chrome/content/rules/actis.ru.xml
@@ -0,0 +1,16 @@
+<!--
+energoprom.customers.actis.ru ³
+www.energoprom.customers.actis.ru ³
+hr.actis.ru ³
+
+
+³ timed out
+-->
+<ruleset name="actis.ru">
+	<target host="actis.ru" />
+	<target host="www.actis.ru" />
+	<target host="jira.actis.ru" />
+	<target host="task.actis.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/active.domains.xml b/src/chrome/content/rules/active.domains.xml
new file mode 100644
index 000000000000..693e09d60161
--- /dev/null
+++ b/src/chrome/content/rules/active.domains.xml
@@ -0,0 +1,7 @@
+<ruleset name="active.domains">
+	<target host="active.domains" />
+	<target host="www.active.domains" />
+	<target host="my.active.domains" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/active24.cat.xml b/src/chrome/content/rules/active24.cat.xml
new file mode 100644
index 000000000000..dc2978ee1ac0
--- /dev/null
+++ b/src/chrome/content/rules/active24.cat.xml
@@ -0,0 +1,10 @@
+<!--
+	For other Active24.cz coverage, see active24.cz.xml.
+-->
+<ruleset name="Active24.cat">
+	<target host="active24.cat" />
+	<target host="www.active24.cat" />
+	<target host="weborder.active24.cat" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/active24.co.uk.xml b/src/chrome/content/rules/active24.co.uk.xml
new file mode 100644
index 000000000000..7e871196bcfc
--- /dev/null
+++ b/src/chrome/content/rules/active24.co.uk.xml
@@ -0,0 +1,10 @@
+<!--
+	For other Active24.cz coverage, see active24.cz.xml.
+-->
+<ruleset name="Active24.co.uk" >
+	<target host="active24.co.uk" />
+	<target host="www.active24.co.uk" />
+	<target host="weborder.active24.co.uk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/active24.com.xml b/src/chrome/content/rules/active24.com.xml
new file mode 100644
index 000000000000..15deb5944a64
--- /dev/null
+++ b/src/chrome/content/rules/active24.com.xml
@@ -0,0 +1,39 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://myaccount.active24.com/ => https://myaccount.active24.com/: (6, 'Could not resolve host: myaccount.active24.com')
+Fetch error: http://controlpanel.active24.com/ => https://controlpanel.active24.com/: (6, 'Could not resolve host: controlpanel.active24.com')
+Fetch error: http://signup.active24.com/ => https://signup.active24.com/: (6, 'Could not resolve host: signup.active24.com')
+Fetch error: http://login.active24.com/ => https://login.active24.com/: (6, 'Could not resolve host: login.active24.com')
+Fetch error: http://cp.active24.com/ => https://cp.active24.com/: (6, 'Could not resolve host: cp.active24.com')
+Fetch error: http://my.active24.com/ => https://my.active24.com/: (6, 'Could not resolve host: my.active24.com')
+
+	For other Active24.cz coverage, see active24.cz.xml.
+
+	Timeout:
+		- www.active24.com
+		- *.preview.active24.com (customer domains)
+	Refused:
+		- holdingpage.active24.com
+		- newsletter.active24.com
+	Self signed:
+		- exchange.active24.com
+-->
+<ruleset name="Active24.com" default_off="failed ruleset test">
+	<target host="webmail.active24.com" />
+	<target host="webftp.active24.com" />
+	<target host="mysql.active24.com" />
+	<target host="mssql.active24.com" />
+	<target host="psql.active24.com" />
+	<target host="myaccount.active24.com" />
+	<target host="controlpanel.active24.com" />
+	<target host="mssqlbackup.active24.com" />
+	<target host="weborder.active24.com" />
+	<target host="signup.active24.com" />
+	<target host="customer.active24.com" />
+	<target host="login.active24.com" />
+	<target host="cp.active24.com" />
+	<target host="my.active24.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/active24.cz.xml b/src/chrome/content/rules/active24.cz.xml
new file mode 100644
index 000000000000..e3dadbdf2fdb
--- /dev/null
+++ b/src/chrome/content/rules/active24.cz.xml
@@ -0,0 +1,49 @@
+<!--
+
+	Other Active24.cz rulesets:
+		- Active24.sk
+		- Active24.pl
+		- Active24.de
+		- Active24.co.uk
+		- Active24.nl
+		- Active24.es
+		- Active24.cat
+		- Active24.com
+		- Domeny.sk
+		- Domeny.cz
+		- Hosting.cz
+		- Servery.cz
+		- Superstranka.cz
+		- Platba.cz
+		- CA.cz
+
+	Mismatched:
+		- uvds\d+.active24.cz (customer domains)
+		- uvirt\d+.active24.cz (customer domains)
+		- gds\d+.active24.cz (customer domains)
+
+	Refused:
+		- email.active24.cz
+
+	Self signed:
+		- blog.active24.cz
+-->
+<ruleset name="Active24.cz" >
+	<target host="active24.cz" />
+	<target host="www.active24.cz" />
+	<target host="centrum.active24.cz" />
+	<target host="napoveda.active24.cz" />
+	<target host="objednavka.active24.cz" />
+	<target host="webmail.active24.cz" />
+	<target host="mssqlbackup.active24.cz" />
+	<target host="mssql.active24.cz" />
+	<target host="horde.active24.cz" />
+	<target host="rc.active24.cz" />
+	<target host="mysql.active24.cz" />
+	<target host="psql.active24.cz" />
+	<target host="webftp.active24.cz" />
+
+	<rule from="^http://active24\.cz/" to="https://www.active24.cz/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/active24.de.xml b/src/chrome/content/rules/active24.de.xml
new file mode 100644
index 000000000000..7f57c751286b
--- /dev/null
+++ b/src/chrome/content/rules/active24.de.xml
@@ -0,0 +1,10 @@
+<!--
+	For other Active24.cz coverage, see active24.cz.xml.
+-->
+<ruleset name="Active24.de" >
+	<target host="active24.de" />
+	<target host="www.active24.de" />
+	<target host="weborder.active24.de" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/active24.es.xml b/src/chrome/content/rules/active24.es.xml
new file mode 100644
index 000000000000..3d621f1305fc
--- /dev/null
+++ b/src/chrome/content/rules/active24.es.xml
@@ -0,0 +1,10 @@
+<!--
+	For other Active24.cz coverage, see active24.cz.xml.
+-->
+<ruleset name="Active24.es" >
+	<target host="active24.es" />
+	<target host="www.active24.es" />
+	<target host="weborder.active24.es" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/active24.nl.xml b/src/chrome/content/rules/active24.nl.xml
new file mode 100644
index 000000000000..632e78bba376
--- /dev/null
+++ b/src/chrome/content/rules/active24.nl.xml
@@ -0,0 +1,14 @@
+<!--
+
+	For other Active24.cz coverage, see active24.cz.xml.
+
+	Refused:
+		- mysql.active24.nl
+-->
+<ruleset name="Active24.nl" >
+	<target host="active24.nl" />
+	<target host="www.active24.nl" />
+	<target host="weborder.active24.nl" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/active24.pl.xml b/src/chrome/content/rules/active24.pl.xml
new file mode 100644
index 000000000000..74bc8c8ee88d
--- /dev/null
+++ b/src/chrome/content/rules/active24.pl.xml
@@ -0,0 +1,9 @@
+<!--
+	For other Active24.cz coverage, see active24.cz.xml.
+-->
+<ruleset name="Active24.pl">
+	<target host="active24.pl" />
+	<target host="www.active24.pl" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/active24.sk.xml b/src/chrome/content/rules/active24.sk.xml
new file mode 100644
index 000000000000..e1dd0f2c7c63
--- /dev/null
+++ b/src/chrome/content/rules/active24.sk.xml
@@ -0,0 +1,14 @@
+<!--
+	For other Active24.cz coverage, see active24.cz.xml.
+
+	Mismatched:
+		- webmail.active24.sk
+-->
+<ruleset name="Active24.sk">
+	<target host="active24.sk" />
+	<target host="www.active24.sk" />
+	<target host="objednavka.active24.sk" />
+	<target host="centrum.active24.sk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/actor.im.xml b/src/chrome/content/rules/actor.im.xml
new file mode 100644
index 000000000000..83dcec70e47b
--- /dev/null
+++ b/src/chrome/content/rules/actor.im.xml
@@ -0,0 +1,35 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://actor.im/ => https://actor.im/: (7, 'Failed to connect to actor.im port 443: Connection timed out')
+Fetch error: http://app.actor.im/ => https://app.actor.im/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://developer.actor.im/ => https://developer.actor.im/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.actor.im/ => https://www.actor.im/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- developer.actor.im
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Actor.im" default_off="failed ruleset test">
+
+	<target host="actor.im" />
+	<target host="app.actor.im" />
+	<target host="developer.actor.im" />
+	<target host="www.actor.im" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^developer\.actor\.im$" name="^(?:XSRF-TOKEN|connect\.sid)$" /-->
+
+	<securecookie host=".+" name="^optimizely" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/acxiom.com.xml b/src/chrome/content/rules/acxiom.com.xml
new file mode 100644
index 000000000000..88cd2605e46a
--- /dev/null
+++ b/src/chrome/content/rules/acxiom.com.xml
@@ -0,0 +1,97 @@
+
+<!--
+The following targets have been disabled at 2020-04-17 18:38:06:
+
+Fetch error: http://acxsc.acxiom.com/ => https://acxsc.acxiom.com/: (51, "SSL: no alternative certificate subject name matches target host name 'acxsc.acxiom.com'")
+Fetch error: http://aeopdevvip.acxiom.com/ => https://aeopdevvip.acxiom.com/: (35, 'OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to aeopdevvip.acxiom.com:443 ')
+Fetch error: http://aeopprodvip.acxiom.com/ => https://aeopprodvip.acxiom.com/: (35, 'OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to aeopprodvip.acxiom.com:443 ')
+Fetch error: http://aeraisedevvip.acxiom.com/ => https://aeraisedevvip.acxiom.com/: (35, 'OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to aeraisedevvip.acxiom.com:443 ')
+Fetch error: http://aeraiseprodvip.acxiom.com/ => https://aeraiseprodvip.acxiom.com/: (35, 'OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to aeraiseprodvip.acxiom.com:443 ')
+Fetch error: http://catcher.acxiom.com/ => https://catcher.acxiom.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://cert-services.acxiom.com/ => https://cert-services.acxiom.com/: (6, 'Could not resolve host: cert-services.acxiom.com')
+Fetch error: http://cipix.acxiom.com/ => https://cipix.acxiom.com/: (51, "SSL: no alternative certificate subject name matches target host name 'cipix.acxiom.com'")
+Fetch error: http://fts2sfg.acxiom.com/ => https://fts2sfg.acxiom.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://investors.acxiom.com/ => https://investors.acxiom.com/: (6, 'Could not resolve host: investors.acxiom.com')
+Fetch error: http://owa.acxiom.com/ => https://owa.acxiom.com/: (6, 'Could not resolve host: owa.acxiom.com')
+Fetch error: http://services.acxiom.com/ => https://services.acxiom.com/: (6, 'Could not resolve host: services.acxiom.com')
+Fetch error: http://sspwreset.acxiom.com/ => https://sspwreset.acxiom.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://thrivent.acxiom.com/ => https://thrivent.acxiom.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://vmb1.eu.acxiom.com/ => https://vmb1.eu.acxiom.com/: (28, 'Connection timed out after 20000 milliseconds')
+
+	Other Acxiom coverage:
+
+		- About_the_Data.com.xml
+
+	Problematic hosts in *acxiom.com:
+
+		- ^ (timeout over https)
+		- aos (mismatched)
+		- axposqa (TLS error)
+		- axposprod (TLS error)
+		- amexapi (TLS error)
+		- cagent (expired)
+		- esmdmpoc1 (self signed)
+		- demo (TLS error)
+		- fpc (mismatched)
+		- metlife.delivery (certificate chain)
+		- icsdirect (mismatched)
+		- isapps (403 over https)
+		- listtracker (mismatched)
+		- jobs (mismatched)
+		- offers (mismatched)
+		- panopticxcustomertest (expired)
+		- panopticxiwscustomertest (TLS error)
+		- rts (certificate chain)
+		- sfgexttst (TLS error)
+		- sipexternal (mismatched)
+		- sip (mismatched)
+		- webconser1 (self signed)
+		- webconser2 (self signed)
+
+-->
+<ruleset name="Acxiom.com (partial)">
+
+	<target host="acxiom.com" />
+	<target host="www.acxiom.com" />
+	<target host="acxmapi.acxiom.com" />
+	<target host="acxreset.acxiom.com" />
+	<!-- target host="acxsc.acxiom.com" /-->
+	<!-- target host="aeopdevvip.acxiom.com" /-->
+	<!-- target host="aeopprodvip.acxiom.com" /-->
+	<!-- target host="aeraisedevvip.acxiom.com" /-->
+	<!-- target host="aeraiseprodvip.acxiom.com" /-->
+	<target host="api.acxiom.com" />
+	<!-- target host="catcher.acxiom.com" /-->
+	<!-- target host="cert-services.acxiom.com" /-->
+	<!-- target host="cipix.acxiom.com" /-->
+	<target host="collaborate.acxiom.com" />
+	<target host="developer.acxiom.com" />
+	<target host="eu-interactive.acxiom.com" />
+	<!-- target host="fts2sfg.acxiom.com" /-->
+	<target host="gmrecall.acxiom.com" />
+	<target host="heathrow1.eu.acxiom.com" />
+	<target host="id.acxiom.com" />
+	<target host="idstage.acxiom.com" />
+	<target host="interactivedelivery.acxiom.com" />
+	<!-- target host="investors.acxiom.com" /-->
+	<target host="marketing.acxiom.com" />
+	<!-- target host="owa.acxiom.com" /-->
+	<target host="passwordstation.acxiom.com" />
+	<target host="qa.benefitbuilder.acxiom.com" />
+	<target host="schwabdnc.acxiom.com" />
+	<!-- target host="services.acxiom.com" /-->
+	<!-- target host="sspwreset.acxiom.com" /-->
+	<target host="test.acxmapi.acxiom.com" />
+	<target host="test.api.acxiom.com" />
+	<!-- target host="thrivent.acxiom.com" /-->
+	<!-- target host="vmb1.eu.acxiom.com" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+	<rule from="^http://acxiom\.com/"
+		to="https://www.acxiom.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ad-m.asia.xml b/src/chrome/content/rules/ad-m.asia.xml
new file mode 100644
index 000000000000..f39e1b2db5f5
--- /dev/null
+++ b/src/chrome/content/rules/ad-m.asia.xml
@@ -0,0 +1,8 @@
+<ruleset name="ad-m.asia (partial)">
+
+	<target host="sync-dsp.ad-m.asia" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/adapto.rs.xml b/src/chrome/content/rules/adapto.rs.xml
new file mode 100644
index 000000000000..7b50f7842396
--- /dev/null
+++ b/src/chrome/content/rules/adapto.rs.xml
@@ -0,0 +1,44 @@
+<!--
+	Mixed content:
+
+		- css from $self *
+		- Images from $self *
+
+	ˢ See https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Adapto.rs (partial)" default_off="self-signed">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="adapto.rs" />
+
+	<!--	Complications:
+				-->
+	<target host="www.adapto.rs" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://adapto\.rs/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://(?:www\.)?adapto\.rs/(?!/*arc/site/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://adapto.rs/index.php" />
+			<test url="http://www.adapto.rs/index.php" />
+
+
+	<rule from="^http://www\.adapto\.rs/"
+		to="https://adapto.rs/" />
+
+		<test url="http://www.adapto.rs/arc/site/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+		<test url="http://adapto.rs/arc/site/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/adblockbrowser.org.xml b/src/chrome/content/rules/adblockbrowser.org.xml
new file mode 100644
index 000000000000..a2d3a81b37fe
--- /dev/null
+++ b/src/chrome/content/rules/adblockbrowser.org.xml
@@ -0,0 +1,13 @@
+<ruleset name="Adblock Browser.org">
+
+	<target host="adblockbrowser.org" />
+	<target host="www.adblockbrowser.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/adc-srv.net.xml b/src/chrome/content/rules/adc-srv.net.xml
new file mode 100644
index 000000000000..22f1ceaea22e
--- /dev/null
+++ b/src/chrome/content/rules/adc-srv.net.xml
@@ -0,0 +1,37 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://adc-srv.net/ => https://adc-srv.net/: (51, "SSL: no alternative certificate subject name matches target host name 'adc-srv.net'")
+Fetch error: http://www.adc-srv.net/ => https://www.adc-srv.net/: (51, "SSL: no alternative certificate subject name matches target host name 'www.adc-srv.net'")
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- .adc-srv.net
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="ADC-srv.net" default_off="failed ruleset test">
+
+	<target host="adc-srv.net" />
+	<target host="ad.adc-srv.net" />
+	<target host="r.adc-srv.net" />
+	<target host="www.adc-srv.net" />
+
+		<!--	Sets cookie without Secure:
+							-->
+		<!--test url="http://r.adc-srv.net/retargeting.php?customer=&amp;method&amp;value=" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.adc-srv\.net$" name="^adc_vs$" /-->
+
+	<securecookie host="^\." name="^adc_vs$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/add.org.xml b/src/chrome/content/rules/add.org.xml
new file mode 100644
index 000000000000..d4c54051c348
--- /dev/null
+++ b/src/chrome/content/rules/add.org.xml
@@ -0,0 +1,27 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- add.org
+		- www.add.org
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="ADD.org">
+
+	<target host="add.org" />
+	<target host="www.add.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?add\.org$" name="^(?:PHPSESSID|wpSGCacheBypass)$" /-->
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/additifs-alimentaires.net.xml b/src/chrome/content/rules/additifs-alimentaires.net.xml
new file mode 100644
index 000000000000..48d84848c6dd
--- /dev/null
+++ b/src/chrome/content/rules/additifs-alimentaires.net.xml
@@ -0,0 +1,8 @@
+<ruleset name="additifs-alimentaires.net">
+	<target host="additifs-alimentaires.net" />
+	<target host="www.additifs-alimentaires.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/addthiscdn.com.xml b/src/chrome/content/rules/addthiscdn.com.xml
new file mode 100644
index 000000000000..67a16c9c2081
--- /dev/null
+++ b/src/chrome/content/rules/addthiscdn.com.xml
@@ -0,0 +1,25 @@
+<!--
+	For other Oracle coverage, see Oracle.xml.
+
+
+	CDN buckets:
+
+		- wildcard.addthiscdn.com.edgekey.net
+
+-->
+<ruleset name="AddThis CDN.com">
+
+	<target host="blog.addthiscdn.com" />
+	<target host="cache.addthiscdn.com" />
+
+		<test url="http://blog.addthiscdn.com/wp-content/uploads/2015/08/white-paper-mock-300x250-option4-1.png" />
+		<test url="http://cache.addthiscdn.com/www/160609bc222cc/style/images/icon-search.png" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/adfoc.us.xml b/src/chrome/content/rules/adfoc.us.xml
new file mode 100644
index 000000000000..0eea88adfa4e
--- /dev/null
+++ b/src/chrome/content/rules/adfoc.us.xml
@@ -0,0 +1,10 @@
+<ruleset name="AdFoc.us">
+	<target host="adfoc.us" />
+	<target host="www.adfoc.us" />
+	<target host="cdn.adfoc.us" />
+	<target host="forum.adfoc.us" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/adguard.com.xml b/src/chrome/content/rules/adguard.com.xml
new file mode 100644
index 000000000000..880fca10ce06
--- /dev/null
+++ b/src/chrome/content/rules/adguard.com.xml
@@ -0,0 +1,29 @@
+<!--
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- adguard.com
+		- .adguard.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Adguard.com">
+
+	<target host="adguard.com" />
+	<target host="forum.adguard.com" />
+	<target host="www.adguard.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^adguard\.com$" name="^JSESSIONID$" /-->
+	<!--securecookie host="^\.adguard\.com$" name="^(?:adguard_lang|aid|source)$" /-->
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/adk.de.xml b/src/chrome/content/rules/adk.de.xml
new file mode 100644
index 000000000000..27d622ea7395
--- /dev/null
+++ b/src/chrome/content/rules/adk.de.xml
@@ -0,0 +1,29 @@
+<!--
+	Invalid certificate:
+		www.archivfenster.adk.de
+		www.blog.adk.de
+		info.adk.de
+-->
+<ruleset name="Akademie der Künste">
+
+	<target host="adk.de" />
+	<target host="www.adk.de" />
+	<target host="analytics.adk.de" />
+	<target host="archiv.adk.de" />
+	<target host="archivfenster.adk.de" />
+	<target host="blog.adk.de" />
+	<target host="mail2.adk.de" />
+	<target host="medien.adk.de" />
+	<target host="www.medien.adk.de" />
+	<target host="opac.adk.de" />
+	<target host="projekte.adk.de" />
+	<target host="www.projekte.adk.de" />
+	<target host="public-archiv.adk.de" />
+	<target host="volksbuehne.adk.de" />
+	<target host="www.volksbuehne.adk.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/admin-smolensk.ru.xml b/src/chrome/content/rules/admin-smolensk.ru.xml
new file mode 100644
index 000000000000..de97bf53ea0f
--- /dev/null
+++ b/src/chrome/content/rules/admin-smolensk.ru.xml
@@ -0,0 +1,170 @@
+<!--
+3d.admin-smolensk.ru ²
+antinark.admin-smolensk.ru ¹
+antiterror.admin-smolensk.ru ¹
+apparat.admin-smolensk.ru ¹
+archive-n.admin-smolensk.ru ¹
+babino.admin-smolensk.ru ¹
+barsukovskoe-sp.admin-smolensk.ru ¹
+baturinskoe.admin-smolensk.ru ¹
+bobrovichi-spel.admin-smolensk.ru ¹
+bogdanovskoe.admin-smolensk.ru ¹
+bulgakovo.admin-smolensk.ru ¹
+order.ca.admin-smolensk.ru ⁷
+corruption.admin-smolensk.ru ¹
+customs.admin-smolensk.ru ¹
+czn-smolensk.admin-smolensk.ru ¹
+danikovskoe.admin-smolensk.ru ¹
+delopro.admin-smolensk.ru ¹
+demidov.admin-smolensk.ru ¹
+depim.admin-smolensk.ru ¹
+depzan.admin-smolensk.ru ¹
+desnobr.admin-smolensk.ru ¹
+desnogorsk.admin-smolensk.ru ¹
+detlib.admin-smolensk.ru ¹
+digest.admin-smolensk.ru ⁴
+dobrino.admin-smolensk.ru ¹
+dorogobyzh.admin-smolensk.ru ¹
+duhov.admin-smolensk.ru ¹
+dvp.admin-smolensk.ru ¹
+econ.admin-smolensk.ru ²
+edu.admin-smolensk.ru ¹
+i.edu.admin-smolensk.ru ²
+edu67.admin-smolensk.ru ²
+eko.admin-smolensk.ru ²
+ekonpoch.admin-smolensk.ru ¹
+elnya-admin.admin-smolensk.ru ¹
+equalsmol.admin-smolensk.ru ²
+ershichadm.admin-smolensk.ru ¹
+ershichsp.admin-smolensk.ru ¹
+expo.admin-smolensk.ru ¹
+finupr.admin-smolensk.ru ¹
+fkremont.admin-smolensk.ru ¹
+gaso.admin-smolensk.ru ¹
+www.gaso.admin-smolensk.ru ²
+gis.admin-smolensk.ru ⁷
+glinka.admin-smolensk.ru ¹
+golynki.admin-smolensk.ru ¹
+gorduh.admin-smolensk.ru ¹
+goszakaz.admin-smolensk.ru ¹
+goszakupki.admin-smolensk.ru ⁷
+gstn.admin-smolensk.ru ¹
+gugzipb.admin-smolensk.ru ¹
+hislav.admin-smolensk.ru ¹
+hislav-zan.admin-smolensk.ru ¹
+holm.admin-smolensk.ru ¹
+holm-chirkovskoe.admin-smolensk.ru ¹
+igorevskoe.admin-smolensk.ru ¹
+incotech.admin-smolensk.ru ¹
+invest.admin-smolensk.ru ²
+it-security.admin-smolensk.ru ¹
+its.admin-smolensk.ru ¹
+izbirkom.admin-smolensk.ru ¹
+kaprem.admin-smolensk.ru ⁴
+kapyrevshina.admin-smolensk.ru ¹
+kazimirovo.admin-smolensk.ru ¹
+klyarinovo.admin-smolensk.ru ¹
+knizinskoe.admin-smolensk.ru ¹
+kontrol.admin-smolensk.ru ¹
+korso.admin-smolensk.ru ¹
+krasniy.admin-smolensk.ru ¹
+www.krasniy.admin-smolensk.ru ²
+kruglovo.admin-smolensk.ru ¹
+kultpoch.admin-smolensk.ru ¹
+kultura.admin-smolensk.ru ¹
+leninskoe.admin-smolensk.ru ¹
+les.admin-smolensk.ru ¹
+lespoj.admin-smolensk.ru ¹
+losnenskoe.admin-smolensk.ru ¹
+lysovskoe.admin-smolensk.ru ¹
+mail.admin-smolensk.ru ¹
+malcevo-sp.admin-smolensk.ru ¹
+mazovo-speln.admin-smolensk.ru ¹
+mirsud.admin-smolensk.ru ¹
+monast.admin-smolensk.ru ¹
+mutishe-speln.admin-smolensk.ru ¹
+mx.admin-smolensk.ru ²
+nasha-zhizn.admin-smolensk.ru ¹
+nikitinskoe.admin-smolensk.ru ¹
+novodugino.admin-smolensk.ru ¹
+novomih-sp.admin-smolensk.ru ¹
+npa.admin-smolensk.ru ⁴
+obrpoch.admin-smolensk.ru ¹
+ogz.admin-smolensk.ru ¹
+oldzan.admin-smolensk.ru ¹
+opendata.admin-smolensk.ru ¹
+opsmol.admin-smolensk.ru ¹
+ozerniy.admin-smolensk.ru ¹
+pechatnikovskoe.admin-smolensk.ru ¹
+pgu.admin-smolensk.ru ²
+pochinok.admin-smolensk.ru ¹
+prirod.admin-smolensk.ru ¹
+prjevalskoe.admin-smolensk.ru ¹
+pronino-speln.admin-smolensk.ru ¹
+prudkovskoe.admin-smolensk.ru ¹
+rek.admin-smolensk.ru ¹
+rudnya.admin-smolensk.ru ¹
+selhoz.admin-smolensk.ru ¹
+shatalovskoe.admin-smolensk.ru ¹
+shmakovskoe.admin-smolensk.ru ¹
+shumichi.admin-smolensk.ru ¹
+sloboda.admin-smolensk.ru ¹
+smo.admin-smolensk.ru ¹
+smoligolovka.admin-smolensk.ru ¹
+somiac.admin-smolensk.ru ¹
+sovet-pochgrad.admin-smolensk.ru ¹
+sovet-pochinok.admin-smolensk.ru ¹
+sovet-sichgor.admin-smolensk.ru ¹
+specotd.admin-smolensk.ru ¹
+sport.admin-smolensk.ru ¹
+ss.admin-smolensk.ru ²
+stechinskoe.admin-smolensk.ru ¹
+stjkh.admin-smolensk.ru ¹
+stodolishehskoe.admin-smolensk.ru ¹
+strateg-prf.admin-smolensk.ru ¹
+tatarskoe-sp.admin-smolensk.ru ¹
+titovshina.admin-smolensk.ru ¹
+tomskoe.admin-smolensk.ru ¹
+tretaykovo.admin-smolensk.ru ¹
+tupikovskoe.admin-smolensk.ru ¹
+ud.admin-smolensk.ru ¹
+uec.admin-smolensk.ru ¹
+uggi.admin-smolensk.ru ¹
+ugs.admin-smolensk.ru ¹
+ums.admin-smolensk.ru ¹
+upolchel.admin-smolensk.ru ¹
+uprog.admin-smolensk.ru ¹
+vaskovskoe.admin-smolensk.ru ¹
+velizh.admin-smolensk.ru ¹
+vet.admin-smolensk.ru ¹
+vorgasp.admin-smolensk.ru ¹
+websprav.admin-smolensk.ru ¹
+www.websprav.admin-smolensk.ru ²
+yarcevo.admin-smolensk.ru ¹
+zaborie.admin-smolensk.ru ¹
+zags.admin-smolensk.ru ¹
+www.zags.admin-smolensk.ru ²
+zapros.admin-smolensk.ru ⁷
+crbdemidov.zdrav.admin-smolensk.ru ²
+polyclinic2.zdrav.admin-smolensk.ru ²
+polyclinic7.zdrav.admin-smolensk.ru ²
+rzdboln.zdrav.admin-smolensk.ru ²
+sondisp.zdrav.admin-smolensk.ru ²
+sovfd.zdrav.admin-smolensk.ru ²
+stomroslavl.zdrav.admin-smolensk.ru ²
+stomsafonovo.zdrav.admin-smolensk.ru ²
+stomvyazma.zdrav.admin-smolensk.ru ²
+zdrav-dep.admin-smolensk.ru ¹
+
+
+¹ mismatch
+² refused
+⁴ self signed
+⁷ protocol error
+-->
+<ruleset name="admin-smolensk.ru">
+	<target host="admin-smolensk.ru" />
+	<target host="www.admin-smolensk.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/admincontrol.com.xml b/src/chrome/content/rules/admincontrol.com.xml
new file mode 100644
index 000000000000..903c6a8a584c
--- /dev/null
+++ b/src/chrome/content/rules/admincontrol.com.xml
@@ -0,0 +1,34 @@
+<!--
+	Insecure cookies are set for these domains: ᶜ
+
+		- .admincontrol.com
+		- .www.admincontrol.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Images on ^ from $self ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Admincontrol.com">
+
+	<target host="admincontrol.com" />
+	<target host="www.admincontrol.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.(?:www\.)?admincontrol\.com$" name="^_icl_current_language$" /-->
+
+	<securecookie host="^\." name="^_(?:ga|icl_current_language$)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/admtyumen.ru.xml b/src/chrome/content/rules/admtyumen.ru.xml
new file mode 100644
index 000000000000..35164c7d41b3
--- /dev/null
+++ b/src/chrome/content/rules/admtyumen.ru.xml
@@ -0,0 +1,108 @@
+<!--
+edon.admtyumen.ru ³
+edu.admtyumen.ru ³
+edu2.admtyumen.ru ³
+www.edu2.admtyumen.ru ³
+www.educ.admtyumen.ru ¹
+edumfc.admtyumen.ru ³
+eledu.admtyumen.ru ³
+emed.admtyumen.ru ³
+emm.admtyumen.ru ³
+fin-gkh.admtyumen.ru ⁴
+gis.admtyumen.ru ¹
+gz.admtyumen.ru ³
+www.gz.admtyumen.ru ³
+conf.gz.admtyumen.ru ³
+jkh.admtyumen.ru ²
+www.jkh.admtyumen.ru ²
+mail.jkh.admtyumen.ru ²
+kadr-reserv.admtyumen.ru ³
+kt.admtyumen.ru ⁴
+mail.admtyumen.ru ³
+monjf.admtyumen.ru ⁴
+mail.monjf.admtyumen.ru ⁴
+sed.omsu.admtyumen.ru ¹
+orto.admtyumen.ru ³
+www.pereselenie.admtyumen.ru ¹
+ppu.admtyumen.ru/: (35, 'error:14092105:SSL routines:ssl3_get_server_hello:wrong cipher returned')
+rais.admtyumen.ru ³
+reestrio.admtyumen.ru ³
+risgkh.admtyumen.ru ⁴
+sedomsu.admtyumen.ru ⁴
+smev.admtyumen.ru ³
+trto.admtyumen.ru ⁴
+mail.tura.admtyumen.ru ³
+gz.admtyumen.ru:85 ⁷
+ds.admtyumen.ru different content
+
+
+¹ mismatch
+² refused
+³ timed out
+⁴ self signed
+⁷ protocol error
+-->
+<ruleset name="admtyumen.ru">
+	<target host="admtyumen.ru" />
+	<target host="www.admtyumen.ru" />
+	<target host="2013-golyshmanovo.admtyumen.ru" />
+	<target host="2013-main.admtyumen.ru" />
+	<target host="2013-sorokino.admtyumen.ru" />
+	<target host="abatsk.admtyumen.ru" />
+	<target host="admin.admtyumen.ru" />
+	<target host="armizon.admtyumen.ru" />
+	<target host="aromashevo.admtyumen.ru" />
+	<target host="av.admtyumen.ru" />
+	<target host="berdyuje.admtyumen.ru" />
+	<target host="citto.admtyumen.ru" />
+	<target host="cso-berdyuje.admtyumen.ru" />
+	<target host="cso-isetsk.admtyumen.ru" />
+	<target host="cso-uvat.admtyumen.ru" />
+	<target host="cso-yarkovo.admtyumen.ru" />
+	<target host="czn.admtyumen.ru" />
+	<target host="eduapp.admtyumen.ru" />
+	<target host="educ.admtyumen.ru" />
+	<target host="education.admtyumen.ru" />
+	<target host="golyshmanovo.admtyumen.ru" />
+	<target host="golyshmanovo-old.admtyumen.ru" />
+	<target host="gorizont.admtyumen.ru" />
+	<target host="gubernator.admtyumen.ru" />
+	<target host="health.admtyumen.ru" />
+	<target host="isetsk.admtyumen.ru" />
+	<target host="isetsk-old.admtyumen.ru" />
+	<target host="ishim.admtyumen.ru" />
+	<target host="ishim-mr.admtyumen.ru" />
+	<target host="kazanka.admtyumen.ru" />
+	<target host="law.admtyumen.ru" />
+	<target host="leto.admtyumen.ru" />
+	<target host="lk.admtyumen.ru" />
+	<target host="main-old.admtyumen.ru" />
+	<target host="media.admtyumen.ru" />
+	<target host="ntavda.admtyumen.ru" />
+	<target host="omutinka.admtyumen.ru" />
+	<target host="pereselenie.admtyumen.ru" />
+	<target host="rnis.admtyumen.ru" />
+	<target host="sladkovo.admtyumen.ru" />
+	<target host="sorokino.admtyumen.ru" />
+	<target host="sot.admtyumen.ru" />
+	<target host="special.admtyumen.ru" />
+	<target host="testlk.admtyumen.ru" />
+	<target host="tobolsk.admtyumen.ru" />
+	<target host="tobolsk-mr.admtyumen.ru" />
+	<target host="trud.admtyumen.ru" />
+	<target host="tur.admtyumen.ru" />
+	<target host="uporovo.admtyumen.ru" />
+	<target host="uslugi.admtyumen.ru" />
+	<target host="vagai.admtyumen.ru" />
+	<target host="vikulovo.admtyumen.ru" />
+	<target host="w1.admtyumen.ru" />
+	<target host="www1.admtyumen.ru" />
+	<target host="www2.admtyumen.ru" />
+	<target host="yalutorovsk.admtyumen.ru" />
+	<target host="yalutorovsk-mr.admtyumen.ru" />
+	<target host="yarkovo.admtyumen.ru" />
+	<target host="yurga.admtyumen.ru" />
+	<target host="zavodoukovsk.admtyumen.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/adnet.pro.xml b/src/chrome/content/rules/adnet.pro.xml
new file mode 100644
index 000000000000..ffdb43dac379
--- /dev/null
+++ b/src/chrome/content/rules/adnet.pro.xml
@@ -0,0 +1,29 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- adnetdelivery.adnet.pro
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="adnet.pro">
+
+	<target host="adimages.adnet.pro" />
+	<target host="adnetdelivery.adnet.pro" />
+
+		<!--	Sets cookies without Secure:
+							-->
+		<!--test url="http://adnetdelivery.adnet.pro/avw.php?zoneid=&amp;cb=&amp;n=" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^adnetdelivery\.adnet\.pro$" name="^(?:OAID|OAVARS\[[\da-f]{8}\])$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/adnetexpress.net.xml b/src/chrome/content/rules/adnetexpress.net.xml
new file mode 100644
index 000000000000..e71ccf633216
--- /dev/null
+++ b/src/chrome/content/rules/adnetexpress.net.xml
@@ -0,0 +1,20 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://adnetexpress.net/ => https://adnetexpress.net/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://www.adnetexpress.net/ => https://www.adnetexpress.net/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+
+-->
+<ruleset name="adnetexpress.net" default_off="failed ruleset test">
+
+	<target host="adnetexpress.net" />
+	<target host="www.adnetexpress.net" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/adnetworkperformance.com.xml b/src/chrome/content/rules/adnetworkperformance.com.xml
new file mode 100644
index 000000000000..9307f7c57821
--- /dev/null
+++ b/src/chrome/content/rules/adnetworkperformance.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="adnetworkperformance.com">
+
+	<target host="adnetworkperformance.com" />
+	<target host="www.adnetworkperformance.com" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/adr.org.xml b/src/chrome/content/rules/adr.org.xml
new file mode 100644
index 000000000000..02029187bd7c
--- /dev/null
+++ b/src/chrome/content/rules/adr.org.xml
@@ -0,0 +1,67 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://services.adr.org/ => https://services.adr.org/: (28, 'Connection timed out after 20001 milliseconds')
+
+	American Arbitration Association Dispute Resolution Services
+
+	For other American Arbitration Association coverage, see aaau.org.xml.
+
+
+	Nonfunctional hosts in *adr.org:
+
+		- (www.)?foreclosuremediationfl ʳ
+		- info ᵈ
+
+	ᵈ Dropped
+	ʳ Refused
+
+
+	Problematic hosts in *adr.org:
+
+		- go ᵐ
+		- app.go ᵐ
+		- images.go ᵐ
+
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- adr.org
+		- community.adr.org
+		- apps.community.adr.org
+		- community-uat.adr.org
+		- apps.community-uat.adr.org
+		- services.adr.org
+		- uat.adr.org
+		- www.adr.org
+
+-->
+<ruleset name="ADR.org (partial)" default_off="failed ruleset test">
+
+	<target host="adr.org" />
+	<target host="apps.adr.org" />
+	<target host="community.adr.org" />
+	<target host="apps.community.adr.org" />
+	<target host="community-uat.adr.org" />
+	<target host="apps.community-uat.adr.org" />
+	<target host="nysinsurance.adr.org" />
+	<target host="services.adr.org" />
+	<target host="uat.adr.org" />
+	<target host="www.adr.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:uat\.|www\.)?adr\.org$" name="^(?:ADR_ORG|JSESSIONID|OAMAuthnCookie_[\w.]+\.org:443|TS[\da-f]{8})$" /-->
+	<!--securecookie host="^(?:apps\.)?community(?:-uat)?\.adr\.org$" name="^(?:BIGipServer|JSESSIONID$|jive\.security\.context$)" /-->
+	<!--securecookie host="^services\.adr\.org$" name="^JSESSIONID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/adreclaim.com.xml b/src/chrome/content/rules/adreclaim.com.xml
new file mode 100644
index 000000000000..54e2ed2b88c4
--- /dev/null
+++ b/src/chrome/content/rules/adreclaim.com.xml
@@ -0,0 +1,22 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://adreclaim.com/ => https://adreclaim.com/: (51, "SSL: no alternative certificate subject name matches target host name 'adreclaim.com'")
+
+-->
+<ruleset name="AdReclaim.com" default_off="failed ruleset test">
+
+	<target host="adreclaim.com" />
+	<target host="cdn.adreclaim.com" />
+	<target host="www.adreclaim.com" />
+
+		<test url="http://cdn.adreclaim.com/static/adreclaim/img/icon_reven.jpg" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/adreducation.org.xml b/src/chrome/content/rules/adreducation.org.xml
new file mode 100644
index 000000000000..761aa2c8a2c7
--- /dev/null
+++ b/src/chrome/content/rules/adreducation.org.xml
@@ -0,0 +1,27 @@
+<!--
+	For other American Arbitration Association coverage, see aaau.org.xml.
+
+
+	Insecure cookies are set for these hosts:
+
+		- adreducation.org
+		- www.adreducation.org
+
+-->
+<ruleset name="ADR Education.org">
+
+	<target host="adreducation.org" />
+	<target host="www.adreducation.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?adreducation\.org$" name="^(?:ASP\.NET_SessionId|TS[\da-f]{8})$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ads-twitter.com.xml b/src/chrome/content/rules/ads-twitter.com.xml
new file mode 100644
index 000000000000..bb89d9bb9e2b
--- /dev/null
+++ b/src/chrome/content/rules/ads-twitter.com.xml
@@ -0,0 +1,25 @@
+<!--
+	For other Twitter coverage, see Twitter.xml.
+
+
+	These altnames do not exist:
+
+		- ads-twitter.com
+		- s.ads-twitter.com
+		- www.ads-twitter.com
+
+-->
+<ruleset name="ads-Twitter.com">
+
+	<target host="static.ads-twitter.com" />
+
+		<test url="http://static.ads-twitter.com/uwt.js" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/adsnative.com.xml b/src/chrome/content/rules/adsnative.com.xml
new file mode 100644
index 000000000000..6a7714faf659
--- /dev/null
+++ b/src/chrome/content/rules/adsnative.com.xml
@@ -0,0 +1,62 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.adsnative.com/ => https://www.adsnative.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://adsnative.com/ => https://www.adsnative.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+	CDN buckets:
+
+		- adsnative-www.s3.amazonaws.com
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- console.adsnative.com
+		- dev.adsnative.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Ad on www from go.pardot.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="AdsNative.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="api.adsnative.com" />
+	<target host="bevo.adsnative.com" />
+	<target host="blog.adsnative.com" />
+	<target host="console.adsnative.com" />
+	<target host="dev.adsnative.com" />
+	<target host="static.adsnative.com" />
+	<target host="www.adsnative.com" />
+
+		<!--	$ 404s, so:
+					-->
+		<test url="http://bevo.adsnative.com/ck?url=http%3A%2F%2Ffocus.politico.com%2F&amp;sid=59bddb5adce140ceae1dca913c3f894c_b70d1db0" />
+
+	<!--	Complications:
+				-->
+	<target host="adsnative.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^console\.adsnative\.com$" name="^AWSELB$" /-->
+	<!--securecookie host="^dev\.adsnative\.com$" name="^(?:XSRF-TOKEN|connect\.sid)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://adsnative\.com/"
+		to="https://www.adsnative.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/adsymptotic.com.xml b/src/chrome/content/rules/adsymptotic.com.xml
new file mode 100644
index 000000000000..f337495a9df9
--- /dev/null
+++ b/src/chrome/content/rules/adsymptotic.com.xml
@@ -0,0 +1,27 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .adsymptotic.com
+
+-->
+<ruleset name="adsymptotic.com">
+
+    <target host="api.adsymptotic.com" />
+    <target host="p.adsymptotic.com" />
+
+		<!--	Sets cookie without Secure:
+							-->
+		<!--test url="http://api.adsymptotic.com/api/s/trackconversion?_pid=&amp;_psign=&amp;_aid=&amp;_lbl=&amp;_expected_cookie=" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.adsymptotic\.com$" name="^U$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/adtomafusion.com.xml b/src/chrome/content/rules/adtomafusion.com.xml
new file mode 100644
index 000000000000..e3b1e467fb3b
--- /dev/null
+++ b/src/chrome/content/rules/adtomafusion.com.xml
@@ -0,0 +1,31 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- se-02.adtomafusion.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="adtomafusion.com">
+
+	<!--	Complications:
+				-->
+	<target host="se-02.adtomafusion.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^se-02\.adtomafusion\.com$" name="^Fusion\.testCookie$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://se-02\.adtomafusion\.com:80/"
+		to="https://se-02.adtomafusion.com/" />
+
+		<test url="http://se-02.adtomafusion.com:80/script.js" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/adultswim.xml b/src/chrome/content/rules/adultswim.xml
deleted file mode 100644
index bb1538528c66..000000000000
--- a/src/chrome/content/rules/adultswim.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="Adult Swim">
- 	<target host="www.adultswim.com" />
-	<target host="adultswim.com" />
-
-	<rule from="^http://(www\.)?adultswim\.com/" to="https://www.adultswim.com/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/adur-worthing.gov.uk.xml b/src/chrome/content/rules/adur-worthing.gov.uk.xml
new file mode 100644
index 000000000000..292cb3ad962f
--- /dev/null
+++ b/src/chrome/content/rules/adur-worthing.gov.uk.xml
@@ -0,0 +1,29 @@
+<!--
+	Ardur & Worthing Borough Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *adur-worthing.gov.uk:
+
+		- (www.)? ᶠ
+		- beta ᶠ
+		- digital.blogs ʰ
+		- engage ʰ
+
+	ᶠ Handshake fails
+	ʰ WP Engine / redirects to http
+
+-->
+<ruleset name="Adur-Worthing.gov.uk (partial)">
+
+	<target host="planning.adur-worthing.gov.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/adur.gov.uk.xml b/src/chrome/content/rules/adur.gov.uk.xml
new file mode 100644
index 000000000000..b7582d1afe01
--- /dev/null
+++ b/src/chrome/content/rules/adur.gov.uk.xml
@@ -0,0 +1,25 @@
+<!--
+	Adur District Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	(www.)?adur.gov.uk: Handshake fails
+
+-->
+<ruleset name="Adur.gov.uk (partial)">
+
+	<target host="adcaccess.adur.gov.uk" />
+
+		<!--	$ 404s, so:
+					-->
+		<test url="http://adcaccess.adur.gov.uk/ssp/defaultContact.jsp" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/adv.ru.xml b/src/chrome/content/rules/adv.ru.xml
new file mode 100644
index 000000000000..6b256d950a4a
--- /dev/null
+++ b/src/chrome/content/rules/adv.ru.xml
@@ -0,0 +1,14 @@
+<!--
+arezka.us.groups.adv.ru mismatch
+www.kr-pro.us.groups.adv.ru mismatch
+rassvet-loft.us.groups.adv.ru mismatch
+www.loko.us.groups.adv.ru mismatch
+shop.loko-copy.us.groups.adv.ru mismatch
+webmail.adv.ru mismatch
+-->
+<ruleset name="adv.ru">
+	<target host="adv.ru" />
+	<target host="www.adv.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/advision-adnw.jp.xml b/src/chrome/content/rules/advision-adnw.jp.xml
new file mode 100644
index 000000000000..194f6e0584e3
--- /dev/null
+++ b/src/chrome/content/rules/advision-adnw.jp.xml
@@ -0,0 +1,8 @@
+<ruleset name="advision-adnw.jp">
+
+	<target host="100540.advision-adnw.jp" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/aeasolutions.co.uk.xml b/src/chrome/content/rules/aeasolutions.co.uk.xml
new file mode 100644
index 000000000000..213db0cd23a7
--- /dev/null
+++ b/src/chrome/content/rules/aeasolutions.co.uk.xml
@@ -0,0 +1,26 @@
+<!--
+	Problematic hosts in *aeasolutions.co.uk:
+
+		- (www.)? ᵐ
+		- greenchampions ᵐ
+
+	ᵐ Mismatched
+
+
+	These altnames do not exist:
+
+		- www.catchmentsensitivefarming.aeasolutions.co.uk
+
+-->
+<ruleset name="aeasolutions.co.uk (partial)">
+
+	<target host="catchmentsensitivefarming.aeasolutions.co.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/aescrypt.com.xml b/src/chrome/content/rules/aescrypt.com.xml
new file mode 100644
index 000000000000..c445f0601545
--- /dev/null
+++ b/src/chrome/content/rules/aescrypt.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="aescrypt.com">
+	<target host="aescrypt.com" />
+	<target host="www.aescrypt.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/aetolia.xml b/src/chrome/content/rules/aetolia.xml
new file mode 100644
index 000000000000..191356a81451
--- /dev/null
+++ b/src/chrome/content/rules/aetolia.xml
@@ -0,0 +1,5 @@
+<ruleset name="Aetolia">
+    <target host="aetolia.com" />
+    <target host="www.aetolia.com" />
+    <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/afeld.me.xml b/src/chrome/content/rules/afeld.me.xml
new file mode 100644
index 000000000000..0012a9269c1c
--- /dev/null
+++ b/src/chrome/content/rules/afeld.me.xml
@@ -0,0 +1,9 @@
+<ruleset name="afeld.me">
+	<target host="afeld.me" />
+	<target host="www.afeld.me" />
+	<target host="api.afeld.me" />
+	<target host="magickly.afeld.me" />
+	<target host="jsonp.afeld.me" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/afew-store.com.xml b/src/chrome/content/rules/afew-store.com.xml
new file mode 100644
index 000000000000..768205d8951a
--- /dev/null
+++ b/src/chrome/content/rules/afew-store.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- .www.afew-store.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="afew-store.com">
+
+	<target host="afew-store.com" />
+	<target host="www.afew-store.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.www\.afew-store\.com$" name="^frontend$" /-->
+
+	<securecookie host="^\.www\." name=".+" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/affiliatefuture.com.xml b/src/chrome/content/rules/affiliatefuture.com.xml
new file mode 100644
index 000000000000..bfb97f436f6f
--- /dev/null
+++ b/src/chrome/content/rules/affiliatefuture.com.xml
@@ -0,0 +1,40 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- affiliatefuture.com
+		- banners.affiliatefuture.com
+		- scripts.affiliatefuture.com
+		- www.affiliatefuture.com
+
+
+	Mixed content:
+
+		- css on (www.)? from fonts.googleapis.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Affiliate Future.com">
+
+	<target host="affiliatefuture.com" />
+	<target host="banners.affiliatefuture.com" />
+	<target host="scripts.affiliatefuture.com" />
+	<target host="www.affiliatefuture.com" />
+
+		<!--	Sets cookies without Secure:
+							-->
+		<!--test url="http://scripts.affiliatefuture.com/AFClick.asp?affiliateID=&amp;merchantID=&amp;programmeID=&amp;mediaID=&amp;tracking=&amp;url=" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:banners\.|www\.)?affiliatefuture\.com$" name="^BIGipServer" /-->
+	<!--securecookie host="^scripts\.affiliatefuture\.com$" name="^(?:ASP\.NET_SessionId$|BIGipServer|MP\d+$|MP\d+-\d+-\d+$)" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/afip.gob.ar-falsemixed.xml b/src/chrome/content/rules/afip.gob.ar-falsemixed.xml
new file mode 100644
index 000000000000..583a71f24a4f
--- /dev/null
+++ b/src/chrome/content/rules/afip.gob.ar-falsemixed.xml
@@ -0,0 +1,25 @@
+<!--
+	For rules not causing false/broken MCB, see afip.gob.ar.xml.
+
+-->
+<ruleset name="Afip.gob.ar (false MCB)" platform="mixedcontent">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.afip.gob.ar" />
+
+	<!--	Complications:
+				-->
+	<target host="afip.gob.ar" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://afip\.gob\.ar/"
+		to="https://www.afip.gob.ar/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/afip.gob.ar.xml b/src/chrome/content/rules/afip.gob.ar.xml
new file mode 100644
index 000000000000..f1239cdb9965
--- /dev/null
+++ b/src/chrome/content/rules/afip.gob.ar.xml
@@ -0,0 +1,62 @@
+<!--
+	For rules causing false/broken MCB, see afip.gob.ar-falsemixed.xml.
+
+
+	^afip.gob.ar: Mismatched
+	www.afip.gob.ar: Mixed css
+
+
+	Insecure cookies are set for these hosts:
+
+		- campus.afip.gob.ar
+		- juridicos.afip.gob.ar
+		- www.afip.gob.ar
+
+
+	Mixed content:
+
+		- css, on:
+
+			- www from $self ˢ
+			- www from fonts.googleapis.com ˢ
+
+		- Images on www from $self ˢ
+
+		- Bugs, on:
+
+			- www from jigsaw.w3.org ˢ
+			- www from www.w3.org ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="Afip.gob.ar (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="campus.afip.gob.ar" />
+	<target host="juridicos.afip.gob.ar" />
+	<target host="servicios.afip.gob.ar" />
+	<target host="wsw.afip.gob.ar" />
+	<!--target host="www.afip.gob.ar" /-->
+
+	<!--	Complications:
+				-->
+	<!--target host="afip.gob.ar" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:campu|juridico)s\.afip\.gob\.ar$" name="^(?:ASPSESSIONID[A-Z]{8}|TS[\da-f]{8})$" /-->
+	<!--securecookie host="^www\.afip\.gob\.ar$" name="^TS[\da-f]{8}$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<!--rule from="^http://afip\.gob\.ar/"
+		to="https://www.afip.gob.ar/" /-->
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/afisha.ru.xml b/src/chrome/content/rules/afisha.ru.xml
new file mode 100644
index 000000000000..db8d16c78e03
--- /dev/null
+++ b/src/chrome/content/rules/afisha.ru.xml
@@ -0,0 +1,225 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://nescafegold.afisha.ru/ => https://nescafegold.afisha.ru/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+
+15.afisha.ru non-2xx http code
+2gis.afisha.ru non-2xx http code
+alcon.afisha.ru non-2xx http code
+mobile.api.afisha.ru ⁴
+callcenter.stage.app01.afisha.ru ³
+smartreserve.stage.app01.afisha.ru ³
+smartreserve.stage.app02.afisha.ru ³
+atelier.afisha.ru ⁵
+axeeffect.afisha.ru ⁵
+pics.bg.afisha.ru ³
+bim.afisha.ru ³
+bmw-x1.afisha.ru ⁵
+bmw2series.afisha.ru non-2xx http code
+bmwwishlist.afisha.ru non-2xx http code
+camper.afisha.ru ⁵
+clinique.afisha.ru non-2xx http code
+cms.afisha.ru ³
+email.email.daily.afisha.ru ³
+dettol.afisha.ru non-2xx http code
+bt.dev.afisha.ru ³
+dknyjeans.afisha.ru non-2xx http code
+eclipse.afisha.ru ⁵
+eda.afisha.ru ¹
+educationglobal.afisha.ru non-2xx http code
+elkatictac.afisha.ru non-2xx http code
+escape.afisha.ru ³
+everywearyougo.afisha.ru non-2xx http code
+evolution.afisha.ru ⁵
+expendables.afisha.ru ⁵
+fotokonkurs.afisha.ru ⁴
+front.afisha.ru ¹
+games.afisha.ru non-2xx http code
+gap.afisha.ru non-2xx http code
+gillette.afisha.ru non-2xx http code
+gold-raiffeisen.afisha.ru non-2xx http code
+gorod.afisha.ru non-2xx http code
+www.gorod.afisha.ru ¹
+m.gorod.afisha.ru ¹
+grants.afisha.ru ⁵
+guides.afisha.ru non-2xx http code
+api.guides.afisha.ru ⁴
+harrysbattle.afisha.ru non-2xx http code
+homecredit.afisha.ru non-2xx http code
+host66.afisha.ru ³
+host67.afisha.ru ³
+host73.afisha.ru ³
+host74.afisha.ru ³
+host75.afisha.ru ³
+host76.afisha.ru ³
+host77.afisha.ru ³
+host78.afisha.ru ³
+host79.afisha.ru ³
+huggies.afisha.ru non-2xx http code
+in.afisha.ru ³
+instax.afisha.ru non-2xx http code
+internet.afisha.ru ³
+irebel.afisha.ru non-2xx http code
+kassa-rambler01.afisha.ru ³
+kassa-rambler02.afisha.ru ³
+kassa-rambler03.afisha.ru ³
+kassa-test-r.afisha.ru ³
+kino3000.afisha.ru ⁵
+klm.afisha.ru non-2xx http code
+landrover.afisha.ru ⁵
+lenovo.afisha.ru non-2xx http code
+lenovomotofest.afisha.ru non-2xx http code
+lenovozima.afisha.ru ⁴
+letolays.afisha.ru ¹
+linex.afisha.ru non-2xx http code
+mag.afisha.ru non-2xx http code
+mail.afisha.ru ³
+mail10.afisha.ru ³
+mazda.afisha.ru ⁵
+mediastorage.afisha.ru ⁴
+mediastorage1.afisha.ru ⁴
+melaxen.afisha.ru ¹
+metropolis.afisha.ru non-2xx http code
+microsoft.afisha.ru non-2xx http code
+mini.afisha.ru non-2xx http code
+api.mir.afisha.ru ¹
+app1.mir.afisha.ru ²
+app2.mir.afisha.ru ²
+clusterdb-004.mir.afisha.ru ³
+db1.mir.afisha.ru ¹
+db2.mir.afisha.ru ¹
+db3.mir.afisha.ru ³
+dc1.mir.afisha.ru ³
+dc2.mir.afisha.ru ³
+dc3.mir.afisha.ru ³
+fldbnode1.mir.afisha.ru ³
+fldbnode2.mir.afisha.ru ³
+hotels.mir.afisha.ru ¹
+nas1.mir.afisha.ru ³
+nas2.mir.afisha.ru ¹
+email.newsletters.mir.afisha.ru ³
+open.mir.afisha.ru ¹
+pgapi.mir.afisha.ru ¹
+svc2.mir.afisha.ru ³
+vs1.mir.afisha.ru ¹
+vs2.mir.afisha.ru ¹
+vs3-temp.mir.afisha.ru ³
+mitsubishi.afisha.ru ⁵
+mobile.afisha.ru ¹
+moscowupdate.afisha.ru non-2xx http code
+move.afisha.ru non-2xx http code
+msk.afisha.ru non-2xx http code
+mtswowmoscow.afisha.ru non-2xx http code
+myalfa.afisha.ru ⁵
+nat.afisha.ru ³
+nesquik.afisha.ru ⁵
+email.newsletters.afisha.ru ³
+nivea.afisha.ru ⁵
+nokia.afisha.ru ⁵
+nonfiction.afisha.ru non-2xx http code
+email.notifications.afisha.ru ³
+office365.afisha.ru non-2xx http code
+on.afisha.ru ¹
+out.afisha.ru ³
+partners.afisha.ru non-2xx http code
+persen.afisha.ru non-2xx http code
+picnic.afisha.ru ⁵
+picnic2012.afisha.ru ⁵
+picnic2013.afisha.ru ⁵
+pics.afisha.ru ³
+podarki.afisha.ru non-2xx http code
+priceless.afisha.ru non-2xx http code
+ray-ban.afisha.ru ¹
+picnic.rc.afisha.ru ⁵
+develop.rests.afisha.ru ⁴
+telegram.rests.afisha.ru ⁵
+uat.rests.afisha.ru ¹
+richfm.afisha.ru ⁵
+samara.afisha.ru non-2xx http code
+savememory.afisha.ru non-2xx http code
+sberbank.afisha.ru non-2xx http code
+sberbank175.afisha.ru non-2xx http code
+sberbankpodarki.afisha.ru non-2xx http code
+sberbanktheatre.afisha.ru non-2xx http code
+shop.afisha.ru ⁵
+show.afisha.ru non-2xx http code
+smart.afisha.ru non-2xx http code
+smtp.afisha.ru ³
+sonyericsson.afisha.ru ⁵
+spb.afisha.ru non-2xx http code
+staytrue.afisha.ru non-2xx http code
+stereoleto.afisha.ru ⁵
+sunsilk.afisha.ru ⁵
+swatch.afisha.ru ⁵
+talisman.afisha.ru non-2xx http code
+tickets1.afisha.ru ¹
+tickets2.afisha.ru ¹
+tickets3.afisha.ru ¹
+urbanfuture.afisha.ru ¹
+vbare.afisha.ru non-2xx http code
+velo.afisha.ru ⁵
+vibefest.afisha.ru ¹
+viktorina.afisha.ru ⁵
+visagold.afisha.ru ⁵
+volna.afisha.ru non-2xx http code
+vozduh.afisha.ru non-2xx http code
+m.vozduh.afisha.ru ¹
+vpn.afisha.ru ³
+workinmcdonalds.afisha.ru ¹
+ww.afisha.ru ³
+x10.afisha.ru ⁵
+xftp.afisha.ru ⁴
+yslbeauty.afisha.ru non-2xx http code
+zdraivery.afisha.ru ⁵
+zvukvokrug.afisha.ru non-2xx http code
+go.afisha.ru different content
+id.afisha.ru different content
+newid.afisha.ru different content
+push.afisha.ru different content
+r01.afisha.ru different content
+zodakguide.afisha.ru different content
+
+
+¹ mismatch
+² refused
+³ timed out
+⁴ self signed
+⁵ expired
+-->
+<ruleset name="afisha.ru" default_off="failed ruleset test">
+	<target host="afisha.ru" />
+	<target host="www.afisha.ru" />
+	<target host="api.afisha.ru" />
+	<target host="autodiscover.afisha.ru" />
+	<target host="callcenter.afisha.ru" />
+	<target host="cms7.afisha.ru" />
+	<target host="daily.afisha.ru" />
+	<target host="www.daily.afisha.ru" />
+	<target host="uat.daily.afisha.ru" />
+	<target host="cms.id.afisha.ru" />
+	<target host="img.afisha.ru" />
+	<target host="m.afisha.ru" />
+	<target host="new.mediastorage.afisha.ru" />
+	<target host="mir.afisha.ru" />
+	<target host="www.mir.afisha.ru" />
+	<target host="cdn00.mir.afisha.ru" />
+	<target host="cdn01.mir.afisha.ru" />
+	<target host="cdn02.mir.afisha.ru" />
+	<target host="cdn03.mir.afisha.ru" />
+	<target host="nescafegold.afisha.ru" />
+	<target host="rc.afisha.ru" />
+	<target host="rest.afisha.ru" />
+	<target host="restaurant.afisha.ru" />
+	<target host="restaurants.afisha.ru" />
+	<target host="restoran.afisha.ru" />
+	<target host="rests.afisha.ru" />
+	<target host="www.rests.afisha.ru" />
+	<target host="push.rests.afisha.ru" />
+	<target host="rc.rests.afisha.ru" />
+	<target host="s.afisha.ru" />
+	<target host="s1.afisha.ru" />
+	<target host="cms.show.afisha.ru" />
+	<target host="tbrgopen.afisha.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ag.ch.xml b/src/chrome/content/rules/ag.ch.xml
new file mode 100644
index 000000000000..51b04f429745
--- /dev/null
+++ b/src/chrome/content/rules/ag.ch.xml
@@ -0,0 +1,26 @@
+<!--
+	For other swiss government coverage, see swissgov.xml.
+
+	Nonfunctional hosts in *.ag.ch:
+		- aleph.ag.ch (r)
+		- hydroftp.ag.ch (r)
+		- newsletter.ag.ch (m)
+		- newsletterimages.ag.ch (s)
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="ag.ch">
+
+	<target host="ag.ch"/>
+	<target host="www.ag.ch"/>
+	<target host="alsa.ag.ch"/>
+	<target host="amtsblatt.ag.ch"/>
+	<target host="gesetzessammlungen.ag.ch"/>
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/agdd.de.xml b/src/chrome/content/rules/agdd.de.xml
new file mode 100644
index 000000000000..563a1e942b08
--- /dev/null
+++ b/src/chrome/content/rules/agdd.de.xml
@@ -0,0 +1,12 @@
+<ruleset name="Arbeitsgemeinschaft der Entwicklungsdienste e.V.">
+
+	<target host="agdd.de" />
+	<target host="www.agdd.de" />
+	<target host="autodiscover.agdd.de" />
+	<target host="server.agdd.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/agenpremium.com.xml b/src/chrome/content/rules/agenpremium.com.xml
new file mode 100644
index 000000000000..5462290f90a8
--- /dev/null
+++ b/src/chrome/content/rules/agenpremium.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these domains: ᶜ
+
+		- .agenpremium.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="AgenPremium.com">
+
+	<target host="agenpremium.com" />
+	<target host="www.agenpremium.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.agenpremium\.com$" name="^AgenPremium-[\da-f]{32}$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ageuk.org.uk.xml b/src/chrome/content/rules/ageuk.org.uk.xml
new file mode 100644
index 000000000000..f9e1e4f4a0a2
--- /dev/null
+++ b/src/chrome/content/rules/ageuk.org.uk.xml
@@ -0,0 +1,22 @@
+<!--
+	Problematic hosts in *ageuk.org.uk:
+
+		- luckyday ᵐ
+
+	ᵐ Mismatched
+
+-->
+<ruleset name="Age UK.org.uk (partial)">
+
+	<target host="ageuk.org.uk" />
+	<target host="careers.ageuk.org.uk" />
+	<target host="www.ageuk.org.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/aggregage.com.xml b/src/chrome/content/rules/aggregage.com.xml
new file mode 100644
index 000000000000..a2b2a589cdb2
--- /dev/null
+++ b/src/chrome/content/rules/aggregage.com.xml
@@ -0,0 +1,16 @@
+<!--
+	(www.)?aggregage.com: Refused
+
+-->
+<ruleset name="Aggregage.com (partial)">
+
+	<target host="widget.aggregage.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/agilisys.co.uk.xml b/src/chrome/content/rules/agilisys.co.uk.xml
new file mode 100644
index 000000000000..ed492ce201de
--- /dev/null
+++ b/src/chrome/content/rules/agilisys.co.uk.xml
@@ -0,0 +1,25 @@
+<!--
+	(www.)?agilisys.co.uk: Reset
+
+
+	Insecure cookies are set for these hosts:
+
+		- myaccgyap.psc.agilisys.co.uk
+
+-->
+<ruleset name="Agilisys.co.uk (partial)">
+
+	<target host="myaccgyap.psc.agilisys.co.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^myaccgyap\.psc\.agilisys\.co\.uk$" name="^\.ASPXFORMSAUTH$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/agima.ru.xml b/src/chrome/content/rules/agima.ru.xml
new file mode 100644
index 000000000000..19c0f0ee07b2
--- /dev/null
+++ b/src/chrome/content/rules/agima.ru.xml
@@ -0,0 +1,19 @@
+<!--
+medsi3.de02.agima.ru ⁴
+medsi2.de02.agima.ru ⁴
+zettains.de02.agima.ru ⁴
+
+
+⁴ self signed
+-->
+<ruleset name="agima.ru">
+	<target host="agima.ru" />
+	<target host="www.agima.ru" />
+	<target host="mobile.agima.ru" />
+	<target host="profitlab.agima.ru" />
+	<target host="support.agima.ru" />
+	<target host="production.agima.ru" />
+	<target host="social.agima.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/agj.de.xml b/src/chrome/content/rules/agj.de.xml
new file mode 100644
index 000000000000..1f105e13aa68
--- /dev/null
+++ b/src/chrome/content/rules/agj.de.xml
@@ -0,0 +1,18 @@
+<!--
+	Invalid certificate:
+		nc.agj.de
+
+	Not found:
+		www.shop.agj.de
+-->
+<ruleset name="Arbeitsgemeinschaft für Kinder- und Jugendhilfe">
+
+	<target host="agj.de" />
+	<target host="www.agj.de" />
+	<target host="shop.agj.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/agoradesk.com.xml b/src/chrome/content/rules/agoradesk.com.xml
new file mode 100644
index 000000000000..4f1616b1c0cf
--- /dev/null
+++ b/src/chrome/content/rules/agoradesk.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="agoradesk.com">
+	<target host="agoradesk.com" />
+	<target host="www.agoradesk.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ahcdn.com.xml b/src/chrome/content/rules/ahcdn.com.xml
new file mode 100644
index 000000000000..9045b2687fc0
--- /dev/null
+++ b/src/chrome/content/rules/ahcdn.com.xml
@@ -0,0 +1,21 @@
+<!--
+	Non-functional hosts
+		Timeout was reached:
+		- mon.ahcdn.com
+-->
+<ruleset name="ahcdn.com">
+	<target host="ahcdn.com" />
+	<target host="www.ahcdn.com" />
+	<target host="cp.ahcdn.com" />
+	<target host="dev.ahcdn.com" />
+	<target host="pixcp.ahcdn.com" />
+	<target host="ip51437333.ahcdn.com" />
+	<target host="ip53801869.ahcdn.com" />
+	<target host="ip53816682.ahcdn.com" />
+	<target host="ip54664429.ahcdn.com" />
+	<target host="ip88783927.ahcdn.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ahead.org.xml b/src/chrome/content/rules/ahead.org.xml
new file mode 100644
index 000000000000..a79e4736665b
--- /dev/null
+++ b/src/chrome/content/rules/ahead.org.xml
@@ -0,0 +1,21 @@
+<!--
+	Mixed content:
+
+		- Image on www from $self ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="AHEAD.org">
+
+	<target host="ahead.org" />
+	<target host="www.ahead.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ai-cdn.net.xml b/src/chrome/content/rules/ai-cdn.net.xml
new file mode 100644
index 000000000000..0ce1d8332aa5
--- /dev/null
+++ b/src/chrome/content/rules/ai-cdn.net.xml
@@ -0,0 +1,14 @@
+<ruleset name="ai-cdn.net">
+
+	<target host="noblogs.ai-cdn.net" />
+
+		<test url="http://noblogs.ai-cdn.net/wp-content/plugins/events-calendar/css/events-calendar.css" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/aif.de.xml b/src/chrome/content/rules/aif.de.xml
new file mode 100644
index 000000000000..f02971f0a417
--- /dev/null
+++ b/src/chrome/content/rules/aif.de.xml
@@ -0,0 +1,18 @@
+<!--
+	Invalid certificate:
+		webmail.aif.de
+
+	Timeout:
+		server.aif.de
+-->
+<ruleset name="aif.de">
+
+	<target host="aif.de" />
+	<target host="www.aif.de" />
+	<target host="portal.aif.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/aiha.org.xml b/src/chrome/content/rules/aiha.org.xml
new file mode 100644
index 000000000000..ccbf03bf963c
--- /dev/null
+++ b/src/chrome/content/rules/aiha.org.xml
@@ -0,0 +1,42 @@
+<!--
+	^aiha.org: 404
+
+
+	These altnames do not exist:
+
+		- www.ads.aiha.org
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- ads.aiha.org
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Aiha.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ads.aiha.org" />
+	<target host="www.aiha.org" />
+
+	<!--	Complications:
+				-->
+	<target host="aiha.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^ads\.aiha\.org$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://aiha\.org/"
+		to="https://www.aiha.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/aimatmelanoma.org.xml b/src/chrome/content/rules/aimatmelanoma.org.xml
new file mode 100644
index 000000000000..4ac133271b7d
--- /dev/null
+++ b/src/chrome/content/rules/aimatmelanoma.org.xml
@@ -0,0 +1,14 @@
+<ruleset name="Aim at Melanoma.org">
+
+	<target host="aimatmelanoma.org" />
+	<target host="www.aimatmelanoma.org" />
+
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/aimp.ru.xml b/src/chrome/content/rules/aimp.ru.xml
new file mode 100644
index 000000000000..72a70290d3ab
--- /dev/null
+++ b/src/chrome/content/rules/aimp.ru.xml
@@ -0,0 +1,9 @@
+<ruleset name="aimp.ru">
+	<target host="aimp.ru" />
+	<target host="www.aimp.ru" />
+	<target host="blog.aimp.ru" />
+	<target host="forum.aimp.ru" />
+	<target host="mail.aimp.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/air.io.xml b/src/chrome/content/rules/air.io.xml
new file mode 100644
index 000000000000..771c0e538068
--- /dev/null
+++ b/src/chrome/content/rules/air.io.xml
@@ -0,0 +1,15 @@
+<!--
+air.io mismatch
+www.air.io mismatch
+cms.air.io timed out
+join.air.io self signed
+shop.air.io mismatch
+idiotikshop.air.io mismatch
+bamboo.air.io mismatch
+shop.komandda.air.io mismatch
+-->
+<ruleset name="air.io (partial)">
+	<target host="academy.air.io" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/airbites.net.ua.xml b/src/chrome/content/rules/airbites.net.ua.xml
new file mode 100644
index 000000000000..6d53aeefb03a
--- /dev/null
+++ b/src/chrome/content/rules/airbites.net.ua.xml
@@ -0,0 +1,60 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://mx.airbites.net.ua/ => https://mx.airbites.net.ua/: (6, 'Could not resolve host: mx.airbites.net.ua')
+Fetch error: http://relay.airbites.net.ua/ => https://relay.airbites.net.ua/: (6, 'Could not resolve host: relay.airbites.net.ua')
+Fetch error: http://testsite.airbites.net.ua/ => https://testsite.airbites.net.ua/: (6, 'Could not resolve host: testsite.airbites.net.ua')
+
+asterisk.airbites.net.ua ³
+bansocial.airbites.net.ua ⁵
+bras-01-v6.airbites.net.ua ³
+ccloud.airbites.net.ua ⁵
+cpms.airbites.net.ua ³
+db-kv.airbites.net.ua ³
+ghost.airbites.net.ua ³
+if.airbites.net.ua ³
+snmp.if.airbites.net.ua ²
+jbx.airbites.net.ua ²
+km-gw-10gbe.airbites.net.ua ³
+lv.airbites.net.ua ³
+lv01.airbites.net.ua ⁵
+lv03.airbites.net.ua ³
+lv04.airbites.net.ua ³
+lv05.airbites.net.ua ³
+mail.airbites.net.ua ¹
+mailx.airbites.net.ua ²
+mon.airbites.net.ua ³
+monis.airbites.net.ua ⁵
+mx2.airbites.net.ua ³
+natasha.airbites.net.ua ³
+old.airbites.net.ua ³
+ping.airbites.net.ua ³
+plz.airbites.net.ua ³
+radius.airbites.net.ua ³
+speedtest-lk.airbites.net.ua ²
+speedtest-rivne.airbites.net.ua ²
+syslog.airbites.net.ua ³
+test2.airbites.net.ua ²
+test3.airbites.net.ua ²
+trash.airbites.net.ua ²
+tv.airbites.net.ua ²
+webs.airbites.net.ua ³
+speedtest-lv.airbites.net.ua different content
+
+
+¹ mismatch
+² refused
+³ timed out
+⁵ expired
+-->
+<ruleset name="airbites.net.ua" default_off="failed ruleset test">
+	<target host="airbites.net.ua" />
+	<target host="www.airbites.net.ua" />
+	<target host="api.airbites.net.ua" />
+	<target host="billing.airbites.net.ua" />
+	<target host="mx.airbites.net.ua" />
+	<target host="relay.airbites.net.ua" />
+	<target host="testsite.airbites.net.ua" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/airbitz.co.xml b/src/chrome/content/rules/airbitz.co.xml
new file mode 100644
index 000000000000..07d309c49052
--- /dev/null
+++ b/src/chrome/content/rules/airbitz.co.xml
@@ -0,0 +1,24 @@
+<!--
+analytics.airbitz.co ⁵
+app.auth.airbitz.co ⁴
+chefserver.airbitz.co ⁴
+git1.sync.airbitz.co ⁴
+
+
+⁴ self signed
+⁵ expired
+-->
+<ruleset name="airbitz.co">
+	<target host="airbitz.co" />
+	<target host="www.airbitz.co" />
+	<target host="api.airbitz.co" />
+	<target host="augur.airbitz.co" />
+	<target host="auth.airbitz.co" />
+	<target host="developer.airbitz.co" />
+	<target host="go.airbitz.co" />
+	<target host="slack.airbitz.co" />
+	<target host="telegram.airbitz.co" />
+	<target host="test-auth.airbitz.co" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/aircrack-ng.org.xml b/src/chrome/content/rules/aircrack-ng.org.xml
new file mode 100644
index 000000000000..95549bbe1cf5
--- /dev/null
+++ b/src/chrome/content/rules/aircrack-ng.org.xml
@@ -0,0 +1,33 @@
+<!--
+	Mismatched:
+		- blog
+		- twitter
+-->
+<ruleset name="aircrack-ng.org">
+	<target host="aircrack-ng.org" />
+	<target host="www.aircrack-ng.org" />
+	<target host="airoscript.aircrack-ng.org" />
+	<target host="archive.aircrack-ng.org" />
+	<target host="aspj.aircrack-ng.org" />
+	<target host="dl.aircrack-ng.org" />
+	<target host="download.aircrack-ng.org" />
+	<target host="forum.aircrack-ng.org" />
+	<target host="hirte.aircrack-ng.org" />
+	<target host="nightly.aircrack-ng.org" />
+	<target host="patches.aircrack-ng.org" />
+	<target host="pictures.aircrack-ng.org" />
+	<target host="securitytube.aircrack-ng.org" />
+	<target host="storage.aircrack-ng.org" />
+	<target host="video.aircrack-ng.org" />
+	<target host="videos.aircrack-ng.org" />
+	<target host="vmware.aircrack-ng.org" />
+	<target host="wiki.aircrack-ng.org" />
+	<target host="wiki-files.aircrack-ng.org" />
+	<target host="ww.aircrack-ng.org" />
+	<target host="zaurus.aircrack-ng.org" />
+	<target host="zerochaos.aircrack-ng.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/airsoftclubnederland.nl.xml b/src/chrome/content/rules/airsoftclubnederland.nl.xml
new file mode 100644
index 000000000000..43cc26a21468
--- /dev/null
+++ b/src/chrome/content/rules/airsoftclubnederland.nl.xml
@@ -0,0 +1,8 @@
+<ruleset name="airsoftclubnederland.nl">
+
+	<target host="airsoftclubnederland.nl" />
+	<target host="www.airsoftclubnederland.nl" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/airwarriors.com.xml b/src/chrome/content/rules/airwarriors.com.xml
new file mode 100644
index 000000000000..c04553ceb916
--- /dev/null
+++ b/src/chrome/content/rules/airwarriors.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="Air Warriors.com">
+
+	<target host="airwarriors.com" />
+	<target host="www.airwarriors.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ais.by.xml b/src/chrome/content/rules/ais.by.xml
new file mode 100644
index 000000000000..718f55ee31a0
--- /dev/null
+++ b/src/chrome/content/rules/ais.by.xml
@@ -0,0 +1,6 @@
+<ruleset name="ais.by">
+	<target host="ais.by" />
+	<target host="www.ais.by" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ajhackett.com.xml b/src/chrome/content/rules/ajhackett.com.xml
new file mode 100644
index 000000000000..6648a8574549
--- /dev/null
+++ b/src/chrome/content/rules/ajhackett.com.xml
@@ -0,0 +1,24 @@
+<!--
+	Not found:
+		bali.ajhackett.com
+		cairns.ajhackett.com
+		germany.ajhackett.com
+		www.m.ajhackett.com
+		macau.ajhackett.com
+		normandie.ajhackett.com
+		russia.ajhackett.com
+
+	Timeout:
+		connect.ajhackett.com
+-->
+<ruleset name="AJ Hackett">
+
+	<target host="ajhackett.com" />
+	<target host="www.ajhackett.com" />
+	<target host="beoneofthefirst.ajhackett.com" />
+	<target host="m.ajhackett.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/akbars.ru.xml b/src/chrome/content/rules/akbars.ru.xml
new file mode 100644
index 000000000000..f62a5cb62eb8
--- /dev/null
+++ b/src/chrome/content/rules/akbars.ru.xml
@@ -0,0 +1,23 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://online2.akbars.ru/ => https://online2.akbars.ru/: (28, 'Connection timed out after 20001 milliseconds')
+
+quickweb.akbars.ru ³
+
+
+³ timed out
+-->
+<ruleset name="akbars.ru" default_off="failed ruleset test">
+	<target host="akbars.ru" />
+	<target host="www.akbars.ru" />
+	<target host="ibank.akbars.ru" />
+	<target host="online.akbars.ru" />
+	<target host="mobile.akbars.ru" />
+	<target host="info.akbars.ru" />
+	<target host="acs.akbars.ru" />
+	<target host="m.akbars.ru" />
+	<target host="online2.akbars.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/akixi.com.xml b/src/chrome/content/rules/akixi.com.xml
new file mode 100644
index 000000000000..e53a2ab1e2a9
--- /dev/null
+++ b/src/chrome/content/rules/akixi.com.xml
@@ -0,0 +1,52 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://alto.akixi.com/ => https://alto.akixi.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+	Invalid Certificate:
+		- primus.akixi.com
+
+	Refused:
+		- akixi.com
+		- www.akixi.com
+
+	Timeout:
+		- eip.akixi.com
+		- nimbus.akixi.com
+		- stratus.akixi.com
+		- svn.akixi.com
+-->
+<ruleset name="akixi.com" default_off="failed ruleset test">
+	<target host="alto.akixi.com" />
+	<target host="broadconnect.akixi.com" />
+	<target host="cirrus.akixi.com" />
+	<target host="cumulus.akixi.com" />
+	<target host="epik.akixi.com" />
+	<target host="gamma.akixi.com" />
+	<target host="horizon.akixi.com" />
+	<target host="howdens.akixi.com" />
+	<target host="icore.akixi.com" />
+	<target host="inclarity.akixi.com" />
+	<target host="intech.akixi.com" />
+	<target host="masergy.akixi.com" />
+	<target host="mcmtelecom.akixi.com" />
+	<target host="momentum.akixi.com" />
+	<target host="nexogy.akixi.com" />
+	<target host="nimans.akixi.com" />
+	<target host="onecloud.akixi.com" />
+	<target host="onecloudnet.akixi.com" />
+	<target host="pressone.akixi.com" />
+	<target host="redcentric.akixi.com" />
+	<target host="redgap.akixi.com" />
+	<target host="saicom.akixi.com" />
+	<target host="stage2networks.akixi.com" />
+	<target host="support.akixi.com" />
+	<target host="tvf.akixi.com" />
+	<target host="vibe.akixi.com" />
+	<target host="voicenet.akixi.com" />
+	<target host="vonage.akixi.com" />
+
+	<securecookie host="^(alto|broadconnect|cirrus|cumulus|epik|gamma|horizon|howdens|icore|inclarity|intech|masergy|mcmtelecom|momentum|nexogy|nimans|onecloud|onecloudnet|pressone|redcentric|redgap|saicom|stage2networks|support|tvf|vibe|voicenet|vonage)\.akixi\.com$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/akusherstvo.ru.xml b/src/chrome/content/rules/akusherstvo.ru.xml
new file mode 100644
index 000000000000..d8078287cdaa
--- /dev/null
+++ b/src/chrome/content/rules/akusherstvo.ru.xml
@@ -0,0 +1,40 @@
+<!--
+dev.akusherstvo.ru ³
+email.akusherstvo.ru ²
+www.email.akusherstvo.ru ²
+mta-1.email.akusherstvo.ru ²
+mta-2.email.akusherstvo.ru ²
+nickel1.akusherstvo.ru ³
+nickel4.akusherstvo.ru ³
+ns4.akusherstvo.ru ³
+images.akusherstvo.ru different content
+master.akusherstvo.ru different content
+nickel2.akusherstvo.ru different content
+nickel3.akusherstvo.ru different content
+nickel5.akusherstvo.ru different content
+nickel7.akusherstvo.ru different content
+nickel8.akusherstvo.ru different content
+nickel9.akusherstvo.ru different content
+ns2.akusherstvo.ru different content
+ns3.akusherstvo.ru different content
+ns5.akusherstvo.ru different content
+ns7.akusherstvo.ru different content
+ns8.akusherstvo.ru different content
+ns9.akusherstvo.ru different content
+
+
+² refused
+³ timed out
+-->
+<ruleset name="akusherstvo.ru">
+	<target host="akusherstvo.ru" />
+	<target host="www.akusherstvo.ru" />
+	<target host="arkadiev.akusherstvo.ru" />
+	<target host="forum.akusherstvo.ru" />
+	<target host="img.akusherstvo.ru" />
+	<target host="lines.akusherstvo.ru" />
+	<target host="static.akusherstvo.ru" />
+	<target host="upload.akusherstvo.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/al-sunan.net.xml b/src/chrome/content/rules/al-sunan.net.xml
new file mode 100644
index 000000000000..e43beaef7a8f
--- /dev/null
+++ b/src/chrome/content/rules/al-sunan.net.xml
@@ -0,0 +1,9 @@
+<ruleset name="al-sunan.net">
+	<target host="al-sunan.net" />
+	<target host="www.al-sunan.net" />
+	<target host="mail.al-sunan.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/al3omk.com.xml b/src/chrome/content/rules/al3omk.com.xml
new file mode 100644
index 000000000000..29f12e341750
--- /dev/null
+++ b/src/chrome/content/rules/al3omk.com.xml
@@ -0,0 +1,12 @@
+<!--
+	Invalid Certificate:
+		m.al3omk.com
+-->
+<ruleset name="al3omk.com">
+	<target host="al3omk.com" />
+	<target host="www.al3omk.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/alArabiya.net.xml b/src/chrome/content/rules/alArabiya.net.xml
new file mode 100644
index 000000000000..3e5817f50f9b
--- /dev/null
+++ b/src/chrome/content/rules/alArabiya.net.xml
@@ -0,0 +1,48 @@
+<!--
+	Different HTTP/HTTPS content:
+		wowza.alarabiya.net
+
+	Invalid certificate:
+		aia.alarabiya.net
+		static.ana-ara.alarabiya.net
+		enawafeth.alarabiya.net
+		estudies.alarabiya.net
+		kukurap.alarabiya.net
+		images.alarabiya.net
+		media.alarabiya.net
+		mediasphere.alarabiya.net
+		mobile.alarabiya.net
+		nawafeth.alarabiya.net
+		podcast.alarabiya.net
+		studies.alarabiya.net
+		vod.alarabiya.net
+
+	Refused:
+		survey.alarabiya.net
+
+	Time out:
+		alarabiya.net
+		anaara.alarabiya.net
+		apisaic.alarabiya.net
+		api.cal.alarabiya.net
+		www.english.alarabiya.net
+		saic.alarabiya.net
+		api.saic.alarabiya.net
+-->
+<ruleset name="Al Arabiya.net">
+	<target host="www.alarabiya.net" />
+	<target host="api.alarabiya.net" />
+	<target host="english.alarabiya.net" />
+	<target host="farsi.alarabiya.net" />
+	<target host="feed.alarabiya.net" />
+	<target host="mubasher.alarabiya.net" />
+	<target host="spectator.alarabiya.net" />
+	<target host="static.alarabiya.net" />
+	<target host="urdu.alarabiya.net" />
+	<target host="vid.alarabiya.net" />
+	<target host="webapps.alarabiya.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/alaMaula.com.xml b/src/chrome/content/rules/alaMaula.com.xml
new file mode 100644
index 000000000000..a8ad0339e7f1
--- /dev/null
+++ b/src/chrome/content/rules/alaMaula.com.xml
@@ -0,0 +1,124 @@
+<!--
+	Non-functional subdomains:
+
+		- 094	(t)
+		- 124	(t)
+		- 12nianouzhoubeijuesaishipin	(t)
+		- 1311	(t)
+		- 138	(t)
+		- 140203	(t)
+		- 168bocai	(t)
+		- 1737qipaiyouxipingtai	(t)
+		- 18187870	(t)
+		- 183-dsl	(t)
+		- 188betzhuce	(t)
+		- 188jinbaobodailipingtai	(t)
+		- 1998nianouzhoubeipaiming	(t)
+		- 2012ouzhoubeimaiqiu	(t)
+		- 2012ouzhoubeizuixinzhankuang	(t)
+		- 2013bocaizhucesongcaijin	(t)
+		- 2022	(t)
+		- 204	(t)
+		- 21diangubao	(t)
+		- 261	(t)
+		- 29yyyy	(t)
+		- 321quanxunwang	(t)
+		- 329	(t)
+		- 33217321	(t)
+		- 3344555comxinquanxunwang	(t)
+		- 360doudizhu	(t)
+		- 360shishicai	(t)
+		- 365-days-of-christmas	(t)
+		- 365tiyutouzhu	(t)
+		- 38rn	(t)
+		- 3dtouzhuwang	(t)
+		- 3dzoushitu	(t)
+		- 3uyulechengkaihu	(t)
+		- 3uyulechengxianjinkaihu	(t)
+		- 50yuancunkuandebocaigongsi	(t)
+		- 56didi	(t)
+		- 579ii	(t)
+		- 5x50	(t)
+		- 6644	(r)
+		- admin	(t)
+		- alpha	(t)
+		- app	(t)
+		- autoconfig	(t)
+		- autodiscover	(t)
+		- b	(t)
+		- blog	(t)
+		- clients	(t)
+		- console	(t)
+		- corp	(t)
+		- demo	(t)
+		- dev	(t)
+		- development	(t)
+		- docs	(t)
+		- ecg-api-partners	(r)
+		- ecg-apis-partners	(r)
+		- events	(t)
+		- f	(t)
+		- files	(t)
+		- ftp	(t)
+		- gamma	(t)
+		- git	(t)
+		- help	(t)
+		- homepage	(t)
+		- imap	(t)
+		- img	(t)
+		- info	(t)
+		- int	(t)
+		- internal	(t)
+		- intra	(t)
+		- kb	(t)
+		- lists	(t)
+		- m	(t)
+		- mail	(t)
+		- media	(t)
+		- members	(t)
+		- mktg	(t)
+		- my	(t)
+		- news	(t)
+		- newsletter	(t)
+		- photos	(t)
+		- pic	(t)
+		- pics	(t)
+		- pop	(t)
+		- pre	(t)
+		- prelive	(t)
+		- release	(t)
+		- resources	(t)
+		- search	(t)
+		- secure	(t)
+		- server	(t)
+		- services	(t)
+		- smtp	(t)
+		- staging	(t)
+		- store	(t)
+		- test	(t)
+		- vpn	(t)
+		- web	(t)
+		- webdisk	(t)
+		- webmail	(t)
+		- wiki	(t)
+		- www-staging	(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="alaMaula">
+
+	<target host="alamaula.com" />
+	<target host="www.alamaula.com" />
+	<target host="ayuda.alamaula.com" />
+	<target host="ecg-api.alamaula.com" />
+	<target host="ecg-apis.alamaula.com" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/alanreed.org.xml b/src/chrome/content/rules/alanreed.org.xml
new file mode 100644
index 000000000000..2a827a495cc9
--- /dev/null
+++ b/src/chrome/content/rules/alanreed.org.xml
@@ -0,0 +1,16 @@
+<!--
+map.alanreed.org ¹
+
+
+¹ mismatch
+-->
+<ruleset name="alanreed.org">
+	<target host="alanreed.org" />
+	<target host="www.alanreed.org" />
+	<target host="base64.alanreed.org" />
+	<target host="exif.alanreed.org" />
+	<target host="keyboard.alanreed.org" />
+	<target host="wget.alanreed.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/alaraby.co.uk.xml b/src/chrome/content/rules/alaraby.co.uk.xml
new file mode 100644
index 000000000000..5fe61321ab98
--- /dev/null
+++ b/src/chrome/content/rules/alaraby.co.uk.xml
@@ -0,0 +1,13 @@
+<ruleset name="alaraby.co.uk">
+
+	<target host="alaraby.co.uk" />
+	<target host="www.alaraby.co.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/alau.kz.xml b/src/chrome/content/rules/alau.kz.xml
new file mode 100644
index 000000000000..1208635611ba
--- /dev/null
+++ b/src/chrome/content/rules/alau.kz.xml
@@ -0,0 +1,12 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://alau.kz/ => https://alau.kz/: (7, 'Failed to connect to alau.kz port 443: Connection refused')
+Fetch error: http://www.alau.kz/ => https://www.alau.kz/: (7, 'Failed to connect to www.alau.kz port 443: Connection refused')
+
+-->
+<ruleset name="alau.kz" platform="mixedcontent" default_off="failed ruleset test">
+	<target host="alau.kz" />
+	<target host="www.alau.kz" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/alayam24.com.xml b/src/chrome/content/rules/alayam24.com.xml
new file mode 100644
index 000000000000..9615a1d939cc
--- /dev/null
+++ b/src/chrome/content/rules/alayam24.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Mismatched:
+		- mail
+
+	SSL handshake failure:
+		- images.ads
+
+	Timeout:
+		- ads
+
+	Redirects to dev, dev is NXDOMAIN:
+		- mobile
+-->
+<ruleset name="alayam24.com">
+	<target host="alayam24.com" />
+	<target host="www.alayam24.com" />
+	<target host="api.alayam24.com" />
+	<target host="m.alayam24.com" />
+	<target host="preprod.alayam24.com" />
+	<target host="static.alayam24.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/alcohol-soft.com.xml b/src/chrome/content/rules/alcohol-soft.com.xml
new file mode 100644
index 000000000000..48b928f384e8
--- /dev/null
+++ b/src/chrome/content/rules/alcohol-soft.com.xml
@@ -0,0 +1,53 @@
+<!--
+	Invalid certificate:
+		callback.alcohol-soft.com
+		www.callback.alcohol-soft.com
+		control.alcohol-soft.com
+		www.control.alcohol-soft.com
+		dns.alcohol-soft.com
+		dns3.alcohol-soft.com
+		ftp.forum.alcohol-soft.com
+		mail.forum.alcohol-soft.com
+		smtp.forum.alcohol-soft.com
+		pop.forum.alcohol-soft.com
+		www.images.alcohol-soft.com
+		ns1.alcohol-soft.com
+		ns2.alcohol-soft.com
+		serial.alcohol-soft.com
+		www.serial.alcohol-soft.com
+		www.shop.alcohol-soft.com
+		www.support.alcohol-soft.com
+		www.trial.alcohol-soft.com
+		www.users.alcohol-soft.com
+		www.vodka2.alcohol-soft.com
+		ftp.vodka2.alcohol-soft.com
+		mail.vodka2.alcohol-soft.com
+		pop.vodka2.alcohol-soft.com
+		smtp.vodka2.alcohol-soft.com
+
+	Redirect to HTTP:
+		trial.alcohol-soft.com
+
+	Refused:
+		localhost.alcohol-soft.com
+		localhost.forum.alcohol-soft.com
+		localhost.vodka2.alcohol-soft.com
+-->
+<ruleset name="alcohol-soft.com">
+	<target host="alcohol-soft.com" />
+	<target host="www.alcohol-soft.com" />
+	<target host="forum.alcohol-soft.com" />
+	<target host="www.forum.alcohol-soft.com" />
+	<target host="ftp.alcohol-soft.com" />
+	<target host="images.alcohol-soft.com" />
+	<target host="ma01.alcohol-soft.com" />
+	<target host="mail.alcohol-soft.com" />
+	<target host="pop.alcohol-soft.com" />
+	<target host="shop.alcohol-soft.com" />
+	<target host="smtp.alcohol-soft.com" />
+	<target host="support.alcohol-soft.com" />
+	<target host="users.alcohol-soft.com" />
+	<target host="vodka2.alcohol-soft.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/aldeparty.eu.xml b/src/chrome/content/rules/aldeparty.eu.xml
new file mode 100644
index 000000000000..98a4eef85a2e
--- /dev/null
+++ b/src/chrome/content/rules/aldeparty.eu.xml
@@ -0,0 +1,8 @@
+<ruleset name="aldeparty.eu">
+	<target host="aldeparty.eu" />
+	<target host="www.aldeparty.eu" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/alencontre.org.xml b/src/chrome/content/rules/alencontre.org.xml
new file mode 100644
index 000000000000..c397533b2645
--- /dev/null
+++ b/src/chrome/content/rules/alencontre.org.xml
@@ -0,0 +1,16 @@
+<!--
+	Mixed content:
+		mail.alencontre.org
+
+	No working URL known:
+		page2.alencontre.org
+
+-->
+<ruleset name="alencontre.org">
+
+	<target host="alencontre.org" />
+	<target host="www.alencontre.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/alf.nu.xml b/src/chrome/content/rules/alf.nu.xml
new file mode 100644
index 000000000000..d5abbc23127a
--- /dev/null
+++ b/src/chrome/content/rules/alf.nu.xml
@@ -0,0 +1,436 @@
+<!--
+	Invalid certificate:
+		c-10-app.alf.nu
+		c-10-email.alf.nu
+		c-10-pl.alf.nu
+		c-10-qa.alf.nu
+		c-10-team.alf.nu
+		c-7-email.alf.nu
+		c-7-pl.alf.nu
+		c-accounts-app.alf.nu
+		c-accounts-com.alf.nu
+		c-accounts-email.alf.nu
+		c-accounts-games.alf.nu
+		c-accounts-kr.alf.nu
+		c-accounts-net.alf.nu
+		c-accounts-org.alf.nu
+		c-accounts-support.alf.nu
+		c-accounts-pl.alf.nu
+		c-accounts-promo.alf.nu
+		c-billing-nl.alf.nu
+		c-admin-app.alf.nu
+		c-admin-ci.alf.nu
+		c-admin-dev.alf.nu
+		c-admin-email.alf.nu
+		c-admin-eu.alf.nu
+		c-admin-pl.alf.nu
+		c-administrator-eu.alf.nu
+		c-administrator-pl.alf.nu
+		c-administrator-org.alf.nu
+		c-app-com.alf.nu
+		c-app-email.alf.nu
+		c-app-engineering.alf.nu
+		c-app-events.alf.nu
+		c-app-games.alf.nu
+		c-app-net.alf.nu
+		c-app-nl.alf.nu
+		c-app-pl.alf.nu
+		c-app-support.alf.nu
+		c-backend-cf.alf.nu
+		c-backend-cn.alf.nu
+		c-backend-email.alf.nu
+		c-backend-eu.alf.nu
+		c-backend-games.alf.nu
+		c-backend-kr.alf.nu
+		c-backend-pl.alf.nu
+		c-backend-nl.alf.nu
+		c-billing-email.alf.nu
+		c-billing-team.alf.nu
+		c-client-app.alf.nu
+		c-client-com.alf.nu
+		c-client-email.alf.nu
+		c-client-events.alf.nu
+		c-client-nl.alf.nu
+		c-client-pl.alf.nu
+		c-client-qa.alf.nu
+		c-client-team.alf.nu
+		c-confluence-com.alf.nu
+		c-confluence-eu.alf.nu
+		c-confluence-events.alf.nu
+		c-confluence-kr.alf.nu
+		c-confluence-nl.alf.nu
+		c-confluence-org.alf.nu
+		c-confluence-pl.alf.nu
+		c-confluence-support.alf.nu
+		c-data-ci.alf.nu
+		c-data-eu.alf.nu
+		c-data-new.alf.nu
+		c-data-org.alf.nu
+		c-data-pl.alf.nu
+		c-data-reviews.alf.nu
+		c-devops-app.alf.nu
+		c-devops-com.alf.nu
+		c-devops-events.alf.nu
+		c-devops-global.alf.nu
+		c-devops-nl.alf.nu
+		c-devops-pl.alf.nu
+		c-devops-promo.alf.nu
+		c-devops-reviews.alf.nu
+		c-devops-team.alf.nu
+		c-docker-ci.alf.nu
+		c-docker-com.alf.nu
+		c-docker-pl.alf.nu
+		c-docker-eu.alf.nu
+		c-docker-email.alf.nu
+		c-docker-kr.alf.nu
+		c-docker-net.alf.nu
+		c-docker-nl.alf.nu
+		c-docker-oceania.alf.nu
+		c-eng-cn.alf.nu
+		c-eng-email.alf.nu
+		c-eng-nl.alf.nu
+		c-eng-pl.alf.nu
+		c-eng-pub.alf.nu
+		c-feb-ci.alf.nu
+		c-feb-nl.alf.nu
+		c-feb-org.alf.nu
+		c-feb-pl.alf.nu
+		c-ftp-email.alf.nu
+		c-ftp-eu.alf.nu
+		c-hkg-cn.alf.nu
+		c-hkg-eu.alf.nu
+		c-hkg-events.alf.nu
+		c-hkg-pl.alf.nu
+		c-hw-com.alf.nu
+		c-k-email.alf.nu
+		c-k-pl.alf.nu
+		c-las-kr.alf.nu
+		c-las-pl.alf.nu
+		c-latin-app.alf.nu
+		c-latin-email.alf.nu
+		c-latin-events.alf.nu
+		c-latin-net.alf.nu
+		c-latin-pl.alf.nu
+		c-latinamerica-nl.alf.nu
+		c-local-email.alf.nu
+		c-local-global.alf.nu
+		c-local-nl.alf.nu
+		c-local-org.alf.nu
+		c-local-pl.alf.nu
+		c-m-email.alf.nu
+		c-m-pl.alf.nu
+		c-new-events.alf.nu
+		c-new-nl.alf.nu
+		c-new-org.alf.nu
+		c-new-pl.alf.nu
+		c-new-qa.alf.nu
+		c-new-team.alf.nu
+		c-o-pl.alf.nu
+		c-o-team.alf.nu
+		c-oceania-app.alf.nu
+		c-oceania-nl.alf.nu
+		c-oceania-pl.alf.nu
+		c-ops-app.alf.nu
+		c-ops-ci.alf.nu
+		c-ops-email.alf.nu
+		c-ops-events.alf.nu
+		c-ops-net.alf.nu
+		c-ops-nl.alf.nu
+		c-ops-pl.alf.nu
+		c-ops-team.alf.nu
+		c-origin-net.alf.nu
+		c-origin-com.alf.nu
+		c-origin-cn.alf.nu
+		c-origin-pl.alf.nu
+		c-origin-qa.alf.nu
+		c-origin-kr.alf.nu
+		c-origin-dev.alf.nu
+		c-pay-com.alf.nu
+		c-pay-email.alf.nu
+		c-pay-games.alf.nu
+		c-pay-net.alf.nu
+		c-pay-pl.alf.nu
+		c-pay-support.alf.nu
+		c-priv-app.alf.nu
+		c-priv-net.alf.nu
+		c-prod-net.alf.nu
+		c-prod-pl.alf.nu
+		c-prod-support.alf.nu
+		c-prod-team.alf.nu
+		c-promo-app.alf.nu
+		c-promo-ci.alf.nu
+		c-promo-com.alf.nu
+		c-promo-kr.alf.nu
+		c-promo-nl.alf.nu
+		c-promo-page.alf.nu
+		c-promo-pl.alf.nu
+		c-promotion-pl.alf.nu
+		c-promotion-team.alf.nu
+		c-promotion-email.alf.nu
+		c-promotion-com.alf.nu
+		c-promotion-events.alf.nu
+		c-pub-app.alf.nu
+		c-pub-dev.alf.nu
+		c-pub-eu.alf.nu
+		c-pub-email.alf.nu
+		c-pub-games.alf.nu
+		c-pub-net.alf.nu
+		c-pub-nl.alf.nu
+		c-pub-pl.alf.nu
+		c-secure-eu.alf.nu
+		c-secure-cf.alf.nu
+		c-secure-cn.alf.nu
+		c-secure-engineering.alf.nu
+		c-secure-events.alf.nu
+		c-secure-nl.alf.nu
+		c-secure-vi.alf.nu 
+		c-security-com.alf.nu
+		c-security-pl.alf.nu
+		c-security-eu.alf.nu
+		c-security-engineering.alf.nu
+		c-sept-eu.alf.nu
+		c-sept-kr.alf.nu
+		c-sept-nl.alf.nu
+		c-sept-pl.alf.nu
+		c-sept-team.alf.nu
+		c-soa-net.alf.nu
+		c-ssl-com.alf.nu
+		c-ssl-email.alf.nu
+		c-ssl-nl.alf.nu
+		c-ssl-pl.alf.nu
+		c-ssl-team.alf.nu
+		c-staging-email.alf.nu
+		c-staging-eu.alf.nu
+		c-staging-games.alf.nu
+		c-staging-kr.alf.nu
+		c-staging-nl.alf.nu
+		c-staging-org.alf.nu
+		c-staging-pl.alf.nu
+		c-staging-support.alf.nu
+		c-system-cf.alf.nu
+		c-system-dev.alf.nu
+		c-system-events.alf.nu
+		c-system-games.alf.nu
+		c-system-net.alf.nu
+		c-system-pl.alf.nu
+		c-system-reviews.alf.nu
+		c-system-support.alf.nu
+		c-system-nl.alf.nu
+		c-t-email.alf.nu
+		c-t-events.alf.nu
+		c-t-pl.alf.nu
+		c-tdns-com.alf.nu
+		c-tdns-eu.alf.nu
+		c-tdns-nl.alf.nu
+		c-tdns-org.alf.nu
+		c-tdns-pl.alf.nu
+		c-tdns1-com.alf.nu
+		c-tdns2-1-email.alf.nu
+		c-tdns2-4-email.alf.nu
+		c-tdns2-18-email.alf.nu
+		c-tdns2-18-pl.alf.nu
+		c-tdns2-com.alf.nu
+		c-tdns2-oct-cn.alf.nu
+		c-tdns2-oct-com.alf.nu
+		c-tdns2-oct-org.alf.nu
+		c-tdns2-mirror-pl.alf.nu
+		c-tdns2-mirror-reviews.alf.nu
+		c-trial-com.alf.nu
+		c-tdns2-oct-pl.alf.nu
+		c-trial-org.alf.nu
+		c-trial-pl.alf.nu
+		c-trial-promo.alf.nu
+		c-trial-support.alf.nu
+		c-users-org.alf.nu
+		c-users-pl.alf.nu
+		c-v2-engineering.alf.nu
+		c-v2-eu.alf.nu
+		c-v2-cn.alf.nu
+		c-v2-nl.alf.nu
+		c-v2-org.alf.nu
+		c-webapp-nl.alf.nu
+		c-webapp-pl.alf.nu
+
+	Refused:
+		local.alf.nu
+		c-7-app.alf.nu
+		c-7-events.alf.nu
+		c-10-nl.alf.nu
+		c-16-com.alf.nu
+		c-accounts-nl.alf.nu
+		c-accounts-qa.alf.nu
+		c-accounts-team.alf.nu
+		c-admin-cf.alf.nu
+		c-admin-events.alf.nu
+		c-admin-org.alf.nu
+		c-administrator-app.alf.nu
+		c-administrator-events.alf.nu
+		c-administrator-dev.alf.nu
+		c-administrator-support.alf.nu
+		c-backend-app.alf.nu
+		c-backend-net.alf.nu
+		c-billing-net.alf.nu
+		c-c-app.alf.nu
+		c-client-dev.alf.nu
+		c-client-cn.alf.nu
+		c-data-email.alf.nu
+		c-data-page.alf.nu
+		c-data-support.alf.nu
+		c-eng-app.alf.nu
+		c-eng-kr.alf.nu
+		c-ftp-events.alf.nu
+		c-ftp-pl.alf.nu
+		c-k-cn.alf.nu
+		c-las-nl.alf.nu
+		c-latin-com.alf.nu
+		c-local-app.alf.nu
+		c-new-games.alf.nu
+		c-new-kr.alf.nu
+		c-o-app.alf.nu
+		c-oceania-dev.alf.nu
+		c-oceania-eu.alf.nu
+		c-pay-kr.alf.nu
+		c-pay-page.alf.nu
+		c-priv-com.alf.nu
+		c-prod-cf.alf.nu
+		c-prod-cn.alf.nu
+		c-prod-email.alf.nu
+		c-promo-email.alf.nu
+		c-secure-promo.alf.nu
+		c-secure-reviews.alf.nu
+		c-secure-support.alf.nu
+		c-security-email.alf.nu
+		c-security-games.alf.nu
+		c-security-support.alf.nu
+		c-security-vi.alf.nu
+		c-sept-net.alf.nu
+		c-soa-app.alf.nu
+		c-soa-com.alf.nu
+		c-soa-global.alf.nu
+		c-soa-nl.alf.nu
+		c-soa-team.alf.nu
+		c-ssl-events.alf.nu
+		c-ssl-promo.alf.nu
+		c-staging-cf.alf.nu
+		c-system-org.alf.nu
+		c-tdns-app.alf.nu
+		c-tdns-cn.alf.nu
+		c-tdns-email.alf.nu
+		c-tdns2-0-email.alf.nu
+		c-trial-eu.alf.nu
+		c-trial-net.alf.nu
+		c-v2-email.alf.nu
+		c-v2-net.alf.nu
+		c-v2-pl.alf.nu
+		c-webapp-com.alf.nu
+
+	Time out:
+		c-7-team.alf.nu
+		c-10-org.alf.nu
+		c-16-eu.alf.nu
+		c-16-net.alf.nu
+		c-accounts-eu.alf.nu
+		c-admin-games.alf.nu
+		c-admin-cn.alf.nu
+		c-admin-nl.alf.nu
+		c-admin-support.alf.nu
+		c-administrator-team.alf.nu
+		c-app-qa.alf.nu
+		c-app-security.alf.nu
+		c-billing-app.alf.nu
+		c-billing-dev.alf.nu
+		c-billing-pl.alf.nu
+		c-c-security.alf.nu
+		c-client-eu.alf.nu
+		c-confluence-app.alf.nu
+		c-confluence-dev.alf.nu
+		c-confluence-team.alf.nu
+		c-data-com.alf.nu
+		c-data-kr.alf.nu
+		c-data-security.alf.nu
+		c-data-cf.alf.nu
+		c-devops-kr.alf.nu
+		c-eng-eu.alf.nu
+		c-eng-net.alf.nu
+		c-f-team.alf.nu
+		c-feb-eu.alf.nu
+		c-ftp-cn.alf.nu
+		c-hkg-nl.alf.nu
+		c-hkg-org.alf.nu
+		c-latin-games.alf.nu
+		c-latinamerica-dev.alf.nu
+		c-latinamerica-kr.alf.nu
+		c-latinamerica-pl.alf.nu
+		c-local-games.alf.nu
+		c-local-eu.alf.nu
+		c-local-ci.alf.nu
+		c-local-kr.alf.nu
+		c-m-cn.alf.nu
+		c-new-eu.alf.nu
+		c-o-cn.alf.nu
+		c-ops-eu.alf.nu
+		c-pay-ci.alf.nu
+		c-priv-org.alf.nu
+		c-promo-eu.alf.nu
+		c-promo-qa.alf.nu
+		c-promotion-eu.alf.nu
+		c-promotion-nl.alf.nu
+		c-secure-net.alf.nu
+		c-secure-page.alf.nu
+		c-secure-pl.alf.nu
+		c-soa-eu.alf.nu
+		c-ssl-org.alf.nu
+		c-ssl-ci.alf.nu
+		c-ssl-cn.alf.nu
+		c-system-app.alf.nu
+		c-trial-dev.alf.nu
+		c-trial-nl.alf.nu
+		c-trial-pub.alf.nu
+		c-trial-reviews.alf.nu
+		c-users-eu.alf.nu
+		c-users-com.alf.nu
+
+	Unreachable:
+		c-administrator-cn.alf.nu
+		c-administrator-nl.alf.nu
+		c-app-eu.alf.nu
+		c-data-engineering.alf.nu
+		c-f-app.alf.nu
+		c-local-cn.alf.nu
+		c-local-net.alf.nu
+		c-new-engineering.alf.nu
+		c-new-promo.alf.nu
+		c-prod-nl.alf.nu
+		c-promo-pub.alf.nu
+		c-promotion-net.alf.nu
+		c-secure-email.alf.nu
+		c-t-org.alf.nu
+		c-trial-team.alf.nu
+
+	Unsupported protocol:
+		c-7-cn.alf.nu
+		c-feb-app.alf.nu
+		c-feb-engineering.alf.nu
+		c-latinamerica-com.alf.nu
+		c-m-events.alf.nu
+		c-new-dev.alf.nu
+		c-new-email.alf.nu
+		c-oceania-org.alf.nu
+		c-secure-app.alf.nu
+		c-secure-com.alf.nu
+		c-secure-team.alf.nu
+		c-users-kr.alf.nu
+		c-users-support.alf.nu
+		c-webapp-eu.alf.nu
+-->
+<ruleset name="alf.nu">
+	<target host="alf.nu" />
+	<target host="www.alf.nu" />
+	<target host="escape.alf.nu" />
+	<target host="regex.alf.nu" />
+	<target host="soa.alf.nu" />
+	<target host="tdns1.alf.nu" />
+	<target host="tdns2.alf.nu" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/alfacashier.com.xml b/src/chrome/content/rules/alfacashier.com.xml
new file mode 100644
index 000000000000..979ea50561d5
--- /dev/null
+++ b/src/chrome/content/rules/alfacashier.com.xml
@@ -0,0 +1,13 @@
+<!--
+mailer.alfacashier.com ³
+
+
+³ timed out
+-->
+<ruleset name="alfacashier.com">
+	<target host="alfacashier.com" />
+	<target host="www.alfacashier.com" />
+	<target host="ws.alfacashier.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/alfredxing.com.xml b/src/chrome/content/rules/alfredxing.com.xml
new file mode 100644
index 000000000000..6d76131bceb4
--- /dev/null
+++ b/src/chrome/content/rules/alfredxing.com.xml
@@ -0,0 +1,16 @@
+<!--
+	www.alfredxing.com does not exist.
+
+-->
+<ruleset name="Alfred Xing.com">
+
+	<target host="alfredxing.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/alfurat.com.xml b/src/chrome/content/rules/alfurat.com.xml
new file mode 100644
index 000000000000..ca3770635134
--- /dev/null
+++ b/src/chrome/content/rules/alfurat.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="alfurat.com">
+	<target host="alfurat.com" />
+	<target host="www.alfurat.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/alhur.es.xml b/src/chrome/content/rules/alhur.es.xml
new file mode 100644
index 000000000000..2effaff530c2
--- /dev/null
+++ b/src/chrome/content/rules/alhur.es.xml
@@ -0,0 +1,20 @@
+<!--
+entulho.fiatjaf.alhur.es protocol error
+
+
+-->
+<ruleset name="alhur.es">
+	<target host="alhur.es" />
+	<target host="contratos.alhur.es" />
+	<target host="couchdb-mapreduce-simulator.alhur.es" />
+	<target host="dpelp.alhur.es" />
+	<target host="fiatjaf.alhur.es" />
+	<target host="repos.alhur.es" />
+	<target host="rosetta.alhur.es" />
+	<target host="sheets.alhur.es" />
+	<target host="tabelas.alhur.es" />
+	<target host="temperos.alhur.es" />
+	<target host="templates.alhur.es" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/alibaba-inc.com.xml b/src/chrome/content/rules/alibaba-inc.com.xml
new file mode 100644
index 000000000000..a807630c7afd
--- /dev/null
+++ b/src/chrome/content/rules/alibaba-inc.com.xml
@@ -0,0 +1,27 @@
+<!--
+	^ does not exist.
+
+	Dropped:
+		- cms.cn
+		- d2forum
+
+	Mismatched:
+		- crm-eve.b2b
+		- dataweek
+-->
+<ruleset name="Alibaba-Inc.com (partial)">
+	<target host="www.alibaba-inc.com" />
+	<target host="acl.alibaba-inc.com" />
+	<target host="alilang.alibaba-inc.com" />
+	<target host="ehr.alibaba-inc.com" />
+	<target host="login.alibaba-inc.com" />
+	<target host="login-ca.alibaba-inc.com" />
+	<target host="pay.alibaba-inc.com" />
+	<target host="webmail.alibaba-inc.com" />
+	<target host="wlc.alibaba-inc.com" />
+	<target host="work.alibaba-inc.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/aliexpress.com-mixedcontent.xml b/src/chrome/content/rules/aliexpress.com-mixedcontent.xml
new file mode 100644
index 000000000000..9f0a57295989
--- /dev/null
+++ b/src/chrome/content/rules/aliexpress.com-mixedcontent.xml
@@ -0,0 +1,16 @@
+<!--
+	For rules not causing MCB, see AliExpress.com.xml.
+-->
+<ruleset name="AliExpress.com (MCB)" platform="mixedcontent">
+	<target host="aliexpress.com" />
+	<target host="www.aliexpress.com" />
+	<target host="activities.aliexpress.com" />
+	<target host="daxue.aliexpress.com" />
+	<target host="fulfillment.aliexpress.com" />
+	<target host="open.aliexpress.com" />
+	<target host="seller.aliexpress.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"	to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/aliftaa.jo.xml b/src/chrome/content/rules/aliftaa.jo.xml
new file mode 100644
index 000000000000..858130b9b97a
--- /dev/null
+++ b/src/chrome/content/rules/aliftaa.jo.xml
@@ -0,0 +1,13 @@
+<!--
+	Invalid Certificate:
+		aliftaa.jo
+-->
+<ruleset name="aliftaa.jo">
+	<target host="aliftaa.jo" />
+	<target host="www.aliftaa.jo" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://aliftaa\.jo/" to="https://www.aliftaa.jo/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/aliloan.com.xml b/src/chrome/content/rules/aliloan.com.xml
new file mode 100644
index 000000000000..0440eef1d105
--- /dev/null
+++ b/src/chrome/content/rules/aliloan.com.xml
@@ -0,0 +1,69 @@
+<!--
+	For other Alibaba coverage, see Alibaba.xml.
+
+
+	Problematic hosts in *aliloan.com:
+
+		- alibaba ᵉ
+
+	ᵉ Expired
+
+
+	These altnames do not exist:
+
+		- aliloan.com
+
+
+	Insecure cookies are set for these domains:
+
+		- .aliloan.com
+
+-->
+<ruleset name="Aliloan.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="dai.aliloan.com" />
+	<target host="dk.aliloan.com" />
+	<target host="growing.aliloan.com" />
+	<target host="taobao.aliloan.com" />
+	<target host="www.aliloan.com" />
+
+	<!--	Complications:
+				-->
+	<target host="alibaba.aliloan.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.aliloan\.com$" name="^ali_apache_track$" /-->
+
+	<securecookie host="^\." name="^ali_apache_track" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<!--	Redirect drops forward slash and args:
+							-->
+	<rule from="^http://alibaba\.aliloan\.com/.*"
+		to="https://loan.mybank.cn/dk/b2bapply/index.htm" />
+
+		<!--	\w$ does not redirect:
+						-->
+		<exclusion pattern="^http://alibaba\.aliloan\.com/(?!/*(?:$|\?))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://alibaba.aliloan.com/default.aspx" />
+			<test url="http://alibaba.aliloan.com/favicon.ico" />
+			<test url="http://alibaba.aliloan.com/index.htm" />
+			<test url="http://alibaba.aliloan.com/index.html" />
+			<test url="http://alibaba.aliloan.com/index.php" />
+
+			<!--	-ve:
+					-->
+			<test url="http://alibaba.aliloan.com/?" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/aliyun-inc.com.xml b/src/chrome/content/rules/aliyun-inc.com.xml
new file mode 100644
index 000000000000..c79b983bab0f
--- /dev/null
+++ b/src/chrome/content/rules/aliyun-inc.com.xml
@@ -0,0 +1,28 @@
+<!--
+	For other Alibaba coverage, see Alibaba.xml.
+
+
+	CDN buckets:
+
+		- g.alicdn.com	← cdn-mutil-object.cn-hangzhou.oss-cdn.aliyun-inc.com
+
+
+	Problematic hosts in *aliyun-inc.com:
+
+		- cn-hangzhou.oss ᵐ
+
+	ᵐ Mismatched
+
+-->
+<ruleset name="Aliyun-Inc.com" default_off="mismatched">
+
+	<target host="cn-hangzhou.oss.aliyun-inc.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/aliyuncs.com.xml b/src/chrome/content/rules/aliyuncs.com.xml
new file mode 100644
index 000000000000..3c70e91b43e1
--- /dev/null
+++ b/src/chrome/content/rules/aliyuncs.com.xml
@@ -0,0 +1,40 @@
+<!--
+	For other Alibaba coverage, see Alibaba.xml.
+
+	Mismatch:
+		imgs-storage.cdn.aliyuncs.com
+-->
+
+<ruleset name="Aliyuncs.com (partial)">
+
+	<target host="oss.aliyuncs.com" />
+
+	<target host="acedemo.oss.aliyuncs.com" />
+	<target host="aliyun_portal_storage.oss.aliyuncs.com" />
+	<target host="aliyunecs.oss.aliyuncs.com" />
+	<target host="aliyunhelp.oss.aliyuncs.com" />
+	<target host="aliyunsolution.oss.aliyuncs.com" />
+	<target host="calibre-ebooks.oss.aliyuncs.com" />
+	<target host="chinesepod.oss.aliyuncs.com" />
+	<target host="dagou100com.oss.aliyuncs.com" />
+	<target host="dn-st.oss.aliyuncs.com" />
+	<target host="doc.oss.aliyuncs.com" />
+	<target host="ehengshu-filebucket.oss.aliyuncs.com" />
+	<target host="fortunechina.oss.aliyuncs.com" />
+	<target host="hengshu-imagebucket.oss.aliyuncs.com" />
+	<target host="izx-file.oss.aliyuncs.com" />
+	<target host="mhf.oss.aliyuncs.com" />
+	<target host="rubygems-china.oss.aliyuncs.com" />
+	<target host="suoyiren.oss.aliyuncs.com" />
+	<target host="syn-work.oss.aliyuncs.com" />
+	<target host="synwork.oss.aliyuncs.com" />
+	<target host="wt-club.oss.aliyuncs.com" />
+
+	<target host="discuz-lbsbbs.oss-cn-hangzhou.aliyuncs.com" />
+	<target host="gongdan.oss-cn-hangzhou.aliyuncs.com" />
+	<target host="cdnrepo.oss-cn-shanghai.aliyuncs.com" />
+
+	<securecookie host="^\w" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/alkutubcafe.com.xml b/src/chrome/content/rules/alkutubcafe.com.xml
new file mode 100644
index 000000000000..c0d7ccf64751
--- /dev/null
+++ b/src/chrome/content/rules/alkutubcafe.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="alkutubcafe.com">
+	<target host="alkutubcafe.com" />
+	<target host="www.alkutubcafe.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/all4joomla.com.xml b/src/chrome/content/rules/all4joomla.com.xml
new file mode 100644
index 000000000000..59fb4b29cdb8
--- /dev/null
+++ b/src/chrome/content/rules/all4joomla.com.xml
@@ -0,0 +1,10 @@
+<!--
+	Refused:
+		demo.all4joomla.com
+-->
+<ruleset name="all4joomla.com">
+	<target host="all4joomla.com" />
+	<target host="www.all4joomla.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/allaboutcircuits.xml b/src/chrome/content/rules/allaboutcircuits.xml
new file mode 100644
index 000000000000..59a0a293b1f2
--- /dev/null
+++ b/src/chrome/content/rules/allaboutcircuits.xml
@@ -0,0 +1,9 @@
+<ruleset name="allaboutcircuits">
+
+	<target host="forum.allaboutcircuits.com" />
+	<target host="sub.allaboutcircuits.com" />
+	<target host="www.allaboutcircuits.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/allepizza.ru.xml b/src/chrome/content/rules/allepizza.ru.xml
new file mode 100644
index 000000000000..888b61d4e3c1
--- /dev/null
+++ b/src/chrome/content/rules/allepizza.ru.xml
@@ -0,0 +1,6 @@
+<ruleset name="allepizza.ru">
+	<target host="allepizza.ru" />
+	<target host="www.allepizza.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/allerdale.gov.uk.xml b/src/chrome/content/rules/allerdale.gov.uk.xml
new file mode 100644
index 000000000000..f9afe50fd63b
--- /dev/null
+++ b/src/chrome/content/rules/allerdale.gov.uk.xml
@@ -0,0 +1,54 @@
+<!--
+	Allerdale Borough Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *allerdale.gov.uk:
+
+		- democracy ᵃ
+		- feeds ᵃ
+		- mapping ᵈ
+		- planning ᵈ
+		- www ᵃ
+
+	ᵃ Shows another domain
+	ᵈ Dropped
+
+
+	Partially covered hosts in *allerdale.gov.uk:
+
+		- secure1 *
+
+	* 1 path differs from http
+
+
+	^allerdale.gov.uk does not exist.
+
+-->
+<ruleset name="Allerdale.gov.uk (partial)">
+
+	<target host="payments.allerdale.gov.uk" />
+	<target host="secure1.allerdale.gov.uk" />
+
+		<!--	Differs from http:
+								-->
+		<exclusion pattern="^http://secure1\.allerdale\.gov\.uk/benefitscalculator" />
+
+			<!--	+ve:
+					-->
+			<test url="http://secure1.allerdale.gov.uk/benefitscalculator/" />
+
+			<!--	-ve:
+					-->
+			<test url="http://secure1.allerdale.gov.uk/publicaccesslive/selfservice/citizenportal/login.htm" />
+
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)$" />
+	<securecookie host="^(?!secure1\.)\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/allflicks.net.xml b/src/chrome/content/rules/allflicks.net.xml
new file mode 100644
index 000000000000..000248450379
--- /dev/null
+++ b/src/chrome/content/rules/allflicks.net.xml
@@ -0,0 +1,28 @@
+<!--
+	CDN buckets:
+
+		- allflicks-salco.netdna-ssl.com
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.allflicks.net
+
+-->
+<ruleset name="AllFlicks.net">
+
+	<target host="allflicks.net" />
+	<target host="www.allflicks.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.allflicks\.net$" name="^(?:PHPSESSID|us)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/alliance-media.org.uk.xml b/src/chrome/content/rules/alliance-media.org.uk.xml
new file mode 100644
index 000000000000..862cd85950a2
--- /dev/null
+++ b/src/chrome/content/rules/alliance-media.org.uk.xml
@@ -0,0 +1,17 @@
+<!--
+	NB: server sends no certificate chain, see https://whatsmychaincert.com
+
+-->
+<ruleset name="Alliance-Media.org.uk" default_off="cert-chain">
+
+	<target host="alliance-media.org.uk" />
+	<target host="www.alliance-media.org.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/allianz.com.xml b/src/chrome/content/rules/allianz.com.xml
new file mode 100644
index 000000000000..4558c01fab54
--- /dev/null
+++ b/src/chrome/content/rules/allianz.com.xml
@@ -0,0 +1,143 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://asia.allianz.com/ => https://asia.allianz.com/: (51, "SSL: no alternative certificate subject name matches target host name 'asia.allianz.com'")
+Fetch error: http://azt.allianz.com/ => https://azt.allianz.com/: (6, 'Could not resolve host: azt.allianz.com')
+Fetch error: http://indonesia.allianz.com/ => https://indonesia.allianz.com/: (6, 'Could not resolve host: indonesia.allianz.com')
+Fetch error: http://knowledge.allianz.com/ => https://knowledge.allianz.com/: (51, "SSL: no alternative certificate subject name matches target host name 'knowledge.allianz.com'")
+Fetch error: http://malaysia.allianz.com/ => https://malaysia.allianz.com/: (6, 'Could not resolve host: malaysia.allianz.com')
+Fetch error: http://thailand.allianz.com/ => https://thailand.allianz.com/: (6, 'Could not resolve host: thailand.allianz.com')
+Fetch error: http://www.azt.allianz.com/ => https://azt.allianz.com/: (6, 'Could not resolve host: azt.allianz.com')
+
+	Nonfunctional hosts in *allianz.com:
+
+		- (www.)?acs ᵖ
+		- annualreport2010 ¹
+		- annualreport2011 ¹
+		- annualreport2012 ¹
+		- annualreport2013 ¹
+		- www.art ʳ
+		- digitallabs ʳ
+		- frauen ᵃ
+		- geschaeftsbericht2010 ¹
+		- geschaeftsbericht2011 ¹
+		- geschaeftsbericht2012 ¹
+		- geschaeftsbericht2013 ¹
+		- women ᵃ
+
+	¹ 401
+	ᵃ Shows another domain
+	ᵖ Plaintext reply
+	ʳ Refused
+
+
+	Problematic hosts in *allianz.com:
+
+		- www.acp ᵐ ˢ
+		- www.azt ᵐ
+		- act ᶜ
+
+	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
+	ᵐ Mismatched
+	ˢ Self-signed
+
+
+	Partially covered hosts in *allianz.com:
+
+		- www.agcs ʰ
+
+	ʰ Some pages redirect to http
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .allianz.com
+		- www.acp.allianz.com
+		- act.allianz.com
+		- asia.allianz.com
+		- azt.allianz.com
+		- indonesia.allianz.com
+		- jobs.allianz.com
+		- knowledge.allianz.com
+		- malaysia.allianz.com
+		- thailand.allianz.com
+		- weathersafe.allianz.com
+		- www.allianz.com
+
+
+	Mixed content:
+
+		- Bug on asia from bs.serving-sys.com ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="Allianz.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="allianz.com" />
+	<!--target host="act.allianz.com" /-->
+	<target host="www.agcs.allianz.com" />
+	<target host="asia.allianz.com" />
+	<target host="azt.allianz.com" />
+	<target host="www.cdmp.allianz.com" />
+	<target host="indonesia.allianz.com" />
+	<target host="jobs.allianz.com" />
+	<target host="knowledge.allianz.com" />
+	<target host="malaysia.allianz.com" />
+	<target host="www.marketing.allianz.com" />
+	<target host="thailand.allianz.com" />
+	<target host="weathersafe.allianz.com" />
+	<target host="www.allianz.com" />
+
+	<!--	Complications:
+				-->
+	<target host="www.azt.allianz.com" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.agcs\.allianz\.com/(?:$|sign-up-for-updates/\?)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.agcs\.allianz\.com/+(?!assets/|css/|images/|sign-up-for-updates/+$)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.agcs.allianz.com/about-us/news/" />
+			<test url="http://www.agcs.allianz.com/careers/" />
+			<test url="http://www.agcs.allianz.com/insights/" />
+			<test url="http://www.agcs.allianz.com/sectors/" />
+			<test url="http://www.agcs.allianz.com/services/" />
+			<test url="http://www.agcs.allianz.com/sign-up-for-updates/?foo" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.agcs.allianz.com/assets/Homepage/Anne%20Lebel_480X240.jpg" />
+			<test url="http://www.agcs.allianz.com/css/print.min.css" />
+			<test url="http://www.agcs.allianz.com/images/spr-arrows-8bit.png" />
+			<test url="http://www.agcs.allianz.com/sign-up-for-updates/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.allianz\.com$" name="^NETMIND_(?:PERM)?SID$" /-->
+	<!--securecookie host="^www\.acp\.allianz\.com$" name="^CONCRETE5$" /-->
+	<!--securecookie host="^act\.allianz\.com$" name="^(?:LastVisit|WebSessionID)$" /-->
+	<!--securecookie host="^(?:asia|indonesia|malaysia|thailand)\.allianz\.com$" name="^(?:LastVisit|WebSessionID|language)$" /-->
+	<!--securecookie host="^azt\.allianz\.com$" name="(?:JSESSIONID|^WebSessionID)$" /-->
+	<!--securecookie host="^(?:jobs|knowledge)\.allianz\.com$" name="^WebSessionID$" /-->
+	<!--securecookie host="^weathersafe\.allianz\.com$" name="^(?:PHPSESSID|lastlid_INT)$" /-->
+	<!--securecookie host="^www\.allianz\.com$" name="^(?:AzCountryCode|LastVisit|WebSessionID)$" /-->
+
+	<securecookie host="^(?!www\.agcs\.)\w" name=".+" />
+
+
+	<rule from="^http://www\.azt\.allianz\.com/"
+		to="https://azt.allianz.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/allinvestments.ru.xml b/src/chrome/content/rules/allinvestments.ru.xml
new file mode 100644
index 000000000000..0fc79416a169
--- /dev/null
+++ b/src/chrome/content/rules/allinvestments.ru.xml
@@ -0,0 +1,11 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.allinvestments.ru/ => https://www.allinvestments.ru/: (51, "SSL: no alternative certificate subject name matches target host name 'www.allinvestments.ru'")
+
+-->
+<ruleset name="allinvestments.ru" default_off="failed ruleset test">
+	<target host="allinvestments.ru" />
+	<target host="www.allinvestments.ru" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/allnokia.ru.xml b/src/chrome/content/rules/allnokia.ru.xml
new file mode 100644
index 000000000000..9c9d59cdf689
--- /dev/null
+++ b/src/chrome/content/rules/allnokia.ru.xml
@@ -0,0 +1,23 @@
+<!--
+avis.allnokia.ru ¹
+betep.allnokia.ru ¹
+f1.allnokia.ru ¹
+f2.allnokia.ru ¹
+files.allnokia.ru ¹
+pda.allnokia.ru ¹
+shop.allnokia.ru ¹
+zxstyles.allnokia.ru ¹
+
+
+¹ mismatch
+-->
+<ruleset name="allnokia.ru">
+	<target host="allnokia.ru" />
+	<target host="www.allnokia.ru" />
+	<target host="blogs.allnokia.ru" />
+	<target host="forum.allnokia.ru" />
+	<target host="fotki.allnokia.ru" />
+	<target host="profile.allnokia.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/allpayments.net.xml b/src/chrome/content/rules/allpayments.net.xml
new file mode 100644
index 000000000000..f0a29ad0a884
--- /dev/null
+++ b/src/chrome/content/rules/allpayments.net.xml
@@ -0,0 +1,24 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- allpayments.net
+		- www.allpayments.net
+
+-->
+<ruleset name="allpayments.net">
+
+	<target host="allpayments.net" />
+	<target host="www.allpayments.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?allpayments\.net$" name="^(?:ASP\.NET_SessionId|TS[\da-f]{8})$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/almaany.com.xml b/src/chrome/content/rules/almaany.com.xml
new file mode 100644
index 000000000000..dafd1310a3bb
--- /dev/null
+++ b/src/chrome/content/rules/almaany.com.xml
@@ -0,0 +1,15 @@
+<!--
+Invalid certificate:
+	alpha.almaany.com
+	beta.almaany.com
+	new.almaany.com
+
+Refused connection:
+	cdn.almaany.com
+-->
+<ruleset name="almaany.com">
+	<target host="almaany.com" />
+	<target host="www.almaany.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/almadinainstitute.org.xml b/src/chrome/content/rules/almadinainstitute.org.xml
new file mode 100644
index 000000000000..4aeaf2b1fcf5
--- /dev/null
+++ b/src/chrome/content/rules/almadinainstitute.org.xml
@@ -0,0 +1,9 @@
+<ruleset name="alMadinaInstitute.org">
+
+	<target host="almadinainstitute.org" />
+	<target host="www.almadinainstitute.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/almayadeen.net.xml b/src/chrome/content/rules/almayadeen.net.xml
new file mode 100644
index 000000000000..5d937858d094
--- /dev/null
+++ b/src/chrome/content/rules/almayadeen.net.xml
@@ -0,0 +1,31 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://piwik.almayadeen.net/ => https://piwik.almayadeen.net/: (6, 'Could not resolve host: piwik.almayadeen.net')
+
+Invalid certificate:
+	hubs-es.almayadeen.net
+	upload.almayadeen.net
+
+Timeout:
+	careers.almayadeen.net
+	media-g.almayadeen.net
+-->
+<ruleset name="Al Mayadeen" default_off="failed ruleset test">
+	<target host="almayadeen.net" />
+	<target host="www.almayadeen.net" />
+	<target host="api.almayadeen.net" />
+	<target host="cdn.almayadeen.net" />
+	<target host="cdnm.almayadeen.net" />
+	<target host="cms-es.almayadeen.net" />
+	<target host="espanol.almayadeen.net" />
+	<target host="hubs.almayadeen.net" />
+	<target host="mail.almayadeen.net" />
+	<target host="media.almayadeen.net" />
+	<target host="media-es.almayadeen.net" />
+	<target host="piwik.almayadeen.net" />
+	<target host="track.almayadeen.net" />
+	<target host="track-es.almayadeen.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/almeshkat.net.xml b/src/chrome/content/rules/almeshkat.net.xml
new file mode 100644
index 000000000000..bc1655a1063c
--- /dev/null
+++ b/src/chrome/content/rules/almeshkat.net.xml
@@ -0,0 +1,7 @@
+<ruleset name="almeshkat.net">
+	<target host="almeshkat.net" />
+	<target host="www.almeshkat.net" />
+	<target host="mail.almeshkat.net" />
+
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/alpenverein.de.xml b/src/chrome/content/rules/alpenverein.de.xml
new file mode 100644
index 000000000000..dc847c05dc3e
--- /dev/null
+++ b/src/chrome/content/rules/alpenverein.de.xml
@@ -0,0 +1,40 @@
+<!--
+	Invalid certificate:
+		adserver.alpenverein.de
+		bergwetter.alpenverein.de
+		check-your-risk.alpenverein.de
+		felsinfo.alpenverein.de
+		www.felsinfo.alpenverein.de
+		huetten.alpenverein.de
+		kletterregelungen.alpenverein.de
+		www.new.alpenverein.de
+		www.jdav.new.alpenverein.de
+		ranking.alpenverein.de
+		wwwa.alpenverein.de
+		wwww.alpenverein.de
+
+	Not found:
+		cdn.alpenverein.de
+		cms.alpenverein.de
+
+	Rejected:
+		km.alpenverein.de
+
+	Timeout:
+		static.alpenverein.de
+-->
+<ruleset name="Deutscher Alpenverein">
+
+	<target host="alpenverein.de" />
+	<target host="www.alpenverein.de" />
+	<target host="data.alpenverein.de" />
+	<target host="intern.alpenverein.de" />
+	<target host="jdav-basislager.alpenverein.de" />
+	<target host="live-cdn.alpenverein.de" />
+	<target host="mail2.alpenverein.de" />
+	<target host="opac.alpenverein.de" />
+	<target host="webaccess.alpenverein.de" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/alpharatio.cc.xml b/src/chrome/content/rules/alpharatio.cc.xml
new file mode 100644
index 000000000000..993fcd558bff
--- /dev/null
+++ b/src/chrome/content/rules/alpharatio.cc.xml
@@ -0,0 +1,6 @@
+<ruleset name="AlphaRatio">
+	<target host="alpharatio.cc" />
+	<target host="www.alpharatio.cc" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/alsace-lait.com.xml b/src/chrome/content/rules/alsace-lait.com.xml
new file mode 100644
index 000000000000..b25b019d7cad
--- /dev/null
+++ b/src/chrome/content/rules/alsace-lait.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="alsace-lait.com">
+	<target host="alsace-lait.com" />
+	<target host="www.alsace-lait.com" />
+	<target host="producteurs.alsace-lait.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/alsh3r.com.xml b/src/chrome/content/rules/alsh3r.com.xml
new file mode 100644
index 000000000000..cbc7f93612db
--- /dev/null
+++ b/src/chrome/content/rules/alsh3r.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="alsh3r.com">
+	<target host="alsh3r.com" />
+	<target host="www.alsh3r.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/alsop-n.uk.xml b/src/chrome/content/rules/alsop-n.uk.xml
new file mode 100644
index 000000000000..1043eef47cf7
--- /dev/null
+++ b/src/chrome/content/rules/alsop-n.uk.xml
@@ -0,0 +1,19 @@
+<!--
+	For other News Corporation coverage, see News-Corporation.xml.
+
+
+	www.alsop-n.uk does not exist.
+
+-->
+<ruleset name="alsop-n.uk">
+
+	<target host="alsop-n.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/alt-usage-english.org.xml b/src/chrome/content/rules/alt-usage-english.org.xml
new file mode 100644
index 000000000000..ff6303d9b0d4
--- /dev/null
+++ b/src/chrome/content/rules/alt-usage-english.org.xml
@@ -0,0 +1,7 @@
+<ruleset name="alt-usage-english.org">
+	<target host="alt-usage-english.org" />
+	<target host="www.alt-usage-english.org" />
+
+	<rule from="^http://alt-usage-english\.org/" to="https://www.alt-usage-english.org/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/alternacare.ca.xml b/src/chrome/content/rules/alternacare.ca.xml
new file mode 100644
index 000000000000..f2f005a60bd3
--- /dev/null
+++ b/src/chrome/content/rules/alternacare.ca.xml
@@ -0,0 +1,13 @@
+<ruleset name="alternacare.ca">
+<!--
+        Redirect to HTTP:
+                employees.alternacare.ca
+-->	
+	
+	<target host="alternacare.ca" />
+	<target host="www.alternacare.ca" />
+	<target host="services.alternacare.ca" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/alternativemeats.co.uk.xml b/src/chrome/content/rules/alternativemeats.co.uk.xml
new file mode 100644
index 000000000000..6f5887475a7f
--- /dev/null
+++ b/src/chrome/content/rules/alternativemeats.co.uk.xml
@@ -0,0 +1,24 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .alternativemeats.co.uk
+
+-->
+<ruleset name="Alternative Meats.co.uk">
+
+	<target host="alternativemeats.co.uk" />
+	<target host="www.alternativemeats.co.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.alternativemeats\.co\.uk$" name="^frontend$" /-->
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/altibbi.com.xml b/src/chrome/content/rules/altibbi.com.xml
new file mode 100644
index 000000000000..1a86eb6f4b08
--- /dev/null
+++ b/src/chrome/content/rules/altibbi.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="altibbi.com">
+	<target host="altibbi.com" />
+	<target host="www.altibbi.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/am730.com.hk.xml b/src/chrome/content/rules/am730.com.hk.xml
new file mode 100644
index 000000000000..c3f93bf2c204
--- /dev/null
+++ b/src/chrome/content/rules/am730.com.hk.xml
@@ -0,0 +1,28 @@
+<!--
+	Non-functional hosts
+		Couldn't resolve host name:
+			 - am730.com.hk
+			 - mailserv.am730.com.hk
+			 - www1.am730.com.hk
+
+		Timeout was reached:
+			 - epaper.am730.com.hk
+
+		Mixed content blocking (MCB) tiggered:
+			 - apps.am730.com.hk
+			 - archive.am730.com.hk
+			 - m.am730.com.hk
+
+		Different content:
+			 - flipbook.am730.com.hk
+-->
+<ruleset name="am730.com.hk">
+	<target host="www.am730.com.hk" />
+	<target host="apps2.am730.com.hk" />
+	<target host="charityrun.am730.com.hk" />
+	<target host="video.am730.com.hk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/amadump.com.xml b/src/chrome/content/rules/amadump.com.xml
new file mode 100644
index 000000000000..5bb24ebb9d9d
--- /dev/null
+++ b/src/chrome/content/rules/amadump.com.xml
@@ -0,0 +1,18 @@
+<!--
+	(www.)?amadump.com: Shows default page
+
+-->
+<ruleset name="AmaDump.com (partial)" default_off="expired, mismatched, self-signed">
+
+	<target host="content.amadump.com" />
+
+		<test url="http://content.amadump.com/Uwp7QubN7adN/image.jpg" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/amap.com.xml b/src/chrome/content/rules/amap.com.xml
new file mode 100644
index 000000000000..1eba40ad2025
--- /dev/null
+++ b/src/chrome/content/rules/amap.com.xml
@@ -0,0 +1,27 @@
+<ruleset name="amap.com">
+	<target host="amap.com" />
+	<target host="www.amap.com" />
+	<target host="a.amap.com" />
+	<target host="auto.amap.com" />
+	<target host="cache.amap.com" />
+	<target host="detail.amap.com" />
+	<target host="developer.amap.com" />
+	<target host="ditu.amap.com" />
+	<target host="gxd.amap.com" />
+	<target host="i.amap.com" />
+	<target host="id.amap.com" />
+	<target host="indoorreaper.amap.com" />
+	<target host="lbs.amap.com" />
+	<target host="lbsbbs.amap.com" />
+	<target host="m.amap.com" />
+	<target host="map.amap.com" />
+	<target host="mobile.amap.com" />
+	<target host="report.amap.com" />
+	<target host="restapi.amap.com" />
+	<target host="vdata.amap.com" />
+	<target host="wap.amap.com" />
+	<target host="webapi.amap.com" />
+	<target host="zifei.amap.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/amazon.ca.xml b/src/chrome/content/rules/amazon.ca.xml
new file mode 100644
index 000000000000..0ef3e80e99b2
--- /dev/null
+++ b/src/chrome/content/rules/amazon.ca.xml
@@ -0,0 +1,36 @@
+<!--
+	For other Amazon coverage, see Amazon.xml.
+
+
+	Insecure cookies are set for these domains: ᶜ
+
+		- .amazon.ca
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Amazon.ca">
+
+	<target host="amazon.ca" />
+	<target host="advertising.amazon.ca" />
+	<target host="associates.amazon.ca" />
+	<target host="astore.amazon.ca" />
+	<target host="fls-na.amazon.ca" />
+	<target host="rcm-ca.amazon.ca" />
+	<target host="read.amazon.ca" />
+	<target host="sellercentral.amazon.ca" />
+	<target host="widgets.amazon.ca" />
+	<target host="ws.amazon.ca" />
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.amazon\.ca$" name="^(?:session-id|session-id-time|ubid-acbca|x-wl-uid)$" /-->
+
+	<securecookie host=".+" name="^aps-trtmnt$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/amazon.cn.xml b/src/chrome/content/rules/amazon.cn.xml
new file mode 100644
index 000000000000..4b4d7bfd5118
--- /dev/null
+++ b/src/chrome/content/rules/amazon.cn.xml
@@ -0,0 +1,19 @@
+<!--
+	For other Amazon coverage, see Amazon.xml.
+-->
+<ruleset name="amazon.cn">
+	<target host="amazon.cn" />
+	<target host="associates.amazon.cn" />
+	<target host="fls-cn.amazon.cn" />
+	<target host="haimai.amazon.cn" />
+	<target host="kaidian.amazon.cn" />
+	<target host="mai.amazon.cn" />
+	<target host="tui.amazon.cn" />
+	<target host="widgets.amazon.cn" />
+
+	<target host="z.cn" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/amazon.co.jp.xml b/src/chrome/content/rules/amazon.co.jp.xml
new file mode 100644
index 000000000000..f458948034d0
--- /dev/null
+++ b/src/chrome/content/rules/amazon.co.jp.xml
@@ -0,0 +1,44 @@
+<!--
+	For other Amazon coverage, see Amazon.xml.
+
+
+	Insecure cookies are set for these domain: ᶜ
+
+		- .amazon.co.jp
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Amazon.co.jp">
+
+	<target host="amazon.co.jp" />
+	<target host="affiliate.amazon.co.jp" />
+	<target host="associates.amazon.co.jp" />
+	<exclusion pattern="^http://associates\.amazon\.co\.jp/$" />
+		<test url="http://associates.amazon.co.jp/gp/associates/network/help/t5/" />
+	<target host="astore.amazon.co.jp" />
+	<target host="authorcentral.amazon.co.jp" />
+	<target host="fls-fe.amazon.co.jp" />
+	<target host="kdp.amazon.co.jp" />
+	<target host="kindle.amazon.co.jp" />
+	<target host="kindlepreview.amazon.co.jp" />
+	<target host="payments.amazon.co.jp" />
+	<target host="sellercentral.amazon.co.jp" />
+	<target host="services.amazon.co.jp" />
+	<target host="vendorexpress.amazon.co.jp" />
+	<target host="videodirect.amazon.co.jp" />
+	<target host="webservices.amazon.co.jp" />
+	<target host="widgets.amazon.co.jp" />
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.amazon\.co\.jp$" name="^(?:session-id|session-id-time|session-token|skin|ubid-acbjp|x-wl-uid)$" /-->
+
+	<securecookie host="^\." name="^(?:aps-trtmnt$|s_v)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/amazon.co.uk.xml b/src/chrome/content/rules/amazon.co.uk.xml
new file mode 100644
index 000000000000..11553ac27dfd
--- /dev/null
+++ b/src/chrome/content/rules/amazon.co.uk.xml
@@ -0,0 +1,48 @@
+<!--
+	For other Amazon coverage, see Amazon.xml.
+
+
+	Problematic hosts in *amazon.co.uk:
+
+		- m ʳ
+
+	ʳ Refused, preemptable redirect
+-->
+
+<ruleset name="Amazon.co.uk">
+	<target host="amazon.co.uk" />
+	<target host="aan.amazon.co.uk" />
+	<target host="advertising.amazon.co.uk" />
+	<target host="affiliate-program.amazon.co.uk" />
+	<target host="associates.amazon.co.uk" />
+	<target host="ams.amazon.co.uk" />
+	<target host="completion.amazon.co.uk" />
+	<target host="fls-eu.amazon.co.uk" />
+	<target host="kindle.amazon.co.uk" />
+	<target host="local.amazon.co.uk" />
+	<target host="m.amazon.co.uk" />
+	<target host="payments.amazon.co.uk" />
+	<target host="rcm-uk.amazon.co.uk" />
+	<target host="sellercentral.amazon.co.uk" />
+	<target host="services.amazon.co.uk" />
+	<target host="tickets.amazon.co.uk" />
+	<target host="ws.amazon.co.uk" />
+	<target host="www1.amazon.co.uk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<!--
+		Redirect drops path and forward
+		slash, but not args:
+	-->
+
+	<rule from="^http://m\.amazon\.co\.uk/[^?]*" to="https://www.amazon.co.uk/gp/aw" />
+
+	<test url="http://m.amazon.co.uk/index.htm" />
+
+	<rule from="^http:"	to="https:" />
+
+	<exclusion pattern="^http://associates\.amazon\.co\.uk/$" />
+
+	<test url="http://associates.amazon.co.uk/gp/advertising/api/detail/agreement.html" />
+</ruleset>
diff --git a/src/chrome/content/rules/amazon.com.au.xml b/src/chrome/content/rules/amazon.com.au.xml
new file mode 100644
index 000000000000..b12d9f5fc8c1
--- /dev/null
+++ b/src/chrome/content/rules/amazon.com.au.xml
@@ -0,0 +1,68 @@
+<!--
+	For other Amazon coverage, see Amazon.xml.
+
+
+	Non-functional subdomains:
+
+		- cmu-receiver-fe	(t)
+		- kdp	(r)
+		- kindlestore-sha-proxy	(i)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+
+
+	Insecure cookies are set for these domains: ᶜ
+
+		- .amazon.com.au
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Amazon.com.au">
+
+	<target host="amazon.com.au" />
+	<target host="affiliate-program.amazon.com.au" />
+	<target host="alexa.amazon.com.au" />
+	<target host="api.amazon.com.au" />
+	<target host="argileto.amazon.com.au" />
+	<target host="brandregistry.amazon.com.au" />
+	<target host="brandservices.amazon.com.au" />
+	<target host="carriercentral.amazon.com.au" />
+	<target host="cde-ta-g7g.amazon.com.au" />
+	<target host="cde-ta-g7g-preprod.amazon.com.au" />
+	<target host="dp-gw-na.amazon.com.au" />
+	<target host="guipitan.amazon.com.au" />
+	<target host="kep.amazon.com.au" />
+	<target host="account.kep.amazon.com.au" />
+	<target host="kep-eu.amazon.com.au" />
+	<target host="kindle.amazon.com.au" />
+	<target host="kindle-store-proxy-endpoint.amazon.com.au" />
+	<target host="msh-tablet.amazon.com.au" />
+	<target host="origin-www.amazon.com.au" />
+	<target host="read.amazon.com.au" />
+	<target host="sellercentral.amazon.com.au" />
+	<target host="services.amazon.com.au" />
+	<target host="skills-store.amazon.com.au" />
+	<target host="vendorcentral.amazon.com.au" />
+	<target host="webservices.amazon.com.au" />
+	<target host="webservices-internal.amazon.com.au" />
+	<target host="www22.amazon.com.au" />
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.amazon\.com\.au$" name="^(?:lc-acbau|session-id|session-id-time|session-token|ubid-acbau|x-wl-uid)$" /-->
+
+	<securecookie host=".+" name="^aps-trtmnt$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/amazon.com.br.xml b/src/chrome/content/rules/amazon.com.br.xml
new file mode 100644
index 000000000000..9a4eb3c24e03
--- /dev/null
+++ b/src/chrome/content/rules/amazon.com.br.xml
@@ -0,0 +1,29 @@
+<!--
+	For other Amazon coverage, see Amazon.xml.
+
+
+	Insecure cookies are set for these domains: ᶜ
+
+		- .amazon.com.br
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Amazon.com.br">
+
+	<target host="amazon.com.br" />
+	<target host="associados.amazon.com.br" />
+	<target host="ler.amazon.com.br" />
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.amazon\.com\.br$" name="^(?:lc-acbbr|session-id|session-id-time|ubid-acbbr|x-wl-uid)$" /-->
+
+	<securecookie host=".+" name="^aps-trtmnt$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/amazon.com.mx.xml b/src/chrome/content/rules/amazon.com.mx.xml
new file mode 100644
index 000000000000..d9a173955d25
--- /dev/null
+++ b/src/chrome/content/rules/amazon.com.mx.xml
@@ -0,0 +1,26 @@
+<!--
+	For other Amazon coverage, see Amazon.xml.
+
+
+	Insecure cookies are set for these domains: ᶜ
+
+		- .amazon.com.mx
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="amazon.com.mx">
+
+	<target host="amazon.com.mx" />
+	<target host="leer.amazon.com.mx" />
+	<target host="afiliados.amazon.com.mx" />
+	<target host="sellercentral.amazon.com.mx" />
+	<target host="services.amazon.com.mx" />
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/amazon.de.xml b/src/chrome/content/rules/amazon.de.xml
new file mode 100644
index 000000000000..752c15e78514
--- /dev/null
+++ b/src/chrome/content/rules/amazon.de.xml
@@ -0,0 +1,72 @@
+<!--
+	For other Amazon coverage, see Amazon.xml.
+
+
+	Nonfunctional hosts in *amazon.de:
+
+		- aws ʳ
+
+	' Refused
+
+
+	Problematic hosts in *amazon.de:
+
+		- affiliate-blog ᵐ
+		- kdp ʳ
+		- static ᵐ
+
+	ᵐ Mismatched
+	ʳ Refused, preemptable redirect
+
+
+	Insecure cookies are set for these domains: ᶜ
+
+		- .amazon.de
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Amazon.de">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="amazon.de" />
+	<target host="advertising.amazon.de" />
+	<target host="ams.amazon.de" />
+	<target host="astore.amazon.de" />
+	<target host="dropship.amazon.de" />
+	<target host="fls-eu.amazon.de" />
+	<target host="partnernet.amazon.de" />
+	<target host="payments.amazon.de" />
+	<target host="sellercentral.amazon.de" />
+	<target host="services.amazon.de" />
+	<target host="transportation.amazon.de" />
+	<target host="webservices.amazon.de" />
+	<target host="widgets.amazon.de" />
+	<target host="ws.amazon.de" />
+	<target host="smile.amazon.de" />
+
+	<!--	Complications:
+				-->
+	<target host="kdp.amazon.de" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.amazon\.de$" name="^(?:session-id|session-id-time|ubid-acbe|x-wl-uid)$" /-->
+
+	<securecookie host=".+" name="^aps-trtmnt$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<!--	Redirect drops all:
+					-->
+	<rule from="^http://kdp\.amazon\.de/.*"
+		to="https://kdp.amazon.com/self-publishing/signin?language=de_DE" />
+
+		<test url="http://kdp.amazon.de/index.htm" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/amazon.es.xml b/src/chrome/content/rules/amazon.es.xml
new file mode 100644
index 000000000000..7cb3758e0644
--- /dev/null
+++ b/src/chrome/content/rules/amazon.es.xml
@@ -0,0 +1,37 @@
+<!--
+	For other Amazon coverage, see Amazon.xml.
+
+
+	Insecure cookies are set for these domains: ᶜ
+
+		- .amazon.es
+		- .www.amazon.es
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Amazon.es">
+
+	<target host="amazon.es" />
+	<target host="advertising.amazon.es" />
+	<target host="afiliados.amazon.es" />
+	<target host="dropship.amazon.es" />
+	<target host="fls-eu.amazon.es" />
+	<target host="sellercentral.amazon.es" />
+	<target host="services.amazon.es" />
+	<target host="transportation.amazon.es" />
+	<target host="vendorcentral.amazon.es" />
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.amazon\.es$" name="^(?:session-id|session-id-time|x-wl-uid)$" /-->
+	<!--securecookie host="^\.www\.amazon\.es$" name="^(?:UserPref|at-acbes|lc-acbes|sess-at-aches|session-id|session-id-time|session-token|ubid-acbes|x-acbes|x-wl-uid)$" /-->
+
+	<securecookie host=".+" name="^aps-trtmnt$" />
+	<securecookie host="^(?!\.amazon\.es$)." name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/amazon.fr.xml b/src/chrome/content/rules/amazon.fr.xml
new file mode 100644
index 000000000000..c6d648bbaed1
--- /dev/null
+++ b/src/chrome/content/rules/amazon.fr.xml
@@ -0,0 +1,43 @@
+<!--
+	For other Amazon coverage, see Amazon.xml.
+
+
+	Nonfunctional hosts in *amazon.fr:
+
+		- aws '
+
+	' Refused
+
+
+	Insecure cookies are set for these domains: ᶜ
+
+		- .amazon.fr
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Amazon.fr (partial)">
+
+	<target host="amazon.fr" />
+	<target host="authorcentral.amazon.fr" />
+	<target host="dropship.amazon.fr" />
+	<target host="fls-eu.amazon.fr" />
+	<target host="partenaires.amazon.fr" />
+	<target host="sellercentral.amazon.fr" />
+	<target host="services.amazon.fr" />
+	<target host="transportation.amazon.fr" />
+	<target host="vendorcentral.amazon.fr" />
+	<target host="ws.amazon.fr" />
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.amazon\.fr$" name="^(?:session-id|session-id-time|ubid-acbfr|x-wl-uid)$" /-->
+
+	<securecookie host=".+" name="^aps-trtmnt$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/amazon.in.xml b/src/chrome/content/rules/amazon.in.xml
new file mode 100644
index 000000000000..4a5a04981d28
--- /dev/null
+++ b/src/chrome/content/rules/amazon.in.xml
@@ -0,0 +1,89 @@
+<!--
+	For other Amazon coverage, see Amazon.xml.
+
+
+	Insecure cookies are set for these domains: ᶜ
+
+		- .amazon.in
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Images on blog from cdn.amazonblogs.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Amazon.in (partial)">
+
+	<target host="amazon.in" />
+	<target host="blog.amazon.in" />
+	<target host="fls-eu.amazon.in" />
+	<target host="paywithamazon.amazon.in" />
+	<target host="read.amazon.in" />
+	<target host="sellercentral.amazon.in" />
+	<target host="services.amazon.in" />
+	<target host="www.amazon.in" />
+
+		<!--	Redirects to http:
+						-->
+		<exclusion pattern="^http://(www\.)?amazon\.in/+(.+/)?(b|dp|e|s)($|[?/])" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.amazon.in/Gillian-Flynn/e/B001JP3W46" />
+			<test url="http://www.amazon.in/Harper-Lee/e/B00456LE3M" />
+			<test url="http://www.amazon.in/John-Green/e/B001I9OQNE" />
+			<test url="http://www.amazon.in/Jojo-Moyes/e/B001HMNFPM" />
+			<test url="http://www.amazon.in/Nicholas-Sparks/e/B000APGF36" />
+			<test url="http://www.amazon.in/PIGLOO-Colourful-Decorative-Adhesive-Glitter/dp/B01C3X2DGU/" />
+			<test url="http://www.amazon.in/Sandra-Brown/e/B000AQ0XWO" />
+			<test url="http://www.amazon.in/Zest-Toyz-Kitchen-Pretend-Lights/dp/B01GK1EWC4" />
+			<test url="http://www.amazon.in/b/?node=13713623031" />
+			<test url="http://www.amazon.in/s/?field-keywords=Raspberry+Pi" />
+
+		<test url="http://www.amazon.in/Gabriel-Rear-Dicky-Struts-2-Hyundai/forum/-/-/1/?asin=B01EOPLX7K" />
+		<test url="http://www.amazon.in/SG-Musical-SGM696-Dholak-Screw/gp/product/B00RCNO1OO" />
+		<test url="http://www.amazon.in/Shoes-40-off-or-more-Handbags/s?ie=UTF8&amp;page=1&amp;rh=n%3A1983396031%2Cp_8%3A40-" />
+		<test url="http://www.amazon.in/b?node=2762140031" />
+		<test url="http://www.amazon.in/review/top-reviewers" />
+
+		<!-- CORS issues with AJAX requests,
+		see also:
+			* https://github.com/EFForg/https-everywhere/issues/6157
+			* https://github.com/EFForg/https-everywhere/issues/10515
+		-->
+		<exclusion pattern="^http://(www\.)?amazon\.in/(cross-app-features|gp|xa)/" />
+			<!-- 405 on GET requests with curl, API only responses on specific POST requests -->
+			<test url="http://amazon.in/cross-app-features/ags-best-deal-widget/handler/get-best-deals.html" />
+			<test url="http://www.amazon.in/cross-app-features/ags-best-deal-widget/handler/get-best-deals.html" />
+			<test url="http://amazon.in/gp/delivery/ajax/address-change.html" />
+			<test url="http://www.amazon.in/gp/delivery/ajax/address-change.html" />
+			<test url="http://amazon.in/gp/goldbox" />
+			<test url="http://www.amazon.in/gp/goldbox" />
+			<test url="http://amazon.in/gp/search-inside/js" />
+			<test url="http://www.amazon.in/gp/search-inside/js" />
+			<!-- 404 on GET requests, API only responses on specific POST requests -->
+			<test url="http://amazon.in/xa/dealcontent/v2/GetDealStatus" />
+			<test url="http://www.amazon.in/xa/dealcontent/v2/GetDealStatus" />
+			<test url="http://amazon.in/xa/dealcontent/v2/GetDeals" />
+			<test url="http://www.amazon.in/xa/dealcontent/v2/GetDeals" />
+			<test url="http://amazon.in/xa/dealcontent/v2/SelectDeals" />
+			<test url="http://www.amazon.in/xa/dealcontent/v2/SelectDeals" />
+			<test url="http://amazon.in/xa/dealcontent/v2/GetDealMetadata" />
+			<test url="http://www.amazon.in/xa/dealcontent/v2/GetDealMetadata" />
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.amazon\.in$" name="^(?:cpa-blogs-session-id|cpa-blogs-session-id-time|cpa-blogs-session-token|cpa-blogs-ubid-main|session-id|session-id-time|ubid-acbin|x-wl-uid)$" /-->
+
+	<securecookie host=".+" name="^(?:aps-trtmnt$|cpa-blogs-|s_v)" />
+	<securecookie host="^[^.w]" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/amazon.it.xml b/src/chrome/content/rules/amazon.it.xml
new file mode 100644
index 000000000000..b7207e781cfc
--- /dev/null
+++ b/src/chrome/content/rules/amazon.it.xml
@@ -0,0 +1,32 @@
+<!--
+	For other Amazon coverage, see Amazon.xml.
+
+
+	Insecure cookies are set for these domains: ᶜ
+
+		- .amazon.it
+		- .www.amazon.it
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Amazon.it">
+
+	<target host="amazon.it" />
+	<target host="advertising.amazon.it" />
+	<target host="fls-eu.amazon.it" />
+	<target host="sellercentral.amazon.it" />
+	<target host="services.amazon.it" />
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.amazon\.it$" name="^(?:session-id|session-id-time|ubid-acbe)$" /-->
+
+	<securecookie host=".+" name="^aps-trtmnt$" />
+	<securecookie host="^(?!\.amazon\.it$)." name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/amazon.nl.xml b/src/chrome/content/rules/amazon.nl.xml
new file mode 100644
index 000000000000..3f1d1ac4ba24
--- /dev/null
+++ b/src/chrome/content/rules/amazon.nl.xml
@@ -0,0 +1,27 @@
+<!--
+	For other Amazon coverage, see Amazon.xml.
+
+
+	Insecure cookies are set for these domains: ᶜ
+
+		- .amazon.nl
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Amazon.nl">
+
+	<target host="amazon.nl" />
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.amazon\.nl$" name="^(?:session-id-time|session-id-time|ubid-acbnl|x-wl-uid)$" /-->
+
+	<securecookie host=".+" name="^aps-trtmnt$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ambercutie.com.xml b/src/chrome/content/rules/ambercutie.com.xml
new file mode 100644
index 000000000000..9dfa46e4f253
--- /dev/null
+++ b/src/chrome/content/rules/ambercutie.com.xml
@@ -0,0 +1,40 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://profiles.ambercutie.com/ => https://profiles.ambercutie.com/: (6, 'Could not resolve host: profiles.ambercutie.com')
+
+	Problematic hosts in *ambercutie.com:
+
+		- live ⁵
+
+	⁵ 522, preemptable redirect
+
+-->
+<ruleset name="AmberCutie.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ambercutie.com" />
+	<target host="profiles.ambercutie.com" />
+	<target host="www.ambercutie.com" />
+
+	<!--	Complications:
+				-->
+	<target host="live.ambercutie.com" />
+
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<!--	Redirect drops all:
+					-->
+	<rule from="^http://live\.ambercutie\.com/.*"
+		to="https://www.myfreecams.com/?baf=2148050#AmberCutie" />
+
+		<test url="http://live.ambercutie.com/index.htm" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ambervalley.gov.uk.xml b/src/chrome/content/rules/ambervalley.gov.uk.xml
new file mode 100644
index 000000000000..a05923a4b29a
--- /dev/null
+++ b/src/chrome/content/rules/ambervalley.gov.uk.xml
@@ -0,0 +1,51 @@
+<!--
+	Amber Valley Borough Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	These altnames do not exist:
+
+		- ambervalley.gov.uk
+
+-->
+<ruleset name="Amber Valley.gov.uk (partial)">
+
+	<target host="info.ambervalley.gov.uk" />
+	<target host="www.ambervalley.gov.uk" />
+
+		<!--	Direct rewrites:
+					-->
+		<!--exclusion pattern="^http://www\.ambervalley\.gov\.uk/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.ambervalley\.gov\.uk/(?!/*(?:css/|elected-members-area(?:$|[?/])|images/|media/|utilities/login\.aspx))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.ambervalley.gov.uk/business/business-rates.aspx" />
+			<test url="http://www.ambervalley.gov.uk/business/trade-waste.aspx" />
+			<test url="http://www.ambervalley.gov.uk/community-and-living.aspx" />
+			<test url="http://www.ambervalley.gov.uk/communitymovers" />
+			<test url="http://www.ambervalley.gov.uk/housing/affordable-housing.aspx" />
+			<test url="http://www.ambervalley.gov.uk/transport-and-streets.aspx" />
+			<test url="http://www.ambervalley.gov.uk/utilities/enquiry-form.aspx" />
+			<test url="http://www.ambervalley.gov.uk/utilities/privacy-and-data-protection.aspx" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.ambervalley.gov.uk/css/amberfest.css" />
+			<test url="http://www.ambervalley.gov.uk/elected-members-area" />
+			<test url="http://www.ambervalley.gov.uk/images/bghd1.png" />
+			<test url="http://www.ambervalley.gov.uk/media/447459/post-box.jpg" />
+			<test url="http://www.ambervalley.gov.uk/utilities/login.aspx?rtp=true" />
+
+
+	<securecookie host="^i" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ambitiousaboutautism.org.uk.xml b/src/chrome/content/rules/ambitiousaboutautism.org.uk.xml
new file mode 100644
index 000000000000..b26b3ba8000a
--- /dev/null
+++ b/src/chrome/content/rules/ambitiousaboutautism.org.uk.xml
@@ -0,0 +1,28 @@
+<!--
+	Ambitious About Autism
+
+
+	^ambitiousaboutautism.org.uk: Mismatched
+
+-->
+<ruleset name="Ambitious About Autism.org.uk">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.ambitiousaboutautism.org.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="ambitiousaboutautism.org.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://ambitiousaboutautism\.org\.uk/"
+		to="https://www.ambitiousaboutautism.org.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/amcnetworks.com.xml b/src/chrome/content/rules/amcnetworks.com.xml
new file mode 100644
index 000000000000..a4b757b710db
--- /dev/null
+++ b/src/chrome/content/rules/amcnetworks.com.xml
@@ -0,0 +1,30 @@
+<!--
+	For other AMC Networks coverage, see AMC.xml.
+
+
+	CDN buckets:
+
+		- s3.amazonaws.com/images.amcnetworks.com/
+
+
+	Nonfunctional hosts in *amcnetworks.com:
+
+		- (www.)? ᵈ
+		- investors ᵈ
+		- press ᵈ
+
+	ᵈ Dropped
+
+-->
+<ruleset name="AMC Networks.com (partial)">
+
+	<target host="images.amcnetworks.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/amd-osx.com.xml b/src/chrome/content/rules/amd-osx.com.xml
new file mode 100644
index 000000000000..f0817aa595b3
--- /dev/null
+++ b/src/chrome/content/rules/amd-osx.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="AMD OS X">
+	<target host="amd-osx.com" />
+	<target host="www.amd-osx.com" />
+	<target host="forum.amd-osx.com" />
+
+	<securecookie host="^([\w.-]+)\.amd-osx\.com$" name=".+" />
+
+	<test url="http://forum.amd-osx.com/search.php?search_id=active_topics" />
+	<test url="http://forum.amd-osx.com/memberlist.php?mode=contactadmin/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ameba.jp-falsemixed.xml b/src/chrome/content/rules/ameba.jp-falsemixed.xml
new file mode 100644
index 000000000000..2c1e0d3f3c7e
--- /dev/null
+++ b/src/chrome/content/rules/ameba.jp-falsemixed.xml
@@ -0,0 +1,25 @@
+<!--
+	For rules not causing false/broken MCB, see Ameba.xml.
+
+-->
+<ruleset name="Ameba.jp (false MCB)" platform="mixedcontent">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.ameba.jp" />
+
+	<!--	Complications:
+				-->
+	<target host="ameba.jp" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://ameba\.jp/"
+		to="https://www.ameba.jp/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/amebaownd.com.xml b/src/chrome/content/rules/amebaownd.com.xml
new file mode 100644
index 000000000000..fc1b627475a1
--- /dev/null
+++ b/src/chrome/content/rules/amebaownd.com.xml
@@ -0,0 +1,45 @@
+<!--
+	^amebaownd.com: Mismatched
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- .amebaownd.com
+		- www.amebaownd.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="amebaownd.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="sy.amebaownd.com" />
+	<target host="static.amebaownd.com" />
+	<target host="www.amebaownd.com" />
+
+	<!--	Complications:
+				-->
+	<target host="amebaownd.com" />
+
+		<!--	Sets cookie without Secure:
+							-->
+		<!--test url="http://sy.amebaownd.com/sync/?rtn=true" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.amebaownd\.com$" name="^P$" /-->
+	<!--securecookie host="^www\.amebaownd\.com$" name="^madrid-web_(?:FLASH|SESSION)$" /-->
+
+	<securecookie host="^\." name="^(?:_gat?$|_gat_|P$)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://amebaownd\.com/"
+		to="https://www.amebaownd.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/amediateka.ru.xml b/src/chrome/content/rules/amediateka.ru.xml
new file mode 100644
index 000000000000..ed401c376380
--- /dev/null
+++ b/src/chrome/content/rules/amediateka.ru.xml
@@ -0,0 +1,37 @@
+<!--
+afisha.amediateka.ru ¹
+beeline.amediateka.ru ³
+clicks.amediateka.ru ⁷
+got.amediateka.ru ⁴
+got6.amediateka.ru ¹
+kinopoisk.amediateka.ru ¹
+liptontea.amediateka.ru ¹
+afisha.mail.amediateka.ru ¹
+pics.amediateka.ru ⁴
+promo.amediateka.ru ³
+www.stag.amediateka.ru ¹
+tvzavr.amediateka.ru ¹
+
+
+¹ mismatch
+³ timed out
+⁴ self signed
+⁷ protocol error
+-->
+<ruleset name="amediateka.ru">
+	<target host="amediateka.ru" />
+	<target host="www.amediateka.ru" />
+	<target host="analytics.amediateka.ru" />
+	<target host="api.amediateka.ru" />
+	<target host="cc.amediateka.ru" />
+	<target host="heartbeat.amediateka.ru" />
+	<target host="pay.amediateka.ru" />
+	<target host="s3.amediateka.ru" />
+	<target host="smarttv.amediateka.ru" />
+	<target host="stag.amediateka.ru" />
+	<target host="static.amediateka.ru" />
+	<target host="str.amediateka.ru" />
+	<target host="streaming.amediateka.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/americanhunter.org.xml b/src/chrome/content/rules/americanhunter.org.xml
new file mode 100644
index 000000000000..22ca7295b1ae
--- /dev/null
+++ b/src/chrome/content/rules/americanhunter.org.xml
@@ -0,0 +1,26 @@
+<!--
+	For other National Rifle Association coverage, see nra.org.xml.
+
+
+	Mixed content:
+
+		- Bug from b.scorecardresearch.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="American Hunter.org">
+
+	<target host="americanhunter.org" />
+	<target host="assets.americanhunter.org" />
+	<target host="www.americanhunter.org" />
+
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/americanrifleman.org.xml b/src/chrome/content/rules/americanrifleman.org.xml
new file mode 100644
index 000000000000..e36944427153
--- /dev/null
+++ b/src/chrome/content/rules/americanrifleman.org.xml
@@ -0,0 +1,33 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://wmp.americanrifleman.org/ => https://wmp.americanrifleman.org/: (60, 'SSL certificate problem: certificate has expired')
+
+	For other National Rifle Association coverage, see nra.org.xml.
+
+
+	Mixed content:
+
+		- Bug on www from b.scorecardresearch.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="American Rifleman.org" default_off="failed ruleset test">
+
+	<target host="americanrifleman.org" />
+	<target host="assets.americanrifleman.org" />
+	<target host="wmp.americanrifleman.org" />
+	<target host="www.americanrifleman.org" />
+
+		<test url="http://assets.americanrifleman.org/images/arrow-left.png" />
+
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/americas1stfreedom.org.xml b/src/chrome/content/rules/americas1stfreedom.org.xml
new file mode 100644
index 000000000000..619d8d99e1b4
--- /dev/null
+++ b/src/chrome/content/rules/americas1stfreedom.org.xml
@@ -0,0 +1,35 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://americas1stfreedom.org/ => https://americas1stfreedom.org/: (35, 'Unknown SSL protocol error in connection to americas1stfreedom.org:443 ')
+Fetch error: http://wmp.americas1stfreedom.org/ => https://wmp.americas1stfreedom.org/: (60, 'SSL certificate problem: certificate has expired')
+
+	For other National Rifle Association coverage, see nra.org.xml.
+
+
+	Mixed content:
+
+		- Bugs, from:
+
+			- b.scorecardresearch.com ˢ
+			- sb.scorecardresearch.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Americas 1st Freedom.org" default_off="failed ruleset test">
+
+	<target host="americas1stfreedom.org" />
+	<target host="assets.americas1stfreedom.org" />
+	<target host="wmp.americas1stfreedom.org" />
+	<target host="www.americas1stfreedom.org" />
+
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ameslab.gov.xml b/src/chrome/content/rules/ameslab.gov.xml
new file mode 100644
index 000000000000..96093048b31e
--- /dev/null
+++ b/src/chrome/content/rules/ameslab.gov.xml
@@ -0,0 +1,74 @@
+<!--
+	Ames Laboratory
+
+
+
+	Problematic hosts in *ameslab.gov:
+
+		- alvideo ᶜ
+		- www.external ᵃ
+		- www.icq9 ᶜ ᵐ
+		- www2.metcer ᵐ
+		- www.msg ᶜ ᵐ
+		- www.quasi ᶜ ᵐ
+		- www.reflec ᶜ ᵐ
+
+	ᵃ Shows another domain; preemptable redirect
+	ᵐ Mismatched
+
+
+	These altnames do not exist:
+
+		- ameslab.gov
+
+-->
+<ruleset name="Ames Lab.gov (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<!--target host="alvideo.ameslab.gov" /-->
+	<target host="cmi.ameslab.gov" />
+	<target host="webmail.ameslab.gov" />
+	<target host="www.ameslab.gov" />
+
+	<!--	Complications:
+				-->
+	<target host="www.external.ameslab.gov" />
+	<!--target host="www.icq9.ameslab.gov" /-->
+	<!--target host="www.msg.ameslab.gov" /-->
+	<!--target host="www.quasi.ameslab.gov" /-->
+	<!--target host="www.reflec.ameslab.gov" /-->
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<!--	Redirect keeps all:
+					-->
+	<rule from="^http://www\.external\.ameslab\.gov/"
+		to="https://www.ameslab.gov/" />
+
+	<!--	Redirect drops single \?:
+						-->
+	<!--rule from="^http://www\.(icq9|quasi)\.ameslab\.gov/\??$"
+		to="https://alvideo.ameslab.gov/archive/$1" /-->
+
+		<!--test url="http://www.icq9.ameslab.gov/?" /-->
+		<!--test url="http://www.quasi.ameslab.gov/?" /-->
+
+	<!--	Redirect prepends forward slash:
+						-->
+	<!--rule from="^http://www\.(icq9|quasi|reflec)\.ameslab\.gov/"
+		to="https://alvideo.ameslab.gov/archive/$1/" /-->
+
+		<!--test url="http://www.icq9.ameslab.gov/Award%20Winners.html" /-->
+		<!--test url="http://www.quasi.ameslab.gov/Bib.html" /-->
+		<!--test url="http://www.reflec.ameslab.gov/?" /-->
+
+	<!--rule from="^http://www\.msg\.ameslab\.gov/"
+		to="https://www.msg.chem.iastate.edu/" /-->
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/amplience.com.xml b/src/chrome/content/rules/amplience.com.xml
new file mode 100644
index 000000000000..f103a7be5c18
--- /dev/null
+++ b/src/chrome/content/rules/amplience.com.xml
@@ -0,0 +1,20 @@
+<!--
+	Other Amplience rulesets:
+
+		- Adis.ws.xml
+
+-->
+<ruleset name="Amplience.com">
+
+	<target host="cdn-media.amplience.com" />
+
+		<test url="http://cdn-media.amplience.com/annsummers/viewerv3/dist/viewer.css" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ampravda.ru.xml b/src/chrome/content/rules/ampravda.ru.xml
new file mode 100644
index 000000000000..f134bd3fe9ca
--- /dev/null
+++ b/src/chrome/content/rules/ampravda.ru.xml
@@ -0,0 +1,5 @@
+<ruleset name="ampravda.ru">
+	<target host="ampravda.ru" />
+	<target host="www.ampravda.ru" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/amule.org.xml b/src/chrome/content/rules/amule.org.xml
new file mode 100644
index 000000000000..d8cd31520b4b
--- /dev/null
+++ b/src/chrome/content/rules/amule.org.xml
@@ -0,0 +1,19 @@
+<!--
+	Fetch error: http://ftp.amule.org/ => https://ftp.amule.org/: (51, "SSL: no alternative certificate subject name matches target host name 'ftp.amule.org'")
+	Fetch error: http://imap.amule.org/ => https://imap.amule.org/: (51, "SSL: no alternative certificate subject name matches target host name 'imap.amule.org'")
+	Fetch error: http://mail.amule.org/ => https://mail.amule.org/: (51, "SSL: no alternative certificate subject name matches target host name 'mail.amule.org'")
+	Fetch error: http://smtp.amule.org/ => https://smtp.amule.org/: (51, "SSL: no alternative certificate subject name matches target host name 'smtp.amule.org'")
+
+	Mixed content:
+		forum.amule.org
+		test.amule.org
+		wiki.amule.org
+-->
+<ruleset name="amule.org">
+	<target host="amule.org" />
+	<target host="www.amule.org" />
+	<target host="bugs.amule.org" />
+	<target host="webmail.amule.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/analog.com.xml b/src/chrome/content/rules/analog.com.xml
new file mode 100644
index 000000000000..7270d064c117
--- /dev/null
+++ b/src/chrome/content/rules/analog.com.xml
@@ -0,0 +1,322 @@
+<!--
+	Invalid certificate:
+		app-ez.analog.com
+		app-ezchina.analog.com
+		automotive.analog.com
+		www.blog.analog.com
+		building-technology.analog.com
+		communications.analog.com
+		consumer.analog.com
+		designtools.analog.com
+		adisimrf.download.analog.com
+		compass.download.analog.com
+		dspcollaborative.analog.com
+		ebm.analog.com
+		eforms.analog.com
+		elq.analog.com
+		energy.analog.com
+		eq.analog.com
+		eztest.analog.com
+		f.analog.com
+		app.h.analog.com
+		images.h.analog.com
+		forms.analog.com
+		healthcare.analog.com
+		m.analog.com
+		mil-aero.analog.com
+		motorcontrol.analog.com
+		nwd2ns1.analog.com
+		processcontrol.analog.com
+		mobile.prxapps.analog.com
+		r.analog.com
+		reg.analog.com
+		s.analog.com
+		search.analog.com
+		testf.analog.com
+		testm.analog.com
+		tests.analog.com
+		videos.analog.com
+		entsearch-dev.web.analog.com
+		docuportal.web.analog.com
+		wm.analog.com
+		wm-test.analog.com
+
+	Refused:
+		adgtlyncext.analog.com
+		adgtwacext.analog.com
+		adgwc.analog.com
+		conference.analog.com
+		info.analog.com
+		r196.info.analog.com
+		r197.info.analog.com
+		r198.info.analog.com
+		r199.info.analog.com
+		info2.analog.com
+		limklyncext.analog.com
+		limwc.analog.com
+		sclav.analog.com
+		sclwc.analog.com
+		wilav.analog.com
+		wilwc.analog.com
+
+	Time out:
+		adfs.analog.com
+		adgtav.analog.com
+		adi.analog.com
+		adias2-test.analog.com
+		adinet.analog.com
+		adisearch.analog.com
+		analogitlab.analog.com
+		sts.analogitlab.analog.com
+		as.analog.com
+		apps.analog.com
+		ashbftp.analog.com
+		ashqasip.analog.com
+		ashqawacext.analog.com
+		ashqawc.analog.com
+		ashskypeqaext.analog.com
+		astest.analog.com
+		autodiscover.analog.com
+		b.analog.com
+		benefits.analog.com
+		bitbucket-ext.analog.com
+		mx.c.analog.com
+		www.cldnet.analog.com
+		www-dev.cldnet.analog.com
+		www-qa.cldnet.analog.com
+		collaborate.analog.com
+		commerce.analog.com
+		content.analog.com
+		connections.corpnt.analog.com
+		connectionsqa.corpnt.analog.com
+		my.corpnt.analog.com
+		myqa.corpnt.analog.com
+		search.corpnt.analog.com
+		signals.corpnt.analog.com
+		te.corpnt.analog.com
+		teams.corpnt.analog.com
+		teams2.corpnt.analog.com
+		www-dev.corpnt.analog.com
+		cwa.analog.com
+		as.cwa.analog.com
+		download.cwa.analog.com
+		deviceapps.analog.com
+		devicemail.analog.com
+		devicemail-qa.analog.com
+		dialogp.analog.com
+		distiportalsso.analog.com
+		dweb.analog.com
+		ecns.analog.com
+		email.analog.com
+		employee.analog.com
+		ews.analog.com
+		autodiscover.exchange.analog.com
+		eztest-demo.analog.com
+		eztest-stage.analog.com
+		ftp.analog.com
+		ftp2.analog.com
+		wcus.glob.analog.com
+		hybrid1.analog.com
+		hybrid2.analog.com
+		hybrid3.analog.com
+		im.analog.com
+		res.info2.analog.com
+		instrumentation.analog.com
+		japan.analog.com
+		adrv9009.rv.labs.analog.com
+		license.analog.com
+		lim2ces1.analog.com
+		mail01.h.analog.com
+		mail02.h.analog.com
+		mail03.h.analog.com
+		mdm.analog.com
+		mdm-qa.analog.com
+		meetingplace.analog.com
+		meetingplace2.analog.com
+		mobile.analog.com
+		my2.analog.com
+		nwd2ces1.analog.com
+		nwd2dg.analog.com
+		nwd2ew1.analog.com
+		nwd2ftp1.analog.com
+		nwd2gtw1.analog.com
+		nwd2gtw2.analog.com
+		nwd2mail10.analog.com
+		nwd2mail11.analog.com
+		nwd2mail12.analog.com
+		nwd2mail13.analog.com
+		nwd2mail3.analog.com
+		nwd2mime1.analog.com
+		nwd2mpwebe2.analog.com
+		nwd2mpwebi2.analog.com
+		nwd2mta1.analog.com
+		nwd2mta2.analog.com
+		nwd2mta3.analog.com
+		nwd2mta4.analog.com
+		nwd2ns1s.analog.com
+		nwd2www1.analog.com
+		o365hybrid.analog.com
+		ocs.analog.com
+		ocsav.analog.com
+		ocsext.analog.com
+		ocswc.analog.com
+		opportunity.analog.com
+		origin-automotive.analog.com
+		origin-building-technology.analog.com
+		origin-communications.analog.com
+		origin-consumer.analog.com
+		origin-energy.analog.com
+		origin-form.analog.com
+		origin-forms.analog.com
+		origin-healthcare.analog.com
+		origin-instrumentation.analog.com
+		origin-mil-aero.analog.com
+		origin-motorcontrol.analog.com
+		origin-my.analog.com
+		origin-processcontrol.analog.com
+		origin-search.analog.com 
+		origin-security-surveillance.analog.com
+		owa.analog.com
+		owatest.analog.com
+		passwordreset.analog.com
+		processcontrolp.analog.com
+		scla1ces1.analog.com
+		searchservice.analog.com
+		search2.analog.com
+		secureftp.analog.com
+		secureftp-dev.analog.com
+		secureftp-qa.analog.com
+		security-surveillance.analog.com
+		seeit.analog.com
+		sentry.analog.com
+		sftp.analog.com
+		sftp2.analog.com
+		sj.analog.com
+		enterprise.sso.analog.com
+		login.sso.analog.com
+		tucson.analog.com
+		uwm.analog.com
+		watchdox.analog.com
+		adijama.web.analog.com
+		communities.web.analog.com
+		hr.web.analog.com
+		projects.web.analog.com
+		search.web.analog.com
+		spowa.web.analog.com
+		wiki.web.analog.com
+		webex.analog.com
+		webservices.analog.com
+		www.wiki.analog.com
+		wilmav.analog.com
+		wilmsip.analog.com
+		wilmwacext.analog.com
+		wilmwc.analog.com
+		wilmlyncext.analog.com
+		wm-qa.analog.com
+		www-corp.analog.com
+
+	Unreachable:
+		adgtsip.analog.com
+		adgtwc.analog.com
+		adias2.analog.com
+		limkav.analog.com
+		limksip.analog.com
+		limkwc.analog.com
+-->
+<ruleset name="analog.com">
+	<target host="analog.com" />
+	<target host="www.analog.com" />
+	<target host="aa.analog.com" />
+	<target host="adgsip.analog.com" />
+	<target host="adgtextoos.analog.com" />
+	<target host="adgtskypeext.analog.com" />
+	<target host="akamai-limkswssl1.analog.com" />
+	<target host="alliances.analog.com" />
+	<target host="assets.analog.com" />
+	<target host="bangswssl1.analog.com" />
+	<target host="beta-tools.analog.com" />
+	<target host="auth.hclqa.care.analog.com" />
+	<target host="cpm.hclqa.care.analog.com" />
+	<target host="auth.perf.care.analog.com" />
+	<target host="cpm.perf.care.analog.com" />
+	<target host="auth.qa.care.analog.com" />
+	<target host="cpm.qa.care.analog.com" />
+	<target host="careers.analog.com" />
+	<target host="remotedevapp-dev.cldnet.analog.com" />
+	<target host="wcm-dev.cldnet.analog.com" />
+	<target host="wcm-qa.cldnet.analog.com" />
+	<target host="wcm-dev.corpnt.analog.com" />
+	<target host="wcm-qa.corpnt.analog.com" />
+	<target host="dialin.analog.com" />
+	<target host="distributor.analog.com" />
+	<target host="download.analog.com" />
+	<target host="ez.analog.com" />
+	<target host="ezchina.analog.com" />
+	<target host="failover.analog.com" />
+	<target host="fastlink.analog.com" />
+	<target host="form.analog.com" />
+	<target host="geo.analog.com" />
+	<target host="m.info.analog.com" />
+	<target host="m.info2.analog.com" />
+	<target host="t.info.analog.com" />
+	<target host="t.info2.analog.com" />
+	<target host="investor.analog.com" />
+	<target host="istg.analog.com" />
+	<target host="jira.analog.com" />
+	<target host="labs.analog.com" />
+	<target host="limextoos.analog.com" />
+	<target host="limkswssl1.analog.com" />
+	<target host="limkswssl2.analog.com" />
+	<target host="limkwacext.analog.com" />
+	<target host="limsip.analog.com" />
+	<target host="limskypeext.analog.com" />
+	<target host="ltpowercad.analog.com" />
+	<target host="ltpowerplay.analog.com" />
+	<target host="ltspice.analog.com" />
+	<target host="lyncdiscover.analog.com" />
+	<target host="meet.analog.com" />
+	<target host="my.analog.com" />
+	<target host="nwd2avpn1.analog.com" />
+	<target host="nwd2avpn2.analog.com" />
+	<target host="nwd2swssl1.analog.com" />
+	<target host="nwd2swssl2.analog.com" />
+	<target host="playground.analog.com" />
+	<target host="registration.analog.com" />
+	<target host="quality.analog.com" />
+	<target host="samples.analog.com" />
+	<target host="schedule.analog.com" />
+	<target host="sclsip.analog.com" />
+	<target host="sclskypeext.analog.com" />
+	<target host="sclwacext.analog.com" />
+	<target host="sdk.analog.com" />
+	<target host="sell.analog.com" />
+	<target host="sell-staging.analog.com" />
+	<target host="shoppingcart.analog.com" />
+	<target host="ebiz.sso.analog.com" />
+	<target host="sts.analog.com" />
+	<target host="svs.analog.com" />
+	<target host="swdownloads.analog.com" />
+	<target host="tools.analog.com" />
+	<target host="vpn.analog.com" />
+	<target host="entsearch.web.analog.com" />
+	<target host="entsearch-qa.web.analog.com" />
+	<target host="events.web.analog.com" />
+	<target host="help.web.analog.com" />
+	<target host="thecircuit.web.analog.com" />
+	<target host="thecircuit-dev.web.analog.com" />
+	<target host="thecircuit-qa.web.analog.com" />
+	<target host="vgtc.web.analog.com" />
+	<target host="webtier.analog.com" />
+	<target host="wiki.analog.com" />
+	<target host="wiki-stage.analog.com" />
+	<target host="wilsip.analog.com" />
+	<target host="wilskypeext.analog.com" />
+	<target host="wilskypelmext.analog.com" />
+	<target host="wilwacext.analog.com" />
+	<target host="workplace.analog.com" />
+	<target host="wwwnocnaccl.analog.com" />
+	<target host="wwwnocnaccl-stage.analog.com" />
+
+	<rule from="^http://analog\.com/" to="https://www.analog.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/anchor.net.au.xml b/src/chrome/content/rules/anchor.net.au.xml
new file mode 100644
index 000000000000..2fe4507b14ac
--- /dev/null
+++ b/src/chrome/content/rules/anchor.net.au.xml
@@ -0,0 +1,18 @@
+<!--
+	For other Anchor coverage, see Anchor.xml.
+
+-->
+<ruleset name="Anchor.net.au">
+
+	<target host="anchor.net.au" />
+	<target host="webmail.anchor.net.au" />
+	<target host="www.anchor.net.au" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/anderslernen.at.xml b/src/chrome/content/rules/anderslernen.at.xml
new file mode 100644
index 000000000000..cdf42b90501b
--- /dev/null
+++ b/src/chrome/content/rules/anderslernen.at.xml
@@ -0,0 +1,7 @@
+<ruleset name="anderslernen.at">
+	<target host="anderslernen.at" />
+	<target host="www.anderslernen.at" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/andrewmohawk.com.xml b/src/chrome/content/rules/andrewmohawk.com.xml
new file mode 100644
index 000000000000..0bf0f68f3afc
--- /dev/null
+++ b/src/chrome/content/rules/andrewmohawk.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="andrewmohawk.com">
+
+	<target host="andrewmohawk.com" />
+	<target host="www.andrewmohawk.com" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/angband.pl.xml b/src/chrome/content/rules/angband.pl.xml
new file mode 100644
index 000000000000..111be59e8468
--- /dev/null
+++ b/src/chrome/content/rules/angband.pl.xml
@@ -0,0 +1,33 @@
+<!--
+	Invalid certificate:
+		dns1.angband.pl
+		maildns.angband.pl
+		tartarus.angband.pl
+		w2.angband.pl
+
+	Refused:
+		vpn.angband.pl
+
+	Time out:
+		dis1.angband.pl
+		dns0.angband.pl
+		tartarus1.angband.pl
+
+	Unreachable:
+		dis.angband.pl
+		dis2.angband.pl
+		dns1.angband.pl
+		kholdan.angband.pl
+		mordor.angband.pl
+		ntp.angband.pl
+		rhun.angband.pl
+-->
+<ruleset name="angband.pl">
+	<target host="angband.pl" />
+	<target host="www.angband.pl" />
+	<target host="mail.angband.pl" />
+	<target host="pmdk.angband.pl" />
+	<target host="pmdk-dev.angband.pl" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/angr.io.xml b/src/chrome/content/rules/angr.io.xml
new file mode 100644
index 000000000000..73712a349120
--- /dev/null
+++ b/src/chrome/content/rules/angr.io.xml
@@ -0,0 +1,13 @@
+<!--
+        Time out:
+                api.angr.io
+                ci.angr.io
+-->
+<ruleset name="angr.io">
+	<target host="angr.io" />
+	<target host="www.angr.io" />
+	<target host="docs.angr.io" />
+
+	<rule from="^http://www\.angr\.io/" to="https://angr.io/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/aniart.com.ua.xml b/src/chrome/content/rules/aniart.com.ua.xml
new file mode 100644
index 000000000000..c1a3163a53f4
--- /dev/null
+++ b/src/chrome/content/rules/aniart.com.ua.xml
@@ -0,0 +1,31 @@
+<!--
+a.aniart.com.ua ³
+b.aniart.com.ua ⁴
+beta.aniart.com.ua ⁴
+crm.aniart.com.ua non-2xx http code
+d.aniart.com.ua ²
+delta.aniart.com.ua ²
+fotoshop.aniart.com.ua non-2xx http code
+fotto.aniart.com.ua non-2xx http code
+mail.aniart.com.ua ⁴
+omega.aniart.com.ua ²
+common.aniart.com.ua different content
+gamma.aniart.com.ua different content
+j.aniart.com.ua different content
+
+
+² refused
+³ timed out
+⁴ self signed
+-->
+<ruleset name="aniart.com.ua">
+	<target host="aniart.com.ua" />
+	<target host="www.aniart.com.ua" />
+	<target host="g.aniart.com.ua" />
+	<target host="jira.aniart.com.ua" />
+	<target host="o.aniart.com.ua" />
+	<target host="sd.aniart.com.ua" />
+	<target host="wiki.aniart.com.ua" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/anibis.ch.xml b/src/chrome/content/rules/anibis.ch.xml
new file mode 100644
index 000000000000..1f810a0450bf
--- /dev/null
+++ b/src/chrome/content/rules/anibis.ch.xml
@@ -0,0 +1,61 @@
+<!--
+	Problematic hosts in *anibis.ch:
+
+		- show *
+
+	* Expired
+
+
+	Fully covered hosts in *anibis.ch:
+
+		- ^
+		- can01
+		- m
+
+
+	Insecure cookies are set for these hosts:
+
+		- m.anibis.ch
+		- show.anibis.ch
+
+-->
+<ruleset name="anibis.ch (partial)">
+
+	<!--	Direct rewrites:
+				-->
+  <target host="anibis.ch"/>
+	<target host="can01.anibis.ch" />
+	<target host="m.anibis.ch"/>
+	<!--target host="show.anibis.ch"/-->
+	<target host="www.anibis.ch"/>
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.anibis\.ch/default\.aspx?wl=1&amp;lng=\w\w" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.anibis\.ch/+(?!\w\w/login\.aspx|ui/Anibis/css-public)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.anibis.ch/fr/automobiles--4/advertlist.aspx" />
+			<test url="http://www.anibis.ch/default.aspx?wl=1&amp;lng=en" />
+			<test url="http://www.anibis.ch/default.aspx?wl=1&amp;lng=fr" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.anibis.ch/fr/login.aspx" />
+			<test url="http://www.anibis.ch/ui/Anibis/css-public?v=" />
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^m\.anibis\.ch$" name="^(ASP\.NET_SessionId|xm_aniweb)$" /-->
+	<!--securecookie host="^show\.anibis\.ch$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^m\.anibis\.ch$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/animenewsnetwork.xml b/src/chrome/content/rules/animenewsnetwork.xml
new file mode 100644
index 000000000000..f6aea1eba083
--- /dev/null
+++ b/src/chrome/content/rules/animenewsnetwork.xml
@@ -0,0 +1,35 @@
+<!--
+	SSL provided by CloudFlare
+
+	Causes some minor passive mixed content,
+	but it doesn't seem to break the site if blocked anyway.
+-->
+
+<ruleset name="Anime News Network">
+  <target host="animenewsnetwork.com" />
+  <target host="www.animenewsnetwork.com" />
+  <target host="fast.animenewsnetwork.com" />
+  <target host="admin.animenewsnetwork.com" />
+  <target host="cdn.animenewsnetwork.com" />
+  <target host="cdn01.animenewsnetwork.com" />
+  <target host="cdn02.animenewsnetwork.com" />
+  <target host="cdn03.animenewsnetwork.com" />
+  <target host="m.animenewsnetwork.com" />
+
+  <!--
+	Disable securecookie for (.)animenewsnetwork.com to avoid login problems,
+	as per https://github.com/EFForg/https-everywhere/issues/1584
+		<securecookie host="^(\.)?animenewsnetwork\.com$" name=".+" />
+  -->
+
+  <securecookie host="^www\.animenewsnetwork\.com$" name=".+" />
+  <securecookie host="^fast\.animenewsnetwork\.com$" name=".+" />
+  <securecookie host="^admin\.animenewsnetwork\.com$" name=".+" />
+  <securecookie host="^cdn\.animenewsnetwork\.com$" name=".+" />
+  <securecookie host="^cdn01\.animenewsnetwork\.com$" name=".+" />
+  <securecookie host="^cdn02\.animenewsnetwork\.com$" name=".+" />
+  <securecookie host="^cdn03\.animenewsnetwork\.com$" name=".+" />
+  <securecookie host="^m\.animenewsnetwork\.com$" name=".+" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/annalindhfoundation.org.xml b/src/chrome/content/rules/annalindhfoundation.org.xml
new file mode 100644
index 000000000000..5b9cd250011b
--- /dev/null
+++ b/src/chrome/content/rules/annalindhfoundation.org.xml
@@ -0,0 +1,25 @@
+<!--
+	^annalindhfoundation.org: Mismatched
+
+-->
+<ruleset name="Anna Lindh Foundation.org" default_off="expired">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.annalindhfoundation.org" />
+
+	<!--	Complications:
+				-->
+	<target host="annalindhfoundation.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://annalindhfoundation\.org/"
+		to="https://www.annalindhfoundation.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/annmichaelsen.com.xml b/src/chrome/content/rules/annmichaelsen.com.xml
new file mode 100644
index 000000000000..6685b86ce16f
--- /dev/null
+++ b/src/chrome/content/rules/annmichaelsen.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="annmichaelsen.com">
+	<target host="annmichaelsen.com" />
+	<target host="www.annmichaelsen.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/annotum.org.xml b/src/chrome/content/rules/annotum.org.xml
new file mode 100644
index 000000000000..3baf4ccf9ead
--- /dev/null
+++ b/src/chrome/content/rules/annotum.org.xml
@@ -0,0 +1,20 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://annotum.org/ => https://annotum.org/: (51, "SSL: no alternative certificate subject name matches target host name 'annotum.org'")
+Fetch error: http://www.annotum.org/ => https://www.annotum.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.annotum.org'")
+
+-->
+<ruleset name="Annotum.org" default_off="failed ruleset test">
+
+	<target host="annotum.org" />
+	<target host="www.annotum.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/anonym.to.xml b/src/chrome/content/rules/anonym.to.xml
new file mode 100644
index 000000000000..3797bb7b2851
--- /dev/null
+++ b/src/chrome/content/rules/anonym.to.xml
@@ -0,0 +1,12 @@
+<!--
+	Timeout:
+		w.anonym.to
+-->
+<ruleset name="anonym.to">
+	<target host="anonym.to" />
+	<target host="www.anonym.to" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/anquan.org.xml b/src/chrome/content/rules/anquan.org.xml
new file mode 100644
index 000000000000..a0ef80b067ee
--- /dev/null
+++ b/src/chrome/content/rules/anquan.org.xml
@@ -0,0 +1,19 @@
+<!--
+	Mismatch:
+		email.anquan.org
+		zhanzhang.anquan.org
+-->
+
+<ruleset name="anquan.org">
+	<target host="anquan.org" />
+	<target host="www.anquan.org" />
+	<target host="about.anquan.org" />
+	<target host="appeal.anquan.org" />
+	<target host="join.anquan.org" />
+	<target host="jubao.anquan.org" />
+	<target host="static.anquan.org" />
+	<target host="tort.anquan.org" />
+	<target host="v.anquan.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/anskaffelser.no.xml b/src/chrome/content/rules/anskaffelser.no.xml
new file mode 100644
index 000000000000..f8c7053b3bc0
--- /dev/null
+++ b/src/chrome/content/rules/anskaffelser.no.xml
@@ -0,0 +1,13 @@
+<ruleset name="Anskaffelser.no">
+
+	<target host="anskaffelser.no" />
+	<target host="www.anskaffelser.no" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/anthem.com.xml b/src/chrome/content/rules/anthem.com.xml
new file mode 100644
index 000000000000..11259621258a
--- /dev/null
+++ b/src/chrome/content/rules/anthem.com.xml
@@ -0,0 +1,218 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ant.anthem.com/ => https://ant.anthem.com/: (6, 'Could not resolve host: ant.anthem.com')
+Fetch error: http://enrollment-info.anthem.com/ => https://enrollment-info.anthem.com/: (6, 'Could not resolve host: enrollment-info.anthem.com')
+Fetch error: http://brokerportal.mo.anthem.com/ => https://brokerportal.mo.anthem.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://pd2.anthem.com/ => https://pd2.anthem.com/: (6, 'Could not resolve host: pd2.anthem.com')
+Fetch error: http://pd.secure.anthem.com/ => https://pd.secure.anthem.com/: (56, 'SSL read: error:00000000:lib(0):func(0):reason(0), errno 104')
+Fetch error: http://www21.anthem.com/ => https://www21.anthem.com/: (60, 'SSL certificate problem: certificate has expired')
+
+	NB: p://www.providerfinder.../$ redirects
+	to s: 404 ?=> test failure
+
+	NB: p://pd.secure.../$ redirects to s:,
+	which resets connection ?=> test failure
+
+	Other Anthem rulesets:
+
+		- empireblue.com.xml
+
+
+	Nonfunctional hosts in *anthem.com:
+
+		- connects ʳ
+		- consultants ᶠ
+		- employernews ⁴
+		- group ʰ
+		- health ʰ
+		- healthandwellness ¹
+		- sgplans ʳ
+		- ca.sgplans ʳ
+		- smallbusiness ʰ
+		- timewallspent ᵈ
+		- timewallspent-ca ᵇ
+		- wellnesscalendar ᶠ
+		- why ʰ
+
+	¹ 401
+	⁴ 404
+	ᵇ Shows default page
+	ᵈ Dropped
+	ᶠ Handshake fails
+	ʰ Redirects to http
+	ʳ Redirect
+
+
+	Problematic hosts in *anthem.com:
+
+		- mss.cammp ᵈ
+		- myplan ᵐ
+		- www.news ᵐ
+		- www.resourceadvisor ⁴
+		- transformationcentral ᵉ ᵐ
+
+	⁴ 404, preemptable redirect
+	ᵈ Dropped, preemptable redirect
+	ᵉ Expired
+	ᵐ Mismatched
+	ˢ Self-signed
+
+
+	These altnames do not exist:
+
+		- ghealthcare.providerfinder.anthem.com
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- .anthem.com
+		- ant.anthem.com
+		- anthemwtsdc.anthem.com
+		- brokerportal.anthem.com
+		- es.ca.anthem.com
+		- clientnews.anthem.com
+		- consultantnews.anthem.com
+		- poc.corp.anthem.com
+		- employer1.anthem.com
+		- enrollment-info.anthem.com
+		- eoc.anthem.com
+		- es.anthem.com
+		- ghealthcare.anthem.com
+		- le.anthem.com
+		- m.anthem.com
+		- mediproviders.anthem.com
+		- mss.anthem.com
+		- news.anthem.com
+		- secured.ols.anthem.com
+		- payment.anthem.com
+		- payment-ca.anthem.com
+		- pd2.anthem.com
+		- plan-summaries.anthem.com
+		- www.plan-summaries.anthem.com
+		- poc.anthem.com
+		- central.provider.anthem.com
+		- www.providerfinder.anthem.com
+		- sbc.anthem.com
+		- seca.anthem.com
+		- pd.secure.anthem.com
+		- shop.anthem.com
+		- brokerportal.va.anthem.com
+		- www.anthem.com
+		- www21.anthem.com
+		- www22.anthem.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css on entrollment-info from fonts.googleapis.com ˢ
+		- Bug on employer1, provider2 anthemwtsdc.anthem.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Anthem.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="anthem.com" />
+	<target host="ant.anthem.com" />
+	<target host="anthemwtsdc.anthem.com" />
+	<target host="brokerportal.anthem.com" />
+	<target host="es.ca.anthem.com" />
+	<target host="clientnews.anthem.com" />
+	<target host="consultantnews.anthem.com" />
+	<target host="poc.corp.anthem.com" />
+	<target host="employer1.anthem.com" />
+	<target host="enrollment-info.anthem.com" />
+	<target host="eoc.anthem.com" />
+	<target host="es.anthem.com" />
+	<target host="ghealthcare.anthem.com" />
+	<target host="www.hipaatesting.anthem.com" />
+	<target host="le.anthem.com" />
+	<target host="m.anthem.com" />
+	<target host="mediproviders.anthem.com" />
+	<target host="brokerportal.mo.anthem.com" />
+	<target host="mss.anthem.com" />
+	<target host="news.anthem.com" />
+	<target host="secured.ols.anthem.com" />
+	<target host="payment.anthem.com" />
+	<target host="payment-ca.anthem.com" />
+	<target host="pd2.anthem.com" />
+	<target host="plan-summaries.anthem.com" />
+	<target host="www.plan-summaries.anthem.com" />
+	<target host="poc.anthem.com" />
+	<target host="central.provider.anthem.com" />
+	<target host="provider2.anthem.com" />
+	<target host="www.providerfinder.anthem.com" />
+	<target host="sbc.anthem.com" />
+	<target host="www.sbc.anthem.com" />
+	<target host="seca.anthem.com" />
+	<target host="pd.secure.anthem.com" />
+	<target host="pd2.secure.anthem.com" />
+	<target host="shop.anthem.com" />
+	<target host="brokerportal.va.anthem.com" />
+	<target host="wcs.anthem.com" />
+	<target host="www.wcs.anthem.com" />
+	<target host="www.anthem.com" />
+	<target host="www13.anthem.com" />
+	<target host="www21.anthem.com" />
+	<target host="www22.anthem.com" />
+
+		<!--	$ shows default page, so:
+							-->
+		<test url="http://www22.anthem.com/lgbt/" />
+
+		<!--	Sets cookies without Secure:
+							-->
+		<!--test url="http://anthemwtsdc.anthem.com/[\da-f_]+/njs.gif?dcsuri=/nojavascript&amp;WT.js=&amp;WT.tv=&amp;dcssip=" /-->
+		<!--test url="http://brokerportal.anthem.com/ehb/web/bkr/acc/login.htm" /-->
+		<!--test url="http://seca.anthem.com/regemp/StartGDMReg.jsp" /-->
+		<!--test url="http://pd.secure.anthem.com/ebs/act/login.htm" /-->
+
+	<!--	Complications:
+				-->
+	<target host="mss.cammp.anthem.com" />
+	<target host="www.news.anthem.com" />
+	<target host="www.resourceadvisor.anthem.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.anthem\.com$" name="^TLTSID$" /-->
+	<!--securecookie host="^anthemwtsdc\.anthem\.com$" name="^(?:ant|WEBTRENDS_ID)$" /-->
+	<!--securecookie host="^(?:brokerportal|es\.ca|poc\.corp|es|ghealthcare|le|mediproviders|mss|secured\.ols|pd2|poc|central\.provider|www\.providerfinder|seca|shop|brokerportal\.va|www2[12])\.anthem\.com$" name="^ant$" /-->
+	<!--securecookie host="^(?:client|consultant)?news\.anthem\.com$" name="^(?:PHPSESSID|bi_wp_bcp_return|exp_last_activity|exp_last_visit|exp_tracker)$" /-->
+	<!--securecookie host="^enrollment-info\.anthem\.com$" name="^(?:t_session|visitorid)$" /-->
+	<!--securecookie host="^(?:eoc|(?:www\.)?plan-summaries|sbc)\.anthem\.com$" name="^(?:JSESSIONID|ant|ice\.push\.browser)$" /-->
+	<!--securecookie host="^m\.anthem\.com$" name="^(?:JSESSIONID|ant)$" /-->
+	<!--securecookie host="^payment(?:-ca)?\.anthem\.com$" name="^(?:JSESSIONID|ant)$" /-->
+	<!--securecookie host="^www\.anthem\.com$" name="^ebizs$" /-->
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<!--	Redirect drops all:
+					-->
+	<rule from="^http://mss\.cammp\.anthem\.com/.*"
+		to="https://mss.anthem.com/cammp" />
+
+		<test url="http://mss.cammp.anthem.com/About.aspx" />
+
+	<rule from="^http://www\.news\.anthem\.com/"
+		to="https://news.anthem.com/" />
+
+	<!--	Redirect drops all:
+					-->
+	<rule from="^http://www\.resourceadvisor\.anthem\.com/.*"
+		to="https://www.powerflexweb.com/1631/loginanthemresourceadvisor.html" />
+
+		<test url="http://www.resourceadvisor.anthem.com/index.html" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/anticenz.org.xml b/src/chrome/content/rules/anticenz.org.xml
new file mode 100644
index 000000000000..f5d2105f235f
--- /dev/null
+++ b/src/chrome/content/rules/anticenz.org.xml
@@ -0,0 +1,7 @@
+<ruleset name="anticenz.org">
+	<target host="anticenz.org" />
+	<target host="www.anticenz.org" />
+	<target host="config.anticenz.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/antidiskriminierungsstelle.de.xml b/src/chrome/content/rules/antidiskriminierungsstelle.de.xml
new file mode 100644
index 000000000000..9ddfaec696b5
--- /dev/null
+++ b/src/chrome/content/rules/antidiskriminierungsstelle.de.xml
@@ -0,0 +1,11 @@
+<ruleset name="Antidiskriminierungsstelle des Bundes">
+	<!-- Federal Anti-Discrimination Agency -->
+
+	<target host="antidiskriminierungsstelle.de" />
+	<target host="www.antidiskriminierungsstelle.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/antifascistnetwork.org.xml b/src/chrome/content/rules/antifascistnetwork.org.xml
new file mode 100644
index 000000000000..35ac9c3b4a77
--- /dev/null
+++ b/src/chrome/content/rules/antifascistnetwork.org.xml
@@ -0,0 +1,25 @@
+<!--
+	^antifascistnetwork.org: Refused
+
+-->
+<ruleset name="Anti-Fascist Network.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="antifascistnetwork.org" />
+
+	<!--	Complications:
+				-->
+	<target host="www.antifascistnetwork.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://www\.antifascistnetwork\.org/"
+		to="https://antifascistnetwork.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/antsdaq.com.xml b/src/chrome/content/rules/antsdaq.com.xml
new file mode 100644
index 000000000000..93accd33c47c
--- /dev/null
+++ b/src/chrome/content/rules/antsdaq.com.xml
@@ -0,0 +1,27 @@
+<!--
+	For other Alibaba coverage, see Alibaba.xml.
+
+
+	Insecure cookies are set for these domains:
+
+		- .antsdaq.com
+
+-->
+<ruleset name="ANTSDAQ.com">
+
+	<target host="antsdaq.com" />
+	<target host="i.antsdaq.com" />
+	<target host="www.antsdaq.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.antsdaq\.com$" name="^ALIPAYJSESSIONID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/anwiki.com.xml b/src/chrome/content/rules/anwiki.com.xml
new file mode 100644
index 000000000000..065cbbab045d
--- /dev/null
+++ b/src/chrome/content/rules/anwiki.com.xml
@@ -0,0 +1,41 @@
+<!--
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- anwiki.com
+		- .anwiki.com
+		- bugs.anwiki.com
+		- doc.anwiki.com
+		- www.anwiki.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Image on bugs from www.anwiki.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Anwiki.com">
+
+	<target host="anwiki.com" />
+	<target host="bugs.anwiki.com" />
+	<target host="doc.anwiki.com" />
+	<target host="forum.anwiki.com" />
+	<target host="www.anwiki.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:doc\.|www\.)?anwiki\.com$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^\.anwiki\.com$" name="^anwiki_www_anwphpsesscode$" /-->
+	<!--securecookie host="^bugs\.anwiki\.com$" name="^(?:FreeSoftware|GetFirefox|NoMicrosoft|ReadTheFAQ|RTFM|SubliminalAdvertising|ThingB4Replying|UseLinux|VisitAU|flyspray_project)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/aon.com.xml b/src/chrome/content/rules/aon.com.xml
new file mode 100644
index 000000000000..71066b792818
--- /dev/null
+++ b/src/chrome/content/rules/aon.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="aon.com">
+
+	<target host="hsbc.tbs.aon.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/apiary.io.xml b/src/chrome/content/rules/apiary.io.xml
new file mode 100644
index 000000000000..4379d7a4af64
--- /dev/null
+++ b/src/chrome/content/rules/apiary.io.xml
@@ -0,0 +1,14 @@
+<!--
+docs.*.apiary.io mismatch
+-->
+<ruleset name="apiary.io">
+	<target host="apiary.io" />
+	<target host="www.apiary.io" />
+	<target host="login.apiary.io" />
+	<target host="enterprise.apiary.io" />
+	<target host="blog.apiary.io" />
+	<target host="help.apiary.io" />
+	<target host="static.apiary.io" />
+	<target host="docs.apiary.io" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/apichangelog.com.xml b/src/chrome/content/rules/apichangelog.com.xml
new file mode 100644
index 000000000000..f6a90abfd804
--- /dev/null
+++ b/src/chrome/content/rules/apichangelog.com.xml
@@ -0,0 +1,12 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://blog.apichangelog.com/ => https://blog.apichangelog.com/: (7, 'Failed to connect to blog.apichangelog.com port 443: Connection refused')
+
+-->
+<ruleset name="apichangelog.com" default_off="failed ruleset test">
+	<target host="apichangelog.com" />
+	<target host="www.apichangelog.com" />
+	<target host="blog.apichangelog.com" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/apikabu.ru.xml b/src/chrome/content/rules/apikabu.ru.xml
new file mode 100644
index 000000000000..4f1cdbf832c3
--- /dev/null
+++ b/src/chrome/content/rules/apikabu.ru.xml
@@ -0,0 +1,10 @@
+<!--
+	Invalid certificate:
+		mail.apikabu.ru
+-->
+<ruleset name="apikabu.ru">
+	<target host="apikabu.ru" />
+	<target host="www.apikabu.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/apk-dl.com.xml b/src/chrome/content/rules/apk-dl.com.xml
new file mode 100644
index 000000000000..f0bb48fe3374
--- /dev/null
+++ b/src/chrome/content/rules/apk-dl.com.xml
@@ -0,0 +1,18 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://dl3.apk-dl.com/ => https://dl3.apk-dl.com/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="apk-dl.com" default_off="failed ruleset test">
+
+	<target host="apk-dl.com" />
+	<target host="www.apk-dl.com" />
+	<target host="dl3.apk-dl.com" />
+
+	<rule from="^http://(?:www\.)?apk-dl\.com/"
+			to="https://apk-dl.com/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/applegate.com.xml b/src/chrome/content/rules/applegate.com.xml
new file mode 100644
index 000000000000..1f96459ffc49
--- /dev/null
+++ b/src/chrome/content/rules/applegate.com.xml
@@ -0,0 +1,19 @@
+<!--
+	Invalid certificate:
+		ask.applegate.com
+		e.applegate.com
+		email.applegate.com
+		locator.applegate.com
+		mobilemail.applegate.com
+		webmail.applegate.com
+-->
+<ruleset name="applegate.com">
+	<target host="applegate.com" />
+	<target host="www.applegate.com" />
+	<target host="autodiscover.applegate.com" />
+	<target host="ftp.applegate.com" />
+	<target host="help.applegate.com" />
+	<target host="mail.applegate.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/apprenticeships.scot.xml b/src/chrome/content/rules/apprenticeships.scot.xml
new file mode 100644
index 000000000000..885c90c94317
--- /dev/null
+++ b/src/chrome/content/rules/apprenticeships.scot.xml
@@ -0,0 +1,38 @@
+<!--
+	For other Skills Development Scotland coverage, see skillsdevelopmentscotland.co.uk.xml.
+
+
+	^apprenticeships.scot: Refused
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.apprenticeships.scot
+
+-->
+<ruleset name="Apprenticeships.scot">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.apprenticeships.scot" />
+
+	<!--	Complications:
+				-->
+	<target host="apprenticeships.scot" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.apprenticeships\.scot$" name="^__RequestVerificationToken$" /-->
+
+	<securecookie host="^\." name="^_gat?$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://apprenticeships\.scot/"
+		to="https://www.apprenticeships.scot/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/approach0.xyz.xml b/src/chrome/content/rules/approach0.xyz.xml
new file mode 100644
index 000000000000..14a73056e3c9
--- /dev/null
+++ b/src/chrome/content/rules/approach0.xyz.xml
@@ -0,0 +1,8 @@
+<ruleset name="approach0.xyz">
+	<target host="approach0.xyz" />
+	<target host="www.approach0.xyz" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/apps-cms.jp.xml b/src/chrome/content/rules/apps-cms.jp.xml
new file mode 100644
index 000000000000..a3c103553208
--- /dev/null
+++ b/src/chrome/content/rules/apps-cms.jp.xml
@@ -0,0 +1,8 @@
+<ruleset name="apps-cms.jp" platform="mixedcontent">
+
+	<target host="apps-cms.jp" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/apps.fm.xml b/src/chrome/content/rules/apps.fm.xml
new file mode 100644
index 000000000000..f611660f80ca
--- /dev/null
+++ b/src/chrome/content/rules/apps.fm.xml
@@ -0,0 +1,17 @@
+<!--
+	www.apps.fm does not exist.
+
+-->
+<ruleset name="apps.fm">
+
+	<target host="apps.fm" />
+	<target host="ad.apps.fm" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/appworks.tw.xml b/src/chrome/content/rules/appworks.tw.xml
new file mode 100644
index 000000000000..8592d94fc0d9
--- /dev/null
+++ b/src/chrome/content/rules/appworks.tw.xml
@@ -0,0 +1,7 @@
+<ruleset name="appworks.tw">
+	<target host="appworks.tw" />
+	<target host="www.appworks.tw" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/appxv.com.xml b/src/chrome/content/rules/appxv.com.xml
new file mode 100644
index 000000000000..66f157f55023
--- /dev/null
+++ b/src/chrome/content/rules/appxv.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="appxv.com">
+	<target host="appxv.com" />
+	<target host="www.appxv.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/apricityos.com.xml b/src/chrome/content/rules/apricityos.com.xml
new file mode 100644
index 000000000000..2dabe98db38a
--- /dev/null
+++ b/src/chrome/content/rules/apricityos.com.xml
@@ -0,0 +1,16 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://apricityos.com/ => https://apricityos.com/: (35, 'Unknown SSL protocol error in connection to apricityos.com:443 ')
+Fetch error: http://www.apricityos.com/ => https://www.apricityos.com/: (35, 'Unknown SSL protocol error in connection to www.apricityos.com:443 ')
+Fetch error: http://static.apricityos.com/ => https://static.apricityos.com/: (35, 'Unknown SSL protocol error in connection to static.apricityos.com:443 ')
+
+-->
+<ruleset name="apricityos.com" default_off="failed ruleset test">
+	<target host="apricityos.com"/>
+	<target host="www.apricityos.com"/>
+	<target host="static.apricityos.com"/>
+
+	<rule from="^http:"
+		to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/apteka.ru.xml b/src/chrome/content/rules/apteka.ru.xml
new file mode 100644
index 000000000000..50219ee9b092
--- /dev/null
+++ b/src/chrome/content/rules/apteka.ru.xml
@@ -0,0 +1,12 @@
+<!--
+srv10554.apteka.ru ²
+
+
+² refused
+-->
+<ruleset name="apteka.ru">
+	<target host="apteka.ru" />
+	<target host="www.apteka.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/apus.agency.xml b/src/chrome/content/rules/apus.agency.xml
new file mode 100644
index 000000000000..30fb4917f86e
--- /dev/null
+++ b/src/chrome/content/rules/apus.agency.xml
@@ -0,0 +1,16 @@
+<!--
+www.apus.agency ¹
+
+
+¹ mismatch
+-->
+<ruleset name="apus.agency">
+	<target host="apus.agency" />
+
+	<target host="www.apus.agency" />
+
+	<rule from="^http://www\.apus\.agency/"
+		to="https://apus.agency/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/apy2000.com.xml b/src/chrome/content/rules/apy2000.com.xml
new file mode 100644
index 000000000000..17b4a98fa07d
--- /dev/null
+++ b/src/chrome/content/rules/apy2000.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="apy2000.com">
+	<target host="apy2000.com" />
+	<target host="www.apy2000.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/arashanhoney.xml b/src/chrome/content/rules/arashanhoney.xml
new file mode 100644
index 000000000000..85a103bf9b9f
--- /dev/null
+++ b/src/chrome/content/rules/arashanhoney.xml
@@ -0,0 +1,6 @@
+<ruleset name="arashanhoney">
+	<target host="arashanhoney.com" />
+	<target host="www.arashanhoney.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/aravot.am.xml b/src/chrome/content/rules/aravot.am.xml
new file mode 100644
index 000000000000..b6a4472f9dff
--- /dev/null
+++ b/src/chrome/content/rules/aravot.am.xml
@@ -0,0 +1,21 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://aravot.am/ => https://aravot.am/: Too many redirects while fetching 'https://aravot.am/'
+Fetch error: http://www.aravot.am/ => https://www.aravot.am/: Too many redirects while fetching 'https://www.aravot.am/'
+Fetch error: http://en.aravot.am/ => https://en.aravot.am/: Too many redirects while fetching 'https://en.aravot.am/'
+Fetch error: http://ru.aravot.am/ => https://ru.aravot.am/: Too many redirects while fetching 'https://ru.aravot.am/'
+
+archive.aravot.am ⁴
+
+
+⁴ self signed
+-->
+<ruleset name="aravot.am" platform="mixedcontent" default_off="failed ruleset test">
+	<target host="aravot.am" />
+	<target host="www.aravot.am" />
+	<target host="en.aravot.am" />
+	<target host="ru.aravot.am" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/archlinuxarm.org.xml b/src/chrome/content/rules/archlinuxarm.org.xml
new file mode 100644
index 000000000000..2d6059c45fa4
--- /dev/null
+++ b/src/chrome/content/rules/archlinuxarm.org.xml
@@ -0,0 +1,19 @@
+<!--
+mirror.archlinuxarm.org ¹
+os.archlinuxarm.org ¹
+de3.mirror.archlinuxarm.org ²
+us.mirror.archlinuxarm.org ²
+tw.mirror.archlinuxarm.org ²
+vn.mirror.archlinuxarm.org/: (7, 'Failed to connect to vn.mirror.archlinuxarm.org port 443: Protocol not available')
+co.us.mirror.archlinuxarm.org ¹
+
+
+¹ mismatch
+² refused
+-->
+<ruleset name="archlinuxarm.org">
+	<target host="archlinuxarm.org" />
+	<target host="www.archlinuxarm.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/arcor.de.xml b/src/chrome/content/rules/arcor.de.xml
new file mode 100644
index 000000000000..645880c8bca5
--- /dev/null
+++ b/src/chrome/content/rules/arcor.de.xml
@@ -0,0 +1,8 @@
+<ruleset name="arcor.de (partial)">
+	<target host="arcor.de" />
+	<target host="www.arcor.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/argentdata.com.xml b/src/chrome/content/rules/argentdata.com.xml
new file mode 100644
index 000000000000..a761b9be661b
--- /dev/null
+++ b/src/chrome/content/rules/argentdata.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="Argent Data.com">
+
+	<target host="argentdata.com" />
+	<target host="www.argentdata.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/arguman.org.xml b/src/chrome/content/rules/arguman.org.xml
new file mode 100644
index 000000000000..cfa8dbff591b
--- /dev/null
+++ b/src/chrome/content/rules/arguman.org.xml
@@ -0,0 +1,13 @@
+<ruleset name="argüman">
+
+	<target host="arguman.org" />
+	<target host="www.arguman.org" />
+	<target host="ch.arguman.org" />
+	<target host="en.arguman.org" />
+	<target host="fr.arguman.org" />
+	<target host="m.arguman.org" />
+	<target host="tr.arguman.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/arifmetika-dobra.ru.xml b/src/chrome/content/rules/arifmetika-dobra.ru.xml
new file mode 100644
index 000000000000..dd70f46989e9
--- /dev/null
+++ b/src/chrome/content/rules/arifmetika-dobra.ru.xml
@@ -0,0 +1,12 @@
+<!--
+charitysportclub.arifmetika-dobra.ru ¹
+
+
+¹ mismatch
+-->
+<ruleset name="arifmetika-dobra.ru">
+	<target host="arifmetika-dobra.ru" />
+	<target host="www.arifmetika-dobra.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/arigus-tv.ru.xml b/src/chrome/content/rules/arigus-tv.ru.xml
new file mode 100644
index 000000000000..2dfac0f2ad59
--- /dev/null
+++ b/src/chrome/content/rules/arigus-tv.ru.xml
@@ -0,0 +1,6 @@
+<!--beta. mismatch-->
+<ruleset name="arigus-tv.ru">
+	<target host="arigus-tv.ru" />
+	<target host="www.arigus-tv.ru" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/arl-net.de.xml b/src/chrome/content/rules/arl-net.de.xml
new file mode 100644
index 000000000000..7cf048d2bb75
--- /dev/null
+++ b/src/chrome/content/rules/arl-net.de.xml
@@ -0,0 +1,16 @@
+<!--
+	Invalid certificate:
+		cms.arl-net.de
+-->
+<ruleset name="ARL-net">
+
+	<target host="arl-net.de" />
+	<target host="www.arl-net.de" />
+	<target host="mail.arl-net.de" />
+	<target host="shop.arl-net.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/armenpress.am.xml b/src/chrome/content/rules/armenpress.am.xml
new file mode 100644
index 000000000000..1421a8efea0d
--- /dev/null
+++ b/src/chrome/content/rules/armenpress.am.xml
@@ -0,0 +1,5 @@
+<ruleset name="armenpress.am">
+	<target host="armenpress.am" />
+	<target host="www.armenpress.am" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/armscontrol.org.xml b/src/chrome/content/rules/armscontrol.org.xml
new file mode 100644
index 000000000000..66c15e4a8aed
--- /dev/null
+++ b/src/chrome/content/rules/armscontrol.org.xml
@@ -0,0 +1,14 @@
+<ruleset name="Arms Control.org">
+
+	<target host="armscontrol.org" />
+	<target host="www.armscontrol.org" />
+
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/arneswinnen.net.xml b/src/chrome/content/rules/arneswinnen.net.xml
new file mode 100644
index 000000000000..3660a645ec57
--- /dev/null
+++ b/src/chrome/content/rules/arneswinnen.net.xml
@@ -0,0 +1,13 @@
+<ruleset name="Arne Swinnen.net">
+
+	<target host="arneswinnen.net" />
+	<target host="www.arneswinnen.net" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/arretsurimages.net.xml b/src/chrome/content/rules/arretsurimages.net.xml
new file mode 100644
index 000000000000..0b08f8b340f5
--- /dev/null
+++ b/src/chrome/content/rules/arretsurimages.net.xml
@@ -0,0 +1,7 @@
+<ruleset name="arretsurimages.net">
+        <target host="arretsurimages.net" />
+        <target host="www.arretsurimages.net" />
+
+        <rule from="^http:"
+                to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/arslan.io.xml b/src/chrome/content/rules/arslan.io.xml
new file mode 100644
index 000000000000..5d89fb9ff716
--- /dev/null
+++ b/src/chrome/content/rules/arslan.io.xml
@@ -0,0 +1,8 @@
+<ruleset name="arslan.io">
+	<target host="arslan.io" />
+	<target host="www.arslan.io" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/art19.com.xml b/src/chrome/content/rules/art19.com.xml
new file mode 100644
index 000000000000..cf7670bd066d
--- /dev/null
+++ b/src/chrome/content/rules/art19.com.xml
@@ -0,0 +1,15 @@
+<ruleset name="Art19.com">
+
+	<target host="art19.com" />
+	<target host="rss.art19.com" />
+	<target host="web-player.art19.com" />
+	<target host="www.art19.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/arte.xml b/src/chrome/content/rules/arte.xml
new file mode 100644
index 000000000000..0815f56d4922
--- /dev/null
+++ b/src/chrome/content/rules/arte.xml
@@ -0,0 +1,53 @@
+<!--
+	Content mismatch:
+		- peakyblinders
+		- tset
+		- wanted18
+
+	Invalid certificate:
+		- alma
+		- ddc
+		- empfangswege
+		- hotel
+		- partner
+		- php4
+		- prisonvalley
+		- superhigh
+		- worldbrain
+
+	Timeout:
+		- checkin
+		- moderncouple
+		- europe-debat.blog
+		- nyminute.blog
+		- pro
+		- download.pro
+		- forums.arteradio.com
+-->
+<ruleset name="arte (partial)" >
+
+	<target host="arte.tv" />
+	<target host="www.arte.tv" />
+	<target host="boutique.arte.tv" />
+	<target host="californium.arte.tv" />
+	<target host="cinema.arte.tv" />
+	<target host="club.arte.tv" />
+	<target host="concert.arte.tv" />
+	<target host="distribution.arte.tv" />
+	<target host="future.arte.tv" />
+	<target host="info.arte.tv" />
+	<target host="presse.arte.tv" />
+	<target host="sales.arte.tv" />
+	<target host="tracks.arte.tv" />
+	<target host="wp.arte.tv" />
+
+	<target host="arteradio.com" />
+	<target host="www.arteradio.com" />
+	<target host="audioblog.arteradio.com" />
+	<target host="download.arteradio.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"	to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/artefact.org.xml b/src/chrome/content/rules/artefact.org.xml
new file mode 100644
index 000000000000..d7befb43b289
--- /dev/null
+++ b/src/chrome/content/rules/artefact.org.xml
@@ -0,0 +1,6 @@
+<ruleset name="artefact.org">
+	<target host="artefact.org" />
+	<target host="www.artefact.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/artfiles.org.xml b/src/chrome/content/rules/artfiles.org.xml
new file mode 100644
index 000000000000..b2ebd6099286
--- /dev/null
+++ b/src/chrome/content/rules/artfiles.org.xml
@@ -0,0 +1,12 @@
+<!--
+	This domains uses a wildcard DNS record.
+-->
+<ruleset name="artfiles.org (partial)">
+
+	<target host="artfiles.org" />
+	<target host="www.artfiles.org" />
+	<target host="ftp.artfiles.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/artikel5ev.de.xml b/src/chrome/content/rules/artikel5ev.de.xml
new file mode 100644
index 000000000000..9d91469854b8
--- /dev/null
+++ b/src/chrome/content/rules/artikel5ev.de.xml
@@ -0,0 +1,16 @@
+<!--
+	Invalid certificate:
+		(this-is-a-tor-exit-node\-\-\-)?keywebtor[1-3].artikel5ev.de
+		this-is-a-tor-node\-\-\-6.artikel5ev.de
+-->
+<ruleset name="Artikel 5 e.V.">
+
+	<target host="artikel5ev.de" />
+	<target host="www.artikel5ev.de" />
+	<target host="piwik.artikel5ev.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/artvillage.club.xml b/src/chrome/content/rules/artvillage.club.xml
new file mode 100644
index 000000000000..fda63e3cc4ed
--- /dev/null
+++ b/src/chrome/content/rules/artvillage.club.xml
@@ -0,0 +1,16 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.artvillage.club/ => https://www.artvillage.club/: (51, "SSL: no alternative certificate subject name matches target host name 'www.artvillage.club'")
+
+dev.artvillage.club ¹
+
+
+¹ mismatch
+-->
+<ruleset name="artvillage.club" default_off="failed ruleset test">
+	<target host="artvillage.club" />
+	<target host="www.artvillage.club" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/artw.ru.xml b/src/chrome/content/rules/artw.ru.xml
new file mode 100644
index 000000000000..c88a412469e2
--- /dev/null
+++ b/src/chrome/content/rules/artw.ru.xml
@@ -0,0 +1,6 @@
+<ruleset name="artw.ru">
+	<target host="artw.ru" />
+	<target host="www.artw.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/arukas.io.xml b/src/chrome/content/rules/arukas.io.xml
new file mode 100644
index 000000000000..cbed9fe65577
--- /dev/null
+++ b/src/chrome/content/rules/arukas.io.xml
@@ -0,0 +1,47 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.app.arukas.io/ => https://www.app.arukas.io/: (6, 'Could not resolve host: www.app.arukas.io')
+Fetch error: http://www.arukas.io/ => https://www.arukas.io/: (6, 'Could not resolve host: www.arukas.io')
+
+	For other SAKURA Internet coverage, see Sakura.ne.jp.xml.
+
+
+	www.arukas.io does not exist.
+
+
+	STS header includes includeSubdomains
+	for ^, app
+
+-->
+<ruleset name="Arukas.io" default_off="failed ruleset test">
+
+	<target host="arukas.io" />
+	<target host="*.arukas.io" />
+
+		<!--	includeSubdomains applies to one level only, so:
+									-->
+		<exclusion pattern="^http://(?:(?![^.]+\.app\.arukas\.io/)(?:[^./]+\.){2,}|(?:[^./]+\.){3,})arukas\.io/" />
+
+			<!--	+ve:
+					-->
+			<test url="http://this.host.arukas.io/" />
+			<test url="http://exists.not.arukas.io/" />
+			<test url="http://this.host.app.arukas.io/" />
+			<test url="http://exists.not.app.arukas.io/" />
+			<test url="http://www.support.arukas.io/" />
+			<test url="http://exists.not.www.arukas.io/" />
+
+		<test url="http://app.arukas.io/" />
+		<test url="http://www.app.arukas.io/" />
+		<test url="http://support.arukas.io/" />
+		<test url="http://www.arukas.io/" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/as250.net.xml b/src/chrome/content/rules/as250.net.xml
new file mode 100644
index 000000000000..2d7447342316
--- /dev/null
+++ b/src/chrome/content/rules/as250.net.xml
@@ -0,0 +1,43 @@
+<!--
+	Connection failed:
+		netzpolitik.cdn.as250.net
+		chao.as250.net
+		dns.as250.net
+		imap.as250.net
+		mail.as250.net
+		smtp.as250.net
+		sync.as250.net
+
+	Invalid certificate:
+		0zapftis.cdn.as250.net
+		cryptofax2tweet.cdn.as250.net
+		drop.as250.net
+		mirrors.as250.net
+		ccc.mirrors.as250.net
+		publications.ccc.mirrors.as250.net
+		fernsehen.mirrors.as250.net
+		webdav.as250.net
+
+	Not found:
+		web.as250.net
+
+	Timeout:
+		dav.as250.net
+		eris.as250.net
+		eu.mirrors.as250.net
+		zabbix.as250.net
+-->
+<ruleset name="AS250.net">
+
+	<target host="as250.net" />
+	<target host="www.as250.net" />
+	<target host="alternativlos.cdn.as250.net" />
+	<target host="centos.mirrors.as250.net" />
+	<target host="pads.as250.net" />
+	<target host="stats.as250.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/as3gamegears.com.xml b/src/chrome/content/rules/as3gamegears.com.xml
new file mode 100644
index 000000000000..1440abe0c463
--- /dev/null
+++ b/src/chrome/content/rules/as3gamegears.com.xml
@@ -0,0 +1,12 @@
+<!--
+	Invalid certificate:
+		api.as3gamegears.com
+		e.as3gamegears.com
+		static.as3gamegears.com
+-->
+<ruleset name="as3gamegears.com">
+	<target host="as3gamegears.com" />
+	<target host="www.as3gamegears.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/asa.org.uk.xml b/src/chrome/content/rules/asa.org.uk.xml
new file mode 100644
index 000000000000..5bfc2c6a2f35
--- /dev/null
+++ b/src/chrome/content/rules/asa.org.uk.xml
@@ -0,0 +1,31 @@
+<!--
+	Advertising Standards Authority
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- careers.asa.org.uk
+		- www.asa.org.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="ASA.org.uk">
+
+	<target host="asa.org.uk" />
+	<target host="careers.asa.org.uk" />
+	<target host="www.asa.org.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:careers|www)\.asa\.org\.uk$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/asadcdn.com.xml b/src/chrome/content/rules/asadcdn.com.xml
new file mode 100644
index 000000000000..3e7a558153e2
--- /dev/null
+++ b/src/chrome/content/rules/asadcdn.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="asadcdn.com">
+
+	<target host="www.asadcdn.com" />
+		<test url="http://www.asadcdn.com/adlib/pages/bz-berlin.js" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/asadotzler.com.xml b/src/chrome/content/rules/asadotzler.com.xml
new file mode 100644
index 000000000000..7e9ecb7c2f3d
--- /dev/null
+++ b/src/chrome/content/rules/asadotzler.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="Asa Dotzler.com">
+
+	<target host="asadotzler.com" />
+	<target host="www.asadotzler.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/asciimation.co.nz.xml b/src/chrome/content/rules/asciimation.co.nz.xml
new file mode 100644
index 000000000000..f2fcd4663a69
--- /dev/null
+++ b/src/chrome/content/rules/asciimation.co.nz.xml
@@ -0,0 +1,18 @@
+<!--
+	Invalid certificate:
+		ftp.asciimation.co.nz
+
+	Refused:
+		localhost.asciimation.co.nz
+-->
+<ruleset name="asciimation.co.nz">
+	<target host="asciimation.co.nz" />
+	<target host="www.asciimation.co.nz" />
+	<target host="autodiscover.asciimation.co.nz" />
+	<target host="cpanel.asciimation.co.nz" />
+	<target host="mail.asciimation.co.nz" />
+	<target host="webdisk.asciimation.co.nz" />
+	<target host="webmail.asciimation.co.nz" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/asda.com-resources.xml b/src/chrome/content/rules/asda.com-resources.xml
new file mode 100644
index 000000000000..33d540da633f
--- /dev/null
+++ b/src/chrome/content/rules/asda.com-resources.xml
@@ -0,0 +1,33 @@
+<!--
+	For rules covering more than resources, see ASDA.xml.
+
+	Note: platform is so as not to increase non-Tor
+	distinguishability, given that no pages are covered
+	and no mixed content secured.
+
+-->
+<ruleset name="ASDA.com (resources)" platform="mixedcontent">
+
+	<target host="direct.asda.com" />
+
+		<exclusion pattern="^http://direct\.asda\.com/(?!/*(?:favicon\.ico|on/demandware\.static/(?!.+\.js(?:$|\?))))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://direct.asda.com/george/clothing/10,default,sc.html" />
+			<test url="http://direct.asda.com/on/demandware.static/-/Sites-ASDA-Library/default/v1469264129481/Beaconing/beacon_adapter_v1.04.js" />
+			<test url="http://direct.asda.com/on/demandware.static/-/Sites-ASDA-Library/default/v1469264129481/GeorgeJavascript/Fancybox/jquery.fancybox.min.js" />
+			<test url="http://direct.asda.com/on/demandware.static/-/Sites-ASDA-Library/default/v1469264129481/GeorgeJavascript/bxslider/jquery.bxslider.min.js" />
+			<test url="http://direct.asda.com/on/demandware.static/Sites-ASDA-Site/-/default/v1469264129481/internal/jscript/dwac-14.8.js" />
+			<test url="http://direct.asda.com/on/demandware.static/Sites-ASDA-Site/-/default/v1469264129481/internal/jscript/dwanalytics.js" />
+			<test url="http://direct.asda.com/on/demandware.static/Sites-ASDA-Site/-/default/v1469264129481/js/george.body.libraries.min.js" />
+
+			<!--	-ve:
+					-->
+			<test url="http://direct.asda.com/on/demandware.static/Sites-ASDA-Site/-/default/dw2daeaa8b/img/blank.gif" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/asdacalltime.com.xml b/src/chrome/content/rules/asdacalltime.com.xml
new file mode 100644
index 000000000000..2079485561ae
--- /dev/null
+++ b/src/chrome/content/rules/asdacalltime.com.xml
@@ -0,0 +1,37 @@
+<!--
+	For other Wal-Mart coverage, see Walmart.com.xml.
+
+
+	^asdacalltime.com: Dropped, differs from www.asdacalltime.com
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.asdacalltime.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Bug from pi-dev.co.uk ʰ
+
+	ʰ Unsecurable <= redirects to http
+
+-->
+<ruleset name="ASDA call time.com">
+
+	<target host="www.asdacalltime.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.asdacalltime\.com$" name="^[\da-f]{32}$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/asdagoodliving.co.uk.xml b/src/chrome/content/rules/asdagoodliving.co.uk.xml
new file mode 100644
index 000000000000..74ae5d401c07
--- /dev/null
+++ b/src/chrome/content/rules/asdagoodliving.co.uk.xml
@@ -0,0 +1,28 @@
+<!--
+	For other Wal-Mart coverage, see Walmart.com.xml.
+
+
+	^asdagoodliving.co.uk: Dropped
+
+-->
+<ruleset name="Asda Good Living.co.uk">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.asdagoodliving.co.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="asdagoodliving.co.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://asdagoodliving\.co\.uk/"
+		to="https://www.asdagoodliving.co.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/asdapriceguarantee.co.uk.xml b/src/chrome/content/rules/asdapriceguarantee.co.uk.xml
new file mode 100644
index 000000000000..36372a379bf8
--- /dev/null
+++ b/src/chrome/content/rules/asdapriceguarantee.co.uk.xml
@@ -0,0 +1,17 @@
+<!--
+	For other Wal-Mart coverage, see Walmart.com.xml.
+
+-->
+<ruleset name="ASDA Price Guarantee.co.uk">
+
+	<target host="asdapriceguarantee.co.uk" />
+	<target host="www.asdapriceguarantee.co.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/asexuality.org.xml b/src/chrome/content/rules/asexuality.org.xml
new file mode 100644
index 000000000000..019b67c6a217
--- /dev/null
+++ b/src/chrome/content/rules/asexuality.org.xml
@@ -0,0 +1,13 @@
+<!--
+	Certificate mismatch:
+		ru.asexuality.org
+-->
+<ruleset name="Asexuality.org">
+	<target host="asexuality.org" />
+	<target host="www.asexuality.org" />
+
+	<securecookie host="^www\.asexuality\.org$" name=".+" />
+
+	<rule from="^http:"
+			to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/asfera.info.xml b/src/chrome/content/rules/asfera.info.xml
new file mode 100644
index 000000000000..6dff52cdb254
--- /dev/null
+++ b/src/chrome/content/rules/asfera.info.xml
@@ -0,0 +1,12 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://asfera.info/ (200) => https://asfera.info/ (521)
+Non-2xx HTTP code: http://www.asfera.info/ (200) => https://www.asfera.info/ (521)
+
+-->
+<ruleset name="asfera.info" default_off="failed ruleset test">
+	<target host="asfera.info" />
+	<target host="www.asfera.info" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ashford.gov.uk.xml b/src/chrome/content/rules/ashford.gov.uk.xml
new file mode 100644
index 000000000000..48425c48be31
--- /dev/null
+++ b/src/chrome/content/rules/ashford.gov.uk.xml
@@ -0,0 +1,34 @@
+<!--
+	For other UK government coverage, see GOV.UK.xml.
+
+	Non-functional hosts
+		Timeout was reached:
+		- newmaps.ashford.gov.uk
+
+		SSL connect error:
+		- ashfordvoice.ashford.gov.uk
+		- businessnews.ashford.gov.uk
+
+		Incomplete certificate chain error:
+		- haveyoursay.ashford.gov.uk
+
+		Status code mismatch:
+		- houserepairs.ashford.gov.uk
+		- licensing.ashford.gov.uk
+		- planning.ashford.gov.uk
+
+		4xx client error:
+		- ashford.gov.uk
+		- pgc.ashford.gov.uk
+-->
+<ruleset name="ashford.gov.uk (partial)">
+	<target host="ashford.gov.uk" />
+	<target host="www.ashford.gov.uk" />
+	<target host="jobs.ashford.gov.uk" />
+
+	<rule from="^http://ashford\.gov\.uk/"
+			to="https://www.ashford.gov.uk/" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ashops.co.il.xml b/src/chrome/content/rules/ashops.co.il.xml
new file mode 100644
index 000000000000..5e6ae0b3091f
--- /dev/null
+++ b/src/chrome/content/rules/ashops.co.il.xml
@@ -0,0 +1,30 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- www.ashops.co.il
+
+
+	Mixed content:
+
+		- Images from $self ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Ashops.co.il">
+
+	<target host="ashops.co.il" />
+	<target host="www.ashops.co.il" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.ashops\.co\.il$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/asi.org.ru.xml b/src/chrome/content/rules/asi.org.ru.xml
new file mode 100644
index 000000000000..e04fb22d933e
--- /dev/null
+++ b/src/chrome/content/rules/asi.org.ru.xml
@@ -0,0 +1,5 @@
+<ruleset name="asi.org.ru">
+	<target host="asi.org.ru" />
+	<target host="www.asi.org.ru" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/asi.ru.xml b/src/chrome/content/rules/asi.ru.xml
new file mode 100644
index 000000000000..371f38c53dab
--- /dev/null
+++ b/src/chrome/content/rules/asi.ru.xml
@@ -0,0 +1,27 @@
+<!--
+edu.asi.ru ²
+static.edu.asi.ru ²
+foresighttrip.asi.ru ¹
+www.foresighttrip.asi.ru ¹
+m.asi.ru ⁴
+mx0.asi.ru ³
+mx1.asi.ru ³
+mx2.asi.ru ³
+sup.asi.ru ⁴
+old.asi.ru different content
+
+
+¹ mismatch
+² refused
+³ timed out
+⁴ self signed
+-->
+<ruleset name="asi.ru">
+	<target host="asi.ru" />
+	<target host="www.asi.ru" />
+	<target host="archive.asi.ru" />
+	<target host="forum.asi.ru" />
+	<target host="test.asi.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/askewsandholts.com.xml b/src/chrome/content/rules/askewsandholts.com.xml
new file mode 100644
index 000000000000..e0a14a46794f
--- /dev/null
+++ b/src/chrome/content/rules/askewsandholts.com.xml
@@ -0,0 +1,31 @@
+<!--
+	Other Askews and Holts Library Services rulesets:
+
+		- libraryebooks.co.uk.xml
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- askewsandholts.com
+		- www.askewsandholts.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Askews and Holts.com">
+
+	<target host="askewsandholts.com" />
+	<target host="www.askewsandholts.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?askewsandholts\.com$" name="^ASPSESSIONID[A-Z]{8}$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/askthe.police.uk.xml b/src/chrome/content/rules/askthe.police.uk.xml
new file mode 100644
index 000000000000..a8b2ca3d2a1b
--- /dev/null
+++ b/src/chrome/content/rules/askthe.police.uk.xml
@@ -0,0 +1,21 @@
+<!--
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	These altnames do not exist:
+
+		- askthe.police.uk
+
+-->
+<ruleset name="Ask the.Police.uk">
+
+	<target host="www.askthe.police.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/aspone.cz.xml b/src/chrome/content/rules/aspone.cz.xml
new file mode 100644
index 000000000000..678c50d244a3
--- /dev/null
+++ b/src/chrome/content/rules/aspone.cz.xml
@@ -0,0 +1,85 @@
+<!--
+dev.aspone.cz protocol error
+prace.aspone.cz protocol error
+mojekolo.aspone.cz protocol error
+blog.aspone.cz mismatch
+fcvlcovicemnisi.aspone.cz protocol error
+slunecnialergie.aspone.cz protocol error
+autobazar.aspone.cz protocol error
+jornada.aspone.cz protocol error
+pazzuzzu.aspone.cz protocol error
+uefa.aspone.cz protocol error
+pluskovecek.aspone.cz protocol error
+ubytovanivranov.aspone.cz protocol error
+skmpostrava.aspone.cz protocol error
+maivmoto.aspone.cz protocol error
+anicka.aspone.cz protocol error
+csharp.aspone.cz protocol error
+pinec.aspone.cz protocol error
+bajtcomp.aspone.cz protocol error
+mktelc.aspone.cz protocol error
+protez.aspone.cz protocol error
+jilm.aspone.cz protocol error
+kamenictvi.aspone.cz protocol error
+muaythai.aspone.cz protocol error
+alagaesia.aspone.cz protocol error
+mstribecska2.aspone.cz protocol error
+keramika.aspone.cz protocol error
+sskvrch.aspone.cz protocol error
+chlebovestranky.aspone.cz protocol error
+masazeraj.aspone.cz protocol error
+rceni.aspone.cz protocol error
+scarabeus.aspone.cz protocol error
+malenka.aspone.cz protocol error
+senzory.aspone.cz protocol error
+tanatest.aspone.cz protocol error
+trol.aspone.cz protocol error
+naturequiz.aspone.cz protocol error
+parez.aspone.cz protocol error
+www.jpkchem.aspone.cz protocol error
+www.jahodychmeliste.aspone.cz protocol error
+betasoft.cust.aspone.cz timed out
+cimbalistka.cz.windows5.aspone.cz protocol error
+mercon.cz.windows6.aspone.cz protocol error
+peruwianskieziola.pl.windows7.aspone.cz protocol error
+inexes.cz.windows3.aspone.cz mismatch
+seoplus.cz.windows6.aspone.cz protocol error
+distrimo.cz.windows5.aspone.cz protocol error
+hondaostrava.cz.windows6.aspone.cz protocol error
+beautifulbrows.cz.windows7.aspone.cz protocol error
+kripa.cz.windows7.aspone.cz protocol error
+reklamniservis.com.windows5.aspone.cz protocol error
+abf3.cz.windows7.aspone.cz protocol error
+ukamennehokola.cz.windows5.aspone.cz protocol error
+vackar.cz.windows5.aspone.cz protocol error
+galeriecaffe.cz.windows4.aspone.cz protocol error
+activesports.cz.windows5.aspone.cz protocol error
+kitbike.cz.windows5.aspone.cz protocol error
+mujstat.cz.windows7.aspone.cz protocol error
+rovastamp.com.windows5.aspone.cz protocol error
+praceibrigady.cz.windows5.aspone.cz protocol error
+johnzc.cz.windows3.aspone.cz mismatch
+pppp.cz.windows5.aspone.cz protocol error
+nupolar.eu.windows7.aspone.cz protocol error
+eureko.cz.windows6.aspone.cz protocol error
+beta1.cz.windows5.aspone.cz protocol error
+dnesni-svet.cz.windows4.aspone.cz protocol error
+test.titanialux.cz.windows8.aspone.cz mismatch
+obchod.vindom.cz.windows7.aspone.cz protocol error
+zimni-plavani.info.windows4.aspone.cz protocol error
+kova.cz.windows3.aspone.cz mismatch
+orbis-pictus.com.windows3.aspone.cz mismatch
+stehovacek.cz.windows3.aspone.cz mismatch
+viandantipraghesi.com.windows6.aspone.cz protocol error
+budiky.cz.windows4.aspone.cz protocol error
+ou-bila.cz.windows4.aspone.cz protocol error
+internetoveobchody.cz.windows6.aspone.cz protocol error
+makrobiotika.aspone.cz different content
+forum.aspone.cz different content
+-->
+<ruleset name="aspone.cz">
+	<target host="aspone.cz" />
+	<target host="www.aspone.cz" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/assertible.com.xml b/src/chrome/content/rules/assertible.com.xml
new file mode 100644
index 000000000000..8803b71efea0
--- /dev/null
+++ b/src/chrome/content/rules/assertible.com.xml
@@ -0,0 +1,9 @@
+<!--
+status.assertible.com mismatch
+-->
+<ruleset name="assertible.com">
+	<target host="assertible.com" />
+	<target host="www.assertible.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/assets-asda.com.xml b/src/chrome/content/rules/assets-asda.com.xml
new file mode 100644
index 000000000000..31a00867ec98
--- /dev/null
+++ b/src/chrome/content/rules/assets-asda.com.xml
@@ -0,0 +1,26 @@
+<!--
+	For other Wal-Mart coverage, see Walmart.com.xml.
+
+	Note: platform is so as not to increase non-Tor
+	distinguishability, given that no pages are covered
+	and no mixed content secured.
+
+-->
+<ruleset name="assets-ASDA.com" platform="mixedcontent">
+
+	<target host="ui1.assets-asda.com" />
+	<target host="ui2.assets-asda.com" />
+	<target host="ui3.assets-asda.com" />
+
+		<test url="http://ui1.assets-asda.com/theme/img/modules/opinionlab/oo_icon.gif" />
+		<test url="http://ui2.assets-asda.com/g/v5/030/125/5000147030125_130_IDShot_4.jpeg" />
+		<test url="http://ui3.assets-asda.com/mediaimages/SPF/150609-apg.png" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/astrakhan.ru.xml b/src/chrome/content/rules/astrakhan.ru.xml
new file mode 100644
index 000000000000..701a9fef123d
--- /dev/null
+++ b/src/chrome/content/rules/astrakhan.ru.xml
@@ -0,0 +1,32 @@
+<!--
+chat.astrakhan.ru mismatch
+credit.astrakhan.ru mismatch
+forum.astrakhan.ru mismatch
+real.astrakhan.ru mismatch
+wifi.astrakhan.ru mismatch
+nuipogoda.astrakhan.ru mismatch
+opfr.astrakhan.ru self signed
+detpol.astrakhan.ru self signed
+avito.astrakhan.ru mismatch
+airport.astrakhan.ru self signed
+art.astrakhan.ru self signed
+ohrana.astrakhan.ru self signed
+astgmu.astrakhan.ru timed out
+shop.astrakhan.ru mismatch
+games.astrakhan.ru mismatch
+mail.astrakhan.ru mismatch
+probki.astrakhan.ru mismatch
+thj.astrakhan.ru mismatch
+armada.astrakhan.ru self signed
+www.uon.astrakhan.ru self signed
+www.forum.astrakhan.ru mismatch
+m.forum.astrakhan.ru mismatch
+www.nuipogoda.astrakhan.ru mismatch
+www.ohrana.astrakhan.ru self signed
+-->
+<ruleset name="astrakhan.ru">
+	<target host="astrakhan.ru" />
+	<target host="www.astrakhan.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/astrobl.ru.xml b/src/chrome/content/rules/astrobl.ru.xml
new file mode 100644
index 000000000000..c0018a77df81
--- /dev/null
+++ b/src/chrome/content/rules/astrobl.ru.xml
@@ -0,0 +1,113 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://op.astrobl.ru/ => https://op.astrobl.ru/: Too many redirects while fetching 'https://op.astrobl.ru/'
+
+ahtuba.astrobl.ru ⁶
+alleyaslavy.astrobl.ru ⁶
+brand.astrobl.ru ⁶
+caspy-forum.astrobl.ru ⁶
+caspy-forum2016.astrobl.ru ⁶
+control.astrobl.ru ⁶
+edinros.astrobl.ru ⁶
+energo-sber.astrobl.ru ⁶
+fgi.astrobl.ru ⁶
+gaao.astrobl.ru ⁶
+gasdao.astrobl.ru ⁶
+gosuslugi.astrobl.ru ³
+www.gosuslugi.astrobl.ru ³
+www.gov.astrobl.ru ¹
+invest.astrobl.ru ³
+jilkin.astrobl.ru ⁶
+komarkelov.astrobl.ru ⁶
+www.komarkelov.astrobl.ru ¹
+liman.astrobl.ru ⁶
+lk.astrobl.ru ⁴
+mail.astrobl.ru ³
+mfc.astrobl.ru ⁶
+mail.minobr.astrobl.ru ³
+minsdh.astrobl.ru ⁶
+minsoc.astrobl.ru ³
+minsoctrud.astrobl.ru ⁶
+www.minsoctrud.astrobl.ru ¹
+mp.astrobl.ru ⁶
+narimanov.astrobl.ru ⁶
+directum.narimanov.astrobl.ru ⁴
+letters.narimanov.astrobl.ru ⁴
+new-map.astrobl.ru ³
+ni.astrobl.ru ⁶
+ns1.astrobl.ru ²
+ns2.astrobl.ru ²
+orang.astrobl.ru ⁶
+www.orang.astrobl.ru ¹
+pgu.astrobl.ru ³
+piwik.astrobl.ru ⁶
+poll.astrobl.ru ⁶
+pravo.astrobl.ru ⁶
+priv.astrobl.ru ⁶
+redirect.astrobl.ru ⁶
+rpm.astrobl.ru ⁶
+sbp.astrobl.ru ⁶
+lk.smev.astrobl.ru ⁴
+mail.smev.astrobl.ru ³
+smi.astrobl.ru ⁶
+telebot.astrobl.ru ³
+udo.astrobl.ru ⁶
+upravdom.astrobl.ru ⁶
+voting.astrobl.ru ⁶
+
+
+¹ mismatch
+² refused
+³ timed out
+⁴ self signed
+⁶ redirect
+-->
+<ruleset name="astrobl.ru" default_off="failed ruleset test">
+	<target host="astrobl.ru" />
+	<target host="www.astrobl.ru" />
+	<target host="300.astrobl.ru" />
+	<target host="acmc.astrobl.ru" />
+	<target host="adm.astrobl.ru" />
+	<target host="archive.astrobl.ru" />
+	<target host="arks.astrobl.ru" />
+	<target host="augi.astrobl.ru" />
+	<target host="ca.astrobl.ru" />
+	<target host="cabinet.astrobl.ru" />
+	<target host="egov.astrobl.ru" />
+	<target host="emb.astrobl.ru" />
+	<target host="etnokonf.astrobl.ru" />
+	<target host="gov.astrobl.ru" />
+	<target host="gtn.astrobl.ru" />
+	<target host="harabaly.astrobl.ru" />
+	<target host="letters.astrobl.ru" />
+	<target host="mid.astrobl.ru" />
+	<target host="minec.astrobl.ru" />
+	<target host="minfin.astrobl.ru" />
+	<target host="minkult.astrobl.ru" />
+	<target host="minobr.astrobl.ru" />
+	<target host="minobr2.astrobl.ru" />
+	<target host="minsport.astrobl.ru" />
+	<target host="minstroy.astrobl.ru" />
+	<target host="mo.astrobl.ru" />
+	<target host="mol.astrobl.ru" />
+	<target host="mptpr.astrobl.ru" />
+	<target host="msh.astrobl.ru" />
+	<target host="msudrf.astrobl.ru" />
+	<target host="nat.astrobl.ru" />
+	<target host="op.astrobl.ru" />
+	<target host="pprf.astrobl.ru" />
+	<target host="rabota.astrobl.ru" />
+	<target host="reestr.astrobl.ru" />
+	<target host="reserv.astrobl.ru" />
+	<target host="sbg.astrobl.ru" />
+	<target host="sbhs.astrobl.ru" />
+	<target host="special.astrobl.ru" />
+	<target host="ud.astrobl.ru" />
+	<target host="vet.astrobl.ru" />
+	<target host="zags.astrobl.ru" />
+	<target host="zhilnadzor.astrobl.ru" />
+	<target host="zhkh.astrobl.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/asustor.com.xml b/src/chrome/content/rules/asustor.com.xml
new file mode 100644
index 000000000000..6daffe41afec
--- /dev/null
+++ b/src/chrome/content/rules/asustor.com.xml
@@ -0,0 +1,53 @@
+<!--
+	Nonfunctional hosts in *asustor.com:
+
+		- shop ʳ
+		- start ᵃ
+		- support ʳ
+
+	ᵃ Shows www.asustor.com
+	ʳ Refused
+
+
+	Problematic hosts in *asustor.com:
+
+		- ^ ᶠ
+		- developer ᵉ ˢ
+
+	ᵉ Expired
+	ᶠ Handshake fails, preemptable redirect
+	ˢ Self-signed
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.asustor.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Asustor.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.asustor.com" />
+
+	<!--	Complications:
+				-->
+	<target host="asustor.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.asustor\.com$" name="^lang$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://asustor\.com/"
+		to="https://www.asustor.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/atTahawi.com.xml b/src/chrome/content/rules/atTahawi.com.xml
new file mode 100644
index 000000000000..9246785248fb
--- /dev/null
+++ b/src/chrome/content/rules/atTahawi.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="atTahawi.com">
+	<target host="attahawi.com" />
+	<target host="www.attahawi.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/atex.ru.xml b/src/chrome/content/rules/atex.ru.xml
new file mode 100644
index 000000000000..be4e2e0e9007
--- /dev/null
+++ b/src/chrome/content/rules/atex.ru.xml
@@ -0,0 +1,16 @@
+<!--
+ns1.atex.ru ¹
+ns2.atex.ru ¹
+
+
+¹ mismatch
+-->
+<ruleset name="atex.ru">
+	<target host="atex.ru" />
+	<target host="www.atex.ru" />
+	<target host="my.atex.ru" />
+	<target host="transfer.atex.ru" />
+	<target host="whois.atex.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/atfonline.gov.xml b/src/chrome/content/rules/atfonline.gov.xml
new file mode 100644
index 000000000000..b6448297d53e
--- /dev/null
+++ b/src/chrome/content/rules/atfonline.gov.xml
@@ -0,0 +1,32 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.atfonline.gov/ => https://www.atfonline.gov/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://atfonline.gov/ => https://www.atfonline.gov/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+
+
+	^atfonline.gov: Mismatched
+
+-->
+<ruleset name="ATF Online.gov" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.atfonline.gov" />
+
+	<!--	Complications:
+				-->
+	<target host="atfonline.gov" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://atfonline\.gov/"
+		to="https://www.atfonline.gov/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/atgfw.org.xml b/src/chrome/content/rules/atgfw.org.xml
new file mode 100644
index 000000000000..32f1428095a1
--- /dev/null
+++ b/src/chrome/content/rules/atgfw.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="atgfw.org">
+
+	<target host="atgfw.org" />
+	<target host="www.atgfw.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/atlas.sk.xml b/src/chrome/content/rules/atlas.sk.xml
new file mode 100644
index 000000000000..5e59dd73f3e8
--- /dev/null
+++ b/src/chrome/content/rules/atlas.sk.xml
@@ -0,0 +1,37 @@
+<!--
+	For other Centrum.cz coverage, see centrum.cz.xml.
+
+	Nonfunctional subdomains:
+		- ads.atlas.sk
+		- automix.atlas.sk
+		- blogy.atlas.sk
+		- katalog.atlas.sk
+		- kontakt.atlas.sk
+		- log.atlas.sk
+		- magazin.atlas.sk
+		- mapy.atlas.sk
+		- menu.atlas.sk
+		- katalog.menu.atlas.sk
+		- mapa.menu.atlas.sk
+		- pohladnice.atlas.sk
+		- referaty.atlas.sk
+		- slovniky.atlas.sk
+
+	Expired certs:
+		- wanda.atlas.sk
+		- zena.atlas.sk
+-->
+<ruleset name="Atlas.sk">
+	<target host="atlas.sk" />
+	<target host="www.atlas.sk" />
+	<target host="aktualne.atlas.sk" />
+	<target host="sport24.aktualne.atlas.sk" />
+	<target host="cp.atlas.sk" />
+	<target host="dnes.atlas.sk" />
+	<target host="heslo.atlas.sk" />
+	<target host="mail.atlas.sk" />
+	<target host="reg.atlas.sk" />
+	<target host="user.atlas.sk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/atmia.com.xml b/src/chrome/content/rules/atmia.com.xml
new file mode 100644
index 000000000000..97c9a3ee7555
--- /dev/null
+++ b/src/chrome/content/rules/atmia.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="ATM IA.com">
+
+	<target host="atmia.com" />
+	<target host="www.atmia.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/atvc.ru.xml b/src/chrome/content/rules/atvc.ru.xml
new file mode 100644
index 000000000000..18772728f52b
--- /dev/null
+++ b/src/chrome/content/rules/atvc.ru.xml
@@ -0,0 +1,23 @@
+<!--
+aster2.atvc.ru ³
+crater.atvc.ru ³
+edit.atvc.ru ¹
+mail.atvc.ru ³
+otpusk.atvc.ru ¹
+relay.atvc.ru ³
+sip.atvc.ru ³
+sip-n.atvc.ru ³
+test.atvc.ru ¹
+tv.atvc.ru ¹
+
+
+¹ mismatch
+³ timed out
+-->
+<ruleset name="atvc.ru">
+	<target host="atvc.ru" />
+	<target host="www.atvc.ru" />
+	<target host="lk.atvc.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/audit.wales.xml b/src/chrome/content/rules/audit.wales.xml
new file mode 100644
index 000000000000..0e61023738ac
--- /dev/null
+++ b/src/chrome/content/rules/audit.wales.xml
@@ -0,0 +1,57 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://autodiscover.audit.wales/default.aspx => https://email.wao.gov.uk/owa: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://autodiscover.audit.wales/ => https://email.wao.gov.uk/owa: (28, 'Connection timed out after 20000 milliseconds')
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Problematic hosts in *audit.wales:
+
+		- autodiscover * ᵐ
+
+	* Does not redirect
+	ᵐ Mismatched
+
+
+	These altnames do not exist:
+
+		- mail.audit.wales
+		- owa.audit.wales
+
+
+	Mixed content:
+
+		- css on (www.)? from fonts.googleapis.com ˢ
+		- Images on (www.)? from audit.wales ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Audit.Wales" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="audit.wales" />
+	<target host="www.audit.wales" />
+
+	<!--	Complications:
+				-->
+	<target host="autodiscover.audit.wales" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<!--	Redirect drops all:
+					-->
+	<rule from="^http://autodiscover\.audit\.wales/.*"
+		to="https://email.wao.gov.uk/owa" />
+
+		<test url="http://autodiscover.audit.wales/default.aspx" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/aussiedlerbeauftragter.de.xml b/src/chrome/content/rules/aussiedlerbeauftragter.de.xml
new file mode 100644
index 000000000000..f04edfbf333c
--- /dev/null
+++ b/src/chrome/content/rules/aussiedlerbeauftragter.de.xml
@@ -0,0 +1,15 @@
+<ruleset name="Beauftragter der Bundesregierung für Aussiedlerfragen und nationale Minderheiten">
+
+	<target host="aussiedlerbeauftragter.de" />
+	<target host="www.aussiedlerbeauftragter.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<!-- Invalid certificate on https://aussiedlerbeauftragter.de/,
+	http://aussiedlerbeauftragter.de/ redirects to http://www.aussiedlerbeauftragter.de/ -->
+	<rule from="^http://aussiedlerbeauftragter\.de/"
+		to="https://www.aussiedlerbeauftragter.de/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/auswaertiges-amt.de.xml b/src/chrome/content/rules/auswaertiges-amt.de.xml
new file mode 100644
index 000000000000..3764859826e8
--- /dev/null
+++ b/src/chrome/content/rules/auswaertiges-amt.de.xml
@@ -0,0 +1,15 @@
+<!--
+	Invalid certificate:
+	  personalpool.auswaertiges-amt.de
+	  www.personalpool.auswaertiges-amt.de
+	  static.auswaertiges-amt.de
+	  www.stellenpool.auswaertiges-amt.de
+-->
+<ruleset name="Auswärtiges Amt">
+	<!-- Federal Foreign Office. -->
+
+	<target host="auswaertiges-amt.de" />
+	<target host="www.auswaertiges-amt.de" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/autistica.org.uk.xml b/src/chrome/content/rules/autistica.org.uk.xml
new file mode 100644
index 000000000000..bd2579df59ed
--- /dev/null
+++ b/src/chrome/content/rules/autistica.org.uk.xml
@@ -0,0 +1,20 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://autistica.org.uk/ => https://autistica.org.uk/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.autistica.org.uk/ => https://www.autistica.org.uk/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+-->
+<ruleset name="Autistica.org.uk" default_off="failed ruleset test">
+
+	<target host="autistica.org.uk" />
+	<target host="www.autistica.org.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/auto.ru.xml b/src/chrome/content/rules/auto.ru.xml
new file mode 100644
index 000000000000..891d0e28a368
--- /dev/null
+++ b/src/chrome/content/rules/auto.ru.xml
@@ -0,0 +1,126 @@
+<!--
+is.auto.ru ³
+is1.auto.ru ³
+is10.auto.ru ³
+is11.auto.ru ³
+is12.auto.ru ³
+is13.auto.ru ³
+is14.auto.ru ³
+is15.auto.ru ³
+is16.auto.ru ³
+is17.auto.ru ³
+is18.auto.ru ³
+is2.auto.ru ³
+is3.auto.ru ³
+is4.auto.ru ³
+is5.auto.ru ³
+is6.auto.ru ³
+is7.auto.ru ³
+is8.auto.ru ³
+is9.auto.ru ³
+test.auto.ru/: (7, '')
+apps.auto.ru different content
+barnaul.auto.ru different content
+front.auto.ru different content
+
+
+³ timed out
+-->
+<ruleset name="auto.ru">
+	<target host="auto.ru" />
+	<target host="www.auto.ru" />
+	<target host="air.auto.ru" />
+	<target host="all.auto.ru" />
+	<target host="alternative.auto.ru" />
+	<target host="amur-region.auto.ru" />
+	<target host="api.auto.ru" />
+	<target host="api2.auto.ru" />
+	<target host="armored.auto.ru" />
+	<target host="auth.auto.ru" />
+	<target host="azs.auto.ru" />
+	<target host="bashkortostan.auto.ru" />
+	<target host="belorussia.auto.ru" />
+	<target host="billing.auto.ru" />
+	<target host="cabinet.auto.ru" />
+	<target host="cars.auto.ru" />
+	<target host="catalog.auto.ru" />
+	<target host="cheboksary.auto.ru" />
+	<target host="chelyabinsk.auto.ru" />
+	<target host="chuvashia.auto.ru" />
+	<target host="clients.auto.ru" />
+	<target host="ekaterinburg.auto.ru" />
+	<target host="evreyskaya-ao.auto.ru" />
+	<target host="forum.auto.ru" />
+	<target host="grozniy.auto.ru" />
+	<target host="helpdesk.auto.ru" />
+	<target host="i.auto.ru" />
+	<target host="img.auto.ru" />
+	<target host="irkutsk.auto.ru" />
+	<target host="kaluga.auto.ru" />
+	<target host="kamchatka.auto.ru" />
+	<target host="kazan.auto.ru" />
+	<target host="khanty-mansi-ao.auto.ru" />
+	<target host="kiks.auto.ru" />
+	<target host="kirov-region.auto.ru" />
+	<target host="koleso.auto.ru" />
+	<target host="kostroma-region.auto.ru" />
+	<target host="krasnodar.auto.ru" />
+	<target host="kurgan-region.auto.ru" />
+	<target host="kursk.auto.ru" />
+	<target host="lenobl.auto.ru" />
+	<target host="lipetsk-region.auto.ru" />
+	<target host="m.auto.ru" />
+	<target host="magas.auto.ru" />
+	<target host="maikop.auto.ru" />
+	<target host="mari-el.auto.ru" />
+	<target host="media.auto.ru" />
+	<target host="moscow.auto.ru" />
+	<target host="mosobl.auto.ru" />
+	<target host="moto.auto.ru" />
+	<target host="my.auto.ru" />
+	<target host="nenets-ao.auto.ru" />
+	<target host="new.auto.ru" />
+	<target host="news.auto.ru" />
+	<target host="nizhniynovgorod.auto.ru" />
+	<target host="nizhny-novgorod-region.auto.ru" />
+	<target host="nn.auto.ru" />
+	<target host="novosibirsk.auto.ru" />
+	<target host="office.auto.ru" />
+	<target host="office7.auto.ru" />
+	<target host="omsk.auto.ru" />
+	<target host="orel-region.auto.ru" />
+	<target host="orenburg.auto.ru" />
+	<target host="orenburg-region.auto.ru" />
+	<target host="penza.auto.ru" />
+	<target host="retro.auto.ru" />
+	<target host="rostov-na-donu.auto.ru" />
+	<target host="sakhalin-region.auto.ru" />
+	<target host="saratov-region.auto.ru" />
+	<target host="search.auto.ru" />
+	<target host="spb.auto.ru" />
+	<target host="special.auto.ru" />
+	<target host="stat.auto.ru" />
+	<target host="stavropol.auto.ru" />
+	<target host="syktyvkar.auto.ru" />
+	<target host="testblog.auto.ru" />
+	<target host="testdrive.auto.ru" />
+	<target host="trucks.auto.ru" />
+	<target host="tula.auto.ru" />
+	<target host="tula-region.auto.ru" />
+	<target host="tver.auto.ru" />
+	<target host="tver-region.auto.ru" />
+	<target host="udmurtia.auto.ru" />
+	<target host="uploader.auto.ru" />
+	<target host="users.auto.ru" />
+	<target host="vin.auto.ru" />
+	<target host="vladivostok.auto.ru" />
+	<target host="volgograd-region.auto.ru" />
+	<target host="voronezh.auto.ru" />
+	<target host="vote.auto.ru" />
+	<target host="wwwboards.auto.ru" />
+	<target host="yaroslavl.auto.ru" />
+	<target host="yuzhno-sakhalinsk.auto.ru" />
+	<target host="zabaikalsky-krai.auto.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/automobile.fr.xml b/src/chrome/content/rules/automobile.fr.xml
new file mode 100644
index 000000000000..9140d95903bb
--- /dev/null
+++ b/src/chrome/content/rules/automobile.fr.xml
@@ -0,0 +1,33 @@
+<!--
+	For other mobile.de coverage, see mobile.de.xml
+
+
+	Non-functional subdomains:
+		- annonce-auto	(m)
+		- ap-recherche	(m)
+		- cms		(m)
+		- ftp		(m)
+		- promo		(i)
+		- survey	(i)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="automobile.fr">
+
+	<target host="automobile.fr" />
+	<target host="www.automobile.fr" />
+	<target host="achat-occasion.automobile.fr" />
+	<target host="admin.automobile.fr" />
+	<target host="home.automobile.fr" />
+	<target host="login.automobile.fr" />
+	<target host="m.automobile.fr" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/autoreview.ru.xml b/src/chrome/content/rules/autoreview.ru.xml
new file mode 100644
index 000000000000..66010b689b6e
--- /dev/null
+++ b/src/chrome/content/rules/autoreview.ru.xml
@@ -0,0 +1,11 @@
+<!-- old. self signed
+oldtrucks. self signed
+tokyo. self signed -->
+<ruleset name="autoreview.ru">
+	<target host="autoreview.ru" />
+	<target host="www.autoreview.ru" />
+	<target host="trucks.autoreview.ru" />
+	<target host="ua.autoreview.ru" />
+	<target host="ww3.autoreview.ru" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/autosport.com.ru.xml b/src/chrome/content/rules/autosport.com.ru.xml
new file mode 100644
index 000000000000..5eaa6e9554ea
--- /dev/null
+++ b/src/chrome/content/rules/autosport.com.ru.xml
@@ -0,0 +1,8 @@
+<!-- www. mismatch -->
+<ruleset name="autosport.com.ru">
+	<target host="autosport.com.ru" />
+	<target host="www.autosport.com.ru" />
+	<rule from="^http://www\.autosport\.com\.ru/"
+		to="https://autosport.com.ru/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/autotrader.co.uk-falsemixed.xml b/src/chrome/content/rules/autotrader.co.uk-falsemixed.xml
new file mode 100644
index 000000000000..7e44dad81f98
--- /dev/null
+++ b/src/chrome/content/rules/autotrader.co.uk-falsemixed.xml
@@ -0,0 +1,56 @@
+<!--
+	For rules not causing false/broken MCB, see autotrader.co.uk.xml.
+
+
+	NB: see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Auto Trader.co.uk (false MCB)" platform="mixedcontent">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="caravans.autotrader.co.uk" />
+	<target host="farm.autotrader.co.uk" />
+	<target host="merlin-images.autotrader.co.uk" />
+	<target host="motorhomes.autotrader.co.uk" />
+	<target host="plant.autotrader.co.uk" />
+	<target host="trucks.autotrader.co.uk" />
+	<target host="vans.autotrader.co.uk" />
+	<target host="www.autotrader.co.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="autotrader.co.uk" />
+
+		<exclusion pattern="^http://(?:www\.)?autotrader\.co\.uk/(?!/*(?:favicon\.ico|static/(?!.+\.js(?:$|\?))))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.autotrader.co.uk/car-warranty" />
+			<test url="http://www.autotrader.co.uk/content" />
+			<test url="http://www.autotrader.co.uk/image-library/697/392/23494?width=697" />
+			<test url="http://www.autotrader.co.uk/mini" />
+			<test url="http://www.autotrader.co.uk/mobile" />
+			<test url="http://www.autotrader.co.uk/privacy-policy" />
+			<test url="http://www.autotrader.co.uk/seat" />
+			<test url="http://www.autotrader.co.uk/static/6988/js/_generated/bundles/content-hub.js" />
+			<test url="http://www.autotrader.co.uk/static/6988/js/_generated/lib/modernizr.js" />
+			<test url="http://www.autotrader.co.uk/toyota" />
+
+			<!--	-ve:
+					-->
+			<test url="http://autotrader.co.uk/favicon.ico" />
+			<test url="http://www.autotrader.co.uk/static/de7c4dc53dc3/images/spartan/fifty-bg-white.png" />
+
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://autotrader\.co\.uk/"
+		to="https://www.autotrader.co.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/autotrader.co.uk.xml b/src/chrome/content/rules/autotrader.co.uk.xml
new file mode 100644
index 000000000000..aae01d060b34
--- /dev/null
+++ b/src/chrome/content/rules/autotrader.co.uk.xml
@@ -0,0 +1,168 @@
+<!--
+	For rules causing false/broken MCB, see autotrader.co.uk-falsemixed.xml.
+
+
+	Nonfunctional hosts in *autotrader.co.uk:
+
+		- about-us ᵈ
+		- bestbike2014 ʳ
+		- dealerlogo ⁴
+		- dmsgateway ᵈ
+		- i ⁴
+		- media[25] ⁴
+		- pictures2 ⁴
+
+	⁴ 400
+	ᵈ Dropped
+	ʳ Refused
+
+
+	Problematic hosts in *autotrader.co.uk:
+
+		- farm ˣ
+		- plant ˣ
+		- trucks ˣ
+
+	ˣ Mixed css, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- .autotrader.co.uk
+		- advertising.autotrader.co.uk
+		- caravans.autotrader.co.uk
+		- dealerservices.autotrader.co.uk
+		- farm.autotrader.co.uk
+		- motorhomes.autotrader.co.uk
+		- plant.autotrader.co.uk
+		- trucks.autotrader.co.uk
+		- vans.autotrader.co.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css, on:
+
+			- advertising from fast.fonts.net ˢ
+			- farm, plant from trucks.autotrader.co.uk ˢ
+			- trucks from $self ˢ
+
+		- Images, on:
+
+			- advertising, promotions, trucks from $self ˢ
+			- farm, plant, trucks from i.autotrader.co.uk ⁴
+			- farm, plant, trucks from merlin-images.autotrader.co.uk ˢ
+			- farm, plant from trucks.autotrader.co.uk ˢ
+			- promotions from www.autotrader.co.uk ˢ
+
+		- Ads / bugs, on:
+
+			- farm, plant, trucks from dealerlogo.autotrader.co.uk ⁴
+			- farm, plant, trucks from metrics.autotrader.co.uk ˢ
+			- farm, plant, trucks from \d+.fls.doubleclick.net
+
+	⁴ Unsecurable <= 400
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Auto Trader.co.uk (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="advertising.autotrader.co.uk" />
+	<!--target host="caravans.autotrader.co.uk" /-->
+	<target host="careers.autotrader.co.uk" />
+	<target host="dealerportal.autotrader.co.uk" />
+	<target host="dealerservices.autotrader.co.uk" />
+	<target host="explore.autotrader.co.uk" />
+	<!--target host="farm.autotrader.co.uk" /-->
+	<!--target host="merlin-images.autotrader.co.uk" /-->
+	<target host="metrics.autotrader.co.uk" />
+	<!--target host="motorhomes.autotrader.co.uk" /-->
+	<target host="oas.autotrader.co.uk" />
+	<!--target host="plant.autotrader.co.uk" /-->
+	<target host="portal.autotrader.co.uk" />
+	<target host="promotions.autotrader.co.uk" />
+	<target host="secure.autotrader.co.uk" />
+	<target host="trade.autotrader.co.uk" />
+	<!--target host="trucks.autotrader.co.uk" /-->
+	<!--target host="vans.autotrader.co.uk" /-->
+	<target host="www.autotrader.co.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="autotrader.co.uk" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.autotrader\.co\.uk/(?:$|content$|image-library/|media/|mobile$|privacy-policy$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="^http://(?:www\.)?autotrader\.co\.uk/(?!/*(?:favicon\.ico|secure(?:$|[?/])|static/))" /-->
+		<!--
+			Avoid potential XHR problems:
+							-->
+		<!--exclusion pattern="^http://(?:www\.)?autotrader\.co\.uk/.+\.js(?:$|\?)" /-->
+		<!--
+			Combined:
+					-->
+		<!--exclusion pattern="^http://(?:www\.)?autotrader\.co\.uk/(?!/*(?:favicon\.ico|secure(?:$|[?/])|static/(?!.+\.js(?:$|\?))))" /-->
+		<!--
+			Do not increase non-Tor distinguishability:
+									-->
+		<exclusion pattern="^http://(?:www\.)?autotrader\.co\.uk/(?!/*secure(?:$|[?/]))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.autotrader.co.uk/car-warranty" />
+			<test url="http://www.autotrader.co.uk/content" />
+			<test url="http://www.autotrader.co.uk/image-library/697/392/23494?width=697" />
+			<test url="http://www.autotrader.co.uk/mini" />
+			<test url="http://www.autotrader.co.uk/mobile" />
+			<test url="http://www.autotrader.co.uk/privacy-policy" />
+			<test url="http://www.autotrader.co.uk/seat" />
+			<test url="http://www.autotrader.co.uk/static/6988/js/_generated/bundles/content-hub.js" />
+			<test url="http://www.autotrader.co.uk/static/6988/js/_generated/lib/modernizr.js" />
+			<test url="http://www.autotrader.co.uk/toyota" />
+
+			<!--	-ve:
+					-->
+			<!--
+			<test url="http://autotrader.co.uk/favicon.ico" />
+			-->
+			<test url="http://autotrader.co.uk/secure/my-auto-trader/my-car" />
+			<!--
+			<test url="http://www.autotrader.co.uk/static/de7c4dc53dc3/images/spartan/fifty-bg-white.png" />
+			-->
+
+		<!--	Sets cookies without Secure:
+							-->
+		<!--test url="http://oas.autotrader.co.uk/RealMedia/ads/adstream_nx.ads/www.autotrader.co.uk/home/@Bottom?site=mobile&amp;device=mobi" /-->
+
+		<!--	Mixed images:
+					-->
+		<!--test url="http://promotions.autotrader.co.uk/ferrari/search" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.autotrader\.co\.uk$" name="^(?:NXCLICK2|OAX|UserLocation|bucket|ctuser)$" /-->
+	<!--securecookie host="^advertising\.autotrader\.co\.uk$" name="^(?:PHPSESSID|exp_(?:csrf_token|last_activity|last_visit|stashid|tracker))$" /-->
+	<!--securecookie host="^(?:caravans|vans)\.autotrader\.co\.uk$" name="^(?:_ATD_DIGEST|_ATD_SESSION)$" /-->
+	<!--securecookie host="^dealerservices\.autotrader\.co\.uk$" name="^JSESSIONID$" /-->
+	<!--securecookie host="^(?:farm|motorhomes|plant|trucks)\.autotrader\.co\.uk$" name="^(?:_ATD_DIGEST|_ATD_SESSION|JSESSIONID|mdctracking)$" /-->
+
+	<securecookie host="^\." name="^(?:_gat?$|_gat_|NXCLICK2$|OAX$)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://autotrader\.co\.uk/"
+		to="https://www.autotrader.co.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/autotrader.ie.xml b/src/chrome/content/rules/autotrader.ie.xml
new file mode 100644
index 000000000000..788f98e374c3
--- /dev/null
+++ b/src/chrome/content/rules/autotrader.ie.xml
@@ -0,0 +1,58 @@
+<!--
+	Problematic hosts in *autotrader.ie:
+
+		- oas ᵐ
+		- m ᵐ
+		- www ᵐ
+
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- autotrader.ie
+		- .autotrader.ie
+		- www.autotrader.ie
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css on www from www.carzone.ie ᵐ
+		- Images on www from www.carzone.ie ᵐ
+
+		- Bugs, on:
+
+			- m from metrics.carzone.ie ᵐ
+			- www from metrics.autotrader.ie ˢ
+
+	ᵐ Not secured by us <= mismatched
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Auto Trader.ie (partial)">
+
+	<!--	Complications:
+				-->
+	<target host="oas.autotrader.ie" />
+
+		<!--	Sets cookies without Secure:
+							-->
+		<!--test url="http://oas.autotrader.ie/RealMedia/ads/adstream_nx.ads/m.carzone.ie/home/@Bottom?site=mobile&amp;device=mobi" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^autotrader\.ie$" name="^_ATD_(?:DIGEST|SESSION)_$" /-->
+	<!--securecookie host="^\.autotrader\.ie$" name="^(?:NXCLICK2|OAX)$" /-->
+	<!--securecookie host="^www\.autotrader\.ie$" name="^(?:_ATD_DIGEST_|_ATD_SESSION_|CFID|CFTOKEN)$" /-->
+
+	<securecookie host="^\." name="^(?:_gat?$|_gat_|NXCLICK|OAX)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://oas\.autotrader\.ie/"
+		to="https://oas.autotrader.co.uk/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/autotravel.ru.xml b/src/chrome/content/rules/autotravel.ru.xml
new file mode 100644
index 000000000000..843fe99752ab
--- /dev/null
+++ b/src/chrome/content/rules/autotravel.ru.xml
@@ -0,0 +1,13 @@
+<!--
+	Invalid certificate:
+		forum3.autotravel.ru
+		host.autotravel.ru
+		ru.autotravel.ru
+-->
+<ruleset name="autotravel.ru">
+	<target host="autotravel.ru" />
+	<target host="www.autotravel.ru" />
+	<target host="forum.autotravel.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/avcosystems.com.xml b/src/chrome/content/rules/avcosystems.com.xml
new file mode 100644
index 000000000000..c3c855447fbf
--- /dev/null
+++ b/src/chrome/content/rules/avcosystems.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="Avco Systems.com">
+
+	<target host="avcosystems.com" />
+	<target host="www.avcosystems.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/avherald.xml b/src/chrome/content/rules/avherald.xml
new file mode 100644
index 000000000000..da60702a8eb2
--- /dev/null
+++ b/src/chrome/content/rules/avherald.xml
@@ -0,0 +1,7 @@
+<ruleset name="avherald">
+        <target host="avherald.com" />
+        <target host="www.avherald.com" />
+
+        <rule from="^http:"
+                to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/aviation-safety.net.xml b/src/chrome/content/rules/aviation-safety.net.xml
new file mode 100644
index 000000000000..6b3cabf35354
--- /dev/null
+++ b/src/chrome/content/rules/aviation-safety.net.xml
@@ -0,0 +1,31 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- aviation-safety.net
+		- www.aviation-safety.net
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Images from ecx.images-amazon.com
+
+-->
+<ruleset name="Aviation-Safety.net">
+
+	<target host="aviation-safety.net" />
+	<target host="www.aviation-safety.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?aviation-safety\.net$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/avicoder.me.xml b/src/chrome/content/rules/avicoder.me.xml
new file mode 100644
index 000000000000..fc531ea3ec01
--- /dev/null
+++ b/src/chrome/content/rules/avicoder.me.xml
@@ -0,0 +1,14 @@
+<ruleset name="avicoder.me">
+
+	<target host="avicoder.me" />
+	<target host="www.avicoder.me" />
+
+
+	<securecookie host="^\w" name=".+" />
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/avito.ma.xml b/src/chrome/content/rules/avito.ma.xml
new file mode 100644
index 000000000000..8220eff7be24
--- /dev/null
+++ b/src/chrome/content/rules/avito.ma.xml
@@ -0,0 +1,12 @@
+<ruleset name="avito.ma">
+	<target host="avito.ma" />
+	<target host="www.avito.ma" />
+	<target host="forums.avito.ma" />
+	<target host="immo.avito.ma" />
+	<target host="m.avito.ma" />
+	<target host="www2.avito.ma" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/avito.ru.xml b/src/chrome/content/rules/avito.ru.xml
new file mode 100644
index 000000000000..7939b6510c60
--- /dev/null
+++ b/src/chrome/content/rules/avito.ru.xml
@@ -0,0 +1,25 @@
+<!--
+	Problematic hosts in *avito.ru:
+
+		- (www.)? ᵀ
+		- m ᵀ
+
+	ᵀ Blocks Tor users
+
+-->
+<ruleset name="Avito.ru">
+
+	<target host="avito.ru" />
+	<target host="m.avito.ru" />
+	<target host="support.avito.ru" />
+	<target host="www.avito.ru" />
+	<target host="promo.avito.ru" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/avoinministerio.xml b/src/chrome/content/rules/avoinministerio.xml
index ed6865332fb8..c48b5fdede1c 100644
--- a/src/chrome/content/rules/avoinministerio.xml
+++ b/src/chrome/content/rules/avoinministerio.xml
@@ -1,9 +1,22 @@
-<ruleset name="Avoin ministeri&#246;">
-  <target host="www.avoinministerio.fi" />
-  <target host="avoinministerio.fi" />
-
-  <rule from="^http://(www\.)?avoinministerio\.fi/" to="https://www.avoinministerio.fi/"/>
-  <rule from="^https://avoinministerio\.fi/" to="https://www.avoinministerio.fi/"/>
-
-  <securecookie host="^www\.avoinministerio\.fi" name=".*" />
-</ruleset>
+<!--
+	^avoinministerio.fi: Mismatched, self-signed
+	www.avoinministerio.fi: Expired
+
+-->
+<ruleset name="Avoin ministeri&#246;" default_off="expired">
+
+	<!--	Direct rewrites:
+				-->
+  <target host="www.avoinministerio.fi" />
+
+	<!--	Complications:
+				-->
+  <target host="avoinministerio.fi" />
+
+  <securecookie host="^www\.avoinministerio\.fi" name=".+" />
+
+  <rule from="^http://avoinministerio\.fi/" to="https://www.avoinministerio.fi/"/>
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/avoinyliopisto.xml b/src/chrome/content/rules/avoinyliopisto.xml
index 9c53e58e0b7d..d4a75bf734d6 100644
--- a/src/chrome/content/rules/avoinyliopisto.xml
+++ b/src/chrome/content/rules/avoinyliopisto.xml
@@ -1,9 +1,15 @@
-<ruleset name="avoinyliopisto.fi">
-  <target host="www.avoinyliopisto.fi" />
-  <target host="avoinyliopisto.fi" />
-
-  <rule from="^http://(www\.)?avoinyliopisto\.fi/" to="https://www.avoinyliopisto.fi/"/>
-  <rule from="^https://avoinyliopisto\.fi/" to="https://www.avoinyliopisto.fi/"/>
-
-  <securecookie host="^(www)?\.avoinyliopisto\.fi" name=".*" />
-</ruleset>
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.avoinyliopisto.fi/ => https://www.avoinyliopisto.fi/: (51, "SSL: no alternative certificate subject name matches target host name 'www.avoinyliopisto.fi'")
+Fetch error: http://avoinyliopisto.fi/ => https://www.avoinyliopisto.fi/: (51, "SSL: no alternative certificate subject name matches target host name 'www.avoinyliopisto.fi'")
+
+-->
+<ruleset name="avoinyliopisto.fi" default_off="failed ruleset test">
+  <target host="www.avoinyliopisto.fi" />
+  <target host="avoinyliopisto.fi" />
+
+  <rule from="^http://(?:www\.)?avoinyliopisto\.fi/" to="https://www.avoinyliopisto.fi/"/>
+
+  <securecookie host="^(?:www)?\.avoinyliopisto\.fi" name=".+" />
+</ruleset>
diff --git a/src/chrome/content/rules/avto.ru.xml b/src/chrome/content/rules/avto.ru.xml
new file mode 100644
index 000000000000..895689d21d75
--- /dev/null
+++ b/src/chrome/content/rules/avto.ru.xml
@@ -0,0 +1,12 @@
+<!--
+test.avto.ru ³
+
+
+³ timed out
+-->
+<ruleset name="avto.ru">
+	<target host="avto.ru" />
+	<target host="www.avto.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/avtoradio.ru.xml b/src/chrome/content/rules/avtoradio.ru.xml
new file mode 100644
index 000000000000..14b47e9b6299
--- /dev/null
+++ b/src/chrome/content/rules/avtoradio.ru.xml
@@ -0,0 +1,32 @@
+<!--
+cdn.avtoradio.ru ²
+citrix.avtoradio.ru ⁴
+club.avtoradio.ru ²
+www.club.avtoradio.ru ²
+disco80.avtoradio.ru ¹
+gazeta.avtoradio.ru ²
+www.gazeta.avtoradio.ru ²
+history.avtoradio.ru ¹
+m.avtoradio.ru ¹
+new.avtoradio.ru ¹
+ns1.avtoradio.ru ³
+ns2.avtoradio.ru ⁷
+old.avtoradio.ru ¹
+online.avtoradio.ru ¹
+probki.avtoradio.ru ²
+www.ptz.avtoradio.ru ¹
+social.avtoradio.ru ¹
+
+
+¹ mismatch
+² refused
+³ timed out
+⁴ self signed
+⁷ protocol error
+-->
+<ruleset name="avtoradio.ru">
+	<target host="avtoradio.ru" />
+	<target host="www.avtoradio.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/aylesburyvaledc.gov.uk.xml b/src/chrome/content/rules/aylesburyvaledc.gov.uk.xml
new file mode 100644
index 000000000000..b5085985d508
--- /dev/null
+++ b/src/chrome/content/rules/aylesburyvaledc.gov.uk.xml
@@ -0,0 +1,28 @@
+<!--
+	For other UK government coverage, see GOV.UK.xml.
+
+	Non-functional hosts
+		Timeout was reached:
+		- epayments.aylesburyvaledc.gov.uk
+
+		Peer certificate cannot be authenticated with given CA certificates:
+		- propertysearch.aylesburyvaledc.gov.uk
+
+		Incomplete certificate chain error:
+		- democracy.aylesburyvaledc.gov.uk
+		- payments.aylesburyvaledc.gov.uk
+-->
+<ruleset name="Aylesbury Vale DC.gov.uk (partial)">
+	<target host="aylesburyvaledc.gov.uk" />
+	<target host="www.aylesburyvaledc.gov.uk" />
+	<target host="account.aylesburyvaledc.gov.uk" />
+		<exclusion pattern="http://account\.aylesburyvaledc\.gov\.uk/$" />
+		<test url="http://account.aylesburyvaledc.gov.uk/business/Login" />
+	<target host="llportal.aylesburyvaledc.gov.uk" />
+	<target host="eforms.aylesburyvaledc.gov.uk" />
+	<target host="jobs.aylesburyvaledc.gov.uk" />
+	<target host="publicaccess.aylesburyvaledc.gov.uk" />
+	<target host="wam.aylesburyvaledc.gov.uk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ayyo.ru.xml b/src/chrome/content/rules/ayyo.ru.xml
new file mode 100644
index 000000000000..3959e38be160
--- /dev/null
+++ b/src/chrome/content/rules/ayyo.ru.xml
@@ -0,0 +1,50 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ayyo.ru/ => https://ayyo.ru/: (28, 'Connection timed out after 20003 milliseconds')
+Fetch error: http://www.ayyo.ru/ => https://www.ayyo.ru/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://about.ayyo.ru/ => https://about.ayyo.ru/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://catalog.ayyo.ru/ => https://catalog.ayyo.ru/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://ftp.ayyo.ru/ => https://ftp.ayyo.ru/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://lg.ayyo.ru/ => https://lg.ayyo.ru/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://license.ayyo.ru/ => https://license.ayyo.ru/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://lincense.ayyo.ru/ => https://lincense.ayyo.ru/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://media.ayyo.ru/ => https://media.ayyo.ru/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://napi.ayyo.ru/ => https://napi.ayyo.ru/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://new-demotv.ayyo.ru/ => https://new-demotv.ayyo.ru/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://s.ayyo.ru/ => https://s.ayyo.ru/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://store.ayyo.ru/ => https://store.ayyo.ru/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://uhd.ayyo.ru/ => https://uhd.ayyo.ru/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://widget.ayyo.ru/ => https://widget.ayyo.ru/: (28, 'Connection timed out after 20001 milliseconds')
+
+blog.ayyo.ru ¹
+cards.ayyo.ru ²
+mag.ayyo.ru ²
+pr.ayyo.ru ²
+starwars.ayyo.ru ²
+stories.ayyo.ru ²
+wanted.ayyo.ru ²
+
+
+¹ mismatch
+² refused
+-->
+<ruleset name="ayyo.ru" default_off="failed ruleset test">
+	<target host="ayyo.ru" />
+	<target host="www.ayyo.ru" />
+	<target host="about.ayyo.ru" />
+	<target host="catalog.ayyo.ru" />
+	<target host="ftp.ayyo.ru" />
+	<target host="lg.ayyo.ru" />
+	<target host="license.ayyo.ru" />
+	<target host="lincense.ayyo.ru" />
+	<target host="media.ayyo.ru" />
+	<target host="napi.ayyo.ru" />
+	<target host="new-demotv.ayyo.ru" />
+	<target host="s.ayyo.ru" />
+	<target host="store.ayyo.ru" />
+	<target host="uhd.ayyo.ru" />
+	<target host="widget.ayyo.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/azalead.com.xml b/src/chrome/content/rules/azalead.com.xml
new file mode 100644
index 000000000000..d5f42ceb1920
--- /dev/null
+++ b/src/chrome/content/rules/azalead.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="azalead.com">
+
+	<target host="b2btagmgr.azalead.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/azure.net.xml b/src/chrome/content/rules/azure.net.xml
new file mode 100644
index 000000000000..3a78c3836c6f
--- /dev/null
+++ b/src/chrome/content/rules/azure.net.xml
@@ -0,0 +1,18 @@
+<!--
+	For other Microsoft coverage,see Microsoft.xml.
+
+-->
+<ruleset name="Azure.net">
+
+	<target host="amp.azure.net" />
+
+		<test url="http://amp.azure.net/libs/amp/1.6.3/skins/amp-default/azuremediaplayer.min.css" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/b2d-linux.com.xml b/src/chrome/content/rules/b2d-linux.com.xml
new file mode 100644
index 000000000000..0ffa54ce042c
--- /dev/null
+++ b/src/chrome/content/rules/b2d-linux.com.xml
@@ -0,0 +1,8 @@
+<!--
+www.b2d-linux.com nonexist
+-->
+<ruleset name="b2d-linux.com">
+	<target host="b2d-linux.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/b2s.co.il.xml b/src/chrome/content/rules/b2s.co.il.xml
new file mode 100644
index 000000000000..624d86d9a019
--- /dev/null
+++ b/src/chrome/content/rules/b2s.co.il.xml
@@ -0,0 +1,20 @@
+<!--
+	Mixed content:
+
+		- css from $self
+		- Images from $self
+
+-->
+<ruleset name="b2s.co.il" default_off="expired" platform="mixedcontent">
+
+	<target host="b2s.co.il" />
+	<target host="www.b2s.co.il" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/babr24.com.xml b/src/chrome/content/rules/babr24.com.xml
new file mode 100644
index 000000000000..3e2b384a50e5
--- /dev/null
+++ b/src/chrome/content/rules/babr24.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="babr24.com">
+	<target host="babr24.com" />
+	<target host="www.babr24.com" />
+	<target host="m.babr24.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/backchannel.com.xml b/src/chrome/content/rules/backchannel.com.xml
new file mode 100644
index 000000000000..ac718ad6e121
--- /dev/null
+++ b/src/chrome/content/rules/backchannel.com.xml
@@ -0,0 +1,12 @@
+<!--
+	 Mismatch
+		- www
+-->
+<ruleset name="Backchannel.com">
+	<target host="backchannel.com" />
+	<target host="www.backchannel.com" />
+
+	<securecookie host="^\w" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/backendless.com.xml b/src/chrome/content/rules/backendless.com.xml
new file mode 100644
index 000000000000..fa477397f2ba
--- /dev/null
+++ b/src/chrome/content/rules/backendless.com.xml
@@ -0,0 +1,30 @@
+<!--
+www.api.backendless.com ¹
+bel-esxi1.backendless.com ⁴
+bel-esxi2.backendless.com ⁴
+developer.backendless.com ⁶
+krush-esxi.backendless.com ⁴
+maven.backendless.com ²
+media.backendless.com ²
+smtp1.backendless.com ³
+smtp2.backendless.com ³
+smtp3.backendless.com ²
+status.backendless.com ⁴
+support.backendless.com ⁶
+
+
+¹ mismatch
+² refused
+³ timed out
+⁴ self signed
+⁶ redirect
+-->
+<ruleset name="backendless.com">
+	<target host="backendless.com" />
+	<target host="www.backendless.com" />
+	<target host="api.backendless.com" />
+	<target host="develop.backendless.com" />
+	<target host="new.backendless.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/bacontent.de.xml b/src/chrome/content/rules/bacontent.de.xml
new file mode 100644
index 000000000000..5f3400024f43
--- /dev/null
+++ b/src/chrome/content/rules/bacontent.de.xml
@@ -0,0 +1,17 @@
+<!--
+	This domain contains a wildcard DNS record.
+-->
+<ruleset name="bacontent.de">
+
+	<target host="c.bacontent.de" />
+		<test url="http://c.bacontent.de/d/init" />
+	<target host="d.bacontent.de" />
+		<test url="http://d.bacontent.de/d/init" />
+	<target host="t.bacontent.de" />
+		<test url="http://t.bacontent.de/d/init" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/bad-dragon.com.xml b/src/chrome/content/rules/bad-dragon.com.xml
new file mode 100644
index 000000000000..7fecad735430
--- /dev/null
+++ b/src/chrome/content/rules/bad-dragon.com.xml
@@ -0,0 +1,38 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.bad-dragon.com/ => https://www.bad-dragon.com/: Too many redirects while fetching 'https://www.bad-dragon.com/'
+
+	Insecure cookies are set for these domains:
+
+		- .bad-dragon.com
+
+-->
+<ruleset name="Bad Dragon.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="bad-dragon.com" />
+	<target host="contact.bad-dragon.com" />
+	<target host="forums.bad-dragon.com" />
+	<target host="labs.bad-dragon.com" />
+	<target host="www.bad-dragon.com" />
+
+		<!--	Redirects to http:
+						-->
+		<exclusion pattern="^http://bad-dragon\.com/$" />
+
+			<!--	-ve:
+					-->
+			<test url="http://bad-dragon.com/images/logo.png" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<securecookie host="^\.bad-dragon\.com$" name="^(?:__cfduid|cf_clearance)$" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/baden-airpark.de.xml b/src/chrome/content/rules/baden-airpark.de.xml
new file mode 100644
index 000000000000..c634bdcb5ba4
--- /dev/null
+++ b/src/chrome/content/rules/baden-airpark.de.xml
@@ -0,0 +1,8 @@
+<ruleset name="Baden-Airpark">
+
+	<target host="baden-airpark.de" />
+	<target host="www.baden-airpark.de" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/baden-wlan.de.xml b/src/chrome/content/rules/baden-wlan.de.xml
new file mode 100644
index 000000000000..150934904b70
--- /dev/null
+++ b/src/chrome/content/rules/baden-wlan.de.xml
@@ -0,0 +1,10 @@
+<ruleset name="BADEN-WLAN">
+
+	<target host="baden-wlan.de" />
+	<target host="www.baden-wlan.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/baden-wuerttemberg.de.xml b/src/chrome/content/rules/baden-wuerttemberg.de.xml
new file mode 100644
index 000000000000..1a4a9a445bd7
--- /dev/null
+++ b/src/chrome/content/rules/baden-wuerttemberg.de.xml
@@ -0,0 +1,206 @@
+<!--
+	Invalid certificate:
+		www.beko.baden-wuerttemberg.de
+		www.bgm.baden-wuerttemberg.de
+		www.bne.baden-wuerttemberg.de
+		drs.baden-wuerttemberg.de
+		www.ekat.baden-wuerttemberg.de
+		www.energie.baden-wuerttemberg.de
+		www.finanzministerium.baden-wuerttemberg.de
+		www.haw.baden-wuerttemberg.de
+		immobilien.baden-wuerttemberg.de
+		www.innenministerium.baden-wuerttemberg.de
+		jum.baden-wuerttemberg.de
+		www.jum.baden-wuerttemberg.de
+		www.justiz.baden-wuerttemberg.de
+		justizministerium.baden-wuerttemberg.de
+		www.justizministerium.baden-wuerttemberg.de
+		kultur.baden-wuerttemberg.de
+		www.kultusministerium.baden-wuerttemberg.de
+		www.landesmuseen.baden-wuerttemberg.de
+		mnz.lubw.baden-wuerttemberg.de
+		tools.lubw.baden-wuerttemberg.de
+		transfer.lubw.baden-wuerttemberg.de
+		www.mnz.lubw.baden-wuerttemberg.de
+		www.maschinenrichtlinie.baden-wuerttemberg.de
+		www2.mvi.baden-wuerttemberg.de
+		www.bologna.mwk.baden-wuerttemberg.de
+		www.nachhaltigkeitsstrategie.baden-wuerttemberg.de
+		www.rechnungshof.baden-wuerttemberg.de
+		www.rp.baden-wuerttemberg.de
+		www.rwb-efre.baden-wuerttemberg.de
+		statistik.baden-wuerttemberg.de
+		www.statistik.baden-wuerttemberg.de
+		www.umwelt.baden-wuerttemberg.de
+		www.umweltakademie.baden-wuerttemberg.de
+		www.umweltministerium.baden-wuerttemberg.de
+		www.vbv.baden-wuerttemberg.de
+
+	Not found:
+		www.austausch.ebzi.baden-wuerttemberg.de
+		www.zugang.ebzi.baden-wuerttemberg.de
+		www.eld.baden-wuerttemberg.de
+		www.dok.eld.baden-wuerttemberg.de
+		www.kfue.baden-wuerttemberg.de
+		www.extranet.lubw.baden-wuerttemberg.de
+		www.heimarbeit.lubw.baden-wuerttemberg.de
+		www.tools.lubw.baden-wuerttemberg.de
+		www.transfer.lubw.baden-wuerttemberg.de
+		www.mvk.baden-wuerttemberg.de
+		strassen.baden-wuerttemberg.de
+		www.extranet.um.baden-wuerttemberg.de
+		www.www4.um.baden-wuerttemberg.de
+
+	Timeout:
+		www.akadvet.baden-wuerttemberg.de
+		austausch.ebzi.baden-wuerttemberg.de
+		zugang.ebzi.baden-wuerttemberg.de
+		gaa.baden-wuerttemberg.de
+		www.gaa.baden-wuerttemberg.de
+		zeda.gaa.baden-wuerttemberg.de
+		www.gewerbeaufsicht.baden-wuerttemberg.de
+		www.klimanet4kids.baden-wuerttemberg.de
+		www.landwirtschaft-mlr.baden-wuerttemberg.de
+		fachdokumente.lubw.baden-wuerttemberg.de
+		www.fachdokumente.lubw.baden-wuerttemberg.de
+		www.gdi-umwelt.lubw.baden-wuerttemberg.de
+		www.hvz.lubw.baden-wuerttemberg.de
+		jdkgw.lubw.baden-wuerttemberg.de
+		rips-app.lubw.baden-wuerttemberg.de
+		rips-gdi.lubw.baden-wuerttemberg.de
+		rips-uis.lubw.baden-wuerttemberg.de
+		www.naturschutz.baden-wuerttemberg.de
+		lst.strassen.baden-wuerttemberg.de
+		themenpark-umwelt.baden-wuerttemberg.de
+		www.themenpark-umwelt.baden-wuerttemberg.de
+		uvm.baden-wuerttemberg.de
+		www.uvm.baden-wuerttemberg.de
+		www.xfaweb.baden-wuerttemberg.de
+
+	Wrong content:
+		taluftwiki-leitfaden.lubw.baden-wuerttemberg.de
+-->
+<ruleset name="Baden-Wuerttemberg.de">
+
+	<target host="baden-wuerttemberg.de" />
+	<target host="www.baden-wuerttemberg.de" />
+	<target host="beteiligungsportal.baden-wuerttemberg.de" />
+	<target host="www.beteiligungsportal.baden-wuerttemberg.de" />
+	<target host="eld.baden-wuerttemberg.de" />
+	<target host="dok.eld.baden-wuerttemberg.de" />
+	<target host="energiewende.baden-wuerttemberg.de" />
+	<target host="energiewendetage.baden-wuerttemberg.de" />
+	<target host="www.energiewendetage.baden-wuerttemberg.de" />
+	<target host="fm.baden-wuerttemberg.de" />
+	<target host="haushalt2017.baden-wuerttemberg.de" />
+	<target host="hochwasser.baden-wuerttemberg.de" />
+	<target host="www.hochwasser.baden-wuerttemberg.de" />
+	<target host="hvz.baden-wuerttemberg.de" />
+	<target host="www.hvz.baden-wuerttemberg.de" />
+	<target host="id.baden-wuerttemberg.de" />
+	<target host="im.baden-wuerttemberg.de" />
+	<target host="www.im.baden-wuerttemberg.de" />
+	<target host="kfue.baden-wuerttemberg.de" />
+	<target host="leader.baden-wuerttemberg.de" />
+	<target host="lubw.baden-wuerttemberg.de" />
+	<target host="www.lubw.baden-wuerttemberg.de" />
+	<target host="ekat.lubw.baden-wuerttemberg.de" />
+	<target host="extranet.lubw.baden-wuerttemberg.de" />
+	<target host="guq.lubw.baden-wuerttemberg.de" />
+	<target host="heimarbeit.lubw.baden-wuerttemberg.de" />
+	<target host="mobil.lubw.baden-wuerttemberg.de" />
+	<target host="portal.lubw.baden-wuerttemberg.de" />
+	<target host="rips-dienste.lubw.baden-wuerttemberg.de" />
+	<target host="udo.lubw.baden-wuerttemberg.de" />
+	<target host="udoprojekte.lubw.baden-wuerttemberg.de" />
+	<target host="www2.lubw.baden-wuerttemberg.de" />
+	<target host="www4.lubw.baden-wuerttemberg.de" />
+	<target host="mfw.baden-wuerttemberg.de" />
+	<target host="www.mfw.baden-wuerttemberg.de" />
+	<target host="mlr.baden-wuerttemberg.de" />
+	<target host="www.mlr.baden-wuerttemberg.de" />
+	<target host="mvi.baden-wuerttemberg.de" />
+	<target host="www.mvi.baden-wuerttemberg.de" />
+	<target host="mwk.baden-wuerttemberg.de" />
+	<target host="www.mwk.baden-wuerttemberg.de" />
+	<target host="piwik.baden-wuerttemberg.de" />
+	<target host="quickle.baden-wuerttemberg.de" />
+	<target host="www.quickle.baden-wuerttemberg.de" />
+	<target host="www.reach.baden-wuerttemberg.de" />
+	<target host="rp.baden-wuerttemberg.de" />
+	<target host="shop.baden-wuerttemberg.de" />
+	<target host="sm.baden-wuerttemberg.de" />
+	<target host="www.sm.baden-wuerttemberg.de" />
+	<target host="sozialministerium.baden-wuerttemberg.de" />
+	<target host="stm.baden-wuerttemberg.de" />
+	<target host="www.stm.baden-wuerttemberg.de" />
+	<target host="baustellen.strassen.baden-wuerttemberg.de" />
+	<target host="um.baden-wuerttemberg.de" />
+	<target host="www.um.baden-wuerttemberg.de" />
+	<target host="extranet.um.baden-wuerttemberg.de" />
+	<target host="mobil.um.baden-wuerttemberg.de" />
+	<target host="www4.um.baden-wuerttemberg.de" />
+	<target host="verfgh.baden-wuerttemberg.de" />
+	<target host="vm.baden-wuerttemberg.de" />
+	<target host="www.vm.baden-wuerttemberg.de" />
+	<target host="wm.baden-wuerttemberg.de" />
+
+	<!-- Invalid certificate on https://www.beteiligungsportal.baden-wuerttemberg.de/,
+		http://www.beteiligungsportal.baden-wuerttemberg.de/ redirects to http://beteiligungsportal.baden-wuerttemberg.de/ -->
+	<rule from="^http://www\.beteiligungsportal\.baden-wuerttemberg\.de/"
+		to="https://beteiligungsportal.baden-wuerttemberg.de/" />
+	<!-- Invalid certificate on https://energiewendetage.baden-wuerttemberg.de/,
+		http://energiewendetage.baden-wuerttemberg.de/ redirects to http://www.energiewendetage.baden-wuerttemberg.de/ -->
+	<rule from="^http://energiewendetage\.baden-wuerttemberg\.de/"
+		to="https://www.energiewendetage.baden-wuerttemberg.de/" />
+	<!-- Invalid certificate on https://hochwasser.baden-wuerttemberg.de/,
+		http://hochwasser.baden-wuerttemberg.de/ redirects to http://www.hochwasser.baden-wuerttemberg.de/ -->
+	<rule from="^http://hochwasser\.baden-wuerttemberg\.de/"
+		to="https://www.hochwasser.baden-wuerttemberg.de/" />
+	<!-- Invalid certificate on https://www.im.baden-wuerttemberg.de/,
+		http://www.im.baden-wuerttemberg.de/ redirects to http://im.baden-wuerttemberg.de/ -->
+	<rule from="^http://www\.im\.baden-wuerttemberg\.de/"
+		to="https://im.baden-wuerttemberg.de/" />
+	<!-- Invalid certificate on https://lubw.baden-wuerttemberg.de/,
+		http://lubw.baden-wuerttemberg.de/ redirects to http://www.lubw.baden-wuerttemberg.de/ -->
+	<rule from="^http://lubw\.baden-wuerttemberg\.de/"
+		to="https://www.lubw.baden-wuerttemberg.de/" />
+	<!-- Invalid certificate on https://www.mfw.baden-wuerttemberg.de/,
+		http://www.mfw.baden-wuerttemberg.de/ redirects to http://mfw.baden-wuerttemberg.de/ -->
+	<rule from="^http://www\.mfw\.baden-wuerttemberg\.de/"
+		to="https://mfw.baden-wuerttemberg.de/" />
+	<!-- Invalid certificate on https://www.mlr.baden-wuerttemberg.de/,
+		http://www.mlr.baden-wuerttemberg.de/ redirects to http://mlr.baden-wuerttemberg.de/ -->
+	<rule from="^http://www\.mlr\.baden-wuerttemberg\.de/"
+		to="https://mlr.baden-wuerttemberg.de/" />
+	<!-- Invalid certificate on https://www.mvi.baden-wuerttemberg.de/,
+		http://www.mvi.baden-wuerttemberg.de/ redirects to http://mvi.baden-wuerttemberg.de/ -->
+	<rule from="^http://www\.mvi\.baden-wuerttemberg\.de/"
+		to="https://mvi.baden-wuerttemberg.de/" />
+	<!-- Invalid certificate on https://www.mwk.baden-wuerttemberg.de/,
+		http://www.mwk.baden-wuerttemberg.de/ redirects to http://mwk.baden-wuerttemberg.de/ -->
+	<rule from="^http://www\.mwk\.baden-wuerttemberg\.de/"
+		to="https://mwk.baden-wuerttemberg.de/" />
+	<!-- Invalid certificate on https://www.quickle.baden-wuerttemberg.de/,
+		http://www.quickle.baden-wuerttemberg.de/ redirects to http://quickle.baden-wuerttemberg.de/ -->
+	<rule from="^http://www\.quickle\.baden-wuerttemberg\.de/"
+		to="https://quickle.baden-wuerttemberg.de/" />
+	<!-- Invalid certificate on https://www.sm.baden-wuerttemberg.de/,
+		http://www.sm.baden-wuerttemberg.de/ redirects to http://sm.baden-wuerttemberg.de/ -->
+	<rule from="^http://www\.sm\.baden-wuerttemberg\.de/"
+		to="https://sm.baden-wuerttemberg.de/" />
+	<!-- Invalid certificate on https://www.stm.baden-wuerttemberg.de/,
+		http://www.stm.baden-wuerttemberg.de/ redirects to http://stm.baden-wuerttemberg.de/ -->
+	<rule from="^http://www\.stm\.baden-wuerttemberg\.de/"
+		to="https://stm.baden-wuerttemberg.de/" />
+	<!-- Invalid certificate on https://www.um.baden-wuerttemberg.de/,
+		http://www.um.baden-wuerttemberg.de/ redirects to http://um.baden-wuerttemberg.de/ -->
+	<rule from="^http://www\.um\.baden-wuerttemberg\.de/"
+		to="https://um.baden-wuerttemberg.de/" />
+		<!-- Invalid certificate on https://www.vm.baden-wuerttemberg.de/,
+		http://www.vm.baden-wuerttemberg.de/ redirects to http://vm.baden-wuerttemberg.de/ -->
+	<rule from="^http://www\.vm\.baden-wuerttemberg\.de/"
+		to="https://vm.baden-wuerttemberg.de/" />
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/badv.bund.de.xml b/src/chrome/content/rules/badv.bund.de.xml
new file mode 100644
index 000000000000..872c51b61480
--- /dev/null
+++ b/src/chrome/content/rules/badv.bund.de.xml
@@ -0,0 +1,18 @@
+<!--
+	For other bund.de coverages, see Verwaltung_Online.xml.
+
+	Invalid certificate:
+		provenienz.badv.bund.de
+		stellenangebote.badv.bund.de
+-->
+<ruleset name="Bundesamt für zentrale Dienste und offene Vermögensfragen">
+	<!-- Federal Office for Central Services and Unresolved Property Issues -->
+
+	<target host="badv.bund.de" />
+	<target host="www.badv.bund.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/baf.bund.de.xml b/src/chrome/content/rules/baf.bund.de.xml
new file mode 100644
index 000000000000..b8521e36340c
--- /dev/null
+++ b/src/chrome/content/rules/baf.bund.de.xml
@@ -0,0 +1,12 @@
+<!--
+	For other bund.de coverages, see Verwaltung_Online.xml.
+-->
+<ruleset name="BAF.bund.de">
+
+	<target host="www.baf.bund.de" />
+	<target host="www.anlagenschutz.baf.bund.de" />
+	<target host="test.anlagenschutz.baf.bund.de" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/bafg.de.xml b/src/chrome/content/rules/bafg.de.xml
new file mode 100644
index 000000000000..4df3e7ac53b3
--- /dev/null
+++ b/src/chrome/content/rules/bafg.de.xml
@@ -0,0 +1,39 @@
+<!--
+	Invalid certificate:
+		grdc.bafg.de
+		kliwas.bafg.de
+		mail.bafg.de
+		wm.bafg.de
+
+	Not found:
+		autodiscover.bafg.de
+		dlr.bafg.de
+		legacy.bafg.de
+		poseidon.bafg.de
+		s-mail.bafg.de
+
+	Refused:
+		fgg-rhein.bafg.de
+		iksr.bafg.de
+
+	Timeout:
+		bibliothek.bafg.de
+		doi.bafg.de
+		elise.bafg.de
+		ftp.bafg.de
+		had.bafg.de
+		maps.bafg.de
+		ne-friend.bafg.de
+		undine.bafg.de
+		wasserblick.bafg.de
+-->
+<ruleset name="Bundesanstalt für Gewässerkunde">
+	<!-- German Federal Institute of Hydrology -->
+
+	<target host="www.bafg.de" />
+	<target host="geoportal.bafg.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/bafin.de.xml b/src/chrome/content/rules/bafin.de.xml
new file mode 100644
index 000000000000..977970a6e674
--- /dev/null
+++ b/src/chrome/content/rules/bafin.de.xml
@@ -0,0 +1,25 @@
+<!--
+	Invalid certificate:
+		www.mvp.bafin.de
+
+	Timeout:
+		cag.bafin.de
+		mvp.bafin.de
+-->
+<ruleset name="Bundesanstalt für Finanzdienstleistungsaufsicht">
+	<!-- Federal Financial Supervisory Authority -->
+
+	<target host="bafin.de" />
+	<target host="www.bafin.de" />
+	<target host="portal.mvp.bafin.de" />
+	<target host="securemail.bafin.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<!-- Invalid certificate on https://bafin.de/,
+	http://bafin.de/ redirects to http://www.bafin.de/ -->
+	<rule from="^http://bafin\.de/"
+		to="https://www.bafin.de/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/bafza.de.xml b/src/chrome/content/rules/bafza.de.xml
new file mode 100644
index 000000000000..a8c775057ade
--- /dev/null
+++ b/src/chrome/content/rules/bafza.de.xml
@@ -0,0 +1,19 @@
+<ruleset name="Bundesamt für Familie und zivilgesellschaftliche Aufgaben">
+
+	<target host="bafza.de" />
+	<target host="www.bafza.de" />
+	<target host="ads-veranstaltungen.bafza.de" />
+	<target host="bafza-veranstaltungen.bafza.de" />
+	<target host="bildungszentren.bafza.de" />
+	<target host="bmfsfj-veranstaltngen.bafza.de" />
+	<target host="bmfsfj-veranstaltungen.bafza.de" />
+	<target host="eid.bafza.de" />
+	<target host="mig.bafza.de" />
+	<target host="piwik.bafza.de" />
+	<target host="ubskm-veranstaltungen.bafza.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/bag.bund.de.xml b/src/chrome/content/rules/bag.bund.de.xml
new file mode 100644
index 000000000000..2f7db938fc70
--- /dev/null
+++ b/src/chrome/content/rules/bag.bund.de.xml
@@ -0,0 +1,20 @@
+<!--
+	For other bund.de coverages, see Verwaltung_Online.xml.
+
+	Invalid certificate:
+		www.foerderprogramme.bag.bund.de
+
+	Not found:
+		citrix.bag.bund.de
+		fms.bag.bund.de
+-->
+<ruleset name="Bundesamt für Güterverkehr">
+
+	<target host="www.bag.bund.de" />
+	<target host="austausch.bag.bund.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/baidustatic.com.xml b/src/chrome/content/rules/baidustatic.com.xml
new file mode 100644
index 000000000000..d370ff0b9024
--- /dev/null
+++ b/src/chrome/content/rules/baidustatic.com.xml
@@ -0,0 +1,22 @@
+<!--
+	Related:
+		Baidu.xml
+
+	Mismatched:
+		^
+-->
+<ruleset name="baidustatic.com">
+	<target host="cpro.baidustatic.com"/>
+		<test url="http://cpro.baidustatic.com/cpro/ui/c.js" />
+		<test url="http://cpro.baidustatic.com/cpro/ui/f.js" />
+	<target host="cpro2.baidustatic.com"/>
+		<test url="http://cpro2.baidustatic.com/cpro/ui/c.js" />
+		<test url="http://cpro2.baidustatic.com/cpro/ui/f.js" />
+	<target host="dup.baidustatic.com"/>
+		<test url="http://dup.baidustatic.com/js/ds.js" />
+	<target host="ubmcmm.baidustatic.com"/>
+		<test url="http://ubmcmm.baidustatic.com/media/v1/0f000a-JueNIFPmTOLDxY6.jpg" />
+		<test url="http://ubmcmm.baidustatic.com/media/v1/0f0005lK65iQdUtS56W--f.swf" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/baifendian.xml b/src/chrome/content/rules/baifendian.xml
new file mode 100644
index 000000000000..ba1da6e2f69e
--- /dev/null
+++ b/src/chrome/content/rules/baifendian.xml
@@ -0,0 +1,41 @@
+<!--
+	Nonfunctional subdomains:
+
+		- (www.)	(^ → www)
+
+	Problematic subdomains:
+
+		- ^	(Mismatched)
+		- blog	(Expired)
+		- en	(Refused)
+		- setup	(Expired)
+		- static
+		- static1
+
+	Fully covered subdomains:
+		- ds5.api
+		- rec.api
+		- ssl-ds5-api
+		- ssl-rec5-api
+		- ssl-static
+		- ssl-static5
+
+-->
+<ruleset name="baifendian (partial)">
+
+	<target host="*.baifendian.com" />
+
+	<rule from="^http://(\w+\.api|ssl-[\w\-]+)\.baifendian\.com/"
+		to="https://$1.baifendian.com/" />
+		<test url="http://ds5.api.baifendian.com/2.0/MRecVAV.do" />
+		<test url="http://rec.api.baifendian.com/" />
+		<test url="http://ssl-ds5-api.baifendian.com/" />
+		<test url="http://ssl-rec5-api.baifendian.com/" />
+		<test url="http://ssl-static.baifendian.com/" />
+		<test url="http://ssl-static5.baifendian.com/" />
+
+	<rule from="^http://passport\.baifendian\.com/"
+		to="https://passport.baifendian.com/" />
+		<test url="http://passport.baifendian.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/baikal-daily.ru.xml b/src/chrome/content/rules/baikal-daily.ru.xml
new file mode 100644
index 000000000000..07fab1c09fa5
--- /dev/null
+++ b/src/chrome/content/rules/baikal-daily.ru.xml
@@ -0,0 +1,5 @@
+<ruleset name="baikal-daily.ru">
+	<target host="baikal-daily.ru" />
+	<target host="www.baikal-daily.ru" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/bairdmounts.com.xml b/src/chrome/content/rules/bairdmounts.com.xml
new file mode 100644
index 000000000000..17c15c41cdcd
--- /dev/null
+++ b/src/chrome/content/rules/bairdmounts.com.xml
@@ -0,0 +1,24 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- bairdmounts.com
+		- www.bairdmounts.com
+
+-->
+<ruleset name="Baird Mounts.com">
+
+	<target host="bairdmounts.com" />
+	<target host="www.bairdmounts.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?bairdmounts\.com$" name="^(?:CFID|CFTOKEN|JSESSIONID)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/bakoev.bund.de.xml b/src/chrome/content/rules/bakoev.bund.de.xml
new file mode 100644
index 000000000000..bed168b3082e
--- /dev/null
+++ b/src/chrome/content/rules/bakoev.bund.de.xml
@@ -0,0 +1,16 @@
+<!--
+	For other bund.de coverages, see Verwaltung_Online.xml.
+
+	Invalid certificate:
+		autorentool.bakoev.bund.de
+-->
+<ruleset name="Bundesakademie für öffentliche Verwaltung">
+	<!-- Federal Academy of Public Administration -->
+
+	<target host="www.bakoev.bund.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/baks.bund.de.xml b/src/chrome/content/rules/baks.bund.de.xml
new file mode 100644
index 000000000000..262f17cb6bcd
--- /dev/null
+++ b/src/chrome/content/rules/baks.bund.de.xml
@@ -0,0 +1,14 @@
+<!--
+	For other bund.de coverages, see Verwaltung_Online.xml.
+-->
+<ruleset name="Bundesakademie für Sicherheitspolitik">
+	<!-- Federal Agency for Security Policy -->
+
+	<target host="www.baks.bund.de" />
+	<target host="newsletter.baks.bund.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/baksman.com.xml b/src/chrome/content/rules/baksman.com.xml
new file mode 100644
index 000000000000..6b9ae6d1eea5
--- /dev/null
+++ b/src/chrome/content/rules/baksman.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="baksman.com">
+	<target host="baksman.com" />
+	<target host="www.baksman.com" />
+	<target host="support.baksman.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/balabit.hu.xml b/src/chrome/content/rules/balabit.hu.xml
new file mode 100644
index 000000000000..d1a4181397c5
--- /dev/null
+++ b/src/chrome/content/rules/balabit.hu.xml
@@ -0,0 +1,55 @@
+<!--
+	Fetch test note: p://lists.../$ redirects
+	to s://lists.../$ 404 ?=> test failure
+
+	For other BalaBit coverage, see BalaBit.com.xml.
+
+
+	Problematic hosts in *balabit.hu:
+
+		- (www.)? ᵐ
+		- support ᵐ
+
+	ᵐ Mismatched
+
+-->
+<ruleset name="Balabit.hu">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="lists.balabit.hu" />
+
+	<!--	Complications:
+				-->
+	<target host="balabit.hu" />
+	<target host="support.balabit.hu" />
+	<target host="www.balabit.hu" />
+
+		<!--	$ 404s, so:
+					-->
+		<test url="http://lists.balabit.hu/mailman/listinfo" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<!--	Redirect keeps path and args,
+		but not forward slash:
+					-->
+	<rule from="^http://(?:www\.)?balabit\.hu/+"
+		to="https://www.balabit.com/hu/" />
+
+		<test url="http://www.balabit.hu/privacy-policy" />
+
+	<!--	Redirect keeps path and args,
+		but not forward slash:
+					-->
+	<rule from="^http://support\.balabit\.hu/+"
+		to="https://support.balabit.com/" />
+
+		<test url="http://support.balabit.hu/default.aspx" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ballotpedia.org.xml b/src/chrome/content/rules/ballotpedia.org.xml
new file mode 100644
index 000000000000..c4e24972bc2f
--- /dev/null
+++ b/src/chrome/content/rules/ballotpedia.org.xml
@@ -0,0 +1,14 @@
+<ruleset name="Ballotpedia.org">
+
+	<target host="ballotpedia.org" />
+	<target host="www.ballotpedia.org" />
+
+
+	<securecookie host="^\." name="^__qca$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/balnet.ru.xml b/src/chrome/content/rules/balnet.ru.xml
new file mode 100644
index 000000000000..4b4d8e396d14
--- /dev/null
+++ b/src/chrome/content/rules/balnet.ru.xml
@@ -0,0 +1,41 @@
+<!--
+1c.corp.balnet.ru ⁴
+balnet7.corp.balnet.ru ³
+buhgalteria2.corp.balnet.ru ³
+dc1.corp.balnet.ru ¹
+molypcwin10.corp.balnet.ru ²
+old1c.corp.balnet.ru ³
+winserv.corp.balnet.ru ³
+game.balnet.ru ³
+hotspot.balnet.ru ³
+mail.balnet.ru ²
+mon.balnet.ru ⁴
+msdc.balnet.ru ³
+ns2.balnet.ru ²
+office.balnet.ru ³
+podpiska.balnet.ru ¹
+server.balnet.ru ³
+service.balnet.ru ³
+secondarydns.services.balnet.ru ²
+speedtest1.balnet.ru ⁴
+vpn.balnet.ru ³
+
+
+¹ mismatch
+² refused
+³ timed out
+⁴ self signed
+-->
+<ruleset name="balnet.ru">
+	<target host="balnet.ru" />
+	<target host="www.balnet.ru" />
+	<target host="billing.balnet.ru" />
+	<target host="corp.balnet.ru" />
+	<target host="fs.balnet.ru" />
+	<target host="ns1.balnet.ru" />
+	<target host="pbx.balnet.ru" />
+	<target host="webhosting.services.balnet.ru" />
+	<target host="test.balnet.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/bamf.de.xml b/src/chrome/content/rules/bamf.de.xml
new file mode 100644
index 000000000000..dd0fa31c43ae
--- /dev/null
+++ b/src/chrome/content/rules/bamf.de.xml
@@ -0,0 +1,37 @@
+<!--
+	Connection failed:
+		oet.bamf.de
+		webgis.bamf.de
+		zirf.bamf.de
+
+	Unable to get local issuer certificate:
+		benutzer.test.migra.bamf.de
+-->
+<ruleset name="Bundesamt für Migration und Flüchtlinge">
+
+	<target host="bamf.de" />
+	<target host="www.bamf.de" />
+	<target host="alwis.bamf.de" />
+	<target host="amif.bamf.de" />
+	<target host="dik.bamf.de" />
+	<target host="infopool-ga.bamf.de" />
+	<target host="isi.bamf.de" />
+	<target host="meb.bamf.de" />
+	<target host="benutzer.migra.bamf.de" />
+	<target host="portal.migra.bamf.de" />
+	<target host="services.migra.bamf.de" />
+	<target host="services.test.migra.bamf.de" />
+	<target host="migration.bamf.de" />
+	<target host="milo.bamf.de" />
+	<target host="umfragen.bamf.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<!-- Invalid certificate on https://bamf.de/,
+	http://bamf.de/ redirects to http://www.bamf.de/ -->
+	<rule from="^http://bamf\.de/"
+		to="https://www.bamf.de/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/bandaancha.eu.xml b/src/chrome/content/rules/bandaancha.eu.xml
new file mode 100644
index 000000000000..ac28a4fe1bc6
--- /dev/null
+++ b/src/chrome/content/rules/bandaancha.eu.xml
@@ -0,0 +1,6 @@
+<ruleset name="bandaancha.eu">
+  <target host="bandaancha.eu" />
+  <target host="www.bandaancha.eu" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/bankcomat.com.xml b/src/chrome/content/rules/bankcomat.com.xml
new file mode 100644
index 000000000000..0f5a39182700
--- /dev/null
+++ b/src/chrome/content/rules/bankcomat.com.xml
@@ -0,0 +1,13 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://bankcomat.com/ => https://bankcomat.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.bankcomat.com/ => https://www.bankcomat.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+-->
+<ruleset name="bankcomat.com" default_off="failed ruleset test">
+	<target host="bankcomat.com" />
+	<target host="www.bankcomat.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/bankid.com.xml b/src/chrome/content/rules/bankid.com.xml
new file mode 100644
index 000000000000..20e852e63837
--- /dev/null
+++ b/src/chrome/content/rules/bankid.com.xml
@@ -0,0 +1,37 @@
+<!-- 
+	Unknown CA:
+
+		- appapi.bankid.com   
+		- appapi2.bankid.com
+		- bamse.bankid.com
+		- cavainternal.bankid.com
+		- appapi.dev.bankid.com
+		- cavainternal.dev.bankid.com
+		- appapi.test.bankid.com
+		- cuapi.test.bankid.com
+		- cureg.test.bankid.com
+-->
+
+<ruleset name="bankid.com">
+	<target host="bankid.com" />
+	<target host="www.bankid.com" />
+	<target host="alert.bankid.com" />
+	<target host="app.bankid.com" />
+	<target host="cu.bankid.com" />
+	<target host="demo.bankid.com" />
+	<target host="help.bankid.com" />
+	<target host="install.bankid.com" />
+	<target host="www.install.bankid.com" />
+	<target host="m.bankid.com" />
+	<target host="mexx.bankid.com" />
+	<target host="vks.bankid.com" />
+	<target host="support.bankid.com" />
+	<target host="www.support.bankid.com" />
+	<target host="test.bankid.com" />
+	<target host="www.test.bankid.com" />
+	<target host="cu.test.bankid.com" />
+	<target host="mexx.test.bankid.com" />
+	<target host="otp.test.bankid.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/bankir.ru.xml b/src/chrome/content/rules/bankir.ru.xml
new file mode 100644
index 000000000000..95b12633b476
--- /dev/null
+++ b/src/chrome/content/rules/bankir.ru.xml
@@ -0,0 +1,7 @@
+<!-- mobile. redirect to http
+aksakov. nonexist domain -->
+<ruleset name="bankir.ru">
+	<target host="bankir.ru" />
+	<target host="www.bankir.ru" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/banned.video.xml b/src/chrome/content/rules/banned.video.xml
new file mode 100644
index 000000000000..332cf716234a
--- /dev/null
+++ b/src/chrome/content/rules/banned.video.xml
@@ -0,0 +1,11 @@
+<ruleset name="banned.video">
+	<target host="banned.video" />
+	<target host="www.banned.video" />
+	<target host="api.banned.video" />
+	<target host="api-admin.banned.video" />
+	<target host="chat.banned.video" />
+	<target host="chat-staging.banned.video" />
+	<target host="downloads.banned.video" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/bargainmoose.ca.xml b/src/chrome/content/rules/bargainmoose.ca.xml
new file mode 100644
index 000000000000..9864d9af228f
--- /dev/null
+++ b/src/chrome/content/rules/bargainmoose.ca.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.bargainmoose.ca
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Bargainmoose.ca">
+
+	<target host="bargainmoose.ca" />
+	<target host="www.bargainmoose.ca" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.bargainmoose\.ca$" name="^(?:bargainmoose|has_viewed_notice)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/barikat.gr.xml b/src/chrome/content/rules/barikat.gr.xml
new file mode 100644
index 000000000000..35952cbd9d36
--- /dev/null
+++ b/src/chrome/content/rules/barikat.gr.xml
@@ -0,0 +1,8 @@
+<ruleset name="barikat.gr">
+	<target host="barikat.gr" />
+	<target host="www.barikat.gr" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/barnardos.org.uk.xml b/src/chrome/content/rules/barnardos.org.uk.xml
new file mode 100644
index 000000000000..4027fa74d713
--- /dev/null
+++ b/src/chrome/content/rules/barnardos.org.uk.xml
@@ -0,0 +1,55 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://testllwcmlw.barnardos.org.uk/ => https://testllwcmlw.barnardos.org.uk/: (35, 'Unknown SSL protocol error in connection to testllwcmlw.barnardos.org.uk:443 ')
+
+	Nonfunctional hosts in *barnardos.org.uk:
+
+		- www1 ᵃ
+
+	ᵃ Shows another domain
+
+
+	Problematic hosts in *barnardos.org.uk:
+
+		- ^ ³
+		- community ᶜ
+
+	³ 403
+	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.barnardos.org.uk
+
+-->
+<ruleset name="Barnardos.org.uk (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<!--target host="community.barnardos.org.uk" /-->
+	<target host="greetingcards.barnardos.org.uk" />
+	<target host="testllwcmlw.barnardos.org.uk" />
+	<target host="www.barnardos.org.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="barnardos.org.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.barnardos\.org\.uk$" name="^ANONID$" /-->
+
+	<securecookie host="^\." name="^_(?:_qca|gat?)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://barnardos\.org\.uk/"
+		to="https://www.barnardos.org.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/barnet.gov.uk.xml b/src/chrome/content/rules/barnet.gov.uk.xml
new file mode 100644
index 000000000000..f7225cb6a241
--- /dev/null
+++ b/src/chrome/content/rules/barnet.gov.uk.xml
@@ -0,0 +1,72 @@
+<!--
+	London Borough of Barnet Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *barnet.gov.uk:
+
+		- www.libraries ᵈ
+		- petitions ᵗ
+		- www.travelplans ʳ
+
+	ᵈ Dropped
+	ʳ Refused
+	ᵗ Reset
+
+
+	Problematic hosts in *barnet.gov.uk:
+
+		- ^ ᵐ
+		- committeepapers ⁴ ᵐ
+
+	⁴ 404
+	ᵐ Mismatched
+
+
+	These altnames don't exist:
+
+		- www.engage.barnet.gov.uk
+		- www.open.barnet.gov.uk
+
+
+	Insecure cookies are set for these hosts:
+
+		- ask.barnet.gov.uk
+		- www.barnet.gov.uk
+
+-->
+<ruleset name="Barnet.gov.uk">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ask.barnet.gov.uk" />
+	<target host="engage.barnet.gov.uk" />
+	<target host="open.barnet.gov.uk" />
+	<target host="publicaccess.barnet.gov.uk" />
+	<target host="www.barnet.gov.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="barnet.gov.uk" />
+	<target host="committeepapers.barnet.gov.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^ask\.barnet\.gov\.uk$" name="^identitytoken$" /-->
+	<!--securecookie host="^www\.barnet\.gov\.uk$" name="^ROUTEID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://barnet\.gov\.uk/"
+		to="https://www.barnet.gov.uk/" />
+
+	<rule from="^http://committeepapers\.barnet\.gov\.uk/"
+		to="https://barnet.moderngov.co.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/barrons.com.xml b/src/chrome/content/rules/barrons.com.xml
new file mode 100644
index 000000000000..87b74e09d551
--- /dev/null
+++ b/src/chrome/content/rules/barrons.com.xml
@@ -0,0 +1,41 @@
+<!--
+	For other News Corporation coverage, see News-Corporation.xml.
+
+
+	Nonfunctional hosts in *barrons.com:
+
+		- blogs ³
+
+	³ 503, Akamai
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- .barrons.com
+		- blue-store.barrons.com
+		- store.barrons.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Barrons.com (partial)">
+
+	<target host="blue-store.barrons.com" />
+	<target host="buy.barrons.com" />
+	<target host="store.barrons.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.barrons\.com$" name="^djcs_route$" /-->
+	<!--securecookie host="^(?:blue-)?store\.barrons\.com$" name="^AWSELB$" /-->
+
+
+	<securecookie host=".+" name="^optimizely" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/baruwa.com.xml b/src/chrome/content/rules/baruwa.com.xml
new file mode 100644
index 000000000000..ecf8e40afc77
--- /dev/null
+++ b/src/chrome/content/rules/baruwa.com.xml
@@ -0,0 +1,11 @@
+<ruleset name="baruwa.com">
+	<target host="baruwa.com" />
+	<target host="www.baruwa.com" />
+	<target host="downloads.baruwa.com" />
+	<target host="lists.baruwa.com" />
+	<target host="blog.baruwa.com" />
+	<target host="packages.baruwa.com" />
+	<target host="archive.baruwa.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/base64-image.de.xml b/src/chrome/content/rules/base64-image.de.xml
new file mode 100644
index 000000000000..97f7a024f0cf
--- /dev/null
+++ b/src/chrome/content/rules/base64-image.de.xml
@@ -0,0 +1,6 @@
+<ruleset name="base64-image.de">
+	<target host="base64-image.de" />
+	<target host="www.base64-image.de" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/base64decode.org.xml b/src/chrome/content/rules/base64decode.org.xml
new file mode 100644
index 000000000000..c11ff8adb9b9
--- /dev/null
+++ b/src/chrome/content/rules/base64decode.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="base64decode.org">
+	<target host="base64decode.org" />
+	<target host="www.base64decode.org" />
+	<target host="base64encode.org" />
+	<target host="www.base64encode.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/basekit.com.xml b/src/chrome/content/rules/basekit.com.xml
new file mode 100644
index 000000000000..86e3edc7a1cf
--- /dev/null
+++ b/src/chrome/content/rules/basekit.com.xml
@@ -0,0 +1,47 @@
+<!--
+	2018 Update:
+	custom-css.basekit.com redirects to basekit.com
+
+	Invalid certificate:
+		custom-css.basekit.com
+		docs.basekit.com
+		resources.basekit.com
+
+	Mixed content:
+		www.basekit.com
+
+	Time out:
+		knowledge.basekit.com
+
+	Protocol-relative inclusion of custom-css.basekit.com:
+		resellers.basekit.com
+		try.basekit.com
+
+	Each customer gets its own subdomain.
+
+-->
+<ruleset name="BaseKit.com (partial)">
+
+	<target host="basekit.com" />
+	<target host="*.basekit.com" />
+
+		<test url="http://apidocs.basekit.com/" />
+		<test url="http://developers.basekit.com/" />
+		<test url="http://resellers.basekit.com/" />
+		<test url="http://scottishculture.basekit.com/" />
+		<test url="http://support.basekit.com/" />
+		<test url="http://trivia.basekit.com/" />
+		<test url="http://try.basekit.com/" />
+
+		<exclusion pattern="^http://(docs|resources|knowledge)\.basekit\.com/" />
+
+			<test url="http://docs.basekit.com/" />
+			<test url="http://resources.basekit.com/" />
+			<test url="http://knowledge.basekit.com/" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/basildon.gov.uk.xml b/src/chrome/content/rules/basildon.gov.uk.xml
new file mode 100644
index 000000000000..d7e4e9fd85fd
--- /dev/null
+++ b/src/chrome/content/rules/basildon.gov.uk.xml
@@ -0,0 +1,72 @@
+<!--
+	Basildon Borough Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *basildon.gov.uk:
+
+		- planning ᵈ
+
+	ᵈ Dropped
+
+
+	Insecure cookies are set for these hosts:
+
+		- payments.basildon.gov.uk
+		- www4.basildon.gov.uk
+		- www5.basildon.gov.uk
+
+-->
+<ruleset name="Basildon.gov.uk (partial)">
+
+	<target host="onlinebenefitclaim.basildon.gov.uk" />
+	<target host="payments.basildon.gov.uk" />
+	<target host="www.basildon.gov.uk" />
+	<target host="www3.basildon.gov.uk" />
+	<target host="www4.basildon.gov.uk" />
+	<target host="www5.basildon.gov.uk" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.basildon\.gov\.uk/(?:contactus|fraud|home)$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.basildon\.gov\.uk/+(?!\w+/(?:css|images|template)/|CHttpHandler\.ashx|media/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.basildon.gov.uk/article/1945/Contact-Us" />
+			<test url="http://www.basildon.gov.uk/business" />
+			<test url="http://www.basildon.gov.uk/contactus" />
+			<test url="http://www.basildon.gov.uk/fraud" />
+			<test url="http://www.basildon.gov.uk/home" />
+			<test url="http://www.basildon.gov.uk/housing" />
+			<test url="http://www.basildon.gov.uk/leisure" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.basildon.gov.uk/basildon/images/listbullet.gif" />
+			<test url="http://www.basildon.gov.uk/basildon/css/styleprint.css" />
+			<test url="http://www.basildon.gov.uk/media/image/t/5/Pay_Now_140x30.jpg" />
+			<test url="http://www.basildon.gov.uk/basildon/template/home/css/home.css" />
+
+		<!--	Sets cookies without Secure:
+							-->
+		<!--test url="http://www4.basildon.gov.uk/live/scripts/orev.wsc/ibsxmlpr.p?docid=login" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^payments\.basildon\.gov\.uk$" name="^ASPSESSIONID[A-Z]{8}$" /-->
+	<!--securecookie host="^www4\.basildon\.gov\.uk$" name="^(?:\w+|anon-session|session-id)$" /-->
+	<!--securecookie host="^www5\.basildon\.gov\.uk$" name="^anonprofile$" /-->
+
+	<securecookie host="^(?!www\.)\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/bastamag.net.xml b/src/chrome/content/rules/bastamag.net.xml
new file mode 100644
index 000000000000..355e8067f301
--- /dev/null
+++ b/src/chrome/content/rules/bastamag.net.xml
@@ -0,0 +1,10 @@
+<ruleset name="Bastamag.net">
+
+	<target host="bastamag.net" />
+	<target host="www.bastamag.net" />
+	<target host="portail.bastamag.net" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/bataysk-gorod.ru.xml b/src/chrome/content/rules/bataysk-gorod.ru.xml
new file mode 100644
index 000000000000..13a3c5d5e8fc
--- /dev/null
+++ b/src/chrome/content/rules/bataysk-gorod.ru.xml
@@ -0,0 +1,13 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://bataysk-gorod.ru/ => https://bataysk-gorod.ru/: (7, 'Failed to connect to bataysk-gorod.ru port 443: Connection refused')
+Fetch error: http://www.bataysk-gorod.ru/ => https://www.bataysk-gorod.ru/: (7, 'Failed to connect to www.bataysk-gorod.ru port 443: Connection refused')
+Fetch error: http://rss.bataysk-gorod.ru/ => https://rss.bataysk-gorod.ru/: (7, 'Failed to connect to rss.bataysk-gorod.ru port 443: Connection refused')
+ old. refused -->
+<ruleset name="bataysk-gorod.ru" default_off="failed ruleset test">
+	<target host="bataysk-gorod.ru" />
+	<target host="www.bataysk-gorod.ru" />
+	<target host="rss.bataysk-gorod.ru" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/bato.to.xml b/src/chrome/content/rules/bato.to.xml
new file mode 100644
index 000000000000..bf27fed1a8cf
--- /dev/null
+++ b/src/chrome/content/rules/bato.to.xml
@@ -0,0 +1,7 @@
+<ruleset name="bato.to">
+	<target host="www.bato.to"/>
+	<target host="bato.to"/>
+
+	<rule from="^http:"
+		to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/bauercreative.net.xml b/src/chrome/content/rules/bauercreative.net.xml
new file mode 100644
index 000000000000..32a1bfea9914
--- /dev/null
+++ b/src/chrome/content/rules/bauercreative.net.xml
@@ -0,0 +1,15 @@
+<!--
+	For other Bauer Media coverage, see bauermedia.co.uk.xml.
+
+-->
+<ruleset name="Bauer creative.net">
+
+	<target host="static.bauercreative.net" />
+		<test url="http://static.bauercreative.net/zombie/css/index.css" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+
+</ruleset>
diff --git a/src/chrome/content/rules/bauermedia.co.uk.xml b/src/chrome/content/rules/bauermedia.co.uk.xml
new file mode 100644
index 000000000000..5c95d0a1d2dd
--- /dev/null
+++ b/src/chrome/content/rules/bauermedia.co.uk.xml
@@ -0,0 +1,61 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://bauermedia.co.uk/ => https://bauermedia.co.uk/: (7, 'Failed to connect to bauermedia.co.uk port 443: Connection timed out')
+
+	Other Bauer Media rulesets:
+
+		- bauercreative.net.xml
+
+
+	Nonfunctional hosts in *bauermedia.co.uk:
+
+		- cfk ʳ
+		- creative ʳ
+
+	ʳ Refused
+
+
+	Problematic hosts in *bauermedia.co.uk:
+
+		- mediastorage-lls ᵐ
+		- microsite ᵉ
+
+	ᵉ Expired
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.bauermedia.co.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Images on www from $self ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Bauer Media.co.uk (partial)" default_off="failed ruleset test">
+
+	<target host="bauermedia.co.uk" />
+	<!--target host="mediastorage-lls.bauermedia.co.uk" /-->
+	<target host="www.bauermedia.co.uk" />
+
+		<!--test url="http://mediastorage-lls.bauermedia.co.uk/thedebrief/cover/the-debrief-logo.png" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.bauermedia\.co\.uk$" name="^BSSID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/baumglueck.de.xml b/src/chrome/content/rules/baumglueck.de.xml
new file mode 100644
index 000000000000..248dc300df3a
--- /dev/null
+++ b/src/chrome/content/rules/baumglueck.de.xml
@@ -0,0 +1,36 @@
+<!--
+	^baumglueck.de: mismatched
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.baumglueck.de
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Baumglueck.de">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.baumglueck.de" />
+
+	<!--	Complications:
+				-->
+	<target host="baumglueck.de" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.baumglueck\.de$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://baumglueck\.de/"
+		to="https://www.baumglueck.de/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/bav.bund.de.xml b/src/chrome/content/rules/bav.bund.de.xml
new file mode 100644
index 000000000000..d46536a6af46
--- /dev/null
+++ b/src/chrome/content/rules/bav.bund.de.xml
@@ -0,0 +1,11 @@
+<!--
+	For other bund.de coverages, see Verwaltung_Online.xml.
+-->
+<ruleset name="BAV.bund.de">
+
+	<target host="www.bav.bund.de" />
+	<target host="owa.bav.bund.de" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/bay12games.com.xml b/src/chrome/content/rules/bay12games.com.xml
new file mode 100644
index 000000000000..0089429227ca
--- /dev/null
+++ b/src/chrome/content/rules/bay12games.com.xml
@@ -0,0 +1,21 @@
+<!--
+	Refused:
+		- dffd.bay12games.com
+
+	Mismatched:
+		- ftp.bay12games.com
+		- lists.bay12games.com
+		- mail.bay12games.com
+		- ns1.bay12games.com
+		- ns2.bay12games.com
+		- vps.bay12games.com
+
+	Self-signed:
+		- webmail.bay12games.com
+-->
+<ruleset name="bay12games.com">
+	<target host="bay12games.com" />
+	<target host="www.bay12games.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/bbci.co.uk.xml b/src/chrome/content/rules/bbci.co.uk.xml
new file mode 100644
index 000000000000..424db99e48a6
--- /dev/null
+++ b/src/chrome/content/rules/bbci.co.uk.xml
@@ -0,0 +1,71 @@
+<!--
+	For other BBC coverage, see BBC.xml.
+
+
+	Note: platform is for not increasing
+	non-Tor distinguishability.
+
+
+	Mixed content:
+
+		- Image on feeds from news.bbcimg.co.uk
+
+-->
+<ruleset name="BBCi.co.uk (partial)" platform="mixedcontent">
+
+	<target host="emp.bbci.co.uk" />
+	<target host="feeds.bbci.co.uk" />
+
+	<target host="a-ssl.files.bbci.co.uk" />
+	<target host="c.files.bbci.co.uk" />
+	<target host="homepage.files.bbci.co.uk" />
+	<target host="m.files.bbci.co.uk" />
+	<target host="mybbc.files.bbci.co.uk" />
+	<target host="nav.files.bbci.co.uk" />
+	<target host="travel.files.bbci.co.uk" />
+
+	<target host="ichef.bbci.co.uk" />
+	<target host="ichef-1.bbci.co.uk" />
+	<target host="open.bbci.co.uk" />
+	<target host="static.bbci.co.uk" />
+
+		<!--    Avoid potential XHR or flash policy problems:
+									-->
+		<exclusion pattern="^http:/(?!.+\.(?:bmp|css|gifv?|ico|jpe?g|pdf|png|svg|tiff?|ttf|woff)(?:$|\?))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://emp.bbci.co.uk/emp/SMPf/1.16.3/StandardMediaPlayerChromelessFlash.swf" />
+			<test url="http://feeds.bbci.co.uk/news/rss.xml" />
+			<test url="http://homepage.files.bbci.co.uk/s/homepage-v5/2182/javascripts/app.js" />
+			<test url="http://homepage.files.bbci.co.uk/s/homepage-v5/2182/javascripts/html5shiv.js" />
+			<test url="http://mybbc.files.bbci.co.uk/s/notification-ui/1.4.4/js/notifications.js" />
+			<test url="http://nav.files.bbci.co.uk/orbit/1.0.0-217.aea399d/js/edr.min.js" />
+			<test url="http://nav.files.bbci.co.uk/orbit/1.0.0-217.aea399d/js/orb.min.js" />
+			<test url="http://static.bbci.co.uk/frameworks/barlesque/2.59.1/orb/4/script/orb.js" />
+			<test url="http://static.bbci.co.uk/frameworks/barlesque/2.59.1/orb/4/script/orb/api.min.js" />
+			<test url="http://static.bbci.co.uk/frameworks/barlesque/2.59.1/orb/4/script/vendor/edr.js" />
+			<test url="http://static.bbci.co.uk/frameworks/requirejs/0.13.1/sharedmodules/require.js" />
+			<test url="http://static.bbci.co.uk/ws/js/vendor/site_catalyst/s_code_bbcws.js" />
+
+		<test url="http://c.files.bbci.co.uk/F681/production/_89650136_0505villarricavolcano-chile-reuters.jpg" />
+		<test url="http://c.files.bbci.co.uk/F681/production/_89650136_0505villarricavolcano-chile-reuters.jpg" />
+		<test url="http://homepage.files.bbci.co.uk/s/homepage-v5/2164/images/right-arrow--grey.svg" />
+		<test url="http://m.files.bbci.co.uk/releases/1141/libs/bbc-grandstand/dist/core.css" />
+		<test url="http://mybbc.files.bbci.co.uk/s/notification-ui/1.4.2/css/main.min.css" />
+		<test url="http://nav.files.bbci.co.uk/orbit/1.0.0-204.0515ca1/img/orb-sprite.gif" />
+		<test url="http://ichef.bbci.co.uk/images/ic/112x63/p03tsslw.jpg" />
+		<test url="http://ichef-1.bbci.co.uk/news/200/cpsprodpb/175C2/production/_89228659_89226311.jpg" />
+		<test url="http://rmp.files.bbci.co.uk/branding/live/images/0cfc5476582881a00a1ce3c60b5ce198.png" />
+		<test url="http://travel.files.bbci.co.uk/travel-ui/335/img/search/sprites/locservices_ui_x1.png" />
+
+		<test url="http://static.bbci.co.uk/modules/twitter/0.2.4/img/trans.gif" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/bbcimg.co.uk.xml b/src/chrome/content/rules/bbcimg.co.uk.xml
new file mode 100644
index 000000000000..e2c7f9209a5d
--- /dev/null
+++ b/src/chrome/content/rules/bbcimg.co.uk.xml
@@ -0,0 +1,55 @@
+<!--
+	For other BBC coverage, see BBC.xml.
+
+
+	Note: platform is for not increasing
+	non-Tor dinstinguishability.
+
+-->
+<ruleset name="BBCimg.co.uk" platform="mixedcontent">
+
+	<target host="news.bbcimg.co.uk" />
+	<target host="node1.bbcimg.co.uk" />
+	<target host="node2.bbcimg.co.uk" />
+	<target host="node3.bbcimg.co.uk" />
+	<target host="node4.bbcimg.co.uk" />
+	<target host="tile1.bbcimg.co.uk" />
+	<target host="tile2.bbcimg.co.uk" />
+	<target host="tile3.bbcimg.co.uk" />
+	<target host="tile4.bbcimg.co.uk" />
+	<target host="tiles.bbcimg.co.uk" />
+
+		<!--    Avoid potential XHR or flash policy problems:
+									-->
+		<exclusion pattern="^http:/(?!.+\.(?:bmp|css|gifv?|ico|jpe?g|pdf|png|svg|tiff?|ttf|woff)(?:$|\?))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://news.bbcimg.co.uk/js/app/av/emp/2_0_55/compatibility.js" />
+			<test url="http://news.bbcimg.co.uk/js/app/av/emp/2_0_55/emp.js" />
+			<test url="http://news.bbcimg.co.uk/js/app/bbccom/0.3.213/bbccom.js" />
+			<test url="http://news.bbcimg.co.uk/js/common/3_2_1/bbc_fmtj_common.js" />
+			<test url="http://news.bbcimg.co.uk/js/config/apps/4_7_2/bbc_fmtj_config.js" />
+			<test url="http://news.bbcimg.co.uk/js/core/3_3_1/bbc_fmtj.js" />
+			<test url="http://news.bbcimg.co.uk/js/locationservices/locator/v4_0/locator.js" />
+			<test url="http://node1.bbcimg.co.uk/glow/gloader.0.1.6.js" />
+			<test url="http://node2.bbcimg.co.uk/default.aspx" />
+			<test url="http://node2.bbcimg.co.uk/index.cgi" />
+			<test url="http://node3.bbcimg.co.uk/index.htm" />
+			<test url="http://node3.bbcimg.co.uk/index.html" />
+			<test url="http://node4.bbcimg.co.uk/index.jsp" />
+			<test url="http://node4.bbcimg.co.uk/index.php" />
+
+		<test url="http://news.bbcimg.co.uk/nol/shared/img/bbc_news_120x60.gif" />
+		<test url="http://node1.bbcimg.co.uk/iplayer/images/episode/b0082f1x_178_100.jpg" />
+		<test url="http://node2.bbcimg.co.uk/iplayer/images/episode/b00b9nzb_86_48.jpg" />
+		<test url="http://node3.bbcimg.co.uk/iplayer/images/episode/b011ldx5_178_100.jpg" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/bbg.gov.xml b/src/chrome/content/rules/bbg.gov.xml
new file mode 100644
index 000000000000..e09164e1f36c
--- /dev/null
+++ b/src/chrome/content/rules/bbg.gov.xml
@@ -0,0 +1,46 @@
+<!--
+	Broadcasting Board of Governors
+
+	For other U.S. government coverage, see US-government.xml.
+
+
+	Nonfunctional hosts in *bbg.gov:
+
+		- ^ ᵈ
+		- bbgetraining ᵈ
+		- oddi ʳ
+		- pressbooks ʳ
+		- strategy ʰ
+		- viewpoint ʰ
+		- www ʰ
+
+	ᵈ Dropped
+	ʳ Refused
+	ʰ Redirects to http
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- innovation.bbg.gov
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="BBG.gov (partial)">
+
+	<target host="apps.bbg.gov" />
+	<target host="innovation.bbg.gov" />
+	<target host="notebook.bbg.gov" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^innovation\.bbg\.gov$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/bbk.bund.de.xml b/src/chrome/content/rules/bbk.bund.de.xml
new file mode 100644
index 000000000000..3fb04263ea6c
--- /dev/null
+++ b/src/chrome/content/rules/bbk.bund.de.xml
@@ -0,0 +1,19 @@
+<!--
+	For other bund.de coverages, see Verwaltung_Online.xml.
+
+	Timeout:
+	  fis.bbk.bund.de
+-->
+<ruleset name="Bundesamt für Bevölkerungsschutz und Katastrophenhilfe">
+	<!-- Federal Office of Civil protection and Disaster Assistance. -->
+
+	<target host="bbk.bund.de" />
+	<target host="www.bbk.bund.de" />
+	<target host="austausch.bbk.bund.de" />
+	<target host="warnung.bund.de" />
+
+	<!-- Invalid certificate on https://bbk.bund.de/
+ 		 http://bbk.bund.de/ redirects to http://www.bbk.bund.de/ -->
+	<rule from="^http://bbk\.bund\.de/" to="https://www.bbk.bund.de/"/>
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/bbr.bund.de.xml b/src/chrome/content/rules/bbr.bund.de.xml
new file mode 100644
index 000000000000..9b0d6b119bf2
--- /dev/null
+++ b/src/chrome/content/rules/bbr.bund.de.xml
@@ -0,0 +1,21 @@
+<!--
+	For other bund.de coverages, see Verwaltung_Online.xml.
+
+	Invalid certificate:
+		mobzu.bbr.bund.de
+
+	Not found:
+		www.info.bbr.bund.de
+		www.mobzu.bbr.bund.de
+-->
+<ruleset name="Bundesamt für Bauwesen und Raumordnung">
+	<!-- Federal Office for Building and Regional Planning -->
+
+	<target host="www.bbr.bund.de" />
+	<target host="info.bbr.bund.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/bbsr.bund.de.xml b/src/chrome/content/rules/bbsr.bund.de.xml
new file mode 100644
index 000000000000..58a95b8bd40a
--- /dev/null
+++ b/src/chrome/content/rules/bbsr.bund.de.xml
@@ -0,0 +1,13 @@
+<!--
+	For other bund.de coverages, see Verwaltung_Online.xml.
+-->
+<ruleset name="Bundesinstitut für Bau-, Stadt- und Raumforschung">
+	<!-- Federal Institute for Research on Building, Urban Affairs and Spatial Development -->
+
+	<target host="www.bbsr.bund.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/bbthat.com.xml b/src/chrome/content/rules/bbthat.com.xml
new file mode 100644
index 000000000000..aaad2e9c77d3
--- /dev/null
+++ b/src/chrome/content/rules/bbthat.com.xml
@@ -0,0 +1,25 @@
+<!--
+	For other Bloomberg coverage, see Bloomberg.xml.
+
+
+	Note: platform is so as not to increase non-Tor
+	distinguishability, given that no pages are covered
+	and no mixed content secured.
+
+-->
+<ruleset name="Bbthat.com" platform="mixedcontent">
+
+	<target host="www.bbthat.com" />
+
+		<!--	$ 404s,so:
+					-->
+		<test url="http://www.bbthat.com/assets/v1.2.1/that.css" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/bcebos.com.xml b/src/chrome/content/rules/bcebos.com.xml
new file mode 100644
index 000000000000..559982fbbdde
--- /dev/null
+++ b/src/chrome/content/rules/bcebos.com.xml
@@ -0,0 +1,80 @@
+<!--
+	For other Baidu coverage, see Baidu.xml
+-->
+<ruleset name="bcebos.com">
+	<target host="bj.bcebos.com" />
+	<target host="*.bj.bcebos.com" />
+		<test url="http://51yeya.bj.bcebos.com/" />
+		<test url="http://agua.bj.bcebos.com/" />
+		<test url="http://ananzu.bj.bcebos.com/" />
+		<test url="http://api-user.bj.bcebos.com/" />
+		<test url="http://app-master.bj.bcebos.com/" />
+		<test url="http://avxyun.bj.bcebos.com/" />
+		<test url="http://baiduquhua.bj.bcebos.com/" />
+		<test url="http://bbpose.bj.bcebos.com/" />
+		<test url="http://bjlkhssy.bj.bcebos.com/" />
+		<test url="http://broadcast-test.bj.bcebos.com/" />
+		<test url="http://bucket-cqgsdb.bj.bcebos.com/" />
+		<test url="http://calendar.bj.bcebos.com/img/icon_shwnl.png" />
+		<test url="http://campaign.bj.bcebos.com/" />
+		<test url="http://cdlkhssy.bj.bcebos.com/" />
+		<test url="http://cfnetdoc.bj.bcebos.com/" />
+		<test url="http://cips-upload.bj.bcebos.com/" />
+		<test url="http://configbucket.bj.bcebos.com/" />
+		<test url="http://dayzsa-gavinz.bj.bcebos.com/" />
+		<test url="http://dlyun.bj.bcebos.com/" />
+		<test url="http://donatebucket.bj.bcebos.com/" />
+		<test url="http://faceu-andriod.bj.bcebos.com/" />
+		<test url="http://game345.bj.bcebos.com/" />
+		<test url="http://gaojiban.bj.bcebos.com/" />
+		<test url="http://gglkhssy.bj.bcebos.com/" />
+		<test url="http://gpsolution.bj.bcebos.com/" />
+		<test url="http://gzlkhssy.bj.bcebos.com/" />
+		<test url="http://gzunicom.bj.bcebos.com/" />
+		<test url="http://hslkhssy.bj.bcebos.com/" />
+		<test url="http://hxqc-home.bj.bcebos.com/" />
+		<test url="http://hzlkhssy.bj.bcebos.com/" />
+		<test url="http://ifontbucket.bj.bcebos.com/" />
+		<test url="http://imepm.bj.bcebos.com/" />
+		<test url="http://ioracle.bj.bcebos.com/" />
+		<test url="http://ios122.bj.bcebos.com/" />
+		<test url="http://lovevideo.bj.bcebos.com/" />
+		<test url="http://material-star-pic.bj.bcebos.com/" />
+		<test url="http://media-sdk.bj.bcebos.com/" />
+		<test url="http://middlepicture.bj.bcebos.com/" />
+		<test url="http://myapp1003.bj.bcebos.com/" />
+		<test url="http://myapp92.bj.bcebos.com/" />
+		<test url="http://myyyzxw.bj.bcebos.com/" />
+		<test url="http://nodelete.bj.bcebos.com/" />
+		<test url="http://opapp.bj.bcebos.com/" />
+		<test url="http://pushdater.bj.bcebos.com/" />
+		<test url="http://qngw2014.bj.bcebos.com/" />
+		<test url="http://safe.bj.bcebos.com/" />
+		<test url="http://safepage.bj.bcebos.com/" />
+		<test url="http://seconedproduct.bj.bcebos.com/" />
+		<test url="http://shareyx.bj.bcebos.com/" />
+		<test url="http://szlkhssy.bj.bcebos.com/" />
+		<test url="http://tbf-static.bj.bcebos.com/" />
+		<test url="http://thumb-bdl.bj.bcebos.com/upload/570381c323492.jpg" />
+		<test url="http://truedian-js.bj.bcebos.com/" />
+		<test url="http://tusou-material-pic.bj.bcebos.com/" />
+		<test url="http://tusou-material-pts.bj.bcebos.com/" />
+		<test url="http://umu-cn.bj.bcebos.com/" />
+		<test url="http://umu-en.bj.bcebos.com/" />
+		<test url="http://vv84.bj.bcebos.com/" />
+		<test url="http://woaap.bj.bcebos.com/" />
+		<test url="http://wordonline.bj.bcebos.com/" />
+		<test url="http://xinyutang.bj.bcebos.com/" />
+		<test url="http://zhanzhang.bj.bcebos.com/files/079961481262962.png" />
+		<test url="http://ziguanchanpin.bj.bcebos.com/" />
+		<test url="http://zone.bj.bcebos.com/" />
+		<test url="http://zsjypt.bj.bcebos.com/" />
+
+	<target host="gz.bcebos.com" />
+	<target host="*.gz.bcebos.com" />
+		<test url="http://yezhuanke.gz.bcebos.com/" />
+
+	<securecookie host="^\w" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/bdip.org.uk.xml b/src/chrome/content/rules/bdip.org.uk.xml
new file mode 100644
index 000000000000..ec6e05a0ea97
--- /dev/null
+++ b/src/chrome/content/rules/bdip.org.uk.xml
@@ -0,0 +1,24 @@
+<!--
+	Bradford District Infrastructure Partnership
+
+
+	(www.)?bdip.org.uk: Shows default page
+
+
+	These altnames do not exist:
+
+		- www.data.bdip.org.uk
+
+-->
+<ruleset name="BDIP.org.uk (partial)">
+
+	<target host="data.bdip.org.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/bdstatic.com.xml b/src/chrome/content/rules/bdstatic.com.xml
new file mode 100644
index 000000000000..1c79221392d2
--- /dev/null
+++ b/src/chrome/content/rules/bdstatic.com.xml
@@ -0,0 +1,96 @@
+<!--
+	For other Baidu coverage, see Baidu.xml.
+
+	405 in China only:
+		ns0.bdstatic.com	https://ns0.bdstatic.com/static/fisp_static/common/lib/mod_b818356.js
+		ns1.bdstatic.com	https://ns1.bdstatic.com/static/fisp_static/focustop/focustop/focustop_a273719.css
+
+	MCB:
+		ns2.bdstatic.com/$
+
+	Dropped:
+		- mu[5-7].bdstatic.com
+-->
+<ruleset name="bdstatic.com">
+	<target host="gss0.bdstatic.com" />
+	<target host="gss1.bdstatic.com" />
+	<target host="gss2.bdstatic.com" />
+	<target host="gss3.bdstatic.com" />
+
+	<target host="img0.bdstatic.com" />
+	<target host="img1.bdstatic.com" />
+	<target host="img2.bdstatic.com" />
+	<target host="img3.bdstatic.com" />
+	<target host="img4.bdstatic.com" />
+	<target host="img5.bdstatic.com" />
+	<target host="img6.bdstatic.com" />
+	<target host="img7.bdstatic.com" />
+
+	<target host="imgt0.bdstatic.com" />
+	<target host="imgt1.bdstatic.com" />
+	<target host="imgt2.bdstatic.com" />
+	<target host="imgt3.bdstatic.com" />
+	<target host="imgt4.bdstatic.com" />
+	<target host="imgt5.bdstatic.com" />
+	<target host="imgt6.bdstatic.com" />
+	<target host="imgt7.bdstatic.com" />
+	<target host="imgt8.bdstatic.com" />
+	<target host="imgt9.bdstatic.com" />
+
+	<target host="sjws.bdstatic.com" />
+
+	<target host="ss0.bdstatic.com" />
+	<target host="ss1.bdstatic.com" />
+	<target host="ss2.bdstatic.com" />
+	<target host="ss3.bdstatic.com" />
+	<target host="tb1.bdstatic.com" />
+	<target host="tb2.bdstatic.com" />
+
+	<target host="vs5.bdstatic.com" />
+	<target host="vs6.bdstatic.com" />
+
+	<target host="zz.bdstatic.com" />
+
+		<test url="http://gss0.bdstatic.com/8r1VfDn-KggZnd_b8IqT0jB-xx1xbK/static/common/img/iot/arrow-down_3d94809.png" />
+		<test url="http://gss1.bdstatic.com/5bxXsj_p_tVS5dKfpU_Y_D3/resource/game-fe-common/img/line.fdcbe44.jpg" />
+		<test url="http://gss2.bdstatic.com/5bVYsj_p_tVS5dKfpU_Y_D3/data/d3c01e32e514c8683f2b38f1468d531c" />
+		<test url="http://gss3.bdstatic.com/5bVZsj_p_tVS5dKfpU_Y_D3/data/64b9d5e5c8590de916c2c13f26873734" />
+		<test url="http://imgt1.bdstatic.com/it/u=808014301,2814684564$amp;fm=116$amp;gp=0.jpg" />
+		<test url="http://sjws.bdstatic.com/static/official_pc/js/skrollr.min_a085946.js" />
+		<test url="http://ss0.bdstatic.com/7Ls0a8Sm1A5BphGlnYG/sys/portrait/item/fd451028.jpg" />
+		<test url="http://tb1.bdstatic.com/??/tb/_/index_2592ba7.css,/tb/_/search_2e2269a.css" />
+		<test url="http://tb2.bdstatic.com/tb/img/search_sp_06cf7d9.png" />
+		<test url="http://tb2.bdstatic.com/tb/editor/images/face/i_f25.png" />
+		<test url="http://vs5.bdstatic.com/browse_static/v3/common/pkg/common_ui_video_d23e9ca8.css" />
+		<test url="http://vs6.bdstatic.com/browse_static/v3/index/widget/video/newsSquareTags/up_to_news_ctrl_0824d3b.gif" />
+		<test url="http://zz.bdstatic.com/linksubmit/push.js" />
+
+	<target host="ns0.bdstatic.com" />
+	<target host="ns1.bdstatic.com" />
+	<target host="ns2.bdstatic.com" />
+	<rule from="^http://ns(0|1|2)\.bdstatic\.com/"
+		to="https://news.baidu.com/" />
+		<test url="http://ns0.bdstatic.com/static/fisp_static/common/lib/mod_b818356.js" />
+		<test url="http://ns1.bdstatic.com/static/fisp_static/focustop/focustop/focustop_a273719.css" />
+
+	<target host="mu5.bdstatic.com" />
+	<target host="mu6.bdstatic.com" />
+	<target host="mu7.bdstatic.com" />
+	<exclusion pattern="^http://mu(5|6|7)\.bdstatic\.com/$" />
+	<exclusion pattern="^http://mu(5|6|7)\.bdstatic\.com/static/(c|j)/" />
+		<test url="http://mu5.bdstatic.com/static/c/zndiKl7e.css" />
+		<test url="http://mu6.bdstatic.com/static/c/QKhcAdOu.css" />
+		<test url="http://mu7.bdstatic.com/static/c/HuyrvG9A.css" />
+		<test url="http://mu5.bdstatic.com/static/j/HKNqHJco.js" />
+		<test url="http://mu6.bdstatic.com/static/j/sAryeYkW.js" />
+		<test url="http://mu7.bdstatic.com/static/j/kAhNHSvY.js" />
+	<rule from="^http://mu(5|6|7)\.bdstatic\.com/static/images/"
+		to="https://music.baidu.com/static/images/" />
+		<test url="http://mu5.bdstatic.com/static/images/page/index/icon-mbox.png" />
+		<test url="http://mu6.bdstatic.com/static/images/daoliu/QR.png" />
+		<test url="http://mu7.bdstatic.com/static/images/bg/ad-btn-close.png" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/beabloo.com.xml b/src/chrome/content/rules/beabloo.com.xml
new file mode 100644
index 000000000000..32934f6dc76d
--- /dev/null
+++ b/src/chrome/content/rules/beabloo.com.xml
@@ -0,0 +1,35 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- beabloo.com
+		- media.beabloo.com
+		- www.beabloo.com
+
+
+	Mixed content:
+
+		- Images in (www.)? from www.beabloo.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Beabloo.com">
+
+	<target host="beabloo.com" />
+	<target host="media.beabloo.com" />
+	<target host="www.beabloo.com" />
+
+		<test url="http://media.beabloo.com/engine2/attachment/1453365940315/o/325/160" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:media\.|www\.)?beabloo\.com$" name="^JSESSIONID$$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/beauftragte-neue-laender.de.xml b/src/chrome/content/rules/beauftragte-neue-laender.de.xml
new file mode 100644
index 000000000000..85207b07b8e9
--- /dev/null
+++ b/src/chrome/content/rules/beauftragte-neue-laender.de.xml
@@ -0,0 +1,15 @@
+<ruleset name="Die Beauftragte der Bundesregierung für die neuen Bundesländer">
+
+	<target host="beauftragte-neue-laender.de" />
+	<target host="www.beauftragte-neue-laender.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<!-- Invalid certificate on https://beauftragte-neue-laender.de/,
+	http://beauftragte-neue-laender.de/ redirects to http://www.beauftragte-neue-laender.de/ -->
+	<rule from="^http://beauftragte-neue-laender\.de/"
+		to="https://www.beauftragte-neue-laender.de/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/bedford.gov.uk.xml b/src/chrome/content/rules/bedford.gov.uk.xml
new file mode 100644
index 000000000000..a147ed3e5e9b
--- /dev/null
+++ b/src/chrome/content/rules/bedford.gov.uk.xml
@@ -0,0 +1,96 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.athleticstadium.bedford.gov.uk/default.aspx => https://www.bedford.gov.uk/leisure_and_culture/leisure_and_fitness_facilities/athletic_stadium.aspx: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://robinsonpool.bedford.gov.uk/ => https://robinsonpool.bedford.gov.uk/: (6, 'Could not resolve host: robinsonpool.bedford.gov.uk')
+Fetch error: http://www.athleticstadium.bedford.gov.uk/ => https://www.bedford.gov.uk/leisure_and_culture/leisure_and_fitness_facilities/athletic_stadium.aspx: (28, 'Connection timed out after 20001 milliseconds')
+
+	Bedford Borough Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *bedford.gov.uk:
+
+		- apps ³
+		- bedsarchivescat ³
+		- cleanstreets ᶠ
+		- www.councillorsupport ³
+		- edrms ³
+		- www.forms ³
+		- www.higgins ³
+
+	³ 403
+	ᶠ Handshake fails
+
+
+	Problematic hosts in *bedford.gov.uk:
+
+		- www.athleticstadium ³
+		- www.robinsonpool ³
+
+	³ 403
+
+
+	Insecure cookies are set for these hosts:
+
+		- parking.bedford.gov.uk
+
+
+	Mixed content:
+
+		- Images on ^ from www.bedford.gov.uk ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="Bedford.gov.uk (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="bedford.gov.uk" />
+	<target host="bcex.bedford.gov.uk" />
+	<target host="bereavement.bedford.gov.uk" />
+	<target host="earlyhelp.bedford.gov.uk" />
+	<target host="parking.bedford.gov.uk" />
+	<target host="robinsonpool.bedford.gov.uk" />
+	<target host="sendguide.bedford.gov.uk" />
+	<target host="www.bedford.gov.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="www.athleticstadium.bedford.gov.uk" />
+	<target host="www.robinsonpool.bedford.gov.uk" />
+
+		<!--test url="http://bereavement.bedford.gov.uk/BACASBookingsUI/" /-->
+
+		<!--	403:
+				-->
+		<!--test url="http://edrms.bedford.gov.uk/planningbrowse.aspx" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^parking\.bedford\.gov\.uk$" name="^ASPSESSID[A-Z]{8}$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<!--	Redirect drops forward slash, path, and args:
+								-->
+	<rule from="^http://www\.athleticstadium\.bedford\.gov\.uk/.*"
+		to="https://www.bedford.gov.uk/leisure_and_culture/leisure_and_fitness_facilities/athletic_stadium.aspx" />
+
+		<test url="http://www.athleticstadium.bedford.gov.uk/default.aspx" />
+
+	<!--	Redirect drops forward slash, path, and args:
+								-->
+	<rule from="^http://www\.robinsonpool\.bedford\.gov\.uk/.*"
+		to="https://www.bedford.gov.uk/leisure_and_culture/leisure_and_fitness_facilities/swimming_pools/robinson_pool.aspx" />
+
+		<test url="http://www.robinsonpool.bedford.gov.uk/default.aspx" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/bedfordcornexchange.co.uk.xml b/src/chrome/content/rules/bedfordcornexchange.co.uk.xml
new file mode 100644
index 000000000000..6f11da674c6d
--- /dev/null
+++ b/src/chrome/content/rules/bedfordcornexchange.co.uk.xml
@@ -0,0 +1,17 @@
+<!--
+	For other UK government coverage, see GOV.UK.xml.
+
+-->
+<ruleset name="Bedford Corn Exchange.co.uk">
+
+	<target host="bedfordcornexchange.co.uk" />
+	<target host="www.bedfordcornexchange.co.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/beej.us.xml b/src/chrome/content/rules/beej.us.xml
new file mode 100644
index 000000000000..8960863239f9
--- /dev/null
+++ b/src/chrome/content/rules/beej.us.xml
@@ -0,0 +1,13 @@
+<ruleset name="Beej.us">
+
+	<target host="beej.us" />
+	<target host="www.beej.us" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/beeline.kz.xml b/src/chrome/content/rules/beeline.kz.xml
new file mode 100644
index 000000000000..1205652adf42
--- /dev/null
+++ b/src/chrome/content/rules/beeline.kz.xml
@@ -0,0 +1,129 @@
+<!--
+al-mqa-portal.beeline.kz ⁴
+app.beeline.kz non-2xx http code
+astro.beeline.kz ¹
+b2b.beeline.kz non-2xx http code
+b2bshop.beeline.kz ³
+b2c.beeline.kz non-2xx http code
+beeport.beeline.kz ⁷
+book.beeline.kz ¹
+dealer.beeline.kz ⁴
+dialin.beeline.kz different content
+dncaps2.beeline.kz ³
+dosmobile1.beeline.kz non-2xx http code
+engster.beeline.kz ⁴
+fitness.beeline.kz ²
+fmc.beeline.kz ³
+football.beeline.kz ¹
+game.beeline.kz ²
+gb.beeline.kz ³
+apps.in.beeline.kz different content
+www.internet.beeline.kz ¹
+internet1.beeline.kz non-2xx http code
+iphone.beeline.kz ³
+kids.beeline.kz ²
+landing.beeline.kz ³
+lang.beeline.kz ⁴
+like.beeline.kz ¹
+link.beeline.kz ¹
+love.beeline.kz ¹
+lync.beeline.kz ³
+lyncav.beeline.kz ³
+lyncconf.beeline.kz ³
+m.beeline.kz ¹
+m2m.beeline.kz non-2xx http code
+magent.beeline.kz non-2xx http code
+mailrelay1.beeline.kz ³
+mailrelay2.beeline.kz ³
+mailrelay3.beeline.kz ³
+mailrelay4.beeline.kz ³
+map.beeline.kz ³
+meet.beeline.kz different content
+mms.beeline.kz ³
+mmsc.beeline.kz ³
+molniya.beeline.kz ²
+mqa.beeline.kz ³
+music.beeline.kz ²
+navigator.beeline.kz non-2xx http code
+navsegda.beeline.kz ⁵
+newsite.beeline.kz ²
+nomer.beeline.kz ²
+nomertest.beeline.kz ²
+ns.beeline.kz ³
+ns2.beeline.kz ³
+numbertype.beeline.kz non-2xx http code
+odp.beeline.kz ³
+odptest.beeline.kz ³
+ota.beeline.kz ³
+pay.beeline.kz ⁵
+b2b.ple.beeline.kz ¹
+podarok.beeline.kz ⁴
+pokemongo.beeline.kz ⁵
+post.beeline.kz ⁴
+provod.beeline.kz non-2xx http code
+q.beeline.kz non-2xx http code
+static.qnt.beeline.kz ¹
+redirect.beeline.kz ³
+sip.beeline.kz ⁷
+smmsapp.beeline.kz ³
+sms.beeline.kz ⁴
+sso.beeline.kz ²
+star.beeline.kz ⁴
+static.beeline.kz ³
+b2c.sts.beeline.kz ²
+targetapp.beeline.kz ⁴
+trust.beeline.kz ⁴
+video.beeline.kz ¹
+voip.beeline.kz ³
+vpngate.beeline.kz ⁴
+wap.beeline.kz ³
+wapery.beeline.kz non-2xx http code
+webdol.beeline.kz ⁴
+webmail.beeline.kz ⁴
+webmail1.beeline.kz ⁷
+wfm.beeline.kz ³
+www1.beeline.kz non-2xx http code
+
+
+¹ mismatch
+² refused
+³ timed out
+⁴ self signed
+⁵ expired
+⁷ protocol error
+-->
+<ruleset name="beeline.kz">
+	<target host="beeline.kz" />
+	<target host="www.beeline.kz" />
+	<target host="4g.beeline.kz" />
+	<target host="b2bnew.beeline.kz" />
+	<target host="beemail.beeline.kz" />
+	<target host="cswebapp.beeline.kz" />
+	<target host="dummy.beeline.kz" />
+	<target host="fix.beeline.kz" />
+	<target host="forum.beeline.kz" />
+	<target host="help.beeline.kz" />
+	<target host="hidden.beeline.kz" />
+	<target host="in.beeline.kz" />
+	<target host="internet.beeline.kz" />
+	<target host="my.internet.beeline.kz" />
+	<target host="internetbeta.beeline.kz" />
+	<target host="loan.beeline.kz" />
+	<target host="mix.beeline.kz" />
+	<target host="money.beeline.kz" />
+	<target host="my.beeline.kz" />
+	<target host="nano.beeline.kz" />
+	<target host="old.beeline.kz" />
+	<target host="oplata.beeline.kz" />
+	<target host="partners.beeline.kz" />
+	<target host="qiwi.beeline.kz" />
+	<target host="qnt.beeline.kz" />
+	<target host="safe.beeline.kz" />
+	<target host="statical.beeline.kz" />
+	<target host="suz.beeline.kz" />
+	<target host="uslugi.beeline.kz" />
+	<target host="vip.beeline.kz" />
+	<target host="webapp.beeline.kz" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/beersofeurope.co.uk.xml b/src/chrome/content/rules/beersofeurope.co.uk.xml
new file mode 100644
index 000000000000..ea414ea327bd
--- /dev/null
+++ b/src/chrome/content/rules/beersofeurope.co.uk.xml
@@ -0,0 +1,4 @@
+<ruleset name="Beers of Europe" platform="mixedcontent">
+  <target host="www.beersofeurope.co.uk" />
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/beget.com.xml b/src/chrome/content/rules/beget.com.xml
new file mode 100644
index 000000000000..af2fdfc71540
--- /dev/null
+++ b/src/chrome/content/rules/beget.com.xml
@@ -0,0 +1,150 @@
+<!--
+m2.astral.beget.com ²
+m1.buran6.beget.com ¹
+www.cp.beget.com ¹
+m1.cp2.beget.com ¹
+m1.dobby2.beget.com ¹
+m1.dock1.beget.com ¹
+m1.dock2.beget.com ¹
+m2.dock2.beget.com ²
+m1.dock3.beget.com ¹
+m1.dock4.beget.com ¹
+m1.doom1.beget.com ¹
+m2.doom1.beget.com ²
+m1.doom2.beget.com ¹
+m2.doom2.beget.com ²
+m1.doom3.beget.com ¹
+m1.doom4.beget.com ¹
+m2.doom4.beget.com ²
+m2.dozor2.beget.com ²
+m2.dozor4.beget.com ²
+enterprise.beget.com ³
+m1.enterprise.beget.com ³
+m1.everest1.beget.com ¹
+m1.everest2.beget.com ¹
+m1.everest3.beget.com ¹
+m1.falcon11.beget.com ¹
+apache.falcon12.beget.com ¹
+m1.falcon9.beget.com ¹
+m1.free1.beget.com ¹
+m2.free1.beget.com ²
+m1.free10.beget.com ¹
+m1.free11.beget.com ²
+m1.free12.beget.com ¹
+m1.free13.beget.com ¹
+m1.free14.beget.com ¹
+m1.free2.beget.com ¹
+m2.free2.beget.com ²
+free5.beget.com ³
+m1.free5.beget.com ³
+free6.beget.com ³
+free8.beget.com ³
+m1.free8.beget.com ³
+m1.free9.beget.com ¹
+m1.fuar10.beget.com ¹
+m1.fuar11.beget.com ¹
+m1.fuar12.beget.com ¹
+m1.fuar5.beget.com ¹
+m1.fuar7.beget.com ¹
+m1.fuar8.beget.com ¹
+m1.fuar9.beget.com ¹
+m1.grey1k.beget.com ¹
+m1.hopper.beget.com ¹
+m2.hopper.beget.com ²
+imap.beget.com ³
+m1.joker3.beget.com ¹
+m1.kassini10.beget.com ¹
+m1.kassini12.beget.com ¹
+kassini3.beget.com ³
+m1.kassini3.beget.com ³
+m1.kassini5.beget.com ¹
+m1.kassini6.beget.com ¹
+kassini7.beget.com ³
+m1.kassini7.beget.com ³
+m1.klipper.beget.com ¹
+m2.klipper.beget.com ²
+m1.mail2.beget.com ³
+m1.mailnode8.beget.com ¹
+m1.mir.beget.com ¹
+mx1.beget.com ³
+mx2.beget.com ³
+mx5.beget.com ²
+ns1.beget.com ³
+ns2.beget.com ³
+m2.oscar1.beget.com ²
+m2.oscar3.beget.com ²
+m2.pacman.beget.com ²
+m2.quake3.beget.com ²
+m2.rauf1.beget.com ²
+m2.rio.beget.com ²
+smtp.beget.com ³
+ssl.zeus.beget.com ⁵
+
+
+¹ mismatch
+² refused
+³ timed out
+⁵ expired
+-->
+<ruleset name="beget.com">
+	<target host="beget.com" />
+	<target host="www.beget.com" />
+	<target host="api.beget.com" />
+	<target host="auth.beget.com" />
+	<target host="bane.beget.com" />
+	<target host="buran6.beget.com" />
+	<target host="call.beget.com" />
+	<target host="check.beget.com" />
+	<target host="cp.beget.com" />
+	<target host="cp2.beget.com" />
+	<target host="dobby2.beget.com" />
+	<target host="dock1.beget.com" />
+	<target host="dock2.beget.com" />
+	<target host="dock3.beget.com" />
+	<target host="dock4.beget.com" />
+	<target host="doom1.beget.com" />
+	<target host="doom2.beget.com" />
+	<target host="doom3.beget.com" />
+	<target host="doom4.beget.com" />
+	<target host="everest1.beget.com" />
+	<target host="everest2.beget.com" />
+	<target host="everest3.beget.com" />
+	<target host="falcon11.beget.com" />
+	<target host="falcon12.beget.com" />
+	<target host="falcon9.beget.com" />
+	<target host="free.beget.com" />
+	<target host="free1.beget.com" />
+	<target host="free10.beget.com" />
+	<target host="free11.beget.com" />
+	<target host="free12.beget.com" />
+	<target host="free13.beget.com" />
+	<target host="free14.beget.com" />
+	<target host="free2.beget.com" />
+	<target host="free9.beget.com" />
+	<target host="fuar10.beget.com" />
+	<target host="fuar11.beget.com" />
+	<target host="fuar12.beget.com" />
+	<target host="fuar5.beget.com" />
+	<target host="fuar7.beget.com" />
+	<target host="fuar8.beget.com" />
+	<target host="fuar9.beget.com" />
+	<target host="grey1k.beget.com" />
+	<target host="hopper.beget.com" />
+	<target host="ikarus2.beget.com" />
+	<target host="joker3.beget.com" />
+	<target host="kassini10.beget.com" />
+	<target host="kassini12.beget.com" />
+	<target host="kassini5.beget.com" />
+	<target host="kassini6.beget.com" />
+	<target host="klipper.beget.com" />
+	<target host="oscar4.beget.com" />
+	<target host="rauf1.beget.com" />
+	<target host="rayman.beget.com" />
+	<target host="sprutio.beget.com" />
+	<target host="vpul.beget.com" />
+	<target host="webmail.beget.com" />
+	<target host="webmail2.beget.com" />
+	<target host="webmail5.beget.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/behindertenbeauftragte.de.xml b/src/chrome/content/rules/behindertenbeauftragte.de.xml
new file mode 100644
index 000000000000..72c7727683d8
--- /dev/null
+++ b/src/chrome/content/rules/behindertenbeauftragte.de.xml
@@ -0,0 +1,20 @@
+<!--
+	Timeout:
+		alle-inklusive.behindertenbeauftragte.de
+		www.alle-inklusive.behindertenbeauftragte.de
+-->
+<ruleset name="behindertenbeauftragte.de">
+
+	<target host="behindertenbeauftragte.de" />
+	<target host="www.behindertenbeauftragte.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<!-- Invalid certificate on https://behindertenbeauftragte.de/,
+	http://behindertenbeauftragte.de/ redirects to http://www.behindertenbeauftragte.de/ -->
+	<rule from="^http://behindertenbeauftragte\.de/"
+		to="https://www.behindertenbeauftragte.de/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/behindthename.com.xml b/src/chrome/content/rules/behindthename.com.xml
new file mode 100644
index 000000000000..4cfc56f2414e
--- /dev/null
+++ b/src/chrome/content/rules/behindthename.com.xml
@@ -0,0 +1,16 @@
+<!--
+Invalid certificate:
+	given.behindthename.com
+	mail.behindthename.com
+-->
+<ruleset name="behindthename.com">
+	<target host="behindthename.com"/>
+	<target host="www.behindthename.com"/>
+	<target host="given.behindthename.com"/>
+	<target host="mail.behindthename.com"/>
+	<target host="places.behindthename.com"/>
+	<target host="surnames.behindthename.com"/>
+
+	<rule from="^http://(given|mail)\.behindthename\.com/" to="https://www.behindthename.com/"/>
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/beiersdorf.com.xml b/src/chrome/content/rules/beiersdorf.com.xml
new file mode 100644
index 000000000000..b604ba6c9aa2
--- /dev/null
+++ b/src/chrome/content/rules/beiersdorf.com.xml
@@ -0,0 +1,57 @@
+<!--
+301 Moved Permanently:
+	assets.beiersdorf.com
+
+Different content:
+	ext.beiersdorf.com
+
+Invalid certificate:
+	www.annualreport.beiersdorf.com
+	www.annualreport2014.beiersdorf.com
+	www.annualreport2015.beiersdorf.com
+	www.annualreport2016.beiersdorf.com
+	www.bss.beiersdorf.com
+	www.interimreport2014-q1.beiersdorf.com
+	www.interimreport2014-q2.beiersdorf.com
+	www.interimreport2014-q3.beiersdorf.com
+	www.interimreport2015-q1.beiersdorf.com
+	www.interimreport2015-q2.beiersdorf.com
+	www.interimreport2015-q3.beiersdorf.com
+	www.interimreport2016-q2.beiersdorf.com
+
+Refused connection:
+	trusted-pearlfinder.beiersdorf.com
+
+Timeout:
+ 	www.annualreport2010.beiersdorf.com
+	www.annualreport2011.beiersdorf.com
+	www.annualreport2012.beiersdorf.com
+	www.annualreport2013.beiersdorf.com
+	www.interimreport-old.beiersdorf.com
+	x-mas-ecard.beiersdorf.com
+	zbericht.beiersdorf.com
+-->
+<ruleset name="beiersdorf.com">
+	<target host="beiersdorf.com" />
+	<target host="www.beiersdorf.com" />
+	<target host="acios.beiersdorf.com" />
+	<target host="www.bss.beiersdorf.com" />
+	<target host="characterslibrary.beiersdorf.com" />
+	<target host="designmanual.beiersdorf.com" />
+	<target host="ebm.beiersdorf.com" />
+	<target host="essentials.beiersdorf.com" />
+	<target host="mam.beiersdorf.com" />
+	<target host="marketplace.beiersdorf.com" />
+	<target host="mbluenet.beiersdorf.com" />
+	<target host="microscopy.beiersdorf.com" />
+	<target host="mobile.beiersdorf.com" />
+	<target host="prp.beiersdorf.com" />
+	<target host="securedrive.beiersdorf.com" />
+	<target host="support.beiersdorf.com" />
+	<target host="terminal.beiersdorf.com" />
+	<target host="trusted-pearlfinders.beiersdorf.com" />
+	<target host="tsgw.beiersdorf.com" />
+
+	<rule from="^http://www\.bss\.beiersdorf\.com/" to="https://beiersdorf.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/belaruspartisan.org.xml b/src/chrome/content/rules/belaruspartisan.org.xml
new file mode 100644
index 000000000000..a6cc8409ef2d
--- /dev/null
+++ b/src/chrome/content/rules/belaruspartisan.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="belaruspartisan.org">
+	<target host="belaruspartisan.org" />
+	<target host="www.belaruspartisan.org" />
+	<target host="blog.belaruspartisan.org" />
+	<target host="club.belaruspartisan.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/belaruswith.me.xml b/src/chrome/content/rules/belaruswith.me.xml
new file mode 100644
index 000000000000..24aa2c709d91
--- /dev/null
+++ b/src/chrome/content/rules/belaruswith.me.xml
@@ -0,0 +1,6 @@
+<ruleset name="belaruswith.me">
+    <target host="belaruswith.me" />
+    <target host="www.belaruswith.me" />
+
+    <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/bell-cranel.net.xml b/src/chrome/content/rules/bell-cranel.net.xml
new file mode 100644
index 000000000000..140ab2f31780
--- /dev/null
+++ b/src/chrome/content/rules/bell-cranel.net.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- bell-cranel.net
+		- www.bell-cranel.net
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Bell-Cranel.net">
+
+	<target host="bell-cranel.net" />
+	<target host="www.bell-cranel.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?bell-cranel\.net$" name="^cluster\d+(?:BAK)?$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/bellewaerde.be.xml b/src/chrome/content/rules/bellewaerde.be.xml
new file mode 100644
index 000000000000..c2ef19332c4e
--- /dev/null
+++ b/src/chrome/content/rules/bellewaerde.be.xml
@@ -0,0 +1,22 @@
+<!--
+	Timeout:
+		autodiscover.bellewaerde.be
+		baby.bellewaerde.be
+-->
+<ruleset name="Bellewaerde.be">
+
+	<target host="bellewaerde.be" />
+	<target host="www.bellewaerde.be" />
+	<target host="personeel.bellewaerde.be" />
+	<target host="tickets.bellewaerde.be" />
+
+	<securecookie host=".+" name=".+" />
+
+	<!-- Incomplete cert chain on https://bellewaerde.be/,
+		http://bellewaerde.be/ redirects to http://www.bellewaerde.be/ -->
+	<rule from="^http://bellewaerde\.be/"
+		to="https://www.bellewaerde.be/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/bellewaerdefun.be.xml b/src/chrome/content/rules/bellewaerdefun.be.xml
new file mode 100644
index 000000000000..9a38ae588e21
--- /dev/null
+++ b/src/chrome/content/rules/bellewaerdefun.be.xml
@@ -0,0 +1,12 @@
+<ruleset name="BellewaerdeFun.be">
+
+	<target host="bellewaerdefun.be" />
+	<target host="www.bellewaerdefun.be" />
+	<target host="html.bellewaerdefun.be" />
+	<target host="staging.bellewaerdefun.be" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/belregion.ru.xml b/src/chrome/content/rules/belregion.ru.xml
new file mode 100644
index 000000000000..86d960f85e62
--- /dev/null
+++ b/src/chrome/content/rules/belregion.ru.xml
@@ -0,0 +1,48 @@
+<!--
+bif.belregion.ru ⁴
+ferma.belregion.ru ⁴
+hunter.belregion.ru ²
+mx01.belregion.ru ⁴
+ns.belregion.ru ⁴
+old.belregion.ru ¹
+zhkh.pbo.belregion.ru ²
+pm.belregion.ru ²
+pop.belregion.ru ⁴
+prpresident.belregion.ru ³
+smev.belregion.ru ²
+smpov.belregion.ru ²
+smtp.belregion.ru ⁴
+so.belregion.ru ⁴
+ssc.belregion.ru ⁷
+uc.belregion.ru ³
+ucbo.belregion.ru/: (35, 'error:14092105:SSL routines:ssl3_get_server_hello:wrong cipher returned')
+video-blog.belregion.ru ³
+videoblog.belregion.ru ³
+voprosadmin.belregion.ru ¹
+w1.belregion.ru ⁴
+
+
+¹ mismatch
+² refused
+³ timed out
+⁴ self signed
+⁷ protocol error
+-->
+<ruleset name="belregion.ru">
+	<target host="belregion.ru" />
+	<target host="www.belregion.ru" />
+	<target host="data.belregion.ru" />
+	<target host="iap.belregion.ru" />
+	<target host="ias.belregion.ru" />
+	<target host="iasadmin.belregion.ru" />
+	<target host="ocenka.belregion.ru" />
+	<target host="pbo.belregion.ru" />
+	<target host="pda.pbo.belregion.ru" />
+	<target host="rk.belregion.ru" />
+	<target host="www.rk.belregion.ru" />
+	<target host="vopros.belregion.ru" />
+	<target host="zakon.belregion.ru" />
+	<target host="www.zakon.belregion.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/benchmarkjs.com.xml b/src/chrome/content/rules/benchmarkjs.com.xml
new file mode 100644
index 000000000000..a191dbcc2d82
--- /dev/null
+++ b/src/chrome/content/rules/benchmarkjs.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="benchmarkjs.com">
+	<target host="benchmarkjs.com" />
+	<target host="www.benchmarkjs.com" />
+	<rule from="^http:" to="https:" />
+	<securecookie host="^benchmarkjs\.com$" name=".+" />
+</ruleset>
diff --git a/src/chrome/content/rules/benj.cloud.xml b/src/chrome/content/rules/benj.cloud.xml
new file mode 100644
index 000000000000..e1d9d5e46952
--- /dev/null
+++ b/src/chrome/content/rules/benj.cloud.xml
@@ -0,0 +1,8 @@
+<ruleset name="benj.cloud">
+	<target host="benj.cloud" />
+	<target host="office.benj.cloud" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/bepixelung.org.xml b/src/chrome/content/rules/bepixelung.org.xml
new file mode 100644
index 000000000000..3a9bddaf0c9e
--- /dev/null
+++ b/src/chrome/content/rules/bepixelung.org.xml
@@ -0,0 +1,28 @@
+<!--
+	For other Preisvergleich Internet Services coverage, see Preisvergleich-Internet-Services.xml.
+
+
+	Insecure cookies are set for these domains: ᶜ
+
+		- .bepixelung.org
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="bepixelung.org">
+
+	<target host="bepixelung.org" />
+	<target host="www.bepixelung.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.bepixelung\.org$" name="^CGISESSID$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/bescha.bund.de.xml b/src/chrome/content/rules/bescha.bund.de.xml
new file mode 100644
index 000000000000..f7e19bbb566b
--- /dev/null
+++ b/src/chrome/content/rules/bescha.bund.de.xml
@@ -0,0 +1,18 @@
+<!--
+	For other bund.de coverages, see Verwaltung_Online.xml.
+-->
+<ruleset name="Beschaffungsamt des Bundesministeriums des Innern">
+
+	<target host="bescha.bund.de" />
+	<target host="www.bescha.bund.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<!-- Invalid certificate on https://bescha.bund.de/,
+	http://bescha.bund.de/ redirects to http://www.bescha.bund.de/ -->
+	<rule from="^http://bescha\.bund\.de/"
+		to="https://www.bescha.bund.de/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/bestchange.ru.xml b/src/chrome/content/rules/bestchange.ru.xml
new file mode 100644
index 000000000000..4b3f785fa5c8
--- /dev/null
+++ b/src/chrome/content/rules/bestchange.ru.xml
@@ -0,0 +1,6 @@
+<ruleset name="bestchange.ru">
+	<target host="bestchange.ru" />
+	<target host="www.bestchange.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/bet365.es.xml b/src/chrome/content/rules/bet365.es.xml
new file mode 100644
index 000000000000..793c057b4fbb
--- /dev/null
+++ b/src/chrome/content/rules/bet365.es.xml
@@ -0,0 +1,18 @@
+<ruleset name="bet365.es">
+	<target host="bet365.es" />
+	<target host="www.bet365.es" />
+	<target host="casino.bet365.es" />
+	<target host="content001.bet365.es" />
+	<target host="extra.bet365.es" />
+	<target host="help.bet365.es" />
+	<target host="members.bet365.es" />
+	<target host="mobile.bet365.es" />
+	<target host="poker.bet365.es" />
+	<target host="premlp-pt3.bet365.es" />
+	<target host="slots.bet365.es" />
+	<target host="banner.slots.bet365.es" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/bet365affiliates.com.xml b/src/chrome/content/rules/bet365affiliates.com.xml
new file mode 100644
index 000000000000..3fd534a94cb2
--- /dev/null
+++ b/src/chrome/content/rules/bet365affiliates.com.xml
@@ -0,0 +1,30 @@
+<!--
+	For other bet365 Group coverage, see Bet365-Group.xml.
+
+
+	^bet365affiliates.com: Refused
+
+-->
+<ruleset name="bet365 Affiliates.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="content001.bet365affiliates.com" />
+	<target host="imstore.bet365affiliates.com" />
+	<target host="www.bet365affiliates.com"/>
+
+	<!--	Complications:
+				-->
+	<target host="bet365affiliates.com"/>
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://bet365affiliates\.com/"
+		to="https://www.bet365affiliates.com/"/>
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/betafamily.com.xml b/src/chrome/content/rules/betafamily.com.xml
new file mode 100644
index 000000000000..a269ec36890c
--- /dev/null
+++ b/src/chrome/content/rules/betafamily.com.xml
@@ -0,0 +1,28 @@
+<!--
+	Timeout:
+		blog.betafamily.com
+
+	Wildcard used since it has thousands of subdomains.
+-->
+<ruleset name="betafamily.com">
+	<target host="betafamily.com" />
+	<target host="*.betafamily.com" />
+
+	<exclusion pattern="^http://blog\.betafamily\.com/" />
+
+		<test url="http://www.betafamily.com/" />
+		<test url="http://blog.betafamily.com/" />
+		<test url="http://eercast.betafamily.com/" />
+		<test url="http://marginnote.betafamily.com/" />
+		<test url="http://voomie.betafamily.com/" />
+		<test url="http://tommyturtle.betafamily.com/" />
+		<test url="http://netangel.betafamily.com/" />
+		<test url="http://wozle.betafamily.com/" />
+		<test url="http://ilikeradio.betafamily.com/" />
+		<test url="http://stormtrek.betafamily.com/" />
+		<test url="http://google.betafamily.com/" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/betanews.com.xml b/src/chrome/content/rules/betanews.com.xml
new file mode 100644
index 000000000000..1da9bd8fd9fd
--- /dev/null
+++ b/src/chrome/content/rules/betanews.com.xml
@@ -0,0 +1,58 @@
+<!--
+	Problematic hosts in *betanews.com:
+
+		- feeds ᶠ
+		- store ᵉ ᵐ ˢ
+
+	ᵉ Expired
+	ᶠ Feedburner / handshake fails
+	ᵐ Mismatched
+	ˢ Self-signed
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- .betanews.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Images on store from img.creativemark.co.uk ⁴
+		- Ads on store from adverts.creativemark.co.uk ⁴
+
+	⁴ Unsecurable <= 404
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="betanews.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="betanews.com" />
+	<target host="fileforum.betanews.com" />
+	<target host="images.betanews.com" />
+	<target host="www.betanews.com" />
+
+		<test url="http://images.betanews.com/fileforum2/white_downbullet.gif" />
+
+	<!--	Complications:
+				-->
+	<target host="feeds.betanews.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.betanews\.com$" name="^sixsession$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://feeds\.betanews\.com/"
+		to="https://feeds.feedburner.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/betternet.co.xml b/src/chrome/content/rules/betternet.co.xml
new file mode 100644
index 000000000000..4324335ce16b
--- /dev/null
+++ b/src/chrome/content/rules/betternet.co.xml
@@ -0,0 +1,12 @@
+<!--
+support.betternet.co ¹
+
+
+¹ mismatch
+-->
+<ruleset name="betternet.co">
+	<target host="betternet.co" />
+	<target host="www.betternet.co" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/beyondbinary.io.xml b/src/chrome/content/rules/beyondbinary.io.xml
new file mode 100644
index 000000000000..0be8f88b569e
--- /dev/null
+++ b/src/chrome/content/rules/beyondbinary.io.xml
@@ -0,0 +1,11 @@
+<ruleset name="Beyond Binary.io">
+
+	<target host="beyondbinary.io" />
+	<target host="www.beyondbinary.io" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/bezeq.co.il.xml b/src/chrome/content/rules/bezeq.co.il.xml
new file mode 100644
index 000000000000..58fc7b9ea0ec
--- /dev/null
+++ b/src/chrome/content/rules/bezeq.co.il.xml
@@ -0,0 +1,78 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://music.bezeq.co.il/ => https://music.bezeq.co.il/: (6, 'Could not resolve host: music.bezeq.co.il')
+
+	Other Bezeq rulesets:
+
+		- Bezeq_International.xml
+		- walla.co.il.xml
+		- yes.co.il.xml
+
+
+	Problematic hosts in *bezeq.co.il:
+
+		- ir ᴬ
+
+	ᴬ Akamai / mismatched
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- bezeq.co.il
+		- .bezeq.co.il
+		- b-home.bezeq.co.il
+		- bhome1.bezeq.co.il
+		- bsupport.bezeq.co.il
+		- gimlaim.bezeq.co.il
+		- m.bezeq.co.il
+		- music.bezeq.co.il
+		- reports.bezeq.co.il
+		- suppliers.bezeq.co.il
+		- www.bezeq.co.il
+		- www02.bezeq.co.il
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- bsupport, m from www02.bezeq.co.il ˢ
+			- m from www.bezeq.co.il ˢ
+
+		- Bugs on music from reports.bezeq.co.il ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Bezeq.co.il (partial)" default_off="failed ruleset test">
+
+	<target host="bezeq.co.il" />
+	<target host="b-home.bezeq.co.il" />
+	<target host="bhome1.bezeq.co.il" />
+	<target host="bmy.bezeq.co.il" />
+	<target host="gimlaim.bezeq.co.il" />
+	<target host="m.bezeq.co.il" />
+	<target host="my.bezeq.co.il" />
+	<target host="music.bezeq.co.il" />
+	<target host="reports.bezeq.co.il" />
+	<target host="suppliers.bezeq.co.il" />
+	<target host="www.bezeq.co.il" />
+	<target host="www02.bezeq.co.il" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:(?:b-home|bhome1|bsupport|gimlaim|www|www02)\.)?bezeq\.co\.il$" name="^TS[\da-f]" /-->
+	<!--securecookie host="^\.bezeq\.co\.il$" name="^(?:\.ASPXAUTH|TS[\da-f])$" /-->
+	<!--securecookie host="^reports\.bezeq\.co\.il$" name="^(?:ACOOKIE|TS[\da-f])$" /-->
+	<!--securecookie host="^(?:m|music|suppliers)\.bezeq\.co\.il$" name="^(?:ASP\.NET_SessionId|TS[\da-f])$" /-->
+
+	<securecookie host="^\." name="^(?:_gat?$|_gat_|TS[\da-f])" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/bezrealitky.cz.xml b/src/chrome/content/rules/bezrealitky.cz.xml
new file mode 100644
index 000000000000..8e9294b5071b
--- /dev/null
+++ b/src/chrome/content/rules/bezrealitky.cz.xml
@@ -0,0 +1,7 @@
+<ruleset name="bezrealitky.cz">
+    <target host="bezrealitky.cz" />
+    <target host="www.bezrealitky.cz" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/bfe.bund.de.xml b/src/chrome/content/rules/bfe.bund.de.xml
new file mode 100644
index 000000000000..f436d57ea424
--- /dev/null
+++ b/src/chrome/content/rules/bfe.bund.de.xml
@@ -0,0 +1,13 @@
+<!--
+	For other bund.de coverages, see Verwaltung_Online.xml.
+-->
+<ruleset name="Bundesamt für kerntechnische Entsorgungssicherheit">
+
+	<target host="bfe.bund.de" />
+	<target host="www.bfe.bund.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/bfm.ru.xml b/src/chrome/content/rules/bfm.ru.xml
new file mode 100644
index 000000000000..67d087e9e639
--- /dev/null
+++ b/src/chrome/content/rules/bfm.ru.xml
@@ -0,0 +1,9 @@
+<!--docs. 404-->
+<ruleset name="bfm.ru">
+	<target host="bfm.ru" />
+	<target host="www.bfm.ru" />
+	<target host="s.bfm.ru" />
+	<target host="cdn.bfm.ru" />
+	<target host="megafon.bfm.ru" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/bfn.de.xml b/src/chrome/content/rules/bfn.de.xml
new file mode 100644
index 000000000000..e509208f88ec
--- /dev/null
+++ b/src/chrome/content/rules/bfn.de.xml
@@ -0,0 +1,44 @@
+<!--
+	Invalid certificate:
+		www.abs.bfn.de
+		www.biologischevielfalt.bfn.de
+		www.ffh-anhang4.bfn.de
+		www.geodienste.bfn.de
+		ina-depot.bfn.de
+		www.nachhaltigkeitsindikator.bfn.de
+		www.natgesis.bfn.de
+		www.natursportinfo.bfn.de
+		www.neobiota.bfn.de
+
+	Timeout:
+		mobile.bfn.de
+		transfer.bfn.de
+
+	Unable to get local issuer certificate:
+		dasy.bfn.de
+		depot.bfn.de
+-->
+<ruleset name="Bundesamt für Naturschutz">
+	<!-- Federal Agency for Nature Conservation -->
+
+	<target host="bfn.de" />
+	<target host="www.bfn.de" />
+	<target host="abs.bfn.de" />
+	<target host="biologischevielfalt.bfn.de" />
+	<target host="ffh-anhang4.bfn.de" />
+	<target host="geodienste.bfn.de" />
+	<target host="metadaten.bfn.de" />
+	<target host="natgesis.bfn.de" />
+	<target host="naturdetektive.bfn.de" />
+	<target host="natursportinfo.bfn.de" />
+	<target host="neobiota.bfn.de" />
+	<target host="share.bfn.de" />
+	<target host="wandertag.bfn.de" />
+	<target host="webmail.bfn.de" />
+	<target host="www2.bfn.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/bg-verkehr.de.xml b/src/chrome/content/rules/bg-verkehr.de.xml
new file mode 100644
index 000000000000..d55bfe30bb85
--- /dev/null
+++ b/src/chrome/content/rules/bg-verkehr.de.xml
@@ -0,0 +1,35 @@
+<!--
+	Content mismatch:
+		files.bg-verkehr.de
+
+	Not found:
+		seminare.bg-verkehr.de
+
+	Timeout:
+		kompendium.bg-verkehr.de
+		mx[1|2].bg-verkehr.de
+-->
+<ruleset name="BG-Verkehr.de">
+
+	<target host="bg-verkehr.de" />
+	<target host="www.bg-verkehr.de" />
+	<target host="akteneinsicht.bg-verkehr.de" />
+	<target host="bgdirekt.bg-verkehr.de" />
+	<target host="bgdirekt-weblogin.bg-verkehr.de" />
+	<target host="intranet.bg-verkehr.de" />
+	<target host="intranet-weblogin.bg-verkehr.de" />
+	<target host="newsletter.bg-verkehr.de" />
+	<target host="praevention-projekte.bg-verkehr.de" />
+	<target host="quiz.bg-verkehr.de" />
+	<target host="subscribe.bg-verkehr.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<!-- https://bg-verkehr.de/ redirects to https://cloud.bg-kooperation.de/,
+	http://bg-verkehr.de/ redirects to http://www.bg-verkehr.de/ -->
+	<rule from="^http://bg-verkehr\.de/"
+		to="https://www.bg-verkehr.de/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/bgbilling.ru.xml b/src/chrome/content/rules/bgbilling.ru.xml
new file mode 100644
index 000000000000..351f5727889f
--- /dev/null
+++ b/src/chrome/content/rules/bgbilling.ru.xml
@@ -0,0 +1,14 @@
+<!--
+demo.bgbilling.ru ¹
+forum.bgbilling.ru ¹
+wiki.bgbilling.ru ¹
+
+
+¹ mismatch
+-->
+<ruleset name="bgbilling.ru">
+	<target host="bgbilling.ru" />
+	<target host="www.bgbilling.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/bgbl.de.xml b/src/chrome/content/rules/bgbl.de.xml
new file mode 100644
index 000000000000..8dd9ff0e9aeb
--- /dev/null
+++ b/src/chrome/content/rules/bgbl.de.xml
@@ -0,0 +1,20 @@
+<!--
+	Timeout:
+		mobile.bgbl.de
+
+-->
+<ruleset name="Das Bundesgesetzblatt (BGBl.)">
+
+	<target host="bgbl.de" />
+	<target host="www.bgbl.de" />
+	<target host="www1.bgbl.de" />
+	<target host="www2.bgbl.de" />
+
+	<!-- Timeout on https://bgbl.de/,
+	http://bgbl.de/ redirects to http://www.bgbl.de/. -->
+	<rule from="^http://bgbl\.de/"
+		to="https://www.bgbl.de/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/bger.ch.xml b/src/chrome/content/rules/bger.ch.xml
new file mode 100644
index 000000000000..1298ec996862
--- /dev/null
+++ b/src/chrome/content/rules/bger.ch.xml
@@ -0,0 +1,21 @@
+<!--
+	Different content:
+		- expert.bger.ch
+			(test url: http://expert.bger.ch/php/clir/http/)
+
+	Mismatch:
+		- jumpcgi.bger.ch
+		- relevancy.bger.ch
+		- relevancy2.bger.ch
+
+	Refused:
+		- jurivoc.bger.ch
+
+	^ does not exist
+-->
+<ruleset name="bger.ch">
+	<target host="www.bger.ch" />
+
+	<rule from="^http:"
+		to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/bgetem.de.xml b/src/chrome/content/rules/bgetem.de.xml
new file mode 100644
index 000000000000..943228c06b2d
--- /dev/null
+++ b/src/chrome/content/rules/bgetem.de.xml
@@ -0,0 +1,47 @@
+<!--
+	Content mismatch:
+		emissionsarme-produkte.bgetem.de
+
+	Not found:
+		www.cx.bgetem.de
+		www.mail.bgetem.de
+		www.owa.bgetem.de
+		secure.bgetem.de
+		uc.bgetem.de
+
+	Refused:
+		oswc.bgetem.de
+
+	Timeout:
+		dp.bgetem.de
+		etf.bgetem.de
+		ew.bgetem.de
+		seminare.bgetem.de
+-->
+<ruleset name="BG ETEM">
+
+	<target host="bgetem.de" />
+	<target host="www.bgetem.de" />
+	<target host="autodiscover.bgetem.de" />
+	<target host="cx.bgetem.de" />
+	<target host="extranet.bgetem.de" />
+	<target host="extranet-weblogin.bgetem.de" />
+	<target host="gbpb.bgetem.de" />
+	<target host="gvs.bgetem.de" />
+	<target host="handlungshilfe.bgetem.de" />
+	<target host="intranet.bgetem.de" />
+	<target host="ldcsa.bgetem.de" />
+	<target host="luftbefeuchtung.bgetem.de" />
+	<target host="mail.bgetem.de" />
+	<target host="owa.bgetem.de" />
+	<target host="schwarzheide.bgetem.de" />
+	<target host="seminardatenbank.bgetem.de" />
+	<target host="testextranet.bgetem.de" />
+	<target host="testweblogin.bgetem.de" />
+	<target host="transfer.bgetem.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/bghm.de.xml b/src/chrome/content/rules/bghm.de.xml
new file mode 100644
index 000000000000..8d8974af22b2
--- /dev/null
+++ b/src/chrome/content/rules/bghm.de.xml
@@ -0,0 +1,72 @@
+<!--
+	This domain contains a wildcard DNS and a wildcard certificate.
+
+	Invalid certificate:
+		av.bghm.de
+		einstellungen.bghm.de
+		integration.einstellungen.bghm.de
+		test.einstellungen.bghm.de
+		integration.extranet.bghm.de
+		www.fa-mfs.bghm.de
+		lswebdir.bghm.de
+		meetings.bghm.de
+		integration.umfrage.bghm.de
+		test.umfrage.bghm.de
+		webext2013.bghm.de
+		www.zielnull.bghm.de
+
+	Not found:
+		entwicklung.extranet.bghm.de
+		rollin.extranet.bghm.de
+		www.receiver.bghm.de
+
+	Refused:
+		av2013.bghm.de
+		webcon2013.bghm.de
+
+	Timeout:
+		corporate-access.bghm.de
+-->
+<ruleset name="BGHM.de">
+
+	<target host="bghm.de" />
+	<target host="www.bghm.de" />
+	<target host="adfs.bghm.de" />
+	<target host="entwicklung.adfs.bghm.de" />
+	<target host="arbeitsbereiche.bghm.de" />
+	<target host="arbeitsbereiche-extranet.bghm.de" />
+	<target host="entwicklung.arbeitsbereiche-extranet.bghm.de" />
+	<target host="autodiscover.bghm.de" />
+	<target host="dev6.bghm.de" />
+	<target host="dialin.bghm.de" />
+	<target host="eas.bghm.de" />
+	<target host="eastest.bghm.de" />
+	<target host="eastest2.bghm.de" />
+	<target host="extranet.bghm.de" />
+	<target host="test.extranet.bghm.de" />
+	<target host="filmshop.bghm.de" />
+	<target host="filmverleih.bghm.de" />
+	<target host="intranet.bghm.de" />
+	<target host="lswebpool.bghm.de" />
+	<target host="lyncdiscover.bghm.de" />
+	<target host="meet.bghm.de" />
+	<target host="receiver.bghm.de" />
+	<target host="sicherheitspreis.bghm.de" />
+	<target host="sip.bghm.de" />
+	<target host="sip2013.bghm.de" />
+	<target host="uag.bghm.de" />
+	<target host="umfrage.bghm.de" />
+	<target host="vitamobile.bghm.de" />
+	<target host="vitamobiletest.bghm.de" />
+	<target host="wac2013.bghm.de" />
+	<target host="webcon.bghm.de" />
+	<target host="ww.bghm.de" />
+	<target host="ww2.bghm.de" />
+	<target host="wwww.bghm.de" />
+	<target host="wwwwww.bghm.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/bghw.de.xml b/src/chrome/content/rules/bghw.de.xml
new file mode 100644
index 000000000000..0a51875f870e
--- /dev/null
+++ b/src/chrome/content/rules/bghw.de.xml
@@ -0,0 +1,35 @@
+<!--
+	Content mismatch:
+		fabe.bghw.de
+		selbstverwaltung-weblogin.bghw.de
+
+	Not found:
+		www.selbstverwaltung.bghw.de
+
+	Refused:
+		unterweisungen-im-handel.bghw.de
+		wbt1.bghw.de
+-->
+<ruleset name="BGHW.de">
+
+	<target host="bghw.de" />
+	<target host="www.bghw.de" />
+	<target host="extranet.bghw.de" />
+	<target host="extranet-test-weblogin.bghw.de" />
+	<target host="extranet-weblogin.bghw.de" />
+	<target host="fernlehrgang-weblogin.bghw.de" />
+	<target host="gefaehrdungsbeurteilung.bghw.de" />
+	<target host="landesk.bghw.de" />
+	<target host="lernen.bghw.de" />
+	<target host="lernportal.bghw.de" />
+	<target host="projekte.bghw.de" />
+	<target host="selbstverwaltung.bghw.de" />
+	<target host="seminardatenbank.bghw.de" />
+	<target host="ssl.bghw.de" />
+	<target host="training.bghw.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/bgn.de.xml b/src/chrome/content/rules/bgn.de.xml
new file mode 100644
index 000000000000..f007855e843c
--- /dev/null
+++ b/src/chrome/content/rules/bgn.de.xml
@@ -0,0 +1,29 @@
+<!--
+	Invalid certificate:
+		erfurtertage-shop.dev.bgn.de
+		ruecken-shop.dev.bgn.de
+		www.ruecken-shop.dev.bgn.de
+		www.stress-shop.dev.bgn.de
+		go.bgn.de
+		intern.bgn.de
+		mx1-uv.bgn.de
+		portal.bgn.de
+		*.portal.bgn.de
+		www.pz.bgn.de
+-->
+<ruleset name="BGN.de">
+
+	<target host="bgn.de" />
+	<target host="www.bgn.de" />
+	<target host="erfurtertage-shop.bgn.de" />
+	<target host="medienshop.bgn.de" />
+	<target host="ruecken-shop.bgn.de" />
+	<target host="stats.bgn.de" />
+	<target host="stress-shop.bgn.de" />
+	<target host="umfrage.bgn.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/bgrci.de.xml b/src/chrome/content/rules/bgrci.de.xml
new file mode 100644
index 000000000000..c9bbaca81f68
--- /dev/null
+++ b/src/chrome/content/rules/bgrci.de.xml
@@ -0,0 +1,38 @@
+<!--
+	Invalid certificate:
+		basiswissen.bgrci.de
+		downloadcenter.bgrci.de
+		www.gase.bgrci.de
+		gefahrstoffwissen.bgrci.de
+		kompendium.bgrci.de
+		laboratorien.bgrci.de
+		laubach.bgrci.de
+		maikammer.bgrci.de
+		medienshop.bgrci.de
+		newsletter.bgrci.de
+		notfallpraevention.bgrci.de
+		seminare.bgrci.de
+		www.seminare.bgrci.de
+		ssl.bgrci.de
+		visionzero.bgrci.de
+		vpu.bgrci.de
+
+	Not found:
+		extranet.bgrci.de
+
+	Timeout:
+		admin.bgrci.de
+-->
+<ruleset name="BGRCI.de">
+
+	<target host="bgrci.de" />
+	<target host="www.bgrci.de" />
+	<target host="anyconnect.bgrci.de" />
+	<target host="lernportal.bgrci.de" />
+	<target host="vpn.bgrci.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/bgslinc.com.xml b/src/chrome/content/rules/bgslinc.com.xml
new file mode 100644
index 000000000000..f46a0c819211
--- /dev/null
+++ b/src/chrome/content/rules/bgslinc.com.xml
@@ -0,0 +1,21 @@
+<!--
+	Invalid certificate:
+		ftp.bgslinc.com
+		imap.bgslinc.com
+		localhost.bgslinc.com
+		members.bgslinc.com
+		webmail.bgslinc.com
+
+	Refused:
+		localhost.bgslinc.com
+
+	Time out:
+		calendar.bgslinc.com
+-->
+<ruleset name="bgslinc.com">
+	<target host="bgslinc.com" />
+	<target host="www.bgslinc.com" />
+	<target host="mail.bgslinc.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/bgw-online.de.xml b/src/chrome/content/rules/bgw-online.de.xml
new file mode 100644
index 000000000000..90ed26861bc3
--- /dev/null
+++ b/src/chrome/content/rules/bgw-online.de.xml
@@ -0,0 +1,23 @@
+<ruleset name="BGW-online.de">
+
+	<target host="bgw-online.de" />
+	<target host="www.bgw-online.de" />
+	<target host="e-journal.bgw-online.de" />
+	<target host="entgeltnachweis.bgw-online.de" />
+	<target host="formulare.bgw-online.de" />
+	<target host="friseurapp.bgw-online.de" />
+	<target host="gb-pflege-ambulant.bgw-online.de" />
+	<target host="gb-pflege-stationaer.bgw-online.de" />
+	<target host="hautblog.bgw-online.de" />
+	<target host="infografik.bgw-online.de" />
+	<target host="kobra.bgw-online.de" />
+	<target host="kommunikation.bgw-online.de" />
+	<target host="moss.bgw-online.de" />
+	<target host="newsletter.bgw-online.de" />
+	<target host="statistik.bgw-online.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/bhphoto.com.xml b/src/chrome/content/rules/bhphoto.com.xml
new file mode 100644
index 000000000000..46aa40c44e0d
--- /dev/null
+++ b/src/chrome/content/rules/bhphoto.com.xml
@@ -0,0 +1,20 @@
+<!--
+	Note: platform is so as not to increase non-Tor
+	distinguishability, given that no pages are covered
+	and no mixed content secured.
+
+-->
+<ruleset name="BH Photo.com" platform="mixedcontent">
+
+	<target host="static.bhphoto.com" />
+
+		<test url="http://static.bhphoto.com/images/images150x150/1225378.jpg" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/bhphotovideo.com.xml b/src/chrome/content/rules/bhphotovideo.com.xml
new file mode 100644
index 000000000000..66b216cc0a5f
--- /dev/null
+++ b/src/chrome/content/rules/bhphotovideo.com.xml
@@ -0,0 +1,52 @@
+<!--
+	NB: payment.../$ redirects to https 405
+	?=> fetch check failure
+
+
+	Problematic hosts in *bhphotovideo.com:
+
+		- akamai ᴬ
+
+	ᴬ Akamai / mismatched
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- .bhphotovideo.com
+		- affiliates.bhphotovideo.com
+		- secure.bhphotovideo.com
+		- www.bhphotovideo.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="BH Photo Video.com (partial)">
+
+	<target host="bhphotovideo.com" />
+	<target host="affiliates.bhphotovideo.com" />
+	<target host="payment.bhphotovideo.com" />
+	<target host="secure.bhphotovideo.com" />
+	<target host="static.bhphotovideo.com" />
+	<target host="www.bhphotovideo.com" />
+
+		<!--	Sets cookies without Secure:
+							-->
+		<!--test url="http://affiliates.bhphotovideo.com/showban.asp?id=1&amp;img=bh_new-b.gif" /-->
+
+		<test url="http://static.bhphotovideo.com/images/images150x150/1086718.jpg" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.bhphotovideo\.com$" name="^(?:JSESSIONID|SSID_C|SSLB|SSNC|SSOE|SSRT_C|SSSC_C|TS[\da-f]{8}|cartId|ci|cookieId|dlc|dpi|dtlacfr|lpi|mapp|oldCheckout|sessionKey|simTags|uui|waterfall)$" /-->
+	<!--securecookie host="^affiliates\.bhphotovideo\.com$" name="^(?:ASPSESSIONID[A-Z]{8}|bhphotoimage)$" /-->
+	<!--securecookie host="^(?:secure|www)\.bhphotovideo\.com$" name="^(?:D_[HIPSU]ID|TS[\da-f]{8})$" /-->
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/bicomsystems.com.xml b/src/chrome/content/rules/bicomsystems.com.xml
new file mode 100644
index 000000000000..5d1602b8f3b9
--- /dev/null
+++ b/src/chrome/content/rules/bicomsystems.com.xml
@@ -0,0 +1,15 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://wiki.bicomsystems.com/ => https://wiki.bicomsystems.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+blog.bicomsystems.com expired
+-->
+<ruleset name="bicomsystems.com" default_off="failed ruleset test">
+	<target host="bicomsystems.com" />
+	<target host="www.bicomsystems.com" />
+	<target host="wiki.bicomsystems.com" />
+	<target host="downloads.bicomsystems.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/bicotender.ru.xml b/src/chrome/content/rules/bicotender.ru.xml
new file mode 100644
index 000000000000..b71c483de320
--- /dev/null
+++ b/src/chrome/content/rules/bicotender.ru.xml
@@ -0,0 +1,19 @@
+<!--
+ads.bicotender.ru ⁵
+ns1.bicotender.ru ⁴
+ns2.bicotender.ru ⁵
+ns3.bicotender.ru ⁵
+s.bicotender.ru ²
+
+
+² refused
+⁴ self signed
+⁵ expired
+-->
+<ruleset name="bicotender.ru">
+	<target host="bicotender.ru" />
+	<target host="www.bicotender.ru" />
+	<target host="www1.bicotender.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/biderundtanner.ch.xml b/src/chrome/content/rules/biderundtanner.ch.xml
new file mode 100644
index 000000000000..3d6fa79e2eee
--- /dev/null
+++ b/src/chrome/content/rules/biderundtanner.ch.xml
@@ -0,0 +1,9 @@
+<ruleset name="Bider &amp; Tanner.ch">
+	<target host="biderundtanner.ch"/>
+	<target host="www.biderundtanner.ch"/>
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://biderundtanner\.ch/" to="https://www.biderundtanner.ch/"/>
+	<rule from="^http:"	to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/bigfile.to.xml b/src/chrome/content/rules/bigfile.to.xml
new file mode 100644
index 000000000000..67c5af2b6d0f
--- /dev/null
+++ b/src/chrome/content/rules/bigfile.to.xml
@@ -0,0 +1,33 @@
+<!--
+	Nonfunctional hosts in *bigfile.to:
+
+		- reseller ʳ
+
+	ʳ Refused
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- bigfile.to
+		- www.bigfile.to
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Bigfile.to (partial)">
+
+	<target host="bigfile.to" />
+	<target host="www.bigfile.to" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?bigfile\.to$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/biglinux.com.br.xml b/src/chrome/content/rules/biglinux.com.br.xml
new file mode 100644
index 000000000000..851aff78a2ed
--- /dev/null
+++ b/src/chrome/content/rules/biglinux.com.br.xml
@@ -0,0 +1,5 @@
+<ruleset name="biglinux.com.br">
+	<target host="biglinux.com.br" />
+	<target host="www.biglinux.com.br" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/biglion.ru.xml b/src/chrome/content/rules/biglion.ru.xml
new file mode 100644
index 000000000000..552f19f6ab56
--- /dev/null
+++ b/src/chrome/content/rules/biglion.ru.xml
@@ -0,0 +1,137 @@
+<!--
+partner.biglion.ru non-2xx http code
+www.ssl.biglion.ru ¹
+st.biglion.ru ⁷
+l.biglion.ru mixed content
+
+
+¹ mismatch
+⁷ protocol error
+-->
+<ruleset name="biglion.ru">
+	<target host="biglion.ru" />
+	<target host="www.biglion.ru" />
+	<target host="abakan.biglion.ru" />
+	<target host="achinsk.biglion.ru" />
+	<target host="adler.biglion.ru" />
+	<target host="adv.biglion.ru" />
+	<target host="aleksin.biglion.ru" />
+	<target host="almetievsk.biglion.ru" />
+	<target host="anapa.biglion.ru" />
+	<target host="angarsk.biglion.ru" />
+	<target host="api.biglion.ru" />
+	<target host="aprelevka.biglion.ru" />
+	<target host="arkhangelsk.biglion.ru" />
+	<target host="armavir.biglion.ru" />
+	<target host="artem.biglion.ru" />
+	<target host="arzamas.biglion.ru" />
+	<target host="astrakhan.biglion.ru" />
+	<target host="balashikha.biglion.ru" />
+	<target host="barnaul.biglion.ru" />
+	<target host="belgorod.biglion.ru" />
+	<target host="beloretsk.biglion.ru" />
+	<target host="cheb.biglion.ru" />
+	<target host="chelyabinsk.biglion.ru" />
+	<target host="cherepov.biglion.ru" />
+	<target host="chita.biglion.ru" />
+	<target host="dedovsk.biglion.ru" />
+	<target host="dolgoprudnyiy.biglion.ru" />
+	<target host="egorevsk.biglion.ru" />
+	<target host="ekaterinburg.biglion.ru" />
+	<target host="elektrostal.biglion.ru" />
+	<target host="engels.biglion.ru" />
+	<target host="fryazino.biglion.ru" />
+	<target host="gatchina.biglion.ru" />
+	<target host="gorno-altaiysk.biglion.ru" />
+	<target host="irkutsk.biglion.ru" />
+	<target host="ivanovo.biglion.ru" />
+	<target host="izh.biglion.ru" />
+	<target host="kaliningrad.biglion.ru" />
+	<target host="kaluga.biglion.ru" />
+	<target host="kamyshin.biglion.ru" />
+	<target host="kazan.biglion.ru" />
+	<target host="kemerovo.biglion.ru" />
+	<target host="khabarovsk.biglion.ru" />
+	<target host="khimki.biglion.ru" />
+	<target host="kirov.biglion.ru" />
+	<target host="kislovodsk.biglion.ru" />
+	<target host="kms.biglion.ru" />
+	<target host="kolomna.biglion.ru" />
+	<target host="korolev.biglion.ru" />
+	<target host="kostroma.biglion.ru" />
+	<target host="krasnodar.biglion.ru" />
+	<target host="krasnoyarsk.biglion.ru" />
+	<target host="kronshtadt.biglion.ru" />
+	<target host="kurgan.biglion.ru" />
+	<target host="kursk.biglion.ru" />
+	<target host="lipetsk.biglion.ru" />
+	<target host="lomonosov.biglion.ru" />
+	<target host="magnitog.biglion.ru" />
+	<target host="miass.biglion.ru" />
+	<target host="moscow.biglion.ru" />
+	<target host="moskovskiiy.biglion.ru" />
+	<target host="murmansk.biglion.ru" />
+	<target host="mytischi.biglion.ru" />
+	<target host="nabchelny.biglion.ru" />
+	<target host="naro-fominsk.biglion.ru" />
+	<target host="nazyvaevsk.biglion.ru" />
+	<target host="nnovgorod.biglion.ru" />
+	<target host="noginsk.biglion.ru" />
+	<target host="novokuznetsk.biglion.ru" />
+	<target host="novorossiiysk.biglion.ru" />
+	<target host="novosibirsk.biglion.ru" />
+	<target host="nvartovsk.biglion.ru" />
+	<target host="omsk.biglion.ru" />
+	<target host="orenburg.biglion.ru" />
+	<target host="ozery.biglion.ru" />
+	<target host="penza.biglion.ru" />
+	<target host="perm.biglion.ru" />
+	<target host="petergof.biglion.ru" />
+	<target host="petrozavodsk.biglion.ru" />
+	<target host="podolsk.biglion.ru" />
+	<target host="protvino.biglion.ru" />
+	<target host="pskov.biglion.ru" />
+	<target host="pushkin.biglion.ru" />
+	<target host="pushkino.biglion.ru" />
+	<target host="pxl.biglion.ru" />
+	<target host="ramenskoe.biglion.ru" />
+	<target host="rc-edit.biglion.ru" />
+	<target host="rostovnadonu.biglion.ru" />
+	<target host="rt.biglion.ru" />
+	<target host="russia.biglion.ru" />
+	<target host="ryazan.biglion.ru" />
+	<target host="rybinsk.biglion.ru" />
+	<target host="salavat.biglion.ru" />
+	<target host="samara.biglion.ru" />
+	<target host="saransk.biglion.ru" />
+	<target host="sarapul.biglion.ru" />
+	<target host="saratov.biglion.ru" />
+	<target host="scherbinka.biglion.ru" />
+	<target host="smolensk.biglion.ru" />
+	<target host="sochi.biglion.ru" />
+	<target host="solnechnogorsk.biglion.ru" />
+	<target host="speterburg.biglion.ru" />
+	<target host="ssl.biglion.ru" />
+	<target host="stavropol.biglion.ru" />
+	<target host="sterlitamak.biglion.ru" />
+	<target host="syktyvkar.biglion.ru" />
+	<target host="taganrog.biglion.ru" />
+	<target host="tambov.biglion.ru" />
+	<target host="togliatti.biglion.ru" />
+	<target host="tomsk.biglion.ru" />
+	<target host="tula.biglion.ru" />
+	<target host="tver.biglion.ru" />
+	<target host="tyumen.biglion.ru" />
+	<target host="ufa.biglion.ru" />
+	<target host="ulyanovsk.biglion.ru" />
+	<target host="vladimir.biglion.ru" />
+	<target host="vladivostok.biglion.ru" />
+	<target host="volgograd.biglion.ru" />
+	<target host="vologda.biglion.ru" />
+	<target host="volzhsky.biglion.ru" />
+	<target host="voronezh.biglion.ru" />
+	<target host="yalta.biglion.ru" />
+	<target host="yaroslavl.biglion.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/bigw.com.au.xml b/src/chrome/content/rules/bigw.com.au.xml
new file mode 100644
index 000000000000..e81e6296ac05
--- /dev/null
+++ b/src/chrome/content/rules/bigw.com.au.xml
@@ -0,0 +1,35 @@
+<!--
+	For other Woolworths coverage, see Woolworths.com.au.xml
+
+
+	Nonfunctional subdomains:
+
+		- biznet	(expired cert)
+		- catalogues	(mismatch hostname, CN: *.salesfinder.com.au)
+		- e		(mismatch hostname, CN: *.chtah.com)
+		- l.e		(mismatch hostname, CN: *.eccmp.com)
+		- x.e		(mismatch hostname, CN: *.eccmp.com)
+		- ebooks	(timeout)
+		- click.emails		(hostname mismatch, CN: *.s6.exacttarget.com)
+		- image.emails		(hostname mismatch, CN: a248.e.akamai.net)
+		- view.emails		(hostname mismatch, CN: *.s6.exacttarget.com)
+		- www.myvoice		(hostname mismatch, CN: myvoice.bigw.com.au)
+		- o0mdnyjtxbddcl3qptca	(expired cert)
+		- (www.)preorder	(expired cert)
+
+-->
+<ruleset name="BIG W">
+
+	<target host="bigw.com.au" />
+	<target host="www.bigw.com.au" />
+	<target host="m.bigw.com.au" />
+	<target host="mobile.bigw.com.au" />
+	<target host="myvoice.bigw.com.au" />
+	<target host="shoutout.bigw.com.au" />
+	<target host="uat.bigw.com.au" />
+
+	<securecookie host="^www\.bigw\.com\.au$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/bikeability.org.uk.xml b/src/chrome/content/rules/bikeability.org.uk.xml
new file mode 100644
index 000000000000..b8b57d97f469
--- /dev/null
+++ b/src/chrome/content/rules/bikeability.org.uk.xml
@@ -0,0 +1,30 @@
+<!--
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Insecure cookies are set for these hosts:
+
+		- professionals.bikeability.org.uk
+		- scheme.bikeability.org.uk
+
+-->
+<ruleset name="Bikeability.org.uk">
+
+	<target host="bikeability.org.uk" />
+	<target host="professionals.bikeability.org.uk" />
+	<target host="scheme.bikeability.org.uk" />
+	<target host="www.bikeability.org.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^professionals\.bikeability\.org\.uk$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^scheme\.bikeability\.org\.uk$" name="^ci_session$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/bikebiz.com.xml b/src/chrome/content/rules/bikebiz.com.xml
new file mode 100644
index 000000000000..5f8a077554b9
--- /dev/null
+++ b/src/chrome/content/rules/bikebiz.com.xml
@@ -0,0 +1,36 @@
+<!--
+	For other NewsBay Media coverage, see Intent-Media.xml.
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.bikebiz.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Bug on www from b.scorecardresearch.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="BikeBiz.com">
+
+	<target host="bikebiz.com" />
+	<target host="subs.bikebiz.com" />
+	<target host="www.bikebiz.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.bikebiz\.com$" name="Session$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/billing-lan.net.xml b/src/chrome/content/rules/billing-lan.net.xml
new file mode 100644
index 000000000000..62f9f434788c
--- /dev/null
+++ b/src/chrome/content/rules/billing-lan.net.xml
@@ -0,0 +1,9 @@
+<!--
+forum.billing-lan.net timed out
+-->
+<ruleset name="billing-lan.net">
+	<target host="billing-lan.net" />
+	<target host="www.billing-lan.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/bioRxiv.org.xml b/src/chrome/content/rules/bioRxiv.org.xml
new file mode 100644
index 000000000000..8c7bd1cbcd6d
--- /dev/null
+++ b/src/chrome/content/rules/bioRxiv.org.xml
@@ -0,0 +1,18 @@
+<!--
+	Refused:
+		biorxiv.org
+
+-->
+<ruleset name="bioRxiv.org">
+
+	<target host="biorxiv.org" />
+	<target host="www.biorxiv.org" />
+	<target host="connect.biorxiv.org" />
+	<target host="submit.biorxiv.org" />
+
+	<rule from="^http://biorxiv\.org/"
+		to="https://www.biorxiv.org/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/birmingham.gov.uk-falsemixed.xml b/src/chrome/content/rules/birmingham.gov.uk-falsemixed.xml
new file mode 100644
index 000000000000..2182a280ae6f
--- /dev/null
+++ b/src/chrome/content/rules/birmingham.gov.uk-falsemixed.xml
@@ -0,0 +1,16 @@
+<!--
+	For rules not causing false/broken MCB, see birmingham.gov.uk.xml.
+
+-->
+<ruleset name="Birmingham.gov.uk (false MCB)" platform="mixedcontent">
+
+	<target host="property.birmingham.gov.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/birmingham.gov.uk.xml b/src/chrome/content/rules/birmingham.gov.uk.xml
new file mode 100644
index 000000000000..7f415e9296e1
--- /dev/null
+++ b/src/chrome/content/rules/birmingham.gov.uk.xml
@@ -0,0 +1,116 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://bikenorth.birmingham.gov.uk/ => https://bikenorth.birmingham.gov.uk/: (6, 'Could not resolve host: bikenorth.birmingham.gov.uk')
+Fetch error: http://brasshouse.birmingham.gov.uk/ => https://brasshouse.birmingham.gov.uk/: (6, 'Could not resolve host: brasshouse.birmingham.gov.uk')
+Fetch error: http://disruption.birmingham.gov.uk/ => https://disruption.birmingham.gov.uk/: (6, 'Could not resolve host: disruption.birmingham.gov.uk')
+Fetch error: http://events.birmingham.gov.uk/ => https://events.birmingham.gov.uk/: (6, 'Could not resolve host: events.birmingham.gov.uk')
+Fetch error: http://lsblaw.birmingham.gov.uk/ => https://lsblaw.birmingham.gov.uk/: (6, 'Could not resolve host: lsblaw.birmingham.gov.uk')
+
+	Birmingham City Council
+
+	For rules causing false/broken MCB, see birmingham.gov.uk-falsemixed.xml.
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *birmingham.gov.uk:
+
+		- www.aqua ᵇ
+		- cypftraining ᵃ
+
+	ᵃ Shows another domain
+	ᵇ Shows default page
+
+
+	Problematic hosts in *birmingham.gov.uk:
+
+		- consult ᵐ
+		- eadmissions ᶜ
+		- property ˣ
+
+	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
+	ᵐ Mismatched
+	ˣ Mixed css
+
+
+	These altnames don't exist:
+
+		- www.data.birmingham.gov.uk
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- birmingham.gov.uk
+		- .birmingham.gov.uk
+		- bikenorth.birmingham.gov.uk
+		- consult.birmingham.gov.uk
+		- disruption.birmingham.gov.uk
+		- localview.birmingham.gov.uk
+		- online.birmingham.gov.uk
+		- pcn.birmingham.gov.uk
+		- property.birmingham.gov.uk
+
+
+	Mixed content:
+
+		- css, on:
+
+			- lsblaw from fonts.googleapis.com ˢ
+			- property from $self ˢ
+
+		- Images on bigcityplan, brasshouse, eplanning, events, hwb, lsblaw, property, www from $self ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="Birmingham.gov.uk (partial)" default_off="failed ruleset test">
+
+	<target host="birmingham.gov.uk" />
+	<target host="bikenorth.birmingham.gov.uk" />
+	<target host="bigcityplan.birmingham.gov.uk" />
+	<target host="brasshouse.birmingham.gov.uk" />
+	<target host="data.birmingham.gov.uk" />
+	<target host="disruption.birmingham.gov.uk" />
+	<!--target host="eadmissions.birmingham.gov.uk" /-->
+	<target host="eplanning.birmingham.gov.uk" />
+	<target host="events.birmingham.gov.uk" />
+	<target host="hwb.birmingham.gov.uk" />
+	<target host="www.leisurebookings.birmingham.gov.uk" />
+	<target host="localview.birmingham.gov.uk" />
+	<target host="lsblaw.birmingham.gov.uk" />
+	<target host="netloan.birmingham.gov.uk" />
+	<target host="online.birmingham.gov.uk" />
+	<target host="pcn.birmingham.gov.uk" />
+	<!--target host="property.birmingham.gov.uk" /-->
+	<target host="www.birmingham.gov.uk" />
+
+		<!--	Mixed images:
+					-->
+		<!--test url="http://eplanning.birmingham.gov.uk/Northgate/PlanningExplorer/GeneralSearch.aspx" /-->
+
+		<!--	Sets cookies without Secure:
+							-->
+		<!--test url="http://pcn.birmingham.gov.uk/userservices/" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:localview\.|www\.)?birmingham\.gov\.uk$" name="^___utm[abm]" /-->
+	<!--securecookie host="^\.birmingham\.gov\.uk$" name="^(?:incap_ses_\d+_\d+|visid_incap_\d+)$" /-->
+	<!--securecookie host="^bikenorth\.birmingham\.gov\.uk$" name="^(?:PHPSESSID|wfvt_[\d-]+)$" /-->
+	<!--securecookie host="^consult\.birmingham\.gov\.uk$" name="^(?:JSESSION|Server)ID$" /-->
+	<!--securecookie host="^disruption\.birmingham\.gov\.uk$" name="^(?:PHPSESSID|wfvt_[\d-]+)$" /-->
+	<!--securecookie host="^(?:localview|online)\.birmingham\.gov\.uk$" name="^(?:JSESSIONID|customerfirst\.birmingham\.gov\.uk)$" /-->
+	<!--securecookie host="^lsblaw\.birmingham\.gov\.uk$" name="^wmp_load_app$" /-->
+	<!--securecookie host="^pcn\.birmingham\.gov\.uk$" name="^(?:ASPSESSIONID[A-Z]{8}|pcn\.birmingham\.gov\.uk)$" /-->
+	<!--securecookie host="^property\.birmingham\.gov\.uk$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+	<securecookie host="^\." name="^(?:incap_ses|visid_incap)_" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/bis.gov.uk-falsemixed.xml b/src/chrome/content/rules/bis.gov.uk-falsemixed.xml
new file mode 100644
index 000000000000..6012472b5e12
--- /dev/null
+++ b/src/chrome/content/rules/bis.gov.uk-falsemixed.xml
@@ -0,0 +1,23 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://feconnect.sfa.bis.gov.uk/ => https://feconnect.sfa.bis.gov.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'feconnect.sfa.bis.gov.uk'")
+
+	For rules not causing false/broken MCB, see UK-Department-for-Business-Innovation-and-Skills.xml.
+
+
+	NB: See https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="BIS.gov.uk (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
+
+	<target host="feconnect.sfa.bis.gov.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/bit-com.ru.xml b/src/chrome/content/rules/bit-com.ru.xml
new file mode 100644
index 000000000000..c22d837cc1a3
--- /dev/null
+++ b/src/chrome/content/rules/bit-com.ru.xml
@@ -0,0 +1,10 @@
+<!--
+bit-com.ru protocol error
+www.bit-com.ru protocol error
+admin.bit-com.ru refused
+-->
+<ruleset name="bit-com.ru (partial)">
+	<target host="stat.bit-com.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/bit-hdtv.com.xml b/src/chrome/content/rules/bit-hdtv.com.xml
new file mode 100644
index 000000000000..0eca0e7ad79b
--- /dev/null
+++ b/src/chrome/content/rules/bit-hdtv.com.xml
@@ -0,0 +1,13 @@
+<!--
+sb-31666.bit-hdtv.com ⁴
+
+
+⁴ self signed
+-->
+<ruleset name="bit-hdtv.com">
+	<target host="bit-hdtv.com" />
+	<target host="www.bit-hdtv.com" />
+	<target host="dev.bit-hdtv.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/bitadexchange.com.xml b/src/chrome/content/rules/bitadexchange.com.xml
new file mode 100644
index 000000000000..3359d286cacd
--- /dev/null
+++ b/src/chrome/content/rules/bitadexchange.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="bitadexchange.com">
+
+	<target host="bitadexchange.com" />
+	<target host="www.bitadexchange.com" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/bitcasa.xml b/src/chrome/content/rules/bitcasa.xml
deleted file mode 100644
index 7048e99b7c3e..000000000000
--- a/src/chrome/content/rules/bitcasa.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="BitCasa">
-	<target host="bitcasa.com" />
-	<target host="*.bitcasa.com" />
-
-	<rule from="^http://bitcasa\.com/" to="https://bitcasa.com/"/>
-	<rule from="^http://([^/:@]*)\.bitcasa\.com/" to="https://$1.bitcasa.com/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/bitcoinchain.com.xml b/src/chrome/content/rules/bitcoinchain.com.xml
new file mode 100644
index 000000000000..9a9031072bf2
--- /dev/null
+++ b/src/chrome/content/rules/bitcoinchain.com.xml
@@ -0,0 +1,18 @@
+<!--
+new.bitcoinchain.com ⁵
+
+
+⁵ expired
+-->
+<ruleset name="bitcoinchain.com">
+	<target host="bitcoinchain.com" />
+	<target host="www.bitcoinchain.com" />
+	<target host="api-r.bitcoinchain.com" />
+	<target host="api-s.bitcoinchain.com" />
+	<target host="db-wallet.bitcoinchain.com" />
+	<target host="proxy-wallet.bitcoinchain.com" />
+	<target host="rest.bitcoinchain.com" />
+	<target host="wallet.bitcoinchain.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/bitcoinknots.org.xml b/src/chrome/content/rules/bitcoinknots.org.xml
new file mode 100644
index 000000000000..0a2cd49d21de
--- /dev/null
+++ b/src/chrome/content/rules/bitcoinknots.org.xml
@@ -0,0 +1,12 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.bitcoinknots.org/ => https://www.bitcoinknots.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.bitcoinknots.org'")
+
+-->
+<ruleset name="bitcoinknots.org" default_off="failed ruleset test">
+	<target host="bitcoinknots.org" />
+	<target host="www.bitcoinknots.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/bitcointrezor.com.xml b/src/chrome/content/rules/bitcointrezor.com.xml
new file mode 100644
index 000000000000..4e3b2b2043b7
--- /dev/null
+++ b/src/chrome/content/rules/bitcointrezor.com.xml
@@ -0,0 +1,17 @@
+<!--
+	For other Satoshi Labs coverage, see satoshilabs.com.xml.
+
+-->
+<ruleset name="BitcoinTrezor.com">
+
+	<target host="bitcointrezor.com" />
+	<target host="www.bitcointrezor.com" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/bitcoinwatch.com.xml b/src/chrome/content/rules/bitcoinwatch.com.xml
new file mode 100644
index 000000000000..fd25431f7231
--- /dev/null
+++ b/src/chrome/content/rules/bitcoinwatch.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="bitcoinwatch.com">
+	<target host="bitcoinwatch.com" />
+	<target host="www.bitcoinwatch.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/bitlaunch.io.xml b/src/chrome/content/rules/bitlaunch.io.xml
new file mode 100644
index 000000000000..82fbd35dd275
--- /dev/null
+++ b/src/chrome/content/rules/bitlaunch.io.xml
@@ -0,0 +1,12 @@
+<ruleset name="BitLaunch.io">
+	<target host="bitlaunch.io" />
+	<target host="www.bitlaunch.io" />
+	<target host="affiliates.bitlaunch.io" />
+	<target host="analytics.bitlaunch.io" />
+	<target host="app.bitlaunch.io" />
+	<target host="blacklist.bitlaunch.io" />
+	<target host="developers.bitlaunch.io" />
+	<target host="pay.bitlaunch.io" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/bitrace.ru.xml b/src/chrome/content/rules/bitrace.ru.xml
new file mode 100644
index 000000000000..6bf43d5be25a
--- /dev/null
+++ b/src/chrome/content/rules/bitrace.ru.xml
@@ -0,0 +1,42 @@
+<!--
+89-22-133-71.bitrace.ru ¹
+89-222-250-4.bitrace.ru ¹
+89-222-253-2.bitrace.ru ¹
+bill.bitrace.ru ⁷
+qiwi.bill.bitrace.ru ²
+cloud.bitrace.ru ⁵
+dc.bitrace.ru ¹
+www.dc.bitrace.ru ¹
+forum.bitrace.ru ¹
+gitlab.bitrace.ru ³
+help.bitrace.ru ¹
+lk.bitrace.ru ²
+www.maps.bitrace.ru ¹
+milk.bitrace.ru ¹
+mylk.bitrace.ru ²
+newsite.bitrace.ru ¹
+www.ns1.bitrace.ru ¹
+www.ns2.bitrace.ru ¹
+ok.bitrace.ru ¹
+base.sp.bitrace.ru ²
+info.sp.bitrace.ru ²
+pay.sp.bitrace.ru ²
+sup.bitrace.ru ⁴
+www.tv.bitrace.ru ¹
+wifi.bitrace.ru ³
+
+
+¹ mismatch
+² refused
+³ timed out
+⁴ self signed
+⁵ expired
+⁷ protocol error
+-->
+<ruleset name="bitrace.ru">
+	<target host="bitrace.ru" />
+	<target host="www.bitrace.ru" />
+	<target host="auth.wifi.bitrace.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/bitrise.io.xml b/src/chrome/content/rules/bitrise.io.xml
new file mode 100644
index 000000000000..167de5b77623
--- /dev/null
+++ b/src/chrome/content/rules/bitrise.io.xml
@@ -0,0 +1,17 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://tech.bitrise.io/ => https://tech.bitrise.io/: (51, "SSL: no alternative certificate subject name matches target host name 'tech.bitrise.io'")
+
+blog.bitrise.io timed out
+chat.bitrise.io timed out
+devcenter.bitrise.io mismatch
+status.bitrise.io mismatch
+-->
+<ruleset name="bitrise.io" default_off="failed ruleset test">
+	<target host="bitrise.io" />
+	<target host="www.bitrise.io" />
+	<target host="tech.bitrise.io" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/bitshare.com.xml b/src/chrome/content/rules/bitshare.com.xml
new file mode 100644
index 000000000000..55787f65af60
--- /dev/null
+++ b/src/chrome/content/rules/bitshare.com.xml
@@ -0,0 +1,36 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- bitshare.com
+		- www.bitshare.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css from ^bitshare.com ˢ
+		- Images from ^bitshare.com ˢ
+		- Bug from www.facebook.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="BitShare.com" platform="mixedcontent">
+
+	<target host="bitshare.com" />
+	<target host="www.bitshare.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?bitshare\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/bizible.com.xml b/src/chrome/content/rules/bizible.com.xml
new file mode 100644
index 000000000000..cef194e262bf
--- /dev/null
+++ b/src/chrome/content/rules/bizible.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Problematic hosts in *bizible.com:
+
+		- info ᴬ
+		- support ʰ
+		- www ᴬ
+
+	ᴬ Akamai / mismatched
+	ʰ Desk.com / redirects to http
+
+-->
+<ruleset name="Bizible.com (partial)">
+
+	<!--target host="bizible.com" /-->
+	<target host="apps.bizible.com" />
+	<target host="cdn.bizible.com" />
+	<target host="sf.bizible.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/bizx.info.xml b/src/chrome/content/rules/bizx.info.xml
new file mode 100644
index 000000000000..83a05e84b573
--- /dev/null
+++ b/src/chrome/content/rules/bizx.info.xml
@@ -0,0 +1,27 @@
+<!--
+	Other Bizx rulesets:
+
+		- Slashdot.xml
+		- Slashdot_Media.xml
+
+
+	Mixed content:
+
+		- css from fonts.googleapis.com ˢ
+
+	ˢ Secure by us
+
+-->
+<ruleset name="Bizx.info">
+
+	<target host="bizx.info" />
+	<target host="www.bizx.info" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/bjoernkarmann.dk.xml b/src/chrome/content/rules/bjoernkarmann.dk.xml
new file mode 100644
index 000000000000..81f14daf8e7f
--- /dev/null
+++ b/src/chrome/content/rules/bjoernkarmann.dk.xml
@@ -0,0 +1,14 @@
+<!--
+	Time out:
+		mail.bjoernkarmann.dk
+		mysql.bjoernkarmann.dk
+		smtp.bjoernkarmann.dk
+-->
+<ruleset name="bjoernkarmann.dk">
+	<target host="bjoernkarmann.dk" />
+	<target host="www.bjoernkarmann.dk" />
+	<target host="pouljohansen.bjoernkarmann.dk" />
+	<target host="www.pouljohansen.bjoernkarmann.dk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/bk-partners1.co.uk.xml b/src/chrome/content/rules/bk-partners1.co.uk.xml
new file mode 100644
index 000000000000..81d98d5ed021
--- /dev/null
+++ b/src/chrome/content/rules/bk-partners1.co.uk.xml
@@ -0,0 +1,9 @@
+<ruleset name="bk-partners1.co.uk">
+
+	<target host="resizer.bk-partners1.co.uk" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/bk55.ru.xml b/src/chrome/content/rules/bk55.ru.xml
new file mode 100644
index 000000000000..b7d475e09d04
--- /dev/null
+++ b/src/chrome/content/rules/bk55.ru.xml
@@ -0,0 +1,18 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://bk55.ru/ => https://bk55.ru/: Too many redirects while fetching 'https://bk55.ru/'
+Fetch error: http://www.bk55.ru/ => https://www.bk55.ru/: Too many redirects while fetching 'https://www.bk55.ru/'
+Fetch error: http://mc.bk55.ru/ => https://mc.bk55.ru/: Too many redirects while fetching 'https://mc.bk55.ru/'
+Fetch error: http://m.bk55.ru/ => https://m.bk55.ru/: Too many redirects while fetching 'https://m.bk55.ru/'
+Fetch error: http://blog.bk55.ru/ => https://blog.bk55.ru/: Too many redirects while fetching 'https://blog.bk55.ru/'
+
+-->
+<ruleset name="bk55.ru" platform="mixedcontent" default_off="failed ruleset test">
+	<target host="bk55.ru" />
+	<target host="www.bk55.ru" />
+	<target host="mc.bk55.ru" />
+	<target host="m.bk55.ru" />
+	<target host="blog.bk55.ru" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/bkrtx.com.xml b/src/chrome/content/rules/bkrtx.com.xml
new file mode 100644
index 000000000000..0ce35317b73e
--- /dev/null
+++ b/src/chrome/content/rules/bkrtx.com.xml
@@ -0,0 +1,17 @@
+<!--
+	For other BlueKai coverage, see BlueKai.xml.
+
+
+	^bkrtx.com doesn't exist.
+
+-->
+<ruleset name="BKrtx.com">
+
+	<target host="tags.bkrtx.com" />
+	<target host="www.bkrtx.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/blackburn.gov.uk.xml b/src/chrome/content/rules/blackburn.gov.uk.xml
new file mode 100644
index 000000000000..7cc5c5b38a57
--- /dev/null
+++ b/src/chrome/content/rules/blackburn.gov.uk.xml
@@ -0,0 +1,67 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://revenuesbenefits.blackburn.gov.uk/eGovHub/Viewer/Org/Production/Apps/HBNewClaim/Launch.aspx => https://revenuesbenefits.blackburn.gov.uk/eGovHub/Viewer/Org/Production/Apps/HBNewClaim/Launch.aspx: (6, 'Could not resolve host: revenuesbenefits.blackburn.gov.uk')
+Fetch error: http://revenuesbenefits.blackburn.gov.uk/ => https://revenuesbenefits.blackburn.gov.uk/: (6, 'Could not resolve host: revenuesbenefits.blackburn.gov.uk')
+
+	Blackburn with Darwen Borough Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *blackburn.gov.uk:
+
+		- mybins ⁴
+		- planning ⁴
+
+	⁴ 404
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- blackburn.gov.uk
+		- .blackburn.gov.uk
+		- mybwd.blackburn.gov.uk
+		- revenuesbenefits.blackburn.gov.uk
+		- www.blackburn.gov.uk
+
+
+	Mixed content:
+
+		- Images on (www.)? from www.blackburn.gov.uk ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Blackburn.gov.uk (partial)" default_off="failed ruleset test">
+
+	<target host="blackburn.gov.uk" />
+	<target host="mybwd.blackburn.gov.uk" />
+	<target host="revenuesbenefits.blackburn.gov.uk" />
+	<target host="www.blackburn.gov.uk" />
+
+		<!--	$ 403s, so:
+					-->
+		<test url="http://enrol.blackburn.gov.uk/Website/" />
+		<test url="http://revenuesbenefits.blackburn.gov.uk/eGovHub/Viewer/Org/Production/Apps/HBNewClaim/Launch.aspx" />
+
+		<!--	404:
+				-->
+		<!--test url="http://planning.blackburn.gov.uk/Northgate/PlanningExplorer/RecentDecisionsSearch.aspx" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?blackburn\.gov\.uk$" name="^NSC_" /-->
+	<!--securecookie host="^\.blackburn\.gov\.uk$" name="^citrix_ns_id" /-->
+	<!--securecookie host="^mybwd\.blackburn\.gov\.uk$" name="^(?:ASP\.NET_SessionId|PageMode)$" /-->
+	<!--securecookie host="^revenuesbenefits\.blackburn\.gov\.uk$" name="^\.ASPXAUTH" /-->
+
+	<securecookie host="^\." name="^citrix_" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/blackgate.net.xml b/src/chrome/content/rules/blackgate.net.xml
new file mode 100644
index 000000000000..2509dd4d6d85
--- /dev/null
+++ b/src/chrome/content/rules/blackgate.net.xml
@@ -0,0 +1,6 @@
+<ruleset name="blackgate.net">
+	<target host="blackgate.net" />
+	<target host="www.blackgate.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/blackmoreops.com.xml b/src/chrome/content/rules/blackmoreops.com.xml
new file mode 100644
index 000000000000..a2f8696815bd
--- /dev/null
+++ b/src/chrome/content/rules/blackmoreops.com.xml
@@ -0,0 +1,14 @@
+<ruleset name="Blackmore Ops.com">
+
+	<target host="blackmoreops.com" />
+	<target host="www.blackmoreops.com" />
+
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/blake2.xml b/src/chrome/content/rules/blake2.xml
index 40ffdce8bf89..428dded79ce3 100644
--- a/src/chrome/content/rules/blake2.xml
+++ b/src/chrome/content/rules/blake2.xml
@@ -1,9 +1,11 @@
-<ruleset name="BLAKE2">
+<ruleset name="BLAKE2.net">
 
+	<!--	Direct rewrites:
+				-->
 	<target host="blake2.net" />
 	<target host="www.blake2.net" />
 
-	<rule from="^http://(www\.)?blake2\.net/"
-		to="https://blake2.net/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/blankonlinux.or.id.xml b/src/chrome/content/rules/blankonlinux.or.id.xml
new file mode 100644
index 000000000000..5182baa83445
--- /dev/null
+++ b/src/chrome/content/rules/blankonlinux.or.id.xml
@@ -0,0 +1,24 @@
+<!--
+dev.blankonlinux.or.id mismatch
+toko.blankonlinux.or.id mismatch
+konf.blankonlinux.or.id different content
+manokwari.blankonlinux.or.id different content
+sajadah.blankonlinux.or.id different content
+serambi.blankonlinux.or.id different content
+irgsh.blankonlinux.or.id mismatch
+arsip.blankonlinux.or.id mismatch
+i15n.blankonlinux.or.id expired
+cdimage.blankonlinux.or.id mismatch
+forum.blankonlinux.or.id different content
+konf2012.blankonlinux.or.id different content
+konf2011.blankonlinux.or.id different content
+konf2010.blankonlinux.or.id different content
+waljinah.blankonlinux.or.id different content
+panduan.blankonlinux.or.id different content
+-->
+<ruleset name="blankonlinux.or.id">
+	<target host="blankonlinux.or.id" />
+	<target host="www.blankonlinux.or.id" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ble.de.xml b/src/chrome/content/rules/ble.de.xml
new file mode 100644
index 000000000000..d920f701eef6
--- /dev/null
+++ b/src/chrome/content/rules/ble.de.xml
@@ -0,0 +1,67 @@
+<!--
+	For other domains of federal offices of Germany, see Verwaltung_Online.xml.
+
+	Not found:
+	  geonetwork.ble.de
+	  mvo.landesdaten.ble.de
+	  newsletter.ble.de
+	  rsa01.ble.de
+
+	Invalid certificate:
+	  news.ble.de
+
+	Timeout:
+	  gisaid.ble.de
+	  www.innovationstage.ble.de
+
+	Moved permanently (301):
+	  download.ble.de
+-->
+<ruleset name="Bundesanstalt für Landwirtschaft und Ernährung">
+
+	<target host="ble.de" />
+	<target host="www.ble.de" />
+	<target host="aoreg.ble.de" />
+	<target host="apps.ble.de" />
+	<target host="bfr.ble.de" />
+	<target host="bmel-durchblicker-redaktion.ble.de" />
+	<target host="bmel-kooperationsprogramm-prered.ble.de" />
+	<target host="bundesprogramm-prered.ble.de" />
+	<target host="ccnfsdu-redaktion.ble.de" />
+	<target host="datenzentrum.ble.de" />
+	<target host="elska.ble.de" />
+	<target host="www.elska.ble.de" />
+	<target host="extranet.ble.de" />
+	<target host="fileserver.ble.de" />
+	<target host="fisa-ext-devred.ble.de" />
+	<target host="fischbestaende-prered.ble.de" />
+	<target host="fischbestaende-redaktion.ble.de" />
+	<target host="in-form-devred.ble.de" />
+	<target host="in-form-prered.ble.de" />
+	<target host="in-form-redaktion.ble.de" />
+	<target host="info.ble.de" />
+	<target host="www.mvo.landesdaten.ble.de" />
+	<target host="mud-tierschutz-redaktion.ble.de" />
+	<target host="mvo-online.ble.de" />
+	<target host="nabima.ble.de" />
+	<target host="nabisy.ble.de" />
+	<target host="nap-pflanzenschutz-prered.ble.de" />
+	<target host="netzwerk-laendlicher-raum-redaktion.ble.de" />
+	<target host="oekolandbau-prered.ble.de" />
+	<target host="oekolandbau-redaktion.ble.de" />
+	<target host="open-data.ble.de" />
+	<target host="popen.ble.de" />
+	<target host="popen1.ble.de" />
+	<target host="quakonapp.ble.de" />
+	<target host="rms.ble.de" />
+	<target host="service.ble.de" />
+	<target host="thru-redaktion.ble.de" />
+
+	<!-- Invalid certificate on https://ble.de/
+	     http://ble.de/ redirects to http://www.blw.de/ -->
+	<rule from="^http://ble\.de/" to="https://www.ble.de/" />
+	<!-- Invalid certificate on https://www.elska.ble.de/
+	     http://www.elska.ble.de/ redirects to http://elska.ble.de/ -->
+	<rule from="^http://www\.elska\.ble\.de/" to="https://elska.ble.de/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/bleachbit.org.xml b/src/chrome/content/rules/bleachbit.org.xml
new file mode 100644
index 000000000000..43838b01ea55
--- /dev/null
+++ b/src/chrome/content/rules/bleachbit.org.xml
@@ -0,0 +1,14 @@
+<!--
+	Handshake failure on ^bleachbit.org
+-->
+<ruleset name="bleachbit.org">
+	<target host="bleachbit.org"/>
+	<target host="www.bleachbit.org"/>
+	<target host="docs.bleachbit.org"/>
+	<target host="download.bleachbit.org"/>
+
+	<rule from="^http://bleachbit\.org/"
+		to="https://www.bleachbit.org/" />
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/bleepingcomputer.com.xml b/src/chrome/content/rules/bleepingcomputer.com.xml
new file mode 100644
index 000000000000..1b553716720e
--- /dev/null
+++ b/src/chrome/content/rules/bleepingcomputer.com.xml
@@ -0,0 +1,18 @@
+<!--
+		Nonfunctional subdomains:
+			facebook.bleepingcomputer.com
+-->
+<ruleset name="BleepingComputer.com (partial)">
+
+	<target host="bleepingcomputer.com"/>
+	<target host="www.bleepingcomputer.com"/>
+	<target host="deals.bleepingcomputer.com"/>
+	<target host="download.bleepingcomputer.com"/>
+
+	<target host="bleepstatic.com"/>
+	<target host="www.bleepstatic.com"/>
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/blind.guru.xml b/src/chrome/content/rules/blind.guru.xml
new file mode 100644
index 000000000000..e1c395ebed4a
--- /dev/null
+++ b/src/chrome/content/rules/blind.guru.xml
@@ -0,0 +1,13 @@
+<!--
+	Invalid Security Certificate:
+		bmc.blind.guru
+-->
+<ruleset name="blind.guru">
+	<target host="blind.guru" />
+	<target host="www.blind.guru" />
+	<target host="mediatheken.blind.guru" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/blindseeker.com.xml b/src/chrome/content/rules/blindseeker.com.xml
new file mode 100644
index 000000000000..afc0c664d1f2
--- /dev/null
+++ b/src/chrome/content/rules/blindseeker.com.xml
@@ -0,0 +1,19 @@
+<!--
+	STS header includes includeSubdomains
+
+-->
+<ruleset name="Blindseeker.com">
+
+	<target host="blindseeker.com" />
+	<target host="*.blindseeker.com" />
+
+		<test url="http://www.blindseeker.com/" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/blinkt.de.xml b/src/chrome/content/rules/blinkt.de.xml
new file mode 100644
index 000000000000..8d9903cdaad9
--- /dev/null
+++ b/src/chrome/content/rules/blinkt.de.xml
@@ -0,0 +1,61 @@
+<!--
+	Invalid certificate:
+		blinkt.de
+		www.blinkt.de
+		apache.blinkt.de
+		dns2.blinkt.de
+		dyndns.blinkt.de
+		exchange.blinkt.de
+		schweden.blinkt.de
+		seafile.blinkt.de
+		skiron.dyndns.blinkt.de
+
+	Refused:
+		_autodiscover._tcp.blinkt.de
+		_kerberos._tcp.blinkt.de
+		_kerberos._udp.blinkt.de
+		_kpasswd._tcp.blinkt.de
+		_kpasswd._udp.blinkt.de
+		_ldap._tcp.blinkt.de
+		bellatrix.blinkt.de
+		beteigeuze.blinkt.de
+		dns.blinkt.de
+		gw.blinkt.de
+		gw-0.blinkt.de
+		gw-1.blinkt.de
+		hades.blinkt.de
+		home.blinkt.de
+		hermes.blinkt.de
+		mail.blinkt.de
+		mail4.blinkt.de
+		op.blinkt.de
+		openvpn.blinkt.de
+		openvpn4.blinkt.de
+		pan.blinkt.de
+		pbackup.blinkt.de
+		stheno.blinkt.de
+
+	Time out:
+		acra.blinkt.de
+		bellatrix-lom.blinkt.de
+		beteigeuze-lom.blinkt.de
+		eris.blinkt.de
+		heap.blinkt.de
+		hekate.blinkt.de
+		ifolder.blinkt.de
+		naghmey.blinkt.de
+		portal.blinkt.de
+		tetris.blinkt.de
+-->
+<ruleset name="blinkt.de (partial)">
+	<target host="cloud.blinkt.de" />
+	<target host="git.blinkt.de" />
+	<target host="hg.blinkt.de" />
+	<target host="ics-openvpn.blinkt.de" />
+	<target host="kamera.blinkt.de" />
+	<target host="svn.blinkt.de" />
+	<target host="webmail.blinkt.de" />
+	<target host="wiki.blinkt.de" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/blockchain-status.com.xml b/src/chrome/content/rules/blockchain-status.com.xml
new file mode 100644
index 000000000000..6e894ba50a8f
--- /dev/null
+++ b/src/chrome/content/rules/blockchain-status.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="blockchain-status.com">
+	<target host="blockchain-status.com" />
+	<target host="www.blockchain-status.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/blockchainbdgpzk.onion.xml b/src/chrome/content/rules/blockchainbdgpzk.onion.xml
new file mode 100644
index 000000000000..441526817a34
--- /dev/null
+++ b/src/chrome/content/rules/blockchainbdgpzk.onion.xml
@@ -0,0 +1,7 @@
+<ruleset name="blockchainbdgpzk.onion">
+	<target host="blockchainbdgpzk.onion" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/blogimg.jp.xml b/src/chrome/content/rules/blogimg.jp.xml
new file mode 100644
index 000000000000..6390a9dd51eb
--- /dev/null
+++ b/src/chrome/content/rules/blogimg.jp.xml
@@ -0,0 +1,10 @@
+<!--
+	Related rules:
+	- DLsite.com.xml
+-->
+
+<ruleset name="blogimg.jp">
+	<target host="dlsite.blogimg.jp" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/blogsmithmedia.com.xml b/src/chrome/content/rules/blogsmithmedia.com.xml
new file mode 100644
index 000000000000..b53ad4e8bccb
--- /dev/null
+++ b/src/chrome/content/rules/blogsmithmedia.com.xml
@@ -0,0 +1,36 @@
+<!--
+	For problematic rules, see AOL-mismatches.xml.
+
+	For other AOL coverage, see AOL.xml.
+
+	Non-functional subdomain:
+		- blogcdn.com	(could not resolve host)
+			- media		(certificate mismatch)
+		- blogsmithcdn.com	(could not resolve host)
+		- blogsmithmedia.com	(could not resolve host)
+			- www		(certificate mismatch)
+
+	CDN buckets:
+		- www.blogsmithcdn-ds.com.edgesuite.net
+
+			- www.blogcdn.com
+			- www.blogsmithcdn.com
+			- www.blogsmithmedia.com
+
+	^blogsmithmedia.com: 503, Akamai
+
+-->
+<ruleset name="blogsmithmedia.com (partial)">
+
+	<target host="www.blogcdn.com" />
+	<target host="go.blogcdn.com" />
+	<target host="s.blogcdn.com" />
+	<target host="www.blogsmithcdn.com" />
+	<target host="s.blogsmithmedia.com" />
+
+	<securecookie host="^\w" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/bloomsky.com.xml b/src/chrome/content/rules/bloomsky.com.xml
new file mode 100644
index 000000000000..5c37734aba96
--- /dev/null
+++ b/src/chrome/content/rules/bloomsky.com.xml
@@ -0,0 +1,37 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://maps.bloomsky.com/ => https://maps.bloomsky.com/: (60, 'SSL certificate problem: certificate has expired')
+
+	Non-functional subdomains:
+
+		- community		(mismatched, CN: *.squarespace.com, squarespace.com)
+		- sfbay			(connection refused)
+		- shop	 		(mismatched, CN: *.squarespace.com, squarespace.com)
+		- weatherlution.com	(handshake failure)
+
+	Mixed content:
+
+		- video from storage.googleapis.com *
+
+	* Secured by us.
+
+-->
+<ruleset name="Bloomsky (partial)" default_off="failed ruleset test">
+
+	<target host=          "bloomsky.com" />
+	<target host="dashboard.bloomsky.com" />
+	<target host=      "map.bloomsky.com" />
+	<target host=     "maps.bloomsky.com" />
+	<target host=      "www.bloomsky.com" />
+
+	<securecookie host="^(dashboard|map|maps|www)\.?bloomsky\.com$" name=".+" />
+
+	<!-- refused -->
+	<rule from="^http://bloomsky\.com/"
+		to="https://www.bloomsky.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/blubrry.com.xml b/src/chrome/content/rules/blubrry.com.xml
new file mode 100644
index 000000000000..f6c1af95cde4
--- /dev/null
+++ b/src/chrome/content/rules/blubrry.com.xml
@@ -0,0 +1,32 @@
+<!--
+	Other Blubrry rulesets:
+
+		- subscribeonandroid.com.xml
+
+
+	Nonfunctional hosts in *blubrry.com:
+
+		- create ᵃ
+
+	ᵃ Shows another domain
+
+-->
+<ruleset name="Blubrry.com (partial)">
+
+	<target host="blubrry.com" />
+	<target host="assets.blubrry.com" />
+	<target host="assets2.blubrry.com" />
+	<target host="secure.blubrry.com" />
+	<target host="www.blubrry.com" />
+
+		<test url="http://assets.blubrry.com/soa/BadgeLarge.png" />
+		<test url="http://assets2.blubrry.com/css/network.css" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/blueonyx.it.xml b/src/chrome/content/rules/blueonyx.it.xml
new file mode 100644
index 000000000000..e276e27cbc93
--- /dev/null
+++ b/src/chrome/content/rules/blueonyx.it.xml
@@ -0,0 +1,18 @@
+<!--
+blueonyx.it mismatch
+devel.blueonyx.it self signed
+shop.blueonyx.it mismatch
+compass.blueonyx.it protocol error
+mobile.blueonyx.it mismatch
+-->
+<ruleset name="blueonyx.it">
+	<target host="blueonyx.it" />
+	<target host="www.blueonyx.it" />
+	<target host="wiki.blueonyx.it" />
+	<target host="mail.blueonyx.it" />
+
+	<rule from="^http://blueonyx\.it/"
+		to="https://www.blueonyx.it/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/bmbf.de.xml b/src/chrome/content/rules/bmbf.de.xml
new file mode 100644
index 000000000000..04d789be11b8
--- /dev/null
+++ b/src/chrome/content/rules/bmbf.de.xml
@@ -0,0 +1,13 @@
+<ruleset name="BMBF.de">
+
+	<target host="bmbf.de" />
+	<target host="www.bmbf.de" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/bmel.de.xml b/src/chrome/content/rules/bmel.de.xml
new file mode 100644
index 000000000000..59d488a9b11f
--- /dev/null
+++ b/src/chrome/content/rules/bmel.de.xml
@@ -0,0 +1,32 @@
+<!--
+	Invalid certificate:
+		zukunftswerkstatt.bmel.de
+		www.zukunftswerkstatt.bmel.de
+
+	Timeout:
+		buel.bmel.de
+-->
+<ruleset name="Bundesministerium für Ernährung und Landwirtschaft">
+	<!-- Federal Ministry of Food and Agriculture -->
+
+	<target host="bmel.de" />
+	<target host="www.bmel.de" />
+	<target host="corporatedesign.bmel.de" />
+	<target host="www.corporatedesign.bmel.de" />
+	<target host="gdi.bmel.de" />
+	<target host="gdi-catalog.bmel.de" />
+	<target host="gdi-viewer.bmel.de" />
+	<target host="report.bmel.de" />
+	<target host="service.bmel.de" />
+	<target host="weinbaugeschichte.bmel.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<!-- Invalid certificate on https://bmel.de/,
+	http://bmel.de/ redirects to http://www.bmel.de/ -->
+	<rule from="^http://bmel\.de/"
+		to="https://www.bmel.de/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/bmf1.dk.xml b/src/chrome/content/rules/bmf1.dk.xml
new file mode 100644
index 000000000000..ee0168b5ea9b
--- /dev/null
+++ b/src/chrome/content/rules/bmf1.dk.xml
@@ -0,0 +1,6 @@
+<ruleset name="bmf1.dk">
+	<target host="bmf1.dk" />
+	<target host="www.bmf1.dk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/bmjv.de.xml b/src/chrome/content/rules/bmjv.de.xml
new file mode 100644
index 000000000000..9240fd17c936
--- /dev/null
+++ b/src/chrome/content/rules/bmjv.de.xml
@@ -0,0 +1,13 @@
+<ruleset name="Bundesministerium der Justiz und für Verbraucherschutz">
+	<!-- Federal Ministry of Justice and Consumer Protection -->
+
+	<target host="bmjv.de" />
+	<target host="www.bmjv.de" />
+	<target host="rosenburg.bmjv.de" />
+	<target host="www.rosenburg.bmjv.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/bmvi.de.xml b/src/chrome/content/rules/bmvi.de.xml
new file mode 100644
index 000000000000..532fdfb2ce67
--- /dev/null
+++ b/src/chrome/content/rules/bmvi.de.xml
@@ -0,0 +1,12 @@
+<!--
+    Nonfunctional subdomain:
+        - $
+        - bis        -> wrong domain
+        - jobboerse  -> wrong domain
+        - m          -> wrong domain
+-->
+<ruleset name="Bundesministerium für Verkehr und digitale Infrastruktur">
+    <target host="www.bmvi.de" />
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/bn.by.xml b/src/chrome/content/rules/bn.by.xml
new file mode 100644
index 000000000000..ce0db250ba31
--- /dev/null
+++ b/src/chrome/content/rules/bn.by.xml
@@ -0,0 +1,27 @@
+<!--
+borlib.bn.by non-2xx http code
+www.egypt.bn.by mismatch
+www.pedagog.bn.by mismatch
+www.mgpz.bn.by mismatch
+www.akorol.bn.by mismatch
+www.domrebenka.bn.by mismatch
+www.lyvs.bn.by mismatch
+www.belnetmon.bn.by mismatch
+www.kamazauto.bn.by mismatch
+www.netmon.bn.by mismatch
+www.mail.bn.by mismatch
+www.pkgazet.bn.by mismatch
+www.chessclub.bn.by mismatch
+www.medbiotech.bn.by mismatch
+pkgazet.bn.by different content
+samsonov.bn.by different content
+vozniukdesign.bn.by different content
+-->
+<ruleset name="bn.by">
+	<target host="bn.by" />
+	<target host="www.bn.by" />
+	<target host="en.bn.by" />
+	<target host="tld.bn.by" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/bnitm.de.xml b/src/chrome/content/rules/bnitm.de.xml
new file mode 100644
index 000000000000..a9fab6be4bd9
--- /dev/null
+++ b/src/chrome/content/rules/bnitm.de.xml
@@ -0,0 +1,13 @@
+<ruleset name="BNITM.de">
+
+	<target host="bnitm.de" />
+	<target host="www.bnitm.de" />
+		<exclusion pattern="^http://(www\.)?bnitm\.de/SEEIS201\d" />
+		<test url="http://bnitm.de/SEEIS2017" />
+		<test url="http://www.bnitm.de/SEEIS2017" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/bnkomi.ru.xml b/src/chrome/content/rules/bnkomi.ru.xml
new file mode 100644
index 000000000000..6206c820cafb
--- /dev/null
+++ b/src/chrome/content/rules/bnkomi.ru.xml
@@ -0,0 +1,14 @@
+<!-- blog. mismatch
+new. mismatch
+wwww. mismatch -->
+<ruleset name="bnkomi.ru">
+	<target host="www.bnkomi.ru" />
+	<target host="bnkomi.ru" />
+	<target host="m.bnkomi.ru" />
+	<target host="full.bnkomi.ru" />
+	<target host="f.bnkomi.ru" />
+	<target host="pda.bnkomi.ru" />
+	<rule from="^http://bnkomi\.ru/"
+		to="https://www.bnkomi.ru/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/bnl.gov.xml b/src/chrome/content/rules/bnl.gov.xml
new file mode 100644
index 000000000000..ee2e1123b95b
--- /dev/null
+++ b/src/chrome/content/rules/bnl.gov.xml
@@ -0,0 +1,158 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://fsd84.bis.bnl.gov/ => https://fsd84.bis.bnl.gov/: (35, 'Unknown SSL protocol error in connection to fsd84.bis.bnl.gov:443 ')
+Fetch error: http://www.cmth.bnl.gov/ => https://www.cmth.bnl.gov/: (51, "SSL: no alternative certificate subject name matches target host name 'www.cmth.bnl.gov'")
+Fetch error: http://drupal.bnl.gov/ => https://drupal.bnl.gov/: (6, 'Could not resolve host: drupal.bnl.gov')
+Fetch error: http://wiki.bnl.gov/ => https://wiki.bnl.gov/: (6, 'Could not resolve host: intranet.bnl.gov')
+
+	Brookhaven National Laboratory
+
+
+
+	Nonfunctional hosts in *bnl.gov:
+
+		- bugzilla ³
+		- www.cap ³
+		- dayabay ᵇ
+		- www.eic ²
+		- www.gim ³
+		- hq2008 ᵃ
+		- hq2010 ᵃ
+		- hq2012 ᵃ
+		- hq2014 ᵃ
+		- www.inst ³
+		- cts-demo.itd ³
+
+		- neutrons.phy ³
+		- tvdg10.phy ³
+		- www.phy ᵇ
+
+		- beamlines.ps ³
+		- staff.ps ³
+		- usersmeeting.ps ³
+
+		- qm2008 ᵃ
+		- www.rhichrome ᵈ
+		- www.roadrunners ³
+		- root ᵃ
+		- snews ¹
+		- sshtools ³
+		- training ⁵
+		- unix ³
+		- www.usatlas *
+		- www2 ³
+		- wx1 ⁵
+
+	* Redirects to sp.usatlas.bnl.gov
+	¹ 401
+	² 200 "you're likely here by mistake"
+	³ 403
+	⁵ 503
+	ᵃ Shows another domain
+	ᵇ Shows default page
+	ᵈ Dropped
+
+
+	Problematic hosts in *bnl.gov:
+
+		- openscience ᵐ
+		- www.phobos ᵈ
+		- quark.phy ᵘ
+
+	ᵈ Dropped
+	ᵐ Mismatched
+	ᵘ Untrusted root
+
+
+	These altnames do not exist:
+
+		- phenix.bnl.gov
+		- racf.bnl.gov
+		- star.bnl.gov
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- cfnproposals.bnl.gov
+		- discoverypark.bnl.gov
+		- .drupal.bnl.gov
+		- fom.bnl.gov
+		- mail.bnl.gov
+		- nsrl.bnl.gov
+		- www.racf.bnl.gov
+		- sbms.bnl.gov
+		- www.bnl.gov
+
+
+	Mixed content:
+
+		- Image on cfnproposals, www.cmth from www.bnl.gov ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="BNL.gov (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="bnl.gov" />
+	<target host="fsd84.bis.bnl.gov" />
+	<target host="cfnproposals.bnl.gov" />
+	<target host="www.cmth.bnl.gov" />
+	<target host="discoverypark.bnl.gov" />
+	<target host="drupal.bnl.gov" />
+	<target host="dune.bnl.gov" />
+	<target host="fom.bnl.gov" />
+	<target host="guestcentral.bnl.gov" />
+	<target host="lists.bnl.gov" />
+	<target host="mail.bnl.gov" />
+	<target host="nsrl.bnl.gov" />
+	<target host="www.phenix.bnl.gov" />
+	<target host="pubweb.bnl.gov" />
+	<target host="www.racf.bnl.gov" />
+	<target host="sbms.bnl.gov" />
+	<target host="www.star.bnl.gov" />
+	<target host="sp.usatlas.bnl.gov" />
+	<target host="wiki.bnl.gov" />
+	<target host="www.bnl.gov" />
+	<target host="www3.bnl.gov" />
+
+	<!--	Complications:
+				-->
+	<target host="www.phobos.bnl.gov" />
+
+		<!--	Does not redirect:
+						-->
+		<!--test url="http://www.phy.bnl.gov/e949/" /-->
+
+		<!--	Sets cookie without Secure:
+							-->
+		<!--test url="http://drupal.star.bnl.gov/STAR/webmaster" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.drupal\.bnl\.gov$" name="^SESS[\da-f]{32}$" /-->
+	<!--securecookie host="^discoverypark\.bnl\.gov$" name="^(?:BIGipServer|PHPSESSID$)" /-->
+	<!--securecookie host="^fom\.bnl\.gov$" name="^(?:LID|PASSCODE|USERNAME|fomlock_eid|fomlock_fomlock)$" /-->
+	<!--securecookie host="^mail\.bnl\.gov$" name="^(?:cadata|sessionid)$" /-->
+	<!--securecookie host="^nslr\.bnl\.gov$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^www\.racf\.bnl\.gov$" name="^l18N_LANGUAGE$" /-->
+	<!--securecookie host="^(?:cfnproposals|sbms|www)\.bnl\.gov$" name="^BIGipServer" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<!--	Redirect keeps path and args,
+		but not forward slash:
+					-->
+	<rule from="^http://www\.phobos\.bnl\.gov/+"
+		to="https://www.bnl.gov/phobos/" />
+
+		<test url="http://www.phobos.bnl.gov/index.htm" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/bnw.im.xml b/src/chrome/content/rules/bnw.im.xml
index 501ff22ea38a..65b2e8357bea 100644
--- a/src/chrome/content/rules/bnw.im.xml
+++ b/src/chrome/content/rules/bnw.im.xml
@@ -1,7 +1,15 @@
-<ruleset name="bnw">
+<ruleset name="bnw.im">
+
+	<!--	Direct rewrites:
+				-->
   <target host="bnw.im" />
+  <target host="meow.bnw.im" />
+
+	<!--	Complications:
+				-->
   <target host="www.bnw.im" />
 
-  <securecookie host="^bnw\.im$" name=".*" />
-  <rule from="^http://(www\.)?bnw\.im/" to="https://bnw.im/" />
+  <securecookie host="^bnw\.im$" name=".+" />
+  <rule from="^http://www\.bnw\.im/" to="https://bnw.im/" />
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/bnymellon.com.xml b/src/chrome/content/rules/bnymellon.com.xml
new file mode 100644
index 000000000000..512bda2d3855
--- /dev/null
+++ b/src/chrome/content/rules/bnymellon.com.xml
@@ -0,0 +1,96 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://talentcommunity.bnymellon.com/ => https://talentcommunity.bnymellon.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	The Bank of New York Mellon
+
+	Other The Bank of New York Mellon rulesets:
+
+		- accessedge.com.xml
+		- bnymellonim.com.xml
+
+
+	Nonfunctional hosts in *bnymellon.com:
+
+		- disclaimer ᵃ
+
+		- bnymellonwealthmanagement.extlb *
+		- melloninstitutional.extlb ᵈ
+		- www.orientalonline.extlb ʳ
+
+		- livewell ᵃ
+		- maintenance *
+		- workbench *
+
+	* Differs from http
+	ᵃ Shows another domain
+	ᵈ Dropped
+	ʳ Refused
+
+
+	Problematic hosts in *bnymellon.com:
+
+		- ^ ²
+		- www-accessedge.extlb ᶜ ᵐ
+		- www-bnymellonam.extlb ᵐ
+		- www-colsonservices.extlb ᵐ
+		- www-pershing.extlb3 ᵉ ᵐ
+
+	² 200 blank page; preemptable redirect
+	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
+	ᵉ Expired
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- info.bnymellon.com
+		- jobs.bnymellon.com
+
+-->
+<ruleset name="BNY Mellon.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="im.bnymellon.com" />
+	<target host="info.bnymellon.com" />
+	<target host="jobs.bnymellon.com" />
+	<target host="repoindex.bnymellon.com" />
+	<target host="im.qa.bnymellon.com" />
+	<target host="mmi.bnymellon.com" />
+	<target host="rufusgtabinaries.bnymellon.com" />
+	<target host="talentcommunity.bnymellon.com" />
+	<target host="www.bnymellon.com" />
+
+	<!--	Complications:
+				-->
+	<target host="bnymellon.com" />
+	<!--target host="www-accessedge.extlb.bnymellon.com" /-->
+	<target host="www-colsonservices.extlb.bnymellon.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^info\.bnymellon\.com$" name="^BIGipServer" /-->
+	<!--securecookie host="^jobs\.bnymellon\.com$" name="^(?:connect\.sid|i18n|jrasession|session_id)$" /-->
+
+	<securecookie host="^\." name="^_(?:_utm|gat?$|gat_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://bnymellon\.com/"
+		to="https://www.bnymellon.com/" />
+
+	<!--	Redirect drops all:
+					-->
+	<!--rule from="^http://www-accessedge\.extlb\.bnymellon\.com/.*"
+		to="https://www1.accessedge.com/" /-->
+
+	<rule from="^http://www-colsonservices\.extlb\.bnymellon\.com/"
+		to="https://www.colsonservices.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/bnymellonim.com.xml b/src/chrome/content/rules/bnymellonim.com.xml
new file mode 100644
index 000000000000..b8be8ee7f553
--- /dev/null
+++ b/src/chrome/content/rules/bnymellonim.com.xml
@@ -0,0 +1,33 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.bnymellonim.com/ => https://www.bnymellonim.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://bnymellonim.com/ => https://www.bnymellonim.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	For other Bank of New York Mellon coverage, see bnymellon.com.xml.
+
+
+	^bnymellonim.com: Dropped
+
+-->
+<ruleset name="BNY Mellonim.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.bnymellonim.com" />
+
+	<!--	Complications:
+				-->
+	<target host="bnymellonim.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://bnymellonim\.com/"
+		to="https://www.bnymellonim.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/boardreader.com.xml b/src/chrome/content/rules/boardreader.com.xml
new file mode 100644
index 000000000000..2acfbe0ac0f5
--- /dev/null
+++ b/src/chrome/content/rules/boardreader.com.xml
@@ -0,0 +1,24 @@
+<!--
+	Non-functional domains:
+		devtools.boardreader.com (issue with certificate chain)
+
+	Redirect to HTTP:
+		support.boardreader.com
+
+	Time out:
+		clients.boardreader.com
+		dev01.boardreader.com
+		forum.boardreader.com
+		spider5.boardreader.com
+-->
+<ruleset name="boardreader.com">
+	<target host="boardreader.com" />
+	<target host="www.boardreader.com" />
+	<target host="api.boardreader.com" />
+	<target host="apidemo.boardreader.com" />
+	<target host="icons.boardreader.com" />
+	<target host="manage.boardreader.com" />
+	<target host="zabbix.boardreader.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/boburnham.com.xml b/src/chrome/content/rules/boburnham.com.xml
new file mode 100644
index 000000000000..d5db40254e1c
--- /dev/null
+++ b/src/chrome/content/rules/boburnham.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="boburnham.com">
+	<target host="boburnham.com" />
+	<target host="www.boburnham.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/boell.org.xml b/src/chrome/content/rules/boell.org.xml
new file mode 100644
index 000000000000..b48abac1abaa
--- /dev/null
+++ b/src/chrome/content/rules/boell.org.xml
@@ -0,0 +1,41 @@
+<ruleset name="Boell.org">
+
+	<target host="boell.org" />
+	<target host="af.boell.org" />
+	<target host="ba.boell.org" />
+	<target host="br.boell.org" />
+	<target host="cl.boell.org" />
+	<target host="cn.boell.org" />
+	<target host="cz.boell.org" />
+	<target host="ge.boell.org" />
+	<target host="gr.boell.org" />
+	<target host="il.boell.org" />
+	<target host="in.boell.org" />
+	<target host="ke.boell.org" />
+	<target host="kh.boell.org" />
+	<target host="lb.boell.org" />
+	<target host="ma.boell.org" />
+	<target host="mm.boell.org" />
+	<target host="mx.boell.org" />
+	<target host="ng.boell.org" />
+	<target host="pk.boell.org" />
+	<target host="pl.boell.org" />
+	<target host="ps.boell.org" />
+	<target host="rs.boell.org" />
+	<target host="ru.boell.org" />
+	<target host="th.boell.org" />
+	<target host="tn.boell.org" />
+	<target host="tr.boell.org" />
+	<target host="ua.boell.org" />
+	<target host="us.boell.org" />
+	<target host="www.boell.org" />
+	<target host="za.boell.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/boerse.to.xml b/src/chrome/content/rules/boerse.to.xml
new file mode 100644
index 000000000000..ab962dfa1956
--- /dev/null
+++ b/src/chrome/content/rules/boerse.to.xml
@@ -0,0 +1,10 @@
+<ruleset name="Boerse.to">
+
+    <target host="boerse.to"/>
+    <target host="www.boerse.to"/>
+
+    <securecookie host="^(www\.)?boerse\.to" name=".+" />
+
+    <rule from="^http:" to="https:"/>
+
+</ruleset>
diff --git a/src/chrome/content/rules/boincstats.com.xml b/src/chrome/content/rules/boincstats.com.xml
new file mode 100644
index 000000000000..4668b79e6f8c
--- /dev/null
+++ b/src/chrome/content/rules/boincstats.com.xml
@@ -0,0 +1,39 @@
+<!--
+	Invalid certificate:
+		am.boincstats.com
+		cn.boincstats.com
+		de.boincstats.com
+		fi.boincstats.com
+		lt.boincstats.com
+		ct.boincstats.com
+		cz.boincstats.com
+		de.boincstats.com
+		es.boincstats.com
+		www.es.boincstats.com
+		fi.boincstats.com
+		www.fi.boincstats.com
+		fr.boincstats.com
+		it.boincstats.com
+		jp.boincstats.com
+		kr.boincstats.com
+		www.lt.boincstats.com
+		mobile.boincstats.com
+		nl.boincstats.com
+		pizza.boincstats.com
+		www.pl.boincstats.com
+		ro.boincstats.com
+		ru.boincstats.com
+		se.boincstats.com
+		tr.boincstats.com
+		tw.boincstats.com
+		www.tw.boincstats.com
+-->
+<ruleset name="boincstats.com (partial)">
+
+	<target host="boincstats.com"/>
+	<target host="www.boincstats.com"/>
+	<target host="bam.boincstats.com"/>
+	<target host="classic.boincstats.com"/>
+
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/bolton.gov.uk.xml b/src/chrome/content/rules/bolton.gov.uk.xml
new file mode 100644
index 000000000000..bfec779a62b8
--- /dev/null
+++ b/src/chrome/content/rules/bolton.gov.uk.xml
@@ -0,0 +1,61 @@
+<!--
+	Bolton Metropolitan Borough Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *bolton.gov.uk:
+
+		- (www.)? ᵈ
+		- (www.)?democracy ᶠ
+		- www.localdirectory ᶠ
+		- www.publicart ᶠ
+		- blog.sict ᵈ
+		- esafety.sict ᵈ
+
+	ᵈ Dropped
+	ᶠ Handshake fails
+
+
+	These altnames do not exist:
+
+		- pa.bolton.gov.uk
+		- planningpa.bolton.gov.uk
+
+
+	Insecure cookies are set for these hosts:
+
+		- maps.bolton.gov.uk
+
+-->
+<ruleset name="Bolton.gov.uk (partial)">
+
+	<target host="ems.bolton.gov.uk" />
+	<target host="maps.bolton.gov.uk" />
+	<target host="payments.bolton.gov.uk" />
+	<target host="www.payments.bolton.gov.uk" />
+	<target host="www.planningpa.bolton.gov.uk" />
+	<target host="selfserve.bolton.gov.uk" />
+	<target host="taxandbenefits.bolton.gov.uk" />
+	<target host="www.taxandbenefits.bolton.gov.uk" />
+
+		<!--	$ 403s, so:
+					-->
+		<test url="http://selfserve.bolton.gov.uk/CitizenPortal/Form.aspx?form=LD_Feedback&amp;tmpl=ldtemplate" />
+
+		<!--	$ redirects to 404, so:
+						-->
+		<test url="http://www.taxandbenefits.bolton.gov.uk/publicaccesslive/selfservice/dashboard.htm" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^maps\.bolton\.gov\.uk$" name="^(?:ASP\.NET_SessionId|atLocation|atMyCouncil|astun|astun:currentLocation)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/bookfusion.com.xml b/src/chrome/content/rules/bookfusion.com.xml
new file mode 100644
index 000000000000..a566d9faf989
--- /dev/null
+++ b/src/chrome/content/rules/bookfusion.com.xml
@@ -0,0 +1,31 @@
+<!--
+	Nonfunctional hosts in *bookfusion.com:
+
+		- blog ʳ
+
+	ʳ Refused
+
+
+	Insecure cookies are set for these hosts:
+
+		- bookfusion.com
+		- www.bookfusion.com
+
+-->
+<ruleset name="BookFusion.com (partial)">
+
+	<target host="bookfusion.com" />
+	<target host="www.bookfusion.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?bookfusion\.com$" name="^NB_SRVID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/bookit.nl.xml b/src/chrome/content/rules/bookit.nl.xml
new file mode 100644
index 000000000000..c3593ccf3189
--- /dev/null
+++ b/src/chrome/content/rules/bookit.nl.xml
@@ -0,0 +1,23 @@
+<!--
+	Other Bookit rulesets:
+
+		- bungalows.nl.xml
+		- Holidaybreak.xml
+		- superbreak.com.xml
+		- weekendjeweg.nl.xml
+
+-->
+<ruleset name="Bookit.nl">
+
+	<target host="bookit.nl"/>
+	<target host="over.bookit.nl"/>
+	<target host="www.bookit.nl"/>
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/bookitsecure.com.xml b/src/chrome/content/rules/bookitsecure.com.xml
new file mode 100644
index 000000000000..e50ab702d6df
--- /dev/null
+++ b/src/chrome/content/rules/bookitsecure.com.xml
@@ -0,0 +1,17 @@
+<!--
+	(www.)?bookitsecure.com does not exist.
+
+-->
+<ruleset name="BookIt Secure.com">
+
+	<target host="bookings.bookitsecure.com" />
+	<target host="business.bookitsecure.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/booksera.net.xml b/src/chrome/content/rules/booksera.net.xml
new file mode 100644
index 000000000000..3ca35e3a24d2
--- /dev/null
+++ b/src/chrome/content/rules/booksera.net.xml
@@ -0,0 +1,8 @@
+<ruleset name="booksera.net">
+	<target host="booksera.net" />
+	<target host="www.booksera.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/bookware3000.ca.xml b/src/chrome/content/rules/bookware3000.ca.xml
new file mode 100644
index 000000000000..69c7e2384367
--- /dev/null
+++ b/src/chrome/content/rules/bookware3000.ca.xml
@@ -0,0 +1,20 @@
+<ruleset name="Bookware3000">
+	<target host="*.bookware3000.ca" />
+
+	<securecookie host="^([\w-]+)\.bookware3000\.ca$" name=".+" />
+
+	<test url="http://www.bookware3000.ca/" />
+	<test url="http://conestoga.bookware3000.ca/" />
+	<test url="http://mun.bookware3000.ca/" />
+	<test url="http://baconandhughes.bookware3000.ca/" />
+	<test url="http://lakehead.bookware3000.ca/" />
+	<test url="http://gbcbookstore.bookware3000.ca/" />
+	<test url="http://englishcentral.bookware3000.ca/" />
+	<test url="http://canbead.bookware3000.ca/" />
+
+	<rule from="^http://([\w-]+)\.bookware3000\.ca/"
+		to="https://$1.bookware3000.ca/" />
+
+	<!-- Invalid common name, certificate from *.fastlanepos.ca. -->
+	<exclusion pattern="^http://canbead\.bookware3000\.ca/" />
+</ruleset>
diff --git a/src/chrome/content/rules/boomstarter.ru.xml b/src/chrome/content/rules/boomstarter.ru.xml
new file mode 100644
index 000000000000..9502f188a398
--- /dev/null
+++ b/src/chrome/content/rules/boomstarter.ru.xml
@@ -0,0 +1,17 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://www.boomstarter.ru/ (200) => https://www.boomstarter.ru/ (410)
+
+gifts.boomstarter.ru nonexist
+
+
+-->
+<ruleset name="boomstarter.ru" default_off="failed ruleset test">
+	<target host="boomstarter.ru" />
+	<target host="www.boomstarter.ru" />
+	<target host="ipo.boomstarter.ru" />
+	<target host="webinars.boomstarter.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/boredofstudies.org.xml b/src/chrome/content/rules/boredofstudies.org.xml
new file mode 100644
index 000000000000..2caa9778deae
--- /dev/null
+++ b/src/chrome/content/rules/boredofstudies.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="boredofstudies.org" platform="mixedcontent">
+	<target host="boredofstudies.org" />
+	<target host="www.boredofstudies.org" />
+	<target host="campaigns.boredofstudies.org" />
+	<target host="community.boredofstudies.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/bosfera.ru.xml b/src/chrome/content/rules/bosfera.ru.xml
new file mode 100644
index 000000000000..7fc11b61beaa
--- /dev/null
+++ b/src/chrome/content/rules/bosfera.ru.xml
@@ -0,0 +1,12 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://bosfera.bosfera.ru/ => https://bosfera.bosfera.ru/: (6, 'Could not resolve host: bosfera.bosfera.ru')
+
+-->
+<ruleset name="bosfera.ru" platform="mixedcontent" default_off="failed ruleset test">
+	<target host="bosfera.ru" />
+	<target host="www.bosfera.ru" />
+	<target host="bosfera.bosfera.ru" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/bosslinux.in.xml b/src/chrome/content/rules/bosslinux.in.xml
new file mode 100644
index 000000000000..dfdccb6d86d4
--- /dev/null
+++ b/src/chrome/content/rules/bosslinux.in.xml
@@ -0,0 +1,8 @@
+<!--mirror. refused
+wiki. mismatch
+bugzilla. mismatch-->
+<ruleset name="bosslinux.in">
+	<target host="bosslinux.in" />
+	<target host="www.bosslinux.in" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/boundarydevices.com.xml b/src/chrome/content/rules/boundarydevices.com.xml
new file mode 100644
index 000000000000..b55874cf0fac
--- /dev/null
+++ b/src/chrome/content/rules/boundarydevices.com.xml
@@ -0,0 +1,21 @@
+<!--
+	Mixed content:
+
+		- css from fonts.googleapis.com ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="Boundary Devices.com">
+
+	<target host="boundarydevices.com" />
+	<target host="www.boundarydevices.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/bowenpress.com.xml b/src/chrome/content/rules/bowenpress.com.xml
new file mode 100644
index 000000000000..25dc8d356d89
--- /dev/null
+++ b/src/chrome/content/rules/bowenpress.com.xml
@@ -0,0 +1,18 @@
+<!--
+	MCB:
+		At startpage and articles:
+		Blocked loading mixed active content:
+		http://bowenpress.com/wp-includes/js/wp-emoji-release.min.js?ver=38ffcb010cdcad34dc198930f46c20b1
+		http://bowenpress.com/wp-admin/admin-ajax.php
+		However, No function is broken.
+-->
+
+<ruleset name="bowenpress.com (MCB)">
+
+	<target host="bowenpress.com" />
+	<target host="ww.bowenpress.com" />
+	<target host="www.bowenpress.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/bower.io.xml b/src/chrome/content/rules/bower.io.xml
new file mode 100644
index 000000000000..16255c9e6290
--- /dev/null
+++ b/src/chrome/content/rules/bower.io.xml
@@ -0,0 +1,6 @@
+<ruleset name="bower.io">
+	<target host="bower.io" />
+	<target host="www.bower.io" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/boxun.com.xml b/src/chrome/content/rules/boxun.com.xml
new file mode 100644
index 000000000000..8e2933105d6f
--- /dev/null
+++ b/src/chrome/content/rules/boxun.com.xml
@@ -0,0 +1,16 @@
+<!--
+	MCB:
+		- en
+-->
+
+<ruleset name="boxun.com">
+
+	<target host="boxun.com" />
+	<target host="bbs.boxun.com" />
+	<target host="blog.boxun.com" />
+	<target host="news.boxun.com" />
+	<target host="www.boxun.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/bpb.de.xml b/src/chrome/content/rules/bpb.de.xml
new file mode 100644
index 000000000000..e5b19b01a575
--- /dev/null
+++ b/src/chrome/content/rules/bpb.de.xml
@@ -0,0 +1,17 @@
+<!--
+	Refused:
+		sicherheitspolitik.bpb.de
+
+	Mismatch:
+		theaterfestival.bpb.de
+		snp.bpb.de
+		werkstatt.bpb.de
+-->
+<ruleset name="bpb.de">
+	<target host="bpb.de"/>
+	<target host="www.bpb.de"/>
+	<target host="kurz.bpb.de"/>
+
+	<rule from="^http:"
+		to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/bplaced.xml b/src/chrome/content/rules/bplaced.xml
new file mode 100644
index 000000000000..101479eec8ce
--- /dev/null
+++ b/src/chrome/content/rules/bplaced.xml
@@ -0,0 +1,22 @@
+<!--
+
+	Non-functional subdomain:
+		- forum
+
+-->
+
+<ruleset name="bplaced">
+
+	<target host=    "bplaced.net" />
+	<target host="www.bplaced.net" />
+
+  	<securecookie host="^www\.bplaced\.net$" name=".+" />
+
+	<rule from="^http://bplaced\.net/"
+		to="https://www.bplaced.net/" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/bpsshop.org.uk.xml b/src/chrome/content/rules/bpsshop.org.uk.xml
new file mode 100644
index 000000000000..2ad77e651295
--- /dev/null
+++ b/src/chrome/content/rules/bpsshop.org.uk.xml
@@ -0,0 +1,21 @@
+<!--
+	For other BPS coverage, see BPS.xml.
+
+
+	(www.)?bpsshop.org.uk: refused
+
+-->
+<ruleset name="BPS Shop.org.uk">
+
+	<target host="bpsshop.org.uk"/>
+	<target host="www.bpsshop.org.uk"/>
+
+
+	<!--	Redirect drops all:
+					-->
+	<rule from="^http://(?:www\.)?bpsshop\.org\.uk/.*"
+		to="https://shop.bps.org.uk/" />
+
+		<test url="http://www.bpsshop.org.uk/onestepcheckout/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/bracknell-forest.gov.uk.xml b/src/chrome/content/rules/bracknell-forest.gov.uk.xml
new file mode 100644
index 000000000000..a427fa12038f
--- /dev/null
+++ b/src/chrome/content/rules/bracknell-forest.gov.uk.xml
@@ -0,0 +1,86 @@
+<!--
+	Bracknell Forest Borough Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *bracknell-forest.gov.uk:
+
+		- (www.)? ʳ
+		- benefitchoices ʳ
+		- business ʳ
+		- childrenssocialcare ʳ
+		- ihub ᵃ
+		- jsna ʳ
+		- schools ʳ
+		- statsshare ⁵
+
+	⁵ 504
+	ᵃ Shows another domain
+	ʳ Refused
+
+
+	Problematic hosts in *bracknell-forest.gov.uk:
+
+		- consult ᵐ
+		- digitalservices ᵐ
+		- maps ᶜ ᵉ
+
+	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
+	ᵉ Expired
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- democratic.bracknell-forest.gov.uk
+		- forms.bracknell-forest.gov.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- iframe on consult from www.youtube.com ˢ
+		- css on maps from $self
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Bracknell-Forest.gov.uk (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="democratic.bracknell-forest.gov.uk" />
+	<target host="forms.bracknell-forest.gov.uk" />
+	<target host="my.bracknell-forest.gov.uk" />
+	<target host="oneservices.bracknell-forest.gov.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="consult.bracknell-forest.gov.uk" />
+
+		<test url="http://my.bracknell-forest.gov.uk/gov3Apps/public_website/core/css/ie.css" />
+
+		<!--	Mixed css:
+					-->
+		<!--test url="http://maps.bracknell-forest.gov.uk/LocalView/Sites/Public/" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^democratic\.bracknell-forest\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^forms\.bracknell-forest\.gov\.uk$" name="^(?:AWSELB|firmstep2se(?:ssion|rver))$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://consult\.bracknell-forest\.gov\.uk/"
+		to="https://bracknell-forest-consult.objective.co.uk/" />
+
+		<test url="http://consult.bracknell-forest.gov.uk/portal/contact_us" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/bragazeta.ru.xml b/src/chrome/content/rules/bragazeta.ru.xml
new file mode 100644
index 000000000000..5d3b65aa5041
--- /dev/null
+++ b/src/chrome/content/rules/bragazeta.ru.xml
@@ -0,0 +1,5 @@
+<ruleset name="bragazeta.ru">
+	<target host="bragazeta.ru" />
+	<target host="www.bragazeta.ru" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/brandhk.gov.hk.xml b/src/chrome/content/rules/brandhk.gov.hk.xml
new file mode 100644
index 000000000000..1f6b90a92431
--- /dev/null
+++ b/src/chrome/content/rules/brandhk.gov.hk.xml
@@ -0,0 +1,13 @@
+<!--
+	For other HK government coverage, see GovHK.xml.
+
+	Mismatch:
+		- brandhk.gov.hk
+-->
+<ruleset name="brandhk.gov.hk">
+	<target host="brandhk.gov.hk" />
+	<target host="www.brandhk.gov.hk" />
+
+	<rule from="^http://(www\.)?brandhk\.gov\.hk/"
+		to="https://www.brandhk.gov.hk/" />
+</ruleset>
diff --git a/src/chrome/content/rules/brassring.com.xml b/src/chrome/content/rules/brassring.com.xml
new file mode 100644
index 000000000000..22a280d71c04
--- /dev/null
+++ b/src/chrome/content/rules/brassring.com.xml
@@ -0,0 +1,26 @@
+<!--
+	For other IBM coverage, see IBM.xml.
+
+
+	(www.)?brassring.com: Dropped over http & https
+
+-->
+<ruleset name="BrassRing.com">
+
+	<target host="agency.brassring.com" />
+	<target host="jobs.brassring.com" />
+	<target host="krb-jobs.brassring.com" />
+	<target host="krb-sjobs.brassring.com" />
+	<target host="sjobs.brassring.com" />
+	<target host="trm.brassring.com" />
+	<target host="trm128.brassring.com" />
+	<target host="xjobs.brassring.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/breadwallet.com.xml b/src/chrome/content/rules/breadwallet.com.xml
new file mode 100644
index 000000000000..aa886d3fc972
--- /dev/null
+++ b/src/chrome/content/rules/breadwallet.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="breadwallet.com">
+	<target host="breadwallet.com" />
+	<target host="www.breadwallet.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/breakingmuscle.com.xml b/src/chrome/content/rules/breakingmuscle.com.xml
new file mode 100644
index 000000000000..fe27b13798bd
--- /dev/null
+++ b/src/chrome/content/rules/breakingmuscle.com.xml
@@ -0,0 +1,44 @@
+<!--
+	These altnames do not exist:
+
+		- www.members.breakingmuscle.com
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- shop.breakingmuscle.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Bug on ^ from vma.tgdaily.net ⁴
+
+	⁴ Unsecurable <= 404
+
+-->
+<ruleset name="Breaking Muscle.com">
+
+	<target host="breakingmuscle.com" />
+	<target host="coachesonly.breakingmuscle.com" />
+	<target host="members.breakingmuscle.com" />
+	<target host="shop.breakingmuscle.com" />
+	<target host="static.breakingmuscle.com" />
+	<target host="training.breakingmuscle.com" />
+	<target host="www.breakingmuscle.com" />
+
+		<test url="http://static.breakingmuscle.com/sites/all/themes/bmwhitefluid/images/iconsbw.png" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^shop\.breakingmuscle\.com$" name="^(?:_landing_page|_orig_referrer|cart_sig)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/breakingviews.com.xml b/src/chrome/content/rules/breakingviews.com.xml
new file mode 100644
index 000000000000..b727ad34a89d
--- /dev/null
+++ b/src/chrome/content/rules/breakingviews.com.xml
@@ -0,0 +1,29 @@
+<!--
+	For other Thomson Reuters coverage, see Thomson-Reuters.xml.
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.breakingviews.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Breakingviews.com">
+
+	<target host="breakingviews.com" />
+	<target host="www.breakingviews.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.breakingviews\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/brew.sh.xml b/src/chrome/content/rules/brew.sh.xml
new file mode 100644
index 000000000000..bfb33e19cd8a
--- /dev/null
+++ b/src/chrome/content/rules/brew.sh.xml
@@ -0,0 +1,17 @@
+<!--
+	Connection refused:
+		bot.brew.sh
+
+	Invalid certificate:
+		docs.brew.sh
+		jenkins.brew.sh (incomplete certificate chain)
+
+-->
+
+<ruleset name="brew.sh">
+	<target host="brew.sh" />
+	<target host="www.brew.sh" />
+	<target host="discourse.brew.sh" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/brianchristner.io.xml b/src/chrome/content/rules/brianchristner.io.xml
new file mode 100644
index 000000000000..2703cb045134
--- /dev/null
+++ b/src/chrome/content/rules/brianchristner.io.xml
@@ -0,0 +1,14 @@
+<ruleset name="BrianChristner.io">
+
+	<target host="brianchristner.io" />
+	<target host="www.brianchristner.io" />
+
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/bridgend.gov.uk.xml b/src/chrome/content/rules/bridgend.gov.uk.xml
new file mode 100644
index 000000000000..5a6e36af8232
--- /dev/null
+++ b/src/chrome/content/rules/bridgend.gov.uk.xml
@@ -0,0 +1,72 @@
+<!--
+	Bridgend County Borough Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *bridgend.gov.uk:
+
+		- archmglisol ʳ
+		- bees ʳ
+		- bga ʳ
+		- business ʳ
+		- ccyd ʳ
+		- ldp ʳ
+		- www ʳ
+		- www1 ʳ
+		- yggmoodle ᵖ
+
+	ᵖ Plaintext reply
+	ʳ Refused
+
+
+	Problematic hosts in *bridgend.gov.uk:
+
+		- moodle ᵉ ˣ
+
+	ᵉ Expired
+	ˣ Mixed css, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- democratic.bridgend.gov.uk
+		- edupassport.bridgend.gov.uk
+		- moodle.bridgend.gov.uk
+		- remote.bridgend.gov.uk
+		- slgstatus.bridgend.gov.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css on moodle from $self
+		- Images on moodle from $self
+
+-->
+<ruleset name="Bridgend.gov.uk (partial)">
+
+	<target host="democratic.bridgend.gov.uk" />
+	<target host="edulink.bridgend.gov.uk" />
+	<target host="edupassport.bridgend.gov.uk" />
+	<target host="jobs.bridgend.gov.uk" />
+	<target host="remote.bridgend.gov.uk" />
+	<target host="slg.bridgend.gov.uk" />
+	<target host="slgstatus.bridgend.gov.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:democratic|slgstatus)\.bridgend\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^edupassport\.bridgend\.gov\.uk$" name="^NSC_(?:ESNS|PERS|TEMP)$" /-->
+	<!--securecookie host="^moodle\.bridgend\.gov\.uk$" name="^(?:MOODLEID|MoodleSession|MoodleSessionTest)$" /-->
+	<!--securecookie host="^remote\.bridgend\.gov\.uk$" name="^NSC_(?:ESNS|PERS|TEMP|TMAA)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/brieflaufzeiten.de.xml b/src/chrome/content/rules/brieflaufzeiten.de.xml
new file mode 100644
index 000000000000..5d708bea64ab
--- /dev/null
+++ b/src/chrome/content/rules/brieflaufzeiten.de.xml
@@ -0,0 +1,8 @@
+<ruleset name="Brieflaufzeiten.de">
+
+	<target host="brieflaufzeiten.de" />
+	<target host="www.brieflaufzeiten.de" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/bristol.gov.uk.xml b/src/chrome/content/rules/bristol.gov.uk.xml
new file mode 100644
index 000000000000..ed413e1c5c99
--- /dev/null
+++ b/src/chrome/content/rules/bristol.gov.uk.xml
@@ -0,0 +1,190 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www2.bristol.gov.uk/CommunityCentreViewer => https://www2.bristol.gov.uk/CommunityCentreViewer: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www2.bristol.gov.uk/CouncillorComponent => https://www2.bristol.gov.uk/CouncillorComponent: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www2.bristol.gov.uk/CouncillorFinder => https://www2.bristol.gov.uk/CouncillorFinder: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www2.bristol.gov.uk/WardFinder => https://www2.bristol.gov.uk/WardFinder: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www2.bristol.gov.uk/ccm-ldn-theme/__ccm__/themes-prod/bristol/css/bcc.css => https://www2.bristol.gov.uk/ccm-ldn-theme/__ccm__/themes-prod/bristol/css/bcc.css: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www2.bristol.gov.uk/committeeMeetingFinder => https://www2.bristol.gov.uk/committeeMeetingFinder: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www2.bristol.gov.uk/form/ashton-court-mansion/ashton-court-mansion-contact-us => https://www2.bristol.gov.uk/form/ashton-court-mansion/ashton-court-mansion-contact-us: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www2.bristol.gov.uk/form/city-hall/enquiry-form => https://www2.bristol.gov.uk/form/city-hall/enquiry-form: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www2.bristol.gov.uk/form/jobs-and-training/training-booking-form => https://www2.bristol.gov.uk/form/jobs-and-training/training-booking-form: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www2.bristol.gov.uk/item/wardfinder.html?wardlinks=election => https://www2.bristol.gov.uk/item/wardfinder.html?wardlinks=election: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www2.bristol.gov.uk/misc/menu-leaf.png => https://www2.bristol.gov.uk/misc/menu-leaf.png: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www2.bristol.gov.uk/modules/node/node.css => https://www2.bristol.gov.uk/modules/node/node.css: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www2.bristol.gov.uk/news/bristol-legal/solar-flare => https://www2.bristol.gov.uk/news/bristol-legal/solar-flare: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www2.bristol.gov.uk/sites/all/modules/contributed/views_slideshow/views_slideshow.css => https://www2.bristol.gov.uk/sites/all/modules/contributed/views_slideshow/views_slideshow.css: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://bristol.gov.uk/ => https://bristol.gov.uk/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Non-2xx HTTP code: http://adultlearning.bristol.gov.uk/ (200) => https://adultlearning.bristol.gov.uk/ (502)
+Fetch error: http://www2.bristol.gov.uk/ => https://www2.bristol.gov.uk/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	Bristol City Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *bristol.gov.uk:
+
+		- email ᶠ
+		- epetitions ᵇ
+		- museums ʳ
+		- planningonline *
+		- profile *
+		- volunteerteam ᵃ
+
+	* Redirects to s://email
+	ᵃ Shows another domain
+	ᵇ Shows default page
+	ᶠ Handshake fails
+	ʳ Refused
+
+
+	Problematic hosts in *bristol.gov.uk:
+
+		- efsm *
+		- news ᵐ
+		- style ᵐ
+
+	* pls/apex/f?p=101:1 redirects to http
+	ᵐ Mismatched
+
+
+	Partially covered hosts in *bristol.gov.uk:
+
+		- www2 ʰ
+
+	ʰ Some pages redirect to http
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- .bristol.gov.uk
+		- adultlearning.bristol.gov.uk
+		- ctstatements.bristol.gov.uk
+		- efsm.bristol.gov.uk
+		- emso.bristol.gov.uk
+		- id.bristol.gov.uk
+		- jobs.bristol.gov.uk
+		- maps.bristol.gov.uk
+		- news.bristol.gov.uk
+		- opendata.bristol.gov.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Image on news from presspage-production-content.s3.amazonaws.com
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Bristol.gov.uk (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="bristol.gov.uk" />
+	<target host="adultlearning.bristol.gov.uk" />
+	<target host="cp.bristol.gov.uk" />
+	<target host="ctstatements.bristol.gov.uk" />
+	<target host="democracy.bristol.gov.uk" />
+	<target host="emso.bristol.gov.uk" />
+	<target host="jobs.bristol.gov.uk" />
+	<target host="maps.bristol.gov.uk" />
+	<target host="opendata.bristol.gov.uk" />
+	<target host="parkingappeals.bristol.gov.uk" />
+	<target host="services.bristol.gov.uk" />
+	<target host="webmail.bristol.gov.uk" />
+	<target host="www.bristol.gov.uk" />
+	<target host="www2.bristol.gov.uk" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www2\.bristol\.gov\.uk/(?:LocalElectionViewer$|LocalElectionViewer2016$|nav/|node/\d+$|page/)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www2\.bristol\.gov\.uk/(?!/*(?:$|\?|(?:CommunityCentreViewer|CouncillorComponent|CouncillorFinder|WardFinder|committeeMeetingFinder)/*(?:$|\?)|ccm-ldn-theme/|form/|item/wardfinder\.html|misc/|modules/|news/|sites/))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www2.bristol.gov.uk/LocalElectionViewer" />
+			<test url="http://www2.bristol.gov.uk/LocalElectionViewer2016" />
+			<test url="http://www2.bristol.gov.uk/nav/ashton-court-mansion" />
+			<test url="http://www2.bristol.gov.uk/nav/bristol-legal" />
+			<test url="http://www2.bristol.gov.uk/nav/bristol-property-board" />
+			<test url="http://www2.bristol.gov.uk/node/23647" />
+			<test url="http://www2.bristol.gov.uk/page/ashton-court-mansion/special-offers" />
+			<test url="http://www2.bristol.gov.uk/page/bristol-legal/compulsory-purchase" />
+			<test url="http://www2.bristol.gov.uk/page/bristol-legal/contact-us" />
+			<test url="http://www2.bristol.gov.uk/page/bristol-legal/general-procurement" />
+			<test url="http://www2.bristol.gov.uk/page/bristol-legal/legal-assistants" />
+			<test url="http://www2.bristol.gov.uk/page/bristol-legal/policies-and-procedures" />
+			<test url="http://www2.bristol.gov.uk/page/bristol-property-board/current-opportunities" />
+			<test url="http://www2.bristol.gov.uk/page/bristol-property-board/stakeholder-contacts" />
+			<test url="http://www2.bristol.gov.uk/page/bristol-property-board/which-assets-are-owned-public-sector" />
+			<test url="http://www2.bristol.gov.uk/page/city-hall/contact" />
+			<test url="http://www2.bristol.gov.uk/page/city-hall/council-chamber" />
+			<test url="http://www2.bristol.gov.uk/page/city-hall/directions-city-hall" />
+			<test url="http://www2.bristol.gov.uk/page/city-hall/foyer" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www2.bristol.gov.uk/CommunityCentreViewer" />
+			<test url="http://www2.bristol.gov.uk/CouncillorComponent" />
+			<test url="http://www2.bristol.gov.uk/CouncillorFinder" />
+			<test url="http://www2.bristol.gov.uk/WardFinder" />
+			<test url="http://www2.bristol.gov.uk/ccm-ldn-theme/__ccm__/themes-prod/bristol/css/bcc.css" />
+			<test url="http://www2.bristol.gov.uk/committeeMeetingFinder" />
+			<test url="http://www2.bristol.gov.uk/form/ashton-court-mansion/ashton-court-mansion-contact-us" />
+			<test url="http://www2.bristol.gov.uk/form/city-hall/enquiry-form" />
+			<test url="http://www2.bristol.gov.uk/form/jobs-and-training/training-booking-form" />
+			<test url="http://www2.bristol.gov.uk/forms/fly-tipping" />
+			<test url="http://www2.bristol.gov.uk/item/wardfinder.html?wardlinks=election" />
+			<test url="http://www2.bristol.gov.uk/misc/menu-leaf.png" />
+			<test url="http://www2.bristol.gov.uk/modules/node/node.css" />
+			<test url="http://www2.bristol.gov.uk/news/bristol-legal/solar-flare" />
+			<test url="http://www2.bristol.gov.uk/sites/all/modules/contributed/views_slideshow/views_slideshow.css" />
+
+		<!--	$ shows default page, so:
+						-->
+		<test url="http://emso.bristol.gov.uk/pls/services/f?p=200" />
+
+		<!--	Set cookies without Secure:
+							-->
+		<!--test url="http://id.bristol.gov.uk/openam/UI/Login" /-->
+		<!--test url="http://opendata.bristol.gov.uk/login" /-->
+
+	<!--	Complications:
+				-->
+	<target host="efsm.bristol.gov.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.bristol\.gov\.uk$" name="^(?:AMAuthCookie|amlbcookie)$" /-->
+	<!--securecookie host="^adultlearning\.bristol\.gov\.uk$" name="^(?:ASP\.NET_SessionId|JavaScriptActive)$" /-->
+	<!--securecookie host="^(?:cp|news)\.bristol\.gov\.uk$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^ctstatements\.bristol\.gov\.uk$" name="^cookietest$" /-->
+	<!--securecookie host="^(?:efsm|emso)\.bristol\.gov\.uk$" name="^ORA_WWV_APP_\d+$" /-->
+	<!--securecookie host="^id\.bristol\.gov\.uk$" name="^X-Mapping" /-->
+	<!--securecookie host="^jobs\.bristol\.gov\.uk$" name="^(?:lastaccesstime|sessionid)\d+$" /-->
+	<!--securecookie host="^maps\.bristol\.gov\.uk$" name="^ASPSESSIONID[A-Z]{8}$" /-->
+	<!--securecookie host="^opendata\.bristol\.gov\.uk$" name="^logged_in$" /-->
+
+	<securecookie host="^(?!www2\.)\w" name=".+" />
+
+
+	<rule from="^http://cp\.bristol\.gov\.uk:6082/"
+		to="https://cp.bristol.gov.uk:6082/" />
+
+		<test url="http://cp.bristol.gov.uk:6082/php/uid.php?vsys=1&amp;url=http://email.bristol.gov.uk%2fowa" />
+
+	<rule from="^http://efsm\.bristol\.gov\.uk/(?:pls/apex/f\?p=101:1)?$"
+		to="https://efsm.bristol.gov.uk/pls/educa/f?p=109" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/britmilfit.com.xml b/src/chrome/content/rules/britmilfit.com.xml
new file mode 100644
index 000000000000..c02a3b0d385f
--- /dev/null
+++ b/src/chrome/content/rules/britmilfit.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these domains: ᶜ
+
+		- .www.britmilfit.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="BritMilFit.com">
+
+	<target host="britmilfit.com" />
+	<target host="www.britmilfit.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.www\.britmilfit\.com$" name="^fresh_session$" /-->
+
+	<securecookie host="^\." name="^__qca" />
+	<securecookie host="^(?!\.britmilfit\.com$)." name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/broadagesports.com.xml b/src/chrome/content/rules/broadagesports.com.xml
new file mode 100644
index 000000000000..c4a15dde41a8
--- /dev/null
+++ b/src/chrome/content/rules/broadagesports.com.xml
@@ -0,0 +1,23 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://widgets-script.broadagesports.com/content/bage.main.bundle.min.css => https://widgets-script.broadagesports.com/content/bage.main.bundle.min.css: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://widgets-script.broadagesports.com/ => https://widgets-script.broadagesports.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+-->
+<ruleset name="broadagesports.com" default_off="failed ruleset test">
+
+	<target host="widgets-script.broadagesports.com" />
+
+		<!--	$ 403s, so:
+					-->
+		<test url="http://widgets-script.broadagesports.com/content/bage.main.bundle.min.css" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/broadland.gov.uk-falsemixed.xml b/src/chrome/content/rules/broadland.gov.uk-falsemixed.xml
new file mode 100644
index 000000000000..097c5212e692
--- /dev/null
+++ b/src/chrome/content/rules/broadland.gov.uk-falsemixed.xml
@@ -0,0 +1,34 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://broadland.gov.uk/ (200) => https://secure.broadland.gov.uk/ (403)
+Non-2xx HTTP code: http://www.broadland.gov.uk/ (200) => https://secure.broadland.gov.uk/ (403)
+
+	For rules not causing false/broken MCB, see Broadland.gov.uk.xml.
+
+
+	NB: See https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Broadland.gov.uk (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="secure.broadland.gov.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="broadland.gov.uk" />
+	<target host="www.broadland.gov.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?broadland\.gov\.uk/"
+		to="https://secure.broadland.gov.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/bromsgrove.gov.uk.xml b/src/chrome/content/rules/bromsgrove.gov.uk.xml
new file mode 100644
index 000000000000..8295962fd99e
--- /dev/null
+++ b/src/chrome/content/rules/bromsgrove.gov.uk.xml
@@ -0,0 +1,41 @@
+<!--
+	Bromsgrove District Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *bromsgrove.gov.uk:
+
+		- appuview ʳ
+		- connect ʳ
+		- www ʳ
+
+	ʳ Refused
+
+
+	These altnames do not exist:
+
+		- bromsgrove.gov.uk
+
+
+	Insecure cookies are set for these hosts:
+
+		- moderngovwebpublic.bromsgrove.gov.uk
+
+-->
+<ruleset name="Bromsgrove.gov.uk (partial)">
+
+	<target host="moderngovwebpublic.bromsgrove.gov.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^moderngovwebpublic\.bromsgrove\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/browsec.com.xml b/src/chrome/content/rules/browsec.com.xml
new file mode 100644
index 000000000000..25bf32b683b7
--- /dev/null
+++ b/src/chrome/content/rules/browsec.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="browsec.com">
+	<target host="browsec.com" />
+	<target host="www.browsec.com" />
+	<target host="stage.browsec.com" />
+	<target host="test.browsec.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/browser-update.org.xml b/src/chrome/content/rules/browser-update.org.xml
new file mode 100644
index 000000000000..f3efb09d5f81
--- /dev/null
+++ b/src/chrome/content/rules/browser-update.org.xml
@@ -0,0 +1,14 @@
+<ruleset name="Browser-Update.org">
+
+	<target host="browser-update.org" />
+	<target host="www.browser-update.org" />
+
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/browserling.com.xml b/src/chrome/content/rules/browserling.com.xml
new file mode 100644
index 000000000000..ffd5e18420b8
--- /dev/null
+++ b/src/chrome/content/rules/browserling.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="browserling.com">
+	<target host="browserling.com" />
+	<target host="www.browserling.com" />
+	<target host="comic.browserling.com" />
+	<target host="lol.browserling.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/broxtowe.gov.uk.xml b/src/chrome/content/rules/broxtowe.gov.uk.xml
new file mode 100644
index 000000000000..13d22636fa98
--- /dev/null
+++ b/src/chrome/content/rules/broxtowe.gov.uk.xml
@@ -0,0 +1,102 @@
+<!--
+	Broxtowe Borough Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *broxtowe.gov.uk:
+
+		- elections ᵃ
+		- love ᶠ
+		- planning ᵃ
+
+	ᵃ Shows another domain
+	ᶠ Handshake fails
+
+
+	Partially covered hosts in *broxtowe.gov.uk:
+
+		- (www.)? ʰ
+		- m ʰ
+
+	ʰ Some pages redirects to http
+
+
+	Insecure cookies are set for these hosts:
+
+		- broxtowe.gov.uk
+		- m.broxtowe.gov.uk
+		- www.broxtowe.gov.uk
+
+-->
+<ruleset name="Broxtowe.gov.uk (partial)">
+
+	<target host="broxtowe.gov.uk" />
+	<target host="leisurebookings.broxtowe.gov.uk" />
+	<target host="m.broxtowe.gov.uk" />
+	<target host="selfserve.broxtowe.gov.uk" />
+	<target host="www.broxtowe.gov.uk" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://(?:www\.)?broxtowe\.gov\.uk/index\.aspx\?articleid=(?:1|15367|15427|205|8330)$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://(?:www\.)?broxtowe\.gov\.uk/(?!/*(?:CHttpHandler\.ashx|css/|images/|index\.aspx\?(?:.*&amp;)?articleid=6(?:$|&amp;)|media/))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://broxtowe.gov.uk/aboutus" />
+			<test url="http://broxtowe.gov.uk/consultations" />
+			<test url="http://broxtowe.gov.uk/inclusion" />
+			<test url="http://broxtowe.gov.uk/index.aspx?articleid=1" />
+			<test url="http://broxtowe.gov.uk/index.aspx?articleid=15367" />
+			<test url="http://www.broxtowe.gov.uk/index.aspx?articleid=15427" />
+			<test url="http://www.broxtowe.gov.uk/index.aspx?articleid=205" />
+			<test url="http://www.broxtowe.gov.uk/index.aspx?articleid=8330" />
+			<test url="http://www.broxtowe.gov.uk/mediation" />
+			<test url="http://www.broxtowe.gov.uk/payments" />
+
+			<!--	-ve:
+					-->
+			<test url="http://broxtowe.gov.uk/CHttpHandler.ashx?id=32923" />
+			<test url="http://broxtowe.gov.uk/css/broxtowe/stylemedia.css" />
+			<test url="http://broxtowe.gov.uk/images/broxtowe/common/socialmedia/facebook-logo.jpg" />
+			<test url="http://www.broxtowe.gov.uk/media/image/8/j/blue_information_sign_small.jpg" />
+			<test url="http://www.broxtowe.gov.uk/index.aspx?articleid=6" />
+			<test url="http://www.broxtowe.gov.uk/index.aspx?articleid=6&amp;returnarticleid=0&amp;action=newregistration" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://m\.broxtowe\.gov\.uk/index\.aspx\?articleid=(?:11414|11420|11425|7140)$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://m\.broxtowe\.gov\.uk/(?!/*media/|.+/(?:cs|image)s/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://m.broxtowe.gov.uk/index.aspx?articleid=11414" />
+			<test url="http://m.broxtowe.gov.uk/index.aspx?articleid=11420" />
+			<test url="http://m.broxtowe.gov.uk/index.aspx?articleid=11425" />
+			<test url="http://m.broxtowe.gov.uk/index.aspx?articleid=7140" />
+			<test url="http://m.broxtowe.gov.uk/index.aspx?articleid=7140&amp;sendtoid=2878&amp;formid=191977" />
+
+			<!--	-ve:
+					-->
+			<test url="http://m.broxtowe.gov.uk/images/media/pdficon.gif" />
+			<test url="http://m.broxtowe.gov.uk/broxtowemobile/images/toplogo.png" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:m\.|www\.)?broxtowe\.gov\.uk$" name="^(?:ASP\.NET_SessionId|clientvars)$" /-->
+
+	<securecookie host="^[^.bmw]" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/brucefwebster.xml b/src/chrome/content/rules/brucefwebster.xml
new file mode 100644
index 000000000000..b23b1fd1d465
--- /dev/null
+++ b/src/chrome/content/rules/brucefwebster.xml
@@ -0,0 +1,18 @@
+<!--
+Nonfunctional domains:
+	Certificate mismatch:
+		- brucewebster.com
+		- mail.brucefwebster.com
+-->
+
+<ruleset name="brucefwebster">
+	<target host="bfwa.com" />
+	<target host="mail.bfwa.com" />
+	<target host="www.bfwa.com" />
+	
+	<target host="mail.brucewebster.com" />
+	<target host="brucefwebster.com" />
+	<target host="www.brucefwebster.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/brunel.ac.uk.xml b/src/chrome/content/rules/brunel.ac.uk.xml
new file mode 100644
index 000000000000..9e1094e6d049
--- /dev/null
+++ b/src/chrome/content/rules/brunel.ac.uk.xml
@@ -0,0 +1,92 @@
+<!--
+	Brunel University London
+
+
+	Nonfunctional hosts in *brunel.ac.uk:
+
+		- bura ʳ
+		- dea ᵃ
+		- dspace ʳ
+		- fifty ᵃ
+		- hcdi ᵃ
+		- hector ᵈ
+		- iworkat *
+		- people ᵈ
+		- readinglists ⁴
+		- stagingthescottishcourt *
+
+	* Shows blank page
+	⁴ 404
+	ᵃ Shows another domain
+	ᵈ Dropped
+	ʳ Refused
+
+
+	Problematic hosts in *brunel.ac.uk:
+
+		- accominfo ᵐ
+		- jobs ᶜ
+		- libanswers ᵐ
+		- libcalendar ᵐ
+		- libguides ᵐ
+		- sites ᵐ
+
+	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- accom.brunel.ac.uk
+		- blackboard.brunel.ac.uk
+		- brad.brunel.ac.uk
+		- jobs.brunel.ac.uk
+		- .sites.brunel.ac.uk
+		- webapps.brunel.ac.uk
+		- .www.brunel.ac.uk
+
+
+	Mixed content:
+
+		- Bug on www from nojsstats.appspot.com ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="Brunel.ac.uk (partial)">
+
+	<target host="brunel.ac.uk" />
+	<target host="accom.brunel.ac.uk" />
+	<target host="adfs.brunel.ac.uk" />
+	<target host="alumni.brunel.ac.uk" />
+	<target host="alumni1.brunel.ac.uk" />
+	<target host="blackboard.brunel.ac.uk" />
+	<target host="brad.brunel.ac.uk" />
+	<target host="connect.brunel.ac.uk" />
+	<target host="dropoff.brunel.ac.uk" />
+	<target host="evision.brunel.ac.uk" />
+	<target host="idp.brunel.ac.uk" />
+	<target host="intra.brunel.ac.uk" />
+	<!--target host="jobs.brunel.ac.uk" /-->
+	<target host="teaching.brunel.ac.uk" />
+	<target host="webapps.brunel.ac.uk" />
+	<target host="www.brunel.ac.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^accom\.brunel\.ac\.uk$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^blackboard\.brunel\.ac\.uk$" name="^(?:BB_Cookie_Insert|session_id)$" /-->
+	<!--securecookie host="^brad\.brunel\.ac\.uk$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^jobs\.brunel\.ac\.uk$" name="^isAgencyPage$" /-->
+	<!--securecookie host="^webapps\.brunel\.ac\.uk$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^\.(?:sites|www)\.brunel\.ac\.uk$" name="^SQ_SYSTEM_SESSION$" /-->
+
+	<securecookie host="^\w" name=".+" />
+	<securecookie host="^\.www\." name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/brzoo.org.xml b/src/chrome/content/rules/brzoo.org.xml
new file mode 100644
index 000000000000..7295f756571f
--- /dev/null
+++ b/src/chrome/content/rules/brzoo.org.xml
@@ -0,0 +1,22 @@
+<!--
+	Invalid certificate:
+		email.brzoo.org
+		ftp.brzoo.org
+		imap.brzoo.org
+		mail.brzoo.org
+		mobilemail.brzoo.org
+		pop.brzoo.org
+		smtp.brzoo.org
+
+	Refused:
+		autodiscover.brzoo.org
+
+	Time out:
+		mail1.brzoo.org
+-->
+<ruleset name="brzoo.org">
+	<target host="brzoo.org" />
+	<target host="www.brzoo.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/bstu.bund.de.xml b/src/chrome/content/rules/bstu.bund.de.xml
new file mode 100644
index 000000000000..bbcfc76bad82
--- /dev/null
+++ b/src/chrome/content/rules/bstu.bund.de.xml
@@ -0,0 +1,11 @@
+<!--
+	For other bund.de coverages, see Verwaltung_Online.xml.
+-->
+<ruleset name="BStU.bund.de">
+
+	<target host="bstu.bund.de" />
+	<target host="www.bstu.bund.de" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/btc-e.nz.xml b/src/chrome/content/rules/btc-e.nz.xml
new file mode 100644
index 000000000000..8818a5b309a3
--- /dev/null
+++ b/src/chrome/content/rules/btc-e.nz.xml
@@ -0,0 +1,7 @@
+<ruleset name="btc-e.nz">
+	<target host="btc-e.nz" />
+	<target host="www.btc-e.nz" />
+	<target host="pamm.btc-e.nz" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/btdig.com.xml b/src/chrome/content/rules/btdig.com.xml
new file mode 100644
index 000000000000..b885e0664074
--- /dev/null
+++ b/src/chrome/content/rules/btdig.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="btdig.com">
+	<target host="btdig.com" />
+	<target host="www.btdig.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/btinstallershop.com.xml b/src/chrome/content/rules/btinstallershop.com.xml
new file mode 100644
index 000000000000..a2cd2ba9502b
--- /dev/null
+++ b/src/chrome/content/rules/btinstallershop.com.xml
@@ -0,0 +1,32 @@
+<!--
+	For other BT Group coverage, see BT-Group.xml.
+
+
+	These altnames do not exist:
+
+		- btinstallershop.com
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.btinstallershop.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="BT Installer Shop.com">
+
+	<target host="www.btinstallershop.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.btinstallershop\.com$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/btjunkie.xml b/src/chrome/content/rules/btjunkie.xml
deleted file mode 100644
index 4d620444dc4f..000000000000
--- a/src/chrome/content/rules/btjunkie.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="btjunkie" platform="mixedcontent">
-  <target host="btjunkie.org" />
-  <target host="www.btjunkie.org" />
-  <target host="dl.btjunkie.org" />
-
-  <rule from="^http://dl\.btjunkie\.org/" to="https://dl.btjunkie.org/"/>
-  <rule from="^https?://(?:www\.)?btjunkie\.org/" to="https://btjunkie.org/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/buaa.edu.cn.xml b/src/chrome/content/rules/buaa.edu.cn.xml
new file mode 100644
index 000000000000..9d0b9d2b0110
--- /dev/null
+++ b/src/chrome/content/rules/buaa.edu.cn.xml
@@ -0,0 +1,88 @@
+<!--
+	^.buaa.edu.cn does not exist.
+
+	Certificate expired:
+		- mooc
+		- www.mooc
+		- files.mooc
+		- insights.mooc
+		- network-lab.mooc
+		- preview.mooc
+		- studio.mooc
+		- admire.nlsde
+		- dmmooc.nlsde
+		- fad.nlsde
+		- ftp.nlsde
+		- ipv6.nlsde
+		- pl.nlsde
+		- r.nlsde
+		- sccse.nlsde
+		- sites.nlsde
+		- www-old.nlsde
+
+	Incomplete certificate chain:
+		- mail.act
+		- mx1.dxt
+		- mx2.dxt
+		- imap
+		- mail
+		- imap.nlsde
+		- smtp.nlsde
+		- pop3
+		- smtp
+		- vpn1
+
+	Self-signed certificate:
+		- gsmis.graduate
+		- hkxb
+		- mall
+		- mce
+		- contest.mooc
+		- wap.nlsde
+		- proxy
+		- summer
+		- vpn
+		- yx
+
+	Mismatched certificate:
+		- pay
+		- pay.icw
+
+	HTTP =/= HTTPS:
+		- vpn.nlsde
+
+	SSL handshake error:
+		- ucs
+
+	Connection reset:
+		- mx3.dxt
+
+	Connection timed out:
+		- wap-rdg.nlsde
+-->
+<ruleset name="buaa.edu.cn (partial)">
+	<target host="www.buaa.edu.cn" />
+	<target host="ring.act.buaa.edu.cn" />
+	<target host="app.buaa.edu.cn" />
+	<target host="call-number.buaa.edu.cn" />
+	<target host="img.call-number.buaa.edu.cn" />
+	<target host="card.buaa.edu.cn" />
+	<target host="cwc.buaa.edu.cn" />
+	<target host="e.buaa.edu.cn" />
+	<target host="buaabt-cn.e.buaa.edu.cn" />
+	<target host="course.e.buaa.edu.cn" />
+	<target host="lib.e.buaa.edu.cn" />
+	<target host="ev.buaa.edu.cn" />
+	<target host="icw.buaa.edu.cn" />
+	<target host="imgapp.buaa.edu.cn" />
+	<target host="imgwx.buaa.edu.cn" />
+	<target host="jointcup.buaa.edu.cn" />
+	<target host="news.buaa.edu.cn" />
+	<target host="saed.buaa.edu.cn" />
+	<target host="sso.buaa.edu.cn" />
+	<target host="ucapp.buaa.edu.cn" />
+	<target host="weixin.buaa.edu.cn" />
+	<target host="wv.buaa.edu.cn" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/buchhaus.ch.xml b/src/chrome/content/rules/buchhaus.ch.xml
new file mode 100644
index 000000000000..bb45119c9380
--- /dev/null
+++ b/src/chrome/content/rules/buchhaus.ch.xml
@@ -0,0 +1,9 @@
+<ruleset name="buchhaus.ch">
+	<target host="buchhaus.ch"/>
+	<target host="www.buchhaus.ch"/>
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://buchhaus\.ch/" to="https://www.buchhaus.ch/"/>
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/buckscc.gov.uk-falsemixed.xml b/src/chrome/content/rules/buckscc.gov.uk-falsemixed.xml
new file mode 100644
index 000000000000..01d44180a375
--- /dev/null
+++ b/src/chrome/content/rules/buckscc.gov.uk-falsemixed.xml
@@ -0,0 +1,17 @@
+<!--
+	For rules not causing false/broken MCB, see buckscc.gov.uk.xml.
+
+-->
+<ruleset name="Bucks CC.gov.uk (false MCB)" platform="mixedcontent">
+
+	<target host="www.buckscc.gov.uk" />
+
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/buckscc.gov.uk.xml b/src/chrome/content/rules/buckscc.gov.uk.xml
new file mode 100644
index 000000000000..4e885cc97a22
--- /dev/null
+++ b/src/chrome/content/rules/buckscc.gov.uk.xml
@@ -0,0 +1,80 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://buckscc.gov.uk/ => https://buckscc.gov.uk/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://udp.buckscc.gov.uk/ => https://udp.buckscc.gov.uk/: (6, 'Could not resolve host: udp.buckscc.gov.uk')
+
+	Buckinghamshire County Council
+
+	For rules causing false/broken MCB, see buckscc.gov.uk-falsemixed.xml.
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *buckscc.gov.uk:
+
+		- closures ʳ
+		- jobs ʳ
+		- maps ᶠ
+		- mybucks ᵈ
+		- publicaccess ᵈ
+
+	ᵈ Dropped
+	ᶠ Handshake fails
+	ʳ Refused
+
+
+	^buckscc.gov.uk: Dropped over http & https
+
+
+	Insecure cookies are set for these hosts:
+
+		- apps1.buckscc.gov.uk
+		- apps2.buckscc.gov.uk
+		- commercial.buckscc.gov.uk
+		- democracy.buckscc.gov.uk
+		- shop.buckscc.gov.uk
+
+
+	Mixed content:
+
+		- css on www from serverapi.arcgisonline.com ˢ
+		- Bug on www from socitm.govmetric.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Bucks CC.gov.uk (partial)" default_off="failed ruleset test">
+
+	<target host="buckscc.gov.uk" />
+	<target host="account.buckscc.gov.uk" />
+	<target host="apps1.buckscc.gov.uk" />
+	<target host="apps2.buckscc.gov.uk" />
+	<target host="commercial.buckscc.gov.uk" />
+	<target host="democracy.buckscc.gov.uk" />
+	<target host="emsonline.buckscc.gov.uk" />
+	<target host="shop.buckscc.gov.uk" />
+	<target host="udp.buckscc.gov.uk" />
+	<!--target host="www.buckscc.gov.uk" /-->
+
+		<!--	Set cookies without Secure:
+							-->
+		<!--test url="http://apps1.buckscc.gov.uk/eforms2005/libPrisoners/" /-->
+		<!--test url="http://apps2.buckscc.gov.uk/ecommerce/logon.aspx" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:apps1|democracy)\.buckscc\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^apps2\.buckscc\.gov\.uk$" name="^(?:ASP\.NET_SessionId|SessionId)$" /-->
+	<!--securecookie host="^commercial\.buckscc\.gov\.uk$" name="^(?:__RequestVerificationToken|ASP\.NET_SessionId$)" /-->
+	<!--securecookie host="^shop\.buckscc\.gov\.uk$" name="^(?:ASP\.NET_SessionId|TempDataIdCookieName)$" /-->
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/buckwear.com.xml b/src/chrome/content/rules/buckwear.com.xml
new file mode 100644
index 000000000000..9c6ebc3d2fa5
--- /dev/null
+++ b/src/chrome/content/rules/buckwear.com.xml
@@ -0,0 +1,36 @@
+<!--
+	Insecure cookies are set for these domains: ᶜ
+
+		- .buckwear.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Bug from www.buckwear.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Buck Wear.com">
+
+	<target host="buckwear.com" />
+	<target host="www.buckwear.com" />
+
+		<!--	Mixed bug:
+					-->
+		<!--test url="http://www.buckwear.com/featured/camostarsandstripesapplique-adult-mens-camo-hunting-hoodie.html?SID=" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.buckwear\.com$" name="^frontend$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/buddybuild.com.xml b/src/chrome/content/rules/buddybuild.com.xml
new file mode 100644
index 000000000000..6dfa518e3c99
--- /dev/null
+++ b/src/chrome/content/rules/buddybuild.com.xml
@@ -0,0 +1,11 @@
+<!--
+blog.buddybuild.com timed out
+docs.buddybuild.com mismatch
+-->
+<ruleset name="buddybuild.com">
+	<target host="buddybuild.com" />
+	<target host="www.buddybuild.com" />
+	<target host="dashboard.buddybuild.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/buhonline.ru.xml b/src/chrome/content/rules/buhonline.ru.xml
new file mode 100644
index 000000000000..34ce640efcdb
--- /dev/null
+++ b/src/chrome/content/rules/buhonline.ru.xml
@@ -0,0 +1,5 @@
+<ruleset name="buhonline.ru">
+	<target host="buhonline.ru" />
+	<target host="www.buhonline.ru" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/buildbot.net.xml b/src/chrome/content/rules/buildbot.net.xml
new file mode 100644
index 000000000000..e7890b52abb6
--- /dev/null
+++ b/src/chrome/content/rules/buildbot.net.xml
@@ -0,0 +1,13 @@
+<!--
+trac.buildbot.net mismatch
+-->
+<ruleset name="buildbot.net">
+	<target host="buildbot.net" />
+	<target host="www.buildbot.net" />
+	<target host="buildbot.buildbot.net" />
+	<target host="lists.buildbot.net" />
+	<target host="nine.buildbot.net" />
+	<target host="docs.buildbot.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/bukkit.org.xml b/src/chrome/content/rules/bukkit.org.xml
new file mode 100644
index 000000000000..19f63890d69e
--- /dev/null
+++ b/src/chrome/content/rules/bukkit.org.xml
@@ -0,0 +1,78 @@
+<!--
+	For other Curse coverage, see Curse.xml.
+
+
+	Nonfunctional hosts in *bukkit.org:
+
+		- wiki ¹
+
+	¹ 521
+
+
+	Partially covered hosts in *bukkit.org:
+
+		- dev ʰ
+
+	ʰ Redirects to http
+
+
+	Insecure cookies are set for these domains:
+
+		- .bukkit.org
+
+
+	Mixed content:
+
+		- Images, on ^ from:
+
+			- bukkit.org ˢ
+			- forums.bukkit.org ˢ
+			- media-curse.cursecdn.com ˢ
+
+		- Bug on ^ from b.scorecardresearch.com ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="Bukkit.org (partial)">
+
+	<target host="bukkit.org" />
+	<target host="dev.bukkit.org" />
+	<target host="forums.bukkit.org" />
+	<target host="www.bukkit.org" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://dev\.bukkit\.org/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://dev\.bukkit\.org/+(?!artisan/|favicon\.ico|media/)" />
+
+			<!--	ve:
+					-->
+			<test url="http://dev.bukkit.org/bukkit-plugins/" />
+			<test url="http://dev.bukkit.org/bukkit-plugins/jail/" />
+			<test url="http://dev.bukkit.org/bukkit-plugins/mobarena/" />
+			<test url="http://dev.bukkit.org/bukkit-plugins/tardis/" />
+
+			<!--	ve:
+					-->
+			<test url="http://dev.bukkit.org/artisan/gradient/vertical/100/ffffffff-ffffff00.png" />
+			<test url="http://dev.bukkit.org/artisan/icons/13/apps/internet-group-chat.png" />
+			<test url="http://dev.bukkit.org/favicon.ico" />
+			<test url="http://dev.bukkit.org/media/attachments/18/826/navigation-tab.png" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.bukkit\.org$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^(?!dev\.)\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/bullzip.com.xml b/src/chrome/content/rules/bullzip.com.xml
new file mode 100644
index 000000000000..5b7c1ed3c95e
--- /dev/null
+++ b/src/chrome/content/rules/bullzip.com.xml
@@ -0,0 +1,22 @@
+<!--
+	Invalid certificate:
+		cdn.bullzip.com
+		support.bullzip.com
+
+	Refused:
+		wiki.bullzip.com
+
+	Time out:
+		ftp.bullzip.com
+		imap.bullzip.com
+		mail.bullzip.com
+		pop.bullzip.com
+		ssh.bullzip.com
+-->
+<ruleset name="bullzip.com">
+	<target host="bullzip.com" />
+	<target host="www.bullzip.com" />
+	<target host="update.bullzip.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/bundesanzeiger-verlag.de.xml b/src/chrome/content/rules/bundesanzeiger-verlag.de.xml
new file mode 100644
index 000000000000..5b27750decd1
--- /dev/null
+++ b/src/chrome/content/rules/bundesanzeiger-verlag.de.xml
@@ -0,0 +1,23 @@
+<!--
+	Timeout:
+		dns.bundesanzeiger-verlag.de
+		dns1.bundesanzeiger-verlag.de
+		statistik.bundesanzeiger-verlag.de
+		story.bundesanzeiger-verlag.de
+
+-->
+<ruleset name="Bundesanzeiger-Verlag">
+
+	<target host="bundesanzeiger-verlag.de" />
+	<target host="www.bundesanzeiger-verlag.de" />
+	<target host="ads.bundesanzeiger-verlag.de" />
+	<target host="azubi.bundesanzeiger-verlag.de" />
+	<target host="azubi2.bundesanzeiger-verlag.de" />
+	<target host="login.bundesanzeiger-verlag.de" />
+	<target host="sftp.bundesanzeiger-verlag.de" />
+	<target host="shop.bundesanzeiger-verlag.de" />
+	<target host="xaverstat.bundesanzeiger-verlag.de" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/bundesjustizamt.de.xml b/src/chrome/content/rules/bundesjustizamt.de.xml
new file mode 100644
index 000000000000..59aeaef315e4
--- /dev/null
+++ b/src/chrome/content/rules/bundesjustizamt.de.xml
@@ -0,0 +1,17 @@
+<ruleset name="Bundesamt für Justiz">
+	<!-- Federal Office of Justice -->
+
+	<target host="bundesjustizamt.de" />
+	<target host="www.bundesjustizamt.de" />
+	<target host="bfj-cr.bundesjustizamt.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<!--Invalid certificate on https://bundesjustizamt.de/,
+	http://bundesjustizamt.de/ redirects to http://www.bundesjustizamt.de/ -->
+	<rule from="^http://bundesjustizamt\.de/"
+		to="https://www.bundesjustizamt.de/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/bundesregierung.de.xml b/src/chrome/content/rules/bundesregierung.de.xml
new file mode 100644
index 000000000000..877461b1a303
--- /dev/null
+++ b/src/chrome/content/rules/bundesregierung.de.xml
@@ -0,0 +1,45 @@
+<!--
+	Timeout:
+		medienivbb.bundesregierung.de
+-->
+<ruleset name="Bundesregierung.de">
+	<!-- The Federal Government -->
+
+	<target host="bundesregierung.de" />
+	<target host="www.bundesregierung.de" />
+	<target host="akkreditierung.bundesregierung.de" />
+	<target host="www.akkreditierung.bundesregierung.de" />
+	<target host="appwp.bundesregierung.de" />
+	<target host="archiv.bundesregierung.de" />
+	<target host="externeredaktion.bpa2011.bundesregierung.de" />
+	<target host="piwik.bpa2011.bundesregierung.de" />
+	<target host="preview.bpa2011.bundesregierung.de" />
+	<target host="visonoadmin.bpa2011.bundesregierung.de" />
+	<target host="cvd.bundesregierung.de" />
+	<target host="www.cvd.bundesregierung.de" />
+	<target host="m.cvd.bundesregierung.de" />
+	<target host="m.bundesregierung.de" />
+	<target host="pdstream.bundesregierung.de" />
+	<target host="styleguide.bundesregierung.de" />
+	<target host="www.styleguide.bundesregierung.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<!-- Invalid certificate on https://akkreditierung.bundesregierung.de/,
+	http://akkreditierung.bundesregierung.de/ redirects to http://www.akkreditierung.bundesregierung.de/ -->
+	<rule from="^http://akkreditierung\.bundesregierung\.de/"
+		to="https://www.akkreditierung.bundesregierung.de/" />
+
+	<!-- Invalid certificate on https://www.cvd.bundesregierung.de/,
+	http://www.cvd.bundesregierung.de/ redirects to http://cvd.bundesregierung.de/ -->
+	<rule from="^http://www\.cvd\.bundesregierung\.de/"
+		to="https://cvd.bundesregierung.de/" />
+
+	<!-- Invalid certificate on https://www.styleguide.bundesregierung.de/,
+	http://www.styleguide.bundesregierung.de/ redirects to http://styleguide.bundesregierung.de/ -->
+	<rule from="^http://www\.styleguide\.bundesregierung\.de/"
+		to="https://styleguide.bundesregierung.de/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/bungalows.nl.xml b/src/chrome/content/rules/bungalows.nl.xml
new file mode 100644
index 000000000000..0a83be87a278
--- /dev/null
+++ b/src/chrome/content/rules/bungalows.nl.xml
@@ -0,0 +1,17 @@
+<!--
+	For other Bookit coverage, see bookit.nl.xml.
+
+-->
+<ruleset name="Bungalows.nl">
+
+	<target host="bungalows.nl" />
+	<target host="www.bungalows.nl" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/bunkus.org.xml b/src/chrome/content/rules/bunkus.org.xml
new file mode 100644
index 000000000000..6536450cd0bf
--- /dev/null
+++ b/src/chrome/content/rules/bunkus.org.xml
@@ -0,0 +1,13 @@
+<!--
+	Nonfunctional subdomains:
+		- mkvtoolnix-releases	(breaks redirect)
+-->
+<ruleset name="bunkus.org">
+	<target host=    "bunkus.org" />
+	<target host="www.bunkus.org" />
+
+  	<securecookie host="^www\.bunkus\.org$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/burgerking.ru.xml b/src/chrome/content/rules/burgerking.ru.xml
new file mode 100644
index 000000000000..ceae83187d5a
--- /dev/null
+++ b/src/chrome/content/rules/burgerking.ru.xml
@@ -0,0 +1,20 @@
+<!--
+angrywhopper.burgerking.ru ²
+internal.burgerking.ru/: (35, 'error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure')
+job.burgerking.ru ²
+kingo.burgerking.ru ¹
+mail.burgerking.ru ⁴
+rabota.burgerking.ru ²
+
+
+¹ mismatch
+² refused
+⁴ self signed
+-->
+<ruleset name="burgerking.ru">
+	<target host="burgerking.ru" />
+	<target host="www.burgerking.ru" />
+	<target host="push.burgerking.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/bury.gov.uk-falsemixed.xml b/src/chrome/content/rules/bury.gov.uk-falsemixed.xml
new file mode 100644
index 000000000000..feac943b052a
--- /dev/null
+++ b/src/chrome/content/rules/bury.gov.uk-falsemixed.xml
@@ -0,0 +1,19 @@
+<!--
+	For rules not causing false/broken MCB, see bury.gov.uk.xml.
+
+
+	NB: See https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Bury.gov.uk (false MCB)" platform="mixedcontent">
+
+	<target host="moodle.bury.gov.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/bury.gov.uk.xml b/src/chrome/content/rules/bury.gov.uk.xml
new file mode 100644
index 000000000000..2d1df97ec13a
--- /dev/null
+++ b/src/chrome/content/rules/bury.gov.uk.xml
@@ -0,0 +1,112 @@
+<!--
+	Bury Metropolitan Borough Council
+
+	For rules causing false/broken MCB, see bury.gov.uk-falsemixed.xml.
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *bury.gov.uk:
+
+		- archives ᵈ
+		- burychildrenincarecouncil ˡ
+		- maps ᵈ
+		- propertysearch ᵈ
+		- yourcareyourchoice ᵈ
+
+	ᵈ Dropped
+	ˡ Loops
+
+
+	Problematic hosts in *bury.gov.uk:
+
+		- moodle ˣ
+
+	ˣ Mixed css, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- bury.gov.uk
+		- .bury.gov.uk
+		- admissions.bury.gov.uk
+		- buryleisureonline.bury.gov.uk
+		- childcare.bury.gov.uk
+		- councildecisions.bury.gov.uk
+		- library.bury.gov.uk
+		- moodle.bury.gov.uk
+		- owa.bury.gov.uk
+		- www.bury.gov.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css on moddle from $self ˢ
+		- Images on moddle from $self ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Bury.gov.uk (partial)">
+
+	<target host="bury.gov.uk" />
+	<target host="admissions.bury.gov.uk" />
+	<target host="buryleisureonline.bury.gov.uk" />
+	<target host="childcare.bury.gov.uk" />
+	<target host="councildecisions.bury.gov.uk" />
+	<target host="fisonline.bury.gov.uk" />
+	<target host="ilive.bury.gov.uk" />
+	<target host="library.bury.gov.uk" />
+	<target host="licensing.bury.gov.uk" />
+	<!--target host="moodle.bury.gov.uk" /-->
+	<target host="owa.bury.gov.uk" />
+	<target host="planning.bury.gov.uk" />
+	<target host="www.bury.gov.uk" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.bury\.gov\.uk/index\.aspx\?articleid=10298" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://(?:www\.)?bury\.gov\.uk/(?!/*(?:[Bb]ury/(?:css|[Ii]mages|template)/|favicon\.ico|media/))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.bury.gov.uk/bincollections" />
+			<test url="http://www.bury.gov.uk/counciltax" />
+			<test url="http://www.bury.gov.uk/housing" />
+			<test url="http://www.bury.gov.uk/index.aspx?articleid=10298" />
+			<test url="http://www.bury.gov.uk/planning" />
+			<test url="http://www.bury.gov.uk/recycling" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.bury.gov.uk/Bury/css/styleprint.css" />
+			<test url="http://www.bury.gov.uk/Bury/images/facebook.png" />
+			<test url="http://www.bury.gov.uk/Bury/template/sys_Bury_Home/css/sys_Bury_Home.css" />
+			<test url="http://www.bury.gov.uk/favicon.ico" />
+			<test url="http://www.bury.gov.uk/media/image/8/k/utrr9djfvxxcxuptfizy.jpg" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?bury\.gov\.uk$" name="^(?:ASP\.NET_SessionId|clientvars)$" /-->
+	<!--securecookie host="^\.bury\.gov\.uk$" name="^(?:III_EXPT_FILE|III_SESSION_ID|SESSION_LANGUAGE)$" /-->
+	<!--securecookie host="^(?:admissions|councildecisions)\.bury\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^buryleisureonline\.bury\.gov\.uk$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^childcare\.bury\.gov\.uk$" name="^PE(?:Language|Test)Cookie$" /-->
+	<!--securecookie host="^library\.bury\.gov\.uk$" name="^SESSION_SCOPE$" /-->
+	<!--securecookie host="^moodle\.bury\.gov\.uk$" name="^M(?:OODLEID1_|Session|SessionTest)$" /-->
+	<!--securecookie host="^owa\.bury\.gov\.uk$" name="^cadata[\dA-F]{32}$" /-->
+
+	<securecookie host="^\." name="^(?:III_EXPT_FILE|III_SESSION_ID|SESSION_LANGUAGE)$" />
+	<securecookie host="^(?!www\.)\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/buschgardens.com.xml b/src/chrome/content/rules/buschgardens.com.xml
new file mode 100644
index 000000000000..244f236605d3
--- /dev/null
+++ b/src/chrome/content/rules/buschgardens.com.xml
@@ -0,0 +1,30 @@
+<!--
+	Invalid certificate:
+		backstage.buschgardens.com
+		ezticket.buschgardens.com
+		seaport.buschgardens.com
+
+	Timeout:
+		autodiscover.buschgardens.com
+		av.buschgardens.com
+		conf.buschgardens.com
+		mail.buschgardens.com
+		sip.buschgardens.com
+-->
+<ruleset name="buschgardens.com">
+
+	<target host="buschgardens.com" />
+	<target host="www.buschgardens.com" />
+	<target host="qa.buschgardens.com" />
+	<target host="qa-secure.buschgardens.com" />
+	<target host="qa2.buschgardens.com" />
+	<target host="qa3.buschgardens.com" />
+	<target host="secure.buschgardens.com" />
+	<target host="stage.buschgardens.com" />
+	<target host="res.vacations.buschgardens.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/bushcraft-deutschland.de.xml b/src/chrome/content/rules/bushcraft-deutschland.de.xml
new file mode 100644
index 000000000000..69724e68c13c
--- /dev/null
+++ b/src/chrome/content/rules/bushcraft-deutschland.de.xml
@@ -0,0 +1,10 @@
+<ruleset name="Bushcraft-Deutschland.de">
+
+	<target host="bushcraft-deutschland.de" />
+	<target host="www.bushcraft-deutschland.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/bushcraft-germany.com.xml b/src/chrome/content/rules/bushcraft-germany.com.xml
new file mode 100644
index 000000000000..f6796376f846
--- /dev/null
+++ b/src/chrome/content/rules/bushcraft-germany.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="Bushcraft-Germany.com">
+
+	<target host="bushcraft-germany.com" />
+	<target host="www.bushcraft-germany.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/business.gov.au.xml b/src/chrome/content/rules/business.gov.au.xml
new file mode 100644
index 000000000000..9a9422fd24e8
--- /dev/null
+++ b/src/chrome/content/rules/business.gov.au.xml
@@ -0,0 +1,36 @@
+<!--
+	Non-functional hosts
+		SSL connect error:
+		- www.register.business.gov.au
+
+		SSL peer certificate was not OK:
+		- ats.business.gov.au
+		- www.ats.business.gov.au
+
+		Incomplete certificate chain error:
+		- ablisfiles.business.gov.au
+		- vanguard.business.gov.au
+		- www.vanguard.business.gov.au
+-->
+<ruleset name="business.gov.au">
+	<target host="business.gov.au" />
+	<target host="ablis.business.gov.au" />
+	<target host="abn.business.gov.au" />
+	<target host="www.abn.business.gov.au" />
+	<target host="abr.business.gov.au" />
+	<target host="www.abr.business.gov.au" />
+	<target host="authorisation.business.gov.au" />
+	<target host="consultation.business.gov.au" />
+	<target host="www.consultation.business.gov.au" />
+	<target host="forms.business.gov.au" />
+		<test url="http://forms.business.gov.au/smartforms/diisr-sa/rsp/" />
+		<test url="http://forms.business.gov.au/aba/servlet/SmartForm.pdf?formCode=DAFF-WAS" />
+	<target host="portal.business.gov.au" />
+	<target host="randdsnapshot.business.gov.au" />
+	<target host="www.randdsnapshot.business.gov.au" />
+	<target host="register.business.gov.au" />
+	<target host="start.business.gov.au" />
+	<target host="www.business.gov.au" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/businessclick.com.xml b/src/chrome/content/rules/businessclick.com.xml
new file mode 100644
index 000000000000..664fa03a3f11
--- /dev/null
+++ b/src/chrome/content/rules/businessclick.com.xml
@@ -0,0 +1,46 @@
+<!--
+	For other Wirtualna Polska Group coverage, see WP.pl.xml.
+
+
+	^businessclick.com: Shows login
+
+
+	Insecure cookies are set for these hosts:
+
+		- ads.businessclick.com
+
+
+	Mixed content:
+
+		- css on www from fonts.googleapis.com ˢ
+		- css on www from ads.businessclick.com ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="Businessclick.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ads.businessclick.com" />
+	<target host="www.businessclick.com" />
+
+	<!--	Complications:
+				-->
+	<target host="businessclick.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^ads\.businessclick\.com$" name="^__bc_trace$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://businessclick\.com/"
+		to="https://www.businessclick.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/businessnews.com.au.xml b/src/chrome/content/rules/businessnews.com.au.xml
new file mode 100644
index 000000000000..5a732c0b2c2e
--- /dev/null
+++ b/src/chrome/content/rules/businessnews.com.au.xml
@@ -0,0 +1,39 @@
+<!--
+	^businessnews.com.au: Expired, mismatched
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- .businessnews.com.au
+		- www.businessnews.com.au
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Business News.com.au">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.businessnews.com.au" />
+
+	<!--	Complications:
+				-->
+	<target host="businessnews.com.au" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.businessnews\.com\.au$" name="^SESS[\da-f]{32}$" /-->
+	<!--securecookie host="^www\.businessnews\.com\.au$" name="^OAID$" /-->
+
+	<securecookie host="^\." name="^(?:_gat?$|_gat_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://businessnews\.com\.au/"
+		to="https://www.businessnews.com.au/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/busnavi-okinawa.com.xml b/src/chrome/content/rules/busnavi-okinawa.com.xml
new file mode 100644
index 000000000000..7ad9106d53ac
--- /dev/null
+++ b/src/chrome/content/rules/busnavi-okinawa.com.xml
@@ -0,0 +1,5 @@
+<ruleset name="busnavi-okinawa">
+	<target host="www.busnavi-okinawa.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/busybox.net.xml b/src/chrome/content/rules/busybox.net.xml
new file mode 100644
index 000000000000..02ec43096d08
--- /dev/null
+++ b/src/chrome/content/rules/busybox.net.xml
@@ -0,0 +1,14 @@
+<!--
+lists.busybox.net mismatch
+-->
+<ruleset name="busybox.net">
+	<target host="busybox.net" />
+	<target host="www.busybox.net" />
+	<target host="bugs.busybox.net" />
+	<target host="git.busybox.net" />
+	<target host="udhcp.busybox.net" />
+	<target host="buildroot.busybox.net" />
+	<target host="tinylogin.busybox.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/buttons.social.xml b/src/chrome/content/rules/buttons.social.xml
new file mode 100644
index 000000000000..908beb65c0b3
--- /dev/null
+++ b/src/chrome/content/rules/buttons.social.xml
@@ -0,0 +1,13 @@
+<ruleset name="Buttons.social">
+
+	<target host="buttons.social" />
+	<target host="www.buttons.social" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/bux.cz.xml b/src/chrome/content/rules/bux.cz.xml
new file mode 100644
index 000000000000..bfa2eba9d3a2
--- /dev/null
+++ b/src/chrome/content/rules/bux.cz.xml
@@ -0,0 +1,7 @@
+<ruleset name="bux.cz">
+    <target host="bux.cz" />
+    <target host="www.bux.cz" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/buyaplan.co.uk.xml b/src/chrome/content/rules/buyaplan.co.uk.xml
new file mode 100644
index 000000000000..7d869b9e1376
--- /dev/null
+++ b/src/chrome/content/rules/buyaplan.co.uk.xml
@@ -0,0 +1,30 @@
+<!--
+	Note: This site blocks Tor users
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- buyaplan.co.uk
+		- .buyaplan.co.uk
+		- www.buyaplan.co.uk
+
+-->
+<ruleset name="Buy A Plan.co.uk" default_off="needs clearnet testing">
+
+	<target host="buyaplan.co.uk" />
+	<target host="www.buyaplan.co.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.buyaplan\.co\.uk$" name="^(?:__cfduid|cf_clearance)$" /-->
+	<!--securecookie host="^(?:www\.)?buyaplan\.co\.uk$" name="^(?:_auth2|_buyaplan_session)$" /-->
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/buydomains.com.xml b/src/chrome/content/rules/buydomains.com.xml
new file mode 100644
index 000000000000..c02b62f22be3
--- /dev/null
+++ b/src/chrome/content/rules/buydomains.com.xml
@@ -0,0 +1,19 @@
+<!--
+	Refused:
+		buydomains.com
+		www.buydomains.com
+
+-->
+<ruleset name="BuyDomains.com (partial)">
+
+	<target host="checkout.buydomains.com" />
+	<target host="static.buydomains.com" />
+		<test url="http://static.buydomains.com/browser/img/favicon.ico" />
+		<test url="http://static.buydomains.com/browser/img/main/bg-select.png" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/buywithconfidence.gov.uk.xml b/src/chrome/content/rules/buywithconfidence.gov.uk.xml
new file mode 100644
index 000000000000..77ff51024554
--- /dev/null
+++ b/src/chrome/content/rules/buywithconfidence.gov.uk.xml
@@ -0,0 +1,26 @@
+<!--
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.buywithconfidence.gov.uk
+
+-->
+<ruleset name="Buy with Confidence.gov.uk">
+
+	<target host="buywithconfidence.gov.uk" />
+	<target host="www.buywithconfidence.gov.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.buywithconfidence\.gov\.uk$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/buzzorange.com.xml b/src/chrome/content/rules/buzzorange.com.xml
new file mode 100644
index 000000000000..89d05480369b
--- /dev/null
+++ b/src/chrome/content/rules/buzzorange.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="buzzorange.com">
+	<target host="buzzorange.com" />
+	<target host="www.buzzorange.com" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/buzzsprout.com.xml b/src/chrome/content/rules/buzzsprout.com.xml
new file mode 100644
index 000000000000..68c640a3f68d
--- /dev/null
+++ b/src/chrome/content/rules/buzzsprout.com.xml
@@ -0,0 +1,99 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.buzzsprout.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Buzzsprout.com">
+
+	<target host="buzzsprout.com" />
+	<target host="*.buzzsprout.com" />
+
+		<exclusion pattern="^http://(?:[^./]+\.){2,}buzzsprout\.com/" />
+
+			<!--	+ve:
+					-->
+			<test url="http://this.host.buzzsprout.com/" />
+			<test url="http://exists.not.buzzsprout.com/" />
+
+		<test url="http://www.buzzsprout.com/" />
+
+		<!--	(accounts:) -->
+		<test url="http://a4mc.buzzsprout.com/" />
+		<test url="http://abcwilmington.buzzsprout.com/" />
+		<test url="http://alexmercedcast.buzzsprout.com/" />
+		<test url="http://allsoulsknox.buzzsprout.com/" />
+		<test url="http://amos37dotcom.buzzsprout.com/" />
+		<test url="http://asbibliotek.buzzsprout.com/" />
+		<test url="http://bethariel.buzzsprout.com/" />
+		<test url="http://bibleprinciples.buzzsprout.com/" />
+		<test url="http://bingewatchers.buzzsprout.com/" />
+		<test url="http://bluecap.buzzsprout.com/" />
+		<test url="http://bodylearning.buzzsprout.com/" />
+		<test url="http://brinklow.buzzsprout.com/" />
+		<test url="http://bucknerfanning.buzzsprout.com/" />
+		<test url="http://cardscast.buzzsprout.com/" />
+		<test url="http://christsanctuary.buzzsprout.com/" />
+		<test url="http://collegeofprayer.buzzsprout.com/" />
+		<test url="http://contametudo.buzzsprout.com/" />
+		<test url="http://craho.buzzsprout.com/" />
+		<test url="http://e3expeditionpodcast.buzzsprout.com/" />
+		<test url="http://ebenezervancouver.buzzsprout.com/" />
+		<test url="http://eltupgraders.buzzsprout.com/" />
+		<test url="http://fcgwels.buzzsprout.com/" />
+		<test url="http://germanamericanhour.buzzsprout.com/" />
+		<test url="http://gracepodcast.buzzsprout.com/" />
+		<test url="http://gracevalleyfellowship.buzzsprout.com/" />
+		<test url="http://greggrasso.buzzsprout.com/" />
+		<test url="http://hiltonheadpca.buzzsprout.com/" />
+		<test url="http://historyofchristianity.buzzsprout.com/" />
+		<test url="http://jadorroh.buzzsprout.com/" />
+		<test url="http://kidlitdrinknight.buzzsprout.com/" />
+		<test url="http://lindapinizzotto.buzzsprout.com/" />
+		<test url="http://maister1.buzzsprout.com/" />
+		<test url="http://manteobaptist.buzzsprout.com/" />
+		<test url="http://milliondollaragent.buzzsprout.com/" />
+		<test url="http://minterdialogue.buzzsprout.com/" />
+		<test url="http://moonwalktalks.buzzsprout.com/" />
+		<test url="http://mortis.buzzsprout.com/" />
+		<test url="http://mtpulaskicc.buzzsprout.com/" />
+		<test url="http://onespeedmma.buzzsprout.com/" />
+		<test url="http://pyromaniac.buzzsprout.com/" />
+		<test url="http://reports.buzzsprout.com/" />
+		<test url="http://sevenmileroad.buzzsprout.com/" />
+		<test url="http://soulwinningmotivator.buzzsprout.com/" />
+		<test url="http://stjosephsraleigh.buzzsprout.com/" />
+		<test url="http://supergamechat.buzzsprout.com/" />
+		<test url="http://tcc.buzzsprout.com/" />
+		<test url="http://tcfministries.buzzsprout.com/" />
+		<test url="http://theaussieradioshow.buzzsprout.com/" />
+		<test url="http://thegreendivas.buzzsprout.com/" />
+		<test url="http://thehollywoodsage.buzzsprout.com/" />
+		<test url="http://themooreshow.buzzsprout.com/" />
+		<test url="http://theradiodetective.buzzsprout.com/" />
+		<test url="http://thesgppodcast.buzzsprout.com/" />
+		<test url="http://thetopdeck.buzzsprout.com/" />
+		<test url="http://thetwobrandons.buzzsprout.com/" />
+		<test url="http://tompanos.buzzsprout.com/" />
+		<test url="http://tradefederation.buzzsprout.com/" />
+		<test url="http://trinityemc.buzzsprout.com/" />
+		<test url="http://wantsaword.buzzsprout.com/" />
+		<test url="http://washedupemo.buzzsprout.com/" />
+		<test url="http://web20show.buzzsprout.com/" />
+		<test url="http://weneedtotalk.buzzsprout.com/" />
+		<test url="http://yoda.buzzsprout.com/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.buzzsprout\.com$" name="^_buzzsprout_session$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/bvl.bund.de.xml b/src/chrome/content/rules/bvl.bund.de.xml
new file mode 100644
index 000000000000..951f9b0fedaa
--- /dev/null
+++ b/src/chrome/content/rules/bvl.bund.de.xml
@@ -0,0 +1,50 @@
+<!--
+	For other bund.de coverages, see Verwaltung_Online.xml.
+
+	Connection failed:
+		bedarf.bvl.bund.de
+		kosmetik.bvl.bund.de
+
+	Content mismatch:
+		office.fis-vl.bvl.bund.de
+		lwarn.bvl.bund.de
+
+	Invalid certificate:
+		opendata.bvl.bund.de
+		web.bvl.bund.de
+
+	Not found:
+		caldav.bs.bvl.bund.de
+		imap.bs.bvl.bund.de
+		mail.bs.bvl.bund.de
+		subs071.bs.bvl.bund.de
+		webmail.bs.bvl.bund.de
+		www.lwarn.bvl.bund.de
+		www.meldestelle.bvl.bund.de
+		www.portal.bvl.bund.de
+		www.portal2.bvl.bund.de
+		www.sso.bvl.bund.de
+
+	Timeout:
+		btl.bvl.bund.de
+		portal2.bvl.bund.de
+		sso.bvl.bund.de
+-->
+<ruleset name="Bundesamt für Verbraucherschutz und Lebensmittelsicherheit">
+	<!-- Federal Office of Consumer Protection and Food Safety -->
+
+	<target host="bvl.bund.de" />
+	<target host="www.bvl.bund.de" />
+	<target host="apps2.bvl.bund.de" />
+	<target host="euginius.bvl.bund.de" />
+	<target host="fis-vl.bvl.bund.de" />
+	<target host="formularcenter.bvl.bund.de" />
+	<target host="katalogportal.bvl.bund.de" />
+	<target host="meldestelle.bvl.bund.de" />
+	<target host="portal.bvl.bund.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/bws.com.au.xml b/src/chrome/content/rules/bws.com.au.xml
new file mode 100644
index 000000000000..68d5ce53599e
--- /dev/null
+++ b/src/chrome/content/rules/bws.com.au.xml
@@ -0,0 +1,35 @@
+<!--
+	For other Woolworths coverage, see Woolworths.com.au.xml
+
+
+	Nonfunctional subdomains:
+
+		- e		(mismatch hostname, CN: *.chtah.com)
+		- ebm		(mismatch hostname, CN: *.cheetahmail.com)
+		- f.e		(mismatch hostname, CN: *.chtah.com)
+		- reg.e		(mismatch hostname, CN: *.cheetahmail.com)
+		- images	(timeout)
+		- service	(timeout)
+
+-->
+<ruleset name="BWS.com.au">
+
+	<target host="bws.com.au" />
+	<target host="www.bws.com.au" />
+	<target host="api.bws.com.au" />
+	<target host="dev.bws.com.au" />
+	<target host="devapi.bws.com.au" />
+	<target host="edgmedia.bws.com.au" />
+	<target host="email.bws.com.au" />
+	<target host="m.bws.com.au" />
+	<target host="mobile.bws.com.au" />
+	<target host="pilot.bws.com.au" />
+	<target host="pilotapi.bws.com.au" />
+	<target host="uat.bws.com.au" />
+	<target host="uatapi.bws.com.au" />
+
+	<securecookie host="^bws\.com\.au$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/bytes.com.xml b/src/chrome/content/rules/bytes.com.xml
new file mode 100644
index 000000000000..50458dd6680a
--- /dev/null
+++ b/src/chrome/content/rules/bytes.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these domains: ᶜ
+
+		- .bytes.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Bytes.com">
+
+	<target host="bytes.com" />
+	<target host="www.bytes.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.bytes\.com$" name="^bbsessionhash$" /-->
+
+	<securecookie host="^\." name="^bb" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ca.cz.xml b/src/chrome/content/rules/ca.cz.xml
new file mode 100644
index 000000000000..32d507f39920
--- /dev/null
+++ b/src/chrome/content/rules/ca.cz.xml
@@ -0,0 +1,9 @@
+<!--
+	For other Active24.cz coverage, see active24.cz.xml.
+-->
+<ruleset name="CA.cz">
+	<target host="ca.cz" />
+	<target host="www.ca.cz" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/caat.org.uk.xml b/src/chrome/content/rules/caat.org.uk.xml
new file mode 100644
index 000000000000..05a5a2a651e2
--- /dev/null
+++ b/src/chrome/content/rules/caat.org.uk.xml
@@ -0,0 +1,20 @@
+<!--
+	Campaign Against Arms Trade
+
+-->
+<ruleset name="CAAT.org.uk">
+
+	<target host="caat.org.uk" />
+	<target host="blog.caat.org.uk" />
+	<target host="crm.caat.org.uk" />
+	<target host="universities.caat.org.uk" />
+	<target host="www.caat.org.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/cackle.me.xml b/src/chrome/content/rules/cackle.me.xml
new file mode 100644
index 000000000000..6856e90ed763
--- /dev/null
+++ b/src/chrome/content/rules/cackle.me.xml
@@ -0,0 +1,36 @@
+<!--
+	Invalid certificate:
+		d.cackle.me
+		cms.cackle.me
+
+	Redirect to HTTP:
+		media.cackle.me
+
+	Refused:
+		f.cackle.me
+		forum.cackle.me
+
+	Time out:
+		e.cackle.me
+		g.cackle.me
+		pop3.cackle.me
+		smtp.cackle.me
+		test.cackle.me
+-->
+<ruleset name="cackle.me">
+	<target host="cackle.me" />
+	<target host="www.cackle.me" />
+	<target host="admin.cackle.me" />
+	<target host="blog.cackle.me" />
+	<target host="h.cackle.me" />
+	<target host="i.cackle.me" />
+	<target host="j.cackle.me" />
+	<target host="rt3.cackle.me" />
+	<target host="rt4.cackle.me" />
+	<target host="rt5.cackle.me" />
+	<target host="ru.cackle.me" />
+	<target host="test2.cackle.me" />
+	<target host="widget.cackle.me" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/cacti.net.xml b/src/chrome/content/rules/cacti.net.xml
new file mode 100644
index 000000000000..831feba76ad5
--- /dev/null
+++ b/src/chrome/content/rules/cacti.net.xml
@@ -0,0 +1,10 @@
+<ruleset name="cacti.net">
+	<target host="www.cacti.net" />
+	<target host="cacti.net" />
+	<target host="docs.cacti.net" />
+	<target host="forums.cacti.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/cadlink.com.xml b/src/chrome/content/rules/cadlink.com.xml
new file mode 100644
index 000000000000..bcd96bae510d
--- /dev/null
+++ b/src/chrome/content/rules/cadlink.com.xml
@@ -0,0 +1,27 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- cadlink.com
+		- dealers.cadlink.com
+		- www.cadlink.com
+
+-->
+<ruleset name="CADlink.com">
+
+	<target host="cadlink.com" />
+	<target host="dealers.cadlink.com" />
+	<target host="store.cadlink.com" />
+	<target host="www.cadlink.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:dealers\.|www\.)?cadlink\.com$" name="^[\da-f]{32}$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/calastone.com.xml b/src/chrome/content/rules/calastone.com.xml
new file mode 100644
index 000000000000..7f06b60bc0a4
--- /dev/null
+++ b/src/chrome/content/rules/calastone.com.xml
@@ -0,0 +1,24 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- ctn.calastone.com
+
+-->
+<ruleset name="Calastone.com">
+
+	<target host="calastone.com" />
+	<target host="ctn.calastone.com" />
+	<target host="www.calastone.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^ctn\.calastone\.com$" name="^\.ASPXANONYMOUS$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/callrail.com.xml b/src/chrome/content/rules/callrail.com.xml
new file mode 100644
index 000000000000..b32c613b2e03
--- /dev/null
+++ b/src/chrome/content/rules/callrail.com.xml
@@ -0,0 +1,53 @@
+<!--
+	CDN buckets:
+
+		- s3.amazonaws.com/calltrk-production/
+
+
+	Nonfunctional hosts in *callrail.com:
+
+		- status ʳ
+
+	ʳ Tumblr / refused
+
+
+	Problematic hosts in *callrail.com:
+
+		- apidocs ᵐ
+
+	ᵐ GitHub / mismatched
+
+
+	These altnames do not exist:
+
+		- www.cdn.callrail.com
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- app.callrail.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="CallRail.com (partial)">
+
+	<target host="callrail.com" />
+	<target host="app.callrail.com" />
+	<target host="cdn.callrail.com" />
+	<target host="support.callrail.com" />
+	<target host="www.callrail.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^app\.callrail\.com$" name="^_CallRail_session$" /-->
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/cambridge.gov.uk.xml b/src/chrome/content/rules/cambridge.gov.uk.xml
new file mode 100644
index 000000000000..2f4d8307490b
--- /dev/null
+++ b/src/chrome/content/rules/cambridge.gov.uk.xml
@@ -0,0 +1,77 @@
+<!--
+	Cambridge City Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *cambridge.gov.uk:
+
+		- bins ʰ
+		- democracy ʳ
+		- envhealth ᵃ
+		- licences ᵃ
+
+	ᵃ Shows another domain
+	ʰ Redirects to http
+	ʳ Refused
+
+
+	Problematic hosts in *cambridge.gov.uk:
+
+		- lnr ᵐ
+		- mayor ᵃ
+
+	ᵃ Shows another domain, preemptable redirect
+	ᵐ Mismatched
+
+
+	These altnames do not exist:
+
+		- www.landlord.cambridge.gov.uk
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- erevenues.cambridge.gov.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Cambridge.gov.uk (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="cambridge.gov.uk" />
+	<target host="erevenues.cambridge.gov.uk" />
+	<target host="idox.cambridge.gov.uk" />
+	<target host="landlord.cambridge.gov.uk" />
+	<target host="www.cambridge.gov.uk" />
+
+		<!--	Sets cookie without Secure:
+							-->
+		<!--test url="http://erevenues.cambridge.gov.uk/eRevenues/RevenuesScreens/SelfServeAssessment/Error_Logout.aspx" /-->
+
+	<!--	Complications:
+				-->
+	<target host="mayor.cambridge.gov.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^erevenues\.cambridge\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<!--	Redirect keeps path and args,
+		but not forward slash:
+					-->
+	<rule from="^http://mayor\.cambridge\.gov\.uk/+"
+		to="https://cambridgemayor.wordpress.com/" />
+
+		<test url="http://mayor.cambridge.gov.uk/index.htm" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/cambridgelivetrust.co.uk.xml b/src/chrome/content/rules/cambridgelivetrust.co.uk.xml
new file mode 100644
index 000000000000..007c68487c84
--- /dev/null
+++ b/src/chrome/content/rules/cambridgelivetrust.co.uk.xml
@@ -0,0 +1,13 @@
+<ruleset name="Cambridge Live Trust.co.uk">
+
+	<target host="cambridgelivetrust.co.uk" />
+	<target host="www.cambridgelivetrust.co.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/cambridgeshire.gov.uk.xml b/src/chrome/content/rules/cambridgeshire.gov.uk.xml
new file mode 100644
index 000000000000..5a5736475d2c
--- /dev/null
+++ b/src/chrome/content/rules/cambridgeshire.gov.uk.xml
@@ -0,0 +1,61 @@
+<!--
+	For other UK government coverage, see
+		+ GOV.UK.xml
+
+	Non-functional hosts
+		Timeout was reached:
+		- arc3.cambridgeshire.gov.uk
+		- data.cambridgeshire.gov.uk
+		- planning.cambridgeshire.gov.uk
+		- ras001.cambridgeshire.gov.uk
+		- ras002.cambridgeshire.gov.uk
+		- voyager.cambridgeshire.gov.uk
+
+		SSL connect error:
+		- www.slc.cambridgeshire.gov.uk
+
+		SSL peer certificate was not OK:
+		- cctm-net.cambridgeshire.gov.uk
+		- hpac.cambridgeshire.gov.uk
+		- pensions.cambridgeshire.gov.uk
+		- www4.cambridgeshire.gov.uk
+
+		Server returned nothing (no headers, no data):
+		- cctm-ssl.cambridgeshire.gov.uk
+
+		Status code mismatch:
+		- cambridgeshire.gov.uk
+		- cctm-gov.cambridgeshire.gov.uk
+		- parking.cambridgeshire.gov.uk
+
+		4xx client error:
+		- atlas.cambridgeshire.gov.uk
+		- cmis.cambridgeshire.gov.uk
+		- hbsmrgateway.cambridgeshire.gov.uk
+		- mail.cambridgeshire.gov.uk
+		- www2.cambridgeshire.gov.uk
+
+		5xx server error:
+		- forms.cambridgeshire.gov.uk
+-->
+<ruleset name="Cambridgeshire.gov.uk">
+	<target host="www.cambridgeshire.gov.uk" />
+	<target host="arc.cambridgeshire.gov.uk" />
+	<target host="bb.cambridgeshire.gov.uk" />
+	<target host="bluebadge.cambridgeshire.gov.uk" />
+	<target host="buspass.cambridgeshire.gov.uk" />
+	<target host="buswaytickets.cambridgeshire.gov.uk" />
+	<target host="calm.cambridgeshire.gov.uk" />
+	<target host="casey.cambridgeshire.gov.uk" />
+	<target host="ems.cambridgeshire.gov.uk" />
+	<target host="highwaysreporting.cambridgeshire.gov.uk" />
+	<target host="hipweb.cambridgeshire.gov.uk" />
+	<target host="ibistro.cambridgeshire.gov.uk" />
+	<target host="mft.cambridgeshire.gov.uk" />
+	<target host="netloan.cambridgeshire.gov.uk" />
+	<target host="my.cambridgeshire.gov.uk" />
+	<target host="wdt.cambridgeshire.gov.uk" />
+	<target host="www5.cambridgeshire.gov.uk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/cambridgeshire.net.xml b/src/chrome/content/rules/cambridgeshire.net.xml
new file mode 100644
index 000000000000..2147ee73083e
--- /dev/null
+++ b/src/chrome/content/rules/cambridgeshire.net.xml
@@ -0,0 +1,23 @@
+<!--
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Mixed content:
+
+		- Images on www from $self ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Cambridgeshire.net">
+
+	<target host="www.cambridgeshire.net" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/camopedia.org.xml b/src/chrome/content/rules/camopedia.org.xml
new file mode 100644
index 000000000000..32afba0491b4
--- /dev/null
+++ b/src/chrome/content/rules/camopedia.org.xml
@@ -0,0 +1,20 @@
+<ruleset name="camopedia.org">
+	<target host="camopedia.org" />
+	<target host="www.camopedia.org" />
+	<target host="autodiscover.camopedia.org" />
+	<target host="camouflageindex.camopedia.org" />
+	<target host="www.camouflageindex.camopedia.org" />
+	<target host="camouflagesociety.camopedia.org" />
+	<target host="cpanel.camopedia.org" />
+	<target host="cpcalendars.camopedia.org" />
+	<target host="cpcontacts.camopedia.org" />
+	<target host="forum.camopedia.org" />
+	<target host="www.forum.camopedia.org" />
+	<target host="mail.camopedia.org" />
+	<target host="smf.camopedia.org" />
+	<target host="www.smf.camopedia.org" />
+	<target host="webdisk.camopedia.org" />
+	<target host="webmail.camopedia.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/campaignforhouston.com.xml b/src/chrome/content/rules/campaignforhouston.com.xml
new file mode 100644
index 000000000000..11522d42696c
--- /dev/null
+++ b/src/chrome/content/rules/campaignforhouston.com.xml
@@ -0,0 +1,21 @@
+<!--
+	Mixed content:
+
+		- Images from www.campaignforhouston.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Campaign for Houston.com">
+
+	<target host="campaignforhouston.com" />
+	<target host="www.campaignforhouston.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/campustechnology.com.xml b/src/chrome/content/rules/campustechnology.com.xml
new file mode 100644
index 000000000000..72060d970f6a
--- /dev/null
+++ b/src/chrome/content/rules/campustechnology.com.xml
@@ -0,0 +1,24 @@
+<!--
+	For other 1105 Media coverage, see 1105_Media.com.xml.
+
+
+	Mixed content:
+
+		- css from fonts.googleapis.com ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="Campus Technology.com">
+
+	<target host="campustechnology.com" />
+	<target host="www.campustechnology.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/camscanner.com.xml b/src/chrome/content/rules/camscanner.com.xml
new file mode 100644
index 000000000000..482926a5ce91
--- /dev/null
+++ b/src/chrome/content/rules/camscanner.com.xml
@@ -0,0 +1,36 @@
+<!--
+	Insecure cookies are set for these domains: ᶜ
+
+		- .camscanner.com
+		- .blog.camscanner.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="CamScanner.com">
+
+	<target host="camscanner.com" />
+	<target host="blog.camscanner.com" />
+	<target host="dev.camscanner.com" />
+	<target host="w103.camscanner.com" />
+	<target host="www.camscanner.com" />
+
+		<!--	Sets cookie without Secure:
+							-->
+		<!--test url="http://w103.camscanner.com/activity/referral?channel=cs_web_homepage" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.camscanner\.com$" name="^(?:_cs_stat|_cs[cl]|JSESSID|ur_i_uv)$" /-->
+	<!--securecookie host="^\.blog\.camscanner\.com$" name="^qtrans_cookie_test$" /-->
+
+	<securecookie host="^\." name="^_cs_stat" />
+	<securecookie host="^\.blog\." name=".+" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/cancerresearchuk.org.xml b/src/chrome/content/rules/cancerresearchuk.org.xml
new file mode 100644
index 000000000000..1e4c16be7b4d
--- /dev/null
+++ b/src/chrome/content/rules/cancerresearchuk.org.xml
@@ -0,0 +1,242 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://crukip.cancerresearchuk.org/ => https://crukip.cancerresearchuk.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://egms.cancerresearchuk.org/ => https://egms.cancerresearchuk.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://everymomentcounts.cancerresearchuk.org/ => https://everymomentcounts.cancerresearchuk.org/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://survey.cancerresearchuk.org/ => https://survey.cancerresearchuk.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	Nonfunctional hosts in *cancerresearchuk.org:
+
+		- citscitools ᵈ
+		- donate ᵈ
+		- scienceblog ʰ
+
+	ᵈ Dropped
+	ʰ Redirects to http
+
+
+	Problematic hosts in *cancerresearchuk.org:
+
+		- ^ *
+		- cancerhelp ᵉ
+		- info ᵐ ᵘ
+
+	* Redirects to cancerhelp.cancerresearchuk.org
+	ᵉ Expired
+	ᵐ Mismatched
+	ᵘ Untrusted root
+
+
+	Partially covered hosts in *cancerresearchuk.org:
+
+		- (www.)? ʰ
+		- donateinmemory ʰ
+		- myprojects ʰ
+		- raceforlife ʰ
+
+	ʰ Some pages redirect to http
+
+
+	Insecure cookies are set for these domains hosts:
+
+		- .cancerresearchuk.org
+		- crukip.cancerresearchuk.org
+		- egms.cancerresearchuk.org
+		- .giftshop.cancerresearchuk.org
+		- survey.cancerresearchuk.org
+
+
+	Mixed content:
+
+		- Bug on donateinmemory from view.atdmt.com ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="Cancer Research UK.org (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="crukip.cancerresearchuk.org" />
+	<target host="donateinmemory.cancerresearchuk.org" />
+	<target host="egms.cancerresearchuk.org" />
+	<target host="everymomentcounts.cancerresearchuk.org" />
+	<target host="giftshop.cancerresearchuk.org" />
+	<target host="myprojects.cancerresearchuk.org" />
+	<target host="raceforlife.cancerresearchuk.org" />
+	<target host="survey.cancerresearchuk.org" />
+	<target host="www.cancerresearchuk.org" />
+
+	<!--	Complications:
+				-->
+	<target host="cancerresearchuk.org" />
+
+		<!--	Redirect to http:
+						-->
+		<!--exclusion pattern="^http://donateinmemory\.cancerresearchuk\.org/(?:$|donate$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://donateinmemory\.cancerresearchuk\.org/+(?!\w+/(?:images|styles)|(?:create-a-page|login)/*(?:$|\?|/p/))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://donateinmemory.cancerresearchuk.org/about-us" />
+			<test url="http://donateinmemory.cancerresearchuk.org/about-us/contact-us" />
+			<test url="http://donateinmemory.cancerresearchuk.org/about-us/what-is-donate-in-memory" />
+			<test url="http://donateinmemory.cancerresearchuk.org/donate" />
+			<test url="http://donateinmemory.cancerresearchuk.org/faq" />
+			<test url="http://donateinmemory.cancerresearchuk.org/fundraising-ideas" />
+			<test url="http://donateinmemory.cancerresearchuk.org/how-it-works" />
+			<test url="http://donateinmemory.cancerresearchuk.org/how-your-money-helps" />
+			<test url="http://donateinmemory.cancerresearchuk.org/how-your-money-helps" />
+			<test url="http://donateinmemory.cancerresearchuk.org/privacy" />
+
+			<!--	-ve:
+					-->
+			<test url="http://donateinmemory.cancerresearchuk.org/create-a-page" /><!-- mixed bug -->
+			<test url="http://donateinmemory.cancerresearchuk.org/dim/images/shadow-box-l.png" />
+			<test url="http://donateinmemory.cancerresearchuk.org/dim/styles/print.css" />
+			<test url="http://donateinmemory.cancerresearchuk.org/gic/images/cruk-logo-new.gif" />
+			<test url="http://donateinmemory.cancerresearchuk.org/media/images/donate-now.gif" />
+			<test url="http://donateinmemory.cancerresearchuk.org/login" />
+			<test url="http://donateinmemory.cancerresearchuk.org/login/p/forced/1" />
+
+		<!--	Redirect to http:
+						-->
+		<!--exclusion pattern="^http://myprojects\.cancerresearchuk\.org/(?:$|contact-us$|p/showlogin/1$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://myprojects\.cancerresearchuk\.org/+(?!favicon\.ico|public/|register(?:$|[?/])|templates/|uploads/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://myprojects.cancerresearchuk.org/contact-us" />
+			<test url="http://myprojects.cancerresearchuk.org/fundraise" />
+			<test url="http://myprojects.cancerresearchuk.org/fundraise/faqs" />
+			<test url="http://myprojects.cancerresearchuk.org/p/showlogin/1" />
+			<test url="http://myprojects.cancerresearchuk.org/projects" />
+			<test url="http://myprojects.cancerresearchuk.org/projects/edinburgh-research" />
+			<test url="http://myprojects.cancerresearchuk.org/projects/francis-crick-institute" />
+			<test url="http://myprojects.cancerresearchuk.org/projects/rare-cancers-help-improve-treatments" />
+
+			<!--	-ve:
+					-->
+			<test url="http://myprojects.cancerresearchuk.org/favicon.ico" />
+			<test url="http://myprojects.cancerresearchuk.org/public/images/local/footerlistbg.gif" />
+			<test url="http://myprojects.cancerresearchuk.org/register" />
+			<test url="http://myprojects.cancerresearchuk.org/register/p/comingfrom/%2F" />
+			<test url="http://myprojects.cancerresearchuk.org/templates/default/styles/supportproject.css" />
+			<test url="http://myprojects.cancerresearchuk.org/uploads/photos/users/42x42/placeholder.jpg" />
+
+		<!--	Redirect to http:
+						-->
+		<!--exclusion pattern="^http://publications\.cancerresearchuk\.org/(?:$|forgotten-password/forgotten-password\.html)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://publications\.cancerresearchuk\.org/+(?!CSS/|Login\.aspx|Scripts/.+\.css|SiteImages/|downloads/[Pp]roduct/|admin/Images/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://publications.cancerresearchuk.org/Assets/Flash/Publications%20bannerJan2012FINAL.swf" />
+			<test url="http://publications.cancerresearchuk.org/cancerstats" />
+			<test url="http://publications.cancerresearchuk.org/cancertype" />
+			<test url="http://publications.cancerresearchuk.org/forgotten-password/forgotten-password.html" />
+			<test url="http://publications.cancerresearchuk.org/home" />
+			<test url="http://publications.cancerresearchuk.org/order_help" />
+			<test url="http://publications.cancerresearchuk.org/patientinfo" />
+			<test url="http://publications.cancerresearchuk.org/patientinfo/patientclinicaltrials" />
+			<test url="http://publications.cancerresearchuk.org/publicationformat" />
+
+			<!--	-ve:
+					-->
+			<test url="http://publications.cancerresearchuk.org/CSS/thickbox.css" />
+			<test url="http://publications.cancerresearchuk.org/Login.aspx" />
+			<test url="http://publications.cancerresearchuk.org/Scripts/star-rating/jquery.rating.css" />
+			<test url="http://publications.cancerresearchuk.org/SiteImages/main_nav_tab_tl.gif" />
+			<test url="http://publications.cancerresearchuk.org/admin/Images/wysiwyg/App%20muffin.JPG" />
+
+		<!--	Redirect to http:
+						-->
+		<!--exclusion pattern="http://raceforlife\.cancerresearchuk\.org/(?:$|(?:prize-draw|shop|utilities/contact-us)/index\.html|index\.html)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="http://raceforlife\.cancerresearchuk\.org/+(?!\w+/assets/(?:css|img)/|.+/groups/.+/documents/digitalmedia/|konakart-images/|rfl/forms/shop/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://raceforlife.cancerresearchuk.org/index.html" />
+			<test url="http://raceforlife.cancerresearchuk.org/prize-draw/index.html" />
+			<test url="http://raceforlife.cancerresearchuk.org/raise-money/" />
+			<test url="http://raceforlife.cancerresearchuk.org/schools/" />
+			<test url="http://raceforlife.cancerresearchuk.org/shop/index.html" />
+			<test url="http://raceforlife.cancerresearchuk.org/training/racercise/" />
+			<test url="http://raceforlife.cancerresearchuk.org/types-of-event/marathon/" />
+			<test url="http://raceforlife.cancerresearchuk.org/utilities/contact-us/index.html" />
+			<test url="http://raceforlife.cancerresearchuk.org/utilities/faqs/" />
+
+			<!--	-ve:
+					-->
+			<test url="http://raceforlife.cancerresearchuk.org/cs/groups/cr_common/@rfl/@gen/documents/digitalmedia/mdaw/mdix/~edisp/029581.jpg" />
+			<test url="http://raceforlife.cancerresearchuk.org/konakart-images/waterbottle_2.jpg" />
+			<test url="http://raceforlife.cancerresearchuk.org/rfl/assets/css/img/sprite.png" />
+			<test url="http://raceforlife.cancerresearchuk.org/rfl/assets/img/brand/rfl_logo.png" />
+			<test url="http://raceforlife.cancerresearchuk.org/rfl/forms/shop/shop.jsf" />
+			<test url="http://raceforlife.cancerresearchuk.org/rfl/forms/shop/shop_product.jsf?productId=330&amp;categoryId=23" />
+			<test url="http://raceforlife.cancerresearchuk.org/wcm/assets/css/img/bullet-pinkarrow.png" />
+			<test url="http://raceforlife.cancerresearchuk.org/wcm/idc/groups/cr_common/@rfl/@gen/documents/digitalmedia/mdaw/mdix/~edisp/029581.jpg" />
+
+		<!--	Redirect to http:
+						-->
+		<!--exclusion pattern="^http://www\.cancerresearchuk\.org/(?:$|about-cancer/$|overlays/common/css/|support-us/donate$|donate/donate-by-cancer-type$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://(?:www\.)?cancerresearchuk\.org/+(?!(?:cr_weblayout/(?:megamenu/)?images/|prod_consump/(?:groups/.+/(?:image|stylesheet)|images|megamenu/stylesheets|resources)/|sites/))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.cancerresearchuk.org/about-cancer/" />
+			<test url="http://www.cancerresearchuk.org/about-cancer/type/all/" />
+			<test url="http://www.cancerresearchuk.org/about-us" />
+			<test url="http://www.cancerresearchuk.org/accessibility" />
+			<test url="http://www.cancerresearchuk.org/furle" />
+			<test url="http://www.cancerresearchuk.org/overlays/common/css/modal-overlay.css" />
+			<test url="http://www.cancerresearchuk.org/privacy-statement" />
+			<test url="http://www.cancerresearchuk.org/support-us" />
+			<test url="http://www.cancerresearchuk.org/support-us/donate" />
+			<test url="http://www.cancerresearchuk.org/support-us/donate/donate-by-cancer-type" />
+
+			<!--	-ve:
+					-->
+
+			<test url="http://cancerresearchuk.org/cr_weblayout/images/CRUK_Fragments/cr_com_bul_magenta.png" />
+			<test url="http://www.cancerresearchuk.org/cr_weblayout/megamenu/images/facebook.gif" />
+			<test url="http://www.cancerresearchuk.org/prod_consump/groups/cr_common/@inm/@gen/documents/image/enewsletter_icon_new_brand.png" />
+			<test url="http://www.cancerresearchuk.org/prod_consump/images/CRUK_Fragments/submit-rating-light.gif" />
+			<test url="http://www.cancerresearchuk.org/prod_consump/groups/cr_ta/@inm/@gen/documents/stylesheet/cruk_footer_stylesheet.css" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.cancerresearchuk\.org$" name="^ObSSOCookie$" /-->
+	<!--securecookie host="^crukip\.cancerresearchuk\.org$" name="^ObFormLoginCookie$" /-->
+	<!--securecookie host="^egms\.cancerresearchuk\.org$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^\.giftshop\.cancerresearchuk\.org$" name="^frontend$" /-->
+	<!--securecookie host="^survey\.cancerresearchuk\.org$" name="^Prezza$" /-->
+
+	<securecookie host="^\." name="^(?:__qca|_gat?)$" />
+	<securecookie host="^(?:crukip|egms|\.giftshop|survey)\." name=".+" />
+
+
+	<rule from="^http://cancerresearchuk\.org/"
+		to="https://www.cancerresearchuk.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/canddi.com.xml b/src/chrome/content/rules/canddi.com.xml
new file mode 100644
index 000000000000..b6eba89af537
--- /dev/null
+++ b/src/chrome/content/rules/canddi.com.xml
@@ -0,0 +1,32 @@
+<!--
+	Problematic hosts in *canddi.com:
+
+		- ^ ⁵
+		- press ᵐ
+
+	⁵ 504
+	ᵐ Mismached
+
+-->
+<ruleset name="CANDDi.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="i.canddi.com" />
+	<target host="www.canddi.com" />
+
+	<!--	Complications:
+				-->
+	<target host="canddi.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://canddi\.com/"
+		to="https://www.canddi.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/candelatech.com.xml b/src/chrome/content/rules/candelatech.com.xml
new file mode 100644
index 000000000000..5b28e7d28382
--- /dev/null
+++ b/src/chrome/content/rules/candelatech.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="candelatech.com">
+	<target host="candelatech.com" />
+	<rule from="^http://candelatech\.com/" to="https://www.candelatech.com/" /> <!-- mismatch -->
+
+	<target host="www.candelatech.com" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/candwich.com.xml b/src/chrome/content/rules/candwich.com.xml
new file mode 100644
index 000000000000..d6a78dcf1c2f
--- /dev/null
+++ b/src/chrome/content/rules/candwich.com.xml
@@ -0,0 +1,23 @@
+<!--
+
+	Problematic hosts in *markonefoods.com:
+
+		- ^ (timeout over https)
+		- www (timeout over https)
+
+-->
+<ruleset name="candwich.com">
+
+	<target host="candwich.com" />
+	<target host="www.candwich.com" />
+	<target host="markonefoods.com" />
+	<target host="www.markonefoods.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://(www\.)?markonefoods\.com/"
+		to="https://candwich.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/caniuse.com.xml b/src/chrome/content/rules/caniuse.com.xml
new file mode 100644
index 000000000000..9fee80326e42
--- /dev/null
+++ b/src/chrome/content/rules/caniuse.com.xml
@@ -0,0 +1,16 @@
+<!--
+	Invalid certificate:
+		api.caniuse.com
+		beta.caniuse.com
+		old.caniuse.com
+		tests.caniuse.com
+
+-->
+<ruleset name="Can I use">
+
+	<target host="caniuse.com" />
+	<target host="www.caniuse.com" />
+
+	<rule from="^http:"	to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/cannockchasedc.gov.uk.xml b/src/chrome/content/rules/cannockchasedc.gov.uk.xml
new file mode 100644
index 000000000000..d85716d5b12d
--- /dev/null
+++ b/src/chrome/content/rules/cannockchasedc.gov.uk.xml
@@ -0,0 +1,26 @@
+<!--
+	Cannock Chase District Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Mixed content:
+
+		- Images from $self ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Cannock Chase DC.gov.uk">
+
+	<target host="cannockchasedc.gov.uk" />
+	<target host="www.cannockchasedc.gov.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/canon.com.au.xml b/src/chrome/content/rules/canon.com.au.xml
new file mode 100644
index 000000000000..3bbaf6b083e7
--- /dev/null
+++ b/src/chrome/content/rules/canon.com.au.xml
@@ -0,0 +1,74 @@
+<!--
+	Canon Australia
+
+	For other Canon coverage, see Canon.xml.
+
+
+	Nonfunctional hosts in *canon.com.au:
+
+		- ws ⁴
+
+	⁴ 404
+
+
+	Problematic hosts in *canon.com.au:
+
+		- my ʷ
+		- worldofeas ⁴
+
+	⁴ 404
+	ʷ Weak DHE key
+
+
+	These altnames do not exist:
+
+		- imagespectrum.canon.com.au
+		- secure.canon.com.au
+		- video.canon.com.au
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- canon.com.au
+		- .staffstore.canon.com.au
+		- .store.canon.com.au
+		- www.canon.com.au
+
+-->
+<ruleset name="Canon.com.au (partial)">
+
+	<target host="canon.com.au" />
+	<!--target host="galleryadmin.canon.com.au" />	404 vs 503 - needs tests -->
+	<!--target host="image.canon.com.au" />	404 vs 503 - needs tests -->
+	<!--target host="my.canon.com.au" /-->
+	<target host="staffstore.canon.com.au" />
+	<target host="store.canon.com.au" />
+	<target host="www.canon.com.au" />
+
+	<!--	Complications:
+				-->
+	<target host="worldofeas.canon.com.au" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?canon\.com\.au$" name="^BIGipServer" /-->
+	<!--securecookie host="^\.(?:staff)?store\.canon\.com\.au$" name="^frontend$" /-->
+	<!--securecookie host="^www\.canon\.com\.au$" name="^(?:ASP\.NET_SessionId|canonPageHistory|wwwau#lang)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+	<securecookie host="^\.(?:staff)?store\." name=".+" />
+
+
+	<!--	Redirect drops path and forward
+		slash but not args:
+					-->
+	<rule from="^http://worldofeas\.canon\.com\.au/[^?]*"
+		to="https://www.canon.com.au/worldofeos/" />
+
+		<test url="http://worldofeas.canon.com.au/default.aspx" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/capita-software.co.uk.xml b/src/chrome/content/rules/capita-software.co.uk.xml
new file mode 100644
index 000000000000..16844b537665
--- /dev/null
+++ b/src/chrome/content/rules/capita-software.co.uk.xml
@@ -0,0 +1,67 @@
+<!--
+	CDN buckets:
+
+		- cssmarketing.blob.core.windows.net
+		- netccapita.blob.core.windows.net
+
+
+	Problematic hosts in *capita-software.co.uk:
+
+		- storage ᵐ
+
+	ᵐ Mismatched
+
+
+	^capita-software.co.uk does not exist.
+
+-->
+<ruleset name="Capita-Software.co.uk (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="mysupport.capita-software.co.uk" />
+	<target host="www.capita-software.co.uk" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.capita-software\.co\.uk/(?:$|about-us$|case-studies$|corporate/customer-support$|events$|libraries/prism$|markets$|news$|solutions$|technical-services$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.capita-software\.co\.uk/(?!/*sitefiles/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.capita-software.co.uk/about-us" />
+			<test url="http://www.capita-software.co.uk/case-studies" />
+			<!--test url="http://www.capita-software.co.uk/corporate/contact-us" /-->
+			<!--test url="http://www.capita-software.co.uk/corporate/customer-support" /-->
+			<!--test url="http://www.capita-software.co.uk/events" /-->
+			<!--test url="http://www.capita-software.co.uk/libraries/prism" /-->
+			<!--test url="http://www.capita-software.co.uk/markets" /-->
+			<!--test url="http://www.capita-software.co.uk/news" /-->
+			<!--test url="http://www.capita-software.co.uk/solutions" /-->
+			<!--test url="http://www.capita-software.co.uk/technical-services" /-->
+
+			<!--	-ve:
+					-->
+			<test url="http://www.capita-software.co.uk/sitefiles/images/pixel-opacity.png" />
+
+	<!--	Complications:
+				-->
+	<target host="storage.capita-software.co.uk" />
+
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^[^.w]" name=".+" />
+
+
+	<rule from="^http://storage\.capita-software\.co\.uk/"
+		to="https://cssmarketing.blob.core.windows.net/" />
+
+		<test url="http://storage.capita-software.co.uk/cmsstorage/capita/media/solutions/solutions_teasers/incomecollection-in-health_teaser.jpg?ext=.jpg" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/capitadiscovery.co.uk.xml b/src/chrome/content/rules/capitadiscovery.co.uk.xml
new file mode 100644
index 000000000000..0c596d914d33
--- /dev/null
+++ b/src/chrome/content/rules/capitadiscovery.co.uk.xml
@@ -0,0 +1,48 @@
+<!--
+	www.capitadiscovery.co.uk: Dropped
+
+
+	Insecure cookies are set for these domains: ᶜ
+
+		- .capitadiscovery.co.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Ads, from:
+
+			- rcm-uk.amazon.co.uk
+			- ecx.images-amazon.com
+
+-->
+<ruleset name="Capita Discovery.co.uk">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="capitadiscovery.co.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="www.capitadiscovery.co.uk" />
+
+		<!--	Mixed ads:
+					-->
+		<!--test url="http://capitadiscovery.co.uk/highland/" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.capitadiscovery\.co\.uk$" name="^session$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://www\.capitadiscovery\.co\.uk/"
+		to="https://capitadiscovery.co.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/captora.com.xml b/src/chrome/content/rules/captora.com.xml
new file mode 100644
index 000000000000..187390b87c37
--- /dev/null
+++ b/src/chrome/content/rules/captora.com.xml
@@ -0,0 +1,83 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://digitalmarketing.captora.com/css/mktLPSupportCompat.css (200) => https://na-sj09.marketo.com/css/mktLPSupportCompat.css (403)
+Non-2xx HTTP code: http://digitalmarketing.captora.com/rs/719-TVA-959/images/arrow_green.png (200) => https://na-sj09.marketo.com/rs/719-TVA-959/images/arrow_green.png (403)
+
+	Nonfunctional hosts in *captora.com:
+
+		- digitalmarketing ᵃ
+
+	ᵃ Marketo / shows another domain
+
+
+	Problematic hosts in *captora.com:
+
+		- resources ᵐ
+
+	ᵐ Uberflip / mismatched
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- blog, www from www.captora.com ˢ
+			- blog from blakebrysha.com
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Captora.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="captora.com" />
+	<target host="app.captora.com" />
+	<target host="cdn.captora.com" />
+	<target host="www.captora.com" />
+
+	<!--	Complications:
+				-->
+	<target host="digitalmarketing.captora.com" />
+	<target host="resources.captora.com" />
+
+		<exclusion pattern="^http://digitalmarketing\.captora\.com/(?!/*(?:$|\?|css/|rs/|images/))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://digitalmarketing.captora.com/4-Trends-in-Paid-Search-Strategy_4-Trends-in-Paid-Search-Strategy.html" />
+			<test url="http://digitalmarketing.captora.com/ABMTOFU-Webinar-1072015_Registration-Landing-Page.html" />
+			<test url="http://digitalmarketing.captora.com/CMOGuideToGrowthMarketing.html" />
+			<test url="http://digitalmarketing.captora.com/Content-ROI-ebook-Download.html" />
+			<test url="http://digitalmarketing.captora.com/Marketo-Summit-2016_Meeting-Request-LP.html" />
+			<test url="http://digitalmarketing.captora.com/Organic_Registration-Page.html" />
+			<test url="http://digitalmarketing.captora.com/Revenue-Roundtable-Boston-Registration-Page.html" />
+			<test url="http://digitalmarketing.captora.com/You-Do-The-Math-Infographic_You-Do-The-Math-Infographic-2.html" />
+
+
+	<securecookie host="^(?!digitalmarketing\.)\w" name=".+" />
+
+
+	<!--	Redirect drops args and forward slash:
+							-->
+	<rule from="^http://digitalmarketing\.captora\.com/+(?:\?.*)?$"
+		to="https://captora.com/" />
+
+		<test url="http://digitalmarketing.captora.com/?" />
+
+	<rule from="^http://digitalmarketing\.captora\.com/"
+		to="https://na-sj09.marketo.com/" />
+
+		<test url="http://digitalmarketing.captora.com/css/mktLPSupportCompat.css" />
+		<test url="http://digitalmarketing.captora.com/rs/719-TVA-959/images/arrow_green.png" />
+
+	<rule from="^http://resources\.captora\.com/"
+		to="https://captora.uberflip.com/" />
+
+		<test url="http://resources.captora.com/h/i/215249913-the-ultimate-a-to-z-guide-to-content-types" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/caravan.ru.xml b/src/chrome/content/rules/caravan.ru.xml
new file mode 100644
index 000000000000..7963cc60825c
--- /dev/null
+++ b/src/chrome/content/rules/caravan.ru.xml
@@ -0,0 +1,42 @@
+<!--
+billing.caravan.ru ³
+block.caravan.ru ³
+corp.caravan.ru ³
+xmail.decart.caravan.ru ⁴
+komandor.caravan.ru ²
+www.komandor.caravan.ru ²
+krasota.caravan.ru ³
+ns.krasota.caravan.ru ⁷
+ns2.krasota.caravan.ru ³
+cp.lab.caravan.ru ⁴
+noc.caravan.ru ³
+ns.caravan.ru ²
+ns0.caravan.ru ²
+ns1.caravan.ru ²
+ns2.caravan.ru ²
+ns3.caravan.ru ²
+ns4.caravan.ru ²
+partner.caravan.ru ³
+safeguard.caravan.ru ³
+technohim.caravan.ru ²
+telehouse.caravan.ru ⁴
+
+
+² refused
+³ timed out
+⁴ self signed
+⁷ protocol error
+-->
+<ruleset name="caravan.ru">
+	<target host="caravan.ru" />
+	<target host="www.caravan.ru" />
+	<target host="cabinet.caravan.ru" />
+	<target host="cp.caravan.ru" />
+	<target host="pba-fusion.caravan.ru" />
+	<target host="shop.caravan.ru" />
+	<target host="support.caravan.ru" />
+	<target host="support.telehouse.caravan.ru" />
+	<target host="vesta.caravan.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/cardiff.gov.uk.xml b/src/chrome/content/rules/cardiff.gov.uk.xml
new file mode 100644
index 000000000000..3b19f6cddd1a
--- /dev/null
+++ b/src/chrome/content/rules/cardiff.gov.uk.xml
@@ -0,0 +1,115 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://active.cardiff.gov.uk/ => https://active.cardiff.gov.uk/: (60, 'SSL certificate problem: certificate has expired')
+
+	Cardiff County Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *cardiff.gov.uk:
+
+		- emerge ᶠ
+		- fis ᵇ
+		- ishare ᶠ
+		- www.roadsafety ʳ
+		- sites ⁴
+
+	⁴ 404
+	ᵇ Shows default page
+	ᶠ Handshake fails
+	ʳ Refused
+
+
+	Problematic hosts in *cardiff.gov.uk:
+
+		- ibistro ᵐ
+		- (www.)?surveys ᶜ
+
+	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
+	ᵐ Mismatched
+
+
+	Problematic hosts in *cardiff.gov.uk:
+
+		- formerly ʰ
+
+	ʰ Some pages redirect to http
+
+
+	Insecure cookies are set for these hosts:
+
+		- apps2.cardiff.gov.uk
+		- apps8.cardiff.gov.uk
+		- digigov.cardiff.gov.uk
+		- epay.cardiff.gov.uk
+		- foi.cardiff.gov.uk
+		- formerly.cardiff.gov.uk
+		- jobs.cardiff.gov.uk
+		- netloan.cardiff.gov.uk
+		- www.cardiff.gov.uk
+
+-->
+<ruleset name="Cardiff.gov.uk (partial)" default_off="failed ruleset test">
+
+	<target host="cardiff.gov.uk" />
+	<target host="active.cardiff.gov.uk" />
+	<target host="apps.cardiff.gov.uk" />
+	<target host="apps2.cardiff.gov.uk" />
+	<target host="apps8.cardiff.gov.uk" />
+	<target host="ctaxdd.cardiff.gov.uk" />
+	<target host="digigov.cardiff.gov.uk" />
+	<target host="emsonline.cardiff.gov.uk" />
+	<target host="epay.cardiff.gov.uk" />
+	<target host="foi.cardiff.gov.uk" />
+	<target host="hwrcforms.cardiff.gov.uk" />
+	<target host="jobs.cardiff.gov.uk" />
+	<target host="netloan.cardiff.gov.uk" />
+	<!--target host="surveys.cardiff.gov.uk" /-->
+	<!--target host="www.surveys.cardiff.gov.uk" /-->
+	<target host="www.cardiff.gov.uk" />
+
+		<!--	Set cookie without Secure:
+							-->
+		<!--test url="http://apps2.cardiff.gov.uk/educationtss/adminlogin.php" /-->
+		<!--test url="http://apps8.cardiff.gov.uk/leisureactivities/" /-->
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://formerly\.cardiff\.gov\.uk/content\.asp\?nav=2868" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://formerly\.cardiff\.gov\.uk/+(?!favicon\.ico|template/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://formerly.cardiff.gov.uk/content.asp?id=14527&amp;d1=0" />
+			<test url="http://formerly.cardiff.gov.uk/content.asp?id=2025" />
+			<test url="http://formerly.cardiff.gov.uk/content.asp?nav=2867,5636&amp;parent_directory_id=2865" />
+			<test url="http://formerly.cardiff.gov.uk/content.asp?nav=2868" />
+
+			<!--	-ve:
+					-->
+			<test url="http://formerly.cardiff.gov.uk/favicon.ico" />
+			<test url="http://formerly.cardiff.gov.uk/template/cardiff2/logo8.gif" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^apps2\.cardiff\.gov\.uk$" name="^educationtss$" /-->
+	<!--securecookie host="^apps8\.cardiff\.gov\.uk$" name="^CCCLAD$" /-->
+	<!--securecookie host="^(?:epay|jobs|netloan)\.cardiff\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^digigov\.cardiff\.gov\.uk$" name="^(?:JSESSION|SERVER)ID$" /-->
+	<!--securecookie host="^foi\.cardiff\.gov\.uk$" name="^(?:BIGipServer|WebAnalyticsSessionId2$)" /-->
+	<!--securecookie host="^formerly\.cardiff\.gov\.uk$" name="^COMS_COOKIE$" /-->
+	<!--securecookie host="^www\.cardiff\.gov\.uk$" name="^BIGipServer" /-->
+
+	<securecookie host="^(?!formerly\.)\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/carecareersdevon.org.uk.xml b/src/chrome/content/rules/carecareersdevon.org.uk.xml
new file mode 100644
index 000000000000..3a054f8c41e9
--- /dev/null
+++ b/src/chrome/content/rules/carecareersdevon.org.uk.xml
@@ -0,0 +1,22 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://carecareersdevon.org.uk/ => https://carecareersdevon.org.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'carecareersdevon.org.uk'")
+Fetch error: http://www.carecareersdevon.org.uk/ => https://www.carecareersdevon.org.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'www.carecareersdevon.org.uk'")
+
+	For other UK government coverage, see GOV.UK.xml.
+
+-->
+<ruleset name="Care Careers Devon.org.uk" default_off="failed ruleset test">
+
+	<target host="carecareersdevon.org.uk" />
+	<target host="www.carecareersdevon.org.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/careerbuilder.co.uk.xml b/src/chrome/content/rules/careerbuilder.co.uk.xml
new file mode 100644
index 000000000000..bf96c79c3777
--- /dev/null
+++ b/src/chrome/content/rules/careerbuilder.co.uk.xml
@@ -0,0 +1,78 @@
+<!--
+	For other CareerBuilder coverage, see CareerBuilder.xml.
+
+
+	Nonfunctional hosts in *careerbuilder.co.uk:
+
+		- advice ᶠ
+		- blog ʳ
+		- mobile ʰ
+
+	ᶠ Handshake fails
+	ʰ Redirects to http
+	ʳ Refused
+
+
+	Problematic hosts in *careerbuilder.co.uk:
+
+		- hiring ᴬ
+		- yahoo ᵐ
+
+	ᴬ Akamai / mismatched
+	ᵐ Mismatched
+
+
+	Clients have unique subdomains.
+
+
+	Insecure cookies are set for these domains: ᶜ
+
+		- .careerbuilder.co.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css, on:
+
+			- www from fonts.googleapis.com ˢ
+
+		- Images, on:
+
+			- hiring from $self ᵐ
+			- hiring from careerbuilder.semblancedesign.co.uk ⁴
+			- www from blog.careerbuilder.co.uk ʳ
+			- www from img.icbdr.com ˢ
+			- yahoo from l.yimg.com ˢ
+
+		- Ads/bugs, on:
+
+			- hiring from www.gblwebcen.com
+			- www from adserver.adtechus.com ˢ
+			- yahoo from cbglobal.112.2o7.net ˢ
+
+	⁴ Unsecurable <= 404
+	ʳ Unsecurable <= refused
+	ᵐ Not secured by us <= mismatched
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="CareerBuilder.co.uk (partial)" platform="mixedcontent">
+
+	<target host="careerbuilder.co.uk" />
+	<target host="www.careerbuilder.co.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.careerbuilder\.co\.uk$" name="^(?:BID|CB_SID|PU)$" /-->
+
+	<securecookie host="^\." name="^(?:_ga|s_v)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/careerbuilder.no.xml b/src/chrome/content/rules/careerbuilder.no.xml
new file mode 100644
index 000000000000..1fb4fef5002a
--- /dev/null
+++ b/src/chrome/content/rules/careerbuilder.no.xml
@@ -0,0 +1,59 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://api.careerbuilder.no/ (200) => https://api.careerbuilder.com/ (404)
+
+	For other CareerBuilder coverage, see CareerBuilder.xml.
+
+
+	Problematic hosts in *careerbuilder.no:
+
+		- api ᵐ
+
+	ᵐ Mismatched
+
+
+
+	Mixed content:
+
+		- css on www from $self ˢ
+		- Images on www from img.icbdr.com ˢ
+
+		- Ads / bugs, on:
+
+			- www from cbglobal.112.2o7.net ˢ
+			- www from admin.brightcove.com
+			- www from pagead2.googlesyndication.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="CareerBuilder.no" platform="mixedcontent" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="careerbuilder.no" />
+	<target host="www.careerbuilder.no" />
+
+		<!--	Mixed css:
+					-->
+		<test url="http://www.careerbuilder.no/no/jobseeker/jobs/jobdetails.aspx?Job_DID=J3L6Z66JJMZTGT5H630" />
+
+	<!--	Complications:
+				-->
+	<target host="api.careerbuilder.no" />
+
+
+	<securecookie host="^\." name="^(?:_ga|s_v)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://api\.careerbuilder\.no/"
+		to="https://api.careerbuilder.com/" />
+
+		<test url="http://api.careerbuilder.no/v1/joblink?TrackingID=UNTRKD&amp;HostSite=NO&amp;DID=J3L6Z66JJMZTGT5H630" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/careerbuildercareers.com.xml b/src/chrome/content/rules/careerbuildercareers.com.xml
new file mode 100644
index 000000000000..2afac377215d
--- /dev/null
+++ b/src/chrome/content/rules/careerbuildercareers.com.xml
@@ -0,0 +1,29 @@
+<!--
+	For other CareerBuilder coverage, see CareerBuilder.xml.
+
+
+	^careerbuildercareers.com: dropped
+
+-->
+<ruleset name="Careerbuilder Careers.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.careerbuildercareers.com" />
+
+	<!--	Complications:
+				-->
+	<target host="careerbuildercareers.com" />
+
+
+	<securecookie host="^\." name="^_ga" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://careerbuildercareers\.com/"
+		to="https://www.careerbuildercareers.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/careinternational.org.uk.xml b/src/chrome/content/rules/careinternational.org.uk.xml
new file mode 100644
index 000000000000..fc5d35cb6f47
--- /dev/null
+++ b/src/chrome/content/rules/careinternational.org.uk.xml
@@ -0,0 +1,41 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://walkinhershoes.careinternational.org.uk/ => https://walkinhershoes.careinternational.org.uk/: (7, 'Failed to connect to walkinhershoes.careinternational.org.uk port 443: Connection refused')
+
+	Nonfunctional hosts in *careinternational.org.uk:
+
+		- carechild ᵃ
+		- insights ᵃ
+		- thenandnow ᵃ
+
+	ᵃ Shows another domain
+
+
+	Insecure cookies are set for these hosts:
+
+		- action.careinternational.org.uk
+		- donate.careinternational.org.uk
+		- walkinhershoes.careinternational.org.uk
+
+-->
+<ruleset name="Care International.org.uk (partial)" default_off="failed ruleset test">
+
+	<target host="action.careinternational.org.uk" />
+	<target host="donate.careinternational.org.uk" />
+	<target host="walkinhershoes.careinternational.org.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:action|donate)\.careinternational\.org\.uk$" name="^JSESSIONID$" /-->
+	<!--securecookie host="^walkinhershoes\.careinternational\.org\.uk$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\." name="^_gat?$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/careplace.org.uk.xml b/src/chrome/content/rules/careplace.org.uk.xml
new file mode 100644
index 000000000000..32a9cd6a2768
--- /dev/null
+++ b/src/chrome/content/rules/careplace.org.uk.xml
@@ -0,0 +1,28 @@
+<!--
+	STS header includes includeSubdomains
+
+-->
+<ruleset name="CarePlace.org.uk">
+
+	<target host="careplace.org.uk" />
+	<target host="*.careplace.org.uk" />
+
+		<!--	includeSubdomains applies to one level, so:
+									-->
+		<exclusion pattern="^http://(?:[^./]+\.){2}careplace\.org\.uk/" />
+
+			<!--	+ve:
+					-->
+			<test url="http://this.host.careplace.org.uk/" />
+			<test url="http://exists.not.careplace.org.uk/" />
+
+		<test url="http://www.careplace.org.uk/" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/carlisle.gov.uk.xml b/src/chrome/content/rules/carlisle.gov.uk.xml
new file mode 100644
index 000000000000..9f63324cea86
--- /dev/null
+++ b/src/chrome/content/rules/carlisle.gov.uk.xml
@@ -0,0 +1,47 @@
+<!--
+	Carlisle City Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *carlisle.gov.uk:
+
+		- (www.)? ʳ
+		- cmis ʳ
+		- crimeweekend ʳ
+		- maps ᵈ
+		- newsite ʳ
+		- opendata ʳ
+
+	ᵈ Dropped
+	ʳ Refused
+
+
+	Problematic hosts in *carlisle.gov.uk: ᶜ
+
+		- eforms ᶜ
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Images on eforms from www.carlisle.gov.uk ʳ
+
+	ʳ Unsecurable <= connection refused
+
+-->
+<ruleset name="Carlisle.gov.uk (partial)">
+
+	<!--target host="eforms.carlisle.gov.uk" /-->
+	<target host="onlineservices.carlisle.gov.uk" />
+	<target host="secure1.carlisle.gov.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/carnegiehub.org.xml b/src/chrome/content/rules/carnegiehub.org.xml
new file mode 100644
index 000000000000..cf6e8745b3a7
--- /dev/null
+++ b/src/chrome/content/rules/carnegiehub.org.xml
@@ -0,0 +1,26 @@
+<!--
+	Incomplete certificate chain:
+		filedrop.carnegiehub.org
+
+	Invalid certificate:
+		fax.carnegiehub.org
+		files.carnegiehub.org
+
+	Refused:
+		carnegiehub.org
+		www.carnegiehub.org
+		calendar.carnegiehub.org
+		docs.carnegiehub.org
+		fsp.carnegiehub.org
+		groups.carnegiehub.org
+		intranet.carnegiehub.org
+		isp.carnegiehub.org
+		mail.carnegiehub.org
+-->
+<ruleset name="carnegiehub.org (partial)">
+	<target host="help.carnegiehub.org" />
+	<target host="surveys.carnegiehub.org" />
+	<target host="surveys2.carnegiehub.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/carowinds.com.xml b/src/chrome/content/rules/carowinds.com.xml
new file mode 100644
index 000000000000..27d46b1e1e76
--- /dev/null
+++ b/src/chrome/content/rules/carowinds.com.xml
@@ -0,0 +1,35 @@
+<!--
+	Connection failed:
+		intimidator.carowinds.com
+
+	Invalid certificate:
+		autodiscover.carowinds.com
+		carolinaharbor.carowinds.com
+		sixflags.com.carowinds.com
+		marketplace.carowinds.com
+
+	Not found:
+		www.reservations.carowinds.com
+
+	Timeout:
+		mobile.carowinds.com
+		tickets.carowinds.com
+-->
+<ruleset name="Carowinds.com">
+
+	<target host="carowinds.com" />
+	<target host="www.carowinds.com" />
+	<target host="lodging.carowinds.com" />
+	<target host="music.carowinds.com" />
+	<target host="reservations.carowinds.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<!-- Invalid certificate on https://carowinds.com/,
+	http://carowinds.com/ redirects to http://www.carowinds.com/ -->
+	<rule from="^http://carowinds\.com/"
+	to="https://www.carowinds.com/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/carrefour.es.xml b/src/chrome/content/rules/carrefour.es.xml
new file mode 100644
index 000000000000..3e23c26ce696
--- /dev/null
+++ b/src/chrome/content/rules/carrefour.es.xml
@@ -0,0 +1,6 @@
+<ruleset name="carrefour.es">
+  <target host="carrefour.es" />
+  <target host="www.carrefour.es" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/cars.ru.xml b/src/chrome/content/rules/cars.ru.xml
new file mode 100644
index 000000000000..c80f052f0f2a
--- /dev/null
+++ b/src/chrome/content/rules/cars.ru.xml
@@ -0,0 +1,9 @@
+<!--forum. mixed content-->
+<ruleset name="cars.ru">
+	<target host="cars.ru" />
+	<target host="www.cars.ru" />
+	<target host="i.cars.ru" />
+	<target host="images.cars.ru" />
+	<target host="auto.cars.ru" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/carsales.com.au.xml b/src/chrome/content/rules/carsales.com.au.xml
new file mode 100644
index 000000000000..664e920c8291
--- /dev/null
+++ b/src/chrome/content/rules/carsales.com.au.xml
@@ -0,0 +1,60 @@
+<!--
+	Non-functional subdomains:
+		- analytics		(t)
+		- www.autonews	(m)
+		- berwickcomms	(m)
+		- app.communication	(m)
+		- dataconnect	(t)
+		- www.editorial	(m)
+		- secure.liveimages.editorial	(r)
+		- ergportal		(r)
+		- helpcentre	(r)
+		- www.holdenused	(m)
+		- hondaused		(m)
+		- secure.liveimages	(r)
+		- northernmotorgroup	(t)
+		- retailapi		(t)
+		- sell	(t)
+		- sfb.carsales.com.au/ (404)
+		- shareholder	(r)
+		- ssl	(m)
+		- volkswagen	(m)
+		- www.volkswagen	(m)
+		- vpn	(i)
+		- vpn3	(i)
+		- webconf	(ssl connection error)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+
+	Timeout:	
+		<target host="carsales.com.au" />
+		<target host="www.carsales.com.au" />
+		<target host="authservice.carsales.com.au" />
+		<target host="buynow.carsales.com.au" />
+		<target host="carpool.carsales.com.au" />
+		<target host="dealer-services.carsales.com.au" />
+		<target host="member.carsales.com.au" />
+		<target host="owner-reviews.carsales.com.au" />
+		<target host="yahoo.carsales.com.au" />
+-->
+<ruleset name="carsales.com.au">
+	<target host="dialin.carsales.com.au" />
+	<target host="email.carsales.com.au" />
+	<target host="help.carsales.com.au" />
+	<target host="loop.carsales.com.au" />
+	<target host="lyncdiscover.carsales.com.au" />
+	<target host="mail3.carsales.com.au" />
+	<target host="mail5.carsales.com.au" />
+	<target host="meet.carsales.com.au" />
+	<target host="webext.carsales.com.au" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/carzone.ie.xml b/src/chrome/content/rules/carzone.ie.xml
new file mode 100644
index 000000000000..1fe417f70cff
--- /dev/null
+++ b/src/chrome/content/rules/carzone.ie.xml
@@ -0,0 +1,70 @@
+<!--
+	Problematic hosts in *carzone.ie:
+
+		- (www.)? ᵐ
+		- m ᵐ
+
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- carzone.ie
+		- .carzone.ie
+		- m.carzone.ie
+		- sell.carzone.ie
+		- .sell.carzone.ie
+		- www.carzone.ie
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css, on:
+
+			- www from $self
+			- www from resources.autotrader.ie ᵈ
+
+		- Images on www from $self
+
+		- Bugs, on:
+
+			- m from oas.autotrader.ie ˢ
+			- www from metrics.carzone.ie ˢ
+			- www from \d+.fls.doubleclick.net
+
+	ᵈ Unsecurable <= dropped
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Carzone.ie (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="sell.carzone.ie" />
+
+	<!--	Complications:
+				-->
+	<target host="metrics.carzone.ie" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:sell\.|www\.)?carzone\.ie$" name="^_ATD_(?:DIGEST_|SESSION)$" /-->
+	<!--securecookie host="^\.carzone\.ie$" name="^s_vi$" /-->
+	<!--securecookie host="^m\.carzone\.ie$" name="^(?:CFID|CFTOKEN|JSESSIONID)$" /-->
+	<!--securecookie host="^\.sell\.carzone\.ie$" name="^bucket$" /-->
+	<!--securecookie host="^www\.carzone\.ie$" name="^(?:CFID|CFTOKEN)$" /-->
+
+	<securecookie host="^\." name="^(?:s_v|_gat?$|_gat_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://metrics\.carzone\.ie/"
+		to="https://tradermediagroup.122.2o7.net/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/casa.com.xml b/src/chrome/content/rules/casa.com.xml
new file mode 100644
index 000000000000..b992f23ddb2d
--- /dev/null
+++ b/src/chrome/content/rules/casa.com.xml
@@ -0,0 +1,45 @@
+<!--
+	For other Amazon coverage, see Amazon.xml.
+
+
+	CDN buckets:
+
+		- casa.q-assets.com
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- .casa.com
+		- www.casa.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Casa.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.casa.com" />
+
+	<!--	Complications:
+				-->
+	<target host="casa.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.casa\.com$" name="^(?:cookie-check|session-id|session-id-time|session-token|ubid-main)$" /-->
+	<!--securecookie host="^www\.casa\.com$" name="^(?:ASP\.NET_SessionId|GEO_COUNTRYCODE|GEO_ZIPCODE|cookie-check)$" /-->
+
+	<securecookie host=".+" name="^aps-trtmnt$" />
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://casa\.com/"
+		to="https://www.casa.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/cases.legal.xml b/src/chrome/content/rules/cases.legal.xml
new file mode 100644
index 000000000000..9542ed4b001d
--- /dev/null
+++ b/src/chrome/content/rules/cases.legal.xml
@@ -0,0 +1,14 @@
+<ruleset name="Cases.legal">
+
+	<target host="cases.legal" />
+	<target host="www.cases.legal" />
+
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/cash.ch.xml b/src/chrome/content/rules/cash.ch.xml
new file mode 100644
index 000000000000..fa248f9f902b
--- /dev/null
+++ b/src/chrome/content/rules/cash.ch.xml
@@ -0,0 +1,22 @@
+<!--
+	Mismatch:
+		- newsletter
+
+	Redirect:
+		- www
+		- staging
+
+	Mixed Content:
+		- beta (videos from simplex.tv)
+-->
+<ruleset name="cash.ch">
+	<target host="cash.ch"/>
+	<target host="ebanking.cash.ch"/>
+	<target host="img.cash.ch"/>
+	<target host="kontoeroeffnung.cash.ch"/>
+	<target host="m.cash.ch"/>
+	<target host="pensionscoach.cash.ch"/>
+
+	<rule from="^http:"
+		to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/catchdigital.com.xml b/src/chrome/content/rules/catchdigital.com.xml
new file mode 100644
index 000000000000..9103fe0497a2
--- /dev/null
+++ b/src/chrome/content/rules/catchdigital.com.xml
@@ -0,0 +1,22 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cineworld.catchdigital.com/ => https://cineworld.catchdigital.com/: (6, 'Could not resolve host: cineworld.catchdigital.com')
+Fetch error: http://secure.catchdigital.com/ => https://secure.catchdigital.com/: (60, 'SSL certificate problem: certificate has expired')
+
+	(www.)?catchdigital.com: Plaintext reply
+
+-->
+<ruleset name="Catch Digital.com (partial)" default_off="failed ruleset test">
+
+	<target host="cineworld.catchdigital.com" />
+	<target host="secure.catchdigital.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/catchthemes.com.xml b/src/chrome/content/rules/catchthemes.com.xml
new file mode 100644
index 000000000000..d34bba145d19
--- /dev/null
+++ b/src/chrome/content/rules/catchthemes.com.xml
@@ -0,0 +1,27 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- catchthemes.com
+		- www.catchthemes.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Catch Themes.com">
+
+	<target host="catchthemes.com" />
+	<target host="www.catchthemes.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?catchthemes\.com$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^catchthemes\.com$" name="^w3tc_referrer$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/cbor.io.xml b/src/chrome/content/rules/cbor.io.xml
new file mode 100644
index 000000000000..61f351bb68ac
--- /dev/null
+++ b/src/chrome/content/rules/cbor.io.xml
@@ -0,0 +1,11 @@
+<!--
+	Time out:
+		rd.cbor.io
+-->
+<ruleset name="cbor.io">
+	<target host="cbor.io" />
+	<target host="www.cbor.io" />
+
+	<rule from="^http://www\.cbor\.io/" to="https://cbor.io/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/cbox.ws.xml b/src/chrome/content/rules/cbox.ws.xml
new file mode 100644
index 000000000000..b93a818e1021
--- /dev/null
+++ b/src/chrome/content/rules/cbox.ws.xml
@@ -0,0 +1,16 @@
+<ruleset name="Cbox.ws">
+
+	<target host="cbox.ws" />
+	<target host="static.cbox.ws" />
+	<target host="www.cbox.ws" />
+	<target host="www7.cbox.ws" />
+
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/cbscorporation.com.xml b/src/chrome/content/rules/cbscorporation.com.xml
new file mode 100644
index 000000000000..daa598c7f70e
--- /dev/null
+++ b/src/chrome/content/rules/cbscorporation.com.xml
@@ -0,0 +1,31 @@
+<!--
+	Problematic hosts in *cbscorporation.com:
+
+		- investors ᴬ
+
+	ᴬ Akamai / mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- cbscorporation.com
+		- www.cbscorporation.com
+
+-->
+<ruleset name="CBS Corporation.com (partial)">
+
+	<target host="cbscorporation.com" />
+	<target host="www.cbscorporation.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?cbscorporation\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/cccliparts.org.xml b/src/chrome/content/rules/cccliparts.org.xml
new file mode 100644
index 000000000000..a03f70b16747
--- /dev/null
+++ b/src/chrome/content/rules/cccliparts.org.xml
@@ -0,0 +1,12 @@
+<!--
+	For other openDesktop rules, see openDesktop.org.xml
+
+-->
+<ruleset name="cccliparts.org">
+
+	<target host="cccliparts.org" />
+	<target host="www.cccliparts.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ccczh.ch.xml b/src/chrome/content/rules/ccczh.ch.xml
new file mode 100644
index 000000000000..bc3fe0b8d9c9
--- /dev/null
+++ b/src/chrome/content/rules/ccczh.ch.xml
@@ -0,0 +1,29 @@
+<!--
+	STS header includes includeSubdomains
+	for ^, www
+
+-->
+<ruleset name="CCCZH.ch">
+
+	<target host="ccczh.ch" />
+	<target host="*.ccczh.ch" />
+
+		<!--	includeSubdomains applies to one level only, so:
+									-->
+		<exclusion pattern="^http://(?:[^./]+\.){2,}ccczh\.ch/" />
+
+			<!--	+ve:
+					-->
+			<test url="http://this.host.ccczh.ch/" />
+			<test url="http://exists.not.ccczh.ch/" />
+
+		<test url="http://www.ccczh.ch/" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ccxmedia.org.xml b/src/chrome/content/rules/ccxmedia.org.xml
new file mode 100644
index 000000000000..c9046b8d58da
--- /dev/null
+++ b/src/chrome/content/rules/ccxmedia.org.xml
@@ -0,0 +1,7 @@
+<ruleset name="ccxmedia.org">
+	<target host="ccxmedia.org" />
+	<target host="www.ccxmedia.org" />
+	<target host="store.ccxmedia.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/cdash.org.xml b/src/chrome/content/rules/cdash.org.xml
new file mode 100644
index 000000000000..b5d976aa1c20
--- /dev/null
+++ b/src/chrome/content/rules/cdash.org.xml
@@ -0,0 +1,16 @@
+<!--
+	(www.)?cdash.org: Redirects to http
+
+-->
+<ruleset name="CDash.org (partial)">
+
+	<target host="open.cdash.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/cdbaby.com.xml b/src/chrome/content/rules/cdbaby.com.xml
new file mode 100644
index 000000000000..e1f1a7b51079
--- /dev/null
+++ b/src/chrome/content/rules/cdbaby.com.xml
@@ -0,0 +1,15 @@
+<!--
+Mismatch:
+	- discover
+	- diymusician
+-->
+<ruleset name="cdbaby.com">
+	<target host="cdbaby.com"/>
+	<target host="www.cdbaby.com"/>
+	<target host="duplication.cdbaby.com"/>
+	<target host="members.cdbaby.com"/>
+	<target host="origin.cdbaby.com"/>
+
+	<rule from="^http:"
+		to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/cdc.gov.xml b/src/chrome/content/rules/cdc.gov.xml
new file mode 100644
index 000000000000..fd8616156c40
--- /dev/null
+++ b/src/chrome/content/rules/cdc.gov.xml
@@ -0,0 +1,84 @@
+<!--
+	Centers for Disease Control and Prevention
+
+
+
+	mtrics.cdc.gov/b/ss/cdcgov/
+
+
+	Nonfunctional hosts in *cdc.gov:
+
+		- ^ ʳ
+		- www.atsdr ʳ
+		- blogs ⁵
+		- emergency ³
+		- phil ʳ
+		- stacks ᵈ
+		- www ⁴
+
+	³ 503
+	⁴ 404
+	⁵ 504
+	ᵈ Times out
+	ʳ Refused
+
+
+	Problematic hosts in *cdc.gov:
+
+		- mtrics ᵐ
+		- t ᴬ
+		- wwwnc ᴬ
+
+	ᴬ Akamai / mismatched
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .cdc.gov
+		- gettested.cdc.gov
+		- npin.cdc.gov
+
+
+	Mixed content:
+
+		- Bug on phgkb, wwwnc from mtrics.cdc.gov ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="CDC.gov (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="findtbresources.cdc.gov" />
+	<target host="gettested.cdc.gov" />
+	<target host="hivtest.cdc.gov" />
+	<target host="m.hivtest.cdc.gov" />
+	<target host="jobs.cdc.gov" />
+	<target host="npin.cdc.gov" />
+	<target host="npinsecure.cdc.gov" />
+	<target host="phgkb.cdc.gov" />
+	<target host="www2a.cdc.gov" />
+	<target host="wwwn.cdc.gov" />
+
+	<!--	Complications:
+				-->
+	<target host="mtrics.cdc.gov" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:gettested|npin)\.cdc\.gov$" name="^uid$" /-->
+
+	<securecookie host="^\." name="^(?:_gat?$|s_\w)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://mtrics\.cdc\.gov/"
+		to="https://cdc.112.2o7.net/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/cdek.ru.xml b/src/chrome/content/rules/cdek.ru.xml
new file mode 100644
index 000000000000..43c3ba59b77b
--- /dev/null
+++ b/src/chrome/content/rules/cdek.ru.xml
@@ -0,0 +1,38 @@
+<!--
+pvzmap.api.cdek.ru ¹
+lknew.dev.cdek.ru ¹
+lknew.dev2.cdek.ru ¹
+helpdesk.cdek.ru non-2xx http code
+mta.cdek.ru ⁷
+portal.cdek.ru ⁴
+lknew.qa.cdek.ru ³
+lknew.support.cdek.ru ¹
+helpdesk.cdek.ru:777 ⁷
+lkff.cdek.ru:8080 ⁷
+passport.cdek.ru different content
+
+
+¹ mismatch
+³ timed out
+⁴ self signed
+⁷ protocol error
+-->
+<ruleset name="cdek.ru">
+	<target host="cdek.ru" />
+	<target host="www.cdek.ru" />
+	<target host="api.cdek.ru" />
+	<target host="files.cdek.ru" />
+	<target host="int.cdek.ru" />
+	<target host="integration.cdek.ru" />
+	<target host="jira.cdek.ru" />
+	<target host="lk.cdek.ru" />
+	<target host="lknew.cdek.ru" />
+	<target host="mail.cdek.ru" />
+	<target host="notifications.cdek.ru" />
+	<target host="ordersphoto.cdek.ru" />
+	<target host="personal.cdek.ru" />
+	<target host="lknew.qa2.cdek.ru" />
+	<target host="rabota.cdek.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/cdngc.net.xml b/src/chrome/content/rules/cdngc.net.xml
new file mode 100644
index 000000000000..c28896da3c2f
--- /dev/null
+++ b/src/chrome/content/rules/cdngc.net.xml
@@ -0,0 +1,19 @@
+<!--
+	Related:
+		CDNetworks.com.xml
+		CDNetworks.com.sg.xml
+
+	Customer specific subdomains:*.sslcs.cdngc.net
+
+	409:
+		avatrade.sslcs.cdngc.net	https://avatrade.sslcs.cdngc.net/index_files/avatrade.jpg
+-->
+<ruleset name="cdngc.net">
+	<target host="ssl.cdngc.net" />
+	<target host="ssl2.cdngc.net" />
+	<target host="lagentprofailover.sslcs.cdngc.net" />
+	<target host="luxa.sslcs.cdngc.net" />
+	<target host="voyagin.sslcs.cdngc.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/cdnmaster.xml b/src/chrome/content/rules/cdnmaster.xml
new file mode 100644
index 000000000000..3dc03e630dc8
--- /dev/null
+++ b/src/chrome/content/rules/cdnmaster.xml
@@ -0,0 +1,10 @@
+<ruleset name="cdnmaster">
+	<!--	Mismatch:
+	target host="f\.cdnmaster\.com"/
+	-->
+	<target host="cdnmaster.com"/>
+	<target host="tag.cdnmaster.com"/>
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/cdntrf.com.xml b/src/chrome/content/rules/cdntrf.com.xml
new file mode 100644
index 000000000000..3ccf826233b0
--- /dev/null
+++ b/src/chrome/content/rules/cdntrf.com.xml
@@ -0,0 +1,15 @@
+<!--
+	Timeout:
+		adb
+-->
+<ruleset name="cdntrf.com">
+
+	<target host="cdntrf.com" />
+		<test url="http://cdntrf.com/trfAdSetup.js" />
+	<target host="cmp.cdntrf.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/cdntwrk.com.xml b/src/chrome/content/rules/cdntwrk.com.xml
new file mode 100644
index 000000000000..776de0b703ac
--- /dev/null
+++ b/src/chrome/content/rules/cdntwrk.com.xml
@@ -0,0 +1,18 @@
+<!--
+	Mismatched:
+		h1
+		h2
+		digitalpagecontent.cdntwrk.com
+-->
+<ruleset name="cdntwrk.com">
+	<target host="content.cdntwrk.com" />
+	<target host="uberflip.cdntwrk.com" />
+
+		<test url="http://uberflip.cdntwrk.com/css/hubs/hubs.min.css" />
+		<test url="http://uberflip.cdntwrk.com/img/hubs/uparrow.png" />
+		<test url="http://uberflip.cdntwrk.com/js/hubs/hubs_app.js" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/cdnvideo.ru.xml b/src/chrome/content/rules/cdnvideo.ru.xml
new file mode 100644
index 000000000000..ee31a44587b1
--- /dev/null
+++ b/src/chrome/content/rules/cdnvideo.ru.xml
@@ -0,0 +1,273 @@
+<!--
+101xp-ava-cdn.cdnvideo.ru ¹
+101xp-doh.cdnvideo.ru ¹
+101xp-kingsroad.cdnvideo.ru ¹
+101xp-loa-cdn.cdnvideo.ru ¹
+101xp-s-portal.cdnvideo.ru ¹
+101xp-s-portal-en.cdnvideo.ru ¹
+101xp-s-portal-en-stage.cdnvideo.ru ¹
+101xp-s-portal-pl.cdnvideo.ru ¹
+101xp-s-portal-pl-stage.cdnvideo.ru ¹
+101xp-s-portal-ru.cdnvideo.ru ¹
+101xp-s-portal-ru-stage.cdnvideo.ru ¹
+101xp-widgets-bnr.cdnvideo.ru ¹
+101xp-widgets-universal.cdnvideo.ru ¹
+www.5koleso.cdnvideo.ru ¹
+static.7days.cdnvideo.ru ¹
+Ruvr.cdnvideo.ru ³
+acme.cdnvideo.ru ²
+acme-01.cdnvideo.ru ²
+aloha.cdnvideo.ru ³
+www.aloha.cdnvideo.ru ⁷
+altakarter.cdnvideo.ru ¹
+aminta.cdnvideo.ru ¹
+anews.cdnvideo.ru ⁵
+anturazh.cdnvideo.ru ⁵
+hls.arhys24.cdnvideo.ru ¹
+atameken.cdnvideo.ru ³
+cache.atameken.cdnvideo.ru ¹
+b03.cdnvideo.ru ³
+b05.cdnvideo.ru ²
+betweendigital.cdnvideo.ru ¹
+bigragio.cdnvideo.ru ³
+bitrix1.cdnvideo.ru ¹
+bitrixssd.cdnvideo.ru ¹
+tv.cassad.cdnvideo.ru ¹
+conveadcom.cdnvideo.ru ¹
+d09.cdnvideo.ru ²
+echomsk.cdnvideo.ru ¹
+espritgames.cdnvideo.ru ¹
+europaplus.cdnvideo.ru ³
+live.europaplus.cdnvideo.ru ⁷
+ext-03.cdnvideo.ru ³
+ext01.cdnvideo.ru ³
+ext05.cdnvideo.ru ³
+f1news.cdnvideo.ru ¹
+fairytail-web.cdnvideo.ru ¹
+fairytail-web02.cdnvideo.ru ¹
+futurico.cdnvideo.ru ¹
+interurok.cdnvideo.ru ³
+www.c4v.interurok.cdnvideo.ru ¹
+cache.khabar.cdnvideo.ru ¹
+vod.khabar.cdnvideo.ru ¹
+www.kodix.cdnvideo.ru ¹
+auto.kp.cdnvideo.ru ¹
+best.kp.cdnvideo.ru ¹
+m1.kp.cdnvideo.ru ¹
+m2.kp.cdnvideo.ru ¹
+s1.kp.cdnvideo.ru ¹
+s2.kp.cdnvideo.ru ¹
+tp.kp.cdnvideo.ru ¹
+letest-echomsk.cdnvideo.ru ³
+1.letest-echomsk.cdnvideo.ru ¹
+2.letest-echomsk.cdnvideo.ru ¹
+meteotv.cdnvideo.ru ³
+mirtv.cdnvideo.ru ³
+icecast.mirtv.cdnvideo.ru ¹
+hlsrtsp.ohtapark.cdnvideo.ru ¹
+icecast.orpheus.cdnvideo.ru ¹
+s4.pikabu.cdnvideo.ru ⁷
+s7.pikabu.cdnvideo.ru ⁷
+icecast.radonezh.cdnvideo.ru ¹
+www.rbtru.cdnvideo.ru ¹
+ren.cdnvideo.ru ³
+www.ren.cdnvideo.ru ¹
+live.ren.cdnvideo.ru ¹
+tv.ren.cdnvideo.ru ¹
+retailrocket.cdnvideo.ru ¹
+img22.ria.cdnvideo.ru ¹
+rian.cdnvideo.ru ³
+hls.rian.cdnvideo.ru ¹
+icecast.rian.cdnvideo.ru ¹
+icecast.rmg.cdnvideo.ru ¹
+stat.rum.cdnvideo.ru ¹
+icecast.russkoeradio.cdnvideo.ru ¹
+www.ruvr.cdnvideo.ru ¹
+img.sputniknews.ruvr.cdnvideo.ru ¹
+www.santon.cdnvideo.ru ¹
+seedr.cdnvideo.ru ¹
+icecast.sibinformburo.cdnvideo.ru ¹
+newcache.slickjump.cdnvideo.ru ¹
+live.smartln.cdnvideo.ru ¹
+vod.sports.cdnvideo.ru ¹
+origin.stack.cdnvideo.ru ¹
+tilda.cdnvideo.ru ¹
+hls.tntmusic.cdnvideo.ru ¹
+toyru.cdnvideo.ru ¹
+dvr.tsm.cdnvideo.ru ¹
+tva.cdnvideo.ru ³
+hls.tva.cdnvideo.ru ¹
+www.vestitambov.cdnvideo.ru ¹
+icecast.vgtrk.cdnvideo.ru ¹
+www.small.vgtrk.cdnvideo.ru ¹
+vm.cdnvideo.ru ³
+hls.vm.cdnvideo.ru ¹
+www.c4v.vprokate.cdnvideo.ru ¹
+vwdws.cdnvideo.ru ¹
+wwwc4vinterurok.cdnvideo.ru ¹
+music.zaycev.cdnvideo.ru ¹
+ns11.cdnvideo.ru different content
+assembly.cdnvideo.ru mixed content
+awangarda.cdnvideo.ru mixed content
+champo.cdnvideo.ru mixed content
+cluber.cdnvideo.ru mixed content
+dailymoneyexpert.cdnvideo.ru mixed content
+fishki.cdnvideo.ru mixed content
+florist.cdnvideo.ru mixed content
+homsbox.cdnvideo.ru mixed content
+maximonline.cdnvideo.ru mixed content
+niasam.cdnvideo.ru mixed content
+playercdn.cdnvideo.ru mixed content
+vwdlr.cdnvideo.ru mixed content
+
+
+¹ mismatch
+² refused
+³ timed out
+⁵ expired
+⁷ protocol error
+-->
+<ruleset name="cdnvideo.ru">
+	<target host="cdnvideo.ru" />
+	<target host="www.cdnvideo.ru" />
+	<target host="004d7f9a-3e37-6fbb-1fa0-32122b639810-rum.cdnvideo.ru" />
+	<target host="0409fe8a-181c-f8f8-4e0e-bd6ac6088823-rum.cdnvideo.ru" />
+	<target host="0b1e96ea-1df3-d652-73a8-9c35748f48ba-rum.cdnvideo.ru" />
+	<target host="0dfe2dd9-9e8f-e03e-476c-8a62073199f2-rum.cdnvideo.ru" />
+	<target host="0fa006a9-41ee-3da3-91e8-17fd66461db9-rum.cdnvideo.ru" />
+	<target host="101xp-portal.cdnvideo.ru" />
+	<target host="101xp-portal-en.cdnvideo.ru" />
+	<target host="101xp-portal-en-stage.cdnvideo.ru" />
+	<target host="101xp-portal-pl.cdnvideo.ru" />
+	<target host="101xp-portal-pl-stage.cdnvideo.ru" />
+	<target host="101xp-portal-ru.cdnvideo.ru" />
+	<target host="101xp-portal-ru-stage.cdnvideo.ru" />
+	<target host="17167bb2-d1ad-f19e-8282-1fa8823859c1-rum.cdnvideo.ru" />
+	<target host="17e9e45f-9b24-d40c-4908-d4c83d8bf1e1-rum.cdnvideo.ru" />
+	<target host="1da1e103-3b59-8638-dcb3-65860715ffca-rum.cdnvideo.ru" />
+	<target host="200d554e-a2a1-3ccc-1d99-fb0721d318c7-rum.cdnvideo.ru" />
+	<target host="23918791-b246-22b1-e9fe-ceb1b132341c-rum.cdnvideo.ru" />
+	<target host="268f298b-a9c4-3367-18c7-a295fd3f7745-rum.cdnvideo.ru" />
+	<target host="3f1e9bab-2a1a-f366-e93c-28f1be319d3b-rum.cdnvideo.ru" />
+	<target host="425702ff-d062-19eb-2f23-adbc7ebdd3ad-rum.cdnvideo.ru" />
+	<target host="459bd1f7-4db5-1717-64a9-03f6d17c377f-rum.cdnvideo.ru" />
+	<target host="56a7bb91-b52a-de14-d30b-fd593f45e58e-rum.cdnvideo.ru" />
+	<target host="64cf7356-2dd9-8ba6-e74a-ffb386b201bf-rum.cdnvideo.ru" />
+	<target host="722074ab-ea94-8cea-0656-3afa8d9ec10f-rum.cdnvideo.ru" />
+	<target host="72276598-70d1-9c86-b36c-e1aa4152d4df-rum.cdnvideo.ru" />
+	<target host="75c2fec7-cb0a-4f98-d96d-7d8ecef99713-rum.cdnvideo.ru" />
+	<target host="7tons.cdnvideo.ru" />
+	<target host="8d773c32-5dd8-e4fb-0679-e5b82f181011-rum.cdnvideo.ru" />
+	<target host="8ed7ba21-0d17-323d-b34f-b8519f98c827-rum.cdnvideo.ru" />
+	<target host="910df9d9-c862-7986-d234-e0c03ceed8a0-rum.cdnvideo.ru" />
+	<target host="9ac14df9-b4f2-cfeb-100d-0ddd76477249-rum.cdnvideo.ru" />
+	<target host="a3baf7a6-b0f9-c786-839e-70284aa81dfa-rum.cdnvideo.ru" />
+	<target host="ad-hls-rentv.cdnvideo.ru" />
+	<target host="ad-stub-rentv.cdnvideo.ru" />
+	<target host="ad-stub-vgtrk.cdnvideo.ru" />
+	<target host="admitad.cdnvideo.ru" />
+	<target host="askgref.cdnvideo.ru" />
+	<target host="atraining.cdnvideo.ru" />
+	<target host="b0442a08-7db9-b769-3a56-7e53f1c18138-rum.cdnvideo.ru" />
+	<target host="b28.cdnvideo.ru" />
+	<target host="b29.cdnvideo.ru" />
+	<target host="b40.cdnvideo.ru" />
+	<target host="b43.cdnvideo.ru" />
+	<target host="babadu.cdnvideo.ru" />
+	<target host="bad00d8a-7c4c-863c-43f5-f503361e1519-rum.cdnvideo.ru" />
+	<target host="bankiru-smarttv.cdnvideo.ru" />
+	<target host="beremennost.cdnvideo.ru" />
+	<target host="bitrix2.cdnvideo.ru" />
+	<target host="bmwclub.cdnvideo.ru" />
+	<target host="butilochka.cdnvideo.ru" />
+	<target host="c21ff753-4258-7177-b2db-9346e734d3f4-rum.cdnvideo.ru" />
+	<target host="ca27af13-66cd-fa75-fe0d-b554784975c5-rum.cdnvideo.ru" />
+	<target host="cache-alwatanvoice.cdnvideo.ru" />
+	<target host="cache-kintavr.cdnvideo.ru" />
+	<target host="cache-rmg.cdnvideo.ru" />
+	<target host="cache-vispamedia.cdnvideo.ru" />
+	<target host="cassad.cdnvideo.ru" />
+	<target host="cassadtv.cdnvideo.ru" />
+	<target host="comdidvr.cdnvideo.ru" />
+	<target host="csshotels1.cdnvideo.ru" />
+	<target host="cybersportvirtus.cdnvideo.ru" />
+	<target host="d20b364e-be4c-176a-7e06-d9a9d7fa23dc-rum.cdnvideo.ru" />
+	<target host="d3sailplay.cdnvideo.ru" />
+	<target host="dtmf2.cdnvideo.ru" />
+	<target host="e58781c7-946e-c074-3ca2-67c5f14167c1-rum.cdnvideo.ru" />
+	<target host="e96.cdnvideo.ru" />
+	<target host="epicwar.cdnvideo.ru" />
+	<target host="f70965f2-3b1f-9fc4-9807-0fada78fca5a-rum.cdnvideo.ru" />
+	<target host="fc607e70-5a12-ca47-4f68-50553e126852-rum.cdnvideo.ru" />
+	<target host="ffc9a888-0499-6dbb-55ef-b64c21983342-rum.cdnvideo.ru" />
+	<target host="forbes.cdnvideo.ru" />
+	<target host="gradeup.cdnvideo.ru" />
+	<target host="heroes.cdnvideo.ru" />
+	<target host="heroeswm.cdnvideo.ru" />
+	<target host="hls-31kz.cdnvideo.ru" />
+	<target host="hls-ren-vod.cdnvideo.ru" />
+	<target host="hls-tsargrad.cdnvideo.ru" />
+	<target host="hlsd-31kz.cdnvideo.ru" />
+	<target host="hobbygames.cdnvideo.ru" />
+	<target host="hobbyworld.cdnvideo.ru" />
+	<target host="hotelbook.cdnvideo.ru" />
+	<target host="igritomijerry.cdnvideo.ru" />
+	<target host="imagehotels1.cdnvideo.ru" />
+	<target host="inventos.cdnvideo.ru" />
+	<target host="ip.cdnvideo.ru" />
+	<target host="iup-qihoo360.cdnvideo.ru" />
+	<target host="ivi-f16-vcp.cdnvideo.ru" />
+	<target host="ivi-f21-vcp.cdnvideo.ru" />
+	<target host="ivi-f33-vcp.cdnvideo.ru" />
+	<target host="ivi-f39-vcp.cdnvideo.ru" />
+	<target host="ivi-f46-vcp.cdnvideo.ru" />
+	<target host="ivi-f5-vcp.cdnvideo.ru" />
+	<target host="ivi-f72-vcp.cdnvideo.ru" />
+	<target host="jshotels1.cdnvideo.ru" />
+	<target host="kfc.cdnvideo.ru" />
+	<target host="kitchen.cdnvideo.ru" />
+	<target host="kp-platform.cdnvideo.ru" />
+	<target host="live-elbotola.cdnvideo.ru" />
+	<target host="live-stranafm.cdnvideo.ru" />
+	<target host="live-trc33.cdnvideo.ru" />
+	<target host="livehlsvgtrk.cdnvideo.ru" />
+	<target host="livetvrain.cdnvideo.ru" />
+	<target host="minecraft.cdnvideo.ru" />
+	<target host="mob4-ntv.cdnvideo.ru" />
+	<target host="monetnik.cdnvideo.ru" />
+	<target host="mp4zvezda.cdnvideo.ru" />
+	<target host="mstar101xp.cdnvideo.ru" />
+	<target host="mychildroom.cdnvideo.ru" />
+	<target host="ninjaworld.cdnvideo.ru" />
+	<target host="orangeapps.cdnvideo.ru" />
+	<target host="osetinskie-pirogi.cdnvideo.ru" />
+	<target host="pcprogschool.cdnvideo.ru" />
+	<target host="petscage.cdnvideo.ru" />
+	<target host="phototass2.cdnvideo.ru" />
+	<target host="phototass3.cdnvideo.ru" />
+	<target host="phototass4.cdnvideo.ru" />
+	<target host="player.cdnvideo.ru" />
+	<target host="playlabs.cdnvideo.ru" />
+	<target host="rainbowgames.cdnvideo.ru" />
+	<target host="raritetus.cdnvideo.ru" />
+	<target host="rentv.cdnvideo.ru" />
+	<target host="rtspzvezda.cdnvideo.ru" />
+	<target host="rum4.cdnvideo.ru" />
+	<target host="rumstat.cdnvideo.ru" />
+	<target host="sailplay.cdnvideo.ru" />
+	<target host="sailplays3.cdnvideo.ru" />
+	<target host="snap.cdnvideo.ru" />
+	<target host="st-sima-land.cdnvideo.ru" />
+	<target host="statickfc.cdnvideo.ru" />
+	<target host="turikhay.cdnvideo.ru" />
+	<target host="tvweb-cache.cdnvideo.ru" />
+	<target host="unisound.cdnvideo.ru" />
+	<target host="vi.cdnvideo.ru" />
+	<target host="videoprogschool.cdnvideo.ru" />
+	<target host="videotass.cdnvideo.ru" />
+	<target host="vitrend.cdnvideo.ru" />
+	<target host="wgshop.cdnvideo.ru" />
+	<target host="ym.cdnvideo.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/cdon.se.xml b/src/chrome/content/rules/cdon.se.xml
new file mode 100644
index 000000000000..afcc49b52e17
--- /dev/null
+++ b/src/chrome/content/rules/cdon.se.xml
@@ -0,0 +1,20 @@
+<!--
+	For other cdon TLDs, see CDON.COM.xml
+
+	HTTP 400:
+		- www
+
+	Mismatched:
+		- blogg (cdon.se)
+		- ebook (cdon.se)
+-->
+
+<ruleset name="cdon.se">
+	<target host="cdon.se" />
+	<target host="www.cdon.se" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://www\.cdon\.se/" to="https://cdon.se/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/cebix.net.xml b/src/chrome/content/rules/cebix.net.xml
new file mode 100644
index 000000000000..31e4d8eaea0b
--- /dev/null
+++ b/src/chrome/content/rules/cebix.net.xml
@@ -0,0 +1,13 @@
+<ruleset name="cebix.net">
+	<target host="cebix.net" />
+	<target host="www.cebix.net" />
+	<target host="alephone.cebix.net" />
+	<target host="basilisk.cebix.net" />
+	<target host="cxmon.cebix.net" />
+	<target host="frodo.cebix.net" />
+	<target host="shapeshifter.cebix.net" />
+	<target host="sheepshaver.cebix.net" />
+	<target host="sidplayer.cebix.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/cedarpoint.com.xml b/src/chrome/content/rules/cedarpoint.com.xml
new file mode 100644
index 000000000000..ead28bb3fc2a
--- /dev/null
+++ b/src/chrome/content/rules/cedarpoint.com.xml
@@ -0,0 +1,31 @@
+<!--
+	Invalid certificate:
+		autodiscover.cedarpoint.com
+		www.cftempold.cedarpoint.com
+		infoline.cedarpoint.com
+		tickets.cedarpoint.com
+
+	Timeout:
+		marketplace.cedarpoint.com
+		mobile.cedarpoint.com
+		www.reservations.cedarpoint.com
+		valravn.cedarpoint.com
+-->
+<ruleset name="CedarPoint.com">
+
+	<target host="cedarpoint.com" />
+	<target host="www.cedarpoint.com" />
+	<target host="apps.cedarpoint.com" />
+	<target host="housing.cedarpoint.com" />
+	<target host="reservations.cedarpoint.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<!-- Invalid certificate on https://cedarpoint.com/,
+	http://cedarpoint.com/ redirects to http://www.cedarpoint.com/ -->
+	<rule from="^http://cedarpoint\.com/"
+		to="https://www.cedarpoint.com/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/cede.ch.xml b/src/chrome/content/rules/cede.ch.xml
new file mode 100644
index 000000000000..d01655c6f872
--- /dev/null
+++ b/src/chrome/content/rules/cede.ch.xml
@@ -0,0 +1,7 @@
+<ruleset name="cede">
+	<target host="cede.ch"/>
+	<target host="www.cede.ch"/>
+	<target host="partner.cede.ch"/>
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/censor.net.ua.xml b/src/chrome/content/rules/censor.net.ua.xml
new file mode 100644
index 000000000000..e9061ef76fcd
--- /dev/null
+++ b/src/chrome/content/rules/censor.net.ua.xml
@@ -0,0 +1,20 @@
+<ruleset name="censor.net.ua">
+	<target host="censor.net.ua"/>
+	<target host="www.censor.net.ua"/>
+	<target host="amp.censor.net.ua"/>
+	<target host="backend.censor.net.ua"/>
+	<target host="biz.censor.net.ua"/>
+	<target host="en.censor.net.ua"/>
+	<target host="m.censor.net.ua"/>
+	<target host="projects.censor.net.ua"/>
+	<target host="reforms.censor.net.ua"/>
+	<target host="static.censor.net.ua"/>
+	<target host="storage1.censor.net.ua"/>
+	<target host="storage1a.censor.net.ua"/>
+	<target host="storage1b.censor.net.ua"/>
+	<target host="storage2.censor.net.ua"/>
+	<target host="storage3.censor.net.ua"/>
+	<target host="ua.censor.net.ua"/>
+
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/censornet.com.xml b/src/chrome/content/rules/censornet.com.xml
new file mode 100644
index 000000000000..188de356358e
--- /dev/null
+++ b/src/chrome/content/rules/censornet.com.xml
@@ -0,0 +1,23 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cdn.censornet.com/ => https://cdn.censornet.com/: (51, "SSL: no alternative certificate subject name matches target host name 'cdn.censornet.com'")
+
+info.censornet.com ¹
+forum.censornet.com ⁴
+blud.censornet.com ⁴
+apt.censornet.com ⁴
+vma.aus.censornet.com ¹
+secure.censornet.com different content
+
+
+¹ mismatch
+⁴ self signed
+-->
+<ruleset name="censornet.com" default_off="failed ruleset test">
+	<target host="censornet.com" />
+	<target host="www.censornet.com" />
+	<target host="cdn.censornet.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/centbrowser.xml b/src/chrome/content/rules/centbrowser.xml
new file mode 100644
index 000000000000..78c35d3843e8
--- /dev/null
+++ b/src/chrome/content/rules/centbrowser.xml
@@ -0,0 +1,12 @@
+<!--
+	Mismatch:
+		- static
+-->
+<ruleset name="centbrowser">
+
+	<target host="centbrowser.com" />
+	<target host="www.centbrowser.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/centennialbulb.org.xml b/src/chrome/content/rules/centennialbulb.org.xml
new file mode 100644
index 000000000000..8a280157ce97
--- /dev/null
+++ b/src/chrome/content/rules/centennialbulb.org.xml
@@ -0,0 +1,11 @@
+<!--
+	Invalid certificate:
+		email.centennialbulb.org
+		ftp.centennialbulb.org
+-->
+<ruleset name="centennialbulb.org">
+	<target host="centennialbulb.org" />
+	<target host="www.centennialbulb.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/central-lincs.org.uk.xml b/src/chrome/content/rules/central-lincs.org.uk.xml
new file mode 100644
index 000000000000..82684560df9c
--- /dev/null
+++ b/src/chrome/content/rules/central-lincs.org.uk.xml
@@ -0,0 +1,45 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://central-lincs.org.uk/ (200) => https://www.lincolnshire.gov.uk/central-lincolnshire/ (404)
+Non-2xx HTTP code: http://www.central-lincs.org.uk/ (200) => https://www.lincolnshire.gov.uk/central-lincolnshire/ (404)
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	(www.)?central-lincs.org.uk: Refused
+
+-->
+<ruleset name="Central-Lincs.org.uk" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="aurora.central-lincs.org.uk" />
+
+		<!--	$ shows default page, so:
+
+			(I do not know how to encode literal
+			backslashes in a way that relaxng
+			accepts... replacing '[^\\]'
+			with '.' does not help.)
+							-->
+		<!--test url="http://aurora.central-lincs.org.uk/map/Aurora.svc/run?script=\Shared+Services\JPU\JPUJS.AuroraScript%24&amp;resize=always&amp;x=488562.841&amp;y=361289.858&amp;scale=131072" /-->
+		<!--test url="http://aurora.central-lincs.org.uk/map/Aurora.svc/run?script=&#92;Shared+Services&#92;JPU&#92;JPUJS.AuroraScript%24&amp;resize=always&amp;x=488562.841&amp;y=361289.858&amp;scale=131072" /-->
+		<!--test url="http://aurora.central-lincs.org.uk/map/Aurora.svc/run?script=&#x5C;Shared+Services&#x5C;JPU&#x5C;JPUJS.AuroraScript%24&amp;resize=always&amp;x=488562.841&amp;y=361289.858&amp;scale=131072" /-->
+
+	<!--	Complications:
+				-->
+	<target host="central-lincs.org.uk" />
+	<target host="www.central-lincs.org.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?central-lincs\.org\.uk/"
+		to="https://www.lincolnshire.gov.uk/central-lincolnshire/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/centralindex.com.xml b/src/chrome/content/rules/centralindex.com.xml
new file mode 100644
index 000000000000..5c7951596426
--- /dev/null
+++ b/src/chrome/content/rules/centralindex.com.xml
@@ -0,0 +1,31 @@
+<!--
+	CDN buckets:
+
+		- dkthlrncwzdcx.cloudfront.net	← assets
+
+
+	Problematic hosts in *centralindex.com:
+
+		- assets ᵐ
+
+	ᵐ Cloudfront / mismatched
+
+
+	Note: platform is so as not to increase non-Tor
+	distinguishability, given that no pages are covered
+	and no mixed content secured.
+
+-->
+<ruleset name="centralindex.com" platform="mixedcontent">
+
+	<target host="assets.centralindex.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+		<test url="http://assets.centralindex.com/J/37/45232bb37600ae948dc5f1748b06f75f.png" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/centralops.net.xml b/src/chrome/content/rules/centralops.net.xml
new file mode 100644
index 000000000000..d15af58a2a62
--- /dev/null
+++ b/src/chrome/content/rules/centralops.net.xml
@@ -0,0 +1,6 @@
+<ruleset name="centralops.net">
+	<target host="centralops.net" />
+	<target host="www.centralops.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/centreformentalhealth.org.uk.xml b/src/chrome/content/rules/centreformentalhealth.org.uk.xml
new file mode 100644
index 000000000000..b61045961a63
--- /dev/null
+++ b/src/chrome/content/rules/centreformentalhealth.org.uk.xml
@@ -0,0 +1,34 @@
+<!--
+	^centreformentalhealth.org.uk does not exist.
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.centreformentalhealth.org.uk
+
+
+	Mixed content:
+
+		- css on www from fonts.googleapis.com ˢ
+		- Images on blog from www.centreformentalhealth.org.uk ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Centre for Mental Health.org.uk">
+
+	<target host="blog.centreformentalhealth.org.uk" />
+	<target host="www.centreformentalhealth.org.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.centreformentalhealth\.org\.uk$" name="^A(?:SP\.NET_SessionId|WSELB)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/centresdirect.co.uk.xml b/src/chrome/content/rules/centresdirect.co.uk.xml
new file mode 100644
index 000000000000..6fd1fc3fadab
--- /dev/null
+++ b/src/chrome/content/rules/centresdirect.co.uk.xml
@@ -0,0 +1,23 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- centresdirect.co.uk
+
+-->
+<ruleset name="Centres Direct.co.uk">
+
+	<target host="centresdirect.co.uk" />
+	<target host="www.centresdirect.co.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^centresdirect\.co\.uk$" name="^AFToken$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/centrify.com.xml b/src/chrome/content/rules/centrify.com.xml
new file mode 100644
index 000000000000..455f6f557e74
--- /dev/null
+++ b/src/chrome/content/rules/centrify.com.xml
@@ -0,0 +1,60 @@
+<!--
+
+	Nonfunctional hosts in *centrify.com:
+
+		- community ʳ
+
+	ʳ Refused
+
+
+	Problematic hosts in *centrify.com:
+
+		- uptime ᵐ	(StatusPage.io)
+
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .partners.centrify.com
+		- www.centrify.com
+		- .www.centrify.com
+
+
+	Mixed content:
+
+		- css on kibble from fonts.googleapis.com ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="Centrify.com">
+
+	<target host="centrify.com" />
+	<target host="www.centrify.com" />
+	<target host="blog.centrify.com" />
+	<target host="cloud.centrify.com" />
+	<target host="developer.centrify.com" />
+	<target host="docs.centrify.com" />
+	<target host="edge.centrify.com" />
+	<target host="emea.centrify.com" />
+	<target host="info.centrify.com" />
+	<target host="kibble.centrify.com" />
+	<target host="dmu.my.centrify.com" />
+	<target host="otps.my.centrify.com" />
+	<target host="partners.centrify.com" />
+	<target host="uptime.centrify.com" />
+
+		<!--	Mixed css from fonts.googleapis.com:
+								-->
+		<!--test url="http://kibble.centrify.com/vfslow/lib/docs/adminref/cloudhelp/SupportedDevices.html" /-->
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://uptime\.centrify\.com/"
+		to="https://centrify.statuspage.io/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/centrum.cz.xml b/src/chrome/content/rules/centrum.cz.xml
new file mode 100644
index 000000000000..cbcf29616582
--- /dev/null
+++ b/src/chrome/content/rules/centrum.cz.xml
@@ -0,0 +1,66 @@
+<!--
+	Other Centrum.cz rulesets:
+		- Atlas.sk
+		- Atlas.cz
+		- Centrum.sk
+
+	Nonfunctional subdomains:
+		- amplion.centrum.cz
+		- astrocafe.centrum.cz
+		- dovolena.centrum.cz
+		- gamescafe.centrum.cz
+		- geewa.gamescafe.centrum.cz
+		- info.stahuj.centrum.cz
+		- magazin.stahuj.centrum.cz
+		- napoveda.centrum.cz
+		- prace.centrum.cz
+		- realitymix.centrum.cz
+		- recepty.centrum.cz
+		- slovniky.centrum.cz
+		- stahuj.centrum.cz
+		- svatky.centrum.cz
+    - sw.centrum..cz
+		- tvprogram.centrum.cz
+		- user.stahuj.centrum.cz
+		- www.stahuj.centrum.cz
+		- zakony.centrum.cz
+
+	Mismatched:
+		- autorecenze.centrum.cz
+		- bleskove.centrum.cz
+		- bydleni.centrum.cz
+		- lite.mail.centrum.cz
+		- redir.centrum.cz
+		- spolubydlo.centrum.cz
+		- zbozi.centrum.cz
+-->
+<ruleset name="Centrum.cz">
+	<target host="centrum.cz" />
+	<target host="www.centrum.cz" />
+	<target host="admin-najisto.centrum.cz" />
+	<target host="aheslo.centrum.cz" />
+	<target host="aktualne.centrum.cz" />
+	<target host="areg.centrum.cz" />
+	<target host="atlas.centrum.cz" />
+	<target host="auser.centrum.cz" />
+	<target host="eventlog.centrum.cz" />
+	<target host="fotoalba.centrum.cz" />
+	<target host="heslo.centrum.cz" />
+	<target host="lite-mail.centrum.cz" />
+	<target host="mail.centrum.cz" />
+	<target host="m-amail.centrum.cz" />
+	<target host="m-mail.centrum.cz" />
+	<target host="najisto.centrum.cz" />
+	<target host="pusers.centrum.cz" />
+	<target host="reg.centrum.cz" />
+	<target host="user.centrum.cz" />
+	<target host="userhr.centrum.cz" />
+	<target host="xchat.centrum.cz" />
+	<target host="zena.centrum.cz" />
+
+	<rule from="^http://aktualne\.centrum\.cz/" to="https://www.aktualne.cz/" />
+	<rule from="^http://fotoalba\.centrum\.cz/" to="https://fotoalba.xchat.cz/" />
+	<rule from="^http://xchat\.centrum\.cz/" to="https://www.xchat.cz/" />
+	<rule from="^http://zena\.centrum\.cz/" to="https://www.zena.cz/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/centrum.sk.xml b/src/chrome/content/rules/centrum.sk.xml
new file mode 100644
index 000000000000..a46e58a0e7fa
--- /dev/null
+++ b/src/chrome/content/rules/centrum.sk.xml
@@ -0,0 +1,49 @@
+<!--
+	For other Centrum.cz coverage, see centrum.cz.xml.
+
+	http://centrum.sk redirects to http://www.centrum.sk
+	centrum.sk doesn't support HTTPS
+	www.centrum.sk supports HTTPS
+
+	Nonfunctional subdomains:
+		- automix.centrum.sk
+		- icqsearch.centrum.sk
+		- katalog.centrum.sk
+		- lepsiebyvanie.centrum.sk
+		- pobox.centrum.sk
+		- pohladnice.centrum.sk
+		- realitymix.centrum.sk
+		- search.centrum.sk
+
+	Mismatched:
+		- (www.)sw.centrum.sk
+		- lite.mail.centrum.sk
+		- m.pmail.centrum.sk
+		- mail08.centrum.sk
+		- my.centrum.sk
+-->
+<ruleset name="Centrum.sk">
+	<target host="centrum.sk" />
+	<target host="www.centrum.sk" />
+	<target host="aktualne.centrum.sk" />
+	<target host="auto.centrum.sk" />
+	<target host="heslo.centrum.sk" />
+	<target host="hokej.centrum.sk" />
+	<target host="mail.centrum.sk" />
+	<target host="pocasie.centrum.sk" />
+	<target host="preg.centrum.sk" />
+	<target host="puser.centrum.sk" />
+	<target host="recepty.centrum.sk" />
+	<target host="redir.centrum.sk" />
+	<target host="reg.centrum.sk" />
+	<target host="slovniky.centrum.sk" />
+	<target host="sutaze.centrum.sk" />
+	<target host="tv.centrum.sk" />
+	<target host="user.centrum.sk" />
+	<target host="zena.centrum.sk" />
+
+	<rule from="^http://centrum\.sk/"
+		to="https://www.centrum.sk/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ceop.police.uk.xml b/src/chrome/content/rules/ceop.police.uk.xml
new file mode 100644
index 000000000000..7c7b57b7dbc3
--- /dev/null
+++ b/src/chrome/content/rules/ceop.police.uk.xml
@@ -0,0 +1,27 @@
+<!--
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Insecure cookies are set for these hosts:
+
+		- ceop.police.uk
+		- www.ceop.police.uk
+
+-->
+<ruleset name="CEOP.police.uk">
+
+	<target host="ceop.police.uk" />
+	<target host="www.ceop.police.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?ceop\.police\.uk$" name="^BIGipServer" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/cer.org.uk.xml b/src/chrome/content/rules/cer.org.uk.xml
new file mode 100644
index 000000000000..959a3b058730
--- /dev/null
+++ b/src/chrome/content/rules/cer.org.uk.xml
@@ -0,0 +1,13 @@
+<ruleset name="CER.org.uk">
+
+	<target host="cer.org.uk" />
+	<target host="www.cer.org.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/certdepot.net.xml b/src/chrome/content/rules/certdepot.net.xml
new file mode 100644
index 000000000000..b577d6dfce81
--- /dev/null
+++ b/src/chrome/content/rules/certdepot.net.xml
@@ -0,0 +1,13 @@
+<ruleset name="CertDepot.net">
+
+	<target host="certdepot.net" />
+	<target host="www.certdepot.net" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/cesky-hosting.cz.xml b/src/chrome/content/rules/cesky-hosting.cz.xml
new file mode 100644
index 000000000000..28557f917d73
--- /dev/null
+++ b/src/chrome/content/rules/cesky-hosting.cz.xml
@@ -0,0 +1,46 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://webftp.cesky-hosting.cz/ => https://webftp.cesky-hosting.cz/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Non-2xx HTTP code: http://kochanski.mysql.cesky-hosting.cz/ (200) => https://kochanski.mysql.cesky-hosting.cz/ (401)
+Fetch error: http://mysql2.cesky-hosting.cz/ => https://mysql2.cesky-hosting.cz/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+
+	Mixed Content:
+	- files.cesky-hosting.cz
+
+	Mismatch:
+	- forum.cesky-hosting.cz
+	- tvar.cesky-hosting.cz
+	- opensource.cesky-hosting.cz
+
+-->
+<ruleset name="Český hosting" default_off="failed ruleset test">
+	<target host="cesky-hosting.cz" />
+	<target host="www.cesky-hosting.cz" />
+	<target host="webmail.cesky-hosting.cz" />
+	<target host="webmail2.cesky-hosting.cz" />
+	<target host="webftp.cesky-hosting.cz" />
+	<target host="mysql.cesky-hosting.cz" />
+	<target host="pgsql.cesky-hosting.cz" />
+	<target host="statistiky.cesky-hosting.cz" />
+	<target host="chat.cesky-hosting.cz" />
+	<target host="muj.cesky-hosting.cz" />
+	<target host="kochanski.mysql.cesky-hosting.cz" />
+	<target host="kryton.mysql.cesky-hosting.cz" />
+	<target host="mysql2.cesky-hosting.cz" />
+	<target host="selby.mysql.cesky-hosting.cz" />
+	<target host="chen.mysql.cesky-hosting.cz" />
+	<target host="toaster.mysql.cesky-hosting.cz" />
+	<target host="petersen.mysql.cesky-hosting.cz" />
+	<target host="kid.mysql.cesky-hosting.cz" />
+	<target host="sebastian.mysql.cesky-hosting.cz" />
+	<target host="epidem.mysql.cesky-hosting.cz" />
+	<target host="lister.mysql.cesky-hosting.cz" />
+	<target host="kamila.mysql.cesky-hosting.cz" />
+	<target host="baxter.mysql.cesky-hosting.cz" />
+	<target host="dibbley.mysql.cesky-hosting.cz" />
+	<target host="provize.cesky-hosting.cz" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/cgames.de.xml b/src/chrome/content/rules/cgames.de.xml
new file mode 100644
index 000000000000..cf212a7328dc
--- /dev/null
+++ b/src/chrome/content/rules/cgames.de.xml
@@ -0,0 +1,40 @@
+<!--
+	This domain contains a wildcard DNS record.
+
+	Invalid certificate:
+		- (www.)?cgames.de
+		- imaces.cgames.de
+-->
+<ruleset name="cgames.de">
+
+	<target host="10images.cgames.de" />
+		<test url="http://10images.cgames.de/images/gsgp/256/resident-evil-3-remake-testvideo-zum-n%C3%A4chsten-horror-highlight_6095999.jpg" />
+	<target host="1images.cgames.de" />
+		<test url="http://1images.cgames.de/images/gsgp/256/the-elder-scrolls-online-greymoor_6095900.jpg" />
+	<target host="2images.cgames.de" />
+		<test url="http://2images.cgames.de/images/gsgp/256/lamar-gta-5_6093651.jpg" />
+	<target host="3images.cgames.de" />
+		<test url="http://3images.cgames.de/images/gsgp/256/gaming-vors%C3%A4tze-f%C3%BCr-2020_6088052.jpg" />
+	<target host="4images.cgames.de" />
+		<test url="http://4images.cgames.de/images/gsgp/210/highlightbild-warum-eso-perfekt-ist-um-die-zeit-bis-elder-scrolls-6-zu-%C3%BCberbr%C3%BCcken_6096103.jpg" />
+	<target host="5images.cgames.de" />
+		<test url="http://5images.cgames.de/images/gsgp/256/captain-tsubasa_6089644.jpg" />
+	<target host="6images.cgames.de" />
+		<test url="http://6images.cgames.de/images/gsgp/256/itta_6096025.jpg" />
+	<target host="7images.cgames.de" />
+		<test url="http://7images.cgames.de/images/gsgp/256/resident-evil-3_6095896.jpg" />
+	<target host="8images.cgames.de" />
+		<test url="http://8images.cgames.de/images/gsgp/256/highlightbild-nier-automata-wirr-seltsam-deshalb-so-besonders_2787877.jpg" />
+	<target host="9images.cgames.de" />
+		<test url="http://9images.cgames.de/images/gsgp/256/neuer-final-fantasy-8-trailer-verr%C3%A4t-releasetermin-bald-gehts-los_6075988.jpg" />
+	<target host="files-gamez.cgames.de" />
+	<target host="images.cgames.de" />
+		<test url="http://images.cgames.de/images/gamepro/eCtixUeFx59ow41whleh_59344x66488.jpg" />
+	<target host="static.cgames.de" />
+		<test url="http://static.cgames.de/gp_cb/assets/core/js/jquery.event.swipe.js" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/cgsecurity.org.xml b/src/chrome/content/rules/cgsecurity.org.xml
new file mode 100644
index 000000000000..b4fc58bb5ba1
--- /dev/null
+++ b/src/chrome/content/rules/cgsecurity.org.xml
@@ -0,0 +1,12 @@
+<ruleset name="CGSecurity">
+
+	<target host="cgsecurity.org" />
+	<target host="www.cgsecurity.org" />
+	<target host="forum.cgsecurity.org" />
+	<target host="git.cgsecurity.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ch-open.ch.xml b/src/chrome/content/rules/ch-open.ch.xml
new file mode 100644
index 000000000000..582b8fc8344e
--- /dev/null
+++ b/src/chrome/content/rules/ch-open.ch.xml
@@ -0,0 +1,32 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.ch-open.ch
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Bug on www from $self ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="CH-Open.ch">
+
+	<target host="ch-open.ch" />
+	<target host="www.ch-open.ch" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.ch-open\.ch$" name="^fe_typo_user$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ch.ch.xml b/src/chrome/content/rules/ch.ch.xml
index 58d860122421..5f8a082869f5 100644
--- a/src/chrome/content/rules/ch.ch.xml
+++ b/src/chrome/content/rules/ch.ch.xml
@@ -2,9 +2,9 @@
     <target host="ch.ch" />
     <target host="*.ch.ch" />
 
-    <securecookie host="^\.ch\.ch$" name=".+" />
+    <securecookie host="^(?:www\.)?\.ch\.ch$" name=".+" />
 
-    <rule from="^https?://ch\.ch/"
+    <rule from="^http://ch\.ch/"
         to="https://www.ch.ch/" />
     <rule from="^http://([^/:@]+)?\.ch\.ch/"
         to="https://$1.ch.ch/" />
diff --git a/src/chrome/content/rules/chainfire.eu.xml b/src/chrome/content/rules/chainfire.eu.xml
new file mode 100644
index 000000000000..a833e2511f2c
--- /dev/null
+++ b/src/chrome/content/rules/chainfire.eu.xml
@@ -0,0 +1,33 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://gplus.chainfire.eu/ => https://gplus.chainfire.eu/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://usbhost.chainfire.eu/ => https://usbhost.chainfire.eu/: (60, 'SSL certificate problem: certificate has expired')
+
+acra.chainfire.eu ⁴
+suicon.chainfire.eu ⁴
+supersu.chainfire.eu ⁴
+triaway.chainfire.eu non-2xx http code
+www.usbhost.chainfire.eu ¹
+
+
+¹ mismatch
+⁴ self signed
+-->
+<ruleset name="chainfire.eu" default_off="failed ruleset test">
+	<target host="chainfire.eu" />
+	<target host="www.chainfire.eu" />
+	<target host="admin.chainfire.eu" />
+	<target host="autoroot.chainfire.eu" />
+	<target host="bench.chainfire.eu" />
+	<target host="download.chainfire.eu" />
+	<target host="flashfire.chainfire.eu" />
+	<target host="gplus.chainfire.eu" />
+	<target host="mmframework.chainfire.eu" />
+	<target host="modin.chainfire.eu" />
+	<target host="privacy.chainfire.eu" />
+	<target host="su.chainfire.eu" />
+	<target host="usbhost.chainfire.eu" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/championat-rostov.ru.xml b/src/chrome/content/rules/championat-rostov.ru.xml
new file mode 100644
index 000000000000..7b69285c12b7
--- /dev/null
+++ b/src/chrome/content/rules/championat-rostov.ru.xml
@@ -0,0 +1,6 @@
+<ruleset name="championat-rostov.ru">
+	<target host="championat-rostov.ru" />
+	<target host="www.championat-rostov.ru" />
+	<target host="2018.championat-rostov.ru" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/changeagain.me.xml b/src/chrome/content/rules/changeagain.me.xml
new file mode 100644
index 000000000000..6185d795da81
--- /dev/null
+++ b/src/chrome/content/rules/changeagain.me.xml
@@ -0,0 +1,25 @@
+<!--
+	www.changeagain.me: Differs from ^changeagain.me
+
+
+	Insecure cookies are set for these hosts:
+
+		- changeagain.me
+
+-->
+<ruleset name="ChangeAgain.me (partial)">
+
+	<target host="changeagain.me" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^changeagain\.me$" name="^(?:_changeagain_session|locale)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/changeinfo.ru.xml b/src/chrome/content/rules/changeinfo.ru.xml
new file mode 100644
index 000000000000..0764dc0c8f46
--- /dev/null
+++ b/src/chrome/content/rules/changeinfo.ru.xml
@@ -0,0 +1,12 @@
+<!--
+b.changeinfo.ru ³
+
+
+³ timed out
+-->
+<ruleset name="changeinfo.ru">
+	<target host="changeinfo.ru" />
+	<target host="www.changeinfo.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/charen.ch.xml b/src/chrome/content/rules/charen.ch.xml
new file mode 100644
index 000000000000..36a1780c367a
--- /dev/null
+++ b/src/chrome/content/rules/charen.ch.xml
@@ -0,0 +1,13 @@
+<ruleset name="charen.ch">
+
+	<target host="charen.ch" />
+	<target host="www.charen.ch" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/chatlio.com.xml b/src/chrome/content/rules/chatlio.com.xml
new file mode 100644
index 000000000000..51b561e34328
--- /dev/null
+++ b/src/chrome/content/rules/chatlio.com.xml
@@ -0,0 +1,40 @@
+<!--
+	CDN buckets:
+
+		- s3-us-west-2.amazonaws.com/static.chatlio.com/
+
+
+	Problematic hosts in *chatlio.com:
+
+		- status ᵐ
+		- www ʳ
+
+	ᵐ StatusPage.io / mismatched
+	ʳ Refused
+
+-->
+<ruleset name="Chatlio.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="chatlio.com" />
+
+	<!--	Complications:
+				-->
+	<target host="status.chatlio.com" />
+	<target host="www.chatlio.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://status\.chatlio\.com/"
+		to="https://chatlio.statuspage.io/" />
+
+	<rule from="^http://www\.chatlio\.com/"
+		to="https://chatlio.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/cheapandspeedytrafficschool.com.xml b/src/chrome/content/rules/cheapandspeedytrafficschool.com.xml
new file mode 100644
index 000000000000..0f4198e3bc02
--- /dev/null
+++ b/src/chrome/content/rules/cheapandspeedytrafficschool.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- cheapandspeedytrafficschool.com
+		- www.cheapandspeedytrafficschool.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Cheap And Speedy Traffic School.com">
+
+	<target host="cheapandspeedytrafficschool.com" />
+	<target host="www.cheapandspeedytrafficschool.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?cheapandspeedytrafficschool\.com$" name="^CF(?:GLOBALS|ID|TOKEN)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/cheapies.nz.xml b/src/chrome/content/rules/cheapies.nz.xml
new file mode 100644
index 000000000000..8087a6a2ff74
--- /dev/null
+++ b/src/chrome/content/rules/cheapies.nz.xml
@@ -0,0 +1,25 @@
+<!--
+	For other related rulesets, see OzBargain.com.au.xml
+
+
+	Non-functional subdomain:
+		- choicecheapies.co.nz		(mismatch hostname, CN: www.choicehcheapies.co.nz)
+-->
+<ruleset name="ChoiceCheapies">
+
+	<target host="cheapies.nz" />
+	<target host="www.cheapies.nz" />
+	<target host="files.cheapies.nz" />
+	<target host="choicecheapies.co.nz" />
+	<target host="www.choicecheapies.co.nz" />
+	<target host="files.choicecheapies.co.nz" />
+
+	<securecookie host="^www\.cheapies\.nz$" name=".+" />
+
+	<!-- mismatch hostname -->
+	<rule from="^http://choicecheapies\.co\.nz/"
+		to="https://www.choicecheapies.co.nz/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/cheat.sh.xml b/src/chrome/content/rules/cheat.sh.xml
new file mode 100644
index 000000000000..f3ab9f0503da
--- /dev/null
+++ b/src/chrome/content/rules/cheat.sh.xml
@@ -0,0 +1,10 @@
+<ruleset name="cheat.sh">
+	<target host="cheat.sh" />
+	<target host="*.cheat.sh" />
+		<test url="http://valid.cheat.sh/curl" />
+		<test url="http://example.cheat.sh/wget" />
+		<test url="http://test.cheat.sh/rpm" />
+		<test url="http://cheat.sh/apt" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/cheatography.com.xml b/src/chrome/content/rules/cheatography.com.xml
new file mode 100644
index 000000000000..fc4176329a3b
--- /dev/null
+++ b/src/chrome/content/rules/cheatography.com.xml
@@ -0,0 +1,29 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.cheatography.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Cheatography.com">
+
+	<target host="cheatography.com" />
+	<target host="media.cheatography.com" />
+	<target host="www.cheatography.com" />
+
+		<test url="http://media.cheatography.com/images/icons/bullet_orange.png" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.cheatography\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/checkbox.com.xml b/src/chrome/content/rules/checkbox.com.xml
new file mode 100644
index 000000000000..6fc180fab250
--- /dev/null
+++ b/src/chrome/content/rules/checkbox.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="Checkbox.com">
+
+	<target host="checkbox.com" />
+	<target host="www.checkbox.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/checkmyrota.com.xml b/src/chrome/content/rules/checkmyrota.com.xml
new file mode 100644
index 000000000000..49058240059e
--- /dev/null
+++ b/src/chrome/content/rules/checkmyrota.com.xml
@@ -0,0 +1,14 @@
+<!--
+	Invalid certificate:
+		old.checkmyrota.com
+
+-->
+<ruleset name="Checkmyrota">
+
+	<target host="checkmyrota.com" />
+	<target host="www.checkmyrota.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/chemguide.co.uk.xml b/src/chrome/content/rules/chemguide.co.uk.xml
new file mode 100644
index 000000000000..3e294485cbdc
--- /dev/null
+++ b/src/chrome/content/rules/chemguide.co.uk.xml
@@ -0,0 +1,6 @@
+<ruleset name="chemguide.co.uk">
+	<target host="chemguide.co.uk" />
+	<target host="www.chemguide.co.uk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/chemistryworld.com.xml b/src/chrome/content/rules/chemistryworld.com.xml
new file mode 100644
index 000000000000..d14d0429efe5
--- /dev/null
+++ b/src/chrome/content/rules/chemistryworld.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="chemistryworld.com">
+	<target host="chemistryworld.com" />
+	<target host="www.chemistryworld.com" />
+	<target host="account.chemistryworld.com" />
+	<target host="jobs.chemistryworld.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/cheshire.police.uk.xml b/src/chrome/content/rules/cheshire.police.uk.xml
new file mode 100644
index 000000000000..d033a112060e
--- /dev/null
+++ b/src/chrome/content/rules/cheshire.police.uk.xml
@@ -0,0 +1,18 @@
+<!--
+	For other UK government coverage, see GOV.UK.xml.
+
+-->
+<ruleset name="Cheshire.Police.uk">
+
+	<target host="cheshire.police.uk" />
+	<target host="www.cheshire.police.uk" />
+
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/cheshirepolicealert.co.uk.xml b/src/chrome/content/rules/cheshirepolicealert.co.uk.xml
new file mode 100644
index 000000000000..531d5f377f63
--- /dev/null
+++ b/src/chrome/content/rules/cheshirepolicealert.co.uk.xml
@@ -0,0 +1,13 @@
+<ruleset name="Cheshire Police Alert.co.uk">
+
+	<target host="cheshirepolicealert.co.uk" />
+	<target host="www.cheshirepolicealert.co.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/cheshirewestandchester.gov.uk.xml b/src/chrome/content/rules/cheshirewestandchester.gov.uk.xml
new file mode 100644
index 000000000000..9fafbed95451
--- /dev/null
+++ b/src/chrome/content/rules/cheshirewestandchester.gov.uk.xml
@@ -0,0 +1,93 @@
+<!--
+	Cheshire West & Chester Council
+
+	For rules causing false/broken MCB, see cheshirewestandchester.gov.uk-falsemixed.xml.
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *cheshirewestandchester.gov.uk:
+
+		- (www.)? ᵈ
+		- cmttpublic ⁴
+		- inside ᵃ
+		- mobile ᶠ
+		- opendata ᶠ
+		- pa ᵈ
+
+	⁴ 404
+	ᵃ Shows online.cheshirewestandchester.gov.uk
+	ᵈ Dropped
+	ᶠ Handshake fails
+
+
+	Problematic hosts in *cheshirewestandchester.gov.uk:
+
+		- apps ˣ
+		- consult ᵐ
+		- mylimehouse ᵐ
+
+	ᵐ Mismatched
+	ˣ Mixed css, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- apps.cheshirewestandchester.gov.uk
+		- online.cheshirewestandchester.gov.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css on apps from $self ˢ
+		- Images on apps from $self ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Cheshire West and Chester.gov.uk (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<!--target host="apps.cheshirewestandchester.gov.uk" /-->
+	<target host="online.cheshirewestandchester.gov.uk" />
+	<target host="schooladmissions.cheshirewestandchester.gov.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="consult.cheshirewestandchester.gov.uk" />
+	<target host="mylimehouse.cheshirewestandchester.gov.uk" />
+
+		<!--	Mixed css, sets cookie without Secure:
+								-->
+		<!--test url="http://apps.cheshirewestandchester.gov.uk/CWAC_SilverCloudSportsClubDatabase.htm" /-->
+
+		<!--	Set cookie without Secure:
+							-->
+		<!--test url="http://online.cheshirewestandchester.gov.uk/CustomerPortal" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^apps\.cheshirewestandchester\.gov\.uk$" name="^ASPSESSIONID[A-Z]{8}$" /-->
+	<!--securecookie host="^online\.cheshirewestandchester\.gov\.uk$" name="^__RequestVerificationToken" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://consult\.cheshirewestandchester\.gov\.uk/"
+		to="https://epnbc-consult.objective.co.uk/" />
+
+		<test url="http://consult.cheshirewestandchester.gov.uk/portal/contact_us" />
+
+	<rule from="^http://mylimehouse\.cheshirewestandchester\.gov\.uk/"
+		to="https://epnbc.objective.co.uk/" />
+
+		<test url="http://mylimehouse.cheshirewestandchester.gov.uk/portal/contact_us" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/chesterfield.gov.uk.xml b/src/chrome/content/rules/chesterfield.gov.uk.xml
new file mode 100644
index 000000000000..e810120d880a
--- /dev/null
+++ b/src/chrome/content/rules/chesterfield.gov.uk.xml
@@ -0,0 +1,43 @@
+<!--
+	Chesterfield Borough Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *chesterfield.gov.uk:
+
+		- (www.)? ᵈ
+		- legacy ᵈ
+		- planning ᵈ
+
+	ᵈ Dropped
+
+
+	Insecure cookies are set for these hosts:
+
+		- leisureonline.chesterfield.gov.uk
+		- secure.chesterfield.gov.uk
+
+-->
+<ruleset name="Chesterfield.gov.uk (partial)">
+
+	<target host="leisureonline.chesterfield.gov.uk" />
+	<target host="secure.chesterfield.gov.uk" />
+
+		<!--	Sets cookie without Secure:
+							-->
+		<!--test url="http://leisureonline.chesterfield.gov.uk/bookings" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^leisureonline\.chesterfield\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^secure\.chesterfield\.gov\.uk$" name="^ASPSESSIONID[A-Z]{8}$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/chetv.ru.xml b/src/chrome/content/rules/chetv.ru.xml
new file mode 100644
index 000000000000..af7925ecb44d
--- /dev/null
+++ b/src/chrome/content/rules/chetv.ru.xml
@@ -0,0 +1,13 @@
+<ruleset name="chetv.ru">
+	<target host="chetv.ru" />
+	<target host="www.chetv.ru" />
+	<target host="agent.chetv.ru" />
+	<target host="dobro.chetv.ru" />
+	<target host="les.chetv.ru" />
+	<target host="m.chetv.ru" />
+	<target host="new.chetv.ru" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/chichester.gov.uk-falsemixed.xml b/src/chrome/content/rules/chichester.gov.uk-falsemixed.xml
new file mode 100644
index 000000000000..31bf0ef54688
--- /dev/null
+++ b/src/chrome/content/rules/chichester.gov.uk-falsemixed.xml
@@ -0,0 +1,16 @@
+<!--
+	For rules not causing false/broken MCB, see chichester.gov.uk.xml.
+
+-->
+<ruleset name="Chichester.gov.uk (false MCB)" platform="mixedcontent">
+
+	<target host="mydistrict.chichester.gov.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/chichester.gov.uk.xml b/src/chrome/content/rules/chichester.gov.uk.xml
new file mode 100644
index 000000000000..07d2bd96be78
--- /dev/null
+++ b/src/chrome/content/rules/chichester.gov.uk.xml
@@ -0,0 +1,110 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://parking.chichester.gov.uk/ => https://parking.chichester.gov.uk/: (6, 'Could not resolve host: parking.chichester.gov.uk')
+Fetch error: http://westgateleisure.chichester.gov.uk/ => https://westgateleisure.chichester.gov.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'westgateleisure.chichester.gov.uk'")
+Fetch error: http://www.westgateleisure.chichester.gov.uk/ => https://www.westgateleisure.chichester.gov.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'www.westgateleisure.chichester.gov.uk'")
+
+	Chichester District Council
+
+	For rules causing false/broken MCB, see chichester.gov.uk-falsemixed.xml.
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *chichester.gov.uk:
+
+		- new ⁴
+
+	⁴ 404
+
+
+	Problematic hosts in *chichester.gov.uk:
+
+		- mydistrict ˣ
+
+	ˣ Mixed css; see see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+
+	These altnames do not exist:
+
+		- chichester.gov.uk
+
+
+	Insecure cookies are set for these hosts:
+
+		- mydistrict.chichester.gov.uk
+		- parking.chichester.gov.uk
+		- westgateleisure.chichester.gov.uk
+		- www.westgateleisure.chichester.gov.uk
+		- www.chichester.gov.uk
+
+
+	Mixed content:
+
+		- css on mydistrict from $self ˢ
+		- Images mydistrict from $self ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Chichester.gov.uk (partial)" default_off="failed ruleset test">
+
+	<target host="eforms.chichester.gov.uk" />
+	<target host="jobs.chichester.gov.uk" />
+	<!--target host="mydistrict.chichester.gov.uk" /-->
+	<target host="parking.chichester.gov.uk" />
+	<target host="publicaccess.chichester.gov.uk" />
+	<target host="westgateleisure.chichester.gov.uk" />
+	<target host="www.westgateleisure.chichester.gov.uk" />
+	<target host="www.chichester.gov.uk" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.chichester\.gov\.uk/(?:$|article/23431/A-to-Z$|fees$|home$|pollingstations$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.chichester\.gov\.uk/(?!/*(?:CHttpHandler\.ashx|contactus(?:$|\?)|images/|media/)|.+/(?:css|images|template)/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.chichester.gov.uk/adviceandstandards" />
+			<test url="http://www.chichester.gov.uk/article/23431/A-to-Z" />
+			<test url="http://www.chichester.gov.uk/carparkcharges" />
+			<test url="http://www.chichester.gov.uk/fees" />
+			<test url="http://www.chichester.gov.uk/helpwithhomelessness" />
+			<test url="http://www.chichester.gov.uk/home" />
+			<test url="http://www.chichester.gov.uk/licensingact" />
+			<test url="http://www.chichester.gov.uk/pestfees" />
+			<test url="http://www.chichester.gov.uk/planningadvice" />
+			<test url="http://www.chichester.gov.uk/pollingstations" />
+			<test url="http://www.chichester.gov.uk/seasontickets" />
+			<test url="http://www.chichester.gov.uk/studies" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.chichester.gov.uk/CHttpHandler.ashx?id=22902&amp;p=0" />
+			<test url="http://www.chichester.gov.uk/chichesterdotnet/css/font-awesome/css/font-awesome.min.css" />
+			<test url="http://www.chichester.gov.uk/chichesterdotnet/images/cdclogo.gif" />
+			<test url="http://www.chichester.gov.uk/chichesterdotnet/images/cdclogo.gif" />
+			<test url="http://www.chichester.gov.uk/chichesterdotnet/template/atozmetadata/css/atozmetadata.css" />
+			<test url="http://www.chichester.gov.uk/contactus" />
+			<test url="http://www.chichester.gov.uk/images/media/pdficon.gif" />
+			<test url="http://www.chichester.gov.uk/media/image/c/3/Buddy-web-normal.jpg" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^mydistrict\.chichester\.gov\.uk$" name="^(?:ASP\.NET_SessionId|atLocation|atMyCouncil|astun)$" /-->
+	<!--securecookie host="^parking\.chichester\.gov\.uk$" name="^ASPSESSIONID[A-Z]{8}$" /-->
+	<!--securecookie host="^(?:www\.)?westgateleisure\.chichester\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^www\.chichester\.gov\.uk$" name="^(?:ASP\.NET_SessionId|TextOnlyX|clientvars)$" /-->
+
+	<securecookie host="^(?!www\.)\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/childrenscommissioner.gov.uk.xml b/src/chrome/content/rules/childrenscommissioner.gov.uk.xml
new file mode 100644
index 000000000000..e4ba9c9d8ca9
--- /dev/null
+++ b/src/chrome/content/rules/childrenscommissioner.gov.uk.xml
@@ -0,0 +1,28 @@
+<!--
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	^childrenscommissioner.gov.uk: Dropped
+
+-->
+<ruleset name="Childrens Commissioner.gov.uk">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.childrenscommissioner.gov.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="childrenscommissioner.gov.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://childrenscommissioner\.gov\.uk/"
+		to="https://www.childrenscommissioner.gov.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/chinafile.com.xml b/src/chrome/content/rules/chinafile.com.xml
new file mode 100644
index 000000000000..71025c5fcd16
--- /dev/null
+++ b/src/chrome/content/rules/chinafile.com.xml
@@ -0,0 +1,27 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://chinafile.com/ => https://chinafile.com/: Too many redirects while fetching 'https://chinafile.com/'
+Fetch error: http://www.chinafile.com/ => https://www.chinafile.com/: Too many redirects while fetching 'https://www.chinafile.com/'
+
+	Problematic hosts in *chinafile.com:
+
+		- anticorruption ᶜ
+
+	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
+
+-->
+<ruleset name="ChinaFile.com (partial)" default_off="failed ruleset test">
+
+	<target host="chinafile.com" />
+	<!--target host="anticorruption.chinafile.com" /-->
+	<target host="www.chinafile.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/chipdip.ru.xml b/src/chrome/content/rules/chipdip.ru.xml
new file mode 100644
index 000000000000..510a3cb48bd6
--- /dev/null
+++ b/src/chrome/content/rules/chipdip.ru.xml
@@ -0,0 +1,15 @@
+<!--
+gw-2.chipdip.ru ²
+
+
+² refused
+-->
+<ruleset name="chipdip.ru">
+	<target host="chipdip.ru" />
+	<target host="www.chipdip.ru" />
+	<target host="lib.chipdip.ru" />
+	<target host="m.chipdip.ru" />
+	<target host="static.chipdip.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/chita.ru.xml b/src/chrome/content/rules/chita.ru.xml
new file mode 100644
index 000000000000..5a8ca23cf916
--- /dev/null
+++ b/src/chrome/content/rules/chita.ru.xml
@@ -0,0 +1,6 @@
+<ruleset name="chita.ru">
+	<target host="chita.ru" />
+	<target host="www.chita.ru" />
+	<target host="doska.chita.ru" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/chitaitext.ru.xml b/src/chrome/content/rules/chitaitext.ru.xml
new file mode 100644
index 000000000000..74f3a75d7a2f
--- /dev/null
+++ b/src/chrome/content/rules/chitaitext.ru.xml
@@ -0,0 +1,5 @@
+<ruleset name="chitaitext.ru">
+	<target host="chitaitext.ru" />
+	<target host="www.chitaitext.ru" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/chomikuj.pl.xml b/src/chrome/content/rules/chomikuj.pl.xml
new file mode 100644
index 000000000000..bf7be888b331
--- /dev/null
+++ b/src/chrome/content/rules/chomikuj.pl.xml
@@ -0,0 +1,57 @@
+<!--
+	For other Chomikuj coverage, see static-chomikuj.pl.xml.
+
+	Invalid certificate:
+		download.box.chomikuj.pl
+		darkorbit.chomikuj.pl
+		deepolis.chomikuj.pl
+		farmerama.chomikuj.pl
+		gangsofcrime.chomikuj.pl
+		gladiators.chomikuj.pl
+		mafia.chomikuj.pl
+		mailgate.chomikuj.pl
+
+	Time out:
+		beta.chomikuj.pl
+		bts.box.chomikuj.pl
+		dev-mobile.chomikuj.pl
+		imgsms.chomikuj.pl
+		s1.imgsms.chomikuj.pl
+		s2.imgsms.chomikuj.pl
+		mail.chomikuj.pl
+		music.chomikuj.pl
+		smtp.chomikuj.pl
+		smtp2.chomikuj.pl
+
+	Too many redirects:
+		crm.chomikuj.pl
+-->
+<ruleset name="chomikuj.pl">
+	<target host="chomikuj.pl" />
+	<target host="www.chomikuj.pl" />
+	<target host="box.chomikuj.pl" />
+	<target host="docs1.chomikuj.pl" />
+	<target host="docs10.chomikuj.pl" />
+	<target host="docs11.chomikuj.pl" />
+	<target host="docs12.chomikuj.pl" />
+	<target host="docs13.chomikuj.pl" />
+	<target host="docs14.chomikuj.pl" />
+	<target host="docs15.chomikuj.pl" />
+	<target host="docs16.chomikuj.pl" />
+	<target host="docs17.chomikuj.pl" />
+	<target host="docs18.chomikuj.pl" />
+	<target host="docs2.chomikuj.pl" />
+	<target host="docs3.chomikuj.pl" />
+	<target host="docs4.chomikuj.pl" />
+	<target host="docs5.chomikuj.pl" />
+	<target host="docs6.chomikuj.pl" />
+	<target host="docs7.chomikuj.pl" />
+	<target host="docs8.chomikuj.pl" />
+	<target host="docs9.chomikuj.pl" />
+	<target host="images.chomikuj.pl" />
+	<target host="mobile.chomikuj.pl" />
+	<target host="simg.chomikuj.pl" />
+	<target host="support.chomikuj.pl" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/chooseprivacyweek.org.xml b/src/chrome/content/rules/chooseprivacyweek.org.xml
new file mode 100644
index 000000000000..9a7136d03447
--- /dev/null
+++ b/src/chrome/content/rules/chooseprivacyweek.org.xml
@@ -0,0 +1,24 @@
+<!--
+	For other American Library Association coverage, see ALA.org.xml.
+
+
+	Mixed content:
+
+		- css from fonts.googleapis.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Choose Privacy Week.org">
+
+	<target host="chooseprivacyweek.org" />
+	<target host="www.chooseprivacyweek.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/chorley.gov.uk.xml b/src/chrome/content/rules/chorley.gov.uk.xml
new file mode 100644
index 000000000000..046532417fbe
--- /dev/null
+++ b/src/chrome/content/rules/chorley.gov.uk.xml
@@ -0,0 +1,54 @@
+<!--
+	Chorley Borough Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *chorley.gov.uk:
+
+		- (www.)? ⁴
+		- landcharges ᵈ
+		- main ⁴
+		- website ⁴
+
+	⁴ 404
+	ᵈ Dropped
+
+
+	Problematic hosts in *chorley.gov.uk:
+
+		- ecitizen ᶜ
+
+	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
+
+
+	Insecure cookies are set for these hosts:
+
+		- democracy.chorley.gov.uk
+		- ecitizen.chorley.gov.uk
+		- guag.chorley.gov.uk
+		- myaccount.chorley.gov.uk
+
+-->
+<ruleset name="Chorley.gov.uk (partial)">
+
+	<target host="democracy.chorley.gov.uk" />
+	<!--target host="ecitizen.chorley.gov.uk" /-->
+	<target host="guag.chorley.gov.uk" />
+	<target host="myaccount.chorley.gov.uk" />
+	<target host="planning.chorley.gov.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:democracy|myaccount)\.chorley\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^ecitizen\.chorley\.gov\.uk$" name="^ASPSESSIONID[A-Z]{8}$" /-->
+	<!--securecookie host="^guag\.chorley\.gov\.uk$" name="^(?:ASP\.NET_SessionId|SessionId|eCommunityEventsSessionId)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/chrdnet.com.xml b/src/chrome/content/rules/chrdnet.com.xml
new file mode 100644
index 000000000000..34ddf3d37e3f
--- /dev/null
+++ b/src/chrome/content/rules/chrdnet.com.xml
@@ -0,0 +1,35 @@
+<!--
+	 Chinese Human Rights Defenders
+
+
+	Insecure cookies are set for these hosts:
+
+		- chrdnet.com
+		- www.chrdnet.com
+
+
+	Mixed content:
+
+		- css from fonts.googleapis.com ˢ
+		- Image from $self ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="CHRnet.com">
+
+	<target host="chrdnet.com" />
+	<target host="www.chrdnet.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?chrdnet\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/chronox.de.xml b/src/chrome/content/rules/chronox.de.xml
new file mode 100644
index 000000000000..ad0cd725e5f5
--- /dev/null
+++ b/src/chrome/content/rules/chronox.de.xml
@@ -0,0 +1,6 @@
+<ruleset name="chronox.de">
+	<target host="chronox.de" />
+	<target host="www.chronox.de" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/chrs-mln-krs.com.xml b/src/chrome/content/rules/chrs-mln-krs.com.xml
new file mode 100644
index 000000000000..abbb7d7204fb
--- /dev/null
+++ b/src/chrome/content/rules/chrs-mln-krs.com.xml
@@ -0,0 +1,23 @@
+<!--
+	For other Lead Forensics coverage, see Lead_Forensics.com.xml.
+
+
+	^chrs-mln-krs.com: Refused
+	www.chrs-mln-krs.com: Mismatched
+
+-->
+<ruleset name="chrs-mln-krs.com">
+
+	<!--	Complications:
+				-->
+	<target host="chrs-mln-krs.com" />
+	<target host="www.chrs-mln-krs.com" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?chrs-mln-krs\.com/"
+		to="https://secure.leadforensics.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/chtn.org.xml b/src/chrome/content/rules/chtn.org.xml
new file mode 100644
index 000000000000..e9d91a5cd0ef
--- /dev/null
+++ b/src/chrome/content/rules/chtn.org.xml
@@ -0,0 +1,18 @@
+<!--
+	Cooperative Human Tissue Network
+
+
+-->
+<ruleset name="CHTN.org">
+
+	<target host="chtn.org" />
+	<target host="www.chtn.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/chuapp.com.xml b/src/chrome/content/rules/chuapp.com.xml
new file mode 100644
index 000000000000..68fab885c5e3
--- /dev/null
+++ b/src/chrome/content/rules/chuapp.com.xml
@@ -0,0 +1,22 @@
+<!--
+	MCB:
+		www.chuapp.com
+		(No function broken.
+		https://github.com/gloomy-ghost/UpgradeMixedContent may help you get font and js all.)
+
+	Invalid certificate:
+		img.chuapp.com  equal to www.chuapp.com
+		baodao.chuapp.com
+		m.chuapp.com
+		ypw.chuapp.com
+-->
+<ruleset name="chuapp.com (partial)">
+	<target host="chuapp.com" />
+	<target host="www.chuapp.com" />
+	<target host="img.chuapp.com" />
+		<test url="http://img.chuapp.com/Public/Home/images/logo90x40.jpg" />
+
+	<rule from="^http://img\.chuapp\.com/" to="https://www.chuapp.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/cihan.com.tr.xml b/src/chrome/content/rules/cihan.com.tr.xml
new file mode 100644
index 000000000000..0ebafccc3af4
--- /dev/null
+++ b/src/chrome/content/rules/cihan.com.tr.xml
@@ -0,0 +1,57 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://medya.cihan.com.tr/import/images/logo/cihan_logo.png => https://medya.cihan.com.tr/import/images/logo/cihan_logo.png: (51, "SSL: no alternative certificate subject name matches target host name 'medya.cihan.com.tr'")
+Fetch error: http://cihan.com.tr/ => https://cihan.com.tr/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://medya.cihan.com.tr/ => https://medya.cihan.com.tr/: (51, "SSL: no alternative certificate subject name matches target host name 'medya.cihan.com.tr'")
+Fetch error: http://www.cihan.com.tr/ => https://www.cihan.com.tr/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+
+	Problematic hosts in *cihan.com.tr:
+
+		- video2 ᵐ
+
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- cihan.com.tr
+		- .cihan.com.tr
+		- www.cihan.com.tr
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- (www.)? from medya.cihan.com.tr ˢ
+			- (www.)? from video2.cihan.com.tr
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Cihan.com.tr (partial)" default_off="failed ruleset test">
+
+	<target host="cihan.com.tr" />
+	<target host="medya.cihan.com.tr" />
+	<target host="www.cihan.com.tr" />
+
+		<test url="http://medya.cihan.com.tr/import/images/logo/cihan_logo.png" />
+		<!--test url="http://video2.cihan.com.tr/dl2/5ea2937fa050f33d0a0188bf9ca9bd61/53756e20/thumb/08-05-2016/2071094_0.jpg" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?cihan\.com\.tr$" name="^(?:JSESSIONID$|NSC_)" /-->
+	<!--securecookie host="^\.cihan\.com\.tr$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/cincinnatizoo.org.xml b/src/chrome/content/rules/cincinnatizoo.org.xml
new file mode 100644
index 000000000000..32f3c84008d9
--- /dev/null
+++ b/src/chrome/content/rules/cincinnatizoo.org.xml
@@ -0,0 +1,27 @@
+<!--
+	Invalid certificate:
+		sip.cincinnatizoo.org
+
+	Time out:
+		email.cincinnatizoo.org
+		membership.cincinnatizoo.org
+		portal.cincinnatizoo.org
+-->
+<ruleset name="cincinnatizoo.org">
+	<target host="cincinnatizoo.org" />
+	<target host="www.cincinnatizoo.org" />
+	<target host="autodiscover.cincinnatizoo.org" />
+	<target host="blog.cincinnatizoo.org" />
+	<target host="dragons.cincinnatizoo.org" />
+	<target host="host.cincinnatizoo.org" />
+	<target host="remotemail.cincinnatizoo.org" />
+	<target host="projectsavingspecies.cincinnatizoo.org" />
+	<target host="rews.cincinnatizoo.org" />
+	<target host="staging.cincinnatizoo.org" />
+	<target host="store.cincinnatizoo.org" />
+	<target host="tickets.cincinnatizoo.org" />
+	<target host="ticketstore.cincinnatizoo.org" />
+	<target host="volunteers.cincinnatizoo.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/circle.org.uk.xml b/src/chrome/content/rules/circle.org.uk.xml
new file mode 100644
index 000000000000..ba605383aa89
--- /dev/null
+++ b/src/chrome/content/rules/circle.org.uk.xml
@@ -0,0 +1,60 @@
+<!--
+	Circle Housing
+
+
+	Problematic hosts in *circle.org.uk:
+
+		- m ᵉ
+		- newsroom ᵐ
+		- uat ᵉ
+
+	ᵉ Expired
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- circle.org.uk
+		- newsroom.circle.org.uk
+		- www.circle.org.uk
+
+-->
+<ruleset name="Circle.org.uk (partial)">
+
+	<target host="circle.org.uk" />
+	<target host="www.circle.org.uk" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://(?:www\.)?circle\.org\.uk/(?:Pay_it|Pay_it/Request_or_view_rent_information|circle33/your-home/safety-advice/Adult_Safety|get-involved/customer-views-team)?$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://(?:www\.)?circle\.org\.uk/(?!/*(?:~/media|css|img)/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://circle.org.uk/Pay_it" />
+			<test url="http://circle.org.uk/Pay_it/Request_or_view_rent_information" />
+			<test url="http://www.circle.org.uk/circle33/your-home/safety-advice/Adult_Safety" />
+			<test url="http://www.circle.org.uk/get-involved/customer-views-team" />
+
+			<!--	-ve:
+					-->
+			<test url="http://circle.org.uk/~/media/D61EB006CC0C4EDBA93BAEE959A3E5AB.png" />
+			<test url="http://www.circle.org.uk/css/print.css" />
+			<test url="http://www.circle.org.uk/img/icon-search.png" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?circle\.org\.uk$" name="^sc_expview$" /-->
+	<!--securecookie host="^newsroom\.circle\.org\.uk$" name="^PPSESSION$" /-->
+
+	<!--securecookie host="^\w" name="." /-->
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/circlegroup.org.uk.xml b/src/chrome/content/rules/circlegroup.org.uk.xml
new file mode 100644
index 000000000000..c49fa6179009
--- /dev/null
+++ b/src/chrome/content/rules/circlegroup.org.uk.xml
@@ -0,0 +1,56 @@
+<!--
+	Note: platform is so as not to increase non-Tor
+	distinguishability, given that no pages are covered
+	and no mixed content secured.
+
+
+	Problematic hosts in *circlegroup.org.uk:
+
+		- careers ᵐ
+
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- careers.circlegroup.org.uk
+		- www.circlegroup.org.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Circle Group.org.uk (partial)" platform="mixedcontent">
+
+	<target host="www.circlegroup.org.uk" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.circlegroup\.org\.uk/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.circlegroup\.org\.uk/(?!/*(?:css|img|~/media)/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.circlegroup.org.uk/inside-circle/development" />
+			<test url="http://www.circlegroup.org.uk/investing" />
+			<test url="http://www.circlegroup.org.uk/our-group/social-housing/Circle_Housing_Roddons" />
+			<test url="http://www.circlegroup.org.uk/our-passion/energy-and-fuel-poverty" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.circlegroup.org.uk/css/quiz.css" />
+			<test url="http://www.circlegroup.org.uk/img/icon-search.png" />
+			<test url="http://www.circlegroup.org.uk/~/media/50506DE4046F4ADFA67000CC25F3EDDE.png?w=25&amp;la=en" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:careers|www)\.circlegroup\.org\.uk$" name="^sc_expview$" /-->
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/circuitlab.com.xml b/src/chrome/content/rules/circuitlab.com.xml
new file mode 100644
index 000000000000..29fd6255dc08
--- /dev/null
+++ b/src/chrome/content/rules/circuitlab.com.xml
@@ -0,0 +1,14 @@
+<ruleset name="CircuitLab.com">
+
+	<target host="circuitlab.com" />
+	<target host="www.circuitlab.com" />
+
+
+	<securecookie host="^\." name="^__qca" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/citilink.ru.xml b/src/chrome/content/rules/citilink.ru.xml
new file mode 100644
index 000000000000..a0d84359fa14
--- /dev/null
+++ b/src/chrome/content/rules/citilink.ru.xml
@@ -0,0 +1,66 @@
+<!--
+cl1.citilink.ru ³
+cl2.citilink.ru ³
+cl3.citilink.ru ³
+cl4.citilink.ru ³
+login.forum.citilink.ru ¹
+img.citilink.ru ³
+www.job.citilink.ru ¹
+static.login.citilink.ru ¹
+ns1.citilink.ru ³
+ns2.citilink.ru ³
+rrstatic.citilink.ru ¹
+items.s3.citilink.ru ¹
+ns.sinus.citilink.ru ¹
+sd-dev.stage.citilink.ru ¹
+www.www.citilink.ru ¹
+exnlfx9xknrlxldv.www.citilink.ru ¹
+job.citilink.ru mixed content
+
+
+¹ mismatch
+³ timed out
+-->
+<ruleset name="citilink.ru">
+	<target host="citilink.ru" />
+	<target host="www.citilink.ru" />
+	<target host="api.citilink.ru" />
+	<target host="astr.citilink.ru" />
+	<target host="clicks.citilink.ru" />
+	<target host="cms.citilink.ru" />
+	<target host="forum.citilink.ru" />
+	<target host="kzn.citilink.ru" />
+	<target host="login.citilink.ru" />
+	<target host="m.citilink.ru" />
+	<target host="mail.citilink.ru" />
+	<target host="nabchl.citilink.ru" />
+	<target host="note.citilink.ru" />
+	<target host="novrs.citilink.ru" />
+	<target host="s1.citilink.ru" />
+	<target host="actions.s1.citilink.ru" />
+	<target host="avatar.s1.citilink.ru" />
+	<target host="banners.s1.citilink.ru" />
+	<target host="content.s1.citilink.ru" />
+	<target host="items.s1.citilink.ru" />
+	<target host="items-attachments.s1.citilink.ru" />
+	<target host="review.s1.citilink.ru" />
+	<target host="storepup.s1.citilink.ru" />
+	<target host="used.s1.citilink.ru" />
+	<target host="user-items.s1.citilink.ru" />
+	<target host="s2.citilink.ru" />
+	<target host="samara.citilink.ru" />
+	<target host="sd.citilink.ru" />
+	<target host="sd1.citilink.ru" />
+	<target host="sd2.citilink.ru" />
+	<target host="sinus.citilink.ru" />
+	<target host="smr.citilink.ru" />
+	<target host="spb.citilink.ru" />
+	<target host="static.citilink.ru" />
+	<target host="static-promo.citilink.ru" />
+	<target host="tagil.citilink.ru" />
+	<target host="vlg.citilink.ru" />
+	<target host="ws.citilink.ru" />
+	<target host="ww.citilink.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/citizensadvice.org.uk.xml b/src/chrome/content/rules/citizensadvice.org.uk.xml
new file mode 100644
index 000000000000..0bcaf7abdf71
--- /dev/null
+++ b/src/chrome/content/rules/citizensadvice.org.uk.xml
@@ -0,0 +1,77 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://citizensadvice.org.uk/ => https://citizensadvice.org.uk/: (28, 'Connection timed out after 20001 milliseconds')
+
+	The National Association of Citizens Advice Bureaux
+
+	For rules causing false/broken MCB, see citizensadvice.org.uk-falsemixed.xml.
+
+
+	CDN buckets:
+
+		- cab-labs-dashboard.s3-website-eu-west-1.amazonaws.com
+
+
+	Problematic hosts in *citizensadvice.org.uk:
+
+		- ^ ᵈ
+		- alphablog ˣ
+
+	ᵈ Dropped
+	ˣ Mixed content
+
+
+	These altnames do not exist:
+
+		- www.energycompare.citizensadvice.org.uk
+
+
+	Insecure cookies are set for these hosts:
+
+		- alphablog.citizensadvice.org.uk
+		- blogs.citizensadvice.org.uk
+		- energycompare.citizensadvice.org.uk
+		- www.citizensadvice.org.uk
+
+
+	Mixed content:
+
+		- css on alphablog from $self ˢ
+
+		- Images, on:
+
+			- alphablog from blog.cab-alpha.org.uk
+			- alphablog from $self ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="Citizens Advice.org.uk (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<!--target host="alphablog.citizensadvice.org.uk" /-->
+	<target host="blogs.citizensadvice.org.uk" />
+	<target host="citizensadvice.citizensadvice.org.uk" />
+	<target host="energycompare.citizensadvice.org.uk" />
+	<target host="www.citizensadvice.org.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="citizensadvice.org.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^blogs\.citizensadvice\.org\.uk$" name="^wfvt_-\d+$" /-->
+	<!--securecookie host="^(?:alphablog|www)\.citizensadvice\.org\.uk$" name="^AWSELB$" /-->
+	<!--securecookie host="^energycompare\.citizensadvice\.org\.uk$" name="^aff(?:CookieID|Expiration|iliateID)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/civica.co.uk.xml b/src/chrome/content/rules/civica.co.uk.xml
new file mode 100644
index 000000000000..9cc99ab995e3
--- /dev/null
+++ b/src/chrome/content/rules/civica.co.uk.xml
@@ -0,0 +1,42 @@
+<!--
+	Other Civica Group rulesets:
+
+		- Civica_ePay.co.uk.xml
+		- spydus.co.uk.xml
+
+
+	Nonfunctional hosts in *civica.co.uk:
+
+		- expoprogramme ᵃ
+
+	ᵃ Shows another domain
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- civica.co.uk
+		- conference.civica.co.uk
+		- www.civica.co.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Civica.co.uk (partial)">
+
+	<target host="civica.co.uk" />
+	<target host="conference.civica.co.uk" />
+	<target host="www.civica.co.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?civica\.co\.uk$" name="^ISAWPLB\{[\dA-F]{8}(?:-[\dA-F]{4}){3}-[\dA-F]{12}\}$" /-->
+	<!--securecookie host="^conference\.civica\.co\.uk$" name="^(?:_civica_session|ISAWPLB\{[\dA-F]{8}(?:-[\dA-F]{4}){3}-[\dA-F]{12}\})$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/civicalg.com.au.xml b/src/chrome/content/rules/civicalg.com.au.xml
new file mode 100644
index 000000000000..bbbde4c08be2
--- /dev/null
+++ b/src/chrome/content/rules/civicalg.com.au.xml
@@ -0,0 +1,22 @@
+<!--
+	Nonfunctional hosts in *civicalg.com.au:
+
+		- elearning ᵃ
+
+	ᵃ Shows another domain
+
+-->
+<ruleset name="Civica LG.com.au (partial)">
+
+	<target host="civicalg.com.au" />
+	<target host="heatss.civicalg.com.au" />
+	<target host="www.civicalg.com.au" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/civil-forum.ru.xml b/src/chrome/content/rules/civil-forum.ru.xml
new file mode 100644
index 000000000000..d368b5816f76
--- /dev/null
+++ b/src/chrome/content/rules/civil-forum.ru.xml
@@ -0,0 +1,13 @@
+<!--
+2013.civil-forum.ru ¹
+2016.civil-forum.ru ¹
+
+
+¹ mismatch
+-->
+<ruleset name="civil-forum.ru">
+	<target host="civil-forum.ru" />
+	<target host="www.civil-forum.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/civilservice.gov.uk.xml b/src/chrome/content/rules/civilservice.gov.uk.xml
new file mode 100644
index 000000000000..a528e4169de1
--- /dev/null
+++ b/src/chrome/content/rules/civilservice.gov.uk.xml
@@ -0,0 +1,157 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.digitalmarketplace.civilservice.gov.uk/ => https://www.digitalmarketplace.civilservice.gov.uk/: (6, 'Could not resolve host: www.digitalmarketplace.civilservice.gov.uk')
+Fetch error: http://www.faststream.civilservice.gov.uk/ => https://www.faststream.civilservice.gov.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'www.faststream.civilservice.gov.uk'")
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *civilservice.gov.uk:
+
+		- agile ᵈ
+		- faststream ᵈ
+
+	ᵈ Dropped
+
+
+	Problematic hosts in *civilservice.gov.uk:
+
+		- (www.)? ᵐ
+		- www.faststream ᵐ
+		- gcloud ᵐ
+		- it ᵈ
+		- my ᵐ
+		- resources ᵐ
+
+	ᵈ Dropped
+	ᵐ Mismatched
+
+
+	Partially covered hosts in *civilservice.gov.uk:
+
+		- (www.)? *
+		- faststream *
+		- gcloud *
+		- my *
+		- resources *
+
+	* Pattern of redirection is not simple
+
+
+	Insecure cookies are set for these hosts:
+
+		- civilservicelearning.civilservice.gov.uk
+		- gcs.civilservice.gov.uk
+		- gss.civilservice.gov.uk
+
+
+	These altnames do not exist:
+
+		- www.gss.civilservice.gov.uk
+
+-->
+<ruleset name="Civil Service.gov.uk (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="civilservicelearning.civilservice.gov.uk" />
+	<target host="www.digitalmarketplace.civilservice.gov.uk" />
+	<target host="gcs.civilservice.gov.uk" />
+	<target host="gss.civilservice.gov.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="civilservice.gov.uk" />
+	<target host="faststream.civilservice.gov.uk" />
+	<target host="www.faststream.civilservice.gov.uk" />
+	<target host="gcloud.civilservice.gov.uk" />
+	<target host="it.civilservice.gov.uk" />
+	<target host="my.civilservice.gov.uk" />
+	<target host="resources.civilservice.gov.uk" />
+	<target host="www.civilservice.gov.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^civilservicelearning\.civilservice\.gov\.uk$" name="^b1P$" /-->
+	<!--securecookie host="^gcs\.civilservice\.gov\.uk$" name="^AWSELB$" /-->
+	<!--securecookie host="^gss\.civilservice\.gov\.uk$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<!--	Redirect drops forward slash and args:
+							-->
+	<rule from="^http://(?:(?:my|resources|www)\.)?civilservice\.gov\.uk/.*"
+		to="https://www.gov.uk/government/organisations/civil-service" />
+
+		<!--	/*\w does not redirect:
+						-->
+		<exclusion pattern="^http://(?:(?:my|resources|www)\.)?civilservice\.gov\.uk/+(?!$|\?)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://civilservice.gov.uk/default.aspx" />
+			<test url="http://civilservice.gov.uk/index.htm" />
+			<test url="http://my.civilservice.gov.uk/default.aspx" />
+			<test url="http://my.civilservice.gov.uk/index.htm" />
+			<test url="http://resources.civilservice.gov.uk/default.aspx" />
+			<test url="http://resources.civilservice.gov.uk/index.htm" />
+			<test url="http://www.civilservice.gov.uk/default.aspx" />
+			<test url="http://www.civilservice.gov.uk/index.htm" />
+
+	<!--	Redirect drops forward slash and args:
+							-->
+	<rule from="^http://faststream\.civilservice\.gov\.uk/.*"
+		to="https://www.gov.uk/faststream" />
+
+		<!--	/*\w does not redirect:
+						-->
+		<exclusion pattern="^http://faststream\.civilservice\.gov\.uk/+(?!$|\?)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://faststream.civilservice.gov.uk/default.aspx" />
+			<test url="http://faststream.civilservice.gov.uk/index.htm" />
+			<test url="http://faststream.civilservice.gov.uk/index.html" />
+			<test url="http://faststream.civilservice.gov.uk/index.jsp" />
+			<test url="http://faststream.civilservice.gov.uk/index.php" />
+
+			<!--	-ve:
+					-->
+			<test url="http://faststream.civilservice.gov.uk/?" />
+
+	<!--	Redirect drops forward slash and args:
+							-->
+	<rule from="^http://gcloud\.civilservice\.gov\.uk/.*"
+		to="https://www.gov.uk/how-to-use-cloudstore" />
+
+		<!--	/*\w does not redirect:
+						-->
+		<exclusion pattern="^http://gcloud\.civilservice\.gov\.uk/+(?!$|\?)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://gcloud.civilservice.gov.uk/default.aspx" />
+			<test url="http://gcloud.civilservice.gov.uk/index.htm" />
+			<test url="http://gcloud.civilservice.gov.uk/index.html" />
+			<test url="http://gcloud.civilservice.gov.uk/index.jsp" />
+			<test url="http://gcloud.civilservice.gov.uk/index.php" />
+
+			<!--	-ve:
+					-->
+			<test url="http://gcloud.civilservice.gov.uk/?" />
+
+	<!--	Redirect drops forward slash
+		and path, but not args:
+					-->
+	<rule from="^http://it\.civilservice\.gov\.uk/[^?]*"
+		to="https://www.gov.uk/government/organisations/civil-service-government-it-profession/about/" />
+
+		<test url="http://it.civilservice.gov.uk/default.aspx" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/civilserviceworld.com.xml b/src/chrome/content/rules/civilserviceworld.com.xml
new file mode 100644
index 000000000000..21aefc028957
--- /dev/null
+++ b/src/chrome/content/rules/civilserviceworld.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Mixed content:
+
+		- Images, from:
+
+			- $self ˢ
+			- media.dods.co.uk
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Civil Service World.com">
+
+	<target host="civilserviceworld.com" />
+	<target host="www.civilserviceworld.com" />
+
+
+	<securecookie host="^\." name="^_ga" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/civitas.ru.xml b/src/chrome/content/rules/civitas.ru.xml
new file mode 100644
index 000000000000..2370b5f4d88f
--- /dev/null
+++ b/src/chrome/content/rules/civitas.ru.xml
@@ -0,0 +1,14 @@
+<!--
+mail.civitas.ru ¹
+
+
+¹ mismatch
+-->
+<ruleset name="civitas.ru">
+	<target host="civitas.ru" />
+	<target host="www.civitas.ru" />
+	<target host="old.civitas.ru" />
+	<target host="www.old.civitas.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ck12.org.xml b/src/chrome/content/rules/ck12.org.xml
new file mode 100644
index 000000000000..8d90f15627e2
--- /dev/null
+++ b/src/chrome/content/rules/ck12.org.xml
@@ -0,0 +1,38 @@
+<!--
+	CDN buckets:
+
+		- d7xhsdl7qa50.cloudfront.net
+
+
+	Nonfunctional hosts in *ck12.org:
+
+		- interactives ᵈ
+
+	ᵈ Dropped
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.ck12.org
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="CK12.org (partial)">
+
+	<target host="ck12.org" />
+	<target host="www.ck12.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.ck12\.org$" name="^flxweb_role$" /-->
+
+	<securecookie host="^\." name="^(?:_ga|optimizely)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/clahub.com.xml b/src/chrome/content/rules/clahub.com.xml
new file mode 100644
index 000000000000..1ca49cc8ace0
--- /dev/null
+++ b/src/chrome/content/rules/clahub.com.xml
@@ -0,0 +1,12 @@
+<!--
+blog.clahub.com ¹
+
+
+¹ mismatch
+-->
+<ruleset name="clahub.com">
+	<target host="clahub.com" />
+	<target host="www.clahub.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/classistatic.com.xml b/src/chrome/content/rules/classistatic.com.xml
new file mode 100644
index 000000000000..0d95dc4e1625
--- /dev/null
+++ b/src/chrome/content/rules/classistatic.com.xml
@@ -0,0 +1,49 @@
+<!--
+	Non-functional subdomains:
+		- classistatic.com	(r)
+		- ac	(m)
+		- api	(r)
+		- api-am	(r)
+		- api-p	(r)
+		- api-pdr	(r)
+		- ext	(m)
+		- gumtree	(m)
+		- img1	(m)
+		- imgc	(m)
+		- include	(m)
+		- inc.latam	(m)
+		- origin-static.m	(i)
+		- static.m	(m)
+		- img.mp	(r)
+		- origin-secureinclude	(r)
+		- origin-securem	(i)
+		- origin-securepic	(r)
+		- pic	(m)
+		- polaris	(r)
+		- secureinclude	(m)
+		- securem	(m)
+		- securepic	(m)
+		- inc.t9	(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="classistatic.com">
+
+	<target host="ca.classistatic.com" />
+	<target host="ca-lp2.classistatic.com" />
+	<target host="img.classistatic.com" />
+	<target host="origin-ca.classistatic.com" />
+	<target host="securelatam.classistatic.com" />
+	<target host="securet9.classistatic.com" />
+	<target host="ssl-gumtree.classistatic.com" />
+		<test url="http://ssl-gumtree.classistatic.com/cached/img/svg/google-play.svg" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/classy.org.xml b/src/chrome/content/rules/classy.org.xml
new file mode 100644
index 000000000000..26346fe15412
--- /dev/null
+++ b/src/chrome/content/rules/classy.org.xml
@@ -0,0 +1,28 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- classy.org
+		- www.classy.org
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Classy.org">
+
+	<target host="classy.org" />
+	<target host="www.classy.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?classy\.org$" name="^AWSELB$" /-->
+
+	<securecookie host=".+" name="^optimizely" />
+	<securecookie host="^\." name="^__qca$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/claymath.org.xml b/src/chrome/content/rules/claymath.org.xml
new file mode 100644
index 000000000000..22d70ece89e7
--- /dev/null
+++ b/src/chrome/content/rules/claymath.org.xml
@@ -0,0 +1,9 @@
+<!--
+	Wildcard DNS.
+-->
+<ruleset name="claymath.org">
+	<target host="claymath.org"/>
+	<target host="www.claymath.org"/>
+
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/clck.ru.xml b/src/chrome/content/rules/clck.ru.xml
new file mode 100644
index 000000000000..5637370f59ce
--- /dev/null
+++ b/src/chrome/content/rules/clck.ru.xml
@@ -0,0 +1,6 @@
+<ruleset name="clck.ru">
+	<target host="clck.ru" />
+	<target host="www.clck.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/clearos.com.xml b/src/chrome/content/rules/clearos.com.xml
new file mode 100644
index 000000000000..71f81669b6b2
--- /dev/null
+++ b/src/chrome/content/rules/clearos.com.xml
@@ -0,0 +1,11 @@
+<!--koji. self signed
+demo2. timed out
+demo1. timed out-->
+<ruleset name="clearos.com">
+	<target host="clearos.com" />
+	<target host="www.clearos.com" />
+	<target host="tracker.clearos.com" />
+	<target host="mirror.clearos.com" />
+	<target host="www2.clearos.com" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/clearspending.ru.xml b/src/chrome/content/rules/clearspending.ru.xml
new file mode 100644
index 000000000000..4253d160323d
--- /dev/null
+++ b/src/chrome/content/rules/clearspending.ru.xml
@@ -0,0 +1,12 @@
+<!--
+openapi.clearspending.ru ¹
+
+
+¹ mismatch
+-->
+<ruleset name="clearspending.ru">
+	<target host="clearspending.ru" />
+	<target host="www.clearspending.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/clevelandconnected.co.uk.xml b/src/chrome/content/rules/clevelandconnected.co.uk.xml
new file mode 100644
index 000000000000..2466bbf9e779
--- /dev/null
+++ b/src/chrome/content/rules/clevelandconnected.co.uk.xml
@@ -0,0 +1,14 @@
+<ruleset name="Cleveland Connected.co.uk">
+
+	<target host="clevelandconnected.co.uk" />
+	<target host="www.clevelandconnected.co.uk" />
+
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/clickdimensions.com-falsemixed.xml b/src/chrome/content/rules/clickdimensions.com-falsemixed.xml
new file mode 100644
index 000000000000..56888a59f9d4
--- /dev/null
+++ b/src/chrome/content/rules/clickdimensions.com-falsemixed.xml
@@ -0,0 +1,14 @@
+<!--
+	For rules not causing false/broken MCB, see ClickDimensions.xml.
+
+-->
+<ruleset name="ClickDimensions.com (false MCB)" platform="mixedcontent">
+
+	<target host="clickdimensions.com" />
+	<target host="www.clickdimensions.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/clicken.us.xml b/src/chrome/content/rules/clicken.us.xml
new file mode 100644
index 000000000000..26aa39598094
--- /dev/null
+++ b/src/chrome/content/rules/clicken.us.xml
@@ -0,0 +1,17 @@
+<ruleset name="clicken.us">
+
+	<target host="clicken.us" />
+	<target host="www.clicken.us" />
+
+		<!--	$ 403s, so:
+					-->
+		<test url="http://www.clicken.us/tag/ClientSet.html" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/clickhouse.yandex.xml b/src/chrome/content/rules/clickhouse.yandex.xml
new file mode 100644
index 000000000000..ed9d9f7008af
--- /dev/null
+++ b/src/chrome/content/rules/clickhouse.yandex.xml
@@ -0,0 +1,10 @@
+<!--
+www.clickhouse.yandex nonexist
+
+
+-->
+<ruleset name="clickhouse.yandex">
+	<target host="clickhouse.yandex" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/clicknupload.link.xml b/src/chrome/content/rules/clicknupload.link.xml
new file mode 100644
index 000000000000..55fd08c83cbd
--- /dev/null
+++ b/src/chrome/content/rules/clicknupload.link.xml
@@ -0,0 +1,21 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://clicknupload.link/ => https://clicknupload.link/: Too many redirects while fetching 'https://clicknupload.link/'
+Fetch error: http://www.clicknupload.link/ => https://www.clicknupload.link/: Too many redirects while fetching 'https://www.clicknupload.link/'
+
+-->
+<ruleset name="Clicknupload.link" default_off="failed ruleset test">
+
+	<target host="clicknupload.link" />
+	<target host="www.clicknupload.link" />
+
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/clippercard.com.xml b/src/chrome/content/rules/clippercard.com.xml
new file mode 100644
index 000000000000..cd7e51fb075b
--- /dev/null
+++ b/src/chrome/content/rules/clippercard.com.xml
@@ -0,0 +1,19 @@
+<ruleset name="ClipperCard.com">
+
+	<target host="clippercard.com" />
+	<target host="www.clippercard.com" />
+
+
+	<!--	Incapsula cookies:
+					-->
+	<!--securecookie host="^\.clippercard\.com$" name="^(?:incap_ses_\d+|visid_incap)_\d+$" /-->
+	<!--securecookie host="^www\.clippercard\.com$" name="^___utmv[abm]\w+" /-->
+
+	<securecookie host="^\." name="^(?:incap|visid_incap)_" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/clixgalore.com.xml b/src/chrome/content/rules/clixgalore.com.xml
new file mode 100644
index 000000000000..6209986a03d5
--- /dev/null
+++ b/src/chrome/content/rules/clixgalore.com.xml
@@ -0,0 +1,43 @@
+<!--
+	Nonfunctional hosts in *clixgalore.com:
+
+		- www.is1 ʳ
+
+	ʳ Refused
+
+
+	Insecure cookies are set for these hosts:
+
+		- clixgalore.com
+		- www.clixgalore.com
+
+
+	Mixed content:
+
+		- Images on (www.)? from www.clixgalore.com ˢ
+		- Bugs on (www.)? from t\d.extreme-dm.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="clixGalore.com (partial)">
+
+	<target host="clixgalore.com" />
+	<target host="www.clixgalore.com" />
+
+		<!--	Sets cookie without Secure:
+							-->
+		<!--test url="http://www.clixgalore.com/PSale.aspx?BID=&amp;AfID=&amp;AdID=&amp;LP=" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?clixGalore\.com$" name="^ClixGalorePercentSale\d+$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/clksite.com.xml b/src/chrome/content/rules/clksite.com.xml
new file mode 100644
index 000000000000..4a816289a37b
--- /dev/null
+++ b/src/chrome/content/rules/clksite.com.xml
@@ -0,0 +1,35 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- clksite.com
+		- www.clksite.com
+
+
+	Mixed content:
+
+		- css from fonts.googleapis.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="clksite.com">
+
+	<target host="clksite.com" />
+	<target host="www.clksite.com" />
+
+		<!--	Sets cookie without Secure:
+							-->
+		<!--test url="http://clksite.com/adServe/banners?tid=&amp;type=&amp;side=&amp;size=&amp;position=&amp;close=" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?clksite\.com$" name="^tc$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/clmbtech.com.xml b/src/chrome/content/rules/clmbtech.com.xml
new file mode 100644
index 000000000000..ca0f03666788
--- /dev/null
+++ b/src/chrome/content/rules/clmbtech.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="clmbtech.com">
+
+	<target host="ade.clmbtech.com" />
+	<target host="static.clmbtech.com" />
+
+	<test url="http://ade.clmbtech.com/uid/sync.htm?pid=13079" />
+	<test url="http://static.clmbtech.com/timeslocal/images/Dove/popup/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/clodo.ru.xml b/src/chrome/content/rules/clodo.ru.xml
new file mode 100644
index 000000000000..a3eefdb787c2
--- /dev/null
+++ b/src/chrome/content/rules/clodo.ru.xml
@@ -0,0 +1,151 @@
+<!--
+102262-10060.clodo.ru ⁴
+102262-10061.clodo.ru ⁴
+103822-10.clodo.ru ⁴
+103822-6.clodo.ru ⁴
+105342-1.clodo.ru ⁴
+108942-10002.clodo.ru ⁴
+111302-1.clodo.ru ⁴
+113222-10009.clodo.ru ⁴
+113662-2.clodo.ru ³
+116802-2.clodo.ru ⁴
+122582-10002.clodo.ru ³
+12371-20004.clodo.ru ²
+124502-1.clodo.ru ⁴
+124822-1.clodo.ru ²
+125322-10001.clodo.ru ⁴
+125842-20001.clodo.ru ⁴
+126862-2.clodo.ru ⁴
+130182-10005.clodo.ru ²
+13021-1.clodo.ru ⁴
+130441-7.clodo.ru ⁴
+130941-10014.clodo.ru ²
+13261-2.clodo.ru ⁴
+13451-10010.clodo.ru ²
+13451-18.clodo.ru ³
+134791-3.clodo.ru ²
+134891-10002.clodo.ru ²
+13611-4.clodo.ru ³
+136861-3.clodo.ru ³
+139041-10001.clodo.ru ⁴
+139131-8.clodo.ru ²
+139131-9.clodo.ru ²
+139291-7.clodo.ru ³
+139391-1.clodo.ru ⁴
+141511-1.clodo.ru ²
+141631-1.clodo.ru ⁴
+142251-1.clodo.ru ⁴
+146491-1.clodo.ru ⁴
+146911-10002.clodo.ru ²
+148451-10003.clodo.ru ¹
+148561-20001.clodo.ru ³
+149881-10006.clodo.ru ⁴
+149881-20018.clodo.ru ¹
+150091-10020.clodo.ru ²
+151891-1.clodo.ru ²
+155751-3.clodo.ru ²
+157701-10003.clodo.ru ²
+157701-10005.clodo.ru ²
+157701-10006.clodo.ru ²
+158231-7.clodo.ru ²
+159091-20002.clodo.ru ²
+159091-20003.clodo.ru ²
+163201-2.clodo.ru ²
+163211-3.clodo.ru ⁴
+163481-10006.clodo.ru ⁴
+163481-10007.clodo.ru ¹
+1635-20001.clodo.ru ⁴
+163651-2.clodo.ru ⁴
+164051-10002.clodo.ru network is unreachable
+16471-1.clodo.ru ⁴
+166361-11.clodo.ru ¹
+166361-15.clodo.ru ¹
+166361-3.clodo.ru ¹
+166361-4.clodo.ru ¹
+166931-1.clodo.ru ²
+168041-20003.clodo.ru ²
+16911-5.clodo.ru ³
+169461-2.clodo.ru ²
+17141-1.clodo.ru ⁴
+172191-10006.clodo.ru ¹
+173751-1.clodo.ru ²
+175921-2.clodo.ru ⁴
+177791-20283.clodo.ru ³
+177791-20284.clodo.ru ⁴
+177791-34.clodo.ru ³
+180311-10043.clodo.ru ²
+180311-10044.clodo.ru network is unreachable
+180311-10046.clodo.ru ⁴
+180311-25.clodo.ru ³
+184691-20006.clodo.ru ¹
+184691-20008.clodo.ru ²
+1888-3.clodo.ru ³
+62.76.188.2.clodo.ru ¹
+21-757.clodo.ru ³
+21-758.clodo.ru ³
+21-759.clodo.ru ³
+21-760.clodo.ru ³
+21-761.clodo.ru ³
+21-762.clodo.ru ³
+21-763.clodo.ru ³
+21-764.clodo.ru ³
+21-765.clodo.ru ³
+21-767.clodo.ru ³
+21-768.clodo.ru ³
+21-769.clodo.ru ³
+21-770.clodo.ru ³
+21-771.clodo.ru ³
+21-772.clodo.ru ³
+210066-6.clodo.ru ²
+211951-5.clodo.ru ²
+212153-1.clodo.ru ¹
+217734-1.clodo.ru ⁵
+218460-10003.clodo.ru ⁴
+218804-10001.clodo.ru ⁴
+218998-10001.clodo.ru ²
+219406-10002.clodo.ru ⁴
+219612-2.clodo.ru ²
+219968-1.clodo.ru ⁴
+220482-20001.clodo.ru ²
+220966-10001.clodo.ru ⁴
+221656-10002.clodo.ru ²
+222336-10002.clodo.ru ⁴
+222446-1.clodo.ru ²
+223200-10001.clodo.ru ⁴
+85.143.166.224.clodo.ru ¹
+5591-10763.clodo.ru ²
+62.76.41.58.clodo.ru ¹
+62.76.40.59.clodo.ru ¹
+6-585.clodo.ru ²
+69421-1.clodo.ru ⁴
+72151-2.clodo.ru ⁴
+adminstaffarea.clodo.ru different content
+api.clodo.ru non-2xx http code
+cs1.clodo.ru ⁵
+email.clodo.ru ¹
+forum.clodo.ru ⁴
+lib.clodo.ru non-2xx http code
+ns1.clodo.ru ²
+ns2.clodo.ru ²
+operatorstaff.clodo.ru different content
+rgsbank.clodo.ru ⁴
+monitoring01.simple.clodo.ru ²
+monitoring01.stack.clodo.ru ³
+status.clodo.ru ¹
+vnc.testbed.clodo.ru ³
+*.clodo.ru ⁷
+
+¹ mismatch
+² refused
+³ timed out
+⁴ self signed
+⁵ expired
+⁷ protocol error
+-->
+<ruleset name="clodo.ru">
+	<target host="clodo.ru" />
+	<target host="www.clodo.ru" />
+	<target host="panel.clodo.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/clojure.org.xml b/src/chrome/content/rules/clojure.org.xml
new file mode 100644
index 000000000000..a633214b335c
--- /dev/null
+++ b/src/chrome/content/rules/clojure.org.xml
@@ -0,0 +1,9 @@
+<ruleset name="clojure.org">
+	<target host="clojure.org" />
+	<target host="www.clojure.org" />
+	
+	<target host="download.clojure.org" />
+	<test url="http://download.clojure.org/papers/clojure-hopl-iv-final.pdf" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/clonezilla.org.xml b/src/chrome/content/rules/clonezilla.org.xml
new file mode 100644
index 000000000000..e40fc80adca0
--- /dev/null
+++ b/src/chrome/content/rules/clonezilla.org.xml
@@ -0,0 +1,15 @@
+<!--
+	Invalid certificate:
+		hm.clonezilla.org
+		osdn.clonezilla.org
+
+	Unreachable:
+		events.clonezilla.org
+-->
+<ruleset name="clonezilla.org">
+	<target host="clonezilla.org" />
+	<target host="www.clonezilla.org" />
+	<target host="mail.clonezilla.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/cloud66.com.xml b/src/chrome/content/rules/cloud66.com.xml
new file mode 100644
index 000000000000..2262a4bb208d
--- /dev/null
+++ b/src/chrome/content/rules/cloud66.com.xml
@@ -0,0 +1,23 @@
+<!--
+cloud66.com protocol error
+blog.cloud66.com mismatch
+community.cloud66.com expired
+realscale.cloud66.com mismatch
+status.cloud66.com mismatch
+uptime.cloud66.com timed out
+developers.cloud66.com timed out
+birdseye.cloud66.com mixed content font, image, expired
+help.cloud66.com mixed content image
+-->
+<ruleset name="cloud66.com">
+	<target host="cloud66.com" />
+	<target host="www.cloud66.com" />
+	<target host="app.cloud66.com" />
+	<target host="help.cloud66.com" />
+
+	<rule from="^http://cloud66\.com/"
+		to="https://www.cloud66.com/" />
+
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/cloudbees.com.xml b/src/chrome/content/rules/cloudbees.com.xml
new file mode 100644
index 000000000000..7263a5f0fae9
--- /dev/null
+++ b/src/chrome/content/rules/cloudbees.com.xml
@@ -0,0 +1,58 @@
+<!--
+	Invalid certificate:
+		info.cloudbees.com
+		join.cloudbees.com
+		resource.cloudbees.com
+
+	Timeout:
+		eclipse.cloudbees.com
+		o1.sendgrid.cloudbees.com
+-->
+<ruleset name="cloudbees.com">
+
+	<target host="cloudbees.com" />
+	<target host="www.cloudbees.com" />
+	<target host="appengine.cloudbees.com" />
+	<target host="blog.cloudbees.com" />
+	<target host="buildhive.cloudbees.com" />
+	<target host="employees.cbu.cloudbees.com" />
+	<target host="partners.cbu.cloudbees.com" />
+	<target host="premium.cbu.cloudbees.com" />
+	<target host="standard.cbu.cloudbees.com" />
+	<target host="certificates.cloudbees.com" />
+	<target host="*.ci.cloudbees.com" />
+		<test url="http://forge.ci.cloudbees.com/" />
+		<test url="http://javamelody.ci.cloudbees.com/" />
+		<test url="http://jenkins.ci.cloudbees.com/" />
+	<target host="cloudfoundry.cloudbees.com" />
+	<target host="console.cloudbees.com" />
+	<target host="dev-provider.cloudbees.com" />
+	<target host="developer-blog.cloudbees.com" />
+	<target host="devoptics-api.cloudbees.com" />
+	<target host="documentation.cloudbees.com" />
+	<target host="downloads.cloudbees.com" />
+	<target host="*.forge.cloudbees.com" />
+		<test url="http://repository-jonga.forge.cloudbees.com/" />
+		<test url="http://repository-okapi.forge.cloudbees.com/" />
+		<test url="http://repository-play-war.forge.cloudbees.com/" />
+	<target host="go.cloudbees.com" />
+	<target host="grandcentral.cloudbees.com" />
+	<target host="jenkins-updates.cloudbees.com" />
+	<target host="licenses.cloudbees.com" />
+	<target host="nectar-downloads.cloudbees.com" />
+	<target host="okr.cloudbees.com" />
+	<target host="pages.cloudbees.com" />
+	<target host="pages-storage.cloudbees.com" />
+	<target host="partners.cloudbees.com" />
+	<target host="release-notes.cloudbees.com" />
+	<target host="services-platform.cloudbees.com" />
+	<target host="services-ui.cloudbees.com" />
+	<target host="status.cloudbees.com" />
+	<target host="support.cloudbees.com" />
+	<target host="uploads.cloudbees.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/cloudcma.com.xml b/src/chrome/content/rules/cloudcma.com.xml
new file mode 100644
index 000000000000..bb9ad72cbdf5
--- /dev/null
+++ b/src/chrome/content/rules/cloudcma.com.xml
@@ -0,0 +1,29 @@
+<!--
+	Wildcard DNS but without wildcard certificate.
+
+	Invalid certificate:
+		www.agent.cloudcma.com
+		www.partner.cloudcma.com
+		www.powerpack.cloudcma.com
+		www.retech.cloudcma.com
+		www.tomferry.cloudcma.com
+		webinar.cloudcma.com
+		www.webinar.cloudcma.com
+		www.ztc.cloudcma.com
+-->
+<ruleset name="cloudcma.com">
+	<target host="cloudcma.com" />
+	<target host="www.cloudcma.com" />
+	<target host="agent.cloudcma.com" />
+	<target host="blog.cloudcma.com" />
+	<target host="partner.cloudcma.com" />
+	<target host="powerpack.cloudcma.com" />
+	<target host="reports3.cloudcma.com" />
+	<target host="retech.cloudcma.com" />
+	<target host="staging.cloudcma.com" />
+	<target host="support.cloudcma.com" />
+	<target host="tomferry.cloudcma.com" />
+	<target host="ztc.cloudcma.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/cloudconvert.com.xml b/src/chrome/content/rules/cloudconvert.com.xml
new file mode 100644
index 000000000000..af2a6f702f1c
--- /dev/null
+++ b/src/chrome/content/rules/cloudconvert.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="cloudconvert.com">
+	<target host="cloudconvert.com" />
+	<target host="www.cloudconvert.com" />
+	<target host="api.cloudconvert.com" />
+	<target host="status.cloudconvert.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/cloudconvert.org.xml b/src/chrome/content/rules/cloudconvert.org.xml
new file mode 100644
index 000000000000..b12f2d79e1ab
--- /dev/null
+++ b/src/chrome/content/rules/cloudconvert.org.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these domains and hosts:
+
+		- cloudconvert.org
+		- .cloudconvert.org
+		- www.cloudconvert.org
+
+-->
+<ruleset name="Cloud Convert.org">
+
+	<target host="cloudconvert.org" />
+	<target host="www.cloudconvert.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?cloudconvert\.org$" name="^(?:\d+\.){4}-443-cookie$" /-->
+	<!--securecookie host="^\.cloudconvert\.org$" name="^CloudConvertSession$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/cloudimg.io.xml b/src/chrome/content/rules/cloudimg.io.xml
new file mode 100644
index 000000000000..99fbb69f0ad4
--- /dev/null
+++ b/src/chrome/content/rules/cloudimg.io.xml
@@ -0,0 +1,18 @@
+<!--
+	For other cloudimage coverage, see Cloudimage.io.xml.
+
+-->
+<ruleset name="cloudimg.io">
+
+	<target host="ek8whxe.cloudimg.io" />
+
+		<test url="http://ek8whxe.cloudimg.io/s/width/34/https://www.gitbook.com/assets/images/logo/128.png?v=15.0.3" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/cloudonaut.io.xml b/src/chrome/content/rules/cloudonaut.io.xml
new file mode 100644
index 000000000000..dd65fa9459e0
--- /dev/null
+++ b/src/chrome/content/rules/cloudonaut.io.xml
@@ -0,0 +1,13 @@
+<!--
+	Invalid Certificate:
+		templates.cloudonaut.io
+-->
+<ruleset name="cloudonaut.io">
+	<target host="cloudonaut.io" />
+	<target host="www.cloudonaut.io" />
+	<target host="iam.cloudonaut.io" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/cloudpassage.com.xml b/src/chrome/content/rules/cloudpassage.com.xml
new file mode 100644
index 000000000000..3a35aeead774
--- /dev/null
+++ b/src/chrome/content/rules/cloudpassage.com.xml
@@ -0,0 +1,17 @@
+<ruleset name="CloudPassage.com">
+
+	<target host="cloudpassage.com" />
+	<target host="blog.cloudpassage.com" />
+	<target host="portal.cloudpassage.com" />
+	<target host="support.cloudpassage.com" />
+	<target host="www.cloudpassage.com" />
+
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/cloudshark.org.xml b/src/chrome/content/rules/cloudshark.org.xml
new file mode 100644
index 000000000000..d6102216402f
--- /dev/null
+++ b/src/chrome/content/rules/cloudshark.org.xml
@@ -0,0 +1,15 @@
+<ruleset name="CloudShark.org">
+
+	<target host="cloudshark.org" />
+	<target host="enterprise.cloudshark.org" />
+	<target host="support.cloudshark.org" />
+	<target host="www.cloudshark.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/clubtime.fm.xml b/src/chrome/content/rules/clubtime.fm.xml
new file mode 100644
index 000000000000..7365567db339
--- /dev/null
+++ b/src/chrome/content/rules/clubtime.fm.xml
@@ -0,0 +1,14 @@
+<!--
+	Invalid certificate:
+		listen.clubtime.fm
+
+-->
+<ruleset name="ClubTime.FM">
+
+	<target host="clubtime.fm" />
+	<target host="www.clubtime.fm" />
+	<target host="admin.clubtime.fm" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/clustrmaps.com.xml b/src/chrome/content/rules/clustrmaps.com.xml
new file mode 100644
index 000000000000..909277e1f01c
--- /dev/null
+++ b/src/chrome/content/rules/clustrmaps.com.xml
@@ -0,0 +1,38 @@
+<!--
+	Nonfunctional hosts in *clustrmaps.com:
+
+		- blog ʳ
+
+	ʳ Refused
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- clustrmaps.com
+		- www.clustrmaps.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="ClustrMaps.com">
+
+	<target host="clustrmaps.com" />
+	<target host="cdn.clustrmaps.com" />
+	<target host="www.clustrmaps.com" />
+
+		<!--	$ redirects to www.clustrmaps.com, so:
+								-->
+		<test url="http://cdn.clustrmaps.com/assets/clustrmaps/img/logo4-small.png" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?clustrmaps\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/cmake.org.xml b/src/chrome/content/rules/cmake.org.xml
new file mode 100644
index 000000000000..b4ed7eed603f
--- /dev/null
+++ b/src/chrome/content/rules/cmake.org.xml
@@ -0,0 +1,13 @@
+<ruleset name="CMake.org">
+
+	<target host="cmake.org" />
+	<target host="www.cmake.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/cmpxchg8b.com.xml b/src/chrome/content/rules/cmpxchg8b.com.xml
new file mode 100644
index 000000000000..33ffff90e2f9
--- /dev/null
+++ b/src/chrome/content/rules/cmpxchg8b.com.xml
@@ -0,0 +1,11 @@
+<!--
+	Mismatched:
+		- cmpxchg8b.com
+		- www.cmpxchg8b.com
+-->
+<ruleset name="cmpxchg8b.com (partial)">
+	<target host="blog.cmpxchg8b.com" />
+	<target host="lock.cmpxchg8b.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/cms.gov.xml b/src/chrome/content/rules/cms.gov.xml
new file mode 100644
index 000000000000..f2701fba98db
--- /dev/null
+++ b/src/chrome/content/rules/cms.gov.xml
@@ -0,0 +1,149 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://cms.gov/ (200) => https://cms.gov/ (403)
+Fetch error: http://ci.cms.gov/ => https://ci.cms.gov/: (6, 'Could not resolve host: ci.cms.gov')
+Non-2xx HTTP code: http://dnav.cms.gov/ (200) => https://dnav.cms.gov/ (403)
+Non-2xx HTTP code: http://innovation.cms.gov/ (200) => https://innovation.cms.gov/ (403)
+
+	Centers for Medicare & Medicaid Services
+
+
+
+	Problematic hosts in *cms.gov:
+
+		- (www.)? ᵀ
+		- ahrc ᵀ
+		- ahrcvo ᵀ
+		- assets ᵀ
+		- ci ᵀ
+		- crowd ᵀ
+		- developer ᵀ
+		- dnav ᵀ
+		- download ᴬ
+		- downloads ᵀ
+		- ehrincentives ᶜ
+		- eidm ᵀ
+		- eud ᶜ
+		- github ᵀ
+		- hcia ᵐ
+		- hfpp ᵀ
+		- hipchat ᵀ
+		- (www.)?innovation ᵀ
+		- jira ᵀ
+		- maps ᶜ
+		- marketplace ᵀ
+		- openpaymentsdata ᵀ
+		- partnershipforpatients ᵀ
+		- portal ᵀ
+		- portalval ᵀ
+		- questions ᶜ
+		- scclia ᵀ
+		- zone ᶜ
+
+	ᴬ Akamai / mismatched
+	ᵀ Blocks Tor users
+	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
+	ᵐ Mismatched
+
+
+	These altnames do not exist:
+
+		- cicd.cms.gov
+		- qpp.cms.gov
+		- qualitypaymentprogram.cms.gov
+		- wcms.cms.gov
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- .cms.gov
+		- confluence.cms.gov
+		- data.cms.gov
+		- eap.cms.gov
+		- ehrincentives.cms.gov
+		- eud.cms.gov
+		- localcoverage.cms.gov
+		- portal.cms.gov
+		- portalval.cms.gov
+		- questions.cms.gov
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="CMS.gov (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="cms.gov" />
+	<target host="ahrc.cms.gov" />
+	<target host="ahrcvo.cms.gov" />
+	<target host="assets.cms.gov" />
+	<target host="blog.cms.gov" />
+	<target host="calt.cms.gov" />
+	<target host="cciio.cms.gov" />
+	<target host="www.cciio.cms.gov" />
+	<target host="ci.cms.gov" />
+	<target host="confluence.cms.gov" />
+	<target host="crowd.cms.gov" />
+	<target host="data.cms.gov" />
+	<target host="developer.cms.gov" />
+	<target host="dnav.cms.gov" />
+	<target host="downloads.cms.gov" />
+	<target host="eap.cms.gov" />
+	<!--target host="ehrincentives.cms.gov" /-->
+	<target host="eidm.cms.gov" />
+	<target host="emeasuretool.cms.gov" />
+	<target host="www.emeasuretool.cms.gov" />
+	<!--target host="eua.cms.gov" /-->
+	<target host="github.cms.gov" />
+	<target host="www.hcia.cms.gov" />
+	<target host="hfpp.cms.gov" />
+	<target host="hics.cms.gov" />
+	<target host="hipchat.cms.gov" />
+	<target host="innovation.cms.gov" />
+	<target host="www.innovation.cms.gov" />
+	<target host="innovations.cms.gov" />
+	<target host="www.innovations.cms.gov" />
+	<target host="jira.cms.gov" />
+	<target host="localcoverage.cms.gov" />
+	<!--target host="maps.cms.gov" /-->
+	<target host="marketplace.cms.gov" />
+	<target host="meetings.cms.gov" />
+	<target host="openpaymentsdata.cms.gov" />
+	<target host="partnershipforpatients.cms.gov" />
+	<target host="portal.cms.gov" />
+	<target host="portalval.cms.gov" />
+	<!--target host="questions.cms.gov" /-->
+	<target host="scclia.cms.gov" />
+	<target host="www.cms.gov" />
+	<!--target host="zone.cms.gov" /-->
+
+	<!--	Complications:
+				-->
+	<target host="hcia.cms.gov" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.cms\.gov$" name="^ak_bmsc$" /-->
+	<!--securecookie host="^confluence\.cms\.gov$" name="^JSESSIONID$" /-->
+	<!--securecookie host="^data\.cms\.gov$" name="^logged_in$" /-->
+	<!--securecookie host="^eap\.cms\.gov$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^ehrincentives\.cms\.gov$" name="^BIGipServer" /-->
+	<!--securecookie host="^eua\.cms\.gov$" name="^(?:BIGipServer|JSESSIONID$)" /-->
+	<!--securecookie host="^localcoverage\.cms\.gov$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^portal(?:val)?\.cms\.gov$" name="^akavpau_default$" /-->
+	<!--securecookie host="^questions\.cms\.gov$" name="^THE_GOVT$" /-->
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://hcia\.cms\.gov/"
+		to="https://www.hcia.cms.gov/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/cnblogs.com.xml b/src/chrome/content/rules/cnblogs.com.xml
new file mode 100644
index 000000000000..59be90ed8a05
--- /dev/null
+++ b/src/chrome/content/rules/cnblogs.com.xml
@@ -0,0 +1,59 @@
+<!--
+	Expired:
+		aliyun.cnblogs.com
+
+	MCB：
+		space.cnblogs.com	(redirect to https by server and break the login + logout button. )
+
+	Invalid cert:
+		api.ad.cnblogs.com	( equal to ad-api.cnblogs.com )
+		api.kb.cnblogs.com
+		sorry.cnblogs.com
+-->
+<ruleset name="cnblogs.com (partial)">
+	<!--Directly:-->
+	<target host="cnblogs.com" />
+	<target host="www.cnblogs.com" />
+		<test url="http://www.cnblogs.com/zhaoqingqing/p/5959831.html" />
+	<target host="ad.cnblogs.com" />
+	<target host="ad-api.cnblogs.com" />
+		<test url="http://ad-api.cnblogs.com/adunits/image/C1/creative" />
+	<target host="app.cnblogs.com" />
+	<target host="cdn.cnblogs.com" />
+	<target host="common.cnblogs.com" />
+	<target host="counter.cnblogs.com" />
+	<target host="dotnet.cnblogs.com" />
+	<target host="dotnot.cnblogs.com" />
+	<target host="fils.cnblogs.com" />
+	<target host="files.cnblogs.com" />
+		<test url="http://files.cnblogs.com/files/zhaoqingqing/o_o_toTop.gif" />
+	<target host="group.cnblogs.com" />
+	<target host="home.cnblogs.com" />
+	<target host="images.cnblogs.com" />
+	<target host="images0.cnblogs.com" />
+	<target host="images2015.cnblogs.com" />
+	<target host="img.cnblogs.com" />
+	<target host="ing.cnblogs.com" />
+	<target host="job.cnblogs.com" />
+	<target host="kb.cnblogs.com" />
+	<target host="kb-api.cnblogs.com" />
+	<target host="m.cnblogs.com" />
+	<target host="mention.cnblogs.com" />
+	<target host="news.cnblogs.com" />
+	<target host="passport.cnblogs.com" />
+	<target host="pdfpatcher.cnblogs.com" />
+	<target host="pic.cnblogs.com" />
+	<target host="pic002.cnblogs.com" />
+	<target host="q.cnblogs.com" />
+	<target host="space.cnblogs.com" />
+	<target host="static.cnblogs.com" />
+	<target host="yuntian.cnblogs.com" />
+	<target host="zzk.cnblogs.com" />
+
+	<!--Complications:-->
+	<target host="api.ad.cnblogs.com" />
+		<rule from="^http://api\.ad\.cnblogs\.com/" to="https://ad-api.cnblogs.com/" />
+		<test url="http://api.ad.cnblogs.com/adunits/image/C1/creative" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/cncf.io.xml b/src/chrome/content/rules/cncf.io.xml
new file mode 100644
index 000000000000..85c5855ef46d
--- /dev/null
+++ b/src/chrome/content/rules/cncf.io.xml
@@ -0,0 +1,46 @@
+<!--
+	Invalid certificate:
+		cncf.devstats.cncf.io
+-->
+<ruleset name="cncf.io">
+
+	<target host="cncf.io" />
+	<target host="www.cncf.io" />
+	<target host="contribute.cncf.io" />
+	<target host="devstats.cncf.io" />
+	<target host="all.devstats.cncf.io" />
+	<target host="cni.devstats.cncf.io" />
+	<target host="containerd.devstats.cncf.io" />
+	<target host="coredns.devstats.cncf.io" />
+	<target host="envoy.devstats.cncf.io" />
+	<target host="fluentd.devstats.cncf.io" />
+	<target host="grpc.devstats.cncf.io" />
+	<target host="jaeger.devstats.cncf.io" />
+	<target host="k8s.devstats.cncf.io" />
+	<target host="linkerd.devstats.cncf.io" />
+	<target host="nats.devstats.cncf.io" />
+	<target host="notary.devstats.cncf.io" />
+	<target host="opa.devstats.cncf.io" />
+	<target host="opentracing.devstats.cncf.io" />
+	<target host="prometheus.devstats.cncf.io" />
+	<target host="rkt.devstats.cncf.io" />
+	<target host="rook.devstats.cncf.io" />
+	<target host="tuf.devstats.cncf.io" />
+	<target host="vitess.devstats.cncf.io" />
+	<target host="discuss.cncf.io" />
+	<target host="envoyslack.cncf.io" />
+	<target host="l.cncf.io" />
+	<target host="landscape.cncf.io" />
+	<target host="lists.cncf.io" />
+	<target host="meetups.cncf.io" />
+	<target host="membership.cncf.io" />
+	<target host="s.cncf.io" />
+	<target host="serverless.cncf.io" />
+	<target host="servicedesk.cncf.io" />
+	<target host="slack.cncf.io" />
+	<target host="store.cncf.io" />
+	<target host="training.cncf.io" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/cnv.com.xml b/src/chrome/content/rules/cnv.com.xml
new file mode 100644
index 000000000000..8e314f35ba38
--- /dev/null
+++ b/src/chrome/content/rules/cnv.com.xml
@@ -0,0 +1,48 @@
+<!--
+	Other CNV.com rulesets:
+
+		- sextoyclub.com.xml
+
+
+	CDN buckets:
+
+		- cnvassets.s3.amazonaws.com
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- cnv.com
+		- .cnv.com
+		- checkout.cnv.com
+		- .checkout.cnv.com
+		- www.cnv.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css on (www.)? from fonts.googleapis.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="CNV.com">
+
+	<target host="cnv.com" />
+	<target host="checkout.cnv.com" />
+	<target host="www.cnv.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:checkout\.|www\.)?cnv\.com$" name="^z$" /-->
+	<!--securecookie host="^\.(?:checkout\.)?cnv\.com$" name="^cart_id$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/co.cumberland.nc.us.xml b/src/chrome/content/rules/co.cumberland.nc.us.xml
new file mode 100644
index 000000000000..9830cfcacbd4
--- /dev/null
+++ b/src/chrome/content/rules/co.cumberland.nc.us.xml
@@ -0,0 +1,18 @@
+<!--
+	Mismatched:
+		- co.cumberland.nc.us
+-->
+<ruleset name="co.cumberland.nc.us">
+	<target host="co.cumberland.nc.us" />
+	<target host="www.co.cumberland.nc.us" />
+	<target host="animal.co.cumberland.nc.us" />
+	<target host="ccasa.co.cumberland.nc.us" />
+	<target host="dssasa.co.cumberland.nc.us" />
+	<target host="opendata.co.cumberland.nc.us" />
+	<target host="pub.co.cumberland.nc.us" />
+	<target host="taxpwa.co.cumberland.nc.us" />
+	<target host="webserver.co.cumberland.nc.us" />
+
+	<rule from="^http://co\.cumberland\.nc\.us/" to="https://www.co.cumberland.nc.us/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/coca-cola.ru.xml b/src/chrome/content/rules/coca-cola.ru.xml
new file mode 100644
index 000000000000..70fd5a029ae4
--- /dev/null
+++ b/src/chrome/content/rules/coca-cola.ru.xml
@@ -0,0 +1,26 @@
+<!--
+	^coca-cola.ru: Mismatched, self-signed
+
+-->
+<ruleset name="Coca-Cola.ru">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.coca-cola.ru" />
+
+	<!--	Complications:
+				-->
+	<target host="coca-cola.ru" />
+
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://coca-cola\.ru/"
+		to="https://www.coca-cola.ru/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/codacy.com.xml b/src/chrome/content/rules/codacy.com.xml
new file mode 100644
index 000000000000..e312be4eee55
--- /dev/null
+++ b/src/chrome/content/rules/codacy.com.xml
@@ -0,0 +1,31 @@
+<!--
+bamboo.codacy.com ³
+beta.codacy.com/: (35, 'error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure')
+www.blog.codacy.com/: (35, 'error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure')
+builds.codacy.com ⁵
+challenge.codacy.com/: (35, 'error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure')
+ci.codacy.com ⁴
+dev.codacy.com/: (35, 'error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure')
+docs.codacy.com ¹
+feedback.codacy.com/: (35, 'error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure')
+opensource.codacy.com ¹
+tc.codacy.com ³
+try.codacy.com ¹
+
+
+¹ mismatch
+³ timed out
+⁴ self signed
+⁵ expired
+-->
+<ruleset name="codacy.com">
+	<target host="codacy.com" />
+	<target host="www.codacy.com" />
+	<target host="api.codacy.com" />
+	<target host="blog.codacy.com" />
+	<target host="integration.codacy.com" />
+	<target host="status.codacy.com" />
+	<target host="support.codacy.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/codeanywhere.com.xml b/src/chrome/content/rules/codeanywhere.com.xml
new file mode 100644
index 000000000000..2f1ee31d23d2
--- /dev/null
+++ b/src/chrome/content/rules/codeanywhere.com.xml
@@ -0,0 +1,18 @@
+<!--
+docs.codeanywhere.com ¹
+status.codeanywhere.com ¹
+shift.codeanywhere.com ¹
+*.box.codeanywhere.com ³
+
+
+¹ mismatch
+³ timed out
+-->
+<ruleset name="codeanywhere.com">
+	<target host="codeanywhere.com" />
+	<target host="www.codeanywhere.com" />
+	<target host="blog.codeanywhere.com" />
+	<target host="support.codeanywhere.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/codeigniter.com-falsemixed.xml b/src/chrome/content/rules/codeigniter.com-falsemixed.xml
new file mode 100644
index 000000000000..224d01de91c4
--- /dev/null
+++ b/src/chrome/content/rules/codeigniter.com-falsemixed.xml
@@ -0,0 +1,18 @@
+<!--
+	For rules not causing false/broken MCB, see codeigniter.com.xml.
+
+-->
+<ruleset name="CodeIgniter.com (false MCB)">
+
+	<target host="forum.codeigniter.com" />
+
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\.forum\." name=".+" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/codeigniter.com.xml b/src/chrome/content/rules/codeigniter.com.xml
new file mode 100644
index 000000000000..528a55ac4356
--- /dev/null
+++ b/src/chrome/content/rules/codeigniter.com.xml
@@ -0,0 +1,36 @@
+<!--
+	For rules causing false/broken MCB, see codeigniter.com-falsemixed.xml.
+
+
+	Problematic hosts in *codeigniter.com:
+
+		- forum ˣ
+
+	ˣ Mixed css
+
+
+	Insecure cookies are set for these domains:
+
+		- .forum.codeigniter.com
+
+-->
+<ruleset name="CodeIgniter.com (partial)">
+
+	<target host="codeigniter.com" />
+	<!--target host="forum.codeigniter.com" /-->
+	<target host="www.codeigniter.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.forum\.codeigniter\.com$" name="^(?:mybb\[last(?:active|visit)\]|sid)$" /-->
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<!--securecookie host="^\.forum\." name="." /-->
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/codepoet.com.xml b/src/chrome/content/rules/codepoet.com.xml
new file mode 100644
index 000000000000..2d939cf94107
--- /dev/null
+++ b/src/chrome/content/rules/codepoet.com.xml
@@ -0,0 +1,29 @@
+<!--
+	Nonfunctional hosts in *codepoet.com:
+
+		- directory ʰ
+
+	ʰ Redirects to http
+
+
+	Mixed content:
+
+		- Images on build from wordpress.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Code Poet.com (partial)">
+
+	<target host="codepoet.com" />
+	<target host="build.codepoet.com" />
+	<target host="www.codepoet.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/codetree.com.xml b/src/chrome/content/rules/codetree.com.xml
new file mode 100644
index 000000000000..c04c88172d20
--- /dev/null
+++ b/src/chrome/content/rules/codetree.com.xml
@@ -0,0 +1,21 @@
+<!--
+www.codetree.com ³
+blog.codetree.com ¹
+docs.codetree.com ¹
+status.codetree.com ¹
+
+
+¹ mismatch
+³ timed out
+-->
+<ruleset name="codetree.com">
+	<target host="codetree.com" />
+	<target host="cdn.codetree.com" />
+
+	<target host="www.codetree.com" />
+
+	<rule from="^http://www\.codetree\.com/"
+		to="https://codetree.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/codyhouse.co.xml b/src/chrome/content/rules/codyhouse.co.xml
new file mode 100644
index 000000000000..85cd52d44db6
--- /dev/null
+++ b/src/chrome/content/rules/codyhouse.co.xml
@@ -0,0 +1,30 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- codyhouse.co
+		- www.codyhouse.co
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="codyhouse.co">
+
+	<target host="codyhouse.co" />
+	<target host="www.codyhouse.co" />
+
+		<!--	Sets cookie without Secure:
+							-->
+		<!--test url="http://codyhouse.co/?p=9847" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?codyhouse\.co$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/cogentco.com.xml b/src/chrome/content/rules/cogentco.com.xml
new file mode 100644
index 000000000000..e7048aee60dc
--- /dev/null
+++ b/src/chrome/content/rules/cogentco.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="cogentco.com">
+	<target host="www.cogentco.com" />
+	<target host="cogentco.com" />
+	<target host="ecogent.cogentco.com" />
+	<target host="status.cogentco.com" />
+	<target host="mirror.cogentco.com" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/cogneurosociety.org.xml b/src/chrome/content/rules/cogneurosociety.org.xml
new file mode 100644
index 000000000000..7e0cc56a683e
--- /dev/null
+++ b/src/chrome/content/rules/cogneurosociety.org.xml
@@ -0,0 +1,33 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- www.cogneurosociety.org
+
+
+	Mixed content:
+
+		- Images, from:
+
+			- $self ˢ
+			- www.psych.nyu.edu
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="CogNeuroSociety.org">
+
+	<target host="cogneurosociety.org" />
+	<target host="www.cogneurosociety.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.cogneurosociety\.org$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/coin.space.xml b/src/chrome/content/rules/coin.space.xml
new file mode 100644
index 000000000000..02ecb5771bbd
--- /dev/null
+++ b/src/chrome/content/rules/coin.space.xml
@@ -0,0 +1,15 @@
+<!--
+	coin.space uses a subdomain for every cryptocurrency
+	so it is required the wildcard rule.
+	Subdomains can be added and removed at any time
+	for example in case of emergency fork of cryptocurrency.
+-->
+<ruleset name="coin.space">
+	<target host="coin.space" />
+	<target host="*.coin.space" />
+	<test url="http://www.coin.space/" />
+	<test url="http://xrp.coin.space/api/v1/" />
+	<test url="http://xlm.coin.space/api/v1/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/coinmarketcap.com.xml b/src/chrome/content/rules/coinmarketcap.com.xml
new file mode 100644
index 000000000000..58279ad02367
--- /dev/null
+++ b/src/chrome/content/rules/coinmarketcap.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="coinmarketcap.com">
+	<target host="coinmarketcap.com"/>
+	<target host="www.coinmarketcap.com"/>
+
+	<rule from="^http:"
+		to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/coinpaymtstgtibr.onion.xml b/src/chrome/content/rules/coinpaymtstgtibr.onion.xml
new file mode 100644
index 000000000000..8423c4d9d355
--- /dev/null
+++ b/src/chrome/content/rules/coinpaymtstgtibr.onion.xml
@@ -0,0 +1,16 @@
+<!--
+	Related clearnet ruleset: CoinPayments.net.xml
+
+	Invalid certificate:
+		www.coinpaymtstgtibr.onion
+
+-->
+<ruleset name="CoinPayments (onion)">
+
+	<target host="coinpaymtstgtibr.onion" />
+	<target host="www.coinpaymtstgtibr.onion" />
+
+	<rule from="^http://(www\.)?coinpaymtstgtibr\.onion/"
+		to="https://coinpaymtstgtibr.onion/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/cointelgraph.com.xml b/src/chrome/content/rules/cointelgraph.com.xml
new file mode 100644
index 000000000000..08f90af3933e
--- /dev/null
+++ b/src/chrome/content/rules/cointelgraph.com.xml
@@ -0,0 +1,36 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cointelgraph.com/ => https://cointelgraph.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://jp.cointelgraph.com/ => https://jp.cointelgraph.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.cointelgraph.com/ => https://www.cointelgraph.com/: (28, 'Connection timed out after 20007 milliseconds')
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- cointelgraph.com
+		- jp.cointelgraph.com
+		- www.cointelgraph.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="cointelgraph.com" default_off="failed ruleset test">
+
+	<target host="cointelgraph.com" />
+	<target host="jp.cointelgraph.com" />
+	<target host="www.cointelgraph.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?cointelgraph\.com$" name="^(?:__stat_flag|PHPSESSID|laravel_session)$" /-->
+	<!--securecookie host="^jp\.cointelgraph\.com$" name="^(?:PHPSESSID|laravel_session)$" /-->
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/college.police.uk.xml b/src/chrome/content/rules/college.police.uk.xml
new file mode 100644
index 000000000000..2a662aee6481
--- /dev/null
+++ b/src/chrome/content/rules/college.police.uk.xml
@@ -0,0 +1,41 @@
+<!--
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *college.police.uk:
+
+		- (www.)? ᵈ
+		- library ᵈ
+		- recruit ᵈ
+		- whatworks ᵈ
+
+
+	Problematic hosts in *college.police.uk:
+
+		- app ᵐ
+
+	ᵐ Mismatched
+
+-->
+<ruleset name="College.Police.uk (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.app.college.police.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="app.college.police.uk" />
+
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://app\.college\.police\.uk/"
+		to="https://www.app.college.police.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/collegeinfogeek.com.xml b/src/chrome/content/rules/collegeinfogeek.com.xml
new file mode 100644
index 000000000000..0e22e4b71759
--- /dev/null
+++ b/src/chrome/content/rules/collegeinfogeek.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="College Info Geek.com">
+
+	<target host="collegeinfogeek.com" />
+	<target host="www.collegeinfogeek.com" />
+	<target host="cdn.collegeinfogeek.com" />
+	<target host="courses.collegeinfogeek.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/colsonservices.com.xml b/src/chrome/content/rules/colsonservices.com.xml
new file mode 100644
index 000000000000..e62af81615ec
--- /dev/null
+++ b/src/chrome/content/rules/colsonservices.com.xml
@@ -0,0 +1,16 @@
+<!--
+	^colsonservices.com does not exist.
+
+-->
+<ruleset name="Colson Services.com">
+
+	<target host="www.colsonservices.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/colta.ru.xml b/src/chrome/content/rules/colta.ru.xml
new file mode 100644
index 000000000000..89e5a08f8bd8
--- /dev/null
+++ b/src/chrome/content/rules/colta.ru.xml
@@ -0,0 +1,18 @@
+<!--
+archives.colta.ru ¹
+club.colta.ru ⁵
+dev.club.colta.ru ³
+os.colta.ru ¹
+
+
+¹ mismatch
+³ timed out
+⁵ expired
+-->
+<ruleset name="colta.ru">
+	<target host="colta.ru" />
+	<target host="www.colta.ru" />
+	<target host="m.colta.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/com.com.xml b/src/chrome/content/rules/com.com.xml
new file mode 100644
index 000000000000..ea4e751ad12c
--- /dev/null
+++ b/src/chrome/content/rules/com.com.xml
@@ -0,0 +1,22 @@
+<!--
+	Note: *.com.com has a wildcard DNS record
+
+	Non-functional hosts
+		Couldn't connect to server:
+		- i.i.com.com
+		- origin.i.com.com
+		- image.com.com
+
+		Peer certificate cannot be authenticated with given CA certificates:
+		- assets.com.com
+-->
+<ruleset name="com.com">
+	<target host="com.com" />
+	<target host="www.com.com" />
+	<target host="adlog.com.com" />
+	<target host="ads.com.com" />
+	<target host="dw.com.com" />
+	<target host="img.com.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/comedy.co.uk.xml b/src/chrome/content/rules/comedy.co.uk.xml
new file mode 100644
index 000000000000..a675f6437803
--- /dev/null
+++ b/src/chrome/content/rules/comedy.co.uk.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.comedy.co.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Comedy.co.uk">
+
+	<target host="comedy.co.uk" />
+	<target host="www.comedy.co.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.comedy\.co\.uk$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/comicvine.com.xml b/src/chrome/content/rules/comicvine.com.xml
new file mode 100644
index 000000000000..73ef97252477
--- /dev/null
+++ b/src/chrome/content/rules/comicvine.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="comicvine.com">
+	<target host="comicvine.com" />
+	<target host="www.comicvine.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/committedgiving.uk.net.xml b/src/chrome/content/rules/committedgiving.uk.net.xml
new file mode 100644
index 000000000000..85ebd0741707
--- /dev/null
+++ b/src/chrome/content/rules/committedgiving.uk.net.xml
@@ -0,0 +1,40 @@
+<!--
+	^committedgiving.uk.net: Mismatched
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.committedgiving.uk.net
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="CommittedGiving.uk.net">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.committedgiving.uk.net" />
+
+		<!--	$ redirects to another domain, so:
+								-->
+		<test url="http://www.committedgiving.uk.net/mentalhealthfoundation/?amount=50" />
+
+	<!--	Complications:
+				-->
+	<target host="committedgiving.uk.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.committedgiving\.uk\.net$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://committedgiving\.uk\.net/"
+		to="https://www.committedgiving.uk.net/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/commonsensemedia.org.xml b/src/chrome/content/rules/commonsensemedia.org.xml
new file mode 100644
index 000000000000..d9affd6f2666
--- /dev/null
+++ b/src/chrome/content/rules/commonsensemedia.org.xml
@@ -0,0 +1,15 @@
+<ruleset name="Common Sense Media.org">
+
+	<target host="commonsensemedia.org" />
+	<target host="www.commonsensemedia.org" />
+
+
+	<securecookie host=".+" name="^optimizely" />
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/communities.gov.uk.xml b/src/chrome/content/rules/communities.gov.uk.xml
new file mode 100644
index 000000000000..0d46070ba3f6
--- /dev/null
+++ b/src/chrome/content/rules/communities.gov.uk.xml
@@ -0,0 +1,56 @@
+<!--
+	For other UK government coverage, see GOV.UK.xml.
+
+	Non-functional hosts
+		Couldn't connect to server:
+		- communityrights.communities.gov.uk
+		- mta1.mail.communities.gov.uk
+		- mta2.mail.communities.gov.uk
+
+		SSL connect error:
+		- Interform.communities.gov.uk
+		- interform.communities.gov.uk
+
+		SSL peer certificate was not OK:
+		- www.communities.gov.uk
+		- barrierbusting.communities.gov.uk
+		- content.communities.gov.uk
+		- www.local.communities.gov.uk
+		- markprisk.communities.gov.uk
+		- planningguidance.communities.gov.uk
+		- users.communities.gov.uk
+
+		Peer certificate cannot be authenticated with given CA certificates:
+		- righttobuy.communities.gov.uk
+		- www.righttobuy.communities.gov.uk
+
+		Incomplete certificate chain error:
+		- acceptance.erdf.communities.gov.uk
+		- testing.erdf.communities.gov.uk
+		- training.erdf.communities.gov.uk
+
+		Status code mismatch:
+		- mcis.erdf.communities.gov.uk
+		- reporting.erdf.communities.gov.uk
+		- maps.communities.gov.uk
+			Example URL: http://maps.communities.gov.uk/geoserver/dclg_inspire/ows?service=WFS&version=2.0.0&request=GetFeature&typeName=dclg_inspire:Local_Authority_Greenbelt_boundaries_2017-18&outputFormat=shape-zip&srsName=EPSG:4326
+
+		4xx client error:
+		- logasnet.communities.gov.uk
+
+		Mixed content blocking (MCB) triggered:
+		- enterprisezones.communities.gov.uk
+		- enterprisezonesdev.communities.gov.uk
+		- forms.communities.gov.uk
+-->
+<ruleset name="Communities.gov.uk">
+	<target host="core.communities.gov.uk" />
+	<target host="dclgapps.communities.gov.uk" />
+	<target host="delta.communities.gov.uk" />
+	<target host="eclaims.communities.gov.uk" />
+	<target host="intranet.communities.gov.uk" />
+	<target host="reporting.communities.gov.uk" />
+	<target host="tfam.communities.gov.uk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/community-ix.de.xml b/src/chrome/content/rules/community-ix.de.xml
new file mode 100644
index 000000000000..64fd010eb009
--- /dev/null
+++ b/src/chrome/content/rules/community-ix.de.xml
@@ -0,0 +1,15 @@
+<ruleset name="Community-IX.de">
+
+	<target host="community-ix.de" />
+	<target host="www.community-ix.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<!-- Invalid certificate on https://community-ix.de/,
+	http://community-ix.de/ redirects to http://www.community-ix.de/ -->
+	<rule from="^http://community-ix\.de/"
+		to="https://www.community-ix.de/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/communitycares.com.xml b/src/chrome/content/rules/communitycares.com.xml
new file mode 100644
index 000000000000..cfe844fa4c7c
--- /dev/null
+++ b/src/chrome/content/rules/communitycares.com.xml
@@ -0,0 +1,38 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- communitycares.com
+		- memberportal.communitycares.com
+		- provider.communitycares.com
+		- providerportal.communitycares.com
+		- providersearch.communitycares.com
+		- www.communitycares.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Community Cares.com">
+
+	<target host="communitycares.com" />
+	<target host="memberportal.communitycares.com" />
+	<target host="plans.communitycares.com" />
+	<target host="provider.communitycares.com" />
+	<target host="providerportal.communitycares.com" />
+	<target host="providersearch.communitycares.com" />
+	<target host="www.communitycares.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^communitycares\.com$" name="^dnn_IsMobile$" /-->
+	<!--securecookie host="^(?:memberportal|providerportal|providersearch)\.communitycares\.com$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^(?:provider|www)\.communitycares\.com$" name="^(?:\.ASPXANONYMOUS|__RequestVerificationToken|ASP\.NET_SessionId|language)$" /-->
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/communitycrimemap.xml b/src/chrome/content/rules/communitycrimemap.xml
new file mode 100644
index 000000000000..f54c0cfe5a3d
--- /dev/null
+++ b/src/chrome/content/rules/communitycrimemap.xml
@@ -0,0 +1,7 @@
+<ruleset name="communitycrimemap.com">
+	<target host="communitycrimemap.com"/>
+	<target host="www.communitycrimemap.com"/>
+
+	<rule from="^http:"
+		to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/companic.nl.xml b/src/chrome/content/rules/companic.nl.xml
new file mode 100644
index 000000000000..2a787d8db7b3
--- /dev/null
+++ b/src/chrome/content/rules/companic.nl.xml
@@ -0,0 +1,26 @@
+<!--
+	NB: Server sends no certificate chain, see https://whatsmychaincert.com
+
+
+	Insecure cookies are set for these domains:
+
+		- .companic.nl
+
+-->
+<ruleset name="Companic.nl" default_off="cert-chain">
+
+	<target host="companic.nl" />
+	<target host="www.companic.nl" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.companic\.nl$" name="^osCsid$" /-->
+
+	<securecookie host="^\." name="^osCsid$" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/companieshouse.gi.xml b/src/chrome/content/rules/companieshouse.gi.xml
new file mode 100644
index 000000000000..ddb0edcf092f
--- /dev/null
+++ b/src/chrome/content/rules/companieshouse.gi.xml
@@ -0,0 +1,21 @@
+<!--
+	NB: server sends no certificate chain, see https://whatsmychaincert.com
+
+
+	These altnames do not exist:
+
+		- companieshouse.gi
+
+-->
+<ruleset name="Companies House.gi" default_off="cert-chain">
+
+	<target host="www.companieshouse.gi" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/companieshouse.gov.uk-falsemixed.xml b/src/chrome/content/rules/companieshouse.gov.uk-falsemixed.xml
new file mode 100644
index 000000000000..b9dfb1cfa14c
--- /dev/null
+++ b/src/chrome/content/rules/companieshouse.gov.uk-falsemixed.xml
@@ -0,0 +1,16 @@
+<!--
+	For rules not causing MCB, see CompaniesHouse.xml.
+
+-->
+<ruleset name="Companies House.gov.uk (MCB)" platform="mixedcontent">
+
+	<target host="xmlgw.companieshouse.gov.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/complat.ru.xml b/src/chrome/content/rules/complat.ru.xml
new file mode 100644
index 000000000000..6b8bf470cedd
--- /dev/null
+++ b/src/chrome/content/rules/complat.ru.xml
@@ -0,0 +1,13 @@
+<!--
+complat.ru mismatch
+www.complat.ru mismatch
+turist.complat.ru mismatch
+forum.complat.ru mismatch
+ukarbat.complat.ru mismatch
+ooobt.complat.ru mismatch
+-->
+<ruleset name="complat.ru (partial)">
+	<target host="stat.complat.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/complinet.com.xml b/src/chrome/content/rules/complinet.com.xml
new file mode 100644
index 000000000000..939a840b5110
--- /dev/null
+++ b/src/chrome/content/rules/complinet.com.xml
@@ -0,0 +1,20 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://complinet.com/ => https://complinet.com/: (51, "SSL: no alternative certificate subject name matches target host name 'complinet.com'")
+Fetch error: http://www.complinet.com/ => https://www.complinet.com/: Too many redirects while fetching 'https://www.complinet.com/'
+
+-->
+<ruleset name="complinet.com" default_off="failed ruleset test">
+
+	<target host="complinet.com" />
+	<target host="www.complinet.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/computerbild.de.xml b/src/chrome/content/rules/computerbild.de.xml
new file mode 100644
index 000000000000..81b78426d415
--- /dev/null
+++ b/src/chrome/content/rules/computerbild.de.xml
@@ -0,0 +1,39 @@
+<!--
+	Refused:
+		- forum
+		- levelr
+
+	Invalid certificate:
+		- gameduell
+		- intenium
+-->
+<ruleset name="ComputerBild.de (partial)">
+
+	<target host="computerbild.de"/>
+	<target host="www.computerbild.de"/>
+	<target host="d.computerbild.de" />
+	<target host="dsl-speedtest.computerbild.de" />
+	<target host="i.computerbild.de"/>
+	<target host="img.computerbild.de"/>
+	<target host="newsletter.computerbild.de" />
+	<target host="r2.computerbild.de" />
+	<target host="shop.computerbild.de"/>
+	<target host="speedtest.computerbild.de" />
+	<target host="video.computerbild.de" />
+
+	<target host="computer-bild.de"/>
+	<target host="www.computer-bild.de"/>
+	<target host="i.computer-bild.de"/>
+
+	<rule from="^http://computer-bild\.de/"
+		to="https://computerbild.de/"/>
+
+	<rule from="^http://www\.computer-bild\.de/"
+		to="https://www.computerbild.de/"/>
+
+	<rule from="^http://i\.computer-bild\.de/"
+		to="https://i.computerbild.de/"/>
+
+	<rule from="^http:"	to="https:"/>
+
+</ruleset>
diff --git a/src/chrome/content/rules/computextaipei.com.tw.xml b/src/chrome/content/rules/computextaipei.com.tw.xml
new file mode 100644
index 000000000000..4bd5fd9bd861
--- /dev/null
+++ b/src/chrome/content/rules/computextaipei.com.tw.xml
@@ -0,0 +1,33 @@
+<!--
+	^computextaipei.com.tw: Mismatched
+
+
+	Mixed content:
+
+		- Images on www from www.our-work.com.tw ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Computex Taipei.com.tw">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.computextaipei.com.tw" />
+
+	<!--	Complications:
+				-->
+	<target host="computextaipei.com.tw" />
+
+
+	<securecookie host="^\." name="_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://computextaipei\.com\.tw/"
+		to="https://www.computextaipei.com.tw/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/comquas.com.xml b/src/chrome/content/rules/comquas.com.xml
new file mode 100644
index 000000000000..d22182c66df6
--- /dev/null
+++ b/src/chrome/content/rules/comquas.com.xml
@@ -0,0 +1,23 @@
+<!--
+	Mixed content:
+
+		- css on (www.)? from fonts.googleapis.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="comquas.com">
+
+	<target host="comquas.com" />
+	<target host="mmwebfonts.comquas.com" />
+	<target host="www.comquas.com" />
+
+
+	<securecookie host="^\." name="^__cfduid$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/conan.io.xml b/src/chrome/content/rules/conan.io.xml
new file mode 100644
index 000000000000..17655016ec73
--- /dev/null
+++ b/src/chrome/content/rules/conan.io.xml
@@ -0,0 +1,11 @@
+<ruleset name="conan.io">
+	<target host="conan.io" />
+	<target host="*.conan.io" />
+
+	<rule from="^http:" to="https:" />
+
+	<test url="http://www.conan.io/" />
+	<test url="http://conan.io/center/" />
+	<test url="http://blog.conan.io/" />
+	<test url="http://docs.conan.io/en/latest/" />
+</ruleset>
diff --git a/src/chrome/content/rules/concordeurope.org.xml b/src/chrome/content/rules/concordeurope.org.xml
new file mode 100644
index 000000000000..28126159d4e8
--- /dev/null
+++ b/src/chrome/content/rules/concordeurope.org.xml
@@ -0,0 +1,13 @@
+<ruleset name="concordeurope.org">
+
+	<target host="concordeurope.org" />
+	<target host="www.concordeurope.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/conferencemanager.dk-resources.xml b/src/chrome/content/rules/conferencemanager.dk-resources.xml
new file mode 100644
index 000000000000..acf10312de45
--- /dev/null
+++ b/src/chrome/content/rules/conferencemanager.dk-resources.xml
@@ -0,0 +1,27 @@
+<!--
+	For rules covering more than resources, see conferencemanager.dk.xml.
+
+	Note: platform is so as not to increase non-Tor
+	distinguishability, given that no pages are covered
+	and no mixed content secured.
+
+-->
+<ruleset name="Conference Manager.dk (resources)" platform="mixedcontent">
+
+	<target host="files.conferencemanager.dk" />
+	<target host="templates.conferencemanager.dk" />
+
+		<test url="http://files.conferencemanager.dk/medialibrary/B693E535-DE78-4D8A-8F17-C435C0047AC6/images/Jan_Eriksen.pdf" />
+		<test url="http://files.conferencemanager.dk/medialibrary/b693e535-de78-4d8a-8f17-c435c0047ac6/images/Kvinde450x170.jpg" />
+		<test url="http://templates.conferencemanager.dk/5DDA65DF-1AAC-42B2-B7BA-517913D4A9AF/bg.png" />
+		<test url="http://templates.conferencemanager.dk/main/css/styles-cmv9.0.6.css" />
+		<test url="http://templates.conferencemanager.dk/main/images/agenda-arrows.png" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/conferencemanager.dk.xml b/src/chrome/content/rules/conferencemanager.dk.xml
new file mode 100644
index 000000000000..fec5a996f2de
--- /dev/null
+++ b/src/chrome/content/rules/conferencemanager.dk.xml
@@ -0,0 +1,53 @@
+<!--
+	For rules covering resources which do not secure
+	mixed content, see conferencemanager.dk-resources.xml.
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- conferencemanager.dk
+		- templates.conferencemanager.dk
+		- www.conferencemanager.dk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Conference Manager.dk (partial)">
+
+	<target host="conferencemanager.dk" />
+	<target host="files.conferencemanager.dk" />
+	<!--target host="templates.conferencemanager.dk" /-->
+	<target host="www.conferencemanager.dk" />
+
+		<!--	Reduce non-Tor dinstinguishability:
+								-->
+		<exclusion pattern="^http://files\.conferencemanager\.dk/(?!.+\.pdf(?:$|\?))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://files.conferencemanager.dk/default.aspx" />
+			<test url="http://files.conferencemanager.dk/index.htm" />
+			<test url="http://files.conferencemanager.dk/index.html" />
+			<test url="http://files.conferencemanager.dk/index.php" />
+
+		<test url="http://files.conferencemanager.dk/medialibrary/B693E535-DE78-4D8A-8F17-C435C0047AC6/images/Jan_Eriksen.pdf" />
+		<!--
+		<test url="http://files.conferencemanager.dk/medialibrary/b693e535-de78-4d8a-8f17-c435c0047ac6/images/Kvinde450x170.jpg" />
+		<test url="http://templates.conferencemanager.dk/5DDA65DF-1AAC-42B2-B7BA-517913D4A9AF/bg.png" />
+		<test url="http://templates.conferencemanager.dk/main/css/styles-cmv9.0.6.css" />
+		<test url="http://templates.conferencemanager.dk/main/images/agenda-arrows.png" />
+		-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:templates\.)?conferencemanager\.dk$" name="^perseverantia$" /-->
+	<!--securecookie host="^www\.conferencemanager\.dk$" name="^(?:ACCEPTCOOKIES|perseverantia)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/connect.de.xml b/src/chrome/content/rules/connect.de.xml
new file mode 100644
index 000000000000..563bf72fe84f
--- /dev/null
+++ b/src/chrome/content/rules/connect.de.xml
@@ -0,0 +1,40 @@
+<!--
+	Invalid certificate:
+		digitalexperte.connect.de
+		img[1-4].connect.de
+		www.img4.connect.de
+		mobilexperte.connect.de
+		mobilfunkexperte.connect.de
+		www.speedtest.connect.de
+
+	Refused:
+		telfish.connect.de
+
+	Timeout:
+		next.connect.de
+		whitepaperdb.connect.de
+-->
+<ruleset name="connect.de">
+
+	<target host="connect.de" />
+	<target host="www.connect.de" />
+	<target host="abo.connect.de" />
+	<target host="aktionen.connect.de" />
+	<target host="fotoquiz.connect.de" />
+	<target host="jobboerse.connect.de" />
+	<target host="marketing.connect.de" />
+	<target host="newsletter.connect.de" />
+	<target host="playground.connect.de" />
+	<target host="speedtest.connect.de" />
+	<target host="server1.speedtest.connect.de" />
+	<target host="server2.speedtest.connect.de" />
+	<target host="spezial.connect.de" />
+	<target host="spiele.connect.de" />
+	<target host="tarifrechner.connect.de" />
+	<target host="web.connect.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/connect6.com.xml b/src/chrome/content/rules/connect6.com.xml
new file mode 100644
index 000000000000..bca847dce36b
--- /dev/null
+++ b/src/chrome/content/rules/connect6.com.xml
@@ -0,0 +1,30 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- www.connect6.com
+
+
+	Mixed content:
+
+		- iframe from video.vimeo.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Connect6.com">
+
+	<target host="connect6.com" />
+	<target host="www.connect6.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.connect6\.com$" name="^(?:ASP\.NET_SessionId|c6mkting|c6trk)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/connectedu.net.xml b/src/chrome/content/rules/connectedu.net.xml
new file mode 100644
index 000000000000..27be54371963
--- /dev/null
+++ b/src/chrome/content/rules/connectedu.net.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- support.connectedu.net
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="ConnectEDU.net">
+
+	<target host="connectedu.net" />
+	<target host="support.connectedu.net" />
+	<target host="www.connectedu.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^support\.connectedu\.net$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/connectid.no.xml b/src/chrome/content/rules/connectid.no.xml
new file mode 100644
index 000000000000..c91d96de9152
--- /dev/null
+++ b/src/chrome/content/rules/connectid.no.xml
@@ -0,0 +1,16 @@
+<!--
+	For other Mediaconnect coverage, see mediaconnect.no.xml.
+
+-->
+<ruleset name="connectid.no">
+
+	<target host="connectid.no" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/connectingcredentials.org.xml b/src/chrome/content/rules/connectingcredentials.org.xml
new file mode 100644
index 000000000000..3b3044be35fd
--- /dev/null
+++ b/src/chrome/content/rules/connectingcredentials.org.xml
@@ -0,0 +1,7 @@
+<ruleset name="connectingcredentials.org">
+	<target host="connectingcredentials.org" />
+	<target host="www.connectingcredentials.org" />
+	<target host="mail.connectingcredentials.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/connecttosupport.org.xml b/src/chrome/content/rules/connecttosupport.org.xml
new file mode 100644
index 000000000000..52d32dedb496
--- /dev/null
+++ b/src/chrome/content/rules/connecttosupport.org.xml
@@ -0,0 +1,23 @@
+<!--
+	Nonfunctional hosts in *connecttosupport.org:
+
+		- commissioning ʰ
+
+	ʰ Redirects to http
+
+-->
+<ruleset name="Connect to Support.org (partial)">
+
+	<target host="connecttosupport.org" />
+	<target host="eastriding.connecttosupport.org" />
+	<target host="kirklees.connecttosupport.org" />
+	<target host="www.connecttosupport.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/constitute.xml b/src/chrome/content/rules/constitute.xml
new file mode 100644
index 000000000000..7add31d17699
--- /dev/null
+++ b/src/chrome/content/rules/constitute.xml
@@ -0,0 +1,12 @@
+<ruleset name="Constitute Project">
+	<target host="constituteproject.org" />
+	<target host="www.constituteproject.org" />
+
+	<!-- Looks like https://constituteproject.org/ doesn't work -->
+	<rule from="^http://constituteproject\.org/"
+		to="https://www.constituteproject.org/" />
+
+	<rule from="^http:" to="https:" />
+
+	<securecookie host="^\.constituteproject\.org$" name=".+" />
+</ruleset>
diff --git a/src/chrome/content/rules/consultant.ru.xml b/src/chrome/content/rules/consultant.ru.xml
new file mode 100644
index 000000000000..00496b84cb8c
--- /dev/null
+++ b/src/chrome/content/rules/consultant.ru.xml
@@ -0,0 +1,22 @@
+<!--
+base.consultant.ru/: (52, 'Empty reply from server')
+azbuka.consultant.ru/: (52, 'Empty reply from server')
+mvd.consultant.ru/: (52, 'Empty reply from server')
+gov.consultant.ru/: (52, 'Empty reply from server')
+government.consultant.ru/: (52, 'Empty reply from server')
+giod.consultant.ru/: (52, 'Empty reply from server')
+duma.consultant.ru/: (52, 'Empty reply from server')
+customs.consultant.ru/: (52, 'Empty reply from server')
+civil.consultant.ru/: (52, 'Empty reply from server')
+minjust.consultant.ru/: (52, 'Empty reply from server')
+sovetnik.consultant.ru timed out
+forum.consultant.ru/: (52, 'Empty reply from server')
+merit.consultant.ru/: (52, 'Empty reply from server')
+-->
+<ruleset name="consultant.ru">
+	<target host="consultant.ru" />
+	<target host="www.consultant.ru" />
+	<target host="ric.consultant.ru" />
+	<target host="static.consultant.ru" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/content-security-policy.com.xml b/src/chrome/content/rules/content-security-policy.com.xml
new file mode 100644
index 000000000000..32ce0258fe25
--- /dev/null
+++ b/src/chrome/content/rules/content-security-policy.com.xml
@@ -0,0 +1,14 @@
+<!--
+	Not found:
+		reports.content-security-policy.com
+-->
+<ruleset name="Content Security Policy">
+
+	<target host="content-security-policy.com" />
+	<target host="www.content-security-policy.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/contentreserve.com.xml b/src/chrome/content/rules/contentreserve.com.xml
new file mode 100644
index 000000000000..63a3fac1d916
--- /dev/null
+++ b/src/chrome/content/rules/contentreserve.com.xml
@@ -0,0 +1,28 @@
+<!--
+	For other OverDrive coverage, see OverDrive.com.xml.
+
+
+	Insecure cookies are set for these hosts:
+
+		- contentreserve.com
+		- www.contentreserve.com
+
+-->
+<ruleset name="Content Reserve.com">
+
+	<target host="contentreserve.com" />
+	<target host="images.contentreserve.com" />
+	<target host="www.contentreserve.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?contentreserve\.com$" name="^ConstI(?:nitServerName|sDevServer|sLiveServer|sStagingServer|sTestServer)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/continuousdelivery.com.xml b/src/chrome/content/rules/continuousdelivery.com.xml
new file mode 100644
index 000000000000..013abdfd2363
--- /dev/null
+++ b/src/chrome/content/rules/continuousdelivery.com.xml
@@ -0,0 +1,12 @@
+<!--
+guide.continuousdelivery.com nonexist
+
+
+-->
+<ruleset name="continuousdelivery.com">
+	<target host="continuousdelivery.com" />
+	<target host="www.continuousdelivery.com" />
+	<target host="lapm.continuousdelivery.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/continuousphp.com.xml b/src/chrome/content/rules/continuousphp.com.xml
new file mode 100644
index 000000000000..84e403427fc6
--- /dev/null
+++ b/src/chrome/content/rules/continuousphp.com.xml
@@ -0,0 +1,14 @@
+<!--
+www.continuousphp.com timed out
+statuspage.continuousphp.com mismatch
+-->
+<ruleset name="continuousphp.com">
+	<target host="continuousphp.com" />
+	<target host="www.continuousphp.com" />
+	<target host="api.continuousphp.com" />
+
+	<rule from="^http://www\.continuousphp\.com/"
+		to="https://continuousphp.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/continuum.io.xml b/src/chrome/content/rules/continuum.io.xml
new file mode 100644
index 000000000000..a0329ee48328
--- /dev/null
+++ b/src/chrome/content/rules/continuum.io.xml
@@ -0,0 +1,17 @@
+<!--
+know.continuum.io non-2xx http code
+shop.continuum.io ⁴
+
+
+⁴ self signed
+-->
+<ruleset name="continuum.io">
+	<target host="continuum.io" />
+	<target host="www.continuum.io" />
+	<target host="docs.continuum.io" />
+	<target host="go.continuum.io" />
+	<target host="support.continuum.io" />
+	<target host="repo.continuum.io" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/contrasterra.ru.xml b/src/chrome/content/rules/contrasterra.ru.xml
new file mode 100644
index 000000000000..fee215f6ee50
--- /dev/null
+++ b/src/chrome/content/rules/contrasterra.ru.xml
@@ -0,0 +1,5 @@
+<ruleset name="contrasterra.ru">
+	<target host="contrasterra.ru" />
+	<target host="www.contrasterra.ru" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/contrastsecurity.com.xml b/src/chrome/content/rules/contrastsecurity.com.xml
new file mode 100644
index 000000000000..b5ae4de0c688
--- /dev/null
+++ b/src/chrome/content/rules/contrastsecurity.com.xml
@@ -0,0 +1,25 @@
+<!--
+	^contrastsecurity.com: Refused
+
+-->
+<ruleset name="Contrast Security.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.contrastsecurity.com" />
+
+	<!--	Complications:
+				-->
+	<target host="contrastsecurity.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://contrastsecurity\.com/"
+		to="https://www.contrastsecurity.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/convertexperiments.com.xml b/src/chrome/content/rules/convertexperiments.com.xml
new file mode 100644
index 000000000000..99a367ebee1d
--- /dev/null
+++ b/src/chrome/content/rules/convertexperiments.com.xml
@@ -0,0 +1,27 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.convertexperiments.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Convert Experiments.com">
+
+	<target host="convertexperiments.com" />
+	<target host="app.convertexperiments.com" />
+	<target host="cdn-3.convertexperiments.com" />
+	<target host="www.convertexperiments.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.convertexperiments\.com$" name="^bb2_screener$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/cool18.com.xml b/src/chrome/content/rules/cool18.com.xml
new file mode 100644
index 000000000000..d3e0fc3e35a8
--- /dev/null
+++ b/src/chrome/content/rules/cool18.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="cool18.com">
+	<target host="cool18.com" />
+	<target host="www.cool18.com" />
+	<target host="wap.cool18.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/cooley.com.xml b/src/chrome/content/rules/cooley.com.xml
new file mode 100644
index 000000000000..ae141c5eb4c3
--- /dev/null
+++ b/src/chrome/content/rules/cooley.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="Cooley.com">
+
+	<target host="cooley.com" />
+	<target host="www.cooley.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/cooltrainer.org.xml b/src/chrome/content/rules/cooltrainer.org.xml
new file mode 100644
index 000000000000..d781af42aed0
--- /dev/null
+++ b/src/chrome/content/rules/cooltrainer.org.xml
@@ -0,0 +1,15 @@
+<ruleset name="Cooltrainer.org">
+
+	<target host="cooltrainer.org" />
+	<target host="phabcontent.cooltrainer.org" />
+	<target host="phabricator.cooltrainer.org" />
+	<target host="www.cooltrainer.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/coophotellkupp.com.xml b/src/chrome/content/rules/coophotellkupp.com.xml
new file mode 100644
index 000000000000..04121f3947b4
--- /dev/null
+++ b/src/chrome/content/rules/coophotellkupp.com.xml
@@ -0,0 +1,19 @@
+<!--
+	For other Coop Norge coverage, see Coop.no.xml.
+
+
+	^coophotellkupp.com: dropped over http & https
+
+-->
+<ruleset name="Coop Hotellkupp.com">
+
+	<target host="www.coophotellkupp.com" />
+
+
+	<securecookie host="^\." name="^_ga" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/copay.io.xml b/src/chrome/content/rules/copay.io.xml
new file mode 100644
index 000000000000..082e1a50fb99
--- /dev/null
+++ b/src/chrome/content/rules/copay.io.xml
@@ -0,0 +1,6 @@
+<ruleset name="copay.io">
+	<target host="copay.io" />
+	<target host="www.copay.io" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/copeland.gov.uk.xml b/src/chrome/content/rules/copeland.gov.uk.xml
new file mode 100644
index 000000000000..e603da006dbe
--- /dev/null
+++ b/src/chrome/content/rules/copeland.gov.uk.xml
@@ -0,0 +1,27 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://eforms.copeland.gov.uk/ => https://eforms.copeland.gov.uk/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://erb.copeland.gov.uk/ => https://erb.copeland.gov.uk/: (60, 'SSL certificate problem: certificate has expired')
+
+	Copeland Borough Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	(www.)?copeland.gov.uk: Refused
+
+-->
+<ruleset name="Copeland.gov.uk (partial)" default_off="failed ruleset test">
+
+	<target host="eforms.copeland.gov.uk" />
+	<target host="erb.copeland.gov.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/copilotgps.com.xml b/src/chrome/content/rules/copilotgps.com.xml
new file mode 100644
index 000000000000..6aa8d732a2cd
--- /dev/null
+++ b/src/chrome/content/rules/copilotgps.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="copilotgps.com">
+
+	<target host="copilotgps.com" />
+	<target host="www.copilotgps.com" />
+	<target host="blog.copilotgps.com" />
+	<target host="apphelp.copilotgps.com" />
+	<target host="my.copilotgps.com" />
+	<target host="support.copilotgps.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/copy.me.xml b/src/chrome/content/rules/copy.me.xml
new file mode 100644
index 000000000000..1beca7b6b198
--- /dev/null
+++ b/src/chrome/content/rules/copy.me.xml
@@ -0,0 +1,19 @@
+<!--
+	For other eToro coverage, see EToro.xml.
+
+
+	^copy.me: Mismatched
+	www.copy.me: Differs from http
+
+-->
+<ruleset name="copy.me (partial)">
+
+	<target host="copy.me" />
+
+
+	<!--	Redirect keeps all:
+					-->
+	<rule from="^http://copy\.me/"
+		to="https://www.etoro.com/people/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/copyninja.info.xml b/src/chrome/content/rules/copyninja.info.xml
new file mode 100644
index 000000000000..b14303eea924
--- /dev/null
+++ b/src/chrome/content/rules/copyninja.info.xml
@@ -0,0 +1,29 @@
+<!--
+	STS header includes includeSubdomains
+	for ^, www
+
+-->
+<ruleset name="copyninja.info">
+
+	<target host="copyninja.info" />
+	<target host="*.copyninja.info" />
+
+		<!--	includeSubdomains applies to one level only, so:
+									-->
+		<exclusion pattern="^http://(?:[^./]+\.){2,}copyninja\.info/" />
+
+			<!--	+ve:
+					-->
+			<test url="http://this.host.copyninja.info/" />
+			<test url="http://exists.not.copyninja.info/" />
+
+		<test url="http://www.copyninja.info/" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/coralproject.net.xml b/src/chrome/content/rules/coralproject.net.xml
new file mode 100644
index 000000000000..d739c880c446
--- /dev/null
+++ b/src/chrome/content/rules/coralproject.net.xml
@@ -0,0 +1,7 @@
+<ruleset name="Coralproject">
+	<target host="coralproject.net" />
+	<target host="www.coralproject.net" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/core.ac.uk.xml b/src/chrome/content/rules/core.ac.uk.xml
new file mode 100644
index 000000000000..da392b3094c4
--- /dev/null
+++ b/src/chrome/content/rules/core.ac.uk.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- blog.core.ac.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Core.ac.uk">
+
+	<target host="core.ac.uk" />
+	<target host="blog.core.ac.uk" />
+	<target host="www.core.ac.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^blog\.core\.ac\.uk$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/coretime.fm.xml b/src/chrome/content/rules/coretime.fm.xml
new file mode 100644
index 000000000000..791f1dd0fdef
--- /dev/null
+++ b/src/chrome/content/rules/coretime.fm.xml
@@ -0,0 +1,14 @@
+<!--
+	Invalid certificate:
+		listen.coretime.fm
+
+-->
+<ruleset name="CoreTime.FM">
+
+	<target host="coretime.fm" />
+	<target host="www.coretime.fm" />
+	<target host="admin.coretime.fm" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/coronavirus.gov.hk.xml b/src/chrome/content/rules/coronavirus.gov.hk.xml
new file mode 100644
index 000000000000..5386391c1ab2
--- /dev/null
+++ b/src/chrome/content/rules/coronavirus.gov.hk.xml
@@ -0,0 +1,13 @@
+<!--
+	Non-functional hosts:
+		Certificate mismatched:
+		- www0.coronavirus.gov.hk
+-->
+<ruleset name="coronavirus.gov.hk">
+	<target host="coronavirus.gov.hk" />
+	<target host="www.coronavirus.gov.hk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/corporatetravelmoney.com.xml b/src/chrome/content/rules/corporatetravelmoney.com.xml
new file mode 100644
index 000000000000..2c1b65d713b9
--- /dev/null
+++ b/src/chrome/content/rules/corporatetravelmoney.com.xml
@@ -0,0 +1,25 @@
+<!--
+	^corporatetravelmoney.com: Mismatched
+
+-->
+<ruleset name="Corporate Travel Money.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.corporatetravelmoney.com" />
+
+	<!--	Complications:
+				-->
+	<target host="corporatetravelmoney.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://corporatetravelmoney\.com/"
+		to="https://www.corporatetravelmoney.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/corrupcia.net.xml b/src/chrome/content/rules/corrupcia.net.xml
new file mode 100644
index 000000000000..1c1d5df77ab5
--- /dev/null
+++ b/src/chrome/content/rules/corrupcia.net.xml
@@ -0,0 +1,12 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://corrupcia.net/ => https://corrupcia.net/: (28, 'Operation timed out after 30007 milliseconds with 0 bytes received')
+Fetch error: http://www.corrupcia.net/ => https://www.corrupcia.net/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+
+-->
+<ruleset name="corrupcia.net" default_off="failed ruleset test">
+	<target host="corrupcia.net" />
+	<target host="www.corrupcia.net" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/cosmonova.net.xml b/src/chrome/content/rules/cosmonova.net.xml
new file mode 100644
index 000000000000..63f5fa731bb1
--- /dev/null
+++ b/src/chrome/content/rules/cosmonova.net.xml
@@ -0,0 +1,18 @@
+<!--
+www.cosmonova.net ¹
+1cloud.cosmonova.net ⁷
+mobapp.cosmonova.net ⁷
+
+
+¹ mismatch
+⁷ protocol error
+-->
+<ruleset name="cosmonova.net">
+	<target host="cosmonova.net" />
+	<target host="www.cosmonova.net" />
+
+	<rule from="^http://www\.cosmonova\.net/"
+		to="https://cosmonova.net/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/cossa.ru.xml b/src/chrome/content/rules/cossa.ru.xml
new file mode 100644
index 000000000000..7faf4b00274d
--- /dev/null
+++ b/src/chrome/content/rules/cossa.ru.xml
@@ -0,0 +1,15 @@
+<!--
+42.cossa.ru ¹
+special.cossa.ru ¹
+www2.cossa.ru ¹
+
+
+¹ mismatch
+-->
+<ruleset name="cossa.ru" platform="mixedcontent">
+	<target host="cossa.ru" />
+	<target host="www.cossa.ru" />
+	<target host="amp.cossa.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/cotswold.gov.uk.xml b/src/chrome/content/rules/cotswold.gov.uk.xml
new file mode 100644
index 000000000000..831a7940a3a3
--- /dev/null
+++ b/src/chrome/content/rules/cotswold.gov.uk.xml
@@ -0,0 +1,21 @@
+<!--
+	For other UK government coverage, see GOV.UK.xml.
+
+	Timeout:
+	- cmis.cotswold.gov.uk
+	- www.cmis.cotswold.gov.uk
+	- my.cotswold.gov.uk
+
+	SSL connect error:
+	- forms.cotswold.gov.uk
+	- publicaccess.cotswold.gov.uk
+
+	Certificate mismatched:
+	- cotswold.gov.uk
+	- consult.cotswold.gov.uk
+-->
+<ruleset name="cotswold.gov.uk (partial)">
+	<target host="www.cotswold.gov.uk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/couchsurfing.com.xml b/src/chrome/content/rules/couchsurfing.com.xml
new file mode 100644
index 000000000000..f65fa3f7087f
--- /dev/null
+++ b/src/chrome/content/rules/couchsurfing.com.xml
@@ -0,0 +1,58 @@
+<!--
+	Nonfunctional hosts in *couchsurfing.com:
+
+		- about ʳ
+		- status ᵈ
+
+	ᵈ Dropped
+	ʳ Refused
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- store.couchsurfing.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- blog from $self ˢ
+			- blog from ht-cdn.couchsurfing.com ˢ
+			- blog from i.imgur.com ˢ
+
+		- Bug on blog from $self ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Couchsurfing.com (partial)">
+
+	<target host="couchsurfing.com" />
+	<target host="assets.couchsurfing.com" />
+	<target host="blog.couchsurfing.com" />
+	<target host="ht-cdn.couchsurfing.com" />
+	<target host="store.couchsurfing.com" />
+	<target host="support.couchsurfing.com" />
+	<target host="www.couchsurfing.com" />
+
+	<target host="www.couchsurfing.org" />
+	<target host="couchsurfing.org" />
+
+		<!--test url="http://assets.couchsurfing.com/assets/icons/messaging-b59c3098da42c50fbef80c60ebb07333.png" /-->
+		<!--test url="http://ht-cdn.couchsurfing.com/assets/blog/sahara.jpg" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^store\.couchsurfing\.com$" name="^(?:_landing_page|_orig_referrer|cart_sig)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/counterpath.com.xml b/src/chrome/content/rules/counterpath.com.xml
new file mode 100644
index 000000000000..a20141e286a4
--- /dev/null
+++ b/src/chrome/content/rules/counterpath.com.xml
@@ -0,0 +1,18 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://jira.counterpath.com/ => https://jira.counterpath.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://beta.counterpath.com/ => https://beta.counterpath.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+counterpath.com redirect
+www.counterpath.com redirect
+blog.counterpath.com mixed content
+-->
+<ruleset name="counterpath.com (partial)" default_off="failed ruleset test">
+	<target host="jira.counterpath.com" />
+	<target host="secure.counterpath.com" />
+	<target host="support.counterpath.com" />
+	<target host="beta.counterpath.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/countle.com.xml b/src/chrome/content/rules/countle.com.xml
new file mode 100644
index 000000000000..7794d85c7f59
--- /dev/null
+++ b/src/chrome/content/rules/countle.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="Countle">
+  <target host="countle.com" />
+  <target host="www.countle.com" />
+
+  <rule from="^http:"
+          to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/courant.com-falsemixed.xml b/src/chrome/content/rules/courant.com-falsemixed.xml
new file mode 100644
index 000000000000..afbe970786db
--- /dev/null
+++ b/src/chrome/content/rules/courant.com-falsemixed.xml
@@ -0,0 +1,28 @@
+<!--
+	For rules not causing false/broken MCB, see courant.com.xml.
+
+-->
+<ruleset name="Courant.com (false MCB)" platform="mixedcontent">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="store.courant.com" />
+
+	<!--	Complications:
+				-->
+	<target host="courant.chictrib.netdna-cdn.com" />
+
+
+	<securecookie host="^\." name="^(?:_gat?$|gat_|optimizely)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://courant\.chictrib\.netdna-cdn\.com/"
+		to="https://courant-chictrib.netdna-ssl.com/" />
+
+		<test url="http://courant.chictrib.netdna-cdn.com/js/am/revslider/rs-plugin/css/settings.css" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/courant.com.xml b/src/chrome/content/rules/courant.com.xml
new file mode 100644
index 000000000000..1a0ca9b1eb31
--- /dev/null
+++ b/src/chrome/content/rules/courant.com.xml
@@ -0,0 +1,103 @@
+<!--
+	For rules causing false/broken MCB, see courant.com-falsemixed.xml.
+
+	For other Tribune coverage, see Tribune.xml.
+
+
+	CDN buckets:
+
+		- courant.chictrib.netdna-cdn.com
+
+
+	Nonfunctional hosts in *courant.com:
+
+		- ^ ᵈ
+		- articles ʳ
+		- classifieds ʳ
+		- www ʰ
+
+	ᵈ Times out
+	ʰ Redirects to http
+	ʳ Refused
+
+
+	Problematic hosts in *courant.com:
+
+		- advertise ᵐ ˢ
+		- digitaledition ᵐ
+		- store ˣ
+		- tearsheets ᵐ
+
+	ᵐ Mismatched
+	ˢ Self-signed
+	ˣ Mixed css and iframe, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+
+	These altnames do not exist:
+
+		- www.placeanad.courant.com
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- advertising.courant.com
+		- .store.courant.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- iframe on store from $self ˢ
+		- css on store from courant.chictrib.netdna-cdn.com ˢ
+		- Images on store from courant.chictrib.netdna-cdn.com ˢ
+		- Bug on digitaledition from reports.pagesuite-professional.co.uk ᵃ
+
+	ᵃ Unsecurable <= shows another domain
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Courant.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="advertising.courant.com" />
+	<target host="checkout.courant.com" />
+	<target host="myaccount2.courant.com" />
+	<target host="paypanel.courant.com" />
+	<target host="placeanad.courant.com" />
+	<!--target host="store.courant.com" /-->
+
+	<!--	Complications:
+				-->
+	<target host="advertise.courant.com" />
+
+	<!--target host="courant.chictrib.netdna-cdn.com" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^advertising\.courant\.com$" name="^Trib$" /-->
+	<!--securecookie host="^\.store\.courant\.com$" name="^frontend$" /-->
+
+	<securecookie host="^\." name="^(?:_gat?$|_gat_|optimizely)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<!--	Redirect drops path and forward
+		slash, but not args:
+					-->
+	<rule from="^http://advertise\.courant\.com/[^?]*"
+		to="https://placeanad.courant.com/" />
+
+		<test url="http://advertise.courant.com/index.htm" />
+
+	<!--rule from="^http://courant\.chictrib\.netdna-cdn\.com/"
+		to="https://courant-chictrib.netdna-ssl.com/" /-->
+
+		<!--test url="http://courant.chictrib.netdna-cdn.com/js/am/revslider/rs-plugin/css/settings.css" /-->
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/coursedirectoryproviderportal.org.uk.xml b/src/chrome/content/rules/coursedirectoryproviderportal.org.uk.xml
new file mode 100644
index 000000000000..db7be50cd0b5
--- /dev/null
+++ b/src/chrome/content/rules/coursedirectoryproviderportal.org.uk.xml
@@ -0,0 +1,17 @@
+<!--
+	For other UK government coverage, see GOV.UK.xml.
+
+-->
+<ruleset name="Course Directory Provider Portal.org.uk">
+
+	<target host="coursedirectoryproviderportal.org.uk" />
+	<target host="www.coursedirectoryproviderportal.org.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/coursesmart.com.xml b/src/chrome/content/rules/coursesmart.com.xml
new file mode 100644
index 000000000000..0b2c2c20b397
--- /dev/null
+++ b/src/chrome/content/rules/coursesmart.com.xml
@@ -0,0 +1,18 @@
+<!--
+	For other VitalSource coverage, see vitalsource.com.xml.
+
+-->
+<ruleset name="CourseSmart.com">
+
+	<target host="coursesmart.com" />
+	<target host="secure.coursesmart.com" />
+	<target host="www.coursesmart.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/courttheatre.org.nz.xml b/src/chrome/content/rules/courttheatre.org.nz.xml
new file mode 100644
index 000000000000..bcaa88bb2dd5
--- /dev/null
+++ b/src/chrome/content/rules/courttheatre.org.nz.xml
@@ -0,0 +1,13 @@
+<ruleset name="Court Theatre.org.nz">
+
+	<target host="courttheatre.org.nz" />
+	<target host="www.courttheatre.org.nz" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/coventgarden.london.xml b/src/chrome/content/rules/coventgarden.london.xml
new file mode 100644
index 000000000000..fc12771318a6
--- /dev/null
+++ b/src/chrome/content/rules/coventgarden.london.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these domains and hosts:
+
+		- .coventgarden.london
+		- www.coventgarden.london
+
+-->
+<ruleset name="Covent Garden.london">
+
+	<target host="coventgarden.london" />
+	<target host="www.coventgarden.london" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.coventgarden\.london$" name="^SESS[\da-f]{32}$" /-->
+	<!--securecookie host="^www\.coventgarden\.london$" name="^SERVERID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/coventry.gov.uk-falsemixed.xml b/src/chrome/content/rules/coventry.gov.uk-falsemixed.xml
new file mode 100644
index 000000000000..f7c9026f5a0b
--- /dev/null
+++ b/src/chrome/content/rules/coventry.gov.uk-falsemixed.xml
@@ -0,0 +1,16 @@
+<!--
+	For rules not causing false/broken MCB, see coventry.gov.uk.xml.
+
+-->
+<ruleset name="Coventry.gov.uk (false MCB)" platform="mixedcontent">
+
+	<target host="taxbenefits.coventry.gov.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/coventry.gov.uk.xml b/src/chrome/content/rules/coventry.gov.uk.xml
new file mode 100644
index 000000000000..e4d3452df031
--- /dev/null
+++ b/src/chrome/content/rules/coventry.gov.uk.xml
@@ -0,0 +1,90 @@
+<!--
+	Coventry City Council
+
+	For rules causing false/broken MCB, see coventry.gov.uk-falsemixed.xml.
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *coventry.gov.uk:
+
+		- cyclemaps ʳ
+		- democraticservices ᵃ
+		- epetitions *
+		- moderngov ᵃ
+		- planning ᵈ
+		- recyclingclub ᵈ
+
+	* Redirects to www.secure-usb.co.uk
+	ᵃ Shows secure.democraticservices.coventry.gov.uk
+	ᵈ Dropped
+	ʳ Refused
+
+
+	Problematic hosts in *coventry.gov.uk:
+
+		- ^ ᵐ
+		- clg ᵐ
+		- resourcelink ᶜ
+		- taxbenefits ˣ
+
+	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
+	ᵐ Mismatched
+	ˣ Mixed css
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- secure.democraticservices.coventry.gov.uk
+		- payments.coventry.gov.uk
+		- taxbenefits.coventry.gov.uk
+		- www.coventry.gov.uk
+		- .www.coventry.gov.uk
+
+
+	Mixed content:
+
+		- css on taxbenefits from www.coventry.gov.uk ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="Coventry.gov.uk (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="secure.democraticservices.coventry.gov.uk" />
+	<target host="myaccount.coventry.gov.uk" />
+	<target host="payments.coventry.gov.uk" />
+	<!--target host="resourcelink.coventry.gov.uk" /-->
+	<!--target host="taxbenefits.coventry.gov.uk" /-->
+	<target host="www.coventry.gov.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="coventry.gov.uk" />
+
+		<!--	Mixed css:
+					-->
+		<!--test url="http://taxbenefits.coventry.gov.uk/publicaccesslive/selfservice/citizenportal/login.htm;jsessionid=" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^secure\.democraticservices\.coventry\.gov\.uk$" name="^(?:_mglogon_|ASP\.NET_SessionId)$" /-->
+	<!--securecookie host="^payments\.coventry\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^taxbenefits\.coventry\.gov\.uk$" name="^JSESSIONID$" /-->
+	<!--securecookie host="^www\.coventry\.gov\.uk$" name="^\w{16}$" /-->
+	<!--securecookie host="^\.www\.coventry\.gov\.uk$" name="^TestCookie$" /-->
+
+	<securecookie host="^\w" name=".+" />
+	<securecookie host="^\.www\." name=".+" />
+
+
+	<rule from="^http://coventry\.gov\.uk/"
+		to="https://www.coventry.gov.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/cpaste.xml b/src/chrome/content/rules/cpaste.xml
index 199771d13eb0..1644a8817b11 100644
--- a/src/chrome/content/rules/cpaste.xml
+++ b/src/chrome/content/rules/cpaste.xml
@@ -1,6 +1,20 @@
-<ruleset name="cpaste">
-    <target host="www.cpaste.org" />
-    <target host="cpaste.org" />
 
-    <rule from="^http://(www\.)?cpaste\.org/" to="https://cpaste.org/"/>
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.cpaste.org/ => https://www.cpaste.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.cpaste.org'")
+
+-->
+<ruleset name="cpaste" default_off="failed ruleset test">
+
+	<target host="cpaste.org" />
+	<target host="www.cpaste.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<securecookie host="^cpaste\.org$" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/cpcwiki.eu.xml b/src/chrome/content/rules/cpcwiki.eu.xml
new file mode 100644
index 000000000000..4202cd093ed0
--- /dev/null
+++ b/src/chrome/content/rules/cpcwiki.eu.xml
@@ -0,0 +1,11 @@
+<!--
+	Invalid certificate:
+		mail.cpcwiki.eu
+-->
+<ruleset name="cpcwiki.eu">
+	<target host="cpcwiki.eu" />
+	<target host="www.cpcwiki.eu" />
+
+	<rule from="^http://cpcwiki\.eu/" to="https://www.cpcwiki.eu/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/cpeople.ru.xml b/src/chrome/content/rules/cpeople.ru.xml
new file mode 100644
index 000000000000..4b32c6a3b3c1
--- /dev/null
+++ b/src/chrome/content/rules/cpeople.ru.xml
@@ -0,0 +1,22 @@
+<!--
+portfolio.cpeople.ru ¹
+marussia.dev.cpeople.ru ¹
+kalinka.dev.cpeople.ru ¹
+marta.devh.cpeople.ru ²
+leto.dev.cpeople.ru ¹
+spanishabitat.archive.cpeople.ru ²
+viasat.tune.cpeople.ru ³
+itera.devh.cpeople.ru ²
+nordgold.devh.cpeople.ru ²
+
+
+¹ mismatch
+² refused
+³ timed out
+-->
+<ruleset name="cpeople.ru">
+	<target host="cpeople.ru" />
+	<target host="www.cpeople.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/cpiz.net.xml b/src/chrome/content/rules/cpiz.net.xml
new file mode 100644
index 000000000000..22d4da540b0a
--- /dev/null
+++ b/src/chrome/content/rules/cpiz.net.xml
@@ -0,0 +1,15 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cpiz.net/ => https://cpiz.net/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.cpiz.net/ => https://www.cpiz.net/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://annie.cpiz.net/ => https://annie.cpiz.net/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="cpiz.net" default_off="failed ruleset test">
+	<target host="cpiz.net" />
+	<target host="www.cpiz.net" />
+	<target host="annie.cpiz.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/cppc.ca.xml b/src/chrome/content/rules/cppc.ca.xml
new file mode 100644
index 000000000000..98515ac13af9
--- /dev/null
+++ b/src/chrome/content/rules/cppc.ca.xml
@@ -0,0 +1,6 @@
+<ruleset name="cppc.ca">
+		<target host="cppc.ca" />
+		<target host="www.cppc.ca" />
+
+		<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/cppreference.com.xml b/src/chrome/content/rules/cppreference.com.xml
new file mode 100644
index 000000000000..e4341018909f
--- /dev/null
+++ b/src/chrome/content/rules/cppreference.com.xml
@@ -0,0 +1,29 @@
+<ruleset name="cppreference.com">
+	<target host="cppreference.com" />
+	<target host="www.cppreference.com" />
+	<target host="ar.cppreference.com" />
+	<target host="cn.cppreference.com" />
+	<target host="cs.cppreference.com" />
+	<target host="de.cppreference.com" />
+	<target host="en.cppreference.com" />
+	<target host="es.cppreference.com" />
+	<target host="fr.cppreference.com" />
+	<target host="iiwww.cppreference.com" />
+	<target host="ipv6.cppreference.com" />
+	<target host="it.cppreference.com" />
+	<target host="ja.cppreference.com" />
+	<target host="ko.cppreference.com" />
+	<target host="lv.cppreference.com" />
+	<target host="pl.cppreference.com" />
+	<target host="pt.cppreference.com" />
+	<target host="ru.cppreference.com" />
+	<target host="sq.cppreference.com" />
+	<target host="tr.cppreference.com" />
+	<target host="upload.cppreference.com" />
+	<target host="ww.cppreference.com" />
+	<target host="zh.cppreference.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/cpx.to.xml b/src/chrome/content/rules/cpx.to.xml
new file mode 100644
index 000000000000..32cd604b96ca
--- /dev/null
+++ b/src/chrome/content/rules/cpx.to.xml
@@ -0,0 +1,20 @@
+<!--
+	These altnames do not exist:
+
+		- www.p.cpx.to
+		- www.s.cpx.to
+
+-->
+<ruleset name="cpx.to">
+
+	<target host="p.cpx.to" />
+	<target host="s.cpx.to" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/cpy.re.xml b/src/chrome/content/rules/cpy.re.xml
new file mode 100644
index 000000000000..3b9fc046c4be
--- /dev/null
+++ b/src/chrome/content/rules/cpy.re.xml
@@ -0,0 +1,17 @@
+<!--
+cpy.re ¹
+www.cpy.re ¹
+
+
+¹ mismatch
+-->
+<ruleset name="cpy.re (partial)">
+	<target host="blog.cpy.re" />
+	<target host="cozy.cpy.re" />
+	<target host="gitlab.cpy.re" />
+	<target host="isso.cpy.re" />
+	<target host="lutim.cpy.re" />
+	<target host="peertube.cpy.re" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/cquotient.com.xml b/src/chrome/content/rules/cquotient.com.xml
new file mode 100644
index 000000000000..e0fc51f9cb48
--- /dev/null
+++ b/src/chrome/content/rules/cquotient.com.xml
@@ -0,0 +1,35 @@
+<!--
+	For other Demandware coverage, see Demandware.xml.
+
+
+	(www.)?cquotient.com: Dropped
+
+-->
+<ruleset name="cquotient.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="cdn.cquotient.com" />
+
+		<test url="http://cdn.cquotient.com/js/v2/gretel.min.js" />
+
+	<!--	Complications:
+				-->
+	<target host="cquotient.com" />
+	<target host="www.cquotient.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<!--	Redirect drops all:
+					-->
+	<rule from="^http://(?:www\.)?cquotient\.com/.*"
+		to="https://demandware.com/#cquotient" />
+
+		<test url="http://cquotient.com/index.htm" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/craigmurray.org.uk.xml b/src/chrome/content/rules/craigmurray.org.uk.xml
new file mode 100644
index 000000000000..ad7bc9148d27
--- /dev/null
+++ b/src/chrome/content/rules/craigmurray.org.uk.xml
@@ -0,0 +1,13 @@
+<ruleset name="Craig Murray.org.uk">
+
+	<target host="craigmurray.org.uk" />
+	<target host="www.craigmurray.org.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/craigsmith.net.xml b/src/chrome/content/rules/craigsmith.net.xml
new file mode 100644
index 000000000000..7734aa5c23e4
--- /dev/null
+++ b/src/chrome/content/rules/craigsmith.net.xml
@@ -0,0 +1,16 @@
+<!--
+	STS header includes includeSubdomains
+
+-->
+<ruleset name="Craig Smith.net">
+
+	<target host="craigsmith.net" />
+	<target host="*.craigsmith.net" />
+
+		<test url="http://www.craigsmith.net/" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/cravatar.eu.xml b/src/chrome/content/rules/cravatar.eu.xml
new file mode 100644
index 000000000000..891f65bf7c17
--- /dev/null
+++ b/src/chrome/content/rules/cravatar.eu.xml
@@ -0,0 +1,7 @@
+<ruleset name="Cravatar">
+        <target host="cravatar.eu" />
+        <target host="www.cravatar.eu" />
+
+        <rule from="^http:"
+                to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/crazespaces.pw.xml b/src/chrome/content/rules/crazespaces.pw.xml
new file mode 100644
index 000000000000..788cf2ada326
--- /dev/null
+++ b/src/chrome/content/rules/crazespaces.pw.xml
@@ -0,0 +1,16 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://crazespaces.pw/ => https://crazespaces.pw/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.crazespaces.pw/ => https://www.crazespaces.pw/: (28, 'Connection timed out after 20000 milliseconds')
+
+-->
+<ruleset name="crazespaces.pw" default_off="failed ruleset test">
+	<target host=    "crazespaces.pw" />
+	<target host="www.crazespaces.pw" />
+
+  	<securecookie host="^(www\.)?crazespaces\.pw$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/creationkit.com.xml b/src/chrome/content/rules/creationkit.com.xml
new file mode 100644
index 000000000000..cf749270e4cb
--- /dev/null
+++ b/src/chrome/content/rules/creationkit.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="creationkit.com">
+	<target host="creationkit.com" />
+	<target host="www.creationkit.com" />
+	<target host="forums.creationkit.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/creativecommons.net.xml b/src/chrome/content/rules/creativecommons.net.xml
new file mode 100644
index 000000000000..0634e8c4f327
--- /dev/null
+++ b/src/chrome/content/rules/creativecommons.net.xml
@@ -0,0 +1,8 @@
+<ruleset name="Creative Commons">
+
+	<target host="creativecommons.net" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/crechi.tw.xml b/src/chrome/content/rules/crechi.tw.xml
new file mode 100644
index 000000000000..bb9f152b0416
--- /dev/null
+++ b/src/chrome/content/rules/crechi.tw.xml
@@ -0,0 +1,7 @@
+<ruleset name="crechi.tw">
+	<target host="crechi.tw" />
+	<target host="www.crechi.tw" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/crick.ac.uk.xml b/src/chrome/content/rules/crick.ac.uk.xml
new file mode 100644
index 000000000000..ace45dddd8bf
--- /dev/null
+++ b/src/chrome/content/rules/crick.ac.uk.xml
@@ -0,0 +1,85 @@
+<!--
+	The Francis Crick Institute
+
+
+	Nonfunctional hosts in *crick.ac.uk:
+
+		- bmm ⁴
+		- genomes ᵈ
+		- genomics ᵈ
+
+	⁴ 404
+	ᵈ Dropped
+
+
+	Problematic hosts in *crick.ac.uk:
+
+		- webmail ᵖ
+
+	ᵖ Plaintext reply
+
+
+	These altnames don't exist:
+
+		- www.jobs.crick.ac.uk
+		- www.procurement.crick.ac.uk
+
+
+	Insecure cookies are set for these hosts:
+
+		- bioinformatics.crick.ac.uk
+
+
+	Mixed content:
+
+		- css on procurement from fonts.googleapis.com ˢ
+		- Image on (www.)? from pbs.twimg.com ˢ
+
+		- favicons, on:
+
+			- (www.)? from www.crick.ac.uk ˢ
+			- (www.)? from hts.cancerresearchuk.org
+
+	ˢ Secured by us
+
+-->
+<ruleset name="Crick.ac.uk">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="crick.ac.uk" />
+	<target host="bioinformatics.crick.ac.uk" />
+	<target host="hts.crick.ac.uk" />
+	<target host="intranet.crick.ac.uk" />
+	<target host="jobs.crick.ac.uk" />
+	<target host="procurement.crick.ac.uk" />
+	<target host="www.crick.ac.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="webmail.crick.ac.uk" />
+
+		<!--	Mixed favicon:
+					-->
+		<!--test url="http://hts.crick.ac.uk/rnaiMeeting/" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^bioinformatics\.crick\.ac\.uk$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<!--	Redirect keeps path and args,
+		but not forward slash:
+					-->
+	<rule from="^http://webmail\.crick\.ac\.uk/+"
+		to="https://emea.centrify.com/" />
+
+		<test url="http://webmail.crick.ac.uk/default.aspx" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/crimestoppers-uk.org.xml b/src/chrome/content/rules/crimestoppers-uk.org.xml
new file mode 100644
index 000000000000..d064c2b36896
--- /dev/null
+++ b/src/chrome/content/rules/crimestoppers-uk.org.xml
@@ -0,0 +1,21 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://arms.crimestoppers-uk.org/ => https://arms.crimestoppers-uk.org/: (6, 'Could not resolve host: arms.crimestoppers-uk.org')
+
+-->
+<ruleset name="Crimestoppers-UK.org" default_off="failed ruleset test">
+
+	<target host="crimestoppers-uk.org" />
+	<target host="arms.crimestoppers-uk.org" />
+	<target host="www.crimestoppers-uk.org" />
+
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/cron-job.org.xml b/src/chrome/content/rules/cron-job.org.xml
new file mode 100644
index 000000000000..cb4fb95f7544
--- /dev/null
+++ b/src/chrome/content/rules/cron-job.org.xml
@@ -0,0 +1,6 @@
+<ruleset name="cron-job.org">
+	<target host="cron-job.org" />
+	<target host="www.cron-job.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/crondash.com.xml b/src/chrome/content/rules/crondash.com.xml
new file mode 100644
index 000000000000..c36bd6379926
--- /dev/null
+++ b/src/chrome/content/rules/crondash.com.xml
@@ -0,0 +1,17 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://crondash.com/ => https://crondash.com/: (28, 'Connection timed out after 20006 milliseconds')
+Fetch error: http://www.crondash.com/ => https://www.crondash.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+c.crondash.com ¹
+
+
+¹ mismatch
+-->
+<ruleset name="crondash.com" default_off="failed ruleset test">
+	<target host="crondash.com" />
+	<target host="www.crondash.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/crosskeyshomes.co.uk.xml b/src/chrome/content/rules/crosskeyshomes.co.uk.xml
new file mode 100644
index 000000000000..3d3766c8877e
--- /dev/null
+++ b/src/chrome/content/rules/crosskeyshomes.co.uk.xml
@@ -0,0 +1,25 @@
+<!--
+	^crosskeyshomes.co.uk: Handshake fails
+
+-->
+<ruleset name="Cross Keys Homes.co.uk">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.crosskeyshomes.co.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="crosskeyshomes.co.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://crosskeyshomes\.co\.uk/"
+		to="https://www.crosskeyshomes.co.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/crowdstrike.com.xml b/src/chrome/content/rules/crowdstrike.com.xml
new file mode 100644
index 000000000000..c645832ff0a3
--- /dev/null
+++ b/src/chrome/content/rules/crowdstrike.com.xml
@@ -0,0 +1,27 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- go.crowdstrike.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="CrowdStrike.com">
+
+	<target host="crowdstrike.com" />
+	<target host="go.crowdstrike.com" />
+	<target host="www.crowdstrike.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^go\.crowdstrike\.com$" name="^BIGipServer" /-->
+
+	<securecookie host="^\." name="^(?:__cfduid$|_gat?$|_gat_|cf_clearance$)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/crowthornepc.org.uk.xml b/src/chrome/content/rules/crowthornepc.org.uk.xml
new file mode 100644
index 000000000000..0d069cb9a4a2
--- /dev/null
+++ b/src/chrome/content/rules/crowthornepc.org.uk.xml
@@ -0,0 +1,22 @@
+<!--
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Mixed content:
+
+		- iframe from www.crowthornepc.org.uk
+
+-->
+<ruleset name="Crowthorne PC.org.uk" default_off="mismatched" platform="mixedcontent">
+
+	<target host="crowthornepc.org.uk" />
+	<target host="www.crowthornepc.org.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/croydon.gov.uk.xml b/src/chrome/content/rules/croydon.gov.uk.xml
new file mode 100644
index 000000000000..9e6a80a684ee
--- /dev/null
+++ b/src/chrome/content/rules/croydon.gov.uk.xml
@@ -0,0 +1,84 @@
+<!--
+	London Borough of Croydon Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *croydon.gov.uk:
+
+		- maps ᵈ
+		- news ᵈ
+		- planning ᵈ
+
+	ᵈ Dropped
+
+
+	Problematic hosts in *croydon.gov.uk:
+
+		- ^ ᵈ
+		- jobs ᵈ
+		- secure ᶜ
+
+	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
+	ᵈ Dropped; preemptable redirect
+
+
+	These altnames do not exist:
+
+		- www.fpn.croydon.gov.uk
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- fpn.croydon.gov.uk
+		- getinvolved.croydon.gov.uk
+		- my.croydon.gov.uk
+		- .my.croydon.gov.uk
+		- secure.croydon.gov.uk
+
+-->
+<ruleset name="Croydon.gov.uk (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="fpn.croydon.gov.uk" />
+	<target host="getinvolved.croydon.gov.uk" />
+	<target host="my.croydon.gov.uk" />
+	<!--target host="secure.croydon.gov.uk" /-->
+	<target host="www.croydon.gov.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="croydon.gov.uk" />
+	<target host="jobs.croydon.gov.uk" />
+
+		<!--	Sets cookies without Secure:
+							-->
+		<!--test url="http://secure.croydon.gov.uk/eforms/ufsmain?formid=EXT_CS_FEEDBACK_PAGE&amp;USER_RATING=Average&amp;IDENTIFIER=Web&amp;URL_PAGE=https://my.croydon.gov.uk/User/Login?ReturnUrl=%2f" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:fpn|getinvolved)\.croydon\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^my\.croydon\.gov\.uk$" name="^(?:__RequestVerificationToken|ASP\.NET_SessionId|ai_session|ai_user)$" /-->
+	<!--securecookie host="^\.my\.croydon\.gov\.uk$" name="^ARRAffinity$" /-->
+	<!--securecookie host="^secure\.croydon\.gov\.uk$" name="^(?:ISAWPLB\{[\dA-F]+\}|JSESSIONID)$" /-->
+
+	<securecookie host="^\.my\." name=".+" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://croydon\.gov\.uk/"
+		to="https://www.croydon.gov.uk/" />
+
+	<!--	Redirect drops all:
+					-->
+	<rule from="^http://jobs\.croydon\.gov\.uk/.*"
+		to="https://www.croydon.gov.uk/jobs" />
+
+		<test url="http://jobs.croydon.gov.uk/index.htm" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/crushus.com.xml b/src/chrome/content/rules/crushus.com.xml
new file mode 100644
index 000000000000..70a5e2508ff5
--- /dev/null
+++ b/src/chrome/content/rules/crushus.com.xml
@@ -0,0 +1,53 @@
+<!--
+	Dropped:
+		- p
+		- pra
+		- proxyspare10
+		- proxyspare4
+		- proxyspare5
+		- proxyspare9
+		- tpb
+
+	Mismatched:
+		- www.wallpapers (hostinger.com)
+
+	Self-signed:
+		- mr4x3
+
+	Connection closed:
+		- www
+-->
+
+<ruleset name="crushus.com">
+	<target host="crushus.com" />
+	<target host="ads.crushus.com" />
+	<target host="crushus-s1.crushus.com" />
+	<target host="crushus-s2.crushus.com" />
+	<target host="crushus-s3.crushus.com" />
+	<target host="crushus-s4.crushus.com" />
+	<target host="crushus-s5.crushus.com" />
+	<target host="crushus-s6.crushus.com" />
+	<target host="crushus-s7.crushus.com" />
+	<target host="crushus-s8.crushus.com" />
+	<target host="fastproxy.crushus.com" />
+	<target host="fireproxy.crushus.com" />
+	<target host="latest.crushus.com" />
+	<target host="now.crushus.com" />
+	<target host="pdoyl.crushus.com" />
+	<target host="proxy.crushus.com" />
+	<target host="proxydoyl.crushus.com" />
+	<target host="proxyonmobile.crushus.com" />
+	<target host="proxyspare.crushus.com" />
+	<target host="proxyspare2.crushus.com" />
+	<target host="proxyspare3.crushus.com" />
+	<target host="proxyspare6.crushus.com" />
+	<target host="proxyspare7.crushus.com" />
+	<target host="proxyspare8.crushus.com" />
+	<target host="superproxy.crushus.com" />
+	<target host="wallpapers.crushus.com" />
+	<target host="web.crushus.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/crypto-loot.com.xml b/src/chrome/content/rules/crypto-loot.com.xml
new file mode 100644
index 000000000000..1456eabda7bf
--- /dev/null
+++ b/src/chrome/content/rules/crypto-loot.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="crypto-loot.com">
+	<target host="crypto-loot.com" />
+	<target host="www.crypto-loot.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/cryptocoding.xml b/src/chrome/content/rules/cryptocoding.xml
index e470d34b5a8e..5bc496169f9c 100644
--- a/src/chrome/content/rules/cryptocoding.xml
+++ b/src/chrome/content/rules/cryptocoding.xml
@@ -3,7 +3,12 @@
 	<target host="cryptocoding.net" />
 	<target host="www.cryptocoding.net" />
 
-	<rule from="^http://(www\.)?cryptocoding\.net/"
-		to="https://cryptocoding.net/" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^cryptocoding\.net$" name="cryptocoding_session$" /-->
+
+	<securecookie host="^cryptocoding\.net$" name=".+" />
+
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/cryptonote.org.xml b/src/chrome/content/rules/cryptonote.org.xml
new file mode 100644
index 000000000000..53c1c67881df
--- /dev/null
+++ b/src/chrome/content/rules/cryptonote.org.xml
@@ -0,0 +1,16 @@
+<!--
+	www.cryptonote.org does not exist.
+
+-->
+<ruleset name="CryptoNote.org">
+
+	<target host="cryptonote.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/cryptonotefoundation.org.xml b/src/chrome/content/rules/cryptonotefoundation.org.xml
new file mode 100644
index 000000000000..3c11fe76472f
--- /dev/null
+++ b/src/chrome/content/rules/cryptonotefoundation.org.xml
@@ -0,0 +1,13 @@
+<ruleset name="CryptoNote Foundation.org">
+
+	<target host="cryptonotefoundation.org" />
+	<target host="www.cryptonotefoundation.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/cryptonotestarter.org.xml b/src/chrome/content/rules/cryptonotestarter.org.xml
new file mode 100644
index 000000000000..5130d0e6e9e4
--- /dev/null
+++ b/src/chrome/content/rules/cryptonotestarter.org.xml
@@ -0,0 +1,13 @@
+<ruleset name="CryptoNote Starter.org">
+
+	<target host="cryptonotestarter.org" />
+	<target host="www.cryptonotestarter.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/cryptostore.ru.xml b/src/chrome/content/rules/cryptostore.ru.xml
new file mode 100644
index 000000000000..b0f5b73b51a8
--- /dev/null
+++ b/src/chrome/content/rules/cryptostore.ru.xml
@@ -0,0 +1,14 @@
+<!--
+www.cryptostore.ru non-2xx http code
+
+
+-->
+<ruleset name="cryptostore.ru">
+	<target host="cryptostore.ru" />
+	<target host="www.cryptostore.ru" />
+
+	<rule from="^http://www\.cryptostore\.ru/"
+		to="https://cryptostore.ru/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/cryptotec.com.xml b/src/chrome/content/rules/cryptotec.com.xml
new file mode 100644
index 000000000000..8c1550049193
--- /dev/null
+++ b/src/chrome/content/rules/cryptotec.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="CryptoTec.com">
+
+	<target host="cryptotec.com" />
+	<target host="www.cryptotec.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/crystalmark.info.xml b/src/chrome/content/rules/crystalmark.info.xml
new file mode 100644
index 000000000000..ae1c51d985fa
--- /dev/null
+++ b/src/chrome/content/rules/crystalmark.info.xml
@@ -0,0 +1,6 @@
+<ruleset name="crystalmark.info">
+	<target host="crystalmark.info"/>
+	<target host="www.crystalmark.info"/>
+
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/csmonitor.com.xml b/src/chrome/content/rules/csmonitor.com.xml
new file mode 100644
index 000000000000..f2420ac6bc0e
--- /dev/null
+++ b/src/chrome/content/rules/csmonitor.com.xml
@@ -0,0 +1,56 @@
+<!--
+
+- Timeout error:
+
+a.csmonitor.com
+
+- No SSL:
+
+breakthroughs.csmonitor.com
+energy.csmonitor.com
+projects.csmonitor.com
+horizon.csmonitor.com
+li.csmonitor.com
+link.csmonitor.com
+www.login.csmonitor.com
+metrics.csmonitor.com
+passcode.csmonitor.com
+
+- Secure Connection Failed
+
+rss.csmonitor.com
+
+- Unable to connect
+
+www.subscribe.csmonitor.com
+
+-->
+
+<ruleset name="csmonitor.com">
+	<target host="csmonitor.com" />
+	<target host="www.csmonitor.com" />
+	<target host="admin.csmonitor.com" />
+	<target host="api.csmonitor.com" />
+	<target host="equaled.csmonitor.com" />
+	<target host="ezorigin.csmonitor.com" />
+	<target host="features.csmonitor.com" />
+	<target host="humantrafficking.csmonitor.com" />
+	<target host="images.csmonitor.com" />
+	<target host="littlebillclinton.csmonitor.com" />
+	<target host="login.csmonitor.com" />
+	<target host="m.csmonitor.com" />
+	<target host="proofm.csmonitor.com" />
+	<target host="secure.csmonitor.com" />
+	<target host="smetrics.csmonitor.com" />
+	<target host="stageorigin.csmonitor.com" />
+	<target host="static.csmonitor.com" />
+	<target host="subscribe.csmonitor.com" />
+	<target host="upload.csmonitor.com" />
+	<target host="w.csmonitor.com" />
+	<target host="webin.csmonitor.com" />
+	<target host="weblogs.csmonitor.com" />
+	<target host="ww.csmonitor.com" />
+	<target host="wwww.csmonitor.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ctc.ru.xml b/src/chrome/content/rules/ctc.ru.xml
new file mode 100644
index 000000000000..dfa1c959272d
--- /dev/null
+++ b/src/chrome/content/rules/ctc.ru.xml
@@ -0,0 +1,74 @@
+<!--
+24.ctc.ru ⁴
+2s.ctc.ru ⁴
+www.2s.ctc.ru ⁴
+5element.ctc.ru ⁴
+80.ctc.ru ¹
+9may.ctc.ru ⁴
+big.ctc.ru ⁴
+bigcast.ctc.ru ⁴
+www.bigcast.ctc.ru ⁴
+catalog.ctc.ru ⁴
+cdn1.ctc.ru ¹
+chainyiput.ctc.ru ⁴
+www.comics.ctc.ru ⁴
+ctc-mx.ctc.ru ²
+ctc-mx1.ctc.ru ³
+ctc-mx2.ctc.ru ³
+dlsrv2.ctc.ru ⁴
+dlsrv3.ctc.ru ⁴
+dove.ctc.ru ³
+www.dove.ctc.ru ³
+family.ctc.ru ⁴
+forum.ctc.ru ³
+g.ctc.ru ⁴
+game.ctc.ru ²
+gurov.ctc.ru ⁴
+hero.ctc.ru ⁴
+www.i.ctc.ru ³
+iis.ctc.ru ⁴
+kuhnya.ctc.ru ³
+kvest.ctc.ru ⁴
+leto.ctc.ru ⁴
+www.leto.ctc.ru ⁴
+londongrad.ctc.ru ⁴
+love.ctc.ru ¹
+www.love.ctc.ru ²
+m3.ctc.ru ⁴
+m4.ctc.ru ⁴
+mchefkids.ctc.ru ⁴
+www.mchefkids.ctc.ru ⁴
+mechta-hozyaiki.ctc.ru ⁴
+most.ctc.ru ⁴
+mts.ctc.ru ⁴
+muz.ctc.ru ⁴
+newlife.ctc.ru ⁴
+old.ctc.ru ⁴
+otel.ctc.ru ¹
+papabest.ctc.ru ⁴
+quote.ctc.ru ⁴
+russo-turisto.ctc.ru ⁴
+service.ctc.ru ⁴
+static.ctc.ru ³
+supermom.ctc.ru ⁴
+svetofor.ctc.ru ³
+ufs.ctc.ru ²
+wildgames.ctc.ru ⁴
+zagadka.ctc.ru ⁴
+dlsrv1.ctc.ru different content
+londonnash.ctc.ru different content
+
+
+¹ mismatch
+² refused
+³ timed out
+⁴ self signed
+-->
+<ruleset name="ctc.ru">
+	<target host="ctc.ru" />
+	<target host="www.ctc.ru" />
+	<target host="plus.ctc.ru" />
+	<target host="staging2.ctc.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ctkarch.org.xml b/src/chrome/content/rules/ctkarch.org.xml
new file mode 100644
index 000000000000..860b456e247b
--- /dev/null
+++ b/src/chrome/content/rules/ctkarch.org.xml
@@ -0,0 +1,5 @@
+<ruleset name="ctkarch.org">
+	<target host="ctkarch.org" />
+	<target host="www.ctkarch.org" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/cube.io.xml b/src/chrome/content/rules/cube.io.xml
new file mode 100644
index 000000000000..20841b3c8032
--- /dev/null
+++ b/src/chrome/content/rules/cube.io.xml
@@ -0,0 +1,8 @@
+<ruleset name="cube.io">
+	<target host="cube.io" />
+	<target host="www.cube.io" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/cubeupload.com.xml b/src/chrome/content/rules/cubeupload.com.xml
new file mode 100644
index 000000000000..a29e50f6cae0
--- /dev/null
+++ b/src/chrome/content/rules/cubeupload.com.xml
@@ -0,0 +1,13 @@
+<!--
+	cubeupload Image Hosting (cubeupload.com)
+
+-->
+<ruleset name="cubeupload">
+	<target host="cubeupload.com" />
+	<target host="www.cubeupload.com" />
+	<target host="u.cubeupload.com" />
+	<target host="blog.cubeupload.com" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/cublinux.com.xml b/src/chrome/content/rules/cublinux.com.xml
new file mode 100644
index 000000000000..018d18750bd5
--- /dev/null
+++ b/src/chrome/content/rules/cublinux.com.xml
@@ -0,0 +1,12 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cublinux.com/ => https://cublinux.com/: (51, "SSL: no alternative certificate subject name matches target host name 'cublinux.com'")
+Fetch error: http://www.cublinux.com/ => https://www.cublinux.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.cublinux.com'")
+
+-->
+<ruleset name="cublinux.com" default_off="failed ruleset test">
+	<target host="cublinux.com" />
+	<target host="www.cublinux.com" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/cuckoosandbox.org.xml b/src/chrome/content/rules/cuckoosandbox.org.xml
new file mode 100644
index 000000000000..dbc12ba98a25
--- /dev/null
+++ b/src/chrome/content/rules/cuckoosandbox.org.xml
@@ -0,0 +1,21 @@
+<!--
+	Mixed content:
+
+		- css from fonts.googleapis.com ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="Cuckoo Sandbox.org">
+
+	<target host="cuckoosandbox.org" />
+	<target host="www.cuckoosandbox.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/cumbria.gov.uk.xml b/src/chrome/content/rules/cumbria.gov.uk.xml
new file mode 100644
index 000000000000..71ae69e2acd4
--- /dev/null
+++ b/src/chrome/content/rules/cumbria.gov.uk.xml
@@ -0,0 +1,111 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://hims.cumbria.gov.uk/wip3_no_login/map.aspx?cg=prow => https://hims.cumbria.gov.uk/wip3_no_login/map.aspx?cg=prow: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://recruitment.cumbria.gov.uk/trentl_webrecruitment/wrd/run/ETREC107GF.open?WVID=3697840jJb => https://recruitment.cumbria.gov.uk/trentl_webrecruitment/wrd/run/ETREC107GF.open?WVID=3697840jJb: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://hims.cumbria.gov.uk/ => https://hims.cumbria.gov.uk/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://recruitment.cumbria.gov.uk/ => https://recruitment.cumbria.gov.uk/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.cumbria.gov.uk/ => https://www.cumbria.gov.uk/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://cumbria.gov.uk/ => https://www.cumbria.gov.uk/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	Nonfunctional hosts in *cumbria.gov.uk:
+
+		- councilportal ³
+		- maps ³
+
+	³ 403
+
+
+	Problematic hosts in *cumbria.gov.uk:
+
+		- ^ ³
+		- localoffer ᵐ
+
+	³ 403, preemptable redirect
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- hims.cumbria.gov.uk
+		- www.cumbria.gov.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css on www from fonts.googleapis.com ˢ
+		- Image on recruitment from www.cumbria.gov.uk ˢ
+		- Bug on www from socitm.govmetric.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Cumbria.gov.uk (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="emsonline.cumbria.gov.uk" />
+	<target host="hims.cumbria.gov.uk" />
+	<target host="recruitment.cumbria.gov.uk" />
+	<target host="www.cumbria.gov.uk" />
+
+		<!--	$ 403s, so:
+					-->
+		<test url="http://hims.cumbria.gov.uk/wip3_no_login/map.aspx?cg=prow" />
+		<test url="http://recruitment.cumbria.gov.uk/trentl_webrecruitment/wrd/run/ETREC107GF.open?WVID=3697840jJb" />
+
+	<!--	Complications:
+				-->
+	<target host="cumbria.gov.uk" />
+	<target host="localoffer.cumbria.gov.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^hims\.cumbria\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^www\.cumbria\.gov\.uk$" name="^ASPSESSIONID[A-Z]{8}$" /-->
+
+	<securecookie host="^(?!localoffer\.)\w" name=".+" />
+
+
+	<rule from="^http://cumbria\.gov\.uk/"
+		to="https://www.cumbria.gov.uk/" />
+
+	<rule from="^http://localoffer\.cumbria\.gov\.uk/"
+		to="https://search3.openobjects.com/" />
+
+		<!--exclusion pattern="^http://localoffer\.cumbria\.gov\.uk/(?!.+/(?:(?:cs|image)s/|(?:contact|register|sign_in)\.page))" /-->
+		<!--
+			Reduce non-Tor distinguishability:
+								-->
+		<exclusion pattern="^http://localoffer\.cumbria\.gov\.uk/(?!.+/(?:contact|register|sign_in)\.page)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://localoffer.cumbria.gov.uk/kb5/cumbria/fsd/a_to_z.page" />
+			<test url="http://localoffer.cumbria.gov.uk/kb5/cumbria/fsd/family.page?familychannel=0" />
+			<test url="http://localoffer.cumbria.gov.uk/kb5/cumbria/fsd/feedback.page" />
+			<test url="http://localoffer.cumbria.gov.uk/kb5/cumbria/fsd/home.page" />
+			<test url="http://localoffer.cumbria.gov.uk/kb5/cumbria/fsd/news.page" />
+			<test url="http://localoffer.cumbria.gov.uk/kb5/cumbria/fsd/shortlist.page" />
+			<test url="http://localoffer.cumbria.gov.uk/kb5/cumbria/fsd/site.page?id=BaunEnO3qgI" />
+			<test url="http://localoffer.cumbria.gov.uk/kb5/cumbria/fsd/site.page?id=It3J0IebSU8" />
+
+			<!--	-ve:
+					-->
+			<test url="http://localoffer.cumbria.gov.uk/kb5/cumbria/fsd/contact.page" />
+			<!--
+			<test url="http://localoffer.cumbria.gov.uk/kb5/cumbria/fsd/images/customer/new_window_icon.gif" />
+			-->
+			<test url="http://localoffer.cumbria.gov.uk/kb5/cumbria/fsd/register.page" />
+			<test url="http://localoffer.cumbria.gov.uk/kb5/cumbria/fsd/sign_in.page" />
+			<!--
+			<test url="http://localoffer.cumbria.gov.uk/kb5/cumbria/fsd/stylesheets/css/customer-print.css" />
+			-->
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/cumhuriyet.com.tr.xml b/src/chrome/content/rules/cumhuriyet.com.tr.xml
new file mode 100644
index 000000000000..ff93ec85e01b
--- /dev/null
+++ b/src/chrome/content/rules/cumhuriyet.com.tr.xml
@@ -0,0 +1,37 @@
+<!--
+	(www.)?cumhuriyet.com.tr: Redirects to http
+
+
+	Problematic hosts in *cumhuriyet.com.tr:
+
+		- abone ᵐ
+		- etkinlik ᵉ ᵐ
+
+	ᵉ Expired
+	ᵐ Mismatched
+
+
+
+	Mixed content:
+
+		- iframes on etkinlik from www.cumhuriyet.com.tr ʰ
+		- css on etkinlik from fonts.googleapis.com ˢ
+		- Images on etkinlik from $self
+
+	ʰ Unsecurable <= redirects to http
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Cumhuriyet.com.tr (partial)" default_off="expired, self-signed">
+
+	<target host="abone.cumhuriyet.com.tr" />
+	<target host="etkinlik.cumhuriyet.com.tr" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/curve.co.uk.xml b/src/chrome/content/rules/curve.co.uk.xml
new file mode 100644
index 000000000000..253cd32babcb
--- /dev/null
+++ b/src/chrome/content/rules/curve.co.uk.xml
@@ -0,0 +1,15 @@
+<!--
+	Invalid certificate:
+		autoconfig.curve.co.uk
+-->
+<ruleset name="curve.co.uk">
+	<target host="curve.co.uk" />
+	<target host="www.curve.co.uk" />
+	<target host="autodiscover.curve.co.uk" />
+	<target host="cpanel.curve.co.uk" />
+	<target host="mail.curve.co.uk" />
+	<target host="webdisk.curve.co.uk" />
+	<target host="webmail.curve.co.uk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/cut-the-knot.org.xml b/src/chrome/content/rules/cut-the-knot.org.xml
new file mode 100644
index 000000000000..1ac37dea3088
--- /dev/null
+++ b/src/chrome/content/rules/cut-the-knot.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="cut-the-knot.org">
+	<target host="cut-the-knot.org" />
+	<target host="www.cut-the-knot.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/cuteness.com.xml b/src/chrome/content/rules/cuteness.com.xml
new file mode 100644
index 000000000000..b2d9a8e55f52
--- /dev/null
+++ b/src/chrome/content/rules/cuteness.com.xml
@@ -0,0 +1,36 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://support.cuteness.com/ => https://support.cuteness.com/: (6, 'Could not resolve host: support.cuteness.com')
+
+	CDN buckets:
+
+		- cuteness-mkt.s3.amazonaws.com
+
+
+	^cuteness.com: Refused
+
+-->
+<ruleset name="Cuteness.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="support.cuteness.com" />
+	<target host="www.cuteness.com" />
+
+	<!--	Complications:
+				-->
+	<target host="cuteness.com" />
+
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://cuteness\.com/"
+		to="https://www.cuteness.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/cutesoft.net.xml b/src/chrome/content/rules/cutesoft.net.xml
new file mode 100644
index 000000000000..01a807bd170b
--- /dev/null
+++ b/src/chrome/content/rules/cutesoft.net.xml
@@ -0,0 +1,51 @@
+<!--
+	Other CuteSoft Components rulesets:
+
+		- javascriptobfuscator.com.xml
+		- My_LiveChat.xml
+		- zchat.com.xml
+
+
+	Nonfunctional hosts in *cutesoft.net:
+
+		- clientcenter ⁴
+
+	⁴ 404
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- cutesoft.net
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Image from $self ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="CuteSoft.net (partial)">
+
+	<target host="cutesoft.net" />
+	<target host="www.cutesoft.net" />
+
+		<!--	Mixed image:
+					-->
+		<!--test url="http://cutesoft.net/Live-Support/" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^cutesoft\.net$" name="^(?:ASP\.NET_SessionId|CommunityServer-(?:LastVisitUpdated-|UserCookie)\d+|CSAnonymous)$" /-->
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/cvvnumber.com.xml b/src/chrome/content/rules/cvvnumber.com.xml
new file mode 100644
index 000000000000..827f84df8892
--- /dev/null
+++ b/src/chrome/content/rules/cvvnumber.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="CVVnumber.com">
+
+	<target host="cvvnumber.com" />
+	<target host="www.cvvnumber.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/cwc.im.xml b/src/chrome/content/rules/cwc.im.xml
new file mode 100644
index 000000000000..529d42fe28bb
--- /dev/null
+++ b/src/chrome/content/rules/cwc.im.xml
@@ -0,0 +1,8 @@
+<ruleset name="cwc.im">
+
+	<target host="cwc.im" />
+	<target host="www.cwc.im" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/cwgv.com.tw.xml b/src/chrome/content/rules/cwgv.com.tw.xml
new file mode 100644
index 000000000000..be82c7736481
--- /dev/null
+++ b/src/chrome/content/rules/cwgv.com.tw.xml
@@ -0,0 +1,54 @@
+<!--
+	NXDOMAIN:
+		^cwgv.com.tw
+
+	Expired:
+		test.cwgv.com.tw
+		video.cwgv.com.tw
+		webftp.cwgv.com.tw
+
+	Mismatched:
+		s1.cwgv.com.tw
+		s2.cwgv.com.tw
+		server09.cwgv.com.tw
+
+	Too many redirects:
+		autodiscover.cwgv.com.tw
+		server28.cwgv.com.tw
+		webmail.cwgv.com.tw
+
+	Timeout:
+		ec.cwgv.com.tw
+		fp.cwgv.com.tw
+		ftp.cwgv.com.tw
+		goldftp.cwgv.com.tw
+		hr.cwgv.com.tw
+		live.cwgv.com.tw
+		ma.cwgv.com.tw
+		mail.cwgv.com.tw
+		owa.cwgv.com.tw
+		proxy.cwgv.com.tw
+		reading.cwgv.com.tw
+		reg.cwgv.com.tw
+		ts.cwgv.com.tw
+-->
+<ruleset name="cwgv.com.tw">
+	<target host="www.cwgv.com.tw" />
+	<target host="2016isport.cwgv.com.tw" />
+	<target host="50plus.cwgv.com.tw" />
+	<target host="api.cwgv.com.tw" />
+	<target host="bookzone.cwgv.com.tw" />
+	<target host="future.cwgv.com.tw" />
+	<target host="gfamily.cwgv.com.tw" />
+	<target host="gkids.cwgv.com.tw" />
+	<target host="gvsrc.cwgv.com.tw" />
+	<target host="hbrshop.cwgv.com.tw" />
+	<target host="junior.cwgv.com.tw" />
+	<target host="member.cwgv.com.tw" />
+	<target host="rs.cwgv.com.tw" />
+	<target host="rsapp.cwgv.com.tw" />
+	<target host="shop.cwgv.com.tw" />
+	<target host="tmcc.cwgv.com.tw" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/cwrap.org.xml b/src/chrome/content/rules/cwrap.org.xml
new file mode 100644
index 000000000000..f9b275b35418
--- /dev/null
+++ b/src/chrome/content/rules/cwrap.org.xml
@@ -0,0 +1,11 @@
+<ruleset name="cwrap.org">
+
+	<target host="cwrap.org" />
+	<target host="*.cwrap.org" />
+
+	<test url="http://www.cwrap.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/cyberbits.eu.xml b/src/chrome/content/rules/cyberbits.eu.xml
new file mode 100644
index 000000000000..962e55ab1355
--- /dev/null
+++ b/src/chrome/content/rules/cyberbits.eu.xml
@@ -0,0 +1,12 @@
+<ruleset name="cyberbits.eu">
+	<target host="cyberbits.eu" />
+	<target host="deb.cyberbits.eu" />
+	<target host="status.cyberbits.eu" />
+	<target host="coronavirus.cyberbits.eu" />
+	<target host="mirror.cyberbits.eu" />
+	<target host="ntp.cyberbits.eu" />
+	<target host="speedtest.cyberbits.eu" />
+	<target host="torrent.cyberbits.eu" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/cyberciti.biz.xml b/src/chrome/content/rules/cyberciti.biz.xml
new file mode 100644
index 000000000000..c4771b853ee1
--- /dev/null
+++ b/src/chrome/content/rules/cyberciti.biz.xml
@@ -0,0 +1,21 @@
+<!--
+	Refused:
+		feeds.cyberciti.biz
+
+	Timeout:
+		rhel8.cyberciti.biz
+-->
+<ruleset name="cyberciti.biz">
+
+	<target host="cyberciti.biz" />
+	<target host="www.cyberciti.biz" />
+	<target host="bash.cyberciti.biz" />
+	<target host="cms.cyberciti.biz" />
+	<target host="newsletter.cyberciti.biz" />
+	<target host="server1.cyberciti.biz" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/cyberpowerpc.com.xml b/src/chrome/content/rules/cyberpowerpc.com.xml
new file mode 100644
index 000000000000..ca78901013d0
--- /dev/null
+++ b/src/chrome/content/rules/cyberpowerpc.com.xml
@@ -0,0 +1,14 @@
+<!--
+	Refused:
+		- *.cpdl.cyberpowerpc.com
+-->
+<ruleset name="cyberpowerpc.com">
+	<target host="cyberpowerpc.com"/>
+	<target host="www.cyberpowerpc.com"/>
+	<target host="aafes.cyberpowerpc.com"/>
+	<target host="blog.cyberpowerpc.com"/>
+	<target host="costco.cyberpowerpc.com"/>
+
+	<rule from="^http:"
+		to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/czechorchidsociety.org.xml b/src/chrome/content/rules/czechorchidsociety.org.xml
new file mode 100644
index 000000000000..a15f75d965d8
--- /dev/null
+++ b/src/chrome/content/rules/czechorchidsociety.org.xml
@@ -0,0 +1,6 @@
+<ruleset name="czechorchidsociety.org">
+	<target host="czechorchidsociety.org" />
+	<target host="www.czechorchidsociety.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/d3js.org.xml b/src/chrome/content/rules/d3js.org.xml
new file mode 100644
index 000000000000..ad5b66b151aa
--- /dev/null
+++ b/src/chrome/content/rules/d3js.org.xml
@@ -0,0 +1,14 @@
+<!--
+	d3js.org
+	js framework
+
+	Last test date: 17.11.2017
+-->
+<ruleset name="d3js.org">
+	<!-- Main page -->
+	<target host="d3js.org" />
+	<!-- Perma redirect to non www domain -->
+	<target host="www.d3js.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/daemonology.net.xml b/src/chrome/content/rules/daemonology.net.xml
new file mode 100644
index 000000000000..f3e422a44742
--- /dev/null
+++ b/src/chrome/content/rules/daemonology.net.xml
@@ -0,0 +1,5 @@
+<ruleset name="daemonology.net">
+	<target host="daemonology.net" />
+	<target host="www.daemonology.net" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/dailyedge.ie.xml b/src/chrome/content/rules/dailyedge.ie.xml
new file mode 100644
index 000000000000..e01569aa177d
--- /dev/null
+++ b/src/chrome/content/rules/dailyedge.ie.xml
@@ -0,0 +1,50 @@
+<!--
+	For other TheJournal coverage, see TheJournal.ie.xml.
+
+
+	^dailyedge.ie: Mismatched
+
+
+	Insecure cookies are set for these domains:
+
+		- .dailyedge.ie
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- www from static.jrnl.ie ˢ
+			- www from c[0123].thejournal.ie ˢ
+			- www from img2.thejournal.ie ˢ
+
+		- Bug on www from b.scorecardresearch.com ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="Daily Edge.ie">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.dailyedge.ie" />
+
+	<!--	Complications:
+				-->
+	<target host="dailyedge.ie" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.dailyedge\.ie$" name="^(?:__cfduid|cf_clearance|jSID|notice_cookies)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://dailyedge\.ie/"
+		to="https://www.dailyedge.ie/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/dailystar.com.lb.xml b/src/chrome/content/rules/dailystar.com.lb.xml
new file mode 100644
index 000000000000..62423169f37b
--- /dev/null
+++ b/src/chrome/content/rules/dailystar.com.lb.xml
@@ -0,0 +1,35 @@
+<!--
+	Nonfunctional hosts in *dailystar.com.lb:
+
+		- ads ʳ
+
+	ʳ Refused
+
+
+	Mixed content:
+
+		- favicon on (www.)? from www.dailystar.com.lb ˢ
+
+		- Ads / bugs, on:
+
+			- (www.)? from ads.dailystar.com.lb ʳ
+			- (www.)? from www.facebook.com ˢ
+			- (www.)? from c.statcounter.com ˢ
+
+	ʳ Unsecureable <= refused
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Daily Star.com.lb (partial)">
+
+	<target host="dailystar.com.lb" />
+	<target host="www.dailystar.com.lb" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/dalee.ru.xml b/src/chrome/content/rules/dalee.ru.xml
new file mode 100644
index 000000000000..798626cb1241
--- /dev/null
+++ b/src/chrome/content/rules/dalee.ru.xml
@@ -0,0 +1,20 @@
+<!--
+www.megafon.andromeda.dalee.ru ¹
+dicloranplus.jjw0.dalee.ru ¹
+www.megafon.andromeda.dalee.ru ¹
+ad.disney.dalee.ru ¹
+ad2.disney.dalee.ru ¹
+microlax.jjw0.dalee.ru ¹
+samsung.dev.dalee.ru ⁴
+www.corp.andromeda.dalee.ru ⁴
+
+
+¹ mismatch
+⁴ self signed
+-->
+<ruleset name="dalee.ru">
+	<target host="dalee.ru" />
+	<target host="www.dalee.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/danluu.com.xml b/src/chrome/content/rules/danluu.com.xml
new file mode 100644
index 000000000000..aa52c33a384e
--- /dev/null
+++ b/src/chrome/content/rules/danluu.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="danluu.com">
+	<target host="danluu.com" />
+	<target host="www.danluu.com" />
+
+	<securecookie host=".+" name=".+" />
+
+   <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/danmurphys.com.au.xml b/src/chrome/content/rules/danmurphys.com.au.xml
new file mode 100644
index 000000000000..9ffee70b4f00
--- /dev/null
+++ b/src/chrome/content/rules/danmurphys.com.au.xml
@@ -0,0 +1,31 @@
+<!--
+	For other Woolworths coverage, see Woolworths.com.au.xml
+
+
+	Nonfunctional subdomains:
+
+		- catalogues	(mismatch hostname, CN: *.salesfinder.com.au)
+		- www.intdns	(timeout)
+		- uat2.m	(mismatch hostname, CN: woolworths.com.au)
+		- reviews	(mismatch hostname, CN: *.ugc.bazaarvoice.com)
+
+-->
+<ruleset name="Dan Murphy's">
+
+	<target host="danmurphys.com.au" />
+	<target host="www.danmurphys.com.au" />
+	<target host="events.danmurphys.com.au" />
+	<target host="m.danmurphys.com.au" />
+	<target host="media1.danmurphys.com.au" />
+	<target host="media2.danmurphys.com.au" />
+	<target host="muat2.danmurphys.com.au" />
+	<target host="uat.danmurphys.com.au" />
+	<target host="uat2.danmurphys.com.au" />
+	<target host="uatmedia1.danmurphys.com.au" />
+	<target host="uatmedia2.danmurphys.com.au" />
+
+	<securecookie host="^www\.danmurphys\.com\.au$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/daofile.com.xml b/src/chrome/content/rules/daofile.com.xml
new file mode 100644
index 000000000000..a8480795a9a7
--- /dev/null
+++ b/src/chrome/content/rules/daofile.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these domains: ᶜ
+
+		- .daofile.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Daofile.com">
+
+	<target host="daofile.com" />
+	<target host="www.daofile.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.daofile\.com$" name="^lang$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/darebee.com.xml b/src/chrome/content/rules/darebee.com.xml
new file mode 100644
index 000000000000..5b4d6aa687f6
--- /dev/null
+++ b/src/chrome/content/rules/darebee.com.xml
@@ -0,0 +1,23 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://mail.darebee.com/ => https://mail.darebee.com/: (51, "SSL: no alternative certificate subject name matches target host name 'mail.darebee.com'")
+
+	No working URL known:
+		autodiscover.darebee.com
+		webdisk.darebee.com (503)
+
+	Private subdomain:
+		cpanel.darebee.com
+		webmail.darebee.com
+
+-->
+<ruleset name="darebee.com" default_off="failed ruleset test">
+
+	<target host="darebee.com" />
+	<target host="www.darebee.com" />
+	<target host="mail.darebee.com" />
+
+	<rule from="^http:"	to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/darkmatter.ae.xml b/src/chrome/content/rules/darkmatter.ae.xml
new file mode 100644
index 000000000000..da15f0c1a8a4
--- /dev/null
+++ b/src/chrome/content/rules/darkmatter.ae.xml
@@ -0,0 +1,6 @@
+<ruleset name="darkmatter.ae">
+  <target host="darkmatter.ae" />
+  <target host="www.darkmatter.ae" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/darktrace.com.xml b/src/chrome/content/rules/darktrace.com.xml
new file mode 100644
index 000000000000..2e12d9673a89
--- /dev/null
+++ b/src/chrome/content/rules/darktrace.com.xml
@@ -0,0 +1,31 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- customers.darktrace.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Darktrace.com">
+
+	<target host="darktrace.com" />
+	<target host="customers.darktrace.com" />
+	<target host="www.darktrace.com" />
+
+		<!--	Sets cookie without Secure:
+							-->
+		<!--test url="http://customers.darktrace.com/book/" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^customers\.darktrace\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/darktrace.jp.xml b/src/chrome/content/rules/darktrace.jp.xml
new file mode 100644
index 000000000000..b9a901e26906
--- /dev/null
+++ b/src/chrome/content/rules/darktrace.jp.xml
@@ -0,0 +1,27 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- customers.darktrace.jp
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Darktrace.jp">
+
+	<target host="darktrace.jp" />
+	<target host="customers.darktrace.jp" />
+	<target host="www.darktrace.jp" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^customers\.darktrace\.jp$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/darlinghq.org.xml b/src/chrome/content/rules/darlinghq.org.xml
new file mode 100644
index 000000000000..4e6882df85dc
--- /dev/null
+++ b/src/chrome/content/rules/darlinghq.org.xml
@@ -0,0 +1,16 @@
+<!--
+        Invalid certificate:
+                packages.darlinghq.org
+
+        Refused:
+                blog.darlinghq.org
+-->
+<ruleset name="darlinghq.org">
+	<target host="darlinghq.org" />
+	<target host="www.darlinghq.org" />
+	<target host="appdb.darlinghq.org" />
+	<target host="swdistcache.darlinghq.org" />
+	<target host="wiki.darlinghq.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/data.gouv.fr.xml b/src/chrome/content/rules/data.gouv.fr.xml
new file mode 100644
index 000000000000..3e1ac79d650f
--- /dev/null
+++ b/src/chrome/content/rules/data.gouv.fr.xml
@@ -0,0 +1,15 @@
+<ruleset name="data.gouv.fr (partial)">
+	<target host="data.gouv.fr" />
+	<target host="www.data.gouv.fr" />
+	<target host="adresse.data.gouv.fr" />
+	<target host="agd.data.gouv.fr" />
+	<target host="cada.data.gouv.fr" />
+	<target host="id.data.gouv.fr" />
+	<target host="inspire.data.gouv.fr" />
+	<target host="static.data.gouv.fr" />
+		<test url="http://static.data.gouv.fr/81/79391689536635d7bb9a004db025315150e8ff1ee31c5db4a0b04b78b16d46.txt" />
+	<target host="territoire.data.gouv.fr" />
+	<target host="webmail.data.gouv.fr" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/data.gov.au.xml b/src/chrome/content/rules/data.gov.au.xml
new file mode 100644
index 000000000000..cfa432ebbc21
--- /dev/null
+++ b/src/chrome/content/rules/data.gov.au.xml
@@ -0,0 +1,22 @@
+<!--
+
+	Problematic hosts in *data.gov.au:
+
+		- linked ᵐ
+		- wiki ᵐ
+
+	ᵐ Mismatched
+
+-->
+<ruleset name="data.gov.au">
+
+	<target host="data.gov.au" />
+	<target host="www.data.gov.au" />
+	<target host="blog.data.gov.au" />
+	<target host="search.data.gov.au" />
+	<target host="toolkit.data.gov.au" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/data.gov.hk.xml b/src/chrome/content/rules/data.gov.hk.xml
new file mode 100644
index 000000000000..2d8d69b88d75
--- /dev/null
+++ b/src/chrome/content/rules/data.gov.hk.xml
@@ -0,0 +1,18 @@
+<!--
+	For other HK government coverage, see GovHK.xml.
+
+	Time out:
+		tt.data.gov.hk
+-->
+<ruleset name="data.gov.hk">
+
+	<target host="data.gov.hk" />
+	<target host="www.data.gov.hk" />
+	<target host="api.data.gov.hk" />
+
+	<rule from="^http://www\.data\.gov\.hk/"
+	to="https://data.gov.hk/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/data.gov.uk.xml b/src/chrome/content/rules/data.gov.uk.xml
new file mode 100644
index 000000000000..3f5e0d051003
--- /dev/null
+++ b/src/chrome/content/rules/data.gov.uk.xml
@@ -0,0 +1,45 @@
+<!--
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *data.gov.uk:
+
+		- business ᵃ
+		- education ʳ
+		- labs ʳ
+		- landregistry ʳ
+		- legislation ʰ
+		- reference ʳ
+		- statistics ᵃ
+		- transport ʳ
+
+	ᵃ Shows another domain
+	ʰ Redirects to http
+	ʳ Refused
+
+
+	Problematic hosts in *data.gov.uk:
+
+		- guidance ᵐ
+
+	ᵐ Mismatched
+
+-->
+<ruleset name="Data.gov.uk (partial)">
+
+	<target host="data.gov.uk" />
+	<target host="environment.data.gov.uk" />
+	<target host="locationmde.data.gov.uk" />
+	<target host="locationmetadataeditor.data.gov.uk" />
+	<target host="standards.data.gov.uk" />
+	<target host="www.data.gov.uk" />
+
+
+	<securecookie host="^\." name="^__utm" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/datadryad.org.xml b/src/chrome/content/rules/datadryad.org.xml
new file mode 100644
index 000000000000..ec42dabf4881
--- /dev/null
+++ b/src/chrome/content/rules/datadryad.org.xml
@@ -0,0 +1,23 @@
+<!--
+	Refused:
+		api.datadryad.org
+		secundus.datadryad.org
+
+	No working URL known:
+		online.datadryad.org (403)
+		list.datadryad.org (timeout)
+		mailams.datadryad.org (timeout)
+
+	Bad certificate:
+		wiki.datadryad.org
+
+-->
+<ruleset name="Dryad Digital Repository">
+
+	<target host="datadryad.org" />
+	<target host="www.datadryad.org" />
+	<target host="blog.datadryad.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/dataexchangewales.org.uk.xml b/src/chrome/content/rules/dataexchangewales.org.uk.xml
new file mode 100644
index 000000000000..b63c42fbd15d
--- /dev/null
+++ b/src/chrome/content/rules/dataexchangewales.org.uk.xml
@@ -0,0 +1,17 @@
+<!--
+	For other UK government coverage, see GOV.UK.xml.
+
+-->
+<ruleset name="Data Exchange Wales.org.uk">
+
+	<target host="dataexchangewales.org.uk" />
+	<target host="www.dataexchangewales.org.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/datamotion.com.xml b/src/chrome/content/rules/datamotion.com.xml
new file mode 100644
index 000000000000..ba2cb9f8adb2
--- /dev/null
+++ b/src/chrome/content/rules/datamotion.com.xml
@@ -0,0 +1,51 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://testing.datamotion.com/ => https://testing.datamotion.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+	Fetch testing note: otrs redirects to 404
+	login prompt over http & https
+
+
+	(www.)?datamotion.com: 404
+
+
+	These altnames do not exist:
+
+		- www.support.datamotion.com
+
+
+	Insecure cookies are set for these hosts:
+
+		- otrs.datamotion.com
+		- ssl.datamotion.com
+		- support.datamotion.com
+		- testing.datamotion.com
+
+-->
+<ruleset name="DataMotion.com (partial)" default_off="failed ruleset test">
+
+	<target host="monitoring.datamotion.com" />
+	<target host="otrs.datamotion.com" />
+	<target host="partners.datamotion.com" />
+	<target host="ssl.datamotion.com" />
+	<target host="support.datamotion.com" />
+	<target host="testing.datamotion.com" />
+
+		<!--	Sets cookie without Secure:
+							-->
+		<!--test url="http://ssl.datamotion.com/form.aspx?co=3438&amp;frm=energy&amp;to=flareenergy.fromforms" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:otrs|support)\.datamotion\.com$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^(?:ssl|testing)\.datamotion\.com$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/datei.li.xml b/src/chrome/content/rules/datei.li.xml
new file mode 100644
index 000000000000..31de5aac6ff5
--- /dev/null
+++ b/src/chrome/content/rules/datei.li.xml
@@ -0,0 +1,23 @@
+<!--
+	(www.)?datei.li: plaintext reply
+
+
+	Problematic hosts in *datei.li:
+
+		- minicirc ᵐ
+
+	ᵐ Mismatched
+
+-->
+<ruleset name="datei.li">
+
+	<target host="secure.datei.li" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/datelinknetworks.com.xml b/src/chrome/content/rules/datelinknetworks.com.xml
new file mode 100644
index 000000000000..45ddab767a0a
--- /dev/null
+++ b/src/chrome/content/rules/datelinknetworks.com.xml
@@ -0,0 +1,32 @@
+<!--
+	(www.)?datelinknetworks.com: shows another domain
+
+
+	These altnames do not exist:
+
+		- www.secure.datelinknetworks.com
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- secure.datelinknetworks.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Date Link Networks.com (partial)">
+
+	<target host="secure.datelinknetworks.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^secure\.datelinknetworks\.com$" name="^(?:ASP\.NET_SessionId|HttpReferer|affiliateid|program|subcode)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/datinglab.net.xml b/src/chrome/content/rules/datinglab.net.xml
new file mode 100644
index 000000000000..6c8731422002
--- /dev/null
+++ b/src/chrome/content/rules/datinglab.net.xml
@@ -0,0 +1,75 @@
+<!--
+	(www.)?datinglab.net: Mismatched
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- secure.datinglab.net
+		- secure2.datinglab.net
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css, on:
+
+			- secure from $self ˢ
+			- secure2 from is.i2.datinglab.net ˢ
+
+		- Images, on:
+
+			- (www.)? from www.datinglab.net
+			- secure from $self ˢ
+			- secure2 from is.i2.datinglab.net ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Dating Lab.net (partial)" platform="mixedcontent">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="secure.datinglab.net" />
+	<target host="secure2.datinglab.net" />
+
+	<!--	Complications:
+				-->
+	<target host="is.i2.datinglab.net" />
+
+		<!--	Not all paths are equivalent.
+							-->
+		<exclusion pattern="^http://is\.i2\.datinglab\.net/(?!/*(?:css|pht/\d+|pics)/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://is.i2.datinglab.net/js/functions.r20597.js" />
+			<test url="http://is.i2.datinglab.net/js/navigation.js" />
+			<test url="http://is.i2.datinglab.net/js/vendor/jquery-iCheck/icheck.min.js" />
+			<test url="http://is.i2.datinglab.net/js/vendor/modernizr/modernizr-latest.min.js" />
+			<test url="http://is.i2.datinglab.net/js/vendor/ng-responsive-tables/ng_responsive_tables.js" />
+			<test url="http://is.i2.datinglab.net/js/vendor/select2/select2.min.js" />
+
+			<!--	-ve:
+					-->
+			<test url="http://is.i2.datinglab.net/css/i2/14.r22706.css" />
+			<test url="http://is.i2.datinglab.net/pht/3/24/ata~22.jpg" />
+			<test url="http://is.i2.datinglab.net/pics/b.gif" />
+			<test url="http://is.i2.datinglab.net/pics/i2/0/chrome/oda-logo.png" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^secure2?\.datinglab\.net$" name="^(?:DBZSESSID|PHPSESSID|SISID)$" /-->
+
+	<securecookie host="^\." name="_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://is\.i2\.datinglab\.net/"
+		to="https://secure2.datinglab.net/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/daum.net.xml b/src/chrome/content/rules/daum.net.xml
new file mode 100644
index 000000000000..d1db3abee24f
--- /dev/null
+++ b/src/chrome/content/rules/daum.net.xml
@@ -0,0 +1,44 @@
+<!--
+	daum.net
+
+	Other Daum rulesets:
+
+		- DaumCDN.net.xml
+-->
+<ruleset name="daum.net">
+
+	<target host="daum.net"/>
+	<target host="search.daum.net"/>
+	<target host="m.search.daum.net"/>
+	<target host="v.daum.net"/>
+	<target host="www.daum.net"/>
+	<target host="m.daum.net"/>
+	<target host="m.mail.daum.net"/>
+	<target host="cafe.daum.net"/>
+	<target host="top.cafe.daum.net"/>
+	<target host="m.cafe.daum.net"/>
+	<target host="news.daum.net"/>
+	<target host="news.v.daum.net"/>
+	<target host="entertain.daum.net"/>
+	<target host="entertain.v.daum.net"/>
+	<target host="sports.daum.net"/>
+	<target host="sports.v.daum.net"/>
+	<target host="auto.daum.net"/>
+	<target host="auto.v.daum.net"/>
+	<target host="logins.daum.net"/>
+	<target host="finance.daum.net"/>
+	<target host="m.finance.daum.net"/>
+	<target host="blog.daum.net"/>
+	<target host="dic.daum.net"/>
+	<target host="pathofexile.game.daum.net"/>
+	<target host="elyon.game.daum.net"/>
+	<target host="pubg.game.daum.net"/>
+	<target host="realty.daum.net"/>
+	<target host="m.realty.daum.net"/>
+	<target host="100.daum.net"/>
+	<target host="wordbook.daum.net"/>
+	<target host="track.tiara.daum.net"/>
+
+	<rule from="^http:" to="https:"/>
+
+</ruleset>
diff --git a/src/chrome/content/rules/david-dm.org.xml b/src/chrome/content/rules/david-dm.org.xml
new file mode 100644
index 000000000000..17ca29fe7187
--- /dev/null
+++ b/src/chrome/content/rules/david-dm.org.xml
@@ -0,0 +1,12 @@
+<!--
+www.david-dm.org mismatch
+-->
+<ruleset name="david-dm.org">
+	<target host="david-dm.org" />
+	<target host="www.david-dm.org" />
+
+	<rule from="^http://www\.david-dm\.org/"
+		to="https://david-dm.org/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/davidperkinsphotography.com.xml b/src/chrome/content/rules/davidperkinsphotography.com.xml
new file mode 100644
index 000000000000..69cc693b3477
--- /dev/null
+++ b/src/chrome/content/rules/davidperkinsphotography.com.xml
@@ -0,0 +1,20 @@
+<!--
+	Invalid certificate:
+		apps.davidperkinsphotography.com
+		blog.davidperkinsphotography.com
+		ftp.davidperkinsphotography.com
+		mail.davidperkinsphotography.com
+		p39je7f36m9ddeeeewb6.davidperkinsphotography.com
+		prints.davidperkinsphotography.com
+-->
+<ruleset name="davidperkinsphotography.com">
+	<target host="davidperkinsphotography.com" />
+	<target host="www.davidperkinsphotography.com" />
+	<target host="cpanel.davidperkinsphotography.com" />
+	<target host="cpcalendars.davidperkinsphotography.com" />
+	<target host="cpcontacts.davidperkinsphotography.com" />
+	<target host="webdisk.davidperkinsphotography.com" />
+
+	<rule from="^http://davidperkinsphotography\.com/" to="https://www.davidperkinsphotography.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/davidwalsh.name.xml b/src/chrome/content/rules/davidwalsh.name.xml
new file mode 100644
index 000000000000..0607aa912f3f
--- /dev/null
+++ b/src/chrome/content/rules/davidwalsh.name.xml
@@ -0,0 +1,14 @@
+<ruleset name="David Walsh.name">
+
+	<target host="davidwalsh.name" />
+	<target host="www.davidwalsh.name" />
+
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/day.org.ru.xml b/src/chrome/content/rules/day.org.ru.xml
new file mode 100644
index 000000000000..a415f587ba35
--- /dev/null
+++ b/src/chrome/content/rules/day.org.ru.xml
@@ -0,0 +1,7 @@
+<!-- m. mismatch
+www.m. mismatch -->
+<ruleset name="day.org.ru">
+	<target host="day.org.ru" />
+	<target host="www.day.org.ru" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/daydeal.ch.xml b/src/chrome/content/rules/daydeal.ch.xml
new file mode 100644
index 000000000000..876c14cc723d
--- /dev/null
+++ b/src/chrome/content/rules/daydeal.ch.xml
@@ -0,0 +1,11 @@
+<!--
+	Mismatch:
+		- click.newsletter.daydeal.ch
+-->
+<ruleset name="daydeal">
+	<target host="daydeal.ch"/>
+	<target host="www.daydeal.ch"/>
+
+	<rule from="^http:"
+		to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/dbq.edu.xml b/src/chrome/content/rules/dbq.edu.xml
new file mode 100644
index 000000000000..4ccf18b73c8c
--- /dev/null
+++ b/src/chrome/content/rules/dbq.edu.xml
@@ -0,0 +1,93 @@
+<!--
+	HTTPS != HTTP:
+		dbq.edu
+
+	Invalid certificate:
+		alumni.dbq.edu
+		cpanel.dbq.edu
+		email.dbq.edu
+		enterpriseenrollment.dbq.edu
+		enterpriseregistration.dbq.edu
+		idp.dbq.edu
+		lyncdiscover.dbq.edu
+		msoid.dbq.edu
+		mycampus.dbq.edu
+		pac1.dbq.edu
+		pac2.dbq.edu
+		sip.dbq.edu
+		udgoldmine.dbq.edu
+
+	Non-2xx HTTP code:
+		maxient.dbq.edu
+
+	Refused:
+		_sip._tls.dbq.edu
+		am.dbq.edu
+		ats.dbq.edu
+		autodiscover.dbq.edu
+		bookstore.dbq.edu
+		cgimdata.dbq.edu
+		cgim.dbq.edu
+		dart.dbq.edu
+		facdata.dbq.edu
+		hlc.dbq.edu
+		studata.dbq.edu
+		autodiscover.test.dbq.edu
+		uddata.dbq.edu
+
+	Time out:
+		adc.dbq.edu
+		app3.dbq.edu
+		application3.dbq.edu
+		application4.dbq.edu
+		cis.dbq.edu
+		cmedia.dbq.edu
+		fed2.dbq.edu
+		fedora.dbq.edu
+		firewall.dbq.edu
+		gve.dbq.edu
+		mailfilter.dbq.edu
+		mailfilter2.dbq.edu
+		ns1.dbq.edu
+		pop3.dbq.edu
+		pressbooks.dbq.edu
+		rw.dbq.edu
+		scan.dbq.edu
+		smtp.dbq.edu
+		smtp2.dbq.edu
+		spam.dbq.edu
+		udwindir.dbq.edu
+		video.dbq.edu
+		vpn.dbq.edu
+		webhost.dbq.edu
+
+	Unable to get local issuer certificate:
+		ezproxy.dbq.edu
+		www.ezproxy.dbq.edu
+		mobile.dbq.edu
+-->
+<ruleset name="dbq.edu">
+	<target host="www.dbq.edu" />
+	<target host="cp2.dbq.edu" />
+	<target host="data.dbq.edu" />
+	<target host="digitalud.dbq.edu" />
+	<target host="digitalud-cp.dbq.edu" />
+	<target host="digitalud-dev.dbq.edu" />
+	<target host="ensuringthefuture.dbq.edu" />
+	<target host="intranet.dbq.edu" />
+	<target host="libguides.dbq.edu" />
+	<target host="library.dbq.edu" />
+	<target host="lifeahead.dbq.edu" />
+	<target host="lifeaheadcr.dbq.edu" />
+	<target host="media.dbq.edu" />
+	<target host="my.dbq.edu" />
+	<target host="pfaids.dbq.edu" />
+	<target host="people.dbq.edu" />
+	<target host="tempe.dbq.edu" />
+	<target host="www.tempe.dbq.edu" />
+	<target host="udonline.dbq.edu" />
+	<target host="udts.dbq.edu" />
+	<target host="wendt.dbq.edu" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/dbstatic.no.xml b/src/chrome/content/rules/dbstatic.no.xml
new file mode 100644
index 000000000000..27de329c6177
--- /dev/null
+++ b/src/chrome/content/rules/dbstatic.no.xml
@@ -0,0 +1,40 @@
+<!--
+	Note: platform is so as not to increase non-Tor
+	distinguishability, given that no pages are covered
+	and no mixed content secured.
+
+-->
+<ruleset name="dbstatic.no" platform="mixedcontent">
+
+	<target host="dbstatic.no" />
+	<target host="1.dbstatic.no" />
+	<target host="10.dbstatic.no" />
+	<target host="2.dbstatic.no" />
+	<target host="3.dbstatic.no" />
+	<target host="4.dbstatic.no" />
+	<target host="5.dbstatic.no" />
+	<target host="6.dbstatic.no" />
+	<target host="7.dbstatic.no" />
+	<target host="8.dbstatic.no" />
+	<target host="9.dbstatic.no" />
+
+		<test url="http://dbstatic.no/?imageId=60164106&amp;cropw=100&amp;whRatio=1&amp;bbRatio=0.13671875&amp;croph=76.923076923077&amp;width=100&amp;height=100" />
+		<test url="http://1.dbstatic.no/?imageId=60359603&amp;panox=0&amp;panoy=40.106951871658&amp;panow=100&amp;panoh=52.406417112299&amp;heighty=0&amp;heightx=0&amp;heightw=0&amp;heighth=0&amp;width=512&amp;height=256&amp;compression=60" />
+		<test url="http://10.dbstatic.no/?imageId=60364990&amp;x=7.103825136612&amp;y=13.658536585366&amp;cropw=83.879781420765&amp;croph=86.341463414634&amp;width=307&amp;height=178&amp;compression=60" />
+		<test url="http://2.dbstatic.no/?imageId=60117319&amp;panox=0&amp;panoy=0&amp;panow=0&amp;panoh=0&amp;heighty=0&amp;heightx=0&amp;heightw=0&amp;heighth=0&amp;width=307&amp;height=154&amp;compression=60" />
+		<test url="http://3.dbstatic.no/?imageId=60363320&amp;panox=0&amp;panoy=0&amp;panow=0&amp;panoh=0&amp;heighty=0&amp;heightx=0&amp;heightw=0&amp;heighth=0&amp;width=307&amp;height=238&amp;compression=60" />
+		<test url="http://4.dbstatic.no/?imageId=60365192&amp;panox=0&amp;panoy=37.912087912088&amp;panow=100&amp;panoh=53.846153846154&amp;heighty=0&amp;heightx=26.55737704918&amp;heightw=40&amp;heighth=100&amp;width=307&amp;height=238&amp;compression=60" />
+		<test url="http://5.dbstatic.no/?imageId=60363192&amp;panox=0&amp;panoy=16.042780748663&amp;panow=100&amp;panoh=52.406417112299&amp;heighty=0&amp;heightx=0&amp;heightw=0&amp;heighth=0&amp;width=307&amp;height=238&amp;compression=60" />
+		<test url="http://6.dbstatic.no/?imageId=60265384&amp;x=10.780669144981&amp;y=0&amp;cropw=82.527881040892&amp;croph=100&amp;width=222&amp;height=203&amp;compression=60" />
+		<test url="http://7.dbstatic.no/?imageId=60364317&amp;panox=0&amp;panoy=25.757575757576&amp;panow=100&amp;panoh=49.494949494949&amp;heighty=0&amp;heightx=20&amp;heightw=43.571428571429&amp;heighth=100&amp;width=307&amp;height=195&amp;compression=60" />
+		<test url="http://8.dbstatic.no/?imageId=60364176&amp;x=33.447684391081&amp;y=33.503836317136&amp;cropw=48.027444253859&amp;croph=25.063938618926&amp;width=342&amp;height=171&amp;compression=60" />
+		<test url="http://9.dbstatic.no/?imageId=60364840&amp;panox=0&amp;panoy=0&amp;panow=0&amp;panoh=0&amp;heighty=4.4&amp;heightx=4.2763157894737&amp;heightw=80.263157894737&amp;heighth=79.2&amp;width=342&amp;height=171&amp;compression=60" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/dbtv.no.xml b/src/chrome/content/rules/dbtv.no.xml
new file mode 100644
index 000000000000..7baeee8844d7
--- /dev/null
+++ b/src/chrome/content/rules/dbtv.no.xml
@@ -0,0 +1,26 @@
+<!--
+	Mixed content:
+
+		- Images on www from gfx.dbtv.no ˢ
+		- Bugs on www from dagbladet.tns-cs.net ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="DBTV.no">
+
+	<target host="dbtv.no" />
+	<target host="gfx.dbtv.no" />
+	<target host="www.dbtv.no" />
+
+		<test url="http://gfx.dbtv.no/thumbs/still/47966.jpg" />
+
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/dcard.tw.xml b/src/chrome/content/rules/dcard.tw.xml
new file mode 100644
index 000000000000..a1d87fef1f8c
--- /dev/null
+++ b/src/chrome/content/rules/dcard.tw.xml
@@ -0,0 +1,9 @@
+<ruleset name="dcard.tw">
+	<target host="dcard.tw" />
+	<target host="www.dcard.tw" />
+
+	<securecookie host="^\.dcard\.tw$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/dcerpc.org.xml b/src/chrome/content/rules/dcerpc.org.xml
index 33c97f868faf..f66853eb5da2 100644
--- a/src/chrome/content/rules/dcerpc.org.xml
+++ b/src/chrome/content/rules/dcerpc.org.xml
@@ -1,6 +1,13 @@
-<ruleset name="DCERPC">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.dcerpc.org/ => https://www.dcerpc.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.dcerpc.org'")
+Fetch error: http://dcerpc.org/ => https://www.dcerpc.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.dcerpc.org'")
+
+-->
+<ruleset name="DCERPC" default_off="failed ruleset test">
   <target host="www.dcerpc.org" />
   <target host="dcerpc.org" />
 
-  <rule from="^http://(www\.)?dcerpc\.org/" to="https://www.dcerpc.org/"/>
+  <rule from="^http://(?:www\.)?dcerpc\.org/" to="https://www.dcerpc.org/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/dcmuseum.co.uk.xml b/src/chrome/content/rules/dcmuseum.co.uk.xml
new file mode 100644
index 000000000000..20584946813a
--- /dev/null
+++ b/src/chrome/content/rules/dcmuseum.co.uk.xml
@@ -0,0 +1,7 @@
+<ruleset name="dcmuseum.co.uk">
+	<target host="dcmuseum.co.uk" />
+	<target host="www.dcmuseum.co.uk" />
+
+	<rule from="^http://www\.dcmuseum\.co\.uk/" to="https://dcmuseum.co.uk/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/dcos.io.xml b/src/chrome/content/rules/dcos.io.xml
new file mode 100644
index 000000000000..c179c6c46a24
--- /dev/null
+++ b/src/chrome/content/rules/dcos.io.xml
@@ -0,0 +1,22 @@
+<!--
+	Problematic hosts in *dcos.io:
+
+		- chat ᵐ
+
+	ᵐ Herokuapp / mismatched
+
+-->
+<ruleset name="DCOS.io (partial)">
+
+	<target host="dcos.io" />
+	<target host="www.dcos.io" />
+
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/dd-wrt.com.xml b/src/chrome/content/rules/dd-wrt.com.xml
new file mode 100644
index 000000000000..da759c3a31d7
--- /dev/null
+++ b/src/chrome/content/rules/dd-wrt.com.xml
@@ -0,0 +1,16 @@
+<!--
+	For rules that are on by default, see dd-wrt.com.xml.
+
+-->
+<ruleset name="DD-WRT.com (self-signed)" default_off="self-signed">
+
+        <target host="svn.dd-wrt.com" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ddcdn.xml b/src/chrome/content/rules/ddcdn.xml
new file mode 100644
index 000000000000..e21e43bf737b
--- /dev/null
+++ b/src/chrome/content/rules/ddcdn.xml
@@ -0,0 +1,10 @@
+<ruleset name="ddcdn">
+	<!--	Mismatch:
+	target host="(www\.)?ddcdn\.com"/
+	-->
+	<target host="cc.ddcdn.com"/>
+	<target host="ccm.ddcdn.com"/>
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/dditservices.com.xml b/src/chrome/content/rules/dditservices.com.xml
new file mode 100644
index 000000000000..7180c545c634
--- /dev/null
+++ b/src/chrome/content/rules/dditservices.com.xml
@@ -0,0 +1,64 @@
+<!--
+	Other DuoDecad IT Services rulesets:
+
+		- Dditscdn.com.xml
+		- LiveJasmin.xml
+
+
+	Nonfunctional hosts in *dditservices.com:
+
+		- speedtest.hkg ᵈ
+		- speedtest.lax ᵈ
+		- speedtest.lux ᵈ
+		- speedtest.mia ʳ
+		- speedtest ᵈ
+
+	ᵈ Dropped
+	ʳ Refused
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- dditservices.com
+		- www.dditservices.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	STS header includes includeSubdomains
+
+-->
+<ruleset name="DD IT Services.com (partial)">
+
+	<target host="dditservices.com" />
+	<target host="*.dditservices.com" />
+
+		<!--	includeSubdomains applies to one level only, so:
+									-->
+		<exclusion pattern="^http://(?:(?:[^./]+\.){2}|speedtest\.|speedtest\.\w{3}\.)dditservices\.com/" />
+
+			<!--	+ve:
+					-->
+			<test url="http://this.host.dditservices.com/" />
+			<test url="http://exists.not.dditservices.com/" />
+			<test url="http://speedtest.hkg.dditservices.com/" />
+			<test url="http://speedtest.lax.dditservices.com/" />
+			<test url="http://speedtest.lux.dditservices.com/" />
+			<test url="http://speedtest.mia.dditservices.com/" />
+			<test url="http://speedtest.dditservices.com/" />
+
+		<test url="http://secure.dditservices.com/" />
+		<test url="http://www.dditservices.com/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?dditservices\.com$" name="^(?:PHPSESSID|site_lang)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ddlvalley.cool.xml b/src/chrome/content/rules/ddlvalley.cool.xml
new file mode 100644
index 000000000000..28ce46435e45
--- /dev/null
+++ b/src/chrome/content/rules/ddlvalley.cool.xml
@@ -0,0 +1,37 @@
+<!--
+	Mixed content:
+
+		- css on (www.)? from www.ddlvalley.cool ˢ
+
+		- Images, on:
+
+			- (www.)? from images.ddlvalley.cool ˢ
+			- (www.)? from www.ddlvalley.cool ˢ
+			- (www.)? from images.ddlvalley.eu ˢ
+			- (www.)? from images.ddlvalley.rocks ˢ
+
+		- Ads/bugs, on:
+
+			- (www.)? from static.cbox.ws ˢ
+			- (www.)? from www7.cbox.ws ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="DDLValley.cool" platform="mixedcontent">
+
+	<target host="ddlvalley.cool" />
+	<target host="images.ddlvalley.cool" />
+	<target host="www.ddlvalley.cool" />
+
+		<test url="http://images.ddlvalley.cool/images/08949815595064181916.jpg" />
+
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ddlvalley.eu.xml b/src/chrome/content/rules/ddlvalley.eu.xml
new file mode 100644
index 000000000000..0e14ab058ce4
--- /dev/null
+++ b/src/chrome/content/rules/ddlvalley.eu.xml
@@ -0,0 +1,14 @@
+<ruleset name="DDLValley.eu">
+
+	<target host="ddlvalley.eu" />
+	<target host="images.ddlvalley.eu" />
+	<target host="www.ddlvalley.eu" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ddlvalley.rocks.xml b/src/chrome/content/rules/ddlvalley.rocks.xml
new file mode 100644
index 000000000000..6907cb5c4682
--- /dev/null
+++ b/src/chrome/content/rules/ddlvalley.rocks.xml
@@ -0,0 +1,14 @@
+<ruleset name="DDLValley.rocks">
+
+	<target host="ddlvalley.rocks" />
+	<target host="images.ddlvalley.rocks" />
+	<target host="www.ddlvalley.rocks" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ddos-guard.net.xml b/src/chrome/content/rules/ddos-guard.net.xml
new file mode 100644
index 000000000000..1ba4d5e66c1c
--- /dev/null
+++ b/src/chrome/content/rules/ddos-guard.net.xml
@@ -0,0 +1,33 @@
+<!--
+hosting.ddos-guard.net ²
+mx1.ddos-guard.net ²
+mx2.ddos-guard.net ²
+mx3.ddos-guard.net ²
+ns1.ddos-guard.net ²
+ns2.ddos-guard.net ²
+ns3.ddos-guard.net ²
+ns4.ddos-guard.net ²
+ns5.ddos-guard.net ²
+ns6.ddos-guard.net ²
+phpmyadmin.ddos-guard.net ²
+vpsnode2.ddos-guard.net ⁴
+vpsnode21.ddos-guard.net ¹
+vpsnode22.ddos-guard.net ¹
+vpsnode3.ddos-guard.net ²
+vpsnode5.ddos-guard.net ²
+
+
+¹ mismatch
+² refused
+⁴ self signed
+-->
+<ruleset name="ddos-guard.net">
+	<target host="ddos-guard.net" />
+	<target host="www.ddos-guard.net" />
+	<target host="corp.ddos-guard.net" />
+	<target host="ddgu.ddos-guard.net" />
+	<target host="mail.ddos-guard.net" />
+	<target host="my.ddos-guard.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/deSEC.xml b/src/chrome/content/rules/deSEC.xml
new file mode 100644
index 000000000000..4e4be36f26a0
--- /dev/null
+++ b/src/chrome/content/rules/deSEC.xml
@@ -0,0 +1,23 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://update6.dedyn.io/ => https://update6.dedyn.io/: (7, '')
+Fetch error: http://checkip6.dedyn.io/ => https://checkip6.dedyn.io/: (6, 'Could not resolve host: checkip6.dedyn.io')
+
+  Covers desec.io and dedyn.io.
+
+  No HTTPS supported:
+    * *.dedyn.io are user-generated domains with user content, so they do not
+      have to support HTTPS there.
+-->
+<ruleset name="deSEC" default_off="failed ruleset test">
+  <target host="dedyn.io" />
+  <target host="www.dedyn.io" />
+  <target host="update.dedyn.io" />
+  <target host="update6.dedyn.io" />
+  <target host="checkip.dedyn.io" />
+  <target host="checkip6.dedyn.io" />
+
+  <rule from="^http:"
+        to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/deakinandfrancis.co.uk.xml b/src/chrome/content/rules/deakinandfrancis.co.uk.xml
new file mode 100644
index 000000000000..9eb0c71edb62
--- /dev/null
+++ b/src/chrome/content/rules/deakinandfrancis.co.uk.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these domains: ᶜ
+
+		- .deakinandfrancis.co.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Deakin and Francis.co.uk">
+
+	<target host="deakinandfrancis.co.uk" />
+	<target host="www.deakinandfrancis.co.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.deakinandfrancis\.co\.uk$" name="^(?:currency|frontend)$" /-->
+
+	<securecookie host="^\." name="^(?:currency|frontend)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/dealabs.com.xml b/src/chrome/content/rules/dealabs.com.xml
new file mode 100644
index 000000000000..c4b9a0b181fb
--- /dev/null
+++ b/src/chrome/content/rules/dealabs.com.xml
@@ -0,0 +1,40 @@
+<!--
+	Nonfunctional hosts in *dealabs.com:
+
+		- url ᶠ
+
+	ᶠ Handshake fails
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.dealabs.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Dealabs.com (partial)">
+
+	<target host="dealabs.com" />
+	<target host="static.dealabs.com" />
+	<target host="www.dealabs.com" />
+
+		<test url="http://static.dealabs.com/css/responsive.css" />
+
+		<!--	Sets cookie without Secure:
+							-->
+		<!--test url="http://www.dealabs.com/forum.html" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.dealabs\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\." name="^(?:__cfduid$|_gat?$|_gat_|cf_clearance$)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/dealinteractive.com.xml b/src/chrome/content/rules/dealinteractive.com.xml
new file mode 100644
index 000000000000..1c85df777f39
--- /dev/null
+++ b/src/chrome/content/rules/dealinteractive.com.xml
@@ -0,0 +1,26 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://secure.dealinteractive.com/ => https://secure.dealinteractive.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://secure3.dealinteractive.com/ => https://secure3.dealinteractive.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://securetrial.dealinteractive.com/ => https://securetrial.dealinteractive.com/: (60, 'SSL certificate problem: certificate has expired')
+
+	(www.)?dealinteractive.com: server sends no certificate chain, see https://whatsmychaincert.com
+
+-->
+<ruleset name="Deal Interactive.com (partial)" default_off="failed ruleset test">
+
+	<!--target host="dealinteractive.com" /-->
+	<target host="secure.dealinteractive.com" />
+	<target host="secure3.dealinteractive.com" />
+	<target host="securetrial.dealinteractive.com" />
+	<!--target host="www.dealinteractive.com" /-->
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/dearmummyblog.com.xml b/src/chrome/content/rules/dearmummyblog.com.xml
new file mode 100644
index 000000000000..49dee9772398
--- /dev/null
+++ b/src/chrome/content/rules/dearmummyblog.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="Dear Mummy Blog.com">
+
+	<target host="dearmummyblog.com" />
+	<target host="www.dearmummyblog.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/debenhams.com.xml b/src/chrome/content/rules/debenhams.com.xml
new file mode 100644
index 000000000000..693b58252be1
--- /dev/null
+++ b/src/chrome/content/rules/debenhams.com.xml
@@ -0,0 +1,199 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://int.debenhams.com/ad/gifts/ => https://int.debenhams.com/ad/gifts/: (7, 'Failed to connect to int.debenhams.com port 443: Connection refused')
+Fetch error: http://int.debenhams.com/ad/shop/?showpage=2 => https://int.debenhams.com/ad/shop/?showpage=2: (7, 'Failed to connect to int.debenhams.com port 443: Connection refused')
+Fetch error: http://int.debenhams.com/micro/img/arrow-sprite.png => https://int.debenhams.com/micro/img/arrow-sprite.png: (7, 'Failed to connect to int.debenhams.com port 443: Connection refused')
+Fetch error: http://int.debenhams.com/wcsstore/SharedStoreFront/Custom/img/country-ad.png => https://int.debenhams.com/wcsstore/SharedStoreFront/Custom/img/country-ad.png: (7, 'Failed to connect to int.debenhams.com port 443: Connection refused')
+Fetch error: http://int.debenhams.com/webapp/wcs/stores/servlet/OrderItemDisplay => https://int.debenhams.com/webapp/wcs/stores/servlet/OrderItemDisplay: (7, 'Failed to connect to int.debenhams.com port 443: Connection refused')
+Fetch error: http://int.debenhams.com/webapp/wcs/stores/servlet/OrderItemDisplay => https://int.debenhams.com/webapp/wcs/stores/servlet/OrderItemDisplay: (7, 'Failed to connect to int.debenhams.com port 443: Connection refused')
+Fetch error: http://int.debenhams.com/webapp/wcs/stores/servlet/OrderTrackingRequestView => https://int.debenhams.com/webapp/wcs/stores/servlet/OrderTrackingRequestView: (7, 'Failed to connect to int.debenhams.com port 443: Connection refused')
+Fetch error: http://int.debenhams.com/webapp/wcs/stores/servlet/ResetPasswordForm => https://int.debenhams.com/webapp/wcs/stores/servlet/ResetPasswordForm: (7, 'Failed to connect to int.debenhams.com port 443: Connection refused')
+Fetch error: http://int.debenhams.com/webapp/wcs/stores/servlet/UserRegistrationLogonView?storeId=10151 => https://int.debenhams.com/webapp/wcs/stores/servlet/UserRegistrationLogonView?storeId=10151: (7, 'Failed to connect to int.debenhams.com port 443: Connection refused')
+Non-2xx HTTP code: http://www.debenhams.com/favicon.ico (200) => https://www.debenhams.com/favicon.ico (403)
+Fetch error: http://images.e.debenhams.com/ => https://images.e.debenhams.com/: (6, 'Could not resolve host: images.e.debenhams.com')
+
+	CDN buckets:
+
+		- debenhams.scene7.com
+
+
+	Nonfunctional hosts in *debenhams.com:
+
+		- blog ʳ
+		- finance ʳ
+		- m ʰ
+
+	ʰ Redirects to http
+	ʳ Refused
+
+
+	Problematic hosts in *debenhams.com:
+
+		- ^ ʳ
+		- int ˡ
+
+	ˡ >=1 paths loop over http
+	ʳ Refused
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- .debenhams.com
+		- int.debenhams.com
+		- .www.debenhams.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css on www from fonts.googleapis.com ˢ
+
+		- Images, on:
+
+			- pages.e from image.e.debenhams.com ˢ
+			- www from $self ˢ
+			- www from debenhams.scene7.com
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Debenhams.com (partial)" platform="mixedcontent" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="images.e.debenhams.com" />
+	<target host="pages.e.debenhams.com" />
+	<target host="int.debenhams.com" />
+	<target host="www.debenhams.com" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://int\.debenhams\.com/(?:$|ad/home/$|info/faq/our_terms_and_conditions/privacy_policy$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="^http://int\.debenhams\.com/(?!/*(?:ad/+(?:gifts|shop)/|micro/|wcsstore/|webapp/wcs/stores/servlet/))" /-->
+		<!--
+			Avoid potential XHR problems:
+							-->
+		<!--exclusion pattern="^http://int\.debenhams\.com/.+\.js(?:$|\?)" /-->
+		<!--
+			In combination:
+					-->
+		<exclusion pattern="^http://int\.debenhams\.com/(?!(?!.+\.js(?:$|\?))/*(?:ad/+(?:gifts|shop)/|micro/|wcsstore/|webapp/wcs/stores/servlet/))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://int.debenhams.com/ad/home/" />
+			<test url="http://int.debenhams.com/info/designer_collections" />
+			<test url="http://int.debenhams.com/info/faq/home" />
+			<test url="http://int.debenhams.com/info/faq/our_terms_and_conditions/privacy_policy" />
+			<test url="http://int.debenhams.com/info/gifts_for_him/" />
+			<test url="http://int.debenhams.com/micro/js/Deb.INT-HP.js" />
+			<test url="http://int.debenhams.com/micro/js/debs_sitewide.js" />
+			<test url="http://int.debenhams.com/micro/js/jquery.bxslider.4.1.1-patched.js" />
+			<test url="http://int.debenhams.com/micro/js/jquery.bxslider.4.1.1-patched.js" />
+			<test url="http://int.debenhams.com/micro/responsive/responsive.js" />
+			<test url="http://int.debenhams.com/wcsstore/SharedStoreFront/javascript/adrum.js" />
+
+			<!--	-ve:
+					-->
+			<test url="http://int.debenhams.com/ad/gifts/" />
+			<test url="http://int.debenhams.com/ad/shop/?showpage=2" />
+			<test url="http://int.debenhams.com/micro/img/arrow-sprite.png" />
+			<test url="http://int.debenhams.com/wcsstore/SharedStoreFront/Custom/img/country-ad.png" />
+			<test url="http://int.debenhams.com/webapp/wcs/stores/servlet/OrderItemDisplay" />
+			<test url="http://int.debenhams.com/webapp/wcs/stores/servlet/OrderItemDisplay" />
+			<test url="http://int.debenhams.com/webapp/wcs/stores/servlet/OrderTrackingRequestView" />
+			<test url="http://int.debenhams.com/webapp/wcs/stores/servlet/ResetPasswordForm" />
+			<test url="http://int.debenhams.com/webapp/wcs/stores/servlet/UserRegistrationLogonView?storeId=10151" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.debenhams\.com/(?:$|beauty$|sale$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="^http://www\.debenhams\.com/(?!/*(?:favicon\.ico|wcsstore/))" /-->
+		<!--
+			Avoid potential XHR problems:
+							-->
+		<!--exclusion pattern="^http://www\.debenhams\.com/+wcsstore/.+\.js(?:$|\?)" /-->
+		<!--
+			In combination:
+					-->
+		<exclusion pattern="^http://www\.debenhams\.com/(?!(?!.+\.js(?:$|\?))/*(?:favicon\.ico|wcsstore/))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.debenhams.com/beauty" />
+			<test url="http://www.debenhams.com/sale" />
+			<test url="http://www.debenhams.com/wcsstore/DebenhamsStorefrontAssetStore/foresee/foresee-trigger.js" />
+			<test url="http://www.debenhams.com/wcsstore/DebenhamsStorefrontAssetStore/javascript/CatalogArea/ProductDisplay.js" />
+			<test url="http://www.debenhams.com/wcsstore/DebenhamsStorefrontAssetStore/javascript/CommonContextsDeclarations.js" />
+			<test url="http://www.debenhams.com/wcsstore/DebenhamsStorefrontAssetStore/javascript/CommonControllersDeclaration.js" />
+			<test url="http://www.debenhams.com/wcsstore/DebenhamsStorefrontAssetStore/javascript/Deb.Global.js" />
+			<test url="http://www.debenhams.com/wcsstore/DebenhamsStorefrontAssetStore/javascript/Deb.HP.js" />
+			<test url="http://www.debenhams.com/wcsstore/DebenhamsStorefrontAssetStore/javascript/Deb.INT.SR.js" />
+			<test url="http://www.debenhams.com/wcsstore/DebenhamsStorefrontAssetStore/javascript/MessageHelper.js" />
+			<test url="http://www.debenhams.com/wcsstore/DebenhamsStorefrontAssetStore/javascript/ServicesDeclaration.js" />
+			<test url="http://www.debenhams.com/wcsstore/DebenhamsStorefrontAssetStore/javascript/ServicesEventMapping.js" />
+			<test url="http://www.debenhams.com/wcsstore/DebenhamsStorefrontAssetStore/javascript/StoreCommonUtilities.js" />
+			<test url="http://www.debenhams.com/wcsstore/DebenhamsStorefrontAssetStore/javascript/ajax-helper.js" />
+			<test url="http://www.debenhams.com/wcsstore/DebenhamsStorefrontAssetStore/javascript/debs_akamai_cache.js" />
+			<test url="http://www.debenhams.com/wcsstore/DebenhamsStorefrontAssetStore/javascript/deliveryFiles/chosen.jquery.min.js" />
+			<test url="http://www.debenhams.com/wcsstore/DebenhamsStorefrontAssetStore/javascript/deliveryFiles/chosen.jquery.min.js" />
+			<test url="http://www.debenhams.com/wcsstore/DebenhamsStorefrontAssetStore/javascript/deliveryFiles/jquery-1.10.2.min.js" />
+			<test url="http://www.debenhams.com/wcsstore/DebenhamsStorefrontAssetStore/javascript/dropdown_menu.js" />
+			<test url="http://www.debenhams.com/wcsstore/DebenhamsStorefrontAssetStore/javascript/ibmcomponents/main.js" />
+			<test url="http://www.debenhams.com/wcsstore/DebenhamsStorefrontAssetStore/javascript/jquery.simplemodal.js" />
+			<test url="http://www.debenhams.com/wcsstore/DebenhamsStorefrontAssetStore/javascript/owl.carousel.js" />
+			<test url="http://www.debenhams.com/wcsstore/DebenhamsStorefrontAssetStore/javascript/owl.carousel.js" />
+			<test url="http://www.debenhams.com/wcsstore/DebenhamsStorefrontAssetStore/js-ext/debscommon.js" />
+			<test url="http://www.debenhams.com/wcsstore/DebenhamsStorefrontAssetStore/js-ext/jquery.bxSlider.3.0-patched.min.js" />
+			<test url="http://www.debenhams.com/wcsstore/common/javascript/s_code.js" />
+			<test url="http://www.debenhams.com/wcsstore/common/javascript/tagmanContainer_19.js" />
+			<test url="http://www.debenhams.com/wcsstore/common/javascript/tagmanContainer_clicks.js" />
+			<test url="http://www.debenhams.com/wcsstore/common/javascript/tagmanInitialisation.js" />
+			<test url="http://www.debenhams.com/wcsstore/dojo18/debs/coreComponents.js" />
+			<test url="http://www.debenhams.com/wcsstore/dojo18/dojo/dojo.js" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.debenhams.com/favicon.ico" />
+			<test url="http://www.debenhams.com/wcsstore/DebenhamsStorefrontAssetStore/survey/Deb.survey.css" />
+			<test url="http://www.debenhams.com/wcsstore/DebenhamsUKSite/css/pages/non-furniture-tcat.css" />
+			<test url="http://www.debenhams.com/wcsstore/DebenhamsUKSite/faq/delivery_and_collection_information/late_deliveries.html" />
+			<test url="http://www.debenhams.com/wcsstore/DebenhamsUKSite/faq/home.html" /><!--	mixed images -->
+			<test url="http://www.debenhams.com/wcsstore/DebenhamsUKSite/faq/legal_information/privacy_policy.html" />
+			<test url="http://www.debenhams.com/wcsstore/DebenhamsUKSite/faq/our_terms_and_conditions/privacy_policy.html" /><!--	mixed image -->
+
+		<test url="http://image.e.debenhams.com/lib/fe9915707d62057f71/m/1/20140124_Email-sign-up_NEW.jpg" />
+
+		<!--	Mixed images:
+					-->
+		<!--test url="http://pages.e.debenhams.com/page.aspx?email=&amp;fo=homepageSubscription&amp;QS=773ed3059447707dd5aead926c577512fc41330e500c5a0c04cd2e26b05515ac" /-->
+
+	<!--	Complications:
+				-->
+	<target host="debenhams.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.debenhams\.com$" name="^SSLB$" /-->
+	<!--securecookie host="^int\.debenhams\.com$" name="^WC_(?:AUTHENTICATION_\d+|GENERIC_ACTIVITYDATA|USERACTIVITY_-?\d+)$" /-->
+	<!--securecookie host="^\.www\.debenhams\.com$" name="^origin_dc$" /-->
+
+	<securecookie host="^\." name="^s_(?:per|ses)s$" />
+
+
+	<rule from="^http://debenhams\.com/"
+		to="https://www.debenhams.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/deborahrfowler.com.xml b/src/chrome/content/rules/deborahrfowler.com.xml
new file mode 100644
index 000000000000..c314a7b8faf1
--- /dev/null
+++ b/src/chrome/content/rules/deborahrfowler.com.xml
@@ -0,0 +1,18 @@
+<!--
+	Invalid certificate:
+		ftp.deborahrfowler.com
+
+	Refused:
+		localhost.deborahrfowler.com
+-->
+<ruleset name="deborahrfowler.com">
+	<target host="deborahrfowler.com" />
+	<target host="www.deborahrfowler.com" />
+	<target host="autodiscover.deborahrfowler.com" />
+	<target host="cpanel.deborahrfowler.com" />
+	<target host="mail.deborahrfowler.com" />
+	<target host="webdisk.deborahrfowler.com" />
+	<target host="webmail.deborahrfowler.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/debugconnection.xml b/src/chrome/content/rules/debugconnection.xml
new file mode 100644
index 000000000000..487cf0c829e3
--- /dev/null
+++ b/src/chrome/content/rules/debugconnection.xml
@@ -0,0 +1,6 @@
+<ruleset name="debugconnection.com">
+        <target host="debugconnection.com" />
+        <target host="www.debugconnection.com" />
+
+        <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/decc.gov.uk.xml b/src/chrome/content/rules/decc.gov.uk.xml
new file mode 100644
index 000000000000..183ea1247483
--- /dev/null
+++ b/src/chrome/content/rules/decc.gov.uk.xml
@@ -0,0 +1,222 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://econsultation.decc.gov.uk/ => https://econsultation.decc.gov.uk/: (28, 'Connection timed out after 20000 milliseconds')
+
+	Department of Energy and Climate Change
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *decc.gov.uk:
+
+		- gdcashback ⁴
+		- ghgi ᵈ
+		- my2050 ʳ
+		- tools ⁴
+
+	⁴ 404
+	ᵈ Dropped
+	ʳ Refused
+
+
+	Problematic hosts in *decc.gov.uk:
+
+		- ^ ⁴
+		- aka-etl ᵐ
+		- backclimateaction * ⁴
+		- blog ᵐ
+		- ceo ᵐ
+		- chp ᵐ
+		- chpqa ᵐ
+		- chptools ᵐ
+		- (www.)?coal ᵐ
+		- corwm ᵐ
+		- gdorb ᵉ ᵐ ˢ
+		- mrws ᵐ
+		- og ᵐ
+		- www.og ᵏ
+		- restats ᵐ
+		- www ᵐ
+
+	* Expired, mismatched, and self-signed redirect destination
+	⁴ 404, preemptable redirect
+	ᵉ Expired
+	ᵏ Revoked
+	ᵐ Mismatched
+	ˢ Self-signed
+
+
+	Partially covered hosts in *decc.gov.uk:
+
+		- ^ *
+		- aka-etl *
+		- blog *
+		- ceo *
+		- chp *
+		- chpqa *
+		- chptools *
+		- (www.)?coal *
+		- corwm *
+		- mrws *
+		- og *
+		- restats *
+		- www *
+
+	* Not all paths redirect
+
+
+	These altnames do not exist:
+
+		- econsultation.decc.gov.uk
+
+
+	Insecure cookies are set for these hosts:
+
+		- gdorb.decc.gov.uk
+
+-->
+<ruleset name="DECC.gov.uk (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="econsultation.decc.gov.uk" />
+	<target host="etl.decc.gov.uk" />
+	<target host="etltest.decc.gov.uk" />
+	<target host="itportal.decc.gov.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="decc.gov.uk" />
+	<target host="aka-etl.decc.gov.uk" />
+	<target host="blog.decc.gov.uk" />
+	<target host="ceo.decc.gov.uk" />
+	<target host="chp.decc.gov.uk" />
+	<target host="chpqa.decc.gov.uk" />
+	<target host="chptools.decc.gov.uk" />
+	<target host="coal.decc.gov.uk" />
+	<target host="corwm.decc.gov.uk" />
+	<target host="mrws.decc.gov.uk" />
+	<target host="og.decc.gov.uk" />
+	<target host="restats.decc.gov.uk" />
+	<target host="www.decc.gov.uk" />
+
+		<!--	/*\w does not redirect:
+						-->
+		<exclusion pattern="^http://(?:(?:aka-etl|blog|ceo|chp|chpqa|chptools|coal|www\.coal|corwm|mrws|og|restats|www)\.)?decc\.gov\.uk/(?!/*(?:$|\?))" />
+
+			<!--	See below respective rules for negative cases.
+
+				+ve:
+					-->
+			<test url="http://aka-etl.decc.gov.uk/etl/claim" />
+			<test url="http://blog.decc.gov.uk/2014/05/16/wetland-biomass-to-bioenergy-enters-its-final-phase/" />
+			<test url="http://blog.decc.gov.uk/2014/08/21/green-deal-statistical-release/" />
+			<test url="http://ceo.decc.gov.uk/default.aspx" />
+			<test url="http://chp.decc.gov.uk/cms/chp-finance" />
+			<test url="http://chp.decc.gov.uk/cms/environmental-4" />
+			<test url="http://chpqa.decc.gov.uk/chpqa-documents/" />
+			<test url="http://chptools.decc.gov.uk/developmentmap/" />
+			<test url="http://coal.decc.gov.uk/en/coal/cms/publications/annual_report/annual_report.aspx" />
+			<test url="http://coal.decc.gov.uk/services/licensing/modeldocuments.cfm" />
+			<test url="http://corwm.decc.gov.uk/documentstore/advancedsearch.aspx" />
+			<test url="http://decc.gov.uk/2050" />
+			<test url="http://mrws.decc.gov.uk/en/mrws/cms/home/What_is_geolog/What_is_geolog.aspx" />
+			<test url="http://og.decc.gov.uk/en/olgs/cms/data_maps/data_maps.aspx" />
+			<test url="http://restats.decc.gov.uk/cms/planning-database/" />
+			<test url="http://www.coal.decc.gov.uk/services/planning" />
+			<test url="http://www.decc.gov.uk/mead" />
+			<test url="http://www.decc.gov.uk/severntidalpower" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^gdorb\.decc\.gov\.uk$" name="^[\da-f]{32}$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<!--	Redirect drops forward slash and args:
+							-->
+	<rule from="^http://(?:www\.)?decc\.gov\.uk/.*"
+		to="https://www.gov.uk/government/organisations/department-of-energy-climate-change" />
+
+	<!--	Redirect drops forward slash and args:
+							-->
+	<rule from="^http://aka-etl\.decc\.gov\.uk/.*"
+		to="https://www.gov.uk/energy-technology-list" />
+
+		<test url="http://aka-etl.decc.gov.uk/?" />
+
+	<!--	Redirect drops forward slash and args:
+							-->
+	<rule from="^http://blog\.decc\.gov\.uk/.*"
+		to="https://decc.blog.gov.uk/" />
+
+		<test url="http://blog.decc.gov.uk/?" />
+
+	<!--	Redirect drops forward slash and args:
+							-->
+	<rule from="^http://ceo\.decc\.gov\.uk/.*"
+		to="https://www.gov.uk/community-energy" />
+
+		<test url="http://ceo.decc.gov.uk/?" />
+
+	<!--	Redirect drops forward slash and args:
+							-->
+	<rule from="^http://chp\.decc\.gov\.uk/.*"
+		to="https://www.gov.uk/combined-heat-and-power" />
+
+		<test url="http://chp.decc.gov.uk/?" />
+
+	<!--	Redirect drops forward slash and args:
+							-->
+	<rule from="^http://chpqa\.decc\.gov\.uk/.*"
+		to="https://www.gov.uk/combined-heat-power-quality-assurance-programme" />
+
+		<test url="http://chpqa.decc.gov.uk/?" />
+
+	<!--	Redirect drops forward slash and args:
+							-->
+	<rule from="^http://chptools\.decc\.gov\.uk/.*"
+		to="https://www.gov.uk/government/publications/combined-heat-and-power-chp-technology" />
+
+		<test url="http://chptools.decc.gov.uk/?" />
+
+	<!--	Redirect drops forward slash and args:
+							-->
+	<rule from="^http://(?:www\.)?coal\.decc\.gov\.uk/.*"
+		to="https://www.gov.uk/government/organisations/the-coal-authority" />
+
+	<!--	Redirect drops forward slash and args:
+							-->
+	<rule from="^http://corwm\.decc\.gov\.uk/.*"
+		to="https://www.gov.uk/government/organisations/committee-on-radioactive-waste-management" />
+
+		<test url="http://corwm.decc.gov.uk/?" />
+
+	<!--	Redirect drops forward slash and args:
+							-->
+	<rule from="^http://mrws\.decc\.gov\.uk/.*"
+		to="https://www.gov.uk/government/policies/managing-the-use-and-disposal-of-radioactive-and-nuclear-substances-and-waste" />
+
+		<test url="http://mrws.decc.gov.uk/?" />
+
+	<!--	Redirect drops forward slash and args:
+							-->
+	<rule from="^http://og\.decc\.gov\.uk/.*"
+		to="https://www.gov.uk/government/organisations/department-of-energy-climate-change" />
+
+		<test url="http://og.decc.gov.uk/?" />
+
+	<!--	Redirect drops forward slash and args:
+							-->
+	<rule from="^http://restats\.decc\.gov\.uk/.*"
+		to="https://www.gov.uk/government/collections/renewables-statistics" />
+
+		<test url="http://restats.decc.gov.uk/?" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/decentraleyes.org.xml b/src/chrome/content/rules/decentraleyes.org.xml
new file mode 100644
index 000000000000..53cddfca30dd
--- /dev/null
+++ b/src/chrome/content/rules/decentraleyes.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="decentraleyes.org">
+	<target host="decentraleyes.org" />
+	<target host="www.decentraleyes.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/decidethefuture.org.xml b/src/chrome/content/rules/decidethefuture.org.xml
new file mode 100644
index 000000000000..a914688e08a4
--- /dev/null
+++ b/src/chrome/content/rules/decidethefuture.org.xml
@@ -0,0 +1,15 @@
+<!--
+	For other Fight for the Future coverage, see Fight-for-the-Future.xml.
+
+-->
+<ruleset name="Decide the Future.org">
+
+	<target host="decidethefuture.org" />
+	<target host="www.decidethefuture.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/deciso.com.xml b/src/chrome/content/rules/deciso.com.xml
new file mode 100644
index 000000000000..5b769ce518ac
--- /dev/null
+++ b/src/chrome/content/rules/deciso.com.xml
@@ -0,0 +1,24 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- deciso.com
+		- www.deciso.com
+
+-->
+<ruleset name="Deciso.com">
+
+	<target host="deciso.com" />
+	<target host="www.deciso.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?deciso\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/defacto2.net.xml b/src/chrome/content/rules/defacto2.net.xml
new file mode 100644
index 000000000000..66567ae96568
--- /dev/null
+++ b/src/chrome/content/rules/defacto2.net.xml
@@ -0,0 +1,6 @@
+<ruleset name="defacto2.net">
+	<target host="defacto2.net" />
+	<target host="www.defacto2.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/defendingrussia.ru.xml b/src/chrome/content/rules/defendingrussia.ru.xml
new file mode 100644
index 000000000000..e5046edd4af8
--- /dev/null
+++ b/src/chrome/content/rules/defendingrussia.ru.xml
@@ -0,0 +1,8 @@
+<!--en. mismatch
+ad. mismatch
+3d. mismatch-->
+<ruleset name="defendingrussia.ru">
+	<target host="defendingrussia.ru" />
+	<target host="www.defendingrussia.ru" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/dei.gr.xml b/src/chrome/content/rules/dei.gr.xml
new file mode 100644
index 000000000000..8f3f3def010a
--- /dev/null
+++ b/src/chrome/content/rules/dei.gr.xml
@@ -0,0 +1,9 @@
+<ruleset name="dei.gr">
+	<target host="elearning.dei.gr" />
+	<target host="sapwasrmprd.dei.gr" />
+	<target host="www.dei.gr" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/delfi.lv.xml b/src/chrome/content/rules/delfi.lv.xml
new file mode 100644
index 000000000000..9fe48f81e175
--- /dev/null
+++ b/src/chrome/content/rules/delfi.lv.xml
@@ -0,0 +1,148 @@
+<!--
+delfi.lv ⁶
+www.delfi.lv ⁶
+118.delfi.lv ⁶
+1188.delfi.lv ⁶
+a.delfi.lv ⁶
+aculiecinieks.delfi.lv ⁶
+m.aculiecinieks.delfi.lv ¹
+admp-tc.delfi.lv ²
+ado1.delfi.lv ⁶
+ado2.delfi.lv ⁶
+apps.delfi.lv ⁵
+atverskapi.delfi.lv ³
+beta.atverskapi.delfi.lv ¹
+auto.delfi.lv ⁶
+m.auto.delfi.lv ¹
+auto-tehnika.delfi.lv ⁶
+autosports.delfi.lv ⁶
+avto.delfi.lv ⁶
+bd5.delfi.lv ⁶
+biznes.delfi.lv ⁶
+m.biznes.delfi.lv ¹
+bizness.delfi.lv ⁶
+m.bizness.delfi.lv ¹
+burbulis.delfi.lv ⁶
+calis.delfi.lv ³
+www.calis.delfi.lv ¹
+virtuve.calis.delfi.lv ³
+celojumi.delfi.lv ⁶
+cccccc.dddddddd.com.delfi.lv ¹
+davanas.delfi.lv ⁶
+deal.delfi.lv ³
+nagios.dev.delfi.lv ³
+dictionary.delfi.lv ⁶
+domsad.delfi.lv ⁶
+f1.delfi.lv ⁶
+flirt.delfi.lv ⁶
+flirts.delfi.lv ⁶
+forte.delfi.lv ⁶
+forums.delfi.lv ⁶
+www.gadafoto.delfi.lv ³
+header.delfi.lv ⁶
+horoscopes.delfi.lv ⁴
+htmlwww.delfi.lv ⁶
+iepazisanas.delfi.lv ⁴
+internetatv.delfi.lv ⁶
+intranet.delfi.lv ³
+izklaide.delfi.lv ⁶
+m.izklaide.delfi.lv ¹
+jaunumi.delfi.lv ⁴
+kultura.delfi.lv ⁶
+m.kultura.delfi.lv ¹
+labsserviss.delfi.lv ¹
+lacplesis.delfi.lv ³
+laika-zinas.delfi.lv ⁶
+loli.delfi.lv ⁶
+rwort.luus.delfi.lv ¹
+lvwww.delfi.lv ⁶
+m.delfi.lv ⁶
+mail.delfi.lv ⁶
+maintenance.delfi.lv ⁶
+majadarzs.delfi.lv ⁶
+mango.delfi.lv ⁶
+manstv.delfi.lv ⁴
+mx-b.delfi.lv ³
+mytv.delfi.lv ⁴
+neo.delfi.lv ³
+www.neo.delfi.lv ³
+uprs.neo.delfi.lv ³
+netbook.delfi.lv ¹
+ns2.delfi.lv ³
+otrapuse.delfi.lv ¹
+prikol.delfi.lv ⁶
+prodai.delfi.lv ⁶
+prognoz-pogody.delfi.lv ⁶
+programma.delfi.lv ⁶
+sony-baltic.qwebiz.delfi.lv ¹
+radamnovadam.delfi.lv ⁴
+reales.delfi.lv ³
+reklama.delfi.lv ⁶
+rus.reklama.delfi.lv ¹
+reporter.delfi.lv ⁶
+riki.delfi.lv ⁶
+ru.delfi.lv ⁶
+rud.delfi.lv ⁶
+rus.delfi.lv ⁶
+www.rus.delfi.lv ¹
+m.rus.delfi.lv ¹
+rusblogi.delfi.lv ⁶
+m.ruwoman.delfi.lv ¹
+showtime.delfi.lv ⁶
+skats.delfi.lv ⁶
+smart.delfi.lv ⁶
+special.delfi.lv ⁶
+spektr.delfi.lv ⁵
+speles.delfi.lv ⁴
+sport.delfi.lv ⁶
+sports.delfi.lv ⁶
+stan.delfi.lv ³
+t.delfi.lv ³
+tchk.delfi.lv ⁶
+tech.delfi.lv ⁶
+test.delfi.lv ⁶
+dcdb.test.delfi.lv non-2xx http code
+tobook.delfi.lv ³
+toolbox.delfi.lv ⁶
+translate.delfi.lv ⁶
+turgid.delfi.lv ⁶
+turismagids.delfi.lv ⁶
+tv.delfi.lv ⁶
+tv-programma.delfi.lv ⁶
+m.tv-programma.delfi.lv ¹
+m.tvguide.delfi.lv ¹
+v.delfi.lv ⁶
+vcp.delfi.lv ⁶
+vera.delfi.lv ⁶
+vina.delfi.lv ⁶
+m.woman.delfi.lv ¹
+ww.delfi.lv ⁶
+y.delfi.lv ⁶
+zave.delfi.lv ⁶
+znakomstva.delfi.lv ⁴
+id.delfi.lv mixed content
+
+
+¹ mismatch
+² refused
+³ timed out
+⁴ self signed
+⁵ expired
+⁶ redirect
+-->
+<ruleset name="delfi.lv (partial)">
+	<target host="adocean.delfi.lv" />
+	<target host="b.atverskapi.delfi.lv" />
+	<target host="cws.delfi.lv" />
+	<target host="foto.delfi.lv" />
+	<target host="ftp.delfi.lv" />
+	<target host="g.delfi.lv" />
+	<target host="lb.delfi.lv" />
+	<target host="admin.lb.delfi.lv" />
+	<target host="update.lb.delfi.lv" />
+	<target host="q.delfi.lv" />
+	<target host="whale.delfi.lv" />
+	<target host="zaveadmin.delfi.lv" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/delimobil.ru.xml b/src/chrome/content/rules/delimobil.ru.xml
new file mode 100644
index 000000000000..c155128296b0
--- /dev/null
+++ b/src/chrome/content/rules/delimobil.ru.xml
@@ -0,0 +1,28 @@
+<!--
+customers.delimobil.ru ⁴
+docs.delimobil.ru ⁴
+rgtw.delimobil.ru ³
+telebot.delimobil.ru ⁴
+wiki.delimobil.ru ³
+zabbix.delimobil.ru ³
+
+
+³ timed out
+⁴ self signed
+-->
+<ruleset name="delimobil.ru">
+	<target host="delimobil.ru" />
+	<target host="www.delimobil.ru" />
+	<target host="aeroflot.delimobil.ru" />
+	<target host="www.aeroflot.delimobil.ru" />
+	<target host="car.delimobil.ru" />
+	<target host="www.car.delimobil.ru" />
+	<target host="daily.delimobil.ru" />
+	<target host="www.daily.delimobil.ru" />
+	<target host="oblaka.delimobil.ru" />
+	<target host="www.oblaka.delimobil.ru" />
+	<target host="promo.delimobil.ru" />
+	<target host="vcs.delimobil.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/deliverydom.com.xml b/src/chrome/content/rules/deliverydom.com.xml
new file mode 100644
index 000000000000..f6421501b9c2
--- /dev/null
+++ b/src/chrome/content/rules/deliverydom.com.xml
@@ -0,0 +1,27 @@
+<!--
+	(www.)?deliverydom.com does not exist.
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- go.deliverydom.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="deliverydom.com">
+
+	<target host="go.deliverydom.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^go\.deliverydom\.com$" name="^OAGEO\d+$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/dellin.ru.xml b/src/chrome/content/rules/dellin.ru.xml
new file mode 100644
index 000000000000..772dd746097d
--- /dev/null
+++ b/src/chrome/content/rules/dellin.ru.xml
@@ -0,0 +1,90 @@
+<ruleset name="Delovie Linii (transport company)">
+	<target host="dellin.ru" />
+	<target host="*.dellin.ru" />
+	<securecookie host="(.+\.)?dellin\.ru$" name=".+" />
+	<rule from="^http:" to="https:" />
+
+	<exclusion pattern="^http://m\.dellin\.ru/.*" />
+
+	<test url="http://www.dellin.ru/" />
+
+	<test url="http://m.dellin.ru/" />
+	<test url="http://m.dellin.ru/tracker" />
+
+	<test url="http://abakan.dellin.ru/" />
+	<test url="http://adler.dellin.ru/" />
+	<test url="http://angarsk.dellin.ru/" />
+	<test url="http://arkhangelsk.dellin.ru/" />
+	<test url="http://astrakhan.dellin.ru/" />
+	<test url="http://barnaul.dellin.ru/" />
+	<test url="http://belgorod.dellin.ru/" />
+	<test url="http://blagoveshchensk.dellin.ru/" />
+	<test url="http://bratsk.dellin.ru/" />
+	<test url="http://bryansk.dellin.ru/" />
+	<test url="http://bugulma.dellin.ru/" />
+	<test url="http://cheboksary.dellin.ru/" />
+	<test url="http://chelyabinsk.dellin.ru/" />
+	<test url="http://cherepovets.dellin.ru/" />
+	<test url="http://chita.dellin.ru/" />
+	<test url="http://dzerzhinsk.dellin.ru/" />
+	<test url="http://ekaterinburg.dellin.ru/" />
+	<test url="http://irkutsk.dellin.ru/" />
+	<test url="http://ivanovo.dellin.ru/" />
+	<test url="http://izhevsk.dellin.ru/" />
+	<test url="http://kaliningrad.dellin.ru/" />
+	<test url="http://kaluga.dellin.ru/" />
+	<test url="http://kazan.dellin.ru/" />
+	<test url="http://kemerovo.dellin.ru/" />
+	<test url="http://khabarovsk.dellin.ru/" />
+	<test url="http://kirov.dellin.ru/" />
+	<test url="http://kolomna.dellin.ru/" />
+	<test url="http://krasnoyarsk.dellin.ru/" />
+	<test url="http://kurgan.dellin.ru/" />
+	<test url="http://kursk.dellin.ru/" />
+	<test url="http://lipetsk.dellin.ru/" />
+	<test url="http://magnitogorsk.dellin.ru/" />
+	<test url="http://miass.dellin.ru/" />
+	<test url="http://murmansk.dellin.ru/" />
+	<test url="http://murom.dellin.ru/" />
+	<test url="http://naberezhnye-chelny.dellin.ru/" />
+	<test url="http://nizhnevartovsk.dellin.ru/" />
+	<test url="http://noginsk.dellin.ru/" />
+	<test url="http://novorossiysk.dellin.ru/" />
+	<test url="http://novosibirsk.dellin.ru/" />
+	<test url="http://omsk.dellin.ru/" />
+	<test url="http://orel.dellin.ru/" />
+	<test url="http://orenburg.dellin.ru/" />
+	<test url="http://orsk.dellin.ru/" />
+	<test url="http://penza.dellin.ru/" />
+	<test url="http://perm.dellin.ru/" />
+	<test url="http://petrozavodsk.dellin.ru/" />
+	<test url="http://podolsk.dellin.ru/" />
+	<test url="http://pskov.dellin.ru/" />
+	<test url="http://ryazan.dellin.ru/" />
+	<test url="http://rybinsk.dellin.ru/" />
+	<test url="http://samara.dellin.ru/" />
+	<test url="http://saransk.dellin.ru/" />
+	<test url="http://saratov.dellin.ru/" />
+	<test url="http://serpukhov.dellin.ru/" />
+	<test url="http://smolensk.dellin.ru/" />
+	<test url="http://sochi.dellin.ru/" />
+	<test url="http://spb.dellin.ru/" />
+	<test url="http://sterlitamak.dellin.ru/" />
+	<test url="http://syzran.dellin.ru/" />
+	<test url="http://tambov.dellin.ru/" />
+	<test url="http://tolyatti.dellin.ru/" />
+	<test url="http://tomilino.dellin.ru/" />
+	<test url="http://tomsk.dellin.ru/" />
+	<test url="http://tver.dellin.ru/" />
+	<test url="http://tyumen.dellin.ru/" />
+	<test url="http://ufa.dellin.ru/" />
+	<test url="http://ulyanovsk.dellin.ru/" />
+	<test url="http://vladivostok.dellin.ru/" />
+	<test url="http://volgodonsk.dellin.ru/" />
+	<test url="http://volgograd.dellin.ru/" />
+	<test url="http://vologda.dellin.ru/" />
+	<test url="http://volzhskiy.dellin.ru/" />
+	<test url="http://voronezh.dellin.ru/" />
+	<test url="http://yaroslavl.dellin.ru/" />
+	<test url="http://zelenograd.dellin.ru/" />
+</ruleset>
diff --git a/src/chrome/content/rules/delovoe.tv.xml b/src/chrome/content/rules/delovoe.tv.xml
new file mode 100644
index 000000000000..5b11303aed52
--- /dev/null
+++ b/src/chrome/content/rules/delovoe.tv.xml
@@ -0,0 +1,178 @@
+<!--
+administraciya-sankt-pe.delovoe.tv ¹
+ak-rossiya.delovoe.tv ¹
+arbitrazhnij-sud.delovoe.tv ¹
+arhitekturnaya-mastersk.delovoe.tv ¹
+ashan.delovoe.tv ¹
+aviacionnaya-kompaniya.delovoe.tv ¹
+avtopark-1-spectrans.delovoe.tv ¹
+bmg.delovoe.tv ¹
+bukvoed.delovoe.tv ¹
+cbr.delovoe.tv ¹
+chupa-chups.delovoe.tv ¹
+colliers-international.delovoe.tv ¹
+el-dorado.delovoe.tv ¹
+evroset.delovoe.tv ¹
+farmakor.delovoe.tv ¹
+fond-imuschestva.delovoe.tv ¹
+ford.delovoe.tv ¹
+gapi.delovoe.tv ¹
+general-motors-auto.delovoe.tv ¹
+general-naya-stroitel-n.delovoe.tv ¹
+ginza-project.delovoe.tv ¹
+gorelektrotrans.delovoe.tv ¹
+gorodskoj-centr-avtosto.delovoe.tv ¹
+gruppa-kompanij-razmah.delovoe.tv ¹
+gruppa-lsr.delovoe.tv ¹
+gruppa-transojl.delovoe.tv ¹
+gu-mvd-rf-spb-i-lo.delovoe.tv ¹
+gup-passazhiravtotrans.delovoe.tv ¹
+gup-tek.delovoe.tv ¹
+heineken.delovoe.tv ¹
+hejneken.delovoe.tv ¹
+hh-ru.delovoe.tv ¹
+hk-forum.delovoe.tv ¹
+hk-parnas.delovoe.tv ¹
+hlebnij-dom.delovoe.tv ¹
+holding-korporaciya-sbr.delovoe.tv ¹
+ifk-trojka-dialog.delovoe.tv ¹
+ikea-dibenko.delovoe.tv ¹
+ilim-palp-enterprajz.delovoe.tv ¹
+infekcionnaya-bol-nica.delovoe.tv ¹
+intarsiya.delovoe.tv ¹
+it-people.delovoe.tv ¹
+kerppit.delovoe.tv ¹
+kga.delovoe.tv ¹
+kgiop.delovoe.tv ¹
+kirovskij-zavod.delovoe.tv ¹
+kom-t-po-blagoustrojstv.delovoe.tv ¹
+komitet-po-obrazovaniyu.delovoe.tv ¹
+komitet-po-razvitiyu-tr.delovoe.tv ¹
+komitet-po-stroitelstvu.delovoe.tv ¹
+komitet-po-transportu.delovoe.tv ¹
+komp-yuternij-mir.delovoe.tv ¹
+kompaniya-yunimilk.delovoe.tv ¹
+konkord-menedzhment.delovoe.tv ¹
+konsorcium-al-fa-grupp.delovoe.tv ¹
+kugi.delovoe.tv ¹
+l1.delovoe.tv ¹
+labirintum.delovoe.tv ¹
+lengazspecstroj.delovoe.tv ¹
+lengiproinzhproekt.delovoe.tv ¹
+lenspecsmu.delovoe.tv ¹
+licedei.delovoe.tv ¹
+liviz.delovoe.tv ¹
+makromir.delovoe.tv ¹
+makroregional-nij-filia.delovoe.tv ¹
+maksidom-1.delovoe.tv ¹
+mchs-lo.delovoe.tv ¹
+mchs-spb.delovoe.tv ¹
+metrostroj.delovoe.tv ¹
+minoboroni.delovoe.tv ¹
+morport.delovoe.tv ¹
+mostostroitel-nij-trest.delovoe.tv ¹
+mostotrest.delovoe.tv ¹
+nacional-naya-media-gru.delovoe.tv ¹
+neste-spb.delovoe.tv ¹
+nipc-genplana.delovoe.tv ¹
+oao-asfal-tobetonnij-za.delovoe.tv ¹
+oao-rzhd.delovoe.tv ¹
+odnoklassniki-ru.delovoe.tv ¹
+ohtinskoe.delovoe.tv ¹
+ooo-srv-development.delovoe.tv ¹
+ooo-stroitel-nij-holdin.delovoe.tv ¹
+ooo-tehnosila.delovoe.tv ¹
+ooo-upravlyayuschaya-ko.delovoe.tv ¹
+openbank.delovoe.tv ¹
+orkla-brends-rossiya.delovoe.tv ¹
+otkritoe-akcionernoe-ob.delovoe.tv ¹
+ozd.delovoe.tv ¹
+peterburgskoe-metro.delovoe.tv ¹
+peterstar.delovoe.tv ¹
+petmol.delovoe.tv ¹
+petrovich.delovoe.tv ¹
+pgups.delovoe.tv ¹
+pk-baltika.delovoe.tv ¹
+plemennoj-zavod-ruch-i.delovoe.tv ¹
+pmi.delovoe.tv ¹
+pochta-rossii.delovoe.tv ¹
+politeh.delovoe.tv ¹
+polushka.delovoe.tv ¹
+pravitel-stvo-lo.delovoe.tv ¹
+prirodoohrannaya-prokur.delovoe.tv ¹
+profit.delovoe.tv ¹
+prokuratura-metropolite.delovoe.tv ¹
+prokuratura-po-nadzoru.delovoe.tv ¹
+prokuratura-spb.delovoe.tv ¹
+pulkovo.delovoe.tv ¹
+ragrad-video.delovoe.tv ¹
+rajffajzenbank.delovoe.tv ¹
+roo-sankt-peterburgskay.delovoe.tv ¹
+rostehnologii.delovoe.tv ¹
+rsa.delovoe.tv ¹
+russkie-samocveti.delovoe.tv ¹
+s-z-filial-megafon.delovoe.tv ¹
+sberbank-rossii.delovoe.tv ¹
+sberbank-rossii-spb.delovoe.tv ¹
+setl-group.delovoe.tv ¹
+severo-zapadnij-regiona.delovoe.tv ¹
+silovie-mashini.delovoe.tv ¹
+sinyavinskaya.delovoe.tv ¹
+skaj-link-severo-zapad.delovoe.tv ¹
+soyuz-fermerov-spb-i-lo.delovoe.tv ¹
+spb-cdzh.delovoe.tv ¹
+spb-fas.delovoe.tv ¹
+spb-filial-vimpelkom.delovoe.tv ¹
+spb-gku-ciogd.delovoe.tv ¹
+spb-renovaciya.delovoe.tv ¹
+spbghpa-shtiglica.delovoe.tv ¹
+spbgma.delovoe.tv ¹
+spbgmu-pavlova.delovoe.tv ¹
+spbgu.delovoe.tv ¹
+stepan-razin.delovoe.tv ¹
+stockmann.delovoe.tv ¹
+studiya-rws-spb.delovoe.tv ¹
+super-dzhob.delovoe.tv ¹
+surgutneftegaz.delovoe.tv ¹
+szgmu-im-mechnikova.delovoe.tv ¹
+sztu-fts-rossii.delovoe.tv ¹
+td-era.delovoe.tv ¹
+teatr-estradi-imeni-ark.delovoe.tv ¹
+tehnoshok.delovoe.tv ¹
+tele2-spb.delovoe.tv ¹
+terraon.delovoe.tv ¹
+tkt.delovoe.tv ¹
+trest-grii.delovoe.tv ¹
+ufns-rossii-po-spb.delovoe.tv ¹
+ufsb-po-spb-i-lo.delovoe.tv ¹
+vkontakte.delovoe.tv ¹
+vma-im-kirova.delovoe.tv ¹
+vodohod.delovoe.tv ¹
+vodokanal.delovoe.tv ¹
+voenno-kosmicheskaya-ak.delovoe.tv ¹
+vozdushnie-vorota-sever.delovoe.tv ¹
+vtb24.delovoe.tv ¹
+vgk.delovoe.tv ¹
+waterville.delovoe.tv ¹
+x5-retail-group-n-v.delovoe.tv ¹
+yandex.delovoe.tv ¹
+yuit-sankt-peterburg.delovoe.tv ¹
+yunimilk.delovoe.tv ¹
+yutejr.delovoe.tv ¹
+zao-mfk-dzhamil-ko.delovoe.tv ¹
+zao-nienshanc.delovoe.tv ¹
+zao-pervaya-mebel-naya.delovoe.tv ¹
+zao-torgovij-dom-perekr.delovoe.tv ¹
+zdrav.delovoe.tv ¹
+zelenaya-lampa.delovoe.tv ¹
+zhilischnij-komitet.delovoe.tv ¹
+
+
+¹ mismatch
+-->
+<ruleset name="delovoe.tv">
+	<target host="delovoe.tv" />
+	<target host="www.delovoe.tv" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/democracyclub.org.uk.xml b/src/chrome/content/rules/democracyclub.org.uk.xml
new file mode 100644
index 000000000000..41d27edbf17a
--- /dev/null
+++ b/src/chrome/content/rules/democracyclub.org.uk.xml
@@ -0,0 +1,20 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.democracyclub.org.uk/ => https://www.democracyclub.org.uk/: (52, 'Empty reply from server')
+
+-->
+<ruleset name="Democracy Club.org.uk" default_off="failed ruleset test">
+
+	<target host="democracyclub.org.uk" />
+	<target host="candidates.democracyclub.org.uk" />
+	<target host="www.democracyclub.org.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/democracyos.org.xml b/src/chrome/content/rules/democracyos.org.xml
new file mode 100644
index 000000000000..13d24b2e4f90
--- /dev/null
+++ b/src/chrome/content/rules/democracyos.org.xml
@@ -0,0 +1,18 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://app.democracyos.org/ => https://app.democracyos.org/: (60, 'SSL certificate problem: certificate has expired')
+
+democracyos.org ¹
+www.democracyos.org ¹
+blog.democracyos.org ¹
+docs.democracyos.org ¹
+
+
+¹ mismatch
+-->
+<ruleset name="democracyos.org (partial)" default_off="failed ruleset test">
+	<target host="app.democracyos.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/democrator.ru.xml b/src/chrome/content/rules/democrator.ru.xml
new file mode 100644
index 000000000000..ad01a87f10e6
--- /dev/null
+++ b/src/chrome/content/rules/democrator.ru.xml
@@ -0,0 +1,6 @@
+<ruleset name="democrator.ru">
+	<target host="democrator.ru" />
+	<target host="www.democrator.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/demonoid.cc.xml b/src/chrome/content/rules/demonoid.cc.xml
new file mode 100644
index 000000000000..26fcd9c0c75b
--- /dev/null
+++ b/src/chrome/content/rules/demonoid.cc.xml
@@ -0,0 +1,21 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://demonoid.cc/ => https://demonoid.cc/: (35, 'Unknown SSL protocol error in connection to demonoid.cc:443 ')
+Fetch error: http://www.demonoid.cc/ => https://www.demonoid.cc/: (51, "SSL: no alternative certificate subject name matches target host name 'www.demonoid.cc'")
+Fetch error: http://fora.demonoid.cc/ => https://fora.demonoid.cc/: (6, 'Could not resolve host: fora.demonoid.cc')
+
+inferno.demonoid.cc ²
+
+
+² refused
+-->
+<ruleset name="demonoid.cc" default_off="failed ruleset test">
+	<target host="demonoid.cc" />
+	<target host="www.demonoid.cc" />
+	<target host="fora.demonoid.cc" />
+	<target host="dnoid.me" />
+	<target host="www.dnoid.me" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/demozoo.org.xml b/src/chrome/content/rules/demozoo.org.xml
new file mode 100644
index 000000000000..5d9e9ffcee16
--- /dev/null
+++ b/src/chrome/content/rules/demozoo.org.xml
@@ -0,0 +1,27 @@
+<!--
+www.demozoo.org ¹
+gotpapers.demozoo.org ⁴
+wiki.oxhack.demozoo.org mixed content
+www.wiki.oxhack.demozoo.org mixed content
+
+
+¹ mismatch
+⁴ self signed
+-->
+<ruleset name="demozoo.org">
+	<target host="demozoo.org" />
+	<target host="antisocial.demozoo.org" />
+	<target host="www.antisocial.demozoo.org" />
+	<target host="fakeplasticcubes.demozoo.org" />
+	<target host="www.fakeplasticcubes.demozoo.org" />
+	<target host="media.demozoo.org" />
+	<target host="blog.oxhack.demozoo.org" />
+	<target host="www.blog.oxhack.demozoo.org" />
+
+	<target host="www.demozoo.org" />
+
+	<rule from="^http://www\.demozoo\.org/"
+		to="https://demozoo.org/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/deploybot.com.xml b/src/chrome/content/rules/deploybot.com.xml
new file mode 100644
index 000000000000..d11c9aac786c
--- /dev/null
+++ b/src/chrome/content/rules/deploybot.com.xml
@@ -0,0 +1,28 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://dploy.io/ => https://www.dploy.io/: (51, "SSL: no alternative certificate subject name matches target host name 'www.dploy.io'")
+Fetch error: http://dploy.io/ => https://www.dploy.io/: (51, "SSL: no alternative certificate subject name matches target host name 'www.dploy.io'")
+Fetch error: http://www.dploy.io/ => https://www.dploy.io/: (51, "SSL: no alternative certificate subject name matches target host name 'www.dploy.io'")
+
+status.deploybot.com mismatch
+support.deploybot.com mismatch
+dploy.io/: (52, 'Empty reply from server')
+support.dploy.io mismatch
+blog.dploy.io mismatch
+-->
+<ruleset name="deploybot.com" default_off="failed ruleset test">
+	<target host="deploybot.com" />
+	<target host="www.deploybot.com" />
+	<target host="login.deploybot.com" />
+	<target host="signup.deploybot.com" />
+	<target host="dploy.io" />
+	<target host="www.dploy.io" />
+
+	<rule from="^http://dploy\.io/"
+		to="https://www.dploy.io/" />
+
+	<test url="http://dploy.io/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/derbyshire.gov.uk.xml b/src/chrome/content/rules/derbyshire.gov.uk.xml
new file mode 100644
index 000000000000..3fdb8039617e
--- /dev/null
+++ b/src/chrome/content/rules/derbyshire.gov.uk.xml
@@ -0,0 +1,80 @@
+<!--
+	Derbyshire County Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *derbyshire.gov.uk:
+
+		- dcas ᵈ
+		- localoffer ᵈ
+		- search ᵈ
+		- splitapps ᵈ
+		- thehub ᵈ
+
+	ᵈ Dropped
+
+
+	Problematic hosts in *derbyshire.gov.uk:
+
+		- bline ᵈ
+		- derbyshiremaps ᵈ
+
+	ᵈ Dropped, preemptable redirect
+
+
+	Insecure cookies are set for these hosts:
+
+		- jobs.derbyshire.gov.uk
+		- maps.derbyshire.gov.uk
+		- observatory.derbyshire.gov.uk
+
+-->
+<ruleset name="Derbyshire.gov.uk (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="derbyshire.gov.uk" />
+	<target host="jobs.derbyshire.gov.uk" />
+	<target host="maps.derbyshire.gov.uk" />
+	<target host="observatory.derbyshire.gov.uk" />
+	<target host="www.derbyshire.gov.uk" />
+	<target host="your.derbyshire.gov.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="bline.derbyshire.gov.uk" />
+	<target host="derbyshiremaps.derbyshire.gov.uk" />
+
+		<!--	$ 403s, so:
+					-->
+		<test url="http://maps.derbyshire.gov.uk/connect/analyst/?mapcfg=portal" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^jobs\.derbyshire\.gov\.uk$" name="^ASPSESSIONID[A-Z]{8}$" /-->
+	<!--securecookie host="^maps\.derbyshire\.gov\.uk$" name="^JSESSIONID$" /-->
+	<!--securecookie host="^observatory\.derbyshire\.gov\.uk$" name="^(?:ASP\.NET_SessionId|ias\.Locale|ias\.PreferredItemCount)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<!--	Redirect drops all:
+					-->
+	<rule from="^http://bline\.derbyshire\.gov\.uk/.*"
+		to="https://derbyshireyouthinc.com/default.asp?rd=bline" />
+
+		<test url="http://bline.derbyshire.gov.uk/404.asp" />
+
+	<!--	Redirect drops all:
+					-->
+	<rule from="^http://derbyshiremaps\.derbyshire\.gov\.uk/.*"
+		to="https://www.derbyshire.gov.uk/council/partnerships/derbyshire_mapping_portal/" />
+
+		<test url="http://derbyshiremaps.derbyshire.gov.uk/launch_portal.asp?style=cbc" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/derbyshirealert.co.uk.xml b/src/chrome/content/rules/derbyshirealert.co.uk.xml
new file mode 100644
index 000000000000..1cb71db970bc
--- /dev/null
+++ b/src/chrome/content/rules/derbyshirealert.co.uk.xml
@@ -0,0 +1,13 @@
+<ruleset name="Derbyshire Alert.co.uk">
+
+	<target host="derbyshirealert.co.uk" />
+	<target host="www.derbyshirealert.co.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/derbyshireprepared.org.uk.xml b/src/chrome/content/rules/derbyshireprepared.org.uk.xml
new file mode 100644
index 000000000000..fd16b0bb83fe
--- /dev/null
+++ b/src/chrome/content/rules/derbyshireprepared.org.uk.xml
@@ -0,0 +1,35 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- derbyshireprepared.org.uk
+		- www.derbyshireprepared.org.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css from www.derbyshireprepared.org.uk ˢ
+		- Images from www.derbyshireprepared.org.uk ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Derbyshire Prepared.org.uk" platform="mixedcontent">
+
+	<target host="derbyshireprepared.org.uk" />
+	<target host="www.derbyshireprepared.org.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?derbyshireprepared\.org\.uk$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/derbyshireyouthinc.com.xml b/src/chrome/content/rules/derbyshireyouthinc.com.xml
new file mode 100644
index 000000000000..042d773eb00e
--- /dev/null
+++ b/src/chrome/content/rules/derbyshireyouthinc.com.xml
@@ -0,0 +1,27 @@
+<!--
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Insecure cookies are set for these hosts:
+
+		- derbyshireyouthinc.com
+		- www.derbyshireyouthinc.com
+
+-->
+<ruleset name="Derbyshire YouthInc.com">
+
+	<target host="derbyshireyouthinc.com" />
+	<target host="www.derbyshireyouthinc.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?derbyshireyouthinc\.com$" name="^ASPSESSIONID[A-Z]{8}$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/derstandard.at.xml b/src/chrome/content/rules/derstandard.at.xml
new file mode 100644
index 000000000000..c35bc5777c47
--- /dev/null
+++ b/src/chrome/content/rules/derstandard.at.xml
@@ -0,0 +1,37 @@
+<!--
+	Mismatch:
+		- meinparlament
+		- parship
+		- text
+		- tv
+-->
+<ruleset name="derStandard.at (partial)">
+	<target host="derstandard.at"/>
+	<target host="www.derstandard.at"/>
+	<target host="epaper.derstandard.at"/>
+	<target host="images.derstandard.at"/>
+	<target host="livestat.derstandard.at"/>
+	<target host="mobil.derstandard.at"/>
+
+	<rule from="^http:"
+		to="https:" />
+
+	<test url="http://derstandard.at/ajax/bottomnavinfo.ashx" />
+	<test url="http://mobil.derstandard.at/ajax/bottomnavinfo.ashx" />
+	<test url="http://www.derstandard.at/ajax/bottomnavinfo.ashx" />
+	<test url="http://derstandard.at/css/mobile/base.css" />
+	<test url="http://mobil.derstandard.at/css/mobile/base.css" />
+	<test url="http://www.derstandard.at/css/mobile/base.css" />
+	<test url="http://derstandard.at/img/ui/searchLupe.gif" />
+	<test url="http://mobil.derstandard.at/img/ui/searchLupe.gif" />
+	<test url="http://www.derstandard.at/img/ui/searchLupe.gif" />
+	<test url="http://derstandard.at/js/fixedfixed.js" />
+	<test url="http://mobil.derstandard.at/js/fixedfixed.js" />
+	<test url="http://www.derstandard.at/js/fixedfixed.js" />
+	<test url="http://derstandard.at/kursinfo/" />
+	<test url="http://mobil.derstandard.at/kursinfo/" />
+	<test url="http://www.derstandard.at/kursinfo/" />
+	<test url="http://derstandard.at/wetter/Content/img/search-icon2.png" />
+	<test url="http://mobil.derstandard.at/wetter/Content/img/search-icon2.png" />
+	<test url="http://www.derstandard.at/wetter/Content/img/search-icon2.png" />
+</ruleset>
diff --git a/src/chrome/content/rules/detini.gov.uk.xml b/src/chrome/content/rules/detini.gov.uk.xml
new file mode 100644
index 000000000000..ac43c05c2b21
--- /dev/null
+++ b/src/chrome/content/rules/detini.gov.uk.xml
@@ -0,0 +1,64 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.detini.gov.uk/ => https://www.detini.gov.uk/: (7, 'Failed to connect to www.detini.gov.uk port 443: Connection refused')
+Fetch error: http://detini.gov.uk/ => https://www.detini.gov.uk/: (7, 'Failed to connect to www.detini.gov.uk port 443: Connection refused')
+
+	Department of Enterprise, Trade & Investment
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *detini.gov.uk:
+
+		- www.benson ᵖ
+
+	ᵖ Plaintext reply
+
+
+	Problematic hosts in *detini.gov.uk:
+
+		- ^ ᶠ
+		- www.business ᵉ
+
+	ᵉ Expired
+	ᶠ Handshake fails; preemptable redirect
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .detini.gov.uk
+		- insolvency.detini.gov.uk
+
+-->
+<ruleset name="DETI NI.gov.uk (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="insolvency.detini.gov.uk" />
+	<target host="www.detini.gov.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="detini.gov.uk" />
+
+		<!--	Sets cookies without Secure:
+							-->
+		<!--test url="http://insolvency.detini.gov.uk/InsolvencyPublic/Security/SignIn.aspx" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.detini\.gov\.uk$" name="^NIGOV(?:$|_)" /-->
+	<!--securecookie host="^insolvency\.detini\.gov\.uk$" name="^(?:ASP\.NET_SessionId|AspxAutoDetectCookieSupport)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://detini\.gov\.uk/"
+		to="https://www.detini.gov.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/deutschepost.xml b/src/chrome/content/rules/deutschepost.xml
new file mode 100644
index 000000000000..33bb3e5f4f2d
--- /dev/null
+++ b/src/chrome/content/rules/deutschepost.xml
@@ -0,0 +1,24 @@
+<ruleset name="deutschepost">
+  <target host=             "deutschepost.de" />
+  <target host=  "philatelie.deutschepost.de" />
+  <target host=   "postident.deutschepost.de" />
+  <target host=   "standorte.deutschepost.de" />
+  <target host=         "www.deutschepost.de" />
+  <target host=    "direktmarketingcenter.de" />
+  <target host="www.direktmarketingcenter.de" />
+  <target host=                 "efiliale.de" />
+  <target host=             "www.efiliale.de" />
+  <target host=      "www.portokalkulator.de" />
+  <target host=               "postdirekt.de" />
+  <target host=           "www.postdirekt.de" />
+  <target host=           "postofficeshop.de" />
+  <target host=       "www.postofficeshop.de" />
+  <target host=            "login.postpay.de" />
+  <target host=            "deutschepost.com" />
+  <target host=        "www.deutschepost.com" />
+
+  <securecookie host=".+" name=".+" />
+
+  <rule from="^http:"
+	  to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/deutschland-spielt.de.xml b/src/chrome/content/rules/deutschland-spielt.de.xml
new file mode 100644
index 000000000000..e966132b7432
--- /dev/null
+++ b/src/chrome/content/rules/deutschland-spielt.de.xml
@@ -0,0 +1,16 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://deutschland-spielt.de/ => https://deutschland-spielt.de/: Too many redirects while fetching 'https://deutschland-spielt.de/'
+Fetch error: http://www.deutschland-spielt.de/ => https://www.deutschland-spielt.de/: Too many redirects while fetching 'https://www.deutschland-spielt.de/'
+
+	Refused:
+		- download.deutschland-spielt.de
+-->
+<ruleset name="deutschland-spielt.de" default_off="failed ruleset test">
+	<target host="deutschland-spielt.de"/>
+	<target host="www.deutschland-spielt.de"/>
+
+	<rule from="^http:"
+		to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/dev47apps.com.xml b/src/chrome/content/rules/dev47apps.com.xml
new file mode 100644
index 000000000000..251cd0574827
--- /dev/null
+++ b/src/chrome/content/rules/dev47apps.com.xml
@@ -0,0 +1,46 @@
+<!--
+	Fetch error: http://araratauto.dev47apps.com/ => https://araratauto.dev47apps.com/: (51, "SSL: no alternative certificate subject name matches target host name 'araratauto.dev47apps.com'")
+	Fetch error: http://gevorgcpa.dev47apps.com/ => https://gevorgcpa.dev47apps.com/: (51, "SSL: no alternative certificate subject name matches target host name 'gevorgcpa.dev47apps.com'")
+	Fetch error: http://jan.dev47apps.com/ => https://jan.dev47apps.com/: (51, "SSL: no alternative certificate subject name matches target host name 'jan.dev47apps.com'")
+
+	Invalid certificate:
+		www.araratauto.dev47apps.com
+		autodiscover.araratauto.dev47apps.com
+		webmail.araratauto.dev47apps.com
+		autodiscover.dev47apps.com
+		www.dev47appsnet.dev47apps.com
+		autodiscover.dev47appsnet.dev47apps.com
+		webmail.dev47appsnet.dev47apps.com
+		ftp.dev47apps.com
+		www.gevorgcpa.dev47apps.com
+		webmail.gevorgcpa.dev47apps.com
+		www.jan.dev47apps.com
+		autodiscover.jan.dev47apps.com
+		webmail.jan.dev47apps.com
+		www.translate.dev47apps.com
+		autodiscover.translate.dev47apps.com
+		webmail.translate.dev47apps.com
+		www.ufixit.dev47apps.com
+		autodiscover.ufixit.dev47apps.com
+		webmail.ufixit.dev47apps.com
+
+	Refused:
+		localhost.dev47apps.com
+
+	Redirect to HTTP:
+		dev47appsnet.dev47apps.com
+		ufixit.dev47apps.com
+-->
+<ruleset name="dev47apps.com">
+	<target host="dev47apps.com" />
+	<target host="www.dev47apps.com" />
+	<target host="cpanel.dev47apps.com" />
+	<target host="mail.dev47apps.com" />
+	<target host="cpcalendars.dev47apps.com" />
+	<target host="cpcontacts.dev47apps.com" />
+	<target host="translate.dev47apps.com" />
+	<target host="webdisk.dev47apps.com" />
+	<target host="webmail.dev47apps.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/devalate.com.xml b/src/chrome/content/rules/devalate.com.xml
new file mode 100644
index 000000000000..7c79dcfed39a
--- /dev/null
+++ b/src/chrome/content/rules/devalate.com.xml
@@ -0,0 +1,29 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://devalate.com/ => https://devalate.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.devalate.com/ => https://www.devalate.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+	Insecure cookies are set for these hosts:
+
+		- devalate.com
+		- www.devalate.com
+
+-->
+<ruleset name="Devalate.com" default_off="failed ruleset test">
+
+	<target host="devalate.com" />
+	<target host="www.devalate.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?devalate\.com$" name="^sails\.sid$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/devbridge.com.xml b/src/chrome/content/rules/devbridge.com.xml
new file mode 100644
index 000000000000..3d994fe7cd1a
--- /dev/null
+++ b/src/chrome/content/rules/devbridge.com.xml
@@ -0,0 +1,19 @@
+<!--
+cms.devbridge.com ¹
+o1.email.devbridge.com ³
+livingstyleguide.devbridge.com ¹
+mazak1.devbridge.com nonexist
+www.mazak1.devbridge.com nonexist
+performance-tool.devbridge.com ¹
+
+
+¹ mismatch
+³ timed out
+-->
+<ruleset name="devbridge.com">
+	<target host="devbridge.com" />
+	<target host="www.devbridge.com" />
+	<target host="team.devbridge.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/develop-online.net.xml b/src/chrome/content/rules/develop-online.net.xml
new file mode 100644
index 000000000000..8923a2b46150
--- /dev/null
+++ b/src/chrome/content/rules/develop-online.net.xml
@@ -0,0 +1,37 @@
+<!--
+	For other NewsBay Media coverage, see Intent-Media.xml.
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.develop-online.net
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css on www.develop-online.net from fonts.googleapis.com ˢ
+		- Bug on www.develop-online.net from pixel.mathtag.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Develop-online.net">
+
+	<target host="develop-online.net" />
+	<target host="subs.develop-online.net" />
+	<target host="www.develop-online.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.develop-online\.net$" name="Session$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/develz.org.xml b/src/chrome/content/rules/develz.org.xml
new file mode 100644
index 000000000000..1e09a65afff7
--- /dev/null
+++ b/src/chrome/content/rules/develz.org.xml
@@ -0,0 +1,17 @@
+<!--
+Invalid certificate:
+	www.develz.org
+	dampf.develz.org
+	git.develz.org
+	tag.develz.org
+	wraths.develz.org
+-->
+<ruleset name="develz.org">
+	<target host="develz.org" />
+	<target host="www.develz.org" />
+	<target host="crawl.develz.org" />
+	<target host="scoreboard.crawl.develz.org" />
+
+	<rule from="^http://www\.develz\.org/" to="https://develz.org/" />
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/devonjobs.gov.uk.xml b/src/chrome/content/rules/devonjobs.gov.uk.xml
new file mode 100644
index 000000000000..a48502ec4646
--- /dev/null
+++ b/src/chrome/content/rules/devonjobs.gov.uk.xml
@@ -0,0 +1,59 @@
+<!--
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	These altnames don't exist:
+
+		- devonjobs.gov.uk
+
+-->
+<ruleset name="Devon Jobs.gov.uk (partial)">
+
+	<target host="www.devonjobs.gov.uk" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.devonjobs\.gov\.uk/(?:$|\?|(?:GenText|index)\.aspx|[\w-]+/\d+\.job)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.devonjobs\.gov\.uk/+(?!(?:CommonFileStorage(?:Fil|Imag)eGrab|ForgottenPassword|Register|Signin)\.aspx|categories(?:$|[?/])|(?:[\w-]+/)?client/\d+/(?:css|graphics|upload)/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.devonjobs.gov.uk/GenText.aspx?page=page12" />
+			<test url="http://www.devonjobs.gov.uk/GenText.aspx?page=page2" />
+			<test url="http://www.devonjobs.gov.uk/GenText.aspx?page=page3" />
+			<test url="http://www.devonjobs.gov.uk/GenText.aspx?page=page5" />
+			<test url="http://www.devonjobs.gov.uk/GenText.aspx?page=page9" />
+			<test url="http://www.devonjobs.gov.uk/SearchResults.aspx" />
+			<test url="http://www.devonjobs.gov.uk/SearchResults.aspx?pg=3" />
+			<test url="http://www.devonjobs.gov.uk/adminclericalfinance-services-for-communities-admin-clerical-work-temp-solutions/48639.job" />
+			<test url="http://www.devonjobs.gov.uk/education-support-babcock-international-group-advisory-teacher-for-the-ethnic-minority-traveller-achievement-service-emtas/50483.job" />
+			<test url="http://www.devonjobs.gov.uk/index.aspx" />
+			<test url="http://www.devonjobs.gov.uk/it-rowcroft-hospice-it-network-analyst/50469.job" />
+			<test url="http://www.devonjobs.gov.uk/libraries-services-for-communities-centre-support-staff/50313.job" />
+			<test url="http://www.devonjobs.gov.uk/probation/GenText.aspx?page=page3" />
+			<test url="http://www.devonjobs.gov.uk/probation/Index.aspx" />
+			<test url="http://www.devonjobs.gov.uk/social-care-health-relief-social-worker/29328.job" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.devonjobs.gov.uk/CommonFileStorageFileGrab.aspx?msg=Uc4RsVFW7Nj9ZD3eKmXum3QIN8j3XN9QoTEl4bq%2fVw24ZsLcmdmg9bNJxjUielkqtm5FJduhH6oM8VbGw%2fvN2HIqS9dFqRZfXNHuROEergUaXQSbiPJEfXUjLdVhdsmK" />
+			<test url="http://www.devonjobs.gov.uk/CommonFileStorageImageGrab.aspx?msg=yIogJE0yT7FPdRecWv1AXbALpyGzM7D%2boMCqqNdpXfrzrWfG3Qo4NoUpV4qVauzWGNek9RK3y7oInJbZm2j5GA%3d%3d" />
+			<test url="http://www.devonjobs.gov.uk/ForgottenPassword.aspx" />
+			<test url="http://www.devonjobs.gov.uk/Register.aspx" />
+			<test url="http://www.devonjobs.gov.uk/Signin.aspx" />
+			<test url="http://www.devonjobs.gov.uk/adminclericalfinance-services-for-communities-admin-clerical-work-temp-solutions/client/4/css/popup.css" />
+			<test url="http://www.devonjobs.gov.uk/adminclericalfinance-services-for-communities-admin-clerical-work-temp-solutions/client/4/graphics/decoration/bg_primary_nav.gif" />
+			<test url="http://www.devonjobs.gov.uk/client/4/css/popup.css" />
+			<test url="http://www.devonjobs.gov.uk/client/4/graphics/decoration/bg_primary_nav.gif" />
+			<test url="http://www.devonjobs.gov.uk/client/4/upload/public/docimages/Image/l/n/t/choice%20applicant.gif" />
+			<test url="http://www.devonjobs.gov.uk/categories" />
+			<test url="http://www.devonjobs.gov.uk/categories/trading-standards-environmental-health/441.cat" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/dfo.no.xml b/src/chrome/content/rules/dfo.no.xml
new file mode 100644
index 000000000000..eb0d9dc0e126
--- /dev/null
+++ b/src/chrome/content/rules/dfo.no.xml
@@ -0,0 +1,36 @@
+<!--
+	Nonfunctional hosts in *dfo.no:
+
+		- (www.)? ᵈ
+		- styringskonferansen ʰ
+
+	ᵈ Dropped
+	ʰ Redirects to http
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- pub.dfo.no
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="DFO.no (partial)">
+
+	<target host="blogg.dfo.no" />
+	<target host="elaring.dfo.no" />
+	<target host="piwik.dfo.no" />
+	<target host="pub.dfo.no" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^pub\.dfo\.no$" name="^wfvt_\d+$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/dft.gov.uk.xml b/src/chrome/content/rules/dft.gov.uk.xml
new file mode 100644
index 000000000000..44a077edfa75
--- /dev/null
+++ b/src/chrome/content/rules/dft.gov.uk.xml
@@ -0,0 +1,122 @@
+<!--
+	Department for Transport
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	CDN buckets:
+
+		- data.dft.gov.uk.s3.amazonaws.com
+		- static.dft.gov.uk.s3.amazonaws.com
+
+
+	Nonfunctional hosts in *dft.gov.uk:
+
+		- assets ᵈ
+		- charts ʳ
+		- dvla ᵈ
+		- maps ᵈ
+
+	ᵈ Dropped
+	ʳ Refused
+
+
+	Problematic hosts in *dft.gov.uk:
+
+		- aka ᵐ
+		- bikeability ᶜ ᵉ
+		- data ᵐ
+		- highspeedrail ᵐ
+		- maritime ᶜ
+		- nptdtr ᵐ
+		- sharp ᶜ
+		- static ᵐ
+
+	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
+	ᵉ Expired
+	ᵐ Mismatched
+
+
+	Partially covered hosts in *dft.gov.uk:
+
+		- shop ʰ
+
+	ʰ Some pages redirect to http
+
+
+	Insecure cookies are set for these hosts:
+
+		- dsa.dft.gov.uk
+		- esdal.dft.gov.uk
+		- maritime.dft.gov.uk
+		- tanks.dft.gov.uk
+		- tssplansregistry.dft.gov.uk
+
+-->
+<ruleset name="DFT.gov.uk (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="dft.gov.uk" />
+	<target host="dsa.dft.gov.uk" />
+	<target host="esdal.dft.gov.uk" />
+	<target host="extranet.dft.gov.uk" />
+	<target host="halogenonline.dft.gov.uk" />
+	<target host="halogenuseradmin.dft.gov.uk" />
+	<!--target host="maritime.dft.gov.uk" /-->
+	<!--target host="sharp.dft.gov.uk" /-->
+	<target host="shop.dft.gov.uk" />
+	<target host="tanks.dft.gov.uk" />
+	<target host="tssplansregistry.dft.gov.uk" />
+	<target host="www.dft.gov.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="bikeability.dft.gov.uk" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://shop\.dft\.gov\.uk/THINKShop(?:$|/(?:Contact|Help|ResetPassword)\.aspx)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://shop\.dft\.gov\.uk/+(?!THINKShop/(?:_assets/css|_assets/images|ProductImages)/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://shop.dft.gov.uk/THINKShop" />
+			<test url="http://shop.dft.gov.uk/THINKShop/Contact.aspx" />
+			<test url="http://shop.dft.gov.uk/THINKShop/Help.aspx" />
+			<test url="http://shop.dft.gov.uk/THINKShop/ResetPassword.aspx" />
+
+			<!--	-ve:
+					-->
+			<test url="http://shop.dft.gov.uk/THINKShop/ProductImages/8bc959f4-62e5-41dd-abc9-f63b0546bc6a.jpg" />
+			<test url="http://shop.dft.gov.uk/THINKShop/Register.aspx" />
+			<test url="http://shop.dft.gov.uk/THINKShop/_assets/css/think.css" />
+			<test url="http://shop.dft.gov.uk/THINKShop/_assets/images/footer_pattern_grey.jpg" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^dsa\.dft\.gov\.uk$" name="^(?:BIGipServer|atype$)" /-->
+	<!--securecookie host="^esdal\.dft\.gov\.uk$" name="^(?:__RequestVerificationToken|ASP\.NET_SessionId)$" /-->
+	<!--securecookie host="^maritime\.dft\.gov\.uk$" name="^sid$" /-->
+	<!--securecookie host="^tanks\.dft\.gov\.uk$" name="^\.ASPXANONYMOUS$" /-->
+	<!--securecookie host="^tssplansregistry\.dft\.gov\.uk$" name="^ASPSESSIONID[A-Z]{8}$" /-->
+
+	<securecookie host="^(?!shop\.)\w" name=".+" />
+
+
+	<!--	Redirect keeps path and args,
+		but not forward slash:
+					-->
+	<rule from="^http://bikeability\.dft\.gov\.uk/+"
+		to="https://bikeability.org.uk/" />
+
+		<test url="http://bikeability.dft.gov.uk/index.htm" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/dftoutiao.com.xml b/src/chrome/content/rules/dftoutiao.com.xml
new file mode 100644
index 000000000000..3562bbb1f54d
--- /dev/null
+++ b/src/chrome/content/rules/dftoutiao.com.xml
@@ -0,0 +1,43 @@
+<!--
+	404:
+		canada
+		kbzx
+		newsunion
+
+	MCB:
+		down
+
+	Mismatch:
+		backstage.h5
+
+	Refused:
+		cms
+		e
+		yf
+
+	Timeout:
+		^
+		www
+-->
+
+<ruleset name="dftoutiao.com">
+	<target host="aboutcomment.dftoutiao.com" />
+		<test url="http://aboutcomment.dftoutiao.com/comment/v2.1/comment/jsonp/getreview/161212112234796/0/10" />
+	<target host="actlog.dftoutiao.com" />
+		<test url="http://actlog.dftoutiao.com/getdatafirst/pcdata" />
+	<target host="kp.dftoutiao.com" />
+	<target host="kp2.dftoutiao.com" />
+	<target host="ot.dftoutiao.com" />
+		<test url="http://ot.dftoutiao.com/online/online" />
+	<target host="pclog.dftoutiao.com" />
+		<test url="http://pclog.dftoutiao.com/getpcdata/data" />
+	<target host="picpcapi.dftoutiao.com" />
+	<target host="position.dftoutiao.com" />
+	<target host="softwords.dftoutiao.com" />
+		<test url="http://softwords.dftoutiao.com/loadsoftwords/load" />
+	<target host="tjpc02.dftoutiao.com" />
+		<test url="http://tjpc02.dftoutiao.com/pconline/pconline" />
+	<target host="ttpc.dftoutiao.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/dhbw-mannheim.de.xml b/src/chrome/content/rules/dhbw-mannheim.de.xml
new file mode 100644
index 000000000000..2333e24e7a92
--- /dev/null
+++ b/src/chrome/content/rules/dhbw-mannheim.de.xml
@@ -0,0 +1,66 @@
+<!--
+	Invalid Certificate:
+		alumni.dhbw-mannheim.de
+		www.ac.dhbw-mannheim.de
+		www.agpw.dhbw-mannheim.de
+		www.ahd.dhbw-mannheim.de
+		www.am.dhbw-mannheim.de
+		www.bib.dhbw-mannheim.de
+		www.bk.dhbw-mannheim.de
+		www.cc.dhbw-mannheim.de
+		www.ct.dhbw-mannheim.de
+		www.dlm.dhbw-mannheim.de
+		www.dm.dhbw-mannheim.de
+		www.edsc.dhbw-mannheim.de
+		www.el.dhbw-mannheim.de
+		www.fdl.dhbw-mannheim.de
+		www.gm.dhbw-mannheim.de
+		www.hd.dhbw-mannheim.de
+		www.ib.dhbw-mannheim.de
+		www.idual.dhbw-mannheim.de
+		www.imbit.dhbw-mannheim.de
+		www.in.dhbw-mannheim.de
+		www.inf.dhbw-mannheim.de
+		www.io.dhbw-mannheim.de
+		www.iw.dhbw-mannheim.de
+		www.ma.dhbw-mannheim.de
+		www.mathematik.dhbw-mannheim.de
+		www.mb.dhbw-mannheim.de
+		www.mke.dhbw-mannheim.de
+		www.mm.dhbw-mannheim.de
+		www.mt.dhbw-mannheim.de
+		www.owi.dhbw-mannheim.de
+		www.partner.dhbw-mannheim.de
+		www.presse.dhbw-mannheim.de
+		www.qm.dhbw-mannheim.de
+		www.rz.dhbw-mannheim.de
+		www.sc.dhbw-mannheim.de
+		www.se.dhbw-mannheim.de
+		www.st.dhbw-mannheim.de
+		www.stl.dhbw-mannheim.de
+		www.studium.dhbw-mannheim.de
+		www.stuv.dhbw-mannheim.de
+		www.vs.dhbw-mannheim.de
+		www.wf.dhbw-mannheim.de
+		www.wi.dhbw-mannheim.de
+		www.wiw.dhbw-mannheim.de
+		www.zeeb.dhbw-mannheim.de
+		www.zemath.dhbw-mannheim.de
+
+-->
+<ruleset name="DHBW Mannheim (partial)">
+
+	<!-- dhbw-mannheim.de -->
+	<target host="dhbw-mannheim.de"/>
+	<target host="www.dhbw-mannheim.de"/>
+	<target host="ezproxy.dhbw-mannheim.de"/>
+	<target host="moodle.dhbw-mannheim.de"/>
+	<target host="ox.dhbw-mannheim.de"/>
+	<target host="studgate.dhbw-mannheim.de"/>
+	<target host="studyup.dhbw-mannheim.de"/>
+	<target host="vorlesungsplan.dhbw-mannheim.de"/>
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/dhi-scotland.com.xml b/src/chrome/content/rules/dhi-scotland.com.xml
new file mode 100644
index 000000000000..24f2a1745f54
--- /dev/null
+++ b/src/chrome/content/rules/dhi-scotland.com.xml
@@ -0,0 +1,37 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.dhi-scotland.com/ => https://www.dhi-scotland.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.dhi-scotland.com'")
+
+	CDN buckets:
+
+		- feusd-dhi.s3.amazonaws.com
+
+
+	Insecure cookies are set for these hosts:
+
+		- dhi-scotland.com
+
+
+	STS header includes includeSubdomains
+
+-->
+<ruleset name="DHI-scotland.com" default_off="failed ruleset test">
+
+	<target host="dhi-scotland.com" />
+	<target host="*.dhi-scotland.com" />
+
+		<test url="http://www.dhi-scotland.com/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^dhi-scotland\.com$" name="^(?:_feusd_session|XSRF-TOKEN)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/dhsspsni.gov.uk.xml b/src/chrome/content/rules/dhsspsni.gov.uk.xml
new file mode 100644
index 000000000000..d92e106a7b0e
--- /dev/null
+++ b/src/chrome/content/rules/dhsspsni.gov.uk.xml
@@ -0,0 +1,51 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.dhsspsni.gov.uk/ => https://www.dhsspsni.gov.uk/: (7, 'Failed to connect to www.dhsspsni.gov.uk port 443: Connection refused')
+Fetch error: http://dhsspsni.gov.uk/ => https://www.dhsspsni.gov.uk/: (7, 'Failed to connect to www.dhsspsni.gov.uk port 443: Connection refused')
+
+	Department of Finance and Personnel Northern Ireland
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *dhsspsni.gov.uk:
+
+		- sabs ³
+
+	³ 403
+
+
+	^dhsspsni.gov.uk: Refused
+
+
+	Insecure cookies are set for these domains:
+
+		- .dhsspsni.gov.uk
+
+-->
+<ruleset name="DHSSPS NI.gov.uk (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.dhsspsni.gov.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="dhsspsni.gov.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.dhsspsni\.gov\.uk$" name="^NIGOV$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://dhsspsni\.gov\.uk/"
+		to="https://www.dhsspsni.gov.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/dialogic.com.xml b/src/chrome/content/rules/dialogic.com.xml
new file mode 100644
index 000000000000..fcc8438e578c
--- /dev/null
+++ b/src/chrome/content/rules/dialogic.com.xml
@@ -0,0 +1,58 @@
+<!--
+	Problematic hosts in *dialogic.com:
+
+		- ^ ⁵
+		- blog ᵐ
+
+	⁵ 500
+	ᵐ HubSpot / mismatched
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- www.dialogic.com
+		- .www.dialogic.com
+
+
+	Mixed content:
+
+		- Image on www from $self ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="dialogic.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.dialogic.com" />
+
+	<!--	Complications:
+				-->
+	<target host="dialogic.com" />
+
+		<!--	Mixed images & sets cookie without secure:
+									-->
+		<!--test url="http://www.dialogic.com/den/default.aspx" /-->
+
+		<!--	Mixed image:
+					-->
+		<!--test url="http://www.dialogic.com/en/profile/login-help.aspx" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.dialogic\.com$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^\.www\.dialogic\.com$" name="^AuthorizationCookie$" /-->
+
+	<securecookie host="^\.www\." name=".+" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://dialogic\.com/"
+		to="https://www.dialogic.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/diamedclinic.ru.xml b/src/chrome/content/rules/diamedclinic.ru.xml
new file mode 100644
index 000000000000..2974e0ab57a4
--- /dev/null
+++ b/src/chrome/content/rules/diamedclinic.ru.xml
@@ -0,0 +1,12 @@
+<!--
+mail.diamedclinic.ru ¹
+
+
+¹ mismatch
+-->
+<ruleset name="diamedclinic.ru">
+	<target host="diamedclinic.ru" />
+	<target host="www.diamedclinic.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/dianping.com.xml b/src/chrome/content/rules/dianping.com.xml
new file mode 100644
index 000000000000..f0c367cad6fb
--- /dev/null
+++ b/src/chrome/content/rules/dianping.com.xml
@@ -0,0 +1,33 @@
+<!--
+	Related:	dpfile.com.xml
+
+	Mismatch:
+		blog	( redirect to weibo.com/dzdp )
+		campus
+		careers
+		dpindex
+-->
+<ruleset name="dianping.com (partial)">
+	<target host="dianping.com" />
+	<target host="www.dianping.com" />
+	<target host="android.dianping.com" />
+	<target host="b.dianping.com" />
+	<target host="e.dianping.com" />
+	<target host="events.dianping.com" />
+	<target host="h5.dianping.com" />
+	<target host="hls.dianping.com" />
+	<target host="jh.dianping.com" />
+	<target host="join.dianping.com" />
+	<target host="kf.dianping.com" />
+	<target host="m.dianping.com" />
+	<target host="maoyan.dianping.com" />
+	<target host="mlog.dianping.com" />
+	<target host="nugget.dianping.com" />
+	<target host="s.dianping.com" />
+	<target host="t.dianping.com" />
+	<target host="tpl.dianping.com" />
+
+	<target host="dpurl.cn" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/diapers.com.xml b/src/chrome/content/rules/diapers.com.xml
new file mode 100644
index 000000000000..6ba88184c741
--- /dev/null
+++ b/src/chrome/content/rules/diapers.com.xml
@@ -0,0 +1,43 @@
+<!--
+	For other Amazon coverage, see Amazon.xml.
+
+
+	^diapers.com: Refused
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- .diapers.com
+		- www.diapers.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Diapers.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.diapers.com" />
+
+	<!--	Complications:
+				-->
+	<target host="diapers.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.diapers\.com$" name="^(?:cookie-check|session-id|ubid-main)$" /-->
+	<!--securecookie host="^www\.diapers\.com$" name="^(?:ASP\.NET_SessionId|GEO_COUNTRYCODE|GEO_ZIPCODE|VISITOR_ID|cookie-check)$" /-->
+
+	<securecookie host=".+" name="^ps-trtmnt$" />
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://diapers\.com/"
+		to="https://www.diapers.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/dictation.io.xml b/src/chrome/content/rules/dictation.io.xml
new file mode 100644
index 000000000000..ff514a6159c6
--- /dev/null
+++ b/src/chrome/content/rules/dictation.io.xml
@@ -0,0 +1,13 @@
+<ruleset name="Dictation.io">
+
+	<target host="dictation.io" />
+	<target host="www.dictation.io" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/die-neue-welle.de.xml b/src/chrome/content/rules/die-neue-welle.de.xml
new file mode 100644
index 000000000000..c0f0df33517e
--- /dev/null
+++ b/src/chrome/content/rules/die-neue-welle.de.xml
@@ -0,0 +1,23 @@
+<!--
+	Connection closed:
+		www.jobs.die-neue-welle.de
+		xyz.die-neue-welle.de
+
+	Invalid certificate:
+		2015.die-neue-welle.de
+		live.die-neue-welle.de
+
+	Timeout:
+		owa.die-neue-welle.de
+-->
+<ruleset name="die-neue-welle.de">
+
+	<target host="die-neue-welle.de" />
+	<target host="www.die-neue-welle.de" />
+	<target host="jobs.die-neue-welle.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/dietmardreier.de.xml b/src/chrome/content/rules/dietmardreier.de.xml
new file mode 100644
index 000000000000..0c5c558f6744
--- /dev/null
+++ b/src/chrome/content/rules/dietmardreier.de.xml
@@ -0,0 +1,7 @@
+<ruleset name="dietmardreier.de">
+	<target host="dietmardreier.de"/>
+	<target host="www.dietmardreier.de"/>
+
+	<rule from="^http:"
+		to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/digidip.net.xml b/src/chrome/content/rules/digidip.net.xml
new file mode 100644
index 000000000000..18e0ed9574f8
--- /dev/null
+++ b/src/chrome/content/rules/digidip.net.xml
@@ -0,0 +1,134 @@
+<!--
+	This domain contains a wildcard DNS record.
+
+	Non-2xx HTTP code:
+		- puppet5.digidip.net
+
+	SSL: no alternative certificate subject name matches target host name:
+		- www.files.digidip.net
+		- ftp.digidip.net
+		- www.ftp.digidip.net
+		- www.premium.digidip.net
+		- www.static.digidip.net
+
+	Timeout:
+		- db.backup.publisher.digidip.net
+-->
+<ruleset name="digidip.net">
+
+	<target host="digidip.net" />
+	<target host="4ic.digidip.net" />
+	<target host="amazedmag.digidip.net" />
+	<target host="androidpit-br.digidip.net" />
+	<target host="androidpit-es.digidip.net" />
+	<target host="androidpit-fr.digidip.net" />
+	<target host="audio.digidip.net" />
+	<target host="bekleidet.digidip.net" />
+	<target host="beta1.digidip.net" />
+	<target host="beta2.digidip.net" />
+	<target host="beta3.digidip.net" />
+	<target host="bild.digidip.net" />
+	<target host="br.digidip.net" />
+	<target host="bronzingeyes.digidip.net" />
+	<target host="ccm.digidip.net" />
+	<target host="cheaperia.digidip.net" />
+	<target host="chillmo.digidip.net" />
+	<target host="chip.digidip.net" />
+	<target host="chollo-to.digidip.net" />
+	<target host="chollometro.digidip.net" />
+	<target host="colorfoto.digidip.net" />
+	<target host="commentcamarche.digidip.net" />
+	<target host="computerbild-forum.digidip.net" />
+	<target host="computeridee.digidip.net" />
+	<target host="computertotaal.digidip.net" />
+	<target host="connect.digidip.net" />
+	<target host="connectedhome.digidip.net" />
+	<target host="couponchief.digidip.net" />
+	<target host="de-ccm.digidip.net" />
+	<target host="dealabs.digidip.net" />
+	<target host="elastic.digidip.net" />
+	<target host="elitepvpers.digidip.net" />
+	<target host="elle-fr.digidip.net" />
+	<target host="es-ccm.digidip.net" />
+	<target host="files.digidip.net" />
+	<target host="finnkupongkoder.digidip.net" />
+	<target host="flynous.digidip.net" />
+	<target host="fok.digidip.net" />
+	<target host="forum.digidip.net" />
+	<target host="forum-fok.digidip.net" />
+	<target host="forumde.digidip.net" />
+	<target host="forums-futura-sciences.digidip.net" />
+	<target host="forumscnetfrance.digidip.net" />
+	<target host="fotocommunity.digidip.net" />
+	<target host="gentside.digidip.net" />
+	<target host="gutefrage.digidip.net" />
+	<target host="hardware.digidip.net" />
+	<target host="hauptstadtmuttide.digidip.net" />
+	<target host="holidaypirates.digidip.net" />
+	<target host="hotukdeals.digidip.net" />
+	<target host="importer-beta.digidip.net" />
+	<target host="informatiweb.digidip.net" />
+	<target host="jetzt.digidip.net" />
+	<target host="jeuxvideo.digidip.net" />
+	<target host="journaldunet.digidip.net" />
+	<target host="kleiderkreisel.digidip.net" />
+	<target host="ledemondujeu.digidip.net" />
+	<target host="lefigaro-fr.digidip.net" />
+	<target host="link-checker.digidip.net" />
+	<target host="linternaute.digidip.net" />
+	<target host="linternautefr.digidip.net" />
+	<target host="m3-idg.digidip.net" />
+	<target host="marieclaire-fr.digidip.net" />
+	<target host="mashasedgwick.digidip.net" />
+	<target host="michollo.digidip.net" />
+	<target host="moins-depenser.digidip.net" />
+	<target host="motor-talk.digidip.net" />
+	<target host="mountainbike.digidip.net" />
+	<target host="mydealz.digidip.net" />
+	<target host="netzwelt.digidip.net" />
+	<target host="nl-pepper.digidip.net" />
+	<target host="pc-infopratique.digidip.net" />
+	<target host="pcmagazin.digidip.net" />
+	<target host="pcworld-couponcodes.digidip.net" />
+	<target host="pcworld-es.digidip.net" />
+	<target host="pelando.digidip.net" />
+	<target host="pg.digidip.net" />
+	<target host="pgstatic.digidip.net" />
+	<target host="phonandroid.digidip.net" />
+	<target host="piratinviaggio.digidip.net" />
+	<target host="piucodicisconto.digidip.net" />
+	<target host="pl-pepper.digidip.net" />
+	<target host="planetenumerique.digidip.net" />
+	<target host="playpennies.digidip.net" />
+	<target host="pocketpc.digidip.net" />
+	<target host="premium.digidip.net" />
+	<target host="promodescuentos.digidip.net" />
+	<target host="qa-sonarqube.digidip.net" />
+	<target host="rtt-hook.digidip.net" />
+	<target host="schieb.digidip.net" />
+	<target host="search.digidip.net" />
+	<target host="smart-shopping.digidip.net" />
+	<target host="sparheld.digidip.net" />
+	<target host="stadtbremerhaven.digidip.net" />
+	<target host="static.digidip.net" />
+	<target host="symbaloo.digidip.net" />
+	<target host="talk.digidip.net" />
+	<target host="tomshw.digidip.net" />
+	<target host="up-trustedreviews.digidip.net" />
+	<target host="urlaubspiraten.digidip.net" />
+	<target host="vakantiepiraten.digidip.net" />
+	<target host="video.digidip.net" />
+	<target host="vinted.digidip.net" />
+	<target host="visit.digidip.net" />
+	<target host="voucherbox.digidip.net" />
+	<target host="webgears.digidip.net" />
+	<target host="winfuture.digidip.net" />
+	<target host="winfuture-forum.digidip.net" />
+	<target host="wmp-forumde.digidip.net" />
+	<target host="wykop.digidip.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/digiguide.tv.xml b/src/chrome/content/rules/digiguide.tv.xml
new file mode 100644
index 000000000000..b898b6420440
--- /dev/null
+++ b/src/chrome/content/rules/digiguide.tv.xml
@@ -0,0 +1,29 @@
+<!--
+	www.digiguide.tv: Handshake fails
+
+-->
+<ruleset name="digiguide.tv">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="digiguide.tv" />
+	<target host="accounts.digiguide.tv" />
+	<target host="i.digiguide.tv" />
+	<target host="listings.digiguide.tv" />
+	<target host="support.digiguide.tv" />
+
+	<!--	Complications:
+				-->
+	<target host="www.digiguide.tv" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://www\.digiguide\.tv/"
+		to="https://digiguide.tv/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/digip.org.xml b/src/chrome/content/rules/digip.org.xml
new file mode 100644
index 000000000000..6a30817e2351
--- /dev/null
+++ b/src/chrome/content/rules/digip.org.xml
@@ -0,0 +1,5 @@
+<ruleset name="digip.org">
+	<target host="digip.org" />
+	<target host="www.digip.org" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/digital.report.xml b/src/chrome/content/rules/digital.report.xml
new file mode 100644
index 000000000000..188fa414c822
--- /dev/null
+++ b/src/chrome/content/rules/digital.report.xml
@@ -0,0 +1,6 @@
+<ruleset name="digital.report">
+	<target host="digital.report" />
+	<target host="www.digital.report" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/digitale-gesellschaft.ch.xml b/src/chrome/content/rules/digitale-gesellschaft.ch.xml
new file mode 100644
index 000000000000..e7f92c8bd62c
--- /dev/null
+++ b/src/chrome/content/rules/digitale-gesellschaft.ch.xml
@@ -0,0 +1,13 @@
+<ruleset name="Digitale-Gesellschaft.ch">
+
+	<target host="digitale-gesellschaft.ch" />
+	<target host="www.digitale-gesellschaft.ch" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/digitv.de.xml b/src/chrome/content/rules/digitv.de.xml
new file mode 100644
index 000000000000..da565ddafb3d
--- /dev/null
+++ b/src/chrome/content/rules/digitv.de.xml
@@ -0,0 +1,14 @@
+<!--
+	Related to Digitalfernsehen.de.xml
+-->
+<ruleset name="digitv.de">
+
+	<target host="digitv.de" />
+	<target host="www.digitv.de" />
+	<target host="static.digitv.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/digwebinterface.com.xml b/src/chrome/content/rules/digwebinterface.com.xml
new file mode 100644
index 000000000000..4096ff30d653
--- /dev/null
+++ b/src/chrome/content/rules/digwebinterface.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="digwebinterface.com">
+	<target host="digwebinterface.com" />
+	<target host="www.digwebinterface.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/dimonvideo.ru.xml b/src/chrome/content/rules/dimonvideo.ru.xml
new file mode 100644
index 000000000000..933de2cb4e37
--- /dev/null
+++ b/src/chrome/content/rules/dimonvideo.ru.xml
@@ -0,0 +1,50 @@
+<!--
+www.dimonvideo.ru ¹
+ahnybtpadotazk.dimonvideo.ru ¹
+album.dimonvideo.ru ²
+api.dimonvideo.ru ¹
+doosxtxldtwb.dimonvideo.ru ¹
+eirrenlw.dimonvideo.ru ¹
+files.dimonvideo.ru ¹
+forum.dimonvideo.ru ¹
+gcjmpkignvdbz.dimonvideo.ru ¹
+images.dimonvideo.ru ²
+iphone.dimonvideo.ru ¹
+www.iphone.dimonvideo.ru ¹
+ldypydwy.dimonvideo.ru ¹
+pmvstljeuvyc.dimonvideo.ru ¹
+s1.dimonvideo.ru ²
+s2.dimonvideo.ru ²
+s3.dimonvideo.ru ²
+s4.dimonvideo.ru ¹
+s5.dimonvideo.ru ²
+s6.dimonvideo.ru ¹
+s7.dimonvideo.ru ²
+screens2.dimonvideo.ru ²
+screens3.dimonvideo.ru ²
+xaoc.dimonvideo.ru ¹
+xazbttoasiywilf.dimonvideo.ru ¹
+youjorbdlbpnys.dimonvideo.ru ¹
+
+
+¹ mismatch
+² refused
+-->
+<ruleset name="dimonvideo.ru">
+	<target host="dimonvideo.ru" />
+	<target host="avatar.dimonvideo.ru" />
+	<target host="file.dimonvideo.ru" />
+	<target host="m.dimonvideo.ru" />
+	<target host="mail.dimonvideo.ru" />
+	<target host="msg.dimonvideo.ru" />
+	<target host="s.dimonvideo.ru" />
+	<target host="screen.dimonvideo.ru" />
+	<target host="screens.dimonvideo.ru" />
+
+	<target host="www.dimonvideo.ru" />
+
+	<rule from="^http://www\.dimonvideo\.ru/"
+		to="https://dimonvideo.ru/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/dinglisch.net.xml b/src/chrome/content/rules/dinglisch.net.xml
new file mode 100644
index 000000000000..625631eb34ee
--- /dev/null
+++ b/src/chrome/content/rules/dinglisch.net.xml
@@ -0,0 +1,15 @@
+<!--
+	Remark: *.dinglisch.net has an expired certificate as of Feb 2017
+-->
+<ruleset name="dinglisch.net" default_off="expired">
+	<target host="dinglisch.net" />
+	<target host="apps.dinglisch.net" />
+	<target host="filemagic.dinglisch.net" />
+	<target host="ipack.dinglisch.net" />
+	<target host="lee.dinglisch.net" />
+		<test url="http://lee.dinglisch.net/markets/" />
+	<target host="tasker.dinglisch.net" />
+	<target host="zoom.dinglisch.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/dingtalk.com.xml b/src/chrome/content/rules/dingtalk.com.xml
new file mode 100644
index 000000000000..e50a49190f3f
--- /dev/null
+++ b/src/chrome/content/rules/dingtalk.com.xml
@@ -0,0 +1,40 @@
+<!--
+	For other Alibaba coverage, see Alibaba.xml.
+
+
+	^dingtalk.com: 403
+	www.dingtalk.com: Redirects to http
+
+
+	Mixed content:
+
+		- Images on open from static.dingtalk.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="DingTalk.com (partial)">
+
+	<target host="app.dingtalk.com" />
+	<target host="debug.dingtalk.com" />
+	<target host="im.dingtalk.com" />
+	<target host="oa.dingtalk.com" />
+	<target host="open.dingtalk.com" />
+	<target host="s.dingtalk.com" />
+	<target host="static.dingtalk.com" />
+	<target host="wsdebug.dingtalk.com" />
+
+		<!--	$ 501s, so:
+					-->
+		<test url="http://s.dingtalk.com/market/dingtalk/home/help_index.php" />
+
+		<test url="http://static.dingtalk.com/media/lALOAQ7S80TM-g_250_68.png" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/dinside.no-falsemixed.xml b/src/chrome/content/rules/dinside.no-falsemixed.xml
new file mode 100644
index 000000000000..e1fa9135e79a
--- /dev/null
+++ b/src/chrome/content/rules/dinside.no-falsemixed.xml
@@ -0,0 +1,20 @@
+<!--
+	For rules not causing false/broken MCB, see dinside.no.xml.
+
+
+	NB: see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Dinside.no (false MCB)" platform="mixedcontent">
+
+	<target host="testpilot.dinside.no" />
+
+
+	<securecookie host="^\." name="^(?:__cfduid$|_ga|cf_clearance$)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/dinside.no.xml b/src/chrome/content/rules/dinside.no.xml
new file mode 100644
index 000000000000..22597aff74dd
--- /dev/null
+++ b/src/chrome/content/rules/dinside.no.xml
@@ -0,0 +1,72 @@
+<!--
+	For rules causing false/broken MCB, see dinside.no-falsemixed.xml.
+
+
+	Nonfunctional hosts in *dinside.no:
+
+		- bilde ʳ
+
+	ʳ Refused
+
+
+	Problematic hosts in *dinside.no:
+
+		- ^ ᵈ
+		- testpilot ˣ
+
+	ᵈ Dropped
+	ˣ Mixed css, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+
+	Mixed content:
+
+		- css, on:
+
+			- testpilot from $self ˢ
+			- testpilot, www from fonts.googleapis.com ˢ
+
+		- Images, on:
+
+			- testpilot from $self ˢ
+			- www from gfx.dagbladet.no ˢ
+			- www from bilde.dinside.no ʳ
+			- www from testpilot.dinside.no ˢ
+
+		- Bugs, on:
+
+			- www from www.allerinternett.no ʳ
+			- www from measure.richmetrics.com ˢ
+			- www from dagbladet.tns-cs.net ˢ
+
+	ʳ Unsecurable <= refused
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Dinside.no (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="styleguide.dinside.no" />
+	<!--target host="testpilot.dinside.no" /-->
+	<target host="www.dinside.no" />
+
+		<!--	Mixed content:
+					-->
+		<!--test url="http://www.dinside.no/bat/" /-->
+
+	<!--	Complications:
+				-->
+	<target host="dinside.no" />
+
+
+	<securecookie host="^\." name="^(?:__cfduid$|_ga)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://dinside\.no/"
+		to="https://www.dinside.no/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/dionyziz.com.xml b/src/chrome/content/rules/dionyziz.com.xml
new file mode 100644
index 000000000000..d5f57782e3e1
--- /dev/null
+++ b/src/chrome/content/rules/dionyziz.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="dionyziz.com">
+	<target host="dionyziz.com" />
+	<target host="www.dionyziz.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/directlyrics.com.xml b/src/chrome/content/rules/directlyrics.com.xml
new file mode 100644
index 000000000000..24e7c4e6a17f
--- /dev/null
+++ b/src/chrome/content/rules/directlyrics.com.xml
@@ -0,0 +1,14 @@
+<ruleset name="Direct Lyrics.com">
+
+	<target host="directlyrics.com" />
+	<target host="www.directlyrics.com" />
+
+
+	<securecookie host="^\." name="^_ga" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/direxion.xml b/src/chrome/content/rules/direxion.xml
new file mode 100644
index 000000000000..824f584a1cc1
--- /dev/null
+++ b/src/chrome/content/rules/direxion.xml
@@ -0,0 +1,20 @@
+<!--
+	Nonfunctional domains:
+	 - www.files.direxionfunds.com  (nxdomain)
+	 
+	 Certificate mismatch:
+	 - direxionfunds.com
+	 - www.direxionfunds.com
+-->
+
+<ruleset name="Direxion">
+	<target host="direxion.com" />
+	<target host="direxioninvestments.com" />
+	<target host="www.direxion.com" />
+	<target host="www.direxioninvestments.com" />
+	
+	<target host="files.direxionfunds.com" />
+	<test url="http://files.direxionfunds.com/DirexionWebsiteFiles/holdings_tecl.csv" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/discovercarlisle.co.uk.xml b/src/chrome/content/rules/discovercarlisle.co.uk.xml
new file mode 100644
index 000000000000..07fae0cf2e70
--- /dev/null
+++ b/src/chrome/content/rules/discovercarlisle.co.uk.xml
@@ -0,0 +1,32 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.discovercarlisle.co.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Ad/bug from www.thedms.co.uk *
+
+	* See https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Discover Carlisle.co.uk">
+
+	<target host="discovercarlisle.co.uk" />
+	<target host="www.discovercarlisle.co.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.discovercarlisle\.co\.uk$" name="^(?:ASP\.NET_SessionId|dmsTPC)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/discoverhongkong.com.xml b/src/chrome/content/rules/discoverhongkong.com.xml
new file mode 100644
index 000000000000..c8a7175c025c
--- /dev/null
+++ b/src/chrome/content/rules/discoverhongkong.com.xml
@@ -0,0 +1,30 @@
+<!--
+	Nonfunctional hosts in *.discoverhongkong.com:
+		- hkfamily.discoverhongkong.com (m)
+		- hkwdf.discoverhongkong.com (m)
+		- mystories.discoverhongkong.com (r)
+		- summerci.discoverhongkong.com (s)
+		- web1.discoverhongkong.com (r)
+		- wintertxgae.discoverhongkong.com (s)
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Discover Hong Kong">
+	<target host="discoverhongkong.com" />
+	<target host="www.discoverhongkong.com" />
+	<target host="besthk.discoverhongkong.com" />
+	<target host="bestinhongkong.discoverhongkong.com" />
+	<target host="gotohk.discoverhongkong.com" />
+	<target host="guide.discoverhongkong.com" />
+	<target host="guide-apis.discoverhongkong.com" />
+	<target host="guide-fbapp.discoverhongkong.com" />
+	<target host="m.discoverhongkong.com" />
+	<target host="share.discoverhongkong.com" />
+	<target host="www.secure.discoverhongkong.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/displayport.org.xml b/src/chrome/content/rules/displayport.org.xml
new file mode 100644
index 000000000000..2f105edfbc14
--- /dev/null
+++ b/src/chrome/content/rules/displayport.org.xml
@@ -0,0 +1,10 @@
+<ruleset name="DisplayPort.org">
+
+	<target host="displayport.org" />
+	<target host="www.displayport.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/disposeamail.com.xml b/src/chrome/content/rules/disposeamail.com.xml
new file mode 100644
index 000000000000..c7e9115e906c
--- /dev/null
+++ b/src/chrome/content/rules/disposeamail.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="disposeamail.com">
+	<target host="disposeamail.com" />
+	<target host="www.disposeamail.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/dissernet.org.xml b/src/chrome/content/rules/dissernet.org.xml
new file mode 100644
index 000000000000..5f9c5e92b9b1
--- /dev/null
+++ b/src/chrome/content/rules/dissernet.org.xml
@@ -0,0 +1,14 @@
+<!--
+wiki.dissernet.org ¹
+
+
+¹ mismatch
+-->
+<ruleset name="dissernet.org">
+	<target host="dissernet.org" />
+	<target host="www.dissernet.org" />
+	<target host="biblio.dissernet.org" />
+	<target host="rosvuz.dissernet.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/divShare.xml b/src/chrome/content/rules/divShare.xml
index 0970f83094a6..0e1dd0c6c3ce 100644
--- a/src/chrome/content/rules/divShare.xml
+++ b/src/chrome/content/rules/divShare.xml
@@ -1,14 +1,51 @@
-<ruleset name="divShare" platform="mixedcontent">
 
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.divshare.com/ => https://www.divshare.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://divshare.com/ => https://www.divshare.com/: (28, 'Connection timed out after 20000 milliseconds')
+
+	^divshare.com: 403
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.divshare.com
+
+
+	Mixed content:
+
+		- css from www.divshare.com *
+
+		- Images, from:
+
+			- divshare.com *
+			- www.divshare.com *
+
+	* Secured by us
+
+-->
+<ruleset name="divShare.com" platform="mixedcontent" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.divshare.com" />
+
+	<!--	Complications:
+				-->
 	<target host="divshare.com" />
-	<!--	* for cross-domain cookies.	-->
-	<target host="*.divshare.com" />
 
 
-	<securecookie host="^(.*\.)?divshare\.com$" name=".*" />
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.divshare\.com$" name="^(PHPSESSID|cntHeaderMessages|ds_list_viewed_spotlights)$" /-->
+
+	<securecookie host=".+" name=".+"/>
+
 
+	<rule from="^http://divshare\.com/"
+		to="https://www.divshare.com/" />
 
-	<rule from="^http://(www\.)?divshare\.com/"
-		to="https://$1divshare.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/divo.ru.xml b/src/chrome/content/rules/divo.ru.xml
new file mode 100644
index 000000000000..471cdb844a00
--- /dev/null
+++ b/src/chrome/content/rules/divo.ru.xml
@@ -0,0 +1,23 @@
+<!--
+divo.ru ⁴
+www.marketing.divo.ru ⁴
+mo.divo.ru ⁴
+www.musobl.divo.ru/: (35, 'error:14077458:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 unrecognized name')
+
+
+⁴ self signed
+-->
+<ruleset name="divo.ru">
+	<target host="www.divo.ru" />
+	<target host="d.divo.ru" />
+	<target host="lc.divo.ru" />
+	<target host="osmp.divo.ru" />
+	<target host="t.divo.ru" />
+
+	<target host="divo.ru" />
+
+	<rule from="^http://divo\.ru/"
+		to="https://www.divo.ru/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/dizzyjam.com.xml b/src/chrome/content/rules/dizzyjam.com.xml
new file mode 100644
index 000000000000..428882dd7861
--- /dev/null
+++ b/src/chrome/content/rules/dizzyjam.com.xml
@@ -0,0 +1,47 @@
+<!--
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- .dizzyjam.com
+		- www.dizzyjam.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- iframe from player.vimeo.com ˢ
+		- Images from $self ˢ
+		- favicon from $self ˢ
+		- Bug from www.facebook.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Dizzyjam.com">
+
+	<target host="dizzyjam.com" />
+	<target host="www.dizzyjam.com" />
+
+		<!--	Sets cookie without Secure;
+			mixed images, bug:
+						-->
+		<!--test url="http://www.dizzyjam.com/blog/" /-->
+
+		<!--	Sets cookie without Secure:
+							-->
+		<!--test url="http://www.dizzyjam.com/images/phpThumb.php/q=100;f=jpg;aoe=1;70x70;/var/devmedia/shops/shop13302/shop_logo/534337_10151326023259060_1812863688_n.jpg" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.dizzyjam\.com$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^www\.dizzyjam\.com$" name="^(?:[\da-f]{32}|wmp_load_app)$" /-->
+
+	<securecookie host="^\." name="^PHPSESSID" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/djoser.nl.xml b/src/chrome/content/rules/djoser.nl.xml
new file mode 100644
index 000000000000..11d64f448cfe
--- /dev/null
+++ b/src/chrome/content/rules/djoser.nl.xml
@@ -0,0 +1,30 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.djoser.nl
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Djoser.nl">
+
+	<target host="djoser.nl" />
+	<target host="boeken.djoser.nl" />
+	<target host="cache.djoser.nl" />
+	<target host="cache1.djoser.nl" />
+	<target host="cache2.djoser.nl" />
+	<target host="www.djoser.nl" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.djoser\.nl$" name="^(?:bucket_guidd|session_guid|session_guid_active)$" /-->
+
+	<securecookie host="^\." name="^_ga" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/dlang.org.xml b/src/chrome/content/rules/dlang.org.xml
new file mode 100644
index 000000000000..00bc7ffbf281
--- /dev/null
+++ b/src/chrome/content/rules/dlang.org.xml
@@ -0,0 +1,28 @@
+<!--
+	www.dlang.org: Mismatched
+
+-->
+<ruleset name="DLang.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="dlang.org" />
+	<target host="code.dlang.org" />
+	<target host="forum.dlang.org" />
+	<target host="wiki.dlang.org" />
+
+	<!--	Complications:
+				-->
+	<target host="www.dlang.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://www\.dlang\.org/"
+		to="https://dlang.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/dlink.ru.xml b/src/chrome/content/rules/dlink.ru.xml
new file mode 100644
index 000000000000..fd780745b9c0
--- /dev/null
+++ b/src/chrome/content/rules/dlink.ru.xml
@@ -0,0 +1,31 @@
+<!--
+dlink.ru ¹
+www.dlink.ru ¹
+em.dlink.ru ¹
+forum.dlink.ru ¹
+ftp.dlink.ru ¹
+fwupdate.dlink.ru ¹
+im.dlink.ru ³
+learn.dlink.ru ⁴
+newsite.dlink.ru ¹
+phorum.dlink.ru ¹
+support.dlink.ru ¹
+webdev.dlink.ru ¹
+translate.dev.dlink.ru different content
+baron.msk.dlink.ru different content
+
+
+¹ mismatch
+³ timed out
+⁴ incomplete certificate chain
+-->
+<ruleset name="dlink.ru (partial)">
+	<target host="b2b.dlink.ru" />
+	<target host="cloud.dlink.ru" />
+	<target host="mail.dlink.ru" />
+	<target host="mail.msk.dlink.ru" />
+	<target host="portal.dlink.ru" />
+	<target host="mail.rzn.dlink.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/dltags.com.xml b/src/chrome/content/rules/dltags.com.xml
new file mode 100644
index 000000000000..6a756550e631
--- /dev/null
+++ b/src/chrome/content/rules/dltags.com.xml
@@ -0,0 +1,20 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://dltags.com/ => https://dltags.com/: (7, 'Failed to connect to dltags.com port 443: Connection refused')
+Fetch error: http://www.dltags.com/ => https://www.dltags.com/: (7, 'Failed to connect to www.dltags.com port 443: Connection refused')
+
+-->
+<ruleset name="dltags.com" default_off="failed ruleset test">
+
+	<target host="dltags.com" />
+	<target host="www.dltags.com" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/dlvr.it.xml b/src/chrome/content/rules/dlvr.it.xml
new file mode 100644
index 000000000000..23e046734d04
--- /dev/null
+++ b/src/chrome/content/rules/dlvr.it.xml
@@ -0,0 +1,49 @@
+<!--
+	Invalid certificate:
+		dev.dlvr.it
+		mailtrack.dlvr.it
+		support.dlvr.it
+		feeds.promotedstories.com
+
+	Too many redirects:
+		www.dlvrit.com
+
+-->
+<ruleset name="dlvr.it">
+
+	<target host="dlvr.it" />
+	<target host="www.dlvr.it" />
+	<target host="api.dlvr.it" />
+		<test url="http://api.dlvr.it/1/help" />
+	<target host="app.dlvr.it" />
+	<target host="blog.dlvr.it" />
+	<target host="dev.dlvr.it" />
+	<target host="static.dlvr.it" />
+		<test url="http://static.dlvr.it/font-awesome/css/font-awesome.min.css" />
+	<target host="stories.dlvr.it" />
+	<target host="support.dlvr.it" />
+
+	<target host="dlvrit.com" />
+	<target host="www.dlvrit.com" />
+	<target host="api.dlvrit.com" />
+		<test url="http://api.dlvrit.com/1/help" />
+	<target host="app.dlvrit.com" />
+	<target host="blog.dlvrit.com" />
+	<target host="dev.dlvrit.com" />
+	<target host="static.dlvrit.com" />
+		<test url="http://static.dlvrit.com/font-awesome/css/font-awesome.min.css" />
+	<target host="support.dlvrit.com" />
+
+	<target host="promotedstories.com" />
+	<target host="www.promotedstories.com" />
+
+	<rule from="^http://(dev|support)\.dlvr\.it/"
+		to="https://$1.dlvrit.com/" />
+
+	<rule from="^http://www\.dlvrit\.com/"
+		to="https://dlvrit.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/dmalloc.com.xml b/src/chrome/content/rules/dmalloc.com.xml
new file mode 100644
index 000000000000..5a7df759c2c3
--- /dev/null
+++ b/src/chrome/content/rules/dmalloc.com.xml
@@ -0,0 +1,5 @@
+<ruleset name="dmalloc.com">
+	<target host="dmalloc.com" />
+	<target host="www.dmalloc.com" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/dmyv.de.xml b/src/chrome/content/rules/dmyv.de.xml
new file mode 100644
index 000000000000..b0e714d933ad
--- /dev/null
+++ b/src/chrome/content/rules/dmyv.de.xml
@@ -0,0 +1,32 @@
+<!--
+	No certificate:
+		cloud.dmyv.de
+
+	Not found:
+		www.foerderverein.dmyv.de
+		fuehrerscheine.dmyv.de
+		www.jugend.dmyv.de
+		www.nationalmannschaft.dmyv.de
+		www.pa-bodensee.dmyv.de
+-->
+<ruleset name="Deutscher Motoryachtverband">
+
+	<target host="dmyv.de" />
+	<target host="www.dmyv.de" />
+	<target host="bw.dmyv.de" />
+	<target host="dmj.dmyv.de" />
+	<target host="foerderverein.dmyv.de" />
+	<target host="hh.dmyv.de" />
+	<target host="ibs.dmyv.de" />
+	<target host="jugend.dmyv.de" />
+	<target host="nationalmannschaft.dmyv.de" />
+	<target host="nw.dmyv.de" />
+	<target host="pa-bodensee.dmyv.de" />
+	<target host="shop.dmyv.de" />
+	<target host="sponsoren.dmyv.de" />
+	<target host="st.dmyv.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/dn.se.xml b/src/chrome/content/rules/dn.se.xml
new file mode 100644
index 000000000000..c5bfb1b695c3
--- /dev/null
+++ b/src/chrome/content/rules/dn.se.xml
@@ -0,0 +1,83 @@
+<!--
+annons.dn.se ¹
+picsrv.annons.dn.se ³
+annonsinskick.dn.se ³
+asikt.dn.se ²
+www.bat.dn.se ³
+blogg.dn.se ⁶
+mobil.blogg.dn.se ⁶
+www.bostad.dn.se ³
+box.dn.se ³
+cdn-analysis-api.dn.se ¹
+cdn-content-api.dn.se ¹
+cdn-election-api.dn.se ¹
+cdn-stage-content-api.dn.se ¹
+cms.dn.se ³
+dagens.dn.se ¹
+dela.dn.se ³
+div.dn.se ²
+www.dnbors.dn.se ³
+dnkortet.dn.se ²
+edn.dn.se ³
+ext.dn.se ¹
+film.dn.se ³
+fokus.dn.se ¹
+grannar.dn.se ²
+img.dn.se ¹
+img02.dn.se ¹
+img03.dn.se ¹
+info.dn.se ¹
+kampanj.dn.se ¹
+konferens.dn.se ¹
+kristoffer.dn.se ¹
+lyncdiscover.dn.se ¹
+meet.dn.se ³
+t.mitt.dn.se ¹
+mtp.dn.se ³
+podcast.dn.se ⁶
+mobil.podcast.dn.se ⁶
+preview.dn.se ³
+reklamcupen.dn.se ⁵
+reserv.dn.se ¹
+sifomedia.dn.se ¹
+sip.dn.se ¹
+tv.dn.se ³
+video-cdn.dn.se ³
+webb.dn.se ¹
+www.www.dn.se ³
+bors.www.dn.se ³
+www.facebook.www.dn.se ³
+
+
+¹ mismatch
+² refused
+³ timed out
+⁵ expired
+⁶ redirect
+-->
+<ruleset name="dn.se">
+	<target host="dn.se" />
+	<target host="www.dn.se" />
+	<target host="app.dn.se" />
+	<target host="arkivet.dn.se" />
+	<target host="auth.dn.se" />
+	<target host="campaigner.dn.se" />
+	<target host="content.dn.se" />
+	<target host="dngranskar.dn.se" />
+	<target host="dnide.dn.se" />
+	<target host="fusion.dn.se" />
+	<target host="jagdelar.dn.se" />
+	<target host="jobb.dn.se" />
+	<target host="korsord.dn.se" />
+	<target host="kund.dn.se" />
+	<target host="kundservice.dn.se" />
+	<target host="m.dn.se" />
+	<target host="mobil.dn.se" />
+	<target host="pdf.dn.se" />
+	<target host="prio.dn.se" />
+	<target host="rekrytera.dn.se" />
+	<target host="upptack.dn.se" />
+	<target host="webmail.dn.se" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/dnainfo.com.xml b/src/chrome/content/rules/dnainfo.com.xml
new file mode 100644
index 000000000000..5aea3d3244cf
--- /dev/null
+++ b/src/chrome/content/rules/dnainfo.com.xml
@@ -0,0 +1,37 @@
+<!--
+	^dnainfo.com: Missing certificate chain
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.dnainfo.com
+
+-->
+<ruleset name="DNAinfo.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="assets.dnainfo.com" />
+	<target host="fluffyclouds.dnainfo.com" />
+	<target host="www.dnainfo.com" />
+
+	<!--	Complications:
+				-->
+	<target host="dnainfo.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.dnainfo\.com$" name="^dna_(?:context|os|subcontext)$" /-->
+
+	<securecookie host="^\." name="^__qca$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://dnainfo\.com/"
+		to="https://www.dnainfo.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/dndf.org.xml b/src/chrome/content/rules/dndf.org.xml
new file mode 100644
index 000000000000..47b82451ddab
--- /dev/null
+++ b/src/chrome/content/rules/dndf.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="dndf.org">
+
+	<target host="dndf.org" />
+	<target host="www.dndf.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/dns4torpnlfs2ifuz2s2yf3fc7rdmsbhm6rw75euj35pac6ap25zgqad.onion.xml b/src/chrome/content/rules/dns4torpnlfs2ifuz2s2yf3fc7rdmsbhm6rw75euj35pac6ap25zgqad.onion.xml
new file mode 100644
index 000000000000..5f5a99d478e6
--- /dev/null
+++ b/src/chrome/content/rules/dns4torpnlfs2ifuz2s2yf3fc7rdmsbhm6rw75euj35pac6ap25zgqad.onion.xml
@@ -0,0 +1,14 @@
+<!--
+	Other Cloudflare rulesets:
+		- Cloudflare.com.xml
+
+	Onion service can't be accessed over unencrypted HTTP connections.
+-->
+
+<ruleset name="dns4torpnlfs2ifuz2s2yf3fc7rdmsbhm6rw75euj35pac6ap25zgqad.onion">
+	<target host="dns4torpnlfs2ifuz2s2yf3fc7rdmsbhm6rw75euj35pac6ap25zgqad.onion" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/dnsrecords.io.xml b/src/chrome/content/rules/dnsrecords.io.xml
new file mode 100644
index 000000000000..1fe75eac39fa
--- /dev/null
+++ b/src/chrome/content/rules/dnsrecords.io.xml
@@ -0,0 +1,8 @@
+<ruleset name="dnsrecords.io">
+	<target host="dnsrecords.io" />
+	<target host="www.dnsrecords.io" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/docin.xml b/src/chrome/content/rules/docin.xml
new file mode 100644
index 000000000000..d5d6ebc02f2d
--- /dev/null
+++ b/src/chrome/content/rules/docin.xml
@@ -0,0 +1,45 @@
+<!--
+	Mismatched:
+		edu.docin.com
+
+		v.douding.cn
+
+	not enough values to unpack:
+		m.docin.com		https://travis-ci.org/EFForg/https-everywhere/jobs/470813317#L596
+		tm.docin.com	https://travis-ci.org/EFForg/https-everywhere/jobs/470813317#L597
+
+	Refused:
+		ayou.docin.com
+-->
+<ruleset name="docin">
+	<target host="docin.com"/>
+	<target host="www.docin.com"/>
+	<target host="admin.docin.com"/>
+	<target host="api.docin.com"/>
+	<target host="baogao.docin.com"/>
+	<target host="blog.docin.com"/>
+	<target host="bookshelf.docin.com"/>
+	<target host="docstore.docin.com"/>
+	<target host="hetong.docin.com"/>
+	<target host="huiyi.docin.com"/>
+	<target host="img.docin.com"/>
+	<target host="jz.docin.com"/>
+	<target host="manhua.docin.com"/>
+	<target host="shequ.docin.com"/>
+	<target host="shufang.docin.com"/>
+	<target host="stat.docin.com"/>
+	<target host="t.docin.com"/>
+	<target host="tbaogao.docin.com"/>
+	<target host="ttushu.docin.com"/>
+	<target host="tushu.docin.com"/>
+	<target host="tv.docin.com"/>
+	<target host="v.docin.com"/>
+	<target host="yiliao.docin.com"/>
+	<target host="zazhi.docin.com"/>
+
+	<target host="img1.douding.cn"/>
+	<target host="page.douding.cn"/>
+	<target host="st.douding.cn"/>
+
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/documentup.com.xml b/src/chrome/content/rules/documentup.com.xml
new file mode 100644
index 000000000000..d474d2fc855c
--- /dev/null
+++ b/src/chrome/content/rules/documentup.com.xml
@@ -0,0 +1,17 @@
+<!--
+www.documentup.com ¹
+domains such as <project>.<username>.documentup.com ¹
+
+
+¹ mismatch
+-->
+<ruleset name="documentup.com">
+	<target host="documentup.com" />
+
+	<target host="www.documentup.com" />
+
+	<rule from="^http://www\.documentup\.com/"
+		to="https://documentup.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/dodopizza.ru.xml b/src/chrome/content/rules/dodopizza.ru.xml
new file mode 100644
index 000000000000..6159f59c460d
--- /dev/null
+++ b/src/chrome/content/rules/dodopizza.ru.xml
@@ -0,0 +1,28 @@
+<!--
+www.refund.dodopizza.ru ¹
+www.test.dodopizza.ru ¹
+
+
+¹ mismatch
+-->
+<ruleset name="dodopizza.ru">
+	<target host="dodopizza.ru" />
+	<target host="www.dodopizza.ru" />
+	<target host="api.dodopizza.ru" />
+	<target host="auth.dodopizza.ru" />
+	<target host="backoffice.dodopizza.ru" />
+	<target host="dev-tech-auth.dodopizza.ru" />
+	<target host="fs.dodopizza.ru" />
+	<target host="help.dodopizza.ru" />
+	<target host="www.help.dodopizza.ru" />
+	<target host="job.dodopizza.ru" />
+	<target host="lt-stable-auth.dodopizza.ru" />
+	<target host="mail.dodopizza.ru" />
+	<target host="personal.dodopizza.ru" />
+	<target host="refund.dodopizza.ru" />
+	<target host="ru-stable-auth.dodopizza.ru" />
+	<target host="site.dodopizza.ru" />
+	<target host="test.dodopizza.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/dods.co.uk.xml b/src/chrome/content/rules/dods.co.uk.xml
new file mode 100644
index 000000000000..d43117d87f1c
--- /dev/null
+++ b/src/chrome/content/rules/dods.co.uk.xml
@@ -0,0 +1,21 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://media.dods.co.uk/ => https://media.dods.co.uk/: (60, 'SSL certificate problem: certificate has expired')
+
+	^dods.co.uk: refused
+	www.dods.co.uk: dropped
+
+-->
+<ruleset name="Dods.co.uk (partial)" default_off="failed ruleset test">
+
+	<target host="media.dods.co.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/dodsshop.co.uk.xml b/src/chrome/content/rules/dodsshop.co.uk.xml
new file mode 100644
index 000000000000..56e615f4c7fd
--- /dev/null
+++ b/src/chrome/content/rules/dodsshop.co.uk.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these domains: ᶜ
+
+		- .dodsshop.co.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Dods Shop.co.uk">
+
+	<target host="dodsshop.co.uk" />
+	<target host="www.dodsshop.co.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.dodsshop\.co\.uk$" name="^osCsid$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/doemeispp.org.xml b/src/chrome/content/rules/doemeispp.org.xml
new file mode 100644
index 000000000000..d094cb220e47
--- /dev/null
+++ b/src/chrome/content/rules/doemeispp.org.xml
@@ -0,0 +1,32 @@
+<!--
+	Minority Educational Institution Student Partnership Program
+
+
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- doemeispp.org
+		- www.doemeispp.org
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="DoE MEISPP.org">
+
+	<target host="doemeispp.org" />
+	<target host="www.doemeispp.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?doemeispp\.org$" name="^(?:JSESSIONID|cfid|cftoken)$" /-->
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/dof.gob.mx.xml b/src/chrome/content/rules/dof.gob.mx.xml
new file mode 100644
index 000000000000..6bf36db4a77d
--- /dev/null
+++ b/src/chrome/content/rules/dof.gob.mx.xml
@@ -0,0 +1,6 @@
+<ruleset name="dof.gob.mx">
+	<target host="dof.gob.mx" />
+	<target host="www.dof.gob.mx" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/doki.xml b/src/chrome/content/rules/doki.xml
new file mode 100644
index 000000000000..4b1b97ecf44d
--- /dev/null
+++ b/src/chrome/content/rules/doki.xml
@@ -0,0 +1,4 @@
+<ruleset name="Doki Fansubs">
+	<target host="doki.co" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/dol.gov-falsemixed.xml b/src/chrome/content/rules/dol.gov-falsemixed.xml
new file mode 100644
index 000000000000..b872cbb5305c
--- /dev/null
+++ b/src/chrome/content/rules/dol.gov-falsemixed.xml
@@ -0,0 +1,19 @@
+<!--
+	For rules not causing false/broken MCB, see dol.gov.xml.
+
+
+	NB: See https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="DoL.gov (false MCB)" platform="mixedcontent">
+
+	<target host="webapps.dol.gov" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/dol.gov.xml b/src/chrome/content/rules/dol.gov.xml
new file mode 100644
index 000000000000..bf2ddc5f5f8d
--- /dev/null
+++ b/src/chrome/content/rules/dol.gov.xml
@@ -0,0 +1,108 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://jobcorps.dol.gov/ => https://jobcorps.dol.gov/: (60, 'SSL certificate problem: certificate has expired')
+
+	United States Department of Labor
+
+	For rules causing false/broken MCB, see dol.gov-falsemixed.xml.
+
+
+
+	Nonfunctional hosts in *dol.gov:
+
+		- clear ʳ
+		- ogesdw ʳ
+		- s ⁴
+
+	⁴ 404
+	ʳ Refused
+
+
+	Problematic hosts in *dol.gov:
+
+		- ^ ⁴
+		- askebsa ᵐ
+		- developer ᵐ
+		- webapps ˣ
+
+	⁴ 404, preemptable redirect
+	ᵐ Mismatched
+	ˣ Mixed css, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+
+	These altnames do not exist:
+
+		- dr.endpoint.efast.dol.gov
+		- dr.www.efast.dol.gov
+		- oalj.dol.gov
+
+
+	Mixed content:
+
+		- css, on:
+
+			- developer from fonts.googleapis.com ˢ
+			- webapps from www.dol.gov ˢ
+
+		- Images, on:
+
+			- api, savingmatters from www.dol.gov ˢ
+			- www.oalj, www from $self ˢ
+
+		- favicon on api from www.dol.gov ˢ
+		- Bug on api from statse.webtrendslive.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="DoL.gov" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="blog.dol.gov" />
+	<target host="api.dol.gov" />
+	<target host="www.askebsa.dol.gov" />
+	<target host="devtools.dol.gov" />
+	<target host="edit.dol.gov" />
+	<target host="efast.dol.gov" />
+	<target host="endpoint.efast.dol.gov" />
+	<target host="www.efast.dol.gov" />
+	<target host="jobcorps.dol.gov" />
+	<target host="learninglink.dol.gov" />
+	<target host="www.oalj.dol.gov" />
+	<target host="oig.dol.gov" />
+	<target host="www.oig.dol.gov" />
+	<target host="savingmatters.dol.gov" />
+	<target host="staging.dol.gov" />
+	<target host="edit.staging.dol.gov" />
+	<target host="vets100.dol.gov" />
+	<target host="vets4212.dol.gov" />
+	<!--target host="webapps.dol.gov" /-->
+	<target host="www.dol.gov" />
+
+		<!--	$ 403s, so:
+					-->
+		<test url="http://devtools.dol.gov/developer" />
+		<test url="http://vets4212.dol.gov/vets4212" />
+
+		<!--	Mixed images:
+					-->
+		<!--test url="http://www.dol.gov/ebsa/contactEBSA/consumerassistance.html" /-->
+
+	<!--	Complications:
+				-->
+	<target host="dol.gov" />
+	<target host="askebsa.dol.gov" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://(askebsa\.)?dol\.gov/"
+		to="https://www.$1dol.gov/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/dolphin.com.xml b/src/chrome/content/rules/dolphin.com.xml
new file mode 100644
index 000000000000..ddedf0902b67
--- /dev/null
+++ b/src/chrome/content/rules/dolphin.com.xml
@@ -0,0 +1,13 @@
+<!--
+    Mixed content:
+        Seems to be everywhere a bit.
+-->
+<ruleset name="Dolphin Browser">
+    <target host="dolphin.com" />
+    <target host="www.dolphin.com" />
+
+  <securecookie host="^(www\.)?dolphin\.com$" name=".+" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/domaindiscount24.xml b/src/chrome/content/rules/domaindiscount24.xml
new file mode 100644
index 000000000000..53d44c1c4ddb
--- /dev/null
+++ b/src/chrome/content/rules/domaindiscount24.xml
@@ -0,0 +1,19 @@
+<!--
+	Covers domaindiscount24.com and domaindiscount24.net
+
+	No HTTPS support:
+		* wiki.domaindiscount24.com
+-->
+<ruleset name="Domain Discount 24">
+	<target host="domaindiscount24.com" />
+	<target host="www.domaindiscount24.com" />
+	<target host="domaindiscount24.net" />
+	<target host="www.domaindiscount24.net" />
+	<target host="webmail.domaindiscount24.com" />
+	<target host="login.domaindiscount24.com" />
+
+  <securecookie host="^(www\.|webmail\.|login\.)?domaindiscount24\.com$" name=".+" />
+
+  <rule from="^http:"
+          to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/domainer.ru.xml b/src/chrome/content/rules/domainer.ru.xml
new file mode 100644
index 000000000000..db3c6c2eea79
--- /dev/null
+++ b/src/chrome/content/rules/domainer.ru.xml
@@ -0,0 +1,13 @@
+<!--
+ns4.domainer.ru ²
+
+
+² refused
+-->
+<ruleset name="domainer.ru">
+	<target host="domainer.ru" />
+	<target host="www.domainer.ru" />
+	<target host="market.domainer.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/domainpunch.com.xml b/src/chrome/content/rules/domainpunch.com.xml
new file mode 100644
index 000000000000..f4032d14701c
--- /dev/null
+++ b/src/chrome/content/rules/domainpunch.com.xml
@@ -0,0 +1,32 @@
+<!--
+	Nonfunctional hosts in *domainpunch.com:
+
+		- blog ᵖ
+
+	ᵖ Plaintext reply
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- domainpunch.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Domain Punch.com">
+
+	<target host="domainpunch.com" />
+	<target host="www.domainpunch.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^domainpunch\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/domainshop.ru.xml b/src/chrome/content/rules/domainshop.ru.xml
new file mode 100644
index 000000000000..2db92be9657f
--- /dev/null
+++ b/src/chrome/content/rules/domainshop.ru.xml
@@ -0,0 +1,18 @@
+<!--
+ns1.domainshop.ru ¹
+ns2.domainshop.ru ¹
+ns3.domainshop.ru ¹
+
+
+¹ mismatch
+-->
+<ruleset name="domainshop.ru">
+	<target host="domainshop.ru" />
+	<target host="www.domainshop.ru" />
+	<target host="api.domainshop.ru" />
+	<target host="my.domainshop.ru" />
+	<target host="transfer.domainshop.ru" />
+	<target host="whois.domainshop.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/domainsite.com.xml b/src/chrome/content/rules/domainsite.com.xml
new file mode 100644
index 000000000000..917c92b95c1e
--- /dev/null
+++ b/src/chrome/content/rules/domainsite.com.xml
@@ -0,0 +1,22 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://domainsite.com/ => https://domainsite.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.domainsite.com/ => https://www.domainsite.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	For other Name.com coverage, see Name.com.xml.
+
+-->
+<ruleset name="DomainSite.com" default_off="failed ruleset test">
+
+	<target host="domainsite.com" />
+	<target host="www.domainsite.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/domashka.net.xml b/src/chrome/content/rules/domashka.net.xml
new file mode 100644
index 000000000000..024b6ecf4dc4
--- /dev/null
+++ b/src/chrome/content/rules/domashka.net.xml
@@ -0,0 +1,25 @@
+<!--
+domashka.net ²
+www.domashka.net ²
+banka.domashka.net ⁷
+bcast-ns-servers.domashka.net ³
+www.mail.domashka.net ¹
+alpha.mail.domashka.net ¹
+res1.domashka.net ⁷
+res2.domashka.net ⁷
+subnet-ns-servers.domashka.net ³
+test.domashka.net ¹
+
+
+¹ mismatch
+² refused
+³ timed out
+⁷ protocol error
+-->
+<ruleset name="domashka.net (partial)">
+	<target host="idisk.domashka.net" />
+	<target host="mail.domashka.net" />
+	<target host="stats.domashka.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/domeny.cz.xml b/src/chrome/content/rules/domeny.cz.xml
new file mode 100644
index 000000000000..aea2aa5d643a
--- /dev/null
+++ b/src/chrome/content/rules/domeny.cz.xml
@@ -0,0 +1,27 @@
+<!--
+	For other Active24.cz coverage, see active24.cz.xml.
+
+	Mismatched:
+		- (www.)devel.domeny.cz
+
+	Refused:
+		- podminky.domeny.cz
+		- partner.domeny.cz
+		- pravidla.domeny.cz
+		- zmeny.domeny.cz
+		- cenik.domeny.cz
+		- sk.domeny.cz
+		- prevod.domeny.cz
+		- whois.domeny.cz
+		- statistika.domeny.cz
+		- dm.domeny.cz
+
+	Timeout:
+		- default.domeny.cz
+-->
+<ruleset name="Domeny.cz">
+	<target host="domeny.cz" />
+	<target host="www.domeny.cz" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/domeny.sk.xml b/src/chrome/content/rules/domeny.sk.xml
new file mode 100644
index 000000000000..c3de07ab3204
--- /dev/null
+++ b/src/chrome/content/rules/domeny.sk.xml
@@ -0,0 +1,23 @@
+<!--
+	For other Active24.cz coverage, see active24.cz.xml.
+
+	Refused:
+		- email.domeny.sk
+		- napoveda.domeny.sk
+		- whois.domeny.sk
+		- hosting.domeny.sk
+		- vop.domeny.sk
+		- novinky.domeny.sk
+		- cennik.domeny.sk
+
+	Mismatched:
+		- cms.domeny.sk
+		- newsletter.domeny.sk
+		- (www.)devel.domeny.sk
+-->
+<ruleset name="Domeny.sk">
+	<target host="domeny.sk" />
+	<target host="www.domeny.sk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/domofond.ru.xml b/src/chrome/content/rules/domofond.ru.xml
new file mode 100644
index 000000000000..6f5ece300f29
--- /dev/null
+++ b/src/chrome/content/rules/domofond.ru.xml
@@ -0,0 +1,125 @@
+<!--
+em.domofond.ru ¹
+o1.em.domofond.ru ³
+email.domofond.ru ¹
+15-backup-storage-account.feature.domofond.ru ⁷
+admin.15-backup-storage-account.feature.domofond.ru ⁷
+images.15-backup-storage-account.feature.domofond.ru ⁷
+194-schemamarkupmissingpricepoa.feature.domofond.ru ⁷
+admin.194-schemamarkupmissingpricepoa.feature.domofond.ru ⁷
+images.194-schemamarkupmissingpricepoa.feature.domofond.ru ⁷
+21-notification-emails-for-ond.feature.domofond.ru ⁷
+admin.21-notification-emails-for-ond.feature.domofond.ru ⁷
+images.21-notification-emails-for-ond.feature.domofond.ru ⁷
+234-pikhomepagebranding.feature.domofond.ru ⁷
+admin.234-pikhomepagebranding.feature.domofond.ru ⁷
+images.234-pikhomepagebranding.feature.domofond.ru ⁷
+236-contactformcapture.feature.domofond.ru ⁷
+admin.236-contactformcapture.feature.domofond.ru ⁷
+images.236-contactformcapture.feature.domofond.ru ⁷
+238-unicombuttonremoval.feature.domofond.ru ⁷
+admin.238-unicombuttonremoval.feature.domofond.ru ⁷
+images.238-unicombuttonremoval.feature.domofond.ru ⁷
+admin.2628-transition-to-https-images.feature.domofond.ru ⁷
+280-adminadduser.feature.domofond.ru ⁷
+admin.280-adminadduser.feature.domofond.ru ⁷
+images.280-adminadduser.feature.domofond.ru ⁷
+3007-facetfreeinput.feature.domofond.ru ⁷
+admin.3007-facetfreeinput.feature.domofond.ru ⁷
+images.3007-facetfreeinput.feature.domofond.ru ⁷
+3101-avm.feature.domofond.ru ⁷
+admin.3101-avm.feature.domofond.ru ⁷
+images.3101-avm.feature.domofond.ru ⁷
+3202-mobileupdates.feature.domofond.ru ⁷
+admin.3202-mobileupdates.feature.domofond.ru ⁷
+images.3202-mobileupdates.feature.domofond.ru ⁷
+3203-ndimagetile.feature.domofond.ru ⁷
+admin.3203-ndimagetile.feature.domofond.ru ⁷
+images.3203-ndimagetile.feature.domofond.ru ⁷
+3205-ndhomepage.feature.domofond.ru ⁷
+admin.3205-ndhomepage.feature.domofond.ru ⁷
+images.3205-ndhomepage.feature.domofond.ru ⁷
+3207-ndstickybar.feature.domofond.ru ⁷
+admin.3207-ndstickybar.feature.domofond.ru ⁷
+images.3207-ndstickybar.feature.domofond.ru ⁷
+33-manual-account-validation.feature.domofond.ru ⁷
+admin.33-manual-account-validation.feature.domofond.ru ⁷
+3301-scraperdetection.feature.domofond.ru ⁷
+admin.3301-scraperdetection.feature.domofond.ru ⁷
+images.3301-scraperdetection.feature.domofond.ru ⁷
+3304-yandexdirect.feature.domofond.ru ⁷
+admin.3304-yandexdirect.feature.domofond.ru ⁷
+images.3304-yandexdirect.feature.domofond.ru ⁷
+3305-ndoptimiseunits.feature.domofond.ru ⁷
+admin.3305-ndoptimiseunits.feature.domofond.ru ⁷
+images.3305-ndoptimiseunits.feature.domofond.ru ⁷
+3306-numberoverride.feature.domofond.ru ⁷
+admin.3306-numberoverride.feature.domofond.ru ⁷
+images.3306-numberoverride.feature.domofond.ru ⁷
+3307-isofficial.feature.domofond.ru ⁷
+admin.3307-isofficial.feature.domofond.ru ⁷
+images.3307-isofficial.feature.domofond.ru ⁷
+3309-buildingfilter.feature.domofond.ru ⁷
+admin.3309-buildingfilter.feature.domofond.ru ⁷
+images.3309-buildingfilter.feature.domofond.ru ⁷
+3310-agencystats.feature.domofond.ru ⁷
+admin.3310-agencystats.feature.domofond.ru ⁷
+3311-facetedheading.feature.domofond.ru ⁷
+admin.3311-facetedheading.feature.domofond.ru ⁷
+3312-emailperformance.feature.domofond.ru ⁷
+admin.3312-emailperformance.feature.domofond.ru ⁷
+3314-articleeditor.feature.domofond.ru ⁷
+admin.3314-articleeditor.feature.domofond.ru ⁷
+3400-newmaintenance.feature.domofond.ru ⁷
+admin.3400-newmaintenance.feature.domofond.ru ⁷
+3402-ndpromotion.feature.domofond.ru ⁷
+admin.3402-ndpromotion.feature.domofond.ru ⁷
+3403-qualityscore.feature.domofond.ru ⁷
+admin.3403-qualityscore.feature.domofond.ru ⁷
+3404-pricereportpage.feature.domofond.ru ⁷
+admin.3404-pricereportpage.feature.domofond.ru ⁷
+3406-autosearchpromotion.feature.domofond.ru ⁷
+admin.3406-autosearchpromotion.feature.domofond.ru ⁷
+3408-ndmarketing.feature.domofond.ru ⁷
+admin.3408-ndmarketing.feature.domofond.ru ⁷
+3409-turnonmapfeatures.feature.domofond.ru ⁷
+admin.3409-turnonmapfeatures.feature.domofond.ru ⁷
+3420-listingcountcasing.feature.domofond.ru ⁷
+admin.3420-listingcountcasing.feature.domofond.ru ⁷
+3509-mortgagecalculator.feature.domofond.ru ⁷
+admin.3509-mortgagecalculator.feature.domofond.ru ⁷
+3511-placelistingupdate.feature.domofond.ru ⁷
+admin.3511-placelistingupdate.feature.domofond.ru ⁷
+3512-aboutpageupdate.feature.domofond.ru ⁷
+admin.3512-aboutpageupdate.feature.domofond.ru ⁷
+385-rentalcalculationbug.feature.domofond.ru ⁷
+admin.385-rentalcalculationbug.feature.domofond.ru ⁷
+43-rentalcommissiondeposit.feature.domofond.ru ⁷
+admin.43-rentalcommissiondeposit.feature.domofond.ru ⁷
+62-mobile-service-7.feature.domofond.ru ⁷
+admin.62-mobile-service-7.feature.domofond.ru ⁷
+64-galleries.feature.domofond.ru ⁷
+admin.64-galleries.feature.domofond.ru ⁷
+76-newadslots.feature.domofond.ru ⁷
+admin.76-newadslots.feature.domofond.ru ⁷
+m.domofond.ru ⁶
+zarubezhom.domofond.ru ⁷
+
+
+¹ mismatch
+³ timed out
+⁶ redirect
+⁷ protocol error
+-->
+<ruleset name="domofond.ru">
+	<target host="domofond.ru" />
+	<target host="www.domofond.ru" />
+	<target host="images.branch.domofond.ru" />
+	<target host="images.domofond.ru" />
+	<target host="pik.domofond.ru" />
+	<target host="services.domofond.ru" />
+	<target host="ww.domofond.ru" />
+	<target host="wwww.domofond.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/domonet.ua.xml b/src/chrome/content/rules/domonet.ua.xml
new file mode 100644
index 000000000000..8736dd306105
--- /dev/null
+++ b/src/chrome/content/rules/domonet.ua.xml
@@ -0,0 +1,50 @@
+<!--
+aaa2.domonet.ua ⁴
+aserver7.domonet.ua/: (7, 'Failed to connect to aserver7.domonet.ua port 443: Network is unreachable')
+boy-aserver1.domonet.ua ²
+boy-nat1.domonet.ua ²
+git2.domonet.ua ⁵
+guest-kiev.domonet.ua ²
+kh-nat1-2012.domonet.ua ³
+maas.domonet.ua ³
+my2.domonet.ua ³
+nat10-khmel-86.domonet.ua ⁷
+nat12.domonet.ua ²
+nat12-test.domonet.ua ²
+nat5-luna-84.domonet.ua ²
+nat6-other-38x.domonet.ua ²
+nat7-yanvar-82.domonet.ua ²
+nat8-nauki-87.domonet.ua ²
+nat9-vasilkov-81.domonet.ua ²
+od-nat1-501.domonet.ua ²
+parking.domonet.ua ²
+parking0.domonet.ua ²
+pay.domonet.ua ⁴
+test.domonet.ua ²
+unifi.domonet.ua ³
+vmnat.domonet.ua ²
+wiki.domonet.ua ³
+my0.domonet.ua different content
+
+
+² refused
+³ timed out
+⁴ self signed
+⁵ expired
+⁷ protocol error
+-->
+<ruleset name="domonet.ua">
+	<target host="domonet.ua" />
+	<target host="www.domonet.ua" />
+	<target host="ac2.domonet.ua" />
+	<target host="boyarka.domonet.ua" />
+	<target host="git.domonet.ua" />
+	<target host="kh.domonet.ua" />
+	<target host="my.domonet.ua" />
+	<target host="my1.domonet.ua" />
+	<target host="od.domonet.ua" />
+	<target host="vita.domonet.ua" />
+	<target host="vms.domonet.ua" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/domtele.com.xml b/src/chrome/content/rules/domtele.com.xml
new file mode 100644
index 000000000000..919276dadc32
--- /dev/null
+++ b/src/chrome/content/rules/domtele.com.xml
@@ -0,0 +1,16 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://domtele.com/ => https://domtele.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.domtele.com/ => https://www.domtele.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+dev.domtele.com mismatch
+-->
+<ruleset name="domtele.com" default_off="failed ruleset test">
+	<target host="domtele.com" />
+	<target host="www.domtele.com" />
+	<target host="my.domtele.com" />
+	<target host="webmail.domtele.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/donejs.com.xml b/src/chrome/content/rules/donejs.com.xml
new file mode 100644
index 000000000000..f5761d8a5afc
--- /dev/null
+++ b/src/chrome/content/rules/donejs.com.xml
@@ -0,0 +1,32 @@
+<!--
+	Nonfunctional hosts in *donejs.com:
+
+		- forums ʳ
+
+	ʳ Refused
+
+
+	www.donejs.com: Mismatched
+
+-->
+<ruleset name="donejs.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="donejs.com" />
+
+	<!--	Complications:
+				-->
+	<target host="www.donejs.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://www\.donejs\.com/"
+		to="https://donejs.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/dongleauth.info.xml b/src/chrome/content/rules/dongleauth.info.xml
new file mode 100644
index 000000000000..405cd249b33b
--- /dev/null
+++ b/src/chrome/content/rules/dongleauth.info.xml
@@ -0,0 +1,11 @@
+<!--
+	Invalid Certificate:
+		dongleauth.info
+-->
+<ruleset name="dongleauth.info">
+	<target host="dongleauth.info" />
+	<target host="www.dongleauth.info" />
+
+	<rule from="^http://dongleauth\.info/" to="https://www.dongleauth.info/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/donmai.us.xml b/src/chrome/content/rules/donmai.us.xml
new file mode 100644
index 000000000000..d319c43a837f
--- /dev/null
+++ b/src/chrome/content/rules/donmai.us.xml
@@ -0,0 +1,17 @@
+<!--
+  Redirect (www.)donmai.us to danbooru.donmai.us for HTTPS coverage.
+  It's technically the same site, but the former gives a bad cert domain error.
+  The cookies weren't secured either by the server.
+-->
+
+<ruleset name="donmai.us">
+  <target host="donmai.us" />
+  <target host="www.donmai.us" />
+  <target host="danbooru.donmai.us" />
+  <target host="safebooru.donmai.us" />
+
+  <securecookie host="^(?:danbooru|safebooru)?\.donmai\.us$" name=".+" />
+
+  <rule from="^http://(www\.)?donmai\.us/" to="https://danbooru.donmai.us/" />
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/dontbreakourphones.org.xml b/src/chrome/content/rules/dontbreakourphones.org.xml
new file mode 100644
index 000000000000..0e307cb6983d
--- /dev/null
+++ b/src/chrome/content/rules/dontbreakourphones.org.xml
@@ -0,0 +1,21 @@
+<!--
+	For other Fight for the Future coverage, see Fight-for-the-Future.xml.
+
+	Invalid certificate:
+		dontbreakourphones.org
+
+-->
+<ruleset name="Dont break our phones.org">
+
+	<target host="dontbreakourphones.org" />
+	<target host="www.dontbreakourphones.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://dontbreakourphones\.org/"
+		to="https://www.dontbreakourphones.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/donttrack.us.xml b/src/chrome/content/rules/donttrack.us.xml
new file mode 100644
index 000000000000..dbb77ef4171f
--- /dev/null
+++ b/src/chrome/content/rules/donttrack.us.xml
@@ -0,0 +1,11 @@
+<!-- This domain is related to DuckDuckGo.com (see also DuckDuckGo.xml). -->
+<ruleset name="donttrack.us">
+
+	<target host="donttrack.us" />
+	<target host="www.donttrack.us" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/dorar.net.xml b/src/chrome/content/rules/dorar.net.xml
new file mode 100644
index 000000000000..6cdf8db415c7
--- /dev/null
+++ b/src/chrome/content/rules/dorar.net.xml
@@ -0,0 +1,8 @@
+<ruleset name="dorar.net">
+	<target host="dorar.net" />
+	<target host="www.dorar.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/dorsetalert.co.uk.xml b/src/chrome/content/rules/dorsetalert.co.uk.xml
new file mode 100644
index 000000000000..58c9f4fc7751
--- /dev/null
+++ b/src/chrome/content/rules/dorsetalert.co.uk.xml
@@ -0,0 +1,13 @@
+<ruleset name="Dorset Alert.co.uk">
+
+	<target host="dorsetalert.co.uk" />
+	<target host="www.dorsetalert.co.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/dosbox.xml b/src/chrome/content/rules/dosbox.xml
new file mode 100644
index 000000000000..a582869c6bbc
--- /dev/null
+++ b/src/chrome/content/rules/dosbox.xml
@@ -0,0 +1,13 @@
+<ruleset name="DOSbox">
+	<target host="dosbox.com"/>
+	<target host="www.dosbox.com"/>
+	<target host="vogons.org"/>
+	<target host="www.vogons.org"/>
+	<target host="gkpatches.vogons.org"/>
+	<!--source.dosbox.com times out-->
+	<test url="http://www.dosbox.com/download.php?main=1/"/>
+	<test url="http://www.dosbox.com/wiki/"/>
+	<securecookie host=".+" name=".+" />
+	<rule from="^http:" to="https:"/>
+</ruleset>
+
diff --git a/src/chrome/content/rules/dot.swiss.xml b/src/chrome/content/rules/dot.swiss.xml
new file mode 100644
index 000000000000..be94320e663a
--- /dev/null
+++ b/src/chrome/content/rules/dot.swiss.xml
@@ -0,0 +1,21 @@
+<!--
+	For other swiss government coverage, see swissgov.xml.
+
+	Mismatch:
+		- 8.swiss
+		- 1.8.swiss
+		- ^nic.swiss
+-->
+<ruleset name="dot.swiss">
+	<target host="dot.swiss" />
+	<target host="www.dot.swiss" />
+	<target host="nic.swiss" />
+	<target host="www.nic.swiss" />
+	<target host="cp.nic.swiss" />
+	<target host="whois.nic.swiss" />
+
+	<rule from="^http://nic\.swiss/"
+		to="https://www.nic.swiss/" />
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/dota2.ru.xml b/src/chrome/content/rules/dota2.ru.xml
new file mode 100644
index 000000000000..20a02add9b4a
--- /dev/null
+++ b/src/chrome/content/rules/dota2.ru.xml
@@ -0,0 +1,12 @@
+<!--
+mlr.dota2.ru ²
+
+
+² refused
+-->
+<ruleset name="dota2.ru">
+	<target host="dota2.ru" />
+	<target host="www.dota2.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/dotcom-tools.com.xml b/src/chrome/content/rules/dotcom-tools.com.xml
new file mode 100644
index 000000000000..57498fb18e51
--- /dev/null
+++ b/src/chrome/content/rules/dotcom-tools.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="dotcom-tools.com">
+	<target host="dotcom-tools.com" />
+	<target host="www.dotcom-tools.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/dotnetkicks.com.xml b/src/chrome/content/rules/dotnetkicks.com.xml
new file mode 100644
index 000000000000..7aa25cd9ed2d
--- /dev/null
+++ b/src/chrome/content/rules/dotnetkicks.com.xml
@@ -0,0 +1,24 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .dotnetkicks.com
+
+-->
+<ruleset name="DotNetKicks.com">
+
+	<target host="dotnetkicks.com" />
+	<target host="www.dotnetkicks.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.dotnetkicks\.com$" name="^(?:__cfduid|ARRAffiniy|cf_clearance)$" /-->
+
+	<securecookie host="^\." name="^(?:__cfduid|ARRAffiniy|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/douban.fm.xml b/src/chrome/content/rules/douban.fm.xml
new file mode 100644
index 000000000000..4f413b987248
--- /dev/null
+++ b/src/chrome/content/rules/douban.fm.xml
@@ -0,0 +1,14 @@
+<!--
+	Mismatched:
+		www.douban.fm
+-->
+<ruleset name="Douban.fm">
+	<target host="douban.fm" />
+	<target host="www.douban.fm" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://www\.douban\.fm/" to="https://douban.fm/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/doubanio.com.xml b/src/chrome/content/rules/doubanio.com.xml
new file mode 100644
index 000000000000..a05ca720e07c
--- /dev/null
+++ b/src/chrome/content/rules/doubanio.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Protocol Error:
+		- intowow.doubanio.com
+
+	Mismatch:
+		- *.boomerang.doubanio.com
+-->
+<ruleset name="Doubanio.com">
+	<target host="bs3.doubanio.com" />
+	<target host="ga.doubanio.com" />
+	<target host="mr3.doubanio.com" />
+	<target host="img1.doubanio.com" />
+		<test url="http://img1.doubanio.com/view/site/small/public/a02c1738a42d38a.jpg" />
+	<target host="img3.doubanio.com" />
+		<test url="http://img3.doubanio.com/f/shire/a1fdee122b95748d81cee426d717c05b5174fe96/pics/blank.gif" />
+	<target host="mr1.doubanio.com" />
+	<target host="pypi.doubanio.com" />
+	<target host="qnypy.doubanio.com" />
+		<test url="http://qnypy.doubanio.com/201603251646582012__m" />
+	<target host="s.doubanio.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/dp.ru.xml b/src/chrome/content/rules/dp.ru.xml
new file mode 100644
index 000000000000..6378dbff90c0
--- /dev/null
+++ b/src/chrome/content/rules/dp.ru.xml
@@ -0,0 +1,20 @@
+<!--
+dp.ru redirect
+www.dp.ru redirect
+blog.dp.ru redirect
+dostavka.dp.ru refused
+m.dp.ru redirect
+nb.dp.ru mismatch
+nevsky.dp.ru redirect
+whoiswho.dp.ru redirect
+story.dp.ru mismatch
+adv.dp.ru mismatch
+intranet.dp.ru timed out
+news.nb.dp.ru mismatch
+-->
+<ruleset name="dp.ru (partial)">
+	<target host="old.dp.ru" />
+	<target host="subscribe.dp.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/dpd.co.uk.xml b/src/chrome/content/rules/dpd.co.uk.xml
new file mode 100644
index 000000000000..0cff7869ed83
--- /dev/null
+++ b/src/chrome/content/rules/dpd.co.uk.xml
@@ -0,0 +1,19 @@
+<!--
+	Mismatch:
+		- www.careers.dpd.co.uk
+		- help.dpd.co.uk
+		- help-sae.dpd.co.uk
+		- m.dpd.co.uk
+		- sales.dpd.co.uk
+-->
+<ruleset name="dpd.co.uk">
+	<target host="dpd.co.uk" />
+	<target host="www.dpd.co.uk" />
+	<target host="careers.dpd.co.uk" />
+		<target host="www.careers.dpd.co.uk" />
+		<rule from="^http://www\.careers\.dpd\.co\.uk/"
+			to="https://careers.dpd.co.uk/" />
+	<target host="drivers.dpd.co.uk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/dpfile.com.xml b/src/chrome/content/rules/dpfile.com.xml
new file mode 100644
index 000000000000..7b78a763ea07
--- /dev/null
+++ b/src/chrome/content/rules/dpfile.com.xml
@@ -0,0 +1,50 @@
+<!--
+
+	Related:	dianping.com.xml
+
+	Mismatch:
+		^dpfile.com
+
+		(i|j|m|si|t)\d+.(s(1|3).)?dpfile.com	(They are equal to each others. However, i2 and \w+.s2 have https.)
+
+	No exist:
+		(m|si)\d+.dpfile.com
+-->
+
+<ruleset name="dpfile.com">
+
+	<rule from="^http://(qcloud|www)\.dpfile\.com/" to="https://$1.dpfile.com/" />
+		<test url="http://qcloud.dpfile.com/pc/xgj785KvGaskMqMkEijIVI3qV67QyBeWSmzHlLUmvqAW2o0Pn5aTguX_PQEudt5rtOnd3gXQdDYlAqlaVaAFeZ0rYYyiRo_EhzufqWWjTjs.jpg" />
+		<test url="http://www.dpfile.com/sc/image/31010502000052.png" />
+
+	<target host="*.dpfile.com" />
+
+	<rule from="^http://(i|j|m|si|t)(\d+)\.(s1\.|s2\.|s3\.)?dpfile\.com/" to="https://i2.dpfile.com/" />
+	<exclusion pattern="^http://m\d+\.dpfile\.com/" />
+	<exclusion pattern="^http://si\d+\.dpfile\.com/" />
+
+		<test url="http://i1.dpfile.com/s/res/gongshang.73ce6165acedcdd46fa558bcf59aa974.gif" />
+		<test url="http://j1.dpfile.com/s/res/gongshang.73ce6165acedcdd46fa558bcf59aa974.gif" />
+		<test url="http://m1.dpfile.com/s/res/gongshang.73ce6165acedcdd46fa558bcf59aa974.gif" />
+		<test url="http://si1.dpfile.com/s/res/gongshang.73ce6165acedcdd46fa558bcf59aa974.gif" />
+		<test url="http://t1.dpfile.com/s/res/gongshang.73ce6165acedcdd46fa558bcf59aa974.gif" />
+
+		<test url="http://i1.s1.dpfile.com/s/res/gongshang.73ce6165acedcdd46fa558bcf59aa974.gif" />
+		<test url="http://j1.s1.dpfile.com/s/res/gongshang.73ce6165acedcdd46fa558bcf59aa974.gif" />
+		<test url="http://m1.s1.dpfile.com/s/res/gongshang.73ce6165acedcdd46fa558bcf59aa974.gif" />
+		<test url="http://si1.s1.dpfile.com/s/res/gongshang.73ce6165acedcdd46fa558bcf59aa974.gif" />
+		<test url="http://t1.s1.dpfile.com/s/res/gongshang.73ce6165acedcdd46fa558bcf59aa974.gif" />
+
+		<test url="http://i1.s2.dpfile.com/s/res/gongshang.73ce6165acedcdd46fa558bcf59aa974.gif" />
+		<test url="http://j1.s2.dpfile.com/s/res/gongshang.73ce6165acedcdd46fa558bcf59aa974.gif" />
+		<test url="http://m1.s2.dpfile.com/s/res/gongshang.73ce6165acedcdd46fa558bcf59aa974.gif" />
+		<test url="http://si1.s2.dpfile.com/s/res/gongshang.73ce6165acedcdd46fa558bcf59aa974.gif" />
+		<test url="http://t1.s2.dpfile.com/s/res/gongshang.73ce6165acedcdd46fa558bcf59aa974.gif" />
+
+		<test url="http://i1.s3.dpfile.com/s/res/gongshang.73ce6165acedcdd46fa558bcf59aa974.gif" />
+		<test url="http://j1.s3.dpfile.com/s/res/gongshang.73ce6165acedcdd46fa558bcf59aa974.gif" />
+		<test url="http://m1.s3.dpfile.com/s/res/gongshang.73ce6165acedcdd46fa558bcf59aa974.gif" />
+		<test url="http://si1.s3.dpfile.com/s/res/gongshang.73ce6165acedcdd46fa558bcf59aa974.gif" />
+		<test url="http://t1.s3.dpfile.com/s/res/gongshang.73ce6165acedcdd46fa558bcf59aa974.gif" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/dpstatic.com.xml b/src/chrome/content/rules/dpstatic.com.xml
new file mode 100644
index 000000000000..520870543ede
--- /dev/null
+++ b/src/chrome/content/rules/dpstatic.com.xml
@@ -0,0 +1,24 @@
+<!--
+	For other Digital Point Solutions coverage, see Digital_Point_Solutions.xml.
+
+
+	Note: platform is so as not to increase non-Tor
+	distinguishability, given that no pages are covered
+	and no mixed content secured.
+
+-->
+<ruleset name="DPstatic.com" platform="mixedcontent">
+
+	<target host="x.dpstatic.com" />
+
+		<test url="http://x.dpstatic.com/misc/pins/red1.png" />
+
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/draisberghof.de.xml b/src/chrome/content/rules/draisberghof.de.xml
new file mode 100644
index 000000000000..b4a2b030083f
--- /dev/null
+++ b/src/chrome/content/rules/draisberghof.de.xml
@@ -0,0 +1,5 @@
+<ruleset name="draisberghof.de">
+	<target host="www.draisberghof.de" />
+	<target host="draisberghof.de" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/drapt.com.xml b/src/chrome/content/rules/drapt.com.xml
new file mode 100644
index 000000000000..f0271c5674be
--- /dev/null
+++ b/src/chrome/content/rules/drapt.com.xml
@@ -0,0 +1,33 @@
+<!--
+	Insecure cookies are set for these domains: ᶜ
+
+		- .drapt.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- iframe on (www.)? from news.drapt.com
+		- Images on (www.)? from www.drapt.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="DrApt.com" platform="mixedcontent">
+
+	<target host="drapt.com" />
+	<target host="www.drapt.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.drapt\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/dreambox.com.xml b/src/chrome/content/rules/dreambox.com.xml
new file mode 100644
index 000000000000..cd32c11128a7
--- /dev/null
+++ b/src/chrome/content/rules/dreambox.com.xml
@@ -0,0 +1,82 @@
+<!--
+	Nonfunctional hosts in *dreambox.com:
+
+		- clientsuccess ᵈ
+		- ondemand *
+
+	* Prints "OK"
+	ᵈ Dropped
+
+
+	Problematic hosts in *dreambox.com:
+
+		- www-static ⁴
+		- www2 ᵐ
+
+	⁴ 404, equivalent to another domain
+	ᵐ Pardot / mismatched
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- www, www2 from $self ˢ
+			- www2 from storage.pardot.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="DreamBox.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="dreambox.com" />
+	<target host="support.dreambox.com" />
+	<target host="www.dreambox.com" />
+
+	<!--	Complications:
+				-->
+	<target host="www-static.dreambox.com" />
+	<target host="www2.dreambox.com" />
+
+		<exclusion pattern="^http://www2\.dreambox\.com/(?!/*(?:$|\?|[els]/|emailPreference/|unsubscribe/|webmail/))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www2.dreambox.com/default.asp" />
+			<test url="http://www2.dreambox.com/default.aspx" />
+			<test url="http://www2.dreambox.com/favicon.ico" />
+			<test url="http://www2.dreambox.com/home.htm" />
+			<test url="http://www2.dreambox.com/home.html" />
+			<test url="http://www2.dreambox.com/home.jsp" />
+			<test url="http://www2.dreambox.com/home.php" />
+			<test url="http://www2.dreambox.com/index.htm" />
+			<test url="http://www2.dreambox.com/index.html" />
+
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^(?!www2\.)\w" name=".+" />
+
+
+	<rule from="^http://www-static\.dreambox\.com/"
+		to="https://www.dreambox.com/" />
+
+	<!--	Redirect drops args and forward slash and args:
+								-->
+	<rule from="^http://www2\.dreambox\.com/+(?:\?.*)?$"
+		to="https://www.dreambox.com/" />
+
+		<test url="http://www2.dreambox.com/?" />
+
+	<rule from="^http://www2\.dreambox\.com/"
+		to="https://go.pardot.com/" />
+
+		<test url="http://www2.dreambox.com/e/14872/DreamBox-Learn/3qxbnc/398936752" />
+		<test url="http://www2.dreambox.com/l/14872/2016-02-15/66jx58/14872/136373/icon_facebook.png" />
+		<test url="http://www2.dreambox.com/webmail/14872/573891896/297f2b97450d4f64e045281a8570ec16" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/dreampoint.co.uk.xml b/src/chrome/content/rules/dreampoint.co.uk.xml
new file mode 100644
index 000000000000..4040d3d1e3c5
--- /dev/null
+++ b/src/chrome/content/rules/dreampoint.co.uk.xml
@@ -0,0 +1,11 @@
+<!--
+	Invalid certificate:
+		ftp.dreampoint.co.uk
+-->
+<ruleset name="dreampoint.co.uk">
+	<target host="dreampoint.co.uk" />
+	<target host="www.dreampoint.co.uk" />
+	<target host="mail.dreampoint.co.uk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/drillisch-online.de.xml b/src/chrome/content/rules/drillisch-online.de.xml
new file mode 100644
index 000000000000..782cbdb53e86
--- /dev/null
+++ b/src/chrome/content/rules/drillisch-online.de.xml
@@ -0,0 +1,14 @@
+<ruleset name="Drillisch-Online.de">
+
+	<target host="drillisch-online.de" />
+	<target host="www.drillisch-online.de" />
+	<target host="imagepool.drillisch-online.de" />
+	<target host="news.drillisch-online.de" />
+	<target host="nl.drillisch-online.de" />
+	<target host="service.drillisch-online.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/drive.ru.xml b/src/chrome/content/rules/drive.ru.xml
new file mode 100644
index 000000000000..80026099d2f3
--- /dev/null
+++ b/src/chrome/content/rules/drive.ru.xml
@@ -0,0 +1,6 @@
+<ruleset name="drive.ru">
+	<target host="drive.ru" />
+	<target host="www.drive.ru" />
+	<target host="test.drive.ru" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/driving.co.uk.xml b/src/chrome/content/rules/driving.co.uk.xml
new file mode 100644
index 000000000000..070413360b06
--- /dev/null
+++ b/src/chrome/content/rules/driving.co.uk.xml
@@ -0,0 +1,37 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://www.driving.co.uk/ (200) => https://www.driving.co.uk/ (403)
+
+	For other News Corporation coverage, see News-Corporation.xml.
+
+
+	Mixed content:
+
+		- Images from pbs.twimg.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Driving.co.uk" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.driving.co.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="driving.co.uk" />
+
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://driving\.co\.uk/"
+		to="https://www.driving.co.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/drmemory.org.xml b/src/chrome/content/rules/drmemory.org.xml
new file mode 100644
index 000000000000..136dbf808f60
--- /dev/null
+++ b/src/chrome/content/rules/drmemory.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="drmemory.org">
+	<target host="drmemory.org" />
+	<target host="www.drmemory.org" />
+	<target host="autodiscover.drmemory.org" />
+	<target host="webdisk.drmemory.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/dsmltools.org.xml b/src/chrome/content/rules/dsmltools.org.xml
new file mode 100644
index 000000000000..bd99c8de3eee
--- /dev/null
+++ b/src/chrome/content/rules/dsmltools.org.xml
@@ -0,0 +1,16 @@
+<!--
+	^dsmltools.org does not exist.
+
+-->
+<ruleset name="DSMLTools.org">
+
+	<target host="www.dsmltools.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/dts-nachrichtenagentur.de.xml b/src/chrome/content/rules/dts-nachrichtenagentur.de.xml
new file mode 100644
index 000000000000..ff1f87d64926
--- /dev/null
+++ b/src/chrome/content/rules/dts-nachrichtenagentur.de.xml
@@ -0,0 +1,9 @@
+<ruleset name="dts Nachrichtenagentur">
+
+	<target host="dts-nachrichtenagentur.de" />
+	<target host="www.dts-nachrichtenagentur.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/dtvp.de.xml b/src/chrome/content/rules/dtvp.de.xml
new file mode 100644
index 000000000000..b006361b92f7
--- /dev/null
+++ b/src/chrome/content/rules/dtvp.de.xml
@@ -0,0 +1,14 @@
+<!--
+	Invalid certificate:
+		mailing.dtvp.de
+
+-->
+<ruleset name="DTVP.de">
+
+	<target host="dtvp.de" />
+	<target host="www.dtvp.de" />
+	<target host="demo.dtvp.de" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/du00.cc.xml b/src/chrome/content/rules/du00.cc.xml
new file mode 100644
index 000000000000..f3c9d2d992c3
--- /dev/null
+++ b/src/chrome/content/rules/du00.cc.xml
@@ -0,0 +1,25 @@
+<!--
+	Refused:
+		m.du00.cc
+
+	MCB:
+		www.du00.cc/read/(\d+)/(\d+)/(\d+)\.html
+
+	Note: Break the text to show.
+	The text from www.du00.cc/t/t.php?id=/$1&did=$2&qid=$3&page=0
+	UpgradeMixedcontent fix this issue.
+	See https://github.com/EFForg/https-everywhere/issues/8506
+-->
+
+<ruleset name="du00.cc" default_off="refused">
+	<target host="du00.cc" />
+
+	<target host="www.du00.cc" />
+		<exclusion pattern="^http://www\.du00\.cc/read/\d+/\d+/\d+\.html" />
+			<test url="http://www.du00.cc/read/39/39898/9502924.html" />
+			<test url="http://www.du00.cc/read/47/47751/11503878.html" />
+			<test url="http://www.du00.cc/read/67/67925/16855700.html" />
+			<test url="http://www.du00.cc/read/70/70200/17351417.html" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/duckduckhack.com.xml b/src/chrome/content/rules/duckduckhack.com.xml
new file mode 100644
index 000000000000..ee1977575d24
--- /dev/null
+++ b/src/chrome/content/rules/duckduckhack.com.xml
@@ -0,0 +1,20 @@
+<!--
+Main ruleset: DuckDuckGo.xml
+
+www.duckduckhack.com ¹
+
+
+¹ mismatch
+-->
+<ruleset name="duckduckhack.com">
+	<target host="duckduckhack.com" />
+	<target host="docs.duckduckhack.com" />
+	<target host="forum.duckduckhack.com" />
+
+	<target host="www.duckduckhack.com" />
+
+	<rule from="^http://www\.duckduckhack\.com/"
+		to="https://duckduckhack.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/dudleyfoi.org.uk.xml b/src/chrome/content/rules/dudleyfoi.org.uk.xml
new file mode 100644
index 000000000000..c46defe1c715
--- /dev/null
+++ b/src/chrome/content/rules/dudleyfoi.org.uk.xml
@@ -0,0 +1,27 @@
+<!--
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Insecure cookies are set for these hosts:
+
+		- dudleyfoi.org.uk
+		- www.dudleyfoi.org.uk
+
+-->
+<ruleset name="Dudley FoI.org.uk">
+
+	<target host="dudleyfoi.org.uk" />
+	<target host="www.dudleyfoi.org.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?dudleyfoi\.org\.uk$" name="^(?:accessType|validUser|validUval|webSystem)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/due-north.com.xml b/src/chrome/content/rules/due-north.com.xml
new file mode 100644
index 000000000000..057c55fb4298
--- /dev/null
+++ b/src/chrome/content/rules/due-north.com.xml
@@ -0,0 +1,18 @@
+<!--
+	(www.)?due-north.com: Shows default page
+
+-->
+<ruleset name="Due-North.com (partial)">
+
+	<target host="procontract.due-north.com" />
+	<target host="sebp.due-north.com" />
+	<target host="supplierhelp.due-north.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/duoshuo.com.xml b/src/chrome/content/rules/duoshuo.com.xml
new file mode 100644
index 000000000000..e33f0e17e02e
--- /dev/null
+++ b/src/chrome/content/rules/duoshuo.com.xml
@@ -0,0 +1,61 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://duoshuo.com/ => https://duoshuo.com/: (6, 'Could not resolve host: duoshuo.com')
+Fetch error: http://www.duoshuo.com/ => https://www.duoshuo.com/: (6, 'Could not resolve host: www.duoshuo.com')
+Fetch error: http://12345679.duoshuo.com/ => https://12345679.duoshuo.com/: (6, 'Could not resolve host: 12345679.duoshuo.com')
+Fetch error: http://17goon.duoshuo.com/ => https://17goon.duoshuo.com/: (6, 'Could not resolve host: 17goon.duoshuo.com')
+Fetch error: http://4linuxfun.duoshuo.com/ => https://4linuxfun.duoshuo.com/: (6, 'Could not resolve host: 4linuxfun.duoshuo.com')
+Fetch error: http://7585.duoshuo.com/ => https://7585.duoshuo.com/: (6, 'Could not resolve host: 7585.duoshuo.com')
+Fetch error: http://appled.duoshuo.com/ => https://appled.duoshuo.com/: (6, 'Could not resolve host: appled.duoshuo.com')
+Fetch error: http://breakng.duoshuo.com/ => https://breakng.duoshuo.com/: (6, 'Could not resolve host: breakng.duoshuo.com')
+Fetch error: http://cpbuswiki.duoshuo.com/ => https://cpbuswiki.duoshuo.com/: (6, 'Could not resolve host: cpbuswiki.duoshuo.com')
+Fetch error: http://cqbuswiki.duoshuo.com/ => https://cqbuswiki.duoshuo.com/: (6, 'Could not resolve host: cqbuswiki.duoshuo.com')
+Fetch error: http://duozai.duoshuo.com/ => https://duozai.duoshuo.com/: (6, 'Could not resolve host: duozai.duoshuo.com')
+Fetch error: http://dyanat.duoshuo.com/ => https://dyanat.duoshuo.com/: (6, 'Could not resolve host: dyanat.duoshuo.com')
+Fetch error: http://i6x.duoshuo.com/ => https://i6x.duoshuo.com/: (6, 'Could not resolve host: i6x.duoshuo.com')
+Fetch error: http://iby2.duoshuo.com/ => https://iby2.duoshuo.com/: (6, 'Could not resolve host: iby2.duoshuo.com')
+Fetch error: http://jimmykuu.duoshuo.com/ => https://jimmykuu.duoshuo.com/: (6, 'Could not resolve host: jimmykuu.duoshuo.com')
+Fetch error: http://koushixin.duoshuo.com/ => https://koushixin.duoshuo.com/: (6, 'Could not resolve host: koushixin.duoshuo.com')
+Fetch error: http://livesino.duoshuo.com/ => https://livesino.duoshuo.com/: (6, 'Could not resolve host: livesino.duoshuo.com')
+Fetch error: http://mt30com.duoshuo.com/ => https://mt30com.duoshuo.com/: (6, 'Could not resolve host: mt30com.duoshuo.com')
+Fetch error: http://official.duoshuo.com/ => https://official.duoshuo.com/: (6, 'Could not resolve host: official.duoshuo.com')
+Fetch error: http://puteulanus.duoshuo.com/ => https://puteulanus.duoshuo.com/: (6, 'Could not resolve host: puteulanus.duoshuo.com')
+Fetch error: http://static.duoshuo.com/ => https://static.duoshuo.com/: (6, 'Could not resolve host: static.duoshuo.com')
+Fetch error: http://vxcom.duoshuo.com/ => https://vxcom.duoshuo.com/: (6, 'Could not resolve host: vxcom.duoshuo.com')
+Fetch error: http://weishanghuoyuan.duoshuo.com/ => https://weishanghuoyuan.duoshuo.com/: (6, 'Could not resolve host: weishanghuoyuan.duoshuo.com')
+
+	MCB:
+		dev
+-->
+
+<ruleset name="duoshuo.com" default_off="failed ruleset test">
+
+	<target host="duoshuo.com" />
+	<target host="www.duoshuo.com" />
+
+	<target host="12345679.duoshuo.com" />
+	<target host="17goon.duoshuo.com" />
+	<target host="4linuxfun.duoshuo.com" />
+	<target host="7585.duoshuo.com" />
+	<target host="appled.duoshuo.com" />
+	<target host="breakng.duoshuo.com" />
+	<target host="cpbuswiki.duoshuo.com" />
+	<target host="cqbuswiki.duoshuo.com" />
+	<target host="duozai.duoshuo.com" />
+	<target host="dyanat.duoshuo.com" />
+	<target host="i6x.duoshuo.com" />
+	<target host="iby2.duoshuo.com" />
+	<target host="jimmykuu.duoshuo.com" />
+	<target host="koushixin.duoshuo.com" />
+	<target host="livesino.duoshuo.com" />
+	<target host="mt30com.duoshuo.com" />
+	<target host="official.duoshuo.com" />
+	<target host="puteulanus.duoshuo.com" />
+	<target host="static.duoshuo.com" />
+	<target host="vxcom.duoshuo.com" />
+	<target host="weishanghuoyuan.duoshuo.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/durchmesser.ch.xml b/src/chrome/content/rules/durchmesser.ch.xml
new file mode 100644
index 000000000000..71edba92a176
--- /dev/null
+++ b/src/chrome/content/rules/durchmesser.ch.xml
@@ -0,0 +1,13 @@
+<ruleset name="durchmesser.ch">
+
+	<target host="durchmesser.ch" />
+	<target host="www.durchmesser.ch" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/dutchcrafters.com.xml b/src/chrome/content/rules/dutchcrafters.com.xml
new file mode 100644
index 000000000000..9d9a6c73c97a
--- /dev/null
+++ b/src/chrome/content/rules/dutchcrafters.com.xml
@@ -0,0 +1,42 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.dutchcrafters.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- www from passets-cdn.pinterest.com ˢ
+			- www from photos1.zillowstatic.com
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Dutch Crafters.com">
+
+	<target host="dutchcrafters.com" />
+	<target host="assets.dutchcrafters.com" />
+	<target host="www.dutchcrafters.com" />
+
+		<test url="http://assets.dutchcrafters.com/product_thumb/t_pid_3185-Amish-Made-Wooden-Fire-Island-Lighthouse--30.jpg" />
+
+		<!--	Mixed images:
+					-->
+		<!--test url="http://www.dutchcrafters.com/blog/" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.dutchcrafters\.com$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/dvalert.org.au.xml b/src/chrome/content/rules/dvalert.org.au.xml
new file mode 100644
index 000000000000..d0a7b2b05291
--- /dev/null
+++ b/src/chrome/content/rules/dvalert.org.au.xml
@@ -0,0 +1,6 @@
+<ruleset name="dvalert.org.au">
+	<target host="dvalert.org.au" />
+	<target host="www.dvalert.org.au" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/dvdpaytech.com.xml b/src/chrome/content/rules/dvdpaytech.com.xml
new file mode 100644
index 000000000000..1ba64768d55b
--- /dev/null
+++ b/src/chrome/content/rules/dvdpaytech.com.xml
@@ -0,0 +1,49 @@
+<!--
+	Nonfunctional hosts in *dvdpaytech.com:
+
+		- cdn-\d.static.secure ʳ
+
+	ʳ Refused
+
+
+	(www.)?dvdpaytech.com: Mismatched
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- .dvdpaytech.com
+		- secure.dvdpaytech.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css from cdn-\d.static.join.dvdcdn.com ʳ
+		- Images from cdn-\d.static.join.dvdcdn.com ʳ
+		- favicon from cdn-\d.static.secure.dvdpaytech.com ʳ
+
+	ʳ Unsecurable <= refused
+
+-->
+<ruleset name="DVDpaytech.com (partial)" platform="mixedcontent">
+
+	<target host="secure.dvdpaytech.com" />
+
+		<!--	Mixed css, sets cookies without Secure:
+								-->
+		<!--test url="http://secure.dvdpaytech.com/signup/signup.php?nats=MjMyMzA6MzU6ODg&amp;step=2" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.dvdpaytech\.com$" name="^nats_sess$" /-->
+	<!--securecookie host="^secure\.dvdpaytech\.com$" name="^(?:LBSERVERID|PHPSESSID)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/dvdsreleasedates.com.xml b/src/chrome/content/rules/dvdsreleasedates.com.xml
new file mode 100644
index 000000000000..7079a27781fd
--- /dev/null
+++ b/src/chrome/content/rules/dvdsreleasedates.com.xml
@@ -0,0 +1,22 @@
+<!--
+	Non-functional subdomains:
+		- $self		(certificate mismatch)
+		- s0		(certificate mismatch)
+		- s1		(certificate mismatch)
+
+-->
+<ruleset name="DVDs Release Dates">
+
+	<target host="dvdsreleasedates.com" />
+	<target host="www.dvdsreleasedates.com" />
+
+  	<securecookie host="^www\.dvdsreleasedates\.com$" name=".+" />
+
+	<!-- certificate mismatch -->
+	<rule from="^http://dvdsreleasedates\.com/"
+		to="https://www.dvdsreleasedates.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/dveri.com.xml b/src/chrome/content/rules/dveri.com.xml
new file mode 100644
index 000000000000..0b6ecabc9fe8
--- /dev/null
+++ b/src/chrome/content/rules/dveri.com.xml
@@ -0,0 +1,12 @@
+<!--
+termgw.dveri.com ⁴
+
+
+⁴ self signed
+-->
+<ruleset name="dveri.com">
+	<target host="dveri.com" />
+	<target host="www.dveri.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/dvlabs.com.xml b/src/chrome/content/rules/dvlabs.com.xml
new file mode 100644
index 000000000000..22837f98a629
--- /dev/null
+++ b/src/chrome/content/rules/dvlabs.com.xml
@@ -0,0 +1,21 @@
+<!--
+	(www.)?dvlabs.com: Refused
+
+
+	Since 'publish' hosts video files, relevant
+	tests are prohibitively large.
+
+-->
+<ruleset name="DVLabs.com (partial)">
+
+	<target host="hot.dvlabs.com" />
+	<target host="publish.dvlabs.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/dwd-shop.de.xml b/src/chrome/content/rules/dwd-shop.de.xml
new file mode 100644
index 000000000000..ae76b6ad8934
--- /dev/null
+++ b/src/chrome/content/rules/dwd-shop.de.xml
@@ -0,0 +1,10 @@
+<ruleset name="DWD Wettershop">
+
+	<target host="dwd-shop.de" />
+	<target host="www.dwd-shop.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/dwd.de.xml b/src/chrome/content/rules/dwd.de.xml
new file mode 100644
index 000000000000..0ae4db50bd7e
--- /dev/null
+++ b/src/chrome/content/rules/dwd.de.xml
@@ -0,0 +1,54 @@
+<!--
+	No HTTP/HTTPS:
+	  ftp.dwd.de
+
+	Invalid certificate:
+	  alephino.dwd.de
+	  livepreview.dwd.de
+	  livepreview2.dwd.de
+	  oai.dwd.de
+
+	Refused:
+	  webkonrad.dwd.de
+
+	Timeout:
+	  metlis.dwd.de
+-->
+<ruleset name="Deutscher Wetterdienst">
+
+	<target host="dwd.de" />
+	<target host="www.dwd.de" />
+	<target host="beobachtungen.dwd.de" />
+	<target host="cdc.dwd.de" />
+	<target host="eucos.dwd.de" />
+	<target host="fastviewer.dwd.de" />
+	<target host="www.fewis.dwd.de" />
+	<target host="gisc.dwd.de" />
+	<target host="gisc-test.dwd.de" />
+	<target host="gpcc.dwd.de" />
+	<target host="www.gsnmc.dwd.de" />
+	<target host="klima.dwd.de" />
+	<target host="www.ksb.dwd.de" />
+	<target host="kunden.dwd.de" />
+	<target host="maps.dwd.de" />
+	<target host="ninjoservices.dwd.de" />
+	<target host="openmaps.dwd.de" />
+	<target host="pappl.dwd.de" />
+	<target host="rcc.dwd.de" />
+	<target host="rcccm.dwd.de" />
+	<target host="seewis.dwd.de" />
+	<target host="ssi.dwd.de" />
+	<target host="ssi-qm.dwd.de" />
+	<target host="www.swis-cias.dwd.de" />
+	<target host="www.swis2010.dwd.de" />
+	<target host="vpngw.dwd.de" />
+	<target host="wap.dwd.de" />
+	<target host="webservice.dwd.de" />
+	<target host="webssl.dwd.de" />
+	<target host="werdis.dwd.de" />
+	<target host="wetter.dwd.de" />
+	<target host="www.wwis.dwd.de" />
+	<target host="xmdm.dwd.de" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/dwnews.com-mixedcontent.xml b/src/chrome/content/rules/dwnews.com-mixedcontent.xml
new file mode 100644
index 000000000000..a309640827d9
--- /dev/null
+++ b/src/chrome/content/rules/dwnews.com-mixedcontent.xml
@@ -0,0 +1,25 @@
+<!--
+	Related:
+		dwnews.net.xml
+
+	Mismathced:
+		^dwnews.com
+		culture.dwnews.com
+		uc-api.dwnews.com	https://uc-api.dwnews.com/images/noavatar_middle.gif
+-->
+
+<ruleset name="dwnews.com (MCB)" platform="mixedcontent">
+
+	<target host="dwnews.com" />
+	<target host="www.dwnews.com" />
+	<target host="blog.dwnews.com" />
+	<target host="duoweicn.dwnews.com" />
+	<target host="economics.dwnews.com" />
+	<target host="news.dwnews.com" />
+	<target host="tag.dwnews.com" />
+	<target host="talk.dwnews.com" />
+
+	<rule from="^http://dwnews\.com/" to="https://www.dwnews.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/dwnews.net.xml b/src/chrome/content/rules/dwnews.net.xml
new file mode 100644
index 000000000000..2b2f6bbd72b9
--- /dev/null
+++ b/src/chrome/content/rules/dwnews.net.xml
@@ -0,0 +1,43 @@
+<!--
+	Related:
+		dwnews.com-mixedcontent.xml
+
+	Unable to connect to the server:
+		http://g.dwnews.net/dwnews.fjs
+-->
+
+<ruleset name="dwnews.net">
+
+	<target host="attach0.dwnews.net" />
+	<target host="attach1.dwnews.net" />
+	<target host="attach2.dwnews.net" />
+	<target host="attach3.dwnews.net" />
+	<target host="attach4.dwnews.net" />
+	<target host="attach5.dwnews.net" />
+	<target host="attach6.dwnews.net" />
+	<target host="attach7.dwnews.net" />
+	<target host="attach8.dwnews.net" />
+	<target host="attach9.dwnews.net" />
+	<target host="pic0.dwnews.net" />
+	<target host="pic1.dwnews.net" />
+	<target host="pic2.dwnews.net" />
+	<target host="pic3.dwnews.net" />
+	<target host="pic4.dwnews.net" />
+	<target host="pic5.dwnews.net" />
+	<target host="pic6.dwnews.net" />
+	<target host="pic7.dwnews.net" />
+	<target host="pic8.dwnews.net" />
+	<target host="pic9.dwnews.net" />
+	<target host="s0.dwnews.net" />
+	<target host="s1.dwnews.net" />
+	<target host="s2.dwnews.net" />
+	<target host="s3.dwnews.net" />
+	<target host="s4.dwnews.net" />
+	<target host="s5.dwnews.net" />
+	<target host="s6.dwnews.net" />
+	<target host="s7.dwnews.net" />
+	<target host="s8.dwnews.net" />
+	<target host="s9.dwnews.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/dxy.com.xml b/src/chrome/content/rules/dxy.com.xml
new file mode 100644
index 000000000000..e5c46611d389
--- /dev/null
+++ b/src/chrome/content/rules/dxy.com.xml
@@ -0,0 +1,19 @@
+<!--
+	Invalid cert:
+		bbs.dxy.com
+		i.dxy.com
+		yao.dxy.com
+
+	Timeout:
+		hz.dxy.com
+-->
+<ruleset name="dxy.com">
+	<target host="dxy.com" />
+	<target host="www.dxy.com" />
+	<target host="ask.dxy.com" />
+		<test url="http://ask.dxy.com/ama/index#/find" />
+	<target host="clinic.dxy.com" />
+	<target host="m.dxy.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/dy.fi.xml b/src/chrome/content/rules/dy.fi.xml
new file mode 100644
index 000000000000..b00e5c5e2e5f
--- /dev/null
+++ b/src/chrome/content/rules/dy.fi.xml
@@ -0,0 +1,8 @@
+<ruleset name="dy.fi">
+	<!-- Customers get their own subdomain, but they don't have SSL -->
+	<target host="dy.fi" />
+	<target host="www.dy.fi" />
+
+	<rule from="^http:"
+		  to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/dynamic1001.eu.xml b/src/chrome/content/rules/dynamic1001.eu.xml
new file mode 100644
index 000000000000..110e7dc98288
--- /dev/null
+++ b/src/chrome/content/rules/dynamic1001.eu.xml
@@ -0,0 +1,41 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://customercenter.dynamic1001.eu/ => https://customercenter.dynamic1001.eu/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.customercenter.dynamic1001.eu/ => https://www.customercenter.dynamic1001.eu/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	(www.)?dynamic1001.eu: Shows another domain
+
+
+	These hosts do not exist:
+
+		- www.customercenter2.dynamic1001.eu
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- customercenter.dynamic1001.eu
+		- www.customercenter.dynamic1001.eu
+		- customercenter2.dynamic1001.eu
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Dynamic 1001.eu (partial)" default_off="failed ruleset test">
+
+	<target host="customercenter.dynamic1001.eu" />
+	<target host="www.customercenter.dynamic1001.eu" />
+	<target host="customercenter2.dynamic1001.eu" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:customercenter2?|www\.customercenter)\.dynamic1001\.eu$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/dynastyfdn.com.xml b/src/chrome/content/rules/dynastyfdn.com.xml
new file mode 100644
index 000000000000..7e81f72fd707
--- /dev/null
+++ b/src/chrome/content/rules/dynastyfdn.com.xml
@@ -0,0 +1,14 @@
+<!--
+bioschool.dynastyfdn.com ¹
+mail.dynastyfdn.com ⁵
+
+
+¹ mismatch
+⁵ expired
+-->
+<ruleset name="dynastyfdn.com">
+	<target host="dynastyfdn.com" />
+	<target host="www.dynastyfdn.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/e-ShopBrokers.xml b/src/chrome/content/rules/e-ShopBrokers.xml
deleted file mode 100644
index 5eb8d95be1fe..000000000000
--- a/src/chrome/content/rules/e-ShopBrokers.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<ruleset name="e-ShopBrokers">
-
-	<target host="eshopbrokers.co.uk" />
-	<target host="www.eshopbrokers.co.uk" />
-
-
-	<securecookie host="^www\.eshopbrokers\.co\.uk$" name=".*" />
-
-
-	<!--	!www cert: plesk	-->
-	<rule from="^https?://(?:www\.)?eshopbrokers\.co\.uk/"
-		to="https://www.eshopbrokers.co.uk/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/e-btc.com.ua.xml b/src/chrome/content/rules/e-btc.com.ua.xml
new file mode 100644
index 000000000000..37d704747abf
--- /dev/null
+++ b/src/chrome/content/rules/e-btc.com.ua.xml
@@ -0,0 +1,6 @@
+<ruleset name="e-btc.com.ua">
+	<target host="e-btc.com.ua" />
+	<target host="www.e-btc.com.ua" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/e-fense.com.xml b/src/chrome/content/rules/e-fense.com.xml
new file mode 100644
index 000000000000..c7557d6199a8
--- /dev/null
+++ b/src/chrome/content/rules/e-fense.com.xml
@@ -0,0 +1,7 @@
+<!--liveresponse. mismatch
+forums. mismatch-->
+<ruleset name="e-fense.com">
+	<target host="e-fense.com" />
+	<target host="www.e-fense.com" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/e-paycapita.com.xml b/src/chrome/content/rules/e-paycapita.com.xml
new file mode 100644
index 000000000000..ca53c1f7017e
--- /dev/null
+++ b/src/chrome/content/rules/e-paycapita.com.xml
@@ -0,0 +1,14 @@
+<ruleset name="e-pay Capita.com">
+
+	<target host="ip.e-paycapita.com" />
+	<target host="sbs.e-paycapita.com" />
+	<target host="sms.e-paycapita.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/e-scrooge.is.xml b/src/chrome/content/rules/e-scrooge.is.xml
new file mode 100644
index 000000000000..701604205d07
--- /dev/null
+++ b/src/chrome/content/rules/e-scrooge.is.xml
@@ -0,0 +1,6 @@
+<ruleset name="e-scrooge.is">
+	<target host="e-scrooge.is" />
+	<target host="www.e-scrooge.is" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/eGenix.xml b/src/chrome/content/rules/eGenix.xml
index 4bb2797934e6..e4df73d4985e 100644
--- a/src/chrome/content/rules/eGenix.xml
+++ b/src/chrome/content/rules/eGenix.xml
@@ -1,10 +1,18 @@
-<ruleset name="eGenix.com ">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://lists.egenix.com/ => https://lists.egenix.com/: (51, "SSL: no alternative certificate subject name matches target host name 'lists.egenix.com'")
+
+-->
+<ruleset name="eGenix.com" default_off="failed ruleset test">
 
 	<target host="egenix.com" />
-	<target host="*.egenix.com" />
+	<target host="downloads.egenix.com" />
+	<target host="lists.egenix.com" />
+	<target host="www.egenix.com" />
 
 
-	<rule from="^http://((?:downloads|lists|www)\.)?egenix\.com/"
-		to="https://$1egenix.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/eHarmony.xml b/src/chrome/content/rules/eHarmony.xml
index 65915bcfb3b3..3ee11efc2bbd 100644
--- a/src/chrome/content/rules/eHarmony.xml
+++ b/src/chrome/content/rules/eHarmony.xml
@@ -1,19 +1,26 @@
-<!--	There are international versions of eHarmony which utilize the areas tld. These rules do not cover them at this time.
+<!--
+	There are international versions of eHarmony which utilize the areas tld. These rules do not cover them at this time.
+
+	https://eharmony.com/ redirects to http://www.eharmony.com/
 -->
 <ruleset name="eHarmony (partial)">
 
-	<target host="eharmony.com"/>
 	<target host="*.eharmony.com"/>
-		<!--	Done by Akamai and has certificate mismatch.	-->
-		<exclusion pattern="^http://static\.eharmony\.com/"/>
 		<!--	the following cannot handle SSL.		-->
-		<exclusion pattern="^http://(advice|photos)\.eharmony\.com/"/>
+		<exclusion pattern="^http://(?:advice|photos)\.eharmony\.com/"/>
+		<!--	redirects to http://www.eharmony.com/	-->
+		<exclusion pattern="^http://www\.eharmony\.com/"/>
 
-	<!--	encountered:	.eharmony.com $client.eharmony.com	-->
-	<securecookie host="^(.*\.)?eharmony\.com$" name=".*" />
+	<test url="http://advice.eharmony.com/" />
+	<test url="http://photos.eharmony.com/" />
+	<test url="http://www.eharmony.com/" />
 
-	<rule from="^http://eharmony\.com/"
-		to="https://eharmony.com/"/>
+	<test url="http://help-singles.eharmony.com/" />
+	<test url="http://m.eharmony.com/" />
+	<test url="http://static.eharmony.com/" />
+
+	<!--	encountered:	.eharmony.com $client.eharmony.com	-->
+	<securecookie host=".+" name=".+" />
 
 	<!--	affiliates have unique subdomains	-->
 	<rule from="^http://([\w\-]+)\.eharmony\.com/"
diff --git a/src/chrome/content/rules/eHoiva.fi.xml b/src/chrome/content/rules/eHoiva.fi.xml
index 177a9dae8f0b..56a39aed65c6 100644
--- a/src/chrome/content/rules/eHoiva.fi.xml
+++ b/src/chrome/content/rules/eHoiva.fi.xml
@@ -1,9 +1,19 @@
-<ruleset name="eHoiva">
-  <target host="www.ehoiva.fi" />
-  <target host="ehoiva.fi" />
-  <target host="ehoiva-fi.directo.fi" />
-
-  <rule from="^http://(www\.)?ehoiva\.fi/" to="https://ehoiva-fi.directo.fi/"/>
-  <rule from="^https://(www\.)?ehoiva\.fi/" to="https://ehoiva-fi.directo.fi/"/>
-  <rule from="^http://ehoiva-fi\.directo\.fi/" to="https://ehoiva-fi.directo.fi/" />
-</ruleset>
\ No newline at end of file
+<ruleset name="eHoiva">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ehoiva-fi.directo.fi" />
+
+	<!--	Complications:
+				-->
+	<target host="www.ehoiva.fi" />
+	<target host="ehoiva.fi" />
+
+
+	<rule from="^http://(?:www\.)?ehoiva\.fi/"
+		to="https://ehoiva-fi.directo.fi/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/eHow.xml b/src/chrome/content/rules/eHow.xml
deleted file mode 100644
index e9c75b4443c5..000000000000
--- a/src/chrome/content/rules/eHow.xml
+++ /dev/null
@@ -1,53 +0,0 @@
-<!--
-	CDN buckets:
-
-		- www.ehow.com.ipi.demand.akadns.net
-		- blog.ehow.com.edgesuite.net
-		- www.ehow.com.edgesuite.net
-		- www.ehow.co.uk.edgesuite.net
-		- img.ehowcdn.com.edgesuite.net
-		- v5-static.ehowcdn.com.edgesuite.net
-
-
-	Nonfunctional domains:
-
-		- ehow-com.blog.ehow.com	(Akamai; 503)
-		- www.ehow.co.uk		(ditto)
-
-
-	Problematic domains:
-
-		- blog.ehow.com
-		- img.ehow.com *
-		- preprod-www.ehow.com		(works, akamai)
-		- v5-static.ehow.com		(redirects to www.ehow.com)
-		- img.ehowcdn.com *
-		- test8-img.ehowcdn.com *
-		- test8-v5-static.ehowcdn.com *
-		- v5-static.ehowcdn.com *
-
-	*Akamai, 503
-
--->
-<ruleset name="eHow (partial)">
-
-	<target host="ehow.com" />
-	<target host="*.ehow.com" />
-	<target host="*.ehowcdn.com" />
-
-
-	<securecookie host="^www\.ehow\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?ehow\.com/"
-		to="https://$1ehow.com/" />
-
-	<rule from="^https?://(?:test\d-)?(?:img|v5-static)\.ehow(?:cdn)?\.com/"
-		to="https://www.ehow.com/" />
-
-	<!--	All paths 301 like so.
-					-->
-	<rule from="^https?://blog\.ehow\.com/(?:.*)"
-		to="https://www.ehow.com/blog/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/eIPOCIMB.com.xml b/src/chrome/content/rules/eIPOCIMB.com.xml
new file mode 100644
index 000000000000..cd979f9bb32d
--- /dev/null
+++ b/src/chrome/content/rules/eIPOCIMB.com.xml
@@ -0,0 +1,13 @@
+<!--
+	For other CIMB coverage, see CIMB.com.xml
+-->
+<ruleset name="eIPOCIMB.com">
+
+	<target host="eipocimb.com" />
+	<target host="www.eipocimb.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/eKomi.xml b/src/chrome/content/rules/eKomi.xml
new file mode 100644
index 000000000000..020285d6bc3f
--- /dev/null
+++ b/src/chrome/content/rules/eKomi.xml
@@ -0,0 +1,36 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+		- ekomi.at
+		- www.ekomi.at
+		- ekomi.ch
+		- www.ekomi.ch
+
+		Peer certificate cannot be authenticated with given CA certificates:
+		- ssl.ekomi.de
+		- ekomi.co.za
+
+		4xx client error:
+		- vf-js.ekomi.de
+
+		Secure connection redirects to plaintext:
+		- www.ekomi-us.com
+		- www.ekomi.de
+		- www.ekomi.es
+		- www.ekomi.fr
+		- www.ekomi.co.uk
+-->
+<ruleset name="eKomi (partial)">
+	<target host="ekomi-us.com" />
+	<target host="ekomi.de" />
+	<target host="ekomi.es" />
+	<target host="ekomi.fr" />
+	<target host="ekomi.it" />
+	<target host="ekomi.nl" />
+	<target host="www.ekomi.nl" />
+	<target host="ekomi.se" />
+	<target host="ekomi.sk" />
+	<target host="ekomi.co.uk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/eNovance.xml b/src/chrome/content/rules/eNovance.xml
index 52597ce48d04..a2fe6d0ed97f 100644
--- a/src/chrome/content/rules/eNovance.xml
+++ b/src/chrome/content/rules/eNovance.xml
@@ -1,20 +1,62 @@
-<ruleset name="eNovance">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://enovance.com/ => https://enovance.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.enovance.com/ => https://www.enovance.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://enocloud.com/ => https://www.enovance.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.enocloud.com/ => https://www.enovance.com/: (60, 'SSL certificate problem: certificate has expired')
+
+	For other Red Hat coverage, see Red_Hat.xml.
+
+
+	Nonfunctional hosts:
+
+		- openstackreactions.enovance.com ¹
+		- techs.enovance.com ²
+
+	¹ Dropped
+	² Redurects to http
+
+
+	Problematic hosts:
+
+		- (www.)?enocloud.com *
+
+	* Mismatched
+
+
+	Mixed content:
+
+		- css on  from fonts.googleapis.com ¹
+
+		- Images, on:
+
+			- www.enocloud.com, www.enovance.com from www.enovance.com ¹
+			- www.enocloud.com, www.enovance.com from theme.co ²
+
+	¹ Secured by us
+	² Unsecurable <= redirects to http
+
+-->
+<ruleset name="eNovance" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
     <target host="enovance.com" />
-    <target host="*.enovance.com" />
+	<target host="www.enovance.com" />
+
+	<!--	Complications:
+				-->
     <target host="enocloud.com" />
-    <target host="*.enocloud.com" />
+	<target host="www.enocloud.com" />
+
+
+	<securecookie host=".+" name=".+"/>
 
-    <securecookie host="^(.*\.)?enovance\.com$" name=".+" />
-    <securecookie host="^(.*\.)?enocloud\.com$" name=".+" />
 
-    <exclusion pattern="^http://openstackreactions\.enovance\.com" />
+	<rule from="^http://(?:www\.)?enocloud\.com/"
+		to="https://www.enovance.com/" />
 
-    <rule from="^https?://enovance\.com/"
-        to="https://www.enovance.com/" />
-    <rule from="^http://([^/:@]+)?\.enovance\.com/"
-        to="https://$1.enovance.com/" />
-    <rule from="^https?://enocloud\.com/"
-        to="https://www.enocloud.com/" />
-    <rule from="^http://([^/:@]+)?\.enocloud\.com/"
-        to="https://$1.enocloud.com/" />
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/ePUAP.gov.pl.xml b/src/chrome/content/rules/ePUAP.gov.pl.xml
new file mode 100644
index 000000000000..e51b5960f5b9
--- /dev/null
+++ b/src/chrome/content/rules/ePUAP.gov.pl.xml
@@ -0,0 +1,10 @@
+<ruleset name="ePUAP.gov.pl (partial)">
+
+	<target host="epuap.gov.pl" />
+	<target host="www.epuap.gov.pl" />
+	<target host="hetman.epuap.gov.pl" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/eShaykh.com.xml b/src/chrome/content/rules/eShaykh.com.xml
new file mode 100644
index 000000000000..31f3f28ed8a8
--- /dev/null
+++ b/src/chrome/content/rules/eShaykh.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="eShaykh.com">
+	<target host="eshaykh.com" />
+	<target host="www.eshaykh.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/eStruxture.com.xml b/src/chrome/content/rules/eStruxture.com.xml
new file mode 100644
index 000000000000..c3ad26da2976
--- /dev/null
+++ b/src/chrome/content/rules/eStruxture.com.xml
@@ -0,0 +1,19 @@
+<!--
+	Chain issue, missing intermediate:
+		- estruxture.com
+		- www.estruxture.com
+		- iam.estruxture.com
+
+	Invalid certificate:
+		- mtl3.estruxture.com
+		- www.mtl3.estruxture.com
+-->
+
+<ruleset name="eStruxture.com">
+	<target host="abuse.estruxture.com" />
+	<target host="mtl2.estruxture.com" />
+	<target host="www.mtl2.estruxture.com" />
+	<target host="pm.estruxture.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/eadaily.com.xml b/src/chrome/content/rules/eadaily.com.xml
new file mode 100644
index 000000000000..185ad9012e8a
--- /dev/null
+++ b/src/chrome/content/rules/eadaily.com.xml
@@ -0,0 +1,13 @@
+<!-- social. mismatch -->
+<ruleset name="eadaily.com">
+	<target host="eadaily.com" />
+	<target host="www.eadaily.com" />
+	<target host="img8.eadaily.com" />
+	<target host="img3.eadaily.com" />
+	<target host="img6.eadaily.com" />
+	<target host="img2.eadaily.com" />
+	<target host="img4.eadaily.com" />
+	<target host="img5.eadaily.com" />
+	<target host="static1.eadaily.com" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/eagereyes.org.xml b/src/chrome/content/rules/eagereyes.org.xml
new file mode 100644
index 000000000000..03918a0cb6b4
--- /dev/null
+++ b/src/chrome/content/rules/eagereyes.org.xml
@@ -0,0 +1,13 @@
+<ruleset name="eagereyes.org">
+
+	<target host="eagereyes.org" />
+	<target host="www.eagereyes.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/earlychildhoodcolorado.org.xml b/src/chrome/content/rules/earlychildhoodcolorado.org.xml
new file mode 100644
index 000000000000..3f560e0596fe
--- /dev/null
+++ b/src/chrome/content/rules/earlychildhoodcolorado.org.xml
@@ -0,0 +1,6 @@
+<ruleset name="earlychildhoodcolorado.org">
+	<target host="earlychildhoodcolorado.org" />
+	<target host="www.earlychildhoodcolorado.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/earthcam.net.xml b/src/chrome/content/rules/earthcam.net.xml
new file mode 100644
index 000000000000..55766810b066
--- /dev/null
+++ b/src/chrome/content/rules/earthcam.net.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- helpdesk.earthcam.net
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="EarthCam.net">
+
+	<target host="earthcam.net" />
+	<target host="helpdesk.earthcam.net" />
+	<target host="www.earthcam.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^helpdesk\.earthcam\.net$" name="^SWIFT_(?:client|sessionid40)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/earthcamcdn.com.xml b/src/chrome/content/rules/earthcamcdn.com.xml
new file mode 100644
index 000000000000..bcaeaf27cbdb
--- /dev/null
+++ b/src/chrome/content/rules/earthcamcdn.com.xml
@@ -0,0 +1,20 @@
+<!--
+	Note: platform is so as not to increase non-Tor
+	distinguishability, given that no pages are covered
+	and no mixed content secured.
+
+-->
+<ruleset name="EarthCam CDN.com" platform="mixedcontent">
+
+	<target host="public.earthcamcdn.com" />
+
+		<test url="http://public.earthcamcdn.com/projects/gilbane/residencehall/images/header.png" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/earthobservations.org.xml b/src/chrome/content/rules/earthobservations.org.xml
new file mode 100644
index 000000000000..1acae51b8994
--- /dev/null
+++ b/src/chrome/content/rules/earthobservations.org.xml
@@ -0,0 +1,21 @@
+<!--
+	Nonfunctional hosts in *earthobservations.org:
+
+		- supersites ᵃ
+
+	ᵃ Shows another domain
+
+-->
+<ruleset name="Earth Observations.org (partial)">
+
+	<target host="earthobservations.org" />
+	<target host="www.earthobservations.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/earthvpn.com.xml b/src/chrome/content/rules/earthvpn.com.xml
new file mode 100644
index 000000000000..70f8f91af1c0
--- /dev/null
+++ b/src/chrome/content/rules/earthvpn.com.xml
@@ -0,0 +1,12 @@
+<!--
+	Mismatch:
+		- click
+-->
+<ruleset name="earthvpn.com">
+	<target host="earthvpn.com"/>
+	<target host="www.earthvpn.com"/>
+	<target host="cn.earthvpn.com"/>
+
+	<rule from="^http:"
+		to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/east.ru.xml b/src/chrome/content/rules/east.ru.xml
new file mode 100644
index 000000000000..0cf165ea1442
--- /dev/null
+++ b/src/chrome/content/rules/east.ru.xml
@@ -0,0 +1,19 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://debet.east.ru/ => https://debet.east.ru/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+east.ru mismatch
+www.east.ru mismatch
+xjit1.east.ru timed out
+bereg.east.ru self signed
+mail.east.ru self signed
+mspk.east.ru self signed
+skazka.east.ru self signed
+vok.east.ru self signed
+-->
+<ruleset name="east.ru (partial)" default_off="failed ruleset test">
+	<target host="debet.east.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/eastdane.com.xml b/src/chrome/content/rules/eastdane.com.xml
new file mode 100644
index 000000000000..9af2e01ca5a9
--- /dev/null
+++ b/src/chrome/content/rules/eastdane.com.xml
@@ -0,0 +1,29 @@
+<!--
+	For other Amazon coverage, see Amazon.xml.
+
+
+	Insecure cookies are set for these domains: ᶜ
+
+		- .eastdane.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="East Dane.com">
+
+	<target host="eastdane.com" />
+	<target host="www.eastdane.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.eastdane\.com$" name="^bopVisitorData$" /-->
+
+	<securecookie host="^\." name="^(?:aps-trtmnt|bopVisitorData$|s_v)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/eaststaffsbc.gov.uk.xml b/src/chrome/content/rules/eaststaffsbc.gov.uk.xml
new file mode 100644
index 000000000000..272df1c0c353
--- /dev/null
+++ b/src/chrome/content/rules/eaststaffsbc.gov.uk.xml
@@ -0,0 +1,55 @@
+<!--
+	East Staffordshire Borough Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *eaststaffsbc.gov.uk:
+
+		- (www.)? ᵈ
+		- www2 ᵈ
+
+	ᵈ Dropped
+
+
+	Problematic hosts in *eaststaffsbc.gov.uk:
+
+		- www1 ᵐ
+
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- mcr.eaststaffsbc.gov.uk
+
+-->
+<ruleset name="East Staffs BC.gov.uk (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="mcr.eaststaffsbc.gov.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="www1.eaststaffsbc.gov.uk" />
+
+		<!--	$ shows default page, so:
+							-->
+		<test url="http://mcr.eaststaffsbc.gov.uk/WebPay/NReg/QuickPay.aspx" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^mcr\.eaststaffsbc\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://www1\.eaststaffsbc\.gov\.uk/"
+		to="https://mcr.eaststaffsbc.gov.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/eastsussex.gov.uk.xml b/src/chrome/content/rules/eastsussex.gov.uk.xml
new file mode 100644
index 000000000000..c6a84c0e184b
--- /dev/null
+++ b/src/chrome/content/rules/eastsussex.gov.uk.xml
@@ -0,0 +1,32 @@
+<!--
+	For other UK government coverage, see GOV.UK.xml.
+
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- consult.eastsussex.gov.uk
+		- mylimehouse.eastsussex.gov.uk
+		- petitions.eastsussex.gov.uk
+
+		Peer certificate cannot be authenticated with given CA certificates:
+		- learningzone.eastsussex.gov.uk
+
+		Different content:
+		- spreturns.eastsussex.gov.uk
+-->
+<ruleset name="East Sussex.gov.uk">
+	<target host="eastsussex.gov.uk" />
+	<target host="www.eastsussex.gov.uk" />
+	<target host="admissions.eastsussex.gov.uk" />
+	<target host="apps.eastsussex.gov.uk" />
+	<target host="consultation.eastsussex.gov.uk" />
+	<target host="czone.eastsussex.gov.uk" />
+	<target host="democracy.eastsussex.gov.uk" />
+	<target host="e-library.eastsussex.gov.uk" />
+	<target host="new.eastsussex.gov.uk" />
+	<target host="news.eastsussex.gov.uk" />
+	<target host="payments.eastsussex.gov.uk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/eastsussex1space.co.uk.xml b/src/chrome/content/rules/eastsussex1space.co.uk.xml
new file mode 100644
index 000000000000..9419ec3c0441
--- /dev/null
+++ b/src/chrome/content/rules/eastsussex1space.co.uk.xml
@@ -0,0 +1,33 @@
+<!--
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	^eastsussex1space.co.uk: Mismatched
+
+
+	STS header includes includeSubdomains
+
+-->
+<ruleset name="East Sussex 1 Space.co.uk">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="*.eastsussex1space.co.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="eastsussex1space.co.uk" />
+
+		<test url="http://www.eastsussex1space.co.uk/" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://eastsussex1space\.co\.uk/"
+		to="https://www.eastsussex1space.co.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/eastsussexlearning.org.uk.xml b/src/chrome/content/rules/eastsussexlearning.org.uk.xml
new file mode 100644
index 000000000000..09282a525cf0
--- /dev/null
+++ b/src/chrome/content/rules/eastsussexlearning.org.uk.xml
@@ -0,0 +1,30 @@
+<!--
+	^eastsussexlearning.org.uk: Mismatched
+
+-->
+<ruleset name="East Sussex Learning.org.uk">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="adults.eastsussexlearning.org.uk" />
+	<target host="childrens.eastsussexlearning.org.uk" />
+	<target host="corporate.eastsussexlearning.org.uk" />
+	<target host="esqac.eastsussexlearning.org.uk" />
+	<target host="orbis.eastsussexlearning.org.uk" />
+	<target host="www.eastsussexlearning.org.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="eastsussexlearning.org.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://eastsussexlearning\.org\.uk/"
+		to="https://www.eastsussexlearning.org.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/easycron.com.xml b/src/chrome/content/rules/easycron.com.xml
new file mode 100644
index 000000000000..5cb25244f815
--- /dev/null
+++ b/src/chrome/content/rules/easycron.com.xml
@@ -0,0 +1,12 @@
+<!--
+blog.easycron.com ⁷
+
+
+⁷ protocol error
+-->
+<ruleset name="easycron.com">
+	<target host="easycron.com" />
+	<target host="www.easycron.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/easyicon.net.xml b/src/chrome/content/rules/easyicon.net.xml
new file mode 100644
index 000000000000..7f544267f339
--- /dev/null
+++ b/src/chrome/content/rules/easyicon.net.xml
@@ -0,0 +1,18 @@
+<!--
+	Invalid cert:
+		^
+		www9
+
+	Timeout:
+		ann
+		download
+-->
+<ruleset name="easyicon.net">
+	<target host="easyicon.net" />
+	<target host="www.easyicon.net" />
+		<rule from="^http://(www\.)?easyicon\.net/"
+			  to="https://www.easyicon.net/" />
+	<target host="cdn-img.easyicon.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/eatnow.com.au.xml b/src/chrome/content/rules/eatnow.com.au.xml
new file mode 100644
index 000000000000..33a44c3fb91e
--- /dev/null
+++ b/src/chrome/content/rules/eatnow.com.au.xml
@@ -0,0 +1,14 @@
+<ruleset name="EatNow.com.au">
+
+	<target host="eatnow.com.au" />
+	<target host="www.eatnow.com.au" />
+
+
+	<securecookie host="^\." name="^_gat?$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/eatsa.com.xml b/src/chrome/content/rules/eatsa.com.xml
new file mode 100644
index 000000000000..20b4789c3dc4
--- /dev/null
+++ b/src/chrome/content/rules/eatsa.com.xml
@@ -0,0 +1,33 @@
+<!--
+	^eatsa.com: Refused
+
+
+	Mixed content:
+
+		- Images on blog from res.cloudinary.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Eatsa.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="blog.eatsa.com" />
+	<target host="www.eatsa.com" />
+
+	<!--	Complications:
+				-->
+	<target host="eatsa.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://eatsa\.com/"
+		to="https://www.eatsa.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ebay.at.xml b/src/chrome/content/rules/ebay.at.xml
new file mode 100644
index 000000000000..da9c794171c9
--- /dev/null
+++ b/src/chrome/content/rules/ebay.at.xml
@@ -0,0 +1,218 @@
+<!--
+
+	For other eBay coverage, see ebay.com.xml
+
+
+	Non-functional subdomain:
+
+		- ebay.at	(h)
+		- arribada	(t)
+		- artist-index	(m)
+		- autos	(m)
+		- bmsgs	(r)
+		- cancel	(r)
+		- cgi1	(r)
+		- cgi4	(r)
+		- checkout	(HTTP 404 eror)
+		- clp-index	(m)
+		- comm	(r)
+		- community	(m)
+		- contact	(HTTP 404 error)
+		- cs	(t)
+		- einkaufstipps	(r)
+		- hub	(m)
+		- k2b-bulk	(i)
+		- k2b-email	(i)
+		- k2b-fbdk	(i)
+		- k2b-print	(i)
+		- lego	(m)
+		- listings	(m)
+		- marktplatz	(r)
+		- members	(m)
+		- mesgmy	(r)
+		- msa-b1	(m)
+		- my	(r)
+		- myworld	(r)
+		- guestcheckout.payments	(HTTP 404 error)
+		- portal	(r)
+		- pressconsole	(t)
+		- presse	(r)
+		- previewitem	(r)
+		- promotions	(r)
+		- www.proxy	(HTTP 500 error)
+		- returns	(m)
+		- cgi6.sandbox	(r)
+		- fedsignin.sandbox	(HTTP 503 error)
+		- www.mipapplication.sandbox	(r)
+		- my.sandbox	(r)
+		- payments.sandbox	(m)
+		- reg.sandbox	(r)
+		- autos.search	(m)
+		- search-completed	(r)
+		- seller	(m)
+		- shop	(r)
+		- briefmarken.shop	(r)
+		- buecher.shop	(r)
+		- desc.shop	(r)
+		- fahrzeugteile.shop	(r)
+		- foto.shop	(r)
+		- games.shop	(r)
+		- heimwerker.shop	(r)
+		- hub.shop	(r)
+		- instrumente.shop	(r)
+		- kunst.shop	(r)
+		- muenzen.shop	(r)
+		- reise.shop	(r)
+		- stores.shop	(m)
+		- briefmarken.stores.shop	(m)
+		- fahrzeuge.stores.shop	(m)
+		- fahrzeugteile.stores.shop	(m)
+		- feinschmecker.stores.shop	(m)
+		- foto.stores.shop	(m)
+		- garten-terrasse.stores.shop	(m)
+		- handy.stores.shop	(m)
+		- haushaltsgeraete.stores.shop	(m)
+		- heimwerker.stores.shop	(m)
+		- instrumente.stores.shop	(m)
+		- kleidung.stores.shop	(m)
+		- kunst.stores.shop	(m)
+		- modellbau.stores.shop	(m)
+		- muenzen.stores.shop	(m)
+		- musik.stores.shop	(m)
+		- reise.stores.shop	(m)
+		- sammeln.stores.shop	(m)
+		- schmuck.stores.shop	(m)
+		- wohnen.stores.shop	(m)
+		- wohnen.shop	(r)
+		- srtm	(HTTP 404 error)
+		- store-index	(m)
+		- stores	(h)
+		- tmobile	(m)
+		- versandschein	(r)
+		- wap	(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="eBay.at">
+
+	<target host="ebay.at" />
+	<target host="www.ebay.at" />
+	<target host="advertising.ebay.at" />
+	<target host="anywhere.ebay.at" />
+	<target host="applications.ebay.at" />
+	<target host="arbd.ebay.at" />
+	<target host="auth.ebay.at" />
+	<target host="www.billing.ebay.at" />
+	<target host="www.bizpolicy.ebay.at" />
+	<target host="bulkedit.ebay.at" />
+	<target host="bulksell.ebay.at" />
+	<target host="www.buyvrfn.ebay.at" />
+	<target host="c.ebay.at" />
+	<target host="cart.ebay.at" />
+	<target host="cgi.ebay.at" />
+	<target host="cgi3.ebay.at" />
+	<target host="msa-b1.cgi3.ebay.at" />
+	<target host="cgi5.ebay.at" />
+	<target host="msa-b1.cgi5.ebay.at" />
+	<target host="cgi6.ebay.at" />
+	<target host="connect.ebay.at" />
+	<target host="csr.ebay.at" />
+	<target host="epn.ebay.at" />
+	<target host="epnt.ebay.at" />
+	<target host="epsvc.ebay.at" />
+	<target host="fedauth.ebay.at" />
+	<target host="fedsignin.ebay.at" />
+	<target host="feedback.ebay.at" />
+	<target host="www.fees.ebay.at" />
+	<target host="frame.ebay.at" />
+	<target host="fundinginstrument.ebay.at" />
+	<target host="fyp.ebay.at" />
+	<target host="fyp2.ebay.at" />
+	<target host="gha.ebay.at" />
+	<target host="www.ilvrfn.ebay.at" />
+	<target host="invoice.ebay.at" />
+	<target host="item.ebay.at" />
+	<target host="www.kgvrfn.ebay.at" />
+	<target host="m.ebay.at" />
+	<target host="www.m.ebay.at" />
+	<target host="reg.m.ebay.at" />
+	<target host="scgi.m.ebay.at" />
+	<target host="signin.m.ebay.at" />
+	<target host="marketing.ebay.at" />
+	<target host="mbuy.ebay.at" />
+	<target host="merchant.ebay.at" />
+	<target host="mesg.ebay.at" />
+	<target host="www.mip.ebay.at" />
+	<target host="www.mipapplication.ebay.at" />
+	<target host="namechange.ebay.at" />
+	<target host="notifyweb.ebay.at" />
+	<target host="ocs.ebay.at" />
+	<target host="ocsnext.ebay.at" />
+	<target host="ocsrest.ebay.at" />
+	<target host="ocswf.ebay.at" />
+	<target host="offer.ebay.at" />
+	<target host="ofr.ebay.at" />
+	<target host="pages.ebay.at" />
+	<target host="paisapay.ebay.at" />
+	<target host="pay.ebay.at" />
+	<target host="payments.ebay.at" />
+	<target host="apps.payments.ebay.at" />
+	<target host="checkout.payments.ebay.at" />
+	<target host="paymentscmd.ebay.at" />
+	<target host="www.picupload.ebay.at" />
+	<target host="nw.pp.ebay.at" />
+	<target host="www.nw.pp.ebay.at" />
+	<target host="ppm1.ebay.at" />
+	<target host="ppm3.ebay.at" />
+	<target host="pulsar.ebay.at" />
+	<target host="qu.ebay.at" />
+	<target host="rebulk.ebay.at" />
+	<target host="reg.ebay.at" />
+	<target host="res.ebay.at" />
+	<target host="resolutioncenter.ebay.at" />
+	<target host="reward.ebay.at" />
+	<target host="rover.ebay.at" />
+	<target host="www.rsvp.ebay.at" />
+	<target host="www.bizpolicy.sandbox.ebay.at" />
+	<target host="checkout.sandbox.ebay.at" />
+	<target host="fedauth.sandbox.ebay.at" />
+	<target host="merchant.sandbox.ebay.at" />
+	<target host="mesg.sandbox.ebay.at" />
+	<target host="www.mip.sandbox.ebay.at" />
+	<target host="scgi.sandbox.ebay.at" />
+	<target host="signin.sandbox.ebay.at" />
+	<target host="scgi.ebay.at" />
+	<target host="securefeedback.ebay.at" />
+	<target host="secureportal.ebay.at" />
+	<target host="securepromo.ebay.at" />
+	<target host="secureregistration.ebay.at" />
+	<target host="sellerstandards.ebay.at" />
+	<target host="sellerupdate.ebay.at" />
+	<target host="sellvrfn.ebay.at" />
+	<target host="www.sellvrfn.ebay.at" />
+	<target host="settings.ebay.at" />
+	<target host="shiptrack.ebay.at" />
+	<target host="signin.ebay.at" />
+	<target host="signinalert.ebay.at" />
+	<target host="sofe.ebay.at" />
+	<target host="spd.ebay.at" />
+	<target host="www.sps.ebay.at" />
+	<target host="www.subs.ebay.at" />
+	<target host="viv.ebay.at" />
+	<target host="vod.ebay.at" />
+	<target host="wantitnow.ebay.at" />
+
+	<!-- fix http redirect -->
+	<rule from="^http://ebay\.at/"
+		to="https://www.ebay.at/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ebay.be.xml b/src/chrome/content/rules/ebay.be.xml
new file mode 100644
index 000000000000..da65de242fcb
--- /dev/null
+++ b/src/chrome/content/rules/ebay.be.xml
@@ -0,0 +1,352 @@
+<!--
+
+	For other eBay coverage, see ebay.com.xml
+
+
+	Non-functional subdomains:
+
+		- ebay.be	(h)
+		- www.ebay.be	(h)
+		- anywhere	(i)
+		- applications	(r)
+		- befr	(h)
+		- anywhere.befr	(i)
+		- arribada.befr	(t)
+		- cancel.befr	(r)
+		- category-keyword.befr	(m)
+		- cgi5.befr	(m)
+		- comm.befr	(r)
+		- cs.befr	(t)
+		- k2b-bulk.befr		(i)
+		- k2b-email.befr	(i)
+		- k2b-fdbk.befr		(i)
+		- k2b-print.befr	(i)
+		- members.befr	(m)
+		- mesgmy.befr	(r)
+		- my.befr	(r)
+		- myworld.befr	(r)
+		- proxy.befr	(HTTP 404 error)
+		- fedsignin.sandbox.befr	(HTTP 503 error)
+		- my.sandbox.befr	(r)
+		- payments.sandbox.befr	(m)
+		- sell.befr	(m)
+		- antiquite.shop.befr	(r)
+		- automobile-voiture.shop.befr	(r)
+		- informatique.shop.befr	(r)
+		- maison.shop.befr	(r)
+		- photographie.shop.befr	(r)
+		- stores.shop.befr	(m)
+		- antiquite.stores.shop.befr	(m)
+		- automobile-voiture.stores.shop.befr	(m)
+		- bd.stores.shop.befr	(m)
+		- beaute.stores.shop.befr	(m)
+		- bijoux.stores.shop.befr	(m)
+		- bricolage.stores.shop.befr	(m)
+		- business.stores.shop.befr	(m)
+		- cartes-postales.stores.shop.befr	(m)
+		- ceramique-verre.stores.shop.befr	(m)
+		- collections.stores.shop.befr	(m)
+		- gastronomie.stores.shop.befr	(m)
+		- jouets.stores.shop.befr	(m)
+		- livres-bd.stores.shop.befr	(m)
+		- maison.stores.shop.befr	(m)
+		- monnaies.stores.shop.befr	(m)
+		- motors.stores.shop.befr	(m)
+		- promotions.stores.shop.befr	(m)
+		- timbres.stores.shop.befr	(m)
+		- vetement-accessoires.stores.shop.befr	(m)
+		- tickets.shop.befr	(r)
+		- store-index.befr	(m)
+		- stores.befr	(h)
+		- support.befr	(m)
+		- benl	(h)
+		- anywhere.benl	(i)
+		- arribada.benl	(t)
+		- artist-index.benl	(m)
+		- cancel.benl	(r)
+		- category-keyword.benl	(m)
+		- cgi5.benl	(m)
+		- comm.benl	(r)
+		- cs.benl	(t)
+		- hub.benl	(m)
+		- members.benl	(m)
+		- my.benl	(r)
+		- myworld.benl	(r)
+		- www.proxy.benl	(HTTP 404 error)
+		- fedsignin.sandbox.benl	(HTTP 503 error)
+		- my.sandbox.benl	(r)
+		- payments.sandbox.benl	(m)
+		- hub.shop.sandbox.benl	(r)
+		- maison.shop.sandbox.benl	(r)
+		- maison.stores.shop.sandbox.benl	(r)
+		- timbres.shop.sandbox.benl	(r)
+		- shop.benl	(r)
+		- munten.shop.benl	(r)
+		- stores.shop.benl	(m)
+		- collections.stores.shop.benl	(m)
+		- doe-het-zelf.stores.shop.benl	(m)
+		- electromenager.stores.shop.benl	(m)
+		- film.stores.shop.benl	(m)
+		- gsm.stores.shop.benl	(m)
+		- huis.stores.shop.benl	(m)
+		- immo.stores.shop.benl	(m)
+		- kunst-antiek.stores.shop.benl	(m)
+		- materiel-professionnel.stores.shop.benl	(m)
+		- munten.stores.shop.benl	(m)
+		- postkaarten.stores.shop.benl	(m)
+		- postzegels.stores.shop.benl	(m)
+		- sieraden-horloges.stores.shop.benl	(m)
+		- speelgoed-modelbouw.stores.shop.benl	(m)
+		- sport.stores.shop.benl	(m)
+		- strips.stores.shop.benl	(m)
+		- verzamelen.stores.shop.benl	(m)
+		- vetement-accessoires.stores.shop.benl	(m)
+		- strips.shop.benl	(r)
+		- verzamelen.shop.benl	(r)
+		- store-index.benl	(m)
+		- stores.benl	(h)
+		- support.benl	(m)
+		- vflive.benl	(m)
+		- immo	(m)
+		- www.befr.kgvrfn	(m)
+		- www.benl.kgvrfn	(m)
+		- mail	(m)
+		- pages	(HTTP 404 error)
+		- www.proxy	(HTTP 404 error)
+		- fedsignin.sandbox	(HTTP 503 error)
+		- signin.sandbox	(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="eBay.be">
+
+	<target host="advertising.ebay.be" />
+	<target host="auth.ebay.be" />
+	<target host="befr.ebay.be" />
+	<target host="www.befr.ebay.be" />
+	<target host="advertising.befr.ebay.be" />
+	<target host="arbd.befr.ebay.be" />
+	<target host="auth.befr.ebay.be" />
+	<target host="www.billing.befr.ebay.be" />
+	<target host="www.bizpolicy.befr.ebay.be" />
+	<target host="www.bizvrfn.befr.ebay.be" />
+	<target host="bulkedit.befr.ebay.be" />
+	<target host="bulksell.befr.ebay.be" />
+	<target host="www.buyvrfn.befr.ebay.be" />
+	<target host="cart.befr.ebay.be" />
+	<target host="cgi.befr.ebay.be" />
+	<target host="msa-b1.cgi3.befr.ebay.be" />
+	<target host="msa-b1.cgi5.befr.ebay.be" />
+	<target host="checkout.befr.ebay.be" />
+	<target host="connect.befr.ebay.be" />
+	<target host="contact.befr.ebay.be" />
+	<target host="csr.befr.ebay.be" />
+	<target host="dispute-resolution.befr.ebay.be" />
+	<target host="epsvc.befr.ebay.be" />
+	<target host="fedsignin.befr.ebay.be" />
+	<target host="feedback.befr.ebay.be" />
+	<target host="frame.befr.ebay.be" />
+	<target host="fundinginstrument.befr.ebay.be" />
+	<target host="fyp.befr.ebay.be" />
+	<target host="fyp2.befr.ebay.be" />
+	<target host="gha.befr.ebay.be" />
+	<target host="invoice.befr.ebay.be" />
+	<target host="item.befr.ebay.be" />
+	<target host="www.kgvrfn.befr.ebay.be" />
+	<target host="m.befr.ebay.be" />
+	<target host="www.m.befr.ebay.be" />
+	<target host="reg.m.befr.ebay.be" />
+	<target host="scgi.m.befr.ebay.be" />
+	<target host="signin.m.befr.ebay.be" />
+	<target host="marketing.befr.ebay.be" />
+	<target host="mbuy.befr.ebay.be" />
+	<target host="mesg.befr.ebay.be" />
+	<target host="msa-b1.befr.ebay.be" />
+	<target host="notifyweb.befr.ebay.be" />
+	<target host="ocs.befr.ebay.be" />
+	<target host="ocsnext.befr.ebay.be" />
+	<target host="ocsrest.befr.ebay.be" />
+	<target host="ocswf.befr.ebay.be" />
+	<target host="offer.befr.ebay.be" />
+	<target host="ofr.befr.ebay.be" />
+	<target host="pages.befr.ebay.be" />
+	<target host="paisapay.befr.ebay.be" />
+	<target host="pay.befr.ebay.be" />
+	<target host="payments.befr.ebay.be" />
+	<target host="apps.payments.befr.ebay.be" />
+	<target host="checkout.payments.befr.ebay.be" />
+	<target host="guestcheckout.payments.befr.ebay.be" />
+	<target host="paymentscmd.befr.ebay.be" />
+	<target host="www.picupload.befr.ebay.be" />
+	<target host="ppm1.befr.ebay.be" />
+	<target host="ppm3.befr.ebay.be" />
+	<target host="pulsar.befr.ebay.be" />
+	<target host="qu.befr.ebay.be" />
+	<target host="rebulk.befr.ebay.be" />
+	<target host="reg.befr.ebay.be" />
+	<target host="res.befr.ebay.be" />
+	<target host="resolutioncenter.befr.ebay.be" />
+	<target host="reward.befr.ebay.be" />
+	<target host="rover.befr.ebay.be" />
+	<target host="www.rsvp.befr.ebay.be" />
+	<target host="community.sandbox.befr.ebay.be" />
+	<target host="fedauth.sandbox.befr.ebay.be" />
+	<target host="mesg.sandbox.befr.ebay.be" />
+	<target host="scgi.sandbox.befr.ebay.be" />
+	<target host="signin.sandbox.befr.ebay.be" />
+	<target host="scgi.befr.ebay.be" />
+	<target host="securefeedback.befr.ebay.be" />
+	<target host="secureportal.befr.ebay.be" />
+	<target host="securepromo.befr.ebay.be" />
+	<target host="secureregistration.befr.ebay.be" />
+	<target host="sellerstandards.befr.ebay.be" />
+	<target host="sellerupdate.befr.ebay.be" />
+	<target host="sellvrfn.befr.ebay.be" />
+	<target host="www.sellvrfn.befr.ebay.be" />
+	<target host="settings.befr.ebay.be" />
+	<target host="shiptrack.befr.ebay.be" />
+	<target host="signin.befr.ebay.be" />
+	<target host="sofe.befr.ebay.be" />
+	<target host="spd.befr.ebay.be" />
+	<target host="www.sps.befr.ebay.be" />
+	<target host="srtm.befr.ebay.be" />
+	<target host="viv.befr.ebay.be" />
+	<target host="wantitnow.befr.ebay.be" />
+	<target host="benl.ebay.be" />
+	<target host="www.benl.ebay.be" />
+	<target host="advertising.benl.ebay.be" />
+	<target host="arbd.benl.ebay.be" />
+	<target host="auth.benl.ebay.be" />
+	<target host="www.billing.benl.ebay.be" />
+	<target host="www.bizpolicy.benl.ebay.be" />
+	<target host="www.bizvrfn.benl.ebay.be" />
+	<target host="bulkedit.benl.ebay.be" />
+	<target host="bulksell.benl.ebay.be" />
+	<target host="www.buyvrfn.benl.ebay.be" />
+	<target host="cart.benl.ebay.be" />
+	<target host="cgi.benl.ebay.be" />
+	<target host="msa-b1.cgi3.benl.ebay.be" />
+	<target host="msa-b1.cgi5.benl.ebay.be" />
+	<target host="checkout.benl.ebay.be" />
+	<target host="connect.benl.ebay.be" />
+	<target host="contact.benl.ebay.be" />
+	<target host="csr.benl.ebay.be" />
+	<target host="dispute-resolution.benl.ebay.be" />
+	<target host="epsvc.benl.ebay.be" />
+	<target host="fedsignin.benl.ebay.be" />
+	<target host="feedback.benl.ebay.be" />
+	<target host="frame.benl.ebay.be" />
+	<target host="fundinginstrument.benl.ebay.be" />
+	<target host="fyp.benl.ebay.be" />
+	<target host="fyp2.benl.ebay.be" />
+	<target host="gha.benl.ebay.be" />
+	<target host="invoice.benl.ebay.be" />
+	<target host="item.benl.ebay.be" />
+	<target host="k2b-bulk.benl.ebay.be" />
+	<target host="k2b-email.benl.ebay.be" />
+	<target host="k2b-fdbk.benl.ebay.be" />
+	<target host="k2b-print.benl.ebay.be" />
+	<target host="www.kgvrfn.benl.ebay.be" />
+	<target host="m.benl.ebay.be" />
+	<target host="www.m.benl.ebay.be" />
+	<target host="reg.m.benl.ebay.be" />
+	<target host="scgi.m.benl.ebay.be" />
+	<target host="signin.m.benl.ebay.be" />
+	<target host="marketing.benl.ebay.be" />
+	<target host="mbuy.benl.ebay.be" />
+	<target host="mesg.benl.ebay.be" />
+	<target host="msa-b1.benl.ebay.be" />
+	<target host="notifyweb.benl.ebay.be" />
+	<target host="ocs.benl.ebay.be" />
+	<target host="ocsnext.benl.ebay.be" />
+	<target host="ocsrest.benl.ebay.be" />
+	<target host="ocswf.benl.ebay.be" />
+	<target host="offer.benl.ebay.be" />
+	<target host="ofr.benl.ebay.be" />
+	<target host="pages.benl.ebay.be" />
+	<target host="paisapay.benl.ebay.be" />
+	<target host="pay.benl.ebay.be" />
+	<target host="payments.benl.ebay.be" />
+	<target host="apps.payments.benl.ebay.be" />
+	<target host="checkout.payments.benl.ebay.be" />
+	<target host="guestcheckout.payments.benl.ebay.be" />
+	<target host="paymentscmd.benl.ebay.be" />
+	<target host="www.picupload.benl.ebay.be" />
+	<target host="ppm1.benl.ebay.be" />
+	<target host="ppm3.benl.ebay.be" />
+	<target host="pulsar.benl.ebay.be" />
+	<target host="qu.benl.ebay.be" />
+	<target host="rebulk.benl.ebay.be" />
+	<target host="reg.benl.ebay.be" />
+	<target host="res.benl.ebay.be" />
+	<target host="resolutioncenter.benl.ebay.be" />
+	<target host="reward.benl.ebay.be" />
+	<target host="rover.benl.ebay.be" />
+	<target host="www.rsvp.benl.ebay.be" />
+	<target host="community.sandbox.benl.ebay.be" />
+	<target host="mesg.sandbox.benl.ebay.be" />
+	<target host="scgi.sandbox.benl.ebay.be" />
+	<target host="signin.sandbox.benl.ebay.be" />
+	<target host="scgi.benl.ebay.be" />
+	<target host="securefeedback.benl.ebay.be" />
+	<target host="secureportal.benl.ebay.be" />
+	<target host="securepromo.benl.ebay.be" />
+	<target host="secureregistration.benl.ebay.be" />
+	<target host="sellerstandards.benl.ebay.be" />
+	<target host="sellerupdate.benl.ebay.be" />
+	<target host="sellvrfn.benl.ebay.be" />
+	<target host="www.sellvrfn.benl.ebay.be" />
+	<target host="settings.benl.ebay.be" />
+	<target host="shiptrack.benl.ebay.be" />
+	<target host="signin.benl.ebay.be" />
+	<target host="sofe.benl.ebay.be" />
+	<target host="spd.benl.ebay.be" />
+	<target host="www.sps.benl.ebay.be" />
+	<target host="srtm.benl.ebay.be" />
+	<target host="viv.benl.ebay.be" />
+	<target host="wantitnow.benl.ebay.be" />
+	<target host="bulksell.ebay.be" />
+	<target host="c.ebay.be" />
+	<target host="cart.ebay.be" />
+	<target host="msa-b1.cgi3.ebay.be" />
+	<target host="msa-b1.cgi5.ebay.be" />
+	<target host="checkout.ebay.be" />
+	<target host="community-befr.ebay.be" />
+	<target host="community-benl.ebay.be" />
+	<target host="epn.ebay.be" />
+	<target host="epnt.ebay.be" />
+	<target host="epsvc.ebay.be" />
+	<target host="fedsignin.ebay.be" />
+	<target host="fyp2.ebay.be" />
+	<target host="signin.m.ebay.be" />
+	<target host="mesg.ebay.be" />
+	<target host="ocsrest.ebay.be" />
+	<target host="apps.payments.ebay.be" />
+	<target host="nw.befr.pp.ebay.be" />
+	<target host="www.nw.befr.pp.ebay.be" />
+	<target host="nw.benl.pp.ebay.be" />
+	<target host="www.nw.benl.pp.ebay.be" />
+	<target host="res.ebay.be" />
+	<target host="www.rsvp.ebay.be" />
+	<target host="www.rsvp.rsvp.ebay.be" />
+	<target host="www.bizpolicy.befr.sandbox.ebay.be" />
+	<target host="checkout.befr.sandbox.ebay.be" />
+	<target host="www.bizpolicy.benl.sandbox.ebay.be" />
+	<target host="checkout.benl.sandbox.ebay.be" />
+	<target host="signin.ebay.be" />
+	<target host="signinalert.ebay.be" />
+
+	<!-- fix http redirect -->
+	<rule from="^http://(befr|benl)\.ebay\.be/"
+		to="https://www.$1.ebay.be/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ebay.ca.xml b/src/chrome/content/rules/ebay.ca.xml
new file mode 100644
index 000000000000..e71edeeb85a9
--- /dev/null
+++ b/src/chrome/content/rules/ebay.ca.xml
@@ -0,0 +1,350 @@
+<!--
+
+	For other eBay coverage, see ebay.com.xml
+
+
+	Non-functional subdomains:
+
+		- ebay.ca	(h)
+		- arribada	(t)
+		- buyvrfn	(m)
+		- cafr	(h)
+		- anywhere.cafr	(i)
+		- arribada.cafr	(t)
+		- buyvrfn.cafr	(m)
+		- cancel.cafr	(r)
+		- comm.cafr	(r)
+		- cs.cafr	(t)
+		- deals.cafr	(m)
+		- k2b-bulk.cafr	(i)
+		- k2b-email.cafr	(i)
+		- k2b-fbdk.cafr	(i)
+		- k2b-print.cafr	(i)
+		- mesgmy.cafr	(r)
+		- my.cafr	(r)
+		- www.proxy.cafr	(HTTP 500 error)
+		- my.sandbox.cafr	(r)
+		- sell.cafr	(m)
+		- stores.shop.cafr	(m)
+		- antiquites.stores.shop.cafr	(m)
+		- artisanat.stores.shop.cafr	(m)
+		- bebe.stores.shop.cafr	(m)
+		- electronique.stores.shop.cafr	(m)
+		- immobilier.stores.shop.cafr	(m)
+		- livres.stores.shop.cafr	(m)
+		- monnaie.stores.shop.cafr	(m)
+		- photographie.stores.shop.cafr	(m)
+		- poterie.stores.shop.cafr	(m)
+		- sportsouvenirs.stores.shop.cafr	(m)
+		- timbres.stores.shop.cafr	(m)
+		- toutlereste.stores.shop.cafr	(m)
+		- voyage.stores.shop.cafr	(m)
+		- stores.cafr	(h)
+		- touch.cafr	(m)
+		- cancel	(r)
+		- category-keyword	(m)
+		- cgi1	(r)
+		- comm	(r)
+		- cs	(t)
+		- deals	(m)
+		- email.deals	(m)
+		- donations	(t)
+		- www.fra	(m)
+		- m-cafr.g	(m)
+		- green	(m)
+		- hawkemail	(r)
+		- k2b-bulk	(i)
+		- k2b-email	(i)
+		- k2b-fbdk	(i)
+		- k2b-print	(i)
+		- mesgmy	(r)
+		- my	(r)
+		- myworld	(r)
+		- search.reviews	(r)
+		- www.proxy	(HTTP 500 error)
+		- fedsignin.sandbox	(HTTP 503 error)
+		- www.mipapplication.sandbox	(r)
+		- my.sandbox	(r)
+		- payments.sandbox	(m)
+		- reg.sandbox	(r)
+		- coins.shop.sandbox	(r)
+		- sell	(m)
+		- shop	(r)
+		- books.shop	(r)
+		- electronics.shop	(r)
+		- home.shop	(r)
+		- motors.shop	(r)
+		- photography.shop	(r)
+		- antiques.stores.shop	(m)
+		- baby.stores.shop	(m)
+		- books.stores.shop	(m)
+		- clothing.stores.shop	(m)
+		- coins.stores.shop	(m)
+		- collectibles.stores.shop	(m)
+		- crafts.stores.shop	(m)
+		- dvds.stores.shop	(m)
+		- electronics.stores.shop	(m)
+		- entertainment-memorabilia.stores.shop	(m)
+		- everythingelse.stores.shop	(m)
+		- gift-certificates.stores.shop	(m)
+		- home.stores.shop	(m)
+		- jewelry.stores.shop	(m)
+		- motors.stores.shop	(m)
+		- music.stores.shop	(m)
+		- pet-supplies.stores.shop	(m)
+		- photography.stores.shop	(m)
+		- realestate.stores.shop	(m)
+		- sporting-goods.stores.shop	(m)
+		- sports-cards.stores.shop	(m)
+		- stamps.stores.shop	(m)
+		- toys.stores.shop	(m)
+		- videogames.stores.shop	(m)
+		- store-index	(m)
+		- stores	(h)
+		- test-pages	(g)
+		- touch	(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="eBay.ca">
+
+	<target host="ebay.ca" />
+	<target host="www.ebay.ca" />
+	<target host="announcements.ebay.ca" />
+	<target host="anywhere.ebay.ca" />
+	<target host="applications.ebay.ca" />
+	<target host="arbd.ebay.ca" />
+	<target host="auth.ebay.ca" />
+	<target host="www.billing.ebay.ca" />
+	<target host="www.bizpolicy.ebay.ca" />
+	<target host="www.bizvrfn.ebay.ca" />
+	<target host="bulkedit.ebay.ca" />
+	<target host="bulksell.ebay.ca" />
+	<target host="www.buyvrfn.ebay.ca" />
+	<target host="c.ebay.ca" />
+	<target host="cafr.ebay.ca" />
+	<target host="www.cafr.ebay.ca" />
+	<target host="announcements.cafr.ebay.ca" />
+	<target host="applications.cafr.ebay.ca" />
+	<target host="arbd.cafr.ebay.ca" />
+	<target host="auth.cafr.ebay.ca" />
+	<target host="www.bizpolicy.cafr.ebay.ca" />
+	<target host="bulkedit.cafr.ebay.ca" />
+	<target host="bulksell.cafr.ebay.ca" />
+	<target host="www.buyvrfn.cafr.ebay.ca" />
+	<target host="cart.cafr.ebay.ca" />
+	<target host="cgi.cafr.ebay.ca" />
+	<target host="msa-b1.cgi3.cafr.ebay.ca" />
+	<target host="msa-b1.cgi5.cafr.ebay.ca" />
+	<target host="cgi6.cafr.ebay.ca" />
+	<target host="checkout.cafr.ebay.ca" />
+	<target host="community.cafr.ebay.ca" />
+	<target host="connect.cafr.ebay.ca" />
+	<target host="contact.cafr.ebay.ca" />
+	<target host="csr.cafr.ebay.ca" />
+	<target host="dispute-resolution.cafr.ebay.ca" />
+	<target host="epsvc.cafr.ebay.ca" />
+	<target host="fedsignin.cafr.ebay.ca" />
+	<target host="feedback.cafr.ebay.ca" />
+	<target host="www.fees.cafr.ebay.ca" />
+	<target host="frame.cafr.ebay.ca" />
+	<target host="fundinginstrument.cafr.ebay.ca" />
+	<target host="fyp.cafr.ebay.ca" />
+	<target host="fyp2.cafr.ebay.ca" />
+	<target host="gha.cafr.ebay.ca" />
+	<target host="giftcards.cafr.ebay.ca" />
+	<target host="gslblui.cafr.ebay.ca" />
+	<target host="instantsale.cafr.ebay.ca" />
+	<target host="invoice.cafr.ebay.ca" />
+	<target host="item.cafr.ebay.ca" />
+	<target host="www.kgvrfn.cafr.ebay.ca" />
+	<target host="m.cafr.ebay.ca" />
+	<target host="www.m.cafr.ebay.ca" />
+	<target host="reg.m.cafr.ebay.ca" />
+	<target host="scgi.m.cafr.ebay.ca" />
+	<target host="signin.m.cafr.ebay.ca" />
+	<target host="mbuy.cafr.ebay.ca" />
+	<target host="mesg.cafr.ebay.ca" />
+	<target host="msa-b1.cafr.ebay.ca" />
+	<target host="notifyweb.cafr.ebay.ca" />
+	<target host="ocs.cafr.ebay.ca" />
+	<target host="ocsnext.cafr.ebay.ca" />
+	<target host="ocsrest.cafr.ebay.ca" />
+	<target host="ocswf.cafr.ebay.ca" />
+	<target host="offer.cafr.ebay.ca" />
+	<target host="ofr.cafr.ebay.ca" />
+	<target host="pages.cafr.ebay.ca" />
+	<target host="paisapay.cafr.ebay.ca" />
+	<target host="pay.cafr.ebay.ca" />
+	<target host="payments.cafr.ebay.ca" />
+	<target host="apps.payments.cafr.ebay.ca" />
+	<target host="cart.payments.cafr.ebay.ca" />
+	<target host="checkout.payments.cafr.ebay.ca" />
+	<target host="guestcheckout.payments.cafr.ebay.ca" />
+	<target host="paymentscmd.cafr.ebay.ca" />
+	<target host="www.picupload.cafr.ebay.ca" />
+	<target host="pls.cafr.ebay.ca" />
+	<target host="ppm1.cafr.ebay.ca" />
+	<target host="ppm3.cafr.ebay.ca" />
+	<target host="pulsar.cafr.ebay.ca" />
+	<target host="qu.cafr.ebay.ca" />
+	<target host="rebulk.cafr.ebay.ca" />
+	<target host="reg.cafr.ebay.ca" />
+	<target host="res.cafr.ebay.ca" />
+	<target host="resolutioncenter.cafr.ebay.ca" />
+	<target host="resolutioncentre.cafr.ebay.ca" />
+	<target host="reward.cafr.ebay.ca" />
+	<target host="rover.cafr.ebay.ca" />
+	<target host="www.rsvp.cafr.ebay.ca" />
+	<target host="community.sandbox.cafr.ebay.ca" />
+	<target host="scgi.cafr.ebay.ca" />
+	<target host="securefeedback.cafr.ebay.ca" />
+	<target host="secureportal.cafr.ebay.ca" />
+	<target host="securepromo.cafr.ebay.ca" />
+	<target host="secureregistration.cafr.ebay.ca" />
+	<target host="sellerstandards.cafr.ebay.ca" />
+	<target host="sellvrfn.cafr.ebay.ca" />
+	<target host="www.sellvrfn.cafr.ebay.ca" />
+	<target host="settings.cafr.ebay.ca" />
+	<target host="signin.cafr.ebay.ca" />
+	<target host="sofe.cafr.ebay.ca" />
+	<target host="spd.cafr.ebay.ca" />
+	<target host="www.sps.cafr.ebay.ca" />
+	<target host="srtm.cafr.ebay.ca" />
+	<target host="www.subs.cafr.ebay.ca" />
+	<target host="viv.cafr.ebay.ca" />
+	<target host="vod.cafr.ebay.ca" />
+	<target host="wantitnow.cafr.ebay.ca" />
+	<target host="cart.ebay.ca" />
+	<target host="cgi.ebay.ca" />
+	<target host="cgi3.ebay.ca" />
+	<target host="msa-b1.cgi3.ebay.ca" />
+	<target host="cgi5.ebay.ca" />
+	<target host="msa-b1.cgi5.ebay.ca" />
+	<target host="cgi6.ebay.ca" />
+	<target host="checkout.ebay.ca" />
+	<target host="community.ebay.ca" />
+	<target host="connect.ebay.ca" />
+	<target host="contact.ebay.ca" />
+	<target host="csr.ebay.ca" />
+	<target host="dispute-resolution.ebay.ca" />
+	<target host="donation.ebay.ca" />
+	<target host="www.donation.ebay.ca" />
+	<target host="epn.ebay.ca" />
+	<target host="epnt.ebay.ca" />
+	<target host="epsvc.ebay.ca" />
+	<target host="fedauth.ebay.ca" />
+	<target host="fedsignin.ebay.ca" />
+	<target host="www.feectr.ebay.ca" />
+	<target host="www.cafr.feectr.ebay.ca" />
+	<target host="feedback.ebay.ca" />
+	<target host="www.fees.ebay.ca" />
+	<target host="www.cafr.fees.ebay.ca" />
+	<target host="frame.ebay.ca" />
+	<target host="fundinginstrument.ebay.ca" />
+	<target host="fyp.ebay.ca" />
+	<target host="fyp2.ebay.ca" />
+	<target host="gha.ebay.ca" />
+	<target host="giftcards.ebay.ca" />
+	<target host="gslblui.ebay.ca" />
+	<target host="www.ilvrfn.ebay.ca" />
+	<target host="instantsale.ebay.ca" />
+	<target host="invoice.ebay.ca" />
+	<target host="item.ebay.ca" />
+	<target host="www.kgvrfn.ebay.ca" />
+	<target host="m.ebay.ca" />
+	<target host="www.m.ebay.ca" />
+	<target host="reg.m.ebay.ca" />
+	<target host="scgi.m.ebay.ca" />
+	<target host="signin.m.ebay.ca" />
+	<target host="marketing.ebay.ca" />
+	<target host="mbuy.ebay.ca" />
+	<target host="merchant.ebay.ca" />
+	<target host="mesg.ebay.ca" />
+	<target host="www.mip.ebay.ca" />
+	<target host="www.mipapplication.ebay.ca" />
+	<target host="notifyweb.ebay.ca" />
+	<target host="ocs.ebay.ca" />
+	<target host="ocsnext.ebay.ca" />
+	<target host="ocsrest.ebay.ca" />
+	<target host="ocswf.ebay.ca" />
+	<target host="offer.ebay.ca" />
+	<target host="ofr.ebay.ca" />
+	<target host="pages.ebay.ca" />
+	<target host="paisapay.ebay.ca" />
+	<target host="pay.ebay.ca" />
+	<target host="payments.ebay.ca" />
+	<target host="apps.payments.ebay.ca" />
+	<target host="cart.payments.ebay.ca" />
+	<target host="checkout.payments.ebay.ca" />
+	<target host="guestcheckout.payments.ebay.ca" />
+	<target host="paymentscmd.ebay.ca" />
+	<target host="pics.ebay.ca" />
+	<target host="www.picupload.ebay.ca" />
+	<target host="pls.ebay.ca" />
+	<target host="nw.cafr.pp.ebay.ca" />
+	<target host="www.nw.cafr.pp.ebay.ca" />
+	<target host="nw.pp.ebay.ca" />
+	<target host="www.nw.pp.ebay.ca" />
+	<target host="ppm1.ebay.ca" />
+	<target host="ppm3.ebay.ca" />
+	<target host="pulsar.ebay.ca" />
+	<target host="qu.ebay.ca" />
+	<target host="rebulk.ebay.ca" />
+	<target host="reg.ebay.ca" />
+	<target host="res.ebay.ca" />
+	<target host="resolutioncenter.ebay.ca" />
+	<target host="resolutioncentre.ebay.ca" />
+	<target host="reward.ebay.ca" />
+	<target host="rewards.ebay.ca" />
+	<target host="rover.ebay.ca" />
+	<target host="www.rsvp.ebay.ca" />
+	<target host="www.bizpolicy.sandbox.ebay.ca" />
+	<target host="www.bizpolicy.cafr.sandbox.ebay.ca" />
+	<target host="checkout.sandbox.ebay.ca" />
+	<target host="community.sandbox.ebay.ca" />
+	<target host="fedauth.sandbox.ebay.ca" />
+	<target host="merchant.sandbox.ebay.ca" />
+	<target host="mesg.sandbox.ebay.ca" />
+	<target host="www.mip.sandbox.ebay.ca" />
+	<target host="scgi.sandbox.ebay.ca" />
+	<target host="signin.sandbox.ebay.ca" />
+	<target host="scgi.ebay.ca" />
+	<target host="securefeedback.ebay.ca" />
+	<target host="secureportal.ebay.ca" />
+	<target host="securepromo.ebay.ca" />
+	<target host="secureregistration.ebay.ca" />
+	<target host="sellerstandards.ebay.ca" />
+	<target host="sellvrfn.ebay.ca" />
+	<target host="www.sellvrfn.ebay.ca" />
+	<target host="settings.ebay.ca" />
+	<target host="shiptrack.ebay.ca" />
+	<target host="signin.ebay.ca" />
+	<target host="signinalert.ebay.ca" />
+	<target host="sofe.ebay.ca" />
+	<target host="spd.ebay.ca" />
+	<target host="www.sps.ebay.ca" />
+	<target host="srtm.ebay.ca" />
+	<target host="www.subs.ebay.ca" />
+	<target host="viv.ebay.ca" />
+	<target host="vod.ebay.ca" />
+	<target host="wantitnow.ebay.ca" />
+
+	<!-- fix http redirect -->
+	<rule from="^http://ebay\.ca/"
+		to="https://www.ebay.ca/" />
+
+	<!-- fix http redirect -->
+	<rule from="^http://cafr\.ebay\.ca/"
+		to="https://www.cafr.ebay.ca/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ebay.ch.xml b/src/chrome/content/rules/ebay.ch.xml
new file mode 100644
index 000000000000..fdbf5fb4feac
--- /dev/null
+++ b/src/chrome/content/rules/ebay.ch.xml
@@ -0,0 +1,198 @@
+<!--
+
+	For other eBay coverage, see ebay.com.xml
+
+
+	Non-functional subdomains:
+
+		- ebay.ch	(h)
+		- arribada	(t)
+		- artist-index	(m)
+		- blogs	(m)
+		- bmsgs	(r)
+		- cancel	(r)
+		- category-keyword	(m)
+		- cgi4	(r)
+		- comm	(r)
+		- community	(m)
+		- cs	(t)
+		- einkaufstipps	(r)
+		- entwickler	(m)
+		- games	(m)
+		- hawkemail	(r)
+		- hub	(m)
+		- k2b-bulk	(i)
+		- k2b-email	(i)
+		- k2b-fdbk	(i)
+		- k2b-print	(i)
+		- listings	(m)
+		- buecher.listings	(m)
+		- sammeln.listings	(m)
+		- mail	(r)
+		- mesgmy	(r)
+		- my	(r)
+		- myworld	(r)
+		- presse	(m)
+		- previewitem	(r)
+		- returns	(m)
+		- fedauth.sandbox	(r)
+		- fedsignin.sandbox	(HTTP 503 error)
+		- my.sandbox	(r)
+		- payments.sandbox	(m)
+		- reg.sandbox	(r)
+		- search-desc	(r)
+		- sell	(m)
+		- seller	(m)
+		- shop	(r)
+		- briefmarken.shop	(r)
+		- buecher.shop	(r)
+		- buero.shop	(r)
+		- computer.shop	(r)
+		- desc.shop	(r)
+		- fahrzeuge.shop	(r)
+		- games.shop	(r)
+		- garten-terrasse.shop	(r)
+		- modellbau.shop	(r)
+		- musik.shop	(r)
+		- schmuck.shop	(r)
+		- stores.shop	(m)
+		- buecher.stores.shop	(m)
+		- elektronik.stores.shop	(m)
+		- fahrzeuge.stores.shop	(m)
+		- fahrzeugteile.stores.shop	(m)
+		- garten-terrasse.stores.shop	(m)
+		- kleidung.stores.shop	(m)
+		- modellbau.stores.shop	(m)
+		- muenzen.stores.shop	(m)
+		- reise.stores.shop	(m)
+		- sammeln.stores.shop	(m)
+		- schmuck.stores.shop	(m)
+		- software.stores.shop	(m)
+		- sport.stores.shop	(m)
+		- wohnen.stores.shop	(m)
+		- verschiedenes.shop	(r)
+		- wohnen.shop	(r)
+		- sofe	(HTTP 404 error)
+		- stores	(m)
+		- sunrisewap	(m)
+		- svcs	(m)
+		- testberichte	(r)
+		- search.testberichte	(r)
+		- weltweit	(r)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="eBay.ch">
+
+	<target host="ebay.ch" />
+	<target host="www.ebay.ch" />
+	<target host="anywhere.ebay.ch" />
+	<target host="applications.ebay.ch" />
+	<target host="arbd.ebay.ch" />
+	<target host="auth.ebay.ch" />
+	<target host="www.billing.ebay.ch" />
+	<target host="www.bizpolicy.ebay.ch" />
+	<target host="bulkedit.ebay.ch" />
+	<target host="bulksell.ebay.ch" />
+	<target host="www.buyvrfn.ebay.ch" />
+	<target host="c.ebay.ch" />
+	<target host="cart.ebay.ch" />
+	<target host="cgi.ebay.ch" />
+	<target host="cgi3.ebay.ch" />
+	<target host="msa-b1.cgi3.ebay.ch" />
+	<target host="cgi5.ebay.ch" />
+	<target host="cgi6.ebay.ch" />
+	<target host="checkout.ebay.ch" />
+	<target host="connect.ebay.ch" />
+	<target host="contact.ebay.ch" />
+	<target host="csr.ebay.ch" />
+	<target host="dispute-resolution.ebay.ch" />
+	<target host="epn.ebay.ch" />
+	<target host="epnt.ebay.ch" />
+	<target host="epsvc.ebay.ch" />
+	<target host="fedauth.ebay.ch" />
+	<target host="fedsignin.ebay.ch" />
+	<target host="feedback.ebay.ch" />
+	<target host="frame.ebay.ch" />
+	<target host="fundinginstrument.ebay.ch" />
+	<target host="fyp.ebay.ch" />
+	<target host="fyp2.ebay.ch" />
+	<target host="gha.ebay.ch" />
+	<target host="invoice.ebay.ch" />
+	<target host="item.ebay.ch" />
+	<target host="www.kgvrfn.ebay.ch" />
+	<target host="m.ebay.ch" />
+	<target host="www.m.ebay.ch" />
+	<target host="reg.m.ebay.ch" />
+	<target host="scgi.m.ebay.ch" />
+	<target host="signin.m.ebay.ch" />
+	<target host="marketing.ebay.ch" />
+	<target host="mbuy.ebay.ch" />
+	<target host="mesg.ebay.ch" />
+	<target host="namechange.ebay.ch" />
+	<target host="notifyweb.ebay.ch" />
+	<target host="ocs.ebay.ch" />
+	<target host="ocsnext.ebay.ch" />
+	<target host="ocsrest.ebay.ch" />
+	<target host="ocswf.ebay.ch" />
+	<target host="offer.ebay.ch" />
+	<target host="ofr.ebay.ch" />
+	<target host="pages.ebay.ch" />
+	<target host="paisapay.ebay.ch" />
+	<target host="pay.ebay.ch" />
+	<target host="payments.ebay.ch" />
+	<target host="apps.payments.ebay.ch" />
+	<target host="checkout.payments.ebay.ch" />
+	<target host="guestcheckout.payments.ebay.ch" />
+	<target host="paymentscmd.ebay.ch" />
+	<target host="www.picupload.ebay.ch" />
+	<target host="nw.pp.ebay.ch" />
+	<target host="www.nw.pp.ebay.ch" />
+	<target host="ppm1.ebay.ch" />
+	<target host="ppm3.ebay.ch" />
+	<target host="www.proxy.ebay.ch" />
+	<target host="pulsar.ebay.ch" />
+	<target host="qu.ebay.ch" />
+	<target host="rebulk.ebay.ch" />
+	<target host="reg.ebay.ch" />
+	<target host="res.ebay.ch" />
+	<target host="resolutioncenter.ebay.ch" />
+	<target host="reward.ebay.ch" />
+	<target host="rover.ebay.ch" />
+	<target host="www.rsvp.ebay.ch" />
+	<target host="www.bizpolicy.sandbox.ebay.ch" />
+	<target host="checkout.sandbox.ebay.ch" />
+	<target host="mesg.sandbox.ebay.ch" />
+	<target host="scgi.sandbox.ebay.ch" />
+	<target host="signin.sandbox.ebay.ch" />
+	<target host="scgi.ebay.ch" />
+	<target host="securefeedback.ebay.ch" />
+	<target host="secureportal.ebay.ch" />
+	<target host="securepromo.ebay.ch" />
+	<target host="secureregistration.ebay.ch" />
+	<target host="sellerstandards.ebay.ch" />
+	<target host="sellerupdate.ebay.ch" />
+	<target host="settings.ebay.ch" />
+	<target host="shiptrack.ebay.ch" />
+	<target host="signin.ebay.ch" />
+	<target host="signinalert.ebay.ch" />
+	<target host="spd.ebay.ch" />
+	<target host="www.sps.ebay.ch" />
+	<target host="srtm.ebay.ch" />
+	<target host="viv.ebay.ch" />
+	<target host="wantitnow.ebay.ch" />
+
+	<!-- fix http redirect -->
+	<rule from="^http://ebay\.ch/"
+		to="https://www.ebay.ch/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ebay.co.uk.xml b/src/chrome/content/rules/ebay.co.uk.xml
new file mode 100644
index 000000000000..be545f534080
--- /dev/null
+++ b/src/chrome/content/rules/ebay.co.uk.xml
@@ -0,0 +1,333 @@
+<!--
+
+	For other eBay coverage, see ebay.com.xml
+
+
+	Non-functional subdomains:
+
+		- ebay.co.uk	(h)
+		- adcmd	(m)
+		- affiliates	(r)
+		- arribada	(t)
+		- artist	(r)
+		- artist-index	(m)
+		- baby-toddler	(r)
+		- bmsgs	(r)
+		- pages.bt	(m)
+		- buyvrfn	(m)
+		- cancel	(r)
+		- category-keyword	(m)
+		- cgi1	(r)
+		- cgi2	(r)
+		- cgi4	(r)
+		- comm	(r)
+		- commerceapps	(t)
+		- cs	(t)
+		- deals	(r)
+		- dealseu	(r)
+		- donations	(t)
+		- dsa	(m)
+		- ebaycup	(r)
+		- esssl	(r)
+		- www.express	(m)
+		- item.express	(m)
+		- scgi.express	(m)
+		- signin.express	(m)
+		- ext-syi	(m)
+		- from	(m)
+		- m.g	(m)
+		- h3g	(m)
+		- inspiration	(r)
+		- console.internationalselling	(r)
+		- invite	(r)
+		- item		(invalid redirect)
+		- k2b-bulk	(i)
+		- k2b-email	(i)
+		- k2b-fbdk	(i)
+		- k2b-print	(i)
+		- lbv	(e)
+		- life4less	(r)
+		- listings	(m)
+		- art.listings	(m)
+		- baby.listings	(m)
+		- books.listings	(m)
+		- clothes.listings	(m)
+		- home.listings	(m)
+		- home-garden.listings	(m)
+		- toys.listings	(m)
+		- local	(r)
+		- m1	(t)
+		- mail	(m)
+		- members	(m)
+		- mesgmy	(r)
+		- messages	(m)
+		- motors	(m)
+		- my	(r)
+		- myworld	(r)
+		- neighbourhood	(m)
+		- notifyweb	(SSL error)
+		- o2imode	(m)
+		- o2wap	(m)
+		- orange	(m)
+		- partner	(h)
+		- partsfinder	(m)
+		- pictures	(r)
+		- playground	(m)
+		- popular	(r)
+		- portal	(r)
+		- portal2	(r)
+		- postageestimator	(r)
+		- pressconsole	(r)
+		- previewitem	(r)
+		- product	(r)
+		- promotions	(r)
+		- www.proxy	(HTTP 404 error)
+		- returns	(m)
+		- reviews	(r)
+		- www.rsvp	(t)
+		- rtm	(m)
+		- s	(t)
+		- www.sandbox	(r)
+		- cgi.sandbox	(r)
+		- checkout.sandbox	(t)
+		- fedsignin.sandbox	(HTTP 503 error)
+		- merchant.sandbox	(t)
+		- www.mipapplication.sandbox	(r)
+		- my.sandbox	(r)
+		- offer.sandbox	(t)
+		- pages.sandbox	(r)
+		- payments.sandbox	(m)
+		- reg.sandbox	(r)
+		- electronics.shop.sandbox	(r)
+		- hub.shop.sandbox	(r)
+		- phones.shop.sandbox	(r)
+		- securepromo	(t)
+		- selfserveads	(t)
+		- sell	(m)
+		- shop	(r)
+		- antiques.shop	(r)
+		- art.shop	(r)
+		- baby.shop	(m)
+		- business.shop	(r)
+		- clothes.shop	(r)
+		- coins.shop	(r)
+		- collectables.shop	(r)
+		- desc.shop	(r)
+		- dolls.shop	(r)
+		- health-beauty.shop	(r)
+		- hub.shop	(r)
+		- jewellery-watches.shop	(r)
+		- motors.shop	(r)
+		- motors-parts.shop	(r)
+		- music.shop	(r)
+		- musical-instruments.shop	(r)
+		- pottery.shop	(r)
+		- property.shop	(r)
+		- sports.shop	(r)
+		- stamps.shop	(r)
+		- stores.shop	(m)
+		- antiques.stores.shop	(m)
+		- art.stores.shop	(m)
+		- baby.stores.shop	(m)
+		- clothes.stores.shop	(m)
+		- coins.stores.shop	(m)
+		- collectables.stores.shop	(m)
+		- computers.stores.shop	(m)
+		- dvd-video.stores.shop	(m)
+		- electronics.stores.shop	(m)
+		- health-beauty.stores.shop	(m)
+		- home-garden.stores.shop	(m)
+		- jewellery-watches.stores.shop	(m)
+		- motors.stores.shop	(m)
+		- music.stores.shop	(m)
+		- musical-instruments.stores.shop	(m)
+		- pet-supplies.stores.shop	(m)
+		- phones.stores.shop	(m)
+		- photography.stores.shop	(m)
+		- property.stores.shop	(m)
+		- sports.stores.shop	(m)
+		- sports-memorabilia.stores.shop	(m)
+		- stamps.stores.shop	(m)
+		- tickets.stores.shop	(m)
+		- video-games.stores.shop	(m)
+		- wholesale.stores.shop	(m)
+		- tickets.shop	(m)
+		- toys.shop	(r)
+		- shopfront	(m)
+		- shopupgrade	(t)
+		- solutions	(m)
+		- stage-partner	(t)
+		- store-index	(m)
+		- stores	(h)
+		- www.stores	(m)
+		- coins.stores	(m)
+		- motors.stores	(m)
+		- search.stores	(m)
+		- sports.stores	(m)
+		- success	(t)
+		- tmo	(m)
+		- tmobile	(t)
+		- touch	(m)
+		- www.touch	(m)
+		- upload	(r)
+		- vflive	(m)
+		- virgin	(m)
+		- www.wantitnow	(m)
+		- wap	(m)
+		- win	(r)
+		- wwww	(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="eBay.co.uk">
+
+	<target host="ebay.co.uk" />
+	<target host="www.ebay.co.uk" />
+		<test url="http://www.ebay.co.uk/sch/ebayadvsearch" />
+	<target host="advertising.ebay.co.uk" />
+	<target host="anywhere.ebay.co.uk" />
+	<target host="applications.ebay.co.uk" />
+	<target host="arbd.ebay.co.uk" />
+	<target host="auth.ebay.co.uk" />
+	<target host="www.billing.ebay.co.uk" />
+	<target host="www.bizpolicy.ebay.co.uk" />
+	<target host="www.bizvrfn.ebay.co.uk" />
+	<target host="msa-b1.cgi3.bt.ebay.co.uk" />
+	<target host="msa-b1.cgi5.bt.ebay.co.uk" />
+	<target host="contact.bt.ebay.co.uk" />
+	<target host="dispute-resolution.bt.ebay.co.uk" />
+	<target host="feedback.bt.ebay.co.uk" />
+	<target host="rebulk.bt.ebay.co.uk" />
+	<target host="wantitnow.bt.ebay.co.uk" />
+	<target host="bulkedit.ebay.co.uk" />
+	<target host="bulksell.ebay.co.uk" />
+	<target host="www.buyvrfn.ebay.co.uk" />
+	<target host="c.ebay.co.uk" />
+	<target host="cart.ebay.co.uk" />
+	<target host="cgi.ebay.co.uk" />
+	<target host="cgi3.ebay.co.uk" />
+	<target host="msa-b1.cgi3.ebay.co.uk" />
+	<target host="cgi5.ebay.co.uk" />
+	<target host="msa-b1.cgi5.ebay.co.uk" />
+	<target host="cgi6.ebay.co.uk" />
+	<target host="charity.ebay.co.uk" />
+	<target host="www.charity.ebay.co.uk" />
+	<target host="checkout.ebay.co.uk" />
+	<target host="checkoutweb.ebay.co.uk" />
+	<target host="community.ebay.co.uk" />
+	<target host="connect.ebay.co.uk" />
+	<target host="contact.ebay.co.uk" />
+	<target host="csr.ebay.co.uk" />
+	<target host="dispute-resolution.ebay.co.uk" />
+	<target host="donation.ebay.co.uk" />
+	<target host="www.donation.ebay.co.uk" />
+	<target host="epn.ebay.co.uk" />
+	<target host="epnt.ebay.co.uk" />
+	<target host="epsvc.ebay.co.uk" />
+	<target host="fedauth.ebay.co.uk" />
+	<target host="fedsignin.ebay.co.uk" />
+	<target host="www.feectr.ebay.co.uk" />
+	<target host="feedback.ebay.co.uk" />
+	<target host="www.fees.ebay.co.uk" />
+	<target host="frame.ebay.co.uk" />
+	<target host="fundinginstrument.ebay.co.uk" />
+	<target host="fyp.ebay.co.uk" />
+	<target host="fyp2.ebay.co.uk" />
+	<target host="garden.ebay.co.uk" />
+	<target host="gha.ebay.co.uk" />
+	<target host="gslblui.ebay.co.uk" />
+	<target host="www.ilvrfn.ebay.co.uk" />
+	<target host="influencernetwork.ebay.co.uk" />
+	<target host="invoice.ebay.co.uk" />
+	<target host="www.kgvrfn.ebay.co.uk" />
+	<target host="m.ebay.co.uk" />
+	<target host="www.m.ebay.co.uk" />
+	<target host="reg.m.ebay.co.uk" />
+	<target host="scgi.m.ebay.co.uk" />
+	<target host="signin.m.ebay.co.uk" />
+	<target host="marketing.ebay.co.uk" />
+	<target host="mbuy.ebay.co.uk" />
+	<target host="merchant.ebay.co.uk" />
+	<target host="mesg.ebay.co.uk" />
+	<target host="www.mip.ebay.co.uk" />
+	<target host="www.mipapplication.ebay.co.uk" />
+	<target host="ocs.ebay.co.uk" />
+	<target host="ocsnext.ebay.co.uk" />
+	<target host="ocsrest.ebay.co.uk" />
+	<target host="ocswf.ebay.co.uk" />
+	<target host="offer.ebay.co.uk" />
+	<target host="ofr.ebay.co.uk" />
+	<target host="pages.ebay.co.uk" />
+		<test url="http://pages.ebay.co.uk/sitemap.html" />
+	<target host="paisapay.ebay.co.uk" />
+	<target host="partnernetwork.ebay.co.uk" />
+	<target host="pay.ebay.co.uk" />
+	<target host="payments.ebay.co.uk" />
+	<target host="apps.payments.ebay.co.uk" />
+	<target host="cart.payments.ebay.co.uk" />
+	<target host="checkout.payments.ebay.co.uk" />
+	<target host="guestcheckout.payments.ebay.co.uk" />
+	<target host="paymentscmd.ebay.co.uk" />
+	<target host="www.picupload.ebay.co.uk" />
+	<target host="pls.ebay.co.uk" />
+	<target host="postage.ebay.co.uk" />
+	<target host="postorder.ebay.co.uk" />
+	<target host="nw.pp.ebay.co.uk" />
+	<target host="www.nw.pp.ebay.co.uk" />
+	<target host="ppm1.ebay.co.uk" />
+	<target host="ppm3.ebay.co.uk" />
+	<target host="prefs.ebay.co.uk" />
+	<target host="pulsar.ebay.co.uk" />
+	<target host="qu.ebay.co.uk" />
+	<target host="rebulk.ebay.co.uk" />
+	<target host="reg.ebay.co.uk" />
+	<target host="res.ebay.co.uk" />
+	<target host="resolutioncentre.ebay.co.uk" />
+	<target host="reward.ebay.co.uk" />
+	<target host="rewards.ebay.co.uk" />
+	<target host="rover.ebay.co.uk" />
+	<target host="www.bizpolicy.sandbox.ebay.co.uk" />
+	<target host="community.sandbox.ebay.co.uk" />
+	<target host="fedauth.sandbox.ebay.co.uk" />
+	<target host="mesg.sandbox.ebay.co.uk" />
+	<target host="www.mip.sandbox.ebay.co.uk" />
+	<target host="resolutioncentre.sandbox.ebay.co.uk" />
+	<target host="scgi.sandbox.ebay.co.uk" />
+	<target host="signin.sandbox.ebay.co.uk" />
+	<target host="scgi.ebay.co.uk" />
+	<target host="securefeedback.ebay.co.uk" />
+	<target host="secureportal.ebay.co.uk" />
+	<target host="secureregistration.ebay.co.uk" />
+	<target host="sellercentre.ebay.co.uk" />
+	<target host="sellerstandards.ebay.co.uk" />
+	<target host="sellerupdate.ebay.co.uk" />
+	<target host="sellvrfn.ebay.co.uk" />
+	<target host="www.sellvrfn.ebay.co.uk" />
+	<target host="settings.ebay.co.uk" />
+	<target host="shipping.ebay.co.uk" />
+	<target host="shiptrack.ebay.co.uk" />
+	<target host="signin.ebay.co.uk" />
+	<target host="signinalert.ebay.co.uk" />
+	<target host="sofe.ebay.co.uk" />
+	<target host="spd.ebay.co.uk" />
+	<target host="www.sps.ebay.co.uk" />
+	<target host="srtm.ebay.co.uk" />
+	<target host="www.subs.ebay.co.uk" />
+	<target host="viv.ebay.co.uk" />
+	<target host="vod.ebay.co.uk" />
+	<target host="wantitnow.ebay.co.uk" />
+
+	<!-- fix http redirect -->
+	<rule from="^http://ebay\.co\.uk/"
+		to="https://www.ebay.co.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ebay.com.au.xml b/src/chrome/content/rules/ebay.com.au.xml
new file mode 100644
index 000000000000..137200d77d11
--- /dev/null
+++ b/src/chrome/content/rules/ebay.com.au.xml
@@ -0,0 +1,300 @@
+<!--
+
+	For other eBay coverage, see ebay.com.xml
+
+
+	Non-functional subdomains:
+
+		- ebay.com.au	(h)
+		- affiliates	(m)
+		- arribada	(t)
+		- blogs	(m)
+		- buyvrfn	(m)
+		- cancel	(r)
+		- cars2	(m)
+		- cc	(t)
+		- cgi1	(r)
+		- cgi2	(r)
+		- msa-b1.cgi3	(m)
+		- cgi4	(r)
+		- msa-b1.cgi5	(m)
+		- collections	(r)
+		- comm	(r)
+		- cs	(t)
+		- deals-staging	(t)
+		- fashion	(t)
+		- forums	(m)
+		- giveone	(m)
+		- globalshopper	(h)
+		- groupbuy	(m)
+		- www.groupbuy	(m)
+		- groupdeals	(m)
+		- hawkemail	(r)
+		- hub	(m)
+		- iphone	(m)
+		- jira	(e)
+		- k2b-bulk	(i)
+		- k2b-email	(i)
+		- k2b-fbdk	(i)
+		- k2b-print	(i)
+		- listings	(m)
+		- local	(r)
+		- mail	(m)
+		- media	(r)
+		- members	(m)
+		- mesgmy	(r)
+		- messages	(m)
+		- hp.mobileweb	(m)
+		- motors	(m)
+		- my	(r)
+		- myworld	(r)
+		- opt	(m)
+		- pinchme	(m)
+		- playground	(m)
+		- popular	(r)
+		- previewitem	(r)
+		- www.proxy	(HTTP 404 error)
+		- returns	(m)
+		- reviews	(r)
+		- search.reviews	(r)
+		- www.sandbox	(r)
+		- fedsignin.sandbox	(HTTP 503 error)
+		- www.mipapplication.sandbox	(r)
+		- my.sandbox	(r)
+		- pages.sandbox	(r)
+		- payments.sandbox	(m)
+		- reg.sandbox	(r)
+		- sc-ext	(t)
+		- sell	(m)
+		- ship	(m)
+		- shop	(r)
+		- antiques.shop	(r)
+		- art.shop	(r)
+		- books.shop	(r)
+		- cars.shop	(r)
+		- clothing.shop	(r)
+		- collectables.shop	(r)
+		- crafts.shop	(r)
+		- desc.shop	(r)
+		- dolls.shop	(r)
+		- home.shop	(r)
+		- hub.shop	(r)
+		- local.shop	(r)
+		- motors.shop	(r)
+		- sport.shop	(r)
+		- stores.shop	(m)
+		- antiques.stores.shop	(m)
+		- art.stores.shop	(m)
+		- beauty.stores.shop	(m)
+		- books.stores.shop	(m)
+		- cameras.stores.shop	(m)
+		- cars.stores.shop	(m)
+		- clothing.stores.shop	(m)
+		- coins.stores.shop	(m)
+		- collectables.stores.shop	(m)
+		- computers.stores.shop	(m)
+		- crafts.stores.shop	(m)
+		- dolls.stores.shop	(m)
+		- electronics.stores.shop	(m)
+		- giftcards.stores.shop	(m)
+		- home.stores.shop	(m)
+		- jewellery.stores.shop	(m)
+		- lotsmore.stores.shop	(m)
+		- movies.stores.shop	(m)
+		- music.stores.shop	(m)
+		- musical-instruments.stores.shop	(m)
+		- pottery.stores.shop	(m)
+		- sporting-goods.stores.shop	(m)
+		- toys.stores.shop	(m)
+		- vehicle-parts.stores.shop	(m)
+		- videogames.stores.shop	(m)
+		- toys.shop	(r)
+		- startyourbusiness	(r)
+		- stores	(h)
+		- www.stores	(m)
+		- survey	(m)
+		- syi	(t)
+		- syi-staging	(t)
+		- tools	(h)
+		- geotribes.tools	(t)
+		- touch	(m)
+		- tradingassistant	(m)
+		- wap	(m)
+		- wwww	(m)
+		- xmas	(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="eBay.com.au">
+
+	<target host="ebay.com.au" />
+	<target host="www.ebay.com.au" />
+	<target host="advertise.ebay.com.au" />
+	<target host="anywhere.ebay.com.au" />
+	<target host="applications.ebay.com.au" />
+	<target host="arbd.ebay.com.au" />
+	<target host="auredirectsvc.ebay.com.au" />
+	<target host="aureturnsvc.ebay.com.au" />
+	<target host="auth.ebay.com.au" />
+	<target host="baby.ebay.com.au" />
+	<target host="www.billing.ebay.com.au" />
+	<target host="www.bizpolicy.ebay.com.au" />
+	<target host="www.bizvrfn.ebay.com.au" />
+	<target host="bubs.ebay.com.au" />
+	<target host="bulkedit.ebay.com.au" />
+	<target host="bulksell.ebay.com.au" />
+	<target host="www.buyvrfn.ebay.com.au" />
+	<target host="c.ebay.com.au" />
+	<target host="cars.ebay.com.au" />
+	<target host="cart.ebay.com.au" />
+	<target host="cgi.ebay.com.au" />
+	<target host="cgi3.ebay.com.au" />
+	<target host="cgi5.ebay.com.au" />
+	<target host="cgi6.ebay.com.au" />
+	<target host="charity.ebay.com.au" />
+	<target host="checkout.ebay.com.au" />
+	<target host="checkoutweb.ebay.com.au" />
+	<target host="cms-api.ebay.com.au" />
+	<target host="cms-api-staging.ebay.com.au" />
+	<target host="aufe3prod.g.ebay.com.ebay.com.au" />
+	<target host="community.ebay.com.au" />
+	<target host="connect.ebay.com.au" />
+	<target host="contact.ebay.com.au" />
+	<target host="content-api.ebay.com.au" />
+	<target host="csr.ebay.com.au" />
+	<target host="deals.ebay.com.au" />
+	<target host="m.deals.ebay.com.au" />
+	<target host="dfeed.ebay.com.au" />
+	<target host="dispute-resolution.ebay.com.au" />
+	<target host="ebaylink.ebay.com.au" />
+	<target host="ebaylinksvc.ebay.com.au" />
+	<target host="epn.ebay.com.au" />
+	<target host="epnt.ebay.com.au" />
+	<target host="epsvc.ebay.com.au" />
+	<target host="fedauth.ebay.com.au" />
+	<target host="fedsignin.ebay.com.au" />
+	<target host="www.feectr.ebay.com.au" />
+	<target host="feed.ebay.com.au" />
+	<target host="feedback.ebay.com.au" />
+	<target host="www.fees.ebay.com.au" />
+	<target host="forms.ebay.com.au" />
+	<target host="frame.ebay.com.au" />
+	<target host="fundinginstrument.ebay.com.au" />
+	<target host="fyp.ebay.com.au" />
+	<target host="fyp2.ebay.com.au" />
+	<target host="gha.ebay.com.au" />
+	<target host="giftcards.ebay.com.au" />
+	<target host="help.ebay.com.au" />
+	<target host="www.ilvrfn.ebay.com.au" />
+	<target host="img.ebay.com.au" />
+	<target host="invoice.ebay.com.au" />
+	<target host="ipadmin.ebay.com.au" />
+	<target host="ipadmin-staging.ebay.com.au" />
+	<target host="item.ebay.com.au" />
+	<target host="www.kgvrfn.ebay.com.au" />
+	<target host="labels.ebay.com.au" />
+	<target host="m.ebay.com.au" />
+	<target host="www.m.ebay.com.au" />
+	<target host="reg.m.ebay.com.au" />
+	<target host="scgi.m.ebay.com.au" />
+	<target host="signin.m.ebay.com.au" />
+	<target host="marketing.ebay.com.au" />
+	<target host="mbuy.ebay.com.au" />
+	<target host="merchant.ebay.com.au" />
+	<target host="mesg.ebay.com.au" />
+	<target host="www.mip.ebay.com.au" />
+	<target host="www.mipapplication.ebay.com.au" />
+	<target host="notifyweb.ebay.com.au" />
+	<target host="ocs.ebay.com.au" />
+	<target host="ocsnext.ebay.com.au" />
+	<target host="ocsrest.ebay.com.au" />
+	<target host="ocswf.ebay.com.au" />
+	<target host="offer.ebay.com.au" />
+	<target host="ofr.ebay.com.au" />
+	<target host="origin-feed.ebay.com.au" />
+	<target host="origin-img.ebay.com.au" />
+	<target host="pages.ebay.com.au" />
+	<target host="pages2.ebay.com.au" />
+	<target host="paisapay.ebay.com.au" />
+	<target host="partnernetwork.ebay.com.au" />
+	<target host="pay.ebay.com.au" />
+	<target host="payments.ebay.com.au" />
+	<target host="apps.payments.ebay.com.au" />
+	<target host="cart.payments.ebay.com.au" />
+	<target host="checkout.payments.ebay.com.au" />
+	<target host="guestcheckout.payments.ebay.com.au" />
+	<target host="paymentscmd.ebay.com.au" />
+	<target host="cms-api.phx.ebay.com.au" />
+	<target host="cms-api-staging.phx.ebay.com.au" />
+	<target host="www.picupload.ebay.com.au" />
+	<target host="pls.ebay.com.au" />
+	<target host="postage.ebay.com.au" />
+	<target host="nw.pp.ebay.com.au" />
+	<target host="www.nw.pp.ebay.com.au" />
+	<target host="ppm1.ebay.com.au" />
+	<target host="ppm3.ebay.com.au" />
+	<target host="prefs.ebay.com.au" />
+	<target host="pudoext.ebay.com.au" />
+	<target host="pulsar.ebay.com.au" />
+	<target host="qu.ebay.com.au" />
+	<target host="rebulk.ebay.com.au" />
+	<target host="reg.ebay.com.au" />
+	<target host="res.ebay.com.au" />
+	<target host="resolutioncentre.ebay.com.au" />
+	<target host="reward.ebay.com.au" />
+	<target host="rewards.ebay.com.au" />
+	<target host="rover.ebay.com.au" />
+	<target host="www.rsvp.ebay.com.au" />
+	<target host="www.bizpolicy.sandbox.ebay.com.au" />
+	<target host="checkout.sandbox.ebay.com.au" />
+	<target host="community.sandbox.ebay.com.au" />
+	<target host="fedauth.sandbox.ebay.com.au" />
+	<target host="merchant.sandbox.ebay.com.au" />
+	<target host="mesg.sandbox.ebay.com.au" />
+	<target host="www.mip.sandbox.ebay.com.au" />
+	<target host="scgi.sandbox.ebay.com.au" />
+	<target host="signin.sandbox.ebay.com.au" />
+	<target host="scgi.ebay.com.au" />
+	<target host="securefeedback.ebay.com.au" />
+	<target host="secureportal.ebay.com.au" />
+	<target host="secureregistration.ebay.com.au" />
+	<target host="sellercentre.ebay.com.au" />
+	<target host="sellergoals.ebay.com.au" />
+	<target host="sellerstandards.ebay.com.au" />
+	<target host="sellvrfn.ebay.com.au" />
+	<target host="www.sellvrfn.ebay.com.au" />
+	<target host="settings.ebay.com.au" />
+	<target host="shiptrack.ebay.com.au" />
+	<target host="signin.ebay.com.au" />
+	<target host="signinalert.ebay.com.au" />
+	<target host="cms-api.slc.ebay.com.au" />
+	<target host="cms-api-staging.slc.ebay.com.au" />
+	<target host="socialapp.ebay.com.au" />
+	<target host="sofe.ebay.com.au" />
+	<target host="spd.ebay.com.au" />
+	<target host="www.sps.ebay.com.au" />
+	<target host="srtm.ebay.com.au" />
+	<target host="submissions.ebay.com.au" />
+	<target host="submissions-staging.ebay.com.au" />
+	<target host="www.subs.ebay.com.au" />
+	<target host="techtesters.ebay.com.au" />
+	<target host="viv.ebay.com.au" />
+	<target host="vod.ebay.com.au" />
+	<target host="vr.ebay.com.au" />
+	<target host="wantitnow.ebay.com.au" />
+	<target host="welcome.ebay.com.au" />
+
+	<!-- fix http redirect -->
+	<rule from="^http://ebay\.com\.au/"
+		to="https://www.ebay.com.au/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ebay.com.hk.xml b/src/chrome/content/rules/ebay.com.hk.xml
new file mode 100644
index 000000000000..a15266a5cebb
--- /dev/null
+++ b/src/chrome/content/rules/ebay.com.hk.xml
@@ -0,0 +1,201 @@
+<!--
+
+	For other eBay coverage, see ebay.com.xml
+
+
+	Non-functional subdomains:
+
+		- ebay.com.hk	(h)
+		- arribada	(t)
+		- biz	(r)
+		- blogs	(m)
+		- buyeng	(t)
+		- cancel	(r)
+		- cbt	(r)
+		- cgi4	(r)
+		- comm	(r)
+		- cs	(t)
+		- english	(m)
+		- export	(m)
+		- m.g	(m)
+		- k2b-bulk	(i)
+		- k2b-email	(i)
+		- k2b-fbdk	(i)
+		- k2b-print	(i)
+		- listings	(m)
+		- mail	(m)
+		- members	(m)
+		- mesgmy	(r)
+		- message	(r)
+		- mobile	(r)
+		- my	(r)
+		- myworld	(r)
+		- powerseller	(t)
+		- previewitem	(r)
+		- www.proxy	(HTTP 404 error)
+		- checkout.sandbox	(m)
+		- my.sandbox	(r)
+		- search-completed	(r)
+		- sell	(m)
+		- shop	(r)
+		- antiques.shop	(r)
+		- automotive.shop	(r)
+		- books.shop	(r)
+		- cameras-photo.shop	(r)
+		- coins.shop	(r)
+		- collectables.shop	(r)
+		- computers.shop	(r)
+		- electronics.shop	(r)
+		- entertainment.shop	(r)
+		- everything-else.shop	(r)
+		- games.shop	(r)
+		- industry.shop	(r)
+		- jewellery-watches.shop	(r)
+		- sports.shop	(r)
+		- stamps.shop	(r)
+		- stores.shop	(m)
+		- antiques.stores.shop	(m)
+		- automotive.stores.shop	(m)
+		- books.stores.shop	(m)
+		- cameras-photo.stores.shop	(m)
+		- clothing.stores.shop	(m)
+		- collectables.stores.shop	(m)
+		- computers.stores.shop	(m)
+		- electronics.stores.shop	(m)
+		- entertainment.stores.shop	(m)
+		- everything-else.stores.shop	(m)
+		- games.stores.shop	(m)
+		- health-beauty.stores.shop	(m)
+		- home-lifestyle.stores.shop	(m)
+		- jewellery-watches.stores.shop	(m)
+		- sports.stores.shop	(m)
+		- stamps.stores.shop	(m)
+		- toys.stores.shop	(m)
+		- toys.shop	(r)
+		- stores	(h)
+		- svcs	(m)
+		- terapeak	(m)
+		- track	(m)
+		- vv	(r)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="eBay.com.hk">
+
+	<target host="ebay.com.hk" />
+	<target host="www.ebay.com.hk" />
+	<target host="anywhere.ebay.com.hk" />
+	<target host="apacshipping.ebay.com.hk" />
+	<target host="api.apacshipping.ebay.com.hk" />
+	<target host="origin-api.apacshipping.ebay.com.hk" />
+	<target host="applications.ebay.com.hk" />
+	<target host="arbd.ebay.com.hk" />
+	<target host="auth.ebay.com.hk" />
+	<target host="www.billing.ebay.com.hk" />
+	<target host="www.bizpolicy.ebay.com.hk" />
+	<target host="bulkedit.ebay.com.hk" />
+	<target host="bulksell.ebay.com.hk" />
+	<target host="www.buyvrfn.ebay.com.hk" />
+	<target host="c.ebay.com.hk" />
+	<target host="cart.ebay.com.hk" />
+	<target host="cbt1.ebay.com.hk" />
+	<target host="cbtreport.ebay.com.hk" />
+	<target host="cgi.ebay.com.hk" />
+	<target host="cgi3.ebay.com.hk" />
+	<target host="msa-b1.cgi3.ebay.com.hk" />
+	<target host="cgi5.ebay.com.hk" />
+	<target host="msa-b1.cgi5.ebay.com.hk" />
+	<target host="cgi6.ebay.com.hk" />
+	<target host="checkout.ebay.com.hk" />
+	<target host="connect.ebay.com.hk" />
+	<target host="contact.ebay.com.hk" />
+	<target host="csmessage.ebay.com.hk" />
+	<target host="csr.ebay.com.hk" />
+	<target host="csverification.ebay.com.hk" />
+	<target host="cvvs.ebay.com.hk" />
+	<target host="dispute-resolution.ebay.com.hk" />
+	<target host="epn.ebay.com.hk" />
+	<target host="epnt.ebay.com.hk" />
+	<target host="epsvc.ebay.com.hk" />
+	<target host="exportnews.ebay.com.hk" />
+	<target host="fedauth.ebay.com.hk" />
+	<target host="fedsignin.ebay.com.hk" />
+	<target host="feedback.ebay.com.hk" />
+	<target host="frame.ebay.com.hk" />
+	<target host="fundinginstrument.ebay.com.hk" />
+	<target host="fyp.ebay.com.hk" />
+	<target host="fyp2.ebay.com.hk" />
+	<target host="gccbtapi.ebay.com.hk" />
+	<target host="gha.ebay.com.hk" />
+	<target host="www.ilvrfn.ebay.com.hk" />
+	<target host="invoice.ebay.com.hk" />
+	<target host="item.ebay.com.hk" />
+	<target host="www.kgvrfn.ebay.com.hk" />
+	<target host="m.ebay.com.hk" />
+	<target host="www.m.ebay.com.hk" />
+	<target host="reg.m.ebay.com.hk" />
+	<target host="scgi.m.ebay.com.hk" />
+	<target host="signin.m.ebay.com.hk" />
+	<target host="mbuy.ebay.com.hk" />
+	<target host="mesg.ebay.com.hk" />
+	<target host="notifyweb.ebay.com.hk" />
+	<target host="ocs.ebay.com.hk" />
+	<target host="ocsnext.ebay.com.hk" />
+	<target host="ocsrest.ebay.com.hk" />
+	<target host="ocswf.ebay.com.hk" />
+	<target host="offer.ebay.com.hk" />
+	<target host="ofr.ebay.com.hk" />
+	<target host="pages.ebay.com.hk" />
+	<target host="paisapay.ebay.com.hk" />
+	<target host="pay.ebay.com.hk" />
+	<target host="payments.ebay.com.hk" />
+	<target host="apps.payments.ebay.com.hk" />
+	<target host="checkout.payments.ebay.com.hk" />
+	<target host="guestcheckout.payments.ebay.com.hk" />
+	<target host="paymentscmd.ebay.com.hk" />
+	<target host="pgc.ebay.com.hk" />
+	<target host="www.picupload.ebay.com.hk" />
+	<target host="ppm1.ebay.com.hk" />
+	<target host="ppm3.ebay.com.hk" />
+	<target host="pulsar.ebay.com.hk" />
+	<target host="qu.ebay.com.hk" />
+	<target host="rebulk.ebay.com.hk" />
+	<target host="reg.ebay.com.hk" />
+	<target host="res.ebay.com.hk" />
+	<target host="resolutioncenter.ebay.com.hk" />
+	<target host="rover.ebay.com.hk" />
+	<target host="apacshipping.sandbox.ebay.com.hk" />
+	<target host="www.bizpolicy.sandbox.ebay.com.hk" />
+	<target host="gccbtapi.sandbox.ebay.com.hk" />
+	<target host="scgi.ebay.com.hk" />
+	<target host="secureportal.ebay.com.hk" />
+	<target host="securepromo.ebay.com.hk" />
+	<target host="secureregistration.ebay.com.hk" />
+	<target host="sellerstandards.ebay.com.hk" />
+	<target host="sellvrfn.ebay.com.hk" />
+	<target host="www.sellvrfn.ebay.com.hk" />
+	<target host="settings.ebay.com.hk" />
+	<target host="shippingtool.ebay.com.hk" />
+	<target host="shiptrack.ebay.com.hk" />
+	<target host="signin.ebay.com.hk" />
+	<target host="signinalert.ebay.com.hk" />
+	<target host="sofe.ebay.com.hk" />
+	<target host="spd.ebay.com.hk" />
+	<target host="www.sps.ebay.com.hk" />
+	<target host="srtm.ebay.com.hk" />
+	<target host="viv.ebay.com.hk" />
+	<target host="wantitnow.ebay.com.hk" />
+
+	<!-- fix http redirect -->
+	<rule from="^http://ebay\.com\.hk/"
+		to="https://www.ebay.com.hk/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ebay.com.my.xml b/src/chrome/content/rules/ebay.com.my.xml
new file mode 100644
index 000000000000..3f2e2d371912
--- /dev/null
+++ b/src/chrome/content/rules/ebay.com.my.xml
@@ -0,0 +1,180 @@
+<!--
+
+	For other eBay coverage, see ebay.com.xml
+
+
+	Non-functional subdomains:
+
+		- ebay.com.my	(h)
+		- advertise	(t)
+		- affiliates	(m)
+		- anywhere	(i)
+		- apps	(i)
+		- arribada	(t)
+		- blogs	(m)
+		- search.blogs	(m)
+		- cancel	(r)
+		- cgi1	(r)
+		- cgi4	(r)
+		- comm	(r)
+		- cs	(t)
+		- deals	(m)
+		- e.deals	(m)
+		- l.deals	(m)
+		- developer	(m)
+		- em	(m)
+		- m.g	(m)
+		- hub	(m)
+		- k2b-bulk	(i)
+		- k2b-email	(i)
+		- k2b-fbdk	(i)
+		- k2b-print	(i)
+		- listings	(m)
+		- mail	(m)
+		- members	(m)
+		- mesgmy	(r)
+		- mobile	(m)
+		- my	(r)
+		- myworld	(r)
+		- ocs	(m)
+		- portal	(r)
+		- previewitem	(r)
+		- www.proxy	(HTTP 404 error)
+		- returns	(m)
+		- reviews	(r)
+		- search.reviews	(r)
+		- sell	(m)
+		- selling	(e)
+		- shop	(r)
+		- books.shop	(r)
+		- desc.shop	(r)
+		- hub.shop	(r)
+		- stores.shop	(m)
+		- antiques.stores.shop	(m)
+		- clothing-shoes-accessories.stores.shop	(m)
+		- collectables.stores.shop	(m)
+		- collectibles.stores.shop	(m)
+		- computers.stores.shop	(m)
+		- health-beauty.stores.shop	(m)
+		- home.stores.shop	(m)
+		- music.stores.shop	(m)
+		- pottery-glass.stores.shop	(m)
+		- sporting-goods.stores.shop	(m)
+		- sports-cards.stores.shop	(m)
+		- travel.stores.shop	(m)
+		- vehicle-parts.stores.shop	(m)
+		- toys-hobbies.shop	(r)
+		- video-games.shop	(r)
+		- stores	(h)
+		- www.stores	(m)
+		- svcs	(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="eBay.com.my">
+
+	<target host="ebay.com.my" />
+	<target host="www.ebay.com.my" />
+	<target host="applications.ebay.com.my" />
+	<target host="arbd.ebay.com.my" />
+	<target host="auth.ebay.com.my" />
+	<target host="www.billing.ebay.com.my" />
+	<target host="www.bizpolicy.ebay.com.my" />
+	<target host="bulkedit.ebay.com.my" />
+	<target host="bulksell.ebay.com.my" />
+	<target host="www.buyvrfn.ebay.com.my" />
+	<target host="c.ebay.com.my" />
+	<target host="cart.ebay.com.my" />
+	<target host="cgi.ebay.com.my" />
+	<target host="cgi3.ebay.com.my" />
+	<target host="msa-b1.cgi3.ebay.com.my" />
+	<target host="cgi5.ebay.com.my" />
+	<target host="msa-b1.cgi5.ebay.com.my" />
+	<target host="cgi6.ebay.com.my" />
+	<target host="checkout.ebay.com.my" />
+	<target host="connect.ebay.com.my" />
+	<target host="contact.ebay.com.my" />
+	<target host="csr.ebay.com.my" />
+	<target host="dispute-resolution.ebay.com.my" />
+	<target host="epn.ebay.com.my" />
+	<target host="epnt.ebay.com.my" />
+	<target host="epsvc.ebay.com.my" />
+	<target host="fedauth.ebay.com.my" />
+	<target host="fedsignin.ebay.com.my" />
+	<target host="feedback.ebay.com.my" />
+	<target host="frame.ebay.com.my" />
+	<target host="fundinginstrument.ebay.com.my" />
+	<target host="fyp.ebay.com.my" />
+	<target host="fyp2.ebay.com.my" />
+	<target host="gha.ebay.com.my" />
+	<target host="info.ebay.com.my" />
+	<target host="invoice.ebay.com.my" />
+	<target host="item.ebay.com.my" />
+	<target host="www.kgvrfn.ebay.com.my" />
+	<target host="m.ebay.com.my" />
+	<target host="www.m.ebay.com.my" />
+	<target host="reg.m.ebay.com.my" />
+	<target host="scgi.m.ebay.com.my" />
+	<target host="signin.m.ebay.com.my" />
+	<target host="marketing.ebay.com.my" />
+	<target host="mbuy.ebay.com.my" />
+	<target host="mesg.ebay.com.my" />
+	<target host="notifyweb.ebay.com.my" />
+	<target host="ocsnext.ebay.com.my" />
+	<target host="ocsrest.ebay.com.my" />
+	<target host="ocswf.ebay.com.my" />
+	<target host="offer.ebay.com.my" />
+	<target host="ofr.ebay.com.my" />
+	<target host="pages.ebay.com.my" />
+	<target host="paisapay.ebay.com.my" />
+	<target host="pay.ebay.com.my" />
+	<target host="payments.ebay.com.my" />
+	<target host="apps.payments.ebay.com.my" />
+	<target host="checkout.payments.ebay.com.my" />
+	<target host="guestcheckout.payments.ebay.com.my" />
+	<target host="paymentscmd.ebay.com.my" />
+	<target host="www.picupload.ebay.com.my" />
+	<target host="nw.pp.ebay.com.my" />
+	<target host="www.nw.pp.ebay.com.my" />
+	<target host="ppm1.ebay.com.my" />
+	<target host="ppm3.ebay.com.my" />
+	<target host="pulsar.ebay.com.my" />
+	<target host="qu.ebay.com.my" />
+	<target host="rebulk.ebay.com.my" />
+	<target host="reg.ebay.com.my" />
+	<target host="res.ebay.com.my" />
+	<target host="resolutioncenter.ebay.com.my" />
+	<target host="resolutioncentre.ebay.com.my" />
+	<target host="reward.ebay.com.my" />
+	<target host="rover.ebay.com.my" />
+	<target host="www.bizpolicy.sandbox.ebay.com.my" />
+	<target host="scgi.ebay.com.my" />
+	<target host="securefeedback.ebay.com.my" />
+	<target host="secureportal.ebay.com.my" />
+	<target host="securepromo.ebay.com.my" />
+	<target host="secureregistration.ebay.com.my" />
+	<target host="sellerstandards.ebay.com.my" />
+	<target host="settings.ebay.com.my" />
+	<target host="shiptrack.ebay.com.my" />
+	<target host="signin.ebay.com.my" />
+	<target host="signinalert.ebay.com.my" />
+	<target host="sofe.ebay.com.my" />
+	<target host="spd.ebay.com.my" />
+	<target host="www.sps.ebay.com.my" />
+	<target host="srtm.ebay.com.my" />
+	<target host="viv.ebay.com.my" />
+	<target host="wantitnow.ebay.com.my" />
+
+	<!-- fix http redirect -->
+	<rule from="^http://ebay\.com\.my/"
+		to="https://www.ebay.com.my/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ebay.com.sg.xml b/src/chrome/content/rules/ebay.com.sg.xml
new file mode 100644
index 000000000000..996b3b5c8474
--- /dev/null
+++ b/src/chrome/content/rules/ebay.com.sg.xml
@@ -0,0 +1,195 @@
+<!--
+
+	For other eBay coverage, see ebay.com.xml
+
+
+	Non-functional subdomains:
+
+		- ebay.com.sg	(h)
+		- affiliates	(m)
+		- arribada	(t)
+		- blogs	(m)
+		- search.blogs	(m)
+		- cancel	(r)
+		- catalog	(r)
+		- cgi1	(r)
+		- cgi4	(r)
+		- comm	(r)
+		- cs	(t)
+		- deals	(m)
+		- e.deals	(m)
+		- l.deals	(m)
+		- developer	(m)
+		- m.g	(m)
+		- hub	(m)
+		- item		(invalid redirect)
+		- k2b-bulk	(i)
+		- k2b-email	(i)
+		- k2b-fbdk	(i)
+		- k2b-print	(i)
+		- listings	(m)
+		- art.listings	(m)
+		- mail	(m)
+		- members	(m)
+		- mesgmy	(r)
+		- mobile	(m)
+		- my	(r)
+		- myworld	(r)
+		- search.myworld	(m)
+		- my.sandbox.ph	(r)
+		- portal	(r)
+		- previewitem	(r)
+		- www.proxy	(HTTP 404 error)
+		- reviews	(r)
+		- search.reviews	(r)
+		- www.rsvp	(t)
+		- sea		(m)
+		- sell	(m)
+		- shop	(r)
+		- antiques.shop	(r)
+		- baby.shop	(r)
+		- cell-phones.shop	(r)
+		- hub.shop	(r)
+		- mobile-phones.shop	(r)
+		- music.shop	(r)
+		- sports.shop	(r)
+		- stamps.shop	(r)
+		- stores.shop	(m)
+		- antiques.stores.shop	(m)
+		- art.stores.shop	(m)
+		- books.stores.shop	(m)
+		- business.stores.shop	(m)
+		- cell-phones.stores.shop	(m)
+		- clothing.stores.shop	(m)
+		- clothing-shoes-accessories.stores.shop	(m)
+		- coins.stores.shop	(m)
+		- computers.stores.shop	(m)
+		- dvd.stores.shop	(m)
+		- electronics.stores.shop	(m)
+		- everythingelse.stores.shop	(m)
+		- music.stores.shop	(m)
+		- realestate.stores.shop	(m)
+		- sporting-goods.stores.shop	(m)
+		- sportinggoods.stores.shop	(m)
+		- toys.stores.shop	(m)
+		- vehicle-parts.stores.shop	(m)
+		- video-games.stores.shop	(m)
+		- video-games.shop	(r)
+		- stores	(h)
+		- www.stores	(m)
+		- search.stores	(m)
+		- svcs	(m)
+		- tools	(h)
+		- wap	(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="eBay.com.sg">
+
+	<target host="ebay.com.sg" />
+	<target host="www.ebay.com.sg" />
+	<target host="anywhere.ebay.com.sg" />
+	<target host="applications.ebay.com.sg" />
+	<target host="arbd.ebay.com.sg" />
+	<target host="auth.ebay.com.sg" />
+	<target host="www.billing.ebay.com.sg" />
+	<target host="www.bizpolicy.ebay.com.sg" />
+	<target host="bulkedit.ebay.com.sg" />
+	<target host="bulksell.ebay.com.sg" />
+	<target host="www.buyvrfn.ebay.com.sg" />
+	<target host="c.ebay.com.sg" />
+	<target host="cart.ebay.com.sg" />
+	<target host="cgi.ebay.com.sg" />
+	<target host="cgi3.ebay.com.sg" />
+	<target host="msa-b1.cgi3.ebay.com.sg" />
+	<target host="cgi5.ebay.com.sg" />
+	<target host="msa-b1.cgi5.ebay.com.sg" />
+	<target host="cgi6.ebay.com.sg" />
+	<target host="checkout.ebay.com.sg" />
+	<target host="connect.ebay.com.sg" />
+	<target host="contact.ebay.com.sg" />
+	<target host="csr.ebay.com.sg" />
+	<target host="dispute-resolution.ebay.com.sg" />
+	<target host="epn.ebay.com.sg" />
+	<target host="epnt.ebay.com.sg" />
+	<target host="epsvc.ebay.com.sg" />
+	<target host="fedauth.ebay.com.sg" />
+	<target host="fedsignin.ebay.com.sg" />
+	<target host="feedback.ebay.com.sg" />
+	<target host="frame.ebay.com.sg" />
+	<target host="fundinginstrument.ebay.com.sg" />
+	<target host="fyp.ebay.com.sg" />
+	<target host="fyp2.ebay.com.sg" />
+	<target host="gha.ebay.com.sg" />
+	<target host="www.ilvrfn.ebay.com.sg" />
+	<target host="info.ebay.com.sg" />
+	<target host="invoice.ebay.com.sg" />
+	<target host="www.kgvrfn.ebay.com.sg" />
+	<target host="m.ebay.com.sg" />
+	<target host="www.m.ebay.com.sg" />
+	<target host="reg.m.ebay.com.sg" />
+	<target host="scgi.m.ebay.com.sg" />
+	<target host="signin.m.ebay.com.sg" />
+	<target host="marketing.ebay.com.sg" />
+	<target host="mbuy.ebay.com.sg" />
+	<target host="mesg.ebay.com.sg" />
+	<target host="notifyweb.ebay.com.sg" />
+	<target host="ocs.ebay.com.sg" />
+	<target host="ocsnext.ebay.com.sg" />
+	<target host="ocsrest.ebay.com.sg" />
+	<target host="ocswf.ebay.com.sg" />
+	<target host="offer.ebay.com.sg" />
+	<target host="ofr.ebay.com.sg" />
+	<target host="pages.ebay.com.sg" />
+	<target host="paisapay.ebay.com.sg" />
+	<target host="pay.ebay.com.sg" />
+	<target host="payments.ebay.com.sg" />
+	<target host="apps.payments.ebay.com.sg" />
+	<target host="checkout.payments.ebay.com.sg" />
+	<target host="guestcheckout.payments.ebay.com.sg" />
+	<target host="paymentscmd.ebay.com.sg" />
+	<target host="www.picupload.ebay.com.sg" />
+	<target host="nw.pp.ebay.com.sg" />
+	<target host="www.nw.pp.ebay.com.sg" />
+	<target host="ppm1.ebay.com.sg" />
+	<target host="ppm3.ebay.com.sg" />
+	<target host="pulsar.ebay.com.sg" />
+	<target host="qu.ebay.com.sg" />
+	<target host="rebulk.ebay.com.sg" />
+	<target host="reg.ebay.com.sg" />
+	<target host="res.ebay.com.sg" />
+	<target host="resolutioncenter.ebay.com.sg" />
+	<target host="resolutioncentre.ebay.com.sg" />
+	<target host="reward.ebay.com.sg" />
+	<target host="rover.ebay.com.sg" />
+	<target host="www.bizpolicy.sandbox.ebay.com.sg" />
+	<target host="scgi.ebay.com.sg" />
+	<target host="securefeedback.ebay.com.sg" />
+	<target host="secureportal.ebay.com.sg" />
+	<target host="securepromo.ebay.com.sg" />
+	<target host="secureregistration.ebay.com.sg" />
+	<target host="sellerstandards.ebay.com.sg" />
+	<target host="settings.ebay.com.sg" />
+	<target host="shiptrack.ebay.com.sg" />
+	<target host="signin.ebay.com.sg" />
+	<target host="signinalert.ebay.com.sg" />
+	<target host="sofe.ebay.com.sg" />
+	<target host="spd.ebay.com.sg" />
+	<target host="www.sps.ebay.com.sg" />
+	<target host="srtm.ebay.com.sg" />
+	<target host="viv.ebay.com.sg" />
+	<target host="wantitnow.ebay.com.sg" />
+
+	<!-- fix http redirect -->
+	<rule from="^http://ebay\.com\.sg/"
+		to="https://www.ebay.com.sg/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ebay.com.xml b/src/chrome/content/rules/ebay.com.xml
new file mode 100644
index 000000000000..4e7b88c3d084
--- /dev/null
+++ b/src/chrome/content/rules/ebay.com.xml
@@ -0,0 +1,103 @@
+<!--
+The following targets have been disabled at 2020-04-17 18:38:06:
+
+Fetch error: http://forums.ebay.com/ => https://forums.ebay.com/: not enough values to unpack (expected 2, got 1)
+Fetch error: http://shopbot.ebay.com/ => https://shopbot.ebay.com/: (35, 'OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to shopbot.ebay.com:443 ')
+
+
+	Other eBay rulesets:
+
+		- ebay.at.xml
+		- ebay.be.xml
+		- ebay.ca.xml
+		- ebay.ch.xml
+		- ebay.co.uk.xml
+		- ebay.com.au.xml
+		- ebay.com.hk.xml
+		- ebay.com.my.xml
+		- ebay.com.sg.xml
+		- ebay.de.xml
+		- ebay.es.xml
+		- ebay.fr.xml
+		- ebay.ie.xml
+		- ebay.in.xml
+		- ebay.it.xml
+		- ebay.nl.xml
+		- ebay.ph.xml
+		- ebay.pl.xml
+		- ebay.ru.xml
+		- ebayimg.com.xml
+		- ebayrtm.com.xml
+		- ebaystatic.com.xml
+
+
+	Non-functional subdomains:
+
+		- ebay.com	(h)
+		- announcements	(m)
+		- answercenter	(m)
+		- certificates	(m)
+		- deals	(m)
+		- garden	(m)
+		- groups	(m)
+		- hub.motors	(m)
+		- my	(r)
+		- myworld	(m)
+		- rtm	(m)
+		- shop	(m)
+		- stores	(h)
+    - community (t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="eBay.com">
+
+	<target host="ebay.com" />
+	<target host="www.ebay.com" />
+	<target host="anywhere.ebay.com" />
+	<target host="cgi.ebay.com" />
+	<target host="charity.ebay.com" />
+	<!-- <target host="community.ebay.com" /> -->
+	<target host="developer.ebay.com" />
+	<target host="donation.ebay.com" />
+	<target host="explore.ebay.com" />
+	<!-- target host="feedback.ebay.com" /-->
+	<target host="forums.developer.ebay.com" />
+	<!-- target host="forums.ebay.com" /-->
+	<target host="frame.ebay.com" />
+	<target host="giftcertificates.ebay.com" />
+	<target host="givingworks.ebay.com" />
+	<target host="go.developer.ebay.com" />
+	<!-- target host="ocs.ebay.com" /-->
+	<target host="ocsnext.ebay.com" />
+	<target host="pages.ebay.com" />
+	<target host="partnernetwork.ebay.com" />
+	<target host="payments.ebay.com" />
+	<!-- target host="qu.ebay.com" /-->
+	<target host="reco.ebay.com" />
+	<target host="resolutioncenter.ebay.com" />
+	<!-- target host="rover.ebay.com" /-->
+	<target host="scgi.ebay.com" />
+	<!-- target host="securethumbs.ebay.com" /-->
+	<target host="sellforme.ebay.com" />
+	<!-- target host="shopbot.ebay.com" /-->
+	<target host="signin.ebay.com" />
+	<target host="spages.half.ebay.com" />
+	<target host="srtm.ebay.com" />
+	<target host="svcs.ebay.com" />
+	<target host="thumbs.ebay.com" />
+	<!-- <target host="viv.ebay.com" /> -->
+
+	<!-- fix http redirect -->
+	<rule from="^http://ebay\.com/"
+		to="https://www.ebay.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ebay.de.xml b/src/chrome/content/rules/ebay.de.xml
new file mode 100644
index 000000000000..769a18810748
--- /dev/null
+++ b/src/chrome/content/rules/ebay.de.xml
@@ -0,0 +1,294 @@
+<!--
+
+	For other eBay coverage, see ebay.com.xml
+
+
+	Non-functional subdomains:
+
+		- ebay.de	(h)
+		- aetka	(m)
+		- arribada	(t)
+		- autodiscover (r)
+		- autoservice	(r)
+		- axa	(h)
+		- blogs	(m)
+		- buyvrfn	(m)
+		- cancel	(r)
+		- cgi1	(m)
+		- msa-b1.cgi3 (i)
+		- cgi4	(r)
+		- comm	(r)
+		- community-legacy	(m)
+		- cs	(t)
+		- deals	(r)
+		- dealseu	(r)
+		- deutsche-post	(h)
+		- deutschepost	(h)
+		- dhl	(h)
+		- dna	(r)
+		- donations	(t)
+		- dsa	(m)
+		- einkaufstipps	(r)
+		- einladen	(r)
+		- elektronik-ankauf (e)
+		- entwickler	(m)
+		- epluswap	(m)
+		- scgi.express	(m)
+		- signin.express	(m)
+		- www.gmk	(t)
+		- hermes	(h)
+		- heute	(m)
+		- hrs	(h)
+		- hub	(m)
+		- influencernetwork (e)
+		- inspiriert	(r)
+		- internationalverkaufen	(r)
+		- item (h)
+		- console.internationalverkaufen	(r)
+		- www.kleinanzeigen	(m)
+		- lego	(m)
+		- lers (m)
+		- mail	(r)
+		- members	(m)
+		- mesgmy	(r)
+		- mobil	(m)
+		- my	(r)
+		- myworld	(r)
+		- o2wap	(m)
+		- paketshop	(m)
+		- partner	(h)
+		- portal	(r)
+		- postbank	(h)
+		- powerseller	(t)
+		- presse	(m)
+		- presseconsole	(t)
+		- previewitem	(r)
+		- programm (t)
+		- www.proxy	(HTTP 404 error)
+		- recommendations	(r)
+		- returns	(m)
+		- feedback.rtl (m)
+		- www.sandbox	(r)
+		- fedsignin.sandbox	(HTTP 503 error)
+		- merchant.sandbox (t)
+		- www.mipapplication.sandbox	(r)
+		- my.sandbox	(r)
+		- payments.sandbox	(m)
+		- reg.sandbox	(r)
+		- bastelbedarf.shop.sandbox	(r)
+		- briefmarken.shop.sandbox	(r)
+		- fahrzeugteile.shop.sandbox	(r)
+		- haustierbedarf.shop.sandbox	(r)
+		- modellbau.shop.sandbox	(r)
+		- scat	(r)
+		- search-completed	(r)
+		- seat	(m)
+		- securepromo (t)
+		- selfiecup	(r)
+		- sell	(m)
+		- shop	(r)
+		- beauty.shop	(r)
+		- desc.shop	(r)
+		- fahrzeuge.shop	(r)
+		- games.shop	(r)
+		- hub.shop	(r)
+		- immobilien.shop	(r)
+		- kunst.shop	(r)
+		- schmuck.shop	(r)
+		- spielzeug.shop	(m)
+		- stores.shop	(m)
+		- baby.stores.shop	(m)
+		- briefmarken.stores.shop	(m)
+		- buecher.stores.shop	(m)
+		- business.stores.shop	(m)
+		- computer.stores.shop	(m)
+		- fahrzeugteile.stores.shop	(m)
+		- feinschmecker.stores.shop	(m)
+		- filme.stores.shop	(m)
+		- foto.stores.shop	(m)
+		- haushaltsgeraete.stores.shop	(m)
+		- haustierbedarf.stores.shop	(m)
+		- heimwerker.stores.shop	(m)
+		- immobilien.stores.shop	(m)
+		- kleidung.stores.shop	(m)
+		- modellbau.stores.shop	(m)
+		- sammeln.stores.shop	(m)
+		- schmuck.stores.shop	(m)
+		- sport.stores.shop	(m)
+		- wohnen.stores.shop	(m)
+		- sm	(r)
+		- www.sm	(r)
+		- sofortverkauf (e)
+		- specials	(h)
+		- spielplatz	(m)
+		- stage-partner	(t)
+		- stage-specials	(t)
+		- stars	(r)
+		- storefront	(m)
+		- stores	(h)
+		- www.stores	(m)
+		- search.stores	(m)
+		- success	(t)
+		- t-mobile	(h)
+		- technology	(t)
+		- search.testberichte	(r)
+		- tmobile	(t)
+		- tracking-staging	(r)
+		- trend-barometer-admin	(r)
+		- upload	(r)
+		- vattenfall	(h)
+		- verimonitor	(r)
+		- versand (t)
+		- versand-staging	(t)
+		- volkswagen	(m)
+		- wap	(m)
+		- wwww	(m)
+		- zeus-na	(r)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="eBay.de">
+
+	<target host="ebay.de" />
+	<target host="www.ebay.de" />
+	<target host="advertising.ebay.de" />
+	<target host="anywhere.ebay.de" />
+	<target host="applications.ebay.de" />
+	<target host="arbd.ebay.de" />
+	<target host="auth.ebay.de" />
+	<target host="www.billing.ebay.de" />
+	<target host="www.bizpolicy.ebay.de" />
+	<target host="www.bizvrfn.ebay.de" />
+	<target host="bulkedit.ebay.de" />
+	<target host="bulksell.ebay.de" />
+	<target host="www.buyvrfn.ebay.de" />
+	<target host="c.ebay.de" />
+	<target host="cart.ebay.de" />
+	<target host="cgi.ebay.de" />
+	<target host="cgi3.ebay.de" />
+	<target host="cgi5.ebay.de" />
+	<target host="msa-b1.cgi5.ebay.de" />
+	<target host="cgi6.ebay.de" />
+	<target host="checkoutweb.ebay.de" />
+	<target host="community.ebay.de" />
+	<target host="connect.ebay.de" />
+	<target host="contact.ebay.de" />
+	<target host="csr.ebay.de" />
+	<target host="dispute-resolution.ebay.de" />
+	<target host="donation.ebay.de" />
+	<target host="www.donation.ebay.de" />
+	<target host="www.signup.ebayplus.ebay.de" />
+	<target host="epn.ebay.de" />
+	<target host="epnt.ebay.de" />
+	<target host="epsvc.ebay.de" />
+	<target host="euronics.ebay.de" />
+	<target host="fedauth.ebay.de" />
+	<target host="fedsignin.ebay.de" />
+	<target host="www.feectr.ebay.de" />
+	<target host="feedback.ebay.de" />
+	<target host="www.fees.ebay.de" />
+	<target host="frame.ebay.de" />
+	<target host="fundinginstrument.ebay.de" />
+	<target host="fyp.ebay.de" />
+	<target host="fyp2.ebay.de" />
+	<target host="gha.ebay.de" />
+	<target host="gslblui.ebay.de" />
+	<target host="www.ilvrfn.ebay.de" />
+	<target host="invoice.ebay.de" />
+	<target host="k2b-bulk.ebay.de" />
+	<target host="www.kgvrfn.ebay.de" />
+	<target host="kleinanzeigen.ebay.de" />
+	<target host="m.kleinanzeigen.ebay.de" />
+	<target host="komfort.ebay.de" />
+	<target host="m.ebay.de" />
+	<target host="www.m.ebay.de" />
+	<target host="reg.m.ebay.de" />
+	<target host="scgi.m.ebay.de" />
+	<target host="signin.m.ebay.de" />
+	<target host="marketing.ebay.de" />
+	<target host="mbuy.ebay.de" />
+	<target host="mediamarkt.ebay.de" />
+	<target host="medimax.ebay.de" />
+	<target host="merchant.ebay.de" />
+	<target host="mesg.ebay.de" />
+	<target host="www.mip.ebay.de" />
+	<target host="www.mipapplication.ebay.de" />
+	<target host="namechange.ebay.de" />
+	<target host="news.ebay.de" />
+	<target host="ocs.ebay.de" />
+	<target host="ocsnext.ebay.de" />
+	<target host="ocsrest.ebay.de" />
+	<target host="ocswf.ebay.de" />
+	<target host="offer.ebay.de" />
+	<target host="ofr.ebay.de" />
+	<target host="pages.ebay.de" />
+	<target host="partnernetwork.ebay.de" />
+	<target host="pay.ebay.de" />
+	<target host="payments.ebay.de" />
+	<target host="apps.payments.ebay.de" />
+	<target host="cart.payments.ebay.de" />
+	<target host="checkout.payments.ebay.de" />
+	<target host="guestcheckout.payments.ebay.de" />
+	<target host="paymentscmd.ebay.de" />
+	<target host="www.picupload.ebay.de" />
+	<target host="pls.ebay.de" />
+	<target host="postage.ebay.de" />
+	<target host="nw.pp.ebay.de" />
+	<target host="www.nw.pp.ebay.de" />
+	<target host="ppm1.ebay.de" />
+	<target host="ppm3.ebay.de" />
+	<target host="prefs.ebay.de" />
+	<target host="profisuche.ebay.de" />
+	<target host="pulsar.ebay.de" />
+	<target host="qu.ebay.de" />
+	<target host="rebulk.ebay.de" />
+	<target host="reg.ebay.de" />
+	<target host="res.ebay.de" />
+	<target host="resolutioncenter.ebay.de" />
+	<target host="reward.ebay.de" />
+	<target host="rewards.ebay.de" />
+	<target host="rover.ebay.de" />
+	<target host="www.rsvp.ebay.de" />
+	<target host="www.bizpolicy.sandbox.ebay.de" />
+	<target host="checkout.sandbox.ebay.de" />
+	<target host="community.sandbox.ebay.de" />
+	<target host="fedauth.sandbox.ebay.de" />
+	<target host="mesg.sandbox.ebay.de" />
+	<target host="www.mip.sandbox.ebay.de" />
+	<target host="resolutioncenter.sandbox.ebay.de" />
+	<target host="scgi.sandbox.ebay.de" />
+	<target host="signin.sandbox.ebay.de" />
+	<target host="saturn.ebay.de" />
+	<target host="scgi.ebay.de" />
+	<target host="secureportal.ebay.de" />
+	<target host="sellerstandards.ebay.de" />
+	<target host="sellerupdate.ebay.de" />
+	<target host="sellvrfn.ebay.de" />
+	<target host="www.sellvrfn.ebay.de" />
+	<target host="shipping.ebay.de" />
+	<target host="shiptrack.ebay.de" />
+	<target host="signin.ebay.de" />
+	<target host="sofe.ebay.de" />
+	<target host="spd.ebay.de" />
+	<target host="www.sps.ebay.de" />
+	<target host="srtm.ebay.de" />
+	<target host="www.subs.ebay.de" />
+	<target host="verkaeuferportal.ebay.de" />
+	<target host="viv.ebay.de" />
+	<target host="vod.ebay.de" />
+	<target host="wantitnow.ebay.de" />
+	<target host="wmsapp.ebay.de" />
+
+	<!-- fix http redirect -->
+	<rule from="^http://ebay\.de/"
+		to="https://www.ebay.de/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ebay.es.xml b/src/chrome/content/rules/ebay.es.xml
new file mode 100644
index 000000000000..4505e566f8b9
--- /dev/null
+++ b/src/chrome/content/rules/ebay.es.xml
@@ -0,0 +1,228 @@
+<!--
+
+	For other eBay coverage, see ebay.com.xml
+
+
+	Non-functional subdomain:
+
+		- ebay.es	(h)
+		- ecgapi.anuncios	(t)
+		- secure.anuncios	(m)
+		- static.anuncios	(m)
+		- wp.anuncios	(t)
+		- arribada	(t)
+		- blog-comunidad	(t)
+		- blogs	(m)
+		- cancel	(r)
+		- catalog	(r)
+		- cgi1	(m)
+		- cgi4	(r)
+		- coches-motos	(m)
+		- comm	(r)
+		- compraventa	(m)
+		- cs	(t)
+		- discounts	(r)
+		- entradas	(m)
+		- fastfitment	(i)
+		- m.g	(m)
+		- hawkemail	(r)
+		- hub	(m)
+		- identificadores	(r)
+		- k2b-bulk	(i)
+		- k2b-email	(i)
+		- k2b-fbdk	(i)
+		- k2b-print	(i)
+		- mail	(m)
+		- members	(m)
+		- mesgmy	(r)
+		- motor	(m)
+		- movimode	(m)
+		- movistar	(m)
+		- my	(r)
+		- myworld	(r)
+		- opiniones	(r)
+		- partner	(h)
+		- portal	(r)
+		- www.proxy	(HTTP 404 error)
+		- returns	(m)
+		- fedsignin.sandbox.ebay.es/ (503)
+		- mesgmy.sandbox	(r)
+		- www.mipapplication.sandbox	(r)
+		- my.sandbox	(r)
+		- payments.sandbox	(m)
+		- reg.sandbox	(r)
+		- coches-motos.shop.sandbox	(r)
+		- consolas-videojuegos.shop.sandbox	(r)
+		- ropa-complementos.shop.sandbox	(r)
+		- sell	(m)
+		- shop	(r)
+		- ropa-complementos.shop	(m)
+		- stores.shop	(m)
+		- arte-antiguedades.stores.shop	(m)
+		- bebes.stores.shop	(m)
+		- camaras-fotografia.stores.shop	(m)
+		- casa-jardin.stores.shop	(m)
+		- cine-dvd-peliculas.stores.shop	(m)
+		- coches-motos.stores.shop	(m)
+		- coleccionismo.stores.shop	(m)
+		- consolas-videojuegos.stores.shop	(m)
+		- deportes.stores.shop	(m)
+		- electrodomesticos.stores.shop	(m)
+		- filatelia.stores.shop	(m)
+		- imagen-sonido.stores.shop	(m)
+		- informatica-tablets.stores.shop	(m)
+		- instrumentos-musicales.stores.shop	(m)
+		- juguetes.stores.shop	(m)
+		- libros-comics.stores.shop	(m)
+		- moviles-telefonia.stores.shop	(m)
+		- numismatica.stores.shop	(m)
+		- relojes-joyas.stores.shop	(m)
+		- ropa-complementos.stores.shop	(m)
+		- vehiculos-recambios.stores.shop	(m)
+		- stage-partner	(t)
+		- stores	(h)
+		- www.stores	(m)
+		- search.stores	(m)
+		- support	(m)
+		- trucos	(r)
+		- upload	(r)
+		- vflive	(m)
+		- wap	(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="eBay.es">
+
+	<target host="ebay.es" />
+	<target host="www.ebay.es" />
+	<target host="advertising.ebay.es" />
+	<target host="anywhere.ebay.es" />
+	<target host="applications.ebay.es" />
+	<target host="arbd.ebay.es" />
+	<target host="auth.ebay.es" />
+	<target host="www.billing.ebay.es" />
+	<target host="www.bizpolicy.ebay.es" />
+	<target host="www.bizvrfn.ebay.es" />
+	<target host="bulkedit.ebay.es" />
+	<target host="bulksell.ebay.es" />
+	<target host="www.buyvrfn.ebay.es" />
+	<target host="c.ebay.es" />
+	<target host="cart.ebay.es" />
+	<target host="centroparavendedores.ebay.es" />
+	<target host="cgi.ebay.es" />
+	<target host="cgi3.ebay.es" />
+	<target host="msa-b1.cgi3.ebay.es" />
+	<target host="cgi5.ebay.es" />
+	<target host="msa-b1.cgi5.ebay.es" />
+	<target host="cgi6.ebay.es" />
+	<target host="checkout.ebay.es" />
+	<target host="comunidad.ebay.es" />
+	<target host="connect.ebay.es" />
+	<target host="contact.ebay.es" />
+	<target host="csr.ebay.es" />
+	<target host="envios.ebay.es" />
+	<target host="epn.ebay.es" />
+	<target host="epnt.ebay.es" />
+	<target host="epsvc.ebay.es" />
+	<target host="fedauth.ebay.es" />
+	<target host="fedsignin.ebay.es" />
+	<target host="feedback.ebay.es" />
+	<target host="frame.ebay.es" />
+	<target host="fundinginstrument.ebay.es" />
+	<target host="fyp.ebay.es" />
+	<target host="fyp2.ebay.es" />
+	<target host="gha.ebay.es" />
+	<target host="gslblui.ebay.es" />
+	<target host="www.ilvrfn.ebay.es" />
+	<target host="invoice.ebay.es" />
+	<target host="item.ebay.es" />
+	<target host="www.kgvrfn.ebay.es" />
+	<target host="m.ebay.es" />
+	<target host="www.m.ebay.es" />
+	<target host="reg.m.ebay.es" />
+	<target host="scgi.m.ebay.es" />
+	<target host="signin.m.ebay.es" />
+	<target host="marketing.ebay.es" />
+	<target host="mbuy.ebay.es" />
+	<target host="merchant.ebay.es" />
+	<target host="mesg.ebay.es" />
+	<target host="www.mip.ebay.es" />
+	<target host="www.mipapplication.ebay.es" />
+	<target host="notifyweb.ebay.es" />
+	<target host="ocs.ebay.es" />
+	<target host="ocsnext.ebay.es" />
+	<target host="ocsrest.ebay.es" />
+	<target host="ocswf.ebay.es" />
+	<target host="offer.ebay.es" />
+	<target host="ofr.ebay.es" />
+	<target host="pages.ebay.es" />
+	<target host="paisapay.ebay.es" />
+	<target host="partnernetwork.ebay.es" />
+	<target host="pay.ebay.es" />
+	<target host="payments.ebay.es" />
+	<target host="apps.payments.ebay.es" />
+	<target host="cart.payments.ebay.es" />
+	<target host="checkout.payments.ebay.es" />
+	<target host="guestcheckout.payments.ebay.es" />
+	<target host="paymentscmd.ebay.es" />
+	<target host="www.picupload.ebay.es" />
+	<target host="pls.ebay.es" />
+	<target host="postage.ebay.es" />
+	<target host="nw.pp.ebay.es" />
+	<target host="www.nw.pp.ebay.es" />
+	<target host="ppm1.ebay.es" />
+	<target host="ppm3.ebay.es" />
+	<target host="www.proxy.ebay.es" />
+	<target host="pulsar.ebay.es" />
+	<target host="qu.ebay.es" />
+	<target host="rebulk.ebay.es" />
+	<target host="reg.ebay.es" />
+	<target host="res.ebay.es" />
+	<target host="resolutioncenter.ebay.es" />
+	<target host="reward.ebay.es" />
+	<target host="rover.ebay.es" />
+	<target host="www.rsvp.ebay.es" />
+	<target host="www.bizpolicy.sandbox.ebay.es" />
+	<target host="checkout.sandbox.ebay.es" />
+	<target host="comunidad.sandbox.ebay.es" />
+	<target host="fedauth.sandbox.ebay.es" />
+	<target host="merchant.sandbox.ebay.es" />
+	<target host="mesg.sandbox.ebay.es" />
+	<target host="www.mip.sandbox.ebay.es" />
+	<target host="scgi.sandbox.ebay.es" />
+	<target host="signin.sandbox.ebay.es" />
+	<target host="scgi.ebay.es" />
+	<target host="securefeedback.ebay.es" />
+	<target host="secureportal.ebay.es" />
+	<target host="securepromo.ebay.es" />
+	<target host="secureregistration.ebay.es" />
+	<target host="sellerstandards.ebay.es" />
+	<target host="sellerupdate.ebay.es" />
+	<target host="sellvrfn.ebay.es" />
+	<target host="www.sellvrfn.ebay.es" />
+	<target host="settings.ebay.es" />
+	<target host="shiptrack.ebay.es" />
+	<target host="signin.ebay.es" />
+	<target host="signinalert.ebay.es" />
+	<target host="sofe.ebay.es" />
+	<target host="spd.ebay.es" />
+	<target host="www.sps.ebay.es" />
+	<target host="srtm.ebay.es" />
+	<target host="www.subs.ebay.es" />
+	<target host="viv.ebay.es" />
+	<target host="vod.ebay.es" />
+	<target host="wantitnow.ebay.es" />
+
+	<!-- fix http redirect -->
+	<rule from="^http://ebay\.es/"
+		to="https://www.ebay.es/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ebay.fr.xml b/src/chrome/content/rules/ebay.fr.xml
new file mode 100644
index 000000000000..28378983c9c4
--- /dev/null
+++ b/src/chrome/content/rules/ebay.fr.xml
@@ -0,0 +1,247 @@
+<!--
+
+	For other eBay coverage, see ebay.com.xml
+
+
+	Non-functional subdomain:
+
+		- ebay.fr	(h)
+		- actualites	(mixed-content)
+		- annonces	(m)
+		- annonces-aide	(m)
+		- arribada	(t)
+		- artist-index	(m)
+		- boutiques-de-marque	(m)
+		- cancel	(r)
+		- catalog	(r)
+		- cgi1	(r)
+		- comm	(r)
+		- cs	(t)
+		- deals	(r)
+		- depot-vente-partenaire	(m)
+		- developpeur	(m)
+		- fastfitment	(i)
+		- identifiants	(r)
+		- imode	(m)
+		- k2b-bulk	(i)
+		- k2b-email	(i)
+		- k2b-fbdk	(i)
+		- k2b-print	(i)
+		- automobile-moto.listings	(m)
+		- m1	(t)
+		- mail	(m)
+		- mapage	(r)
+		- mesgmy	(r)
+		- mpg	(r)
+		- my	(r)
+		- myworld	(r)
+		- orange	(r)
+		- orangegallery	(m)
+		- partenaires	(h)
+		- partner	(h)
+		- portal	(r)
+		- presse	(m)
+		- presseconsole	(t)
+		- previewitem	(r)
+		- returns	(m)
+		- fedsignin.sandbox	(HTTP 503 error)
+		- www.mipapplication.sandbox	(r)
+		- my.sandbox	(r)
+		- pages.sandbox	(r)
+		- payments.sandbox	(m)
+		- reg.sandbox	(r)
+		- art-antiquite.shop.sandbox	(r)
+		- bijoux-montres.shop.sandbox	(r)
+		- immobilier.shop.sandbox	(r)
+		- loisir.shop.sandbox	(r)
+		- musique-cd.shop.sandbox	(r)
+		- pieces-auto.shop.sandbox	(r)
+		- timbres.shop.sandbox	(r)
+		- seller	(m)
+		- sfr	(m)
+		- shop	(r)
+		- bricolage.shop	(r)
+		- collections.shop	(m)
+		- electromenager.shop	(r)
+		- livres-bd.shop	(m)
+		- pieces-auto.shop	(r)
+		- stores.shop	(m)
+		- accessoires-animaux.stores.shop	(m)
+		- accessoires-moto.stores.shop	(m)
+		- art-antiquite.stores.shop	(m)
+		- automobile-voiture.stores.shop	(m)
+		- bateau-nautisme.stores.shop	(m)
+		- beaute-parfums.stores.shop	(m)
+		- bijoux-montres.stores.shop	(m)
+		- bricolage.stores.shop	(m)
+		- ceramique-verre.stores.shop	(m)
+		- collections.stores.shop	(m)
+		- dvd-cinema.stores.shop	(m)
+		- electromenager.stores.shop	(m)
+		- immobilier.stores.shop	(m)
+		- informatique-pda.stores.shop	(m)
+		- jardin-terrasse.stores.shop	(m)
+		- jeux-video.stores.shop	(m)
+		- jouets-figurine.stores.shop	(m)
+		- livres-bd.stores.shop	(m)
+		- loisir.stores.shop	(m)
+		- maison.stores.shop	(m)
+		- monnaies.stores.shop	(m)
+		- musique-cd.stores.shop	(m)
+		- musique-instruments.stores.shop	(m)
+		- photo-video.stores.shop	(m)
+		- pieces-auto.stores.shop	(m)
+		- services.stores.shop	(m)
+		- sport-vacances.stores.shop	(m)
+		- telephone.stores.shop	(m)
+		- television-son.stores.shop	(m)
+		- timbres.stores.shop	(m)
+		- vetement-accessoires.stores.shop	(m)
+		- vins-gastronomie.stores.shop	(m)
+		- stage-partner	(t)
+		- stores	(h)
+		- www.stores	(m)
+		- support	(m)
+		- upload	(r)
+		- wap	(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="eBay.fr">
+
+	<target host="ebay.fr" />
+	<target host="www.ebay.fr" />
+	<target host="advertising.ebay.fr" />
+	<target host="anywhere.ebay.fr" />
+	<target host="applications.ebay.fr" />
+	<target host="arbd.ebay.fr" />
+	<target host="auth.ebay.fr" />
+	<target host="www.billing.ebay.fr" />
+	<target host="www.bizpolicy.ebay.fr" />
+	<target host="www.bizvrfn.ebay.fr" />
+	<target host="bulkedit.ebay.fr" />
+	<target host="bulksell.ebay.fr" />
+	<target host="www.buyvrfn.ebay.fr" />
+	<target host="c.ebay.fr" />
+	<target host="cart.ebay.fr" />
+	<target host="cgi.ebay.fr" />
+	<target host="cgi3.ebay.fr" />
+	<target host="msa-b1.cgi3.ebay.fr" />
+	<target host="cgi5.ebay.fr" />
+	<target host="msa-b1.cgi5.ebay.fr" />
+	<target host="cgi6.ebay.fr" />
+	<target host="checkout.ebay.fr" />
+	<target host="communaute.ebay.fr" />
+	<target host="connect.ebay.fr" />
+	<target host="contact.ebay.fr" />
+	<target host="csr.ebay.fr" />
+	<target host="dispute-resolution.ebay.fr" />
+	<target host="epn.ebay.fr" />
+	<target host="epnt.ebay.fr" />
+	<target host="epsvc.ebay.fr" />
+	<target host="espacevendeurs.ebay.fr" />
+	<target host="expeditions.ebay.fr" />
+	<target host="fedauth.ebay.fr" />
+	<target host="fedsignin.ebay.fr" />
+	<target host="feedback.ebay.fr" />
+	<target host="frame.ebay.fr" />
+	<target host="fundinginstrument.ebay.fr" />
+	<target host="fyp.ebay.fr" />
+	<target host="fyp2.ebay.fr" />
+	<target host="gha.ebay.fr" />
+	<target host="gslblui.ebay.fr" />
+	<target host="www.ilvrfn.ebay.fr" />
+	<target host="invoice.ebay.fr" />
+	<target host="item.ebay.fr" />
+	<target host="www.kgvrfn.ebay.fr" />
+	<target host="m.ebay.fr" />
+	<target host="www.m.ebay.fr" />
+	<target host="reg.m.ebay.fr" />
+	<target host="scgi.m.ebay.fr" />
+	<target host="signin.m.ebay.fr" />
+	<target host="marketing.ebay.fr" />
+	<target host="mbuy.ebay.fr" />
+	<target host="merchant.ebay.fr" />
+	<target host="mesg.ebay.fr" />
+	<target host="www.mip.ebay.fr" />
+	<target host="www.mipapplication.ebay.fr" />
+	<target host="notifyweb.ebay.fr" />
+	<target host="ocs.ebay.fr" />
+	<target host="ocsnext.ebay.fr" />
+	<target host="ocsrest.ebay.fr" />
+	<target host="ocswf.ebay.fr" />
+	<target host="offer.ebay.fr" />
+	<target host="ofr.ebay.fr" />
+	<target host="pages.ebay.fr" />
+	<target host="paisapay.ebay.fr" />
+	<target host="partnernetwork.ebay.fr" />
+	<target host="pay.ebay.fr" />
+	<target host="payments.ebay.fr" />
+	<target host="apps.payments.ebay.fr" />
+	<target host="cart.payments.ebay.fr" />
+	<target host="checkout.payments.ebay.fr" />
+	<target host="guestcheckout.payments.ebay.fr" />
+	<target host="paymentscmd.ebay.fr" />
+	<target host="www.picupload.ebay.fr" />
+	<target host="pls.ebay.fr" />
+	<target host="postage.ebay.fr" />
+	<target host="nw.pp.ebay.fr" />
+	<target host="www.nw.pp.ebay.fr" />
+	<target host="ppm1.ebay.fr" />
+	<target host="ppm3.ebay.fr" />
+	<target host="programme.ebay.fr" />
+	<target host="www.proxy.ebay.fr" />
+	<target host="pulsar.ebay.fr" />
+	<target host="qu.ebay.fr" />
+	<target host="rebulk.ebay.fr" />
+	<target host="reg.ebay.fr" />
+	<target host="res.ebay.fr" />
+	<target host="resolutioncenter.ebay.fr" />
+	<target host="reward.ebay.fr" />
+	<target host="rewards.ebay.fr" />
+	<target host="rover.ebay.fr" />
+	<target host="www.rsvp.ebay.fr" />
+	<target host="www.bizpolicy.sandbox.ebay.fr" />
+	<target host="checkout.sandbox.ebay.fr" />
+	<target host="communaute.sandbox.ebay.fr" />
+	<target host="fedauth.sandbox.ebay.fr" />
+	<target host="merchant.sandbox.ebay.fr" />
+	<target host="mesg.sandbox.ebay.fr" />
+	<target host="www.mip.sandbox.ebay.fr" />
+	<target host="scgi.sandbox.ebay.fr" />
+	<target host="signin.sandbox.ebay.fr" />
+	<target host="scgi.ebay.fr" />
+	<target host="securefeedback.ebay.fr" />
+	<target host="secureportal.ebay.fr" />
+	<target host="securepromo.ebay.fr" />
+	<target host="secureregistration.ebay.fr" />
+	<target host="sellerstandards.ebay.fr" />
+	<target host="sellerupdate.ebay.fr" />
+	<target host="sellvrfn.ebay.fr" />
+	<target host="www.sellvrfn.ebay.fr" />
+	<target host="settings.ebay.fr" />
+	<target host="shiptrack.ebay.fr" />
+	<target host="signin.ebay.fr" />
+	<target host="signinalert.ebay.fr" />
+	<target host="sofe.ebay.fr" />
+	<target host="spd.ebay.fr" />
+	<target host="www.sps.ebay.fr" />
+	<target host="srtm.ebay.fr" />
+	<target host="www.subs.ebay.fr" />
+	<target host="viv.ebay.fr" />
+	<target host="vod.ebay.fr" />
+	<target host="wantitnow.ebay.fr" />
+
+	<!-- fix http redirect -->
+	<rule from="^http://ebay\.fr/"
+		to="https://www.ebay.fr/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ebay.ie.xml b/src/chrome/content/rules/ebay.ie.xml
new file mode 100644
index 000000000000..ba1627696907
--- /dev/null
+++ b/src/chrome/content/rules/ebay.ie.xml
@@ -0,0 +1,213 @@
+<!--
+
+	For other eBay coverage, see ebay.com.xml
+
+
+	Non-functional subdomains:
+
+		- ebay.ie	(h)
+		- arribada	(t)
+		- bmsgs	(r)
+		- cancel	(r)
+		- category-keyword	(m)
+		- comm	(r)
+		- cs	(t)
+		- h3g	(m)
+		- help	(m)
+		- hub	(m)
+		- k2b-bulk	(i)
+		- k2b-email	(i)
+		- k2b-fbdk	(i)
+		- k2b-print	(i)
+		- listings	(m)
+		- baby.listings	(m)
+		- books.listings	(m)
+		- motors.listings	(m)
+		- pottery.listings	(m)
+		- members	(m)
+		- mesgmy	(r)
+		- my	(r)
+		- myworld	(r)
+		- search.myworld	(m)
+		- ocs	(m)
+		- portal	(r)
+		- www.proxy	(HTTP 404 error)
+		- search.reviews	(r)
+		- fedsignin.sandbox	(HTTP 503 error)
+		- my.sandbox	(r)
+		- scgi.sandbox	(m)
+		- hub.shop.sandbox	(r)
+		- art.search-desc	(r)
+		- sell	(m)
+		- shop	(r)
+		- antiques.shop	(r)
+		- baby.shop	(r)
+		- business.shop	(r)
+		- clothes.shop	(r)
+		- completed.shop	(r)
+		- desc.shop	(r)
+		- electronics.shop	(r)
+		- hub.shop	(r)
+		- motors.shop	(r)
+		- motors-parts.shop	(r)
+		- musical-instruments.shop	(r)
+		- phones.shop	(r)
+		- property.shop	(r)
+		- stores.shop	(m)
+		- antiques.stores.shop	(m)
+		- art.stores.shop	(m)
+		- baby.stores.shop	(m)
+		- books.stores.shop	(m)
+		- business.stores.shop	(m)
+		- clothes.stores.shop	(m)
+		- coins.stores.shop	(m)
+		- collectables.stores.shop	(m)
+		- computers.stores.shop	(m)
+		- crafts.stores.shop	(m)
+		- dolls.stores.shop	(m)
+		- dvd-video.stores.shop	(m)
+		- electronics.stores.shop	(m)
+		- garden-patio.stores.shop	(m)
+		- health-beauty.stores.shop	(m)
+		- home-garden.stores.shop	(m)
+		- jewellery-watches.stores.shop	(m)
+		- motors.stores.shop	(m)
+		- motors-parts.stores.shop	(m)
+		- music.stores.shop	(m)
+		- musical-instruments.stores.shop	(m)
+		- pet-supplies.stores.shop	(m)
+		- phones.stores.shop	(m)
+		- photography.stores.shop	(m)
+		- property.stores.shop	(m)
+		- sports.stores.shop	(m)
+		- stamps.stores.shop	(m)
+		- tickets.stores.shop	(m)
+		- toys.stores.shop	(m)
+		- travel.stores.shop	(m)
+		- wholesale.stores.shop	(m)
+		- tickets.shop	(m)
+		- solutions	(m)
+		- stores	(h)
+		- search.stores	(m)
+		- svcs	(m)
+		- upload	(r)
+		- vflive	(m)
+		- www.wantitnow	(m)
+		- wap	(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="eBay.ie">
+
+	<target host="ebay.ie" />
+	<target host="www.ebay.ie" />
+	<target host="advertising.ebay.ie" />
+	<target host="anywhere.ebay.ie" />
+	<target host="applications.ebay.ie" />
+	<target host="arbd.ebay.ie" />
+	<target host="auth.ebay.ie" />
+	<target host="www.billing.ebay.ie" />
+	<target host="www.bizpolicy.ebay.ie" />
+	<target host="bulkedit.ebay.ie" />
+	<target host="bulksell.ebay.ie" />
+	<target host="www.buyvrfn.ebay.ie" />
+	<target host="c.ebay.ie" />
+	<target host="cart.ebay.ie" />
+	<target host="cgi.ebay.ie" />
+	<target host="cgi3.ebay.ie" />
+	<target host="msa-b1.cgi3.ebay.ie" />
+	<target host="cgi5.ebay.ie" />
+	<target host="msa-b1.cgi5.ebay.ie" />
+	<target host="cgi6.ebay.ie" />
+	<target host="checkout.ebay.ie" />
+	<target host="connect.ebay.ie" />
+	<target host="contact.ebay.ie" />
+	<target host="csr.ebay.ie" />
+	<target host="dispute-resolution.ebay.ie" />
+	<target host="epn.ebay.ie" />
+	<target host="epnt.ebay.ie" />
+	<target host="epsvc.ebay.ie" />
+	<target host="fedauth.ebay.ie" />
+	<target host="fedsignin.ebay.ie" />
+	<target host="feedback.ebay.ie" />
+	<target host="www.fees.ebay.ie" />
+	<target host="frame.ebay.ie" />
+	<target host="fundinginstrument.ebay.ie" />
+	<target host="fyp.ebay.ie" />
+	<target host="fyp2.ebay.ie" />
+	<target host="gha.ebay.ie" />
+	<target host="invoice.ebay.ie" />
+	<target host="item.ebay.ie" />
+	<target host="www.kgvrfn.ebay.ie" />
+	<target host="m.ebay.ie" />
+	<target host="www.m.ebay.ie" />
+	<target host="reg.m.ebay.ie" />
+	<target host="scgi.m.ebay.ie" />
+	<target host="signin.m.ebay.ie" />
+	<target host="marketing.ebay.ie" />
+	<target host="mbuy.ebay.ie" />
+	<target host="mesg.ebay.ie" />
+	<target host="notifyweb.ebay.ie" />
+	<target host="ocsnext.ebay.ie" />
+	<target host="ocsrest.ebay.ie" />
+	<target host="ocswf.ebay.ie" />
+	<target host="offer.ebay.ie" />
+	<target host="ofr.ebay.ie" />
+	<target host="pages.ebay.ie" />
+	<target host="paisapay.ebay.ie" />
+	<target host="pay.ebay.ie" />
+	<target host="payments.ebay.ie" />
+	<target host="apps.payments.ebay.ie" />
+	<target host="checkout.payments.ebay.ie" />
+	<target host="guestcheckout.payments.ebay.ie" />
+	<target host="paymentscmd.ebay.ie" />
+	<target host="www.picupload.ebay.ie" />
+	<target host="nw.pp.ebay.ie" />
+	<target host="www.nw.pp.ebay.ie" />
+	<target host="ppm1.ebay.ie" />
+	<target host="ppm3.ebay.ie" />
+	<target host="pulsar.ebay.ie" />
+	<target host="qu.ebay.ie" />
+	<target host="rebulk.ebay.ie" />
+	<target host="reg.ebay.ie" />
+	<target host="res.ebay.ie" />
+	<target host="resolutioncentre.ebay.ie" />
+	<target host="reward.ebay.ie" />
+	<target host="rover.ebay.ie" />
+	<target host="www.rsvp.ebay.ie" />
+	<target host="www.bizpolicy.sandbox.ebay.ie" />
+	<target host="checkout.sandbox.ebay.ie" />
+	<target host="payments.sandbox.ebay.ie" />
+	<target host="signin.sandbox.ebay.ie" />
+	<target host="scgi.ebay.ie" />
+	<target host="securefeedback.ebay.ie" />
+	<target host="secureportal.ebay.ie" />
+	<target host="securepromo.ebay.ie" />
+	<target host="secureregistration.ebay.ie" />
+	<target host="sellerstandards.ebay.ie" />
+	<target host="sellerupdate.ebay.ie" />
+	<target host="settings.ebay.ie" />
+	<target host="shiptrack.ebay.ie" />
+	<target host="signin.ebay.ie" />
+	<target host="signinalert.ebay.ie" />
+	<target host="sofe.ebay.ie" />
+	<target host="spd.ebay.ie" />
+	<target host="www.sps.ebay.ie" />
+	<target host="srtm.ebay.ie" />
+	<target host="www.subs.ebay.ie" />
+	<target host="viv.ebay.ie" />
+	<target host="wantitnow.ebay.ie" />
+
+	<!-- fix http redirect -->
+	<rule from="^http://ebay\.ie/"
+		to="https://www.ebay.ie/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ebay.in.xml b/src/chrome/content/rules/ebay.in.xml
new file mode 100644
index 000000000000..6cb928c2cb6a
--- /dev/null
+++ b/src/chrome/content/rules/ebay.in.xml
@@ -0,0 +1,219 @@
+<!--
+
+	For other eBay coverage, see ebay.com.xml
+
+
+	Non-functional subdomain:
+
+		- ebay.in	(h)
+		- arribada	(t)
+		- b2bmotors	(t)
+		- blogs	(m)
+		- verticals.books	(t)
+		- cancel	(r)
+		- msa-b1.cgi3	(r)
+		- msa-b1.cgi5	(r)
+		- comm	(r)
+		- cs	(t)
+		- daily	(t)
+		- deals	(m)
+		- i.ebayimg	(HTTP 503 error)
+		- fashion	(r)
+		- geb	(m)
+		- hub	(m)
+		- k2b-bulk	(i)
+		- k2b-email	(i)
+		- k2b-fbdk	(i)
+		- k2b-print	(i)
+		- mail	(m)
+		- members	(m)
+		- mesgmy	(r)
+		- my	(r)
+		- myworld	(r)
+		- www.proxy	(HTTP 404 error)
+		- read	(r)
+		- reviews	(r)
+		- rtm	(m)
+		- www.sandbox	(r)
+		- fedauth.sandbox	(r)
+		- fedsignin.sandbox	(HTTP 503 error)
+		- www.mipapplication.sandbox	(r)
+		- my.sandbox	(r)
+		- payments.sandbox	(m)
+		- reg.sandbox	(r)
+		- search-desc	(r)
+		- sell	(m)
+		- sellercentre	(r)
+		- shop	(r)
+		- apparel.shop	(r)
+		- books.shop	(r)
+		- cameras.shop	(r)
+		- computers.shop	(r)
+		- electronics.shop	(r)
+		- mobile-accessories.shop	(r)
+		- mobiles.shop	(r)
+		- motors.shop	(r)
+		- stores.shop	(m)
+		- apparel.stores.shop	(m)
+		- appliances.stores.shop	(m)
+		- auto-parts.stores.shop	(m)
+		- books.stores.shop	(m)
+		- cameras.stores.shop	(m)
+		- coins.stores.shop	(m)
+		- collectibles.stores.shop	(m)
+		- computers.stores.shop	(m)
+		- digital-storage.stores.shop	(m)
+		- home.stores.shop	(m)
+		- instruments.stores.shop	(m)
+		- kitchenware.stores.shop	(m)
+		- mobile-accessories.stores.shop	(m)
+		- mobiles.stores.shop	(m)
+		- motors.stores.shop	(m)
+		- movies.stores.shop	(m)
+		- shoes.stores.shop	(m)
+		- stamps.stores.shop	(m)
+		- televisions.stores.shop	(m)
+		- watches.stores.shop	(m)
+		- tool.shop	(r)
+		- videogames.shop	(r)
+		- shopping	(t)
+		- sm	(r)
+		- stores	(h)
+		- www.stores	(m)
+		- wwww	(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="eBay.in">
+
+	<target host="ebay.in" />
+	<target host="www.ebay.in" />
+	<target host="anywhere.ebay.in" />
+	<target host="api.ebay.in" />
+	<target host="arbd.ebay.in" />
+	<target host="auth.ebay.in" />
+	<target host="www.billing.ebay.in" />
+	<target host="www.bizpolicy.ebay.in" />
+	<target host="www.bizvrfn.ebay.in" />
+	<target host="bulkedit.ebay.in" />
+	<target host="bulksell.ebay.in" />
+	<target host="www.buyvrfn.ebay.in" />
+	<target host="c.ebay.in" />
+	<target host="cart.ebay.in" />
+	<target host="cbt.ebay.in" />
+	<target host="cgi.ebay.in" />
+	<target host="cgi3.ebay.in" />
+	<target host="cgi5.ebay.in" />
+	<target host="checkout.ebay.in" />
+	<target host="community.ebay.in" />
+	<target host="connect.ebay.in" />
+	<target host="contact.ebay.in" />
+	<target host="csr.ebay.in" />
+	<target host="dailycdn.ebay.in" />
+	<target host="dispute-resolution.ebay.in" />
+	<target host="eguarantee.ebay.in" />
+	<target host="epn.ebay.in" />
+	<target host="epnt.ebay.in" />
+	<target host="epsvc.ebay.in" />
+	<target host="fedauth.ebay.in" />
+	<target host="fedsignin.ebay.in" />
+	<target host="feed.ebay.in" />
+	<target host="feedback.ebay.in" />
+	<target host="frame.ebay.in" />
+	<target host="fyp.ebay.in" />
+	<target host="fyp2.ebay.in" />
+	<target host="gha.ebay.in" />
+	<target host="gst.ebay.in" />
+	<target host="www.inship.ebay.in" />
+	<target host="invoice.ebay.in" />
+	<target host="item.ebay.in" />
+	<target host="www.kgvrfn.ebay.in" />
+	<target host="m.ebay.in" />
+	<target host="reg.m.ebay.in" />
+	<target host="scgi.m.ebay.in" />
+	<target host="signin.m.ebay.in" />
+	<target host="marketing.ebay.in" />
+	<target host="mbuy.ebay.in" />
+	<target host="mesg.ebay.in" />
+	<target host="www.mip.ebay.in" />
+	<target host="www.mipapplication.ebay.in" />
+	<target host="notifyweb.ebay.in" />
+	<target host="ocs.ebay.in" />
+	<target host="ocsnext.ebay.in" />
+	<target host="ocsrest.ebay.in" />
+	<target host="ocswf.ebay.in" />
+	<target host="offer.ebay.in" />
+	<target host="ofr.ebay.in" />
+	<target host="order2.ebay.in" />
+	<target host="orderm.ebay.in" />
+	<target host="orders.ebay.in" />
+	<target host="origin-contact.ebay.in" />
+	<target host="origin-feedback.ebay.in" />
+	<target host="pages.ebay.in" />
+	<target host="paisapay.ebay.in" />
+	<target host="pay.ebay.in" />
+	<target host="pay2.ebay.in" />
+	<target host="payments.ebay.in" />
+	<target host="apps.payments.ebay.in" />
+	<target host="checkout.payments.ebay.in" />
+	<target host="guestcheckout.payments.ebay.in" />
+	<target host="paymentscmd.ebay.in" />
+	<target host="www.picupload.ebay.in" />
+	<target host="powership.ebay.in" />
+	<target host="pulsar.ebay.in" />
+	<target host="qu.ebay.in" />
+	<target host="rebulk.ebay.in" />
+	<target host="reg.ebay.in" />
+	<target host="res.ebay.in" />
+	<target host="resolutioncentre.ebay.in" />
+	<target host="reward.ebay.in" />
+	<target host="rover.ebay.in" />
+	<target host="www.rsvp.ebay.in" />
+	<target host="rtmapp.ebay.in" />
+	<target host="billdesk.sandbox.ebay.in" />
+	<target host="www.bizpolicy.sandbox.ebay.in" />
+	<target host="checkout.sandbox.ebay.in" />
+	<target host="community.sandbox.ebay.in" />
+	<target host="merchant.sandbox.ebay.in" />
+	<target host="mesg.sandbox.ebay.in" />
+	<target host="www.mip.sandbox.ebay.in" />
+	<target host="pay.sandbox.ebay.in" />
+	<target host="pay2.sandbox.ebay.in" />
+	<target host="scgi.sandbox.ebay.in" />
+	<target host="shippingservices.sandbox.ebay.in" />
+	<target host="signin.sandbox.ebay.in" />
+	<target host="scgi.ebay.in" />
+	<target host="securefeedback.ebay.in" />
+	<target host="secureportal.ebay.in" />
+	<target host="securepromo.ebay.in" />
+	<target host="secureregistration.ebay.in" />
+	<target host="sellerstandards.ebay.in" />
+	<target host="sellvrfn.ebay.in" />
+	<target host="www.sellvrfn.ebay.in" />
+	<target host="settings.ebay.in" />
+	<target host="shipping.ebay.in" />
+	<target host="shippingservices.ebay.in" />
+	<target host="shiptrack.ebay.in" />
+	<target host="signin.ebay.in" />
+	<target host="signinalert.ebay.in" />
+	<target host="sofe.ebay.in" />
+	<target host="spd.ebay.in" />
+	<target host="www.sps.ebay.in" />
+	<target host="srtm.ebay.in" />
+	<target host="trucks.ebay.in" />
+	<target host="viv.ebay.in" />
+	<target host="wantitnow.ebay.in" />
+
+	<!-- fix http redirect -->
+	<rule from="^http://ebay\.in/"
+		to="https://www.ebay.in/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ebay.it.xml b/src/chrome/content/rules/ebay.it.xml
new file mode 100644
index 000000000000..c396d431ae7d
--- /dev/null
+++ b/src/chrome/content/rules/ebay.it.xml
@@ -0,0 +1,273 @@
+<!--
+
+	For other eBay coverage, see ebay.com.xml
+
+
+	Non-functional subdomains:
+
+		- ebay.it	(h)
+		- affari	(r)
+		- m.annunci	(m)
+		- preview.annunci	(t)
+		- arribada	(t)
+		- auto-usate	(m)
+		- buyvrfn	(m)
+		- cancel	(r)
+		- catalog	(r)
+		- category-keyword	(m)
+		- cgi1	(m)
+		- cgi4	(r)
+		- comm	(r)
+		- corriere	(m)
+		- cs	(t)
+		- deals	(r)
+		- discounts	(r)
+		- fastfitment	(i)
+		- m.g	(m)
+		- identificatori	(m)
+		- imode	(m)
+		- k2b-bulk	(i)
+		- k2b-email	(i)
+		- k2b-fbdk	(i)
+		- k2b-print	(i)
+		- signin.libero	(m)
+		- listings	(m)
+		- mail	(m)
+		- members	(m)
+		- mesgmy	(r)
+		- moda	(m)
+		- signin.msn	(m)
+		- my	(r)
+		- myworld	(r)
+		- partner	(h)
+		- portal	(r)
+		- pressconsole	(t)
+		- programma	(m)
+		- www.proxy	(HTTP 500 error)
+		- returns	(m)
+		- ritiro	(t)
+		- fedsignin.sandbox	(HTTP 503 error)
+		- www.mipapplication.sandbox	(r)
+		- my.sandbox	(r)
+		- pages.sandbox	(r)
+		- payments.sandbox	(m)
+		- reg.sandbox	(r)
+		- altro.shop.sandbox	(r)
+		- auto-usate.shop.sandbox	(r)
+		- barche-usate.shop.sandbox	(r)
+		- filatelia.shop.sandbox	(r)
+		- film.shop.sandbox	(r)
+		- fumetti.shop.sandbox	(r)
+		- giocattoli.shop.sandbox	(r)
+		- libri.shop.sandbox	(r)
+		- orologi-gioielli.shop.sandbox	(r)
+		- telefonia-cellulari.shop.sandbox	(r)
+		- veicoli-ricambi.shop.sandbox	(r)
+		- vini.shop.sandbox	(r)
+		- collezionismo.search-desc	(r)
+		- sell	(m)
+		- seller	(m)
+		- servizi-locali	(m)
+		- shop	(r)
+		- desc.shop	(r)
+		- film.shop	(m)
+		- fumetti.shop	(r)
+		- ricambi-auto.shop	(r)
+		- ricambi-moto.shop	(r)
+		- stores.shop	(m)
+		- abbigliamento.stores.shop	(m)
+		- altro.stores.shop	(m)
+		- antiquariato.stores.shop	(m)
+		- arredamento.stores.shop	(m)
+		- auto-usate.stores.shop	(m)
+		- barche-usate.stores.shop	(m)
+		- collezionismo.stores.shop	(m)
+		- commercio-industria.stores.shop	(m)
+		- elettronica.stores.shop	(m)
+		- filatelia.stores.shop	(m)
+		- film.stores.shop	(m)
+		- fumetti.stores.shop	(m)
+		- giardino-esterni.stores.shop	(m)
+		- giocattoli.stores.shop	(m)
+		- infanzia.stores.shop	(m)
+		- informatica.stores.shop	(m)
+		- libri.stores.shop	(m)
+		- musica-cd.stores.shop	(m)
+		- numismatica.stores.shop	(m)
+		- ricambi-auto.stores.shop	(m)
+		- sport.stores.shop	(m)
+		- strumenti-musicali.stores.shop	(m)
+		- telefonia-cellulari.stores.shop	(m)
+		- veicoli-ricambi.stores.shop	(m)
+		- vini.stores.shop	(m)
+		- sicurezza	(m)
+		- sm	(r)
+		- stage-partner	(t)
+		- stampa	(m)
+		- stores	(h)
+		- musica.stores	(m)
+		- search.stores	(m)
+		- support	(m)
+		- upload	(r)
+		- vero	(m)
+		- vflive	(m)
+		- signin.virgilio	(m)
+		- wap	(m)
+		- wireless	(m)
+		- wwww	(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="eBay.it">
+
+	<target host="ebay.it" />
+	<target host="www.ebay.it" />
+	<target host="advertising.ebay.it" />
+	<target host="annunci.ebay.it" />
+	<target host="www.annunci.ebay.it" />
+	<target host="rest.annunci.ebay.it" />
+	<target host="anywhere.ebay.it" />
+	<target host="applications.ebay.it" />
+	<target host="arbd.ebay.it" />
+	<target host="auth.ebay.it" />
+	<target host="www.billing.ebay.it" />
+	<target host="www.bizpolicy.ebay.it" />
+	<target host="www.bizvrfn.ebay.it" />
+	<target host="bulkedit.ebay.it" />
+	<target host="bulksell.ebay.it" />
+	<target host="www.buyvrfn.ebay.it" />
+	<target host="c.ebay.it" />
+	<target host="cart.ebay.it" />
+	<target host="cgi.ebay.it" />
+	<target host="cgi3.ebay.it" />
+	<target host="msa-b1.cgi3.ebay.it" />
+	<target host="cgi5.ebay.it" />
+	<target host="msa-b1.cgi5.ebay.it" />
+	<target host="cgi6.ebay.it" />
+	<target host="checkout.ebay.it" />
+	<target host="community.ebay.it" />
+	<target host="connect.ebay.it" />
+	<target host="contact.ebay.it" />
+	<target host="csr.ebay.it" />
+	<target host="dispute-resolution.ebay.it" />
+	<target host="epn.ebay.it" />
+	<target host="epnt.ebay.it" />
+	<target host="epsvc.ebay.it" />
+	<target host="fedauth.ebay.it" />
+	<target host="fedsignin.ebay.it" />
+	<target host="feedback.ebay.it" />
+	<target host="frame.ebay.it" />
+	<target host="fundinginstrument.ebay.it" />
+	<target host="fyp.ebay.it" />
+	<target host="fyp2.ebay.it" />
+	<target host="gha.ebay.it" />
+	<target host="gslblui.ebay.it" />
+	<target host="www.ilvrfn.ebay.it" />
+	<target host="invoice.ebay.it" />
+	<target host="item.ebay.it" />
+	<target host="www.kgvrfn.ebay.it" />
+	<target host="msa-b1.cgi3.libero.ebay.it" />
+	<target host="msa-b1.cgi5.libero.ebay.it" />
+	<target host="contact.libero.ebay.it" />
+	<target host="dispute-resolution.libero.ebay.it" />
+	<target host="feedback.libero.ebay.it" />
+	<target host="rebulk.libero.ebay.it" />
+	<target host="wantitnow.libero.ebay.it" />
+	<target host="m.ebay.it" />
+	<target host="www.m.ebay.it" />
+	<target host="reg.m.ebay.it" />
+	<target host="scgi.m.ebay.it" />
+	<target host="signin.m.ebay.it" />
+	<target host="marketing.ebay.it" />
+	<target host="mbuy.ebay.it" />
+	<target host="merchant.ebay.it" />
+	<target host="mesg.ebay.it" />
+	<target host="www.mip.ebay.it" />
+	<target host="www.mipapplication.ebay.it" />
+	<target host="contact.msn.ebay.it" />
+	<target host="dispute-resolution.msn.ebay.it" />
+	<target host="feedback.msn.ebay.it" />
+	<target host="wantitnow.msn.ebay.it" />
+	<target host="notifyweb.ebay.it" />
+	<target host="ocs.ebay.it" />
+	<target host="ocsnext.ebay.it" />
+	<target host="ocsrest.ebay.it" />
+	<target host="ocswf.ebay.it" />
+	<target host="offer.ebay.it" />
+	<target host="ofr.ebay.it" />
+	<target host="pages.ebay.it" />
+	<target host="paisapay.ebay.it" />
+	<target host="partnernetwork.ebay.it" />
+	<target host="pay.ebay.it" />
+	<target host="payments.ebay.it" />
+	<target host="apps.payments.ebay.it" />
+	<target host="cart.payments.ebay.it" />
+	<target host="checkout.payments.ebay.it" />
+	<target host="guestcheckout.payments.ebay.it" />
+	<target host="paymentscmd.ebay.it" />
+	<target host="www.picupload.ebay.it" />
+	<target host="pls.ebay.it" />
+	<target host="postage.ebay.it" />
+	<target host="nw.pp.ebay.it" />
+	<target host="www.nw.pp.ebay.it" />
+	<target host="ppm1.ebay.it" />
+	<target host="ppm3.ebay.it" />
+	<target host="pulsar.ebay.it" />
+	<target host="qu.ebay.it" />
+	<target host="rebulk.ebay.it" />
+	<target host="reg.ebay.it" />
+	<target host="res.ebay.it" />
+	<target host="resolutioncenter.ebay.it" />
+	<target host="reward.ebay.it" />
+	<target host="rewards.ebay.it" />
+	<target host="rover.ebay.it" />
+	<target host="www.rsvp.ebay.it" />
+	<target host="www.bizpolicy.sandbox.ebay.it" />
+	<target host="checkout.sandbox.ebay.it" />
+	<target host="community.sandbox.ebay.it" />
+	<target host="fedauth.sandbox.ebay.it" />
+	<target host="merchant.sandbox.ebay.it" />
+	<target host="mesg.sandbox.ebay.it" />
+	<target host="www.mip.sandbox.ebay.it" />
+	<target host="scgi.sandbox.ebay.it" />
+	<target host="signin.sandbox.ebay.it" />
+	<target host="scgi.ebay.it" />
+	<target host="securefeedback.ebay.it" />
+	<target host="secureportal.ebay.it" />
+	<target host="securepromo.ebay.it" />
+	<target host="secureregistration.ebay.it" />
+	<target host="sellerstandards.ebay.it" />
+	<target host="sellerupdate.ebay.it" />
+	<target host="sellvrfn.ebay.it" />
+	<target host="www.sellvrfn.ebay.it" />
+	<target host="settings.ebay.it" />
+	<target host="shiptrack.ebay.it" />
+	<target host="signin.ebay.it" />
+	<target host="signinalert.ebay.it" />
+	<target host="sofe.ebay.it" />
+	<target host="spaziovenditori.ebay.it" />
+	<target host="spd.ebay.it" />
+	<target host="spedizioni.ebay.it" />
+	<target host="www.sps.ebay.it" />
+	<target host="srtm.ebay.it" />
+	<target host="www.subs.ebay.it" />
+	<target host="msa-b1.cgi3.virgilio.ebay.it" />
+	<target host="contact.virgilio.ebay.it" />
+	<target host="rebulk.virgilio.ebay.it" />
+	<target host="viv.ebay.it" />
+	<target host="vod.ebay.it" />
+	<target host="wantitnow.ebay.it" />
+
+	<!-- fix http redirect -->
+	<rule from="^http://ebay\.it/"
+		to="https://www.ebay.it/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ebay.nl.xml b/src/chrome/content/rules/ebay.nl.xml
new file mode 100644
index 000000000000..6d59ffe6cc04
--- /dev/null
+++ b/src/chrome/content/rules/ebay.nl.xml
@@ -0,0 +1,205 @@
+<!--
+
+	For other eBay coverage, see ebay.com.xml
+
+
+	Non-functional subdomain:
+
+		- ebay.nl	(h)
+		- affiliates	(m)
+		- arribada	(t)
+		- cancel	(r)
+		- cgi1	(r)
+		- cgi5	(m)
+		- comm	(r)
+		- cs	(t)
+		- hub	(m)
+		- k2b-bulk	(i)
+		- k2b-email	(i)
+		- k2b-fbdk	(i)
+		- k2b-print	(i)
+		- mail	(m)
+		- members	(m)
+		- mesgmy	(r)
+		- my	(r)
+		- myworld	(r)
+		- previewitem	(r)
+		- www.proxy	(HTTP 404 error)
+		- fedsignin.sandbox	(HTTP 503 error)
+		- my.sandbox	(r)
+		- payments.sandbox	(m)
+		- reg.sandbox	(r)
+		- search-desc	(r)
+		- sell	(m)
+		- seller	(m)
+		- shop	(r)
+		- auto.shop	(r)
+		- automobile-voiture.shop	(r)
+		- baby.shop	(r)
+		- boeken.shop	(r)
+		- computers.shop	(r)
+		- games.shop	(r)
+		- hub.shop	(r)
+		- kantoorartikelen.shop	(r)
+		- munten.shop	(r)
+		- postzegels.shop	(r)
+		- sieraden-horloges.shop	(r)
+		- speelgoed.shop	(r)
+		- stores.shop	(m)
+		- auto.stores.shop	(m)
+		- boeken.stores.shop	(m)
+		- bricolage.stores.shop	(m)
+		- collections.stores.shop	(m)
+		- computers.stores.shop	(m)
+		- electromenager.stores.shop	(m)
+		- games.stores.shop	(m)
+		- gezondheid.stores.shop	(m)
+		- hobby.stores.shop	(m)
+		- jardin-terrasse.stores.shop	(m)
+		- jouets-figurine.stores.shop	(m)
+		- kleding.stores.shop	(m)
+		- kunst-antiek.stores.shop	(m)
+		- livres-bd.stores.shop	(m)
+		- loisir.stores.shop	(m)
+		- materiel-professionnel.stores.shop	(m)
+		- modelbouw.stores.shop	(m)
+		- monnaies.stores.shop	(m)
+		- munten.stores.shop	(m)
+		- musique-cd.stores.shop	(m)
+		- muziek.stores.shop	(m)
+		- pieces-auto.stores.shop	(m)
+		- postzegels.stores.shop	(m)
+		- sieraden-horloges.stores.shop	(m)
+		- speelgoed.stores.shop	(m)
+		- telephone.stores.shop	(m)
+		- timbres.stores.shop	(m)
+		- veiling.stores.shop	(m)
+		- verzamelen.stores.shop	(m)
+		- vetement-accessoires.stores.shop	(m)
+		- veiling.shop	(r)
+		- store-index	(m)
+		- stores	(h)
+		- www.stores	(m)
+		- svcs	(m)
+		- upload	(r)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="eBay.nl">
+
+	<target host="ebay.nl" />
+	<target host="www.ebay.nl" />
+	<target host="advertising.ebay.nl" />
+	<target host="anywhere.ebay.nl" />
+	<target host="applications.ebay.nl" />
+	<target host="arbd.ebay.nl" />
+	<target host="auth.ebay.nl" />
+	<target host="www.billing.ebay.nl" />
+	<target host="www.bizpolicy.ebay.nl" />
+	<target host="bulkedit.ebay.nl" />
+	<target host="bulksell.ebay.nl" />
+	<target host="www.buyvrfn.ebay.nl" />
+	<target host="c.ebay.nl" />
+	<target host="cart.ebay.nl" />
+	<target host="cgi.ebay.nl" />
+	<target host="cgi3.ebay.nl" />
+	<target host="msa-b1.cgi3.ebay.nl" />
+	<target host="msa-b1.cgi5.ebay.nl" />
+	<target host="cgi6.ebay.nl" />
+	<target host="checkout.ebay.nl" />
+	<target host="community.ebay.nl" />
+	<target host="connect.ebay.nl" />
+	<target host="contact.ebay.nl" />
+	<target host="csr.ebay.nl" />
+	<target host="dispute-resolution.ebay.nl" />
+	<target host="epn.ebay.nl" />
+	<target host="epnt.ebay.nl" />
+	<target host="epsvc.ebay.nl" />
+	<target host="fedauth.ebay.nl" />
+	<target host="fedsignin.ebay.nl" />
+	<target host="feedback.ebay.nl" />
+	<target host="frame.ebay.nl" />
+	<target host="fundinginstrument.ebay.nl" />
+	<target host="fyp.ebay.nl" />
+	<target host="fyp2.ebay.nl" />
+	<target host="gha.ebay.nl" />
+	<target host="invoice.ebay.nl" />
+	<target host="item.ebay.nl" />
+	<target host="www.kgvrfn.ebay.nl" />
+	<target host="m.ebay.nl" />
+	<target host="www.m.ebay.nl" />
+	<target host="reg.m.ebay.nl" />
+	<target host="scgi.m.ebay.nl" />
+	<target host="signin.m.ebay.nl" />
+	<target host="marketing.ebay.nl" />
+	<target host="mbuy.ebay.nl" />
+	<target host="mesg.ebay.nl" />
+	<target host="notifyweb.ebay.nl" />
+	<target host="ocs.ebay.nl" />
+	<target host="ocsnext.ebay.nl" />
+	<target host="ocsrest.ebay.nl" />
+	<target host="ocswf.ebay.nl" />
+	<target host="offer.ebay.nl" />
+	<target host="ofr.ebay.nl" />
+	<target host="pages.ebay.nl" />
+	<target host="paisapay.ebay.nl" />
+	<target host="pay.ebay.nl" />
+	<target host="payments.ebay.nl" />
+	<target host="apps.payments.ebay.nl" />
+	<target host="checkout.payments.ebay.nl" />
+	<target host="guestcheckout.payments.ebay.nl" />
+	<target host="paymentscmd.ebay.nl" />
+	<target host="www.picupload.ebay.nl" />
+	<target host="nw.pp.ebay.nl" />
+	<target host="www.nw.pp.ebay.nl" />
+	<target host="ppm1.ebay.nl" />
+	<target host="ppm3.ebay.nl" />
+	<target host="pulsar.ebay.nl" />
+	<target host="qu.ebay.nl" />
+	<target host="rebulk.ebay.nl" />
+	<target host="reg.ebay.nl" />
+	<target host="res.ebay.nl" />
+	<target host="resolutioncenter.ebay.nl" />
+	<target host="reward.ebay.nl" />
+	<target host="rover.ebay.nl" />
+	<target host="www.rsvp.ebay.nl" />
+	<target host="www.bizpolicy.sandbox.ebay.nl" />
+	<target host="checkout.sandbox.ebay.nl" />
+	<target host="community.sandbox.ebay.nl" />
+	<target host="fedauth.sandbox.ebay.nl" />
+	<target host="mesg.sandbox.ebay.nl" />
+	<target host="scgi.sandbox.ebay.nl" />
+	<target host="signin.sandbox.ebay.nl" />
+	<target host="scgi.ebay.nl" />
+	<target host="securefeedback.ebay.nl" />
+	<target host="secureportal.ebay.nl" />
+	<target host="securepromo.ebay.nl" />
+	<target host="secureregistration.ebay.nl" />
+	<target host="sellerstandards.ebay.nl" />
+	<target host="sellerupdate.ebay.nl" />
+	<target host="sellvrfn.ebay.nl" />
+	<target host="www.sellvrfn.ebay.nl" />
+	<target host="settings.ebay.nl" />
+	<target host="shiptrack.ebay.nl" />
+	<target host="signin.ebay.nl" />
+	<target host="signinalert.ebay.nl" />
+	<target host="sofe.ebay.nl" />
+	<target host="spd.ebay.nl" />
+	<target host="www.sps.ebay.nl" />
+	<target host="srtm.ebay.nl" />
+	<target host="viv.ebay.nl" />
+	<target host="wantitnow.ebay.nl" />
+
+	<!-- fix http redirect -->
+	<rule from="^http://ebay\.nl/"
+		to="https://www.ebay.nl/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ebay.ph.xml b/src/chrome/content/rules/ebay.ph.xml
new file mode 100644
index 000000000000..584fcda0138f
--- /dev/null
+++ b/src/chrome/content/rules/ebay.ph.xml
@@ -0,0 +1,181 @@
+<!--
+
+	For other eBay coverage, see ebay.com.xml
+
+
+	Non-functional subdomain:
+
+		- affiliates	(m)
+		- anywhere	(i)
+		- arribada	(t)
+		- b2bmotors	(t)
+		- blogs	(m)
+		- search.blogs	(m)
+		- bmsgs	(r)
+		- cancel	(r)
+		- cgi4	(r)
+		- comm	(r)
+		- cs	(t)
+		- deals	(m)
+		- l.deals	(m)
+		- developer	(m)
+		- em	(m)
+		- m.g	(m)
+		- hub	(m)
+		- k2b-bulk	(i)
+		- k2b-email	(i)
+		- k2b-fbdk	(i)
+		- k2b-print	(i)
+		- listings	(m)
+		- baby.listings	(m)
+		- dvd.listings	(m)
+		- music.listings	(m)
+		- mail	(m)
+		- members	(m)
+		- mesgmy	(r)
+		- mobile	(m)
+		- my	(r)
+		- myworld	(r)
+		- search.myworld	(m)
+		- ocs	(m)
+		- previewitem	(r)
+		- www.proxy	(HTTP 404 error)
+		- reviews	(r)
+		- search.reviews	(r)
+		- my.sandbox	(r)
+		- sell	(m)
+		- shop	(r)
+		- books.shop	(r)
+		- computers.shop	(r)
+		- desc.shop	(r)
+		- hub.shop	(r)
+		- jewellery-watches.shop	(r)
+		- stamps.shop	(r)
+		- stores.shop	(m)
+		- art.stores.shop	(m)
+		- books.stores.shop	(m)
+		- business.stores.shop	(m)
+		- cameras-photo.stores.shop	(m)
+		- coins.stores.shop	(m)
+		- collectibles.stores.shop	(m)
+		- dvd.stores.shop	(m)
+		- health-beauty.stores.shop	(m)
+		- sportinggoods.stores.shop	(m)
+		- toys-hobbies.stores.shop	(m)
+		- vehicle-parts.shop	(r)
+		- vehicles-motors.shop	(r)
+		- video-games.shop	(r)
+		- stores	(h)
+		- www.stores	(m)
+		- svcs	(m)
+		- tradingassistant	(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="eBay.ph">
+
+	<target host="ebay.ph" />
+	<target host="www.ebay.ph" />
+	<target host="applications.ebay.ph" />
+	<target host="arbd.ebay.ph" />
+	<target host="auth.ebay.ph" />
+	<target host="www.billing.ebay.ph" />
+	<target host="www.bizpolicy.ebay.ph" />
+	<target host="bulkedit.ebay.ph" />
+	<target host="bulksell.ebay.ph" />
+	<target host="www.buyvrfn.ebay.ph" />
+	<target host="c.ebay.ph" />
+	<target host="cart.ebay.ph" />
+	<target host="cgi.ebay.ph" />
+	<target host="cgi3.ebay.ph" />
+	<target host="msa-b1.cgi3.ebay.ph" />
+	<target host="cgi5.ebay.ph" />
+	<target host="msa-b1.cgi5.ebay.ph" />
+	<target host="cgi6.ebay.ph" />
+	<target host="checkout.ebay.ph" />
+	<target host="connect.ebay.ph" />
+	<target host="contact.ebay.ph" />
+	<target host="csr.ebay.ph" />
+	<target host="dispute-resolution.ebay.ph" />
+	<target host="epn.ebay.ph" />
+	<target host="epnt.ebay.ph" />
+	<target host="epsvc.ebay.ph" />
+	<target host="fedauth.ebay.ph" />
+	<target host="fedsignin.ebay.ph" />
+	<target host="feedback.ebay.ph" />
+	<target host="frame.ebay.ph" />
+	<target host="fundinginstrument.ebay.ph" />
+	<target host="fyp.ebay.ph" />
+	<target host="fyp2.ebay.ph" />
+	<target host="gha.ebay.ph" />
+	<target host="invoice.ebay.ph" />
+	<target host="item.ebay.ph" />
+	<target host="www.kgvrfn.ebay.ph" />
+	<target host="m.ebay.ph" />
+	<target host="www.m.ebay.ph" />
+	<target host="reg.m.ebay.ph" />
+	<target host="scgi.m.ebay.ph" />
+	<target host="signin.m.ebay.ph" />
+	<target host="marketing.ebay.ph" />
+	<target host="mbuy.ebay.ph" />
+	<target host="mesg.ebay.ph" />
+	<target host="notifyweb.ebay.ph" />
+	<target host="ocsnext.ebay.ph" />
+	<target host="ocsrest.ebay.ph" />
+	<target host="ocswf.ebay.ph" />
+	<target host="offer.ebay.ph" />
+	<target host="ofr.ebay.ph" />
+	<target host="pages.ebay.ph" />
+	<target host="paisapay.ebay.ph" />
+	<target host="pay.ebay.ph" />
+	<target host="payments.ebay.ph" />
+	<target host="apps.payments.ebay.ph" />
+	<target host="checkout.payments.ebay.ph" />
+	<target host="guestcheckout.payments.ebay.ph" />
+	<target host="paymentscmd.ebay.ph" />
+	<target host="www.picupload.ebay.ph" />
+	<target host="nw.pp.ebay.ph" />
+	<target host="www.nw.pp.ebay.ph" />
+	<target host="ppm1.ebay.ph" />
+	<target host="ppm3.ebay.ph" />
+	<target host="pulsar.ebay.ph" />
+	<target host="qu.ebay.ph" />
+	<target host="rebulk.ebay.ph" />
+	<target host="reg.ebay.ph" />
+	<target host="res.ebay.ph" />
+	<target host="resolutioncenter.ebay.ph" />
+	<target host="resolutioncentre.ebay.ph" />
+	<target host="reward.ebay.ph" />
+	<target host="rover.ebay.ph" />
+	<target host="www.rsvp.ebay.ph" />
+	<target host="www.bizpolicy.sandbox.ebay.ph" />
+	<target host="scgi.ebay.ph" />
+	<target host="securefeedback.ebay.ph" />
+	<target host="secureportal.ebay.ph" />
+	<target host="securepromo.ebay.ph" />
+	<target host="secureregistration.ebay.ph" />
+	<target host="sellerstandards.ebay.ph" />
+	<target host="settings.ebay.ph" />
+	<target host="shiptrack.ebay.ph" />
+	<target host="signin.ebay.ph" />
+	<target host="signinalert.ebay.ph" />
+	<target host="sofe.ebay.ph" />
+	<target host="spd.ebay.ph" />
+	<target host="www.sps.ebay.ph" />
+	<target host="srtm.ebay.ph" />
+	<target host="viv.ebay.ph" />
+	<target host="wantitnow.ebay.ph" />
+
+	<!-- fix http redirect -->
+	<rule from="^http://ebay\.ph/"
+		to="https://www.ebay.ph/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ebay.pl.xml b/src/chrome/content/rules/ebay.pl.xml
new file mode 100644
index 000000000000..805f646646d0
--- /dev/null
+++ b/src/chrome/content/rules/ebay.pl.xml
@@ -0,0 +1,195 @@
+<!--
+
+	For other eBay coverage, see ebay.com.xml
+
+
+	Non-functional subdomains:
+
+		- ebay.pl	(h)
+		- affiliates	(m)
+		- aplikacje	(r)
+		- arribada	(t)
+		- cancel	(r)
+		- comm	(r)
+		- cs	(t)
+		- info	(m)
+		- k2b-bulk	(i)
+		- k2b-email	(i)
+		- k2b-fbdk	(i)
+		- k2b-print	(i)
+		- znaczki.listings	(m)
+		- mail	(m)
+		- members	(m)
+		- mesgmy	(r)
+		- msa-b1	(m)
+		- my	(r)
+		- myworld	(r)
+		- pressconsole	(t)
+		- previewitem	(r)
+		- www.proxy	(HTTP 404 error)
+		- pulse	(m)
+		- fedsignin	(HTTP 503 error)
+		- payments.sandbox	(m)
+		- search-completed	(r)
+		- sell	(m)
+		- seller	(m)
+		- shop	(r)
+		- antyki-sztuka.shop	(r)
+		- bizuteria-zegarki.shop	(r)
+		- dla-dzieci.shop	(r)
+		- dom-meble.shop	(r)
+		- fahrzeuge.shop	(r)
+		- gry.shop	(r)
+		- kosmetyki-perfumy.shop	(r)
+		- motoryzacja.shop	(r)
+		- stores.shop	(m)
+		- antyki-sztuka.stores.shop	(m)
+		- bizuteria-zegarki.stores.shop	(m)
+		- buero.stores.shop	(m)
+		- dla-dzieci.stores.shop	(m)
+		- dom-meble.stores.shop	(m)
+		- firma-przemysl.stores.shop	(m)
+		- fotografia-aparaty.stores.shop	(m)
+		- games.stores.shop	(m)
+		- handy.stores.shop	(m)
+		- immobilien.stores.shop	(m)
+		- kleidung.stores.shop	(m)
+		- kolekcje.stores.shop	(m)
+		- kosmetyki-perfumy.stores.shop	(m)
+		- ksiazki-komiksy.stores.shop	(m)
+		- kunst.stores.shop	(m)
+		- modellbau.stores.shop	(m)
+		- monety-banknoty.stores.shop	(m)
+		- motoryzacja.stores.shop	(m)
+		- motoryzacja-czesci.stores.shop	(m)
+		- muzyka-cd.stores.shop	(m)
+		- odziez-buty-dodatki.stores.shop	(m)
+		- sammeln.stores.shop	(m)
+		- schmuck.stores.shop	(m)
+		- sport-turystyka.stores.shop	(m)
+		- telefony-akcesoria.stores.shop	(m)
+		- wohnen.stores.shop	(m)
+		- wszystko-inne.stores.shop	(m)
+		- znaczki.stores.shop	(m)
+		- znaczki.shop	(r)
+		- stores	(h)
+		- svcs	(m)
+		- upload	(r)
+		- znaczki	(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="eBay.pl">
+
+	<target host="ebay.pl" />
+	<target host="www.ebay.pl" />
+	<target host="anywhere.ebay.pl" />
+	<target host="applications.ebay.pl" />
+	<target host="arbd.ebay.pl" />
+	<target host="auth.ebay.pl" />
+	<target host="www.billing.ebay.pl" />
+	<target host="www.bizpolicy.ebay.pl" />
+	<target host="bulkedit.ebay.pl" />
+	<target host="bulksell.ebay.pl" />
+	<target host="www.buyvrfn.ebay.pl" />
+	<target host="c.ebay.pl" />
+	<target host="cart.ebay.pl" />
+	<target host="cgi.ebay.pl" />
+	<target host="cgi3.ebay.pl" />
+	<target host="msa-b1.cgi3.ebay.pl" />
+	<target host="cgi5.ebay.pl" />
+	<target host="msa-b1.cgi5.ebay.pl" />
+	<target host="cgi6.ebay.pl" />
+	<target host="checkout.ebay.pl" />
+	<target host="community.ebay.pl" />
+	<target host="connect.ebay.pl" />
+	<target host="contact.ebay.pl" />
+	<target host="csr.ebay.pl" />
+	<target host="dispute-resolution.ebay.pl" />
+	<target host="epn.ebay.pl" />
+	<target host="epnt.ebay.pl" />
+	<target host="epsvc.ebay.pl" />
+	<target host="fedauth.ebay.pl" />
+	<target host="fedsignin.ebay.pl" />
+	<target host="feedback.ebay.pl" />
+	<target host="frame.ebay.pl" />
+	<target host="fundinginstrument.ebay.pl" />
+	<target host="fyp.ebay.pl" />
+	<target host="fyp2.ebay.pl" />
+	<target host="gha.ebay.pl" />
+	<target host="invoice.ebay.pl" />
+	<target host="item.ebay.pl" />
+	<target host="www.kgvrfn.ebay.pl" />
+	<target host="m.ebay.pl" />
+	<target host="www.m.ebay.pl" />
+	<target host="reg.m.ebay.pl" />
+	<target host="scgi.m.ebay.pl" />
+	<target host="signin.m.ebay.pl" />
+	<target host="marketing.ebay.pl" />
+	<target host="mbuy.ebay.pl" />
+	<target host="mesg.ebay.pl" />
+	<target host="notifyweb.ebay.pl" />
+	<target host="ocs.ebay.pl" />
+	<target host="ocsnext.ebay.pl" />
+	<target host="ocsrest.ebay.pl" />
+	<target host="ocswf.ebay.pl" />
+	<target host="offer.ebay.pl" />
+	<target host="ofr.ebay.pl" />
+	<target host="pages.ebay.pl" />
+	<target host="paisapay.ebay.pl" />
+	<target host="pay.ebay.pl" />
+	<target host="payments.ebay.pl" />
+	<target host="apps.payments.ebay.pl" />
+	<target host="checkout.payments.ebay.pl" />
+	<target host="guestcheckout.payments.ebay.pl" />
+	<target host="paymentscmd.ebay.pl" />
+	<target host="www.picupload.ebay.pl" />
+	<target host="nw.pp.ebay.pl" />
+	<target host="www.nw.pp.ebay.pl" />
+	<target host="ppm1.ebay.pl" />
+	<target host="ppm3.ebay.pl" />
+	<target host="pulsar.ebay.pl" />
+	<target host="qu.ebay.pl" />
+	<target host="rebulk.ebay.pl" />
+	<target host="reg.ebay.pl" />
+	<target host="res.ebay.pl" />
+	<target host="resolutioncenter.ebay.pl" />
+	<target host="reward.ebay.pl" />
+	<target host="rover.ebay.pl" />
+	<target host="www.rsvp.ebay.pl" />
+	<target host="www.bizpolicy.sandbox.ebay.pl" />
+	<target host="community.sandbox.ebay.pl" />
+	<target host="scgi.sandbox.ebay.pl" />
+	<target host="signin.sandbox.ebay.pl" />
+	<target host="scgi.ebay.pl" />
+	<target host="securefeedback.ebay.pl" />
+	<target host="secureportal.ebay.pl" />
+	<target host="securepromo.ebay.pl" />
+	<target host="secureregistration.ebay.pl" />
+	<target host="sellerstandards.ebay.pl" />
+	<target host="sellerupdate.ebay.pl" />
+	<target host="settings.ebay.pl" />
+	<target host="shiptrack.ebay.pl" />
+	<target host="signin.ebay.pl" />
+	<target host="signinalert.ebay.pl" />
+	<target host="sofe.ebay.pl" />
+	<target host="spd.ebay.pl" />
+	<target host="www.sps.ebay.pl" />
+	<target host="srtm.ebay.pl" />
+	<target host="strefasprzedawcy.ebay.pl" />
+	<target host="viv.ebay.pl" />
+	<target host="wantitnow.ebay.pl" />
+
+	<!-- fix http redirect -->
+	<rule from="^http://ebay\.pl/"
+		to="https://www.ebay.pl/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ebay.ru.xml b/src/chrome/content/rules/ebay.ru.xml
new file mode 100644
index 000000000000..45be4e87f758
--- /dev/null
+++ b/src/chrome/content/rules/ebay.ru.xml
@@ -0,0 +1,53 @@
+<!--
+
+	For other eBay coverage, see ebay.com.xml
+
+
+	Non-functional subdomain:
+
+		- ebay.ru	(h)
+		- www.ebay.ru	(m)
+		- listad.classifieds	(m)
+		- search.classifieds	(m)
+		- viewad.classifieds	(m)
+		- eim	(m)
+		- myebay.eim	(m)
+		- pages.eim	(m)
+		- search.eim	(m)
+		- viewitem.eim	(m)
+		- rover	(m)
+		- my.sandbox	(r)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="eBay.ru">
+
+	<target host="auth.ebay.ru" />
+	<target host="www.bizpolicy.ebay.ru" />
+	<target host="msa-b1.cgi5.ebay.ru" />
+	<target host="www.eim.ebay.ru" />
+	<target host="epsvc.ebay.ru" />
+	<target host="fyp.ebay.ru" />
+	<target host="fyp2.ebay.ru" />
+	<target host="signin.m.ebay.ru" />
+	<target host="marketing.ebay.ru" />
+	<target host="mbuy.ebay.ru" />
+	<target host="merchant.ebay.ru" />
+	<target host="mesg.ebay.ru" />
+	<target host="www.mip.ebay.ru" />
+	<target host="www.mipapplication.ebay.ru" />
+	<target host="ocsnext.ebay.ru" />
+	<target host="pay.ebay.ru" />
+	<target host="qu.ebay.ru" />
+	<target host="www.rsvp.ebay.ru" />
+	<target host="signin.ebay.ru" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ebayclassifiedsgroup.com.xml b/src/chrome/content/rules/ebayclassifiedsgroup.com.xml
new file mode 100644
index 000000000000..a19ceb938568
--- /dev/null
+++ b/src/chrome/content/rules/ebayclassifiedsgroup.com.xml
@@ -0,0 +1,25 @@
+<!--
+	For other eBay coverage, see ebay.com.xml
+
+
+	Non-functional subdomains:
+		- treebay	(HTTP 404 error)
+		- sandbox.treebay	(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="eBay Classifieds Group">
+
+	<target host="ebayclassifiedsgroup.com" />
+	<target host="www.ebayclassifiedsgroup.com" />
+	<target host="static.ebayclassifiedsgroup.com" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ebayimg.com.xml b/src/chrome/content/rules/ebayimg.com.xml
new file mode 100644
index 000000000000..7df6d6bba496
--- /dev/null
+++ b/src/chrome/content/rules/ebayimg.com.xml
@@ -0,0 +1,71 @@
+<!--
+
+	For other eBay coverage, see ebay.com.xml
+
+
+	Non-functional subdomain:
+
+		- carad	(t)
+		- i	(c)
+		- i1	(c)
+		- i10	(c)
+		- i11	(c)
+		- i12	(c)
+		- i13	(c)
+		- i14	(c)
+		- i15	(c)
+		- i16	(c)
+		- i17	(c)
+		- i18	(c)
+		- i19	(c)
+		- i2	(c)
+		- i20	(c)
+		- i21	(c)
+		- i22	(c)
+		- i23	(c)
+		- i24	(c)
+		- i3	(c)
+		- i4	(c)
+		- i5	(c)
+		- i6	(c)
+		- i7	(c)
+		- i8	(c)
+		- i9	(c)
+		- kijiji	(m)
+		- li	(m)
+		- origin2-i	(m)
+		- pics	(m)
+		- ssli	(c)
+		- ssli4	(c)
+		- tools	(m)
+		- w	(c)
+
+	c: HTTP 503 error
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="ebayimg.com">
+
+	<target host="blog.ebayimg.com" />
+	<target host="galleryplus.ebayimg.com" />
+	<target host="origin-au.ebayimg.com" />
+	<target host="origin-eu.ebayimg.com" />
+	<target host="origin-galleryplus.ebayimg.com" />
+	<target host="origin-i.ebayimg.com" />
+	<target host="pp-origin-i.ebayimg.com" />
+	<target host="i.sandbox.ebayimg.com" />
+	<target host="secureimg.ebayimg.com" />
+	<target host="sslgalleryplus.ebayimg.com" />
+	<target host="ssli1.ebayimg.com" />
+	<target host="sslthumbs.ebayimg.com" />
+	<target host="v.ebayimg.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ebayrtm.com.xml b/src/chrome/content/rules/ebayrtm.com.xml
new file mode 100644
index 000000000000..895d3d7e1dff
--- /dev/null
+++ b/src/chrome/content/rules/ebayrtm.com.xml
@@ -0,0 +1,83 @@
+<!--
+
+	For other eBay coverage, see ebay.com.xml
+
+
+	Non-functional subdomains:
+
+		- srx.at	(m)
+		- srx.au	(m)
+		- srx.befr	(m)
+		- srx.benl	(m)
+		- srx.ca	(m)
+		- srx.cafr	(m)
+		- srx.ch	(m)
+		- srx.cz	(m)
+		- srx.de	(m)
+		- srx.ebaymotors	(m)
+		- srx.es	(m)
+		- srx.fi	(m)
+		- srx.fr	(m)
+		- srx.gr	(m)
+		- srx.hk	(m)
+		- srx.hu	(m)
+		- srx.id	(m)
+		- srx.ie	(m)
+		- srx.il	(m)
+		- srx.in	(m)
+		- srv.intl1	(m)
+		- srv.intl2	(m)
+		- srx.it	(m)
+		- srx.main	(m)
+		- srx.my	(m)
+		- srx.nl	(m)
+		- srx.no	(m)
+		- srx.ph	(m)
+		- srx.pl	(m)
+		- srx.pt	(m)
+		- srx.ru	(m)
+		- sem	(m)
+		- srx.sg	(m)
+		- srx.th	(m)
+		- srx.uk	(m)
+		- srv.main.vip	(t)
+		- srx.za	(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="ebayrtm.com">
+
+	<target host="srv.at.ebayrtm.com" />
+	<target host="srv.au.ebayrtm.com" />
+	<target host="srv.befr.ebayrtm.com" />
+	<target host="srv.benl.ebayrtm.com" />
+	<target host="srv.ca.ebayrtm.com" />
+	<target host="srv.cafr.ebayrtm.com" />
+	<target host="srv.ch.ebayrtm.com" />
+	<target host="srv.de.ebayrtm.com" />
+	<target host="srv.ebaymotors.ebayrtm.com" />
+	<target host="srv.es.ebayrtm.com" />
+	<target host="srv.fr.ebayrtm.com" />
+	<target host="srv.hk.ebayrtm.com" />
+	<target host="srv.ie.ebayrtm.com" />
+	<target host="srv.in.ebayrtm.com" />
+	<target host="srv.it.ebayrtm.com" />
+	<target host="srv.main.ebayrtm.com" />
+	<target host="srv.my.ebayrtm.com" />
+	<target host="srv.nl.ebayrtm.com" />
+	<target host="srv.nz.ebayrtm.com" />
+	<target host="srv.ph.ebayrtm.com" />
+	<target host="srv.pl.ebayrtm.com" />
+	<target host="srv.sg.ebayrtm.com" />
+	<target host="srv.ebayrtm.com" />
+	<target host="srv.uk.ebayrtm.com" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ebaystatic.com.xml b/src/chrome/content/rules/ebaystatic.com.xml
new file mode 100644
index 000000000000..56d2f2a003d6
--- /dev/null
+++ b/src/chrome/content/rules/ebaystatic.com.xml
@@ -0,0 +1,73 @@
+<!--
+
+	For other eBay coverage, see ebay.com.xml
+
+
+	Non-functional subdomains:
+
+		- av	(m)
+		- include	(m)
+		- secureir.latest	(t)
+		- mthumbs	(m)
+		- secureinclude-ebox.mobileweb.qa	(t)
+		- securepics.mobileweb.qa	(t)
+		- secureinclude-ebox.mobileweb002.qa	(e)
+		- securepics.mobileweb002.qa	(e)
+		- secureinclude-ebox.mobileweb003.qa	(t)
+		- securepics.mobileweb003.qa	(t)
+		- secureinclude-ebox.au.mobileweb004.qa	(t)
+		- securepics.au.mobileweb004.qa	(t)
+		- secureinclude-ebox.ca.mobileweb004.qa	(t)
+		- securepics.ca.mobileweb004.qa	(t)
+		- secureinclude-ebox.de.mobileweb004.qa	(t)
+		- securepics.de.mobileweb004.qa	(t)
+		- secureinclude-ebox.fr.mobileweb004.qa	(t)
+		- securepics.fr.mobileweb004.qa	(t)
+		- secureinclude-ebox.mobileweb004.qa	(t)
+		- securepics.mobileweb004.qa	(t)
+		- secureinclude-ebox.uk.mobileweb004.qa	(t)
+		- securepics.uk.mobileweb004.qa	(t)
+		- include.sandbox	(r)
+		- rs.sandbox	(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="ebaystatic.com">
+
+	<target host="autosug.ebaystatic.com" />
+	<target host="gh.ebaystatic.com" />
+	<target host="ir.ebaystatic.com" />
+	<target host="origin-rtm.ebaystatic.com" />
+	<target host="p.ebaystatic.com" />
+	<target host="pics.ebaystatic.com" />
+	<target host="q.ebaystatic.com" />
+	<target host="rp.ebaystatic.com" />
+	<target host="rtm.ebaystatic.com" />
+	<target host="ir.sandbox.ebaystatic.com" />
+	<target host="secureir.sandbox.ebaystatic.com" />
+	<target host="securers.sandbox.ebaystatic.com" />
+	<target host="secureinclude.ebaystatic.com" />
+	<target host="secureir.ebaystatic.com" />
+	<target host="securepics.ebaystatic.com" />
+	<target host="securertm.ebaystatic.com" />
+	<target host="sslthumbs.ebaystatic.com" />
+	<target host="sslthumbs1.ebaystatic.com" />
+	<target host="sslthumbs2.ebaystatic.com" />
+	<target host="sslthumbs3.ebaystatic.com" />
+	<target host="sslthumbs4.ebaystatic.com" />
+	<target host="thumbs.ebaystatic.com" />
+	<target host="thumbs1.ebaystatic.com" />
+	<target host="thumbs2.ebaystatic.com" />
+	<target host="thumbs3.ebaystatic.com" />
+	<target host="thumbs4.ebaystatic.com" />
+	<target host="rs.xstage.ebaystatic.com" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ecgd.gov.uk.xml b/src/chrome/content/rules/ecgd.gov.uk.xml
new file mode 100644
index 000000000000..6aa307fb426b
--- /dev/null
+++ b/src/chrome/content/rules/ecgd.gov.uk.xml
@@ -0,0 +1,40 @@
+<!--
+	UK Export Finance
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	www.ecgd.gov.uk: Mismatched
+
+	^ecgd.gov.uk does not exist.
+
+-->
+<ruleset name="ECGD.gov.uk (partial)">
+
+	<!--	Complications:
+				-->
+	<target host="www.ecgd.gov.uk" />
+
+
+	<!--	Redirect drops forward slash and args:
+							-->
+	<rule from="^http://www\.ecgd\.gov\.uk/.*"
+		to="https://www.gov.uk/government/organisations/export-credit-guarantee-department" />
+
+		<!--	/\w does not redirect:
+						-->
+		<exclusion pattern="^http://www\.ecgd\.gov\.uk/(?!/*(?:$|\?))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.ecgd.gov.uk/Consultations" />
+			<test url="http://www.ecgd.gov.uk/internat" />
+			<test url="http://www.ecgd.gov.uk/news-and-events/speeches" />
+			<test url="http://www.ecgd.gov.uk/publications/operational-data" />
+			<test url="http://www.ecgd.gov.uk/publications/plans-and-reports/anti-bribery-corruption-review" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.ecgd.gov.uk/?" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/echo24.cz.xml b/src/chrome/content/rules/echo24.cz.xml
new file mode 100644
index 000000000000..ea9217d00ee6
--- /dev/null
+++ b/src/chrome/content/rules/echo24.cz.xml
@@ -0,0 +1,17 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://tydenik.echo24.cz/ => https://tydenik.echo24.cz/: (51, "SSL: no alternative certificate subject name matches target host name 'tydenik.echo24.cz'")
+Fetch error: http://echomedia.cz/ => https://echomedia.cz/: (6, 'Could not resolve host: echomedia.cz')
+
+-->
+<ruleset name="Echo24.cz" default_off="failed ruleset test">
+    <target host="echo24.cz" />
+    <target host="www.echo24.cz" />
+    <target host="tydenik.echo24.cz" />
+    <target host="echomedia.cz" />
+    <target host="secure.echomedia.cz" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/eclkmpsa.com.xml b/src/chrome/content/rules/eclkmpsa.com.xml
new file mode 100644
index 000000000000..237046de8f21
--- /dev/null
+++ b/src/chrome/content/rules/eclkmpsa.com.xml
@@ -0,0 +1,19 @@
+<!--
+	Ads.
+
+-->
+<ruleset name="eclkmpsa.com">
+
+	<target host="eclkmpsa.com" />
+	<target host="www.eclkmpsa.com" />
+
+		<!--test url="http://eclkmpsa.com/adServe/banners?tid=&amp;tagid=&amp;popPerSession=" /-->
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ecoast.com.tw.xml b/src/chrome/content/rules/ecoast.com.tw.xml
new file mode 100644
index 000000000000..0a4f2f6acde4
--- /dev/null
+++ b/src/chrome/content/rules/ecoast.com.tw.xml
@@ -0,0 +1,7 @@
+<ruleset name="ecoast.com.tw">
+
+	<target host="ecoast.com.tw" />
+	<target host="www.ecoast.com.tw" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ecoin.eu.xml b/src/chrome/content/rules/ecoin.eu.xml
new file mode 100644
index 000000000000..b207f159742d
--- /dev/null
+++ b/src/chrome/content/rules/ecoin.eu.xml
@@ -0,0 +1,13 @@
+<!--
+mx.ecoin.eu ⁴
+
+
+⁴ self signed
+-->
+<ruleset name="ecoin.eu">
+	<target host="ecoin.eu" />
+	<target host="www.ecoin.eu" />
+	<target host="cdn.ecoin.eu" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ecops.org.uk.xml b/src/chrome/content/rules/ecops.org.uk.xml
new file mode 100644
index 000000000000..abc28747923a
--- /dev/null
+++ b/src/chrome/content/rules/ecops.org.uk.xml
@@ -0,0 +1,13 @@
+<ruleset name="eCops.org.uk">
+
+	<target host="ecops.org.uk" />
+	<target host="www.ecops.org.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ecotelecom.ru.xml b/src/chrome/content/rules/ecotelecom.ru.xml
new file mode 100644
index 000000000000..596b9334287f
--- /dev/null
+++ b/src/chrome/content/rules/ecotelecom.ru.xml
@@ -0,0 +1,46 @@
+<!--
+aerobus.ecotelecom.ru ³
+arkada.ecotelecom.ru ³
+avenyu77.ecotelecom.ru ³
+border-0.ecotelecom.ru ³
+chehov.ecotelecom.ru ³
+dubki.ecotelecom.ru ³
+econat.ecotelecom.ru ¹
+lapino.ecotelecom.ru ³
+lg.ecotelecom.ru ¹
+luberci.ecotelecom.ru ³
+lukinskaya.ecotelecom.ru ³
+mail.ecotelecom.ru ³
+michurinskiy.ecotelecom.ru ³
+moskovskiy.ecotelecom.ru ³
+ns0.ecotelecom.ru ²
+ns1.ecotelecom.ru ³
+ns2.ecotelecom.ru ¹
+plus.ecotelecom.ru ¹
+podarok.ecotelecom.ru ¹
+podolsk.ecotelecom.ru ³
+putilkovo.ecotelecom.ru ³
+real-list.ecotelecom.ru ⁴
+reg.ecotelecom.ru ⁴
+relay1.ecotelecom.ru ³
+sherbinka.ecotelecom.ru ³
+gw1.sip.ecotelecom.ru ⁴
+sip-office.ecotelecom.ru ²
+smtp.ecotelecom.ru ³
+tv.ecotelecom.ru ¹
+
+
+¹ mismatch
+² refused
+³ timed out
+⁴ self signed
+-->
+<ruleset name="ecotelecom.ru">
+	<target host="ecotelecom.ru" />
+	<target host="www.ecotelecom.ru" />
+	<target host="bill.ecotelecom.ru" />
+	<target host="pyzzle.ecotelecom.ru" />
+	<target host="speedtest.ecotelecom.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/edeka.xml b/src/chrome/content/rules/edeka.xml
new file mode 100644
index 000000000000..6a506a3fcd52
--- /dev/null
+++ b/src/chrome/content/rules/edeka.xml
@@ -0,0 +1,42 @@
+<!--
+	Mismatch:
+		- banane.edeka.de
+		- foto.edeka.de
+		- m.edeka.de
+		- mail.edeka.de
+		- web.edeka.de
+		- ^edeka-verbund.de
+
+	No secure protocols supported:
+		- artenvielfalt.edeka.de
+
+	Problematic:
+		- redirect on some pages, only css, images and js are working
+-->
+<ruleset name="EDEKA (partial)">
+	<target host="edeka.de"/>
+	<target host="www.edeka.de"/>
+	<target host="bms.edeka.de"/>
+	<target host="mein.edeka.de"/>
+	<target host="static.edeka.de"/>
+	<target host="www.edeka-verbund.de"/>
+
+	<exclusion pattern="^http://edeka\.de/$" />
+	<exclusion pattern="^http://www\.edeka\.de/$" />
+	<exclusion pattern="^http://www\.edeka-verbund\.de/$" />
+
+	<test url="http://edeka.de/media/03_design/img/intern/edeka_logo_2.png" />
+	<test url="http://www.edeka.de/media/03_design/img/intern/edeka_logo_2.png" />
+	<test url="http://www.edeka-verbund.de/Unternehmen/media/design/img/logo.png" />
+
+	<rule from="^http://(www\.)?edeka\.de/media/"
+		to="https://www.edeka.de/media/"/>
+	<rule from="^http://(www\.)?edeka-verbund\.de/Unternehmen/media/"
+		to="https://www.edeka-verbund.de/Unternehmen/media/"/>
+	<rule from="^http://bms\.edeka\.de/"
+		to="https://bms.edeka.de/"/>
+	<rule from="^http://mein\.edeka\.de/"
+		to="https://mein.edeka.de/"/>
+	<rule from="^http://static\.edeka\.de/"
+		to="https://static.edeka.de/"/>
+</ruleset>
diff --git a/src/chrome/content/rules/edens.com.xml b/src/chrome/content/rules/edens.com.xml
new file mode 100644
index 000000000000..0f83f928b470
--- /dev/null
+++ b/src/chrome/content/rules/edens.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="edens.com">
+	<target host="edens.com" />
+	<target host="*.edens.com" />
+
+	<rule from="^http:" to="https:" />
+
+	<test url="http://properties.edens.com/cre/properties/" />
+	<test url="http://properties.edens.com/p/shopping-center-commercial-real-estate/Princeton-NJ-08540/princetonshoppingcenter" />
+	<test url="http://properties.edens.com/property/capsule_data/739/property/sitemap_image/611.png" />
+</ruleset>
diff --git a/src/chrome/content/rules/edfringe.com.xml b/src/chrome/content/rules/edfringe.com.xml
new file mode 100644
index 000000000000..4b84636909a2
--- /dev/null
+++ b/src/chrome/content/rules/edfringe.com.xml
@@ -0,0 +1,41 @@
+<!--
+	Nonfunctional hosts in *edfringe.com:
+
+		- help.registration ᵃ
+
+	ᵃ Shows registration.edfringe.com
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- tickets.edfringe.com
+		- www.edfringe.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Ed Fringe.com (partial)">
+
+	<target host="edfringe.com" />
+	<target host="registration.edfringe.com" />
+	<target host="tickets.edfringe.com" />
+	<target host="www.edfringe.com" />
+
+		<!--	Sets cookies without Secure:
+							-->
+		<!--test url="http://www.edfringe.com/ox/www/delivery/avw.php?zoneid=1&amp;n=0000001" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^tickets\.edfringe\.com$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^www\.edfringe\.com$" name="^(?:OAID|OAVARS\[[\da-f]+\])$" /-->
+
+	<securecookie host="^\." name="^_ga" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/edgefonts.net.xml b/src/chrome/content/rules/edgefonts.net.xml
new file mode 100644
index 000000000000..d4106e6f4860
--- /dev/null
+++ b/src/chrome/content/rules/edgefonts.net.xml
@@ -0,0 +1,6 @@
+<ruleset name="edgefonts.net">
+		<target host="use.edgefonts.net" />
+
+		<rule from="^http:"
+				to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/edgis-security.org.xml b/src/chrome/content/rules/edgis-security.org.xml
new file mode 100644
index 000000000000..fd48c0ddbb1f
--- /dev/null
+++ b/src/chrome/content/rules/edgis-security.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="edgis-security.org">
+	<target host="edgis-security.org" />
+	<target host="www.edgis-security.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/edina.ac.uk.xml b/src/chrome/content/rules/edina.ac.uk.xml
new file mode 100644
index 000000000000..b67cddde3df4
--- /dev/null
+++ b/src/chrome/content/rules/edina.ac.uk.xml
@@ -0,0 +1,52 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://census.edina.ac.uk/ => https://census.edina.ac.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'census.edina.ac.uk'")
+
+	Nonfunctional hosts in *edina.ac.uk:
+
+		- (www.)? ʳ
+		- openstream ʳ
+
+	ʳ Refused
+
+
+	Problematic hosts in *edina.ac.uk:
+
+		- aqmensrv ᵐ
+
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- ess.edina.ac.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="edina.ac.uk (partial)" default_off="failed ruleset test">
+
+	<target host="census.edina.ac.uk" />
+	<target host="ess.edina.ac.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="aqmensrv.edina.ac.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^ess\.edina\.ac\.uk$" name="^(?:CFID|CFTOKEN)$" /-->
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://aqmensrv\.edina\.ac\.uk/"
+		to="https://www.aqmen.ac.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/edsurge.com.xml b/src/chrome/content/rules/edsurge.com.xml
new file mode 100644
index 000000000000..1f0685e4c937
--- /dev/null
+++ b/src/chrome/content/rules/edsurge.com.xml
@@ -0,0 +1,45 @@
+<!--
+	CDN buckets:
+
+		- d2ln7br0fezade.cloudfront.net
+		- d30phju7yacslk.cloudfront.net
+		- d3e7x39d4i7wbe.cloudfront.net
+
+
+	Nonfunctional hosts in *edsurge.com:
+
+		- awards ᵈ
+
+	ᵈ Dropped
+
+
+	Problematic hosts in *edsurge.com:
+
+		- about ᵐ
+		- careers ᵐ
+		- devblog ᵐ
+
+	ᵐ GitHub / mismatched
+
+
+	Mixed content:
+
+		- css on about, careers, devblog from fonts.googleapis.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="EdSurge.com (partial)">
+
+	<target host="edsurge.com" />
+	<target host="www.edsurge.com" />
+
+
+	<securecookie host=".+" name="^optimizely" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/education.gov.uk.xml b/src/chrome/content/rules/education.gov.uk.xml
new file mode 100644
index 000000000000..26f09743761c
--- /dev/null
+++ b/src/chrome/content/rules/education.gov.uk.xml
@@ -0,0 +1,173 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://media2.education.gov.uk/ => https://media2.education.gov.uk/: (52, 'Empty reply from server')
+Fetch error: http://tableschecking.education.gov.uk/ => https://tableschecking.education.gov.uk/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	NB: media2.../$ resets connection over https &
+	502s over http ?=> test failure
+
+	Department for Education
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *education.gov.uk:
+
+		- futurescholarawards ᶠ
+		- lists ⁴
+		- publications ᵗ
+		- sta ʳ
+
+	⁴ Redirects to 404
+	ᶠ Handshake fails
+	ʳ Refused
+	ᵗ Reset
+
+
+	Problematic hosts in *education.gov.uk:
+
+		- aka ᵐ
+		- sa ᶜ
+
+	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
+	ᵐ Mismatched
+
+
+	Partially covered hosts in *education.gov.uk:
+
+		- (www.)? *
+		- aka **
+
+	* Some paths redirect to http, others to 401
+	** Redirect behaviour seems unpredictable
+
+
+	These altnames do not exist:
+
+		- www.collectdata.education.gov.uk
+		- www.consult.education.gov.uk
+		- www.fsm.education.gov.uk
+
+
+	Insecure cookies are set for these hosts:
+
+		- forms.education.gov.uk
+		- ncatools.education.gov.uk
+		- tableschecking.education.gov.uk
+		- www.education.gov.uk
+
+
+	Mixed content:
+
+		- Image on www from $self ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="Education.gov.uk (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="education.gov.uk" />
+	<target host="consult.education.gov.uk" />
+	<target host="collectdata.education.gov.uk" />
+	<target host="dataprovision.education.gov.uk" />
+	<target host="efadatacollections.education.gov.uk" />
+	<target host="form.education.gov.uk" />
+	<target host="fsm.education.gov.uk" />
+	<target host="getintoteaching.education.gov.uk" />
+	<target host="ittprovider.education.gov.uk" />
+	<target host="www.keytosuccess.education.gov.uk" />
+	<target host="media.education.gov.uk" />
+	<target host="media2.education.gov.uk" />
+	<target host="ncatools.education.gov.uk" />
+	<!--target host="sa.education.gov.uk" /-->
+	<target host="studentbursarysupport.education.gov.uk" />
+	<target host="tableschecking.education.gov.uk" />
+	<target host="teacherservices.education.gov.uk" />
+	<target host="www.education.gov.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="aka.education.gov.uk" />
+
+		<!--	Redirects to 404:
+						-->
+		<!--exclusion pattern="^http://www\.education\.gov\.uk/cgi-bin/schools/performance/group\.pl" /-->
+		<!--
+			Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.education\.gov\.uk/schools/performance/(?:$|img/)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://(?:www\.)?education\.gov\.uk/+(?!$|\?|(?:help|piwik)(?:$|[?/]))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.education.gov.uk/bullying/" />
+			<test url="http://www.education.gov.uk/cgi-bin/schools/performance/group.pl?qtype=NAT" />
+			<test url="http://www.education.gov.uk/datacollection" />
+			<test url="http://www.education.gov.uk/isa" />
+			<test url="http://www.education.gov.uk/optionals" />
+			<test url="http://www.education.gov.uk/ourfuture" />
+			<test url="http://www.education.gov.uk/schools/performance/" />
+			<test url="http://www.education.gov.uk/schools/performance/img/arrow_small.gif" />
+			<test url="http://www.education.gov.uk/share" />
+			<test url="http://www.education.gov.uk/staff" />
+			<test url="http://www.education.gov.uk/ukccis/" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.education.gov.uk/help" />
+			<test url="http://www.education.gov.uk/help/contactus/dfe" />
+			<test url="http://www.education.gov.uk/piwik/" /><!--	mixed image, sets cookie without Secure -->
+			<test url="http://www.education.gov.uk/piwik/piwik.php?idsite=" />
+
+		<test url="http://fsm.education.gov.uk/fsm.laportal/" />
+		<test url="http://media.education.gov.uk/consumption/css/core/print.css" />
+		<test url="http://media2.education.gov.uk/dfe2014/css/legacy.css" />
+
+		<!--	Sets cookie without Secure:
+							-->
+		<!--test url="http://tableschecking.education.gov.uk/Web14/KS4Progress8Optin/FSG.User/Logout.aspx" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^form\.education\.gov\.uk$" name="^X-FS-RET$" /-->
+	<!--securecookie host="^ncatools\.education\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^tableschecking\.education\.gov\.uk$" name="^(?:\.ASPXANONYMOUS$|ASP\.NET_SessionId$|BIGipServer)" /-->
+	<!--securecookie host="^www\.education\.gov\.uk$" name="^PIWIK_SESSID$" /-->
+
+	<securecookie host="^\." name="^_gat?$" />
+	<securecookie host="^(?!www\.)\w" name=".+" />
+	<securecookie host="^www\." name="^PIWIK_" />
+
+
+	<!--	Redirect drops forward slash and args:
+							-->
+	<rule from="^http://aka\.education\.gov\.uk/.*"
+		to="https://www.gov.uk/government/organisations/department-for-education" />
+
+		<!--	/*\w does not redirect:
+						-->
+		<exclusion pattern="^http://aka\.education\.gov\.uk/+(?!$|\?)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://aka.education.gov.uk/default.aspx" />
+			<test url="http://aka.education.gov.uk/index.htm" />
+			<test url="http://aka.education.gov.uk/index.html" />
+			<test url="http://aka.education.gov.uk/index.jsp" />
+			<test url="http://aka.education.gov.uk/index.php" />
+
+			<!--	-ve:
+					-->
+			<test url="http://aka.education.gov.uk/?" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/education.ie.xml b/src/chrome/content/rules/education.ie.xml
new file mode 100644
index 000000000000..9a60d1f24990
--- /dev/null
+++ b/src/chrome/content/rules/education.ie.xml
@@ -0,0 +1,10 @@
+<!--
+Timeout:
+	penmod.education.ie
+-->
+<ruleset name="education.ie">
+	<target host="education.ie"/>
+	<target host="www.education.ie"/>
+
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/eduroam.de.xml b/src/chrome/content/rules/eduroam.de.xml
new file mode 100644
index 000000000000..09c0d0e2c7b9
--- /dev/null
+++ b/src/chrome/content/rules/eduroam.de.xml
@@ -0,0 +1,18 @@
+<!--
+	For general eduroam rules see: Eduroam.org.xml
+-->
+<ruleset name="eduroam.de">
+
+	<target host="eduroam.de" />
+	<target host="www.eduroam.de" />
+	<target host="cat.eduroam.de" />
+	<target host="map.eduroam.de" />
+
+	<!-- Timeout on https://eduroam.de/,
+	http://eduroam.de/ redirects to http://www.eduroam.de/ -->
+	<rule from="^http://eduroam\.de/"
+		to="https://www.eduroam.de/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/eduroam.gr.xml b/src/chrome/content/rules/eduroam.gr.xml
new file mode 100644
index 000000000000..0ebac48c2187
--- /dev/null
+++ b/src/chrome/content/rules/eduroam.gr.xml
@@ -0,0 +1,8 @@
+<ruleset name="eduroam.gr">
+	<target host="eduroam.gr" />
+	<target host="www.eduroam.gr" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/eduserv.org.uk.xml b/src/chrome/content/rules/eduserv.org.uk.xml
new file mode 100644
index 000000000000..0b2215ea878c
--- /dev/null
+++ b/src/chrome/content/rules/eduserv.org.uk.xml
@@ -0,0 +1,50 @@
+<!--
+	Problematic hosts in *eduserv.org.uk:
+
+		- consumption.echannels ᵐ
+		- lacuna.echannels ᵐ
+		- stg.web.echannels ᵐ
+
+		- swalive ᵐ
+
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- eduserv.org.uk
+		- .eduserv.org.uk
+		- www.eduserv.org.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css on (www.)? from fonts.googleapis.com ˢ
+		- Bug on (www.)? from www.final-azr-01.com ᵐ
+
+	ᵐ Not secured by us <= mismatched
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Eduserv.org.uk (partial)">
+
+	<target host="eduserv.org.uk" />
+	<target host="www.eduserv.org.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?eduserv\.org\.uk$" name="^(?:ASP\.NET_SessionId|SC_ANALYTICS_(?:GLOBAL|SESSION)_COOKIE)$" /-->
+	<!--securecookie host="^\.eduserv\.org\.uk$" name="^(?:incap_ses_\d+|visid_incap)_\d+$" /-->
+	<!--securecookie host="^www\.eduserv\.org\.uk$" name="^__utm[abm]\w+$" /-->
+
+	<securecookie host="^\." name="^(?:_gat?$|_gat_|incap_ses_|visid_incap_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/edustore.fi.xml b/src/chrome/content/rules/edustore.fi.xml
new file mode 100644
index 000000000000..f952485ae15a
--- /dev/null
+++ b/src/chrome/content/rules/edustore.fi.xml
@@ -0,0 +1,13 @@
+<!--
+	Mismatched:
+		- ^
+
+	Mixed content (scripts do not load):
+		- www
+-->
+<ruleset name="edustore.fi (partial)">
+		<target host="id.edustore.fi" />
+		<target host="oma.edustore.fi" />
+
+		<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/edusupportcenter.com.xml b/src/chrome/content/rules/edusupportcenter.com.xml
new file mode 100644
index 000000000000..4eab868feba6
--- /dev/null
+++ b/src/chrome/content/rules/edusupportcenter.com.xml
@@ -0,0 +1,21 @@
+<ruleset name="edusupportcenter.com">
+
+	<target host="bigsandy-kctcs.edusupportcenter.com" />
+	<target host="coursesmart.edusupportcenter.com" />
+	<target host="elizabethtown-kctcs.edusupportcenter.com" />
+	<target host="gateway-kctcs.edusupportcenter.com" />
+	<target host="georgetown.edusupportcenter.com" />
+	<target host="gonzaga.edusupportcenter.com" />
+	<target host="kctcs-lod.edusupportcenter.com" />
+	<target host="nau.edusupportcenter.com" />
+	<target host="somerset-kctcs.edusupportcenter.com" />
+	<target host="southcentral-kctcs.edusupportcenter.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/eer.ru.xml b/src/chrome/content/rules/eer.ru.xml
new file mode 100644
index 000000000000..2d261b294252
--- /dev/null
+++ b/src/chrome/content/rules/eer.ru.xml
@@ -0,0 +1,5 @@
+<ruleset name="eer.ru" platform="mixedcontent">
+	<target host="eer.ru" />
+	<target host="www.eer.ru" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/eff.cat.xml b/src/chrome/content/rules/eff.cat.xml
new file mode 100644
index 000000000000..5bb03b1ddd6f
--- /dev/null
+++ b/src/chrome/content/rules/eff.cat.xml
@@ -0,0 +1,6 @@
+<ruleset name="eff.cat">
+     <target host="eff.cat" />
+     <target host="www.eff.cat" />
+
+     <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/effusion.co.uk.xml b/src/chrome/content/rules/effusion.co.uk.xml
new file mode 100644
index 000000000000..102d3fd6ea61
--- /dev/null
+++ b/src/chrome/content/rules/effusion.co.uk.xml
@@ -0,0 +1,33 @@
+<!--
+	Insecure cookies are set for these domains: ᶜ
+
+		- .effusion.co.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css from fast.fonts.net ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Effusion.co.uk">
+
+	<target host="effusion.co.uk" />
+	<target host="www.effusion.co.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.effusion\.co\.uk$" name="^SESS[\da-f]{32}$" /-->
+
+	<securecookie host="^\." name="^SESS" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/efsyn.gr.xml b/src/chrome/content/rules/efsyn.gr.xml
new file mode 100644
index 000000000000..dbbe486b563e
--- /dev/null
+++ b/src/chrome/content/rules/efsyn.gr.xml
@@ -0,0 +1,25 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://efsyn.gr/ => https://efsyn.gr/: (51, "SSL: no alternative certificate subject name matches target host name 'efsyn.gr'")
+
+	Mixed content:
+
+		- Images on (www.)? from www.efsyn.gr ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Efsyn.gr" default_off="failed ruleset test">
+
+	<target host="efsyn.gr" />
+	<target host="www.efsyn.gr" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/eg-online.ru.xml b/src/chrome/content/rules/eg-online.ru.xml
new file mode 100644
index 000000000000..25964292ebeb
--- /dev/null
+++ b/src/chrome/content/rules/eg-online.ru.xml
@@ -0,0 +1,5 @@
+<ruleset name="eg-online.ru">
+	<target host="eg-online.ru" />
+	<target host="www.eg-online.ru" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/egais.ru.xml b/src/chrome/content/rules/egais.ru.xml
new file mode 100644
index 000000000000..0bdba88f980a
--- /dev/null
+++ b/src/chrome/content/rules/egais.ru.xml
@@ -0,0 +1,14 @@
+<!--
+wiki.egais.ru ³
+
+
+³ timed out
+-->
+<ruleset name="egais.ru">
+	<target host="egais.ru" />
+	<target host="service.egais.ru" />
+	<target host="check.egais.ru" />
+
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/egl.lv.xml b/src/chrome/content/rules/egl.lv.xml
new file mode 100644
index 000000000000..1621e07ebc58
--- /dev/null
+++ b/src/chrome/content/rules/egl.lv.xml
@@ -0,0 +1,6 @@
+<ruleset name="egl.lv">
+  <target host="egl.lv" />
+  <target host="www.egl.lv" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ehsanakhgari.org.xml b/src/chrome/content/rules/ehsanakhgari.org.xml
new file mode 100644
index 000000000000..9589de7521fe
--- /dev/null
+++ b/src/chrome/content/rules/ehsanakhgari.org.xml
@@ -0,0 +1,28 @@
+<!--
+	STS header includes includeSubdomains.
+
+-->
+<ruleset name="Ehsan Akhgari.org">
+
+	<target host="ehsanakhgari.org" />
+	<target host="*.ehsanakhgari.org" />
+
+		<!--	includeSubdomains applies to one level only, so:
+									-->
+		<exclusion pattern="^http://(?:[^./]+\.){2,}ehsanakhgari\.org/" />
+
+			<!--	+ve:
+					-->
+			<test url="http://this.host.ehsanakhgari.org/" />
+			<test url="http://exists.not.ehsanakhgari.org/" />
+
+		<test url="http://www.ehsanakhgari.org/" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/eigenLab.xml b/src/chrome/content/rules/eigenLab.xml
index 547e6f9353b7..5a90bf16c1de 100644
--- a/src/chrome/content/rules/eigenLab.xml
+++ b/src/chrome/content/rules/eigenLab.xml
@@ -1,11 +1,19 @@
-<ruleset name="eigenLab" platform="mixedcontent">
+<!--
+	Expired:
+		- owncloud
 
+	503:
+		- git
+-->
+<ruleset name="eigenLab">
 	<target host="eigenlab.org"/>
 	<target host="www.eigenlab.org"/>
+	<target host="pad.eigenlab.org"/>
+	<target host="wiki.eigenlab.org"/>
+	<target host="efesto.eigenlab.org"/>
 
-	<rule from="^http://(www\.)?eigenlab\.org/"
-		to="https://eigenlab.org/"/>
-
-	<securecookie host="^(www\.)?eigenlab\.org$" name=".*"/>
+	<securecookie host="^(?:[^:@\.]+\.)?eigenlab\.org$" name=".+" />
 
+	<rule from="^http:"
+		to="https:"/>
 </ruleset>
diff --git a/src/chrome/content/rules/eigenstate.org.xml b/src/chrome/content/rules/eigenstate.org.xml
new file mode 100644
index 000000000000..4c4c9b9c3db1
--- /dev/null
+++ b/src/chrome/content/rules/eigenstate.org.xml
@@ -0,0 +1,16 @@
+<!--
+gitweb.eigenstate.org ⁷
+nayuki.eigenstate.org ¹
+old.eigenstate.org ⁷
+
+
+¹ mismatch
+⁷ protocol error
+-->
+<ruleset name="eigenstate.org">
+	<target host="eigenstate.org" />
+	<target host="www.eigenstate.org" />
+	<target host="git.eigenstate.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/einthusan.tv.xml b/src/chrome/content/rules/einthusan.tv.xml
new file mode 100644
index 000000000000..bffb6563f283
--- /dev/null
+++ b/src/chrome/content/rules/einthusan.tv.xml
@@ -0,0 +1,6 @@
+<ruleset name="einthusan.tv">
+	<target host="einthusan.tv" />
+	<target host="www.einthusan.tv" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ejtaal.net.xml b/src/chrome/content/rules/ejtaal.net.xml
new file mode 100644
index 000000000000..1900aea46f14
--- /dev/null
+++ b/src/chrome/content/rules/ejtaal.net.xml
@@ -0,0 +1,16 @@
+<!--
+Timeout:
+	home.ejtaal.net
+
+Refused connection:
+	ceres.ejtaal.net
+	dev.ejtaal.net
+	test.ejtaal.net
+	vps.ejtaal.net
+-->
+<ruleset name="Ejtaal.net">
+	<target host="ejtaal.net"/>
+	<target host="www.ejtaal.net"/>
+
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/ekovolga.com.xml b/src/chrome/content/rules/ekovolga.com.xml
new file mode 100644
index 000000000000..ac5b659d1774
--- /dev/null
+++ b/src/chrome/content/rules/ekovolga.com.xml
@@ -0,0 +1,5 @@
+<ruleset name="ekovolga.com">
+	<target host="ekovolga.com" />
+	<target host="www.ekovolga.com" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/elBotola.com.xml b/src/chrome/content/rules/elBotola.com.xml
new file mode 100644
index 000000000000..d37d4fa2b8fe
--- /dev/null
+++ b/src/chrome/content/rules/elBotola.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="elBotola.com">
+	<target host="elbotola.com" />
+	<target host="www.elbotola.com" />
+	<target host="m.elbotola.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/elbalad.news.xml b/src/chrome/content/rules/elbalad.news.xml
new file mode 100644
index 000000000000..240db59cfa67
--- /dev/null
+++ b/src/chrome/content/rules/elbalad.news.xml
@@ -0,0 +1,7 @@
+<ruleset name="elbalad.news">
+	<target host="elbalad.news" />
+	<target host="www.elbalad.news" />
+	<target host="en.elbalad.news" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/elcorteingles.es.xml b/src/chrome/content/rules/elcorteingles.es.xml
new file mode 100644
index 000000000000..602fe3273461
--- /dev/null
+++ b/src/chrome/content/rules/elcorteingles.es.xml
@@ -0,0 +1,24 @@
+<!--
+	Invalid Certificate:
+		seguros.elcorteingles.es
+		www.tecnologiadetuatu.elcorteingles.es
+		pitiflu.elcorteingles.es
+		www.restauracion.elcorteingles.es
+		c.elcorteingles.es
+	Unable to Connect:
+		validarpromociones.elcorteingles.es
+		listasdeboda.elcorteingles.es
+	Incomplete Certificate Chain:
+		www.international.elcorteingles.es
+-->
+<ruleset name="elcorteingles.es">
+	<target host="elcorteingles.es" />
+	<target host="www.elcorteingles.es" />
+	<target host="masb2e.elcorteingles.es" />
+	<target host="primeriti.elcorteingles.es" />
+	<target host="sgfm.elcorteingles.es" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/elec.ru.xml b/src/chrome/content/rules/elec.ru.xml
new file mode 100644
index 000000000000..033ed390ef50
--- /dev/null
+++ b/src/chrome/content/rules/elec.ru.xml
@@ -0,0 +1,15 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://market.elec.ru/ => https://market.elec.ru/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+ advert. mismatch
+www.advert. mismatch -->
+<ruleset name="elec.ru" default_off="failed ruleset test">
+	<target host="elec.ru" />
+	<target host="www.elec.ru" />
+	<target host="market.elec.ru" />
+	<target host="top.elec.ru" />
+	<target host="cdn.elec.ru" />
+	<target host="static.elec.ru" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/electionmentions.com.xml b/src/chrome/content/rules/electionmentions.com.xml
new file mode 100644
index 000000000000..c41ed5b73f9b
--- /dev/null
+++ b/src/chrome/content/rules/electionmentions.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- electionmentions.com
+		- www.electionmentions.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Election Mentions.org">
+
+	<target host="electionmentions.com" />
+	<target host="www.electionmentions.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?electionmentions\.com$" name="^session$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/elections.bc.ca.xml b/src/chrome/content/rules/elections.bc.ca.xml
new file mode 100644
index 000000000000..403b915c1c5b
--- /dev/null
+++ b/src/chrome/content/rules/elections.bc.ca.xml
@@ -0,0 +1,15 @@
+<ruleset name="elections.bc.ca">
+	<target host="elections.bc.ca" />
+	<target host="www.elections.bc.ca" />
+	<target host="results.elections.bc.ca" />
+  <target host="votebymail.elections.bc.ca" />
+	<target host="votebymailbp.elections.bc.ca" />
+	<target host="votebymailnz.elections.bc.ca" />
+	<target host="votebymailxh.elections.bc.ca" />
+	<target host="votebymailym.elections.bc.ca" />
+	<target host="votebymailzf.elections.bc.ca" />
+	<target host="wheretovote.elections.bc.ca" />
+	<target host="www3.elections.bc.ca" />
+  
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/electric-cloud.com.xml b/src/chrome/content/rules/electric-cloud.com.xml
new file mode 100644
index 000000000000..f0110987ecd0
--- /dev/null
+++ b/src/chrome/content/rules/electric-cloud.com.xml
@@ -0,0 +1,17 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ask.electric-cloud.com/ => https://ask.electric-cloud.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+cdn.electric-cloud.com mismatch
+docs.electric-cloud.com mismatch
+downloads.electric-cloud.com mismatch
+-->
+<ruleset name="electric-cloud.com" default_off="failed ruleset test">
+	<target host="electric-cloud.com" />
+	<target host="www.electric-cloud.com" />
+	<target host="ask.electric-cloud.com" />
+	<target host="helpcenter.electric-cloud.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/electroneum.com.xml b/src/chrome/content/rules/electroneum.com.xml
new file mode 100644
index 000000000000..70aa9efbc113
--- /dev/null
+++ b/src/chrome/content/rules/electroneum.com.xml
@@ -0,0 +1,15 @@
+
+<ruleset name="electroneum.com">
+
+	<target host="electroneum.com" />
+	<target host="www.electroneum.com" />
+	<target host="blockexplorer.electroneum.com" />
+	<target host="downloads.electroneum.com" />
+	<target host="my.electroneum.com" />
+	<target host="support.electroneum.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/elektro-paloucek.cz.xml b/src/chrome/content/rules/elektro-paloucek.cz.xml
new file mode 100644
index 000000000000..e5cf2c6edaaf
--- /dev/null
+++ b/src/chrome/content/rules/elektro-paloucek.cz.xml
@@ -0,0 +1,7 @@
+<ruleset name="ELEKTRO PALOUČEK">
+    <target host="elektro-paloucek.cz" />
+    <target host="www.elektro-paloucek.cz" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/elephorm.com.xml b/src/chrome/content/rules/elephorm.com.xml
new file mode 100644
index 000000000000..7658e8d70623
--- /dev/null
+++ b/src/chrome/content/rules/elephorm.com.xml
@@ -0,0 +1,27 @@
+<!--
+	Nonfunctional hosts in *elephorm.com:
+
+		- (www.)? ᵃ
+		- blog ʳ
+		- pro ᵈ
+		- statics ᵃ
+		- university ʳ
+
+	ᵃ Shows eas.elephorm.com
+	ᵈ Dropped
+	ʳ Refused
+
+-->
+<ruleset name="Elephorm.com (partial)">
+
+	<target host="eas.elephorm.com" />
+
+
+	<securecookie host="^\." name="^_ga" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/elkosmasgr.xml b/src/chrome/content/rules/elkosmasgr.xml
new file mode 100644
index 000000000000..96ac9029a035
--- /dev/null
+++ b/src/chrome/content/rules/elkosmasgr.xml
@@ -0,0 +1,16 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.elkosmas.gr/ => https://elkosmas.gr/: (51, "SSL: no alternative certificate subject name matches target host name 'elkosmas.gr'")
+Fetch error: http://elkosmas.gr/ => https://elkosmas.gr/: (51, "SSL: no alternative certificate subject name matches target host name 'elkosmas.gr'")
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.elkosmas.gr/ => https://elkosmas.gr/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://elkosmas.gr/ => https://elkosmas.gr/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+-->
+<ruleset name="elkosmas.gr" default_off="failed ruleset test">
+  <target host="www.elkosmas.gr" />
+  <target host="elkosmas.gr" />
+
+  <rule from="^http://(?:www\.)?elkosmas\.gr/" to="https://elkosmas.gr/"/>
+</ruleset>
diff --git a/src/chrome/content/rules/ellislab.com.xml b/src/chrome/content/rules/ellislab.com.xml
new file mode 100644
index 000000000000..72ae5e9e257c
--- /dev/null
+++ b/src/chrome/content/rules/ellislab.com.xml
@@ -0,0 +1,29 @@
+<!--
+	STS header includes includeSubdomains
+
+-->
+<ruleset name="EllisLab.com">
+
+	<target host="ellislab.com" />
+	<target host="*.ellislab.com" />
+
+		<!--	includeSubdomains applies to one level only, so:
+									-->
+		<exclusion pattern="^http://(?:[^./]+\.){2}ellislab\.com/" />
+
+			<!--	+ve:
+					-->
+			<test url="http://this.host.ellislab.com/" />
+			<test url="http://exists.not.ellislab.com/" />
+
+		<test url="http://store.ellislab.com/" />
+		<test url="http://www.ellislab.com/" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/elm-lang.org.xml b/src/chrome/content/rules/elm-lang.org.xml
new file mode 100644
index 000000000000..e32dea5a7b1c
--- /dev/null
+++ b/src/chrome/content/rules/elm-lang.org.xml
@@ -0,0 +1,14 @@
+<!--
+	Connection refused:
+		- mail
+-->
+<ruleset name="elm-lang.org">
+	<target host="elm-lang.org" />
+	<target host="www.elm-lang.org" />
+	<target host="discourse.elm-lang.org" />
+	<target host="foundation.elm-lang.org" />
+	<target host="guide.elm-lang.org" />
+	<target host="package.elm-lang.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/elong.com.xml b/src/chrome/content/rules/elong.com.xml
new file mode 100644
index 000000000000..0edf0094befb
--- /dev/null
+++ b/src/chrome/content/rules/elong.com.xml
@@ -0,0 +1,23 @@
+<!--
+	Too much to list error all.
+
+	Redirects to http:
+		^(www.)?
+
+	w wildcard DNS anyway:
+		*.elong.com
+		For example:
+			flight.elong.com
+			hotel.elong.com
+			lvyou.elong.com
+			trip.elong.com
+-->
+<ruleset name="elong.com">
+	<target host="api.elong.com" />
+	<target host="ebooking.elong.com" />
+	<target host="m.elong.com" />
+	<target host="promotion.elong.com" />
+	<target host="secure.elong.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/elrippoisland.net.xml b/src/chrome/content/rules/elrippoisland.net.xml
new file mode 100644
index 000000000000..d67a13230c16
--- /dev/null
+++ b/src/chrome/content/rules/elrippoisland.net.xml
@@ -0,0 +1,17 @@
+<!--
+	NB: Server sends no certificate chain, see https://whatsmychaincert.com
+
+-->
+<ruleset name="elrippoisland.net" default_off="cert-chain">
+
+	<target host="elrippoisland.net" />
+	<target host="www.elrippoisland.net" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/elttam.com.au.xml b/src/chrome/content/rules/elttam.com.au.xml
new file mode 100644
index 000000000000..1453b07daed2
--- /dev/null
+++ b/src/chrome/content/rules/elttam.com.au.xml
@@ -0,0 +1,13 @@
+<ruleset name="Elttam.com.au">
+
+	<target host="elttam.com.au" />
+	<target host="www.elttam.com.au" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/elwis.de.xml b/src/chrome/content/rules/elwis.de.xml
new file mode 100644
index 000000000000..8ae0830a0fe9
--- /dev/null
+++ b/src/chrome/content/rules/elwis.de.xml
@@ -0,0 +1,13 @@
+<!--
+	Refused:
+		nts.elwis.de
+-->
+<ruleset name="Elektronischer Wasserstraßen-Informationsservice">
+
+	<target host="elwis.de" />
+	<target host="www.elwis.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/email-comparethemarket.com.xml b/src/chrome/content/rules/email-comparethemarket.com.xml
new file mode 100644
index 000000000000..a64903e8b1f1
--- /dev/null
+++ b/src/chrome/content/rules/email-comparethemarket.com.xml
@@ -0,0 +1,29 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://email-comparethemarket.com/ => https://email-comparethemarket.com/: (60, 'SSL certificate problem: certificate has expired')
+
+	For other Compare the Market, see CompareTheMarket.xml.
+
+
+	Insecure cookies are set for these hosts:
+
+		- email-comparethemarket.com
+
+-->
+<ruleset name="Email-Compare the Market.com" default_off="failed ruleset test">
+
+	<target host="email-comparethemarket.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^email-comparethemarket\.com$" name="^ASPSESSIONID[A-Z]{8}$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/emailarchivestaskforce.org.xml b/src/chrome/content/rules/emailarchivestaskforce.org.xml
new file mode 100644
index 000000000000..67b82ac84d95
--- /dev/null
+++ b/src/chrome/content/rules/emailarchivestaskforce.org.xml
@@ -0,0 +1,15 @@
+<!--
+	Invalid certificate:
+		autodiscover.emailarchivestaskforce.org
+		ftp.emailarchivestaskforce.org
+		imap.emailarchivestaskforce.org
+		pop.emailarchivestaskforce.org
+		smtp.emailarchivestaskforce.org
+-->
+<ruleset name="emailarchivestaskforce.org">
+	<target host="emailarchivestaskforce.org" />
+	<target host="www.emailarchivestaskforce.org" />
+	<target host="mail.emailarchivestaskforce.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/emailregex.com.xml b/src/chrome/content/rules/emailregex.com.xml
new file mode 100644
index 000000000000..7d9bdba5474b
--- /dev/null
+++ b/src/chrome/content/rules/emailregex.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="emailregex.com" platform="mixedcontent">
+	<target host="emailregex.com" />
+	<target host="www.emailregex.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/emfcamp.org.xml b/src/chrome/content/rules/emfcamp.org.xml
new file mode 100644
index 000000000000..a0db9534a2ae
--- /dev/null
+++ b/src/chrome/content/rules/emfcamp.org.xml
@@ -0,0 +1,21 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://wiki-archive.emfcamp.org/ => https://wiki-archive.emfcamp.org/: (51, "SSL: no alternative certificate subject name matches target host name 'wiki-archive.emfcamp.org'")
+
+-->
+<ruleset name="EMF camp.org" default_off="failed ruleset test">
+
+	<target host="emfcamp.org" />
+	<target host="wiki.emfcamp.org" />
+	<target host="wiki-archive.emfcamp.org" />
+	<target host="www.emfcamp.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/empireblue.com.xml b/src/chrome/content/rules/empireblue.com.xml
new file mode 100644
index 000000000000..06249b051aeb
--- /dev/null
+++ b/src/chrome/content/rules/empireblue.com.xml
@@ -0,0 +1,112 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://enrollment-info.empireblue.com/ => https://enrollment-info.empireblue.com/: (6, 'Could not resolve host: enrollment-info.empireblue.com')
+
+	NB: p://www.providerfinder.../$ redirects
+	to s: 404 ?=> fetch test failure
+
+	For other Anthem coverage, see anthem.com.xml.
+
+
+	Nonfunctional hosts in *empireblue.com:
+
+		- sgplans ʳ
+		- smallbusiness ʰ
+
+	ʰ Redirects to http
+	ʳ Refused
+
+
+	Problematic hosts in *empireblue.com:
+
+		- ^ ᵐ
+		- transformationcentral ᵉ ᵐ ˢ
+
+	ᵉ Expired
+	ᵐ Mismatched
+	ˢ Self-signed
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- .empireblue.com
+		- enrollment-info.empireblue.com
+		- eoc.empireblue.com
+		- es.empireblue.com
+		- m.empireblue.com
+		- mediproviders.empireblue.com
+		- secured.ols.empireblue.com
+		- payment.empireblue.com
+		- www.providerfinder.empireblue.com
+		- sbc.empireblue.com
+		- shop.empireblue.com
+		- transformationcentral.empireblue.com
+		- www.empireblue.com
+		- www13.empireblue.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css on enrollment-info, transformationcentral from fonts.googleapis.com ˢ
+
+		- Images, on:
+
+			- transformationcentral from transformation-central.com
+			- transformationcentral from www.transformation-central.com
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Empire Blue.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="enrollment-info.empireblue.com" />
+	<target host="eoc.empireblue.com" />
+	<target host="es.empireblue.com" />
+	<target host="m.empireblue.com" />
+	<target host="mediproviders.empireblue.com" />
+	<target host="mss.empireblue.com" />
+	<target host="secured.ols.empireblue.com" />
+	<target host="payment.empireblue.com" />
+	<target host="www.providerfinder.empireblue.com" />
+	<target host="sbc.empireblue.com" />
+	<target host="www.sbc.empireblue.com" />
+	<target host="shop.empireblue.com" />
+	<target host="www.empireblue.com" />
+	<target host="www13.empireblue.com" />
+
+		<!--	Sets cookies without Secure:
+							-->
+		<!--test url="http://www13.empireblue.com/cp/web/nyhoteltrades" /-->
+
+	<!--	Complications:
+				-->
+	<target host="empireblue.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.empireblue\.com$" name="^TLTSID$" /-->
+	<!--securecookie host="^enrollment-info\.empireblue\.com$" name="^(?:t_session|visitorid)$$" /-->
+	<!--securecookie host="^eoc\.empireblue\.com$" name="^(?:JSESSIONID|ant|ice\.push\.browser)$" /-->
+	<!--securecookie host="^(?:es|mediproviders|mss|www\.providerfinder|shop)\.empireblue\.com$" name="^ant$" /-->
+	<!--securecookie host="^(?:m|secured\.ols|payment|www13)\.empireblue\.com$" name="^(?:JSESSIONID|ant)$" /-->
+	<!--securecookie host="^sbc\.empireblue\.com$" name="^(?:JSESSIONID|ice\.push\.browser|oam\.Flash\.RENDERMAP\.TOKEN)$" /-->
+	<!--securecookie host="^transformationcentral\.empireblue\.com$" name="^exp_(?:last_activity|last_visit|tracker)$" /-->
+	<!--securecookie host="^www\.empireblue\.com$" name="^ebizs$" /-->
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://empireblue\.com/"
+		to="https://www.empireblue.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/emssoftware.com.xml b/src/chrome/content/rules/emssoftware.com.xml
new file mode 100644
index 000000000000..78bb7dbc609d
--- /dev/null
+++ b/src/chrome/content/rules/emssoftware.com.xml
@@ -0,0 +1,82 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://pages.emssoftware.com/rs/486-ESV-129/images/download-now.png (200) => https://na-ab04.marketo.com/rs/486-ESV-129/images/download-now.png (403)
+
+	Nonfunctional hosts in *emssoftware.com:
+
+		- pages ᵃ
+
+	ᵃ Marketo / shows another domain
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- emssoftware.com
+		- .emssoftware.com
+		- events.emssoftware.com
+		- www.emssoftware.com
+		- .www.emssoftware.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="EMS Software.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="emssoftware.com" />
+	<target host="events.emssoftware.com" />
+	<target host="success.emssoftware.com" />
+	<target host="support.emssoftware.com" />
+	<target host="www.emssoftware.com" />
+
+		<!--	Set cookies without Secure:
+							-->
+		<!--test url="http://www.emssoftware.com/blog" /-->
+
+	<!--	Complications:
+				-->
+	<target host="pages.emssoftware.com" />
+
+		<exclusion pattern="^http://pages\.emssoftware\.com/(?!/*(?:$|\?|css/|images/|rs/))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://pages.emssoftware.com/1-27-2016-Webinar-Encore.html" />
+			<test url="http://pages.emssoftware.com/1-28-2016-Webinar-Encore.html" />
+			<test url="http://pages.emssoftware.com/favicon.ico" />
+			<test url="http://pages.emssoftware.com/home.html" />
+			<test url="http://pages.emssoftware.com/index.html" />
+			<test url="http://pages.emssoftware.com/lp_gartner-paper-march-2016.html" />
+			<test url="http://pages.emssoftware.com/lp_gartner_digital_campus.html" />
+			<test url="http://pages.emssoftware.com/lp_gartner_videoconferencing.html" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?emssoftware\.com$" name="^CMSPreferredCulture$" /-->
+	<!--securecookie host="^\.(?:www\.)?emssoftware\.com$" name="^ARRAffinity$" /-->
+	<!--securecookie host="^events\.emssoftware\.com$" name="^(?:ASP\.Net_SessionId|ATS$|TS[\da-f]{8}$|language$)" /-->
+	<!--securecookie host="^www\.emssoftware\.com$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^\." name="^(?:_gat?$|_gat_|ARRAffinity$)" />
+	<securecookie host="^(?!pages\.)\w" name=".+" />
+
+
+	<!--	Redirect drops args and forward slash:
+							-->
+	<rule from="^http://pages\.emssoftware\.com/+(?:\?.*)?$"
+		to="https://www.emssoftware.com/Page-not-found" />
+
+		<test url="http://pages.emssoftware.com/?" />
+
+	<rule from="^http://pages\.emssoftware\.com/"
+		to="https://na-ab04.marketo.com/" />
+
+		<test url="http://pages.emssoftware.com/rs/486-ESV-129/images/download-now.png" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/emucr.com.xml b/src/chrome/content/rules/emucr.com.xml
new file mode 100644
index 000000000000..fc301165696c
--- /dev/null
+++ b/src/chrome/content/rules/emucr.com.xml
@@ -0,0 +1,18 @@
+<!--
+	Invalid certificate:
+		m.emucr.com
+
+	Redirect to HTTP:
+		down.emucr.com
+
+	Refused:
+		feeds.emucr.com
+		ghs.emucr.com
+-->
+<ruleset name="emucr.com">
+	<target host="emucr.com" />
+	<target host="www.emucr.com" />
+	<target host="files.emucr.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/emule-rus.net.xml b/src/chrome/content/rules/emule-rus.net.xml
new file mode 100644
index 000000000000..6dc4147f5185
--- /dev/null
+++ b/src/chrome/content/rules/emule-rus.net.xml
@@ -0,0 +1,14 @@
+<!--
+	Invalid certificate:
+		ftp.emule-rus.net
+		webmail.emule-rus.net
+-->
+<ruleset name="emule-rus.net">
+	<target host="emule-rus.net" />
+	<target host="www.emule-rus.net" />
+	<target host="forum.emule-rus.net" />
+	<target host="www.forum.emule-rus.net" />
+	<target host="mail.emule-rus.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/emule-security.org.xml b/src/chrome/content/rules/emule-security.org.xml
new file mode 100644
index 000000000000..0388c21f1f90
--- /dev/null
+++ b/src/chrome/content/rules/emule-security.org.xml
@@ -0,0 +1,16 @@
+<!--
+	Refused:
+		localhost.emule-security.org
+-->
+<ruleset name="emule-security.org">
+	<target host="emule-security.org" />
+	<target host="www.emule-security.org" />
+	<target host="autodiscover.emule-security.org" />
+	<target host="files.emule-security.org" />
+	<target host="ftp.emule-security.org" />
+	<target host="mail.emule-security.org" />
+	<target host="upd.emule-security.org" />
+	<target host="webmail.emule-security.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/emuvr.net.xml b/src/chrome/content/rules/emuvr.net.xml
new file mode 100644
index 000000000000..059ddd4ff960
--- /dev/null
+++ b/src/chrome/content/rules/emuvr.net.xml
@@ -0,0 +1,18 @@
+<!--
+	Invalid certificate:
+		admin.emuvr.net
+		ftp.emuvr.net
+		mail.emuvr.net
+		webmail.emuvr.net
+
+	Time out:
+		imap.emuvr.net
+		pop.emuvr.net
+		smtp.emuvr.net
+-->
+<ruleset name="emuvr.net">
+	<target host="emuvr.net" />
+	<target host="www.emuvr.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/encrypt-the-planet.com.xml b/src/chrome/content/rules/encrypt-the-planet.com.xml
new file mode 100644
index 000000000000..647bf1f1ab40
--- /dev/null
+++ b/src/chrome/content/rules/encrypt-the-planet.com.xml
@@ -0,0 +1,18 @@
+<!--
+	Note: This website blocks Tor users
+
+-->
+<ruleset name="Encrypt The Planet.com" default_off="needs clearnet testing">
+
+	<target host="encrypt-the-planet.com" />
+	<target host="www.encrypt-the-planet.com" />
+
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/endclothing.com.xml b/src/chrome/content/rules/endclothing.com.xml
new file mode 100644
index 000000000000..6884c472b564
--- /dev/null
+++ b/src/chrome/content/rules/endclothing.com.xml
@@ -0,0 +1,31 @@
+<!--
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- .endclothing.com
+		- www.endclothing.com
+		- .www.endclothing.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="End Clothing.com">
+
+	<target host="endclothing.com" />
+	<target host="www.endclothing.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.endclothing\.com$" name="^dtCookie$" /-->
+	<!--securecookie host="^www\.endclothing\.com$" name="^(?:CACHED_FRONT_FORM_KEY|CATEGORY_INFO|D_[HIPSU]ID|LAST_CATEGORY)$" /-->
+	<!--securecookie host="^\.www\.endclothing\.com$" name="^(?:end_country|frontend)$" /-->
+
+	<securecookie host="^\." name="^(?:__cfduid$|_gat?$|_gat_|cf_clearance$)" />
+	<securecookie host="^\.www\." name=".+" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/endgame.com.xml b/src/chrome/content/rules/endgame.com.xml
new file mode 100644
index 000000000000..d12ef8ea17ec
--- /dev/null
+++ b/src/chrome/content/rules/endgame.com.xml
@@ -0,0 +1,58 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://pages.endgame.com/css/mktLPSupportCompat.css (200) => https://na-abk.marketo.com/css/mktLPSupportCompat.css (403)
+Non-2xx HTTP code: http://pages.endgame.com/rs/endgame/images/f-logo.png (200) => https://na-abk.marketo.com/rs/endgame/images/f-logo.png (403)
+
+	Nonfunctional hosts in *endgame.com:
+
+		- pages ᵃ
+
+	ᵃ Marketo / shows another domain
+
+-->
+<ruleset name="Endgame.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="endgame.com" />
+	<target host="www.endgame.com" />
+
+	<!--	Complications:
+				-->
+	<target host="pages.endgame.com" />
+
+
+	<securecookie host="^(?!pages\.)\w" name=".+" />
+
+
+	<!--	Redirect drops forward slash and args:
+							-->
+	<rule from="^http://pages\.endgame\.com/+(?:\?.*)?$"
+		to="https://www.endgame.com/" />
+
+		<test url="http://pages.endgame.com/?" />
+
+	<rule from="^http://pages\.endgame\.com/"
+		to="https://na-abk.marketo.com/" />
+
+		<test url="http://pages.endgame.com/css/mktLPSupportCompat.css" />
+		<test url="http://pages.endgame.com/rs/endgame/images/f-logo.png" />
+
+		<exclusion pattern="^http://pages\.endgame\.com/(?!/*(?:$|\?|css/|images/|rs/))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://pages.endgame.com/AWSReInvent2015WebsitePost_WCYYYYMMDDWebContent.html" />
+			<test url="http://pages.endgame.com/Enterprise-Demo-Sign-Up.html" />
+			<test url="http://pages.endgame.com/WC2015-04EnterpriseWhitepaper_WCYYYYMMDDWebContent.html" />
+			<test url="http://pages.endgame.com/WC2015-05CyberEdgeCyberThreatDefenseReport_WCYYYYMMDDWebContent.html" />
+			<test url="http://pages.endgame.com/WC2015-10HuntingEncryptedMalwareWhitepaper_WCYYYYMMDDWebContent.html" />
+			<test url="http://pages.endgame.com/WC2015-10SANSAutomatingtheHuntforHiddenThreatsWhitepaper_WCYYYYMMDDWebContent.html" />
+			<test url="http://pages.endgame.com/WC2015-10SANSAutomatingtheHuntforHiddenThreatsWhitepaper_WCYYYYMMDDWebContent.html" />
+			<test url="http://pages.endgame.com/WC2015-10_AUTOMATETHEHUNTFORMALICIOUSBINARIESWITHDATASCIENCETECHNIQUES_WCYYYYMMDDWebContent.html" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/energie.vellum.cz.xml b/src/chrome/content/rules/energie.vellum.cz.xml
new file mode 100644
index 000000000000..08eb6fc440ae
--- /dev/null
+++ b/src/chrome/content/rules/energie.vellum.cz.xml
@@ -0,0 +1,6 @@
+<ruleset name="energie.vellum.cz">
+	<target host="energie.vellum.cz" />
+	<target host="www.energie.vellum.cz" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/energy-charts.de.xml b/src/chrome/content/rules/energy-charts.de.xml
new file mode 100644
index 000000000000..6b54e953e1ed
--- /dev/null
+++ b/src/chrome/content/rules/energy-charts.de.xml
@@ -0,0 +1,10 @@
+<ruleset name="energy-charts.de">
+
+	<target host="energy-charts.de" />
+	<target host="www.energy-charts.de" />
+	<target host="dev1.energy-charts.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/energy.ch.xml b/src/chrome/content/rules/energy.ch.xml
new file mode 100644
index 000000000000..136bb292ea30
--- /dev/null
+++ b/src/chrome/content/rules/energy.ch.xml
@@ -0,0 +1,7 @@
+<ruleset name="Radio Energy" platform="mixedcontent">
+	<target host="energy.ch" />
+	<target host="www.energy.ch" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/energylandia.pl.xml b/src/chrome/content/rules/energylandia.pl.xml
new file mode 100644
index 000000000000..6079c2b15283
--- /dev/null
+++ b/src/chrome/content/rules/energylandia.pl.xml
@@ -0,0 +1,28 @@
+<!--
+	Invalid certificate:
+		www.bilety.energylandia.pl
+		www.festival.energylandia.pl
+		ticket.festival.energylandia.pl
+		www.ticket.festival.energylandia.pl
+		www.photo.energylandia.pl
+		www.ticket.energylandia.pl
+
+	Mixed content:
+		festival.energylandia.pl
+
+	Redirect loop:
+		bilety.energylandia.pl
+		przerwa.energylandia.pl
+-->
+<ruleset name="ENERGYLANDIA.pl">
+
+	<target host="energylandia.pl" />
+	<target host="www.energylandia.pl" />
+	<target host="poczta.energylandia.pl" />
+	<target host="ticket.energylandia.pl" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/energylinx.co.uk.xml b/src/chrome/content/rules/energylinx.co.uk.xml
new file mode 100644
index 000000000000..1dab117f86a0
--- /dev/null
+++ b/src/chrome/content/rules/energylinx.co.uk.xml
@@ -0,0 +1,13 @@
+<ruleset name="Energylinx.co.uk">
+
+	<target host="energylinx.co.uk" />
+	<target host="www.energylinx.co.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/enisey.tv.xml b/src/chrome/content/rules/enisey.tv.xml
new file mode 100644
index 000000000000..088f49c7ac07
--- /dev/null
+++ b/src/chrome/content/rules/enisey.tv.xml
@@ -0,0 +1,5 @@
+<ruleset name="enisey.tv">
+	<target host="enisey.tv" />
+	<target host="www.enisey.tv" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/enlightenment-themes.org.xml b/src/chrome/content/rules/enlightenment-themes.org.xml
new file mode 100644
index 000000000000..24814b856b3f
--- /dev/null
+++ b/src/chrome/content/rules/enlightenment-themes.org.xml
@@ -0,0 +1,12 @@
+<!--
+	For other openDesktop rules, see openDesktop.org.xml
+
+-->
+<ruleset name="enlightenment-themes.org">
+
+	<target host="enlightenment-themes.org" />
+	<target host="www.enlightenment-themes.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ensijaturvakotienliitto.xml b/src/chrome/content/rules/ensijaturvakotienliitto.xml
index 383baec6d7e0..a2730036c42c 100644
--- a/src/chrome/content/rules/ensijaturvakotienliitto.xml
+++ b/src/chrome/content/rules/ensijaturvakotienliitto.xml
@@ -1,11 +1,10 @@
-<ruleset name="Ensi- ja turvakotien liitto">
-  <target host="www.ensijaturvakotienliitto.fi" />
-  <target host="ensijaturvakotienliitto.fi" />
-  <target host="ensijaturvakotienliitto-fi.directo.fi" />
-
-  <rule from="^http://(www\.)?ensijaturvakotienliitto\.fi/" to="https://ensijaturvakotienliitto-fi.directo.fi/"/>
-  <rule from="^https://(www\.)?ensijaturvakotienliitto\.fi/" to="https://ensijaturvakotienliitto-fi.directo.fi/"/>
-  <rule from="^http://ensijaturvakotienliitto-fi\.directo\.fi/" to="https://ensijaturvakotienliitto-fi.directo.fi/" />
-
-  <securecookie host="ensijaturvakotienliitto-fi\.directo\.fi" name=".*" />
-</ruleset>
+<ruleset name="Ensi- ja turvakotien liitto">
+  <target host="www.ensijaturvakotienliitto.fi" />
+  <target host="ensijaturvakotienliitto.fi" />
+  <target host="ensijaturvakotienliitto-fi.directo.fi" />
+
+  <rule from="^http://(?:www\.)?ensijaturvakotienliitto\.fi/" to="https://ensijaturvakotienliitto-fi.directo.fi/"/>
+  <rule from="^http://ensijaturvakotienliitto-fi\.directo\.fi/" to="https://ensijaturvakotienliitto-fi.directo.fi/" />
+
+  <securecookie host="ensijaturvakotienliitto-fi\.directo\.fi" name=".+" />
+</ruleset>
diff --git a/src/chrome/content/rules/entangledstates.org.xml b/src/chrome/content/rules/entangledstates.org.xml
new file mode 100644
index 000000000000..a62f38e561cb
--- /dev/null
+++ b/src/chrome/content/rules/entangledstates.org.xml
@@ -0,0 +1,13 @@
+<ruleset name="Entangled States.org">
+
+	<target host="entangledstates.org" />
+	<target host="www.entangledstates.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/enter.ru.xml b/src/chrome/content/rules/enter.ru.xml
new file mode 100644
index 000000000000..c2fb8be22e15
--- /dev/null
+++ b/src/chrome/content/rules/enter.ru.xml
@@ -0,0 +1,57 @@
+<!--
+dns01.enter.ru ³
+feedback.enter.ru ¹
+links.enter.ru ¹
+mta1.enter.ru ³
+mta2.enter.ru ³
+mta3.enter.ru ³
+mx1.enter.ru ³
+mx2.enter.ru ³
+mx3.enter.ru ³
+mx4.enter.ru ³
+mx5.enter.ru ³
+mx6.enter.ru ³
+ns1.enter.ru ³
+ns2.enter.ru ³
+push.enter.ru ¹
+rdgw.enter.ru ³
+fb.social.enter.ru ¹
+vpn.enter.ru ⁴
+webtutor.enter.ru ⁵
+enter.ru different content
+www.enter.ru different content
+
+
+¹ mismatch
+³ timed out
+⁴ self signed
+⁵ expired
+-->
+<ruleset name="enter.ru">
+	<target host="enter.ru" />
+	<target host="www.enter.ru" />
+	<target host="api.enter.ru" />
+	<target host="autodiscover.enter.ru" />
+	<target host="citrix.enter.ru" />
+	<target host="content.enter.ru" />
+	<target host="dns02.enter.ru" />
+	<target host="fs01.enter.ru" />
+	<target host="fs02.enter.ru" />
+	<target host="fs03.enter.ru" />
+	<target host="fs04.enter.ru" />
+	<target host="fs05.enter.ru" />
+	<target host="fs06.enter.ru" />
+	<target host="fs07.enter.ru" />
+	<target host="fs08.enter.ru" />
+	<target host="fs09.enter.ru" />
+	<target host="fs10.enter.ru" />
+	<target host="jira.enter.ru" />
+	<target host="kladr.enter.ru" />
+	<target host="m.enter.ru" />
+	<target host="mail.enter.ru" />
+	<target host="mobile.enter.ru" />
+	<target host="scms.enter.ru" />
+	<target host="smx.enter.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/enterbrain.co.jp.xml b/src/chrome/content/rules/enterbrain.co.jp.xml
new file mode 100644
index 000000000000..ebf885e29caa
--- /dev/null
+++ b/src/chrome/content/rules/enterbrain.co.jp.xml
@@ -0,0 +1,19 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.enterbrain.co.jp/ => https://www.enterbrain.co.jp/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+-->
+<ruleset name="enterbrain.co.jp" default_off="failed ruleset test">
+
+	<target host="enterbrain.co.jp" />
+	<target host="www.enterbrain.co.jp" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/entropia.de.xml b/src/chrome/content/rules/entropia.de.xml
new file mode 100644
index 000000000000..81bfb0ebb6ff
--- /dev/null
+++ b/src/chrome/content/rules/entropia.de.xml
@@ -0,0 +1,42 @@
+<!--
+	Invalid certificate:
+		eventvm.entropia.de
+		gpn-noc.entropia.de
+		oid.entropia.de
+		planet.entropia.de
+		poc.entropia.de
+		sistina.entropia.de
+		soup.entropia.de
+		tttool.entropia.de
+		vorstand.entropia.de
+
+	Refused:
+		club.entropia.de
+		dns.entropia.de
+		mail.entropia.de
+
+	Timeout:
+		ccc-tool-1.entropia.de
+
+	Unable to get local issuer certificate:
+		pretalx.entropia.de
+		pretix.entropia.de
+-->
+<ruleset name="Entropia.de">
+
+	<target host="entropia.de" />
+	<target host="www.entropia.de" />
+	<target host="badge.entropia.de" />
+	<target host="blog.entropia.de" />
+	<target host="code.entropia.de" />
+	<target host="lists.entropia.de" />
+	<target host="podcast.entropia.de" />
+	<target host="sdr.entropia.de" />
+
+	<!-- GPN -->
+	<target host="gulas.ch" />
+	<target host="www.gulas.ch" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/entstix.com.xml b/src/chrome/content/rules/entstix.com.xml
new file mode 100644
index 000000000000..a429370b35a8
--- /dev/null
+++ b/src/chrome/content/rules/entstix.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="entstix.com">
+
+	<target host="static.entstix.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/environment-agency.gov.uk.xml b/src/chrome/content/rules/environment-agency.gov.uk.xml
new file mode 100644
index 000000000000..5fd32bb606b6
--- /dev/null
+++ b/src/chrome/content/rules/environment-agency.gov.uk.xml
@@ -0,0 +1,127 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://hwreg.environment-agency.gov.uk/ => https://hwreg.environment-agency.gov.uk/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://learning.environment-agency.gov.uk/ => https://learning.environment-agency.gov.uk/: (28, 'Connection timed out after 20000 milliseconds')
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *environment-agency.gov.uk:
+
+		- apps ᵃ
+		- epr ᵈ
+		- evidence ʳ
+		- maps ᵈ
+		- riverconditions ʳ
+		- science ʳ
+		- watermaps ʳ
+
+	ᵃ /[?/]$ redirects to 200 "experiencing technical issues"
+	ᵈ Dropped
+	ʳ Refused
+
+
+	Problematic hosts in *environment-agency.gov.uk:
+
+		- ^ ᵃ
+		- aka-publications ᵐ
+		- cdn ᵐ
+		- npwd ᶜ
+		- publications ᵉ
+		- www ᵐ
+		- www2 ᵐ
+
+	ᵃ Shows another domain
+	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
+	ᵉ Expired
+	ᵐ Mismatched
+
+
+	Partially covered hosts in *environment-agency.gov.uk:
+
+		- (www.)? *
+		- aka-publications *
+		- cdn *
+		- publications *
+		- www2 *
+
+	* Not all paths redirect predictably
+
+
+	Insecure cookies are set for these hosts:
+
+		- consult.environment-agency.gov.uk
+		- flycapture.environment-agency.gov.uk
+		- flycapturetest.environment-agency.gov.uk
+		- fwd.environment-agency.gov.uk
+		- hwreg.environment-agency.gov.uk
+		- gor.environment-agency.gov.uk
+		- npwd.environment-agency.gov.uk
+		- piedc.environment-agency.gov.uk
+
+-->
+<ruleset name="Environment-Agency.gov.uk (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="cca.environment-agency.gov.uk" />
+	<target host="consult.environment-agency.gov.uk" />
+	<target host="euets.environment-agency.gov.uk" />
+	<target host="flycapture.environment-agency.gov.uk" />
+	<target host="flycapturetest.environment-agency.gov.uk" />
+	<target host="fwd.environment-agency.gov.uk" />
+	<target host="gor.environment-agency.gov.uk" />
+	<target host="hwreg.environment-agency.gov.uk" />
+	<target host="learning.environment-agency.gov.uk" />
+	<!--target host="npwd.environment-agency.gov.uk" /-->
+	<target host="piedc.environment-agency.gov.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="environment-agency.gov.uk" />
+	<target host="aka-publications.environment-agency.gov.uk" />
+	<target host="cdn.environment-agency.gov.uk" />
+	<target host="publications.environment-agency.gov.uk" />
+	<target host="www.environment-agency.gov.uk" />
+	<target host="www2.environment-agency.gov.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^consult\.environment-agency\.gov\.uk$" name="^(?:JSESSION|Server)ID$" /-->
+	<!--securecookie host="^fwd\.environment-agency\.gov\.uk$" name="^(?:Apache|JSESSIONID)$" /-->
+	<!--securecookie host="^(?:flycapture|flycapturetest|gor|hwreg)\.environment-agency\.gov\.uk$" name="^JSESSIONID$" /-->
+	<!--securecookie host="^npwd\.environment-agency\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^piedc\.environment-agency\.gov\.uk$" name="^JSESSIONID" /-->
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<!--	Redirect drops forward slash and args:
+							-->
+	<rule from="^http://(?:(?:(?:aka-)?publications|cdn|www2?)\.)?environment-agency\.gov\.uk/.*"
+		to="https://www.gov.uk/government/organisations/environment-agency" />
+
+		<!--	/*\w does not redirect predictably:
+								-->
+		<exclusion pattern="^http://(?:(?:(?:aka-)?publications|cdn|www2?)\.)?environment-agency\.gov\.uk/(?!/*(?:$|\?))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://aka-publications.environment-agency.gov.uk/ms/C3cDx1" />
+			<test url="http://aka-publications.environment-agency.gov.uk/ms/ckpq1h" />
+			<test url="http://cdn.environment-agency.gov.uk/lit_6700_ed6a43.pdf" />
+			<test url="http://cdn.environment-agency.gov.uk/sts66-e-e.pdf" />
+			<test url="http://publications.environment-agency.gov.uk/PDF/GEHO0412BUMR-E-E.pdf" />
+			<test url="http://publications.environment-agency.gov.uk/ms/BS0Ak7" />
+			<test url="http://publications.environment-agency.gov.uk/ms/C0coN3" />
+			<test url="http://publications.environment-agency.gov.uk/ms/b4zfa6" />
+			<test url="http://publications.environment-agency.gov.uk/ms/egkrjm" />
+			<test url="http://www2.environment-agency.gov.uk/epr/search.asp" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/eon.xml b/src/chrome/content/rules/eon.xml
index 943a437e68fe..89d4462cdf1d 100644
--- a/src/chrome/content/rules/eon.xml
+++ b/src/chrome/content/rules/eon.xml
@@ -1,6 +1,6 @@
 <ruleset name="E.ON IT Hungary">
 	<target host="www.eon-hungaria.com" />
 
-	<securecookie host="^www\.eon-hungaria\.com$" name=".*" />
-	<rule from="^http://www\.eon-hungaria\.com/" to="https://www.eon-hungaria.com/" />
+	<securecookie host="^www\.eon-hungaria\.com$" name=".+" />
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/epilepsyresearch.org.uk.xml b/src/chrome/content/rules/epilepsyresearch.org.uk.xml
new file mode 100644
index 000000000000..9fa1df044ef5
--- /dev/null
+++ b/src/chrome/content/rules/epilepsyresearch.org.uk.xml
@@ -0,0 +1,45 @@
+<!--
+	NB: ^ redirects to 404 over http
+	?=> fetch check failure
+
+
+	These altnames do not exist:
+
+		- www.donate.epilepsyresearch.org.uk
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- donate.epilepsyresearch.org.uk
+		- www.epilepsyresearch.org.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Epilepsy Research.org.uk">
+
+	<target host="epilepsyresearch.org.uk" />
+	<target host="donate.epilepsyresearch.org.uk" />
+	<target host="www.epilepsyresearch.org.uk" />
+
+		<!--	$ 500s, so:
+							-->
+		<test url="http://donate.epilepsyresearch.org.uk/regulargift/" />
+
+		<!--	Sets cookie without Secure:
+							-->
+		<!--test url="http://www.epilepsyresearch.org.uk/news/" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^donate\.epilepsyresearch\.org\.uk$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^www\.epilepsyresearch\.org\.uk$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/eprivacy.eu.xml b/src/chrome/content/rules/eprivacy.eu.xml
new file mode 100644
index 000000000000..488d3710a83c
--- /dev/null
+++ b/src/chrome/content/rules/eprivacy.eu.xml
@@ -0,0 +1,25 @@
+<!--
+	^eprivacy.eu: Refused
+
+-->
+<ruleset name="ePrivacy.eu">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.eprivacy.eu" />
+
+	<!--	Complications:
+				-->
+	<target host="eprivacy.eu" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://eprivacy\.eu/"
+		to="https://www.eprivacy.eu/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/epsxe.com.xml b/src/chrome/content/rules/epsxe.com.xml
new file mode 100644
index 000000000000..346f38b90d69
--- /dev/null
+++ b/src/chrome/content/rules/epsxe.com.xml
@@ -0,0 +1,18 @@
+<!--
+	Invalid certificate:
+		mail.epsxe.com
+	Refused:
+		gerrit.epsxe.com
+		www.gerrit.epsxe.com
+		webmail.epsxe.com
+-->
+<ruleset name="epsxe.com">
+	<target host="epsxe.com" />
+	<target host="www.epsxe.com" />
+	<target host="cpanel.epsxe.com" />
+	<target host="greenimp.epsxe.com" />
+	<target host="www.greenimp.epsxe.com" />
+	<target host="webdisk.epsxe.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/eqsl.cc.xml b/src/chrome/content/rules/eqsl.cc.xml
new file mode 100644
index 000000000000..da4340014bd3
--- /dev/null
+++ b/src/chrome/content/rules/eqsl.cc.xml
@@ -0,0 +1,11 @@
+<!--
+	Mismatch:
+		- mail.eqsl.cc
+-->
+<ruleset name="eQSL">
+	<target host="eqsl.cc" />
+	<target host="www.eqsl.cc" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/erewash.gov.uk.xml b/src/chrome/content/rules/erewash.gov.uk.xml
new file mode 100644
index 000000000000..22906708bcf8
--- /dev/null
+++ b/src/chrome/content/rules/erewash.gov.uk.xml
@@ -0,0 +1,43 @@
+<!--
+	Erewash Borough Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *erewash.gov.uk:
+
+		- (www.)? ᵃ
+		- active ᵃ
+		- moderngov ³
+
+	³ 403
+	ᵃ Shows server.bolsover.gov.uk
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- myservice.erewash.gov.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Erewash.gov.uk (partial)">
+
+	<target host="myservice.erewash.gov.uk" />
+
+		<!--	$ 404s, so:
+					-->
+		<test url="http://myservice.erewash.gov.uk/Planning/lg/GFPlanningWelcome.page" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^myservice\.erewash\.gov\.uk$" name="^JSESSIONID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ericrafaloff.com.xml b/src/chrome/content/rules/ericrafaloff.com.xml
new file mode 100644
index 000000000000..ff38ae2e77a8
--- /dev/null
+++ b/src/chrome/content/rules/ericrafaloff.com.xml
@@ -0,0 +1,25 @@
+<!--
+	www.ericrafaloff.com: refused
+
+-->
+<ruleset name="Eric Rafaloff.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ericrafaloff.com" />
+
+	<!--	Complications:
+				-->
+	<target host="www.ericrafaloff.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://www\.ericrafaloff\.com/"
+		to="https://ericrafaloff.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/eriklundblad.com.xml b/src/chrome/content/rules/eriklundblad.com.xml
new file mode 100644
index 000000000000..68f151b8601f
--- /dev/null
+++ b/src/chrome/content/rules/eriklundblad.com.xml
@@ -0,0 +1,38 @@
+<!--
+	STS header includes includeSubdomains.
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- eriklundblad.com
+		- www.eriklundblad.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Erik Lundblad.com">
+
+	<target host="eriklundblad.com" />
+	<target host="*.eriklundblad.com" />
+
+		<!--	includeSubdomains applies to one level only, so:
+									-->
+		<exclusion pattern="^http://(?:[^./]+\.){2,}eriklundblad\.com/" />
+
+			<test url="http://this.host.eriklundblad.com/" />
+			<test url="http://exists.not.eriklundblad.com/" />
+
+		<test url="http://www.eriklundblad.com/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?eriklundblad\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/erlang.ru.xml b/src/chrome/content/rules/erlang.ru.xml
new file mode 100644
index 000000000000..57ded6849bbb
--- /dev/null
+++ b/src/chrome/content/rules/erlang.ru.xml
@@ -0,0 +1,10 @@
+<!--
+www.erlang.ru mismatch
+sip.erlang.ru mismatch
+erlang.ru different content
+-->
+<ruleset name="erlang.ru (partial)">
+	<target host="stat.erlang.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/es-static.us.xml b/src/chrome/content/rules/es-static.us.xml
new file mode 100644
index 000000000000..930504a08135
--- /dev/null
+++ b/src/chrome/content/rules/es-static.us.xml
@@ -0,0 +1,21 @@
+<!--
+	Note: platform is so as not to increase non-Tor
+	distinguishability, given that no pages are covered
+	and no mixed content secured.
+
+-->
+<ruleset name="es-static.us" platform="mixedcontent">
+
+	<target host="en.es-static.us" />
+
+		<test url="http://en.es-static.us/upl/2016/09/2016-sept-27-mercury-jupiter-conjunction-in-october.jpg" /><!--	10511 -->
+
+
+	<securecookie host="^\." name="^__cfduid" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/escapia.com.xml b/src/chrome/content/rules/escapia.com.xml
new file mode 100644
index 000000000000..7d3c8acb634a
--- /dev/null
+++ b/src/chrome/content/rules/escapia.com.xml
@@ -0,0 +1,20 @@
+<!--
+	Note: platform is so as not to increase non-Tor
+	distinguishability, given that no pages are covered
+	and no mixed content secured.
+
+-->
+<ruleset name="Escapia.com" platform="mixedcontent">
+
+	<target host="pictures.escapia.com" />
+
+		<test url="http://pictures.escapia.com/AHHAKV/1134799639.jpg" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/eschools.co.uk.xml b/src/chrome/content/rules/eschools.co.uk.xml
new file mode 100644
index 000000000000..d6dd20845cb7
--- /dev/null
+++ b/src/chrome/content/rules/eschools.co.uk.xml
@@ -0,0 +1,66 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://eschools.co.uk/ => https://eschools.co.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'eschools.co.uk'")
+Fetch error: http://www.eschools.co.uk/ => https://www.eschools.co.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'www.eschools.co.uk'")
+
+	CDN buckets:
+
+		- s3-eu-west-1.amazonaws.com/production-eu-west-1/
+
+
+	Nonfunctional hosts in *eschools.co.uk:
+
+		- trial ᵃ
+
+	ᵃ Shows another domain
+
+
+	Problematic hosts in *eschools.co.uk:
+
+		- 3485-newcastle ᵉ
+
+	ᵉ Expired
+
+
+	Insecure cookies are set for these hosts:
+
+		- (account_vhost).eschools.co.uk
+
+
+	Mixed content:
+
+		- css on 360, 457-northumberland, new-brighton from fonts.googleapis.com ˢ
+
+		- Images, on:
+
+			- castle-hill from i\d+.photobucket.com ˢ
+			- new-brighton from www.computingatschool.org.uk
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="eSchools.co.uk (partial)" default_off="failed ruleset test">
+
+	<target host="eschools.co.uk" />
+	<target host="www.eschools.co.uk" />
+
+	<!--	(account vhosts:)
+					-->
+	<target host="3860.eschools.co.uk" />
+	<target host="457-northumberland.eschools.co.uk" />
+	<target host="castle-hill.eschools.co.uk" />
+	<target host="new-brighton.eschools.co.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(account_vhost)\.eschools\.co\.uk$" name="^ci_session$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/eshuyuan.net.xml b/src/chrome/content/rules/eshuyuan.net.xml
new file mode 100644
index 000000000000..944d8d39995f
--- /dev/null
+++ b/src/chrome/content/rules/eshuyuan.net.xml
@@ -0,0 +1,6 @@
+<ruleset name="eshuyuan.net">
+	<target host="eshuyuan.net"/>
+	<target host="www.eshuyuan.net"/>
+
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/esnextb.in.xml b/src/chrome/content/rules/esnextb.in.xml
new file mode 100644
index 000000000000..4aa662c1750f
--- /dev/null
+++ b/src/chrome/content/rules/esnextb.in.xml
@@ -0,0 +1,6 @@
+<ruleset name="esnextb.in">
+	<target host="esnextb.in" />
+	<target host="www.esnextb.in" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/esp8266.com.xml b/src/chrome/content/rules/esp8266.com.xml
new file mode 100644
index 000000000000..6924907921c7
--- /dev/null
+++ b/src/chrome/content/rules/esp8266.com.xml
@@ -0,0 +1,16 @@
+<!--
+	Invalid certificate:
+		mail.esp8266.com
+
+	Refused:
+		arduino-old.esp8266.com
+		autodiscover.esp8266.com
+		email.esp8266.com
+-->
+<ruleset name="esp8266.com">
+	<target host="esp8266.com" />
+	<target host="www.esp8266.com" />
+	<target host="arduino.esp8266.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/espiv.net.xml b/src/chrome/content/rules/espiv.net.xml
new file mode 100644
index 000000000000..795025b36de0
--- /dev/null
+++ b/src/chrome/content/rules/espiv.net.xml
@@ -0,0 +1,128 @@
+<!--
+	For rules causing false/broken MCB, see espiv.net-falsemixed.xml.
+
+
+	Problematic hosts in *espiv.net:
+
+		- adelante ᵐ
+		- burntheboredom ᵐ
+		- gr.contrainfo ᵐ
+		- espeir ᵐ
+		- insideout ᵐ
+		- mperntes ᵐ
+		- saltadoroi ᵐ
+		- skya ˣ
+		- perasma ᵐ
+		- vogliamotutto *
+
+	* Mixed css at redirect destination
+	ᵐ Mismatched
+	ˣ Mixed css, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- espiv.net
+		- mail.espiv.net
+		- skya.espiv.net
+		- www.espiv.net
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css, on:
+
+			- saltadoroi, thersitis from fonts.googleapis.com ˢ
+			- skya from $self
+
+		- Images, on:
+
+			- adelante from adelante.espivblogs.net
+			- adelante from athens.indymedia.org ˢ
+			- adelante from ia.media-imdb.com
+			- adelante from www.sevenart.gr ᵈ
+			- adelante from www.poly-gelio.gr ᵈ
+			- burntheboredom from burntheboredom.espivblogs.net
+			- burntheboredom from burntheboredom.files.wordpress.com ˢ
+			- ese from ese.espivblogs.net ˢ
+			- espeir from espeir.espivblogs.net
+			- espeir from img.youtube.com ˢ
+			- oulaloum from s.wordpress.org ˢ
+			- oulaloum from www.wordpress.org ˢ
+			- planet from [^.]+.espivblogs.net ˢ
+			- planet from eseioanninon.squat.gr ˢ
+			- skya from $self
+			- skya from skya.espivblogs.net
+
+		- Bugs, on:
+
+			- espeir from www.freebloghitcounter.com
+
+	ᵈ Unsecurable <= dropped
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="espiv.net (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="espiv.net" />
+	<target host="files.espiv.net" />
+	<target host="mail.espiv.net" />
+	<target host="planet.espiv.net" />
+	<target host="www.espiv.net" />
+
+	<!--	(accounts:) -->
+	<target host="afisa.espiv.net" />
+	<target host="alcoholicdesaster.espiv.net" />
+	<target host="arb-contrainfo.espiv.net" />
+	<target host="ca-contrainfo.espiv.net" />
+	<target host="contrainfo.espiv.net" />
+	<target host="de-contrainfo.espiv.net" />
+	<target host="en-contrainfo.espiv.net" />
+	<target host="es-contrainfo.espiv.net" />
+	<target host="ese.espiv.net" />
+	<target host="fr-contrainfo.espiv.net" />
+	<target host="gr-contrainfo.espiv.net" />
+	<target host="it-contrainfo.espiv.net" />
+	<target host="madmarx.espiv.net" />
+	<target host="nl-contrainfo.espiv.net" />
+	<target host="nolager.espiv.net" />
+	<target host="oulaloum.espiv.net" />
+	<target host="pt-contrainfo.espiv.net" />
+	<target host="radio98fm.espiv.net" />
+	<target host="radiokatalipsi.espiv.net" />
+	<target host="sh-contrainfo.espiv.net" />
+	<target host="sinialo.espiv.net" />
+	<target host="sv-contrainfo.espiv.net" />
+	<target host="thersitis.espiv.net" />
+	<target host="tr-contrainfo.espiv.net" />
+	<!--target host="vogliamotutto.espiv.net" /-->
+
+	<!--	Complications:
+				-->
+	<target host="gr.contrainfo.espiv.net" />
+	<target host="perasma.espiv.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?espiv\.net$" name="^qtrans_front_language$" /-->
+	<!--securecookie host="^mail\.espiv\.net$" name="^roundcube_session$" /-->
+	<!--securecookie host="^skya\.espiv\.net$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://gr\.contrainfo\.espiv\.net/"
+		to="https://gr-contrainfo.espivblogs.net/" />
+
+	<rule from="^http://perasma\.espiv\.net/"
+		to="https://perasma.espivblogs.net/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/espivblogs.net.xml b/src/chrome/content/rules/espivblogs.net.xml
new file mode 100644
index 000000000000..11b96682d543
--- /dev/null
+++ b/src/chrome/content/rules/espivblogs.net.xml
@@ -0,0 +1,442 @@
+<!--
+	For rules causing false/broken MCB, see espivblogs.net-falsemixed.xml.
+
+
+	Problematic hosts in *espivblogs.net:
+
+		- adelante *
+		- adespoto-sinafi ˣ
+		- aestia ˣ
+		- aithrio ˣ
+		- ajde ˣ
+		- anarxikoigalatsiou ˣ
+		- aneyarxon ˣ
+		- anokatopatision ˣ
+		- anwthrwskw ˣ
+		- asyrmatos ˣ
+		- autodiaxirizomenosyros ˣ
+		- bastards ˣ
+		- burntheboredom *
+		- diamedia ˣ
+		- espapei ˣ
+		- espeir *
+		- freedomtrekking ˣ
+		- a.s.g ᵐ
+		- immigrants-asoee ˣ
+		- insideout *
+		- kaiussparilus ˣ
+		- katalipsi-virwnos-3 ˣ
+		- katalipsianalipsis ˣ
+		- koinonikoiatreionfnx ˣ
+		- kpapasotiriou ˣ
+		- mavroprasino ˣ
+		- mperntes *
+		- musaferat ˣ
+		- nogoldthess ˣ
+		- nolagerthess ˣ
+		- oikodiktyo ˣ
+		- olikiarnisi ˣ
+		- paidikostekiftoukselefteria ˣ
+		- peiratikokafeneio ˣ
+		- proledialers ˣ
+		- prosfygika ˣ
+		- psalidi ˣ
+		- radiofragmata ˣ
+		- rioters ˣ
+		- saher ˣ
+		- sakana ˣ
+		- saltadoroi *
+		- sasta ˣ
+		- skya *
+		- stekiantipnoia ˣ
+		- stepanyantsp ˣ
+		- strouga ˣ
+		- syl-kat-exarcheion ˣ
+		- syneleusivolos ˣ
+		- syntonistikokyriakes ˣ
+		- vogliamotutto ˣ
+		- zsol ˣ
+
+	* Protocol-relative redirect
+	ᵐ Mismatched
+	ˣ Mixed css or iframes, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- .ajde.espivblogs.net
+		- anarxikoigalatsiou.espivblogs.net
+		- bastards.espivblogs.net
+		- diamedia.espivblogs.net
+		- espapei.espivblogs.net
+		- .immigrants-asoee.espivblogs.net
+		- katalipsi-virwnos-3.espivblogs.net
+		- koinonikoiatreionfnx.espivblogs.net
+		- new.espivblogs.net
+		- nogoldthess.espivblogs.net
+		- oikodiktyo.espivblogs.net
+		- peiratikokafeneio.espivblogs.net
+		- radiofragmata.espivblogs.net
+		- sasta.espivblogs.net
+		- skya.espivblogs.net
+		- solidarity-refugees.espivblogs.net
+		- stepanyantsp.espivblogs.net
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- iframes, on:
+
+			- adn, agros, anotherdemocracy, apallotriwsh, farmazapatista, pastanaka from www.youtube.com ˢ
+			- ajde, nogoldthess from static.issuu.com ˢ
+			- psalidi from radiopsalidi.fs-dl.net ᵘ
+			- synerga-re from player.vimeo.com ˢ
+
+		- css, on:
+
+			- adespoto-sinafi, aestia, aithrio, anarxikoigalatsiou, aneyarxon, anokatopatision, anwthrwskw, asyrmatos, autodiaxirizomenosyros, bastards, diamedia, espapei, freedomtrekking, immigrants-asoee, kaiussparilus, katalipsi-virwnos-3, katalipsianalipsis, kentauros, koinonikoiatreionfnx, kpapasotiriou, musaferat, nogoldthess, nolagerthess, oikodiktyo, olikiarnisi, paidikostekiftoukselefteria, peiratikokafeneio, proledialers, prosfygika, psalidi, radiofragmata, rioters, saher, sakana, sasta, stekiantipnoia, stepanyantsp, strouga, syl-kat-exarcheion, syneleusivolos, vogliamotutto, zsol from $self ˢ
+			- akay, antifaprotsamou, autonomomath, ekpaideysi, espapei, katalipsi-virwnos-3, katalipsimithe, sinialo, syl-kat-exarcheion, xanadu from fonts.googleapis.com ˢ
+			- alliotikosxoleio, antifa-ngt, antinertia, atakton, autonomohmmy from $self * ˢ
+			- asmpa, psalidi, radiofragmata, stepanyantsp from ajax.googleapis.com ˢ
+
+		- Images, on:
+
+			- abcsolidaritycell, adespoto-sinafi, adn, afisa, agros, ajde, aka, akm, akoixi, alterapars, alogomyges, anarxikoikefalonias, anotherdemocracy, anatolika, anokatopatision, antifai, antifasistiki-patrasm, antiforensics, antinertia, as-orestiadas, asfms, aspm, asseyp, autodiaxirizomenostekikarditsas, baktirio, bastards, distomo, dokimh, eleuantas, epp, farmazapatista, freedomtrekking, hungerstrike, kentauros, kompreser, loupa, nogoldthess, olikiapeleutherosi, papoutsadiko, perasma, pervasionhistory, prwtovoulianafpaktou, puriaegina, radiofragmata, resistra, sfina, ssmthess, stekipk, sunall-metanastes, syl-kat-exarcheion, synekox, teflon, termita, toumba, unistrike, vancouverapartman, villazografou, xanadu, xorostiskarmaniolas, xwros, zsol, ... from $self ˢ
+			- abcsolidaritycell from tracesoffire.espivblogs.net ˢ
+			- alogomyges from gr.contrainfo.espiv.net ˢ
+			- anarxikoigalatsiou, anarxikoikefalonias, antifasistiki-patras, autonomoiatrikispatra, farmazapatista from [^.]+.files.wordpress.com ˢ
+			- anarxikoikefalonias, anazopyrosi, astserron, autonomomath, freedomtrekking, pkkaisarianis, proledialers, prwtovoulianafpaktou, resaltocy, sinialo from \d.bp.blogspot.com ˢ
+			- anarxikoikefalonias from eagainst.com ᵐ
+			- anarxikoikefalonias, limnothalassa, stekipk from athens.indymedia.org ˢ
+			- anarxikoikefalonias from rosanera.squat.gr ˢ
+			- anazopyrosi from strouga.espivblogs.net ˢ
+			- antifai from www.kinimatorama.net ˢ
+			- antifai from antifa-i.gr
+			- antifasistiki-kerkyras from www.picpanda.com
+			- asfms from unistrike.espivblogs.net ˢ
+			- astop img\d+.imageshack.us ˢ
+			- astop from omniatv.com ˢ
+			- bastards from www.yfanet.net ⁴
+			- eleuantas from alliotikosxoleio.espivblogs.net ˢ
+			- katalipsimithe, stekilofos, xeironomia, zsol from img.youtube.com ˢ
+			- madmarx from www.radiocane.info ˢ
+			- olikiapeleutherosi from mavroprasino.espivblogs.net ˢ
+			- memyselfandi, oanthroposkaioiskiostou, oulaloum, pazl, puriaegina, svepsykoi, teflon from s.wordpress.org ˢ
+			- memyselfandi, oanthroposkaioiskiostou, oulaloum, puriaegina, teflon from www.wordpress.org ˢ
+			- proledialers from i.imgur.com ˢ
+			- proledialers  from syntonistikokyriakes.espivblogs.net ˢ
+			- puriaegina from lh\d.ggpht.com ˢ
+			- resaltocy from tvxs.gr
+			- rioters, rotta from img.youtube.com ˢ
+			- sinialo from archives.espiv.net
+			- sinialo from sinialobeta.espiv.net
+			- sxedia from www.efsyn.gr ˢ
+			- sxedia from cdn.toperiodiko.gr ⁴
+			- xeironomia from www.epiruspost.gr ᵖ
+
+		- favicon on autodiaxeirisi from favicon.htmlkit.com ᵈ
+		- Bugs, on:
+
+			- directiva from s03.flagcounter.com ˢ
+			- dokimh from i.creativecommons.org ˢ
+			- omniasuntcommunia from hitwebcounter.com ⁴
+			- sinialo from c.statcounter.com ˢ
+
+	* Just fonts
+	⁴ Unsecurable <= 404
+	ᵈ Unsecurable <= dropped
+	ᵐ Not secured by us <= mismatched
+	ᵖ Unsecurable <= plaintext reply
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+	ᵘ Not secured by us <= untrusted root
+
+-->
+<ruleset name="Espivblogs.net (partial)">
+
+	<target host="espivblogs.net" />
+	<target host="*.espivblogs.net" />
+
+		<exclusion pattern="^http://(?:[^./]+\.){2,}espivblogs\.net/" />
+
+			<test url="http://a.s.g.espivblogs.net/" />
+			<test url="http://this.host.espivblogs.net/" />
+			<test url="http://exists.not.espivblogs.net/" />
+
+		<exclusion pattern="^http://(?:adelante|adespoto-sinafi|aestia|aithrio|ajde|aneyarxon|anokatopatision|anwthrwskw|asyrmatos|autodiaxirizomenosyros|bastards|burntheboredom|diamedia|espapei|espeir|freedomtrekking|immigrants-asoee|insideout|kaiussparilus|katalipsi-virwnos-3|katalipsianalipsis|koinonikoiatreionfnx|kpapasotiriou|mavroprasino|mperntes|musaferat|nogoldthess|nolagerthess|oikodiktyo|olikiarnisi|paidikostekiftoukselefteria|peiratikokafeneio|proledialers|prosfygika|psalidi|rioters|saher|sakana|saltadoroi|sasta|skya|stekiantipnoia|stepanyantsp|strouga|syl-kat-exarcheion|syneleusivolos|syntonistikokyriakes|vogliamotutto|zsol)\.espivblogs\.net/" />
+
+			<test url="http://adelante.espivblogs.net/" />
+			<test url="http://adespoto-sinafi.espivblogs.net/" />
+			<test url="http://aestia.espivblogs.net/" />
+			<test url="http://aithrio.espivblogs.net/" />
+			<test url="http://ajde.espivblogs.net/" />
+			<test url="http://aneyarxon.espivblogs.net/" />
+			<test url="http://anokatopatision.espivblogs.net/" />
+			<test url="http://anwthrwskw.espivblogs.net/" />
+			<test url="http://asyrmatos.espivblogs.net/" />
+			<test url="http://autodiaxirizomenosyros.espivblogs.net/" />
+			<test url="http://bastards.espivblogs.net/" />
+			<test url="http://burntheboredom.espivblogs.net/" />
+			<test url="http://diamedia.espivblogs.net/" />
+			<test url="http://espapei.espivblogs.net/" />
+			<test url="http://espeir.espivblogs.net/" />
+			<test url="http://freedomtrekking.espivblogs.net/" />
+			<test url="http://immigrants-asoee.espivblogs.net/" />
+			<test url="http://insideout.espivblogs.net/" />
+			<test url="http://katalipsi-virwnos-3.espivblogs.net/" />
+			<test url="http://katalipsianalipsis.espivblogs.net/" />
+			<test url="http://koinonikoiatreionfnx.espivblogs.net/" />
+			<test url="http://kpapasotiriou.espivblogs.net/" />
+			<test url="http://mavroprasino.espivblogs.net/" />
+			<test url="http://mperntes.espivblogs.net/" />
+			<test url="http://musaferat.espivblogs.net/" />
+			<test url="http://nogoldthess.espivblogs.net/" />
+			<test url="http://nolagerthess.espivblogs.net/" />
+			<test url="http://oikodiktyo.espivblogs.net/" />
+			<test url="http://olikiarnisi.espivblogs.net/" />
+			<test url="http://paidikostekiftoukselefteria.espivblogs.net/" />
+			<test url="http://peiratikokafeneio.espivblogs.net/" />
+			<test url="http://proledialers.espivblogs.net/" />
+			<test url="http://prosfygika.espivblogs.net/" />
+			<test url="http://rioters.espivblogs.net/" />
+			<test url="http://saher.espivblogs.net/" />
+			<test url="http://sakana.espivblogs.net/" />
+			<test url="http://saltadoroi.espivblogs.net/" />
+			<test url="http://sasta.espivblogs.net/" />
+			<test url="http://skya.espivblogs.net/" />
+			<test url="http://stekiantipnoia.espivblogs.net/" />
+			<test url="http://stepanyantsp.espivblogs.net/" />
+			<test url="http://strouga.espivblogs.net/" />
+			<test url="http://syl-kat-exarcheion.espivblogs.net/" />
+			<test url="http://syneleusivolos.espivblogs.net/" />
+			<test url="http://syntonistikokyriakes.espivblogs.net/" />
+			<test url="http://vogliamotutto.espivblogs.net/" />
+			<test url="http://zsol.espivblogs.net/" />
+
+		<test url="http://new.espivblogs.net/files/2016/06/200px-Upload_protect.svg_-e1465593355196.png" />
+		<test url="http://www.espivblogs.net/" />
+
+		<!--	(accounts:)	-->
+		<test url="http://a-politiko.espivblogs.net/" />
+		<test url="http://a-stekiagrinio.espivblogs.net/" />
+		<test url="http://abcsolidaritycell.espivblogs.net/" />
+		<test url="http://adespotosathinon.espivblogs.net/" />
+		<test url="http://adn.espivblogs.net/" />
+		<test url="http://afisa.espivblogs.net/" />
+		<test url="http://againstgreekreality.espivblogs.net/" />
+		<test url="http://agros.espivblogs.net/" />
+		<test url="http://aka.espivblogs.net/" />
+		<test url="http://akay.espivblogs.net/" />
+		<test url="http://akm.espivblogs.net/" />
+		<test url="http://akoixi.espivblogs.net/" />
+		<test url="http://alcoholicdesaster.espivblogs.net/" />
+		<test url="http://alfa.espivblogs.net/" />
+		<test url="http://alliotikosxoleio.espivblogs.net/" />
+		<test url="http://alogomyges.espivblogs.net/" />
+		<test url="http://alterapars.espivblogs.net/" />
+		<test url="http://altifapf.espivblogs.net/" />
+		<test url="http://anarxikohiphop.espivblogs.net/" />
+		<test url="http://anarxikoikefalonias.espivblogs.net/" />
+		<test url="http://anatolika.espivblogs.net/" />
+		<test url="http://anatreptiko.espivblogs.net/" />
+		<test url="http://anattiki.espivblogs.net/" />
+		<test url="http://anazopyrosi.espivblogs.net/" />
+		<test url="http://anergoigeitonion.espivblogs.net/" />
+		<test url="http://anomia.espivblogs.net/" />
+		<test url="http://anopoli.espivblogs.net/" />
+		<test url="http://anotherdemocracy.espivblogs.net/" />
+		<test url="http://antidrastirio.espivblogs.net/" />
+		<test url="http://antifa-ngt.espivblogs.net/" />
+		<test url="http://antifai.espivblogs.net/" />
+		<test url="http://antifaleague.espivblogs.net/" />
+		<test url="http://antifaprotsamou.espivblogs.net/" />
+		<test url="http://antifasistiki-kerkyras.espivblogs.net/" />
+		<test url="http://antifasistiki-patras.espivblogs.net/" />
+		<test url="http://antiforensics.espivblogs.net/" />
+		<test url="http://antinertia.espivblogs.net/" />
+		<test url="http://antiperaoxthi.espivblogs.net/" />
+		<test url="http://antivaro.espivblogs.net/" />
+		<test url="http://antiviosi.espivblogs.net/" />
+		<test url="http://apallotriwsh.espivblogs.net/" />
+		<test url="http://aphm.espivblogs.net/" />
+		<test url="http://apodrash.espivblogs.net/" />
+		<test url="http://apotakatw.espivblogs.net/" />
+		<test url="http://arfasekuklo.espivblogs.net/" />
+		<test url="http://as-orestiadas.espivblogs.net/" />
+		<test url="http://asfms.espivblogs.net/" />
+		<test url="http://askilioupolis.espivblogs.net/" />
+		<test url="http://askomotinis.espivblogs.net/" />
+		<test url="http://asmataxia.espivblogs.net/" />
+		<test url="http://asmpa.espivblogs.net/" />
+		<test url="http://aspm.espivblogs.net/" />
+		<test url="http://asseyp.espivblogs.net/" />
+		<test url="http://assgtks.espivblogs.net/" />
+		<test url="http://astop.espivblogs.net/" />
+		<test url="http://astserron.espivblogs.net/" />
+		<test url="http://atakton.espivblogs.net/" />
+		<test url="http://auted.espivblogs.net/" />
+		<test url="http://auto-bio.espivblogs.net/" />
+		<test url="http://autodiaxeirisi.espivblogs.net/" />
+		<test url="http://autodiaxirizomenostekikarditsas.espivblogs.net/" />
+		<test url="http://autonomoagglikou.espivblogs.net/" />
+		<test url="http://autonomohmmy.espivblogs.net/" />
+		<test url="http://autonomoiatrikispatra.espivblogs.net/" />
+		<test url="http://autonomomath.espivblogs.net/" />
+		<test url="http://autonomosteki.espivblogs.net/" />
+		<test url="http://autsteki.espivblogs.net/" />
+		<test url="http://baktirio.espivblogs.net/" />
+		<test url="http://baruti.espivblogs.net/" />
+		<test url="http://blackchamber.espivblogs.net/" />
+		<test url="http://classrom.espivblogs.net/" />
+		<test url="http://communisation.espivblogs.net/" />
+		<test url="http://contra-banda.espivblogs.net/" />
+		<test url="http://cybrigade.espivblogs.net/" />
+		<test url="http://diapason.espivblogs.net/" />
+		<test url="http://dimotismos.espivblogs.net/" />
+		<test url="http://directiva.espivblogs.net/" />
+		<test url="http://diskollectiv2012.espivblogs.net/" />
+		<test url="http://distomo.espivblogs.net/" />
+		<test url="http://dokimh.espivblogs.net/" />
+		<test url="http://efimerida-oaed.espivblogs.net/" />
+		<test url="http://ekpaideysi.espivblogs.net/" />
+		<test url="http://eleftheriaki-strouga.espivblogs.net/" />
+		<test url="http://eleuantas.espivblogs.net/" />
+		<test url="http://elsxip.espivblogs.net/" />
+		<test url="http://epanoikeiopoiisi.espivblogs.net/" />
+		<test url="http://epp.espivblogs.net/" />
+		<test url="http://ergolavies.espivblogs.net/" />
+		<test url="http://ese.espivblogs.net/" />
+		<test url="http://esehmathias.espivblogs.net/" />
+		<test url="http://essemfe.espivblogs.net/" />
+		<test url="http://farmazapatista.espivblogs.net/" />
+		<test url="http://furabolition.espivblogs.net/" />
+		<test url="http://gyzi.espivblogs.net/" />
+		<test url="http://hungerstrike.espivblogs.net/" />
+		<test url="http://iek.espivblogs.net/" />
+		<test url="http://ipothesi-ea.espivblogs.net/" />
+		<test url="http://iwwgreece.espivblogs.net/" />
+		<test url="http://kaiussparilus.espivblogs.net/" />
+		<test url="http://kapnismenotsoukali.espivblogs.net/" />
+		<test url="http://katalipsimithe.espivblogs.net/" />
+		<test url="http://katalipsiteiath.espivblogs.net/" />
+		<test url="http://kentauros.espivblogs.net/" />
+		<test url="http://koinostopos.espivblogs.net/" />
+		<test url="http://kompreser.espivblogs.net/" />
+		<test url="http://kraygesapotakelia.espivblogs.net/" />
+		<test url="http://kylikeio-asoee.espivblogs.net/" />
+		<test url="http://laboratorio.espivblogs.net/" />
+		<test url="http://laikisineleusipetralona.espivblogs.net/" />
+		<test url="http://lesvos-against-fascism.espivblogs.net/" />
+		<test url="http://libertadeconciencia.espivblogs.net/" />
+		<test url="http://limnothalassa.espivblogs.net/" />
+		<test url="http://locosdelpueblo.espivblogs.net/" />
+		<test url="http://loupa.espivblogs.net/" />
+		<test url="http://machorka.espivblogs.net/" />
+		<test url="http://madmarx.espivblogs.net/" />
+		<test url="http://makeleio.espivblogs.net/" />
+		<test url="http://manifesto-volos.espivblogs.net/" />
+		<test url="http://mavresselides.espivblogs.net/" />
+		<test url="http://megalapaidiavkpz.espivblogs.net/" />
+		<test url="http://memyselfandi.espivblogs.net/" />
+		<test url="http://metalattack.espivblogs.net/" />
+		<test url="http://mikrotopos.espivblogs.net/" />
+		<test url="http://monodromos.espivblogs.net/" />
+		<test url="http://nobordersathens.espivblogs.net/" />
+		<test url="http://nolager.espivblogs.net/" />
+		<test url="http://oanthroposkaioiskiostou.espivblogs.net/" />
+		<test url="http://olikiapeleutherosi.espivblogs.net/" />
+		<test url="http://omniasuntcommunia.espivblogs.net/" />
+		<test url="http://oulaloum.espivblogs.net/" />
+		<test url="http://oxetos.espivblogs.net/" />
+		<test url="http://oxistisapolyseis.espivblogs.net/" />
+		<test url="http://papamixelaki.espivblogs.net/" />
+		<test url="http://papoutsadiko.espivblogs.net/" />
+		<test url="http://parkingparko.espivblogs.net/" />
+		<test url="http://pastanaka.espivblogs.net/" />
+		<test url="http://pazl.espivblogs.net/" />
+		<test url="http://perasma.espivblogs.net/" />
+		<test url="http://pervasionhistory.espivblogs.net/" />
+		<test url="http://pkkaisarianis.espivblogs.net/" />
+		<test url="http://praposquat.espivblogs.net/" />
+		<test url="http://pritania.espivblogs.net/" />
+		<test url="http://prole-library.espivblogs.net/" />
+		<test url="http://proletant.espivblogs.net/" />
+		<test url="http://prolprot.espivblogs.net/" />
+		<test url="http://prwtovoulianafpaktou.espivblogs.net/" />
+		<test url="http://psalidi.espivblogs.net/" />
+		<test url="http://puriaegina.espivblogs.net/" />
+		<test url="http://queertrans.espivblogs.net/" />
+		<test url="http://rabidproletarians.espivblogs.net/" />
+		<test url="http://radiofragmata.espivblogs.net/" />
+		<test url="http://radiokatalipsi.espivblogs.net/" />
+		<test url="http://resaltocy.espivblogs.net/" />
+		<test url="http://resistra.espivblogs.net/" />
+		<test url="http://rocinante-edu.espivblogs.net/" />
+		<test url="http://rotta.espivblogs.net/" />
+		<test url="http://sadvkpz.espivblogs.net/" />
+		<test url="http://sardam105.espivblogs.net/" />
+		<test url="http://sdes.espivblogs.net/" />
+		<test url="http://setroxiasygrousis.espivblogs.net/" />
+		<test url="http://sexharassmap.espivblogs.net/" />
+		<test url="http://sfina.espivblogs.net/" />
+		<test url="http://shmeiomhden.espivblogs.net/" />
+		<test url="http://sinedominis.espivblogs.net/" />
+		<test url="http://sinelevsipolymorfikoy.espivblogs.net/" />
+		<test url="http://sinialo.espivblogs.net/" />
+		<test url="http://skapoula.espivblogs.net/" />
+		<test url="http://sma-a.espivblogs.net/" />
+		<test url="http://solidarity-refugees.espivblogs.net/" />
+		<test url="http://squat111.espivblogs.net/" />
+		<test url="http://ssmthess.espivblogs.net/" />
+		<test url="http://stegastro.espivblogs.net/" />
+		<test url="http://steki-rethymno.espivblogs.net/" />
+		<test url="http://stekilofos.espivblogs.net/" />
+		<test url="http://stekipanteios.espivblogs.net/" />
+		<test url="http://stekipk.espivblogs.net/" />
+		<test url="http://straitjacketfit.espivblogs.net/" />
+		<test url="http://sunall-metanastes.espivblogs.net/" />
+		<test url="http://svemko.espivblogs.net/" />
+		<test url="http://svepsykoi.espivblogs.net/" />
+		<test url="http://swbanergwn.espivblogs.net/" />
+		<test url="http://synagia.espivblogs.net/" />
+		<test url="http://synekox.espivblogs.net/" />
+		<test url="http://syneleusi-enantiastin-ee.espivblogs.net/" />
+		<test url="http://synerga-re.espivblogs.net/" />
+		<test url="http://synkosfoi.espivblogs.net/" />
+		<test url="http://syntexnia.espivblogs.net/" />
+		<test url="http://teflon.espivblogs.net/" />
+		<test url="http://termita.espivblogs.net/" />
+		<test url="http://terralibera.espivblogs.net/" />
+		<test url="http://thersitis.espivblogs.net/" />
+		<test url="http://tontoulapi.espivblogs.net/" />
+		<test url="http://topagkaki.espivblogs.net/" />
+		<test url="http://toumba.espivblogs.net/" />
+		<test url="http://tracesoffire.espivblogs.net/" />
+		<test url="http://troxilato.espivblogs.net/" />
+		<test url="http://tsamadou13-15.espivblogs.net/" />
+		<test url="http://unistrike.espivblogs.net/" />
+		<test url="http://vancouverapartman.espivblogs.net/" />
+		<test url="http://villazografou.espivblogs.net/" />
+		<test url="http://whatqueerfest.espivblogs.net/" />
+		<test url="http://xanadu.espivblogs.net/" />
+		<test url="http://xeironomia.espivblogs.net/" />
+		<test url="http://xlnomikis.espivblogs.net/" />
+		<test url="http://xorisinora.espivblogs.net/" />
+		<test url="http://xorostiskarmaniolas.espivblogs.net/" />
+		<test url="http://xwros.espivblogs.net/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:\.ajde|anarxikoigalatsiou|\.immigrants-asoee|new|solidarity-refugees)\.espivblogs\.net$" name="^qtrans_front_language$" /-->
+	<!--securecookie host="^(?:bastards|espapei|katalipsi-virwnos-3|koinonikoiatreionfnx|oikodiktyo|peiratikokafeneio|radiofragmata|skya)\.espivblogs\.net$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^(?:diamedia|nogoldthess|sasta|stepanyantsp)\.espivblogs\.net$" name="^(?:PHPSESSID|qtrans_front_language)$" /-->
+
+	<securecookie host="^(?!\.espivblogs\.net$)." name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/espn.com-mixedcontent.xml b/src/chrome/content/rules/espn.com-mixedcontent.xml
new file mode 100644
index 000000000000..5ace916cebf6
--- /dev/null
+++ b/src/chrome/content/rules/espn.com-mixedcontent.xml
@@ -0,0 +1,21 @@
+<!--
+	For rules not causing MCB, see espn.com.xml.
+
+
+	NB: see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="ESPN.com (MCB)" platform="mixedcontent">
+
+	<target host="espndeportes.espn.com" />
+	<target host="xgames.espn.com" />
+
+
+	<securecookie host="^\." name="^optimizely" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/espn.com.xml b/src/chrome/content/rules/espn.com.xml
new file mode 100644
index 000000000000..f8d47348fdf8
--- /dev/null
+++ b/src/chrome/content/rules/espn.com.xml
@@ -0,0 +1,53 @@
+<!--
+	For rules causing MCB, see espn.com-mixedcontent.xml.
+
+
+	Problematic hosts in *espn.com:
+
+		- espndeportes ˣ
+		- xgames ˣ
+
+	ˣ Mixed css, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- espndeportes.espn.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css on espndeportes, xgames from a.espncdn.com ᵐ
+
+		- Images, on:
+
+			- espndeportes, xgames from a[1-4]?.espncdn.com ᵐ
+			- xgames from pbs.twimg.com ˢ
+
+	ᵐ Not secured by us <= mismatched
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="ESPN.com (partial)">
+
+	<target host="secure.espn.com" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.espn\.com/$" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^espndeportes\.espn\.com$" name="^(?:country|device)" /-->
+
+	<securecookie host="^\." name="^optimizely" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ester-restaurant.com.au.xml b/src/chrome/content/rules/ester-restaurant.com.au.xml
new file mode 100644
index 000000000000..a60c033124aa
--- /dev/null
+++ b/src/chrome/content/rules/ester-restaurant.com.au.xml
@@ -0,0 +1,6 @@
+<ruleset name="ester-restaurant.com.au">
+	<target host="ester-restaurant.com.au" />
+	<target host="www.ester-restaurant.com.au" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/eternallybored.org.xml b/src/chrome/content/rules/eternallybored.org.xml
new file mode 100644
index 000000000000..b83d43acf973
--- /dev/null
+++ b/src/chrome/content/rules/eternallybored.org.xml
@@ -0,0 +1,16 @@
+<!--
+www.eternallybored.org ¹
+tanja.eternallybored.org ¹
+
+
+¹ mismatch
+-->
+<ruleset name="eternallybored.org">
+	<target host="eternallybored.org" />
+	<target host="www.eternallybored.org" />
+
+	<rule from="^http://www\.eternallybored\.org/"
+		to="https://eternallybored.org/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/etmirror.com.xml b/src/chrome/content/rules/etmirror.com.xml
new file mode 100644
index 000000000000..820844f68adf
--- /dev/null
+++ b/src/chrome/content/rules/etmirror.com.xml
@@ -0,0 +1,20 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://etmirror.com/ => https://etmirror.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://www.etmirror.com/ => https://www.etmirror.com/: (28, 'Operation timed out after 30006 milliseconds with 0 bytes received')
+
+-->
+<ruleset name="ETmirror.com" default_off="failed ruleset test">
+
+	<target host="etmirror.com" />
+	<target host="www.etmirror.com" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/etorostatic.com.xml b/src/chrome/content/rules/etorostatic.com.xml
new file mode 100644
index 000000000000..9e8c076d31d9
--- /dev/null
+++ b/src/chrome/content/rules/etorostatic.com.xml
@@ -0,0 +1,20 @@
+<!--
+	For other eToro.com coverage, see EToro.xml.
+-->
+<ruleset name="etorostatic.com">
+
+	<target host="api.etorostatic.com" />
+	<target host="cdn.etorostatic.com" />
+	<target host="etoro-cdn.etorostatic.com" />
+	<target host="marketing.etorostatic.com" />
+
+		<test url="http://marketing.etorostatic.com/homepage/images/cfd-icn.png" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/etransfer.com.xml b/src/chrome/content/rules/etransfer.com.xml
new file mode 100644
index 000000000000..bdea3668b8d1
--- /dev/null
+++ b/src/chrome/content/rules/etransfer.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="etransfer.com">
+	<target host="etransfer.com" />
+	<target host="www.etransfer.com" />
+	<target host="secure.etransfer.com" />
+	<target host="vault.etransfer.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/eugenekolo.com.xml b/src/chrome/content/rules/eugenekolo.com.xml
new file mode 100644
index 000000000000..29c8c1a9d92b
--- /dev/null
+++ b/src/chrome/content/rules/eugenekolo.com.xml
@@ -0,0 +1,14 @@
+<ruleset name="Eugene Kolo.com">
+
+	<target host="eugenekolo.com" />
+	<target host="www.eugenekolo.com" />
+
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/eumetsat.int.xml b/src/chrome/content/rules/eumetsat.int.xml
new file mode 100644
index 000000000000..48c6a6cca43e
--- /dev/null
+++ b/src/chrome/content/rules/eumetsat.int.xml
@@ -0,0 +1,135 @@
+<!--
+	Content mismatch:
+		usc.tools.eumetsat.int
+
+	Invalid certificate:
+		archive.eumetsat.int
+		epsmcf.eumetsat.int
+		fame-portal.eumetsat.int
+		gsics.eumetsat.int
+		imagine.eumetsat.int
+		intranet.eumetsat.int
+		intranet-cms.eumetsat.int
+		navigator.eumetsat.int
+		savs.eumetsat.int
+		training.eumetsat.int
+		training-dev.eumetsat.int
+		trainingevents.eumetsat.int
+		veoportal.eumetsat.int
+		vgsics.eumetsat.int
+		vwids.eumetsat.int
+
+	Not found:
+		OVDICON0[1-4].eumetsat.int
+		OVDISEC0[1-2].eumetsat.int
+		blog.eumetsat.int
+		blog-msg3.eumetsat.int
+		climateblog.eumetsat.int
+		cloud07.eumetsat.int
+		conferences.eumetsat.int
+		www.conferences.eumetsat.int
+		cwpt.eumetsat.int
+		epssg-jira.eumetsat.int
+		eum-visitor.eumetsat.int
+		eumapps.eumetsat.int
+		jira.eumetsat.int
+		mobile.eumetsat.int
+		sap-portal.eumetsat.int
+		sponsorportal.eumetsat.int
+		sync07.eumetsat.int
+		waw01.eumetsat.int
+		wlw11.eumetsat.int
+
+	Refused:
+		dnx0[1-2].eumetsat.int
+		ftp.eumetsat.int
+		ftp05.eumetsat.int
+		masif.eumetsat.int
+		mcl.eumetsat.int
+		omasif.eumetsat.int
+		pics.eumetsat.int
+		gsics.tools.eumetsat.int
+		ufa.eumetsat.int
+		webconf.eumetsat.int
+
+	Timeout:
+		ac-saf.eumetsat.int
+		cgms.eumetsat.int
+		cm-saf.eumetsat.int
+		conf.eumetsat.int
+		copernicus.eumetsat.int
+		dmtool-int.eumetsat.int
+		eumwifi.eumetsat.int
+		guest.eumetsat.int
+		h-saf.eumetsat.int
+		lsa-saf.eumetsat.int
+		nwc-saf.eumetsat.int
+		nwp-saf.eumetsat.int
+		oisewcs01.eumetsat.int
+		oisftp.eumetsat.int
+		oislab.eumetsat.int
+		oiswww.eumetsat.int
+		rom-saf.eumetsat.int
+		simdat.eumetsat.int
+		www3.eumetsat.int
+		wwwcontent.eumetsat.int
+-->
+<ruleset name="EUMETSAT.int">
+
+	<target host="eumetsat.int" />
+	<target host="www.eumetsat.int" />
+	<target host="access.eumetsat.int" />
+	<target host="adfs.eumetsat.int" />
+	<target host="apps.eumetsat.int" />
+	<target host="apt.eumetsat.int" />
+	<target host="autodiscover.eumetsat.int" />
+	<target host="chart.eumetsat.int" />
+	<target host="cloud.eumetsat.int" />
+	<target host="coda.eumetsat.int" />
+	<target host="dmtool.eumetsat.int" />
+	<target host="doors.eumetsat.int" />
+	<target host="eoportal.eumetsat.int" />
+	<target host="eumeds.eumetsat.int" />
+	<target host="eumetview.eumetsat.int" />
+	<target host="eumits.eumetsat.int" />
+	<target host="eventregistration.eumetsat.int" />
+	<target host="filedrop.eumetsat.int" />
+	<target host="forums.eumetsat.int" />
+	<target host="gitlab.eumetsat.int" />
+	<target host="gsimcat01.eumetsat.int" />
+	<target host="learning.eumetsat.int" />
+	<target host="leo.eumetsat.int" />
+	<target host="lyncdiscover.eumetsat.int" />
+	<target host="mail.eumetsat.int" />
+	<target host="meet.eumetsat.int" />
+	<target host="moftools.eumetsat.int" />
+	<target host="mpstar.eumetsat.int" />
+	<target host="mtg.eumetsat.int" />
+	<target host="onlineapplication.eumetsat.int" />
+	<target host="portal.eumetsat.int" />
+	<target host="prd-jira.eumetsat.int" />
+	<target host="print.eumetsat.int" />
+	<target host="tsw02.eum.root.eumetsat.int" />
+	<target host="saf.eumetsat.int" />
+	<target host="scienceblog.eumetsat.int" />
+	<target host="sip.eumetsat.int" />
+	<target host="sslvpn.eumetsat.int" />
+	<target host="sync.eumetsat.int" />
+	<target host="tadfs.eumetsat.int" />
+	<target host="vdi.eumetsat.int" />
+	<target host="vmasif.eumetsat.int" />
+	<target host="webcomp.eumetsat.int" />
+	<target host="webdocs.eumetsat.int" />
+	<target host="wwwc.eumetsat.int" />
+	<target host="wwwstats.eumetsat.int" />
+
+	<securecookie host=".+" name=".+" />
+
+	<!-- https://eumetsat.int/ redirects to not existing host (eumetsat.int.eumetsat.int),
+	http://eumetsat.int/ redirects to http://www.eumetsat.int/ -->
+	<rule from="^http://eumetsat\.int/"
+		to="https://www.eumetsat.int/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/eumostwanted.eu.xml b/src/chrome/content/rules/eumostwanted.eu.xml
new file mode 100644
index 000000000000..c2473112067d
--- /dev/null
+++ b/src/chrome/content/rules/eumostwanted.eu.xml
@@ -0,0 +1,13 @@
+<ruleset name="EU most wanted.eu">
+
+	<target host="eumostwanted.eu" />
+	<target host="www.eumostwanted.eu" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/eurekalert.org.xml b/src/chrome/content/rules/eurekalert.org.xml
new file mode 100644
index 000000000000..d8b7ebb1581b
--- /dev/null
+++ b/src/chrome/content/rules/eurekalert.org.xml
@@ -0,0 +1,36 @@
+<!--
+	Problematic hosts in *eurekalert.org:
+
+		- chinese ᵈ
+
+	ᵈ Dropped
+
+-->
+<ruleset name="EurekAlert.org (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="eurekalert.org" />
+	<target host="media.eurekalert.org" />
+	<target host="www.eurekalert.org" />
+
+	<!--	Complications:
+				-->
+	<target host="chinese.eurekalert.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<!--	Redirect drops path and forward
+		slash but not args:
+					-->
+	<rule from="^http://chinese\.eurekalert\.org/[^?]*"
+		to="https://www.eurekalert.org/zh/" />
+
+		<test url="http://chinese.eurekalert.org/index.php" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/eurobilltracker.com.xml b/src/chrome/content/rules/eurobilltracker.com.xml
new file mode 100644
index 000000000000..0edd1291e3ca
--- /dev/null
+++ b/src/chrome/content/rules/eurobilltracker.com.xml
@@ -0,0 +1,48 @@
+<!--
+	Insecure cookies are set for these domains: ᶜ
+
+		- .eurobilltracker.com
+		- .forum.eurobilltracker.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="eurobilltracker.com">
+
+	<target host="eurobilltracker.com" />
+	<target host="*.eurobilltracker.com" />
+
+		<test url="http://ca.eurobilltracker.com/" />
+		<test url="http://de.eurobilltracker.com/" />
+		<test url="http://en.eurobilltracker.com/" />
+		<test url="http://eo.eurobilltracker.com/" />
+		<test url="http://es.eurobilltracker.com/" />
+		<test url="http://et.eurobilltracker.com/" />
+		<test url="http://fi.eurobilltracker.com/" />
+		<test url="http://forum.eurobilltracker.com/" />
+		<test url="http://fr.eurobilltracker.com/" />
+		<test url="http://gr.eurobilltracker.com/" />
+		<test url="http://it.eurobilltracker.com/" />
+		<test url="http://lt.eurobilltracker.com/" />
+		<test url="http://lv.eurobilltracker.com/" />
+		<test url="http://nl.eurobilltracker.com/" />
+		<test url="http://pl.eurobilltracker.com/" />
+		<test url="http://pt.eurobilltracker.com/" />
+		<test url="http://ru.eurobilltracker.com/" />
+		<test url="http://se.eurobilltracker.com/" />
+		<test url="http://si.eurobilltracker.com/" />
+		<test url="http://sk.eurobilltracker.com/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.eurobilltracker\.com$" name="^(?:PHPSESSID|cookieLanguage)$" /-->
+	<!--securecookie host="^\.forum\.eurobilltracker\.com$" name="^phpbb3_\w+_(?:k|sid|u)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/europaplus.ru.xml b/src/chrome/content/rules/europaplus.ru.xml
new file mode 100644
index 000000000000..89977180c17b
--- /dev/null
+++ b/src/chrome/content/rules/europaplus.ru.xml
@@ -0,0 +1,210 @@
+<!--
+www.almaty.europaplus.ru ¹
+www.armavir.europaplus.ru ¹
+autodiscover.europaplus.ru ³
+www.balakovo.europaplus.ru ¹
+www.barnaul.europaplus.ru ¹
+belieber2016.europaplus.ru ⁵
+www.belovo.europaplus.ru ¹
+www.berezniki.europaplus.ru ¹
+www.birobidjan.europaplus.ru ¹
+www.blogfm.europaplus.ru ¹
+bp20.europaplus.ru/: (35, 'error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure')
+bpzima.europaplus.ru/: (35, 'error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure')
+www.bpzima.europaplus.ru/: (35, 'error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure')
+breakfast.europaplus.ru/: (35, 'error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure')
+www.buguruslan.europaplus.ru ¹
+www.chel.europaplus.ru ¹
+www.cher.europaplus.ru ¹
+forum.europaplus.ru/: (35, 'error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure')
+img.europaplus.ru/: (35, 'error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure')
+www.irk.europaplus.ru ¹
+www.kazan.europaplus.ru ¹
+www.kemerovo.europaplus.ru ¹
+www.kirov.europaplus.ru ¹
+www.kogalym.europaplus.ru ¹
+www.kotlas.europaplus.ru ¹
+www.krsk.europaplus.ru ¹
+links.europaplus.ru ¹
+mail.europaplus.ru ¹
+www.nalchik.europaplus.ru ¹
+newmail.europaplus.ru ³
+www.nkz.europaplus.ru ¹
+www.nnov.europaplus.ru ¹
+www.nvrsk.europaplus.ru ¹
+www.penza.europaplus.ru ¹
+www.petrozavodsk.europaplus.ru ¹
+www.rostov.europaplus.ru ¹
+www.samara.europaplus.ru ¹
+www.smolensk.europaplus.ru ¹
+kinokaif.spb.europaplus.ru ³
+m.spb.europaplus.ru ¹
+stars.europaplus.ru ⁵
+www.stavropol.europaplus.ru ¹
+www.tihoretsk.europaplus.ru ¹
+www.tlt.europaplus.ru ¹
+www.tyumen.europaplus.ru ¹
+www.uglich.europaplus.ru ¹
+www.ulan-ude.europaplus.ru ¹
+www.ulyanovsk.europaplus.ru ¹
+www.ussuriisk.europaplus.ru ¹
+www.volgograd.europaplus.ru ¹
+www.vrn.europaplus.ru ¹
+webmail.europaplus.ru ³
+www.yo.europaplus.ru ¹
+
+
+¹ mismatch
+³ timed out
+⁵ expired
+-->
+<ruleset name="europaplus.ru">
+	<target host="europaplus.ru" />
+	<target host="www.europaplus.ru" />
+	<target host="a.europaplus.ru" />
+	<target host="abakan.europaplus.ru" />
+	<target host="achinsk.europaplus.ru" />
+	<target host="almaty.europaplus.ru" />
+	<target host="almet.europaplus.ru" />
+	<target host="arh.europaplus.ru" />
+	<target host="arsenev.europaplus.ru" />
+	<target host="astrahan.europaplus.ru" />
+	<target host="baku.europaplus.ru" />
+	<target host="barnaul.europaplus.ru" />
+	<target host="bel.europaplus.ru" />
+	<target host="belovo.europaplus.ru" />
+	<target host="berezniki.europaplus.ru" />
+	<target host="birobidjan.europaplus.ru" />
+	<target host="bishkek.europaplus.ru" />
+	<target host="biysk.europaplus.ru" />
+	<target host="blagoveshensk.europaplus.ru" />
+	<target host="blogfm.europaplus.ru" />
+	<target host="bratsk.europaplus.ru" />
+	<target host="budennovsk.europaplus.ru" />
+	<target host="cheboksary.europaplus.ru" />
+	<target host="chel.europaplus.ru" />
+	<target host="cher.europaplus.ru" />
+	<target host="cherkessk.europaplus.ru" />
+	<target host="chita.europaplus.ru" />
+	<target host="egorievsk.europaplus.ru" />
+	<target host="ekb.europaplus.ru" />
+	<target host="habarovsk.europaplus.ru" />
+	<target host="ivanovo.europaplus.ru" />
+	<target host="izh.europaplus.ru" />
+	<target host="kaluga.europaplus.ru" />
+	<target host="kamensk-shahtinskiy.europaplus.ru" />
+	<target host="kamensk-uralskiy.europaplus.ru" />
+	<target host="kandalaksha.europaplus.ru" />
+	<target host="kansk.europaplus.ru" />
+	<target host="kazan.europaplus.ru" />
+	<target host="kemerovo.europaplus.ru" />
+	<target host="khabarovsk.europaplus.ru" />
+	<target host="kirishi.europaplus.ru" />
+	<target host="kirov.europaplus.ru" />
+	<target host="kna.europaplus.ru" />
+	<target host="kolomna.europaplus.ru" />
+	<target host="kostroma.europaplus.ru" />
+	<target host="kotlas.europaplus.ru" />
+	<target host="krasnodar.europaplus.ru" />
+	<target host="kropotkin.europaplus.ru" />
+	<target host="krsk.europaplus.ru" />
+	<target host="kurgan.europaplus.ru" />
+	<target host="kursk.europaplus.ru" />
+	<target host="kuybyshev.europaplus.ru" />
+	<target host="lipetsk.europaplus.ru" />
+	<target host="live.europaplus.ru" />
+	<target host="m.europaplus.ru" />
+	<target host="magnitogorsk.europaplus.ru" />
+	<target host="manturovo.europaplus.ru" />
+	<target host="maykop.europaplus.ru" />
+	<target host="mkala.europaplus.ru" />
+	<target host="murmansk.europaplus.ru" />
+	<target host="my-radio.europaplus.ru" />
+	<target host="nabchelny.europaplus.ru" />
+	<target host="nakhodka.europaplus.ru" />
+	<target host="nkz.europaplus.ru" />
+	<target host="nnov.europaplus.ru" />
+	<target host="norilsk.europaplus.ru" />
+	<target host="nov.europaplus.ru" />
+	<target host="novosibirsk.europaplus.ru" />
+	<target host="ntagil.europaplus.ru" />
+	<target host="nvrsk.europaplus.ru" />
+	<target host="nyagan.europaplus.ru" />
+	<target host="obninsk.europaplus.ru" />
+	<target host="ok-radio.europaplus.ru" />
+	<target host="oktb.europaplus.ru" />
+	<target host="omsk.europaplus.ru" />
+	<target host="orel.europaplus.ru" />
+	<target host="orenburg.europaplus.ru" />
+	<target host="orsk.europaplus.ru" />
+	<target host="oskol.europaplus.ru" />
+	<target host="penza.europaplus.ru" />
+	<target host="perm.europaplus.ru" />
+	<target host="petrozavodsk.europaplus.ru" />
+	<target host="pk.europaplus.ru" />
+	<target host="pskov.europaplus.ru" />
+	<target host="rossosh.europaplus.ru" />
+	<target host="rostov.europaplus.ru" />
+	<target host="ryazan.europaplus.ru" />
+	<target host="sakhalin.europaplus.ru" />
+	<target host="salekhard.europaplus.ru" />
+	<target host="salsk.europaplus.ru" />
+	<target host="samara.europaplus.ru" />
+	<target host="sarapul.europaplus.ru" />
+	<target host="saratov.europaplus.ru" />
+	<target host="sarov.europaplus.ru" />
+	<target host="serov.europaplus.ru" />
+	<target host="serpuhov.europaplus.ru" />
+	<target host="severobaikalsk.europaplus.ru" />
+	<target host="shahty.europaplus.ru" />
+	<target host="skidki.europaplus.ru" />
+	<target host="slavyansk.europaplus.ru" />
+	<target host="smolensk.europaplus.ru" />
+	<target host="snegohit.europaplus.ru" />
+	<target host="sochi.europaplus.ru" />
+	<target host="spb.europaplus.ru" />
+	<target host="stavropol.europaplus.ru" />
+	<target host="sterlitamak.europaplus.ru" />
+	<target host="stupino.europaplus.ru" />
+	<target host="surgut.europaplus.ru" />
+	<target host="syktyvkar.europaplus.ru" />
+	<target host="tambov.europaplus.ru" />
+	<target host="tihoretsk.europaplus.ru" />
+	<target host="tlt.europaplus.ru" />
+	<target host="tomsk.europaplus.ru" />
+	<target host="tuapse.europaplus.ru" />
+	<target host="tula.europaplus.ru" />
+	<target host="tyumen.europaplus.ru" />
+	<target host="u-uralsk.europaplus.ru" />
+	<target host="uae.europaplus.ru" />
+	<target host="uchaly.europaplus.ru" />
+	<target host="ufa.europaplus.ru" />
+	<target host="uglich.europaplus.ru" />
+	<target host="ulan-ude.europaplus.ru" />
+	<target host="ulyanovsk.europaplus.ru" />
+	<target host="ussuriisk.europaplus.ru" />
+	<target host="ust-ilimsk.europaplus.ru" />
+	<target host="utro.europaplus.ru" />
+	<target host="vecher.europaplus.ru" />
+	<target host="viborg.europaplus.ru" />
+	<target host="vk-prize.europaplus.ru" />
+	<target host="vk-radio.europaplus.ru" />
+	<target host="vl.europaplus.ru" />
+	<target host="vladikavkaz.europaplus.ru" />
+	<target host="vladimir.europaplus.ru" />
+	<target host="volgodonsk.europaplus.ru" />
+	<target host="volgograd.europaplus.ru" />
+	<target host="volkhov.europaplus.ru" />
+	<target host="vologda.europaplus.ru" />
+	<target host="vpolyany.europaplus.ru" />
+	<target host="vrn.europaplus.ru" />
+	<target host="yakutsk.europaplus.ru" />
+	<target host="yaroslavl.europaplus.ru" />
+	<target host="yeisk.europaplus.ru" />
+	<target host="yeroshka.europaplus.ru" />
+	<target host="yo.europaplus.ru" />
+	<target host="yurga.europaplus.ru" />
+	<target host="zlatoust.europaplus.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/europe-miniatures.com.xml b/src/chrome/content/rules/europe-miniatures.com.xml
new file mode 100644
index 000000000000..449b24bfdf99
--- /dev/null
+++ b/src/chrome/content/rules/europe-miniatures.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="europe-miniatures.com">
+	<target host="europe-miniatures.com" />
+	<target host="www.europe-miniatures.com" />
+
+	<rule from="^http://europe-miniatures\.com/" to="https://www.europe-miniatures.com/" /> <!-- SSL: no alternative certificate subject name matches target host name 'europe-miniatures.com -->
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/europe1.fr.xml b/src/chrome/content/rules/europe1.fr.xml
new file mode 100644
index 000000000000..82b5b3c8ba92
--- /dev/null
+++ b/src/chrome/content/rules/europe1.fr.xml
@@ -0,0 +1,71 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://aphatie.europe1.fr/ (200) => https://aphatie.europe1.fr/ (403)
+Non-2xx HTTP code: http://blog.europe1.fr/ (200) => https://blog.europe1.fr/ (403)
+
+	Redirects to http:
+		europe1.fr
+		www.europe1.fr
+		recherche.europe1.fr
+
+	No known URL working:
+		api.europe1.fr (503)
+		www.api.europe1.fr (503)
+		bonsplans.europe1.fr
+		cdn-podcast.europe1.fr
+		ezteam.europe1.fr
+		pp.ezteam.europe1.fr
+		fichier.europe1.fr
+		dyn.lelab.europe1.fr
+		media.europe1.fr
+		www.migration.europe1.fr
+		www.new.europe1.fr
+		photo.europe1.fr
+		vins.europe1.fr
+		pp.www.europe1.fr (403)
+
+	Bad certificate:
+		archives.europe1.fr
+		christophe-lamarre.blog.europe1.fr
+		des-clics-et-des-claques.blog.europe1.fr
+		helene-favier.blog.europe1.fr
+		lapolitiqueenshort.blog.europe1.fr
+		leshistoiresda.blog.europe1.fr
+		club-news.europe1.fr
+		planiweb.europe1.fr (self-signed)
+		rencontres.europe1.fr
+
+	Secure connection failed:
+		avantages.europe1.fr
+		bienvenueauclub.europe1.fr
+		elections.europe1.fr
+		generationseurope1.europe1.fr
+
+	Bad redirection:
+		club.europe1.fr
+		festival-de-cannes.europe1.fr
+		ketb.europe1.fr
+		live.europe1.fr
+		m.europe1.fr
+		meteo.europe1.fr
+		moi-maire.europe1.fr
+		radio.europe1.fr
+		sport.europe1.fr
+		webradio.europe1.fr
+-->
+<ruleset name="Europe1.fr (partial)" default_off="failed ruleset test">
+
+	<target host="aphatie.europe1.fr" />
+	<target host="blog.europe1.fr" />
+	<target host="club.europe1.fr" />
+	<target host="clube1.europe1.fr" />
+	<target host="lelab.europe1.fr" />
+	<target host="profile.europe1.fr" />
+
+	<rule from="^http://club\.europe1\.fr/"
+			to="https://clube1.europe1.fr/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/europeana.eu.xml b/src/chrome/content/rules/europeana.eu.xml
new file mode 100644
index 000000000000..d50430e042bf
--- /dev/null
+++ b/src/chrome/content/rules/europeana.eu.xml
@@ -0,0 +1,55 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://europeana.eu/ => https://europeana.eu/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.europeana.eu/ => https://www.europeana.eu/: Too many redirects while fetching 'https://www.europeana.eu/'
+
+	Nonfunctional hosts in *europeana.eu:
+
+		- blog ᵈ
+		- exhibitions ᵈ
+		- pro ᶠ
+		- styleguide ᶠ
+
+	ᵈ Dropped
+	ᶠ Handshake fails
+
+
+	Insecure cookies are set for these hosts:
+
+		- europeana.eu
+		- www.europeana.eu
+
+
+	Mixed content:
+
+		- css, on:
+
+			- (www.)? from fonts.googleapis.com ˢ
+			- (www.)? from styleguide.europeana.eu ᶠ
+
+		- Images, on:
+
+			- (www.)? from styleguide.europeana.eu ᶠ
+
+	ᶠ Unsecurable <= handshake fails
+	ˢ Secured by us
+
+-->
+<ruleset name="Europeana.eu (partial)" platform="mixedcontent" default_off="failed ruleset test">
+
+	<target host="europeana.eu" />
+	<target host="www.europeana.eu" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?europeana\.eu$" name="^_portal_session$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/euroradio.fm.xml b/src/chrome/content/rules/euroradio.fm.xml
new file mode 100644
index 000000000000..0ba166b2551f
--- /dev/null
+++ b/src/chrome/content/rules/euroradio.fm.xml
@@ -0,0 +1,26 @@
+<!--
+cloud.euroradio.fm ⁷
+cloudadmin.euroradio.fm ⁷
+comments.euroradio.fm ⁷
+editors.euroradio.fm ⁴
+exchanger.euroradio.fm ⁷
+fr.euroradio.fm ⁴
+hackertrace1.internal.nsa.gov.euroradio.fm ⁷
+hackertrace2.internal.nsa.gov.euroradio.fm ⁷
+hackertrace3.internal.nsa.gov.euroradio.fm ⁷
+hackertrace4.internal.nsa.gov.euroradio.fm ⁷
+ihwc2015.euroradio.fm ⁴
+m.euroradio.fm ⁴
+old.euroradio.fm ⁷
+waw.euroradio.fm ⁷
+
+
+⁴ self signed
+⁷ protocol error
+-->
+<ruleset name="euroradio.fm" platform="mixedcontent">
+	<target host="euroradio.fm" />
+	<target host="www.euroradio.fm" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/eutelsatnetworks.ru.xml b/src/chrome/content/rules/eutelsatnetworks.ru.xml
new file mode 100644
index 000000000000..8c2203731778
--- /dev/null
+++ b/src/chrome/content/rules/eutelsatnetworks.ru.xml
@@ -0,0 +1,18 @@
+<!--
+eutelsatnetworks.ru ¹
+api.test.eutelsatnetworks.ru ⁵
+cabinet.test.eutelsatnetworks.ru ⁵
+cms.test.eutelsatnetworks.ru ⁵
+dealer.test.eutelsatnetworks.ru ⁵
+
+
+¹ mismatch
+⁵ expired
+-->
+<ruleset name="eutelsatnetworks.ru">
+	<target host="api.eutelsatnetworks.ru" />
+	<target host="cabinet.eutelsatnetworks.ru" />
+	<target host="cms.eutelsatnetworks.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/evangelische-jugend.de.xml b/src/chrome/content/rules/evangelische-jugend.de.xml
new file mode 100644
index 000000000000..2cfff1a55844
--- /dev/null
+++ b/src/chrome/content/rules/evangelische-jugend.de.xml
@@ -0,0 +1,20 @@
+<!--
+	This domain contains a wildcard DNS record.
+
+	Invalid certificate:
+		www.jugendkreuzweg.evangelische-jugend.de
+		neu.evangelische-jugend.de
+		www.neu.evangelische-jugend.de
+		wp.evangelische-jugend.de
+-->
+<ruleset name="evangelische-jugend.de">
+
+	<target host="evangelische-jugend.de" />
+	<target host="www.evangelische-jugend.de" />
+	<target host="portal.evangelische-jugend.de" />
+	<target host="www.portal.evangelische-jugend.de" />
+	<target host="synex.evangelische-jugend.de" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/eventbrite.de.xml b/src/chrome/content/rules/eventbrite.de.xml
new file mode 100644
index 000000000000..51f357374ace
--- /dev/null
+++ b/src/chrome/content/rules/eventbrite.de.xml
@@ -0,0 +1,36 @@
+<!--
+	For other Eventbrite coverage, see Eventbrite.xml.
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- eventbrite.de
+		- .eventbrite.de
+		- www.eventbrite.de
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Eventbrite.de">
+
+	<target host="eventbrite.de" />
+	<target host="www.eventbrite.de" />
+
+		<!--	Sets cookies without Secure:
+							-->
+		<!--test url="http://www.eventbrite.de/custombutton?eid=1" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^eventbrite\.de$" name="^(?:AN|SERVERID|ebEventToTrack)$" /-->
+	<!--securecookie host="^\.eventbrite\.de$" name="^(?:G|SP|eblang|mgref|mgrefby)$" /-->
+	<!--securecookie host="^www\.eventbrite\.de$" name="^(?:AN|SERVERID|ebEventToTrack)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/eventsforce.net.xml b/src/chrome/content/rules/eventsforce.net.xml
new file mode 100644
index 000000000000..0ce35c8bef63
--- /dev/null
+++ b/src/chrome/content/rules/eventsforce.net.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- eventsforce.net
+		- www.eventsforce.net
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Eventsforce.net">
+
+	<target host="eventsforce.net" />
+	<target host="www.eventsforce.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?eventsforce\.net$" name="^CSPSESSIONID-SP-\d+" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/evilsocket.net.xml b/src/chrome/content/rules/evilsocket.net.xml
new file mode 100644
index 000000000000..a192afa35a65
--- /dev/null
+++ b/src/chrome/content/rules/evilsocket.net.xml
@@ -0,0 +1,14 @@
+<ruleset name="evilsocket.net">
+
+	<target host="evilsocket.net" />
+	<target host="www.evilsocket.net" />
+
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/evo73.ru.xml b/src/chrome/content/rules/evo73.ru.xml
new file mode 100644
index 000000000000..868e99ad9ad8
--- /dev/null
+++ b/src/chrome/content/rules/evo73.ru.xml
@@ -0,0 +1,7 @@
+<ruleset name="evo73.ru">
+	<target host="evo73.ru" />
+	<target host="www.evo73.ru" />
+	<target host="b2b.evo73.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/evolutionofsmooth.com.xml b/src/chrome/content/rules/evolutionofsmooth.com.xml
new file mode 100644
index 000000000000..3762bcacda26
--- /dev/null
+++ b/src/chrome/content/rules/evolutionofsmooth.com.xml
@@ -0,0 +1,19 @@
+<!--
+	Invalid certificate:
+		admin.evolutionofsmooth.com
+		customer.evolutionofsmooth.com
+		po.evolutionofsmooth.com
+		www.po.evolutionofsmooth.com
+		sales.evolutionofsmooth.com
+		www.sales.evolutionofsmooth.com
+		store.evolutionofsmooth.com
+		wholesale.evolutionofsmooth.com
+-->
+<ruleset name="evolutionofsmooth.com">
+	<target host="evolutionofsmooth.com" />
+	<target host="www.evolutionofsmooth.com" />
+	<target host="rds.evolutionofsmooth.com" />
+	<target host="support.evolutionofsmooth.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ewebcart.com.xml b/src/chrome/content/rules/ewebcart.com.xml
new file mode 100644
index 000000000000..d55bd39cbed4
--- /dev/null
+++ b/src/chrome/content/rules/ewebcart.com.xml
@@ -0,0 +1,16 @@
+<ruleset name="Ewebcart.com">
+
+	<target host="ewebcart.com" />
+	<target host="c2.ewebcart.com" />
+	<target host="www.ewebcart.com" />
+
+		<test url="http://www.ewebcart.com/~836/cgi-bin/cart.cgi?view=1" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/eweiqi.com.xml b/src/chrome/content/rules/eweiqi.com.xml
new file mode 100644
index 000000000000..1bbc673a4a53
--- /dev/null
+++ b/src/chrome/content/rules/eweiqi.com.xml
@@ -0,0 +1,57 @@
+<!--
+	Redirect to http:
+		www.eweiqi.com
+
+	Refused:
+		app.eweiqi.com
+		bbs.eweiqi.com
+		club.eweiqi.com
+		qiyouhui.eweiqi.com
+		qunyinghui.eweiqi.com
+
+	Timeout:
+		images.eweiqi.com
+		new.eweiqi.com
+		news.eweiqi.com
+		wbb.eweiqi.com
+		wbbtygem.eweiqi.com
+
+	404:
+		2014www.eweiqi.com
+		ap.eweiqi.com
+		appe.eweiqi.com
+		b.eweiqi.com
+		bs.eweiqi.com
+		bvs.eweiqi.com
+		clhb.eweiqi.com
+		clu.eweiqi.com
+		com.eweiqi.com
+		comtygem.eweiqi.com
+		dddcomtygem.eweiqi.com
+		download.eweiqi.com
+		forum.eweiqi.com
+		game.eweiqi.com
+		hao.eweiqi.com
+		m.eweiqi.com
+		mana.eweiqi.com
+		bbs.mobile.eweiqi.com
+		n.eweiqi.com
+		ngame.eweiqi.com
+		p.eweiqi.com
+		soft.eweiqi.com
+		ub.eweiqi.com
+		w.eweiqi.com
+		wbbdown2.eweiqi.com
+		wdexaufztygem.eweiqi.com
+		zaiwww.eweiqi.com
+
+	InvalidCert:
+		tygem.eweiqi.com
+-->
+
+<ruleset name="eweiqi (partial)">
+	<target host="apitygem.eweiqi.com" />
+	<target host="shop.eweiqi.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ewrdb.com.xml b/src/chrome/content/rules/ewrdb.com.xml
new file mode 100644
index 000000000000..19d9be882e02
--- /dev/null
+++ b/src/chrome/content/rules/ewrdb.com.xml
@@ -0,0 +1,23 @@
+<!--
+	Refused:
+		- blog.ewrdb.com
+
+	Timeout:
+		- mx0.ewrdb.com
+-->
+<ruleset name="European Water Ride DataBase">
+
+	<target host="ewrdb.com" />
+	<target host="www.ewrdb.com" />
+	<target host="de.ewrdb.com" />
+	<target host="nl.ewrdb.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<!-- Invalid certificate on https://www.ewrdb.com,
+	http://www.ewrdb.com/ redirects to https://ewrdb.com/ -->
+	<rule from="^http://www\.ewrdb\.com/"
+		to="https://ewrdb.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/excelatlife.com.xml b/src/chrome/content/rules/excelatlife.com.xml
new file mode 100644
index 000000000000..58e19c1496cc
--- /dev/null
+++ b/src/chrome/content/rules/excelatlife.com.xml
@@ -0,0 +1,27 @@
+<!--
+	Insecure cookies are set for these domains and hosts:
+
+		- excelatlife.com
+		- .excelatlife.com
+		- www.excelatlife.com
+
+-->
+<ruleset name="Excel At Life.com">
+
+	<target host="excelatlife.com" />
+	<target host="www.excelatlife.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?excelatlife\.com$" name="^___utmv[abm]\w+$" /-->
+	<!--securecookie host="^\.excelatlife\.com$" name="(?:incap_ses_\d+|visid_incap)_\d+$" /-->
+
+	<securecookie host="^\." name="(?:incap_ses_|visid_incap)_" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/excellencegateway.org.uk.xml b/src/chrome/content/rules/excellencegateway.org.uk.xml
new file mode 100644
index 000000000000..32f17e765a69
--- /dev/null
+++ b/src/chrome/content/rules/excellencegateway.org.uk.xml
@@ -0,0 +1,36 @@
+<!--
+	Nonfunctional hosts in *excellencegateway.org.uk:
+
+		- cavtl ᵈ
+		- english ᵈ
+		- keyskillstrainer ᵈ
+		- maths ᵈ
+		- repository ᵈ
+		- rwp ᵈ
+		- send ᵈ
+		- toolkits ᵈ
+
+	ᵈ Dropped
+
+
+	Insecure cookies are set for these hosts:
+
+		- api.excellencegateway.org.uk
+
+-->
+<ruleset name="Excellence Gateway.org.uk (partial)">
+
+	<target host="api.excellencegateway.org.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^api\.excellencegateway\.org\.uk$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/exelab.ru.xml b/src/chrome/content/rules/exelab.ru.xml
new file mode 100644
index 000000000000..73c3fd88ae79
--- /dev/null
+++ b/src/chrome/content/rules/exelab.ru.xml
@@ -0,0 +1,13 @@
+<!--
+svn.exelab.ru ¹
+
+
+¹ mismatch
+-->
+<ruleset name="exelab.ru">
+	<target host="exelab.ru" />
+	<target host="www.exelab.ru" />
+	<target host="ssl.exelab.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/exercise.com.xml b/src/chrome/content/rules/exercise.com.xml
new file mode 100644
index 000000000000..e68d57f47207
--- /dev/null
+++ b/src/chrome/content/rules/exercise.com.xml
@@ -0,0 +1,37 @@
+<!--
+	Problematic hosts in *exercise.com:
+
+		- support ᵐ
+
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.exercise.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Exercise.com (partial)">
+
+	<target host="exercise.com" />
+	<target host="www.exercise.com" />
+
+		<!--	Sets cookie without Secure:
+							-->
+		<!--test url="http://www.exercise.com/blog/" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.exercise\.com$" name="^(?:_WeightTraining_session|PHPSESSID)$" /-->
+
+	<securecookie host="^\." name="^_ga" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/exler.ru.xml b/src/chrome/content/rules/exler.ru.xml
new file mode 100644
index 000000000000..dd1675b3ebc7
--- /dev/null
+++ b/src/chrome/content/rules/exler.ru.xml
@@ -0,0 +1,52 @@
+<!--
+adv.exler.ru ¹
+africa.exler.ru ⁴
+artreal.exler.ru ¹
+blin.exler.ru ²
+www.blin.exler.ru ²
+bolk.exler.ru ²
+www.bolk.exler.ru ²
+cherski.exler.ru ²
+www.cherski.exler.ru ²
+dalnova.exler.ru ⁴
+doctor.exler.ru ⁴
+donsimon.exler.ru ²
+ex2.exler.ru ²
+www.fariseinki.exler.ru ²
+fool.exler.ru ⁴
+www.fool.exler.ru ⁴
+forum.exler.ru ²
+www.forum.exler.ru ²
+ftp.exler.ru ³
+gubin.exler.ru ⁴
+mahotsukai.exler.ru ⁴
+mai.exler.ru ²
+forum.mai.exler.ru ²
+mail.exler.ru ⁴
+mx1.exler.ru ³
+mx2.exler.ru ⁴
+ns1.exler.ru ³
+ns2.exler.ru ²
+www.obx.exler.ru ⁴
+old.exler.ru ⁴
+panda.exler.ru ²
+www.panda.exler.ru ²
+pda.exler.ru ¹
+promo.exler.ru ¹
+specialist.exler.ru ²
+www.specialist.exler.ru ²
+subscribe.exler.ru ¹
+m.exler.ru different content
+
+
+¹ mismatch
+² refused
+³ timed out
+⁴ self signed
+-->
+<ruleset name="exler.ru">
+	<target host="exler.ru" />
+	<target host="www.exler.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/exonet.nl.xml b/src/chrome/content/rules/exonet.nl.xml
new file mode 100644
index 000000000000..94aa429571e7
--- /dev/null
+++ b/src/chrome/content/rules/exonet.nl.xml
@@ -0,0 +1,14 @@
+<ruleset name="Exonet.nl">
+
+	<target host="exonet.nl" />
+	<target host="secure.exonet.nl" />
+	<target host="www.exonet.nl" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/exonit.by.xml b/src/chrome/content/rules/exonit.by.xml
new file mode 100644
index 000000000000..718fad4c12cd
--- /dev/null
+++ b/src/chrome/content/rules/exonit.by.xml
@@ -0,0 +1,6 @@
+<ruleset name="exonit.by">
+	<target host="exonit.by" />
+	<target host="www.exonit.by" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/expatpartnersurvival.com.xml b/src/chrome/content/rules/expatpartnersurvival.com.xml
new file mode 100644
index 000000000000..bb54f12017c6
--- /dev/null
+++ b/src/chrome/content/rules/expatpartnersurvival.com.xml
@@ -0,0 +1,21 @@
+<!--
+	Mixed content:
+
+		- Image from s\d.wp.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Expat Partner Survival.com">
+
+	<target host="expatpartnersurvival.com" />
+	<target host="www.expatpartnersurvival.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/explainshell.com.xml b/src/chrome/content/rules/explainshell.com.xml
new file mode 100644
index 000000000000..c1b1c98d4e99
--- /dev/null
+++ b/src/chrome/content/rules/explainshell.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="explainshell.com">
+	<target host="explainshell.com" />
+	<target host="www.explainshell.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/explore.co.uk.xml b/src/chrome/content/rules/explore.co.uk.xml
new file mode 100644
index 000000000000..756146ee1cff
--- /dev/null
+++ b/src/chrome/content/rules/explore.co.uk.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.explore.co.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Explore.co.uk">
+
+	<target host="explore.co.uk" />
+	<target host="www.explore.co.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.explore\.co\.uk$" name="^[\da-f]{32}$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/expodat.com.xml b/src/chrome/content/rules/expodat.com.xml
new file mode 100644
index 000000000000..94cf7156606e
--- /dev/null
+++ b/src/chrome/content/rules/expodat.com.xml
@@ -0,0 +1,17 @@
+<!--
+backend1.expodat.com ²
+dev-aws.expodat.com ⁵
+
+
+² refused
+⁵ expired
+-->
+<ruleset name="expodat.com">
+	<target host="expodat.com" />
+	<target host="www.expodat.com" />
+	<target host="api.expodat.com" />
+	<target host="callcenterguru.expodat.com" />
+	<target host="sptechnologies.expodat.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/exportingisgreat.gov.uk.xml b/src/chrome/content/rules/exportingisgreat.gov.uk.xml
new file mode 100644
index 000000000000..a4e1b7cea988
--- /dev/null
+++ b/src/chrome/content/rules/exportingisgreat.gov.uk.xml
@@ -0,0 +1,28 @@
+<!--
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Insecure cookies are set for these hosts:
+
+		- exportingisgreat.gov.uk
+		- www.exportingisgreat.gov.uk
+
+-->
+<ruleset name="Exporting Is Great.gov.uk">
+
+	<target host="exportingisgreat.gov.uk" />
+	<target host="www.exportingisgreat.gov.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?exportingisgreat\.gov\.uk$" name="^eig_background_banner$" /-->
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/expressjs.com.xml b/src/chrome/content/rules/expressjs.com.xml
new file mode 100644
index 000000000000..3d07776ca2cd
--- /dev/null
+++ b/src/chrome/content/rules/expressjs.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="expressjs.com">
+	<target host="expressjs.com" />
+	<target host="www.expressjs.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/expreview.com.xml b/src/chrome/content/rules/expreview.com.xml
new file mode 100644
index 000000000000..d17ac6a08009
--- /dev/null
+++ b/src/chrome/content/rules/expreview.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="expreview.com">
+	<target host="expreview.com" />
+	<target host="www.expreview.com" />
+	<target host="cj.expreview.com" />
+		<test url="http://cj.expreview.com/exp_new/static/exp4/css/style_index.css" />
+		<test url="http://cj.expreview.com/exp_new/static/exp4/css/basic_pic.css" />
+	<target host="img.expreview.com" />
+	<target host="m.expreview.com" />
+	<target host="topic.expreview.com" />
+	<target host="uc.expreview.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/exsila.ch.xml b/src/chrome/content/rules/exsila.ch.xml
new file mode 100644
index 000000000000..cb1c251bdb33
--- /dev/null
+++ b/src/chrome/content/rules/exsila.ch.xml
@@ -0,0 +1,6 @@
+<ruleset name="exsila">
+	<target host="exsila.ch"/>
+	<target host="www.exsila.ch"/>
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/extratorrentlive.com.xml b/src/chrome/content/rules/extratorrentlive.com.xml
new file mode 100644
index 000000000000..f0efe0ec737f
--- /dev/null
+++ b/src/chrome/content/rules/extratorrentlive.com.xml
@@ -0,0 +1,27 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://extratorrentlive.com/ => https://extratorrentlive.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://www.extratorrentlive.com/ => https://www.extratorrentlive.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+
+	Mixed content:
+
+		- Ads from creative.wwwpromoter.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="ExtraTorrent live.com" default_off="failed ruleset test">
+
+	<target host="extratorrentlive.com" />
+	<target host="www.extratorrentlive.com" />
+
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/extremerestraints.com.xml b/src/chrome/content/rules/extremerestraints.com.xml
new file mode 100644
index 000000000000..00c250a8f989
--- /dev/null
+++ b/src/chrome/content/rules/extremerestraints.com.xml
@@ -0,0 +1,27 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- extremerestraints.com
+		- www.extremerestraints.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Extreme Restraints.com">
+
+	<target host="extremerestraints.com" />
+	<target host="www.extremerestraints.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?extremerestraints\.com$" name="^ftb_session_id$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/extyl-pro.ru.xml b/src/chrome/content/rules/extyl-pro.ru.xml
new file mode 100644
index 000000000000..77f29b46a770
--- /dev/null
+++ b/src/chrome/content/rules/extyl-pro.ru.xml
@@ -0,0 +1,6 @@
+<ruleset name="extyl-pro.ru">
+	<target host="extyl-pro.ru" />
+	<target host="www.extyl-pro.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/eydap.gr.xml b/src/chrome/content/rules/eydap.gr.xml
new file mode 100644
index 000000000000..f55b2952d951
--- /dev/null
+++ b/src/chrome/content/rules/eydap.gr.xml
@@ -0,0 +1,7 @@
+<ruleset name="eydap.gr">
+	<target host="www.eydap.gr" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/eyeo.com.xml b/src/chrome/content/rules/eyeo.com.xml
new file mode 100644
index 000000000000..40d3784ba5b1
--- /dev/null
+++ b/src/chrome/content/rules/eyeo.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="Eyeo.com">
+
+	<target host="eyeo.com" />
+	<target host="www.eyeo.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/eyeonx.ch.xml b/src/chrome/content/rules/eyeonx.ch.xml
new file mode 100644
index 000000000000..6173c1ddc32e
--- /dev/null
+++ b/src/chrome/content/rules/eyeonx.ch.xml
@@ -0,0 +1,31 @@
+<!--
+		Cert expired:
+			- converter.eyeonx.ch
+			- event.eyeonx.ch
+
+		Cert mismatch:
+			- docs.eyeonx.ch
+
+		Timeout:
+			- autodiscover.eyeonx.ch
+			- email.mailgun.eyeonx.ch
+-->
+<ruleset name="Eyeonx.ch (partial)">
+
+	<target host="www.eyeonx.ch" />
+	<target host="ads.eyeonx.ch" />
+	<target host="adserver.eyeonx.ch" />
+	<target host="advertiser.eyeonx.ch" />
+	<target host="analytics.eyeonx.ch" />
+
+	<target host="crea.eyeonx.ch" />
+	<target host="creatives.eyeonx.ch" />
+	<target host="dashboard.eyeonx.ch" />
+
+	<target host="scrollad.eyeonx.ch" />
+	<target host="solutions.eyeonx.ch" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/eyeota.net.xml b/src/chrome/content/rules/eyeota.net.xml
new file mode 100644
index 000000000000..8028197d3726
--- /dev/null
+++ b/src/chrome/content/rules/eyeota.net.xml
@@ -0,0 +1,36 @@
+<!--
+
+	Insecure cookies are set for these domains: ᶜ
+
+		- .eyeota.net
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css on helpdesk from fonts.googleapis.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="eyeota.net" >
+
+	<target host="ps.eyeota.net" />
+
+		<!--	Sets cookie without Secure:
+							-->
+		<!--test url="http://ps.eyeota.net/pixel?pid=&amp;t=&amp;param=" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.eyeota\.net$" name="^mako_uid$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/eztv.ag.xml b/src/chrome/content/rules/eztv.ag.xml
new file mode 100644
index 000000000000..0c2916cdf433
--- /dev/null
+++ b/src/chrome/content/rules/eztv.ag.xml
@@ -0,0 +1,17 @@
+<ruleset name="EZTV">
+	<target host="eztv.ag" />
+	<target host="www.eztv.ag" />
+	<target host="eztv.ch" />
+	<target host="www.eztv.ch" />
+	<target host="eztv.tf" />
+	<target host="www.eztv.tf" />
+	<target host="eztv.yt" />
+	<target host="www.eztv.yt" />
+	<target host="eztv.wf" />
+	<target host="www.eztv.wf" />
+	<target host="eztvstatus.com" />
+	<target host="www.eztvstatus.com" />
+	<target host="mail.eztvstatus.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/f1g.fr.xml b/src/chrome/content/rules/f1g.fr.xml
new file mode 100644
index 000000000000..2f824512d790
--- /dev/null
+++ b/src/chrome/content/rules/f1g.fr.xml
@@ -0,0 +1,18 @@
+<!--
+	Invalid certificate:
+		f1g.fr
+		www.f1g.fr
+		cdn\d.f1g.fr
+
+-->
+<ruleset name="f1g.fr (partial)">
+
+	<target host="a.f1g.fr" />
+		<test url="http://a.f1g.fr/assets-img/i/f/m150.png" />
+	<target host="i.f1g.fr" />
+		<test url="http://i.f1g.fr/media/verso/300x195_crop/images/verso.ranking/2017/07/medias-Qv7pLHmDn4QBJSsCj-For%C3%AAt.jpg" />
+	<target host="p.f1g.fr" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/f4map.com.xml b/src/chrome/content/rules/f4map.com.xml
new file mode 100644
index 000000000000..88f54b30fbfd
--- /dev/null
+++ b/src/chrome/content/rules/f4map.com.xml
@@ -0,0 +1,13 @@
+<!--
+    Nonfunctional subdomains:
+	    - $
+-->
+<ruleset name="f4map.com">
+    <target host="www.f4map.com" />
+    <target host="demo.f4map.com" />
+
+    <securecookie host="^(www\.|demo\.)f4map\.com" name=".+" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/facebook.net.xml b/src/chrome/content/rules/facebook.net.xml
new file mode 100644
index 000000000000..0bf3d7253ffe
--- /dev/null
+++ b/src/chrome/content/rules/facebook.net.xml
@@ -0,0 +1,25 @@
+<!--
+	Refused:
+		mirror
+		*.mirror
+		mirror-ext
+		presence
+		silfra
+		a.ns.t
+		b.ns.t
+-->
+<ruleset name="facebook.net">
+
+	<target host="beta.facebook.net" />
+	<target host="www.beta.facebook.net" />
+	<target host="connect.beta.facebook.net" />
+	<target host="mabasic.beta.facebook.net" />
+	<target host="bunnylol.facebook.net" />
+	<target host="developer.facebook.net" />
+	<target host="developers.facebook.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/facedetection.com.xml b/src/chrome/content/rules/facedetection.com.xml
new file mode 100644
index 000000000000..7cad75a73f3e
--- /dev/null
+++ b/src/chrome/content/rules/facedetection.com.xml
@@ -0,0 +1,21 @@
+<!--
+	Mixed content:
+
+		- Bug from c.statcounter.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Face Detection.com">
+
+	<target host="facedetection.com" />
+	<target host="www.facedetection.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/fackforbunden.se.xml b/src/chrome/content/rules/fackforbunden.se.xml
new file mode 100644
index 000000000000..c70845258da3
--- /dev/null
+++ b/src/chrome/content/rules/fackforbunden.se.xml
@@ -0,0 +1,8 @@
+<ruleset name="fackforbunden.se">
+	<target host="fackforbunden.se" />
+	<target host="www.fackforbunden.se" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/fact.group.xml b/src/chrome/content/rules/fact.group.xml
new file mode 100644
index 000000000000..70cea7425392
--- /dev/null
+++ b/src/chrome/content/rules/fact.group.xml
@@ -0,0 +1,14 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://fact.group/ => https://fact.group/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.fact.group/ => https://www.fact.group/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="FACTgroup" default_off="failed ruleset test">
+    <target host="fact.group" />
+    <target host="www.fact.group" />
+
+    <rule from="^http:"
+        to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/factor.io.xml b/src/chrome/content/rules/factor.io.xml
new file mode 100644
index 000000000000..d9b8de6b0332
--- /dev/null
+++ b/src/chrome/content/rules/factor.io.xml
@@ -0,0 +1,21 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.factor.io/ => https://factor.io/: (6, 'Could not resolve host: factor.io')
+Fetch error: http://factor.io/ => https://factor.io/: (6, 'Could not resolve host: factor.io')
+Fetch error: http://www.factor.io/ => https://factor.io/: (6, 'Could not resolve host: factor.io')
+
+www.factor.io timed out
+docs.factor.io timed out
+-->
+<ruleset name="factor.io" default_off="failed ruleset test">
+	<target host="factor.io" />
+	<target host="www.factor.io" />
+
+	<rule from="^http://www\.factor\.io/"
+		to="https://factor.io/" />
+
+	<test url="http://www.factor.io/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/factorio.com.xml b/src/chrome/content/rules/factorio.com.xml
new file mode 100644
index 000000000000..6b585e683029
--- /dev/null
+++ b/src/chrome/content/rules/factorio.com.xml
@@ -0,0 +1,29 @@
+<!--
+	Mismatch:
+		- guide.factorio.com
+
+		- eswww.factorioforums.com
+		- wiki.factorioforums.com
+		- ww.w.factorioforums.com
+		- www.webmail.factorioforums.com
+-->
+<ruleset name="Factorio">
+	<target host="factorio.com"/>
+	<target host="www.factorio.com"/>
+	<target host="eu1.factorio.com"/>
+	<target host="eu2.factorio.com"/>
+	<target host="eu3.factorio.com"/>
+	<target host="forums.factorio.com"/>
+	<target host="mods.factorio.com"/>
+	<target host="wiki.factorio.com"/>
+
+	<target host="factorioforums.com"/>
+	<target host="www.factorioforums.com"/>
+
+	<test url="http://eu1.factorio.com/assets/img/factorio-logo.png" />
+	<test url="http://eu2.factorio.com/assets/img/factorio-logo.png" />
+	<test url="http://eu3.factorio.com/assets/img/factorio-logo.png" />
+
+	<rule from="^http:"
+		to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/factus.ru.xml b/src/chrome/content/rules/factus.ru.xml
new file mode 100644
index 000000000000..ea2d1e329c9e
--- /dev/null
+++ b/src/chrome/content/rules/factus.ru.xml
@@ -0,0 +1,12 @@
+<!--
+blog.factus.ru ¹
+
+
+¹ mismatch
+-->
+<ruleset name="factus.ru">
+	<target host="factus.ru" />
+	<target host="www.factus.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/fail0verflow.com.xml b/src/chrome/content/rules/fail0verflow.com.xml
new file mode 100644
index 000000000000..14fa2dd26779
--- /dev/null
+++ b/src/chrome/content/rules/fail0verflow.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="fail0verflow">
+
+	<target host="fail0verflow.com" />
+	<target host="www.fail0verflow.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/faiumoni.de.xml b/src/chrome/content/rules/faiumoni.de.xml
new file mode 100644
index 000000000000..08982f2312ac
--- /dev/null
+++ b/src/chrome/content/rules/faiumoni.de.xml
@@ -0,0 +1,28 @@
+<!--
+	STS header includes includeSubdomains
+
+-->
+<ruleset name="Faiumoni.de">
+
+	<target host="faiumoni.de" />
+	<target host="*.faiumoni.de" />
+
+		<!--	includeSubdomains applies to one level only, so:
+									-->
+		<exclusion pattern="^http://(?:[^./]+\.){2,}faiumoni\.de/" />
+
+			<!--	+ve:
+					-->
+			<test url="http://this.host.faiumoni.de/" />
+			<test url="http://exists.not.faiumoni.de/" />
+
+		<test url="http://www.faiumoni.de/" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/fakena.me.xml b/src/chrome/content/rules/fakena.me.xml
new file mode 100644
index 000000000000..a51f21ebce9d
--- /dev/null
+++ b/src/chrome/content/rules/fakena.me.xml
@@ -0,0 +1,9 @@
+<ruleset name="fakena.me">
+	<target host=    "fakena.me" />
+	<target host="www.fakena.me" />
+
+  	<securecookie host="^fakena\.me$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/fam-ad.com.xml b/src/chrome/content/rules/fam-ad.com.xml
new file mode 100644
index 000000000000..bb4e930ca293
--- /dev/null
+++ b/src/chrome/content/rules/fam-ad.com.xml
@@ -0,0 +1,16 @@
+<!--
+
+	Nonfunctional subdomains:
+
+		- admin	(refused)
+.
+-->
+<ruleset name="fam-ad.com (partial)">
+
+	<target host="fam-ad.com" />
+	<target host="img.fam-ad.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/familycouncil.gov.hk.xml b/src/chrome/content/rules/familycouncil.gov.hk.xml
new file mode 100644
index 000000000000..e34c8ae7e050
--- /dev/null
+++ b/src/chrome/content/rules/familycouncil.gov.hk.xml
@@ -0,0 +1,9 @@
+<!--
+	For other HK government coverage, see GovHK.xml.
+-->
+<ruleset name="Hong Kong Family Council">
+	<target host="event.familycouncil.gov.hk" />
+	<target host="www.familycouncil.gov.hk" />
+
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/fans.fm.xml b/src/chrome/content/rules/fans.fm.xml
new file mode 100644
index 000000000000..70ae524d9d8c
--- /dev/null
+++ b/src/chrome/content/rules/fans.fm.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these domains: ᶜ
+
+		- .fans.fm
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Fans.fm">
+
+	<target host="fans.fm" />
+	<target host="www.fans.fm" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.fans\.fm$" name="^_fansfm_session_all$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/fastcast.nz.xml b/src/chrome/content/rules/fastcast.nz.xml
new file mode 100644
index 000000000000..bc18c8de9cd3
--- /dev/null
+++ b/src/chrome/content/rules/fastcast.nz.xml
@@ -0,0 +1,18 @@
+<!--
+www.fastcast.nz ¹
+blog.fastcast.nz ¹
+
+
+¹ mismatch
+-->
+<ruleset name="fastcast.nz">
+	<target host="fastcast.nz" />
+	<target host="tracker.fastcast.nz" />
+
+	<target host="www.fastcast.nz" />
+
+	<rule from="^http://www\.fastcast\.nz/"
+		to="https://fastcast.nz/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/fastpiratebay.co.uk.xml b/src/chrome/content/rules/fastpiratebay.co.uk.xml
new file mode 100644
index 000000000000..cf89404970de
--- /dev/null
+++ b/src/chrome/content/rules/fastpiratebay.co.uk.xml
@@ -0,0 +1,7 @@
+<ruleset name="fastpiratebay.co.uk">
+	<target host="fastpiratebay.co.uk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/fatiguescience.com.xml b/src/chrome/content/rules/fatiguescience.com.xml
new file mode 100644
index 000000000000..61f0254767f5
--- /dev/null
+++ b/src/chrome/content/rules/fatiguescience.com.xml
@@ -0,0 +1,36 @@
+<!--
+	Problematic subdomains:
+		fatiguescience.com (certificate mismatch)
+
+	Invalid certificate:
+		ftp.fatiguescience.com
+		marketing.fatiguescience.com
+		www.app.fatiguescience.com
+		www.qa-app.fatiguescience.com
+		www.cat.fatiguescience.com
+
+	Refused:
+		board.fatiguescience.com
+		calendar.fatiguescience.com
+		drive.fatiguescience.com
+		intranet.fatiguescience.com
+		mail.fatiguescience.com
+		sites.fatiguescience.com
+		unify.fatiguescience.com
+-->
+<ruleset name="fatiguescience.com">
+	<target host="fatiguescience.com" />
+	<target host="www.fatiguescience.com" />
+	<target host="app.fatiguescience.com" />
+	<target host="cat.fatiguescience.com" />
+	<target host="desk.fatiguescience.com" />
+	<target host="guide.fatiguescience.com" />
+	<target host="help.fatiguescience.com" />
+	<target host="ops.fatiguescience.com" />
+	<target host="qa-app.fatiguescience.com" />
+	<target host="readiband.fatiguescience.com" />
+	<target host="staging-app.fatiguescience.com" />
+
+	<rule from="^http://fatiguescience\.com/" to="https://www.fatiguescience.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/fatwreck.com.xml b/src/chrome/content/rules/fatwreck.com.xml
new file mode 100644
index 000000000000..7c58dc251c14
--- /dev/null
+++ b/src/chrome/content/rules/fatwreck.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="Fat Wreck.com">
+
+	<target host="fatwreck.com" />
+	<target host="www.fatwreck.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/fbreader.org.xml b/src/chrome/content/rules/fbreader.org.xml
new file mode 100644
index 000000000000..cd9a2aa56be5
--- /dev/null
+++ b/src/chrome/content/rules/fbreader.org.xml
@@ -0,0 +1,14 @@
+<ruleset name="fbreader.org">
+	<target host="fbreader.org" />
+	<target host="www.fbreader.org" />
+	<target host="books.fbreader.org" />
+	<target host="data.fbreader.org" />
+	<target host="demo.fbreader.org" />
+	<target host="mail.fbreader.org" />
+	<target host="ru.fbreader.org" />
+	<target host="sdk.fbreader.org" />
+	<target host="sources.fbreader.org" />
+
+	<rule from="^http://www\.fbreader\.org/" to="https://fbreader.org/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/fckme.org.xml b/src/chrome/content/rules/fckme.org.xml
new file mode 100644
index 000000000000..e09cc41248f4
--- /dev/null
+++ b/src/chrome/content/rules/fckme.org.xml
@@ -0,0 +1,11 @@
+<ruleset name="fckme.org">
+
+	<target host="fckme.org" />
+	<target host="www.fckme.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/fczbkk.com.xml b/src/chrome/content/rules/fczbkk.com.xml
new file mode 100644
index 000000000000..4c29578dd6c1
--- /dev/null
+++ b/src/chrome/content/rules/fczbkk.com.xml
@@ -0,0 +1,58 @@
+<!--
+	Invalid certificate:
+		ftp.fczbkk.com
+		autodiscover.xbox.fczbkk.com
+		autodiscover.content.fczbkk.com
+		autodiscover.epicentrum.fczbkk.com
+
+	Refused:
+		acidlog.fczbkk.com
+		www.acidlog.fczbkk.com
+		prohibiter.fczbkk.com
+		www.prohibiter.fczbkk.com
+-->
+<ruleset name="fczbkk.com">
+	<target host="fczbkk.com" />
+	<target host="www.fczbkk.com" />
+	<target host="api.fczbkk.com" />
+	<target host="www.api.fczbkk.com" />
+	<target host="autodiscover.fczbkk.com" />
+	<target host="bordel.fczbkk.com" />
+	<target host="www.bordel.fczbkk.com" />
+	<target host="content.fczbkk.com" />
+	<target host="www.content.fczbkk.com" />
+	<target host="dataproxy.fczbkk.com" />
+	<target host="www.dataproxy.fczbkk.com" />
+	<target host="dev.fczbkk.com" />
+	<target host="epicentrum.fczbkk.com" />
+	<target host="www.epicentrum.fczbkk.com" />
+	<target host="firefox-releases.fczbkk.com" />
+	<target host="www.firefox-releases.fczbkk.com" />
+	<target host="kindle.fczbkk.com" />
+	<target host="www.kindle.fczbkk.com" />
+	<target host="login.fczbkk.com" />
+	<target host="www.login.fczbkk.com" />
+	<target host="mail.fczbkk.com" />
+	<target host="placeholder.fczbkk.com" />
+	<target host="www.placeholder.fczbkk.com" />
+	<target host="projects.fczbkk.com" />
+	<target host="www.projects.fczbkk.com" />
+	<target host="punkconsumer.fczbkk.com" />
+	<target host="www.punkconsumer.fczbkk.com" />
+	<target host="radar.fczbkk.com" />
+	<target host="www.radar.fczbkk.com" />
+	<target host="silk.fczbkk.com" />
+	<target host="www.silk.fczbkk.com" />
+	<target host="ski.fczbkk.com" />
+	<target host="www.ski.fczbkk.com" />
+	<target host="tvchat.fczbkk.com" />
+	<target host="www.tvchat.fczbkk.com" />
+	<target host="uninstall.fczbkk.com" />
+	<target host="www.uninstall.fczbkk.com" />
+	<target host="webdisk.fczbkk.com" />
+	<target host="webmail.fczbkk.com" />
+	<target host="xbox.fczbkk.com" />
+	<target host="www.xbox.fczbkk.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/fe.ru.xml b/src/chrome/content/rules/fe.ru.xml
new file mode 100644
index 000000000000..e45f217ef734
--- /dev/null
+++ b/src/chrome/content/rules/fe.ru.xml
@@ -0,0 +1,19 @@
+<!--
+my.fe.ru ⁴
+ns1.fe.ru ²
+ns2.fe.ru ²
+
+
+² refused
+⁴ self signed
+-->
+<ruleset name="fe.ru">
+	<target host="fe.ru" />
+	<target host="www.fe.ru" />
+	<target host="cpanel.fe.ru" />
+	<target host="mail.fe.ru" />
+	<target host="webdisk.fe.ru" />
+	<target host="webmail.fe.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/febo.com.xml b/src/chrome/content/rules/febo.com.xml
new file mode 100644
index 000000000000..e5dd75ece605
--- /dev/null
+++ b/src/chrome/content/rules/febo.com.xml
@@ -0,0 +1,21 @@
+<!--
+	Mixed content:
+
+		- favicon from www.febo.com ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="febo.com">
+
+	<target host="febo.com" />
+	<target host="www.febo.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/feed.press.xml b/src/chrome/content/rules/feed.press.xml
new file mode 100644
index 000000000000..f740af05d899
--- /dev/null
+++ b/src/chrome/content/rules/feed.press.xml
@@ -0,0 +1,43 @@
+<!--
+	Nonfunctional hosts in *feed.press:
+
+		- uptime ⁴
+
+	⁴ 404
+
+
+	Problematic hosts in *feed.press:
+
+		- support ᵐ
+
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- feed.press
+		- support.feed.press
+		- www.feed.press
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Feed.Press (partial)">
+
+	<target host="feed.press" />
+	<target host="www.feed.press" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?feed\.press$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^support\.feed\.press$" name="^PLAY_SESSION$" /-->
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/feedpress.it.xml b/src/chrome/content/rules/feedpress.it.xml
new file mode 100644
index 000000000000..d38a93de1e14
--- /dev/null
+++ b/src/chrome/content/rules/feedpress.it.xml
@@ -0,0 +1,27 @@
+<!--
+	(www.)?feedpress.it does not exist.
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- tracking.feedpress.it
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="FeedPress.it">
+
+	<target host="tracking.feedpress.it" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^tracking\.feedpress\.it$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/femen.org.xml b/src/chrome/content/rules/femen.org.xml
new file mode 100644
index 000000000000..8b9305f6bc3e
--- /dev/null
+++ b/src/chrome/content/rules/femen.org.xml
@@ -0,0 +1,6 @@
+<ruleset name="femen.org" platform="mixedcontent">
+	<target host="femen.org" />
+	<target host="www.femen.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/feuerwehr-neureut.de.xml b/src/chrome/content/rules/feuerwehr-neureut.de.xml
new file mode 100644
index 000000000000..6c0e2e70f8eb
--- /dev/null
+++ b/src/chrome/content/rules/feuerwehr-neureut.de.xml
@@ -0,0 +1,14 @@
+<!--
+	Invalid certificate:
+		www.ffn2012.feuerwehr-neureut.de
+-->
+<ruleset name="Freiwillige Feuerwehr Neureut">
+
+	<target host="feuerwehr-neureut.de" />
+	<target host="www.feuerwehr-neureut.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/fflorain.bank.xml b/src/chrome/content/rules/fflorain.bank.xml
new file mode 100644
index 000000000000..258abbca0692
--- /dev/null
+++ b/src/chrome/content/rules/fflorain.bank.xml
@@ -0,0 +1,8 @@
+<ruleset name="fflorain.bank">
+	<target host="fflorain.bank" />
+	<target host="www.fflorain.bank" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/fh-nuernberg.de.xml b/src/chrome/content/rules/fh-nuernberg.de.xml
new file mode 100644
index 000000000000..5794d00d042b
--- /dev/null
+++ b/src/chrome/content/rules/fh-nuernberg.de.xml
@@ -0,0 +1,35 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+		- hfmbib.ads1.fh-nuernberg.de
+		- db0fhn.efi.fh-nuernberg.de
+		- zuse1.efi.fh-nuernberg.de
+
+		Timeout was reached:
+		- fh-nuernberg.de
+		- quadra.ar.fh-nuernberg.de
+		- schorsch.efi.fh-nuernberg.de
+		- informatik.fh-nuernberg.de
+
+		SSL connect error:
+		- bwc188113.bw.fh-nuernberg.de
+		- cryptography.informatik.fh-nuernberg.de
+		- fbi.informatik.fh-nuernberg.de
+		- www.informatik.fh-nuernberg.de
+
+		SSL peer certificate was not OK:
+		- fachschaften.fh-nuernberg.de
+		- fachschaft.informatik.fh-nuernberg.de
+		- jobboerse.informatik.fh-nuernberg.de
+		- seeyou.informatik.fh-nuernberg.de
+		- www.fh-nuernberg.de
+-->
+<ruleset name="fh-nuernberg.de">
+	<target host="www.efi.fh-nuernberg.de" />
+	<target host="git.informatik.fh-nuernberg.de" />
+	<target host="jobboerse.fh-nuernberg.de" />
+	<target host="studiengangstest.de" />
+	<target host="www.studiengangstest.de" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/fh-nuernberg.eu.xml b/src/chrome/content/rules/fh-nuernberg.eu.xml
new file mode 100644
index 000000000000..5e55c21f11a7
--- /dev/null
+++ b/src/chrome/content/rules/fh-nuernberg.eu.xml
@@ -0,0 +1,11 @@
+<!--
+	Non-functional hosts
+		Timeout was reached:
+		- fh-nuernberg.eu
+-->
+<ruleset name="fh-nuernberg.eu">
+	<target host="th-nuernberg.eu" />
+	<target host="www.th-nuernberg.eu" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/fiddler2.com.xml b/src/chrome/content/rules/fiddler2.com.xml
index 6b8dea95bbf3..c3ef02b98e59 100644
--- a/src/chrome/content/rules/fiddler2.com.xml
+++ b/src/chrome/content/rules/fiddler2.com.xml
@@ -7,7 +7,6 @@
 	<securecookie host="^(?:www\.)?fiddler2\.com" name=".+" />
 
 
-	<rule from="^http://(www\.)?fiddler2\.com/"
-		to="https://$1fiddler2.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/fieldnation.com.xml b/src/chrome/content/rules/fieldnation.com.xml
new file mode 100644
index 000000000000..f72b4f01eaeb
--- /dev/null
+++ b/src/chrome/content/rules/fieldnation.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="fieldnation.com">
+
+	<target host="app.fieldnation.com" />
+	<target host="www.fieldnation.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/fife.gov.uk.xml b/src/chrome/content/rules/fife.gov.uk.xml
new file mode 100644
index 000000000000..d7d0f6f03f58
--- /dev/null
+++ b/src/chrome/content/rules/fife.gov.uk.xml
@@ -0,0 +1,72 @@
+<!--
+	Fife Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *fife.gov.uk:
+
+		- planning ʳ
+
+	ʳ Refused
+
+
+	Problematic hosts in *fife.gov.uk:
+
+		- (www.)? ᵐ
+		- socialwork ᵐ ˣ
+
+	ᵐ Mismatched
+	ˣ Mixed css, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+
+	These altnames do not exist:
+
+		- map03.fife.gov.uk
+		- maps03.fife.gov.uk
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- knowfife.fife.gov.uk
+		- socialwork.fife.gov.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css on soclialwork from $self
+		- Images on soclialwork from $self
+
+-->
+<ruleset name="Fife.gov.uk (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="knowfife.fife.gov.uk" />
+	<target host="maps.fife.gov.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="fife.gov.uk" />
+	<target host="www.fife.gov.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^knowfife\.fife\.gov\.uk$" name="^(?:ASP\.NET_SessionId|ias\.Locale|ias\.PreferredItemCount)$" /-->
+	<!--securecookie host="^socialwork\.fife\.gov\.uk$" name="^MoodleSessionfife$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?fife\.gov\.uk/"
+		to="https://www.fifedirect.org.uk/" />
+
+		<test url="http://www.fife.gov.uk/index.cfm" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/fightcopyrighttrolls.com.xml b/src/chrome/content/rules/fightcopyrighttrolls.com.xml
new file mode 100644
index 000000000000..6d827a29a8f4
--- /dev/null
+++ b/src/chrome/content/rules/fightcopyrighttrolls.com.xml
@@ -0,0 +1,21 @@
+<!--
+	Mixed content:
+
+		- Bug from pr.prchecker.info ᶠ
+
+	ᶠ Unsecurable <= handshake fails
+
+-->
+<ruleset name="Fight Copyright Trolls.com">
+
+	<target host="fightcopyrighttrolls.com" />
+	<target host="www.fightcopyrighttrolls.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/file.pizza.xml b/src/chrome/content/rules/file.pizza.xml
new file mode 100644
index 000000000000..352b8cdb261a
--- /dev/null
+++ b/src/chrome/content/rules/file.pizza.xml
@@ -0,0 +1,5 @@
+<ruleset name="file.pizza">
+	<target host="file.pizza" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/filecrypt.cc.xml b/src/chrome/content/rules/filecrypt.cc.xml
new file mode 100644
index 000000000000..2e174b4c4105
--- /dev/null
+++ b/src/chrome/content/rules/filecrypt.cc.xml
@@ -0,0 +1,13 @@
+<ruleset name="Filecrypt.cc">
+
+    <target host="filecrypt.cc"/>
+    <target host="www.filecrypt.cc"/>
+
+    <securecookie host="^(www\.)?filecrypt\.cc" name=".+" />
+
+    <test url="http://filecrypt.cc/helper.html"/>
+
+    <exclusion pattern="^http://filecrypt\.cc/helper\.html"/>
+    <rule from="^http:" to="https:"/>
+
+</ruleset>
diff --git a/src/chrome/content/rules/filecrypt.co.xml b/src/chrome/content/rules/filecrypt.co.xml
new file mode 100644
index 000000000000..97e19e6ee02d
--- /dev/null
+++ b/src/chrome/content/rules/filecrypt.co.xml
@@ -0,0 +1,6 @@
+<ruleset name="filecrypt.co">
+	<target host="filecrypt.co" />
+	<target host="www.filecrypt.co" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/filediva.com.xml b/src/chrome/content/rules/filediva.com.xml
new file mode 100644
index 000000000000..ff390bec538e
--- /dev/null
+++ b/src/chrome/content/rules/filediva.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="filediva.com">
+	<target host="filediva.com" />
+	<target host="www.filediva.com" />
+
+	<rule from="^http://filediva\.com/" to="https://www.filediva.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/filesharingpremium.com.xml b/src/chrome/content/rules/filesharingpremium.com.xml
new file mode 100644
index 000000000000..01e63fa3a02b
--- /dev/null
+++ b/src/chrome/content/rules/filesharingpremium.com.xml
@@ -0,0 +1,36 @@
+<!--
+	www.filesharingpremium.com: Mismatched
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- filesharingpremium.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Filesharingpremium.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="filesharingpremium.com" />
+
+	<!--	Complications:
+				-->
+	<target host="www.filesharingpremium.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^filesharingpremium\.com$" name="^frontend$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://www\.filesharingpremium\.com/"
+		to="https://filesharingpremium.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/filesharingshop.com.xml b/src/chrome/content/rules/filesharingshop.com.xml
new file mode 100644
index 000000000000..61f5eda131da
--- /dev/null
+++ b/src/chrome/content/rules/filesharingshop.com.xml
@@ -0,0 +1,27 @@
+<!--
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- filesharingshop.com
+		- .filesharingshop.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="FileSharingShop.com">
+
+	<target host="filesharingshop.com" />
+	<target host="www.filesharingshop.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^filesharingshop\.com$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^\.filesharingshop\.com$" name="^(?:currency|language)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/filesmonster.com.xml b/src/chrome/content/rules/filesmonster.com.xml
new file mode 100644
index 000000000000..20710afe3914
--- /dev/null
+++ b/src/chrome/content/rules/filesmonster.com.xml
@@ -0,0 +1,27 @@
+<!--
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- filesmonster.com
+		- .filesmonster.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="FilesMonster.com">
+
+	<target host="filesmonster.com" />
+	<target host="www.filesmonster.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^filesmonster\.com$" name="^(?:PHPSESSID|hascookies)$" /-->
+	<!--securecookie host="^\.filesmonster\.com$" name="^yab_(?:country|last_click|logined|sess_id|uid|ulanguage)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/film.ru.xml b/src/chrome/content/rules/film.ru.xml
new file mode 100644
index 000000000000..00dfe5c7ae13
--- /dev/null
+++ b/src/chrome/content/rules/film.ru.xml
@@ -0,0 +1,13 @@
+<!--forum. different content
+inspectorspacetime. different content
+entourage. self signed
+ternii. protocol error
+wrongturn. protocol error
+brat2. protocol error
+sisters. protocol error
+neo. protocol error-->
+<ruleset name="film.ru">
+	<target host="film.ru" />
+	<target host="www.film.ru" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/filmaffinity.com.xml b/src/chrome/content/rules/filmaffinity.com.xml
new file mode 100644
index 000000000000..5a525b1d6187
--- /dev/null
+++ b/src/chrome/content/rules/filmaffinity.com.xml
@@ -0,0 +1,33 @@
+<!--
+	Insecure cookies are set for these domains and hosts:
+
+		- .filmaffinity.com
+		- www.filmaffinity.com
+
+
+	Mixed content:
+
+		- Images on www from pics.filmaffinity.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="FilmAffinity.com">
+
+	<target host="filmaffinity.com" />
+	<target host="pics.filmaffinity.com" />
+	<target host="www.filmaffinity.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.filmaffinity\.com$" name="^FCP$" /-->
+	<!--securecookie host="^www\.filmaffinity\.com$" name="^client-data$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/filmarkivet.no.xml b/src/chrome/content/rules/filmarkivet.no.xml
new file mode 100644
index 000000000000..d0e94e37c23a
--- /dev/null
+++ b/src/chrome/content/rules/filmarkivet.no.xml
@@ -0,0 +1,48 @@
+<!--
+	^filmarkivet.no: Mismatched
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.filmarkivet.no
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css from www.dagbladet.no ˢ
+		- Images from gfx.dagbladet.no ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Filmarkivet.no" platform="mixedcontent">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.filmarkivet.no" />
+
+		<!--	Mixed css:
+					-->
+		<!--test url="http://www.filmarkivet.no/?pid=1" /-->
+
+	<!--	Complications:
+				-->
+	<target host="filmarkivet.no" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.filmarkivet\.no$" name="^(?:ASP\.NET_SessionId|partner)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://filmarkivet\.no/"
+		to="https://www.filmarkivet.no/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/finalbuilder.com.xml b/src/chrome/content/rules/finalbuilder.com.xml
new file mode 100644
index 000000000000..01f034a95aa0
--- /dev/null
+++ b/src/chrome/content/rules/finalbuilder.com.xml
@@ -0,0 +1,11 @@
+<!--
+wiki.finalbuilder.com timed out
+static.finalbuilder.com timed out
+help.finalbuilder.com mismatch
+-->
+<ruleset name="finalbuilder.com">
+	<target host="finalbuilder.com" />
+	<target host="www.finalbuilder.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/finalist.nl.xml b/src/chrome/content/rules/finalist.nl.xml
new file mode 100644
index 000000000000..74aa4ce7f8bf
--- /dev/null
+++ b/src/chrome/content/rules/finalist.nl.xml
@@ -0,0 +1,15 @@
+<ruleset name="Finalist.nl">
+
+	<target host="finalist.nl" />
+	<target host="mailing.finalist.nl" />
+	<target host="www.finalist.nl" />
+
+
+	<securecookie host="^\." name="^(?:__cfduid$|_ga|cf_clearance$)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/finam.ru.xml b/src/chrome/content/rules/finam.ru.xml
new file mode 100644
index 000000000000..45c099240a29
--- /dev/null
+++ b/src/chrome/content/rules/finam.ru.xml
@@ -0,0 +1,58 @@
+<!--
+bank.finam.ru mismatch
+berezniki.finam.ru 1
+blagoveshensk.finam.ru 1
+bonds.finam.ru 1
+bryansk.finam.ru 1
+cabinet.finam.ru 1
+chaykovskiy.finam.ru 1
+cherepovets.finam.ru 1
+dist.finam.ru 1
+ekaterinburg.finam.ru 1
+eysk.finam.ru 1
+forum.finam.ru timed out
+ivanovo.finam.ru 1
+kaluga.finam.ru 1
+kemerovo.finam.ru 1
+kursk.finam.ru 1
+nnov.finam.ru 1
+node.finam.ru 1
+norilsk.finam.ru 1
+noyabrsk.finam.ru 1
+oktyabrsky.finam.ru 1
+old.finam.ru mismatch
+partners.finam.ru mismatch
+pda.finam.ru 1
+penza.finam.ru 1
+perm.finam.ru 1
+petrozavodsk.finam.ru 1
+pyatigorsk.finam.ru 1
+ryazan.finam.ru 1
+saratov.finam.ru 1
+shop.finam.ru mixed content
+spb.finam.ru 1
+syktyvkar.finam.ru 1
+taganrog.finam.ru 1
+togliatti.finam.ru 1
+tver.finam.ru 1
+ufa.finam.ru 1
+ulianovsk.finam.ru 1
+urengoy.finam.ru 1
+vladimir.finam.ru 1
+voronezh.finam.ru 1
+
+1 refused
+-->
+<ruleset name="finam.ru">
+	<target host="finam.ru" />
+	<target host="www.finam.ru" />
+	<target host="edox.finam.ru" />
+	<target host="forex.finam.ru" />
+	<target host="forexcabinet.finam.ru" />
+	<target host="ibank.finam.ru" />
+	<target host="zaoik.finam.ru" />
+	<target host="js.net.finam.ru" />
+	<target host="news.net.finam.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/financial-net.com.xml b/src/chrome/content/rules/financial-net.com.xml
new file mode 100644
index 000000000000..589c3c928840
--- /dev/null
+++ b/src/chrome/content/rules/financial-net.com.xml
@@ -0,0 +1,35 @@
+<!--
+	These altnames do not exist:
+
+		- financial-net.com
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.ea.financial-net.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="financial-net.com">
+
+	<target host="www.ea.financial-net.com" />
+	<target host="www.financial-net.com" />
+
+		<!--	$ 403s, so:
+					-->
+		<test url="http://www.financial-net.com/1stbergen/Logon?LoginMethod=Express" />
+		<test url="http://www.ea.financial-net.com/vbsts/Tasks/Logoff.aspx?wa=wsignout1.0" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.ea\.financial-net\.com$" name="^EA\.FINCL_COOKIE$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/finanzcheck.de.xml b/src/chrome/content/rules/finanzcheck.de.xml
new file mode 100644
index 000000000000..6aa8089d4d01
--- /dev/null
+++ b/src/chrome/content/rules/finanzcheck.de.xml
@@ -0,0 +1,31 @@
+<!--
+	CDN buckets:
+
+		- finanzcheck-cdn.s3.eu-central-1.amazonaws.com
+
+
+	Insecure cookies are set for these hosts:
+
+		- affiliate.finanzcheck.de
+		- www.finanzcheck.de
+
+-->
+<ruleset name="Finanzcheck.de">
+
+	<target host="finanzcheck.de" />
+	<target host="affiliate.finanzcheck.de" />
+	<target host="www.finanzcheck.de" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^affiliate\.finanzcheck\.de$" name="^FCAffiliate$" /-->
+	<!--securecookie host="^www\.finanzcheck\.de$" name="^FCID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/findchildcare.taipei.xml b/src/chrome/content/rules/findchildcare.taipei.xml
new file mode 100644
index 000000000000..dcc392ebdd3e
--- /dev/null
+++ b/src/chrome/content/rules/findchildcare.taipei.xml
@@ -0,0 +1,6 @@
+<ruleset name="findchildcare.taipei">
+	<target host="findchildcare.taipei" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/finlex.xml b/src/chrome/content/rules/finlex.xml
index 1fcc8d5d676f..82620611b91e 100644
--- a/src/chrome/content/rules/finlex.xml
+++ b/src/chrome/content/rules/finlex.xml
@@ -1,7 +1,13 @@
-<ruleset name="Finlex" platform="mixedcontent">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://finlex.fi/ => https://www.finlex.fi/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.finlex.fi/ => https://www.finlex.fi/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+-->
+<ruleset name="Finlex" platform="mixedcontent" default_off="failed ruleset test">
   <target host="finlex.fi" />
   <target host="www.finlex.fi" />
-  
-<rule from="^http://(www\.)?finlex\.fi/" to="https://www.finlex.fi/"/>
-<rule from="^https://finlex\.fi/" to="https://www.finlex.fi/"/>
+
+<rule from="^http://(?:www\.)?finlex\.fi/" to="https://www.finlex.fi/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/finseth.com.xml b/src/chrome/content/rules/finseth.com.xml
new file mode 100644
index 000000000000..5e7707742f46
--- /dev/null
+++ b/src/chrome/content/rules/finseth.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="Finseth.com">
+
+	<target host="finseth.com" />
+	<target host="www.finseth.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/fir.im.xml b/src/chrome/content/rules/fir.im.xml
new file mode 100644
index 000000000000..39947285dd42
--- /dev/null
+++ b/src/chrome/content/rules/fir.im.xml
@@ -0,0 +1,33 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://incode.fir.im/ => https://incode.fir.im/: (51, "SSL: no alternative certificate subject name matches target host name 'incode.fir.im'")
+Fetch error: http://tweb.fir.im/ => https://tweb.fir.im/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+
+	Invalid cert：
+		firicon.fir.im
+		firimg.fir.im
+		pkg3.fir.im
+
+	Break load forum avatar images in https://firimg.fir.im/ :
+		club.fir.im
+-->
+
+<ruleset name="fir.im (partial)" default_off="failed ruleset test">
+
+	<target host="fir.im" />
+	<target host="www.fir.im" />
+	<target host="www1.fir.im" />
+
+	<target host="account.fir.im" />
+	<target host="api.fir.im" />
+	<target host="blog.fir.im" />
+	<target host="download.fir.im" />
+	<target host="ga.fir.im" />
+	<target host="incode.fir.im" />
+	<target host="tweb.fir.im" />
+	<target host="usercenter.fir.im" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/firealpaca.com.xml b/src/chrome/content/rules/firealpaca.com.xml
new file mode 100644
index 000000000000..688997313ef2
--- /dev/null
+++ b/src/chrome/content/rules/firealpaca.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="firealpaca.com">
+	<target host="firealpaca.com" />
+	<target host="www.firealpaca.com" />
+
+	<rule from="^http://www\.firealpaca\.com/" to="https://firealpaca.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/firefly.city.xml b/src/chrome/content/rules/firefly.city.xml
new file mode 100644
index 000000000000..0c9a576d38bb
--- /dev/null
+++ b/src/chrome/content/rules/firefly.city.xml
@@ -0,0 +1,8 @@
+<ruleset name="firefly.city">
+	<target host="firefly.city" />
+	<target host="www.firefly.city" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/firehol.org.xml b/src/chrome/content/rules/firehol.org.xml
new file mode 100644
index 000000000000..f594ebb021e1
--- /dev/null
+++ b/src/chrome/content/rules/firehol.org.xml
@@ -0,0 +1,23 @@
+<!--
+	master.firehol.org ¹
+	vps.firehol.org ¹
+
+	¹ mismatch
+
+-->
+<ruleset name="firehol.org">
+
+	<target host="firehol.org" />
+	<target host="www.firehol.org" />
+	<target host="iplists.firehol.org" />
+	<target host="lists.firehol.org" />
+	<target host="netdata.firehol.org" />
+	<target host="netdata1.firehol.org" />
+	<target host="netdata2.firehol.org" />
+	<target host="test.firehol.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/firmstep.com-mixedcontent.xml b/src/chrome/content/rules/firmstep.com-mixedcontent.xml
new file mode 100644
index 000000000000..09ff996a526d
--- /dev/null
+++ b/src/chrome/content/rules/firmstep.com-mixedcontent.xml
@@ -0,0 +1,39 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://epetitionslincolnshire.firmstep.com/ => https://epetitionslincolnshire.firmstep.com/: (51, "SSL: no alternative certificate subject name matches target host name 'epetitionslincolnshire.firmstep.com'")
+Fetch error: http://richmondshire.firmstep.com/ => https://richmondshire.firmstep.com/: (51, "SSL: no alternative certificate subject name matches target host name 'richmondshire.firmstep.com'")
+
+	For rules not causing MCB, see firmstep.com.xml.
+
+-->
+<ruleset name="Firmstep.com (MCB)" platform="mixedcontent" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="charnwood.firmstep.com" />
+	<target host="corbycam.firmstep.com" />
+	<target host="douglas.firmstep.com" />
+	<target host="epetitionslincolnshire.firmstep.com" />
+	<target host="hastings.firmstep.com" />
+	<target host="lancashire.firmstep.com" />
+	<target host="northlincolnshire.firmstep.com" />
+	<target host="richmondshire.firmstep.com" />
+	<target host="waverley.firmstep.com" />
+
+	<!--	Complications:
+				-->
+	<target host="www.douglas.firmstep.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+	<securecookie host="^\.(?:epetitionslincolnshire|richmondshire)\." name=".+" />
+
+
+	<rule from="^http://www\.douglas\.firmstep\.com/"
+		to="https://douglas.firmstep.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/firmstep.com.xml b/src/chrome/content/rules/firmstep.com.xml
new file mode 100644
index 000000000000..a7e006276849
--- /dev/null
+++ b/src/chrome/content/rules/firmstep.com.xml
@@ -0,0 +1,204 @@
+<!--
+	For rules causing MCB, see firmstep.com-falsemixed.xml.
+
+	Other Firmstep rulesets:
+
+		- achieveservice.com.xml
+
+
+	CDN buckets:
+
+		- firmstepcss.s3.amazonaws.com
+		- firmstepimages.s3.amazonaws.com
+		- fs-downloads.s3.amazonaws.com
+		- fs-drupal-rochford.s3.amazonaws.com
+		- fs-filestore-eu.s3.amazonaws.com
+
+
+	Nonfunctional hosts in *firmstep.com:
+
+		- blog ᵀ ʳ
+		- chelmsfordawards ʳ
+		- mindtouch ʳ
+
+	ʳ Refused
+	ᵀ Tumblr
+
+
+	Problematic hosts in *firmstep.com:
+
+		- ^ ᵈ
+		- charnwood ˣ
+		- corbycam ˣ
+		- douglas ˣ
+		- www.douglas ᵐ
+		- epetitionslincolnshire ˣ
+
+		- assets.govplatform ᵐ
+		- chelmsford.govplatform ᵐ
+		- harlow-dev.govplatform ᵐ
+		- rochford-live.govplatform ᵐ
+		- scarborough-cms-live.govplatform ᵐ
+
+		- harlow ˣ
+		- hastings ˣ
+		- lancashire ˣ
+		- northlincolnshire ˣ
+		- waverley ˣ
+
+	ᵈ Dropped, preemptable redirect
+	ᵐ Mismatched
+	ˣ Mixed css, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .firmstep.com
+		- .epetitionslincolnshire.firmstep.com
+		- .richmondshire.firmstep.com
+		- support.firmstep.com
+		- (account_vhost).firmstep.com
+
+
+	Mixed content:
+
+		- css, on:
+
+			- charnwood from www.charnwood.gov.uk
+			- charnwood, northlincolnshire, waverly from fonts.googleapis.com ˢ
+			- corbycam, douglas, lancashire from fs-filestore-eu.s3.amazonaws.com ˢ
+			- douglas from douglas.co.im
+			- douglas from douglas.im
+			- epetitionslincolnshire, richmondshire from assets.govplatform.firmstep.com ᵐ
+			- harlow from www.harlow.gov.uk ᵐ
+			- hastings from www.hastings.gov.uk ˢ
+			- lancashire from new.lancashire.gov.uk
+			- lancashire from www.lancashire.gov.uk
+			- newcastleccas from www.newcastle.gov.uk ˢ
+			- northlincolnshire from www.northlincs.gov.uk:81 ᵖ
+			- waverley from www.waverlay.gov.uk
+
+		- Images, on:
+
+			- richmondshire from assets.govplatform.firmstep.com ᵐ
+			- corbycam from www.firmstep.com ˢ
+			- douglas from douglas.co.im
+			- harlow from www.harlow.gov.uk ᵐ
+			- hastings from www.hastings.gov.uk ˢ
+			- lancashire, spelthome from fs-filestore-eu.s3.amazonaws.com ˢ
+			- lancashire from www.lancashire.gov.uk
+			- lewesdc from www.lewes.gov.uk
+			- maidstone from www.maidstone.gov.uk ʳ
+			- northlincolnshire from www.northlincs.gov.uk:81 ᵖ
+			- waverley from www.waverlay.gov.uk
+			- wirral from www.wirral.gov.uk ˢ
+
+	ᵐ Not secured by us <= mismatched
+	ᵖ Unsecurable <= plaintext reply
+	ʳ Unsecurable <= refused
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Firmstep.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="support.firmstep.com" />
+	<target host="www.firmstep.com" />
+
+	<!--	(account vhosts:)
+					-->
+	<target host="babergh.firmstep.com" />
+	<target host="bedford.firmstep.com" />
+	<target host="bracknell.firmstep.com" />
+	<target host="broxtowe.firmstep.com" />
+	<target host="burymbc.firmstep.com" />
+	<!--target host="charnwood.firmstep.com" /-->
+	<target host="chelmsfordgov.firmstep.com" />
+	<target host="cityoflondon.firmstep.com" />
+	<!--target host="corbycam.firmstep.com" /-->
+	<target host="coventry.firmstep.com" />
+	<target host="crawley.firmstep.com" />
+	<target host="crawleybc.firmstep.com" />
+	<!--target host="douglas.firmstep.com" /-->
+	<target host="dudley.firmstep.com" />
+	<target host="east-riding.firmstep.com" />
+	<!--target host="epetitionslincolnshire.firmstep.com" /-->
+	<target host="gloucestershire.firmstep.com" />
+	<target host="guildford.firmstep.com" />
+	<target host="hampshire.firmstep.com" />
+	<!--target host="hastings.firmstep.com" /-->
+	<target host="hillingdon.firmstep.com" />
+	<target host="hullcc.firmstep.com" />
+	<target host="kentcc.firmstep.com" />
+	<target host="kirklees.firmstep.com" />
+	<!--target host="lancashire.firmstep.com" /-->
+	<target host="leicestershirecc.firmstep.com" />
+	<target host="lewesdc.firmstep.com" />
+	<target host="lincs.firmstep.com" />
+	<target host="maidstone.firmstep.com" />
+	<target host="maldon.firmstep.com" />
+	<target host="middlesbrough.firmstep.com" />
+	<target host="mybexley.firmstep.com" />
+	<target host="myfreeschoolmeals.firmstep.com" />
+	<target host="newcastleccas.firmstep.com" />
+	<target host="northamptonshire.firmstep.com" />
+	<!--target host="northlincolnshire.firmstep.com" /-->
+	<target host="richmond.firmstep.com" />
+	<!--target host="richmondshire.firmstep.com" /-->
+	<target host="rigov.firmstep.com" />
+	<target host="rochford.firmstep.com" />
+	<target host="southend.firmstep.com" />
+	<target host="southampton.firmstep.com" />
+	<target host="southkesteven.firmstep.com" />
+	<target host="spelthorne.firmstep.com" />
+	<target host="suffolkcoastalandwaveney.firmstep.com" />
+	<target host="suffolkcoastalandwaveneyl.firmstep.com" />
+	<target host="waveney.firmstep.com" />
+	<!--target host="waverley.firmstep.com" /-->
+	<target host="wirral.firmstep.com" />
+
+	<!--	Complications:
+				-->
+	<target host="firmstep.com" />
+	<!--target host="www.douglas.firmstep.com" /-->
+
+		<!--	Mixed css:
+					-->
+		<!--test url="http://charnwood.firmstep.com/default.aspx/RenderForm/?F.Name=OIdAKRhiCTS&amp;HideAll=1" /-->
+		<!--test url="http://corbycam.firmstep.com/default.aspx/RenderForm/?F.Name=is5SUMSxABU&amp;HideToolbar=1" /-->
+		<!--test url="http://douglas.firmstep.com/default.aspx/RenderForm/?F.Name=L9JRZGYEVki&amp;HideToolbar=1" /-->
+		<!--test url="http://harlow.firmstep.com/popup.aspx/RenderForm/?F.Name=ByhNtbTfqCh" /-->
+		<!--test url="http://hastings.firmstep.com/popup.aspx/RenderForm/?F.Name=WcZ8kTt71PM" /-->
+		<!--test url="http://lancashire.firmstep.com/default.aspx/RenderForm/?HideToolbar=1&amp;F.Name=CenurCvJqjx" /-->
+		<!--test url="http://northlincolnshire.firmstep.com/popup.aspx/RenderForm/?F.Name=GCg1vi7jUB6" /-->
+		<!--test url="http://richmondshire.firmstep.com/petitions/public-toilet-closure-funding-withdrawal" /-->
+
+		<!--	Mixed images:
+					-->
+		<!--test url="http://lewesdc.firmstep.com/default.aspx/RenderForm/?F.Name=D0Up_SxWCOz" /-->
+		<!--test url="http://newcastleccas.firmstep.com/popup.aspx/RenderForm/?F.Name=FMDPea9huMW" /-->
+		<!--test url="http://spelthorne.firmstep.com/popup.aspx/RenderForm/?F.Name=rkangzan886&amp;HideToolbar=1" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.(?:epetitionslincolnshire\.|richmondshire\.)?firmstep\.com$" name="^SESS[\da-f]{32}$" /-->
+	<!--securecookie host="^support\.firmstep\.com$" name="^_helpkit_session$" /-->
+	<!--securecookie host="^(account_vhost)\.firmstep\.com$" name="^AWSELB$" /-->
+	<!--securecookie host="^(account_vhost_subset)\.firmstep\.com$" name="^firmstep2se(?:rver|ssion)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+	<!--securecookie host="^\.(?:epetitionslincolnshire|richmondshire)\." name="." /-->
+
+
+	<rule from="^http://firmstep\.com/"
+		to="https://www.firmstep.com/" />
+
+	<!--rule from="^http://www\.douglas\.firmstep\.com/"
+		to="https://douglas.firmstep.com/" /-->
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/firstbankpb.bank.xml b/src/chrome/content/rules/firstbankpb.bank.xml
new file mode 100644
index 000000000000..acb0b1f7e062
--- /dev/null
+++ b/src/chrome/content/rules/firstbankpb.bank.xml
@@ -0,0 +1,17 @@
+<!--
+	Incomplete Cert Chain:
+		^
+		www.firstbankpb.com
+	Invalid Certificate:
+		m.firstbankpb.com
+-->
+<ruleset name="firstbankpb.bank">
+	<target host="firstbankpb.bank" />
+	<target host="www.firstbankpb.bank" />
+
+	<target host="olb.firstbankpb.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/firstdirect.com-resources.xml b/src/chrome/content/rules/firstdirect.com-resources.xml
new file mode 100644
index 000000000000..d263a497693c
--- /dev/null
+++ b/src/chrome/content/rules/firstdirect.com-resources.xml
@@ -0,0 +1,40 @@
+<!--
+	For rules covering more than resources, see firstdirect.com.xml.
+
+	Note: platform is so as not to increase non-Tor
+	distinguishability, given that no pages are covered
+
+-->
+<ruleset name="First Direct.com (resources)" default_off="testing" platform="mixedcontent">
+
+	<target host="amazingcareers.firstdirect.com" />
+	<target host="www.amazingcareers.firstdirect.com" />
+
+		<exclusion pattern="^http://(?:www\.)?amazingcareers\.firstdirect\.com/(?!(?!.+\.js(?:$|\?))/*(?:css/|favicon\.ico|fd\w+Plugin/|images/))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://amazingcareers.firstdirect.com/about" />
+			<test url="http://amazingcareers.firstdirect.com/contact" />
+			<test url="http://amazingcareers.firstdirect.com/faqs" />
+			<test url="http://amazingcareers.firstdirect.com/fdBasicCookiePlugin/js/basic_cookies.js" />
+			<test url="http://amazingcareers.firstdirect.com/fdFreyaBuildPackPlugin/fd/js/jquery-1.5.2.min.js" />
+			<test url="http://amazingcareers.firstdirect.com/fdFreyaBuildPackPlugin/fd/js/jquery.dig.calculator_hmcib.js" />
+			<test url="http://amazingcareers.firstdirect.com/fdFreyaBuildPackPlugin/fd/js/jquery.dig.calculator_hmcib.js" />
+			<test url="http://amazingcareers.firstdirect.com/fdFreyaBuildPackPlugin/fd/js/jquery.plugins-min.js" />
+			<test url="http://amazingcareers.firstdirect.com/fdFreyaBuildPackPlugin/fd/js/mbox.js" />
+			<test url="http://amazingcareers.firstdirect.com/fdFreyaBuildPackPlugin/fd/js/utilities-min.js" />
+
+			<!--	-ve:
+					-->
+			<test url="http://amazingcareers.firstdirect.com/css/jquery.fancybox-1.3.4.css" />
+			<test url="http://amazingcareers.firstdirect.com/favicon.ico" />
+			<test url="http://amazingcareers.firstdirect.com/fdBasicCookiePlugin/css/Styles-min.css" />
+			<test url="http://amazingcareers.firstdirect.com/fdFreyaBuildPackPlugin/fd/images/hsbcmember_footer_w.gif" />
+			<test url="http://amazingcareers.firstdirect.com/images/footer_pipe.gif" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/firstdirect.com.xml b/src/chrome/content/rules/firstdirect.com.xml
new file mode 100644
index 000000000000..b5073e3e24e1
--- /dev/null
+++ b/src/chrome/content/rules/firstdirect.com.xml
@@ -0,0 +1,150 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://amazingcareers.firstdirect.com/login => https://amazingcareers.firstdirect.com/login: Too many redirects while fetching 'https://amazingcareers.firstdirect.com/login'
+Fetch error: http://www.amazingcareers.firstdirect.com/login => https://www.amazingcareers.firstdirect.com/login: Too many redirects while fetching 'https://www.amazingcareers.firstdirect.com/login'
+Fetch error: http://www.lifeinsurance.firstdirect.com/ => https://www.lifeinsurance.firstdirect.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	For rules covering resources which do not secure
+	mixed content, see firstdirect.com-resources.xml.
+
+	For other HSBC Holdings coverage, see HSBC.xml.
+
+
+	Nonfunctional hosts in *firstdirect.com:
+
+		- joinin ᵃ
+		- mortgages ᵈ
+
+	ᵃ Shows another domain
+	ᵈ Dropped
+
+
+	Problematic hosts in *firstdirect.com:
+
+		- ^ ʳ
+		- www.live ᵉ ᵘ
+		- newsroom ᵐ
+
+	ᵉ Expired
+	ᵐ Mismatched
+	ʳ Refused, preemptable redirect
+	ᵘ Untrusted root
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.newsroom.firstdirect.com
+		- www.firstdirect.com
+		- www1.firstdirect.com
+		- www2.firstdirect.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Bug on www.newsroom, www.travelmoneyonline, www[123] from www1.member-hsbc-group.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="First Direct.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="amazingcareers.firstdirect.com" />
+	<target host="www.amazingcareers.firstdirect.com" />
+	<target host="lifeinsurance.firstdirect.com" />
+	<target host="www.lifeinsurance.firstdirect.com" />
+	<target host="www.newsroom.firstdirect.com" />
+	<target host="www.travelmoneyonline.firstdirect.com" />
+	<target host="www.firstdirect.com" />
+	<target host="www1.firstdirect.com" />
+	<target host="www2.firstdirect.com" />
+	<target host="www3.firstdirect.com" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://(?:www\.)?amazingcareers\.firstdirect\.com/(?:$|about$|contacts$|faqs$|login/$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="^http://(?:www\.)?amazingcareers\.firstdirect\.com/(?!/*(?:css/|favicon\.ico|fd\w+Plugin/|images/|login(?:$|\?)))" /-->
+		<!--
+			Avoid potential XHR problems:
+							-->
+		<!--exclusion pattern="^http://(?:www\.)?amazingcareers\.firstdirect\.com/.+\.js(?:$|\?)" /-->
+		<!--
+			In combination:
+					-->
+		<!--exclusion pattern="^http://(?:www\.)?amazingcareers\.firstdirect\.com/(?!(?!.+\.js(?:$|\?))/*(?:css/|favicon\.ico|fd\w+Plugin/|images/|login(?:$|\?)))" /-->
+		<!--
+			Reduce non-Tor distinguishability:
+								-->
+		<exclusion pattern="^http://(?:www\.)?amazingcareers\.firstdirect\.com/(?!/*login(?:$|\?))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://amazingcareers.firstdirect.com/about" />
+			<test url="http://amazingcareers.firstdirect.com/contact" />
+			<!--
+			<test url="http://amazingcareers.firstdirect.com/faqs" />
+			<test url="http://amazingcareers.firstdirect.com/fdBasicCookiePlugin/js/basic_cookies.js" />
+			<test url="http://amazingcareers.firstdirect.com/fdFreyaBuildPackPlugin/fd/js/jquery-1.5.2.min.js" />
+			<test url="http://amazingcareers.firstdirect.com/fdFreyaBuildPackPlugin/fd/js/jquery.dig.calculator_hmcib.js" />
+			<test url="http://amazingcareers.firstdirect.com/fdFreyaBuildPackPlugin/fd/js/jquery.dig.calculator_hmcib.js" />
+			<test url="http://amazingcareers.firstdirect.com/fdFreyaBuildPackPlugin/fd/js/jquery.plugins-min.js" />
+			<test url="http://amazingcareers.firstdirect.com/fdFreyaBuildPackPlugin/fd/js/mbox.js" />
+			<test url="http://amazingcareers.firstdirect.com/fdFreyaBuildPackPlugin/fd/js/utilities-min.js" />
+			<test url="http://amazingcareers.firstdirect.com/fdFreyaBuildPackPlugin/fd/js/webtrends_top_section.js" />
+			<test url="http://amazingcareers.firstdirect.com/fdFreyaBuildPackPlugin/mbp/js/functions.js" />
+			<test url="http://amazingcareers.firstdirect.com/js/jquery.flexslider-min.js" />
+			<test url="http://amazingcareers.firstdirect.com/js/jquery.linkPanel.js" />
+			<test url="http://amazingcareers.firstdirect.com/js/jquery.sameHeight.js" />
+			<test url="http://amazingcareers.firstdirect.com/js/jquery.sidenavStyling.js" />
+			<test url="http://amazingcareers.firstdirect.com/js/main.js" />
+			<test url="http://amazingcareers.firstdirect.com/js/plugins.js" />
+			<test url="http://amazingcareers.firstdirect.com/js/vendor/jquery.fancybox-1.3.4.pack.js" />
+			<test url="http://amazingcareers.firstdirect.com/js/vendor/less-1.3.0.min.js" />
+			<test url="http://amazingcareers.firstdirect.com/js/vendor/lipsum.js" />
+			<test url="http://amazingcareers.firstdirect.com/js/vendor/mmcore.js" />
+			<test url="http://amazingcareers.firstdirect.com/js/vendor/modernizr-2.6.1.min.js" />
+			-->
+			<test url="http://www.amazingcareers.firstdirect.com/js/vendor/swfobject.js" />
+			<test url="http://www.amazingcareers.firstdirect.com/login/" />
+
+			<!--	-ve:
+					-->
+			<!--
+			<test url="http://amazingcareers.firstdirect.com/css/jquery.fancybox-1.3.4.css" />
+			<test url="http://amazingcareers.firstdirect.com/favicon.ico" />
+			<test url="http://amazingcareers.firstdirect.com/fdBasicCookiePlugin/css/Styles-min.css" />
+			<test url="http://amazingcareers.firstdirect.com/fdFreyaBuildPackPlugin/fd/images/hsbcmember_footer_w.gif" />
+			<test url="http://amazingcareers.firstdirect.com/images/footer_pipe.gif" />
+			-->
+			<test url="http://amazingcareers.firstdirect.com/login" />
+			<test url="http://www.amazingcareers.firstdirect.com/login" />
+
+	<!--	Complications:
+				-->
+	<target host="firstdirect.com" />
+	<target host="newsroom.firstdirect.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.newsroom\.firstdirect\.com$" name="^symfony$" /-->
+	<!--securecookie host="^www\.firstdirect\.com$" name="^FIRSTDIRECT-IB-EVRGRN-SY$" /-->
+	<!--securecookie host="^www[12]\.firstdirect\.com$" name="^(?:FIRSTDIRECT-IB-EVRGRN-SY|JSESSIONID)$" /-->
+
+	<securecookie host="^(?!amazingcareers\.|www\.amazingcareers\.)\w" name=".+" />
+
+
+	<rule from="^http://(newsroom\.)?firstdirect\.com/"
+		to="https://www.$1firstdirect.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/firstpromoter.com.xml b/src/chrome/content/rules/firstpromoter.com.xml
new file mode 100644
index 000000000000..4ae9d5a30239
--- /dev/null
+++ b/src/chrome/content/rules/firstpromoter.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="firstpromoter.com">
+	<target host="firstpromoter.com" />
+	<target host="www.firstpromoter.com" />
+	<target host="billyapp.firstpromoter.com" />
+	<target host="getomnify.firstpromoter.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/firstthings.com.xml b/src/chrome/content/rules/firstthings.com.xml
new file mode 100644
index 000000000000..5cdffaa7e581
--- /dev/null
+++ b/src/chrome/content/rules/firstthings.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.firstthings.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="First Things.com">
+
+	<target host="firstthings.com" />
+	<target host="www.firstthings.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.firstthings\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\." name="^_(?:_qca$|ga)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/fitchratings.ru.xml b/src/chrome/content/rules/fitchratings.ru.xml
new file mode 100644
index 000000000000..415228a60a72
--- /dev/null
+++ b/src/chrome/content/rules/fitchratings.ru.xml
@@ -0,0 +1,6 @@
+<ruleset name="fitchratings.ru">
+	<target host="fitchratings.ru" />
+	<target host="www.fitchratings.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/fixstars.com.xml b/src/chrome/content/rules/fixstars.com.xml
new file mode 100644
index 000000000000..b2a9c6d0e325
--- /dev/null
+++ b/src/chrome/content/rules/fixstars.com.xml
@@ -0,0 +1,21 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cell.fixstars.com/ => https://cell.fixstars.com/: (6, 'Could not resolve host: cell.fixstars.com')
+
+rock-solid-state.fixstars.com ⁷
+olive.fixstars.com ⁶
+gpu.fixstars.com ¹
+www.fixstars.com redirects to http
+
+
+¹ mismatch
+⁶ redirect
+⁷ protocol error
+-->
+<ruleset name="fixstars.com (partial)" default_off="failed ruleset test">
+	<target host="fixstars.com" />
+	<target host="cell.fixstars.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/flagcounter.com.xml b/src/chrome/content/rules/flagcounter.com.xml
new file mode 100644
index 000000000000..d4739ca1d91e
--- /dev/null
+++ b/src/chrome/content/rules/flagcounter.com.xml
@@ -0,0 +1,34 @@
+<!--
+	Mixed content:
+
+		- Images, on:
+
+			- (www.)?, s0[1-3] from cdn.boardhost.com ⁴
+			- (www.)?, s0[1-3] from ^flagcounter.com ˢ
+
+		- Bugs, on:
+
+			- (www.)?, s0[1-3] from s01.flagcounter.com ˢ
+
+	⁴ Unsecurable <= 404
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Flag Counter.com">
+
+	<target host="flagcounter.com" />
+	<target host="s01.flagcounter.com" />
+	<target host="s02.flagcounter.com" />
+	<target host="s03.flagcounter.com" />
+	<target host="www.flagcounter.com" />
+
+		<test url="http://s01.flagcounter.com/count2/88/bg_FFFFFF/txt_000000/border_CCCCCC/columns_2/maxflags_10/viewers_0/labels_0/pageviews_0/flags_0/" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/flashpoint-intel.com.xml b/src/chrome/content/rules/flashpoint-intel.com.xml
new file mode 100644
index 000000000000..2eaca28c92b4
--- /dev/null
+++ b/src/chrome/content/rules/flashpoint-intel.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.flashpoint-intel.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Flashpoint-Intel.com">
+
+	<target host="flashpoint-intel.com" />
+	<target host="www.flashpoint-intel.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.flashpoint-intel\.com$" name="^(?:CFID|CFTOKEN|JSESSIONID|MOBILEFORMAT|ORIGINALURLTOKEN)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/fleetboard.com.xml b/src/chrome/content/rules/fleetboard.com.xml
new file mode 100644
index 000000000000..47b627b7091e
--- /dev/null
+++ b/src/chrome/content/rules/fleetboard.com.xml
@@ -0,0 +1,29 @@
+<!--
+	These altnames do not exist:
+
+		- www.academy.fleetboard.com
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- academy.fleetboard.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="FleetBoard.com">
+
+	<target host="academy.fleetboard.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^academy\.fleetboard\.com$" name="^TotaraSession$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/flex.ru.xml b/src/chrome/content/rules/flex.ru.xml
new file mode 100644
index 000000000000..5563a0466483
--- /dev/null
+++ b/src/chrome/content/rules/flex.ru.xml
@@ -0,0 +1,14 @@
+<!--
+ozmatrix.flex.ru mismatch
+radio.flex.ru different content
+support.flex.ru different content
+tv.flex.ru different content
+-->
+<ruleset name="flex.ru">
+	<target host="flex.ru" />
+	<target host="www.flex.ru" />
+	<target host="freeforum.flex.ru" />
+	<target host="home.flex.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/flightgear.org.xml b/src/chrome/content/rules/flightgear.org.xml
new file mode 100644
index 000000000000..566b8289b938
--- /dev/null
+++ b/src/chrome/content/rules/flightgear.org.xml
@@ -0,0 +1,24 @@
+<!--
+	Nonfunctional hosts in *flightgear.org:
+
+		- (www.)? ᵖ
+		- store ᵖ
+		- wiki ʳ
+
+	ᵖ Plaintext reply
+	ʳ Refused
+
+-->
+<ruleset name="flightgear.org">
+
+	<target host="fr.flightgear.org" />
+	<target host="www.fr.flightgear.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/flightradar24.com.xml b/src/chrome/content/rules/flightradar24.com.xml
new file mode 100644
index 000000000000..0b1241ade08d
--- /dev/null
+++ b/src/chrome/content/rules/flightradar24.com.xml
@@ -0,0 +1,57 @@
+<!--
+	Invalid certificate:
+		all 4th+ level sub domains
+
+	No cypher overlap:
+		weather-[1-5].flightradar24.com
+
+	Timeout:
+		db8.flightradar24.com
+
+	Mismatch on ^
+-->
+<ruleset name="Flightradar24.com">
+
+	<target host="flightradar24.com" />
+	<target host="www.flightradar24.com" />
+	<target host="andreas.flightradar24.com" />
+	<target host="api.flightradar24.com" />
+	<target host="api-staging.flightradar24.com" />
+	<target host="artur.flightradar24.com" />
+	<target host="beta.flightradar24.com" />
+	<target host="blog.flightradar24.com" />
+	<target host="cdn.flightradar24.com" />
+	<target host="chat.flightradar24.com" />
+	<target host="data.flightradar24.com" />
+	<target host="data-live.flightradar24.com" />
+	<target host="data-staging.flightradar24.com" />
+	<target host="db.flightradar24.com" />
+	<target host="dev.flightradar24.com" />
+	<target host="eskil.flightradar24.com" />
+	<target host="external.flightradar24.com" />
+	<target host="feed.flightradar24.com" />
+	<target host="forum.flightradar24.com" />
+	<target host="fr.flightradar24.com" />
+	<target host="google.flightradar24.com" />
+	<target host="googlewww.flightradar24.com" />
+	<target host="http.flightradar24.com" />
+	<target host="http--www.flightradar24.com" />
+	<target host="info.flightradar24.com" />
+	<target host="lb-site.flightradar24.com" />
+	<target host="dev-lhr.flightradar24.com" />
+	<target host="m.flightradar24.com" />
+	<target host="mobile.flightradar24.com" />
+	<target host="my.flightradar24.com" />
+	<target host="piotr.flightradar24.com" />
+	<target host="premium.flightradar24.com" />
+	<target host="radarview.flightradar24.com" />
+	<target host="ru.flightradar24.com" />
+	<target host="secure.flightradar24.com" />
+	<target host="staging.flightradar24.com" />
+	<target host="terrain.flightradar24.com" />
+	<target host="tiles.flightradar24.com" />
+	<target host="update.flightradar24.com" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/flinkster.xml b/src/chrome/content/rules/flinkster.xml
new file mode 100644
index 000000000000..992673328d5c
--- /dev/null
+++ b/src/chrome/content/rules/flinkster.xml
@@ -0,0 +1,5 @@
+<ruleset name="flinkster">
+  <target host="www.flinkster.de" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/fliphtml5.com.xml b/src/chrome/content/rules/fliphtml5.com.xml
new file mode 100644
index 000000000000..758e7e142636
--- /dev/null
+++ b/src/chrome/content/rules/fliphtml5.com.xml
@@ -0,0 +1,19 @@
+<!--
+	Redirect to HTTP:
+		www.fliphtml5.com
+		custom-domain.fliphtml5.com
+		custom-domain2.fliphtml5.com
+		site.fliphtml5.com
+		stat.fliphtml5.com
+-->
+<ruleset name="fliphtml5.com">
+	<target host="fliphtml5.com" />
+	<target host="mail.fliphtml5.com" />
+	<target host="newstat.fliphtml5.com" />
+	<target host="panel.fliphtml5.com" />
+	<target host="static.fliphtml5.com" />
+	<target host="support.fliphtml5.com" />
+	<target host="test.fliphtml5.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/flippfly.com.xml b/src/chrome/content/rules/flippfly.com.xml
new file mode 100644
index 000000000000..1d98782baea9
--- /dev/null
+++ b/src/chrome/content/rules/flippfly.com.xml
@@ -0,0 +1,33 @@
+<!--
+	Invalid certificate:
+		autoconfig.flippfly.com
+		ftp.flippfly.com
+		autodiscover.home.flippfly.com
+		webmail.home.flippfly.com
+		ns1.flippfly.com
+		ns2.flippfly.com
+		autodiscover.test.flippfly.com
+		webmail.test.flippfly.com
+		whm.flippfly.com
+
+	Redirect to HTTP:
+		home.flippfly.com
+		www.home.flippfly.com
+
+	Refused:
+		localhost.flippfly.com
+-->
+<ruleset name="flippfly.com">
+	<target host="flippfly.com" />
+	<target host="www.flippfly.com" />
+	<target host="autodiscover.flippfly.com" />
+	<target host="cpanel.flippfly.com" />
+	<target host="mail.flippfly.com" />
+	<target host="tech.flippfly.com" />
+	<target host="test.flippfly.com" />
+	<target host="www.test.flippfly.com" />
+	<target host="webdisk.flippfly.com" />
+	<target host="webmail.flippfly.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/flirt4free.com.xml b/src/chrome/content/rules/flirt4free.com.xml
new file mode 100644
index 000000000000..7049c3fdd6d9
--- /dev/null
+++ b/src/chrome/content/rules/flirt4free.com.xml
@@ -0,0 +1,27 @@
+<!--
+	(www.)?flirt4free.com: Refused
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- affiliates.flirt4free.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Flirt4Free.com (partial)">
+
+	<target host="affiliates.flirt4free.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^affiliates\.flirt4free\.com$" name="^(?:BIGipServer|PHPSESSID)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/floridalobbyist.gov.xml b/src/chrome/content/rules/floridalobbyist.gov.xml
new file mode 100644
index 000000000000..d66ed5821660
--- /dev/null
+++ b/src/chrome/content/rules/floridalobbyist.gov.xml
@@ -0,0 +1,26 @@
+<!--
+
+
+	Insecure cookies are set for these hosts:
+
+		- floridalobbyist.gov
+		- www.floridalobbyist.gov
+
+-->
+<ruleset name="Florida Lobbyist.gov">
+
+	<target host="floridalobbyist.gov" />
+	<target host="www.floridalobbyist.gov" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?floridalobbyist\.gov$" name="^(?:__RequestVerificationToken$|BIGipServer)" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/flowersofindia.net.xml b/src/chrome/content/rules/flowersofindia.net.xml
new file mode 100644
index 000000000000..ba2ebf56db1a
--- /dev/null
+++ b/src/chrome/content/rules/flowersofindia.net.xml
@@ -0,0 +1,16 @@
+<!--
+	Invalid certificate:
+		ftp.flowersofindia.net
+		cpcontacts.forum.flowersofindia.net
+		cpanel.m.flowersofindia.net
+-->
+<ruleset name="flowersofindia.net">
+	<target host="flowersofindia.net" />
+	<target host="www.flowersofindia.net" />
+	<target host="cpanel.flowersofindia.net" />
+	<target host="forum.flowersofindia.net" />
+	<target host="webdisk.flowersofindia.net" />
+	<target host="webmail.flowersofindia.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/flsenate.gov.xml b/src/chrome/content/rules/flsenate.gov.xml
new file mode 100644
index 000000000000..b2bea0c5c9b2
--- /dev/null
+++ b/src/chrome/content/rules/flsenate.gov.xml
@@ -0,0 +1,35 @@
+<!--
+	The Florida Senate
+
+
+
+	Nonfunctional hosts in *flsenate.gov:
+
+		- archive ᵈ
+
+	ᵈ Dropped
+
+
+	Insecure cookies are set for these hosts:
+
+		- flsenate.gov
+		- www.flsenate.gov
+
+-->
+<ruleset name="FL Senate.gov (partial)">
+
+	<target host="flsenate.gov" />
+	<target host="www.flsenate.gov" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?flsenate\.gov$" name="^(?:__RequestVerificationToken$|ASP\.NET_SessionId$|BIGipServer)" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/flughafen-zuerich.ch.xml b/src/chrome/content/rules/flughafen-zuerich.ch.xml
new file mode 100644
index 000000000000..3f91d92cea3e
--- /dev/null
+++ b/src/chrome/content/rules/flughafen-zuerich.ch.xml
@@ -0,0 +1,15 @@
+<!--
+	Timeout:
+		- lernende.flughafen-zuerich.ch
+		- todesanzeigen
+-->
+<ruleset name="flughafen-zuerich.ch">
+	<target host="flughafen-zuerich.ch"/>
+	<target host="www.flughafen-zuerich.ch"/>
+	<target host="serviceportal.flughafen-zuerich.ch"/>
+	<target host="m.flughafen-zuerich.ch"/>
+	<target host="jobs.flughafen-zuerich.ch"/>
+
+	<rule from="^http:"
+		to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/flyingwith.us.xml b/src/chrome/content/rules/flyingwith.us.xml
new file mode 100644
index 000000000000..2f23601794e6
--- /dev/null
+++ b/src/chrome/content/rules/flyingwith.us.xml
@@ -0,0 +1,12 @@
+<!--
+	Invalid certificate:
+		node.flyingwith.us
+-->
+<ruleset name="flyingwith.us">
+	<target host="flyingwith.us" />
+	<target host="www.flyingwith.us" />
+	<target host="new.flyingwith.us" />
+	<target host="o.flyingwith.us" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/flynet.by.xml b/src/chrome/content/rules/flynet.by.xml
new file mode 100644
index 000000000000..0a02fd08032d
--- /dev/null
+++ b/src/chrome/content/rules/flynet.by.xml
@@ -0,0 +1,13 @@
+<!--
+help.flynet.by mismatch
+radio.flynet.by mismatch
+media.flynet.by mismatch
+game.flynet.by mismatch
+stat.flynet.by different content
+-->
+<ruleset name="flynet.by (partial)">
+	<target host="flynet.by" />
+	<target host="www.flynet.by" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/flypeach.com.xml b/src/chrome/content/rules/flypeach.com.xml
new file mode 100644
index 000000000000..37f52dc47315
--- /dev/null
+++ b/src/chrome/content/rules/flypeach.com.xml
@@ -0,0 +1,35 @@
+<!--
+	Invalid certificate:
+		flypeach.com
+		hotels.flypeach.com
+		hotels.hk.flypeach.com
+		hotels.kr.flypeach.com
+		hotels.tw.flypeach.com
+		hotels.jp.flypeach.com
+
+	Mixed Content:
+		sorrypage.flypeach.com
+
+	Error 404:
+		edm.flypeach.com
+
+	HTTP only:
+		www-test.flypeach.com
+
+	Could not connect:
+		campaign-yaeyama.flypeach.com
+-->
+<ruleset name="Peach Aviation">
+	<target host="flypeach.com" />
+	<target host="www.flypeach.com" />
+	<target host="book.flypeach.com" />
+	<target host="booking.flypeach.com" />
+	<target host="mbook.flypeach.com" />
+	<target host="voc.flypeach.com" />
+	<target host="www-norigin.flypeach.com" />
+
+	<rule from="^http://flypeach\.com/"
+		to="https://www.flypeach.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/fm-world.co.uk.xml b/src/chrome/content/rules/fm-world.co.uk.xml
new file mode 100644
index 000000000000..ad264b8c75a6
--- /dev/null
+++ b/src/chrome/content/rules/fm-world.co.uk.xml
@@ -0,0 +1,38 @@
+<!--
+	(www.)?fm-world.co.uk: Redirects to http
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- jobs.fm-world.co.uk
+		- recruiter.fm-world.co.uk
+		- subs.fm-world.co.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="FM-World.co.uk (partial)">
+
+	<target host="jobs.fm-world.co.uk" />
+	<target host="recruiter.fm-world.co.uk" />
+	<target host="subs.fm-world.co.uk" />
+
+		<!--	$ 403s, so:
+					-->
+		<test url="http://subs.fm-world.co.uk/subscribe" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^jobs\.fm-world\.co\.uk$" name="^(?:AnonymousUserId|BrowserSession|FixedFacetDefaults)$" /-->
+	<!--securecookie host="^recruiter\.fm-world\.co\.uk$" name="^BrowserSession$" /-->
+	<!--securecookie host="^subs\.fm-world\.co\.uk$" name="^(?:__AntiXsrfToken|ASP\.NET_SessionId)$" /-->
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/fmu.br.xml b/src/chrome/content/rules/fmu.br.xml
new file mode 100644
index 000000000000..4513148d97f5
--- /dev/null
+++ b/src/chrome/content/rules/fmu.br.xml
@@ -0,0 +1,13 @@
+<ruleset name="fmu.br">
+
+	<target host="fmu.br" />
+	<target host="www.fmu.br" />
+  <target host="lp.fmu.br" />
+  <target host="extranet.fmu.br" />
+  <target host="movemais.fmu.br" />
+  <target host="semipresencial.fmu.br" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/fmworld.net.xml b/src/chrome/content/rules/fmworld.net.xml
new file mode 100644
index 000000000000..77b98d7779d4
--- /dev/null
+++ b/src/chrome/content/rules/fmworld.net.xml
@@ -0,0 +1,17 @@
+<!--
+	For other Fujitsu related rulesets, see Fujitsu.xml
+
+	Non-functional hosts in *.fmworld.net:
+		Certificate mismatched:
+		- fmworld.net
+
+		Redirect to HTTP:
+		- azby.fmworld.net
+-->
+<ruleset name="fmworld.net (partial)" platform="mixedcontent">
+	<target host="fmworld.net" />
+	<target host="www.fmworld.net" />
+	
+	<rule from="^http://(www\.)?fmworld\.net/"
+		to="https://www.fmworld.net/" />
+</ruleset>
diff --git a/src/chrome/content/rules/focus.ua.xml b/src/chrome/content/rules/focus.ua.xml
new file mode 100644
index 000000000000..c8719230cca9
--- /dev/null
+++ b/src/chrome/content/rules/focus.ua.xml
@@ -0,0 +1,8 @@
+<!-- subscribe. mismatch
+firstjob. self signed
+great. refused -->
+<ruleset name="focus.ua">
+	<target host="focus.ua" />
+	<target host="www.focus.ua" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/fofa.so.xml b/src/chrome/content/rules/fofa.so.xml
new file mode 100644
index 000000000000..ab2dc3624494
--- /dev/null
+++ b/src/chrome/content/rules/fofa.so.xml
@@ -0,0 +1,11 @@
+<!--
+	Nonfunctional hosts:
+		- beta.fofa.so (certificate expired)
+-->
+<ruleset name="fofa.so">
+	<target host="fofa.so" />
+	<target host="www.fofa.so" />
+
+	<rule from="^http:"
+		  to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/followmail.com.xml b/src/chrome/content/rules/followmail.com.xml
new file mode 100644
index 000000000000..8b38b04a81d3
--- /dev/null
+++ b/src/chrome/content/rules/followmail.com.xml
@@ -0,0 +1,36 @@
+<!--
+	Problematic hosts in *followmail.com:
+
+		- (www.)? ᵉ ᵘ
+		- fr ᵉ ᵐ ᵘ
+
+	ᵉ Expired
+	ᵐ Mismatched
+	ᵘ Untrusted root
+
+
+	Insecure cookies are set for these domains: ᶜ
+
+		- .followmail.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="FollowMail.com" default_off="expired, mismatched, untrusted root">
+
+	<target host="followmail.com" />
+	<target host="fr.followmail.com" />
+	<target host="www.followmail.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.followmail\.com$" name="^oip$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/fontanka.ru.xml b/src/chrome/content/rules/fontanka.ru.xml
new file mode 100644
index 000000000000..2837f9ee5610
--- /dev/null
+++ b/src/chrome/content/rules/fontanka.ru.xml
@@ -0,0 +1,8 @@
+<ruleset name="fontanka.ru (partial)">
+    <target host="fontanka.ru" />
+    <target host="www.fontanka.ru" />
+    <rule from="^http:" to="https:" />
+    <securecookie host="^fontanka\.ru$" name=".+" />
+    <securecookie host="^www\.fontanka\.ru$" name=".+" />
+    <securecookie host="^statistic\.fontanka\.ru$" name=".+" />
+</ruleset>
diff --git a/src/chrome/content/rules/foobar2000.com.xml b/src/chrome/content/rules/foobar2000.com.xml
new file mode 100644
index 000000000000..462704e4208c
--- /dev/null
+++ b/src/chrome/content/rules/foobar2000.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="foobar2000.com">
+	<target host="foobar2000.com" />
+	<target host="www.foobar2000.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/foobar2000.xml b/src/chrome/content/rules/foobar2000.xml
new file mode 100644
index 000000000000..19798306ea2b
--- /dev/null
+++ b/src/chrome/content/rules/foobar2000.xml
@@ -0,0 +1,16 @@
+<ruleset name="foobar2000">
+
+	<target host="foobar2000.org"/>
+	<target host="www.foobar2000.org"/>
+
+	<!--  Broken
+	bogus.
+	foosion.
+	forums.
+	help.
+	kede54.
+	-->
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/food.gov.uk.xml b/src/chrome/content/rules/food.gov.uk.xml
new file mode 100644
index 000000000000..ab8c521e91cd
--- /dev/null
+++ b/src/chrome/content/rules/food.gov.uk.xml
@@ -0,0 +1,56 @@
+<!--
+	Food Standards Agency
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *food.gov.uk:
+
+		- allergytraining ʰ
+		- labellingtraining ᵇ
+		- ratings ⁴
+		- rcatraining ᵇ
+		- traceabilitytraining ᵇ
+		- vacuumpackingtraining ʰ
+
+	⁴ 404
+	ᵇ Shwos default page
+	ʰ Redirects to http
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- ukfssweb.food.gov.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Food.gov.uk (partial)">
+
+	<target host="food.gov.uk" />
+	<target host="acaf.food.gov.uk" />
+	<target host="acmsf.food.gov.uk" />
+	<target host="acnfp.food.gov.uk" />
+	<target host="cot.food.gov.uk" />
+	<target host="gacs.food.gov.uk" />
+	<target host="myhaccp.food.gov.uk" />
+	<target host="ratingsportal.food.gov.uk" />
+	<target host="safesmokedfish.food.gov.uk" />
+	<target host="ssrc.food.gov.uk" />
+	<target host="ukfssweb.food.gov.uk" />
+	<target host="www.food.gov.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^ukfssweb\.food\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^\." name="^(?:__cfduid$|_gat?$|_gat_|cf_clearance$)" />
+	<securecookie host="^\w" name=".+" />
+
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/foodsharing.de.xml b/src/chrome/content/rules/foodsharing.de.xml
new file mode 100644
index 000000000000..aab46349810d
--- /dev/null
+++ b/src/chrome/content/rules/foodsharing.de.xml
@@ -0,0 +1,13 @@
+<ruleset name="foodsharing.de">
+
+	<target host="foodsharing.de" />
+	<target host="www.foodsharing.de" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/forceline.net.xml b/src/chrome/content/rules/forceline.net.xml
new file mode 100644
index 000000000000..a8ccbe4ab67a
--- /dev/null
+++ b/src/chrome/content/rules/forceline.net.xml
@@ -0,0 +1,28 @@
+<!--
+ftp.forceline.net ³
+host-178-214-37-249.forceline.net ³
+host-178-214-46-157.forceline.net/: (35, 'error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure')
+host-178-214-47-12.forceline.net ³
+sip.forceline.net ²
+ns1.forceline.net different content
+
+
+² refused
+³ timed out
+-->
+<ruleset name="forceline.net">
+	<target host="forceline.net" />
+	<target host="www.forceline.net" />
+	<target host="bill.forceline.net" />
+	<target host="forum.forceline.net" />
+	<target host="games.forceline.net" />
+	<target host="lanbill.forceline.net" />
+	<target host="mail.forceline.net" />
+	<target host="nag.forceline.net" />
+	<target host="new.forceline.net" />
+	<target host="ns2.forceline.net" />
+	<target host="photos.forceline.net" />
+	<target host="stat.forceline.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/forestry.gov.uk.xml b/src/chrome/content/rules/forestry.gov.uk.xml
new file mode 100644
index 000000000000..b8498e05c7ac
--- /dev/null
+++ b/src/chrome/content/rules/forestry.gov.uk.xml
@@ -0,0 +1,42 @@
+<!--
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *forestry.gov.uk:
+
+		- scotland ᶠ
+		- www.cms ʳ
+		- fortingall ʳ
+		- maps ʳ
+
+	ᶠ Handshake fails
+	ʳ Refused
+
+
+	Insecure cookies are set for these hosts:
+
+		- boxoffice.forestry.gov.uk
+		- treealert.forestry.gov.uk
+
+-->
+<ruleset name="Forestry.gov.uk (partial)">
+
+	<target host="boxoffice.forestry.gov.uk" />
+	<target host="dialogue.forestry.gov.uk" />
+	<target host="englandconsult.forestry.gov.uk" />
+	<target host="www.englandconsult.forestry.gov.uk" />
+	<target host="treealert.forestry.gov.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^boxoffice\.forestry\.gov\.uk$" name="^(?:ASP\.NET_SessionId|af|cs|gid)$" /-->
+	<!--securecookie host="^treealert\.forestry\.gov\.uk$" name="^[\da-f]{32}$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/forgerock.com.xml b/src/chrome/content/rules/forgerock.com.xml
new file mode 100644
index 000000000000..ad3a69cbf68f
--- /dev/null
+++ b/src/chrome/content/rules/forgerock.com.xml
@@ -0,0 +1,35 @@
+<!--
+	Problematic hosts in *forgerock.com:
+
+		- summits ˣ
+
+	ˣ Mixed css
+
+
+	Mixed content:
+
+		- iframe on summits from player.vimeo.com
+		- css on summits from $self ˢ
+		- Images on summits from $self ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="ForgeRock.com (partial)">
+
+	<target host="forgerock.com" />
+	<target host="backstage.forgerock.com" />
+	<target host="go.forgerock.com" />
+	<target host="sso.forgerock.com" />
+	<!--target host="summits.forgerock.com" /-->
+	<target host="www.forgerock.com" />
+
+
+	<securecookie host="^\." name="^_gat?$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/forgeworld.co.uk.xml b/src/chrome/content/rules/forgeworld.co.uk.xml
new file mode 100644
index 000000000000..65b15921c939
--- /dev/null
+++ b/src/chrome/content/rules/forgeworld.co.uk.xml
@@ -0,0 +1,28 @@
+<!--
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- .forgeworld.co.uk
+		- www.forgeworld.co.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Forge World.co.uk">
+
+	<target host="forgeworld.co.uk" />
+	<target host="www.forgeworld.co.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.forgeworld\.co\.uk$" name="^(?:__cfduid|cf_clearance)$" /-->
+	<!--securecookie host="^www\.forgeworld\.co\.uk$" name="^(?:BIGipServer|gw-location$)" /-->
+
+	<securecookie host="^\." name="^(?:__cfduid$|_gat?$|_gat_|cf_clearance$)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/formget.com.xml b/src/chrome/content/rules/formget.com.xml
new file mode 100644
index 000000000000..a7b120e522c1
--- /dev/null
+++ b/src/chrome/content/rules/formget.com.xml
@@ -0,0 +1,34 @@
+<!--
+	CDN buckets:
+
+		- s3-us-west-2.amazonaws.com/formget/
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.formget.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Formget.com">
+
+	<target host="formget.com" />
+	<target host="www.formget.com" />
+
+		<!--	Sets cookie without Secure:
+							-->
+		<!--test url="http://www.formget.com/app/login/?p=popup" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.formget\.com$" name="^fg_sc$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/formsite.com.xml b/src/chrome/content/rules/formsite.com.xml
new file mode 100644
index 000000000000..189d28b58e5a
--- /dev/null
+++ b/src/chrome/content/rules/formsite.com.xml
@@ -0,0 +1,64 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://formsite.com/ => https://formsite.com/: (60, 'SSL certificate problem: self signed certificate')
+
+	These altnames do not exist:
+
+		- fs27.formsite.com
+		- fs28.formsite.com
+		- fs29.formsite.com
+
+
+	Insecure cookies are set for these hosts:
+
+		- formsite.com
+		- a\d.formsite.com
+		- fs\d+.formsite.com
+		- www.formsite.com
+
+-->
+<ruleset name="Formsite.com" default_off="failed ruleset test">
+
+	<target host="formsite.com" />
+	<target host="a1.formsite.com" />
+	<target host="a2.formsite.com" />
+	<target host="a3.formsite.com" />
+	<target host="blog.formsite.com" />
+	<target host="fs10.formsite.com" />
+	<target host="fs11.formsite.com" />
+	<target host="fs12.formsite.com" />
+	<target host="fs16.formsite.com" />
+	<target host="fs17.formsite.com" />
+	<target host="fs18.formsite.com" />
+	<target host="fs19.formsite.com" />
+	<target host="fs2.formsite.com" />
+	<target host="fs20.formsite.com" />
+	<target host="fs21.formsite.com" />
+	<target host="fs22.formsite.com" />
+	<target host="fs23.formsite.com" />
+	<target host="fs24.formsite.com" />
+	<target host="fs25.formsite.com" />
+	<target host="fs26.formsite.com" />
+	<target host="fs3.formsite.com" />
+	<target host="fs30.formsite.com" />
+	<target host="fs4.formsite.com" />
+	<target host="fs6.formsite.com" />
+	<target host="fs7.formsite.com" />
+	<target host="fs8.formsite.com" />
+	<target host="fs9.formsite.com" />
+	<target host="www.formsite.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:(?:a\d|fs\d+|www)\.)?formsite\.com$" name="^AWSELB$" /-->
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/forum-3dcenter.org.xml b/src/chrome/content/rules/forum-3dcenter.org.xml
new file mode 100644
index 000000000000..7dc22b56479b
--- /dev/null
+++ b/src/chrome/content/rules/forum-3dcenter.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="forum-3dcenter.org">
+	<target host="forum-3dcenter.org" />
+	<target host="www.forum-3dcenter.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/forum.gigabyte.ru.xml b/src/chrome/content/rules/forum.gigabyte.ru.xml
new file mode 100644
index 000000000000..5d4582fe245d
--- /dev/null
+++ b/src/chrome/content/rules/forum.gigabyte.ru.xml
@@ -0,0 +1,8 @@
+<ruleset name="forum.gigabyte.ru">
+	<target host="forum.gigabyte.ru" />
+	<target host="www.forum.gigabyte.ru" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/fosshub.xml b/src/chrome/content/rules/fosshub.xml
new file mode 100644
index 000000000000..2b059b6dde42
--- /dev/null
+++ b/src/chrome/content/rules/fosshub.xml
@@ -0,0 +1,8 @@
+<ruleset name="fosshub.com">
+<target host="fosshub.com"/>
+<target host="www.fosshub.com"/>
+<target host="download.fosshub.com"/>
+<target host="app.fosshub.com"/>
+<securecookie host=".+" name=".+" />
+<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/fossies.org.xml b/src/chrome/content/rules/fossies.org.xml
new file mode 100644
index 000000000000..734b47e5d0e1
--- /dev/null
+++ b/src/chrome/content/rules/fossies.org.xml
@@ -0,0 +1,13 @@
+<ruleset name="Fossies.org">
+
+	<target host="fossies.org" />
+	<target host="www.fossies.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/foundry.com.xml b/src/chrome/content/rules/foundry.com.xml
new file mode 100644
index 000000000000..2c5e07c8d0d5
--- /dev/null
+++ b/src/chrome/content/rules/foundry.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Invalid certificate:
+		www.support.foundry.com
+
+	Non-2xx HTTP code:
+		http://licenceapi.foundry.com/
+
+	Refused:
+		calendar.foundry.com
+		mail.foundry.com
+-->
+<ruleset name="foundry.com">
+	<target host="foundry.com" />
+	<target host="www.foundry.com" />
+	<target host="colorway.foundry.com" />
+	<target host="community.foundry.com" />
+	<target host="community-service.foundry.com" />
+	<target host="imagine.foundry.com" />
+	<target host="learn.foundry.com" />
+	<target host="modosplash.foundry.com" />
+	<target host="subscriptions.foundry.com" />
+	<target host="support.foundry.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/foursignposts.com.xml b/src/chrome/content/rules/foursignposts.com.xml
new file mode 100644
index 000000000000..321851162ae1
--- /dev/null
+++ b/src/chrome/content/rules/foursignposts.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="Four Sign Posts.com">
+
+	<target host="foursignposts.com" />
+	<target host="www.foursignposts.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/fox25boston.com.xml b/src/chrome/content/rules/fox25boston.com.xml
new file mode 100644
index 000000000000..72db73301307
--- /dev/null
+++ b/src/chrome/content/rules/fox25boston.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="fox25boston.com">
+	<target host="fox25boston.com" />
+	<target host="www.fox25boston.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/fpf.org.xml b/src/chrome/content/rules/fpf.org.xml
new file mode 100644
index 000000000000..1c365e842c1e
--- /dev/null
+++ b/src/chrome/content/rules/fpf.org.xml
@@ -0,0 +1,14 @@
+<ruleset name="FPF.org">
+
+	<target host="fpf.org" />
+	<target host="www.fpf.org" />
+
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/fpslreb-crtespf.gc.ca.xml b/src/chrome/content/rules/fpslreb-crtespf.gc.ca.xml
new file mode 100644
index 000000000000..a730bae336f6
--- /dev/null
+++ b/src/chrome/content/rules/fpslreb-crtespf.gc.ca.xml
@@ -0,0 +1,17 @@
+<ruleset name="fpslreb-crtespf.gc.ca">
+	<target host="crtefp.gc.ca" />
+	<target host="www.crtefp.gc.ca" />
+	<target host="crtefp-pslreb.gc.ca" />
+	<target host="www.crtefp-pslreb.gc.ca" />
+	<target host="fpslreb-crtespf.gc.ca" />
+	<target host="decisions.fpslreb-crtespf.gc.ca" />
+	<target host="www.fpslreb-crtespf.gc.ca" />
+	<target host="fpslreb.gc.ca" />
+	<target host="www.fpslreb.gc.ca" />
+	<target host="pslreb.gc.ca" />
+	<target host="www.pslreb.gc.ca" />
+	<target host="pslreb-crtefp.gc.ca" />
+	<target host="www.pslreb-crtefp.gc.ca" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/fraedom-cdn.com.xml b/src/chrome/content/rules/fraedom-cdn.com.xml
new file mode 100644
index 000000000000..c29c5ccb4812
--- /dev/null
+++ b/src/chrome/content/rules/fraedom-cdn.com.xml
@@ -0,0 +1,20 @@
+<!--
+	For other Fraedom coverage, see fraedom.com.xml.
+
+-->
+<ruleset name="Fraedom-CDN.com">
+
+	<target host="fraedom-cdn.com" />
+	<target host="www.fraedom-cdn.com" />
+
+		<test url="http://fraedom-cdn.com/settings/resources/files/images/public/logo.png" />
+
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/fraedom.com.xml b/src/chrome/content/rules/fraedom.com.xml
new file mode 100644
index 000000000000..179f456dcdb0
--- /dev/null
+++ b/src/chrome/content/rules/fraedom.com.xml
@@ -0,0 +1,58 @@
+
+<!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Time: 2020-09-25 16:20:22
+ Fetch error: http://www2.fraedom.com/? => https://www.fraedom.com/: (6, 'Could not resolve host: www2.fraedom.com')
+Time: 2020-09-25 16:20:22
+ Fetch error: http://www2.fraedom.com/l/97782/2015-09-17/5r76f => https://pi.pardot.com/l/97782/2015-09-17/5r76f: (6, 'Could not resolve host: www2.fraedom.com')
+Time: 2020-09-25 16:20:22
+ Fetch error: http://www2.fraedom.com/ => https://www.fraedom.com/: (6, 'Could not resolve host: www2.fraedom.com')
+
+	Other Fraedom rulesets:
+
+		- fraedom-cdn.com.xml
+
+
+	Problematic hosts in *fraedom.com:
+
+		- www2 ᵐ
+
+	ᵐ Pardot / mismatched
+
+
+	Partially covered hosts in *fraedom.com:
+
+		- www2
+
+
+	Insecure cookies are set for these hosts:
+
+		- fraedom.com
+		- www.fraedom.com
+
+-->
+<ruleset name="Fraedom.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="fraedom.com" />
+	<target host="control.fraedom.com" />
+	<target host="www.fraedom.com" />
+
+	<!--	Complications:
+				-->
+	<!-- target host="www2.fraedom.com" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?fraedom\.com$" name="^NVOYX$" /-->
+
+	<securecookie host="^\." name="^_gat?$" />
+	<securecookie host="^\w" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/franceinter.fr.xml b/src/chrome/content/rules/franceinter.fr.xml
new file mode 100644
index 000000000000..969941a372b5
--- /dev/null
+++ b/src/chrome/content/rules/franceinter.fr.xml
@@ -0,0 +1,49 @@
+<!--
+	Invalid certificate:
+		1000-histoires.franceinter.fr
+		affaires-sensibles.franceinter.fr
+		direct.franceinter.fr
+		regionsjob.franceinter.fr
+
+	Time out:
+		alendroit.franceinter.fr
+		nouveau.franceinter.fr
+		sotchi.franceinter.fr
+		touspolitiques.franceinter.fr
+
+	Redirect to http:
+		antibuzz.franceinter.fr
+		batailledeparis.franceinter.fr
+		blog.franceinter.fr
+		bullesdecannes.franceinter.fr
+		clichesdecampagne.franceinter.fr
+		nvx.franceinter.fr
+		unjourasotchi.radiofrance.fr
+		webdoc.franceinter.fr
+
+	Private subdomain:
+		contrib.franceinter.fr
+
+	No working URL known:
+		iframe.franceinter.fr
+
+-->
+<ruleset name="France Inter.fr">
+
+	<target host="franceinter.fr" />
+	<target host="www.franceinter.fr" />
+	<target host="nouveau.franceinter.fr" />
+	<target host="touspolitiques.franceinter.fr" />
+
+	<securecookie host="^\w" name=".+" />
+
+	<rule from="^http://nouveau\.franceinter\.fr/"
+		to="https://www.franceinter.fr/" />
+
+	<rule from="^http://touspolitiques\.franceinter\.fr/"
+		to="https://www.franceinter.fr/emissions/tous-politiques/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/francescopalazzo.com.xml b/src/chrome/content/rules/francescopalazzo.com.xml
new file mode 100644
index 000000000000..16366acd14f1
--- /dev/null
+++ b/src/chrome/content/rules/francescopalazzo.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="francescopalazzo.com">
+
+	<target host="francescopalazzo.com" />
+	<target host="www.francescopalazzo.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/francisfrith.com.xml b/src/chrome/content/rules/francisfrith.com.xml
new file mode 100644
index 000000000000..2f487fc62bf2
--- /dev/null
+++ b/src/chrome/content/rules/francisfrith.com.xml
@@ -0,0 +1,39 @@
+<!--
+	^francisfrith.com: 403
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .francisfrith.com
+		- www.francisfrith.com
+
+-->
+<ruleset name="Francis Frith.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="creative.francisfrith.com" />
+	<target host="photos.francisfrith.com" />
+	<target host="www.francisfrith.com" />
+
+	<!--	Complications:
+				-->
+	<target host="francisfrith.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.francisfrith\.com$" name="^_(?:country_ip|locale)$" /-->
+	<!--securecookie host="^www\.francisfrith\.com$" name="^(?:_basked_id_uk|_session_id|ahoy_(?:track|visit|visitor)|split)$" /-->
+
+	<securecookie host="^\." name="^_(?:country_ip|locale)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://francisfrith\.com/"
+		to="https://www.francisfrith.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/frankfurt-university.de.xml b/src/chrome/content/rules/frankfurt-university.de.xml
new file mode 100644
index 000000000000..375144e52fc8
--- /dev/null
+++ b/src/chrome/content/rules/frankfurt-university.de.xml
@@ -0,0 +1,13 @@
+<ruleset name="frankfurt-university.de">
+	<target host="frankfurt-university.de" />
+	<target host="*.frankfurt-university.de" />
+    	<test url="http://idm.frankfurt-university.de/" />
+    	<test url="http://webmail.frankfurt-university.de/" />
+    	<test url="http://intranet.frankfurt-university.de/" />
+
+	<exclusion pattern="^http://sea-[0-9][0-9]\.cit\.frankfurt-university\.de:32224/" />
+    	<test url="http://sea-01.cit.frankfurt-university.de:32224/" />
+    	<test url="http://sea-02.cit.frankfurt-university.de:32224/" />
+    
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/fraudmetrix.cn.xml b/src/chrome/content/rules/fraudmetrix.cn.xml
new file mode 100644
index 000000000000..9c27c3e64858
--- /dev/null
+++ b/src/chrome/content/rules/fraudmetrix.cn.xml
@@ -0,0 +1,16 @@
+<ruleset name="fraudmetrix.cn">
+	<target host="fraudmetrix.cn" />
+	<target host="www.fraudmetrix.cn" />
+	<target host="api.fraudmetrix.cn" />
+		<test url="http://api.fraudmetrix.cn/riskService" />
+	<target host="fp.fraudmetrix.cn" />
+	<target host="fp-int.fraudmetrix.cn" />
+	<target host="fptest.fraudmetrix.cn" />
+	<target host="portal.fraudmetrix.cn" />
+	<target host="portaltest.fraudmetrix.cn" />
+	<target host="static.fraudmetrix.cn" />
+		<test url="http://static.fraudmetrix.cn/clear.swf" />
+	<target host="statictest.fraudmetrix.cn" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/fredrikolofsson.com.xml b/src/chrome/content/rules/fredrikolofsson.com.xml
new file mode 100644
index 000000000000..5eed9129d13a
--- /dev/null
+++ b/src/chrome/content/rules/fredrikolofsson.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="Fredrik Olofsson.com">
+
+	<target host="fredrikolofsson.com" />
+	<target host="www.fredrikolofsson.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/free-artwork.org.xml b/src/chrome/content/rules/free-artwork.org.xml
new file mode 100644
index 000000000000..8577365c9718
--- /dev/null
+++ b/src/chrome/content/rules/free-artwork.org.xml
@@ -0,0 +1,12 @@
+<!--
+	For other openDesktop rules, see openDesktop.org.xml
+
+-->
+<ruleset name="Free-artwork.org">
+
+	<target host="free-artwork.org" />
+	<target host="www.free-artwork.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/free-torrents.org.xml b/src/chrome/content/rules/free-torrents.org.xml
new file mode 100644
index 000000000000..d941524f55b5
--- /dev/null
+++ b/src/chrome/content/rules/free-torrents.org.xml
@@ -0,0 +1,25 @@
+<!--
+d.free-torrents.org ¹
+al12.d.free-torrents.org ¹
+al15.d.free-torrents.org ¹
+al21.d.free-torrents.org ¹
+al27.d.free-torrents.org ¹
+ns.free-torrents.org ¹
+ns1.free-torrents.org ¹
+s.free-torrents.org ¹
+static.free-torrents.org mixed content
+
+
+¹ mismatch
+-->
+<ruleset name="free-torrents.org">
+	<target host="free-torrents.org" />
+	<target host="www.free-torrents.org" />
+	<target host="bt.free-torrents.org" />
+	<target host="dl.free-torrents.org" />
+	<target host="login.free-torrents.org" />
+	<target host="pm.free-torrents.org" />
+	<target host="tr.free-torrents.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/freeactionscript.com.xml b/src/chrome/content/rules/freeactionscript.com.xml
new file mode 100644
index 000000000000..2643ad8314fb
--- /dev/null
+++ b/src/chrome/content/rules/freeactionscript.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="freeactionscript.com">
+	<target host="freeactionscript.com" />
+	<target host="www.freeactionscript.com" />
+	<target host="autodiscover.freeactionscript.com" />
+	<target host="cpanel.freeactionscript.com" />
+	<target host="webdisk.freeactionscript.com" />
+	<target host="webmail.freeactionscript.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/freeboard.io.xml b/src/chrome/content/rules/freeboard.io.xml
new file mode 100644
index 000000000000..a40de175f113
--- /dev/null
+++ b/src/chrome/content/rules/freeboard.io.xml
@@ -0,0 +1,20 @@
+<!--
+	Mismatch:
+		- www.freeboard.io
+		- vz.freeboard.io
+
+	Server down (503):
+		renesas.freeboard.io
+-->
+<ruleset name="freeboard.io">
+	<target host="freeboard.io" />
+	<target host="www.freeboard.io" />
+	<target host="alpha.freeboard.io" />
+	<target host="openxc.freeboard.io" />
+	<target host="thingproxy.freeboard.io" />
+
+	<rule from="^http://www\.freeboard\.io/"
+		to="https://freeboard.io/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/freecode.club.xml b/src/chrome/content/rules/freecode.club.xml
new file mode 100644
index 000000000000..947c64a197d0
--- /dev/null
+++ b/src/chrome/content/rules/freecode.club.xml
@@ -0,0 +1,20 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://freecode.club/ => https://freecode.club/: (51, "SSL: no alternative certificate subject name matches target host name 'freecode.club'")
+Fetch error: http://www.freecode.club/ => https://www.freecode.club/: (51, "SSL: no alternative certificate subject name matches target host name 'www.freecode.club'")
+
+-->
+<ruleset name="freecode.club" default_off="failed ruleset test">
+
+	<target host="freecode.club" />
+	<target host="www.freecode.club" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/freedom-leisure.co.uk.xml b/src/chrome/content/rules/freedom-leisure.co.uk.xml
new file mode 100644
index 000000000000..3857b4d82515
--- /dev/null
+++ b/src/chrome/content/rules/freedom-leisure.co.uk.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.freedom-leisure.co.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Freedom-Leisure.co.uk">
+
+	<target host="freedom-leisure.co.uk" />
+	<target host="www.freedom-leisure.co.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.freedom-leisure\.co\.uk$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\." name="^_ga" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/freedom-vrn.ru.xml b/src/chrome/content/rules/freedom-vrn.ru.xml
new file mode 100644
index 000000000000..ee000cb505a9
--- /dev/null
+++ b/src/chrome/content/rules/freedom-vrn.ru.xml
@@ -0,0 +1,23 @@
+<!--
+freedom-vrn.ru mismatch
+www.freedom-vrn.ru mismatch
+tv.freedom-vrn.ru mismatch
+coder.freedom-vrn.ru mismatch
+nadosuge.freedom-vrn.ru mismatch
+on.freedom-vrn.ru mismatch
+ierogliph.freedom-vrn.ru mismatch
+automir.freedom-vrn.ru mismatch
+open.freedom-vrn.ru mismatch
+altivi.freedom-vrn.ru mismatch
+forum.freedom-vrn.ru timed out
+torrents.freedom-vrn.ru timed out
+647.freedom-vrn.ru mismatch
+ombudsman.freedom-vrn.ru mismatch
+radio.freedom-vrn.ru mismatch
+-->
+<ruleset name="freedom-vrn.ru (partial)">
+	<target host="statserv.freedom-vrn.ru" />
+	<target host="pay.freedom-vrn.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/freedommunitions.com.xml b/src/chrome/content/rules/freedommunitions.com.xml
new file mode 100644
index 000000000000..295166960cc5
--- /dev/null
+++ b/src/chrome/content/rules/freedommunitions.com.xml
@@ -0,0 +1,29 @@
+<!--
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- www.freedommunitions.com
+		- .www.freedommunitions.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Freedom Munitions.com">
+
+	<target host="freedommunitions.com" />
+	<target host="www.freedommunitions.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.freedommunitions\.com$" name="^CACHED_FRONT_FORM_KEY$" /-->
+	<!--securecookie host="^\.www\.freedommunitions\.com$" name="^(?:CART|frontend|mltkc)$" /-->
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\.www\." name=".+" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/freedomsphoenix.com.xml b/src/chrome/content/rules/freedomsphoenix.com.xml
new file mode 100644
index 000000000000..aa858b8bbdd9
--- /dev/null
+++ b/src/chrome/content/rules/freedomsphoenix.com.xml
@@ -0,0 +1,24 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .www.freedomsphoenix.com
+
+-->
+<ruleset name="Freedoms Phoenix.com">
+
+	<target host="freedomsphoenix.com" />
+	<target host="www.freedomsphoenix.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.www\.freedomsphoenix\.com$" name="^FP_SESSION$" /-->
+
+	<securecookie host="^\.www\." name=".+" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/freedos.org.xml b/src/chrome/content/rules/freedos.org.xml
new file mode 100644
index 000000000000..aa21fcae0745
--- /dev/null
+++ b/src/chrome/content/rules/freedos.org.xml
@@ -0,0 +1,12 @@
+<!--
+        Refused:
+                wiki.freedos.org
+-->
+<ruleset name="freedos.org">
+	<target host="freedos.org" />
+	<target host="www.freedos.org" />
+	<target host="personal.freedos.org" />
+	<target host="test.freedos.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/freehookupsearch.com.xml b/src/chrome/content/rules/freehookupsearch.com.xml
new file mode 100644
index 000000000000..7c7b1adf96b4
--- /dev/null
+++ b/src/chrome/content/rules/freehookupsearch.com.xml
@@ -0,0 +1,43 @@
+<!--
+	Nonfunctional hosts in *freehookupsearch.com:
+
+		- a.photos ⁴
+
+	⁴ 404
+
+
+	Problematic hosts in *freehookupsearch.com:
+
+		- [ac].photos ᵐ
+
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- freehookupsearch.com
+		- .freehookupsearch.com
+		- www.freehookupsearch.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Free Hookup Search.com (partial)">
+
+	<target host="freehookupsearch.com" />
+	<target host="www.freehookupsearch.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^freehookupsearch\.com$" name="^SRV$" /-->
+	<!--securecookie host="^\.freehookupsearch\.com$" name="^t$" /-->
+	<!--securecookie host="^www\.freehookupsearch\.com$" name="^(?:PHPSESSID|SRV)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/freelyshout.com.xml b/src/chrome/content/rules/freelyshout.com.xml
new file mode 100644
index 000000000000..59eb2ce1cd4c
--- /dev/null
+++ b/src/chrome/content/rules/freelyshout.com.xml
@@ -0,0 +1,14 @@
+<ruleset name="Freelyshout.com">
+
+	<target host="freelyshout.com" />
+	<target host="www.freelyshout.com" />
+
+
+	<securecookie host="^\." name="_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/freenode.xml b/src/chrome/content/rules/freenode.xml
new file mode 100644
index 000000000000..f8e1542c31fd
--- /dev/null
+++ b/src/chrome/content/rules/freenode.xml
@@ -0,0 +1,20 @@
+<!--
+	No working URL known:
+		www.freenode.org (404)
+
+-->
+<ruleset name="freenode">
+
+	<target host="freenode.net" />
+	<target host="www.freenode.net" />
+	<target host="blog.freenode.net" />
+	<target host="webchat.freenode.net" />
+
+	<target host="freenode.org" />
+
+    <securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/freeovi.com.xml b/src/chrome/content/rules/freeovi.com.xml
new file mode 100644
index 000000000000..c19bb504c553
--- /dev/null
+++ b/src/chrome/content/rules/freeovi.com.xml
@@ -0,0 +1,30 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.freeovi.com/ => https://www.freeovi.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.freeovi.com'")
+Fetch error: http://freeovi.com/ => https://www.freeovi.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.freeovi.com'")
+
+	^freeovi.com: Refused
+
+-->
+<ruleset name="free OVI.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.freeovi.com" />
+
+	<!--	Complications:
+				-->
+	<target host="freeovi.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://freeovi\.com/"
+		to="https://www.freeovi.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/freerunet.ru.xml b/src/chrome/content/rules/freerunet.ru.xml
new file mode 100644
index 000000000000..0ccfca26678f
--- /dev/null
+++ b/src/chrome/content/rules/freerunet.ru.xml
@@ -0,0 +1,12 @@
+<!--
+www.freerunet.ru self signed
+-->
+<ruleset name="freerunet.ru" platform="mixedcontent">
+	<target host="freerunet.ru" />
+	<target host="www.freerunet.ru" />
+
+	<rule from="^http://www\.freerunet\.ru/"
+		to="https://freerunet.ru/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/freetalklive.com.xml b/src/chrome/content/rules/freetalklive.com.xml
new file mode 100644
index 000000000000..5d527b8a311e
--- /dev/null
+++ b/src/chrome/content/rules/freetalklive.com.xml
@@ -0,0 +1,86 @@
+<!--
+	Problematic hosts in *freetalklive.com:
+
+		- amp ᵈ
+		- cam ᵈ
+		- gear ᵈ
+		- listen ᵈ
+
+	ᵈ Dropped
+
+
+	Mixed content:
+
+		- css on www from i\d.wp.com ˢ
+		- Images on www from i\d.wp.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Free Talk Live.com" platform="mixedcontent">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="freetalklive.com" />
+	<target host="www.freetalklive.com" />
+
+	<!--	Complications:
+				-->
+	<target host="amp.freetalklive.com" />
+	<target host="cam.freetalklive.com" />
+	<target host="listen.freetalklive.com" />
+
+		<!--	Mixed css:
+					-->
+		<!--test url="http://www.freetalklive.com/blog" /-->
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<!--	Redirect keeps args:
+					-->
+	<rule from="^http://amp\.freetalklive\.com/(?=$|\?)"
+		to="https://www.freetalklive.com/amp" />
+
+		<test url="http://amp.freetalklive.com/?" />
+
+	<!--	Redirect keeps all:
+					-->
+	<rule from="^http://amp\.freetalklive\.com/"
+		to="https://www.freetalklive.com/amp/" />
+
+		<test url="http://amp.freetalklive.com/index.htm" />
+
+	<!--	Redirect keeps args:
+					-->
+	<rule from="^http://cam\.freetalklive\.com/(?=$|\?)"
+		to="https://www.freetalklive.com/studio" />
+
+		<test url="http://cam.freetalklive.com/?" />
+
+	<!--	Redirect keeps all:
+					-->
+	<rule from="^http://cam\.freetalklive\.com/"
+		to="https://www.freetalklive.com/studio/" />
+
+		<test url="http://cam.freetalklive.com/index.htm" />
+
+	<!--	Redirect keeps args:
+					-->
+	<rule from="^http://listen\.freetalklive\.com/(?=$|\?)"
+		to="https://www.freetalklive.com/listen/live" />
+
+		<test url="http://listen.freetalklive.com/?" />
+
+	<!--	Redirect keeps all:
+					-->
+	<rule from="^http://listen\.freetalklive\.com/"
+		to="https://www.freetalklive.com/listen/live/" />
+
+		<test url="http://listen.freetalklive.com/index.htm" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/freetype.org.xml b/src/chrome/content/rules/freetype.org.xml
new file mode 100644
index 000000000000..a325f087bbb8
--- /dev/null
+++ b/src/chrome/content/rules/freetype.org.xml
@@ -0,0 +1,22 @@
+<!--
+	Mixed content:
+
+		- css from fonts.googleapis.com ˢ
+		- Bug from api.flattr.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="FreeType.org">
+
+	<target host="freetype.org" />
+	<target host="www.freetype.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/freewebsitetemplates.com.xml b/src/chrome/content/rules/freewebsitetemplates.com.xml
new file mode 100644
index 000000000000..61c13f8d8f24
--- /dev/null
+++ b/src/chrome/content/rules/freewebsitetemplates.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="freewebsitetemplates.com">
+  <target host="www.freewebsitetemplates.com" />
+  <target host="freewebsitetemplates.com" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/fregat.net.xml b/src/chrome/content/rules/fregat.net.xml
new file mode 100644
index 000000000000..4afcfe022b38
--- /dev/null
+++ b/src/chrome/content/rules/fregat.net.xml
@@ -0,0 +1,79 @@
+<!--
+www.fregat.net ³
+ap1.fregat.net ³
+ap10.fregat.net ³
+ap11.fregat.net ³
+ap12.fregat.net ³
+ap2.fregat.net ³
+ap3.fregat.net ³
+ap4.fregat.net ³
+ap5.fregat.net ³
+ap6.fregat.net ³
+ap7.fregat.net ³
+ap8.fregat.net ³
+ap9.fregat.net ³
+cloud-01.fregat.net ³
+core-dp-01.fregat.net ²
+core-zp-01.fregat.net ²
+eye.fregat.net ²
+gitlab.fregat.net ³
+hard.fregat.net ³
+home.fregat.net ³
+itv.fregat.net ²
+mail.fregat.net ⁴
+mail-new.fregat.net ⁴
+maps.fregat.net ²
+mx-fra-01.fregat.net ²
+nas-dnz-06.fregat.net ³
+nas-dnz-07.fregat.net ³
+nas-k12-03.fregat.net ³
+nas-k12-04.fregat.net ³
+nas-kbz-01.fregat.net ³
+nas-kbz-02.fregat.net ³
+nas-krc-01.fregat.net ³
+nas-krc-02.fregat.net ³
+nas-krc-03.fregat.net ³
+nas-nsk-01.fregat.net ³
+nas-nsk-02.fregat.net ³
+nas-nsk-03.fregat.net ³
+nas-ord-01.fregat.net ³
+nas-pvl-01.fregat.net ³
+nas-pvl-02.fregat.net ³
+nas-pvl-03.fregat.net ³
+nas-pvl-04.fregat.net ³
+nas-ubl-01.fregat.net ³
+nas-zhv-01.fregat.net ³
+nas-zhv-02.fregat.net ³
+nas-zhv-03.fregat.net ³
+nas-zhv-04.fregat.net ³
+noc.fregat.net ²
+noc-dz.fregat.net ²
+ns.fregat.net ²
+ns2.fregat.net ²
+ns3.fregat.net ²
+otrs.fregat.net ²
+fe.ott.fregat.net ⁴
+smtp.fregat.net ⁵
+stb-updates.fregat.net ⁴
+stream.fregat.net ³
+streamer-hls.fregat.net ²
+tv-api.fregat.net ⁴
+view.fregat.net ³
+view-dp.fregat.net ³
+view-kr.fregat.net ³
+view-nsk.fregat.net ³
+voip.fregat.net ³
+voip-chk.fregat.net ³
+wiki.fregat.net ³
+
+
+² refused
+³ timed out
+⁴ self signed
+⁵ expired
+-->
+<ruleset name="fregat.net (partial)">
+	<target host="info.fregat.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/freie-netzwerke.de.xml b/src/chrome/content/rules/freie-netzwerke.de.xml
new file mode 100644
index 000000000000..eac9bbf02ef3
--- /dev/null
+++ b/src/chrome/content/rules/freie-netzwerke.de.xml
@@ -0,0 +1,15 @@
+<!--
+	Invalid certificate:
+		freie-netzwerke.de
+		mailman.freie-netzwerke.de
+-->
+<ruleset name="freie-netzwerke.de">
+
+	<target host="foerderverein.freie-netzwerke.de" />
+	<target host="oc.freie-netzwerke.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/freifunk-rhein-neckar.de.xml b/src/chrome/content/rules/freifunk-rhein-neckar.de.xml
new file mode 100644
index 000000000000..d1f3d44fec4c
--- /dev/null
+++ b/src/chrome/content/rules/freifunk-rhein-neckar.de.xml
@@ -0,0 +1,56 @@
+<!--
+	Invalid certificate:
+		hole.ffrn.de
+		netbox.ffrn.de
+
+	Not found:
+		lists.freifunk-rhein-neckar.de
+		ffrn-c46e1fa11d8a.nodes.ffrn.de
+		survey.ffrn.de
+		webirc.ffrn.de
+
+	Redirect loop:
+		netcheck.ffrn.de
+
+	Timeout:
+		rt.ffrn.de
+		unifi.ffrn.de
+-->
+<ruleset name="Freifunk Rhein-Neckar">
+
+	<target host="freifunk-rhein-neckar.de" />
+	<target host="www.freifunk-rhein-neckar.de" />
+	<target host="blog.freifunk-rhein-neckar.de" />
+	<target host="fw.freifunk-rhein-neckar.de" />
+	<target host="map.freifunk-rhein-neckar.de" />
+	<target host="register.freifunk-rhein-neckar.de" />
+	<target host="wiki.freifunk-rhein-neckar.de" />
+
+	<target host="ffrn.de" />
+	<target host="www.ffrn.de" />
+	<target host="blog.ffrn.de" />
+	<target host="chat.ffrn.de" />
+	<target host="dudle.ffrn.de" />
+	<target host="forum.ffrn.de" />
+	<target host="fw.ffrn.de" />
+	<target host="git.ffrn.de" />
+	<target host="lists.ffrn.de" />
+	<target host="m.ffrn.de" />
+	<target host="map.ffrn.de" />
+	<target host="overview.ffrn.de" />
+	<target host="pads.ffrn.de" />
+	<target host="paste.ffrn.de" />
+	<target host="reg.ffrn.de" />
+	<target host="s.ffrn.de" />
+	<target host="stats.ffrn.de" />
+	<target host="status.ffrn.de" />
+	<target host="tickets.ffrn.de" />
+	<target host="tiles.ffrn.de" />
+	<target host="w.ffrn.de" />
+	<target host="wiki.ffrn.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/freifunk-rheinland.net.xml b/src/chrome/content/rules/freifunk-rheinland.net.xml
new file mode 100644
index 000000000000..3f39c62144de
--- /dev/null
+++ b/src/chrome/content/rules/freifunk-rheinland.net.xml
@@ -0,0 +1,39 @@
+<!--
+	Invalid certificate:
+		mailman.freifunk-rheinland.net
+		postfix.freifunk-rheinland.net
+		wupper.freifunk-rheinland.net
+		gl.wupper.freifunk-rheinland.net
+		alt.map.gl.wupper.freifunk-rheinland.net
+
+	Not found:
+		cdb.freifunk-rheinland.net
+		forum.freifunk-rheinland.net
+		map.freifunk-rheinland.net
+		moehne-vis.freifunk-rheinland.net
+		observium.freifunk-rheinland.net
+		firmware.wupper.freifunk-rheinland.net
+		map.wupper.freifunk-rheinland.net
+
+	Timeout:
+		counts.freifunk-rheinland.net
+		ffmap.freifunk-rheinland.net
+		schinken.freifunk-rheinland.net
+-->
+<ruleset name="Freifunk Rheinland">
+
+	<target host="freifunk-rheinland.net" />
+	<target host="www.freifunk-rheinland.net" />
+	<target host="mail.freifunk-rheinland.net" />
+	<target host="mumble.freifunk-rheinland.net" />
+	<target host="ticket.freifunk-rheinland.net" />
+	<target host="wiki.freifunk-rheinland.net" />
+	<target host="map.gek.wupper.freifunk-rheinland.net" />
+	<target host="firmware.gl.wupper.freifunk-rheinland.net" />
+	<target host="images.gl.wupper.freifunk-rheinland.net" />
+	<target host="map.gl.wupper.freifunk-rheinland.net" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/freizeitparkweb.de.xml b/src/chrome/content/rules/freizeitparkweb.de.xml
new file mode 100644
index 000000000000..8123fb2b7696
--- /dev/null
+++ b/src/chrome/content/rules/freizeitparkweb.de.xml
@@ -0,0 +1,12 @@
+<!--
+	Invalid certificate:
+		wiki.freizeitparkweb.de
+-->
+<ruleset name="Freizeitparkweb" platform="mixedcontent">
+
+	<target host="freizeitparkweb.de" />
+	<target host="www.freizeitparkweb.de" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/freshmeat.club.xml b/src/chrome/content/rules/freshmeat.club.xml
new file mode 100644
index 000000000000..3131046d2fba
--- /dev/null
+++ b/src/chrome/content/rules/freshmeat.club.xml
@@ -0,0 +1,20 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://freshmeat.club/ => https://freshmeat.club/: (6, 'Could not resolve host: freshmeat.club')
+Fetch error: http://www.freshmeat.club/ => https://www.freshmeat.club/: (6, 'Could not resolve host: www.freshmeat.club')
+
+-->
+<ruleset name="freshmeat.club" default_off="failed ruleset test">
+
+	<target host="freshmeat.club" />
+	<target host="www.freshmeat.club" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/fri-gate.org.xml b/src/chrome/content/rules/fri-gate.org.xml
new file mode 100644
index 000000000000..1068f65085b9
--- /dev/null
+++ b/src/chrome/content/rules/fri-gate.org.xml
@@ -0,0 +1,13 @@
+<!--
+forum.fri-gate.org ¹
+ip.fri-gate.org ¹
+
+
+¹ mismatch
+-->
+<ruleset name="fri-gate.org">
+	<target host="fri-gate.org" />
+	<target host="www.fri-gate.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/friday.ru.xml b/src/chrome/content/rules/friday.ru.xml
new file mode 100644
index 000000000000..889dd0d25a80
--- /dev/null
+++ b/src/chrome/content/rules/friday.ru.xml
@@ -0,0 +1,177 @@
+<!--
+m.american-fiance.friday.ru ¹
+asus.friday.ru ¹
+blockbusters-map.friday.ru non-2xx http code
+cuba.friday.ru ⁴
+devel.friday.ru ³
+music.devel.friday.ru ³
+news.devel.friday.ru ³
+show.devel.friday.ru ³
+video.devel.friday.ru ³
+electrolux.friday.ru ¹
+www.izbalovannye.friday.ru ¹
+kagocel.friday.ru ¹
+www.kvm.friday.ru ¹
+www.kvm1.friday.ru ¹
+letuchayasvyaz.friday.ru ⁵
+www.music.friday.ru ¹
+m.news.friday.ru ¹
+www.oir-krugosvetka.friday.ru ¹
+www.orel-i-reshka-na-krayu-sveta.friday.ru ¹
+www.raiffeisen.friday.ru ¹
+orel.i.reshka.friday.ru ¹
+www.revizorro.friday.ru ¹
+rambler.ru.friday.ru ¹
+schauma.friday.ru ⁴
+store.friday.ru ³
+vibejump.friday.ru ¹
+www.video.friday.ru ¹
+m.video.friday.ru ¹
+virus.friday.ru different content
+
+
+¹ mismatch
+³ timed out
+⁴ self signed
+⁵ expired
+-->
+<ruleset name="friday.ru">
+	<target host="friday.ru" />
+	<target host="www.friday.ru" />
+	<target host="aferisty-v-setyah.friday.ru" />
+	<target host="american-fiance.friday.ru" />
+	<target host="arrow.friday.ru" />
+	<target host="baryshnya.friday.ru" />
+	<target host="bitva-rieltorov.friday.ru" />
+	<target host="bitva-salonov.friday.ru" />
+	<target host="bitvarestoranov.friday.ru" />
+	<target host="blockbusters.friday.ru" />
+	<target host="bogach-bednyak.friday.ru" />
+	<target host="boginya-shopinga.friday.ru" />
+	<target host="bolshaya-raznica.friday.ru" />
+	<target host="bolshie-chuvstva.friday.ru" />
+	<target host="bolshoy-chemodan.friday.ru" />
+	<target host="champions.friday.ru" />
+	<target host="cougar-town.friday.ru" />
+	<target host="crusoe.friday.ru" />
+	<target host="csi.friday.ru" />
+	<target host="dangerous-tour.friday.ru" />
+	<target host="defiance.friday.ru" />
+	<target host="dexter.friday.ru" />
+	<target host="doctor-komarivskiy.friday.ru" />
+	<target host="durnushek-net.friday.ru" />
+	<target host="earthflight.friday.ru" />
+	<target host="eda.friday.ru" />
+	<target host="emily-owens-md.friday.ru" />
+	<target host="esh-hudey.friday.ru" />
+	<target host="est-odin-sekret.friday.ru" />
+	<target host="evolve.friday.ru" />
+	<target host="ex-na-plyazhe.friday.ru" />
+	<target host="falling-skies.friday.ru" />
+	<target host="feed.friday.ru" />
+	<target host="golodnye-igry.friday.ru" />
+	<target host="hello-russia.friday.ru" />
+	<target host="heroes.friday.ru" />
+	<target host="jamie-oliver.friday.ru" />
+	<target host="kak-fishka-lyazhet.friday.ru" />
+	<target host="klinika.friday.ru" />
+	<target host="kurortniy-roman.friday.ru" />
+	<target host="kvm.friday.ru" />
+	<target host="kvm-superigra.friday.ru" />
+	<target host="kvm1.friday.ru" />
+	<target host="lesya-zdesya.friday.ru" />
+	<target host="lietome.friday.ru" />
+	<target host="lyudi-pyatnicy.friday.ru" />
+	<target host="m.friday.ru" />
+	<target host="madam-magazzino.friday.ru" />
+	<target host="magazzino.friday.ru" />
+	<target host="mahabharata.friday.ru" />
+	<target host="mail.friday.ru" />
+	<target host="mail1.friday.ru" />
+	<target host="mail2.friday.ru" />
+	<target host="milye-obmanschicy-serial.friday.ru" />
+	<target host="mir-naiznanku.friday.ru" />
+	<target host="modu-narodu.friday.ru" />
+	<target host="movies.friday.ru" />
+	<target host="music.friday.ru" />
+	<target host="muzyka.friday.ru" />
+	<target host="mythbusters.friday.ru" />
+	<target host="na-nozhah.friday.ru" />
+	<target host="nastoyaschie.friday.ru" />
+	<target host="ne-brosay-menya.friday.ru" />
+	<target host="ne-zlite-devochek.friday.ru" />
+	<target host="new-girl.friday.ru" />
+	<target host="newmail.friday.ru" />
+	<target host="news.friday.ru" />
+	<target host="obraschenie-ksenii-sobchak.friday.ru" />
+	<target host="oir-jubilee.friday.ru" />
+	<target host="oir-krugosvetka.friday.ru" />
+	<target host="oligarh-tv.friday.ru" />
+	<target host="orel-i-reshka-map.friday.ru" />
+	<target host="orel-i-reshka-na-krayu-sveta.friday.ru" />
+	<target host="orel-i-reshka-neizvedannaya-evropa.friday.ru" />
+	<target host="orel-i-reshka-shoping.friday.ru" />
+	<target host="originals.friday.ru" />
+	<target host="parodice.friday.ru" />
+	<target host="partners.friday.ru" />
+	<target host="patsanki.friday.ru" />
+	<target host="patsanki-get-home.friday.ru" />
+	<target host="photo.friday.ru" />
+	<target host="planet-earth.friday.ru" />
+	<target host="plohie-devchonki.friday.ru" />
+	<target host="pma.friday.ru" />
+	<target host="police-academy-series.friday.ru" />
+	<target host="polovinki.friday.ru" />
+	<target host="primanka.friday.ru" />
+	<target host="provodnik.friday.ru" />
+	<target host="pyatnica-news.friday.ru" />
+	<target host="racers.friday.ru" />
+	<target host="radio-piatniza.friday.ru" />
+	<target host="radiosex.friday.ru" />
+	<target host="revizorro.friday.ru" />
+	<target host="revizorro-show.friday.ru" />
+	<target host="rizhie.friday.ru" />
+	<target host="robin-food.friday.ru" />
+	<target host="russian-humour.friday.ru" />
+	<target host="schedule.friday.ru" />
+	<target host="sciense-environment.friday.ru" />
+	<target host="sdelka.friday.ru" />
+	<target host="sekretnye-materialy-shou-biza.friday.ru" />
+	<target host="sexandthecity.friday.ru" />
+	<target host="shit-i-mech.friday.ru" />
+	<target host="shkaf.friday.ru" />
+	<target host="show.friday.ru" />
+	<target host="shurochka.friday.ru" />
+	<target host="smeshariki.friday.ru" />
+	<target host="souzmultfilm.friday.ru" />
+	<target host="spletnitsa.friday.ru" />
+	<target host="stargate-atlantida.friday.ru" />
+	<target host="static.friday.ru" />
+	<target host="stickerorro.friday.ru" />
+	<target host="super-heroes.friday.ru" />
+	<target host="supernatural.friday.ru" />
+	<target host="sverhestestvennye.friday.ru" />
+	<target host="svidanie-so-zvezdoy.friday.ru" />
+	<target host="tainaya-komnata.friday.ru" />
+	<target host="tajny-kurortnogo-otelja.friday.ru" />
+	<target host="tayny-moskovskogo-kremlya.friday.ru" />
+	<target host="teen-wolf.friday.ru" />
+	<target host="the-lost-world.friday.ru" />
+	<target host="torchwood.friday.ru" />
+	<target host="tudors.friday.ru" />
+	<target host="tvoyu-mamu.friday.ru" />
+	<target host="ulichnaya-magiya.friday.ru" />
+	<target host="v-poiskah-raya.friday.ru" />
+	<target host="vampire-dairy.friday.ru" />
+	<target host="veru-ne-veru.friday.ru" />
+	<target host="video.friday.ru" />
+	<target host="vrumiz.friday.ru" />
+	<target host="warehouse-13.friday.ru" />
+	<target host="youtubinsk.friday.ru" />
+	<target host="zdravstvuite-ya-vasha-pyatnica.friday.ru" />
+	<target host="zhannepozheni.friday.ru" />
+	<target host="zhivie.friday.ru" />
+	<target host="zvezdanutie.friday.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/friendsofnra.org.xml b/src/chrome/content/rules/friendsofnra.org.xml
new file mode 100644
index 000000000000..4572e27d359d
--- /dev/null
+++ b/src/chrome/content/rules/friendsofnra.org.xml
@@ -0,0 +1,31 @@
+<!--
+	For other National Rifle Association coverage, see nra.org.xml.
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- friendsofnra.org
+		- eventtracker.friendsofnra.org
+		- www.friendsofnra.org
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Friends of NRA.org">
+
+	<target host="friendsofnra.org" />
+	<target host="eventtracker.friendsofnra.org" />
+	<target host="www.friendsofnra.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?friendsofnra\.org$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/frnci.com.xml b/src/chrome/content/rules/frnci.com.xml
new file mode 100644
index 000000000000..3247faba851e
--- /dev/null
+++ b/src/chrome/content/rules/frnci.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="frnci.com">
+	<target host="www.frnci.com" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/froggyNET.xml b/src/chrome/content/rules/froggyNET.xml
deleted file mode 100644
index 98bbddccf24b..000000000000
--- a/src/chrome/content/rules/froggyNET.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	Expired 2013-03-12
-
--->
-<ruleset name="froggyNET" default_off="expired, self-signed">
-
-	<target host="froggynet.com"/>
-	<target host="www.froggynet.com"/>
-
-	<!--	cert !match !www	-->
-	<rule from="^http://(?:www\.)?froggynet\.com/"
-		to="https://www.froggynet.com/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/fronter.com.xml b/src/chrome/content/rules/fronter.com.xml
new file mode 100644
index 000000000000..d3e4ae040d57
--- /dev/null
+++ b/src/chrome/content/rules/fronter.com.xml
@@ -0,0 +1,38 @@
+<!--
+	Nonfunctional hosts in *fronter.com:
+
+		- webfronter.us ʳ
+
+	ʳ Refused
+
+
+	Problematic hosts in *fronter.com:
+
+		- lists ᵉ ˢ
+
+	ᵉ Expired
+	ˢ Self-signed
+
+-->
+<ruleset name="Fronter.com (partial)">
+
+	<target host="fronter.com" />
+	<target host="brasil.fronter.com" />
+	<target host="cdn.fronter.com" />
+	<target host="eng.fronter.com" />
+	<target host="help.fronter.com" />
+	<target host="nor.fronter.com" />
+	<target host="login.fronter.com" />
+	<target host="pol.fronter.com" />
+	<target host="swe.fronter.com" />
+	<target host="www.fronter.com" />
+
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/fsoa.org.uk.xml b/src/chrome/content/rules/fsoa.org.uk.xml
new file mode 100644
index 000000000000..793e44bb02e0
--- /dev/null
+++ b/src/chrome/content/rules/fsoa.org.uk.xml
@@ -0,0 +1,13 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+			 - mail.fsoa.org.uk
+-->
+<ruleset name="FSOA.org.uk">
+	<target host="fsoa.org.uk" />
+	<target host="www.fsoa.org.uk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/fsrar.ru.xml b/src/chrome/content/rules/fsrar.ru.xml
new file mode 100644
index 000000000000..c4429293dadc
--- /dev/null
+++ b/src/chrome/content/rules/fsrar.ru.xml
@@ -0,0 +1,34 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://service.fsrar.ru/ => https://service.fsrar.ru/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://check1.fsrar.ru/ => https://check1.fsrar.ru/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+fsrar.ru ²
+www.fsrar.ru ²
+cfo.fsrar.ru ²
+dfo.fsrar.ru ²
+gibdd.fsrar.ru ²
+kfo.fsrar.ru ²
+pfo.fsrar.ru ²
+public.fsrar.ru ²
+sfo.fsrar.ru ²
+skfo.fsrar.ru ²
+szfo.fsrar.ru ²
+ufo.fsrar.ru ²
+urfo.fsrar.ru ²
+frap.fsrar.ru ²
+forum.fsrar.ru ²
+ca.fsrar.ru ³
+askp.fsrar.ru ³
+
+
+² refused
+³ timed out
+-->
+<ruleset name="fsrar.ru (partial)" default_off="failed ruleset test">
+	<target host="service.fsrar.ru" />
+	<target host="check1.fsrar.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ft-static.com.xml b/src/chrome/content/rules/ft-static.com.xml
new file mode 100644
index 000000000000..a61ed272edd7
--- /dev/null
+++ b/src/chrome/content/rules/ft-static.com.xml
@@ -0,0 +1,35 @@
+<!--
+	For other Financial Times coverage, see Financial_Times.xml.
+
+
+	CDN buckets:
+
+		- im.ft-static.com.edgesuite.net
+		- s[1-4].ft-static.com.edgesuite.net
+
+
+	Problematic hosts in *ft-static.com:
+
+		- s1 ᴬ
+		- s2 ᴬ
+
+	ᴬ Akamai / mismatched
+
+-->
+<ruleset name="FT-static.com (partial)">
+
+	<target host="im.ft-static.com" />
+	<target host="reg.ft-static.com" />
+	<target host="s4.ft-static.com" />
+	<target host="reg.test.ft-static.com" />
+	<target host="s4.test.ft-static.com" />
+
+		<test url="http://im.ft-static.com/content/images/b87240d4-a9a5-11dd-958b-000077b07658.img" />
+		<test url="http://im.ft-static.com/m/img/bullets/dot.gif" />
+		<test url="http://s4.ft-static.com/opentag/opentag-27295-31253.js" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ftp.rnl.tecnico.ulisboa.pt.xml b/src/chrome/content/rules/ftp.rnl.tecnico.ulisboa.pt.xml
new file mode 100644
index 000000000000..a8f29b0f4a48
--- /dev/null
+++ b/src/chrome/content/rules/ftp.rnl.tecnico.ulisboa.pt.xml
@@ -0,0 +1,14 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.ftp.rnl.tecnico.ulisboa.pt/ => https://www.ftp.rnl.tecnico.ulisboa.pt/: (6, 'Could not resolve host: www.ftp.rnl.tecnico.ulisboa.pt')
+
+  Software mirror provided by
+  the Department of Computer Science and Engineering of Tecnico Lisboa.
+-->
+<ruleset name="ftp.rnl.tecnico.ulisboa.pt" default_off="failed ruleset test">
+  <target host="ftp.rnl.tecnico.ulisboa.pt" />
+  <target host="www.ftp.rnl.tecnico.ulisboa.pt" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ftsafe.com.xml b/src/chrome/content/rules/ftsafe.com.xml
new file mode 100644
index 000000000000..905fd4a40ebe
--- /dev/null
+++ b/src/chrome/content/rules/ftsafe.com.xml
@@ -0,0 +1,19 @@
+<!--
+		Invalid certificate:
+			ftsafe.com.cn (unable to get local issuer certificate)
+			appdemo.ftsafe.com (unable to get local issuer certificate)
+			cn.ftsafe.com (unable to get local issuer certificate)
+-->
+<ruleset name="ftsafe.com">
+	<target host="ftsafe.com" />
+	<target host="www.ftsafe.com" />
+	<target host="demo.ftsafe.com" />
+	<target host="download.ftsafe.com" />
+	<target host="en.ftsafe.com" />
+	<target host="u2fdemo.ftsafe.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/fujitsu-webmart.com.xml b/src/chrome/content/rules/fujitsu-webmart.com.xml
new file mode 100644
index 000000000000..1f066964b4af
--- /dev/null
+++ b/src/chrome/content/rules/fujitsu-webmart.com.xml
@@ -0,0 +1,16 @@
+<!--
+	For other Fujitsu related rulesets, see Fujitsu.xml
+
+	Non-functional hosts in *.fujitsu-webmart.com:
+		Certificate mismatched:
+		- fujitsu-webmart.com
+		- www.fujitsu-webmart.com
+		- webmnt.fujitsu-webmart.com
+-->
+<ruleset name="Fujitsu (partial)" default_off="cert-invalid">
+	<target host="fujitsu-webmart.com" />
+	<target host="www.fujitsu-webmart.com" />
+	<target host="webmnt.fujitsu-webmart.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/full30.com.xml b/src/chrome/content/rules/full30.com.xml
new file mode 100644
index 000000000000..adf61e8b4e7c
--- /dev/null
+++ b/src/chrome/content/rules/full30.com.xml
@@ -0,0 +1,14 @@
+<ruleset name="Full30.com">
+
+	<target host="full30.com" />
+	<target host="www.full30.com" />
+
+
+	<securecookie host="^\." name="^(?:cfduid|__qca|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/fullstackpython.com.xml b/src/chrome/content/rules/fullstackpython.com.xml
new file mode 100644
index 000000000000..20c0250f0bef
--- /dev/null
+++ b/src/chrome/content/rules/fullstackpython.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="fullstackpython.com">
+	<target host="fullstackpython.com" />
+	<target host="www.fullstackpython.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/funke.press.xml b/src/chrome/content/rules/funke.press.xml
new file mode 100644
index 000000000000..20f38d657901
--- /dev/null
+++ b/src/chrome/content/rules/funke.press.xml
@@ -0,0 +1,18 @@
+<!--
+	Invalid certificate:
+		stage.server.video
+-->
+<ruleset name="funke.press">
+
+	<target host="content.video.funke.press" />
+	<target host="front.video.funke.press" />
+	<target host="stage.front.video.funke.press" />
+	<target host="server.video.funke.press" />
+	<target host="vod.video.funke.press" />
+	<target host="stage.vod.video.funke.press" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/funktionstjanster.se.xml b/src/chrome/content/rules/funktionstjanster.se.xml
new file mode 100644
index 000000000000..a9275cddbbd2
--- /dev/null
+++ b/src/chrome/content/rules/funktionstjanster.se.xml
@@ -0,0 +1,34 @@
+<!--
+	^funktionstjanster.se is NXDOMAIN.
+-->
+<ruleset name="funktionstjanster.se">
+	<target host="www.funktionstjanster.se" />
+	<target host="doc.funktionstjanster.se" />
+	<target host="eformular.funktionstjanster.se" />
+	<target host="etp.funktionstjanster.se" />
+	<target host="me.funktionstjanster.se" />
+	<target host="habo.me.funktionstjanster.se" />
+	<target host="mefiles.funktionstjanster.se" />
+	<target host="m00-mg-local.idp.funktionstjanster.se" />
+	<target host="m01-mg-local.idp.funktionstjanster.se" />
+	<target host="m02-mg-local.idp.funktionstjanster.se" />
+	<target host="m03-mg-local.idp.funktionstjanster.se" />
+	<target host="m04-mg-local.idp.funktionstjanster.se" />
+	<target host="m05-mg-local.idp.funktionstjanster.se" />
+	<target host="m06-mg-local.idp.funktionstjanster.se" />
+	<target host="m07-mg-local.idp.funktionstjanster.se" />
+	<target host="m08-mg-local.idp.funktionstjanster.se" />
+	<target host="m09-mg-local.idp.funktionstjanster.se" />
+	<target host="m00-mg-local.idpat.funktionstjanster.se" />
+	<target host="m05-mg-local.idpat.funktionstjanster.se" />
+	<target host="m06-mg-local.idpat.funktionstjanster.se" />
+	<target host="m00-mg-local.idpst.funktionstjanster.se" />
+	<target host="m05-mg-local.idpst.funktionstjanster.se" />
+	<target host="m00-mg-local.testidp.funktionstjanster.se" />
+	<target host="m01-mg-local.testidp.funktionstjanster.se" />
+	<target host="m02-mg-local.testidp.funktionstjanster.se" />
+	<target host="m03-mg-local.testidp.funktionstjanster.se" />
+	<target host="m04-mg-local.testidp.funktionstjanster.se" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/funtip.de.xml b/src/chrome/content/rules/funtip.de.xml
new file mode 100644
index 000000000000..7ce577a78a9f
--- /dev/null
+++ b/src/chrome/content/rules/funtip.de.xml
@@ -0,0 +1,14 @@
+<ruleset name="funtip.de">
+
+	<target host="static2.funtip.de" />
+
+		<test url="http://static2.funtip.de/static-img/ts_header.jpg" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/fusion.net.xml b/src/chrome/content/rules/fusion.net.xml
new file mode 100644
index 000000000000..9c22e11d5d59
--- /dev/null
+++ b/src/chrome/content/rules/fusion.net.xml
@@ -0,0 +1,40 @@
+<!--
+	Nonfunctional hosts in *fusion.net:
+
+		- about ᵈ
+
+	ᵈ Dropped
+
+
+	Problematic hosts in *fusion.net:
+
+		- interactive ᵐ
+		- www ʳ
+
+	ᵐ Mismatched
+	ʳ Refused, preemptable redirect
+
+-->
+<ruleset name="Fusion.net (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="fusion.net" />
+
+	<!--	Complications:
+				-->
+	<target host="www.fusion.net" />
+
+
+	<securecookie host=".+" name="^optimizely" />
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://www\.fusion\.net/"
+		to="https://fusion.net/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/futurezone.de.xml b/src/chrome/content/rules/futurezone.de.xml
new file mode 100644
index 000000000000..0e80859b1048
--- /dev/null
+++ b/src/chrome/content/rules/futurezone.de.xml
@@ -0,0 +1,30 @@
+<!--
+	Connection closed:
+		games.futurezone.de
+		nl.futurezone.de
+
+	Invalid certificate:
+		cue.aws.futurezone.de
+		dev5.aws.futurezone.de
+
+	Non-2xx HTTP code:
+		img.futurezone.de
+
+	Timeout:
+		dev[1-4].aws.futurezone.de
+		talk-dev.aws.futurezone.de
+-->
+<ruleset name="futurezone.de">
+
+	<target host="futurezone.de" />
+	<target host="www.futurezone.de" />
+	<target host="talk.aws.futurezone.de" />
+	<target host="beta.futurezone.de" />
+	<target host="go.futurezone.de" />
+	<target host="prod.futurezone.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/fuzeqna.com.xml b/src/chrome/content/rules/fuzeqna.com.xml
new file mode 100644
index 000000000000..4d4741663a5f
--- /dev/null
+++ b/src/chrome/content/rules/fuzeqna.com.xml
@@ -0,0 +1,5 @@
+<ruleset name="fuzeqna.com (partial)">
+	<target host="www.fuzeqna.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/fxsitecompat.com.xml b/src/chrome/content/rules/fxsitecompat.com.xml
new file mode 100644
index 000000000000..b6806f4d4b56
--- /dev/null
+++ b/src/chrome/content/rules/fxsitecompat.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="FX Site Compat.com">
+
+	<target host="fxsitecompat.com" />
+	<target host="www.fxsitecompat.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/g0v.news.xml b/src/chrome/content/rules/g0v.news.xml
new file mode 100644
index 000000000000..1dd094f50193
--- /dev/null
+++ b/src/chrome/content/rules/g0v.news.xml
@@ -0,0 +1,6 @@
+<ruleset name="g0v.news">
+	<target host="g0v.news" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/g10_Code.com.xml b/src/chrome/content/rules/g10_Code.com.xml
new file mode 100644
index 000000000000..1d2d61e6a6f2
--- /dev/null
+++ b/src/chrome/content/rules/g10_Code.com.xml
@@ -0,0 +1,20 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+			 - porta.g10code.com
+
+		SSL peer certificate was not OK:
+			 - bugs.g10code.com
+
+		4xx client error:
+			 - ftp.g10code.com
+-->
+<ruleset name="g10 Code.com">
+	<target host="g10code.com" />
+	<target host="www.g10code.com" />
+	<target host="kerckhoffs.g10code.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/g4s.com.xml b/src/chrome/content/rules/g4s.com.xml
new file mode 100644
index 000000000000..aefdd3f44ea2
--- /dev/null
+++ b/src/chrome/content/rules/g4s.com.xml
@@ -0,0 +1,152 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://meterreads.g4s.com/ => https://meterreads.g4s.com/: (51, "SSL: no alternative certificate subject name matches target host name 'meterreads.g4s.com'")
+Fetch error: http://www.careers.g4s.com/ => https://www.careers.g4s.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.careers.g4s.com'")
+
+	CDN buckets:
+
+		- s3.amazonaws.com/tribepad.g4s/
+		- d3lpyoo42b5obf.cloudfront.net
+
+
+	Nonfunctional hosts in *g4s.com:
+
+		- (www.)? ᶠ
+		- (www.)?annualreport ᵈ
+		- annualreport2014 ᵈ
+		- (www.)?au ᵈ
+		- (www.)?br ᶠ
+		- cgf2.ec ᶠ
+		- (www.)?gu ʳ
+		- (www.)?nz ᵈ
+		- www.safeguards ᶠ
+		- search ᵈ
+
+	ᵈ Dropped
+	ᶠ Handshake fails
+	ʳ Refused
+
+
+	Problematic hosts in *g4s.com:
+
+		- www.africajobs ᵐ
+		- www.amejobs ᵐ
+		- www.canadajobs ᵐ
+		- www.careers ᵐ
+		- autogestion.co ᶜ
+		- www.empleos ᵐ
+		- www.eventsjobsuk ᵐ
+		- www.greaterchinajobs ᵐ
+		- www.job ᵐ
+		- www.jobat ᵐ
+		- specialisttraining ᵐ
+		- www.technologycareers ᵐ
+		- www.ukjobs ᵐ
+		- www.usajobs ᵐ
+
+	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- africajobs.g4s.com
+		- .africajobs.g4s.com
+		- amejobs.g4s.com
+		- canadajobs.g4s.com
+		- .canadajobs.g4s.com
+		- careers.g4s.com
+		- .careers.g4s.com
+		- community.g4s.com
+		- empleos.g4s.com
+		- .empleos.g4s.com
+		- gis.g4s.com
+		- www.gis.g4s.com
+		- greaterchinajobs.g4s.com
+		- .greaterchinajobs.g4s.com
+		- job.g4s.com
+		- jobsat.g4s.com
+		- .jobsat.g4s.com
+		- www.specialisttraining.g4s.com
+		- technologycareers.g4s.com
+		- ukjobs.g4s.com
+		- usajobs.g4s.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- africajobs, careers, greaterchinajobs from $self ˢ
+			- amejobs, empleos, greaterchinajobs, jobsat, technologycareers, ukjobs from careers.g4s.com ˢ
+			- amejobs, canadajobs, careers, empleos, greaterchinajobs, jobsat, technologycareers, ukjobs, usajobs from cdn-[123].tribepad.com
+			- empleos from d3lpyoo42b5obf.cloudfront.net ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="G4S.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="africajobs.g4s.com" />
+	<target host="amejobs.g4s.com" />
+	<target host="extranet.au.g4s.com" />
+	<target host="canadajobs.g4s.com" />
+	<target host="careers.g4s.com" />
+	<!--target host="autogestion.co.g4s.com" /-->
+	<target host="community.g4s.com" />
+	<target host="empleos.g4s.com" />
+	<target host="eventsjobsuk.g4s.com" />
+	<target host="gis.g4s.com" />
+	<target host="www.gis.g4s.com" />
+	<target host="greaterchinajobs.g4s.com" />
+	<target host="job.g4s.com" />
+	<target host="jobsat.g4s.com" />
+	<target host="meterreads.g4s.com" />
+	<target host="www.specialisttraining.g4s.com" />
+	<target host="technologycareers.g4s.com" />
+	<target host="ukjobs.g4s.com" />
+	<target host="usajobs.g4s.com" />
+
+	<!--	Complications:
+				-->
+	<target host="www.africajobs.g4s.com" />
+	<target host="www.amejobs.g4s.com" />
+	<target host="www.canadajobs.g4s.com" />
+	<target host="www.careers.g4s.com" />
+	<target host="www.empleos.g4s.com" />
+	<target host="www.eventsjobsuk.g4s.com" />
+	<target host="www.greaterchinajobs.g4s.com" />
+	<target host="www.job.g4s.com" />
+	<target host="www.jobsat.g4s.com" />
+	<target host="specialisttraining.g4s.com" />
+	<target host="www.technologycareers.g4s.com" />
+	<target host="www.ukjobs.g4s.com" />
+	<target host="www.usajobs.g4s.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:(?:www\.)?gis|specialisttraining)\.g4s\.com$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^(?:africajobs|amejobs||canadajobs|careers|empleos|eventsjobsuk|greaterchinajobs|jobsat|technologycareers|ukjobs|usajobs)\.g4s\.com$" name="^(?:PHPSESSID$|X-Mapping-)" /-->
+	<!--securecookie host="^\.(?:africajobs|canadajobs|careers|emploes|greaterchinajobs|jobsat)\.g4s\.com$" name="^_icl_current_language$" /-->
+	<!--securecookie host="^community\.g4s\.com$" name="^X-Mapping-" /-->
+	<!--securecookie host="^job\.g4s\.com$" name="^(?:PHPSESSID$|X-Mapping-|lang_code$)" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://www\.(africajobs|amejobs|canadajobs|empleos|eventsjobsuk|greaterchinajobs|job|jobsat|technologycareers|ukjobs|usajobs)\.g4s\.com/"
+		to="https://$1.g4s.com/" />
+
+	<rule from="^http://specialisttraining\.g4s\.com/"
+		to="https://www.specialisttraining.g4s.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/gail.com.xml b/src/chrome/content/rules/gail.com.xml
new file mode 100644
index 000000000000..aa0d2fd235d6
--- /dev/null
+++ b/src/chrome/content/rules/gail.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="gail.com">
+	<target host="gail.com" />
+	<target host="www.gail.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/galette.eu.xml b/src/chrome/content/rules/galette.eu.xml
new file mode 100644
index 000000000000..fa07d7cea808
--- /dev/null
+++ b/src/chrome/content/rules/galette.eu.xml
@@ -0,0 +1,21 @@
+<!--
+	Mixed content:
+
+		- favicon from $self ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="galette.eu">
+
+	<target host="galette.eu" />
+	<target host="www.galette.eu" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/galleryofguns.com.xml b/src/chrome/content/rules/galleryofguns.com.xml
new file mode 100644
index 000000000000..33833983dac3
--- /dev/null
+++ b/src/chrome/content/rules/galleryofguns.com.xml
@@ -0,0 +1,35 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- galleryofguns.com
+		- www.galleryofguns.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css from fonts.googleapis.com ˢ
+		- Images from www.galleryofguns.com ˢ
+		- Bugs fromstatse.webtrendslive.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Gallery of Guns.com">
+
+	<target host="galleryofguns.com" />
+	<target host="www.galleryofguns.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?galleryofguns\.com$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/galpon.org.xml b/src/chrome/content/rules/galpon.org.xml
new file mode 100644
index 000000000000..cb86cb7399f7
--- /dev/null
+++ b/src/chrome/content/rules/galpon.org.xml
@@ -0,0 +1,17 @@
+<!--
+galpon.org mismatch
+-->
+<ruleset name="galpon.org">
+	<target host="minino.galpon.org" />
+	<target host="galpon.org" />
+	<target host="www.galpon.org" />
+	<target host="wiki.galpon.org" />
+	<target host="controlsocios.galpon.org" />
+	<target host="gruvi.galpon.org" />
+	<target host="listas.galpon.org" />
+
+	<rule from="^http://galpon\.org/"
+		to="https://www.galpon.org/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/gama-gama.ru.xml b/src/chrome/content/rules/gama-gama.ru.xml
new file mode 100644
index 000000000000..81aac1539dee
--- /dev/null
+++ b/src/chrome/content/rules/gama-gama.ru.xml
@@ -0,0 +1,25 @@
+<!--
+	Certificate mismatch:
+
+    https://testshop.gama-gama.ru
+
+	Incomplete certificate:
+
+    https://akella.gama-gama.ru
+    https://cl.gama-gama.ru
+    https://ipb.gama-gama.ru
+    https://vtb.gama-gama.ru
+    https://wtb.gama-gama.ru
+    https://www.gama-gama.ru
+
+	Timeout:
+
+    https://ns2.gama-gama.ru
+-->
+
+<ruleset name="Gama-gama.ru">
+	<target host="gama-gama.ru" />
+	<target host="s.gama-gama.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/gamecraft.cz.xml b/src/chrome/content/rules/gamecraft.cz.xml
new file mode 100644
index 000000000000..c0cc36ae746c
--- /dev/null
+++ b/src/chrome/content/rules/gamecraft.cz.xml
@@ -0,0 +1,16 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://gamecraft.cz/ => https://gamecraft.cz/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.gamecraft.cz/ => https://gamecraft.cz/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+-->
+<ruleset name="GAMECRAFT.CZ" default_off="failed ruleset test">
+    <target host="gamecraft.cz" />
+    <target host="www.gamecraft.cz" />
+
+    <rule from="^http://www\.gamecraft\.cz/"
+            to="https://gamecraft.cz/" />
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/gamedev.ru.xml b/src/chrome/content/rules/gamedev.ru.xml
new file mode 100644
index 000000000000..0c700858f0bb
--- /dev/null
+++ b/src/chrome/content/rules/gamedev.ru.xml
@@ -0,0 +1,47 @@
+<!--
+	Invalid certificate:
+		casual.gamedev.ru
+		www.casual.gamedev.ru
+		directx.gamedev.ru
+		www.directx.gamedev.ru
+		iphone.gamedev.ru
+		www.iphone.gamedev.ru
+		my.gamedev.ru
+		www.my.gamedev.ru
+		sergio.gamedev.ru
+		www.sergio.gamedev.ru
+		top.gamedev.ru
+		www.top.gamedev.ru
+		wat.gamedev.ru
+		www.wat.gamedev.ru
+		xna.gamedev.ru
+		www.xna.gamedev.ru
+
+	Refused:
+		mail.casual.gamedev.ru
+		mail.directx.gamedev.ru
+		mail.gamedev.ru
+		mail.iphone.gamedev.ru
+		mail.my.gamedev.ru
+		mail.sergio.gamedev.ru
+		mail.top.gamedev.ru
+		mail.wat.gamedev.ru
+		mail.xna.gamedev.ru
+
+	Time out:
+		home.casual.gamedev.ru
+		home.gamedev.ru
+		home.directx.gamedev.ru
+		home.iphone.gamedev.ru
+		home.my.gamedev.ru
+		home.sergio.gamedev.ru
+		home.top.gamedev.ru
+		home.wat.gamedev.ru
+		home.xna.gamedev.ru
+-->
+<ruleset name="gamedev.ru">
+	<target host="gamedev.ru" />
+	<target host="www.gamedev.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/gamefaqs.com.xml b/src/chrome/content/rules/gamefaqs.com.xml
new file mode 100644
index 000000000000..c70b27bec0a3
--- /dev/null
+++ b/src/chrome/content/rules/gamefaqs.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="gamefaqs.com">
+	<target host="gamefaqs.com" />
+	<target host="www.gamefaqs.com" />
+	<target host="boards.gamefaqs.com" />
+	<target host="m.gamefaqs.com" />
+	<target host="sitemap.gamefaqs.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/gamingpastime.com.xml b/src/chrome/content/rules/gamingpastime.com.xml
new file mode 100644
index 000000000000..915c6ebc2f82
--- /dev/null
+++ b/src/chrome/content/rules/gamingpastime.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="gamingpastime.com">
+	<target host="gamingpastime.com" />
+	<target host="www.gamingpastime.com" />
+	<target host="cpanel.gamingpastime.com" />
+	<target host="webdisk.gamingpastime.com" />
+	<target host="webmail.gamingpastime.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/garant-tv.by.xml b/src/chrome/content/rules/garant-tv.by.xml
new file mode 100644
index 000000000000..ad38c0880191
--- /dev/null
+++ b/src/chrome/content/rules/garant-tv.by.xml
@@ -0,0 +1,16 @@
+<!--
+ns1.garant-tv.by ³
+ns2.garant-tv.by ³
+tour.garant-tv.by ³
+tv.garant-tv.by ³
+wow.garant-tv.by ³
+
+
+³ timed out
+-->
+<ruleset name="garant-tv.by">
+	<target host="garant-tv.by" />
+	<target host="www.garant-tv.by" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/gardners.com.xml b/src/chrome/content/rules/gardners.com.xml
new file mode 100644
index 000000000000..174d9ff1c69c
--- /dev/null
+++ b/src/chrome/content/rules/gardners.com.xml
@@ -0,0 +1,22 @@
+<!--
+	Problematic hosts in *gardners.com:
+
+		- jackets ᶜ
+
+	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
+
+-->
+<ruleset name="gardners.com" default_off="cert-chain">
+
+	<target host="jackets.gardners.com" />
+
+		<test url="http://jackets.gardners.com/media/356/97814736/9781473619821.jpg" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/gargoyle.xml b/src/chrome/content/rules/gargoyle.xml
index d1ca17e96853..3820c409c925 100644
--- a/src/chrome/content/rules/gargoyle.xml
+++ b/src/chrome/content/rules/gargoyle.xml
@@ -1,5 +1,31 @@
-<ruleset name="Gargoyle Router Firmware">
-  <target host="www.gargoyle-router.com" />
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://gargoyle-router.com/ => https://gargoyle-router.com/: (51, "SSL: no alternative certificate subject name matches target host name 'gargoyle-router.com'")
+
+	Gargoyle Router Firmware
+
+
+	Insecure cookies are set for these domains:
+
+		- .gargoyle-router.com
+
+-->
+<ruleset name="Gargoyle-Router.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
   <target host="gargoyle-router.com" />
-  <rule from="^http://(www\.)?gargoyle-router\.com/" to="https://www.gargoyle-router.com/"/>
+  <target host="www.gargoyle-router.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.gargoyle-router\.com$" name="^phpbb3_\w+_(k|sid|u)$" /-->
+
+	<securecookie host="^\.gargoyle-router\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/garmin.xml b/src/chrome/content/rules/garmin.xml
index 6d183610a86b..8d1d5f040534 100644
--- a/src/chrome/content/rules/garmin.xml
+++ b/src/chrome/content/rules/garmin.xml
@@ -1,8 +1,7 @@
 <ruleset name="Garmin">
-	<target host="www.garmin.com" />
 	<target host="garmin.com" />
   <target host="*.garmin.com" />
 
-	<rule from="^http://(www\.)?garmin\.com/" to="https://www.garmin.com/"/>
+	<rule from="^http://(?:www\.)?garmin\.com/" to="https://www.garmin.com/"/>
 	<rule from="^http://([^/:@]*)\.garmin\.com/" to="https://$1.garmin.com/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/garrysmods.org.xml b/src/chrome/content/rules/garrysmods.org.xml
new file mode 100644
index 000000000000..8f92fed45210
--- /dev/null
+++ b/src/chrome/content/rules/garrysmods.org.xml
@@ -0,0 +1,37 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- garrysmods.org
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Image on forums from cdn.vanillaforums.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Garrys Mods.org">
+
+	<target host="garrysmods.org" />
+	<target host="files.garrysmods.org" />
+	<target host="forums.garrysmods.org" />
+	<target host="www.garrysmods.org" />
+
+		<test url="http://files.garrysmods.org/58601/1/570x180.jpg" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^garrysmods\.org$" name="^(?:XSRF-TOKEN|laravel_session)$" /-->
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/garstelecom.ru.xml b/src/chrome/content/rules/garstelecom.ru.xml
new file mode 100644
index 000000000000..b4c3e86405ed
--- /dev/null
+++ b/src/chrome/content/rules/garstelecom.ru.xml
@@ -0,0 +1,17 @@
+<!--
+new.garstelecom.ru nonexist
+web.garstelecom.ru expired
+m.garstelecom.ru mismatch
+old.garstelecom.ru expired
+lg.garstelecom.ru different content
+-->
+<ruleset name="garstelecom.ru">
+	<target host="garstelecom.ru" />
+	<target host="www.garstelecom.ru" />
+	<target host="po.garstelecom.ru" />
+	<target host="retail.garstelecom.ru" />
+	<target host="cab.garstelecom.ru" />
+	<target host="r.garstelecom.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/gatewaytohomechoice.org.uk.xml b/src/chrome/content/rules/gatewaytohomechoice.org.uk.xml
new file mode 100644
index 000000000000..436547659ddd
--- /dev/null
+++ b/src/chrome/content/rules/gatewaytohomechoice.org.uk.xml
@@ -0,0 +1,52 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://mtest.gatewaytohomechoice.org.uk/ => https://mtest.gatewaytohomechoice.org.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'mtest.gatewaytohomechoice.org.uk'")
+Fetch error: http://test1.gatewaytohomechoice.org.uk/ => https://test1.gatewaytohomechoice.org.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'test1.gatewaytohomechoice.org.uk'")
+
+	^gatewaytohomechoice.org.uk: Mismatched
+
+
+	These altnames do not exist:
+
+		- train.movingwithdacorum.org.uk
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- m.gatewaytohomechoice.org.uk
+		- mtest.gatewaytohomechoice.org.uk
+		- test.gatewaytohomechoice.org.uk
+		- www.gatewaytohomechoice.org.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Gateway to Home Choice.org.uk" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="m.gatewaytohomechoice.org.uk" />
+	<target host="mtest.gatewaytohomechoice.org.uk" />
+	<target host="test1.gatewaytohomechoice.org.uk" />
+	<target host="www.gatewaytohomechoice.org.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="gatewaytohomechoice.org.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:m|mtest|test1|www)\.gatewaytohomechoice\.org\.uk$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://gatewaytohomechoice\.org\.uk/"
+		to="https://www.gatewaytohomechoice.org.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/gavick.com.xml b/src/chrome/content/rules/gavick.com.xml
new file mode 100644
index 000000000000..aa78838289bf
--- /dev/null
+++ b/src/chrome/content/rules/gavick.com.xml
@@ -0,0 +1,14 @@
+<ruleset name="Gavick.com">
+
+	<target host="gavick.com" />
+	<target host="demo.gavick.com" />
+	<target host="www.gavick.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/gawkermediagroup.com.xml b/src/chrome/content/rules/gawkermediagroup.com.xml
new file mode 100644
index 000000000000..77b204888df9
--- /dev/null
+++ b/src/chrome/content/rules/gawkermediagroup.com.xml
@@ -0,0 +1,41 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://gawkermediagroup.com/securedrop/ => https://gawkermediagroup.com/securedrop/: (60, 'SSL certificate problem: self signed certificate in certificate chain')
+Fetch error: http://www.gawkermediagroup.com/ => https://gawkermediagroup.com/: (60, 'SSL certificate problem: self signed certificate in certificate chain')
+Fetch error: http://gawkermediagroup.com/ => https://gawkermediagroup.com/: (60, 'SSL certificate problem: self signed certificate in certificate chain')
+
+	www.gawkermediagroup.com: Mismatched
+
+-->
+<ruleset name="Gawker Media Group.com" default_off="failed ruleset test">
+
+	<target host="gawkermediagroup.com" />
+	<target host="*.gawkermediagroup.com" />
+
+		<!--	includeSubdomains applies to one level only, so:
+									-->
+		<exclusion pattern="^http://(?:[^./]+\.){2,}gawkermediagroup\.com/" />
+
+			<!--	+ve:
+					-->
+			<test url="http://this.host.gawkermediagroup.com/" />
+			<test url="http://exists.not.gawkermediagroup.com/" />
+
+		<!--	$ shows default page, so:
+							-->
+		<test url="http://gawkermediagroup.com/securedrop/" />
+
+		<test url="http://www.gawkermediagroup.com/" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://www\.gawkermediagroup\.com/"
+		to="https://gawkermediagroup.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/gay-lounge.net.xml b/src/chrome/content/rules/gay-lounge.net.xml
new file mode 100644
index 000000000000..7a946ee80324
--- /dev/null
+++ b/src/chrome/content/rules/gay-lounge.net.xml
@@ -0,0 +1,30 @@
+<!--
+	These altnames do not exist:
+
+		- gay-lounge.net
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- en.gay-lounge.net
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Gay-Lounge.net">
+
+	<target host="en.gay-lounge.net" />
+	<target host="www.gay-lounge.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^en\.gay-lounge\.net$" name="^ENvbb_sessionhash$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/gay-torrents.org.xml b/src/chrome/content/rules/gay-torrents.org.xml
new file mode 100644
index 000000000000..6a268690c963
--- /dev/null
+++ b/src/chrome/content/rules/gay-torrents.org.xml
@@ -0,0 +1,14 @@
+<!--
+	Mismatched:
+		- www (gay-torrents.org)
+-->
+
+<ruleset name="gay-torrents.org">
+	<target host="gay-torrents.org" />
+	<target host="www.gay-torrents.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://www\.gay-torrents\.org/" to="https://gay-torrents.org/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/gaytimesmagazine.com.xml b/src/chrome/content/rules/gaytimesmagazine.com.xml
new file mode 100644
index 000000000000..d240988dbe23
--- /dev/null
+++ b/src/chrome/content/rules/gaytimesmagazine.com.xml
@@ -0,0 +1,38 @@
+<!--
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- gaytimesmagazine.com
+		- .gaytimesmagazine.com
+		- www.gaytimesmagazine.com
+		- .www.gaytimesmagazine.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css from media-player.cdn.level3.net
+		- Images from magazines.magazineclonercdn.com
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Gay Times Magazine.com" platform="mixedcontent">
+
+	<target host="gaytimesmagazine.com" />
+	<target host="www.gaytimesmagazine.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?gaytimesmagazine\.com$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^\.(?:www\.)?gaytimesmagazine\.com$" name="^ARRAffinity$" /-->
+
+	<securecookie host="^\." name="^(?:_gat?$|_gat_|ARRAffinity$)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/gazellegames.xml b/src/chrome/content/rules/gazellegames.xml
index 85ed1d41e920..5d7a5b14f092 100644
--- a/src/chrome/content/rules/gazellegames.xml
+++ b/src/chrome/content/rules/gazellegames.xml
@@ -1,7 +1,6 @@
 <ruleset name="gazellegames.net">
   <target host="gazellegames.net" />
   <target host="www.gazellegames.net" />
-  
-<rule from="^http://(www\.)?gazellegames\.net/" to="https://gazellegames.net/"/>
-<rule from="^https://www\.gazellegames\.net/" to="https://gazellegames.net/"/>
+
+<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/gazeta.uz.xml b/src/chrome/content/rules/gazeta.uz.xml
new file mode 100644
index 000000000000..2cde53dcfdf5
--- /dev/null
+++ b/src/chrome/content/rules/gazeta.uz.xml
@@ -0,0 +1,14 @@
+<!--
+data.gazeta.uz ⁵
+m.gazeta.uz ⁵
+
+
+⁵ expired
+-->
+<ruleset name="gazeta.uz">
+	<target host="gazeta.uz" />
+	<target host="www.gazeta.uz" />
+	<target host="rabota.gazeta.uz" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/gazt.gov.sa.xml b/src/chrome/content/rules/gazt.gov.sa.xml
new file mode 100644
index 000000000000..dde979589559
--- /dev/null
+++ b/src/chrome/content/rules/gazt.gov.sa.xml
@@ -0,0 +1,10 @@
+<ruleset name="gazt.gov.sa">
+	<target host="gazt.gov.sa" />
+	<target host="www.gazt.gov.sa" />
+	<target host="jobs.gazt.gov.sa" />
+	<target host="mail.gazt.gov.sa" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/gblwebcen.com.xml b/src/chrome/content/rules/gblwebcen.com.xml
new file mode 100644
index 000000000000..2c11518cca5f
--- /dev/null
+++ b/src/chrome/content/rules/gblwebcen.com.xml
@@ -0,0 +1,22 @@
+<!--
+	For other Lead Forensics coverage, see Lead_Forensics.com.xml.
+
+
+	www.gblwebcen.com: mismatched
+
+
+	^gblwebcen.com does not exist.
+
+-->
+<ruleset name="gblwebcen.com">
+
+	<target host="www.gblwebcen.com" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://www\.gblwebcen\.com/"
+		to="https://secure.leadforensics.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/gcsip.com.xml b/src/chrome/content/rules/gcsip.com.xml
new file mode 100644
index 000000000000..b42ef3f83b0c
--- /dev/null
+++ b/src/chrome/content/rules/gcsip.com.xml
@@ -0,0 +1,15 @@
+<ruleset name="GCSip.com">
+
+	<target host="eu.gcsip.com" />
+	<target host="na.gcsip.com" />
+
+		<test url="http://eu.gcsip.com/hpp/externals/pl/gc_electron.png" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/geacron.com.xml b/src/chrome/content/rules/geacron.com.xml
new file mode 100644
index 000000000000..a7070b9c4b13
--- /dev/null
+++ b/src/chrome/content/rules/geacron.com.xml
@@ -0,0 +1,15 @@
+<!--
+	Invalid certificate:
+		cdn.geacron.com
+		ftp.geacron.com
+		mail.geacron.com
+		ns.geacron.com
+-->
+<ruleset name="geacron.com">
+	<target host="geacron.com" />
+	<target host="www.geacron.com" />
+	<target host="sus.geacron.com" />
+	<target host="webmail.geacron.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/geekdad.com.xml b/src/chrome/content/rules/geekdad.com.xml
new file mode 100644
index 000000000000..9d3d237b5dae
--- /dev/null
+++ b/src/chrome/content/rules/geekdad.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="GeekDad.com">
+
+	<target host="geekdad.com" />
+	<target host="www.geekdad.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/geekfaeries.fr.xml b/src/chrome/content/rules/geekfaeries.fr.xml
new file mode 100644
index 000000000000..746a9ef72b43
--- /dev/null
+++ b/src/chrome/content/rules/geekfaeries.fr.xml
@@ -0,0 +1,16 @@
+<ruleset name="Geek Faeries.fr">
+
+	<target host="geekfaeries.fr" />
+	<target host="devblog.geekfaeries.fr" />
+	<target host="headbang.geekfaeries.fr" />
+	<target host="ontheweb.geekfaeries.fr" />
+	<target host="www.geekfaeries.fr" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/geekflare.com.xml b/src/chrome/content/rules/geekflare.com.xml
new file mode 100644
index 000000000000..b199e6686f28
--- /dev/null
+++ b/src/chrome/content/rules/geekflare.com.xml
@@ -0,0 +1,14 @@
+<ruleset name="Geek Flare.com">
+
+	<target host="geekflare.com" />
+	<target host="www.geekflare.com" />
+
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/geekuninstaller.com.xml b/src/chrome/content/rules/geekuninstaller.com.xml
new file mode 100644
index 000000000000..fc9c6cbc7054
--- /dev/null
+++ b/src/chrome/content/rules/geekuninstaller.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="geekuninstaller.com">
+	<target host="geekuninstaller.com" />
+	<target host="www.geekuninstaller.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/geenstijl.xml b/src/chrome/content/rules/geenstijl.xml
new file mode 100644
index 000000000000..04ec3b976e2c
--- /dev/null
+++ b/src/chrome/content/rules/geenstijl.xml
@@ -0,0 +1,10 @@
+<ruleset name="Geenstijl">
+        <target host="geenstijl.nl" />
+        <target host="www.geenstijl.nl" />
+		<target host="gscdn.nl" />
+		<target host="www.gscdn.nl" />
+		<target host="schoorsteen.geenstijl.nl" />
+
+        <rule from="^http:"
+                to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/geetest.xml b/src/chrome/content/rules/geetest.xml
new file mode 100644
index 000000000000..333b4405a72c
--- /dev/null
+++ b/src/chrome/content/rules/geetest.xml
@@ -0,0 +1,29 @@
+<!--
+	404:
+		old.geetest.com
+
+	Break the redirect by server:
+		account.geetest.com
+
+	Break the second generation example on http://www.geetest.com/exp.html
+		static.geetest.com
+
+	Different content:
+		api.geetest.com
+			<test url="http://api.geetest.com/get.php?gt=1d87ac5c370eeb8036e0b7e392e96012&challenge=6b2ad7f96913fb13708348163d78ecb7&product=float&sdk=discuz_1.0" />
+
+	Failed:
+		fullpage.geetest.com
+
+	Redirect to different page : /login
+		^(www.)?
+-->
+<ruleset name="geetest (partial)">
+	<target host="apiguard.geetest.com" />
+	<target host="front.geetest.com" />
+		<test url="http://front.geetest.com/base/https/style/css/main.css" />
+	<target host="user.geetest.com" />
+		<test url="http://user.geetest.com/static/img/logo.png" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/generations-futures.fr.xml b/src/chrome/content/rules/generations-futures.fr.xml
new file mode 100644
index 000000000000..0a86e40170e9
--- /dev/null
+++ b/src/chrome/content/rules/generations-futures.fr.xml
@@ -0,0 +1,8 @@
+<ruleset name="generations-futures.fr">
+
+	<target host="generations-futures.fr" />
+	<target host="www.generations-futures.fr" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/geneticliteracyproject.org.xml b/src/chrome/content/rules/geneticliteracyproject.org.xml
new file mode 100644
index 000000000000..ea5bc239adf5
--- /dev/null
+++ b/src/chrome/content/rules/geneticliteracyproject.org.xml
@@ -0,0 +1,21 @@
+<!--
+	Problematic hosts in *geneticliteracyproject.org:
+
+		- gmo ʷ
+
+	ʷ Configured for weak ciphers only
+
+-->
+<ruleset name="Genetic Literacy Project.org (partial)">
+
+	<target host="geneticliteracyproject.org" />
+	<target host="www.geneticliteracyproject.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/genieessp.com.xml b/src/chrome/content/rules/genieessp.com.xml
new file mode 100644
index 000000000000..ae50b4ea6c4e
--- /dev/null
+++ b/src/chrome/content/rules/genieessp.com.xml
@@ -0,0 +1,19 @@
+<!--
+	These altnames do not exist:
+
+		- genieessp.com
+
+-->
+<ruleset name="GenieeSSP.com">
+
+	<target host="ads.genieessp.com" />
+	<target host="www.genieessp.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/genius.com.xml b/src/chrome/content/rules/genius.com.xml
new file mode 100644
index 000000000000..e949f7801dee
--- /dev/null
+++ b/src/chrome/content/rules/genius.com.xml
@@ -0,0 +1,46 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- eventspace.genius.com
+		- shop.genius.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Bugs, on:
+
+			- ^ from pixel.quantserve.com ˢ
+			- ^ from b.scorecardresearch.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Genius.com">
+
+	<target host="genius.com" />
+	<target host="assets.genius.com" />
+	<target host="eventspace.genius.com" />
+	<target host="images.genius.com" />
+	<target host="news.genius.com" />
+	<target host="shop.genius.com" />
+	<target host="www.genius.com" />
+
+		<test url="http://assets.genius.com/stylesheets/compiled/bagon_desktop-b0f27167f389b460f5dabd3cc5a46384.css" />
+		<test url="http://images.genius.com/avatars/thumb/a8aab0a386b53f215e52ca151fe1c9b0" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^eventspace\.genius\.com$" name="^crumb$" /-->
+	<!--securecookie host="^shop\.genius\.com$" name="^(?:_landing_page|_origi_referrer|cart_sig)$" /-->
+
+	<securecookie host="^\." name="^(?:__cfduid|__qca|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/geniusdisplay.com.xml b/src/chrome/content/rules/geniusdisplay.com.xml
new file mode 100644
index 000000000000..e4f705ef878c
--- /dev/null
+++ b/src/chrome/content/rules/geniusdisplay.com.xml
@@ -0,0 +1,17 @@
+<ruleset name="geniusdisplay.com">
+
+	<target host="geniusdisplay.com" />
+	<target host="www.geniusdisplay.com" />
+
+		<!--	$ 403s, so:
+					-->
+		<test url="http://www.geniusdisplay.com/pix.html" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/genode.org.xml b/src/chrome/content/rules/genode.org.xml
new file mode 100644
index 000000000000..b78307478db0
--- /dev/null
+++ b/src/chrome/content/rules/genode.org.xml
@@ -0,0 +1,13 @@
+<ruleset name="Genode.org">
+
+	<target host="genode.org" />
+	<target host="www.genode.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/genotek.ru.xml b/src/chrome/content/rules/genotek.ru.xml
new file mode 100644
index 000000000000..33a219824e85
--- /dev/null
+++ b/src/chrome/content/rules/genotek.ru.xml
@@ -0,0 +1,28 @@
+<!--
+beremennost.genotek.ru ¹
+deti.genotek.ru ¹
+dieta.genotek.ru ¹
+genealogy.genotek.ru ¹
+genomes.genotek.ru ¹
+lab.genotek.ru ¹
+land.genotek.ru ⁴
+lk.genotek.ru ¹
+med.genotek.ru ¹
+lk.med.genotek.ru ¹
+newbitrix.genotek.ru ¹
+newyear.genotek.ru ¹
+riski.genotek.ru ¹
+
+
+¹ mismatch
+⁴ self signed
+-->
+<ruleset name="genotek.ru">
+	<target host="genotek.ru" />
+	<target host="www.genotek.ru" />
+	<target host="basket.genotek.ru" />
+	<target host="www.basket.genotek.ru" />
+	<target host="bitrix.genotek.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/genua.de.xml b/src/chrome/content/rules/genua.de.xml
new file mode 100644
index 000000000000..90e97bc93692
--- /dev/null
+++ b/src/chrome/content/rules/genua.de.xml
@@ -0,0 +1,8 @@
+<ruleset name="genua.de">
+	<target host=     "genua.de" />
+	<target host= "www.genua.de" />
+	<target host="blog.genua.de" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/geodatenzentrum.de.xml b/src/chrome/content/rules/geodatenzentrum.de.xml
new file mode 100644
index 000000000000..cf5487ee4b65
--- /dev/null
+++ b/src/chrome/content/rules/geodatenzentrum.de.xml
@@ -0,0 +1,26 @@
+<!--
+	Invalid certificate:
+		geodatenzentrum.de
+
+	Not found:
+		sgtls12.geodatenzentrum.de
+		sgtmp.geodatenzentrum.de
+		upd2.geodatenzentrum.de
+
+	Timeout:
+		gss-f.geodatenzentrum.de
+		gss-l.geodatenzentrum.de
+-->
+<ruleset name="geodatenzentrum.de">
+
+	<target host="www.geodatenzentrum.de" />
+	<target host="advmis.geodatenzentrum.de" />
+	<target host="sg.geodatenzentrum.de" />
+	<target host="sgs.geodatenzentrum.de" />
+	<target host="upd.geodatenzentrum.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/geoedge.be.xml b/src/chrome/content/rules/geoedge.be.xml
new file mode 100644
index 000000000000..465f1a814953
--- /dev/null
+++ b/src/chrome/content/rules/geoedge.be.xml
@@ -0,0 +1,22 @@
+<!--
+	Invalid certificate:
+		pangeo
+		publisher
+
+	Refused:
+		gateway
+
+	Timeout:
+		jenkins
+-->
+<ruleset name="geoedge.be">
+
+	<target host="gw.geoedge.be" />
+	<target host="protect.geoedge.be" />
+	<target host="rumcdn.geoedge.be" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/geofeedia.com.xml b/src/chrome/content/rules/geofeedia.com.xml
new file mode 100644
index 000000000000..a10c0a00988a
--- /dev/null
+++ b/src/chrome/content/rules/geofeedia.com.xml
@@ -0,0 +1,46 @@
+<!--
+	CDN buckets:
+
+		- geofeedia-wpengine.netdna-ssl.com
+
+
+	Problematic hosts in *geofeedia.com:
+
+		- (www.)? ᶜ
+		- blog ᵐ
+		- resources ᵐ
+
+	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
+	ᵐ Akamai / mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- app.geofeedia.com
+
+
+	Mixed content:
+
+		- css on ^ from fast.fonts.net ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Geofeedia.com (partial)">
+
+	<!--target host="geofeedia.com" /-->
+	<target host="app.geofeedia.com" />
+	<!--target host="www.geofeedia.com" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^app\.geofeedia\.com$" name="^AWSELB$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/geoffg.net.xml b/src/chrome/content/rules/geoffg.net.xml
new file mode 100644
index 000000000000..33d3a4417bc4
--- /dev/null
+++ b/src/chrome/content/rules/geoffg.net.xml
@@ -0,0 +1,6 @@
+<ruleset name="geoffg.net">
+	<target host="geoffg.net" />
+	<target host="www.geoffg.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/geoiptool.com.xml b/src/chrome/content/rules/geoiptool.com.xml
new file mode 100644
index 000000000000..bac29e436703
--- /dev/null
+++ b/src/chrome/content/rules/geoiptool.com.xml
@@ -0,0 +1,21 @@
+<!--
+	Nonfunctional hosts in *geoiptool.com:
+
+		- forum ʳ
+
+	ʳ Refused
+
+-->
+<ruleset name="Geo IP Tool.com (partial)">
+
+	<target host="geoiptool.com" />
+	<target host="www.geoiptool.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/geokrety.org.xml b/src/chrome/content/rules/geokrety.org.xml
new file mode 100644
index 000000000000..5bec375aaf81
--- /dev/null
+++ b/src/chrome/content/rules/geokrety.org.xml
@@ -0,0 +1,15 @@
+<!--
+	Main pages support https
+
+	Related page: geokretymap.org
+	Related ruleset: geokretymap.org.xml
+
+	Latest test date: 05.09.2016
+-->
+<ruleset name="geokrety.org">
+	<!-- Main page -->
+	<target host="geokrety.org" />
+	<target host="www.geokrety.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/geokretymap.org.xml b/src/chrome/content/rules/geokretymap.org.xml
new file mode 100644
index 000000000000..a30bc7577d9c
--- /dev/null
+++ b/src/chrome/content/rules/geokretymap.org.xml
@@ -0,0 +1,21 @@
+<!--
+	Main and api page support https
+
+	Related page: geokrety.org
+	Related ruleset: geokrety.org.xml
+
+	Latest test date: 05.09.2016
+
+	Return 404 for http and https:
+	www.geokretymap.org
+	cgeo.geokretymap.org
+-->
+<ruleset name="geokretymap.org">
+	<!-- Main page -->
+	<target host="geokretymap.org" />
+
+	<!-- API -->
+	<target host="api.geokretymap.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/georgetown.edu-mixedcontent.xml b/src/chrome/content/rules/georgetown.edu-mixedcontent.xml
new file mode 100644
index 000000000000..3729d8bf08b2
--- /dev/null
+++ b/src/chrome/content/rules/georgetown.edu-mixedcontent.xml
@@ -0,0 +1,19 @@
+<!--
+	For rules not causing MCB, see Georgetown_University.xml.
+
+
+	NB: see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Georgetown.edu (MCB)" platform="mixedcontent">
+
+	<target host="units.georgetown.edu" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/gept.org.tw.xml b/src/chrome/content/rules/gept.org.tw.xml
new file mode 100644
index 000000000000..142e2be187ef
--- /dev/null
+++ b/src/chrome/content/rules/gept.org.tw.xml
@@ -0,0 +1,7 @@
+<ruleset name="gept.org.tw">
+	<target host="gept.org.tw" />
+	<target host="www.gept.org.tw" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/get.no.xml b/src/chrome/content/rules/get.no.xml
new file mode 100644
index 000000000000..79c1b83d639d
--- /dev/null
+++ b/src/chrome/content/rules/get.no.xml
@@ -0,0 +1,67 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://kontakt.get.no/ => https://kontakt.get.no/: (6, 'Could not resolve host: kontakt.get.no')
+Fetch error: http://zendesk.get.no/ => https://zendesk.get.no/: Too many redirects while fetching 'https://zendesk.get.no/'
+
+	Nonfunctional hosts in *get.no:
+
+		- mobil ᵈ
+		- speedtest ʳ
+
+	ᵈ Dropped
+	ʳ Refused
+
+
+	Problematic hosts in *get.no:
+
+		- kundehenvendelse ᵐ
+		- villa ᵐ ᵘ
+
+	ᵐ Mismatched
+	ᵘ Untrusted root
+
+
+	Insecure cookies are set for these hosts:
+
+		- bedrift.get.no
+		- getsafe.get.no
+		- login.get.no
+		- www.get.no
+
+
+	Mixed content:
+
+		- Images on bedrift from $self ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Get.no (partial)" default_off="failed ruleset test">
+
+	<target host="get.no" />
+	<target host="app.get.no" />
+	<target host="bedrift.get.no" />
+	<target host="devices.get.no" />
+	<target host="getsafe.get.no" />
+	<target host="kontakt.get.no" />
+	<target host="login.get.no" />
+	<target host="sky.get.no" />
+	<target host="www.get.no" />
+	<target host="zendesk.get.no" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^bedrift\.get\.no$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^getsafe\.get\.no$" name="^(?:JSESSIONID|JTBSC01|accept_language)$" /-->
+	<!--securecookie host="^(?:login|www)\.get\.no$" name="^BIGipServer" /-->
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/getapp.com.xml b/src/chrome/content/rules/getapp.com.xml
new file mode 100644
index 000000000000..68254d176f23
--- /dev/null
+++ b/src/chrome/content/rules/getapp.com.xml
@@ -0,0 +1,41 @@
+<!--
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- .getapp.com
+		- fr.getapp.com
+		- lab.getapp.com
+		- www.getapp.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- favicon on lab from $self ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="GetApp.com">
+
+	<target host="getapp.com" />
+	<target host="assets.getapp.com" />
+	<target host="fr.getapp.com" />
+	<target host="lab.getapp.com" />
+	<target host="www.getapp.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.getapp\.com$" name="^(?:__cfduid|cf_clearance|gauid)$" /-->
+	<!--securecookie host="^(?:fr|www)\.getapp\.com$" name="^getapp\.session$" /-->
+	<!--securecookie host="^lab\.getapp\.com$" name="^X-Mapping-" /-->
+
+	<securecookie host="^\." name="^(?:__cfduid$|_gat?$|_gat_|cf_clearance$)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/getgophish.com.xml b/src/chrome/content/rules/getgophish.com.xml
new file mode 100644
index 000000000000..ae83c509221c
--- /dev/null
+++ b/src/chrome/content/rules/getgophish.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="Get Gophish.com">
+
+	<target host="getgophish.com" />
+	<target host="www.getgophish.com" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/getpostman.com.xml b/src/chrome/content/rules/getpostman.com.xml
new file mode 100644
index 000000000000..956573ddb741
--- /dev/null
+++ b/src/chrome/content/rules/getpostman.com.xml
@@ -0,0 +1,32 @@
+<!--
+	Nonfunctional hosts in *getpostman.com:
+
+		- blog ʰ
+
+	ʰ Redirects to http
+
+
+	Insecure cookies are set for these hosts:
+
+		- app.getpostman.com
+
+-->
+<ruleset name="get Postman.com (partial)">
+
+	<target host="getpostman.com" />
+	<target host="app.getpostman.com" />
+	<target host="www.getpostman.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^app\.getpostman\.com$" name="^(?:AWSELB|PHPSESSID)$" /-->
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/gett.com.xml b/src/chrome/content/rules/gett.com.xml
new file mode 100644
index 000000000000..853526450dd9
--- /dev/null
+++ b/src/chrome/content/rules/gett.com.xml
@@ -0,0 +1,49 @@
+<!--
+dl.gett.com ³
+email.gett.com ¹
+o1.email.gett.com ³
+o2.email.gett.com ³
+tu.gett.com ³
+tou.gett.com mixed content
+
+
+¹ mismatch
+³ timed out
+-->
+<ruleset name="gett.com">
+	<target host="gett.com" />
+	<target host="www.gett.com" />
+	<target host="alpha.gett.com" />
+	<target host="app.gett.com" />
+	<target host="b.gett.com" />
+	<target host="business.gett.com" />
+	<target host="cdn.gett.com" />
+	<target host="concur.gett.com" />
+	<target host="d.gett.com" />
+	<target host="developer.gett.com" />
+	<target host="drivers.gett.com" />
+	<target host="engineering.gett.com" />
+	<target host="il.gett.com" />
+	<target host="invite.gett.com" />
+	<target host="invite-il.gett.com" />
+	<target host="invite-ru.gett.com" />
+	<target host="invite-uk.gett.com" />
+	<target host="live-person-chat.gett.com" />
+	<target host="location.gett.com" />
+	<target host="mini.gett.com" />
+	<target host="promo.gett.com" />
+	<target host="public.gett.com" />
+	<target host="r.gett.com" />
+	<target host="register.gett.com" />
+	<target host="rides-map-images.gett.com" />
+	<target host="ru.gett.com" />
+	<target host="static.gett.com" />
+	<target host="uk.gett.com" />
+	<target host="uk-dbx.gett.com" />
+	<target host="us.gett.com" />
+	<target host="us-dbx.gett.com" />
+	<target host="webapp.gett.com" />
+	<target host="webapp-assets.gett.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/gfi.com-falsemixed.xml b/src/chrome/content/rules/gfi.com-falsemixed.xml
new file mode 100644
index 000000000000..697b271efa32
--- /dev/null
+++ b/src/chrome/content/rules/gfi.com-falsemixed.xml
@@ -0,0 +1,17 @@
+<!--
+	For rules not causing false/broken MCB, see gfi.com.xml.
+
+-->
+<ruleset name="GFI.com (false MCB)" platform="mixedcontent">
+
+	<target host="www.gfi.com" />
+
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ggdns.de.xml b/src/chrome/content/rules/ggdns.de.xml
new file mode 100644
index 000000000000..60bcaf15bf4b
--- /dev/null
+++ b/src/chrome/content/rules/ggdns.de.xml
@@ -0,0 +1,25 @@
+<!--
+	www.ggdns.de: Mismatched
+
+-->
+<ruleset name="ggdns.de">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ggdns.de" />
+
+	<!--	Complications:
+				-->
+	<target host="www.ggdns.de" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://www\.ggdns\.de/"
+		to="https://ggdns.de/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ghosthousecreative.com.xml b/src/chrome/content/rules/ghosthousecreative.com.xml
new file mode 100644
index 000000000000..6cb7207c4233
--- /dev/null
+++ b/src/chrome/content/rules/ghosthousecreative.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="ghosthousecreative.com">
+	<target host="ghosthousecreative.com" />
+	<target host="www.ghosthousecreative.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/giffgaff.xml b/src/chrome/content/rules/giffgaff.xml
new file mode 100644
index 000000000000..74845eee043b
--- /dev/null
+++ b/src/chrome/content/rules/giffgaff.xml
@@ -0,0 +1,20 @@
+<!--
+	Mismatch:
+		- esports.giffgaff.com
+-->
+<ruleset name="giffgaff">
+
+	<target host="giffgaff.com" />
+	<target host="www.giffgaff.com" />
+	<target host="community.giffgaff.com" />
+	<target host="info.giffgaff.com" />
+	<target host="redir2.info.giffgaff.com" />
+	<target host="peer2peer.giffgaff.com" />
+	<target host="labs.giffgaff.com" />
+	<target host="experts.giffgaff.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/giftcloud.com.xml b/src/chrome/content/rules/giftcloud.com.xml
new file mode 100644
index 000000000000..7e209923459b
--- /dev/null
+++ b/src/chrome/content/rules/giftcloud.com.xml
@@ -0,0 +1,25 @@
+<!--
+	^giftcloud.com: Refused
+
+-->
+<ruleset name="Giftcloud.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.giftcloud.com" />
+
+	<!--	Complications:
+				-->
+	<target host="giftcloud.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://giftcloud\.com/"
+		to="https://www.giftcloud.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/giftofspeed.com.xml b/src/chrome/content/rules/giftofspeed.com.xml
new file mode 100644
index 000000000000..764f2ce9492c
--- /dev/null
+++ b/src/chrome/content/rules/giftofspeed.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="giftofspeed.com">
+	<target host="giftofspeed.com" />
+	<target host="www.giftofspeed.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/gigablast.com.xml b/src/chrome/content/rules/gigablast.com.xml
new file mode 100644
index 000000000000..131f8bb13c85
--- /dev/null
+++ b/src/chrome/content/rules/gigablast.com.xml
@@ -0,0 +1,8 @@
+<!-- Wildcard dns. Certificate only valid for root and www. -->
+
+<ruleset name="gigablast.com">
+	<target host="gigablast.com" />
+	<target host="www.gigablast.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/gimp.org.xml b/src/chrome/content/rules/gimp.org.xml
new file mode 100644
index 000000000000..e9c203236b6c
--- /dev/null
+++ b/src/chrome/content/rules/gimp.org.xml
@@ -0,0 +1,30 @@
+<!--
+	Invalid certificate:
+		- registry.gimp.org
+
+	Refused:
+		- www.it.gimp.org
+		- irc.gimp.org
+
+	Timeout:
+		- irc.eu.gimp.org
+-->
+
+<ruleset name="GIMP">
+	<target host="gimp.org" />
+	<target host="www.gimp.org" />
+	<target host="developer.gimp.org" />
+	<target host="docs.gimp.org" />
+	<target host="download.gimp.org" />
+	<target host="ftp.gimp.org" />
+	<target host="gui.gimp.org" />
+	<target host="static.gimp.org" />
+	<target host="testing.gimp.org" />
+	<target host="pippin.gimp.org" />
+	<target host="wiki.gimp.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/giraf-network.org.xml b/src/chrome/content/rules/giraf-network.org.xml
new file mode 100644
index 000000000000..ead4a43a03a7
--- /dev/null
+++ b/src/chrome/content/rules/giraf-network.org.xml
@@ -0,0 +1,13 @@
+<ruleset name="giraf-network.org">
+
+	<target host="giraf-network.org" />
+	<target host="www.giraf-network.org" />
+
+	<!-- Invalid certificate on https://giraf-network.org/,
+	http://giraf-network.org/ redirects to http://www.giraf-network.org/ -->
+	<rule from="^http://giraf-network\.org/"
+		to="https://www.giraf-network.org/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/girlsoutwest.com-falsemixed.xml b/src/chrome/content/rules/girlsoutwest.com-falsemixed.xml
new file mode 100644
index 000000000000..be669b1fef8f
--- /dev/null
+++ b/src/chrome/content/rules/girlsoutwest.com-falsemixed.xml
@@ -0,0 +1,25 @@
+<!--
+	For rules not causing false/broken MCB, see Girls_Out_West.com.xml.
+
+-->
+<ruleset name="Girls Out West.com (false MCB)" platform="mixedcontent">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="forum.girlsoutwest.com" />
+
+	<!--	Complications:
+				-->
+	<target host="forums.girlsoutwest.com" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://forums\.girlsoutwest\.com/"
+		to="https://forum.girlsoutwest.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/gismeteo.by.xml b/src/chrome/content/rules/gismeteo.by.xml
new file mode 100644
index 000000000000..03ba775a397c
--- /dev/null
+++ b/src/chrome/content/rules/gismeteo.by.xml
@@ -0,0 +1,27 @@
+<!--
+Similar rulesets:
+gismeteo.lt.xml
+gismeteo.lv.xml
+gismeteo.md.xml
+gismeteo.pl.xml
+Gismeteo.ru.xml
+Gismeteo.ua.xml
+
+m.gismeteo.by mismatch
+nby01.gismeteo.by non-2xx http code
+nby02.gismeteo.by non-2xx http code
+nby03.gismeteo.by non-2xx http code
+nby04.gismeteo.by non-2xx http code
+nby05.gismeteo.by non-2xx http code
+nby06.gismeteo.by non-2xx http code
+nby07.gismeteo.by non-2xx http code
+nby08.gismeteo.by non-2xx http code
+nby09.gismeteo.by non-2xx http code
+tourism.gismeteo.by mismatch
+-->
+<ruleset name="gismeteo.by">
+	<target host="gismeteo.by" />
+	<target host="www.gismeteo.by" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/gismeteo.lt.xml b/src/chrome/content/rules/gismeteo.lt.xml
new file mode 100644
index 000000000000..d0da081f6e72
--- /dev/null
+++ b/src/chrome/content/rules/gismeteo.lt.xml
@@ -0,0 +1,25 @@
+<!--
+Similar rulesets:
+gismeteo.by.xml
+gismeteo.lv.xml
+gismeteo.md.xml
+gismeteo.pl.xml
+Gismeteo.ru.xml
+Gismeteo.ua.xml
+
+m.gismeteo.lt mismatch
+-->
+<ruleset name="gismeteo.lt">
+	<target host="gismeteo.lt" />
+	<target host="www.gismeteo.lt" />
+	<target host="s1.gismeteo.lt" />
+	<target host="s2.gismeteo.lt" />
+	<target host="s3.gismeteo.lt" />
+	<target host="s4.gismeteo.lt" />
+	<target host="s5.gismeteo.lt" />
+	<target host="s6.gismeteo.lt" />
+	<target host="s7.gismeteo.lt" />
+	<target host="s8.gismeteo.lt" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/gismeteo.lv.xml b/src/chrome/content/rules/gismeteo.lv.xml
new file mode 100644
index 000000000000..c584da3c1d55
--- /dev/null
+++ b/src/chrome/content/rules/gismeteo.lv.xml
@@ -0,0 +1,24 @@
+<!--
+Similar rulesets:
+gismeteo.by.xml
+gismeteo.lt.xml
+gismeteo.md.xml
+gismeteo.pl.xml
+Gismeteo.ru.xml
+Gismeteo.ua.xml
+
+m.gismeteo.lv nonexist
+-->
+<ruleset name="gismeteo.lv">
+	<target host="gismeteo.lv" />
+	<target host="www.gismeteo.lv" />
+	<target host="s1.gismeteo.lv" />
+	<target host="s2.gismeteo.lv" />
+	<target host="s3.gismeteo.lv" />
+	<target host="s4.gismeteo.lv" />
+	<target host="s5.gismeteo.lv" />
+	<target host="s7.gismeteo.lv" />
+	<target host="s8.gismeteo.lv" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/gismeteo.md.xml b/src/chrome/content/rules/gismeteo.md.xml
new file mode 100644
index 000000000000..b03f5a7f4ee4
--- /dev/null
+++ b/src/chrome/content/rules/gismeteo.md.xml
@@ -0,0 +1,24 @@
+<!--
+Similar rulesets:
+gismeteo.by.xml
+gismeteo.lt.xml
+gismeteo.lv.xml
+gismeteo.pl.xml
+Gismeteo.ru.xml
+Gismeteo.ua.xml
+
+m.gismeteo.md mismatch
+-->
+<ruleset name="gismeteo.md">
+	<target host="gismeteo.md" />
+	<target host="www.gismeteo.md" />
+	<target host="s1.gismeteo.md" />
+	<target host="s2.gismeteo.md" />
+	<target host="s3.gismeteo.md" />
+	<target host="s4.gismeteo.md" />
+	<target host="s5.gismeteo.md" />
+	<target host="s7.gismeteo.md" />
+	<target host="s8.gismeteo.md" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/gismeteo.pl.xml b/src/chrome/content/rules/gismeteo.pl.xml
new file mode 100644
index 000000000000..58d2cf2cd2c3
--- /dev/null
+++ b/src/chrome/content/rules/gismeteo.pl.xml
@@ -0,0 +1,23 @@
+<!--
+Similar rulesets:
+gismeteo.by.xml
+gismeteo.lt.xml
+gismeteo.lv.xml
+gismeteo.md.xml
+Gismeteo.ru.xml
+Gismeteo.ua.xml
+-->
+<ruleset name="gismeteo.pl">
+	<target host="gismeteo.pl" />
+	<target host="www.gismeteo.pl" />
+	<target host="s1.gismeteo.pl" />
+	<target host="s2.gismeteo.pl" />
+	<target host="s3.gismeteo.pl" />
+	<target host="s4.gismeteo.pl" />
+	<target host="s5.gismeteo.pl" />
+	<target host="s6.gismeteo.pl" />
+	<target host="s7.gismeteo.pl" />
+	<target host="s8.gismeteo.pl" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/gitea.com.xml b/src/chrome/content/rules/gitea.com.xml
new file mode 100644
index 000000000000..d83a7e62dde8
--- /dev/null
+++ b/src/chrome/content/rules/gitea.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="gitea.com">
+
+	<target host="gitea.com" />
+	<target host="www.gitea.com" />
+	<target host="drone.gitea.com" />
+	<target host="s.gitea.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/githost.io.xml b/src/chrome/content/rules/githost.io.xml
new file mode 100644
index 000000000000..3ad0b472f881
--- /dev/null
+++ b/src/chrome/content/rules/githost.io.xml
@@ -0,0 +1,17 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://guard.githost.io/ => https://guard.githost.io/: (6, 'Could not resolve host: guard.githost.io')
+
+gnu.githost.io mismatch
+jfryelocaltest02.githost.io expired
+-->
+<ruleset name="githost.io" default_off="failed ruleset test">
+	<target host="githost.io" />
+	<target host="www.githost.io" />
+	<target host="paclab.githost.io" />
+	<target host="guard.githost.io" />
+	<target host="uniorg.githost.io" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/githubassets.com.xml b/src/chrome/content/rules/githubassets.com.xml
new file mode 100644
index 000000000000..a3ba1cbf9316
--- /dev/null
+++ b/src/chrome/content/rules/githubassets.com.xml
@@ -0,0 +1,16 @@
+<!--
+	For other GitHub coverage, see GitHub.xml.
+
+	This domain contains a wildcard DNS record and a wildcard certificate.
+-->
+<ruleset name="githubassets.com">
+
+	<target host="github.githubassets.com" />
+		<test url="http://github.githubassets.com/assets/frameworks-5abe724ecf200f8d9bbf52e5e4a2d7af.css" />
+	<target host="help.githubassets.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/gitignore.io.xml b/src/chrome/content/rules/gitignore.io.xml
new file mode 100644
index 000000000000..556f04fccd86
--- /dev/null
+++ b/src/chrome/content/rules/gitignore.io.xml
@@ -0,0 +1,7 @@
+<ruleset name="gitignore.io">
+	<target host="gitignore.io" />
+	<target host="www.gitignore.io" />
+	<target host="staging.gitignore.io" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/givingwhatwecan.org.xml b/src/chrome/content/rules/givingwhatwecan.org.xml
new file mode 100644
index 000000000000..e810d758755c
--- /dev/null
+++ b/src/chrome/content/rules/givingwhatwecan.org.xml
@@ -0,0 +1,17 @@
+<!--
+	For other Centre for Effective Altruism coverage, see Centre_for_Effective_Altruism.org.xml.
+
+-->
+<ruleset name="Giving What We Can.org">
+
+	<target host="givingwhatwecan.org" />
+	<target host="www.givingwhatwecan.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/gkovacs.com.xml b/src/chrome/content/rules/gkovacs.com.xml
new file mode 100644
index 000000000000..ed6115cd97d4
--- /dev/null
+++ b/src/chrome/content/rules/gkovacs.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="gkovacs.com">
+	<target host="gkovacs.com" />
+	<target host="www.gkovacs.com" />
+
+	<rule from="^http://gkovacs\.com/" to="https://www.gkovacs.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/glandium.org.xml b/src/chrome/content/rules/glandium.org.xml
new file mode 100644
index 000000000000..ec89b7e4e9cf
--- /dev/null
+++ b/src/chrome/content/rules/glandium.org.xml
@@ -0,0 +1,14 @@
+<ruleset name="glandium.org">
+
+	<target host="glandium.org" />
+	<target host="git.glandium.org" />
+	<target host="www.glandium.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/glasgowconsult.co.uk.xml b/src/chrome/content/rules/glasgowconsult.co.uk.xml
new file mode 100644
index 000000000000..274cd4bfef87
--- /dev/null
+++ b/src/chrome/content/rules/glasgowconsult.co.uk.xml
@@ -0,0 +1,37 @@
+<!--
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	^glasgowconsult.co.uk: Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.glasgowconsult.co.uk
+
+-->
+<ruleset name="Glasgow Consult.co.uk">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.glasgowconsult.co.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="glasgowconsult.co.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.glasgowconsult\.co\.uk$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://glasgowconsult\.co\.uk/"
+		to="https://www.glasgowconsult.co.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/glassdoor.ca.xml b/src/chrome/content/rules/glassdoor.ca.xml
new file mode 100644
index 000000000000..e2ab5b728272
--- /dev/null
+++ b/src/chrome/content/rules/glassdoor.ca.xml
@@ -0,0 +1,39 @@
+<!--
+	For other Glassdoor coverage, see Glassdoor.xml.
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- glassdoor.ca
+		- img[0-3].glassdoor.ca
+		- static.glassdoor.ca
+		- www.glassdoor.ca
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Glassdoor.ca">
+
+	<target host="glassdoor.ca" />
+	<target host="img0.glassdoor.ca" />
+	<target host="img1.glassdoor.ca" />
+	<target host="img2.glassdoor.ca" />
+	<target host="img3.glassdoor.ca" />
+	<target host="static.glassdoor.ca" />
+	<target host="www.glassdoor.ca" />
+
+
+	<!--    Not secured by server:
+					-->
+	<!--securecookie host="^(?:img[0-3]\.|static\.)?glassdoor\.ca$" name="^ARPNTS$" /-->
+	<!--securecookie host="^\.glassdoor\.ca$" name="^(?:__cfduid|cf_clearance)$" /-->
+	<!--securecookie host="^www\.glassdoor\.ca$" name="^(?:_uac|ARPNTS|gdId)$" /-->
+
+	<securecookie host="^\." name="^(?:__cfduid$|_gat?$|_gat_|cf_clearance$)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/glassdoor.co.in.xml b/src/chrome/content/rules/glassdoor.co.in.xml
new file mode 100644
index 000000000000..49d9c1238a3a
--- /dev/null
+++ b/src/chrome/content/rules/glassdoor.co.in.xml
@@ -0,0 +1,39 @@
+<!--
+	For other Glassdoor coverage, see Glassdoor.xml.
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- glassdoor.co.in
+		- img[0-3].glassdoor.co.in
+		- static.glassdoor.co.in
+		- www.glassdoor.co.in
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Glassdoor.co.in">
+
+	<target host="glassdoor.co.in" />
+	<target host="img0.glassdoor.co.in" />
+	<target host="img1.glassdoor.co.in" />
+	<target host="img2.glassdoor.co.in" />
+	<target host="img3.glassdoor.co.in" />
+	<target host="static.glassdoor.co.in" />
+	<target host="www.glassdoor.co.in" />
+
+
+	<!--    Not secured by server:
+					-->
+	<!--securecookie host="^(?:img[0-3]\.|static\.)?glassdoor\.com$" name="^ARPNTS$" /-->
+	<!--securecookie host="^\.glassdoor\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+	<!--securecookie host="^www\.glassdoor\.com$" name="^(?:_uac|ARPNTS|gdId)$" /-->
+
+	<securecookie host="^\." name="^(?:__cfduid$|_gat?$|_gat_|cf_clearance$)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/glassdoor.co.uk.xml b/src/chrome/content/rules/glassdoor.co.uk.xml
new file mode 100644
index 000000000000..e75a9e5ef9eb
--- /dev/null
+++ b/src/chrome/content/rules/glassdoor.co.uk.xml
@@ -0,0 +1,34 @@
+<!--
+	For other Glassdoor coverage, see Glassdoor.xml.
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- glassdoor.co.uk
+		- .glassdoor.co.uk
+		- www.glassdoor.co.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Glassdoor.co.uk">
+
+	<target host="glassdoor.co.uk" />
+	<target host="static.glassdoor.co.uk" />
+	<target host="www.glassdoor.co.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^glassdoor\.co\.uk$" name="^ARPNTS$" /-->
+	<!--securecookie host="^\.glassdoor\.co\.uk$" name="^(?:__cfduid|cf_clearance)$" /-->
+	<!--securecookie host="^www\.glassdoor\.co\.uk$" name="^(?:_uac|ARPNTS|gdId)$" /-->
+
+	<securecookie host="^\." name="^(?:__cfduid$|_gat?$|_gat_|cf_clearance$)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/glassdoor.com.au.xml b/src/chrome/content/rules/glassdoor.com.au.xml
new file mode 100644
index 000000000000..2fa388634030
--- /dev/null
+++ b/src/chrome/content/rules/glassdoor.com.au.xml
@@ -0,0 +1,39 @@
+<!--
+	For other Glassdoor coverage, see Glassdoor.xml.
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- glassdoor.com.au
+		- img[0-3].glassdoor.com.au
+		- static.glassdoor.com.au
+		- www.glassdoor.com.au
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Glassdoor.com.au">
+
+	<target host="glassdoor.com.au" />
+	<target host="img0.glassdoor.com.au" />
+	<target host="img1.glassdoor.com.au" />
+	<target host="img2.glassdoor.com.au" />
+	<target host="img3.glassdoor.com.au" />
+	<target host="static.glassdoor.com.au" />
+	<target host="www.glassdoor.com.au" />
+
+
+	<!--    Not secured by server:
+					-->
+	<!--securecookie host="^(?:img[0-3]\.|static\.)?glassdoor\.com\.au$" name="^ARPNTS$" /-->
+	<!--securecookie host="^\.glassdoor\.com\.au$" name="^(?:__cfduid|cf_clearance)$" /-->
+	<!--securecookie host="^www\.glassdoor\.com\.au$" name="^(?:_uac|ARPNTS|gdId)$" /-->
+
+	<securecookie host="^\." name="^(?:__cfduid$|_gat?$|_gat_|cf_clearance$)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/glavbukh.ru.xml b/src/chrome/content/rules/glavbukh.ru.xml
new file mode 100644
index 000000000000..52e462f65c38
--- /dev/null
+++ b/src/chrome/content/rules/glavbukh.ru.xml
@@ -0,0 +1,81 @@
+<!--
+	Invalid certificate:
+		8marta.glavbukh.ru
+		8marta2015.glavbukh.ru
+		8marta2016.glavbukh.ru
+		attestat.glavbukh.ru
+		bdn.glavbukh.ru
+		cok.glavbukh.ru
+		den2013.glavbukh.ru
+		den2014.glavbukh.ru
+		dod.glavbukh.ru
+		www.forum.glavbukh.ru
+		forum2.glavbukh.ru (incomplete certificate chain)
+		www.kkt.glavbukh.ru
+		www.lifeart.glavbukh.ru
+		linate.glavbukh.ru (incomplete certificate chain)
+		msb.glavbukh.ru
+		ng.glavbukh.ru
+		ng2015.glavbukh.ru
+		ng2016.glavbukh.ru
+		obr.glavbukh.ru
+		otpusk.glavbukh.ru
+		www.pclub.glavbukh.ru
+		podarok.glavbukh.ru
+		premia.glavbukh.ru
+		www.premia.glavbukh.ru
+		premia2015.glavbukh.ru
+		reshebnik.glavbukh.ru
+		dev.seminar.glavbukh.ru
+		www.top.glavbukh.ru
+		www.vs.glavbukh.ru (incomplete certificate chain)
+		www.vseminar.glavbukh.ru (incomplete certificate chain)
+
+	Redirect to HTTP:
+		8marta2013.glavbukh.ru
+		den.glavbukh.ru
+		foto.glavbukh.ru
+		go.glavbukh.ru
+		golos.glavbukh.ru
+		kadry.glavbukh.ru
+		kkt.glavbukh.ru
+		konf2013.glavbukh.ru
+		lifeart.glavbukh.ru
+		lifeartbend.glavbukh.ru
+		ng2013.glavbukh.ru
+		otchet.glavbukh.ru
+		premia2012.glavbukh.ru
+		rz.glavbukh.ru
+		srz.glavbukh.ru
+		top.glavbukh.ru
+		usn.glavbukh.ru
+		zarplata.glavbukh.ru
+
+	Refused:
+		e.glavbukh.ru
+		www.e.glavbukh.ru
+		m.e.glavbukh.ru
+		epromo.glavbukh.ru
+		www.epromo.glavbukh.ru
+		partners.glavbukh.ru
+		school.glavbukh.ru
+		sgb.glavbukh.ru
+		test.glavbukh.ru
+		webinar.glavbukh.ru
+
+	Time out:
+		psd.glavbukh.ru
+		str.glavbukh.ru
+		turizm.glavbukh.ru
+
+-->
+<ruleset name="glavbukh.ru">
+	<target host="glavbukh.ru" />
+	<target host="www.glavbukh.ru" />
+	<!--Fails for unknown reason, see https://github.com/EFForg/https-everywhere/issues/7711
+	<target host="forum.glavbukh.ru" />
+	-->
+	<target host="m.glavbukh.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/glazdik.ru.xml b/src/chrome/content/rules/glazdik.ru.xml
new file mode 100644
index 000000000000..5a3ad752927b
--- /dev/null
+++ b/src/chrome/content/rules/glazdik.ru.xml
@@ -0,0 +1,21 @@
+<!--
+	Invalid certificate:
+		demo.glazdik.ru
+		www.demo.glazdik.ru
+		key-servis.glazdik.ru
+		www.key-servis.glazdik.ru
+		kn.glazdik.ru
+		www.kn.glazdik.ru
+		mail.glazdik.ru
+		medicalc.glazdik.ru
+		www.medicalc.glazdik.ru
+		oc.glazdik.ru
+		www.oc.glazdik.ru
+-->
+<ruleset name="glazdik.ru">
+	<target host="glazdik.ru" />
+	<target host="www.glazdik.ru" />
+	<target host="2kg.glazdik.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/glee.co.uk.xml b/src/chrome/content/rules/glee.co.uk.xml
new file mode 100644
index 000000000000..c0dcb6574c58
--- /dev/null
+++ b/src/chrome/content/rules/glee.co.uk.xml
@@ -0,0 +1,14 @@
+<ruleset name="Glee.co.uk">
+
+	<target host="glee.co.uk" />
+	<target host="my.glee.co.uk" />
+	<target host="www.glee.co.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/glen-l.com.xml b/src/chrome/content/rules/glen-l.com.xml
new file mode 100644
index 000000000000..cf4dd65df166
--- /dev/null
+++ b/src/chrome/content/rules/glen-l.com.xml
@@ -0,0 +1,40 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.glen-l.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css from www.glen-l.com ˢ
+
+		- Images, from:
+
+			- glen-l.com ˢ
+			- www.glen-l.com ˢ
+
+		- favicon from www.glen-l.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Glen-L.com" platform="mixedcontent">
+
+	<target host="glen-l.com" />
+	<target host="www.glen-l.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.glen-l\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\." name="^(?:incap_ses|visid_incap)_" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/glest.org.xml b/src/chrome/content/rules/glest.org.xml
new file mode 100644
index 000000000000..015fb8f2a5c1
--- /dev/null
+++ b/src/chrome/content/rules/glest.org.xml
@@ -0,0 +1,14 @@
+<!--
+	Time out:
+		ftp.glest.org
+		imap.glest.org
+		pop.glest.org
+		sftp.glest.org
+		ssh.glest.org
+-->
+<ruleset name="glest.org">
+	<target host="glest.org" />
+	<target host="www.glest.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/glimg.net.xml b/src/chrome/content/rules/glimg.net.xml
new file mode 100644
index 000000000000..ddeceffd0551
--- /dev/null
+++ b/src/chrome/content/rules/glimg.net.xml
@@ -0,0 +1,15 @@
+<!--
+	For other Demand Media coverage, see Demand-Media.xml.
+
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- glimg.net
+		- www.glimg.net
+-->
+<ruleset name="glimg.net (partial)">
+	<target host="i.glimg.net" />
+	<target host="ui.glimg.net" />
+	<target host="staging.glimg.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/glittering.blue.xml b/src/chrome/content/rules/glittering.blue.xml
new file mode 100644
index 000000000000..b73c6a367152
--- /dev/null
+++ b/src/chrome/content/rules/glittering.blue.xml
@@ -0,0 +1,25 @@
+<!--
+	www.glittering.blue: Mismatched
+
+-->
+<ruleset name="Glittering.Blue">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="glittering.blue" />
+
+	<!--	Complications:
+				-->
+	<target host="www.glittering.blue" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://www\.glittering\.blue/"
+		to="https://glittering.blue/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/glljobs.org.xml b/src/chrome/content/rules/glljobs.org.xml
new file mode 100644
index 000000000000..3b53ba993bf4
--- /dev/null
+++ b/src/chrome/content/rules/glljobs.org.xml
@@ -0,0 +1,13 @@
+<ruleset name="GLL Jobs.org">
+
+	<target host="glljobs.org" />
+	<target host="www.glljobs.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/globalactionplan.org.uk.xml b/src/chrome/content/rules/globalactionplan.org.uk.xml
new file mode 100644
index 000000000000..2e7d3f9e6bf3
--- /dev/null
+++ b/src/chrome/content/rules/globalactionplan.org.uk.xml
@@ -0,0 +1,36 @@
+<!--
+	globalactionplan.org.uk: Dropped
+
+
+	Insecure cookies are set for these domains: ᶜ
+
+		- .www.globalactionplan.org.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Global Action Plan.org.uk">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.globalactionplan.org.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="globalactionplan.org.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.www\.globalactionplan\.org\.uk$" name="^ARRAffinity$" /-->
+
+	<securecookie host="^(?!\.globalactionplan\.org\.uk$)." name=".+" />
+
+
+	<rule from="^http://globalactionplan\.org\.uk/"
+		to="https://www.globalactionplan.org.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/globalreach.com.xml b/src/chrome/content/rules/globalreach.com.xml
new file mode 100644
index 000000000000..15a0bb85bea3
--- /dev/null
+++ b/src/chrome/content/rules/globalreach.com.xml
@@ -0,0 +1,38 @@
+<!--
+	Problematic hosts in *globalreach.com:
+
+		- bairdmounts ᵐ
+
+	ᵐ Mismatched
+
+-->
+<ruleset name="Global Reach.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="globalreach.com" />
+	<target host="static.globalreach.com" />
+	<target host="www.globalreach.com" />
+
+		<test url="http://static.globalreach.com/images/logos/globalreach_light.png" />
+
+	<!--	Complications:
+				-->
+	<target host="bairdmounts.globalreach.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<!--	Redirect keeps path and args,
+		but not forward slash:
+					-->
+	<rule from="^http://bairdmounts\.globalreach\.com/+"
+		to="https://www.bairdmounts.com/" />
+
+		<test url="http://bairdmounts.globalreach.com/index.htm" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/globbersthemes.com.xml b/src/chrome/content/rules/globbersthemes.com.xml
new file mode 100644
index 000000000000..2f9d49b43a2e
--- /dev/null
+++ b/src/chrome/content/rules/globbersthemes.com.xml
@@ -0,0 +1,19 @@
+<!--
+	Invalid certificate:
+		mail.globbersthemes.com
+		pop3.globbersthemes.com
+		smtp.globbersthemes.com
+
+	Refused:
+		ftp.globbersthemes.com
+		ftp2.globbersthemes.com
+
+	Time out:
+		vpn.globbersthemes.com
+-->
+<ruleset name="globbersthemes.com">
+	<target host="globbersthemes.com" />
+	<target host="www.globbersthemes.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/glomex.com.xml b/src/chrome/content/rules/glomex.com.xml
new file mode 100644
index 000000000000..c91ed533f2f4
--- /dev/null
+++ b/src/chrome/content/rules/glomex.com.xml
@@ -0,0 +1,67 @@
+<!--
+	Connection closed:
+		demo.glomex.com
+
+	Invalid certificate:
+		entertainment.glomex.com
+		explore.glomex.com
+		join.glomex.com
+		news.glomex.com
+		*.player.glomex.com
+		progressive-ac-mds.glomex.com
+		signup.glomex.com
+		vod-lite-mds.glomex.com
+
+	Timeout:
+		ak-ads-mds.glomex.com
+		pfsense.glomex.com
+		support.glomex.com
+		upload.glomex.com
+		vpn.glomex.com
+
+	Too many redirects:
+		ovpn.glomex.com
+-->
+<ruleset name="glomex.com">
+
+	<target host="glomex.com" />
+	<target host="www.glomex.com" />
+	<target host="addemo.glomex.com" />
+	<target host="afeb7c34e087fb19b89505f.glomex.com" />
+	<target host="ap-health-vvs.glomex.com" />
+	<target host="component-vvs.glomex.com" />
+	<target host="config-vvs.glomex.com" />
+	<target host="cpc.glomex.com" />
+	<target host="db04ac130328ddea8d724cf.glomex.com" />
+	<target host="demo.de.glomex.com" />
+	<target host="dvsd-stream.glomex.com" />
+	<target host="exchange.glomex.com" />
+	<target host="i1thumbs.glomex.com" />
+	<target host="i2thumbs.glomex.com" />
+	<target host="i3thumbs.glomex.com" />
+	<target host="i4thumbs.glomex.com" />
+	<target host="imageservicethumbs.glomex.com" />
+	<target host="imthumbs.glomex.com" />
+	<target host="isthumbs.glomex.com" />
+	<target host="jira.glomex.com" />
+	<target host="ac-vod-0002.mds.glomex.com" />
+	<target host="ac-vod-0003.mds.glomex.com" />
+	<target host="ac-vod-0004.mds.glomex.com" />
+	<target host="ac-vod-0012.mds.glomex.com" />
+	<target host="player.glomex.com" />
+	<target host="player-abcd.glomex.com" />
+	<target host="player-feedback-mds.glomex.com" />
+	<target host="player-feedback-v1.glomex.com" />
+	<target host="player-test.glomex.com" />
+	<target host="stage-www.glomex.com" />
+	<target host="www.stage-www.glomex.com" />
+	<target host="static-mds.glomex.com" />
+	<target host="support-docs.glomex.com" />
+	<target host="vas-live-mdp.glomex.com" />
+	<target host="video.glomex.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/glot.io.xml b/src/chrome/content/rules/glot.io.xml
new file mode 100644
index 000000000000..c26a07200769
--- /dev/null
+++ b/src/chrome/content/rules/glot.io.xml
@@ -0,0 +1,16 @@
+<!--
+www.glot.io ¹
+
+
+¹ mismatch
+-->
+<ruleset name="glot.io">
+	<target host="glot.io" />
+
+	<target host="www.glot.io" />
+
+	<rule from="^http://www\.glot\.io/"
+		to="https://glot.io/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/glowingbear.org.xml b/src/chrome/content/rules/glowingbear.org.xml
new file mode 100644
index 000000000000..45d79c60f38a
--- /dev/null
+++ b/src/chrome/content/rules/glowingbear.org.xml
@@ -0,0 +1,7 @@
+<ruleset name="glowingbear.org">
+	<target host="glowingbear.org" />
+	<target host="www.glowingbear.org" />
+	<target host="latest.glowingbear.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/glx-dock.org.xml b/src/chrome/content/rules/glx-dock.org.xml
new file mode 100644
index 000000000000..0ad2ddc66996
--- /dev/null
+++ b/src/chrome/content/rules/glx-dock.org.xml
@@ -0,0 +1,29 @@
+<!--
+pics.glx-dock.org ³
+themes.glx-dock.org ⁴
+
+
+³ timed out
+⁴ self signed
+-->
+<ruleset name="Glx-Dock.org">
+
+	<target host="glx-dock.org" />
+	<target host="doc.glx-dock.org" />
+	<target host="extras.glx-dock.org" />
+	<target host="forum.glx-dock.org" />
+	<target host="wiki.glx-dock.org" />
+	<target host="www.glx-dock.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?glx-dock\.org$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/gmodmp.jp.xml b/src/chrome/content/rules/gmodmp.jp.xml
new file mode 100644
index 000000000000..3a070fe36c71
--- /dev/null
+++ b/src/chrome/content/rules/gmodmp.jp.xml
@@ -0,0 +1,22 @@
+<!--
+
+	Nonfunctional domains:
+
+	Problematic domains:
+
+		- admin.gmodmp.jp	(Invalid cert)
+		- dmp.gmodmp.jp (Invalid cert)
+		- dsync.gmodmp.jp   (Invalid cert)
+		- gmodmp.jp (Invalid cert)
+		- www.gmodmp.jp (Invalid cert)
+
+-->
+
+<ruleset name="gmodmp.jp (partial)">
+
+	<target host="j.gmodmp.jp" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/gnucitizen.org.xml b/src/chrome/content/rules/gnucitizen.org.xml
new file mode 100644
index 000000000000..d3783b8d87b7
--- /dev/null
+++ b/src/chrome/content/rules/gnucitizen.org.xml
@@ -0,0 +1,14 @@
+<ruleset name="gnucitizen.org">
+
+	<target host="gnucitizen.org" />
+	<target host="www.gnucitizen.org" />
+
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/go.cd.xml b/src/chrome/content/rules/go.cd.xml
new file mode 100644
index 000000000000..1711a85c7848
--- /dev/null
+++ b/src/chrome/content/rules/go.cd.xml
@@ -0,0 +1,10 @@
+<ruleset name="go.cd">
+	<target host="go.cd" />
+	<target host="www.go.cd" />
+	<target host="api.go.cd" />
+	<target host="build.go.cd" />
+	<target host="developer.go.cd" />
+	<target host="docs.go.cd" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/go2yd.com.xml b/src/chrome/content/rules/go2yd.com.xml
new file mode 100644
index 000000000000..803be7fd8646
--- /dev/null
+++ b/src/chrome/content/rules/go2yd.com.xml
@@ -0,0 +1,23 @@
+<!--
+	Refused:
+		i2.go2yd.com
+
+	Not exist:
+		i7.go2yd.com
+-->
+<ruleset name="go2yd.com">
+	<target host="go2yd.com"/>
+	<target host="h.go2yd.com"/>
+	<target host="i1.go2yd.com"/>
+		<test url="http://i1.go2yd.com/image.php?url=0Fj1LafSiE" />
+	<target host="i3.go2yd.com"/>
+	<target host="i4.go2yd.com"/>
+	<target host="i5.go2yd.com"/>
+	<target host="i6.go2yd.com"/>
+	<target host="i8.go2yd.com"/>
+	<target host="s.go2yd.com"/>
+	<target host="v1.go2yd.com"/>
+	<target host="v2.go2yd.com"/>
+
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/go4go.net.xml b/src/chrome/content/rules/go4go.net.xml
new file mode 100644
index 000000000000..ee7abfe297b4
--- /dev/null
+++ b/src/chrome/content/rules/go4go.net.xml
@@ -0,0 +1,6 @@
+<ruleset name="go4go.net">
+	<target host="go4go.net" />
+	<target host="www.go4go.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/goMokulele.xml b/src/chrome/content/rules/goMokulele.xml
index 02171c0e6e3c..7083f0c522f3 100644
--- a/src/chrome/content/rules/goMokulele.xml
+++ b/src/chrome/content/rules/goMokulele.xml
@@ -1,7 +1,17 @@
-<ruleset name="go!Mokulele">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://iflygo.com/ => https://www.iflygo.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.iflygo.com/ => https://www.iflygo.com/: (28, 'Connection timed out after 20013 milliseconds')
+
+Disabled by https-everywhere-checker because:
+Fetch error: http://iflygo.com/ => https://www.iflygo.com/: (28, 'Connection timed out after 10000 milliseconds')
+Fetch error: http://www.iflygo.com/ => https://www.iflygo.com/: (28, 'Connection timed out after 10001 milliseconds')
+-->
+<ruleset name="go!Mokulele" default_off="failed ruleset test">
   <target host="iflygo.com" />
   <target host="www.iflygo.com" />
 
   <rule from="^http://(?:www\.)?iflygo\.com/"
           to="https://www.iflygo.com/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/gobolinux.org.xml b/src/chrome/content/rules/gobolinux.org.xml
new file mode 100644
index 000000000000..5e8f77f8355f
--- /dev/null
+++ b/src/chrome/content/rules/gobolinux.org.xml
@@ -0,0 +1,15 @@
+<!--
+blog.gobolinux.org self signed
+bugs.gobolinux.org self signed
+forum.gobolinux.org nonexist
+lists.gobolinux.org mismatch
+wiki.gobolinux.org self signed
+lucasvr.gobolinux.org self signed
+-->
+<ruleset name="gobolinux.org">
+	<target host="gobolinux.org" />
+	<target host="www.gobolinux.org" />
+	<target host="recipes.gobolinux.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/godliteratury.ru.xml b/src/chrome/content/rules/godliteratury.ru.xml
new file mode 100644
index 000000000000..629832b004fe
--- /dev/null
+++ b/src/chrome/content/rules/godliteratury.ru.xml
@@ -0,0 +1,13 @@
+<ruleset name="God Literatury.ru">
+
+	<target host="godliteratury.ru" />
+	<target host="www.godliteratury.ru" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/godotengine.org.xml b/src/chrome/content/rules/godotengine.org.xml
new file mode 100644
index 000000000000..a9ebd86db5fd
--- /dev/null
+++ b/src/chrome/content/rules/godotengine.org.xml
@@ -0,0 +1,41 @@
+<!--
+	Problematic hosts in *godotengine.org:
+
+		- docs ᵐ
+
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- godotengine.org
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Godot Engine.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="godotengine.org" />
+	<target host="www.godotengine.org" />
+
+	<!--	Complications:
+				-->
+	<target host="docs.godotengine.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^godotengine\.org$" name="^october_session$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://docs\.godotengine\.org/"
+		to="https://godot.readthedocs.io/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/godspot.de.xml b/src/chrome/content/rules/godspot.de.xml
new file mode 100644
index 000000000000..9b1404c066cb
--- /dev/null
+++ b/src/chrome/content/rules/godspot.de.xml
@@ -0,0 +1,15 @@
+<!--
+	Invalid certificate:
+		- 360.godspot.de
+		- url.godspot.de
+-->
+<ruleset name="godspot.de">
+
+	<target host="godspot.de" />
+	<target host="www.godspot.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/gofore.com.xml b/src/chrome/content/rules/gofore.com.xml
new file mode 100644
index 000000000000..454d858d3304
--- /dev/null
+++ b/src/chrome/content/rules/gofore.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="Gofore.com">
+
+	<target host="gofore.com" />
+	<target host="www.gofore.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/gogs.io.xml b/src/chrome/content/rules/gogs.io.xml
new file mode 100644
index 000000000000..0fad8a6dc227
--- /dev/null
+++ b/src/chrome/content/rules/gogs.io.xml
@@ -0,0 +1,30 @@
+<!--
+	www.gogs.io does not exist.
+
+
+	Insecure cookies are set for these hosts:
+
+		- discuss.gogs.io
+		- try.gogs.io
+
+-->
+<ruleset name="Gogs.io">
+
+	<target host="gogs.io" />
+	<target host="discuss.gogs.io" />
+	<target host="dl.gogs.io" />
+	<target host="try.gogs.io" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^discuss\.gogs\.io$" name="^_forum_session$" /-->
+	<!--securecookie host="^try\.gogs\.io$" name="^(?:_csrf|i_like_gogits|lang)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/gohugo.io.xml b/src/chrome/content/rules/gohugo.io.xml
new file mode 100644
index 000000000000..71152d63045e
--- /dev/null
+++ b/src/chrome/content/rules/gohugo.io.xml
@@ -0,0 +1,15 @@
+<ruleset name="go Hugo.io">
+
+	<target host="gohugo.io" />
+	<target host="discuss.gohugo.io" />
+	<target host="www.gohugo.io" />
+
+
+	<securecookie host="^\." name=".+" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/gokgs.com.xml b/src/chrome/content/rules/gokgs.com.xml
new file mode 100644
index 000000000000..8948b3baf6cd
--- /dev/null
+++ b/src/chrome/content/rules/gokgs.com.xml
@@ -0,0 +1,13 @@
+<!--
+    Refused:
+        - files.gokgs.com
+-->
+
+<ruleset name="gokgs.com (partial)">
+
+	<target host="gokgs.com" />
+	<target host="www.gokgs.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/goldesel.to.xml b/src/chrome/content/rules/goldesel.to.xml
new file mode 100644
index 000000000000..bd432d47778e
--- /dev/null
+++ b/src/chrome/content/rules/goldesel.to.xml
@@ -0,0 +1,11 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://board.goldesel.to/ => https://board.goldesel.to/: Too many redirects while fetching 'https://board.goldesel.to/'
+
+-->
+<ruleset name="goldesel.to" default_off="failed ruleset test">
+  <target host="board.goldesel.to" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/golem.network.xml b/src/chrome/content/rules/golem.network.xml
new file mode 100644
index 000000000000..93e8b8bc9a98
--- /dev/null
+++ b/src/chrome/content/rules/golem.network.xml
@@ -0,0 +1,17 @@
+<!--
+	Invalid Certificate:
+		www.golem.network
+-->
+<ruleset name="golem.network">
+	<target host="golem.network" />
+	<target host="www.golem.network" />
+	<target host="buildbot.golem.network" />
+	<target host="docs.golem.network" />
+	<target host="stats.golem.network" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://www\.golem\.network/" to="https://golem.network/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/golos-ameriki.ru.xml b/src/chrome/content/rules/golos-ameriki.ru.xml
new file mode 100644
index 000000000000..881e6c82caa2
--- /dev/null
+++ b/src/chrome/content/rules/golos-ameriki.ru.xml
@@ -0,0 +1,19 @@
+<!--
+golos-ameriki.ru ¹
+direct.golos-ameriki.ru ²
+m.golos-ameriki.ru ¹
+
+
+¹ mismatch
+² refused
+-->
+<ruleset name="golos-ameriki.ru">
+	<target host="www.golos-ameriki.ru" />
+
+	<target host="golos-ameriki.ru" />
+
+	<rule from="^http://golos-ameriki\.ru/"
+		to="https://www.golos-ameriki.ru/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/golosinfo.org.xml b/src/chrome/content/rules/golosinfo.org.xml
new file mode 100644
index 000000000000..b418aaf484b1
--- /dev/null
+++ b/src/chrome/content/rules/golosinfo.org.xml
@@ -0,0 +1,18 @@
+<!--
+likbez2016.golosinfo.org ¹
+
+
+¹ mismatch
+-->
+<ruleset name="golosinfo.org">
+	<target host="golosinfo.org" />
+	<target host="www.golosinfo.org" />
+	<target host="candidates.golosinfo.org" />
+	<target host="els.golosinfo.org" />
+	<target host="files.golosinfo.org" />
+	<target host="obuchenie.golosinfo.org" />
+	<target host="piter1409.golosinfo.org" />
+	<target host="st.golosinfo.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/gonightshift.com.xml b/src/chrome/content/rules/gonightshift.com.xml
new file mode 100644
index 000000000000..16c1a2c693f1
--- /dev/null
+++ b/src/chrome/content/rules/gonightshift.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- app.gonightshift.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="go NightShift.com">
+
+	<target host="gonightshift.com" />
+	<target host="app.gonightshift.com" />
+	<target host="www.gonightshift.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^app\.gonightshift\.com$" name="^csrftoken$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/goodline.info.xml b/src/chrome/content/rules/goodline.info.xml
new file mode 100644
index 000000000000..e2ce3bae2346
--- /dev/null
+++ b/src/chrome/content/rules/goodline.info.xml
@@ -0,0 +1,35 @@
+<!--
+forum.goodline.info ³
+support.goodline.info ⁴
+daridobro.goodline.info ²
+bk.goodline.info ²
+belovo-bachatskij-inskoj.goodline.info different content
+gramoteino.goodline.info different content
+gurevsk.goodline.info different content
+kedrovka.goodline.info different content
+kemerovo.goodline.info different content
+kiselevsk.goodline.info different content
+krasnobrodskij.goodline.info different content
+leninsk-kuzneczkij.goodline.info different content
+lesnaya-polyana.goodline.info different content
+maps.goodline.info different content
+novokuzneczk.goodline.info different content
+polyisaevo.goodline.info different content
+prokopevsk.goodline.info different content
+yurga.goodline.info different content
+zelenogorskiy.goodline.info different content
+
+
+² refused
+³ timed out
+⁴ self signed
+-->
+<ruleset name="goodline.info">
+	<target host="goodline.info" />
+	<target host="www.goodline.info" />
+	<target host="lk.goodline.info" />
+	<target host="b2b.goodline.info" />
+	<target host="live.goodline.info" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/goodolddays.net.xml b/src/chrome/content/rules/goodolddays.net.xml
new file mode 100644
index 000000000000..97e8edc993db
--- /dev/null
+++ b/src/chrome/content/rules/goodolddays.net.xml
@@ -0,0 +1,14 @@
+<!--
+	Invalid certificate:
+		21ct.goodolddays.net
+		mail.goodolddays.net
+		penguides.goodolddays.net
+-->
+<ruleset name="goodolddays.net">
+	<target host="goodolddays.net" />
+	<target host="www.goodolddays.net" />
+	<target host="files.goodolddays.net" />
+	<target host="m.goodolddays.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/goodweave.org.xml b/src/chrome/content/rules/goodweave.org.xml
new file mode 100644
index 000000000000..95fc885d486e
--- /dev/null
+++ b/src/chrome/content/rules/goodweave.org.xml
@@ -0,0 +1,9 @@
+<ruleset name="goodweave.org">
+	<target host="goodweave.org" />
+	<target host="www.goodweave.org" />
+	<target host="facesoffreedom.goodweave.org" />
+	<target host="www.facesoffreedom.goodweave.org" />
+	<target host="server.goodweave.org" />
+	
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/googletagmanager.com.xml b/src/chrome/content/rules/googletagmanager.com.xml
new file mode 100644
index 000000000000..e0ac212e3ff5
--- /dev/null
+++ b/src/chrome/content/rules/googletagmanager.com.xml
@@ -0,0 +1,14 @@
+<!--
+	For other Google coverage, see GoogleServices.xml
+
+-->
+<ruleset name="Googletagmanager.com">
+
+	<target host="googletagmanager.com" />
+	<target host="www.googletagmanager.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/googletagservices.com.xml b/src/chrome/content/rules/googletagservices.com.xml
new file mode 100644
index 000000000000..1063b447643f
--- /dev/null
+++ b/src/chrome/content/rules/googletagservices.com.xml
@@ -0,0 +1,15 @@
+<!--
+	For other Google coverage, see GoogleServices.xml
+
+-->
+<ruleset name="Googletagservices.com">
+
+	<target host="www.googletagservices.com" />
+
+		<test url="http://www.googletagservices.com/tag/js/gpt.js" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/goroost.com.xml b/src/chrome/content/rules/goroost.com.xml
new file mode 100644
index 000000000000..89b1ee909f7a
--- /dev/null
+++ b/src/chrome/content/rules/goroost.com.xml
@@ -0,0 +1,60 @@
+<!--
+	Problematic hosts in *goroost.com:
+
+		- docs ᵐ
+		- docs-api ᵐ
+		- docs-js ᵐ
+		- docs-rest ᵐ
+
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- goroost.com
+		- .goroost.com
+		- www.goroost.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Images on ^ from $self ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="go Roost.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="goroost.com" />
+	<target host="cdn.goroost.com" />
+	<target host="dashboard.goroost.com" />
+	<target host="go.goroost.com" />
+	<target host="www.goroost.com" />
+
+		<!--test url="http://cdn.goroost.com/roostjspk/" /-->
+
+	<!--	Complications:
+				-->
+	<target host="docs-rest.goroost.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?goroost\.com$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^\.goroost\.com$" name="^ORSESSIONID2$" /-->
+
+	<securecookie host="^\." name="^optimizely" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://docs-rest\.goroost\.com/"
+		to="https://roost.readme.io/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/gov-murman.ru.xml b/src/chrome/content/rules/gov-murman.ru.xml
new file mode 100644
index 000000000000..14e99b28f916
--- /dev/null
+++ b/src/chrome/content/rules/gov-murman.ru.xml
@@ -0,0 +1,81 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://gubernator.gov-murman.ru/ => https://gubernator.gov-murman.ru/: (6, 'Could not resolve host: gubernator.gov-murman.ru')
+
+aisdafmo.gov-murman.ru ³
+mx.akolr.gov-murman.ru ⁵
+b4u.gov-murman.ru ³
+bw.gov-murman.ru ³
+ke.culture.gov-murman.ru ¹
+war.culture.gov-murman.ru ¹
+eng.gov-murman.ru ³
+gis.gov-murman.ru ⁴
+inno.gov-murman.ru ⁴
+invest.gov-murman.ru ³
+investmap.gov-murman.ru ³
+investproject.gov-murman.ru ⁴
+mail.gov-murman.ru ³
+maloe.gov-murman.ru ³
+mk.gov-murman.ru ³
+old.gov-murman.ru ³
+pravo.gov-murman.ru ³
+reception.gov-murman.ru ³
+rgimo.gov-murman.ru ⁴
+sockab.gov-murman.ru ⁴
+svod.gov-murman.ru ³
+tarif.gov-murman.ru ⁶
+ufms.gov-murman.ru ³
+investmap.gov-murman.ru:81 ⁷
+agro.gov-murman.ru different content
+krpp.gov-murman.ru different content
+mrcx.gov-murman.ru different content
+mrpp.gov-murman.ru different content
+mvpmk.gov-murman.ru different content
+utr.gov-murman.ru different content
+
+
+¹ mismatch
+³ timed out
+⁴ self signed
+⁵ expired
+⁶ redirect
+⁷ protocol error
+-->
+<ruleset name="gov-murman.ru" default_off="failed ruleset test">
+	<target host="gov-murman.ru" />
+	<target host="www.gov-murman.ru" />
+	<target host="akolr.gov-murman.ru" />
+	<target host="apatity.gov-murman.ru" />
+	<target host="apparat.gov-murman.ru" />
+	<target host="bitrix.gov-murman.ru" />
+	<target host="culture.gov-murman.ru" />
+	<target host="gorposumba.gov-murman.ru" />
+	<target host="gosfincontrol.gov-murman.ru" />
+	<target host="goszakaz.gov-murman.ru" />
+	<target host="gubernator.gov-murman.ru" />
+	<target host="gzhi.gov-murman.ru" />
+	<target host="it.gov-murman.ru" />
+	<target host="licensing.gov-murman.ru" />
+	<target host="minec.gov-murman.ru" />
+	<target host="minenergo.gov-murman.ru" />
+	<target host="minfin.gov-murman.ru" />
+	<target host="minjust.gov-murman.ru" />
+	<target host="minobr.gov-murman.ru" />
+	<target host="minsoc.gov-murman.ru" />
+	<target host="minstroy.gov-murman.ru" />
+	<target host="mintrans.gov-murman.ru" />
+	<target host="minzdrav.gov-murman.ru" />
+	<target host="monchegorsk.gov-murman.ru" />
+	<target host="mpr.gov-murman.ru" />
+	<target host="npa.gov-murman.ru" />
+	<target host="olenegorsk.gov-murman.ru" />
+	<target host="openregion.gov-murman.ru" />
+	<target host="property.gov-murman.ru" />
+	<target host="safety.gov-murman.ru" />
+	<target host="sport.gov-murman.ru" />
+	<target host="terskyrayon.gov-murman.ru" />
+	<target host="veterinary.gov-murman.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/gov.scot.xml b/src/chrome/content/rules/gov.scot.xml
new file mode 100644
index 000000000000..5cc9509ec747
--- /dev/null
+++ b/src/chrome/content/rules/gov.scot.xml
@@ -0,0 +1,95 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+		- landcommission.gov.scot
+		- www.landcommission.gov.scot
+		- marine.gov.scot
+		- sip.gov.scot
+		- auth.standardisedassessment.gov.scot
+		- delivery.standardisedassessment.gov.scot
+		- delivery2server.standardisedassessment.gov.scot
+		- schools.standardisedassessment.gov.scot
+
+		Timeout was reached:
+		- www.gov.scot
+		- ideas.gov.scot
+		- maps.marine.gov.scot
+		- bgv.publishing.gov.scot
+		- bgvpreview.publishing.gov.scot
+		- preview.publishing.gov.scot
+		- safetycameras.gov.scot
+		- www.safetycameras.gov.scot
+		- saltire.gov.scot
+		- confluence.seemis.gov.scot
+		- crowd.seemis.gov.scot
+		- jira.seemis.gov.scot
+		- maxi.seemis.gov.scot
+		- mx0.seemis.gov.scot
+		- sms.seemis.gov.scot
+
+		SSL peer certificate was not OK:
+		- informatics.environment.gov.scot
+		- www.firstminister.gov.scot
+		- staging.firstminister.gov.scot
+		- freshproducetool.foodstandards.gov.scot
+		- safesmokedfish.foodstandards.gov.scot
+		- seemis.gov.scot
+		- spatialdata.gov.scot
+		- statistics.gov.scot
+		- transport.gov.scot
+
+		Failure when receiving data from the peer:
+		- ras.seemis.gov.scot
+		- sts.gov.scot
+
+		Incomplete certificate chain error:
+		- incidents.foodstandards.gov.scot
+
+		Status code mismatch:
+		- environment.gov.scot
+		- soils.environment.gov.scot
+
+		4xx client error:
+		- auth.education.gov.scot
+		- compass.marine.gov.scot
+		- mscompass.marine.gov.scot
+		- delivery2.standardisedassessment.gov.scot
+
+		Mixed content blocking (MCB) triggered:
+		- data.marine.gov.scot
+-->
+<ruleset name="gov.scot">
+	<target host="beta.gov.scot" />
+	<target host="elb.beta.gov.scot" />
+	<target host="blogs.gov.scot" />
+	<target host="staging.blogs.gov.scot" />
+	<target host="consult.gov.scot" />
+	<target host="education.gov.scot" />
+	<target host="www.education.gov.scot" />
+	<target host="forms.education.gov.scot" />
+	<target host="rest.education.gov.scot" />
+	<target host="www.environment.gov.scot" />
+	<target host="beta.environment.gov.scot" />
+	<target host="map.environment.gov.scot" />
+	<target host="noise.environment.gov.scot" />
+	<target host="firstminister.gov.scot" />
+	<target host="foodstandards.gov.scot" />
+	<target host="www.foodstandards.gov.scot" />
+	<target host="consult.foodstandards.gov.scot" />
+	<target host="horticulture.gov.scot" />
+	<target host="www.housingandregeneration.gov.scot" />
+	<target host="www.ideas.gov.scot" />
+	<target host="lyncdiscover.gov.scot" />
+	<target host="news.gov.scot" />
+	<target host="remotesensingdata.gov.scot" />
+	<target host="www.seemis.gov.scot" />
+	<target host="codebase.seemis.gov.scot" />
+	<target host="www.spatialdata.gov.scot" />
+	<target host="standardisedassessment.gov.scot" />
+	<target host="www.standardisedassessment.gov.scot" />
+	<target host="highcharts.standardisedassessment.gov.scot" />
+	<target host="agriculture.surveys.gov.scot" />
+	<target host="www.transport.gov.scot" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/government-nnov.ru.xml b/src/chrome/content/rules/government-nnov.ru.xml
new file mode 100644
index 000000000000..51a6ea11a24b
--- /dev/null
+++ b/src/chrome/content/rules/government-nnov.ru.xml
@@ -0,0 +1,50 @@
+<!--
+www.deples.government-nnov.ru ¹
+gas-u.government-nnov.ru ³
+www.international.government-nnov.ru ¹
+www.mininvest.government-nnov.ru ¹
+www.minobr.government-nnov.ru ¹
+ukn.minobr.government-nnov.ru ¹
+www.minprom.government-nnov.ru ¹
+ns.government-nnov.ru ⁴
+
+
+¹ mismatch
+³ timed out
+⁴ self signed
+-->
+<ruleset name="government-nnov.ru">
+	<target host="government-nnov.ru" />
+	<target host="www.government-nnov.ru" />
+	<target host="depgrad.government-nnov.ru" />
+	<target host="deples.government-nnov.ru" />
+	<target host="deptrans.government-nnov.ru" />
+	<target host="gopb.government-nnov.ru" />
+	<target host="gostehnadzor.government-nnov.ru" />
+	<target host="gov.government-nnov.ru" />
+	<target host="gpd.government-nnov.ru" />
+	<target host="gsn.government-nnov.ru" />
+	<target host="international.government-nnov.ru" />
+	<target host="kadr.government-nnov.ru" />
+	<target host="letter.government-nnov.ru" />
+	<target host="www.letter.government-nnov.ru" />
+	<target host="minec.government-nnov.ru" />
+	<target host="mingkh.government-nnov.ru" />
+	<target host="mininvest.government-nnov.ru" />
+	<target host="minobr.government-nnov.ru" />
+	<target host="minpred.government-nnov.ru" />
+	<target host="minprom.government-nnov.ru" />
+	<target host="minprom_old.government-nnov.ru" />
+	<target host="mins.government-nnov.ru" />
+	<target host="minstroy.government-nnov.ru" />
+	<target host="mintrans.government-nnov.ru" />
+	<target host="mvp.government-nnov.ru" />
+	<target host="ohotnadzor.government-nnov.ru" />
+	<target host="res.government-nnov.ru" />
+	<target host="sport.government-nnov.ru" />
+	<target host="ums.government-nnov.ru" />
+	<target host="vetnadzor.government-nnov.ru" />
+	<target host="zags.government-nnov.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/governmentjobs.com.xml b/src/chrome/content/rules/governmentjobs.com.xml
new file mode 100644
index 000000000000..0ec391d84be7
--- /dev/null
+++ b/src/chrome/content/rules/governmentjobs.com.xml
@@ -0,0 +1,18 @@
+<!--
+governmentjobs.com ¹
+
+
+¹ mismatch
+-->
+<ruleset name="governmentjobs.com">
+	<target host="www.governmentjobs.com" />
+	<target host="secure.governmentjobs.com" />
+	<target host="agency.governmentjobs.com" />
+
+	<target host="governmentjobs.com" />
+
+	<rule from="^http://governmentjobs\.com/"
+		to="https://www.governmentjobs.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/govloop.com.xml b/src/chrome/content/rules/govloop.com.xml
new file mode 100644
index 000000000000..63bb2c6b70e9
--- /dev/null
+++ b/src/chrome/content/rules/govloop.com.xml
@@ -0,0 +1,37 @@
+<!--
+	Nonfunctional hosts in *govloop.com:
+
+		- direct ⁵
+
+	⁵ 526 / 503
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- .govloop.com
+		- www.govloop.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="GovLoop.com (partial)">
+
+	<target host="govloop.com" />
+	<target host="academy.govloop.com" />
+	<target host="www.govloop.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.govloop\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+	<!--securecookie host="^www\.govloop\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\." name="^(?:__cfduid$|_gat?$|_gat_|cf_clearance$)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/govoritmoskva.ru.xml b/src/chrome/content/rules/govoritmoskva.ru.xml
new file mode 100644
index 000000000000..54733659f9cb
--- /dev/null
+++ b/src/chrome/content/rules/govoritmoskva.ru.xml
@@ -0,0 +1,16 @@
+<!--
+media.govoritmoskva.ru ⁴
+video.govoritmoskva.ru ⁴
+podcast.govoritmoskva.ru different content
+
+
+⁴ self signed
+-->
+<ruleset name="govoritmoskva.ru">
+	<target host="govoritmoskva.ru" />
+	<target host="www.govoritmoskva.ru" />
+	<target host="ads.govoritmoskva.ru" />
+	<target host="content.govoritmoskva.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/gp-digital.org.xml b/src/chrome/content/rules/gp-digital.org.xml
new file mode 100644
index 000000000000..3cf318b1e3f8
--- /dev/null
+++ b/src/chrome/content/rules/gp-digital.org.xml
@@ -0,0 +1,7 @@
+<ruleset name="gp-digital.org">
+	<target host="gp-digital.org" />
+	<target host="www.gp-digital.org" />
+	<target host="comment.gp-digital.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/gpuinfo.org.xml b/src/chrome/content/rules/gpuinfo.org.xml
new file mode 100644
index 000000000000..9af67d635acf
--- /dev/null
+++ b/src/chrome/content/rules/gpuinfo.org.xml
@@ -0,0 +1,14 @@
+<ruleset name="gpuinfo.org">
+	<target host="gpuinfo.org" />
+	<target host="www.gpuinfo.org" />
+	<target host="android.gpuinfo.org" />
+	<target host="www.android.gpuinfo.org" />
+	<target host="opengl.gpuinfo.org" />
+	<target host="www.opengl.gpuinfo.org" />
+	<target host="opengles.gpuinfo.org" />
+	<target host="www.opengles.gpuinfo.org" />
+	<target host="vulkan.gpuinfo.org" />
+	<target host="www.vulkan.gpuinfo.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/gpupowered.org.xml b/src/chrome/content/rules/gpupowered.org.xml
new file mode 100644
index 000000000000..45bf082c2e6a
--- /dev/null
+++ b/src/chrome/content/rules/gpupowered.org.xml
@@ -0,0 +1,11 @@
+<ruleset name="gpupowered.org">
+	<target host="gpupowered.org" />
+	<target host="www.gpupowered.org" />
+	<target host="autodiscover.gpupowered.org" />
+	<target host="cpanel.gpupowered.org" />
+	<target host="mail.gpupowered.org" />
+	<target host="webdisk.gpupowered.org" />
+	<target host="webmail.gpupowered.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/grad.ua.xml b/src/chrome/content/rules/grad.ua.xml
new file mode 100644
index 000000000000..3f2b00fb084a
--- /dev/null
+++ b/src/chrome/content/rules/grad.ua.xml
@@ -0,0 +1,6 @@
+<!-- main. cert authority invalid -->
+<ruleset name="grad.ua">
+	<target host="grad.ua" />
+	<target host="www.grad.ua" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/gradle.com.xml b/src/chrome/content/rules/gradle.com.xml
new file mode 100644
index 000000000000..ef74eaefd685
--- /dev/null
+++ b/src/chrome/content/rules/gradle.com.xml
@@ -0,0 +1,11 @@
+<!--
+www2.gradle.com mismatch
+help.gradle.com mismatch
+-->
+<ruleset name="gradle.com">
+	<target host="gradle.com" />
+	<target host="www.gradle.com" />
+	<target host="scans.gradle.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/grafica.app.xml b/src/chrome/content/rules/grafica.app.xml
new file mode 100644
index 000000000000..190d4c6ded90
--- /dev/null
+++ b/src/chrome/content/rules/grafica.app.xml
@@ -0,0 +1,8 @@
+<!--
+	NXDOMAIN: www
+-->
+<ruleset name="grafica.app">
+	<target host="grafica.app" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/grape.ru.xml b/src/chrome/content/rules/grape.ru.xml
new file mode 100644
index 000000000000..66416b911e68
--- /dev/null
+++ b/src/chrome/content/rules/grape.ru.xml
@@ -0,0 +1,32 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://htcmaraphon.grape.ru/ => https://htcmaraphon.grape.ru/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://smm.grape.ru/ => https://smm.grape.ru/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://dmc2014pro.grape.ru/ => https://dmc2014pro.grape.ru/: (60, 'SSL certificate problem: certificate has expired')
+
+grape.ru ²
+www.grape.ru ²
+cifcream.grape.ru non-2xx http code
+cornettotest.grape.ru ⁴
+linexpro.grape.ru non-2xx http code
+ladyspeedstick.grape.ru non-2xx http code
+winstonufdev2.grape.ru ²
+dovemen.grape.ru non-2xx http code
+bybarni.grape.ru ²
+inmarko.grape.ru non-2xx http code
+glamufdev2.grape.ru ²
+zdraivery.pro.grape.ru ¹
+
+
+¹ mismatch
+² refused
+⁴ self signed
+-->
+<ruleset name="grape.ru (partial)" default_off="failed ruleset test">
+	<target host="htcmaraphon.grape.ru" />
+	<target host="smm.grape.ru" />
+	<target host="dmc2014pro.grape.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/graylady3jvrrxbe.onion.xml b/src/chrome/content/rules/graylady3jvrrxbe.onion.xml
new file mode 100644
index 000000000000..eb30c9b32224
--- /dev/null
+++ b/src/chrome/content/rules/graylady3jvrrxbe.onion.xml
@@ -0,0 +1,20 @@
+<!--
+	For more NY Times ruleset, see NYTimes.xml
+
+-->
+<ruleset name="graylady3jvrrxbe.onion">
+
+	<target host="graylady3jvrrxbe.onion" />
+	<target host="www.graylady3jvrrxbe.onion" />
+	<target host="a1.graylady3jvrrxbe.onion" />
+		<test url="http://a1.graylady3jvrrxbe.onion/fonts/family/cheltenham/cheltenham-normal-400.ttf" />
+	<target host="typeface.graylady3jvrrxbe.onion" />
+		<test url="http://typeface.graylady3jvrrxbe.onion/fonts/nyt-cheltenham-extra-condensed-bold-700-normal.woff" />
+	<target host="int.graylady3jvrrxbe.onion" />
+		<test url="http://int.graylady3jvrrxbe.onion/applications/portals/assets/blank.gif" />
+	<target host="static01.graylady3jvrrxbe.onion" />
+		<test url="http://static01.graylady3jvrrxbe.onion/images/2017/10/28/business/28ECON1/27ECON1-largeHorizontalJumbo.jpg" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/great-yarmouth.gov.uk.xml b/src/chrome/content/rules/great-yarmouth.gov.uk.xml
new file mode 100644
index 000000000000..acf1aeef871c
--- /dev/null
+++ b/src/chrome/content/rules/great-yarmouth.gov.uk.xml
@@ -0,0 +1,58 @@
+<!--
+	Great Yarmouth Borough Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *great-yarmouth.gov.uk:
+
+		- gis ᵈ
+		- planning ᵈ
+
+	ᵈ Dropped
+
+
+	Insecure cookies are set for these hosts:
+
+		- carparks.great-yarmouth.gov.uk
+
+-->
+<ruleset name="Great-Yarmouth.gov.uk (partial)">
+
+	<target host="great-yarmouth.gov.uk" />
+	<target host="carparks.great-yarmouth.gov.uk" />
+	<target host="www.great-yarmouth.gov.uk" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://(?:www\.)?great-yarmouth\.gov\.uk/(?:article/2002/My-Account-login$|contactus$|home$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://(?:www\.)?great-yarmouth\.gov\.uk/+(?!media/|themes/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://great-yarmouth.gov.uk/article/1967/Pay-online" />
+			<test url="http://great-yarmouth.gov.uk/article/1972/Report-it-GY" />
+			<test url="http://great-yarmouth.gov.uk/article/2002/My-Account-login" />
+			<test url="http://great-yarmouth.gov.uk/contactus" />
+			<test url="http://www.great-yarmouth.gov.uk/home" />
+
+			<!--	-ve:
+					-->
+			<test url="http://great-yarmouth.gov.uk/media/icon_link/j/4/footer-facebook.jpg" />
+			<test url="http://www.great-yarmouth.gov.uk/themes/gybctiled/images/chevron.png" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^carparks\.great-yarmouth\.gov\.uk$" name="^ASPSESSIONID[A-Z]{8}$" /-->
+
+	<securecookie host="^[^.wg]" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/greatplacetowork.com.xml b/src/chrome/content/rules/greatplacetowork.com.xml
new file mode 100644
index 000000000000..f2d05f695c27
--- /dev/null
+++ b/src/chrome/content/rules/greatplacetowork.com.xml
@@ -0,0 +1,54 @@
+<!--
+	Invalid certificate:
+		ciq.greatplacetowork.com
+		createyours.greatplacetowork.com
+		dev-www.greatplacetowork.com
+		engage.greatplacetowork.com
+		fortunelist2015.greatplacetowork.com
+		learn.greatplacetowork.com
+		listparticipation.greatplacetowork.com
+		lyncdiscover.greatplacetowork.com
+		lyncdiscoverinternal.greatplacetowork.com
+		sa.greatplacetowork.com
+		saen.greatplacetowork.com
+
+	Refused:
+		get.greatplacetowork.com
+		team.greatplacetowork.com
+
+	Time out:
+		reviews.greatplacetowork.com
+
+	Unreachable:
+		autodiscover.greatplacetowork.com
+
+	Incomplete certificate chain:
+		culturesurvey.greatplacetowork.com
+-->
+<ruleset name="greatplacetowork.com">
+	<target host="greatplacetowork.com" />
+	<target host="www.greatplacetowork.com" />
+	<target host="clientcenter.greatplacetowork.com" />
+	<target host="clients.greatplacetowork.com" />
+	<target host="cq.greatplacetowork.com" />
+	<target host="dev-cmp.greatplacetowork.com" />
+	<target host="dev-cmpapi.greatplacetowork.com" />
+	<target host="dev-cq.greatplacetowork.com" />
+	<target host="dev-my.greatplacetowork.com" />
+	<target host="dev-reporting.greatplacetowork.com" />
+	<target host="elk.greatplacetowork.com" />
+	<target host="fs.greatplacetowork.com" />
+	<target host="my.greatplacetowork.com" />
+	<target host="qa-cmp.greatplacetowork.com" />
+	<target host="qa-cmpapi.greatplacetowork.com" />
+	<target host="qa-cq.greatplacetowork.com" />
+	<target host="qa-my.greatplacetowork.com" />
+	<target host="qa-reporting.greatplacetowork.com" />
+	<target host="reporting.greatplacetowork.com" />
+	<target host="reset.greatplacetowork.com" />
+	<target host="support.greatplacetowork.com" />
+	<target host="www2.greatplacetowork.com" />
+
+	<rule from="^http://greatplacetowork\.com/" to="https://www.greatplacetowork.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/greatscottgadgets.com.xml b/src/chrome/content/rules/greatscottgadgets.com.xml
new file mode 100644
index 000000000000..e6ef586a9617
--- /dev/null
+++ b/src/chrome/content/rules/greatscottgadgets.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="Great Scott Gadgets">
+
+	<target host="greatscottgadgets.com" />
+	<target host="www.greatscottgadgets.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/green.ch.xml b/src/chrome/content/rules/green.ch.xml
new file mode 100644
index 000000000000..bd5a35e14ac4
--- /dev/null
+++ b/src/chrome/content/rules/green.ch.xml
@@ -0,0 +1,43 @@
+<!--
+	Refused:
+		- happy.green.ch
+		- hsi.green.ch
+
+	Timeout:
+		- lupit.green.ch
+		- webu1.green.ch
+		- webu2.green.ch
+
+		- ^greenserver.ch
+
+	Mismatch:
+		- tv.green.ch
+
+		- fr.colocation-datacenter.com
+
+	Incomplete cert chain:
+		- netstat.green.ch
+-->
+<ruleset name="green.ch">
+	<target host="green.ch" />
+	<target host="www.green.ch" />
+	<target host="wadmin.green.ch" />
+	<target host="my.green.ch" />
+	<target host="xadmin.green.ch" />
+
+	<target host="colocation-datacenter.com" />
+	<target host="www.colocation-datacenter.com" />
+	<target host="de.colocation-datacenter.com" />
+
+	<target host="greenserver.ch" />
+	<target host="www.greenserver.ch" />
+
+	<target host="greendatacenter.ch" />
+	<target host="www.greendatacenter.ch" />
+	<target host="my.greendatacenter.ch" />
+
+	<rule from="^http://greenserver\.ch/"
+		to="https://www.greenserver.ch/" />
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/greencubes.org.xml b/src/chrome/content/rules/greencubes.org.xml
new file mode 100644
index 000000000000..d95f75f37e7a
--- /dev/null
+++ b/src/chrome/content/rules/greencubes.org.xml
@@ -0,0 +1,21 @@
+<!--
+www.greencubes.org ¹
+srv1.greencubes.org ⁵
+
+
+¹ mismatch
+⁵ expired
+-->
+<ruleset name="greencubes.org">
+	<target host="greencubes.org" />
+	<target host="www.greencubes.org" />
+	<target host="forum.greencubes.org" />
+	<target host="help.greencubes.org" />
+	<target host="wiki.greencubes.org" />
+	<target host="dev.greencubes.org" />
+
+	<rule from="^http://www\.greencubes\.org/"
+		to="https://greencubes.org/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/gregzaal.com.xml b/src/chrome/content/rules/gregzaal.com.xml
new file mode 100644
index 000000000000..891e698250e2
--- /dev/null
+++ b/src/chrome/content/rules/gregzaal.com.xml
@@ -0,0 +1,21 @@
+<!--
+	Invalid certificate:
+		ftp.gregzaal.com
+		mysql.gregzaal.com
+		ssh.gregzaal.com
+
+	Time out:
+		mail.gregzaal.com
+		webmail.gregzaal.com
+
+	Unsupported protocol:
+		www.webmail.gregzaal.com
+-->
+<ruleset name="gregzaal.com">
+	<target host="gregzaal.com" />
+	<target host="www.gregzaal.com" />
+	<target host="blog.gregzaal.com" />
+	<target host="portfolio.gregzaal.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/grindr.com.xml b/src/chrome/content/rules/grindr.com.xml
new file mode 100644
index 000000000000..a969764382ce
--- /dev/null
+++ b/src/chrome/content/rules/grindr.com.xml
@@ -0,0 +1,48 @@
+<!--
+	^grindr.com: Refused
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.grindr.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- www from $self ˢ
+			- www from 40e.164.myftpupload.com
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Grindr.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="help.grindr.com" />
+	<target host="www.grindr.com" />
+
+	<!--	Complications:
+				-->
+	<target host="grindr.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.grindr\.com$" name="^_icl_current_language$" /-->
+
+	<securecookie host="^\." name="_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://grindr\.com/"
+		to="https://www.grindr.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/grist.org.xml b/src/chrome/content/rules/grist.org.xml
new file mode 100644
index 000000000000..a7f162af3fb6
--- /dev/null
+++ b/src/chrome/content/rules/grist.org.xml
@@ -0,0 +1,22 @@
+<!--
+	Mixed content:
+
+		- Bug from b.scorecardresearch.com ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="Grist.org">
+
+	<target host="grist.org" />
+	<target host="www.grist.org" />
+
+
+	<securecookie host="^\." name="^__qca$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/groovl.com.xml b/src/chrome/content/rules/groovl.com.xml
new file mode 100644
index 000000000000..f73d2e6acd16
--- /dev/null
+++ b/src/chrome/content/rules/groovl.com.xml
@@ -0,0 +1,12 @@
+<!--
+x.groovl.com ⁴
+
+
+⁴ self signed
+-->
+<ruleset name="groovl.com">
+	<target host="groovl.com" />
+	<target host="www.groovl.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/growerscup.coffee.xml b/src/chrome/content/rules/growerscup.coffee.xml
new file mode 100644
index 000000000000..ce2c0e59ebcb
--- /dev/null
+++ b/src/chrome/content/rules/growerscup.coffee.xml
@@ -0,0 +1,13 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.growerscup.coffee/ => https://www.growerscup.coffee/: (51, "SSL: no alternative certificate subject name matches target host name 'www.growerscup.coffee'")
+
+-->
+<ruleset name="growerscup.coffee" default_off="failed ruleset test">
+	<target host="www.growerscup.coffee" />
+	<target host="growerscup.coffee" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/growingio.xml b/src/chrome/content/rules/growingio.xml
new file mode 100644
index 000000000000..a316f85c21d2
--- /dev/null
+++ b/src/chrome/content/rules/growingio.xml
@@ -0,0 +1,13 @@
+<ruleset name="growingio">
+	<target host="growingio.com" />
+	<target host="www.growingio.com" />
+	<target host="api.growingio.com" />
+	<target host="assets.growingio.com" />
+	<target host="blog.growingio.com" />
+	<target host="help.growingio.com" />
+
+	<target host="dn-growing.qbox.me" />
+		<test url="http://dn-growing.qbox.me/vds.js" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/gruntjs.com.xml b/src/chrome/content/rules/gruntjs.com.xml
new file mode 100644
index 000000000000..ec0df85d9db0
--- /dev/null
+++ b/src/chrome/content/rules/gruntjs.com.xml
@@ -0,0 +1,19 @@
+<!--
+www.gruntjs.com ²
+cdn.gruntjs.com ⁶
+stage.gruntjs.com ²
+
+
+² refused
+⁶ redirect
+-->
+<ruleset name="gruntjs.com">
+	<target host="gruntjs.com" />
+
+	<target host="www.gruntjs.com" />
+
+	<rule from="^http://www\.gruntjs\.com/"
+		to="https://gruntjs.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/gsmmap.org.xml b/src/chrome/content/rules/gsmmap.org.xml
new file mode 100644
index 000000000000..6dd0485420f8
--- /dev/null
+++ b/src/chrome/content/rules/gsmmap.org.xml
@@ -0,0 +1,12 @@
+<!--
+	Mismatch on www.
+-->
+<ruleset name="GSM Security Map">
+
+	<target host="gsmmap.org" />
+	<target host="www.gsmmap.org" />
+
+	<rule from="^http://www\.gsmmap\.org/" to="https://gsmmap.org/"/>
+	<rule from="^http:" to="https:"/>
+
+</ruleset>
diff --git a/src/chrome/content/rules/gsspat.jp.xml b/src/chrome/content/rules/gsspat.jp.xml
new file mode 100644
index 000000000000..67c919fa3b15
--- /dev/null
+++ b/src/chrome/content/rules/gsspat.jp.xml
@@ -0,0 +1,8 @@
+<ruleset name="gsspat.jp">
+
+	<target host="rt.gsspat.jp" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/gtnet.ru.xml b/src/chrome/content/rules/gtnet.ru.xml
new file mode 100644
index 000000000000..19f128212f45
--- /dev/null
+++ b/src/chrome/content/rules/gtnet.ru.xml
@@ -0,0 +1,9 @@
+<!--
+gtnet.ru mismatch
+www.gtnet.ru mismatch
+-->
+<ruleset name="gtnet.ru (partial)">
+	<target host="lk.gtnet.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/gu.spb.ru.xml b/src/chrome/content/rules/gu.spb.ru.xml
new file mode 100644
index 000000000000..eb86c4546845
--- /dev/null
+++ b/src/chrome/content/rules/gu.spb.ru.xml
@@ -0,0 +1,6 @@
+<ruleset name="gu.spb.ru">
+    <target host="gu.spb.ru" />
+    <target host="www.gu.spb.ru" />
+    <rule from="^http:" to="https:" />
+    <securecookie host="^gu\.spb\.ru$" name=".+" />
+</ruleset>
diff --git a/src/chrome/content/rules/guardianapps.co.uk.xml b/src/chrome/content/rules/guardianapps.co.uk.xml
new file mode 100644
index 000000000000..5294bf9d3e66
--- /dev/null
+++ b/src/chrome/content/rules/guardianapps.co.uk.xml
@@ -0,0 +1,18 @@
+<!--
+	For other Guardian coverage, see The_Guardian.com.xml.
+
+-->
+<ruleset name="Guardian apps.co.uk">
+
+	<target host="api.nextgen.guardianapps.co.uk" />
+
+		<test url="http://api.nextgen.guardianapps.co.uk/crosswords/cryptic/26925.svg" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/guardtime.com.xml b/src/chrome/content/rules/guardtime.com.xml
new file mode 100644
index 000000000000..729222892390
--- /dev/null
+++ b/src/chrome/content/rules/guardtime.com.xml
@@ -0,0 +1,24 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- guardtime.com
+
+-->
+<ruleset name="Guardtime.com">
+
+	<target host="guardtime.com" />
+	<target host="www.guardtime.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^guardtime\.com$" name="^site_lang$" /-->
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/guep.org.xml b/src/chrome/content/rules/guep.org.xml
new file mode 100644
index 000000000000..cd383cca9d15
--- /dev/null
+++ b/src/chrome/content/rules/guep.org.xml
@@ -0,0 +1,29 @@
+<!--
+	For other Georgetown University coverage, see Georgetown_University.xml.
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- guep.org
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="GUEP.org">
+
+	<target host="guep.org" />
+	<target host="www.guep.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^guep\.org$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/guildford.gov.uk.xml b/src/chrome/content/rules/guildford.gov.uk.xml
new file mode 100644
index 000000000000..b2b19059da87
--- /dev/null
+++ b/src/chrome/content/rules/guildford.gov.uk.xml
@@ -0,0 +1,135 @@
+<!--
+	Guildford Borough Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *guildford.gov.uk:
+
+		- petitions ᵗ
+
+	ᵗ Reset
+
+
+	Problematic hosts in *guildford.gov.uk:
+
+		- www2 ᶜ ˣ
+
+	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
+	ˣ Mixed css
+
+
+	Partially covered hosts in *guildford.gov.uk:
+
+		- bookings ʰ
+		- www ʰ
+
+	ʰ Some pages redirect to http
+
+
+	These altnames do not exist:
+
+		- guildford.gov.uk
+
+
+	Insecure cookies are set for these hosts:
+
+		- bookings.guildford.gov.uk
+		- getinvolved.guildford.gov.uk
+		- www.guildford.gov.uk
+		- www2.guildford.gov.uk
+
+
+	Mixed content:
+
+		- css on www2 from $self *
+		- Images on www2 from $self *
+
+	See https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Guildford.gov.uk (partial)">
+
+	<target host="bookings.guildford.gov.uk" />
+	<target host="cdn.guildford.gov.uk" />
+	<target host="getinvolved.guildford.gov.uk" />
+	<target host="payments.guildford.gov.uk" />
+	<target host="www.guildford.gov.uk" />
+	<!--target host="www2.guildford.gov.uk" /-->
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://bookings\.guildford\.gov\.uk/(?:$|Security/login\?|fish/$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://bookings\.guildford\.gov\.uk/(?!/*(?:assets/|favicon\.ico|mysite/(?!.+\.js)|themes/))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://bookings.guildford.gov.uk/Security/login?BackURL=http://bookings.guildford.gov.uk/myaccount" />
+			<test url="http://bookings.guildford.gov.uk/Security/lostpassword" />
+			<test url="http://bookings.guildford.gov.uk/fish/" />
+			<test url="http://bookings.guildford.gov.uk/fish/fish-extra-activities" />
+			<test url="http://bookings.guildford.gov.uk/fish/fish-offsite-activities/" />
+			<test url="http://bookings.guildford.gov.uk/fish/fish-offsite-activities/thorpe-park-4-august/" />
+			<test url="http://bookings.guildford.gov.uk/fish/fish-standard-week/" />
+
+			<!--	-ve:
+					-->
+			<test url="http://bookings.guildford.gov.uk/assets/Uploads/Header/bodybg.png" />
+			<test url="http://bookings.guildford.gov.uk/favicon.ico" />
+			<test url="http://bookings.guildford.gov.uk/mysite/javascript/jcarousel/jquery.jcarousel.css" />
+			<test url="http://bookings.guildford.gov.uk/themes/default/css/layout.css" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.guildford\.gov\.uk/(?:article/14239/loginmoreoptions|contact|events|home|websitesurvey)$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.guildford\.gov\.uk/(?!/*(?:favicon\.ico|login(?:$|[?/])|media/)|.+/(?:cs|image)s/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.guildford.gov.uk/article/14239/loginmoreoptions" />
+			<test url="http://www.guildford.gov.uk/bconline" />
+			<test url="http://www.guildford.gov.uk/benefits" />
+			<test url="http://www.guildford.gov.uk/contact" />
+			<test url="http://www.guildford.gov.uk/events" />
+			<test url="http://www.guildford.gov.uk/home" />
+			<test url="http://www.guildford.gov.uk/loanboxes" />
+			<test url="http://www.guildford.gov.uk/locallandcharges" />
+			<test url="http://www.guildford.gov.uk/meetings" />
+			<test url="http://www.guildford.gov.uk/websitesurvey" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.guildford.gov.uk/favicon.ico" />
+			<test url="http://www.guildford.gov.uk/guildford/css/modern.min.css" />
+			<test url="http://www.guildford.gov.uk/guildford/images/cookiepolicy.gif" />
+			<test url="http://www.guildford.gov.uk/login" />
+			<test url="http://www.guildford.gov.uk/media/20730/large-812791-act-one-adventures-logo/thumbnail/large-812791-act-one-adventures-logo.jpg" />
+
+		<test url="http://cdn.guildford.gov.uk/assets/gbc-logo.png" />
+
+		<!--	Mixed css:
+					-->
+		<!--test url="http://www2.guildford.gov.uk/publicaccess-isecurityweb/login" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^bookings\.guildford\.gov\.uk$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^getinvolved\.guildford\.gov\.uk$" name="^ECONSLOGON$" /-->
+	<!--securecookie host="^www\.guildford\.gov\.uk$" name="^(?:ASP\.NET_SessionId|clientvars)$" /-->
+	<!--securecookie host="^www2\.guildford\.gov\.uk$" name="^JSESSIONID$" /-->
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^(?!bookings\.|www\.)\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/gulli.com.xml b/src/chrome/content/rules/gulli.com.xml
new file mode 100644
index 000000000000..dcb79e183d8c
--- /dev/null
+++ b/src/chrome/content/rules/gulli.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="gulli.com (partial)">
+	<target host="gulli.com" />
+	<target host="www.gulli.com" />
+ 	<target host="board.gulli.com" />
+	
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/gunsamerica.com.xml b/src/chrome/content/rules/gunsamerica.com.xml
new file mode 100644
index 000000000000..f6bdadda40ab
--- /dev/null
+++ b/src/chrome/content/rules/gunsamerica.com.xml
@@ -0,0 +1,29 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- gunsamerica.com
+		- www.gunsamerica.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="GunsAmerica.com">
+
+	<target host="gunsamerica.com" />
+	<target host="piwik.gunsamerica.com" />
+	<target host="www.gunsamerica.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^gunsamerica\.com$" name="^LSW_WEB$" /-->
+	<!--securecookie host="^www\.gunsamerica\.com$" name="^(?:CurrentAdvertiser|CurrentAffiliate|CurrentUser|IP|LSW_WEB|LastSession|SearchReg|Trace|listingID|zipSelect)$" /-->
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/guoshipartners.com.xml b/src/chrome/content/rules/guoshipartners.com.xml
new file mode 100644
index 000000000000..89bc8ee140c6
--- /dev/null
+++ b/src/chrome/content/rules/guoshipartners.com.xml
@@ -0,0 +1,13 @@
+<!--
+Mismatch:
+	www
+	ad-specs4cdn
+-->
+
+<ruleset name="guoshipartners.com (partial)">
+
+	<target host="ad-specs.guoshipartners.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/guru.de.xml b/src/chrome/content/rules/guru.de.xml
index 05d56c1342ce..3fad6f0973fa 100644
--- a/src/chrome/content/rules/guru.de.xml
+++ b/src/chrome/content/rules/guru.de.xml
@@ -4,5 +4,5 @@
 
   <securecookie host="^(?:www\.)?guru\.de$" name=".+" />
 
-  <rule from="^http://(?:www\.)?guru\.de/" to="https://guru.de/" />
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/gvt1.com.xml b/src/chrome/content/rules/gvt1.com.xml
new file mode 100644
index 000000000000..31a174f94ec9
--- /dev/null
+++ b/src/chrome/content/rules/gvt1.com.xml
@@ -0,0 +1,5 @@
+<ruleset name="gvt1.com (partial)">
+	<target host="redirector.gvt1.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/gwdang.xml b/src/chrome/content/rules/gwdang.xml
new file mode 100644
index 000000000000..9535244a2612
--- /dev/null
+++ b/src/chrome/content/rules/gwdang.xml
@@ -0,0 +1,19 @@
+<!--
+	Broken
+	- ad.gwdang.com
+	- alpha.gwdang.com
+	- app.gwdang.com
+	- img.gwdang.com
+	- m.gwdang.com
+	- u.gwdang.com
+-->
+
+<ruleset name="gwdang">
+
+	<target host="gwdang.com" />
+	<target host="s1.gwdang.com" />
+	<target host="www.gwdang.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/gymaesthetics.de.xml b/src/chrome/content/rules/gymaesthetics.de.xml
new file mode 100644
index 000000000000..99ea9eb84deb
--- /dev/null
+++ b/src/chrome/content/rules/gymaesthetics.de.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these domains: ᶜ
+
+		- .gymaesthetics.de
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Gym Aesthetics.de">
+
+	<target host="gymaesthetics.de" />
+	<target host="www.gymaesthetics.de" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.gymaesthetics\.de$" name="^plentyID$" /-->
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/gzt-sv.ru.xml b/src/chrome/content/rules/gzt-sv.ru.xml
new file mode 100644
index 000000000000..f46b2b091a48
--- /dev/null
+++ b/src/chrome/content/rules/gzt-sv.ru.xml
@@ -0,0 +1,5 @@
+<ruleset name="gzt-sv.ru" platform="mixedcontent">
+	<target host="gzt-sv.ru" />
+	<target host="www.gzt-sv.ru" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/habr.ru.xml b/src/chrome/content/rules/habr.ru.xml
new file mode 100644
index 000000000000..bbcf8e7037a0
--- /dev/null
+++ b/src/chrome/content/rules/habr.ru.xml
@@ -0,0 +1,12 @@
+<!--
+m.habr.ru ¹
+
+
+¹ mismatch
+-->
+<ruleset name="habr.ru">
+	<target host="habr.ru" />
+	<target host="www.habr.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/hackaday.com.xml b/src/chrome/content/rules/hackaday.com.xml
new file mode 100644
index 000000000000..7d3374871186
--- /dev/null
+++ b/src/chrome/content/rules/hackaday.com.xml
@@ -0,0 +1,22 @@
+<!--
+	Mixed content:
+
+		- css on store from analytics.supplyframe.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Hackaday.com">
+
+	<target host="hackaday.com" />
+	<target host="store.hackaday.com" />
+	<target host="www.hackaday.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/hackerspace.gr.xml b/src/chrome/content/rules/hackerspace.gr.xml
new file mode 100644
index 000000000000..cecd2a6eb912
--- /dev/null
+++ b/src/chrome/content/rules/hackerspace.gr.xml
@@ -0,0 +1,11 @@
+<ruleset name="hackerspace.gr">
+	<target host="hackerspace.gr" />
+	<target host="www.hackerspace.gr" />
+	<target host="media.hackerspace.gr" />
+	<target host="lists.hackerspace.gr" />
+	<target host="pad.hackerspace.gr" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/hackint.org.xml b/src/chrome/content/rules/hackint.org.xml
new file mode 100644
index 000000000000..ad4390452c47
--- /dev/null
+++ b/src/chrome/content/rules/hackint.org.xml
@@ -0,0 +1,19 @@
+<!--
+	STS header includes includeSubdomains
+
+-->
+<ruleset name="hackint.org">
+
+	<target host="hackint.org" />
+	<target host="*.hackint.org" />
+
+		<test url="http://www.hackint.org/" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/hacktivity.com.xml b/src/chrome/content/rules/hacktivity.com.xml
new file mode 100644
index 000000000000..4927a34c043f
--- /dev/null
+++ b/src/chrome/content/rules/hacktivity.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- hacktivity.com
+		- www.hacktivity.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Hacktivity.com">
+
+	<target host="hacktivity.com" />
+	<target host="www.hacktivity.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?hacktivity\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/haixia-info.com.xml b/src/chrome/content/rules/haixia-info.com.xml
new file mode 100644
index 000000000000..89c09ecb5325
--- /dev/null
+++ b/src/chrome/content/rules/haixia-info.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="haixia-info.com">
+
+	<target host="haixia-info.com" />
+	<target host="www.haixia-info.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/halton.gov.uk-falsemixed.xml b/src/chrome/content/rules/halton.gov.uk-falsemixed.xml
new file mode 100644
index 000000000000..dd7465daf2fa
--- /dev/null
+++ b/src/chrome/content/rules/halton.gov.uk-falsemixed.xml
@@ -0,0 +1,20 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://kohalibrary.halton.gov.uk/ => https://kohalibrary.halton.gov.uk/: (7, 'Failed to connect to kohalibrary.halton.gov.uk port 443: Connection refused')
+
+	For rules not causing false/broken MCB, see halton.gov.uk.xml.
+
+-->
+<ruleset name="Halton.gov.uk (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
+
+	<target host="kohalibrary.halton.gov.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/halton.gov.uk.xml b/src/chrome/content/rules/halton.gov.uk.xml
new file mode 100644
index 000000000000..0d3fe98837db
--- /dev/null
+++ b/src/chrome/content/rules/halton.gov.uk.xml
@@ -0,0 +1,174 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://maps.halton.gov.uk/ => https://maps.halton.gov.uk/: (7, 'Failed to connect to maps.halton.gov.uk port 443: Connection refused')
+Fetch error: http://www2.halton.gov.uk/ => https://www2.halton.gov.uk/: (6, 'Could not resolve host: www2.halton.gov.uk')
+
+	For rules causing false/broken MCB, see halton.gov.uk-falsemixed.xml.
+
+
+	Nonfunctional hosts in *halton.gov.uk:
+
+		- inspire ᵈ
+		- www3 ᵈ
+		- www4 ᵈ
+
+	ᵈ Dropped
+
+
+	Problematic hosts in *halton.gov.uk:
+
+		- (www.)? ᶜ
+		- kohalibrary ˣ
+
+	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
+	ˣ Mixed css
+
+
+	Partially covered hosts in *halton.gov.uk:
+
+		- careandsupportforyou ʰ
+		- councillors ʰ
+		- moderngov ʰ
+
+	ʰ Some pages redirect to http
+
+
+	Insecure cookies are set for these hosts:
+
+		- halton.gov.uk
+		- careandsupportforyou.halton.gov.uk
+		- horizon.halton.gov.uk
+		- maps.halton.gov.uk
+		- webapp.halton.gov.uk
+		- www.halton.gov.uk
+		- www2.halton.gov.uk
+
+
+	Mixed content:
+
+		- iframe on careandsupportforyou from www.youtube.com
+		- css, on:
+
+			- councillors, moderngov from www.halton.gov.uk
+			- kohalibrary from $self
+
+		- Images, on:
+
+			- councillors, moderngov, maps, webapp from www.halton.gov.uk
+			- kohalibrary from $self
+			- kohalibrary from newhalton.wordpress.ptfs-europe.co.uk
+			- maps from www3.halton.gov.uk * ᵈ
+
+		- Bug on careandsupportforyou from www.facebook.com
+
+	* 404 over http
+	ᵈ Unsecurable <= dropped
+
+-->
+<ruleset name="Halton.gov.uk (partial)" default_off="failed ruleset test">
+
+	<!--target host="halton.gov.uk" /-->
+	<target host="careandsupportforyou.halton.gov.uk" />
+	<target host="councillors.halton.gov.uk" />
+	<target host="cyp.halton.gov.uk" />
+	<target host="horizon.halton.gov.uk" />
+	<!--target host="kohalibrary.halton.gov.uk" /-->
+	<target host="maps.halton.gov.uk" />
+	<target host="moderngov.halton.gov.uk" />
+	<target host="webapp.halton.gov.uk" />
+	<!--target host="www.halton.gov.uk" /-->
+	<target host="www2.halton.gov.uk" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://careandsupportforyou\.halton\.gov\.uk/(?:communication/sitefeedback\.aspx|help/helprequest\.aspx|templates/Full-width-flexible-cols\.aspx\?pageid=15205)" /-->
+		<!--
+			Blank page:
+					-->
+		<!--exclusion pattern="^http://careandsupportforyou\.halton\.gov\.uk/WorkArea/FrameworkUI/css/ektron\.stylesheet\.ashx" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://careandsupportforyou\.halton\.gov\.uk/+(?![^/]+\.css|Account/(?:Login|PasswordRecovery)\.aspx|App_Themes/|[Cc]ontent/|common/images/|secure(?:$|[?/])|uploadedFiles/|uploaded[Ii]mages/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://careandsupportforyou.halton.gov.uk/Search/SearchResultsFeatured.aspx?tagcat=48" />
+			<test url="http://careandsupportforyou.halton.gov.uk/Search/SearchResultsFeatured.aspx?tagcat=53" />
+			<test url="http://careandsupportforyou.halton.gov.uk/Search/SearchResultsFeatured.aspx?tagcat=57" />
+			<test url="http://careandsupportforyou.halton.gov.uk/Search/SearchResultsFeatured.aspx?tagcat=58" />
+			<test url="http://careandsupportforyou.halton.gov.uk/WorkArea/FrameworkUI/css/ektron.stylesheet.ashx" />
+			<test url="http://careandsupportforyou.halton.gov.uk/communication/sitefeedback.aspx" />
+			<test url="http://careandsupportforyou.halton.gov.uk/equipment-adaptations/" />
+			<test url="http://careandsupportforyou.halton.gov.uk/guides/guides.aspx" />
+			<test url="http://careandsupportforyou.halton.gov.uk/help/helprequest.aspx" />
+			<test url="http://careandsupportforyou.halton.gov.uk/home.aspx" />
+			<test url="http://careandsupportforyou.halton.gov.uk/practical-help/" />
+			<test url="http://careandsupportforyou.halton.gov.uk/search/mypad.aspx" />
+			<test url="http://careandsupportforyou.halton.gov.uk/templates/Full-width-flexible-cols.aspx?pageid=15205" />
+
+			<!--	-ve:
+					-->
+			<test url="http://careandsupportforyou.halton.gov.uk/Account/Login.aspx" />
+			<test url="http://careandsupportforyou.halton.gov.uk/Account/PasswordRecovery.aspx" />
+			<test url="http://careandsupportforyou.halton.gov.uk/App_Themes/Halton_print.css" />
+			<test url="http://careandsupportforyou.halton.gov.uk/Content/print.css" />
+			<test url="http://careandsupportforyou.halton.gov.uk/common/images/bg-menu-inv.png" />
+			<test url="http://careandsupportforyou.halton.gov.uk/content/distribution_alt.aspx?id=3609" /><!--	mixed content	-->
+			<test url="http://careandsupportforyou.halton.gov.uk/opensans.css" />
+			<test url="http://careandsupportforyou.halton.gov.uk/secure/account/profile.aspx" />
+			<test url="http://careandsupportforyou.halton.gov.uk/uploadedImages/Halton/Halton_Homepage/Image_Library/logo_footer.gif" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://(?:councillors|moderngov)\.halton\.gov\.uk/uuCoverPage\.aspx\?bcr=1" /-->
+		<!--
+			Mixed css:
+					-->
+		<!--exclusion pattern="^http://(?:councillors|moderngov)\.halton\.gov\.uk/ielogon\.aspx" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://(?:councillors|moderngov)\.halton\.gov\.uk/+(?![Ss]ite[Ss]pecific/|jquery-ui/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://councillors.halton.gov.uk/ielogon.aspx" /><!--	Mixed css -->
+			<test url="http://councillors.halton.gov.uk/uuCoverPage.aspx?bcr=1" />
+			<test url="http://moderngov.halton.gov.uk/ielogon.aspx" /><!--		Mixed css -->
+			<test url="http://moderngov.halton.gov.uk/uuCoverPage.aspx?bcr=1" />
+
+			<!--	-ve:
+					-->
+			<test url="http://councillors.halton.gov.uk/SiteSpecific/ssWordStyles.css" />
+			<test url="http://councillors.halton.gov.uk/jquery-ui/css/Smoothness/jquery-ui-1.10.2.custom.min.css" />
+			<test url="http://moderngov.halton.gov.uk/SiteSpecific/ssWordStyles.css" />
+			<test url="http://moderngov.halton.gov.uk/jquery-ui/css/Smoothness/jquery-ui-1.10.2.custom.min.css" />
+
+		<!--	Mixed images:
+					-->
+		<!--test url="http://webapp.halton.gov.uk/HaltonHopper/" /-->
+
+		<!--	Sets cookies without Secure:
+							-->
+		<!--test url="http://webapp.halton.gov.uk/PaymentPortal" /-->
+
+		<test url="http://cyp.halton.gov.uk/ENROL/Website_Live/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www2?\.)?halton\.gov\.uk$" name="^ASPSESSIONID[A-Z]{8}$" /-->
+	<!--securecookie host="^careandsupportforyou\.halton\.gov\.uk$" name="^(?:\.ASPXANONYMOUS|ASP\.NET_SessionId|AktAnalytics|AktGUID|OlmSDSPortalSqlAuthCookie|ecm|ecmSecure)$" /-->
+	<!--securecookie host="^horizon\.halton\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^maps\.halton\.gov\.uk$" name="^(?:astun:currentLocation|atLocation|atMyCouncil)$" /-->
+	<!--securecookie host="^webapp\.halton\.gov\.uk$" name="^(?:ASP\.NET_SessionId|AspxAutoDetectCookieSupport)$" /-->
+
+	<securecookie host="^(?!(?:careandsupportforyou|councillors|moderngov)\.)\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/hamnetdb.net.xml b/src/chrome/content/rules/hamnetdb.net.xml
new file mode 100644
index 000000000000..eab7a65d1bb0
--- /dev/null
+++ b/src/chrome/content/rules/hamnetdb.net.xml
@@ -0,0 +1,12 @@
+<!--
+	This domain contains a wildcard DNS record.
+-->
+<ruleset name="hamnetdb.net">
+
+	<target host="hamnetdb.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/handelsbanken.se.xml b/src/chrome/content/rules/handelsbanken.se.xml
new file mode 100644
index 000000000000..fe23920bd4c1
--- /dev/null
+++ b/src/chrome/content/rules/handelsbanken.se.xml
@@ -0,0 +1,57 @@
+<!--
+    Mismatched:
+        - affarsnyttigt.handelsbanken.se
+        - event.handelsbanken.se
+        - aw.handelsbanken.se
+        - www.forskningsstiftelserna.handelsbanken.se
+        - hcm.handelsbanken.se
+        - link01.handelsbanken.se
+        - mob.handelsbanken.se
+        - newsletter.handelsbanken.se
+        - tv.handelsbanken.se
+        - w3c.handelsbanken.se
+
+    Incomplete certificate chain:
+        - extranet.handelsbanken.se
+        - ow.handelsbanken.se
+        - ssl.handelsbanken.se
+
+    Connection reset:
+        - m.handelsbanken.se
+
+    SSL handshake failure:
+        - mol-stp.handelsbanken.se
+
+    Expired:
+        - rem4ft.handelsbanken.se
+
+    Self-signed:
+		- rema5.handelsbanken.se
+
+	Distrusted CA (Symantec):
+		- da.handelsbanken.se
+		- davpn.handelsbanken.se
+-->
+<ruleset name="handelsbanken.se">
+	<target host="handelsbanken.se" />
+	<target host="www.handelsbanken.se" />
+	<target host="awe.handelsbanken.se" />
+	<target host="awe-pt.handelsbanken.se" />
+	<target host="borsrum.handelsbanken.se" />
+	<target host="d01.handelsbanken.se" />
+	<target host="da-pt.handelsbanken.se" />
+	<target host="dalux.handelsbanken.se" />
+	<target host="daus.handelsbanken.se" />
+	<target host="embed.handelsbanken.se" />
+	<target host="fmc.handelsbanken.se" />
+	<target host="fmc-pt.handelsbanken.se" />
+	<target host="lag.handelsbanken.se" />
+	<target host="m2.handelsbanken.se" />
+	<target host="mino.handelsbanken.se" />
+	<target host="research.handelsbanken.se" />
+	<target host="saljfinans.handelsbanken.se" />
+	<target host="test.saljfinans.handelsbanken.se" />
+	<target host="secure.handelsbanken.se" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/hangerproject.com.xml b/src/chrome/content/rules/hangerproject.com.xml
new file mode 100644
index 000000000000..20b98a2b8745
--- /dev/null
+++ b/src/chrome/content/rules/hangerproject.com.xml
@@ -0,0 +1,27 @@
+<!--
+	Insecure cookies are set for these domains: ᶜ
+
+		- .www.hangerproject.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="HangerProject.com">
+
+	<target host="hangerproject.com" />
+	<target host="www.hangerproject.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="\.www\.hangerproject\.com$" name="^frontend$" /-->
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\.www\." name=".+" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/hannahcranston.xml b/src/chrome/content/rules/hannahcranston.xml
new file mode 100644
index 000000000000..a79e11d5a7b2
--- /dev/null
+++ b/src/chrome/content/rules/hannahcranston.xml
@@ -0,0 +1,8 @@
+<ruleset name="HannahCranston.com">
+  <target host="hannahcranston.com" />
+  <target host="www.hannahcranston.com" />
+
+  <rule from="^http:" to="https:" />
+
+  <securecookie host="^hannahcranston\.com$" name=".+" />
+</ruleset>
diff --git a/src/chrome/content/rules/hannahmageerd.com.xml b/src/chrome/content/rules/hannahmageerd.com.xml
new file mode 100644
index 000000000000..6944e921220d
--- /dev/null
+++ b/src/chrome/content/rules/hannahmageerd.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="hannahmageerd.com">
+	<target host="hannahmageerd.com" />
+	<target host="www.hannahmageerd.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/hantse.com.xml b/src/chrome/content/rules/hantse.com.xml
new file mode 100644
index 000000000000..9df0fbc7b51e
--- /dev/null
+++ b/src/chrome/content/rules/hantse.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="hantse.com">
+	<target host="hantse.com" />
+	<target host="www.hantse.com" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/happybearsoftware.com.xml b/src/chrome/content/rules/happybearsoftware.com.xml
new file mode 100644
index 000000000000..557e0f18fc4d
--- /dev/null
+++ b/src/chrome/content/rules/happybearsoftware.com.xml
@@ -0,0 +1,14 @@
+<ruleset name="Happy Bear Software.com">
+
+	<target host="happybearsoftware.com" />
+	<target host="www.happybearsoftware.com" />
+
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/hardbase.fm.xml b/src/chrome/content/rules/hardbase.fm.xml
new file mode 100644
index 000000000000..4be21d7357be
--- /dev/null
+++ b/src/chrome/content/rules/hardbase.fm.xml
@@ -0,0 +1,14 @@
+<!--
+	Invalid certificate:
+		listen.hardbase.fm
+
+-->
+<ruleset name="HardBase.FM">
+
+	<target host="hardbase.fm" />
+	<target host="www.hardbase.fm" />
+	<target host="admin.hardbase.fm" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/hardware.fr.xml b/src/chrome/content/rules/hardware.fr.xml
new file mode 100644
index 000000000000..1dabcafeab6e
--- /dev/null
+++ b/src/chrome/content/rules/hardware.fr.xml
@@ -0,0 +1,28 @@
+<!--
+	Invalid certificate:
+		hardware.fr
+		achatpc.hardware.fr
+		go.hardware.fr
+		preprod.hardware.fr
+		prix.hardware.fr
+
+-->
+<ruleset name="hardware.fr">
+
+	<target host="hardware.fr" />
+	<target host="www.hardware.fr" />
+	<target host="forum.hardware.fr" />
+	<target host="forum-images.hardware.fr" />
+	<target host="media.hardware.fr" />
+		<test url="http://media.hardware.fr/bo/file/fiches/odr/nvidia/rocket-league_leaflet.pdf" />
+	<target host="secure.hardware.fr" />
+	<target host="shop.hardware.fr" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://hardware\.fr/"
+		to="https://www.hardware.fr/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/hashcrack.org.xml b/src/chrome/content/rules/hashcrack.org.xml
new file mode 100644
index 000000000000..4c64ab55376d
--- /dev/null
+++ b/src/chrome/content/rules/hashcrack.org.xml
@@ -0,0 +1,6 @@
+<ruleset name="hashcrack.org">
+	<target host="hashcrack.org" />
+	<target host="www.hashcrack.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/havant.gov.uk.xml b/src/chrome/content/rules/havant.gov.uk.xml
new file mode 100644
index 000000000000..1a3a7a7a0e15
--- /dev/null
+++ b/src/chrome/content/rules/havant.gov.uk.xml
@@ -0,0 +1,68 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://havant.gov.uk/ (200) => https://havant.gov.uk/ (401)
+Fetch error: http://accounts.havant.gov.uk/ => https://accounts.havant.gov.uk/: (6, 'Could not resolve host: accounts.havant.gov.uk')
+Fetch error: http://selfserve.havant.gov.uk/ => https://selfserve.havant.gov.uk/: (6, 'Could not resolve host: selfserve.havant.gov.uk')
+Fetch error: http://www3.havant.gov.uk/ => https://www3.havant.gov.uk/: (28, 'Connection timed out after 20001 milliseconds')
+
+	Havant Borough Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *havant.gov.uk:
+
+		- www5 ᵈ
+
+	ᵈ Dropped
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- havant.gov.uk
+		- .havant.gov.uk
+		- accounts.havant.gov.uk
+		- revenuesbenefits.havant.gov.uk
+		- www.havant.gov.uk
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- (www.)?, www3 from www.havant.gov.uk ˢ
+			- www3 from $self ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="Havant.gov.uk (partial)" default_off="failed ruleset test">
+
+	<target host="havant.gov.uk" />
+	<target host="accounts.havant.gov.uk" />
+	<target host="licensing.havant.gov.uk" />
+	<target host="planningpublicaccess.havant.gov.uk" />
+	<target host="revenuesbenefits.havant.gov.uk" />
+	<target host="selfserve.havant.gov.uk" />
+	<target host="www.havant.gov.uk" />
+	<target host="www3.havant.gov.uk" />
+
+		<!--	Sets cookie without Secure:
+							-->
+		<!--test url="http://www.hants.gov.uk/ajax/services/min/?b=ajax/css/wcms&amp;f=core-wcms-replacement.css" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.havant\.gov\.uk$" name="^citrix_ns_id$" /-->
+	<!--securecookie host="^accounts\.havant\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^revenuesbenefits\.havant\.gov\.uk$" name="^\.ASPXAUTH$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/haxx.se.xml b/src/chrome/content/rules/haxx.se.xml
new file mode 100644
index 000000000000..3eeeadb96fe3
--- /dev/null
+++ b/src/chrome/content/rules/haxx.se.xml
@@ -0,0 +1,30 @@
+<!--
+	Invalid certificate:
+		rbdownload.haxx.se
+		rockbox.haxx.se
+		rockbuild.haxx.se
+		spindly.haxx.se
+
+-->
+<ruleset name="Haxx.se">
+
+	<target host="haxx.se" />
+	<target host="www.haxx.se" />
+	<target host="anja.haxx.se" />
+	<target host="bjorn.haxx.se" />
+	<target host="bookcurl.haxx.se" />
+	<target host="c-ares.haxx.se" />
+	<target host="cool.haxx.se" />
+	<target host="curl.haxx.se" />
+	<target host="daniel.haxx.se" />
+	<target host="ec.haxx.se" />
+	<target host="kjell.haxx.se" />
+	<target host="linus.haxx.se" />
+	<target host="svn.haxx.se" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/hayloft-plants.co.uk.xml b/src/chrome/content/rules/hayloft-plants.co.uk.xml
new file mode 100644
index 000000000000..79e59de67909
--- /dev/null
+++ b/src/chrome/content/rules/hayloft-plants.co.uk.xml
@@ -0,0 +1,35 @@
+<!--
+	Problematic hosts in *hayloft-plants.co.uk:
+
+		- support ᵐ
+
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- hayloft-plants.co.uk
+		- www.hayloft-plants.co.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Hayloft-Plants.co.uk (partial)">
+
+	<target host="hayloft-plants.co.uk" />
+	<target host="www.hayloft-plants.co.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?hayloft-plants\.co\.uk$" name="^(?:[\dA-F]{32}|ASP\.NET_SessionId)$" /-->
+
+	<securecookie host=".+" name="^optimizely" />
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/hazro.com.xml b/src/chrome/content/rules/hazro.com.xml
new file mode 100644
index 000000000000..97ed311aa68f
--- /dev/null
+++ b/src/chrome/content/rules/hazro.com.xml
@@ -0,0 +1,13 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://hazro.com/ => https://hazro.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.hazro.com/ => https://www.hazro.com/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="Hazro.com" default_off="failed ruleset test">
+  <target host="hazro.com" />
+  <target host="www.hazro.com" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/hbo.com-falsemixed.xml b/src/chrome/content/rules/hbo.com-falsemixed.xml
new file mode 100644
index 000000000000..58bf22942bad
--- /dev/null
+++ b/src/chrome/content/rules/hbo.com-falsemixed.xml
@@ -0,0 +1,33 @@
+<!--
+	For rules not causing false/broken MCB, see HBO.xml.
+
+-->
+<ruleset name="HBO.com (false MCB)" platform="mixedcontent">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="hbo.com" />
+	<target host="www.hbo.com" />
+
+	<!--	Complications:
+				-->
+	<target host="i.lv3.hbo.com" />
+	<target host="render.lv3.hbo.com" />
+	<target host="cdn.www.hbo.com" />
+
+		<test url="http://www.hbo.com/game-of-thrones" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://(?:i|render)\.lv3\.hbo\.com/"
+		to="https://www.hbo.com/" />
+
+	<rule from="^http://cdn\.www\.hbo\.com/"
+		to="https://www.hbo.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/hbokids.com.xml b/src/chrome/content/rules/hbokids.com.xml
new file mode 100644
index 000000000000..f1709d374ee6
--- /dev/null
+++ b/src/chrome/content/rules/hbokids.com.xml
@@ -0,0 +1,29 @@
+<!--
+	For other Home Box Office coverage, see HBO.xml.
+
+
+	^hbokids.com: Dropped
+
+-->
+<ruleset name="HBO Kids.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.hbokids.com" />
+
+	<!--	Complications:
+				-->
+	<target host="hbokids.com" />
+
+
+	<securecookie host="^\." name="^_gat?$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://hbokids\.com/"
+		to="https://www.hbokids.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/hbonow.com.xml b/src/chrome/content/rules/hbonow.com.xml
new file mode 100644
index 000000000000..78627cae27d5
--- /dev/null
+++ b/src/chrome/content/rules/hbonow.com.xml
@@ -0,0 +1,40 @@
+<!--
+	For other Home Box Office coverage, see HBO.xml.
+
+
+	^hbonow.com: Refused
+
+
+	Insecure cookies are set for these hosts:
+
+		- help.hbonow.com
+
+-->
+<ruleset name="HBO Now.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="help.hbonow.com" />
+	<target host="order.hbonow.com" />
+	<target host="www.hbonow.com" />
+
+	<!--	Complications:
+				-->
+	<target host="hbonow.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^help\.hbonow\.com$" name="^cp_session$" /-->
+
+	<securecookie host="^\." name="^_gat?$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://hbonow\.com/"
+		to="https://www.hbonow.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/hbooker.com.xml b/src/chrome/content/rules/hbooker.com.xml
new file mode 100644
index 000000000000..c9d75560638a
--- /dev/null
+++ b/src/chrome/content/rules/hbooker.com.xml
@@ -0,0 +1,23 @@
+<!--
+	MCB:
+		www.hbooker.com	( No function issue. )
+		app.hbooker.com
+
+	Mismatch:
+		^hbooker.com
+		author.hbooker.com
+		wap.hbooker.com
+-->
+
+<ruleset name="hbooker.com">
+	<target host="hbooker.com" />
+	<target host="www.hbooker.com" />
+	<rule from="^http://(www\.)?hbooker\.com/" to="https://www.hbooker.com/" />
+
+	<target host="app.hbooker.com" />
+	<exclusion pattern="^http://app\.hbooker\.com/$" />
+	<rule from="^http://app\.hbooker\.com/resources/" to="https://app.hbooker.com/resources/" />
+		<test url="http://app.hbooker.com/resources/image/download/logo.png" />
+		<test url="http://app.hbooker.com/resources/scripts/index_new.css" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/hboshopeu.com.xml b/src/chrome/content/rules/hboshopeu.com.xml
new file mode 100644
index 000000000000..9d8911bd68db
--- /dev/null
+++ b/src/chrome/content/rules/hboshopeu.com.xml
@@ -0,0 +1,28 @@
+<!--
+	For other Home Box Office coverage, see HBO.xml.
+
+
+	^hboshopeu.com: Mismatched
+
+-->
+<ruleset name="HBO Shop EU.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.hboshopeu.com" />
+
+	<!--	Complications:
+				-->
+	<target host="hboshopeu.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://hboshopeu\.com/"
+		to="https://www.hboshopeu.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/hcstx.org.xml b/src/chrome/content/rules/hcstx.org.xml
new file mode 100644
index 000000000000..084e03e25e15
--- /dev/null
+++ b/src/chrome/content/rules/hcstx.org.xml
@@ -0,0 +1,26 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://hcstx.org/ => https://hcstx.org/: (7, 'Failed to connect to hcstx.org port 443: Connection refused')
+Fetch error: http://www.hcstx.org/ => https://www.hcstx.org/: (7, 'Failed to connect to www.hcstx.org port 443: Connection refused')
+
+	Mixed content:
+
+		- Images from i\d+.photobucket.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="HCStx.org" default_off="failed ruleset test">
+
+	<target host="hcstx.org" />
+	<target host="www.hcstx.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/hddguru.com.xml b/src/chrome/content/rules/hddguru.com.xml
new file mode 100644
index 000000000000..dd68dea7deaa
--- /dev/null
+++ b/src/chrome/content/rules/hddguru.com.xml
@@ -0,0 +1,13 @@
+<!--
+	Invalid certificate:
+		www.files.hddguru.com
+		www.forum.hddguru.com
+-->
+<ruleset name="hddguru.com">
+	<target host="hddguru.com" />
+	<target host="www.hddguru.com" />
+	<target host="files.hddguru.com" />
+	<target host="forum.hddguru.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/hdmi.org.xml b/src/chrome/content/rules/hdmi.org.xml
new file mode 100644
index 000000000000..2fa06ee269b8
--- /dev/null
+++ b/src/chrome/content/rules/hdmi.org.xml
@@ -0,0 +1,19 @@
+<!--
+	Invalid certificate:
+		cn.hdmi.org
+		net.hdmi.org
+
+	Not found:
+		founders.hdmi.org
+-->
+<ruleset name="HDMI.org">
+
+	<target host="hdmi.org" />
+	<target host="www.hdmi.org" />
+	<target host="blog.hdmi.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/hdslb.com.xml b/src/chrome/content/rules/hdslb.com.xml
new file mode 100644
index 000000000000..eaa55881d109
--- /dev/null
+++ b/src/chrome/content/rules/hdslb.com.xml
@@ -0,0 +1,29 @@
+<!--
+	Invalid certificate:
+		aliyun-live-player.hdslb.com
+		tel.corp.hdslb.com
+		img.hdslb.com
+		xunlei-live-player.hdslb.com
+-->
+
+<ruleset name="hdslb.com">
+
+	<target host="activity.hdslb.com" />
+	<target host="bilibili.hdslb.com" />
+	<target host="corp.hdslb.com" />
+	<target host="dl.hdslb.com" />
+	<target host="drawyoo.hdslb.com" />
+	<target host="game.hdslb.com" />
+	<target host="i0.hdslb.com" />
+	<target host="i1.hdslb.com" />
+	<target host="i2.hdslb.com" />
+	<target host="i3.hdslb.com" />
+	<target host="i4.hdslb.com" />
+	<target host="s1.hdslb.com" />
+	<target host="s2.hdslb.com" />
+	<target host="s3.hdslb.com" />
+	<target host="static.hdslb.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/hdvest.com.xml b/src/chrome/content/rules/hdvest.com.xml
new file mode 100644
index 000000000000..5fb46fd3e5db
--- /dev/null
+++ b/src/chrome/content/rules/hdvest.com.xml
@@ -0,0 +1,27 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://why.hdvest.com/ => https://why.hdvest.com/: (51, "SSL: no alternative certificate subject name matches target host name 'why.hdvest.com'")
+Fetch error: http://bcp.hdvlink.com/ => https://bcp.hdvlink.com/: (60, 'SSL certificate problem: certificate has expired')
+
+	Problematic domains:
+		- my.hdvest.com			(incomplete cert chain)
+		- (my|www).myhdvest.com		(incomplete cert chain)
+-->
+<ruleset name="HD Vest" default_off="failed ruleset test">
+	<target host=    "hdvest.com" />
+	<target host="www.hdvest.com" />
+	<target host="why.hdvest.com" />
+	<target host=        "hdvlink.com" />
+	<target host=    "bcp.hdvlink.com" />
+	<target host="compass.hdvlink.com" />
+	<target host=  "login.hdvlink.com" />
+	<target host=     "vw.hdvlink.com" />
+	<target host=    "www.hdvlink.com" />
+
+	<securecookie host="www\.hdvest\.com$" name=".+" />
+	<securecookie host=".*\.hdvlink\.com$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/headline24.de.xml b/src/chrome/content/rules/headline24.de.xml
new file mode 100644
index 000000000000..7b083eb0b226
--- /dev/null
+++ b/src/chrome/content/rules/headline24.de.xml
@@ -0,0 +1,24 @@
+<ruleset name="Headline24 GmbH">
+
+	<!-- *Mannheim24.de -->
+	<target host="mannheim24.de"/>
+	<target host="www.mannheim24.de"/>
+	<target host="lust.mannheim24.de"/>
+	<target host="play.mannheim24.de"/>
+
+	<!-- *Heidelberg24.de -->
+	<target host="heidelberg24.de"/>
+	<target host="www.heidelberg24.de"/>
+	<target host="lust.heidelberg24.de"/>
+	<target host="play.heidelberg24.de"/>
+
+	<!-- *Ludwigshafen24.de -->
+	<target host="ludwigshafen24.de"/>
+	<target host="www.ludwigshafen24.de"/>
+	<target host="lust.ludwigshafen24.de"/>
+	<target host="play.ludwigshafen24.de"/>
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/healthnet.com.xml b/src/chrome/content/rules/healthnet.com.xml
new file mode 100644
index 000000000000..d59421d57add
--- /dev/null
+++ b/src/chrome/content/rules/healthnet.com.xml
@@ -0,0 +1,37 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://jobs.healthnet.com/ => https://jobs.healthnet.com/: (51, "SSL: no alternative certificate subject name matches target host name 'jobs.healthnet.com'")
+
+	newsroom.healthnet.com: 500 over http
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- hrlink.healthnet.com
+		- jobs.healthnet.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Health Net.com (partial)" default_off="failed ruleset test">
+
+	<target host="healthnet.com" />
+	<target host="hrlink.healthnet.com" />
+	<target host="jobs.healthnet.com" />
+	<target host="securemail.healthnet.com" />
+	<target host="www.healthnet.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^hrlink\.healthnet\.com$" name="^HRLINK\.HEALTHNET\.COM$" /-->
+	<!--securecookie host="^jobs\.healthnet\.com$" name="^(?:JSESSIONID|PERSIST)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/heartland-interiors.xml b/src/chrome/content/rules/heartland-interiors.xml
new file mode 100644
index 000000000000..3aded5bcdbb3
--- /dev/null
+++ b/src/chrome/content/rules/heartland-interiors.xml
@@ -0,0 +1,6 @@
+<ruleset name="heartland-interiors">
+        <target host="heartland-interiors.co.uk" />
+        <target host="www.heartland-interiors.co.uk" />
+
+        <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/hebdo.ch.xml b/src/chrome/content/rules/hebdo.ch.xml
new file mode 100644
index 000000000000..47cff1d285e1
--- /dev/null
+++ b/src/chrome/content/rules/hebdo.ch.xml
@@ -0,0 +1,14 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://hebdo.ch/ => https://hebdo.ch/: Too many redirects while fetching 'https://hebdo.ch/'
+Fetch error: http://www.hebdo.ch/ => https://www.hebdo.ch/: Too many redirects while fetching 'https://www.hebdo.ch/'
+
+-->
+<ruleset name="hebdo.ch" default_off="failed ruleset test">
+	<target host="hebdo.ch"/>
+	<target host="www.hebdo.ch"/>
+
+	<rule from="^http:"
+		to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/hee.gov.hk.xml b/src/chrome/content/rules/hee.gov.hk.xml
new file mode 100644
index 000000000000..a3c2ef801403
--- /dev/null
+++ b/src/chrome/content/rules/hee.gov.hk.xml
@@ -0,0 +1,17 @@
+<!--
+	For other HK government coverage, see GovHK.xml.
+
+	Nonfunctional hosts in *.hee.gov.hk:
+		- hee.gov.hk (m)
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Higher Education Employment Information e-Platform (HKSARG)">
+	<target host="www.hee.gov.hk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/heidilatskydance.org.xml b/src/chrome/content/rules/heidilatskydance.org.xml
new file mode 100644
index 000000000000..daa9e3fe0cd3
--- /dev/null
+++ b/src/chrome/content/rules/heidilatskydance.org.xml
@@ -0,0 +1,12 @@
+<!--
+	Refused:
+		calendar.heidilatskydance.org
+		docs.heidilatskydance.org
+		mail.heidilatskydance.org
+-->
+<ruleset name="heidilatskydance.org">
+	<target host="heidilatskydance.org" />
+	<target host="www.heidilatskydance.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/hekasoft.com.xml b/src/chrome/content/rules/hekasoft.com.xml
new file mode 100644
index 000000000000..7086c7f2e9bf
--- /dev/null
+++ b/src/chrome/content/rules/hekasoft.com.xml
@@ -0,0 +1,14 @@
+<!--
+	Non-2xx HTTP code:
+		blog.hekasoft.com
+
+	Refused:
+		admin.hekasoft.com
+		webmail.hekasoft.com
+-->
+<ruleset name="hekasoft.com">
+	<target host="hekasoft.com" />
+	<target host="www.hekasoft.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/helbing.ch.xml b/src/chrome/content/rules/helbing.ch.xml
new file mode 100644
index 000000000000..e3de64b6e2d9
--- /dev/null
+++ b/src/chrome/content/rules/helbing.ch.xml
@@ -0,0 +1,9 @@
+<ruleset name="helbing.ch">
+	<target host="helbing.ch"/>
+	<target host="www.helbing.ch"/>
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://helbing\.ch/" to="https://www.helbing.ch/"/>
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/helixo.fr.xml b/src/chrome/content/rules/helixo.fr.xml
new file mode 100644
index 000000000000..511d843f3de3
--- /dev/null
+++ b/src/chrome/content/rules/helixo.fr.xml
@@ -0,0 +1,13 @@
+<ruleset name="Helixo.fr">
+
+	<target host="helixo.fr" />
+	<target host="www.helixo.fr" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/helpingrhinos.org.xml b/src/chrome/content/rules/helpingrhinos.org.xml
new file mode 100644
index 000000000000..e2946dba80a3
--- /dev/null
+++ b/src/chrome/content/rules/helpingrhinos.org.xml
@@ -0,0 +1,36 @@
+<!--
+	^helpingrhinos.org: Mismatched
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .helpingrhinos.org
+		- www.helpingrhinos.org
+
+-->
+<ruleset name="Helping Rhinos.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.helpingrhinos.org" />
+
+	<!--	Complications:
+				-->
+	<target host="helpingrhinos.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.helpingrhinos\.org$" name="^CF(?:ID|TOKEN)$" /-->
+	<!--securecookie host="^www\.helpingrhinos\.org$" name="^JSESSIONID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://helpingrhinos\.org/"
+		to="https://www.helpingrhinos.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/hengxinli.com.xml b/src/chrome/content/rules/hengxinli.com.xml
new file mode 100644
index 000000000000..01d928eeb278
--- /dev/null
+++ b/src/chrome/content/rules/hengxinli.com.xml
@@ -0,0 +1,20 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://hengxinli.com/ => https://hengxinli.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.hengxinli.com/ => https://www.hengxinli.com/: (28, 'Connection timed out after 20000 milliseconds')
+
+-->
+<ruleset name="Hengxinli.com" default_off="failed ruleset test">
+
+	<target host="hengxinli.com" />
+	<target host="www.hengxinli.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/henrikc.dk.xml b/src/chrome/content/rules/henrikc.dk.xml
new file mode 100644
index 000000000000..216a1e4bab03
--- /dev/null
+++ b/src/chrome/content/rules/henrikc.dk.xml
@@ -0,0 +1,29 @@
+<!--
+	Invalid certificate:
+		test2.henrikc.dk
+
+	Refused:
+		localhost.henrikc.dk
+
+	Time out:
+		ask.henrikc.dk
+		dynip.henrikc.dk
+		mail.henrikc.dk
+		old.henrikc.dk
+		test.henrikc.dk
+
+	Unreachable:
+		camo.henrikc.dk
+		militaryvehicles.henrikc.dk
+-->
+<ruleset name="henrikc.dk">
+	<target host="henrikc.dk" />
+	<target host="www.henrikc.dk" />
+	<target host="cpanel.henrikc.dk" />
+	<target host="cpcalendars.henrikc.dk" />
+	<target host="cpcontacts.henrikc.dk" />
+	<target host="webdisk.henrikc.dk" />
+	<target host="webmail.henrikc.dk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/heraut.eu.xml b/src/chrome/content/rules/heraut.eu.xml
new file mode 100644
index 000000000000..ff09f9776f66
--- /dev/null
+++ b/src/chrome/content/rules/heraut.eu.xml
@@ -0,0 +1,10 @@
+<ruleset name="heraut.eu">
+	<target host="heraut.eu" />
+	<target host="www.heraut.eu" />
+	<target host="share.heraut.eu" />
+	<target host="san.heraut.eu" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/heritage.gov.hk.xml b/src/chrome/content/rules/heritage.gov.hk.xml
new file mode 100644
index 000000000000..8049e13ea66c
--- /dev/null
+++ b/src/chrome/content/rules/heritage.gov.hk.xml
@@ -0,0 +1,16 @@
+<!--
+	For other HK government coverage, see GovHK.xml.
+
+	Mismatch:
+		- heritage.gov.hk
+-->
+
+<ruleset name="heritage.gov.hk">
+	<target host="heritage.gov.hk" />
+	<target host="www.heritage.gov.hk" />
+
+	<rule from="^http://(www\.)?heritage\.gov\.hk/"
+		to="https://www.heritage.gov.hk/" />
+
+	<securecookie host=".+" name=".+" />
+</ruleset>
diff --git a/src/chrome/content/rules/hessenschau.de.xml b/src/chrome/content/rules/hessenschau.de.xml
new file mode 100644
index 000000000000..fe94eb5ee49b
--- /dev/null
+++ b/src/chrome/content/rules/hessenschau.de.xml
@@ -0,0 +1,23 @@
+<!--
+	Invalid certificate:
+		www.hessencheck.hessenschau.de
+		reportage.hessenschau.de
+-->
+<ruleset name="hessenschau.de">
+
+	<target host="hessenschau.de" />
+	<target host="www.hessenschau.de" />
+	<target host="app.hessenschau.de" />
+	<target host="www.app.hessenschau.de" />
+	<target host="blog.hessenschau.de" />
+	<target host="download.hessenschau.de" />
+		<test url="http://download.hessenschau.de/kultur/documenta/documenta-lageplan-100.pdf" />
+	<target host="www.ironman.hessenschau.de" />
+	<target host="www.marathon.hessenschau.de" />
+	<target host="www.radrennen.hessenschau.de" />
+	<target host="www.schulausfall.hessenschau.de" />
+	<target host="wahlergebnisse.hessenschau.de" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/heute.at.xml b/src/chrome/content/rules/heute.at.xml
new file mode 100644
index 000000000000..5037b0342107
--- /dev/null
+++ b/src/chrome/content/rules/heute.at.xml
@@ -0,0 +1,36 @@
+<!--
+	This domain contains a wildcard DNS record.
+-->
+<ruleset name="heute.at (partial)">
+
+	<target host="heute.at" />
+	<target host="www.heute.at" />
+	<target host="adventskalender.heute.at" />
+	<target host="amp.heute.at" />
+	<target host="api.heute.at" />
+	<target host="epaper.heute.at" />
+	<target host="events.heute.at" />
+	<target host="horoskop.heute.at" />
+	<target host="inform.heute.at" />
+	<target host="kino.heute.at" />
+	<target host="legacy.heute.at" />
+	<target host="login.heute.at" />
+	<target host="m.heute.at" />
+	<target host="mail.heute.at" />
+	<target host="php.heute.at" />
+	<target host="showroom-chili.heute.at" />
+	<target host="static01.heute.at" />
+	<target host="story.heute.at" />
+	<target host="tierisch.heute.at" />
+	<target host="tirol.heute.at" />
+	<target host="tv.heute.at" />
+	<target host="videos.heute.at" />
+	<target host="vorarlberg.heute.at" />
+	<target host="wetter.heute.at" />
+	<target host="wmtippspiel.heute.at" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/hexchat.net.xml b/src/chrome/content/rules/hexchat.net.xml
new file mode 100644
index 000000000000..83a90077790a
--- /dev/null
+++ b/src/chrome/content/rules/hexchat.net.xml
@@ -0,0 +1,18 @@
+<!--
+	www.hexchat.net does not exist.
+
+-->
+<ruleset name="HexChat.net">
+
+	<target host="hexchat.net" />
+	<target host="dl.hexchat.net" />
+
+
+	<securecookie host="^\." name="(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/hi5.xml b/src/chrome/content/rules/hi5.xml
index f29f6f796124..0bdedbe183c5 100644
--- a/src/chrome/content/rules/hi5.xml
+++ b/src/chrome/content/rules/hi5.xml
@@ -1,7 +1,37 @@
-<ruleset name="hi5" platform="mixedcontent">
+<!--
+	Insecure cookies are set for these domains:
+
+		- .hi5.com
+
+
+	Mixed content:
+
+		- Bugs, on:
+
+			- www from ad.doubleclick.net ¹
+			- www from b.scorecardresearch.com ²
+
+	¹ Rule disabled by default
+	² Secured by us
+
+-->
+<ruleset name="hi5.com">
+
+	<!--	Direct rewrites:
+				-->
   <target host="hi5.com" />
+  <target host="secure.hi5.com" />
   <target host="www.hi5.com" />
 
-  <rule from="^http://(?:www\.)?hi5\.com/" to="https://www.hi5.com/"/>
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.hi5\.com$" name="^(__qca|B|S)$" /-->
+
+	<securecookie host="^\.hi5\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
 
diff --git a/src/chrome/content/rules/hieber.de.xml b/src/chrome/content/rules/hieber.de.xml
new file mode 100644
index 000000000000..448af3049c5f
--- /dev/null
+++ b/src/chrome/content/rules/hieber.de.xml
@@ -0,0 +1,7 @@
+<ruleset name="Hieber">
+	<target host="hieber.de"/>
+	<target host="www.hieber.de"/>
+
+	<rule from="^http:"
+		to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/highland.gov.uk.xml b/src/chrome/content/rules/highland.gov.uk.xml
new file mode 100644
index 000000000000..0666be3a0f69
--- /dev/null
+++ b/src/chrome/content/rules/highland.gov.uk.xml
@@ -0,0 +1,105 @@
+<!--
+	The Highland Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *highland.gov.uk:
+
+		- her ᵈ
+		- libraries ᵈ
+		- wam ᵈ
+		- ww2 ᵈ
+
+	ᵈ Dropped
+
+
+	Problematic hosts in *highland.gov.uk:
+
+		- consult ᵐ
+
+	ᵐ Mismatched
+
+
+	Partially covered hosts in *highland.gov.uk:
+
+		- libraries *
+
+	* Not all paths redirect
+
+
+	These altnames do not exist:
+
+		- www.self.highland.gov.uk
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- highland.gov.uk
+		- self.highland.gov.uk
+		- www.highland.gov.uk
+		- .www.highland.gov.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Images on (www.)? from www.highland.gov.uk ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Highland.gov.uk (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="highland.gov.uk" />
+	<target host="self.highland.gov.uk" />
+	<target host="www.highland.gov.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="consult.highland.gov.uk" />
+	<target host="libraries.highland.gov.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?highland\.gov\.uk$" name="^\w{16}$" /-->
+	<!--securecookie host="^self\.highland\.gov\.uk$" name="^AWSELB$" /-->
+	<!--securecookie host="^\.www\.highland\.gov\.uk$" name="^TestCookie$" /-->
+
+	<securecookie host="^\w" name=".+" />
+	<securecookie host="^\.www\." name=".+" />
+
+
+	<rule from="^http://consult\.highland\.gov\.uk/"
+		to="https://highland-consult.objective.co.uk/" />
+
+		<test url="http://consult.highland.gov.uk/portal/contact_us" />
+
+	<!--	Redirect drops args:
+					-->
+	<rule from="^http://libraries\.highland\.gov\.uk/.*"
+		to="https://capitadiscovery.co.uk/highland/" />
+
+		<!--	/[/\w] does not redirect:
+						-->
+		<exclusion pattern="^http://libraries\.highland\.gov\.uk/(?!$|\?)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://libraries.highland.gov.uk/default.aspx" />
+			<test url="http://libraries.highland.gov.uk/index.htm" />
+			<test url="http://libraries.highland.gov.uk/index.html" />
+			<test url="http://libraries.highland.gov.uk/index.php" />
+
+			<!--	-ve:
+					-->
+			<test url="http://libraries.highland.gov.uk/?" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/hightownha.org.uk.xml b/src/chrome/content/rules/hightownha.org.uk.xml
new file mode 100644
index 000000000000..2052e86c5b75
--- /dev/null
+++ b/src/chrome/content/rules/hightownha.org.uk.xml
@@ -0,0 +1,38 @@
+<!--
+	Nonfunctional hosts in *hightownha.org.uk:
+
+		- (www.)? ᶠ
+		- careers ᵃ
+
+	ᵃ Shows another domain
+	ᶠ Handshake fails
+
+
+	Insecure cookies are set for these hosts:
+
+		- myaccount.hightownha.org.uk
+
+
+	Mixed content:
+
+		- css on myaccount from fonts.googleapis.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Hightown HA.org.uk">
+
+	<target host="myaccount.hightownha.org.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^myaccount\.hightownha\.org\.uk$" name="^(?:BIGipServer|JSESSIONID$)" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/hiking.gov.hk.xml b/src/chrome/content/rules/hiking.gov.hk.xml
new file mode 100644
index 000000000000..11ad990311d7
--- /dev/null
+++ b/src/chrome/content/rules/hiking.gov.hk.xml
@@ -0,0 +1,13 @@
+<!--
+	For other HK government coverage, see GovHK.xml.
+
+	No alternative certificate subject name matches target host name:
+		- hiking.gov.hk
+-->
+<ruleset name="hiking.gov.hk">
+	<target host="hiking.gov.hk" />
+	<target host="www.hiking.gov.hk" />
+
+	<rule from="^http://(www\.)?hiking\.gov\.hk/"
+		to="https://www.hiking.gov.hk/" />
+</ruleset>
diff --git a/src/chrome/content/rules/hipercontas.com.br.xml b/src/chrome/content/rules/hipercontas.com.br.xml
new file mode 100644
index 000000000000..be583ace5ac9
--- /dev/null
+++ b/src/chrome/content/rules/hipercontas.com.br.xml
@@ -0,0 +1,46 @@
+<!--
+	Problematic hosts in *hipercontas.com.br:
+
+		- ^ ᵐ
+		- afiliados ᶜ
+
+	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- chat.hipercontas.com.br
+		- www.hipercontas.com.br
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Hipercontas.com.br (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<!--target host="afiliados.hipercontas.com.br" /-->
+	<target host="chat.hipercontas.com.br" />
+	<target host="www.hipercontas.com.br" />
+
+	<!--	Complications:
+				-->
+	<target host="hipercontas.com.br" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^chat\.hipercontas\.com\.br$" name="^(?:AWSELB|lz_userid)$" /-->
+	<!--securecookie host="^www\.hipercontas\.com\.br$" name="^(?:AWSELB|PHPSESSID)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://hipercontas\.com\.br/"
+		to="https://www.hipercontas.com.br/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/hipertextual.com.xml b/src/chrome/content/rules/hipertextual.com.xml
new file mode 100644
index 000000000000..d2d760efc946
--- /dev/null
+++ b/src/chrome/content/rules/hipertextual.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Hipertextual.com">
+  <target host="hipertextual.com" />
+  <target host="www.hipertextual.com" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/histats.com.xml b/src/chrome/content/rules/histats.com.xml
new file mode 100644
index 000000000000..29dac6a8e6b5
--- /dev/null
+++ b/src/chrome/content/rules/histats.com.xml
@@ -0,0 +1,30 @@
+<!--
+	(www.)?histats.com: Prints "nothing here."
+
+
+	Insecure cookies are set for these domains: ᶜ
+
+		- .histats.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Histats.com (partial)">
+
+	<target host="s10.histats.com" />
+	<target host="sstatic1.histats.com" />
+
+		<!--test url="http://s10.histats.com/js15_as.js"/-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.histats\.com$" name="^CountUid$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/hitfile.net.xml b/src/chrome/content/rules/hitfile.net.xml
new file mode 100644
index 000000000000..feae41a9e23c
--- /dev/null
+++ b/src/chrome/content/rules/hitfile.net.xml
@@ -0,0 +1,47 @@
+<!--
+	Note: platform is so as not to increase non-Tor
+	distinguishability, given that no pages are covered
+	and no mixed content secured.
+
+-->
+<ruleset name="Hitfile.net (partial)" platform="mixedcontent">
+
+	<target host="hitfile.net" />
+	<target host="www.hitfile.net" />
+
+		<!--	Redirect to http:
+						-->
+		<!--exclusion pattern="^http://(?:www\.)?hitfile\.net/(?:$|login$|premium$|reg$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://(?:www\.)?hitfile\.net/(?!/*(?:favicon\.ico|favicon/|(?:fd[12]|platform)/(?:css|img)/|locale/[^/]+/css/))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://hitfile.net/Gdq7W8r" />
+			<test url="http://hitfile.net/fd1/js/bootstrap/bootstrap.min.js" />
+			<test url="http://hitfile.net/fd2/js/fd_menu.js" />
+			<test url="http://hitfile.net/locale/en/js/general.locale.js" />
+			<test url="http://www.hitfile.net/login" />
+			<test url="http://www.hitfile.net/platform/js/lib/jquery-1.11.0.min.js" />
+			<test url="http://www.hitfile.net/premium" />
+			<test url="http://www.hitfile.net/reg" />
+
+			<!--	-ve:
+					-->
+			<test url="http://hitfile.net/favicon.ico" />
+			<test url="http://hitfile.net/fd2/css/country/ru/style.css" />
+			<test url="http://hitfile.net/fd2/img/main/pointdown.png" />
+			<test url="http://www.hitfile.net/locale/en/css/general.locale.css" />
+			<test url="http://www.hitfile.net/platform/css/impromptu.css" />
+			<test url="http://www.hitfile.net/platform/img/icon/flags/hu.gif" />
+
+
+	<securecookie host="^\w" name="^__utm" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/hitta.se.xml b/src/chrome/content/rules/hitta.se.xml
new file mode 100644
index 000000000000..d4ff4736d401
--- /dev/null
+++ b/src/chrome/content/rules/hitta.se.xml
@@ -0,0 +1,10 @@
+<ruleset name="hitta.se">
+        <target host="hitta.se" />
+        <target host="www.hitta.se" />
+        <target host="api.hitta.se" />
+        <target host="static.hitta.se" />
+        <target host="mobile.hitta.se" />
+        <target host="kontakt.hitta.se" />
+
+        <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/hkairportshop.com.xml b/src/chrome/content/rules/hkairportshop.com.xml
new file mode 100644
index 000000000000..fc4f5787ca2a
--- /dev/null
+++ b/src/chrome/content/rules/hkairportshop.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="HKairport Shop">
+	<target host="hkairportshop.com" />
+	<target host="www.hkairportshop.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/hkcnews.com.xml b/src/chrome/content/rules/hkcnews.com.xml
new file mode 100644
index 000000000000..ab54ff13c2a5
--- /dev/null
+++ b/src/chrome/content/rules/hkcnews.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="hkcnews.com">
+	<target host="hkcnews.com" />
+	<target host="www.hkcnews.com" />
+	<target host="slgfg.hkcnews.com" />
+	<target host="www1.hkcnews.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/hkex.com.hk.xml b/src/chrome/content/rules/hkex.com.hk.xml
new file mode 100644
index 000000000000..7eae35a02f32
--- /dev/null
+++ b/src/chrome/content/rules/hkex.com.hk.xml
@@ -0,0 +1,31 @@
+<!--
+	Other HKEX related rulesets:
+		+ hkexgroup.com.xml
+		+ lme.com.xml
+		+ hkexnews.hk.xml
+
+	Invalid certificate:
+		en-rules.hkex.com.hk
+		www.iporesults.hkex.com.hk
+
+	Time out:
+		hkex.com.hk
+		m.hkex.com.hk
+-->
+<ruleset name="Hong Kong Exchanges and Clearing Limited">
+
+	<target host="hkex.com.hk" />
+	<target host="www.hkex.com.hk" />
+	<target host="www.ecp.hkex.com.hk" />
+	<target host="www.esubmission.hkex.com.hk" />
+	<target host="sc.hkex.com.hk" />
+	<target host="sdinotice.hkex.com.hk" />
+		<test url="http://sdinotice.hkex.com.hk/Home/Login" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://hkex\.com\.hk/"
+		to="https://www.hkex.com.hk/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/hkexgroup.com.xml b/src/chrome/content/rules/hkexgroup.com.xml
new file mode 100644
index 000000000000..7adc252d11a1
--- /dev/null
+++ b/src/chrome/content/rules/hkexgroup.com.xml
@@ -0,0 +1,18 @@
+<!--
+	For other HKEX related rulesets, see hkex.com.hk.xml.
+
+	Non-functional hosts
+		Couldn't connect to server:
+		- hkexgroup.com
+-->
+<ruleset name="HKEXGroup.com">
+	<target host="hkexgroup.com" />
+	<target host="www.hkexgroup.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://hkexgroup\.com/"
+			to="https://www.hkexgroup.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/hkexnews.hk.xml b/src/chrome/content/rules/hkexnews.hk.xml
new file mode 100644
index 000000000000..1c138e7a1008
--- /dev/null
+++ b/src/chrome/content/rules/hkexnews.hk.xml
@@ -0,0 +1,17 @@
+<!--
+	For other HKEX related rulesets, see hkex.com.hk.xml.
+
+	Non-functional hosts
+		SSL error:
+		- www3.hkexnews.hk
+-->
+<ruleset name="HKEXnews.hk">
+	<target host="sc.hkexnews.hk" />
+	<target host="www.hkexnews.hk" />
+	<target host="www1.hkexnews.hk" />
+	<target host="www2.hkexnews.hk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/hkexpress.com.xml b/src/chrome/content/rules/hkexpress.com.xml
new file mode 100644
index 000000000000..81c208a803b4
--- /dev/null
+++ b/src/chrome/content/rules/hkexpress.com.xml
@@ -0,0 +1,24 @@
+<!--
+	Nonfunctional hosts in *.hkexpress.com:
+		- careers.hkexpress.com (m)
+		- link.hkexpress.com (m)
+		- www-origin.hkexpress.com (t)
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="HK Express">
+	<target host="hkexpress.com" />
+	<target host="www.hkexpress.com" />
+	<target host="www-test-origin.hkexpress.com" />
+	<target host="booking.hkexpress.com" />
+	<target host="bookingtest1p13m.hkexpress.com" />
+	<target host="booking-uat.hkexpress.com" />
+	<target host="dms.hkexpress.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
+
diff --git a/src/chrome/content/rules/hkicl.com.hk.xml b/src/chrome/content/rules/hkicl.com.hk.xml
new file mode 100644
index 000000000000..7d2e69a87a19
--- /dev/null
+++ b/src/chrome/content/rules/hkicl.com.hk.xml
@@ -0,0 +1,55 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+			 - hkicl.com.hk
+			 - ebpp.hkicl.com.hk
+			 - uat.ebpp.hkicl.com.hk
+			 - ns10.hkicl.com.hk
+			 - ns11.hkicl.com.hk
+			 - ns12.hkicl.com.hk
+			 - ns9.hkicl.com.hk
+
+		Timeout was reached:
+			 - smtp.echeque.hkicl.com.hk
+			 - smtpdev.echeque.hkicl.com.hk
+			 - smtpuat.echeque.hkicl.com.hk
+			 - mail.hkicl.com.hk
+			 - mail2.hkicl.com.hk
+			 - ns1.hkicl.com.hk
+			 - ns13.hkicl.com.hk
+			 - ns14.hkicl.com.hk
+			 - ns3.hkicl.com.hk
+			 - ns5.hkicl.com.hk
+			 - ns6.hkicl.com.hk
+			 - ns7.hkicl.com.hk
+			 - ns8.hkicl.com.hk
+
+		Peer certificate cannot be authenticated with given CA certificates:
+			 - dev.echeque.hkicl.com.hk
+			 - mem.echeque.hkicl.com.hk
+			 - merchantsim.hkicl.com.hk
+			 - ssouat.hkicl.com.hk
+			 - uat.hkicl.com.hk
+
+		Incomplete certificate chain error:
+			 - uat.echeque.hkicl.com.hk
+-->
+<ruleset name="Hong Kong Interbank Clearing Limited">
+	<target host="hkicl.com.hk" />
+	<target host="www.hkicl.com.hk" />
+	<target host="www.echeque.hkicl.com.hk" />
+	<target host="sim.echeque.hkicl.com.hk" />
+	<target host="imbt.hkicl.com.hk" />
+	<target host="ssl1.hkicl.com.hk" />
+	<target host="ssl2.hkicl.com.hk" />
+
+	<securecookie host="^echeque\.hkicl\.com\.hk$" name=".+" />
+	<securecookie host="^ssl1\.hkicl\.com\.hk$" name=".+" />
+	<securecookie host="^ssl2\.hkicl\.com\.hk$" name=".+" />
+
+	<rule from="^http://hkicl\.com\.hk/"
+			to="https://www.hkicl.com.hk/" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/hkjc.com.xml b/src/chrome/content/rules/hkjc.com.xml
new file mode 100644
index 000000000000..2522a33d271b
--- /dev/null
+++ b/src/chrome/content/rules/hkjc.com.xml
@@ -0,0 +1,174 @@
+<!--
+	Non-functional hosts
+		No working 200/3XX URL(s):
+			 - appsdownload2.hkjc.com
+			 - bapi.hkjc.com
+			 - bapi01.hkjc.com
+			 - bapi02.hkjc.com
+			 - speedbettxn.hkjc.com
+			 - ssl.hkjc.com
+
+		Couldn't resolve host name:
+			 - aosbsdl.hkjc.com
+			 - appsdownload.hkjc.com
+			 - rms.corp.hkjc.com
+			 - cr.hkjc.com
+			 - wcmsweb01.football.hkjc.com
+			 - wcmsweb02.football.hkjc.com
+			 - wcmsweb03.football.hkjc.com
+			 - wcmsweb04.football.hkjc.com
+			 - wcmsweb05.football.hkjc.com
+			 - mail1.hkjc.com
+			 - pda.hkjc.com
+			 - www.pda.hkjc.com
+			 - pda01.hkjc.com
+			 - www.pda01.hkjc.com
+			 - pda02.hkjc.com
+			 - www.pda02.hkjc.com
+			 - pdabs.hkjc.com
+			 - www.pdabs.hkjc.com
+			 - www.txn01.hkjc.com
+			 - www.txn02.hkjc.com
+			 - txnnew.hkjc.com
+			 - txnnew02.hkjc.com
+			 - txnold.hkjc.com
+			 - txnold01.hkjc.com
+
+		Couldn't connect to server:
+			 - www.hkjc.com
+			 - bclient.hkjc.com
+			 - blog.hkjc.com
+			 - charities.hkjc.com
+			 - www.charities.hkjc.com
+			 - corporate.hkjc.com
+			 - mbsntxn.hkjc.com
+			 - mbsntxn01.hkjc.com
+			 - mbsntxn02.hkjc.com
+			 - member.hkjc.com
+			 - www.member.hkjc.com
+			 - pushpublic.hkjc.com
+			 - racing.hkjc.com
+			 - racingclub.hkjc.com
+			 - www.racingclub.hkjc.com
+			 - search.hkjc.com
+			 - search01.hkjc.com
+			 - speedbet.hkjc.com
+
+		Timeout was reached:
+			 - bet.hkjc.com
+			 - flgtm.hkjc.com
+			 - ftcgtm.hkjc.com
+			 - gadget.hkjc.com
+			 - hvgtm.hkjc.com
+			 - mcs.hkjc.com
+			 - my.hkjc.com
+			 - www.my.hkjc.com
+			 - pbgtm.hkjc.com
+			 - push.hkjc.com
+			 - qtt.hkjc.com
+			 - stgtm.hkjc.com
+			 - suppliernetwork.hkjc.com
+			 - swcgtm.hkjc.com
+			 - txx.hkjc.com
+			 - wcds01.hkjc.com
+			 - wcds02.hkjc.com
+			 - xsell.hkjc.com
+
+		SSL connect error:
+			 - reservation.hkjc.com
+
+		SSL peer certificate or SSH remote key was not OK:
+			 - 130.hkjc.com
+			 - analysis.hkjc.com
+			 - common.hkjc.com
+			 - www.corporate.hkjc.com
+			 - entertainment.hkjc.com
+			 - football.hkjc.com
+			 - happywednesday.hkjc.com
+			 - java.hkjc.com
+			 - m.hkjc.com
+			 - priority.hkjc.com
+			 - quartet.hkjc.com
+			 - racingtouch.hkjc.com
+			 - search02.hkjc.com
+			 - txnnew01.hkjc.com
+			 - txnold02.hkjc.com
+
+		Problematic:
+			 - txn.hkjc.com
+			 - txn01.hkjc.com
+			 - txn02.hkjc.com
+-->
+<ruleset name="HKJC Lotteries Limited">
+	<target host="android.hkjc.com" />
+	<target host="booking.hkjc.com" />
+
+	<target host="campaign.hkjc.com" />
+	<test url="http://campaign.hkjc.com/en/hkir/history.aspx" />
+
+	<target host="ccwebchat.hkjc.com" />
+	<test url="http://ccwebchat.hkjc.com/WebChat/HelpMenu.aspx" />
+
+	<target host="www.bookingrc.hkjc.com" />
+	<target host="elogin.hkjc.com" />
+	<target host="elogin01.hkjc.com" />
+	<target host="elogin02.hkjc.com" />
+	<target host="gtx.hkjc.com" />
+	<target host="gtx01.hkjc.com" />
+	<target host="gtx02.hkjc.com" />
+	<target host="ibutinfo.hkjc.com" />
+	<target host="ibutinfo01.hkjc.com" />
+	<target host="ibutinfo02.hkjc.com" />
+	<target host="ibuttxn.hkjc.com" />
+	<target host="ibuttxn01.hkjc.com" />
+	<target host="ibuttxn02.hkjc.com" />
+	<target host="icrn.hkjc.com" />
+
+	<target host="is.hkjc.com" />
+	<test url="http://is.hkjc.com/baoa_mobile/entry/en/" />
+
+	<target host="iosbsinfo.hkjc.com" />
+	<target host="iosbsinfo01.hkjc.com" />
+	<target host="iosbsinfo02.hkjc.com" />
+	<target host="iosbstxn.hkjc.com" />
+	<target host="iosbstxn01.hkjc.com" />
+	<target host="iosbstxn02.hkjc.com" />
+	<target host="mcjcinfo.hkjc.com" />
+	<target host="mcjcinfo01.hkjc.com" />
+	<target host="mcjcinfo02.hkjc.com" />
+	<target host="mcjctxn.hkjc.com" />
+	<target host="mcjctxn01.hkjc.com" />
+	<target host="mcjctxn02.hkjc.com" />
+
+	<target host="mtp.hkjc.com" />
+	<test url="http://mtp.hkjc.com/application" />
+
+	<target host="mwcip.hkjc.com" />
+	<target host="mwcip01.hkjc.com" />
+	<target host="mwcip02.hkjc.com" />
+
+	<target host="special.hkjc.com" />
+	<test url="http://special.hkjc.com/infomenu/en/images/hkjc_logo.png" />
+
+	<target host="txn01.hkjc.com" />
+	<exclusion pattern="^http://txn01\.hkjc\.com/BetSlip/index\.aspx" />
+	<test url="http://txn01.hkjc.com/BetSlip/index.aspx" />
+
+	<target host="txn02.hkjc.com" />
+	<exclusion pattern="^http://txn02\.hkjc\.com/BetSlip/index\.aspx" />
+	<test url="http://txn02.hkjc.com/BetSlip/index.aspx" />
+
+	<target host="www.priority.hkjc.com" />
+	<target host="qtts.hkjc.com" />
+	<target host="mem.racingclub.hkjc.com" />
+	<target host="responsible-gambling.hkjc.com" />
+	<target host="supplierportal.hkjc.com" />
+	<target host="trialsupplierportal.hkjc.com" />
+	<target host="wcip.hkjc.com" />
+	<target host="wcip01.hkjc.com" />
+	<target host="wcip02.hkjc.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/hko.gov.hk.xml b/src/chrome/content/rules/hko.gov.hk.xml
new file mode 100644
index 000000000000..4c58b6000da4
--- /dev/null
+++ b/src/chrome/content/rules/hko.gov.hk.xml
@@ -0,0 +1,42 @@
+<!--
+	For other HK government coverage, see GovHK.xml.
+
+	Non-functional hosts in *.hko.gov.hk
+		Couldn't connect to server:
+		- gbm.hko.gov.hk
+
+		SSL peer certificate was not OK:
+		- kids.hko.gov.hk
+		- pda.hko.gov.hk
+		- wap.hko.gov.hk
+
+		Incomplete certificate chain error:
+		- m.hko.gov.hk
+
+	Non-functional hosts in *.weather.gov.hk:
+		Incomplete certificate chain error:
+		- m.weather.gov.hk (sometimes)
+
+-->
+<ruleset name="Hong Kong Observatory">
+	<!-- *.hko.gov.hk -->
+	<target host="www.hko.gov.hk" />
+	<target host="avrdp.hko.gov.hk" />
+	<target host="elderly.hko.gov.hk" />
+	<target host="maps.hko.gov.hk" />
+	<target host="my.hko.gov.hk" />
+
+	<!-- *.weather.gov.hk -->
+	<target host="www.weather.gov.hk" />
+	<target host="data.weather.gov.hk" />
+	<target host="elderly.weather.gov.hk" />
+	<target host="gb.weather.gov.hk" />
+	<target host="gowise2.weather.gov.hk" />
+	<target host="kids.weather.gov.hk" />
+	<target host="maps.weather.gov.hk" />
+	<target host="my.weather.gov.hk" />
+	<target host="rss.weather.gov.hk" />
+	<test url="http://rss.weather.gov.hk/img/pic62.png" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/hkpl.gov.hk.xml b/src/chrome/content/rules/hkpl.gov.hk.xml
new file mode 100644
index 000000000000..9e05b91ffda7
--- /dev/null
+++ b/src/chrome/content/rules/hkpl.gov.hk.xml
@@ -0,0 +1,30 @@
+<!--
+	For other HK government coverage, see GovHK.xml.
+
+	Invalid certificate:
+		hkpl.gov.hk
+		hkclweb.hkpl.gov.hk
+		portal-216.hkpl.gov.hk
+		support.hkpl.gov.hk
+
+	No working URL known:
+		epay.hkpl.gov.hk
+
+	Redirect to HTTP:
+		ask.hkpl.gov.hk
+
+-->
+<ruleset name="Hong Kong Public Libraries">
+	<target host="hkpl.gov.hk" />
+	<target host="www.hkpl.gov.hk" />
+	<target host="ebookauth.hkpl.gov.hk" />
+	<target host="ezproxy.hkpl.gov.hk" />
+	<target host="mmis.hkpl.gov.hk" />
+	<target host="mobileapp.hkpl.gov.hk" />
+	<target host="webcat.hkpl.gov.hk" />
+
+	<rule from="^http://hkpl\.gov\.hk/"
+		to="https://www.hkpl.gov.hk/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/hkqf.gov.hk.xml b/src/chrome/content/rules/hkqf.gov.hk.xml
new file mode 100644
index 000000000000..e3a7ffc2f752
--- /dev/null
+++ b/src/chrome/content/rules/hkqf.gov.hk.xml
@@ -0,0 +1,19 @@
+<!--
+	For other HK government coverage, see GovHK.xml.
+
+	Nonfunctional hosts in *.hkqf.gov.hk:
+		- hkqf.gov.hk (m)
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="hkqf.gov.hk">
+	<target host="hkqf.gov.hk" />
+	<target host="www.hkqf.gov.hk" />
+
+	<rule from="^http://(www\.)?hkqf\.gov\.hk/"
+		to="https://www.hkqf.gov.hk/" />
+</ruleset>
diff --git a/src/chrome/content/rules/hkstockadr.com.xml b/src/chrome/content/rules/hkstockadr.com.xml
new file mode 100644
index 000000000000..5eadb2999d97
--- /dev/null
+++ b/src/chrome/content/rules/hkstockadr.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="hkstockadr.com">
+	<target host="hkstockadr.com" />
+	<target host="www.hkstockadr.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/hku.hk.xml b/src/chrome/content/rules/hku.hk.xml
new file mode 100644
index 000000000000..2ebc79dc4cb0
--- /dev/null
+++ b/src/chrome/content/rules/hku.hk.xml
@@ -0,0 +1,344 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://gradappl.cs.hku.hk/ => https://gradappl.cs.hku.hk/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://ctc.hku.hk/ => https://ctc.hku.hk/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.ctc.hku.hk/ => https://www.ctc.hku.hk/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://mailbox.eee.hku.hk/ => https://mailbox.eee.hku.hk/: (7, 'Failed to connect to mailbox.eee.hku.hk port 443: Connection refused')
+Fetch error: http://acs.law.hku.hk/ => https://acs.law.hku.hk/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.talentedapp.hku.hk/ => https://www.talentedapp.hku.hk/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	Problematic domains:
+
+	Invalid certs:
+	 	- www.aal.hku.hk
+	 	- www.als.hku.hk
+	 	- www.biosch.hku.hk
+		- www.buddhism.hku.hk
+		- caes.hku.hk
+	 	- www.careers.hku.hk
+		- cbh.hku.hk
+ 		- ccsg.hku.hk
+	 	- apps.cedars.hku.hk
+		- dmp.cedars.hku.hk
+	 	- w3.cedars.hku.hk
+	 	- wp2.cedars.hku.hk
+	 	- cetl.hku.hk
+	 	- ar.cetl.hku.hk
+	 	- arch.cetl.hku.hk
+	 	- certcourse.cetl.hku.hk
+	 	- e3r.cetl.hku.hk
+	 	- hke3r.cetl.hku.hk
+	 	- moodle.cetl.hku.hk
+	 	- moodle2.cetl.hku.hk
+	 	- myreview2016.cetl.hku.hk
+	 	- video.cetl.hku.hk
+	 	- www.cetl.hku.hk
+	 	- www.chemistry.hku.hk
+		- www.chm.hku.hk
+ 		- www.civil.hku.hk
+		- www.cmel.hku.hk
+ 		- commoncore.hku.hk
+		- www.cpao.hku.hk
+		- www.snrg.cs.hku.hk
+	 	- csfirst.cs.hku.hk
+		- www.csd.hku.hk
+		- www.csis.hku.hk
+		- csrp.hku.hk
+		- cortex.csrp.hku.hk
+		- n2.csrp.hku.hk
+		- onlinesurvey.csrp.hku.hk
+		- survey.csrp.hku.hk
+		- www.culture.hku.hk
+	 	- www.dreamcatchers.hku.hk
+		- www.econ.hku.hk
+	 	- fis.edu.hku.hk
+		- moodle.edu.hku.hk
+		- engineering.hku.hk
+	 	- www.english.hku.hk
+		- www.exam.hku.hk
+	 	- www.fife.hku.hk
+		- ghelc.hku.hk
+	 	- ca.grid.hku.hk
+	 	- handbook.hku.hk
+	 	- www.handbook.hku.hk
+	 	- www.hedo.hku.hk
+	 	- www.hkihss.hku.hk
+	 	- hkumath.hku.hk
+		- www.hkupasteur.hku.hk
+		- data.hkupop.hku.hk
+ 		- cc8.hkuspace.hku.hk
+		- wpd.hkuspace.hku.hk
+ 		- w2.hkuspace.hku.hk
+	 	- www.chemsoc.hkusu.hku.hk
+		- www.chinsoc.hkusu.hku.hk
+		- www.council.hkusu.hku.hk
+		- www.dance.hkusu.hku.hk
+		- www.efs.hkusu.hku.hk
+		- www.hkusucec.hkusu.hku.hk
+		- www.icahkusu.hkusu.hku.hk
+	 	- www.karate.hkusu.hku.hk
+		- www.magic.hkusu.hku.hk
+		- www.medes.hkusu.hku.hk
+	 	- www.ppaa.hkusu.hku.hk
+		- www.psysoc.hkusu.hku.hk
+	 	- www.ramblers.hkusu.hku.hk
+		- www.sass.hkusu.hku.hk
+ 		- www.sociso.hkusu.hku.hk
+		- www.ssshkusu.hkusus.hku.hk
+		- www.suastro.hkusu.hku.hk
+		- hkux-survey.hku.hk
+	 	- www.hr.hku.hk
+		- www.ihp.hku.hk
+ 		- www.imse.hku.hk
+	 	- www.infoday.hku.hk
+		- survey.its.hku.hk
+	 	- transparency.jmsc.hku.hk
+	 	- cmp.jmsc.hku.hk
+	 	- hrc.jmsc.hku.hk
+	 	- jobs.hku.hk
+	 	- www.ke.hku.hk
+	 	- medialaw2013.law.hku.hk
+		- lawdoc.hku.hk
+	 	- www.ldsrc.hku.hk
+		- www.les.hku.hk
+		- etd.lib.hku.hk
+		- libguides.lib.hku.hk
+   		- sunzi.lib.hku.hk
+		- sunzi1.lib.hku.hk
+	 	- lmsbatch1.hku.hk
+		- me.hku.hk
+		- informatics2017.med.hku.hk
+		- transmission2017.med.hku.hk
+		- moodle-support.hku.hk
+	 	- muse.hku.hk
+	 	- news.muse.hku.hk
+	 	- www.muse.hku.hk
+	 	- www.newcollege.hku.hk
+		- online.hku.hk
+		- mail.pathology.hku.hk
+	 	- www.pharama.hku.hk
+	 	- philosophy.hku.hk
+		- ppa.hku.hk
+		- www.presidentoffice.hku.hk
+ 		- www.psychology.hku.hk
+	 	- www.role.hku.hk
+	 	- www.rss.hku.hk
+		- sbb.hku.hk
+		- scr.hku.hk
+		- www.scr.hku.hk
+   		- www.sef.hku.hk
+		- setl.hku.hk
+	 	- www.shunhingcollege.hku.hk
+		- www.smlc.hku.hk
+		- alumni.socialwork.hku.hk
+ 		- www.socialwork.hku.hk
+	 	- www.socsc.hku.hk
+		- www.soh.hku.hk
+ 		- www.speech.hku.hk
+		- bcrmu.sph.hku.hk
+		- mph.sph.hku.hk
+	 	- pcp.sph.hku.hk
+		- ssrc.hku.hk
+ 		- www.swire.hku.hk
+		- git.teli.hku.hk
+		- survey.teli.hku.hk
+		- www.teli.hku.hk
+	 	- tl.hku.hk
+	 	- tto.hku.hk
+		- uhs.hku.hk
+		- www.uhs.hku.hk
+		- www.umag.hku.hk
+		- virology.hku.hk
+		- wquit.hku.hk
+		- www.uhs.hku.hk
+		- mail.versitech.hku.hk
+		- www.weilun.hku.hl
+	 	- www.wsrcweb.hku.hk
+	 	- www4.hku.hk
+		- www-2.hku.hk
+		- www.yangtze.hku.hk
+		- www.ziri.hku.hk
+
+	Mixed content:
+		- moodle.hku.hk
+		- library.hku.hk
+		- www.cetl.hku.hk
+		- www2.cetl.hku.hk
+		- teli.hku.hk
+
+	Redirects to HTTP:
+		- www2.cetl.hku.hk
+		- hdnursing.hkuspace.hku.hk
+		- unitix.hku.hk
+		- unitixadmin.hku.hk
+		- unitixfiles.hku.hk
+
+	Different content in HTTP and HTTPS:
+		- slim.cs.hku.hk
+		- elearning.eee.hku.hk
+		- www2.hkuspace.hku.hk
+		- sis-eportal.hku.hk
+		- paed.hku.hk
+-->
+<ruleset name="The University of Hong Kong" default_off="failed ruleset test">
+
+	<target host="hku.hk" />
+	<target host="www.hku.hk" />
+
+	<target host="100.hku.hk" />
+	<target host="www.alumni.hku.hk" />
+	<target host="printserver.ad.arch.hku.hk" />
+	<target host="www.bimhse.hku.hk" />
+	<target host="casa.hku.hk" />
+	<target host="www.caovisa.hku.hk" />
+	<target host="cedars.hku.hk" />
+	<target host="beta.cedars.hku.hk" />
+	<target host="sub.cedars.hku.hk" />
+	<target host="w2.cedars.hku.hk" />
+	<target host="www.cedars.hku.hk" />
+	<target host="centennialcollege.hku.hk" />
+	<target host="cas.centennialcollege.hku.hk" />
+	<target host="learner.centennialcollege.hku.hk" />
+	<target host="oepwebp.centennialcollege.hku.hk" />
+	<target host="ithelp.centennialcollege.hku.hk" />
+	<target host="success.centennialcollege.hku.hk" />
+	<target host="wise.centennialcollege.hku.hk" />
+	<target host="www.centennialcollege.hku.hk" />
+	<target host="certcourse.cetl.hku.hk" />
+	<target host="hkux-survey.cetl.hku.hk" />
+	<target host="surveyreport.cetl.hku.hk" />
+	<target host="community.cs.hku.hk" />
+	<target host="gradappl.cs.hku.hk" />
+	<target host="i.cs.hku.hk" />
+	<target host="i2.cs.hku.hk" />
+	<target host="intranet.cs.hku.hk" />
+	<target host="msccs.cs.hku.hk" />
+	<target host="vpn.cs.hku.hk" />
+	<target host="webmail.cs.hku.hk" />
+	<target host="ctc.hku.hk" />
+	<target host="intranet.ctc.hku.hk" />
+	<target host="www.ctc.hku.hk" />
+	<target host="www.culturehumanities.hku.hk" />
+	<target host="www.daao.hku.hk" />
+	<target host="intranet.ecom-icom.hku.hk" />
+	<target host="webmail.ecom-icom.hku.hk" />
+	<target host="www.ecom-icom.hku.hk" />
+	<target host="www.eee.hku.hk" />
+	<target host="elink.eee.hku.hk" />
+	<target host="extranet.eee.hku.hk" />
+	<target host="intranet.eee.hku.hk" />
+	<target host="intranet8.eee.hku.hk" />
+	<target host="mailbox.eee.hku.hk" />
+	<target host="engg.hku.hk" />
+	<target host="intranet.engg.hku.hk" />
+	<target host="msc.engg.hku.hk" />
+	<target host="office.engg.hku.hk" />
+	<target host="www.estates.hku.hk" />
+	<target host="esurvey.hku.hk" />
+	<target host="extranet.hku.hk" />
+	<target host="www.faith.hku.hk" />
+	<target host="fbe.hku.hk" />
+	<target host="www.fbe.hku.hk" />
+	<target host="www.giving.hku.hk" />
+	<target host="community.grid.hku.hk" />
+	<target host="hkuems1.hku.hk" />
+	<target host="hkuesd.hku.hk" />
+	<target host="hkupop.hku.hk" />
+	<target host="survey.hkupop.hku.hk" />
+	<target host="survey3.hkupop.hku.hk" />
+	<target host="www.hkupop.hku.hk" />
+	<target host="hkuportal.hku.hk" />
+	<target host="www.hkupress.hku.hk" />
+	<target host="hkuspace.hku.hk" />
+	<target host="alumni.hkuspace.hku.hk" />
+	<target host="alumniapp.hkuspace.hku.hk" />
+	<target host="cchdnursing.hkuspace.hku.hk" />
+	<target host="enews.hkuspace.hku.hk" />
+	<target host="ic.hkuspace.hku.hk" />
+	<target host="intranet.hkuspace.hku.hk" />
+	<target host="its.hkuspace.hku.hk" />
+	<target host="its-helpdesk.hkuspace.hku.hk" />
+	<target host="learner.hkuspace.hku.hk" />
+	<target host="learner1.hkuspace.hku.hk" />
+	<target host="m.hkuspace.hku.hk" />
+	<target host="sfs01.hkuspace.hku.hk" />
+	<target host="si.hkuspace.hku.hk" />
+	<target host="soul2.hkuspace.hku.hk" />
+	<target host="ss.hkuspace.hku.hk" />
+	<target host="teacher.hkuspace.hku.hk" />
+	<target host="vpn.hkuspace.hku.hk" />
+	<target host="w3.hkuspace.hku.hk" />
+	<target host="w5.hkuspace.hku.hk" />
+	<target host="www.hkuspace.hku.hk" />
+	<target host="hub.hku.hk" />
+	<target host="ids.hku.hk" />
+	<target host="online.ihp.hku.hk" />
+	<target host="its.hku.hk" />
+	<target host="www.its.hku.hk" />
+	<target host="itsnow.hku.hk" />
+	<target host="intranet.hku.hk" />
+	<target host="intraweb.hku.hk" />
+	<target host="jmsc.hku.hk" />
+	<target host="www.lau.hku.hk" />
+	<target host="acs.law.hku.hk" />
+	<target host="disabilityrights.law.hku.hk" />
+	<target host="www.scholarshipblog.law.hku.hk" />
+	<target host="www.law.hku.hk" />
+	<target host="learning.hku.hk" />
+	<target host="lecturecapture.hku.hk" />
+	<target host="lib.hku.hk" />
+	<target host="eforms.lib.hku.hk" />
+	<target host="my.lib.hku.hk" />
+	<target host="www.lib.hku.hk" />
+	<target host="www.marathon.hku.hk" />
+	<target host="med.hku.hk" />
+	<target host="www.med.hku.hk" />
+	<target host="www.mentorship.hku.hk" />
+	<target host="nursing.hku.hk" />
+	<target host="rc.ortho.hku.hk" />
+	<target host="www.ortho.hku.hk" />
+	<target host="www.ple.hku.hk" />
+	<target host="m.portal.hku.hk" />
+	<target host="portal5.hku.hk" />
+	<target host="portal6.hku.hk" />
+	<target host="portali.hku.hk" />
+	<target host="signup.ppa.hku.hk" />
+	<target host="ppaweb.hku.hk" />
+	<target host="www.ppaweb.hku.hk" />
+	<target host="www.psychiatry.hku.hk" />
+	<target host="www.rblack.hku.hk" />
+	<target host="soas.hku.hk" />
+	<target host="sociology.hku.hk" />
+	<target host="sites.sociology.hku.hk" />
+	<target host="www.sites.sociology.hku.hk" />
+	<target host="familycohort.sph.hku.hk" />
+	<target host="sph.hku.hk" />
+	<target host="www.summerals.hku.hk" />
+	<target host="sweb.hku.hk" />
+	<target host="www.talentedapp.hku.hk" />
+	<target host="tl.hku.hk" />
+	<target host="survey.tlem.hku.hk" />
+	<target host="tutorial-signup.hku.hk" />
+	<target host="uvision.hku.hk" />
+	<target host="versitech.hku.hk" />
+	<target host="www.versitech.hku.hk" />
+	<target host="www.visitorcentre.hku.hk" />
+	<target host="web.hku.hk" />
+	<target host="webconf.hku.hk" />
+	<target host="webmail.hku.hk" />
+
+<!-- Redirects for subdomains without secured content -->
+	<rule from="^http://cedars\.hku\.hk/" to="https://www.cedars.hku.hk/" />
+	<rule from="^http://centennialcollege\.hku\.hk/" to="https://www.centennialcollege.hku.hk/" />
+	<rule from="^http://fbe\.hku\.hk/" to="https://www.fbe.hku.hk/" />
+	<rule from="^http://hkupop\.hku\.hk/" to="https://www.hkupop.hku.hk/" />
+	<rule from="^http://its\.hku\.hk/" to="https://www.its.hku.hk/" />
+	<rule from="^http://www\.lib\.hku\.hk/" to="https://lib.hku.hk/" />
+	<rule from="^http://med\.hku\.hk/" to="https://www.med.hku.hk/" />
+	<rule from="^http://ppaweb\.hku\.hk/" to="https://www.ppaweb.hku.hk/" />
+	<rule from="^http://www\.sites\.sociology\.hku\.hk/" to="https://sites.sociology.hku.hk/" />
+	<rule from="^http://versitech\.hku\.hk/" to="https://www.versitech.hku.hk/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/hl-inside.ru-mixedcontent.xml b/src/chrome/content/rules/hl-inside.ru-mixedcontent.xml
new file mode 100644
index 000000000000..d39752affa47
--- /dev/null
+++ b/src/chrome/content/rules/hl-inside.ru-mixedcontent.xml
@@ -0,0 +1,13 @@
+<!--
+	See hl-inside.ru.xml.
+-->
+
+<ruleset name="hl-inside.ru (mixed content)" platform="mixedcontent">
+	<target host="bbs.hl-inside.ru" />
+	<target host="forum.hl-inside.ru" />
+	<target host="forums.hl-inside.ru" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/hl-inside.ru.xml b/src/chrome/content/rules/hl-inside.ru.xml
new file mode 100644
index 000000000000..33cf3dae42c4
--- /dev/null
+++ b/src/chrome/content/rules/hl-inside.ru.xml
@@ -0,0 +1,24 @@
+<!--
+	Mismatched:
+		- mobile (www.as-inside.ru)
+
+	Mixed content blocking (see hl-inside.ru-mixedcontent.xml):
+		- bbs
+		- forum
+		- forums
+
+ 	Redirect to HTTP:
+		- ig
+		- is
+-->
+
+<ruleset name="hl-inside.ru">
+	<target host="hl-inside.ru" />
+	<target host="www.hl-inside.ru" />
+	<target host="in.hl-inside.ru" />
+	<target host="local.hl-inside.ru" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/hobbypcb.com.xml b/src/chrome/content/rules/hobbypcb.com.xml
new file mode 100644
index 000000000000..17ebf64f6def
--- /dev/null
+++ b/src/chrome/content/rules/hobbypcb.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="Hobby PCB.com">
+
+	<target host="hobbypcb.com" />
+	<target host="www.hobbypcb.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/hobsons.com.xml b/src/chrome/content/rules/hobsons.com.xml
new file mode 100644
index 000000000000..c1b91f6a0b0a
--- /dev/null
+++ b/src/chrome/content/rules/hobsons.com.xml
@@ -0,0 +1,85 @@
+<!--
+	Other Hobsons rulesets:
+
+		- starfishsolutions.com.xml
+
+
+	Nonfunctional hosts in *hobsons.com:
+
+		- areyouready ᵈ
+		- ems ²
+		- starfish ʳ
+
+	² 200 "Site Not Found"
+	ᵈ Dropped
+	ʳ Refused
+
+
+	Problematic hosts in *hobsons.com:
+
+		- ^ ᵐ
+		- emsinfo ᵐ
+		- engineering ᵐ
+		- go ᵐ
+		- apps.go ᵐ
+		- images.go ᵐ
+		- www.postgrad ᵐ
+		- radius ᵐ
+		- www ᵀ
+
+	ᵀ Blocks Tor users
+	ᵐ Mismatched
+	² 200 "Site Not Found"
+	ᵈ Dropped
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- .go.hobsons.com
+		- www.hobsons.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Images on radius from static1.squarespace.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Hobsons.com (partial)" default_off="needs clearnet testing">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.hobsons.com" />
+
+	<!--	Complications:
+				-->
+	<target host="hobsons.com" />
+	<target host="www.postgrad.hobsons.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.go\.hobsons\.com$" name="^ELOQUA$" /-->
+	<!--securecookie host="^www\.hobsons\.com$" name="^(?:AWSELB|PHPSESSID)$" /-->
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://hobsons\.com/"
+		to="https://www.hobsons.com/" />
+
+	<!--	Redirect keeps all:
+					-->
+	<rule from="^http://www\.postgrad\.hobsons\.com/"
+		to="https://www.postgrad.com/" />
+
+		<test url="http://www.postgrad.hobsons.com/blog" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/hoccer.com.xml b/src/chrome/content/rules/hoccer.com.xml
new file mode 100644
index 000000000000..aab7c1b30412
--- /dev/null
+++ b/src/chrome/content/rules/hoccer.com.xml
@@ -0,0 +1,29 @@
+<!--
+	Invalid certificate:
+		api.hoccer.com
+		developer.hoccer.com
+		stats.hoccer.com
+		hoccer-project.com
+		www.hoccer-project.com
+		stats.hoccer-project.com
+
+-->
+<ruleset name="Hoccer">
+
+	<target host="hoccer.com" />
+	<target host="www.hoccer.com" />
+	<target host="faq.hoccer.com" />
+	<target host="invite.hoccer.com" />
+
+	<target host="hoccer-project.com" />
+	<target host="www.hoccer-project.com" />
+
+	<securecookie host="^(www|faq|invite)\.hoccer\.com$" name=".+" />
+
+	<rule from="^http://(www\.)?hoccer-project\.com/"
+		to="https://hoccer.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/hoehrmann.de.xml b/src/chrome/content/rules/hoehrmann.de.xml
new file mode 100644
index 000000000000..833331f608df
--- /dev/null
+++ b/src/chrome/content/rules/hoehrmann.de.xml
@@ -0,0 +1,26 @@
+<!--
+	Invalid certificate:
+		ftp.bjoern.hoehrmann.de
+		mail.bjoern.hoehrmann.de
+		ssh.bjoern.hoehrmann.de
+		webmail.bjoern.hoehrmann.de
+		ftp.hoehrmann.de
+		ssh.hoehrmann.de
+		stephan.hoehrmann.de
+		ftp.stephan.hoehrmann.de
+		ssh.stephan.hoehrmann.de
+		www.stephan.hoehrmann.de
+		webmail.hoehrmann.de
+
+	Refused:
+		mail.hoehrmann.de
+-->
+<ruleset name="hoehrmann.de">
+	<target host="hoehrmann.de" />
+	<target host="www.hoehrmann.de" />
+	<target host="bjoern.hoehrmann.de" />
+	<target host="www.bjoern.hoehrmann.de" />
+
+	<rule from="^http://hoehrmann\.de/" to="https://www.hoehrmann.de/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/holbi.co.uk.xml b/src/chrome/content/rules/holbi.co.uk.xml
new file mode 100644
index 000000000000..044a14b9987c
--- /dev/null
+++ b/src/chrome/content/rules/holbi.co.uk.xml
@@ -0,0 +1,34 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- holbi.co.uk
+		- www.holbi.co.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css from fonts.googleapis.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Holbi.co.uk">
+
+	<target host="holbi.co.uk" />
+	<target host="www.holbi.co.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?holbi\.co\.uk$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\." name="^_ga" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/holidaypirates.com.xml b/src/chrome/content/rules/holidaypirates.com.xml
new file mode 100644
index 000000000000..39ecd1065143
--- /dev/null
+++ b/src/chrome/content/rules/holidaypirates.com.xml
@@ -0,0 +1,42 @@
+<!--
+	These altnames do not exist:
+
+		- www.packages.holidaypirates.com
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- holidaypirates.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Images on www from $self ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Holiday Pirates.com">
+
+	<target host="holidaypirates.com" />
+	<target host="packages.holidaypirates.com" />
+	<target host="thumb.holidaypirates.com" />
+	<target host="www.holidaypirates.com" />
+
+		<test url="http://thumb.holidaypirates.com/XwSbxbwlZeIXdqWen7LsxLK6L2E=/657x300/http://www.urlaubspiraten.de/media/library/images/2015/10/561d56a936f08423215764a8vrqak5.jpg" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^holidaypirates\.com$" name="^pirates$" /-->
+
+	<securecookie host="^\." name="^(?:__cfduid$|_gat?$|_gat_|cf_clearance$)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/holyrood.com.xml b/src/chrome/content/rules/holyrood.com.xml
new file mode 100644
index 000000000000..c742f35e31cc
--- /dev/null
+++ b/src/chrome/content/rules/holyrood.com.xml
@@ -0,0 +1,57 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://holyrood.com/ => https://holyrood.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+	Mixed content:
+
+		- Image, on:
+
+			- assetmanagement, bigdata, bim, brexitexplained, briefings, channelshift, childprotection, childrensinfosharing, cloud, colleges, connect, connectawards, connectdata, cybersecurity, digitaljustice, earlyyears, femaleoffenders, foi, healthandsocialcare, ltt, mobileworking, olderpeople, referendum, scotlandsuniversities, scottishpublicserviceawards, stem, swan, telehealthcare from media.dods.co.uk ˢ
+			- www from $self ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Holyrood.com" default_off="failed ruleset test">
+
+	<target host="holyrood.com" />
+	<target host="assetmanagement.holyrood.com" />
+	<target host="bigdata.holyrood.com" />
+	<target host="bim.holyrood.com" />
+	<target host="brexitexplained.holyrood.com" />
+	<target host="briefings.holyrood.com" />
+	<target host="channelshift.holyrood.com" />
+	<target host="childprotection.holyrood.com" />
+	<target host="childrensinfosharing.holyrood.com" />
+	<target host="cloud.holyrood.com" />
+	<target host="colleges.holyrood.com" />
+	<target host="connect.holyrood.com" />
+	<target host="connectawards.holyrood.com" />
+	<target host="connectdata.holyrood.com" />
+	<target host="cybersecurity.holyrood.com" />
+	<target host="digitaljustice.holyrood.com" />
+	<target host="earlyyears.holyrood.com" />
+	<target host="femaleoffenders.holyrood.com" />
+	<target host="foi.holyrood.com" />
+	<target host="healthandsocialcare.holyrood.com" />
+	<target host="ltt.holyrood.com" />
+	<target host="mobileworking.holyrood.com" />
+	<target host="olderpeople.holyrood.com" />
+	<target host="referendum.holyrood.com" />
+	<target host="scotlandsuniversities.holyrood.com" />
+	<target host="scottishpublicserviceawards.holyrood.com" />
+	<target host="stem.holyrood.com" />
+	<target host="swan.holyrood.com" />
+	<target host="telehealthcare.holyrood.com" />
+	<target host="www.holyrood.com" />
+
+
+	<securecookie host="^\." name="^_ga" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/home-designing.com.xml b/src/chrome/content/rules/home-designing.com.xml
new file mode 100644
index 000000000000..c24000733b09
--- /dev/null
+++ b/src/chrome/content/rules/home-designing.com.xml
@@ -0,0 +1,14 @@
+<!--
+	Redirects to http:
+		home-designing.com
+		www.home-designing.com
+-->
+<ruleset name="home-designing.com (partial)">
+
+	<target host="cdn.home-designing.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/home-school.com.xml b/src/chrome/content/rules/home-school.com.xml
new file mode 100644
index 000000000000..2605ded0736a
--- /dev/null
+++ b/src/chrome/content/rules/home-school.com.xml
@@ -0,0 +1,21 @@
+<!--
+	Problematic hosts in *home-school.com:
+
+		- ftp ᵐ
+
+	ᵐ Mismatched
+
+-->
+<ruleset name="Home-school.com (partial)">
+
+	<target host="home-school.com" />
+	<target host="www.home-school.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/homeaway.com-resources.xml b/src/chrome/content/rules/homeaway.com-resources.xml
new file mode 100644
index 000000000000..8d7b0763683b
--- /dev/null
+++ b/src/chrome/content/rules/homeaway.com-resources.xml
@@ -0,0 +1,53 @@
+<!--
+	For rules covering more than resources, see homeaway.com.xml.
+
+	Note: platform is so as not to increase non-Tor
+	distinguishability, given that no pages are covered
+	and no mixed content secured.
+
+-->
+<ruleset name="HomeAway.com (resources)" platform="mixedcontent">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="csvcus.homeaway.com" />
+	<target host="software.homeaway.com" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://software\.homeaway\.com/(?:$|rezfest$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://software\.homeaway\.com/(?!/*Themes/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://software.homeaway.com/rezfest" />
+			<test url="http://software.homeaway.com/vacation-rentals" />
+			<test url="http://software.homeaway.com/vacation-rentals/pci-compliance" />
+
+			<!--	-ve:
+					-->
+			<test url="http://software.homeaway.com/Themes/Marketing/Content/Images/background.png" />
+			<test url="http://software.homeaway.com/Themes/Marketing/Styles/kickstart-grid.css" />
+
+		<test url="http://csvcus.homeaway.com/rsrcs/cdn-logos/1.3.0/partners/expedia/logo.png" />
+
+	<!--	Complications:
+				-->
+	<target host="images.mailaway.homeaway.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://images\.mailaway\.homeaway\.com/"
+		to="https://s225508597.t.eloqua.com/" />
+
+		<test url="http://images.mailaway.homeaway.com/EloquaImages/clients/HomeAwayInc/%7B5a63765f-4824-4157-bda8-947535eebf18%7D_flag-as.gif" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/homeaway.com.xml b/src/chrome/content/rules/homeaway.com.xml
new file mode 100644
index 000000000000..3e5195700c8a
--- /dev/null
+++ b/src/chrome/content/rules/homeaway.com.xml
@@ -0,0 +1,148 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://mailaway.homeaway.com/PreferenceCenter => https://mailaway.homeaway.com/PreferenceCenter: (51, "SSL: no alternative certificate subject name matches target host name 'mailaway.homeaway.com'")
+Fetch error: http://book.homeaway.com/ => https://book.homeaway.com/: (7, 'Failed to connect to book.homeaway.com port 443: Connection timed out')
+
+	For rules covering resources which do not secure
+	mixed content, see homeaway.com-resources.xml.
+
+	Other HomeAway.com rulesets:
+
+		- vrbo.com.xml
+
+
+	CDN buckets:
+
+		- s225508597.t.eloqua.com	← app.mailaway
+
+
+	Nonfunctional hosts in *homeaway.com:
+
+		- clicklink ᵖ
+		- expedia.help ʰ
+
+	ʰ Redirects to http
+	ᵖ Plaintext reply
+
+
+	Problematic hosts in *homeaway.com:
+
+		- blog ᵐ
+		- mailaway ᵐ
+		- app.mailaway ᵐ
+		- images.mailaway ᵐ
+		- productupdates ᵐ
+
+	ᵐ Mismatched
+
+
+	^homeaway.com: dropped over http & https
+
+
+	These altnames do not exist:
+
+		- www.community.homeaway.com
+		- www.help.homeaway.com
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- .homeaway.com
+		- blog.homeaway.com
+		- community.homeaway.com
+		- help.homeaway.com
+		- investors.homeaway.com
+		- .mailaway.homeaway.com
+		- productupdates.homeaway.com
+		- www.homeaway.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css on mailaway from images.mailaway.homeaway.com ˢ
+
+		- Images, on:
+
+			- blog, productupdates from static1.squarespace.com ˢ
+			- blog from pbs.twimg.com ˢ
+			- mailaway from images.mailaway.homeaway.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="HomeAway.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="book.homeaway.com" />
+	<target host="cas.homeaway.com" />
+	<target host="community.homeaway.com" />
+	<!--target host="csvcus.homeaway.com" /-->
+	<target host="help.homeaway.com" />
+	<target host="investors.homeaway.com" />
+	<!--target host="software.homeaway.com" /-->
+	<target host="www.homeaway.com" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://software\.homeaway\.com/(?:$|rezfest$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="^http://software\.homeaway\.com/(?!/*Themes/)" /-->
+
+			<!--	+ve:
+					-->
+			<!--
+			<test url="http://software.homeaway.com/rezfest" />
+			<test url="http://software.homeaway.com/vacation-rentals" />
+			<test url="http://software.homeaway.com/vacation-rentals/pci-compliance" />
+			-->
+
+			<!--	-ve:
+					-->
+			<!--
+			<test url="http://software.homeaway.com/Themes/Marketing/Content/Images/background.png" />
+			<test url="http://software.homeaway.com/Themes/Marketing/Styles/kickstart-grid.css" />
+			-->
+
+		<!--test url="http://csvcus.homeaway.com/rsrcs/cdn-logos/1.3.0/partners/expedia/logo.png" /-->
+
+	<!--	Complications:
+				-->
+	<target host="app.mailaway.homeaway.com" />
+	<!--target host="images.mailaway.homeaway.com" /-->
+
+		<!--	Mixed content:
+					-->
+		<test url="http://mailaway.homeaway.com/PreferenceCenter" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.homeaway\.com$" name="^SS_MID$" /-->
+	<!--securecookie host="^(?:blog|productupdates)\.homeaway\.com$" name="^crumb$" /-->
+	<!--securecookie host="^community\.homeaway\.com$" name="^(?:BIGipServer|jive\.security\.context$)" /-->
+	<!--securecookie host="^help\.homeaway\.com$" name="^HA_HC_(?:SESSION|USER)$" /-->
+	<!--securecookie host="^investors\.homeaway\.com$" name="(?:^ASP\.NET_SessionId$|ASPX_PUBLIC_LanguageId$|^BIGipServer)" /-->
+	<!--securecookie host="^luxury\.homeaway\.com$" name="^(?:[\da-f-]+|JSESSIONID|ab|ha-cookie-consent|ha-ppc-source|ha[sv])$" /-->
+	<!--securecookie host="^mailaway\.homeaway\.com$" name="^ELOQUA$" /-->
+	<!--securecookie host="^www\.homeaway\.com$" name="^(?:[\da-f-]+|JSESSIONID|ha-cookie-consent|ha[sv])$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<!--rule from="^http://(?:app|images)\.mailaway\.homeaway\.com/" -->
+	<rule from="^http://app\.mailaway\.homeaway\.com/"
+		to="https://s225508597.t.eloqua.com/" />
+
+		<test url="http://app.mailaway.homeaway.com/e/er?s=225508597&amp;lid=6394" />
+		<!--test url="http://images.mailaway.homeaway.com/EloquaImages/clients/HomeAwayInc/%7B5a63765f-4824-4157-bda8-947535eebf18%7D_flag-as.gif" /-->
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/homebid.org.uk.xml b/src/chrome/content/rules/homebid.org.uk.xml
new file mode 100644
index 000000000000..393b9424f1ef
--- /dev/null
+++ b/src/chrome/content/rules/homebid.org.uk.xml
@@ -0,0 +1,35 @@
+<!--
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	^homebid.org.uk: Mismatched
+
+	NB: Server sends no certificate chain, see https://whatsmychaincert.com
+
+
+	Mixed content:
+
+		- Image from homeconnections.org.uk
+
+-->
+<ruleset name="Homebid.org.uk" default_off="cert-chain">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.homebid.org.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="homebid.org.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://homebid\.org\.uk/"
+		to="https://www.homebid.org.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/homeless.org.uk.xml b/src/chrome/content/rules/homeless.org.uk.xml
new file mode 100644
index 000000000000..6289d2c21ebb
--- /dev/null
+++ b/src/chrome/content/rules/homeless.org.uk.xml
@@ -0,0 +1,22 @@
+<!--
+	Mixed content:
+
+		- css on yourvotematters from fonts.googleapis.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Homeless.org.uk" default_off="mismatched">
+
+	<target host="homeless.org.uk" />
+	<target host="www.homeless.org.uk" />
+	<target host="yourvotematters.homeless.org.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/homeoffice.gov.uk.xml b/src/chrome/content/rules/homeoffice.gov.uk.xml
new file mode 100644
index 000000000000..b95b5caf222b
--- /dev/null
+++ b/src/chrome/content/rules/homeoffice.gov.uk.xml
@@ -0,0 +1,208 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.amsallegations.homeoffice.gov.uk/ => https://www.amsallegations.homeoffice.gov.uk/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.elearning.homeoffice.gov.uk/ => https://www.elearning.homeoffice.gov.uk/: (6, 'Could not resolve host: www.elearning.homeoffice.gov.uk')
+Fetch error: http://informationformps.homeoffice.gov.uk/ => https://informationformps.homeoffice.gov.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'informationformps.homeoffice.gov.uk'")
+Fetch error: http://elearning.homeoffice.gov.uk/ => https://www.elearning.homeoffice.gov.uk/: (6, 'Could not resolve host: www.elearning.homeoffice.gov.uk')
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *homeoffice.gov.uk:
+
+		- nrm ᵈ
+		- policerecruitment ᵈ
+		- jobs.sia ʳ
+		- www.sia ᵃ
+
+	ᵃ Shows another domain
+	ᵈ Dropped
+	ʳ Refused
+
+
+	Problematic hosts in *homeoffice.gov.uk:
+
+		- (www.)? ᵐ
+		- (www.)?bia ᵐ
+		- (www.)?biapreview ᵐ
+		- (www.)?crimereduction ᵈ
+		- elearning ⁵
+		- (www.)?ind ᵐ
+		- live.irtl ᵐ
+		- (www.)?oisc ᵐ
+		- preventreview ᵈ
+		- probation ᵈ
+		- (www.)?ukba ᵐ
+		- lifeintheuktest.ukba ᵐ
+
+	⁵ 502; preemptable redirect
+	ᵈ Dropped; preemptable redirect
+	ᵐ Mismatched
+
+
+	These altnames do not exist:
+
+		- amsallegations.homeoffice.gov.uk
+		- aspel.homeoffice.gov.uk
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.elearning.homeoffice.gov.uk
+		- www.points.homeoffice.gov.uk
+		- assessment.sia.homeoffice.gov.uk
+		- www.assessment.sia.homeoffice.gov.uk
+
+
+	Mixed content:
+
+		- Image on dlcu from lrc.businesslink.gov.uk ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Home Office.gov.uk (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.amsallegations.homeoffice.gov.uk" />
+	<target host="www.aspel.homeoffice.gov.uk" />
+	<target host="global-entry.beta.homeoffice.gov.uk" />
+	<target host="dlcu.homeoffice.gov.uk" />
+	<target host="www.elearning.homeoffice.gov.uk" />
+	<target host="informationformps.homeoffice.gov.uk" />
+	<target host="www.points.homeoffice.gov.uk" />
+	<target host="sia.homeoffice.gov.uk" />
+	<target host="assessment.sia.homeoffice.gov.uk" />
+	<target host="www.assessment.sia.homeoffice.gov.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="homeoffice.gov.uk" />
+	<target host="apc.homeoffice.gov.uk" />
+	<target host="www.apc.homeoffice.gov.uk" />
+	<target host="bia.homeoffice.gov.uk" />
+	<target host="www.bia.homeoffice.gov.uk" />
+	<target host="biapreview.homeoffice.gov.uk" />
+	<target host="www.biapreview.homeoffice.gov.uk" />
+	<target host="crimereduction.homeoffice.gov.uk" />
+	<target host="www.crimereduction.homeoffice.gov.uk" />
+	<target host="elearning.homeoffice.gov.uk" />
+	<target host="ind.homeoffice.gov.uk" />
+	<target host="www.ind.homeoffice.gov.uk" />
+	<target host="live.irtl.homeoffice.gov.uk" />
+	<target host="oisc.homeoffice.gov.uk" />
+	<target host="www.oisc.homeoffice.gov.uk" />
+	<target host="preventreview.homeoffice.gov.uk" />
+	<target host="probation.homeoffice.gov.uk" />
+	<target host="www.probation.homeoffice.gov.uk" />
+	<target host="ukba.homeoffice.gov.uk" />
+	<target host="lifeintheuktest.ukba.homeoffice.gov.uk" />
+	<target host="www.ukba.homeoffice.gov.uk" />
+	<target host="www.homeoffice.gov.uk" />
+
+		<!--	/*\w$ does not redirect:
+						-->
+		<exclusion pattern="^http://(?:(?:(?:www\.)?(?:apc|bia|biapreview|ind|oisc|ukba)|lifeintheuktest\.ukba|www)\.)?homeoffice\.gov\.uk/(?!/*(?:$|\?))" />
+
+			<!--	See below respective rules for negative cases.
+
+				+ve:
+					-->
+			<test url="http://homeoffice.gov.uk/101" />
+			<test url="http://apc.homeoffice.gov.uk/default.aspx" />
+			<test url="http://www.apc.homeoffice.gov.uk/index.php" />
+			<!--
+				(SRSLY.)
+						-->
+			<test url="http://bia.homeoffice.gov.uk/asylum/claimingasylum/" />
+			<test url="http://www.bia.homeoffice.gov.uk/asylum/oldercases/" />
+			<test url="http://biapreview.homeoffice.gov.uk/sitecontent/applicationforms/flr/flrfp" />
+			<test url="http://www.biapreview.homeoffice.gov.uk/sitecontent/documents/policyandlaw/modernised/applications" />
+			<test url="http://ind.homeoffice.gov.uk/policyandlaw/guidance/nationalityinstructions/" />
+			<test url="http://www.ind.homeoffice.gov.uk/sitecontent/documents/policyandlaw/modernised/general-grounds-refusing/" />
+			<test url="http://oisc.homeoffice.gov.uk/about_oisc/publication_scheme/oisc_documents/" />
+			<test url="http://www.oisc.homeoffice.gov.uk/how_to_find_a_regulated_immigration_adviser/managing_your_relationship_with_your_adviser" />
+			<test url="http://ukba.homeoffice.gov.uk/contact/" />
+			<test url="http://lifeintheuktest.ukba.homeoffice.gov.uk/htmlsite/refund_10.html" />
+			<test url="http://www.ukba.homeoffice.gov.uk/workingintheuk/" />
+			<test url="http://www.homeoffice.gov.uk/complaints/" />
+
+		<!--	$ 404s, so:
+					-->
+		<test url="http://www.points.homeoffice.gov.uk/gui-sms-jsf" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.elearning\.homeoffice\.gov\.uk$" name="^(?:XSRF-TOKEN|laravel_session)$" /-->
+	<!--securecookie host="^(?:www\.)?assessment\.sia\.homeoffice\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^www\.points\.homeoffice\.gov\.uk$" name="^PRD-PBS-WEB-COOKIE$$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<!--	Redirect drops forward slash and args:
+							-->
+	<rule from="^http://(?:www\.)?homeoffice\.gov\.uk/.*"
+		to="https://www.gov.uk/government/organisations/home-office" />
+
+	<!--	Redirect drops forward slash and args:
+							-->
+	<rule from="^http://(?:www\.)?apc\.homeoffice\.gov\.uk/.*"
+		to="https://www.gov.uk/government/organisations/animals-in-science-committee" />
+
+	<!--	Redirect drops forward slash and args:
+							-->
+	<rule from="^http://(?:www\.)?bia(?:preview)?\.homeoffice\.gov\.uk/.*"
+		to="https://www.gov.uk/government/organisations/uk-visas-and-immigration" />
+
+	<!--	Redirect drops forward slash and path, but not args:
+									-->
+	<rule from="^http://(?:www\.)?crimereduction\.homeoffice\.gov\.uk/[^?]*"
+		to="https://www.gov.uk/government/policies/crime-prevention" />
+
+	<!--	Redirect keeps all:
+					-->
+	<rule from="^http://elearning\.homeoffice\.gov\.uk/"
+		to="https://www.elearning.homeoffice.gov.uk/" />
+
+	<!--	Redirect drops forward slash and args:
+							-->
+	<rule from="^http://(?:www\.)?(?:ind|ukba)\.homeoffice\.gov\.uk/.*"
+		to="https://www.gov.uk/government/organisations/uk-visas-and-immigration" />
+
+	<!--	Redirect keeps all:
+					-->
+	<rule from="^http://live\.irtl\.homeoffice\.gov\.uk/"
+		to="https://terrorismlegislationreviewer.independent.gov.uk/" />
+
+	<!--	Redirect drops forward slash and args:
+							-->
+	<rule from="^http://(?:www\.)?oisc\.homeoffice\.gov\.uk/.*"
+		to="https://www.gov.uk/government/organisations/office-of-the-immigration-services-commissioner" />
+
+	<!--	Redirect drops forward slash and path, but not args:
+									-->
+	<rule from="^http://preventreview\.homeoffice\.gov\.uk/[^?]*"
+		to="https://www.gov.uk/government/policies/counter-terrorism" />
+
+		<test url="http://preventreview.homeoffice.gov.uk/default.aspx" />
+
+	<!--	Redirect drops forward slash and path, but not args:
+									-->
+	<rule from="^http://(?:www\.)?probation\.homeoffice\.gov\.uk/[^?]*"
+		to="https://www.gov.uk/government/policies/crime-prevention" />
+
+	<!--	Redirect drops forward slash and args:
+							-->
+	<rule from="^http://lifeintheuktest\.ukba\.homeoffice\.gov\.uk/.*"
+		to="https://www.gov.uk/life-in-the-uk-test" />
+
+		<test url="http://lifeintheuktest.ukba.homeoffice.gov.uk/?" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/honeynet.org.mx.xml b/src/chrome/content/rules/honeynet.org.mx.xml
new file mode 100644
index 000000000000..9b47ccca6e60
--- /dev/null
+++ b/src/chrome/content/rules/honeynet.org.mx.xml
@@ -0,0 +1,50 @@
+<!--
+	(www.)?honeynet.org.mx: Refused
+
+
+	Insecure cookies are set for these hosts:
+
+		- blog.honeynet.org.mx
+
+-->
+<ruleset name="Honeynet.org.mx (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="blog.honeynet.org.mx" />
+
+	<!--	Complications:
+				-->
+	<target host="honeynet.org.mx" />
+	<target host="www.honeynet.org.mx" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^blog\.honeynet\.org\.mx$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<!--	Redirect drops forward slash and args:
+							-->
+	<rule from="^http://(?:www\.)?honeynet\.org\.mx/.*"
+		to="https://blog.honeynet.org.mx/" />
+
+		<!--	/*\w does not redirect:
+						-->
+		<exclusion pattern="^http://(?:www\.)?honeynet\.org\.mx/+(?!$|\?)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://honeynet.org.mx/default.aspx" />
+			<test url="http://honeynet.org.mx/index.htm" />
+			<test url="http://honeynet.org.mx/index.html" />
+			<test url="http://honeynet.org.mx/index.php" />
+			<test url="http://www.honeynet.org.mx/index.html" />
+			<test url="http://www.honeynet.org.mx/index.php" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/honeynet.org.xml b/src/chrome/content/rules/honeynet.org.xml
new file mode 100644
index 000000000000..02a299684873
--- /dev/null
+++ b/src/chrome/content/rules/honeynet.org.xml
@@ -0,0 +1,35 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://public.honeynet.org/ => https://public.honeynet.org/: (60, 'SSL certificate problem: certificate has expired')
+
+
+	Problematic subdomains:
+
+		- pl. mismatch
+
+	ˢ Secured by us
+
+-->
+<ruleset name="Honeynet.org" default_off="failed ruleset test">
+
+	<target host="honeynet.org" />
+	<target host="www.honeynet.org" />
+	<target host="projects.honeynet.org" />
+	<target host="old.honeynet.org" />
+	<target host="sanantonio2016.honeynet.org" />
+	<target host="stavanger2015.honeynet.org" />
+	<target host="warsaw2014.honeynet.org" />
+	<target host="dubai2013.honeynet.org" />
+	<target host="public.honeynet.org" />
+	<target host="redmine.honeynet.org" />
+
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/hongkongairport.com.xml b/src/chrome/content/rules/hongkongairport.com.xml
new file mode 100644
index 000000000000..d00f83f641ce
--- /dev/null
+++ b/src/chrome/content/rules/hongkongairport.com.xml
@@ -0,0 +1,16 @@
+<!--
+	Invalid certificate:
+		- blog.hongkongairport.com
+
+	Could not connect:
+		- vps.hongkongairport.com
+-->
+<ruleset name="Hong Kong International Airport">
+	<target host="hongkongairport.com" />
+	<target host="www.hongkongairport.com" />
+	<target host="extranet.hongkongairport.com" />
+	<target host="extranetapps.hongkongairport.com" />
+	<target host="learningzone.hongkongairport.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/hongkongfp.com.xml b/src/chrome/content/rules/hongkongfp.com.xml
new file mode 100644
index 000000000000..48ad1cf7aba5
--- /dev/null
+++ b/src/chrome/content/rules/hongkongfp.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="Hong Kong Free Press">
+	<target host=    "hongkongfp.com" />
+	<target host="www.hongkongfp.com" />
+
+  	<securecookie host="^www\.hongkongfp\.com$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/hongkongpost.gov.hk.xml b/src/chrome/content/rules/hongkongpost.gov.hk.xml
new file mode 100644
index 000000000000..fbad3cddecf8
--- /dev/null
+++ b/src/chrome/content/rules/hongkongpost.gov.hk.xml
@@ -0,0 +1,9 @@
+<!--
+	For other HK government coverage, see GovHK.xml.
+-->
+<ruleset name="Hongkong Post e-Cert">
+  <target host="hongkongpost.gov.hk" />
+  <target host="www.hongkongpost.gov.hk" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/hook.io.xml b/src/chrome/content/rules/hook.io.xml
new file mode 100644
index 000000000000..7ddfe4e68631
--- /dev/null
+++ b/src/chrome/content/rules/hook.io.xml
@@ -0,0 +1,6 @@
+<!-- geoip. mismatch -->
+<ruleset name="hook.io">
+	<target host="hook.io" />
+	<target host="www.hook.io" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/host4coins.net.xml b/src/chrome/content/rules/host4coins.net.xml
new file mode 100644
index 000000000000..68705b03b9eb
--- /dev/null
+++ b/src/chrome/content/rules/host4coins.net.xml
@@ -0,0 +1,13 @@
+<!--
+	Mismatched:
+		- pay.host4coins.net
+-->
+<ruleset name="host4coins.net">
+	<target host="host4coins.net" />
+	<target host="www.host4coins.net" />
+	<target host="dev.host4coins.net" />
+	<target host="docs.host4coins.net" />
+	<target host="preview.host4coins.net" />
+ 
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/hostalite.com.xml b/src/chrome/content/rules/hostalite.com.xml
new file mode 100644
index 000000000000..b30b481f0897
--- /dev/null
+++ b/src/chrome/content/rules/hostalite.com.xml
@@ -0,0 +1,16 @@
+<ruleset name="hostalite.com">
+
+	<target host="hos.hostalite.com" />
+	<target host="www.hos.hostalite.com" />
+
+
+	<rule from="^http://(www\.)?hos\.hostalite\.com:2096/"
+		to="https://$1hos.hostalite.com:2096/" />
+
+		<test url="http://hos.hostalite.com:2096/" />
+		<test url="http://www.hos.hostalite.com:2096/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/hosted-ci.com.xml b/src/chrome/content/rules/hosted-ci.com.xml
new file mode 100644
index 000000000000..8af4e6efb881
--- /dev/null
+++ b/src/chrome/content/rules/hosted-ci.com.xml
@@ -0,0 +1,20 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.hosted-ci.com/ => https://hosted-ci.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://hosted-ci.com/ => https://hosted-ci.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.hosted-ci.com/ => https://hosted-ci.com/: (60, 'SSL certificate problem: certificate has expired')
+
+www.hosted-ci.com mismatch
+-->
+<ruleset name="hosted-ci.com" default_off="failed ruleset test">
+	<target host="hosted-ci.com" />
+	<target host="www.hosted-ci.com" />
+
+	<rule from="^http://www\.hosted-ci\.com/"
+		to="https://hosted-ci.com/" />
+
+	<test url="http://www.hosted-ci.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/hosting.cz.xml b/src/chrome/content/rules/hosting.cz.xml
new file mode 100644
index 000000000000..a4fa0b31cb9c
--- /dev/null
+++ b/src/chrome/content/rules/hosting.cz.xml
@@ -0,0 +1,22 @@
+<!--
+	For other Active24.cz coverage, see active24.cz.xml.
+
+	Mismatched:
+		- webmail.hosting.cz
+		- webftp.hosting.cz
+		- awstats.hosting.cz
+		- www2.hosting.cz
+		- novinky.hosting.cz
+		- start.hosting.cz
+		- o2.hosting.cz
+		- manualito.hosting.cz
+		- levnyweb.hosting.cz
+		- masozravky.hosting.cz
+		- hansonline.hosting.cz
+-->
+<ruleset name="Hosting.cz">
+	<target host="hosting.cz" />
+	<target host="www.hosting.cz" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/hosts-file.net.xml b/src/chrome/content/rules/hosts-file.net.xml
new file mode 100644
index 000000000000..0658a4ee28a2
--- /dev/null
+++ b/src/chrome/content/rules/hosts-file.net.xml
@@ -0,0 +1,8 @@
+<ruleset name="hpHosts">
+        <target host="hosts-file.net" />
+        <target host="www.hosts-file.net" />
+        <target host="forum.hosts-file.net" />
+
+        <rule from="^http:"
+                to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/hotel.ch.xml b/src/chrome/content/rules/hotel.ch.xml
new file mode 100644
index 000000000000..373839b0ead3
--- /dev/null
+++ b/src/chrome/content/rules/hotel.ch.xml
@@ -0,0 +1,14 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://hotel.ch/ => https://www.hotel.ch/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.hotel.ch/ => https://www.hotel.ch/: (28, 'Connection timed out after 20000 milliseconds')
+
+-->
+<ruleset name="hotel.ch" default_off="failed ruleset test">
+	<target host="hotel.ch"/>
+	<target host="www.hotel.ch"/>
+
+	<rule from="^http://(?:www\.)?hotel\.ch/"
+		to="https://www.hotel.ch/"/>
+</ruleset>
diff --git a/src/chrome/content/rules/hotelchantelle.com.xml b/src/chrome/content/rules/hotelchantelle.com.xml
new file mode 100644
index 000000000000..bac9026b6326
--- /dev/null
+++ b/src/chrome/content/rules/hotelchantelle.com.xml
@@ -0,0 +1,11 @@
+<!--
+	Invalid certificate:
+		email.hotelchantelle.com
+		ftp.hotelchantelle.com
+-->
+<ruleset name="hotelchantelle.com">
+	<target host="hotelchantelle.com" />
+	<target host="www.hotelchantelle.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/hotelmetropolitan.co.il.xml b/src/chrome/content/rules/hotelmetropolitan.co.il.xml
new file mode 100644
index 000000000000..0398f8b3ee96
--- /dev/null
+++ b/src/chrome/content/rules/hotelmetropolitan.co.il.xml
@@ -0,0 +1,11 @@
+<!--
+	Refused:
+		autodiscover.hotelmetropolitan.co.il
+		mail.hotelmetropolitan.co.il
+-->
+<ruleset name="hotelmetropolitan.co.il">
+	<target host="hotelmetropolitan.co.il" />
+	<target host="www.hotelmetropolitan.co.il" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/hotjar.com.xml b/src/chrome/content/rules/hotjar.com.xml
new file mode 100644
index 000000000000..b01d92883615
--- /dev/null
+++ b/src/chrome/content/rules/hotjar.com.xml
@@ -0,0 +1,39 @@
+<!--
+	Problematic hosts in *hotjar.com:
+
+		- careers ᵐ
+
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- careers.hotjar.com
+		- docs.hotjar.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Hotjar.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="hotjar.com" />
+	<target host="docs.hotjar.com" />
+	<target host="static.hotjar.com" />
+	<target host="status.hotjar.com" />
+	<target host="www.hotjar.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^careers\.hotjar\.com$" name="^_recruitee_careers$" /-->
+	<!--securecookie host="^docs\.hotjar\.com$" name="^connect\.sid$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/housetime.fm.xml b/src/chrome/content/rules/housetime.fm.xml
new file mode 100644
index 000000000000..68a326285976
--- /dev/null
+++ b/src/chrome/content/rules/housetime.fm.xml
@@ -0,0 +1,14 @@
+<!--
+	Invalid certificate:
+		listen.housetime.fm
+
+-->
+<ruleset name="HouseTime.FM">
+
+	<target host="housetime.fm" />
+	<target host="www.housetime.fm" />
+	<target host="admin.housetime.fm" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/hoverwatch.com.xml b/src/chrome/content/rules/hoverwatch.com.xml
new file mode 100644
index 000000000000..f6341e3d1dc2
--- /dev/null
+++ b/src/chrome/content/rules/hoverwatch.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- demo.hoverwatch.com
+
+-->
+<ruleset name="Hoverwatch.com">
+
+	<target host="hoverwatch.com" />
+	<target host="demo.hoverwatch.com" />
+	<target host="support.hoverwatch.com" />
+	<target host="www.hoverwatch.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^demo\.hoverwatch\.com$" name="^(?:cabver|sessionid)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/howard-cottage.co.uk.xml b/src/chrome/content/rules/howard-cottage.co.uk.xml
new file mode 100644
index 000000000000..b91c8d4f83a8
--- /dev/null
+++ b/src/chrome/content/rules/howard-cottage.co.uk.xml
@@ -0,0 +1,30 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.howard-cottage.co.uk/ => https://www.howard-cottage.co.uk/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://howard-cottage.co.uk/ => https://www.howard-cottage.co.uk/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	^howard-cottage.co.uk: Handshake fails
+
+-->
+<ruleset name="Howard-Cottage.co.uk" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.howard-cottage.co.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="howard-cottage.co.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://howard-cottage\.co\.uk/"
+		to="https://www.howard-cottage.co.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/howentrepreneur.com.xml b/src/chrome/content/rules/howentrepreneur.com.xml
new file mode 100644
index 000000000000..0214d93c67d5
--- /dev/null
+++ b/src/chrome/content/rules/howentrepreneur.com.xml
@@ -0,0 +1,30 @@
+<!--
+	Mixed content:
+
+		- css, from:
+
+			- fonts.googleapis.com ˢ
+			- $self ˢ
+
+		- Images, from:
+
+			- \d.gravatar.com ˢ
+			- $self ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="How Entrepreneur.com" platform="mixedcontent">
+
+	<target host="howentrepreneur.com" />
+	<target host="www.howentrepreneur.com" />
+
+
+	<securecookie host="^\." name="^(?:__cfduid$|__utm|cf_clearance$)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/howl.io.xml b/src/chrome/content/rules/howl.io.xml
new file mode 100644
index 000000000000..5e67d0b34f9a
--- /dev/null
+++ b/src/chrome/content/rules/howl.io.xml
@@ -0,0 +1,7 @@
+<ruleset name="Howl.io">
+	<target host="howl.io" />
+	<target host="www.howl.io" />
+	<target host="download.howl.io" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/hp-games.net.xml b/src/chrome/content/rules/hp-games.net.xml
new file mode 100644
index 000000000000..3e481803d39f
--- /dev/null
+++ b/src/chrome/content/rules/hp-games.net.xml
@@ -0,0 +1,11 @@
+<ruleset name="hp-games.net">
+	<target host="hp-games.net" />
+	<target host="www.hp-games.net" />
+	<target host="forum.hp-games.net" />
+	<target host="www.forum.hp-games.net" />
+	<!-- Mismatched: mail.hp-games.net -->
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/hps.org.xml b/src/chrome/content/rules/hps.org.xml
new file mode 100644
index 000000000000..02f952f5fe8d
--- /dev/null
+++ b/src/chrome/content/rules/hps.org.xml
@@ -0,0 +1,17 @@
+<!--
+	Health Physics Society
+
+-->
+<ruleset name="HPS.org">
+
+	<target host="hps.org" />
+	<target host="www.hps.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/hr-fernsehen.de.xml b/src/chrome/content/rules/hr-fernsehen.de.xml
new file mode 100644
index 000000000000..66000c2299e4
--- /dev/null
+++ b/src/chrome/content/rules/hr-fernsehen.de.xml
@@ -0,0 +1,23 @@
+<!--
+	This domain contains a wildcard DNS record.
+
+	Empty reply from server:
+		www.special.hr-fernsehen.de
+-->
+<ruleset name="hr-fernsehen.de">
+
+	<target host="hr-fernsehen.de" />
+	<target host="www.hr-fernsehen.de" />
+	<target host="download.hr-fernsehen.de" />
+		<test url="http://download.hr-fernsehen.de/sendungen-a-z/hallo-hessen/rezepte/beeren-schnitte-100.pdf" />
+	<target host="fs-produktion.hr-fernsehen.de" />
+	<target host="hr-text.hr-fernsehen.de" />
+	<target host="www.hr-text.hr-fernsehen.de" />
+	<target host="www.sommerbilanz.hr-fernsehen.de" />
+	<target host="ugc.hr-fernsehen.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/hromadskeradio.org.xml b/src/chrome/content/rules/hromadskeradio.org.xml
new file mode 100644
index 000000000000..cd319cf45704
--- /dev/null
+++ b/src/chrome/content/rules/hromadskeradio.org.xml
@@ -0,0 +1,7 @@
+<!-- donbas. mismatch
+crimea. mismatch -->
+<ruleset name="hromadskeradio.org">
+	<target host="hromadskeradio.org" />
+	<target host="www.hromadskeradio.org" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/hs-mannheim.de.xml b/src/chrome/content/rules/hs-mannheim.de.xml
new file mode 100644
index 000000000000..5daeea23c23f
--- /dev/null
+++ b/src/chrome/content/rules/hs-mannheim.de.xml
@@ -0,0 +1,78 @@
+<!--
+	Invalid Certificate:
+		dsp.hs-mannheim.de
+		mim.hs-mannheim.de
+		www.analogtechnik.hs-mannheim.de
+		www.emb.hs-mannheim.de
+		www.fotovoltaik.hs-mannheim.de
+		www.fsw.hs-mannheim.de
+		www.kve.hs-mannheim.de
+		www.mechatronik.hs-mannheim.de
+		www.pvs.hs-mannheim.de
+
+	Time Out:
+		www.gestaltung.hs-mannheim.de
+
+	Certificate Mismatch:
+	The non-www version of the targets
+-->
+<ruleset name="Hochschule Mannheim (partial)">
+
+	<!-- hs-mannheim.de -->
+	<target host="www.hs-mannheim.de"/>
+	<target host="www.ac.hs-mannheim.de"/>
+	<target host="www.asta.hs-mannheim.de"/>
+	<target host="www.atf.hs-mannheim.de"/>
+	<target host="www.bib.hs-mannheim.de"/>
+	<target host="www.bic.hs-mannheim.de"/>
+	<target host="www.biotech.hs-mannheim.de"/>
+	<target host="www.bwlehrpool.hs-mannheim.de"/>
+	<target host="www.cae.hs-mannheim.de"/>
+	<target host="www.career.hs-mannheim.de"/>
+	<target host="www.cit.hs-mannheim.de"/>
+	<target host="www.cv.hs-mannheim.de"/>
+	<target host="www.design.hs-mannheim.de"/>
+	<target host="www.ds.hs-mannheim.de"/>
+	<target host="www.emb-lab.hs-mannheim.de"/>
+	<target host="www.english.hs-mannheim.de"/>
+	<target host="www.et.hs-mannheim.de"/>
+	<target host="www.ete.hs-mannheim.de"/>
+	<target host="www.hft.hs-mannheim.de"/>
+	<target host="www.ia.hs-mannheim.de"/>
+	<target host="www.ibv.hs-mannheim.de"/>
+	<target host="www.imv.hs-mannheim.de"/>
+	<target host="www.informatik.hs-mannheim.de"/>
+	<target host="www.inftech.hs-mannheim.de"/>
+	<target host="www.ipm.hs-mannheim.de"/>
+	<target host="www.kmp.hs-mannheim.de"/>
+	<target host="www.kompass.hs-mannheim.de"/>
+	<target host="www.koord.hs-mannheim.de"/>
+	<target host="www.m2aind.hs-mannheim.de"/>
+	<target host="mail.hs-mannheim.de"/>
+	<target host="www.mbi.hs-mannheim.de"/>
+	<target host="www.mib.hs-mannheim.de"/>
+	<target host="moodle.hs-mannheim.de"/>
+	<target host="www.mwi.hs-mannheim.de"/>
+	<target host="noten.hs-mannheim.de"/>
+	<target host="www.oc.hs-mannheim.de"/>
+	<target host="www.physik.hs-mannheim.de"/>
+	<target host="www.pi.hs-mannheim.de"/>
+	<target host="www.prc.hs-mannheim.de"/>
+	<target host="www.seminarverwaltung.hs-mannheim.de"/>
+	<target host="www.startdurch.hs-mannheim.de"/>
+	<target host="www.sw.hs-mannheim.de"/>
+	<target host="www.barie.sw.hs-mannheim.de"/>
+	<target host="www.noyon.sw.hs-mannheim.de"/>
+	<target host="www.tbl.hs-mannheim.de"/>
+	<target host="www.tri.hs-mannheim.de"/>
+	<target host="www.tv.hs-mannheim.de"/>
+	<target host="www.uxid.hs-mannheim.de"/>
+	<target host="www.vct.hs-mannheim.de"/>
+	<target host="www.wing.hs-mannheim.de"/>
+	<target host="www.wrm.hs-mannheim.de"/>
+	<target host="www.wsp.hs-mannheim.de"/>
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/hsbc.co.in.xml b/src/chrome/content/rules/hsbc.co.in.xml
new file mode 100644
index 000000000000..4e969fd0a688
--- /dev/null
+++ b/src/chrome/content/rules/hsbc.co.in.xml
@@ -0,0 +1,74 @@
+<!--
+	For other HSBC Holdings coverage, see HSBC.xml.
+
+
+	Nonfunctional hosts in *hsbc.co.in:
+
+		- www.about *
+		- www.business *
+
+	* Unrecognized name
+
+
+	Problematic hosts in *hsbc.co.in:
+
+		- ^ ᵐ
+		- (www.)?assetmanagement ᵐ
+
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- services.assetmanagement.hsbc.co.in
+		- www.hsbc.co.in
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Bugs, on:
+
+			- services.assetmanagement from www1.member-hsbc-group.com ˢ
+			- www from ad.doubleclick.net
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="HSBC.co.in (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="services.assetmanagement.hsbc.co.in" />
+	<target host="www.hsbc.co.in" />
+
+	<!--	Complications:
+				-->
+	<target host="hsbc.co.in" />
+	<target host="www.assetmanagement.hsbc.co.in" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^services\.assetmanagement\.hsbc\.co\.in$" name="^(?:JSESSIONID|locale)$" /-->
+	<!--securecookie host="^www\.hsbc\.co\.in$" name="^(?:JSESSIONID|INPTK)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://hsbc\.co\.in/"
+		to="https://www.hsbc.co.in/" />
+
+	<!--	Redirect keeps path and args,
+		but not forward slash:
+						-->
+	<rule from="^http://www\.assetmanagement\.hsbc\.co\.in/+"
+		to="https://www.assetmanagement.hsbc.com/in" />
+
+		<test url="http://www.assetmanagement.hsbc.co.in/index.htm" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/hsbc.co.jp.xml b/src/chrome/content/rules/hsbc.co.jp.xml
new file mode 100644
index 000000000000..7c1cf3c1ec2d
--- /dev/null
+++ b/src/chrome/content/rules/hsbc.co.jp.xml
@@ -0,0 +1,53 @@
+<!--
+	For other HSBC Holdings coverage, see HSBC.xml.
+
+
+	Nonfunctional hosts in *hsbc.co.jp:
+
+		- www.about *
+
+	* Unrecognized name
+
+
+	^hsbc.co.jp: mismatched
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.hsbc.co.jp
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Bug on www from www1.member-hsbc-group.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="HSBC.co.jp (partial)" default_off="testing">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.hsbc.co.jp" />
+
+	<!--	Complications:
+				-->
+	<target host="hsbc.co.jp" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.hsbc\.co\.jp$" name="^(?:JSESSIONID|TKPTK)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://hsbc\.co\.jp/"
+		to="https://www.hsbc.co.jp/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/hsbc.co.kr.xml b/src/chrome/content/rules/hsbc.co.kr.xml
new file mode 100644
index 000000000000..55ece80790c5
--- /dev/null
+++ b/src/chrome/content/rules/hsbc.co.kr.xml
@@ -0,0 +1,53 @@
+<!--
+	For other HSBC Holdings coverage, see HSBC.xml.
+
+
+	Nonfunctional hosts in *hsbc.co.kr:
+
+		- www.about *
+
+	* Unrecognized name
+
+
+	^hsbc.co.kr: mismatched
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.hsbc.co.kr
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Bug on www from www1.member-hsbc-group.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="HSBC.co.kr (partial)" default_off="testing">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.hsbc.co.kr" />
+
+	<!--	Complications:
+				-->
+	<target host="hsbc.co.kr" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.hsbc\.co\.kr$" name="^(?:JSESSIONID|SEPTK)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://hsbc\.co\.kr/"
+		to="https://www.hsbc.co.kr/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/hsbc.co.uk.xml b/src/chrome/content/rules/hsbc.co.uk.xml
new file mode 100644
index 000000000000..b1e95c988b50
--- /dev/null
+++ b/src/chrome/content/rules/hsbc.co.uk.xml
@@ -0,0 +1,134 @@
+<!--
+	For other HSBC Holdings coverage, see HSBC.xml.
+
+
+	Nonfunctional hosts in *hsbc.co.uk:
+
+		- www.about *
+
+	* Unrecognized name / internal error
+
+
+	Problematic hosts in *hsbc.co.uk:
+
+		- www.financialplanning ᵐ
+		- www.mychoice.staff ᵐ
+		- bursarycompetition.students ᵉ
+
+	ᵉ Expired
+	ᵐ Mismatched
+
+
+	These altnames do not exist:
+
+		- www.personalisedloanquote.hsbc.co.uk
+
+
+	STS header includes includeSubdomains
+	for apply.business
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- creditindication.business.hsbc.co.uk
+		- www.business.hsbc.co.uk
+		- hsss.hsbc.co.uk
+		- www.invoicefinance.hsbc.co.uk
+		- mortgages.hsbc.co.uk
+		- www.mortgages.hsbc.co.uk
+		- saas.hsbc.co.uk
+		- www.saas.hsbc.co.uk
+		- bursarycompetition.students.hsbc.co.uk
+		- www.hsbc.co.uk
+		- www1.hsbc.co.uk
+		- www2.hsbc.co.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Bug on www.invoicefinance from www1.member-hsbc-group.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="HSBC.co.uk (partial)" default_off="testing">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="hsbc.co.uk" />
+	<target host="services.assetmanagement.hsbc.co.uk" />
+	<target host="apply.business.hsbc.co.uk" />
+	<target host="*.apply.business.hsbc.co.uk" />
+	<target host="creditindication.business.hsbc.co.uk" />
+	<target host="www.business.hsbc.co.uk" />
+	<target host="online.email.hsbc.co.uk" />
+	<target host="financialplanning.hsbc.co.uk" />
+	<target host="hsss.hsbc.co.uk" />
+	<target host="homequote.insurance.hsbc.co.uk" />
+	<target host="investments.hsbc.co.uk" />
+	<target host="www.invoicefinance.hsbc.co.uk" />
+	<target host="knowledge.hsbc.co.uk" />
+	<target host="www.knowledge.hsbc.co.uk" />
+	<target host="mortgages.hsbc.co.uk" />
+	<target host="www.mortgages.hsbc.co.uk" />
+	<target host="personalisedloanquote.hsbc.co.uk" />
+	<target host="saas.hsbc.co.uk" />
+	<target host="www.saas.hsbc.co.uk" />
+	<target host="www.tmo.hsbc.co.uk" />
+	<target host="www.hsbc.co.uk" />
+	<target host="www1.hsbc.co.uk" />
+	<target host="www2.hsbc.co.uk" />
+
+		<!--	includeSubdomains applies to one level only, so:
+										-->
+		<exclusion pattern="^http://(?:[^./]+\.){2,}apply\.business\.hsbc\.co\.uk/" />
+
+			<!--	+ve:
+					-->
+			<test url="http://this.host.apply.business.hsbc.co.uk/" />
+			<test url="http://exists.not.apply.business.hsbc.co.uk/" />
+
+		<test url="http://www.apply.business.hsbc.co.uk/" />
+
+		<!--	$ 403s, so:
+					-->
+		<test url="http://online.email.hsbc.co.uk/tt/trckparams.php?id=5644c05b886be1694919832&amp;WT.mc_id=&amp;WT.z_deliveryID=&amp;nid=" />
+
+		<!--	$ 404s, so:
+					-->
+		<test url="http://hsss.hsbc.co.uk/technicalsupp.jsp" />
+		<test url="http://homequote.insurance.hsbc.co.uk/Insurance/site/HSBC/household/home?initialStep=retrieve" />
+
+	<!--	Complications:
+				-->
+	<target host="www.financialplanning.hsbc.co.uk" />
+	<target host="www.mychoice.staff.hsbc.co.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^creditindication\.business\.hsbc\.co\.uk$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^www\.business\.hsbc\.co\.uk$" name="^UK[A-Z]+-EVRGRN-WDC$" /-->
+	<!--securecookie host="^hsss\.hsbc\.co\.uk$" name="^JSESSIONID$" /-->
+	<!--securecookie host="^(?:www\.invoicefinance|mortgages|www\.mortgages|saas|www\.saas|www[12]?)\.hsbc\.co\.uk$" name="^(?:JSESSIONID|UK[A-Z]+-SY)$" /-->
+	<!--securecookie host="^bursarycompetition\.students\.hsbc\.co\.uk$" name="^hsbc_fb_student$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://www\.financialplanning\.hsbc\.co\.uk/"
+		to="https://financialplanning.hsbc.co.uk/" />
+
+	<!--	Redirect drops all:
+					-->
+	<rule from="^http://www\.mychoice\.staff\.hsbc\.co\.uk/.*"
+		to="https://hsbc.tbs.aon.com/" />
+
+		<test url="http://www.mychoice.staff.hsbc.co.uk/index.htm" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/hsbc.com-resources.xml b/src/chrome/content/rules/hsbc.com-resources.xml
new file mode 100644
index 000000000000..faa462871871
--- /dev/null
+++ b/src/chrome/content/rules/hsbc.com-resources.xml
@@ -0,0 +1,24 @@
+<!--
+	For rules covering more than resources, see HSBC.xml.
+
+	Note: platform is so as not to increase non-Tor
+	distinguishability, given that no pages are covered
+	and no mixed content secured.
+
+-->
+<ruleset name="HSBC.com (resources)" default_off="testing" platform="mixedcontent">
+
+	<!--	Complications:
+				-->
+	<target host="images.cmbinsight.hsbc.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://images\.cmbinsight\.hsbc\.com/"
+		to="https://secure.p03.eloqua.com/" />
+
+		<test url="http://images.cmbinsight.hsbc.com/EloquaImages/clients/HsbcUsaInc/%7B396d6b45-02fc-481e-ac76-f6a81bf8503b%7D_EventLandingPage_pagebackground.gif" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/hsbc.com.bd.xml b/src/chrome/content/rules/hsbc.com.bd.xml
new file mode 100644
index 000000000000..e4631e652209
--- /dev/null
+++ b/src/chrome/content/rules/hsbc.com.bd.xml
@@ -0,0 +1,46 @@
+<!--
+	For other HSBC Holdings coverage, see HSBC.xml.
+
+
+	^hsbc.com.bd: mismatched
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.hsbc.com.bd
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Bug on www from www1.member-hsbc-group.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="HSBC.com.bd" default_off="testing">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.hsbc.com.bd" />
+
+	<!--	Complications:
+				-->
+	<target host="hsbc.com.bd" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.hsbc\.com\.bd$" name="^(?:DAPTK|JSESSIONID)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://hsbc\.com\.bd/"
+		to="https://www.hsbc.com.bd/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/hsbc.com.bh.xml b/src/chrome/content/rules/hsbc.com.bh.xml
new file mode 100644
index 000000000000..f82e739bffae
--- /dev/null
+++ b/src/chrome/content/rules/hsbc.com.bh.xml
@@ -0,0 +1,32 @@
+<!--
+	For other HSBC Holdings coverage, see HSBC.xml.
+
+
+	These altnames do not exist:
+
+		- hsbc.com.bh
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.hsbc.com.bh
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="HSBC.com.bh" default_off="testing">
+
+	<target host="www.hsbc.com.bh" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.hsbc\.com\.bh$" name="^(?:BAHRAIN-IB-DIGITAL-WDC|JSESSIONID)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/hsbc.com.eg.xml b/src/chrome/content/rules/hsbc.com.eg.xml
new file mode 100644
index 000000000000..68aae148901e
--- /dev/null
+++ b/src/chrome/content/rules/hsbc.com.eg.xml
@@ -0,0 +1,37 @@
+<!--
+	For other HSBC Holdings coverage, see HSBC.xml.
+
+
+	^hsbc.com.eg does not exist.
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.hsbc.com.eg
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Bug on www from www1.member-hsbc-group.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="HSBC.com.eg" default_off="testing">
+
+	<target host="www.hsbc.com.eg" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.hsbc\.com\.eg$" name="^(?:EGYPT-IB-DIGITAL_WDC|JSESSIONID)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/hsbc.com.hk.xml b/src/chrome/content/rules/hsbc.com.hk.xml
new file mode 100644
index 000000000000..fbdbafa5774b
--- /dev/null
+++ b/src/chrome/content/rules/hsbc.com.hk.xml
@@ -0,0 +1,82 @@
+<!--
+	For other HSBC Holdings coverage, see
+		+ HSBC.xml
+
+	Non-functional hosts
+		Timeout was reached:
+		- about.hsbc.com.hk
+		- assetmanagement.hsbc.com.hk
+		- business.hsbc.com.hk
+		- messaging.hsbc.com.hk
+
+		Incomplete certificate chain:
+		- bestserviceawards.hsbc.com.hk
+		- www.bestserviceawards.hsbc.com.hk
+-->
+<ruleset name="HSBC.com.hk (partial)">
+	<target host="hsbc.com.hk" />
+
+	<target host="about.hsbc.com.hk" />
+	<target host="www.about.hsbc.com.hk" />
+	<target host="assetmanagement.hsbc.com.hk" />
+	<target host="services.assetmanagement.hsbc.com.hk" />
+	<target host="www.assetmanagement.hsbc.com.hk" />
+
+	<target host="www.broking.hsbc.com.hk" />
+	<target host="business.hsbc.com.hk" />
+	<target host="www.business.hsbc.com.hk" />
+
+	<target host="cdn.hsbc.com.hk" />
+	<test url="http://cdn.hsbc.com.hk/content/dam/hsbc/hk/images/hk_broking.jpg" />
+	<test url="http://cdn.hsbc.com.hk/etc/designs/dpws/common/favicons/favicon-16x16.png" />
+	<target host="www.commercial.hsbc.com.hk" />
+	<test url="http://www.commercial.hsbc.com.hk/1/2/commercial/promo/account" />
+	<test url="http://www.commercial.hsbc.com.hk/1/2/directadvice" />
+	<test url="http://www.commercial.hsbc.com.hk/1/2/estatement" />
+
+	<target host="www.digitalcounterservices.hsbc.com.hk" />
+
+	<target host="payme.hsbc.com.hk" />
+	<target host="www1.personal.ebanking.hsbc.com.hk" />
+	<target host="www2.personal.ebanking.hsbc.com.hk" />
+	<target host="www.ebanking.hsbc.com.hk" />
+	<target host="www1.ebanking.hsbc.com.hk" />
+	<target host="www2.ebanking.hsbc.com.hk" />
+	<target host="www.ebroking.hsbc.com.hk" />
+
+	<target host="www.fundexpress.hsbc.com.hk" />
+	<test url="http://www.fundexpress.hsbc.com.hk/HSBCSite/main.aspx" />
+	
+	<target host="insurance.hsbc.com.hk" />
+	<target host="www.isstprod.hsbc.com.hk" />
+
+	<target host="click.messaging.hsbc.com.hk" />
+
+	<target host="www.file.online-banking.hsbc.com.hk" />
+	<target host="www.security.online-banking.hsbc.com.hk" />
+	<target host="static.services.online-banking.hsbc.com.hk" />
+	<target host="www.services.online-banking.hsbc.com.hk" />
+
+	<target host="www.personal.hsbc.com.hk" />
+
+	<target host="www.redhotoffers.hsbc.com.hk" />
+	<target host="retailbank.hsbc.com.hk" />
+
+	<target host="warrants.hsbc.com.hk" />
+	<target host="www.warrants.hsbc.com.hk" />
+	<target host="www.hsbc.com.hk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://about\.hsbc\.com\.hk/"
+		to="https://www.about.hsbc.com.hk/" />
+
+	<rule from="^http://assetmanagement\.hsbc\.com\.hk/"
+		to="https://www.assetmanagement.hsbc.com.hk/" />
+
+	<rule from="^http://business\.hsbc\.com\.hk/"
+		to="https://www.business.hsbc.com.hk/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/hsbc.com.lb.xml b/src/chrome/content/rules/hsbc.com.lb.xml
new file mode 100644
index 000000000000..f7290f2214f8
--- /dev/null
+++ b/src/chrome/content/rules/hsbc.com.lb.xml
@@ -0,0 +1,32 @@
+<!--
+	For other HSBC Holdings coverage, see HSBC.xml.
+
+
+	These altnames do not exist:
+
+		- hsbc.com.lb
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.hsbc.com.lb
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="HSBC.com.lb" default_off="testing">
+
+	<target host="www.hsbc.com.lb" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.hsbc\.com\.lb$" name="^(?:JSESSIONID|LEBANON-IB-DIGITAL-WDC)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/hsbc.com.mu.xml b/src/chrome/content/rules/hsbc.com.mu.xml
new file mode 100644
index 000000000000..620e34302a06
--- /dev/null
+++ b/src/chrome/content/rules/hsbc.com.mu.xml
@@ -0,0 +1,46 @@
+<!--
+	For other HSBC Holdings coverage, see HSBC.xml.
+
+
+	^hsbc.com.mu: mismatched
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.hsbc.com.mu
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Bug on www from www1.member-hsbc-group.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="HSBC.com.mu" default_off="testing">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.hsbc.com.mu" />
+
+	<!--	Complications:
+				-->
+	<target host="hsbc.com.mu" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.hsbc\.com\.mu$" name="^(?:JSESSIONID|MAPTK)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://hsbc\.com\.mu/"
+		to="https://www.hsbc.com.mu/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/hsbc.com.om.xml b/src/chrome/content/rules/hsbc.com.om.xml
new file mode 100644
index 000000000000..f00e5c1d15f7
--- /dev/null
+++ b/src/chrome/content/rules/hsbc.com.om.xml
@@ -0,0 +1,32 @@
+<!--
+	For other HSBC Holdings coverage, see HSBC.xml.
+
+
+	These altnames do not exist:
+
+		- hsbc.com.om
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.hsbc.com.om
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="HSBC.com.om" default_off="testing">
+
+	<target host="www.hsbc.com.om" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.hsbc\.com\.om$" name="^(?:JSESSIONID|OMAN-IB-DIGITAL-WDC)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/hsbc.com.qa.xml b/src/chrome/content/rules/hsbc.com.qa.xml
new file mode 100644
index 000000000000..0267addb7289
--- /dev/null
+++ b/src/chrome/content/rules/hsbc.com.qa.xml
@@ -0,0 +1,39 @@
+<!--
+	For other HSBC Holdings coverage, see HSBC.xml.
+
+
+	These altnames do not exist:
+
+		- hsbc.com.qa
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.hsbc.com.qa
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- www from fls.doubleclick.net *
+
+	* See https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="HSBC.com.qa" default_off="testing">
+
+	<target host="www.hsbc.com.qa" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.hsbc\.com\.qa$" name="^(?:JSESSIONID|QATAR-IB-DIGITAL-WDC)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/hsbc.com.vn.xml b/src/chrome/content/rules/hsbc.com.vn.xml
new file mode 100644
index 000000000000..439a1eb432ad
--- /dev/null
+++ b/src/chrome/content/rules/hsbc.com.vn.xml
@@ -0,0 +1,47 @@
+<!--
+	For other HSBC Holdings coverage, see HSBC.xml.
+
+
+	^hsbc.com.vn: mismatched
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.hsbc.com.vn
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Image on www from www.hsbc.com.sg
+		- Bug on www from www1.member-hsbc-group.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="HSBC.com.vn" default_off="testing">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.hsbc.com.vn" />
+
+	<!--	Complications:
+				-->
+	<target host="hsbc.com.vn" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.hsbc\.com\.vn$" name="^(?:JSESSIONID|VNPTK)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://hsbc\.com\.vn/"
+		to="https://www.hsbc.com.vn/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/hsbcnet.com.xml b/src/chrome/content/rules/hsbcnet.com.xml
new file mode 100644
index 000000000000..fc80b5fcfc9b
--- /dev/null
+++ b/src/chrome/content/rules/hsbcnet.com.xml
@@ -0,0 +1,46 @@
+<!--
+	For other HSBC Holdings coverage, see HSBC.xml.
+
+
+	^hsbcnet.com: mismatched
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.hsbcnet.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Bug on www from www1.member-hsbc-group.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="HSBCnet.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.hsbcnet.com" />
+
+	<!--	Complications:
+				-->
+	<target host="hsbcnet.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.hsbcnet\.com$" name="^(?:[\dA-Z]_ID|www\.hsbcnet\.com-VO)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://hsbcnet\.com/"
+		to="https://www.hsbcnet.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/hsbctrinkaus.de.xml b/src/chrome/content/rules/hsbctrinkaus.de.xml
new file mode 100644
index 000000000000..cc421ecd2158
--- /dev/null
+++ b/src/chrome/content/rules/hsbctrinkaus.de.xml
@@ -0,0 +1,28 @@
+<!--
+	For other HSBC Holdings coverage, see HSBC.xml.
+
+
+	^hsbctrinkaus.de: mismatched
+
+-->
+<ruleset name="HSBCtrinkaus.de" default_off="testing">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.hsbctrinkaus.de" />
+
+	<!--	Complications:
+				-->
+	<target host="hsbctrinkaus.de" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://hsbctrinkaus\.de/"
+		to="https://www.hsbctrinkaus.de/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/hscic.gov.uk.xml b/src/chrome/content/rules/hscic.gov.uk.xml
new file mode 100644
index 000000000000..bd41d0b85502
--- /dev/null
+++ b/src/chrome/content/rules/hscic.gov.uk.xml
@@ -0,0 +1,55 @@
+<!--
+	Health and Social Care Information Centre
+
+	For other UK government coverage, see GOV.UK.xml.
+
+	Non-functional hosts
+		Couldn't connect to server:
+		- igtt.hscic.gov.uk
+		- www.igtt.hscic.gov.uk
+		- www.hscic.gov.uk
+
+		Timeout was reached:
+		- efm.hscic.gov.uk
+		- hefs.hscic.gov.uk
+		- link.ict.hscic.gov.uk
+		- systems.hscic.gov.uk
+
+		SSL connect error:
+		- qof.hscic.gov.uk
+		- www.qof.hscic.gov.uk
+
+		SSL peer certificate was not OK:
+		- healthsurvey.hscic.gov.uk
+		- web.ict.hscic.gov.uk
+
+		Incomplete certificate chain error:
+		- ckm.hscic.gov.uk
+
+		5xx server error:
+		- gpoutcomes.hscic.gov.uk
+-->
+<ruleset name="hscic.gov.uk">
+	<target host="hscic.gov.uk" />
+	<target host="www.hscic.gov.uk" />
+	<target host="clinicalaudit.hscic.gov.uk" />
+	<target host="datadepot.hscic.gov.uk" />
+	<target host="dd4c.hscic.gov.uk" />
+	<target host="did.hscic.gov.uk" />
+	<target host="dsp.hscic.gov.uk" />
+	<target host="www.igt.hscic.gov.uk" />
+	<target host="indicators.hscic.gov.uk" />
+	<target host="isd.hscic.gov.uk" />
+	<target host="iview.hscic.gov.uk" />
+	<target host="login.hscic.gov.uk" />
+	<target host="my.hscic.gov.uk" />
+	<target host="nascis.hscic.gov.uk" />
+	<target host="ncmp.hscic.gov.uk" />
+	<target host="omnibus.hscic.gov.uk" />
+
+	<rule from="^http://www\.hscic\.gov\.uk/"
+			to="https://hscic.gov.uk/" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/hse.gov.uk.xml b/src/chrome/content/rules/hse.gov.uk.xml
new file mode 100644
index 000000000000..a0f3872c5327
--- /dev/null
+++ b/src/chrome/content/rules/hse.gov.uk.xml
@@ -0,0 +1,52 @@
+<!--
+	Health and Safety Executive
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *hse.gov.uk:
+
+		- (www.)? *
+		- webcommunities ᵃ
+
+	* Some paths redirect to http, others 404
+	ᵃ Shows another domain
+
+
+	Problematic hosts in *hse.gov.uk:
+
+		- extranet ᶜ
+		- news ᵉ ᵐ ˢ
+		- press ᵉ ᵐ ˢ
+		- records ᵐ
+
+	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
+	ᵉ Expired
+	ᵐ Mismatched
+	ˢ Self-signed
+
+
+	Insecure cookies are set for these hosts:
+
+		- extranet.hse.gov.uk
+		- securecommunities.hse.gov.uk
+
+-->
+<ruleset name="HSE.gov.uk (partial)">
+
+	<target host="extranet.hse.gov.uk" />
+	<target host="securecommunities.hse.gov.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^extranet\.hse\.gov\.uk$" name="^(?:ASP\.NET_SessionId|JSESSIONID)$" /-->
+	<!--securecookie host="^securecommunities\.hse\.gov\.uk$" name="^(?:CFID|CFTOKEN|JSESSIONID|SPIDERLOGON)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/hska.info.xml b/src/chrome/content/rules/hska.info.xml
new file mode 100644
index 000000000000..2c7940c26eaa
--- /dev/null
+++ b/src/chrome/content/rules/hska.info.xml
@@ -0,0 +1,22 @@
+<!--
+	Invalid certificate:
+		imap.hska.info
+		strg-c-v.hska.info
+
+-->
+<ruleset name="hska.info">
+
+	<target host="hska.info" />
+	<target host="www.hska.info" />
+	<target host="chat.hska.info" />
+	<target host="forum.hska.info" />
+	<target host="mail.hska.info" />
+	<target host="paste.hska.info" />
+	<target host="postfixadmin.hska.info" />
+	<target host="smtp.hska.info" />
+	<target host="webmail.hska.info" />
+	<target host="wiki.hska.info" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/html-online.com.xml b/src/chrome/content/rules/html-online.com.xml
new file mode 100644
index 000000000000..c50bc9b422e7
--- /dev/null
+++ b/src/chrome/content/rules/html-online.com.xml
@@ -0,0 +1,16 @@
+<!--
+www.html-online.com ¹
+
+
+¹ mismatch
+-->
+<ruleset name="html-online.com">
+	<target host="html-online.com" />
+
+	<target host="www.html-online.com" />
+
+	<rule from="^http://www\.html-online\.com/"
+		to="https://html-online.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/httpoxy.org.xml b/src/chrome/content/rules/httpoxy.org.xml
new file mode 100644
index 000000000000..d7dff285f659
--- /dev/null
+++ b/src/chrome/content/rules/httpoxy.org.xml
@@ -0,0 +1,16 @@
+<!--
+	www.httpoxy.org does not exist.
+
+-->
+<ruleset name="httpoxy.org">
+
+	<target host="httpoxy.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/httpstatuses.com.xml b/src/chrome/content/rules/httpstatuses.com.xml
new file mode 100644
index 000000000000..7756fe25b94f
--- /dev/null
+++ b/src/chrome/content/rules/httpstatuses.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="httpstatuses.com">
+	<target host="httpstatuses.com" />
+	<target host="www.httpstatuses.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/huaban.com.xml b/src/chrome/content/rules/huaban.com.xml
new file mode 100644
index 000000000000..cc75074add33
--- /dev/null
+++ b/src/chrome/content/rules/huaban.com.xml
@@ -0,0 +1,20 @@
+<!--
+	Expired:
+		meisi.huaban.com
+
+	Mismatched:
+		www.huaban.com	( Redirected to ^ by server. )
+		blog.huaban.com
+		event.huaban.com
+-->
+<ruleset name="huaban.com">
+	<target host="huaban.com" />
+	<target host="www.huaban.com" />
+	<target host="api.huaban.com" />
+	<target host="c.huaban.com" />
+	<target host="muse.huaban.com" />
+
+	<rule from="^http://www\.huaban\.com/" to="https://huaban.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/hubnotify.com.xml b/src/chrome/content/rules/hubnotify.com.xml
new file mode 100644
index 000000000000..9339057e3b05
--- /dev/null
+++ b/src/chrome/content/rules/hubnotify.com.xml
@@ -0,0 +1,5 @@
+<ruleset name="hubnotify.com">
+	<target host="hubnotify.com" />
+	<target host="www.hubnotify.com" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/huboard.com.xml b/src/chrome/content/rules/huboard.com.xml
new file mode 100644
index 000000000000..8cf50a583bd7
--- /dev/null
+++ b/src/chrome/content/rules/huboard.com.xml
@@ -0,0 +1,14 @@
+<!--
+blog.huboard.com ¹
+status.huboard.com ¹
+
+
+¹ mismatch
+-->
+<ruleset name="huboard.com">
+	<target host="huboard.com" />
+	<target host="www.huboard.com" />
+	<target host="enterprise.huboard.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/hubpeople.com.xml b/src/chrome/content/rules/hubpeople.com.xml
new file mode 100644
index 000000000000..668aa8b89898
--- /dev/null
+++ b/src/chrome/content/rules/hubpeople.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Other Hubpeople rulesets:
+
+		- TheHubPeople.com.xml
+
+
+	Problematic hosts in *hubpeople.com:
+
+		- portal ᵐ
+
+	ᵐ Mismatched
+
+-->
+<ruleset name="Hubpeople.com (partial)">
+
+	<target host="hubpeople.com" />
+	<target host="www.hubpeople.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/hugendubel.info.xml b/src/chrome/content/rules/hugendubel.info.xml
new file mode 100644
index 000000000000..a82073b9ef9e
--- /dev/null
+++ b/src/chrome/content/rules/hugendubel.info.xml
@@ -0,0 +1,8 @@
+<ruleset name="hugendubel.info">
+	<target host="hugendubel.info"/>
+	<target host="www.hugendubel.info"/>
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/humankode.com.xml b/src/chrome/content/rules/humankode.com.xml
new file mode 100644
index 000000000000..5b41e47b188f
--- /dev/null
+++ b/src/chrome/content/rules/humankode.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="humankode.com">
+	<target host="humankode.com" />
+	<target host="www.humankode.com" />
+	<target host="teamcity.humankode.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/humboldt-foundation.de.xml b/src/chrome/content/rules/humboldt-foundation.de.xml
new file mode 100644
index 000000000000..92fec6964b45
--- /dev/null
+++ b/src/chrome/content/rules/humboldt-foundation.de.xml
@@ -0,0 +1,10 @@
+<ruleset name="Alexander von Humboldt-Stiftung">
+
+	<target host="www.humboldt-foundation.de" />
+	<target host="auth.humboldt-foundation.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/huntonprivacyblog.com.xml b/src/chrome/content/rules/huntonprivacyblog.com.xml
new file mode 100644
index 000000000000..a1e5ba28c130
--- /dev/null
+++ b/src/chrome/content/rules/huntonprivacyblog.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="Hunton Privacy Blog.com">
+
+	<target host="huntonprivacyblog.com" />
+	<target host="www.huntonprivacyblog.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/huuto.net-resources.xml b/src/chrome/content/rules/huuto.net-resources.xml
new file mode 100644
index 000000000000..3c717bab8e86
--- /dev/null
+++ b/src/chrome/content/rules/huuto.net-resources.xml
@@ -0,0 +1,63 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://kuvat2.huuto.net/ => https://kuvat2.huuto.net/: (35, 'error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure')
+
+	For rules covering more than resources, see huuto.net.xml.
+
+	Note: platform is so as not to increase non-Tor
+	distinguishability, given that no pages are covered
+	and no mixed content secured.
+
+-->
+<ruleset name="Huuto.net (resources)" platform="mixedcontent" default_off="failed ruleset test">
+
+	<target host="huuto.net" />
+	<target host="kuvat.huuto.net" />
+	<target host="kuvat2.huuto.net" />
+	<target host="salattu.huuto.net" />
+	<target host="www.huuto.net" />
+
+		<exclusion pattern="^http://(?:salattu|www)\.huuto\.net/(?!/*(?:favicon\.ico|module/|[\d.]+/module/))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://salattu.huuto.net/hakutulos" />
+			<test url="http://salattu.huuto.net/hakutulos/page/2" />
+			<test url="http://salattu.huuto.net/hakutulos/page/3/category/49" />
+			<test url="http://salattu.huuto.net/hakutulos/sort/newest" />
+			<test url="http://salattu.huuto.net/hakutulos/words/emali/category/528" />
+			<test url="http://salattu.huuto.net/hakutulos/words/kultaraha/category/203" />
+			<test url="http://salattu.huuto.net/hakutulos/words/louis+vuitton/category/929" />
+
+			<test url="http://www.huuto.net/hakutulos" />
+			<test url="http://www.huuto.net/hakutulos/category/519/words/partner" />
+			<test url="http://www.huuto.net/hakutulos/category/546/sellstyle/all" />
+			<test url="http://www.huuto.net/hakutulos/page/1/category/162" />
+			<test url="http://www.huuto.net/hakutulos/page/2" />
+			<test url="http://www.huuto.net/hakutulos/sellernro/667154" />
+			<test url="http://www.huuto.net/hakutulos/sort/hits" />
+			<test url="http://www.huuto.net/hakutulos/sort/newest" />
+			<test url="http://www.huuto.net/hakutulos/words/huawei/category/51" />
+			<test url="http://www.huuto.net/hakutulos/words/jopo/category/1" />
+			<test url="http://www.huuto.net/hakutulos/words/remu/category/403" />
+
+			<!--	-ve:
+					-->
+			<test url="http://salattu.huuto.net/13.5/module/fresco/css/styles.css" />
+			<test url="http://salattu.huuto.net/favicon.ico" />
+			<test url="http://salattu.huuto.net/module/hoot/images/oikotie_logo_small.svg" />
+			<test url="http://salattu.huuto.net/osasto" />
+			<test url="http://salattu.huuto.net/osasto/tietotekniikka/51" />
+
+			<test url="http://www.huuto.net/13.6/module/hoot/css/huuto.css" />
+			<test url="http://www.huuto.net/module/fresco/images/OBA_symbol.png" />
+			<test url="http://www.huuto.net/module/hoot/images/oikotie_logo_small.svg" />
+
+		<test url="http://kuvat.huuto.net/a/0b/4d19d3427906f485bd969e465ac71-s.jpg" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/huuto.net.xml b/src/chrome/content/rules/huuto.net.xml
index 5810582b2ba2..113508509163 100644
--- a/src/chrome/content/rules/huuto.net.xml
+++ b/src/chrome/content/rules/huuto.net.xml
@@ -1,12 +1,121 @@
-<ruleset name="huuto.net">
-  <target host="huuto.net" />
-  <target host="www.huuto.net" />
-  <target host="salattu.huuto.net" />
-  <target host="kuvat2.huuto.net" />
-  <target host="kuvat.huuto.net" />
-  
-<rule from="^http://(www\.)?huuto\.net/" to="https://salattu.huuto.net/"/>
-<rule from="^http://salattu\.huuto\.net/" to="https://salattu.huuto.net/"/>
-<rule from="^http://kuvat2\.huuto\.net/" to="https://kuvat2.huuto.net/"/>
-<rule from="^http://kuvat\.?huuto\.net/" to="https://kuvat.huuto.net/"/>
+<!--
+	For rules covering resources which do not secure
+	mixed content, see huuto.net-resources.xml.
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- .huuto.net
+		- salattu.huuto.net
+		- www.huuto.net
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Bug on www from analytics.sanoma.fi ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Huuto.net (partial)">
+
+	<target host="huuto.net" />
+	<!--target host="kuvat.huuto.net" /-->
+	<!--target host="kuvat2.huuto.net" /-->
+	<target host="salattu.huuto.net" />
+	<target host="www.huuto.net" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.huuto\.net/(?:$|hakutulos$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="^http://(?:www\.)?huuto\.net/(?!/*(?:favicon\.ico|(?:keskustelu|kirjaudu|ohjeet|osasto|palaute|rekisteroidy|uusi-ilmoitus)(?:$|[?/]|module/|[\d.]+/module/)))" /-->
+		<!--
+			Reduce non-Tor distinguishability:
+								-->
+		<exclusion pattern="^http://(?:www\.)?huuto\.net/(?!/*(?:keskustelu|kirjaudu|ohjeet|osasto|palaute|rekisteroidy|uusi-ilmoitus)(?:$|[?/]))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.huuto.net/hakutulos" />
+			<test url="http://www.huuto.net/hakutulos/category/519/words/partner" />
+			<test url="http://www.huuto.net/hakutulos/category/546/sellstyle/all" />
+			<test url="http://www.huuto.net/hakutulos/page/1/category/162" />
+			<test url="http://www.huuto.net/hakutulos/page/2" />
+			<test url="http://www.huuto.net/hakutulos/sellernro/667154" />
+			<test url="http://www.huuto.net/hakutulos/sort/hits" />
+			<test url="http://www.huuto.net/hakutulos/sort/newest" />
+			<test url="http://www.huuto.net/hakutulos/words/huawei/category/51" />
+			<test url="http://www.huuto.net/hakutulos/words/jopo/category/1" />
+			<test url="http://www.huuto.net/hakutulos/words/remu/category/403" />
+
+			<!--	-ve:
+					-->
+			<!--
+			<test url="http://www.huuto.net/13.6/module/hoot/css/huuto.css" />
+			-->
+			<test url="http://www.huuto.net/keskustelu" />
+			<test url="http://www.huuto.net/keskustelu/list/category/kera" />
+			<test url="http://www.huuto.net/kirjaudu" />
+			<!--
+			<test url="http://www.huuto.net/module/fresco/images/OBA_symbol.png" />
+			<test url="http://www.huuto.net/module/hoot/images/oikotie_logo_small.svg" />
+			-->
+			<test url="http://www.huuto.net/ohjeet" />
+			<test url="http://www.huuto.net/palaute" />
+			<test url="http://www.huuto.net/rekisteroidy" />
+			<test url="http://www.huuto.net/uusi-ilmoitus" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://salattu\.huuto\.net/(?:$|hakutulos$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="^http://salattu\.huuto\.net/(?!/*(?:favicon\.ico|module/|osasto(?:$|[?/]|[\d.]+/module/)))" /-->
+		<!--
+			Reduce non-Tor distinguishability:
+								-->
+		<exclusion pattern="^http://salattu\.huuto\.net/(?!/*osasto(?:$|[?/]))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://salattu.huuto.net/hakutulos" />
+			<test url="http://salattu.huuto.net/hakutulos/page/2" />
+			<test url="http://salattu.huuto.net/hakutulos/page/3/category/49" />
+			<test url="http://salattu.huuto.net/hakutulos/sort/newest" />
+			<test url="http://salattu.huuto.net/hakutulos/words/emali/category/528" />
+			<test url="http://salattu.huuto.net/hakutulos/words/kultaraha/category/203" />
+			<test url="http://salattu.huuto.net/hakutulos/words/louis+vuitton/category/929" />
+
+			<!--	-ve:
+					-->
+			<!--
+			<test url="http://salattu.huuto.net/13.5/module/fresco/css/styles.css" />
+			<test url="http://salattu.huuto.net/favicon.ico" />
+			<test url="http://salattu.huuto.net/module/hoot/images/oikotie_logo_small.svg" />
+			-->
+			<test url="http://salattu.huuto.net/osasto" />
+			<test url="http://salattu.huuto.net/osasto/tietotekniikka/51" />
+
+		<!--
+		<test url="http://kuvat.huuto.net/a/0b/4d19d3427906f485bd969e465ac71-s.jpg" />
+		-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.huuto\.net$" name="^HUUTOSESSION$" /-->
+	<!--securecookie host="^(?:salattu\.|www\.)?huuto\.net$" name="^AWSELB$" /-->
+
+	<securecookie host="^\." name="^_ga" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/hydra-billing.com.xml b/src/chrome/content/rules/hydra-billing.com.xml
new file mode 100644
index 000000000000..3ea6d8deb899
--- /dev/null
+++ b/src/chrome/content/rules/hydra-billing.com.xml
@@ -0,0 +1,27 @@
+<!--
+hydra-billing.com ⁴
+www.hydra-billing.com ⁴
+blog.hydra-billing.com ¹
+bpm.demo.bss.hydra-billing.com ³
+crm.hydra-billing.com ⁴
+forum.hydra-billing.com ¹
+itsa.hydra-billing.com ⁴
+my-telport.hydra-billing.com ¹
+my.omsy.hydra-billing.com ⁵
+pm.hydra-billing.com ¹
+pozitel.hydra-billing.com ⁴
+smiles.hydra-billing.com ¹
+tvoytel.hydra-billing.com ⁴
+vtell.hydra-billing.com ⁴
+
+
+¹ mismatch
+³ timed out
+⁴ incomplete certificate chain
+⁵ expired
+-->
+<ruleset name="hydra-billing.com (partial)">
+	<target host="support.hydra-billing.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/hydranodes.de.xml b/src/chrome/content/rules/hydranodes.de.xml
new file mode 100644
index 000000000000..9907367aa352
--- /dev/null
+++ b/src/chrome/content/rules/hydranodes.de.xml
@@ -0,0 +1,9 @@
+<ruleset name="hydranodes.de">
+
+	<target host="swift.hydranodes.de" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/hydro.gov.hk.xml b/src/chrome/content/rules/hydro.gov.hk.xml
new file mode 100644
index 000000000000..3cd0e6c741d1
--- /dev/null
+++ b/src/chrome/content/rules/hydro.gov.hk.xml
@@ -0,0 +1,10 @@
+<!--
+	For other HK government coverage, see GovHK.xml.
+-->
+<ruleset name="Hong Kong Hydrographic Office">
+	<target host="current.hydro.gov.hk" />
+	<target host="tide1.hydro.gov.hk" />
+	<target host="www.hydro.gov.hk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/hydrogenaud.io.xml b/src/chrome/content/rules/hydrogenaud.io.xml
new file mode 100644
index 000000000000..f4e29295c7d5
--- /dev/null
+++ b/src/chrome/content/rules/hydrogenaud.io.xml
@@ -0,0 +1,10 @@
+<!--
+wiki.hydrogenaud.io mismatch
+replaygain.hydrogenaud.io mismatch
+-->
+<ruleset name="hydrogenaud.io">
+	<target host="hydrogenaud.io" />
+	<target host="www.hydrogenaud.io" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/hyperisland.com.xml b/src/chrome/content/rules/hyperisland.com.xml
new file mode 100644
index 000000000000..e2f19e9b6b02
--- /dev/null
+++ b/src/chrome/content/rules/hyperisland.com.xml
@@ -0,0 +1,30 @@
+<!--
+	Nonfunctional hosts in *hyperisland.com:
+
+		- changes-of-tomorrow ʳ
+		- shop ʳ
+
+	ʳ Refused
+
+
+	Problematic hosts in *hyperisland.com:
+
+		- knowledge ᵐ
+
+	ᵐ Hubspot / mismatched
+
+-->
+<ruleset name="Hyper Island.com (partial)">
+
+	<target host="hyperisland.com" />
+	<target host="www.hyperisland.com" />
+
+
+	<securecookie host="^\." name="^(?:_ga|optimizely)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/hyperledger.org.xml b/src/chrome/content/rules/hyperledger.org.xml
new file mode 100644
index 000000000000..e11c971b2dce
--- /dev/null
+++ b/src/chrome/content/rules/hyperledger.org.xml
@@ -0,0 +1,17 @@
+<!--
+	For other Linux Foundation coverage, see LinuxFoundation.xml.
+
+-->
+<ruleset name="Hyper Ledger.org">
+
+	<target host="hyperledger.org" />
+	<target host="www.hyperledger.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/hyperrealm.com.xml b/src/chrome/content/rules/hyperrealm.com.xml
new file mode 100644
index 000000000000..691c159c8635
--- /dev/null
+++ b/src/chrome/content/rules/hyperrealm.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Invalid certificate:
+		ftp.hyperrealm.com
+		imap.hyperrealm.com
+		autodiscover.markl.hyperrealm.com
+		webmail.markl.hyperrealm.com
+		pop.hyperrealm.com
+		smtp.hyperrealm.com
+
+	Refused:
+		localhost.hyperrealm.com
+-->
+<ruleset name="hyperrealm.com">
+	<target host="hyperrealm.com" />
+	<target host="www.hyperrealm.com" />
+	<target host="autodiscover.hyperrealm.com" />
+	<target host="cpanel.hyperrealm.com" />
+	<target host="mail.hyperrealm.com" />
+	<target host="markl.hyperrealm.com" />
+	<target host="www.markl.hyperrealm.com" />
+	<target host="webdisk.hyperrealm.com" />
+	<target host="webmail.hyperrealm.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/hypestat.com.xml b/src/chrome/content/rules/hypestat.com.xml
new file mode 100644
index 000000000000..a8726298b9d4
--- /dev/null
+++ b/src/chrome/content/rules/hypestat.com.xml
@@ -0,0 +1,25 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://static.hypestat.com/images/menu_back.png => https://static.hypestat.com/images/menu_back.png: Too many redirects while fetching 'https://static.hypestat.com/images/menu_back.png'
+Fetch error: http://hypestat.com/ => https://hypestat.com/: Too many redirects while fetching 'https://hypestat.com/'
+Fetch error: http://static.hypestat.com/ => https://static.hypestat.com/: Too many redirects while fetching 'https://static.hypestat.com/'
+Fetch error: http://www.hypestat.com/ => https://www.hypestat.com/: Too many redirects while fetching 'https://www.hypestat.com/'
+
+-->
+<ruleset name="HypeStat.com" default_off="failed ruleset test">
+
+	<target host="hypestat.com" />
+	<target host="static.hypestat.com" />
+	<target host="www.hypestat.com" />
+
+		<test url="http://static.hypestat.com/images/menu_back.png" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/hzqx.com.xml b/src/chrome/content/rules/hzqx.com.xml
new file mode 100644
index 000000000000..9dcb593e6b79
--- /dev/null
+++ b/src/chrome/content/rules/hzqx.com.xml
@@ -0,0 +1,8 @@
+<!--
+    Time out: zhfy.hzqx.com
+-->
+<ruleset name="hzqx.com">
+	<target host="www.hzqx.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/i-epistemology.net.xml b/src/chrome/content/rules/i-epistemology.net.xml
new file mode 100644
index 000000000000..b3b8bac6f629
--- /dev/null
+++ b/src/chrome/content/rules/i-epistemology.net.xml
@@ -0,0 +1,8 @@
+<ruleset name="i-epistemology.net">
+	<target host="i-epistemology.net" />
+	<target host="www.i-epistemology.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/i4wifi.cz.xml b/src/chrome/content/rules/i4wifi.cz.xml
new file mode 100644
index 000000000000..e299bdc8d584
--- /dev/null
+++ b/src/chrome/content/rules/i4wifi.cz.xml
@@ -0,0 +1,27 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://edocs.i4wifi.cz/ => https://edocs.i4wifi.cz/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://piwik.i4wifi.cz/ => https://piwik.i4wifi.cz/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://img.i4wifi.cz/ => https://img.i4wifi.cz/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://files.i4wifi.cz/ => https://files.i4wifi.cz/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	Mismatched:
+		- robot.i4wifi.cz
+		- licence.i4wifi.cz
+		- skoleni.i4wifi.cz
+		- helpdesk.i4wifi.cz
+	Time out:
+		- old.i4wifi.cz
+-->
+<ruleset name="i4wifi.cz" default_off="failed ruleset test">
+	<target host="i4wifi.cz" />
+	<target host="www.i4wifi.cz" />
+	<target host="edocs.i4wifi.cz" />
+	<target host="pay.i4wifi.cz" />
+	<target host="piwik.i4wifi.cz" />
+	<target host="img.i4wifi.cz" />
+	<target host="files.i4wifi.cz" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/iCarol.xml b/src/chrome/content/rules/iCarol.xml
index c8e0d63aefaa..43cac2c2d295 100644
--- a/src/chrome/content/rules/iCarol.xml
+++ b/src/chrome/content/rules/iCarol.xml
@@ -1,9 +1,12 @@
+<!--
+	Mismatch:
+		- (www.)icarol.com
+-->
 <ruleset name="iCarol">
-	<target host="icarol.com" />
 	<target host="webapp.icarol.com" />
-	<target host="www.icarol.com" />
 
-	<securecookie host="^(webapp|www)\.icarol\.com$" name=".+" />
+	<securecookie host="^webapp\.icarol\.com$" name=".+" />
 
-	<rule from="^http://((webapp|www)\.)?icarol\.com/" to="https://$1icarol.com/" />
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/iDreamx.com.xml b/src/chrome/content/rules/iDreamx.com.xml
new file mode 100644
index 000000000000..e3882c66cba1
--- /dev/null
+++ b/src/chrome/content/rules/iDreamx.com.xml
@@ -0,0 +1,11 @@
+<!--
+	Active mixed content:
+		- www.idreamx.com, from discuz.gtimg.cn
+-->
+
+<ruleset name="iDreamx.com" platform="mixedcontent">
+	<target host="idreamx.com" />
+	<target host="www.idreamx.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/iEntry.com.xml b/src/chrome/content/rules/iEntry.com.xml
new file mode 100644
index 000000000000..201094bd5842
--- /dev/null
+++ b/src/chrome/content/rules/iEntry.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="iEntry (partial)">
+	<target host="ientry.com" />
+	<target host="www.ientry.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/iEntry.xml b/src/chrome/content/rules/iEntry.xml
deleted file mode 100644
index dc3cd03cd489..000000000000
--- a/src/chrome/content/rules/iEntry.xml
+++ /dev/null
@@ -1,29 +0,0 @@
-<!--
-	CDN buckets:
-
-		- Possible bucket at s3.amazonaws.com/ientry/
-		- d195lklsc86qb5.cloudfront.net
-
-
-	Nonfunctional domains:
-
-		- images.ientrymail.com
-		- images1.ientrymail.com
-
--->
-<ruleset name="iEntry (partial)" platform="mixedcontent">
-
-	<target host="ientry.com" />
-	<target host="*.ientry.com" />
-
-
-	<securecookie host="^www\.ientry\.com$" name=".*" />
-
-
-	<rule from="^http://(www\.)?ientry\.com/"
-		to="https://$1ientry.com/" />
-
-	<rule from="^https?://cdn\.ientry\.com/"
-		to="https://d195lklsc86qb5.cloudfront.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/iHub_-Nairobi.xml b/src/chrome/content/rules/iHub_-Nairobi.xml
index 128657481a9e..eb79d6802eac 100644
--- a/src/chrome/content/rules/iHub_-Nairobi.xml
+++ b/src/chrome/content/rules/iHub_-Nairobi.xml
@@ -1,12 +1,14 @@
 <!--
-	- Expired 2013-07-19	
+	- Expired 2013-07-19
 	- CN: Parallels Panel
 
 -->
 <ruleset name="iHub_ Nairobi" default_off="expired, self-signed">
 
 	<target host="ihub.co.ke" />
-	<target host="*.ihub.co.ke" />
+	<target host="research.ihub.co.ke" />
+	<target host="www.ihub.co.ke" />
+	<target host="www.research.ihub.co.ke" />
 
 
 	<securecookie host="^ihub\.co\.ke$" name=".+" />
diff --git a/src/chrome/content/rules/iMapEnterprises.com.xml b/src/chrome/content/rules/iMapEnterprises.com.xml
new file mode 100644
index 000000000000..f8597f2744e7
--- /dev/null
+++ b/src/chrome/content/rules/iMapEnterprises.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="iMapEnterprises.com">
+	<target host="imapenterprises.com" />
+	<target host="www.imapenterprises.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/iPay88.com.xml b/src/chrome/content/rules/iPay88.com.xml
new file mode 100644
index 000000000000..a37b573b0b46
--- /dev/null
+++ b/src/chrome/content/rules/iPay88.com.xml
@@ -0,0 +1,44 @@
+<!--
+	For other coverage, see Mobile88.com.xml
+
+
+	Non-functional subdomains:
+
+		- ipay88.com	(m)
+			- bancnet	(m)
+			- blog	(t)
+			- dvl3-vn	(t)
+			- m		(m)
+			- mobile-svr2	(t)
+			- pmon10	(t)
+			- tfs	(t)
+			- uat-mobile-payment	(t)
+
+		- ipay88.com.my	(t)
+			- emailapi	(m)
+			- emailapi2	(m)
+			- o1.emailapi2	(t)
+			- shopify	(HTTP 403 error)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="iPay88.com">
+
+	<target host="ipay88.com" />
+	<target host="www.ipay88.com" />
+	<target host="dvl3.ipay88.com" />
+	<target host="payment.ipay88.com" />
+	<target host="vas.ipay88.com" />
+
+	<rule from="^http://ipay88\.com/"
+		to="https://www.ipay88.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/iPerceptions.xml b/src/chrome/content/rules/iPerceptions.xml
index 367e289797e6..8715ab4fd849 100644
--- a/src/chrome/content/rules/iPerceptions.xml
+++ b/src/chrome/content/rules/iPerceptions.xml
@@ -1,13 +1,26 @@
-<ruleset name="iPerceptions (partial)">
-	<target host="aiportal.iperceptions.com" />
+<!--
+	Insecure cookies are set for these domains:
+
+		- .universal.iperceptions.com
+
+-->
+<ruleset name="iPerceptions.com (partial)">
+
+	<target host="api.iperceptions.com" />
 	<target host="4qinvite.4q.iperceptions.com" />
 	<target host="ipinvite.iperceptions.com" />
 	<!-- iPerceptions.com does not have https, but redirects to another
 	site. The following sub-site has a valid certificate and works fine. -->
 	<target host="ips-invite.iperceptions.com" />
 	<target host="ips-portal.iperceptions.com" />
+	<target host="universal.iperceptions.com" />
+	<target host="www.iperceptions.com" />
+
+	<securecookie host="^\w" name=".+" />
+	<securecookie host="^\.universal\.iperceptions\.com$" name=".+" />
+
 
-	<securecookie host="^(aiportal|(4qinvite\.4q)|ipinvite|ips-invite|ips-portal)\.iperceptions\.com$" name=".+" />
+	<rule from="^http:"
+		to="https:" />
 
-	<rule from="^http://(aiportal|(4qinvite\.4q)|ipinvite|ips-invite|ips-portal)\.iperceptions\.com/" to="https://$1.iperceptions.com/" />
 </ruleset>
diff --git a/src/chrome/content/rules/iQiyi.com.xml b/src/chrome/content/rules/iQiyi.com.xml
new file mode 100644
index 000000000000..90c825b7b879
--- /dev/null
+++ b/src/chrome/content/rules/iQiyi.com.xml
@@ -0,0 +1,69 @@
+<!--
+	Other rulesets:
+		Qiyi.com.xml
+		Qiyipic.com.xml
+		reference: https://github.com/EFForg/https-everywhere/pull/4801#issuecomment-219402538
+
+	Nonfunctional hosts in *iqiyi.com:
+		- ad ᵇ
+		- app ʳ
+		- auto ᵇ
+		- baby ᵇ
+		- bbs ᵈ
+		- business ᵇ
+		- datou ᵇ
+		- dv ᵇ
+		- edu ᵇ
+		- g ᵇ
+		- game ʳ
+		- gamebbs ʳ
+		- huaqiangu ᵇ
+		- labs ᵇ
+		- static.lego ʳ
+		- ly ᵇ
+		- mall ᵇ
+		- mil ᵇ
+		- music ᵇ
+		- news ᵇ
+		- open ᵇ
+		- sogou ᵇ
+		- sports ᵇ
+		- store ᵈ
+		- talkshow ᵇ
+		- tech ᵇ
+		- cdn.data.video ᵇ
+		- vip ᵇ
+		- yule ᵇ
+		- zhaopin ᵇ
+		- zuozhe ᵈ
+	ᵇ Shows default page
+	ᵈ Dropped
+	ʳ Refused
+
+	MCB:
+		passport.iqiyi.com
+
+	Mismatched:
+		nl.notice.iqiyi.com
+
+	Insecure cookies are set for these domains and hosts:
+		- .iqiyi.com
+		- passport.iqiyi.com
+-->
+<ruleset name="iQiyi.com (partial)">
+	<target host="iqiyi.com" />
+	<target host="www.iqiyi.com" />
+	<target host="qiyipic.iqiyi.com" />
+		<test url="http://qiyipic.iqiyi.com/common/fix/public_images/logoCommon.png" />
+	<target host="security.iqiyi.com" />
+		<test url="http://security.iqiyi.com/static/cook/v1/cooksdk.js" />
+	<target host="static.iqiyi.com" />
+		<test url="http://static.iqiyi.com/js/pingback/qa.js" />
+	<target host="mbdapp.iqiyi.com" />
+	<target host="nlwl.iqiyi.com" />
+		<test url="http://nlwl.iqiyi.com/apis/urc/getqd" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/iSideWith.com.xml b/src/chrome/content/rules/iSideWith.com.xml
new file mode 100644
index 000000000000..a6f4456d8abf
--- /dev/null
+++ b/src/chrome/content/rules/iSideWith.com.xml
@@ -0,0 +1,49 @@
+<!--
+	Mismatch:
+		imgs.isidewith.com
+-->
+<ruleset name="iSideWith.com">
+	<target host="isidewith.com" />
+	<target host="www.isidewith.com" />
+	<target host="secure.isidewith.com" />
+
+	<target host="australia.isidewith.com" />
+	<target host="au.isidewith.com" />
+
+	<target host="brasil.isidewith.com" />
+	<target host="br.isidewith.com" />
+
+	<target host="canada.isidewith.com" />
+	<target host="ca.isidewith.com" />
+
+	<target host="china.isidewith.com" />
+	<target host="cn.isidewith.com" />
+
+	<target host="deutschland.isidewith.com" />
+	<target host="de.isidewith.com" />
+
+	<target host="espana.isidewith.com" />
+	<target host="es.isidewith.com" />
+
+	<target host="france.isidewith.com" />
+	<target host="fr.isidewith.com" />
+
+	<target host="india.isidewith.com" />
+	<target host="in.isidewith.com" />
+
+	<target host="ireland.isidewith.com" />
+	<target host="ie.isidewith.com" />
+
+	<target host="italia.isidewith.com" />
+	<target host="it.isidewith.com" />
+
+	<target host="mexico.isidewith.com" />
+	<target host="mx.isidewith.com" />
+
+	<target host="uk.isidewith.com" />
+	<target host="gb.isidewith.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/iStockphoto.com.xml b/src/chrome/content/rules/iStockphoto.com.xml
new file mode 100644
index 000000000000..bfcbe2214319
--- /dev/null
+++ b/src/chrome/content/rules/iStockphoto.com.xml
@@ -0,0 +1,61 @@
+<!--
+	Non-functional hosts
+		Timeout was reached:
+		- communication.istockphoto.com
+		- content.istockphoto.com
+		- content1.istockphoto.com
+		- mail01.e.istockphoto.com
+		- mail02.e.istockphoto.com
+		- mail03.e.istockphoto.com
+		- hq-vpn.istockphoto.com
+
+		SSL connect error:
+		- discover.istockphoto.com
+		- press.istockphoto.com
+		- br.press.istockphoto.com
+		- de.press.istockphoto.com
+		- es.press.istockphoto.com
+		- fr.press.istockphoto.com
+		- it.press.istockphoto.com
+		- jp.press.istockphoto.com
+
+		SSL peer certificate was not OK:
+		- e.istockphoto.com
+		- app.e.istockphoto.com
+		- images.e.istockphoto.com
+		- engage.istockphoto.com
+		- e.espanol.istockphoto.com
+		- login.feast.istockphoto.com
+		- e.francais.istockphoto.com
+		- omni.istockphoto.com
+
+		4xx client error:
+		- static.istockphoto.com
+
+		Mixed content blocking (MCB) triggered:
+		- fuel.istockphoto.com
+-->
+<ruleset name="iStockphoto.com">
+	<target host="istockphoto.com" />
+	<target host="www.istockphoto.com" />
+	<target host="deutsch.istockphoto.com" />
+	<target host="espanol.istockphoto.com" />
+	<target host="francais.istockphoto.com" />
+	<target host="hangul.istockphoto.com" />
+	<target host="italiano.istockphoto.com" />
+	<target host="jezykpolski.istockphoto.com" />
+	<target host="marketing.istockphoto.com" />
+	<target host="media.istockphoto.com" />
+		<test url="http://media.istockphoto.com/vectors/merry-christmas-and-happy-new-year-text-xmas-tree-with-decoration-vector-id875339836" />
+	<target host="nd.istockphoto.com" />
+	<target host="nihongo.istockphoto.com" />
+	<target host="portugues.istockphoto.com" />
+	<target host="portuguesbrasileiro.istockphoto.com" />
+	<target host="refer.istockphoto.com" />
+	<target host="russki.istockphoto.com" />
+	<target host="secure.istockphoto.com" />
+	<target host="somni.istockphoto.com" />
+	<target host="workwithus.istockphoto.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/iTerm2.xml b/src/chrome/content/rules/iTerm2.xml
new file mode 100644
index 000000000000..2fb0d7c46d70
--- /dev/null
+++ b/src/chrome/content/rules/iTerm2.xml
@@ -0,0 +1,18 @@
+<!--
+	For iterm2.com
+
+		Works:
+
+			- www
+			- $
+
+		Doesn't Work:
+			nil
+-->
+<ruleset name="iTerm2">
+	<target host="iterm2.com" />
+	<target host="www.iterm2.com" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/iTradeCIMB.com.my.xml b/src/chrome/content/rules/iTradeCIMB.com.my.xml
new file mode 100644
index 000000000000..a46b5fbce8e4
--- /dev/null
+++ b/src/chrome/content/rules/iTradeCIMB.com.my.xml
@@ -0,0 +1,15 @@
+<!--
+	For other CIMB coverage, see CIMB.com.xml
+-->
+<ruleset name="iTradeCIMB.com.my">
+
+	<target host="itradecimb.com.my" />
+	<target host="www.itradecimb.com.my" />
+	<target host="secure.itradecimb.com.my" />
+	<target host="secure8.itradecimb.com.my" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/iTunes.com.xml b/src/chrome/content/rules/iTunes.com.xml
new file mode 100644
index 000000000000..423465b6a44a
--- /dev/null
+++ b/src/chrome/content/rules/iTunes.com.xml
@@ -0,0 +1,27 @@
+<!--
+	For other Apple coverage, see Apple.com.xml.
+
+	Invalid certificate:
+		bill.itunes.com
+
+	Refused:
+		facebook.itunes.com
+		new.itunes.com
+		new-music.itunes.com
+		newmusic.itunes.com
+		rss.itunes.com
+		tw.itunes.com
+-->
+
+<ruleset name="iTunes.com">
+	<target host="itunes.com" />
+	<target host="www.itunes.com" />
+	<target host="apps.itunes.com" />
+		<!-- The below apps test URL sometimes returns HTTP 200, sometimes HTTP 503.
+		<test url="http://apps.itunes.com/files/ios-music-app/" />
+		-->
+	<target host="itunesu.assets.itunes.com" />
+		<test url="http://itunesu.assets.itunes.com/apple-assets-us-std-000001/CobaltPublic7/v4/03/42/f0/0342f0d3-7901-058b-075e-d621c1d6376d/330-4505789101245415166-CourseOverview.pdf" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/iWork.com.xml b/src/chrome/content/rules/iWork.com.xml
new file mode 100644
index 000000000000..5f868c8f0156
--- /dev/null
+++ b/src/chrome/content/rules/iWork.com.xml
@@ -0,0 +1,20 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://iwork.com/ => https://www.iwork.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.iwork.com/ => https://www.iwork.com/: (28, 'Connection timed out after 20000 milliseconds')
+
+	For other Apple coverage, see Apple.com.xml.
+
+	Mismatch:
+		- iwork.com	(cert only matches www)
+-->
+<ruleset name="iWork.com" default_off="failed ruleset test">
+	<target host="iwork.com" />
+	<target host="www.iwork.com" />
+
+	<rule from="^http://iwork\.com/"
+			to="https://www.iwork.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/iamgiki.co.xml b/src/chrome/content/rules/iamgiki.co.xml
new file mode 100644
index 000000000000..b9a749583d1e
--- /dev/null
+++ b/src/chrome/content/rules/iamgiki.co.xml
@@ -0,0 +1,8 @@
+<ruleset name="iamgiki.co">
+	<target host="iamgiki.co" />
+	<target host="www.iamgiki.co" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/iapc.utwente.nl.xml b/src/chrome/content/rules/iapc.utwente.nl.xml
new file mode 100644
index 000000000000..b2a0c107fa1d
--- /dev/null
+++ b/src/chrome/content/rules/iapc.utwente.nl.xml
@@ -0,0 +1,25 @@
+<ruleset name="Stichting IAPC">
+	<!--
+	# Not possible due to DNS policy Twente University (www.utwente.nl)
+	<target host="iapc.utwente.nl"/>
+	<target host="iapc.nl"/>
+	<rule from="^http://iapc\.(?:utwente\.)?nl/" to="https://www.iapc.utwente.nl/"/>
+	-->
+	<target host="*.iapc.utwente.nl"/>
+	<target host="*.iapc.nl"/>
+	<target host="isdewinkelopen.nl"/>
+	<target host="*.isdewinkelopen.nl"/>
+	<target host="startjesucces.nl"/>
+	<target host="*.startjesucces.nl"/>
+	<rule from="^http://([^/:@]*)\.iapc\.utwente\.nl/" to="https://$1.iapc.utwente.nl/"/>
+	<rule from="^http://([^/:@]*)\.iapc\.nl/" to="https://$1.iapc.utwente.nl/"/>
+	<rule from="^http://(?:[^/:@]*\.)?isdewinkelopen\.nl/" to="https://isdewinkelopen.iapc.utwente.nl/"/>
+	<rule from="^http://(?:[^/:@]*\.)?startjesucces\.nl/" to="https://startjesucces.iapc.utwente.nl/"/>
+	<securecookie host="(?:^|\.)iapc.utwente.nl$" name=".+" />
+	<test url="http://www.iapc.utwente.nl/" />
+	<test url="http://webapps.iapc.utwente.nl/" />
+	<test url="http://www.iapc.nl/" />
+	<test url="http://intra.iapc.nl/" />
+	<test url="http://www.startjesucces.nl/" />
+	<test url="http://www.isdewinkelopen.nl/" />
+</ruleset>
diff --git a/src/chrome/content/rules/ibiblio.org.xml b/src/chrome/content/rules/ibiblio.org.xml
new file mode 100644
index 000000000000..aa68112f9c51
--- /dev/null
+++ b/src/chrome/content/rules/ibiblio.org.xml
@@ -0,0 +1,47 @@
+<!--
+	Incomplete certificate chain:
+		distro.ibiblio.org
+		rt.ibiblio.org
+
+	Mismatched:
+		gutenberg.ibiblio.org
+		music.ibiblio.org
+
+	Invalid certificate:
+		answers1.ibiblio.org
+		centos6.ibiblio.org
+		vm3.fedora.ibiblio.org
+		garp.ibiblio.org
+		honey.ibiblio.org
+		internal.ibiblio.org
+		internal1.ibiblio.org
+		mailman1.ibiblio.org
+		google.mirrors.ibiblio.org
+		radiostats.ibiblio.org
+		radiostats1.ibiblio.org
+		radioreports1.ibiblio.org
+		rt1.ibiblio.org
+		test.snickers.ibiblio.org
+		webmail.ibiblio.org
+
+	Redirect to HTTP:
+		grass.ibiblio.org
+		torrent.ibiblio.org
+
+	Refused:
+		etree.ibiblio.org
+		groklaw.ibiblio.org
+		mirrors.ibiblio.org
+		wncwappweb1.ibiblio.org
+-->
+<ruleset name="ibiblio.org">
+	<target host="ibiblio.org" />
+	<target host="www.ibiblio.org" />
+	<target host="answers.ibiblio.org" />
+	<target host="edam.ibiblio.org" />
+	<target host="lists.ibiblio.org" />
+	<target host="radioreports.ibiblio.org" />
+	<target host="snickers.ibiblio.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ibm.biz.xml b/src/chrome/content/rules/ibm.biz.xml
new file mode 100644
index 000000000000..71eae0cb18c1
--- /dev/null
+++ b/src/chrome/content/rules/ibm.biz.xml
@@ -0,0 +1,28 @@
+<!--
+	For other IBM coverage, see IBM.xml.
+
+
+	www.ibm.biz: Mismatched
+
+-->
+<ruleset name="IBM.biz">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ibm.biz" />
+
+	<!--	Complications:
+				-->
+	<target host="www.ibm.biz" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://www\.ibm\.biz/"
+		to="https://ibm.biz/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ibx.com.xml b/src/chrome/content/rules/ibx.com.xml
new file mode 100644
index 000000000000..58d317d7038f
--- /dev/null
+++ b/src/chrome/content/rules/ibx.com.xml
@@ -0,0 +1,101 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ibx.com/ => https://ibx.com/: (7, 'Failed to connect to ibx.com port 443: Connection refused')
+
+	Nonfunctional hosts in *ibx.com:
+
+		- basics ᵃ
+		- cr ᵃ
+		- innovation ᵃ
+		- medpolicy ᵃ
+		- nationalaccounts ᵃ
+		- news ᵃ
+		- provcomm ᵃ
+
+	ᵃ Shows another domain
+
+
+	Problematic hosts in *ibx.com:
+
+		- ^ ᵈ
+		- wc2 * ᵐ
+
+	* Redirect differs
+	ᵈ Dropped, preemptable redirect
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- .ibx.com
+		- ecom.ibx.com
+		- finders.ibx.com
+		- ibxpress.ibx.com
+		- reimbursements.ibx.com
+		- service.ibx.com
+		- www.ibx.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Bugs, on:
+
+			- ibxpress from b.collective-media.net ˢ
+			- ibxpress from ad.doubleclick.net
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="IBX.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ecom.ibx.com" />
+	<target host="finders.ibx.com" />
+	<target host="ibxpress.ibx.com" />
+	<target host="reimbursements.ibx.com" />
+	<target host="service.ibx.com" />
+	<target host="www.ibx.com" />
+
+	<!--	Complications:
+				-->
+	<target host="ibx.com" />
+	<target host="wc2.ibx.com" />
+
+		<!--	Mixed bugs:
+					-->
+		<!--test url="http://ibxpress.ibx.com/ibxmed/employers/" /-->
+
+		<!--	403:
+				-->
+		<!--test url="http://medpolicy.ibx.com/policies/mpi.nsf/home!Readform" /-->
+		<!--test url="http://provcomm.ibx.com/ProvComm/ProvComm.nsf/PIHU_IBC_All_Cat/4F233C6F792049FE85257EED004C5C05" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.ibx\.com$" name="^dtCookie$" /-->
+	<!--securecookie host="^ecom\.ibx\.com$" name="(?:JSESSIONID|^ObSSOCookie)$" /-->
+	<!--securecookie host="^(?:finders|www)\.ibx\.com$" name="JSESSIONID$" /-->
+	<!--securecookie host="^ibxpress\.ibx\.com$" name="^(?:JSESSIONID|ORA_OSFS_SESSION)$" /-->
+	<!--securecookie host="^reimbursements\.ibx\.com$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^service\.ibx\.com$" name="^ObSSOCookie$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<!--	Redirect keeps path and args,
+		but not forward slash:
+					-->
+	<rule from="^http://wc2\.ibx\.com/+"
+		to="https://www.amerihealthnj.com/" />
+
+		<test url="http://wc2.ibx.com/index.jsp" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/icabanken.se.xml b/src/chrome/content/rules/icabanken.se.xml
new file mode 100644
index 000000000000..4a4649fb92c1
--- /dev/null
+++ b/src/chrome/content/rules/icabanken.se.xml
@@ -0,0 +1,11 @@
+<ruleset name="icabanken.se">
+	<target host="icabanken.se" />
+	<target host="www.icabanken.se" />
+	<target host="appserver.icabanken.se" />
+	<target host="dialog.icabanken.se" />
+	<target host="kontantkort.icabanken.se" />
+	<target host="www.kontantkort.icabanken.se" />
+	<target host="admin.kontantkort.icabanken.se" />
+
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/ican.org.uk.xml b/src/chrome/content/rules/ican.org.uk.xml
new file mode 100644
index 000000000000..cb1cf4993453
--- /dev/null
+++ b/src/chrome/content/rules/ican.org.uk.xml
@@ -0,0 +1,34 @@
+<!--
+	Nonfunctional hosts in *ican.org.uk:
+
+		- (www.)? ᵈ
+		- blog ᵇ
+		- dawnhouse ᵇ
+		- licensing ᵇ
+		- shop ᵇ
+
+	ᵇ Shows default page
+	ᵈ Dropped
+
+
+	Insecure cookies are set for these hosts:
+
+		- community.ican.org.uk
+
+-->
+<ruleset name="I CAN.org.uk (partial)">
+
+	<target host="community.ican.org.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^community\.ican\.org\.uk$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/icbdr.com.xml b/src/chrome/content/rules/icbdr.com.xml
new file mode 100644
index 000000000000..99354fd030a5
--- /dev/null
+++ b/src/chrome/content/rules/icbdr.com.xml
@@ -0,0 +1,36 @@
+<!--
+	For other CareerBuilder coverage, see CareerBuilder.xml.
+
+
+	Problematic hosts in *icbdr.com:
+
+		- img ᵐ
+
+	ᵐ Mismatched
+
+-->
+<ruleset name="iCBdr.com" platform="mixedcontent">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="secure.icbdr.com" />
+
+		<test url="http://secure.icbdr.com/images/pixel.gif" /><!--	43 -->
+
+	<!--	Complications:
+				-->
+	<target host="img.icbdr.com" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://img\.icbdr\.com/"
+		to="https://secure.icbdr.com/"/>
+
+		<test url="http://secure.icbdr.com/images/UK/JS/HP10/shareHeaderTop.gif" /><!--	100 -->
+
+	<rule from="^http:"
+		to="https:"/>
+
+</ruleset>
diff --git a/src/chrome/content/rules/iconarchive.com.xml b/src/chrome/content/rules/iconarchive.com.xml
new file mode 100644
index 000000000000..c9a786086ad9
--- /dev/null
+++ b/src/chrome/content/rules/iconarchive.com.xml
@@ -0,0 +1,18 @@
+<!--
+	Invalid certificate:
+		icons2.iconarchive.com
+
+	Refused:
+		de1.iconarchive.com
+
+	Time out:
+		help.iconarchive.com
+-->
+<ruleset name="iconarchive.com">
+	<target host="iconarchive.com" />
+	<target host="www.iconarchive.com" />
+	<target host="icons.iconarchive.com" />
+	<target host="static.iconarchive.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ictv.ua.xml b/src/chrome/content/rules/ictv.ua.xml
new file mode 100644
index 000000000000..a5218e349427
--- /dev/null
+++ b/src/chrome/content/rules/ictv.ua.xml
@@ -0,0 +1,118 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://des.ictv.ua/ => https://des.ictv.ua/: (28, 'Operation timed out after 0 milliseconds with 0 out of 0 bytes received')
+Fetch error: http://eurofood.ictv.ua/ => https://eurofood.ictv.ua/: (28, 'Operation timed out after 0 milliseconds with 0 out of 0 bytes received')
+Fetch error: http://games.ictv.ua/ => https://games.ictv.ua/: (28, 'Operation timed out after 0 milliseconds with 0 out of 0 bytes received')
+Fetch error: http://hero.ictv.ua/ => https://hero.ictv.ua/: (28, 'Operation timed out after 0 milliseconds with 0 out of 0 bytes received')
+Fetch error: http://xfiles.ictv.ua/ => https://xfiles.ictv.ua/: (28, 'Operation timed out after 0 milliseconds with 0 out of 0 bytes received')
+Fetch error: http://zakermom.ictv.ua/ => https://zakermom.ictv.ua/: (28, 'Operation timed out after 0 milliseconds with 0 out of 0 bytes received')
+
+ictv.ua ⁴
+www.ictv.ua ⁴
+ad.ictv.ua ³
+anekdot.ictv.ua ⁴
+app.ictv.ua ³
+avto.ictv.ua ⁴
+bytva.ictv.ua ⁴
+cap.ictv.ua/: (52, 'Empty reply from server')
+colo-ictv.ictv.ua ³
+comic.ictv.ua ⁴
+dacha.ictv.ua ⁴
+dev.ictv.ua/: (52, 'Empty reply from server')
+distalo.ictv.ua ⁴
+eagle.ictv.ua ³
+eda.ictv.ua ⁴
+en.ictv.ua ⁴
+faktu-week.ictv.ua ⁴
+fakty.ictv.ua ⁴
+bloggers.fakty.ictv.ua ²
+player.fakty.ictv.ua ²
+fakty-ictv-ua.player.fakty.ictv.ua ²
+l-facebook-com.player.fakty.ictv.ua ²
+football.ictv.ua ⁴
+forum.ictv.ua ²
+ftp.ictv.ua ³
+fun.ictv.ua ⁴
+golovnaprograma.ictv.ua ⁴
+gw.ictv.ua ⁴
+help.ictv.ua/: (52, 'Empty reply from server')
+hero-1.ictv.ua ⁴
+insider.ictv.ua ⁴
+kozyrlife.ictv.ua ⁴
+kriminal.ictv.ua ⁴
+krislo.ictv.ua ⁴
+krot.ictv.ua ⁴
+krym.ictv.ua ¹
+life.ictv.ua ⁴
+live.ictv.ua ²
+mail.ictv.ua ⁴
+maksimum.ictv.ua ⁴
+mediafile.ictv.ua ²
+mx0.ictv.ua ⁴
+my.ictv.ua ⁴
+nat.ictv.ua ⁴
+nebesnasotnia.ictv.ua ²
+new.ictv.ua ³
+notification.ictv.ua ³
+oborona.ictv.ua ⁴
+orator.ictv.ua ²
+fakty.parimatch.ictv.ua ²
+patrulni.ictv.ua ⁴
+player.ictv.ua ²
+fakty-ictv-ua.player.ictv.ua ²
+glavcom-ua.player.ictv.ua ²
+groza-news-com-ua.player.ictv.ua ²
+ivona-bigmir-net.player.ictv.ua ²
+kriminal-ictv-ua.player.ictv.ua ²
+life-pravda-com-ua.player.ictv.ua ²
+nikvesti-com.player.ictv.ua ²
+nv-ua.player.ictv.ua ²
+ranok-ictv-ua.player.ictv.ua ²
+www-unian-net.player.ictv.ua ²
+pogoda.ictv.ua ⁴
+provokator.ictv.ua ⁴
+putevayastrana.ictv.ua ⁴
+ranok.ictv.ua ²
+dell.ranok.ictv.ua ²
+ru.ictv.ua ⁴
+samozvanci.ictv.ua ⁴
+serial.ictv.ua ⁴
+skryabin.ictv.ua ²
+sld-ad.ictv.ua ²
+st1.ictv.ua ²
+stat.ictv.ua ⁴
+stop10.ictv.ua ⁴
+stream.ictv.ua ³
+svoboda.ictv.ua ⁴
+svobodaslova.ictv.ua ⁴
+taxi.ictv.ua ⁴
+telek.ictv.ua ⁴
+teleport.ictv.ua ⁴
+test.ictv.ua ²
+ua.ictv.ua ⁴
+upload.ictv.ua ³
+videoliapy.ictv.ua ⁴
+vpn.ictv.ua ²
+weekend.ictv.ua ¹
+whoismole.ictv.ua ²
+zamocheni.ictv.ua/: (52, 'Empty reply from server')
+zeki.ictv.ua ⁴
+
+
+¹ mismatch
+² refused
+³ timed out
+⁴ self signed
+-->
+<ruleset name="ictv.ua (partial)" default_off="failed ruleset test">
+	<target host="autodiscover.ictv.ua" />
+	<target host="des.ictv.ua" />
+	<target host="eurofood.ictv.ua" />
+	<target host="games.ictv.ua" />
+	<target host="hero.ictv.ua" />
+	<target host="xfiles.ictv.ua" />
+	<target host="zakermom.ictv.ua" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/iddh.org.br.xml b/src/chrome/content/rules/iddh.org.br.xml
new file mode 100644
index 000000000000..2f99d74fc41c
--- /dev/null
+++ b/src/chrome/content/rules/iddh.org.br.xml
@@ -0,0 +1,10 @@
+<ruleset name="iddh.org.br">
+	<target host="iddh.org.br" />
+	<target host="www.iddh.org.br" />
+	<target host="cpanel.iddh.org.br" />
+	<target host="plataformarpu.iddh.org.br" />
+	<target host="www.plataformarpu.iddh.org.br" />
+	<target host="webdisk.iddh.org.br" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/idea.gov.uk.xml b/src/chrome/content/rules/idea.gov.uk.xml
new file mode 100644
index 000000000000..760bc6730b13
--- /dev/null
+++ b/src/chrome/content/rules/idea.gov.uk.xml
@@ -0,0 +1,53 @@
+<!--
+	Local Government Improvement and Development
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *idea.gov.uk:
+
+		- (www.)? ʳ
+		- www.communities ʳ
+		- sites ᵇ
+
+	ᵇ Shows default page
+	ʳ Refused
+
+
+	Problematic hosts in *idea.gov.uk:
+
+		- blogs ᵉ ᵐ ˢ
+
+	ᵉ Expired
+	ᵐ Mismatched
+	ˢ Self-signed
+
+-->
+<ruleset name="IDeA.gov.uk (partial)">
+
+	<!--	Complications:
+				-->
+	<target host="www.communities.idea.gov.uk" />
+
+
+	<!--	Redirect drops args:
+					-->
+	<rule from="^http://www\.communities\.idea\.gov\.uk/.*"
+		to="https://khub.net/" />
+
+		<!--	[/\w]$ does not redirect:
+							-->
+		<exclusion pattern="^http://www\.communities\.idea\.gov\.uk/(?!$|\?)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.communities.idea.gov.uk/default.aspx" />
+			<test url="http://www.communities.idea.gov.uk/index.htm" />
+			<test url="http://www.communities.idea.gov.uk/index.html" />
+			<test url="http://www.communities.idea.gov.uk/index.php" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.communities.idea.gov.uk/?" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ideal-collaboration.net.xml b/src/chrome/content/rules/ideal-collaboration.net.xml
new file mode 100644
index 000000000000..440c17eca9d8
--- /dev/null
+++ b/src/chrome/content/rules/ideal-collaboration.net.xml
@@ -0,0 +1,6 @@
+<ruleset name="ideal-collaboration.net">
+	<target host="ideal-collaboration.net" />
+	<target host="www.ideal-collaboration.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/idealconceal.com.xml b/src/chrome/content/rules/idealconceal.com.xml
new file mode 100644
index 000000000000..9794cca4b7b9
--- /dev/null
+++ b/src/chrome/content/rules/idealconceal.com.xml
@@ -0,0 +1,22 @@
+<!--
+	Mixed content:
+
+		- Images from idealconceal.com ˢ
+		- Images from www.idealconceal.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Ideal Conceal.com">
+
+	<target host="idealconceal.com" />
+	<target host="www.idealconceal.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ideascale.com.xml b/src/chrome/content/rules/ideascale.com.xml
new file mode 100644
index 000000000000..38c22b79bf70
--- /dev/null
+++ b/src/chrome/content/rules/ideascale.com.xml
@@ -0,0 +1,59 @@
+<!--
+	Nonfunctional hosts in *ideascale.com:
+
+		- captivateideas ʰ
+		- fan ʰ
+		- fptepolicyworks ʰ
+		- lync ʰ
+		- naraopengov ʰ
+		- navy ʰ
+		- remploy ʰ
+		- support ʰ
+		- thegovlab ʰ
+
+	ʰ Redirects to http
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- ideascale.com
+		- .ideascale.com
+		- www.ideascale.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="IdeaScale.com (partial)">
+
+	<target host="ideascale.com" />
+	<target host="www.ideascale.com" />
+
+	<!--	(accounts:)	-->
+	<target host="actiaccyberinitiative.ideascale.com" />
+	<target host="avira.ideascale.com" />
+	<target host="datagovau.ideascale.com" />
+	<target host="dclibrary.ideascale.com" />
+	<target host="dundermifflin.ideascale.com" />
+	<target host="ecybermission.ideascale.com" />
+	<target host="nanocancer.ideascale.com" />
+	<target host="questionpro.ideascale.com" />
+	<target host="texashhs.ideascale.com" />
+
+		<!--	Sets cookie without Secure:
+							-->
+		<!--test url="http://ideascale.com/a/login" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?ideascale\.com$" name="^_icl_current_language$" /-->
+	<!--securecookie host="^\.ideascale\.com$" name="^ISSESSIONID$" /-->
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ideco.ru.xml b/src/chrome/content/rules/ideco.ru.xml
new file mode 100644
index 000000000000..53a5af2300fa
--- /dev/null
+++ b/src/chrome/content/rules/ideco.ru.xml
@@ -0,0 +1,48 @@
+<!--
+beta.ideco.ru ²
+cert.ideco.ru ²
+cloud.ideco.ru ⁷
+club.ideco.ru ²
+download.ideco.ru ²
+download2.ideco.ru ²
+gate.ideco.ru ⁴
+hetz.ideco.ru ⁷
+icscloud.ideco.ru ²
+konkurs.ideco.ru ⁴
+musht.ideco.ru ⁴
+pbx.ideco.ru ²
+pbxcloud.ideco.ru ⁶
+sender.ideco.ru ²
+smtp.ideco.ru ⁴
+special.ideco.ru ²
+static.ideco.ru ²
+
+
+² refused
+⁴ self signed
+⁶ redirect
+⁷ protocol error
+-->
+<ruleset name="ideco.ru">
+	<target host="ideco.ru" />
+	<target host="www.ideco.ru" />
+	<target host="calendar.ideco.ru" />
+	<target host="doc.ideco.ru" />
+	<target host="docker.ideco.ru" />
+	<target host="forum.ideco.ru" />
+	<target host="gatherstat.ideco.ru" />
+	<target host="helpdesk.ideco.ru" />
+	<target host="import.ideco.ru" />
+	<target host="lp.ideco.ru" />
+	<target host="newyear.ideco.ru" />
+	<target host="quiz.ideco.ru" />
+	<target host="sentry.ideco.ru" />
+	<target host="smb.ideco.ru" />
+	<target host="suricata.ideco.ru" />
+	<target host="update.ideco.ru" />
+	<target host="selecta.update.ideco.ru" />
+	<target host="selecta-hetz.update.ideco.ru" />
+	<target host="sky.update.ideco.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/idelreal.org.xml b/src/chrome/content/rules/idelreal.org.xml
new file mode 100644
index 000000000000..846c5992ceb6
--- /dev/null
+++ b/src/chrome/content/rules/idelreal.org.xml
@@ -0,0 +1,20 @@
+<!--
+idelreal.org ¹
+morigin.idelreal.org ³
+moriginhg.idelreal.org ³
+moriginng.idelreal.org ³
+
+
+¹ mismatch
+³ timed out
+-->
+<ruleset name="idelreal.org">
+	<target host="www.idelreal.org" />
+
+	<target host="idelreal.org" />
+
+	<rule from="^http://idelreal\.org/"
+		to="https://www.idelreal.org/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/idms-linux.org.xml b/src/chrome/content/rules/idms-linux.org.xml
new file mode 100644
index 000000000000..99a64adeab22
--- /dev/null
+++ b/src/chrome/content/rules/idms-linux.org.xml
@@ -0,0 +1,19 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://idms-linux.org/ => https://idms-linux.org/: (51, "SSL: no alternative certificate subject name matches target host name 'idms-linux.org'")
+Fetch error: http://www.idms-linux.org/ => https://www.idms-linux.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.idms-linux.org'")
+
+wiki.idms-linux.org redirects to http
+cdn.idms-linux.org ³
+
+
+³ timed out
+-->
+<ruleset name="idms-linux.org" default_off="failed ruleset test">
+	<target host="idms-linux.org" />
+	<target host="www.idms-linux.org" />
+	<target host="lists.idms-linux.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/idnes-cz.xml b/src/chrome/content/rules/idnes-cz.xml
new file mode 100644
index 000000000000..70ae3a75a24c
--- /dev/null
+++ b/src/chrome/content/rules/idnes-cz.xml
@@ -0,0 +1,83 @@
+<ruleset name="iDNES.cz">
+<!--
+	Problematic domains
+		Redirect to HTTP
+			- idnes.cz
+			- www.idnes.cz
+			- reality.idnes.cz
+		Broken by mixed content
+			- aplikace.idnes.cz
+			- fotbal.idnes.cz
+			- email-cio.mcafeesecure.com
+		Security warning on search
+			- hledej.idnes.cz
+		Timeout
+			- alik.idnes.cz
+			- data.idnes.cz
+			- r.idnes.cz
+		Bad certificate domain
+			- kultura.zpravy.idnes.cz
+		Unknown certificate issuer
+			- topkontakt.idnes.cz
+		Incomplete certificate chain
+			- blog.mcafeesecure.com
+		Connection error
+			- xman.idnes.cz
+-->
+	<target host="auto.idnes.cz" />
+	<target host="blog.idnes.cz" />
+	<target host="bonusweb.idnes.cz" />
+	<target host="brno.idnes.cz" />
+	<target host="budejovice.idnes.cz" />
+	<target host="bydleni.idnes.cz" />
+	<target host="cestiny.idnes.cz" />
+	<target host="cestovani.idnes.cz" />
+	<target host="doprava.idnes.cz" />
+	<target host="ekonomika.idnes.cz" />
+	<target host="finance.idnes.cz" />
+	<target host="hobby.idnes.cz" />
+	<target host="hokej.idnes.cz" />
+	<target host="icka.idnes.cz" />
+	<target host="jihlava.idnes.cz" />
+	<target host="kraje.idnes.cz" />
+	<target host="liberec.idnes.cz" />
+	<target host="mobil.idnes.cz" />
+	<target host="mobilnihry.idnes.cz" />
+	<target host="muj.idnes.cz" />
+	<target host="olomouc.idnes.cz" />
+	<target host="ona.idnes.cz" />
+	<target host="onlinehry.idnes.cz" />
+	<target host="ostrava.idnes.cz" />
+	<target host="pardubice.idnes.cz" />
+	<target host="pocasi.idnes.cz" />
+	<target host="plzen.idnes.cz" />
+	<target host="praha.idnes.cz" />
+	<target host="rajce.idnes.cz" />
+	<target host="*.rajce.idnes.cz" />
+	<target host="revue.idnes.cz" />
+	<target host="rss.idnes.cz" />
+	<target host="rungo.idnes.cz" />
+	<target host="sdeleni.idnes.cz" />
+	<target host="servis.idnes.cz" />
+	<target host="servix.idnes.cz" />
+	<target host="sport.idnes.cz" />
+	<target host="technet.idnes.cz" />
+	<target host="tvprogram.idnes.cz" />
+	<target host="usti.idnes.cz" />
+	<target host="vary.idnes.cz" />
+	<target host="vice.idnes.cz" />
+	<target host="video.idnes.cz" />
+	<target host="volby.idnes.cz" />
+	<target host="wiki.idnes.cz" />
+	<target host="zlin.idnes.cz" />
+	<target host="zpravy.idnes.cz" />
+
+	<test url="http://www.rajce.idnes.cz/" />
+	<test url="http://martac.rajce.idnes.cz/" />
+	<test url="http://iffine.rajce.idnes.cz/" />
+	<test url="http://jiri-skrobak.rajce.idnes.cz/" />
+	<test url="http://waverka.rajce.idnes.cz/" />
+
+	<rule from="^http:"
+		  to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/idoxgroup.com.xml b/src/chrome/content/rules/idoxgroup.com.xml
new file mode 100644
index 000000000000..05ae2fe5c425
--- /dev/null
+++ b/src/chrome/content/rules/idoxgroup.com.xml
@@ -0,0 +1,87 @@
+<!--
+	Nonfunctional hosts in *idoxgroup.com:
+
+		- cloudamber ᵈ
+		- epam ᵈ
+		- informationservice *
+		- investors ᵈ
+		- isbeta ᵈ
+		- isreview ᵈ
+		- iview ᵈ
+		- www ᵈ
+
+	* Shows maintenance page
+	ᵈ Dropped
+
+
+	Problematic hosts in *idoxgroup.com:
+
+		- blog ᵐ
+		- fskills ᵐ
+		- hart ʷ
+
+	ᵐ Mismatched
+	ʷ Configured for weak ciphers only
+
+
+	These altnames do not exist:
+
+		- www.connect.idoxgroup.com
+
+-->
+<ruleset name="idox group.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.compliance.idoxgroup.com" />
+	<target host="connect.idoxgroup.com" />
+	<target host="easyprint.idoxgroup.com" />
+	<target host="servicedesk.idoxgroup.com" />
+
+	<!--	Complications:
+				-->
+	<target host="fskills.idoxgroup.com" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="http://www\.compliance\.idoxgroup\.com/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="http://www\.compliance\.idoxgroup\.com/+(?!(?:aktuelles/newsletter|en/login|login)\.html|fileadmin/|typo3temp/|uploads/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.compliance.idoxgroup.com/aktuelles.html" />
+			<test url="http://www.compliance.idoxgroup.com/aktuelles/events.html" />
+			<test url="http://www.compliance.idoxgroup.com/ansprechpartner.html" />
+			<test url="http://www.compliance.idoxgroup.com/compliance-beratung.html" />
+			<test url="http://www.compliance.idoxgroup.com/en.html" />
+			<test url="http://www.compliance.idoxgroup.com/fachautoren.html" />
+			<test url="http://www.compliance.idoxgroup.com/news.html" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.compliance.idoxgroup.com/aktuelles/newsletter.html" />
+			<test url="http://www.compliance.idoxgroup.com/en/login.html" />
+			<test url="http://www.compliance.idoxgroup.com/fileadmin/template/img/snavi_kontakt.gif" />
+			<test url="http://www.compliance.idoxgroup.com/login.html" />
+			<test url="http://www.compliance.idoxgroup.com/typo3temp/stylesheet_d1c2046323.css" />
+			<test url="http://www.compliance.idoxgroup.com/uploads/RTEmagicC_akkordeon_teaserbild_betrugsbekaempfung.png" />
+
+
+	<securecookie host="^(?!www\.compliance\.)\w" name=".+" />
+
+
+	<!--	Redirect drops forward
+		slash, path, and args:
+					-->
+	<rule from="^http://fskills\.idoxgroup\.com/.*"
+		to="https://www.researchonline.org.uk/sds/index.do" />
+
+		<test url="http://fskills.idoxgroup.com/index.htm" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ids-nf.org.xml b/src/chrome/content/rules/ids-nf.org.xml
new file mode 100644
index 000000000000..50ba7e7298c7
--- /dev/null
+++ b/src/chrome/content/rules/ids-nf.org.xml
@@ -0,0 +1,16 @@
+<!--
+	^ids-nf.org does not exist.
+
+-->
+<ruleset name="IDS-NF.org" default_off="expired, untrusted root">
+
+	<target host="www.ids-nf.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/iers.org.xml b/src/chrome/content/rules/iers.org.xml
new file mode 100644
index 000000000000..53702044827e
--- /dev/null
+++ b/src/chrome/content/rules/iers.org.xml
@@ -0,0 +1,19 @@
+<!--
+	Invalid certificate:
+		ftp.iers.org
+		ww2.iers.org
+
+	Refused:
+		webserver.iers.org
+-->
+<ruleset name="IERS.org">
+
+	<target host="www.iers.org" />
+	<target host="data.iers.org" />
+	<target host="datacenter.iers.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ievaphone.com.xml b/src/chrome/content/rules/ievaphone.com.xml
new file mode 100644
index 000000000000..f98c0983a770
--- /dev/null
+++ b/src/chrome/content/rules/ievaphone.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="ievaphone.com">
+	<target host="ievaphone.com" />
+	<target host="www.ievaphone.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ifec.org.hk.xml b/src/chrome/content/rules/ifec.org.hk.xml
new file mode 100644
index 000000000000..e6a3885b0abb
--- /dev/null
+++ b/src/chrome/content/rules/ifec.org.hk.xml
@@ -0,0 +1,20 @@
+<!--
+	The Investor and Financial Education Council
+-->
+<ruleset name="ifec.org.hk">
+	<target host="ifec.org.hk" />
+	<target host="www.ifec.org.hk" />
+	<target host="mld.ifec.org.hk" />
+	<target host="subscription.ifec.org.hk" />
+	<test url="http://subscription.ifec.org.hk/subscription.jsp?lang=tc" />
+	<target host="tool-budget.ifec.org.hk" />
+	<target host="tool-cutback.ifec.org.hk" />
+	<target host="tool-debt.ifec.org.hk" />
+	<target host="tool-fhc.ifec.org.hk" />
+	<target host="tool-laisee.ifec.org.hk" />
+	<target host="tool-retirement.ifec.org.hk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ifeng.com.xml b/src/chrome/content/rules/ifeng.com.xml
new file mode 100644
index 000000000000..726b3076103d
--- /dev/null
+++ b/src/chrome/content/rules/ifeng.com.xml
@@ -0,0 +1,18 @@
+<!--
+    Related: ifengimg.com.xml
+
+    There are too much webs to test them all of ifeng.com.
+    enable the most popular just now.
+
+    INET_E_RESOURCE_NOT_FOUND:
+        ^ifeng.com    equal to www.ifeng.com
+-->
+<ruleset name="ifeng.com">
+	<target host="ifeng.com" />
+	<target host="www.ifeng.com" />
+	<target host="news.ifeng.com" />
+
+	<rule from="^http://ifeng\.com/" to="https://www.ifeng.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ifengimg.com.xml b/src/chrome/content/rules/ifengimg.com.xml
new file mode 100644
index 000000000000..1a5b78082d10
--- /dev/null
+++ b/src/chrome/content/rules/ifengimg.com.xml
@@ -0,0 +1,44 @@
+<ruleset name="ifengimg.com">
+	<target host="a0.ifengimg.com" />
+	<target host="a1.ifengimg.com" />
+	<target host="a2.ifengimg.com" />
+	<target host="a3.ifengimg.com" />
+		<test url="http://a3.ifengimg.com/autoimg/17/33/2403317_8.jpg" />
+	<target host="c0.ifengimg.com" />
+	<target host="c1.ifengimg.com" />
+	<target host="d.ifengimg.com" />
+		<test url="http://d.ifengimg.com/w120_h80_q/s0.ifengimg.com/2015/11/11/Image00100_b347912f.jpg" />
+	<target host="h0.ifengimg.com" />
+	<target host="h1.ifengimg.com" />
+	<target host="h2.ifengimg.com" />
+	<target host="h3.ifengimg.com" />
+		<test url="http://h3.ifengimg.com/0f56ee67a4c375c2/2013/1106/indeccode.png" />
+	<target host="img.ifengimg.com" />
+	<target host="js.ifengimg.com" />
+		<test url="http://js.ifengimg.com/a/2016/0720/F-RequireJS.min.js" />
+	<target host="m0.ifengimg.com" />
+	<target host="m1.ifengimg.com" />
+	<target host="m2.ifengimg.com" />
+	<target host="m3.ifengimg.com" />
+	<target host="my.ifengimg.com" />
+		<test url="http://my.ifengimg.com/83/170/163421fd9355b175/1425252072/163421fd9355b175_1.jpg" />
+	<target host="p0.ifengimg.com" />
+	<target host="p1.ifengimg.com" />
+	<target host="p2.ifengimg.com" />
+	<target host="p3.ifengimg.com" />
+		<test url="http://p3.ifengimg.com/haina/2016_43/c8f6a8b280e607f_w353_h315.jpg" />
+	<target host="s0.ifengimg.com" />
+	<target host="s1.ifengimg.com" />
+	<target host="s2.ifengimg.com" />
+	<target host="s3.ifengimg.com" />
+		<test url="http://s3.ifengimg.com/2015/06/24/63d60165e894ad4fdd59edca56cf00cc.jpg" />
+	<target host="vxml.ifengimg.com" />
+		<test url="http://vxml.ifengimg.com/swf/ifengVipPlayer_v1.54.swf" />
+	<target host="y0.ifengimg.com" />
+	<target host="y1.ifengimg.com" />
+	<target host="y2.ifengimg.com" />
+	<target host="y3.ifengimg.com" />
+		<test url="http://y3.ifengimg.com/d4a44fff10624b98/2012/0309/rdn_4f5997332822c.jpg" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ifolor.ch.xml b/src/chrome/content/rules/ifolor.ch.xml
new file mode 100644
index 000000000000..bb4e32186432
--- /dev/null
+++ b/src/chrome/content/rules/ifolor.ch.xml
@@ -0,0 +1,13 @@
+<!--
+	Login button on ifolor.ch is http hardcoded iframe.
+-->
+<ruleset name="ifolor.ch" platform="mixedcontent">
+	<target host="ifolor.ch"/>
+	<target host="www.ifolor.ch"/>
+	<target host="order.ifolor.ch"/>
+
+	<rule from="^http://(?:www\.)?ifolor\.ch/"
+		to="https://www.ifolor.ch/"/>
+	<rule from="^http:"
+		to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/iformula.ru.xml b/src/chrome/content/rules/iformula.ru.xml
new file mode 100644
index 000000000000..ff0ac23bca9d
--- /dev/null
+++ b/src/chrome/content/rules/iformula.ru.xml
@@ -0,0 +1,13 @@
+<!--
+iformula.ru mismatch
+www.iformula.ru mismatch
+hosting.iformula.ru self signed
+webcam.iformula.ru mismatch
+stream.iformula.ru self signed
+mag.iformula.ru mismatch
+-->
+<ruleset name="iformula.ru (partial)">
+	<target host="stats.iformula.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ifs.org.uk.xml b/src/chrome/content/rules/ifs.org.uk.xml
new file mode 100644
index 000000000000..ab9f70338628
--- /dev/null
+++ b/src/chrome/content/rules/ifs.org.uk.xml
@@ -0,0 +1,24 @@
+<!--
+	^ifs.org.uk does not exist.
+
+
+	Mixed content:
+
+		- css from fonts.googleapis.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="IFS.org.uk">
+
+	<target host="www.ifs.org.uk" />
+
+
+	<securecookie host="^\." name="^_ga" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/iga.net.xml b/src/chrome/content/rules/iga.net.xml
new file mode 100644
index 000000000000..60b8fc2cc989
--- /dev/null
+++ b/src/chrome/content/rules/iga.net.xml
@@ -0,0 +1,38 @@
+<!--
+	Invalid certificate:
+		consentement.iga.net
+		infolettres.iga.net
+		www-uat.iga.net
+		amenagement.iga.net
+		blogue.iga.net
+		buffets.iga.net
+		concours.iga.net
+		consentement.iga.net
+		emplois.iga.net
+		infolettres.iga.net
+		misc.iga.net
+		sftp.iga.net
+		traiteur.iga.net
+		vivelajob.iga.net
+		wikibouffe.iga.net
+		www-uat.iga.net
+
+	Redirect to HTTP:
+		m.iga.net
+-->
+<ruleset name="IGA.net (partial)">
+
+	<target host="iga.net"/>
+	<target host="www.iga.net"/>
+	<target host="circulaire.iga.net"/>
+	<target host="essentiels.iga.net"/>
+	<target host="flyer.iga.net"/>
+	<target host="flyers.iga.net"/>
+	<target host="foodiseverything.iga.net"/>
+	<target host="gigya.iga.net"/>
+	<target host="magasin.iga.net"/>
+	<target host="queue.iga.net"/>
+	<target host="vivelabouffe.iga.net"/>
+  
+  <rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/igrasan.ru.xml b/src/chrome/content/rules/igrasan.ru.xml
new file mode 100644
index 000000000000..2e8b7d79b916
--- /dev/null
+++ b/src/chrome/content/rules/igrasan.ru.xml
@@ -0,0 +1,8 @@
+<ruleset name="igrasan.ru">
+	<target host="igrasan.ru" />
+	<target host="www.igrasan.ru" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/iii.com.xml b/src/chrome/content/rules/iii.com.xml
new file mode 100644
index 000000000000..6da2cbafeda4
--- /dev/null
+++ b/src/chrome/content/rules/iii.com.xml
@@ -0,0 +1,35 @@
+<!--
+	There are too much to list all unique subdomains for each client.
+
+	Too many redirects:
+		^	( equal to www )
+
+	Expired:
+		autry.iii.com
+
+	Mismatch:
+		aca.iii.com
+		cincb.iii.com
+		cjcl.iii.com
+		hal.iii.com
+		marsh.iii.com
+		sierra.iii.com
+		usip.iii.com
+		0-help.lexisnexis.com.texsl.iii.com
+
+	Failed:
+		csdirect.iii.com
+		linkplusaccess.iii.com
+-->
+<ruleset name="iii.com">
+	<target host="iii.com" />
+	<rule from="^http://iii\.com/" to="https://www.iii.com/" />
+
+	<target host="www.iii.com" />
+	<target host="csul.iii.com" />
+		<test url="http://csul.iii.com/search~S0?/aStoehr%2C+Judy./astoehr+judy/-3%2C-1%2C0%2CB/bibimage&amp;FF=astoehr+james+d&amp;1%2C1%2C" />
+	<target host="stlow.iii.com" />
+	<target host="umil.iii.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ijg.org.xml b/src/chrome/content/rules/ijg.org.xml
new file mode 100644
index 000000000000..d3b1b89c53dc
--- /dev/null
+++ b/src/chrome/content/rules/ijg.org.xml
@@ -0,0 +1,10 @@
+<!--
+	Invalid certificate:
+		dc-6027be0b7522.ijg.org
+-->
+<ruleset name="ijg.org">
+	<target host="ijg.org" />
+	<target host="www.ijg.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/iknowwhatyoudownload.com.xml b/src/chrome/content/rules/iknowwhatyoudownload.com.xml
new file mode 100644
index 000000000000..70d5364fe74f
--- /dev/null
+++ b/src/chrome/content/rules/iknowwhatyoudownload.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="iknowwhatyoudownload.com">
+	<target host="iknowwhatyoudownload.com" />
+	<target host="www.iknowwhatyoudownload.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/iliad.it.xml b/src/chrome/content/rules/iliad.it.xml
new file mode 100644
index 000000000000..5306825095fe
--- /dev/null
+++ b/src/chrome/content/rules/iliad.it.xml
@@ -0,0 +1,22 @@
+<!--
+	All other subdomains are either internal or test pages (they give
+	403 error or SSL_ERROR_BAD_CERT_DOMAIN error because of their test
+	certificate).
+-->
+<ruleset name="iliad.it">
+	<target host="iliad.it" />
+	<target host="www.iliad.it" />
+	<target host="asset.corp.iliad.it" />
+	<target host="intranet.corp.iliad.it" />
+	<target host="logistic.corp.iliad.it" />
+	<target host="corporate.iliad.it" />
+	<target host="www.local.iliad.it" />
+	<target host="logistic.local.iliad.it" />
+	<target host="mi.iliad.it" />
+	<target host="www.mi.iliad.it" />
+	<target host="registrazione.iliad.it" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/illuminateed.com.xml b/src/chrome/content/rules/illuminateed.com.xml
new file mode 100644
index 000000000000..1ea0a7de4300
--- /dev/null
+++ b/src/chrome/content/rules/illuminateed.com.xml
@@ -0,0 +1,186 @@
+<!--
+	Problematic hosts in *illuminateed.com:
+
+		- bi ᵐ
+		- go ᵐ
+		- status ᵐ
+		- support ᵐ
+
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- (account_vhost).illuminateed.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- go from $self ˢ
+			- go from storage.pardot.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Illuminateed.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="illuminateed.com" />
+	<target host="cdn1.illuminateed.com" />
+	<target host="cdn2.illuminateed.com" />
+	<target host="www.illuminateed.com" />
+
+		<test url="http://cdn1.illuminateed.com/atd/v9.0_1158/styles/5.0/images/social/facebook_like.png" />
+		<test url="http://cdn2.illuminateed.com/atd/v9.0_1158/styles/bootstrap/css/bootstrap-responsive.css" />
+
+	<!--	(accounts:)	-->
+	<target host="aaps.illuminateed.com" />
+	<target host="abcusd.illuminateed.com" />
+	<target host="antioch.illuminateed.com" />
+	<target host="apsd.illuminateed.com" />
+	<target host="ausd.illuminateed.com" />
+	<target host="bassett.illuminateed.com" />
+	<target host="berkeley.illuminateed.com" />
+	<target host="bonita.illuminateed.com" />
+	<target host="bossier.illuminateed.com" />
+	<target host="branchisd.illuminateed.com" />
+	<target host="brighton.illuminateed.com" />
+	<target host="burtonschools.illuminateed.com" />
+	<target host="busdk12.illuminateed.com" />
+	<target host="capousd.illuminateed.com" />
+	<target host="carm.illuminateed.com" />
+	<target host="caruthers.illuminateed.com" />
+	<target host="ccadenver.illuminateed.com" />
+	<target host="cesd.illuminateed.com" />
+	<target host="chewelahk12.illuminateed.com" />
+	<target host="coorisd.illuminateed.com" />
+	<target host="cuca.illuminateed.com" />
+	<target host="cusd.illuminateed.com" />
+	<target host="demo.illuminateed.com" />
+	<target host="diisd.illuminateed.com" />
+	<target host="djuhsd.illuminateed.com" />
+	<target host="downey.illuminateed.com" />
+	<target host="emery.illuminateed.com" />
+	<target host="esparto.illuminateed.com" />
+	<target host="esusd.illuminateed.com" />
+	<target host="euhsd.illuminateed.com" />
+	<target host="fcusd.illuminateed.com" />
+	<target host="fortbragg.illuminateed.com" />
+	<target host="fowler.illuminateed.com" />
+	<target host="fsd.illuminateed.com" />
+	<target host="fvsd.illuminateed.com" />
+	<target host="gardengrove.illuminateed.com" />
+	<target host="gower62.illuminateed.com" />
+	<target host="gwusd.illuminateed.com" />
+	<target host="holly.illuminateed.com" />
+	<target host="inglewood.illuminateed.com" />
+	<target host="jagschools.illuminateed.com" />
+	<target host="kcusd.illuminateed.com" />
+	<target host="kippcolorado.illuminateed.com" />
+	<target host="kjuhsd.illuminateed.com" />
+	<target host="lkfn.illuminateed.com" />
+	<target host="lodi.illuminateed.com" />
+	<target host="mbusd.illuminateed.com" />
+	<target host="mead.illuminateed.com" />
+	<target host="mendotausd.illuminateed.com" />
+	<target host="mjusd.illuminateed.com" />
+	<target host="mpls.illuminateed.com" />
+	<target host="msd38.illuminateed.com" />
+	<target host="orland.illuminateed.com" />
+	<target host="pacificasd.illuminateed.com" />
+	<target host="pgusd.illuminateed.com" />
+	<target host="phoenixunion.illuminateed.com" />
+	<target host="piedmont.illuminateed.com" />
+	<target host="pioneercharter.illuminateed.com" />
+	<target host="pusdk12.illuminateed.com" />
+	<target host="rbgusd.illuminateed.com" />
+	<target host="rbuesd.illuminateed.com" />
+	<target host="salinasuhsd.illuminateed.com" />
+	<target host="sanmarcos.illuminateed.com" />
+	<target host="sbcusd.illuminateed.com" />
+	<target host="sccs.illuminateed.com" />
+	<target host="scusd.illuminateed.com" />
+	<target host="sjsd.illuminateed.com" />
+	<target host="sra.illuminateed.com" />
+	<target host="ssusd.illuminateed.com" />
+	<target host="templetonusd.illuminateed.com" />
+	<target host="thompsonschools.illuminateed.com" />
+	<target host="upland.illuminateed.com" />
+	<target host="wccusd.illuminateed.com" />
+	<target host="weldre1.illuminateed.com" />
+	<target host="westfield.illuminateed.com" />
+	<target host="winters.illuminateed.com" />
+	<target host="wjusd.illuminateed.com" />
+	<target host="ycusd.illuminateed.com" />
+
+	<!--	Complications:
+				-->
+	<target host="bi.illuminateed.com" />
+	<target host="go.illuminateed.com" />
+	<!--target host="status.illuminateed.com" /-->
+	<target host="support.illuminateed.com" />
+
+		<exclusion pattern="^http://go\.illuminateed\.com/(?!/*(?:$|\?|[els]/|emailPreference/|unsubscribe/|webmail/))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://go.illuminateed.com/about.htm" />
+			<test url="http://go.illuminateed.com/contact-us.aspx" />
+			<test url="http://go.illuminateed.com/default.asp" />
+			<test url="http://go.illuminateed.com/default.aspx" />
+			<test url="http://go.illuminateed.com/faq.htm" />
+			<test url="http://go.illuminateed.com/favicon.ico" />
+			<test url="http://go.illuminateed.com/index.htm" />
+			<test url="http://go.illuminateed.com/index.html" />
+			<test url="http://go.illuminateed.com/index.php" />
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(account_vhost)\.illuminateed\.com$" name="^(?:ied_auth_token$|live_)" /-->
+
+	<securecookie host="^(?!go\.)\w" name=".+" />
+
+
+	<!--	Redirect drops args:
+					-->
+	<rule from="^http://bi\.illuminateed\.com/(?:\?.*)?$"
+		to="https://www.gitbook.com/book/christineolah/illuminate-bi-tool-guide/details" />
+
+		<test url="http://bi.illuminateed.com/?" />
+
+	<rule from="^http://bi\.illuminateed\.com/"
+		to="https://www.gitbook.com/book/christineolah/illuminate-bi-tool-guide/" />
+
+		<test url="http://bi.illuminateed.com/index.htm" />
+
+	<!--	Redirect drops args and forward slash and args:
+								-->
+	<rule from="^http://go\.illuminateed\.com/+(?:\?.*)?$"
+		to="https://www.illuminateed.com/" />
+
+		<test url="http://go.illuminateed.com/?" />
+
+	<rule from="^http://go\.illuminateed\.com/"
+		to="https://go.pardot.com/" />
+
+		<test url="http://go.illuminateed.com/e/124881/illuminateeducation-/4p2t4/9106955" />
+		<test url="http://go.illuminateed.com/emailPreference/124881/ea67f533c790c9552f324350ccf1f25157e7c435f3e2d02614cd92d75f518741/9106955" />
+		<test url="http://go.illuminateed.com/l/124881/2016-05-07/7zp4w/124881/12052/fist_bump260_120.jpg" />
+		<test url="http://go.illuminateed.com/unsubscribe/u/124881/ea67f533c790c9552f324350ccf1f25157e7c435f3e2d02614cd92d75f518741/9106955" />
+		<test url="http://go.illuminateed.com/webmail/124881/29756376/2e5400132122ff440ae4494fb257dad694d8931b79f43e6e0ac2cd7e7b3aa77f" />
+
+	<!--rule from="^http://status\.illuminateed\.com/"
+		to="https://???.statuspage.io/" /-->
+
+	<rule from="^http://support\.illuminateed\.com/"
+		to="https://illuminate.zendesk.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/illustre.ch.xml b/src/chrome/content/rules/illustre.ch.xml
new file mode 100644
index 000000000000..92ffe6016da4
--- /dev/null
+++ b/src/chrome/content/rules/illustre.ch.xml
@@ -0,0 +1,14 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://illustre.ch/ => https://illustre.ch/: (28, 'Connection timed out after 20003 milliseconds')
+Fetch error: http://www.illustre.ch/ => https://www.illustre.ch/: (51, "SSL: no alternative certificate subject name matches target host name 'www.illustre.ch'")
+
+-->
+<ruleset name="illustre.ch" default_off="failed ruleset test">
+	<target host="illustre.ch"/>
+	<target host="www.illustre.ch"/>
+
+	<rule from="^http:"
+		to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/imagelayers.io.xml b/src/chrome/content/rules/imagelayers.io.xml
new file mode 100644
index 000000000000..c073c6028151
--- /dev/null
+++ b/src/chrome/content/rules/imagelayers.io.xml
@@ -0,0 +1,12 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.imagelayers.io/ => https://www.imagelayers.io/: (6, 'Could not resolve host: www.imagelayers.io')
+
+-->
+<ruleset name="imagelayers.io" default_off="failed ruleset test">
+	<target host="imagelayers.io" />
+	<target host="www.imagelayers.io" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/imageraider.com.xml b/src/chrome/content/rules/imageraider.com.xml
new file mode 100644
index 000000000000..d2e8904254f1
--- /dev/null
+++ b/src/chrome/content/rules/imageraider.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- imageraider.com
+		- www.imageraider.com
+
+-->
+<ruleset name="Image Raider.com">
+
+	<target host="imageraider.com" />
+	<target host="www.imageraider.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?imageraider\.com$" name="^DYNSRV$" /-->
+
+	<securecookie host="^\." name="^__utm" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/images4et.com.xml b/src/chrome/content/rules/images4et.com.xml
new file mode 100644
index 000000000000..2edd152559b8
--- /dev/null
+++ b/src/chrome/content/rules/images4et.com.xml
@@ -0,0 +1,16 @@
+<!--
+	www.images4et.com does not exist.
+
+-->
+<ruleset name="images4et.com">
+
+	<target host="images4et.com" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/imena.ua.xml b/src/chrome/content/rules/imena.ua.xml
new file mode 100644
index 000000000000..22e56d1626af
--- /dev/null
+++ b/src/chrome/content/rules/imena.ua.xml
@@ -0,0 +1,6 @@
+<ruleset name="imena.ua">
+	<target host="imena.ua" />
+	<target host="www.imena.ua" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/imercer.com.xml b/src/chrome/content/rules/imercer.com.xml
new file mode 100644
index 000000000000..2ecde00a69d6
--- /dev/null
+++ b/src/chrome/content/rules/imercer.com.xml
@@ -0,0 +1,65 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://tmp-uat-www.imercer.com/ => https://tmp-uat-www.imercer.com/: (28, 'Connection timed out after 20000 milliseconds')
+
+apps.imercer.com/: (56, 'SSL read: error:00000000:lib(0):func(0):reason(0), errno 104')
+dr.apps.imercer.com ⁷
+eprismcharts.apps.imercer.com ¹
+temp.apps.imercer.com ¹
+benefitsenrollment-jhu-edu.imercer.com ⁵
+eipe.imercer.com ⁷
+dr.eipe.imercer.com ³
+uat.eipe.imercer.com ¹
+eipedemo.imercer.com ³
+uat.eipedemo.imercer.com ³
+eipedemowebservice.imercer.com ⁷
+uat.eipedemowebservice.imercer.com ³
+eipewebservice.imercer.com ⁷
+uat.eipewebservice.imercer.com ³
+dr.eprism.imercer.com/: (56, 'SSL read: error:00000000:lib(0):func(0):reason(0), errno 104')
+temp.dr.eprism.imercer.com ¹
+uat.eprism.imercer.com ⁵
+geo.imercer.com ³
+kb.imercer.com ¹
+marketpricer.imercer.com ¹
+dr.marketpricer.imercer.com ⁷
+uat.marketpricer.imercer.com ¹
+paymonitor.imercer.com ³
+uat.paymonitor.imercer.com ³
+external.uat.paymonitor2.imercer.com ³
+prd-marketpricer.imercer.com ¹
+prdsrv-www.imercer.com ³
+search.imercer.com ³
+siemens.imercer.com ⁵
+uat.siemens.imercer.com ³
+external.srp015070srs.imercer.com ³
+talent.imercer.com ¹
+tmp-dr-www.imercer.com ³
+
+
+¹ mismatch
+³ timed out
+⁵ expired
+⁷ protocol error
+-->
+<ruleset name="imercer.com" default_off="failed ruleset test">
+	<target host="imercer.com" />
+	<target host="www.imercer.com" />
+	<target host="hcsurveys.imercer.com" />
+	<target host="prd-eipe.imercer.com" />
+	<target host="prd-geo.imercer.com" />
+	<target host="prd-paymonitor.imercer.com" />
+	<target host="prd-www.imercer.com" />
+	<target host="tmp-uat-cpsm.imercer.com" />
+	<target host="tmp-uat-eipe.imercer.com" />
+	<target host="tmp-uat-geo.imercer.com" />
+	<target host="tmp-uat-marketpricer.imercer.com" />
+	<target host="tmp-uat-paymonitor.imercer.com" />
+	<target host="tmp-uat-www.imercer.com" />
+	<target host="tmp-uatsrv-www.imercer.com" />
+	<target host="uat.imercer.com" />
+	<target host="uat-web1-eipe.imercer.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/img.ifcdn.com.xml b/src/chrome/content/rules/img.ifcdn.com.xml
new file mode 100644
index 000000000000..dbb362f40af5
--- /dev/null
+++ b/src/chrome/content/rules/img.ifcdn.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="img.ifcdn.com">
+	<target host="img.ifcdn.com" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/imgburn.com.xml b/src/chrome/content/rules/imgburn.com.xml
new file mode 100644
index 000000000000..bea664a79a64
--- /dev/null
+++ b/src/chrome/content/rules/imgburn.com.xml
@@ -0,0 +1,27 @@
+<!--
+	Invalid certificate:
+		cdn.imgburn.com
+		guides.imgburn.com
+		mail.imgburn.com
+		translations.imgburn.com
+		update1.imgburn.com
+		update2.imgburn.com
+
+	Time out:
+		beta.imgburn.com
+		home.imgburn.com
+		update3.imgburn.com
+		www2.imgburn.com
+
+	Unreachable:
+		autodiscover.imgburn.com
+-->
+<ruleset name="imgburn.com">
+	<target host="imgburn.com" />
+	<target host="www.imgburn.com" />
+	<target host="download.imgburn.com" />
+	<target host="forum.imgburn.com" />
+	<target host="update.imgburn.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/imgix.com.xml b/src/chrome/content/rules/imgix.com.xml
new file mode 100644
index 000000000000..8908dabc8226
--- /dev/null
+++ b/src/chrome/content/rules/imgix.com.xml
@@ -0,0 +1,22 @@
+<!--
+	Other imgix rulesets:
+
+		- Imgix.net.xml
+
+-->
+<ruleset name="imgix.com">
+
+	<target host="imgix.com" />
+	<target host="blog.imgix.com" />
+	<target host="docs.imgix.com" />
+	<target host="webapp.imgix.com" />
+	<target host="www.imgix.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/imgking.co.xml b/src/chrome/content/rules/imgking.co.xml
new file mode 100644
index 000000000000..b9cbd17f2a82
--- /dev/null
+++ b/src/chrome/content/rules/imgking.co.xml
@@ -0,0 +1,5 @@
+<ruleset name="imgking">
+<target host="imgking.co" />
+    <target host="www.imgking.co" />
+    <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/imgkings.com.xml b/src/chrome/content/rules/imgkings.com.xml
new file mode 100644
index 000000000000..8a8137305edf
--- /dev/null
+++ b/src/chrome/content/rules/imgkings.com.xml
@@ -0,0 +1,5 @@
+<ruleset name="imgkings">
+	<target host="imgkings.com" />
+	<target host="www.imgkings.com" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/imgops.com.xml b/src/chrome/content/rules/imgops.com.xml
new file mode 100644
index 000000000000..4bc58be5ce06
--- /dev/null
+++ b/src/chrome/content/rules/imgops.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="imgops.com">
+	<target host="imgops.com"/>
+	<target host="www.imgops.com"/>
+
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/imgtec.com.xml b/src/chrome/content/rules/imgtec.com.xml
new file mode 100644
index 000000000000..f17bea8da377
--- /dev/null
+++ b/src/chrome/content/rules/imgtec.com.xml
@@ -0,0 +1,67 @@
+<!--
+	Other Imagination Technologies rulesets:
+
+		- MIPS-Technologies.xml
+
+
+	Nonfunctional hosts in *imgtec.com:
+
+		- blog ᵃ
+		- cn ᵈ
+		- graduates ᵈ
+		- jp ᵈ
+
+	ᵃ Shows another domain
+	ᵈ Dropped
+
+
+	Problematic hosts in *imgtec.com:
+
+		- careers ᵐ
+
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- imgtec.com
+		- www.imgtec.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- store from ^imgtec.com ˢ
+			- store from $self ˢ
+
+		- favicon on store from community.imgtec.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="ImgTec.com (partial)">
+
+	<target host="imgtec.com" />
+	<target host="community.imgtec.com" />
+	<target host="store.imgtec.com" />
+	<target host="www.imgtec.com" />
+
+		<!--	Sets cookie without Secure:
+							-->
+		<!--test url="http://imgtec.com/login" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?imgtec\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/imgwe.com.xml b/src/chrome/content/rules/imgwe.com.xml
new file mode 100644
index 000000000000..cd22f9e74c72
--- /dev/null
+++ b/src/chrome/content/rules/imgwe.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="imgwe.com">
+	<target host="imgwe.com" />
+	<target host="www.imgwe.com" />
+		<test url="http://imgwe.com/img/1.jpg" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/immerda.ch.xml b/src/chrome/content/rules/immerda.ch.xml
index 293504dd35b3..11c2f1ab7414 100644
--- a/src/chrome/content/rules/immerda.ch.xml
+++ b/src/chrome/content/rules/immerda.ch.xml
@@ -1,7 +1,23 @@
 <ruleset name="Immerda.ch">
-    <target host="immerda.ch" />
-    <target host="*.immerda.ch" />
 
-    <rule from="^http://immerda\.ch/" to="https://www.immerda.ch/"/>
-    <rule from="^http://([^/:@]*)\.immerda\.ch/" to="https://$1.immerda.ch/"/>
+	<target host="immerda.ch" />
+	<target host="*.immerda.ch" />
+
+		<test url="http://dl.immerda.ch/" />
+		<test url="http://dl-4.immerda.ch/" />
+		<test url="http://git.immerda.ch/" />
+		<test url="http://horde.immerda.ch/" />
+		<test url="http://schichtplan.immerda.ch/" />
+		<test url="http://tech.immerda.ch/" />
+		<test url="http://webmail.immerda.ch/" />
+		<test url="http://wiki.immerda.ch/" />
+		<test url="http://www.immerda.ch/" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/imperian.xml b/src/chrome/content/rules/imperian.xml
new file mode 100644
index 000000000000..33281d857bd3
--- /dev/null
+++ b/src/chrome/content/rules/imperian.xml
@@ -0,0 +1,5 @@
+<ruleset name="Imperian">
+    <target host="imperian.com" />
+    <target host="www.imperian.com" />
+    <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/import.io.xml b/src/chrome/content/rules/import.io.xml
new file mode 100644
index 000000000000..6cb71c06c01a
--- /dev/null
+++ b/src/chrome/content/rules/import.io.xml
@@ -0,0 +1,24 @@
+<!--
+	Nonfunctional hosts in *import.io:
+
+		- docs ʳ
+		- api.docs ʳ
+		- support ³
+
+	³ 403
+	ʳ Refused
+
+-->
+<ruleset name="import.io (partial)">
+
+	<target host="import.io" />
+	<target host="www.import.io" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/impressiondesk.com.xml b/src/chrome/content/rules/impressiondesk.com.xml
new file mode 100644
index 000000000000..1888c65c0658
--- /dev/null
+++ b/src/chrome/content/rules/impressiondesk.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="impressiondesk.com">
+
+	<target host="secure-id.impressiondesk.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/in-form.de.xml b/src/chrome/content/rules/in-form.de.xml
new file mode 100644
index 000000000000..af06ee49521c
--- /dev/null
+++ b/src/chrome/content/rules/in-form.de.xml
@@ -0,0 +1,10 @@
+<ruleset name="IN-FORM.de">
+
+	<target host="in-form.de" />
+	<target host="www.in-form.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/in-tend.co.uk.xml b/src/chrome/content/rules/in-tend.co.uk.xml
new file mode 100644
index 000000000000..03f31876a678
--- /dev/null
+++ b/src/chrome/content/rules/in-tend.co.uk.xml
@@ -0,0 +1,41 @@
+<!--
+	Other In-tend rulesets:
+
+		- in-tendhost.co.uk.xml
+		- sell2uk.co.uk.xml
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- sell2.in-tend.co.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css on (www.)? from fonts.googleapis.com ˢ
+		- Bug on sell2 from analytics.in-tend.co.uk ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="In-tend.co.uk">
+
+	<target host="in-tend.co.uk" />
+	<target host="analytics.in-tend.co.uk" />
+	<target host="sell2.in-tend.co.uk" />
+	<target host="www.in-tend.co.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^sell2\.in-tend\.co\.uk$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/in-tendhost.co.uk.xml b/src/chrome/content/rules/in-tendhost.co.uk.xml
new file mode 100644
index 000000000000..a204bcead86c
--- /dev/null
+++ b/src/chrome/content/rules/in-tendhost.co.uk.xml
@@ -0,0 +1,33 @@
+<!--
+	For other In-tend coverage, see in-tend.co.uk.xml.
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- in-tendhost.co.uk
+		- www.in-tendhost.co.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="In-tendhost.co.uk">
+
+	<target host="in-tendhost.co.uk" />
+	<target host="www.in-tendhost.co.uk" />
+
+		<!--	$ redirects to another domain, so:
+								-->
+		<test url="http://in-tendhost.co.uk/circlehousing" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?in-tendhost\.co\.uk$" name="^ASPSESSID[A-Z]{8}$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/incandescent.xyz.xml b/src/chrome/content/rules/incandescent.xyz.xml
new file mode 100644
index 000000000000..3569bcd11949
--- /dev/null
+++ b/src/chrome/content/rules/incandescent.xyz.xml
@@ -0,0 +1,31 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- incandescent.xyz
+		- www.incandescent.xyz
+
+
+	Mixed content:
+
+		- css from $self ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Incandescent.xyz" platform="mixedcontent">
+
+	<target host="incandescent.xyz" />
+	<target host="www.incandescent.xyz" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?incandescent\.xyz$" name="^DYNSRVR" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/indiestylestore.com.xml b/src/chrome/content/rules/indiestylestore.com.xml
new file mode 100644
index 000000000000..e3b8f75cda54
--- /dev/null
+++ b/src/chrome/content/rules/indiestylestore.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- indiestylestore.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Indie Style Store.com">
+
+	<target host="indiestylestore.com" />
+	<target host="www.indiestylestore.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^indiestylestore\.com$" name="^(?:_landing_page|_orig_referrer|cart_sig)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/indikom.ru.xml b/src/chrome/content/rules/indikom.ru.xml
new file mode 100644
index 000000000000..3da17cf54576
--- /dev/null
+++ b/src/chrome/content/rules/indikom.ru.xml
@@ -0,0 +1,24 @@
+<!--
+b.indikom.ru ²
+cam.indikom.ru ²
+cat.indikom.ru ²
+gw.indikom.ru ²
+ns.indikom.ru ²
+ns1.indikom.ru ²
+ns4.indikom.ru ²
+ns5.indikom.ru ²
+ns6.indikom.ru ²
+ns7.indikom.ru ²
+s.indikom.ru ²
+test.indikom.ru ²
+
+
+² refused
+-->
+<ruleset name="indikom.ru">
+	<target host="indikom.ru" />
+	<target host="www.indikom.ru" />
+	<target host="stat.indikom.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/industry-incentive.taipei.xml b/src/chrome/content/rules/industry-incentive.taipei.xml
new file mode 100644
index 000000000000..83359f7714b7
--- /dev/null
+++ b/src/chrome/content/rules/industry-incentive.taipei.xml
@@ -0,0 +1,6 @@
+<ruleset name="industry-incentive.taipei">
+	<target host="www.industry-incentive.taipei" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/indymedia.ie.xml b/src/chrome/content/rules/indymedia.ie.xml
new file mode 100644
index 000000000000..b08c103c59e0
--- /dev/null
+++ b/src/chrome/content/rules/indymedia.ie.xml
@@ -0,0 +1,44 @@
+<!--
+	^indymedia.ie: mismatched
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- indymedia.ie
+		- www.indymedia.ie
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Images on (www.)? from www.indymedia.ie *
+
+	* See https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Indymedia.ie" default_off="self-signed">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.indymedia.ie" />
+
+	<!--	Complications:
+				-->
+	<target host="indymedia.ie" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?indymedia\.ie$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://indymedia\.ie/"
+		to="https://www.indymedia.ie/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/inedo.com.xml b/src/chrome/content/rules/inedo.com.xml
new file mode 100644
index 000000000000..a6b22afdde23
--- /dev/null
+++ b/src/chrome/content/rules/inedo.com.xml
@@ -0,0 +1,10 @@
+<!--
+inedo.com redirect
+www.inedo.com redirect
+cdn.inedo.com mismatch
+-->
+<ruleset name="inedo.com (partial)">
+	<target host="my.inedo.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/inetvl.ru.xml b/src/chrome/content/rules/inetvl.ru.xml
new file mode 100644
index 000000000000..61ba0b600790
--- /dev/null
+++ b/src/chrome/content/rules/inetvl.ru.xml
@@ -0,0 +1,46 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://co.inetvl.ru/ => https://co.inetvl.ru/: (6, 'Could not resolve host: co.inetvl.ru')
+Fetch error: http://nahodka.inetvl.ru/ => https://nahodka.inetvl.ru/: (6, 'Could not resolve host: nahodka.inetvl.ru')
+
+abonement.inetvl.ru ¹
+dc.inetvl.ru ³
+friends.inetvl.ru ¹
+git.inetvl.ru ²
+glaz.inetvl.ru ³
+iptv.inetvl.ru ³
+mail.inetvl.ru ⁴
+ns1.inetvl.ru ²
+ns2.inetvl.ru ²
+router.inetvl.ru ¹
+shaper-1.inetvl.ru ²
+shaper-2.inetvl.ru ²
+shaper-3.inetvl.ru ²
+skidka.inetvl.ru ¹
+skp.inetvl.ru ¹
+speed.inetvl.ru ²
+speedtest.inetvl.ru ²
+srazu.inetvl.ru ¹
+torba.inetvl.ru ³
+video.inetvl.ru ¹
+w-host-52.inetvl.ru ³
+
+
+¹ mismatch
+² refused
+³ timed out
+⁴ self signed
+-->
+<ruleset name="inetvl.ru" default_off="failed ruleset test">
+	<target host="inetvl.ru" />
+	<target host="www.inetvl.ru" />
+	<target host="baza.inetvl.ru" />
+	<target host="co.inetvl.ru" />
+	<target host="nahodka.inetvl.ru" />
+	<target host="piwik.inetvl.ru" />
+	<target host="stat.inetvl.ru" />
+	<target host="ussuri.inetvl.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/infinum.co.xml b/src/chrome/content/rules/infinum.co.xml
new file mode 100644
index 000000000000..c5cf14fd5c38
--- /dev/null
+++ b/src/chrome/content/rules/infinum.co.xml
@@ -0,0 +1,52 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://gems.infinum.co/ => https://gems.infinum.co/: (6, 'Could not resolve host: gems.infinum.co')
+Fetch error: http://memoryweb.infinum.co/ => https://memoryweb.infinum.co/: (6, 'Could not resolve host: memoryweb.infinum.co')
+
+groceryshop-acceptance.infinum.co ¹
+papaya.infinum.co ¹
+sugarpix.infinum.co ²
+android-talks-slack.infinum.co different content
+presence.infinum.co mixed content
+
+
+¹ mismatch
+² refused
+-->
+<ruleset name="infinum.co" default_off="failed ruleset test">
+	<target host="infinum.co" />
+	<target host="www.infinum.co" />
+	<target host="accounts.infinum.co" />
+	<target host="admin-brokenships-staging.infinum.co" />
+	<target host="arrival-board.infinum.co" />
+	<target host="assets.infinum.co" />
+	<target host="beta.infinum.co" />
+	<target host="beta-assets.infinum.co" />
+	<target host="brokenships.infinum.co" />
+	<target host="dash.infinum.co" />
+	<target host="ftp.infinum.co" />
+	<target host="gems.infinum.co" />
+	<target host="kultour.infinum.co" />
+	<target host="labs.infinum.co" />
+	<target host="learnquery.infinum.co" />
+	<target host="memoryweb.infinum.co" />
+	<target host="memorywebpublic.infinum.co" />
+	<target host="miramo.infinum.co" />
+	<target host="miramo-club.infinum.co" />
+	<target host="onestopshop.infinum.co" />
+	<target host="oss-bgr.infinum.co" />
+	<target host="oss-bh.infinum.co" />
+	<target host="oss-kosovo.infinum.co" />
+	<target host="oss-mk.infinum.co" />
+	<target host="papaya-travel.infinum.co" />
+	<target host="photos.infinum.co" />
+	<target host="tears.infinum.co" />
+	<target host="tesla-road-trip.infinum.co" />
+	<target host="thousandeyes.infinum.co" />
+	<target host="truck.infinum.co" />
+	<target host="truck-staging.infinum.co" />
+	<target host="zagreb-be-there.infinum.co" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/info.gov.hk.xml b/src/chrome/content/rules/info.gov.hk.xml
new file mode 100644
index 000000000000..8e50fc6f154d
--- /dev/null
+++ b/src/chrome/content/rules/info.gov.hk.xml
@@ -0,0 +1,32 @@
+<!--
+	For other HK government coverage, see GovHK.xml.
+
+	Nonfunctional hosts in *.info.gov.hk:
+		- info.gov.hk (r)
+		- gia.info.gov.hk (m)
+		- cloud-sc-news.3dns.info.gov.hk (r)
+		- cloud-www-news.3dns.info.gov.hk (m)
+		- www-bookstore.3dns.info.gov.hk (m)
+		- www-censtatd.3dns.info.gov.hk (m)
+		- www-effo.3dns.info.gov.hk (m)
+		- www-eform.3dns.info.gov.hk (m)
+		- www-elegislation.3dns.info.gov.hk (m)
+		- www-infocloud.3dns.info.gov.hk (m)
+		- www-legis.3dns.info.gov.hk (t)
+		- www-map.3dns.info.gov.hk (m)
+		- www-sie.3dns.info.gov.hk (m)
+		- www-youth.3dns.info.gov.hk (m)
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="info.gov.hk">
+	<target host="secure1.info.gov.hk" />
+	<target host="webcast.info.gov.hk" />
+	<target host="www.info.gov.hk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/infocity.az.xml b/src/chrome/content/rules/infocity.az.xml
new file mode 100644
index 000000000000..5db26f8f0dc9
--- /dev/null
+++ b/src/chrome/content/rules/infocity.az.xml
@@ -0,0 +1,6 @@
+<!-- arc. refused (no TLS support) -->
+<ruleset name="infocity.az">
+	<target host="infocity.az" />
+	<target host="www.infocity.az" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/infoculture.ru.xml b/src/chrome/content/rules/infoculture.ru.xml
new file mode 100644
index 000000000000..e6a136c41e7d
--- /dev/null
+++ b/src/chrome/content/rules/infoculture.ru.xml
@@ -0,0 +1,12 @@
+<!--
+beta.infoculture.ru ¹
+
+
+¹ mismatch
+-->
+<ruleset name="infoculture.ru">
+	<target host="infoculture.ru" />
+	<target host="www.infoculture.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/infolan.by.xml b/src/chrome/content/rules/infolan.by.xml
new file mode 100644
index 000000000000..5e683dfdd4dd
--- /dev/null
+++ b/src/chrome/content/rules/infolan.by.xml
@@ -0,0 +1,20 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.infolan.by/ => https://infolan.by/: (51, "SSL: no alternative certificate subject name matches target host name 'infolan.by'")
+Fetch error: http://infolan.by/ => https://infolan.by/: (51, "SSL: no alternative certificate subject name matches target host name 'infolan.by'")
+Fetch error: http://www.infolan.by/ => https://infolan.by/: (51, "SSL: no alternative certificate subject name matches target host name 'infolan.by'")
+
+www.infolan.by self signed
+-->
+<ruleset name="infolan.by" platform="mixedcontent" default_off="failed ruleset test">
+	<target host="infolan.by" />
+	<target host="www.infolan.by" />
+
+	<rule from="^http://www\.infolan\.by/"
+		to="https://infolan.by/" />
+
+	<test url="http://www.infolan.by/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/infolink.ru.xml b/src/chrome/content/rules/infolink.ru.xml
new file mode 100644
index 000000000000..8796927ec144
--- /dev/null
+++ b/src/chrome/content/rules/infolink.ru.xml
@@ -0,0 +1,19 @@
+<!--
+infolink.ru timed out
+www.infolink.ru timed out
+wiki.infolink.ru timed out
+lp.infolink.ru timed out
+zv.infolink.ru timed out
+oz.infolink.ru timed out
+nog.infolink.ru timed out
+shelk.infolink.ru timed out
+kor.infolink.ru timed out
+el.infolink.ru timed out
+new.infolink.ru different content
+09.infolink.ru different content
+-->
+<ruleset name="infolink.ru (partial)">
+	<target host="user.infolink.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/inforesist.org.xml b/src/chrome/content/rules/inforesist.org.xml
new file mode 100644
index 000000000000..09fcdbda10d8
--- /dev/null
+++ b/src/chrome/content/rules/inforesist.org.xml
@@ -0,0 +1,7 @@
+<ruleset name="inforesist.org">
+	<target host="inforesist.org" />
+	<target host="www.inforesist.org" />
+	<target host="ink.inforesist.org" />
+	<target host="image.inforesist.org" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/inforos.ru.xml b/src/chrome/content/rules/inforos.ru.xml
new file mode 100644
index 000000000000..638bee1673b3
--- /dev/null
+++ b/src/chrome/content/rules/inforos.ru.xml
@@ -0,0 +1,23 @@
+<!--
+katrin.inforos.ru ¹
+www.katrin.inforos.ru ¹
+kuksina.inforos.ru ¹
+www.kuksina.inforos.ru ¹
+newelite.inforos.ru ¹
+ns1.inforos.ru ¹
+ns2.inforos.ru ¹
+xhgui.inforos.ru different content
+
+
+¹ mismatch
+-->
+<ruleset name="inforos.ru" platform="mixedcontent">
+	<target host="inforos.ru" />
+	<target host="www.inforos.ru" />
+	<target host="castle.inforos.ru" />
+	<target host="home.inforos.ru" />
+	<target host="mail.inforos.ru" />
+	<target host="mega.inforos.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ingtes.ch.xml b/src/chrome/content/rules/ingtes.ch.xml
new file mode 100644
index 000000000000..625c831da8b4
--- /dev/null
+++ b/src/chrome/content/rules/ingtes.ch.xml
@@ -0,0 +1,8 @@
+<ruleset name="ingtes.ch">
+	<target host="ingtes.ch" />
+	<target host="www.ingtes.ch" />
+	<target host="mail.ingtes.ch" />
+
+	<securecookie host=".+" name=".+" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/init.sh.xml b/src/chrome/content/rules/init.sh.xml
new file mode 100644
index 000000000000..dea24532a48f
--- /dev/null
+++ b/src/chrome/content/rules/init.sh.xml
@@ -0,0 +1,26 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://init.sh/ => https://init.sh/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.init.sh/ => https://www.init.sh/: (60, 'SSL certificate problem: certificate has expired')
+
+	Mixed content:
+
+		- Image from $self ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="init.sh" default_off="failed ruleset test">
+
+	<target host="init.sh" />
+	<target host="www.init.sh" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/initial-website.com.xml b/src/chrome/content/rules/initial-website.com.xml
new file mode 100644
index 000000000000..7042aeba256c
--- /dev/null
+++ b/src/chrome/content/rules/initial-website.com.xml
@@ -0,0 +1,33 @@
+<!--
+	For other United Internet coverage, see United-Internet.xml.
+
+
+	(www.)?initial-website.com does not exist.
+
+
+	Insecure cookies are set for these domains:
+
+		- .initial-website.com
+
+-->
+<ruleset name="initial-website.com">
+
+	<target host="webapps.initial-website.com" />
+
+		<!--	Sets cookies without Secure:
+							-->
+		<!--test url="http://webapps.initial-website.com/en_US?theme=OnlineOrder&amp;clickAndInstall=false&amp;added=false" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.initial-website\.com$" name="^(?:diy2_frontend_user_hash|fe_typo_user)$" /-->
+
+	<securecookie host="^\." name="^(?:diy2_frontend_user_hash|fe_typo_user)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/iniy.org.xml b/src/chrome/content/rules/iniy.org.xml
new file mode 100644
index 000000000000..e662b939b910
--- /dev/null
+++ b/src/chrome/content/rules/iniy.org.xml
@@ -0,0 +1,37 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://iniy.org/ => https://iniy.org/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.iniy.org/ => https://iniy.org/: (60, 'SSL certificate problem: certificate has expired')
+
+	www.iniy.org: Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- iniy.org
+
+-->
+<ruleset name="iniy.org" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="iniy.org" />
+
+	<!--	Complications:
+				-->
+	<target host="www.iniy.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^iniy\.org$" name="^(?:pixelstats_visitor_id|qtrans_cookie_test)$" /-->
+
+
+	<rule from="^http://www\.iniy\.org/"
+		to="https://iniy.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/inl.gov.xml b/src/chrome/content/rules/inl.gov.xml
new file mode 100644
index 000000000000..906092be1d5b
--- /dev/null
+++ b/src/chrome/content/rules/inl.gov.xml
@@ -0,0 +1,172 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://nuclear.inl.gov/? => https://inlportal.inl.gov/portal/server.pt?open=512&objID=277&mode=2: (6, 'Could not resolve host: inlportal.inl.gov')
+Fetch error: http://atmsuf.inl.gov/ => https://atmsuf.inl.gov/: (6, 'Could not resolve host: atmsuf.inl.gov')
+Fetch error: http://inldigitallibrary.inl.gov/ => https://inldigitallibrary.inl.gov/: (56, 'SSL read: error:00000000:lib(0):func(0):reason(0), errno 104')
+Fetch error: http://inlrecruiting.inl.gov/ => https://inlrecruiting.inl.gov/: (7, 'Failed to connect to inlrecruiting.inl.gov port 443: Connection refused')
+Fetch error: http://nuclear.inl.gov/ => https://inlportal.inl.gov/portal/server.pt?open=512&objID=277&mode=2: (6, 'Could not resolve host: inlportal.inl.gov')
+
+	Idaho National Laboratory
+
+
+
+	Nonfunctional hosts in *inl.gov:
+
+		- (www.)?amwtp ʳ
+		- communicationsystems2013 ⁴
+		- controlsystems2013 ⁴
+		- cybersystems2013 ⁴
+		- gridgame ⁴
+		- hydropower ᵈ
+		- irphep ᵈ
+		- newsdesk ⁴
+		- nrcoe ⁴
+		- nuclear ᵈ
+		- rcschallenge ⁴
+		- resilienceweek2014 ⁴
+		- resilienceweek2015 ⁴
+		- resweek2013 ⁴
+		- www4vip ʳ
+
+	⁴ 404
+	ᵈ Dropped
+	ʳ Refused
+
+
+	Problematic hosts in *inl.gov:
+
+		- thinktank ᶜ
+
+	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- inl.gov
+		- .inl.gov
+		- atmsuf.inl.gov
+		- cset.inl.gov
+		- fukushima.inl.gov
+		- intlcareers.inl.gov
+		- nmed.inl.gov
+		- nrod.inl.gov
+		- www.inl.gov
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css on bioenergylibrary from fonts.googleapis.com ˢ
+		- Bug on at from go.microsoft.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="INL.gov (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="inl.gov" />
+	<target host="art.inl.gov" />
+	<target host="artsci.inl.gov" />
+	<target host="at.inl.gov" />
+	<target host="atmsuf.inl.gov" />
+	<target host="avt.inl.gov" />
+	<target host="bioenergy.inl.gov" />
+	<target host="bioenergylibrary.inl.gov" />
+	<target host="bison.inl.gov" />
+	<target host="busoperations.inl.gov" />
+	<target host="cset.inl.gov" />
+	<target host="dmzadfs.inl.gov" />
+	<target host="factsheets.inl.gov" />
+	<target host="fuelcycleevaluation.inl.gov" />
+	<target host="fukushima.inl.gov" />
+	<target host="gain.inl.gov" />
+	<target host="icis.inl.gov" />
+	<target host="inlcareers.inl.gov" />
+	<target host="inldigitallibrary.inl.gov" />
+	<target host="inlrecruiting.inl.gov" />
+	<target host="inr.inl.gov" />
+	<target host="ldrd.inl.gov" />
+	<target host="lwrs.inl.gov" />
+	<target host="mapep.inl.gov" />
+	<target host="mir.inl.gov" />
+	<target host="moose.inl.gov" />
+	<target host="neup.inl.gov" />
+	<target host="nmed.inl.gov" />
+	<target host="nrod.inl.gov" />
+	<target host="nuclearinnovationworkshop.inl.gov" />
+	<target host="relap7.inl.gov" />
+	<target host="renewableenergy.inl.gov" />
+	<target host="secureportal.inl.gov" />
+	<target host="secureweb.inl.gov" />
+	<target host="smr.inl.gov" />
+	<target host="snrworkshop.inl.gov" />
+	<target host="sp13dmztheme.inl.gov" />
+	<!--target host="thinktank.inl.gov" /-->
+	<target host="wnwn.inl.gov" />
+	<target host="www.inl.gov" />
+
+		<!--	Mixed stylesheet:
+							-->
+		<!--test url="http://bioenergylibrary.inl.gov/Home/Login.aspx" /-->
+
+		<!--	Sets cookie without Secure:
+							-->
+		<!--test url="http://cset.inl.gov/SitePages/Defect%20Tracker.aspx" /-->
+
+		<!--	$ 403s, so:
+					-->
+		<test url="http://secureportal.inl.gov/caestrain/" />
+		<test url="http://secureweb.inl.gov/Resweek2014/Plenary.aspx" />
+
+	<!--	Complications:
+				-->
+	<target host="amwtp.inl.gov" />
+	<target host="www.amwtp.inl.gov" />
+	<target host="nuclear.inl.gov" />
+
+		<!--	Not all paths redirect:
+						-->
+		<exclusion pattern="^http://(?:amwtp|www\.amwtp|nuclear)\.inl\.gov/(?!/*(?:$|\?))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://amwtp.inl.gov/Home/PrivacyStatement" />
+			<test url="http://amwtp.inl.gov/Jobs/Apply/12" />
+			<test url="http://www.amwtp.inl.gov/Jobs/Download/2" />
+			<test url="http://www.amwtp.inl.gov/Jobs/EVerify" />
+			<test url="http://nuclear.inl.gov/gen4/msr.shtml" />
+			<test url="http://nuclear.inl.gov/gen4/scwr.shtml" />
+			<test url="http://nuclear.inl.gov/gougar.shtml" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?inl\.gov$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^\.inl\.gov$" name="-PSJSESSIONID$" /-->
+	<!--securecookie host="^(?:cset)?\.inl\.gov$" name="^citrix_ns_id" /-->
+	<!--securecookie host="^(?:atmsuf|fukushima|nmed|nrod)\.inl\.gov$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^intlcareers\.inl\.gov$" name="^__RequestVerificationToken$" /-->
+
+	<securecookie host="^(?!amwtp\.|www\.amwtp\.|nuclear\.)\w" name=".+" />
+
+
+	<!--	Redirect drops args and forward slash:
+							-->
+	<rule from="^http://(?:www\.)?amwtp\.inl\.gov/.*"
+		to="https://idahocleanupproject.com/" />
+
+	<!--	Redirect drops args and forward slash:
+							-->
+	<rule from="^http://nuclear\.inl\.gov/.*"
+		to="https://inlportal.inl.gov/portal/server.pt?open=512&amp;objID=277&amp;mode=2" />
+
+		<test url="http://nuclear.inl.gov/?" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/inmediahk.net.xml b/src/chrome/content/rules/inmediahk.net.xml
new file mode 100644
index 000000000000..31142880ce93
--- /dev/null
+++ b/src/chrome/content/rules/inmediahk.net.xml
@@ -0,0 +1,8 @@
+<ruleset name="inmediahk.net">
+	<target host="inmediahk.net" />
+	<target host="www.inmediahk.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/inosmi.ru.xml b/src/chrome/content/rules/inosmi.ru.xml
new file mode 100644
index 000000000000..f19bfc2bd15d
--- /dev/null
+++ b/src/chrome/content/rules/inosmi.ru.xml
@@ -0,0 +1,7 @@
+<!-- (www.)? mixed content
+blogs. mismatch -->
+<ruleset name="inosmi.ru">
+	<target host="forum.inosmi.ru" />
+	<target host="pda.inosmi.ru" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/inovem.com.xml b/src/chrome/content/rules/inovem.com.xml
new file mode 100644
index 000000000000..52a2a91e02cf
--- /dev/null
+++ b/src/chrome/content/rules/inovem.com.xml
@@ -0,0 +1,16 @@
+<!--
+	(www.)?inovem.com: Dropped
+
+-->
+<ruleset name="Inovem.com (partial)" default_off="mismatched, self-signed">
+
+	<target host="groups.inovem.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/inpearls.ru.xml b/src/chrome/content/rules/inpearls.ru.xml
new file mode 100644
index 000000000000..2f01b5e3de3e
--- /dev/null
+++ b/src/chrome/content/rules/inpearls.ru.xml
@@ -0,0 +1,7 @@
+<ruleset name="inpearls.ru">
+	<target host="inpearls.ru"/>
+	<target host="www.inpearls.ru"/>
+	<target host="m.inpearls.ru"/>
+
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/inside-security.de.xml b/src/chrome/content/rules/inside-security.de.xml
new file mode 100644
index 000000000000..c8a15e586bf2
--- /dev/null
+++ b/src/chrome/content/rules/inside-security.de.xml
@@ -0,0 +1,6 @@
+<!-- fwlogwatch. NET::ERR_CERT_COMMON_NAME_INVALID -->
+<ruleset name="inside-security.de">
+	<target host="inside-security.de" />
+	<target host="www.inside-security.de" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/installments.com.xml b/src/chrome/content/rules/installments.com.xml
new file mode 100644
index 000000000000..c87ef05e578d
--- /dev/null
+++ b/src/chrome/content/rules/installments.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="installments.com">
+	<target host=    "installments.com" />
+	<target host="www.installments.com" />
+
+  	<securecookie host="^www\.installments\.com$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/instantatlas.com.xml b/src/chrome/content/rules/instantatlas.com.xml
new file mode 100644
index 000000000000..8ff02a9ade0e
--- /dev/null
+++ b/src/chrome/content/rules/instantatlas.com.xml
@@ -0,0 +1,44 @@
+<!--
+	CDN buckets:
+
+		- iaohelp.azurewebsites.net
+
+
+	Problematic hosts in *instantatlas.com:
+
+		- (www.)? ᵉ ᵐ ˢ
+		- ias ᵉ ᵐ ˢ
+
+	ᵉ Expired
+	ᵐ Mismatched
+	ˢ Self-signed
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- .help.instantatlas.com
+		- online.instantatlas.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="InstantAtlas.com (partial)">
+
+	<target host="help.instantatlas.com" />
+	<target host="online.instantatlas.com" />
+	<target host="reports.instantatlas.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.help\.instantatlas\.com$" name="^ARRAffinity$" /-->
+	<!--securecookie host="^online\.instantatlas\.com$" name="^__RequestVerificationToken$" /-->
+
+	<securecookie host="^\w" name=".+" />
+	<securecookie host="^\." name="^ARRAffinity$" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/intagme.com.xml b/src/chrome/content/rules/intagme.com.xml
new file mode 100644
index 000000000000..774483916470
--- /dev/null
+++ b/src/chrome/content/rules/intagme.com.xml
@@ -0,0 +1,29 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://intagme.com/ => https://intagme.com/: (28, 'Operation timed out after 30000 milliseconds with 0 bytes received')
+Fetch error: http://www.intagme.com/ => https://www.intagme.com/: (28, 'Operation timed out after 30013 milliseconds with 0 bytes received')
+
+	Mixed content:
+
+		- css from fonts.googleapis.com ˢ
+		- css from $self ˢ
+		- Images from $self ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Intagme.com" platform="mixedcontent" default_off="failed ruleset test">
+
+	<target host="intagme.com" />
+	<target host="www.intagme.com" />
+
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/intec.edu.za.xml b/src/chrome/content/rules/intec.edu.za.xml
new file mode 100644
index 000000000000..82cea871b0bf
--- /dev/null
+++ b/src/chrome/content/rules/intec.edu.za.xml
@@ -0,0 +1,27 @@
+<!--
+	Invalid certificate:
+		www.virtual.intec.edu.za
+		www.myclass.intec.edu.za
+
+	Refused:
+		autodiscover.intec.edu.za
+		ftp.intec.edu.za
+		news.intec.edu.za
+		localhost.intec.edu.za
+
+	Time out:
+		www.fais.intec.edu.za
+		insurance.intec.edu.za
+		www.insurance.intec.edu.za
+		mail.intec.edu.za
+		studentportal.intec.edu.za
+		promos.intec.edu.za
+-->
+<ruleset name="intec.edu.za">
+	<target host="intec.edu.za" />
+	<target host="www.intec.edu.za" />
+	<target host="myclass.intec.edu.za" />
+
+	<rule from="^http://intec\.edu\.za/" to="https://www.intec.edu.za/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/intellipoker.bg.xml b/src/chrome/content/rules/intellipoker.bg.xml
new file mode 100644
index 000000000000..f74b3538c814
--- /dev/null
+++ b/src/chrome/content/rules/intellipoker.bg.xml
@@ -0,0 +1,28 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://media.intellipoker.bg/ => https://media.intellipoker.bg/: (51, "SSL: no alternative certificate subject name matches target host name 'media.intellipoker.bg'")
+
+	Insecure cookies are set for these domains:
+
+		- .intellipoker.bg
+
+-->
+<ruleset name="IntelliPoker.bg" default_off="failed ruleset test">
+
+	<target host="intellipoker.bg" />
+	<target host="media.intellipoker.bg" />
+	<target host="www.intellipoker.bg" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.intellipoker\.bg$" name="^(?:__[\da-f]{32}|PHPSESSID|newbie)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/intellnews.net.xml b/src/chrome/content/rules/intellnews.net.xml
new file mode 100644
index 000000000000..d6f1a39da537
--- /dev/null
+++ b/src/chrome/content/rules/intellnews.net.xml
@@ -0,0 +1,45 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.intellnews.net/ => https://www.intellnews.net/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://intellnews.net/ => https://www.intellnews.net/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	^intellnews.net: Mismatched
+
+
+	Mixed content:
+
+		- iframe on www from www.youtube.com ˢ
+
+		- Ads/bugs, on:
+
+			- www from www.eztouse.com
+			- www from www.facebook.com ˢ
+			- www from www.mynewsonthego.com
+			- www from embed.newsinc.com ˢ
+			- www from legacy.newsinc.com ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="IntellNews.net" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.intellnews.net" />
+
+	<!--	Complications:
+				-->
+	<target host="intellnews.net" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://intellnews\.net/"
+		to="https://www.intellnews.net/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/intelnews.org.xml b/src/chrome/content/rules/intelnews.org.xml
new file mode 100644
index 000000000000..fe316ef5ace7
--- /dev/null
+++ b/src/chrome/content/rules/intelnews.org.xml
@@ -0,0 +1,14 @@
+<ruleset name="IntelNews.org">
+
+	<target host="intelnews.org" />
+	<target host="www.intelnews.org" />
+
+
+	<securecookie host=".+" name="^aps-trtmnt$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/interactivepasts.com.xml b/src/chrome/content/rules/interactivepasts.com.xml
new file mode 100644
index 000000000000..93005660ec6f
--- /dev/null
+++ b/src/chrome/content/rules/interactivepasts.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="interactivepasts.com">
+	<target host="interactivepasts.com" />
+	<target host="www.interactivepasts.com" />
+	<target host="autodiscover.interactivepasts.com" />
+	<target host="cpanel.interactivepasts.com" />
+	<target host="ipv6.interactivepasts.com" />
+	<target host="mail.interactivepasts.com" />
+	<target host="webdisk.interactivepasts.com" />
+	<target host="webmail.interactivepasts.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/interfax.az.xml b/src/chrome/content/rules/interfax.az.xml
new file mode 100644
index 000000000000..540bde15a3f6
--- /dev/null
+++ b/src/chrome/content/rules/interfax.az.xml
@@ -0,0 +1,5 @@
+<ruleset name="interfax.az" platform="mixedcontent">
+	<target host="interfax.az" />
+	<target host="www.interfax.az" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/interfax.kz.xml b/src/chrome/content/rules/interfax.kz.xml
new file mode 100644
index 000000000000..9ebcbaabf55c
--- /dev/null
+++ b/src/chrome/content/rules/interfax.kz.xml
@@ -0,0 +1,9 @@
+<ruleset name="interfax.kz">
+	<target host="interfax.kz" />
+	<target host="www.interfax.kz" />
+	<target host="press.interfax.kz" />
+	<target host="uploads.interfax.kz" />
+	<target host="religion.interfax.kz" />
+	<target host="news.interfax.kz" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/internetessentials.com.xml b/src/chrome/content/rules/internetessentials.com.xml
new file mode 100644
index 000000000000..6cf369d889a0
--- /dev/null
+++ b/src/chrome/content/rules/internetessentials.com.xml
@@ -0,0 +1,43 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://aprendizaje.internetessentials.com/ => https://aprendizaje.internetessentials.com/: (28, 'Connection timed out after 20005 milliseconds')
+Fetch error: http://bulk.internetessentials.com/ => https://bulk.internetessentials.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://learning.internetessentials.com/ => https://learning.internetessentials.com/: (28, 'Connection timed out after 20000 milliseconds')
+
+	For other Comcast coverage, see Comcast.xml.
+
+
+	Insecure cookies are set for these hosts:
+
+		- aplicar.internetessentials.com
+		- apply.internetessentials.com
+		- bulk.internetessentials.com
+		- partner.internetessentials.com
+
+-->
+<ruleset name="Internet Essentials.com" default_off="failed ruleset test">
+
+	<target host="internetessentials.com" />
+	<target host="aplicar.internetessentials.com" />
+	<target host="apply.internetessentials.com" />
+	<target host="aprendizaje.internetessentials.com" />
+	<target host="bulk.internetessentials.com" />
+	<target host="es.internetessentials.com" />
+	<target host="learning.internetessentials.com" />
+	<target host="partner.internetessentials.com" />
+	<target host="www.internetessentials.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^ap(?:licar|ply)\.internetessentials\.com$" name="^(?:AWSELB|PHPSESSID)$" /-->
+	<!--securecookie host="^(?:bulk|partner)\.internetessentials\.com$" name="^AWSELB$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/internetfreedomfestival.org.xml b/src/chrome/content/rules/internetfreedomfestival.org.xml
new file mode 100644
index 000000000000..8b7d20807a33
--- /dev/null
+++ b/src/chrome/content/rules/internetfreedomfestival.org.xml
@@ -0,0 +1,13 @@
+<ruleset name="Internet Freedom Festival.org">
+
+	<target host="internetfreedomfestival.org" />
+	<target host="www.internetfreedomfestival.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/internetua.com.xml b/src/chrome/content/rules/internetua.com.xml
new file mode 100644
index 000000000000..dbe7efd6c5c0
--- /dev/null
+++ b/src/chrome/content/rules/internetua.com.xml
@@ -0,0 +1,17 @@
+<!--
+	Invalid certificate:
+		awards.internetua.com
+		blogs.internetua.com
+		magazine.internetua.com
+		news.internetua.com
+		office.internetua.com
+		old.internetua.com
+		projects.internetua.com
+		test.internetua.com
+-->
+<ruleset name="internetua.com">
+	<target host="internetua.com" />
+	<target host="www.internetua.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/intertelecom.ru.com.xml b/src/chrome/content/rules/intertelecom.ru.com.xml
new file mode 100644
index 000000000000..b5194b281db5
--- /dev/null
+++ b/src/chrome/content/rules/intertelecom.ru.com.xml
@@ -0,0 +1,14 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://assa.intertelecom.ru.com/ => https://assa.intertelecom.ru.com/: (60, 'SSL certificate problem: certificate has expired')
+
+intertelecom.ru.com revoked
+www.intertelecom.ru.com revoked
+old.intertelecom.ru.com revoked
+-->
+<ruleset name="intertelecom.ru.com (partial)" default_off="failed ruleset test">
+	<target host="assa.intertelecom.ru.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/intsig.com.xml b/src/chrome/content/rules/intsig.com.xml
new file mode 100644
index 000000000000..79622a457921
--- /dev/null
+++ b/src/chrome/content/rules/intsig.com.xml
@@ -0,0 +1,62 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://intsig.com/ => https://intsig.com/: Too many redirects while fetching 'https://intsig.com/'
+Fetch error: http://www.intsig.com/ => https://www.intsig.com/: Too many redirects while fetching 'https://www.intsig.com/'
+
+	Other IntSig rulesets:
+
+		- intsig.net.xml
+
+
+	Problematic hosts in *intsig.com:
+
+		- cdn1 ᵐ
+
+	ᵐ Cloudfront / mismatched
+
+
+	Insecure cookies are set for these domains: ᶜ
+
+		- .intsig.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css on www from static.intsig.net ˢ
+		- Images on www from static.intsig.net ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="IntSig.com (partial)" platform="mixedcontent" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="intsig.com" />
+	<target host="www.intsig.com" />
+
+	<!--	Complications:
+				-->
+	<!--target host="cdn1.intsig.com" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.intsig\.com$" name="^(?:_ccl|_isstat|_isstatuser)$" /-->
+
+	<securecookie host="^\." name="^_isstat" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<!--rule from="^http://cdn1\.intsig\.com/"
+		to="https://???.cloudfront.net/" /-->
+
+		<!--test url="http://cdn1.intsig.com/download/CamX_Backup_Tool_v2.5.1.4.zip" /-->
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/intsig.net.xml b/src/chrome/content/rules/intsig.net.xml
new file mode 100644
index 000000000000..b561e9cc730d
--- /dev/null
+++ b/src/chrome/content/rules/intsig.net.xml
@@ -0,0 +1,58 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://intsig.net/ => https://intsig.net/: Too many redirects while fetching 'https://intsig.net/'
+Fetch error: http://www.intsig.net/ => https://www.intsig.net/: Too many redirects while fetching 'https://www.intsig.net/'
+
+	For other IntSig coverage, see intsig.com.xml.
+
+
+	Nonfunctional hosts in *intsig.net:
+
+		- w12013 ʰ
+
+	ʰ Redirects to http
+
+
+	Insecure cookies are set for these domains hosts: ᶜ
+
+		- .intsig.net
+		- shop.intsig.net
+		- store.intsig.net
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="IntSig.net (partial)" default_off="failed ruleset test">
+
+	<target host="intsig.net" />
+	<target host="download.intsig.net" />
+	<target host="resource.intsig.net" />
+	<target host="s.intsig.net" />
+	<target host="shop.intsig.net" />
+	<target host="static.intsig.net" />
+	<target host="store.intsig.net" />
+	<target host="www.intsig.net" />
+
+		<!--	$ 403s, so:
+					-->
+		<test url="http://download.intsig.net/desktop/" />
+		<test url="http://s.intsig.net/r/terms/PP_CamCard_en-us.html" />
+
+		<!--test url="http://resource.intsig.net/software/Android_CamCard_Lite.apk" /-->
+		<test url="http://static.intsig.net/openapi/camscanner/img/developer/openapi_footer.png" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.intsig\.net$" name="^_(?:_ccl|isstat)$" /-->
+	<!--securecookie host="^(?:shop|store)\.intsig\.net$" name="^JSESSID$" /-->
+
+	<securecookie host="^\." name="^_isstat" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/invisiblethings.org.xml b/src/chrome/content/rules/invisiblethings.org.xml
new file mode 100644
index 000000000000..809ff479cefa
--- /dev/null
+++ b/src/chrome/content/rules/invisiblethings.org.xml
@@ -0,0 +1,10 @@
+<!--
+Connection error with HTTPS for: www.invisiblethings.org
+-->
+
+<ruleset name="InvisibleThings.org">
+	<target host="invisiblethings.org" />
+	<target host="blog.invisiblethings.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/invitro.ru.xml b/src/chrome/content/rules/invitro.ru.xml
new file mode 100644
index 000000000000..bb6b5185971c
--- /dev/null
+++ b/src/chrome/content/rules/invitro.ru.xml
@@ -0,0 +1,60 @@
+<!--
+www.baby.invitro.ru ¹
+brand.invitro.ru ²
+buket.invitro.ru non-2xx http code
+1-h.caravan.invitro.ru ²
+checkup.invitro.ru ²
+corp.invitro.ru ²
+newgemlabkz.do.invitro.ru ³
+durex.invitro.ru ²
+www.durex.invitro.ru ²
+expedition.invitro.ru ³
+expedition2014.invitro.ru ³
+franchising.invitro.ru ²
+inbioflor.invitro.ru non-2xx http code
+kostroma.legal.invitro.ru ¹
+moscow.legal.invitro.ru ¹
+rostov.legal.invitro.ru ¹
+ryzan.legal.invitro.ru ¹
+samara.legal.invitro.ru ¹
+siberia.legal.invitro.ru ¹
+spb.legal.invitro.ru ¹
+tambov.legal.invitro.ru ¹
+voronezh.legal.invitro.ru ¹
+marafon.invitro.ru ⁵
+marathon.invitro.ru ⁵
+mx1.invitro.ru ³
+mx2.invitro.ru ³
+mx3.invitro.ru ³
+www.old.invitro.ru ³
+pokavsedoma.invitro.ru ³
+shop.invitro.ru non-2xx http code
+www.shop.invitro.ru ¹
+shop-2017.invitro.ru non-2xx http code
+spb.invitro.ru ³
+survey.invitro.ru non-2xx http code
+sv-vd13.invitro.ru ⁴
+conference.ural.invitro.ru ²
+uzi.invitro.ru non-2xx http code
+vet.invitro.ru ²
+xero.invitro.ru ⁴
+
+
+¹ mismatch
+² refused
+³ timed out
+⁴ self signed
+⁵ expired
+-->
+<ruleset name="invitro.ru">
+	<target host="invitro.ru" />
+	<target host="www.invitro.ru" />
+	<target host="assist.invitro.ru" />
+	<target host="baby.invitro.ru" />
+	<target host="e-pass.invitro.ru" />
+	<target host="forum.invitro.ru" />
+	<target host="lk.invitro.ru" />
+	<target host="ns1.invitro.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ioke.org.xml b/src/chrome/content/rules/ioke.org.xml
new file mode 100644
index 000000000000..ae7b58dfb072
--- /dev/null
+++ b/src/chrome/content/rules/ioke.org.xml
@@ -0,0 +1,21 @@
+<!--
+	Nonfunctional hosts in *ioke.org:
+
+		- ci ᵃ
+
+	ᵃ Shows another domain
+
+-->
+<ruleset name="Ioke.org (partial)">
+
+	<target host="ioke.org" />
+	<target host="www.ioke.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ioninteractive.com.xml b/src/chrome/content/rules/ioninteractive.com.xml
new file mode 100644
index 000000000000..e9bfe8891a44
--- /dev/null
+++ b/src/chrome/content/rules/ioninteractive.com.xml
@@ -0,0 +1,75 @@
+<!--
+	Other Ion Interactive rulesets:
+
+		- Post-Click-Marketing.xml
+
+
+	CDN buckets:
+
+		- f110c5f33f0193dac457-4d10287819954fd6d08ae459de19af00.ssl.cf1.rackcdn.com
+
+
+	Problematic hosts in *ioninteractive.com:
+
+		- (www.)? ᵐ
+		- demo ᵐ
+
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .ioninteractive.com
+		- apps.ioninteractive.com
+		- meet.ioninteractive.com
+		- paths.ioninteractive.com
+
+-->
+<ruleset name="Ion Interactive.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="apps.ioninteractive.com" />
+	<target host="meet.ioninteractive.com" />
+	<target host="paths.ioninteractive.com" />
+
+	<!--	Complications:
+				-->
+	<target host="ioninteractive.com" />
+	<target host="www.ioninteractive.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.ioninteractive\.com$" name="^LiveBall$" /-->
+	<!--securecookie host="^(?:apps|meet|paths)\.ioninteractive\.com$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^(?!www\.)\w" name=".+" />
+
+
+	<!--	Redirect drops args:
+					-->
+	<rule from="^http://(?:www\.)?ioninteractive\.com/.*"
+		to="https://meet.ioninteractive.com/home" />
+
+		<!--	Not all paths redirect:
+						-->
+		<exclusion pattern="http://(?:www\.)?ioninteractive\.com/(?!$|\?)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://ioninteractive.com/blog-summary/" />
+			<test url="http://ioninteractive.com/careers/home/" />
+			<test url="http://www.ioninteractive.com/events-summary/" />
+			<test url="http://www.ioninteractive.com/news/" />
+			<test url="http://www.ioninteractive.com/webinars/" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.ioninteractive.com/?" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ionitcom.ru.xml b/src/chrome/content/rules/ionitcom.ru.xml
new file mode 100644
index 000000000000..1ff22c653d13
--- /dev/null
+++ b/src/chrome/content/rules/ionitcom.ru.xml
@@ -0,0 +1,49 @@
+<!--
+ionitcom.ru ³
+www.ionitcom.ru ³
+aid.ionitcom.ru ³
+apoc.ionitcom.ru ³
+apoc-old.ionitcom.ru ³
+ares.ionitcom.ru ³
+dpi.ionitcom.ru ³
+forum.ionitcom.ru ³
+frenchlovertv.ionitcom.ru ³
+ftp.ionitcom.ru ³
+gallery.ionitcom.ru ³
+gera.ionitcom.ru ³
+i-see-you.ionitcom.ru ³
+infotv.ionitcom.ru ²
+kato.ionitcom.ru ³
+kix.ionitcom.ru ³
+nat1.ionitcom.ru ³
+nat2.ionitcom.ru ³
+nat3.ionitcom.ru ³
+new.ionitcom.ru ³
+ns2.ionitcom.ru ³
+ns3.ionitcom.ru ³
+ns4.ionitcom.ru ³
+ns5.ionitcom.ru ³
+old.ionitcom.ru ³
+system.ionitcom.ru ³
+techno.ionitcom.ru ³
+triplex.ionitcom.ru ³
+uvpn.ionitcom.ru ³
+voip.ionitcom.ru ²
+www2.ionitcom.ru ³
+zeus.ionitcom.ru ³
+
+
+² refused
+³ timed out
+-->
+<ruleset name="ionitcom.ru (partial)">
+	<target host="blackhole.ionitcom.ru" />
+	<target host="lk.ionitcom.ru" />
+	<target host="mail.ionitcom.ru" />
+	<target host="ns1.ionitcom.ru" />
+	<target host="pay.ionitcom.ru" />
+	<target host="webmail.ionitcom.ru" />
+	<target host="zion.ionitcom.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ioquake3.xml b/src/chrome/content/rules/ioquake3.xml
new file mode 100644
index 000000000000..4a4032edd7fd
--- /dev/null
+++ b/src/chrome/content/rules/ioquake3.xml
@@ -0,0 +1,17 @@
+<!--
+	Invalid or untrusted cert:
+		- master.ioquake3.org
+		- mobile.ioquake3.org
+		- mumble.ioquake3.org
+		- server.ioquake3.org
+		- wiki.ioquake3.org
+-->
+<ruleset name="ioquake3">
+	<target host="ioquake3.org" />
+	<target host="www.ioquake3.org" />
+	<target host="smiletheory.ioquake3.org" />
+	<target host="upd.ioquake3.org" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/iot.uk.xml b/src/chrome/content/rules/iot.uk.xml
new file mode 100644
index 000000000000..8f815c3967f2
--- /dev/null
+++ b/src/chrome/content/rules/iot.uk.xml
@@ -0,0 +1,14 @@
+<ruleset name="IoT.uk">
+
+	<target host="iot.uk" />
+	<target host="www.iot.uk" />
+
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/iovisor.org.xml b/src/chrome/content/rules/iovisor.org.xml
new file mode 100644
index 000000000000..7a383d4db56b
--- /dev/null
+++ b/src/chrome/content/rules/iovisor.org.xml
@@ -0,0 +1,17 @@
+<!--
+	For other Linux Foundation coverage, see LinuxFoundation.xml.
+
+-->
+<ruleset name="IO Visor.org">
+
+	<target host="iovisor.org" />
+	<target host="www.iovisor.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ip-home.net.xml b/src/chrome/content/rules/ip-home.net.xml
new file mode 100644
index 000000000000..bd6527163c2c
--- /dev/null
+++ b/src/chrome/content/rules/ip-home.net.xml
@@ -0,0 +1,11 @@
+<!--
+ip-home.net mismatch
+www.ip-home.net mismatch
+forum.ip-home.net mismatch
+help.ip-home.net mismatch
+-->
+<ruleset name="ip-home.net (partial)">
+	<target host="stat.ip-home.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ipair.com.xml b/src/chrome/content/rules/ipair.com.xml
new file mode 100644
index 000000000000..895affaeeb64
--- /dev/null
+++ b/src/chrome/content/rules/ipair.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="ipair.com">
+	<target host="ipair.com" />
+	<target host="www.ipair.com" />
+	<target host="m.ipair.com" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ipchicken.com.xml b/src/chrome/content/rules/ipchicken.com.xml
new file mode 100644
index 000000000000..8ef817230501
--- /dev/null
+++ b/src/chrome/content/rules/ipchicken.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="ipchicken.com">
+	<target host="ipchicken.com" />
+	<target host="www.ipchicken.com" />
+	<target host="ftp.ipchicken.com" />
+	<target host="mail.ipchicken.com" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/iphones.ru.xml b/src/chrome/content/rules/iphones.ru.xml
new file mode 100644
index 000000000000..4c4395a2f4c2
--- /dev/null
+++ b/src/chrome/content/rules/iphones.ru.xml
@@ -0,0 +1,7 @@
+<ruleset name="iphones.ru">
+	<target host="iphones.ru" />
+	<target host="www.iphones.ru" />
+	<target host="deals.iphones.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ipic.su.xml b/src/chrome/content/rules/ipic.su.xml
new file mode 100644
index 000000000000..8f604d9dc980
--- /dev/null
+++ b/src/chrome/content/rules/ipic.su.xml
@@ -0,0 +1,12 @@
+<!--
+	Refused:
+		d.ipic.su
+		dc-5c88388338a2.ipic.su
+		mail.ipic.su
+-->
+<ruleset name="ipic.su">
+	<target host="ipic.su" />
+	<target host="www.ipic.su" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ipify.org.xml b/src/chrome/content/rules/ipify.org.xml
new file mode 100644
index 000000000000..9db701d449dd
--- /dev/null
+++ b/src/chrome/content/rules/ipify.org.xml
@@ -0,0 +1,17 @@
+<!--
+ipify.org ³
+
+
+³ timed out
+-->
+<ruleset name="ipify.org">
+	<target host="www.ipify.org" />
+	<target host="api.ipify.org" />
+
+	<target host="ipify.org" />
+
+	<rule from="^http://ipify\.org/"
+		to="https://www.ipify.org/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ipinfo.io.xml b/src/chrome/content/rules/ipinfo.io.xml
new file mode 100644
index 000000000000..d88be24a6d74
--- /dev/null
+++ b/src/chrome/content/rules/ipinfo.io.xml
@@ -0,0 +1,9 @@
+<ruleset name="ipinfo.io">
+	<target host="ipinfo.io" />
+	<target host="www.ipinfo.io" />
+	<target host="blog.ipinfo.io" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ipip.net.xml b/src/chrome/content/rules/ipip.net.xml
new file mode 100644
index 000000000000..4032955b1e61
--- /dev/null
+++ b/src/chrome/content/rules/ipip.net.xml
@@ -0,0 +1,15 @@
+<ruleset name="ipip.net">
+	<target host="www.ipip.net" />
+	<target host="agent.ipip.net" />
+	<target host="agentapi.ipip.net" />
+	<target host="cdn.ipip.net" />
+	<target host="clientapi.ipip.net" />
+	<target host="freeapi.ipip.net" />
+	<target host="ipapi.ipip.net" />
+	<target host="myip.ipip.net" />
+	<target host="user.ipip.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/iplocation.net.xml b/src/chrome/content/rules/iplocation.net.xml
new file mode 100644
index 000000000000..6dc3704ec8f8
--- /dev/null
+++ b/src/chrome/content/rules/iplocation.net.xml
@@ -0,0 +1,18 @@
+<!--
+
+	Non-functional subdomain:
+		- forums	(display home page)
+
+-->
+
+<ruleset name="iplocation.net">
+
+	<target host=    "iplocation.net" />
+	<target host="www.iplocation.net" />
+
+  	<securecookie host="^www\.iplocation\.net$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/iq-optimize.de.xml b/src/chrome/content/rules/iq-optimize.de.xml
new file mode 100644
index 000000000000..a4bac262e984
--- /dev/null
+++ b/src/chrome/content/rules/iq-optimize.de.xml
@@ -0,0 +1,11 @@
+<ruleset name="IQ-optimize.de">
+
+	<target host="iq-optimize.de" />
+	<target host="www.iq-optimize.de" />
+	<target host="imagepool.iq-optimize.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/iqdb.xml b/src/chrome/content/rules/iqdb.xml
new file mode 100644
index 000000000000..6d060170300c
--- /dev/null
+++ b/src/chrome/content/rules/iqdb.xml
@@ -0,0 +1,12 @@
+<!--
+	Nonfunctional domains:
+		- *.iqdb.org other than targets (domain mismatch)
+-->
+
+<ruleset name="iqdb">
+	<target host="iqdb.org" />
+	<target host="3d.iqdb.org" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/iqoption.com.xml b/src/chrome/content/rules/iqoption.com.xml
new file mode 100644
index 000000000000..78ad03d49b35
--- /dev/null
+++ b/src/chrome/content/rules/iqoption.com.xml
@@ -0,0 +1,19 @@
+<ruleset name="iq option.com">
+	<target host="iqoption.com" />
+	<target host="www.iqoption.com" />
+	<target host="affiliate.iqoption.com" />
+	<target host="blog.iqoption.com" />
+	<target host="cpa.iqoption.com" />
+	<target host="track.cpa.iqoption.com" />
+	<target host="eu.iqoption.com" />
+	<target host="fsms.iqoption.com" />
+	<test url="http://fsms.iqoption.com/storage/public/5e/2e/df8a006181j5g7f9e9.html" />
+	<test url="http://fsms.iqoption.com/storage/public/5e/31/b06e97d037b2a9c0d1.html" />
+	<target host="ib.iqoption.com" />
+	<target host="job.iqoption.com" />
+	<target host="updates.iqoption.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/irancybercrime.org.xml b/src/chrome/content/rules/irancybercrime.org.xml
new file mode 100644
index 000000000000..fd6a981a51b1
--- /dev/null
+++ b/src/chrome/content/rules/irancybercrime.org.xml
@@ -0,0 +1,13 @@
+<ruleset name="Iran Cyber Crime.org">
+
+	<target host="irancybercrime.org" />
+	<target host="www.irancybercrime.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/irc.lc.xml b/src/chrome/content/rules/irc.lc.xml
new file mode 100644
index 000000000000..d2efc68eabd3
--- /dev/null
+++ b/src/chrome/content/rules/irc.lc.xml
@@ -0,0 +1,19 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://dev.irc.lc/ => https://dev.irc.lc/: (51, "SSL: no alternative certificate subject name matches target host name 'dev.irc.lc'")
+
+	Mixed content:
+		- chatbox on all channel sites (webchat.quakenet.org iframe)
+
+	Refused:
+		- pad.irc.lc
+-->
+<ruleset name="irc.lc" platform="mixedcontent" default_off="failed ruleset test">
+	<target host="irc.lc" />
+	<target host="www.irc.lc" />
+	<target host="dev.irc.lc" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ircity.ru.xml b/src/chrome/content/rules/ircity.ru.xml
new file mode 100644
index 000000000000..9012362692e5
--- /dev/null
+++ b/src/chrome/content/rules/ircity.ru.xml
@@ -0,0 +1,5 @@
+<ruleset name="ircity.ru">
+	<target host="ircity.ru" />
+	<target host="www.ircity.ru" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ire.org.xml b/src/chrome/content/rules/ire.org.xml
new file mode 100644
index 000000000000..22d7638f50b7
--- /dev/null
+++ b/src/chrome/content/rules/ire.org.xml
@@ -0,0 +1,13 @@
+<ruleset name="IRE.org">
+
+	<target host="ire.org" />
+	<target host="www.ire.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/irex.org.xml b/src/chrome/content/rules/irex.org.xml
new file mode 100644
index 000000000000..3322311520be
--- /dev/null
+++ b/src/chrome/content/rules/irex.org.xml
@@ -0,0 +1,40 @@
+<!--
+	Nonfunctional hosts in *irex.org:
+
+		- report ᵃ
+
+	ᵃ Shows ^irex.org
+
+
+	These altnames do not exist:
+
+		- aws.irex.org
+
+
+	Insecure cookies are set for these domains: ᶜ
+
+		- .irex.org
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="IREX.org (partial)">
+
+	<target host="irex.org" />
+	<target host="oas.irex.org" />
+	<target host="www.irex.org" />
+	<target host="yaliapp.irex.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.irex\.org$" name="^SESS[\da-f]{32}$" /-->
+
+	<securecookie host="^\." name="^SESS" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/irknet.ru.xml b/src/chrome/content/rules/irknet.ru.xml
new file mode 100644
index 000000000000..dafbd9c868a7
--- /dev/null
+++ b/src/chrome/content/rules/irknet.ru.xml
@@ -0,0 +1,68 @@
+<!--
+banned.irknet.ru ⁵
+mail.irknet.ru ¹
+ns1.irknet.ru ³
+ns2.irknet.ru ²
+84-244-13-179.pppoe.irknet.ru ³
+84-244-21-213.pppoe.irknet.ru ²
+84-244-28-138.pppoe.irknet.ru ³
+84-244-31-227.pppoe.irknet.ru ²
+84-244-31-245.pppoe.irknet.ru ³
+84-244-31-52.pppoe.irknet.ru ⁷
+84-244-35-203.pppoe.irknet.ru ³
+84-244-4-124.pppoe.irknet.ru ³
+84-244-44-63.pppoe.irknet.ru ³
+84-244-48-164.pppoe.irknet.ru ⁴
+84-244-53-20.pppoe.irknet.ru ³
+84-244-53-249.pppoe.irknet.ru ³
+84-244-53-76.pppoe.irknet.ru ³
+84-244-54-244.pppoe.irknet.ru ²
+84-244-54-37.pppoe.irknet.ru ³
+84-244-7-101.pppoe.irknet.ru ⁴
+84-244-7-52.pppoe.irknet.ru ³
+84-244-8-136.pppoe.irknet.ru ³
+94-137-197-208.pppoe.irknet.ru ²
+94-137-197-240.pppoe.irknet.ru ³
+94-137-198-27.pppoe.irknet.ru ²
+94-137-198-36.pppoe.irknet.ru ³
+94-137-199-212.pppoe.irknet.ru ²
+94-137-202-1.pppoe.irknet.ru ³
+94-137-203-248.pppoe.irknet.ru ³
+94-137-207-38.pppoe.irknet.ru ³
+94-137-208-121.pppoe.irknet.ru ²
+94-137-209-92.pppoe.irknet.ru ³
+94-137-210-134.pppoe.irknet.ru ³
+94-137-211-68.pppoe.irknet.ru ³
+94-137-212-172.pppoe.irknet.ru ²
+94-137-212-183.pppoe.irknet.ru ³
+94-137-212-200.pppoe.irknet.ru ³
+94-137-213-102.pppoe.irknet.ru ²
+94-137-213-119.pppoe.irknet.ru ³
+94-137-216-31.pppoe.irknet.ru ³
+94-137-217-174.pppoe.irknet.ru ³
+94-137-217-21.pppoe.irknet.ru ³
+94-137-217-73.pppoe.irknet.ru ³
+94-137-220-38.pppoe.irknet.ru ³
+94-137-222-74.pppoe.irknet.ru ²
+94-137-223-201.pppoe.irknet.ru ³
+start.irknet.ru ²
+
+
+¹ mismatch
+² refused
+³ timed out
+⁴ self signed
+⁵ expired
+⁷ protocol error
+-->
+<ruleset name="irknet.ru">
+	<target host="irknet.ru" />
+	<target host="www.irknet.ru" />
+	<target host="angarsk.irknet.ru" />
+	<target host="irkutsk.irknet.ru" />
+	<target host="openapi.irknet.ru" />
+	<target host="register.irknet.ru" />
+	<target host="sludyanka.irknet.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/irongeek.com.xml b/src/chrome/content/rules/irongeek.com.xml
new file mode 100644
index 000000000000..8cf34a51189e
--- /dev/null
+++ b/src/chrome/content/rules/irongeek.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="IronGeek.com">
+	<target host="irongeek.com" />
+	<target host="www.irongeek.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/irrlab.com.xml b/src/chrome/content/rules/irrlab.com.xml
new file mode 100644
index 000000000000..ef9f7d424d26
--- /dev/null
+++ b/src/chrome/content/rules/irrlab.com.xml
@@ -0,0 +1,15 @@
+<!--
+	Wildcard DNS but without wildcard certificate.
+
+	All other subdomains are mismatched.
+
+-->
+<ruleset name="irrlab.com">
+
+	<target host="irrlab.com" />
+	<target host="www.irrlab.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/irs01.com.xml b/src/chrome/content/rules/irs01.com.xml
new file mode 100644
index 000000000000..40f07538c13d
--- /dev/null
+++ b/src/chrome/content/rules/irs01.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="irs01.com">
+
+	<target host="irs01.com" />
+	<target host="a.irs01.com" />
+	<target host="h.irs01.com" />
+	<target host="m.irs01.com" />
+	<target host="pcauto.irs01.com" />
+	<!--target host="iadvalue.irs01.com" /-->
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/is.gd.xml b/src/chrome/content/rules/is.gd.xml
new file mode 100644
index 000000000000..42baf5a91a28
--- /dev/null
+++ b/src/chrome/content/rules/is.gd.xml
@@ -0,0 +1,38 @@
+<!--
+	NB: Tor users cannot view* this website due to CloudFlare settings.
+
+	See:
+
+		- https://blog.torproject.org/blog/call-arms-helping-internet-services-accept-anonymous-users
+		- https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block-Tor-
+		- https://support.cloudflare.com/hc/en-us/articles/200170206-How-do-I-turn-I-m-Under-Attack-mode-on-
+
+	* without enabling javascript, for security and privacy implications see e.g.:
+
+		- https://www.mozilla.org/security/known-vulnerabilities/firefox.html
+		- https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-fingerprinting
+		- https://panopticlick.eff.org
+
+
+	Insecure cookies are set for these domains:
+
+		- .is.gd
+
+-->
+<ruleset name="is.gd">
+
+	<target host="is.gd" />
+	<target host="www.is.gd" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="\.is\.gd$" name="^(__cfduid|cf_clearance)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/is74.ru.xml b/src/chrome/content/rules/is74.ru.xml
new file mode 100644
index 000000000000..0221ded5099e
--- /dev/null
+++ b/src/chrome/content/rules/is74.ru.xml
@@ -0,0 +1,21 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://mail.is74.ru/ => https://mail.is74.ru/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+is74.ru timed out
+www.is74.ru timed out
+city.is74.ru mismatch
+www.pomni.is74.ru mismatch
+www.ooointersvyaz16.is74.ru mismatch
+straniks.ddns.is74.ru timed out
+rh.ddns.is74.ru self signed
+pomni.is74.ru different content
+pjreo.is74.ru different content
+lk.is74.ru different content
+-->
+<ruleset name="is74.ru (partial)" default_off="failed ruleset test">
+	<target host="mail.is74.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/isdown.me.xml b/src/chrome/content/rules/isdown.me.xml
new file mode 100644
index 000000000000..ec84d0e1c795
--- /dev/null
+++ b/src/chrome/content/rules/isdown.me.xml
@@ -0,0 +1,8 @@
+<ruleset name="isdown.me">
+
+	<target host="isdown.me" />
+	<target host="www.isdown.me" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/islandhealth.ca.xml b/src/chrome/content/rules/islandhealth.ca.xml
new file mode 100644
index 000000000000..5d165fa38a0d
--- /dev/null
+++ b/src/chrome/content/rules/islandhealth.ca.xml
@@ -0,0 +1,17 @@
+<ruleset name="islandhealth.ca">
+
+	<target host="islandhealth.ca" />
+	<target host="www.islandhealth.ca" />
+  <target host="communitygrants.islandhealth.ca" />
+  <target host="gateway.islandhealth.ca" />
+  <target host="info.islandhealth.ca" />
+  <target host="ihealtharchive.islandhealth.ca" />
+  <target host="medicalstaff.islandhealth.ca" />
+  <target host="msr-review.islandhealth.ca" />
+  <target host="myhealth.islandhealth.ca" />
+  <target host="nihp.islandhealth.ca" />
+  <target host="spark.islandhealth.ca" />
+  
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/isoc.ch.xml b/src/chrome/content/rules/isoc.ch.xml
new file mode 100644
index 000000000000..8444347f8700
--- /dev/null
+++ b/src/chrome/content/rules/isoc.ch.xml
@@ -0,0 +1,21 @@
+<!--
+	Nonfunctional hosts in *isoc.ch:
+
+		- lists ʳ
+
+	ʳ Refused
+
+-->
+<ruleset name="ISOC.ch (partial)">
+
+	<target host="isoc.ch" />
+	<target host="www.isoc.ch" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ispserver.com.xml b/src/chrome/content/rules/ispserver.com.xml
new file mode 100644
index 000000000000..eb0875aa21c4
--- /dev/null
+++ b/src/chrome/content/rules/ispserver.com.xml
@@ -0,0 +1,62 @@
+<!--
+Similar rulesets:
+ispserver.ru.xml
+ispsystem.com.xml
+ispsystem.ru.xml
+
+aff.ispserver.com ³
+bruhost-3.ispserver.com ⁴
+cloudtest.ispserver.com ²
+mhost1.ispserver.com ⁴
+mhost11.ispserver.com ³
+mhost11-mail.ispserver.com ⁴
+mhost12.ispserver.com ⁴
+mhost13.ispserver.com ⁴
+mhost14.ispserver.com ⁴
+mhost15.ispserver.com ⁴
+mhost16.ispserver.com ⁴
+mhost17.ispserver.com ⁴
+mhost18.ispserver.com ⁷
+mhost2.ispserver.com ⁴
+mhost3.ispserver.com ³
+mhost5.ispserver.com ⁴
+mhost6.ispserver.com ⁴
+mhost7.ispserver.com ⁴
+mhost8.ispserver.com ⁴
+mhost9.ispserver.com ⁴
+msk-mysqlhost.ispserver.com ²
+msk2.ispserver.com ⁴
+msk3.ispserver.com ¹
+msk4.ispserver.com ⁴
+msk5.ispserver.com ⁴
+msk6.ispserver.com ⁴
+mskhost-2.ispserver.com ⁴
+mskhost-3.ispserver.com ⁴
+mskhost10.ispserver.com ⁴
+nsite.ispserver.com ³
+nyhost-3.ispserver.com ³
+pop.ispserver.com ⁴
+sp.ispserver.com ²
+winmskhost.ispserver.com ²
+my.ispserver.com different content
+
+
+¹ mismatch
+² refused
+³ timed out
+⁴ self signed
+⁷ protocol error
+-->
+<ruleset name="ispserver.com">
+	<target host="ispserver.com" />
+	<target host="www.ispserver.com" />
+	<target host="export.ispserver.com" />
+	<target host="lg.ispserver.com" />
+	<target host="mhost4.ispserver.com" />
+	<target host="winmskhost1.ispserver.com" />
+	<target host="winmskhost2.ispserver.com" />
+	<target host="winmskhost3.ispserver.com" />
+	<target host="winmskhost4.ispserver.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ispserver.ru.xml b/src/chrome/content/rules/ispserver.ru.xml
new file mode 100644
index 000000000000..4949aea2d06a
--- /dev/null
+++ b/src/chrome/content/rules/ispserver.ru.xml
@@ -0,0 +1,14 @@
+<!--
+mail.ispserver.ru ⁴
+my.ispserver.ru different content
+
+
+⁴ self signed
+-->
+<ruleset name="ispserver.ru">
+	<target host="ispserver.ru" />
+	<target host="www.ispserver.ru" />
+	<target host="export.ispserver.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ispsystem.com.xml b/src/chrome/content/rules/ispsystem.com.xml
new file mode 100644
index 000000000000..365c37cf4a49
--- /dev/null
+++ b/src/chrome/content/rules/ispsystem.com.xml
@@ -0,0 +1,55 @@
+<!--
+Similar rulesets:
+ispserver.com.xml
+ispserver.ru.xml
+ispsystem.ru.xml
+
+bill.ispsystem.com ¹
+billinfo.ispsystem.com ²
+bmail.ispsystem.com ⁴
+bugs.ispsystem.com ²
+bugtrack.ispsystem.com ⁴
+call.ispsystem.com ³
+cdn.ispsystem.com ¹
+dl.ispsystem.com ²
+shared.doc.ispsystem.com ²
+download.ispsystem.com ²
+master.download.ispsystem.com ²
+ru.download.ispsystem.com ²
+forum.ispsystem.com ²
+jabber.ispsystem.com ³
+job.ispsystem.com ²
+lic2.ispsystem.com ⁴
+license.ispsystem.com ²
+license2.ispsystem.com ²
+license5.ispsystem.com ⁴
+mail.ispsystem.com ⁴
+mail1.ispsystem.com ³
+mobim.ispsystem.com ⁴
+notify.ispsystem.com ¹
+nsite.ispsystem.com ⁷
+oauth.ispsystem.com ⁴
+plugin.ispsystem.com ⁴
+response.ispsystem.com ²
+security.ispsystem.com ⁴
+stat.ispsystem.com ³
+theme.ispsystem.com ⁴
+translate.ispsystem.com ⁴
+api.ispsystem.com different content
+my.ispsystem.com different content
+
+
+¹ mismatch
+² refused
+³ timed out
+⁴ self signed
+⁷ protocol error
+-->
+<ruleset name="ispsystem.com">
+	<target host="ispsystem.com" />
+	<target host="www.ispsystem.com" />
+	<target host="abs.ispsystem.com" />
+	<target host="doc.ispsystem.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ispsystem.ru.xml b/src/chrome/content/rules/ispsystem.ru.xml
new file mode 100644
index 000000000000..611941a698ed
--- /dev/null
+++ b/src/chrome/content/rules/ispsystem.ru.xml
@@ -0,0 +1,22 @@
+<!--
+Similar rulesets:
+ispserver.com.xml
+ispserver.ru.xml
+ispsystem.com.xml
+
+forum.ispsystem.ru ²
+mail.ispsystem.ru ¹
+
+
+¹ mismatch
+² refused
+-->
+<ruleset name="ispsystem.ru">
+	<target host="ispsystem.ru" />
+	<target host="www.ispsystem.ru" />
+	<target host="bugs.ispsystem.ru" />
+	<target host="doc.ispsystem.ru" />
+	<target host="shared.doc.ispsystem.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/issteamdown.com.xml b/src/chrome/content/rules/issteamdown.com.xml
new file mode 100644
index 000000000000..47bceb313f7c
--- /dev/null
+++ b/src/chrome/content/rules/issteamdown.com.xml
@@ -0,0 +1,14 @@
+<ruleset name="Is Steam Down.com">
+
+	<target host="issteamdown.com" />
+	<target host="www.issteamdown.com" />
+
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/it-ccs.com.xml b/src/chrome/content/rules/it-ccs.com.xml
new file mode 100644
index 000000000000..4b304f774885
--- /dev/null
+++ b/src/chrome/content/rules/it-ccs.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="it-ccs.com">
+	<target host="sms.it-ccs.com" />
+	<target host="it-ccs.com" />
+	<target host="www.it-ccs.com" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/it-tv.org.xml b/src/chrome/content/rules/it-tv.org.xml
new file mode 100644
index 000000000000..a7936b2b5c41
--- /dev/null
+++ b/src/chrome/content/rules/it-tv.org.xml
@@ -0,0 +1,25 @@
+<!--
+congress.it-tv.org ¹
+ns1.it-tv.org ²
+ns2.it-tv.org ²
+st.it-tv.org ³
+station.it-tv.org ⁴
+uacable.it-tv.org ¹
+wifi.it-tv.org ²
+mail.it-tv.org different content
+stat.it-tv.org different content
+
+
+¹ mismatch
+² refused
+³ timed out
+⁴ self signed
+-->
+<ruleset name="it-tv.org">
+	<target host="it-tv.org" />
+	<target host="www.it-tv.org" />
+	<target host="bms.it-tv.org" />
+	<target host="video.it-tv.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/itao.com.xml b/src/chrome/content/rules/itao.com.xml
new file mode 100644
index 000000000000..c5cf8fd32e4a
--- /dev/null
+++ b/src/chrome/content/rules/itao.com.xml
@@ -0,0 +1,54 @@
+<!--
+	For other Alibaba coverage, see Alibaba.xml.
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- itao.com
+		- .itao.com
+		- en.itao.com
+		- pt.itao.com
+		- ru.itao.com
+		- www.itao.com
+
+
+	Mixed content:
+
+		- css on (locale_vhost) from style.aliunicorn.com ˢ
+
+		- Images, on;
+
+			- (locale_vhost) from g0\d.t.alicdn.com ˢ
+			- (locale_vhost) from i0\d.i.aliimg.com ˢ
+			- (locale_vhost) from style.aliunicorn.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="iTao.com" platform="mixedcontent">
+
+	<target host="itao.com" />
+	<target host="en.itao.com" />
+	<target host="pt.itao.com" />
+	<target host="ru.itao.com" />
+	<target host="www.itao.com" />
+
+		<!--	Mixed css:
+					-->
+		<!--test url="http://en.itao.com/s/style_gallery" /-->
+		<!--test url="http://pt.itao.com/s/style_gallery" /-->
+		<!--test url="http://ru.itao.com/s/style_gallery" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:(?:en|ru|www)\.)?itao\.com$" name="^JSESSIONID$" /-->
+	<!--securecookie host="^\.itao\.com$" name="^(?:acs_usuc_t|u_us_uc_f|xman_[ft]|xman_us_f)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/itce.ru.xml b/src/chrome/content/rules/itce.ru.xml
new file mode 100644
index 000000000000..185d15e101f0
--- /dev/null
+++ b/src/chrome/content/rules/itce.ru.xml
@@ -0,0 +1,6 @@
+<ruleset name="itce.ru">
+	<target host="itce.ru" />
+	<target host="www.itce.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/itefix.net.xml b/src/chrome/content/rules/itefix.net.xml
new file mode 100644
index 000000000000..0990f568f323
--- /dev/null
+++ b/src/chrome/content/rules/itefix.net.xml
@@ -0,0 +1,14 @@
+<ruleset name="itefix.net">
+
+	<target host="itefix.net" />
+	<target host="www.itefix.net" />
+
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/itella.fi.xml b/src/chrome/content/rules/itella.fi.xml
index 7e036b9832a9..079d86bb8a9e 100644
--- a/src/chrome/content/rules/itella.fi.xml
+++ b/src/chrome/content/rules/itella.fi.xml
@@ -1,12 +1,12 @@
-<ruleset name="itella.fi" platform="mixedcontent">
-  <target host="www.itella.fi" />
-  <target host="itella.fi" />
-
-
-  <rule from="^http://(www\.)?itella\.fi/" to="https://itella.fi/"/>
-
-  <securecookie host="^(www)?\.?itella\.fi" name=".*" />
-
-  <!-- https://trac.torproject.org/projects/tor/ticket/7227 -->
-  <exclusion pattern="^http://(www\.)?itella\.fi/itemtracking/" />
-</ruleset>
+<ruleset name="itella.fi" platform="mixedcontent">
+  <target host="www.itella.fi" />
+  <target host="itella.fi" />
+
+
+  <rule from="^http://(?:www\.)?itella\.fi/" to="https://itella.fi/"/>
+
+  <securecookie host="^(?:www)?\.?itella\.fi" name=".+" />
+
+  <!-- https://trac.torproject.org/projects/tor/ticket/7227 -->
+  <exclusion pattern="^http://(?:www\.)?itella\.fi/itemtracking/" />
+</ruleset>
diff --git a/src/chrome/content/rules/itemname.com.xml b/src/chrome/content/rules/itemname.com.xml
new file mode 100644
index 000000000000..b84080e5ceb3
--- /dev/null
+++ b/src/chrome/content/rules/itemname.com.xml
@@ -0,0 +1,14 @@
+<ruleset name="ItemName.com">
+
+	<target host="itemname.com" />
+	<target host="www.itemname.com" />
+
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/itex.ru.xml b/src/chrome/content/rules/itex.ru.xml
new file mode 100644
index 000000000000..265c25cfea76
--- /dev/null
+++ b/src/chrome/content/rules/itex.ru.xml
@@ -0,0 +1,20 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://itex.ru/ => https://itex.ru/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.itex.ru/ => https://www.itex.ru/: (60, 'SSL certificate problem: certificate has expired')
+
+eltem.itex.ru nonexist
+8200007ru.t.itex.ru ²
+t.itex.ru ²
+git.itex.ru ²
+
+
+² refused
+-->
+<ruleset name="itex.ru" default_off="failed ruleset test">
+	<target host="itex.ru" />
+	<target host="www.itex.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/itif.org.xml b/src/chrome/content/rules/itif.org.xml
new file mode 100644
index 000000000000..20dd5a25584f
--- /dev/null
+++ b/src/chrome/content/rules/itif.org.xml
@@ -0,0 +1,24 @@
+<!--
+	Nonfunctional hosts in *itif.org:
+
+		- archive ᵃ
+		- elections ᵃ
+		- www2 ᵈ
+
+	ᵃ Shows another domain
+	ᵈ Dropped
+
+-->
+<ruleset name="ITIF.org (partial)">
+
+	<target host="itif.org" />
+	<target host="www.itif.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/itk.org.xml b/src/chrome/content/rules/itk.org.xml
new file mode 100644
index 000000000000..1f0cf06bd8a4
--- /dev/null
+++ b/src/chrome/content/rules/itk.org.xml
@@ -0,0 +1,13 @@
+<ruleset name="ITK.org">
+
+	<target host="itk.org" />
+	<target host="www.itk.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/itproportal.com.xml b/src/chrome/content/rules/itproportal.com.xml
new file mode 100644
index 000000000000..943a9b9e0be0
--- /dev/null
+++ b/src/chrome/content/rules/itproportal.com.xml
@@ -0,0 +1,39 @@
+<!--
+	Note: platform is so as not to increase non-Tor
+	distinguishability, given that no pages are covered
+	and no mixed content secured.
+
+
+	CDN buckets:
+
+		- itpp.s3.amazonaws.com
+		- d3j36zdwwifgna.cloudfront.net	← cdn
+		- cdn.mos.cms.futurecdn.net
+
+
+	Nonfunctional hosts in *itproportal.com:
+
+		- ibmconnect ᵈ
+		- static ᵃ
+
+	ᵃ Shows another domain
+	ᵈ Dropped
+
+
+	Problematic hosts in *itproportal.com:
+
+		- (www.)? ᵐ
+		- cdn ᵐ
+
+	ᵐ Mismatched
+
+-->
+<ruleset name="ITProPortal.com (partial)" platform="mixedcontent">
+
+	<target host="cdn.itproportal.com"/>
+
+
+	<rule from="^http://cdn\.itproportal\.com/"
+		to="https://d3j36zdwwifgna.cloudfront.net/"/>
+
+</ruleset>
diff --git a/src/chrome/content/rules/itsoft.ru.xml b/src/chrome/content/rules/itsoft.ru.xml
new file mode 100644
index 000000000000..e81b229958cf
--- /dev/null
+++ b/src/chrome/content/rules/itsoft.ru.xml
@@ -0,0 +1,16 @@
+<!--
+javascript.itsoft.ru ⁴
+sms.itsoft.ru ⁴
+futuris.itsoft.ru ⁴
+learning.itsoft.ru ⁴
+www.rvs.itsoft.ru ⁴
+
+
+⁴ self signed
+-->
+<ruleset name="itsoft.ru">
+	<target host="itsoft.ru" />
+	<target host="www.itsoft.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/itute.com.xml b/src/chrome/content/rules/itute.com.xml
new file mode 100644
index 000000000000..74bfa04edf44
--- /dev/null
+++ b/src/chrome/content/rules/itute.com.xml
@@ -0,0 +1,13 @@
+<!--
+
+	Mismatched hosts in *itute.com:
+
+		- tutors
+
+-->
+<ruleset name="itute.com" platform="mixedcontent">
+	<target host="itute.com" />
+	<target host="www.itute.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ius.io.xml b/src/chrome/content/rules/ius.io.xml
new file mode 100644
index 000000000000..e1c851632eea
--- /dev/null
+++ b/src/chrome/content/rules/ius.io.xml
@@ -0,0 +1,33 @@
+<!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Fetch error: http://www.ius.io/ => https://www.ius.io/: (6, 'Could not resolve host: www.ius.io')
+Fetch error: http://web01.ius.io/ => https://web01.ius.io/: (35, 'error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert internal error')
+
+	STS header includes includeSubdomains.
+
+-->
+<ruleset name="IUS.io">
+
+	<target host="ius.io" />
+	<target host="*.ius.io" />
+
+		<!--	includeSubdomains applies to one level only, so:
+									-->
+		<exclusion pattern="^http://(?:[^./]+\.){2,}ius\.io/" />
+
+			<!--	+ve:
+					-->
+			<test url="http://this.host.ius.io/" />
+			<test url="http://exists.not.ius.io/" />
+
+		<test url="http://setup.ius.io/" />
+    <test url="http://repo.ius.io/" />
+    <test url="http://old.ius.io/" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ivi.ru.xml b/src/chrome/content/rules/ivi.ru.xml
new file mode 100644
index 000000000000..6f6cee48654d
--- /dev/null
+++ b/src/chrome/content/rules/ivi.ru.xml
@@ -0,0 +1,28 @@
+<!--
+	Insecure cookies are set for these domains: ᶜ
+
+		- .ivi.ru
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="ivi.ru">
+
+	<target host="ivi.ru" />
+	<target host="thumbs.dfs.ivi.ru" />
+	<target host="www.ivi.ru" />
+
+		<test url="http://thumbs.dfs.ivi.ru/storage26/contents/1/3/3a653b82ee241f6ddb3bdb9d00b92f.jpg/172x264/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.ivi\.ru$" name="^sessivi$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ivi.tv.xml b/src/chrome/content/rules/ivi.tv.xml
new file mode 100644
index 000000000000..5f3e85c8e0c7
--- /dev/null
+++ b/src/chrome/content/rules/ivi.tv.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these domains: ᶜ
+
+		- .ivi.tv
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="ivi.tv">
+
+	<target host="ivi.tv" />
+	<target host="www.ivi.tv" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.ivi\.tv$" name="^(?:act_days_qnt|is_pers|sessivi|user_ab_bucket|world_entrance_landing_shown)$" /-->
+
+	<securecookie host="^\." name="^(?:_ga|user_ab_bucket$)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ivoting.taipei.xml b/src/chrome/content/rules/ivoting.taipei.xml
new file mode 100644
index 000000000000..cd70f3d4068e
--- /dev/null
+++ b/src/chrome/content/rules/ivoting.taipei.xml
@@ -0,0 +1,6 @@
+<ruleset name="ivoting.taipei">
+	<target host="ivoting.taipei" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ivsezaodnogo.ru.xml b/src/chrome/content/rules/ivsezaodnogo.ru.xml
new file mode 100644
index 000000000000..a9d51e4a520d
--- /dev/null
+++ b/src/chrome/content/rules/ivsezaodnogo.ru.xml
@@ -0,0 +1,27 @@
+<!--
+	NB: Server sends no certificate chain, see https://whatsmychaincert.com
+
+
+	Insecure cookies are set for these hosts:
+
+		- ivsezaodnogo.ru
+		- www.ivsezaodnogo.ru
+
+-->
+<ruleset name="ivsezaodnogo.ru" default_off="cert-chain">
+
+	<target host="ivsezaodnogo.ru" />
+	<target host="www.ivsezaodnogo.ru" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?ivsezaodnogo\.ru$" name="^_allforone_session$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ivteleradio.ru.xml b/src/chrome/content/rules/ivteleradio.ru.xml
new file mode 100644
index 000000000000..fb7e80b89f67
--- /dev/null
+++ b/src/chrome/content/rules/ivteleradio.ru.xml
@@ -0,0 +1,5 @@
+<ruleset name="ivteleradio.ru">
+	<target host="ivteleradio.ru" />
+	<target host="www.ivteleradio.ru" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/iwantmyname.com.xml b/src/chrome/content/rules/iwantmyname.com.xml
new file mode 100644
index 000000000000..d09721875ffe
--- /dev/null
+++ b/src/chrome/content/rules/iwantmyname.com.xml
@@ -0,0 +1,56 @@
+<!--
+	Problematic hosts in *iwantmyname.com:
+
+		- like ᵈ
+		- status ᵐ
+
+	ᵈ Dropped
+	ᵐ StatusPage.io / mismatched
+
+
+	These altnames don't exist:
+
+		- api.iwantmyname.com
+
+
+	Insecure cookies are set for these hosts:
+
+		- iwantmyname.com
+
+-->
+<ruleset name="iwantmyname.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="iwantmyname.com" />
+	<target host="help.iwantmyname.com" />
+	<target host="www.iwantmyname.com" />
+
+	<!--	Complications:
+				-->
+	<target host="like.iwantmyname.com" />
+	<target host="status.iwantmyname.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^iwantmyname\.com$" name="^csrf_session$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<!--	Redirect drops forward
+		slash, path, and args:
+					-->
+	<rule from="^http://like\.iwantmyname\.com/.*"
+		to="https://facebook.com/iwantmyname" />
+
+		<test url="http://like.iwantmyname.com/index.php" />
+
+	<rule from="^http://status\.iwantmyname\.com/"
+		to="https://iwantmyname.statuspage.io/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/iway.ch.xml b/src/chrome/content/rules/iway.ch.xml
index a5c9f6e9ab54..33f7d99ad5c0 100644
--- a/src/chrome/content/rules/iway.ch.xml
+++ b/src/chrome/content/rules/iway.ch.xml
@@ -13,7 +13,7 @@
     <exclusion pattern="^http://netbackup\.iway\.ch" />
     <exclusion pattern="^http://statistik\.iway\.ch" />
 
-    <rule from="^https?://iway\.ch/"
+    <rule from="^http://iway\.ch/"
         to="https://www.iway.ch/"/>
     <rule from="^http://([^/:@]+)?\.iway\.ch/"
         to="https://$1.iway.ch/" />
diff --git a/src/chrome/content/rules/iweb.co.uk.xml b/src/chrome/content/rules/iweb.co.uk.xml
new file mode 100644
index 000000000000..1aef232b1f8b
--- /dev/null
+++ b/src/chrome/content/rules/iweb.co.uk.xml
@@ -0,0 +1,20 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://dfblog.iweb.co.uk/ => https://dfblog.iweb.co.uk/: (35, 'error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol')
+
+-->
+<ruleset name="iWeb.co.uk" default_off="failed ruleset test">
+
+	<target host="iweb.co.uk" />
+	<target host="dfblog.iweb.co.uk" />
+	<target host="www.iweb.co.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/iwill.org.uk.xml b/src/chrome/content/rules/iwill.org.uk.xml
new file mode 100644
index 000000000000..95eb8a02610f
--- /dev/null
+++ b/src/chrome/content/rules/iwill.org.uk.xml
@@ -0,0 +1,41 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- iwill.org.uk
+		- www.iwill.org.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css on education, www from $self
+
+		- Images, on:
+
+			- education from $self
+			- education from www.iwill.org.uk
+			- education from img.youtube.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="iwill.org.uk" default_off="mismatched" platform="mixedcontent">
+
+	<target host="iwill.org.uk" />
+	<target host="campaign.iwill.org.uk" />
+	<target host="education.iwill.org.uk" />
+	<target host="www.iwill.org.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?iwill\.org\.uk$" name="^(?:PHPSESSID|nf_wp_session)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ix.br.xml b/src/chrome/content/rules/ix.br.xml
new file mode 100644
index 000000000000..990cf6b1e0bc
--- /dev/null
+++ b/src/chrome/content/rules/ix.br.xml
@@ -0,0 +1,20 @@
+<!--
+	Nonfunctional hosts in *.ix.br:
+		- forum.ix.br (m)
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="ix.br">
+	<target host="ix.br" />
+	<target host="www.ix.br" />
+	<target host="kb.internal.ix.br" />
+	<target host="quarentena.internal.ix.br" />
+	<target host="meu.ix.br" />
+	<target host="my.ix.br" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ixIRC.xml b/src/chrome/content/rules/ixIRC.xml
new file mode 100644
index 000000000000..236a5fdfa9f1
--- /dev/null
+++ b/src/chrome/content/rules/ixIRC.xml
@@ -0,0 +1,7 @@
+<ruleset name="ixIRC">
+	<target host="ixirc.com" />
+	<target host="www.ixirc.com" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ixmaps.ca.xml b/src/chrome/content/rules/ixmaps.ca.xml
new file mode 100644
index 000000000000..d85ddf872d85
--- /dev/null
+++ b/src/chrome/content/rules/ixmaps.ca.xml
@@ -0,0 +1,13 @@
+<ruleset name="IXmaps.ca">
+
+	<target host="ixmaps.ca" />
+	<target host="www.ixmaps.ca" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/jacklmoore.com.xml b/src/chrome/content/rules/jacklmoore.com.xml
new file mode 100644
index 000000000000..60e947cadba3
--- /dev/null
+++ b/src/chrome/content/rules/jacklmoore.com.xml
@@ -0,0 +1,11 @@
+<!--
+	Problematic subdomains:
+		jacklmoore.com (certificate mismatch)
+-->
+<ruleset name="jacklmoore.com">
+	<target host="jacklmoore.com" />
+	<target host="www.jacklmoore.com" />
+
+	<rule from="^http://jacklmoore\.com/" to="https://www.jacklmoore.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/jacksonzoo.org.xml b/src/chrome/content/rules/jacksonzoo.org.xml
new file mode 100644
index 000000000000..00bb54271d28
--- /dev/null
+++ b/src/chrome/content/rules/jacksonzoo.org.xml
@@ -0,0 +1,12 @@
+<!--
+	Invalid certificate:
+		ftp.jacksonzoo.org
+		mail.jacksonzoo.org
+		webmail.jacksonzoo.org
+-->
+<ruleset name="jacksonzoo.org">
+	<target host="jacksonzoo.org" />
+	<target host="www.jacksonzoo.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/jacktrammellmusic.com.xml b/src/chrome/content/rules/jacktrammellmusic.com.xml
new file mode 100644
index 000000000000..a48099f3f830
--- /dev/null
+++ b/src/chrome/content/rules/jacktrammellmusic.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="jacktrammellmusic.com">
+	<target host="jacktrammellmusic.com" />
+	<target host="www.jacktrammellmusic.com" />
+	<target host="autodiscover.jacktrammellmusic.com" />
+	<target host="cpanel.jacktrammellmusic.com" />
+	<target host="webdisk.jacktrammellmusic.com" />
+	<target host="webmail.jacktrammellmusic.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/jaist.ac.jp.xml b/src/chrome/content/rules/jaist.ac.jp.xml
new file mode 100644
index 000000000000..40806789b0c9
--- /dev/null
+++ b/src/chrome/content/rules/jaist.ac.jp.xml
@@ -0,0 +1,10 @@
+<ruleset name="jaist.ac.jp">
+	<target host="jaist.ac.jp" />
+	<target host="www.jaist.ac.jp" />
+	<target host="fp.jaist.ac.jp" />
+	<target host="ftp.jaist.ac.jp" />
+	<target host="dspace.jaist.ac.jp" />
+	<target host="auth.jaist.ac.jp" />
+	<target host="web-mail.jaist.ac.jp" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/jamestown.org.xml b/src/chrome/content/rules/jamestown.org.xml
new file mode 100644
index 000000000000..eede90a2e5df
--- /dev/null
+++ b/src/chrome/content/rules/jamestown.org.xml
@@ -0,0 +1,6 @@
+<ruleset name="jamestown.org">
+	<target host="jamestown.org" />
+	<target host="www.jamestown.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/jankratochvil.net.xml b/src/chrome/content/rules/jankratochvil.net.xml
new file mode 100644
index 000000000000..00738d1022d9
--- /dev/null
+++ b/src/chrome/content/rules/jankratochvil.net.xml
@@ -0,0 +1,6 @@
+<ruleset name="jankratochvil.net">
+	<target host="jankratochvil.net" />
+	<target host="www.jankratochvil.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/jaoa.org.xml b/src/chrome/content/rules/jaoa.org.xml
new file mode 100644
index 000000000000..e455d999616b
--- /dev/null
+++ b/src/chrome/content/rules/jaoa.org.xml
@@ -0,0 +1,14 @@
+<!--
+	Refused:
+		sitemaster.jaoa.org
+
+-->
+<ruleset name="Journal of American Osteopathic Association" default_off="cert-chain">
+
+	<target host="jaoa.org" />
+	<target host="www.jaoa.org" />
+	<target host="store.jaoa.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/japlusu.com.xml b/src/chrome/content/rules/japlusu.com.xml
new file mode 100644
index 000000000000..a13920c6aa7e
--- /dev/null
+++ b/src/chrome/content/rules/japlusu.com.xml
@@ -0,0 +1,19 @@
+<!--
+2fwww.japlusu.com ¹
+app.japlusu.com ¹
+ns1.japlusu.com ¹
+play.japlusu.com ¹
+store.japlusu.com ¹
+webmail.japlusu.com ⁴
+m.japlusu.com ¹
+
+
+¹ mismatch
+⁴ self signed
+-->
+<ruleset name="japlusu.com">
+	<target host="japlusu.com" />
+	<target host="www.japlusu.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/jasonsmovieblog.com.xml b/src/chrome/content/rules/jasonsmovieblog.com.xml
new file mode 100644
index 000000000000..fce19addf7c5
--- /dev/null
+++ b/src/chrome/content/rules/jasonsmovieblog.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="Jasons Movie Blog.com">
+
+	<target host="jasonsmovieblog.com" />
+	<target host="www.jasonsmovieblog.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/jastusa.com.xml b/src/chrome/content/rules/jastusa.com.xml
new file mode 100644
index 000000000000..91b8821e0062
--- /dev/null
+++ b/src/chrome/content/rules/jastusa.com.xml
@@ -0,0 +1,31 @@
+<!--
+	Problematic hosts in *jastusa.com:
+
+		- blog ᵐ
+
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these domains:
+
+		- .jastusa.com
+
+-->
+<ruleset name="Jast USA.com (partial)">
+
+	<target host="jastusa.com" />
+	<target host="www.jastusa.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.jastusa\.com$" name="^frontend$" /-->
+
+	<securecookie host="^\w" name=".+" />
+	<securecookie host="^\." name="^frontend$" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/jauce.com.xml b/src/chrome/content/rules/jauce.com.xml
new file mode 100644
index 000000000000..25a68b17e215
--- /dev/null
+++ b/src/chrome/content/rules/jauce.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="jauce.com">
+	<target host="jauce.com" />
+	<target host="www.jauce.com" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/javaops.ru.xml b/src/chrome/content/rules/javaops.ru.xml
new file mode 100644
index 000000000000..978162303799
--- /dev/null
+++ b/src/chrome/content/rules/javaops.ru.xml
@@ -0,0 +1,10 @@
+<!--
+	Invalid certificate:
+		mail.javaops.ru
+-->
+<ruleset name="javaops.ru">
+	<target host="javaops.ru" />
+	<target host="www.javaops.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/javascript.ru.xml b/src/chrome/content/rules/javascript.ru.xml
new file mode 100644
index 000000000000..1b13f6046082
--- /dev/null
+++ b/src/chrome/content/rules/javascript.ru.xml
@@ -0,0 +1,19 @@
+<!--
+	Expired:
+		- slack
+
+	Mismatched:
+		- follow (mandrillapp.com)
+-->
+
+<ruleset name="javascript.ru">
+	<target host="javascript.ru" />
+	<target host="www.javascript.ru" />
+	<target host="es5.javascript.ru" />
+	<target host="forum.javascript.ru" />
+	<target host="learn.javascript.ru" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/javascriptobfuscator.com.xml b/src/chrome/content/rules/javascriptobfuscator.com.xml
new file mode 100644
index 000000000000..88e7247648a2
--- /dev/null
+++ b/src/chrome/content/rules/javascriptobfuscator.com.xml
@@ -0,0 +1,18 @@
+<!--
+	For other CuteSoft Components coverage, see cutesoft.net.xml.
+
+-->
+<ruleset name="Javascript Obfuscator.com">
+
+	<target host="javascriptobfuscator.com" />
+	<target host="www.javascriptobfuscator.com" />
+
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/jbox.com.xml b/src/chrome/content/rules/jbox.com.xml
new file mode 100644
index 000000000000..0f1a5abc4ddc
--- /dev/null
+++ b/src/chrome/content/rules/jbox.com.xml
@@ -0,0 +1,27 @@
+<!--
+	For other J-List coverage, see JList.com.xml.
+
+
+	Insecure cookies are set for these domains:
+
+		- .jbox.com
+
+-->
+<ruleset name="JBox.com">
+
+	<target host="jbox.com" />
+	<target host="www.jbox.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.jbox\.com$" name="^frontend$" /-->
+
+	<securecookie host="^\w" name=".+" />
+	<securecookie host="^\." name="^frontend$" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/jdi-solutions.co.uk.xml b/src/chrome/content/rules/jdi-solutions.co.uk.xml
new file mode 100644
index 000000000000..caec75610a5c
--- /dev/null
+++ b/src/chrome/content/rules/jdi-solutions.co.uk.xml
@@ -0,0 +1,13 @@
+<ruleset name="JDi-Solutions.co.uk">
+
+	<target host="jdi-solutions.co.uk" />
+	<target host="www.jdi-solutions.co.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/jdownloader.org.xml b/src/chrome/content/rules/jdownloader.org.xml
new file mode 100644
index 000000000000..82594f916ef1
--- /dev/null
+++ b/src/chrome/content/rules/jdownloader.org.xml
@@ -0,0 +1,45 @@
+<!--
+	Nonfunctional hosts in *jdownloader.org:
+
+		- (www.)? ʳ
+		- beta ʳ
+		- dev ʳ
+		- installer ʳ
+
+	ʳ Refused
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- board.jdownloader.org
+		- support.jdownloader.org
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Image on support from beta.jdownloader.org ʳ
+
+	ʳ Unsecurable <= connection refused
+
+-->
+<ruleset name="JDownloader.org (partial)">
+
+	<target host="board.jdownloader.org" />
+	<target host="my.jdownloader.org" />
+	<target host="support.jdownloader.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^board\.jdownloader\.org$" name="^bbsessionhash$" /-->
+	<!--securecookie host="^support\.jdownloader\.org$" name="^SWIFT_(?:client|sessionid40)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/jedec.org.xml b/src/chrome/content/rules/jedec.org.xml
new file mode 100644
index 000000000000..f123cec3d4c3
--- /dev/null
+++ b/src/chrome/content/rules/jedec.org.xml
@@ -0,0 +1,24 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .jedec.org
+
+-->
+<ruleset name="JEDEC.org">
+
+	<target host="jedec.org" />
+	<target host="www.jedec.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.jedec\.org$" name="^SESS[\da-f]{32}$" /-->
+
+	<securecookie host="^\." name="^SESS" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/jeded.com.xml b/src/chrome/content/rules/jeded.com.xml
new file mode 100644
index 000000000000..341f1277cfcc
--- /dev/null
+++ b/src/chrome/content/rules/jeded.com.xml
@@ -0,0 +1,21 @@
+<!--
+	NB: p://www resdirects to s://www 404
+	?=> fetch check failure
+
+-->
+<ruleset name="Jeded.com">
+
+	<target host="jeded.com" />
+	<target host="i.jeded.com" />
+	<target host="identity.jeded.com" />
+	<target host="www.jeded.com" />
+
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/jekyllrb.com.xml b/src/chrome/content/rules/jekyllrb.com.xml
new file mode 100644
index 000000000000..3a4123d38789
--- /dev/null
+++ b/src/chrome/content/rules/jekyllrb.com.xml
@@ -0,0 +1,15 @@
+<ruleset name="Jekyll">
+
+	<target host="jekyllrb.com" />
+	<target host="talk.jekyllrb.com" />
+	<target host="www.jekyllrb.com" />
+
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/jeman.de.xml b/src/chrome/content/rules/jeman.de.xml
new file mode 100644
index 000000000000..505c81a1a118
--- /dev/null
+++ b/src/chrome/content/rules/jeman.de.xml
@@ -0,0 +1,12 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://jeman.de/ => https://jeman.de/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="jeman.de" default_off="failed ruleset test">
+        <target host="jeman.de" />
+
+        <rule from="^http:"
+                to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/jenkins.io.xml b/src/chrome/content/rules/jenkins.io.xml
new file mode 100644
index 000000000000..be5a521c2803
--- /dev/null
+++ b/src/chrome/content/rules/jenkins.io.xml
@@ -0,0 +1,41 @@
+<!--
+	Invalid certificate:
+	  nginx.azure.jenkins.io
+	  azure.ci.jenkins.io
+	  lettuce.jenkins.io
+	  mirrors.jenkins.io
+
+	Refused:
+	  release.ci.jenkins.io
+	  release.repo.jenkins.io
+
+	Timeout:
+	  ldap.jenkins.io
+-->
+<ruleset name="jenkins.io">
+
+	<target host="jenkins.io" />
+	<target host="www.jenkins.io" />
+	<target host="accounts.jenkins.io" />
+	<target host="repo.azure.jenkins.io" />
+	<target host="updates.azure.jenkins.io" />
+	<target host="ci.jenkins.io" />
+	<target host="evergreen.jenkins.io" />
+	<target host="issues.jenkins.io" />
+	<target host="javadoc.jenkins.io" />
+	<target host="pkg.jenkins.io" />
+	<target host="plugins.jenkins.io" />
+	<target host="rating.jenkins.io" />
+		<test url="http://rating.jenkins.io/rate/result.php" />
+	<target host="reports.jenkins.io" />
+	<target host="stats.jenkins.io" />
+	<target host="updates.jenkins.io" />
+	<target host="uplink.jenkins.io" />
+	<target host="usage.jenkins.io" />
+	<target host="wiki.jenkins.io" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/jeremyeder.com.xml b/src/chrome/content/rules/jeremyeder.com.xml
new file mode 100644
index 000000000000..a39ac7e7d5df
--- /dev/null
+++ b/src/chrome/content/rules/jeremyeder.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="jeremyeder.com">
+	<target host="jeremyeder.com" />
+	<target host="www.jeremyeder.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/jeremyheminger.com.xml b/src/chrome/content/rules/jeremyheminger.com.xml
new file mode 100644
index 000000000000..491086d1036e
--- /dev/null
+++ b/src/chrome/content/rules/jeremyheminger.com.xml
@@ -0,0 +1,23 @@
+<!--
+	Invalid certificate:
+		adftw.jeremyheminger.com
+-->
+<ruleset name="jeremyheminger.com">
+	<target host="jeremyheminger.com" />
+	<target host="www.jeremyheminger.com" />
+	<target host="autodiscover.jeremyheminger.com" />
+	<target host="cpanel.jeremyheminger.com" />
+	<target host="demo.jeremyheminger.com" />
+	<target host="www.demo.jeremyheminger.com" />
+	<target host="phone.jeremyheminger.com" />
+	<target host="www.phone.jeremyheminger.com" />
+	<target host="tst.jeremyheminger.com" />
+	<target host="www.tst.jeremyheminger.com" />
+	<target host="ug.jeremyheminger.com" />
+	<target host="webdisk.jeremyheminger.com" />
+	<target host="webmail.jeremyheminger.com" />
+	<target host="wesmantooth.jeremyheminger.com" />
+	<target host="www.wesmantooth.jeremyheminger.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/jeremymorgan.com.xml b/src/chrome/content/rules/jeremymorgan.com.xml
new file mode 100644
index 000000000000..0d982b14f02b
--- /dev/null
+++ b/src/chrome/content/rules/jeremymorgan.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="Jeremy Morgan.com">
+
+	<target host="jeremymorgan.com" />
+	<target host="www.jeremymorgan.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/jetlaggin.com.xml b/src/chrome/content/rules/jetlaggin.com.xml
new file mode 100644
index 000000000000..c09e0caae121
--- /dev/null
+++ b/src/chrome/content/rules/jetlaggin.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="jetlaggin.com" platform="mixedcontent">
+	<target host="jetlaggin.com" />
+	<target host="www.jetlaggin.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/jetstar.com.xml b/src/chrome/content/rules/jetstar.com.xml
new file mode 100644
index 000000000000..dbd1fb20e956
--- /dev/null
+++ b/src/chrome/content/rules/jetstar.com.xml
@@ -0,0 +1,53 @@
+<!--
+	Nonfunctional hosts in *.jetstar.com:
+		- jetstar.com (t)
+		- 3kroc.jetstar.com (t)
+		- blog.jetstar.com (m)
+		- booking.jetstar.com (h)
+		- careers.jetstar.com (m)
+		- cruises.jetstar.com (i)
+		- email.jetstar.com (m)
+		- japan-store.jetstar.com (r)
+		- jq-prod-cd.jetstar.com (h)
+		- newsroom.jetstar.com (m)
+		- origin2.jetstar.com (h)
+		- ski-holidays.jetstar.com (r)
+		- starkids.jetstar.com (m)
+		- tour.jetstar.com (r)
+		- tourp.jetstar.com (m)
+		- wifi.jetstar.com (m)
+		- widgets.jetstar.com (h)
+		- www.ski-holidays.jetstar.com (r)
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+	i: incomplete certificate chain
+-->
+<ruleset name="Jetstar Airways">
+	<target host="www.jetstar.com" />
+	<target host="agenthub.jetstar.com" />
+	<target host="book.jetstar.com" />
+	<target host="booknow.jetstar.com" />
+	<target host="campaign.jetstar.com" />
+	<target host="checkin.jetstar.com" />
+	<target host="customerpanel.jetstar.com" />
+	<target host="hkcampaign.jetstar.com" />
+	<target host="hotels.jetstar.com" />
+	<target host="jp.customerpanel.jetstar.com" />
+	<target host="leisuretravelhub.jetstar.com" />
+	<target host="m.jetstar.com" />
+	<target host="media1.jetstar.com" />
+	<target host="media2.jetstar.com" />
+	<target host="media3.jetstar.com" />
+	<target host="redev-uat.jetstar.com" />
+	<target host="roc.jetstar.com" />
+	<target host="secureauth.jetstar.com" />
+	<target host="ssl.jetstar.com" />
+	<target host="static.jetstar.com" />
+	<target host="travelhub.jetstar.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/jewishvirtuallibrary.org.xml b/src/chrome/content/rules/jewishvirtuallibrary.org.xml
new file mode 100644
index 000000000000..02e5d77b6e3b
--- /dev/null
+++ b/src/chrome/content/rules/jewishvirtuallibrary.org.xml
@@ -0,0 +1,13 @@
+<ruleset name="Jewish Virtual Library.org">
+
+	<target host="jewishvirtuallibrary.org" />
+	<target host="www.jewishvirtuallibrary.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/jibbed.org.xml b/src/chrome/content/rules/jibbed.org.xml
new file mode 100644
index 000000000000..577d8e4e3c65
--- /dev/null
+++ b/src/chrome/content/rules/jibbed.org.xml
@@ -0,0 +1,13 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://jibbed.org/ => https://jibbed.org/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://dus.jibbed.org/ => https://dus.jibbed.org/: (7, 'Failed to connect to dus.jibbed.org port 443: Connection timed out')
+
+-->
+<ruleset name="jibbed.org" default_off="failed ruleset test">
+	<target host="jibbed.org" />
+	<target host="www.jibbed.org" />
+	<target host="dus.jibbed.org" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/jiri-dvorak.cz.xml b/src/chrome/content/rules/jiri-dvorak.cz.xml
new file mode 100644
index 000000000000..1d8c1a53c388
--- /dev/null
+++ b/src/chrome/content/rules/jiri-dvorak.cz.xml
@@ -0,0 +1,18 @@
+<!--
+	Redirect to HTTP:
+		subdomeny.jiri-dvorak.cz
+		www.subdomeny.jiri-dvorak.cz
+
+	Time out:
+		mail.jiri-dvorak.cz
+-->
+<ruleset name="jiri-dvorak.cz">
+	<target host="jiri-dvorak.cz" />
+	<target host="www.jiri-dvorak.cz" />
+	<target host="experiment.jiri-dvorak.cz" />
+	<target host="www.experiment.jiri-dvorak.cz" />
+	<target host="virtuallab.jiri-dvorak.cz" />
+	<target host="www.virtuallab.jiri-dvorak.cz" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/jklakshmicement.com.xml b/src/chrome/content/rules/jklakshmicement.com.xml
new file mode 100644
index 000000000000..2c1fa7914a2f
--- /dev/null
+++ b/src/chrome/content/rules/jklakshmicement.com.xml
@@ -0,0 +1,11 @@
+<!--
+	Invalid certificate:
+		ftp.jklakshmicement.com
+-->
+<ruleset name="jklakshmicement.com">
+	<target host="jklakshmicement.com" />
+	<target host="www.jklakshmicement.com" />
+	<target host="mail.jklakshmicement.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/jm.com.xml b/src/chrome/content/rules/jm.com.xml
new file mode 100644
index 000000000000..9e75053ae018
--- /dev/null
+++ b/src/chrome/content/rules/jm.com.xml
@@ -0,0 +1,71 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://e-commerce.jm.com/ => https://e-commerce.jm.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	Johns Manville
+
+	Other Johns Manville rulesets:
+
+
+
+	^jm.com: Dropped
+	www.jm.com: 504
+
+
+	Problematic hosts in *jm.com:
+
+		- media ᴬ
+		- msds ᶜ
+		- my ᶜ
+		- www2 ᵐ
+
+	ᴬ Akamai / mismatched
+	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
+	ᵐ Pardot / mismatched
+
+-->
+<ruleset name="JM.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="e-commerce.jm.com" />
+	<!--target host="msds.jm.com" /-->
+	<!--target host="my.jm.com" /-->
+
+	<!--	Complications:
+				-->
+	<target host="www2.jm.com" />
+
+		<exclusion pattern="^http://www2\.jm\.com/(?!/*[el]/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www2.jm.com/bursi_signup" />
+			<test url="http://www2.jm.com/commercial-roofing/contact-form" />
+			<test url="http://www2.jm.com/contact/general" />
+			<test url="http://www2.jm.com/info_update" />
+			<test url="http://www2.jm.com/mechblogsubscribe" />
+			<test url="http://www2.jm.com/ww/lowes/ins-acc" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www2.jm.com/l/84262/2016-06-09/4x82gr" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.jm\.com$" name="^JSESSIONID$" /-->
+	<!--securecookie host="^e-commerce\.jm\.com$" name="^(?:JSESSIONID|saplb_\*)$" /-->
+	<!--securecookie host="^msds\.jm\.com$" name="^(?:PortalAlias$|X-Mapping-|saplb_\*$)" /-->
+
+	<securecookie host="^(?!www2\.)\w" name=".+" />
+
+
+	<rule from="^http://www2\.jm\.com/"
+		to="https://go.pardot.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/jma.go.jp.xml b/src/chrome/content/rules/jma.go.jp.xml
new file mode 100644
index 000000000000..ee73030747e1
--- /dev/null
+++ b/src/chrome/content/rules/jma.go.jp.xml
@@ -0,0 +1,7 @@
+<ruleset name="Japan Meteorological Agency">
+	<target host="www.jma.go.jp" />
+	<target host="www.data.jma.go.jp" />
+	<target host="ds.data.jma.go.jp" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/jmd4you.de.xml b/src/chrome/content/rules/jmd4you.de.xml
new file mode 100644
index 000000000000..b10c89a2ba93
--- /dev/null
+++ b/src/chrome/content/rules/jmd4you.de.xml
@@ -0,0 +1,17 @@
+<!--
+	This domain contains a wildcard DNS record.
+
+	Invalid certificate:
+		pop.jmd4you.de
+		preview.jmd4you.de
+		ww.jmd4you.de
+-->
+<ruleset name="jmd4you.de">
+
+	<target host="jmd4you.de" />
+	<target host="www.jmd4you.de" />
+	<target host="livechat.jmd4you.de" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/jmsustainability.com.xml b/src/chrome/content/rules/jmsustainability.com.xml
new file mode 100644
index 000000000000..1d393d1d638f
--- /dev/null
+++ b/src/chrome/content/rules/jmsustainability.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="jmsustainability.com">
+  <target host="jmsustainability.com" />
+	<target host="www.jmsustainability.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/joanganzcooneycenter.org.xml b/src/chrome/content/rules/joanganzcooneycenter.org.xml
new file mode 100644
index 000000000000..a65290932f84
--- /dev/null
+++ b/src/chrome/content/rules/joanganzcooneycenter.org.xml
@@ -0,0 +1,10 @@
+<!--
+	Time out:
+		old.joanganzcooneycenter.org
+-->
+<ruleset name="joanganzcooneycenter.org">
+	<target host="joanganzcooneycenter.org" />
+	<target host="www.joanganzcooneycenter.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/jobcorps.gov-resources.xml b/src/chrome/content/rules/jobcorps.gov-resources.xml
new file mode 100644
index 000000000000..5c56e574da12
--- /dev/null
+++ b/src/chrome/content/rules/jobcorps.gov-resources.xml
@@ -0,0 +1,67 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://jobcorps.gov/App_Themes/InstDOL/Images/div_navigation.gif => https://jobcorps.gov/App_Themes/InstDOL/Images/div_navigation.gif: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://jobcorps.gov/Images/bullet-red.gif => https://jobcorps.gov/Images/bullet-red.gif: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://jobcorps.gov/Libraries/images/facebook.sflb => https://jobcorps.gov/Libraries/images/facebook.sflb: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.jobcorps.gov/WebResource.axd?d=X5bA0568gE9VOzp2sf-XW0qMAgbBbttMsCHyfAR0SUTePT4RwxuIlSPS8CHTrB2_vPErbeG6FUnEsJ3mhcT40XsY9m81&t=635670845692656250 => https://www.jobcorps.gov/WebResource.axd?d=X5bA0568gE9VOzp2sf-XW0qMAgbBbttMsCHyfAR0SUTePT4RwxuIlSPS8CHTrB2_vPErbeG6FUnEsJ3mhcT40XsY9m81&t=635670845692656250: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.jobcorps.gov/favicon.ico => https://www.jobcorps.gov/favicon.ico: (60, 'SSL certificate problem: certificate has expired')
+
+	For rules covering more than resources, see jobcorps.gov.xml.
+
+
+	Note: platform is so as not to increase non-Tor
+	distinguishability, given that no pages are covered
+	and no mixed content secured.
+
+-->
+<ruleset name="Job Corps.gov (resources)" platform="mixedcontent" default_off="failed ruleset test">
+
+	<target host="jobcorps.gov" />
+	<target host="www.jobcorps.gov" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://(?:www\.)?jobcorps\.gov/(?:AboutJobCorps|contact|employment|faq|foia|home|youth)\.aspx" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://(?:www\.)?jobcorps\.gov/(?!/*(?:[Aa]pp_[Tt]hemes/|[Ii]mages/|[Ll]ibraries/(?:[Ii]mages|[Pp]df)/|WebResource\.axd|favicon\.ico))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://jobcorps.gov/AboutJobCorps.aspx" />
+			<test url="http://jobcorps.gov/contact.aspx" />
+			<test url="http://jobcorps.gov/employment.aspx" />
+			<test url="http://www.jobcorps.gov/faq.aspx" />
+			<test url="http://www.jobcorps.gov/foia.aspx" />
+			<test url="http://www.jobcorps.gov/home.aspx" />
+			<test url="http://www.jobcorps.gov/youth.aspx" />
+
+			<!--	-ve:
+					-->
+			<test url="http://jobcorps.gov/App_Themes/InstDOL/Images/div_navigation.gif" />
+			<test url="http://jobcorps.gov/Images/bullet-red.gif" />
+			<test url="http://jobcorps.gov/Libraries/images/facebook.sflb" />
+			<test url="http://www.jobcorps.gov/WebResource.axd?d=X5bA0568gE9VOzp2sf-XW0qMAgbBbttMsCHyfAR0SUTePT4RwxuIlSPS8CHTrB2_vPErbeG6FUnEsJ3mhcT40XsY9m81&amp;t=635670845692656250" />
+			<test url="http://www.jobcorps.gov/favicon.ico" />
+
+		<!--	Avoid possible flash policy problems:
+								-->
+		<exclusion pattern="^http://(?:www\.)?jobcorps\.gov/.+\.(?:js|json|swf)(?:$|\?)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://jobcorps.gov/App_Themes/main.js" />
+			<test url="http://jobcorps.gov/App_Themes/script.js" />
+			<test url="http://jobcorps.gov/Images/omsMapPresentation.swf" />
+			<test url="http://jobcorps.gov/Images/shrivcommWeb.swf" />
+			<test url="http://www.jobcorps.gov/App_Themes/script.js" />
+			<test url="http://www.jobcorps.gov/Images/omsMapPresentation.swf" />
+			<test url="http://www.jobcorps.gov/Images/shrivcommWeb.swf" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/jobcorps.gov.xml b/src/chrome/content/rules/jobcorps.gov.xml
new file mode 100644
index 000000000000..317f3fc85954
--- /dev/null
+++ b/src/chrome/content/rules/jobcorps.gov.xml
@@ -0,0 +1,68 @@
+<!--
+	For rules covering resources which do not secure
+	mixed content, see jobcorps.gov-resources.xml.
+
+
+
+	Mixed content:
+
+		- css on recruiting from fonts.googleapis.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Job Corps.gov (partial)">
+
+	<!--target host="jobcorps.gov" /-->
+	<target host="recruiting.jobcorps.gov" />
+	<target host="supportservices.jobcorps.gov" />
+	<!--target host="www.jobcorps.gov" /-->
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://(?:www\.)?jobcorps\.gov/(?:AboutJobCorps|contact|employment|faq|foia|home|youth)\.aspx" /-->
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="^http://(?:www\.)?jobcorps\.gov/(?!/*(?:[Aa]pp_[Tt]hemes/|[Ii]mages/|[Ll]ibraries/(?:[Ii]mages|[Pp]df)/|WebResource\.axd|favicon\.ico))" /-->
+
+			<!--	+ve:
+					-->
+			<!--test url="http://jobcorps.gov/AboutJobCorps.aspx" /-->
+			<!--test url="http://jobcorps.gov/contact.aspx" /-->
+			<!--test url="http://jobcorps.gov/employment.aspx" /-->
+			<!--test url="http://www.jobcorps.gov/faq.aspx" /-->
+			<!--test url="http://www.jobcorps.gov/foia.aspx" /-->
+			<!--test url="http://www.jobcorps.gov/home.aspx" /-->
+			<!--test url="http://www.jobcorps.gov/youth.aspx" /-->
+
+			<!--	-ve:
+					-->
+			<!--test url="http://jobcorps.gov/App_Themes/InstDOL/Images/div_navigation.gif" /-->
+			<!--test url="http://jobcorps.gov/Images/bullet-red.gif" /-->
+			<!--test url="http://jobcorps.gov/Libraries/images/facebook.sflb" /-->
+			<!--test url="http://www.jobcorps.gov/WebResource.axd?d=X5bA0568gE9VOzp2sf-XW0qMAgbBbttMsCHyfAR0SUTePT4RwxuIlSPS8CHTrB2_vPErbeG6FUnEsJ3mhcT40XsY9m81&amp;t=635670845692656250" /-->
+			<!--test url="http://www.jobcorps.gov/favicon.ico" /-->
+
+		<!--	Avoid possible flash policy problems:
+								-->
+		<!--exclusion pattern="^http://(?:www\.)?jobcorps\.gov/.+\.(?:js|json|swf)(?:$|\?)" /-->
+
+			<!--	+ve:
+					-->
+			<!--test url="http://jobcorps.gov/App_Themes/main.js" /-->
+			<!--test url="http://jobcorps.gov/App_Themes/script.js" /-->
+			<!--test url="http://jobcorps.gov/Images/omsMapPresentation.swf" /-->
+			<!--test url="http://jobcorps.gov/Images/shrivcommWeb.swf" /-->
+			<!--test url="http://www.jobcorps.gov/App_Themes/script.js" /-->
+			<!--test url="http://www.jobcorps.gov/Images/omsMapPresentation.swf" /-->
+			<!--test url="http://www.jobcorps.gov/Images/shrivcommWeb.swf" /-->
+
+
+	<securecookie host="^[^.jw]" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/jobs.gov.hk.xml b/src/chrome/content/rules/jobs.gov.hk.xml
new file mode 100644
index 000000000000..e325739d01d0
--- /dev/null
+++ b/src/chrome/content/rules/jobs.gov.hk.xml
@@ -0,0 +1,20 @@
+<!--
+	For other HK government coverage, see GovHK.xml.
+
+	Non-functional hosts
+		Timeout was reached:
+			 - sc1.jobs.gov.hk
+			 - sc2.jobs.gov.hk
+			 - www.vst.jobs.gov.hk
+			 - www1.vst.jobs.gov.hk
+-->
+<ruleset name="Interactive Employment Service Labour Department (HKSARG)">
+	<target host="www.jobs.gov.hk" />
+	<target host="www1.jobs.gov.hk" />
+	<target host="www2.jobs.gov.hk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+	      	to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/joejulian.name.xml b/src/chrome/content/rules/joejulian.name.xml
new file mode 100644
index 000000000000..8a8e5305bcbd
--- /dev/null
+++ b/src/chrome/content/rules/joejulian.name.xml
@@ -0,0 +1,19 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://www.joejulian.name/ (200) => https://www.joejulian.name/ (400)
+
+-->
+<ruleset name="Joe Julian.name" default_off="failed ruleset test">
+
+	<target host="joejulian.name" />
+	<target host="www.joejulian.name" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/jolicloud.com.xml b/src/chrome/content/rules/jolicloud.com.xml
new file mode 100644
index 000000000000..eac851ffd90a
--- /dev/null
+++ b/src/chrome/content/rules/jolicloud.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="jolicloud.com">
+	<target host="jolicloud.com" />
+	<target host="www.jolicloud.com" />
+	<target host="drive.jolicloud.com" />
+	<target host="blog.jolicloud.com" />
+	<target host="home.jolicloud.com" />
+	<target host="my.jolicloud.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/jollyrogerpark.com.xml b/src/chrome/content/rules/jollyrogerpark.com.xml
new file mode 100644
index 000000000000..1df1d0fd0e82
--- /dev/null
+++ b/src/chrome/content/rules/jollyrogerpark.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="Jolly Roger Amusement Park">
+
+	<target host="jollyrogerpark.com" />
+	<target host="www.jollyrogerpark.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/jomsocial.com.xml b/src/chrome/content/rules/jomsocial.com.xml
new file mode 100644
index 000000000000..1a28a0422a30
--- /dev/null
+++ b/src/chrome/content/rules/jomsocial.com.xml
@@ -0,0 +1,27 @@
+<!--
+	Invalid certificate:
+		news.jomsocial.com
+		www.demo.jomsocial.com
+
+	Refused:
+		localhost.jomsocial.com
+
+	Time out:
+		webmail.jomsocial.com
+-->
+<ruleset name="jomsocial.com">
+	<target host="jomsocial.com" />
+	<target host="www.jomsocial.com" />
+	<target host="demo.jomsocial.com" />
+	<target host="autodiscover.demo.jomsocial.com" />
+	<target host="cpanel.demo.jomsocial.com" />
+	<target host="js-socialize.demo.jomsocial.com" />
+	<target host="mail.demo.jomsocial.com" />
+	<target host="webdisk.demo.jomsocial.com" />
+	<target host="webmail.demo.jomsocial.com" />
+	<target host="documentation.jomsocial.com" />
+	<target host="ref.jomsocial.com" />
+	<target host="socialize.jomsocial.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/jonasboserup.dk.xml b/src/chrome/content/rules/jonasboserup.dk.xml
new file mode 100644
index 000000000000..249dcfa8ef3d
--- /dev/null
+++ b/src/chrome/content/rules/jonasboserup.dk.xml
@@ -0,0 +1,6 @@
+<ruleset name="jonasboserup.dk">
+	<target host="jonasboserup.dk" />
+	<target host="www.jonasboserup.dk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/joomla-security.de.xml b/src/chrome/content/rules/joomla-security.de.xml
new file mode 100644
index 000000000000..d12bcfb51e1b
--- /dev/null
+++ b/src/chrome/content/rules/joomla-security.de.xml
@@ -0,0 +1,7 @@
+<ruleset name="joomla-security.de">
+	<target host="joomla-security.de" />
+	<target host="www.joomla-security.de" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/joomlainfo.ch.xml b/src/chrome/content/rules/joomlainfo.ch.xml
new file mode 100644
index 000000000000..ec3cc9237dad
--- /dev/null
+++ b/src/chrome/content/rules/joomlainfo.ch.xml
@@ -0,0 +1,10 @@
+<ruleset name="joomlainfo.ch">
+	<target host="joomlainfo.ch" />
+	<target host="www.joomlainfo.ch" />
+	<target host="cdn-media.joomlainfo.ch" />
+
+	<rule from="^http://cdn-media\.joomlainfo\.ch/"
+		to="https://www.joomlainfo.ch/" />
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/josipfranjkovic.com.xml b/src/chrome/content/rules/josipfranjkovic.com.xml
new file mode 100644
index 000000000000..2161157a7e60
--- /dev/null
+++ b/src/chrome/content/rules/josipfranjkovic.com.xml
@@ -0,0 +1,14 @@
+<ruleset name="Josip Franjkovic.com">
+
+	<target host="josipfranjkovic.com" />
+	<target host="www.josipfranjkovic.com" />
+
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/joxi.net.xml b/src/chrome/content/rules/joxi.net.xml
new file mode 100644
index 000000000000..16dbf205fb13
--- /dev/null
+++ b/src/chrome/content/rules/joxi.net.xml
@@ -0,0 +1,15 @@
+<!--
+	Invalid certificate:
+		mail.joxi.net
+-->
+<ruleset name="joxi.net">
+	<target host="joxi.net" />
+	<target host="www.joxi.net" />
+	<target host="api.joxi.net" />
+	<target host="dl1.joxi.net" />
+	<target host="dl2.joxi.net" />
+	<target host="dl3.joxi.net" />
+	<target host="dl4.joxi.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/joycasino.com.xml b/src/chrome/content/rules/joycasino.com.xml
new file mode 100644
index 000000000000..805a872754b0
--- /dev/null
+++ b/src/chrome/content/rules/joycasino.com.xml
@@ -0,0 +1,122 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://joycasino.info/ => https://joycasino.info/: (7, 'Failed to connect to joycasino.info port 443: Connection refused')
+Fetch error: http://joycazino.com/ => https://joycazino.com/: (51, "SSL: no alternative certificate subject name matches target host name 'joycazino.com'")
+Fetch error: http://joykazino.com/ => https://joykazino.com/: Too many redirects while fetching 'https://joykazino.com/'
+Non-2xx HTTP code: http://www.10joycasino.com/ (200) => https://www.10joycasino.com/ (520)
+Non-2xx HTTP code: http://www.11joycasino.com/ (200) => https://www.11joycasino.com/ (520)
+Non-2xx HTTP code: http://www.12joycasino.com/ (200) => https://www.12joycasino.com/ (520)
+Non-2xx HTTP code: http://www.13joycasino.com/ (200) => https://www.13joycasino.com/ (520)
+Non-2xx HTTP code: http://www.2joycasino.com/ (200) => https://www.2joycasino.com/ (520)
+Non-2xx HTTP code: http://www.3joycasino.com/ (200) => https://www.3joycasino.com/ (520)
+Non-2xx HTTP code: http://www.4joycasino.com/ (200) => https://www.4joycasino.com/ (520)
+Non-2xx HTTP code: http://www.5joycasino.com/ (200) => https://www.5joycasino.com/ (520)
+Non-2xx HTTP code: http://www.6joycasino.com/ (200) => https://www.6joycasino.com/ (520)
+Non-2xx HTTP code: http://www.7joycasino.com/ (200) => https://www.7joycasino.com/ (520)
+Non-2xx HTTP code: http://www.8joycasino.com/ (200) => https://www.8joycasino.com/ (520)
+Non-2xx HTTP code: http://www.9joycasino.com/ (200) => https://www.9joycasino.com/ (520)
+Non-2xx HTTP code: http://www.joy-kasino.com/ (200) => https://www.joy-kasino.com/ (520)
+Fetch error: http://www.joycasino.info/ => https://www.joycasino.info/: (7, 'Failed to connect to www.joycasino.info port 443: Connection refused')
+Non-2xx HTTP code: http://www.joycasino0.com/ (200) => https://www.joycasino0.com/ (520)
+Non-2xx HTTP code: http://www.joycasino1.com/ (200) => https://www.joycasino1.com/ (520)
+Non-2xx HTTP code: http://www.joycasino10.com/ (200) => https://www.joycasino10.com/ (520)
+Non-2xx HTTP code: http://www.joycasino11.com/ (200) => https://www.joycasino11.com/ (520)
+Non-2xx HTTP code: http://www.joycasino12.com/ (200) => https://www.joycasino12.com/ (520)
+Non-2xx HTTP code: http://www.joycasino13.com/ (200) => https://www.joycasino13.com/ (520)
+Non-2xx HTTP code: http://www.joycasino14.com/ (200) => https://www.joycasino14.com/ (520)
+Non-2xx HTTP code: http://www.joycasino2.com/ (200) => https://www.joycasino2.com/ (520)
+Non-2xx HTTP code: http://www.joycasino3.com/ (200) => https://www.joycasino3.com/ (520)
+Non-2xx HTTP code: http://www.joycasino4.com/ (200) => https://www.joycasino4.com/ (520)
+Non-2xx HTTP code: http://www.joycasino5.com/ (200) => https://www.joycasino5.com/ (520)
+Non-2xx HTTP code: http://www.joycasino6.com/ (200) => https://www.joycasino6.com/ (520)
+Non-2xx HTTP code: http://www.joycasino7.com/ (200) => https://www.joycasino7.com/ (520)
+Non-2xx HTTP code: http://www.joycasino777.co/ (200) => https://www.joycasino777.co/ (520)
+Non-2xx HTTP code: http://www.joycasino777.net/ (200) => https://www.joycasino777.net/ (520)
+Non-2xx HTTP code: http://www.joycasino8.com/ (200) => https://www.joycasino8.com/ (520)
+Fetch error: http://www.joycazino.com/ => https://joycazino.com/: (51, "SSL: no alternative certificate subject name matches target host name 'joycazino.com'")
+Fetch error: http://www.joykazino.com/ => https://joykazino.com/: Too many redirects while fetching 'https://joykazino.com/'
+www.joy-cazino.com 520
+www.joy-kazino.com 520
+www.joycazino.com mismatch
+www.joykazino.com 520
+www.joycasino9.com 522-->
+<ruleset name="joycasino.com" default_off="failed ruleset test">
+	<target host="10joycasino.com" />
+	<target host="11joycasino.com" />
+	<target host="12joycasino.com" />
+	<target host="13joycasino.com" />
+	<target host="2joycasino.com" />
+	<target host="3joycasino.com" />
+	<target host="4joycasino.com" />
+	<target host="5joycasino.com" />
+	<target host="6joycasino.com" />
+	<target host="7joycasino.com" />
+	<target host="8joycasino.com" />
+	<target host="9joycasino.com" />
+	<target host="joy-cazino.com" />
+	<target host="joy-kasino.com" />
+	<target host="joy-kazino.com" />
+	<target host="joycasino.com" />
+	<target host="joycasino.info" />
+	<target host="joycasino0.com" />
+	<target host="joycasino1.com" />
+	<target host="joycasino10.com" />
+	<target host="joycasino11.com" />
+	<target host="joycasino12.com" />
+	<target host="joycasino13.com" />
+	<target host="joycasino14.com" />
+	<target host="joycasino2.com" />
+	<target host="joycasino3.com" />
+	<target host="joycasino4.com" />
+	<target host="joycasino5.com" />
+	<target host="joycasino6.com" />
+	<target host="joycasino7.com" />
+	<target host="joycasino777.co" />
+	<target host="joycasino777.net" />
+	<target host="joycasino8.com" />
+	<target host="joycasino9.com" />
+	<target host="joycazino.com" />
+	<target host="joykazino.com" />
+	<target host="www.10joycasino.com" />
+	<target host="www.11joycasino.com" />
+	<target host="www.12joycasino.com" />
+	<target host="www.13joycasino.com" />
+	<target host="www.2joycasino.com" />
+	<target host="www.3joycasino.com" />
+	<target host="www.4joycasino.com" />
+	<target host="www.5joycasino.com" />
+	<target host="www.6joycasino.com" />
+	<target host="www.7joycasino.com" />
+	<target host="www.8joycasino.com" />
+	<target host="www.9joycasino.com" />
+	<target host="www.joy-cazino.com" />
+	<target host="www.joy-kasino.com" />
+	<target host="www.joy-kazino.com" />
+	<target host="www.joycasino.com" />
+	<target host="www.joycasino.info" />
+	<target host="www.joycasino0.com" />
+	<target host="www.joycasino1.com" />
+	<target host="www.joycasino10.com" />
+	<target host="www.joycasino11.com" />
+	<target host="www.joycasino12.com" />
+	<target host="www.joycasino13.com" />
+	<target host="www.joycasino14.com" />
+	<target host="www.joycasino2.com" />
+	<target host="www.joycasino3.com" />
+	<target host="www.joycasino4.com" />
+	<target host="www.joycasino5.com" />
+	<target host="www.joycasino6.com" />
+	<target host="www.joycasino7.com" />
+	<target host="www.joycasino777.co" />
+	<target host="www.joycasino777.net" />
+	<target host="www.joycasino8.com" />
+	<target host="www.joycasino9.com" />
+	<target host="www.joycazino.com" />
+	<target host="www.joykazino.com" />
+
+	<rule from="^http://www\.(joy-cazino\.com|joy-kazino\.com|joycazino\.com|joykazino\.com|joycasino9\.com)/"
+		to="https://$1/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/jqplay.org.xml b/src/chrome/content/rules/jqplay.org.xml
new file mode 100644
index 000000000000..bdb247bca9c2
--- /dev/null
+++ b/src/chrome/content/rules/jqplay.org.xml
@@ -0,0 +1,16 @@
+<!--
+www.jqplay.org ³
+
+
+³ timed out
+-->
+<ruleset name="jqplay.org">
+	<target host="jqplay.org" />
+
+	<target host="www.jqplay.org" />
+
+	<rule from="^http://www\.jqplay\.org/"
+		to="https://jqplay.org/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/jrnl.ie.xml b/src/chrome/content/rules/jrnl.ie.xml
new file mode 100644
index 000000000000..4fbe700b0a15
--- /dev/null
+++ b/src/chrome/content/rules/jrnl.ie.xml
@@ -0,0 +1,48 @@
+<!--
+	^jrnl.ie is handled in Bit.ly_vanity_domains.xml.
+
+	For other TheJournal coverage, see TheJournal.ie.xml.
+
+
+	CDN buckets:
+
+		- d1icb8fuiosdrj.cloudfront.net
+
+			- s[0-3].jrnl.ie
+			- s[0-3].thejournal.ie
+
+
+
+	Problematic hosts in *jrnl.ie:
+
+		- s[0-3].jrnl.ie	(cloudfront)
+		- static.jrnl.ie ᵐ
+
+	ᵐ Mismatched
+
+-->
+<ruleset name="Jrnl.ie">
+
+	<!--	Complications:
+				-->
+	<target host="b0.jrnl.ie" />
+	<target host="s0.jrnl.ie" />
+	<target host="s1.jrnl.ie" />
+	<target host="s2.jrnl.ie" />
+	<target host="s3.jrnl.ie" />
+	<target host="static.jrnl.ie" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://(?:b0|static)\.jrnl\.ie/"
+		to="https://b0.thejournal.ie/" />
+
+	<!--rule from="^http://[cfs]\d\.(?:jrn|thejourna)l\.ie/"
+		to="https://d1icb8fuiosdrj.cloudfront.net/" /-->
+
+	<rule from="^http://s\d\.jrnl\.ie/"
+		to="https://d1icb8fuiosdrj.cloudfront.net/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/js1k.com.xml b/src/chrome/content/rules/js1k.com.xml
new file mode 100644
index 000000000000..bfea1e78b3a3
--- /dev/null
+++ b/src/chrome/content/rules/js1k.com.xml
@@ -0,0 +1,12 @@
+<!--
+	Invalid certificate:
+		ftp.js1k.com
+		ssh.js1k.com
+-->
+<ruleset name="js1k.com">
+	<target host="js1k.com" />
+	<target host="www.js1k.com" />
+
+	<rule from="^http://www\.js1k\.com/" to="https://js1k.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/jsFiddle.xml b/src/chrome/content/rules/jsFiddle.xml
new file mode 100644
index 000000000000..ab44bbf6fe45
--- /dev/null
+++ b/src/chrome/content/rules/jsFiddle.xml
@@ -0,0 +1,34 @@
+<!--
+	www.jsfiddle.net: Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- jsfiddle.net
+
+-->
+<ruleset name="jsFiddle.net">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="jsfiddle.net" />
+
+	<!--	Complications:
+				-->
+	<target host="www.jsfiddle.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^jsfiddle\.net$" name="^(?:csrftoken|sessionid)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://www\.jsfiddle\.net/"
+		to="https://jsfiddle.net/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/jsbin.com.xml b/src/chrome/content/rules/jsbin.com.xml
new file mode 100644
index 000000000000..246cc5e41066
--- /dev/null
+++ b/src/chrome/content/rules/jsbin.com.xml
@@ -0,0 +1,24 @@
+<!--
+	Invalid certificate:
+		old.jsbin.com
+		share.jsbin.com
+		stats.jsbin.com
+
+	Time out:
+		apps.jsbin.com
+-->
+<ruleset name="jsbin.com">
+	<target host="jsbin.com" />
+	<target host="www.jsbin.com" />
+	<target host="4.jsbin.com" />
+	<target host="api.jsbin.com" />
+	<target host="bsa.jsbin.com" />
+	<target host="help.jsbin.com" />
+	<target host="output.jsbin.com" />
+	<target host="post.jsbin.com" />
+	<target host="v5.jsbin.com" />
+	<target host="v5-runner.jsbin.com" />
+
+	<rule from="^http://www\.jsbin\.com/" to="https://jsbin.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/json.org.xml b/src/chrome/content/rules/json.org.xml
new file mode 100644
index 000000000000..2891171ee4d7
--- /dev/null
+++ b/src/chrome/content/rules/json.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="json.org">
+
+	<target host="json.org" />
+	<target host="www.json.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/jsonformatter.org.xml b/src/chrome/content/rules/jsonformatter.org.xml
new file mode 100644
index 000000000000..66a849abc3fc
--- /dev/null
+++ b/src/chrome/content/rules/jsonformatter.org.xml
@@ -0,0 +1,6 @@
+<ruleset name="jsonformatter.org">
+	<target host="jsonformatter.org" />
+	<target host="www.jsonformatter.org" />
+
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/jsonline.com.xml b/src/chrome/content/rules/jsonline.com.xml
new file mode 100644
index 000000000000..6eedd15dcf81
--- /dev/null
+++ b/src/chrome/content/rules/jsonline.com.xml
@@ -0,0 +1,24 @@
+<!--
+	Nonfunctional hosts in *jsonline.com:
+
+		- graphics ⁴
+
+	⁴ 400
+
+-->
+<ruleset name="JSonline.com">
+
+	<target host="secure.jsonline.com" />
+
+		<!--	$ 403s, so:
+					-->
+		<test url="http://secure.jsonline.com/scripts/www.commercialappeal.com/jmg.script.tracking.js" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/jsrdn.com.xml b/src/chrome/content/rules/jsrdn.com.xml
new file mode 100644
index 000000000000..ebd864c07896
--- /dev/null
+++ b/src/chrome/content/rules/jsrdn.com.xml
@@ -0,0 +1,29 @@
+<!--
+	Chain issues:
+		- heroku.jsrdn.com
+
+	Timeout:
+		- metrics.jsrdn.com
+
+	Cert mismatch:
+		- assets.jsrdn.com
+		- r53.jsrdn.com
+		- s3.jsrdn.com
+		- s3-us-west-2.jsrdn.com
+-->
+<ruleset name="jsrdn.com">
+
+	<target host="a.jsrdn.com" />
+	<target host="admin2.jsrdn.com" />
+	<target host="c.jsrdn.com" />
+	<target host="i.jsrdn.com" />
+	<target host="portal2.jsrdn.com" />
+	<target host="s.jsrdn.com" />
+	<target host="v.jsrdn.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/jtreminio.com.xml b/src/chrome/content/rules/jtreminio.com.xml
new file mode 100644
index 000000000000..1a9773ff56e0
--- /dev/null
+++ b/src/chrome/content/rules/jtreminio.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="jtreminio.com">
+	<target host="jtreminio.com" />
+	<target host="www.jtreminio.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/juick.com.xml b/src/chrome/content/rules/juick.com.xml
new file mode 100644
index 000000000000..80bd09dc94e0
--- /dev/null
+++ b/src/chrome/content/rules/juick.com.xml
@@ -0,0 +1,13 @@
+<!--
+www.juick.com mismatch
+-->
+<ruleset name="juick.com">
+	<target host="juick.com" />
+	<target host="www.juick.com" />
+
+	<rule from="^http://www\.juick\.com/"
+		to="https://juick.com/" />
+
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/jumpshare.com.xml b/src/chrome/content/rules/jumpshare.com.xml
new file mode 100644
index 000000000000..320aef901f62
--- /dev/null
+++ b/src/chrome/content/rules/jumpshare.com.xml
@@ -0,0 +1,14 @@
+<ruleset name="JumpShare.com">
+
+	<target host="jumpshare.com" />
+	<target host="apps.jumpshare.com" />
+	<target host="www.jumpshare.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/jungewelt.de.xml b/src/chrome/content/rules/jungewelt.de.xml
new file mode 100644
index 000000000000..ab6300ef94e3
--- /dev/null
+++ b/src/chrome/content/rules/jungewelt.de.xml
@@ -0,0 +1,11 @@
+<!--
+	Mismatch:
+		- blende.jungewelt.de
+-->
+<ruleset name="junge Welt">
+	<target host="jungewelt.de"/>
+	<target host="www.jungewelt.de"/>
+
+	<rule from="^http:"
+		to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/juso.ch.xml b/src/chrome/content/rules/juso.ch.xml
new file mode 100644
index 000000000000..abe610fcd9b7
--- /dev/null
+++ b/src/chrome/content/rules/juso.ch.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.juso.ch
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="JUSO.ch">
+
+	<target host="juso.ch" />
+	<target host="www.juso.ch" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.juso\.ch$" name="^(?:_icl_current_language|wfvt_\d+)$" /-->
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/justcloud.com.xml b/src/chrome/content/rules/justcloud.com.xml
new file mode 100644
index 000000000000..5b84242cbfc1
--- /dev/null
+++ b/src/chrome/content/rules/justcloud.com.xml
@@ -0,0 +1,51 @@
+<!--
+	For other Just Develop It coverage, see Just-Develop-It.xml.
+
+
+	Problematic hosts in *justcloud.com:
+
+		- affiliates ᵐ
+
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- justcloud.com
+		- .justcloud.com
+		- www.justcloud.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Image on support from login.justcloud.com ˢ
+		- favicon on www from $self ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="JustCloud.com (partial)">
+
+	<target host="justcloud.com" />
+	<target host="login.justcloud.com" />
+	<target host="my.justcloud.com" />
+	<target host="support.justcloud.com" />
+	<target host="www.justcloud.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^justcloud\.com$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^\.justcloud\.com$" name="^(?:CUBEXSESSIONID|LC_CURRENCY)$" /-->
+	<!--securecookie host="^www\.justcloud\.com$" name="^(?:LC_DROPDOWN|PHPSESSID)$" /-->
+
+	<securecookie host="^\." name="^(?:CUBEXSESSIONID|LC_CURRENCY)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/justdelete.me.xml b/src/chrome/content/rules/justdelete.me.xml
new file mode 100644
index 000000000000..7c3f91bd5524
--- /dev/null
+++ b/src/chrome/content/rules/justdelete.me.xml
@@ -0,0 +1,6 @@
+<ruleset name="justdelete.me">
+	<target host="justdelete.me" />
+	<target host="www.justdelete.me" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/justeat.xml b/src/chrome/content/rules/justeat.xml
new file mode 100644
index 000000000000..800b7b5795d1
--- /dev/null
+++ b/src/chrome/content/rules/justeat.xml
@@ -0,0 +1,137 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://partner.just-eat.be/ => https://partner.just-eat.be/: (6, 'Could not resolve host: partner.just-eat.be')
+Fetch error: http://partner.justeat.nl/ => https://partner.justeat.nl/: (6, 'Could not resolve host: partner.justeat.nl')
+
+	Current missing regions:
+		- Brazil
+		- Australia
+		- New Zealand
+		- Switzerland
+		- Mexico
+
+	Mismatched:
+		- graduates.just-eat.com
+		- blog.just-eat. ( co.uk / be / nl / it / dk / no / es / ie )
+		- pages.just-eat.ca (Canadian version of blog.*)
+		- mail.just-eat. ( dk / no / es / nl / it / ie )
+		- www.getmoreorders.ie
+		- www.justeatshop.ie
+		- www.meerbestellingen.be
+		- www.meerbestellingen.nl
+		- land.justeat.it
+		- livraison.alloresto.fr
+
+	Refused:
+		- partnerblog.just-eat. (.co.uk / nl / dk / no / es )
+		- *.justeat-blogs.co.uk
+		- *.justeat-partner.dk
+		- www.pizzatrondheim.no > forwards to just-eat.no specific page ONLY over HTTP
+		- www.sushioslo.no > forwards to just-eat.no specific page ONLY over HTTP
+		- restaurantes.just-eat.es
+		- www.piuordini.it
+		- wiki.alloresto.fr
+		- restoshop.alloresto.fr
+		- www.plusdecommandes.fr
+		- www.eatonline.fr
+-->
+<ruleset name="Just Eat" default_off="failed ruleset test">
+
+	<!-- Global -->
+	<target host="just-eat.com" />
+	<target host="www.just-eat.com" />
+	<target host="tech.just-eat.com" />
+
+	<rule from="^http://just-eat\.com/" to="https://www.just-eat.com/" /><!-- Times out, redirect to www -->
+
+	<!-- United Kingdom -->
+	<target host="just-eat.co.uk" />
+	<target host="www.just-eat.co.uk" />
+	<target host="partner.just-eat.co.uk" />
+	<target host="connect.just-eat.co.uk" />
+	<target host="help.just-eat.co.uk" />
+	<target host="utakeaway.just-eat.co.uk" />
+	<target host="restaurants.just-eat.co.uk" />
+
+	<!-- Canada -->
+	<target host="just-eat.ca" />
+	<target host="www.just-eat.ca" />
+	<target host="partner.just-eat.ca" />
+
+	<!-- Denmark -->
+	<target host="just-eat.dk" />
+	<target host="www.just-eat.dk" />
+	<target host="partner.just-eat.dk" />
+
+	<!-- Norway -->
+	<target host="just-eat.no" />
+	<target host="www.just-eat.no" />
+	<target host="partner.just-eat.no" />
+
+	<!-- Spain -->
+	<target host="just-eat.es" />
+	<target host="www.just-eat.es" />
+	<target host="partner.just-eat.es" />
+
+	<!-- Belgium -->
+	<target host="just-eat.be" />
+	<target host="www.just-eat.be" />
+	<target host="partner.just-eat.be" />
+
+	<!-- Netherlands -->
+	<target host="justeat.nl" />
+	<target host="www.justeat.nl" />
+	<target host="partner.justeat.nl" />
+
+	<!-- Italy -->
+	<target host="justeat.it" />
+	<target host="www.justeat.it" />
+	<target host="partner.justeat.it" />
+
+	<!-- Ireland -->
+	<target host="just-eat.ie" />
+	<target host="www.just-eat.ie" />
+	<target host="partner.just-eat.ie" />
+	<!-- Old subdomains for individual restaurants which redirect to www pages (temporary redirect prior to removal?). They show up in early Google results so covering them for now. -->
+	<target host="giuliosnaas.just-eat.ie" />
+	<target host="salvetas.just-eat.ie" />
+	<target host="flamehut.just-eat.ie" />
+	<target host="motherindia.just-eat.ie" />
+	<target host="antalyagrillhouse-blanchardstown.just-eat.ie" />
+	<target host="easternfusion-terenure.just-eat.ie" />
+	<target host="spicybite-dublin1.just-eat.ie" />
+
+	<!-- France -->
+	<target host="alloresto.fr" />
+	<target host="www.alloresto.fr" />
+	<target host="m.alloresto.fr" />
+
+	<!-- Applies to most/all regions -->
+
+	<!-- XXX Chrome specific rule to workaround issues || https://github.com/EFForg/https-everywhere/issues/793 || https://code.google.com/p/chromium/issues/detail?id=122548 -->
+	<exclusion pattern="^http://www\.just-?eat\.(co\.uk|ca|dk|no|es|be|nl|it|ie)/(blog|apps)" />
+	<test url="http://www.just-eat.co.uk/blog" />
+	<test url="http://www.just-eat.ca/blog" />
+	<test url="http://www.just-eat.dk/blog" />
+	<test url="http://www.just-eat.no/blog" />
+	<test url="http://www.just-eat.es/blog" />
+	<test url="http://www.just-eat.be/blog" />
+	<test url="http://www.justeat.nl/blog" />
+	<test url="http://www.justeat.it/blog" />
+	<test url="http://www.just-eat.ie/blog" />
+	<test url="http://www.just-eat.co.uk/apps" />
+	<test url="http://www.just-eat.ca/apps" />
+	<test url="http://www.just-eat.dk/apps" />
+	<test url="http://www.just-eat.no/apps" />
+	<test url="http://www.just-eat.es/apps" />
+	<test url="http://www.just-eat.be/apps" />
+	<test url="http://www.justeat.nl/apps" />
+	<test url="http://www.justeat.it/apps" />
+	<test url="http://www.just-eat.ie/apps" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/justgiving.com-falsemixed.xml b/src/chrome/content/rules/justgiving.com-falsemixed.xml
new file mode 100644
index 000000000000..0c6d4293fb34
--- /dev/null
+++ b/src/chrome/content/rules/justgiving.com-falsemixed.xml
@@ -0,0 +1,20 @@
+<!--
+	For rules causing false/broken MCB, see JustGiving.xml.
+
+
+	NB: see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="JustGiving.com (false MCB)" platform="mixedcontent">
+
+	<target host="blog.justgiving.com" />
+	<target host="tech.justgiving.com" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/justseedit.xml b/src/chrome/content/rules/justseedit.xml
new file mode 100644
index 000000000000..a6c379b32611
--- /dev/null
+++ b/src/chrome/content/rules/justseedit.xml
@@ -0,0 +1,7 @@
+<ruleset name="justseed.it">
+  <target host="justseed.it" />
+  <target host="www.justseed.it" />
+
+  <rule from="^http:"
+          to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/jwz.org.xml b/src/chrome/content/rules/jwz.org.xml
deleted file mode 100644
index 8eb685342a27..000000000000
--- a/src/chrome/content/rules/jwz.org.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<ruleset name="jwz.org" default_off="self-signed">
-
-	<target host="jwz.org" />
-	<target host="www.jwz.org" />
-
-
-	<!--	Cert only matches www.	-->
-	<rule from="^https?://(?:www\.)?jwz\.org/"
-		to="https://www.jwz.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/jydoll.cn.xml b/src/chrome/content/rules/jydoll.cn.xml
new file mode 100644
index 000000000000..24a980e7e51d
--- /dev/null
+++ b/src/chrome/content/rules/jydoll.cn.xml
@@ -0,0 +1,9 @@
+<ruleset name="jydoll.cn">
+	<target host="jydoll.cn" />
+	<target host="www.jydoll.cn" />
+	<target host="m.jydoll.cn" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/k7r.eu.xml b/src/chrome/content/rules/k7r.eu.xml
new file mode 100644
index 000000000000..88c752e5d2c5
--- /dev/null
+++ b/src/chrome/content/rules/k7r.eu.xml
@@ -0,0 +1,13 @@
+<ruleset name="k7r.eu">
+
+	<target host="k7r.eu" />
+	<target host="www.k7r.eu" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ka-baeder.de.xml b/src/chrome/content/rules/ka-baeder.de.xml
new file mode 100644
index 000000000000..2ad230e8938a
--- /dev/null
+++ b/src/chrome/content/rules/ka-baeder.de.xml
@@ -0,0 +1,10 @@
+<ruleset name="Karlsruher Bäder">
+
+	<target host="ka-baeder.de" />
+	<target host="www.ka-baeder.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ka-news.de.xml b/src/chrome/content/rules/ka-news.de.xml
new file mode 100644
index 000000000000..6f83f8e4b66f
--- /dev/null
+++ b/src/chrome/content/rules/ka-news.de.xml
@@ -0,0 +1,38 @@
+<!--
+	Connection failed:
+		branchenbuch.ka-news.de
+		www.branchenbuch.ka-news.de
+		regiostars.ka-news.de
+
+	Invalid certificate:
+		events.ka-news.de
+		karriere.ka-news.de
+		www.service.ka-news.de
+		www.static3.ka-news.de
+
+	Not found:
+		forum.ka-news.de
+		www.forum.ka-news.de
+		only4single.ka-news.de
+-->
+<ruleset name="ka-news.de">
+
+	<target host="ka-news.de" />
+	<target host="www.ka-news.de" />
+	<target host="admin.ka-news.de" />
+	<target host="alpha.ka-news.de" />
+	<target host="grafik.ka-news.de" />
+	<target host="mobil.ka-news.de" />
+	<target host="alpha.mobil.ka-news.de" />
+	<target host="service.ka-news.de" />
+	<target host="static1.ka-news.de" />
+	<target host="static2.ka-news.de" />
+	<target host="static3.ka-news.de" />
+	<target host="wahl.ka-news.de" />
+	<target host="m.wahl.ka-news.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ka-wlan.de.xml b/src/chrome/content/rules/ka-wlan.de.xml
new file mode 100644
index 000000000000..daffc2824259
--- /dev/null
+++ b/src/chrome/content/rules/ka-wlan.de.xml
@@ -0,0 +1,10 @@
+<ruleset name="KA-WLAN">
+
+	<target host="ka-wlan.de" />
+	<target host="www.ka-wlan.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/kabelbw.xml b/src/chrome/content/rules/kabelbw.xml
new file mode 100644
index 000000000000..0b0d6c799225
--- /dev/null
+++ b/src/chrome/content/rules/kabelbw.xml
@@ -0,0 +1,5 @@
+<ruleset name="kabelbw">
+  <target host="www.kabelbw.de" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/kachelmannwetter.com.xml b/src/chrome/content/rules/kachelmannwetter.com.xml
new file mode 100644
index 000000000000..20fbf00c19bc
--- /dev/null
+++ b/src/chrome/content/rules/kachelmannwetter.com.xml
@@ -0,0 +1,14 @@
+<!--
+	Mixed content:
+		wetterkanal.kachelmannwetter.com
+-->
+<ruleset name="kachelmannwetter.com">
+
+	<target host="kachelmannwetter.com" />
+	<target host="www.kachelmannwetter.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/kafanews.com.xml b/src/chrome/content/rules/kafanews.com.xml
new file mode 100644
index 000000000000..34dfa72f3594
--- /dev/null
+++ b/src/chrome/content/rules/kafanews.com.xml
@@ -0,0 +1,19 @@
+<!--
+board.kafanews.com ²
+ki.kafanews.com ²
+new.kafanews.com ²
+youth.kafanews.com ²
+
+
+² refused
+-->
+<ruleset name="kafanews.com">
+	<target host="kafanews.com" />
+	<target host="www.kafanews.com" />
+	<target host="blogs.kafanews.com" />
+	<target host="more-sprava.kafanews.com" />
+	<target host="people.kafanews.com" />
+	<target host="school.kafanews.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/kamchatinfo.com.xml b/src/chrome/content/rules/kamchatinfo.com.xml
new file mode 100644
index 000000000000..5a203ed87203
--- /dev/null
+++ b/src/chrome/content/rules/kamchatinfo.com.xml
@@ -0,0 +1,5 @@
+<ruleset name="kamchatinfo.com">
+	<target host="kamchatinfo.com" />
+	<target host="www.kamchatinfo.com" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/kamensktel.ru.xml b/src/chrome/content/rules/kamensktel.ru.xml
new file mode 100644
index 000000000000..027600e202a2
--- /dev/null
+++ b/src/chrome/content/rules/kamensktel.ru.xml
@@ -0,0 +1,19 @@
+<!--
+kamensktel.ru self signed
+www.kamensktel.ru self signed
+podpiska.kamensktel.ru mismatch
+cgb.kamensktel.ru self signed
+l4d.kamensktel.ru mismatch
+gps.kamensktel.ru timed out
+tee.kamensktel.ru timed out
+upi.kamensktel.ru self signed
+www.mouo.kamensktel.ru self signed
+www.upi.kamensktel.ru self signed
+www.dgb2.kamensktel.ru self signed
+www.cgb.kamensktel.ru self signed
+-->
+<ruleset name="kamensktel.ru (partial)">
+	<target host="cab.kamensktel.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/kancloud.cn.xml b/src/chrome/content/rules/kancloud.cn.xml
new file mode 100644
index 000000000000..c9741f8a3d02
--- /dev/null
+++ b/src/chrome/content/rules/kancloud.cn.xml
@@ -0,0 +1,32 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://kancloud.cn/ (200) => https://kancloud.cn/ (404)
+
+	Different HTTP/HTTPS content:
+		git.kancloud.cn
+		release.kancloud.cn
+
+	Invalid certificate:
+		help.kancloud.cn
+
+	MCB:
+		box.kancloud.cn
+-->
+
+<ruleset name="kancloud.cn" default_off="failed ruleset test">
+
+	<target host="box.kancloud.cn" />
+		<exclusion pattern="^http://box\.kancloud\.cn/(?!cover)" />
+		<test url="http://box.kancloud.cn/cover/dragonflyxyz/omxplayer-dbus-raspberrypi.jpg?imageMogr2/thumbnail/300x400!/interlace/1/quality/100" />
+		<test url="http://box.kancloud.cn/cover_2016-04-15_57105b041cbb_800x1068.jpg" />
+		<test url="http://box.kancloud.cn/user/login" />
+		<test url="http://box.kancloud.cn/user/register" />
+
+	<target host="kancloud.cn" />
+	<target host="www.kancloud.cn" />
+	<target host="static.kancloud.cn" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/kannz.com.xml b/src/chrome/content/rules/kannz.com.xml
new file mode 100644
index 000000000000..4747ff0a2a9e
--- /dev/null
+++ b/src/chrome/content/rules/kannz.com.xml
@@ -0,0 +1,11 @@
+<ruleset name="kannz.com (mixedcontent)" platform="mixedcontent">
+	<target host="kannz.com" />
+	<target host="www.kannz.com" />
+	<target host="api.kannz.com" />
+	<target host="roadcode.kannz.com" />
+	<target host="weixin.kannz.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/kantonalbanken.xml b/src/chrome/content/rules/kantonalbanken.xml
new file mode 100644
index 000000000000..a7543409aa47
--- /dev/null
+++ b/src/chrome/content/rules/kantonalbanken.xml
@@ -0,0 +1,182 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://150.blkb.ch/ => https://150.blkb.ch/: (35, 'error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol')
+Fetch error: http://advent.blkb.ch/ => https://advent.blkb.ch/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://events.blkb.ch/ => https://events.blkb.ch/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://newsletter.gkb.ch/ => https://newsletter.gkb.ch/: (6, 'Could not resolve host: newsletter.gkb.ch')
+Fetch error: http://inba.lukb.ch/ => https://inba.lukb.ch/: (6, 'Could not resolve host: inba.lukb.ch')
+Fetch error: http://advent.sgkb.ch/ => https://advent.sgkb.ch/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://fxnet.sgkb.ch/ => https://fxnet.sgkb.ch/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://tabs.sgkb.ch/ => https://tabs.sgkb.ch/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://tradedirect.ch/ => https://tradedirect.ch/: (51, "SSL: no alternative certificate subject name matches target host name 'tradedirect.ch'")
+Fetch error: http://tradedirect.ch/ => https://tradedirect.ch/: (51, "SSL: no alternative certificate subject name matches target host name 'tradedirect.ch'")
+
+	Problematic hosts:
+
+		- blkb.ch	Mismatched
+
+	Not supported:
+	- newhome.ch
+-->
+<ruleset name="Schweizer Kantonalbanken" default_off="failed ruleset test">
+	<target host="bcf.ch"/>
+	<target host="*.bcf.ch"/>
+	<target host="bcge.ch"/>
+	<target host="*.bcge.ch"/>
+	<target host="bcj.ch"/>
+	<target host="*.bcj.ch"/>
+	<target host="bcn.ch"/>
+	<target host="*.bcn.ch"/>
+	<target host="bcv.ch"/>
+	<target host="*.bcv.ch"/>
+	<target host="bekb.ch"/>
+	<target host="*.bekb.ch"/>
+	<target host="bkb.ch"/>
+	<target host="*.bkb.ch"/>
+	<target host="blkb.ch"/>
+	<target host="*.blkb.ch"/>
+	<target host="gkb.ch"/>
+	<target host="*.gkb.ch"/>
+	<target host="glkb.ch"/>
+	<target host="*.glkb.ch"/>
+	<target host="lukb.ch"/>
+	<target host="*.lukb.ch"/>
+	<target host="nkb.ch"/>
+	<target host="*.nkb.ch"/>
+	<target host="owkb.ch"/>
+	<target host="*.owkb.ch"/>
+	<target host="sgkb.ch"/>
+	<target host="*.sgkb.ch"/>
+	<target host="shkb.ch"/>
+	<target host="*.shkb.ch"/>
+	<target host="szkb.ch" />
+	<target host="*.szkb.ch" />
+	<target host="tkb.ch"/>
+	<target host="*.tkb.ch"/>
+	<target host="tradedirect.ch" />
+	<target host="*.tradedirect.ch" />
+	<target host="urkb.ch"/>
+	<target host="*.urkb.ch"/>
+	<target host="yourmoney.ch"/>
+	<target host="*.yourmoney.ch"/>
+	<target host="zugerkb.ch"/>
+	<target host="*.zugerkb.ch"/>
+
+	<test url="http://bcf.ch/" />
+	<test url="http://www.bcf.ch/" />
+	<test url="http://de.bcf.ch/" />
+	<test url="http://inba.bcf.ch/" />
+	<test url="http://test.bcf.ch/" />
+	<test url="http://bcge.ch/" />
+	<test url="http://www.bcge.ch/" />
+	<test url="http://mobile.bcge.ch/" />
+	<test url="http://netbanking.bcge.ch/" />
+	<test url="http://wcpl.bcge.ch/" />
+	<test url="http://bcj.ch/" />
+	<test url="http://www.bcj.ch/" />
+	<test url="http://banking.bcj.ch/" />
+	<test url="http://bcn.ch/" />
+	<test url="http://www.bcn.ch/" />
+	<test url="http://netbanking.bcn.ch/" />
+	<test url="http://bcv.ch/" />
+	<test url="http://www.bcv.ch/" />
+	<test url="http://structures.bvc.ch/" />
+	<test url="http://bekb.ch/" />
+	<test url="http://www.bekb.ch/" />
+	<test url="http://banking.bekb.ch/" />
+	<test url="http://mobile.bekb.ch/" />
+	<test url="http://securemail.bekb.ch/" />
+	<test url="http://bkb.ch/" />
+	<test url="http://www.bkb.ch/" />
+	<test url="http://ebanking.bkb.ch/" />
+	<test url="http://gb.bkb.ch/" />
+	<test url="http://m.bkb.ch/" />
+	<test url="http://mobile.bkb.ch/" />
+	<test url="http://blkb.ch/" />
+	<test url="http://www.blkb.ch/" />
+	<test url="http://150.blkb.ch/" />
+	<test url="http://advent.blkb.ch/" />
+	<test url="http://blog.blkb.ch/" />
+	<test url="http://boerse.blkb.ch/" />
+	<test url="http://erdbebenversicherung.blkb.ch/" />
+	<test url="http://events.blkb.ch/" />
+	<test url="http://gb.blkb.ch/" />
+	<test url="http://mobile.blkb.ch/" />
+	<test url="http://mobilebanking.blkb.ch/" />
+	<test url="http://www.mobilebanking.blkb.ch/" />
+	<test url="http://gkb.ch/" />
+	<test url="http://www.gkb.ch/" />
+	<test url="http://grow.gkb.ch/" />
+	<test url="http://mobile.gkb.ch/" />
+	<test url="http://www.mobile.gkb.ch/" />
+	<test url="http://newsletter.gkb.ch/" />
+	<test url="http://glkb.ch/" />
+	<test url="http://www.glkb.ch/" />
+	<test url="http://ibdemo.glkb.ch/" />
+	<test url="http://mobile.glkb.ch/" />
+	<test url="http://lukb.ch/" />
+	<test url="http://www.lukb.ch/" />
+	<test url="http://wap.lukb.ch/" />
+	<test url="http://ina.lukb.ch/" />
+	<test url="http://inba.lukb.ch/" />
+	<test url="http://nkb.ch/" />
+	<test url="http://www.nkb.ch/" />
+	<test url="http://inba.nkb.ch/" />
+	<test url="http://mobile.nkb.ch/" />
+	<test url="http://owkb.ch/" />
+	<test url="http://www.owkb.ch/" />
+	<test url="http://internetbank.owkb.ch/" />
+	<test url="http://mobile.owkb.ch/" />
+	<test url="http://sgkb.ch/" />
+	<test url="http://www.sgkb.ch/" />
+	<test url="http://advent.sgkb.ch/" />
+	<test url="http://fxnet.sgkb.ch/" />
+	<test url="http://galerie.sgkb.ch/" />
+	<test url="http://mobile.sgkb.ch/" />
+	<test url="http://tabs.sgkb.ch/" />
+	<test url="http://shkb.ch/" />
+	<test url="http://www.shkb.ch/" />
+	<test url="http://wwwsec.shkb.ch/" />
+	<test url="http://szkb.ch/" />
+	<test url="http://www.szkb.ch/" />
+	<test url="http://bcm.szkb.ch/" />
+	<test url="http://wwwsec.szkb.ch/" />
+	<test url="http://tkb.ch/" />
+	<test url="http://www.tkb.ch/" />
+	<test url="http://banking.tkb.ch/" />
+	<test url="http://kredit.tkb.ch/" />
+	<test url="http://mobile.tkb.ch/" />
+	<test url="http://tradedirect.ch/" />
+	<test url="http://www.tradedirect.ch/" />
+	<test url="http://urkb.ch/" />
+	<test url="http://www.urkb.ch/" />
+	<test url="http://wwwsec.urkb.ch/" />
+	<test url="http://yourmoney.ch/" />
+	<test url="http://www.yourmoney.ch/" />
+	<test url="http://mail.yourmoney.ch/" />
+	<test url="http://zugerkb.ch/" />
+	<test url="http://www.zugerkb.ch/" />
+
+	<exclusion pattern="http://(www\.)?mobilebanking\.blkb\.ch"/>
+	<exclusion pattern="http://(blog|gb)\.blkb\.ch/"/>
+	<exclusion pattern="http://gb\.bkb\.ch/"/>
+	<exclusion pattern="http://test\.bcf\.ch"/>
+	<exclusion pattern="http://structures\.bvc\.ch"/>
+	<exclusion pattern="http://grow\.gkb\.ch/"/>
+	<exclusion pattern="http://www\.mobile\.gkb\.ch"/>
+	<exclusion pattern="http://mobile\.(gkb|glkb|nkb|owkb|sgkb|tkb)\.ch"/>
+	<exclusion pattern="http://(?:wap|ina)\.lukb\.ch"/>
+	<exclusion pattern="http://galerie\.sgkb\.ch"/>
+	<exclusion pattern="http://bcm\.szkb\.ch"/>
+	<exclusion pattern="http://kredit\.tkb\.ch/"/>
+	<exclusion pattern="http://mail\.yourmoney\.ch"/>
+
+	<securecookie host="^(?:.*\.)?(bcf|bcge|bcj|bcn|bcv|bekb|bkb|blkb|gkb|glkb|lukb|nkb|owkb|sgkb|shkb|szkb|tkb|urkb|yourmoney|zugerkb).ch$" name=".+" />
+
+	<rule from="^http://(bcf|bcge|bcj|bcn|bcv|bekb|bkb|blkb|gkb|glkb|lukb|nkb|owkb|sgkb|shkb|szkb|tkb|urkb|yourmoney|zugerkb)\.ch/"
+		to="https://www.$1.ch/"/>
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/kaosx.us.xml b/src/chrome/content/rules/kaosx.us.xml
new file mode 100644
index 000000000000..4cf9eb1e6afd
--- /dev/null
+++ b/src/chrome/content/rules/kaosx.us.xml
@@ -0,0 +1,7 @@
+<!--(www.)?kaosx.tk refused-->
+<ruleset name="kaosx.us">
+	<target host="kaosx.us" />
+	<target host="www.kaosx.us" />
+	<target host="forum.kaosx.us" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/kaprica.com.xml b/src/chrome/content/rules/kaprica.com.xml
new file mode 100644
index 000000000000..40188ba8e501
--- /dev/null
+++ b/src/chrome/content/rules/kaprica.com.xml
@@ -0,0 +1,20 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://kaprica.com/ => https://kaprica.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.kaprica.com/ => https://www.kaprica.com/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="Kaprica.com" default_off="failed ruleset test">
+
+	<target host="kaprica.com" />
+	<target host="www.kaprica.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/karelia.pro.xml b/src/chrome/content/rules/karelia.pro.xml
new file mode 100644
index 000000000000..41c8d9978b4c
--- /dev/null
+++ b/src/chrome/content/rules/karelia.pro.xml
@@ -0,0 +1,184 @@
+<!--
+karelia.pro ⁶
+www.karelia.pro ¹
+1941.karelia.pro ²
+2016.karelia.pro ¹
+96.karelia.pro ¹
+album.karelia.pro ¹
+anime.karelia.pro ²
+api.karelia.pro ¹
+art.karelia.pro ¹
+art5.karelia.pro ¹
+as47236-ptz.karelia.pro ³
+atom.karelia.pro ²
+avatar.karelia.pro ²
+avg.karelia.pro ¹
+beta.karelia.pro ¹
+biz.karelia.pro ²
+blog.karelia.pro ²
+buh.karelia.pro ²
+cache-ptk.karelia.pro ³
+camera.karelia.pro ¹
+chat.karelia.pro ²
+cnstart.karelia.pro ²
+coffeeup.karelia.pro ²
+csgg.karelia.pro ²
+css.karelia.pro ²
+css2.karelia.pro ²
+css3.karelia.pro ²
+cssdm.karelia.pro ²
+cssgg.karelia.pro ²
+cw5.karelia.pro ²
+cw6.karelia.pro ²
+daggert.karelia.pro ²
+danik.karelia.pro ²
+demial.karelia.pro ²
+design.karelia.pro ²
+deti.karelia.pro ¹
+detsad114.karelia.pro ²
+old.disk.karelia.pro ²
+domcom.karelia.pro ²
+dominanta.karelia.pro ²
+dou.karelia.pro ⁴
+duster.karelia.pro ²
+egais.karelia.pro ¹
+expert.karelia.pro ²
+faq.karelia.pro ¹
+fast.karelia.pro ¹
+flora.karelia.pro ²
+fs1.karelia.pro ³
+fs2.karelia.pro ³
+fs3.karelia.pro ³
+fs4.karelia.pro ³
+fs5.karelia.pro ²
+games.karelia.pro ¹
+gopro.karelia.pro ²
+graffiti-cska.karelia.pro ²
+halo5.karelia.pro ²
+hl2.karelia.pro ²
+idea.karelia.pro ¹
+index.karelia.pro ²
+iptv.karelia.pro ²
+iptv-ptk.karelia.pro ³
+iptvportal.karelia.pro ³
+jerry.karelia.pro ²
+karcher.karelia.pro ¹
+kfrane.karelia.pro ³
+kindle.karelia.pro ²
+knigi.karelia.pro ¹
+knigi2.karelia.pro ²
+kreacio.karelia.pro ²
+la2.karelia.pro ³
+ldisk.karelia.pro ²
+linuxupdate.karelia.pro ²
+love.karelia.pro ¹
+www.love.karelia.pro ¹
+wap.love.karelia.pro ¹
+market.karelia.pro ²
+www.market.karelia.pro ²
+maximum.karelia.pro ²
+mayki.karelia.pro ⁴
+mdou115.karelia.pro ³
+med-crb.karelia.pro ²
+medgorasoc.karelia.pro ²
+media.karelia.pro ³
+minecraft.karelia.pro ²
+minedu.karelia.pro ²
+minefan.karelia.pro ²
+s1.moidom.karelia.pro ¹
+s2.moidom.karelia.pro ³
+mumble.karelia.pro ³
+mvip.karelia.pro ²
+netsend2014.karelia.pro ²
+netsend2015.karelia.pro ²
+dnsseed.novacoin.karelia.pro ³
+ns1.karelia.pro ⁴
+ns2.karelia.pro ²
+opeka.karelia.pro ²
+osm.karelia.pro ³
+www.osm.karelia.pro ³
+otvet.karelia.pro ¹
+partner.karelia.pro ²
+pbx.karelia.pro ³
+petrochas.karelia.pro ²
+pilot.karelia.pro ²
+professional.karelia.pro ¹
+market.karelia.promarket.karelia.pro ²
+proxy.karelia.pro ²
+psp.karelia.pro ²
+ptz.karelia.pro ²
+www.ptz.karelia.pro ²
+www.pzk-pindushi.karelia.pro ²
+www.quest.karelia.pro ¹
+radio.karelia.pro ³
+raion.karelia.pro ¹
+rdc.karelia.pro ⁷
+mail.rdc.karelia.pro ⁷
+reestr.karelia.pro ¹
+reklama.karelia.pro ¹
+rexer82.karelia.pro ²
+rt.karelia.pro ²
+santex.karelia.pro ²
+school14.karelia.pro ²
+school42.karelia.pro ²
+serial.karelia.pro ²
+sortavala.karelia.pro ³
+cloud.sortavala.karelia.pro ³
+gate.sortavala.karelia.pro ³
+mail.sortavala.karelia.pro ³
+sortlib.karelia.pro ²
+www.sortlib.karelia.pro ²
+speedtest.karelia.pro ²
+speedtest-st.karelia.pro ²
+sport.karelia.pro ²
+ssh.karelia.pro ²
+start.karelia.pro ³
+supasalma.karelia.pro ²
+surveillance.karelia.pro ¹
+telefon.karelia.pro ²
+teran.karelia.pro ²
+tf2.karelia.pro ²
+truba.karelia.pro ¹
+tv.karelia.pro ¹
+twista.karelia.pro ¹
+urist.karelia.pro ²
+storage.vasileivy.karelia.pro ²
+victor3d.karelia.pro ²
+video.karelia.pro ²
+vip.karelia.pro ²
+vipgames.karelia.pro ²
+online.vipgames.karelia.pro ²
+update.vipgames.karelia.pro ²
+vipsport.karelia.pro ²
+vodolaz.karelia.pro ²
+volleyball.karelia.pro ²
+web.karelia.pro ²
+wifi.karelia.pro ¹
+work.karelia.pro non-2xx http code
+wow.karelia.pro ³
+ws.karelia.pro ²
+zarechie.karelia.pro ²
+
+
+¹ mismatch
+² refused
+³ timed out
+⁴ self signed
+⁶ redirect
+⁷ protocol error
+-->
+<ruleset name="karelia.pro (partial)">
+	<target host="dev.karelia.pro" />
+	<target host="disk.karelia.pro" />
+	<target host="grafana.karelia.pro" />
+	<target host="graphite.karelia.pro" />
+	<target host="hosting.karelia.pro" />
+	<target host="m.karelia.pro" />
+	<target host="moidom.karelia.pro" />
+	<target host="pivovar.karelia.pro" />
+	<target host="quest.karelia.pro" />
+	<target host="redmine.karelia.pro" />
+	<target host="susk.karelia.pro" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/karlsruhe.freifunk.net.xml b/src/chrome/content/rules/karlsruhe.freifunk.net.xml
new file mode 100644
index 000000000000..d3b3d212c327
--- /dev/null
+++ b/src/chrome/content/rules/karlsruhe.freifunk.net.xml
@@ -0,0 +1,31 @@
+<!--
+	Invalid certificate:
+		autoconfig.karlsruhe.freifunk.net
+		autodiscover.karlsruhe.freifunk.net
+		mail.karlsruhe.freifunk.net
+		0.updates.services.karlsruhe.freifunk.net
+		1.updates.services.karlsruhe.freifunk.net
+
+	Timeout:
+		build1.karlsruhe.freifunk.net
+		lists.karlsruhe.freifunk.net
+-->
+<ruleset name="Freifunk Karlsruhe">
+
+	<target host="karlsruhe.freifunk.net" />
+	<target host="www.karlsruhe.freifunk.net" />
+	<target host="api.karlsruhe.freifunk.net" />
+	<target host="docs.karlsruhe.freifunk.net" />
+	<target host="firmware.karlsruhe.freifunk.net" />
+	<target host="forum.karlsruhe.freifunk.net" />
+	<target host="www.forum.karlsruhe.freifunk.net" />
+	<target host="git.karlsruhe.freifunk.net" />
+	<target host="gitlab.karlsruhe.freifunk.net" />
+	<target host="hackmd.karlsruhe.freifunk.net" />
+	<target host="map.karlsruhe.freifunk.net" />
+	<target host="pads.karlsruhe.freifunk.net" />
+	<target host="stats.karlsruhe.freifunk.net" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/kartoshka.com.xml b/src/chrome/content/rules/kartoshka.com.xml
new file mode 100644
index 000000000000..f3f934b05683
--- /dev/null
+++ b/src/chrome/content/rules/kartoshka.com.xml
@@ -0,0 +1,13 @@
+<!--
+autodiscover.kartoshka.com ⁴
+mail.kartoshka.com ⁴
+
+
+⁴ self signed
+-->
+<ruleset name="kartoshka.com">
+	<target host="kartoshka.com" />
+	<target host="www.kartoshka.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/kartoteka.ru.xml b/src/chrome/content/rules/kartoteka.ru.xml
new file mode 100644
index 000000000000..0cc126e736a0
--- /dev/null
+++ b/src/chrome/content/rules/kartoteka.ru.xml
@@ -0,0 +1,22 @@
+<!--
+etp.kartoteka.ru ³
+etpold.kartoteka.ru ⁴
+patent.kartoteka.ru ³
+ptp.kartoteka.ru ³
+utp.kartoteka.ru ³
+
+
+³ timed out
+⁴ self signed
+-->
+<ruleset name="kartoteka.ru">
+	<target host="kartoteka.ru" />
+	<target host="www.kartoteka.ru" />
+	<target host="api.kartoteka.ru" />
+	<target host="kommersant.kartoteka.ru" />
+	<target host="new.kartoteka.ru" />
+	<target host="old.kartoteka.ru" />
+	<target host="uc.kartoteka.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/karusel-tv.ru.xml b/src/chrome/content/rules/karusel-tv.ru.xml
new file mode 100644
index 000000000000..3343d95f48cc
--- /dev/null
+++ b/src/chrome/content/rules/karusel-tv.ru.xml
@@ -0,0 +1,19 @@
+<!--
+arc.karusel-tv.ru ¹
+old.karusel-tv.ru ¹
+hot.video.karusel-tv.ru ¹
+
+
+¹ mismatch
+-->
+<ruleset name="karusel-tv.ru">
+	<target host="karusel-tv.ru" />
+	<target host="www.karusel-tv.ru" />
+	<target host="coldvideo.karusel-tv.ru" />
+	<target host="e3.karusel-tv.ru" />
+	<target host="e5.karusel-tv.ru" />
+	<target host="hotvideo.karusel-tv.ru" />
+	<target host="new.karusel-tv.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/kasiopea.matfyz.cz.xml b/src/chrome/content/rules/kasiopea.matfyz.cz.xml
new file mode 100644
index 000000000000..de1a4dc05511
--- /dev/null
+++ b/src/chrome/content/rules/kasiopea.matfyz.cz.xml
@@ -0,0 +1,6 @@
+<ruleset name="Kasiopea">
+    <target host="kasiopea.matfyz.cz" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/katsomo.fi.xml b/src/chrome/content/rules/katsomo.fi.xml
new file mode 100644
index 000000000000..63f7698ab3bf
--- /dev/null
+++ b/src/chrome/content/rules/katsomo.fi.xml
@@ -0,0 +1,43 @@
+<!--
+	Note: platform is so as not to increase non-Tor
+	distinguishability, given that no pages are covered
+	and no mixed content secured.
+
+
+	Problematic hosts in *katsomo.fi:
+
+		- (www.)? ᵀ
+		- api ᵀ
+		- beta ᵀ
+		- cdn ᵀ
+		- hbbtv ᵀ
+
+	ᵀ Blocks Tor users
+
+
+	These altnames do not exist:
+
+		- s3.katsomo.fi
+		- test.katsomo.fi
+
+-->
+<ruleset name="Katsomo.fi (partial)" platform="mixedcontent">
+
+	<target host="katsomo.fi" />
+	<!--target host="api.katsomo.fi" />	needs clearnet testing -->
+	<!--target host="beta.katsomo.fi" />	needs clearnet testing -->
+	<!--target host="cdn.katsomo.fi" />	needs clearnet testing -->
+	<!--target host="hbbtv.katsomo.fi" />	needs clearnet testing -->
+	<target host="static.katsomo.fi" />
+	<!--target host="www.katsomo.fi" />	needs clearnet testing -->
+
+		<test url="http://static.katsomo.fi/multimedia/vman/VMan-P651/VMan-P651923_246x138.jpg" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/kavkaz-uzel.eu.xml b/src/chrome/content/rules/kavkaz-uzel.eu.xml
new file mode 100644
index 000000000000..d5113e7ca12f
--- /dev/null
+++ b/src/chrome/content/rules/kavkaz-uzel.eu.xml
@@ -0,0 +1,19 @@
+<!--
+Related: kavkaz-uzel.ru.xml
+
+eng.kavkaz-uzel.eu ¹
+www.eng.kavkaz-uzel.eu ¹
+www.m.kavkaz-uzel.eu ¹
+
+
+¹ mismatch
+-->
+<ruleset name="kavkaz-uzel.eu">
+	<target host="kavkaz-uzel.eu" />
+	<target host="www.kavkaz-uzel.eu" />
+	<target host="advokat.kavkaz-uzel.eu" />
+	<target host="amp.kavkaz-uzel.eu" />
+	<target host="m.kavkaz-uzel.eu" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/kavkaz-uzel.ru.xml b/src/chrome/content/rules/kavkaz-uzel.ru.xml
new file mode 100644
index 000000000000..7c9d2ae57070
--- /dev/null
+++ b/src/chrome/content/rules/kavkaz-uzel.ru.xml
@@ -0,0 +1,108 @@
+<!--
+Related: kavkaz-uzel.eu.xml
+
+www.252fwww.kavkaz-uzel.ru ¹
+www.adygeia.kavkaz-uzel.ru ¹
+eng.dagestan.kavkaz-uzel.ru ¹
+ww.dagestan.kavkaz-uzel.ru ¹
+www.dev.kavkaz-uzel.ru ¹
+www.ekg.kavkaz-uzel.ru ¹
+eng.kavkaz-uzel.ru ¹
+www.eng.kavkaz-uzel.ru ¹
+astrahan.eng.kavkaz-uzel.ru ¹
+dagestan.eng.kavkaz-uzel.ru ¹
+kalmykia.eng.kavkaz-uzel.ru ¹
+karabah.eng.kavkaz-uzel.ru ¹
+karachaevo.eng.kavkaz-uzel.ru ¹
+northosetia.eng.kavkaz-uzel.ru ¹
+southosetia.eng.kavkaz-uzel.ru ¹
+ww.eng.kavkaz-uzel.ru ¹
+www.g.kavkaz-uzel.ru ¹
+www.georgia.kavkaz-uzel.ru ¹
+www.gestan.kavkaz-uzel.ru ¹
+www.karabakh.kavkaz-uzel.ru ¹
+www.m.kavkaz-uzel.ru ¹
+adygeia.m.kavkaz-uzel.ru ¹
+astrakhan.m.kavkaz-uzel.ru ¹
+www.dagestan.m.kavkaz-uzel.ru ¹
+ingushetia.m.kavkaz-uzel.ru ¹
+kabardino-balkaria.m.kavkaz-uzel.ru ¹
+karabakh.m.kavkaz-uzel.ru ¹
+karachaevo-cherkesia.m.kavkaz-uzel.ru ¹
+north-osetia.m.kavkaz-uzel.ru ¹
+stavropol.m.kavkaz-uzel.ru ¹
+adjaria.test.m.kavkaz-uzel.ru ¹
+test.kavkaz-uzel.ru ⁵
+www.test.kavkaz-uzel.ru ⁵
+www.advokat.test.kavkaz-uzel.ru ⁵
+astrakhan.test.kavkaz-uzel.ru ⁵
+azerbaijan.test.kavkaz-uzel.ru ⁵
+dagestan.test.kavkaz-uzel.ru ⁵
+dev.test.kavkaz-uzel.ru ⁵
+www.dev.test.kavkaz-uzel.ru ⁵
+georgia.test.kavkaz-uzel.ru ⁵
+m.test.kavkaz-uzel.ru ⁵
+mobile.test.kavkaz-uzel.ru ⁵
+www.mobile.test.kavkaz-uzel.ru ⁵
+north-caucasus.test.kavkaz-uzel.ru ⁵
+mobile.north-caucasus.test.kavkaz-uzel.ru ⁵
+piwik.test.kavkaz-uzel.ru ⁵
+stavropol.test.kavkaz-uzel.ru ⁵
+www.ww1.kavkaz-uzel.ru ¹
+
+
+¹ mismatch
+⁵ expired
+-->
+<ruleset name="kavkaz-uzel.ru">
+	<target host="kavkaz-uzel.ru" />
+	<target host="www.kavkaz-uzel.ru" />
+	<target host="22dagestan.kavkaz-uzel.ru" />
+	<target host="43.kavkaz-uzel.ru" />
+	<target host="46.kavkaz-uzel.ru" />
+	<target host="47.kavkaz-uzel.ru" />
+	<target host="56.kavkaz-uzel.ru" />
+	<target host="58.kavkaz-uzel.ru" />
+	<target host="61.kavkaz-uzel.ru" />
+	<target host="abkhasia.kavkaz-uzel.ru" />
+	<target host="adjaria.kavkaz-uzel.ru" />
+	<target host="advokat.kavkaz-uzel.ru" />
+	<target host="adygeia.kavkaz-uzel.ru" />
+	<target host="armenia.kavkaz-uzel.ru" />
+	<target host="astrakhan.kavkaz-uzel.ru" />
+	<target host="azerbaijan.kavkaz-uzel.ru" />
+	<target host="chechnya.kavkaz-uzel.ru" />
+	<target host="dagestan.kavkaz-uzel.ru" />
+	<target host="erkesia.kavkaz-uzel.ru" />
+	<target host="esouth-osetia.kavkaz-uzel.ru" />
+	<target host="georgia.kavkaz-uzel.ru" />
+	<target host="https.kavkaz-uzel.ru" />
+	<target host="ingushetia.kavkaz-uzel.ru" />
+	<target host="ingushetiya.kavkaz-uzel.ru" />
+	<target host="kabardino-balkaria.kavkaz-uzel.ru" />
+	<target host="kabardino-balria.kavkaz-uzel.ru" />
+	<target host="karabakh.kavkaz-uzel.ru" />
+	<target host="karachaevo-cherkesia.kavkaz-uzel.ru" />
+	<target host="krasnodar.kavkaz-uzel.ru" />
+	<target host="m.kavkaz-uzel.ru" />
+	<target host="north-osetia.kavkaz-uzel.ru" />
+	<target host="northdistrict.kavkaz-uzel.ru" />
+	<target host="osetia.kavkaz-uzel.ru" />
+	<target host="ov.kavkaz-uzel.ru" />
+	<target host="photo1.kavkaz-uzel.ru" />
+	<target host="photo2.kavkaz-uzel.ru" />
+	<target host="photo3.kavkaz-uzel.ru" />
+	<target host="rostov.kavkaz-uzel.ru" />
+	<target host="russia.kavkaz-uzel.ru" />
+	<target host="south-caucasus.kavkaz-uzel.ru" />
+	<target host="south-osetia.kavkaz-uzel.ru" />
+	<target host="southdistrict.kavkaz-uzel.ru" />
+	<target host="static.kavkaz-uzel.ru" />
+	<target host="stavporol.kavkaz-uzel.ru" />
+	<target host="stavropol.kavkaz-uzel.ru" />
+	<target host="volgograd.kavkaz-uzel.ru" />
+	<target host="ww.kavkaz-uzel.ru" />
+	<target host="zerbaijan.kavkaz-uzel.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/kazanfirst.ru.xml b/src/chrome/content/rules/kazanfirst.ru.xml
new file mode 100644
index 000000000000..72bd5bed9306
--- /dev/null
+++ b/src/chrome/content/rules/kazanfirst.ru.xml
@@ -0,0 +1,8 @@
+<ruleset name="kazanfirst.ru">
+	<target host="kazanfirst.ru" />
+	<target host="www.kazanfirst.ru" />
+	<target host="sport.kazanfirst.ru" />
+	<target host="auto.kazanfirst.ru" />
+	<target host="avto.kazanfirst.ru" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/kazgorset.ru.xml b/src/chrome/content/rules/kazgorset.ru.xml
new file mode 100644
index 000000000000..f89ea720de69
--- /dev/null
+++ b/src/chrome/content/rules/kazgorset.ru.xml
@@ -0,0 +1,19 @@
+<!--
+kazgorset.ru mismatch
+www.kazgorset.ru mismatch
+forum.kazgorset.ru mismatch
+linkme.kazgorset.ru timed out
+passport.kazgorset.ru timed out
+rapid.kazgorset.ru timed out
+vkomandu.kazgorset.ru timed out
+wsus.kazgorset.ru timed out
+sm.kazgorset.ru mismatch
+promo.kazgorset.ru mismatch
+maps.kazgorset.ru timed out
+cams.kazgorset.ru timed out
+-->
+<ruleset name="kazgorset.ru (partial)">
+	<target host="my.kazgorset.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/kazned.ru.xml b/src/chrome/content/rules/kazned.ru.xml
new file mode 100644
index 000000000000..769464eb9d75
--- /dev/null
+++ b/src/chrome/content/rules/kazned.ru.xml
@@ -0,0 +1,6 @@
+<!-- test. mismatch -->
+<ruleset name="kazned.ru">
+	<target host="kazned.ru" />
+	<target host="www.kazned.ru" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/kbpravda.ru.xml b/src/chrome/content/rules/kbpravda.ru.xml
new file mode 100644
index 000000000000..c43da95bcc09
--- /dev/null
+++ b/src/chrome/content/rules/kbpravda.ru.xml
@@ -0,0 +1,5 @@
+<ruleset name="kbpravda.ru">
+	<target host="kbpravda.ru" />
+	<target host="www.kbpravda.ru" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/kcrw.com-resources.xml b/src/chrome/content/rules/kcrw.com-resources.xml
new file mode 100644
index 000000000000..1b5560405a34
--- /dev/null
+++ b/src/chrome/content/rules/kcrw.com-resources.xml
@@ -0,0 +1,71 @@
+<!--
+	For rules covering more than resources, see kcrw.com.xml.
+
+	Note: platform is so as not to increase non-Tor
+	distinguishability, given that no pages are covered
+	and no mixed content secured.
+
+-->
+<ruleset name="KCRW.com (resources)" platform="mixedcontent">
+
+	<target host="capitalcampaign.kcrw.com" />
+	<target host="events.kcrw.com" />
+	<target host="test-events.kcrw.com" />
+
+		<exclusion pattern="^http://(?:capitalcampaign|events|test-events)\.kcrw\.com/(?!/*wp-(?:content|includes)/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://capitalcampaign.kcrw.com/building/" />
+			<test url="http://events.kcrw.com/xmlrpc.php" />
+			<test url="http://events.kcrw.com/comments/feed/" />
+			<test url="http://events.kcrw.com/events/feed/" />
+			<test url="http://events.kcrw.com/events/priced-out-santa-barbaras-housing-crisis/" />
+			<test url="http://events.kcrw.com/feed/" />
+
+			<!--	-ve:
+					-->
+			<test url="http://capitalcampaign.kcrw.com/wp-content/plugins/vegas-fullscreen-background-slider/css/jquery.vegas.css" />
+			<test url="http://events.kcrw.com/wp-content/plugins/addthis/css/output.css" />
+			<test url="http://test-events.kcrw.com/wp-content/themes/clean-theme/assets/img/kcrw-events-logo.svg" />
+
+		<!--	Avoid potential XHR problems:
+							-->
+		<exclusion pattern="^http://(?:capitalcampaign|events|test-events)\.kcrw\.com/.+\.js(?:$|\?)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://capitalcampaign.kcrw.com/wp-content/plugins/vegas-fullscreen-background-slider/js/jquery.vegas.js" />
+			<test url="http://capitalcampaign.kcrw.com/wp-content/plugins/wens-responsive-column-layout-shortcodes/js/custom.js" />
+			<test url="http://capitalcampaign.kcrw.com/wp-content/themes/kcrw-cap-cam/js/global.js" />
+			<test url="http://capitalcampaign.kcrw.com/wp-content/themes/kcrw-cap-cam/js/navigation.js" />
+			<test url="http://capitalcampaign.kcrw.com/wp-content/themes/kcrw-cap-cam/js/skip-link-focus-fix.js" />
+			<test url="http://capitalcampaign.kcrw.com/wp-includes/js/comment-reply.min.js" />
+			<test url="http://capitalcampaign.kcrw.com/wp-includes/js/jquery/jquery-migrate.min.js" />
+			<test url="http://capitalcampaign.kcrw.com/wp-includes/js/jquery/jquery.js" />
+			<test url="http://events.kcrw.com/wp-content/plugins/events-calendar-pro/src/resources/js/tribe-events-ajax-maps.js" />
+			<!--
+			<test url="http://events.kcrw.com/wp-content/plugins/events-calendar-pro/src/resources/js/tribe-events-photo-view.js" />
+			<test url="http://events.kcrw.com/wp-content/plugins/events-calendar-pro/src/resources/js/tribe-events-pro.js" />
+			<test url="http://events.kcrw.com/wp-content/plugins/events-calendar-pro/src/resources/js/widget-this-week.min.js" />
+			<test url="http://events.kcrw.com/wp-content/plugins/events-calendar-pro/vendor/isotope/jquery.isotope.js" />
+			<test url="http://events.kcrw.com/wp-content/plugins/the-events-calendar/src/resources/js/tribe-events-bar.js" />
+			<test url="http://events.kcrw.com/wp-content/plugins/the-events-calendar/src/resources/js/tribe-events.js" />
+			<test url="http://events.kcrw.com/wp-content/plugins/the-events-calendar/vendor/bootstrap-datepicker/js/bootstrap-datepicker.min.js" />
+			<test url="http://events.kcrw.com/wp-content/plugins/the-events-calendar/vendor/jquery-placeholder/jquery.placeholder.js" />
+			<test url="http://events.kcrw.com/wp-content/plugins/the-events-calendar/vendor/jquery-resize/jquery.ba-resize.js" />
+			<test url="http://events.kcrw.com/wp-content/themes/clean-theme/assets/clamp.min.js" />
+			<test url="http://events.kcrw.com/wp-content/themes/clean-theme/assets/script.js" />
+			<test url="http://events.kcrw.com/wp-content/themes/clean-theme/assets/slick.min.js" />
+			<test url="http://events.kcrw.com/wp-includes/js/jquery/jquery.js" />
+			<test url="http://events.kcrw.com/wp-includes/js/wp-embed.min.js" />
+			-->
+
+
+	<securecookie host="^\." name="^_ga" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/kcrw.com.xml b/src/chrome/content/rules/kcrw.com.xml
new file mode 100644
index 000000000000..4da73338dd78
--- /dev/null
+++ b/src/chrome/content/rules/kcrw.com.xml
@@ -0,0 +1,126 @@
+<!--
+	For rules covering resources which do not secure
+	mixed content, see kcrw.com-resources.xml.
+
+
+	Nonfunctional hosts in *kcrw.com:
+
+		- malcolm ᵈ
+
+	ᵈ Dropped
+
+
+	Problematic hosts in *kcrw.com:
+
+		- blogs ʰ
+
+	ʰ Redirects to http, partially preemptable redirect
+
+-->
+<ruleset name="KCRW.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="kcrw.com" />
+	<!--target host="capitalcampaign.kcrw.com" /-->
+	<!--target host="events.kcrw.com" /-->
+	<target host="store.kcrw.com" />
+	<!--target host="test-events.kcrw.com" /-->
+	<target host="www.kcrw.com" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://capitalcampaign\.kcrw\.com/(?:$|building/$)" /-->
+		<!--exclusion pattern="^http://(?:test-)?events\.kcrw\.com/(?:comments/feed/$|events/(?:$|[^/]+/$|feed/$))" /-->
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="^http://(?:capitalcampaign|events|test-events)\.kcrw\.com/(?!/*wp-(?:content|includes)/)" /-->
+
+			<!--	+ve:
+					-->
+			<!--
+			<test url="http://capitalcampaign.kcrw.com/building/" />
+
+			<test url="http://events.kcrw.com/xmlrpc.php" />
+			<test url="http://events.kcrw.com/comments/feed/" />
+			<test url="http://events.kcrw.com/events/feed/" />
+			<test url="http://events.kcrw.com/events/priced-out-santa-barbaras-housing-crisis/" />
+			<test url="http://events.kcrw.com/feed/" />
+			-->
+
+			<!--	-ve:
+					-->
+			<!--
+			<test url="http://capitalcampaign.kcrw.com/wp-content/plugins/vegas-fullscreen-background-slider/css/jquery.vegas.css" />
+			<test url="http://events.kcrw.com/wp-content/plugins/addthis/css/output.css" />
+			<test url="http://test-events.kcrw.com/wp-content/themes/clean-theme/assets/img/kcrw-events-logo.svg" />
+			-->
+
+		<!--	Avoid potential XHR problems:
+							-->
+		<!--exclusion pattern="^http://(?:capitalcampaign|events|test-events)\.kcrw\.com/.+\.js(?:$|\?)" /-->
+
+			<!--	+ve:
+					-->
+			<!--
+			<test url="http://capitalcampaign.kcrw.com/wp-content/plugins/vegas-fullscreen-background-slider/js/jquery.vegas.js" />
+			<test url="http://capitalcampaign.kcrw.com/wp-content/plugins/wens-responsive-column-layout-shortcodes/js/custom.js" />
+			<test url="http://capitalcampaign.kcrw.com/wp-content/themes/kcrw-cap-cam/js/global.js" />
+			<test url="http://capitalcampaign.kcrw.com/wp-content/themes/kcrw-cap-cam/js/navigation.js" />
+			<test url="http://capitalcampaign.kcrw.com/wp-content/themes/kcrw-cap-cam/js/skip-link-focus-fix.js" />
+			<test url="http://capitalcampaign.kcrw.com/wp-includes/js/comment-reply.min.js" />
+			<test url="http://capitalcampaign.kcrw.com/wp-includes/js/jquery/jquery-migrate.min.js" />
+			<test url="http://capitalcampaign.kcrw.com/wp-includes/js/jquery/jquery.js" />
+
+			<test url="http://events.kcrw.com/wp-content/plugins/events-calendar-pro/src/resources/js/tribe-events-ajax-maps.js" />
+			<test url="http://events.kcrw.com/wp-content/plugins/events-calendar-pro/src/resources/js/tribe-events-photo-view.js" />
+			<test url="http://events.kcrw.com/wp-content/plugins/events-calendar-pro/src/resources/js/tribe-events-pro.js" />
+			<test url="http://events.kcrw.com/wp-content/plugins/events-calendar-pro/src/resources/js/widget-this-week.min.js" />
+			<test url="http://events.kcrw.com/wp-content/plugins/events-calendar-pro/vendor/isotope/jquery.isotope.js" />
+			<test url="http://events.kcrw.com/wp-content/plugins/the-events-calendar/src/resources/js/tribe-events-bar.js" />
+			<test url="http://events.kcrw.com/wp-content/plugins/the-events-calendar/src/resources/js/tribe-events.js" />
+			<test url="http://events.kcrw.com/wp-content/plugins/the-events-calendar/vendor/bootstrap-datepicker/js/bootstrap-datepicker.min.js" />
+			<test url="http://events.kcrw.com/wp-content/plugins/the-events-calendar/vendor/jquery-placeholder/jquery.placeholder.js" />
+			<test url="http://events.kcrw.com/wp-content/plugins/the-events-calendar/vendor/jquery-resize/jquery.ba-resize.js" />
+			<test url="http://events.kcrw.com/wp-content/themes/clean-theme/assets/clamp.min.js" />
+			<test url="http://events.kcrw.com/wp-content/themes/clean-theme/assets/script.js" />
+			<test url="http://events.kcrw.com/wp-content/themes/clean-theme/assets/slick.min.js" />
+			<test url="http://events.kcrw.com/wp-includes/js/jquery/jquery.js" />
+			<test url="http://events.kcrw.com/wp-includes/js/wp-embed.min.js" />
+			-->
+
+	<!--	Complications:
+				-->
+	<target host="blogs.kcrw.com" />
+
+		<!--	Does not redirect:
+						-->
+		<exclusion pattern="^http://blogs\.kcrw\.com/(?!/*(?:$|\?))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://blogs.kcrw.com/ipp/" />
+			<test url="http://blogs.kcrw.com/pressroom/" />
+			<test url="http://blogs.kcrw.com/dna/" />
+			<test url="http://blogs.kcrw.com/members/" />
+			<test url="http://blogs.kcrw.com/goodfood/" />
+			<test url="http://blogs.kcrw.com/musicnews/" />
+
+
+	<securecookie host="^\." name="^_ga" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<!--	Redirect keeps args but
+		not forward slash:
+				-->
+	<rule from="^http://blogs\.kcrw\.com/+"
+		to="https://www.kcrw.com/blogs" />
+
+		<test url="http://blogs.kcrw.com/?" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/keenetic.net.xml b/src/chrome/content/rules/keenetic.net.xml
new file mode 100644
index 000000000000..9b85d7d48192
--- /dev/null
+++ b/src/chrome/content/rules/keenetic.net.xml
@@ -0,0 +1,15 @@
+<!--
+my.keenetic.net ³
+
+
+³ timed out
+-->
+<ruleset name="keenetic.net">
+	<target host="keenetic.net" />
+	<target host="www.keenetic.net" />
+	<target host="forum.keenetic.net" />
+	<target host="help.keenetic.net" />
+	<target host="intra.portal.keenetic.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/keep4u.ru.xml b/src/chrome/content/rules/keep4u.ru.xml
new file mode 100644
index 000000000000..f240681f1b75
--- /dev/null
+++ b/src/chrome/content/rules/keep4u.ru.xml
@@ -0,0 +1,6 @@
+<ruleset name="keep4u.ru">
+	<target host="keep4u.ru" />
+	<target host="www.keep4u.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/keepkey.com.xml b/src/chrome/content/rules/keepkey.com.xml
new file mode 100644
index 000000000000..23c41ee6388a
--- /dev/null
+++ b/src/chrome/content/rules/keepkey.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="keepkey.com">
+	<target host="keepkey.com" />
+	<target host="www.keepkey.com" />
+	<target host="shop.keepkey.com" />
+	<target host="support.keepkey.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/kek.gg.xml b/src/chrome/content/rules/kek.gg.xml
new file mode 100644
index 000000000000..17500cd694fa
--- /dev/null
+++ b/src/chrome/content/rules/kek.gg.xml
@@ -0,0 +1,9 @@
+<ruleset name="kek.gg">
+	<target host="kek.gg" />
+	<target host="www.kek.gg" />
+	<target host="i.kek.gg" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/kennedy-center.org.xml b/src/chrome/content/rules/kennedy-center.org.xml
new file mode 100644
index 000000000000..a92e0e80896b
--- /dev/null
+++ b/src/chrome/content/rules/kennedy-center.org.xml
@@ -0,0 +1,84 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://applications.kennedy-center.org/ => https://applications.kennedy-center.org/: (7, 'Failed to connect to applications.kennedy-center.org port 443: No route to host')
+Fetch error: http://artsedge.kennedy-center.org/ => https://artsedge.kennedy-center.org/: (28, 'Operation timed out after 29017 milliseconds with 35706 out of 37241 bytes received')
+Fetch error: http://blogs.kennedy-center.org/ => https://blogs.kennedy-center.org/: (6, 'Could not resolve host: blogs.kennedy-center.org')
+Fetch error: http://social.kennedy-center.org/ => https://social.kennedy-center.org/: (51, "SSL: no alternative certificate subject name matches target host name 'social.kennedy-center.org'")
+Fetch error: http://www.artsedge.kennedy-center.org/ => https://artsedge.kennedy-center.org/: (28, 'Operation timed out after 29018 milliseconds with 35706 out of 37241 bytes received')
+
+	Nonfunctional hosts in *kennedy-center.org:
+
+		- education ʳ
+
+	ʳ Refused
+
+
+	Problematic hosts in *kennedy-center.org:
+
+		- www.artsedge ᵇ
+		- web ᵐ
+
+	ᵇ Shows default page
+	ᵐ Mismatched
+
+
+	These altnames do not exist:
+
+		- www.blogs.kennedy-center.org
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .kennedy-center.org
+		- applications.kennedy-center.org
+		- artsedge.kennedy-center.org
+		- blogs.kennedy-center.org
+		- social.kennedy-center.org
+		- www.kennedy-center.org
+
+
+	Mixed content:
+
+		- css on apply.submit, social, www from fonts.googleapis.com ˢ
+		- Images on m, social, www from www.kennedy-center.org ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="Kennedy-Center.org (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="kennedy-center.org" />
+	<target host="applications.kennedy-center.org" />
+	<target host="artsedge.kennedy-center.org" />
+	<target host="blogs.kennedy-center.org" />
+	<target host="m.kennedy-center.org" />
+	<target host="social.kennedy-center.org" />
+	<target host="apply.submit.kennedy-center.org" />
+	<target host="www.kennedy-center.org" />
+
+	<!--	Complications:
+				-->
+	<target host="www.artsedge.kennedy-center.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.kennedy-center\.org$" name="^(?:FULLSITE|WLSJSESSIONID)$" /-->
+	<!--securecookie host="^(?:application|blog)s\.kennedy-center\.org$" name="^MossF2FarmExt-cookie$" /-->
+	<!--securecookie host="^artsedge\.kennedy-center\.org$" name="^(?:ASP\.NET_SessionId|ArtsEdge-Cookie)$" /-->
+	<!--securecookie host="^(?:social|www)\.kennedy-center\.org$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^\." name="^_gat?$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://www\.artsedge\.kennedy-center\.org/"
+		to="https://artsedge.kennedy-center.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/kernsec.org.xml b/src/chrome/content/rules/kernsec.org.xml
new file mode 100644
index 000000000000..b5b138f9f632
--- /dev/null
+++ b/src/chrome/content/rules/kernsec.org.xml
@@ -0,0 +1,11 @@
+<!--
+	Invalid certificate:
+        www.kernsec.org
+-->
+<ruleset name="kernsec.org">
+  <target host="kernsec.org" />
+  <target host="www.kernsec.org" />
+	
+  <rule from="^http://www\.kernsec\.org/" to="https://kernsec.org/" />
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/keywee.co.xml b/src/chrome/content/rules/keywee.co.xml
new file mode 100644
index 000000000000..0e0eee731464
--- /dev/null
+++ b/src/chrome/content/rules/keywee.co.xml
@@ -0,0 +1,23 @@
+<!--
+
+	Nonfunctional domains:
+
+		- ^	(refused)
+
+	Problematic subdomains:
+
+		- blog	(invalid cert; mismatch)
+
+-->
+
+<ruleset name="keywee.co">
+
+	<target host="pixel.keywee.co" />
+	<target host="reports.keywee.co" />
+
+	<test url="http://pixel.keywee.co/i?e=" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/kf5.com.xml b/src/chrome/content/rules/kf5.com.xml
new file mode 100644
index 000000000000..dc5853a202bb
--- /dev/null
+++ b/src/chrome/content/rules/kf5.com.xml
@@ -0,0 +1,38 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://assetscdn.kf5.com/ => https://assetscdn.kf5.com/: (60, 'SSL certificate problem: certificate has expired')
+
+	kf5.com is an open site, so there are lots of *.kf5.com sites. Lucky, all of them support https.
+
+	Mismatch:
+		- agents
+		- d
+-->
+
+<ruleset name="kf5.com" default_off="failed ruleset test">
+
+	<target host="kf5.com" />
+
+	<target host="*.kf5.com" />
+
+	<exclusion pattern="^http://(agents|d)\.kf5\.com/" />
+
+		<test url="http://agents.kf5.com/" />
+		<test url="http://agents.kf5.com/document/" />
+		<test url="http://d.kf5.com/" />
+
+		<test url="http://asssets.kf5.com/" />
+		<test url="http://assetscdn.kf5.com/" />
+		<test url="http://blog.kf5.com/" />
+		<test url="http://developer.kf5.com/" />
+		<test url="http://qiniu.kf5.com/" />
+		<test url="http://support.kf5.com/" />
+		<test url="http://www.kf5.com/" />
+
+		<test url="http://xiaodong.kf5.com/" />
+		<test url="http://ubershenzhen.kf5.com/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/kfc.ru.xml b/src/chrome/content/rules/kfc.ru.xml
new file mode 100644
index 000000000000..762dbbb1225f
--- /dev/null
+++ b/src/chrome/content/rules/kfc.ru.xml
@@ -0,0 +1,41 @@
+<!--
+m.anketa.kfc.ru ¹
+cdn-app.kfc.ru ¹
+cdn-static.kfc.ru ¹
+coffee.kfc.ru ³
+www.energyfm.kfc.ru ¹
+fz2.kfc.ru ⁴
+gsd2.kfc.ru ⁴
+m.in.kfc.ru ¹
+jackpot.kfc.ru ²
+www.m.kfc.ru ¹
+mail.kfc.ru ³
+mania.kfc.ru ³
+rk.kfc.ru:4649 ³
+app-client.kfc.ru different content
+insta.kfc.ru different content
+
+
+¹ mismatch
+² refused
+³ timed out
+⁴ self signed
+-->
+<ruleset name="kfc.ru">
+	<target host="kfc.ru" />
+	<target host="www.kfc.ru" />
+	<target host="admin.kfc.ru" />
+	<target host="anketa.kfc.ru" />
+	<target host="app-api.kfc.ru" />
+	<target host="claims.kfc.ru" />
+	<target host="fishka.kfc.ru" />
+	<target host="fz.kfc.ru" />
+	<target host="gsd.kfc.ru" />
+	<target host="hr.kfc.ru" />
+	<target host="in.kfc.ru" />
+	<target host="m.kfc.ru" />
+	<target host="static.kfc.ru" />
+	<target host="test.kfc.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/khabarovskadm.ru.xml b/src/chrome/content/rules/khabarovskadm.ru.xml
new file mode 100644
index 000000000000..ff5e3270dcb5
--- /dev/null
+++ b/src/chrome/content/rules/khabarovskadm.ru.xml
@@ -0,0 +1,27 @@
+<!--
+eaist.khabarovskadm.ru ³
+pmp.khabarovskadm.ru ³
+
+
+³ timed out
+-->
+<ruleset name="khabarovskadm.ru">
+	<target host="khabarovskadm.ru" />
+	<target host="www.khabarovskadm.ru" />
+	<target host="archive.khabarovskadm.ru" />
+	<target host="dasiz.khabarovskadm.ru" />
+	<target host="dms.khabarovskadm.ru" />
+	<target host="duma.khabarovskadm.ru" />
+	<target host="edu.khabarovskadm.ru" />
+	<target host="geoportal.khabarovskadm.ru" />
+	<target host="health.khabarovskadm.ru" />
+	<target host="int.khabarovskadm.ru" />
+	<target host="ksp.khabarovskadm.ru" />
+	<target host="mail.khabarovskadm.ru" />
+	<target host="nko.khabarovskadm.ru" />
+	<target host="owa.khabarovskadm.ru" />
+	<target host="services.khabarovskadm.ru" />
+	<target host="youth.khabarovskadm.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/khabkrai.ru.xml b/src/chrome/content/rules/khabkrai.ru.xml
new file mode 100644
index 000000000000..737f38b4f905
--- /dev/null
+++ b/src/chrome/content/rules/khabkrai.ru.xml
@@ -0,0 +1,91 @@
+<!--
+www.chs.khabkrai.ru ³
+cmo.khabkrai.ru ¹
+dvforum.khabkrai.ru ³
+old.gov.khabkrai.ru ¹
+investmap.khabkrai.ru ¹
+medreg.khabkrai.ru ³
+www.medreg.khabkrai.ru ³
+www.minecon.khabkrai.ru ¹
+minzdrav.khabkrai.ru ¹
+www.mplr.khabkrai.ru ¹
+www.msb.khabkrai.ru ¹
+banner.msb.khabkrai.ru ¹
+www.msh.khabkrai.ru ¹
+www.old.khabkrai.ru ¹
+www.opeka.khabkrai.ru ¹
+www.rayonosipenkoadm.khabkrai.ru ¹
+archive.khabkrai.ru mixed content
+old.khabkrai.ru mixed content
+
+
+¹ mismatch
+³ timed out
+-->
+<ruleset name="khabkrai.ru">
+	<target host="khabkrai.ru" />
+	<target host="www.khabkrai.ru" />
+	<target host="bdd.khabkrai.ru" />
+	<target host="bikinadm.khabkrai.ru" />
+	<target host="cit.khabkrai.ru" />
+	<target host="elbanadm.khabkrai.ru" />
+	<target host="forum.khabkrai.ru" />
+	<target host="forum2015.khabkrai.ru" />
+	<target host="gchp.khabkrai.ru" />
+	<target host="gku.khabkrai.ru" />
+	<target host="gov.khabkrai.ru" />
+	<target host="grz.khabkrai.ru" />
+	<target host="gz.khabkrai.ru" />
+	<target host="gzk.khabkrai.ru" />
+	<target host="invest.khabkrai.ru" />
+	<target host="kmp.khabkrai.ru" />
+	<target host="komza.khabkrai.ru" />
+	<target host="kr.khabkrai.ru" />
+	<target host="lazoadm.khabkrai.ru" />
+	<target host="les.khabkrai.ru" />
+	<target host="minec.khabkrai.ru" />
+	<target host="minecon.khabkrai.ru" />
+	<target host="minfin.khabkrai.ru" />
+	<target host="minfinans.khabkrai.ru" />
+	<target host="minkult.khabkrai.ru" />
+	<target host="minmms.khabkrai.ru" />
+	<target host="minpr.khabkrai.ru" />
+	<target host="minpt.khabkrai.ru" />
+	<target host="minsh.khabkrai.ru" />
+	<target host="minsport.khabkrai.ru" />
+	<target host="minster.khabkrai.ru" />
+	<target host="minstr.khabkrai.ru" />
+	<target host="minyust.khabkrai.ru" />
+	<target host="mits.khabkrai.ru" />
+	<target host="mizip.khabkrai.ru" />
+	<target host="mp.khabkrai.ru" />
+	<target host="mpr.khabkrai.ru" />
+	<target host="msb.khabkrai.ru" />
+	<target host="msh.khabkrai.ru" />
+	<target host="nanraionadm.khabkrai.ru" />
+	<target host="nasledie.khabkrai.ru" />
+	<target host="newinvest.khabkrai.ru" />
+	<target host="ogs.khabkrai.ru" />
+	<target host="opeka.khabkrai.ru" />
+	<target host="ovr.khabkrai.ru" />
+	<target host="pmk.khabkrai.ru" />
+	<target host="potreb.khabkrai.ru" />
+	<target host="predstav.khabkrai.ru" />
+	<target host="raion-kms.khabkrai.ru" />
+	<target host="raionkhbadm.khabkrai.ru" />
+	<target host="raionosipenkoadm.khabkrai.ru" />
+	<target host="remesla.khabkrai.ru" />
+	<target host="solnechniyadm.khabkrai.ru" />
+	<target host="sport.khabkrai.ru" />
+	<target host="sud.khabkrai.ru" />
+	<target host="tek.khabkrai.ru" />
+	<target host="test.khabkrai.ru" />
+	<target host="ulchiadm.khabkrai.ru" />
+	<target host="urgk.khabkrai.ru" />
+	<target host="vbradm.khabkrai.ru" />
+	<target host="vet.khabkrai.ru" />
+	<target host="youthgov.khabkrai.ru" />
+	<target host="zags.khabkrai.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/khashaev.ru.xml b/src/chrome/content/rules/khashaev.ru.xml
new file mode 100644
index 000000000000..cd1039c7dc20
--- /dev/null
+++ b/src/chrome/content/rules/khashaev.ru.xml
@@ -0,0 +1,13 @@
+<ruleset name="Khashaev.ru">
+
+	<target host="khashaev.ru" />
+	<target host="www.khashaev.ru" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/khl.ru.xml b/src/chrome/content/rules/khl.ru.xml
new file mode 100644
index 000000000000..86a88e4908f1
--- /dev/null
+++ b/src/chrome/content/rules/khl.ru.xml
@@ -0,0 +1,58 @@
+<!--
+	Nonfunctional hosts in *khl.ru:
+
+		- med ᵈ
+
+	ᵈ Dropped
+
+
+	Problematic hosts in *khl.ru:
+
+		- tv ᵈ
+
+	ᵈ Dropped, preemptable redirect
+
+
+	Insecure cookies are set for these hosts:
+
+		- video.khl.ru
+
+
+	Mixed content:
+
+		- Bug on video, www from b.scorecardresearch.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="KHL.ru (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="khl.ru" />
+	<target host="video.khl.ru" />
+	<target host="www.khl.ru" />
+
+	<!--	Complications:
+				-->
+	<target host="tv.khl.ru" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^video\.khl\.ru$" name="^_webcaster_new_session$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<!--	Redirect all:
+				-->
+	<rule from="^http://tv\.khl\.ru/.*"
+		to="https://www.khl.ru/tv/" />
+
+		<test url="http://tv.khl.ru/index.htm" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/khotkovo.ru.xml b/src/chrome/content/rules/khotkovo.ru.xml
new file mode 100644
index 000000000000..660a3ba50b6a
--- /dev/null
+++ b/src/chrome/content/rules/khotkovo.ru.xml
@@ -0,0 +1,22 @@
+<!--
+khotkovo.ru mismatch
+www.khotkovo.ru mismatch
+adm.khotkovo.ru mismatch
+forum.khotkovo.ru mismatch
+moidom.khotkovo.ru mismatch
+gilservis.khotkovo.ru mismatch
+www.adm.khotkovo.ru mismatch
+khotkovo.net mismatch
+www.khotkovo.net mismatch
+forum.khotkovo.net mismatch
+dc.khotkovo.net mismatch
+info.khotkovo.net mismatch
+inet.speed.khotkovo.net timed out
+-->
+<ruleset name="khotkovo.ru (partial)">
+	<target host="info.khotkovo.ru" />
+	<target host="speed.khotkovo.net" />
+	<target host="local.speed.khotkovo.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/kids.org.uk.xml b/src/chrome/content/rules/kids.org.uk.xml
new file mode 100644
index 000000000000..7e89caa62082
--- /dev/null
+++ b/src/chrome/content/rules/kids.org.uk.xml
@@ -0,0 +1,32 @@
+<!--
+	Nonfunctional hosts in *kids.org.uk:
+
+		- elearning ²
+
+	² 200 "Incorrect access detected"
+
+
+	^kids.org.uk does not exist.
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.kids.org.uk
+
+-->
+<ruleset name="Kids.org.uk (partial)">
+
+	<target host="www.kids.org.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.kids\.org\.uk$" name="^AWSELB$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/kids.taipei.xml b/src/chrome/content/rules/kids.taipei.xml
new file mode 100644
index 000000000000..8adb5cedb942
--- /dev/null
+++ b/src/chrome/content/rules/kids.taipei.xml
@@ -0,0 +1,6 @@
+<ruleset name="kids.taipei">
+	<target host="kids.taipei" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/kik.com.xml b/src/chrome/content/rules/kik.com.xml
new file mode 100644
index 000000000000..8e075d28327c
--- /dev/null
+++ b/src/chrome/content/rules/kik.com.xml
@@ -0,0 +1,70 @@
+<!--
+	For rules causing false/broken MCB, see kik.com-falsemixed.xml.
+
+
+	Problematic hosts in *kik.com:
+
+		- ^ ʳ
+		- blog ˣ
+		- code ᵐ
+		- help ᵐ
+		- reddit ᵐ
+		- testdrive ᵐ
+		- videos ᵐ
+
+	ᵐ Mismatched
+	ʳ Refused, preemptable redirect
+	ˣ Mixed css
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- blog.kik.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css on blog from $self ˢ
+		- Images on blog from $self ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Kik.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<!--target host="blog.kik.com" /-->
+	<target host="bots.kik.com" />
+	<target host="dev.kik.com" />
+	<target host="home.kik.com" />
+	<target host="www.kik.com" />
+
+	<!--	Complications:
+				-->
+	<target host="kik.com" />
+	<target host="help.kik.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^blog\.kik\.com$" name="^wfvt_\d+$" /-->
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://kik\.com/"
+		to="https://www.kik.com/" />
+
+	<rule from="^http://help\.kik\.com/"
+		to="https://kikinteractive.zendesk.com/" />
+
+		<test url="http://help.kik.com/entries/104602766" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/kikisso.com.xml b/src/chrome/content/rules/kikisso.com.xml
new file mode 100644
index 000000000000..f6a686175603
--- /dev/null
+++ b/src/chrome/content/rules/kikisso.com.xml
@@ -0,0 +1,39 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://static1.kikisso.com/images/main/flag-2.png => https://static1.kikisso.com/images/main/flag-2.png: (6, 'Could not resolve host: static1.kikisso.com')
+Fetch error: http://kikisso.com/ => https://kikisso.com/: (6, 'Could not resolve host: kikisso.com')
+Fetch error: http://m.kikisso.com/ => https://m.kikisso.com/: (6, 'Could not resolve host: m.kikisso.com')
+Fetch error: http://static1.kikisso.com/ => https://static1.kikisso.com/: (6, 'Could not resolve host: static1.kikisso.com')
+Fetch error: http://static2.kikisso.com/ => https://static2.kikisso.com/: (6, 'Could not resolve host: static2.kikisso.com')
+Fetch error: http://www.kikisso.com/ => https://www.kikisso.com/: (6, 'Could not resolve host: www.kikisso.com')
+
+	Insecure cookies are set for these domains: ᶜ
+
+		- .kikisso.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Kikisso.com" default_off="failed ruleset test">
+
+	<target host="kikisso.com" />
+	<target host="m.kikisso.com" />
+	<target host="static1.kikisso.com" />
+	<target host="static2.kikisso.com" />
+	<target host="www.kikisso.com" />
+
+		<test url="http://static1.kikisso.com/images/main/flag-2.png" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.kikisso\.com$" name="^sid?$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/kinimatorama.net.xml b/src/chrome/content/rules/kinimatorama.net.xml
new file mode 100644
index 000000000000..923cd89217b1
--- /dev/null
+++ b/src/chrome/content/rules/kinimatorama.net.xml
@@ -0,0 +1,13 @@
+<ruleset name="kinimatorama.net">
+
+	<target host="kinimatorama.net" />
+	<target host="www.kinimatorama.net" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/kink.com.xml b/src/chrome/content/rules/kink.com.xml
new file mode 100644
index 000000000000..b6c65c0bdf2a
--- /dev/null
+++ b/src/chrome/content/rules/kink.com.xml
@@ -0,0 +1,47 @@
+<!--
+	Nonfunctional hosts in *kink.com:
+
+		- press ʰ
+		- store ʰ
+
+	ʰ WP Engine / redirects to http
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.kink.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Ads on www from www.flirt4free.com ʳ
+
+	ʳ Unsecurable <= connection refused
+
+-->
+<ruleset name="Kink.com (partial)">
+
+	<target host="kink.com" />
+	<target host="cdnp.kink.com" />
+	<target host="content.kink.com" />
+	<target host="www.kink.com" />
+
+		<test url="http://cdnp.kink.com/assets/sitelogos/logo.png" />
+		<test url="http://content.kink.com/imagedb/40125/i/h/410/10.jpg" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.kink\.com$" name="^(?:kink-ltc|kinky\.sess)$" /-->
+
+	<securecookie host=".+" name="^optimizely" />
+	<securecookie host="^\." name="(?:__cfduid$|_gat?$|_gat_|cf_clearance$)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/kinoX.to.xml b/src/chrome/content/rules/kinoX.to.xml
new file mode 100644
index 000000000000..65b9bd9cc64a
--- /dev/null
+++ b/src/chrome/content/rules/kinoX.to.xml
@@ -0,0 +1,23 @@
+<ruleset name="kinoX.to">
+	<target host="kinox.ag"/>
+	<target host="www.kinox.ag"/>
+	<target host="kinox.am"/>
+	<target host="www.kinox.am"/>
+	<target host="kinox.io"/>
+	<target host="www.kinox.io"/>
+	<target host="kinox.me"/>
+	<target host="www.kinox.me"/>
+	<target host="kinox.nu"/>
+	<target host="www.kinox.nu"/>
+	<target host="kinox.pe"/>
+	<target host="www.kinox.pe"/>
+	<target host="kinox.sg"/>
+	<target host="www.kinox.sg"/>
+	<target host="kinox.to"/>
+	<target host="www.kinox.to"/>
+	<target host="kinox.tv"/>
+	<target host="www.kinox.tv"/>
+
+	<rule from="^http:"
+		to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/kinogo.co.xml b/src/chrome/content/rules/kinogo.co.xml
new file mode 100644
index 000000000000..96b047f97b37
--- /dev/null
+++ b/src/chrome/content/rules/kinogo.co.xml
@@ -0,0 +1,46 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://kinogo.co/ => https://kinogo.co/: Too many redirects while fetching 'https://kinogo.co/'
+Fetch error: http://www.kinogo.co/ => https://www.kinogo.co/: Too many redirects while fetching 'https://www.kinogo.co/'
+
+	Other Kinogo rulesets:
+
+		- kinogo.net.xml
+
+
+	Insecure cookies are set for these domains: ᶜ
+
+		- .kinogo.co
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Images, on ^ from:
+
+			- $self ˢ
+			- ^kinogo.net
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Kinogo.co" default_off="failed ruleset test">
+
+	<target host="kinogo.co" />
+	<target host="www.kinogo.co" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.kinogo\.co$" name="^(?:__cfduid|cf_clearance|PHPSESSID)$" /-->
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/kinogo.net.xml b/src/chrome/content/rules/kinogo.net.xml
new file mode 100644
index 000000000000..dba37ba2bfd6
--- /dev/null
+++ b/src/chrome/content/rules/kinogo.net.xml
@@ -0,0 +1,23 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://kinogo.net/ => https://kinogo.net/: Too many redirects while fetching 'https://kinogo.net/'
+Fetch error: http://www.kinogo.net/ => https://www.kinogo.net/: Too many redirects while fetching 'https://www.kinogo.net/'
+
+	For other kinogo coverage, see kinogo.co.xml.
+
+-->
+<ruleset name="Kinogo.net" default_off="failed ruleset test">
+
+	<target host="kinogo.net" />
+	<target host="www.kinogo.net" />
+
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/kinopoisk.ru.xml b/src/chrome/content/rules/kinopoisk.ru.xml
new file mode 100644
index 000000000000..d6c1f1e92b1d
--- /dev/null
+++ b/src/chrome/content/rules/kinopoisk.ru.xml
@@ -0,0 +1,46 @@
+<!--
+	Nonfunctional hosts in *kinopoisk.ru:
+
+		- plus ʰ
+
+	ʰ Redirects to http
+
+
+	Insecure cookies are set for these hosts:
+
+		- forum.kinopoisk.ru
+
+
+	Mixed content:
+
+		- favicons on forum from st.kinopoisk.ru ˢ
+		- Bug on forum from www.tns-counter.ru ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Kinopoisk.ru">
+
+	<target host="kinopoisk.ru" />
+	<target host="forum.kinopoisk.ru" />
+	<target host="pass.kinopoisk.ru" />
+	<target host="st.kinopoisk.ru" />
+	<target host="www.kinopoisk.ru" />
+	<target host="m.kinopoisk.ru" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.kinopoisk\.ru/(?:$|docs/rss/$|feedback/$|iphone/$|tracks/buy/$)" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^forum\.kinopoisk\.ru$" name="^bb(?:forum_view|lastactivity|lastvisit|sessionhash)$" /-->
+
+	<securecookie host="^[^.kw]" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/kiro7.com.xml b/src/chrome/content/rules/kiro7.com.xml
new file mode 100644
index 000000000000..62785cbd81f3
--- /dev/null
+++ b/src/chrome/content/rules/kiro7.com.xml
@@ -0,0 +1,20 @@
+<!--
+	Invalid certificate:
+		a135.kiro7.com
+		amp.kiro7.com
+		click.e.kiro7.com
+		image.e.kiro7.com
+		li.kiro7.com
+		sa135.kiro7.com
+
+	Active mixed content from tracking domains
+
+-->
+<ruleset name="kiro7.com">
+
+	<target host="kiro7.com" />
+	<target host="www.kiro7.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/kirpich-ors.ru.xml b/src/chrome/content/rules/kirpich-ors.ru.xml
new file mode 100644
index 000000000000..5ca7d267bfa5
--- /dev/null
+++ b/src/chrome/content/rules/kirpich-ors.ru.xml
@@ -0,0 +1,15 @@
+<!--
+www.kirpich-ors.ru different content
+
+
+-->
+<ruleset name="kirpich-ors.ru">
+	<target host="kirpich-ors.ru" />
+
+	<target host="www.kirpich-ors.ru" />
+
+	<rule from="^http://www\.kirpich-ors\.ru/"
+		to="https://kirpich-ors.ru/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/kitaabun.com.xml b/src/chrome/content/rules/kitaabun.com.xml
new file mode 100644
index 000000000000..6d1530ad61d2
--- /dev/null
+++ b/src/chrome/content/rules/kitaabun.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="kitaabun.com">
+	<target host="kitaabun.com" />
+	<target host="www.kitaabun.com" />
+	<target host="www.apy2000.kitaabun.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/kitware.com.xml b/src/chrome/content/rules/kitware.com.xml
new file mode 100644
index 000000000000..0f2bdf289918
--- /dev/null
+++ b/src/chrome/content/rules/kitware.com.xml
@@ -0,0 +1,28 @@
+<!--
+	Nonfunctional hosts in *kitware.com:
+
+		- jobs *
+		- www *
+
+	* Prints link to http://www...
+
+
+	Problematic hosts in *kitware.com:
+
+		- resonant ᵐ
+
+	ᵐ Mismatched
+
+-->
+<ruleset name="Kitware.com (partial)">
+
+	<target host="gitlab.kitware.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/kivikakk.ee.xml b/src/chrome/content/rules/kivikakk.ee.xml
new file mode 100644
index 000000000000..fa454f1d7338
--- /dev/null
+++ b/src/chrome/content/rules/kivikakk.ee.xml
@@ -0,0 +1,13 @@
+<ruleset name="kivikakk.ee">
+
+	<target host="kivikakk.ee" />
+	<target host="www.kivikakk.ee" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/kiwibyrd.org.xml b/src/chrome/content/rules/kiwibyrd.org.xml
new file mode 100644
index 000000000000..ac8597928241
--- /dev/null
+++ b/src/chrome/content/rules/kiwibyrd.org.xml
@@ -0,0 +1,6 @@
+<ruleset name="kiwibyrd.org">
+	<target host="kiwibyrd.org" />
+	<target host="www.kiwibyrd.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/kiyoh.nl.xml b/src/chrome/content/rules/kiyoh.nl.xml
new file mode 100644
index 000000000000..eaaf4d4edf54
--- /dev/null
+++ b/src/chrome/content/rules/kiyoh.nl.xml
@@ -0,0 +1,13 @@
+<ruleset name="KiyOh.nl">
+
+	<target host="kiyoh.nl" />
+	<target host="www.kiyoh.nl" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/klerk.ru.xml b/src/chrome/content/rules/klerk.ru.xml
new file mode 100644
index 000000000000..0d2606913d78
--- /dev/null
+++ b/src/chrome/content/rules/klerk.ru.xml
@@ -0,0 +1,14 @@
+<!--forum. timed out
+blogs. timed out
+blogus. mismatch
+wiki. protocol error
+mvf. protocol error
+soft. expired
+1c. mismatch
+local. mismatch
+1c.new. mismatch-->
+<ruleset name="klerk.ru">
+	<target host="klerk.ru" />
+	<target host="www.klerk.ru" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/klick2contact.com.xml b/src/chrome/content/rules/klick2contact.com.xml
new file mode 100644
index 000000000000..63afc27e262a
--- /dev/null
+++ b/src/chrome/content/rules/klick2contact.com.xml
@@ -0,0 +1,20 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://klick2contact.com/ => https://klick2contact.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.klick2contactsales.com'")
+Fetch error: http://www.klick2contact.com/ => https://www.klick2contact.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.klick2contactsales.com'")
+
+-->
+<ruleset name="Klick2Contact.com" default_off="failed ruleset test">
+
+	<target host="klick2contact.com" />
+	<target host="www.klick2contact.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/klick2contactsales.com.xml b/src/chrome/content/rules/klick2contactsales.com.xml
new file mode 100644
index 000000000000..1165d14884d3
--- /dev/null
+++ b/src/chrome/content/rules/klick2contactsales.com.xml
@@ -0,0 +1,39 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://klick2contactsales.com/ => https://klick2contactsales.com/: (51, "SSL: no alternative certificate subject name matches target host name 'klick2contactsales.com'")
+Fetch error: http://www.klick2contactsales.com/ => https://www.klick2contactsales.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.klick2contactsales.com'")
+
+	Other Klick2Contact rulesets:
+
+		- klick2contact.com.xml
+
+
+	Mixed content:
+
+		- css, from:
+
+			- fonts.googleapis.com ˢ
+			- $self ˢ
+
+		- Images from $self ˢ
+		- favicon from $self ˢ
+		- Bug from www.cnt-tm-1.com ᵐ
+
+	ᵐ Not secured by us <= mismatched
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Klick2Contact sales.com" platform="mixedcontent" default_off="failed ruleset test">
+
+	<target host="klick2contactsales.com" />
+	<target host="www.klick2contactsales.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/klikki.fi.xml b/src/chrome/content/rules/klikki.fi.xml
new file mode 100644
index 000000000000..d66d873a34b3
--- /dev/null
+++ b/src/chrome/content/rules/klikki.fi.xml
@@ -0,0 +1,19 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.klikki.fi/ => https://www.klikki.fi/: (51, "SSL: no alternative certificate subject name matches target host name 'www.klikki.fi'")
+
+-->
+<ruleset name="Klikki.fi" default_off="failed ruleset test">
+
+	<target host="klikki.fi" />
+	<target host="www.klikki.fi" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/klikr.org.xml b/src/chrome/content/rules/klikr.org.xml
new file mode 100644
index 000000000000..2e3d44281b25
--- /dev/null
+++ b/src/chrome/content/rules/klikr.org.xml
@@ -0,0 +1,6 @@
+<ruleset name="klikr.org">
+	<target host="klikr.org" />
+	<target host="www.klikr.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/klikr.pw.xml b/src/chrome/content/rules/klikr.pw.xml
new file mode 100644
index 000000000000..69f829f02d1d
--- /dev/null
+++ b/src/chrome/content/rules/klikr.pw.xml
@@ -0,0 +1,6 @@
+<ruleset name="klikr.pw">
+	<target host="klikr.pw" />
+	<target host="www.klikr.pw" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/klilu.de.xml b/src/chrome/content/rules/klilu.de.xml
new file mode 100644
index 000000000000..1520e65b0989
--- /dev/null
+++ b/src/chrome/content/rules/klilu.de.xml
@@ -0,0 +1,17 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://groupwise.klilu.de/ (200) => https://groupwise.klilu.de/ (403)
+
+	Refused:
+	  mtaschule.klilu.de
+-->
+<ruleset name="Klinikum Ludwigshafen" default_off="failed ruleset test">
+
+	<target host="www.klilu.de" />
+	<target host="extranet.klilu.de" />
+	<target host="groupwise.klilu.de" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/klops.ru.xml b/src/chrome/content/rules/klops.ru.xml
new file mode 100644
index 000000000000..2be6885e6b49
--- /dev/null
+++ b/src/chrome/content/rules/klops.ru.xml
@@ -0,0 +1,59 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://images.klops.ru/ => https://images.klops.ru/: (51, "SSL: no alternative certificate subject name matches target host name 'images.klops.ru'")
+Fetch error: http://m.klops.ru/ => https://m.klops.ru/: (51, "SSL: no alternative certificate subject name matches target host name 'm.klops.ru'")
+
+70letvelikoipobede.klops.ru ²
+classified.klops.ru ¹
+rabota.belgorodskaya-oblast.classified.klops.ru ¹
+rabota.berdsk.classified.klops.ru ¹
+realty.gatchinskij-tajcy.classified.klops.ru ¹
+biznes.gdov.classified.klops.ru ¹
+realty.gurevsk.classified.klops.ru ¹
+realty.kaliningrad.classified.klops.ru ¹
+rabota.komi.classified.klops.ru ¹
+stroitelstvo-remont-dizajn.labytnangi.classified.klops.ru ¹
+obyavleniya.leningradskaya-oblast-kirovskij-kirovsk.classified.klops.ru ¹
+lodejnoe-pole.classified.klops.ru ¹
+detskie-tovary.pogar.classified.klops.ru ¹
+tehnika-elektronika.sorochinsk.classified.klops.ru ¹
+auto.tutaevskij.classified.klops.ru ¹
+realty.valuyki.classified.klops.ru ¹
+obyavleniya.verxovazhskij.classified.klops.ru ¹
+realty.vologda.classified.klops.ru ¹
+odezhda-obuv-aksessuary.yurev-polskij.classified.klops.ru ¹
+hotels.klops.ru ¹
+ostrova.klops.ru ²
+phenomena2015.klops.ru ¹
+slim.klops.ru ³
+special.klops.ru ¹
+strana.klops.ru ¹
+www.strana.klops.ru ¹
+velo.klops.ru ¹
+
+
+¹ mismatch
+² refused
+³ timed out
+-->
+<ruleset name="klops.ru" default_off="failed ruleset test">
+	<target host="klops.ru" />
+	<target host="www.klops.ru" />
+	<target host="afisha.klops.ru" />
+	<target host="bagrationovsk.klops.ru" />
+	<target host="baltijsk.klops.ru" />
+	<target host="chernyaxovsk.klops.ru" />
+	<target host="gusev.klops.ru" />
+	<target host="gvardejsk.klops.ru" />
+	<target host="images.klops.ru" />
+	<target host="jantarnyj.klops.ru" />
+	<target host="kdoma.klops.ru" />
+	<target host="m.klops.ru" />
+	<target host="sovetsk.klops.ru" />
+	<target host="svetlogorsk.klops.ru" />
+	<target host="svetly.klops.ru" />
+	<target host="zelenogradsk.klops.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/kls.rs.xml b/src/chrome/content/rules/kls.rs.xml
new file mode 100644
index 000000000000..e0d1321a12f6
--- /dev/null
+++ b/src/chrome/content/rules/kls.rs.xml
@@ -0,0 +1,12 @@
+<ruleset name="KLS.rs">
+
+	<target host="tv.kls.rs" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/klyaznik.ru.xml b/src/chrome/content/rules/klyaznik.ru.xml
new file mode 100644
index 000000000000..1faff3bfb471
--- /dev/null
+++ b/src/chrome/content/rules/klyaznik.ru.xml
@@ -0,0 +1,13 @@
+<!--
+ns1.klyaznik.ru ¹
+ns2.klyaznik.ru ¹
+klyaznik.ru different content
+
+
+¹ mismatch
+-->
+<ruleset name="klyaznik.ru (partial)">
+	<target host="mail.klyaznik.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/km.com.xml b/src/chrome/content/rules/km.com.xml
new file mode 100644
index 000000000000..09805d6de176
--- /dev/null
+++ b/src/chrome/content/rules/km.com.xml
@@ -0,0 +1,27 @@
+<!--
+	Defferent http/https content:
+		^km.com
+
+	Invalid cert:
+		game.km.com
+		ys.km.com
+-->
+
+<ruleset name="km.com">
+	<target host="km.com" />
+	<rule from="^http://km\.com/" to="https://www.km.com/" />
+
+	<target host="www.km.com" />
+	<target host="book.km.com" />
+	<target host="i.km.com" />
+		<test url="http://i.km.com/js/client/login.js" />
+	<target host="img1.km.com" />
+		<test url="http://img1.km.com/bookimg/public/javascripts/ga.js" />
+	<target host="img2.km.com" />
+	<target host="img3.km.com" />
+	<target host="img4.km.com" />
+	<target host="img5.km.com" />
+	<target host="img6.km.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/kmd.dk.xml b/src/chrome/content/rules/kmd.dk.xml
new file mode 100644
index 000000000000..696c847b3a9a
--- /dev/null
+++ b/src/chrome/content/rules/kmd.dk.xml
@@ -0,0 +1,152 @@
+<!--
+	For rules covering resources which do not secure
+	mixed content, see kmd.dk-resources.xml.
+
+
+	Nonfunctional hosts in *kmd.dk:
+
+		- (www.)? ᵈ
+		- accessdenied ᵈ
+		- ftp.edi ᵈ
+		- www.kompetenceportalen ʳ
+		- navhelp ʳ
+		- vurdering ᶠ
+		- webgis ᵈ
+
+	ᵈ Dropped
+	ᶠ Handshake failed
+	ʳ Refused
+
+
+	Problematic hosts in *kmd.dk:
+
+		- publikationer ᵐ
+
+	ᵐ Mismatched
+
+
+	Partially covered hosts in *kmd.dk:
+
+		- event ʰ
+
+	ʰ Some pages redirect to http
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- event.kmd.dk
+		- kigo3kombit.kmd.dk
+		- esbjerg.kmdcareborgerportal.kmd.dk
+		- minforsyning.kmd.dk
+		- minforsyningplugin.kmd.dk
+		- publikationer.kmd.dk
+		- vokal.kmd.dk
+		- vvsdialog.kmd.dk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="KMD.dk (partial)">
+
+	<target host="event.kmd.dk" />
+	<target host="kigo3kombit.kmd.dk" />
+	<target host="esbjerg.kmdcareborgerportal.kmd.dk" />
+	<target host="minforsyning.kmd.dk" />
+	<target host="minforsyningplugin.kmd.dk" />
+	<target host="vokal.kmd.dk" />
+	<target host="vvsdialog.kmd.dk" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://event\.kmd\.dk/(event_name)(?:$|/(?:program|arrangementet)\.html)" /-->
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="^http://event\.kmd\.dk/(?!/*(?:$|\?|css/|js/|[^/]+/(?:eksternt-login|sign-up|tilmelding)\.html))" /-->
+		<!--
+			Avoid possible XHR problems:
+							-->
+		<!--exclusion pattern="^http://event\.kmd\.dk/.+\.js(?:$|\?)" /-->
+		<!--
+			In combination:
+					-->
+		<!--exclusion pattern="^http://event\.kmd\.dk/(?!(?!.+\.js(?:$|\?))/*(?:$|\?|css/|favicon\.ico|js/|[^/]+/(?:eksternt-login|sign-up|tilmelding)\.html))" /-->
+		<!--
+			Reduce non-Tor distinguishability:
+								-->
+		<exclusion pattern="^http://event\.kmd\.dk/(?!/*(?:$|\?|[^/]+/(?:eksternt-login|sign-up|tilmelding)\.html))" />
+
+			<!--	+ve:
+					-->
+			<!--
+			<test url="http://event.kmd.dk/CMResources/dist/translations/translations.lib.da.f408e66e719357a0f1df789712a7691f.js" />
+			<test url="http://event.kmd.dk/CMResources/dist/translations/translations.website.da.9c32a2aa9d17d9f2d7751b5cdd194682.js" />
+			<test url="http://event.kmd.dk/CMResources/jquery.sprintf-1.0.3.js" />
+			<test url="http://event.kmd.dk/CMResources/json2.min.js" />
+			<test url="http://event.kmd.dk/CMResources/modules/cmAjax.min-cmv9.0.6.js" />
+			<test url="http://event.kmd.dk/CMResources/modules/cmi18n/pluralrules/pluralrule-da.v1.0.js" />
+			<test url="http://event.kmd.dk/CMResources/modules/cmi18n/pluralrules/pluralrules-commons.v1.0.js" />
+			<test url="http://event.kmd.dk/CMResources/requirejs/require-2.1.11.min-cmv9.0.6.js" />
+			<test url="http://event.kmd.dk/CMResources/stacktrace.js" />
+			<test url="http://event.kmd.dk/FaellessprogKMDNexusAarhus" />
+			<test url="http://event.kmd.dk/FaellessprogKMDNexusAarhus/informationsmoede-om-faelles-sprog-iii-i-kmd-nexus.html" />
+			<test url="http://event.kmd.dk/FaellessprogKMDNexusAarhus/program.html" />
+			<test url="http://event.kmd.dk/SIEM" />
+			<test url="http://event.kmd.dk/SIEM/programme.html" />
+			<test url="http://event.kmd.dk/SIEM/programme.html?download=1" />
+			<test url="http://event.kmd.dk/SIEM/siem-is-not-enough.html" />
+			<test url="http://event.kmd.dk/faaindsigtmeddata1" />
+			<test url="http://event.kmd.dk/faaindsigtmeddata1/arrangementet.html" />
+			<test url="http://event.kmd.dk/faaindsigtmeddata1/program.html" />
+			<test url="http://event.kmd.dk/js/jquery/jquery-1.9.1.min.js" />
+			<test url="http://event.kmd.dk/js/jquery/jquery-ui-1.9.2.min.js" />
+			<test url="http://event.kmd.dk/js/jquery/jquery.json-2.2.min-cmv9.0.6.js" />
+			<test url="http://event.kmd.dk/js/jquery/jquery.tmpl.js" />
+			<test url="http://event.kmd.dk/js/modernizr.custom.58379.js" />
+			<test url="http://event.kmd.dk/js/poweredby.min-cmv9.0.6.js" />
+			<test url="http://event.kmd.dk/js/require.config-cmv9.0.6.js" />
+			<test url="http://event.kmd.dk/jsExceptionHandler/jsExceptionHandler-cmv9.0.6.js" />
+			-->
+			<test url="http://event.kmd.dk/kmdhindsgavlslot" />
+			<test url="http://event.kmd.dk/kmdhindsgavlslot/aarskonference-paa-hindsgavl-slot.html" />
+			<test url="http://event.kmd.dk/kmdhindsgavlslot/program.html" />
+			<test url="http://event.kmd.dk/kmdhindsgavlslot/program.html?download=1" />
+			<test url="http://event.kmd.dk/momentum1" />
+			<test url="http://event.kmd.dk/momentum1/arrangementet.html" />
+			<test url="http://event.kmd.dk/momentum1/download-materiale.html" />
+			<test url="http://event.kmd.dk/momentum1/program.html" />
+			<test url="http://event.kmd.dk/momentum1/program.html?download=1" />
+
+			<!--	-ve:
+					-->
+			<test url="http://event.kmd.dk/FaellessprogKMDNexusAarhus/eksternt-login.html" />
+			<test url="http://event.kmd.dk/FaellessprogKMDNexusAarhus/tilmelding.html" />
+			<test url="http://event.kmd.dk/SIEM/sign-up.html" />
+			<!--
+			<test url="http://event.kmd.dk/css/tabletMediaQuery-cmv9.0.6.css" />
+			-->
+			<test url="http://event.kmd.dk/faaindsigtmeddata1/eksternt-login.html" />
+			<test url="http://event.kmd.dk/faaindsigtmeddata1/tilmelding.html" />
+			<!--
+			<test url="http://event.kmd.dk/favicon.ico" />
+			<test url="http://event.kmd.dk/js/jquery/ui/smoothness/jquery.ui.theme.css" />
+			-->
+			<test url="http://event.kmd.dk/kmdhindsgavlslot/eksternt-login.html" />
+			<test url="http://event.kmd.dk/kmdhindsgavlslot/tilmelding.html" />
+			<test url="http://event.kmd.dk/momentum1/eksternt-login.html" />
+			<test url="http://event.kmd.dk/momentum1/tilmelding.html" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^esbjerg\.kmdcareborgerportal\.kmd\.dk$" name="^sp\d+\.fobs\.dk$" /-->
+	<!--securecookie host="^event\.kmd\.dk$" name="^(?:CFID|CFTOKEN|perseverantia)$" /-->
+	<!--securecookie host="^(?:kigo3kombit|minforsyning|minforsyningplugin|publikationer|vokal|vvsdialog)\.kmd\.dk$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^(?!event\.)\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/knigafund.ru.xml b/src/chrome/content/rules/knigafund.ru.xml
new file mode 100644
index 000000000000..f38a9b8bcf41
--- /dev/null
+++ b/src/chrome/content/rules/knigafund.ru.xml
@@ -0,0 +1,14 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://knigafund.ru/ => https://knigafund.ru/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.knigafund.ru/ => https://www.knigafund.ru/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+demo. mismatch
+api. mismatch
+vuz. mismatch
+library. mismatch-->
+<ruleset name="knigafund.ru" default_off="failed ruleset test">
+	<target host="knigafund.ru" />
+	<target host="www.knigafund.ru" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/knot-resolver.cz.xml b/src/chrome/content/rules/knot-resolver.cz.xml
new file mode 100644
index 000000000000..3950d5c24e8c
--- /dev/null
+++ b/src/chrome/content/rules/knot-resolver.cz.xml
@@ -0,0 +1,17 @@
+<!--
+	For other CZ.NIC coverage, see Nic.cz.xml.
+
+-->
+<ruleset name="Knot-Resolver.cz">
+
+	<target host="knot-resolver.cz" />
+	<target host="www.knot-resolver.cz" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/knowingly.com.xml b/src/chrome/content/rules/knowingly.com.xml
new file mode 100644
index 000000000000..2a413e0a287a
--- /dev/null
+++ b/src/chrome/content/rules/knowingly.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Other Knowingly Inc. rulesets:
+
+		- GigaOM.xml
+
+
+	Mixed content:
+
+		- Images on ^ from $self ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="Knowingly.com">
+
+	<target host="knowingly.com" />
+	<target host="www.knowingly.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/komi-news.ru.xml b/src/chrome/content/rules/komi-news.ru.xml
new file mode 100644
index 000000000000..21dea0964014
--- /dev/null
+++ b/src/chrome/content/rules/komi-news.ru.xml
@@ -0,0 +1,18 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://komi-news.ru/ => https://komi-news.ru/: (51, "SSL: no alternative certificate subject name matches target host name 'komi-news.ru'")
+Fetch error: http://www.komi-news.ru/ => https://www.komi-news.ru/: (51, "SSL: no alternative certificate subject name matches target host name 'www.komi-news.ru'")
+
+adv.komi-news.ru ⁴
+stories.komi-news.ru/: (52, 'Empty reply from server')
+
+
+⁴ self signed
+-->
+<ruleset name="komi-news.ru" default_off="failed ruleset test">
+	<target host="komi-news.ru" />
+	<target host="www.komi-news.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/komikz.ru.xml b/src/chrome/content/rules/komikz.ru.xml
new file mode 100644
index 000000000000..5fbeb72f9f2a
--- /dev/null
+++ b/src/chrome/content/rules/komikz.ru.xml
@@ -0,0 +1,14 @@
+<!--
+mail.komikz.ru ⁶
+old.komikz.ru ⁴
+
+
+⁴ self signed
+⁶ redirect
+-->
+<ruleset name="komikz.ru">
+	<target host="komikz.ru" />
+	<target host="www.komikz.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/kommersant.ru.xml b/src/chrome/content/rules/kommersant.ru.xml
new file mode 100644
index 000000000000..a438f7226d1e
--- /dev/null
+++ b/src/chrome/content/rules/kommersant.ru.xml
@@ -0,0 +1,93 @@
+<!--
+kommersant.ru ⁶
+www.kommersant.ru ⁶
+autopilot.kommersant.ru ³
+bankruptcy.kommersant.ru ⁴
+beta.kommersant.ru ⁴
+bl.kommersant.ru ⁴
+bs.kommersant.ru ²
+c12.kommersant.ru ³
+c2.kommersant.ru ³
+chel.kommersant.ru ³
+dengi.kommersant.ru ³
+eburg.kommersant.ru ³
+email.kommersant.ru ²
+www.email.kommersant.ru ²
+mta-1.email.kommersant.ru ²
+mta-2.email.kommersant.ru ²
+multimedia.email.kommersant.ru ¹
+ftp.kommersant.ru ³
+giza.kommersant.ru ³
+hk-makao.kommersant.ru ¹
+kazan.kommersant.ru ³
+mail.kazan.kommersant.ru ³
+khabarovsk.kommersant.ru ³
+mail.khabarovsk.kommersant.ru ³
+mailgate.khabarovsk.kommersant.ru ³
+kr.kommersant.ru ³
+mail.kr.kommersant.ru ³
+m.kommersant.ru ³
+mail.kommersant.ru ⁴
+mailgate.kommersant.ru ⁴
+megafon.kommersant.ru ¹
+nnov.kommersant.ru ³
+nrd.kommersant.ru ¹
+nrd1.kommersant.ru ¹
+ns.kommersant.ru ³
+ns5.kommersant.ru ³
+nsk.kommersant.ru ³
+mail.nsk.kommersant.ru ³
+philips.kommersant.ru ¹
+photo.kommersant.ru ³
+plus-one.kommersant.ru ²
+prescript.kommersant.ru ³
+prescript-r.kommersant.ru ³
+prescript2.kommersant.ru ³
+regions.kommersant.ru ³
+rodos.kommersant.ru ⁶
+rostov.kommersant.ru ³
+mail.rostov.kommersant.ru ²
+rusfond.kommersant.ru ¹
+spb.kommersant.ru ³
+ftp.spb.kommersant.ru ²
+mail.spb.kommersant.ru ⁴
+mail1.spb.kommersant.ru ⁴
+service.spb.kommersant.ru ³
+testwww.kommersant.ru ³
+ufaprojects.kommersant.ru ¹
+mail.unity.kommersant.ru ³
+vlast.kommersant.ru ³
+volgograd.kommersant.ru ³
+mail.volgograd.kommersant.ru ⁴
+weekend.kommersant.ru ³
+z.kommersant.ru ³
+
+
+¹ mismatch
+² refused
+³ timed out
+⁴ self signed
+⁶ redirect
+-->
+<ruleset name="kommersant.ru (partial)">
+	<target host="dev.kommersant.ru" />
+	<target host="feeds.kommersant.ru" />
+	<target host="i.kommersant.ru" />
+	<target host="ic.kommersant.ru" />
+	<target host="im.kommersant.ru" />
+	<target host="im0.kommersant.ru" />
+	<target host="im1.kommersant.ru" />
+	<target host="im2.kommersant.ru" />
+	<target host="im3.kommersant.ru" />
+	<target host="im4.kommersant.ru" />
+	<target host="im5.kommersant.ru" />
+	<target host="im6.kommersant.ru" />
+	<target host="im7.kommersant.ru" />
+	<target host="im8.kommersant.ru" />
+	<target host="im9.kommersant.ru" />
+	<target host="mm.kommersant.ru" />
+	<target host="telecom.kommersant.ru" />
+	<target host="telecom2.kommersant.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/komus.ru.xml b/src/chrome/content/rules/komus.ru.xml
new file mode 100644
index 000000000000..5671434cdb92
--- /dev/null
+++ b/src/chrome/content/rules/komus.ru.xml
@@ -0,0 +1,28 @@
+<!--
+diska.komus.ru ²
+link.komus.ru ¹
+mhub1.komus.ru ³
+mhub2.komus.ru ²
+plat.komus.ru ⁵
+slim.komus.ru ³
+slim2.komus.ru ²
+slim3.komus.ru ³
+slim4.komus.ru ³
+subscribe.komus.ru ²
+
+
+¹ mismatch
+² refused
+³ timed out
+⁵ expired
+-->
+<ruleset name="komus.ru">
+	<target host="komus.ru" />
+	<target host="www.komus.ru" />
+	<target host="adr.komus.ru" />
+	<target host="spb.komus.ru" />
+	<target host="static.komus.ru" />
+	<target host="tech.komus.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/konsumentverket.se.xml b/src/chrome/content/rules/konsumentverket.se.xml
new file mode 100644
index 000000000000..c152c0c3924f
--- /dev/null
+++ b/src/chrome/content/rules/konsumentverket.se.xml
@@ -0,0 +1,11 @@
+<ruleset name="konsumentverket.se">
+	<target host="konsumentverket.se" />
+	<target host="www.konsumentverket.se" />
+	<target host="psidata.konsumentverket.se" />
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
+<!--
+	Invalid certificate:
+		publikationer.konsumentverket.se
+-->
diff --git a/src/chrome/content/rules/kontur.ru.xml b/src/chrome/content/rules/kontur.ru.xml
new file mode 100644
index 000000000000..95a56fc30875
--- /dev/null
+++ b/src/chrome/content/rules/kontur.ru.xml
@@ -0,0 +1,154 @@
+<!--
+100.kontur.ru/: (52, 'Empty reply from server')
+api.kontur.ru/: (52, 'Empty reply from server')
+b.kontur.ru/: (52, 'Empty reply from server')
+diadoc-roaming.kontur.ru ⁴
+diadoc-smtp.kontur.ru ³
+diadok.kontur.ru/: (52, 'Empty reply from server')
+e.kontur.ru/: (52, 'Empty reply from server')
+www.focus.kontur.ru ¹
+ftp-edi.kontur.ru ²
+kopf.kontur.ru/: (35, 'error:14092105:SSL routines:ssl3_get_server_hello:wrong cipher returned')
+kopf-sd.kontur.ru/: (52, 'Empty reply from server')
+kitty.mailspam.kontur.ru ²
+olymp.kontur.ru/: (52, 'Empty reply from server')
+pfcheck.kontur.ru non-2xx http code
+stat.kontur.ru/: (52, 'Empty reply from server')
+vnc.kontur.ru ⁷
+zakaz-mail.kontur.ru ³
+mail.zakupki.kontur.ru ¹
+ofd-api.kontur.ru different content
+petrotax.kontur.ru different content
+x5stroyka.kontur.ru different content
+
+
+¹ mismatch
+² refused
+³ timed out
+⁴ self signed
+⁷ protocol error
+-->
+<ruleset name="kontur.ru">
+	<target host="kontur.ru" />
+	<target host="www.kontur.ru" />
+	<target host="152.kontur.ru" />
+	<target host="25.kontur.ru" />
+	<target host="2ndfl.kontur.ru" />
+	<target host="agent.kontur.ru" />
+	<target host="alco.kontur.ru" />
+	<target host="alko.kontur.ru" />
+	<target host="archive.kontur.ru" />
+	<target host="auth.kontur.ru" />
+	<target host="bank.kontur.ru" />
+	<target host="billy-partners.kontur.ru" />
+	<target host="bk.kontur.ru" />
+	<target host="ca.kontur.ru" />
+	<target host="cabinet.kontur.ru" />
+	<target host="callback.kontur.ru" />
+	<target host="cc.kontur.ru" />
+	<target host="claims.kontur.ru" />
+	<target host="cms.kontur.ru" />
+	<target host="cms-buhonline.kontur.ru" />
+	<target host="cms-ca.kontur.ru" />
+	<target host="cms-school.kontur.ru" />
+	<target host="cms-zakupki.kontur.ru" />
+	<target host="connector.kontur.ru" />
+	<target host="crypto.kontur.ru" />
+	<target host="cs.kontur.ru" />
+	<target host="d.kontur.ru" />
+	<target host="dc-zbx.kontur.ru" />
+	<target host="diadoc.kontur.ru" />
+	<target host="diadoc-api.kontur.ru" />
+	<target host="diadoc-connector-api.kontur.ru" />
+	<target host="diadoc-widget.kontur.ru" />
+	<target host="e-e.kontur.ru" />
+	<target host="eco.kontur.ru" />
+	<target host="edi.kontur.ru" />
+	<target host="edi-api.kontur.ru" />
+	<target host="edi-log.kontur.ru" />
+	<target host="edoci.kontur.ru" />
+	<target host="edu.kontur.ru" />
+	<target host="efbu.kontur.ru" />
+	<target host="egais.kontur.ru" />
+	<target host="egais-demo.kontur.ru" />
+	<target host="elba.kontur.ru" />
+	<target host="evrika.kontur.ru" />
+	<target host="expert.kontur.ru" />
+	<target host="express.kontur.ru" />
+	<target host="extern.kontur.ru" />
+	<target host="feedback.kontur.ru" />
+	<target host="ff.kontur.ru" />
+	<target host="fms.kontur.ru" />
+	<target host="focus.kontur.ru" />
+	<target host="focus-api.kontur.ru" />
+	<target host="focus-lite.kontur.ru" />
+	<target host="forum.kontur.ru" />
+	<target host="free.kontur.ru" />
+	<target host="freefss.kontur.ru" />
+	<target host="fss.kontur.ru" />
+	<target host="guides.kontur.ru" />
+	<target host="h.kontur.ru" />
+	<target host="help.kontur.ru" />
+	<target host="help2.kontur.ru" />
+	<target host="i.kontur.ru" />
+	<target host="install.kontur.ru" />
+	<target host="install2.kontur.ru" />
+	<target host="ke-widget.kontur.ru" />
+	<target host="keforms.kontur.ru" />
+	<target host="kf.kontur.ru" />
+	<target host="kladr.kontur.ru" />
+	<target host="kuba.kontur.ru" />
+	<target host="ln.kontur.ru" />
+	<target host="m-evrika.kontur.ru" />
+	<target host="mail.kontur.ru" />
+	<target host="market.kontur.ru" />
+	<target host="metrika.kontur.ru" />
+	<target host="mri-extern.kontur.ru" />
+	<target host="nds.kontur.ru" />
+	<target host="nds-test.kontur.ru" />
+	<target host="ng-extern.kontur.ru" />
+	<target host="normativ.kontur.ru" />
+	<target host="o.kontur.ru" />
+	<target host="o-fs.kontur.ru" />
+	<target host="ob.kontur.ru" />
+	<target host="ob-evrika.kontur.ru" />
+	<target host="ofd.kontur.ru" />
+	<target host="ofd-project.kontur.ru" />
+	<target host="otchet.kontur.ru" />
+	<target host="p.kontur.ru" />
+	<target host="payments.kontur.ru" />
+	<target host="pf.kontur.ru" />
+	<target host="pfr.kontur.ru" />
+	<target host="portal.kontur.ru" />
+	<target host="postavki.kontur.ru" />
+	<target host="push-notifications.kontur.ru" />
+	<target host="r15-extern.kontur.ru" />
+	<target host="r16-extern.kontur.ru" />
+	<target host="r18-extern.kontur.ru" />
+	<target host="r23-extern.kontur.ru" />
+	<target host="r24-extern.kontur.ru" />
+	<target host="r35-extern.kontur.ru" />
+	<target host="r36-extern.kontur.ru" />
+	<target host="r38-extern.kontur.ru" />
+	<target host="r49.kontur.ru" />
+	<target host="r61-extern.kontur.ru" />
+	<target host="r70-extern.kontur.ru" />
+	<target host="rt13-extern.kontur.ru" />
+	<target host="rzd.kontur.ru" />
+	<target host="sales.kontur.ru" />
+	<target host="school.kontur.ru" />
+	<target host="setter.kontur.ru" />
+	<target host="sgdmon.kontur.ru" />
+	<target host="sicklist-calc.kontur.ru" />
+	<target host="st.kontur.ru" />
+	<target host="store.kontur.ru" />
+	<target host="support.kontur.ru" />
+	<target host="sverka.kontur.ru" />
+	<target host="tantive.kontur.ru" />
+	<target host="test-edi.kontur.ru" />
+	<target host="update.kontur.ru" />
+	<target host="vacation-calc.kontur.ru" />
+	<target host="zakupki.kontur.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/koolspan.com.xml b/src/chrome/content/rules/koolspan.com.xml
new file mode 100644
index 000000000000..d7884c0a829f
--- /dev/null
+++ b/src/chrome/content/rules/koolspan.com.xml
@@ -0,0 +1,29 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- koolspan.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Koolspan.com">
+
+	<target host="koolspan.com" />
+	<target host="www.koolspan.com" />
+
+		<!--	Sets cookie without Secure:
+							-->
+		<!--test url="http://koolspan.com/wp-content/themes/jupiter/captcha/captcha.php" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^koolspan\.com$" name="^(?:PHPSESSID|wfvt_\d+)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/kopimi.com.xml b/src/chrome/content/rules/kopimi.com.xml
new file mode 100644
index 000000000000..7fc825cdf257
--- /dev/null
+++ b/src/chrome/content/rules/kopimi.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="kopimi.com">
+	<target host="kopimi.com" />
+	<target host="www.kopimi.com" />
+	<target host="mail.kopimi.com" />
+	<target host="webdisk.kopimi.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/koptevo.net.xml b/src/chrome/content/rules/koptevo.net.xml
new file mode 100644
index 000000000000..a57d424ea752
--- /dev/null
+++ b/src/chrome/content/rules/koptevo.net.xml
@@ -0,0 +1,42 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://semen.koptevo.net/ => https://semen.koptevo.net/: (35, 'Unknown SSL protocol error in connection to semen.koptevo.net:443 ')
+
+koptevo.net ⁴
+www.koptevo.net ⁴
+bmw.koptevo.net ⁴
+csszm.koptevo.net ⁷
+gurov.ectb.koptevo.net ³
+english.koptevo.net ⁴
+forum.koptevo.net ⁴
+fun.koptevo.net ³
+help.koptevo.net ⁴
+ns.koptevo.net ³
+ns2.koptevo.net ²
+plague.koptevo.net ³
+schmat.koptevo.net ⁴
+admin.small-hosting.koptevo.net ⁷
+speed.koptevo.net ⁴
+stat.koptevo.net ¹
+vhost7.koptevo.net ³
+wcat.koptevo.net ³
+x-zone.koptevo.net ⁴
+
+
+¹ mismatch
+² refused
+³ timed out
+⁴ self signed
+⁷ protocol error
+-->
+<ruleset name="koptevo.net (partial)" default_off="failed ruleset test">
+	<target host="cp.koptevo.net" />
+	<target host="cp2.koptevo.net" />
+	<target host="img.koptevo.net" />
+	<target host="mail.koptevo.net" />
+	<target host="proc.koptevo.net" />
+	<target host="semen.koptevo.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/korpijaakko.com.xml b/src/chrome/content/rules/korpijaakko.com.xml
new file mode 100644
index 000000000000..97a933ae4bab
--- /dev/null
+++ b/src/chrome/content/rules/korpijaakko.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="Korpijaakko.com">
+
+	<target host="korpijaakko.com" />
+	<target host="www.korpijaakko.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/kotlinlang.org.xml b/src/chrome/content/rules/kotlinlang.org.xml
new file mode 100644
index 000000000000..4a0feb02d386
--- /dev/null
+++ b/src/chrome/content/rules/kotlinlang.org.xml
@@ -0,0 +1,20 @@
+<!--
+	Invalid certificate:
+		slack.kotlinlang.org
+
+	Not found:
+		www.discuss.kotlinlang.org
+-->
+<ruleset name="kotlinlang.org">
+
+	<target host="kotlinlang.org" />
+	<target host="www.kotlinlang.org" />
+	<target host="cloudfront.kotlinlang.org" />
+	<target host="discuss.kotlinlang.org" />
+	<target host="try.kotlinlang.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/kprf.ru.xml b/src/chrome/content/rules/kprf.ru.xml
new file mode 100644
index 000000000000..e45b3eda8c23
--- /dev/null
+++ b/src/chrome/content/rules/kprf.ru.xml
@@ -0,0 +1,31 @@
+<!--
+20.kprf.ru ¹
+56.kprf.ru/: (35, 'error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure')
+www.56.kprf.ru/: (35, 'error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure')
+community.kprf.ru ³
+cs1.kprf.ru ¹
+forum.kprf.ru ³
+krd.kprf.ru ¹
+ni.kprf.ru ¹
+pravo.kprf.ru ²
+referendum.kprf.ru ³
+stopmigration.kprf.ru ¹
+zyuganov.kprf.ru ⁷
+www.zyuganov.kprf.ru ⁷
+i.kprf.ru different content
+
+
+¹ mismatch
+² refused
+³ timed out
+⁷ protocol error
+-->
+<ruleset name="kprf.ru">
+	<target host="kprf.ru" />
+	<target host="www.kprf.ru" />
+	<target host="msk.kprf.ru" />
+	<target host="my.kprf.ru" />
+	<target host="rlist.kprf.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/kr-znamya.ru.xml b/src/chrome/content/rules/kr-znamya.ru.xml
new file mode 100644
index 000000000000..8b2123d1eebf
--- /dev/null
+++ b/src/chrome/content/rules/kr-znamya.ru.xml
@@ -0,0 +1,8 @@
+<!-- www. mismatch -->
+<ruleset name="kr-znamya.ru">
+	<target host="kr-znamya.ru" />
+	<target host="www.kr-znamya.ru" />
+	<rule from="^http://www\.kr-znamya\.ru/"
+		to="https://kr-znamya.ru/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/krasno.ru.xml b/src/chrome/content/rules/krasno.ru.xml
new file mode 100644
index 000000000000..0bd9820e9cde
--- /dev/null
+++ b/src/chrome/content/rules/krasno.ru.xml
@@ -0,0 +1,24 @@
+<!--
+krasno.ru non-2xx http code
+www.krasno.ru mismatch
+photo.krasno.ru mismatch
+portal.krasno.ru mismatch
+radio.krasno.ru mismatch
+tv.krasno.ru timed out
+wiki.krasno.ru nonexist
+www.krasno.ru mismatch
+zrazhevsky.krasno.ru mismatch
+multimediacity.krasno.ru mismatch
+library.krasno.ru mismatch
+krasgoju.krasno.ru timed out
+hf.krasno.ru mismatch
+artgallery.krasno.ru mismatch
+www.library.krasno.ru mismatch
+-->
+<ruleset name="krasno.ru (partial)">
+	<target host="bill.krasno.ru" />
+	<target host="billing.krasno.ru" />
+	<target host="mail.krasno.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/krasnodar.ru.xml b/src/chrome/content/rules/krasnodar.ru.xml
new file mode 100644
index 000000000000..fa353d85de5f
--- /dev/null
+++ b/src/chrome/content/rules/krasnodar.ru.xml
@@ -0,0 +1,108 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://uec.krasnodar.ru/ => https://uec.krasnodar.ru/: (60, 'SSL certificate problem: certificate has expired')
+
+agk.krasnodar.ru ³
+childrest.krasnodar.ru ³
+cit.krasnodar.ru ³
+data.krasnodar.ru ⁷
+depstroy.krasnodar.ru ³
+www.depstroy.krasnodar.ru ³
+dis.krasnodar.ru ³
+dsh.krasnodar.ru ³
+www.dsh.krasnodar.ru ³
+doc.dsh.krasnodar.ru ³
+ecm.krasnodar.ru ⁴
+economy.krasnodar.ru ²
+email.krasnodar.ru ³
+gis.krasnodar.ru ⁴
+www.gis.krasnodar.ru ⁴
+gosuslugi.krasnodar.ru ³
+grigorevskaia.krasnodar.ru ³
+iss.krasnodar.ru ³
+kks.krasnodar.ru ³
+m.krasnodar.ru ⁴
+mail.krasnodar.ru ³
+maps.krasnodar.ru ³
+a.maps.krasnodar.ru ³
+b.maps.krasnodar.ru ³
+c.maps.krasnodar.ru ³
+d.maps.krasnodar.ru ³
+e.maps.krasnodar.ru ³
+g.maps.krasnodar.ru ³
+h.maps.krasnodar.ru ³
+i.maps.krasnodar.ru ³
+ianalytics.maps.krasnodar.ru ³
+ifires.maps.krasnodar.ru ³
+invprj.maps.krasnodar.ru ³
+ispecagro.maps.krasnodar.ru ³
+iunds.maps.krasnodar.ru ³
+k.maps.krasnodar.ru ³
+m.maps.krasnodar.ru ³
+n.maps.krasnodar.ru ³
+q.maps.krasnodar.ru ³
+r.maps.krasnodar.ru ³
+s.maps.krasnodar.ru ³
+sb.maps.krasnodar.ru ³
+smallbusiness.maps.krasnodar.ru ³
+u.maps.krasnodar.ru ³
+w.maps.krasnodar.ru ³
+y.maps.krasnodar.ru ³
+z.maps.krasnodar.ru ³
+minstroy.krasnodar.ru ³
+www.minstroy.krasnodar.ru ³
+molod.krasnodar.ru ³
+monitoring.krasnodar.ru ²
+ria.monitoring.krasnodar.ru ²
+mser2.krasnodar.ru ³
+msh.krasnodar.ru ³
+www.msh.krasnodar.ru ³
+newsip.krasnodar.ru ³
+nk.krasnodar.ru ⁴
+nko.krasnodar.ru ³
+od.krasnodar.ru ⁷
+putevki.krasnodar.ru ³
+reestrsonko.krasnodar.ru ³
+reestrsono.krasnodar.ru ³
+region.krasnodar.ru ³
+ris.krasnodar.ru ³
+rpsu.krasnodar.ru ³
+rsn.krasnodar.ru ¹
+www.rsn.krasnodar.ru ¹
+s-mailfilter-01.krasnodar.ru ³
+s-mailfilter-02.krasnodar.ru ³
+ns.sbrf.krasnodar.ru ³
+sch.krasnodar.ru ³
+sftm.krasnodar.ru ³
+sip.krasnodar.ru ³
+smev.krasnodar.ru ³
+lk.uec.krasnodar.ru ⁴
+nk.uec.krasnodar.ru ²
+open.uec.krasnodar.ru ¹
+uecp.krasnodar.ru ³
+uorn.krasnodar.ru ²
+www.vin.krasnodar.ru ¹
+
+
+¹ mismatch
+² refused
+³ timed out
+⁴ self signed
+⁷ protocol error
+-->
+<ruleset name="krasnodar.ru" default_off="failed ruleset test">
+	<target host="krasnodar.ru" />
+	<target host="www.krasnodar.ru" />
+	<target host="admkrai.krasnodar.ru" />
+	<target host="contingent.krasnodar.ru" />
+	<target host="api.contingent.krasnodar.ru" />
+	<target host="diok.krasnodar.ru" />
+	<target host="ds.krasnodar.ru" />
+	<target host="open.krasnodar.ru" />
+	<target host="pgu.krasnodar.ru" />
+	<target host="uec.krasnodar.ru" />
+	<target host="vin.krasnodar.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/krasnoturinsk.info.xml b/src/chrome/content/rules/krasnoturinsk.info.xml
new file mode 100644
index 000000000000..462aa83867fb
--- /dev/null
+++ b/src/chrome/content/rules/krasnoturinsk.info.xml
@@ -0,0 +1,6 @@
+<ruleset name="krasnoturinsk.info" platform="mixedcontent">
+	<target host="krasnoturinsk.info" />
+	<target host="www.krasnoturinsk.info" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/krskstate.ru.xml b/src/chrome/content/rules/krskstate.ru.xml
new file mode 100644
index 000000000000..8affce21dadb
--- /dev/null
+++ b/src/chrome/content/rules/krskstate.ru.xml
@@ -0,0 +1,81 @@
+<!--
+krskstate.ru ⁶
+www.krskstate.ru ⁶
+601.krskstate.ru ³
+apmk.krskstate.ru ⁶
+www.apmk.krskstate.ru ¹
+berezovsky.krskstate.ru ⁶
+www.berezovsky.krskstate.ru ¹
+cds.krskstate.ru ³
+econ.krskstate.ru ⁶
+www.econ.krskstate.ru ¹
+energoeffekt.krskstate.ru ⁶
+exch.krskstate.ru ⁴
+ftp.krskstate.ru ³
+gosuslugi.krskstate.ru ⁴
+www.gosuslugi.krskstate.ru ⁴
+gradkontrol.krskstate.ru ⁶
+www.gradkontrol.krskstate.ru ¹
+hronika.krskstate.ru ⁶
+invest.krskstate.ru ³
+it.krskstate.ru ⁶
+www.it.krskstate.ru ¹
+hub1.it.krskstate.ru ²
+hub2.it.krskstate.ru ²
+idocs.it.krskstate.ru ⁴
+mail.it.krskstate.ru ⁴
+nat.it.krskstate.ru ²
+srv-doc2.it.krskstate.ru ³
+kadry24.krskstate.ru ⁶
+www.kadry24.krskstate.ru ¹
+lesosibirsk.krskstate.ru ⁶
+www.lesosibirsk.krskstate.ru ¹
+mail.krskstate.ru ³
+minfin.krskstate.ru ⁶
+minstroy.krskstate.ru ⁶
+mintrans.krskstate.ru ⁶
+www.mintrans.krskstate.ru ¹
+mlx.krskstate.ru ⁶
+www.mlx.krskstate.ru ¹
+mpr.krskstate.ru ⁶
+www.mpr.krskstate.ru ¹
+mail.mpr.krskstate.ru ³
+my.krskstate.ru ⁴
+www.my.krskstate.ru ⁴
+notes.krskstate.ru ³
+ns.krskstate.ru ³
+partizansky.krskstate.ru ⁶
+www.partizansky.krskstate.ru ¹
+passport.krskstate.ru ⁶
+pda.krskstate.ru ⁶
+pobeda.krskstate.ru ⁶
+pricekontrol.krskstate.ru ⁶
+proks.krskstate.ru ⁶
+www.proks.krskstate.ru ¹
+stimul.krskstate.ru ⁴
+www.trud.krskstate.ru ¹
+vcs.krskstate.ru ⁷
+victory.krskstate.ru ⁶
+vpn.krskstate.ru ³
+wap.krskstate.ru ⁶
+zags.krskstate.ru ⁶
+www.zags.krskstate.ru ¹
+zakon.krskstate.ru ⁶
+www.zakon.krskstate.ru ¹
+zakupki.krskstate.ru ²
+601.krskstate.ru:8080 ⁷
+
+
+¹ mismatch
+² refused
+³ timed out
+⁴ self signed
+⁶ redirect
+⁷ protocol error
+-->
+<ruleset name="krskstate.ru (partial)">
+	<target host="112.krskstate.ru" />
+	<target host="trud.krskstate.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/krystal.info.xml b/src/chrome/content/rules/krystal.info.xml
new file mode 100644
index 000000000000..bd42f0664ec4
--- /dev/null
+++ b/src/chrome/content/rules/krystal.info.xml
@@ -0,0 +1,17 @@
+<!--
+	For other Krystal Hosting coverage, see Krystal_Hosting.xml.
+
+-->
+<ruleset name="Krystal.info" default_off="expired">
+
+	<target host="krystal.info" />
+	<target host="www.krystal.info" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ksk66.ru.xml b/src/chrome/content/rules/ksk66.ru.xml
new file mode 100644
index 000000000000..e9db69298688
--- /dev/null
+++ b/src/chrome/content/rules/ksk66.ru.xml
@@ -0,0 +1,28 @@
+<!--
+www.ksk66.ru ¹
+cat.ksk66.ru ²
+clinic.ksk66.ru ⁴
+www.eda.ksk66.ru ¹
+radio.ksk66.ru ⁴
+taxi.ksk66.ru ²
+zolotoivek.ksk66.ru ¹
+
+
+¹ mismatch
+² refused
+⁴ self signed
+-->
+<ruleset name="ksk66.ru">
+	<target host="ksk66.ru" />
+	<target host="eda.ksk66.ru" />
+	<target host="new.ksk66.ru" />
+	<target host="www.new.ksk66.ru" />
+	<target host="ob.ksk66.ru" />
+
+	<target host="www.ksk66.ru" />
+
+	<rule from="^http://www\.ksk66\.ru/"
+		to="https://ksk66.ru/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ksp.mff.cuni.cz.xml b/src/chrome/content/rules/ksp.mff.cuni.cz.xml
new file mode 100644
index 000000000000..01dd87979dd3
--- /dev/null
+++ b/src/chrome/content/rules/ksp.mff.cuni.cz.xml
@@ -0,0 +1,6 @@
+<ruleset name="KSP MFF UK">
+    <target host="ksp.mff.cuni.cz" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ktxtr.com.xml b/src/chrome/content/rules/ktxtr.com.xml
new file mode 100644
index 000000000000..f748b8258834
--- /dev/null
+++ b/src/chrome/content/rules/ktxtr.com.xml
@@ -0,0 +1,28 @@
+<!--
+	This domain contains a wildcard DNS record.
+
+	Invalid certificate:
+		www
+		a
+		officecdn.microsoft.comc
+		jenkins.int
+		jira.int
+		l
+
+	Timeout:
+		vpn.eu
+-->
+<ruleset name="ktxtr.com">
+
+	<target host="ktxtr.com" />
+	<target host="c.ktxtr.com" />
+		<test url="http://c.ktxtr.com/kx.js" />
+	<target host="s.ktxtr.com" />
+		<test url="http://s.ktxtr.com/kx.js" />
+	<target host="t.ktxtr.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/kuangxiangit.com.xml b/src/chrome/content/rules/kuangxiangit.com.xml
new file mode 100644
index 000000000000..7ea479a906b2
--- /dev/null
+++ b/src/chrome/content/rules/kuangxiangit.com.xml
@@ -0,0 +1,15 @@
+<!--
+	Mismatch:
+		^kuangxiangit.com
+		www.kuangxiangit.com
+-->
+
+<ruleset name="kuangxiangit.com">
+
+	<target host="avatar.kuangxiangit.com" />
+		<test url="http://avatar.kuangxiangit.com/novel/img_item/img-2016-07/526287/avatar/thumb_c0a4d07de0ee581cef2169bbd232a0fe.jpg" />
+	<target host="novel-cdn.kuangxiangit.com" />
+		<test url="http://novel-cdn.kuangxiangit.com/custom/download/1.4.4.02/Novel-release_14402_jiagu_sign-1109-2-PCdownload.apk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/kuna.io.xml b/src/chrome/content/rules/kuna.io.xml
new file mode 100644
index 000000000000..321151ecc80d
--- /dev/null
+++ b/src/chrome/content/rules/kuna.io.xml
@@ -0,0 +1,26 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://mining.kuna.io/ => https://mining.kuna.io/: (6, 'Could not resolve host: mining.kuna.io')
+
+www.kuna.io ⁴
+card.kuna.io ¹
+investors.kuna.io different content
+
+
+¹ mismatch
+⁴ self signed
+-->
+<ruleset name="kuna.io" default_off="failed ruleset test">
+	<target host="kuna.io" />
+	<target host="buy.kuna.io" />
+	<target host="crowdsale.kuna.io" />
+	<target host="mining.kuna.io" />
+
+	<target host="www.kuna.io" />
+
+	<rule from="^http://www\.kuna\.io/"
+		to="https://kuna.io/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/kurs.expert.xml b/src/chrome/content/rules/kurs.expert.xml
new file mode 100644
index 000000000000..f18ed7dfef07
--- /dev/null
+++ b/src/chrome/content/rules/kurs.expert.xml
@@ -0,0 +1,15 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://p2p.kurs.expert/ => https://p2p.kurs.expert/: (51, "SSL: no alternative certificate subject name matches target host name 'p2p.kurs.expert'")
+Fetch error: http://www.p2p.kurs.expert/ => https://www.p2p.kurs.expert/: (6, 'Could not resolve host: www.p2p.kurs.expert')
+
+-->
+<ruleset name="kurs.expert" default_off="failed ruleset test">
+	<target host="kurs.expert" />
+	<target host="www.kurs.expert" />
+	<target host="p2p.kurs.expert" />
+	<target host="www.p2p.kurs.expert" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/kutub-pdf.net.xml b/src/chrome/content/rules/kutub-pdf.net.xml
new file mode 100644
index 000000000000..5b7a1d20e7f7
--- /dev/null
+++ b/src/chrome/content/rules/kutub-pdf.net.xml
@@ -0,0 +1,8 @@
+<ruleset name="kutub-pdf.net">
+	<target host="kutub-pdf.net" />
+	<target host="www.kutub-pdf.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/kva.se.xml b/src/chrome/content/rules/kva.se.xml
new file mode 100644
index 000000000000..0e2d2ad7db35
--- /dev/null
+++ b/src/chrome/content/rules/kva.se.xml
@@ -0,0 +1,13 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://kva.se/ => https://kva.se/: (51, "SSL: no alternative certificate subject name matches target host name 'kva.se'")
+Fetch error: http://www.kva.se/ => https://www.kva.se/: (51, "SSL: no alternative certificate subject name matches target host name 'www.kva.se'")
+
+-->
+<ruleset name="kva" default_off="failed ruleset test">
+        <target host="kva.se" />
+        <target host="www.kva.se" />
+
+        <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/lada.kz.xml b/src/chrome/content/rules/lada.kz.xml
new file mode 100644
index 000000000000..dc2a69311642
--- /dev/null
+++ b/src/chrome/content/rules/lada.kz.xml
@@ -0,0 +1,7 @@
+<ruleset name="lada.kz">
+	<target host="lada.kz" />
+	<target host="www.lada.kz" />
+	<!-- <target host="map.lada.kz" /> --><!-- ERROR (35, schannel: SNI or certificate check failed: SEC_E_WRONG_PRINCIPAL (0x80090322) -    .) -->
+	<!-- <target host="gazeta.lada.kz" /> --><!-- ERROR (35, schannel: SNI or certificate check failed: SEC_E_WRONG_PRINCIPAL (0x80090322) -    .) -->
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ladsholidayguide.com.xml b/src/chrome/content/rules/ladsholidayguide.com.xml
new file mode 100644
index 000000000000..e64713fc5b10
--- /dev/null
+++ b/src/chrome/content/rules/ladsholidayguide.com.xml
@@ -0,0 +1,26 @@
+<!--
+	^ladsholidayguide.com: Dropped
+
+-->
+<ruleset name="Lads Holiday Guide.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.ladsholidayguide.com" />
+
+	<!--	Complications:
+				-->
+	<target host="ladsholidayguide.com" />
+
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://ladsholidayguide\.com/"
+		to="https://www.ladsholidayguide.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/laibafile.cn.xml b/src/chrome/content/rules/laibafile.cn.xml
new file mode 100644
index 000000000000..24cfaeb54f4b
--- /dev/null
+++ b/src/chrome/content/rules/laibafile.cn.xml
@@ -0,0 +1,25 @@
+<!--
+	images for bbs.tianya.cn , one of the biggest Chinese bbs.
+
+	Failed:
+		^
+
+	Mismatch:
+		www.laibafile.cn
+		img1.laibafile.cn
+		img2.laibafile.cn
+-->
+<ruleset name="laibafile.cn">
+	<target host="img1.laibafile.cn" />
+	<target host="img2.laibafile.cn" />
+	<target host="img3.laibafile.cn" />
+
+	<rule from="^http://img(1|2)\.laibafile\.cn/"
+		to="https://img3.laibafile.cn/" />
+
+ 		<test url="http://img1.laibafile.cn/p/m/176606893.jpg" />
+ 		<test url="http://img2.laibafile.cn/laiba/images/14750860/12548882982110098373/A/1/m.jpg" />
+ 		<test url="http://img3.laibafile.cn/p/m/192917136.jpg" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/laiwang.com.xml b/src/chrome/content/rules/laiwang.com.xml
new file mode 100644
index 000000000000..af927afaa35c
--- /dev/null
+++ b/src/chrome/content/rules/laiwang.com.xml
@@ -0,0 +1,85 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://wukong.laiwang.com/ => https://wukong.laiwang.com/: (6, 'Could not resolve host: wukong.laiwang.com')
+
+	For other Alibaba Group coverage, see Alibaba.xml.
+
+
+	Nonfunctional hosts in *laiwang.com:
+
+		- baron ᵈ
+		- hi ʳ
+		- hicdn ʳ
+		- m ¹
+
+	¹ 501
+	ᵈ Dropped
+	ʳ Refused
+
+
+	Problematic hosts in *laiwang.com:
+
+		- party ᵐ
+
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these domains:
+
+		- .laiwang.com
+
+
+	Mixed content:
+
+		- Image, on:
+
+			- pp from pin.aliyun.com ˢ
+			- www from gtms0\d.alicdn.com ˢ
+			- www from i01.lw.aliimg.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Laiwang.com (partial)" default_off="failed ruleset test">
+
+	<target host="laiwang.com" />
+	<target host="pp.laiwang.com" />
+	<target host="wukong.laiwang.com" />
+	<target host="www.laiwang.com" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.laiwang\.com/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://(?:www\.)?laiwang\.com/(?!/*(?:favicon\.ico|/event/(?:feed|share)\.htm|qr\.html))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.laiwang.com/default.aspx" />
+			<test url="http://www.laiwang.com/index.htm" />
+			<test url="http://www.laiwang.com/index.php" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.laiwang.com/event/feed.htm?userId=1161842&amp;feedId=217369143" /><!--	mixed images -->
+			<test url="http://www.laiwang.com/event/share.htm?eventId=10370008" /><!--	mixed images -->
+			<test url="http://www.laiwang.com/favicon.ico" />
+			<test url="http://www.laiwang.com/qr.html" />
+
+		<!--	Sets cookie without Secure:
+							-->
+		<test url="http://pp.laiwang.com/reg/recover_pass.htm" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.laiwang\.com$" name="^(?:__last_login_pubid__|__last_loginid__|_fs_|_notice_type_|_pub_last_login_account_|_uid_bind_|_user_name_|JSESSIONID|pubsetmp|setmp|tmp0|umid_timestamp|umid_token)$" /-->
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/lambeth.gov.uk-falsemixed.xml b/src/chrome/content/rules/lambeth.gov.uk-falsemixed.xml
new file mode 100644
index 000000000000..84c43b02853a
--- /dev/null
+++ b/src/chrome/content/rules/lambeth.gov.uk-falsemixed.xml
@@ -0,0 +1,17 @@
+<!--
+	For rules not causing false/broken MCB, see lambeth.gov.uk.xml.
+
+-->
+<ruleset name="Lambeth.gov.uk (false MCB)" platform="mixedcontent">
+
+	<target host="moderngov.lambeth.gov.uk" />
+
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/lambeth.gov.uk.xml b/src/chrome/content/rules/lambeth.gov.uk.xml
new file mode 100644
index 000000000000..27eb4e98aade
--- /dev/null
+++ b/src/chrome/content/rules/lambeth.gov.uk.xml
@@ -0,0 +1,130 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://onlinepermits.lambeth.gov.uk/ (200) => https://onlinepermits.lambeth.gov.uk/ (404)
+
+	London Borough of Lambeth Council
+
+	For rules causing false/broken MCB, see lambeth.gov.uk-falsemixed.xml.
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *lambeth.gov.uk:
+
+		- cilcalc ᵃ
+		- landmark ʰ
+		- parkingphotos ᵈ
+		- portal ⁴
+
+	⁴ >=1 path 404s
+	ᵃ Shows another domain
+	ᵈ Dropped
+	ʰ Redirects to http
+
+
+	Problematic hosts in *lambeth.gov.uk:
+
+		- ^ ²
+		- extranet ᶜ
+		- moderngov ˣ
+		- yourcareyourway ⁴
+
+	² 200 "an error has occurred"
+	⁴ 404
+	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
+	ˣ Mixed css, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+
+	Partially covered hosts in *lambeth.gov.uk:
+
+		- moderngov ʰ
+
+	ʰ Some pages redirect to http
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- lambeth.gov.uk
+		- bookings.lambeth.gov.uk
+		- centrebookings.lambeth.gov.uk
+		- housingmanagement.lambeth.gov.uk
+		- .housingmanagement.lambeth.gov.uk
+		- moderngov.lambeth.gov.uk
+		- my.lambeth.gov.uk
+		- onlinepermits.lambeth.gov.uk
+		- www.lambeth.gov.uk
+
+
+	Mixed content:
+
+		- css, on:
+
+			- housingmanagement from fonts.googleapis.com ˢ
+			- moderngov from www.lambeth.gov.uk ˢ
+
+		- Images, on:
+
+			- moderngov from $self ˢ
+			- moderngov from www.lambeth.gov.uk ˢ
+
+		- Bug on moderngov from cdn.leafletjs.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Lambeth.gov.uk (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="bookings.lambeth.gov.uk" />
+	<target host="centrebookings.lambeth.gov.uk" />
+	<!--target host="extranet.lambeth.gov.uk" /-->
+	<target host="housingmanagement.lambeth.gov.uk" />
+	<target host="libraries.lambeth.gov.uk" />
+	<!--target host="moderngov.lambeth.gov.uk" /-->
+	<target host="my.lambeth.gov.uk" />
+	<target host="onlinepermits.lambeth.gov.uk" />
+	<target host="pcbooking.lambeth.gov.uk" />
+	<target host="www.lambeth.gov.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="lambeth.gov.uk" />
+	<target host="yourcareyourway.lambeth.gov.uk" />
+
+		<!--	Sets cookie without Secure:
+							-->
+		<!--test url="http://onlinepermits.lambeth.gov.uk/ecommerce/control/GenralTermCondition" /-->
+
+		<!--	404:
+				-->
+		<!--test url="http://portal.lambeth.gov.uk/cemetery/GraveAboutCemeteryDatabase.aspx" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?lambeth\.gov\.uk$" name="^SERVERID$" /-->
+	<!--securecookie host="^housingmanagement\.lambeth\.gov\.uk$" name="^(?:BIGipServer|JSESSIONID$)" /-->
+	<!--securecookie host="^\.housingmanagement\.lambeth\.gov\.uk$" name="^JSESSIONID$" /-->
+	<!--securecookie host="^(?:bookings|centrebookings|moderngov)\.lambeth\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^my\.lambeth\.gov\.uk$" name="^(?:JSESSIONID|cookietest)$" /-->
+	<!--securecookie host="^onlinepermits\.lambeth\.gov\.uk$" name="^OFBiz\.Visitor$" /-->
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\.housingmanagement\." name=".+" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<!--	Redirect keeps path, but not forward slash nor args:
+									-->
+	<rule from="^http://yourcareyourway\.lambeth\.gov\.uk/+([^?]*)(?:\?.*)?"
+		to="https://www.careplace.org.uk/$1" />
+
+		<test url="http://yourcareyourway.lambeth.gov.uk//Shortlist" />
+		<test url="http://yourcareyourway.lambeth.gov.uk/requestlogin?" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/lamppostproductions.com.xml b/src/chrome/content/rules/lamppostproductions.com.xml
new file mode 100644
index 000000000000..7dccb3c7e640
--- /dev/null
+++ b/src/chrome/content/rules/lamppostproductions.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="lamppostproductions.com">
+	<target host="lamppostproductions.com" />
+	<target host="www.lamppostproductions.com" />
+	<target host="secure.lamppostproductions.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/lan.ua.xml b/src/chrome/content/rules/lan.ua.xml
new file mode 100644
index 000000000000..d7935a50e9e5
--- /dev/null
+++ b/src/chrome/content/rules/lan.ua.xml
@@ -0,0 +1,46 @@
+<!--
+aksu.lan.ua ³
+atyk.lan.ua ⁴
+auth-ns1.lan.ua ³
+auth-ns2.lan.ua ³
+brit.lan.ua ²
+equinox.lan.ua ³
+eye3.lan.ua/: (35, 'error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure')
+fmd.lan.ua ³
+glaz.lan.ua ³
+iptv.lan.ua ³
+mail.lan.ua ¹
+rdp.lan.ua ⁴
+recursive-ns-00.lan.ua ³
+recursive-ns-01.lan.ua ³
+recursive-ns-02.lan.ua ³
+tm18.lan.ua ³
+tvmon.lan.ua ²
+voip.lan.ua ³
+wiki.lan.ua ²
+mag.lan.ua different content
+ntp.lan.ua different content
+old.lan.ua different content
+smart.lan.ua different content
+speedtest.lan.ua different content
+tv.lan.ua different content
+tv-hosting.lan.ua different content
+
+
+¹ mismatch
+² refused
+³ timed out
+⁴ self signed
+-->
+<ruleset name="lan.ua">
+	<target host="lan.ua" />
+	<target host="www.lan.ua" />
+	<target host="cureit.lan.ua" />
+	<target host="dune.lan.ua" />
+	<target host="fun.lan.ua" />
+	<target host="stat.lan.ua" />
+	<target host="ticket.lan.ua" />
+	<target host="video.lan.ua" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/lanbilling.ru.xml b/src/chrome/content/rules/lanbilling.ru.xml
new file mode 100644
index 000000000000..069be104fa9a
--- /dev/null
+++ b/src/chrome/content/rules/lanbilling.ru.xml
@@ -0,0 +1,20 @@
+<!--
+mail.lanbilling.ru ⁵
+mx.lanbilling.ru ⁵
+old.lanbilling.ru ³
+
+
+³ timed out
+⁵ expired
+-->
+<ruleset name="lanbilling.ru">
+	<target host="lanbilling.ru" />
+	<target host="www.lanbilling.ru" />
+	<target host="client.lanbilling.ru" />
+	<target host="forum.lanbilling.ru" />
+	<target host="forums.lanbilling.ru" />
+	<target host="hd.lanbilling.ru" />
+	<target host="trackme.lanbilling.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/lancashire.gov.uk-mixedcontent.xml b/src/chrome/content/rules/lancashire.gov.uk-mixedcontent.xml
new file mode 100644
index 000000000000..2940f44ccfef
--- /dev/null
+++ b/src/chrome/content/rules/lancashire.gov.uk-mixedcontent.xml
@@ -0,0 +1,16 @@
+<!--
+	For rules not causing false/broken MCB, see lancashire.gov.uk.xml.
+
+-->
+<ruleset name="Lancashire.gov.uk (MCB)" platform="mixedcontent">
+
+	<target host="council.lancashire.gov.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/lancashire.gov.uk.xml b/src/chrome/content/rules/lancashire.gov.uk.xml
new file mode 100644
index 000000000000..c848d5a40178
--- /dev/null
+++ b/src/chrome/content/rules/lancashire.gov.uk.xml
@@ -0,0 +1,88 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://eforms.lancashire.gov.uk/ => https://eforms.lancashire.gov.uk/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	Lancashire County Council
+
+	For rules causing MCB, see lancashire.gov.uk-mixedcontent.xml.
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *lancashire.gov.uk:
+
+		- (www.)? ᵃ
+		- float-trawlers ᵈ
+		- heyshamlink ᵃ
+		- internaljobs ᵃ
+		- jobs ᵃ
+		- lclnetloan ᵈ
+		- learningzone ᵃ
+		- lis ᵃ
+		- mario ʳ
+		- new ᵈ
+		- oracleelearning ᵈ
+		- planningregister ʳ
+		- www3 *
+
+	* Redirects to a nonexistant host
+	ᵃ Shows another domain
+	ᵈ Dropped
+	ʳ Refused
+
+
+	Problematic hosts in *lancashire.gov.uk:
+
+		- www.archives ᵐ
+		- council ˣ
+		- forms ᵉ ᵘ
+
+	ᵉ Expired
+	ᵐ Mismatched
+	ᵘ Untrusted root
+	ˣ Mixed css
+
+
+	Insecure cookies are set for these hosts:
+
+		- adultlearning.lancashire.gov.uk
+		- council.lancashire.gov.uk
+		- eforms.lancashire.gov.uk
+		- fisonline.lancashire.gov.uk
+
+
+	Mixed content:
+
+		- css on council from www3.lancashire.gov.uk ᵘ
+
+	ᵘ Unsecurable
+
+-->
+<ruleset name="Lancashire.gov.uk (partial)" default_off="failed ruleset test">
+
+	<target host="adultlearning.lancashire.gov.uk" />
+	<target host="bookyourpc.lancashire.gov.uk" />
+	<!--target host="council.lancashire.gov.uk" /-->
+	<target host="eforms.lancashire.gov.uk" />
+	<target host="fisonline.lancashire.gov.uk" />
+	<target host="lccsecure.lancashire.gov.uk" />
+
+		<!--	$ 403s, so:
+					-->
+		<test url="http://fisonline.lancashire.gov.uk/earlyyears/publicenquiry/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:adultlearning|council)\.lancashire\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^eforms\.lancashire\.gov\.uk$" name="^(?:ASPSESSIONID[A-Z]{32}|firmstep2server|firmstep2session)$" /-->
+	<!--securecookie host="^fisonline\.lancashire\.gov\.uk$" name="^PE(?:Language|Test)Cookie$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/lancaster.gov.uk.xml b/src/chrome/content/rules/lancaster.gov.uk.xml
new file mode 100644
index 000000000000..185ca63488e3
--- /dev/null
+++ b/src/chrome/content/rules/lancaster.gov.uk.xml
@@ -0,0 +1,49 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://planning.lancaster.gov.uk/ (200) => https://planning.lancaster.gov.uk/ (403)
+
+	Lancaster City Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *lancaster.gov.uk:
+
+		- m ᵃ
+
+	ᵃ Shows another domain
+
+
+	Insecure cookies are set for these hosts:
+
+		- committeeadmin.lancaster.gov.uk
+
+
+	Mixed content:
+
+		- Bug on (www.)? from socitm.govmetric.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Lancaster.gov.uk (partial)" default_off="failed ruleset test">
+
+	<target host="lancaster.gov.uk" />
+	<target host="committeeadmin.lancaster.gov.uk" />
+	<target host="licensing.lancaster.gov.uk" />
+	<target host="planning.lancaster.gov.uk" />
+	<target host="www.lancaster.gov.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^committeeadmin\.lancaster\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/lanceursdalerte.info.xml b/src/chrome/content/rules/lanceursdalerte.info.xml
new file mode 100644
index 000000000000..21ebf63f9f3f
--- /dev/null
+++ b/src/chrome/content/rules/lanceursdalerte.info.xml
@@ -0,0 +1,10 @@
+<ruleset name="Lanceurs d'alerte">
+
+	<target host="lanceursdalerte.info" />
+	<target host="www.lanceursdalerte.info" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/landaire.net.xml b/src/chrome/content/rules/landaire.net.xml
new file mode 100644
index 000000000000..c1699d4e59d4
--- /dev/null
+++ b/src/chrome/content/rules/landaire.net.xml
@@ -0,0 +1,25 @@
+<!--
+	^landaire.net: Mismatched
+
+-->
+<ruleset name="landaire.net">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.landaire.net" />
+
+	<!--	Complications:
+				-->
+	<target host="landaire.net" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://landaire\.net/"
+		to="https://www.landaire.net/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/landalskilife.be.xml b/src/chrome/content/rules/landalskilife.be.xml
new file mode 100644
index 000000000000..388bfd59a9c7
--- /dev/null
+++ b/src/chrome/content/rules/landalskilife.be.xml
@@ -0,0 +1,17 @@
+<!--
+	For other Wyndham related rulesets, see WyndhamHotels.com.xml
+
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- landalskilife.be
+-->
+<ruleset name="landalskilife.be">
+	<target host="landalskilife.be" />
+	<target host="www.landalskilife.be" />
+
+	<rule from="^http://landalskilife\.be/"
+			to="https://www.landalskilife.be/" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/landalskilife.ch.xml b/src/chrome/content/rules/landalskilife.ch.xml
new file mode 100644
index 000000000000..61f63e322d3c
--- /dev/null
+++ b/src/chrome/content/rules/landalskilife.ch.xml
@@ -0,0 +1,17 @@
+<!--
+	For other Wyndham related rulesets, see WyndhamHotels.com.xml
+
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- landalskilife.ch
+-->
+<ruleset name="landalskilife.ch">
+	<target host="landalskilife.ch" />
+	<target host="www.landalskilife.ch" />
+
+	<rule from="^http://landalskilife\.ch/"
+			to="https://www.landalskilife.ch/" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/landalskilife.com.xml b/src/chrome/content/rules/landalskilife.com.xml
new file mode 100644
index 000000000000..e527be15e08f
--- /dev/null
+++ b/src/chrome/content/rules/landalskilife.com.xml
@@ -0,0 +1,17 @@
+<!--
+	For other Wyndham related rulesets, see WyndhamHotels.com.xml
+
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- landalskilife.com
+-->
+<ruleset name="landalskilife.com">
+	<target host="landalskilife.com" />
+	<target host="www.landalskilife.com" />
+
+	<rule from="^http://landalskilife\.com/"
+			to="https://www.landalskilife.com/" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/landalskilife.cz.xml b/src/chrome/content/rules/landalskilife.cz.xml
new file mode 100644
index 000000000000..0eea9964f90f
--- /dev/null
+++ b/src/chrome/content/rules/landalskilife.cz.xml
@@ -0,0 +1,17 @@
+<!--
+	For other Wyndham related rulesets, see WyndhamHotels.com.xml
+
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- landalskilife.cz
+-->
+<ruleset name="landalskilife.cz">
+	<target host="landalskilife.cz" />
+	<target host="www.landalskilife.cz" />
+
+	<rule from="^http://landalskilife\.cz/"
+			to="https://www.landalskilife.cz/" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/landalskilife.de.xml b/src/chrome/content/rules/landalskilife.de.xml
new file mode 100644
index 000000000000..497e97e9d511
--- /dev/null
+++ b/src/chrome/content/rules/landalskilife.de.xml
@@ -0,0 +1,17 @@
+<!--
+	For other Wyndham related rulesets, see WyndhamHotels.com.xml
+
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- landalskilife.de
+-->
+<ruleset name="landalskilife.de">
+	<target host="landalskilife.de" />
+	<target host="www.landalskilife.de" />
+
+	<rule from="^http://landalskilife\.de/"
+			to="https://www.landalskilife.de/" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/landalskilife.fr.xml b/src/chrome/content/rules/landalskilife.fr.xml
new file mode 100644
index 000000000000..bd54d00601bf
--- /dev/null
+++ b/src/chrome/content/rules/landalskilife.fr.xml
@@ -0,0 +1,17 @@
+<!--
+	For other Wyndham related rulesets, see WyndhamHotels.com.xml
+
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- landalskilife.fr
+-->
+<ruleset name="landalskilife.fr">
+	<target host="landalskilife.fr" />
+	<target host="www.landalskilife.fr" />
+
+	<rule from="^http://landalskilife\.fr/"
+			to="https://www.landalskilife.fr/" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/landalskilife.nl.xml b/src/chrome/content/rules/landalskilife.nl.xml
new file mode 100644
index 000000000000..5d89cdb24672
--- /dev/null
+++ b/src/chrome/content/rules/landalskilife.nl.xml
@@ -0,0 +1,17 @@
+<!--
+	For other Wyndham related rulesets, see WyndhamHotels.com.xml
+
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- landalskilife.nl
+-->
+<ruleset name="landalskilife.nl">
+	<target host="landalskilife.nl" />
+	<target host="www.landalskilife.nl" />
+
+	<rule from="^http://landalskilife\.nl/"
+			to="https://www.landalskilife.nl/" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/lanet.ua.xml b/src/chrome/content/rules/lanet.ua.xml
new file mode 100644
index 000000000000..afcef035620b
--- /dev/null
+++ b/src/chrome/content/rules/lanet.ua.xml
@@ -0,0 +1,23 @@
+<!--
+sd.speedtest.lanet.ua mismatch
+-->
+<ruleset name="lanet.ua (partial)">
+	<target host="lanet.ua" />
+	<target host="www.lanet.ua" />
+	<target host="chervonograd.lanet.ua" />
+	<target host="drohobych.lanet.ua" />
+	<target host="if.lanet.ua" />
+	<target host="kalush.lanet.ua" />
+	<target host="karpaty.lanet.ua" />
+	<target host="kp.lanet.ua" />
+	<target host="my.lanet.ua" />
+	<target host="rada.lanet.ua" />
+	<target host="sambir.lanet.ua" />
+	<target host="sdonetsk.lanet.ua" />
+	<target host="static.lanet.ua" />
+	<target host="vn.lanet.ua" />
+	<target host="volodymyr.lanet.ua" />
+	<target host="go.lanet.ua" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/lansp.ru.xml b/src/chrome/content/rules/lansp.ru.xml
new file mode 100644
index 000000000000..45b9404fa737
--- /dev/null
+++ b/src/chrome/content/rules/lansp.ru.xml
@@ -0,0 +1,33 @@
+<!--
+lansp.ru ¹
+www.lansp.ru ¹
+core.lansp.ru ³
+core-backup.lansp.ru ³
+core2.lansp.ru ³
+core3.lansp.ru ³
+core4.lansp.ru ³
+core5.lansp.ru ³
+monsterbox.lansp.ru ³
+nbserv.lansp.ru ³
+ns2.lansp.ru ³
+pbx.lansp.ru ³
+stop-stealing.lansp.ru ³
+
+
+¹ mismatch
+³ timed out
+-->
+<ruleset name="lansp.ru (partial)">
+	<target host="bill.lansp.ru" />
+	<target host="cacti.lansp.ru" />
+	<target host="mail.lansp.ru" />
+	<target host="ns.lansp.ru" />
+	<target host="ns1.lansp.ru" />
+	<target host="podstolom.lansp.ru" />
+	<target host="storage.lansp.ru" />
+	<target host="tele.lansp.ru" />
+	<target host="tuban.lansp.ru" />
+	<target host="video.lansp.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/lantek.ru.xml b/src/chrome/content/rules/lantek.ru.xml
new file mode 100644
index 000000000000..c6728977a48e
--- /dev/null
+++ b/src/chrome/content/rules/lantek.ru.xml
@@ -0,0 +1,10 @@
+<!--
+lantek.ru mismatch
+www.lantek.ru mismatch
+-->
+<ruleset name="lantek.ru (partial)">
+	<target host="lk.lantek.ru" />
+	<target host="mail.lantek.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/laronde.com.xml b/src/chrome/content/rules/laronde.com.xml
new file mode 100644
index 000000000000..af7594d0dc73
--- /dev/null
+++ b/src/chrome/content/rules/laronde.com.xml
@@ -0,0 +1,18 @@
+<!--
+	Invalid certificate:
+		help.laronde.com
+-->
+<ruleset name="La Ronde">
+
+	<target host="laronde.com" />
+	<target host="www.laronde.com" />
+	<target host="employes.laronde.com" />
+	<target host="m.laronde.com" />
+	<target host="origin-m.laronde.com" />
+	<target host="qawww.laronde.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/laterooms.com.xml b/src/chrome/content/rules/laterooms.com.xml
new file mode 100644
index 000000000000..338bfd4d4834
--- /dev/null
+++ b/src/chrome/content/rules/laterooms.com.xml
@@ -0,0 +1,36 @@
+<!--
+	Nonfunctional hosts in *laterooms.com:
+
+		- affiliates ᶠ
+		- blog ʳ
+		- careers ᵃ
+		- mediacentre ʳ
+		- press ʳ
+
+	ᵃ Shows another domain
+	ᶠ Handshake fails
+	ʳ Refused
+
+
+	Insecure cookies are set for these domains:
+
+		- .laterooms.com
+
+-->
+<ruleset name="Late Rooms.com (partial)">
+
+	<target host="images.laterooms.com" />
+	<target host="myaccount.laterooms.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.laterooms\.com$" name="^moomin-sid$" /-->
+
+	<securecookie host="^\." name="^_gat?$" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/latticechallenge.org.xml b/src/chrome/content/rules/latticechallenge.org.xml
new file mode 100644
index 000000000000..0f863701f2b5
--- /dev/null
+++ b/src/chrome/content/rules/latticechallenge.org.xml
@@ -0,0 +1,13 @@
+<ruleset name="Lattice Challenge.org">
+
+	<target host="latticechallenge.org" />
+	<target host="www.latticechallenge.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/laughingsquid.com.xml b/src/chrome/content/rules/laughingsquid.com.xml
new file mode 100644
index 000000000000..2c4a395503b9
--- /dev/null
+++ b/src/chrome/content/rules/laughingsquid.com.xml
@@ -0,0 +1,77 @@
+<!--
+	Other Laughing Squid rulesets:
+
+		- Laughing-Squid.xml
+
+
+	Nonfunctional hosts in *laughingsquid.com:
+
+		- links ʳ
+
+	ʳ Tumblr / refused
+
+
+	Problematic hosts in *laughingsquid.com:
+
+		- feeds ᶠ
+		- johnlaw ᵐ
+
+	ᶠ Feedburner / handshake fails
+	ᵐ Wordpress / mismatched
+
+
+	Partially covered hosts in *laughingsquid.com:
+
+		- links		(→ www.facebook.com)
+
+
+	Mixed content:
+
+		- Images on ^ from $self ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="Laughing Squid.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="laughingsquid.com" />
+	<target host="store.laughingsquid.com" />
+	<target host="www.laughingsquid.com" />
+
+	<!--	Complications:
+				-->
+	<target host="feeds.laughingsquid.com" />
+	<target host="links.laughingsquid.com" />
+
+
+	<securecookie host="^\." name="^_(?:_qca|gat?)$" />
+	<securecookie host="^(?!links\.)\w" name=".+" />
+
+
+	<rule from="^http://feeds\.laughingsquid\.com/"
+		to="https://feeds.feedburner.com/" />
+
+	<!--	Redirect drops args:
+					-->
+	<rule from="^http://links\.laughingsquid\.com/facebook.*"
+		to="https://www.facebook.com/laughingsquid/#_=_" />
+
+		<exclusion pattern="^http://links\.laughingsquid\.com/(?!facebook(?:$|\?))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://links.laughingsquid.com/email" />
+			<test url="http://links.laughingsquid.com/image/139926399428" />
+			<test url="http://links.laughingsquid.com/post/37348856236/candelier-gummy-bear-chandeliers" />
+
+			<!--	-ve:
+					-->
+			<test url="http://links.laughingsquid.com/facebook" />
+			<test url="http://links.laughingsquid.com/facebook?" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/lawfareblog.com.xml b/src/chrome/content/rules/lawfareblog.com.xml
new file mode 100644
index 000000000000..acb62f8e8259
--- /dev/null
+++ b/src/chrome/content/rules/lawfareblog.com.xml
@@ -0,0 +1,20 @@
+<!--
+	CDN buckets:
+
+		- lawfare.s3-us-west-2.amazonaws.com
+
+-->
+<ruleset name="Lawfare Blog.com">
+
+	<target host="lawfareblog.com" />
+	<target host="www.lawfareblog.com" />
+
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/lawinenwarndienst-bayern.de.xml b/src/chrome/content/rules/lawinenwarndienst-bayern.de.xml
new file mode 100644
index 000000000000..77a2170d831b
--- /dev/null
+++ b/src/chrome/content/rules/lawinenwarndienst-bayern.de.xml
@@ -0,0 +1,8 @@
+<ruleset name="Lawinenwarndienst Bayern">
+
+	<target host="www.lawinenwarndienst-bayern.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/lazyfoo.net.xml b/src/chrome/content/rules/lazyfoo.net.xml
new file mode 100644
index 000000000000..a8b1c7f9c7b1
--- /dev/null
+++ b/src/chrome/content/rules/lazyfoo.net.xml
@@ -0,0 +1,16 @@
+<!--
+	Invalid certificate:
+		ftp.lazyfoo.net
+		ssh.lazyfoo.net
+		webmail.lazyfoo.net
+		www.webmail.lazyfoo.net
+
+	Refused:
+		mail.lazyfoo.net
+-->
+<ruleset name="lazyfoo.net">
+	<target host="lazyfoo.net" />
+	<target host="www.lazyfoo.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/lbo-news.com.xml b/src/chrome/content/rules/lbo-news.com.xml
new file mode 100644
index 000000000000..99581ab9c093
--- /dev/null
+++ b/src/chrome/content/rules/lbo-news.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="LBO-News.com">
+
+	<target host="lbo-news.com" />
+	<target host="www.lbo-news.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/lbp.me.xml b/src/chrome/content/rules/lbp.me.xml
new file mode 100644
index 000000000000..88685ed2b2a7
--- /dev/null
+++ b/src/chrome/content/rules/lbp.me.xml
@@ -0,0 +1,113 @@
+<!--
+	For other Sony coverage, see Sony.xml.
+
+
+	CDN buckets:
+
+		- lbpme-content.s3-website-eu-west-1.amazonaws.com
+		- d141hmy29x8qy7.cloudfront.net	← ic, id, ie, if
+		- d1yraiabw9jigr.cloudfront.net	← i0, i1, i2, i3
+		- d22ru9akokrpj3.cloudfront.net	← i8, i9, ia, ib
+		- del66yf95fbfs.cloudfront.net	← i4, i5, i6, i7
+
+
+	www.lbp.me: Refused
+
+
+	Problematic hosts in *lbp.me:
+
+		- i[0-9a-f] ᵐ
+
+	ᵐ Cloudfront / mismatched
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- lbp.me
+		- .lbp.me
+		- auth.lbp.me
+
+
+	Mixed content:
+
+		- Images from i[0-9a-f].lbp.me ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="LBP.me">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="auth.lbp.me" />
+
+	<!--	Complications:
+				-->
+	<target host="lbp.me" />
+	<target host="i0.lbp.me" />
+	<target host="i1.lbp.me" />
+	<target host="i2.lbp.me" />
+	<target host="i3.lbp.me" />
+	<target host="i4.lbp.me" />
+	<target host="i5.lbp.me" />
+	<target host="i6.lbp.me" />
+	<target host="i7.lbp.me" />
+	<target host="i8.lbp.me" />
+	<target host="i9.lbp.me" />
+	<target host="ia.lbp.me" />
+	<target host="ib.lbp.me" />
+	<target host="ic.lbp.me" />
+	<target host="id.lbp.me" />
+	<target host="ie.lbp.me" />
+	<target host="if.lbp.me" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^lbp\.me$" name="^lma$" /-->
+	<!--securecookie host="^\.lbp\.me$" name="^lmp$" /-->
+	<!--securecookie host="^auth\.lbp\.me$" name="^AWSELB$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://lbp\.me:80/"
+		to="https://lbp.me/" />
+
+		<test url="http://lbp.me:80/v/qx8kve3" />
+
+	<rule from="^http://i[0-3]\.lbp\.me/"
+		to="https://d1yraiabw9jigr.cloudfront.net/" />
+
+		<test url="http://i0.lbp.me/img/fs/e80ae2a8b1624cc3e2cce6a21318dbf73b8acd48.jpg" />
+		<test url="http://i1.lbp.me/img/fs/88146e48c6103d4f1657459179f24bbe026e92e4.jpg" />
+		<test url="http://i2.lbp.me/img/fs/22236ffd493e946a34c5df71166ba9702ab8fa20.jpg" />
+		<test url="http://i3.lbp.me/img/fw/g122229-ff3ca773.png" />
+
+	<rule from="^http://i[4-7]\.lbp\.me/"
+		to="https://del66yf95fbfs.cloudfront.net/" />
+
+		<test url="http://i4.lbp.me/img/bl/d94e54a0f0dfb0f2d256fad9bb27b96be2810d1e.png" />
+		<test url="http://i5.lbp.me/img/fs/095a84c94dbe8fdec84d578ad1f1ea075193ec50.jpg" />
+		<test url="http://i6.lbp.me/img/fm/b5679d5d05be2d42defbc5c7175a4ad3ad98dff5.jpg" />
+		<test url="http://i7.lbp.me/img/fs/98730265a4b1eea2a5062f17ea0935553b51fcd9.jpg" />
+
+	<rule from="^http://i[89ab]\.lbp\.me/"
+		to="https://d22ru9akokrpj3.cloudfront.net/" />
+
+		<test url="http://i8.lbp.me/img/as/4085ea60363865c9aa1fe103a0647b96ea04aa43.png" />
+		<test url="http://ia.lbp.me/img/bl/2ea259520c08c8f830ba289b4e9587c1afc7574d.png" />
+		<test url="http://ib.lbp.me/img/fw/g124763-a8bc7897.png" />
+
+	<rule from="^http://i[c-f]\.lbp\.me/"
+		to="https://d141hmy29x8qy7.cloudfront.net/" />
+
+		<test url="http://ic.lbp.me/img/al/40cb597d4ff98d61fd81222a37bfe0903a81b89d.png" />
+		<test url="http://id.lbp.me/img/as/37d4053e10bd3e48e2e2c9814029c314b1d44a93.png" />
+		<test url="http://ie.lbp.me/img/as/4feaa003b8cabca9f8a8bdd2c2dd1c0c91febdce.png" />
+		<test url="http://if.lbp.me/img/fs/9dfbe82836ed75f2a23494e6e73f7a309b6fbff4.jpg" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/lcdcomps.com.xml b/src/chrome/content/rules/lcdcomps.com.xml
new file mode 100644
index 000000000000..6e5572ca8d90
--- /dev/null
+++ b/src/chrome/content/rules/lcdcomps.com.xml
@@ -0,0 +1,38 @@
+<!--
+	^lcdcomps.com: Mismatched
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- .lcdcomps.com
+		- www.lcdcomps.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="lcdcomps.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.lcdcomps.com" />
+
+	<!--	Complications:
+				-->
+	<target host="lcdcomps.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.lcdcomps\.com$" name="^OAMAuthnHintCookie$" /-->
+	<!--securecookie host="^www\.lcdcomps\.com$" name="^OAMRequestContext" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://lcdcomps\.com/"
+		to="https://www.lcdcomps.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/lczero.org.xml b/src/chrome/content/rules/lczero.org.xml
new file mode 100644
index 000000000000..f68f691194c3
--- /dev/null
+++ b/src/chrome/content/rules/lczero.org.xml
@@ -0,0 +1,12 @@
+<!--
+	Mismatched:
+		https://play.lczero.org/
+-->
+<ruleset name="lczero.org">
+	<target host="lczero.org" />
+	<target host="www.lczero.org" />
+	<target host="blog.lczero.org" />
+	<target host="oldmain.lczero.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/lddb.com.xml b/src/chrome/content/rules/lddb.com.xml
new file mode 100644
index 000000000000..71636c3c9cd5
--- /dev/null
+++ b/src/chrome/content/rules/lddb.com.xml
@@ -0,0 +1,14 @@
+<!--
+	Mismatch:
+		- forum.lddb.com
+		- manuals.lddb.com
+		- muse.lddb.com
+		- webmail.lddb.com
+
+-->
+<ruleset name="lddb.com">
+	<target host="lddb.com" />
+	<target host="www.lddb.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/lduhtrp.net.xml b/src/chrome/content/rules/lduhtrp.net.xml
new file mode 100644
index 000000000000..7d161cea31eb
--- /dev/null
+++ b/src/chrome/content/rules/lduhtrp.net.xml
@@ -0,0 +1,16 @@
+<!--
+	Time out:
+		^
+-->
+
+<ruleset name="lduhtrp.net">
+
+	<target host="www.lduhtrp.net" />
+
+		<!--	Find this test url in https://www.boxun.com/	-->
+
+		<test url="http://www.lduhtrp.net/image-7940418-10896825-1470835250000" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/lead-analytics-1000.com.xml b/src/chrome/content/rules/lead-analytics-1000.com.xml
new file mode 100644
index 000000000000..8201fe2f0df6
--- /dev/null
+++ b/src/chrome/content/rules/lead-analytics-1000.com.xml
@@ -0,0 +1,19 @@
+<!--
+	For other Lead Forensics coverage, see Lead_Forensics.com.xml.
+
+
+	www.lead-analytics-1000.com: Mismatched
+
+-->
+<ruleset name="lead-analytics-1000.com">
+
+	<target host="www.lead-analytics-1000.com" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://www\.lead-analytics-1000\.com/"
+		to="https://www.leadforensics.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/leader-id.ru.xml b/src/chrome/content/rules/leader-id.ru.xml
new file mode 100644
index 000000000000..30cce501b7d1
--- /dev/null
+++ b/src/chrome/content/rules/leader-id.ru.xml
@@ -0,0 +1,14 @@
+<!--
+send.leader-id.ru different content
+srv01-http.leader-id.ru different content
+
+
+-->
+<ruleset name="leader-id.ru">
+	<target host="leader-id.ru" />
+	<target host="www.leader-id.ru" />
+	<target host="admin.leader-id.ru" />
+	<target host="moderator.leader-id.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/leadin.com.xml b/src/chrome/content/rules/leadin.com.xml
new file mode 100644
index 000000000000..a66eb24482c9
--- /dev/null
+++ b/src/chrome/content/rules/leadin.com.xml
@@ -0,0 +1,28 @@
+<!--
+	For other HubSpot coverage, see HubSpot.xml.
+
+
+	Problematic hosts in *leadin.com:
+
+		- support ᴬ
+
+	ᴬ Akamai / mismatched
+
+-->
+<ruleset name="Leadin.com (partial)">
+
+	<target host="leadin.com" />
+	<target host="hubspot.leadin.com" />
+	<target host="js.leadin.com" />
+	<target host="www.leadin.com" />
+
+		<test url="http://js.leadin.com/js/v1/2056863.js" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/learnertrack.net.xml b/src/chrome/content/rules/learnertrack.net.xml
new file mode 100644
index 000000000000..9a4db17a4c7a
--- /dev/null
+++ b/src/chrome/content/rules/learnertrack.net.xml
@@ -0,0 +1,24 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- learnertrack.net
+		- www.learnertrack.net
+
+-->
+<ruleset name="LearnerTrack.net">
+
+	<target host="learnertrack.net" />
+	<target host="www.learnertrack.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?learnertrack\.net$" name="^ASPSESSIONID[A-Z]{8}$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/learning.hccs.edu.xml b/src/chrome/content/rules/learning.hccs.edu.xml
new file mode 100644
index 000000000000..da41f86b9f90
--- /dev/null
+++ b/src/chrome/content/rules/learning.hccs.edu.xml
@@ -0,0 +1,9 @@
+<!--
+	Mismatched:
+		- m.learning.hccs.edu
+-->
+<ruleset name="learning.hccs.edu">
+	<target host="learning.hccs.edu" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/leboncoin.fr.xml b/src/chrome/content/rules/leboncoin.fr.xml
new file mode 100644
index 000000000000..ffcc68033bf1
--- /dev/null
+++ b/src/chrome/content/rules/leboncoin.fr.xml
@@ -0,0 +1,45 @@
+<!--
+	Temporarily down:
+		rss.leboncoin.fr
+
+	Login required:
+		crm.leboncoin.fr
+
+	Invalid certificate:
+		deliv.leboncoin.fr (broken chain)
+		support.leboncoin.fr (broken chain)
+		leboncoin.com
+		www.leboncoin.com
+		lebonco.in
+		www.lebonco.in
+
+	Refused:
+		redirect.leboncoin.fr
+
+-->
+<ruleset name="LeBonCoin">
+
+	<target host="leboncoin.fr"/>
+	<target host="beta.leboncoin.fr"/>
+	<target host="compteperso.leboncoin.fr"/>
+	<target host="comptepro.leboncoin.fr"/>
+	<target host="corporate.leboncoin.fr"/>
+	<target host="ftp.leboncoin.fr"/>
+	<target host="img0.leboncoin.fr"/>
+	<target host="img1.leboncoin.fr"/>
+	<target host="img2.leboncoin.fr"/>
+	<target host="img3.leboncoin.fr"/>
+	<target host="img4.leboncoin.fr"/>
+	<target host="img5.leboncoin.fr"/>
+	<target host="img6.leboncoin.fr"/>
+	<target host="img7.leboncoin.fr"/>
+	<target host="lesincroyablesrencontres.leboncoin.fr"/>
+	<target host="mobile.leboncoin.fr"/>
+	<target host="sondage.leboncoin.fr"/>
+	<target host="static.leboncoin.fr"/>
+	<target host="www.leboncoin.fr"/>
+	<target host="www2.leboncoin.fr"/>
+
+	<rule from="^http:" to="https:"/>
+
+</ruleset>
diff --git a/src/chrome/content/rules/lebsanft.org.xml b/src/chrome/content/rules/lebsanft.org.xml
new file mode 100644
index 000000000000..c56b160f0094
--- /dev/null
+++ b/src/chrome/content/rules/lebsanft.org.xml
@@ -0,0 +1,6 @@
+<ruleset name="lebsanft.org">
+  <target host="www.lebsanft.org" />
+  <target host="owncloud.lebsanft.org" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/lede-project.org.xml b/src/chrome/content/rules/lede-project.org.xml
new file mode 100644
index 000000000000..a523306cebf1
--- /dev/null
+++ b/src/chrome/content/rules/lede-project.org.xml
@@ -0,0 +1,22 @@
+<!--
+	Mismatch:
+		- meetings
+-->
+<ruleset name="LEDE-project.org">
+
+	<target host="lede-project.org" />
+	<target host="www.lede-project.org" />
+	<target host="bugs.lede-project.org" />
+	<target host="downloads.lede-project.org" />
+	<target host="forum.lede-project.org" />
+	<target host="git.lede-project.org" />
+	<target host="sources.lede-project.org" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/leerstandsmelder.de.xml b/src/chrome/content/rules/leerstandsmelder.de.xml
new file mode 100644
index 000000000000..b791d933f190
--- /dev/null
+++ b/src/chrome/content/rules/leerstandsmelder.de.xml
@@ -0,0 +1,13 @@
+<ruleset name="Leerstandsmelder.de">
+
+	<target host="leerstandsmelder.de" />
+	<target host="www.leerstandsmelder.de" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/legapallacanestro.com.xml b/src/chrome/content/rules/legapallacanestro.com.xml
new file mode 100644
index 000000000000..ba6ab8179464
--- /dev/null
+++ b/src/chrome/content/rules/legapallacanestro.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="legapallacanestro.com">
+
+	<target host="tvpass.legapallacanestro.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/leggiero.uk.xml b/src/chrome/content/rules/leggiero.uk.xml
new file mode 100644
index 000000000000..e079ba06ede0
--- /dev/null
+++ b/src/chrome/content/rules/leggiero.uk.xml
@@ -0,0 +1,13 @@
+<ruleset name="Leggiero.uk">
+
+	<target host="leggiero.uk" />
+	<target host="www.leggiero.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/legislation.gov.uk.xml b/src/chrome/content/rules/legislation.gov.uk.xml
new file mode 100644
index 000000000000..d53124a605ab
--- /dev/null
+++ b/src/chrome/content/rules/legislation.gov.uk.xml
@@ -0,0 +1,19 @@
+<!--
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	(www.)?legislation.gov.uk: Redirects to http
+
+-->
+<ruleset name="Legislation.gov.uk (partial)">
+
+	<target host="admin.legislation.gov.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/legoland.de.xml b/src/chrome/content/rules/legoland.de.xml
new file mode 100644
index 000000000000..95764b822955
--- /dev/null
+++ b/src/chrome/content/rules/legoland.de.xml
@@ -0,0 +1,24 @@
+<!--
+	Invalid certificate:
+		m.legoland.de
+		mobile.legoland.de
+		news.legoland.de
+		l.news.legoland.de
+		x.news.legoland.de
+		newsletter.legoland.de
+		track.legoland.de
+
+	Not found:
+		sip.legoland.de
+-->
+<ruleset name="LEGOLAND.de">
+
+	<target host="legoland.de" />
+	<target host="www.legoland.de" />
+	<target host="secure.legoland.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/legolandholidays.co.uk.xml b/src/chrome/content/rules/legolandholidays.co.uk.xml
new file mode 100644
index 000000000000..41501c20f31a
--- /dev/null
+++ b/src/chrome/content/rules/legolandholidays.co.uk.xml
@@ -0,0 +1,26 @@
+<!--
+	Nonfunctional subdomain:
+		- !www			(hostname mismatch, CN: www.hxtrack.com)
+
+	Mixed content:
+		- css from maxcdn.bootstrapcdn.com *
+		- js from cdn.jsdelivr.net *
+		- assets from *.merlinbreaks.co.uk *
+		- js from holidayextras.com *
+
+	* Secured by us
+
+-->
+<ruleset name="LEGOLAND Holidays" platform="mixedcontent">
+	<target host="legolandholidays.co.uk" />
+	<target host="www.legolandholidays.co.uk" />
+
+	<securecookie host="www\.legolandholidays\.co\.uk$" name=".+" />
+
+	<!-- Hostname mismatch: -->
+	<rule from="^http://legolandholidays\.co\.uk/"
+		to="https://www.legolandholidays.co.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/lekumo.jp.xml b/src/chrome/content/rules/lekumo.jp.xml
new file mode 100644
index 000000000000..667b5ec8cb3e
--- /dev/null
+++ b/src/chrome/content/rules/lekumo.jp.xml
@@ -0,0 +1,20 @@
+<!--
+
+	Nonfunctional domains:
+
+		- www (times out)
+
+	Problematic domains:
+
+		- cb.lekumo.jp   (Invalid cert)
+
+-->
+
+<ruleset name="bb.lekumo.jp">
+
+	<target host="bb.lekumo.jp" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/lend.me.xml b/src/chrome/content/rules/lend.me.xml
new file mode 100644
index 000000000000..57861bf51f62
--- /dev/null
+++ b/src/chrome/content/rules/lend.me.xml
@@ -0,0 +1,20 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://lend.me/ => https://lend.me/: (35, 'Unknown SSL protocol error in connection to lend.me:443 ')
+Fetch error: http://www.lend.me/ => https://www.lend.me/: (35, 'Unknown SSL protocol error in connection to www.lend.me:443 ')
+
+-->
+<ruleset name="Lend.me" default_off="failed ruleset test">
+
+	<target host="lend.me" />
+	<target host="www.lend.me" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/lenizdat.ru.xml b/src/chrome/content/rules/lenizdat.ru.xml
new file mode 100644
index 000000000000..95f389ef9dc5
--- /dev/null
+++ b/src/chrome/content/rules/lenizdat.ru.xml
@@ -0,0 +1,6 @@
+<ruleset name="lenizdat.ru">
+	<target host="lenizdat.ru" />
+	<target host="www.lenizdat.ru" />
+	<target host="i.lenizdat.ru" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/lenta.ru.xml b/src/chrome/content/rules/lenta.ru.xml
new file mode 100644
index 000000000000..3fb1de7dfec7
--- /dev/null
+++ b/src/chrome/content/rules/lenta.ru.xml
@@ -0,0 +1,65 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://dom.lenta.ru/ => https://dom.lenta.ru/: Too many redirects while fetching 'https://dom.lenta.ru/'
+Fetch error: http://www.lenta.ru/ => https://www.lenta.ru/: (56, 'Malformed encoding found in chunked-encoding')
+
+	Nonfunctional hosts in *lenta.ru:
+
+		- infographics ᵃ
+
+	ᵃ Shows pgc.lenta.ru
+
+
+	Insecure cookies are set for these domains:
+
+		- .lenta.ru
+
+
+	Mixed content:
+
+		- iframe on sp from www.youtube.com ˢ
+		- Images on age, dom from icdn.lenta.ru ˢ
+
+		- Ads / bugs, on:
+
+			- age, dom, sp from logc\d+.xiti.com ˢ
+			- dom from ads.adfox.ru ˢ
+			- dom from counter.rambler.ru ˢ
+			- dom from top100-images.rambler.ru ᵃ
+			- dom from awaps.yandex.ru ˢ
+
+	ᵃ Unsecurable <= shows another domain
+	ˢ Secured by us
+
+-->
+<ruleset name="Lenta.ru (partial)" default_off="failed ruleset test">
+
+	<target host="lenta.ru" />
+	<target host="age.lenta.ru" />
+	<target host="api.lenta.ru" />
+	<target host="dom.lenta.ru" />
+	<target host="icdn.lenta.ru" />
+	<target host="m.lenta.ru" />
+	<target host="sp.lenta.ru" />
+	<target host="www.lenta.ru" />
+
+		<!--test url="http://assets.lenta.ru/small_logo.png" /-->
+
+		<!--	Mixed content:
+					-->
+		<!--test url="http://sp.lenta.ru/metro_eng/" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.lenta\.ru$" name="^is_mobile$" /-->
+
+	<securecookie host="^\." name="^_gat?$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/leonidvolkov.ru.xml b/src/chrome/content/rules/leonidvolkov.ru.xml
new file mode 100644
index 000000000000..4fd45eb1f89c
--- /dev/null
+++ b/src/chrome/content/rules/leonidvolkov.ru.xml
@@ -0,0 +1,8 @@
+<ruleset name="leonidvolkov.ru">
+	<target host="leonidvolkov.ru" />
+	<target host="www.leonidvolkov.ru" />
+	<target host="delo.leonidvolkov.ru" />
+	<target host="old.leonidvolkov.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/lequipe.fr.xml b/src/chrome/content/rules/lequipe.fr.xml
new file mode 100644
index 000000000000..ee7c7fee3e79
--- /dev/null
+++ b/src/chrome/content/rules/lequipe.fr.xml
@@ -0,0 +1,67 @@
+<!--
+	Secure connection failed:
+		www.10km.lequipe.fr
+		dashboard.lequipe.fr
+		partenaire.lequipe.fr
+
+	Invalid certificate:
+		actualites.lequipe.fr
+		manager.lequipe.fr
+		www.manager.lequipe.fr
+		news.lequipe.fr
+		newsletter.lequipe.fr
+		plus.lequipe.fr
+		portfolio.lequipe.fr
+		toprecherches.lequipe.fr
+
+	No working URL known:
+		api.lequipe.fr
+		static.lequipe.fr
+
+	Mixed content:
+		blog.lequipe.fr
+
+	Time out:
+		adrenaline.lequipe.fr
+
+	Refused:
+		ebar.lequipe.fr
+		roustantv.lequipe.fr
+
+	Different content http/https:
+		jeuxvideo.lequipe.fr
+		wws.lequipe.fr
+
+-->
+<ruleset name="LEquipe.fr">
+
+	<target host="lequipe.fr" />
+	<target host="www.lequipe.fr" />
+	<target host="abo.lequipe.fr" />
+	<target host="abonnes.lequipe.fr" />
+	<target host="adrenaline.lequipe.fr" />
+	<target host="akamai.lequipe.fr" />
+	<target host="dwp.lequipe.fr" />
+	<target host="ebillet.lequipe.fr" />
+	<target host="evoyages.lequipe.fr" />
+	<target host="m.lequipe.fr" />
+	<target host="medias.lequipe.fr" />
+		<test url="http://medias.lequipe.fr/img-photo-jpg/oreillette-v6-5-foot/1500000000288539/0:0,150:90-120-90-75/1ce06.jpg" />
+	<target host="netstorage.lequipe.fr" />
+		<test url="http://netstorage.lequipe.fr/ASO/egp/marathon-de-paris/mdp16-plan-parcours-fan-zone-avec-bande-partenaire-bd.pdf" />
+	<target host="sportetstyle.lequipe.fr" />
+	<target host="sportvideo.lequipe.fr" />
+	<target host="static.lequipe.fr" />
+		<test url="http://static.lequipe.fr/v6/img/SVG-EFR.svg" />
+	<target host="thebeautifulwalk.lequipe.fr" />
+	<target host="www.thebeautifulwalk.lequipe.fr" />
+	<target host="unes.lequipe.fr" />
+	<target host="video.lequipe.fr" />
+
+	<rule from="^http://adrenaline\.lequipe\.fr/"
+		to="https://www.lequipe.fr/Adrenaline/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/lernplattform-bakoev.bund.de.xml b/src/chrome/content/rules/lernplattform-bakoev.bund.de.xml
new file mode 100644
index 000000000000..43f9b25f9cd6
--- /dev/null
+++ b/src/chrome/content/rules/lernplattform-bakoev.bund.de.xml
@@ -0,0 +1,12 @@
+<!--
+	For other bund.de coverages, see Verwaltung_Online.xml.
+-->
+<ruleset name="BAköV-Lernplattform">
+
+	<target host="www.lernplattform-bakoev.bund.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/lesbianpornfan.com.xml b/src/chrome/content/rules/lesbianpornfan.com.xml
new file mode 100644
index 000000000000..face5b270f29
--- /dev/null
+++ b/src/chrome/content/rules/lesbianpornfan.com.xml
@@ -0,0 +1,31 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- .lesbianpornfan.com
+		- secure.lesbianpornfan.com
+		- www.lesbianpornfan.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Lesbian Porn Fan.com">
+
+	<target host="lesbianpornfan.com" />
+	<target host="secure.lesbianpornfan.com" />
+	<target host="www.lesbianpornfan.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.lesbianpornfan\.com$" name="^ntc$" /-->
+	<!--securecookie host="^secure\.lesbianpornfan\.com$" name="^SVR$" /-->
+	<!--securecookie host="^www\.lesbianpornfan\.com$" name="^(?:noconsole|ntc)$" /-->
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/lesershop24.de.xml b/src/chrome/content/rules/lesershop24.de.xml
new file mode 100644
index 000000000000..1ff631e6a408
--- /dev/null
+++ b/src/chrome/content/rules/lesershop24.de.xml
@@ -0,0 +1,9 @@
+<ruleset name="Lesershop 24">
+	<target host="lesershop24.de"/>
+	<target host="www.lesershop24.de"/>
+
+        <exclusion pattern="^http://www\.lesershop24\.de/$" />
+
+	<rule from="^http:"
+		to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/lesestoff.ch.xml b/src/chrome/content/rules/lesestoff.ch.xml
new file mode 100644
index 000000000000..0958e2133dd9
--- /dev/null
+++ b/src/chrome/content/rules/lesestoff.ch.xml
@@ -0,0 +1,9 @@
+<ruleset name="lesestoff.ch">
+	<target host="lesestoff.ch"/>
+	<target host="www.lesestoff.ch"/>
+
+	<rule from="^http://lesestoff\.ch/"
+		to="https://www.lesestoff.ch/"/>
+	<rule from="^http:"
+		to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/less.works.xml b/src/chrome/content/rules/less.works.xml
new file mode 100644
index 000000000000..3e6608f6dc9d
--- /dev/null
+++ b/src/chrome/content/rules/less.works.xml
@@ -0,0 +1,6 @@
+<ruleset name="less.works">
+	<target host="less.works" />
+	<target host="www.less.works" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/lessbuttons.com.xml b/src/chrome/content/rules/lessbuttons.com.xml
new file mode 100644
index 000000000000..640117ff1cfb
--- /dev/null
+++ b/src/chrome/content/rules/lessbuttons.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- lessbuttons.com
+		- www.lessbuttons.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="LessButtons.com">
+
+	<target host="lessbuttons.com" />
+	<target host="www.lessbuttons.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?lessbuttons\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/letvcdn.xml b/src/chrome/content/rules/letvcdn.xml
new file mode 100644
index 000000000000..bfdfff570906
--- /dev/null
+++ b/src/chrome/content/rules/letvcdn.xml
@@ -0,0 +1,22 @@
+<!--
+Get in www.le.com
+Relate: letvimg.xml
+Not exist:
+	^
+	www.
+-->
+
+<ruleset name="letvcdn">
+
+	<!--	Mixedcontent:	-->
+	<target host="static.letvcdn.com" />
+	<exclusion pattern="^http://static\.letvcdn\.com/$" />
+
+	<!--	Directly rewrite-->
+	<target host="css.letvcdn.com" />
+	<target host="js.letvcdn.com" />
+	<target host="player.letvcdn.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/letvimg.xml b/src/chrome/content/rules/letvimg.xml
new file mode 100644
index 000000000000..f4aad273052d
--- /dev/null
+++ b/src/chrome/content/rules/letvimg.xml
@@ -0,0 +1,18 @@
+<!--
+Get in www.le.com
+Relate: letvcdn.xml
+Not exist:
+	^
+	www.
+-->
+
+<ruleset name="letvimg">
+
+	<target host="i0.letvimg.com" />
+	<target host="i1.letvimg.com" />
+	<target host="i2.letvimg.com" />
+	<target host="i3.letvimg.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/lewes.gov.uk.xml b/src/chrome/content/rules/lewes.gov.uk.xml
new file mode 100644
index 000000000000..d18c9ffa0f95
--- /dev/null
+++ b/src/chrome/content/rules/lewes.gov.uk.xml
@@ -0,0 +1,36 @@
+<!--
+	Lewes District Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *lewes.gov.uk:
+
+		- planningpa ᵈ
+
+	ᵈ Dropped
+
+
+	Problematic hosts in *lewes.gov.uk:
+
+		- rbselfservice ᶜ
+
+	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
+
+-->
+<ruleset name="Lewes.gov.uk (partial)" default_off="cert-chain">
+
+	<target host="rbselfservice.lewes.gov.uk" />
+
+		<!--	$ shows default page, so:
+							-->
+		<test url="http://rbselfservice.lewes.gov.uk/publicaccesslive/selfservice/services/directdebit.htm?_flowId=services/directdebit" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/lewisham.gov.uk-resources.xml b/src/chrome/content/rules/lewisham.gov.uk-resources.xml
new file mode 100644
index 000000000000..7cb79a566e7d
--- /dev/null
+++ b/src/chrome/content/rules/lewisham.gov.uk-resources.xml
@@ -0,0 +1,37 @@
+<!--
+	For rules covering more than resources, see lewisham.gov.uk.xml.
+
+	Note: platform is so as not to increase non-Tor
+	distinguishability, given that no pages are covered
+	and no mixed content secured.
+
+-->
+<ruleset name="Lewisham.gov.uk (resources)" platform="mixedcontent">
+
+	<target host="councilmeetings.lewisham.gov.uk" />
+
+		<exclusion pattern="^http://councilmeetings\.lewisham\.gov\.uk/(?!(?!.+\.js(?:$|\?))/*(?:jquery-ui|mgimages|[Ss]ite[Ss]pecific)/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://councilmeetings.lewisham.gov.uk/edit-doc-activex.js" />
+			<test url="http://councilmeetings.lewisham.gov.uk/ieDocHome.aspx?bcr=1" />
+			<test url="http://councilmeetings.lewisham.gov.uk/ieListDocuments.aspx?MId=3869" />
+			<test url="http://councilmeetings.lewisham.gov.uk/jquery-ui/Add-ons/mg.jqueryaddons.min.js" />
+			<test url="http://councilmeetings.lewisham.gov.uk/jquery-ui/js/jquery-1.9.1.min.js" />
+			<test url="http://councilmeetings.lewisham.gov.uk/mgAjaxScripts.js" />
+			<test url="http://councilmeetings.lewisham.gov.uk/mgFindMember.aspx" />
+
+			<!--	-ve:
+					-->
+			<test url="http://councilmeetings.lewisham.gov.uk/jquery-ui/css/Smoothness/jquery-ui-1.10.2.custom.min.css" />
+			<test url="http://councilmeetings.lewisham.gov.uk/mgRegisterKeywordInterest.aspx?bcr=1" />
+			<test url="http://councilmeetings.lewisham.gov.uk/mgimages/logo-pdf-1.gif" />
+			<test url="http://councilmeetings.lewisham.gov.uk/sitespecific/Style%20Library/lbl/images/listItemGreenSquare.gif" />
+			<test url="http://councilmeetings.lewisham.gov.uk/sitespecific/ssWordStyles.css" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/lewisham.gov.uk.xml b/src/chrome/content/rules/lewisham.gov.uk.xml
new file mode 100644
index 000000000000..85a9aa152216
--- /dev/null
+++ b/src/chrome/content/rules/lewisham.gov.uk.xml
@@ -0,0 +1,120 @@
+<!--
+	London Borough of Lewisham Council
+
+	For rules covering resources which do not secure
+	mixed content, see lewisham.gov.uk-resources.xml.
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *lewisham.gov.uk:
+
+		- icel ʳ
+		- www2 ᵈ
+
+	ᵈ Dropped
+	ʳ Refused
+
+
+	Partially covered hosts in *lewisham.gov.uk:
+
+		- concilmeetings ʰ
+
+	ʰ Some pages redirect to http
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- jobs.lewisham.gov.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Images on myaccount from www.lewisham.gov.uk ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Lewisham.gov.uk (partial)">
+
+	<target host="lewisham.gov.uk" />
+	<target host="councilmeetings.lewisham.gov.uk" />
+	<target host="jobs.lewisham.gov.uk" />
+	<target host="myaccount.lewisham.gov.uk" />
+	<target host="www.lewisham.gov.uk" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://councilmeetings\.lewisham\.gov\.uk/(?:ieDocHome|ieListDocuments|mgFindMember|mgPasswordReqst|uuCoverPage)\.aspx" /-->
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="^http://councilmeetings\.lewisham\.gov\.uk/(?!/*(?:documents/|ieLogon\.aspx|ieRegisterUser\.aspx|jquery-ui/|mgRegisterKeywordInterest\.aspx|mgimages/|[Ss]ite[Ss]pecific/))" /-->
+		<!--
+			Avoid potential XHR problems:
+							-->
+		<!--exclusion pattern="^http://councilmeetings\.lewisham\.gov\.uk/.+\.js(?:$|\?)" /-->
+		<!--
+			In conbination:
+					-->
+		<!--exclusion pattern="^http://councilmeetings\.lewisham\.gov\.uk/(?!(?!.+\.js(?:$|\?))/*(?:documents/|ieLogon\.aspx|ieRegisterUser\.aspx|jquery-ui/|mgRegisterKeywordInterest\.aspx|mgimages/|[Ss]ite[Ss]pecific/))" /-->
+		<!--
+			Reduce non-Tor distinguishability:
+								-->
+		<exclusion pattern="^http://councilmeetings\.lewisham\.gov\.uk/(?!/*(?:documents/|ieLogon\.aspx|ieRegisterUser\.aspx|mgRegisterKeywordInterest\.aspx))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://councilmeetings.lewisham.gov.uk/edit-doc-activex.js" />
+			<test url="http://councilmeetings.lewisham.gov.uk/ieDocHome.aspx?bcr=1" />
+			<test url="http://councilmeetings.lewisham.gov.uk/ieListDocuments.aspx?MId=3869" />
+			<test url="http://councilmeetings.lewisham.gov.uk/jquery-ui/Add-ons/mg.jqueryaddons.min.js" />
+			<test url="http://councilmeetings.lewisham.gov.uk/jquery-ui/js/jquery-1.9.1.min.js" />
+			<!--
+			<test url="http://councilmeetings.lewisham.gov.uk/mgAjaxScripts.js" />
+			<test url="http://councilmeetings.lewisham.gov.uk/mgFindMember.aspx" />
+			<test url="http://councilmeetings.lewisham.gov.uk/mgPasswordReqst.aspx" />
+			<test url="http://councilmeetings.lewisham.gov.uk/sitespecific/Style%20Library/lbl/js/coreFunctions.js" />
+			<test url="http://councilmeetings.lewisham.gov.uk/sitespecific/Style%20Library/lbl/js/iepngfix_tilebg.js" />
+			<test url="http://councilmeetings.lewisham.gov.uk/sitespecific/Style%20Library/lbl/js/jquery-1.3.2.min.js" />
+			<test url="http://councilmeetings.lewisham.gov.uk/sitespecific/Style%20Library/lbl/js/jquery.selectbox-0.4.js" />
+			<test url="http://councilmeetings.lewisham.gov.uk/sitespecific/Style%20Library/lbl/js/mobilenav.js" />
+			<test url="http://councilmeetings.lewisham.gov.uk/uuCoverPage.aspx?bcr=1" />
+			-->
+
+			<!--	-ve:
+					-->
+			<!--
+			<test url="http://councilmeetings.lewisham.gov.uk/documents/s42157/Cover%20Sheet%20Response%20to%20Public%20Accounts%20SC.pdf" />
+			-->
+			<test url="http://councilmeetings.lewisham.gov.uk/ieLogon.aspx" />
+			<test url="http://councilmeetings.lewisham.gov.uk/ieRegisterUser.aspx" />
+			<!--
+			<test url="http://councilmeetings.lewisham.gov.uk/jquery-ui/css/Smoothness/jquery-ui-1.10.2.custom.min.css" />
+			-->
+			<test url="http://councilmeetings.lewisham.gov.uk/mgRegisterKeywordInterest.aspx?bcr=1" />
+			<!--
+			<test url="http://councilmeetings.lewisham.gov.uk/mgimages/logo-pdf-1.gif" />
+			<test url="http://councilmeetings.lewisham.gov.uk/sitespecific/Style%20Library/lbl/images/listItemGreenSquare.gif" />
+			<test url="http://councilmeetings.lewisham.gov.uk/sitespecific/ssWordStyles.css" />
+			-->
+
+		<!--	Mixed images:
+					-->
+		<!--test url="http://myaccount.lewisham.gov.uk/myforms/fms-33403.aspg" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^jobs\.lewisham\.gov\.uk$" name="^(?:ASP\.NET_SessionId|HighContrast|JobBookmarkReturnUrl)$" /-->
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^(?!councilmeetings\.)\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/lezhin.com.xml b/src/chrome/content/rules/lezhin.com.xml
new file mode 100644
index 000000000000..637e78f4c6f1
--- /dev/null
+++ b/src/chrome/content/rules/lezhin.com.xml
@@ -0,0 +1,36 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ggtoon.lezhin.com/ => https://ggtoon.lezhin.com/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="lezhin.com" default_off="failed ruleset test">
+	<!--
+	Certificate error:
+	help.lezhin.com
+	\d+cdn.lezhin.com
+
+	Refused by HTTP 403:
+	link.lezhin.com
+	-->
+
+	<target host="lezhin.com" />
+	<target host="www.lezhin.com" />
+	<target host="m.lezhin.com" />
+	<target host="desk.lezhin.com" />
+	<target host="social.lezhin.com" />
+	<target host="ggtoon.lezhin.com" />
+	<target host="cdn.lezhin.com" />
+	<target host="acdn.lezhin.com" />
+	<target host="ncdn.lezhin.com" />
+
+	<!-- https://lezhin.com gets refused -->
+	<rule from="^http://lezhin\.com/" to="https://www.lezhin.com/" />
+
+	<!-- multiple www.lezhin.com -->
+	<rule from="^http://(\d+)www\.lezhin\.com/" to="https://$1www.lezhin.com/" />
+	<test url="http://0www.lezhin.com/" />
+	<test url="http://2www.lezhin.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/lfeeder.com.xml b/src/chrome/content/rules/lfeeder.com.xml
new file mode 100644
index 000000000000..05afe8df3958
--- /dev/null
+++ b/src/chrome/content/rules/lfeeder.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="lfeeder.com">
+
+	<target host="sc.lfeeder.com" />
+	<target host="tr.lfeeder.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/lfg.com.xml b/src/chrome/content/rules/lfg.com.xml
new file mode 100644
index 000000000000..ff75107b758c
--- /dev/null
+++ b/src/chrome/content/rules/lfg.com.xml
@@ -0,0 +1,47 @@
+<!--
+	Lincoln Financial Group
+
+
+	Nonfunctional hosts in *lfg.com:
+
+		- newsroom ⁵
+
+	⁵ 500
+
+
+	^lfg.com: Mismatched
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- hub2.lfg.com
+		- .hub2.lfg.com
+
+-->
+<ruleset name="LFG.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="hub2.lfg.com" />
+	<target host="www.lfg.com" />
+
+	<!--	Complications:
+				-->
+	<target host="lfg.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^hub2\.lfg\.com$" name="^HUB2SESSIONID$" /-->
+	<!--securecookie host="^\.hub2\.lfg\.com$" name="^euem_hub2$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://lfg\.com/"
+		to="https://www.lfg.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/lfscript.org.xml b/src/chrome/content/rules/lfscript.org.xml
new file mode 100644
index 000000000000..20cd5527135a
--- /dev/null
+++ b/src/chrome/content/rules/lfscript.org.xml
@@ -0,0 +1,13 @@
+<ruleset name="LFScript.org">
+
+	<target host="lfscript.org" />
+	<target host="www.lfscript.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/lgbtnet.org.xml b/src/chrome/content/rules/lgbtnet.org.xml
new file mode 100644
index 000000000000..c65d3e9eefbd
--- /dev/null
+++ b/src/chrome/content/rules/lgbtnet.org.xml
@@ -0,0 +1,15 @@
+<!--
+list.lgbtnet.org ¹
+srv.lgbtnet.org ⁴
+
+
+¹ mismatch
+⁴ self signed
+-->
+<ruleset name="lgbtnet.org">
+	<target host="lgbtnet.org" />
+	<target host="www.lgbtnet.org" />
+	<target host="chat.lgbtnet.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/libcom.org.xml b/src/chrome/content/rules/libcom.org.xml
new file mode 100644
index 000000000000..72af915408ab
--- /dev/null
+++ b/src/chrome/content/rules/libcom.org.xml
@@ -0,0 +1,17 @@
+<!--
+	Mixed content:
+
+		- Images from ^ *
+
+	* Secured by us
+
+-->
+<ruleset name="Libcom">
+
+	<target host="libcom.org" />
+	<target host="www.libcom.org" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/liberis.co.uk.xml b/src/chrome/content/rules/liberis.co.uk.xml
new file mode 100644
index 000000000000..1bfb59589700
--- /dev/null
+++ b/src/chrome/content/rules/liberis.co.uk.xml
@@ -0,0 +1,23 @@
+<!--
+	Mixed content:
+
+		- css on (www.)? from fonts.googleapis.com ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="Liberis.co.uk">
+
+	<target host="liberis.co.uk" />
+	<target host="quote.liberis.co.uk" />
+	<target host="www.liberis.co.uk" />
+
+
+	<securecookie host="^\." name="^_gat?$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/libmng.com.xml b/src/chrome/content/rules/libmng.com.xml
new file mode 100644
index 000000000000..093e3c1f7589
--- /dev/null
+++ b/src/chrome/content/rules/libmng.com.xml
@@ -0,0 +1,10 @@
+<!--
+	Invalid certificate:
+		mail.libmng.com
+-->
+<ruleset name="libmng.com">
+	<target host="libmng.com" />
+	<target host="www.libmng.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/libraryebooks.co.uk.xml b/src/chrome/content/rules/libraryebooks.co.uk.xml
new file mode 100644
index 000000000000..702939432cd6
--- /dev/null
+++ b/src/chrome/content/rules/libraryebooks.co.uk.xml
@@ -0,0 +1,85 @@
+<!--
+	For other Askews and Holts Library Services coverage, see askewsandholts.com.xml.
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- libraryebooks.co.uk
+		- www.libraryebooks.co.uk
+		- (client_vhost).libraryebooks.co.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Library eBooks.co.uk (partial)">
+
+	<target host="libraryebooks.co.uk" />
+	<target host="www.libraryebooks.co.uk" />
+
+	<!--	(client vhosts:)
+				-->
+	<target host="bwdlibraries.libraryebooks.co.uk" />
+	<target host="bolton.libraryebooks.co.uk" />
+	<target host="miltonkeynes.libraryebooks.co.uk" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://(?:bolton|bwdlibraries|miltonkeynes)\.libraryebooks\.co\.uk/site/EB/ebooks/(?:catpage3|collections|cover|faq|firstlisted|genre)\.asp" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://(?:bolton|bwdlibraries|miltonkeynes)\.libraryebooks\.co\.uk/(?!/*site/EB/(?:.+\.(?:css|gif|jpg|png)(?:$|\?)|ebooks/co(?:ntactu|okie)s\.asp))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://bolton.libraryebooks.co.uk/site/EB/ebooks/collections.asp" />
+			<test url="http://bolton.libraryebooks.co.uk/site/EB/ebooks/cover.asp" />
+			<test url="http://bolton.libraryebooks.co.uk/site/EB/ebooks/faq.asp" />
+			<test url="http://bolton.libraryebooks.co.uk/site/EB/ebooks/firstlisted.asp" />
+			<test url="http://bolton.libraryebooks.co.uk/site/EB/ebooks/genre.asp" />
+			<test url="http://bwdlibraries.libraryebooks.co.uk/site/EB/ebooks/catpage3.asp?isbn=9781781852798-6" />
+			<test url="http://bwdlibraries.libraryebooks.co.uk/site/EB/ebooks/collections.asp" />
+			<test url="http://bwdlibraries.libraryebooks.co.uk/site/EB/ebooks/cover.asp" />
+			<test url="http://bwdlibraries.libraryebooks.co.uk/site/EB/ebooks/faq.asp" />
+			<test url="http://bwdlibraries.libraryebooks.co.uk/site/EB/ebooks/firstlisted.asp" />
+			<test url="http://bwdlibraries.libraryebooks.co.uk/site/EB/ebooks/genre.asp" />
+			<test url="http://miltonkeynes.libraryebooks.co.uk/site/EB/ebooks/collections.asp" />
+			<test url="http://miltonkeynes.libraryebooks.co.uk/site/EB/ebooks/cover.asp" />
+			<test url="http://miltonkeynes.libraryebooks.co.uk/site/EB/ebooks/faq.asp" />
+			<test url="http://miltonkeynes.libraryebooks.co.uk/site/EB/ebooks/firstlisted.asp" />
+			<test url="http://miltonkeynes.libraryebooks.co.uk/site/EB/ebooks/genre.asp" />
+
+			<!--	-ve:
+					-->
+			<test url="http://bolton.libraryebooks.co.uk/site/EB/Auth/BOLTMDC/images/logo.jpg" />
+			<test url="http://bolton.libraryebooks.co.uk/site/EB/Auth/askews/images/small_tiles.png" />
+			<test url="http://bolton.libraryebooks.co.uk/site/EB/ebooks/images/general/eBookIcon.gif" />
+			<test url="http://bolton.libraryebooks.co.uk/site/EB/ebooks/contactus.asp" />
+			<test url="http://bolton.libraryebooks.co.uk/site/EB/ebooks/cookies.asp" />
+			<test url="http://bolton.libraryebooks.co.uk/site/EB/ebooks/user_login_main.asp" />
+			<test url="http://bolton.libraryebooks.co.uk/site/EB/styles/themes/base/jquery.ui.all.css" />
+			<test url="http://bwdlibraries.libraryebooks.co.uk/site/EB/Auth/BLACWDB/images/watermark.jpg" />
+			<test url="http://bwdlibraries.libraryebooks.co.uk/site/EB/Auth/askews/images/small_tiles.png" />
+			<test url="http://bwdlibraries.libraryebooks.co.uk/site/EB/ebooks/ajaxtabs/ajaxtabs.css" />
+			<test url="http://bwdlibraries.libraryebooks.co.uk/site/EB/ebooks/contactus.asp" />
+			<test url="http://bwdlibraries.libraryebooks.co.uk/site/EB/ebooks/cookies.asp" />
+			<test url="http://bwdlibraries.libraryebooks.co.uk/site/EB/ebooks/images/general/eBookIcon.gif" />
+			<test url="http://bwdlibraries.libraryebooks.co.uk/site/EB/styles/themes/base/jquery.ui.all.css" />
+			<test url="http://miltonkeynes.libraryebooks.co.uk/site/EB/Auth/MILTKC/images/banner_bkgnd.jpg" />
+			<test url="http://miltonkeynes.libraryebooks.co.uk/site/EB/Auth/MILTKC/images/line.png" />
+			<test url="http://miltonkeynes.libraryebooks.co.uk/site/EB/ebooks/contactus.asp" />
+			<test url="http://miltonkeynes.libraryebooks.co.uk/site/EB/ebooks/cookies.asp" />
+			<test url="http://miltonkeynes.libraryebooks.co.uk/site/EB/ebooks/images/general/eBookIcon.gif" />
+			<test url="http://miltonkeynes.libraryebooks.co.uk/site/EB/ebooks/user_login_main.asp" />
+			<test url="http://miltonkeynes.libraryebooks.co.uk/site/EB/styles/themes/base/jquery.ui.all.css" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:(client_vhost)\.|www\.)?libraryebooks\.co\.uk" name="^ASPSESSIONID[A-Z]{8}$" /-->
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/libraryreserve.com.xml b/src/chrome/content/rules/libraryreserve.com.xml
new file mode 100644
index 000000000000..ce3cfd175920
--- /dev/null
+++ b/src/chrome/content/rules/libraryreserve.com.xml
@@ -0,0 +1,45 @@
+<!--
+	For other OverDrive coverage, see OverDrive.com.xml.
+
+
+	(www.)?libraryreserve.com: Mismatched
+
+
+	Mixed content:
+
+		- Bug on eastsussex from b.scorecardresearch.com ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="Libraryreserve.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="eastsussex.libraryreserve.com" />
+
+	<!--	Complications:
+				-->
+	<target host="libraryreserve.com" />
+	<target host="www.libraryreserve.com" />
+
+		<!--	Mixed bug:
+					-->
+		<!--test url="http://eastsussex.libraryreserve.com/10/50/en/SignIn.htm" /-->
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<!--	Redirect drops path and args,
+		but not forward slash:
+					-->
+	<rule from="^http://(?:www\.)?libraryreserve\.com/+"
+		to="https://www.overdrive.com/" />
+
+		<test url="http://libraryreserve.com/default.aspx" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/librecmc.org.xml b/src/chrome/content/rules/librecmc.org.xml
new file mode 100644
index 000000000000..8d61251c033c
--- /dev/null
+++ b/src/chrome/content/rules/librecmc.org.xml
@@ -0,0 +1,13 @@
+<ruleset name="libreCMC.org">
+
+	<target host="librecmc.org" />
+	<target host="www.librecmc.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/libuv.org.xml b/src/chrome/content/rules/libuv.org.xml
new file mode 100644
index 000000000000..cdd515be66a7
--- /dev/null
+++ b/src/chrome/content/rules/libuv.org.xml
@@ -0,0 +1,20 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+		- logs.libuv.org
+
+		SSL peer certificate was not OK:
+		- www.libuv.org
+		- docs.libuv.org
+-->
+<ruleset name="libuv.org">
+	<target host="libuv.org" />
+	<target host="www.libuv.org" />
+	<target host="dist.libuv.org" />
+
+	<rule from="^http://www\.libuv\.org/"
+		to="https://libuv.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/lichfielddc.gov.uk.xml b/src/chrome/content/rules/lichfielddc.gov.uk.xml
new file mode 100644
index 000000000000..18bbef23f234
--- /dev/null
+++ b/src/chrome/content/rules/lichfielddc.gov.uk.xml
@@ -0,0 +1,56 @@
+<!--
+	Lichfield District Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Problematic hosts in *lichfielddc.gov.uk:
+
+		- spending ᵐ ˢ ˣ
+		- www-prev ᵉ ᵐ
+		- www2 ᵐ ˢ ˣ
+
+	ᵉ Expired
+	ᵐ Mismatched
+	ˢ Self-signed
+	ˣ Mixed css
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.lichfielddc.gov.uk
+
+
+	Mixed content:
+
+		- css, on:
+
+			- spending from www-prev.lichfielddc.gov.uk
+			- www2 from www.lichfielddc.gov.uk ˢ
+
+		- Images, on:
+
+			- spending, www2 from www.lichfielddc.gov.uk ˢ
+			- spending from www-prev.lichfielddc.gov.uk
+
+	ˢ Secured by us
+
+-->
+<ruleset name="Lichfield DC.gov.uk (partial)">
+
+	<target host="lichfielddc.gov.uk" />
+	<target host="planning.lichfielddc.gov.uk" />
+	<target host="www.lichfielddc.gov.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.lichfielddc\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/lidl.co.uk.xml b/src/chrome/content/rules/lidl.co.uk.xml
new file mode 100644
index 000000000000..e2f2d4564ac0
--- /dev/null
+++ b/src/chrome/content/rules/lidl.co.uk.xml
@@ -0,0 +1,63 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://specials.lidl.co.uk/ => https://specials.lidl.co.uk/: (6, 'Could not resolve host: specials.lidl.co.uk')
+
+	For other Lidl coverage, see Lidl.xml.
+
+
+	Nonfunctional hosts in *lidl.co.uk:
+
+		- www.dartford ᵈ
+		- www.huntingdon ᵈ
+		- www.richmondroad ᵈ
+		- www.welshpool ᵈ
+
+	ᵈ Dropped
+
+
+	Problematic hosts in *lidl.co.uk:
+
+		- (www.)? ᴬ
+		- careers ᴬ
+		- property ᴬ
+
+	ᴬ Akamai / mismatched
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- ssl.lidl.co.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Images on specials from $self ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Lidl.co.uk (partial)" default_off="failed ruleset test">
+
+	<target host="specials.lidl.co.uk" />
+	<target host="ssl.lidl.co.uk" />
+
+		<!--	Sets cookies without Secure:
+							-->
+		<!--test url="http://ssl.lidl.co.uk/en/1282.htm" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^ssl\.lidl\.co\.uk$" name="^(?:JSESSIONID|dsSessionUk)$" /-->
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/lidlcommunity.co.uk.xml b/src/chrome/content/rules/lidlcommunity.co.uk.xml
new file mode 100644
index 000000000000..8044ef1cbb76
--- /dev/null
+++ b/src/chrome/content/rules/lidlcommunity.co.uk.xml
@@ -0,0 +1,39 @@
+<!--
+	For other Lidl coverage, see Lidl.xml.
+
+
+	^lidlcommunity.co.uk: Refused
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.lidlcommunity.co.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Lidl Community.co.uk">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.lidlcommunity.co.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="lidlcommunity.co.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.lidlcommunity\.co\.uk$" name="^Lithium(?:UserInfo|UserSecure|Visitor)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://lidlcommunity\.co\.uk/"
+		to="https://www.lidlcommunity.co.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/life.ru.xml b/src/chrome/content/rules/life.ru.xml
new file mode 100644
index 000000000000..178aaed77ac1
--- /dev/null
+++ b/src/chrome/content/rules/life.ru.xml
@@ -0,0 +1,27 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- oauth-admin.life.ru
+
+-->
+<ruleset name="Life.ru">
+
+	<target host="life.ru" />
+	<target host="help.life.ru" />
+	<target host="oauth-admin.life.ru" />
+	<target host="static.life.ru" />
+	<target host="www.life.ru" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^oauth-admin\.life\.ru$" name="^_(?:current_region_id|oauth_life)$" /-->
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/lifehacker.ru.xml b/src/chrome/content/rules/lifehacker.ru.xml
new file mode 100644
index 000000000000..e935dabfe3bc
--- /dev/null
+++ b/src/chrome/content/rules/lifehacker.ru.xml
@@ -0,0 +1,51 @@
+<!--
+beta.lifehacker.ru ³
+ds01.lifehacker.ru ²
+ds02.lifehacker.ru ³
+longreads.lifehacker.ru ¹
+www.runner.lifehacker.ru ¹
+www.smartdevices.lifehacker.ru ¹
+tilda.lifehacker.ru ¹
+vs01.lifehacker.ru ³
+vs02.lifehacker.ru ³
+academianapitkov.lifehacker.ru different content
+atilekt.lifehacker.ru different content
+aviasales.lifehacker.ru different content
+banderolka.lifehacker.ru different content
+discovery.lifehacker.ru different content
+ebaytoday.lifehacker.ru different content
+enjoyme.lifehacker.ru different content
+getwear.lifehacker.ru different content
+imarketing.lifehacker.ru different content
+infowatch.lifehacker.ru different content
+maria.lifehacker.ru different content
+masterkit.lifehacker.ru different content
+ochkarik.lifehacker.ru different content
+pechkinmail.lifehacker.ru different content
+runner.lifehacker.ru different content
+seopult.lifehacker.ru different content
+smartdevices.lifehacker.ru different content
+sunera.lifehacker.ru different content
+things.lifehacker.ru different content
+unisender.lifehacker.ru different content
+vs03.lifehacker.ru different content
+yep.lifehacker.ru different content
+youdo.lifehacker.ru different content
+bitrix24.lifehacker.ru mixed content
+
+
+¹ mismatch
+² refused
+³ timed out
+-->
+<ruleset name="lifehacker.ru">
+	<target host="lifehacker.ru" />
+	<target host="www.lifehacker.ru" />
+	<target host="10years.lifehacker.ru" />
+	<target host="aa.lifehacker.ru" />
+	<target host="adidas.lifehacker.ru" />
+	<target host="cdn.lifehacker.ru" />
+	<target host="quiz.lifehacker.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/lightning.nagoya.xml b/src/chrome/content/rules/lightning.nagoya.xml
new file mode 100644
index 000000000000..9aa89e31c2ae
--- /dev/null
+++ b/src/chrome/content/rules/lightning.nagoya.xml
@@ -0,0 +1,10 @@
+<ruleset name="lightning.nagoya">
+	<target host="lightning.nagoya" />
+	<target host="www.lightning.nagoya" />
+	<target host="demo.lightning.nagoya" />
+	<target host="variety.lightning.nagoya" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/lightreading.com.xml b/src/chrome/content/rules/lightreading.com.xml
new file mode 100644
index 000000000000..4984c8aee04f
--- /dev/null
+++ b/src/chrome/content/rules/lightreading.com.xml
@@ -0,0 +1,77 @@
+<!--
+	For problematic rules and other UBM coverage, see UBM-mismatches.xml.
+
+
+	CDN buckets:
+
+		- lightreading-images.s3.amazonaws.com
+		- newagora.cachefly.net
+
+		- d2x7anl33w5mmo.cloudfront.net
+
+			- img.lightreading.com
+
+
+
+	Problematic hosts in *lightreading.com:
+
+		- (www.)? ᵐ
+		- img ᵐ
+
+	ᵐ Mismatched
+
+
+	These altnames do not exist:
+
+		- www.payment.lightreading.com
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.lightreading.com
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- www from img.deusm.com ˢ
+			- www from img.lightreading.com ˢ
+			- www from thumbnails.lightreading.com ᵐ
+			- www from $self ᵐ
+			- www from img.lightreading.systems ᵐ
+			- www from brightcove.vo.llnwd.net
+
+		- Bug on www from cmp.112.2o7.net ˢ
+
+	ᵐ Not secured by us <= mismatched
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Light Reading.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="payment.lightreading.com" />
+
+	<!--	Complications:
+				-->
+	<target host="img.lightreading.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.lightreading\.com$" name="^lightreading_(?:lastvisit|visits)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<!--	darkreading/ data are also available in i.cmpnet.com/infoweek/security/darkreading/seo/
+					-->
+	<rule from="^http:" to="https:" />
+
+		<test url="http://img.lightreading.com/images/spacer.gif" /><!--	49 -->
+
+
+
+</ruleset>
diff --git a/src/chrome/content/rules/lightwidget.com.xml b/src/chrome/content/rules/lightwidget.com.xml
new file mode 100644
index 000000000000..cbdaaad2b773
--- /dev/null
+++ b/src/chrome/content/rules/lightwidget.com.xml
@@ -0,0 +1,30 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.lightwidget.com/ => https://www.lightwidget.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.lightwidget.com'")
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- lightwidget.com
+		- www.lightwidget.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="LightWidget.com" default_off="failed ruleset test">
+
+	<target host="lightwidget.com" />
+	<target host="www.lightwidget.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?lightwidget\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/liginc.co.jp.xml b/src/chrome/content/rules/liginc.co.jp.xml
new file mode 100644
index 000000000000..66883499686a
--- /dev/null
+++ b/src/chrome/content/rules/liginc.co.jp.xml
@@ -0,0 +1,20 @@
+<!--
+
+	Problematic subdomains:
+
+		- creative	(causes CORS issues)
+		- ml		(Invalid cert)
+		- towerrising	(Invalid cert)
+
+-->
+<ruleset name="liginc.co.jp" platform="mixedcontent">
+
+	<target host="account.liginc.co.jp" />
+	<target host="cdn.liginc.co.jp" />
+	<target host="iioffice.liginc.co.jp" />
+	<target host="liginc.co.jp" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/likelyloans.com.xml b/src/chrome/content/rules/likelyloans.com.xml
new file mode 100644
index 000000000000..0a9806dc95d4
--- /dev/null
+++ b/src/chrome/content/rules/likelyloans.com.xml
@@ -0,0 +1,24 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- likelyloans.com
+
+-->
+<ruleset name="Likey Loans.com">
+
+	<target host="likelyloans.com" />
+	<target host="www.likelyloans.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^likelyloans\.com$" name="^Argon\.Host\.Web$" /-->
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/lime-technology.com.xml b/src/chrome/content/rules/lime-technology.com.xml
new file mode 100644
index 000000000000..b8983e3250da
--- /dev/null
+++ b/src/chrome/content/rules/lime-technology.com.xml
@@ -0,0 +1,15 @@
+<!--
+	Non-functional hosts:
+		Mismatched:
+		- dnld.lime-technology.com
+-->
+<ruleset name="Lime-Technology.com">
+
+	<target host="lime-technology.com" />
+	<target host="www.lime-technology.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/limetorrents.com.xml b/src/chrome/content/rules/limetorrents.com.xml
new file mode 100644
index 000000000000..ae256ca987d6
--- /dev/null
+++ b/src/chrome/content/rules/limetorrents.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="limetorrents.com">
+	<target host="limetorrents.com" />
+	<target host="www.limetorrents.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/lingvo.org.xml b/src/chrome/content/rules/lingvo.org.xml
new file mode 100644
index 000000000000..8339bb1897f7
--- /dev/null
+++ b/src/chrome/content/rules/lingvo.org.xml
@@ -0,0 +1,6 @@
+<ruleset name="lingvo.org">
+	<target host="lingvo.org" />
+	<target host="www.lingvo.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/link-page.info.xml b/src/chrome/content/rules/link-page.info.xml
new file mode 100644
index 000000000000..00b9a7312bde
--- /dev/null
+++ b/src/chrome/content/rules/link-page.info.xml
@@ -0,0 +1,17 @@
+<ruleset name="link-page.info">
+
+	<target host="link-page.info" />
+	<target host="www.link-page.info" />
+
+		<!--	$ 404s, so:
+					-->
+		<test url="http://link-page.info/event_tracking_1.png" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/link-region.ru.xml b/src/chrome/content/rules/link-region.ru.xml
new file mode 100644
index 000000000000..6da60e7de8a3
--- /dev/null
+++ b/src/chrome/content/rules/link-region.ru.xml
@@ -0,0 +1,34 @@
+<!--
+link-region.ru mismatch
+www.link-region.ru mismatch
+apl.link-region.ru mismatch
+bgr.link-region.ru mismatch
+bra.link-region.ru mismatch
+bud.link-region.ru mismatch
+dbr.link-region.ru mismatch
+ded.link-region.ru mismatch
+dlg.link-region.ru mismatch
+dmt.link-region.ru mismatch
+erm.link-region.ru mismatch
+grs.link-region.ru mismatch
+iks.link-region.ru mismatch
+jhr.link-region.ru mismatch
+klk.link-region.ru mismatch
+kmr.link-region.ru mismatch
+nrf.link-region.ru mismatch
+nvs.link-region.ru mismatch
+olj.link-region.ru mismatch
+ord.link-region.ru mismatch
+pds.link-region.ru mismatch
+podpiska.link-region.ru mismatch
+rbn.link-region.ru mismatch
+rgc.link-region.ru mismatch
+tit.link-region.ru mismatch
+trd.link-region.ru mismatch
+tv.link-region.ru mismatch
+-->
+<ruleset name="link-region.ru (partial)">
+	<target host="payment.link-region.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/linksnappy.com.xml b/src/chrome/content/rules/linksnappy.com.xml
new file mode 100644
index 000000000000..78abf85d3b09
--- /dev/null
+++ b/src/chrome/content/rules/linksnappy.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- linksnappy.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="LinkSnappy.com">
+
+	<target host="linksnappy.com" />
+	<target host="www.linksnappy.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^linksnappy\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/linux-notes.org.xml b/src/chrome/content/rules/linux-notes.org.xml
new file mode 100644
index 000000000000..3ce8e9200736
--- /dev/null
+++ b/src/chrome/content/rules/linux-notes.org.xml
@@ -0,0 +1,15 @@
+<!--
+	Invalid certificate:
+		forum.linux-notes.org
+		www.forum.linux-notes.org
+		mail.linux-notes.org
+		new.linux-notes.org
+		support.linux-notes.org
+		www.support.linux-notes.org
+-->
+<ruleset name="linux-notes.org">
+	<target host="linux-notes.org" />
+	<target host="www.linux-notes.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/linuxcenter.ru.xml b/src/chrome/content/rules/linuxcenter.ru.xml
new file mode 100644
index 000000000000..933060fb80f8
--- /dev/null
+++ b/src/chrome/content/rules/linuxcenter.ru.xml
@@ -0,0 +1,28 @@
+<!--
+	Invalid certificate:
+		copter.linuxcenter.ru
+		geektv.linuxcenter.ru
+		ftp.linuxcenter.ru
+		kitezh-support.linuxcenter.ru
+		ftp.lightlang.linuxcenter.ru
+		mail.linuxcenter.ru
+		meego.linuxcenter.ru
+		meego-mirror1.linuxcenter.ru
+		rt.linuxcenter.ru
+		old.shop.linuxcenter.ru
+		wiki.linuxcenter.ru
+		yamail-b77dcde2ab2a.linuxcenter.ru
+
+	Time out:
+		imap.linuxcenter.ru
+		smtp.linuxcenter.ru
+		test.linuxcenter.ru
+-->
+<ruleset name="linuxcenter.ru">
+	<target host="linuxcenter.ru" />
+	<target host="www.linuxcenter.ru" />
+	<target host="github.linuxcenter.ru" />
+	<target host="shop.linuxcenter.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/linuxconfig.org.xml b/src/chrome/content/rules/linuxconfig.org.xml
new file mode 100644
index 000000000000..a1ad6b8f7659
--- /dev/null
+++ b/src/chrome/content/rules/linuxconfig.org.xml
@@ -0,0 +1,32 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- linuxconfig.org
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css from fonts.googleapis.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="LinuxConfig.org">
+
+	<target host="linuxconfig.org" />
+	<target host="www.linuxconfig.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^linuxconfig\.org$" name="^[\da-f]{32}$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/linuxgraphic.org.xml b/src/chrome/content/rules/linuxgraphic.org.xml
new file mode 100644
index 000000000000..375933834998
--- /dev/null
+++ b/src/chrome/content/rules/linuxgraphic.org.xml
@@ -0,0 +1,42 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.linuxgraphic.org
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css on www from $self ˢ
+
+		- Images, on:
+
+			- www from synfig.org ⁴
+			- www from download.tuxfamily.org ˢ
+
+	⁴ Unsecurable <= 404
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Linux Graphic.org" platform="mixedcontent">
+
+	<target host="linuxgraphic.org" />
+	<target host="www.linuxgraphic.org" />
+
+		<!--	Sets cookies without Secure:
+							-->
+		<!--test url="http://www.linuxgraphic.org/forums/" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.linuxgraphic\.org$" name="^(?:PHPSESSID|phpbb3_\w+_(?:k|sid|u))$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/linuxliteos.com.xml b/src/chrome/content/rules/linuxliteos.com.xml
new file mode 100644
index 000000000000..e43eef282bc9
--- /dev/null
+++ b/src/chrome/content/rules/linuxliteos.com.xml
@@ -0,0 +1,6 @@
+<!--repo. refused-->
+<ruleset name="linuxliteos.com">
+	<target host="linuxliteos.com" />
+	<target host="www.linuxliteos.com" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/linuxmint.com-falsemixed.xml b/src/chrome/content/rules/linuxmint.com-falsemixed.xml
new file mode 100644
index 000000000000..8ef972bbacde
--- /dev/null
+++ b/src/chrome/content/rules/linuxmint.com-falsemixed.xml
@@ -0,0 +1,17 @@
+<!--
+	For rules not causing false/broken MCB, see linuxmint.com.xml.
+
+-->
+<ruleset name="Linux Mint.com (false MCB)" platform="mixedcontent">
+
+	<target host="blog.linuxmint.com" />
+	<target host="segfault.linuxmint.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/linuxmint.com.xml b/src/chrome/content/rules/linuxmint.com.xml
new file mode 100644
index 000000000000..6e38db68730b
--- /dev/null
+++ b/src/chrome/content/rules/linuxmint.com.xml
@@ -0,0 +1,62 @@
+<!--
+	For rules causing false/broken MCB, see linuxmint.com-falsemixed.xml.
+
+
+	Nonfunctional hosts in *linuxmint.com:
+
+		- cinnamon ʳ
+		- debian ʳ
+		- extra ᵈ
+		- packages ᵈ
+
+	ᵈ Dropped
+	ʳ Refused
+
+
+	Problematic hosts in *linuxmint.com:
+
+		- blog ˣ
+		- developer ᵐ
+		- segfault ˣ
+
+	ᵐ Mismatched
+	ˣ Mixed css, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+
+	Mixed content:
+
+		- css on blog, segfault from $self ˢ
+
+		- Images, on:
+
+			- blog from linuxmint.com ˢ
+			- blog, segfault from $self ˢ
+			- blog from www.linuxmint.com ˢ
+			- segfault from \d.gravatar.com ˢ
+
+		- Ads/bugs, on:
+
+			- blog from www.facebook.com ˢ
+			- blog from www.linksalpha.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Linux Mint.com (partial)">
+
+	<target host="linuxmint.com" />
+	<!--target host="blog.linuxmint.com" /-->
+	<target host="community.linuxmint.com" />
+	<target host="forums.linuxmint.com" />
+	<!--target host="segfault.linuxmint.com" /-->
+	<target host="torrents.linuxmint.com" />
+	<target host="www.linuxmint.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/linuxpenguins.xyz.xml b/src/chrome/content/rules/linuxpenguins.xyz.xml
new file mode 100644
index 000000000000..156bbddd8612
--- /dev/null
+++ b/src/chrome/content/rules/linuxpenguins.xyz.xml
@@ -0,0 +1,19 @@
+<!--
+	STS header includes includeSubdomains
+
+-->
+<ruleset name="Linux Penguins.xyz">
+
+	<target host="linuxpenguins.xyz" />
+	<target host="*.linuxpenguins.xyz" />
+
+		<test url="http://www.linuxpenguins.xyz/" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/listentothe.cloud.xml b/src/chrome/content/rules/listentothe.cloud.xml
new file mode 100644
index 000000000000..59274c6decbb
--- /dev/null
+++ b/src/chrome/content/rules/listentothe.cloud.xml
@@ -0,0 +1,7 @@
+<ruleset name="listentothe.cloud">
+	<target host="listentothe.cloud" />
+	<target host="www.listentothe.cloud" />
+
+	<rule from="^http://www\.listentothe\.cloud/" to="https://listentothe.cloud/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/listverse.com.xml b/src/chrome/content/rules/listverse.com.xml
new file mode 100644
index 000000000000..e99bccc995df
--- /dev/null
+++ b/src/chrome/content/rules/listverse.com.xml
@@ -0,0 +1,12 @@
+<!--
+	Invalid Certificate:
+		extra.listverse.com
+-->
+<ruleset name="listverse.com">
+	<target host="listverse.com" />
+	<target host="www.listverse.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/literaryreview.co.uk.xml b/src/chrome/content/rules/literaryreview.co.uk.xml
new file mode 100644
index 000000000000..9ce3962a9d5a
--- /dev/null
+++ b/src/chrome/content/rules/literaryreview.co.uk.xml
@@ -0,0 +1,13 @@
+<ruleset name="Literary Review.co.uk">
+
+	<target host="literaryreview.co.uk" />
+	<target host="www.literaryreview.co.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/litreev.com.xml b/src/chrome/content/rules/litreev.com.xml
new file mode 100644
index 000000000000..071db30254d0
--- /dev/null
+++ b/src/chrome/content/rules/litreev.com.xml
@@ -0,0 +1,12 @@
+<!--
+red.litreev.com ⁶
+
+
+⁶ redirect
+-->
+<ruleset name="litreev.com">
+	<target host="litreev.com" />
+	<target host="www.litreev.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/litresp.ru.xml b/src/chrome/content/rules/litresp.ru.xml
new file mode 100644
index 000000000000..6920e6c4e069
--- /dev/null
+++ b/src/chrome/content/rules/litresp.ru.xml
@@ -0,0 +1,10 @@
+<!--
+	Mismatched:
+		- mail
+-->
+<ruleset name="litresp.ru">
+	<target host="litresp.ru" />
+	<target host="www.litresp.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/livecomm.ru.xml b/src/chrome/content/rules/livecomm.ru.xml
new file mode 100644
index 000000000000..37a6b5ccb2b9
--- /dev/null
+++ b/src/chrome/content/rules/livecomm.ru.xml
@@ -0,0 +1,14 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://livecomm.ru/ => https://livecomm.ru/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.livecomm.ru/ => https://www.livecomm.ru/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+-->
+<ruleset name="livecomm.ru" default_off="failed ruleset test">
+	<target host="livecomm.ru" />
+	<target host="www.livecomm.ru" />
+	<target host="noc.livecomm.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/livetrucking.com.xml b/src/chrome/content/rules/livetrucking.com.xml
new file mode 100644
index 000000000000..d10bde9fd49e
--- /dev/null
+++ b/src/chrome/content/rules/livetrucking.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="livetrucking.com">
+	<target host="livetrucking.com" />
+	<target host="www.livetrucking.com" />
+	<target host="jobs.livetrucking.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/livingwage.org.uk.xml b/src/chrome/content/rules/livingwage.org.uk.xml
new file mode 100644
index 000000000000..710e4a7003a8
--- /dev/null
+++ b/src/chrome/content/rules/livingwage.org.uk.xml
@@ -0,0 +1,23 @@
+<!--
+	Mixed content:
+
+		- css from $self * ˢ
+		- Images from $self ˢ
+
+	* Only fonts
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Living Wage.org.uk">
+
+	<target host="livingwage.org.uk" />
+	<target host="www.livingwage.org.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ljsear.ch.xml b/src/chrome/content/rules/ljsear.ch.xml
new file mode 100644
index 000000000000..8256da5167dc
--- /dev/null
+++ b/src/chrome/content/rules/ljsear.ch.xml
@@ -0,0 +1,5 @@
+<ruleset name="ljsear.ch">
+	<target host="ljsear.ch" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/lkk-zkh.ru.xml b/src/chrome/content/rules/lkk-zkh.ru.xml
new file mode 100644
index 000000000000..a936866704c6
--- /dev/null
+++ b/src/chrome/content/rules/lkk-zkh.ru.xml
@@ -0,0 +1,6 @@
+<ruleset name="lkk-zkh.ru">
+	<target host="lkk-zkh.ru" />
+	<target host="www.lkk-zkh.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/lleo.me.xml b/src/chrome/content/rules/lleo.me.xml
new file mode 100644
index 000000000000..d38ef81c2e09
--- /dev/null
+++ b/src/chrome/content/rules/lleo.me.xml
@@ -0,0 +1,24 @@
+<!--
+	Invalid certificate:
+		mail.lleo.me
+
+	Refused:
+		canada.lleo.me
+		spb.lleo.me
+		www.home.lleo.me
+
+	Time out:
+		_tcp.lleo.me
+		kz.lleo.me
+		zenon.lleo.me
+-->
+<ruleset name="lleo.me">
+	<target host="lleo.me" />
+	<target host="www.lleo.me" />
+	<target host="blog.lleo.me" />
+	<target host="home.lleo.me" />
+	<target host="mat.lleo.me" />
+	<target host="x.lleo.me" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/lloydsbankinggroup.com.xml b/src/chrome/content/rules/lloydsbankinggroup.com.xml
new file mode 100644
index 000000000000..c12a560d72a5
--- /dev/null
+++ b/src/chrome/content/rules/lloydsbankinggroup.com.xml
@@ -0,0 +1,23 @@
+<!--
+	Nonfunctional hosts in *lloydsbankinggroup.com:
+
+		- (www.)? ᵈ
+		- webcasts ⁵
+
+	⁵ 502
+	ᵈ Dropped
+
+-->
+<ruleset name="Lloyds Banking Group.com (partial)">
+
+	<target host="careers.lloydsbankinggroup.com" />
+	<target host="jobshop.lloydsbankinggroup.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/lme.com.xml b/src/chrome/content/rules/lme.com.xml
new file mode 100644
index 000000000000..cbd2b75f0a85
--- /dev/null
+++ b/src/chrome/content/rules/lme.com.xml
@@ -0,0 +1,12 @@
+<!--
+	For other HKEX related rulesets, see hkex.com.hk.xml.
+-->
+<ruleset name="London Metal Exchange">
+	<target host="lme.com" />
+	<target host="www.lme.com" />
+	<target host="datalicensing.lme.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/lmgtfy.com.xml b/src/chrome/content/rules/lmgtfy.com.xml
new file mode 100644
index 000000000000..09f9cd6e3102
--- /dev/null
+++ b/src/chrome/content/rules/lmgtfy.com.xml
@@ -0,0 +1,76 @@
+<!--
+	It seems that every sudomain works execpt some:
+
+	Mismatch:
+		api.lmgtfy.com
+		foo.bar.lmgtfy.com
+		blog.lmgtfy.com
+		shop.lmgtfy.com
+
+	handshake error:
+		blog.lmgtfy.com
+-->
+
+<ruleset name="lmgtfy.com">
+
+	<target host="lmgtfy.com" />
+
+	<target host="*.lmgtfy.com" />
+	<exclusion pattern="^http://(api|foo\.bar|blog|shop)\.lmgtfy\.com/" />
+
+		<test url="http://api.lmgtfy.com/" />
+		<test url="http://foo.bar.lmgtfy.com/" />
+		<test url="http://blog.lmgtfy.com/" />
+		<test url="http://shop.lmgtfy.com/" />
+
+		<test url="http://ar.lmgtfy.com/" />
+		<test url="http://bg.lmgtfy.com/" />
+		<test url="http://bing.lmgtfy.com/" />
+		<test url="http://books.lmgtfy.com/" />
+		<test url="http://cs.lmgtfy.com/" />
+		<test url="http://cy.lmgtfy.com/" />
+		<test url="http://da.lmgtfy.com/" />
+		<test url="http://de.lmgtfy.com/" />
+		<test url="http://doge.lmgtfy.com/" />
+		<test url="http://el.lmgtfy.com/" />
+		<test url="http://en.lmgtfy.com/" />
+		<test url="http://es.lmgtfy.com/" />
+		<test url="http://fi.lmgtfy.com/" />
+		<test url="http://finance.lmgtfy.com/" />
+		<test url="http://foo-bar.lmgtfy.com/" />
+		<test url="http://fr.lmgtfy.com/" />
+		<test url="http://he.lmgtfy.com/" />
+		<test url="http://hu.lmgtfy.com/" />
+		<test url="http://id.lmgtfy.com/" />
+		<test url="http://images.lmgtfy.com/" />
+		<test url="http://it.lmgtfy.com/" />
+		<test url="http://ja.lmgtfy.com/" />
+		<test url="http://ko.lmgtfy.com/" />
+		<test url="http://live.lmgtfy.com/" />
+		<test url="http://news.lmgtfy.com/" />
+		<test url="http://nl.lmgtfy.com/" />
+		<test url="http://no.lmgtfy.com/" />
+		<test url="http://photos.lmgtfy.com/" />
+		<test url="http://pl.lmgtfy.com/" />
+		<test url="http://pt-br.lmgtfy.com/" />
+		<test url="http://pt.lmgtfy.com/" />
+		<test url="http://ro.lmgtfy.com/" />
+		<test url="http://ru.lmgtfy.com/" />
+		<test url="http://scholar.lmgtfy.com/" />
+		<test url="http://shopping.lmgtfy.com/" />
+		<test url="http://sk.lmgtfy.com/" />
+		<test url="http://snopes.lmgtfy.com/" />
+		<test url="http://sr.lmgtfy.com/" />
+		<test url="http://sv.lmgtfy.com/" />
+		<test url="http://th.lmgtfy.com/" />
+		<test url="http://tr.lmgtfy.com/" />
+		<test url="http://uk.lmgtfy.com/" />
+		<test url="http://vi.lmgtfy.com/" />
+		<test url="http://video.lmgtfy.com/" />
+		<test url="http://wikipedia.lmgtfy.com/" />
+		<test url="http://www.lmgtfy.com/" />
+		<test url="http://zh.lmgtfy.com/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/lmms.io.xml b/src/chrome/content/rules/lmms.io.xml
new file mode 100644
index 000000000000..d259166a3b79
--- /dev/null
+++ b/src/chrome/content/rules/lmms.io.xml
@@ -0,0 +1,13 @@
+<ruleset name="LMMS.io">
+
+	<target host="lmms.io" />
+	<target host="www.lmms.io" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/local.com.ua.xml b/src/chrome/content/rules/local.com.ua.xml
new file mode 100644
index 000000000000..2ca3b95ae5fc
--- /dev/null
+++ b/src/chrome/content/rules/local.com.ua.xml
@@ -0,0 +1,14 @@
+<!--
+media.local.com.ua ¹
+ns.local.com.ua ¹
+zain.local.com.ua ¹
+
+
+¹ mismatch
+-->
+<ruleset name="local.com.ua">
+	<target host="local.com.ua" />
+	<target host="www.local.com.ua" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/localmonero.co.xml b/src/chrome/content/rules/localmonero.co.xml
new file mode 100644
index 000000000000..06a0ca47f416
--- /dev/null
+++ b/src/chrome/content/rules/localmonero.co.xml
@@ -0,0 +1,8 @@
+<ruleset name="localmonero.co">
+	<target host="localmonero.co" />
+	<target host="www.localmonero.co" />
+	<target host="meet.localmonero.co" />
+	<target host="forums.localmonero.co" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/localmotors.com.xml b/src/chrome/content/rules/localmotors.com.xml
new file mode 100644
index 000000000000..e329aa9f1da1
--- /dev/null
+++ b/src/chrome/content/rules/localmotors.com.xml
@@ -0,0 +1,28 @@
+<!--
+	CDN buckets:
+
+		- lm-staticimages.s3.amazonaws.com
+
+
+	Insecure cookies are set for these domains:
+
+		- .localmotors.com
+
+-->
+<ruleset name="Local Motors.com">
+
+	<target host="localmotors.com" />
+	<target host="www.localmotors.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.localmotors\.com$" name="^[qu]id$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/localphone.com.xml b/src/chrome/content/rules/localphone.com.xml
new file mode 100644
index 000000000000..836eca47cdfa
--- /dev/null
+++ b/src/chrome/content/rules/localphone.com.xml
@@ -0,0 +1,36 @@
+<!--
+	Nonfunctional hosts in *localphone.com:
+
+		- blog *
+
+	* Shows another domain
+
+-->
+<ruleset name="Localphone.com (partial) and related sites">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="localphone.com" />
+	<target host="m.localphone.com" />
+	<target host="static.localphone.com" />
+	<target host="www.localphone.com" />
+
+
+	<!--  Sites owned by Localphone Ltd.:
+				-->
+	<target host="0800buster.co.uk" />
+	<target host="www.0800buster.co.uk" />
+	<target host="freecallscanada.co.uk" />
+	<target host="www.freecallscanada.co.uk" />
+	<target host="freecallstosingapore.co.uk" />
+	<target host="www.freecallstosingapore.co.uk" />
+	<target host="freecallstousa.co.uk" />
+	<target host="www.freecallstousa.co.uk" />
+
+	<securecookie host="^(www\.)?freecalls(canada|to(singapore|usa))\.co\.uk$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/locationsmart.com.xml b/src/chrome/content/rules/locationsmart.com.xml
new file mode 100644
index 000000000000..a160d24de09c
--- /dev/null
+++ b/src/chrome/content/rules/locationsmart.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="LocationSmart.com">
+
+	<target host="locationsmart.com" />
+	<target host="www.locationsmart.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/lockscalecompare.com.xml b/src/chrome/content/rules/lockscalecompare.com.xml
new file mode 100644
index 000000000000..3477c1d40432
--- /dev/null
+++ b/src/chrome/content/rules/lockscalecompare.com.xml
@@ -0,0 +1,30 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://gets.lockscalecompare.com/ => https://gets.lockscalecompare.com/: (6, 'Could not resolve host: gets.lockscalecompare.com')
+
+	Problematic hosts in *lockscalecompare.com:
+
+		- data ᵐ
+
+	ᵐ Mismatched
+
+
+	These altnames do not exist:
+
+		- www.gets.lockscalecompare.com
+
+-->
+<ruleset name="lockscalecompare.com (partial)" default_off="failed ruleset test">
+
+	<target host="lockscalecompare.com" />
+	<target host="gets.lockscalecompare.com" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/lofter.com.xml b/src/chrome/content/rules/lofter.com.xml
new file mode 100644
index 000000000000..a3df3925a9e1
--- /dev/null
+++ b/src/chrome/content/rules/lofter.com.xml
@@ -0,0 +1,21 @@
+<!--
+	^lofter.com		Timeout: https://travis-ci.org/github/EFForg/https-everywhere/jobs/666370682#L339
+	*.lofter.com	( every user get his own subdomain )
+-->
+<ruleset name="lofter.com">
+
+	<target host="lofter.com" />
+	<target host="*.lofter.com" />
+
+	<test url="http://www.lofter.com/login?urschecked=true" />
+	<test url="http://www.lofter.com/explore?act=qbview_20130930_04" />
+	<test url="http://www.lofter.com/tag/%E5%91%A8%E5%8F%B6" />
+	<test url="http://www.lofter.com/wall" />
+	<test url="http://www.lofter.com/CreativeCommons" />
+	<test url="http://www.lofter.com/sale/catl00008" />
+
+	<test url="http://renwuzaoxing.lofter.com/" />
+
+	<rule from="^http://lofter\.com/" to="https://www.lofter.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/logcg.com.xml b/src/chrome/content/rules/logcg.com.xml
new file mode 100644
index 000000000000..4ae9825b9b64
--- /dev/null
+++ b/src/chrome/content/rules/logcg.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="logcg.com">
+
+	<target host="logcg.com" />
+	<target host="www.logcg.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/logicalincrements.com.xml b/src/chrome/content/rules/logicalincrements.com.xml
new file mode 100644
index 000000000000..65007777f178
--- /dev/null
+++ b/src/chrome/content/rules/logicalincrements.com.xml
@@ -0,0 +1,23 @@
+<!--
+	Invalid certificate:
+		b.logicalincrements.com
+
+	Redirects to HTTP:
+		- ^ (fixed by this ruleset)
+
+	Refused:
+		blog.logicalincrements.com
+
+	Time out:
+		a.logicalincrements.com
+-->
+<ruleset name="logicalincrements.com">
+	<target host="logicalincrements.com" />
+	<target host="www.logicalincrements.com" />
+	<target host="backend.logicalincrements.com" />
+	<target host="backend2.logicalincrements.com" />
+	<target host="images.logicalincrements.com" />
+
+	<rule from="^http://logicalincrements\.com/" to="https://www.logicalincrements.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/logincasino.com.xml b/src/chrome/content/rules/logincasino.com.xml
new file mode 100644
index 000000000000..35dc12bf4dd3
--- /dev/null
+++ b/src/chrome/content/rules/logincasino.com.xml
@@ -0,0 +1,6 @@
+<!-- old. mismatch, self signed -->
+<ruleset name="logincasino.com">
+	<target host="logincasino.com" />
+	<target host="www.logincasino.com" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/lomolenobl.ru.xml b/src/chrome/content/rules/lomolenobl.ru.xml
new file mode 100644
index 000000000000..cf396bdd10d7
--- /dev/null
+++ b/src/chrome/content/rules/lomolenobl.ru.xml
@@ -0,0 +1,5 @@
+<ruleset name="lomolenobl.ru">
+	<target host="lomolenobl.ru" />
+	<target host="www.lomolenobl.ru" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/london-fire.gov.uk.xml b/src/chrome/content/rules/london-fire.gov.uk.xml
new file mode 100644
index 000000000000..2363c72ed863
--- /dev/null
+++ b/src/chrome/content/rules/london-fire.gov.uk.xml
@@ -0,0 +1,42 @@
+<!--
+	London Fire Brigade
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *london-fire.gov.uk:
+
+		- maps ᵈ
+		- moderngov ³
+		- www ⁴
+
+	³ 503
+	⁴ 404
+	ᵈ Dropped
+
+
+	^london-fire.gov.uk doesn't exist.
+
+
+	Insecure cookies are set for these hosts:
+
+		- jobs.london-fire.gov.uk
+
+-->
+<ruleset name="London-Fire.gov.uk (partial)">
+
+	<target host="hfsvwr.london-fire.gov.uk" />
+	<target host="jobs.london-fire.gov.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^jobs\.london-fire\.gov\.uk$" name="^(?:fs|ua)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/londontrustmedia.com.xml b/src/chrome/content/rules/londontrustmedia.com.xml
new file mode 100644
index 000000000000..2c374b093649
--- /dev/null
+++ b/src/chrome/content/rules/londontrustmedia.com.xml
@@ -0,0 +1,21 @@
+<!--
+	Mixed content:
+
+		- css from fonts.googleapis.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="London Trust Media.com">
+
+	<target host="londontrustmedia.com" />
+	<target host="www.londontrustmedia.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/lorenzonuvoletta.com.xml b/src/chrome/content/rules/lorenzonuvoletta.com.xml
new file mode 100644
index 000000000000..2bba847cfde5
--- /dev/null
+++ b/src/chrome/content/rules/lorenzonuvoletta.com.xml
@@ -0,0 +1,15 @@
+<!--
+	Redirect to HTTP:
+		lwhfb.lorenzonuvoletta.com
+		www.lwhfb.lorenzonuvoletta.com
+-->
+<ruleset name="lorenzonuvoletta.com">
+	<target host="lorenzonuvoletta.com" />
+	<target host="www.lorenzonuvoletta.com" />
+	<target host="autodiscover.lorenzonuvoletta.com" />
+	<target host="cpanel.lorenzonuvoletta.com" />
+	<target host="webdisk.lorenzonuvoletta.com" />
+	<target host="webmail.lorenzonuvoletta.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/lostfilm.info.xml b/src/chrome/content/rules/lostfilm.info.xml
new file mode 100644
index 000000000000..261869f02b31
--- /dev/null
+++ b/src/chrome/content/rules/lostfilm.info.xml
@@ -0,0 +1,31 @@
+<!--
+123.lostfilm.info ¹
+2fold.lostfilm.info ¹
+eureka.lostfilm.info ¹
+forum.lostfilm.info ¹
+kgxxwze.lostfilm.info ¹
+www.kgxxwze.lostfilm.info ¹
+m.lostfilm.info ¹
+mail.lostfilm.info ¹
+mmqkehi.lostfilm.info ¹
+news.lostfilm.info ¹
+old.lostfilm.info ⁴
+www.ssve.ru.lostfilm.info ¹
+uuvanlo.lostfilm.info ¹
+w.lostfilm.info ¹
+ww.w.lostfilm.info ¹
+webmail.lostfilm.info ¹
+widget.lostfilm.info ¹
+widgets.lostfilm.info ¹
+ww.lostfilm.info ¹
+
+
+¹ mismatch
+⁴ self signed
+-->
+<ruleset name="lostfilm.info">
+	<target host="lostfilm.info" />
+	<target host="www.lostfilm.info" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/lostfilm.tv.xml b/src/chrome/content/rules/lostfilm.tv.xml
new file mode 100644
index 000000000000..66ea38c281a9
--- /dev/null
+++ b/src/chrome/content/rules/lostfilm.tv.xml
@@ -0,0 +1,25 @@
+<!--
+www.inside.lostfilm.tv ¹
+lost.s06e05.rus.lostfilm.tv ¹
+www.ww.lostfilm.tv ¹
+
+
+¹ mismatch
+-->
+<ruleset name="lostfilm.tv">
+	<target host="lostfilm.tv" />
+	<target host="www.lostfilm.tv" />
+	<target host="delta.lostfilm.tv" />
+	<target host="forum.lostfilm.tv" />
+	<target host="lnk.lostfilm.tv" />
+	<target host="new.lostfilm.tv" />
+	<target host="news.lostfilm.tv" />
+	<target host="old.lostfilm.tv" />
+	<target host="onlime.lostfilm.tv" />
+	<target host="rus.lostfilm.tv" />
+	<target host="stargateatlantis.lostfilm.tv" />
+	<target host="web.lostfilm.tv" />
+	<target host="wwww.lostfilm.tv" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/lostpic.net.xml b/src/chrome/content/rules/lostpic.net.xml
new file mode 100644
index 000000000000..b3714cc89895
--- /dev/null
+++ b/src/chrome/content/rules/lostpic.net.xml
@@ -0,0 +1,33 @@
+<!--
+	Invalid certificate:
+		img1.lostpic.net
+		img2.lostpic.net
+		img3.lostpic.net
+		img4.lostpic.net
+		img5.lostpic.net
+		img6.lostpic.net
+		new.lostpic.net
+		new1.lostpic.net
+		new2.lostpic.net
+
+	Non-2xx HTTP code:
+		s1.lostpic.net
+-->
+<ruleset name="lostpic.net">
+	<target host="lostpic.net" />
+	<target host="www.lostpic.net" />
+	<target host="1.lostpic.net" />
+	<target host="3.lostpic.net" />
+	<target host="hqclub.lostpic.net" />
+	<target host="img.lostpic.net" />
+	<target host="img10.lostpic.net" />
+	<target host="img11.lostpic.net" />
+	<target host="img12.lostpic.net" />
+	<target host="img14.lostpic.net" />
+	<target host="img15.lostpic.net" />
+	<target host="img16.lostpic.net" />
+	<target host="src-img10.lostpic.net" />
+	<target host="test.lostpic.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/lotro.com.xml b/src/chrome/content/rules/lotro.com.xml
new file mode 100644
index 000000000000..2a25896e8af3
--- /dev/null
+++ b/src/chrome/content/rules/lotro.com.xml
@@ -0,0 +1,29 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://signup.lotro.com/ => https://signup.lotro.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	Problematic hosts in *lotro.com:
+
+		- (www.)? ¹
+		- store ¹
+		- transfers ²
+
+	¹ Invalid cert signature
+	² Cert mismatched for redirect destination
+
+-->
+<ruleset name="lotro.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<!--target host="lotro.com" /-->
+	<!--target host="store.lotro.com" /-->
+	<target host="signup.lotro.com" />
+	<!--target host="transfers.lotro.com" /-->
+	<!--target host="www.lotro.com" /-->
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/lovebizhi.com.xml b/src/chrome/content/rules/lovebizhi.com.xml
new file mode 100644
index 000000000000..46f3618500c4
--- /dev/null
+++ b/src/chrome/content/rules/lovebizhi.com.xml
@@ -0,0 +1,24 @@
+<!--
+	MCB:
+		- open.lovebizhi.com
+
+	Mismatch:
+		- mail.lovebizhi.com
+-->
+<ruleset name="lovebizhi.com">
+	<target host="lovebizhi.com" />
+	<target host="www.lovebizhi.com" />
+	<target host="api.lovebizhi.com" />
+	<target host="clientapi.lovebizhi.com" />
+	<target host="diy.lovebizhi.com" />
+	<target host="haoma.lovebizhi.com" />
+	<target host="m.lovebizhi.com" />
+	<target host="originwww.lovebizhi.com" />
+	<target host="partner.lovebizhi.com" />
+	<target host="partner91.lovebizhi.com" />
+	<target host="upload.lovebizhi.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/lpgenerator.ru.xml b/src/chrome/content/rules/lpgenerator.ru.xml
new file mode 100644
index 000000000000..046c21a46107
--- /dev/null
+++ b/src/chrome/content/rules/lpgenerator.ru.xml
@@ -0,0 +1,15 @@
+<ruleset name="lpgenerator.ru">
+
+	<target host="media.lpgenerator.ru" />
+	<target host="static.lpgenerator.ru" />
+
+		<test url="http://static.lpgenerator.ru/media/css/upgrade/widget/sliders/eighth/slider.css" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/lrens.ch.xml b/src/chrome/content/rules/lrens.ch.xml
new file mode 100644
index 000000000000..993f3b2b6281
--- /dev/null
+++ b/src/chrome/content/rules/lrens.ch.xml
@@ -0,0 +1,14 @@
+<ruleset name="LRens.ch">
+
+	<target host="lrens.ch" />
+	<target host="beta.lrens.ch" />
+	<target host="www.lrens.ch" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/lsc.gov.uk.xml b/src/chrome/content/rules/lsc.gov.uk.xml
new file mode 100644
index 000000000000..d7277449cd2a
--- /dev/null
+++ b/src/chrome/content/rules/lsc.gov.uk.xml
@@ -0,0 +1,35 @@
+<!--
+	Learning and Skills Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- .lsc.gov.uk
+		- apprenticeshipvacancymatchingservice.lsc.gov.uk
+		- edrs.lsc.gov.uk
+		- gateway.lsc.gov.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="LSC.gov.uk">
+
+	<target host="apprenticeshipvacancymatchingservice.lsc.gov.uk" />
+	<target host="edrs.lsc.gov.uk" />
+	<target host="gateway.lsc.gov.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.lsc\.gov\.uk$" name="^BC_HA\w+$" /-->
+	<!--securecookie host="^(?:apprenticeshipvacancymatchingservice|edrs|gateway)\.lsc\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/lscpt.ch.xml b/src/chrome/content/rules/lscpt.ch.xml
new file mode 100644
index 000000000000..edf3c98c5c0c
--- /dev/null
+++ b/src/chrome/content/rules/lscpt.ch.xml
@@ -0,0 +1,13 @@
+<ruleset name="LSCPT.ch">
+
+	<target host="lscpt.ch" />
+	<target host="www.lscpt.ch" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/lsm.lv.xml b/src/chrome/content/rules/lsm.lv.xml
new file mode 100644
index 000000000000..e521b10dad8b
--- /dev/null
+++ b/src/chrome/content/rules/lsm.lv.xml
@@ -0,0 +1,31 @@
+<!--
+lsm.lv ⁶
+www.lsm.lv ⁶
+b.lsm.lv ¹
+klasika.lsm.lv ³
+latvijasradio.lsm.lv ³
+www.latvijasradio.lsm.lv ³
+lr1.lsm.lv ³
+lr2.lsm.lv ³
+lr4.lsm.lv ³
+lr5.lsm.lv ³
+naba.lsm.lv ³
+pieci.lsm.lv ¹
+replay.lsm.lv ⁶
+v.lsm.lv ¹
+adreses.lsm.lv different content
+ielas.lsm.lv different content
+pie.lsm.lv different content
+
+
+¹ mismatch
+³ timed out
+⁶ redirect
+-->
+<ruleset name="lsm.lv (partial)">
+	<target host="ltv.lsm.lv" />
+	<target host="s2.lsm.lv" />
+	<target host="supernova.lsm.lv" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ltr-data.se.xml b/src/chrome/content/rules/ltr-data.se.xml
new file mode 100644
index 000000000000..1d60e86822f0
--- /dev/null
+++ b/src/chrome/content/rules/ltr-data.se.xml
@@ -0,0 +1,25 @@
+<!--
+	Invalid certificate:
+		webmail.ltr-data.se
+
+	Refused:
+		test.ltr-data.se
+		vtdep.ltr-data.se
+		ztest.ltr-data.se
+
+	Time out:
+		ftp.ltr-data.se
+		imap.ltr-data.se
+		mail.ltr-data.se
+		mail2.ltr-data.se
+		pop3.ltr-data.se
+		smtp.ltr-data.se
+-->
+<ruleset name="ltr-data.se">
+	<target host="ltr-data.se" />
+	<target host="www.ltr-data.se" />
+	<target host="app.ltr-data.se" />
+	<target host="www.app.ltr-data.se" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/lua.org.xml b/src/chrome/content/rules/lua.org.xml
new file mode 100644
index 000000000000..d6dcdad57fa1
--- /dev/null
+++ b/src/chrome/content/rules/lua.org.xml
@@ -0,0 +1,6 @@
+<ruleset name="lua.org">
+	<target host="lua.org" />
+	<target host="www.lua.org" />
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/lubakiagenda.net.xml b/src/chrome/content/rules/lubakiagenda.net.xml
new file mode 100644
index 000000000000..2f7a3b7f2d4e
--- /dev/null
+++ b/src/chrome/content/rules/lubakiagenda.net.xml
@@ -0,0 +1,13 @@
+<ruleset name="Lubaki Agenda.net">
+
+	<target host="lubakiagenda.net" />
+	<target host="www.lubakiagenda.net" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/luckyreferrals.com.xml b/src/chrome/content/rules/luckyreferrals.com.xml
new file mode 100644
index 000000000000..b5584c5170f4
--- /dev/null
+++ b/src/chrome/content/rules/luckyreferrals.com.xml
@@ -0,0 +1,39 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://luckyreferrals.com/ => https://luckyreferrals.com/: Too many redirects while fetching 'https://luckyreferrals.com/'
+Fetch error: http://www.luckyreferrals.com/ => https://www.luckyreferrals.com/: Too many redirects while fetching 'https://www.luckyreferrals.com/'
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- luckyreferrals.com
+		- www.luckyreferrals.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- iframe from www.youtube.com ˢ
+		- Images from www.luckyreferrals.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="LuckyReferrals.com" default_off="failed ruleset test">
+
+	<target host="luckyreferrals.com" />
+	<target host="www.luckyreferrals.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?luckyreferrals\.com$" name="^F_pap_sid$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/lukasa.co.uk.xml b/src/chrome/content/rules/lukasa.co.uk.xml
new file mode 100644
index 000000000000..b2a5e74696b8
--- /dev/null
+++ b/src/chrome/content/rules/lukasa.co.uk.xml
@@ -0,0 +1,29 @@
+<!--
+	STS header includes includeSubdomains.
+
+-->
+<ruleset name="Lukasa.co.uk">
+
+	<target host="lukasa.co.uk" />
+	<target host="*.lukasa.co.uk" />
+
+		<!--	includeSubdomains applies to one level, so:
+									-->
+		<exclusion pattern="^http://(?:[^./]+\.){2}lukasa\.co\.uk/" />
+
+			<!--	+ve:
+					-->
+			<test url="http://this.host.lukasa.co.uk/" />
+			<test url="http://exists.not.lukasa.co.uk/" />
+
+		<test url="http://www.lukasa.co.uk/" />
+
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/luna1.co.xml b/src/chrome/content/rules/luna1.co.xml
new file mode 100644
index 000000000000..fa1858cfe270
--- /dev/null
+++ b/src/chrome/content/rules/luna1.co.xml
@@ -0,0 +1,17 @@
+<!--
+	These altnames don't exist:
+
+		- www.luna1.co
+
+-->
+<ruleset name="luna1.co">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="luna1.co" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/lunik.xyz.xml b/src/chrome/content/rules/lunik.xyz.xml
new file mode 100644
index 000000000000..e499912aef58
--- /dev/null
+++ b/src/chrome/content/rules/lunik.xyz.xml
@@ -0,0 +1,15 @@
+<!--
+lunik.xyz ⁴
+torrent.lunik.xyz ²
+
+
+² refused
+⁴ self signed
+-->
+<ruleset name="lunik.xyz (partial)">
+	<target host="cp.lunik.xyz" />
+	<target host="fs.lunik.xyz" />
+	<target host="status.lunik.xyz" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/luosimao.com.xml b/src/chrome/content/rules/luosimao.com.xml
new file mode 100644
index 000000000000..23f440202103
--- /dev/null
+++ b/src/chrome/content/rules/luosimao.com.xml
@@ -0,0 +1,30 @@
+<!--
+Non-2xx HTTP code: http://my.luosimao.com/ (200) => https://my.luosimao.com/ (500)
+-->
+
+<ruleset name="luosimao.com">
+
+	<target host="luosimao.com" />
+
+	<target host="captcha.luosimao.com" />
+		<test url="http://captcha.luosimao.com/static/dist/api.js" />
+
+	<target host="client.luosimao.com" />
+		<test url="http://client.luosimao.com/track/click/D7B6FA53-F273-156E-44AF-ADEA78CEF520/05-2264B997-DBD4-39C8-EC62-8D7B84E5C7B9/05-911BB485-FD13-FE55-BB27-730193069204" />
+
+	<target host="i2-captcha.luosimao.com" />
+
+	<target host="my.luosimao.com" />
+		<test url="http://my.luosimao.com/auth/register" />
+	<!--	For Travis check error:	-->
+	<exclusion pattern="^http://my\.luosimao\.com/$" />
+
+	<target host="s.luosimao.com" />
+		<test url="http://s.luosimao.com/bower/asset/website.css?v=201608181443.css" />
+		<test url="http://s.luosimao.com/js/modernizr.js" />
+
+	<target host="www.luosimao.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/lushstories.com.xml b/src/chrome/content/rules/lushstories.com.xml
new file mode 100644
index 000000000000..16b3ea6a7087
--- /dev/null
+++ b/src/chrome/content/rules/lushstories.com.xml
@@ -0,0 +1,64 @@
+<!--
+	Note: Watch for store validity.
+
+
+	Nonfunctional hosts in *lushstories.com:
+
+		- m ᵗ
+
+	ᵗ Reset
+
+
+	Problematic hosts in *lushstories.com:
+
+		- store ᵐ ˣ
+
+	ᵐ Mismatched
+	ˣ Mixed css
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- store.lushstories.com
+		- .store.lushstories.com
+		- www.lushstories.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css on store from $self
+
+		- images, on:
+
+			- store from cnvassets.s3.amazonaws.com ˢ
+			- store from d1uc3ft0n4nkav.cloudfront.net ˢ
+			- store from d235bdyk0zpoq6.cloudfront.net ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Lush Stories.com (partial)">
+
+	<target host="lushstories.com" />
+	<target host="avatars.lushstories.com" />
+	<target host="www.lushstories.com" />
+
+		<test url="http://avatars.lushstories.com/5341/4ea7bb6d9637310de08d7f04.jpg" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^store\.lushstories\.com$" name="^z$" /-->
+	<!--securecookie host="^\.store\.lushstories\.com$" name="^card_id$" /-->
+	<!--securecookie host="^www\.lushstories\.com$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/lusternia.xml b/src/chrome/content/rules/lusternia.xml
new file mode 100644
index 000000000000..83381de5c4f9
--- /dev/null
+++ b/src/chrome/content/rules/lusternia.xml
@@ -0,0 +1,5 @@
+<ruleset name="Lusternia">
+    <target host="lusternia.com" />
+    <target host="www.lusternia.com" />
+    <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/lutte-ouvriere.org.xml b/src/chrome/content/rules/lutte-ouvriere.org.xml
new file mode 100644
index 000000000000..7a4c9c3b7975
--- /dev/null
+++ b/src/chrome/content/rules/lutte-ouvriere.org.xml
@@ -0,0 +1,29 @@
+<!--
+	Private subdomain:
+		analytics.lutte-ouvriere.org
+		courrier.lutte-ouvriere.org
+		mail.lutte-ouvriere.org
+		mantis42.lutte-ouvriere.org
+
+	No working URL known:
+		media.lutte-ouvriere.org
+		rbx.lutte-ouvriere.org
+		rbx-ipfailover.lutte-ouvriere.org
+		rbx2.lutte-ouvriere.org
+		rbx2-ipfailover.lutte-ouvriere.org
+
+-->
+<ruleset name="lutte-ouvriere.org">
+
+	<target host="lutte-ouvriere.org" />
+	<target host="www.lutte-ouvriere.org" />
+	<target host="audio.lutte-ouvriere.org" />
+	<target host="cdn.lutte-ouvriere.org" />
+	<target host="fete.lutte-ouvriere.org" />
+	<target host="journal.lutte-ouvriere.org" />
+	<target host="mensuel.lutte-ouvriere.org" />
+	<target host="prod.lutte-ouvriere.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/luukku.com.xml b/src/chrome/content/rules/luukku.com.xml
new file mode 100644
index 000000000000..9202dc79ccc8
--- /dev/null
+++ b/src/chrome/content/rules/luukku.com.xml
@@ -0,0 +1,41 @@
+<!--
+	Insecure cookies are set for these domains: ᶜ
+
+		- .luukku.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Image on www from st.mtv.fi ˢ
+
+		- Bugs, on:
+
+			- www from code.adtlgc.com
+			- www from eas3.emediate.se ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Luukku.com">
+
+	<target host="luukku.com" />
+	<target host="img.luukku.com" />
+	<target host="www.luukku.com" />
+
+		<test url="http://img.luukku.com/img/luukku-4/login_toprightcorner.gif" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.luukku\.com$" name="^Luukku(?:-UAT|Stat)$" /-->
+
+	<securecookie host="^\." name="(?:-UAT|Stat)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/luxorfilm.ru.xml b/src/chrome/content/rules/luxorfilm.ru.xml
new file mode 100644
index 000000000000..923b37fafa24
--- /dev/null
+++ b/src/chrome/content/rules/luxorfilm.ru.xml
@@ -0,0 +1,14 @@
+<!--
+dbox.luxorfilm.ru ¹
+imax.luxorfilm.ru ¹
+
+
+¹ mismatch
+-->
+<ruleset name="luxorfilm.ru">
+	<target host="luxorfilm.ru" />
+	<target host="www.luxorfilm.ru" />
+	<target host="api.luxorfilm.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/lvftv.com.xml b/src/chrome/content/rules/lvftv.com.xml
new file mode 100644
index 000000000000..11c37bc1a10c
--- /dev/null
+++ b/src/chrome/content/rules/lvftv.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="LVFTV.com">
+
+	<target host="lvftv.com" />
+	<target host="www.lvftv.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/lwfinger.com.xml b/src/chrome/content/rules/lwfinger.com.xml
new file mode 100644
index 000000000000..55fe04a18795
--- /dev/null
+++ b/src/chrome/content/rules/lwfinger.com.xml
@@ -0,0 +1,5 @@
+<ruleset name="lwfinger.com">
+	<target host="lwfinger.com" />
+	<target host="www.lwfinger.com" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/lyft.com.xml b/src/chrome/content/rules/lyft.com.xml
new file mode 100644
index 000000000000..641e70680f38
--- /dev/null
+++ b/src/chrome/content/rules/lyft.com.xml
@@ -0,0 +1,37 @@
+<!--
+eclick.lyft.com ³
+growth.lyft.com ³
+
+
+³ timed out
+-->
+<ruleset name="lyft.com">
+	<target host="lyft.com" />
+	<target host="www.lyft.com" />
+	<target host="account.lyft.com" />
+	<target host="advocacy.lyft.com" />
+	<target host="api.lyft.com" />
+	<target host="api-iad-1.lyft.com" />
+	<target host="api-iad-1-tcp.lyft.com" />
+	<target host="ats.lyft.com" />
+	<target host="blog.lyft.com" />
+	<target host="cdn.lyft.com" />
+	<target host="community.lyft.com" />
+	<target host="design.lyft.com" />
+	<target host="developer.lyft.com" />
+	<target host="drivers.lyft.com" />
+	<target host="eng.lyft.com" />
+	<target host="get.lyft.com" />
+	<target host="go.lyft.com" />
+	<target host="help.lyft.com" />
+	<target host="images.lyft.com" />
+	<target host="partner-api.lyft.com" />
+	<target host="ride.lyft.com" />
+	<target host="shop.lyft.com" />
+	<target host="take.lyft.com" />
+	<target host="thehub.lyft.com" />
+	<target host="ww.lyft.com" />
+	<target host="wwww.lyft.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/lyngsat.com.xml b/src/chrome/content/rules/lyngsat.com.xml
new file mode 100644
index 000000000000..e18cee48a880
--- /dev/null
+++ b/src/chrome/content/rules/lyngsat.com.xml
@@ -0,0 +1,20 @@
+<!--
+genmap.lyngsat.com ⁷
+new.lyngsat.com ³
+web.lyngsat.com ¹
+
+
+¹ mismatch
+³ timed out
+⁷ protocol error
+-->
+<ruleset name="lyngsat.com">
+	<target host="lyngsat.com" />
+	<target host="www.lyngsat.com" />
+	<target host="m.lyngsat.com" />
+	<target host="www.m.lyngsat.com" />
+	<target host="mail.lyngsat.com" />
+	<target host="misc.lyngsat.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/lzone.de.xml b/src/chrome/content/rules/lzone.de.xml
new file mode 100644
index 000000000000..c9c889f520cb
--- /dev/null
+++ b/src/chrome/content/rules/lzone.de.xml
@@ -0,0 +1,7 @@
+<ruleset name="LZone.de">
+        <target host="lzone.de" />
+        <target host="www.lzone.de" />
+
+        <rule from="^http:"
+                to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/m2ch.xml b/src/chrome/content/rules/m2ch.xml
new file mode 100644
index 000000000000..594638467a6c
--- /dev/null
+++ b/src/chrome/content/rules/m2ch.xml
@@ -0,0 +1,19 @@
+<ruleset name="M.Dvach">	
+
+	<target host="m2ch.hk" />
+	<target host="www.m2ch.hk" />
+ 	<target host="m2ch.611.to" />
+	<target host="www.m2ch.611.to" />
+ 	<target host="m2ch.cf" />
+	<target host="www.m2ch.cf" />
+ 	<target host="m2ch.ga" />
+	<target host="www.m2ch.ga" />
+ 	<target host="m2ch.gq" />
+	<target host="www.m2ch.gq" />
+ 	<target host="m2ch.ml" />
+	<target host="www.m2ch.ml" />
+
+	<rule from="^http://(www\.)?([\w.]+)/"
+          to="https://$2/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/m3connect.xml b/src/chrome/content/rules/m3connect.xml
index 4010a21f9996..ae8ab84edd2c 100644
--- a/src/chrome/content/rules/m3connect.xml
+++ b/src/chrome/content/rules/m3connect.xml
@@ -2,8 +2,5 @@
     <target host="partner.m3connect.de" />
     <target host="portal.m3-connect.de" />
 
-    <rule from="^https?://partner\.m3connect\.de/"
-        to="https://partner.m3connect.de/"/>
-    <rule from="^https?://portal\.m3-connect\.de/"
-        to="https://portal.m3-connect.de/"/>
+    <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/ma-wlan.de.xml b/src/chrome/content/rules/ma-wlan.de.xml
new file mode 100644
index 000000000000..5f1159b117f0
--- /dev/null
+++ b/src/chrome/content/rules/ma-wlan.de.xml
@@ -0,0 +1,14 @@
+<ruleset name="MA-WLAN">
+
+	<target host="ma-wlan.de" />
+	<target host="www.ma-wlan.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<!-- Invalid certificate on https://ma-wlan.de/ -->
+	<rule from="^http://ma-wlan\.de/"
+		to="https://www.ma-wlan.de/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/maajim.com.xml b/src/chrome/content/rules/maajim.com.xml
new file mode 100644
index 000000000000..b9daa7f8534b
--- /dev/null
+++ b/src/chrome/content/rules/maajim.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="maajim.com">
+	<target host="maajim.com" />
+	<target host="www.maajim.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/maam.ru.xml b/src/chrome/content/rules/maam.ru.xml
new file mode 100644
index 000000000000..d7052474cdd5
--- /dev/null
+++ b/src/chrome/content/rules/maam.ru.xml
@@ -0,0 +1,6 @@
+<!-- \d{4}. mismatch -->
+<ruleset name="maam.ru">
+	<target host="maam.ru" />
+	<target host="www.maam.ru" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/madadsmedia.com.xml b/src/chrome/content/rules/madadsmedia.com.xml
new file mode 100644
index 000000000000..be1342029ac3
--- /dev/null
+++ b/src/chrome/content/rules/madadsmedia.com.xml
@@ -0,0 +1,43 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://madadsmedia.com/ => https://madadsmedia.com/: Too many redirects while fetching 'https://madadsmedia.com/'
+Fetch error: http://www.madadsmedia.com/ => https://www.madadsmedia.com/: Too many redirects while fetching 'https://www.madadsmedia.com/'
+
+	Problematic hosts in *madadsmedia.com:
+
+		- ads-by ᶜ
+
+	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- madadsmedia.com
+		- www.madadsmedia.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="MadAds Media.com (partial)" default_off="failed ruleset test">
+
+	<target host="madadsmedia.com" />
+	<!--target host="ads-by.madadsmedia.com" /-->
+	<target host="www.madadsmedia.com" />
+
+		<!--	Sets cookie without Secure:
+							-->
+		<!--test url="http://www.madadsmedia.com/landing/1/ref/1/" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?madadsmedia\.com$" name="^(?:PHPSESSID|referral_id)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/madbarz.com.xml b/src/chrome/content/rules/madbarz.com.xml
new file mode 100644
index 000000000000..a532f45f70d8
--- /dev/null
+++ b/src/chrome/content/rules/madbarz.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- madbarz.com
+		- www.madbarz.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Madbarz.com">
+
+	<target host="madbarz.com" />
+	<target host="www.madbarz.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?madbarz\.com$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/madgex.com.xml b/src/chrome/content/rules/madgex.com.xml
new file mode 100644
index 000000000000..88400d89a0ec
--- /dev/null
+++ b/src/chrome/content/rules/madgex.com.xml
@@ -0,0 +1,38 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://support.madgex.com/ => https://madgex.zendesk.com/: Too many redirects while fetching 'https://madgex.zendesk.com/'
+
+	Problematic hosts in *madgex.com:
+
+		- support ᵐ
+
+	ᵐ Mismatched
+
+-->
+<ruleset name="Madgex.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="madgex.com" />
+	<target host="cdn.madgex.com" />
+	<target host="de.madgex.com" />
+	<target host="site.madgex.com" />
+	<target host="us.madgex.com" />
+	<target host="www.madgex.com" />
+
+	<!--	Complications:
+				-->
+	<target host="support.madgex.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://support\.madgex\.com/"
+		to="https://madgex.zendesk.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/madinatube.com.xml b/src/chrome/content/rules/madinatube.com.xml
new file mode 100644
index 000000000000..e28490999dd4
--- /dev/null
+++ b/src/chrome/content/rules/madinatube.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="MadinaTube.com">
+
+	<target host="madinatube.com" />
+	<target host="www.madinatube.com" />
+
+<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/mag-jeunes.com.xml b/src/chrome/content/rules/mag-jeunes.com.xml
new file mode 100644
index 000000000000..64501091cf3a
--- /dev/null
+++ b/src/chrome/content/rules/mag-jeunes.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="Mag Jeunes LGBT">
+
+	<target host="mag-jeunes.com" />
+	<target host="www.mag-jeunes.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/magnum-ci.com.xml b/src/chrome/content/rules/magnum-ci.com.xml
new file mode 100644
index 000000000000..c7205d0ebf2b
--- /dev/null
+++ b/src/chrome/content/rules/magnum-ci.com.xml
@@ -0,0 +1,14 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://magnum-ci.com/ => https://magnum-ci.com/: (7, 'Failed to connect to magnum-ci.com port 443: Connection refused')
+Fetch error: http://www.magnum-ci.com/ => https://www.magnum-ci.com/: (7, 'Failed to connect to www.magnum-ci.com port 443: Connection refused')
+
+blog.magnum-ci.com mismatch
+-->
+<ruleset name="magnum-ci.com" default_off="failed ruleset test">
+	<target host="magnum-ci.com" />
+	<target host="www.magnum-ci.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/mail.yaziba.net.xml b/src/chrome/content/rules/mail.yaziba.net.xml
new file mode 100644
index 000000000000..bceb658fe535
--- /dev/null
+++ b/src/chrome/content/rules/mail.yaziba.net.xml
@@ -0,0 +1,7 @@
+<ruleset name="Yaziba webmail">
+
+       <target host="mail.yaziba.net" />
+
+       <rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/mailchimp.com-resources.xml b/src/chrome/content/rules/mailchimp.com-resources.xml
new file mode 100644
index 000000000000..9714249fc140
--- /dev/null
+++ b/src/chrome/content/rules/mailchimp.com-resources.xml
@@ -0,0 +1,39 @@
+<!--
+	For rules covering more than resources, see MailChimp.xml.
+
+	Note: platform is so as not to increase non-Tor
+	distinguishability, given that no pages are covered
+	and no mixed content secured.
+
+-->
+<ruleset name="MailChimp.com (resources)" platform="mixedcontent">
+
+	<target host="kb.mailchimp.com" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://kb\.mailchimp\.com/(?:$|(?:accounts|facebook|growth|lists|login)$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://kb\.mailchimp\.com/(?!/*(?:binarie|cs|image)s/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://kb.mailchimp.com/accounts" />
+			<test url="http://kb.mailchimp.com/facebook" />
+			<test url="http://kb.mailchimp.com/growth" />
+			<test url="http://kb.mailchimp.com/lists" />
+			<test url="http://kb.mailchimp.com/login" />
+
+			<!--	-ve:
+					-->
+			<test url="http://kb.mailchimp.com/binaries/content/assets/mailchimpkb/kbicon_start.png" />
+			<test url="http://kb.mailchimp.com/css/kb.css" />
+			<test url="http://kb.mailchimp.com/images/winking-freddie.svg" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/maist.jp.xml b/src/chrome/content/rules/maist.jp.xml
new file mode 100644
index 000000000000..e7bfe411e2ee
--- /dev/null
+++ b/src/chrome/content/rules/maist.jp.xml
@@ -0,0 +1,22 @@
+<!--
+
+	Nonfunctional domains:
+
+		- test	(times out)
+
+	Problematic subdomains:
+
+		- bn	(cert error)
+		- cdn.ad	(cert error)
+
+-->
+<ruleset name="maist.jp">
+
+	<target host="ad.maist.jp" />
+	<target host="maist.jp" />
+	<target host="www.maist.jp" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/make-trivial-rule b/src/chrome/content/rules/make-trivial-rule
index 542f1a203344..8a7d9c1a2ee8 100755
--- a/src/chrome/content/rules/make-trivial-rule
+++ b/src/chrome/content/rules/make-trivial-rule
@@ -3,8 +3,8 @@
 # THIS IS NOT A RULE, but a shell script to create simple rules for a
 # specified domain.
 #
-# create $1.xml, mapping $1 and www.$1 to https://$2 (or https://www.$1 by
-# default)
+# Create $1.xml, mapping $1 and www.$1 to https://$2 (or simply http:
+# to https: by default).
 
 if [ -z "$1" ]
 then
@@ -34,6 +34,15 @@ fi
 
 lower=$(echo "$1" | tr A-Z a-z)
 escaped=$(echo "$lower" | sed 's/\./\\./g' )
+
+duplicate=$(find . -name '*.xml' -exec grep -EHin '<target\s+host="(w+\.)?'$escaped'"\s*/>' -- {} +)
+if [ -n "$duplicate" ]
+then
+  echo "error: $lower already exists:" >&2
+  echo "$duplicate" >&2
+  exit 1
+fi
+
 if [ "$#" -gt 1 ] ; then
     to="$2"
 else
@@ -41,11 +50,27 @@ else
 fi
 
 cat > "$dest" <<END
+<!--
+Note to ruleset creator: if you are aware of any nonfunctional hosts relevant
+to this ruleset, please list them below, replacing the example.
+
+Alternatively, if you are unaware of any such hosts, please delete this comment
+in its entirety.
+
+	Nonfunctional hosts in *.$lower:
+		# Example: foobar.$lower (m)
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
 <ruleset name="$capitalized">
-  <target host="$lower" />
-  <target host="www.$lower" />
+	<target host="$lower" />
+	<target host="www.$lower" />
 
-  <rule from="^http://(www\.)?$escaped/" to="https://$to/" />
+	<rule from="^http:" to="https:" />
 </ruleset>
 END
 
diff --git a/src/chrome/content/rules/make8bitart.com.xml b/src/chrome/content/rules/make8bitart.com.xml
new file mode 100644
index 000000000000..a0573f4705ff
--- /dev/null
+++ b/src/chrome/content/rules/make8bitart.com.xml
@@ -0,0 +1,16 @@
+<!--
+	www.make8bitart.com does not exist.
+
+-->
+<ruleset name="make 8 bit art.com">
+
+	<target host="make8bitart.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/makeagif.com.xml b/src/chrome/content/rules/makeagif.com.xml
new file mode 100644
index 000000000000..96762237def7
--- /dev/null
+++ b/src/chrome/content/rules/makeagif.com.xml
@@ -0,0 +1,11 @@
+<ruleset name="Make a Gif">
+
+	<target host="makeagif.com" />
+	<target host="www.makeagif.com" />
+	<target host="bestgifs.makeagif.com" />
+	<target host="cdn.makeagif.com" />
+	<target host="i.makeagif.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/maksukaista.fi.xml b/src/chrome/content/rules/maksukaista.fi.xml
new file mode 100644
index 000000000000..64feaf56bc15
--- /dev/null
+++ b/src/chrome/content/rules/maksukaista.fi.xml
@@ -0,0 +1,7 @@
+<ruleset name="maksukaista.fi">
+	<target host="maksukaista.fi"/>
+	<target host="www.maksukaista.fi"/>
+
+	<rule from="^http:"
+		to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/maldon.gov.uk.xml b/src/chrome/content/rules/maldon.gov.uk.xml
new file mode 100644
index 000000000000..ba31f18d2703
--- /dev/null
+++ b/src/chrome/content/rules/maldon.gov.uk.xml
@@ -0,0 +1,29 @@
+<!--
+	For other UK government coverage, see GOV.UK.xml.
+
+	Non-functional hosts
+		Timeout was reached:
+		- msptclive.maldon.gov.uk
+		- recruit.maldon.gov.uk
+
+		Peer certificate cannot be authenticated with given CA certificates:
+		- maldon.gov.uk
+
+		Incomplete certificate chain error:
+		- ssl2.maldon.gov.uk
+
+		4xx client error:
+		- mdcmaps.maldon.gov.uk
+-->
+<ruleset name="Maldon.gov.uk (partial)">
+	<target host="maldon.gov.uk" />
+	<target host="www.maldon.gov.uk" />
+	<target host="democracy.maldon.gov.uk" />
+	<target host="publicaccess.maldon.gov.uk" />
+
+	<rule from="^http://maldon\.gov\.uk/"
+		  	to="https://www.maldon.gov.uk/" />
+
+	<rule from="^http:"
+		  	to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/malls.ru.xml b/src/chrome/content/rules/malls.ru.xml
new file mode 100644
index 000000000000..68a96263dd2f
--- /dev/null
+++ b/src/chrome/content/rules/malls.ru.xml
@@ -0,0 +1,5 @@
+<ruleset name="malls.ru">
+	<target host="malls.ru" />
+	<target host="www.malls.ru" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/mameworld.info.xml b/src/chrome/content/rules/mameworld.info.xml
new file mode 100644
index 000000000000..2fd2f9cc805b
--- /dev/null
+++ b/src/chrome/content/rules/mameworld.info.xml
@@ -0,0 +1,204 @@
+<!--
+	Invalid certificate:
+		emam.mameworld.info
+		guru.mameworld.info
+		pinloader.mameworld.info
+
+	Redirect to HTTP:
+		forum.mameworld.info
+		www.forum.mameworld.info
+		forums.mameworld.info
+		www.forums.mameworld.info
+		movies.mameworld.info
+		www.movies.mameworld.info
+		net.mameworld.info
+		www.net.mameworld.info
+		test.mameworld.info
+		www.test.mameworld.info
+		undumped.mameworld.info
+		www.undumped.mameworld.info
+
+	Refused:
+		ubbthreadswip.mameworld.info
+		www.ubbthreadswip.mameworld.info
+-->
+<ruleset name="mameworld.info">
+	<target host="mameworld.info" />
+	<target host="www.mameworld.info" />
+	<target host="3darcade.mameworld.info" />
+	<target host="www.3darcade.mameworld.info" />
+	<target host="agemame.mameworld.info" />
+	<target host="www.agemame.mameworld.info" />
+	<target host="ajg.mameworld.info" />
+	<target host="www.ajg.mameworld.info" />
+	<target host="andreas.mameworld.info" />
+	<target host="www.andreas.mameworld.info" />
+	<target host="arcade.mameworld.info" />
+	<target host="www.arcade.mameworld.info" />
+	<target host="arcadeenvy.mameworld.info" />
+	<target host="www.arcadeenvy.mameworld.info" />
+	<target host="arcadepc.mameworld.info" />
+	<target host="www.arcadepc.mameworld.info" />
+	<target host="arcadepic.mameworld.info" />
+	<target host="www.arcadepic.mameworld.info" />
+	<target host="ashura.mameworld.info" />
+	<target host="www.ashura.mameworld.info" />
+	<target host="benchmark.mameworld.info" />
+	<target host="www.benchmark.mameworld.info" />
+	<target host="catlist.mameworld.info" />
+	<target host="www.catlist.mameworld.info" />
+	<target host="cpanel.mameworld.info" />
+	<target host="crazy.mameworld.info" />
+	<target host="www.crazy.mameworld.info" />
+	<target host="decap.mameworld.info" />
+	<target host="www.decap.mameworld.info" />
+	<target host="derrick.mameworld.info" />
+	<target host="www.derrick.mameworld.info" />
+	<target host="discrete.mameworld.info" />
+	<target host="www.discrete.mameworld.info" />
+	<target host="dosmame.mameworld.info" />
+	<target host="www.dosmame.mameworld.info" />
+	<target host="dutchmamepage.mameworld.info" />
+	<target host="www.dutchmamepage.mameworld.info" />
+	<target host="easyemu.mameworld.info" />
+	<target host="www.easyemu.mameworld.info" />
+	<target host="easymame.mameworld.info" />
+	<target host="www.easymame.mameworld.info" />
+	<target host="easymamecab.mameworld.info" />
+	<target host="www.easymamecab.mameworld.info" />
+	<target host="easyrun.mameworld.info" />
+	<target host="www.easyrun.mameworld.info" />
+	<target host="emuloader.mameworld.info" />
+	<target host="www.emuloader.mameworld.info" />
+	<target host="filetransfer.mameworld.info" />
+	<target host="www.filetransfer.mameworld.info" />
+	<target host="gur.mameworld.info" />
+	<target host="www.gur.mameworld.info" />
+	<target host="highscore.mameworld.info" />
+	<target host="www.highscore.mameworld.info" />
+	<target host="hispamame.mameworld.info" />
+	<target host="www.hispamame.mameworld.info" />
+	<target host="hitf12.mameworld.info" />
+	<target host="www.hitf12.mameworld.info" />
+	<target host="hosting.mameworld.info" />
+	<target host="www.hosting.mameworld.info" />
+	<target host="hotrod.mameworld.info" />
+	<target host="www.hotrod.mameworld.info" />
+	<target host="icons.mameworld.info" />
+	<target host="www.icons.mameworld.info" />
+	<target host="imame.mameworld.info" />
+	<target host="www.imame.mameworld.info" />
+	<target host="indexicons.mameworld.info" />
+	<target host="www.indexicons.mameworld.info" />
+	<target host="lanzamame.mameworld.info" />
+	<target host="www.lanzamame.mameworld.info" />
+	<target host="logos.mameworld.info" />
+	<target host="www.logos.mameworld.info" />
+	<target host="loonybar.mameworld.info" />
+	<target host="www.loonybar.mameworld.info" />
+	<target host="madeinmame.mameworld.info" />
+	<target host="www.madeinmame.mameworld.info" />
+	<target host="mail.mameworld.info" />
+	<target host="mamecat32.mameworld.info" />
+	<target host="www.mamecat32.mameworld.info" />
+	<target host="mamece3.mameworld.info" />
+	<target host="www.mamece3.mameworld.info" />
+	<target host="mameclassic.mameworld.info" />
+	<target host="www.mameclassic.mameworld.info" />
+	<target host="mamedev.mameworld.info" />
+	<target host="www.mamedev.mameworld.info" />
+	<target host="mamefe.mameworld.info" />
+	<target host="www.mamefe.mameworld.info" />
+	<target host="mameinfo.mameworld.info" />
+	<target host="www.mameinfo.mameworld.info" />
+	<target host="mameload.mameworld.info" />
+	<target host="www.mameload.mameworld.info" />
+	<target host="mamemix.mameworld.info" />
+	<target host="www.mamemix.mameworld.info" />
+	<target host="mamewah.mameworld.info" />
+	<target host="www.mamewah.mameworld.info" />
+	<target host="mariuszw.mameworld.info" />
+	<target host="www.mariuszw.mameworld.info" />
+	<target host="massive.mameworld.info" />
+	<target host="www.massive.mameworld.info" />
+	<target host="maws.mameworld.info" />
+	<target host="www.maws.mameworld.info" />
+	<target host="mcm.mameworld.info" />
+	<target host="www.mcm.mameworld.info" />
+	<target host="misc.mameworld.info" />
+	<target host="www.misc.mameworld.info" />
+	<target host="misfitmame.mameworld.info" />
+	<target host="www.misfitmame.mameworld.info" />
+	<target host="money.mameworld.info" />
+	<target host="www.money.mameworld.info" />
+	<target host="mrdo.mameworld.info" />
+	<target host="www.mrdo.mameworld.info" />
+	<target host="nonmame.mameworld.info" />
+	<target host="www.nonmame.mameworld.info" />
+	<target host="ogoun.mameworld.info" />
+	<target host="www.ogoun.mameworld.info" />
+	<target host="orc.mameworld.info" />
+	<target host="www.orc.mameworld.info" />
+	<target host="pc2jamma.mameworld.info" />
+	<target host="www.pc2jamma.mameworld.info" />
+	<target host="philwip.mameworld.info" />
+	<target host="www.philwip.mameworld.info" />
+	<target host="phpbb3.mameworld.info" />
+	<target host="www.phpbb3.mameworld.info" />
+	<target host="pinmame.mameworld.info" />
+	<target host="www.pinmame.mameworld.info" />
+	<target host="progettosnaps.mameworld.info" />
+	<target host="www.progettosnaps.mameworld.info" />
+	<target host="random.mameworld.info" />
+	<target host="www.random.mameworld.info" />
+	<target host="ranger.mameworld.info" />
+	<target host="www.ranger.mameworld.info" />
+	<target host="rbelmont.mameworld.info" />
+	<target host="www.rbelmont.mameworld.info" />
+	<target host="reip.mameworld.info" />
+	<target host="www.reip.mameworld.info" />
+	<target host="retroview.mameworld.info" />
+	<target host="www.retroview.mameworld.info" />
+	<target host="robbie.mameworld.info" />
+	<target host="www.robbie.mameworld.info" />
+	<target host="samples.mameworld.info" />
+	<target host="www.samples.mameworld.info" />
+	<target host="search.mameworld.info" />
+	<target host="www.search.mameworld.info" />
+	<target host="setcleaner.mameworld.info" />
+	<target host="www.setcleaner.mameworld.info" />
+	<target host="smf.mameworld.info" />
+	<target host="www.smf.mameworld.info" />
+	<target host="smitdogg.mameworld.info" />
+	<target host="www.smitdogg.mameworld.info" />
+	<target host="teamjapump.mameworld.info" />
+	<target host="www.teamjapump.mameworld.info" />
+	<target host="temp.mameworld.info" />
+	<target host="www.temp.mameworld.info" />
+	<target host="testing.mameworld.info" />
+	<target host="www.testing.mameworld.info" />
+	<target host="tigerheli.mameworld.info" />
+	<target host="www.tigerheli.mameworld.info" />
+	<target host="tourniquet.mameworld.info" />
+	<target host="www.tourniquet.mameworld.info" />
+	<target host="transfer.mameworld.info" />
+	<target host="www.transfer.mameworld.info" />
+	<target host="turbomame.mameworld.info" />
+	<target host="www.turbomame.mameworld.info" />
+	<target host="ubbthreads.mameworld.info" />
+	<target host="www.ubbthreads.mameworld.info" />
+	<target host="ultrastyle.mameworld.info" />
+	<target host="www.ultrastyle.mameworld.info" />
+	<target host="unmamed.mameworld.info" />
+	<target host="www.unmamed.mameworld.info" />
+	<target host="vlinde.mameworld.info" />
+	<target host="www.vlinde.mameworld.info" />
+	<target host="vsynchmame.mameworld.info" />
+	<target host="www.vsynchmame.mameworld.info" />
+	<target host="webdisk.mameworld.info" />
+	<target host="webmail.mameworld.info" />
+	<target host="zmame.mameworld.info" />
+	<target host="www.zmame.mameworld.info" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/mamp.info.xml b/src/chrome/content/rules/mamp.info.xml
new file mode 100644
index 000000000000..d1ae0aeb334c
--- /dev/null
+++ b/src/chrome/content/rules/mamp.info.xml
@@ -0,0 +1,28 @@
+<!--
+	Mismatch:
+		- (www.)mamp.tv
+
+	Refused:
+		- blog-de.mamp.info
+		- blog-en.mamp.info
+-->
+<ruleset name="MAMP.info">
+	<target host="mamp.info"/>
+	<target host="www.mamp.info"/>
+	<target host="documentation.mamp.info"/>
+	<target host="downloads.mamp.info"/>
+	<target host="downloads1.mamp.info"/>
+	<target host="downloads2.mamp.info"/>
+	<target host="downloads3.mamp.info"/>
+	<target host="downloads4.mamp.info"/>
+	<target host="downloads5.mamp.info"/>
+	<target host="downloads6.mamp.info"/>
+	<target host="downloads7.mamp.info"/>
+	<target host="downloads8.mamp.info"/>
+	<target host="downloads9.mamp.info"/>
+	<target host="downloads10.mamp.info"/>
+	<target host="forum.mamp.info"/>
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/manager.mijndomeinreseller.nl.xml b/src/chrome/content/rules/manager.mijndomeinreseller.nl.xml
new file mode 100644
index 000000000000..6d56a3e8fa84
--- /dev/null
+++ b/src/chrome/content/rules/manager.mijndomeinreseller.nl.xml
@@ -0,0 +1,5 @@
+<ruleset name="manager.mijndomeinreseller.nl">
+	<target host="manager.mijndomeinreseller.nl" />
+	<rule from="^http:" to="https:" />
+	<securecookie host="^manager\.mijndomeinreseller\.nl$" name=".+" />
+</ruleset>
diff --git a/src/chrome/content/rules/manchesterdigital.com.xml b/src/chrome/content/rules/manchesterdigital.com.xml
new file mode 100644
index 000000000000..6ecdb5edbf8c
--- /dev/null
+++ b/src/chrome/content/rules/manchesterdigital.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="Manchester Digital.com">
+
+	<target host="manchesterdigital.com" />
+	<target host="www.manchesterdigital.com" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/mandiant.com.xml b/src/chrome/content/rules/mandiant.com.xml
new file mode 100644
index 000000000000..009b98670e36
--- /dev/null
+++ b/src/chrome/content/rules/mandiant.com.xml
@@ -0,0 +1,20 @@
+<!--
+	Invalid certificate:
+		images.connect.mandiant.com
+		forums.mandiant.com
+
+-->
+<ruleset name="Mandiant.com">
+
+	<target host="mandiant.com" />
+	<target host="www.mandiant.com" />
+	<target host="dl.mandiant.com" />
+	<target host="intelreport.mandiant.com" />
+	<target host="schemas.mandiant.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
+
+
+
diff --git a/src/chrome/content/rules/mandrakewine.com.xml b/src/chrome/content/rules/mandrakewine.com.xml
new file mode 100644
index 000000000000..8c44b8e5c526
--- /dev/null
+++ b/src/chrome/content/rules/mandrakewine.com.xml
@@ -0,0 +1,18 @@
+<!--
+	Invalid certificate:
+		autodiscover.mandrakewine.com
+		ftp.mandrakewine.com
+		imap.mandrakewine.com
+		pop.mandrakewine.com
+		smtp.mandrakewine.com
+
+	Refused:
+		localhost.mandrakewine.com
+-->
+<ruleset name="mandrakewine.com">
+	<target host="mandrakewine.com" />
+	<target host="www.mandrakewine.com" />
+	<target host="mail.mandrakewine.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/mangagamer.com.xml b/src/chrome/content/rules/mangagamer.com.xml
new file mode 100644
index 000000000000..f1d9b3e8ae8c
--- /dev/null
+++ b/src/chrome/content/rules/mangagamer.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="mangagamer.com">
+	<target host="mangagamer.com" />
+	<target host="www.mangagamer.com" />
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
+<!--
+	*.mangagamer.com exists as a wildcard DNS record but only mangagamer.com and www.mangagamer.com are recognized in the SSL certificate.
+	All the subdomains just point to the same page, so any other access (forums., store., et.c.) is not intended.
+-->
diff --git a/src/chrome/content/rules/manning.com.xml b/src/chrome/content/rules/manning.com.xml
new file mode 100644
index 000000000000..03b829bbd128
--- /dev/null
+++ b/src/chrome/content/rules/manning.com.xml
@@ -0,0 +1,15 @@
+<!--
+freecontent.manning.com/: (35, 'error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure')
+livebook.manning.com mismatch
+ycart.manning.com different content
+-->
+<ruleset name="manning.com (partial)">
+	<target host="manning.com" />
+	<target host="www.manning.com" />
+	<target host="account.manning.com" />
+	<target host="enews.manning.com" />
+	<target host="forums.manning.com" />
+	<target host="login.manning.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/manpagez.com.xml b/src/chrome/content/rules/manpagez.com.xml
new file mode 100644
index 000000000000..8cd78a998232
--- /dev/null
+++ b/src/chrome/content/rules/manpagez.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="manpagez">
+
+	<target host="manpagez.com" />
+	<target host="www.manpagez.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/mansfield.gov.uk.xml b/src/chrome/content/rules/mansfield.gov.uk.xml
new file mode 100644
index 000000000000..3b25c84fa690
--- /dev/null
+++ b/src/chrome/content/rules/mansfield.gov.uk.xml
@@ -0,0 +1,43 @@
+<!--
+	Mansfield District Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *mansfield.gov.uk:
+
+		- gis ᶠ
+
+	ᶠ Handshake fails
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.mansfield.gov.uk
+
+
+	Mixed content:
+
+		- css on www from $self ˢ
+		- Images on www from $self ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="Mansfield.gov.uk" platform="mixedcontent">
+
+	<target host="mansfield.gov.uk" />
+	<target host="www.mansfield.gov.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.mansfield\.gov\.uk$" name="^(?:ASP\.NET_SessionId|TextOnlyX|clientvars|mode)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/mantisbt.xml b/src/chrome/content/rules/mantisbt.xml
new file mode 100644
index 000000000000..4e1e9e2c5b9a
--- /dev/null
+++ b/src/chrome/content/rules/mantisbt.xml
@@ -0,0 +1,7 @@
+<ruleset name="MantisBT.org">
+	<target host="mantisbt.org"/>
+	<target host="www.mantisbt.org"/>
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/manything.com.xml b/src/chrome/content/rules/manything.com.xml
new file mode 100644
index 000000000000..1faab3124f6a
--- /dev/null
+++ b/src/chrome/content/rules/manything.com.xml
@@ -0,0 +1,19 @@
+<!--
+	CDN buckets:
+
+		- d13ts9gtnwf9mb.cloudfront.net
+
+-->
+<ruleset name="Manything.com">
+
+	<target host="manything.com" />
+	<target host="www.manything.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/maplecroft.com.xml b/src/chrome/content/rules/maplecroft.com.xml
new file mode 100644
index 000000000000..a78d5c592ee7
--- /dev/null
+++ b/src/chrome/content/rules/maplecroft.com.xml
@@ -0,0 +1,29 @@
+<!--
+bifrost.maplecroft.com ⁴
+calypso.maplecroft.com ¹
+human-rights-forum.maplecroft.com ²
+maps.maplecroft.com ¹
+oscar.maplecroft.com ²
+proteus.maplecroft.com ⁴
+sedex.maplecroft.com ³
+sedexmap.maplecroft.com ⁴
+tiles1.maplecroft.com ¹
+tiles2.maplecroft.com ¹
+tiles3.maplecroft.com ¹
+hercules.maplecroft.com different content
+
+
+¹ mismatch
+² refused
+³ timed out
+⁴ self signed
+-->
+<ruleset name="maplecroft.com">
+	<target host="maplecroft.com" />
+	<target host="www.maplecroft.com" />
+	<target host="nessie.maplecroft.com" />
+	<target host="ssl.maplecroft.com" />
+	<target host="tiles.maplecroft.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/marinetraffic.com.xml b/src/chrome/content/rules/marinetraffic.com.xml
new file mode 100644
index 000000000000..a4ca8ae50434
--- /dev/null
+++ b/src/chrome/content/rules/marinetraffic.com.xml
@@ -0,0 +1,49 @@
+<!--
+	Connection failed:
+		- mt8.marinetraffic.com
+
+	Invalid certificate:
+		- dev.marinetraffic.com
+		- image.email.marinetraffic.com
+		- mt31.marinetraffic.com
+
+	Not found:
+		- www.help.marinetraffic.com
+		- mob0.marinetraffic.com
+		- photos2.marinetraffic.com
+		- photos3.marinetraffic.com
+		- www.shop.marinetraffic.com
+		- www0.marinetraffic.com
+
+	Timeout:
+		- mt12.marinetraffic.com
+		- mt3.marinetraffic.com
+		- ph.marinetraffic.com
+-->
+<ruleset name="AIS Marine Traffic">
+
+	<target host="marinetraffic.com" />
+	<target host="www.marinetraffic.com" />
+	<target host="business.marinetraffic.com" />
+	<target host="cdn.marinetraffic.com" />
+	<target host="clientdata.marinetraffic.com" />
+	<target host="click.email.marinetraffic.com" />
+	<target host="view.email.marinetraffic.com" />
+	<target host="help.marinetraffic.com" />
+	<target host="jira.marinetraffic.com" />
+	<target host="mt23.marinetraffic.com" />
+	<target host="new.marinetraffic.com" />
+	<target host="photos.marinetraffic.com" />
+	<target host="services.marinetraffic.com" />
+	<target host="shop.marinetraffic.com" />
+	<target host="stage.marinetraffic.com" />
+	<target host="syros-observer.marinetraffic.com" />
+	<target host="tiles.marinetraffic.com" />
+	<target host="tiles1.marinetraffic.com" />
+	<target host="tiles2.marinetraffic.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/markbillingham.com.xml b/src/chrome/content/rules/markbillingham.com.xml
new file mode 100644
index 000000000000..21aab3b55c58
--- /dev/null
+++ b/src/chrome/content/rules/markbillingham.com.xml
@@ -0,0 +1,14 @@
+<ruleset name="Mark Billingham.com">
+
+	<target host="markbillingham.com" />
+	<target host="us.markbillingham.com" />
+	<target host="www.markbillingham.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/marketingautomation-linz.de.xml b/src/chrome/content/rules/marketingautomation-linz.de.xml
new file mode 100644
index 000000000000..6428aff42295
--- /dev/null
+++ b/src/chrome/content/rules/marketingautomation-linz.de.xml
@@ -0,0 +1,46 @@
+<!--
+	Invalid certificate:
+		com.marketingautomation-linz.de
+		de.marketingautomation-linz.de
+		info.marketingautomation-linz.de
+		ligitec.marketingautomation-linz.de
+		www.ligitec.marketingautomation-linz.de
+-->
+<ruleset name="marketingautomation-linz.de">
+	<target host="marketingautomation-linz.de" />
+	<target host="www.marketingautomation-linz.de" />
+	<target host="ckom.marketingautomation-linz.de" />
+	<target host="www.ckom.marketingautomation-linz.de" />
+	<target host="equiartes.com.marketingautomation-linz.de" />
+	<target host="www.equiartes.com.marketingautomation-linz.de" />
+	<target host="cpanel.marketingautomation-linz.de" />
+	<target host="cpcalendars.marketingautomation-linz.de" />
+	<target host="cpcontacts.marketingautomation-linz.de" />
+	<target host="ckom.de.marketingautomation-linz.de" />
+	<target host="www.ckom.de.marketingautomation-linz.de" />
+	<target host="equinias.de.marketingautomation-linz.de" />
+	<target host="www.equinias.de.marketingautomation-linz.de" />
+	<target host="herrenmuehle-bleichheim.de.marketingautomation-linz.de" />
+	<target host="www.herrenmuehle-bleichheim.de.marketingautomation-linz.de" />
+	<target host="pferdehaarschmuck.de.marketingautomation-linz.de" />
+	<target host="www.pferdehaarschmuck.de.marketingautomation-linz.de" />
+	<target host="schmuck-aus-haar.de.marketingautomation-linz.de" />
+	<target host="www.schmuck-aus-haar.de.marketingautomation-linz.de" />
+	<target host="schmuck-aus-pferdehaar.de.marketingautomation-linz.de" />
+	<target host="www.schmuck-aus-pferdehaar.de.marketingautomation-linz.de" />
+	<target host="equiartes.info.marketingautomation-linz.de" />
+	<target host="www.equiartes.info.marketingautomation-linz.de" />
+	<target host="mein-tierhaarschmuck.de.marketingautomation-linz.de" />
+	<target host="www.mein-tierhaarschmuck.de.marketingautomation-linz.de" />
+	<target host="herrenmuehle-bleichheim.marketingautomation-linz.de" />
+	<target host="www.herrenmuehle-bleichheim.marketingautomation-linz.de" />
+	<target host="mail.marketingautomation-linz.de" />
+	<target host="resinia.marketingautomation-linz.de" />
+	<target host="www.resinia.marketingautomation-linz.de" />
+	<target host="resinia-shop.marketingautomation-linz.de" />
+	<target host="www.resinia-shop.marketingautomation-linz.de" />
+	<target host="webdisk.marketingautomation-linz.de" />
+	<target host="webmail.marketingautomation-linz.de" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/marketoracle.co.uk.xml b/src/chrome/content/rules/marketoracle.co.uk.xml
new file mode 100644
index 000000000000..4efa89d8f08d
--- /dev/null
+++ b/src/chrome/content/rules/marketoracle.co.uk.xml
@@ -0,0 +1,17 @@
+<!--
+	Invalid certificate:
+		ftp.marketoracle.co.uk
+		gw.marketoracle.co.uk
+		mail.marketoracle.co.uk
+
+	Refused:
+		localhost.marketoracle.co.uk
+-->
+<ruleset name="marketoracle.co.uk">
+	<target host="marketoracle.co.uk" />
+	<target host="www.marketoracle.co.uk" />
+	<target host="lynx.marketoracle.co.uk" />
+	<target host="pixels.marketoracle.co.uk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/marksdailyapple.xml b/src/chrome/content/rules/marksdailyapple.xml
index 3226b45859be..c5fd9057fa19 100644
--- a/src/chrome/content/rules/marksdailyapple.xml
+++ b/src/chrome/content/rules/marksdailyapple.xml
@@ -1,10 +1,9 @@
-<ruleset name="Mark's Daily Apple (buggy)" default_off="Layout totally 
-breaks">
+<ruleset name="Marks Daily Apple.com">
 
-	<target host="www.marksdailyapple.com" />
 	<target host="marksdailyapple.com" />
+	<target host="www.marksdailyapple.com" />
 
-	<rule from="^http://(www\.)?marksdailyapple\.com/"
-		to="https://www.marksdailyapple.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/maryno.net.xml b/src/chrome/content/rules/maryno.net.xml
new file mode 100644
index 000000000000..c9ae5662fa1b
--- /dev/null
+++ b/src/chrome/content/rules/maryno.net.xml
@@ -0,0 +1,147 @@
+<!--
+13th.maryno.net ³
+ad.maryno.net ²
+ads.maryno.net ²
+al.maryno.net ²
+alkos.maryno.net ²
+asrv.maryno.net ³
+auto-moto.maryno.net ³
+av.maryno.net ²
+av11.maryno.net ³
+av2.maryno.net ²
+backup.maryno.net ²
+billing.maryno.net ³
+bpmtest.maryno.net ³
+bpmws.maryno.net ³
+col-netcore.maryno.net ²
+cs.maryno.net ²
+css4.maryno.net ³
+css5.maryno.net ³
+ctel.maryno.net ²
+cybercard.maryno.net ³
+cyberplat.maryno.net ⁴
+dc.maryno.net ³
+denis.maryno.net ³
+e-port.maryno.net ³
+erp1.maryno.net ³
+erp2.maryno.net ³
+fake-gw.maryno.net ³
+forum.maryno.net ²
+gallery.maryno.net ³
+games.maryno.net ²
+gazprom.maryno.net ³
+gw-utech.maryno.net ³
+helpdesk.maryno.net ⁴
+hosting.maryno.net ²
+hosting2.maryno.net ²
+hosting3.maryno.net ²
+img.maryno.net ²
+insecta.maryno.net ²
+jabber.maryno.net ³
+konkurs.maryno.net ³
+ivmp.lex.maryno.net ²
+lineage.maryno.net ³
+luks.maryno.net ²
+marketing.maryno.net ²
+meha.maryno.net ²
+mx.maryno.net ²
+newsky.maryno.net ³
+nod.maryno.net ²
+norka.maryno.net ²
+ns.maryno.net ³
+ns1.maryno.net ³
+ns2.maryno.net ²
+ns3.maryno.net ²
+osmp.maryno.net ⁴
+otrs.maryno.net ²
+oz.maryno.net ²
+pbx.maryno.net ²
+pererva.maryno.net ²
+plus.maryno.net ⁴
+podpiska.maryno.net ¹
+portal.maryno.net ³
+radio.maryno.net ³
+rapida.maryno.net ³
+rash.maryno.net ³
+rck.maryno.net ³
+relay.maryno.net ²
+rustrack.maryno.net ³
+shkola20.maryno.net ²
+speedtest.maryno.net ²
+stalker.maryno.net ²
+stat.maryno.net ⁷
+tattoo.maryno.net ²
+tel.maryno.net ²
+travian.maryno.net ²
+ts.maryno.net ³
+tv.maryno.net ²
+tvs.maryno.net ²
+uprava.maryno.net ²
+users.maryno.net ²
+test.users.maryno.net ²
+usk.maryno.net ²
+v112-igw.maryno.net ³
+v223-auth3.maryno.net ³
+v223-auth4.maryno.net ³
+v223-igw.maryno.net ³
+v223-shaper.maryno.net ⁴
+v224-core.maryno.net ³
+v224-shaper.maryno.net ³
+vaco-tmp.maryno.net ³
+vega.maryno.net ³
+vestnik.maryno.net ²
+vi.maryno.net ³
+vsekino.maryno.net ²
+ws209-124.maryno.net ³
+ws211-1.maryno.net ³
+ws211-173.maryno.net ³
+ws214-1.maryno.net ³
+ws214-108.maryno.net ³
+ws214-64.maryno.net ³
+ws215-1.maryno.net ²
+ws215-182.maryno.net ³
+ws216-1.maryno.net ³
+ws216-102.maryno.net ²
+ws216-71.maryno.net ³
+ws217-1.maryno.net ²
+ws218-1.maryno.net ³
+ws218-233.maryno.net ³
+ws219-1.maryno.net ³
+ws219-248.maryno.net ³
+ws219-3.maryno.net ³
+ws219-9.maryno.net ³
+ws220-1.maryno.net ²
+ws221-1.maryno.net ³
+ws221-117.maryno.net ³
+ws223-1.maryno.net ³
+ws223-21.maryno.net ³
+www2.maryno.net ²
+zhuraen.maryno.net ²
+ziv.maryno.net ²
+
+
+¹ mismatch
+² refused
+³ timed out
+⁴ self signed
+⁷ protocol error
+-->
+<ruleset name="maryno.net">
+	<target host="maryno.net" />
+	<target host="www.maryno.net" />
+	<target host="doc.maryno.net" />
+	<target host="g.maryno.net" />
+	<target host="gbonus.maryno.net" />
+	<target host="gmax.maryno.net" />
+	<target host="gservice.maryno.net" />
+	<target host="jet.maryno.net" />
+	<target host="lk.maryno.net" />
+	<target host="mail.maryno.net" />
+	<target host="my.maryno.net" />
+	<target host="rock.maryno.net" />
+	<target host="sd.maryno.net" />
+	<target host="servdesk.maryno.net" />
+	<target host="zabbix.maryno.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/masilla.org.xml b/src/chrome/content/rules/masilla.org.xml
new file mode 100644
index 000000000000..a4701cdba5ad
--- /dev/null
+++ b/src/chrome/content/rules/masilla.org.xml
@@ -0,0 +1,18 @@
+<!--
+masilla.org ¹
+
+
+¹ mismatch
+-->
+<ruleset name="masilla.org">
+	<target host="www.masilla.org" />
+	<target host="felpahost.masilla.org" />
+	<target host="mail.masilla.org" />
+
+	<target host="masilla.org" />
+
+	<rule from="^http://masilla\.org/"
+		to="https://www.masilla.org/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/mastercard.us.xml b/src/chrome/content/rules/mastercard.us.xml
new file mode 100644
index 000000000000..c283fec6e539
--- /dev/null
+++ b/src/chrome/content/rules/mastercard.us.xml
@@ -0,0 +1,28 @@
+<!--
+	For other MasterCard coverage, see MasterCard.xml.
+
+
+	^mastercard.us: Handshake fails
+
+-->
+<ruleset name="MasterCard.us">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.mastercard.us" />
+
+	<!--	Complications:
+				-->
+	<target host="mastercard.us" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://mastercard\.us/"
+		to="https://www.mastercard.us/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/mastername.ru.xml b/src/chrome/content/rules/mastername.ru.xml
new file mode 100644
index 000000000000..83b9edcdac28
--- /dev/null
+++ b/src/chrome/content/rules/mastername.ru.xml
@@ -0,0 +1,23 @@
+<!--
+bill.mastername.ru ³
+mh1.mastername.ru ³
+ns1.mastername.ru ²
+ns1-expired.mastername.ru ³
+ns2.mastername.ru ²
+ns2-expired.mastername.ru ³
+ns3.mastername.ru ³
+ns4.mastername.ru ³
+whois.mastername.ru ¹
+
+
+¹ mismatch
+² refused
+³ timed out
+-->
+<ruleset name="mastername.ru">
+	<target host="mastername.ru" />
+	<target host="www.mastername.ru" />
+	<target host="cp.mastername.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/masterpasswordapp.com.xml b/src/chrome/content/rules/masterpasswordapp.com.xml
new file mode 100644
index 000000000000..6051335fabad
--- /dev/null
+++ b/src/chrome/content/rules/masterpasswordapp.com.xml
@@ -0,0 +1,13 @@
+ <!--
+	Wildcard DNS record, but no wildcard cert.
+-->
+<ruleset name="masterpasswordapp.com">
+	<target host="masterpasswordapp.com" />
+	<target host="help.masterpasswordapp.com" />
+	<target host="js.masterpasswordapp.com" />
+	<target host="ssl.masterpasswordapp.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/matbea.com.xml b/src/chrome/content/rules/matbea.com.xml
new file mode 100644
index 000000000000..93d867ef9408
--- /dev/null
+++ b/src/chrome/content/rules/matbea.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="matbea.com">
+	<target host="matbea.com" />
+	<target host="www.matbea.com" />
+	<target host="m.matbea.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/matchtv.ru.xml b/src/chrome/content/rules/matchtv.ru.xml
new file mode 100644
index 000000000000..d5ab199c2a08
--- /dev/null
+++ b/src/chrome/content/rules/matchtv.ru.xml
@@ -0,0 +1,28 @@
+<!--
+admin.matchtv.ru ³
+boxing.matchtv.ru ⁷
+s.cdn.matchtv.ru ¹
+diona.matchtv.ru ³
+kia2016.matchtv.ru ⁷
+kolesa.matchtv.ru ⁷
+mail-2.matchtv.ru ³
+remote.matchtv.ru ²
+sip.matchtv.ru ³
+trenirovka.matchtv.ru ⁷
+autodiscover.matchtv.ru different content
+mail.matchtv.ru different content
+
+
+¹ mismatch
+² refused
+³ timed out
+⁷ protocol error
+-->
+<ruleset name="matchtv.ru">
+	<target host="matchtv.ru" />
+	<target host="www.matchtv.ru" />
+	<target host="rexona.matchtv.ru" />
+	<target host="s-cdn.matchtv.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/mathbabe.org.xml b/src/chrome/content/rules/mathbabe.org.xml
new file mode 100644
index 000000000000..587356a0fff4
--- /dev/null
+++ b/src/chrome/content/rules/mathbabe.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="mathbabe.org">
+	<target host="mathbabe.org" />
+	<target host="www.mathbabe.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/mathcha.io.xml b/src/chrome/content/rules/mathcha.io.xml
new file mode 100644
index 000000000000..e36e58e2a0ca
--- /dev/null
+++ b/src/chrome/content/rules/mathcha.io.xml
@@ -0,0 +1,14 @@
+<!--
+	Unable to Connect:
+		mathcha.io
+-->
+<ruleset name="mathcha.io">
+	<target host="mathcha.io" />
+	<target host="www.mathcha.io" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://mathcha\.io/" to="https://www.mathcha.io/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/matplotlib.org.xml b/src/chrome/content/rules/matplotlib.org.xml
new file mode 100644
index 000000000000..f913ca819b81
--- /dev/null
+++ b/src/chrome/content/rules/matplotlib.org.xml
@@ -0,0 +1,10 @@
+<ruleset name="Matplotlib">
+
+	<target host="matplotlib.org" />
+	<target host="www.matplotlib.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/matraxis.net.xml b/src/chrome/content/rules/matraxis.net.xml
new file mode 100644
index 000000000000..82eb5ecdd578
--- /dev/null
+++ b/src/chrome/content/rules/matraxis.net.xml
@@ -0,0 +1,28 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- stats.matraxis.net
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="matraxis.net">
+
+	<target host="stats.matraxis.net" />
+
+		<!--	Sets cookie without Secure:
+							-->
+		<!--test url="http://stats.matraxis.net/0000000000000000000000000_0000/njs.gif?dcsuri=/nojavascript&amp;WT.js=No&amp;WT.tv=&amp;WT.dl=&amp;dcssip=" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^stats\.matraxis\.net$" name="^WEBTRENDS_ID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/matricien.org.xml b/src/chrome/content/rules/matricien.org.xml
new file mode 100644
index 000000000000..d4e4ee61343f
--- /dev/null
+++ b/src/chrome/content/rules/matricien.org.xml
@@ -0,0 +1,13 @@
+<ruleset name="Matricien.org">
+
+	<target host="matricien.org" />
+	<target host="www.matricien.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/mattermark.com.xml b/src/chrome/content/rules/mattermark.com.xml
new file mode 100644
index 000000000000..90fa1d3f19f0
--- /dev/null
+++ b/src/chrome/content/rules/mattermark.com.xml
@@ -0,0 +1,39 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://support.mattermark.com/ => https://support.mattermark.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://wordpress.mattermark.com/ => https://wordpress.mattermark.com/: (51, "SSL: no alternative certificate subject name matches target host name 'wordpress.mattermark.com'")
+
+	Insecure cookies are set for these domains and hosts:
+
+		- mattermark.com
+		- .mattermark.com
+		- support.mattermark.com
+
+-->
+<ruleset name="Mattermark.com" default_off="failed ruleset test">
+
+	<target host="mattermark.com" />
+	<target host="support.mattermark.com" />
+	<target host="wordpress.mattermark.com" />
+	<target host="www.mattermark.com" />
+
+		<!--	Sets cookie without Secure:
+							-->
+		<!--test url="http://mattermark.com/app/" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^mattermark\.com$" name="^session$" /-->
+	<!--securecookie host="^\.mattermark\.com$" name="^mkt_referer$" /-->
+	<!--securecookie host="^support\.mattermark\.com$" name="^(?:_session_id|current_(?:admin|user)_language)$" /-->
+
+	<securecookie host="^\." name="^mkt_referer$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/maxthon.cn.xml b/src/chrome/content/rules/maxthon.cn.xml
new file mode 100644
index 000000000000..11b8f692e47c
--- /dev/null
+++ b/src/chrome/content/rules/maxthon.cn.xml
@@ -0,0 +1,10 @@
+<ruleset name="maxthon.cn">
+	<target host="maxthon.cn" />
+	<target host="www.maxthon.cn" />
+	<target host="dl.maxthon.cn" />
+
+	<rule from="^http://maxthon\.cn/"
+			to="https://www.maxthon.cn/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/mazesp.in.xml b/src/chrome/content/rules/mazesp.in.xml
new file mode 100644
index 000000000000..57e0d1c9d317
--- /dev/null
+++ b/src/chrome/content/rules/mazesp.in.xml
@@ -0,0 +1,7 @@
+<ruleset name="mazesp.in">
+	<target host="mazesp.in" />
+	<target host="www.mazesp.in" />
+
+	<rule from="^http://www\.mazesp\.in/" to="https://mazesp.in/" /> <!-- Invalid certificate -->
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/mbitcasino.com.xml b/src/chrome/content/rules/mbitcasino.com.xml
new file mode 100644
index 000000000000..5d2b18a247a2
--- /dev/null
+++ b/src/chrome/content/rules/mbitcasino.com.xml
@@ -0,0 +1,14 @@
+<ruleset name="mBitCasino.com">
+
+	<target host="mbitcasino.com" />
+	<target host="www.mbitcasino.com" />
+
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/mbna.co.uk.xml b/src/chrome/content/rules/mbna.co.uk.xml
new file mode 100644
index 000000000000..cab78bfa5dd0
--- /dev/null
+++ b/src/chrome/content/rules/mbna.co.uk.xml
@@ -0,0 +1,13 @@
+<ruleset name="MBNA.co.uk">
+
+	<target host="mbna.co.uk" />
+	<target host="www.mbna.co.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/mcc.gov.xml b/src/chrome/content/rules/mcc.gov.xml
new file mode 100644
index 000000000000..dfd8379a9eed
--- /dev/null
+++ b/src/chrome/content/rules/mcc.gov.xml
@@ -0,0 +1,24 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://data.mcc.gov/ => https://data.mcc.gov/: (35, 'Unknown SSL protocol error in connection to data.mcc.gov:443 ')
+
+	Millennium Challenge Corporation
+
+
+-->
+<ruleset name="MCC.gov" default_off="failed ruleset test">
+
+	<target host="mcc.gov" />
+	<target host="assets.mcc.gov" />
+	<target host="data.mcc.gov" />
+	<target host="www.mcc.gov" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/mcdonalds.de.xml b/src/chrome/content/rules/mcdonalds.de.xml
new file mode 100644
index 000000000000..612efe2fd559
--- /dev/null
+++ b/src/chrome/content/rules/mcdonalds.de.xml
@@ -0,0 +1,73 @@
+<!--
+	Invalid certificate:
+		bic.mcdonalds.de
+		ec1.mcdonalds.de
+		m.mcdonalds.de
+		www.mcb.mcdonalds.de
+		images.meinburger.mcdonalds.de
+		mobile.mcdonalds.de
+
+	Not found:
+		www.ec1.mcdonalds.de
+		fnbackend.mcdonalds.de
+		www.fnbackend.mcdonalds.de
+		media.mcdonalds.de
+		www.meinburger.mcdonalds.de
+		api.meinburger.mcdonalds.de
+		fb.meinburger.mcdonalds.de
+		mcvip.meinburger.mcdonalds.de
+		schmecktakel.mcdonalds.de
+		timme.mcdonalds.de
+		www.topdesk.mcdonalds.de
+		wmspiel.mcdonalds.de
+
+	Refused:
+		dyoc.mcdonalds.de
+		openday.mcdonalds.de
+
+	Server error:
+		www.mediathek.mcdonalds.de
+
+	Timeout:
+		admin.mcdonalds.de
+		job-stag.mcdonalds.de
+		mcd-mcvip-dev.mcdonalds.de
+		mcdrive.mcdonalds.de
+		www.mcdrive.mcdonalds.de
+		survey.mcdonalds.de
+-->
+<ruleset name="McDonald's Deutschland">
+
+	<target host="mcdonalds.de" />
+	<target host="www.mcdonalds.de" />
+	<target host="cokezero.mcdonalds.de" />
+	<target host="coupon.mcdonalds.de" />
+	<target host="familyday.mcdonalds.de" />
+	<target host="frag.mcdonalds.de" />
+	<target host="www.frag.mcdonalds.de" />
+	<target host="fussballcamps.mcdonalds.de" />
+	<target host="job.mcdonalds.de" />
+	<target host="jobs.mcdonalds.de" />
+	<target host="karriere.mcdonalds.de" />
+	<target host="www.karriere.mcdonalds.de" />
+	<target host="marketingportal.mcdonalds.de" />
+	<target host="mcb.mcdonalds.de" />
+	<target host="mcvip.mcdonalds.de" />
+	<target host="mcvip-mail.mcdonalds.de" />
+	<target host="mediathek.mcdonalds.de" />
+	<target host="meinburger.mcdonalds.de" />
+	<target host="monopoly.mcdonalds.de" />
+	<target host="myfinance.mcdonalds.de" />
+	<target host="pricing-web-portal.mcdonalds.de" />
+	<target host="qualitaet.mcdonalds.de" />
+	<target host="static.mcdonalds.de" />
+	<target host="topdesk.mcdonalds.de" />
+	<target host="training.mcdonalds.de" />
+	<target host="upload-service.mcdonalds.de" />
+	<target host="vorstand.mcdonalds.de" />
+	<target host="www.vorstand.mcdonalds.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/mcdonalds.ru.xml b/src/chrome/content/rules/mcdonalds.ru.xml
new file mode 100644
index 000000000000..2f2f39d82800
--- /dev/null
+++ b/src/chrome/content/rules/mcdonalds.ru.xml
@@ -0,0 +1,44 @@
+<!--
+apps.mcdonalds.ru ¹
+arbat.mcdonalds.ru ³
+avatar.mcdonalds.ru ²
+bigmac.mcdonalds.ru ²
+collage.mcdonalds.ru ⁴
+exchange.mcdonalds.ru ³
+familytime.mcdonalds.ru ⁴
+notes.mcdonalds.ru ³
+portalsalary.mcdonalds.ru ⁴
+private3.mcdonalds.ru ³
+steps.mcdonalds.ru ³
+
+
+¹ mismatch
+² refused
+³ timed out
+⁴ self signed
+-->
+<ruleset name="mcdonalds.ru">
+	<target host="mcdonalds.ru" />
+	<target host="www.mcdonalds.ru" />
+	<target host="25vmeste.mcdonalds.ru" />
+	<target host="ask.mcdonalds.ru" />
+	<target host="checkin.mcdonalds.ru" />
+	<target host="www.checkin.mcdonalds.ru" />
+	<target host="fishandshrimp.mcdonalds.ru" />
+	<target host="www.gourmet.mcdonalds.ru" />
+	<target host="greekmac.mcdonalds.ru" />
+	<target host="mccafetogo.mcdonalds.ru" />
+	<target host="www.mccafetogo.mcdonalds.ru" />
+	<target host="mcfamily.mcdonalds.ru" />
+	<target host="monopoly.mcdonalds.ru" />
+	<target host="www.new.mcdonalds.ru" />
+	<target host="rio.mcdonalds.ru" />
+	<target host="scholarship.mcdonalds.ru" />
+	<target host="vesnafresh.mcdonalds.ru" />
+	<target host="video.mcdonalds.ru" />
+	<target host="wifi.mcdonalds.ru" />
+	<target host="winterpark.mcdonalds.ru" />
+	<target host="zamorozleto.mcdonalds.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/mclaut.com.xml b/src/chrome/content/rules/mclaut.com.xml
new file mode 100644
index 000000000000..58db1ee44e77
--- /dev/null
+++ b/src/chrome/content/rules/mclaut.com.xml
@@ -0,0 +1,86 @@
+<!--
+165.mclaut.com ²
+166.mclaut.com ²
+169.mclaut.com ³
+170.mclaut.com ²
+171.mclaut.com ³
+172.mclaut.com ³
+173.mclaut.com ³
+174.mclaut.com ³
+176.mclaut.com ²
+astra.mclaut.com ³
+backup.mclaut.com ²
+beer.mclaut.com ²
+cpanel1.mclaut.com ³
+gw-clients.mclaut.com ²
+hosting3.mclaut.com ⁴
+hosting4.mclaut.com ⁴
+iptv.mclaut.com ³
+ispbilling.mclaut.com ³
+bill.kanev.mclaut.com ³
+nas.kanev.mclaut.com ³
+new.kanev.mclaut.com ³
+kanevlv.mclaut.com ³
+nas.kaniv.mclaut.com ³
+localdns.mclaut.com ³
+localdns3.mclaut.com ³
+lv1.mclaut.com ⁵
+lv2.mclaut.com ²
+lvradiusnode1.mclaut.com ³
+mx3.mclaut.com ⁴
+mx4.mclaut.com ⁴
+mx7.mclaut.com ⁴
+mx8.mclaut.com ³
+mx9.mclaut.com ²
+nagios.mclaut.com ²
+ns1.mclaut.com ⁴
+ns2.mclaut.com ⁴
+oldkanev.mclaut.com ³
+nas.smela.mclaut.com ³
+speedtest.mclaut.com ³
+webdav.mclaut.com ³
+nas1.zolotonosha.mclaut.com ³
+admintest.mclaut.com different content
+app.mclaut.com different content
+boxing.mclaut.com different content
+forum.mclaut.com different content
+help.mclaut.com different content
+hosting-vip.mclaut.com different content
+mx-vip.mclaut.com different content
+mx2.mclaut.com different content
+ns3.mclaut.com different content
+studmis.mclaut.com different content
+
+
+² refused
+³ timed out
+⁴ self signed
+⁵ expired
+-->
+<ruleset name="mclaut.com">
+	<target host="mclaut.com" />
+	<target host="www.mclaut.com" />
+	<target host="163.mclaut.com" />
+	<target host="164.mclaut.com" />
+	<target host="167.mclaut.com" />
+	<target host="168.mclaut.com" />
+	<target host="175.mclaut.com" />
+	<target host="bill.mclaut.com" />
+	<target host="cherkassy.mclaut.com" />
+	<target host="cherkasy.mclaut.com" />
+	<target host="hosting5.mclaut.com" />
+	<target host="hosting6.mclaut.com" />
+	<target host="hosting7.mclaut.com" />
+	<target host="kanev.mclaut.com" />
+	<target host="kaniv.mclaut.com" />
+	<target host="mail.mclaut.com" />
+	<target host="mx5.mclaut.com" />
+	<target host="mx6.mclaut.com" />
+	<target host="smela.mclaut.com" />
+	<target host="usmp.mclaut.com" />
+	<target host="z.mclaut.com" />
+	<target host="zolotonosha.mclaut.com" />
+	<target host="zven.mclaut.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/mcvuk.com.xml b/src/chrome/content/rules/mcvuk.com.xml
new file mode 100644
index 000000000000..1de8b7ae338b
--- /dev/null
+++ b/src/chrome/content/rules/mcvuk.com.xml
@@ -0,0 +1,36 @@
+<!--
+	For other NewsBay Media coverage, see Intent-Media.xml.
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.mcvuk.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Bug on www from b.scorecardresearch.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="MCV UK.com">
+
+	<target host="mcvuk.com" />
+	<target host="subs.mcvuk.com" />
+	<target host="www.mcvuk.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.mcvuk\.com$" name="Session$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/meb-biz.ru.xml b/src/chrome/content/rules/meb-biz.ru.xml
new file mode 100644
index 000000000000..8c92a602a373
--- /dev/null
+++ b/src/chrome/content/rules/meb-biz.ru.xml
@@ -0,0 +1,16 @@
+<!--
+www.meb-biz.ru ¹
+
+
+¹ mismatch
+-->
+<ruleset name="meb-biz.ru">
+	<target host="meb-biz.ru" />
+
+	<target host="www.meb-biz.ru" />
+
+	<rule from="^http://www\.meb-biz\.ru/"
+		to="https://meb-biz.ru/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/mebsd.com.xml b/src/chrome/content/rules/mebsd.com.xml
new file mode 100644
index 000000000000..f1178602ab9a
--- /dev/null
+++ b/src/chrome/content/rules/mebsd.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="mebsd.com">
+	<target host="mebsd.com" />
+	<target host="www.mebsd.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/media5.com.xml b/src/chrome/content/rules/media5.com.xml
new file mode 100644
index 000000000000..05f05074c89a
--- /dev/null
+++ b/src/chrome/content/rules/media5.com.xml
@@ -0,0 +1,14 @@
+<!--
+www.more.media5.com ²
+m5.media5.com ¹
+
+
+¹ mismatch
+² refused
+-->
+<ruleset name="media5.com">
+	<target host="media5.com" />
+	<target host="www.media5.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/mediaconnect.no.xml b/src/chrome/content/rules/mediaconnect.no.xml
new file mode 100644
index 000000000000..b9f36e0549f9
--- /dev/null
+++ b/src/chrome/content/rules/mediaconnect.no.xml
@@ -0,0 +1,18 @@
+<!--
+	Other Mediaconnect rulesets:
+
+		- connectid.no.xml
+
+-->
+<ruleset name="Mediaconnect.no">
+
+	<target host="doc.mediaconnect.no" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/mediaklik.com.xml b/src/chrome/content/rules/mediaklik.com.xml
new file mode 100644
index 000000000000..6a377d608e0d
--- /dev/null
+++ b/src/chrome/content/rules/mediaklik.com.xml
@@ -0,0 +1,24 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- api.mediaklik.com
+
+-->
+<ruleset name="mediaklik.com">
+
+	<target host="api.mediaklik.com" />
+
+		<test url="http://api.mediaklik.com/images/05f141b9-aad6-4fe1-861c-14ed63cc6a32?w=145&amp;h=145" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^api\.mediaklik\.com$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/medialaben.no.xml b/src/chrome/content/rules/medialaben.no.xml
new file mode 100644
index 000000000000..5276fa256c60
--- /dev/null
+++ b/src/chrome/content/rules/medialaben.no.xml
@@ -0,0 +1,15 @@
+<ruleset name="medialaben.no">
+
+	<target host="am.medialaben.no" />
+
+		<test url="http://am.medialaben.no/stylesheets/app.min.css" />
+
+
+	<securecookie host="^\." name="^__cfduid$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/mediamarkt.de.xml b/src/chrome/content/rules/mediamarkt.de.xml
new file mode 100644
index 000000000000..3af417ff3b90
--- /dev/null
+++ b/src/chrome/content/rules/mediamarkt.de.xml
@@ -0,0 +1,77 @@
+
+<!--
+Video-Downloadtest.mediamarkt.de ³
+abfrage.mediamarkt.de ⁷
+ankauf.mediamarkt.de ⁵
+backend-wls-sd.mediamarkt.de ³
+clubimage.mediamarkt.de ¹
+code.mediamarkt.de ⁵
+data-perf.mediamarkt.de ³
+digitalisierungsservice.mediamarkt.de ³
+digitalisierungsservicetest.mediamarkt.de ³
+download.mediamarkt.de/: (52, 'Empty reply from server')
+ebdltest.mediamarkt.de ³
+ebook-download.mediamarkt.de/: (52, 'Empty reply from server')
+www.fotoservice.mediamarkt.de ¹
+games-download.mediamarkt.de/: (52, 'Empty reply from server')
+games-download-pre.mediamarkt.de ³
+data.gewinnspiel.mediamarkt.de ¹
+gsdltest.mediamarkt.de ³
+image.mediamarkt.de ³
+intshop.mediamarkt.de ³
+link-download.mediamarkt.de ¹
+mdz-cms-preview.mediamarkt.de ³
+musik-download.mediamarkt.de/: (52, 'Empty reply from server')
+musik-downloadtest.mediamarkt.de ⁴
+news-de.mediamarkt.de ¹
+outlet.mediamarkt.de ²
+prelive-download.mediamarkt.de ³
+relaunch.mediamarkt.de ³
+service-club.mediamarkt.de ¹
+produkte.shop.mediamarkt.de ³
+shop51.mediamarkt.de ³
+shop52.mediamarkt.de ³
+socialmedia.mediamarkt.de ³
+software-download.mediamarkt.de/: (52, 'Empty reply from server')
+stagenew.mediamarkt.de ³
+swdltest.mediamarkt.de ³
+tarife.mediamarkt.de ⁶
+tracking.mediamarkt.de/: (incomplete cert chain)
+hb.tracking.mediamarkt.de ⁴
+video-download.mediamarkt.de/: (52, 'Empty reply from server')
+gewinnspiel.mediamarkt.de mixed content
+hotlist.mediamarkt.de mixed content
+
+
+¹ mismatch
+² refused
+³ timed out
+⁴ self signed
+⁵ expired
+⁶ redirect
+⁷ protocol error
+-->
+<ruleset name="mediamarkt.de">
+	<target host="mediamarkt.de" />
+	<target host="www.mediamarkt.de" />
+	<target host="aktionen.mediamarkt.de" />
+	<target host="atg.mediamarkt.de" />
+	<target host="chat.mediamarkt.de" />
+	<target host="community.mediamarkt.de" />
+	<target host="community-stage.mediamarkt.de" />
+	<target host="data.mediamarkt.de" />
+	<target host="faq.mediamarkt.de" />
+	<target host="fotoservice.mediamarkt.de" />
+	<target host="gws.mediamarkt.de" />
+	<target host="kochshow.mediamarkt.de" />
+	<target host="lithium.mediamarkt.de" />
+	<target host="m.mediamarkt.de" />
+	<target host="mmcommunity.mediamarkt.de" />
+	<target host="stage.mmcommunity.mediamarkt.de" />
+	<target host="perf.mediamarkt.de" />
+	<target host="rudi.mediamarkt.de" />
+	<target host="stage.mediamarkt.de" />
+	<target host="video-verleih.mediamarkt.de" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/mediametrics.ru.xml b/src/chrome/content/rules/mediametrics.ru.xml
new file mode 100644
index 000000000000..902799ee5049
--- /dev/null
+++ b/src/chrome/content/rules/mediametrics.ru.xml
@@ -0,0 +1,32 @@
+<!--
+Invalid certificate:
+	www.mediametrics.ru
+	beta.mediametrics.ru
+	full.mediametrics.ru
+	live.mediametrics.ru
+	m.mediametrics.ru
+	m2.mediametrics.ru
+	new.mediametrics.ru
+	old.mediametrics.ru
+	partner.mediametrics.ru
+	pro.mediametrics.ru
+	radio.mediametrics.ru
+	test.radio.mediametrics.ru
+	tv.mediametrics.ru
+
+Refused:
+	test.mediametrics.ru
+
+Timeout:
+    mail.mediametrics.ru
+-->
+<ruleset name="mediametrics.ru">
+	<target host="mediametrics.ru" />
+	<target host="www.mediametrics.ru" />
+	<target host="pro.mediametrics.ru" />
+	<target host="old.mediametrics.ru" />
+	<target host="vk.mediametrics.ru" />
+
+	<rule from="^http://(pro|old|www)\.mediametrics\.ru/" to="https://mediametrics.ru/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/mediaroots.org.xml b/src/chrome/content/rules/mediaroots.org.xml
new file mode 100644
index 000000000000..0f677c4b8f26
--- /dev/null
+++ b/src/chrome/content/rules/mediaroots.org.xml
@@ -0,0 +1,25 @@
+<!--
+	Mixed content:
+
+		- Images, from:
+
+			- $self ˢ
+			- img.youtube.com ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="MediaRoots.org">
+
+	<target host="mediaroots.org" />
+	<target host="www.mediaroots.org" />
+
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/medicaid.gov.xml b/src/chrome/content/rules/medicaid.gov.xml
new file mode 100644
index 000000000000..64b90c32ca1c
--- /dev/null
+++ b/src/chrome/content/rules/medicaid.gov.xml
@@ -0,0 +1,59 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://questions.medicaid.gov/ (200) => https://questions.medicaid.gov/ (403)
+
+
+
+	Nonfunctional hosts in *medicaid.gov:
+
+		- www1b ᶠ
+
+	ᶠ Handshake fails
+
+
+	Problematic hosts in *medicaid.gov:
+
+		- (www.)? ᵀ
+		- qa ᵀ
+
+	ᵀ Blocks Tor users
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- public.medicaid.gov
+		- questions.medicaid.gov
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- public from assets.cms.gov
+			- public from ^medicaid.gov
+
+-->
+<ruleset name="Medicaid.gov (partial)" default_off="failed ruleset test">
+
+	<!--target host="medicaid.gov" />	needs clearnet testing -->
+	<target host="public.medicaid.gov" />
+	<!--target host="qa.medicaid.gov" />	needs clearnet testing -->
+	<target host="questions.medicaid.gov" />
+	<!--target host="www.medicaid.gov" />	needs clearnet testing -->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^public.medicaid.gov$" name="^(?:BIGipServer|JSESSIONID$|SPIDERLOGON$)" /-->
+	<!--securecookie host="^questions.medicaid.gov$" name="^(?:PHPSESSID|THE_GOVT)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/medicare.gov.xml b/src/chrome/content/rules/medicare.gov.xml
new file mode 100644
index 000000000000..42d77e9ca4c1
--- /dev/null
+++ b/src/chrome/content/rules/medicare.gov.xml
@@ -0,0 +1,71 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://medicare.gov/ (200) => https://medicare.gov/ (403)
+Non-2xx HTTP code: http://my.medicare.gov/ (200) => https://my.medicare.gov/ (403)
+Fetch error: http://qa.medicare.gov/ => https://qa.medicare.gov/: (6, 'Could not resolve host: qa.medicare.gov')
+Fetch error: http://assets.qa.medicare.gov/ => https://assets.qa.medicare.gov/: (6, 'Could not resolve host: assets.qa.medicare.gov')
+Non-2xx HTTP code: http://questions.medicare.gov/ (200) => https://questions.medicare.gov/ (403)
+Fetch error: http://www1c.medicare.gov/ => https://www1c.medicare.gov/: (6, 'Could not resolve host: www1c.medicare.gov')
+Fetch error: http://www4c.medicare.gov/ => https://www4c.medicare.gov/: (6, 'Could not resolve host: www4c.medicare.gov')
+
+
+
+	Problematic hosts in *medicare.gov:
+
+		- blog ᵐ
+
+	ᵐ Mismatched
+
+
+	These altnames don't exist:
+
+		- csr.medicare.gov
+		- www.es.mymedicare.gov
+
+
+	Insecure cookies are set for these hosts:
+
+		- medicare.gov
+		- enrollmentcenter.medicare.gov
+		- es.medicare.gov
+		- questions.medicare.gov
+		- www.medicare.gov
+
+
+	Mixed content:
+
+		- favicon on data from www.medicare.gov ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="Medicare.gov (partial)" default_off="failed ruleset test">
+
+	<target host="medicare.gov" />
+	<target host="enrollmentcenter.medicare.gov" />
+	<target host="es.medicare.gov" />
+	<target host="my.medicare.gov" />
+	<target host="plancompare.medicare.gov" />
+	<target host="qa.medicare.gov" />
+	<target host="assets.qa.medicare.gov" />
+	<target host="questions.medicare.gov" />
+	<target host="www.medicare.gov" />
+	<target host="www1c.medicare.gov" />
+	<target host="www4c.medicare.gov" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:es\.|www\.)?medicare\.gov$" name="^akavpau_\w+$" /-->
+	<!--securecookie host="^enrollmentcenter\.medicare\.gov$" name="^(?:\.ASPXAUTH|ASP\.NET_SessionId|MEMBER_INFO|MEMBER_KEY|akavpau_\w+)$" /-->
+	<!--securecookie host="^questions\.medicare\.gov$" name="^(?:PHPSESSID|THE_GOVT)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+	<securecookie host="^\." name="^_gat?$" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/medikforum.ru.xml b/src/chrome/content/rules/medikforum.ru.xml
new file mode 100644
index 000000000000..079c47eb36f4
--- /dev/null
+++ b/src/chrome/content/rules/medikforum.ru.xml
@@ -0,0 +1,6 @@
+<ruleset name="medikforum.ru" platform="mixedcontent">
+	<target host="medikforum.ru" />
+	<target host="www.medikforum.ru" />
+	<target host="tizer.medikforum.ru" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/medikom.ru.xml b/src/chrome/content/rules/medikom.ru.xml
new file mode 100644
index 000000000000..5de8850ee7b1
--- /dev/null
+++ b/src/chrome/content/rules/medikom.ru.xml
@@ -0,0 +1,7 @@
+<ruleset name="medikom.ru">
+	<target host="medikom.ru" />
+	<target host="www.medikom.ru" />
+	<target host="shop.medikom.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/meetmecdna.com.xml b/src/chrome/content/rules/meetmecdna.com.xml
new file mode 100644
index 000000000000..049fa92c1eba
--- /dev/null
+++ b/src/chrome/content/rules/meetmecdna.com.xml
@@ -0,0 +1,18 @@
+<!--
+	For other MeetMe coverage, see MeetMe.xml.
+
+-->
+<ruleset name="MeetMeCDNa.com">
+
+	<target host="assets.meetmecdna.com" />
+
+		<test url="http://assets.meetmecdna.com/images/lang_select_point.png" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/megaadventure.com.au.xml b/src/chrome/content/rules/megaadventure.com.au.xml
new file mode 100644
index 000000000000..aacd62574223
--- /dev/null
+++ b/src/chrome/content/rules/megaadventure.com.au.xml
@@ -0,0 +1,19 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://tickets.megaadventure.com.au/ => https://tickets.megaadventure.com.au/: (6, 'Could not resolve host: tickets.megaadventure.com.au')
+
+	CDN bucket:
+		- d19cc29qsd5ddg.cloudfront.net
+
+	Non-functional subdomain:
+		- (www)		(unknown protocol)
+-->
+<ruleset name="MegaAdventure.com.au (partial)" default_off="failed ruleset test">
+	<target host="tickets.megaadventure.com.au" />
+
+	<securecookie host="tickets\.megaadventure\.com\.au$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/megamozg.ru.xml b/src/chrome/content/rules/megamozg.ru.xml
new file mode 100644
index 000000000000..966fd01f65ff
--- /dev/null
+++ b/src/chrome/content/rules/megamozg.ru.xml
@@ -0,0 +1,33 @@
+<!--
+	For other TM coverage, see TMtm.ru.xml.
+
+
+	Insecure cookies are set for these hosts:
+
+		- special.megamozg.ru
+
+-->
+<ruleset name="Megamozg.ru (partial)">
+
+	<target host="megamozg.ru" />
+	<!--target host="api.megamozg.ru" />	403 vs 503 - needs tests -->
+	<target host="m.megamozg.ru" />
+	<target host="special.megamozg.ru" />
+	<target host="www.megamozg.ru" />
+
+		<!--	Sets cookie without Secure:
+							-->
+		<!--test url="http://special.megamozg.ru/captcha/" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^special\.megamozg\.ru$" name="^captcha$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/megaphone.fm.xml b/src/chrome/content/rules/megaphone.fm.xml
new file mode 100644
index 000000000000..69d9f7198381
--- /dev/null
+++ b/src/chrome/content/rules/megaphone.fm.xml
@@ -0,0 +1,41 @@
+<!--
+	www.megaphone.fm: Dropped
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- megaphone.fm
+		- cms.megaphone.fm
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Megaphone.fm">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="megaphone.fm" />
+	<target host="cms.megaphone.fm" />
+	<target host="dcs.megaphone.fm" />
+	<target host="player.megaphone.fm" />
+	<target host="traffic.megaphone.fm" />
+
+	<!--	Complications:
+				-->
+	<target host="www.megaphone.fm" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:cms\.)?megaphone\.fm$" name="^_session_id$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://www\.megaphone\.fm/"
+		to="https://megaphone.fm/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/megatel.ru.xml b/src/chrome/content/rules/megatel.ru.xml
new file mode 100644
index 000000000000..6cf2990e9189
--- /dev/null
+++ b/src/chrome/content/rules/megatel.ru.xml
@@ -0,0 +1,12 @@
+<!--
+mail.megatel.ru ⁷
+
+
+⁷ protocol error
+-->
+<ruleset name="megatel.ru">
+	<target host="megatel.ru" />
+	<target host="www.megatel.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/meldmerge.org.xml b/src/chrome/content/rules/meldmerge.org.xml
new file mode 100644
index 000000000000..1968e22e2eb6
--- /dev/null
+++ b/src/chrome/content/rules/meldmerge.org.xml
@@ -0,0 +1,7 @@
+<ruleset name="meldmerge.org">
+  <target host="meldmerge.org" />
+  <target host="www.meldmerge.org" />
+
+  <rule from="^http://www\.meldmerge\.org/" to="https://meldmerge.org/" />
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/member-hsbc-group.com.xml b/src/chrome/content/rules/member-hsbc-group.com.xml
new file mode 100644
index 000000000000..451680311434
--- /dev/null
+++ b/src/chrome/content/rules/member-hsbc-group.com.xml
@@ -0,0 +1,27 @@
+<!--
+	For other HSBC Holdings coverage, see HSBC.xml.
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www1.member-hsbc-group.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="member-HSBC-group.com">
+
+	<target host="www1.member-hsbc-group.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www1\.member-hsbc-group\.com$" name="^ACOOKIE$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/membersaccounts.com.xml b/src/chrome/content/rules/membersaccounts.com.xml
new file mode 100644
index 000000000000..5c9683f5b4b4
--- /dev/null
+++ b/src/chrome/content/rules/membersaccounts.com.xml
@@ -0,0 +1,54 @@
+<!--
+	^membersaccounts.com: Dropped
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- secure.membersaccounts.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="membersaccounts.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="secure.membersaccounts.com" />
+
+	<!--	Complications:
+				-->
+	<target host="membersaccounts.com" />
+
+		<!--	/*\w$ 404s:
+					-->
+		<exclusion pattern="^http://membersaccounts\.com/(?!/*(?:$|\?))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://membersaccounts.com/default.aspx" />
+			<test url="http://membersaccounts.com/favicon.ico" />
+			<test url="http://membersaccounts.com/index.htm" />
+			<test url="http://membersaccounts.com/index.html" />
+			<test url="http://membersaccounts.com/index.php" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^secure\.membersaccounts\.com$" name="^(?:APSLanguage|ASP\.NET_SessionId)$" /-->
+	<!--securecookie host="^\.secure\.membersaccounts\.com$" name="^UserAccountID$" /-->
+
+	<securecookie host="^[^.m]" name=".+" />
+	<securecookie host="^\.secure\." name=".+" />
+
+
+	<!--	Redirect drops args and forward slash:
+							-->
+	<rule from="^http://membersaccounts\.com/.*"
+		to="https://secure.membersaccounts.com/selfservice/ActivateMyCard.aspx" />
+
+		<test url="http://membersaccounts.com/?" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/mentalhealth.org.uk.xml b/src/chrome/content/rules/mentalhealth.org.uk.xml
new file mode 100644
index 000000000000..b4347115e439
--- /dev/null
+++ b/src/chrome/content/rules/mentalhealth.org.uk.xml
@@ -0,0 +1,13 @@
+<ruleset name="Mental Health.org.uk">
+
+	<target host="mentalhealth.org.uk" />
+	<target host="www.mentalhealth.org.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/mentalhealthamerica.net.xml b/src/chrome/content/rules/mentalhealthamerica.net.xml
new file mode 100644
index 000000000000..be5b01b1f3a0
--- /dev/null
+++ b/src/chrome/content/rules/mentalhealthamerica.net.xml
@@ -0,0 +1,14 @@
+<!--
+
+	Problematic hosts in *mentalhealthamerica.net:
+
+		- careers (refused)
+		- takeaction (mismatched)
+
+-->
+<ruleset name="mentalhealthamerica.net" platform="mixedcontent">
+	<target host="mentalhealthamerica.net" />
+	<target host="www.mentalhealthamerica.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/mentalhelp.net.xml b/src/chrome/content/rules/mentalhelp.net.xml
new file mode 100644
index 000000000000..d1f9af6c3e87
--- /dev/null
+++ b/src/chrome/content/rules/mentalhelp.net.xml
@@ -0,0 +1,50 @@
+<!--
+	Problematic hosts in *mentalhelp.net:
+
+		- metapsychology ᵐ
+
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- metapsychology.mentalhelp.net
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- metapsychology from images.amazon.com
+			- metapsychology from ecx.images-amazon.com
+
+		- Bugs, on:
+
+			- metapsychology from rcm-na.amazon-adsystem.com ˢ
+			- metapsychology from www.assoc-amazon.com ˢ
+			- metapsychology from badge.facebook.com ˢ
+			- metapsychology from www.feedburner.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="MentalHelp.net (partial)">
+
+	<target host="mentalhelp.net" />
+	<target host="www.mentalhelp.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^metapsychology\.mentalhelp\.net$" name="^PHPSESSID$" /-->
+
+	<securecookie host=".+" name="^optimizely" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/menulog.com.au.xml b/src/chrome/content/rules/menulog.com.au.xml
new file mode 100644
index 000000000000..5f50299ad6fb
--- /dev/null
+++ b/src/chrome/content/rules/menulog.com.au.xml
@@ -0,0 +1,30 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://menulog.com.au/ => https://menulog.com.au/: (51, "SSL: no alternative certificate subject name matches target host name 'menulog.com.au'")
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .menulog.com.au
+		- www.menulog.com.au
+
+-->
+<ruleset name="Menulog.com.au" default_off="failed ruleset test">
+
+	<target host="menulog.com.au" />
+	<target host="www.menulog.com.au" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.menulog\.com\.au$" name="^(?:__qca|incap_ses_\d+_\d+|visid_incap_\d+)$" /-->
+	<!--securecookie host="^www\.menulog\.com\.au$" name="^(?:___utm[abm]\w+|PHPSESSID)$" /-->
+
+	<securecookie host="^\." name="^(?:__qca$|incap_|visid_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/meraferesources.co.za.xml b/src/chrome/content/rules/meraferesources.co.za.xml
new file mode 100644
index 000000000000..772110b123f8
--- /dev/null
+++ b/src/chrome/content/rules/meraferesources.co.za.xml
@@ -0,0 +1,24 @@
+<!--
+	Invalid certificate:
+		control.meraferesources.co.za
+		ftp.meraferesources.co.za
+		imap.meraferesources.co.za
+		lyncdiscover.meraferesources.co.za
+		mail.meraferesources.co.za
+		pop.meraferesources.co.za
+		relay.meraferesources.co.za
+		remote.meraferesources.co.za
+		smtp.meraferesources.co.za
+
+	Refused:
+		autodiscover.meraferesources.co.za
+-->
+<ruleset name="meraferesources.co.za" platform="mixedcontent">
+	<target host="meraferesources.co.za" />
+	<target host="www.meraferesources.co.za" />
+	<target host="cpanel.meraferesources.co.za" />
+	<target host="webdisk.meraferesources.co.za" />
+	<target host="webmail.meraferesources.co.za" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/mercola.xml b/src/chrome/content/rules/mercola.xml
index 2ebb3f823ec1..c3c8d18a015a 100644
--- a/src/chrome/content/rules/mercola.xml
+++ b/src/chrome/content/rules/mercola.xml
@@ -1,7 +1,8 @@
 <ruleset name="Mercola">
 	<target host="mercola.com" />
+	<target host="www.mercola.com" />
 	<target host="products.mercola.com" />
 
-	<rule from="^http://(www\.)?mercola\.com/" to="https://www.mercola.com/"/>
+	<rule from="^http://(?:www\.)?mercola\.com/" to="https://www.mercola.com/"/>
 	<rule from="^http://products\.mercola\.com/" to="https://products.mercola.com/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/mercycorps.org.xml b/src/chrome/content/rules/mercycorps.org.xml
new file mode 100644
index 000000000000..b415238102c3
--- /dev/null
+++ b/src/chrome/content/rules/mercycorps.org.xml
@@ -0,0 +1,21 @@
+<ruleset name="Mercy Corps.org (partial)">
+
+	<target host="mercycorps.org" />
+	<target host="www.mercycorps.org" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://gifts\.mercycorps\.org/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="^http://gifts\.mercycorps\.org/(?!/*sites/)" /-->
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/merkleinc.com.xml b/src/chrome/content/rules/merkleinc.com.xml
new file mode 100644
index 000000000000..da97bd3e7bee
--- /dev/null
+++ b/src/chrome/content/rules/merkleinc.com.xml
@@ -0,0 +1,60 @@
+<!--
+	Other Merkle rulesets:
+
+		- Brilig.xml
+
+
+	Problematic hosts in *merkleinc.com:
+
+		- m ᵐ
+		- www2 ᵐ
+
+	ᵐ Mismatched
+
+-->
+<ruleset name="Merkle Inc.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="merkleinc.com" />
+	<target host="consumerprivacy.merkleinc.com" />
+	<target host="exstonet.merkleinc.com" />
+	<target host="www.merkleinc.com" />
+
+	<!--	Complications:
+				-->
+	<target host="www2.merkleinc.com" />
+
+		<exclusion pattern="^http://www2\.merkleinc\.com/(?!/*(?:$|\?|[els]/|emailPreference/|unsubscribe/|webmail/))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www2.merkleinc.com/Q3-DMR-2014.html" />
+			<test url="http://www2.merkleinc.com/contact.html" />
+			<test url="http://www2.merkleinc.com/default.aspx" />
+			<test url="http://www2.merkleinc.com/favicon.ico" />
+			<test url="http://www2.merkleinc.com/home.htm" />
+			<test url="http://www2.merkleinc.com/home.html" />
+			<test url="http://www2.merkleinc.com/home.php" />
+			<test url="http://www2.merkleinc.com/index.htm" />
+			<test url="http://www2.merkleinc.com/index.html" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^consumerprivacy\.merkleinc\.com$" name="^(?:__RequestVerificationToken|ASP\.NET_SessionId)$" /-->
+	<!--securecookie host="^exstonet\.merkleinc\.com$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^\." name="^_ga" />
+	<securecookie host="^(?!www2\.)\w" name=".+" />
+
+
+	<rule from="^http://www2\.merkleinc\.com/"
+		to="https://pi.pardot.com/" />
+
+		<test url="http://www2.merkleinc.com/l/47252/2015-06-04/dnfck/47252/53974/twit_icon_a.gif" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/met.no.xml b/src/chrome/content/rules/met.no.xml
new file mode 100644
index 000000000000..ba85a0104ba0
--- /dev/null
+++ b/src/chrome/content/rules/met.no.xml
@@ -0,0 +1,16 @@
+<!--
+	Norwegian Meteorological Institute
+
+-->
+<ruleset name="MET.no">
+
+	<target host="api.met.no" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/met.police.uk.xml b/src/chrome/content/rules/met.police.uk.xml
new file mode 100644
index 000000000000..738bfb436b5c
--- /dev/null
+++ b/src/chrome/content/rules/met.police.uk.xml
@@ -0,0 +1,59 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://secure.met.police.uk/hatecrime_national/index.php => https://secure.met.police.uk/hatecrime_national/index.php: (35, 'Unknown SSL protocol error in connection to secure.met.police.uk:443 ')
+Fetch error: http://secure.met.police.uk/ => https://secure.met.police.uk/: (35, 'Unknown SSL protocol error in connection to secure.met.police.uk:443 ')
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *met.police.uk:
+
+		- content ᵈ
+		- media ᵈ
+		- maps ᵈ
+		- safe ᵈ
+		- www ᵈ
+
+	ᵈ Dropped
+
+
+	Problematic hosts in *met.police.uk:
+
+		- news ᵐ
+
+	ᵐ Mismatched
+
+
+	^met.police.uk does not exist.
+
+
+	Insecure cookies are set for these domains: ᶜ
+
+		- .police.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Met.Police.uk (partial)" default_off="failed ruleset test">
+
+	<target host="online.met.police.uk" />
+	<target host="secure.met.police.uk" />
+
+		<!--	$ redirects to another domain, so:
+								-->
+		<test url="http://secure.met.police.uk/hatecrime_national/index.php" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.police\.uk$" name="^(?:_mynewsdesk_session|origin_site|picked_site)$" /-->
+
+	<securecookie host="^\." name="_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/metafaq.com.xml b/src/chrome/content/rules/metafaq.com.xml
new file mode 100644
index 000000000000..e182173655ae
--- /dev/null
+++ b/src/chrome/content/rules/metafaq.com.xml
@@ -0,0 +1,40 @@
+<!--
+	For other Transversal coverage, see Transversal.com.xml.
+
+
+	Insecure cookies are set for these hosts:
+
+		- tpr.metafaq.com
+
+
+	Mixed content:
+
+		- Bug on tpr from logw309.ati-host.net ʳ
+
+	ʳ Unsecurable <= refused
+
+-->
+<ruleset name="MetaFAQ.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="metafaq.com" />
+	<target host="www.metafaq.com" />
+
+	<!--	(account vhosts:)
+				-->
+	<target host="iplayer.metafaq.com" />
+	<target host="tpr.metafaq.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^tpr\.metafaq\.com$" name="^(?:identitytoken|vsid)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/meteopool.org.xml b/src/chrome/content/rules/meteopool.org.xml
new file mode 100644
index 000000000000..b6c0e402bc14
--- /dev/null
+++ b/src/chrome/content/rules/meteopool.org.xml
@@ -0,0 +1,9 @@
+<ruleset name="Meteopool.org">
+
+	<target host="meteopool.org" />
+	<target host="www.meteopool.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/metro-set.ru.xml b/src/chrome/content/rules/metro-set.ru.xml
new file mode 100644
index 000000000000..76d5a0f7d2ac
--- /dev/null
+++ b/src/chrome/content/rules/metro-set.ru.xml
@@ -0,0 +1,62 @@
+<!--
+drweb.metro-set.ru ²
+dtx.metro-set.ru ⁴
+login.metro-set.ru ²
+mx.metro-set.ru ³
+ns1.metro-set.ru ²
+ns2.metro-set.ru ²
+ns3.metro-set.ru ²
+nu.metro-set.ru ³
+gw.nu.metro-set.ru ³
+clips-001-cab2.nv.metro-set.ru ³
+clips-002-cab2.nv.metro-set.ru ³
+g1-s1-cab1.nv.metro-set.ru ²
+g3-28-cab1.nv.metro-set.ru ²
+lo-sw1-cab1.nv.metro-set.ru ³
+vlan13-rb-cab2.nv.metro-set.ru ³
+vlan13-sw1-cab1.nv.metro-set.ru ²
+vlan14-rb-cab2.nv.metro-set.ru ³
+vlan14-sw1-cab1.nv.metro-set.ru ³
+pns.metro-set.ru ³
+sg.metro-set.ru ³
+clips-fail.sg.metro-set.ru ³
+git.sg.metro-set.ru ³
+gw-guestnet.sg.metro-set.ru ³
+gw-nat.sg.metro-set.ru ³
+gw-se.sg.metro-set.ru ³
+gw-surgut.sg.metro-set.ru ²
+login1.sg.metro-set.ru ³
+login2.sg.metro-set.ru ³
+mx.sg.metro-set.ru ³
+ns1.sg.metro-set.ru ³
+ns2.sg.metro-set.ru ³
+speedtest.sg.metro-set.ru ³
+userdns.sg.metro-set.ru ³
+tech.metro-set.ru ³
+tm.metro-set.ru ³
+gw.tm.metro-set.ru ³
+gw-ektix.tm.metro-set.ru ²
+gw-mskix.tm.metro-set.ru ³
+mx.tm.metro-set.ru ²
+ts.metro-set.ru ²
+cabinet.metro-set.ru different content
+cabinet-old.metro-set.ru different content
+redirect.metro-set.ru different content
+
+
+² refused
+³ timed out
+⁴ self signed
+-->
+<ruleset name="metro-set.ru">
+	<target host="metro-set.ru" />
+	<target host="www.metro-set.ru" />
+	<target host="cabinet-news.metro-set.ru" />
+	<target host="dp.metro-set.ru" />
+	<target host="eurosport.metro-set.ru" />
+	<target host="old.metro-set.ru" />
+	<target host="pay.metro-set.ru" />
+	<target host="surgut.metro-set.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/mfcimg.com.xml b/src/chrome/content/rules/mfcimg.com.xml
new file mode 100644
index 000000000000..9b474778e5c2
--- /dev/null
+++ b/src/chrome/content/rules/mfcimg.com.xml
@@ -0,0 +1,42 @@
+<!--
+	For other MyFreeCams.com coverage, see myfreecams.com.xml.
+
+-->
+<ruleset name="MFCimg.com">
+
+	<target host="a.mfcimg.com" />
+	<target host="b.mfcimg.com" />
+	<target host="c.mfcimg.com" />
+	<target host="d.mfcimg.com" />
+	<target host="e.mfcimg.com" />
+	<target host="f.mfcimg.com" />
+	<target host="g.mfcimg.com" />
+	<target host="h.mfcimg.com" />
+	<target host="i.mfcimg.com" />
+	<target host="img.mfcimg.com" />
+	<target host="j.mfcimg.com" />
+	<target host="k.mfcimg.com" />
+	<target host="l.mfcimg.com" />
+
+		<test url="http://a.mfcimg.com/photos2/145/14571089/avatar.90x90.jpg" /><!--	1781 -->
+		<test url="http://b.mfcimg.com/photos2/179/17907341/avatar.90x90.jpg" /><!--	1466 -->
+		<test url="http://c.mfcimg.com/photos2/532/5327273/avatar.90x90.jpg" /><!--	1931 -->
+		<test url="http://d.mfcimg.com/photos2/327/3278175/avatar.90x90.jpg" /><!--	1427 -->
+		<test url="http://e.mfcimg.com/photos2/208/20853501/avatar.90x90.jpg" /><!--	1615 -->
+		<test url="http://f.mfcimg.com/photos2/367/3672619/avatar.90x90.jpg" /><!--	1436 -->
+		<test url="http://g.mfcimg.com/photos2/173/17381123/avatar.90x90.jpg" /><!--	1690 -->
+		<test url="http://h.mfcimg.com/photos2/205/20541858/avatar.90x90.jpg" /><!--	1309 -->
+		<test url="http://i.mfcimg.com/photos2/190/19055773/avatar.90x90.jpg" /><!--	1286 -->
+		<test url="http://img.mfcimg.com/mfc2/styles/mfc/images/misc/clear.gif" /><!--	49 -->
+		<test url="http://j.mfcimg.com/photos2/224/22468996/avatar.90x90.jpg" /><!--	1750 -->
+		<test url="http://k.mfcimg.com/photos2/223/22344958/avatar.90x90.jpg" /><!--	1605 -->
+		<test url="http://l.mfcimg.com/photos2/224/22428467/avatar.90x90.jpg" /><!--	1826 -->
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/mgmmirage.com.xml b/src/chrome/content/rules/mgmmirage.com.xml
new file mode 100644
index 000000000000..d919c701995d
--- /dev/null
+++ b/src/chrome/content/rules/mgmmirage.com.xml
@@ -0,0 +1,29 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://reservations.mgmmirage.com/ (200) => https://reservations.mgmmirage.com/ (403)
+
+	Insecure cookies are set for these domains: ᶜ
+
+		- .mgmmirage.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="mgmmirage.com" default_off="failed ruleset test">
+
+	<target host="reservations.mgmmirage.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.mgmmirage\.com$" name="^TLT[SU]ID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/mheducation.com-falsemixed.xml b/src/chrome/content/rules/mheducation.com-falsemixed.xml
new file mode 100644
index 000000000000..34b35b01f613
--- /dev/null
+++ b/src/chrome/content/rules/mheducation.com-falsemixed.xml
@@ -0,0 +1,49 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://info.mheducation.com/css/mktLPSupport.css (200) => https://na-sj03.marketo.com/css/mktLPSupport.css (403)
+Non-2xx HTTP code: http://info.mheducation.com/rs/mheducation/images/mcgrawhill-logo.png (200) => https://na-sj03.marketo.com/rs/mheducation/images/mcgrawhill-logo.png (403)
+
+	For rules not causing false/broken MCB, see mheducation.com.xml.
+
+
+	NB: see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="MH Education.com (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="createwp.customer.mheducation.com" />
+
+		<!--	Mixed css:
+					-->
+		<test url="http://createwp.customer.mheducation.com/wordpress-mu/success-academy/learnsmart-reports-3/" />
+
+	<!--	Complications:
+				-->
+	<target host="info.mheducation.com" />
+
+		<exclusion pattern="^http://info\.mheducation\.com/(?!/*(?:cs|image|r)s/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://info.mheducation.com/Access_Demo.html" />
+			<test url="http://info.mheducation.com/MHES.Contact.Sales.html" />
+			<test url="http://info.mheducation.com/TextComplexityandCloseReading_Webinar.html" />
+			<test url="http://info.mheducation.com/butters_asarta.html" />
+
+
+	<securecookie host="^(?!info\.)\w" name=".+" />
+
+
+	<rule from="^http://info\.mheducation\.com/+"
+		to="https://na-sj03.marketo.com/" />
+
+		<test url="http://info.mheducation.com/css/mktLPSupport.css" />
+		<test url="http://info.mheducation.com/rs/mheducation/images/mcgrawhill-logo.png" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/mheducation.com.xml b/src/chrome/content/rules/mheducation.com.xml
new file mode 100644
index 000000000000..3388b590e30f
--- /dev/null
+++ b/src/chrome/content/rules/mheducation.com.xml
@@ -0,0 +1,149 @@
+
+<!--
+
+
+	For rules causing false/broken MCB, see mheducation.com-falsemixed.xml.
+
+
+	Nonfunctional hosts in *mheducation.com:
+
+		- connect.customer ʳ
+		- www.elt ʳ
+		- glencoe ᵖ
+		- investors ʳ
+		- info ᵃ
+		- ips ᵈ
+		- nutritioncalc3 ᵖ
+		- powerup ʳ
+
+	ᵃ Marketo / shows another domain
+	ᵈ Dropped
+	ᵖ Plaintext reply
+	ʳ Refused
+
+
+	Problematic hosts in *mheducation.com:
+
+		- ^ ᵈ
+		- careers ᵈ
+		- www.preferences ᵐ
+
+	ᵈ Dropped, preemptable redirect
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- .mheducation.com
+		- connect.mheducation.com
+		- create.mheducation.com
+		- paris.mheducation.com
+		- shopdev.mheducation.com
+		- shopqa.mheducation.com
+		- status.mheducation.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css on createwp.customer.mheducation.com from $self ˢ
+
+		- Images, on:
+
+			- dev, pqa, www from $self ˢ
+			- paris from highered.mheducation.com ˢ
+			- shopdev from dev.mheducation.com ˢ
+
+		- Bug on createwp.customer.mheducation.com from www.facebook.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="MH Education.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="connect.mheducation.com" />
+	<target host="create.mheducation.com" />
+	<!-- <target host="createwp.customer.mheducation.com" /> -->
+	<target host="dev.mheducation.com" />
+	<target host="highered.mheducation.com" />
+	<target host="images-cf.mheducation.com" />
+	<target host="paris.mheducation.com" />
+	<target host="pqa.mheducation.com" />
+	<target host="shop.mheducation.com" />
+	<target host="shopdev.mheducation.com" />
+	<target host="shopqa.mheducation.com" />
+	<target host="status.mheducation.com" />
+	<target host="www.mheducation.com" />
+	<target host="careers.mheducation.com" />
+
+		<!-- <test url="http://createwp.customer.mheducation.com/wordpress-mu/success-academy/learnsmart-reports-3/" /> -->
+
+		<test url="http://images-cf.mheducation.com/connect/prod/connectstatic/1607/gz/connectweb/branding/common/images/homepage/paddles.png" />
+
+		<!--	$ 403s, so:
+					-->
+		<test url="http://paris.mheducation.com/paris/loginview.do" />
+
+	<!--	Complications:
+				-->
+	<target host="mheducation.com" />
+	<target host="info.mheducation.com" />
+
+		<!--exclusion pattern="^http://info\.mheducation\.com/(?!/*(?:$|\?|css/|images/|rs/))" /-->
+		<!--
+			Reduce non-Tor distinguishability:
+								-->
+		<exclusion pattern="^http://info\.mheducation\.com/(?!/*(?:$|\?|rs/.+\.pdf(?:$|\?)))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://info.mheducation.com/Access_Demo.html" />
+			<test url="http://info.mheducation.com/EM4Review.eBooks.html" />
+			<test url="http://info.mheducation.com/K8_Math_DigitalSampleRequest.html" />
+			<test url="http://info.mheducation.com/MHES.Contact.Sales.html" />
+			<test url="http://info.mheducation.com/Platform-Landing-Page_Access-Engineering-Contact-Us.html" />
+			<test url="http://info.mheducation.com/TextComplexityandCloseReading_Webinar.html" />
+			<test url="http://info.mheducation.com/butters_asarta.html" />
+			<test url="http://info.mheducation.com/obgyn30trial.html" />
+			<test url="http://info.mheducation.com/sketchpad.trial.html" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.mheducation\.com$" name="^dtCookie$" /-->
+	<!--securecookie host="^connect\.mheducation\.com$" name="^(?:AWSELB$|JSESSION|cache\.sessionId$)" /-->
+	<!--securecookie host="^create\.mheducation\.com$" name="^BIGipServer" /-->
+	<!--securecookie host="^paris\.mheducation\.com$" name="^(?:AWSELB|prelogin)$" /-->
+	<!--securecookie host="^shop(?:dev|qa)?\.mheducation\.com$" name="^AWSELB$" /-->
+	<!--securecookie host="^status\.mheducation\.com$" name="^(?:XSRF-TOKEN|laravel_session)$" /-->
+
+	<securecookie host="^\." name="^dtCookie$" />
+	<securecookie host="^(?!info\.)\w" name=".+" />
+
+
+	<rule from="^http://mheducation\.com/"
+		to="https://www.mheducation.com/" />
+
+	<!--	Redirect keeps path and args,
+		but not forward slash:
+					-->
+
+	<rule from="^http://info\.mheducation\.com/+(?:\?.*)?$"
+		to="https://www.mheducation.com/notfound.html" />
+
+		<test url="http://info.mheducation.com/?" />
+
+	<rule from="^http://info\.mheducation\.com/"
+		to="https://na-sj03.marketo.com/" />
+
+		<test url="http://info.mheducation.com/css/mktLPSupport.css" />
+		<test url="http://info.mheducation.com/rs/mheducation/images/Power%20of%20Thanks%20Sample%20Chapter.pdf" />
+		<test url="http://info.mheducation.com/rs/mheducation/images/mcgrawhill-logo.png" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/mhfa.com.au.xml b/src/chrome/content/rules/mhfa.com.au.xml
new file mode 100644
index 000000000000..e5e001fe8265
--- /dev/null
+++ b/src/chrome/content/rules/mhfa.com.au.xml
@@ -0,0 +1,6 @@
+<ruleset name="mhfa.com.au">
+	<target host="mhfa.com.au" />
+	<target host="www.mhfa.com.au" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/mhfi.com.xml b/src/chrome/content/rules/mhfi.com.xml
new file mode 100644
index 000000000000..54424c2672d9
--- /dev/null
+++ b/src/chrome/content/rules/mhfi.com.xml
@@ -0,0 +1,28 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- sso.mhfi.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="mhfi.com">
+
+	<target host="sso.mhfi.com" />
+
+		<!--	Sets cookie without Secure:
+							-->
+		<!--test url="http://sso.mhfi.com/oam/server/obrareq.cgi" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^sso\.mhfi\.com$" name="JSESSIONID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/mhwz.de.xml b/src/chrome/content/rules/mhwz.de.xml
new file mode 100644
index 000000000000..fe9ac967a482
--- /dev/null
+++ b/src/chrome/content/rules/mhwz.de.xml
@@ -0,0 +1,15 @@
+<!--
+	See also:
+		- Hochwasserzentralen.de.xml
+		- Hochwasserzentralen.info.xml
+-->
+<ruleset name="mhwz.de">
+
+	<target host="mhwz.de" />
+	<target host="www.mhwz.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/mi-pro.co.uk.xml b/src/chrome/content/rules/mi-pro.co.uk.xml
new file mode 100644
index 000000000000..41208126636b
--- /dev/null
+++ b/src/chrome/content/rules/mi-pro.co.uk.xml
@@ -0,0 +1,39 @@
+<!--
+	For problematic rules, see Intent-Media-mismatches.xml.
+
+	For other NewsBay Media coverage, see Intent-Media.xml.
+
+
+	(www.)?mi-pro.co.uk: Expired
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.mi-pro.co.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Bug on www from b.scorecardresearch.co.uk ˢ
+
+	ˢ Secured by us, see https://www.paulirish.co.uk/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="MI Pro.co.uk (partial)">
+
+	<target host="subs.mi-pro.co.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.mi-pro\.co.uk$" name="Session$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/miaopai.com.xml b/src/chrome/content/rules/miaopai.com.xml
new file mode 100644
index 000000000000..130feffe819a
--- /dev/null
+++ b/src/chrome/content/rules/miaopai.com.xml
@@ -0,0 +1,13 @@
+<!--
+	Expired:
+		^		equal to www.miaopai.com
+-->
+<ruleset name="miaopai.com">
+	<target host="miaopai.com" />
+	<target host="www.miaopai.com" />
+	<target host="m.miaopai.com" />
+
+	<rule from="^http://miaopai\.com/" to="https://www.miaopai.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/michelonfray.com.xml b/src/chrome/content/rules/michelonfray.com.xml
new file mode 100644
index 000000000000..9532185042a7
--- /dev/null
+++ b/src/chrome/content/rules/michelonfray.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="michelonfray.com">
+  <target host="michelonfray.com" />
+  <target host="www.michelonfray.com" />
+
+  <securecookie host=".+" name=".+" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/middlemanapp.com.xml b/src/chrome/content/rules/middlemanapp.com.xml
new file mode 100644
index 000000000000..81dc23ef6c12
--- /dev/null
+++ b/src/chrome/content/rules/middlemanapp.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="middlemanapp.com">
+	<target host="middlemanapp.com" />
+	<target host="www.middlemanapp.com" />
+	<target host="forum.middlemanapp.com" />
+	<target host="directory.middlemanapp.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/midkemiaonline.xml b/src/chrome/content/rules/midkemiaonline.xml
new file mode 100644
index 000000000000..55a8a295f983
--- /dev/null
+++ b/src/chrome/content/rules/midkemiaonline.xml
@@ -0,0 +1,12 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://midkemiaonline.com/ => https://midkemiaonline.com/: (6, 'Could not resolve host: midkemiaonline.com')
+Fetch error: http://www.midkemiaonline.com/ => https://www.midkemiaonline.com/: (6, 'Could not resolve host: www.midkemiaonline.com')
+
+-->
+<ruleset name="Midkemia online" default_off="failed ruleset test">
+    <target host="midkemiaonline.com" />
+    <target host="www.midkemiaonline.com" />
+    <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/midnightbsd.org.xml b/src/chrome/content/rules/midnightbsd.org.xml
new file mode 100644
index 000000000000..36346e18b5bd
--- /dev/null
+++ b/src/chrome/content/rules/midnightbsd.org.xml
@@ -0,0 +1,8 @@
+<!--bugreport. mismatch
+enterprise. mismatch-->
+<ruleset name="midnightbsd.org">
+	<target host="midnightbsd.org" />
+	<target host="www.midnightbsd.org" />
+	<target host="svn.midnightbsd.org" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/miha.tw.xml b/src/chrome/content/rules/miha.tw.xml
new file mode 100644
index 000000000000..5b69908b4353
--- /dev/null
+++ b/src/chrome/content/rules/miha.tw.xml
@@ -0,0 +1,7 @@
+<ruleset name="miha.tw">
+	<target host="miha.tw" />
+	<target host="www.miha.tw" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/miit.ua.xml b/src/chrome/content/rules/miit.ua.xml
new file mode 100644
index 000000000000..db7aad872cad
--- /dev/null
+++ b/src/chrome/content/rules/miit.ua.xml
@@ -0,0 +1,24 @@
+<!--
+billing.miit.ua ³
+blocked.miit.ua ⁴
+cap.miit.ua ⁴
+app01.kbp01.iptv.miit.ua ⁴
+s05-bond0-401.kbp01.iptv.miit.ua ²
+ns.miit.ua ²
+ns2.miit.ua ²
+parallels.miit.ua ³
+speedtest.miit.ua ²
+vmware6.miit.ua ⁴
+
+
+² refused
+³ timed out
+⁴ self signed
+-->
+<ruleset name="miit.ua">
+	<target host="miit.ua" />
+	<target host="www.miit.ua" />
+	<target host="megaplan.miit.ua" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/mijnusenet.nl.xml b/src/chrome/content/rules/mijnusenet.nl.xml
new file mode 100644
index 000000000000..8f785231234f
--- /dev/null
+++ b/src/chrome/content/rules/mijnusenet.nl.xml
@@ -0,0 +1,40 @@
+<!--
+	^mijnusenet.nl: Mismatched
+
+
+	Insecure cookies are set for these domains: ᶜ
+
+		- .mijnusenet.nl
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Mijn Usenet.nl">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.mijnusenet.nl" />
+
+		<!--	Sets cookie without Secure:
+							-->
+		<!--test url="http://www.mijnusenet.nl/clients/member.php" /-->
+
+	<!--	Complications:
+				-->
+	<target host="mijnusenet.nl" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.mijnusenet\.nl$" name="^PHPSESSID$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://mijnusenet\.nl/"
+		to="https://www.mijnusenet.nl/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/mikbill.ru.xml b/src/chrome/content/rules/mikbill.ru.xml
new file mode 100644
index 000000000000..b6dd1718c307
--- /dev/null
+++ b/src/chrome/content/rules/mikbill.ru.xml
@@ -0,0 +1,21 @@
+<!--
+wiki2.mikbill.ru ¹
+
+
+¹ mismatch
+-->
+<ruleset name="mikbill.ru">
+	<target host="mikbill.ru" />
+	<target host="www.mikbill.ru" />
+	<target host="acr.mikbill.ru" />
+	<target host="cdr.mikbill.ru" />
+	<target host="crm.mikbill.ru" />
+	<target host="demo2x.mikbill.ru" />
+	<target host="demomap.mikbill.ru" />
+	<target host="demostat.mikbill.ru" />
+	<target host="pbx.mikbill.ru" />
+	<target host="pma.mikbill.ru" />
+	<target host="wiki.mikbill.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/militaryfriendly.com.xml b/src/chrome/content/rules/militaryfriendly.com.xml
new file mode 100644
index 000000000000..49ddfe1c5d42
--- /dev/null
+++ b/src/chrome/content/rules/militaryfriendly.com.xml
@@ -0,0 +1,34 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- militaryfriendly.com
+		- www.militaryfriendly.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Images from ^militaryfriendly.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Military Friendly.com">
+
+	<target host="militaryfriendly.com" />
+	<target host="www.militaryfriendly.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?militaryfriendly\.com$" name="^X-Mapping-" /-->
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/militarymaps.info.xml b/src/chrome/content/rules/militarymaps.info.xml
new file mode 100644
index 000000000000..4c25166a11db
--- /dev/null
+++ b/src/chrome/content/rules/militarymaps.info.xml
@@ -0,0 +1,7 @@
+<ruleset name="militarymaps.info">
+	<target host="militarymaps.info" />
+	<target host="www.militarymaps.info" />
+	<target host="dev.militarymaps.info" />
+
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/milk.com.xml b/src/chrome/content/rules/milk.com.xml
new file mode 100644
index 000000000000..7c8b47e7cb5c
--- /dev/null
+++ b/src/chrome/content/rules/milk.com.xml
@@ -0,0 +1,11 @@
+<!--
+	Invalid certificate:
+		bb.milk.com
+		harvey.milk.com
+-->
+<ruleset name="milk.com">
+	<target host="milk.com" />
+	<target host="www.milk.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/minavardkontakter.se.xml b/src/chrome/content/rules/minavardkontakter.se.xml
new file mode 100644
index 000000000000..753793ba3f00
--- /dev/null
+++ b/src/chrome/content/rules/minavardkontakter.se.xml
@@ -0,0 +1,18 @@
+<!-- See also: 1177.se.xml 
+
+		Problematic subdomains:
+			
+			- cert error: 
+				- designverktyget.sob.minavardkontakter.se
+				- personal.designverktyget.sob.minavardkontakter.se
+-->
+
+<ruleset name="minavardkontakter.se">
+	<target host="minavardkontakter.se"/>
+	<target host="www.minavardkontakter.se"/>
+	<target host="personal.minavardkontakter.se"/>
+	<target host="personal-cert.minavardkontakter.se"/>
+	<target host="sob.minavardkontakter.se"/>
+	
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/minetrack.xml b/src/chrome/content/rules/minetrack.xml
new file mode 100644
index 000000000000..bb5c14b72a07
--- /dev/null
+++ b/src/chrome/content/rules/minetrack.xml
@@ -0,0 +1,10 @@
+<ruleset name="MineTrack">
+
+	<target host="minetrack.me" />
+	<target host="www.minetrack.me" />
+	<target host="pocket.minetrack.me" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/mini-dweeb.org.xml b/src/chrome/content/rules/mini-dweeb.org.xml
new file mode 100644
index 000000000000..d28896484b8c
--- /dev/null
+++ b/src/chrome/content/rules/mini-dweeb.org.xml
@@ -0,0 +1,7 @@
+<ruleset name="mini-dweeb.org">
+	<target host="debian.mini-dweeb.org" />
+	<target host="projects.mini-dweeb.org" />
+	<target host="www.mini-dweeb.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/minifree.org.xml b/src/chrome/content/rules/minifree.org.xml
new file mode 100644
index 000000000000..8bf27fc8beb4
--- /dev/null
+++ b/src/chrome/content/rules/minifree.org.xml
@@ -0,0 +1,21 @@
+<!--
+	Mixed content:
+
+		- Images from ^minifree.org ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="MiniFree.org">
+
+	<target host="minifree.org" />
+	<target host="www.minifree.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/minmyndighetspost.se.xml b/src/chrome/content/rules/minmyndighetspost.se.xml
new file mode 100644
index 000000000000..a344cf04af0c
--- /dev/null
+++ b/src/chrome/content/rules/minmyndighetspost.se.xml
@@ -0,0 +1,7 @@
+<ruleset name="minmyndighetspost.se">
+	<target host="minmyndighetspost.se" />
+	<target host="www.minmyndighetspost.se" />
+	<target host="test.minmyndighetspost.se" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/minotar.net.xml b/src/chrome/content/rules/minotar.net.xml
new file mode 100644
index 000000000000..e12db19fe883
--- /dev/null
+++ b/src/chrome/content/rules/minotar.net.xml
@@ -0,0 +1,7 @@
+<ruleset name="Minotar.net">
+        <target host="minotar.net" />
+        <target host="www.minotar.net" />
+
+        <rule from="^http:"
+                to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/mipt.ru.xml b/src/chrome/content/rules/mipt.ru.xml
new file mode 100644
index 000000000000..564c7636039a
--- /dev/null
+++ b/src/chrome/content/rules/mipt.ru.xml
@@ -0,0 +1,23 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- mipt.ru
+
+-->
+<ruleset name="MIPT.ru">
+
+	<target host="mipt.ru" />
+	<target host="www.mipt.ru" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^mipt\.ru$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/mir-politika.ru.xml b/src/chrome/content/rules/mir-politika.ru.xml
new file mode 100644
index 000000000000..518636d0b2e1
--- /dev/null
+++ b/src/chrome/content/rules/mir-politika.ru.xml
@@ -0,0 +1,16 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://mir-politika.com/ => https://mir-politika.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.mir-politika.com/ => https://mir-politika.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+ list. mismatcha
+www.mir-politika.com mismatch -->
+<ruleset name="mir-politika.ru" default_off="failed ruleset test">
+	<target host="mir-politika.ru" />
+	<target host="www.mir-politika.ru" />
+	<target host="mir-politika.com" />
+	<target host="www.mir-politika.com" />
+	<rule from="^http://www\.mir-politika\.com/"
+		to="https://mir-politika.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/miracl.com.xml b/src/chrome/content/rules/miracl.com.xml
new file mode 100644
index 000000000000..a39f2e24a4fe
--- /dev/null
+++ b/src/chrome/content/rules/miracl.com.xml
@@ -0,0 +1,41 @@
+<!--
+	Problematic hosts in *miracl.com:
+
+		- ^ ᵈ
+		- docs ᵐ
+
+	ᵈ Dropped, preemptable redirect
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.miracl.com
+
+-->
+<ruleset name="miracl.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.miracl.com" />
+
+	<!--	Complications:
+				-->
+	<target host="miracl.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.miracl\.com$" name="^hsPagesViewedThisSession$" /-->
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://miracl\.com/"
+		to="https://www.miracl.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/mirea.ru.xml b/src/chrome/content/rules/mirea.ru.xml
new file mode 100644
index 000000000000..c9cf38600dcf
--- /dev/null
+++ b/src/chrome/content/rules/mirea.ru.xml
@@ -0,0 +1,63 @@
+<!--
+app.mirea.ru self signed
+news.mirea.ru expired
+forum.mirea.ru self signed
+socin.mirea.ru self signed
+ibs.mirea.ru self signed
+dovuz.mirea.ru expired
+www.physics.fel.mirea.ru self signed
+www.priem.mirea.ru self signed
+www.alpclub.mirea.ru self signed
+www.dgec.mirea.ru self signed
+www.ciscotrain.mirea.ru self signed
+www.philosophy.mirea.ru self signed
+www.physics.fel.mirea.ru self signed
+www.dpo.mirea.ru self signed
+www.fox.mirea.ru self signed
+www.conf.mirea.ru self signed
+www.emctrain.mirea.ru mismatch
+www.kpres.frts.mirea.ru self signed
+trr.frts.mirea.ru self signed
+ig.frts.mirea.ru self signed
+physics.fel.mirea.ru self signed
+www.ape.mirea.ru self signed
+www.eks.fel.mirea.ru mismatch
+www.nano.fel.mirea.ru self signed
+nano.fel.mirea.ru self signed
+mgupi.ru timed out
+www.mgupi.ru timed out
+olymp.mgupi.ru timed out
+enidtp.mgupi.ru timed out
+do.mgupi.ru timed out
+mitht.ru mismatch
+www.mitht.ru mismatch
+old.mitht.ru mismatch
+hitrre.mitht.ru timed out
+plastmassy.mitht.ru mismatch
+fhtt.mitht.ru timed out
+philosophy.mitht.ru timed out
+isp.mitht.ru timed out
+www.anchem.mitht.ru timed out
+www.pbet.mitht.ru timed out
+www.isp.mitht.ru timed out
+-->
+<ruleset name="mirea.ru">
+	<target host="mirea.ru" />
+	<target host="www.mirea.ru" />
+	<target host="chinese.mirea.ru" />
+	<target host="english.mirea.ru" />
+	<target host="special.mirea.ru" />
+	<target host="webinars.mirea.ru" />
+	<target host="security.mirea.ru" />
+	<target host="chemtech.mirea.ru" />
+	<target host="online.mirea.ru" />
+	<target host="rts.mirea.ru" />
+	<target host="it.mirea.ru" />
+	<target host="business.mirea.ru" />
+	<target host="economics.mirea.ru" />
+	<target host="college.mirea.ru" />
+	<target host="cyber.mirea.ru" />
+	<target host="hitech.mirea.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/mirtv33.ru.xml b/src/chrome/content/rules/mirtv33.ru.xml
new file mode 100644
index 000000000000..c05bf78342a9
--- /dev/null
+++ b/src/chrome/content/rules/mirtv33.ru.xml
@@ -0,0 +1,12 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://mirtv33.ru/ => https://mirtv33.ru/: (7, 'Failed to connect to mirtv33.ru port 443: Connection refused')
+Fetch error: http://www.mirtv33.ru/ => https://www.mirtv33.ru/: (7, 'Failed to connect to www.mirtv33.ru port 443: Connection refused')
+
+-->
+<ruleset name="mirtv33.ru" platform="mixedcontent" default_off="failed ruleset test">
+	<target host="mirtv33.ru" />
+	<target host="www.mirtv33.ru" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/miuipolska.pl.xml b/src/chrome/content/rules/miuipolska.pl.xml
new file mode 100644
index 000000000000..02e0f6c3fd53
--- /dev/null
+++ b/src/chrome/content/rules/miuipolska.pl.xml
@@ -0,0 +1,6 @@
+<ruleset name="miuipolska.pl">
+	<target host="miuipolska.pl" />
+	<target host="www.miuipolska.pl" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/mjdk.dk.xml b/src/chrome/content/rules/mjdk.dk.xml
new file mode 100644
index 000000000000..0726fe7bac4e
--- /dev/null
+++ b/src/chrome/content/rules/mjdk.dk.xml
@@ -0,0 +1,6 @@
+<ruleset name="mjdk.dk">
+	<target host="mjdk.dk" />
+	<target host="www.mjdk.dk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/mk.co.kr.xml b/src/chrome/content/rules/mk.co.kr.xml
new file mode 100644
index 000000000000..3a3f84567a9c
--- /dev/null
+++ b/src/chrome/content/rules/mk.co.kr.xml
@@ -0,0 +1,35 @@
+<!--
+	Mixed content:
+
+		- css, on:
+
+			- estate from $self ˢ
+			- estate from common.mk.co.kr ˢ
+
+		- Images, on:
+
+			- estate from file.mk.co.kr ˢ
+			- estate from img.mk.co.kr ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="MK.co.kr" platform="mixedcontent">
+
+	<target host="common.mk.co.kr" />
+	<target host="estate.mk.co.kr" />
+	<target host="file.mk.co.kr" />
+	<target host="img.mk.co.kr" />
+
+		<test url="http://common.mk.co.kr/common/css/bt_footer.css" /><!--	9685 -->
+		<test url="http://file.mk.co.kr/meet/neds/2016/11/image_readtop_2016_785796_14788239702678009.jpg.thumb" /><!--	2328 -->
+		<test url="http://img.mk.co.kr/estate/2014/bg_tabmm.gif" /><!--	37 -->
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/mkt51.net.xml b/src/chrome/content/rules/mkt51.net.xml
new file mode 100644
index 000000000000..7addf987aeff
--- /dev/null
+++ b/src/chrome/content/rules/mkt51.net.xml
@@ -0,0 +1,48 @@
+<!--
+	For other Silverpop coverage, see Silverpop.xml.
+
+
+	CDN buckets:
+
+		- dlr5p9uhe3oaq.cloudfront.net	← contentz
+		- d24q9byeq1ve1q.cloudfront.net	← content
+
+
+	^mkt51.net: Refused, differs from www.mkt51.net
+
+
+	Problematic hosts in *mkt51.net:
+
+		- content ᵐ
+		- contentz ᵐ
+		- www ᵐ
+
+	ᵐ Mismatched
+
+-->
+<ruleset name="mkt51.net">
+
+	<target host="content.mkt51.net" />
+	<target host="contentz.mkt51.net" />
+	<target host="www.mkt51.net" />
+
+		<!--	$ 502s, so:
+					-->
+		<test url="http://contentz.mkt51.net/lp/static/notfound.html" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://content\.mkt51\.net/"
+		to="https://d24q9byeq1ve1q.cloudfront.net/" />
+
+	<rule from="^http://contentz\.mkt51\.net/"
+		to="https://dlr5p9uhe3oaq.cloudfront.net/" />
+
+		<test url="http://contentz.mkt51.net/lp/static/js/iMAWebCookie.js?h=www.pages05.net" />
+
+	<rule from="^http://www\.mkt51\.net/"
+		to="https://www.silverpop.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/mkwrs.com.xml b/src/chrome/content/rules/mkwrs.com.xml
new file mode 100644
index 000000000000..162bd15ac2b0
--- /dev/null
+++ b/src/chrome/content/rules/mkwrs.com.xml
@@ -0,0 +1,10 @@
+<!--
+	Host sends a HSTS header and has a wildcard DNS record, but no wildcard certificate. This breaks other subdomains.
+-->
+<ruleset name="MKWRs">
+        <target host="mkwrs.com" />
+        <target host="www.mkwrs.com" />
+
+        <rule from="^http:"
+                to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/mnultimate.xml b/src/chrome/content/rules/mnultimate.xml
new file mode 100644
index 000000000000..6b005c78f5c8
--- /dev/null
+++ b/src/chrome/content/rules/mnultimate.xml
@@ -0,0 +1,12 @@
+<!--
+	Problematic subdomains:
+		- dns¹
+	¹: Mismatch
+-->
+<ruleset name="MN ULtimate">
+	<target host="mnultimate.org"/>
+	<target host="www.mnultimate.org"/>
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/moakt.com.xml b/src/chrome/content/rules/moakt.com.xml
new file mode 100644
index 000000000000..5beab49a2379
--- /dev/null
+++ b/src/chrome/content/rules/moakt.com.xml
@@ -0,0 +1,13 @@
+<!--
+Invalid certificate:
+	mail.moakt.com
+
+Mixed content:
+	blog.moakt.com
+-->
+<ruleset name="moakt.com">
+	<target host="moakt.com"/>
+	<target host="www.moakt.com"/>
+
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/mobile-review.com.xml b/src/chrome/content/rules/mobile-review.com.xml
new file mode 100644
index 000000000000..d9cc908871e8
--- /dev/null
+++ b/src/chrome/content/rules/mobile-review.com.xml
@@ -0,0 +1,19 @@
+<!--
+www.android.mobile-review.com ¹
+baraholka.mobile-review.com/: (35, 'error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error')
+www.forum.mobile-review.com ¹
+www.forum2.mobile-review.com ¹
+fr.mobile-review.com/: (35, 'error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error')
+android.mobile-review.com different content
+forum2.mobile-review.com different content
+
+
+¹ mismatch
+-->
+<ruleset name="mobile-review.com">
+	<target host="mobile-review.com" />
+	<target host="www.mobile-review.com" />
+	<target host="forum.mobile-review.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/mobile-ventures.com.xml b/src/chrome/content/rules/mobile-ventures.com.xml
new file mode 100644
index 000000000000..35b8c51bc8cc
--- /dev/null
+++ b/src/chrome/content/rules/mobile-ventures.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="Mobile-Ventures.com">
+
+	<target host="mobile-ventures.com" />
+	<target host="www.mobile-ventures.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/mobile.de.xml b/src/chrome/content/rules/mobile.de.xml
new file mode 100644
index 000000000000..36fbf2991b35
--- /dev/null
+++ b/src/chrome/content/rules/mobile.de.xml
@@ -0,0 +1,92 @@
+<!--
+	Other mobile.de ruleset:
+		- automobile.fr.xml
+
+
+	Non-functional subdomains:
+
+		- adstream	(r)
+		- apptest	(r)
+		- callpush	(t)
+		- amsconsul.corp	(t)
+		- analytics.corp	(t)
+		- ci-jenkins.corp	(t)
+		- kamsconsul.corp	(t)
+		- registry.corp	(t)
+		- tech.corp	(t)
+		- advertising.dev	(i)
+		- newsroom.dev	(t)
+		- finanzierung	(i)
+		- finanzierung-test	(m)
+		- test.finanzierungsanfrage	(e)
+		- www.fr	(m)
+		- imode		(HTTP error 404)
+		- info	(m)
+		- mailin46-1	(t)
+		- mailin46-2	(t)
+		- mailin46-3	(t)
+		- mailin47-1	(t)
+		- mailin47-2	(t)
+		- mailin47-3	(t)
+		- mailout46-1	(t)
+		- mailout46-2	(t)
+		- mailout46-3	(t)
+		- mailout46-4	(t)
+		- mailout47-1	(t)
+		- mailout47-2	(t)
+		- mailout47-3	(t)
+		- mailout47-4	(t)
+		- marktdaten	(t)
+		- presse	(HTTP error 404)
+		- promo	(i)
+		- sandbox	(t)
+		- survey	(i)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="mobile.de">
+
+	<target host="mobile.de" />
+	<target host="www.mobile.de" />
+	<target host="admin.mobile.de" />
+	<target host="www.admin.mobile.de" />
+	<target host="admin2.mobile.de" />
+	<target host="advertising.mobile.de" />
+	<target host="appshorturl.mobile.de" />
+	<target host="archiv.mobile.de" />
+	<target host="auto-verkaufen.mobile.de" />
+	<target host="autoact.mobile.de" />
+	<target host="cms.mobile.de" />
+	<target host="fb.mobile.de" />
+	<target host="fdts.mobile.de" />
+	<target host="finanzierungsanfrage.mobile.de" />
+	<target host="fsbo.mobile.de" />
+	<target host="haendler.mobile.de" />
+	<target host="handel.mobile.de" />
+	<target host="home.mobile.de" />
+	<target host="login.mobile.de" />
+	<target host="m.mobile.de" />
+	<target host="m2.mobile.de" />
+	<target host="magazin.mobile.de" />
+	<target host="newsroom.mobile.de" />
+	<target host="opencms.mobile.de" />
+	<target host="p.mobile.de" />
+	<target host="product.mobile.de" />
+	<target host="services.mobile.de" />
+	<target host="shorturl.mobile.de" />
+	<target host="static.mobile.de" />
+	<target host="suchen.mobile.de" />
+	<target host="autodiscover.team.mobile.de" />
+	<target host="ticker.mobile.de" />
+	<target host="tracking.mobile.de" />
+	<target host="w.mobile.de" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/mobileworldcongress.com.xml b/src/chrome/content/rules/mobileworldcongress.com.xml
new file mode 100644
index 000000000000..7e859b2e37b0
--- /dev/null
+++ b/src/chrome/content/rules/mobileworldcongress.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="Mobile World Congress.com">
+
+	<target host="www.mobileworldcongress.com" />
+
+
+	<securecookie host="^\." name="^_gat?$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/mobilism.me.xml b/src/chrome/content/rules/mobilism.me.xml
new file mode 100644
index 000000000000..533537df7157
--- /dev/null
+++ b/src/chrome/content/rules/mobilism.me.xml
@@ -0,0 +1,22 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://mobilism.me/ => https://mobilism.me/: Too many redirects while fetching 'https://mobilism.me/'
+Fetch error: http://www.mobilism.me/ => https://www.mobilism.me/: Too many redirects while fetching 'https://www.mobilism.me/'
+Fetch error: http://forum.mobilism.me/ => https://forum.mobilism.me/: Too many redirects while fetching 'https://forum.mobilism.me/'
+Fetch error: http://images.mobilism.me/ => https://images.mobilism.me/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+
+-->
+<ruleset name="mobilism.me" platform="mixedcontent" default_off="failed ruleset test">
+	<target host="mobilism.me" />
+	<target host="www.mobilism.me" />
+	<target host="forum.mobilism.me" />
+	<target host="images.mobilism.me" />
+	<target host="mobilism.org" />
+	<target host="www.mobilism.org" />
+	<target host="forum.mobilism.org" />
+	<target host="images.mobilism.org" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/moderngov.co.uk.xml b/src/chrome/content/rules/moderngov.co.uk.xml
new file mode 100644
index 000000000000..9bd4f98bcc43
--- /dev/null
+++ b/src/chrome/content/rules/moderngov.co.uk.xml
@@ -0,0 +1,165 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://copeland.moderngov.co.uk/ => https://copeland.moderngov.co.uk/: Too many redirects while fetching 'https://copeland.moderngov.co.uk/'
+Fetch error: http://powys.moderngov.co.uk/ => https://powys.moderngov.co.uk/: Too many redirects while fetching 'https://powys.moderngov.co.uk/'
+
+	Nonfunctional hosts in *moderngov.co.uk:
+
+		- ^ ᶠ *
+		- aylesburyvale ⁴
+		- barnsleymbc ⁴
+		- brentwood ⁴
+		- chesterfield ⁴
+		- chichester ⁴
+		- doncaster ⁴
+		- havant ⁴
+		- lga ⁴
+		- merton ⁴
+		- portsmouth ⁴
+		- scambs ⁴
+		- southend ⁴
+		- stalbans ⁴
+		- surreyheath ⁴
+		- tameside ⁴
+		- watford ⁴
+		- westminster ⁴
+		- wokingham ⁴
+
+	* Differs from www.moderngov.co.uk
+	⁴ 404
+	ᶠ Handshake fails
+
+
+	Problematic hosts in *moderngov.co.uk:
+
+		- wolverhampton ˣ
+		- worcestershire ˣ
+
+	ˣ Mixed css, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+
+	Partially covered hosts in *moderngov.co.uk:
+
+		- hastings ʰ
+		- rbwm ʰ
+		- rutlandcounty ʰ
+		- sheffielddemocracy ʰ
+
+	ʰ Some pages redirect to http
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- (account_vhost).moderngov.co.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css, on:
+
+			- wolverhampton from www.wolverhampton.gov.uk ˢ
+			- worcestershire from e-services.worcestershire.gov.uk
+
+		- Images, on:
+
+			- wolverhampton from www.wolverhampton.gov.uk ˢ
+			- worcestershire from e-services.worcestershire.gov.uk
+			- www from $self ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Moderngov.co.uk (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.moderngov.co.uk" />
+
+	<!--	(Account vhosts:)
+				-->
+	<target host="barnet.moderngov.co.uk" />
+	<target host="bradford.moderngov.co.uk" />
+	<target host="cardiff.moderngov.co.uk" />
+	<target host="copeland.moderngov.co.uk" />
+	<target host="gwh.moderngov.co.uk" />
+	<target host="hastings.moderngov.co.uk" />
+	<target host="lincolnshire.moderngov.co.uk" />
+	<target host="nkdc.moderngov.co.uk" />
+	<target host="powys.moderngov.co.uk" />
+	<target host="rbwm.moderngov.co.uk" />
+	<target host="rutlandcounty.moderngov.co.uk" />
+	<target host="sheffield.moderngov.co.uk" />
+	<target host="sheffielddemocracy.moderngov.co.uk" />
+	<target host="sutton.moderngov.co.uk" />
+	<target host="walthamforest.moderngov.co.uk" />
+	<!--target host="wolverhampton.moderngov.co.uk" /-->
+	<!--target host="worcestershire.moderngov.co.uk" /-->
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://(?:hastings|rbwm|rutlandcounty|sheffielddemocracy)\.moderngov\.co\.uk/(?:ieListDocuments|mgMeetingAttendance|mgPasswordReqst|uuCoverPage)\.aspx" /-->
+		<!--exclusion pattern="^http://(?:hastings|rutlandcounty)\.moderngov\.co\.uk/ieRegisterUser\.aspx" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://(?:rbwm|sheffielddemocracy)\.moderngov\.co\.uk/(?!/*(?:[Ss]ite[Ss]pecific/|documents/|ie(?:[Ll]ogon|RegisterUser)\.aspx|mgimages/|jquery-ui/|UserData/))" />
+		<exclusion pattern="^http://(?:hastings|rutlandcounty)\.moderngov\.co\.uk/(?!/*(?:[Ss]ite[Ss]pecific/|documents/|ie[Ll]ogon\.aspx|mgimages/|jquery-ui/))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://hastings.moderngov.co.uk/ieRegisterUser.aspx" />
+			<test url="http://hastings.moderngov.co.uk/mgPasswordReqst.aspx" />
+			<test url="http://rbwm.moderngov.co.uk/ecCatDisplay.aspx" />
+			<test url="http://rbwm.moderngov.co.uk/ieDocSearch.aspx" />
+			<test url="http://rbwm.moderngov.co.uk/mgCalendarMonthView.aspx" />
+			<test url="http://rbwm.moderngov.co.uk/mgListOutsideBodies.aspx" />
+			<test url="http://rbwm.moderngov.co.uk/mgMemberIndex.aspx" />
+			<test url="http://rbwm.moderngov.co.uk/mgMemberIndexMP.aspx" />
+			<test url="http://rbwm.moderngov.co.uk/mgPasswordReqst.aspx" />
+			<test url="http://rutlandcounty.moderngov.co.uk/ieListDocuments.aspx" />
+			<test url="http://rutlandcounty.moderngov.co.uk/ieRegisterUser.aspx" />
+			<test url="http://rutlandcounty.moderngov.co.uk/mgDelegatedDecisions.aspx" />
+			<test url="http://rutlandcounty.moderngov.co.uk/mgMeetingAttendance.aspx" />
+			<test url="http://rutlandcounty.moderngov.co.uk/mgPasswordReqst.aspx" />
+			<test url="http://rutlandcounty.moderngov.co.uk/mgUserInfo.aspx" />
+			<!--test url="http://rutlandcounty.moderngov.co.uk/uuCoverPage.aspx" /-->
+			<test url="http://sheffielddemocracy.moderngov.co.uk/mgMemberIndex.aspx" />
+			<test url="http://sheffielddemocracy.moderngov.co.uk/mgPasswordReqst.aspx" />
+			<test url="http://sheffielddemocracy.moderngov.co.uk/uuCoverPage.aspx" />
+
+			<!--	-ve:
+					-->
+			<test url="http://hastings.moderngov.co.uk/SiteSpecific/ssWordStyles.css" />
+			<test url="http://hastings.moderngov.co.uk/ielogon.aspx" />
+			<test url="http://hastings.moderngov.co.uk/jquery-ui/css/Smoothness/jquery-ui-1.10.2.custom.min.css" />
+			<test url="http://rbwm.moderngov.co.uk/ieRegisterUser.aspx" />
+			<test url="http://rbwm.moderngov.co.uk/ielogon.aspx" />
+			<test url="http://rbwm.moderngov.co.uk/jquery-ui/css/Smoothness/jquery-ui-1.10.2.custom.min.css" />
+			<test url="http://rbwm.moderngov.co.uk/mgimages/left5.gif" />
+			<test url="http://rbwm.moderngov.co.uk/sitespecific/ssMgResponsive.css" />
+			<test url="http://rbwm.moderngov.co.uk/sitespecific/tile_sub.gif" />
+			<test url="http://rutlandcounty.moderngov.co.uk/SiteSpecific/1.gif" />
+			<test url="http://rutlandcounty.moderngov.co.uk/SiteSpecific/gm_sidebar_rh.css" />
+			<test url="http://rutlandcounty.moderngov.co.uk/ielogon.aspx" />
+			<test url="http://rutlandcounty.moderngov.co.uk/jquery-ui/css/Smoothness/jquery-ui-1.10.2.custom.min.css" />
+			<test url="http://sheffielddemocracy.moderngov.co.uk/SiteSpecific/bg-snv-parent.gif" />
+			<test url="http://sheffielddemocracy.moderngov.co.uk/UserData/8/4/1/Info00000148/smallpic.jpg" />
+			<test url="http://sheffielddemocracy.moderngov.co.uk/ieRegisterUser.aspx" />
+			<test url="http://sheffielddemocracy.moderngov.co.uk/ielogon.aspx" />
+			<test url="http://sheffielddemocracy.moderngov.co.uk/jquery-ui/css/Smoothness/jquery-ui-1.10.2.custom.min.css" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(account_vhost)\.moderngov\.co\.uk$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^(?!(?:hastings|rbwm|rutlandcounty|sheffielddemocracy)\.)\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/modulus.com.xml b/src/chrome/content/rules/modulus.com.xml
new file mode 100644
index 000000000000..c381f6986b96
--- /dev/null
+++ b/src/chrome/content/rules/modulus.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="modulus.com">
+	<target host="modulus.com" />
+	<target host="www.modulus.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/modx.pro.xml b/src/chrome/content/rules/modx.pro.xml
new file mode 100644
index 000000000000..e8090d00e50a
--- /dev/null
+++ b/src/chrome/content/rules/modx.pro.xml
@@ -0,0 +1,14 @@
+<!--
+s.modx.pro mismatch
+test.modx.pro mismatch
+demo.modx.pro self signed
+-->
+<ruleset name="modx.pro">
+	<target host="modx.pro" />
+	<target host="www.modx.pro" />
+	<target host="docs.modx.pro" />
+	<target host="file.modx.pro" />
+	<target host="id.modx.pro" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/mof.gov.sa.xml b/src/chrome/content/rules/mof.gov.sa.xml
new file mode 100644
index 000000000000..07cfa54816e2
--- /dev/null
+++ b/src/chrome/content/rules/mof.gov.sa.xml
@@ -0,0 +1,15 @@
+<!--
+	Invalid Certificate:
+		sahafi.mof.gov.sa
+-->
+<ruleset name="mof.gov.sa">
+	<target host="mof.gov.sa" />
+	<target host="www.mof.gov.sa" />
+	<target host="eservices.mof.gov.sa" />
+	<target host="mail.mof.gov.sa" />
+	<target host="ujds.mof.gov.sa" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/mohtaraf.com.xml b/src/chrome/content/rules/mohtaraf.com.xml
new file mode 100644
index 000000000000..ca9ceefd6a12
--- /dev/null
+++ b/src/chrome/content/rules/mohtaraf.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="mohtaraf.com">
+	<target host="mohtaraf.com" />
+	<target host="www.mohtaraf.com" />
+	<target host="kameelhawa.mohtaraf.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/molevalley.gov.uk.xml b/src/chrome/content/rules/molevalley.gov.uk.xml
new file mode 100644
index 000000000000..e9f2569b3a81
--- /dev/null
+++ b/src/chrome/content/rules/molevalley.gov.uk.xml
@@ -0,0 +1,50 @@
+<!--
+	Mole Valley District Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *molevalley.gov.uk:
+
+		- maps ᵈ
+
+	ᵈ Dropped
+
+
+	These altnames do not exist:
+
+		- molevalley.gov.uk
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.molevalley.gov.uk
+
+
+	Mixed content:
+
+		- Image on www from $self ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="Mole Valley.gov.uk (partial)">
+
+	<target host="www.molevalley.gov.uk" />
+
+		<!--	Mixed image:
+					-->
+		<!--test url="http://www.molevalley.gov.uk/index.cfm?articleid=17278" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.molevalley\.gov\.uk$" name="^CF(?:ID|TOKEN)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/molodoi.net.xml b/src/chrome/content/rules/molodoi.net.xml
new file mode 100644
index 000000000000..64a3d7baf04c
--- /dev/null
+++ b/src/chrome/content/rules/molodoi.net.xml
@@ -0,0 +1,6 @@
+<ruleset name="molodoi.net">
+	<target host="molodoi.net" />
+	<target host="www.molodoi.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/monazilla.org.xml b/src/chrome/content/rules/monazilla.org.xml
new file mode 100644
index 000000000000..c30558863ea2
--- /dev/null
+++ b/src/chrome/content/rules/monazilla.org.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- monazilla.org
+		- www.monazilla.org
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="monazilla.org">
+
+	<target host="monazilla.org" />
+	<target host="www.monazilla.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?monazilla\.org$" name="^(?:_landing_page|_orig_referrer|cart_sig)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/moncompteformation.gouv.fr.xml b/src/chrome/content/rules/moncompteformation.gouv.fr.xml
new file mode 100644
index 000000000000..ddd2152c008e
--- /dev/null
+++ b/src/chrome/content/rules/moncompteformation.gouv.fr.xml
@@ -0,0 +1,6 @@
+<ruleset name="moncompteformation.gouv.fr">
+    <target host="espaceprive.moncompteformation.gouv.fr" />
+    <target host="gestespaceprive.moncompteformation.gouv.fr" />
+
+    <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/monde-diplomatique.fr.xml b/src/chrome/content/rules/monde-diplomatique.fr.xml
new file mode 100644
index 000000000000..251f1575b233
--- /dev/null
+++ b/src/chrome/content/rules/monde-diplomatique.fr.xml
@@ -0,0 +1,25 @@
+<!--
+	For other rules related to the Monde Diplomatique, see MondeDiplo.com.xml
+
+	Bad certificate:
+		abo.monde-diplomatique.fr
+		amis.monde-diplomatique.fr
+		www.amis.monde-diplomatique.fr
+		formation.monde-diplomatique.fr
+		formations.monde-diplomatique.fr
+		www.formations.monde-diplomatique.fr
+-->
+<ruleset name="Le Monde Diplomatique">
+
+	<target host="monde-diplomatique.fr" />
+	<target host="www.monde-diplomatique.fr" />
+	<target host="abo.monde-diplomatique.fr" />
+	<target host="boutique.monde-diplomatique.fr" />
+	<target host="dons.monde-diplomatique.fr" />
+
+	<rule from="^http://abo\.monde-diplomatique\.fr/"
+			to="https://boutique.monde-diplomatique.fr/abonnements/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/moneycorp.com.xml b/src/chrome/content/rules/moneycorp.com.xml
new file mode 100644
index 000000000000..ee23169349a3
--- /dev/null
+++ b/src/chrome/content/rules/moneycorp.com.xml
@@ -0,0 +1,44 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- identity.moneycorp.com
+		- online.moneycorp.com
+		- secure.moneycorp.com
+		- www.moneycorp.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="moneycorp.com">
+
+	<target host="cdn.moneycorp.com" />
+	<target host="cdn2.moneycorp.com" />
+	<target host="identity.moneycorp.com" />
+	<target host="online.moneycorp.com" />
+	<target host="secure.moneycorp.com" />
+	<target host="www.moneycorp.com" />
+
+		<test url="http://cdn.moneycorp.com/assets/affiliates/Moneycorp/css/core/framework.css?v=00" />
+		<test url="http://cdn2.moneycorp.com/fp/clear.png?org_id=&amp;session_id=&amp;m=" />
+
+		<!--	Sets cookies without Secure:
+							-->
+		<!--test url="http://identity.moneycorp.com/core/login?signin=" /-->
+		<!--test url="http://secure.moneycorp.com/?signin=&amp;client=&amp;partnerName=&amp;partnerDescription=&amp;chk=" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^identity\.moneycorp\.com$" name="^ids_chk\.[\da-f]{32}$" /-->
+	<!--securecookie host="^online\.moneycorp\.com$" name="^(?:ADRUM_BT[1a]|ASP\.NET_SessionId)$" /-->
+	<!--securecookie host="^secure\.moneycorp\.com$" name="^(?:__RequestVerificationToken|Locale|QuerystringSession)$" /-->
+	<!--securecookie host="^www\.moneycorp\.com$" name="^(?:ASP\.NET_SessionId|TS[\da-f]{8})$" /-->
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/moneygeek.com.xml b/src/chrome/content/rules/moneygeek.com.xml
new file mode 100644
index 000000000000..54d9ae391698
--- /dev/null
+++ b/src/chrome/content/rules/moneygeek.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="MoneyGeek.com">
+
+	<target host="moneygeek.com" />
+	<target host="www.moneygeek.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/monolith.zone.xml b/src/chrome/content/rules/monolith.zone.xml
new file mode 100644
index 000000000000..10a53419e97b
--- /dev/null
+++ b/src/chrome/content/rules/monolith.zone.xml
@@ -0,0 +1,17 @@
+<!--
+	Invalid certificate:
+		webmail.monolith.zone
+
+	Refused:
+		blog.monolith.zone
+		discourse.monolith.zone
+		imap.monolith.zone
+		pop.monolith.zone
+		smtp.monolith.zone
+-->
+<ruleset name="monolith.zone">
+	<target host="monolith.zone" />
+	<target host="www.monolith.zone" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/montanalinux.org.xml b/src/chrome/content/rules/montanalinux.org.xml
new file mode 100644
index 000000000000..b391a0e04b37
--- /dev/null
+++ b/src/chrome/content/rules/montanalinux.org.xml
@@ -0,0 +1,34 @@
+<!--
+	^montanalinux.org: Mismatched
+
+
+	Insecure cookies are set for these domains:
+
+		- .montanalinux.org
+
+-->
+<ruleset name="Montana Linux.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.montanalinux.org" />
+
+	<!--	Complications:
+				-->
+	<target host="montanalinux.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.montanalinux\.org$" name="^PHPSESSID$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://montanalinux\.org/"
+		to="https://www.montanalinux.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/montpelerin.org.xml b/src/chrome/content/rules/montpelerin.org.xml
new file mode 100644
index 000000000000..7efe22e03f6a
--- /dev/null
+++ b/src/chrome/content/rules/montpelerin.org.xml
@@ -0,0 +1,24 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- montpelerin.org
+		- www.montpelerin.org
+
+-->
+<ruleset name="Mont Pelerin.org">
+
+	<target host="montpelerin.org" />
+	<target host="www.montpelerin.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?montpelerin\.org$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/moodlerooms.com.xml b/src/chrome/content/rules/moodlerooms.com.xml
new file mode 100644
index 000000000000..73b4dfa4e571
--- /dev/null
+++ b/src/chrome/content/rules/moodlerooms.com.xml
@@ -0,0 +1,89 @@
+<!--
+	For rules causing false/broken MCB, see moodlerooms.com-falsemixed.xml.
+
+
+	Nonfunctional hosts in *moodlerooms.com:
+
+		- anz ⁴
+		- asia ⁴
+		- br ⁴
+		- crowdsource ᵃ
+		- de ⁴
+		- es ⁴
+		- fi ⁴
+		- fr ⁴
+		- jp ⁴
+		- lac ⁴
+		- nl ⁴
+		- uki ⁴
+		- www ⁴
+
+	ᵃ Shows another domain
+	⁴ 404
+
+
+	Problematic hosts in *moodlerooms.com:
+
+		- page ᵐ
+		- train ˣ
+
+	ᵐ Pardot / mismatched
+	ˣ Mixed css, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- learn2.moodlerooms.com
+		- train.moodlerooms.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css on train from $self ˢ
+		- Images on train from $self ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="MoodleRooms.com (partial)">
+
+	<!--target host="moodlerooms.com" /-->
+	<target host="kb.moodlerooms.com" />
+	<target host="learn2.moodlerooms.com" />
+	<!--target host="train.moodlerooms.com" /-->
+
+	<!--	Complications:
+				-->
+	<target host="page.moodlerooms.com" />
+
+		<exclusion pattern="^http://page\.moodlerooms\.com/(?!/*(?:[els]|emailPreference|unsubscribe|webmail)/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://page.moodlerooms.com/about.htm" />
+			<test url="http://page.moodlerooms.com/default.aspx" />
+			<test url="http://page.moodlerooms.com/favicon.ico" />
+			<test url="http://page.moodlerooms.com/index.htm" />
+			<test url="http://page.moodlerooms.com/index.html" />
+			<test url="http://page.moodlerooms.com/index.php" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:learn2|train)\.moodlerooms\.com$" name="^MoodleSession$" /-->
+
+	<securecookie host="^(?!page\.)\w" name=".+" />
+
+
+	<rule from="^http://page\.moodlerooms\.com/"
+		to="https://go.pardot.com/" />
+
+		<test url="http://page.moodlerooms.com/l/1662/2012-02-08/2hxv68" />
+		<test url="http://page.moodlerooms.com/l/1662/2011-05-03/KAJGB/1662/111461/ComparisonMatrix_5211.pdf" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/moodscope.com.xml b/src/chrome/content/rules/moodscope.com.xml
new file mode 100644
index 000000000000..9fcc0e3f0416
--- /dev/null
+++ b/src/chrome/content/rules/moodscope.com.xml
@@ -0,0 +1,23 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- www.moodscope.com
+
+-->
+<ruleset name="Moodscope.com">
+
+	<target host="moodscope.com" />
+	<target host="www.moodscope.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.moodscope\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/moodys.com.xml b/src/chrome/content/rules/moodys.com.xml
new file mode 100644
index 000000000000..88aef9922b15
--- /dev/null
+++ b/src/chrome/content/rules/moodys.com.xml
@@ -0,0 +1,116 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ra-apc.moodys.com/ => https://ra-apc.moodys.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://ra-szn.moodys.com/ => https://ra-szn.moodys.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Non-2xx HTTP code: http://staging.moodys.com/ (200) => https://staging.moodys.com/ (403)
+Non-2xx HTTP code: http://v3.moodys.com/ (200) => https://v3.moodys.com/ (403)
+
+moodys.com ³
+www.moodys.com non-2xx http code
+bandona.moodys.com ³
+bandonb.moodys.com ³
+credittransitions.moodys.com ³
+discover.moodys.com ²
+dr.moodys.com ³
+ftp.moodys.com ³
+ftpmdy1.moodys.com ³
+fundsissuerportal.moodys.com non-2xx http code
+info.moodys.com ²
+interact.moodys.com ¹
+ir.moodys.com ¹
+ma.moodys.com ¹
+mail.moodys.com ³
+mdcsmtp01.moodys.com ³
+mdcsmtp02.moodys.com ³
+mdcsmtp03.moodys.com ³
+mdcsmtp04.moodys.com ³
+mdcsmtp05.moodys.com ³
+mdcsmtp06.moodys.com ³
+mdyftcvmlrly101.moodys.com ³
+mdyftcvmlrly101-dns.moodys.com ³
+mdyftcvmlrly102.moodys.com ³
+mdyftcvmlrly102-dns.moodys.com ³
+mdyptcvmlrly101.moodys.com ³
+mdyptcvmlrly101-dns.moodys.com ³
+mdyptcvmlrly102.moodys.com ³
+mdyptcvmlrly102-dns.moodys.com ³
+mdywtcmlrly101.moodys.com ³
+mdywtcmlrly101-dns.moodys.com ³
+mft.moodys.com ⁴
+mft-test.moodys.com ⁴
+moodysfm.moodys.com ⁴
+www.moodysfm.moodys.com ²
+moodyswsmail.moodys.com ³
+moodyswsmailint.moodys.com ³
+mwsaftp.moodys.com ³
+nic.moodys.com ³
+ns1.moodys.com ³
+ns2.moodys.com ³
+ns3.moodys.com ³
+ns4.moodys.com ³
+ns5.moodys.com ³
+ns6.moodys.com ³
+origin-dr.moodys.com ³
+philanthropy.moodys.com ³
+www.philanthropy.moodys.com ³
+px01.moodys.com ³
+px02.moodys.com ³
+px03.moodys.com ³
+ra-hkg.moodys.com ¹
+remoteaccess.moodys.com ³
+researchinfo.moodys.com ²
+sb-ra-lon.moodys.com ¹
+sb-ra-ptc.moodys.com ¹
+sb-ra-sfo.moodys.com ¹
+sb-ra-wtc.moodys.com ¹
+sftp.moodys.com ²
+sftp3.moodys.com ³
+sfw.moodys.com ⁷
+sharefile-qa.moodys.com ³
+spotfire.moodys.com ²
+syndication.moodys.com ³
+update.moodys.com ³
+staging.update.moodys.com ³
+staging.v2.moodys.com ³
+workspace.moodys.com ⁴
+api.moodys.com different content
+projectfinance-models.moodys.com different content
+
+
+¹ mismatch
+² refused
+³ timed out
+⁴ self signed
+⁷ protocol error
+-->
+<ruleset name="moodys.com (partial)" default_off="failed ruleset test">
+	<target host="byod-amr.moodys.com" />
+	<target host="careers.moodys.com" />
+	<target host="credittrends.moodys.com" />
+	<target host="enroll-amr.moodys.com" />
+	<target host="enroll-qa.moodys.com" />
+	<target host="m.moodys.com" />
+	<target host="mapps-amr.moodys.com" />
+	<target host="mapps-qa.moodys.com" />
+	<target host="mobile.moodys.com" />
+	<target host="mwsareporting.moodys.com" />
+	<target host="optout.moodys.com" />
+	<target host="production.moodys.com" />
+	<target host="ra.moodys.com" />
+	<target host="ra-apc.moodys.com" />
+	<target host="ra-ftc.moodys.com" />
+	<target host="ra-lon.moodys.com" />
+	<target host="ra-ptc.moodys.com" />
+	<target host="ra-qa.moodys.com" />
+	<target host="ra-sfo.moodys.com" />
+	<target host="ra-szn.moodys.com" />
+	<target host="ra-wtc.moodys.com" />
+	<target host="social.moodys.com" />
+	<target host="staging.moodys.com" />
+	<target host="training.moodys.com" />
+	<target host="v2.moodys.com" />
+	<target host="v3.moodys.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/morawa-buch.at.xml b/src/chrome/content/rules/morawa-buch.at.xml
new file mode 100644
index 000000000000..84be77e10530
--- /dev/null
+++ b/src/chrome/content/rules/morawa-buch.at.xml
@@ -0,0 +1,9 @@
+<ruleset name="morawa-buch.at">
+	<target host="morawa-buch.at"/>
+	<target host="www.morawa-buch.at"/>
+
+	<rule from="^http://morawa-buch\.at/"
+		to="https://www.morawa-buch.at/"/>
+	<rule from="^http:"
+		to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/moslenta.ru.xml b/src/chrome/content/rules/moslenta.ru.xml
new file mode 100644
index 000000000000..8b89fa17aedb
--- /dev/null
+++ b/src/chrome/content/rules/moslenta.ru.xml
@@ -0,0 +1,21 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cdn.moslenta.ru/ => https://cdn.moslenta.ru/: (51, "SSL: no alternative certificate subject name matches target host name 'cdn.moslenta.ru'")
+
+  Certificate mismatch:
+    dengoroda2016.moslenta.ru
+    detmag.moslenta.ru
+    mck.moslenta.ru
+    mystreet.moslenta.ru
+    on.moslenta.ru
+    sovety.moslenta.ru
+-->
+<ruleset name="moslenta.ru" default_off="failed ruleset test">
+    <target host="moslenta.ru" />
+    <target host="www.moslenta.ru" />
+    <target host="cdn.moslenta.ru" />
+    <target host="m.moslenta.ru" />
+
+    <rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/mosnet.ru.xml b/src/chrome/content/rules/mosnet.ru.xml
new file mode 100644
index 000000000000..9861a25a375e
--- /dev/null
+++ b/src/chrome/content/rules/mosnet.ru.xml
@@ -0,0 +1,25 @@
+<!--
+mosnet.ru ⁴
+www.mosnet.ru ⁴
+blocked.mosnet.ru ²
+em.mosnet.ru ³
+littlesister.mosnet.ru ⁴
+mail.mosnet.ru ⁴
+neo.mosnet.ru ⁴
+old.mosnet.ru ⁴
+orange.mosnet.ru ³
+privateoffice.mosnet.ru ⁴
+raven.mosnet.ru ²
+speedtest.mosnet.ru ²
+speedtestlocal.mosnet.ru ²
+
+
+² refused
+³ timed out
+⁴ incomplete certificate chain
+-->
+<ruleset name="mosnet.ru (partial)">
+	<target host="rtumoa.mosnet.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/mosoblgaz.ru.xml b/src/chrome/content/rules/mosoblgaz.ru.xml
new file mode 100644
index 000000000000..001edd338b76
--- /dev/null
+++ b/src/chrome/content/rules/mosoblgaz.ru.xml
@@ -0,0 +1,49 @@
+<!--
+www.balashiha.mosoblgaz.ru ⁴
+balashikhamag.mosoblgaz.ru ⁴
+dmitrovmag.mosoblgaz.ru ⁴
+ftp.mosoblgaz.ru ³
+www.klin.mosoblgaz.ru ⁴
+krasnogorsk.mosoblgaz.ru ⁴
+krasnogorskmag.mosoblgaz.ru ⁴
+lkasupg.mosoblgaz.ru ⁵
+lkkc.mosoblgaz.ru ¹
+lksaupg.mosoblgaz.ru ⁴
+lktu.mosoblgaz.ru ¹
+mail.mosoblgaz.ru ⁴
+www.mytishchi.mosoblgaz.ru ⁴
+mytishymag.mosoblgaz.ru ⁴
+naro-fominskmag.mosoblgaz.ru ⁴
+new.mosoblgaz.ru ⁴
+noginskmag.mosoblgaz.ru ⁴
+odincovo.mosoblgaz.ru ⁴
+odintsovomag.mosoblgaz.ru ⁴
+www.podolsk.mosoblgaz.ru ⁴
+poisk-vdgo.mosoblgaz.ru ¹
+ramenskoemag.mosoblgaz.ru ⁴
+rmp.mosoblgaz.ru ⁴
+serpukhovmag.mosoblgaz.ru ⁴
+shop.mosoblgaz.ru ⁴
+adv.shop.mosoblgaz.ru ⁴
+img.shop.mosoblgaz.ru ⁴
+sigma.mosoblgaz.ru ³
+stage-lkk.mosoblgaz.ru ¹
+www.stupino.mosoblgaz.ru ⁴
+stupinomag.mosoblgaz.ru ⁴
+webconf.mosoblgaz.ru/: (56, 'SSL read: error:00000000:lib(0):func(0):reason(0), errno 104')
+
+
+¹ mismatch
+³ timed out
+⁴ self signed
+⁵ expired
+-->
+<ruleset name="mosoblgaz.ru">
+	<target host="mosoblgaz.ru" />
+	<target host="www.mosoblgaz.ru" />
+	<target host="lkk.mosoblgaz.ru" />
+	<target host="sip.mosoblgaz.ru" />
+	<target host="tp.mosoblgaz.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/motive.com.xml b/src/chrome/content/rules/motive.com.xml
new file mode 100644
index 000000000000..55c0e2cf785f
--- /dev/null
+++ b/src/chrome/content/rules/motive.com.xml
@@ -0,0 +1,47 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://pbttbc.bt.motive.com/portal/entry.do => https://pbttbc.bt.motive.com/portal/entry.do: (35, 'Unknown SSL protocol error in connection to pbttbc.bt.motive.com:443 ')
+Fetch error: http://pbttbcpn.bt.motive.com/portal/plusnetentry.do => https://pbttbcpn.bt.motive.com/portal/plusnetentry.do: (35, 'Unknown SSL protocol error in connection to pbttbcpn.bt.motive.com:443 ')
+Fetch error: http://pbttbc.bt.motive.com/ => https://pbttbc.bt.motive.com/: (35, 'Unknown SSL protocol error in connection to pbttbc.bt.motive.com:443 ')
+Fetch error: http://pbttbcpn.bt.motive.com/ => https://pbttbcpn.bt.motive.com/: (35, 'Unknown SSL protocol error in connection to pbttbcpn.bt.motive.com:443 ')
+
+	Nonfunctional hosts in *motive.com:
+
+		- pbteu.bt ᵈ
+
+	ᵈ Dropped
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- pbttbc.bt.motive.com
+		- pbttbcpn.bt.motive.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="motive.com (partial)" default_off="failed ruleset test">
+
+	<target host="pbthdm.bt.motive.com" />
+	<target host="pbthdmw.bt.motive.com" />
+	<target host="pbttbc.bt.motive.com" />
+	<target host="pbttbcpn.bt.motive.com" />
+
+		<!--	$ shows default page, so:
+							-->
+		<test url="http://pbttbc.bt.motive.com/portal/entry.do" />
+		<test url="http://pbttbcpn.bt.motive.com/portal/plusnetentry.do" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^pbttbcpn(?:pn)?\.bt\.motive\.com$" name="^JSESSIONID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/motor.ru.xml b/src/chrome/content/rules/motor.ru.xml
new file mode 100644
index 000000000000..6ca9eb8e932f
--- /dev/null
+++ b/src/chrome/content/rules/motor.ru.xml
@@ -0,0 +1,24 @@
+<!--
+Invalid certificate:
+	www.motor.ru
+	120.motor.ru
+	3series-bmw.motor.ru
+	dakar.motor.ru
+	drive-bmw.motor.ru
+	hero.motor.ru
+	mobil1.motor.ru
+	old.motor.ru
+	on.motor.ru
+	super.motor.ru
+	vwamarok.motor.ru
+-->
+<ruleset name="motor.ru">
+	<target host="motor.ru"/>
+	<target host="www.motor.ru" />
+	<target host="cdn.motor.ru" />
+	<target host="old.motor.ru"/>
+	<target host="super.motor.ru"/>
+
+	<rule from="^http://(www|old|super)\.motor\.ru/" to="https://motor.ru/" />
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/mousejack.com.xml b/src/chrome/content/rules/mousejack.com.xml
new file mode 100644
index 000000000000..01f2a43e67f7
--- /dev/null
+++ b/src/chrome/content/rules/mousejack.com.xml
@@ -0,0 +1,50 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.mousejack.com/ => https://www.mousejack.com/: Too many redirects while fetching 'https://www.mousejack.com/'
+Fetch error: http://mousejack.com/ => https://www.mousejack.com/: Too many redirects while fetching 'https://www.mousejack.com/'
+
+	^mousejack.com: Mismatched
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- www.mousejack.com
+		- .www.mousejack.com
+
+
+	Mixed content:
+
+		- css from fonts.googleapis.com ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="MouseJack.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.mousejack.com" />
+
+	<!--	Complications:
+				-->
+	<target host="mousejack.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.mousejack\.com$" name="^langauge$" /-->
+	<!--securecookie host="^\.www\.mousejack\.com$" name="^is_mobile$" /-->
+
+	<securecookie host="^\." name="^__qca$" />
+	<securecookie host="^\w" name=".+" />
+	<securecookie host="^\.www\." name=".+" />
+
+
+	<rule from="^http://mousejack\.com/"
+		to="https://www.mousejack.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/movistar.es.xml b/src/chrome/content/rules/movistar.es.xml
new file mode 100644
index 000000000000..dcbee10b8f98
--- /dev/null
+++ b/src/chrome/content/rules/movistar.es.xml
@@ -0,0 +1,123 @@
+<!--
+	Certificate Chain Issue:
+		descargaseguridad.negocios.movistar.es
+		redeslimpias.movistar.es
+	Invalid Certificate:
+		movistar.es
+		aquiestoy.movistar.es
+		aula365.movistar.es
+		www.ayuda.movistar.es
+		www.canalcliente.movistar.es
+		www.cloud.movistar.es
+		conexionsegura.movistar.es
+		synthetic.conexionsegura.movistar.es
+		widget.conexionsegura.movistar.es
+		descargaseguridad.movistar.es
+		actualizacion.e.movistar.es
+		correo365.e.movistar.es
+		www.emocion.movistar.es
+		www.enviamensajes.movistar.es
+		familiadigital.movistar.es
+		guru.movistar.es
+		hierroendirecto.movistar.es
+		www.hoyempiezoavivirlatele.movistar.es
+		internetagil2.movistar.es
+		mensajerianegocios.movistar.es
+		optimizacionrpv.movistar.es
+		nfc.movistar.es
+		www.nuevocanalpremium.movistar.es
+		ofertas.movistar.es
+		www.porser.movistar.es
+		premium.movistar.es
+		www.protege.movistar.es
+		weber.mitel.foa.pvg.movistar.es
+		www.segundalinea.movistar.es
+		series.movistar.es
+		www.servicios.movistar.es
+		testdevelocidad.movistar.es
+		www.tarifas.movistar.es
+	Secure Connection Failed:
+		artsy.movistar.es
+		magazine.movistar.es
+		vive.movistar.es
+		www.vive.movistar.es
+	Redirects to HTTP:
+		aplicateca.movistar.es
+		emocion.movistar.es
+		yavoy.movistar.es
+	Unable to Connect:
+		www.cat.canalpremium.movistar.es
+		configuratumovil.movistar.es
+		holacasa.movistar.es
+		www.movilesydispositivos.movistar.es
+		yavoymobile.movistar.es
+	Timeout:
+		freescan.movistar.es
+		modulos.movistar.es
+		movilseguro.movistar.es
+		packseguridadmovil.movistar.es
+		seguridadmovilempresas.movistar.es
+-->
+<ruleset name="movistar.es">
+	<target host="movistar.es" />
+	<target host="www.movistar.es" />
+	<target host="www.accesoremoto.movistar.es" />
+	<target host="appmimovistar.movistar.es" />
+	<target host="atencionalcliente.movistar.es" />
+	<target host="www.recargas.canalcliente.movistar.es" />
+	<target host="www.catalogomoviles.movistar.es" />
+	<target host="centroseguridad.movistar.es" />
+	<target host="cloud.movistar.es" />
+	<target host="comunidad.movistar.es" />
+	<target host="comunidad-stage.movistar.es" />
+	<target host="comunidadwifi.movistar.es" />
+	<target host="gestorpersonal.corporateip.movistar.es" />
+	<target host="www.gestorpersonal.corporateip.movistar.es" />
+	<target host="correo.movistar.es" />
+	<target host="ds-mdm.movistar.es" />
+	<target host="correotnet.e.movistar.es" />
+	<target host="soporte-tnet.e.movistar.es" />
+	<target host="emoivbs.movistar.es" />
+	<target host="empresas.movistar.es" />
+	<target host="enviamensajes.movistar.es" />
+	<target host="esports.movistar.es" />
+	<target host="fusionempresas.movistar.es" />
+	<target host="grabador.movistar.es" />
+	<target host="grupodesalto.movistar.es" />
+	<target host="www.integra.movistar.es" />
+	<target host="internetagil.movistar.es" />
+	<target host="likes.movistar.es" />
+	<target host="www.likes.movistar.es" />
+	<target host="mdm.movistar.es" />
+	<target host="www.mensajerianegocios.movistar.es" />
+	<target host="mensajeriaweb.movistar.es" />
+	<target host="micloud.movistar.es" />
+	<target host="micoberturamovil.movistar.es" />
+	<target host="misegundalinea.movistar.es" />
+	<target host="mispagos.movistar.es" />
+	<target host="money.movistar.es" />
+	<target host="mscorreo.movistar.es" />
+	<target host="centroseguridad.negocios.movistar.es" />
+	<target host="nubico.movistar.es" />
+	<target host="opensms.movistar.es" />
+	<target host="pagos.movistar.es" />
+	<target host="pagosonline.movistar.es" />
+	<target host="porser.movistar.es" />
+	<target host="presencia.movistar.es" />
+	<target host="promociones.movistar.es" />
+	<target host="www.protecciondatos.movistar.es" />
+	<target host="protege.movistar.es" />
+	<target host="protegefamilia.movistar.es" />
+	<target host="www.protegefamilia.movistar.es" />
+	<target host="mbgw.mitel.foa.pvg.movistar.es" />
+	<target host="micollab6.mitel.foa.pvg.movistar.es" />
+	<target host="segundalinea.movistar.es" />
+	<target host="simcheck.movistar.es" />
+	<target host="spotify.movistar.es" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://movistar\.es/" to="https://www.movistar.es/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/moz.com.xml b/src/chrome/content/rules/moz.com.xml
new file mode 100644
index 000000000000..3975087f481e
--- /dev/null
+++ b/src/chrome/content/rules/moz.com.xml
@@ -0,0 +1,14 @@
+<!--
+health.moz.com ¹
+
+
+¹ mismatch
+-->
+<ruleset name="moz.com">
+	<target host="moz.com" />
+	<target host="www.moz.com" />
+	<target host="analytics.moz.com" />
+	<target host="ux.moz.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/mozfr.org.xml b/src/chrome/content/rules/mozfr.org.xml
new file mode 100644
index 000000000000..6e97ac281b73
--- /dev/null
+++ b/src/chrome/content/rules/mozfr.org.xml
@@ -0,0 +1,17 @@
+<ruleset name="mozfr.org">
+	<target host="mozfr.org" />
+	<target host="www.mozfr.org" />
+	<target host="blog.mozfr.org" />
+	<target host="firefoxos.mozfr.org" />
+	<target host="forums.mozfr.org" />
+	<target host="nightly.mozfr.org" />
+	<target host="notreinternet.mozfr.org" />
+	<target host="piwik.mozfr.org" />
+	<target host="planete.mozfr.org" />
+	<target host="tech.mozfr.org" />
+	<target host="wiki.mozfr.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/mozillazine-fr.xml b/src/chrome/content/rules/mozillazine-fr.xml
new file mode 100644
index 000000000000..9ced19ed47c9
--- /dev/null
+++ b/src/chrome/content/rules/mozillazine-fr.xml
@@ -0,0 +1,42 @@
+<!--
+	Problematic hosts in *mozillazine-fr.org:
+
+		- cname ᵐ
+		- www ᵐ
+
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- mozillazine-fr.org
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="mozillaZine-fr.org (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="mozillazine-fr.org" />
+	<!-- <target host="cname.mozillazine-fr.org" /> -->
+
+	<!--	Complications:
+				-->
+	<target host="www.mozillazine-fr.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^mozillazine-fr\.org$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://www\.mozillazine-fr\.org/"
+		to="https://mozillazine-fr.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/mp3scene.info.xml b/src/chrome/content/rules/mp3scene.info.xml
new file mode 100644
index 000000000000..342d7cdbb427
--- /dev/null
+++ b/src/chrome/content/rules/mp3scene.info.xml
@@ -0,0 +1,8 @@
+<ruleset name="mp3scene.info">
+	<target host="mp3scene.info" />
+	<target host="www.mp3scene.info" />
+	<target host="hawking.mp3scene.info" />
+	<target host="stage.mp3scene.info" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/mpfemployers.org.uk.xml b/src/chrome/content/rules/mpfemployers.org.uk.xml
new file mode 100644
index 000000000000..7f26869aad07
--- /dev/null
+++ b/src/chrome/content/rules/mpfemployers.org.uk.xml
@@ -0,0 +1,24 @@
+<!--
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Insecure cookies are set for these domains:
+
+		- .mpfemployers.org.uk
+
+-->
+<ruleset name="MPF Employers.org.uk">
+
+	<target host="mpfemployers.org.uk" />
+	<target host="www.mpfemployers.org.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.mpfemployers\.org\.uk$" name="^SESS[\da-f]{32}$" /-->
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/mpfmembers.org.uk.xml b/src/chrome/content/rules/mpfmembers.org.uk.xml
new file mode 100644
index 000000000000..8dea9ea3c08f
--- /dev/null
+++ b/src/chrome/content/rules/mpfmembers.org.uk.xml
@@ -0,0 +1,17 @@
+<!--
+	For other UK government coverage, see GOV.UK.xml.
+
+-->
+<ruleset name="MPF Members.org.uk">
+
+	<target host="mpfmembers.org.uk" />
+	<target host="www.mpfmembers.org.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/mpfund.uk.xml b/src/chrome/content/rules/mpfund.uk.xml
new file mode 100644
index 000000000000..589380c1aa56
--- /dev/null
+++ b/src/chrome/content/rules/mpfund.uk.xml
@@ -0,0 +1,17 @@
+<!--
+	For other UK government coverage, see GOV.UK.xml.
+
+-->
+<ruleset name="MPFund.uk">
+
+	<target host="mpfund.uk" />
+	<target host="www.mpfund.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/mpg123.org.xml b/src/chrome/content/rules/mpg123.org.xml
new file mode 100644
index 000000000000..a1b12533052c
--- /dev/null
+++ b/src/chrome/content/rules/mpg123.org.xml
@@ -0,0 +1,6 @@
+<ruleset name="mpg123.org">
+	<target host="mpg123.org" />
+	<target host="www.mpg123.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/mppglobal.com.xml b/src/chrome/content/rules/mppglobal.com.xml
new file mode 100644
index 000000000000..91a6bc8fac51
--- /dev/null
+++ b/src/chrome/content/rules/mppglobal.com.xml
@@ -0,0 +1,35 @@
+<!--
+	^mppglobal.com: Mismatched
+	www.mppglobal.com: Expired, self-signed
+
+
+	Insecure cookies are set for these hosts:
+
+		- payments.mppglobal.com
+		- paymentsuat.mppglobal.com
+		- sky.mppglobal.com
+
+-->
+<ruleset name="MPP Global.com (partial)">
+
+	<target host="payments.mppglobal.com" />
+	<target host="paymentsuat.mppglobal.com" />
+	<target host="sky.mppglobal.com" />
+	<target host="support.mppglobal.com" />
+
+		<!--	Sets cookie without Secure:
+							-->
+		<!--test url="http://payments.mppglobal.com/ishop/532/iPayPaymentPage.aspx?guid=" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:payments|paymentsuat|sky)\.mppglobal\.com$" name="^TS[\da-f]+$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/msgme.com.xml b/src/chrome/content/rules/msgme.com.xml
new file mode 100644
index 000000000000..46c0e706cc24
--- /dev/null
+++ b/src/chrome/content/rules/msgme.com.xml
@@ -0,0 +1,22 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://msgme.com/ => https://msgme.com/: (51, "SSL: no alternative certificate subject name matches target host name 'msgme.com'")
+Fetch error: http://www.msgme.com/ => https://www.msgme.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.msgme.com'")
+
+	For other Waterfall International coverage, see waterfall.com.xml.
+
+-->
+<ruleset name="Msgme.com" default_off="failed ruleset test">
+
+	<target host="msgme.com" />
+	<target host="www.msgme.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/msgsafe.io.xml b/src/chrome/content/rules/msgsafe.io.xml
new file mode 100644
index 000000000000..ef0ba0b80582
--- /dev/null
+++ b/src/chrome/content/rules/msgsafe.io.xml
@@ -0,0 +1,20 @@
+<!--
+	Timeout:
+		- msgsafe.io
+-->
+<ruleset name="msgsafe.io">
+	<target host="msgsafe.io" />
+	<target host="www.msgsafe.io" />
+	<target host="api.msgsafe.io" />
+	<target host="api1.msgsafe.io" />
+	<target host="api2.msgsafe.io" />
+	<target host="api3.msgsafe.io" />
+	<target host="api4.msgsafe.io" />
+	<target host="chat.msgsafe.io" />
+	<target host="chat-lb1-us.msgsafe.io" />
+	<target host="help.msgsafe.io" />
+	<target host="sapi.msgsafe.io" />
+
+	<rule from="^http://msgsafe\.io/" to="https://www.msgsafe.io/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/mshcdn.com.xml b/src/chrome/content/rules/mshcdn.com.xml
new file mode 100644
index 000000000000..b4cbd77dafa9
--- /dev/null
+++ b/src/chrome/content/rules/mshcdn.com.xml
@@ -0,0 +1,52 @@
+<!--
+	For related Mashable rules, see Mashable.com.xml
+
+	Invalid certificate:
+		mshcdn.com
+		root.mshcdn.com
+
+-->
+<ruleset name="mshcdn.com">
+
+	<target host="0.mshcdn.com" />
+		<test url="http://0.mshcdn.com/media/" />
+	<target host="1.mshcdn.com" />
+		<test url="http://1.mshcdn.com/media/" />
+	<target host="2.mshcdn.com" />
+		<test url="http://2.mshcdn.com/media/" />
+	<target host="3.mshcdn.com" />
+		<test url="http://3.mshcdn.com/media/" />
+	<target host="4.mshcdn.com" />
+		<test url="http://4.mshcdn.com/media/" />
+	<target host="5.mshcdn.com" />
+		<test url="http://5.mshcdn.com/media/" />
+	<target host="6.mshcdn.com" />
+		<test url="http://6.mshcdn.com/media/" />
+	<target host="7.mshcdn.com" />
+		<test url="http://7.mshcdn.com/media/" />
+	<target host="8.mshcdn.com" />
+		<test url="http://8.mshcdn.com/media/" />
+	<target host="9.mshcdn.com" />
+		<test url="http://9.mshcdn.com/media/" />
+
+	<target host="rack.0.mshcdn.com" />
+		<test url="http://rack.0.mshcdn.com/media/" />
+	<target host="rack.1.mshcdn.com" />
+		<test url="http://rack.1.mshcdn.com/media/" />
+	<target host="rack.2.mshcdn.com" />
+		<test url="http://rack.2.mshcdn.com/media/" />
+	<target host="rack.3.mshcdn.com" />
+		<test url="http://rack.3.mshcdn.com/media/" />
+
+	<target host="amz.mshcdn.com" />
+		<test url="http://amz.mshcdn.com/media/" />
+	<target host="a.amz.mshcdn.com" />
+		<test url="http://a.amz.mshcdn.com/assets/app-09a8a7d2a60224249c65d72811faad829e9631699196fda50101f81092474cb8.css" />
+	<target host="i.amz.mshcdn.com" />
+		<test url="http://i.amz.mshcdn.com/UF3IBB5_etCpxeMG_Q82mqz88gA=/364x130/https://blueprint-api-production.s3.amazonaws.com/uploads/story/thumbnail/65305/14abb0f3-979a-45b4-b04c-3a120ca8947d.jpg" />
+		<!-- Time out -->
+		<exclusion pattern="^http://i\.amz\.mshcdn\.com/$" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/msl24.de.xml b/src/chrome/content/rules/msl24.de.xml
new file mode 100644
index 000000000000..5d73ed37faf5
--- /dev/null
+++ b/src/chrome/content/rules/msl24.de.xml
@@ -0,0 +1,10 @@
+<ruleset name="msl24.de">
+
+	<target host="msl24.de" />
+	<target host="www.msl24.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/msra.cn.xml b/src/chrome/content/rules/msra.cn.xml
new file mode 100644
index 000000000000..023a49d2da85
--- /dev/null
+++ b/src/chrome/content/rules/msra.cn.xml
@@ -0,0 +1,22 @@
+<!--	redirect to http
+	- msra.cn
+	- couplet.msra.cn
+	- duilian.msra.cn
+	- libra.msra.cn
+	- needleseek.msra.cn
+	- www.msra.cn
+-->
+
+<!--	refused
+	- engkoo.msra.cn
+	- probase.msra.cn
+	- urbanair.msra.cn
+-->
+
+<ruleset name="msra.cn (partial)">
+
+	<target host="studentclub.msra.cn" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/mstrok.ru.xml b/src/chrome/content/rules/mstrok.ru.xml
new file mode 100644
index 000000000000..58b5b16dc7d3
--- /dev/null
+++ b/src/chrome/content/rules/mstrok.ru.xml
@@ -0,0 +1,17 @@
+<!--
+hackertrace1.internal.nsa.gov.mstrok.ru ¹
+hackertrace2.internal.nsa.gov.mstrok.ru ¹
+hackertrace3.internal.nsa.gov.mstrok.ru ¹
+hackertrace4.internal.nsa.gov.mstrok.ru ¹
+w.mstrok.ru ¹
+ww.mstrok.ru ¹
+
+
+¹ mismatch
+-->
+<ruleset name="mstrok.ru">
+	<target host="mstrok.ru" />
+	<target host="www.mstrok.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/msu.edu.xml b/src/chrome/content/rules/msu.edu.xml
index b1495b5f4e58..9001693b7185 100644
--- a/src/chrome/content/rules/msu.edu.xml
+++ b/src/chrome/content/rules/msu.edu.xml
@@ -1,23 +1,36 @@
-<!-- Suggested by Christopher Liu
-     https://mail1.eff.org/pipermail/https-everywhere-rules/2012-April/001096.html
-     -->
-<ruleset name="Michigan State University (partial)" default_off="Have not caught all exclusion patterns">
-    <target host="msu.edu" />
-    <target host="*.msu.edu" />
+<!--
+	Other Michigan State University rulesets:
+		+ Animal_Law.info.xml
+ -->
+<ruleset name="Michigan State University (partial)">
+	<target host="msu.edu" />
+	<target host="www.msu.edu" />
+	<target host="admissions.msu.edu" />
+	<target host="cse.msu.edu" />
+	<target host="www.cse.msu.edu" />
+	<target host="events.msu.edu" />
+	<target host="grad.msu.edu" />
+	<target host="login.msu.edu" />
+	<target host="math.msu.edu" />
+	<target host="provost.msu.edu" />
+	<target host="reg.msu.edu" />
+	<target host="shop.msu.edu" />
+	<target host="spartanspiritshop.msu.edu" />
+	<target host="techstore.msu.edu" />
+	<target host="shop.union.msu.edu" />
 
-    <!-- several subdomains do not have a certificate or their certificates are
-         self-signed, so we have to exclude them from the ruleset. -->
-    <exclusion pattern="^http://(grad|acadgov|trustees|president|provost|ur|rha)\." />
-    <exclusion pattern="^http://www\.(vprgs|vpfo|vps|canr)\." />
-    <!-- Need to pull more exclusions from here:
-         https://www.msu.edu/about/thisismsu/board-admin/index.html -->
+	<!--
+		several subdomains do not have a certificate or their certificates are
+			self-signed, so we have to exclude them from the ruleset.
 
-    <rule from="^http://msu\.edu/" to="https://msu.edu/" />
+		<exclusion pattern="^http://(?:grad|acadgov|trustees|president|provost|ur|rha)\." />
+		<exclusion pattern="^http://www\.(?:vprgs|vpfo|vps|canr)\." />
 
-    <rule from="^http://([^/:@\.]+\.)msu\.edu/"
-        to="https://$1msu.edu/" />
+		Need to pull more exclusions from here:
+			https://www.msu.edu/about/thisismsu/board-admin/index.html
+	-->
 
-    <!-- The domain they use is actually .msu.edu but just in case they change
-         it, I thought I'd cover them using www.msu.edu as well. -->
-    <securecookie host="^(www)?\.msu\.edu" name=".*" />
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/mtel.ru.xml b/src/chrome/content/rules/mtel.ru.xml
new file mode 100644
index 000000000000..e415af40fb38
--- /dev/null
+++ b/src/chrome/content/rules/mtel.ru.xml
@@ -0,0 +1,13 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://lk.mtel.ru/ => https://lk.mtel.ru/: (60, 'SSL certificate problem: certificate has expired')
+
+mtel.ru mismatch
+www.mtel.ru mismatch
+-->
+<ruleset name="mtel.ru (partial)" default_off="failed ruleset test">
+	<target host="lk.mtel.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/mts.ru.xml b/src/chrome/content/rules/mts.ru.xml
new file mode 100644
index 000000000000..fee4c5aea3cd
--- /dev/null
+++ b/src/chrome/content/rules/mts.ru.xml
@@ -0,0 +1,152 @@
+<!--
+	NB: s://ihelper.../$ redirects to s:... 404
+	?=> fetch test failure
+
+
+	CDN buckets:
+
+		- static.cloud.mts.ru.s3.amazonaws.com
+		- d1j46bxa9z1wjf.cloudfront.net
+
+
+	Problematic hosts in *mts.ru:
+
+		- (www.)? ᵐ
+		- brand ᵐ
+		- nonstop ᶜ
+		- online ᶜ
+		- static ᵐ
+		- vm ᵐ
+
+	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
+	ᵐ Mismatched
+
+
+	Partially covered hosts in *mts.ru:
+
+		- (www.)?shop ʰ
+
+	ʰ >=1 path redirect to http
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .mts.ru
+		- cloud.mts.ru
+		- login.mts.ru
+		- oauth.mts.ru
+		- .shop.mts.ru
+		- www.shop.mts.ru
+
+
+	Mixed content:
+
+		- Image, on:
+
+			- cloud from static.cloud.mts.ru.s3.amazonaws.com
+			- www from static.mts.ru
+
+-->
+<ruleset name="MTS.ru (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="autopay.mts.ru" />
+	<target host="bl.mts.ru" />
+	<target host="cloud.mts.ru" />
+	<target host="ihelper.mts.ru" />
+	<target host="login.mts.ru" />
+	<!--target host="nonstop.mts.ru" /-->
+	<target host="oauth.mts.ru" />
+	<!--target host="online.mts.ru" /-->
+	<target host="pay.mts.ru" />
+	<target host="shop.mts.ru" />
+	<target host="www.shop.mts.ru" />
+
+	<target host="*.ssl.mts.ru" />
+
+		<test url="http://20.ssl.mts.ru/" />
+		<test url="http://anketa.ssl.mts.ru/" />
+		<test url="http://bonus.ssl.mts.ru/" />
+		<test url="http://ensendsms.ssl.mts.ru/" />
+		<test url="http://lk.ssl.mts.ru/" />
+		<test url="http://migration.ssl.mts.ru/" />
+		<test url="http://partners.ssl.mts.ru/" />
+		<test url="http://rabota.ssl.mts.ru/" />
+		<test url="http://sendmms.ssl.mts.ru/" />
+		<test url="http://sendsms.ssl.mts.ru/" />
+		<test url="http://smspro.ssl.mts.ru/" />
+
+	<!--	Complications:
+				-->
+	<target host="vm.mts.ru" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://(?:www\.)?shop\.mts\.ru/personal/basket/export/mini_basket\.html" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://(?:www\.)?shop\.mts\.ru/(?!/*(?:$|\?|bitrix/(?:components|templates|tmp)/|design/css/|design/jscroll/.+\.css|favicon\.ico|images/|personal/basket/export/[^/]+\.css|upload/))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://shop.mts.ru/personal/basket/export/mini_basket.html" />
+			<test url="http://www.shop.mts.ru/avto-elektronika/" />
+			<test url="http://www.shop.mts.ru/gps-trekery/" />
+			<test url="http://www.shop.mts.ru/komplekty_sputnikovogo_tv/" />
+			<test url="http://www.shop.mts.ru/mobilnyye-telefony/" />
+			<test url="http://www.shop.mts.ru/personal/basket/export/mini_basket.html" />
+			<test url="http://www.shop.mts.ru/planshety/intel/" />
+			<test url="http://www.shop.mts.ru/planshety/wexler/" />
+			<test url="http://www.shop.mts.ru/smartfony/" />
+			<test url="http://www.shop.mts.ru/smartfony/credit/" />
+			<test url="http://www.shop.mts.ru/smartfony/huawei/" />
+			<test url="http://www.shop.mts.ru/smartfony/texet/" />
+			<test url="http://www.shop.mts.ru/smarttehnika/" />
+			<test url="http://www.shop.mts.ru/smarttehnika/redmond/" />
+			<test url="http://www.shop.mts.ru/stores/" />
+			<test url="http://www.shop.mts.ru/tarify/" />
+			<test url="http://www.shop.mts.ru/televizory/" />
+			<!--test url="http://www.shop.mts.ru/televizory/samsung/" /-->
+
+			<!--	-ve:
+					-->
+			<test url="http://shop.mts.ru/bitrix/components/mts/index.page.sample/templates/.default/style.css" />
+			<test url="http://shop.mts.ru/bitrix/templates/main/components/bitrix/menu/ListAction/style.css" />
+			<test url="http://shop.mts.ru/bitrix/tmp/10000.png" />
+			<test url="http://shop.mts.ru/design/css/oldcss/FormOverride.css" />
+			<test url="http://shop.mts.ru/design/jscroll/jScrollHorizontalPane.css" />
+			<test url="http://www.shop.mts.ru/favicon.ico" />
+			<test url="http://www.shop.mts.ru/images/samsung-link.png" />
+			<test url="http://www.shop.mts.ru/personal/basket/export/mini_basket.css?v=6" />
+			<test url="http://www.shop.mts.ru/upload/iblock/318/resized_smartfon-galaxy-s7-32gb-g930-lte-black-onyx-1000-1.jpg" />
+
+		<!--	$ 403s, so:
+					-->
+		<test url="http://ihelper.mts.ru/selfcare/product-2-view.aspx" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.mts\.ru$" name="^(?:AMAuthCookie|BITRIX_SM_BASKET_QUANTITY_MTS_PRIVAT|GeoCookie|MTSSSLCluster|amlbcookie|login\\.mts\\.ru\\.logout)$" /-->
+	<!--securecookie host="^cloud\.mts\.ru$" name="^sessionid$" /-->
+	<!--securecookie host="^ihelper\.mts\.ru$" name="^sessionid-services$" /-->
+	<!--securecookie host="^login\.mts\.ru$" name="^JSESSIONID$" /-->
+	<!--securecookie host="^oauth\.mts\.ru$" name="^(?:JSESSIONID|sentPasswordToNum)$" /-->
+	<!--securecookie host="^online\.mts\.ru$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^pay\.mts\.ru$" name="^(?:CSRFToken|JSESSIONID|regionCode|regionCodeAnonymous|sessionid-services)$" /-->
+	<!--securecookie host="^\.shop\.mts\.ru$" name="^(?:BITRIX_SM_(?:BASKET_QUANTITY_PRIVATE|BASKET_REGIONS|PROMO_SUBSCRIBE|SALE_UID)|PHPSESSID|REGION_CODE)$" /-->
+	<!--securecookie host="^www.shop\.mts\.ru$" name="^VISIT$" /-->
+
+	<securecookie host="^[^.sw]" name=".+" />
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+
+
+	<rule from="^http://vm\.mts\.ru/"
+		to="https://vm.ssl.mts.ru/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/mtswelding.co.uk.xml b/src/chrome/content/rules/mtswelding.co.uk.xml
new file mode 100644
index 000000000000..b0f7fbc1f3e6
--- /dev/null
+++ b/src/chrome/content/rules/mtswelding.co.uk.xml
@@ -0,0 +1,45 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://mtswelding.co.uk/wp-content/themes/mtswelding_responsive/images/button_bullet.png => https://mtswelding.co.uk/wp-content/themes/mtswelding_responsive/images/button_bullet.png: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.mtswelding.co.uk/wp-content/plugins/sitemap/css/page-list.css => https://mtswelding.co.uk/wp-content/plugins/sitemap/css/page-list.css: (60, 'SSL certificate problem: certificate has expired')
+
+	www.mtswelding.co.uk: Mismatched
+
+-->
+<ruleset name="MTS Welding.co.uk (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="mtswelding.co.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="www.mtswelding.co.uk" />
+
+		<!--	Redirects to s://w...
+						-->
+		<!--exclusion pattern="^http://mtswelding\.co\.uk/(?:$|contact/$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://(?:www\.)?mtswelding\.co\.uk/+(?!wp-content/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://mtswelding.co.uk/about/" />
+			<test url="http://www.mtswelding.co.uk/contact/" />
+
+			<!--	-ve:
+					-->
+			<test url="http://mtswelding.co.uk/wp-content/themes/mtswelding_responsive/images/button_bullet.png" />
+			<test url="http://www.mtswelding.co.uk/wp-content/plugins/sitemap/css/page-list.css" />
+
+
+	<rule from="^http://www\.mtswelding\.co\.uk/"
+		to="https://mtswelding.co.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/mtt.ru.xml b/src/chrome/content/rules/mtt.ru.xml
new file mode 100644
index 000000000000..35bbfec52e3d
--- /dev/null
+++ b/src/chrome/content/rules/mtt.ru.xml
@@ -0,0 +1,23 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://mtt.ru/ => https://mtt.ru/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.mtt.ru/ => https://www.mtt.ru/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+old.mtt.ru expired
+web800.mtt.ru timed out
+callbox.mtt.ru self signed
+dom.mtt.ru mismatch
+uis.mtt.ru timed out
+mil.mtt.ru self signed
+magic.mtt.ru nonexist
+-->
+<ruleset name="mtt.ru" default_off="failed ruleset test">
+	<target host="mtt.ru" />
+	<target host="www.mtt.ru" />
+	<target host="business.mtt.ru" />
+	<target host="voip-lk.mtt.ru" />
+	<target host="wiki.mtt.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/mtv.com.xml b/src/chrome/content/rules/mtv.com.xml
new file mode 100644
index 000000000000..14d3dc5c82be
--- /dev/null
+++ b/src/chrome/content/rules/mtv.com.xml
@@ -0,0 +1,378 @@
+<!--
+	Invalid certificate:
+		allaccess.mtv.com
+		relaunch.api.mtv.com
+		staging.relaunch.api.mtv.com
+		arianagrande.mtv.com
+		artbreaks.mtv.com
+		exodus.artists.mtv.com
+		connect.artists-community.mtv.com
+		at.mtv.com
+		awkward.mtv.com
+		bestnewartist.mtv.com
+		buzzworthy.mtv.com
+		connect.mtv.com
+		demilovato.mtv.com
+		ema-twittertracker.mtv.com
+		email.mtv.com
+		b.email.mtv.com
+		f.email.mtv.com
+		m.email.mtv.com
+		reg.email.mtv.com
+		exodus.mtv.com
+		hottest.mtv.com
+		images1.mtv.com
+		images3.mtv.com
+		images4.mtv.com
+		lyncdiscover.mtv.com
+		ma-twittertracker.mtv.com
+		miley.mtv.com
+		mtv2.mtv.com
+		music.mtv.com
+		news.mtv.com
+		ohlove.mtv.com
+		outin60.mtv.com
+		pioneers.mtv.com
+		plainjane.mtv.com
+		push.mtv.com
+		relaunch-search.mtv.com
+		ruleswitcher.mtv.com
+		safesext.mtv.com
+		sc.mtv.com
+		exodus.shop.mtv.com
+		sip.mtv.com
+		socialvote.mtv.com
+		songofsummer.mtv.com
+		strike.mtv.com
+		cdn.style.mtv.com
+		summertweets.mtv.com
+		topdeck.mtv.com
+		torikelly.mtv.com
+		townhall-twittertracker.mtv.com
+		tweettracker.mtv.com
+		twittertracker.mtv.com
+		topspin-stage.video.mtv.com
+		vmacreate-app.mtv.com
+		vmas.mtv.com
+		vmavote.mtv.com
+		worldstage.mtv.com
+
+	Redirect to HTTP:
+		articles.mtv.com
+		lgbt.mtv.com
+		mama.mtv.com
+		toyota.mtv.com
+		www.toyota.mtv.com
+		vmasweepstakes.mtv.com
+		whiteness.mtv.com
+		www.whiteness.mtv.com
+
+	Refused:
+		feeds.mtv.com
+
+	Time out:
+		origin.www.mtv.com
+		origin.api.mtv.com
+		origin.relaunch.api.mtv.com
+		artists.mtv.com
+		www.artists.mtv.com
+		artistsupport.mtv.com
+		amfam.mtv.com
+		auth.mtv.com
+		backstagepass.mtv.com
+		clutch.mtv.com
+		code.mtv.com
+		codysimpson.mtv.com
+		community.mtv.com
+		covermoment.mtv.com
+		dance.mtv.com
+		discovergreat.mtv.com
+		edonor.mtv.com
+		election.mtv.com
+		c.mx.email.mtv.com
+		d.mx.email.mtv.com
+		a.ns.email.mtv.com
+		b.ns.email.mtv.com
+		e.ns.email.mtv.com
+		f.ns.email.mtv.com
+		fanta.mtv.com
+		ffbonus.mtv.com
+		www.ffbonus.mtv.com
+		gamedrop.mtv.com
+		gamedropblog.mtv.com
+		geek.mtv.comom
+		geek-news.mtv.com
+		gorillaz.mtv.com
+		guycodeblog.mtv.com
+		hatsblog.mtv.com
+		headbangersblog.mtv.com
+		hollywoodcrush.mtv.com
+		jerseyshore.mtv.com
+		jp.mtv.com
+		labsblog.mtv.com
+		mail01.mtv.com
+		mail02.mtv.com
+		mail03.mtv.com
+		mail04.mtv.com
+		mail10.mtv.com
+		mail11.mtv.com
+		mailw.mtv.com
+		movies.mtv.com
+		www.movies.mtv.com
+		moviesblog.mtv.com
+		msg.mtv.com
+		mtvawards.mtv.com
+		mtvblog.mtv.com
+		mtvshop.mtv.com
+		multiplayerblog.mtv.c
+		newsroom.mtv.com
+		northpalmwrestling.mtv.com
+		o.mtv.com
+		posting.mtv.com
+		rapfix.mtv.com
+		remotecontrol.mtv.com
+		ridicbonus.mtv.com
+		www.ridicbonus.mtv.com
+		splashpage.mtv.com
+		store.mtv.com
+		style.mtv.com
+		suckerfreeblog.mtv.com
+		tld_jcpenney.mtv.com
+		think.mtv.com
+		tj.mtv.com
+		vmatimeline.mtv.com
+		webplex.mtv.com
+		www2.mtv.com
+		xbox.mtv.com
+		youarehereblog.mtv.com
+		your.mtv.com
+		yourhere.mtv.com
+		yourhereblog.mtv.com
+
+	Unreachable:
+		appqa.mtv.com
+		artists-community.mtv.com
+		qa.mtv.com
+		verticals.mtv.com
+-->
+<ruleset name="mtv.com">
+	<target host="mtv.com" />
+	<target host="www.mtv.com" />
+	<target host="16andpregnant.mtv.com" />
+	<target host="www.16andpregnant.mtv.com" />
+	<target host="16andrecovering.mtv.com" />
+	<target host="www.16andrecovering.mtv.com" />
+	<target host="2020code.mtv.com" />
+	<target host="www.2020code.mtv.com" />
+	<target host="act.mtv.com" />
+	<target host="staging.api.mtv.com" />
+	<target host="artistontherise-vote.mtv.com" />
+	<target host="artisttool.mtv.com" />
+	<target host="buckwild.mtv.com" />
+	<target host="www.buckwild.mtv.com" />
+	<target host="buschfamilybrewed.mtv.com" />
+	<target host="www.buschfamilybrewed.mtv.com" />
+	<target host="casting.mtv.com" />
+	<target host="www.casting.mtv.com" />
+	<target host="castingcalls.mtv.com" />
+	<target host="www.castingcalls.mtv.com" />
+	<target host="catfish.mtv.com" />
+	<target host="www.catfish.mtv.com" />
+	<target host="catfishthetvshow.mtv.com" />
+	<target host="www.catfishthetvshow.mtv.com" />
+	<target host="challenge.mtv.com" />
+	<target host="www.challenge.mtv.com" />
+	<target host="change.mtv.com" />
+	<target host="class.mtv.com" />
+	<target host="clubmtv.mtv.com" />
+	<target host="www.clubmtv.mtv.com" />
+	<target host="comingsoon.mtv.com" />
+	<target host="www.comingsoon.mtv.com" />
+	<target host="conversationsincontext.mtv.com" />
+	<target host="www.conversationsincontext.mtv.com" />
+	<target host="cosign.mtv.com" />
+	<target host="ctsgettingmarried.mtv.com" />
+	<target host="www.ctsgettingmarried.mtv.com" />
+	<target host="dancesfromthahood.mtv.com" />
+	<target host="decoded.mtv.com" />
+	<target host="www.decoded.mtv.com" />
+	<target host="deliciousness.mtv.com" />
+	<target host="www.deliciousness.mtv.com" />
+	<target host="doubleshot.mtv.com" />
+	<target host="www.doubleshot.mtv.com" />
+	<target host="doubleshotatlove.mtv.com" />
+	<target host="www.doubleshotatlove.mtv.com" />
+	<target host="dream.mtv.com" />
+	<target host="ednstest.mtv.com" />
+	<target host="ema.mtv.com" />
+	<target host="enough.mtv.com" />
+	<target host="exonthebeach.mtv.com" />
+	<target host="www.exonthebeach.mtv.com" />
+	<target host="extragum.mtv.com" />
+	<target host="familiesofthemafia.mtv.com" />
+	<target host="www.familiesofthemafia.mtv.com" />
+	<target host="family.mtv.com" />
+	<target host="familytofamily.mtv.com" />
+	<target host="files.mtv.com" />
+	  <test url="http://files.mtv.com/rules/Toyota_sweepstakes_rules_2019.pdf" />
+	<target host="firstdateout.mtv.com" />
+	<target host="floribamashore.mtv.com" />
+	<target host="www.floribamashore.mtv.com" />
+	<target host="gameofclones.mtv.com" />
+	<target host="www.gameofclones.mtv.com" />
+	<target host="ghosted.mtv.com" />
+	<target host="www.ghosted.mtv.com" />
+	<target host="ghostedcasting.mtv.com" />
+	<target host="www.ghostedcasting.mtv.com" />
+	<target host="ghostedlovegonemissing.mtv.com" />
+	<target host="www.ghostedlovegonemissing.mtv.com" />
+	<target host="guys.mtv.com" />
+	<target host="hangout.mtv.com" />
+	<target host="www.hangout.mtv.com" />
+	<target host="hangoutfest.mtv.com" />
+	<target host="www.hangoutfest.mtv.com" />
+	<target host="hangoutfestival.mtv.com" />
+	<target host="www.hangoutfestival.mtv.com" />
+	<target host="hero.mtv.com" />
+	<target host="howfaristattoofar.mtv.com" />
+	<target host="immigration.mtv.com" />
+	<target host="www.immigration.mtv.com" />
+	<target host="www.iwantmymusic.mtv.com" />
+	<target host="iwd.mtv.com" />
+	<target host="katyperry.pepsi.mtv.com" />
+	<target host="lgbtq.mtv.com" />
+	<target host="lindsaylohan.mtv.com" />
+	<target host="www.lindsaylohan.mtv.com" />
+	<target host="lindsaylohanbeachclub.mtv.com" />
+	<target host="www.lindsaylohanbeachclub.mtv.com" />
+	<target host="m.mtv.com" />
+	<target host="madeinstatenisland.mtv.com" />
+	<target host="www.madeinstatenisland.mtv.com" />
+	<target host="mb.mtv.com" />
+	<target host="metoo.mtv.com" />
+	<target host="mlk.mtv.com" />
+	<target host="mms.mtv.com" />
+	<target host="www.mms.mtv.com" />
+	<target host="mom.mtv.com" />
+	<target host="movieandtvawards.mtv.com" />
+	<target host="movieawards.mtv.com" />
+	<target host="movieoftheyear.mtv.com" />
+	<target host="movietvawards.mtv.com" />
+	<target host="mtva.mtv.com" />
+	<target host="mtvbingo.mtv.com" />
+	<target host="www.mtvbingo.mtv.com" />
+	<target host="mtvfloribamashore.mtv.com" />
+	<target host="www.mtvfloribamashore.mtv.com" />
+	<target host="mtvnewspresents.mtv.com" />
+	<target host="www.mtvnewspresents.mtv.com" />
+	<target host="mtvspecials.mtv.com" />
+	<target host="www.mtvspecials.mtv.com" />
+	<target host="mtvunplugged.mtv.com" />
+	<target host="www.mtvunplugged.mtv.com" />
+	<target host="mwvidcon.mtv.com" />
+	<target host="neda.mtv.com" />
+	<target host="newbeginnings.mtv.com" />
+	<target host="www.newbeginnings.mtv.com" />
+	<target host="onelovemanchester.mtv.com" />
+	<target host="pepsi.mtv.com" />
+	<target host="www.pepsi.mtv.com" />
+	<target host="pride.mtv.com" />
+	<target host="prize.mtv.com" />
+	<target host="www.prize.mtv.com" />
+	<target host="prom.mtv.com" />
+	<target host="race.mtv.com" />
+	<target host="realitycon.mtv.com" />
+	<target host="realworldrealissues.mtv.com" />
+	<target host="reeses.mtv.com" />
+	<target host="register.mtv.com" />
+	<target host="remix.mtv.com" />
+	<target host="revengeprank.mtv.com" />
+	<target host="www.revengeprank.mtv.com" />
+	<target host="ridiculousness.mtv.com" />
+	<target host="www.ridiculousness.mtv.com" />
+	<target host="saveourmom.mtv.com" />
+	<target host="saveourmoms.mtv.com" />
+	<target host="scan.mtv.com" />
+	<target host="scan2.mtv.com" />
+	<target host="shop.mtv.com" />
+	<target host="www.shop.mtv.com" />
+	<target host="shortcircuitz.mtv.com" />
+	<target host="simplemobile.mtv.com" />
+	<target host="www.simplemobile.mtv.com" />
+	<target host="simplemobilefancam.mtv.com" />
+	<target host="www.simplemobilefancam.mtv.com" />
+	<target host="simplemobilewatchparty.mtv.com" />
+	<target host="www.simplemobilewatchparty.mtv.com" />
+	<target host="socialradar.mtv.com" />
+	<target host="soundon.mtv.com" />
+	<target host="www.soundon.mtv.com" />
+	<target host="specials.mtv.com" />
+	<target host="www.specials.mtv.com" />
+	<target host="springbreak.mtv.com" />
+	<target host="www.springbreak.mtv.com" />
+	<target host="ssc.mtv.com" />
+	<target host="stlouissuperman.mtv.com" />
+	<target host="www.stlouissuperman.mtv.com" />
+	<target host="takecontrol.mtv.com" />
+	<target host="www.takecontrol.mtv.com" />
+	<target host="tattoofar.mtv.com" />
+	<target host="teenmom2.mtv.com" />
+	<target host="www.teenmom2.mtv.com" />
+	<target host="teenmomyoungandpregnant.mtv.com" />
+	<target host="www.teenmomyoungandpregnant.mtv.com" />
+	<target host="teenmomyoungmomsclub.mtv.com" />
+	<target host="www.teenmomyoungmomsclub.mtv.com" />
+	<target host="thebuschfamilybrewed.mtv.com" />
+	<target host="www.thebuschfamilybrewed.mtv.com" />
+	<target host="thechallenge.mtv.com" />
+	<target host="www.thechallenge.mtv.com" />
+	<target host="thehillsnewbeginnings.mtv.com" />
+	<target host="www.thehillsnewbeginnings.mtv.com" />
+	<target host="therealcost.mtv.com" />
+	<target host="www.therealcost.mtv.com" />
+	<target host="www.topdeck.mtv.com" />
+	<target host="trans.mtv.com" />
+	<target host="translifeline.mtv.com" />
+	<target host="trl.mtv.com" />
+	<target host="trltop10.mtv.com" />
+	<target host="truelifecrime.mtv.com" />
+	<target host="www.truelifecrime.mtv.com" />
+	<target host="truelifenow.mtv.com" />
+	<target host="www.truelifenow.mtv.com" />
+	<target host="truelifepresentsquarantinestories.mtv.com" />
+	<target host="www.truelifepresentsquarantinestories.mtv.com" />
+	<target host="truelifequarantinestories.mtv.com" />
+	<target host="www.truelifequarantinestories.mtv.com" />
+	<target host="truth.mtv.com" />
+	<target host="www.truth.mtv.com" />
+	<target host="twix.mtv.com" />
+	<target host="www.twix.mtv.com" />
+	<target host="unplugged.mtv.com" />
+	<target host="www.unplugged.mtv.com" />
+	<target host="vma-twittertracker.mtv.com" />
+	<target host="virtual.mtv.com" />
+	<target host="vmacreate.mtv.com" />
+	<target host="www.vmacreate.mtv.com" />
+	<target host="vote.mtv.com" />
+	<target host="wakeupcall.mtv.com" />
+	<target host="www.wakeupcall.mtv.com" />
+	<target host="wap.mtv.com" />
+	<target host="watchparty.mtv.com" />
+	<target host="www.watchparty.mtv.com" />
+	<target host="watchpartylive.mtv.com" />
+	<target host="www.watchpartylive.mtv.com" />
+	<target host="whitiwore.mtv.com" />
+	<target host="women.mtv.com" />
+	<target host="woodie.mtv.com" />
+	<target host="woodies.mtv.com" />
+	<target host="woodiescosign.mtv.com" />
+	<target host="woodiesfestival.mtv.com" />
+	<target host="worldaidsday.mtv.com" />
+	<target host="www.xbox.mtv.com" />
+	<target host="youngandpregnant.mtv.com" />
+	<target host="www.youngandpregnant.mtv.com" />
+	<target host="youngmomsclub.mtv.com" />
+	<target host="www.youngmomsclub.mtv.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/mtv.fi.xml b/src/chrome/content/rules/mtv.fi.xml
new file mode 100644
index 000000000000..638f2c746ced
--- /dev/null
+++ b/src/chrome/content/rules/mtv.fi.xml
@@ -0,0 +1,75 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://s.mtv.fi/ => https://s.mtv.fi/: (6, 'Could not resolve host: s.mtv.fi')
+
+	Note: platform is so as not to increase non-Tor
+	distinguishability, given that no pages are covered
+	and no mixed content secured.
+
+
+	Nonfunctional hosts in *mtv.fi:
+
+		- blogit ʳ
+		- m ʰ
+		- www ʰ
+
+	ʰ Redirects to http
+	ʳ Refused
+
+
+	Problematic hosts in *mtv.fi:
+
+		- admp-tc ᶜ
+
+	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
+
+
+	Insecure cookies are set for these domains: ᶜ
+
+		- .mtv.fi
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="MTV.fi (partial)" platform="mixedcontent" default_off="failed ruleset test">
+
+	<target host="mtv.fi" />
+	<!--target host="admp-tc.mtv.fi" /-->
+	<target host="im.mtv.fi" />
+	<target host="s.mtv.fi" />
+
+		<!--	Redirect to http:
+						-->
+		<!--exclusion pattern="^http://m\.mtv\.fi/(?:$|chat$|lifestyle$|sport$)" /-->
+		<!--exclusion pattern="^http://www\.mtv\.fi/(?:$|api/servies/|include/footer_frame\.shtml|lifestyle$|saa/$|sport$)" /-->
+
+			<!--	+ve:
+					-->
+			<!--
+			<test url="http://www.mtv.fi/api/services/bauermedia/files/media/image/2016/30/2016_30_08_57c5836db179a_320.jpg" />
+			-->
+
+		<!--	Sets cookie without Secure:
+							-->
+		<!--test url="http://admp-tc.mtv.fi/getCampaigns.do?includeSegments=true&amp;callback=" /-->
+
+		<test url="http://im.mtv.fi/resources/5605450/2/article-inline-extra.css" />
+		<!--
+		<test url="http://st.mtv.fi/static/javascripts/external-js/remarketing.js" />
+		-->
+		<test url="http://st.mtv.fi/static/images/arrow-related-white.png" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.mtv\.fi$" name="^evid_\d+$" /-->
+
+	<securecookie host="^\." name="^(?:_ga|evid_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/mtvmedia.fi.xml b/src/chrome/content/rules/mtvmedia.fi.xml
new file mode 100644
index 000000000000..281bc59e59d9
--- /dev/null
+++ b/src/chrome/content/rules/mtvmedia.fi.xml
@@ -0,0 +1,28 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- netti.mtvmedia.fi
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="mtvmedia.fi">
+
+	<target host="netti.mtvmedia.fi" />
+
+		<!--	Sets cookies without Secure:
+							-->
+		<!--test url="http://netti.mtvmedia.fi/eas?camp=1;cre=img;ord=1" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^netti\.mtvmedia\.fi$" name="^eas_(?:geo|ret|uid)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/mucommander.com.xml b/src/chrome/content/rules/mucommander.com.xml
new file mode 100644
index 000000000000..daa38cdbf41f
--- /dev/null
+++ b/src/chrome/content/rules/mucommander.com.xml
@@ -0,0 +1,15 @@
+<!--
+	Time out:
+		apt.mucommander.com
+		ivy.mucommander.com
+		staging.mucommander.com
+		svn.mucommander.com
+		trac.mucommander.com
+-->
+<ruleset name="mucommander.com">
+	<target host="mucommander.com" />
+	<target host="www.mucommander.com" />
+
+	<rule from="^http://mucommander\.com/" to="https://www.mucommander.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/mulle-kybernetik.com.xml b/src/chrome/content/rules/mulle-kybernetik.com.xml
new file mode 100644
index 000000000000..a18cd5c06763
--- /dev/null
+++ b/src/chrome/content/rules/mulle-kybernetik.com.xml
@@ -0,0 +1,31 @@
+<!--
+	Problematic hosts in *mulle-kybernetik.com:
+
+		- ^ ᵐ ᵘ
+		- muller ᵘ
+
+	ᵐ Mismatched
+	ᵘ Untrusted root
+
+-->
+<ruleset name="Mulle-kybernetiK.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.mulle-kybernetik.com" />
+
+	<!--	Complications:
+				-->
+	<target host="mulle-kybernetik.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://mulle-kybernetik\.com/"
+		to="https://www.mulle-kybernetik.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/mulliner.org.xml b/src/chrome/content/rules/mulliner.org.xml
new file mode 100644
index 000000000000..2cb53eb61f6e
--- /dev/null
+++ b/src/chrome/content/rules/mulliner.org.xml
@@ -0,0 +1,13 @@
+<ruleset name="Mulliner.org">
+
+	<target host="mulliner.org" />
+	<target host="www.mulliner.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/multistre.am.xml b/src/chrome/content/rules/multistre.am.xml
new file mode 100644
index 000000000000..be731981a66b
--- /dev/null
+++ b/src/chrome/content/rules/multistre.am.xml
@@ -0,0 +1,6 @@
+<ruleset name="multistre.am">
+	<target host="multistre.am" />
+	<target host="www.multistre.am" />
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/multitran.ru.xml b/src/chrome/content/rules/multitran.ru.xml
new file mode 100644
index 000000000000..2120d8d69c86
--- /dev/null
+++ b/src/chrome/content/rules/multitran.ru.xml
@@ -0,0 +1,11 @@
+<!--
+Invalid certificate:
+	multitran.ru
+-->
+<ruleset name="multitran.ru">
+	<target host="multitran.ru"/>
+	<target host="www.multitran.ru"/>
+
+	<rule from="^http://multitran\.ru/" to="https://www.multitran.ru/" />
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/muob.ru.xml b/src/chrome/content/rules/muob.ru.xml
new file mode 100644
index 000000000000..0e5038095d95
--- /dev/null
+++ b/src/chrome/content/rules/muob.ru.xml
@@ -0,0 +1,38 @@
+<!--
+admbezenchuk.muob.ru ¹
+admboguchar.muob.ru ¹
+admdobroe.muob.ru ¹
+admin-redkino.muob.ru ¹
+apanasenkovmr.muob.ru ¹
+belrn.muob.ru ¹
+boguchar.muob.ru ¹
+buturlin.muob.ru ¹
+chastinskmr.muob.ru ¹
+ertil.muob.ru ¹
+gorodovmr.muob.ru ¹
+isaklinmr.muob.ru ¹
+kalachregion.muob.ru ¹
+liskiadm.muob.ru ¹
+npavlovka.muob.ru ¹
+olhovatka.muob.ru ¹
+ostrogozhsk.muob.ru ¹
+panino-rg.muob.ru ¹
+pavlovsk.muob.ru ¹
+petropavlovka.muob.ru ¹
+pohvistmr.muob.ru ¹
+sovet.muob.ru ¹
+taladm.muob.ru ¹
+vhava.muob.ru ¹
+vohtozhskgp.muob.ru ¹
+vorob.muob.ru ¹
+yamnoe.muob.ru ¹
+
+
+¹ mismatch
+-->
+<ruleset name="muob.ru">
+	<target host="muob.ru" />
+	<target host="www.muob.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/mupdf.com.xml b/src/chrome/content/rules/mupdf.com.xml
new file mode 100644
index 000000000000..76940c9f4abc
--- /dev/null
+++ b/src/chrome/content/rules/mupdf.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="mupdf.com">
+	<target host="mupdf.com" />
+	<target host="www.mupdf.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/mupen64plus.org.xml b/src/chrome/content/rules/mupen64plus.org.xml
new file mode 100644
index 000000000000..1ea813fa849c
--- /dev/null
+++ b/src/chrome/content/rules/mupen64plus.org.xml
@@ -0,0 +1,13 @@
+<!--
+        Invalid certificate:
+                autodiscover.mupen64plus.org
+                cpanel.mupen64plus.org
+                webdisk.mupen64plus.org
+                webmail.mupen64plus.org
+-->
+<ruleset name="mupen64plus.org">
+  <target host="mupen64plus.org" />
+  <target host="www.mupen64plus.org" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/muscache.com.xml b/src/chrome/content/rules/muscache.com.xml
new file mode 100644
index 000000000000..6234ff85353b
--- /dev/null
+++ b/src/chrome/content/rules/muscache.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="muscache.com">
+
+	<target host="a0.muscache.com" />
+	<target host="a1.muscache.com" />
+	<target host="a2.muscache.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/muse.mu-problematic.xml b/src/chrome/content/rules/muse.mu-problematic.xml
new file mode 100644
index 000000000000..699bd53b1a87
--- /dev/null
+++ b/src/chrome/content/rules/muse.mu-problematic.xml
@@ -0,0 +1,17 @@
+<!--
+	For rules that are on by default, see Muse.mu.xml.
+
+-->
+<ruleset name="Muse.mu (mismatched)" default_off="mismatched">
+
+	<target host="board.muse.mu" />
+	<target host="preorder.muse.mu" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/musikcube.com.xml b/src/chrome/content/rules/musikcube.com.xml
new file mode 100644
index 000000000000..0aac8b0e6553
--- /dev/null
+++ b/src/chrome/content/rules/musikcube.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="musikcube.com">
+	<target host="musikcube.com" />
+	<target host="www.musikcube.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/mutts.com.xml b/src/chrome/content/rules/mutts.com.xml
new file mode 100644
index 000000000000..adace1494e05
--- /dev/null
+++ b/src/chrome/content/rules/mutts.com.xml
@@ -0,0 +1,70 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.mutts.com/sites/default/files/css/css_a7lQP2XcNT8OtrLuooPT06s97x8tRZ9kAalBwRFh88M.css => https://www.mutts.com/sites/default/files/css/css_a7lQP2XcNT8OtrLuooPT06s97x8tRZ9kAalBwRFh88M.css: Too many redirects while fetching 'https://www.mutts.com/sites/default/files/css/css_a7lQP2XcNT8OtrLuooPT06s97x8tRZ9kAalBwRFh88M.css'
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.mutts.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css on www from $self ˢ
+
+		- Images, on:
+
+			- staging, www from ^mutts.com ˢ
+			- staging, www from $self ˢ
+			- staging from www.mutts.com ˢ
+			- www from staging.mutts.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="mutts.com (partial)" platform="mixedcontent" default_off="failed ruleset test">
+
+	<target host="mutts.com" />
+	<target host="staging.mutts.com" />
+	<target host="www.mutts.com" />
+
+		<!--	Redirect to http:
+						-->
+		<!--exclusion pattern="^http://(?:staging|www)\.mutts\.com/(?:$|accessories$|awards-list$|calendar$|cart$|copyright$|help$|mutts-manifesto$|privacy-policy$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://(?:staging|www)\.mutts\.com/(?!/*(?:favicon\.ico|misc/|news(?:$|[?/])|sites/))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.mutts.com/accessories" />
+			<test url="http://www.mutts.com/awards-list" />
+			<test url="http://www.mutts.com/calendar" />
+			<test url="http://www.mutts.com/copyright" />
+			<test url="http://www.mutts.com/help" />
+			<test url="http://www.mutts.com/mutts-manifesto" />
+			<test url="http://www.mutts.com/privacy-policy" />
+			<test url="http://www.mutts.com/splash" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.mutts.com/favicon.ico" />
+			<test url="http://www.mutts.com/misc/menu-expanded.png" />
+			<!--	sets cookie without secure, mixed content:	-->
+			<test url="http://www.mutts.com/news/" />
+			<test url="http://www.mutts.com/sites/all/themes/muttscomics1/images/facebook.png" />
+			<test url="http://www.mutts.com/sites/default/files/css/css_a7lQP2XcNT8OtrLuooPT06s97x8tRZ9kAalBwRFh88M.css" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.mutts\.com$" name="^PHPSESSID$" /-->
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/mvd.ru.xml b/src/chrome/content/rules/mvd.ru.xml
new file mode 100644
index 000000000000..6329eee3c9f3
--- /dev/null
+++ b/src/chrome/content/rules/mvd.ru.xml
@@ -0,0 +1,675 @@
+<!--
+ad.01.mvd.ru ⁵
+gi.01.mvd.ru ⁵
+ko.01.mvd.ru ⁵
+kr.01.mvd.ru ⁵
+ma.01.mvd.ru ⁵
+msh.01.mvd.ru ⁵
+ta.01.mvd.ru ⁵
+tu.01.mvd.ru ⁵
+msh.02.mvd.ru ⁵
+uvo.02.mvd.ru ⁵
+barguzinskii.03.mvd.ru ⁵
+baunt.03.mvd.ru ⁵
+bichura.03.mvd.ru ⁵
+dzhida.03.mvd.ru ⁵
+horinskii.03.mvd.ru ⁵
+ivolga.03.mvd.ru ⁵
+kabansk.03.mvd.ru ⁵
+kyahta.03.mvd.ru ⁵
+msch.03.mvd.ru ⁵
+msk.03.mvd.ru ⁵
+muhorshibir.03.mvd.ru ⁵
+pribaikal.03.mvd.ru ⁵
+selenga.03.mvd.ru ⁵
+severobaikalsk.03.mvd.ru ⁵
+tarbagatai.03.mvd.ru ⁵
+tunkinskii.03.mvd.ru ⁵
+uvo.03.mvd.ru ⁵
+zaigraevo.03.mvd.ru ⁵
+zakamna.03.mvd.ru ⁵
+msh.04.mvd.ru ⁵
+msh.05.mvd.ru ⁵
+msh.06.mvd.ru ⁵
+msch.07.mvd.ru ⁵
+uvo.07.mvd.ru ⁵
+msch.08.mvd.ru ⁵
+ic.09.mvd.ru ⁵
+msh.09.mvd.ru ⁵
+mch.10.mvd.ru ⁵
+med.10.mvd.ru ⁵
+msh.11.mvd.ru ⁵
+omvdinta.11.mvd.ru ¹
+omvdpechora.11.mvd.ru ¹
+omvdsosnogorsk.11.mvd.ru ¹
+umvd.11.mvd.ru ⁵
+msh.12.mvd.ru ⁵
+msh.13.mvd.ru ⁵
+msh.14.mvd.ru ⁵
+msh.15.mvd.ru ⁵
+msh.16.mvd.ru ⁵
+msch.17.mvd.ru ⁵
+msh.17.mvd.ru ⁵
+balezino.18.mvd.ru ⁵
+bod.18.mvd.ru ⁵
+cpp.18.mvd.ru ⁵
+glazov.18.mvd.ru ⁵
+igra.18.mvd.ru ⁵
+kambarka.18.mvd.ru ⁵
+kez.18.mvd.ru ⁵
+kizner.18.mvd.ru ⁵
+ksv.18.mvd.ru ⁵
+mozhga.18.mvd.ru ⁵
+mpurga.18.mvd.ru ⁵
+msch.18.mvd.ru ⁵
+sarapul.18.mvd.ru ⁵
+uva.18.mvd.ru ⁵
+uvdizh.18.mvd.ru ⁵
+uvo.18.mvd.ru ⁵
+votk.18.mvd.ru ⁵
+zavyalovo.18.mvd.ru ⁵
+abakan.19.mvd.ru ¹
+bazamvd.19.mvd.ru ¹
+msch.19.mvd.ru ⁵
+msch.21.mvd.ru ⁵
+msh.22.mvd.ru ⁵
+anapa.23.mvd.ru ¹
+apsheronsk.23.mvd.ru ¹
+armavir.23.mvd.ru ⁵
+gel.23.mvd.ru ⁵
+gorkluch.23.mvd.ru ⁵
+kalinin.23.mvd.ru ⁵
+kavkaz.23.mvd.ru ⁵
+krasnodar.23.mvd.ru ⁵
+kril.23.mvd.ru ¹
+krymsk.23.mvd.ru ¹
+kurgan.23.mvd.ru ⁵
+lab.23.mvd.ru ⁵
+msch.23.mvd.ru ⁵
+nkub.23.mvd.ru ⁵
+novoros.23.mvd.ru ⁵
+sever.23.mvd.ru ⁵
+sherb.23.mvd.ru ⁵
+slav.23.mvd.ru ¹
+sochi.23.mvd.ru ⁵
+tbl.23.mvd.ru ⁵
+tim.23.mvd.ru ⁵
+tuapse.23.mvd.ru ⁵
+uspensk.23.mvd.ru ¹
+ustlab.23.mvd.ru ⁵
+uvdsochi.23.mvd.ru ⁵
+viselki.23.mvd.ru ⁵
+achinsk.24.mvd.ru ⁵
+enis.24.mvd.ru ⁵
+kansk.24.mvd.ru ⁵
+lesosib.24.mvd.ru ⁵
+minusinsk.24.mvd.ru ⁵
+msch.24.mvd.ru ⁵
+nazarovo.24.mvd.ru ⁵
+norilsk.24.mvd.ru ⁵
+sharypovo.24.mvd.ru ⁵
+taimur.24.mvd.ru ⁵
+zelenogorsk.24.mvd.ru ⁵
+zheleznogorsk.24.mvd.ru ⁵
+www.25.mvd.ru ¹
+ars.25.mvd.ru ⁵
+art.25.mvd.ru ⁵
+bkm.25.mvd.ru ⁵
+chg.25.mvd.ru ⁵
+chr.25.mvd.ru ⁵
+dng.25.mvd.ru ⁵
+dnr.25.mvd.ru ⁵
+fkn.25.mvd.ru ⁵
+khn.25.mvd.ru ⁵
+khr.25.mvd.ru ⁵
+khs.25.mvd.ru ⁵
+kvl.25.mvd.ru ⁵
+lsz.25.mvd.ru ⁵
+mkh.25.mvd.ru ⁵
+msch.25.mvd.ru ⁵
+ndz.25.mvd.ru ⁵
+nkh.25.mvd.ru ⁵
+okt.25.mvd.ru ⁵
+pgr.25.mvd.ru ⁵
+prd.25.mvd.ru ⁵
+prt.25.mvd.ru ⁵
+pzh.25.mvd.ru ⁵
+sps.25.mvd.ru ⁵
+uss.25.mvd.ru ⁵
+vlc.25.mvd.ru ⁵
+msh.26.mvd.ru ⁵
+koms.27.mvd.ru ⁵
+msch.27.mvd.ru ⁵
+msch.28.mvd.ru ⁵
+uvo.28.mvd.ru ⁵
+msh.29.mvd.ru ⁵
+ic.31.mvd.ru ⁵
+msch.31.mvd.ru ¹
+br.32.mvd.ru ⁵
+bryansk.32.mvd.ru ¹
+dyatkovo.32.mvd.ru ¹
+karachev.32.mvd.ru ¹
+klincy.32.mvd.ru ¹
+msch.32.mvd.ru ⁵
+navlya.32.mvd.ru ¹
+novozibkov.32.mvd.ru ¹
+msh.33.mvd.ru ⁵
+alekseevka.34.mvd.ru ⁵
+bykovo.34.mvd.ru ⁵
+chernishki.34.mvd.ru ⁵
+danilovka.34.mvd.ru ⁵
+dubovka.34.mvd.ru ⁵
+elan.34.mvd.ru ⁵
+frolovo.34.mvd.ru ⁵
+gorodische.34.mvd.ru ⁵
+ilovlya.34.mvd.ru ⁵
+kalachdon.34.mvd.ru ⁵
+kamyshin.34.mvd.ru ⁵
+kikvidze.34.mvd.ru ⁵
+kletskiy.34.mvd.ru ⁵
+kotelnikovo.34.mvd.ru ⁵
+kotovo.34.mvd.ru ⁵
+kumilga.34.mvd.ru ⁵
+leninsk.34.mvd.ru ⁵
+mihaylovka.34.mvd.ru ⁵
+msch.34.mvd.ru ⁵
+nehaevsk.34.mvd.ru ⁵
+nikolaevskiy.34.mvd.ru ⁵
+novoanninsk.34.mvd.ru ⁵
+novonikolaevsk.34.mvd.ru ⁵
+oktyabrsk.34.mvd.ru ⁵
+olhovka.34.mvd.ru ⁵
+pallasovka.34.mvd.ru ⁵
+rudnya.34.mvd.ru ⁵
+serafimovich.34.mvd.ru ⁵
+sredahtuba.34.mvd.ru ⁵
+staropoltavka.34.mvd.ru ⁵
+surovikino.34.mvd.ru ⁵
+svetlojyar.34.mvd.ru ⁵
+umvd.34.mvd.ru ⁵
+uryupinsk.34.mvd.ru ⁵
+uvdvlz.34.mvd.ru ⁵
+zhirnovsk.34.mvd.ru ⁵
+msh.35.mvd.ru ⁵
+msh.36.mvd.ru ⁵
+msh.37.mvd.ru ⁵
+msch.39.mvd.ru ⁵
+www.40.mvd.ru ¹
+maloyaroslavec.40.mvd.ru ⁵
+msch.40.mvd.ru ⁵
+msch.41.mvd.ru ⁵
+kemerovo.42.mvd.ru ⁵
+msh.42.mvd.ru ⁵
+chepetsk.43.mvd.ru ⁵
+kilmez.43.mvd.ru ⁵
+kirov.43.mvd.ru ⁵
+kirs.43.mvd.ru ⁵
+kotel.43.mvd.ru ⁵
+kumeny.43.mvd.ru ⁵
+luza.43.mvd.ru ⁵
+malmyzh.43.mvd.ru ⁵
+msch.43.mvd.ru ⁵
+murashi.43.mvd.ru ⁵
+nolinsk.43.mvd.ru ⁵
+omutninsk.43.mvd.ru ⁵
+orichi.43.mvd.ru ⁵
+slobodskoy.43.mvd.ru ⁵
+sovetsk.43.mvd.ru ⁵
+urya.43.mvd.ru ⁵
+urzhum.43.mvd.ru ⁵
+uvo.43.mvd.ru ⁵
+vpolyany.43.mvd.ru ⁵
+yaransk.43.mvd.ru ⁵
+zatopm.43.mvd.ru ⁵
+zuevka.43.mvd.ru ⁵
+msch.44.mvd.ru ¹
+kurgan.45.mvd.ru ¹
+belaya.46.mvd.ru ¹
+cheremis.46.mvd.ru ¹
+cheremisinovo.46.mvd.ru ¹
+dmitriev.46.mvd.ru ¹
+fatezh.46.mvd.ru ¹
+glushkovo.46.mvd.ru ¹
+gorshechnoe.46.mvd.ru ¹
+homutovka.46.mvd.ru ¹
+kastornoe.46.mvd.ru ¹
+konishevka.46.mvd.ru ¹
+korenevo.46.mvd.ru ¹
+kurskiy.46.mvd.ru ¹
+lgov.46.mvd.ru ¹
+manturovo.46.mvd.ru ¹
+medvenka.46.mvd.ru ¹
+msch.46.mvd.ru ⁵
+oboyan.46.mvd.ru ¹
+oktyabrski.46.mvd.ru ¹
+poniri.46.mvd.ru ¹
+shigri.46.mvd.ru ¹
+solncevo.46.mvd.ru ¹
+sovetskiy.46.mvd.ru ¹
+tim.46.mvd.ru ¹
+www.48.mvd.ru ¹
+msh.48.mvd.ru ⁵
+msh.49.mvd.ru ⁵
+baikonur.50.mvd.ru ⁵
+balashikha.50.mvd.ru ⁵
+chekhov.50.mvd.ru ⁵
+dmitrov.50.mvd.ru ⁵
+domodedovo.50.mvd.ru ⁵
+dubna.50.mvd.ru ⁵
+egoryevsk.50.mvd.ru ⁵
+elektrostal.50.mvd.ru ⁵
+istra.50.mvd.ru ¹
+kashira.50.mvd.ru ⁵
+khimki.50.mvd.ru ⁵
+klin.50.mvd.ru ⁵
+kolomna.50.mvd.ru ⁵
+korolev.50.mvd.ru ⁵
+krasnogorsk.50.mvd.ru ⁵
+leninskiy.50.mvd.ru ¹
+lobnya.50.mvd.ru ⁵
+lotoshino.50.mvd.ru ⁵
+lubertsy.50.mvd.ru ⁵
+lukhovitsy.50.mvd.ru ¹
+med.50.mvd.ru ⁵
+mozhaysk.50.mvd.ru ⁵
+mytischi.50.mvd.ru ⁵
+naro-fominsk.50.mvd.ru ⁵
+noginsk.50.mvd.ru ⁵
+o-zuevo.50.mvd.ru ⁵
+odintsovo.50.mvd.ru ⁵
+ozery.50.mvd.ru ⁵
+podolsk.50.mvd.ru ⁵
+pposad.50.mvd.ru ⁵
+protvino.50.mvd.ru ⁵
+pushkino.50.mvd.ru ⁵
+ramenskoe.50.mvd.ru ⁵
+ruza.50.mvd.ru ⁵
+s-posad.50.mvd.ru ⁵
+s-prudy.50.mvd.ru ⁵
+serpukhov.50.mvd.ru ⁵
+shakhovskaya.50.mvd.ru ⁵
+shatura.50.mvd.ru ⁵
+solnechnogorsk.50.mvd.ru ⁵
+stupino.50.mvd.ru ⁵
+vlasikha.50.mvd.ru ⁵
+voskresensk.50.mvd.ru ⁵
+zaraysk.50.mvd.ru ⁵
+zhukovskiy.50.mvd.ru ⁵
+msch.51.mvd.ru ⁵
+www.52.mvd.ru ¹
+msch.52.mvd.ru ⁵
+med.53.mvd.ru ⁵
+www.54.mvd.ru ¹
+msc.54.mvd.ru ⁵
+www.55.mvd.ru ¹
+msh.55.mvd.ru ⁵
+230.56.mvd.ru ⁵
+235.56.mvd.ru ⁵
+242.56.mvd.ru ⁵
+247.56.mvd.ru ⁵
+252.56.mvd.ru ⁵
+258.56.mvd.ru ¹
+261.56.mvd.ru ⁵
+262.56.mvd.ru ⁵
+265.56.mvd.ru ⁵
+276.56.mvd.ru ⁵
+med.56.mvd.ru ⁵
+oren.56.mvd.ru ⁵
+orsk.56.mvd.ru ⁵
+msch.57.mvd.ru ⁵
+msh.58.mvd.ru ⁵
+msh.59.mvd.ru ⁵
+msh.60.mvd.ru ⁵
+med.61.mvd.ru ⁵
+tag.61.mvd.ru ⁵
+www.62.mvd.ru ¹
+msch.62.mvd.ru ⁵
+kinel.63.mvd.ru ⁵
+krasnojarskij.63.mvd.ru ¹
+msch.63.mvd.ru ⁵
+umvd.63.mvd.ru ⁵
+arkadak.64.mvd.ru ⁵
+atkarsk.64.mvd.ru ⁵
+balakovo.64.mvd.ru ⁵
+balashov.64.mvd.ru ⁵
+bkarabulak.64.mvd.ru ⁵
+dergachi.64.mvd.ru ⁵
+engels.64.mvd.ru ⁵
+ershov.64.mvd.ru ⁵
+kalinin.64.mvd.ru ⁵
+karm.64.mvd.ru ⁵
+krkut.64.mvd.ru ⁵
+marks.64.mvd.ru ⁵
+msch.64.mvd.ru ⁵
+nuzensk.64.mvd.ru ⁵
+petrovsk.64.mvd.ru ⁵
+pugachev.64.mvd.ru ⁵
+rtishev.64.mvd.ru ⁵
+sar.64.mvd.ru ⁵
+shihani.64.mvd.ru ⁵
+sovet.64.mvd.ru ⁵
+svet.64.mvd.ru ⁵
+www.svet.64.mvd.ru ¹
+tatishevo.64.mvd.ru ⁵
+umvd.64.mvd.ru ⁵
+volsk.64.mvd.ru ⁵
+med.65.mvd.ru ⁵
+msh.65.mvd.ru ⁵
+www.66.mvd.ru ¹
+zarechny.66.mvd.ru ⁵
+msh.67.mvd.ru ⁵
+msch.68.mvd.ru ⁵
+msch.69.mvd.ru ⁵
+uvo.69.mvd.ru ⁵
+msh.70.mvd.ru ⁵
+msh.71.mvd.ru ⁵
+www.72.mvd.ru ¹
+msch.72.mvd.ru ⁵
+uvo.72.mvd.ru ⁵
+www.73.mvd.ru ¹
+med.73.mvd.ru ⁵
+chel.74.mvd.ru ⁵
+msch.74.mvd.ru ⁵
+ozersk.74.mvd.ru ⁵
+msch.75.mvd.ru ⁵
+clrr.76.mvd.ru ⁵
+msch.76.mvd.ru ⁵
+cao.77.mvd.ru ⁵
+gsu.77.mvd.ru ⁵
+kunc.77.mvd.ru ⁵
+med.77.mvd.ru ⁵
+metro.77.mvd.ru ⁵
+omon.77.mvd.ru ⁵
+sao.77.mvd.ru ⁵
+svao.77.mvd.ru ⁵
+szao.77.mvd.ru ⁵
+tinao.77.mvd.ru ⁵
+uao.77.mvd.ru ⁵
+ueb.77.mvd.ru ⁵
+uvao.77.mvd.ru ⁵
+uzao.77.mvd.ru ⁵
+vao.77.mvd.ru ⁵
+zao.77.mvd.ru ⁵
+zel.77.mvd.ru ⁵
+admiral.78.mvd.ru ⁵
+centr.78.mvd.ru ⁵
+frunz.78.mvd.ru ⁵
+kalin.78.mvd.ru ⁵
+kir.78.mvd.ru ⁵
+kolp.78.mvd.ru ⁵
+kras.78.mvd.ru ⁵
+krgv.78.mvd.ru ⁵
+kron.78.mvd.ru ⁵
+kurort.78.mvd.ru ⁵
+box.lo.78.mvd.ru ⁵
+gtn.lo.78.mvd.ru ⁵
+king.lo.78.mvd.ru ⁵
+kir.lo.78.mvd.ru ⁵
+kirish.lo.78.mvd.ru ⁵
+lod.lo.78.mvd.ru ⁵
+lom.lo.78.mvd.ru ⁵
+luga.lo.78.mvd.ru ⁵
+podpor.lo.78.mvd.ru ⁵
+prioz.lo.78.mvd.ru ⁵
+slanz.lo.78.mvd.ru ⁵
+sosn.lo.78.mvd.ru ⁵
+tihvin.lo.78.mvd.ru ⁵
+tosn.lo.78.mvd.ru ⁵
+volh.lo.78.mvd.ru ⁵
+volos.lo.78.mvd.ru ⁵
+vsev.lo.78.mvd.ru ⁵
+vyb.lo.78.mvd.ru ⁵
+mosk.78.mvd.ru ⁵
+msh.78.mvd.ru ⁵
+nevsk.78.mvd.ru ¹
+nevskoe.78.mvd.ru ⁵
+peterhof.78.mvd.ru ⁵
+petr.78.mvd.ru ⁵
+prim.78.mvd.ru ⁵
+pushkin.78.mvd.ru ⁵
+vo.78.mvd.ru ⁵
+vyb.78.mvd.ru ⁵
+momvd.79.mvd.ru ⁵
+movd.79.mvd.ru ⁵
+msch.79.mvd.ru ⁵
+msch.82.mvd.ru ⁵
+msh.83.mvd.ru ⁵
+msch.86.mvd.ru ⁵
+uvo.86.mvd.ru ⁵
+msh.87.mvd.ru ⁵
+fgku.92.mvd.ru ⁵
+msh.92.mvd.ru ⁵
+msh.95.mvd.ru ⁵
+www.cfo.mvd.ru ¹
+dinamo.dgsk.mvd.ru ⁵
+arhiz.dt.mvd.ru ⁵
+borok.dt.mvd.ru ⁵
+burevestnik.dt.mvd.ru ⁵
+bykovo.dt.mvd.ru ⁵
+ca1.dt.mvd.ru ⁵
+ca2.dt.mvd.ru ⁵
+cb.dt.mvd.ru ⁵
+cdp.dt.mvd.ru ⁵
+cmsch.dt.mvd.ru ⁵
+cp1.dt.mvd.ru ⁵
+cp2.dt.mvd.ru ⁵
+cpb.dt.mvd.ru ⁵
+csp.dt.mvd.ru ⁵
+dolgoe.dt.mvd.ru ⁵
+elbrus.dt.mvd.ru ⁵
+gkg.dt.mvd.ru ⁵
+www.gkg.dt.mvd.ru ¹
+gorbatov.dt.mvd.ru ⁵
+www.gorbatov.dt.mvd.ru ¹
+hosta.dt.mvd.ru ⁵
+iskra.dt.mvd.ru ⁵
+izumrudny.dt.mvd.ru ⁵
+junost.dt.mvd.ru ⁵
+lesnoe.dt.mvd.ru ⁵
+nalchik.dt.mvd.ru ⁵
+podmosk.dt.mvd.ru ⁵
+primorie.dt.mvd.ru ⁵
+salut.dt.mvd.ru ⁵
+sokol.dt.mvd.ru ⁵
+sosnovy.dt.mvd.ru ⁵
+teberda.dt.mvd.ru ⁵
+test.dt.mvd.ru ⁵
+zeleznovodsk.dt.mvd.ru ⁵
+zr.dt.mvd.ru ⁵
+zt.dt.mvd.ru ¹
+vf.dvui.mvd.ru ⁵
+kf.krdu.mvd.ru ⁵
+nf.krdu.mvd.ru ⁵
+nkf.krdu.mvd.ru ⁵
+stavf.krdu.mvd.ru ⁵
+mail02.mvd.ru ³
+mof.mosu.mvd.ru ⁵
+rf.mosu.mvd.ru ⁵
+cao.msk.mvd.ru ⁵
+gsu.msk.mvd.ru ⁵
+kunc.msk.mvd.ru ⁵
+metro.msk.mvd.ru ⁵
+sao.msk.mvd.ru ⁵
+svao.msk.mvd.ru ⁵
+szao.msk.mvd.ru ⁵
+tinao.msk.mvd.ru ⁵
+uao.msk.mvd.ru ⁵
+ueb.msk.mvd.ru ⁵
+uvao.msk.mvd.ru ⁵
+uzao.msk.mvd.ru ⁵
+vao.msk.mvd.ru ⁵
+zao.msk.mvd.ru ⁵
+zel.msk.mvd.ru ⁵
+en.na.mvd.ru ⁵
+fr.na.mvd.ru ⁵
+ns1.mvd.ru ³
+svlu.pfout.mvd.ru ⁵
+rabota.mvd.ru ¹
+vf.rui.mvd.ru ¹
+utszfo.spb.mvd.ru ¹
+loptz.szfout.mvd.ru ⁵
+zapad-lu.szfout.mvd.ru ⁵
+73.umvdgor.mvd.ru ¹
+klif.univer.mvd.ru ⁵
+bf.vipk.mvd.ru ⁵
+en.vipk.mvd.ru ⁵
+nf.vipk.mvd.ru ⁵
+pf.vipk.mvd.ru ⁵
+
+
+¹ mismatch
+³ timed out
+⁵ expired
+-->
+<ruleset name="mvd.ru">
+	<target host="mvd.ru" />
+	<target host="www.mvd.ru" />
+	<target host="01.mvd.ru" />
+	<target host="02.mvd.ru" />
+	<target host="03.mvd.ru" />
+	<target host="04.mvd.ru" />
+	<target host="05.mvd.ru" />
+	<target host="06.mvd.ru" />
+	<target host="07.mvd.ru" />
+	<target host="08.mvd.ru" />
+	<target host="09.mvd.ru" />
+	<target host="10.mvd.ru" />
+	<target host="11.mvd.ru" />
+	<target host="12.mvd.ru" />
+	<target host="13.mvd.ru" />
+	<target host="14.mvd.ru" />
+	<target host="15.mvd.ru" />
+	<target host="16.mvd.ru" />
+	<target host="17.mvd.ru" />
+	<target host="18.mvd.ru" />
+	<target host="19.mvd.ru" />
+	<target host="21.mvd.ru" />
+	<target host="22.mvd.ru" />
+	<target host="23.mvd.ru" />
+	<target host="24.mvd.ru" />
+	<target host="25.mvd.ru" />
+	<target host="26.mvd.ru" />
+	<target host="27.mvd.ru" />
+	<target host="28.mvd.ru" />
+	<target host="29.mvd.ru" />
+	<target host="30.mvd.ru" />
+	<target host="31.mvd.ru" />
+	<target host="32.mvd.ru" />
+	<target host="33.mvd.ru" />
+	<target host="34.mvd.ru" />
+	<target host="35.mvd.ru" />
+	<target host="36.mvd.ru" />
+	<target host="37.mvd.ru" />
+	<target host="38.mvd.ru" />
+	<target host="39.mvd.ru" />
+	<target host="40.mvd.ru" />
+	<target host="41.mvd.ru" />
+	<target host="42.mvd.ru" />
+	<target host="43.mvd.ru" />
+	<target host="44.mvd.ru" />
+	<target host="45.mvd.ru" />
+	<target host="46.mvd.ru" />
+	<target host="48.mvd.ru" />
+	<target host="49.mvd.ru" />
+	<target host="50.mvd.ru" />
+	<target host="51.mvd.ru" />
+	<target host="52.mvd.ru" />
+	<target host="53.mvd.ru" />
+	<target host="54.mvd.ru" />
+	<target host="55.mvd.ru" />
+	<target host="56.mvd.ru" />
+	<target host="57.mvd.ru" />
+	<target host="58.mvd.ru" />
+	<target host="59.mvd.ru" />
+	<target host="60.mvd.ru" />
+	<target host="61.mvd.ru" />
+	<target host="62.mvd.ru" />
+	<target host="63.mvd.ru" />
+	<target host="64.mvd.ru" />
+	<target host="65.mvd.ru" />
+	<target host="66.mvd.ru" />
+	<target host="67.mvd.ru" />
+	<target host="68.mvd.ru" />
+	<target host="69.mvd.ru" />
+	<target host="70.mvd.ru" />
+	<target host="71.mvd.ru" />
+	<target host="72.mvd.ru" />
+	<target host="73.mvd.ru" />
+	<target host="74.mvd.ru" />
+	<target host="75.mvd.ru" />
+	<target host="76.mvd.ru" />
+	<target host="77.mvd.ru" />
+	<target host="78.mvd.ru" />
+	<target host="79.mvd.ru" />
+	<target host="82.mvd.ru" />
+	<target host="83.mvd.ru" />
+	<target host="86.mvd.ru" />
+	<target host="87.mvd.ru" />
+	<target host="89.mvd.ru" />
+	<target host="92.mvd.ru" />
+	<target host="95.mvd.ru" />
+	<target host="a.mvd.ru" />
+	<target host="asvu.mvd.ru" />
+	<target host="belui.mvd.ru" />
+	<target host="bui.mvd.ru" />
+	<target host="cfout.mvd.ru" />
+	<target host="chsvu.mvd.ru" />
+	<target host="csr.mvd.ru" />
+	<target host="dfout.mvd.ru" />
+	<target host="dvui.mvd.ru" />
+	<target host="en.mvd.ru" />
+	<target host="ershsrs.mvd.ru" />
+	<target host="esiirk.mvd.ru" />
+	<target host="gcsp.mvd.ru" />
+	<target host="gibdd.mvd.ru" />
+	<target host="gsvu.mvd.ru" />
+	<target host="gut.mvd.ru" />
+	<target host="guvm.mvd.ru" />
+	<target host="en.guvm.mvd.ru" />
+	<target host="limited.guvm.mvd.ru" />
+	<target host="pda.guvm.mvd.ru" />
+	<target host="gvm.mvd.ru" />
+	<target host="krdu.mvd.ru" />
+	<target host="krmut.mvd.ru" />
+	<target host="kui.mvd.ru" />
+	<target host="mail.mvd.ru" />
+	<target host="media.mvd.ru" />
+	<target host="mosu.mvd.ru" />
+	<target host="na.mvd.ru" />
+	<target host="ncbdd.mvd.ru" />
+	<target host="noreply.mvd.ru" />
+	<target host="nsvu.mvd.ru" />
+	<target host="oma.mvd.ru" />
+	<target host="orl.mvd.ru" />
+	<target host="orui.mvd.ru" />
+	<target host="os.mvd.ru" />
+	<target host="pfout.mvd.ru" />
+	<target host="radio.mvd.ru" />
+	<target host="rshsrs.mvd.ru" />
+	<target host="rui.mvd.ru" />
+	<target host="sibfout.mvd.ru" />
+	<target host="skfo.mvd.ru" />
+	<target host="skfout.mvd.ru" />
+	<target host="skk.mvd.ru" />
+	<target host="static.mvd.ru" />
+	<target host="svuspb.mvd.ru" />
+	<target host="szfout.mvd.ru" />
+	<target host="tipk.mvd.ru" />
+	<target host="uc.mvd.ru" />
+	<target host="ufali.mvd.ru" />
+	<target host="ufout.mvd.ru" />
+	<target host="umvd72.mvd.ru" />
+	<target host="univer.mvd.ru" />
+	<target host="ural.mvd.ru" />
+	<target host="uralfout.mvd.ru" />
+	<target host="ushpsk.mvd.ru" />
+	<target host="va.mvd.ru" />
+	<target host="veteran.mvd.ru" />
+	<target host="vi.mvd.ru" />
+	<target host="vipk.mvd.ru" />
+	<target host="vnii.mvd.ru" />
+	<target host="vsut.mvd.ru" />
+	<target host="zbut.mvd.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/my-chrome.ru.xml b/src/chrome/content/rules/my-chrome.ru.xml
new file mode 100644
index 000000000000..c08def377d7c
--- /dev/null
+++ b/src/chrome/content/rules/my-chrome.ru.xml
@@ -0,0 +1,7 @@
+<ruleset name="my-chrome.ru">
+	<target host="my-chrome.ru" />
+	<target host="www.my-chrome.ru" />
+	<target host="download.my-chrome.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/my-history.co.uk.xml b/src/chrome/content/rules/my-history.co.uk.xml
new file mode 100644
index 000000000000..f2bd91b72d2f
--- /dev/null
+++ b/src/chrome/content/rules/my-history.co.uk.xml
@@ -0,0 +1,29 @@
+<!--
+	These altnames do not exist:
+
+		- my-history.co.uk
+
+
+	Mixed content:
+
+		- Bugs, from:
+
+			- banners.affiliatefuture.com ˢ
+			- www.feefo.com ˢ
+			- www.tqlkg.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="My-History.co.uk">
+
+	<target host="www.my-history.co.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/my-zone.net.xml b/src/chrome/content/rules/my-zone.net.xml
new file mode 100644
index 000000000000..68470001f5f3
--- /dev/null
+++ b/src/chrome/content/rules/my-zone.net.xml
@@ -0,0 +1,14 @@
+<ruleset name="My-Zone.net">
+
+	<target host="my-zone.net" />
+	<target host="www.my-zone.net" />
+
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/myGov.xml b/src/chrome/content/rules/myGov.xml
new file mode 100644
index 000000000000..076995a54667
--- /dev/null
+++ b/src/chrome/content/rules/myGov.xml
@@ -0,0 +1,7 @@
+<ruleset name="myGov">
+	<target host="my.gov.au" />
+	<target host="www.my.gov.au" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/myaffiliateprogram.com.xml b/src/chrome/content/rules/myaffiliateprogram.com.xml
new file mode 100644
index 000000000000..d7674da86cbe
--- /dev/null
+++ b/src/chrome/content/rules/myaffiliateprogram.com.xml
@@ -0,0 +1,49 @@
+<!--
+	$ differs from http, redirect destination does not
+	support tls.
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- www.myaffiliateprogram.com
+		- .www.myaffiliateprogram.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="My Affiliate Program.com (partial)">
+
+	<target host="myaffiliateprogram.com" />
+	<target host="www.myaffiliateprogram.com" />
+
+		<!--	Differs from http:
+						-->
+		<!--exclusion pattern="^http://(?:www\.)?myaffiliateprogram\.com/+(?:$|\?|myap_contact_us\.asp)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://(?:www\.)?myaffiliateprogram\.com/(?!/*(?:1pxlclr\.gif|u/))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.myaffiliateprogram.com/default.asp" />
+			<test url="http://www.myaffiliateprogram.com/favicon.ico" />
+			<test url="http://www.myaffiliateprogram.com/myap_contact_us.asp" />
+
+		<test url="http://www.myaffiliateprogram.com/1pxlclr.gif" />
+		<test url="http://www.myaffiliateprogram.com/u/ait/e.asp?e=9&amp;id=1006&amp;p=series63.htm" />
+		<test url="http://www.myaffiliateprogram.com/u/compcorp/up.asp?i=1089" />
+		<test url="http://www.myaffiliateprogram.com/u/koala/t.asp?id=1710" />
+		<test url="http://www.myaffiliateprogram.com/u/worldwid/b.asp?id=1866&amp;p=wwb/kh_freeebook.asp" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.myaffiliateprogram\.com$" name="^ASPSESSIONID[A-Z]{8}$" /-->
+	<!--securecookie host="^\.www\.myaffiliateprogram\.com$" name="^(?:advanced|ait|aitimage|sub_advanced|sub_ait)$" /-->
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/myapp.com.xml b/src/chrome/content/rules/myapp.com.xml
new file mode 100644
index 000000000000..69eab894376b
--- /dev/null
+++ b/src/chrome/content/rules/myapp.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Redirect to http:
+		bbs.myapp.com
+
+	Invalid certificate:
+		^myapp.com
+		www.myapp.com
+		a.myapp.com
+		android.myapp.com
+		aw.myapp.com
+		bao.myapp.com
+		ex2?.myapp.com
+		tac2?.myapp.com
+		v.myapp.com
+		yingyongbao.myapp.com
+		yyb.myapp.com
+-->
+
+<ruleset name="myapp.com (partial)">
+	<target host="pp.myapp.com" />
+	<target host="qd.myapp.com" />
+	<target host="softimtt.myapp.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/mybank.cn.xml b/src/chrome/content/rules/mybank.cn.xml
new file mode 100644
index 000000000000..cc49a3f42d24
--- /dev/null
+++ b/src/chrome/content/rules/mybank.cn.xml
@@ -0,0 +1,39 @@
+<!--
+	For other Alibaba coverage, see Alibaba.xml.
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .mybank.cn
+		- a.mybank.cn
+		- .loan.mybank.cn
+		- mobilehelp.mybank.cn
+		- www.mybank.cn
+
+-->
+<ruleset name="MYbank.cn">
+
+	<target host="mybank.cn" />
+	<target host="a.mybank.cn" />
+	<target host="loan.mybank.cn" />
+	<target host="mobilehelp.mybank.cn" />
+	<target host="www.mybank.cn" />
+
+		<!--	Sets cookies without Secure:
+							-->
+		<!--test url="http://loan.mybank.cn/taobao/index.htm" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:(?:a|mobilehelp|www)\.)?mybank\.cn$" name="^JSESSIONID$" /-->
+	<!--securecookie host="^\.mybank\.cn$" name="^(?:VENUSJSESSIONID|admincft|aliloan_param|venus_tmp0)$" /-->
+	<!--securecookie host="^\.loan\.mybank\.cn$" name="^(?:_csrf_token|MYTHJSESSIONID|entrance|hsm|myth_tmp0)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/mycelium.com.xml b/src/chrome/content/rules/mycelium.com.xml
new file mode 100644
index 000000000000..79bea014b66e
--- /dev/null
+++ b/src/chrome/content/rules/mycelium.com.xml
@@ -0,0 +1,58 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://coloredcoins.mtree.mycelium.com/ => https://coloredcoins.mtree.mycelium.com/: (6, 'Could not resolve host: coloredcoins.mtree.mycelium.com')
+Fetch error: http://coloredcoins-staging.mtree.mycelium.com/ => https://coloredcoins-staging.mtree.mycelium.com/: (6, 'Could not resolve host: coloredcoins-staging.mtree.mycelium.com')
+Fetch error: http://news.wallet.mycelium.com/ => https://news.wallet.mycelium.com/: (60, 'SSL certificate problem: certificate has expired')
+
+lt2.mycelium.com ⁵
+status.mtree.mycelium.com non-2xx http code
+mws2.mycelium.com ⁵
+mx.mycelium.com ²
+node1.mycelium.com ⁵
+node2.mycelium.com ⁵
+node3.mycelium.com ⁴
+node6.mycelium.com ⁵
+node7.mycelium.com ⁵
+node8.mycelium.com ⁵
+support.mycelium.com ¹
+
+
+¹ mismatch
+² refused
+⁴ self signed
+⁵ expired
+-->
+<ruleset name="mycelium.com" default_off="failed ruleset test">
+	<target host="mycelium.com" />
+	<target host="www.mycelium.com" />
+	<target host="card.mycelium.com" />
+	<target host="crowdsale.mycelium.com" />
+	<target host="gear.mycelium.com" />
+	<target host="admin.gear.mycelium.com" />
+	<target host="gateway.gear.mycelium.com" />
+	<target host="admin.mtree.mycelium.com" />
+	<target host="admin-staging.mtree.mycelium.com" />
+	<target host="coloredcoins.mtree.mycelium.com" />
+	<target host="coloredcoins-staging.mtree.mycelium.com" />
+	<target host="core.mtree.mycelium.com" />
+	<target host="core-staging.mtree.mycelium.com" />
+	<target host="dashboard.mtree.mycelium.com" />
+	<target host="dashboard-staging.mtree.mycelium.com" />
+	<target host="demo.mtree.mycelium.com" />
+	<target host="demo-staging.mtree.mycelium.com" />
+	<target host="godoc.mtree.mycelium.com" />
+	<target host="node51.mycelium.com" />
+	<target host="swish.mycelium.com" />
+	<target host="www.swish.mycelium.com" />
+	<target host="admin.swish.mycelium.com" />
+	<target host="www.admin.swish.mycelium.com" />
+	<target host="api.swish.mycelium.com" />
+	<target host="www.api.swish.mycelium.com" />
+	<target host="customer.swish.mycelium.com" />
+	<target host="www.customer.swish.mycelium.com" />
+	<target host="wallet.mycelium.com" />
+	<target host="news.wallet.mycelium.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/mydigitallife.net.xml b/src/chrome/content/rules/mydigitallife.net.xml
new file mode 100644
index 000000000000..242bbc415ef1
--- /dev/null
+++ b/src/chrome/content/rules/mydigitallife.net.xml
@@ -0,0 +1,7 @@
+<ruleset name="mydigitallife.net">
+	<target host="mydigitallife.net" />
+	<target host="www.mydigitallife.net" />
+	<target host="forums.mydigitallife.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/mydrivers.com.xml b/src/chrome/content/rules/mydrivers.com.xml
new file mode 100644
index 000000000000..2034060769e1
--- /dev/null
+++ b/src/chrome/content/rules/mydrivers.com.xml
@@ -0,0 +1,21 @@
+<ruleset name="mydrivers.com">
+	<target host="mydrivers.com" />
+	<target host="www.mydrivers.com" />
+	<target host="11.mydrivers.com" />
+	<target host="blog.mydrivers.com" />
+	<target host="comment8.mydrivers.com" />
+	<target host="count.mydrivers.com" />
+	<target host="drivers.mydrivers.com" />
+	<target host="dt.mydrivers.com" />
+	<target host="hardware.mydrivers.com" />
+	<target host="icons.mydrivers.com" />
+	<target host="img1.mydrivers.com" />
+	<target host="m.mydrivers.com" />
+	<target host="news.mydrivers.com" />
+	<target host="pad.mydrivers.com" />
+	<target host="passport.mydrivers.com" />
+	<target host="so.mydrivers.com" />
+	<target host="viewpoint.mydrivers.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/myfreecams.com.xml b/src/chrome/content/rules/myfreecams.com.xml
new file mode 100644
index 000000000000..e32d72fb818c
--- /dev/null
+++ b/src/chrome/content/rules/myfreecams.com.xml
@@ -0,0 +1,53 @@
+<!--
+	Other MyFreeCams.com rulesets:
+
+		- mfcimg.com.xml
+
+
+	Nonfunctional hosts in *myfreecams.com:
+
+		- wiki ʳ
+
+	ʳ Refused
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- .myfreecams.com
+		- m.myfreecams.com
+		- profiles.myfreecams.com
+		- www.myfreecams.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Images on www from [a-l].mfcimg.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="MyFreeCams.com (partial)">
+
+	<target host="myfreecams.com" />
+	<target host="api.myfreecams.com" />
+	<target host="m.myfreecams.com" />
+	<target host="profiles.myfreecams.com" />
+	<target host="www.myfreecams.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.myfreecams\.com$" name="^company_id$" /-->
+	<!--securecookie host="^(?:m|www)\.myfreecams\.com$" name="affiliate_subcode$" /-->
+	<!--securecookie host="^profiles\.myfreecams\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\." name="^company_id$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/myneighborsushicat.com.xml b/src/chrome/content/rules/myneighborsushicat.com.xml
new file mode 100644
index 000000000000..7c62d0fc7571
--- /dev/null
+++ b/src/chrome/content/rules/myneighborsushicat.com.xml
@@ -0,0 +1,22 @@
+<!--
+	Invalid certificate:
+		ns1.myneighborsushicat.com
+		ns2.myneighborsushicat.com
+-->
+<ruleset name="myneighborsushicat.com">
+	<target host="myneighborsushicat.com" />
+	<target host="www.myneighborsushicat.com" />
+	<target host="ampache.myneighborsushicat.com" />
+	<target host="www.ampache.myneighborsushicat.com" />
+	<target host="cant-even-handle-the-club.myneighborsushicat.com" />
+	<target host="www.cant-even-handle-the-club.myneighborsushicat.com" />
+	<target host="danceswithkittens.myneighborsushicat.com" />
+	<target host="www.danceswithkittens.myneighborsushicat.com" />
+	<target host="mail.myneighborsushicat.com" />
+	<target host="quas-wex-quas-invoke.myneighborsushicat.com" />
+	<target host="www.quas-wex-quas-invoke.myneighborsushicat.com" />
+	<target host="server.myneighborsushicat.com" />
+	<target host="sushibin.myneighborsushicat.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/mynyp.org.xml b/src/chrome/content/rules/mynyp.org.xml
new file mode 100644
index 000000000000..dc795d92bfdc
--- /dev/null
+++ b/src/chrome/content/rules/mynyp.org.xml
@@ -0,0 +1,37 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- mynyp.org
+		- login.mynyp.org
+		- qlogin.mynyp.org
+		- queens.mynyp.org
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="myNYP.org">
+
+	<target host="mynyp.org" />
+	<target host="login.mynyp.org" />
+	<target host="qlogin.mynyp.org" />
+	<target host="queens.mynyp.org" />
+	<target host="www.mynyp.org" />
+
+		<!--	$ 403s, so:
+					-->
+		<test url="http://qlogin.mynyp.org/Signin.aspx?targetqs=%3fappid%3d6bf65eb0-f4f3-426b-aad3-7c18ae50979c%26lcid%3d1033%26redirect%3dhttps%253a%252f%252fqueens.mynyp.org%252fRedirect.aspx%26aib%3dtrue%26trm%3dpost&amp;iphrlang=en-US" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^mynyp\.org$" name="^(?:ASP\.NET_SessionId$|BIGipServer)" /-->
+	<!--securecookie host="^login\.mynyp\.org$" name="^BIGipServer" /-->
+	<!--securecookie host="^(?:qlogin|queens)\.mynyp\.org$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/myregextester.com.xml b/src/chrome/content/rules/myregextester.com.xml
new file mode 100644
index 000000000000..0ae1250c5f7e
--- /dev/null
+++ b/src/chrome/content/rules/myregextester.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="myregextester.com">
+	<target host="myregextester.com" />
+	<target host="www.myregextester.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/myrusakov.ru.xml b/src/chrome/content/rules/myrusakov.ru.xml
new file mode 100644
index 000000000000..d2c2d0c38069
--- /dev/null
+++ b/src/chrome/content/rules/myrusakov.ru.xml
@@ -0,0 +1,9 @@
+<ruleset name="myrusakov.ru">
+	<target host="myrusakov.ru" />
+	<target host="www.myrusakov.ru" />
+	<target host="blog.myrusakov.ru" />
+	<target host="srs.myrusakov.ru" />
+	<target host="support.myrusakov.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/mysku.ru.xml b/src/chrome/content/rules/mysku.ru.xml
new file mode 100644
index 000000000000..1895a78fd3ae
--- /dev/null
+++ b/src/chrome/content/rules/mysku.ru.xml
@@ -0,0 +1,19 @@
+<!--
+cdn.mysku.ru ¹
+go.mysku.ru ³
+aa.go.mysku.ru ¹
+epn.go.mysku.ru ²
+sl.go.mysku.ru ¹
+images.mysku.ru ¹
+
+
+¹ mismatch
+² refused
+³ timed out
+-->
+<ruleset name="mysku.ru">
+	<target host="mysku.ru" />
+	<target host="www.mysku.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/myslo.ru.xml b/src/chrome/content/rules/myslo.ru.xml
new file mode 100644
index 000000000000..e59f32167196
--- /dev/null
+++ b/src/chrome/content/rules/myslo.ru.xml
@@ -0,0 +1,8 @@
+<!-- chemodan. mismatch
+pobeda70. mismatch -->
+<ruleset name="myslo.ru">
+	<target host="myslo.ru" />
+	<target host="www.myslo.ru" />
+	<target host="img.myslo.ru" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/mysubwaycard.com.xml b/src/chrome/content/rules/mysubwaycard.com.xml
new file mode 100644
index 000000000000..0ce0474274b7
--- /dev/null
+++ b/src/chrome/content/rules/mysubwaycard.com.xml
@@ -0,0 +1,23 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- www.mysubwaycard.com
+
+-->
+<ruleset name="My Subway Card.com">
+
+	<target host="mysubwaycard.com" />
+	<target host="www.mysubwaycard.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.mysubwaycard\.com$" name="^(?:__utia$|BIGipServer|captcha_validation$|TS[\da-f]{8})$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/myswitzerland.com.xml b/src/chrome/content/rules/myswitzerland.com.xml
new file mode 100644
index 000000000000..f5f628efc6cf
--- /dev/null
+++ b/src/chrome/content/rules/myswitzerland.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="Switzerland Tourism" platform="mixedcontent">
+	<target host="myswitzerland.com"/>
+	<target host="www.myswitzerland.com"/>
+
+	<rule from="^http://(?:www\.)?myswitzerland\.com/"
+		to="https://www.myswitzerland.com/"/>
+</ruleset>
diff --git a/src/chrome/content/rules/myttk.ru.xml b/src/chrome/content/rules/myttk.ru.xml
new file mode 100644
index 000000000000..d988ddc24969
--- /dev/null
+++ b/src/chrome/content/rules/myttk.ru.xml
@@ -0,0 +1,88 @@
+<!--
+myttk.ru ³
+www.myttk.ru ³
+0.myttk.ru ³
+anzhero.myttk.ru ³
+barnaul.myttk.ru ³
+bd.myttk.ru ³
+belovo.myttk.ru ³
+bonus.myttk.ru ⁷
+www.bonus.myttk.ru ⁷
+brn-p2p02.myttk.ru ³
+brn-p2p03.myttk.ru ³
+cs.myttk.ru ³
+csm.myttk.ru ³
+decoder-kids.myttk.ru ³
+eltex.myttk.ru ³
+fly-server.myttk.ru ³
+forum.myttk.ru ³
+games.myttk.ru ³
+gmskmo.myttk.ru ³
+i.myttk.ru ⁷
+invoice.myttk.ru ³
+ivis.myttk.ru ³
+khabarovsk.myttk.ru ³
+kids.myttk.ru ³
+kmo-p2p01.myttk.ru ³
+kmo-p2p02.myttk.ru ³
+lipetsk.myttk.ru ³
+liski.myttk.ru ³
+livecast.myttk.ru ³
+mail.myttk.ru ²
+mirror.myttk.ru ³
+mon.myttk.ru ³
+mtest.myttk.ru ³
+named.myttk.ru ³
+nizhnevartovsk.myttk.ru ³
+nkz-p2p01.myttk.ru ³
+nkz-p2p02.myttk.ru ³
+novokuznetsk.myttk.ru ³
+ns22.myttk.ru ³
+ns32.myttk.ru ³
+ns42.myttk.ru ³
+ns43.myttk.ru ³
+ns55.myttk.ru ³
+ns70.myttk.ru ³
+nsk.myttk.ru ³
+nsk-p2p01.myttk.ru ³
+nsk-p2p02.myttk.ru ³
+nsk-p2p03.myttk.ru ³
+nsk-retracker.myttk.ru ³
+nsk-rsyncp2p.myttk.ru ³
+old.myttk.ru ³
+omk-p2p02.myttk.ru ³
+omk-p2p03.myttk.ru ³
+omsk.myttk.ru ³
+prokopyevsk.myttk.ru ³
+proxy-hls1.myttk.ru ³
+pytyah.myttk.ru ³
+realty.myttk.ru ³
+rezh.myttk.ru ³
+speed-brn.myttk.ru ³
+speed-kmo.myttk.ru ³
+speed-nkz.myttk.ru ³
+speed-nsk.myttk.ru ³
+speed-omk.myttk.ru ³
+speed-tmk.myttk.ru ³
+speedtest.myttk.ru ³
+stream54.myttk.ru ²
+tmk-mms01.myttk.ru ³
+tmk-p2p01.myttk.ru ³
+tmk-p2p02.myttk.ru ³
+torrents.myttk.ru ²
+update.myttk.ru ³
+video.myttk.ru ³
+yakutsk.myttk.ru ³
+zsttk1.myttk.ru ³
+zsttk2.myttk.ru ³
+
+
+² refused
+³ timed out
+⁷ protocol error
+-->
+<ruleset name="myttk.ru (partial)">
+	<target host="stat.myttk.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/myuni-form.com.xml b/src/chrome/content/rules/myuni-form.com.xml
new file mode 100644
index 000000000000..ffa467ce5314
--- /dev/null
+++ b/src/chrome/content/rules/myuni-form.com.xml
@@ -0,0 +1,16 @@
+<!--
+	^myuni-form.com: Differs from http
+
+-->
+<ruleset name="Myuni-form.com (partial)">
+
+	<target host="www.myuni-form.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/mywinamp.com.xml b/src/chrome/content/rules/mywinamp.com.xml
new file mode 100644
index 000000000000..2a4d19ddd981
--- /dev/null
+++ b/src/chrome/content/rules/mywinamp.com.xml
@@ -0,0 +1,11 @@
+<!--
+	Refused:
+		autodiscover.mywinamp.com
+		ftp.mywinamp.com
+-->
+<ruleset name="mywinamp.com">
+	<target host="mywinamp.com" />
+	<target host="www.mywinamp.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/myworldofwork.co.uk.xml b/src/chrome/content/rules/myworldofwork.co.uk.xml
new file mode 100644
index 000000000000..7889d8a7f188
--- /dev/null
+++ b/src/chrome/content/rules/myworldofwork.co.uk.xml
@@ -0,0 +1,29 @@
+<!--
+	For other Skills Development Scotland coverage, see skillsdevelopmentscotland.co.uk.xml.
+
+
+	^myworldofwork.co.uk: Expired, mismatched
+
+-->
+<ruleset name="My World of Work.co.uk">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.myworldofwork.co.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="myworldofwork.co.uk" />
+
+
+	<securecookie host="^\." name="^_gat?$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://myworldofwork\.co\.uk/"
+		to="https://www.myworldofwork.co.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/myzuka.fm.xml b/src/chrome/content/rules/myzuka.fm.xml
new file mode 100644
index 000000000000..1e724d78d6b7
--- /dev/null
+++ b/src/chrome/content/rules/myzuka.fm.xml
@@ -0,0 +1,92 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cs0.myzuka.fm/img/71/8343891/22578542.jpg => https://cs0.myzuka.fm/img/71/8343891/22578542.jpg: (51, "SSL: no alternative certificate subject name matches target host name 'cs0.myzuka.fm'")
+Fetch error: http://cs1.myzuka.fm/img/71/7909658/21784869.jpg => https://cs1.myzuka.fm/img/71/7909658/21784869.jpg: (51, "SSL: no alternative certificate subject name matches target host name 'cs1.myzuka.fm'")
+Fetch error: http://cs10.myzuka.fm/img/68/8391619/22687139.jpg => https://cs10.myzuka.fm/img/68/8391619/22687139.jpg: (51, "SSL: no alternative certificate subject name matches target host name 'cs10.myzuka.fm'")
+Fetch error: http://cs13.myzuka.fm/img/68/5165428/14017957.jpg => https://cs13.myzuka.fm/img/68/5165428/14017957.jpg: (51, "SSL: no alternative certificate subject name matches target host name 'cs13.myzuka.fm'")
+Fetch error: http://cs14.myzuka.fm/img/68/3990517/16905417.jpg => https://cs14.myzuka.fm/img/68/3990517/16905417.jpg: (51, "SSL: no alternative certificate subject name matches target host name 'cs14.myzuka.fm'")
+Fetch error: http://cs15.myzuka.fm/img/68/9694300/25421648.jpg => https://cs15.myzuka.fm/img/68/9694300/25421648.jpg: (51, "SSL: no alternative certificate subject name matches target host name 'cs15.myzuka.fm'")
+Fetch error: http://cs19.myzuka.fm/img/69/1273587/5925474.jpg => https://cs19.myzuka.fm/img/69/1273587/5925474.jpg: (51, "SSL: no alternative certificate subject name matches target host name 'cs19.myzuka.fm'")
+Fetch error: http://cs3.myzuka.fm/img/71/5267567/15072707.jpg => https://cs3.myzuka.fm/img/71/5267567/15072707.jpg: (51, "SSL: no alternative certificate subject name matches target host name 'cs3.myzuka.fm'")
+Fetch error: http://cs4.myzuka.fm/img/70/6896031/19805111.jpg => https://cs4.myzuka.fm/img/70/6896031/19805111.jpg: (51, "SSL: no alternative certificate subject name matches target host name 'cs4.myzuka.fm'")
+Fetch error: http://cs5.myzuka.fm/img/70/5820410/17804165.jpg => https://cs5.myzuka.fm/img/70/5820410/17804165.jpg: (51, "SSL: no alternative certificate subject name matches target host name 'cs5.myzuka.fm'")
+Fetch error: http://cs9.myzuka.fm/img/68/6052976/18290207.jpg => https://cs9.myzuka.fm/img/68/6052976/18290207.jpg: (51, "SSL: no alternative certificate subject name matches target host name 'cs9.myzuka.fm'")
+Fetch error: http://cs0.myzuka.fm/ => https://cs0.myzuka.fm/: (51, "SSL: no alternative certificate subject name matches target host name 'cs0.myzuka.fm'")
+Fetch error: http://cs1.myzuka.fm/ => https://cs1.myzuka.fm/: (51, "SSL: no alternative certificate subject name matches target host name 'cs1.myzuka.fm'")
+Fetch error: http://cs10.myzuka.fm/ => https://cs10.myzuka.fm/: (51, "SSL: no alternative certificate subject name matches target host name 'cs10.myzuka.fm'")
+Fetch error: http://cs11.myzuka.fm/ => https://cs11.myzuka.fm/: (51, "SSL: no alternative certificate subject name matches target host name 'cs11.myzuka.fm'")
+Fetch error: http://cs12.myzuka.fm/ => https://cs12.myzuka.fm/: (6, 'Could not resolve host: cs12.myzuka.fm')
+Fetch error: http://cs13.myzuka.fm/ => https://cs13.myzuka.fm/: (51, "SSL: no alternative certificate subject name matches target host name 'cs13.myzuka.fm'")
+Fetch error: http://cs14.myzuka.fm/ => https://cs14.myzuka.fm/: (51, "SSL: no alternative certificate subject name matches target host name 'cs14.myzuka.fm'")
+Fetch error: http://cs15.myzuka.fm/ => https://cs15.myzuka.fm/: (51, "SSL: no alternative certificate subject name matches target host name 'cs15.myzuka.fm'")
+Fetch error: http://cs16.myzuka.fm/ => https://cs16.myzuka.fm/: (6, 'Could not resolve host: cs16.myzuka.fm')
+Fetch error: http://cs17.myzuka.fm/ => https://cs17.myzuka.fm/: (6, 'Could not resolve host: cs17.myzuka.fm')
+Fetch error: http://cs18.myzuka.fm/ => https://cs18.myzuka.fm/: (6, 'Could not resolve host: cs18.myzuka.fm')
+Fetch error: http://cs19.myzuka.fm/ => https://cs19.myzuka.fm/: (51, "SSL: no alternative certificate subject name matches target host name 'cs19.myzuka.fm'")
+Fetch error: http://cs2.myzuka.fm/ => https://cs2.myzuka.fm/: (6, 'Could not resolve host: cs2.myzuka.fm')
+Fetch error: http://cs3.myzuka.fm/ => https://cs3.myzuka.fm/: (51, "SSL: no alternative certificate subject name matches target host name 'cs3.myzuka.fm'")
+Fetch error: http://cs4.myzuka.fm/ => https://cs4.myzuka.fm/: (51, "SSL: no alternative certificate subject name matches target host name 'cs4.myzuka.fm'")
+Fetch error: http://cs5.myzuka.fm/ => https://cs5.myzuka.fm/: (51, "SSL: no alternative certificate subject name matches target host name 'cs5.myzuka.fm'")
+Fetch error: http://cs6.myzuka.fm/ => https://cs6.myzuka.fm/: (6, 'Could not resolve host: cs6.myzuka.fm')
+Fetch error: http://cs7.myzuka.fm/ => https://cs7.myzuka.fm/: (6, 'Could not resolve host: cs7.myzuka.fm')
+Fetch error: http://cs8.myzuka.fm/ => https://cs8.myzuka.fm/: (6, 'Could not resolve host: cs8.myzuka.fm')
+Fetch error: http://cs9.myzuka.fm/ => https://cs9.myzuka.fm/: (51, "SSL: no alternative certificate subject name matches target host name 'cs9.myzuka.fm'")
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- myzuka.fm
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Myzuka.fm" default_off="failed ruleset test">
+
+	<target host="myzuka.fm" />
+	<target host="cs0.myzuka.fm" />
+	<target host="cs1.myzuka.fm" />
+	<target host="cs10.myzuka.fm" />
+	<target host="cs11.myzuka.fm" />
+	<target host="cs12.myzuka.fm" />
+	<target host="cs13.myzuka.fm" />
+	<target host="cs14.myzuka.fm" />
+	<target host="cs15.myzuka.fm" />
+	<target host="cs16.myzuka.fm" />
+	<target host="cs17.myzuka.fm" />
+	<target host="cs18.myzuka.fm" />
+	<target host="cs19.myzuka.fm" />
+	<target host="cs2.myzuka.fm" />
+	<target host="cs3.myzuka.fm" />
+	<target host="cs4.myzuka.fm" />
+	<target host="cs5.myzuka.fm" />
+	<target host="cs6.myzuka.fm" />
+	<target host="cs7.myzuka.fm" />
+	<target host="cs8.myzuka.fm" />
+	<target host="cs9.myzuka.fm" />
+	<target host="www.myzuka.fm" />
+
+		<test url="http://cs0.myzuka.fm/img/71/8343891/22578542.jpg" />
+		<test url="http://cs1.myzuka.fm/img/71/7909658/21784869.jpg" />
+		<test url="http://cs10.myzuka.fm/img/68/8391619/22687139.jpg" />
+		<test url="http://cs13.myzuka.fm/img/68/5165428/14017957.jpg" />
+		<test url="http://cs14.myzuka.fm/img/68/3990517/16905417.jpg" />
+		<test url="http://cs15.myzuka.fm/img/68/9694300/25421648.jpg" />
+		<test url="http://cs19.myzuka.fm/img/69/1273587/5925474.jpg" />
+		<test url="http://cs3.myzuka.fm/img/71/5267567/15072707.jpg" />
+		<test url="http://cs4.myzuka.fm/img/70/6896031/19805111.jpg" />
+		<test url="http://cs5.myzuka.fm/img/70/5820410/17804165.jpg" />
+		<test url="http://cs9.myzuka.fm/img/68/6052976/18290207.jpg" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^myzuka\.fm$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/n-tv.de.xml b/src/chrome/content/rules/n-tv.de.xml
new file mode 100644
index 000000000000..aca33a93a751
--- /dev/null
+++ b/src/chrome/content/rules/n-tv.de.xml
@@ -0,0 +1,36 @@
+<!--
+	This domain contains a wildcard DNS record.
+-->
+<ruleset name="n-tv.de (partial)">
+
+	<target host="n-tv.de" />
+	<target host="www.n-tv.de" />
+	<target host="access.n-tv.de" />
+	<target host="amp.n-tv.de" />
+	<target host="ampi.n-tv.de" />
+	<target host="apps.n-tv.de" />
+	<target host="apps-cloud.n-tv.de" />
+	<target host="arkadiumgames.n-tv.de" />
+	<target host="bilder.n-tv.de" />
+	<target host="bilder1.n-tv.de" />
+	<target host="bilder2.n-tv.de" />
+	<target host="bilder3.n-tv.de" />
+	<target host="bilder4.n-tv.de" />
+	<target host="firmen.n-tv.de" />
+	<target host="hbbtv.n-tv.de" />
+	<target host="images.n-tv.de" />
+	<target host="kommunikation.n-tv.de" />
+	<target host="kursdaten.n-tv.de" />
+	<target host="m.n-tv.de" />
+	<target host="maps.n-tv.de" />
+	<target host="mobil.n-tv.de" />
+	<target host="mobile.n-tv.de" />
+	<target host="preisvergleich.n-tv.de" />
+	<target host="stream.n-tv.de" />
+	<target host="tools.n-tv.de" />
+	<target host="tools2.n-tv.de" />
+	<target host="video.n-tv.de" />
+
+	<rule from="^http:" to="https:"/>
+
+</ruleset>
diff --git a/src/chrome/content/rules/n210adserv.com.xml b/src/chrome/content/rules/n210adserv.com.xml
new file mode 100644
index 000000000000..ee96727ea7a6
--- /dev/null
+++ b/src/chrome/content/rules/n210adserv.com.xml
@@ -0,0 +1,37 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://n210adserv.com/ => https://n210adserv.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.n210adserv.com/ => https://www.n210adserv.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- n210adserv.com
+		- .n210adserv.com
+		- www.n210adserv.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="n210adserv.com" default_off="failed ruleset test">
+
+	<target host="n210adserv.com" />
+	<target host="www.n210adserv.com" />
+
+		<!--	Sets cookies without Secure:
+							-->
+		<!--test url="http://n210adserv.com/ads?key=&amp;ch=" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?n210adserv\.com$" name="^APPSESSIONID$" /-->
+	<!--securecookie host="^\.n210adserv\.com$" name="^(?:d[bc]v\d+|epomUUID)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/nachrichtendienstgesetz.ch.xml b/src/chrome/content/rules/nachrichtendienstgesetz.ch.xml
new file mode 100644
index 000000000000..02f81461d9d0
--- /dev/null
+++ b/src/chrome/content/rules/nachrichtendienstgesetz.ch.xml
@@ -0,0 +1,17 @@
+<!--
+	Mismatch:
+		- beta.nachrichtendienstgesetz.ch
+-->
+<ruleset name="Nachrichtendienstgesetz.ch">
+
+	<target host="nachrichtendienstgesetz.ch" />
+	<target host="www.nachrichtendienstgesetz.ch" />
+	<target host="check.nachrichtendienstgesetz.ch" />
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/nag.ru.xml b/src/chrome/content/rules/nag.ru.xml
new file mode 100644
index 000000000000..c7630c0e0ce7
--- /dev/null
+++ b/src/chrome/content/rules/nag.ru.xml
@@ -0,0 +1,50 @@
+<!--
+academy.nag.ru ³
+cctv.nag.ru ⁴
+www.cros.nag.ru ¹
+css.nag.ru ¹
+data.nag.ru ¹
+dev.nag.ru ⁴
+callme.dev.nag.ru ⁴
+eburg.nag.ru ⁴
+epn.nag.ru ¹
+img.nag.ru ¹
+js.nag.ru ¹
+lab.nag.ru ³
+news.nag.ru ¹
+ns1.nag.ru ⁴
+ns2.nag.ru ¹
+ns3.nag.ru ³
+oldshop.nag.ru ³
+p.nag.ru ¹
+pbx.nag.ru ³
+ping.nag.ru ¹
+prov.nag.ru ¹
+rtcomm.nag.ru ¹
+saup.nag.ru ⁴
+www.shop.nag.ru ¹
+wiki.nag.ru ⁴
+work.nag.ru ²
+www.nag.ru different content
+cros.nag.ru different content
+forum.nag.ru mixed content
+
+
+¹ mismatch
+² refused
+³ timed out
+⁴ self signed
+-->
+<ruleset name="nag.ru">
+	<target host="nag.ru" />
+	<target host="fpst.nag.ru" />
+	<target host="shop.nag.ru" />
+	<target host="support.nag.ru" />
+
+	<target host="www.nag.ru" />
+
+	<rule from="^http://www\.nag\.ru/"
+		to="https://nag.ru/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/namescon.com.xml b/src/chrome/content/rules/namescon.com.xml
new file mode 100644
index 000000000000..5960e01f5997
--- /dev/null
+++ b/src/chrome/content/rules/namescon.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- namescon.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="NamesCon.com">
+
+	<target host="namescon.com" />
+	<target host="www.namescon.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^namescon\.com$" name="^crumb$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/namibgrens.com.xml b/src/chrome/content/rules/namibgrens.com.xml
new file mode 100644
index 000000000000..0c6bedecf52a
--- /dev/null
+++ b/src/chrome/content/rules/namibgrens.com.xml
@@ -0,0 +1,15 @@
+<!--
+	Invalid certificate:
+		ftp.namibgrens.com
+		imap.namibgrens.com
+		mail.namibgrens.com
+		pop.namibgrens.com
+		relay.namibgrens.com
+		smtp.namibgrens.com
+-->
+<ruleset name="namibgrens.com">
+	<target host="namibgrens.com" />
+	<target host="www.namibgrens.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/nap-pflanzenschutz.de.xml b/src/chrome/content/rules/nap-pflanzenschutz.de.xml
new file mode 100644
index 000000000000..9e00da582f99
--- /dev/null
+++ b/src/chrome/content/rules/nap-pflanzenschutz.de.xml
@@ -0,0 +1,10 @@
+<ruleset name="NAP-Pflanzenschutz.de">
+
+	<target host="nap-pflanzenschutz.de" />
+	<target host="www.nap-pflanzenschutz.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/napster.com.xml b/src/chrome/content/rules/napster.com.xml
new file mode 100644
index 000000000000..bcab8a632f8f
--- /dev/null
+++ b/src/chrome/content/rules/napster.com.xml
@@ -0,0 +1,47 @@
+<!--
+	For other Rhapsody International coverage, see Rhapsody.xml.
+
+
+	Nonfunctional hosts in *napster.com:
+
+		- blog ⁴
+
+	⁴ 404
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- .napster.com
+		- account.napster.com
+		- order.napster.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Napster.com (partial)">
+
+	<target host="account.napster.com" />
+	<target host="app.napster.com" />
+	<target host="nl.napster.com" />
+	<target host="order.napster.com" />
+	<target host="us.napster.com" />
+
+		<!--	Sets cookie without Secure:
+							-->
+		<!--test url="http://order.napster.com/checkout/coupon" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.napster\.com$" name="^(?:language|orderurl)$" /-->
+	<!--securecookie host="^account\.napster\.com$" name="^JSESSIONID$" /-->
+	<!--securecookie host="^order\.napster\.com$" name="^(?:JSESSIONID$|NSC_)" /-->
+
+	<securecookie host="^\." name="^(?:_gat?$|_gat_|optimizely)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/narcity.xml b/src/chrome/content/rules/narcity.xml
new file mode 100644
index 000000000000..c8389e4d2b62
--- /dev/null
+++ b/src/chrome/content/rules/narcity.xml
@@ -0,0 +1,11 @@
+<ruleset name="narcity.com">
+	<target host="narcity.com" />
+	<target host="*.narcity.com" />
+
+	<test url="http://travel.narcity.com/hotels/results/?city_id=800056409" />
+	<test url="http://market.narcity.com/password" />
+  <test url="http://www.narcity.com/u/2019/07/29/7a89228413aec39e61fd7e425d92cd8b.png" />
+
+  <rule from="^http:"
+          to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/narodnipanel.cz.xml b/src/chrome/content/rules/narodnipanel.cz.xml
new file mode 100644
index 000000000000..27d3aed47ca9
--- /dev/null
+++ b/src/chrome/content/rules/narodnipanel.cz.xml
@@ -0,0 +1,7 @@
+<ruleset name="Český národní panel">
+    <target host="narodnipanel.cz" />
+    <target host="www.narodnipanel.cz" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/nasawestprime.com.xml b/src/chrome/content/rules/nasawestprime.com.xml
new file mode 100644
index 000000000000..1c2582ca69b0
--- /dev/null
+++ b/src/chrome/content/rules/nasawestprime.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Note: platform is so as not to increase non-Tor
+	distinguishability, given that no pages are covered
+	and no mixed content secured.
+
+
+	Mixed content:
+
+		- css on wpsites from fonts.googleapis.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="nasawestprime.com" platform="mixedcontent">
+
+	<target host="wpsites.nasawestprime.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/nasdaqtrader.com.xml b/src/chrome/content/rules/nasdaqtrader.com.xml
new file mode 100644
index 000000000000..be4437ff86f9
--- /dev/null
+++ b/src/chrome/content/rules/nasdaqtrader.com.xml
@@ -0,0 +1,18 @@
+<!--
+	Nonfunctional subdomains:
+
+	Certificate mismatch:
+
+	beta.nasdaqtrader.com
+	classic.nasdaqtrader.com
+	ftp.nasdaqtrader.com
+	m.nasdaqtrader.com
+	tickpilotappendixb.nasdaqtrader.com
+-->
+
+<ruleset name="nasdaqtrader.com">
+	<target host="nasdaqtrader.com" />
+	<target host="www.nasdaqtrader.com" />
+	
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/nashnet.ua.xml b/src/chrome/content/rules/nashnet.ua.xml
new file mode 100644
index 000000000000..57f77fc4b501
--- /dev/null
+++ b/src/chrome/content/rules/nashnet.ua.xml
@@ -0,0 +1,11 @@
+<ruleset name="nashnet.ua">
+	<target host="nashnet.ua" />
+	<target host="www.nashnet.ua" />
+	<target host="billing.nashnet.ua" />
+	<target host="forum.nashnet.ua" />
+	<target host="my.nashnet.ua" />
+	<target host="storage.nashnet.ua" />
+	<target host="todo.nashnet.ua" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/nationalinterest.org.xml b/src/chrome/content/rules/nationalinterest.org.xml
new file mode 100644
index 000000000000..8047ca7f4d41
--- /dev/null
+++ b/src/chrome/content/rules/nationalinterest.org.xml
@@ -0,0 +1,34 @@
+<!--
+	Nonfunctional hosts in *nationalinterest.org:
+
+		- stage ᵖ
+
+	ᵖ Plaintext reply
+
+
+	Mixed content:
+
+		- css from $self ˢ
+
+		- Images, from:
+
+			- ^nationalinterest.org ˢ
+			- $self ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="National Interest.org (partial)" platform="mixedcontent">
+
+	<target host="nationalinterest.org" />
+	<target host="www.nationalinterest.org" />
+
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/nationalparks.gov.uk.xml b/src/chrome/content/rules/nationalparks.gov.uk.xml
new file mode 100644
index 000000000000..d83cec7251bc
--- /dev/null
+++ b/src/chrome/content/rules/nationalparks.gov.uk.xml
@@ -0,0 +1,76 @@
+<!--
+	The Association Of National Park Authorities
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Problematic hosts in *nationalparks.gov.uk:
+
+		- ^ ʳ
+		- apna ᶜ ᵐ
+		- extranet ᶜ ᵐ
+		- nymdev ᶜ ᵐ
+		- southdowns ᶜ ᵐ
+		- weather ᶜ ᵐ
+		- www ᶜ
+
+	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
+	ᵐ Mismatched
+	ʳ Refused, preemptable redirect
+
+
+	Insecure cookies are set for these hosts:
+
+		- apna.nationalparks.gov.uk
+		- extranet.nationalparks.gov.uk
+		- secure.nationalparks.gov.uk
+		- southdowns.nationalparks.gov.uk
+		- www.nationalparks.gov.uk
+		- . . .
+
+-->
+<ruleset name="National Parks.gov.uk (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="secure.nationalparks.gov.uk" />
+	<!--target host="www.nationalparks.gov.uk" /-->
+
+	<!--	Complications:
+				-->
+	<!--target host="nationalparks.gov.uk" /-->
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.nationalparks\.gov\.uk/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="^http://(?:www\.)?nationalparks\.gov\.uk/(?!/*(?:__data|design/css)/)" /-->
+
+			<!--	+ve:
+					-->
+			<!--test url="http://www.nationalparks.gov.uk/home" /-->
+			<!--test url="http://www.nationalparks.gov.uk/pdshop/" /-->
+			<!--test url="http://www.nationalparks.gov.uk/visiting" /-->
+
+			<!--	-ve:
+					-->
+			<!--test url="http://nationalparks.gov.uk/__data/assets/file/0009/623583/top.svg" /-->
+			<!--test url="http://www.nationalparks.gov.uk/design/css/deluxe.css" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:apna|extranet|secure|southdowns|weather|www)\.nationalparks\.gov\.uk$" name="^SQ_SYSTEM_SESSION$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<!--rule from="^http://nationalparks\.gov\.uk/"
+		to="https://www.nationalparks.gov.uk/" /-->
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/natoonline.org.xml b/src/chrome/content/rules/natoonline.org.xml
new file mode 100644
index 000000000000..af6e7ad26403
--- /dev/null
+++ b/src/chrome/content/rules/natoonline.org.xml
@@ -0,0 +1,6 @@
+<ruleset name="natoonline.org">
+	<target host="natoonline.org"/>
+	<target host="www.natoonline.org"/>
+
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/naturedestinations.ca.xml b/src/chrome/content/rules/naturedestinations.ca.xml
new file mode 100644
index 000000000000..b6edf272f2ea
--- /dev/null
+++ b/src/chrome/content/rules/naturedestinations.ca.xml
@@ -0,0 +1,6 @@
+<ruleset name="naturedestinations.ca">
+	<target host="naturedestinations.ca" />
+	<target host="www.naturedestinations.ca" />
+	
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/naukimg.com.xml b/src/chrome/content/rules/naukimg.com.xml
new file mode 100644
index 000000000000..ea4267dbd249
--- /dev/null
+++ b/src/chrome/content/rules/naukimg.com.xml
@@ -0,0 +1,22 @@
+<!--
+	For other naukimg.com related rulesets, see Naukri.xml
+
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- naukimg.com
+
+		Peer certificate cannot be authenticated with given CA certificates:
+		- suggest.naukimg.com
+-->
+<ruleset name="Naukimg.com">
+	<target host="bms.naukimg.com" />
+	<target host="css.naukimg.com" />
+	<target host="img.naukimg.com" />
+	<target host="js.naukimg.com" />
+	<target host="np.naukimg.com" />
+	<target host="p.naukimg.com" />
+	<target host="static.naukimg.com" />
+	<target host="suggestlg.naukimg.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/naunet.ru.xml b/src/chrome/content/rules/naunet.ru.xml
new file mode 100644
index 000000000000..74002f930d78
--- /dev/null
+++ b/src/chrome/content/rules/naunet.ru.xml
@@ -0,0 +1,26 @@
+<!--
+dns1.naunet.ru ³
+dns2.naunet.ru ³
+dns1.expired.naunet.ru ³
+dns2.expired.naunet.ru ³
+gw.naunet.ru ³
+nhs1.naunet.ru ⁴
+nhs2.naunet.ru ⁴
+dns1.parking.naunet.ru ³
+dns2.parking.naunet.ru ³
+whois.naunet.ru ³
+
+
+³ timed out
+⁴ self signed
+-->
+<ruleset name="naunet.ru">
+	<target host="naunet.ru" />
+	<target host="www.naunet.ru" />
+	<target host="border.naunet.ru" />
+	<target host="client.naunet.ru" />
+	<target host="ssbase.naunet.ru" />
+	<target host="stat.naunet.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/nav.no.xml b/src/chrome/content/rules/nav.no.xml
new file mode 100644
index 000000000000..5838a12108fa
--- /dev/null
+++ b/src/chrome/content/rules/nav.no.xml
@@ -0,0 +1,42 @@
+<!--
+	Nonfunctional hosts in *nav.no:
+
+		- bob ⁴
+		- www.sykmelding ⁴
+
+	⁴ 404
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- sykmelding.nav.no
+		- tjenester.nav.no
+		- www.nav.no
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Nav.no (partial)">
+
+	<target host="nav.no" />
+	<target host="appres.nav.no" />
+	<target host="sykmelding.nav.no" />
+	<target host="tjenester.nav.no" />
+	<target host="www.nav.no" />
+
+		<test url="http://appres.nav.no/_public/appressurser/built-appres-v2/img/navno/gfx/mainmenu/sok_liten_graa.png" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^sykmelding\.nav\.no$" name="^(?:\.ASPXAUTH|ASP\.NetSessionId)$" /-->
+	<!--securecookie host="^(?:tjenester|www)\.nav\.no$" name="^BIGipServer" /-->
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/naver.com.xml b/src/chrome/content/rules/naver.com.xml
new file mode 100644
index 000000000000..fd1929e7becf
--- /dev/null
+++ b/src/chrome/content/rules/naver.com.xml
@@ -0,0 +1,31 @@
+<!--
+	For other Naver Corporation coverage, see Naver_Corp.com.xml.
+-->
+<ruleset name="naver.com">
+
+	<target host="naver.com" />
+	<target host="*.naver.com" />
+	
+	<test url="http://blog.naver.com/naver_diary/222239075265"/>
+	<test url="http://vibe.naver.com/track/41684117"/>
+	<test url="http://tv.naver.com/v/12898082"/>
+	<test url="http://finance.naver.com/item/main.nhn?code=005930"/>
+	<test url="http://serieson.naver.com/movie/detail.nhn?productNo=5843892"/>
+	<test url="http://cafe.naver.com/googlesupport/18030"/>
+	<test url="http://book.naver.com/bookdb/book_detail.nhn?bid=6252900"/>
+	<test url="http://series.naver.com/comic/detail.nhn?productNo=3918155"/>
+	<test url="http://privacy.naver.com/policy_and_law/policy?menu=policy_personal_information_policy"/>
+	<test url="http://map.naver.com/v5/search/%EA%B2%BD%EB%B3%B5%EA%B6%81/place/11571707"/>
+	<test url="http://en.dict.naver.com/#/entry/enko/712e9f142f194808aad4ccb25c40532e"/>
+	<test url="http://post.naver.com/viewer/postView.nhn?volumeNo=22165249"/>
+	<test url="http://academic.naver.com/article.naver?doc_id=420959127"/>
+	<test url="http://developers.naver.com/docs/papago/"/>
+	<test url="http://d2.naver.com/helloworld/1469717"/>
+	<test url="http://datalab.naver.com/local/trend.naver"/>
+	<test url="http://www.naver.com/NOTICE/read/1100001014/10000000000030670899"/>
+	<test url="http://movie.naver.com/movie/bi/mi/basic.nhn?code=10684"/>
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/nawadir.org.xml b/src/chrome/content/rules/nawadir.org.xml
new file mode 100644
index 000000000000..3f1b7e1986a3
--- /dev/null
+++ b/src/chrome/content/rules/nawadir.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="nawadir.org">
+	<target host="nawadir.org" />
+	<target host="www.nawadir.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/nchr.io.xml b/src/chrome/content/rules/nchr.io.xml
new file mode 100644
index 000000000000..8c8369e4e2bf
--- /dev/null
+++ b/src/chrome/content/rules/nchr.io.xml
@@ -0,0 +1,9 @@
+<ruleset name="nchr.io">
+
+	<target host="mcp.bucket.nchr.io" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/nciphub.org.xml b/src/chrome/content/rules/nciphub.org.xml
new file mode 100644
index 000000000000..d62c77e064a4
--- /dev/null
+++ b/src/chrome/content/rules/nciphub.org.xml
@@ -0,0 +1,15 @@
+<!--
+	STS header includes includeSubdomains
+
+-->
+<ruleset name="NCIP Hub.org">
+
+	<target host="nciphub.org" />
+	<target host="www.nciphub.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ncp-e.com.xml b/src/chrome/content/rules/ncp-e.com.xml
new file mode 100644
index 000000000000..a4dd484af4a7
--- /dev/null
+++ b/src/chrome/content/rules/ncp-e.com.xml
@@ -0,0 +1,21 @@
+<!--
+	Nonfunctional hosts in *ncp-e.com:
+
+		- vpnhaus ᵃ
+
+	ᵃ Shows www.ncp-e.com
+
+-->
+<ruleset name="NCP-E.com (partial)">
+
+	<target host="ncp-e.com" />
+	<target host="www.ncp-e.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/nczonline.net.xml b/src/chrome/content/rules/nczonline.net.xml
new file mode 100644
index 000000000000..7f7a6281b179
--- /dev/null
+++ b/src/chrome/content/rules/nczonline.net.xml
@@ -0,0 +1,54 @@
+<!--
+	^nczonline.net: Refused
+
+
+	Partially covered hosts in *nczonline.net:
+
+		- feeds *
+
+	* Not all paths redirect
+
+-->
+<ruleset name="NCZOnline.net (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.nczonline.net" />
+
+	<!--	Complications:
+				-->
+	<target host="nczonline.net" />
+	<target host="feeds.nczonline.net" />
+
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://nczonline\.net/"
+		to="https://www.nczonline.net/" />
+
+	<!--	Redirect keeps forward slashes:
+						-->
+	<rule from="^http://feeds\.nczonline\.net/blog"
+		to="https://feeds.feedburner.com/nczonline" />
+
+		<!--	404:
+				-->
+		<exclusion pattern="^http://feeds\.nczonline\.net/(?!blog/*(?:$|\?))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://feeds.nczonline.net//blog/" />
+			<test url="http://feeds.nczonline.net/blog/index.xml" />
+			<test url="http://feeds.nczonline.net/index.htm" />
+			<test url="http://feeds.nczonline.net/index.xml" />
+
+			<!--	-ve:
+					-->
+			<test url="http://feeds.nczonline.net/blog/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ndm9.net.xml b/src/chrome/content/rules/ndm9.net.xml
new file mode 100644
index 000000000000..43608a66ae18
--- /dev/null
+++ b/src/chrome/content/rules/ndm9.net.xml
@@ -0,0 +1,12 @@
+<!--
+ndm9.net ⁴
+www.ndm9.net ⁴
+
+
+⁴ self signed
+-->
+<ruleset name="ndm9.net (partial)">
+	<target host="cgit.ndm9.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/neighbourhoodalert.co.uk.xml b/src/chrome/content/rules/neighbourhoodalert.co.uk.xml
new file mode 100644
index 000000000000..672c3c174d69
--- /dev/null
+++ b/src/chrome/content/rules/neighbourhoodalert.co.uk.xml
@@ -0,0 +1,50 @@
+<!--
+	Nonfunctional hosts in *neighbourhoodalert.co.uk:
+
+		- derbyshirebusiness ᶠ
+
+	ᶠ Handshake fails
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- business-registration.neighbourhoodalert.co.uk
+		- member-admin.neighbourhoodalert.co.uk
+		- member-registration.neighbourhoodalert.co.uk
+		- socialsense.neighbourhoodalert.co.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Neighbourhood Alert.co.uk (partial)">
+
+	<target host="neighbourhoodalert.co.uk" />
+	<target host="api.neighbourhoodalert.co.uk" />
+	<target host="business-registration.neighbourhoodalert.co.uk" />
+	<target host="member-admin.neighbourhoodalert.co.uk" />
+	<target host="member-registration.neighbourhoodalert.co.uk" />
+	<target host="socialsense.neighbourhoodalert.co.uk" />
+	<target host="twitter.neighbourhoodalert.co.uk" />
+	<target host="www.neighbourhoodalert.co.uk" />
+
+		<!--	$ 403s, so:
+					-->
+		<test url="http://api.neighbourhoodalert.co.uk/api/RSS" />
+
+		<!--	$ 500s, so:
+					-->
+		<test url="http://twitter.neighbourhoodalert.co.uk/MessageIcons.css" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:(?:business|member)-registration|member-admin)\.neighbourhoodalert\.co\.uk$" name="^association_idx_cookie$" /-->
+	<!--securecookie host="^socialsense\.neighbourhoodalert\.co\.uk$" name="^(?:\.ASPXAUTH|__RequestVerificationToken|ASP\.NET_SessionId)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/neighbourhoodlink.co.uk.xml b/src/chrome/content/rules/neighbourhoodlink.co.uk.xml
new file mode 100644
index 000000000000..d93a548218aa
--- /dev/null
+++ b/src/chrome/content/rules/neighbourhoodlink.co.uk.xml
@@ -0,0 +1,13 @@
+<ruleset name="Neighbourhood Link.co.uk">
+
+	<target host="neighbourhoodlink.co.uk" />
+	<target host="www.neighbourhoodlink.co.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/nemui.org.xml b/src/chrome/content/rules/nemui.org.xml
new file mode 100644
index 000000000000..e860629a691f
--- /dev/null
+++ b/src/chrome/content/rules/nemui.org.xml
@@ -0,0 +1,14 @@
+<ruleset name="nemui.org">
+
+	<target host="mozshot.nemui.org" />
+
+		<test url="http://mozshot.nemui.org/shot/35x30?http://audio-digital-nation.tuxfamily.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/neotelecom.ru.xml b/src/chrome/content/rules/neotelecom.ru.xml
new file mode 100644
index 000000000000..8cb40b787df3
--- /dev/null
+++ b/src/chrome/content/rules/neotelecom.ru.xml
@@ -0,0 +1,13 @@
+<!--
+omega.neotelecom.ru timed out
+helpdesk.neotelecom.ru mismatch
+speed.neotelecom.ru mismatch
+tools.neotelecom.ru mismatch
+jabber.neotelecom.ru timed out
+-->
+<ruleset name="neotelecom.ru">
+	<target host="neotelecom.ru" />
+	<target host="www.neotelecom.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/neovim.io.xml b/src/chrome/content/rules/neovim.io.xml
new file mode 100644
index 000000000000..3e8fde4aac3f
--- /dev/null
+++ b/src/chrome/content/rules/neovim.io.xml
@@ -0,0 +1,14 @@
+<ruleset name="Neovim.io">
+
+	<target host="neovim.io" />
+	<target host="www.neovim.io" />
+
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/neptuneos.com.xml b/src/chrome/content/rules/neptuneos.com.xml
new file mode 100644
index 000000000000..fd2199f7445f
--- /dev/null
+++ b/src/chrome/content/rules/neptuneos.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="neptuneos.com">
+	<target host="neptuneos.com" />
+	<target host="www.neptuneos.com" />
+	<target host="download.neptuneos.com" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/nerdbacon.com.xml b/src/chrome/content/rules/nerdbacon.com.xml
new file mode 100644
index 000000000000..a135b9e72424
--- /dev/null
+++ b/src/chrome/content/rules/nerdbacon.com.xml
@@ -0,0 +1,30 @@
+<!--
+	Invalid certificate:
+		autoconfig.nerdbacon.com
+		ftp.nerdbacon.com
+		autoconfig.chat.nerdbacon.com
+		autoconfig.shop.nerdbacon.com
+
+	Redirect to HTTP:
+		admintalk.nerdbacon.com
+		www.admintalk.nerdbacon.com
+		at.nerdbacon.com
+		www.at.nerdbacon.com
+		chat.nerdbacon.com
+		www.chat.nerdbacon.com
+-->
+<ruleset name="nerdbacon.com">
+	<target host="nerdbacon.com" />
+	<target host="www.nerdbacon.com" />
+	<target host="autodiscover.nerdbacon.com" />
+	<target host="butthole.nerdbacon.com" />
+	<target host="www.butthole.nerdbacon.com" />
+	<target host="cpanel.nerdbacon.com" />
+	<target host="mail.nerdbacon.com" />
+	<target host="shop.nerdbacon.com" />
+	<target host="www.shop.nerdbacon.com" />
+	<target host="webdisk.nerdbacon.com" />
+	<target host="webmail.nerdbacon.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/nerdster.org.xml b/src/chrome/content/rules/nerdster.org.xml
new file mode 100644
index 000000000000..b517ae50dc66
--- /dev/null
+++ b/src/chrome/content/rules/nerdster.org.xml
@@ -0,0 +1,6 @@
+<ruleset name="Nerdster">
+	<target host="nerdster.org" />
+	<target host="www.nerdster.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/nero.com.xml b/src/chrome/content/rules/nero.com.xml
new file mode 100644
index 000000000000..483e11a33535
--- /dev/null
+++ b/src/chrome/content/rules/nero.com.xml
@@ -0,0 +1,170 @@
+<!--
+	Invalid certificate:
+		ftp12.de.nero.com
+		ftp13.de.nero.com
+		gw2.de.nero.com
+		gw3.de.nero.com
+		gw5.de.nero.com
+		adv.deu.nero.com
+		ftp10.deu.nero.com
+		ftp12.deu.nero.com
+		ftp13.deu.nero.com
+		ftp14.deu.nero.com
+		ftp25.deu.nero.com
+		nmf.deu.nero.com
+		rss.deu.nero.com
+		www.dellsyncup.nero.com
+		portal.dellsyncup.nero.com
+		www.portal.dellsyncup.nero.com
+		img.firststart.nero.com
+		video.firststart.nero.com
+		forum.nero.com
+		fslink.nero.com
+		www.kwikmedia.nero.com
+		metrics.nero.com
+		www.mediajet.nero.com
+		downloads.mobilesync.nero.com
+		secure.nero.com
+		tracker.nero.com
+		ftp.us.nero.com
+		ftp19.us.nero.com
+		ftp20.us.nero.com
+		ftp21.us.nero.com
+		adv.usw.nero.com
+		ftp3.usw.nero.com
+		ftp4.usw.nero.com
+		nmf.usw.nero.com
+		rss.usw.nero.com
+
+	Redirect to HTTP:
+		my.nero.com
+		forum.my.nero.com
+		nominatim.my.nero.com
+		tiles.my.nero.com
+
+	Refused:
+		gw1.cn.nero.com
+		gw2.cn.nero.com
+		gw1.de.nero.com
+		ftp10.de.nero.com
+		log.nero.com
+		mail.nero.com
+		mail1.nero.com
+		mail2.nero.com
+		mail5.nero.com
+		mail6.nero.com
+		news.nero.com
+		mail.news.nero.com
+		partner.nero.com
+		partners.nero.com
+		de.post.nero.com
+		shop.nero.com
+		shop2.nero.com
+		shopping.nero.com
+		stat.nero.com
+		tfn.nero.com
+		web3.nero.com
+		web12.nero.com
+		webshop.nero.com
+
+	Time out:
+		marabu.cn.nero.com
+		sparrow.cn.nero.com
+		cprm.nero.com
+		langdl.de.nero.com
+		marabu.de.nero.com
+		push.internal.nero.com
+		audials.internal.nero.com
+		serialcheck.internal.nero.com
+		status.internal.nero.com
+		sxx.internal.nero.com
+		ittest.nero.com
+		gw1.jp.nero.com
+		marabu.jp.nero.com
+		latest.kms.nero.com
+		new.kms.nero.com
+		test.kms.nero.com
+		gw1.us.nero.com
+		gw2.us.nero.com
+		marabu.us.nero.com
+		stage1.services.nero.com
+		wombat.nero.com
+-->
+<ruleset name="nero.com">
+	<target host="nero.com" />
+	<target host="www.nero.com" />
+	<target host="activation.nero.com" />
+	<target host="activation2.nero.com" />
+	<target host="adv.nero.com" />
+	<target host="apps.nero.com" />
+	<target host="askdb.nero.com" />
+	<target host="autodiscover.nero.com" />
+	<target host="cat.nero.com" />
+	<target host="dellsyncup.nero.com" />
+	<target host="dl9.nero.com" />
+	<target host="dl13.nero.com" />
+	<target host="dl14.nero.com" />
+	<target host="dl19.nero.com" />
+	<target host="dl20.nero.com" />
+	<target host="dl21.nero.com" />
+	<target host="dl25.nero.com" />
+	<target host="dla.nero.com" />
+	<target host="dla3.nero.com" />
+	<target host="dle.nero.com" />
+	<target host="firststart.nero.com" />
+	<target host="ftp.nero.com" />
+	<target host="ftp6.nero.com" />
+	<target host="ftp9.nero.com" />
+	<target host="ftp22.nero.com" />
+	<target host="ftpit.nero.com" />
+	<target host="ftpit2.nero.com" />
+	<target host="geoff.nero.com" />
+	<target host="geosj.nero.com" />
+	<target host="germansupport.nero.com" />
+	<target host="i2am.nero.com" />
+	<target host="iam.nero.com" />
+	<target host="install.nero.com" />
+	<target host="install10.nero.com" />
+	<target host="bamboo.internal.nero.com" />
+	<target host="build.internal.nero.com" />
+	<target host="crowd.internal.nero.com" />
+	<target host="nbf.internal.nero.com" />
+	<target host="stash.internal.nero.com" />
+	<target host="t1.internal.nero.com" />
+	<target host="kwikmedia.nero.com" />
+	<target host="kwikmedia2.nero.com" />
+	<target host="login.nero.com" />
+	<target host="login11.nero.com" />
+	<target host="m.nero.com" />
+	<target host="marabu.nero.com" />
+	<target host="mediajet.nero.com" />
+	<target host="nerolinux.nero.com" />
+	<target host="nmf.nero.com" />
+	<target host="onlineshop.nero.com" />
+	<target host="pluto.nero.com" />
+	<target host="portal.nero.com" />
+	<target host="productstore.nero.com" />
+	<target host="productstore2.nero.com" />
+	<target host="register.nero.com" />
+	<target host="rocketsync.nero.com" />
+	<target host="rss.nero.com" />
+	<target host="service.nero.com" />
+	<target host="store.nero.com" />
+	<target host="support.nero.com" />
+	<target host="update.nero.com" />
+	<target host="web1.nero.com" />
+	<target host="web2.nero.com" />
+	<target host="web5.nero.com" />
+	<target host="web7.nero.com" />
+	<target host="web14.nero.com" />
+	<target host="webcl.nero.com" />
+	<target host="webstatic.nero.com" />
+	<target host="wt1.nero.com" />
+	<target host="wt3.nero.com" />
+	<target host="wttest.nero.com" />
+	<target host="ww2.nero.com" />
+	<target host="www2.nero.com" />
+	<target host="wwww.nero.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/nervomusic.com.xml b/src/chrome/content/rules/nervomusic.com.xml
new file mode 100644
index 000000000000..1d5cc86c9643
--- /dev/null
+++ b/src/chrome/content/rules/nervomusic.com.xml
@@ -0,0 +1,14 @@
+<!--
+	Invalid certificate:
+		ftp.nervomusic.com
+
+	Time out:
+		mailhost.nervomusic.com
+-->
+<ruleset name="nervomusic.com">
+	<target host="nervomusic.com" />
+	<target host="www.nervomusic.com" />
+	<target host="staging.nervomusic.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/net-entreprises.fr.xml b/src/chrome/content/rules/net-entreprises.fr.xml
new file mode 100644
index 000000000000..aaebb644a0eb
--- /dev/null
+++ b/src/chrome/content/rules/net-entreprises.fr.xml
@@ -0,0 +1,18 @@
+<!--
+Invalid certificate:
+    net-entreprises.fr
+    dadsu.net-entreprises.fr
+    dcr.net-entreprises.fr
+    dsnrg.net-entreprises.fr
+    metro.net-entreprises.fr
+-->
+<ruleset name="net-entreprises.fr">
+        <target host="www.net-entreprises.fr" />
+        <target host="ducs.net-entreprises.fr" />
+        <target host="fpoc.net-entreprises.fr" />
+        <target host="territoires.net-entreprises.fr" />
+        <target host="test.net-entreprises.fr" />
+
+        <rule from="^http:"
+                to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/net.cn.xml b/src/chrome/content/rules/net.cn.xml
new file mode 100644
index 000000000000..a8873a63a2d9
--- /dev/null
+++ b/src/chrome/content/rules/net.cn.xml
@@ -0,0 +1,101 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.net.cn/mail/ => https://www.net.cn/mail/: (28, 'Connection timed out after 20001 milliseconds')
+
+	For other Alibaba coverage, see Alibaba.xml.
+
+
+	Nonfunctional hosts in *net.cn:
+
+		- help.www ᵈ
+
+	ᵈ Dropped
+
+
+	www.net.cn: $ redirects to http
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.net.cn ᶜ
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css, on:
+
+			- www from g.alicdn.com ˢ
+			- www from cdn.hichinaimg.com ᵐ
+			- www from $self ˢ
+
+		- Images, on:
+
+			- www from gtms0[1-4].alicdn.com ˢ
+			- www from $self ˢ
+
+	ᵐ Not secured by us <= mismatched
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="net.cn (partial)" platform="mixedcontent" default_off="failed ruleset test">
+
+	<!--	Complications:
+				-->
+	<target host="www.net.cn" />
+	<target host="help.www.net.cn" />
+
+		<!--	Mixed css:
+					-->
+		<!--test url="http://www.net.cn/hosting/" /-->
+		<test url="http://www.net.cn/mail/" />
+
+		<!--	Mixed images, sets cookies
+			without Secure:
+					-->
+		<!--test url="http://www.net.cn/m/" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.net\.cn$" name="^(?:JSESSIONID|tmp0)$" /-->
+
+	<securecookie host="^w" name=".+" />
+
+
+	<!--	Redirect drops categoryId:
+						-->
+	<rule from="^http://help\.www\.net\.cn/(?:KnowledgeD|knowledge_d)etail\.html?\?knowledgeId=(\d+)(?:&amp;categoryId=\d+)?"
+		to="https://help.aliyun.com/knowledgeIdMapping.html?url=/help-net-cn/knowledge_detail.htm?knowledgeId=$1" />
+
+		<exclusion pattern="^http://help\.www\.net\.cn/(?!(?:KnowledgeD|knowledge_d)etail\.html?\?knowledgeId=\d+(?:&amp;categoryId=\d+)?$)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://help.www.net.cn/404.html" />
+			<test url="http://help.www.net.cn/default.aspx" />
+			<test url="http://help.www.net.cn/favicon.ico" />
+			<test url="http://help.www.net.cn/index.htm" />
+			<test url="http://help.www.net.cn/index.html" />
+			<test url="http://help.www.net.cn/index.jsp" />
+			<test url="http://help.www.net.cn/index.php" />
+			<test url="http://help.www.net.cn/index.xml" />
+
+			<!--	-ve:
+					-->
+			<test url="http://help.www.net.cn/KnowledgeDetail.html?knowledgeId=5867645" />
+			<test url="http://help.www.net.cn/knowledge_detail.htm?knowledgeId=5921413" />
+
+	<!--	Redirect keeps args, but not forward slash:
+							-->
+	<rule from="^http://www\.net\.cn/+(?=$|\?)"
+		to="https://wanwang.aliyun.com/" />
+
+		<test url="http://www.net.cn/?" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/netams.com.xml b/src/chrome/content/rules/netams.com.xml
new file mode 100644
index 000000000000..67c505dc740d
--- /dev/null
+++ b/src/chrome/content/rules/netams.com.xml
@@ -0,0 +1,22 @@
+<!--
+netams.com ⁴
+www.netams.com ⁴
+docs.netams.com ⁴
+debian64.k18.netams.com ³
+mk.k18.netams.com ³
+mailadmin.netams.com ¹
+mx.netams.com ¹
+new.netams.com ⁴
+ns1.netams.com ⁴
+
+
+¹ mismatch
+³ timed out
+⁴ self signed
+-->
+<ruleset name="netams.com (partial)">
+	<target host="mail.netams.com" />
+	<target host="redmine.netams.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/netgear.de.xml b/src/chrome/content/rules/netgear.de.xml
new file mode 100644
index 000000000000..37e8a5eb1b02
--- /dev/null
+++ b/src/chrome/content/rules/netgear.de.xml
@@ -0,0 +1,28 @@
+<!--
+	Invalid certificate:
+		academy.netgear.de
+		genie.netgear.de
+		info.netgear.de
+		kb.netgear.de
+		live.netgear.de
+		support.netgear.de
+
+	Not found:
+		acrangeextender.netgear.de
+		beamforming.netgear.de
+		ftp.netgear.de
+		nighthawk.netgear.de
+-->
+<ruleset name="NETGEAR.de">
+
+	<target host="netgear.de" />
+	<target host="www.netgear.de" />
+	<target host="partners.netgear.de" />
+	<target host="powershift.netgear.de" />
+	<target host="www.powershift.netgear.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/nethserver.org.xml b/src/chrome/content/rules/nethserver.org.xml
new file mode 100644
index 000000000000..c2f2b1dfc54c
--- /dev/null
+++ b/src/chrome/content/rules/nethserver.org.xml
@@ -0,0 +1,14 @@
+<!--^ mismatch
+community. timed out
+wiki. mismatch
+docs. mismatch
+dev. refused
+mirror. mismatch
+mirror1. mismatch-->
+<ruleset name="nethserver.org">
+	<target host="nethserver.org" />
+	<target host="www.nethserver.org" />
+	<rule from="^http://nethserver\.org/"
+		to="https://www.nethserver.org/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/netis.ru.xml b/src/chrome/content/rules/netis.ru.xml
new file mode 100644
index 000000000000..db16f2788888
--- /dev/null
+++ b/src/chrome/content/rules/netis.ru.xml
@@ -0,0 +1,15 @@
+<!--
+netis.ru mismatch
+forum.netis.ru mismatch
+-->
+<ruleset name="netis.ru">
+	<target host="netis.ru" />
+	<target host="www.netis.ru" />
+	<target host="stat.netis.ru" />
+
+	<rule from="^http://netis\.ru/"
+		to="https://www.netis.ru/" />
+
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/netn.fi.xml b/src/chrome/content/rules/netn.fi.xml
new file mode 100644
index 000000000000..4f72d7087bc4
--- /dev/null
+++ b/src/chrome/content/rules/netn.fi.xml
@@ -0,0 +1,29 @@
+<!--
+	Mismatched:
+		- autoconfig
+		- 0.dev
+		- autodiscover.dev
+		- webmail.dev
+		- autodiscover.files
+		- webmail.files
+		- ftp
+		- uusi
+		- dev.uusi
+		- whm
+-->
+<ruleset name="netn.fi">
+	<target host="netn.fi" />
+	<target host="www.netn.fi" />
+	<target host="autodiscover.netn.fi" />
+	<target host="cpanel.netn.fi" />
+	<target host="dev.netn.fi" />
+	<target host="www.dev.netn.fi" />
+	<target host="files.netn.fi" />
+	<target host="www.files.netn.fi" />
+	<target host="kauppa.netn.fi" />
+	<target host="mail.netn.fi" />
+	<target host="webdisk.netn.fi" />
+	<target host="webmail.netn.fi" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/netts.ru.xml b/src/chrome/content/rules/netts.ru.xml
new file mode 100644
index 000000000000..d7182c1b6cf4
--- /dev/null
+++ b/src/chrome/content/rules/netts.ru.xml
@@ -0,0 +1,7 @@
+<ruleset name="netts.ru">
+	<target host="netts.ru" />
+	<target host="www.netts.ru" />
+	<target host="my.netts.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/netwheels.fi.xml b/src/chrome/content/rules/netwheels.fi.xml
new file mode 100644
index 000000000000..5e692ceacbf2
--- /dev/null
+++ b/src/chrome/content/rules/netwheels.fi.xml
@@ -0,0 +1,31 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- netwheels.fi
+		- www.netwheels.fi
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Images on (www.)? from www.autoalanverkkopalvelu.fi
+
+-->
+<ruleset name="Netwheels.fi">
+
+	<target host="netwheels.fi" />
+	<target host="www.netwheels.fi" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?netwheels\.fi$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/network-tools.com.xml b/src/chrome/content/rules/network-tools.com.xml
new file mode 100644
index 000000000000..caecf5574b1b
--- /dev/null
+++ b/src/chrome/content/rules/network-tools.com.xml
@@ -0,0 +1,11 @@
+<!--
+network-tools.com
+-->
+
+<ruleset name="network-tools.com">
+  <target host="network-tools.com" />
+  <target host="www.network-tools.com" /> <!-- redirects to root domain -->
+
+  <rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/netzclub.xml b/src/chrome/content/rules/netzclub.xml
index d049a9bb9d36..281b96405a6f 100644
--- a/src/chrome/content/rules/netzclub.xml
+++ b/src/chrome/content/rules/netzclub.xml
@@ -5,4 +5,4 @@
 
   <rule from="^http://(?:www\.)?netzclub\.net/" to="https://www.netzclub.net/"/>
   <rule from="^http://profil\.netzclub\.net/" to="https://profil.netzclub.net/"/>
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/neurotalk.org.xml b/src/chrome/content/rules/neurotalk.org.xml
new file mode 100644
index 000000000000..dce7e484eefe
--- /dev/null
+++ b/src/chrome/content/rules/neurotalk.org.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.neurotalk.org
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="NeuroTalk.org">
+
+	<target host="neurotalk.org" />
+	<target host="www.neurotalk.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.neurotalk\.org$" name="^bbsessionhash$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/neuvoo.com.xml b/src/chrome/content/rules/neuvoo.com.xml
new file mode 100644
index 000000000000..a65377ad5a0c
--- /dev/null
+++ b/src/chrome/content/rules/neuvoo.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- no.neuvoo.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="neuvoo.com">
+
+	<target host="no.neuvoo.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^no\.neuvoo\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/newcastle-staffs.gov.uk.xml b/src/chrome/content/rules/newcastle-staffs.gov.uk.xml
new file mode 100644
index 000000000000..88b65e0c23b9
--- /dev/null
+++ b/src/chrome/content/rules/newcastle-staffs.gov.uk.xml
@@ -0,0 +1,86 @@
+<!--
+	Newcastle-Under-Lyme Borough Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *newcastle-staffs.gov.uk:
+
+		- licensing ᵈ
+
+	ᵈ Dropped
+
+
+	Problematic hosts in *newcastle-staffs.gov.uk:
+
+		- moderngov ᶜ
+		- publicaccess ᶜ
+
+	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
+
+
+	These altnames do not exist
+
+		- www.moderngov.newcastle-staffs.gov.uk
+		- www.portal.newcastle-staffs.gov.uk
+
+
+	Insecure cookies are set for these hosts:
+
+		- moderngov.newcastle-staffs.gov.uk
+		- portal.newcastle-staffs.gov.uk
+
+-->
+<ruleset name="Newcastle-Staffs.gov.uk (partial)">
+
+	<target host="newcastle-staffs.gov.uk" />
+	<!--target host="moderngov.newcastle-staffs.gov.uk" /-->
+	<target host="portal.newcastle-staffs.gov.uk" />
+	<!--target host="publicaccess.newcastle-staffs.gov.uk" /-->
+	<target host="www.newcastle-staffs.gov.uk" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://moderngov\.newcastle-staffs\.gov\.uk/(?:ieRegisterUser|mgPasswordReqst|uucoverpage)\.aspx" /-->
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="^http://moderngov\.newcastle-staffs\.gov\.uk/(?!/*(?:[Ss]ite[Ss]pecific/|UserData/|documents/|(?:ie[Ll]login|mgConvert2PDF)\.aspx|jquery-ui/))" /-->
+
+			<!--	+ve:
+					-->
+			<!--test url="http://moderngov.newcastle-staffs.gov.uk/ieRegisterUser.aspx" /-->
+			<!--test url="http://moderngov.newcastle-staffs.gov.uk/mgMemberIndex.aspx?bcr=1" /-->
+			<!--test url="http://moderngov.newcastle-staffs.gov.uk/mgOutsideBodyDetails.aspx?ID=289" /-->
+			<!--test url="http://moderngov.newcastle-staffs.gov.uk/mgParishCouncilDetails.aspx?ID=247" /-->
+			<!--test url="http://moderngov.newcastle-staffs.gov.uk/mgPasswordReqst.aspx" /-->
+			<!--test url="http://moderngov.newcastle-staffs.gov.uk/mgUserInfo.aspx?UID=181" /-->
+			<!--test url="http://moderngov.newcastle-staffs.gov.uk/mgUserInfo.aspx?UID=421" /-->
+			<!--test url="http://moderngov.newcastle-staffs.gov.uk/uucoverpage.aspx?bcr=1" /-->
+
+			<!--	-ve:
+					-->
+			<!--test url="http://moderngov.newcastle-staffs.gov.uk/SiteSpecific/council_topic_page_footer.gif" /-->
+			<!--test url="http://moderngov.newcastle-staffs.gov.uk/UserData/5/6/1/Info00000165/bigpic.jpg" /-->
+			<!--test url="http://moderngov.newcastle-staffs.gov.uk/documents/s3911/Locally%20Set%20Fees.pdf" /-->
+			<!--test url="http://moderngov.newcastle-staffs.gov.uk/ieLogon.aspx" /-->
+			<!--test url="http://moderngov.newcastle-staffs.gov.uk/sitespecific/ssWordStyles.css" /-->
+
+		<!--	Sets cookie without Secure:
+							-->
+		<!--test url="http://portal.newcastle-staffs.gov.uk/pls/rblive_selfserv/f?p=12000:200:" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^moderngov\.newcastle-staffs\.gov\.uk$" name="^(?:_mglogon_|ASP\.NET_SessionId)$" /-->
+	<!--securecookie host="^portal\.newcastle-staffs\.gov\.uk$" name="^SSRV_AUTHENTICATION$" /-->
+
+	<!--securecookie host="^(?!moderngov\.)\w" name="." /-->
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/newfamilysocial.org.uk.xml b/src/chrome/content/rules/newfamilysocial.org.uk.xml
new file mode 100644
index 000000000000..ada8bac5d68e
--- /dev/null
+++ b/src/chrome/content/rules/newfamilysocial.org.uk.xml
@@ -0,0 +1,31 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- www.newfamilysocial.org.uk
+
+
+	Mixed content:
+
+		- css on www from $self ˢ
+		- Images on www from $self ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="New Family Social.org.uk" platform="mixedcontent">
+
+	<target host="newfamilysocial.org.uk" />
+	<target host="www.newfamilysocial.org.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.newfamilysocial\.org\.uk$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/newferre.com.xml b/src/chrome/content/rules/newferre.com.xml
new file mode 100644
index 000000000000..9553d1c7ad4d
--- /dev/null
+++ b/src/chrome/content/rules/newferre.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="newferre.com">
+	<target host="newferre.com" />
+	<target host="www.newferre.com" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/newhumanist.org.uk.xml b/src/chrome/content/rules/newhumanist.org.uk.xml
new file mode 100644
index 000000000000..03b9dc1c2626
--- /dev/null
+++ b/src/chrome/content/rules/newhumanist.org.uk.xml
@@ -0,0 +1,25 @@
+<!--
+	www.newhumanist.org.uk: Mismatched
+
+-->
+<ruleset name="New Humanist.org.uk">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="newhumanist.org.uk" />
+
+	<!--	complications:
+				-->
+	<target host="www.newhumanist.org.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://www\.newhumanist\.org\.uk/"
+		to="https://newhumanist.org.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/news.am.xml b/src/chrome/content/rules/news.am.xml
new file mode 100644
index 000000000000..299427ab7cc0
--- /dev/null
+++ b/src/chrome/content/rules/news.am.xml
@@ -0,0 +1,9 @@
+<!--medicine. nonexist-->
+<ruleset name="news.am">
+	<target host="news.am" />
+	<target host="www.news.am" />
+	<target host="sport.news.am" />
+	<target host="style.news.am" />
+	<target host="med.news.am" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/newsela.com.xml b/src/chrome/content/rules/newsela.com.xml
new file mode 100644
index 000000000000..1080d3a81f20
--- /dev/null
+++ b/src/chrome/content/rules/newsela.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="Newsela.com">
+	<target host="newsela.com" />
+	<target host="www.newsela.com" />
+	<target host="blog.newsela.com" />
+	<target host="e.newsela.com" />
+	<target host="static.newsela.com" />
+		<test url="http://static.newsela.com/teachers/Newsela%E2%80%99s%20Summer%20Reading%20Challenge.pdf" />
+	<target host="support.newsela.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/newsko.ru.xml b/src/chrome/content/rules/newsko.ru.xml
new file mode 100644
index 000000000000..a7ecd14b324a
--- /dev/null
+++ b/src/chrome/content/rules/newsko.ru.xml
@@ -0,0 +1,5 @@
+<ruleset name="newsko.ru">
+	<target host="newsko.ru" />
+	<target host="www.newsko.ru" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/newsland.com.xml b/src/chrome/content/rules/newsland.com.xml
new file mode 100644
index 000000000000..231a5dc0778e
--- /dev/null
+++ b/src/chrome/content/rules/newsland.com.xml
@@ -0,0 +1,20 @@
+<!--
+dev.newsland.com ³
+ex.newsland.com ⁴
+rates.newsland.com ³
+st.newsland.com ⁴
+static.newsland.com different content
+
+
+³ timed out
+⁴ self signed
+-->
+<ruleset name="newsland.com">
+	<target host="newsland.com" />
+	<target host="www.newsland.com" />
+	<target host="abc.newsland.com" />
+	<target host="app.newsland.com" />
+	<target host="m.newsland.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/newsledge.com.xml b/src/chrome/content/rules/newsledge.com.xml
new file mode 100644
index 000000000000..3c04359a5dca
--- /dev/null
+++ b/src/chrome/content/rules/newsledge.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="News Ledge.com">
+
+	<target host="newsledge.com" />
+	<target host="www.newsledge.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/newsthatmoves.org.xml b/src/chrome/content/rules/newsthatmoves.org.xml
new file mode 100644
index 000000000000..05c3a6dad1cc
--- /dev/null
+++ b/src/chrome/content/rules/newsthatmoves.org.xml
@@ -0,0 +1,26 @@
+<!--
+	Mixed content:
+
+		- Images from $self ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="News That Moves.org">
+
+	<target host="newsthatmoves.org" />
+	<target host="www.newsthatmoves.org" />
+
+		<!--	Mixed images:
+					-->
+		<!--test url="http://newsthatmoves.org/en/" /-->
+
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/newstube.ru.xml b/src/chrome/content/rules/newstube.ru.xml
new file mode 100644
index 000000000000..de7da7e66fab
--- /dev/null
+++ b/src/chrome/content/rules/newstube.ru.xml
@@ -0,0 +1,6 @@
+<ruleset name="newstube.ru">
+	<target host="newstube.ru" />
+	<target host="www.newstube.ru" />
+	<target host="i0.newstube.ru" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/newtalk.tw.xml b/src/chrome/content/rules/newtalk.tw.xml
new file mode 100644
index 000000000000..7034a127b874
--- /dev/null
+++ b/src/chrome/content/rules/newtalk.tw.xml
@@ -0,0 +1,22 @@
+<!--
+	http://.+\.newtalk\.tw/	redirect to ^ by server, and most of them are Invalid certificate.
+-->
+
+<ruleset name="newtalk.tw">
+
+	<!--	Complications:	-->
+	<target host="*.newtalk.tw" />
+		<test url="http://abcdefg-123456789.newtalk.tw/" />
+		<test url="http://ap1.newtalk.tw/" />
+		<test url="http://www.newtalk.tw/" />
+
+	<rule from="^http://\S+\.newtalk\.tw/" to="https://newtalk.tw/" />
+
+	<!--	Directly:	-->
+	<target host="newtalk.tw" />
+
+	<target host="s.ntkstatic.org" />
+		<test url="http://s.ntkstatic.org/media/blog/293/blog_img_293.jpg" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/newtimes.ru.xml b/src/chrome/content/rules/newtimes.ru.xml
new file mode 100644
index 000000000000..536b62c9de4f
--- /dev/null
+++ b/src/chrome/content/rules/newtimes.ru.xml
@@ -0,0 +1,16 @@
+<!--
+box1.newtimes.ru non-2xx http code
+mail.newtimes.ru ¹
+old.newtimes.ru ¹
+podpiska.newtimes.ru ¹
+
+
+¹ mismatch
+-->
+<ruleset name="newtimes.ru">
+	<target host="newtimes.ru" />
+	<target host="www.newtimes.ru" />
+	<target host="dev.newtimes.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/newtonew.com.xml b/src/chrome/content/rules/newtonew.com.xml
new file mode 100644
index 000000000000..90e40583e3dd
--- /dev/null
+++ b/src/chrome/content/rules/newtonew.com.xml
@@ -0,0 +1,8 @@
+<!-- www. mismatch -->
+<ruleset name="newtonew.com">
+	<target host="newtonew.com" />
+	<target host="www.newtonew.com" />
+	<rule from="^http://www\.newtonew\.com/"
+		to="https://newtonew.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/nexedi.com.xml b/src/chrome/content/rules/nexedi.com.xml
new file mode 100644
index 000000000000..7d561528ee78
--- /dev/null
+++ b/src/chrome/content/rules/nexedi.com.xml
@@ -0,0 +1,94 @@
+<!--
+	Invalid certificate:
+		chat.nexedi.com
+		jabber.nexedi.com
+		mail.nexedi.com
+
+	Redirect to HTTP:
+		8marta2013.glavbukh.ru
+		den.glavbukh.ru
+
+	Refused:
+		backup.nexedi.com
+		frontend5.nexedi.com
+		frontend15.nexedi.com
+		frontend16.nexedi.com
+		frontend25.nexedi.com
+		octopus.nexedi.com
+		vibox.nexedi.com
+		vpn.nexedi.com
+		www.fr.nexedi.com
+		_jabber._tcp.nexedi.com
+		_xmpp-client._tcp.nexedi.com
+		_xmpp-server._tcp.nexedi.com
+
+	Time out:
+		conference.nexedi.com
+		dedibox.nexedi.com
+		demo.nexedi.com
+		frontend2.nexedi.com
+		frontend13.nexedi.com
+		frontend23.nexedi.com
+		frontend24.nexedi.com
+		frontend28.nexedi.com
+		mail2.nexedi.com
+		ns.nexedi.com
+		oasis.nexedi.com
+		aubox.oasis.nexedi.com
+		dls.oasis.nexedi.com
+		erp5devel.oasis.nexedi.com
+		kotoba.oasis.nexedi.com
+		jebox.oasis.nexedi.com
+		nexedi.oasis.nexedi.com
+		newredd.oasis.nexedi.com
+		redd.oasis.nexedi.com
+		reddcore.oasis.nexedi.com
+		rentalinux.oasis.nexedi.com
+		robox.oasis.nexedi.com
+		sebox.oasis.nexedi.com
+		tinyleon.oasis.nexedi.com
+		tsx.oasis.nexedi.com
+		portal.nexedi.com
+		sd-3173.nexedi.com
+		sd-3174.nexedi.com
+		sd-948.nexedi.com
+		voice.nexedi.com
+		vpn.voice.nexedi.com
+-->
+<ruleset name="nexedi.com">
+	<target host="nexedi.com" />
+	<target host="www.nexedi.com" />
+	<target host="caucase.nexedi.com" />
+	<target host="cloudooo.nexedi.com" />
+	<target host="cribjs.nexedi.com" />
+	<target host="erp5.nexedi.com" />
+	<target host="frontend1.nexedi.com" />
+	<target host="frontend3.nexedi.com" />
+	<target host="frontend9.nexedi.com" />
+	<target host="frontend10.nexedi.com" />
+	<target host="frontend14.nexedi.com" />
+	<target host="frontend26.nexedi.com" />
+	<target host="frontend27.nexedi.com" />
+	<target host="frontend29.nexedi.com" />
+	<target host="frontend30.nexedi.com" />
+	<target host="ielo01.nexedi.com" />
+	<target host="jio.nexedi.com" />
+	<target host="lab.nexedi.com" />
+	<target host="nayuos.nexedi.com" />
+	<target host="neo.nexedi.com" />
+	<target host="officejs.nexedi.com" />
+	<target host="osoe-project.nexedi.com" />
+	<target host="re6st.nexedi.com" />
+	<target host="renderjs.nexedi.com" />
+	<target host="shacache.nexedi.com" />
+	<target host="slapos.nexedi.com" />
+	<target host="stack.nexedi.com" />
+	<target host="support.nexedi.com" />
+	<target host="test.nexedi.com" />
+	<target host="webrunner.nexedi.com" />
+	<target host="wendelin.nexedi.com" />
+	<target host="www2.nexedi.com" />
+	<target host="zabbix.nexedi.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/nexusmods.com.xml b/src/chrome/content/rules/nexusmods.com.xml
new file mode 100644
index 000000000000..145eedc9d8d8
--- /dev/null
+++ b/src/chrome/content/rules/nexusmods.com.xml
@@ -0,0 +1,58 @@
+<!--
+	Mixed content:
+	- wiki
+-->
+
+<ruleset name="NexusMods.com">
+	<target host="nexusmods.com" />
+	<target host="www.nexusmods.com" />
+	<target host="chivalrymw.nexusmods.com" />
+	<target host="darksouls.nexusmods.com" />
+	<target host="dev.nexusmods.com" />
+	<target host="devdocs.nexusmods.com" />
+	<target host="dragonage.nexusmods.com" />
+	<target host="dragonage2.nexusmods.com" />
+	<target host="dungeondefenders.nexusmods.com" />
+	<target host="fallenenchantress.nexusmods.com" />
+	<target host="fallout3.nexusmods.com" />
+	<target host="farcry.nexusmods.com" />
+	<target host="filedelivery.nexusmods.com" />
+	<target host="forum.nexusmods.com" />
+	<target host="forums.nexusmods.com" />
+	<target host="global.nexusmods.com" />
+	<target host="grimrock.nexusmods.com" />
+	<target host="mbwarband.nexusmods.com" />
+	<target host="mbwithfireandsword.nexusmods.com" />
+	<target host="morrowind.nexusmods.com" />
+	<target host="mountandblade.nexusmods.com" />
+	<target host="neverwinter.nexusmods.com" />
+	<target host="neverwinter2.nexusmods.com" />
+	<target host="newvegas.nexusmods.com" />
+	<target host="oblivion.nexusmods.com" />
+	<target host="pw.nexusmods.com" />
+	<target host="reskin.nexusmods.com" />
+	<target host="shadowrunreturns.nexusmods.com" />
+	<target host="skyrim.nexusmods.com" />
+	<target host="static-1.nexusmods.com" />
+	<target host="static-2.nexusmods.com" />
+	<target host="static-3.nexusmods.com" />
+	<target host="static-4.nexusmods.com" />
+	<target host="static-5.nexusmods.com" />
+	<target host="static-6.nexusmods.com" />
+	<target host="static-7.nexusmods.com" />
+	<target host="static-8.nexusmods.com" />
+	<target host="staticdelivery.nexusmods.com" />
+	<target host="tes.nexusmods.com" />
+	<target host="wfto.nexusmods.com" />
+	<target host="witcher.nexusmods.com" />
+	<target host="witcher2.nexusmods.com" />
+	<target host="worldoftanks.nexusmods.com" />
+	<target host="wot.nexusmods.com" />
+	<target host="x.nexusmods.com" />
+	<target host="xcom.nexusmods.com" />
+	<target host="xrebirth.nexusmods.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/nginx.com.xml b/src/chrome/content/rules/nginx.com.xml
new file mode 100644
index 000000000000..3a8c4b45d6fb
--- /dev/null
+++ b/src/chrome/content/rules/nginx.com.xml
@@ -0,0 +1,40 @@
+<!--
+	CDN buckets:
+
+		- nginx-com-uploads.s3.amazonaws.com
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- university.nginx.com
+		- www.nginx.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="nginx.com">
+
+	<target host="nginx.com" />
+	<target host="amplify.nginx.com" />
+	<target host="receiver.amplify.nginx.com" />
+	<target host="assets.wp.nginx.com" />
+	<target host="demo.nginx.com" />
+	<target host="university.nginx.com" />
+	<target host="www.nginx.com" />
+
+		<test url="http://assets.wp.nginx.com/wp-content/themes/nginx-theme/assets/img/yt-nginx@2x.png" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^university\.nginx\.com$" name="^SE$" /-->
+	<!--securecookie host="^www\.nginx\.com$" name="^geoip$" /-->
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ngs.ru.xml b/src/chrome/content/rules/ngs.ru.xml
new file mode 100644
index 000000000000..3ce5f45ad862
--- /dev/null
+++ b/src/chrome/content/rules/ngs.ru.xml
@@ -0,0 +1,36 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://realty.ngs.ru/ => https://realty.ngs.ru/: Too many redirects while fetching 'https://realty.ngs.ru/'
+Fetch error: http://cottage.ngs.ru/ => https://cottage.ngs.ru/: Too many redirects while fetching 'https://cottage.ngs.ru/'
+Fetch error: http://homes.ngs.ru/ => https://homes.ngs.ru/: Too many redirects while fetching 'https://homes.ngs.ru/'
+pogoda. redirect
+love. redirect
+news. redirect-->
+<ruleset name="ngs.ru" default_off="failed ruleset test">
+	<target host="ngs.ru" />
+	<target host="www.ngs.ru" />
+	<target host="maps.ngs.ru" />
+	<target host="mail.ngs.ru" />
+	<target host="realty.ngs.ru" />
+	<target host="auto.ngs.ru" />
+	<target host="do.ngs.ru" />
+	<target host="forum.ngs.ru" />
+	<target host="turizm.ngs.ru" />
+	<target host="dom.ngs.ru" />
+	<target host="afisha.ngs.ru" />
+	<target host="business.ngs.ru" />
+	<target host="sp.ngs.ru" />
+	<target host="relax.ngs.ru" />
+	<target host="cottage.ngs.ru" />
+	<target host="homes.ngs.ru" />
+	<target host="nsk.zarplata.ru" />
+	<target host="she.ngs.ru" />
+	<target host="static.ngs.ru" />
+	<target host="info.ngs.ru" />
+	<target host="support.ngs.ru" />
+	<target host="m.ngs.ru" />
+	<target host="s.ngs.ru" />
+	<target host="study.ngs.ru" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/nibusinessinfo.co.uk.xml b/src/chrome/content/rules/nibusinessinfo.co.uk.xml
new file mode 100644
index 000000000000..e2af927771c1
--- /dev/null
+++ b/src/chrome/content/rules/nibusinessinfo.co.uk.xml
@@ -0,0 +1,45 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://admin.events.nibusinessinfo.co.uk/ => https://admin.events.nibusinessinfo.co.uk/: (6, 'Could not resolve host: admin.events.nibusinessinfo.co.uk')
+
+	Nonfunctional hosts in *nibusinessinfo.co.uk:
+
+		- improve ˡ
+		- ms ᶠ
+
+	ᶠ Handshake fails
+	ˡ Loops
+
+
+	Problematic hosts in *nibusinessinfo.co.uk:
+
+		- events ᵈ
+
+	ᵈ Dropped; preemptable redirect
+
+-->
+<ruleset name="nibusinessinfo.co.uk (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="nibusinessinfo.co.uk" />
+	<target host="admin.events.nibusinessinfo.co.uk" />
+	<target host="www.events.nibusinessinfo.co.uk" />
+	<target host="www.nibusinessinfo.co.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="events.nibusinessinfo.co.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://events\.nibusinessinfo\.co\.uk/"
+		to="https://www.events.nibusinessinfo.co.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/nicchile.xml b/src/chrome/content/rules/nicchile.xml
new file mode 100644
index 000000000000..1d8bd2c472fb
--- /dev/null
+++ b/src/chrome/content/rules/nicchile.xml
@@ -0,0 +1,18 @@
+<!--
+   Other nic.cl websites should not be added to HTTPs everywhere
+   until infrastructure changes and testing validations.
+
+   For example
+     - blog.nic.cl and status.nic.cl are hosted in third-party servers
+     - arbitrajes.nic.cl is under restructuration
+-->
+<ruleset name="NIC Chile">
+	<target host="nic.cl" />
+	<target host="www.nic.cl" />
+	<target host="clientes.nic.cl" />
+
+	<securecookie host="^(www\.|clientes\.)?nic\.cl$" name=".+" />
+
+	<rule from="^http:"
+	        to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/niche.com.au.xml b/src/chrome/content/rules/niche.com.au.xml
new file mode 100644
index 000000000000..d4180e6c1c2d
--- /dev/null
+++ b/src/chrome/content/rules/niche.com.au.xml
@@ -0,0 +1,31 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- x.niche.com.au
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Niche.com.au">
+
+	<target host="niche.com.au" />
+	<target host="www.niche.com.au" />
+	<target host="x.niche.com.au" />
+
+		<!--	Sets cookies without Secure:
+							-->
+		<!--test url="https://x.niche.com.au/www/delivery/avw.php?zoneid=161&amp;cb=INSERT_RANDOM_NUMBER_HERE&amp;n=&amp;ct0=INSERT_CLICKURL_HERE" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^x\.niche\.com\.au$" name="^OA(?:ID|VARS\[[\da-f]{8}\])$" /-->
+
+	<securecookie host="^\." name="^optimizely" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/nickelled.com.xml b/src/chrome/content/rules/nickelled.com.xml
new file mode 100644
index 000000000000..3c17e1de4f9a
--- /dev/null
+++ b/src/chrome/content/rules/nickelled.com.xml
@@ -0,0 +1,44 @@
+<!--
+	Problematic hosts in *nickelled.com:
+
+		- ^ ʳ
+		- blog ᵉ
+
+	ᵉ Expired
+	ʳ Refused, preemptable redirect
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- app.nickelled.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Nickelled.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="app.nickelled.com" />
+	<target host="www.nickelled.com" />
+
+	<!--	Complications:
+				-->
+	<target host="nickelled.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^app\.nickelled\.com$" name="^connect\.sid$" /-->
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://nickelled\.com/"
+		to="https://www.nickelled.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/nidirect.gov.uk.xml b/src/chrome/content/rules/nidirect.gov.uk.xml
new file mode 100644
index 000000000000..3f1c52da0570
--- /dev/null
+++ b/src/chrome/content/rules/nidirect.gov.uk.xml
@@ -0,0 +1,48 @@
+<!--
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	^nidirect.gov.uk: Handshake fails
+
+
+	These altnames do not exist:
+
+		- www.consultations.nidirect.gov.uk
+
+
+	Insecure cookies are set for these domains:
+
+		- .nidirect.gov.uk
+
+-->
+<ruleset name="nidirect.gov.uk">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="consultations.nidirect.gov.uk" />
+	<target host="geni.nidirect.gov.uk" />
+	<target host="www.nidirect.gov.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="nidirect.gov.uk" />
+
+		<!--	Sets cookie without Secure:
+							-->
+		<!--test url="http://geni.nidirect.gov.uk/Account/LogIn?ReturnUrl=%2fAccount%2fCss" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.nidirect\.gov\.uk$" name="^NIGOV(?:_\.nidirect\.gov\.uk_/_wat)?$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://nidirect\.gov\.uk/"
+		to="https://www.nidirect.gov.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/nieman.de.xml b/src/chrome/content/rules/nieman.de.xml
new file mode 100644
index 000000000000..56881ffcb025
--- /dev/null
+++ b/src/chrome/content/rules/nieman.de.xml
@@ -0,0 +1,13 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://nieman.de/ => https://nieman.de/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="nieman.de" default_off="failed ruleset test">
+        <target host="nieman.de" />
+        <target host="nginx.nieman.de" />
+
+        <rule from="^http:"
+                to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/nightline-paris.fr.xml b/src/chrome/content/rules/nightline-paris.fr.xml
new file mode 100644
index 000000000000..45d9336f3183
--- /dev/null
+++ b/src/chrome/content/rules/nightline-paris.fr.xml
@@ -0,0 +1,8 @@
+<ruleset name="Nightline Paris">
+
+	<target host="nightline-paris.fr" />
+	<target host="www.nightline-paris.fr" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/nijipi.lgbt.xml b/src/chrome/content/rules/nijipi.lgbt.xml
new file mode 100644
index 000000000000..cf5bd2520f38
--- /dev/null
+++ b/src/chrome/content/rules/nijipi.lgbt.xml
@@ -0,0 +1,8 @@
+<ruleset name="nijipi.lgbt">
+	<target host="nijipi.lgbt" />
+	<target host="www.nijipi.lgbt" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/nitroshare.com-resources.xml b/src/chrome/content/rules/nitroshare.com-resources.xml
new file mode 100644
index 000000000000..3e17553a4058
--- /dev/null
+++ b/src/chrome/content/rules/nitroshare.com-resources.xml
@@ -0,0 +1,65 @@
+<!--
+	For rules covering more than resources, see nitroshare.com.xml.
+
+	Note: platform is so as not to increase non-Tor
+	distinguishability, given that no pages are covered
+	and no mixed content secured.
+
+-->
+<ruleset name="NitroFlare.com (resources)" platform="mixedcontent">
+
+	<target host="nitroflare.com" />
+	<target host="www.nitroflare.com" />
+
+		<exclusion pattern="^http://(?:www\.)?nitroflare\.com/(?!/*(?:css/|favicon\.ico|img/|plugins/))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://nitroflare.com/affiliate" />
+			<test url="http://nitroflare.com/ajax/randHash.php" />
+			<test url="http://nitroflare.com/ajax/setCookie.php" />
+			<test url="http://www.nitroflare.com/contact" />
+			<test url="http://www.nitroflare.com/privacyPolicy" />
+			<test url="http://www.nitroflare.com/resetPass" />
+
+			<!--	-ve:
+					-->
+			<test url="http://nitroflare.com/css/TimeCircles.css" />
+			<test url="http://nitroflare.com/favicon.ico" />
+			<test url="http://nitroflare.com/img/icons/acc_blue_on_white_en.png" />
+			<test url="http://nitroflare.com/login" />
+			<test url="http://nitroflare.com/payment" />
+			<test url="http://www.nitroflare.com/plugins/fileupload/css/jquery.fileupload-ui-noscript.css" />
+			<test url="http://www.nitroflare.com/plugins/fileupload/index.php?time=" />
+			<test url="http://www.nitroflare.com/register" />
+			<test url="http://www.nitroflare.com/view/0453FE5333F502B/1451143702.pdf" />
+
+		<!--	Avoid potential XHR or flash policy problems:
+									-->
+		<exclusion pattern="^http:/.+\.(?:js|swf)(?:$|\?)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://nitroflare.com/img/swf/HighSpeedMeter.swf" />
+			<test url="http://nitroflare.com/img/swf/LowSpeedMeter.swf" />
+			<!--
+			<test url="http://nitroflare.com/js/downloadFree.js" />
+			<test url="http://nitroflare.com/js/general.js" />
+			-->
+			<test url="http://nitroflare.com/js/jquery.placeholder.js" />
+			<test url="http://nitroflare.com/js/jquery.superbox-min.js" />
+			<test url="http://www.nitroflare.com/js/jquery.tooltipster.min.js" />
+			<test url="http://www.nitroflare.com/js/payment.js" />
+			<test url="http://www.nitroflare.com/js/view.js" />
+			<test url="http://www.nitroflare.com/plugins/fileupload/assets/canvas-to-blob.min.js" />
+			<test url="http://www.nitroflare.com/plugins/fileupload/assets/tmpl.min.js" />
+			<test url="http://www.nitroflare.com/plugins/fileupload/js/jquery.fileupload-audio.js" />
+
+
+	<securecookie host="^\." name="^_(?:_cfduid$|gat?$|gat_)" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/nitroshare.com.xml b/src/chrome/content/rules/nitroshare.com.xml
new file mode 100644
index 000000000000..54aae367dbe4
--- /dev/null
+++ b/src/chrome/content/rules/nitroshare.com.xml
@@ -0,0 +1,87 @@
+<!--
+	For rules covering resources which do not secure
+	mixed content, see nitroshare.com-resources.xml.
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- nitroflare.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="NitroFlare.com (partial)">
+
+	<target host="nitroflare.com" />
+	<target host="www.nitroflare.com" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://(?:www\.)?nitroflare\.com/(?:$|affiliate$|contact$|privacyPolicy$|resetPass$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="^http://(?:www\.)?nitroflare\.com/(?!/*(?:css/|favicon\.ico|img/|(?:login|payment|register|view)(?:$|[?/])|plugins/))" /-->
+		<!--
+			Do not increase non-Tor distinguishability:
+									-->
+		<exclusion pattern="^http://(?:www\.)?nitroflare\.com/(?!/*(?:login|payment|register|view)(?:$|[?/]))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://nitroflare.com/affiliate" />
+			<test url="http://nitroflare.com/ajax/randHash.php" />
+			<test url="http://nitroflare.com/ajax/setCookie.php" />
+			<test url="http://www.nitroflare.com/contact" />
+			<test url="http://www.nitroflare.com/privacyPolicy" />
+			<test url="http://www.nitroflare.com/resetPass" />
+
+			<!--	-ve:
+					-->
+			<!--
+			<test url="http://nitroflare.com/css/TimeCircles.css" />
+			<test url="http://nitroflare.com/favicon.ico" />
+			<test url="http://nitroflare.com/img/icons/acc_blue_on_white_en.png" />
+			-->
+			<test url="http://nitroflare.com/login" />
+			<test url="http://nitroflare.com/payment" />
+			<!--
+			<test url="http://www.nitroflare.com/plugins/fileupload/css/jquery.fileupload-ui-noscript.css" />
+			<test url="http://www.nitroflare.com/plugins/fileupload/index.php?time=" />
+			-->
+			<test url="http://www.nitroflare.com/register" />
+			<test url="http://www.nitroflare.com/view/0453FE5333F502B/1451143702.pdf" />
+
+		<!--	Avoid potential XHR or flash policy problems:
+									-->
+		<!--exclusion pattern="^http:/.+\.(?:js|swf)(?:$|\?)" /-->
+
+			<!--	+ve:
+					-->
+			<!--
+			<test url="http://nitroflare.com/img/swf/HighSpeedMeter.swf" />
+			<test url="http://nitroflare.com/img/swf/LowSpeedMeter.swf" />
+			<test url="http://nitroflare.com/js/downloadFree.js" />
+			<test url="http://nitroflare.com/js/general.js" />
+			<test url="http://nitroflare.com/js/jquery.placeholder.js" />
+			<test url="http://nitroflare.com/js/jquery.superbox-min.js" />
+			<test url="http://www.nitroflare.com/js/jquery.tooltipster.min.js" />
+			<test url="http://www.nitroflare.com/js/payment.js" />
+			<test url="http://www.nitroflare.com/js/view.js" />
+			<test url="http://www.nitroflare.com/plugins/fileupload/assets/canvas-to-blob.min.js" />
+			<test url="http://www.nitroflare.com/plugins/fileupload/assets/tmpl.min.js" />
+			-->
+			<test url="http://www.nitroflare.com/plugins/fileupload/js/jquery.fileupload-audio.js" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^nitroflare\.com$" name="^(?:lastFile|randHash)$" /-->
+
+	<securecookie host="^\." name="^_(?:_cfduid$|gat?$|gat_)" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/nix.ru.xml b/src/chrome/content/rules/nix.ru.xml
new file mode 100644
index 000000000000..90142756a83c
--- /dev/null
+++ b/src/chrome/content/rules/nix.ru.xml
@@ -0,0 +1,179 @@
+<!--
+	Invalid certificate:
+		www.eda.nix.ru
+		www.garant.nix.ru
+		www.job.nix.ru
+		www.lab.nix.ru
+		www.rabota.nix.ru
+		virtualwww2.nix.ru
+
+	Refused:
+		cam12.nix.ru
+		cam13.nix.ru
+		cam14.nix.ru
+		contests.nix.ru
+		green.nix.ru
+		mail-region.nix.ru
+		mailing.nix.ru
+		voip.nix.ru
+
+	Too many redirects:
+		secure.nix.ru
+
+	Unreachable:
+		contests2.nix.ru
+		download.nix.ru
+		ftp.nix.ru
+		ftp2.nix.ru
+		mailgw.nix.ru
+		netp.nix.ru
+		ns2.nix.ru
+-->
+<ruleset name="nix.ru">
+	<target host="nix.ru" />
+	<target host="www.nix.ru" />
+	<target host="arzamas.nix.ru" />
+	<target host="astrahan.nix.ru" />
+	<target host="balashiha.nix.ru" />
+	<target host="belgorod.nix.ru" />
+	<target host="berezniki.nix.ru" />
+	<target host="bryansk.nix.ru" />
+	<target host="budennovsk.nix.ru" />
+	<target host="bugulma.nix.ru" />
+	<target host="cheboksary.nix.ru" />
+	<target host="chel.nix.ru" />
+	<target host="chehov.nix.ru" />
+	<target host="cher.nix.ru" />
+	<target host="chita.nix.ru" />
+	<target host="daminov.nix.ru" />
+	<target host="dengi.nix.ru" />
+	<target host="derbent.nix.ru" />
+	<target host="dolgopa.nix.ru" />
+	<target host="dubna.nix.ru" />
+	<target host="e-burg.nix.ru" />
+	<target host="eda.nix.ru" />
+	<target host="elabuga.nix.ru" />
+	<target host="elets.nix.ru" />
+	<target host="elista.nix.ru" />
+	<target host="elpina.nix.ru" />
+	<target host="home.nix.ru" />
+	<target host="huchny.nix.ru" />
+	<target host="garant.nix.ru" />
+	<target host="grozny.nix.ru" />
+	<target host="irkutsk.nix.ru" />
+	<target host="ishim.nix.ru" />
+	<target host="ivanovo.nix.ru" />
+	<target host="izhevsk.nix.ru" />
+	<target host="job.nix.ru" />
+	<target host="kachkanar.nix.ru" />
+	<target host="kaliningrad.nix.ru" />
+	<target host="kaluga.nix.ru" />
+	<target host="kamchatka.nix.ru" />
+	<target host="kasumkent.nix.ru" />
+	<target host="kazan.nix.ru" />
+	<target host="kemerovo.nix.ru" />
+	<target host="kineshma.nix.ru" />
+	<target host="kizlyar.nix.ru" />
+	<target host="korolev.nix.ru" />
+	<target host="kostroma.nix.ru" />
+	<target host="krasnodar.nix.ru" />
+	<target host="krasnogorsk.nix.ru" />
+	<target host="krasnoyarsk.nix.ru" />
+	<target host="kurchatov.nix.ru" />
+	<target host="kurgan.nix.ru" />
+	<target host="kursk.nix.ru" />
+	<target host="lab.nix.ru" />
+	<target host="lesosibirsk.nix.ru" />
+	<target host="lipetsk.nix.ru" />
+	<target host="livny.nix.ru" />
+	<target host="lyubertsy.nix.ru" />
+	<target host="m.nix.ru" />
+	<target host="magaramkent.nix.ru" />
+	<target host="max.nix.ru" />
+	<target host="muravlenko.nix.ru" />
+	<target host="murmansk.nix.ru" />
+	<target host="mytishchi.nix.ru" />
+	<target host="nabchelny.nix.ru" />
+	<target host="nalchik.nix.ru" />
+	<target host="nazran.nix.ru" />
+	<target host="nn.nix.ru" />
+	<target host="novokuzneck.nix.ru" />
+	<target host="novomichurinsk.nix.ru" />
+	<target host="novosibirsk.nix.ru" />
+	<target host="novotroitsk.nix.ru" />
+	<target host="novouralsk.nix.ru" />
+	<target host="ntagil.nix.ru" />
+	<target host="nvartovsk.nix.ru" />
+	<target host="obninsk.nix.ru" />
+	<target host="odincovo.nix.ru" />
+	<target host="omsk.nix.ru" />
+	<target host="orel.nix.ru" />
+	<target host="orenburg.nix.ru" />
+	<target host="oskol.nix.ru" />
+	<target host="pechora.nix.ru" />
+	<target host="perm.nix.ru" />
+	<target host="pk.nix.ru" />
+	<target host="pnz.nix.ru" />
+	<target host="podolsk.nix.ru" />
+	<target host="polaris.nix.ru" />
+	<target host="private.nix.ru" />
+	<target host="probki.nix.ru" />
+	<target host="pz.nix.ru" />
+	<target host="q.nix.ru" />
+	<target host="qm.nix.ru" />
+	<target host="rabota.nix.ru" />
+	<target host="ramenskoe.nix.ru" />
+	<target host="ref.nix.ru" />
+	<target host="romchuk.nix.ru" />
+	<target host="rossosh.nix.ru" />
+	<target host="rostov-na-donu.nix.ru" />
+	<target host="rubaev.nix.ru" />
+	<target host="ryazan.nix.ru" />
+	<target host="rybinsk.nix.ru" />
+	<target host="rzhev.nix.ru" />
+	<target host="salda.nix.ru" />
+	<target host="samara.nix.ru" />
+	<target host="saransk.nix.ru" />
+	<target host="saratov.nix.ru" />
+	<target host="sarov.nix.ru" />
+	<target host="search.nix.ru" />
+	<target host="segezha.nix.ru" />
+	<target host="serov.nix.ru" />
+	<target host="sevastopol.nix.ru" />
+	<target host="shuya.nix.ru" />
+	<target host="skopin.nix.ru" />
+	<target host="sp.nix.ru" />
+	<target host="spb.nix.ru" />
+	<target host="sochi.nix.ru" />
+	<target host="static.nix.ru" />
+	<target host="stavropol.nix.ru" />
+	<target host="support.nix.ru" />
+	<target host="syktyvkar.nix.ru" />
+	<target host="taganrog.nix.ru" />
+	<target host="tambov.nix.ru" />
+	<target host="testd.nix.ru" />
+	<target host="tolyatti.nix.ru" />
+	<target host="tomsk.nix.ru" />
+	<target host="tula.nix.ru" />
+	<target host="tumen.nix.ru" />
+	<target host="tver.nix.ru" />
+	<target host="ufa.nix.ru" />
+	<target host="uglich.nix.ru" />
+	<target host="ukhta.nix.ru" />
+	<target host="ul.nix.ru" />
+	<target host="ulan-ude.nix.ru" />
+	<target host="viluchinsk.nix.ru" />
+	<target host="vladikavkaz.nix.ru" />
+	<target host="vladivostok.nix.ru" />
+	<target host="volgograd.nix.ru" />
+	<target host="vologda.nix.ru" />
+	<target host="volzhsky.nix.ru" />
+	<target host="voronezh.nix.ru" />
+	<target host="web-front.nix.ru" />
+	<target host="yar.nix.ru" />
+	<target host="yola.nix.ru" />
+	<target host="zheleznogorsk.nix.ru" />
+	<target host="zhukovsky.nix.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/nkj.ru.xml b/src/chrome/content/rules/nkj.ru.xml
new file mode 100644
index 000000000000..e6390f0f5008
--- /dev/null
+++ b/src/chrome/content/rules/nkj.ru.xml
@@ -0,0 +1,6 @@
+<ruleset name="nkj.ru">
+	<target host="nkj.ru" />
+	<target host="www.nkj.ru" />
+	<target host="m.nkj.ru" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/nllapps.xml b/src/chrome/content/rules/nllapps.xml
new file mode 100644
index 000000000000..adb78300816a
--- /dev/null
+++ b/src/chrome/content/rules/nllapps.xml
@@ -0,0 +1,8 @@
+<ruleset name="nllapps">
+
+	<target host="nllapps.com"/>
+	<target host="www.nllapps.com"/>
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/nltk.org.xml b/src/chrome/content/rules/nltk.org.xml
new file mode 100644
index 000000000000..c8089f07918c
--- /dev/null
+++ b/src/chrome/content/rules/nltk.org.xml
@@ -0,0 +1,26 @@
+<!--
+	Problematic subdomains:
+		nltk.org (certificate mismatch)
+
+	Invalid certificate:
+		build.nltk.org
+		ftp.nltk.org
+		mobilemail.nltk.org
+		pda.nltk.org
+		webmail.nltk.org
+		wiki.nltk.org
+
+	Time out:
+		e.nltk.org
+		imap.nltk.org
+		mail.nltk.org
+		pop.nltk.org
+		smtp.nltk.org
+-->
+<ruleset name="nltk.org">
+	<target host="nltk.org" />
+	<target host="www.nltk.org" />
+
+	<rule from="^http://nltk\.org/" to="https://www.nltk.org/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/nlx.org-falsemixed.xml b/src/chrome/content/rules/nlx.org-falsemixed.xml
new file mode 100644
index 000000000000..867fa771530f
--- /dev/null
+++ b/src/chrome/content/rules/nlx.org-falsemixed.xml
@@ -0,0 +1,26 @@
+<!--
+	For rules causing false/broken MCB, see nlx.org.xml.
+
+-->
+<ruleset name="nlx.org (false MCB)" platform="mixedcontent">
+
+	<!--	Complications:
+				-->
+	<target host="nlx.org" />
+	<target host="www.nlx.org" />
+
+
+	<!--	Redirect drops forward slash and args:
+							-->
+	<rule from="^http://(?:www\.)?nlx\.org/+(?:\?.*)?$"
+		to="https://us.jobs/" />
+
+		<test url="http://nlx.org/default.aspx" />
+
+	<!--	Redirect keeps path and args,
+		but not forward slash:
+					-->
+	<rule from="^http://(?:www\.)?nlx\.org/+"
+		to="https://us.jobs/?404;https://nlx.org:443/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/nlx.org.xml b/src/chrome/content/rules/nlx.org.xml
new file mode 100644
index 000000000000..161ea19cf42d
--- /dev/null
+++ b/src/chrome/content/rules/nlx.org.xml
@@ -0,0 +1,65 @@
+<!--
+	For rules causing false/broken MCB, see nlx.org-falsemixed.xml.
+
+
+	CDN buckets:
+
+		- de.nlx.org.s3.amazonaws.com
+		- d2e48ltfsb5exy.cloudfront.net	← css, png
+		- dn9tckvz2rpxv.cloudfront.net	← seo
+
+
+	Problematic hosts in *nlx.org:
+
+		- (www.)? * ᵐ
+		- css ᵐ
+		- de ᵐ
+		- png ᵐ
+		- seo ᵐ
+
+	* Mixed css at redirect destination
+	ᵐ Mismatched
+
+-->
+<ruleset name="nlx.org (partial)">
+
+	<!--	Complications:
+				-->
+	<!--target host="nlx.org" /-->
+	<target host="css.nlx.org" />
+	<target host="de.nlx.org" />
+	<target host="png.nlx.org" />
+	<target host="seo.nlx.org" />
+	<!--target host="www.nlx.org" /-->
+
+
+	<!--	Redirect drops forward slash and args:
+							-->
+	<!--rule from="^http://(?:www\.)?nlx\.org/+(?:\?.*)?$"
+		to="https://us.jobs/" /-->
+
+		<!--test url="http://nlx.org/default.aspx" /-->
+
+	<!--	Redirect keeps path and args,
+		but not forward slash:
+					-->
+	<!--rule from="^http://(?:www\.)?nlx\.org/+"
+		to="https://us.jobs/?404;https://nlx.org:443/" /-->
+
+	<rule from="^http://(?:css|png)\.nlx\.org/"
+		to="https://d2e48ltfsb5exy.cloudfront.net/" />
+
+		<test url="http://css.nlx.org/usjobs_static/css/mobileStyles.css" />
+		<test url="http://png.nlx.org/content_ms/files/facebook.png" />
+
+	<rule from="^http://de\.nlx\.org/"
+		to="https://de.nlx.org/" />
+
+		<test url="http://de.nlx.org/logos/nlx-de-tag.gif" />
+
+	<rule from="^http://seo\.nlx\.org/"
+		to="https://dn9tckvz2rpxv.cloudfront.net/" />
+
+		<test url="http://seo.nlx.org/acxiom.jobs/aboutads.png" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/nobelprize.org.xml b/src/chrome/content/rules/nobelprize.org.xml
new file mode 100644
index 000000000000..85dba0d18d45
--- /dev/null
+++ b/src/chrome/content/rules/nobelprize.org.xml
@@ -0,0 +1,24 @@
+<!--
+Invalid certificate:
+	nobelprize.org
+	live.nobelprize.org
+	podcast.nobelprize.org
+
+Timeout:
+	api.nobelprize.org
+	data.nobelprize.org
+	images.nobelprize.org
+	mmm.nobelprize.org
+	static.nobelprize.org
+-->
+<ruleset name="nobelprize.org">
+	<target host="nobelprize.org" />
+	<target host="www.nobelprize.org" />
+	<target host="images.nobelprize.org" />
+	<target host="preview.nobelprize.org" />
+	<target host="static.nobelprize.org" />
+
+	<rule from="^http://nobelprize\.org/" to="https://www.nobelprize.org/" />
+	<rule from="^http://(images|static)\.nobelprize\.org/" to="https://www.nobelprize.org/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/noblogs.org.xml b/src/chrome/content/rules/noblogs.org.xml
new file mode 100644
index 000000000000..1cb92a28b1c3
--- /dev/null
+++ b/src/chrome/content/rules/noblogs.org.xml
@@ -0,0 +1,18 @@
+<!--
+	self-signed:
+		- stats
+-->
+<ruleset name="noblogs.org">
+	<target host="noblogs.org" />
+	<target host="*.noblogs.org" />
+
+	<exclusion pattern="^http://stats\.noblogs\.org/" />
+
+	<test url="http://newroz.noblogs.org/" />
+	<test url="http://citywest.noblogs.org/" />
+	<test url="http://volturno.noblogs.org/" />
+	<test url="http://stats.noblogs.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/nodeny-plus.com.ua.xml b/src/chrome/content/rules/nodeny-plus.com.ua.xml
new file mode 100644
index 000000000000..3402e843e6a4
--- /dev/null
+++ b/src/chrome/content/rules/nodeny-plus.com.ua.xml
@@ -0,0 +1,16 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://app.nodeny-plus.com.ua/ => https://app.nodeny-plus.com.ua/: (60, 'SSL certificate problem: certificate has expired')
+
+nodeny-plus.com.ua ⁵
+www.nodeny-plus.com.ua ⁵
+
+
+⁵ expired
+-->
+<ruleset name="nodeny-plus.com.ua (partial)" default_off="failed ruleset test">
+	<target host="app.nodeny-plus.com.ua" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/nodistribute.com.xml b/src/chrome/content/rules/nodistribute.com.xml
new file mode 100644
index 000000000000..3655a8e4edff
--- /dev/null
+++ b/src/chrome/content/rules/nodistribute.com.xml
@@ -0,0 +1,5 @@
+<ruleset name="NoDistribute">
+	<target host="nodistribute.com" />
+	<target host="www.nodistribute.com" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/nominet.uk.xml b/src/chrome/content/rules/nominet.uk.xml
new file mode 100644
index 000000000000..1eef2934de98
--- /dev/null
+++ b/src/chrome/content/rules/nominet.uk.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.nominet.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Nominet.uk">
+
+	<target host="nominet.uk" />
+	<target host="www.nominet.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.nominet\.uk$" name="^AWSELB$" /-->
+
+	<securecookie host="^\." name="^(?:__cfduid$|_ga|cf_clearance$)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/non-fides.fr.xml b/src/chrome/content/rules/non-fides.fr.xml
new file mode 100644
index 000000000000..52f26eec49c5
--- /dev/null
+++ b/src/chrome/content/rules/non-fides.fr.xml
@@ -0,0 +1,8 @@
+<ruleset name="non-fides.fr">
+
+	<target host="non-fides.fr" />
+	<target host="www.non-fides.fr" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/noonpresse.com.xml b/src/chrome/content/rules/noonpresse.com.xml
new file mode 100644
index 000000000000..b8af313a990e
--- /dev/null
+++ b/src/chrome/content/rules/noonpresse.com.xml
@@ -0,0 +1,12 @@
+<!--
+	Invalid Certificate:
+		video.noonpresse.com
+-->
+<ruleset name="noonpresse.com" platform="mixedcontent">
+	<target host="noonpresse.com" />
+	<target host="www.noonpresse.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/nordjyske.dk.xml b/src/chrome/content/rules/nordjyske.dk.xml
new file mode 100644
index 000000000000..8e34f0873ea6
--- /dev/null
+++ b/src/chrome/content/rules/nordjyske.dk.xml
@@ -0,0 +1,22 @@
+<!--
+	Note: platform is so as not to increase non-Tor
+	distinguishability, given that no pages are covered
+	and no mixed content secured.
+
+-->
+<ruleset name="nordjyske.dk" platform="mixedcontent">
+
+	<target host="imageservice.nordjyske.dk" />
+
+		<!--	$ 403s, so:
+					-->
+		<test url="http://imageservice.nordjyske.dk/images/nordjyske.story/2016_08_31/18c301a6-8cd0-49c6-8f58-030c5d2b9265.jpg?w=320&amp;h=180&amp;mode=crop&amp;scale=both" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/nordportal.ru.xml b/src/chrome/content/rules/nordportal.ru.xml
new file mode 100644
index 000000000000..fd1efad4b9ed
--- /dev/null
+++ b/src/chrome/content/rules/nordportal.ru.xml
@@ -0,0 +1,7 @@
+<!-- doska. mismatch
+pressa. mismatch -->
+<ruleset name="nordportal.ru">
+	<target host="nordportal.ru" />
+	<target host="www.nordportal.ru" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/norfolk.gov.uk.xml b/src/chrome/content/rules/norfolk.gov.uk.xml
new file mode 100644
index 000000000000..64a342afbd0e
--- /dev/null
+++ b/src/chrome/content/rules/norfolk.gov.uk.xml
@@ -0,0 +1,94 @@
+<!--
+	Norfolk County Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *norfolk.gov.uk:
+
+		- (www.)?adulteducation ⁴
+		- (www.)?archives ᵃ
+		- (www.)?artlandish ᵃ
+		- (www.)?disruptions ᵃ
+		- (www.)?eficts ᵃ
+		- efs ᵃ
+		- egyptweb ᵃ
+		- elections ᵈ
+		- eplanning ᵃ
+		- (www.)?heritage ᵃ
+		- www.kict ᵃ
+		- www.localaccessforum ᵃ
+		- maps ᵈ
+		- (www.)?museums ᵃ
+		- (www.)?events.museums ʳ
+		- nfrs ᵃ
+		- (www.)?nscb ᵃ
+		- (www.)?pcbookings ᵃ
+		- (www.)?sandys ᵈ
+		- (www.)?schools ᵃ
+		- (www.)?s4s ᵃ
+		- (www.)?think ᵈ
+		- (www.)?whereilive ᵈ
+		- (www.)?yp2 ᵈ
+
+	⁴ 404
+	ᵃ Shows another domain
+	ᵈ Dropped
+	ʳ Refused
+
+
+	Problematic hosts in *norfolk.gov.uk:
+
+		- digitallibrary ᵐ
+		- (www.)?ict ᶜ ᵐ
+
+	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- csapps.norfolk.gov.uk
+		- enrol.norfolk.gov.uk
+		- esinet.norfolk.gov.uk
+		- www.esinet.norfolk.gov.uk
+		- online.norfolk.gov.uk
+
+-->
+<ruleset name="Norfolk.gov.uk (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.admissionsonline.norfolk.gov.uk" />
+	<target host="csapps.norfolk.gov.uk" />
+	<target host="enrol.norfolk.gov.uk" />
+	<target host="esinet.norfolk.gov.uk" />
+	<target host="www.esinet.norfolk.gov.uk" />
+	<target host="holdall.norfolk.gov.uk" />
+	<target host="online.norfolk.gov.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="digitallibrary.norfolk.gov.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:csapps|esinet|www\.esinet)\.norfolk\.gov\.uk$" name="^ASPSESSIONID[A-Z]$" /-->
+	<!--securecookie host="^enrol\.norfolk\.gov\.uk$" name="^(?:ASPSESSIONID[A-Z]|OnlineRegisterLogin)$" /-->
+	<!--securecookie host="^online\.norfolk\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<!--	Redirect drops forward slash, path, and args:
+								-->
+	<rule from="^http://digitallibrary\.norfolk\.gov\.uk/.*"
+		to="https://norfolk.overdrive.com/" />
+
+		<test url="http://digitallibrary.norfolk.gov.uk/default.aspx" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/norsk-tipping.no.xml b/src/chrome/content/rules/norsk-tipping.no.xml
new file mode 100644
index 000000000000..43ae39dfa347
--- /dev/null
+++ b/src/chrome/content/rules/norsk-tipping.no.xml
@@ -0,0 +1,41 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- norsk-tipping.no
+		- www.norsk-tipping.no
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	STS header includes includesubdomains
+	for ^, www
+
+-->
+<ruleset name="Norsk-Tipping.no">
+
+	<target host="norsk-tipping.no" />
+	<target host="*.norsk-tipping.no" />
+
+		<!--	STS header applies to one level only, so:
+									-->
+		<exclusion pattern="^http://(?:[^./]+\.){2,}norsk-tipping\.no/" />
+
+			<!--	+ve:
+					-->
+			<test url="http://this.host.norsk-tipping.no/" />
+			<test url="http://exists.not.norsk-tipping.no/" />
+
+		<test url="http://www.norsk-tipping.no/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?norsk-tipping\.no$" name="^(?:NorskTipping|TS[\da-f]{8})$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/northamptonshire.gov.uk.xml b/src/chrome/content/rules/northamptonshire.gov.uk.xml
new file mode 100644
index 000000000000..ee950571890e
--- /dev/null
+++ b/src/chrome/content/rules/northamptonshire.gov.uk.xml
@@ -0,0 +1,126 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://connect2.northamptonshire.gov.uk/ => https://connect2.northamptonshire.gov.uk/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.connect2.northamptonshire.gov.uk/ => https://www.connect2.northamptonshire.gov.uk/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://librarycatalogue.northamptonshire.gov.uk/ => https://librarycatalogue.northamptonshire.gov.uk/web/arena: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	Northamptonshire County Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *northamptonshire.gov.uk:
+
+		- maps ᵈ
+		- www3 ⁴
+		- www5 ⁴
+
+	⁴ 404
+	ᵈ Dropped
+
+
+	Problematic hosts in *northamptonshire.gov.uk:
+
+		- eduweb ᶜ
+		- (www.)?librarycatalogue ᵇ
+
+	ᵇ $ shows default page, preemptable redirect
+
+
+	These altnames do not exist:
+
+		- www.eduweb.northamptonshire.gov.uk
+		- www.payments.northamptonshire.gov.uk
+		- www.pensions.northamptonshire.gov.uk
+
+
+	Insecure cookies are set for these hosts:
+
+		- eduweb.northamptonshire.gov.uk
+		- payments.northamptonshire.gov.uk
+
+
+	Mixed content:
+
+		- css on pensions from fonts.googleapis.com ˢ
+
+		- Images, on:
+
+			- eduweb from go.microsoft.com ˢ
+			- pensions from $self ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Northamptonshire.gov.uk (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="northamptonshire.gov.uk" />
+	<target host="connect2.northamptonshire.gov.uk" />
+	<target host="www.connect2.northamptonshire.gov.uk" />
+	<!--target host="eduweb.northamptonshire.gov.uk" /-->
+	<target host="payments.northamptonshire.gov.uk" />
+	<target host="pensions.northamptonshire.gov.uk" />
+	<target host="www.northamptonshire.gov.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="librarycatalogue.northamptonshire.gov.uk" />
+	<target host="www.librarycatalogue.northamptonshire.gov.uk" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://(?:www\.)?northamptonshire\.gov\.uk/(?:Pages/VariationRoot|en/Pages/HomePage)\.aspx" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://(?:www\.)?northamptonshire\.gov\.uk/(?!/*(?:.*/)?(?:_layouts|FooterImages|PublishingImages|[Ss]tyle%20[Ll]ibrary)/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://northamptonshire.gov.uk/Pages/VariationRoot.aspx" />
+			<test url="http://northamptonshire.gov.uk/buspass" />
+			<test url="http://northamptonshire.gov.uk/elibrary" />
+			<test url="http://northamptonshire.gov.uk/en/Pages/HomePage.aspx" />
+			<test url="http://www.northamptonshire.gov.uk/learnercharter" />
+			<test url="http://www.northamptonshire.gov.uk/longbuckbylibrary" />
+			<test url="http://www.northamptonshire.gov.uk/payments" />
+			<test url="http://www.northamptonshire.gov.uk/racetothetop" />
+			<test url="http://www.northamptonshire.gov.uk/streetdoctor" />
+
+			<!--	-ve:
+					-->
+			<test url="http://northamptonshire.gov.uk/_layouts/NCCWeb/styles/images/NCCGradBack-Inactive.jpg" />
+			<test url="http://northamptonshire.gov.uk/FooterImages/twitter-168.png" />
+			<test url="http://www.northamptonshire.gov.uk/PublishingImages/Popular%20Strip/popular-strip-icon-school.gif" />
+			<test url="http://www.northamptonshire.gov.uk/style%20library/images/general/pixel.gif" />
+
+		<!--	Sets cookie without Secure:
+							-->
+		<!--test url="http://cmis.northamptonshire.gov.uk/cmis5live/Councillors.aspx" /-->
+
+		<!--	404:
+				-->
+		<!--test url="http://www4.northamptonshire.gov.uk/schoolclosure/" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^cmis\.northamptonshire\.gov\.uk$" name="^(?:\.ASPXANONYMOUS|ASP\.NET_SessionId|DateInputMode|language)$" /-->
+	<!--securecookie host="^eduweb\.northamptonshire\.gov\.uk$" name="^BNI_BARRACUDA_LB_COOKIE$" /-->
+	<!--securecookie host="^payments\.northamptonshire\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^(?!www\.n)\w" name=".+" />
+
+
+	<!--	Redirect keeps args but not forward slash:
+								-->
+	<rule from="^http://(www\.)?librarycatalogue\.northamptonshire\.gov\.uk/+(?=$|\?)"
+		to="https://$1librarycatalogue.northamptonshire.gov.uk/web/arena" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/northeastjobs.org.uk.xml b/src/chrome/content/rules/northeastjobs.org.uk.xml
new file mode 100644
index 000000000000..285adcf48d1f
--- /dev/null
+++ b/src/chrome/content/rules/northeastjobs.org.uk.xml
@@ -0,0 +1,24 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- northeastjobs.org.uk
+		- www.northeastjobs.org.uk
+
+-->
+<ruleset name="North East Jobs.org.uk">
+
+	<target host="northeastjobs.org.uk" />
+	<target host="www.northeastjobs.org.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?northeastjobs\.org\.uk$" name="^(?:fs|ua)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/northlincs.gov.uk-falsemixed.xml b/src/chrome/content/rules/northlincs.gov.uk-falsemixed.xml
new file mode 100644
index 000000000000..ae762e6979f2
--- /dev/null
+++ b/src/chrome/content/rules/northlincs.gov.uk-falsemixed.xml
@@ -0,0 +1,20 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://leisure.northlincs.gov.uk/ (200) => https://leisure.northlincs.gov.uk/ (403)
+
+	For rules not causing false/broken MCB, see northlincs.gov.uk.xml.
+
+-->
+<ruleset name="North Lincs.gov.uk (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
+
+	<target host="leisure.northlincs.gov.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/northlincs.gov.uk.xml b/src/chrome/content/rules/northlincs.gov.uk.xml
new file mode 100644
index 000000000000..81730c771961
--- /dev/null
+++ b/src/chrome/content/rules/northlincs.gov.uk.xml
@@ -0,0 +1,54 @@
+<!--
+	North Lincolnshire Council
+
+	For rules causing false/broken MCB, see northlincs.gov.uk-falsemixed.xml.
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *northlincs.gov.uk:
+
+		- (www.)? ³
+		- nldo ³
+		- (www.)?planning ³
+		- webarchive ³
+		- www:81 ᵖ
+
+	³ 403
+	ᵖ Plaintext reply
+
+
+	Problematic hosts in *northlincs.gov.uk:
+
+		- leisure ˣ
+		- www.opac ᵐ
+
+	ᵐ Mismatched
+	ˣ Mixed css
+
+
+	Mixed content:
+
+		- css on leisure from $self ˢ
+		- Images on leisure from $self ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="North Lincs.gov.uk (partial)">
+
+	<target host="ems.northlincs.gov.uk" />
+	<!--target host="leisure.northlincs.gov.uk" /-->
+
+		<!--	Mixed css:
+					-->
+		<!--test url="http://leisure.northlincs.gov.uk/HomePortal/" /-->
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/northumberland.gov.uk.xml b/src/chrome/content/rules/northumberland.gov.uk.xml
new file mode 100644
index 000000000000..a5ec8a66b860
--- /dev/null
+++ b/src/chrome/content/rules/northumberland.gov.uk.xml
@@ -0,0 +1,81 @@
+<!--
+	Northumberland County Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *northumberland.gov.uk:
+
+		- (www.)? ᶠ
+		- adoption ᶠ
+		- benefits ᶠ
+		- committeedocs ᶠ
+		- committees ᶠ
+		- communities ᵈ
+		- fostering ᶠ
+		- holyisland ᶠ
+		- library ᵈ
+		- map ᶠ
+		- mapreport ᶠ
+		- opendata ᵈ
+		- orawww ᶠ
+		- prow ᵈ
+		- prowmaps ᶠ
+		- registrar ᶠ
+
+	ᵈ Dropped
+	ᶠ Handshake fails
+
+
+	Problematic hosts in *northumberland.gov.uk:
+
+		- childrencentresnorth ᵃ
+		- ngfl ᵃ
+
+	ᵃ Shows another domain; equivalent to a working domain
+
+
+	Insecure cookies are set for these hosts:
+
+		- mail.northumberland.gov.uk
+		- myaccount.northumberland.gov.uk
+
+-->
+<ruleset name="Northumberland.gov.uk (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="fsiavailability.northumberland.gov.uk" />
+	<target host="gwaste.northumberland.gov.uk" />
+	<target host="mail.northumberland.gov.uk" />
+	<target host="myaccount.northumberland.gov.uk" />
+	<target host="online.northumberland.gov.uk" />
+	<target host="parkingpcns.northumberland.gov.uk" />
+	<target host="pestcontrolss.northumberland.gov.uk" />
+	<target host="publicaccess.northumberland.gov.uk" />
+	<target host="wastepermitss.northumberland.gov.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="childrencentresnorth.northumberland.gov.uk" />
+	<target host="ngfl.northumberland.gov.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^mail\.northumberland\.gov\.uk$" name="^(?:ASPSESSIONID[A-Z]{8}|uniquesig[\dA-F]{64})$" /-->
+	<!--securecookie host="^myaccount\.northumberland\.gov\.uk$" name="^(?:JSESSIONID|cookietest)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://childrencentresnorth\.northumberland\.gov\.uk/"
+		to="https://3860.eschools.co.uk/" />
+
+	<rule from="^http://ngfl\.northumberland\.gov\.uk/"
+		to="https://457-northumberland.eschools.co.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/northyorks.gov.uk.xml b/src/chrome/content/rules/northyorks.gov.uk.xml
new file mode 100644
index 000000000000..498bf4f8205c
--- /dev/null
+++ b/src/chrome/content/rules/northyorks.gov.uk.xml
@@ -0,0 +1,86 @@
+<!--
+	North Yorkshire County Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *northyorks.gov.uk:
+
+		- (www.)? ᶠ
+		- archives ᵈ
+		- breeze ᵈ
+		- cyps ᶠ
+		- democracy ᵃ
+		- m ᶠ
+		- maps ᵈ
+		- schools ᵈ
+		- smartsolutions ᵃ
+		- visits ᵈ
+		- ynywp ᶠ
+
+	ᵃ Shows another domain
+	ᵈ Dropped
+	ᶠ Handshake fails
+
+
+	Problematic hosts in *northyorks.gov.uk:
+
+		- archiveshop ᵐ ˢ
+		- engage ᵐ
+		- selfservice ᶜ
+
+	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
+	ᵐ Mismatched
+	ˢ Self-signed
+
+
+	Insecure cookies are set for these hosts:
+
+		- consult.northyorks.gov.uk
+		- onlineadmissions.northyorks.gov.uk
+		- passes.northyorks.gov.uk
+		- pensionaltair.northyorks.gov.uk
+		- schooladmissions.northyorks.gov.uk
+		- schoolforms.northyorks.gov.uk
+		- selfservice.northyorks.gov.uk
+		- www6.northyorks.gov.uk
+
+-->
+<ruleset name="North Yorks.gov.uk (partial)">
+
+	<target host="consult.northyorks.gov.uk" />
+	<target host="coursefinder.northyorks.gov.uk" />
+	<target host="learningzone.northyorks.gov.uk" />
+	<target host="onlineadmissions.northyorks.gov.uk" />
+	<target host="onlineforms.northyorks.gov.uk" />
+	<target host="onlineplanningregister.northyorks.gov.uk" />
+	<target host="passes.northyorks.gov.uk" />
+	<target host="pensionaltair.northyorks.gov.uk" />
+	<target host="schooladmissions.northyorks.gov.uk" />
+	<!--target host="selfservice.northyorks.gov.uk" /-->
+	<target host="wa5.northyorks.gov.uk" />
+	<target host="www6.northyorks.gov.uk" />
+
+		<!--	Set cookie without Secure:
+							-->
+		<!--test url="http://consult.northyorks.gov.uk/snapwebhost/s.asp?k=" /-->
+		<!--test url="http://onlineforms.northyorks.gov.uk/citizenportal/form.aspx?form=Occasional_sales_notification" /-->
+		<!--test url="http://www6.northyorks.gov.uk/LZCS/main/default.aspx" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:online|school)admissions\.northyorks\.gov\.uk$" name="^(?:ASP\.NET_SessionId|ISAWPLB\{[\dA-F]{8}(?:-[\dA-F]{4}){2}-[\dA-F]{12}\})$" /-->
+	<!--securecookie host="^consult\.northyorks\.gov\.uk$" name="^ASPSESSIONID[A-Z]{8}$" /-->
+	<!--securecookie host="^passes\.northyorks\.gov\.uk$" name="^BIGipServer" /-->
+	<!--securecookie host="^pensionaltair\.northyorks\.gov\.uk$" name="^(?:JSESSIONID|javax\.faces\.ClientToken|scheEmp)$" /-->
+	<!--securecookie host="^selfservice\.northyorks\.gov\.uk$" name="^ARPT$" /-->
+	<!--securecookie host="^(?:onlineforms|www6)\.northyorks\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/nosdeputes.fr.xml b/src/chrome/content/rules/nosdeputes.fr.xml
new file mode 100644
index 000000000000..1412d47eb2b2
--- /dev/null
+++ b/src/chrome/content/rules/nosdeputes.fr.xml
@@ -0,0 +1,8 @@
+<ruleset name="nosdeputes.fr">
+        <target host="nosdeputes.fr" />
+        <target host="www.nosdeputes.fr" />
+        <target host="2007-2012.nosdeputes.fr" />
+
+        <rule from="^http:"
+                to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/nossenateurs.fr.xml b/src/chrome/content/rules/nossenateurs.fr.xml
new file mode 100644
index 000000000000..027e30af791b
--- /dev/null
+++ b/src/chrome/content/rules/nossenateurs.fr.xml
@@ -0,0 +1,7 @@
+<ruleset name="nossenateurs.fr">
+        <target host="nossenateurs.fr" />
+        <target host="www.nossenateurs.fr" />
+
+        <rule from="^http:"
+                to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/notehub.org.xml b/src/chrome/content/rules/notehub.org.xml
new file mode 100644
index 000000000000..a6e440301b7c
--- /dev/null
+++ b/src/chrome/content/rules/notehub.org.xml
@@ -0,0 +1,23 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .notehub.org
+
+-->
+<ruleset name="NoteHub.org">
+
+	<target host="notehub.org" />
+	<target host="www.notehub.org" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.notehub\.org" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/nottinghamshirealert.co.uk.xml b/src/chrome/content/rules/nottinghamshirealert.co.uk.xml
new file mode 100644
index 000000000000..491088d0fc04
--- /dev/null
+++ b/src/chrome/content/rules/nottinghamshirealert.co.uk.xml
@@ -0,0 +1,13 @@
+<ruleset name="Nottinghamshire Alert.co.uk">
+
+	<target host="nottinghamshirealert.co.uk" />
+	<target host="www.nottinghamshirealert.co.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/nousrandom.net.xml b/src/chrome/content/rules/nousrandom.net.xml
new file mode 100644
index 000000000000..50e134d9f912
--- /dev/null
+++ b/src/chrome/content/rules/nousrandom.net.xml
@@ -0,0 +1,20 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://nousrandom.net/ => https://nousrandom.net/: (60, 'SSL certificate problem: self signed certificate')
+Fetch error: http://www.nousrandom.net/ => https://www.nousrandom.net/: (60, 'SSL certificate problem: self signed certificate')
+
+-->
+<ruleset name="NousRandom.net" default_off="failed ruleset test">
+
+	<target host="nousrandom.net" />
+	<target host="www.nousrandom.net" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/novayagazeta.ru.xml b/src/chrome/content/rules/novayagazeta.ru.xml
new file mode 100644
index 000000000000..5fa7d181777f
--- /dev/null
+++ b/src/chrome/content/rules/novayagazeta.ru.xml
@@ -0,0 +1,44 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://content.novayagazeta.ru/ (200) => https://content.novayagazeta.ru/ (404)
+
+blog.novayagazeta.ru ¹
+lj.novayagazeta.ru ³
+ns2.novayagazeta.ru ²
+old.novayagazeta.ru ³
+2000.novayagazeta.ru different content
+2001.novayagazeta.ru different content
+2002.novayagazeta.ru different content
+2003.novayagazeta.ru different content
+2004.novayagazeta.ru different content
+2005.novayagazeta.ru different content
+2006.novayagazeta.ru different content
+2007.novayagazeta.ru different content
+domnikov.novayagazeta.ru different content
+otk.novayagazeta.ru different content
+politkovskaya.novayagazeta.ru different content
+pro.novayagazeta.ru different content
+wap.novayagazeta.ru different content
+ys.novayagazeta.ru different content
+
+
+¹ mismatch
+² refused
+³ timed out
+-->
+<ruleset name="novayagazeta.ru" default_off="failed ruleset test">
+	<target host="novayagazeta.ru" />
+	<target host="www.novayagazeta.ru" />
+	<target host="admin.novayagazeta.ru" />
+	<target host="content.novayagazeta.ru" />
+	<target host="en.novayagazeta.ru" />
+	<target host="krug.novayagazeta.ru" />
+	<target host="new.novayagazeta.ru" />
+	<target host="next.novayagazeta.ru" />
+	<target host="pda.novayagazeta.ru" />
+	<target host="static.novayagazeta.ru" />
+	<target host="war.novayagazeta.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/novo-ordo.com.xml b/src/chrome/content/rules/novo-ordo.com.xml
new file mode 100644
index 000000000000..c9c2ca29a477
--- /dev/null
+++ b/src/chrome/content/rules/novo-ordo.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="novo-ordo.com">
+	<target host="novo-ordo.com" />
+	<target host="www.novo-ordo.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/novostivoronezha.ru.xml b/src/chrome/content/rules/novostivoronezha.ru.xml
new file mode 100644
index 000000000000..6bc5e9ac3703
--- /dev/null
+++ b/src/chrome/content/rules/novostivoronezha.ru.xml
@@ -0,0 +1,5 @@
+<ruleset name="novostivoronezha.ru">
+	<target host="novostivoronezha.ru" />
+	<target host="www.novostivoronezha.ru" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/nowere.net.xml b/src/chrome/content/rules/nowere.net.xml
new file mode 100644
index 000000000000..6bc1cb9d3576
--- /dev/null
+++ b/src/chrome/content/rules/nowere.net.xml
@@ -0,0 +1,7 @@
+<ruleset name="nowere.net">
+	<target host="nowere.net" />
+	<target host="www.nowere.net" />
+	<target host="sky.nowere.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/nowwhere.com.au-falsemixed.xml b/src/chrome/content/rules/nowwhere.com.au-falsemixed.xml
new file mode 100644
index 000000000000..f1c0e3fbc14d
--- /dev/null
+++ b/src/chrome/content/rules/nowwhere.com.au-falsemixed.xml
@@ -0,0 +1,21 @@
+<!--
+	For rules not causing false/broken MCB, see nowwhere.com.au-falsemixed.xml.
+
+-->
+<ruleset name="nowwhere.com.au (false MCB)" platform="mixedcontent">
+
+	<target host="apps.nowwhere.com.au" />
+
+		<!--	Mixed css:
+					-->
+		<test url="http://apps.nowwhere.com.au/MaryKay/ConsultantLocator/" />
+		<test url="http://apps.nowwhere.com.au/caltex/locator/" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/nowwhere.com.au.xml b/src/chrome/content/rules/nowwhere.com.au.xml
new file mode 100644
index 000000000000..11cabd9f0704
--- /dev/null
+++ b/src/chrome/content/rules/nowwhere.com.au.xml
@@ -0,0 +1,52 @@
+<!--
+	For rules causing false/broken MCB, see nowwhere.com.au.xml.
+
+
+	Problematic hosts in *nowwhere.com.au:
+
+		- apps ˣ
+
+	ˣ Mixed css
+
+
+	Insecure cookies are set for these hosts:
+
+		- nowwhere.com.au
+		- www.nowwhere.com.au
+
+
+	Mixed content:
+
+		- css on apps from $self ˢ
+
+		- Images, on:
+
+			- apps from www.caltex.com.au
+			- apps from $self ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="nowwhere.com.au (partial)">
+
+	<target host="nowwhere.com.au" />
+	<!--target host="apps.nowwhere.com.au" /-->
+	<target host="www.nowwhere.com.au" />
+
+		<!--	Mixed css:
+					-->
+		<!--test url="http://apps.nowwhere.com.au/MaryKay/ConsultantLocator/" /-->
+		<!--test url="http://apps.nowwhere.com.au/caltex/locator/" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?nowwhere\.com\.au$" name="^(?:AWSELB|MapDSID)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/nowybip.pl.xml b/src/chrome/content/rules/nowybip.pl.xml
new file mode 100644
index 000000000000..6e9cb700337c
--- /dev/null
+++ b/src/chrome/content/rules/nowybip.pl.xml
@@ -0,0 +1,8 @@
+<ruleset name="nowybip.pl (partial)">
+	<target host="nowybip.pl" />
+	<target host="www.nowybip.pl" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/noxa.de.xml b/src/chrome/content/rules/noxa.de.xml
index 6c3cf7adf8ec..d0cec61be838 100644
--- a/src/chrome/content/rules/noxa.de.xml
+++ b/src/chrome/content/rules/noxa.de.xml
@@ -1,4 +1,11 @@
-<ruleset name="noxa.de">
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://admin.noxa.de/ => https://admin.noxa.de/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://webmail.noxa.de/ => https://webmail.noxa.de/: (28, 'Connection timed out after 20001 milliseconds')
+
+-->
+<ruleset name="noxa.de" default_off="failed ruleset test">
   <target host="noxa.de" />
   <target host="admin.noxa.de" />
   <target host="webmail.noxa.de" />
@@ -9,5 +16,5 @@
 
   <rule from="^http://(?:www\.)?noxa\.de/" to="https://www.noxa.de/" />
   <rule from="^http://(admin|webmail)\.noxa\.de/" to="https://$1.noxa.de/" />
-  <rule from="^https?://noxamail\.de/$" to="https://www.noxa.de/?noxamail" />
+  <rule from="^http://noxamail\.de/$" to="https://www.noxa.de/?noxamail" />
 </ruleset>
diff --git a/src/chrome/content/rules/npp.org.hk.xml b/src/chrome/content/rules/npp.org.hk.xml
new file mode 100644
index 000000000000..94be2d09e724
--- /dev/null
+++ b/src/chrome/content/rules/npp.org.hk.xml
@@ -0,0 +1,9 @@
+<ruleset name="New People's Party">
+
+	<target host="www.npp.org.hk" />
+	<target host="npp.org.hk" />
+
+	<rule from="^http:"
+	to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/nra.org-resources.xml b/src/chrome/content/rules/nra.org-resources.xml
new file mode 100644
index 000000000000..aedc6511d67f
--- /dev/null
+++ b/src/chrome/content/rules/nra.org-resources.xml
@@ -0,0 +1,80 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://training.nra.org/css/leftnav.css => https://training.nra.org/css/leftnav.css: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://training.nra.org/documents/docs/education/training/wp2certi.wpd => https://training.nra.org/documents/docs/education/training/wp2certi.wpd: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://training.nra.org/images/bg_gray.jpg => https://training.nra.org/images/bg_gray.jpg: (28, 'Connection timed out after 20000 milliseconds')
+
+	For rules covering more than resources, see nra.org.xml.
+
+	Note: platform is so as not to increase non-Tor
+	distinguishability, given that no pages are covered
+	and no mixed content secured.
+
+-->
+<ruleset name="NRA.org (resources)" platform="mixedcontent" default_off="failed ruleset test">
+
+	<target host="careers.nra.org" />
+	<target host="clubs.nra.org" />
+	<target host="competitions.nra.org" />
+	<target host="hservices.nra.org" />
+	<target host="le.nra.org" />
+	<target host="mqp.nra.org" />
+	<target host="nrasports.nra.org" />
+	<target host="recruiting.nra.org" />
+	<target host="training.nra.org" />
+	<target host="women.nra.org" />
+	<target host="youth.nra.org" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://(?:careers|clubs|competitions|hservices|le|mqp|nrasports|recruiting|training|women|youth)\.nra\.org/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://(?:careers|clubs|competitions|hservices|le|mqp|nrasports|recruiting|training|women|youth)\.nra\.org/(?!/*(?:cs|document|image)s/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://careers.nra.org/job-openings.aspx" />
+			<test url="http://clubs.nra.org/nra-sports-magazine.aspx" />
+			<test url="http://mqp.nra.org/certificate-templates.aspx" />
+			<test url="http://training.nra.org/certificate-templates.aspx" />
+			<test url="http://women.nra.org/womens-instructional-shooting-clinics/find-a-clinic-near-you.aspx" />
+
+			<!--	-ve:
+					-->
+			<test url="http://careers.nra.org/css/recruiter.css" />
+			<test url="http://careers.nra.org/images/bg_gradient.jpg" />
+			<test url="http://clubs.nra.org/css/boilerplate.css" />
+			<test url="http://clubs.nra.org/documents/docs/clubs/final_grant_report.doc" />
+			<test url="http://clubs.nra.org/documents/pdf/clubs/paymentalliance.pdf" />
+			<test url="http://clubs.nra.org/images/bg_gray.jpg" />
+			<test url="http://competitions.nra.org/css/leftnav.css" />
+			<test url="http://competitions.nra.org/images/bg_gray.jpg" />
+			<test url="http://hservices.nra.org/css/leftnav.css" />
+			<test url="http://hservices.nra.org/images/bg_gray.jpg" />
+			<test url="http://le.nra.org/css/leftnav.css" />
+			<test url="http://le.nra.org/images/bg_gray.jpg" />
+			<test url="http://mqp.nra.org/css/leftnav.css" />
+			<test url="http://mqp.nra.org/documents/pdf/education/training/marksmanship/de_rec_form.pdf" />
+			<test url="http://mqp.nra.org/images/bg_gray.jpg" />
+			<test url="http://nrasports.nra.org/css/leftnav.css" />
+			<test url="http://nrasports.nra.org/images/bg_gray.jpg" />
+			<test url="http://recruiting.nra.org/css/recruiter.css" />
+			<test url="http://recruiting.nra.org/images/bg_gradient.jpg" />
+			<test url="http://training.nra.org/css/leftnav.css" />
+			<test url="http://training.nra.org/documents/docs/education/training/wp2certi.wpd" />
+			<test url="http://training.nra.org/images/bg_gray.jpg" />
+			<test url="http://women.nra.org/css/leftnav.css" />
+			<test url="http://women.nra.org/documents/pdf/women/isc/cover_letter.pdf" />
+			<test url="http://women.nra.org/documents/pdf/women/isc/registration_list.xls" />
+			<test url="http://women.nra.org/images/bg_gray.jpg" />
+			<test url="http://youth.nra.org/css/leftnav.css" />
+			<test url="http://youth.nra.org/images/bg_gray.jpg" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/nra.org.xml b/src/chrome/content/rules/nra.org.xml
new file mode 100644
index 000000000000..671c53afdc47
--- /dev/null
+++ b/src/chrome/content/rules/nra.org.xml
@@ -0,0 +1,137 @@
+<!--
+The following targets have been disabled at 2020-10-14 22:38:12:
+
+Fetch error: http://nra.org/ => https://nra.org/: (52, 'Empty reply from server')
+Fetch error: http://joinnra.nra.org/ => https://joinnra.nra.org/: (52, 'Empty reply from server')
+
+	For rules covering resources which do not secure
+	mixed content, see nra.org-resources.xml.
+
+
+	Other National Rifle Association rulesets:
+
+		- americanhunter.org.xml
+		- americanrifleman.org.xml
+		- americas1stfreedom.org.xml
+		- friendsofnra.org.xml
+		- nrablog.com.xml
+		- nrafamily.org.xml
+		- nraila.org.xml
+		- nradefensefund.org.xml
+		- nrahq.org.xml
+		- nramemberservices.org.xml
+		- nrapvf.org.xml
+		- nraringoffreedom.com.xml
+		- nrarofcochairs.com.xml
+		- nrastore.com.xml
+		- shootingillustrated.com.xml
+		- ssusa.org.xml
+
+
+	CDN buckets:
+
+		- d20cm4krv6iwag.cloudfront.net
+		- d20tnjsytapaju.cloudfront.net
+		- dilcpqnbybz77.cloudfront.net
+
+
+	Partially covered hosts in *nra.org:
+
+		- careers ʰ
+		- clubs ʰ
+		- competitions ʰ
+		- hservices ʰ
+		- le ʰ
+		- mqp ʰ
+		- nrasports ʰ
+		- recruiting ʰ
+		- training ʰ
+		- women ʰ
+		- youth ʰ
+
+	ʰ >= 1 page redirects to http
+
+-->
+<ruleset name="NRA.org (partial)">
+
+	<!-- target host="nra.org" /-->
+	<target host="benefits.nra.org" />
+	<!--target host="careers.nra.org" /-->
+	<!--target host="clubs.nra.org" /-->
+	<!--target host="competitions.nra.org" /-->
+	<target host="contact.nra.org" />
+	<target host="eddieeagle.nra.org" />
+	<target host="explore.nra.org" />
+	<target host="gunsmithing.nra.org" />
+	<target host="home.nra.org" />
+	<!--target host="hservices.nra.org" /-->
+	<!-- target host="joinnra.nra.org" /-->
+	<!--target host="le.nra.org" /-->
+	<!--target host="mqp.nra.org" /-->
+	<target host="nrahqrange.nra.org" />
+	<!--target host="nrasports.nra.org" /-->
+	<target host="programs.nra.org" />
+	<target host="range.nra.org" />
+	<target host="rangeservices.nra.org" />
+	<!--target host="recruiting.nra.org" /-->
+	<!--target host="training.nra.org" /-->
+	<!--target host="women.nra.org" /-->
+	<target host="www.nra.org" />
+	<!--target host="youth.nra.org" /-->
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://(?:careers|clubs|competitions|hservices|le|mqp|nrasports|recruiting|training|women|youth)\.nra\.org/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="^http://(?:careers|clubs|competitions|hservices|le|mqp|nrasports|recruiting|training|women|youth)\.nra\.org/(?!/*(?:cs|document|image)s/)" /-->
+
+			<!--	+ve:
+					-->
+			<!--test url="http://careers.nra.org/job-openings.aspx" /-->
+			<!--test url="http://clubs.nra.org/nra-sports-magazine.aspx" /-->
+			<!--test url="http://mqp.nra.org/certificate-templates.aspx" /-->
+			<!--test url="http://training.nra.org/certificate-templates.aspx" /-->
+			<!--test url="http://women.nra.org/womens-instructional-shooting-clinics/find-a-clinic-near-you.aspx" /-->
+
+			<!--	-ve:
+					-->
+			<!--test url="http://careers.nra.org/css/recruiter.css" /-->
+			<!--test url="http://careers.nra.org/images/bg_gradient.jpg" /-->
+			<!--test url="http://clubs.nra.org/css/boilerplate.css" /-->
+			<!--test url="http://clubs.nra.org/documents/docs/clubs/final_grant_report.doc" /-->
+			<!--test url="http://clubs.nra.org/documents/pdf/clubs/paymentalliance.pdf" /-->
+			<!--test url="http://clubs.nra.org/images/bg_gray.jpg" /-->
+			<!--test url="http://competitions.nra.org/css/leftnav.css" /-->
+			<!--test url="http://competitions.nra.org/images/bg_gray.jpg" /-->
+			<!--test url="http://hservices.nra.org/css/leftnav.css" /-->
+			<!--test url="http://hservices.nra.org/images/bg_gray.jpg" /-->
+			<!--test url="http://le.nra.org/css/leftnav.css" /-->
+			<!--test url="http://le.nra.org/images/bg_gray.jpg" /-->
+			<!--test url="http://mqp.nra.org/css/leftnav.css" /-->
+			<!--test url="http://mqp.nra.org/documents/pdf/education/training/marksmanship/de_rec_form.pdf" /-->
+			<!--test url="http://mqp.nra.org/images/bg_gray.jpg" /-->
+			<!--test url="http://nrasports.nra.org/css/leftnav.css" /-->
+			<!--test url="http://nrasports.nra.org/images/bg_gray.jpg" /-->
+			<!--test url="http://recruiting.nra.org/css/recruiter.css" /-->
+			<!--test url="http://recruiting.nra.org/images/bg_gradient.jpg" /-->
+			<!--test url="http://training.nra.org/css/leftnav.css" /-->
+			<!--test url="http://training.nra.org/documents/docs/education/training/wp2certi.wpd" /-->
+			<!--test url="http://training.nra.org/images/bg_gray.jpg" /-->
+			<!--test url="http://women.nra.org/css/leftnav.css" /-->
+			<!--test url="http://women.nra.org/documents/pdf/women/isc/cover_letter.pdf" /-->
+			<!--test url="http://women.nra.org/documents/pdf/women/isc/registration_list.xls" /-->
+			<!--test url="http://women.nra.org/images/bg_gray.jpg" /-->
+			<!--test url="http://youth.nra.org/css/leftnav.css" /-->
+			<!--test url="http://youth.nra.org/images/bg_gray.jpg" /-->
+
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/nrablog.com.xml b/src/chrome/content/rules/nrablog.com.xml
new file mode 100644
index 000000000000..119f9a49dd45
--- /dev/null
+++ b/src/chrome/content/rules/nrablog.com.xml
@@ -0,0 +1,25 @@
+<!--
+	For other National Rifle Association coverage, see nra.org.xml.
+
+
+	Mixed content:
+
+		- Bugs from b.scorecardresearch.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="NRA Blog.com">
+
+	<target host="nrablog.com" />
+	<target host="www.nrablog.com" />
+
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/nradefensefund.org.xml b/src/chrome/content/rules/nradefensefund.org.xml
new file mode 100644
index 000000000000..0ddc7f70d43f
--- /dev/null
+++ b/src/chrome/content/rules/nradefensefund.org.xml
@@ -0,0 +1,17 @@
+<!--
+	For other National Rifle Association coverage, see nra.org.xml.
+
+-->
+<ruleset name="NRA Defense Fund.org">
+
+	<target host="nradefensefund.org" />
+	<target host="www.nradefensefund.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/nrafamily.org.xml b/src/chrome/content/rules/nrafamily.org.xml
new file mode 100644
index 000000000000..0ac46f1c66e2
--- /dev/null
+++ b/src/chrome/content/rules/nrafamily.org.xml
@@ -0,0 +1,35 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://wmp.nrafamily.org/ => https://wmp.nrafamily.org/: (60, 'SSL certificate problem: certificate has expired')
+
+	For other National Rifle Association coverage, see nra.org.xml.
+
+
+	CDN buckets:
+
+		- dcxy4ydf0t24t.cloudfront.net
+
+
+	Mixed content:
+
+		- b.scorecardresearch.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="NRA Family.org" default_off="failed ruleset test">
+
+	<target host="nrafamily.org" />
+	<target host="wmp.nrafamily.org" />
+	<target host="www.nrafamily.org" />
+
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/nrahq.org.xml b/src/chrome/content/rules/nrahq.org.xml
new file mode 100644
index 000000000000..6d474cf58437
--- /dev/null
+++ b/src/chrome/content/rules/nrahq.org.xml
@@ -0,0 +1,24 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://nrahq.org.org/ => https://nrahq.org.org/: (6, 'Could not resolve host: nrahq.org.org')
+Fetch error: http://membership.nrahq.org.org/ => https://membership.nrahq.org.org/: (6, 'Could not resolve host: membership.nrahq.org.org')
+Fetch error: http://www.nrahq.org.org/ => https://www.nrahq.org.org/: (6, 'Could not resolve host: www.nrahq.org.org')
+
+	For other National Rifle Association coverage, see nra.org.xml.
+
+-->
+<ruleset name="NRA HQ.org" default_off="failed ruleset test">
+
+	<target host="nrahq.org.org" />
+	<target host="membership.nrahq.org.org" />
+	<target host="www.nrahq.org.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/nraila.org.xml b/src/chrome/content/rules/nraila.org.xml
new file mode 100644
index 000000000000..2da20e94972d
--- /dev/null
+++ b/src/chrome/content/rules/nraila.org.xml
@@ -0,0 +1,18 @@
+<!--
+	For other National Rifle Association coverage, see nra.org.xml.
+
+-->
+<ruleset name="NRA ILA.org">
+
+	<target host="nraila.org" />
+	<target host="www.nraila.org" />
+
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/nramemberservices.org.xml b/src/chrome/content/rules/nramemberservices.org.xml
new file mode 100644
index 000000000000..0c6b27d7cbd5
--- /dev/null
+++ b/src/chrome/content/rules/nramemberservices.org.xml
@@ -0,0 +1,17 @@
+<!--
+	For other National Rifle Association coverage, see nra.org.xml.
+
+-->
+<ruleset name="NRA Member Services.org">
+
+	<target host="nramemberservices.org" />
+	<target host="www.nramemberservices.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/nrapvf.org.xml b/src/chrome/content/rules/nrapvf.org.xml
new file mode 100644
index 000000000000..cd42d0c83176
--- /dev/null
+++ b/src/chrome/content/rules/nrapvf.org.xml
@@ -0,0 +1,21 @@
+<!--
+	For other National Rifle Association coverage, see nra.org.xml.
+
+-->
+<ruleset name="NRA PVF.org">
+
+	<target host="nrapvf.org" />
+	<target host="assets.nrapvf.org" />
+	<target host="www.nrapvf.org" />
+
+		<test url="http://assets.nrapvf.org/images/desktop_skin/global/icn-arrow-right.png" />
+
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/nraringoffreedom.com.xml b/src/chrome/content/rules/nraringoffreedom.com.xml
new file mode 100644
index 000000000000..72bdb06c7731
--- /dev/null
+++ b/src/chrome/content/rules/nraringoffreedom.com.xml
@@ -0,0 +1,17 @@
+<!--
+	For other National Rifle Association coverage, see nra.org.xml.
+
+-->
+<ruleset name="NRA Ring of Freedom.com">
+
+	<target host="nraringoffreedom.com" />
+	<target host="www.nraringoffreedom.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/nrarofcochairs.com.xml b/src/chrome/content/rules/nrarofcochairs.com.xml
new file mode 100644
index 000000000000..63bf5c5454bc
--- /dev/null
+++ b/src/chrome/content/rules/nrarofcochairs.com.xml
@@ -0,0 +1,18 @@
+<!--
+	For other National Rifle Association coverage, see nra.org.xml.
+
+-->
+<ruleset name="NRA RoF Co Chairs">
+
+	<target host="nrarofcochairs.com" />
+	<target host="assets.nrarofcochairs.com" />
+	<target host="www.nrarofcochairs.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/nrastore.com.xml b/src/chrome/content/rules/nrastore.com.xml
new file mode 100644
index 000000000000..90ab2e4160e4
--- /dev/null
+++ b/src/chrome/content/rules/nrastore.com.xml
@@ -0,0 +1,37 @@
+<!--
+	For other National Rifle Association coverage, see nra.org.xml.
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.nrastore.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css from ^nrastore.com * ˢ
+		- Images from www.nrastore.com ˢ
+
+	* Only fonts
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="NRA Store.com">
+
+	<target host="nrastore.com" />
+	<target host="www.nrastore.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.nrastore\.com$" name="^CACHED_FRONT_FORM_KEY$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/nrostatic.com.xml b/src/chrome/content/rules/nrostatic.com.xml
new file mode 100644
index 000000000000..c8ff41af7e80
--- /dev/null
+++ b/src/chrome/content/rules/nrostatic.com.xml
@@ -0,0 +1,58 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://c1.nrostatic.com/sites/default/files/advagg_css/css__d0id7LJEB_1aR8hGpDgmg0aMLkZf_n_w2Z0YGV3_2lQ__uVPpm8vbLQaVY7w0kzwk0BKOGgKtmAehPhTX-qZUkFc__RYKz365NgTGYY9hW7F7KhKDTmjcZKGYC4TLEk3M9tmY.css => https://c1.nrostatic.com/sites/default/files/advagg_css/css__d0id7LJEB_1aR8hGpDgmg0aMLkZf_n_w2Z0YGV3_2lQ__uVPpm8vbLQaVY7w0kzwk0BKOGgKtmAehPhTX-qZUkFc__RYKz365NgTGYY9hW7F7KhKDTmjcZKGYC4TLEk3M9tmY.css: Too many redirects while fetching 'https://c1.nrostatic.com/sites/default/files/advagg_css/css__d0id7LJEB_1aR8hGpDgmg0aMLkZf_n_w2Z0YGV3_2lQ__uVPpm8vbLQaVY7w0kzwk0BKOGgKtmAehPhTX-qZUkFc__RYKz365NgTGYY9hW7F7KhKDTmjcZKGYC4TLEk3M9tmY.css'
+Fetch error: http://c6.nrostatic.com/sites/default/files/styles/original_image_with_cropping/public/donald-trump-minority-outreach-wont-work_0.jpg?itok=1Eu5iUWx => https://c6.nrostatic.com/sites/default/files/styles/original_image_with_cropping/public/donald-trump-minority-outreach-wont-work_0.jpg?itok=1Eu5iUWx: Too many redirects while fetching 'https://c6.nrostatic.com/sites/default/files/styles/original_image_with_cropping/public/donald-trump-minority-outreach-wont-work_0.jpg?itok=1Eu5iUWx'
+Fetch error: http://c8.nrostatic.com/sites/default/files/advagg_css/css__QqQ9wIs71MIJ-Mo3EydpbuxXV_0qxTdYhF7qCCMgwIM__FcCC_8-wMxwsH5mnZS6gNfRRShHnky4ZrIb1YXmOGoU__RYKz365NgTGYY9hW7F7KhKDTmjcZKGYC4TLEk3M9tmY.css => https://c8.nrostatic.com/sites/default/files/advagg_css/css__QqQ9wIs71MIJ-Mo3EydpbuxXV_0qxTdYhF7qCCMgwIM__FcCC_8-wMxwsH5mnZS6gNfRRShHnky4ZrIb1YXmOGoU__RYKz365NgTGYY9hW7F7KhKDTmjcZKGYC4TLEk3M9tmY.css: Too many redirects while fetching 'https://c8.nrostatic.com/sites/default/files/advagg_css/css__QqQ9wIs71MIJ-Mo3EydpbuxXV_0qxTdYhF7qCCMgwIM__FcCC_8-wMxwsH5mnZS6gNfRRShHnky4ZrIb1YXmOGoU__RYKz365NgTGYY9hW7F7KhKDTmjcZKGYC4TLEk3M9tmY.css'
+Fetch error: http://c0.nrostatic.com/ => https://c0.nrostatic.com/: Too many redirects while fetching 'https://c0.nrostatic.com/'
+Fetch error: http://c1.nrostatic.com/ => https://c1.nrostatic.com/: Too many redirects while fetching 'https://c1.nrostatic.com/'
+Fetch error: http://c10.nrostatic.com/ => https://c10.nrostatic.com/: Too many redirects while fetching 'https://c10.nrostatic.com/'
+Fetch error: http://c2.nrostatic.com/ => https://c2.nrostatic.com/: Too many redirects while fetching 'https://c2.nrostatic.com/'
+Fetch error: http://c3.nrostatic.com/ => https://c3.nrostatic.com/: Too many redirects while fetching 'https://c3.nrostatic.com/'
+Fetch error: http://c4.nrostatic.com/ => https://c4.nrostatic.com/: Too many redirects while fetching 'https://c4.nrostatic.com/'
+Fetch error: http://c5.nrostatic.com/ => https://c5.nrostatic.com/: Too many redirects while fetching 'https://c5.nrostatic.com/'
+Fetch error: http://c6.nrostatic.com/ => https://c6.nrostatic.com/: Too many redirects while fetching 'https://c6.nrostatic.com/'
+Fetch error: http://c7.nrostatic.com/ => https://c7.nrostatic.com/: Too many redirects while fetching 'https://c7.nrostatic.com/'
+Fetch error: http://c8.nrostatic.com/ => https://c8.nrostatic.com/: Too many redirects while fetching 'https://c8.nrostatic.com/'
+Fetch error: http://c9.nrostatic.com/ => https://c9.nrostatic.com/: Too many redirects while fetching 'https://c9.nrostatic.com/'
+
+	Note: platform is so as not to increase non-Tor
+	distinguishability, given that no pages are covered
+	and no mixed content secured.
+
+-->
+<ruleset name="NRostatic.com" platform="mixedcontent" default_off="failed ruleset test">
+
+	<target host="c0.nrostatic.com" />
+	<target host="c1.nrostatic.com" />
+	<target host="c10.nrostatic.com" />
+	<target host="c2.nrostatic.com" />
+	<target host="c3.nrostatic.com" />
+	<target host="c4.nrostatic.com" />
+	<target host="c5.nrostatic.com" />
+	<target host="c6.nrostatic.com" />
+	<target host="c7.nrostatic.com" />
+	<target host="c8.nrostatic.com" />
+	<target host="c9.nrostatic.com" />
+
+		<test url="http://c0.nrostatic.com/sites/default/files/button_article-archive_300x100_D_2x.jpg" /><!--	24546 -->
+		<test url="http://c1.nrostatic.com/sites/default/files/advagg_css/css__d0id7LJEB_1aR8hGpDgmg0aMLkZf_n_w2Z0YGV3_2lQ__uVPpm8vbLQaVY7w0kzwk0BKOGgKtmAehPhTX-qZUkFc__RYKz365NgTGYY9hW7F7KhKDTmjcZKGYC4TLEk3M9tmY.css" /><!--	909 -->
+		<test url="http://c10.nrostatic.com/sites/default/files/styles/original_image_with_cropping/public/donald-trump-unshackled-republican-party-2016-home.jpg" /><!--	59244 -->
+		<test url="http://c2.nrostatic.com/sites/default/files/styles/original_image_with_cropping/public/uploaded/donald-trump-sexual-assault-allegations-accusers-stories-match-access-hollywood-tape.jpg?itok=H5sinW3T" /><!--	35661 -->
+		<test url="http://c3.nrostatic.com/sites/default/files/advagg_css/css__dt9R5vsPM_lqa4RDwszEKYR7wc0IGHC4DGL6NgkcCvY__CdbD6QkTrXz7FApVIIGXKS_HsclMS3XvewXdXAIGkQ8__RYKz365NgTGYY9hW7F7KhKDTmjcZKGYC4TLEk3M9tmY.css" /><!--	7396 -->
+		<test url="http://c4.nrostatic.com/sites/default/files/nrioc_002B.jpg" /><!--	31392 -->
+		<test url="http://c5.nrostatic.com/sites/default/files/20160204_post_election_hull_330x250C.jpg" /><!--	25611 -->
+		<test url="http://c6.nrostatic.com/sites/default/files/styles/original_image_with_cropping/public/donald-trump-minority-outreach-wont-work_0.jpg?itok=1Eu5iUWx" /><!--	44499 -->
+		<test url="http://c7.nrostatic.com/sites/default/files/styles/original_image_with_cropping/public/donald-trump-access-hollywood-tape-republican-party-crisis-home.jpg?itok=yfz2iaVe" /><!--	40975 -->
+		<test url="http://c8.nrostatic.com/sites/default/files/advagg_css/css__QqQ9wIs71MIJ-Mo3EydpbuxXV_0qxTdYhF7qCCMgwIM__FcCC_8-wMxwsH5mnZS6gNfRRShHnky4ZrIb1YXmOGoU__RYKz365NgTGYY9hW7F7KhKDTmjcZKGYC4TLEk3M9tmY.css" /><!--	1603 -->
+		<test url="http://c9.nrostatic.com/sites/default/files/20161007_cua_handshake_b.png" /><!--	31959 -->
+
+
+	<securecookie host="^\." name="^__cfduid$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/nsis.ro.xml b/src/chrome/content/rules/nsis.ro.xml
new file mode 100644
index 000000000000..2cd6a16910c7
--- /dev/null
+++ b/src/chrome/content/rules/nsis.ro.xml
@@ -0,0 +1,26 @@
+<!--
+	Other rulesets:
+
+		- safeornot.net.xml
+		- vpn.ac.xml
+
+
+	Nonfunctional domains:
+
+		- netsecinteractive.ro		(cert mismatch, CN: geo.cryptolayer.net)
+		- isk.ro			(cert mismatch, CN: ssl.shopmania.biz)
+
+
+	Nonfunctional subdomains:
+
+		- www 				(cert mismatch, CN: geo.cryptolayer.net)
+
+-->
+<ruleset name="NSIS.ro">
+	<target host="nsis.ro" />
+
+  	<securecookie host="^nsis\.ro$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/nslovo.info.xml b/src/chrome/content/rules/nslovo.info.xml
new file mode 100644
index 000000000000..001f1a0001a6
--- /dev/null
+++ b/src/chrome/content/rules/nslovo.info.xml
@@ -0,0 +1,5 @@
+<ruleset name="nslovo.info" platform="mixedcontent">
+	<target host="nslovo.info" />
+	<target host="www.nslovo.info" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/nso.ru.xml b/src/chrome/content/rules/nso.ru.xml
new file mode 100644
index 000000000000..e277f75e447f
--- /dev/null
+++ b/src/chrome/content/rules/nso.ru.xml
@@ -0,0 +1,207 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://uknso2.nso.ru/ => https://uknso2.nso.ru/: (6, 'Could not resolve host: uknso2.nso.ru')
+
+www.antinarkotik.nso.ru ¹
+www.archive.nso.ru ¹
+archives.nso.ru/: (52, 'Empty reply from server')
+www.archives.nso.ru ¹
+art.nso.ru ²
+www.baryshevo.nso.ru ¹
+www.bolotnoe.nso.ru ¹
+www.chany.nso.ru ¹
+www.cherepanovo.nso.ru ¹
+www.chistkcson.nso.ru ¹
+chistoozernoe.nso.ru/: (52, 'Empty reply from server')
+www.chistoozernoe.nso.ru ¹
+rp.chistoozernoe.nso.ru ¹
+www.chulym.nso.ru ¹
+cross-k.nso.ru ²
+www.dem.nso.ru ¹
+dizo.nso.ru/: (52, 'Empty reply from server')
+www.dizo.nso.ru ¹
+www.dlh.nso.ru ¹
+dmk.nso.ru/: (52, 'Empty reply from server')
+www.dobrynya.nso.ru ¹
+dops.nso.ru/: (52, 'Empty reply from server')
+www.dou.nso.ru ¹
+www.dovolnoe.nso.ru ¹
+www.dproos.nso.ru ¹
+www.e-archive.nso.ru ¹
+www.econom.nso.ru ¹
+fileregionuc.nso.ru ³
+www.gji.nso.ru ¹
+www.gsn.nso.ru ¹
+gtn.nso.ru/: (52, 'Empty reply from server')
+www.gtn11.nso.ru ¹
+www.infocom.nso.ru ¹
+www.invest.nso.ru ¹
+www.kochenevo.nso.ru ¹
+www.kochki.nso.ru ¹
+www.kolivan.nso.ru ¹
+www.krasnozerskoe.nso.ru ¹
+www.ksp.nso.ru ¹
+www.kuibyshev.nso.ru ¹
+www.kupino.nso.ru ¹
+www.kyshtovka.nso.ru ¹
+www.legalconf.nso.ru ¹
+mais.nso.ru ³
+www.maslyanino.nso.ru ¹
+www.mcx.nso.ru ¹
+www.mfnso.nso.ru ¹
+mi1.nso.ru ⁴
+mi2.nso.ru ³
+www.minobr.nso.ru ¹
+www.minregion.nso.ru ¹
+www.minrpp.nso.ru ¹
+www.minstroy.nso.ru ¹
+www.mintrans.nso.ru ¹
+www.mintrud.nso.ru ¹
+czn.mintrud.nso.ru ⁴
+mx.czn.mintrud.nso.ru ⁴
+dg07.mintrud.nso.ru ³
+mx.mintrud.nso.ru ³
+ns1.mintrud.nso.ru ³
+ns2.mintrud.nso.ru ⁴
+mirnyi.nso.ru/: (52, 'Empty reply from server')
+www.mjkh.nso.ru ¹
+www.mk.nso.ru ¹
+mknew.nso.ru/: (52, 'Empty reply from server')
+www.morozovo.nso.ru ¹
+www.msp.nso.ru ¹
+www.msr.nso.ru ¹
+mx01.nso.ru ⁴
+mx02.nso.ru ⁴
+net.nso.ru ²
+ns.net.nso.ru ²
+ns1.net.nso.ru ²
+relay.net.nso.ru ²
+www.nko.nso.ru ¹
+ns.nso.ru ³
+ns1.nso.ru ³
+www.nskdeti.nso.ru ¹
+ntk.nso.ru ³
+www.ohotnadzor.nso.ru ¹
+www.ombudsmanbiz.nso.ru ¹
+www.ordynsk.nso.ru ¹
+www.pichug.nso.ru ¹
+www.pogoda.nso.ru ¹
+www.priem.nso.ru ¹
+www.prolet.nso.ru ¹
+www.regiontatarsk.nso.ru ¹
+www.regionuc.nso.ru ¹
+www.severnoe.nso.ru ¹
+shkola.nso.ru ⁴
+www.shkola.nso.ru ⁴
+www.sovet.nso.ru ¹
+www.sport.nso.ru ¹
+ssuz.nso.ru ⁴
+www.suzun.nso.ru ¹
+szn.nso.ru ³
+www.tarif.nso.ru ¹
+www.testnso2.nso.ru ¹
+www.toguchin.nso.ru ¹
+www.turizm.nso.ru ¹
+www.ubinadm.nso.ru ¹
+ud.nso.ru/: (52, 'Empty reply from server')
+www.ud.nso.ru ¹
+www.ugookn.nso.ru ¹
+www.uip.nso.ru ¹
+www.uksis.nso.ru ¹
+ums.nso.ru/: (52, 'Empty reply from server')
+www.upch.nso.ru ¹
+www.ust-tarka.nso.ru ¹
+usttar.nso.ru ³
+www.vengerovo.nso.ru ¹
+www.vet.nso.ru ¹
+www.zags.nso.ru ¹
+zal.nso.ru/: (52, 'Empty reply from server')
+www.zdrav.nso.ru ¹
+www.zdvinsk.nso.ru ¹
+dialin.nso.ru different content
+lyncdiscover.nso.ru different content
+meet.nso.ru different content
+owa.nso.ru different content
+wac.nso.ru different content
+webapp.nso.ru different content
+wsext.nso.ru different content
+wso2.nso.ru different content
+
+
+¹ mismatch
+² refused
+³ timed out
+⁴ self signed
+-->
+<ruleset name="nso.ru" default_off="failed ruleset test">
+	<target host="nso.ru" />
+	<target host="www.nso.ru" />
+	<target host="123.nso.ru" />
+	<target host="autodiscover.nso.ru" />
+	<target host="bagan.nso.ru" />
+	<target host="bolotnoe.nso.ru" />
+	<target host="cherepanovo.nso.ru" />
+	<target host="dem.nso.ru" />
+	<target host="dizonso2.nso.ru" />
+	<target host="dlh.nso.ru" />
+	<target host="dproos.nso.ru" />
+	<target host="dproosnso2.nso.ru" />
+	<target host="econom.nso.ru" />
+	<target host="gis.nso.ru" />
+	<target host="gis-gji.nso.ru" />
+	<target host="gsn.nso.ru" />
+	<target host="gsnnso2.nso.ru" />
+	<target host="ias-portal.nso.ru" />
+	<target host="infocom.nso.ru" />
+	<target host="iportal.nso.ru" />
+	<target host="kochenevo.nso.ru" />
+	<target host="kochenevonso2.nso.ru" />
+	<target host="krasnozerskoe.nso.ru" />
+	<target host="kuibyshev.nso.ru" />
+	<target host="m.nso.ru" />
+	<target host="map.nso.ru" />
+	<target host="maps.nso.ru" />
+	<target host="mcx.nso.ru" />
+	<target host="minjust.nso.ru" />
+	<target host="minobr.nso.ru" />
+	<target host="minregion.nso.ru" />
+	<target host="minrpp.nso.ru" />
+	<target host="minstroy.nso.ru" />
+	<target host="mintrans.nso.ru" />
+	<target host="mintrud.nso.ru" />
+	<target host="mk.nso.ru" />
+	<target host="msp.nso.ru" />
+	<target host="msr.nso.ru" />
+	<target host="nsr.nso.ru" />
+	<target host="nszn.nso.ru" />
+	<target host="ohotnadzor.nso.ru" />
+	<target host="ombudsmanbiz.nso.ru" />
+	<target host="ordynsk.nso.ru" />
+	<target host="pogoda.nso.ru" />
+	<target host="priem.nso.ru" />
+	<target host="reg.nso.ru" />
+	<target host="rnis.nso.ru" />
+	<target host="rtk.nso.ru" />
+	<target host="sip.nso.ru" />
+	<target host="socmap.nso.ru" />
+	<target host="sport.nso.ru" />
+	<target host="sts.nso.ru" />
+	<target host="suzunnso2.nso.ru" />
+	<target host="tarif.nso.ru" />
+	<target host="tariff.nso.ru" />
+	<target host="tarifnso2.nso.ru" />
+	<target host="toguchin.nso.ru" />
+	<target host="ugookn.nso.ru" />
+	<target host="uk.nso.ru" />
+	<target host="uknso2.nso.ru" />
+	<target host="upu.nso.ru" />
+	<target host="vet.nso.ru" />
+	<target host="wap.nso.ru" />
+	<target host="zabbix.nso.ru" />
+	<target host="zags.nso.ru" />
+	<target host="zakupki.nso.ru" />
+	<target host="zdrav.nso.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/nspcc.org.uk.xml b/src/chrome/content/rules/nspcc.org.uk.xml
new file mode 100644
index 000000000000..7bb8ee9d6f69
--- /dev/null
+++ b/src/chrome/content/rules/nspcc.org.uk.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- nspcc.org.uk
+		- www.nspcc.org.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="NSPCC.org.uk">
+
+	<target host="nspcc.org.uk" />
+	<target host="www.nspcc.org.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?nspcc\.org\.uk$" name="^(?:\.ASPXANONYMOUS|ASP\.NET_SessionId)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/nspublieksprijs.nl.xml b/src/chrome/content/rules/nspublieksprijs.nl.xml
new file mode 100644
index 000000000000..ff5edab75c3b
--- /dev/null
+++ b/src/chrome/content/rules/nspublieksprijs.nl.xml
@@ -0,0 +1,28 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://api.nspublieksprijs.nl/ => https://api.nspublieksprijs.nl/: (60, 'SSL certificate problem: certificate has expired')
+
+	Insecure cookies are set for these hosts:
+
+		- nspublieksprijs.nl
+
+-->
+<ruleset name="NS Publieksprijs.nl" default_off="failed ruleset test">
+
+	<target host="nspublieksprijs.nl" />
+	<target host="api.nspublieksprijs.nl" />
+	<target host="www.nspublieksprijs.nl" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^nspublieksprijs\.nl$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ntlite.com.xml b/src/chrome/content/rules/ntlite.com.xml
new file mode 100644
index 000000000000..9e2d2a824a26
--- /dev/null
+++ b/src/chrome/content/rules/ntlite.com.xml
@@ -0,0 +1,14 @@
+<ruleset name="NTLite.com">
+
+	<target host="ntlite.com" />
+	<target host="www.ntlite.com" />
+
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/nts.su.xml b/src/chrome/content/rules/nts.su.xml
new file mode 100644
index 000000000000..fcaa4327cd10
--- /dev/null
+++ b/src/chrome/content/rules/nts.su.xml
@@ -0,0 +1,13 @@
+<!--
+line.nts.su timed out
+www.club.nts.su timed out
+www.test.nts.su protocol error
+-->
+<ruleset name="nts.su">
+	<target host="nts.su" />
+	<target host="www.nts.su" />
+	<target host="mail.nts.su" />
+	<target host="my.nts.su" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ntu.lgbt.xml b/src/chrome/content/rules/ntu.lgbt.xml
new file mode 100644
index 000000000000..1bed13853fe3
--- /dev/null
+++ b/src/chrome/content/rules/ntu.lgbt.xml
@@ -0,0 +1,8 @@
+<ruleset name="ntu.lgbt">
+	<target host="ntu.lgbt" />
+	<target host="www.ntu.lgbt" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ntv.ru.xml b/src/chrome/content/rules/ntv.ru.xml
new file mode 100644
index 000000000000..d477c3a7b840
--- /dev/null
+++ b/src/chrome/content/rules/ntv.ru.xml
@@ -0,0 +1,108 @@
+<!--
+ntv.ru ²
+4sale.ntv.ru ²
+www.4sale.ntv.ru ²
+9may.ntv.ru ²
+abr-1.ntv.ru ²
+abr-2.ntv.ru ²
+av.ntv.ru ⁷
+chp.ntv.ru ⁶
+www.chp.ntv.ru ¹
+dacha.ntv.ru ²
+cutest.ebs.ntv.ru ³
+fsas.ebs.ntv.ru ³
+fsdb.ebs.ntv.ru ³
+hrtest.ebs.ntv.ru ³
+hypntv.ebs.ntv.ru ³
+ora1.ebs.ntv.ru ³
+ora2.ebs.ntv.ru ³
+ora3.ebs.ntv.ru ³
+ora7.ebs.ntv.ru ³
+ora9.ebs.ntv.ru ³
+prodora.ebs.ntv.ru ³
+syslog.ebs.ntv.ru ³
+test09.ebs.ntv.ru ³
+forum.ntv.ru ³
+forums.ntv.ru ³
+galaxy.ntv.ru ³
+www.galaxy.ntv.ru ³
+hls.ntv.ru ²
+www.ihnravy.ntv.ru ¹
+www.itogi.ntv.ru ¹
+av.lync.ntv.ru ⁷
+sip.lync.ntv.ru ¹
+media.ntv.ru ²
+relay.media.ntv.ru ²
+relay2.media.ntv.ru ³
+media2.ntv.ru ²
+mx1.ntv.ru ³
+mx2.ntv.ru ³
+www.news.ntv.ru ¹
+ns4.ntv.ru ³
+ntvamerica.ntv.ru ²
+www.ntvamerica.ntv.ru ²
+test.ntvamerica.ntv.ru ²
+ntvmir.ntv.ru ²
+www.ntvmir.ntv.ru ²
+test.ntvmir.ntv.ru ²
+pro.ntv.ru ²
+rdg.ntv.ru ⁴
+reklama.ntv.ru ²
+relay4.ntv.ru ³
+relay6.ntv.ru ³
+relay88.ntv.ru ⁴
+relay888.ntv.ru ³
+relay9.ntv.ru ³
+response.ntv.ru ²
+www.response.ntv.ru ²
+mta-1.response.ntv.ru ²
+rtmp.ntv.ru ²
+s-ost-1c-dev.ntv.ru ³
+s-ost-enex.ntv.ru ³
+s-ost-enex64.ntv.ru ³
+s-ost-mail02.ntv.ru ³
+s-ost-ppk.ntv.ru ³
+s_mdc-ftp01.ntv.ru ³
+sex.ntv.ru ³
+sip.ntv.ru non-2xx http code
+tv.ntv.ru ³
+wc.ntv.ru ³
+xmedia.ntv.ru ²
+www.ntv.ru different content
+doroga.ntv.ru different content
+geroy.ntv.ru different content
+ihnravy.ntv.ru different content
+ip.ntv.ru different content
+m.ntv.ru different content
+maximum.ntv.ru different content
+news.ntv.ru different content
+profrep.ntv.ru different content
+promo.ntv.ru different content
+sklass.ntv.ru different content
+zvonok.ntv.ru different content
+
+
+¹ mismatch
+² refused
+³ timed out
+⁴ self signed
+⁶ redirect
+⁷ protocol error
+-->
+<ruleset name="ntv.ru (partial)">
+	<target host="a.ntv.ru" />
+	<target host="autodiscover.ntv.ru" />
+	<target host="dialin.ntv.ru" />
+	<target host="img.ntv.ru" />
+	<target host="img2.ntv.ru" />
+	<target host="lyncdiscover.ntv.ru" />
+	<target host="lyncws.ntv.ru" />
+	<target host="mail.ntv.ru" />
+	<target host="meet.ntv.ru" />
+	<target host="my.ntv.ru" />
+	<target host="stat.ntv.ru" />
+	<target host="stat2.ntv.ru" />
+	<target host="www1.ntv.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/nuevocloud.com.xml b/src/chrome/content/rules/nuevocloud.com.xml
new file mode 100644
index 000000000000..017d35f7f12d
--- /dev/null
+++ b/src/chrome/content/rules/nuevocloud.com.xml
@@ -0,0 +1,23 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- www.nuevocloud.com
+
+-->
+<ruleset name="NuevoCloud.com">
+
+	<target host="nuevocloud.com" />
+	<target host="www.nuevocloud.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.nuevocloud\.com$" name="^sid$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/nulled.cc.xml b/src/chrome/content/rules/nulled.cc.xml
new file mode 100644
index 000000000000..1b82440200c8
--- /dev/null
+++ b/src/chrome/content/rules/nulled.cc.xml
@@ -0,0 +1,6 @@
+<ruleset name="nulled.cc">
+	<target host="nulled.cc" />
+	<target host="www.nulled.cc" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/nullschool.net.xml b/src/chrome/content/rules/nullschool.net.xml
new file mode 100644
index 000000000000..ddc191a48f04
--- /dev/null
+++ b/src/chrome/content/rules/nullschool.net.xml
@@ -0,0 +1,13 @@
+<ruleset name="nullschool.net">
+
+	<target host="earth.nullschool.net" />
+
+
+	<securecookie host="^\." name="^__cfduid" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/numenta.com.xml b/src/chrome/content/rules/numenta.com.xml
new file mode 100644
index 000000000000..237027fdb4dd
--- /dev/null
+++ b/src/chrome/content/rules/numenta.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="numenta.com">
+    <target host="numenta.com"/>
+    <target host="www.numenta.com"/>
+    <target host="ci.numenta.com"/>
+
+    <rule from="^http://(www\.)?numenta\.com/" to="https://numenta.com/"/>
+    <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/nuneatonandbedworth.gov.uk.xml b/src/chrome/content/rules/nuneatonandbedworth.gov.uk.xml
new file mode 100644
index 000000000000..1f0d648fd2bd
--- /dev/null
+++ b/src/chrome/content/rules/nuneatonandbedworth.gov.uk.xml
@@ -0,0 +1,36 @@
+<!--
+	Nuneaton & Bedworth Borough Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *nuneatonandbedworth.gov.uk:
+
+		- apps ᵈ
+
+	ᵈ Dropped
+
+
+	Insecure cookies are set for these domains:
+
+		- .www.nuneatonandbedworth.gov.uk
+
+-->
+<ruleset name="Nuneaton and Bedworth.gov.uk">
+
+	<target host="nuneatonandbedworth.gov.uk" />
+	<target host="www.nuneatonandbedworth.gov.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.www\.nuneatonandbedworth\.gov\.uk$" name="^TestCookie$" /-->
+
+	<securecookie host="^\.www\." name=".+" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/nuomi.com.xml b/src/chrome/content/rules/nuomi.com.xml
new file mode 100644
index 000000000000..3e25e63ed09d
--- /dev/null
+++ b/src/chrome/content/rules/nuomi.com.xml
@@ -0,0 +1,51 @@
+<!--
+	Nonfunctional hosts in *nuomi.com:
+
+		- bj ʰ
+		- m ʰ
+		- t ʰ
+
+	ʰ Redirects to http
+
+
+	Mixed content:
+
+		- css on d from s0.nuomi.bdimg.com
+		- favicon on d from www.nuomi.com ˢ
+		- Images on d from newpc2.nuomi.bdimg.com
+		- Images on d from s0.nuomi.bdimg.com
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="nuomi.com (partial)" platform="mixedcontent">
+
+	<target host="d.nuomi.com" />
+	<target host="www.nuomi.com" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.nuomi\.com/(?:\?cid=fr_tuanbai$|deal/\w+\.html|pclogin/main/loginpage$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.nuomi\.com/(?!/*static/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.nuomi.com/?cid=fr_tuanbai" />
+			<test url="http://www.nuomi.com/deal/pu14haoo.html" />
+			<test url="http://www.nuomi.com/pclogin/main/loginpage" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.nuomi.com/static/common/img/favicon.ico" />
+
+
+	<securecookie host="^d" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/nus.org.uk-falsemixed.xml b/src/chrome/content/rules/nus.org.uk-falsemixed.xml
new file mode 100644
index 000000000000..d651fc51e8c8
--- /dev/null
+++ b/src/chrome/content/rules/nus.org.uk-falsemixed.xml
@@ -0,0 +1,20 @@
+<!--
+	For rules causing false/broken MCB, see nus.org.uk-falsemixed.xml.
+
+
+	NB: See https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="NUS.org.uk (false MCB)" platform="mixedcontent">
+
+	<target host="snapitoff.nus.org.uk" />
+	<target host="www.snapitoff.nus.org.uk" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/nus.org.uk.xml b/src/chrome/content/rules/nus.org.uk.xml
new file mode 100644
index 000000000000..e43d8b9a2b0b
--- /dev/null
+++ b/src/chrome/content/rules/nus.org.uk.xml
@@ -0,0 +1,76 @@
+<!--
+	For rules causing false/broken MCB, see nus.org.uk-falsemixed.xml.
+
+
+	CDN buckets:
+
+		- s3-eu-west-1.amazonaws.com/nusdigital/
+
+
+	Nonfunctional hosts in *nus.org.uk:
+
+		- ^ ᶠ
+		- alcoholimpact ʰ
+		- readytorent ᵇ
+		- saves ʰ
+		- sustainability ʰ
+		- www ᵈ
+
+	ᵇ Shows default page
+	ᵈ Dropped
+	ᶠ Handshake fails
+	ʰ Redirects to http
+
+
+	Problematic hosts in *nus.org.uk:
+
+		- saves ᵐ
+		- snapitoff ˣ
+		- www.switchoff * ᵐ
+
+	* Differs from ^foo
+	ᵐ Mismatched
+	ˣ Mixed css, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- saves.nus.org.uk
+		- snapitoff.nus.org.uk
+		- www.snapitoff.nus.org.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css on snapitoff from $self ˢ
+		- Images on snapitoff from $self ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="NUS.org.uk (partial)">
+
+	<!--target host="snapitoff.nus.org.uk" /-->
+	<!--target host="www.snapitoff.nus.org.uk" /-->
+	<target host="switchoff.nus.org.uk" />
+
+		<!--	Sets cookie without Secure:
+							-->
+		<!--test url="http://saves.nus.org.uk/users/sign_in" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^saves\.nus\.org\.uk$" name="^_nusdigital_session$" /-->
+	<!--securecookie host="^(?:www\.)?snapitoff\.nus\.org\.uk$" name="^wfvt_\d+$" /-->
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/nusextra.co.uk.xml b/src/chrome/content/rules/nusextra.co.uk.xml
new file mode 100644
index 000000000000..ddeb7c832b09
--- /dev/null
+++ b/src/chrome/content/rules/nusextra.co.uk.xml
@@ -0,0 +1,19 @@
+<!--
+	^nusextra.co.uk: Handshake fails
+	www.nusextra.co.uk: 404
+
+-->
+<ruleset name="NUS extra.co.uk (partial)">
+
+	<target host="cards.nusextra.co.uk" />
+	<target host="discounts.nusextra.co.uk" />
+
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/nutyx.org.xml b/src/chrome/content/rules/nutyx.org.xml
new file mode 100644
index 000000000000..b605033a2101
--- /dev/null
+++ b/src/chrome/content/rules/nutyx.org.xml
@@ -0,0 +1,9 @@
+<!--downloads. refused
+download. refused-->
+<ruleset name="nutyx.org">
+	<target host="nutyx.org" />
+	<target host="www.nutyx.org" />
+	<target host="forum.nutyx.org" />
+	<target host="forums.nutyx.org" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/nux.ro.xml b/src/chrome/content/rules/nux.ro.xml
new file mode 100644
index 000000000000..63518c6bd7dc
--- /dev/null
+++ b/src/chrome/content/rules/nux.ro.xml
@@ -0,0 +1,10 @@
+<!--dl. self signed
+ip. self signed
+pwgen. self signed
+img. self signed
+s. self signed-->
+<ruleset name="nux.ro">
+	<target host="li.nux.ro" />
+	<target host="forums.nux.ro" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/nvaccess.org.xml b/src/chrome/content/rules/nvaccess.org.xml
new file mode 100644
index 000000000000..37bb303d3408
--- /dev/null
+++ b/src/chrome/content/rules/nvaccess.org.xml
@@ -0,0 +1,7 @@
+<ruleset name="nvaccess.org">
+	<target host="nvaccess.org" />
+	<target host="certification.nvaccess.org" />
+	<!-- mismatch <target host="testwww.nvaccess.org" />   -->
+	<target host="www.nvaccess.org" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/nvrnet.ru.xml b/src/chrome/content/rules/nvrnet.ru.xml
new file mode 100644
index 000000000000..470565bbeca4
--- /dev/null
+++ b/src/chrome/content/rules/nvrnet.ru.xml
@@ -0,0 +1,22 @@
+<!--
+www.nvrnet.ru ¹
+podpiska.nvrnet.ru ¹
+old.nvrnet.ru ²
+drweb.nvrnet.ru ⁴
+support.nvrnet.ru ²
+
+
+¹ mismatch
+² refused
+⁴ self signed
+-->
+<ruleset name="nvrnet.ru">
+	<target host="nvrnet.ru" />
+
+	<target host="www.nvrnet.ru" />
+
+	<rule from="^http://www\.nvrnet\.ru/"
+		to="https://nvrnet.ru/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/nycmesh.net.xml b/src/chrome/content/rules/nycmesh.net.xml
new file mode 100644
index 000000000000..eb0deeb084fe
--- /dev/null
+++ b/src/chrome/content/rules/nycmesh.net.xml
@@ -0,0 +1,25 @@
+<!--
+	www.nycmesh.net: Mismatched
+
+-->
+<ruleset name="NYC Mesh.net">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="nycmesh.net" />
+
+	<!--	Complications:
+				-->
+	<target host="www.nycmesh.net" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://www\.nycmesh\.net/"
+		to="https://nycmesh.net/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/nypf.org.uk.xml b/src/chrome/content/rules/nypf.org.uk.xml
new file mode 100644
index 000000000000..201306fbee90
--- /dev/null
+++ b/src/chrome/content/rules/nypf.org.uk.xml
@@ -0,0 +1,34 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://nypf.org.uk/ => https://nypf.org.uk/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.nypf.org.uk/ => https://www.nypf.org.uk/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	North Yorkshire Pension Fund
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Insecure cookies are set for these hosts:
+
+		- nypf.org.uk
+		- www.nypf.org.uk
+
+-->
+<ruleset name="NYPF.org.uk" default_off="failed ruleset test">
+
+	<target host="nypf.org.uk" />
+	<target host="www.nypf.org.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?nypf\.org\.uk$" name="^CF(?:ID|TOKEN)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/nypost.com.xml b/src/chrome/content/rules/nypost.com.xml
new file mode 100644
index 000000000000..4f83fb6881ea
--- /dev/null
+++ b/src/chrome/content/rules/nypost.com.xml
@@ -0,0 +1,36 @@
+<!--
+	Nonfunctional hosts in *nypost.com:
+
+		- advertising ᵃ
+		- nyp ᵃ
+
+	ᵃ Shows another domain
+
+
+	Problematic hosts in *nypost.com:
+
+		- analytics ᵉ
+		- stlink ᵐ
+
+	ᵉ Expired
+	ᵐ Mismatched
+
+-->
+<ruleset name="NYPost.com (partial)">
+
+	<target host="nypost.com" />
+	<target host="my.nypost.com" />
+	<target host="subscribe.nypost.com" />
+	<target host="utils.nypost.com" />
+	<target host="www.nypost.com" />
+
+
+	<securecookie host=".+" name="^optimizely" />
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/nytimes3xbfgragh.onion.xml b/src/chrome/content/rules/nytimes3xbfgragh.onion.xml
new file mode 100644
index 000000000000..80b5165c10af
--- /dev/null
+++ b/src/chrome/content/rules/nytimes3xbfgragh.onion.xml
@@ -0,0 +1,31 @@
+<!--
+	For more NY Times ruleset, see NYTimes.xml
+
+	Still under construction:
+		myaccount.nytimes3xbfgragh.onion
+
+	Different content http/https:
+		samizdat-graphql.nytimes3xbfgragh.onion
+
+-->
+<ruleset name="nytimes3xbfgragh.onion">
+
+	<target host="nytimes3xbfgragh.onion" />
+	<target host="www.nytimes3xbfgragh.onion" />
+	<target host="a.nytimes3xbfgragh.onion" />
+		<test url="http://a.nytimes3xbfgragh.onion/svc/nyt/data-layer" />
+	<target host="*.blogs.nytimes3xbfgragh.onion" />
+		<test url="http://lens.blogs.nytimes3xbfgragh.onion/" />
+		<test url="http://afterdeadline.blogs.nytimes3xbfgragh.onion/" />
+		<test url="http://open.blogs.nytimes3xbfgragh.onion/" />
+	<target host="cn.nytimes3xbfgragh.onion" />
+	<target host="et.nytimes3xbfgragh.onion" />
+	<target host="global.nytimes3xbfgragh.onion" />
+	<target host="graphics.nytimes3xbfgragh.onion" />
+		<test url="http://graphics.nytimes3xbfgragh.onion/subscriptions/components/img/icons/icons_gift.png" />
+	<target host="mobile.nytimes3xbfgragh.onion" />
+	<target host="tagx.nytimes3xbfgragh.onion" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/nyttips4bmquxfzw.onion.xml b/src/chrome/content/rules/nyttips4bmquxfzw.onion.xml
new file mode 100644
index 000000000000..7dedf102403d
--- /dev/null
+++ b/src/chrome/content/rules/nyttips4bmquxfzw.onion.xml
@@ -0,0 +1,16 @@
+<!--
+	For other NY Times rulesets, see NYTimes.xml
+
+	See https://nytimes.com/tips to verify that this site is
+	associated with The New York Times.
+
+	Invalid certificate:
+		www.nyttips4bmquxfzw.onion
+-->
+<ruleset name="nyttips4bmquxfzw.onion">
+
+	<target host="nyttips4bmquxfzw.onion" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/nzbget.net.xml b/src/chrome/content/rules/nzbget.net.xml
new file mode 100644
index 000000000000..0a269898376c
--- /dev/null
+++ b/src/chrome/content/rules/nzbget.net.xml
@@ -0,0 +1,7 @@
+<ruleset name="nzbget.net">
+	<target host="nzbget.net" />
+	<target host="www.nzbget.net" />
+	<target host="forum.nzbget.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/nzlweb.com.xml b/src/chrome/content/rules/nzlweb.com.xml
new file mode 100644
index 000000000000..5e9e275f6e04
--- /dev/null
+++ b/src/chrome/content/rules/nzlweb.com.xml
@@ -0,0 +1,38 @@
+<!--
+	Invalid certificate:
+		ftp.nzlweb.com
+		localhost.nzlweb.com
+		autodiscover.aaron.nzlweb.com
+		autodiscover.hotlipzkaraoke.nzlweb.com
+		autodiscover.lewynz.nzlweb.com
+		autodiscover.mensa.nzlweb.com
+		autodiscover.minecraft.nzlweb.com
+		webmail.aaron.nzlweb.com
+		webmail.hotlipzkaraoke.nzlweb.com
+		webmail.lewynz.nzlweb.com
+		webmail.mensa.nzlweb.com
+		webmail.minecraft.nzlweb.com
+-->
+<ruleset name="nzlweb.com">
+	<target host="nzlweb.com" />
+	<target host="www.nzlweb.com" />
+	<target host="aaron.nzlweb.com" />
+	<target host="www.aaron.nzlweb.com" />
+	<target host="autodiscover.nzlweb.com" />
+	<target host="cpanel.nzlweb.com" />
+	<target host="cpcalendars.nzlweb.com" />
+	<target host="cpcontacts.nzlweb.com" />
+	<target host="hotlipzkaraoke.nzlweb.com" />
+	<target host="www.hotlipzkaraoke.nzlweb.com" />
+	<target host="lewynz.nzlweb.com" />
+	<target host="www.lewynz.nzlweb.com" />
+	<target host="mail.nzlweb.com" />
+	<target host="mensa.nzlweb.com" />
+	<target host="www.mensa.nzlweb.com" />
+	<target host="minecraft.nzlweb.com" />
+	<target host="www.minecraft.nzlweb.com" />
+	<target host="webdisk.nzlweb.com" />
+	<target host="webmail.nzlweb.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/nzpug.org.xml b/src/chrome/content/rules/nzpug.org.xml
new file mode 100644
index 000000000000..626047b8a18d
--- /dev/null
+++ b/src/chrome/content/rules/nzpug.org.xml
@@ -0,0 +1,17 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://register.nzpug.org/ => https://register.nzpug.org/: (60, 'SSL certificate problem: certificate has expired')
+
+    New Zealand Python User Group
+-->
+<ruleset name="nzpug.org" default_off="failed ruleset test">
+
+        <target host="nzpug.org" />
+        <target host="www.nzpug.org" />
+
+        <target host="register.nzpug.org" />
+
+        <rule from="^http:"
+                to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/nzz.xml b/src/chrome/content/rules/nzz.xml
new file mode 100644
index 000000000000..9573d32243f8
--- /dev/null
+++ b/src/chrome/content/rules/nzz.xml
@@ -0,0 +1,51 @@
+<!--
+	Mismatch:
+		- *nzz.de
+		- *nzz-kollektion.ch
+		- *nzzdomizil.ch
+		- *nzzfilm.ch
+		- *nzzmediengruppe.ch
+		- *tvnzzshop.ch
+		- *nzz-siff.com
+		- assets.nzz.ch
+		- campus.nzz.ch
+		- podium.nzz.ch
+
+	Untrusted:
+		- netz.nzz.ch
+		- *nzzmediasolutions.ch
+
+	Refused:
+		- *nzz.com
+		- *nzzformat.ch
+		- folio.nzz.ch
+
+	No response:
+		- *nzzprint.ch
+
+	Incomplete certificate chain:
+		- englisch.nzz.ch
+		- franzoesisch.nzz.ch
+-->
+<ruleset name="NZZ">
+	<target host="nzz.ch"/>
+	<target host="www.nzz.ch"/>
+	<target host="abo.nzz.ch"/>
+	<target host="epaper.nzz.ch"/>
+	<target host="trauer.nzz.ch"/>
+	<target host="jobs.nzz.ch"/>
+	<target host="news.jobs.nzz.ch"/>
+	<target host="parship.nzz.ch"/>
+	<target host="static.nzz.ch"/>
+	<target host="webpaper.nzz.ch"/>
+	<target host="zeitungsarchiv.nzz.ch"/>
+
+	<target host="nzz-libro.ch"/>
+	<target host="www.nzz-libro.ch"/>
+
+	<target host="nzz.at"/>
+	<target host="www.nzz.at"/>
+
+	<rule from="^http:"
+		to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/o0bc.com.xml b/src/chrome/content/rules/o0bc.com.xml
new file mode 100644
index 000000000000..cd70b23728cf
--- /dev/null
+++ b/src/chrome/content/rules/o0bc.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Related:
+		Boston.com.xml
+
+	CDN buckets:
+		- b.global-ssl.fastly.net
+			- c.o0bc.com
+		- bostoncom.http.internapcdn.net
+
+	Incomplete cert chain:
+		^
+		www.o0bc.com
+		c0.o0bc.com
+
+	Mixed content without broken:
+		c|p.o0bc.com	( on $ from http://archive.boston.com/ae/radio/nowplaying.jsonp )
+-->
+<ruleset name="o0bc.com">
+	<target host="c.o0bc.com" />
+	<target host="c0.o0bc.com" />
+	<target host="p.o0bc.com" />
+
+	<rule from="^http://c0\.o0bc\.com/" to="https://c.o0bc.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/o0bg.com.xml b/src/chrome/content/rules/o0bg.com.xml
new file mode 100644
index 000000000000..e99ea61f0ae7
--- /dev/null
+++ b/src/chrome/content/rules/o0bg.com.xml
@@ -0,0 +1,13 @@
+<!--
+	Related:
+		Boston.com.xml
+
+	Incomplete cert chain:
+		^
+		www.o0bg.com
+-->
+<ruleset name="o0bg.com">
+	<target host="c.o0bg.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/o3.ua.xml b/src/chrome/content/rules/o3.ua.xml
new file mode 100644
index 000000000000..11d05451b1fd
--- /dev/null
+++ b/src/chrome/content/rules/o3.ua.xml
@@ -0,0 +1,41 @@
+<!--
+cabinet.o3.ua ⁴
+cpan-mirror.o3.ua ³
+dchub.o3.ua ³
+dhcp.o3.ua ³
+forum.o3.ua ⁴
+image.o3.ua ³
+mail.o3.ua ⁴
+nextcloud.o3.ua ²
+notify.o3.ua ³
+ns1.o3.ua ²
+
+
+² refused
+³ timed out
+⁴ self signed
+-->
+<ruleset name="o3.ua">
+	<target host="o3.ua" />
+	<target host="www.o3.ua" />
+	<target host="akimovka.o3.ua" />
+	<target host="berdychiv.o3.ua" />
+	<target host="bobrovytsya.o3.ua" />
+	<target host="brovary.o3.ua" />
+	<target host="cherniahiv.o3.ua" />
+	<target host="dnipro.o3.ua" />
+	<target host="dnipropetrovsk.o3.ua" />
+	<target host="ivano-frankivsk.o3.ua" />
+	<target host="korostyshiv.o3.ua" />
+	<target host="krivoyrog.o3.ua" />
+	<target host="lviv.o3.ua" />
+	<target host="makariv.o3.ua" />
+	<target host="melitopol.o3.ua" />
+	<target host="my.o3.ua" />
+	<target host="my-old.o3.ua" />
+	<target host="shepetivka.o3.ua" />
+	<target host="starokostyantyniv.o3.ua" />
+	<target host="zhytomyr.o3.ua" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/oFono.xml b/src/chrome/content/rules/oFono.xml
index 69de103e3b13..d16c202d1a74 100644
--- a/src/chrome/content/rules/oFono.xml
+++ b/src/chrome/content/rules/oFono.xml
@@ -1,13 +1,24 @@
-<ruleset name="oFono">
+<!--
+	For other Intel coverage, see Intel.xml.
 
+	(www.)?ofono.org: Refused
+
+-->
+<ruleset name="oFono.org">
+
+	<!--	Complications:
+				-->
 	<target host="ofono.org" />
-	<target host="*.ofono.org" />
+	<target host="www.ofono.org" />
 
 
-	<securecookie host="^(?:w*\.)?ofono\.org$" name=".+" />
+	<rule from="^http://(?:www\.)?ofono\.org/$"
+		to="https://01.org/ofono" />
 
+	<rule from="^http://(?:www\.)?ofono\.org/"
+		to="https://01.org/ofono/" />
 
-	<rule from="^http://(www\.)?ofono\.org/"
-		to="https://ofono.org/" />
+		<test url="http://ofono.org/?" />
+		<test url="http://www.ofono.org/?" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/oaklands.ac.uk.xml b/src/chrome/content/rules/oaklands.ac.uk.xml
new file mode 100644
index 000000000000..fc688c0f61b6
--- /dev/null
+++ b/src/chrome/content/rules/oaklands.ac.uk.xml
@@ -0,0 +1,104 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://proportal.oaklands.ac.uk/? => https://portal.oaklands.ac.uk/dana/home/launch.cgi?url=http%3A%2F%2Fproportal.oaklands.ac.uk: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://portal.oaklands.ac.uk/ => https://portal.oaklands.ac.uk/: (28, 'Connection timed out after 20004 milliseconds')
+Fetch error: http://proportal.oaklands.ac.uk/ => https://portal.oaklands.ac.uk/dana/home/launch.cgi?url=http%3A%2F%2Fproportal.oaklands.ac.uk: (28, 'Connection timed out after 20001 milliseconds')
+
+	NB: autodiscover & autodiscover.student are rewritten
+	the same location ?=> fetch check failure
+
+	Oaklands College
+
+
+	Nonfunctional hosts in *oaklands.ac.uk:
+
+		- alumni ʳ
+		- learn ᵈ
+		- m ᵃ
+		- oaklearn ᵈ
+		- proportal ᵈ
+		- skillbuilder ᵈ
+		- webcams ᵈ
+		- wolves ᶠ
+
+	ᵃ Shows another domain
+	ᵈ Dropped
+	ᶠ Handshake fails
+	ʳ Refused
+
+
+	Problematic hosts in *oaklands.ac.uk:
+
+		- ^ ᵈ
+		- autodiscover *
+		- autodiscover.student *
+
+	* Redirect differs
+	ᵈ Dropped, preemptable redirect
+
+
+	Partially covered hosts in *oaklands.ac.uk:
+
+		- proportal *	(→ portal.oaklands.ac.uk)
+
+	* Not all paths redirect
+
+-->
+<ruleset name="Oaklands.ac.uk (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="cas.oaklands.ac.uk" />
+	<target host="portal.oaklands.ac.uk" />
+	<target host="webmail.oaklands.ac.uk" />
+	<target host="www.oaklands.ac.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="oaklands.ac.uk" />
+	<target host="autodiscover.oaklands.ac.uk" />
+	<target host="proportal.oaklands.ac.uk" />
+	<target host="autodiscover.student.oaklands.ac.uk" />
+
+		<!--	\w$ 404s:
+					-->
+		<exclusion pattern="^http://proportal\.oaklands\.ac\.uk/(?!/*(?:$|\?))" />
+
+			<!--	See blow respective rule for negative cases.
+
+				+ve:
+					-->
+			<test url="http://proportal.oaklands.ac.uk/default.aspx" />
+			<test url="http://proportal.oaklands.ac.uk/favicon.ico" />
+			<test url="http://proportal.oaklands.ac.uk/index.htm" />
+			<test url="http://proportal.oaklands.ac.uk/index.html" />
+			<test url="http://proportal.oaklands.ac.uk/index.php" />
+
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^(?!proportal\.)\w" name=".+" />
+
+
+	<rule from="^http://oaklands\.ac\.uk/"
+		to="https://www.oaklands.ac.uk/" />
+
+	<!--	Redirect drops all:
+					-->
+	<rule from="^http://autodiscover(?:\.student)?\.oaklands\.ac\.uk/.*"
+		to="https://cas.oaklands.ac.uk/owa/auth/logon.aspx?url=https%3a%2f%2fcas.oaklands.ac.uk%2fowa&amp;reason=0" />
+
+		<test url="http://autodiscover.oaklands.ac.uk/default.aspx" />
+		<test url="http://autodiscover.student.oaklands.ac.uk/index.htm" />
+
+	<!--	Redirect drops forward slash and args:
+							-->
+	<rule from="^http://proportal\.oaklands\.ac\.uk/.*"
+		to="https://portal.oaklands.ac.uk/dana/home/launch.cgi?url=http%3A%2F%2Fproportal.oaklands.ac.uk" />
+
+		<test url="http://proportal.oaklands.ac.uk/?" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/obi.xml b/src/chrome/content/rules/obi.xml
new file mode 100644
index 000000000000..2f7128e0a5c4
--- /dev/null
+++ b/src/chrome/content/rules/obi.xml
@@ -0,0 +1,49 @@
+<!--
+	Mismatch:
+		- ^obi.de
+		- ^obi.ru
+		- hirlevel.obi.hu
+		- termekek.obi.hu
+		- (www.)obi.ch
+		- (www.)obi.com
+		- (www.)obi.si
+		- (www.)obi-baumarkt.ch
+		- (www.)obi-italia.it
+
+	HTTP redirect:
+		- obi.at
+		- specials.obi.com
+
+	Refused:
+		- diy.obi.ru
+		- job.obi.hu
+
+	Wrong content:
+		- specials.obi.de
+-->
+<ruleset name="OBI">
+	<target host="community.obi.at"/>
+	<target host="images.obi.at"/>
+
+	<target host="obi.ch"/>
+	<target host="www.obi.ch"/>
+	<target host="ot.obi.ch"/>
+
+	<target host="obi.cz"/>
+	<target host="www.obi.cz"/>
+
+	<target host="www.obi.de"/>
+	<target host="community.obi.de"/>
+	<target host="images.obi.de"/>
+
+	<target host="obi.hu"/>
+	<target host="www.obi.hu"/>
+
+	<target host="obi.pl"/>
+	<target host="www.obi.pl"/>
+
+	<target host="www.obi.ru"/>
+
+	<rule from="^http:"
+		to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/obit.ru.xml b/src/chrome/content/rules/obit.ru.xml
new file mode 100644
index 000000000000..6f421c21eb31
--- /dev/null
+++ b/src/chrome/content/rules/obit.ru.xml
@@ -0,0 +1,178 @@
+<!--
+178-16-148-3.obit.ru ³
+178-16-150-82.obit.ru ³
+178-16-153-24.obit.ru ³
+178-16-153-39.obit.ru ³
+178-16-155-197.obit.ru ⁷
+178-16-155-82.obit.ru ²
+178-16-156-196.obit.ru ³
+217-79-1-253.obit.ru ³
+217-79-4-168.obit.ru ³
+217-79-4-206.obit.ru ³
+217-79-5-98.obit.ru ³
+79-142-83-102.obit.ru ³
+79-142-87-208.obit.ru ³
+79-142-87-22.obit.ru ¹
+79-142-92-35.obit.ru ²
+85-114-1-24.obit.ru ³
+85-114-10-33.obit.ru ²
+85-114-15-197.obit.ru ²
+85-114-2-170.obit.ru ⁴
+85-114-21-137.obit.ru ²
+85-114-22-90.obit.ru ³
+85-114-24-5.obit.ru ²
+85-114-29-30.obit.ru ³
+85-114-9-98.obit.ru ²
+abr-ttr-2.obit.ru ³
+aaa.wifi.access.obit.ru ²
+hpcvmmhkke.assorti.aaa.wifi.access.obit.ru ²
+sfgnbwunpo.burgerking.aaa.wifi.access.obit.ru ²
+www.flcgrrvjut.coffeeshop.aaa.wifi.access.obit.ru ²
+leefsdhqjx.coffeeshop.aaa.wifi.access.obit.ru ²
+bmuhdocrwl.freecafe.aaa.wifi.access.obit.ru ²
+bwciqlxvhj.freecafe.aaa.wifi.access.obit.ru ²
+fohtrooggd.freecafe.aaa.wifi.access.obit.ru ²
+vlqkegqgnd.freecafe.aaa.wifi.access.obit.ru ²
+www.ibkkfwmvef.private.aaa.wifi.access.obit.ru ²
+llciljuhsp.private-kz2.aaa.wifi.access.obit.ru ²
+pulkovo.aaa.wifi.access.obit.ru ²
+bdptjjicnx.pulkovo.aaa.wifi.access.obit.ru ²
+cwbccqrqqm.pulkovo.aaa.wifi.access.obit.ru ²
+www.cwguktbskr.pulkovo.aaa.wifi.access.obit.ru ²
+www.dwtsqbjmoe.pulkovo.aaa.wifi.access.obit.ru ²
+fodlhcbhdf.pulkovo.aaa.wifi.access.obit.ru ²
+kepkffushu.pulkovo.aaa.wifi.access.obit.ru ²
+ldjopsimrh.pulkovo.aaa.wifi.access.obit.ru ²
+mhgvempdpx.pulkovo.aaa.wifi.access.obit.ru ²
+ndegiivfkp.pulkovo.aaa.wifi.access.obit.ru ²
+ndfdbmjxob.pulkovo.aaa.wifi.access.obit.ru ²
+pojgsisllb.pulkovo.aaa.wifi.access.obit.ru ²
+www.tcrrphhhsv.pulkovo.aaa.wifi.access.obit.ru ²
+www.prrxvwdrvt.shoko.aaa.wifi.access.obit.ru ²
+go.wifi.access.obit.ru ²
+bk-ligov26-38.go.wifi.access.obit.ru ²
+pulkovo.go.wifi.access.obit.ru ²
+shoko-ligov26-38.go.wifi.access.obit.ru ²
+auth01.obit.ru ³
+autocfg.obit.ru ²
+censor-02.obit.ru ²
+crf-translate.obit.ru ²
+crf2.obit.ru ²
+crf3.obit.ru ²
+crf4.obit.ru ²
+dat1-msk.obit.ru ³
+dat1-ttr.obit.ru ³
+dat2-msk.obit.ru ³
+dat4.obit.ru ³
+dat5.obit.ru ³
+dns1.obit.ru ²
+dns2.obit.ru ²
+ftp.obit.ru ⁵
+gtk.obit.ru ²
+h-alta-sm9.obit.ru ²
+h-bolshevikov.obit.ru ³
+h-datacenter.obit.ru ²
+h-industr24.obit.ru ³
+h-kirishi.obit.ru ²
+h-msk-m9.obit.ru ²
+h-msk-rublevskoe62.obit.ru ³
+h-obit.obit.ru ²
+h-p-datacenter.obit.ru ³
+h-p-luga.obit.ru ²
+h-petrovich.obit.ru ²
+h-prosv34.obit.ru ²
+h-sh-datacenter.obit.ru ²
+h-sh-nevskiy84.obit.ru ³
+h-sh-pulkovo3.obit.ru ³
+h-smolen7.obit.ru ²
+h-spectr-budapesh49.obit.ru ²
+h-spectr-hudoz26.obit.ru ²
+h-spectr-revol20.obit.ru ³
+h-tihvin.obit.ru ³
+h-ttr-1.obit.ru ²
+h-ttr-7.obit.ru ³
+h-vyborg-f17.obit.ru ²
+hnt1.obit.ru ²
+hnt1-k7.obit.ru ²
+hnt2.obit.ru ²
+hnt2-k7.obit.ru ²
+hnt3.obit.ru ²
+hnt3-k7.obit.ru ²
+iptv.obit.ru ³
+iptvportal.obit.ru ⁴
+itmon.obit.ru ³
+jabber.obit.ru ²
+lg.obit.ru ²
+mail.obit.ru ⁴
+relay.mail.obit.ru ⁴
+media-001.obit.ru ²
+mkt-bk-botkinskya3.obit.ru ³
+nat1-msk.obit.ru ²
+nat1-ttr.obit.ru ²
+nat2-msk.obit.ru ²
+nat2-ttr.obit.ru ²
+nat3-msk.obit.ru ²
+new.obit.ru ³
+ns.obit.ru ²
+ns4.obit.ru ²
+nsf3.obit.ru ²
+nsf4.obit.ru ²
+nsf6.obit.ru ²
+nsf7.obit.ru ²
+petlocal.obit.ru ²
+radius.obit.ru ³
+relay.obit.ru ⁴
+services.obit.ru ⁷
+share.obit.ru ²
+sher1.obit.ru ²
+sher1-msk.obit.ru ²
+sher2.obit.ru ²
+sher2-msk.obit.ru ²
+sher3.obit.ru ²
+sher3-msk.obit.ru ²
+sher4.obit.ru ²
+shr1.obit.ru ²
+shr1-k7.obit.ru ²
+shr1-ttr.obit.ru ²
+shr2.obit.ru ²
+shr2-k7.obit.ru ²
+shr2-ttr.obit.ru ²
+shr3.obit.ru ²
+shr3-k7.obit.ru ²
+smarttv.obit.ru ³
+smarttv-01.obit.ru ³
+smtp-spb-02.obit.ru ⁴
+smtp-spb-04.obit.ru ²
+cat.kant7.me.spb.obit.ru ³
+cat.pgups.me.spb.obit.ru ³
+spd.obit.ru ³
+teredo.obit.ru ²
+teredo2.obit.ru ²
+timeshift.obit.ru ³
+cat.brc5.ttr.obit.ru ²
+tv.obit.ru ³
+tvip.obit.ru ³
+uhh.obit.ru ²
+uproxy.obit.ru ²
+web3.obit.ru ²
+wifi.obit.ru ¹
+heavyload1.obit.ru different content
+
+
+¹ mismatch
+² refused
+³ timed out
+⁴ self signed
+⁵ expired
+⁷ protocol error
+-->
+<ruleset name="obit.ru">
+	<target host="obit.ru" />
+	<target host="www.obit.ru" />
+	<target host="en.obit.ru" />
+	<target host="info-svc-012.obit.ru" />
+	<target host="kp.obit.ru" />
+	<target host="my.obit.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/obitalk.xml b/src/chrome/content/rules/obitalk.xml
index 161043b96617..b8b84260f580 100644
--- a/src/chrome/content/rules/obitalk.xml
+++ b/src/chrome/content/rules/obitalk.xml
@@ -1,6 +1,10 @@
-<ruleset name="ObiTalk">
- 	<target host="www.obitalk.com" />
- 	<target host="obitalk.com" />
+<ruleset name="ObiTalk.com">
 
- 	<rule from="^http://(www\.)?obitalk\.com/" to="https://www.obihai.com/"/>
+	<!--	Direct rewrites:
+				-->
+	<target host="obitalk.com" />
+	<target host="www.obitalk.com" />
+
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/objective.co.uk.xml b/src/chrome/content/rules/objective.co.uk.xml
new file mode 100644
index 000000000000..b58bbdd792bc
--- /dev/null
+++ b/src/chrome/content/rules/objective.co.uk.xml
@@ -0,0 +1,164 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://cherwell-consult.objective.co.uk/ (200) => https://cherwell-consult.objective.co.uk/ (500)
+Non-2xx HTTP code: http://ea-consult.objective.co.uk/ (200) => https://ea-consult.objective.co.uk/ (500)
+Non-2xx HTTP code: http://eastriding-consult.objective.co.uk/ (200) => https://eastriding-consult.objective.co.uk/ (500)
+Non-2xx HTTP code: http://sog-consult.objective.co.uk/ (200) => https://sog-consult.objective.co.uk/ (500)
+Fetch error: http://swdp.objective.co.uk/ => https://swdp.objective.co.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'swdp.objective.co.uk'")
+
+	Problematic hosts in *objective.co.uk:
+
+		- ^ ʳ
+		- birmingham ᵐ
+		- vitalregen ᵐ
+		- www ᵐ
+
+	ᵐ Mismatched
+	ʳ Refused, preemptable redirect
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- .objective.co.uk
+		- (client_vhost).objective.co.uk
+		- (client_vhost)-consult.objective.co.uk
+		- www.objective.co.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Objective.co.uk (partial)" default_off="failed ruleset test">
+
+	<target host="arun.objective.co.uk" />
+	<target host="arun-consult.objective.co.uk" />
+	<target host="barnsley.objective.co.uk" />
+	<target host="barnsley-consult.objective.co.uk" />
+	<target host="basildon.objective.co.uk" />
+	<target host="basildon-consult.objective.co.uk" />
+	<target host="bracknell-forest.objective.co.uk" />
+	<target host="bracknell-forest-consult.objective.co.uk" />
+	<target host="broadland.objective.co.uk" />
+	<target host="broadland-consult.objective.co.uk" />
+	<target host="bromley.objective.co.uk" />
+	<target host="bromley-consult.objective.co.uk" />
+	<target host="calderdale.objective.co.uk" />
+	<target host="calderdale-consult.objective.co.uk" />
+	<target host="canterbury.objective.co.uk" />
+	<target host="canterbury-consult.objective.co.uk" />
+	<target host="central-lincs.objective.co.uk" />
+	<target host="central-lincs-consult.objective.co.uk" />
+	<target host="cherwell.objective.co.uk" />
+	<target host="cherwell-consult.objective.co.uk" />
+	<target host="cheshireeast.objective.co.uk" />
+	<target host="cheshireeast-consult.objective.co.uk" />
+	<target host="cotswold.objective.co.uk" />
+	<target host="cotswold-consult.objective.co.uk" />
+	<target host="ea.objective.co.uk" />
+	<target host="ea-consult.objective.co.uk" />
+	<target host="eastriding.objective.co.uk" />
+	<target host="eastriding-consult.objective.co.uk" />
+	<target host="eastsussex.objective.co.uk" />
+	<target host="eastsussex-consult.objective.co.uk" />
+	<target host="epnbc.objective.co.uk" />
+	<target host="epnbc-consult.objective.co.uk" />
+	<target host="fife.objective.co.uk" />
+	<target host="fife-consult.objective.co.uk" />
+	<target host="gloucestershire.objective.co.uk" />
+	<target host="gloucestershire-consult.objective.co.uk" />
+	<target host="highland.objective.co.uk" />
+	<target host="highland-consult.objective.co.uk" />
+	<target host="highpeak.objective.co.uk" />
+	<target host="highpeak-consult.objective.co.uk" />
+	<target host="kent.objective.co.uk" />
+	<target host="kent-consult.objective.co.uk" />
+	<target host="kettering.objective.co.uk" />
+	<target host="kettering-consult.objective.co.uk" />
+	<target host="kirklees.objective.co.uk" />
+	<target host="kirklees-consult.objective.co.uk" />
+	<target host="lewisham.objective.co.uk" />
+	<target host="lewisham-consult.objective.co.uk" />
+	<target host="lichfielddc.objective.co.uk" />
+	<target host="lichfielddc-consult.objective.co.uk" />
+	<target host="maidstone.objective.co.uk" />
+	<target host="maidstone-consult.objective.co.uk" />
+	<target host="manchester.objective.co.uk" />
+	<target host="manchester-consult.objective.co.uk" />
+	<target host="mansfield.objective.co.uk" />
+	<target host="mansfield-consult.objective.co.uk" />
+	<target host="midlothian.objective.co.uk" />
+	<target host="midlothian-consult.objective.co.uk" />
+	<target host="miltonkeynes.objective.co.uk" />
+	<target host="miltonkeynes-consult.objective.co.uk" />
+	<target host="molevalley.objective.co.uk" />
+	<target host="molevalley-consult.objective.co.uk" />
+	<target host="nelincs.objective.co.uk" />
+	<target host="nelincs-consult.objective.co.uk" />
+	<target host="northumberland.objective.co.uk" />
+	<target host="northumberland-consult.objective.co.uk" />
+	<target host="peterborough.objective.co.uk" />
+	<target host="peterborough-consult.objective.co.uk" />
+	<target host="poole.objective.co.uk" />
+	<target host="poole-consult.objective.co.uk" />
+	<target host="plymouth.objective.co.uk" />
+	<target host="plymouth-consult.objective.co.uk" />
+	<target host="rbwm.objective.co.uk" />
+	<target host="rbwm-consult.objective.co.uk" />
+	<target host="richmond.objective.co.uk" />
+	<target host="richmond-consult.objective.co.uk" />
+	<target host="scarborough.objective.co.uk" />
+	<target host="scarborough-consult.objective.co.uk" />
+	<target host="sesplan.objective.co.uk" />
+	<target host="sesplan-consult.objective.co.uk" />
+	<target host="shepway.objective.co.uk" />
+	<target host="shepway-consult.objective.co.uk" />
+	<target host="sog.objective.co.uk" />
+	<target host="sog-consult.objective.co.uk" />
+	<target host="southandvale.objective.co.uk" />
+	<target host="southandvale-consult.objective.co.uk" />
+	<target host="stockport.objective.co.uk" />
+	<target host="stockport-consult.objective.co.uk" />
+	<target host="swale.objective.co.uk" />
+	<target host="swale-consult.objective.co.uk" />
+	<target host="swdp.objective.co.uk" />
+	<target host="swdp-consult.objective.co.uk" />
+	<target host="tandridge.objective.co.uk" />
+	<target host="tandridge-consult.objective.co.uk" />
+	<target host="tauntondeane.objective.co.uk" />
+	<target host="tauntondeane-consult.objective.co.uk" />
+	<target host="telford.objective.co.uk" />
+	<target host="telford-consult.objective.co.uk" />
+	<target host="tunbridgewells.objective.co.uk" />
+	<target host="tunbridgewells-consult.objective.co.uk" />
+	<target host="wakefield.objective.co.uk" />
+	<target host="wakefield-consult.objective.co.uk" />
+	<target host="warwickshire.objective.co.uk" />
+	<target host="warwickshire-consult.objective.co.uk" />
+	<target host="wealden.objective.co.uk" />
+	<target host="wealden-consult.objective.co.uk" />
+	<target host="west-norfolk.objective.co.uk" />
+	<target host="west-norfolk-consult.objective.co.uk" />
+	<target host="wiltshire.objective.co.uk" />
+	<target host="wiltshire-consult.objective.co.uk" />
+	<target host="wyrebc.objective.co.uk" />
+	<target host="wyrebc-consult.objective.co.uk" />
+
+		<!--	Sets cookie without Secure:
+							-->
+		<test url="http://wiltshire.objective.co.uk/v4/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.objective\.co\.uk$" name="^(?:ANONID_FS|ANONID|VISID)\d+$" /-->
+	<!--securecookie host="^(client_vhost)(?:-consult)?\.objective\.co\.uk$" name="^JSESSIONID$" /-->
+	<!--securecookie host="^www\.objective\.co\.uk$" name="^(?:ASP\.NET_SessionId|visitorDeviceClass)$" /-->
+
+	<securecookie host="^\." name="^(?:_gat?$|_gat_|ANONID|VISID)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/oboom.com.xml b/src/chrome/content/rules/oboom.com.xml
new file mode 100644
index 000000000000..b80d6eb4f625
--- /dev/null
+++ b/src/chrome/content/rules/oboom.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.oboom.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Oboom.com">
+
+	<target host="oboom.com" />
+	<target host="www.oboom.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.oboom\.com$" name="^connect\.sess$" /-->
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ocado.com.xml b/src/chrome/content/rules/ocado.com.xml
new file mode 100644
index 000000000000..84f50873a901
--- /dev/null
+++ b/src/chrome/content/rules/ocado.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="Ocado.com">
+
+	<target host="ocado.com" />
+	<target host="www.ocado.com" />
+	<target host="accounts.ocado.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+	<securecookie host=".+" name=".+" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/oclasrv.com.xml b/src/chrome/content/rules/oclasrv.com.xml
new file mode 100644
index 000000000000..67fe702ba602
--- /dev/null
+++ b/src/chrome/content/rules/oclasrv.com.xml
@@ -0,0 +1,19 @@
+<!--
+	For other Propeller Ads Media coverage, see PropellerAds.xml.
+
+
+	(www.)?oclasrv.com does not exist.
+
+-->
+<ruleset name="oclasrv.com">
+
+	<target host="go.oclasrv.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/oddschecker.com.xml b/src/chrome/content/rules/oddschecker.com.xml
new file mode 100644
index 000000000000..134c5aef7344
--- /dev/null
+++ b/src/chrome/content/rules/oddschecker.com.xml
@@ -0,0 +1,11 @@
+<ruleset name="Oddschecker.com">
+
+	<target host="static.oddschecker.com" />
+
+		<test url="http://static.oddschecker.com/OC/i/MO/homepage/ob-home-head.png" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/odessa.tv.xml b/src/chrome/content/rules/odessa.tv.xml
new file mode 100644
index 000000000000..7c5d274011f8
--- /dev/null
+++ b/src/chrome/content/rules/odessa.tv.xml
@@ -0,0 +1,22 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ott.odessa.tv/ => https://ott.odessa.tv/: (60, 'SSL certificate problem: certificate has expired')
+
+wiki.odessa.tv ⁴
+webmail.odessa.tv different content
+revera.odessa.tv ⁴
+www.sana.odessa.tv ¹
+
+¹ mismatch
+⁴ self signed
+-->
+<ruleset name="odessa.tv" default_off="failed ruleset test">
+	<target host="odessa.tv" />
+	<target host="www.odessa.tv" />
+	<target host="billing.odessa.tv" />
+	<target host="ott.odessa.tv" />
+	<target host="sana.odessa.tv" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/oebb.at.xml b/src/chrome/content/rules/oebb.at.xml
new file mode 100644
index 000000000000..e3358a10e3bc
--- /dev/null
+++ b/src/chrome/content/rules/oebb.at.xml
@@ -0,0 +1,48 @@
+<!--
+	Refused:
+	oebb.at:
+		-fahrplanheft
+		-fahrplan
+		-werbung
+		-xmaps
+	-railtours.at
+
+	Different content:
+	oebb.at:
+		-pensionsservice
+		-reisebuero
+		-railjet
+		-erlebnisbahn
+		-puenktlichkeit
+		-fahrtkostenrechner
+
+	Wrong cert:
+	oebb.at:
+		-blog
+		-www.pensionsservice
+		-www.ts
+		-kfe
+		-www.erlebnisbahn
+	-www.oebb-co2-ticker.at
+	-öbb.at
+	-www.öbb.at
+-->
+<ruleset name="ÖBB">
+	<target host="oebb.at" />
+	<target host="www.oebb.at" />
+	<target host="cas.oebb.at" />
+	<target host="cdes.oebb.at" />
+	<target host="konzern.oebb.at" />
+	<target host="personenverkehr.oebb.at" />
+	<target host="rpclient.oebb.at" />
+	<target host="shop.oebb.at" />
+	<target host="ts.oebb.at" />
+	<target host="yolotrain.oebb.at" />
+	<target host="oebb-co2-ticker.at" />
+	<target host="www.railtours.at" />
+
+	<rule from="^http://oebb\.at/"
+		to="https://www.oebb.at/" />
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/offenesparlament.de.xml b/src/chrome/content/rules/offenesparlament.de.xml
new file mode 100644
index 000000000000..375874912695
--- /dev/null
+++ b/src/chrome/content/rules/offenesparlament.de.xml
@@ -0,0 +1,15 @@
+<!--
+	Invalid certificate:
+		www.offenesparlament.de
+		beta.offenesparlament.de
+-->
+<ruleset name="OffenesParlament.de">
+
+	<target host="offenesparlament.de" />
+	<target host="api.offenesparlament.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ofsted.gov.uk.xml b/src/chrome/content/rules/ofsted.gov.uk.xml
new file mode 100644
index 000000000000..d89ae2e2498b
--- /dev/null
+++ b/src/chrome/content/rules/ofsted.gov.uk.xml
@@ -0,0 +1,110 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.mobile.learnerview.ofsted.gov.uk/ => https://www.mobile.learnerview.ofsted.gov.uk/: (60, 'SSL certificate problem: self signed certificate')
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *ofsted.gov.uk:
+
+		- questionnaire ᶠ
+
+	ᶠ Handshake fails
+
+
+	Problematic hosts in *ofsted.gov.uk:
+
+		- (www.)? ᵐ
+		- dashboard ᵉ ᵐ
+		- dataview ᵈ
+
+	ᵈ Dropped, preemptable redirect
+	ᵉ Expired
+	ᵐ Mismatched
+
+
+	Partially covered hosts in *ofsted.gov.uk:
+
+		- (www.)?
+
+
+	Insecure cookies are set for these domains:
+
+		- .contact.ofsted.gov.uk
+		- .employerview.ofsted.gov.uk
+		- .learnerview.ofsted.gov.uk
+		- .mobile.learnerview.ofsted.gov.uk
+		- .parentview.ofsted.gov.uk
+		- .reports.ofsted.gov.uk
+
+-->
+<ruleset name="Ofsted.gov.uk (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="contact.ofsted.gov.uk" />
+	<target host="employerview.ofsted.gov.uk" />
+	<target host="learnerview.ofsted.gov.uk" />
+	<target host="mobile.learnerview.ofsted.gov.uk" />
+	<target host="www.mobile.learnerview.ofsted.gov.uk" />
+	<target host="online.ofsted.gov.uk" />
+	<target host="parentview.ofsted.gov.uk" />
+	<target host="reports.ofsted.gov.uk" />
+	<target host="surveys.ofsted.gov.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="ofsted.gov.uk" />
+	<target host="dataview.ofsted.gov.uk" />
+	<target host="www.ofsted.gov.uk" />
+
+		<test url="http://ofstedonline.ofsted.gov.uk/outreach/Ofsted_Serious_Notification.ofml" />
+		<test url="http://online.ofsted.gov.uk/onlineofsted/Default.aspx" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.(?:contact|employerview|learnerview|mobile\.learnerview|parentview|reports)\.ofsted\.gov\.uk$" name="^SESS[\da-f]{32}$" /-->
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+	<securecookie host="^\.(?:contact|employerview|learnerview|mobile\.learnerview|parentview|reports)\." name=".+" />
+
+
+	<!--	Redirect drops forward slash and args:
+							-->
+	<rule from="^http://(?:www\.)?ofsted\.gov\.uk/.*"
+		to="https://www.gov.uk/government/organisations/ofsted" />
+
+		<!--	/*\w does not redirect:
+						-->
+		<exclusion pattern="^http://(?:www\.)?ofsted\.gov\.uk/(?!/*(?:$|\?))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.ofsted.gov.uk/default.aspx" />
+			<test url="http://www.ofsted.gov.uk/home.htm" />
+			<test url="http://www.ofsted.gov.uk/home.php" />
+			<test url="http://www.ofsted.gov.uk/index.htm" />
+			<test url="http://www.ofsted.gov.uk/index.jsp" />
+			<test url="http://www.ofsted.gov.uk/index.php" />
+
+	<!--	Redirect keeps args:
+					-->
+	<rule from="^http://dataview\.ofsted\.gov\.uk/(?=$|\?)"
+		to="https://public.tableau.com/views/Dataview/Viewregionalperformanceovertime" />
+
+		<test url="http://dataview.ofsted.gov.uk/?" />
+
+	<!--	Redirect appends forward slash:
+						-->
+	<rule from="^http://dataview\.ofsted\.gov\.uk/"
+		to="https://public.tableau.com/views/Dataview/Viewregionalperformanceovertime/" />
+
+		<test url="http://dataview.ofsted.gov.uk/index.htm" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ogcio.gov.hk.xml b/src/chrome/content/rules/ogcio.gov.hk.xml
new file mode 100644
index 000000000000..f26b04d31ae6
--- /dev/null
+++ b/src/chrome/content/rules/ogcio.gov.hk.xml
@@ -0,0 +1,24 @@
+<!--
+	For other HK government coverage, see GovHK.xml
+
+	Non-functional hosts
+		Couldn't connect to server:
+		- ogcio.gov.hk
+
+		SSL peer certificate was not OK:
+		- eapps1.ogcio.gov.hk
+		- eapps2.ogcio.gov.hk
+		- twdc.ogcio.gov.hk
+		- wcdc.ogcio.gov.hk
+-->
+<ruleset name="Office of the Government Chief Information Officer">
+	<target host="ogcio.gov.hk" />
+	<target host="www.ogcio.gov.hk" />
+	<target host="www.als.ogcio.gov.hk" />
+
+	<rule from="^http://ogcio\.gov\.hk/"
+			to="https://www.ogcio.gov.hk/" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ogdb.eu.xml b/src/chrome/content/rules/ogdb.eu.xml
new file mode 100644
index 000000000000..d17d5080440d
--- /dev/null
+++ b/src/chrome/content/rules/ogdb.eu.xml
@@ -0,0 +1,6 @@
+<ruleset name="ogdb.eu">
+	<target host="ogdb.eu" />
+	<target host="www.ogdb.eu" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ogilvy.co.uk.xml b/src/chrome/content/rules/ogilvy.co.uk.xml
new file mode 100644
index 000000000000..d0535f69cbea
--- /dev/null
+++ b/src/chrome/content/rules/ogilvy.co.uk.xml
@@ -0,0 +1,60 @@
+<!--
+	For other Ogilvy Group coverage, see ogilvy.com.xml.
+
+
+	Nonfunctional hosts in *ogilvy.co.uk:
+
+		- ideashop ᵛ
+
+	ᵛ Revoked
+
+
+	www.ogilvy.co.uk: mismatched
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- ogilvy.co.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Images on ^ from ogilvy.hal.graphicalliance.co.uk ʰ
+
+	ʰ Unsecurable <= redirects to http
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Ogilvy.co.uk (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ogilvy.co.uk" />
+	<target host="stage.ogilvy.co.uk" />
+	<target host="ideashop.stage.ogilvy.co.uk" />
+
+		<!--	Mixed images:
+					-->
+		<test url="http://ogilvy.co.uk/about-us" />
+
+	<!--	Complications:
+				-->
+	<target host="www.ogilvy.co.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^ogilvy\.co\.uk$" name="^BALANCEID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://www\.ogilvy\.co\.uk/"
+		to="https://ogilvy.co.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ogilvy.com.xml b/src/chrome/content/rules/ogilvy.com.xml
new file mode 100644
index 000000000000..a046864174ed
--- /dev/null
+++ b/src/chrome/content/rules/ogilvy.com.xml
@@ -0,0 +1,33 @@
+<!--
+	Other The Ogilvy Group rulesets:
+
+		- ogilvy.co.uk.xml
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- provider.ogilvy.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Ogilvy.com">
+
+	<target host="provider.ogilvy.com" />
+
+		<!--	Sets cookie without Secure:
+							-->
+		<!--test url="http://provider.ogilvy.com/_default/checkSso" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^provider\.ogilvy\.com$" name="^ogp2_sess$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ohnopodcast.com.xml b/src/chrome/content/rules/ohnopodcast.com.xml
new file mode 100644
index 000000000000..bb780ea7f1f6
--- /dev/null
+++ b/src/chrome/content/rules/ohnopodcast.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="ohnopodcast.com">
+
+	<target host="ohnopodcast.com" />
+	<target host="www.ohnopodcast.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/oikotie.fi.xml b/src/chrome/content/rules/oikotie.fi.xml
new file mode 100644
index 000000000000..f22c2ac928a1
--- /dev/null
+++ b/src/chrome/content/rules/oikotie.fi.xml
@@ -0,0 +1,61 @@
+<!--
+	Nonfunctional hosts in *oikotie.fi:
+
+		- asuntokauppa ³
+		- autot ʳ
+		- m.autot ʳ
+		- taito ʰ
+
+	³ 403
+	ʰ WP Engine / redirects to http
+	ʳ Refused
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- asunnot.oikotie.fi
+		- rekry.oikotie.fi
+		- .tyonantaja.oikotie.fi
+		- .www.oikotie.fi
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css on www from fonts.googleapis.com ˢ
+		- Images on asunnot from $self ˢ
+
+		- Bugs. on:
+
+			- tyopaikat from analytics.sanoma.fi ˢ
+			- tyopaikat from oikotie.spring-tns.net ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Oikotie.fi (partial)">
+
+	<target host="oikotie.fi" />
+	<target host="asunnot.oikotie.fi" />
+	<target host="rekry.oikotie.fi" />
+	<target host="tyonantaja.oikotie.fi" />
+	<target host="tyopaikat.oikotie.fi" />
+	<target host="www.oikotie.fi" />
+	<target host="www2.oikotie.fi" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^asunnot\.oikotie\.fi$" name="^(?:AWSELB|PHPSESSID|user_id)$" /-->
+	<!--securecookie host="^rekry\.oikotie\.fi$" name="^AWSELB$" /-->
+	<!--securecookie host="^\.(?:tyonantaja|www)\.oikotie\.fi$" name="^SESS[\da-f]{32}$" /-->
+
+	<securecookie host="^\." name="^_ga" />
+	<securecookie host="^(?!\.oikotie\.fi$)." name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ok-weinstrasse.de.xml b/src/chrome/content/rules/ok-weinstrasse.de.xml
new file mode 100644
index 000000000000..3cb572117e40
--- /dev/null
+++ b/src/chrome/content/rules/ok-weinstrasse.de.xml
@@ -0,0 +1,31 @@
+<!--
+	Timeout:
+		intranet.ok-weinstrasse.de
+		office.ok-weinstrasse.de
+-->
+<ruleset name="OK-Weinstrasse.de">
+
+	<target host="ok-weinstrasse.de" />
+	<target host="www.ok-weinstrasse.de" />
+	<target host="okofficeforum.ok-weinstrasse.de" />
+	<target host="www.okofficeforum.ok-weinstrasse.de" />
+	<target host="service.ok-weinstrasse.de" />
+	<target host="www.service.ok-weinstrasse.de" />
+	<target host="ssl.ok-weinstrasse.de" />
+	<target host="www.ssl.ok-weinstrasse.de" />
+	<target host="www.www.ok-weinstrasse.de" />
+
+	<!-- Redirects to http -->
+	<exclusion pattern="^http://www\.ok-weinstrasse\.de/sender/web-tv/" />
+	<test url="http://www.ok-weinstrasse.de/sender/web-tv/"/>
+
+	<securecookie host=".+" name=".+" />
+
+	<!-- Invalid certificate on https://ok-weinstrasse.de/,
+	http://ok-weinstrasse.de/ redirects to http://www.ok-weinstrasse.de/ -->
+	<rule from="^http://ok-weinstrasse\.de/"
+		to="https://www.ok-weinstrasse.de/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/okchanger.ru.xml b/src/chrome/content/rules/okchanger.ru.xml
new file mode 100644
index 000000000000..5fb096101c9b
--- /dev/null
+++ b/src/chrome/content/rules/okchanger.ru.xml
@@ -0,0 +1,6 @@
+<ruleset name="okchanger.ru">
+	<target host="okchanger.ru" />
+	<target host="www.okchanger.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/okfn.de.xml b/src/chrome/content/rules/okfn.de.xml
new file mode 100644
index 000000000000..43b4cabc8442
--- /dev/null
+++ b/src/chrome/content/rules/okfn.de.xml
@@ -0,0 +1,15 @@
+<ruleset name="OKFN.de">
+
+	<target host="okfn.de" />
+	<target host="piwik.okfn.de" />
+	<target host="traffic.okfn.de" />
+	<target host="www.okfn.de" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/okfn.org-falsemixed.xml b/src/chrome/content/rules/okfn.org-falsemixed.xml
new file mode 100644
index 000000000000..78a4899f2c6c
--- /dev/null
+++ b/src/chrome/content/rules/okfn.org-falsemixed.xml
@@ -0,0 +1,23 @@
+<!--
+	For rules not causing false/broken MCB, see Open_Knowledge_Foundation.xml.
+
+
+	NB: see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="OKFn.org (false MCB)" platform="mixedcontent">
+
+	<target host="a.okfn.org" />
+	<target host="blog.okfn.org" />
+	<target host="blog.core.okfn.org" />
+
+		<test url="http://a.okfn.org/html/oki/panel/panel.html" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/oktv-rlp.de.xml b/src/chrome/content/rules/oktv-rlp.de.xml
new file mode 100644
index 000000000000..72fb53321d13
--- /dev/null
+++ b/src/chrome/content/rules/oktv-rlp.de.xml
@@ -0,0 +1,29 @@
+<!--
+	Content mismatch:
+		oktv.oktv-rlp.de
+
+	Invalid certificate:
+		download.oktv-rlp.de
+		secure.oktv-rlp.de
+		static.oktv-rlp.de
+-->
+<ruleset name="OKTV-RLP.de">
+
+	<target host="oktv-rlp.de" />
+	<target host="www.oktv-rlp.de" />
+	<target host="demo.oktv-rlp.de" />
+	<target host="piwik.oktv-rlp.de" />
+
+	<!-- Redirects to http -->
+	<exclusion pattern="^http://www\.oktv-rlp\.de/sehen/livestream/" />
+	<test url="http://www.oktv-rlp.de/sehen/livestream/" />
+
+	<!-- Redirects to http -->
+	<exclusion pattern="^http://www\.oktv-rlp\.de/sehen/programm/" />
+	<test url="http://www.oktv-rlp.de/sehen/programm/" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/olabini.se.xml b/src/chrome/content/rules/olabini.se.xml
new file mode 100644
index 000000000000..e5a0754985e8
--- /dev/null
+++ b/src/chrome/content/rules/olabini.se.xml
@@ -0,0 +1,13 @@
+<ruleset name="Ola Bini.se">
+
+	<target host="olabini.se" />
+	<target host="www.olabini.se" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/oldi.ru.xml b/src/chrome/content/rules/oldi.ru.xml
new file mode 100644
index 000000000000..4958e862c056
--- /dev/null
+++ b/src/chrome/content/rules/oldi.ru.xml
@@ -0,0 +1,32 @@
+<!--
+b2b.oldi.ru ³
+comm.oldi.ru ²
+mail.e.oldi.ru ³
+mta1.e.oldi.ru ³
+files.oldi.ru ²
+from.oldi.ru ²
+rrstatic.from.oldi.ru ¹
+ftp.oldi.ru ³
+gallery.oldi.ru ³
+links.oldi.ru ¹
+mail.oldi.ru ³
+ns1.oldi.ru ³
+ns2.oldi.ru ³
+
+
+¹ mismatch
+² refused
+³ timed out
+-->
+<ruleset name="oldi.ru">
+	<target host="oldi.ru" />
+	<target host="www.oldi.ru" />
+	<target host="ekb.oldi.ru" />
+	<target host="js.oldi.ru" />
+	<target host="nnov.oldi.ru" />
+	<target host="nsk.oldi.ru" />
+	<target host="rnd.oldi.ru" />
+	<target host="spb.oldi.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/olympic.org.xml b/src/chrome/content/rules/olympic.org.xml
new file mode 100644
index 000000000000..f37a9566d510
--- /dev/null
+++ b/src/chrome/content/rules/olympic.org.xml
@@ -0,0 +1,20 @@
+<!--
+registration.olympic.org mismatch
+shop.olympic.org mismatch
+go.olympic.org timed out
+onlinecourse.olympic.org mismatch
+extranet.olympic.org mismatch
+sha.olympic.org mismatch
+assets.olympic.org mismatch
+olympicdaycontest.olympic.org mismatch
+-->
+<ruleset name="olympic.org">
+	<target host="olympic.org" />
+	<target host="www.olympic.org" />
+	<target host="stillres.olympic.org" />
+	<target host="hub.olympic.org" />
+	<target host="stillmed.olympic.org" />
+	<target host="secure.registration.olympic.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/omgcheckitout.com.xml b/src/chrome/content/rules/omgcheckitout.com.xml
new file mode 100644
index 000000000000..902128677b9d
--- /dev/null
+++ b/src/chrome/content/rules/omgcheckitout.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="omgcheckitout.com">
+	<target host="omgcheckitout.com" />
+	<target host="www.omgcheckitout.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/omim.org.xml b/src/chrome/content/rules/omim.org.xml
new file mode 100644
index 000000000000..7ded0d7676e7
--- /dev/null
+++ b/src/chrome/content/rules/omim.org.xml
@@ -0,0 +1,48 @@
+<!--
+	Nonfunctional hosts in *omim.org:
+
+		- us-east ᵈ
+
+	ᵈ Dropped
+
+
+	Problematic hosts in *omim.org:
+
+		- europe ˢ ʷ
+		- www ᵐ
+
+	ᵐ Mismatched
+	ˢ Self-signed
+	ʷ Weak signature
+
+
+	Insecure cookies are set for these hosts:
+
+		- omim.org
+
+-->
+<ruleset name="OMIM.org (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="omim.org" />
+
+	<!--	Complications:
+				-->
+	<target host="www.omim.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^omim\.org$" name="^sessionid$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://www\.omim\.org/"
+		to="https://omim.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/omkc.ru.xml b/src/chrome/content/rules/omkc.ru.xml
new file mode 100644
index 000000000000..36e304ef92c9
--- /dev/null
+++ b/src/chrome/content/rules/omkc.ru.xml
@@ -0,0 +1,15 @@
+<!--
+omkc.ru timed out
+www.omkc.ru timed out
+noc.omkc.ru timed out
+video.omkc.ru timed out
+gsmember.omkc.ru timed out
+mtv.omkc.ru timed out
+lg.omkc.ru timed out
+host38.net210.omkc.ru self signed
+-->
+<ruleset name="omkc.ru (partial)">
+	<target host="billing.omkc.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/omni.media.xml b/src/chrome/content/rules/omni.media.xml
new file mode 100644
index 000000000000..173c26d2b29b
--- /dev/null
+++ b/src/chrome/content/rules/omni.media.xml
@@ -0,0 +1,14 @@
+<ruleset name="Omni.Media">
+
+	<target host="omni.media" />
+	<target host="www.omni.media" />
+
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/omniweb.ru.xml b/src/chrome/content/rules/omniweb.ru.xml
new file mode 100644
index 000000000000..f20bbdb861fb
--- /dev/null
+++ b/src/chrome/content/rules/omniweb.ru.xml
@@ -0,0 +1,15 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://konchura.omniweb.ru/ => https://konchura.omniweb.ru/: (60, 'SSL certificate problem: certificate has expired')
+
+omniweb.ru mismatch
+www.omniweb.ru mismatch
+stsl.omniweb.ru nonexist
+t5.omniweb.ru mismatch
+-->
+<ruleset name="omniweb.ru (partial)" default_off="failed ruleset test">
+	<target host="konchura.omniweb.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/on1.com.xml b/src/chrome/content/rules/on1.com.xml
new file mode 100644
index 000000000000..2974158195cc
--- /dev/null
+++ b/src/chrome/content/rules/on1.com.xml
@@ -0,0 +1,16 @@
+<!--
+	Mismatch:
+		aburns.on1.com
+		help.on1.com
+		stage.on1.com
+-->
+
+<ruleset name="on1.com">
+
+	<target host="on1.com" />
+	<target host="www.on1.com" />
+	<target host="marketing.on1.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/onclasrv.com.xml b/src/chrome/content/rules/onclasrv.com.xml
new file mode 100644
index 000000000000..b1b723813e4e
--- /dev/null
+++ b/src/chrome/content/rules/onclasrv.com.xml
@@ -0,0 +1,19 @@
+<!--
+	For other Propeller Ads Media coverage, see PropellerAds.xml.
+
+
+	(www.)?onclasrv.com does not exist.
+
+-->
+<ruleset name="onclasrv.com">
+
+	<target host="go.onclasrv.com" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/onclkds.com.xml b/src/chrome/content/rules/onclkds.com.xml
new file mode 100644
index 000000000000..f379162f75e8
--- /dev/null
+++ b/src/chrome/content/rules/onclkds.com.xml
@@ -0,0 +1,30 @@
+<!--
+	For other Propeller Ads Media cverage, see PropellerAds.xml.
+
+
+	www.onclkds.com: refused
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- onclkds.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="OnClkds.com">
+
+	<target host="onclkds.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^onclkds\.com$" name="^(?:OAGEO[\da-f]+|SeenToday)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ondeck.com.xml b/src/chrome/content/rules/ondeck.com.xml
new file mode 100644
index 000000000000..db4bbb2761aa
--- /dev/null
+++ b/src/chrome/content/rules/ondeck.com.xml
@@ -0,0 +1,15 @@
+<ruleset name="OnDeck.com">
+
+	<target host="ondeck.com" />
+	<target host="en-ca.ondeck.com" />
+	<target host="es-us.ondeck.com" />
+	<target host="www.ondeck.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/oneandone.net.xml b/src/chrome/content/rules/oneandone.net.xml
new file mode 100644
index 000000000000..f04342a8c471
--- /dev/null
+++ b/src/chrome/content/rules/oneandone.net.xml
@@ -0,0 +1,29 @@
+<!--
+	For other United Internet coverage, see United-Internet.xml.
+
+	Invalid certificate:
+		- gw-ma-vpn.bs.kae.de.oneandone.net
+		- mirror-eu.oneandone.net
+		- mirror-us.oneandone.net
+		- vpn-us.oneandone.net
+
+	Timeout:
+		- oneandone.net
+		- www.oneandone.net
+		- ae-10-0.bb-a.fra3.fra.de.oneandone.net
+		- et-0-79.gw-nat.bs.kae.de.oneandone.net
+		- ge-3-2.gw-of-b.hs.kae.de.oneandone.net
+		- ae-11.gw-distp-a.bap.rhr.de.oneandone.net
+		- ae-1.gw-prtr-r231-a.bap.rhr.de.oneandone.net
+		- ae-1.gw-prtr-a0110-a.kw.nbz.fr.oneandone.net
+-->
+<ruleset name="oneandone.net">
+
+	<target host="mirror.eu.oneandone.net" />
+	<target host="mirror.us.oneandone.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/oneclickreseller.com.xml b/src/chrome/content/rules/oneclickreseller.com.xml
new file mode 100644
index 000000000000..db924a7bb643
--- /dev/null
+++ b/src/chrome/content/rules/oneclickreseller.com.xml
@@ -0,0 +1,35 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- oneclickreseller.com
+		- www.oneclickreseller.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Images from www.oneclickreseller.com ˢ
+		- Bug from c.statcounter.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="OneClickReseller.com">
+
+	<target host="oneclickreseller.com" />
+	<target host="www.oneclickreseller.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?oneclickreseller\.com$" name="^(?:ASP\.NET_SessionId|ShowOffer)$" /-->
+
+	<securecookie host="^\." name="_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/onehealthcommission.org.xml b/src/chrome/content/rules/onehealthcommission.org.xml
new file mode 100644
index 000000000000..3adc29fddbce
--- /dev/null
+++ b/src/chrome/content/rules/onehealthcommission.org.xml
@@ -0,0 +1,36 @@
+<!--
+	^onehealthcommission.org: Mismatched
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.onehealthcommission.org
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="One Health Commission.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.onehealthcommission.org" />
+
+	<!--	Complications:
+				-->
+	<target host="onehealthcommission.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www.onehealthcommission.org$" name="^(?:CFCLIENT_SITEVIZ_|CFGLOBALS$|CFID$|CFTOKEN$)" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://onehealthcommission\.org/"
+		to="https://www.onehealthcommission.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/onekingslane.com.xml b/src/chrome/content/rules/onekingslane.com.xml
new file mode 100644
index 000000000000..4afe7b726a88
--- /dev/null
+++ b/src/chrome/content/rules/onekingslane.com.xml
@@ -0,0 +1,39 @@
+<!--
+	CDN buckets:
+
+		- okl-scene7.insnw.net
+		- okl1-scene7.insnw.net
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- onekingslane.com
+		- .onekingslane.com
+		- www.onekingslane.com
+		- .www.onekingslane.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="One Kings Lane.com">
+
+	<target host="onekingslane.com" />
+	<target host="www.onekingslane.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^onekingslane\.com$" name="^___utmv[abm]\w+$" /-->
+	<!--securecookie host="^\.onekingslane\.com$" name="^(?:incap_ses|visid_incap)_\d+$" /-->
+	<!--securecookie host="^www\.onekingslane\.com$" name="^(?:_session_id|hattie)$" /-->
+	<!--securecookie host="^\.www\.onekingslane\.com$" name="^(?:b|clyde)$" /-->
+
+	<securecookie host=".+" name="^optimizely" />
+	<securecookie host="^\." name="^(?:incap_ses|visid_incap)_\d+$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/onelink.me.xml b/src/chrome/content/rules/onelink.me.xml
new file mode 100644
index 000000000000..6135b252f15b
--- /dev/null
+++ b/src/chrome/content/rules/onelink.me.xml
@@ -0,0 +1,12 @@
+<ruleset name="onelink.me">
+
+	<target host="go.onelink.me" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/onepace.net.xml b/src/chrome/content/rules/onepace.net.xml
new file mode 100644
index 000000000000..f508ea7310da
--- /dev/null
+++ b/src/chrome/content/rules/onepace.net.xml
@@ -0,0 +1,7 @@
+<ruleset name="onepace.net">
+	<target host="onepace.net" />
+	<target host="www.onepace.net" />
+	<target host="api.onepace.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/onlineprospectus.net.xml b/src/chrome/content/rules/onlineprospectus.net.xml
new file mode 100644
index 000000000000..9e8e05c32206
--- /dev/null
+++ b/src/chrome/content/rules/onlineprospectus.net.xml
@@ -0,0 +1,10 @@
+<ruleset name="onlineprospectus.net">
+	<target host="onlineprospectus.net" />
+	<target host="*.onlineprospectus.net" />
+
+	<rule from="^http:" to="https:" />
+	
+	<test url="http://direxioninvestments.onlineprospectus.net/DirexionInvestments//SPDN/index.html?open=Summary%20Prospectus" />
+	<test url="http://nationwidefunds.onlineprospectus.net/nationwidefunds/TD2025Fund/" />
+	<test url="http://direxioninvestments.onlineprospectus.net/DirexionInvestments/regulatory-documents/" />
+</ruleset>
diff --git a/src/chrome/content/rules/onlineshop.cz.xml b/src/chrome/content/rules/onlineshop.cz.xml
new file mode 100644
index 000000000000..bc1e58aab9d5
--- /dev/null
+++ b/src/chrome/content/rules/onlineshop.cz.xml
@@ -0,0 +1,8 @@
+<ruleset name="ONLINESHOP.CZ">
+    <target host="onlineshop.cz" />
+    <target host="www.onlineshop.cz" />
+    <target host="ctlm.onlineshop.cz" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/onr.org.uk.xml b/src/chrome/content/rules/onr.org.uk.xml
new file mode 100644
index 000000000000..24fe6e25bc2e
--- /dev/null
+++ b/src/chrome/content/rules/onr.org.uk.xml
@@ -0,0 +1,46 @@
+<!--
+	Office for Nuclear Regulation
+
+
+	(www.)?onr.org.uk: Refused
+
+
+	Problematic hosts in *onr.org.uk:
+
+		- news ᵉ ᵐ ˢ
+
+	ᵉ Expired
+	ᵐ Mismatched
+	ˢ Self-signed
+
+
+	Insecure cookies are set for these hosts:
+
+		- jobs.onr.org.uk
+
+
+	Mixed content:
+
+		- Image on jobs from www.google.com ˢ
+		- favicon on jobs from www.onr.org.uk ʳ
+
+	ʳ Unsecurable <= refused
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="ONR.org.uk (partial)">
+
+	<target host="jobs.onr.org.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^jobs\.onr\.org\.uk$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/onride.de.xml b/src/chrome/content/rules/onride.de.xml
new file mode 100644
index 000000000000..d3197bb59367
--- /dev/null
+++ b/src/chrome/content/rules/onride.de.xml
@@ -0,0 +1,11 @@
+<ruleset name="onride.de">
+
+	<target host="onride.de" />
+	<target host="www.onride.de" />
+	<target host="i.onride.de" />
+	<target host="m.onride.de" />
+	<target host="static.onride.de" />
+	<target host="t.onride.de" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/onthehub.com.xml b/src/chrome/content/rules/onthehub.com.xml
new file mode 100644
index 000000000000..c1f4d7c51e3b
--- /dev/null
+++ b/src/chrome/content/rules/onthehub.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="OnTheHub (partial)" platform="mixedcontent">
+	<target host="onthehub.com" />
+	<target host="www.onthehub.com" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ontraport.com.xml b/src/chrome/content/rules/ontraport.com.xml
new file mode 100644
index 000000000000..3614a9b59b03
--- /dev/null
+++ b/src/chrome/content/rules/ontraport.com.xml
@@ -0,0 +1,39 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- ontraport.com
+		- app.ontraport.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="ontraport.com">
+
+	<target host="ontraport.com" />
+	<target host="www.ontraport.com" />
+	<target host="app.ontraport.com" />
+	<target host="forms.ontraport.com" />
+	<target host="i.ontraport.com" />
+	<target host="status.ontraport.com" />
+	<target host="trust.ontraport.com" />
+
+		<!--	Sets cookie without Secure:
+							-->
+		<!--test url="http://ontraport.com/blog/" /-->
+
+		<test url="http://i.ontraport.com/3.43.5ebde3d9cf2d680cad143a712a13fff2.PNG" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^ontraport\.com$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^app\.ontraport\.com$" name="^ONTRASESS2$" /-->
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ony.ru.xml b/src/chrome/content/rules/ony.ru.xml
new file mode 100644
index 000000000000..b1bd0c9d6269
--- /dev/null
+++ b/src/chrome/content/rules/ony.ru.xml
@@ -0,0 +1,20 @@
+<!--
+look.ony.ru ¹
+mdg.ony.ru ⁴
+www.ony.ru ¹
+
+
+¹ mismatch
+⁴ self signed
+-->
+<ruleset name="ony.ru">
+	<target host="ony.ru" />
+	<target host="en.ony.ru" />
+
+	<target host="www.ony.ru" />
+
+	<rule from="^http://www\.ony\.ru/"
+		to="https://ony.ru/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ooo.0o0.ooo.xml b/src/chrome/content/rules/ooo.0o0.ooo.xml
new file mode 100644
index 000000000000..ac1bd8dc973a
--- /dev/null
+++ b/src/chrome/content/rules/ooo.0o0.ooo.xml
@@ -0,0 +1,7 @@
+<ruleset name="ooo.0o0.ooo">
+	<target host="ooo.0o0.ooo" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/open-groupe.nl.xml b/src/chrome/content/rules/open-groupe.nl.xml
new file mode 100644
index 000000000000..660ea7286a5b
--- /dev/null
+++ b/src/chrome/content/rules/open-groupe.nl.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.open-groupe.nl
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Open-Groupe.nl">
+
+	<target host="open-groupe.nl" />
+	<target host="intranet.open-groupe.nl" />
+	<target host="www.open-groupe.nl" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.open-groupe\.nl$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/open-stand.org.xml b/src/chrome/content/rules/open-stand.org.xml
new file mode 100644
index 000000000000..b8b4eeef6194
--- /dev/null
+++ b/src/chrome/content/rules/open-stand.org.xml
@@ -0,0 +1,13 @@
+<!--
+	Invalid certificate:
+		lists.open-stand.org
+-->
+
+<ruleset name="open-stand.org">
+
+	<target host="open-stand.org" />
+	<target host="www.open-stand.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/open27.ru.xml b/src/chrome/content/rules/open27.ru.xml
new file mode 100644
index 000000000000..f6648a3ef6a4
--- /dev/null
+++ b/src/chrome/content/rules/open27.ru.xml
@@ -0,0 +1,12 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.open27.ru/ => https://www.open27.ru/: (51, "SSL: no alternative certificate subject name matches target host name 'www.open27.ru'")
+
+-->
+<ruleset name="open27.ru" default_off="failed ruleset test">
+	<target host="open27.ru" />
+	<target host="www.open27.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/openDesktop-mismatches.xml b/src/chrome/content/rules/openDesktop-mismatches.xml
deleted file mode 100644
index 17beb6660615..000000000000
--- a/src/chrome/content/rules/openDesktop-mismatches.xml
+++ /dev/null
@@ -1,150 +0,0 @@
-<!--
-	For rules that are on by default,
-	see openDesktop.xml.
-
--->
-<ruleset name="openDesktop.org (mismatches)" default_off="mismatch">
-
-	<target host="arch-stuff.org" />
-	<target host="www.arch-stuff.org" />
-
-	<target host="beryl-themes.org" />
-	<target host="www.beryl-themes.org" />
-
-	<target host="box-look.org" />
-	<target host="www.box-look.org" />
-
-	<target host="cli-apps.org" />
-	<target host="www.cli-apps.org" />
-
-	<target host="debian-art.org" />
-	<target host="www.debian-art.org" />
-
-	<target host="e17-stuff.org" />
-	<target host="www.e17-stuff.org" />
-
-	<target host="ede-look.org" />
-	<target host="www.ede-look.org" />
-
-	<target host="eyeos-apps.org" />
-	<target host="www.eyeos-apps.org" />
-
-	<target host="frugalware-art.org" />
-	<target host="www.frugalware-art.org" />
-
-	<target host="gentoo-art.org" />
-	<target host="www.gentoo-art.org" />
-
-	<target host="gnomefiles.org" />
-	<target host="www.gnomefiles.org" />
-
-	<target host="gnome-help.org" />
-	<target host="www.gnome-help.org" />
-
-	<target host="gnome-look.org" />
-	<target host="www.gnome-look.org" />
-
-	<target host="gtk-apps.org" />
-	<target host="www.gtk-apps.org" />
-
-	<target host="java-apps.org" />
-	<target host="www.java-apps.org" />
-
-	<target host="kde-apps.org" />
-	<target host="www.kde-apps.org" />
-
-	<target host="kde-files.org" />
-	<target host="www.kde-files.org" />
-
-	<target host="kde-help.org" />
-	<target host="www.kde-help.org" />
-
-	<target host="kde-look.org" />
-	<target host="www.kde-look.org" />
-
-	<target host="linux42.org" />
-	<target host="www.linux42.org" />
-
-	<target host="linuxdaily.com" />
-	<target host="www.linuxdaily.com" />
-
-	<target host="linuxmint-art.org" />
-	<target host="www.linuxmint-art.org" />
-
-	<target host="maemo-apps.org" />
-	<target host="www.maemo-apps.org" />
-
-	<target host="opendesktop.org" />
-	<target host="www.opendesktop.org" />
-
-	<target host="open-pc.com" />
-	<target host="www.open-pc.com" />
-
-	<target host="openskillz.com" />
-	<target host="www.openskillz.com" />
-
-	<target host="opentemplate.org" />
-	<target host="www.opentemplate.org" />
-
-	<target host="qt-apps.org" />
-	<target host="www.qt-apps.org" />
-
-	<target host="scribusstuff.org" />
-	<target host="www.scribusstuff.org" />
-
-	<target host="suse-art.org" />
-	<target host="www.suse-art.org" />
-
-	<target host="ubuntu-art.org" />
-	<target host="www.ubuntu-art.org" />
-
-	<target host="addons.videolan.org" />
-
-	<target host="vlc-addons.org" />
-	<target host="www.vlc-addons.org" />
-
-	<target host="wine-apps.org" />
-	<target host="www.wine-apps.org" />
-
-	<target host="xfce-help.org" />
-	<target host="www.xfce-help.org" />
-
-	<target host="xfce-look.org" />
-	<target host="www.xfce-look.org" />
-
-
-	<!--	These exclusions should match all paths that are covered in openDesktop.xml.
-		If they don't, something's wrong!	-->
-		<exclusion pattern="^http://(?:www\.)?opendesktop\.org/" />
-		<exclusion pattern="^http://(?:www\.)?(?:arch|beryl|box|cli|compiz|debian|e17|ede|eyeos|frugalware|gentoo|gnome|gtk|java|kde|linuxmint|maemo|qt|suse|ubuntu|wine|xfce)-(?:apps|art|files|help|look|stuff|themes)\.org/(?:ad|cometchat|comments|CONTENT|fancybox|img|styles|usermanager)/" />
-		<exclusion pattern="^http://(?:www\.)?(?:(?:gnomefiles|linux42|opentemplate|scribusstuff|vlc-addons)\.org|(?:linuxdaily|open-pc|openskillz)\.com)/(?:ad|cometchat|comments|CONTENT|fancybox|img|styles|usermanager)/" />
-		<exclusion pattern="^http://addons\.videolan\.org/(?:ad|cometchat|comments|CONTENT|fancybox|img|styles|usermanager)/" />
-
-
-
-	<!--	There don't appear to be any cross-domain cookies.	-->
-	<securecookie host="^(?:arch|beryl|box|cli|compiz|debian|e17|ede|eyeos|frugalware|gentoo|gnome|gtk|java|kde|linuxmint|maemo|qt|suse|ubuntu|wine|xfce)-(?:apps|art|files|help|look|stuff|themes)\.org$" name=".*" />
-	<securecookie host="^(?:gnomefiles|linux42|opentemplate|scribusstuff|addons\.videolan|vlc-addons)\.org$" name=".*" />
-	<securecookie host="^(?:linuxdaily|open-pc|openskillz)\.com$" name=".*" />
-
-
-
-	<!--	These rules should handle paths that can't be rewritten to opendesktop.org while appearing identical.
-
-		While all subdomains work over https, point to //domain.tld in order to minimize the number of exceptions needed.
-
-
-		*-(apps|art|files|help|look|stuff|themes).org	-->
-
-	<rule from="^http://(?:www\.)?(arch|beryl|box|cli|compiz|debian|e17|ede|eyeos|frugalware|gentoo|gnome|gtk|java|kde|linuxmint|maemo|qt|suse|ubuntu|wine|xfce)-(apps|art|files|help|look|stuff|themes)\.org/"
-		to="https://$1-$2.org/" />
-
-	<!--	misc	-->
-
-	<rule from="^http://(?:www\.)?((?:gnomefiles|linux42|opentemplate|scribusstuff|vlc-addons)\.org|(?:linuxdaily|open-pc|openskillz)\.com)/"
-		to="https://$1/" />
-
-	<rule from="^http://addons\.videolan\.org/"
-		to="https://addons.videolan.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/openDesktop.org.xml b/src/chrome/content/rules/openDesktop.org.xml
new file mode 100644
index 000000000000..88e9ec5ee96f
--- /dev/null
+++ b/src/chrome/content/rules/openDesktop.org.xml
@@ -0,0 +1,41 @@
+<!--
+	For other openDesktop rules, see:
+		Box-Look.org.xml
+		Cinnamon-look.org.xml
+		Compiz-themes.org.xml
+		Gnome-look.org.xml
+		GTK-apps.org.xml
+		Historical-look.org.xml
+		KDE-apps.org.xml
+		KDE-Look.org.xml
+		Linux-apps.com.xml
+		Mate-look.org.xml
+		QT-apps.org.xml
+		Trinity-look.org.xml
+		VLC-addons.org.xml
+		XFCE-look.org.xml
+		cccliparts.org.xml
+		e17-stuff.org.xml
+		enlightenment-themes.org.xml
+		free-artwork.org.xml
+
+	No working URL known:
+		api.opendesktop.org
+		dl.opendesktop.org
+		static.opendesktop.org
+		test.opendesktop.org
+
+-->
+<ruleset name="openDesktop.org">
+
+	<target host="opendesktop.org" />
+	<target host="www.opendesktop.org" />
+	<target host="blog.opendesktop.org" />
+	<target host="flatpak.opendesktop.org" />
+	<target host="forum.opendesktop.org" />
+	<target host="snaps.opendesktop.org" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/openDesktop.xml b/src/chrome/content/rules/openDesktop.xml
deleted file mode 100644
index ee48d80a4bf0..000000000000
--- a/src/chrome/content/rules/openDesktop.xml
+++ /dev/null
@@ -1,136 +0,0 @@
-<!--
-	For problematic rules,
-	see openDesktop-mismatches.xml.
-
--->
-<ruleset name="openDesktop.org" platform="mixedcontent">
-
-	<target host="arch-stuff.org" />
-	<target host="*.arch-stuff.org" />
-
-	<target host="beryl-themes.org" />
-	<target host="*.beryl-themes.org" />
-
-	<target host="box-look.org" />
-	<target host="*.box-look.org" />
-
-	<target host="cli-apps.org" />
-	<target host="*.cli-apps.org" />
-
-	<target host="debian-art.org" />
-	<target host="*.debian-art.org" />
-
-	<target host="e17-stuff.org" />
-	<target host="*.e17-stuff.org" />
-
-	<target host="ede-look.org" />
-	<target host="*.ede-look.org" />
-
-	<target host="eyeos-apps.org" />
-	<target host="*.eyeos-apps.org" />
-
-	<target host="frugalware-art.org" />
-	<target host="*.frugalware-art.org" />
-
-	<target host="gentoo-art.org" />
-	<target host="*.gentoo-art.org" />
-
-	<target host="gnomefiles.org" />
-	<target host="*.gnomefiles.org" />
-
-	<target host="gnome-help.org" />
-	<target host="*.gnome-help.org" />
-
-	<target host="gnome-look.org" />
-	<target host="*.gnome-look.org" />
-
-	<target host="gtk-apps.org" />
-	<target host="*.gtk-apps.org" />
-
-	<target host="java-apps.org" />
-	<target host="*.java-apps.org" />
-
-	<target host="kde-apps.org" />
-	<target host="*.kde-apps.org" />
-
-	<target host="kde-files.org" />
-	<target host="*.kde-files.org" />
-
-	<target host="kde-help.org" />
-	<target host="*.kde-help.org" />
-
-	<target host="kde-look.org" />
-	<target host="*.kde-look.org" />
-
-	<target host="linux42.org" />
-	<target host="*.linux42.org" />
-
-	<target host="linuxdaily.com" />
-	<target host="*.linuxdaily.com" />
-
-	<target host="linuxmint-art.org" />
-	<target host="*.linuxmint-art.org" />
-
-	<target host="maemo-apps.org" />
-	<target host="*.maemo-apps.org" />
-
-	<target host="opendesktop.org" />
-	<target host="*.opendesktop.org" />
-
-	<target host="open-pc.com" />
-	<target host="*.open-pc.com" />
-
-	<target host="openskillz.com" />
-	<target host="*.openskillz.com" />
-
-	<target host="opentemplate.org" />
-	<target host="*.opentemplate.org" />
-
-	<target host="qt-apps.org" />
-	<target host="*.qt-apps.org" />
-
-	<target host="scribusstuff.org" />
-	<target host="*.scribusstuff.org" />
-
-	<target host="suse-art.org" />
-	<target host="*.suse-art.org" />
-
-	<target host="ubuntu-art.org" />
-	<target host="*.ubuntu-art.org" />
-
-	<target host="addons.videolan.org" />
-
-	<target host="vlc-addons.org" />
-	<target host="*.vlc-addons.org" />
-
-	<target host="wine-apps.org" />
-	<target host="*.wine-apps.org" />
-
-	<target host="xfce-help.org" />
-	<target host="*.xfce-help.org" />
-
-	<target host="xfce-look.org" />
-	<target host="*.xfce-look.org" />
-
-<!--
-  https://trac.torproject.org/projects/tor/ticket/7840
-	<securecookie host="^opendesktop\.org$" name=".*" />
--->
-
-	<rule from="^http://(?:www\.)?opendesktop\.org/"
-		to="https://opendesktop.org/" />
-
-<!--	*-(apps|art|files|help|look|stuff|themes).org	-->
-
-	<rule from="^http://(?:static\.|www\.)?(?:arch|beryl|box|cli|compiz|debian|e17|ede|eyeos|frugalware|gentoo|gnome|gtk|java|kde|linuxmint|maemo|qt|suse|ubuntu|wine|xfce)-(?:apps|art|files|help|look|stuff|themes)\.org/(ad|cometchat|comments|CONTENT|fancybox|img|styles|usermanager)/"
-		to="https://opendesktop.org/$1/" />
-
-<!--	misc	-->
-
-	<rule from="^http://(?:static\.|www\.)?(?:(?:gnomefiles|linux42|scribusstuff|opentemplate|vlc-addons)\.org|(?:linuxdaily|open-pc|openskillz)\.com)/(ad|cometchat|comments|CONTENT|fancybox|img|styles|usermanager)/"
-		to="https://opendesktop.org/$1/" />
-
-	<rule from="^http://addons\.videolan\.org/(ad|cometchat|comments|CONTENT|fancybox|img|styles|usermanager)/"
-		to="https://opendesktop.org/$1/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/openbank.ru.xml b/src/chrome/content/rules/openbank.ru.xml
new file mode 100644
index 000000000000..7b38b36d08d0
--- /dev/null
+++ b/src/chrome/content/rules/openbank.ru.xml
@@ -0,0 +1,33 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://mobile.openbank.ru/ => https://mobile.openbank.ru/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://m.openbank.ru/ => https://m.openbank.ru/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://spartak.openbank.ru/ => https://spartak.openbank.ru/: (6, 'Could not resolve host: spartak.openbank.ru')
+
+app.openbank.ru ¹
+talent.openbank.ru ⁶
+open.openbank.ru ¹
+promo.openbank.ru ⁶
+ic.openbank.ru different content
+otvet.openbank.ru ¹
+
+
+¹ mismatch
+⁶ redirect
+-->
+<ruleset name="openbank.ru" default_off="failed ruleset test">
+	<target host="openbank.ru" />
+	<target host="www.openbank.ru" />
+	<target host="mobile.openbank.ru" />
+	<target host="online.openbank.ru" />
+	<target host="peremena.openbank.ru" />
+	<target host="services.openbank.ru" />
+	<target host="lite.openbank.ru" />
+	<target host="travel.openbank.ru" />
+	<target host="stat.openbank.ru" />
+	<target host="m.openbank.ru" />
+	<target host="spartak.openbank.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/opencaching.de.xml b/src/chrome/content/rules/opencaching.de.xml
new file mode 100644
index 000000000000..e1ce21e08368
--- /dev/null
+++ b/src/chrome/content/rules/opencaching.de.xml
@@ -0,0 +1,35 @@
+<!--
+	Main pages support https
+	Sub domains like forum / blog / wiki now do support https
+
+	Last test date: 19.08.2017
+
+	Development/testing pages, let them without for developer/tester:
+	test.opencaching.de (certificate match)
+-->
+<ruleset name="opencaching.de">
+	<!-- Redirect to www. subdomain -->
+	<target host="opencaching.de" />
+	<!-- Main page -->
+	<target host="www.opencaching.de" />
+
+	<!-- Sub page - Blog -->
+	<target host="blog.opencaching.de" />
+
+	<!-- Sub page - Forum -->
+	<target host="forum.opencaching.de" />
+
+	<!-- Sub page - Wiki -->
+	<target host="wiki.opencaching.de" />
+
+	<!-- Sub page - Dowloads -->
+	<target host="download.opencaching.de" />
+
+	<!-- Development - Ticket system -->
+	<target host="redmine.opencaching.de" />
+
+	<!-- Development - project page for responsive design -->
+	<target host="rwd.opencaching.de" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/opencaching.pl.xml b/src/chrome/content/rules/opencaching.pl.xml
new file mode 100644
index 000000000000..84840df804c9
--- /dev/null
+++ b/src/chrome/content/rules/opencaching.pl.xml
@@ -0,0 +1,30 @@
+<!--
+	Main pages support https
+	Sub domains like blog / podsumowanie / testing do not support https or have
+	corrupted https or missing/wrong cert
+
+    Last test date: 19.08.2017
+
+    wrong certificate and wrong website served:
+     - m.opencaching.pl
+
+    wrong certificate:
+     - blog.opencaching.pl
+
+-->
+<ruleset name="opencaching.pl">
+	<!-- Main page -->
+	<target host="opencaching.pl" />
+	<target host="www.opencaching.pl" />
+
+	<!-- Disabled see header - Mobile main page -->
+	<!-- <target host="m.opencaching.pl" /> -->
+
+	<!-- Forum -->
+	<target host="forum.opencaching.pl" />
+
+	<!-- Wiki -->
+	<target host="wiki.opencaching.pl" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/opencaching.us.xml b/src/chrome/content/rules/opencaching.us.xml
new file mode 100644
index 000000000000..acfd07581a42
--- /dev/null
+++ b/src/chrome/content/rules/opencaching.us.xml
@@ -0,0 +1,23 @@
+<!--
+	Opencaching US
+	Last test date: 06.11.2017
+
+  Development/testing pages, let them without for developer/tester:
+	 - test.opencaching.us
+-->
+<ruleset name="opencaching.us">
+	<!-- Main page -->
+	<target host="opencaching.us" />
+	<target host="www.opencaching.us" />
+
+	<!-- Sub page - Blog -->
+	<target host="blog.opencaching.us" />
+
+	<!-- Sub page - Forum -->
+	<target host="forum.opencaching.us" />
+
+	<!-- Sub page - Wiki -->
+	<target host="wiki.opencaching.us" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/opendata.ch.xml b/src/chrome/content/rules/opendata.ch.xml
new file mode 100644
index 000000000000..369bcc7ae04f
--- /dev/null
+++ b/src/chrome/content/rules/opendata.ch.xml
@@ -0,0 +1,56 @@
+<!--
+	Insecure cookies are set for these domains: ᶜ
+
+		- .opendata.ch
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css, on:
+
+			- ^, en, energy, finance, food, fr, glam, make from fonts.googleapis.com ˢ
+
+		- Images, on:
+
+			- ^, en, energy, finance, food, fr, glam from $self ˢ
+			- ^ from fr.opendata.ch ˢ
+			- ^, fr from soda.camp ⁴
+			- en, energy, food, fr, glam, make from ^opendata.ch ˢ
+			- finance from assets.okfn.org ˢ
+
+		- Bugs, on:
+
+			- ^, en, food, fr, make from i.creativecommons.org ˢ
+			- ^ from licensebuttons.net ˢ
+
+	⁴ Unsecurable <= 404
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Opendata.ch">
+
+	<target host="opendata.ch" />
+	<target host="en.opendata.ch" />
+	<target host="energy.opendata.ch" />
+	<target host="finance.opendata.ch" />
+	<target host="food.opendata.ch" />
+	<target host="fr.opendata.ch" />
+	<target host="glam.opendata.ch" />
+	<target host="make.opendata.ch" />
+	<target host="trans.opendata.ch" />
+	<target host="www.opendata.ch" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.opendata\.ch$" name="^wordpress_polylang$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/opendatacity.xml b/src/chrome/content/rules/opendatacity.xml
new file mode 100644
index 000000000000..9ad6d016592a
--- /dev/null
+++ b/src/chrome/content/rules/opendatacity.xml
@@ -0,0 +1,9 @@
+<ruleset name="opendatacity">
+	<target host="opendatacity.de" />
+	<target host="www.opendatacity.de" />
+	<target host="apps.opendatacity.de" />
+	<target host="labs.opendatacity.de" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/openeffect.ca.xml b/src/chrome/content/rules/openeffect.ca.xml
new file mode 100644
index 000000000000..8813b4487e5f
--- /dev/null
+++ b/src/chrome/content/rules/openeffect.ca.xml
@@ -0,0 +1,13 @@
+<ruleset name="openeffect.ca">
+
+	<target host="openeffect.ca" />
+	<target host="www.openeffect.ca" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/openembedded.org.xml b/src/chrome/content/rules/openembedded.org.xml
new file mode 100644
index 000000000000..b9ca57cde805
--- /dev/null
+++ b/src/chrome/content/rules/openembedded.org.xml
@@ -0,0 +1,10 @@
+<ruleset name="openembedded.org">
+	<target host="openembedded.org" />
+	<target host="cgit.openembedded.org" />
+	<target host="git.openembedded.org" />
+	<target host="layers.openembedded.org" />
+	<target host="lists.openembedded.org" />
+	<target host="patches.openembedded.org" />
+	<target host="www.openembedded.org" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/openfoo.org.xml b/src/chrome/content/rules/openfoo.org.xml
new file mode 100644
index 000000000000..16321d4be9cf
--- /dev/null
+++ b/src/chrome/content/rules/openfoo.org.xml
@@ -0,0 +1,13 @@
+<ruleset name="openfoo.org">
+
+	<target host="openfoo.org" />
+	<target host="www.openfoo.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/opening-times.co.uk.xml b/src/chrome/content/rules/opening-times.co.uk.xml
new file mode 100644
index 000000000000..881264607b62
--- /dev/null
+++ b/src/chrome/content/rules/opening-times.co.uk.xml
@@ -0,0 +1,14 @@
+<ruleset name="Opening-Times.co.uk">
+
+	<target host="opening-times.co.uk" />
+	<target host="www.opening-times.co.uk" />
+
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/openmamba.org.xml b/src/chrome/content/rules/openmamba.org.xml
new file mode 100644
index 000000000000..262661f46293
--- /dev/null
+++ b/src/chrome/content/rules/openmamba.org.xml
@@ -0,0 +1,46 @@
+<!--
+	Problematic hosts in *openmamba.org:
+
+		- lists ᵃ
+
+	ᵃ Shows another domain
+
+
+	Insecure cookies are set for these hosts:
+
+		- openmamba.org
+
+-->
+<ruleset name="openmamba.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="openmamba.org" />
+	<target host="bugs.openmamba.org" />
+	<target host="wiki.openmamba.org" />
+	<target host="www.openmamba.org" />
+
+	<!--	Complications:
+				-->
+	<target host="lists.openmamba.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^openmamba\.org$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<!--	Redirect keeps path and args,
+		but not forward slash:
+					-->
+	<rule from="^http://lists\.openmamba\.org/+"
+		to="https://www.openmamba.org/lists/" />
+
+		<test url="http://lists.openmamba.org/index.php" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/openmsx.org.xml b/src/chrome/content/rules/openmsx.org.xml
new file mode 100644
index 000000000000..eb78b7dab104
--- /dev/null
+++ b/src/chrome/content/rules/openmsx.org.xml
@@ -0,0 +1,14 @@
+<!--
+	Invalid certificate:
+		test.openmsx.org
+
+	Refused:
+		forum.openmsx.org
+-->
+<ruleset name="openmsx.org">
+	<target host="openmsx.org" />
+	<target host="www.openmsx.org" />
+	<target host="softfab.openmsx.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/openra.net.xml b/src/chrome/content/rules/openra.net.xml
new file mode 100644
index 000000000000..32fcd2ea170e
--- /dev/null
+++ b/src/chrome/content/rules/openra.net.xml
@@ -0,0 +1,21 @@
+<!--
+	Invalid certificate:
+		bugs.openra.net
+		stats.resource.openra.net
+		stats.master.openra.net
+-->
+<ruleset name="openra.net">
+	<target host="openra.net" />
+	<target host="www.openra.net" />
+	<target host="activity.openra.net" />
+	<target host="changelog.openra.net" />
+	<target host="discord.openra.net" />
+	<target host="forum.openra.net" />
+	<target host="logs.openra.net" />
+	<target host="master.openra.net" />
+	<target host="nagios.openra.net" />
+	<target host="resource.openra.net" />
+	<target host="wiki.openra.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/openrct2.io.xml b/src/chrome/content/rules/openrct2.io.xml
new file mode 100644
index 000000000000..ca5ad9ec27d6
--- /dev/null
+++ b/src/chrome/content/rules/openrct2.io.xml
@@ -0,0 +1,9 @@
+<ruleset name="openrct2.io">
+	<target host="openrct2.io" />
+	<target host="www.openrct2.io" />
+	<target host="api.openrct2.io" />
+	<target host="servers.openrct2.io" />
+	<target host="ui.openrct2.io" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/openrepos.net.xml b/src/chrome/content/rules/openrepos.net.xml
new file mode 100644
index 000000000000..bb71ca483b98
--- /dev/null
+++ b/src/chrome/content/rules/openrepos.net.xml
@@ -0,0 +1,13 @@
+<ruleset name="OpenRepos.net">
+
+	<target host="openrepos.net" />
+	<target host="www.openrepos.net" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/openrunet.org.xml b/src/chrome/content/rules/openrunet.org.xml
new file mode 100644
index 000000000000..10a4f1bc6ac2
--- /dev/null
+++ b/src/chrome/content/rules/openrunet.org.xml
@@ -0,0 +1,12 @@
+<!--
+www.openrunet.org self signed
+-->
+<ruleset name="openrunet.org">
+	<target host="openrunet.org" />
+	<target host="www.openrunet.org" />
+
+	<rule from="^http://www\.openrunet\.org/"
+		to="https://openrunet.org/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/openscad.org.xml b/src/chrome/content/rules/openscad.org.xml
new file mode 100644
index 000000000000..cdb466368c67
--- /dev/null
+++ b/src/chrome/content/rules/openscad.org.xml
@@ -0,0 +1,20 @@
+<!--
+	OpenSCAD
+	Open source 3D design tool
+
+	Refused:
+		openscad.org
+		forum.openscad.org - forum
+		files.openscad.org - downloads
+
+	Last test date: 13.08.2018
+-->
+<ruleset name="openscad.org (partial)">
+	<!-- host is just a redirect but without https so redirect directly to www. sub -->
+	<target host="openscad.org" />
+	<!-- main page -->
+	<target host="www.openscad.org" />
+
+	<rule from="^http://openscad\.org/" to="https://www.openscad.org/"/>
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/openseamap.org.xml b/src/chrome/content/rules/openseamap.org.xml
new file mode 100644
index 000000000000..8945d60c2140
--- /dev/null
+++ b/src/chrome/content/rules/openseamap.org.xml
@@ -0,0 +1,25 @@
+<!--
+	Connection failed:
+		openseamap.org
+		www.openseamap.org
+		harbor.openseamap.org
+		wiki.openseamap.org
+
+	Invalid certificate:
+		dev.openseamap.org
+-->
+<ruleset name="OpenSeaMap.org (partial)">
+
+	<target host="alpha.openseamap.org" />
+	<target host="depth.openseamap.org" />
+	<target host="forum.openseamap.org" />
+	<target host="map.openseamap.org" />
+	<target host="t1.openseamap.org" />
+	<target host="testdepth.openseamap.org" />
+	<target host="tiles.openseamap.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/openstat.com.xml b/src/chrome/content/rules/openstat.com.xml
new file mode 100644
index 000000000000..8ee51983b8b1
--- /dev/null
+++ b/src/chrome/content/rules/openstat.com.xml
@@ -0,0 +1,31 @@
+<!--
+	Problematic hosts in *openstat.com:
+
+		- rating ᵃ
+
+	ᵃ Shows www.openstat.com
+
+
+	Insecure cookies are set for these domains:
+
+		- .openstat.com
+
+-->
+<ruleset name="OpenStat.com (partial)">
+
+	<target host="openstat.com" />
+	<target host="marker.openstat.com" />
+	<target host="www.openstat.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.openstat\.com$" name="^SL_SID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/openwall.info.xml b/src/chrome/content/rules/openwall.info.xml
new file mode 100644
index 000000000000..1ad434cacd3b
--- /dev/null
+++ b/src/chrome/content/rules/openwall.info.xml
@@ -0,0 +1,6 @@
+<ruleset name="openwall.info">
+	<target host="openwall.info" />
+	<target host="www.openwall.info" />  <!-- Certificate mismatch -->
+	<rule from="^http://www\.openwall\.info/" to="https://openwall.info/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/openwebrtc.org.xml b/src/chrome/content/rules/openwebrtc.org.xml
new file mode 100644
index 000000000000..bfe4c266c74c
--- /dev/null
+++ b/src/chrome/content/rules/openwebrtc.org.xml
@@ -0,0 +1,13 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://demo.openwebrtc.org/ => https://demo.openwebrtc.org/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="openwebrtc.org" default_off="failed ruleset test">
+	<target host="openwebrtc.org" />
+	<target host="www.openwebrtc.org" />
+	<target host="demo.openwebrtc.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/openwebtorrent.com.xml b/src/chrome/content/rules/openwebtorrent.com.xml
new file mode 100644
index 000000000000..5c85f997cf02
--- /dev/null
+++ b/src/chrome/content/rules/openwebtorrent.com.xml
@@ -0,0 +1,10 @@
+<!--
+tracker.openwebtorrent.com non-2xx http code
+
+
+-->
+<ruleset name="openwebtorrent.com">
+	<target host="openwebtorrent.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/optimizely.com-resources.xml b/src/chrome/content/rules/optimizely.com-resources.xml
new file mode 100644
index 000000000000..5012f819fd5f
--- /dev/null
+++ b/src/chrome/content/rules/optimizely.com-resources.xml
@@ -0,0 +1,32 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://pages.optimizely.com/rs/361-GER-922/images/Share1.png (200) => https://na-sjn.marketo.com/rs/361-GER-922/images/Share1.png (403)
+
+	For rules covering more than resources, see Optimizely.xml.
+
+	Note: platform is so as not to increase non-Tor
+	distinguishability, given that no pages are covered
+	and no mixed content secured.
+
+-->
+<ruleset name="Optimizely.com (resources)" platform="mixedcontent" default_off="failed ruleset test">
+
+	<target host="pages.optimizely.com" />
+
+		<exclusion pattern="^http://pages\.optimizely\.com/(?!/*(?:cs|image|r)s/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://pages.optimizely.com/book" />
+			<test url="http://pages.optimizely.com/eBook_The_Ultimate_Guide_to_Optimizing_Your_Online_Store.html" />
+			<test url="http://pages.optimizely.com/email-ab-testing-toolkit.html" />
+			<test url="http://pages.optimizely.com/thrive-new-digital-reality-webinar-series-1.html" />
+
+
+	<rule from="^http://pages\.optimizely\.com/"
+		to="https://na-sjn.marketo.com/" />
+
+		<test url="http://pages.optimizely.com/rs/361-GER-922/images/Share1.png" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/optum.com.xml b/src/chrome/content/rules/optum.com.xml
new file mode 100644
index 000000000000..9934f0a2ed95
--- /dev/null
+++ b/src/chrome/content/rules/optum.com.xml
@@ -0,0 +1,20 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://optum.com/ => https://optum.com/: (51, "SSL: no alternative certificate subject name matches target host name 'optum.com'")
+
+-->
+<ruleset name="Optum.com" default_off="failed ruleset test">
+
+	<target host="optum.com" />
+	<target host="www.optum.com" />
+	<target host="www-new.optum.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/or.is.xml b/src/chrome/content/rules/or.is.xml
new file mode 100644
index 000000000000..04f660ccba22
--- /dev/null
+++ b/src/chrome/content/rules/or.is.xml
@@ -0,0 +1,46 @@
+<!--
+	Reykjavík Energy
+
+
+	These altnames do not exist:
+
+		- secure.or.is
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- orkanmin.or.is
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Images on www from $self ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="OR.is">
+
+	<target host="or.is" />
+	<target host="orkanmin.or.is" />
+	<target host="www.or.is" />
+
+		<!--	Mixed images:
+					-->
+		<!--test url="http://www.or.is/english/carbfix-project" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^orkanmin\.or\.is$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/oraclefox.com.xml b/src/chrome/content/rules/oraclefox.com.xml
new file mode 100644
index 000000000000..34694a6c7483
--- /dev/null
+++ b/src/chrome/content/rules/oraclefox.com.xml
@@ -0,0 +1,14 @@
+<!--
+	Invalid certificate:
+		mail.oraclefox.com
+		webmail.oraclefox.com
+
+	Time out:
+		ftp.oraclefox.com
+-->
+<ruleset name="oraclefox.com">
+	<target host="oraclefox.com" />
+	<target host="www.oraclefox.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/orangeplant.co.uk.xml b/src/chrome/content/rules/orangeplant.co.uk.xml
new file mode 100644
index 000000000000..b00b03abc69f
--- /dev/null
+++ b/src/chrome/content/rules/orangeplant.co.uk.xml
@@ -0,0 +1,29 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://www.orangeplant.co.uk/ (200) => https://orangeplant.co.uk/ (404)
+
+	www.orangeplant.co.uk: Mismatched
+
+-->
+<ruleset name="Orange Plant.co.uk" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="orangeplant.co.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="www.orangeplant.co.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://www\.orangeplant\.co\.uk/"
+		to="https://orangeplant.co.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/originstamp.org.xml b/src/chrome/content/rules/originstamp.org.xml
new file mode 100644
index 000000000000..63c7079363e2
--- /dev/null
+++ b/src/chrome/content/rules/originstamp.org.xml
@@ -0,0 +1,9 @@
+<ruleset name="OriginStamp">
+    <target host="originstamp.org"/>
+    <target host="www.originstamp.org"/>
+
+    <securecookie host=".+" name=".+" />
+
+    <rule from="^http:"
+            to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/oroboro.com.xml b/src/chrome/content/rules/oroboro.com.xml
new file mode 100644
index 000000000000..51e3bdb7f8a1
--- /dev/null
+++ b/src/chrome/content/rules/oroboro.com.xml
@@ -0,0 +1,20 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://img.oroboro.com/ => https://img.oroboro.com/: (35, 'error:14077458:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 unrecognized name')
+
+-->
+<ruleset name="oroboro.com" default_off="failed ruleset test">
+
+	<target host="oroboro.com" />
+	<target host="img.oroboro.com" />
+	<target host="www.oroboro.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/orphus.ru.xml b/src/chrome/content/rules/orphus.ru.xml
new file mode 100644
index 000000000000..1c25cfea30bd
--- /dev/null
+++ b/src/chrome/content/rules/orphus.ru.xml
@@ -0,0 +1,36 @@
+<!--
+	www.orphus.ru: Mismatched
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- orphus.ru
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Orphus.ru">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="orphus.ru" />
+
+	<!--	Complications:
+				-->
+	<target host="www.orphus.ru" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^orphus\.ru$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://www\.orphus\.ru/"
+		to="https://orphus.ru/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/orr.gov.uk.xml b/src/chrome/content/rules/orr.gov.uk.xml
new file mode 100644
index 000000000000..cd0d57b73055
--- /dev/null
+++ b/src/chrome/content/rules/orr.gov.uk.xml
@@ -0,0 +1,45 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://orrdat.orr.gov.uk/ => https://orrdat.orr.gov.uk/: (60, 'SSL certificate problem: certificate has expired')
+
+	Office of Rail and Road
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Problematic hosts in *orr.gov.uk:
+
+		- (www.)? ᵉ ᵐ ˢ
+		- dataportal ᶜ
+
+	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
+	ᵉ Expired
+	ᵐ Mismatched
+	ˢ Self-signed
+
+
+	Insecure cookies are set for these domains:
+
+		- .dataportal.orr.gov.uk
+
+-->
+<ruleset name="ORR.gov.uk (partial)" default_off="failed ruleset test">
+
+	<!--target host="dataportal.orr.gov.uk" /-->
+	<target host="orrdat.orr.gov.uk" />
+	<target host="raildata.orr.gov.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.dataportal\.orr\.gov\.uk$" name="^SESS[\da-f]{32}$" /-->
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ortenau.freifunk.net.xml b/src/chrome/content/rules/ortenau.freifunk.net.xml
new file mode 100644
index 000000000000..8e24590d9403
--- /dev/null
+++ b/src/chrome/content/rules/ortenau.freifunk.net.xml
@@ -0,0 +1,18 @@
+<!--
+	For other rulesets covering freifunk.net, see: Freifunk.xml
+
+	This domain contains a wildcard DNS record.
+-->
+<ruleset name="Freifunk Ortenau">
+
+	<target host="ortenau.freifunk.net" />
+	<target host="forum.ortenau.freifunk.net" />
+	<target host="www.forum.ortenau.freifunk.net" />
+	<target host="lists.ortenau.freifunk.net" />
+	<target host="stats.ortenau.freifunk.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/osalt.com.xml b/src/chrome/content/rules/osalt.com.xml
new file mode 100644
index 000000000000..2f8e0e25c0be
--- /dev/null
+++ b/src/chrome/content/rules/osalt.com.xml
@@ -0,0 +1,17 @@
+<ruleset name="osalt.com">
+
+	<target host="osalt.com" />
+	<target host="cdnk.osalt.com" />
+	<target host="www.osalt.com" />
+
+		<test url="http://cdnk.osalt.com/gfx/small_dot_o.gif" />
+
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/osc.gov.xml b/src/chrome/content/rules/osc.gov.xml
new file mode 100644
index 000000000000..35ecda0ec787
--- /dev/null
+++ b/src/chrome/content/rules/osc.gov.xml
@@ -0,0 +1,18 @@
+<!--
+	Office of Special Counsel
+
+
+-->
+<ruleset name="OSC.gov">
+
+	<target host="osc.gov" />
+	<target host="www.osc.gov" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/osdisc.com.xml b/src/chrome/content/rules/osdisc.com.xml
new file mode 100644
index 000000000000..faeb876ac061
--- /dev/null
+++ b/src/chrome/content/rules/osdisc.com.xml
@@ -0,0 +1,23 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- www.osdisc.com
+
+-->
+<ruleset name="OSDisc.com">
+
+	<target host="osdisc.com" />
+	<target host="www.osdisc.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.osdisc\.com$" name="^(?:checkout|session)id$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/osdn.net.xml b/src/chrome/content/rules/osdn.net.xml
new file mode 100644
index 000000000000..76f6c20b7bba
--- /dev/null
+++ b/src/chrome/content/rules/osdn.net.xml
@@ -0,0 +1,30 @@
+<!--
+jaist.dl.osdn.net ¹
+osdn.dl.osdn.net ²
+ns0.osdn.net ¹
+ns1.osdn.net ²
+ns2.osdn.net ²
+
+
+¹ mismatch
+² refused
+-->
+<ruleset name="osdn.net">
+	<target host="osdn.net" />
+	<target host="www.osdn.net" />
+	<target host="de.osdn.net" />
+	<target host="en.osdn.net" />
+	<target host="es.osdn.net" />
+	<target host="fr.osdn.net" />
+	<target host="ja.osdn.net" />
+	<target host="ko.osdn.net" />
+	<target host="mag.osdn.net" />
+	<target host="pt.osdn.net" />
+	<target host="scm.osdn.net" />
+	<target host="static.osdn.net" />
+	<target host="svn.osdn.net" />
+	<target host="zh.osdn.net" />
+	<target host="zh-tw.osdn.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/osf22p3lmweopgho.onion.xml b/src/chrome/content/rules/osf22p3lmweopgho.onion.xml
new file mode 100644
index 000000000000..d84f66845634
--- /dev/null
+++ b/src/chrome/content/rules/osf22p3lmweopgho.onion.xml
@@ -0,0 +1,16 @@
+<!--
+	For related clearnet rules, see
+
+	Invalid certificate:
+		www.osf22p3lmweopgho.onion
+
+-->
+<ruleset name="Open Society Foundations (onion)">
+
+	<target host="osf22p3lmweopgho.onion" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/osmc.tv.xml b/src/chrome/content/rules/osmc.tv.xml
new file mode 100644
index 000000000000..d4e7a8574b6d
--- /dev/null
+++ b/src/chrome/content/rules/osmc.tv.xml
@@ -0,0 +1,53 @@
+<!--
+	www.osmc.tv: Refused
+
+
+	Problematic hosts in *osmc.tv:
+
+		- www.discourse * ᵐ
+
+	* Differs from http
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- discourse.osmc.tv
+		- www.discourse.osmc.tv
+		- store.osmc.tv
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="OSMC.tv">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="osmc.tv" />
+	<target host="discourse.osmc.tv" />
+	<target host="store.osmc.tv" />
+
+		<!--	Sets cookie without Secure:
+							-->
+		<!--test url="http://store.osmc.tv/embed_cart_widget/" /-->
+
+	<!--	Complications:
+				-->
+	<target host="www.osmc.tv" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^discourse\.osmc\.tv$" name="^_forum_session$" /-->
+	<!--securecookie host="^(?:www\.discourse|store)\.osmc\.tv$" name="^_wp_woocommerce_session_[\da-f]{32}$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://www\.osmc\.tv/"
+		to="https://osmc.tv/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ostermiller.org.xml b/src/chrome/content/rules/ostermiller.org.xml
new file mode 100644
index 000000000000..a185c589c989
--- /dev/null
+++ b/src/chrome/content/rules/ostermiller.org.xml
@@ -0,0 +1,98 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://currency.ostermiller.org/ => https://currency.ostermiller.org/: (51, "SSL: no alternative certificate subject name matches target host name 'currency.ostermiller.org'")
+
+blog.ostermiller.org ³
+it.coinmill.deadsea.ostermiller.org ⁵
+in.coinmill.deadsea.ostermiller.org ⁵
+sr.coinmill.deadsea.ostermiller.org ⁵
+iw.coinmill.deadsea.ostermiller.org ⁵
+vi.coinmill.deadsea.ostermiller.org ⁵
+ru.coinmill.deadsea.ostermiller.org ⁵
+da.coinmill.deadsea.ostermiller.org ⁵
+fi.coinmill.deadsea.ostermiller.org ⁵
+de.coinmill.deadsea.ostermiller.org ⁵
+hu.coinmill.deadsea.ostermiller.org ⁵
+ro.coinmill.deadsea.ostermiller.org ⁵
+es.coinmill.deadsea.ostermiller.org ⁵
+ar.coinmill.deadsea.ostermiller.org ⁵
+et.coinmill.deadsea.ostermiller.org ⁵
+pt.coinmill.deadsea.ostermiller.org ⁵
+pl.coinmill.deadsea.ostermiller.org ⁵
+ca.coinmill.deadsea.ostermiller.org ⁵
+bg.coinmill.deadsea.ostermiller.org ⁵
+lt.coinmill.deadsea.ostermiller.org ⁵
+zh.coinmill.deadsea.ostermiller.org ⁵
+uk.coinmill.deadsea.ostermiller.org ⁵
+tr.coinmill.deadsea.ostermiller.org ⁵
+el.coinmill.deadsea.ostermiller.org ⁵
+ja.coinmill.deadsea.ostermiller.org ⁵
+no.coinmill.deadsea.ostermiller.org ⁵
+sq.coinmill.deadsea.ostermiller.org ⁵
+ko.coinmill.deadsea.ostermiller.org ⁵
+ms.coinmill.deadsea.ostermiller.org ⁵
+fr.coinmill.deadsea.ostermiller.org ⁵
+sk.coinmill.deadsea.ostermiller.org ⁵
+lv.coinmill.deadsea.ostermiller.org ⁵
+hr.coinmill.deadsea.ostermiller.org ⁵
+cs.coinmill.deadsea.ostermiller.org ⁵
+sl.coinmill.deadsea.ostermiller.org ⁵
+th.coinmill.deadsea.ostermiller.org ⁵
+zt.coinmill.deadsea.ostermiller.org ⁵
+is.coinmill.deadsea.ostermiller.org ⁵
+mk.coinmill.deadsea.ostermiller.org ⁵
+ga.coinmill.deadsea.ostermiller.org ⁵
+sv.coinmill.deadsea.ostermiller.org ⁵
+it.coinmill.deadsea.ostermiller.org ⁵
+in.coinmill.deadsea.ostermiller.org ⁵
+sr.coinmill.deadsea.ostermiller.org ⁵
+da.coinmill.deadsea.ostermiller.org ⁵
+fi.coinmill.deadsea.ostermiller.org ⁵
+de.coinmill.deadsea.ostermiller.org ⁵
+es.coinmill.deadsea.ostermiller.org ⁵
+et.coinmill.deadsea.ostermiller.org ⁵
+pl.coinmill.deadsea.ostermiller.org ⁵
+ca.coinmill.deadsea.ostermiller.org ⁵
+iw.coinmill.deadsea.ostermiller.org ⁵
+vi.coinmill.deadsea.ostermiller.org ⁵
+ru.coinmill.deadsea.ostermiller.org ⁵
+hu.coinmill.deadsea.ostermiller.org ⁵
+ro.coinmill.deadsea.ostermiller.org ⁵
+ar.coinmill.deadsea.ostermiller.org ⁵
+pt.coinmill.deadsea.ostermiller.org ⁵
+bg.coinmill.deadsea.ostermiller.org ⁵
+lt.coinmill.deadsea.ostermiller.org ⁵
+zh.coinmill.deadsea.ostermiller.org ⁵
+uk.coinmill.deadsea.ostermiller.org ⁵
+tr.coinmill.deadsea.ostermiller.org ⁵
+el.coinmill.deadsea.ostermiller.org ⁵
+ja.coinmill.deadsea.ostermiller.org ⁵
+no.coinmill.deadsea.ostermiller.org ⁵
+sq.coinmill.deadsea.ostermiller.org ⁵
+mk.coinmill.deadsea.ostermiller.org ⁵
+ga.coinmill.deadsea.ostermiller.org ⁵
+ko.coinmill.deadsea.ostermiller.org ⁵
+ms.coinmill.deadsea.ostermiller.org ⁵
+sv.coinmill.deadsea.ostermiller.org ⁵
+fr.coinmill.deadsea.ostermiller.org ⁵
+sk.coinmill.deadsea.ostermiller.org ⁵
+lv.coinmill.deadsea.ostermiller.org ⁵
+hr.coinmill.deadsea.ostermiller.org ⁵
+cs.coinmill.deadsea.ostermiller.org ⁵
+sl.coinmill.deadsea.ostermiller.org ⁵
+th.coinmill.deadsea.ostermiller.org ⁵
+is.coinmill.deadsea.ostermiller.org ⁵
+coinmill.deadsea.ostermiller.org ⁵
+
+
+³ timed out
+⁵ expired
+-->
+<ruleset name="ostermiller.org" default_off="failed ruleset test">
+	<target host="ostermiller.org" />
+	<target host="www.ostermiller.org" />
+	<target host="currency.ostermiller.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ostif.org.xml b/src/chrome/content/rules/ostif.org.xml
new file mode 100644
index 000000000000..6b0019f0dcce
--- /dev/null
+++ b/src/chrome/content/rules/ostif.org.xml
@@ -0,0 +1,14 @@
+<ruleset name="OSTIF.org">
+
+	<target host="ostif.org" />
+	<target host="www.ostif.org" />
+
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/osufoundation.org.xml b/src/chrome/content/rules/osufoundation.org.xml
new file mode 100644
index 000000000000..b3a70ddae013
--- /dev/null
+++ b/src/chrome/content/rules/osufoundation.org.xml
@@ -0,0 +1,28 @@
+<!--
+	For other Oregon State University coverage, see
+
+
+        http://osufoundation.org redirects to http://www.osufoundation.org
+        redirects to https://www.osufoundation.org, so normal users don't see
+        the need for the complication. However, osufoundation.org does not
+        respond to https, so it is still needed.
+
+-->
+<ruleset name="OSU Foundation.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.osufoundation.org" />
+
+	<!--	Complications:
+				-->
+	<target host="osufoundation.org" />
+
+
+	<rule from="^http://osufoundation\.org/"
+		to="https://www.osufoundation.org/"/>
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/osuosl.org.xml b/src/chrome/content/rules/osuosl.org.xml
new file mode 100644
index 000000000000..e3fe0162468a
--- /dev/null
+++ b/src/chrome/content/rules/osuosl.org.xml
@@ -0,0 +1,260 @@
+<!--
+	HTTPS != HTTP:
+		internal-web1.osuosl.org
+		mon1.osuosl.org
+
+    Connection reset:
+        cppcheck1.osuosl.org:8000
+
+	Invalid certificate:
+		amahi.osuosl.org
+		bdale-gag.osuosl.org
+		busybox.osuosl.org
+		chat.civicrm.osuosl.org
+		java-prod.civicrm.osuosl.org
+		log.civicrm.osuosl.org
+		manage.civicrm.osuosl.org
+		www-cxn-2.civicrm.osuosl.org
+		www-demo.civicrm.osuosl.org
+		www-prod.civicrm.osuosl.org
+		dotkde.osuosl.org
+		ecf-builds.osuosl.org
+		elinux.osuosl.org
+		elgg2.osuosl.org
+		flossfoundations.osuosl.org
+		fosstranslation.osuosl.org
+		freedroid.osuosl.org
+		bellbird.gentoo.osuosl.org
+		bittern.gentoo.osuosl.org
+		brambling.gentoo.osuosl.org
+		dipper.gentoo.osuosl.org
+		meadowlark.gentoo.osuosl.org
+		vulture.gentoo.osuosl.org
+		x86dev.gentoo.osuosl.org
+		jenkins-edamame.osuosl.org
+		jenkins-lettuce.osuosl.org
+		inkscape1.osuosl.org
+		lb.osuosl.org
+		lf-openprinting.osuosl.org
+		linuxfund.osuosl.org
+		lug.osuosl.org
+		lyx1.osuosl.org
+		mageiavm.osuosl.org
+		mandrivausers2.osuosl.org
+		mf4-xiph.osuosl.org
+		midnightcommander.osuosl.org
+		mirror-sync.osuosl.org
+		gen.ntf.osuosl.org
+		ldap1.ntf.osuosl.org
+		mail.ntf.osuosl.org
+		puppet.ntf.osuosl.org
+		wiki.ntf.osuosl.org
+		openmrs1.osuosl.org
+		openvoting.osuosl.org
+		osgeo4.osgeo.osuosl.org
+		osgeo6.osgeo.osuosl.org
+		osgeo7.osgeo.osuosl.org
+		web.osgeo.osuosl.org
+		benzene.osm.osuosl.org
+		civicrm.osm.osuosl.org
+		stormfly-02.osm.osuosl.org
+		osmus.osm.osuosl.org
+		pyrene.osm.osuosl.org
+		stormfly-01.osm.osuosl.org
+		tile.osm.osuosl.org
+		a.tile.osm.osuosl.org
+		b.tile.osm.osuosl.org
+		c.tile.osm.osuosl.org
+		osu1php.osuosl.org
+		otest-controller.osuosl.org
+		pdxplumbers.osuosl.org
+		parrotvm.osuosl.org
+		virt-2ttcf4.psf.osuosl.org
+		virt-7tac5q.psf.osuosl.org
+		virt-7yvsjn.psf.osuosl.org
+		virt-82qt2a.psf.osuosl.org
+		virt-8joqck.psf.osuosl.org
+		virt-8pjlh8.psf.osuosl.org
+		virt-9f03qg.psf.osuosl.org
+		virt-ak9lsk.psf.osuosl.org
+		virt-byl2f7.psf.osuosl.org
+		virt-c2fg44.psf.osuosl.org
+		virt-et2yi0.psf.osuosl.org
+		virt-f3pu59.psf.osuosl.org
+		virt-flqzel.psf.osuosl.org
+		virt-gwhg4e.psf.osuosl.org
+		virt-h669vt.psf.osuosl.org
+		virt-nsz0jn.psf.osuosl.org
+		virt-k4b2sa.psf.osuosl.org
+		virt-kchn16.psf.osuosl.org
+		virt-l4es2w.psf.osuosl.org
+		virt-l99amx.psf.osuosl.org
+		virt-oku3tm.psf.osuosl.org
+		virt-ozvw2q.psf.osuosl.org
+		virt-pa4z19.psf.osuosl.org
+		virt-q0dzqq.psf.osuosl.org
+		virt-sae8wg.psf.osuosl.org
+		virt-ssqrj8.psf.osuosl.org
+		virt-sxw5uy.psf.osuosl.org
+		virt-tkd3sc.psf.osuosl.org
+		virt-vm43og.psf.osuosl.org
+		virt-wdiwcy.psf.osuosl.org
+		virt-wzmlmm.psf.osuosl.org
+		virt-y8pzvf.psf.osuosl.org
+		virt-yfae7i.psf.osuosl.org
+		virt-ys0nco.psf.osuosl.org
+		virt-znzn20.psf.osuosl.org
+		puredata.osuosl.org
+		rainmeter.osuosl.org
+		ros.osuosl.org
+		www.ros.osuosl.org
+		answers.ros.osuosl.org
+		answers2.ros.osuosl.org
+		docs.ros.osuosl.org
+		download.ros.osuosl.org
+		news.ros.osuosl.org
+		wiki.ros.osuosl.org
+		slides.osuosl.org
+		snowdrift-smtp.osuosl.org
+		swi-prolog.osuosl.org
+		tasktracer.osuosl.org
+		turtlebot.osuosl.org
+		web2.osuosl.org
+		web3.osuosl.org
+		catfish.xiph.osuosl.org
+		catfish-2.xiph.osuosl.org
+		gitlab.xiph.osuosl.org
+		mailfish.xiph.osuosl.org
+		hostfish.xiph.osuosl.org
+
+	Protocol error:		
+		finch.gentoo.osuosl.org
+
+	Refused:
+		apereo1.osuosl.org
+		app3.osuosl.org
+		bonsai.osuosl.org
+		bro-try.osuosl.org
+		darcs.osuosl.org
+		darcsvm.osuosl.org
+		dogwood.osuosl.org
+		dir-xiph.osuosl.org
+		ppcports.freebsd.osuosl.org
+		bender.gentoo.osuosl.org
+		bogsucker.gentoo.osuosl.org
+		hppa.gentoo.osuosl.org
+		raq2.gentoo.osuosl.org
+		rooster.gentoo.osuosl.org
+		timberdoodle.gentoo.osuosl.org
+		inkscape.osuosl.org
+		linhes.osuosl.org
+		monkeyhttpd.osuosl.org
+		mozdev-prod.osuosl.org
+		mozdev-stats.osuosl.org
+		openhatch-ripcord.osuosl.org
+		backup.osgeo.osuosl.org
+		osdv-rails.osuosl.org
+		demo1.phpbb.osuosl.org
+		download1.phpbb.osuosl.org
+		polr.osuosl.org
+		qemu2.osuosl.org
+		sahana-pootle.osuosl.org
+		speed-python.osuosl.org
+
+	Unreachable:
+		lf-bugs.osuosl.org
+		lf-lists.osuosl.org
+		lf-web1.osuosl.org
+		lf-web2.osuosl.org
+		mon2.osuosl.org
+		mozillazine1.osuosl.org
+		ntp.osuosl.org
+		panama.osuosl.org
+		parisc.osuosl.org
+		time.osuosl.org
+		webdav1.osuosl.org
+
+	Unsupported protocol:
+		console1.gentoo.osuosl.org
+-->
+<ruleset name="osuosl.org">
+	<target host="osuosl.org" />
+	<target host="www.osuosl.org" />
+	<target host="admin.osuosl.org" />
+	<target host="apache.osuosl.org" />
+	<target host="archive.osuosl.org" />
+	<target host="arklinux.osuosl.org" />
+	<target host="ash.osuosl.org" />
+	<target host="awstats.osuosl.org" />
+	<target host="caos.osuosl.org" />
+	<target host="centos.osuosl.org" />
+	<target host="chef.osuosl.org" />
+	<target host="chef1.osuosl.org" />
+	<target host="cherokee.osuosl.org" />
+	<target host="cs312.osuosl.org" />
+	<target host="cygwin.osuosl.org" />
+	<target host="debian.osuosl.org" />
+	<target host="deluge.osuosl.org" />
+	<target host="devopsbootcamp.osuosl.org" />
+	<target host="docs.osuosl.org" />
+	<target host="driverdev.osuosl.org" />
+	<target host="etherpad.osuosl.org" />
+	<target host="fedora.osuosl.org" />
+	<target host="ftp.osuosl.org" />
+	<target host="ftp-chi.osuosl.org" />
+	<target host="ftp-ext.osuosl.org" />
+	<target host="ftp-osl.osuosl.org" />
+	<target host="ftp-nyc.osuosl.org" />
+	<target host="ftpmap.osuosl.org" />
+	<target host="gentoo.osuosl.org" />
+	<target host="git.osuosl.org" />
+	<target host="gsoc-wiki.osuosl.org" />
+	<target host="haiku.osuosl.org" />
+	<target host="ibmz-ci.osuosl.org" />
+	<target host="imap.osuosl.org" />
+	<target host="jenkins.osuosl.org" />
+	<target host="kernel.osuosl.org" />
+	<target host="larch.osuosl.org" />
+	<target host="lb1.osuosl.org" />
+	<target host="lb2.osuosl.org" />
+	<target host="lfs.osuosl.org" />
+	<target host="lists.osuosl.org" />
+	<target host="mail.osuosl.org" />
+	<target host="mirrors.osuosl.org" />
+	<target host="monitor.osuosl.org" />
+	<target host="mozilla.osuosl.org" />
+	<target host="mozilla-chi.osuosl.org" />
+	<target host="mozilla-nyc.osuosl.org" />
+	<target host="mozilla-osl.osuosl.org" />
+	<target host="munin.osuosl.org" />
+	<target host="musicbrainz.osuosl.org" />
+	<target host="mysql.osuosl.org" />
+	<target host="nagios2.osuosl.org" />
+	<target host="netbeans.osuosl.org" />
+	<target host="netwinder.osuosl.org" />
+	<target host="openoffice.osuosl.org" />
+	<target host="openoffice-chi.osuosl.org" />
+	<target host="openpower-controller.osuosl.org" />
+	<target host="opensuse.osuosl.org" />
+	<target host="oprod-controller1.osuosl.org" />
+	<target host="adhoc.osgeo.osuosl.org" />
+	<target host="page.osuosl.org" />
+	<target host="pastebin.osuosl.org" />
+	<target host="pentoo.osuosl.org" />
+	<target host="phpmyadmin.osuosl.org" />
+	<target host="powerci.osuosl.org" />
+	<target host="powerci-jenkins.osuosl.org" />
+	<target host="rsync.osuosl.org" />
+	<target host="s390x-jenkins.osuosl.org" />
+	<target host="scm1.osuosl.org" />
+	<target host="slackware.osuosl.org" />
+	<target host="staff.osuosl.org" />
+	<target host="support.osuosl.org" />
+	<target host="tails.osuosl.org" />
+	<target host="ubuntu.osuosl.org" />
+	<target host="vectorlinux.osuosl.org" />
+	<target host="vip-lb1.osuosl.org" />
+	<target host="wiki.osuosl.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/osvita.ua.xml b/src/chrome/content/rules/osvita.ua.xml
new file mode 100644
index 000000000000..8ded4aaf04d9
--- /dev/null
+++ b/src/chrome/content/rules/osvita.ua.xml
@@ -0,0 +1,13 @@
+<!--
+ru.osvita.ua ¹
+zno.osvita.ua ¹
+
+
+¹ mismatch
+-->
+<ruleset name="osvita.ua">
+	<target host="osvita.ua" />
+	<target host="www.osvita.ua" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/otaserve.net.xml b/src/chrome/content/rules/otaserve.net.xml
new file mode 100644
index 000000000000..60c6892d0d84
--- /dev/null
+++ b/src/chrome/content/rules/otaserve.net.xml
@@ -0,0 +1,16 @@
+<ruleset name="otaserve.net">
+
+	<target host="click.otaserve.net" />
+	<target host="data.otaserve.net" />
+	<target host="log.otaserve.net" />
+	<target host="out.otaserve.net" />
+
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/otc-cta.gc.ca.xml b/src/chrome/content/rules/otc-cta.gc.ca.xml
new file mode 100644
index 000000000000..9303eef7021b
--- /dev/null
+++ b/src/chrome/content/rules/otc-cta.gc.ca.xml
@@ -0,0 +1,10 @@
+<ruleset name="otc-cta.gc.ca">
+	<target host="otc-cta.gc.ca" />
+	<target host="www.otc-cta.gc.ca" />
+	<target host="forums.otc-cta.gc.ca" />
+	<target host="services.otc-cta.gc.ca" />
+	<target host="services2.otc-cta.gc.ca" />
+	<target host="vpn2.otc-cta.gc.ca" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/otr-online.ru.xml b/src/chrome/content/rules/otr-online.ru.xml
new file mode 100644
index 000000000000..2a2c67dffe85
--- /dev/null
+++ b/src/chrome/content/rules/otr-online.ru.xml
@@ -0,0 +1,6 @@
+<ruleset name="otr-online.ru">
+	<target host="otr-online.ru" />
+	<target host="www.otr-online.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ots-net.ru.xml b/src/chrome/content/rules/ots-net.ru.xml
new file mode 100644
index 000000000000..7e3173369c0f
--- /dev/null
+++ b/src/chrome/content/rules/ots-net.ru.xml
@@ -0,0 +1,17 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://promo.ots-net.ru/ => https://promo.ots-net.ru/: (60, 'SSL certificate problem: self signed certificate')
+
+hotspot.ots-net.ru mismatch
+forum.ots-net.ru mismatch
+moidom.ots-net.ru mismatch
+info.ots-net.ru mismatch
+-->
+<ruleset name="ots-net.ru" default_off="failed ruleset test">
+	<target host="ots-net.ru" />
+	<target host="www.ots-net.ru" />
+	<target host="promo.ots-net.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ottos.ch.xml b/src/chrome/content/rules/ottos.ch.xml
new file mode 100644
index 000000000000..1b6984722fa2
--- /dev/null
+++ b/src/chrome/content/rules/ottos.ch.xml
@@ -0,0 +1,22 @@
+<!--
+	Mismatch:
+		- *ottoscars.ch
+
+	Untrusted:
+		- ottos-fertig-los.ch
+
+	Refused:
+		- foto.ottos.ch
+
+	No response:
+		- newsletter.ottos.ch
+
+	Redirect:
+		- (www.)
+-->
+<ruleset name="OTTO's">
+	<target host="webshop.ottos.ch"/>
+
+	<rule from="^http:"
+		to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/ouedkniss.com.xml b/src/chrome/content/rules/ouedkniss.com.xml
new file mode 100644
index 000000000000..0e25219e2bd8
--- /dev/null
+++ b/src/chrome/content/rules/ouedkniss.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="ouedkniss.com">
+	<target host="ouedkniss.com" />
+	<target host="www.ouedkniss.com" />
+	<target host="forum.ouedkniss.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/our-work.com.tw.xml b/src/chrome/content/rules/our-work.com.tw.xml
new file mode 100644
index 000000000000..83d7bc996d5d
--- /dev/null
+++ b/src/chrome/content/rules/our-work.com.tw.xml
@@ -0,0 +1,22 @@
+<!--
+	These altnames do not exist:
+
+		- our-work.com.tw
+
+-->
+<ruleset name="our-work.com.tw">
+
+	<target host="www.our-work.com.tw" />
+
+		<!--	$ 403s, so:
+					-->
+		<test url="http://www.our-work.com.tw/creative/pan/2015-COMPUTEX/css/tpl16/zh_TW/c01/layout/app-download.png" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ourpowerbase.net.xml b/src/chrome/content/rules/ourpowerbase.net.xml
new file mode 100644
index 000000000000..fa7ac7c270a2
--- /dev/null
+++ b/src/chrome/content/rules/ourpowerbase.net.xml
@@ -0,0 +1,12 @@
+<ruleset name="OurPowerBase.net">
+
+	<target host="ptp.ourpowerbase.net" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ourproject.org.xml b/src/chrome/content/rules/ourproject.org.xml
new file mode 100644
index 000000000000..575feb9bf93b
--- /dev/null
+++ b/src/chrome/content/rules/ourproject.org.xml
@@ -0,0 +1,50 @@
+<!--
+isocialenlucha.ourproject.org mismatch
+cooperma.ourproject.org mismatch
+quierescallarte.ourproject.org mismatch
+studenthandbook.ourproject.org mismatch
+rebelarte.ourproject.org mismatch
+trashumante.ourproject.org mismatch
+escuelaverde.ourproject.org mismatch
+guerrilha.ourproject.org mismatch
+labancaesmordor.ourproject.org mismatch
+tallerdelaisla.ourproject.org mismatch
+lamandragora.ourproject.org mismatch
+radiotrama.ourproject.org mismatch
+bicicritica.ourproject.org mismatch
+egiabizirik.ourproject.org mismatch
+tacuru.ourproject.org mismatch
+ylanaveva.ourproject.org mismatch
+hibinafiles.m.ourproject.org mismatch
+biolinux.m.ourproject.org mismatch
+-->
+<ruleset name="ourproject.org">
+	<target host="ourproject.org" />
+	<target host="www.ourproject.org" />
+	<target host="plantare.ourproject.org" />
+	<target host="esfulletperdut.ourproject.org" />
+	<target host="martiago.ourproject.org" />
+	<target host="ecobase.ourproject.org" />
+	<target host="biointensivo.ourproject.org" />
+	<target host="garabatoaldea.ourproject.org" />
+	<target host="lacriticona.ourproject.org" />
+	<target host="cudisol.ourproject.org" />
+	<target host="bestwecando.ourproject.org" />
+	<target host="wnclug.ourproject.org" />
+	<target host="wdune.ourproject.org" />
+	<target host="eltirabeque.ourproject.org" />
+	<target host="lists.ourproject.org" />
+	<target host="tea.ourproject.org" />
+	<target host="kune.ourproject.org" />
+	<target host="lacasika.ourproject.org" />
+	<target host="ocmal.ourproject.org" />
+	<target host="osmpe.ourproject.org" />
+	<target host="bah.ourproject.org" />
+	<target host="controlcambios.ourproject.org" />
+	<target host="ateneutgn.ourproject.org" />
+	<target host="biblioteca.ourproject.org" />
+	<target host="hochspannung.ourproject.org" />
+	<target host="trocasverdes.ourproject.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ourskillsforce.co.uk.xml b/src/chrome/content/rules/ourskillsforce.co.uk.xml
new file mode 100644
index 000000000000..f30035a8bcc9
--- /dev/null
+++ b/src/chrome/content/rules/ourskillsforce.co.uk.xml
@@ -0,0 +1,29 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ourskillsforce.co.uk/ => https://ourskillsforce.co.uk/: (60, 'SSL certificate problem: certificate has expired')
+
+	For other Skills Development Scotland coverage, see skillsdevelopmentscotland.co.uk.xml.
+
+
+	Problematic hosts in *ourskillsforce.co.uk:
+
+		- funding ᵐ
+
+	ᵐ Mismatched
+
+-->
+<ruleset name="Our Skillsforce.co.uk (partial)" default_off="failed ruleset test">
+
+	<target host="ourskillsforce.co.uk" />
+	<target host="www.ourskillsforce.co.uk" />
+
+
+	<securecookie host="^\." name="^_gat?$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ourwatchmember.org.uk.xml b/src/chrome/content/rules/ourwatchmember.org.uk.xml
new file mode 100644
index 000000000000..900dd9b92e9b
--- /dev/null
+++ b/src/chrome/content/rules/ourwatchmember.org.uk.xml
@@ -0,0 +1,13 @@
+<ruleset name="ourwatchmember.org.uk">
+
+	<target host="ourwatchmember.org.uk" />
+	<target host="www.ourwatchmember.org.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ovdinfo.org.xml b/src/chrome/content/rules/ovdinfo.org.xml
new file mode 100644
index 000000000000..3fd2510fff6f
--- /dev/null
+++ b/src/chrome/content/rules/ovdinfo.org.xml
@@ -0,0 +1,10 @@
+<!--
+reports.ovdinfo.org mismatch
+-->
+<ruleset name="ovdinfo.org">
+	<target host="ovdinfo.org" />
+	<target host="www.ovdinfo.org" />
+	<target host="donate.ovdinfo.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/overpass-turbo.eu.xml b/src/chrome/content/rules/overpass-turbo.eu.xml
new file mode 100644
index 000000000000..99339f1d71b3
--- /dev/null
+++ b/src/chrome/content/rules/overpass-turbo.eu.xml
@@ -0,0 +1,7 @@
+<ruleset name="overpass-turbo.eu">
+	<target host="overpass-turbo.eu" />
+	<target host="www.overpass-turbo.eu" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ovva.tv.xml b/src/chrome/content/rules/ovva.tv.xml
new file mode 100644
index 000000000000..2acc2778a49f
--- /dev/null
+++ b/src/chrome/content/rules/ovva.tv.xml
@@ -0,0 +1,6 @@
+<ruleset name="ovva.tv">
+	<target host="ovva.tv" />
+	<target host="www.ovva.tv" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/owler.com.xml b/src/chrome/content/rules/owler.com.xml
new file mode 100644
index 000000000000..3486f491e590
--- /dev/null
+++ b/src/chrome/content/rules/owler.com.xml
@@ -0,0 +1,30 @@
+<!--
+	Nonfunctional hosts in *owler.com:
+
+		- blog ⁴
+
+	⁴ 404
+
+
+	Problematic hosts in *owler.com:
+
+		- sanity ᵐ
+
+	ᵐ Mismatched
+
+-->
+<ruleset name="Owler.com (partial)">
+
+	<target host="owler.com" />
+	<target host="developers.owler.com" />
+	<target host="www.owler.com" />
+
+
+	<securecookie host="^\." name="^_ga" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ownCloud.org.xml b/src/chrome/content/rules/ownCloud.org.xml
new file mode 100644
index 000000000000..d64e5dcc24f5
--- /dev/null
+++ b/src/chrome/content/rules/ownCloud.org.xml
@@ -0,0 +1,17 @@
+<ruleset name="ownCloud.org">
+
+	<target host="owncloud.org" />
+	<target host="www.owncloud.org" />
+	<target host="central.owncloud.org" />
+	<target host="demo.owncloud.org" />
+	<target host="doc.owncloud.org" />
+	<target host="download.owncloud.org" />
+	<target host="forum.owncloud.org" />
+	<target host="mailman.owncloud.org" />
+
+	<securecookie host="^\.owncloud\.org$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ox4.li.xml b/src/chrome/content/rules/ox4.li.xml
new file mode 100644
index 000000000000..dc7abe76ef8f
--- /dev/null
+++ b/src/chrome/content/rules/ox4.li.xml
@@ -0,0 +1,12 @@
+<ruleset name="OX4.li">
+
+	<target host="ox4.li" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/oxford.gov.uk-falsemixed.xml b/src/chrome/content/rules/oxford.gov.uk-falsemixed.xml
new file mode 100644
index 000000000000..a838f18e3a0f
--- /dev/null
+++ b/src/chrome/content/rules/oxford.gov.uk-falsemixed.xml
@@ -0,0 +1,16 @@
+<!--
+	For rules not causing false/broken MCB, see oxford.gov.uk.xml.
+
+-->
+<ruleset name="Oxford.gov.uk (false MCB)" platform="mixedcontent">
+
+	<target host="ecitizen.oxford.gov.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/oxford.gov.uk.xml b/src/chrome/content/rules/oxford.gov.uk.xml
new file mode 100644
index 000000000000..d009022ac720
--- /dev/null
+++ b/src/chrome/content/rules/oxford.gov.uk.xml
@@ -0,0 +1,81 @@
+<!--
+	Oxford City Council
+
+	For rules causing false/broken MCB, see oxford.gov.uk-falsemixed.xml.
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *oxford.gov.uk:
+
+		- mycouncil ʳ
+		- planning01 ʳ
+		- public ʳ
+
+	ʳ Refused
+
+
+	Problematic hosts in *oxford.gov.uk:
+
+		- ^ * ᵐ
+		- consultation ᵐ ˢ
+		- ecitizen ˣ
+		- leaseholdershandbook **
+		- repairshandbook **
+		- tenantshandbook **
+
+	* Not listening on :80
+	** Redirect differs
+	ᵐ Mismatched
+	ˢ Self-signed
+	ˣ Mixed css
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- ecitizen.oxford.gov.uk
+		- .www.oxford.gov.uk
+
+
+	Mixed content:
+
+		- css on ecitizen from $self ˢ
+		- Images on ecitizen from $self ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Oxford.gov.uk (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<!--target host="ecitizen.oxford.gov.uk" /-->
+	<target host="www.oxford.gov.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="leaseholdershandbook.oxford.gov.uk" />
+	<target host="repairshandbook.oxford.gov.uk" />
+	<target host="tenantshandbook.oxford.gov.uk" />
+
+		<!--	Mixed css:
+					-->
+		<!--test url="http://ecitizen.oxford.gov.uk/publicaccesslive/selfservice/councilservices.htm" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^ecitizen\.oxford\.gov\.uk$" name="^JSESSIONID$" /-->
+	<!--securecookie host="^\.www\.oxford\.gov\.uk$" name="^TestCookie$" /-->
+
+	<securecookie host="^\.www\." name=".+" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://(?:leaseholder|repair|tenant)shandbook\.oxford\.gov\.uk/"
+		to="https://www.oxford.gov.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/oxfordcc.co.uk.xml b/src/chrome/content/rules/oxfordcc.co.uk.xml
new file mode 100644
index 000000000000..56a2a3331618
--- /dev/null
+++ b/src/chrome/content/rules/oxfordcc.co.uk.xml
@@ -0,0 +1,28 @@
+<!--
+	Nonfunctional hosts in *oxfordcc.co.uk:
+
+		- characterscope.demoiis ³
+		- rochdale.seeforyourself ⁴
+		- sportengland ᵈ
+
+	³ 403
+	⁴ 404
+	ᵈ Dropped
+
+-->
+<ruleset name="OxfordCC.co.uk (partial)">
+
+	<target host="oxfordcc.co.uk" />
+	<target host="demoiis.oxfordcc.co.uk" />
+	<target host="seeforyourself.oxfordcc.co.uk" />
+	<target host="sherlocc1.oxfordcc.co.uk" />
+	<target host="www.oxfordcc.co.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/oxfordshire.gov.uk-falsemixed.xml b/src/chrome/content/rules/oxfordshire.gov.uk-falsemixed.xml
new file mode 100644
index 000000000000..89b27071ab1e
--- /dev/null
+++ b/src/chrome/content/rules/oxfordshire.gov.uk-falsemixed.xml
@@ -0,0 +1,25 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://schools.oxfordshire.gov.uk/ (200) => https://schools.oxfordshire.gov.uk/ (403)
+Non-2xx HTTP code: http://volunteering.oxfordshire.gov.uk/ (200) => https://volunteering.oxfordshire.gov.uk/ (403)
+Non-2xx HTTP code: http://winter.oxfordshire.gov.uk/ (200) => https://winter.oxfordshire.gov.uk/ (403)
+
+	For rules not causing false/broken MCB, see oxfordshire.gov.uk.xml.
+
+-->
+<ruleset name="Oxfordshire.gov.uk (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
+
+	<target host="insight.oxfordshire.gov.uk" />
+	<target host="schools.oxfordshire.gov.uk" />
+	<target host="volunteering.oxfordshire.gov.uk" />
+	<target host="winter.oxfordshire.gov.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/oxfordshire.gov.uk.xml b/src/chrome/content/rules/oxfordshire.gov.uk.xml
new file mode 100644
index 000000000000..9f9e6ce5713e
--- /dev/null
+++ b/src/chrome/content/rules/oxfordshire.gov.uk.xml
@@ -0,0 +1,119 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://oxfordshire.gov.uk/ (200) => https://oxfordshire.gov.uk/ (403)
+Non-2xx HTTP code: http://learning.oxfordshire.gov.uk/ (200) => https://learning.oxfordshire.gov.uk/ (403)
+Non-2xx HTTP code: http://owls.oxfordshire.gov.uk/ (200) => https://owls.oxfordshire.gov.uk/ (403)
+
+	Note: p://registrationbooking.../$ redirects
+	to 403 ?=> fetch test failure
+
+	Oxfordshire County Council
+
+	For rules causing false/broken MCB, see oxfordshire.gov.uk-falsemixed.xml.
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *oxfordshire.gov.uk:
+
+		- apps *
+		- domino2 ʳ
+		- jobs ʳ
+		- myeplanning ³
+		- myeplanning2 ³
+		- mycases ʳ
+		- www.netloan ³
+		- voyager ʳ
+
+	* Wrong MAC
+	³ 403
+	ᶠ Handshake fails
+	ʳ Refused
+
+
+	Problematic hosts in *oxfordshire.gov.uk:
+
+		- fisd ᵐ
+		- fixmystreet ᵐ
+		- insight ˣ
+		- myopac ᵐ
+		- schools ˣ
+		- volunteering ˣ
+		- winter ˣ
+
+	ᵐ Mismatched
+	ˣ Mixed css; see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+
+	Insecure cookies are set for these hosts:
+
+		- mycouncil.oxfordshire.gov.uk
+		- publicapps.oxfordshire.gov.uk
+
+
+	Mixed content:
+
+		- css on insight, schools, volunteering, winter from $self ˢ
+
+		- Images, on:
+
+			- insight, schools, volunteering, winter from $self ˢ
+			- schools from www.oxfordshire.gov.uk ˢ
+
+	ˢ Secured by us; see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Oxfordshire.gov.uk (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="oxfordshire.gov.uk" />
+	<target host="admissions.oxfordshire.gov.uk" />
+	<target host="consultations.oxfordshire.gov.uk" />
+	<!--target host="insight.oxfordshire.gov.uk" /-->
+	<target host="learning.oxfordshire.gov.uk" />
+	<target host="libcat.oxfordshire.gov.uk" />
+	<target host="www.libcat.oxfordshire.gov.uk" />
+	<target host="m.oxfordshire.gov.uk" />
+	<target host="mycouncil.oxfordshire.gov.uk" />
+	<target host="mycrm360pubsvc.oxfordshire.gov.uk" />
+	<target host="myonecitizenportallive.oxfordshire.gov.uk" />
+	<target host="owls.oxfordshire.gov.uk" />
+	<target host="portal.oxfordshire.gov.uk" />
+	<target host="publicapps.oxfordshire.gov.uk" />
+	<target host="registrationbooking.oxfordshire.gov.uk" />
+	<!--target host="schools.oxfordshire.gov.uk" /-->
+	<target host="services.oxfordshire.gov.uk" />
+	<!--target host="volunteering.oxfordshire.gov.uk" /-->
+	<!--target host="winter.oxfordshire.gov.uk" /-->
+	<target host="www.oxfordshire.gov.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="myopac.oxfordshire.gov.uk" />
+
+		<!--	Sets cookie without Secure:
+							-->
+		<!--test url="http://publicapps.oxfordshire.gov.uk/srvClosures/ClosuresAdmin" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^mycouncil\.oxfordshire\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^publicapps\.oxfordshire\.gov\.uk$" name="^(?:JSESSIONID|WASReqURL)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<!--	Redirect drops all:
+					-->
+	<rule from="^http://myopac\.oxfordshire\.gov\.uk/.*"
+		to="https://libcat.oxfordshire.gov.uk/web/opac" />
+
+		<test url="http://myopac.oxfordshire.gov.uk/default.aspx" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/oxfordwebapps.co.uk.xml b/src/chrome/content/rules/oxfordwebapps.co.uk.xml
new file mode 100644
index 000000000000..ff8932fa4839
--- /dev/null
+++ b/src/chrome/content/rules/oxfordwebapps.co.uk.xml
@@ -0,0 +1,13 @@
+<ruleset name="Oxford Web Apps.co.uk">
+
+	<target host="oxfordwebapps.co.uk" />
+	<target host="www.oxfordwebapps.co.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/oyoony.xml b/src/chrome/content/rules/oyoony.xml
deleted file mode 100644
index e79bb09068f5..000000000000
--- a/src/chrome/content/rules/oyoony.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="oyoony">
-  <target host="oyoony.at" />
-  <target host="www.oyoony.at" />
-  <target host="oyoony.de" />
-  <target host="www.oyoony.de" />
-  <target host="oyoony.net" />
-  <target host="www.oyoony.net" />
-
-  <securecookie host="^(?:www\.)?oyoony\.(at|de|net)$" name=".+" />
-
-  <rule from="^http://(?:www\.)?oyoony\.(at|de|net)/" to="https://oyoony.de/" />
-</ruleset>
diff --git a/src/chrome/content/rules/p9e.de.xml b/src/chrome/content/rules/p9e.de.xml
new file mode 100644
index 000000000000..ce78123ca5b6
--- /dev/null
+++ b/src/chrome/content/rules/p9e.de.xml
@@ -0,0 +1,9 @@
+<ruleset name="p9e.de">
+	<target host="p9e.de" />
+	<target host="www.p9e.de" />
+	<target host="git.p9e.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/pCloud.xml b/src/chrome/content/rules/pCloud.xml
new file mode 100644
index 000000000000..6a7a73a95374
--- /dev/null
+++ b/src/chrome/content/rules/pCloud.xml
@@ -0,0 +1,17 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://pc.cd/S8OctalK => https://pc.cd/S8OctalK: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://pc.cd/ => https://pc.cd/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+  *.pcloud.com has default and forced https, so they are not included in this rule.
+  pc.cd is the short link for share links.
+-->
+
+<ruleset name="pCloud" default_off="failed ruleset test">
+
+	<target host="pc.cd" />
+		<test url="http://pc.cd/S8OctalK"/>
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/pac-uk.org.xml b/src/chrome/content/rules/pac-uk.org.xml
new file mode 100644
index 000000000000..be9b4ed5dcb4
--- /dev/null
+++ b/src/chrome/content/rules/pac-uk.org.xml
@@ -0,0 +1,13 @@
+<ruleset name="PAC-UK.org" default_off="expired, self-signed">
+
+	<target host="pac-uk.org" />
+	<target host="www.pac-uk.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/packagist.org.xml b/src/chrome/content/rules/packagist.org.xml
new file mode 100644
index 000000000000..2069d4c01213
--- /dev/null
+++ b/src/chrome/content/rules/packagist.org.xml
@@ -0,0 +1,13 @@
+<ruleset name="Packagist.org">
+
+	<target host="packagist.org" />
+	<target host="www.packagist.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/packrafting-store.de.xml b/src/chrome/content/rules/packrafting-store.de.xml
new file mode 100644
index 000000000000..356eb783251e
--- /dev/null
+++ b/src/chrome/content/rules/packrafting-store.de.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these domains: ᶜ
+
+		- .packrafting-store.de
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Packrafting-Store.de">
+
+	<target host="packrafting-store.de" />
+	<target host="www.packrafting-store.de" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.packrafting-store\.de$" name="^XTCsid$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/padowan.dk.xml b/src/chrome/content/rules/padowan.dk.xml
new file mode 100644
index 000000000000..827fa6ad741d
--- /dev/null
+++ b/src/chrome/content/rules/padowan.dk.xml
@@ -0,0 +1,12 @@
+<!--
+	Mixed Content:
+		forum.padowan.dk
+-->
+<ruleset name="padowan.dk">
+	<target host="padowan.dk" />
+	<target host="www.padowan.dk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/pagesix.com.xml b/src/chrome/content/rules/pagesix.com.xml
new file mode 100644
index 000000000000..f4a77fb9154d
--- /dev/null
+++ b/src/chrome/content/rules/pagesix.com.xml
@@ -0,0 +1,15 @@
+<ruleset name="Page Six.com">
+
+	<target host="pagesix.com" />
+	<target host="www.pagesix.com" />
+
+
+	<securecookie host=".+" name="^optimizely" />
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/pagesuite-professional.co.uk.xml b/src/chrome/content/rules/pagesuite-professional.co.uk.xml
new file mode 100644
index 000000000000..640e0ba6c120
--- /dev/null
+++ b/src/chrome/content/rules/pagesuite-professional.co.uk.xml
@@ -0,0 +1,27 @@
+<!--
+	Nonfunctional hosts in *pagesuite-professional.co.uk:
+
+		- track ᵃ
+
+	ᵃ Shows subscriber.pagesuite-professional.co.uk
+
+
+	Problematic hosts in *pagesuite-professional.co.uk:
+
+		- edition ᴬ
+
+	ᴬ Akamai / mismatched
+
+-->
+<ruleset name="PageSuite-professional.co.uk (partial)">
+
+	<target host="subscriber.pagesuite-professional.co.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/pageuppeople.com.xml b/src/chrome/content/rules/pageuppeople.com.xml
new file mode 100644
index 000000000000..04079a2808aa
--- /dev/null
+++ b/src/chrome/content/rules/pageuppeople.com.xml
@@ -0,0 +1,32 @@
+<!--
+	(www.)?pageuppeople.com: Dropped
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- knowledgeportal from www.pageuppeople.com ˢ
+			- knowledgeportal from i\d.wp.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="PageUp People.com (partial)">
+
+	<target host="admin.pageuppeople.com" />
+	<target host="adminuat.pageuppeople.com" />
+	<target host="knowledgeportal.pageuppeople.com" />
+
+		<!--	Mixed images:
+					-->
+		<!--test url="http://knowledgeportal.pageuppeople.com/powered-by-pageup/" /-->
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/pandasoph.de.xml b/src/chrome/content/rules/pandasoph.de.xml
new file mode 100644
index 000000000000..5078407bf7d5
--- /dev/null
+++ b/src/chrome/content/rules/pandasoph.de.xml
@@ -0,0 +1,8 @@
+<ruleset name="pandasoph.de">
+	<target host="pandasoph.de" />
+	<target host="www.pandasoph.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/panerabread.com.xml b/src/chrome/content/rules/panerabread.com.xml
new file mode 100644
index 000000000000..81e7e0be51c9
--- /dev/null
+++ b/src/chrome/content/rules/panerabread.com.xml
@@ -0,0 +1,45 @@
+<!--
+	Problematic hosts in *panerabread.com:
+
+		- ^ ᵈ
+		- cater ᵀ
+		- delivery ᵀ
+
+	ᵀ Blocks Tor users
+	ᵈ Dropped
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .panerabread.com
+		- www.panerabread.com
+
+-->
+<ruleset name="Panera Bread.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<!--target host="cater.panerabread.com" />	needs clearnet testing -->
+	<!--target host="delivery.panerabread.com" />	needs clearnet testing -->
+	<target host="www.panerabread.com" />
+
+	<!--	Complications:
+				-->
+	<target host="panerabread.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.panerabread\.com$" name="^location$" /-->
+	<!--securecookie host="^www\.panerabread\.com$" name="^BIGipServer" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://panerabread\.com/"
+		to="https://www.panerabread.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/panorama.am.xml b/src/chrome/content/rules/panorama.am.xml
new file mode 100644
index 000000000000..a85a5c42ea11
--- /dev/null
+++ b/src/chrome/content/rules/panorama.am.xml
@@ -0,0 +1,16 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://panorama.am/ (200) => https://panorama.am/ (521)
+Non-2xx HTTP code: http://www.panorama.am/ (200) => https://www.panorama.am/ (521)
+Non-2xx HTTP code: http://life.panorama.am/ (200) => https://life.panorama.am/ (521)
+Non-2xx HTTP code: http://sport.panorama.am/ (200) => https://sport.panorama.am/ (521)
+
+-->
+<ruleset name="panorama.am" default_off="failed ruleset test">
+	<target host="panorama.am" />
+	<target host="www.panorama.am" />
+	<target host="life.panorama.am" />
+	<target host="sport.panorama.am" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/paperspace.com.xml b/src/chrome/content/rules/paperspace.com.xml
new file mode 100644
index 000000000000..3b3c10d0adce
--- /dev/null
+++ b/src/chrome/content/rules/paperspace.com.xml
@@ -0,0 +1,29 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- paperspace.com
+		- www.paperspace.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Paperspace.com (partial)">
+
+	<target host="paperspace.com" />
+	<target host="blog.paperspace.com" />
+	<target host="www.paperspace.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?paperspace\.com$" name="^AWSELB$" /-->
+	<!--securecookie host="^www\.paperspace\.com$" name="^connect\.sid$" /-->
+
+	<securecookie host="^\." name="^__cfduid" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/paralus.co.xml b/src/chrome/content/rules/paralus.co.xml
new file mode 100644
index 000000000000..c31b5bc2bc68
--- /dev/null
+++ b/src/chrome/content/rules/paralus.co.xml
@@ -0,0 +1,9 @@
+<ruleset name="paralus.co">
+	<target host="paralus.co" />
+	<target host="www.paralus.co" />
+	
+	<target host="pylos.co" />
+	<target host="www.pylos.co" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/paralympic.org.xml b/src/chrome/content/rules/paralympic.org.xml
new file mode 100644
index 000000000000..316b13bf866e
--- /dev/null
+++ b/src/chrome/content/rules/paralympic.org.xml
@@ -0,0 +1,16 @@
+<!--
+paralympic.org ³
+
+
+³ timed out
+-->
+<ruleset name="paralympic.org">
+	<target host="paralympic.org" />
+	<target host="www.paralympic.org" />
+	<target host="m.paralympic.org" />
+
+	<rule from="^http://paralympic\.org/"
+		to="https://www.paralympic.org/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/paraschetal.in.xml b/src/chrome/content/rules/paraschetal.in.xml
new file mode 100644
index 000000000000..d6ee943818ee
--- /dev/null
+++ b/src/chrome/content/rules/paraschetal.in.xml
@@ -0,0 +1,14 @@
+<ruleset name="Paras Chetal.in">
+
+	<target host="paraschetal.in" />
+	<target host="www.paraschetal.in" />
+
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/paris-web.fr.xml b/src/chrome/content/rules/paris-web.fr.xml
new file mode 100644
index 000000000000..3b7e91e4eda5
--- /dev/null
+++ b/src/chrome/content/rules/paris-web.fr.xml
@@ -0,0 +1,33 @@
+<!--
+	Invalid certificate:
+		boutique.paris-web.fr
+		direct.paris-web.fr
+		glossaire.paris-web.fr
+		newsletter.paris-web.fr
+		photos.paris-web.fr
+		videos.paris-web.fr
+		votes.paris-web.fr
+		votes-ligthning.paris-web.fr
+
+	Login required:
+		crowd.paris-web.fr
+		jira.paris-web.fr
+		wiki.paris-web.fr
+
+	Different content http/https:
+		outils.paris-web.fr
+
+-->
+<ruleset name="Paris-Web.fr">
+
+	<target host="paris-web.fr" />
+	<target host="www.paris-web.fr" />
+	<target host="inscriptions.paris-web.fr" />
+	<target host="stage.paris-web.fr" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/parisvega.com.xml b/src/chrome/content/rules/parisvega.com.xml
new file mode 100644
index 000000000000..1b0ed5c32c1d
--- /dev/null
+++ b/src/chrome/content/rules/parisvega.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="Paris Vega.com">
+
+	<target host="parisvega.com" />
+	<target host="www.parisvega.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/parlamentri.ru.xml b/src/chrome/content/rules/parlamentri.ru.xml
new file mode 100644
index 000000000000..39e600ca71a6
--- /dev/null
+++ b/src/chrome/content/rules/parlamentri.ru.xml
@@ -0,0 +1,12 @@
+<!--
+special.parlamentri.ru ²
+
+
+² refused
+-->
+<ruleset name="parlamentri.ru">
+	<target host="parlamentri.ru" />
+	<target host="www.parlamentri.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/parliament.uk-falsemixed.xml b/src/chrome/content/rules/parliament.uk-falsemixed.xml
new file mode 100644
index 000000000000..4d6a8cfaab32
--- /dev/null
+++ b/src/chrome/content/rules/parliament.uk-falsemixed.xml
@@ -0,0 +1,21 @@
+<!--
+	For rules not causing false/broken MCB, see parliament.uk.xml.
+
+
+	NB: See https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Parliament.uk (false MCB)" platform="mixedcontent">
+
+	<target host="www.publications.parliament.uk" />
+	<target host="researchbriefings.parliament.uk" />
+
+
+	<securecookie host="^\." name="^(?:__cfduid$|_gat?$|_gat_|cf_clearance$)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/parliament.uk.xml b/src/chrome/content/rules/parliament.uk.xml
new file mode 100644
index 000000000000..3403aac6db47
--- /dev/null
+++ b/src/chrome/content/rules/parliament.uk.xml
@@ -0,0 +1,122 @@
+<!--
+	For rules causing false/broken MCB, see parliament.uk-falsemixed.xml.
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *parliament.uk:
+
+		- qna.files ⁴
+		- www.data ᵈ
+		- (www.)?lordspublications ᶠ
+		- archive.scottish ⁴
+
+	⁴ 404
+	ᵈ Dropped
+	ᶠ Handshake fails
+
+
+	Problematic hosts in *parliament.uk:
+
+		- ^ ʳ
+		- blog.data ᵐ
+		- www.publications ˣ
+		- researchbriefings ˣ
+		- epetitions.scottish ᶠ
+		- www.scottish ᵐ
+		- shop ᵐ
+
+	ᶠ Handshake fails, preemptable redirect
+	ᵐ Mismatched
+	ʳ Refused, preemptable redirect
+	ˣ Mixed css, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- .blog.data.parliament.uk
+		- www.publications.parliament.uk
+		- visit.parliament.uk
+		- www.parliament.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css on www.publications, researchbriefings from www.parliament.uk ˢ
+
+		- Images, on:
+
+			- researchbriefings, services, www from assets3.parliament.uk ˢ
+			- www from $self ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Parliament.uk (partial)">
+
+	<target host="assets3.parliament.uk" />
+	<target host="hansard.parliament.uk" />
+	<target host="petition.parliament.uk" />
+	<!--target host="www.publications.parliament.uk" /-->
+	<!--target host="researchbriefings.parliament.uk" /-->
+	<target host="services.parliament.uk" />
+	<target host="www.shop.parliament.uk" />
+	<target host="subscriptions.parliament.uk" />
+	<target host="visit.parliament.uk" />
+	<target host="www.parliament.uk" />
+
+		<!--	$ 403s, so:
+					-->
+		<test url="http://services.parliament.uk/bills/" />
+		<test url="http://visit.parliament.uk/HouseofParliament/shop/ViewItems.aspx" />
+
+		<!--	Aforementioned mixed css:
+							-->
+		<!--test url="http://www.parliament.uk/styles/hansard.css" /-->
+
+	<!--	Complications:
+				-->
+	<target host="parliament.uk" />
+	<target host="epetitions.scottish.parliament.uk" />
+	<target host="www.scottish.parliament.uk" />
+	<target host="shop.parliament.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.blog\.data\.parliament\.uk$" name="^ARRAffinity$" /-->
+	<!--securecookie host="^www\.publications\.parliament\.uk$" name="^ASPSESSIONID[A-z]{8}$" /-->
+	<!--securecookie host="^visit\.parliament\.uk$" name="^GTSASP\.NET_SessionId$" /-->
+	<!--securecookie host="^www\.parliament\.uk$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^\." name="^(?:__cfduid$|_gat?$|_gat_|cf_clearance$)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://(shop\.)?parliament\.uk/"
+		to="https://www.$1parliament.uk/" />
+
+	<!--	Redirect keeps path, but not forward slash nor args:
+									-->
+	<rule from="^http://epetitions\.scottish\.parliament\.uk/+([^?]*).*"
+		to="https://www.parliament.scot/gettinginvolved/petitions/$1" />
+
+		<test url="http://epetitions.scottish.parliament.uk/default.asp" />
+		<test url="http://epetitions.scottish.parliament.uk/list_petitions.asp" />
+		<test url="http://epetitions.scottish.parliament.uk/view_petition.asp?PetitionID=88" />
+		<test url="http://epetitions.scottish.parliament.uk/view_petition.asp?PetitionID=166" />
+
+	<!--	Redirect keeps path and args,
+		but not forward slash:
+					-->
+	<rule from="^http://www\.scottish\.parliament\.uk/+"
+		to="https://www.parliament.scot/" />
+
+		<test url="http://www.scottish.parliament.uk/help/31037.aspx" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/parlmany.com.xml b/src/chrome/content/rules/parlmany.com.xml
new file mode 100644
index 000000000000..e55a09558c3b
--- /dev/null
+++ b/src/chrome/content/rules/parlmany.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="parlmany.com ">
+	<target host="parlmany.com" />
+	<target host="www.parlmany.com" />
+	<target host="desktop.parlmany.com" />
+	<target host="m.parlmany.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/parrotsec.org.xml b/src/chrome/content/rules/parrotsec.org.xml
new file mode 100644
index 000000000000..acb784301ddc
--- /dev/null
+++ b/src/chrome/content/rules/parrotsec.org.xml
@@ -0,0 +1,10 @@
+<!--build. self signed
+us.archive. mismatch
+eu.archive. mismatch
+warwick-euro.archive. mismatch
+archive. protocol error-->
+<ruleset name="parrotsec.org">
+	<target host="parrotsec.org" />
+	<target host="www.parrotsec.org" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/partedmagic.com.xml b/src/chrome/content/rules/partedmagic.com.xml
new file mode 100644
index 000000000000..621c1926075d
--- /dev/null
+++ b/src/chrome/content/rules/partedmagic.com.xml
@@ -0,0 +1,9 @@
+<!--
+forums.partedmagic.com mismatch
+-->
+<ruleset name="partedmagic.com">
+	<target host="partedmagic.com" />
+	<target host="www.partedmagic.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/passwordless.net.xml b/src/chrome/content/rules/passwordless.net.xml
new file mode 100644
index 000000000000..aaab4e75795f
--- /dev/null
+++ b/src/chrome/content/rules/passwordless.net.xml
@@ -0,0 +1,24 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- passwordless.net
+		- www.passwordless.net
+
+-->
+<ruleset name="Passwordless.net">
+
+	<target host="passwordless.net" />
+	<target host="www.passwordless.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?passwordless\.net$" name="^connect\.sid$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/passwordsgenerator.net.xml b/src/chrome/content/rules/passwordsgenerator.net.xml
new file mode 100644
index 000000000000..d87711320358
--- /dev/null
+++ b/src/chrome/content/rules/passwordsgenerator.net.xml
@@ -0,0 +1,8 @@
+<ruleset name="passwordsgenerator.net">
+	<target host="passwordsgenerator.net" />
+	<target host="www.passwordsgenerator.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/passwordwolf.com.xml b/src/chrome/content/rules/passwordwolf.com.xml
new file mode 100644
index 000000000000..4493336776e6
--- /dev/null
+++ b/src/chrome/content/rules/passwordwolf.com.xml
@@ -0,0 +1,23 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .passwordwolf.com
+
+-->
+<ruleset name="PasswordWolf.com">
+
+	<target host="passwordwolf.com" />
+	<target host="www.passwordwolf.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.passwordwolf\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/path-trail.com.xml b/src/chrome/content/rules/path-trail.com.xml
new file mode 100644
index 000000000000..ad4caf79ad82
--- /dev/null
+++ b/src/chrome/content/rules/path-trail.com.xml
@@ -0,0 +1,23 @@
+<!--
+	For other Lead Forensics coverage, see Lead_Forensics.com.xml.
+
+
+	^path-trail.com: Refused
+	www.path-trail.com: Mismatched
+
+-->
+<ruleset name="path-trail.com">
+
+	<!--	Complications:
+				-->
+	<target host="path-trail.com" />
+	<target host="www.path-trail.com" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?path-trail\.com/"
+		to="https://secure.leadforensics.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/patientenbeauftragter.de.xml b/src/chrome/content/rules/patientenbeauftragter.de.xml
new file mode 100644
index 000000000000..333849e748b7
--- /dev/null
+++ b/src/chrome/content/rules/patientenbeauftragter.de.xml
@@ -0,0 +1,14 @@
+<!--
+	Invalid certificate:
+		staging.patientenbeauftragter.de
+-->
+<ruleset name="patientenbeauftragter.de">
+
+	<target host="patientenbeauftragter.de" />
+	<target host="www.patientenbeauftragter.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/patronbase.co.uk.xml b/src/chrome/content/rules/patronbase.co.uk.xml
new file mode 100644
index 000000000000..58d679f35eec
--- /dev/null
+++ b/src/chrome/content/rules/patronbase.co.uk.xml
@@ -0,0 +1,22 @@
+<!--
+	For other PatronBase coverage, see patronbase.com.xml.
+
+
+	CDN buckets:
+
+		- pb-data-eu.s3-eu-west-1.amazonaws.com
+
+-->
+<ruleset name="PatronBase.co.uk">
+
+	<target host="patronbase.co.uk" />
+	<target host="www.patronbase.co.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/patronbase.com.xml b/src/chrome/content/rules/patronbase.com.xml
new file mode 100644
index 000000000000..3c61351f7d9f
--- /dev/null
+++ b/src/chrome/content/rules/patronbase.com.xml
@@ -0,0 +1,46 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://patronbase.com/ => https://patronbase.com/: (28, 'Connection timed out after 20000 milliseconds')
+
+	Other PatronBase rulesets:
+
+		- patronbase.co.uk.xml
+
+
+	CDN buckets:
+
+		- pb-data-nz.s3-ap-southeast-2.amazonaws.com
+		- pb-data-eu.s3-eu-west-1.amazonaws.com
+
+
+	Mixed content:
+
+		- css on www from fonts.googleapis.com ˢ
+		- Image on www from $self ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="PatronBase.com" default_off="failed ruleset test">
+
+	<target host="patronbase.com" />
+	<target host="au.patronbase.com" />
+	<target host="es.patronbase.com" />
+	<target host="guides.patronbase.com" />
+	<target host="nz.patronbase.com" />
+	<target host="uk.patronbase.com" />
+	<target host="www.patronbase.com" />
+
+		<!--	$ redirects to another domain, so:
+								-->
+		<test url="http://nz.patronbase.com/_CourtTheatre/Productions" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/paulirish.com.xml b/src/chrome/content/rules/paulirish.com.xml
new file mode 100644
index 000000000000..4abae134027a
--- /dev/null
+++ b/src/chrome/content/rules/paulirish.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Mixed content:
+
+		- Images, on:
+
+			- i.imgur.com ˢ
+			- ^paulirish.com ˢ
+			- www.paulirish.com ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="Paul Irish.com">
+
+	<target host="paulirish.com" />
+	<target host="www.paulirish.com" />
+
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/paulsacehardware.com.xml b/src/chrome/content/rules/paulsacehardware.com.xml
new file mode 100644
index 000000000000..d88dc0b5c6d1
--- /dev/null
+++ b/src/chrome/content/rules/paulsacehardware.com.xml
@@ -0,0 +1,13 @@
+<!--
+	Invalid Certificate:
+		jobs.paulsacehardware.com
+		shop.paulsacehardware.com
+-->
+<ruleset name="paulsacehardware.com">
+	<target host="paulsacehardware.com" />
+	<target host="www.paulsacehardware.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/paulschou.com.xml b/src/chrome/content/rules/paulschou.com.xml
new file mode 100644
index 000000000000..b1b04709af09
--- /dev/null
+++ b/src/chrome/content/rules/paulschou.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="paulschou.com">
+	<target host="paulschou.com" />
+	<target host="www.paulschou.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/paxum.com.xml b/src/chrome/content/rules/paxum.com.xml
new file mode 100644
index 000000000000..bc191726f15f
--- /dev/null
+++ b/src/chrome/content/rules/paxum.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- paxum.com
+		- www.paxum.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Paxum.com">
+
+	<target host="paxum.com" />
+	<target host="www.paxum.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?paxum\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/paxvapor.com.xml b/src/chrome/content/rules/paxvapor.com.xml
new file mode 100644
index 000000000000..125976670736
--- /dev/null
+++ b/src/chrome/content/rules/paxvapor.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these domains: ᶜ
+
+		- .www.paxvapor.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="PAX Vapor.com">
+
+	<target host="paxvapor.com" />
+	<target host="www.paxvapor.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.www\.paxvapor\.com$" name="^frontend$" /-->
+
+	<securecookie host="^\." name="^(?:__qca$|_gat?$|_gat)" />
+	<securecookie host="^(?!\.paxvapor\.com)." name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/payback.pl.xml b/src/chrome/content/rules/payback.pl.xml
new file mode 100644
index 000000000000..6c358be04785
--- /dev/null
+++ b/src/chrome/content/rules/payback.pl.xml
@@ -0,0 +1,37 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- miasto.payback.pl
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="payback.pl">
+
+	<target host="payback.pl" />
+	<target host="miasto.payback.pl" />
+	<target host="data.miasto.payback.pl" />
+	<target host="static.miasto.payback.pl" />
+	<target host="semi.payback.pl" />
+	<target host="occssl.payback.pl" />
+	<target host="sklep.payback.pl" />
+	<target host="www.payback.pl" />
+	<target host="www2.payback.pl" />
+
+		<test url="http://data.miasto.payback.pl/css/service/city-widget/style.css" />
+		<test url="http://static.miasto.payback.pl/pos/logo/99e46573ece834d6ecb344b6e5acdcee_80x80.jpg" />
+		<test url="http://occssl.payback.pl/common/css/common.css" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^miasto\.payback\.pl$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\." name="_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/pbbans.com.xml b/src/chrome/content/rules/pbbans.com.xml
new file mode 100644
index 000000000000..0885c22db70b
--- /dev/null
+++ b/src/chrome/content/rules/pbbans.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .pbbans.com
+
+-->
+<ruleset name="PBBans.com">
+
+	<target host="pbbans.com" />
+	<target host="account.pbbans.com" />
+	<target host="media.pbbans.com" />
+	<target host="www.pbbans.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.pbbans\.com$" name="^session_id$" /-->
+
+	<securecookie host="^\." name="^(?:__cfduid|__qca|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/pc-cooling.de.xml b/src/chrome/content/rules/pc-cooling.de.xml
new file mode 100644
index 000000000000..089cfa7a7489
--- /dev/null
+++ b/src/chrome/content/rules/pc-cooling.de.xml
@@ -0,0 +1,36 @@
+<!--
+	^pc-cooling.de: mismatched
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.pc-cooling.de
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="PC-Cooling.de">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.pc-cooling.de" />
+
+	<!--	Complications:
+				-->
+	<target host="pc-cooling.de" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.pc-cooling\.de$" name="^invalidate-xcsrf-token$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://pc-cooling\.de/"
+		to="https://www.pc-cooling.de/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/pcapredict.com.xml b/src/chrome/content/rules/pcapredict.com.xml
new file mode 100644
index 000000000000..c227524c4d6b
--- /dev/null
+++ b/src/chrome/content/rules/pcapredict.com.xml
@@ -0,0 +1,78 @@
+<!--
+	For other Postcode Anywhere coverage, see postcodeanywhere.co.uk.xml.
+
+
+	Nonfunctional hosts in *pcapredict.com:
+
+		- bigdatalabs ᶠ
+		- resources ᵃ
+
+	ᵃ Shows another domain
+	ᶠ Handshake fails
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .pcapredict.com
+		- account.pcapredict.com
+		- www.pcapredict.com
+
+
+	Mixed content:
+
+		- Image on www from resources.pcapredict.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="PCA Predict.com (partial)">
+
+	<target host="pcapredict.com" />
+	<target host="account.pcapredict.com" />
+	<target host="www.pcapredict.com" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://(?:www\.)?pcapredict\.com/(?:en-us/about-us|en-us/index|pricing)/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://(?:www\.)?pcapredict\.com/(?!/*(?:(?:en-us/contact-us|register|[Ss]upport|status)(?:$|[?/])|favicon\.ico|[Ii]mages/))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.pcapredict.com/branding/" />
+			<test url="http://www.pcapredict.com/en-us/about-us/" />
+			<test url="http://www.pcapredict.com/en-us/email-validation/" />
+			<test url="http://www.pcapredict.com/en-us/index/" />
+			<test url="http://www.pcapredict.com/fuzzy/" />
+			<test url="http://www.pcapredict.com/infographics/christmas2014" />
+			<test url="http://www.pcapredict.com/magento/" />
+			<test url="http://www.pcapredict.com/pricing/" />
+
+			<!--	-ve:
+					-->
+			<test url="http://pcapredict.com/Support/faqs/pricing/" />
+			<test url="http://pcapredict.com/content/assets/banners/Capture40.png" />
+			<test url="http://pcapredict.com/en-us/contact-us" /><!--	mixed image	-->
+			<test url="http://pcapredict.com/favicon.ico" />
+			<test url="http://www.pcapredict.com/images/icons/arrow.png" />
+			<test url="http://www.pcapredict.com/register/" />
+			<test url="http://www.pcapredict.com/status/" /><!--	mixed image	-->
+			<test url="http://www.pcapredict.com/support/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.pcapredict\.com$" name="^(?:PostcodeAnywhere\.(?:Permanent|Session)Cookie|pcapredictRegion)$" /-->
+	<!--securecookie host="^account\.pcapredict\.com$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^www\.pcapredict\.com$" name="^__RequestVerificationToken$" /-->
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^a" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/pccomponentes.com.xml b/src/chrome/content/rules/pccomponentes.com.xml
new file mode 100644
index 000000000000..cb6689210288
--- /dev/null
+++ b/src/chrome/content/rules/pccomponentes.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="pccomponentes.com" platform="mixedcontent">
+  <target host="pccomponentes.com" />
+  <target host="www.pccomponentes.com" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/pcgarage.ro.xml b/src/chrome/content/rules/pcgarage.ro.xml
new file mode 100644
index 000000000000..53da758a18e4
--- /dev/null
+++ b/src/chrome/content/rules/pcgarage.ro.xml
@@ -0,0 +1,6 @@
+<ruleset name="pcgarage.ro">
+  <target host="pcgarage.ro" />
+  <target host="www.pcgarage.ro" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/pckeyboard.com.xml b/src/chrome/content/rules/pckeyboard.com.xml
new file mode 100644
index 000000000000..2acfa90a85de
--- /dev/null
+++ b/src/chrome/content/rules/pckeyboard.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="pckeyboard.com">
+	<target host="pckeyboard.com" />
+	<target host="www.pckeyboard.com" />
+	<target host="support.pckeyboard.com" />
+	<target host="survey.pckeyboard.com" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/pcper.com.xml b/src/chrome/content/rules/pcper.com.xml
new file mode 100644
index 000000000000..a30b79ca98c8
--- /dev/null
+++ b/src/chrome/content/rules/pcper.com.xml
@@ -0,0 +1,32 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .pcper.com
+
+
+	Mixed content:
+
+		- Images from $self ˢ
+		- Bug from pixel.quantserve.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="PCPer.com">
+
+	<target host="pcper.com" />
+	<target host="www.pcper.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.pcper\.com$" name="^SESS[\da-f]{32}$" /-->
+
+	<securecookie host="^\." name="^(?:__qca$|SESS)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/pcr-online.biz.xml b/src/chrome/content/rules/pcr-online.biz.xml
new file mode 100644
index 000000000000..571d348d15e5
--- /dev/null
+++ b/src/chrome/content/rules/pcr-online.biz.xml
@@ -0,0 +1,36 @@
+<!--
+	For other NewsBay Media coverage, see Intent-Media.xml.
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.pcr-online.biz
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Bug on www from b.scorecardresearch.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="PCR-online.biz">
+
+	<target host="pcr-online.biz" />
+	<target host="subs.pcr-online.biz" />
+	<target host="www.pcr-online.biz" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.pcr-online\.biz$" name="^pcrSession$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/pcrdist.com.xml b/src/chrome/content/rules/pcrdist.com.xml
new file mode 100644
index 000000000000..394f9e1e8827
--- /dev/null
+++ b/src/chrome/content/rules/pcrdist.com.xml
@@ -0,0 +1,24 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .www.pcrdist.com
+
+-->
+<ruleset name="PCR Dist.com">
+
+	<target host="pcrdist.com" />
+	<target host="www.pcrdist.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.www\.pcrdist\.com$" name="^frontend$" /-->
+
+	<securecookie host="^\w" name=".+" />
+	<securecookie host="^\.www\." name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/pcrm.org.xml b/src/chrome/content/rules/pcrm.org.xml
new file mode 100644
index 000000000000..73731327a126
--- /dev/null
+++ b/src/chrome/content/rules/pcrm.org.xml
@@ -0,0 +1,14 @@
+<!--
+	Invalid certificate:
+		support.pcrm.org
+		rdg.pcrm.org
+
+-->
+<ruleset name="PCRM.org">
+
+	<target host="pcrm.org" />
+	<target host="www.pcrm.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/pcshannover.de.xml b/src/chrome/content/rules/pcshannover.de.xml
new file mode 100644
index 000000000000..10bafbd6965c
--- /dev/null
+++ b/src/chrome/content/rules/pcshannover.de.xml
@@ -0,0 +1,6 @@
+<ruleset name="pchannovers.de">
+	<target host="pcshannover.de" />
+	<target host="www.pcshannover.de" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/pdf-online.com.xml b/src/chrome/content/rules/pdf-online.com.xml
new file mode 100644
index 000000000000..4f40c187a8e6
--- /dev/null
+++ b/src/chrome/content/rules/pdf-online.com.xml
@@ -0,0 +1,29 @@
+<!--
+	For other PDF Tools coverage, see pdf-tools.com.xml.
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- pdf-online.com
+		- www.pdf-online.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="pdf-online.com">
+
+	<target host="pdf-online.com" />
+	<target host="www.pdf-online.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?pdf-online\.com$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/pdf-tools.com.xml b/src/chrome/content/rules/pdf-tools.com.xml
new file mode 100644
index 000000000000..5201cad6ffe0
--- /dev/null
+++ b/src/chrome/content/rules/pdf-tools.com.xml
@@ -0,0 +1,42 @@
+<!--
+	Other PDF Tools rulesets:
+
+		- pdf-online.com.xml
+
+
+	^pdf-tools.com: Mismatched
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.pdf-tools.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="PDF-Tools.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="online.pdf-tools.com" />
+	<target host="www.pdf-tools.com" />
+
+	<!--	Complications:
+				-->
+	<target host="pdf-tools.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.pdf-tools\.com$" name="(?:ASP\.NET_SessionId|CMSPreferredCulture|CMSPreferredUICulture|CurrentVisitStatus|UILang|ViewMode)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://pdf-tools\.com/"
+		to="https://www.pdf-tools.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/pdfforge.org.xml b/src/chrome/content/rules/pdfforge.org.xml
new file mode 100644
index 000000000000..b662e482ec35
--- /dev/null
+++ b/src/chrome/content/rules/pdfforge.org.xml
@@ -0,0 +1,37 @@
+<!--
+	pdfforge.org
+	pdf generator
+
+	Error:
+	- download.pdfforge.org
+
+	Last test date: 07.11.2017
+-->
+<ruleset name="pdfforge.org">
+	<!-- Main page -->
+	<target host="pdfforge.org" />
+	<target host="www.pdfforge.org" />
+
+	<!-- Languages -->
+	<target host="translate.pdfforge.org" />
+	<target host="de.pdfforge.org" />
+
+	<!-- Forum -->
+	<target host="forums.pdfforge.org" />
+
+	<!-- Documentation -->
+	<target host="docs.pdfforge.org" />
+
+	<!-- Licensing -->
+	<target host="license.pdfforge.org" />
+	<target host="pricing2.pdfforge.org" />
+
+	<!-- Other -->
+	<target host="go.pdfforge.org" />
+
+	<!-- Not used? -->
+	<target host="pricing.pdfforge.org" />
+	<target host="update.pdfforge.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/pdfill.com.xml b/src/chrome/content/rules/pdfill.com.xml
new file mode 100644
index 000000000000..ab0697922c4c
--- /dev/null
+++ b/src/chrome/content/rules/pdfill.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="PDFill.com">
+
+	<target host="pdfill.com" />
+	<target host="www.pdfill.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/peacemakergame.com.xml b/src/chrome/content/rules/peacemakergame.com.xml
deleted file mode 100644
index d13c0204fabd..000000000000
--- a/src/chrome/content/rules/peacemakergame.com.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="peacemakergame.com" platform="mixedcontent">
-  <target host="www.peacemakergame.com" />
-  <target host="peacemakergame.com" />
-
-  <rule from="^http://(www\.)?peacemakergame\.com/" to="https://peacemakergame.com/"/>
-
-  <securecookie host="^(www)?\.?peacemakergame\.com" name=".*" />
-</ruleset>
diff --git a/src/chrome/content/rules/peachosi.com.xml b/src/chrome/content/rules/peachosi.com.xml
new file mode 100644
index 000000000000..f872bd331337
--- /dev/null
+++ b/src/chrome/content/rules/peachosi.com.xml
@@ -0,0 +1,9 @@
+<!--
+cpanel.peachosi.com mismatch
+-->
+<ruleset name="peachosi.com" platform="mixedcontent">
+	<target host="peachosi.com" />
+	<target host="www.peachosi.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/pearsoncmg.com.xml b/src/chrome/content/rules/pearsoncmg.com.xml
new file mode 100644
index 000000000000..0c50d2257873
--- /dev/null
+++ b/src/chrome/content/rules/pearsoncmg.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="pearsoncmg.com">
+
+<!--
+Both of these subdomains are by default loaded over HTTP and do not redirect to HTTPS,
+However both of them can be loaded over HTTPS with no issues.
+-->
+
+	<target host="view.etext.home2.pearsoncmg.com" />
+	<target host="rumba.bookshelf.ebookplus.pearsoncmg.com" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/peekvids.com.xml b/src/chrome/content/rules/peekvids.com.xml
new file mode 100644
index 000000000000..897026c9118d
--- /dev/null
+++ b/src/chrome/content/rules/peekvids.com.xml
@@ -0,0 +1,27 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- peekvids.com
+		- www.peekvids.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="PeekVids.com">
+
+	<target host="peekvids.com" />
+	<target host="www.peekvids.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^peekvids\.com$" name="^(?:PHPSESSID|redirect_cookie)$" /-->
+	<!--securecookie host="^www\.peekvids\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/peercloud.io.xml b/src/chrome/content/rules/peercloud.io.xml
new file mode 100644
index 000000000000..8609dd9ddc98
--- /dev/null
+++ b/src/chrome/content/rules/peercloud.io.xml
@@ -0,0 +1,13 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://peercloud.io/ => https://peercloud.io/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.peercloud.io/ => https://www.peercloud.io/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="peercloud.io" default_off="failed ruleset test">
+	<target host="peercloud.io" />
+	<target host="www.peercloud.io" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/pehub.com.xml b/src/chrome/content/rules/pehub.com.xml
new file mode 100644
index 000000000000..8add907d38cf
--- /dev/null
+++ b/src/chrome/content/rules/pehub.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.pehub.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="PE Hub.com">
+
+	<target host="pehub.com" />
+	<target host="www.pehub.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.pehub\.com$" name="^(?:pehub_region|whitelisted)$" /-->
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/pentest-tools.com.xml b/src/chrome/content/rules/pentest-tools.com.xml
new file mode 100644
index 000000000000..fa53a75257a9
--- /dev/null
+++ b/src/chrome/content/rules/pentest-tools.com.xml
@@ -0,0 +1,16 @@
+<!--
+www.pentest-tools.com ¹
+
+
+¹ mismatch
+-->
+<ruleset name="pentest-tools.com">
+	<target host="pentest-tools.com" />
+
+	<target host="www.pentest-tools.com" />
+
+	<rule from="^http://www\.pentest-tools\.com/"
+		to="https://pentest-tools.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/penzionspicak.cz.xml b/src/chrome/content/rules/penzionspicak.cz.xml
new file mode 100644
index 000000000000..d00e73824b43
--- /dev/null
+++ b/src/chrome/content/rules/penzionspicak.cz.xml
@@ -0,0 +1,6 @@
+<ruleset name="penzionspicak.cz">
+	<target host="penzionspicak.cz" />
+	<target host="www.penzionspicak.cz" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/peoplebank.com.xml b/src/chrome/content/rules/peoplebank.com.xml
new file mode 100644
index 000000000000..80d09c580c6f
--- /dev/null
+++ b/src/chrome/content/rules/peoplebank.com.xml
@@ -0,0 +1,30 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- peoplebank.com
+		- www.peoplebank.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="PeopleBank.com">
+
+	<target host="peoplebank.com" />
+	<target host="www.peoplebank.com" />
+
+		<!--	Sets cookie without Secure:
+							-->
+		<!--test url="http://peoplebank.com/pb3/corporate/Arcadia/tstm/advertsearch.php" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?peoplebank\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/pep.foundation.xml b/src/chrome/content/rules/pep.foundation.xml
new file mode 100644
index 000000000000..fc5fe79c9035
--- /dev/null
+++ b/src/chrome/content/rules/pep.foundation.xml
@@ -0,0 +1,17 @@
+<!--
+	For related rulesets, see PEP-project.org.xml
+
+	pep.foundation: incomplete cert chain
+	www.pep.foundation: mismatched
+	cacert.pep.foundation: CAcert
+
+-->
+<ruleset name="pep.Foundation (partial)">
+
+	<target host="design.pep.foundation"/>
+	<target host="letsencrypt.pep.foundation"/>
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/peppermintos.com.xml b/src/chrome/content/rules/peppermintos.com.xml
new file mode 100644
index 000000000000..ab47e1a3c0b9
--- /dev/null
+++ b/src/chrome/content/rules/peppermintos.com.xml
@@ -0,0 +1,11 @@
+<!--
+w.peppermintos.com mismatch
+-->
+<ruleset name="peppermintos.com">
+	<target host="peppermintos.com" />
+	<target host="www.peppermintos.com" />
+	<target host="forum.peppermintos.com" />
+	<target host="start.peppermintos.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/pepperridgefarm.xml b/src/chrome/content/rules/pepperridgefarm.xml
new file mode 100644
index 000000000000..bc52dd6b431a
--- /dev/null
+++ b/src/chrome/content/rules/pepperridgefarm.xml
@@ -0,0 +1,7 @@
+<ruleset name="pepperridgefarm">
+	<target host="pepperidgefarm.com" />
+	<target host="www.pepperidgefarm.com" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/perf-html.io.xml b/src/chrome/content/rules/perf-html.io.xml
new file mode 100644
index 000000000000..0df403d28fdf
--- /dev/null
+++ b/src/chrome/content/rules/perf-html.io.xml
@@ -0,0 +1,8 @@
+<ruleset name="perf-html.io">
+	<target host="perf-html.io" />
+	<target host="www.perf-html.io" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/perfecthair.ch.xml b/src/chrome/content/rules/perfecthair.ch.xml
new file mode 100644
index 000000000000..c78a188e6543
--- /dev/null
+++ b/src/chrome/content/rules/perfecthair.ch.xml
@@ -0,0 +1,7 @@
+<ruleset name="perfecthair.ch">
+	<target host="perfecthair.ch"/>
+	<target host="www.perfecthair.ch"/>
+
+	<rule from="^http:"
+		to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/perfora.net.xml b/src/chrome/content/rules/perfora.net.xml
new file mode 100644
index 000000000000..be722c2dc6dc
--- /dev/null
+++ b/src/chrome/content/rules/perfora.net.xml
@@ -0,0 +1,20 @@
+<!--
+	For other United Internet coverage, see United-Internet.xml.
+
+
+	^perfora.net: Refused
+
+-->
+<ruleset name="perfora.net (partial)">
+
+	<target host="ssl.perfora.net" />
+	<target host="webmailcluster.perfora.net" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/perimeterinstitute.ca.xml b/src/chrome/content/rules/perimeterinstitute.ca.xml
new file mode 100644
index 000000000000..5d518f754a4a
--- /dev/null
+++ b/src/chrome/content/rules/perimeterinstitute.ca.xml
@@ -0,0 +1,13 @@
+<ruleset name="Perimeter Institute.ca">
+
+	<target host="perimeterinstitute.ca" />
+	<target host="www.perimeterinstitute.ca" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/permkrai.ru.xml b/src/chrome/content/rules/permkrai.ru.xml
new file mode 100644
index 000000000000..7f69d7a664eb
--- /dev/null
+++ b/src/chrome/content/rules/permkrai.ru.xml
@@ -0,0 +1,221 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://eor.permkrai.ru/ => https://eor.permkrai.ru/: (60, 'SSL certificate problem: certificate has expired')
+
+59t001.permkrai.ru ²
+59t002.permkrai.ru ²
+59t003.permkrai.ru ²
+59t004.permkrai.ru ²
+59t006.permkrai.ru ²
+59t007.permkrai.ru ²
+59t008.permkrai.ru ²
+59t009.permkrai.ru ²
+59t010.permkrai.ru ²
+59t011.permkrai.ru ²
+59t012.permkrai.ru ²
+59t013.permkrai.ru ²
+59t014.permkrai.ru ²
+59t015.permkrai.ru ²
+59t016.permkrai.ru ²
+59t017.permkrai.ru ²
+59t018.permkrai.ru ²
+59t019.permkrai.ru ²
+59t020.permkrai.ru ²
+59t021.permkrai.ru ²
+59t024.permkrai.ru ²
+59t025.permkrai.ru ²
+59t026.permkrai.ru ²
+59t028.permkrai.ru ²
+59t029.permkrai.ru ²
+59t030.permkrai.ru ²
+59t031.permkrai.ru ²
+59t032.permkrai.ru ²
+59t033.permkrai.ru ²
+59t034.permkrai.ru ²
+59t035.permkrai.ru ²
+59t036.permkrai.ru ²
+59t037.permkrai.ru ²
+59t039.permkrai.ru ²
+59t040.permkrai.ru ²
+59t041.permkrai.ru ²
+59t042.permkrai.ru ²
+59t044.permkrai.ru ²
+59t046.permkrai.ru ²
+59t047.permkrai.ru ²
+59tik.permkrai.ru ²
+81t001.permkrai.ru ²
+81t002.permkrai.ru ²
+81t004.permkrai.ru ²
+81t005.permkrai.ru ²
+81t006.permkrai.ru ²
+81t007.permkrai.ru ²
+admin.permkrai.ru ⁴
+www.admin.permkrai.ru ⁴
+www.agro.permkrai.ru ¹
+www.appk.permkrai.ru ¹
+exedge1-ppk.appk.permkrai.ru ³
+exedge2-ppk.appk.permkrai.ru ³
+www.astafiev.permkrai.ru ³
+auprim.permkrai.ru ⁴
+avdesk-global.permkrai.ru ³
+blog.permkrai.ru ³
+www.budget.permkrai.ru ¹
+chusovoi.permkrai.ru ³
+daemon.permkrai.ru ³
+dns.permkrai.ru ³
+dor.permkrai.ru ⁴
+dorcom.permkrai.ru ³
+doroga.permkrai.ru ³
+www.doroga.permkrai.ru ³
+dorogi.permkrai.ru ³
+ecokontrol.permkrai.ru ⁷
+economy.permkrai.ru ⁶
+orv.economy.permkrai.ru ¹
+ekey.permkrai.ru ³
+www.ekey.permkrai.ru ³
+esiaminsoc.permkrai.ru ⁶
+ets.permkrai.ru ⁵
+exedge-ppk.permkrai.ru ⁶
+fingramota.permkrai.ru ⁶
+www.giep.permkrai.ru ¹
+gkh.permkrai.ru ⁵
+www.gosobrnadzor.permkrai.ru ¹
+goszakaz.permkrai.ru ¹
+www.gs.permkrai.ru ¹
+gts.permkrai.ru ³
+gz.permkrai.ru ³
+www.gz.permkrai.ru ³
+hackathon.permkrai.ru ⁶
+human.permkrai.ru ⁴
+www.human.permkrai.ru ⁴
+icons.permkrai.ru ⁵
+www.iggn.permkrai.ru ¹
+www.igtn.permkrai.ru ¹
+igtn2.permkrai.ru ⁶
+infrastruktura.permkrai.ru ²
+www.invest.permkrai.ru ¹
+ivc.permkrai.ru ³
+www.ivc.permkrai.ru ³
+izbirkom.permkrai.ru ³
+izbirkomkonkurs.permkrai.ru ³
+kontroluslug.permkrai.ru ⁶
+www.kontroluslug.permkrai.ru ¹
+www.kosa.permkrai.ru ⁴
+krasnokamsk.permkrai.ru ³
+www.krasnokamsk.permkrai.ru ³
+les.permkrai.ru ³
+lk.permkrai.ru ¹
+mfc.permkrai.ru ⁶
+www.mfc.permkrai.ru ¹
+www.mfin.permkrai.ru ¹
+miac.permkrai.ru ⁶
+www.minkpo.permkrai.ru ¹
+minprom.permkrai.ru ¹
+www.minpromtorg.permkrai.ru ¹
+minpromtorg2.permkrai.ru ⁶
+www.minsoc.permkrai.ru ¹
+minter.permkrai.ru ⁶
+minter3.permkrai.ru ⁶
+mintorg.permkrai.ru ⁶
+decl.mintorg.permkrai.ru ³
+www.mintrans.permkrai.ru ¹
+www.mintrans59.permkrai.ru ¹
+minzdrav.permkrai.ru ⁶
+www.mirs.permkrai.ru ¹
+mirust2.permkrai.ru ⁶
+mizo2.permkrai.ru ⁴
+www.mk.permkrai.ru ¹
+mob.permkrai.ru ³
+molodayasemya.permkrai.ru/: (35, 'error:14092105:SSL routines:ssl3_get_server_hello:wrong cipher returned')
+msa.permkrai.ru ⁶
+www.msa.permkrai.ru ¹
+msh.permkrai.ru ³
+nagrady.permkrai.ru ³
+ns.permkrai.ru ³
+www.opendata.permkrai.ru ¹
+oppk.permkrai.ru ³
+www.oppk.permkrai.ru ³
+owa.permkrai.ru ³
+pcrp.permkrai.ru ³
+www.pokolenia.permkrai.ru ¹
+old.pokolenia.permkrai.ru ¹
+q.permkrai.ru ⁶
+rek.permkrai.ru ⁴
+www.rek.permkrai.ru ⁴
+reportagro.permkrai.ru ⁶
+sport2.permkrai.ru ⁶
+www.sport2.permkrai.ru ¹
+www.spp.permkrai.ru ¹
+www.szn.permkrai.ru ¹
+www.test-site.permkrai.ru ³
+tk.permkrai.ru ¹
+www.tk.permkrai.ru ¹
+tumsr.permkrai.ru ³
+www.tumsr.permkrai.ru ³
+tv.permkrai.ru ³
+vaska.permkrai.ru ³
+web.permkrai.ru ⁵
+www.zags.permkrai.ru ¹
+esiaminsoc.permkrai.ru:2000 ⁷
+opendata.permkrai.ru different content
+
+
+¹ mismatch
+² refused
+³ timed out
+⁴ self signed
+⁵ expired
+⁶ redirect
+⁷ protocol error
+-->
+<ruleset name="permkrai.ru" default_off="failed ruleset test">
+	<target host="permkrai.ru" />
+	<target host="www.permkrai.ru" />
+	<target host="agarh.permkrai.ru" />
+	<target host="agro.permkrai.ru" />
+	<target host="agz.permkrai.ru" />
+	<target host="appk.permkrai.ru" />
+	<target host="bezbarierov.permkrai.ru" />
+	<target host="budget.permkrai.ru" />
+	<target host="desk.permkrai.ru" />
+	<target host="eor.permkrai.ru" />
+	<target host="exchange.permkrai.ru" />
+	<target host="gosobrnadzor.permkrai.ru" />
+	<target host="gosuslugi.permkrai.ru" />
+	<target host="gs.permkrai.ru" />
+	<target host="iggn.permkrai.ru" />
+	<target host="igtn.permkrai.ru" />
+	<target host="invest.permkrai.ru" />
+	<target host="invet.permkrai.ru" />
+	<target host="mail.permkrai.ru" />
+	<target host="mfin.permkrai.ru" />
+	<target host="mininfocom.permkrai.ru" />
+	<target host="minkpo.permkrai.ru" />
+	<target host="minobr.permkrai.ru" />
+	<target host="minpromtorg.permkrai.ru" />
+	<target host="minsoc.permkrai.ru" />
+	<target host="mintrans.permkrai.ru" />
+	<target host="mintrans59.permkrai.ru" />
+	<target host="mirs.permkrai.ru" />
+	<target host="mirust.permkrai.ru" />
+	<target host="mizo.permkrai.ru" />
+	<target host="mk.permkrai.ru" />
+	<target host="mpik.permkrai.ru" />
+	<target host="mrks.permkrai.ru" />
+	<target host="msgkh.permkrai.ru" />
+	<target host="pokolenia.permkrai.ru" />
+	<target host="priroda.permkrai.ru" />
+	<target host="reception.permkrai.ru" />
+	<target host="rgu.permkrai.ru" />
+	<target host="rst.permkrai.ru" />
+	<target host="sport.permkrai.ru" />
+	<target host="spp.permkrai.ru" />
+	<target host="sts.permkrai.ru" />
+	<target host="szn.permkrai.ru" />
+	<target host="ts.permkrai.ru" />
+	<target host="vts.permkrai.ru" />
+	<target host="zags.permkrai.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/peterkieser.com.xml b/src/chrome/content/rules/peterkieser.com.xml
new file mode 100644
index 000000000000..73582638071f
--- /dev/null
+++ b/src/chrome/content/rules/peterkieser.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="Peter Kieser.com">
+
+	<target host="peterkieser.com" />
+	<target host="www.peterkieser.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/pethelpful.com.xml b/src/chrome/content/rules/pethelpful.com.xml
new file mode 100644
index 000000000000..b7aded06c37c
--- /dev/null
+++ b/src/chrome/content/rules/pethelpful.com.xml
@@ -0,0 +1,28 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .pethelpful.com
+
+-->
+<ruleset name="PetHelpful.com">
+
+	<target host="pethelpful.com" />
+	<target host="www.pethelpful.com" />
+
+		<!--	Sets cookies without Secure:
+							-->
+		<!--test url="http://pethelpful.com/signin/" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.pethelpful\.com" name="^ru(?:txt)?$" /-->
+
+	<securecookie host="^\." name="^ru(?:txt)?$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/pfrf.ru.xml b/src/chrome/content/rules/pfrf.ru.xml
new file mode 100644
index 000000000000..2d15a1458880
--- /dev/null
+++ b/src/chrome/content/rules/pfrf.ru.xml
@@ -0,0 +1,56 @@
+<!--
+pfrf.ru ⁶
+www.pfrf.ru ⁶
+comcor-gw1-shb.pfrf.ru ³
+comcor-gw2-shb.pfrf.ru ³
+www.es.pfrf.ru ¹
+altaikr.lkp.pfrf.ru ⁵
+bashkor.lkp.pfrf.ru ³
+buryat.lkp.pfrf.ru ³
+chel.lkp.pfrf.ru ⁴
+chuvash.lkp.pfrf.ru ⁵
+irkut.lkp.pfrf.ru ³
+kemer.lkp.pfrf.ru ³
+kirov.lkp.pfrf.ru ³
+krasyar.lkp.pfrf.ru ³
+kurgan.lkp.pfrf.ru ⁷
+moscow.lkp.pfrf.ru ³
+nigegor.lkp.pfrf.ru ³
+orel.lkp.pfrf.ru ²
+peter.lkp.pfrf.ru ³
+sverdlov.lkp.pfrf.ru ²
+tambov.lkp.pfrf.ru ³
+tatstan.lkp.pfrf.ru ³
+voron.lkp.pfrf.ru ⁵
+altai.lkpr.pfrf.ru ⁵
+altaikr.lkpr.pfrf.ru ⁴
+buryat.lkpr.pfrf.ru ⁵
+hakas.lkpr.pfrf.ru ⁷
+kemer.lkpr.pfrf.ru ⁵
+krasyar.lkpr.pfrf.ru ⁵
+moscow.lkpr.pfrf.ru ²
+murman.lkpr.pfrf.ru ³
+nigegor.lkpr.pfrf.ru ³
+tomsk.lkpr.pfrf.ru ⁵
+udmurt.lkpr.pfrf.ru ⁴
+zabal.lkpr.pfrf.ru ³
+mx.pfrf.ru ³
+ns1.pfrf.ru ³
+ns2.pfrf.ru ³
+
+
+¹ mismatch
+² refused
+³ timed out
+⁴ self signed
+⁵ expired
+⁶ redirect
+⁷ protocol error
+-->
+<ruleset name="pfrf.ru (partial)">
+	<target host="ca.pfrf.ru" />
+	<target host="es.pfrf.ru" />
+	<target host="hosting.pfrf.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/pgl.co.uk.xml b/src/chrome/content/rules/pgl.co.uk.xml
new file mode 100644
index 000000000000..93629d55a4fb
--- /dev/null
+++ b/src/chrome/content/rules/pgl.co.uk.xml
@@ -0,0 +1,27 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- pgl.co.uk
+		- www.pgl.co.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="PGL.co.uk">
+
+	<target host="pgl.co.uk" />
+	<target host="www.pgl.co.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?pgl\.co\.uk$" name="^(?:ASP\.NET_SessionId|Dynamicweb|Dynamicweb\.SessionVisit)$" /-->
+
+	<securecookie host="^\." name="^_ga" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/pgtrk.ru.xml b/src/chrome/content/rules/pgtrk.ru.xml
new file mode 100644
index 000000000000..21e910d32ec9
--- /dev/null
+++ b/src/chrome/content/rules/pgtrk.ru.xml
@@ -0,0 +1,8 @@
+<!-- tv.mobile. mismatch
+m. mismatch
+radio. mismatch
+(www.)? -> tv. -->
+<ruleset name="pgtrk.ru">
+	<target host="tv.pgtrk.ru" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/pharmgkb.org.xml b/src/chrome/content/rules/pharmgkb.org.xml
new file mode 100644
index 000000000000..c7b27c9342cc
--- /dev/null
+++ b/src/chrome/content/rules/pharmgkb.org.xml
@@ -0,0 +1,23 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://pharmgkb.org/ => https://pharmgkb.org/: (28, 'Connection timed out after 20000 milliseconds')
+
+	STS header includes includeSubdomains
+
+-->
+<ruleset name="PharmGKB.org" default_off="failed ruleset test">
+
+	<target host="pharmgkb.org" />
+	<target host="*.pharmgkb.org" />
+
+		<test url="http://www.pharmgkb.org/" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/phil.camera.xml b/src/chrome/content/rules/phil.camera.xml
new file mode 100644
index 000000000000..b0034d952121
--- /dev/null
+++ b/src/chrome/content/rules/phil.camera.xml
@@ -0,0 +1,13 @@
+<ruleset name="phil.camera">
+	<target host=    "phil.camera" />
+	<target host="www.phil.camera" />
+
+  	<securecookie host="^phil\.camera$" name=".+" />
+
+	<!-- cert only matches www -->
+	<rule from="^http://www\.phil\.camera/"
+		to="https://phil.camera/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/phoenix.de.xml b/src/chrome/content/rules/phoenix.de.xml
new file mode 100644
index 000000000000..33ed58a1c8ae
--- /dev/null
+++ b/src/chrome/content/rules/phoenix.de.xml
@@ -0,0 +1,7 @@
+<ruleset name="phoenix.de">
+	<target host="phoenix.de"/>
+	<target host="www.phoenix.de"/>
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/phonekeeper.ru.xml b/src/chrome/content/rules/phonekeeper.ru.xml
new file mode 100644
index 000000000000..c96e9d0836aa
--- /dev/null
+++ b/src/chrome/content/rules/phonekeeper.ru.xml
@@ -0,0 +1,6 @@
+<ruleset name="phonekeeper.ru">
+	<target host="phonekeeper.ru" />
+	<target host="www.phonekeeper.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/phonostar.de.xml b/src/chrome/content/rules/phonostar.de.xml
new file mode 100644
index 000000000000..e5fb57f3628f
--- /dev/null
+++ b/src/chrome/content/rules/phonostar.de.xml
@@ -0,0 +1,135 @@
+<!--
+	Invalid certificate:
+		www.101ru.phonostar.de
+		www.1clubfm-chill-outlounge.phonostar.de
+		ads.phonostar.de
+		www.antennemallorca.phonostar.de
+		www.banditrock106-3.phonostar.de
+		www.bigfmsaarland.phonostar.de
+		bluebeatz-querbeet.phonostar.de
+		blueworldradio.phonostar.de
+		www.bvbnetradio.phonostar.de
+		www.choiceradio-christmas.phonostar.de
+		christmasradio.phonostar.de
+		www.citybull-radio.phonostar.de
+		comradio.phonostar.de
+		www.cybrixradio.phonostar.de
+		digitalradio.phonostar.de
+		download.phonostar.de
+		www.gamer-fm.phonostar.de
+		gotradio-urban.phonostar.de
+		www.hardrockin80s.phonostar.de
+		www.hitpoolradio.phonostar.de
+		www.hitradiosuedtirol.phonostar.de
+		images.phonostar.de
+		infotainment.phonostar.de
+		interface.phonostar.de
+		internetradio.phonostar.de
+		www.kccnfm100.phonostar.de
+		www.kissfm.phonostar.de
+		www.kleinepiraatinternetradio.phonostar.de
+		www.liquid-fire.phonostar.de
+		mascotteradio.phonostar.de
+		musik-musikgoldies.phonostar.de
+		news.phonostar.de
+		www.nightloversradio.phonostar.de
+		noshmimmizrahit.phonostar.de
+		orsradio-disco.phonostar.de
+		player.phonostar.de
+		www.playfm.phonostar.de
+		popradio-popone.phonostar.de
+		psnew.phonostar.de
+		www.questanum.phonostar.de
+		www.radio-vulkan.phonostar.de
+		radio404.phonostar.de
+		www.radiodecin.phonostar.de
+		www.radiolimonadovyjoe.phonostar.de
+		www.radionedelisce.phonostar.de
+		www.radiosalzachtal.phonostar.de
+		www.radiosaw-rock.phonostar.de
+		www.radiostudioodendorf.phonostar.de
+		radiovadigor-deeppurple.phonostar.de
+		radioweissblau.phonostar.de
+		www.radyoonbes.phonostar.de
+		silvester.phonostar.de
+		skyfm-ambient.phonostar.de
+		www.skyfm-hardstyle.phonostar.de
+		www.skyfm-lounge.phonostar.de
+		www.skyfm-minimal.phonostar.de
+		www.skyfm-pianojazz.phonostar.de
+		skyfm-simplysoundtracks.phonostar.de
+		www.skyfm-trance.phonostar.de
+		www.slamfm.phonostar.de
+		www.slashfm.phonostar.de
+		sofaspace.phonostar.de
+		www.superfox-radio.phonostar.de
+		switch1197.phonostar.de
+		www.technobase4ever.phonostar.de
+		www.teleradiovinschgau.phonostar.de
+		thebull.phonostar.de
+		united-friends-radio.phonostar.de
+		unserding.phonostar.de
+		unserding-zukunft.phonostar.de
+		urbanafm.phonostar.de
+		www.utvarpforoya.phonostar.de
+		veedelsradio.phonostar.de
+		vivacite-mons.phonostar.de
+		www.volksmusikhitradio.phonostar.de
+		voxfm.phonostar.de
+		wamc.phonostar.de
+		waterstadfm.phonostar.de
+		wbaifm.phonostar.de
+		wbez.phonostar.de
+		wbrwebblasterradio-wbr1.phonostar.de
+		wbrwebblasterradio-wbr2.phonostar.de
+		wdr2.phonostar.de
+		wdr3.phonostar.de
+		wdr4.phonostar.de
+		wdr5.phonostar.de
+		webradio-fantasyde.phonostar.de
+		webradiocommunity.phonostar.de
+		webradiotroisdorf.phonostar.de
+		webradiowilderkaiser.phonostar.de
+		weihnachtsradio.phonostar.de
+		welle1.phonostar.de
+		welleniederrhein.phonostar.de
+		wellewartenberg.phonostar.de
+		weta.phonostar.de
+		wfdu.phonostar.de
+		wfmu-fm.phonostar.de
+		wghtradio.phonostar.de
+		whur.phonostar.de
+		wibbagefm.phonostar.de
+		wildfm.phonostar.de
+		wildlife-radio.phonostar.de
+		wksu.phonostar.de
+		wm-radio.phonostar.de
+		wmbrfm.phonostar.de
+		wmkvfm.phonostar.de
+		wnyc-fm.phonostar.de
+		wvtfpublicradio.phonostar.de
+		wyslnews1040am.phonostar.de
+		xlnc.phonostar.de
+		xxxradio.phonostar.de
+		yleylenklassinen.phonostar.de
+		youfm.phonostar.de
+		youkounkoun-radio-rock.phonostar.de
+		z.phonostar.de
+		zapfm.phonostar.de
+		zerofm.phonostar.de
+		zforceradio.phonostar.de
+		ziniuradio.phonostar.de
+		ziz.phonostar.de
+
+	Not found:
+		www.psnew.phonostar.de
+
+-->
+<ruleset name="phonostar.de">
+
+	<target host="phonostar.de" />
+	<target host="www.phonostar.de" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/phpans.com.xml b/src/chrome/content/rules/phpans.com.xml
new file mode 100644
index 000000000000..50d10d32078a
--- /dev/null
+++ b/src/chrome/content/rules/phpans.com.xml
@@ -0,0 +1,12 @@
+<!--
+demo.phpans.com ¹
+
+
+¹ mismatch
+-->
+<ruleset name="phpans.com">
+	<target host="phpans.com" />
+	<target host="www.phpans.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/phpboost.com.xml b/src/chrome/content/rules/phpboost.com.xml
new file mode 100644
index 000000000000..75098e8b2967
--- /dev/null
+++ b/src/chrome/content/rules/phpboost.com.xml
@@ -0,0 +1,31 @@
+<!--
+	Nonfunctional hosts in *phpboost.com:
+
+		- demo ⁵
+
+	⁵ 502
+
+
+	Mixed content:
+
+		- Image on www from bell-cranel.net ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="PHPBoost.com (partial)">
+
+	<target host="phpboost.com" />
+	<target host="dl.phpboost.com" />
+	<target host="www.phpboost.com" />
+
+		<test url="http://dl.phpboost.com/5.0/modules/unofficial/HomeLanding/logo.png" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/phptesting.org.xml b/src/chrome/content/rules/phptesting.org.xml
new file mode 100644
index 000000000000..819507592923
--- /dev/null
+++ b/src/chrome/content/rules/phptesting.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="phptesting.org">
+
+	<target host="phptesting.org" />
+	<target host="www.phptesting.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/phys.org.xml b/src/chrome/content/rules/phys.org.xml
new file mode 100644
index 000000000000..306d187eb27a
--- /dev/null
+++ b/src/chrome/content/rules/phys.org.xml
@@ -0,0 +1,17 @@
+<ruleset name="Phys.org">
+
+	<target host="phys.org" />
+	<target host="m.phys.org" />
+	<target host="www.phys.org" />
+	<target host="physorg.com" />
+
+	<securecookie host="^\." name="^__qca" />
+	<securecookie host="^\w" name=".+" />
+
+	<rule from="^http://physorg\.com/"
+		to="https://phys.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/pi-hole.net.xml b/src/chrome/content/rules/pi-hole.net.xml
new file mode 100644
index 000000000000..2e1143393231
--- /dev/null
+++ b/src/chrome/content/rules/pi-hole.net.xml
@@ -0,0 +1,21 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://www.pi-hole.net/ (200) => https://www.pi-hole.net/ (526)
+
+-->
+<ruleset name="pi-hole.net" default_off="failed ruleset test">
+
+	<target host="pi-hole.net" />
+	<target host="install.pi-hole.net" />
+	<target host="www.pi-hole.net" />
+
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/piccy.info.xml b/src/chrome/content/rules/piccy.info.xml
new file mode 100644
index 000000000000..5ecc71a12532
--- /dev/null
+++ b/src/chrome/content/rules/piccy.info.xml
@@ -0,0 +1,20 @@
+<!--
+	Redirect to HTTP:
+		ns3.piccy.info
+
+	SSL protocol error:
+		ns5.piccy.info
+		piccy.piccy.info
+		wrld.piccy.info
+
+	Time out:
+		ns2.piccy.info
+-->
+<ruleset name="piccy.info">
+	<target host="piccy.info" />
+	<target host="www.piccy.info" />
+	<target host="i.piccy.info" />
+
+	<rule from="^http://www\.piccy\.info/" to="https://piccy.info/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/pichesky.ru.xml b/src/chrome/content/rules/pichesky.ru.xml
new file mode 100644
index 000000000000..93739fc3c119
--- /dev/null
+++ b/src/chrome/content/rules/pichesky.ru.xml
@@ -0,0 +1,17 @@
+<!--
+pichesky.ru ⁶
+www.pichesky.ru ⁶
+kotest.pichesky.ru ¹
+maksimichy.pro.pichesky.ru ²
+sibkorona2015.pro.pichesky.ru ¹
+
+
+¹ mismatch
+² refused
+⁶ redirect
+-->
+<ruleset name="pichesky.ru (partial)">
+	<target host="intouch.pichesky.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/pickpoint.ru.xml b/src/chrome/content/rules/pickpoint.ru.xml
new file mode 100644
index 000000000000..e0e9cae1b7b4
--- /dev/null
+++ b/src/chrome/content/rules/pickpoint.ru.xml
@@ -0,0 +1,23 @@
+<!--
+gwsrv.pickpoint.ru ³
+hotel.pickpoint.ru ³
+imap.pickpoint.ru ⁴
+mail.pickpoint.ru ⁴
+ns0.pickpoint.ru ³
+oscar.pickpoint.ru ³
+spsrv2.pickpoint.ru ³
+spsrv3.pickpoint.ru ³
+websrv.pickpoint.ru ¹
+
+
+¹ mismatch
+³ timed out
+⁴ self signed
+-->
+<ruleset name="pickpoint.ru">
+	<target host="pickpoint.ru" />
+	<target host="www.pickpoint.ru" />
+	<target host="e-solution.pickpoint.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/pinall.ru.xml b/src/chrome/content/rules/pinall.ru.xml
new file mode 100644
index 000000000000..c6cb64b70aa1
--- /dev/null
+++ b/src/chrome/content/rules/pinall.ru.xml
@@ -0,0 +1,12 @@
+<!--
+lp.pinall.ru ¹
+
+
+¹ mismatch
+-->
+<ruleset name="pinall.ru">
+	<target host="pinall.ru" />
+	<target host="www.pinall.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/pindrop.com.xml b/src/chrome/content/rules/pindrop.com.xml
new file mode 100644
index 000000000000..a2ea209ee579
--- /dev/null
+++ b/src/chrome/content/rules/pindrop.com.xml
@@ -0,0 +1,30 @@
+<!--
+	Other Pindrop rulesets:
+
+		- pindropsecurity.com.xml
+
+
+	^pindrop.com: WP Engine / redirects to http
+
+-->
+<ruleset name="Pindrop.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.pindrop.com" />
+
+	<!--	Complications:
+				-->
+	<target host="pindrop.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://pindrop\.com/"
+		to="https://www.pindrop.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/pindropsecurity.com.xml b/src/chrome/content/rules/pindropsecurity.com.xml
new file mode 100644
index 000000000000..1b23efe20e7c
--- /dev/null
+++ b/src/chrome/content/rules/pindropsecurity.com.xml
@@ -0,0 +1,63 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://info.pindropsecurity.com/css/mktLPSupport.css (200) => https://na-sji.marketo.com/css/mktLPSupport.css (403)
+Non-2xx HTTP code: http://info.pindropsecurity.com/rs/pindropsecurity/images/Pindrop_Logo_Grey_RGB.gif (200) => https://na-sji.marketo.com/rs/pindropsecurity/images/Pindrop_Logo_Grey_RGB.gif (403)
+
+	For other Pindrop coverage, see pindrop.com.xml.
+
+
+	Nonfunctional hosts in *pindropsecurity.com:
+
+		- info ᵃ
+
+	ᵃ Marketo / Shows another domain
+
+-->
+<ruleset name="Pindrop Security.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="pindropsecurity.com" />
+	<target host="www.pindropsecurity.com" />
+
+	<!--	Complications:
+				-->
+	<target host="info.pindropsecurity.com" />
+
+
+	<securecookie host="^(?!info\.)\w" name=".+" />
+	<securecookie host="^\." name="(?:__cfduid|cf_clearance)$" />
+
+
+	<!--	Redirect drops forward slash and args:
+							-->
+	<rule from="^http://info\.pindropsecurity\.com/+(?:\?.*)?$"
+		to="https://pindropsecurity.com/" />
+
+	<rule from="^http://info\.pindropsecurity\.com/"
+		to="https://na-sji.marketo.com/" />
+
+		<exclusion pattern="^http://info\.pindropsecurity\.com/+(?!$|\?|css/|images/|rs/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://info.pindropsecurity.com/All-In-Party-3.html" />
+			<test url="http://info.pindropsecurity.com/All-In-Party-RSVP.html" />
+			<test url="http://info.pindropsecurity.com/Canada_Launch.html" />
+			<test url="http://info.pindropsecurity.com/Diagnosing-Phone-Fraud-Threats-Healthcare-Registration.html" />
+			<test url="http://info.pindropsecurity.com/Embassy_Event_RSVP.html" />
+			<test url="http://info.pindropsecurity.com/Hijacking-Shipments-Phone-Channel-Registration.html" />
+			<test url="http://info.pindropsecurity.com/Preventing-Fraud-Airline-Call-Centers-Webinar-Registration.html" />
+			<test url="http://info.pindropsecurity.com/Webcast-Deploying-New-Technologies-to-Secure-Telephony-and-Authenticate-Callers.html" />
+
+			<!--	-ve:
+					-->
+			<test url="http://info.pindropsecurity.com/?" />
+			<test url="http://info.pindropsecurity.com/css/mktLPSupport.css" />
+			<test url="http://info.pindropsecurity.com/rs/pindropsecurity/images/Pindrop_Logo_Grey_RGB.gif" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/pingler.com.xml b/src/chrome/content/rules/pingler.com.xml
new file mode 100644
index 000000000000..1298377d5384
--- /dev/null
+++ b/src/chrome/content/rules/pingler.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="pingler.com">
+	<target host="pingler.com" />
+	<target host="www.pingler.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/piraadipartei.ee.xml b/src/chrome/content/rules/piraadipartei.ee.xml
new file mode 100644
index 000000000000..684178abacb6
--- /dev/null
+++ b/src/chrome/content/rules/piraadipartei.ee.xml
@@ -0,0 +1,44 @@
+<!--
+	Problematic hosts in *piraadipartei.ee:
+
+		- ^ ᵉ
+		- www ᵉ ᵐ ᶠ
+
+	ᵉ Expired
+	ᶠ Handshake fails, preemptable redirect
+	ᵐ Mismatched
+
+
+	Mixed content:
+
+		- css on ^ from $self
+
+		- Images, on:
+
+			- ^ from $self
+			- ^ from pbs.twimg.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Piraadipartei.ee" default_off="expired" platform="mixedcontent">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="piraadipartei.ee" />
+
+	<!--	Complications:
+				-->
+	<target host="www.piraadipartei.ee" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://www\.piraadipartei\.ee/"
+		to="https://piraadipartei.ee/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/piraattipuolue.fi.xml b/src/chrome/content/rules/piraattipuolue.fi.xml
new file mode 100644
index 000000000000..43a472ab9889
--- /dev/null
+++ b/src/chrome/content/rules/piraattipuolue.fi.xml
@@ -0,0 +1,88 @@
+<!--
+	Nonfunctional hosts in *piraattipuolue.fi:
+
+		- arkisto ᵃ
+		- hame ᵃ
+		- helsinki ᵃ
+		- kauppa ᵃ
+
+	ᵃ Shows another domain
+
+
+	Problematic hosts in *piraattipuolue.fi:
+
+		- eurovaalikone * ʳ
+		- stats ᵉ
+		- wikileaks ᵐ
+
+	* Expired cert at redirect destination
+	ᵉ Expired
+	ᵐ Mismatched
+	ʳ Refused, preemptable redirect
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- .foorumi.piraattipuolue.fi
+		- keskustelut.piraattipuolue.fi
+		- stats.piraattipuolue.fi
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Images on ^, blogi from $self ˢ
+		- favicon on keskustelut from arkisto.piraattipuolue.fi ⁴
+
+		- Bug, on:
+
+			- blogi from www.facebook.com ˢ
+			- blogi from apis.google.com ˢ
+			- blogi, keskustelut, wiki from stats.piraattipuolue.fi ᵉ
+			- blogi from platform.twitter.com ˢ
+
+	⁴ Unsecurable <= 404
+	ᵉ Not secured by us <= expired
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Piraattipuolue.fi (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="piraattipuolue.fi" />
+	<target host="blogi.piraattipuolue.fi" />
+	<target host="foorumi.piraattipuolue.fi" />
+	<target host="keskustelut.piraattipuolue.fi" />
+	<target host="tilastot.piraattipuolue.fi" />
+	<target host="wiki.piraattipuolue.fi" />
+	<target host="www.piraattipuolue.fi" />
+
+	<!--	Complications:
+				-->
+	<!--target host="eurovaalikone.piraattipuolue.fi" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.foorumi\.piraattipuolue\.fi$" name="^phpbb3_\w+_(?:k|sid|u)$" /-->
+	<!--securecookie host="^keskustelut\.piraattipuolue\.fi$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^stats\.piraattipuolue\.fi$" name="^DYNSRV$" /-->
+
+	<securecookie host="^(?!\.piraattipuolue\.fi$)." name=".+" />
+
+
+	<!--	Redirect drops all:
+					-->
+	<!--rule from="^http://eurovaalikone\.piraattipuolue\.fi/.*"
+		to="https://www.dy.fi/" /-->
+
+		<!--
+		<test url="http://eurovaalikone.piraattipuolue.fi/page/graphs" />
+		-->
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/pirate-party.us.xml b/src/chrome/content/rules/pirate-party.us.xml
new file mode 100644
index 000000000000..3590f196d93d
--- /dev/null
+++ b/src/chrome/content/rules/pirate-party.us.xml
@@ -0,0 +1,41 @@
+<!--
+	(www.)?pirate-party.us: 404
+
+-->
+<ruleset name="Pirate-Party.us (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="blog.pirate-party.us" />
+
+	<!--	Complications:
+				-->
+	<target host="pirate-party.us" />
+	<target host="www.pirate-party.us" />
+
+		<!--	\w$ does not redirect:
+						-->
+		<exclusion pattern="^http://(?:www\.)?pirate-party\.us/(?!/*(?:$|\?))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.pirate-party.us/default.asp" />
+			<test url="http://www.pirate-party.us/default.aspx" />
+			<test url="http://www.pirate-party.us/favicon.ico" />
+			<test url="http://www.pirate-party.us/index.htm" />
+			<test url="http://www.pirate-party.us/index.html" />
+			<test url="http://www.pirate-party.us/index.php" />
+
+
+	<securecookie host="^[^.pw]" name=".+" />
+
+
+	<!--	Redirect drops args and forward slash:
+							-->
+	<rule from="^http://(?:www\.)?pirate-party\.us/.*"
+		to="https://blog.pirate-party.us/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/piratebay.red.xml b/src/chrome/content/rules/piratebay.red.xml
new file mode 100644
index 000000000000..e98588376868
--- /dev/null
+++ b/src/chrome/content/rules/piratebay.red.xml
@@ -0,0 +1,7 @@
+<ruleset name="piratebay.red">
+	<target host="piratebay.red" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/piratebayaccess.co.uk.xml b/src/chrome/content/rules/piratebayaccess.co.uk.xml
new file mode 100644
index 000000000000..a68645596957
--- /dev/null
+++ b/src/chrome/content/rules/piratebayaccess.co.uk.xml
@@ -0,0 +1,15 @@
+<!--
+	Nonfunctional hosts in *.piratebayaccess.co.uk:
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Piratebayaccess.co.uk">
+	<target host="piratebayaccess.co.uk" />
+	<target host="www.piratebayaccess.co.uk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/piratebaymirror.eu.xml b/src/chrome/content/rules/piratebaymirror.eu.xml
new file mode 100644
index 000000000000..1975ec1f04ba
--- /dev/null
+++ b/src/chrome/content/rules/piratebaymirror.eu.xml
@@ -0,0 +1,7 @@
+<ruleset name="piratebaymirror.eu">
+	<target host="piratebaymirror.eu" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/piratebaynew.co.uk.xml b/src/chrome/content/rules/piratebaynew.co.uk.xml
new file mode 100644
index 000000000000..88be73e9eb88
--- /dev/null
+++ b/src/chrome/content/rules/piratebaynew.co.uk.xml
@@ -0,0 +1,8 @@
+<ruleset name="piratebaynew.co.uk">
+	<target host="piratebaynew.co.uk" />
+	<target host="www.piratebaynew.co.uk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/piratebayproxy.be.xml b/src/chrome/content/rules/piratebayproxy.be.xml
new file mode 100644
index 000000000000..c0ca440f29b7
--- /dev/null
+++ b/src/chrome/content/rules/piratebayproxy.be.xml
@@ -0,0 +1,7 @@
+<ruleset name="piratebayproxy.be">
+	<target host="piratebayproxy.be" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/piraten-aargau.ch.xml b/src/chrome/content/rules/piraten-aargau.ch.xml
new file mode 100644
index 000000000000..c71241bcd6ba
--- /dev/null
+++ b/src/chrome/content/rules/piraten-aargau.ch.xml
@@ -0,0 +1,13 @@
+<ruleset name="Piraten-Aargau.ch">
+
+	<target host="piraten-aargau.ch" />
+	<target host="www.piraten-aargau.ch" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/piraten.lu.xml b/src/chrome/content/rules/piraten.lu.xml
new file mode 100644
index 000000000000..33369a20eeb1
--- /dev/null
+++ b/src/chrome/content/rules/piraten.lu.xml
@@ -0,0 +1,40 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.piraten.lu/ => https://www.piraten.lu/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- piraten.lu
+		- www.piraten.lu
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- iframe on (www.)? from www.youtube-nocookie.com ˢ
+		- Bug on (www.)? from stats.piraten.lu
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Piraten.lu" default_off="failed ruleset test">
+
+	<target host="piraten.lu" />
+	<target host="pad.piraten.lu" />
+	<target host="www.piraten.lu" />
+	<target host="zentrum.piraten.lu" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?piraten\.lu$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/pirateparty.gr.xml b/src/chrome/content/rules/pirateparty.gr.xml
new file mode 100644
index 000000000000..35a97e61171e
--- /dev/null
+++ b/src/chrome/content/rules/pirateparty.gr.xml
@@ -0,0 +1,66 @@
+<!--
+	Nonfunctional hosts in *pirateparty.gr:
+
+		- elections ᵃ ᵀ
+		- lists ᵃ
+
+	ᵀ Sets STS header
+	ᵃ Shows another domain
+
+
+	Problematic hosts in *pirateparty.gr:
+
+		- liquid *
+
+	* Redirect for lf($|\?) differs
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- pads.pirateparty.gr
+		- teams.pirateparty.gr
+		- www.pirateparty.gr
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Images on teams from $self ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Pirate Party.gr (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="pirateparty.gr" />
+	<target host="pads.pirateparty.gr" />
+	<target host="teams.pirateparty.gr" />
+	<target host="www.pirateparty.gr" />
+
+	<!--	Complications:
+				-->
+	<target host="liquid.pirateparty.gr" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^pads\.pirateparty\.gr$" name="^express_sid$" /-->
+	<!--securecookie host="^teams\.pirateparty\.gr$" name="^_redmine_session$" /-->
+	<!--securecookie host="^www\.pirateparty\.gr$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://liquid\.pirateparty\.gr/+lf(?=$|\?)"
+		to="https://liquid.pirateparty.gr/lf/" />
+
+		<test url="http://liquid.pirateparty.gr/lf" />
+		<test url="http://liquid.pirateparty.gr/lf?" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/pirateproxy.ca.xml b/src/chrome/content/rules/pirateproxy.ca.xml
new file mode 100644
index 000000000000..28c7b39b03d4
--- /dev/null
+++ b/src/chrome/content/rules/pirateproxy.ca.xml
@@ -0,0 +1,8 @@
+<ruleset name="pirateproxy.ca">
+	<target host="pirateproxy.ca" />
+	<target host="www.pirateproxy.ca" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/pirateproxy.net.xml b/src/chrome/content/rules/pirateproxy.net.xml
new file mode 100644
index 000000000000..2e50069138a0
--- /dev/null
+++ b/src/chrome/content/rules/pirateproxy.net.xml
@@ -0,0 +1,8 @@
+<ruleset name="pirateproxy.net">
+	<target host="pirateproxy.net" />
+	<target host="www.pirateproxy.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/pirateproxy.se.xml b/src/chrome/content/rules/pirateproxy.se.xml
new file mode 100644
index 000000000000..96575261616d
--- /dev/null
+++ b/src/chrome/content/rules/pirateproxy.se.xml
@@ -0,0 +1,8 @@
+<ruleset name="pirateproxy.se">
+	<target host="pirateproxy.se" />
+	<target host="www.pirateproxy.se" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/pirateproxy.tv.xml b/src/chrome/content/rules/pirateproxy.tv.xml
new file mode 100644
index 000000000000..e180562de6d7
--- /dev/null
+++ b/src/chrome/content/rules/pirateproxy.tv.xml
@@ -0,0 +1,8 @@
+<ruleset name="pirateproxy.tv">
+	<target host="pirateproxy.tv" />
+	<target host="www.pirateproxy.tv" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/piratesahoy.net.xml b/src/chrome/content/rules/piratesahoy.net.xml
new file mode 100644
index 000000000000..0511ba08b44c
--- /dev/null
+++ b/src/chrome/content/rules/piratesahoy.net.xml
@@ -0,0 +1,28 @@
+<!--
+	Invalid certificate:
+		ftp.piratesahoy.net
+		whm.piratesahoy.net
+
+	Refused:
+		localhost.piratesahoy.net
+
+	Redirect to HTTP:
+		cloud.piratesahoy.net
+		www.cloud.piratesahoy.net
+-->
+<ruleset name="piratesahoy.net">
+	<target host="piratesahoy.net" />
+	<target host="www.piratesahoy.net" />
+	<target host="cpanel.piratesahoy.net" />
+	<target host="cpcalendars.piratesahoy.net" />
+	<target host="cpcontacts.piratesahoy.net" />
+	<target host="mail.piratesahoy.net" />
+	<target host="pacloud.piratesahoy.net" />
+	<target host="www.pacloud.piratesahoy.net" />
+	<target host="sqldump.piratesahoy.net" />
+	<target host="www.sqldump.piratesahoy.net" />
+	<target host="webdisk.piratesahoy.net" />
+	<target host="webmail.piratesahoy.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/pirogov.ru.xml b/src/chrome/content/rules/pirogov.ru.xml
new file mode 100644
index 000000000000..f514b786b295
--- /dev/null
+++ b/src/chrome/content/rules/pirogov.ru.xml
@@ -0,0 +1,45 @@
+<!--
+holzplast.pirogov.ru ³
+moscowzoo.pirogov.ru ³
+www.moscowzoo.pirogov.ru ³
+brusnika.dev.pirogov.ru ¹
+www.old.pirogov.ru ²
+nnov.tele2.pirogov.ru ²
+murmansk.tele2.pirogov.ru ²
+vladivostok.tele2.pirogov.ru ²
+kaluga.tele2.pirogov.ru ²
+kamchatka.tele2.pirogov.ru ²
+lipetsk.tele2.pirogov.ru ²
+chelyabinsk.tele2.pirogov.ru ²
+irkutsk.tele2.pirogov.ru ²
+spb.tele2.pirogov.ru ²
+vologda.tele2.pirogov.ru ²
+volgograd.tele2.pirogov.ru ²
+rostov.tele2.pirogov.ru ²
+msk.tele2.pirogov.ru ²
+karelia.tele2.pirogov.ru ²
+novosibirsk.tele2.pirogov.ru ²
+voronezh.tele2.pirogov.ru ²
+kuzbass.tele2.pirogov.ru ²
+krasnodar.tele2.pirogov.ru ²
+belgorod.tele2.pirogov.ru ²
+vladimir.tele2.pirogov.ru ²
+kazan.tele2.pirogov.ru ²
+www.stolline.pirogov.ru ⁴
+cccb.dev.pirogov.ru ²
+stolline.dev.pirogov.ru ¹
+orders.shop.tele2.pirogov.ru ²
+hogart.dev.pirogov.ru ¹
+
+
+¹ mismatch
+² refused
+³ timed out
+⁴ self signed
+-->
+<ruleset name="pirogov.ru">
+	<target host="pirogov.ru" />
+	<target host="www.pirogov.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/pit-format-online.pl.xml b/src/chrome/content/rules/pit-format-online.pl.xml
new file mode 100644
index 000000000000..159e573f1839
--- /dev/null
+++ b/src/chrome/content/rules/pit-format-online.pl.xml
@@ -0,0 +1,23 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- pit-format-online.pl
+
+-->
+<ruleset name="pit-format-online.pl">
+
+	<target host="pit-format-online.pl" />
+	<target host="www.pit-format-online.pl" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^pit-format-online\.pl$" name="^(?:pbHash|pity2015sess)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/piter.tv.xml b/src/chrome/content/rules/piter.tv.xml
new file mode 100644
index 000000000000..843cd6a2b6c5
--- /dev/null
+++ b/src/chrome/content/rules/piter.tv.xml
@@ -0,0 +1,17 @@
+<!--
+ska.piter.tv ¹
+zenit.piter.tv ¹
+m.piter.tv ¹
+help.piter.tv ¹
+minifootball.piter.tv ¹
+lomo.piter.tv ¹
+
+
+¹ mismatch
+-->
+<ruleset name="piter.tv">
+	<target host="piter.tv" />
+	<target host="www.piter.tv" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/piwikpro.com.xml b/src/chrome/content/rules/piwikpro.com.xml
new file mode 100644
index 000000000000..e69c7e2ab37a
--- /dev/null
+++ b/src/chrome/content/rules/piwikpro.com.xml
@@ -0,0 +1,14 @@
+<ruleset name="piwikpro.com">
+
+	<target host="brave.piwikpro.com" />
+	<target host="georgetown-msb.piwikpro.com" />
+	<target host="ixmaps.piwikpro.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/pixel.ad.xml b/src/chrome/content/rules/pixel.ad.xml
new file mode 100644
index 000000000000..dac48a3a5d42
--- /dev/null
+++ b/src/chrome/content/rules/pixel.ad.xml
@@ -0,0 +1,12 @@
+<ruleset name="pixel.ad">
+
+	<target host="centro.pixel.ad" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/pizzaportal.pl.xml b/src/chrome/content/rules/pizzaportal.pl.xml
new file mode 100644
index 000000000000..2404ac506b87
--- /dev/null
+++ b/src/chrome/content/rules/pizzaportal.pl.xml
@@ -0,0 +1,55 @@
+<!--
+	Nonfunctional hosts in *pizzaportal.pl:
+
+		- blog ʳ
+		- kontakt ʰ
+
+	ʰ Redirects to http
+	ʳ Refused
+
+
+	www.pizzaportal.pl: Redirects to http
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- pizzaportal.pl
+		- .pizzaportal.pl
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Bug on ^ from img-cdn.mediaplex.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="PizzaPortal.pl (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="pizzaportal.pl" />
+
+	<!--	Complications:
+				-->
+	<target host="www.pizzaportal.pl" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^pizzaportal\.pl$" name="^cookieConfirmShow$" /-->
+	<!--securecookie host="^\.pizzaportal\.pl$" name="^(?:ident|latestAddressData|referer)$" /-->
+
+	<securecookie host="^\." name="^(?:_gat?$|_gat_|ident$|latestAddressData$|referer$)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://www\.pizzaportal\.pl/"
+		to="https://pizzaportal.pl/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/pkcommunitywatch.co.uk.xml b/src/chrome/content/rules/pkcommunitywatch.co.uk.xml
new file mode 100644
index 000000000000..18d19766190b
--- /dev/null
+++ b/src/chrome/content/rules/pkcommunitywatch.co.uk.xml
@@ -0,0 +1,13 @@
+<ruleset name="PK Community Watch.co.uk">
+
+	<target host="pkcommunitywatch.co.uk" />
+	<target host="www.pkcommunitywatch.co.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/pki.goog.xml b/src/chrome/content/rules/pki.goog.xml
new file mode 100644
index 000000000000..02ea3d24cdd3
--- /dev/null
+++ b/src/chrome/content/rules/pki.goog.xml
@@ -0,0 +1,27 @@
+<!--
+	For other Google related rulesets, see GoogleServices.xml.
+
+	This domain contains a wildcard DNS record.
+
+	Invalid certificate:
+		- expired.*.pki.goog
+		- revoked.*.pki.goog
+
+	Unable to get local issuer certificate:
+		- good.r1demo.pki.goog
+		- good.r2demo.pki.goog
+		- good.r3demo.pki.goog
+		- good.r4demo.pki.goog
+-->
+<ruleset name="Google Trust Services">
+
+	<target host="pki.goog" />
+	<target host="crl.pki.goog" />
+	<target host="good.gsr2demo.pki.goog" />
+	<target host="good.gsr4demo.pki.goog" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/plainenglish.co.uk.xml b/src/chrome/content/rules/plainenglish.co.uk.xml
new file mode 100644
index 000000000000..935007b1668b
--- /dev/null
+++ b/src/chrome/content/rules/plainenglish.co.uk.xml
@@ -0,0 +1,36 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://plainenglish.co.uk/ => https://plainenglish.co.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'plainenglish.co.uk'")
+Fetch error: http://www.plainenglish.co.uk/ => https://www.plainenglish.co.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'www.plainenglish.co.uk'")
+
+	Insecure cookies are set for these hosts:
+
+		- plainenglish.co.uk
+		- www.plainenglish.co.uk
+
+
+	Mixed content:
+
+		- Images from www.plainenglish.co.uk ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="Plain English.co.uk" default_off="failed ruleset test">
+
+	<target host="plainenglish.co.uk" />
+	<target host="www.plainenglish.co.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?plainenglish\.co\.uk$" name="^[\da-f]{32}$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/planeta.ru.xml b/src/chrome/content/rules/planeta.ru.xml
new file mode 100644
index 000000000000..e558ac788daf
--- /dev/null
+++ b/src/chrome/content/rules/planeta.ru.xml
@@ -0,0 +1,24 @@
+<!--
+www.planeta.ru ¹
+files.planeta.ru ³
+
+
+¹ mismatch
+³ timed out
+-->
+<ruleset name="planeta.ru">
+	<target host="planeta.ru" />
+	<target host="biblio.planeta.ru" />
+	<target host="s2.planeta.ru" />
+	<target host="school.planeta.ru" />
+	<target host="shop.planeta.ru" />
+	<target host="static.planeta.ru" />
+	<target host="tv.planeta.ru" />
+
+	<target host="www.planeta.ru" />
+
+	<rule from="^http://www\.planeta\.ru/"
+		to="https://planeta.ru/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/planetrulers.xml b/src/chrome/content/rules/planetrulers.xml
new file mode 100644
index 000000000000..015db691dd04
--- /dev/null
+++ b/src/chrome/content/rules/planetrulers.xml
@@ -0,0 +1,12 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.planetrulers.com/ => https://www.planetrulers.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.planetrulers.com'")
+
+-->
+<ruleset name="Planet Rulers" default_off="failed ruleset test">
+	<target host="planetrulers.com" />
+	<target host="www.planetrulers.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/planetsyria.org.xml b/src/chrome/content/rules/planetsyria.org.xml
new file mode 100644
index 000000000000..356a400422ef
--- /dev/null
+++ b/src/chrome/content/rules/planetsyria.org.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- on.planetsyria.org
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Planet Syria.org">
+
+	<target host="planetsyria.org" />
+	<target host="on.planetsyria.org" />
+	<target host="www.planetsyria.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^on\.planetsyria\.org$" name="^_icl_current_language$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/plannedparenthoodaction.org.xml b/src/chrome/content/rules/plannedparenthoodaction.org.xml
new file mode 100644
index 000000000000..7e71f1c54f91
--- /dev/null
+++ b/src/chrome/content/rules/plannedparenthoodaction.org.xml
@@ -0,0 +1,30 @@
+<!--
+	For other Planned Parenthood coverage, see Planned-Parenthood.xml.
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- plannedparenthoodaction.org
+		- www.plannedparenthoodaction.org
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Planned Parenthood Action.org">
+
+	<target host="plannedparenthoodaction.org" />
+	<target host="www.plannedparenthoodaction.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?plannedparenthoodaction\.org$" name="^CONCRETE5$" /-->
+
+	<securecookie host="^\." name="^(?:__cfduid$|_gat?$|_gat_|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/planningportal.gov.uk.xml b/src/chrome/content/rules/planningportal.gov.uk.xml
new file mode 100644
index 000000000000..fc1cb26ce5d3
--- /dev/null
+++ b/src/chrome/content/rules/planningportal.gov.uk.xml
@@ -0,0 +1,54 @@
+<!--
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *planningportal.gov.uk:
+
+		- majorapp ᵇ
+		- planningguidance ʳ
+
+	ᵇ Shows default page
+	ʳ Refused
+
+
+	Problematic hosts in *planningportal.gov.uk:
+
+		- aviationtool ᵐ ˢ
+		- infrastructure ᵉ ᵐ ˢ
+		- ppliveas2 ᵐ
+		- ppliveas8 ᵐ
+
+	ᵉ Expired
+	ᵐ Mismatched
+	ˢ Self-signed
+
+
+	^planningportal.gov.uk doesn't exist.
+
+
+	Insecure cookies are set for these hosts:
+
+		- acp.planningportal.gov.uk
+		- aviationtool.planningportal.gov.uk
+		- www.planningportal.gov.uk
+
+-->
+<ruleset name="Planning Portal.gov.uk (partial)">
+
+	<target host="acp.planningportal.gov.uk" />
+	<target host="www.planningportal.gov.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^acp\.planningportal\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^aviationtool\.planningportal\.gov\.uk$" name="^(?:AWSELB|PHPSESSID)$" /-->
+	<!--securecookie host="^www\.planningportal\.gov\.uk$" name="^(?:JSESSIONID|ppsessionid)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/plarium.com.xml b/src/chrome/content/rules/plarium.com.xml
new file mode 100644
index 000000000000..e3cbe8b9d932
--- /dev/null
+++ b/src/chrome/content/rules/plarium.com.xml
@@ -0,0 +1,53 @@
+<!--
+	Nonfunctional hosts in *plarium.com:
+
+		- company ⁴
+		- developer ᵈ
+		- forum ⁴
+		- support ⁵
+		- wiki ⁵
+
+	⁴ 404
+	⁵ 521
+	ᵈ Dropped
+
+
+	Mixed content:
+
+		- Images on ^ from cdn01.x-plarium.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Plarium.com (partial)">
+
+	<target host="plarium.com" />
+	<target host="www.plarium.com" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://plarium\.com/(?:$|en/blog/$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://(?:www\.)?plarium\.com/(?!/*forum(?:$|[?/]))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://plarium.com/en/blog/" />
+			<test url="http://plarium.com/en/privacy-and-cookie-policy/" />
+			<test url="http://plarium.com/de/strategiespiele/sparta-war-of-empires/erfahrungsberichte/" />
+			<test url="http://plarium.com/en/strategy-games/soldiers-inc/" />
+
+			<!--	-ve:
+					-->
+			<test url="http://plarium.com/forum/" />
+
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/plasq.com.xml b/src/chrome/content/rules/plasq.com.xml
new file mode 100644
index 000000000000..b3e0cf040cfb
--- /dev/null
+++ b/src/chrome/content/rules/plasq.com.xml
@@ -0,0 +1,48 @@
+<!--
+	HTTPS != HHTP:
+		seqa.plasq.com
+
+	Invalid certificate:
+		media.plasq.com
+		nfs.plasq.com
+		starbuck.plasq.com
+		updater.plasq.com
+		downloads.plasq.com
+
+	Protocol error:
+		forum.plasq.com
+
+	Refused:
+		docs.plasq.com
+		video.plasq.com
+		vpn.plasq.com
+		webmail.plasq.com
+-->
+<ruleset name="plasq.com">
+	<target host="plasq.com" />
+	<target host="www.plasq.com" />
+	<target host="account.plasq.com" />
+	<target host="bugreports.plasq.com" />
+	<target host="comics.plasq.com" />
+	<target host="crashreports.plasq.com" />
+	<target host="forums.plasq.com" />
+	<target host="help.plasq.com" />
+	<target host="new.plasq.com" />
+	<target host="old.plasq.com" />
+	<target host="plasqsite.plasq.com" />
+	<target host="quincykit.plasq.com" />
+	<target host="quincykit3.plasq.com" />
+	<target host="r.plasq.com" />
+	<target host="secure.plasq.com" />
+	<target host="seq.plasq.com" />
+	<target host="support.plasq.com" />
+	<target host="todo.plasq.com" />
+	<target host="tools.plasq.com" />
+	<target host="update.plasq.com" />
+	<target host="upgrade.plasq.com" />
+	<target host="web.plasq.com" />
+	<target host="webdev.plasq.com" />
+	<target host="webservices.plasq.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/plasso.co.xml b/src/chrome/content/rules/plasso.co.xml
new file mode 100644
index 000000000000..e91992320962
--- /dev/null
+++ b/src/chrome/content/rules/plasso.co.xml
@@ -0,0 +1,41 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- plasso.co
+		- www.plasso.co
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	STS header includes includeSubdomains
+	for ^, www
+
+-->
+<ruleset name="Plasso.co">
+
+	<target host="plasso.co" />
+	<target host="*.plasso.co" />
+
+		<!--	includeSubdomains applies to one level only, so:
+									-->
+		<exclusion pattern="^http://(?:[^./]+\.){2,}plasso\.co/" />
+
+			<!--	+ve:
+					-->
+			<test url="http://this.host.plasso.co/" />
+			<test url="http://exists.not.plasso.co/" />
+
+		<test url="http://www.plasso.co/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?plasso\.co$" name="^PHPSESSID$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/platba.cz.xml b/src/chrome/content/rules/platba.cz.xml
new file mode 100644
index 000000000000..6b4dfec95e98
--- /dev/null
+++ b/src/chrome/content/rules/platba.cz.xml
@@ -0,0 +1,9 @@
+<!--
+	For other Active24.cz coverage, see active24.cz.xml.
+-->
+<ruleset name="Platba.cz">
+	<target host="platba.cz" />
+	<target host="www.platba.cz" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/platformio.org.xml b/src/chrome/content/rules/platformio.org.xml
new file mode 100644
index 000000000000..7f658db9cdb8
--- /dev/null
+++ b/src/chrome/content/rules/platformio.org.xml
@@ -0,0 +1,11 @@
+<!--
+platformio.org mismatch
+www.platformio.org mismatch
+cdn.platformio.org mismatch
+docs.platformio.org mismatch
+-->
+<ruleset name="platformio.org (partial)">
+	<target host="community.platformio.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/playground.ru.xml b/src/chrome/content/rules/playground.ru.xml
new file mode 100644
index 000000000000..59b5820d8965
--- /dev/null
+++ b/src/chrome/content/rules/playground.ru.xml
@@ -0,0 +1,68 @@
+<!--
+	Invalid certificate:
+		0-mail.playground.ru
+		archive.playground.ru
+		blackbone.playground.ru
+		cheathall.playground.ru
+		club.playground.ru
+		ftp.playground.ru
+		mail.playground.ru
+		pg-dl.playground.ru
+		ts.playground.ru
+		www2.playground.ru
+		www5.playground.ru
+		www6.playground.ru
+
+	Redirect to HTTP:
+		mobile.playground.ru
+
+	Refused:
+		dc.playground.ru
+		et.playground.ru
+		hl.playground.ru
+
+	Time out:
+		dev.playground.ru
+		dev2.playground.ru
+		dev-git.playground.ru
+		dl1.playground.ru
+		dl2.playground.ru
+		dl3.playground.ru
+		download.playground.ru
+		drugit.playground.ru
+		pg.playground.ru
+		q2.playground.ru
+		q3.playground.ru
+		q4.playground.ru
+		qw.playground.ru
+		ss.playground.ru
+		test.playground.ru
+		test2.playground.ru
+		video0.playground.ru
+		www1.playground.ru
+		www3.playground.ru
+		www4.playground.ru
+-->
+<ruleset name="playground.ru">
+	<target host="playground.ru" />
+	<target host="www.playground.ru" />
+	<target host="dl.playground.ru" />
+	<target host="forums.playground.ru" />
+	<target host="www.forums.playground.ru" />
+	<target host="frostbone.playground.ru" />
+	<target host="games.playground.ru" />
+	<target host="i.playground.ru" />
+	<target host="img.playground.ru" />
+	<target host="megaplan.playground.ru" />
+	<target host="news.playground.ru" />
+	<target host="www.news.playground.ru" />
+	<target host="pix.playground.ru" />
+	<target host="www.pix.playground.ru" />
+	<target host="system.playground.ru" />
+	<target host="users.playground.ru" />
+	<target host="www.users.playground.ru" />
+	<target host="video.playground.ru" />
+	<target host="video2.playground.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/playphrase.me.xml b/src/chrome/content/rules/playphrase.me.xml
new file mode 100644
index 000000000000..7eaa5cf22ef9
--- /dev/null
+++ b/src/chrome/content/rules/playphrase.me.xml
@@ -0,0 +1,6 @@
+<ruleset name="playphrase.me">
+	<target host="playphrase.me" />
+	<target host="www.playphrase.me" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/plop.at.xml b/src/chrome/content/rules/plop.at.xml
new file mode 100644
index 000000000000..9cca7e3ed889
--- /dev/null
+++ b/src/chrome/content/rules/plop.at.xml
@@ -0,0 +1,8 @@
+<ruleset name="plop.at">
+	<target host="plop.at" />
+	<target host="www.plop.at" />
+	<target host="download.plop.at" />
+	<target host="forum.plop.at" />
+	<target host="webmail.plop.at" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/pluralsight.com.xml b/src/chrome/content/rules/pluralsight.com.xml
new file mode 100644
index 000000000000..0adfe337ebfe
--- /dev/null
+++ b/src/chrome/content/rules/pluralsight.com.xml
@@ -0,0 +1,14 @@
+<!--
+help.pluralsight.com mismatch
+tutorials.pluralsight.com timed out
+support.pluralsight.com mismatch
+-->
+<ruleset name="pluralsight.com">
+	<target host="pluralsight.com" />
+	<target host="www.pluralsight.com" />
+	<target host="app.pluralsight.com" />
+	<target host="billing.pluralsight.com" />
+	<target host="learn.pluralsight.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/plymouth.gov.uk.xml b/src/chrome/content/rules/plymouth.gov.uk.xml
new file mode 100644
index 000000000000..2108fa2f4246
--- /dev/null
+++ b/src/chrome/content/rules/plymouth.gov.uk.xml
@@ -0,0 +1,61 @@
+<!--
+	Plymouth City Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *plymouth.gov.uk:
+
+		- (www.)? ʳ
+		- museumcatalogue ʳ
+		- www.webopac ᵈ
+
+	ᵈ Dropped
+	ʳ Refused
+
+
+	Insecure cookies are set for these hosts:
+
+		- democracy.plymouth.gov.uk
+		- secure.plymouth.gov.uk
+
+
+	Mixed content:
+
+		- Images on democracy from go.m-gov.eu ⁴
+		- favicon on secure1 from www.plymouth.gov.uk ʳ
+
+	⁴ Unsecurable <= 404
+	ʳ Unsecurable <= refused
+
+-->
+<ruleset name="Plymouth.gov.uk (partial)">
+
+	<target host="admissions.plymouth.gov.uk" />
+	<target host="democracy.plymouth.gov.uk" />
+	<target host="licensing.plymouth.gov.uk" />
+	<target host="secure.plymouth.gov.uk" />
+	<target host="secure1.plymouth.gov.uk" />
+	<target host="webmail.plymouth.gov.uk" />
+
+		<!--	Sets cookie without Secure:
+							-->
+		<!--test url="http://secure.plymouth.gov.uk/Aicon/Webpay_Public/webpay/default.aspx" /-->
+
+		<!--	Mixed favicon:
+					-->
+		<!--test url="http://secure1.plymouth.gov.uk/publicaccesslive/selfservice/citizenportal/login.htm" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^democracy\.plymouth\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^secure\.plymouth\.gov\.uk$" name="^ASP\.NET_SESSIONCOOKIE" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/pmem.io.xml b/src/chrome/content/rules/pmem.io.xml
new file mode 100644
index 000000000000..43d589419249
--- /dev/null
+++ b/src/chrome/content/rules/pmem.io.xml
@@ -0,0 +1,11 @@
+<!--
+	Invalid certificate:
+		www.pmem.io
+-->
+<ruleset name="pmem.io">
+	<target host="pmem.io" />
+	<target host="docs.pmem.io" />
+	<target host="kb.pmem.io" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/pnp.ru.xml b/src/chrome/content/rules/pnp.ru.xml
new file mode 100644
index 000000000000..c8b5dd0d046c
--- /dev/null
+++ b/src/chrome/content/rules/pnp.ru.xml
@@ -0,0 +1,9 @@
+<!-- old. refused
+kino. mismatch
+test. self signed
+www.test. self signed -->
+<ruleset name="pnp.ru">
+	<target host="pnp.ru" />
+	<target host="www.pnp.ru" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/pocketmags.com.xml b/src/chrome/content/rules/pocketmags.com.xml
new file mode 100644
index 000000000000..ed7845296018
--- /dev/null
+++ b/src/chrome/content/rules/pocketmags.com.xml
@@ -0,0 +1,31 @@
+<!--
+	CDN buckets:
+
+		- mccovers.blob.core.windows.net
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- pocketmags.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Pocketmags.com">
+
+	<target host="pocketmags.com" />
+	<target host="www.pocketmags.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^pocketmags\.com$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/podfilter.de.xml b/src/chrome/content/rules/podfilter.de.xml
new file mode 100644
index 000000000000..9da249621192
--- /dev/null
+++ b/src/chrome/content/rules/podfilter.de.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- podfilter.de
+		- www.podfilter.de
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Podfilter.de">
+
+	<target host="podfilter.de" />
+	<target host="www.podfilter.de" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?podfilter\.de$" name="^_podfilter_session$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/podrobnosti.ua.xml b/src/chrome/content/rules/podrobnosti.ua.xml
new file mode 100644
index 000000000000..4f1f5af99576
--- /dev/null
+++ b/src/chrome/content/rules/podrobnosti.ua.xml
@@ -0,0 +1,19 @@
+<!--
+a.podrobnosti.ua ²
+antonov.podrobnosti.ua ²
+kuzma.podrobnosti.ua ²
+lbn.podrobnosti.ua ²
+lenta.podrobnosti.ua ³
+test.podrobnosti.ua ²
+weaponukraine.podrobnosti.ua ²
+
+
+² refused
+³ timed out
+-->
+<ruleset name="podrobnosti.ua">
+	<target host="podrobnosti.ua" />
+	<target host="www.podrobnosti.ua" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/podtrac.com.xml b/src/chrome/content/rules/podtrac.com.xml
new file mode 100644
index 000000000000..343e32f90070
--- /dev/null
+++ b/src/chrome/content/rules/podtrac.com.xml
@@ -0,0 +1,48 @@
+<!--
+	CDN buckets:
+
+		- podtrac-hosting.s3.amazonaws.com
+
+
+	Mixed content:
+
+		- Image on play from www.podtrac.com ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="Podtrac.com (partial)">
+
+	<!--target host="podtrac-hosting.s3.amazonaws.com" /-->
+
+	<target host="podtrac.com" />
+	<target host="dts.podtrac.com" />
+	<target host="feeds.podtrac.com" />
+	<target host="play.podtrac.com" />
+	<target host="www.podtrac.com" />
+
+		<!--	Redirects are protocol-relative regardless
+			of destinations' support.
+
+			(ideally this would not exclude destinations
+			that do support tls, but for now...:)
+								-->
+		<exclusion pattern="^http://dts\.podtrac\.com/redirect\.(?!mp3/rss\.art19\.com/)" />
+		<exclusion pattern="^http://www\.podtrac\.com/pts/redirect\." />
+
+			<!--	+ve:
+					-->
+			<test url="http://dts.podtrac.com/redirect.mp3/" />
+			<test url="http://dts.podtrac.com/redirect.mp3/index.html" />
+			<test url="http://www.podtrac.com/pts/redirect.mp3/" />
+
+		<test url="http://feeds.podtrac.com/LhS5ax2CPGou" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/pogliad.ua.xml b/src/chrome/content/rules/pogliad.ua.xml
new file mode 100644
index 000000000000..397b5433698a
--- /dev/null
+++ b/src/chrome/content/rules/pogliad.ua.xml
@@ -0,0 +1,6 @@
+<ruleset name="pogliad.ua">
+	<target host="pogliad.ua" />
+	<target host="www.pogliad.ua" />
+	<target host="media.pogliad.ua" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/pointbuzz.com.xml b/src/chrome/content/rules/pointbuzz.com.xml
new file mode 100644
index 000000000000..821df98f3a3c
--- /dev/null
+++ b/src/chrome/content/rules/pointbuzz.com.xml
@@ -0,0 +1,20 @@
+<!--
+	Invalid certificate:
+		i.pointbuzz.com
+		live.pointbuzz.com
+-->
+<ruleset name="PointBuzz.com">
+
+	<target host="pointbuzz.com" />
+	<target host="www.pointbuzz.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<!-- Invalid certificate on https://www.pointbuzz.com/,
+	http://www.pointbuzz.com/ redirects to http://pointbuzz.com/ -->
+	<rule from="^http://www\.pointbuzz\.com/"
+		to="https://pointbuzz.com/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/poiskvps.ru.xml b/src/chrome/content/rules/poiskvps.ru.xml
new file mode 100644
index 000000000000..91103d3ae43d
--- /dev/null
+++ b/src/chrome/content/rules/poiskvps.ru.xml
@@ -0,0 +1,24 @@
+<!--
+adv.poiskvps.ru ¹
+anna.poiskvps.ru ¹
+backup.poiskvps.ru ¹
+s1.backup.poiskvps.ru ¹
+s2.backup.poiskvps.ru ¹
+s3.backup.poiskvps.ru ¹
+kazan.poiskvps.ru ¹
+s20.poiskvps.ru ¹
+s5.poiskvps.ru ¹
+s6.poiskvps.ru ¹
+s7.poiskvps.ru ¹
+vera.poiskvps.ru ¹
+vpn.poiskvps.ru ¹
+
+
+¹ mismatch
+-->
+<ruleset name="poiskvps.ru">
+	<target host="poiskvps.ru" />
+	<target host="www.poiskvps.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/pokerstars.com.xml b/src/chrome/content/rules/pokerstars.com.xml
new file mode 100644
index 000000000000..0d823dfc7fbe
--- /dev/null
+++ b/src/chrome/content/rules/pokerstars.com.xml
@@ -0,0 +1,28 @@
+<!--
+	Other PokerStars rulesets:
+
+
+
+	Insecure cookies are set for these domains:
+
+		- .www.pokerstars.com
+
+-->
+<ruleset name="PokerStars.com">
+
+	<target host="pokerstars.com" />
+	<target host="www.pokerstars.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.www\.pokerstars\.com$" name="^geoip_country$" /-->
+
+	<securecookie host="^\w" name=".+" />
+	<securecookie host="^\.www\." name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/pokerstarspartners.com.xml b/src/chrome/content/rules/pokerstarspartners.com.xml
new file mode 100644
index 000000000000..b831f1bfd90e
--- /dev/null
+++ b/src/chrome/content/rules/pokerstarspartners.com.xml
@@ -0,0 +1,28 @@
+<!--
+	NB: server sends no certificate chain, see https://whatsmychaincert.com
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.pokerstarspartners.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="PokerStars Partners.com" default_off="cert-chain">
+
+	<target host="pokerstarspartners.com" />
+	<target host="www.pokerstarspartners.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.pokerstarspartners\.com$" name="^JSESSIONID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/polarcloud.com.xml b/src/chrome/content/rules/polarcloud.com.xml
new file mode 100644
index 000000000000..13d35bd06ade
--- /dev/null
+++ b/src/chrome/content/rules/polarcloud.com.xml
@@ -0,0 +1,11 @@
+<!--
+	Invalid certificate:
+		dc-517cb9143db7.polarcloud.com
+-->
+<ruleset name="polarcloud.com">
+	<target host="polarcloud.com" />
+	<target host="www.polarcloud.com" />
+	<target host="mail.polarcloud.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/police.gov.hk.xml b/src/chrome/content/rules/police.gov.hk.xml
new file mode 100644
index 000000000000..9d0eca791dcf
--- /dev/null
+++ b/src/chrome/content/rules/police.gov.hk.xml
@@ -0,0 +1,22 @@
+<!--
+	For other HK government coverage, see GovHK.xml.
+
+	Nonfunctional hosts in *.police.gov.hk:
+		- police.gov.hk (m)
+		- portal.police.gov.hk (c)
+		- twdc.police.gov.hk (m)
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+	c: missing certificate chain
+-->
+<ruleset name="Hong Kong Police Force">
+	<target host="police.gov.hk" />
+	<target host="www.police.gov.hk" />
+
+	<rule from="^http://(www\.)?police\.gov\.hk/"
+		to="https://www.police.gov.hk/" />
+</ruleset>
diff --git a/src/chrome/content/rules/policyalternatives.ca.xml b/src/chrome/content/rules/policyalternatives.ca.xml
new file mode 100644
index 000000000000..799cd34ca0a2
--- /dev/null
+++ b/src/chrome/content/rules/policyalternatives.ca.xml
@@ -0,0 +1,28 @@
+<!--
+	Nonfunctional hosts in *policyalternatives.ca:
+
+		- bcelection ʰ
+
+	ʰ Redirects to http
+
+
+	Problematic hosts in *policyalternatives.ca:
+
+		- apps ᵐ
+
+	ᵐ Cloudfront / mismatched
+
+-->
+<ruleset name="Policy Alternatives.ca (partial)">
+
+	<target host="policyalternatives.ca" />
+	<target host="www.policyalternatives.ca" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/polskapartiapiratow.pl.xml b/src/chrome/content/rules/polskapartiapiratow.pl.xml
new file mode 100644
index 000000000000..25b5b8ee6d63
--- /dev/null
+++ b/src/chrome/content/rules/polskapartiapiratow.pl.xml
@@ -0,0 +1,37 @@
+<!--
+	Nonfunctional hosts in *polskapartiapiratow.pl:
+
+		- bip ʳ
+
+	ʳ Refused
+
+
+	Problematic hosts in *polskapartiapiratow.pl:
+
+		- testnew ᵐ
+
+	ᵐ Mismatched
+
+
+	Mixed content:
+
+		- Images on ^ from $self ˢ
+		- favicon on ^ from testnew.polskapartiapiratow.pl ᵐ
+
+	ᵐ Not secured by us <= mismatched
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Polska Partia Piratow.pl (partial)">
+
+	<target host="polskapartiapiratow.pl" />
+	<target host="www.polskapartiapiratow.pl" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/poltava.to.xml b/src/chrome/content/rules/poltava.to.xml
new file mode 100644
index 000000000000..662dc6079c2d
--- /dev/null
+++ b/src/chrome/content/rules/poltava.to.xml
@@ -0,0 +1,7 @@
+<ruleset name="poltava.to" platform="mixedcontent">
+	<target host="poltava.to" />
+	<target host="www.poltava.to" />
+	<target host="blog.poltava.to" />
+	<target host="i1.poltava.to" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/polyfloyd.net.xml b/src/chrome/content/rules/polyfloyd.net.xml
new file mode 100644
index 000000000000..d8e18b3563ff
--- /dev/null
+++ b/src/chrome/content/rules/polyfloyd.net.xml
@@ -0,0 +1,15 @@
+<!--
+	Invalide Certificate:
+			www.polyfloyd.net
+-->
+<ruleset name="polyfloyd.net">
+	<target host="polyfloyd.net" />
+	<target host="www.polyfloyd.net" />
+	<target host="analytics.polyfloyd.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://www\.polyfloyd\.net/" to="https://polyfloyd.net/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/polymus.ru.xml b/src/chrome/content/rules/polymus.ru.xml
new file mode 100644
index 000000000000..5149b13e6e69
--- /dev/null
+++ b/src/chrome/content/rules/polymus.ru.xml
@@ -0,0 +1,44 @@
+<!--
+www.polymus.ru ⁶
+200.polymus.ru ⁶
+360.polymus.ru ⁶
+old.360.polymus.ru ¹
+aec.polymus.ru ⁶
+alice.polymus.ru ⁶
+animatus.polymus.ru ⁶
+bike.polymus.ru ⁶
+camp.polymus.ru ⁶
+cosmos.polymus.ru ⁶
+eng.polymus.ru ³
+eroom.polymus.ru ⁶
+fest.polymus.ru ⁶
+fest2015.polymus.ru ⁶
+lab-crm.polymus.ru ²
+mail-view.polymus.ru ⁶
+ny2015.polymus.ru ⁶
+ny2017.polymus.ru ⁶
+rus.polymus.ru ³
+srv01.polymus.ru ⁶
+ydeteispb.polymus.ru ⁶
+
+
+¹ mismatch
+² refused
+³ timed out
+⁶ redirect
+-->
+<ruleset name="polymus.ru">
+	<target host="polymus.ru" />
+	<target host="libdb.polymus.ru" />
+	<target host="old.polymus.ru" />
+	<target host="post.polymus.ru" />
+	<target host="rotate.polymus.ru" />
+	<target host="ticket.polymus.ru" />
+
+	<target host="www.polymus.ru" />
+
+	<rule from="^http://www\.polymus\.ru/"
+		to="https://polymus.ru/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/polyvore.com.xml b/src/chrome/content/rules/polyvore.com.xml
new file mode 100644
index 000000000000..0b91c45e029b
--- /dev/null
+++ b/src/chrome/content/rules/polyvore.com.xml
@@ -0,0 +1,71 @@
+<!--
+	Other Polyvore rulesets:
+
+		- polyvoreimg.com.xml
+
+
+	Problematic hosts in *polyvore.com:
+
+		- help ᵐ
+
+	ᵐ Mismatched
+
+-->
+<ruleset name="Polyvore.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="polyvore.com" />
+	<target host="www.polyvore.com" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.polyvore\.com/(?:$|\w+/shop(?:$|\?)|cgi/(?:about|about\.jobs|app|help\.contact|home)$|contests/contest\.browse$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://(?:www\.)?polyvore\.com/(?!/*(?:(?:android|iOS)(?:$|\?)|cgi/img-|favicon\.ico|rsrc/.+\.(?:css|gif|png|svg)))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.polyvore.com/beauty_products/shop?category_id=74" />
+			<test url="http://www.polyvore.com/cgi/about" />
+			<test url="http://www.polyvore.com/cgi/about.jobs" />
+			<test url="http://www.polyvore.com/cgi/app" />
+			<test url="http://www.polyvore.com/cgi/help.contact" />
+			<test url="http://www.polyvore.com/cgi/home" />
+			<test url="http://www.polyvore.com/cgi/shop" />
+			<test url="http://www.polyvore.com/chanel_bags/shop?brand=Chanel&amp;category_id=35" />
+			<test url="http://www.polyvore.com/contests/contest.browse" />
+			<test url="http://www.polyvore.com/ear_cuff_jewelry/shop?query=ear+cuff+jewelry" />
+			<test url="http://www.polyvore.com/gap/shop?brand=Gap" />
+			<test url="http://www.polyvore.com/platform_shoes/shop?query=platform+shoes" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.polyvore.com/android" />
+			<test url="http://www.polyvore.com/cgi/img-buddy/id/17973671/size/s.jpg" />
+			<test url="http://www.polyvore.com/cgi/img-set/cid/196207752/id/bryv3-AD5hGPkvpoxkt47Q/size/s.jpg" />
+			<test url="http://www.polyvore.com/cgi/img-thing/size/m/tid/164718842.jpg" />
+			<test url="http://www.polyvore.com/favicon.ico" />
+			<test url="http://www.polyvore.com/iOS" />
+			<test url="http://www.polyvore.com/rsrc/beacon.gif?&amp;type=&amp;ebid=" />
+			<test url="http://www.polyvore.com/rsrc/contest-3d55e30a3d22beb88507544588ecbf32.css" />
+			<test url="http://www.polyvore.com/rsrc/icons/14px/sale_14x14_000000.png" />
+			<test url="http://www.polyvore.com/rsrc/img/logos/logo_noborder_white_trans_162x17.png" />
+			<test url="http://www.polyvore.com/rsrc/profile-81804ef2393f05929dd18fb967bf633a.css" />
+			<test url="http://www.polyvore.com/rsrc/shop_grid-f11bd555ed4ae69b004039f8d3d09128.css" />
+			<test url="http://www.polyvore.com/rsrc/splash-ef8828b7520eb98a9b7d859c1c2ac9e3.css" />
+
+	<!--	Complications:
+				-->
+	<target host="help.polyvore.com" />
+
+
+	<rule from="^http://help\.polyvore\.com/"
+		to="https://polyvore.zendesk.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/polyvoreimg.com.xml b/src/chrome/content/rules/polyvoreimg.com.xml
new file mode 100644
index 000000000000..f4af9485ab18
--- /dev/null
+++ b/src/chrome/content/rules/polyvoreimg.com.xml
@@ -0,0 +1,40 @@
+<!--
+	For other Polyvore coverage, see polyvore.com.xml.
+
+
+	Problematic hosts in *polyvoreimg.com:
+
+		- ak[12] ᴬ
+		- cfc ᴬ
+
+	ᴬ Akamai / mismatched
+
+-->
+<ruleset name="Polyvore img.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="secure.polyvoreimg.com" />
+
+		<test url="http://secure.polyvoreimg.com/cgi/img-thing/size/m/tid/170548310.jpg" />
+
+	<!--	Complications:
+				-->
+	<target host="ak1.polyvoreimg.com" />
+	<target host="ak2.polyvoreimg.com" />
+	<target host="cfc.polyvoreimg.com" />
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://(?:ak\d|akwww|cfc)\.polyvoreimg\.com/"
+		to="https://www.polyvore.com/" />
+
+		<test url="http://ak1.polyvoreimg.com/cgi/img-buddy/id/13590091/size/s.jpg" />
+		<test url="http://ak2.polyvoreimg.com/cgi/img-buddy/id/17833782/size/s.jpg" />
+		<test url="http://cfc.polyvoreimg.com/cgi/img-set/.sig/Kr5YwZOxneVeASLD2tkNw/cid/196573580/id/OpJ0Sb0H5hGA1haPzX_htA/size/c600x597.jpg" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ponominalu.ru.xml b/src/chrome/content/rules/ponominalu.ru.xml
new file mode 100644
index 000000000000..6bf6251b04c1
--- /dev/null
+++ b/src/chrome/content/rules/ponominalu.ru.xml
@@ -0,0 +1,112 @@
+<!--
+alfa.ponominalu.ru ⁵
+help.ponominalu.ru ¹
+www.nnov.ponominalu.ru ¹
+
+
+¹ mismatch
+⁵ expired
+-->
+<ruleset name="ponominalu.ru">
+	<target host="ponominalu.ru" />
+	<target host="www.ponominalu.ru" />
+	<target host="abakan.ponominalu.ru" />
+	<target host="airfest.ponominalu.ru" />
+	<target host="anad.ponominalu.ru" />
+	<target host="arh.ponominalu.ru" />
+	<target host="astr.ponominalu.ru" />
+	<target host="barnaul.ponominalu.ru" />
+	<target host="bel.ponominalu.ru" />
+	<target host="bir.ponominalu.ru" />
+	<target host="blg.ponominalu.ru" />
+	<target host="bryansk.ponominalu.ru" />
+	<target host="cheb.ponominalu.ru" />
+	<target host="chel.ponominalu.ru" />
+	<target host="cher.ponominalu.ru" />
+	<target host="cherksk.ponominalu.ru" />
+	<target host="chita.ponominalu.ru" />
+	<target host="dud.ponominalu.ru" />
+	<target host="ekb.ponominalu.ru" />
+	<target host="evpatoria.ponominalu.ru" />
+	<target host="feodosia.ponominalu.ru" />
+	<target host="grozny.ponominalu.ru" />
+	<target host="habar.ponominalu.ru" />
+	<target host="hm.ponominalu.ru" />
+	<target host="i.ponominalu.ru" />
+	<target host="irk.ponominalu.ru" />
+	<target host="ivanovo.ponominalu.ru" />
+	<target host="izh.ponominalu.ru" />
+	<target host="jar.ponominalu.ru" />
+	<target host="kaluga.ponominalu.ru" />
+	<target host="kemer.ponominalu.ru" />
+	<target host="kirov.ponominalu.ru" />
+	<target host="klg.ponominalu.ru" />
+	<target host="kost.ponominalu.ru" />
+	<target host="krd.ponominalu.ru" />
+	<target host="krsk.ponominalu.ru" />
+	<target host="kudym.ponominalu.ru" />
+	<target host="kurgan.ponominalu.ru" />
+	<target host="kursk.ponominalu.ru" />
+	<target host="kyzyl.ponominalu.ru" />
+	<target host="kzn.ponominalu.ru" />
+	<target host="lip.ponominalu.ru" />
+	<target host="m.ponominalu.ru" />
+	<target host="magadan.ponominalu.ru" />
+	<target host="maykop.ponominalu.ru" />
+	<target host="mkala.ponominalu.ru" />
+	<target host="murmansk.ponominalu.ru" />
+	<target host="nalchik.ponominalu.ru" />
+	<target host="nazran.ponominalu.ru" />
+	<target host="nk.ponominalu.ru" />
+	<target host="nnov.ponominalu.ru" />
+	<target host="nov.ponominalu.ru" />
+	<target host="nsk.ponominalu.ru" />
+	<target host="omsk.ponominalu.ru" />
+	<target host="ordyn.ponominalu.ru" />
+	<target host="orel.ponominalu.ru" />
+	<target host="orenburg.ponominalu.ru" />
+	<target host="penza.ponominalu.ru" />
+	<target host="perm.ponominalu.ru" />
+	<target host="petrzsk.ponominalu.ru" />
+	<target host="pics.ponominalu.ru" />
+	<target host="pk.ponominalu.ru" />
+	<target host="pskov.ponominalu.ru" />
+	<target host="push.ponominalu.ru" />
+	<target host="rnd.ponominalu.ru" />
+	<target host="rzn.ponominalu.ru" />
+	<target host="samara.ponominalu.ru" />
+	<target host="saransk.ponominalu.ru" />
+	<target host="sarat.ponominalu.ru" />
+	<target host="sberbank.ponominalu.ru" />
+	<target host="sev.ponominalu.ru" />
+	<target host="shd.ponominalu.ru" />
+	<target host="simferopol.ponominalu.ru" />
+	<target host="smol.ponominalu.ru" />
+	<target host="sochi.ponominalu.ru" />
+	<target host="sova.ponominalu.ru" />
+	<target host="spb.ponominalu.ru" />
+	<target host="stavr.ponominalu.ru" />
+	<target host="sykt.ponominalu.ru" />
+	<target host="tambov.ponominalu.ru" />
+	<target host="techworks.ponominalu.ru" />
+	<target host="tomsk.ponominalu.ru" />
+	<target host="tula.ponominalu.ru" />
+	<target host="tura.ponominalu.ru" />
+	<target host="tver.ponominalu.ru" />
+	<target host="tyumen.ponominalu.ru" />
+	<target host="ufa.ponominalu.ru" />
+	<target host="ulsk.ponominalu.ru" />
+	<target host="uude.ponominalu.ru" />
+	<target host="vdm.ponominalu.ru" />
+	<target host="vl.ponominalu.ru" />
+	<target host="vld.ponominalu.ru" />
+	<target host="vluki.ponominalu.ru" />
+	<target host="volg.ponominalu.ru" />
+	<target host="vrn.ponominalu.ru" />
+	<target host="yalta.ponominalu.ru" />
+	<target host="ykt.ponominalu.ru" />
+	<target host="yola.ponominalu.ru" />
+	<target host="yusah.ponominalu.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ponyexpress.ru.xml b/src/chrome/content/rules/ponyexpress.ru.xml
new file mode 100644
index 000000000000..97e537d04537
--- /dev/null
+++ b/src/chrome/content/rules/ponyexpress.ru.xml
@@ -0,0 +1,45 @@
+<!--
+client-test.ponyexpress.ru ³
+download.ponyexpress.ru ³
+lc.ponyexpress.ru ³
+ns1.ponyexpress.ru ³
+ns2.ponyexpress.ru ³
+ns3.ponyexpress.ru ³
+old.ponyexpress.ru ³
+service.ponyexpress.ru ³
+spec.ponyexpress.ru ³
+srv-08.ponyexpress.ru ³
+srv-10.ponyexpress.ru ³
+srv-38.ponyexpress.ru ³
+srv-54.ponyexpress.ru ³
+srv-89.ponyexpress.ru ³
+visa.ponyexpress.ru ³
+vm-018.ponyexpress.ru ³
+vm-019.ponyexpress.ru ³
+vm-020.ponyexpress.ru ¹
+vm-024.ponyexpress.ru ³
+vm-039.ponyexpress.ru ³
+vm-042.ponyexpress.ru ³
+vm-046.ponyexpress.ru ³
+vm-048.ponyexpress.ru ³
+vm-049.ponyexpress.ru ³
+vm-050.ponyexpress.ru ³
+vm-052.ponyexpress.ru ³
+vm-057.ponyexpress.ru ³
+vm-069.ponyexpress.ru ³
+webpegas.ponyexpress.ru ³
+
+
+¹ mismatch
+³ timed out
+-->
+<ruleset name="ponyexpress.ru">
+	<target host="ponyexpress.ru" />
+	<target host="www.ponyexpress.ru" />
+	<target host="client.ponyexpress.ru" />
+	<target host="kz.ponyexpress.ru" />
+	<target host="my.ponyexpress.ru" />
+	<target host="www.my.ponyexpress.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/popcorntime.sh.xml b/src/chrome/content/rules/popcorntime.sh.xml
new file mode 100644
index 000000000000..a6c2fb17ff24
--- /dev/null
+++ b/src/chrome/content/rules/popcorntime.sh.xml
@@ -0,0 +1,45 @@
+<!--
+	Invalid certificate:
+		status.popcorntime.sh
+		popcorntime.ag
+		www.popcorntime.ag
+
+	No working URL known:
+		dl.popcorn-time.to
+
+-->
+<ruleset name="popcorntime.sh">
+
+	<target host="popcorntime.sh" />
+	<target host="www.popcorntime.sh" />
+	<target host="blog.popcorntime.sh" />
+	<target host="ci.popcorntime.sh" />
+	<target host="get.popcorntime.sh" />
+	<target host="status.popcorntime.sh" />
+
+	<!--Fork-->
+	<target host="popcorn-time.to" />
+	<target host="www.popcorn-time.to" />
+	<target host="blog.popcorn-time.to" />
+	<target host="cydia.popcorn-time.to" />
+	<target host="forum.popcorn-time.to" />
+	<target host="ios.popcorn-time.to" />
+
+	<!--Fork-->
+	<target host="getpopcorntime.org" />
+	<target host="www.getpopcorntime.org" />
+
+	<!--Fork-->
+	<target host="popcorntime-online.io" />
+	<target host="www.popcorntime-online.io" />
+
+	<!--Fork-->
+	<target host="popcorntime.ws" />
+	<target host="www.popcorntime.ws" />
+
+	<rule from="^http://status\.popcorntime\.sh/"
+		to="https://popcorntime.statuspage.io/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/poradte.cz.xml b/src/chrome/content/rules/poradte.cz.xml
new file mode 100644
index 000000000000..8367a3d8210d
--- /dev/null
+++ b/src/chrome/content/rules/poradte.cz.xml
@@ -0,0 +1,7 @@
+<ruleset name="Poradte.cz">
+    <target host="poradte.cz" />
+    <target host="www.poradte.cz" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/porndig.com.xml b/src/chrome/content/rules/porndig.com.xml
new file mode 100644
index 000000000000..e017db3141f2
--- /dev/null
+++ b/src/chrome/content/rules/porndig.com.xml
@@ -0,0 +1,18 @@
+<ruleset name="Porndig.com">
+
+	<target host="porndig.com" />
+	<target host="assets.porndig.com" />
+	<target host="videoassets.porndig.com" />
+	<target host="www.porndig.com" />
+
+		<test url="http://assets.porndig.com/assets/porndig/img/logo/logo_1.png" />
+		<test url="http://videoassets.porndig.com/thumbs/2016/05/154681/320x180/1.jpg" />
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/pornolab.net.xml b/src/chrome/content/rules/pornolab.net.xml
new file mode 100644
index 000000000000..f2f47a16415b
--- /dev/null
+++ b/src/chrome/content/rules/pornolab.net.xml
@@ -0,0 +1,14 @@
+<!--
+Certificate mismatch:
+	bt.pornolab.net
+
+Refused:
+	robot.pornolab.net
+-->
+<ruleset name="Pornolab.net">
+	<target host="pornolab.net" />
+	<target host="www.pornolab.net" />
+	<target host="static.pornolab.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/portablepython.com.xml b/src/chrome/content/rules/portablepython.com.xml
new file mode 100644
index 000000000000..a7c6d1911a92
--- /dev/null
+++ b/src/chrome/content/rules/portablepython.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="portablepython.com">
+	<target host="portablepython.com" />
+	<target host="www.portablepython.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/portal-credo.ru.xml b/src/chrome/content/rules/portal-credo.ru.xml
new file mode 100644
index 000000000000..2bc5d5c2cb2d
--- /dev/null
+++ b/src/chrome/content/rules/portal-credo.ru.xml
@@ -0,0 +1,5 @@
+<ruleset name="portal-credo.ru">
+	<target host="portal-credo.ru" />
+	<target host="www.portal-credo.ru" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/porvoo.fi.xml b/src/chrome/content/rules/porvoo.fi.xml
index 495a636c8877..db0c74420629 100644
--- a/src/chrome/content/rules/porvoo.fi.xml
+++ b/src/chrome/content/rules/porvoo.fi.xml
@@ -1,10 +1,17 @@
-<ruleset name="porvoo.fi">
-  <target host="www.porvoo.fi" />
-  <target host="porvoo.fi" />
-
-  <rule from="^http://(www\.)?porvoo\.fi/" to="https://www.porvoo.fi/"/>
-  <rule from="^https://porvoo\.fi/" to="https://www.porvoo.fi/"/>
-
-  <securecookie host="^\.?(www)?\.?porvoo\.fi" name=".*" />
-  <!-- This domain sets very bizarre cookies. -->
-</ruleset>
+<!--
+	Problematic domains
+
+		- ^ ¹
+		- www ¹
+
+	¹: Connection refused
+-->
+<ruleset name="porvoo.fi">
+
+	<target host="kartta.porvoo.fi" />
+	<target host="wilma.porvoo.fi" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/postcodeanywhere.co.uk.xml b/src/chrome/content/rules/postcodeanywhere.co.uk.xml
new file mode 100644
index 000000000000..d9ede0be4b91
--- /dev/null
+++ b/src/chrome/content/rules/postcodeanywhere.co.uk.xml
@@ -0,0 +1,37 @@
+<!--
+	Other Postcode Anywhere rulesets:
+
+		- pcapredict.com.xml
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- postcodeanywhere.co.uk
+		- .postcodeanywhere.co.uk
+		- www.postcodeanywhere.co.uk
+
+-->
+<ruleset name="Postcode Anywhere.co.uk">
+
+	<target host="postcodeanywhere.co.uk" />
+	<target host="services.postcodeanywhere.co.uk" />
+	<target host="www.postcodeanywhere.co.uk" />
+
+		<!--	Mixed image:
+					-->
+		<!--test url="http://www.postcodeanywhere.co.uk/support/webservices/" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.postcodeanywhere\.co\.uk$" name="^(?:PostcodeAnywhere\.(?:Permanent|Session)Cookie|pcapredictRegion)$" /-->
+	<!--securecookie host="^(?:www\.)?postcodeanywhere\.co\.uk$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/posti.fi.xml b/src/chrome/content/rules/posti.fi.xml
index 8862cac66a6a..70bda327ccfc 100644
--- a/src/chrome/content/rules/posti.fi.xml
+++ b/src/chrome/content/rules/posti.fi.xml
@@ -1,14 +1,14 @@
-<ruleset name="posti.fi" platform="mixedcontent">
-  <target host="www.posti.fi" />
-  <target host="posti.fi" />
-
-  <rule from="^http://(www\.)?posti\.fi/" to="https://posti.fi/"/>
-
-  <!-- Another set of bizarre cookies -->
-  <securecookie host="^\.?(www)?\.?posti\.fi" name=".*" />
-  <securecookie host="^[^@/:\.]\.?posti\.fi" name=".*" />
-  <!-- Also has subdomains with cookies -->
-
-  <!-- https://trac.torproject.org/projects/tor/ticket/7227 -->
-  <exclusion pattern="^http://(www\.)?posti\.fi/itemtracking/" />
-</ruleset>
+<ruleset name="posti.fi" platform="mixedcontent">
+  <target host="www.posti.fi" />
+  <target host="posti.fi" />
+
+  <rule from="^http://(?:www\.)?posti\.fi/" to="https://posti.fi/"/>
+
+  <!-- Another set of bizarre cookies -->
+  <securecookie host="^\.?(?:www)?\.?posti\.fi" name=".+" />
+  <securecookie host="^[^@/:\.]\.?posti\.fi" name=".+" />
+  <!-- Also has subdomains with cookies -->
+
+  <!-- https://trac.torproject.org/projects/tor/ticket/7227 -->
+  <exclusion pattern="^http://(?:www\.)?posti\.fi/itemtracking/" />
+</ruleset>
diff --git a/src/chrome/content/rules/pottermore.com.xml b/src/chrome/content/rules/pottermore.com.xml
new file mode 100644
index 000000000000..9861e62a57d8
--- /dev/null
+++ b/src/chrome/content/rules/pottermore.com.xml
@@ -0,0 +1,26 @@
+<!--
+	^pottermore.com: Dropped
+
+-->
+<ruleset name="Pottermore.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.pottermore.com" />
+
+	<!--	Complications:
+				-->
+	<target host="pottermore.com" />
+
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://pottermore\.com/"
+		to="https://www.pottermore.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/pouet.net.xml b/src/chrome/content/rules/pouet.net.xml
new file mode 100644
index 000000000000..074d54c1346a
--- /dev/null
+++ b/src/chrome/content/rules/pouet.net.xml
@@ -0,0 +1,17 @@
+<!--
+api.pouet.net ⁷
+cardboard.pouet.net ⁷
+content.pouet.net ⁷
+m.pouet.net ¹
+tv.pouet.net ⁷
+
+
+¹ mismatch
+⁷ protocol error
+-->
+<ruleset name="pouet.net">
+	<target host="pouet.net" />
+	<target host="www.pouet.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/poulsander.com.xml b/src/chrome/content/rules/poulsander.com.xml
new file mode 100644
index 000000000000..a695f2c2d663
--- /dev/null
+++ b/src/chrome/content/rules/poulsander.com.xml
@@ -0,0 +1,20 @@
+<!--
+
+	Mismatched hosts in *poulsander.com:
+
+		- * (wildcard dns)
+		- ^
+		- www
+		- linode1
+
+	Problematic hosts in *poulsander.com:
+
+		- files (different content)
+
+-->
+<ruleset name="poulsander.com">
+	<target host="billeder.poulsander.com" />
+	<target host="oastat.poulsander.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/powys.gov.uk.xml b/src/chrome/content/rules/powys.gov.uk.xml
new file mode 100644
index 000000000000..cd26984a1be1
--- /dev/null
+++ b/src/chrome/content/rules/powys.gov.uk.xml
@@ -0,0 +1,84 @@
+<!--
+	Powys County Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	CDN buckets:
+
+		- pcc-pstatic.powyscountycounc.netdna-cdn.com	← pstatic
+
+			- -ssl does not exist
+
+		- static.powyscountycounc.netdna-cdn.com	← static
+
+
+	Nonfunctional hosts in *powys.gov.uk:
+
+		- (www.)? ᵈ
+		- archives ᵈ
+		- broddyfileisure ᵈ
+		- built-heritage ᵈ
+		- csp ᵈ
+		- (www.)?cypp ᵈ
+		- fis ᵈ
+		- foundationphase ᵈ
+		- hmcoroner ᵈ
+		- itteam ᵈ
+		- lscb ᵈ
+		- one ᵈ
+		- planning ᵈ
+		- schoolmeals ᵈ
+		- static ⁴
+		- surveys ᵈ
+		- tourism ᵈ
+		- treftadaeth-adeiledig ᵈ
+		- unison ᵈ
+		- youth ᵈ
+
+	⁴ 404
+	ᵈ Dropped
+
+
+	Problematic hosts in *powys.gov.uk:
+
+		- (www.)? ᵈ
+		- pstatic ᵐ
+
+	ᵈ Dropped
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- securemail.powys.gov.uk
+
+-->
+<ruleset name="Powys.gov.uk (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="recruitment.powys.gov.uk" />
+	<target host="secure.powys.gov.uk" />
+	<target host="securemail.powys.gov.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="powys.gov.uk" />
+	<target host="www.powys.gov.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^securemail\.powys\.gov\.uk$" name="^NOCCSESSID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://(?:www\.)?powys\.gov\.uk/"
+		to="https://secure.powys.gov.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/pp-international.net.xml b/src/chrome/content/rules/pp-international.net.xml
new file mode 100644
index 000000000000..8f0e291065c9
--- /dev/null
+++ b/src/chrome/content/rules/pp-international.net.xml
@@ -0,0 +1,55 @@
+<!--
+	Pirate Parties International
+
+
+	Nonfunctional hosts in *pp-international.net:
+
+		- ga2016 ᵃ
+		- parrot ᵃ
+		- thinktwice ᶠ
+		- tt14 ᶠ
+
+	ᵃ Shows files.pp-international.net
+	ᶠ Handshake fails
+
+
+	Problematic hosts in *pp-international.net:
+
+		- wiki ᵐ ˣ
+
+	ᵐ Mismatched
+	ˣ Mixed css, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- files.pp-international.net
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css on wiki from $self *
+
+	* See https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="PP-International.net (partial)">
+
+	<target host="pp-international.net" />
+	<target host="files.pp-international.net" />
+	<target host="www.pp-international.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^files\.pp-international\.net$" name="^[\da-f]{12}$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/pqube.co.uk.xml b/src/chrome/content/rules/pqube.co.uk.xml
new file mode 100644
index 000000000000..639b09e386cf
--- /dev/null
+++ b/src/chrome/content/rules/pqube.co.uk.xml
@@ -0,0 +1,34 @@
+<!--
+	Invalid certificate:
+		ftp.pqube.co.uk
+		hostmaster.pqube.co.uk
+		img.newsletter.pqube.co.uk
+		r.newsletter.pqube.co.uk
+		vnc.pqube.co.uk
+		vnc2.pqube.co.uk
+		webmail.pqube.co.uk
+
+	Refused:
+		calendar.pqube.co.uk
+
+	Time out:
+		news.pqube.co.uk
+		newsletter.pqube.co.uk
+		spamgateway.pqube.co.uk
+		imap.pqube.co.uk
+		mail.pqube.co.uk
+		smtp.pqube.co.uk
+
+	Unreachable:
+		autodiscover.pqube.co.uk
+-->
+<ruleset name="pqube.co.uk">
+	<target host="pqube.co.uk" />
+	<target host="www.pqube.co.uk" />
+	<target host="infinite.pqube.co.uk" />
+	<target host="oqqypf.pqube.co.uk" />
+	<target host="sage.pqube.co.uk" />
+
+	<rule from="^http://www\.pqube\.co\.uk/" to="https://pqube.co.uk/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/pr0gramm.com.xml b/src/chrome/content/rules/pr0gramm.com.xml
new file mode 100644
index 000000000000..26363591d02e
--- /dev/null
+++ b/src/chrome/content/rules/pr0gramm.com.xml
@@ -0,0 +1,14 @@
+<ruleset name="pr0gramm">
+	<target host="pr0gramm.com" />
+	<target host="app.pr0gramm.com" />
+	<target host="full.pr0gramm.com" />
+	<target host="img.pr0gramm.com" />
+	<target host="thumb.pr0gramm.com" />
+	<target host="vid.pr0gramm.com" />
+	<target host="www.pr0gramm.com" />
+
+	<securecookie host="^pr0gramm\.com$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/praktikpladsen.dk.xml b/src/chrome/content/rules/praktikpladsen.dk.xml
new file mode 100644
index 000000000000..43bb0c699d7a
--- /dev/null
+++ b/src/chrome/content/rules/praktikpladsen.dk.xml
@@ -0,0 +1,6 @@
+<ruleset name="Praktikpladsen">
+	<target host="praktikpladsen.dk" />
+	<target host="www.praktikpladsen.dk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/pravda-kr.com.ua.xml b/src/chrome/content/rules/pravda-kr.com.ua.xml
new file mode 100644
index 000000000000..ee35948383f9
--- /dev/null
+++ b/src/chrome/content/rules/pravda-kr.com.ua.xml
@@ -0,0 +1,5 @@
+<ruleset name="pravda-kr.com.ua">
+	<target host="pravda-kr.com.ua" />
+	<target host="www.pravda-kr.com.ua" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/pravobraz.ru.xml b/src/chrome/content/rules/pravobraz.ru.xml
new file mode 100644
index 000000000000..bd51d1a28390
--- /dev/null
+++ b/src/chrome/content/rules/pravobraz.ru.xml
@@ -0,0 +1,13 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cdn1.pravobraz.ru/ => https://cdn1.pravobraz.ru/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="pravobraz.ru" default_off="failed ruleset test">
+	<target host="pravobraz.ru" />
+	<target host="www.pravobraz.ru" />
+	<target host="mroc.pravobraz.ru" />
+	<target host="cdn1.pravobraz.ru" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/precedent.com.xml b/src/chrome/content/rules/precedent.com.xml
new file mode 100644
index 000000000000..05b2070e3207
--- /dev/null
+++ b/src/chrome/content/rules/precedent.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.precedent.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Precedent.com">
+
+	<target host="precedent.com" />
+	<target host="www.precedent.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.precedent\.com$" name="^(?:ASP\.NET_SessionId|CMSCurrentTheme|CMSPreferredCulture|CurrentContact|VisitorStatus)" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/predb.me.xml b/src/chrome/content/rules/predb.me.xml
new file mode 100644
index 000000000000..3d65c271c03b
--- /dev/null
+++ b/src/chrome/content/rules/predb.me.xml
@@ -0,0 +1,8 @@
+<ruleset name="predb.me">
+	<target host="predb.me" />
+	<target host="www.predb.me" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/premiagi.ru.xml b/src/chrome/content/rules/premiagi.ru.xml
new file mode 100644
index 000000000000..2f1bd22280fa
--- /dev/null
+++ b/src/chrome/content/rules/premiagi.ru.xml
@@ -0,0 +1,6 @@
+<ruleset name="premiagi.ru">
+	<target host="premiagi.ru" />
+	<target host="www.premiagi.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/premium-link.ninja.xml b/src/chrome/content/rules/premium-link.ninja.xml
new file mode 100644
index 000000000000..b434a199dd67
--- /dev/null
+++ b/src/chrome/content/rules/premium-link.ninja.xml
@@ -0,0 +1,27 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- premium-link.ninja
+		- www.premium-link.ninja
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Premium-Link.ninja">
+
+	<target host="premium-link.ninja" />
+	<target host="www.premium-link.ninja" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?premium-link\.ninja$" name="^sid$" /-->
+
+	<securecookie host="^\." name="^(?:__cfduid$|_ga|cf_clearance$)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/premiumissuer.com.xml b/src/chrome/content/rules/premiumissuer.com.xml
new file mode 100644
index 000000000000..fc5246419790
--- /dev/null
+++ b/src/chrome/content/rules/premiumissuer.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- premiumissuer.com
+		- www.premiumissuer.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Premium Issuer.com">
+
+	<target host="premiumissuer.com" />
+	<target host="www.premiumissuer.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="(?:www\.)?premiumissuer\.com" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/premiumleech.eu.xml b/src/chrome/content/rules/premiumleech.eu.xml
new file mode 100644
index 000000000000..ef66acbb9384
--- /dev/null
+++ b/src/chrome/content/rules/premiumleech.eu.xml
@@ -0,0 +1,35 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- premiumleech.eu
+		- www.premiumleech.eu
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css from $self
+		- Images from $self
+		- Bug from images.dmca.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="PremiumLeech.eu" default_off="mismatched, self-signed" platform="mixedcontent">
+
+	<target host="premiumleech.eu" />
+	<target host="www.premiumleech.eu" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?premiumleech\.eu$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/premiumlinkgenerator.com.xml b/src/chrome/content/rules/premiumlinkgenerator.com.xml
new file mode 100644
index 000000000000..2fca53d236ad
--- /dev/null
+++ b/src/chrome/content/rules/premiumlinkgenerator.com.xml
@@ -0,0 +1,15 @@
+<ruleset name="Premium Link Generator.com">
+
+	<target host="premiumlinkgenerator.com" />
+	<target host="ww.premiumlinkgenerator.com" />
+	<target host="www.premiumlinkgenerator.com" />
+
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/pressbooks.ch.xml b/src/chrome/content/rules/pressbooks.ch.xml
new file mode 100644
index 000000000000..f160ef7bf6db
--- /dev/null
+++ b/src/chrome/content/rules/pressbooks.ch.xml
@@ -0,0 +1,9 @@
+<ruleset name="pressbooks.ch">
+	<target host="pressbooks.ch"/>
+	<target host="www.pressbooks.ch"/>
+
+	<rule from="^http://pressbooks\.ch/"
+		to="https://www.pressbooks.ch/"/>
+	<rule from="^http:"
+		to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/pressidium.com.xml b/src/chrome/content/rules/pressidium.com.xml
new file mode 100644
index 000000000000..4ebc169cf0ec
--- /dev/null
+++ b/src/chrome/content/rules/pressidium.com.xml
@@ -0,0 +1,14 @@
+<ruleset name="pressidium.com">
+
+	<target host="cdn-txweb.pressidium.com" />
+
+		<test url="http://cdn-txweb.pressidium.com/wp-content/uploads/2016/04/github_icon_1281.png" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/pressplay.cc.xml b/src/chrome/content/rules/pressplay.cc.xml
new file mode 100644
index 000000000000..b36a3a1c27bf
--- /dev/null
+++ b/src/chrome/content/rules/pressplay.cc.xml
@@ -0,0 +1,7 @@
+<ruleset name="pressplay.cc">
+	<target host="pressplay.cc" />
+	<target host="www.pressplay.cc" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/preston.gov.uk.xml b/src/chrome/content/rules/preston.gov.uk.xml
new file mode 100644
index 000000000000..c6bf43f9f2b6
--- /dev/null
+++ b/src/chrome/content/rules/preston.gov.uk.xml
@@ -0,0 +1,69 @@
+<!--
+	Preston City Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *preston.gov.uk:
+
+		- (www.)? ⁴
+		- legacy *
+		- publicaccess ³
+
+	* Differs from http
+	³ 403
+	⁴ 404
+
+
+	Problematic hosts in *preston.gov.uk:
+
+		- my ⁴
+
+	⁴ 404; preemptable redirect
+
+
+	Insecure cookies are set for these domains:
+
+		- .preston.gov.uk
+
+-->
+<ruleset name="Preston.gov.uk (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="autodiscover.preston.gov.uk" />
+	<target host="bookings.preston.gov.uk" />
+	<target host="forms.preston.gov.uk" />
+	<target host="www.my.preston.gov.uk" />
+	<target host="mymail.preston.gov.uk" />
+	<target host="selfservice.preston.gov.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="my.preston.gov.uk" />
+
+		<!--	$ shows default page, so:
+							-->
+		<test url="http://bookings.preston.gov.uk/leisure/lfbook.asp?wci=Login" />
+		<test url="http://selfservice.preston.gov.uk/leisure/lfbook.asp?wci=Login" />
+
+		<!--	403:
+				-->
+		<!--test url="http://publicaccess.preston.gov.uk/portal/servlets/StaffServlet" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.preston\.gov\.uk$" name="^cadata[\dA-F]{32}$" /-->
+
+	<securecookie host="^\." name="^cadata" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://my\.preston\.gov\.uk/"
+		to="https://www.my.preston.gov.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/prestoris.com.xml b/src/chrome/content/rules/prestoris.com.xml
new file mode 100644
index 000000000000..edb770b2f9af
--- /dev/null
+++ b/src/chrome/content/rules/prestoris.com.xml
@@ -0,0 +1,27 @@
+<!--
+	www.prestoris.com does not exist.
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- prestoris.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="prestoris.com">
+
+	<target host="prestoris.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^prestoris\.com$" name="^(?:OAGEO[\da-f]+|SeenToday)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/pretty52.com.xml b/src/chrome/content/rules/pretty52.com.xml
new file mode 100644
index 000000000000..8d592fef288b
--- /dev/null
+++ b/src/chrome/content/rules/pretty52.com.xml
@@ -0,0 +1,31 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://pretty52.com/ => https://pretty52.com/: Too many redirects while fetching 'https://pretty52.com/'
+Fetch error: http://www.pretty52.com/ => https://www.pretty52.com/: Too many redirects while fetching 'https://www.pretty52.com/'
+
+	For other Lad Bible Group coverage, see theladbiblegroup.com.xml.
+
+
+	Mixed content:
+
+		- css from fonts.googleapis.com ˢ
+		- Images from 20.theladbiblegroup.com
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Pretty 52.com" default_off="failed ruleset test">
+
+	<target host="pretty52.com" />
+	<target host="www.pretty52.com" />
+
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/prettygoodgoods.org.xml b/src/chrome/content/rules/prettygoodgoods.org.xml
new file mode 100644
index 000000000000..a3b5056d5cd9
--- /dev/null
+++ b/src/chrome/content/rules/prettygoodgoods.org.xml
@@ -0,0 +1,43 @@
+<!--
+	^prettygoodgoods.org: mismatched, self-signed
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.prettygoodgoods.org
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Image from $self ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Pretty Good Goods.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.prettygoodgoods.org" />
+
+	<!--	Complications:
+				-->
+	<target host="prettygoodgoods.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.prettygoodgoods\.org$" name="^_reso-shop-2_session$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://prettygoodgoods\.org/"
+		to="https://www.prettygoodgoods.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/preuveneers.be.xml b/src/chrome/content/rules/preuveneers.be.xml
new file mode 100644
index 000000000000..761b3443211b
--- /dev/null
+++ b/src/chrome/content/rules/preuveneers.be.xml
@@ -0,0 +1,7 @@
+<ruleset name="preuveneers.be">
+	<target host="preuveneers.be" />
+	<target host="www.preuveneers.be" />
+	<target host="davy.preuveneers.be" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/priceshoes.com.xml b/src/chrome/content/rules/priceshoes.com.xml
new file mode 100644
index 000000000000..d67db8cccaec
--- /dev/null
+++ b/src/chrome/content/rules/priceshoes.com.xml
@@ -0,0 +1,20 @@
+<!--
+	Timeout:
+		- priceshoes.com
+		- centenario.priceshoes.com
+		- licitaciones.compras.priceshoes.com
+		- distribuidores.priceshoes.com
+		- licitaciones.priceshoes.com
+		- proveedor.priceshoes.com
+		- proveedores.priceshoes.com
+-->
+<ruleset name="priceshoes.com">
+	<target host="priceshoes.com" />
+	<target host="www.priceshoes.com" />
+
+	<securecookie host="^www\.priceshoes\.com$" name=".+" />
+
+	<rule from="^http://priceshoes\.com/"
+		to="https://www.priceshoes.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/prichernomorie.com.ua.xml b/src/chrome/content/rules/prichernomorie.com.ua.xml
new file mode 100644
index 000000000000..cd5337672243
--- /dev/null
+++ b/src/chrome/content/rules/prichernomorie.com.ua.xml
@@ -0,0 +1,15 @@
+<!--
+m.prichernomorie.com.ua ⁴
+adv.prichernomorie.com.ua different content
+en.prichernomorie.com.ua different content
+ic.prichernomorie.com.ua different content
+
+
+⁴ self signed
+-->
+<ruleset name="prichernomorie.com.ua" platform="mixedcontent">
+	<target host="prichernomorie.com.ua" />
+	<target host="www.prichernomorie.com.ua" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/primelocation.com.xml b/src/chrome/content/rules/primelocation.com.xml
new file mode 100644
index 000000000000..f009e10d5e6e
--- /dev/null
+++ b/src/chrome/content/rules/primelocation.com.xml
@@ -0,0 +1,77 @@
+<!--
+	^primelocation.com: Redirect differs
+
+
+	Problematic hosts in *primelocation.com:
+
+		- ^ *
+		- inspiration ᵐ
+
+	* Redirect differs
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these domains: ᶜ
+
+		- .primelocation.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="PrimeLocation.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.primelocation.com" />
+
+	<!--	Complications:
+				-->
+	<target host="primelocation.com" />
+	<target host="inspiration.primelocation.com" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.primelocation\.com/(?:$|android/$|apps/$|contact/$|help/$|privacy/$|sitemap/$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://(?:www\.)?primelocation\.com/(?!/*(?:myaccount|register|signin)(?:$|[?/]))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.primelocation.com/android/" />
+			<test url="http://www.primelocation.com/apps/" />
+			<test url="http://www.primelocation.com/contact/" />
+			<test url="http://www.primelocation.com/help/" />
+			<test url="http://www.primelocation.com/privacy/" />
+			<test url="http://www.primelocation.com/sitemap/" />
+
+			<!--	-ve:
+					-->
+			<test url="http://primelocation.com/myaccount/" />
+			<test url="http://www.primelocation.com/register/" />
+			<test url="http://www.primelocation.com/signin/forgot/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<securecookie host="^\.primelocation\.com$" name="^primelocationp?sid$" />
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+
+
+	<rule from="^http://primelocation\.com/"
+		to="https://www.primelocation.com/" />
+
+	<!--	Redirect keeps path and args,
+		but not forward slash:
+					-->
+	<rule from="^http://inspiration\.primelocation\.com/+"
+		to="https://clippings.com/" />
+
+		<test url="http://inspiration.primelocation.com/sale" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/primustel.ca.xml b/src/chrome/content/rules/primustel.ca.xml
new file mode 100644
index 000000000000..6120fc6ab4d4
--- /dev/null
+++ b/src/chrome/content/rules/primustel.ca.xml
@@ -0,0 +1,27 @@
+<!--
+	(www.)?primustel.ca: expired, self-signed
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- primustel.ca
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Primustel.ca (partial)">
+
+	<target host="ecare.primustel.ca" />
+	<target host="myaccount.primustel.ca" />
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^primustel\.ca$" name="^(?:frontend|geolocation)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/prisguide.no.xml b/src/chrome/content/rules/prisguide.no.xml
new file mode 100644
index 000000000000..9ca1a0fc2999
--- /dev/null
+++ b/src/chrome/content/rules/prisguide.no.xml
@@ -0,0 +1,16 @@
+<ruleset name="Prisguide.no">
+
+	<target host="prisguide.no" />
+	<target host="static.prisguide.no" />
+	<target host="www.prisguide.no" />
+
+		<test url="http://static.prisguide.no/lib/noUiSlider-7.0.9/jquery.nouislider.pips.min.css" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/privacyfoundation.ch.xml b/src/chrome/content/rules/privacyfoundation.ch.xml
new file mode 100644
index 000000000000..9aaf09e3b014
--- /dev/null
+++ b/src/chrome/content/rules/privacyfoundation.ch.xml
@@ -0,0 +1,22 @@
+<!--
+	Problematic hosts in *privacyfoundation.ch:
+
+		- slides ᵉ ᵐ
+
+	ᵉ Expired
+	ᵐ Mismatched
+
+-->
+<ruleset name="Privacy Foundation.ch (partial)">
+
+	<target host="privacyfoundation.ch" />
+	<target host="www.privacyfoundation.ch" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/privacyintyqcroe.onion.xml b/src/chrome/content/rules/privacyintyqcroe.onion.xml
new file mode 100644
index 000000000000..9c39a9de1c79
--- /dev/null
+++ b/src/chrome/content/rules/privacyintyqcroe.onion.xml
@@ -0,0 +1,16 @@
+<!--
+	Privacy International .onion website.
+
+	The certificate is wildcard and we can't use Sublist3r for .onion domains so this ruleset is wildcard.
+-->
+
+<ruleset name="privacyintyqcroe.onion">
+	<target host="privacyintyqcroe.onion" />
+	<target host="*.privacyintyqcroe.onion" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+	<test url="http://www.privacyintyqcroe.onion/" />
+</ruleset>
diff --git a/src/chrome/content/rules/prnt.sc.xml b/src/chrome/content/rules/prnt.sc.xml
new file mode 100644
index 000000000000..91d7fdfa3ec3
--- /dev/null
+++ b/src/chrome/content/rules/prnt.sc.xml
@@ -0,0 +1,15 @@
+<!--
+	HTTP ≠ HTTPS:
+		- www
+-->
+<ruleset name="prnt.sc">
+	<target host="prnt.sc" />
+	<target host="www.prnt.sc" />
+	<target host="ads.prnt.sc" />
+	<target host="app.prnt.sc" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://www\.prnt\.sc/" to="https://prnt.sc/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/pro.hostingas.lt.xml b/src/chrome/content/rules/pro.hostingas.lt.xml
new file mode 100644
index 000000000000..433d0618429d
--- /dev/null
+++ b/src/chrome/content/rules/pro.hostingas.lt.xml
@@ -0,0 +1,6 @@
+<ruleset name="pro.hostingas.lt">
+	<target host="pro.hostingas.lt" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/proXPN.xml b/src/chrome/content/rules/proXPN.xml
new file mode 100644
index 000000000000..64b52d88ba37
--- /dev/null
+++ b/src/chrome/content/rules/proXPN.xml
@@ -0,0 +1,18 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://get.proxpn.com/ => https://get.proxpn.com/: (51, "SSL: no alternative certificate subject name matches target host name 'get.proxpn.com'")
+
+-->
+<ruleset name="proXPN" default_off="failed ruleset test">
+	<target host=        "proxpn.com" />
+	<target host=   "blog.proxpn.com" />
+	<target host=    "get.proxpn.com" />
+	<target host="support.proxpn.com" />
+	<target host=    "www.proxpn.com" />
+
+  	<securecookie host="^.*\.proxpn\.com$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/probay.in.xml b/src/chrome/content/rules/probay.in.xml
new file mode 100644
index 000000000000..1d745802ed67
--- /dev/null
+++ b/src/chrome/content/rules/probay.in.xml
@@ -0,0 +1,8 @@
+<ruleset name="probay.in">
+	<target host="probay.in" />
+	<target host="www.probay.in" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/profibeer.ru.xml b/src/chrome/content/rules/profibeer.ru.xml
new file mode 100644
index 000000000000..a1bc67cd6fb9
--- /dev/null
+++ b/src/chrome/content/rules/profibeer.ru.xml
@@ -0,0 +1,5 @@
+<ruleset name="profibeer.ru">
+	<target host="profibeer.ru" />
+	<target host="www.profibeer.ru" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/profintel.ru.xml b/src/chrome/content/rules/profintel.ru.xml
new file mode 100644
index 000000000000..4850e08da502
--- /dev/null
+++ b/src/chrome/content/rules/profintel.ru.xml
@@ -0,0 +1,12 @@
+<!--
+forum.profintel.ru mismatch
+icepilots.profintel.ru mismatch
+-->
+<ruleset name="profintel.ru">
+	<target host="profintel.ru" />
+	<target host="www.profintel.ru" />
+	<target host="webmail.profintel.ru" />
+	<target host="stat.profintel.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/profiseller.de.xml b/src/chrome/content/rules/profiseller.de.xml
new file mode 100644
index 000000000000..a2a1a4d0b6b3
--- /dev/null
+++ b/src/chrome/content/rules/profiseller.de.xml
@@ -0,0 +1,16 @@
+<ruleset name="Profiseller">
+
+        <!-- Some subdomains don't have valid certificates and redirect to `www` with args. -->
+
+        <target host="profiseller.de" />
+        <target host="*.profiseller.de" />
+
+        <test url="http://p297863843.profiseller.de/" />
+        <test url="http://p3782141.profiseller.de/" />
+        <test url="http://www.p297863843.profiseller.de/" />
+        <test url="http://www.p3782141.profiseller.de/" />
+
+        <rule from="^http://(p\d+)\.profiseller\.de/" to="https://www.profiseller.de/shop1/index.php3?ps_id=$1" />
+        <rule from="^http://www\.(p\d+)\.profiseller\.de/" to="https://www.profiseller.de/shop1/index.php3?ps_id=$1" />
+        <rule from="^http://(www\.)?profiseller\.de/" to="https://www.profiseller.de/"/>
+</ruleset>
diff --git a/src/chrome/content/rules/progressivetech.org.xml b/src/chrome/content/rules/progressivetech.org.xml
new file mode 100644
index 000000000000..f440fc52389d
--- /dev/null
+++ b/src/chrome/content/rules/progressivetech.org.xml
@@ -0,0 +1,12 @@
+<ruleset name="progressivetech.org">
+
+	<target host="network.progressivetech.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/projectable.me.xml b/src/chrome/content/rules/projectable.me.xml
new file mode 100644
index 000000000000..eb48d0e2f664
--- /dev/null
+++ b/src/chrome/content/rules/projectable.me.xml
@@ -0,0 +1,5 @@
+<ruleset name="projectable.me">
+	<target host="projectable.me" />
+	<target host="www.projectable.me" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/projectatomic.io.xml b/src/chrome/content/rules/projectatomic.io.xml
new file mode 100644
index 000000000000..aa7b655704a2
--- /dev/null
+++ b/src/chrome/content/rules/projectatomic.io.xml
@@ -0,0 +1,22 @@
+<!--
+projectatomic.io ¹
+ask.projectatomic.io ⁴
+docs.projectatomic.io ¹
+download.projectatomic.io ²
+lists.projectatomic.io ⁴
+
+
+¹ mismatch
+² refused
+⁴ self signed
+-->
+<ruleset name="projectatomic.io">
+	<target host="www.projectatomic.io" />
+
+	<target host="projectatomic.io" />
+
+	<rule from="^http://projectatomic\.io/"
+		to="https://www.projectatomic.io/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/projectdev.org.xml b/src/chrome/content/rules/projectdev.org.xml
new file mode 100644
index 000000000000..8bdf3968fea2
--- /dev/null
+++ b/src/chrome/content/rules/projectdev.org.xml
@@ -0,0 +1,15 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://wiki.projectdev.org/ => https://wiki.projectdev.org/: (6, 'Could not resolve host: wiki.projectdev.org')
+Fetch error: http://web.projectdev.org/ => https://web.projectdev.org/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="projectdev.org" default_off="failed ruleset test">
+	<target host="projectdev.org" />
+	<target host="www.projectdev.org" />
+	<target host="wiki.projectdev.org" />
+	<target host="web.projectdev.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/projectgus.com.xml b/src/chrome/content/rules/projectgus.com.xml
new file mode 100644
index 000000000000..3fb7ce9affcd
--- /dev/null
+++ b/src/chrome/content/rules/projectgus.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="Project Gus.com">
+
+	<target host="projectgus.com" />
+	<target host="www.projectgus.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/prokopievsk.ru.xml b/src/chrome/content/rules/prokopievsk.ru.xml
new file mode 100644
index 000000000000..4a5f90590fc3
--- /dev/null
+++ b/src/chrome/content/rules/prokopievsk.ru.xml
@@ -0,0 +1,37 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.2gis.prokopievsk.ru/ => https://www.2gis.prokopievsk.ru/: Too many redirects while fetching 'https://www.2gis.prokopievsk.ru/'
+
+catalog.prokopievsk.ru ¹
+forum.prokopievsk.ru ⁴
+horo.prokopievsk.ru ⁴
+love.prokopievsk.ru ¹
+pda.prokopievsk.ru ¹
+pda-forum.prokopievsk.ru ¹
+picasa.prokopievsk.ru ¹
+pogoda.prokopievsk.ru ⁴
+poisk.prokopievsk.ru ⁴
+qa.prokopievsk.ru ¹
+r.prokopievsk.ru ⁵
+www.r.prokopievsk.ru ⁵
+reader.prokopievsk.ru ⁴
+realty.prokopievsk.ru ⁴
+search.prokopievsk.ru ⁴
+top.prokopievsk.ru ¹
+tv.prokopievsk.ru ¹
+webcam.prokopievsk.ru ⁴
+
+
+¹ mismatch
+⁴ self signed
+⁵ expired
+-->
+<ruleset name="prokopievsk.ru" default_off="failed ruleset test">
+	<target host="prokopievsk.ru" />
+	<target host="www.prokopievsk.ru" />
+	<target host="2gis.prokopievsk.ru" />
+	<target host="www.2gis.prokopievsk.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/promisejs.org.xml b/src/chrome/content/rules/promisejs.org.xml
new file mode 100644
index 000000000000..bc05e95588dd
--- /dev/null
+++ b/src/chrome/content/rules/promisejs.org.xml
@@ -0,0 +1,6 @@
+<ruleset name="promisejs.org">
+	<target host="promisejs.org" />
+	<target host="www.promisejs.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/pronoun.is.xml b/src/chrome/content/rules/pronoun.is.xml
new file mode 100644
index 000000000000..439d9722ba63
--- /dev/null
+++ b/src/chrome/content/rules/pronoun.is.xml
@@ -0,0 +1,23 @@
+<!--
+	Mismatch:
+		hubots.pronoun.is
+		my.pronoun.is
+		www.pronoun.is
+
+	Remark: *.pronoun.is has a wildcard DNS record.
+-->
+<ruleset name="pronoun.is">
+	<target host="hubots.pronoun.is" />
+	<target host="my.pronoun.is" />
+	<target host="www.pronoun.is" />
+
+	<target host="pronoun.is" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://hubots\.pronoun\.is/" to="https://pronoun.is/" />
+	<rule from="^http://my\.pronoun\.is/" to="https://pronoun.is/" />
+	<rule from="^http://www\.pronoun\.is/" to="https://pronoun.is/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/proovl.com.xml b/src/chrome/content/rules/proovl.com.xml
new file mode 100644
index 000000000000..9c8bbae1fe57
--- /dev/null
+++ b/src/chrome/content/rules/proovl.com.xml
@@ -0,0 +1,12 @@
+<!--
+x.proovl.com ⁴
+
+
+⁴ self signed
+-->
+<ruleset name="proovl.com">
+	<target host="proovl.com" />
+	<target host="www.proovl.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/propolevskoy.ru.xml b/src/chrome/content/rules/propolevskoy.ru.xml
new file mode 100644
index 000000000000..eeb3a7bef359
--- /dev/null
+++ b/src/chrome/content/rules/propolevskoy.ru.xml
@@ -0,0 +1,6 @@
+<!-- adspol. mismatch -->
+<ruleset name="propolevskoy.ru">
+	<target host="propolevskoy.ru" />
+	<target host="www.propolevskoy.ru" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/propub3r6espa33w.onion.xml b/src/chrome/content/rules/propub3r6espa33w.onion.xml
new file mode 100644
index 000000000000..524d5db88b18
--- /dev/null
+++ b/src/chrome/content/rules/propub3r6espa33w.onion.xml
@@ -0,0 +1,28 @@
+<!--
+	For related clearnet rules, see ProPublica.org.xml
+
+	See
+	https://www.propublica.org/nerds/a-more-secure-and-anonymous-propublica-using-tor-hidden-services
+	for a discussion about ProPublica's .onion services.
+	In particular, this page links to
+	https://gist.githubusercontent.com/mtigas/0d49b42fab6f9d2f7e69/raw/2-tor
+	which has a list of ProPublica .onion domains.
+
+	Invalid certificate:
+		ppasset42kropoy6.onion
+
+	Refused:
+		pubapp7v22ykdou3.onion
+
+-->
+<ruleset name="ProPublica (onion)">
+
+	<target host="propub3r6espa33w.onion" />
+	<target host="www.propub3r6espa33w.onion" />
+	<target host="cdn.propub3r6espa33w.onion" />
+	<target host="projects.propub3r6espa33w.onion" />
+	<target host="static.propub3r6espa33w.onion" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/protvino.net.xml b/src/chrome/content/rules/protvino.net.xml
new file mode 100644
index 000000000000..6f6913180989
--- /dev/null
+++ b/src/chrome/content/rules/protvino.net.xml
@@ -0,0 +1,25 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://mail.protvino.net/ => https://mail.protvino.net/: (51, "SSL: no alternative certificate subject name matches target host name 'mail.protvino.net'")
+
+www.protvino.net self signed
+help.protvino.net self signed
+podpiska.protvino.net mismatch
+stat.protvino.net self signed
+support.protvino.net mismatch
+hs.protvino.net mismatch
+uefa2016.protvino.net timed out
+-->
+<ruleset name="protvino.net (partial)" default_off="failed ruleset test">
+	<target host="protvino.net" />
+	<target host="www.protvino.net" />
+	<target host="mail.protvino.net" />
+
+	<rule from="^http://www\.protvino\.net/"
+		to="https://protvino.net/" />
+
+	<test url="http://www.protvino.net/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/providercentral.org.uk.xml b/src/chrome/content/rules/providercentral.org.uk.xml
new file mode 100644
index 000000000000..b8e65840a254
--- /dev/null
+++ b/src/chrome/content/rules/providercentral.org.uk.xml
@@ -0,0 +1,31 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.providercentral.org.uk/ => https://www.providercentral.org.uk/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://providercentral.org.uk/ => https://www.providercentral.org.uk/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	^providercentral.org.uk: Handshake fails
+
+-->
+<ruleset name="Provider Central.org.uk" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.providercentral.org.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="providercentral.org.uk" />
+
+
+	<securecookie host="^\." name="^_gat?$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://providercentral\.org\.uk/"
+		to="https://www.providercentral.org.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/provisu.ch.xml b/src/chrome/content/rules/provisu.ch.xml
new file mode 100644
index 000000000000..86789b78178d
--- /dev/null
+++ b/src/chrome/content/rules/provisu.ch.xml
@@ -0,0 +1,27 @@
+<!--
+	STS header includes includeSubdomains
+	for ^, www
+
+-->
+<ruleset name="Pro Visu.ch">
+
+	<target host="provisu.ch" />
+	<target host="*.provisu.ch" />
+
+		<!--	includeSubdomains applies to one level only, so:
+									-->
+		<exclusion pattern="^http://(?:[^.]+\.){2,}provisu\.ch/" />
+
+			<!--	+ve:
+					-->
+			<test url="http://this.host.provisu.ch/" />
+			<test url="http://exists.not.provisu.ch/" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/proxy-list.org.xml b/src/chrome/content/rules/proxy-list.org.xml
new file mode 100644
index 000000000000..ab279c859ad4
--- /dev/null
+++ b/src/chrome/content/rules/proxy-list.org.xml
@@ -0,0 +1,15 @@
+<!--
+	Invalid certificate:
+		affiliate.proxy-list.org
+
+-->
+<ruleset name="Proxy-List.org">
+
+	<target host="proxy-list.org" />
+	<target host="www.proxy-list.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/proxyportal.org.xml b/src/chrome/content/rules/proxyportal.org.xml
new file mode 100644
index 000000000000..02d2ca681b76
--- /dev/null
+++ b/src/chrome/content/rules/proxyportal.org.xml
@@ -0,0 +1,97 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://piratebit.tech/ => https://piratebit.tech/: (6, 'Could not resolve host: piratebit.tech')
+Fetch error: http://www.piratebit.tech/ => https://www.piratebit.tech/: (6, 'Could not resolve host: www.piratebit.tech')
+Fetch error: http://www.pirateproxy.press/ => https://www.pirateproxy.press/: (6, 'Could not resolve host: www.pirateproxy.press')
+Fetch error: http://baymirror.date/ => https://baymirror.date/: (7, 'Failed to connect to baymirror.date port 443: Connection refused')
+Fetch error: http://www.baymirror.date/ => https://www.baymirror.date/: (7, 'Failed to connect to www.baymirror.date port 443: Connection refused')
+Fetch error: http://tpbpro.xyz/ => https://tpbpro.xyz/: (6, 'Could not resolve host: tpbpro.xyz')
+Fetch error: http://www.tpbpro.xyz/ => https://www.tpbpro.xyz/: (6, 'Could not resolve host: www.tpbpro.xyz')
+Fetch error: http://baymirror.tech/ => https://baymirror.tech/: (7, 'Failed to connect to baymirror.tech port 443: Connection refused')
+Fetch error: http://www.baymirror.tech/ => https://www.baymirror.tech/: (7, 'Failed to connect to www.baymirror.tech port 443: Connection refused')
+Fetch error: http://ourbay.xyz/ => https://ourbay.xyz/: (6, 'Could not resolve host: ourbay.xyz')
+Fetch error: http://www.ourbay.xyz/ => https://www.ourbay.xyz/: (6, 'Could not resolve host: www.ourbay.xyz')
+Fetch error: http://baymirror.win/ => https://baymirror.win/: (7, 'Failed to connect to baymirror.win port 443: Connection refused')
+Fetch error: http://www.baymirror.win/ => https://www.baymirror.win/: (7, 'Failed to connect to www.baymirror.win port 443: Connection refused')
+Fetch error: http://piratebox.top/ => https://piratebox.top/: (6, 'Could not resolve host: piratebox.top')
+Fetch error: http://www.piratebox.top/ => https://www.piratebox.top/: (6, 'Could not resolve host: www.piratebox.top')
+Fetch error: http://bayproxy.date/ => https://bayproxy.date/: (7, 'Failed to connect to bayproxy.date port 443: Connection refused')
+Fetch error: http://www.bayproxy.date/ => https://www.bayproxy.date/: (7, 'Failed to connect to www.bayproxy.date port 443: Connection refused')
+Fetch error: http://thebay.space/ => https://thebay.space/: (6, 'Could not resolve host: thebay.space')
+Fetch error: http://www.thebay.space/ => https://www.thebay.space/: (6, 'Could not resolve host: www.thebay.space')
+Fetch error: http://bayproxy.press/ => https://bayproxy.press/: (7, 'Failed to connect to bayproxy.press port 443: Connection refused')
+Fetch error: http://www.bayproxy.press/ => https://www.bayproxy.press/: (7, 'Failed to connect to www.bayproxy.press port 443: Connection refused')
+Fetch error: http://piratebay.site/ => https://piratebay.site/: (51, "SSL: no alternative certificate subject name matches target host name 'piratebay.site'")
+Fetch error: http://www.piratebay.site/ => https://www.piratebay.site/: (51, "SSL: no alternative certificate subject name matches target host name 'www.piratebay.site'")
+Fetch error: http://bayproxy.site/ => https://bayproxy.site/: (6, 'Could not resolve host: bayproxy.site')
+Fetch error: http://www.bayproxy.site/ => https://www.bayproxy.site/: (6, 'Could not resolve host: www.bayproxy.site')
+Fetch error: http://thepiratebay.unblocked.host/ => https://thepiratebay.unblocked.host/: (6, 'Could not resolve host: thepiratebay.unblocked.host')
+Fetch error: http://thepiratebay.bypassed.press/ => https://thepiratebay.bypassed.press/: (6, 'Could not resolve host: thepiratebay.bypassed.press')
+Fetch error: http://thepiratebay.immunicity.top/ => https://thepiratebay.immunicity.top/: (7, 'Failed to connect to thepiratebay.immunicity.top port 443: Connection refused')
+Fetch error: http://thepiratebay.immunicity.press/ => https://thepiratebay.immunicity.press/: (6, 'Could not resolve host: thepiratebay.immunicity.press')
+Fetch error: http://thepiratebay.immunicity.online/ => https://thepiratebay.immunicity.online/: (7, 'Failed to connect to thepiratebay.immunicity.online port 443: Connection refused')
+Fetch error: http://thepiratebay.immunicity.date/ => https://thepiratebay.immunicity.date/: (7, 'Failed to connect to thepiratebay.immunicity.date port 443: Connection refused')
+Fetch error: http://thepiratebay.unblockerproxy.xyz/ => https://thepiratebay.unblockerproxy.xyz/: (7, 'Failed to connect to thepiratebay.unblockerproxy.xyz port 443: Connection refused')
+Fetch error: http://thepiratebay.webypass.xyz/ => https://thepiratebay.webypass.xyz/: (6, 'Could not resolve host: thepiratebay.webypass.xyz')
+
+pirateproxy.press non-2xx http code
+-->
+<!--The Pirate Bay proxies from proxyportal.org Main ruleset: ThePirateBay.xml-->
+<ruleset name="proxyportal.org" default_off="failed ruleset test">
+	<target host="piratebit.tech" />
+	<target host="www.piratebit.tech" />
+	<target host="www.pirateproxy.press" />
+	<target host="baymirror.date" />
+	<target host="www.baymirror.date" />
+	<target host="tpbpro.xyz" />
+	<target host="www.tpbpro.xyz" />
+	<target host="baymirror.tech" />
+	<target host="www.baymirror.tech" />
+	<target host="ourbay.xyz" />
+	<target host="www.ourbay.xyz" />
+	<target host="baymirror.win" />
+	<target host="www.baymirror.win" />
+	<target host="piratebox.top" />
+	<target host="www.piratebox.top" />
+	<target host="bayproxy.date" />
+	<target host="www.bayproxy.date" />
+	<target host="thebay.space" />
+	<target host="www.thebay.space" />
+	<target host="bayproxy.press" />
+	<target host="www.bayproxy.press" />
+	<target host="piratebay.site" />
+	<target host="www.piratebay.site" />
+	<target host="bayproxy.site" />
+	<target host="www.bayproxy.site" />
+	<target host="pirateproxy.site" />
+	<target host="www.pirateproxy.site" />
+	<target host="thepiratebay.unblocked.stream" />
+	<target host="thepiratebay.unblocked.date" />
+	<target host="thepiratebay.unblocked.host" />
+	<target host="thepiratebay.unblocked.faith" />
+	<target host="thepiratebay.bypassed.faith" />
+	<target host="thepiratebay.bypassed.host" />
+	<target host="thepiratebay.bypassed.me" />
+	<target host="thepiratebay.bypassed.org" />
+	<target host="thepiratebay.bypassed.bid" />
+	<target host="thepiratebay.bypassed.date" />
+	<target host="thepiratebay.bypassed.download" />
+	<target host="thepiratebay.bypassed.club" />
+	<target host="thepiratebay.bypassed.online" />
+	<target host="thepiratebay.bypassed.party" />
+	<target host="thepiratebay.bypassed.press" />
+	<target host="thepiratebay.bypassed.pw" />
+	<target host="thepiratebay.bypassed.site" />
+	<target host="thepiratebay.immunicity.host" />
+	<target host="thepiratebay.immunicity.win" />
+	<target host="thepiratebay.immunicity.top" />
+	<target host="thepiratebay.immunicity.press" />
+	<target host="thepiratebay.immunicity.online" />
+	<target host="thepiratebay.immunicity.date" />
+	<target host="thepiratebay.immunicity.party" />
+	<target host="thepiratebay.unblockerproxy.xyz" />
+	<target host="thepiratebay.webypass.xyz" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/proxytpb.nl.xml b/src/chrome/content/rules/proxytpb.nl.xml
new file mode 100644
index 000000000000..bef3e0328f31
--- /dev/null
+++ b/src/chrome/content/rules/proxytpb.nl.xml
@@ -0,0 +1,8 @@
+<ruleset name="proxytpb.nl">
+	<target host="proxytpb.nl" />
+	<target host="www.proxytpb.nl" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/proza.ru.xml b/src/chrome/content/rules/proza.ru.xml
new file mode 100644
index 000000000000..c1380cc52637
--- /dev/null
+++ b/src/chrome/content/rules/proza.ru.xml
@@ -0,0 +1,12 @@
+<!--
+Invalid certificate:
+	www2.proza.ru
+	www3.proza.ru
+	portal.proza.ru
+-->
+<ruleset name="proza.ru">
+	<target host="proza.ru"/>
+	<target host="www.proza.ru"/>
+
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/prtimes.jp.xml b/src/chrome/content/rules/prtimes.jp.xml
new file mode 100644
index 000000000000..0eb435e01d4e
--- /dev/null
+++ b/src/chrome/content/rules/prtimes.jp.xml
@@ -0,0 +1,25 @@
+<!--
+
+	nonfunctional subdomains:
+
+		cal	(reset)
+
+	Problematic subdomains:
+
+		- www	(invalid)
+		- mail	(invalid)
+
+-->
+<ruleset name="prtimes.jp (partial)">
+
+	<target host="prtimes.jp" />
+
+	<rule from="^http://prtimes\.jp/(common/|i/|prn/)"
+		to="https://prtimes.jp/$1" />
+
+		<exclusion pattern="^http://prtimes\.jp/$" />
+		<test url="http://prtimes.jp/common/" />
+		<test url="http://prtimes.jp/i/" />
+		<test url="http://prtimes.jp/prn/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/psiphon.ca.xml b/src/chrome/content/rules/psiphon.ca.xml
new file mode 100644
index 000000000000..869a29292894
--- /dev/null
+++ b/src/chrome/content/rules/psiphon.ca.xml
@@ -0,0 +1,7 @@
+<ruleset name="psiphon.ca">
+	<target host="psiphon.ca" />
+	<target host="www.psiphon.ca" />
+	<target host="blog.psiphon.ca" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/pskovline.ru.xml b/src/chrome/content/rules/pskovline.ru.xml
new file mode 100644
index 000000000000..25281269007f
--- /dev/null
+++ b/src/chrome/content/rules/pskovline.ru.xml
@@ -0,0 +1,15 @@
+<!--
+pskovline.ru timed out
+www.pskovline.ru timed out
+podpiska.pskovline.ru mismatch
+tel.pskovline.ru timed out
+wiki.pskovline.ru mismatch
+net188130242162.pskovline.ru timed out
+ns2ipv6.pskovline.ru mismatch
+mail.pskovline.ru timed out
+-->
+<ruleset name="pskovline.ru (partial)">
+	<target host="stat.pskovline.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/pspx.ru.xml b/src/chrome/content/rules/pspx.ru.xml
new file mode 100644
index 000000000000..1d868dda34c9
--- /dev/null
+++ b/src/chrome/content/rules/pspx.ru.xml
@@ -0,0 +1,14 @@
+<!--
+	Invalid certificate:
+		ftp.pspx.ru
+-->
+<ruleset name="pspx.ru">
+	<target host="pspx.ru" />
+	<target host="www.pspx.ru" />
+	<target host="dress.pspx.ru" />
+	<target host="mag.pspx.ru" />
+	<target host="vast.pspx.ru" />
+	<target host="wiki.pspx.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/psychcentral.com.xml b/src/chrome/content/rules/psychcentral.com.xml
new file mode 100644
index 000000000000..434b204eac8a
--- /dev/null
+++ b/src/chrome/content/rules/psychcentral.com.xml
@@ -0,0 +1,37 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- .psychcentral.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css on blogs from fonts.googleapis.com ˢ
+		- Images on blogs from $self ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="PsychCentral.com">
+
+	<target host="psychcentral.com" />
+	<target host="blogs.psychcentral.com" />
+	<target host="forums.psychcentral.com" />
+	<target host="pro.psychcentral.com" />
+	<target host="www.psychcentral.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.psychcentral\.com$" name="^pcbbsessionhash$" /-->
+
+	<securecookie host="^\." name="(?:^__qca|sessionhash)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ptc.com.xml b/src/chrome/content/rules/ptc.com.xml
new file mode 100644
index 000000000000..d593ef3a6da9
--- /dev/null
+++ b/src/chrome/content/rules/ptc.com.xml
@@ -0,0 +1,130 @@
+<!--
+	Other PTC rulesets:
+
+		- ptcusercommunity.com.xml
+
+
+	Nonfunctional hosts in *ptc.com:
+
+		- blogs ʰ
+
+		- de.creo ʰ
+		- fr.creo ʰ
+		- it.creo ʰ
+		- ja.creo ʰ
+
+		- de ʰ
+		- es ʰ
+		- fr ʰ
+		- investor ᵈ
+		- it ʰ
+		- ja ʰ
+		- ko ʰ
+		- liveexchange ᶠ
+		- liveforum ᶠ
+		- livestuttgart ᶠ
+		- ru ʰ
+
+	ᵈ Dropped
+	ᶠ Handshake fails
+	ʰ Redirects to http
+
+
+	Problematic hosts in *ptc.com:
+
+		- assessments ᶜ
+		- pfiles[12] ᵐ
+		- ptcindiajobs ᵐ ˢ
+
+	ᵐ Mismatched
+	ˢ Self-signed
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- .ptc.com
+		- assessments.ptc.com
+		- communities.ptc.com
+		- precisionlms.ptc.com
+		- www.ptc.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css on ptcindiajobs from fonts.googleapis.com ˢ
+		- Images on ptcindiajobs from companies.naukri.com
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="PTC.com (partial)">
+
+	<target host="ptc.com" />
+	<!--target host="assessments.ptc.com" /-->
+	<target host="careers.ptc.com" />
+	<target host="communities.ptc.com" />
+	<target host="help.ptc.com" />
+	<target host="learningexchange.ptc.com" />
+	<target host="login.ptc.com" />
+	<target host="precisionlms.ptc.com" />
+	<target host="share.ptc.com" />
+	<target host="support.ptc.com" />
+	<target host="thingworx.ptc.com" />
+	<target host="www.ptc.com" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="http://support\.ptc\.com/(?:apps/help_center/help/$|appserver/search/(?:resellers|software-partners)\.jsp|appserver/support/account/my_account\.jsp|appserver/support/csguide/csguide\.jsp|common/account/index\.htm|support/$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="http://support\.ptc\.com/(?!/*appserver/(?:auth/authenticate\.jsp|common/(?:account/(?:createAccount\.jsp|password\.jsp|ssl/)|login/ssl/)))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://support.ptc.com/apps/help_center/help/" />
+			<test url="http://support.ptc.com/appserver/search/resellers.jsp" />
+			<test url="http://support.ptc.com/appserver/search/software-partners.jsp" />
+			<test url="http://support.ptc.com/appserver/support/account/my_account.jsp" />
+			<test url="http://support.ptc.com/appserver/support/csguide/csguide.jsp" />
+			<test url="http://support.ptc.com/common/account/index.htm" />
+			<test url="http://support.ptc.com/support/" />
+
+			<!--	-ve:
+					-->
+			<test url="http://support.ptc.com/apps/jawr/981380950/bundles/print.css" /><!--	451 -->
+			<test url="http://support.ptc.com/appserver/auth/authenticate.jsp" />
+			<test url="http://support.ptc.com/appserver/common/account/createAccount.jsp" />
+			<test url="http://support.ptc.com/appserver/common/account/password.jsp" />
+			<test url="http://support.ptc.com/appserver/common/account/ssl/passwordReset.jsp" />
+			<test url="http://support.ptc.com/appserver/common/login/ssl/login.jsp" />
+			<test url="http://support.ptc.com/common/css/apps/wam.css" /><!--	1976 -->
+			<test url="http://support.ptc.com/common/css/partners/search.css" /><!--	297 -->
+			<test url="http://support.ptc.com/images/960/sprite-vertical-backgrounds.png" /><!--	561 -->
+			<test url="http://support.ptc.com/images/common/icon_help.png" /><!--	786 -->
+			<test url="http://support.ptc.com/images/cs/portal/2012b2b/Create_a_New_Account.png" /><!--	3864 -->
+
+		<!--
+		<test url="http://pfiles1.ptc.com/apps/jawr/N1189581387/bundles/media.js" />
+		<test url="http://pfiles2.ptc.com/images/960/country_flags/us.png" />
+		-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.ptc\.com$" name="^(?:Apache|country|lang)$" /-->
+	<!--securecookie host="^assessments\.ptc\.com$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^communities\.ptc\.com$" name="^BIGipServer" /-->
+	<!--securecookie host="^precisionlms\.ptc\.com$" name="^AWSELB$" /-->
+	<!--securecookie host="^www\.ptc\.com$" name="^(?:ASP\.NET_sessionId|ptc-current-sid|ptc-daily-sid|sc_expview)$" /-->
+
+	<securecookie host="^\." name="^_ga" />
+	<securecookie host="^(?!support\.)\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ptcusercommunity.com.xml b/src/chrome/content/rules/ptcusercommunity.com.xml
new file mode 100644
index 000000000000..235dc050735c
--- /dev/null
+++ b/src/chrome/content/rules/ptcusercommunity.com.xml
@@ -0,0 +1,30 @@
+<!--
+	For other PTC coverage, see ptc.com.xml.
+
+
+	^ptcusercommunity.com does not exist.
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.ptcusercommunity.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="PTC User Community.com">
+
+	<target host="www.ptcusercommunity.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.ptcusercommunity\.com$" name="^(?:BIGipServer|jive\.login\.ts$|jive\.security\.context$)" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/pub2srv.com.xml b/src/chrome/content/rules/pub2srv.com.xml
new file mode 100644
index 000000000000..b67f56e3cba7
--- /dev/null
+++ b/src/chrome/content/rules/pub2srv.com.xml
@@ -0,0 +1,16 @@
+<!--
+	For other Propeller Ads Media coverage, see PropellerAds.xml.
+
+-->
+<ruleset name="pub2srv.com">
+
+	<target host="go.pub2srv.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/publicaffairsnews.com.xml b/src/chrome/content/rules/publicaffairsnews.com.xml
new file mode 100644
index 000000000000..1a487375883b
--- /dev/null
+++ b/src/chrome/content/rules/publicaffairsnews.com.xml
@@ -0,0 +1,22 @@
+<!--
+	Mixed content:
+
+		- Images from www.publicaffairsnews.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Public Affairs News.com">
+
+	<target host="publicaffairsnews.com" />
+	<target host="www.publicaffairsnews.com" />
+
+
+	<securecookie host="^\." name="^_ga" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/publish2.me.xml b/src/chrome/content/rules/publish2.me.xml
new file mode 100644
index 000000000000..f3885f56a02d
--- /dev/null
+++ b/src/chrome/content/rules/publish2.me.xml
@@ -0,0 +1,40 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- publish2.me
+		- help.publish2.me
+		- www.publish2.me
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Publish2.me">
+
+	<target host="publish2.me" />
+	<target host="help.publish2.me" />
+	<target host="static4.publish2.me" />
+	<target host="static5.publish2.me" />
+	<target host="www.publish2.me" />
+
+		<!--	Sets cookie without Secure:
+							-->
+		<!--test url="http://publish2.me/auth/checkout.html?buy=4" /-->
+
+		<test url="http://static4.publish2.me/ext/unify/assets/plugins/revolution_slider/rs-plugin/assets/timer.png" />
+		<test url="http://static5.publish2.me/ext/unify/assets/plugins/revolution_slider/rs-plugin/assets/timer.png" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?publish2\.me$" name="^sessid$" /-->
+	<!--securecookie host="^help\.publish2\.me$" name="^_rf$" /-->
+	<!--securecookie host="^www\.publish2\.me$" name="^YII_CSRF_TOKEN$" /-->
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/publishpartner.com.au.xml b/src/chrome/content/rules/publishpartner.com.au.xml
new file mode 100644
index 000000000000..27a4815a0de7
--- /dev/null
+++ b/src/chrome/content/rules/publishpartner.com.au.xml
@@ -0,0 +1,32 @@
+<!--
+	Problematic hosts in *publishpartner.com.au:
+
+		- public ᶜ
+
+	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
+
+
+	Insecure cookies are set for these domains:
+
+		- .publishpartner.com.au
+
+-->
+<ruleset name="Publish Partner.com.au (partial)">
+
+	<target host="publishpartner.com.au" />
+	<!--target host="public.publishpartner.com.au" /-->
+	<target host="www.publishpartner.com.au" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.publishpartner\.com\.au$" name="^frontend$" /-->
+
+	<securecookie host="^\." name="^frontend$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/publons.com.xml b/src/chrome/content/rules/publons.com.xml
new file mode 100644
index 000000000000..10abd1fd3c1a
--- /dev/null
+++ b/src/chrome/content/rules/publons.com.xml
@@ -0,0 +1,24 @@
+<!--
+        Invalid certificate:
+                click.publons.com
+                email.mg.publons.com
+                tracking.publons.com
+
+        No working URL known:
+                staging.publons.com (401)
+-->
+
+<ruleset name="Publons.com">
+
+	<target host="publons.com" />
+	<target host="www.publons.com" />
+	<target host="admin.publons.com" />
+	<target host="blog.publons.com" />
+	<target host="home.publons.com" />
+	<target host="prw.publons.com" />
+	<target host="prw2016.publons.com" />
+	<target host="sentry.publons.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/pubsqrd.com.xml b/src/chrome/content/rules/pubsqrd.com.xml
new file mode 100644
index 000000000000..3ac8ada9fec5
--- /dev/null
+++ b/src/chrome/content/rules/pubsqrd.com.xml
@@ -0,0 +1,24 @@
+<!--
+	Problematic hosts in *pubsqrd.com:
+
+		- ads ᵐ
+
+	ᵐ Mismatched
+
+-->
+<ruleset name="pubsqrd.com">
+
+	<!--	Complications:
+				-->
+	<target host="ads.pubsqrd.com" />
+
+		<test url="http://ads.pubsqrd.com/ttj?id=" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://ads\.pubsqrd\.com/"
+		to="https://secure.adnxs.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/pugetsystems.com.xml b/src/chrome/content/rules/pugetsystems.com.xml
new file mode 100644
index 000000000000..7a5332c79a65
--- /dev/null
+++ b/src/chrome/content/rules/pugetsystems.com.xml
@@ -0,0 +1,14 @@
+<ruleset name="Puget Systems.com">
+
+	<target host="pugetsystems.com" />
+	<target host="www.pugetsystems.com" />
+
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/puhtml.com.xml b/src/chrome/content/rules/puhtml.com.xml
new file mode 100644
index 000000000000..6dfa4e7598f8
--- /dev/null
+++ b/src/chrome/content/rules/puhtml.com.xml
@@ -0,0 +1,25 @@
+<ruleset name="puhtml.com">
+
+	<target host="puhtml.com" />
+	<target host="*.puhtml.com" />
+
+		<exclusion pattern="^http://(?!(?:pl\d+\.|www\.)?puhtml\.com/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://this.host.puhtml.com/" />
+			<test url="http://exists.not.puhtml.com/" />
+			<test url="http://really.not.puhtml.com/" />
+			<test url="http://honestly.not.puhtml.com/" />
+			<test url="http://one.more.puhtml.com/" />
+
+		<test url="http://www.puhtml.com/" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/puphpet.com.xml b/src/chrome/content/rules/puphpet.com.xml
new file mode 100644
index 000000000000..e296fc76e54b
--- /dev/null
+++ b/src/chrome/content/rules/puphpet.com.xml
@@ -0,0 +1,18 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://repo.puphpet.com/ => https://repo.puphpet.com/: (51, "SSL: no alternative certificate subject name matches target host name 'repo.puphpet.com'")
+
+beta.puphpet.com ¹
+
+
+¹ mismatch
+-->
+<ruleset name="puphpet.com" default_off="failed ruleset test">
+	<target host="puphpet.com" />
+	<target host="www.puphpet.com" />
+	<target host="blog.puphpet.com" />
+	<target host="repo.puphpet.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/pureos.net.xml b/src/chrome/content/rules/pureos.net.xml
new file mode 100644
index 000000000000..e0c9c79c84c1
--- /dev/null
+++ b/src/chrome/content/rules/pureos.net.xml
@@ -0,0 +1,18 @@
+<!--
+	Connection failed:
+		appstream.pureos.net
+-->
+<ruleset name="PureOS.net">
+
+	<target host="pureos.net" />
+	<target host="www.pureos.net" />
+	<target host="artemis.pureos.net" />
+	<target host="master.pureos.net" />
+	<target host="repo.pureos.net" />
+	<target host="tracker.pureos.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/puri.sm.xml b/src/chrome/content/rules/puri.sm.xml
new file mode 100644
index 000000000000..87b87cee0e68
--- /dev/null
+++ b/src/chrome/content/rules/puri.sm.xml
@@ -0,0 +1,75 @@
+<!--
+	Connection failed:
+		ctl.puri.sm
+
+	Invalid certificate:
+		conference.puri.sm
+		docker2.puri.sm
+		jitsi.puri.sm
+		media.puri.sm
+		www2.puri.sm
+
+	Timeout:
+		crm.puri.sm
+		erp.puri.sm
+		irc.puri.sm
+		meet.puri.sm
+		mx[1|2].puri.sm
+		nimoy.puri.sm
+		ns[1|2].puri.sm
+		odoo.puri.sm
+		project.puri.sm
+		proxmox([1-4])?.puri.sm
+		riot.puri.sm
+		rocket.puri.sm
+		taiga2.puri.sm
+		tickets.puri.sm
+		vhost1.puri.sm
+-->
+<ruleset name="Puri.sm">
+
+	<target host="puri.sm" />
+	<target host="www.puri.sm" />
+	<target host="alerts.puri.sm" />
+	<target host="announce.puri.sm" />
+	<target host="arm01.puri.sm" />
+	<target host="bck.puri.sm" />
+	<target host="chat.puri.sm" />
+	<target host="cloud.puri.sm" />
+	<target host="code.puri.sm" />
+	<target host="comms.puri.sm" />
+	<target host="deb.puri.sm" />
+	<target host="debug.puri.sm" />
+	<target host="dev.puri.sm" />
+	<target host="downloads.puri.sm" />
+	<target host="forums.puri.sm" />
+	<target host="graph.puri.sm" />
+	<target host="im.puri.sm" />
+	<target host="imap.puri.sm" />
+	<target host="int.puri.sm" />
+	<target host="ldap.puri.sm" />
+	<target host="lists.puri.sm" />
+	<target host="live.puri.sm" />
+	<target host="mail.puri.sm" />
+	<target host="matrix.puri.sm" />
+	<target host="mon.puri.sm" />
+	<target host="office.puri.sm" />
+	<target host="piwik.puri.sm" />
+	<target host="pop.puri.sm" />
+	<target host="pop3.puri.sm" />
+	<target host="repo.puri.sm" />
+	<target host="services.puri.sm" />
+	<target host="smtp.puri.sm" />
+	<target host="storage.puri.sm" />
+	<target host="talk.puri.sm" />
+	<target host="tracker.puri.sm" />
+	<target host="trackr.puri.sm" />
+	<target host="videos.puri.sm" />
+	<target host="web.puri.sm" />
+	<target host="wiki.puri.sm" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/pushshift.io.xml b/src/chrome/content/rules/pushshift.io.xml
new file mode 100644
index 000000000000..2d465d85c9fc
--- /dev/null
+++ b/src/chrome/content/rules/pushshift.io.xml
@@ -0,0 +1,15 @@
+<!--
+	Invalid certificate:
+		tracker.pushshift.io
+-->
+<ruleset name="pushshift.io">
+	<target host="pushshift.io" />
+	<target host="www.pushshift.io" />
+	<target host="api.pushshift.io" />
+		<test url="http://api.pushshift.io/reddit/search/comment?limit=50000" />
+	<target host="elasticsearch.pushshift.io" />
+	<target host="files.pushshift.io" />
+	<target host="search.pushshift.io" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/pushtrumpoffacliffagain.com.xml b/src/chrome/content/rules/pushtrumpoffacliffagain.com.xml
new file mode 100644
index 000000000000..52850139d324
--- /dev/null
+++ b/src/chrome/content/rules/pushtrumpoffacliffagain.com.xml
@@ -0,0 +1,11 @@
+<ruleset name="Push Trump Off A Cliff Again">
+
+	<target host="pushtrumpoffacliffagain.com" />
+	<target host="www.pushtrumpoffacliffagain.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/putlocker.is.xml b/src/chrome/content/rules/putlocker.is.xml
new file mode 100644
index 000000000000..dcbaa98f3581
--- /dev/null
+++ b/src/chrome/content/rules/putlocker.is.xml
@@ -0,0 +1,25 @@
+<!--
+	Mixed content:
+
+		- css from image4.putlocker.is ˢ
+		- Images from image4.putlocker.is ˢ
+		- Bug from sstatic1.histats.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Putlocker.is" platform="mixedcontent">
+
+	<target host="putlocker.is" />
+	<target host="image4.putlocker.is" />
+	<target host="www.putlocker.is" />
+
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/pv-magazine-usa.com.xml b/src/chrome/content/rules/pv-magazine-usa.com.xml
new file mode 100644
index 000000000000..fb6f5fa43f41
--- /dev/null
+++ b/src/chrome/content/rules/pv-magazine-usa.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="pv-magazine-usa.com">
+	<target host="pv-magazine-usa.com" />
+	<target host="www.pv-magazine-usa.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/pwSafe.xml b/src/chrome/content/rules/pwSafe.xml
new file mode 100644
index 000000000000..6926ef10b58c
--- /dev/null
+++ b/src/chrome/content/rules/pwSafe.xml
@@ -0,0 +1,17 @@
+<!--
+
+	Unsupported subdomains:
+
+	- www (cert mismatch)
+
+-->
+<ruleset name="pwSafe">
+
+	<target host="pwsafe.info" />
+
+	<securecookie host="^pwsafe\.info$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/pwntools.com.xml b/src/chrome/content/rules/pwntools.com.xml
new file mode 100644
index 000000000000..fcdf6d491512
--- /dev/null
+++ b/src/chrome/content/rules/pwntools.com.xml
@@ -0,0 +1,13 @@
+<!--
+	Invalid certificate:
+		dc-53f34a447c48.pwntools.com
+-->
+<ruleset name="pwntools.com">
+	<target host="pwntools.com" />
+	<target host="www.pwntools.com" />
+	<target host="binutils.pwntools.com" />
+	<target host="demo.pwntools.com" />
+	<target host="docs.pwntools.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/pyeongchang2018.com.xml b/src/chrome/content/rules/pyeongchang2018.com.xml
new file mode 100644
index 000000000000..036928fc3c13
--- /dev/null
+++ b/src/chrome/content/rules/pyeongchang2018.com.xml
@@ -0,0 +1,23 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://missionrelay.pyeongchang2018.com/ => https://missionrelay.pyeongchang2018.com/: (7, 'Failed to connect to missionrelay.pyeongchang2018.com port 443: Connection refused')
+
+newsletter.pyeongchang2018.com mismatch
+-->
+<ruleset name="pyeongchang2018.com" default_off="failed ruleset test">
+	<target host="pyeongchang2018.com" />
+	<target host="www.pyeongchang2018.com" />
+	<target host="missionrelay.pyeongchang2018.com" />
+	<target host="recruit.pyeongchang2018.com" />
+	<target host="vol.pyeongchang2018.com" />
+	<target host="recruitment.pyeongchang2018.com" />
+	<target host="volunteer.pyeongchang2018.com" />
+	<target host="pyeongchang2018.org" />
+	<target host="www.pyeongchang2018.org" />
+
+	<rule from="^http://(www\.)?pyeongchang2018\.org/"
+		to="https://$1pyeongchang2018.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/pygmyboats.com-falsemixed.xml b/src/chrome/content/rules/pygmyboats.com-falsemixed.xml
new file mode 100644
index 000000000000..95de1897bf08
--- /dev/null
+++ b/src/chrome/content/rules/pygmyboats.com-falsemixed.xml
@@ -0,0 +1,20 @@
+<!--
+	For rules not causing false/broken MCB, see pygmyboats.com.xml.
+
+
+	NB: See https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Pygmy Boats.com (false MCB)" platform="mixedcontent">
+
+	<target host="pygmyboats.com" />
+	<target host="www.pygmyboats.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/pygmyboats.com.xml b/src/chrome/content/rules/pygmyboats.com.xml
new file mode 100644
index 000000000000..e0c3e1bae4c3
--- /dev/null
+++ b/src/chrome/content/rules/pygmyboats.com.xml
@@ -0,0 +1,53 @@
+<!--
+	For rules causing false/broken MCB, see pygmyboats.com.xml.
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- .pygmyboats.com
+		- www.pygmyboats.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css from $self ˢ
+		- Images from $self ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Pygmy Boats.com (partial)">
+
+	<target host="pygmyboats.com" />
+	<target host="www.pygmyboats.com" />
+
+		<!--	Avoid broken MCB:
+						-->
+		<exclusion pattern="^http://(?:www\.)?pygmyboats\.com/blog(?:$|[?/])" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.pygmyboats.com/blog" />
+			<test url="http://www.pygmyboats.com/blog/building-a-coho-hi-kayak-kit-part-3/" />
+			<test url="http://www.pygmyboats.com/blog/category/blog/" />
+			<test url="http://www.pygmyboats.com/blog/category/events/" />
+
+		<!--	Sets cookies without Secure:
+							-->
+		<!--test url="http://www.pygmyboats.com/cgi-sys/cgiwrap/pygmyweb/sc/order.cgi" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.pygmyboats\.com$" name="^ss_cart_\d+$" /-->
+	<!--securecookie host="^www\.pygmyboats\.com$" name="^sbid1?$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/pyra-handheld.com.xml b/src/chrome/content/rules/pyra-handheld.com.xml
new file mode 100644
index 000000000000..7f9197436011
--- /dev/null
+++ b/src/chrome/content/rules/pyra-handheld.com.xml
@@ -0,0 +1,21 @@
+<!--
+	Problematic hosts in *pyra-handheld.com:
+
+		- dev ᵐ
+
+	ᵐ Mismatched
+
+-->
+<ruleset name="Pyra-Handheld.com (partial)">
+
+	<target host="pyra-handheld.com" />
+	<target host="www.pyra-handheld.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/pytamy.pl.xml b/src/chrome/content/rules/pytamy.pl.xml
new file mode 100644
index 000000000000..3d429f3d9436
--- /dev/null
+++ b/src/chrome/content/rules/pytamy.pl.xml
@@ -0,0 +1,34 @@
+<!--
+	Mixed content:
+
+		- Images, on:
+
+			- ^ from i.wp.pl ˢ
+			- ^ from a.wpimg.pl ˢ
+
+		- Bugs, on:
+
+			- ^ from trzyszopy.pl ʰ
+			- ^ from ticket.www.wp.pl ˢ
+
+	ʰ Unsecurable <= redirects to http
+	ˢ Secured by us
+
+-->
+<ruleset name="pytamy.pl" platform="mixedcontent">
+
+	<target host="pytamy.pl" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^pytamy\.pl$" name="^statid$" /-->
+	<!--securecookie host="^\.pytamy\.pl$" name="^(?:reksticket|sm\w+ticket)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/pythian.com.xml b/src/chrome/content/rules/pythian.com.xml
new file mode 100644
index 000000000000..9569d0cb0465
--- /dev/null
+++ b/src/chrome/content/rules/pythian.com.xml
@@ -0,0 +1,27 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- secure.pythian.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Pythian.com">
+
+	<target host="pythian.com" />
+	<target host="secure.pythian.com" />
+	<target host="www.pythian.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^secure\.pythian\.com$" name="^_STD_$" /-->
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/q4os.org.xml b/src/chrome/content/rules/q4os.org.xml
new file mode 100644
index 000000000000..13644ca7219f
--- /dev/null
+++ b/src/chrome/content/rules/q4os.org.xml
@@ -0,0 +1,5 @@
+<ruleset name="q4os.org">
+	<target host="q4os.org" />
+	<target host="www.q4os.org" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/qacafe.com.xml b/src/chrome/content/rules/qacafe.com.xml
new file mode 100644
index 000000000000..613571c5163b
--- /dev/null
+++ b/src/chrome/content/rules/qacafe.com.xml
@@ -0,0 +1,26 @@
+<!--
+	(www.)?qacafe.com: Redirects to http
+
+
+	Insecure cookies are set for these hosts:
+
+		- lounge.qacafe.com
+
+-->
+<ruleset name="QA Cafe.com (partial)">
+
+	<target host="lounge.qacafe.com" />
+	<target host="support.qacafe.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^lounge\.qacafe\.com$" name="^_qacafe_session$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/qdaily.com.xml b/src/chrome/content/rules/qdaily.com.xml
new file mode 100644
index 000000000000..53cd1fd31f6d
--- /dev/null
+++ b/src/chrome/content/rules/qdaily.com.xml
@@ -0,0 +1,28 @@
+<!--
+	Mismatch:
+		^	( equal to www.qdaily.com )
+		img.qdaily.com
+		mail.qdaily.com
+		pad.qdaily.com
+		test.pad.qdaily.com
+		test.qdaily.com
+
+	Refused:
+		app.qdaily.com
+-->
+<ruleset name="qdaily.com">
+	<target host="qdaily.com" />
+	<target host="www.qdaily.com" />
+	<target host="admin.qdaily.com" />
+	<target host="test.app.qdaily.com" />
+	<target host="app3.qdaily.com" />
+	<target host="m.qdaily.com" />
+	<target host="test.m.qdaily.com" />
+	<target host="marketing.qdaily.com" />
+	<target host="ms.qdaily.com" />
+	<target host="pad3.qdaily.com" />
+
+	<rule from="^http://qdaily\.com/" to="https://www.qdaily.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/qdcdn.com.xml b/src/chrome/content/rules/qdcdn.com.xml
new file mode 100644
index 000000000000..7cffcde8f14a
--- /dev/null
+++ b/src/chrome/content/rules/qdcdn.com.xml
@@ -0,0 +1,17 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ssl.qdcdn.com/ => https://ssl.qdcdn.com/: (7, 'Failed to connect to ssl.qdcdn.com port 443: Connection timed out')
+
+	Mismatch:
+		- www.qdcdn.com
+		- s.qdcdn.com
+
+	Timeout:
+		- 2fs.qdcdn.com
+-->
+<ruleset name="qdcdn.com" default_off="failed ruleset test">
+	<target host="ssl.qdcdn.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/qf.org.qa.xml b/src/chrome/content/rules/qf.org.qa.xml
new file mode 100644
index 000000000000..ed43e88a041e
--- /dev/null
+++ b/src/chrome/content/rules/qf.org.qa.xml
@@ -0,0 +1,63 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://qf.org.qa/ => https://qf.org.qa/: (7, 'Failed to connect to qf.org.qa port 443: Connection refused')
+Fetch error: http://ecity.qf.org.qa/ => https://ecity.qf.org.qa/: (60, 'SSL certificate problem: certificate has expired')
+
+Certificate mismatch:
+	bcm.qf.org.qa
+	www.ecity.qf.org.qa
+	events.qf.org.qa
+
+Refused:
+	access.qf.org.qa
+	eservices.qf.org.qa
+	jobs.qf.org.qa
+	vpn.qf.org.qa
+	qfservices.qf.org.qa
+
+Timeout:
+	av.qf.org.qa
+	ca.qf.org.qa
+	dd-staging.qf.org.qa
+	ftp.qf.org.qa
+	hbku-sc.qf.org.qa
+	hh-staging.qf.org.qa
+	http.qf.org.qa
+	library.qf.org.qa
+	ns1.qf.org.qa
+	ns2.qf.org.qa
+	ns3.qf.org.qa
+	qfa00103.qf.org.qa
+ 	qfa00104.qf.org.qa
+	qfa10013.qf.org.qa
+	qfm00010.qf.org.qa
+	qfm00011.qf.org.qa
+	qfm10005.qf.org.qa
+	qfvideo.qf.org.qa
+	teservices.qf.org.qa
+	test-school.qf.org.qa
+	tii.qf.org.qa
+	video.qf.org.qa
+	webcon.qf.org.qa
+
+Other:
+	fas.qf.org.qa
+-->
+<ruleset name="Qatar Foundation" default_off="failed ruleset test">
+	<target host="qf.org.qa" />
+	<target host="www.qf.org.qa" />
+	<target host="autodiscover.qf.org.qa" />
+	<target host="ecity.qf.org.qa" />
+	<target host="mail.qf.org.qa" />
+	<target host="myaccount.qf.org.qa" />
+	<target host="portal.qf.org.qa" />
+	<target host="qf-cafm.qf.org.qa" />
+	<target host="qf-cafmpreprod.qf.org.qa" />
+	<target host="qfphcc.qf.org.qa" />
+	<target host="register.qf.org.qa" />
+	<target host="reset.qf.org.qa" />
+	<target host="school.qf.org.qa" />
+
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/qfcdn.com.xml b/src/chrome/content/rules/qfcdn.com.xml
new file mode 100644
index 000000000000..af2a643f9cf1
--- /dev/null
+++ b/src/chrome/content/rules/qfcdn.com.xml
@@ -0,0 +1,14 @@
+<ruleset name="qfcdn.com">
+
+	<target host="qfcdn.com" />
+
+		<test url="http://qfcdn.com/templates/pizzaportal.pl/images/google_plus_ico.png" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/qira.me.xml b/src/chrome/content/rules/qira.me.xml
new file mode 100644
index 000000000000..ab00298ccfa8
--- /dev/null
+++ b/src/chrome/content/rules/qira.me.xml
@@ -0,0 +1,7 @@
+<ruleset name="qira.me">
+  <target host="qira.me" />
+  <target host="www.qira.me" />
+  <target host="mail.qira.me" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/qiwi.me.xml b/src/chrome/content/rules/qiwi.me.xml
new file mode 100644
index 000000000000..827c2101b7f6
--- /dev/null
+++ b/src/chrome/content/rules/qiwi.me.xml
@@ -0,0 +1,12 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.qiwi.me/ => https://www.qiwi.me/: (51, "SSL: no alternative certificate subject name matches target host name 'www.qiwi.me'")
+
+-->
+<ruleset name="qiwi.me" default_off="failed ruleset test">
+	<target host="qiwi.me" />
+	<target host="www.qiwi.me" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/qiyukf.com.xml b/src/chrome/content/rules/qiyukf.com.xml
new file mode 100644
index 000000000000..25d03d1aa670
--- /dev/null
+++ b/src/chrome/content/rules/qiyukf.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="QiYuKeFu">
+	<target host="qiyukf.com" />
+	<target host="gxxx.qiyukf.com" />
+	<target host="www.qiyukf.com" />
+	<target host="xxxx.qiyukf.com" />
+	<target host="zikao.qiyukf.com" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/qntm.org.xml b/src/chrome/content/rules/qntm.org.xml
new file mode 100644
index 000000000000..29066254a8ae
--- /dev/null
+++ b/src/chrome/content/rules/qntm.org.xml
@@ -0,0 +1,13 @@
+<ruleset name="qntm.org">
+
+	<target host="qntm.org" />
+	<target host="www.qntm.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/qrator.net.xml b/src/chrome/content/rules/qrator.net.xml
new file mode 100644
index 000000000000..67c2d621a48a
--- /dev/null
+++ b/src/chrome/content/rules/qrator.net.xml
@@ -0,0 +1,29 @@
+<!--
+alpha.qrator.net ³
+bravo.qrator.net ³
+charlie.qrator.net ³
+delta.qrator.net ³
+mx2.qrator.net ³
+ns1.qrator.net ³
+ns2.qrator.net ³
+static.qrator.net ³
+mail.qrator.net different content
+mx.qrator.net different content
+
+
+³ timed out
+-->
+<ruleset name="qrator.net">
+	<target host="qrator.net" />
+	<target host="www.qrator.net" />
+	<target host="a.qrator.net" />
+	<target host="api.qrator.net" />
+	<target host="client.qrator.net" />
+	<target host="review.int.qrator.net" />
+	<target host="load.qrator.net" />
+	<target host="radar.qrator.net" />
+	<target host="client.stage.qrator.net" />
+	<target host="2016.zeronights.qrator.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/quackwatch.org.xml b/src/chrome/content/rules/quackwatch.org.xml
new file mode 100644
index 000000000000..9a702096d037
--- /dev/null
+++ b/src/chrome/content/rules/quackwatch.org.xml
@@ -0,0 +1,9 @@
+<ruleset name="quackwatch.org">
+	<target host="quackwatch.org" />
+	<target host="www.quackwatch.org" />
+	<target host="lists.quackwatch.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/quakelive.com.xml b/src/chrome/content/rules/quakelive.com.xml
new file mode 100644
index 000000000000..08b504c0720d
--- /dev/null
+++ b/src/chrome/content/rules/quakelive.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="quakelive.com">
+	<target host="quakelive.com" />
+	<target host="www.quakelive.com" />
+	<target host="secure.quakelive.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/quartztelecom.ru.xml b/src/chrome/content/rules/quartztelecom.ru.xml
new file mode 100644
index 000000000000..02b65b135547
--- /dev/null
+++ b/src/chrome/content/rules/quartztelecom.ru.xml
@@ -0,0 +1,17 @@
+<!--
+quartztelecom.ru ²
+www.quartztelecom.ru ²
+fire.quartztelecom.ru ²
+ott.quartztelecom.ru ²
+video.quartztelecom.ru ²
+video2.quartztelecom.ru ²
+
+
+² refused
+-->
+<ruleset name="quartztelecom.ru (partial)">
+	<target host="lk.quartztelecom.ru" />
+	<target host="mail.quartztelecom.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/quay.io.xml b/src/chrome/content/rules/quay.io.xml
new file mode 100644
index 000000000000..7234c283b589
--- /dev/null
+++ b/src/chrome/content/rules/quay.io.xml
@@ -0,0 +1,25 @@
+<!--
+Similar ruleset: CoreOS.com.xml
+
+logs.quay.io ³
+status.quay.io ¹
+
+
+¹ mismatch
+³ timed out
+-->
+<ruleset name="quay.io">
+	<target host="quay.io" />
+	<target host="www.quay.io" />
+	<target host="blog.quay.io" />
+	<target host="builder-dashboard.quay.io" />
+	<target host="builder-grafana.quay.io" />
+	<target host="builder-prom.quay.io" />
+	<target host="builder-tc.quay.io" />
+	<target host="concourse.quay.io" />
+	<target host="docs.quay.io" />
+	<target host="pma.quay.io" />
+	<target host="staging.quay.io" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/quebecsolidaire.net.xml b/src/chrome/content/rules/quebecsolidaire.net.xml
new file mode 100644
index 000000000000..02dbe5aaa20b
--- /dev/null
+++ b/src/chrome/content/rules/quebecsolidaire.net.xml
@@ -0,0 +1,56 @@
+<!--
+	Nonfunctional hosts in *quebecsolidaire.net:
+
+		- (www.)? ʳ
+		- api-wp ʳ
+		- coeur ᵃ
+		- don ʳ
+		- dons ʳ
+		- pourquoi ᵃ
+		- profil ᵃ
+
+	ᵃ Shows another domain
+	ʳ Refused
+
+
+	Problematic hosts in *quebecsolidaire.net:
+
+		- agir ᵐ
+		- api-membres ᶜ
+		- avecmatete ᵐ
+		- congres ᶜ
+		- ssl ᶜ
+
+	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
+	ᵐ Herokuapp / mismatched
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- adhesion.quebecsolidaire.net
+		- congres.quebecsolidaire.net
+		- ssl.quebecsolidaire.net
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Quebec solidaire.net (partial)">
+
+	<target host="adhesion.quebecsolidaire.net" />
+	<!--target host="api-membres.quebecsolidaire.net" /-->
+	<!--target host="congres.quebecsolidaire.net" /-->
+	<!--target host="ssl.quebecsolidaire.net" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^adhesion\.quebecsolidaire\.net$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^(?:congres|ssl)\.quebecsolidaire\.net$" name="^AlternC_Panel$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/quickline.xml b/src/chrome/content/rules/quickline.xml
new file mode 100644
index 000000000000..62295c33392e
--- /dev/null
+++ b/src/chrome/content/rules/quickline.xml
@@ -0,0 +1,33 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://webmail.quickline.ch/ => https://webmail.quickline.ch/: (51, "SSL: no alternative certificate subject name matches target host name 'webmail.quickline.ch'")
+
+	Problematic domains:
+		- treuebonus.quickline.ch
+		- buchsi.quickline.ch
+		- partnershop.quickline.com
+		- speed.quickline.com
+		- ndt.quickline.com
+		- speedtest.quickline.com
+-->
+<ruleset name="Quickline" default_off="failed ruleset test">
+	<target host="quickline.com"/>
+	<target host="www.quickline.com"/>
+	<target host="cloud.quickline.com"/>
+	<target host="my.quickline.com"/>
+	<target host="newsletter.quickline.com"/>
+	<target host="qmc.quickline.com"/>
+	<target host="services.quickline.com"/>
+	<target host="tvguide.quickline.com"/>
+	<target host="webmail.quickline.com"/>
+	<target host="quickline.ch"/>
+	<target host="www.quickline.ch"/>
+	<target host="qlgroup.quickline.ch"/>
+	<target host="business.quickline.ch"/>
+	<target host="partner.quickline.ch"/>
+	<target host="webmail.quickline.ch"/>
+
+	<rule from="^http:"
+		to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/quidsi.com.xml b/src/chrome/content/rules/quidsi.com.xml
new file mode 100644
index 000000000000..212b237c7c35
--- /dev/null
+++ b/src/chrome/content/rules/quidsi.com.xml
@@ -0,0 +1,46 @@
+<!--
+	For other Amazon coverage, see Amazon.xml.
+
+
+	Insecure cookies are set for these domains: ᶜ
+
+		- .quidsi.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- www from ecx.images-amazon.com ˢ
+			- www from g-ec2.images-amazon.com
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Quidsi.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.quidsi.com" />
+
+	<!--	Complications:
+				-->
+	<target host="quidsi.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.quidsi\.com$" name="^(?:session-id|session-id-time|ubid-main)?$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://quidsi\.com/"
+		to="https://www.quidsi.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/quran-online.ru.xml b/src/chrome/content/rules/quran-online.ru.xml
new file mode 100644
index 000000000000..e895bee2e181
--- /dev/null
+++ b/src/chrome/content/rules/quran-online.ru.xml
@@ -0,0 +1,9 @@
+<ruleset name="quran-online.ru">
+
+        <target host="quran-online.ru" />
+        <target host="www.quran-online.ru" />
+
+        <rule from="^http:"
+                to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/qwebirc.org.xml b/src/chrome/content/rules/qwebirc.org.xml
new file mode 100644
index 000000000000..e0be0298aad7
--- /dev/null
+++ b/src/chrome/content/rules/qwebirc.org.xml
@@ -0,0 +1,7 @@
+<ruleset name="qwebirc.org">
+	<target host="qwebirc.org" />
+	<target host="www.qwebirc.org" />
+	<target host="hg.qwebirc.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/r46.ru.xml b/src/chrome/content/rules/r46.ru.xml
new file mode 100644
index 000000000000..e7cba5ecec74
--- /dev/null
+++ b/src/chrome/content/rules/r46.ru.xml
@@ -0,0 +1,17 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://kabinet.r46.ru/ => https://kabinet.r46.ru/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+r46.ru mismatch
+www.r46.ru mismatch
+forum.r46.ru mismatch
+games.r46.ru timed out
+kabinet-old.r46.ru mismatch
+webmail.r46.ru mismatch
+-->
+<ruleset name="r46.ru (partial)" default_off="failed ruleset test">
+	<target host="kabinet.r46.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/radeon.ru.xml b/src/chrome/content/rules/radeon.ru.xml
new file mode 100644
index 000000000000..de51cb263a49
--- /dev/null
+++ b/src/chrome/content/rules/radeon.ru.xml
@@ -0,0 +1,13 @@
+<!--
+	Invalid certificate:
+		files.radeon.ru
+		release.radeon.ru
+		www.release.radeon.ru
+-->
+<ruleset name="radeon.ru">
+	<target host="radeon.ru" />
+	<target host="www.radeon.ru" />
+	<target host="forum.radeon.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/radio-browser.info.xml b/src/chrome/content/rules/radio-browser.info.xml
new file mode 100644
index 000000000000..17c987b4e26c
--- /dev/null
+++ b/src/chrome/content/rules/radio-browser.info.xml
@@ -0,0 +1,10 @@
+<ruleset name="radio-browser.info">
+	<target host="radio-browser.info" />
+	<target host="www.radio-browser.info" />
+	<target host="api.radio-browser.info" />
+	<target host="de1.api.radio-browser.info" />
+	<target host="nl1.api.radio-browser.info" />
+
+	<rule from="^http://radio-browser\.info/" to="https://www.radio-browser.info/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/radiocane.info.xml b/src/chrome/content/rules/radiocane.info.xml
new file mode 100644
index 000000000000..ff39d3a36eeb
--- /dev/null
+++ b/src/chrome/content/rules/radiocane.info.xml
@@ -0,0 +1,31 @@
+<!--
+	Mixed content:
+
+		- css, on:
+
+			- www from fonts.googleapis.com ˢ
+			- www from $self ˢ
+
+		- Images, on:
+
+			- www from ^radiocane.info ˢ
+			- www from $self ˢ
+
+		- Bug on www from stats.autistici.org
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Radiocane.info" platform="mixedcontent">
+
+	<target host="radiocane.info" />
+	<target host="www.radiocane.info" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/radiokniga.com.xml b/src/chrome/content/rules/radiokniga.com.xml
new file mode 100644
index 000000000000..9bf5c7fed773
--- /dev/null
+++ b/src/chrome/content/rules/radiokniga.com.xml
@@ -0,0 +1,20 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://radiokniga.com/ => https://radiokniga.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.radiokniga.com/ => https://www.radiokniga.com/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="Radio Kniga.com" default_off="failed ruleset test">
+
+	<target host="radiokniga.com" />
+	<target host="www.radiokniga.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/radiokot.ru.xml b/src/chrome/content/rules/radiokot.ru.xml
new file mode 100644
index 000000000000..cc0304c3f9f6
--- /dev/null
+++ b/src/chrome/content/rules/radiokot.ru.xml
@@ -0,0 +1,22 @@
+<!--
+img.radiokot.ru ⁴
+www.img.radiokot.ru ⁴
+www.kozlov.radiokot.ru ⁴
+labaz.radiokot.ru ⁴
+m.radiokot.ru ⁴
+www.m.radiokot.ru ⁴
+pda.radiokot.ru ⁴
+www.pda.radiokot.ru ⁴
+sunduk.radiokot.ru ⁴
+www.sunduk.radiokot.ru ⁴
+test.radiokot.ru ⁴
+
+
+⁴ self signed
+-->
+<ruleset name="radiokot.ru">
+	<target host="radiokot.ru" />
+	<target host="www.radiokot.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/radiotochka.kz.xml b/src/chrome/content/rules/radiotochka.kz.xml
new file mode 100644
index 000000000000..3a10a7cc62a7
--- /dev/null
+++ b/src/chrome/content/rules/radiotochka.kz.xml
@@ -0,0 +1,7 @@
+<!-- app. mismatch
+media. mismatch -->
+<ruleset name="radiotochka.kz">
+	<target host="radiotochka.kz" />
+	<target host="www.radiotochka.kz" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/raglan23.co.nz.xml b/src/chrome/content/rules/raglan23.co.nz.xml
new file mode 100644
index 000000000000..5e762cf06a25
--- /dev/null
+++ b/src/chrome/content/rules/raglan23.co.nz.xml
@@ -0,0 +1,30 @@
+<!--
+	Mixed content:
+
+		- css from d1ycn9118ccflb.cloudfront.net ˢ
+
+		- Images, from:
+
+			- d1ycn9118ccflb.cloudfront.net ˢ
+			- $self ˢ
+			- \d+.media.tumblr.com ˢ
+
+		- Ad/bug from affiliates.straytravel.com ᵖ
+
+	ᵖ Unsecurable <= plaintext reply
+	ˢ Secured by us
+
+-->
+<ruleset name="Raglan 23.co.nz" platform="mixedcontent">
+
+	<target host="raglan23.co.nz" />
+	<target host="www.raglan23.co.nz" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/raildar.co.uk.xml b/src/chrome/content/rules/raildar.co.uk.xml
new file mode 100644
index 000000000000..5096d3562e7c
--- /dev/null
+++ b/src/chrome/content/rules/raildar.co.uk.xml
@@ -0,0 +1,10 @@
+<ruleset name="Raildar.co.uk">
+
+	<target host="raildar.co.uk" />
+	<target host="www.raildar.co.uk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/railyatri.in.xml b/src/chrome/content/rules/railyatri.in.xml
new file mode 100644
index 000000000000..0a4c5adde7f3
--- /dev/null
+++ b/src/chrome/content/rules/railyatri.in.xml
@@ -0,0 +1,48 @@
+<!--
+	Content mismatch:
+		refunds.railyatri.in
+
+	Invalid certificate:
+		events.railyatri.in
+
+	Not found:
+		www.api.railyatri.in
+		blogs.railyatri.in
+		origin-events.railyatri.in
+		ryapi.railyatri.in
+		stage.railyatri.in
+
+	Refused:
+		adminwisdom.railyatri.in
+		blog.railyatri.in
+		lnk.railyatri.in
+		m.railyatri.in
+		mobile.railyatri.in
+
+	Timeout:
+		images.railyatri.in
+		new.railyatri.in
+		newsletter.railyatri.in
+		origin-www.railyatri.in
+		railwisdom.railyatri.in
+		services.railyatri.in
+		www2.railyatri.in
+-->
+<ruleset name="RailYatri.in">
+
+	<target host="railyatri.in" />
+	<target host="www.railyatri.in" />
+	<target host="agents-stage.railyatri.in" />
+	<target host="api.railyatri.in" />
+	<target host="origin-search.railyatri.in" />
+	<target host="pnr.railyatri.in" />
+	<target host="pnrhtml.railyatri.in" />
+	<target host="railradar.railyatri.in" />
+	<target host="search.railyatri.in" />
+	<target host="test.railyatri.in" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/rainews.it.xml b/src/chrome/content/rules/rainews.it.xml
new file mode 100644
index 000000000000..aa79fd317949
--- /dev/null
+++ b/src/chrome/content/rules/rainews.it.xml
@@ -0,0 +1,58 @@
+<!--
+	Problematic subdomains:
+		rainews.it (certificate mismatch)
+
+	Invalid certificate:
+		blog.rainews.it
+		ascoltatoredilettante.blog.rainews.it
+		beautytribune.blog.rainews.it
+		cinaduepuntozero.blog.rainews.it
+		confini.blog.rainews.it
+		dallarete.blog.rainews.it
+		dailyplanet.blog.rainews.it
+		dentrolamusica.blog.rainews.it
+		dialogo.blog.rainews.it
+		diariodaebola.blog.rainews.it
+		domenica24lintervista.blog.rainews.it
+		consumi.blog.rainews.it
+		coniltempochecorre.blog.rainews.it
+		economia.blog.rainews.it
+		fattichiari.blog.rainews.it
+		fermoimmagine.blog.rainews.it
+		futuro24.blog.rainews.it
+		greenwords.blog.rainews.it
+		guerrainsiriadiariodiplomatico.blog.rainews.it
+		ilgrandegioco.blog.rainews.it
+		iltransatlantico.blog.rainews.it
+		ippocrate.blog.rainews.it
+		kurdistan.blog.rainews.it
+		labor.blog.rainews.it
+		labussola.blog.rainews.it
+		lanotapolitica.blog.rainews.it	
+		lasublimeportagirevole.blog.rainews.it
+		letteredadavos.blog.rainews.it
+		leuropeoerrante.blog.rainews.it
+		ludotech.blog.rainews.it
+		pilloledimercalli.blog.rainews.it
+		poesia.blog.rainews.it
+		punctum.blog.rainews.it
+		rainewsochi.blog.rainews.it
+		rivegauche.blog.rainews.it
+		rush.blog.rainews.it
+		sabato24.blog.rainews.it
+		storiastorie.blog.rainews.it
+		studio24.blog.rainews.it
+		televisionary.blog.rainews.it
+		thalassa.blog.rainews.it
+		viadellaconciliazione.blog.rainews.it
+		files24.rainews.it
+		www.files24.rainews.it
+		ls.rainews.it
+-->
+<ruleset name="rainews.it">
+	<target host="rainews.it" />
+	<target host="www.rainews.it" />
+
+	<rule from="^http://rainews\.it/" to="https://www.rainews.it/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/rainierarms.com.xml b/src/chrome/content/rules/rainierarms.com.xml
new file mode 100644
index 000000000000..f944e476877f
--- /dev/null
+++ b/src/chrome/content/rules/rainierarms.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these domains: ᶜ
+
+		- .www.rainierarms.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Rainier Arms.com">
+
+	<target host="rainierarms.com" />
+	<target host="www.rainierarms.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.www\.rainierarms\.com$" name="^frontend$" /-->
+
+	<securecookie host="^\.www\." name=".+" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/rakuten-static.com.xml b/src/chrome/content/rules/rakuten-static.com.xml
new file mode 100644
index 000000000000..dd3d92c2764d
--- /dev/null
+++ b/src/chrome/content/rules/rakuten-static.com.xml
@@ -0,0 +1,31 @@
+<!--
+
+	For other Rakuten coverage, see Rakuten.co.jp.xml.
+
+	Problematic subdomains:
+
+		- intl	(invalid cert; mismatch)
+
+-->
+<ruleset name="rakuten-static.com (partial)">
+
+	<target host="a.ichiba.jp.rakuten-static.com" />
+	<target host="b.ichiba.jp.rakuten-static.com" />
+	<target host="c.ichiba.jp.rakuten-static.com" />
+	<target host="image.card.jp.rakuten-static.com" />
+	<target host="jp.rakuten-static.com" />
+	<target host="plaza.jp.rakuten-static.com" />
+	<target host="static.card.jp.rakuten-static.com" />
+
+	<test url="http://a.ichiba.jp.rakuten-static.com/com/rat/racare.rakuten.co.jp/s_customTracking.js" />
+	<test url="http://b.ichiba.jp.rakuten-static.com/com/bookmark/js/shopbookmark-3.1.4.min.js" />
+	<test url="http://c.ichiba.jp.rakuten-static.com/com/img/rms/storefront/pc/page/smart/spinner_loading.gif" />
+	<test url="http://image.card.jp.rakuten-static.com/r-enavi/WebImages/enavi/pay/revolving/arrow_a.gif" />
+	<test url="http://jp.rakuten-static.com/1/js/grp/ftr/jsonp/footer_prm_list.jsonp" />
+	<test url="http://plaza.jp.rakuten-static.com/img/common/now_printing.gif" />
+	<test url="http://static.card.jp.rakuten-static.com/corp/pc/js/contents/top.js" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/randombit.net.xml b/src/chrome/content/rules/randombit.net.xml
new file mode 100644
index 000000000000..235f23f31e83
--- /dev/null
+++ b/src/chrome/content/rules/randombit.net.xml
@@ -0,0 +1,20 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+			 - bugs.randombit.net
+			 - mail.randombit.net
+			 - maple.randombit.net
+
+		Peer certificate cannot be authenticated with given CA certificates:
+			 - files.randombit.net
+-->
+<ruleset name="randombit.net">
+	<target host="randombit.net" />
+	<target host="www.randombit.net" />
+	<target host="botan.randombit.net" />
+	<target host="lists.randombit.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/randywestergren.com.xml b/src/chrome/content/rules/randywestergren.com.xml
new file mode 100644
index 000000000000..48253b3fc88e
--- /dev/null
+++ b/src/chrome/content/rules/randywestergren.com.xml
@@ -0,0 +1,14 @@
+<ruleset name="Randy Westergren.com">
+
+	<target host="randywestergren.com" />
+	<target host="www.randywestergren.com" />
+
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/rankingdigitalrights.org.xml b/src/chrome/content/rules/rankingdigitalrights.org.xml
new file mode 100644
index 000000000000..d8dffb3e4fb7
--- /dev/null
+++ b/src/chrome/content/rules/rankingdigitalrights.org.xml
@@ -0,0 +1,13 @@
+<ruleset name="Ranking Digital Rights.org">
+
+	<target host="rankingdigitalrights.org" />
+	<target host="www.rankingdigitalrights.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/rapidmoviez.eu.xml b/src/chrome/content/rules/rapidmoviez.eu.xml
new file mode 100644
index 000000000000..433b21954ae2
--- /dev/null
+++ b/src/chrome/content/rules/rapidmoviez.eu.xml
@@ -0,0 +1,37 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- rapidmoviez.eu
+		- www.rapidmoviez.eu
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Ads / bugs, from:
+
+			- sstatic1.histats.com ˢ
+			- creative.wwwpromoter.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="RapidMoviez.eu">
+
+	<target host="rapidmoviez.eu" />
+	<target host="www.rapidmoviez.eu" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?rapidmoviez\.eu$" name="^rms3$" /-->
+
+	<securecookie host="^\." name="^(?:__cfduid$|_gat?$|_gat_|cf_clearance$)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/rapidrar.com.xml b/src/chrome/content/rules/rapidrar.com.xml
new file mode 100644
index 000000000000..d59abfe87d6e
--- /dev/null
+++ b/src/chrome/content/rules/rapidrar.com.xml
@@ -0,0 +1,39 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://rapidrar.com/ => https://rapidrar.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.rapidrar.com/ => https://www.rapidrar.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	Insecure cookies are set for these domains: ᶜ
+
+		- .rapidrar.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css from $self ˢ
+		- Images from $self ˢ
+		- Bug from sstatic1.histats.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="RapidRAR.com" platform="mixedcontent" default_off="failed ruleset test">
+
+	<target host="rapidrar.com" />
+	<target host="www.rapidrar.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.rapidrar\.com$" name="^lang$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/rarbg.xml b/src/chrome/content/rules/rarbg.xml
new file mode 100644
index 000000000000..5454ec4acfcd
--- /dev/null
+++ b/src/chrome/content/rules/rarbg.xml
@@ -0,0 +1,33 @@
+<!--
+	STS header includes includeSubdomains.
+
+-->
+<ruleset name="Rarbg">
+
+	<target host="rarbg.com" />
+	<target host="*.rarbg.com" />
+	<target host="rarbg.to" />
+	<target host="*.rarbg.to" />
+
+		<!--	includeSubdomains applies to one level only, so:
+									-->
+		<exclusion pattern="^http://(?:[^./]+\.){2,}rarbg\.(?:com|to)/" />
+
+			<!--	+ve:
+					-->
+			<test url="http://this.host.rarbg.com/" />
+			<test url="http://exists.not.rarbg.com/" />
+			<test url="http://this.host.rarbg.to/" />
+			<test url="http://exists.not.rarbg.to/" />
+
+		<test url="http://www.rarbg.com/" />
+		<test url="http://www.rarbg.to/" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/rarus.ru.xml b/src/chrome/content/rules/rarus.ru.xml
new file mode 100644
index 000000000000..fc30d7fe4174
--- /dev/null
+++ b/src/chrome/content/rules/rarus.ru.xml
@@ -0,0 +1,27 @@
+<!--
+rarus.ru ⁶
+www.rarus.ru ⁶
+partners.rarus.ru ¹
+kiev.rarus.ru ⁶
+sevastopol.rarus.ru ²
+techlab.rarus.ru ⁴
+books.rarus.ru ⁶
+distrib.rarus.ru ¹
+dgs.rarus.ru ⁴
+update.rarus.ru ³
+www.sevastopol.rarus.ru ²
+www.dgs.rarus.ru ⁴
+
+
+¹ mismatch
+² refused
+³ timed out
+⁴ self signed
+⁶ redirect
+-->
+<ruleset name="rarus.ru (partial)">
+	<target host="my.rarus.ru" />
+	<target host="job.rarus.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/rascal999.co.uk.xml b/src/chrome/content/rules/rascal999.co.uk.xml
new file mode 100644
index 000000000000..85079588e375
--- /dev/null
+++ b/src/chrome/content/rules/rascal999.co.uk.xml
@@ -0,0 +1,24 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.rascal999.co.uk/ => https://www.rascal999.co.uk/: (35, 'Unknown SSL protocol error in connection to www.rascal999.co.uk:443 ')
+Fetch error: http://rascal999.co.uk/ => https://rascal999.co.uk/: (6, 'Could not resolve host: rascal999.co.uk')
+
+	STS header includes includeSubdomains
+
+-->
+<ruleset name="rascal999.co.uk" default_off="failed ruleset test">
+
+	<target host="rascal999.co.uk" />
+	<target host="*.rascal999.co.uk" />
+
+		<test url="http://www.rascal999.co.uk/" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/rateyourlocalservice.co.uk.xml b/src/chrome/content/rules/rateyourlocalservice.co.uk.xml
new file mode 100644
index 000000000000..86c03d0cfa0c
--- /dev/null
+++ b/src/chrome/content/rules/rateyourlocalservice.co.uk.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.rateyourlocalservice.co.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Rate Your Locale Service.co.uk">
+
+	<target host="rateyourlocalservice.co.uk" />
+	<target host="www.rateyourlocalservice.co.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.rateyourlocalservice\.co\.uk$" name="^sessionid" /-->
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/rationalcdn.com.xml b/src/chrome/content/rules/rationalcdn.com.xml
new file mode 100644
index 000000000000..aaa85fe39fc5
--- /dev/null
+++ b/src/chrome/content/rules/rationalcdn.com.xml
@@ -0,0 +1,17 @@
+<ruleset name="rational CDN.com">
+
+	<target host="s1.rationalcdn.com" />
+	<target host="s2.rationalcdn.com" />
+	<target host="s3.rationalcdn.com" />
+	<target host="s4.rationalcdn.com" />
+
+		<test url="http://s1.rationalcdn.com/vendors/cms/assets/common/images/layout/vertical-navigation/ball-grey.png" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/raxcdn.com.xml b/src/chrome/content/rules/raxcdn.com.xml
new file mode 100644
index 000000000000..d0a47c08fe2d
--- /dev/null
+++ b/src/chrome/content/rules/raxcdn.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- tx-assets.scdn5.secure.raxcdn.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="raxcdn.com">
+
+	<target host="tx-assets.scdn5.secure.raxcdn.com" />
+
+		<test url="http://tx-assets.scdn5.secure.raxcdn.com/static/images/signup-logos.3ecadbc59c8c.png" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^tx-assets\.scdn5\.secure\.raxcdn\.com$" name="^X-Mapping-" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/rb-hk.de.xml b/src/chrome/content/rules/rb-hk.de.xml
new file mode 100644
index 000000000000..66de65a1bf4b
--- /dev/null
+++ b/src/chrome/content/rules/rb-hk.de.xml
@@ -0,0 +1,6 @@
+<ruleset name="rb-hk.de">
+	<target host="rb-hk.de" />
+	<target host="www.rb-hk.de" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/rbc.ua.xml b/src/chrome/content/rules/rbc.ua.xml
new file mode 100644
index 000000000000..d4a3fc430ac4
--- /dev/null
+++ b/src/chrome/content/rules/rbc.ua.xml
@@ -0,0 +1,16 @@
+<!--
+marketing.rbc.ua timed out
+sales.rbc.ua timed out
+www.marketing.rbc.ua timed out
+market.autonews.rbc.ua mismatch
+-->
+<ruleset name="rbc.ua">
+	<target host="rbc.ua" />
+	<target host="www.rbc.ua" />
+	<target host="company.rbc.ua" />
+	<target host="elections.rbc.ua" />
+	<target host="realt.rbc.ua" />
+	<target host="styler.rbc.ua" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/rbdigital.com.xml b/src/chrome/content/rules/rbdigital.com.xml
new file mode 100644
index 000000000000..a6c142f06fb5
--- /dev/null
+++ b/src/chrome/content/rules/rbdigital.com.xml
@@ -0,0 +1,14 @@
+<ruleset name="RB Digital.com">
+
+	<target host="rbdigital.com" />
+	<target host="www.rbdigital.com" />
+
+
+	<securecookie host="^\." name="^_gat?$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/rbkc.gov.uk.xml b/src/chrome/content/rules/rbkc.gov.uk.xml
new file mode 100644
index 000000000000..b27a937db8ec
--- /dev/null
+++ b/src/chrome/content/rules/rbkc.gov.uk.xml
@@ -0,0 +1,64 @@
+<!--
+	The Royal Borough of Kensington and Chelsea Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *rbkc.gov.uk:
+
+		- (www.)?lms ³
+
+	³ 403
+
+
+	Problematic hosts in *rbkc.gov.uk:
+
+		- ^ ᵐ
+		- consultation ᵐ
+		- eforms ᵐ
+		- (www.)?filmapp ᵛ
+		- www.planningconsult
+
+	ᵐ Mismatched
+	ᵛ Revoked
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.eforms.rbkc.gov.uk
+
+-->
+<ruleset name="RBKC.gov.uk (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.consultation.rbkc.gov.uk" />
+	<target host="www.eforms.rbkc.gov.uk" />
+	<target host="planningconsult.rbkc.gov.uk" />
+	<target host="www.rbkc.gov.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="rbkc.gov.uk" />
+	<target host="consultation.rbkc.gov.uk" />
+	<target host="eforms.rbkc.gov.uk" />
+	<target host="www.planningconsult.rbkc.gov.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.eforms\.rbkc\.gov\.uk$" name="^(?:AWSELB|firmstep2session|firmstep2server)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://(consultation\.|eforms\.)?rbkc\.gov\.uk/"
+		to="https://www.$1rbkc.gov.uk/" />
+
+	<rule from="^http://www\.planningconsult\.rbkc\.gov\.uk/"
+		to="https://planningconsult.rbkc.gov.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/rbth.com.xml b/src/chrome/content/rules/rbth.com.xml
new file mode 100644
index 000000000000..41a4d89f2f24
--- /dev/null
+++ b/src/chrome/content/rules/rbth.com.xml
@@ -0,0 +1,85 @@
+<!--
+	other Russia Beyond the Headlines rulesets:
+
+		- Russia-Beyond-the-Headlines.xml
+
+
+	Nonfunctional hosts in *rbth.com:
+
+		- imfokus.de ʰ
+		- ipad ʰ
+
+	ʰ Redirects to http
+
+
+	www.rbth.com: Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- rbth.com
+		- bg.rbth.com
+		- de.rbth.com
+		- fr.rbth.com
+		- hindi.rbth.com
+		- hr.rbth.com
+		- in.rbth.com
+		- indonesia.rbth.com
+		- it.rbth.com
+		- jp.rbth.com
+		- mk.rbth.com
+		- newsletter.rbth.com
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- ^, jp, mk, newsletter from nl.media.rbth.ru ˢ
+			- mk from static.rbth.com ˢ
+			- newsletter from ^rbth.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="RBTH.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="rbth.com" />
+	<target host="bg.rbth.com" />
+	<target host="cdn.rbth.com" />
+	<target host="cmsen.rbth.com" />
+	<target host="de.rbth.com" />
+	<target host="fr.rbth.com" />
+	<target host="hindi.rbth.com" />
+	<target host="hr.rbth.com" />
+	<target host="in.rbth.com" />
+	<target host="indonesia.rbth.com" />
+	<target host="it.rbth.com" />
+	<target host="jp.rbth.com" />
+	<target host="mk.rbth.com" />
+	<target host="newsletter.rbth.com" />
+	<target host="stat.rbth.com" />
+	<target host="static.rbth.com" />
+
+	<!--	Complications:
+				-->
+	<target host="www.rbth.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:(?:bg|de|fr|hindi|hr|in|indonesia|it|jp|mk|newsletter)\.)?rbth\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://www\.rbth\.com/"
+		to="https://rbth.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/rbwm.gov.uk.xml b/src/chrome/content/rules/rbwm.gov.uk.xml
new file mode 100644
index 000000000000..1870e0c42d11
--- /dev/null
+++ b/src/chrome/content/rules/rbwm.gov.uk.xml
@@ -0,0 +1,148 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://directory.rbwm.gov.uk/kb5/rbwm/directory/images/customer/nc2_img_minus-size-icon.png => https://search3.openobject.com/kb5/rbwm/directory/images/customer/nc2_img_minus-size-icon.png: (6, 'Could not resolve host: search3.openobject.com')
+Fetch error: http://directory.rbwm.gov.uk/kb5/rbwm/directory/stylesheets/css/customer-print.css => https://search3.openobject.com/kb5/rbwm/directory/stylesheets/css/customer-print.css: (6, 'Could not resolve host: search3.openobject.com')
+Fetch error: http://licensing.rbwm.gov.uk/ => https://licensing.rbwm.gov.uk/: (6, 'Could not resolve host: licensing.rbwm.gov.uk')
+
+	Royal Borough of Windsor & Maidenhead Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *rbwm.gov.uk:
+
+		- fsd ᵃ
+		- maps ᵈ
+		- mol ᵈ
+		- petitions ᵗ
+		- pledge ᵗ
+		- www ʳ
+
+	ᵃ Shows search3.openobjects.com
+	ᵈ Dropped
+	ʳ Refused
+	ᵗ Reset
+
+
+	Problematic hosts in *rbwm.gov.uk:
+
+		- consult ᵐ
+		- directory ᵐ
+
+	ᵐ Mismatched
+
+
+	Partially covered hosts in *rbwm.gov.uk:
+
+		- directory ʰ
+		- www *
+
+	* Not all paths redirect
+	ʰ Some pages redirect to http
+
+
+	^rbwm.gov.uk does not exist.
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- licensing.rbwm.gov.uk
+		- system8.rbwm.gov.uk
+		- www3.rbwm.gov.uk
+		- .www3.rbwm.gov.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- myportaladmissions, system8 from d1.logo-net.co.uk ʳ
+			- myportaladmissions, system8 from www.rbwm.gov.uk ʳ
+
+		- Bugs on myportaladmissions, payments, system8 from uk.sitestat.com ˢ
+
+	ʳ Unsecurable <= refused
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="RBWM.gov.uk (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="forms.rbwm.gov.uk" />
+	<target host="licensing.rbwm.gov.uk" />
+	<target host="myportaladmissions.rbwm.gov.uk" />
+	<target host="payments.rbwm.gov.uk" />
+	<target host="system8.rbwm.gov.uk" />
+	<target host="www3.rbwm.gov.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="consult.rbwm.gov.uk" />
+	<target host="directory.rbwm.gov.uk" />
+	<target host="www.rbwm.gov.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^licensing\.rbwm\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^system8\.rbwm\.gov\.uk$" name="^JSESSIONID$" /-->
+	<!--securecookie host="^www3\.rbwm\.gov\.uk$" name="^\w{16}$" /-->
+	<!--securecookie host="^\.www3\.rbwm\.gov\.uk$" name="^TestCookie$" /-->
+
+	<securecookie host="^(?!directory\.|www\.)\w" name=".+" />
+	<securecookie host="^\.www3\." name=".+" />
+
+
+	<rule from="^http://directory\.rbwm\.gov\.uk/"
+		to="https://search3.openobject.com/" />
+
+		<exclusion pattern="^http://directory\.rbwm\.gov\.uk/(?!/*(?:kb5/\w+/directory/(?:image|stylesheet)s/))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://directory.rbwm.gov.uk/kb5/rbwm/directory/complaints.page" />
+			<test url="http://directory.rbwm.gov.uk/kb5/rbwm/directory/families.page" />
+			<test url="http://directory.rbwm.gov.uk/kb5/rbwm/directory/localoffer.page" />
+			<test url="http://directory.rbwm.gov.uk/kb5/rbwm/directory/news.page" />
+
+			<!--	-ve:
+					-->
+			<test url="http://directory.rbwm.gov.uk/kb5/rbwm/directory/images/customer/nc2_img_minus-size-icon.png" />
+			<test url="http://directory.rbwm.gov.uk/kb5/rbwm/directory/stylesheets/css/customer-print.css" />
+
+	<!--	Redirect drops all:
+					-->
+	<rule from="^http://www\.rbwm\.gov\.uk/.*"
+		to="https://www3.rbwm.gov.uk/" />
+
+		<!--	/*\w(?!ndex\.htm) does not redirect:
+								-->
+		<exclusion pattern="^http://www\.rbwm\.gov\.uk/(?!/*(?:$|\?|index\.htm))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.rbwm.gov.uk/berks-pension/" />
+			<test url="http://www.rbwm.gov.uk/events/" />
+			<test url="http://www.rbwm.gov.uk/events/e_detail.asp?ID=5703" />
+			<test url="http://www.rbwm.gov.uk/web/foi_requests_by_cat_finance.htm" />
+			<test url="http://www.rbwm.gov.uk/web/foi_requests_by_cat_highways.htm" />
+			<test url="http://www.rbwm.gov.uk/web/sdop_flooding_info.htm" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.rbwm.gov.uk/?" />
+			<test url="http://www.rbwm.gov.uk/index.htm" />
+
+	<rule from="^http://consult\.rbwm\.gov\.uk/"
+		to="https://rbwm-consult.objective.co.uk/" />
+
+		<test url="http://consult.rbwm.gov.uk/portal/contact_us" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/rc4nomore.com.xml b/src/chrome/content/rules/rc4nomore.com.xml
new file mode 100644
index 000000000000..5b761e162041
--- /dev/null
+++ b/src/chrome/content/rules/rc4nomore.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="rc4nomore.com">
+	<target host="rc4nomore.com" />
+	<target host="www.rc4nomore.com" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/rcdb.com.xml b/src/chrome/content/rules/rcdb.com.xml
new file mode 100644
index 000000000000..a9feb098aaf4
--- /dev/null
+++ b/src/chrome/content/rules/rcdb.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="Roller Coaster DataBase">
+
+	<target host="rcdb.com" />
+	<target host="www.rcdb.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/rclone.org.xml b/src/chrome/content/rules/rclone.org.xml
new file mode 100644
index 000000000000..9cea70ea1ace
--- /dev/null
+++ b/src/chrome/content/rules/rclone.org.xml
@@ -0,0 +1,34 @@
+<!--
+	Timeout:
+		- mail2.rclone.org
+		- mail3.rclone.org
+
+	Redirects to localhost:
+		- oauth.rclone.org
+
+	SSL protocol error:
+		- www.rclone.org (fixed by this ruleset)
+		- hostmaster.rclone.org
+		- mta-sts.mail.rclone.org
+		- mta-sts.mail2.rclone.org
+		- mta-sts.mail3.rclone.org
+
+	Mismatched:
+		- mail.rclone.org
+-->
+<ruleset name="rclone.org">
+	<target host="rclone.org" />
+	<target host="www.rclone.org" />
+	<target host="apt.rclone.org" />
+	<target host="beta.apt.rclone.org" />
+	<target host="beta.rclone.org" />
+	<target host="downloads.rclone.org" />
+	<target host="forum.rclone.org" />
+	<target host="pub.rclone.org" />
+	<target host="slack-invite.rclone.org" />
+	<target host="test.rclone.org" />
+	<target host="tip.rclone.org" />
+
+	<rule from="^http://www\.rclone\.org/" to="https://rclone.org/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/rcm.org.uk.xml b/src/chrome/content/rules/rcm.org.uk.xml
new file mode 100644
index 000000000000..8070b017b2b1
--- /dev/null
+++ b/src/chrome/content/rules/rcm.org.uk.xml
@@ -0,0 +1,30 @@
+<!--
+	Nonfunctional hosts in *rcm.org.uk:
+
+		- www.ilearn ʳ
+		- protect ʳ
+
+	ʳ Refused
+
+
+	Problematic hosts in *rcm.org.uk:
+
+		- betterbirths ᵐ
+
+	ᵐ Mismatched
+
+-->
+<ruleset name="RCM.org.uk (partial)">
+
+	<target host="rcm.org.uk" />
+	<target host="subs.rcm.org.uk" />
+	<target host="www.rcm.org.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/re2c.org.xml b/src/chrome/content/rules/re2c.org.xml
new file mode 100644
index 000000000000..cfee422e6d31
--- /dev/null
+++ b/src/chrome/content/rules/re2c.org.xml
@@ -0,0 +1,7 @@
+<ruleset name="re2c.org">
+	<target host="re2c.org" />
+	<target host="www.re2c.org" />
+
+	<rule from="^http://www\.re2c\.org/" to="https://re2c.org/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/reCaptcha.net.xml b/src/chrome/content/rules/reCaptcha.net.xml
new file mode 100644
index 000000000000..5cab0cca5de2
--- /dev/null
+++ b/src/chrome/content/rules/reCaptcha.net.xml
@@ -0,0 +1,17 @@
+<!--
+	SSL_ERROR_SYSCALL:
+		- blog
+-->
+<ruleset name="reCaptcha.net">
+	<target host="recaptcha.net" />
+	<target host="www.recaptcha.net" />
+	<target host="admin.recaptcha.net" />
+	<target host="api.recaptcha.net" />
+	<target host="api-secure.recaptcha.net" />
+	<target host="api-verify.recaptcha.net" />
+	<target host="mailhide.recaptcha.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/reachboarding.com.xml b/src/chrome/content/rules/reachboarding.com.xml
new file mode 100644
index 000000000000..0b01cc3f13f0
--- /dev/null
+++ b/src/chrome/content/rules/reachboarding.com.xml
@@ -0,0 +1,16 @@
+<!--
+	(www.)?reachboarding.com: 404
+
+-->
+<ruleset name="Reach Boarding.com (partial)">
+
+	<target host="asms.reachboarding.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/realestate.com.au.xml b/src/chrome/content/rules/realestate.com.au.xml
new file mode 100644
index 000000000000..78bd2f68d155
--- /dev/null
+++ b/src/chrome/content/rules/realestate.com.au.xml
@@ -0,0 +1,189 @@
+<!--
+	Non-functional subdomains:
+		- next.address-service	(m)
+		- test.agentdesktop	(e)
+		- cls.calculators	(t)
+		- careers	(m)
+		- gia.careers	(t)
+		- connect	(m)
+		- staging.connect	(t)
+		- asia-quote-api.asia.corp	(t)
+		- asia-quote-api.asia-test.corp	(t)
+		- rattic.cowbell	(t)
+		- creative	(m)
+		- resi-ci-monitor.delivery	(t)
+		- rubygems.delivery	(t)
+		- developerpremiereprices	(m)
+		- developmenthub	(m)
+		- communication-settings.e2e	(t)
+		- ebrochure.e2e	(t)
+		- rpdata-spazzy.e2e	(t)
+		- sha-images.e2e	(m)
+		- api.staging.e2e	(m)
+		- www.api.staging.e2e	(m)
+		- origin-api.staging.e2e	(m)
+		- sha-images.staging.e2e	(m)
+		- campaign-api-prod.eventus-prod	(t)
+		- competitions.facebook	(t)
+		- hackday	(m)
+		- ad.homeground	(t)
+		- rea-reporting.infosys	(t)
+		- splunk.infosys	(t)
+		- investor	(m)
+		- jumppagesystem	(e)
+		- next.m	(t)
+		- media-staging	(m)
+		- mobile	(t)
+		- rattic-staging.muppets	(t)
+		- entitlement-api-prod.partner-platform	(t)
+		- entitlement-api-staging.partner-platform	(t)
+		- kong-prod-adminapi.partner-platform	(t)
+		- kong-staging-adminapi.partner-platform	(t)
+		- property-listings-web	(t)
+		- rea2-gyr	(m)
+		- reareports	(e)
+		- reaxml	(t)
+		- saved-search-api.resi-myrea-staging	(t)
+		- rpdata-spazzy	(m)
+		- corp-nessus-manager.sec-team	(t)
+		- sellingguide	(m)
+		- next.services	(t)
+		- static-origin	(t)
+		- techblog	(r)
+		- umlqa	(t)
+		- webmail	(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="realestate.com.au">
+
+	<target host="realestate.com.au" />
+	<target host="www.realestate.com.au" />
+	<target host="about.realestate.com.au" />
+	<target host="account.realestate.com.au" />
+	<target host="address-service.realestate.com.au" />
+	<target host="adslot.realestate.com.au" />
+	<target host="advertorial-web-api.realestate.com.au" />
+	<target host="agent.realestate.com.au" />
+	<target host="www.agent.realestate.com.au" />
+	<target host="agent-contact.realestate.com.au" />
+	<target host="agent-elevate.realestate.com.au" />
+	<target host="agentadmin.realestate.com.au" />
+	<target host="agentdesktop.realestate.com.au" />
+	<target host="analytics.realestate.com.au" />
+	<target host="api.realestate.com.au" />
+	<target host="audience-selector.realestate.com.au" />
+	<target host="idp.auth.realestate.com.au" />
+	<target host="idp-ore.auth.realestate.com.au" />
+	<target host="idp-syd.auth.realestate.com.au" />
+	<target host="builderadmin.realestate.com.au" />
+	<target host="communication-settings.realestate.com.au" />
+	<target host="self-service-portal.corp.realestate.com.au" />
+	<target host="registry.cowbell.realestate.com.au" />
+	<target host="cp-gatekeeper.realestate.com.au" />
+	<target host="cxp-tools.realestate.com.au" />
+	<target host="privatar.delivery.realestate.com.au" />
+	<target host="www.e2e.realestate.com.au" />
+	<target host="account.e2e.realestate.com.au" />
+	<target host="agentadmin.e2e.realestate.com.au" />
+	<target host="analytics.e2e.realestate.com.au" />
+	<target host="api.e2e.realestate.com.au" />
+	<target host="cxp-tools.e2e.realestate.com.au" />
+	<target host="origin-invest.e2e.realestate.com.au" />
+	<target host="partner.e2e.realestate.com.au" />
+	<target host="saved-search-api.e2e.realestate.com.au" />
+	<target host="secure.e2e.realestate.com.au" />
+	<target host="widgets.staging.e2e.realestate.com.au" />
+	<target host="ebrochure.realestate.com.au" />
+	<target host="edm.realestate.com.au" />
+	<target host="eqx-oob.realestate.com.au" />
+	<target host="eqx-oob2.realestate.com.au" />
+	<target host="failover.realestate.com.au" />
+	<target host="fin-exp-dev.realestate.com.au" />
+	<target host="git.realestate.com.au" />
+	<target host="gp-xian.realestate.com.au" />
+	<target host="grants.realestate.com.au" />
+	<target host="gyr-oob.realestate.com.au" />
+	<target host="help.realestate.com.au" />
+	<target host="home-builders.realestate.com.au" />
+	<target host="homeloans.realestate.com.au" />
+	<target host="idp.realestate.com.au" />
+	<target host="consumer-prof.infosys.realestate.com.au" />
+	<target host="investor-api.realestate.com.au" />
+	<target host="investor-api-inactive.realestate.com.au" />
+	<target host="investor-cartodb.investor-prod.realestate.com.au" />
+	<target host="investor-cartodb.investor-staging.realestate.com.au" />
+	<target host="consumer-prof.is-qa.realestate.com.au" />
+	<target host="leads.realestate.com.au" />
+	<target host="staging.leads.realestate.com.au" />
+	<target host="lexa.realestate.com.au" />
+	<target host="secure.listings-prod.realestate.com.au" />
+	<target host="secure.listings-test.realestate.com.au" />
+	<target host="m.realestate.com.au" />
+	<target host="mad-ci.realestate.com.au" />
+	<target host="mad-searchapi.realestate.com.au" />
+	<target host="media.realestate.com.au" />
+	<target host="46430c-origin.media.realestate.com.au" />
+	<target host="mel-vpn.realestate.com.au" />
+	<target host="a.mobile.realestate.com.au" />
+	<target host="cdn.mobile.realestate.com.au" />
+	<target host="companion.mobile.realestate.com.au" />
+	<target host="i.mobile.realestate.com.au" />
+	<target host="s1.news-lifestyle.realestate.com.au" />
+	<target host="origin-invest.realestate.com.au" />
+	<target host="partner.realestate.com.au" />
+	<target host="kong-prod-public.partner-platform.realestate.com.au" />
+	<target host="kong-staging-public.partner-platform.realestate.com.au" />
+	<target host="snappass.partner-platform.realestate.com.au" />
+	<target host="pay.realestate.com.au" />
+	<target host="www.pay.realestate.com.au" />
+	<target host="pexa.realestate.com.au" />
+	<target host="pki.realestate.com.au" />
+	<target host="propertyplatform.realestate.com.au" />
+	<target host="propertyplatform-demo.realestate.com.au" />
+	<target host="app-news-wordpress.rca-prod.realestate.com.au" />
+	<target host="rca-news-ui.rca-prod.realestate.com.au" />
+	<target host="reporting-origin.realestate.com.au" />
+	<target host="resi-agent-api.realestate.com.au" />
+	<target host="agent-contact.resi-agent-failover.realestate.com.au" />
+	<target host="agent-contact.resi-agent-prod.realestate.com.au" />
+	<target host="resi-agent-web.realestate.com.au" />
+	<target host="saved-search-api.resi-myrea.realestate.com.au" />
+	<target host="audmax-ui.resi-product-prod-addons.realestate.com.au" />
+	<target host="audmax-ui.resi-product-staging-addons.realestate.com.au" />
+	<target host="neighbourhoods.resi-property.realestate.com.au" />
+	<target host="sasinator.realestate.com.au" />
+	<target host="saved-search-api.realestate.com.au" />
+	<target host="school-service.realestate.com.au" />
+	<target host="secure.realestate.com.au" />
+	<target host="selfservice.realestate.com.au" />
+	<target host="www.selfservice.realestate.com.au" />
+	<target host="sell.realestate.com.au" />
+	<target host="services.realestate.com.au" />
+	<target host="sha-images.realestate.com.au" />
+	<target host="smartline-dev.realestate.com.au" />
+	<target host="smetrics.realestate.com.au" />
+	<target host="spacely-news.spacely-production.realestate.com.au" />
+	<target host="spacely-news.spacely-staging.realestate.com.au" />
+	<target host="propertyplatform.staging.realestate.com.au" />
+	<target host="propertyplatform-e2e.staging.realestate.com.au" />
+	<target host="suggest.realestate.com.au" />
+	<target host="sym.realestate.com.au" />
+	<target host="text-to-image.realestate.com.au" />
+	<target host="upgrades.realestate.com.au" />
+	<target host="property.value.realestate.com.au" />
+	<target host="staging.property.value.realestate.com.au" />
+	<target host="webtools.realestate.com.au" />
+	<target host="widgets.realestate.com.au" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/realfavicongenerator.net.xml b/src/chrome/content/rules/realfavicongenerator.net.xml
new file mode 100644
index 000000000000..4e4ee5df3070
--- /dev/null
+++ b/src/chrome/content/rules/realfavicongenerator.net.xml
@@ -0,0 +1,15 @@
+<!--
+    Nonfunctional subdomains:
+        - www
+-->
+<ruleset name="Realfavicongenerator.net">
+    <target host="realfavicongenerator.net" />
+    <target host="www.realfavicongenerator.net" />
+
+    <!-- Redirect www subdomain to main domain -->
+    <rule from="^http://www\.realfavicongenerator\.net/"
+          to="https://realfavicongenerator.net/" />
+
+    <rule from="^http:"
+          to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/realtimeboard.com.xml b/src/chrome/content/rules/realtimeboard.com.xml
new file mode 100644
index 000000000000..92d19de847b2
--- /dev/null
+++ b/src/chrome/content/rules/realtimeboard.com.xml
@@ -0,0 +1,51 @@
+<!--
+	Nonfunctional hosts in *realtimeboard.com:
+
+		- help ʰ
+		- ru.help ʰ
+
+	ʰ Freshdesk / redirects to http
+
+
+	Problematic hosts in *realtimeboard.com:
+
+		- status ᵐ
+
+	ᵐ StatusPage.io / mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- realtimeboard.com
+
+-->
+<ruleset name="RealtimeBoard.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="realtimeboard.com" />
+	<target host="www.realtimeboard.com" />
+
+	<!--	Complications:
+				-->
+	<target host="status.realtimeboard.com" />
+
+		<!--	Sets cookie without Secure:
+							-->
+		<!--test url="http://realtimeboard.com/blog/" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^realtimeboard\.com$" name="^(?:qtrans_front_language|session)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://status\.realtimeboard\.com/"
+		to="https://realtimeboard.statuspage.io/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/rebeccawait.com.xml b/src/chrome/content/rules/rebeccawait.com.xml
new file mode 100644
index 000000000000..71d6cfa83cf9
--- /dev/null
+++ b/src/chrome/content/rules/rebeccawait.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="Rebecca Wait.com">
+
+	<target host="rebeccawait.com" />
+	<target host="www.rebeccawait.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/receive-a-sms.com.xml b/src/chrome/content/rules/receive-a-sms.com.xml
new file mode 100644
index 000000000000..3340f34480f3
--- /dev/null
+++ b/src/chrome/content/rules/receive-a-sms.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="receive-a-sms.com">
+	<target host="receive-a-sms.com" />
+	<target host="www.receive-a-sms.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/receivefreesms.net.xml b/src/chrome/content/rules/receivefreesms.net.xml
new file mode 100644
index 000000000000..2049c3845954
--- /dev/null
+++ b/src/chrome/content/rules/receivefreesms.net.xml
@@ -0,0 +1,9 @@
+<ruleset name="receivefreesms.net">
+	<target host="receivefreesms.net" />
+	<target host="www.receivefreesms.net" />
+	<target host="autodiscover.receivefreesms.net" />
+	<target host="mail.receivefreesms.net" />
+	<target host="webdisk.receivefreesms.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/receivesmsonline.net.xml b/src/chrome/content/rules/receivesmsonline.net.xml
new file mode 100644
index 000000000000..f2de178a4fda
--- /dev/null
+++ b/src/chrome/content/rules/receivesmsonline.net.xml
@@ -0,0 +1,10 @@
+<ruleset name="receivesmsonline.net">
+	<target host="receivesmsonline.net" />
+	<target host="www.receivesmsonline.net" />
+	<target host="cdn.receivesmsonline.net" />
+	<target host="www.cdn.receivesmsonline.net" />
+	<target host="private.receivesmsonline.net" />
+	<target host="www.private.receivesmsonline.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/recettes.de.xml b/src/chrome/content/rules/recettes.de.xml
new file mode 100644
index 000000000000..849133b797be
--- /dev/null
+++ b/src/chrome/content/rules/recettes.de.xml
@@ -0,0 +1,11 @@
+<!--
+		Uses invalid security certificate:
+			blog.recettes.de
+-->
+<ruleset name="recettes.de">
+	<target host="recettes.de" />
+	<target host="www.recettes.de" />
+
+	<securecookie host=".+" name=".+" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/rechenkraft.net.xml b/src/chrome/content/rules/rechenkraft.net.xml
new file mode 100644
index 000000000000..543b8d9d67b7
--- /dev/null
+++ b/src/chrome/content/rules/rechenkraft.net.xml
@@ -0,0 +1,16 @@
+<!--
+	Invalid certificate:
+		on wildcard subdomains
+
+	Timeout:
+		boinc.rechenkraft.net
+-->
+<ruleset name="Rechenkraft.net">
+
+	<target host="rechenkraft.net" />
+	<target host="www.rechenkraft.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/recognified.net.xml b/src/chrome/content/rules/recognified.net.xml
new file mode 100644
index 000000000000..816ed2489cb2
--- /dev/null
+++ b/src/chrome/content/rules/recognified.net.xml
@@ -0,0 +1,16 @@
+<ruleset name="recognified.net">
+
+	<target host="recognified.net" />
+	<target host="www.recognified.net" />
+	<target host="cdn.recognified.net" />
+		<test url="http://cdn.recognified.net/rd.loader.php?pub_id=96" />
+	<target host="dyn.recognified.net" />
+	<target host="media.recognified.net" />
+	<target host="radn2.recognified.net" />
+	<target host="rads.recognified.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/recordedbooks.com.xml b/src/chrome/content/rules/recordedbooks.com.xml
new file mode 100644
index 000000000000..3f627357f348
--- /dev/null
+++ b/src/chrome/content/rules/recordedbooks.com.xml
@@ -0,0 +1,23 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://images.recordedbooks.com/publications/2011/ly5110g_FB_FindUs144.png => https://images.recordedbooks.com/publications/2011/ly5110g_FB_FindUs144.png: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://images.recordedbooks.com/ => https://images.recordedbooks.com/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="Recorded Books.com" default_off="failed ruleset test">
+
+	<target host="recordedbooks.com" />
+	<target host="images.recordedbooks.com" />
+	<target host="www.recordedbooks.com" />
+
+		<test url="http://images.recordedbooks.com/publications/2011/ly5110g_FB_FindUs144.png" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/recordnotfound.com.xml b/src/chrome/content/rules/recordnotfound.com.xml
new file mode 100644
index 000000000000..797d7e6dae0f
--- /dev/null
+++ b/src/chrome/content/rules/recordnotfound.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- recordnotfound.com
+		- www.recordnotfound.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Record Not Found.com">
+
+	<target host="recordnotfound.com" />
+	<target host="www.recordnotfound.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?recordnotfound\.com$" name="^_github_landing_session$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/recruitee.com.xml b/src/chrome/content/rules/recruitee.com.xml
new file mode 100644
index 000000000000..ab1c67524dd3
--- /dev/null
+++ b/src/chrome/content/rules/recruitee.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- .recruitee.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Recruitee.com">
+
+	<target host="recruitee.com" />
+	<target host="jobs.recruitee.com" />
+	<target host="www.recruitee.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.recruitee\.com$" name="^_recruitee$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/recruiter.co.uk.xml b/src/chrome/content/rules/recruiter.co.uk.xml
new file mode 100644
index 000000000000..3eb27469ec2d
--- /dev/null
+++ b/src/chrome/content/rules/recruiter.co.uk.xml
@@ -0,0 +1,44 @@
+<!--
+	Nonfunctional hosts in *recruiter.co.uk:
+
+		- (www.)? ʰ
+		- awards ᵈ
+
+	ᵈ Dropped
+	ʰ Redirects to http
+
+
+	Problematic hosts in *recruiter.co.uk:
+
+		- jobs ᵐ
+
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- subs.recruiter.co.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Recruiter.co.uk (partial)">
+
+	<target host="subs.recruiter.co.uk" />
+
+		<!--	$ 403s, so:
+					-->
+		<test url="http://subs.recruiter.co.uk/registrationselection" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^subs\.recruiter\.co\.uk$" name="^(?:__AntiXsrfToken|ASP\.NET_SessionId)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/recycleforsurrey.org.uk.xml b/src/chrome/content/rules/recycleforsurrey.org.uk.xml
new file mode 100644
index 000000000000..28f306a0a4f6
--- /dev/null
+++ b/src/chrome/content/rules/recycleforsurrey.org.uk.xml
@@ -0,0 +1,29 @@
+<!--
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .recycleforsurrey.org.uk
+		- www.recycleforsurrey.org.uk
+
+-->
+<ruleset name="Recycle for Surrey.org.uk">
+
+	<target host="recycleforsurrey.org.uk" />
+	<target host="www.recycleforsurrey.org.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.recycleforsurrey\.org\.uk$" name="^(?:incap_ses_\d+|visid_incap)_\d+$" /-->
+	<!--securecookie host="^www\.recycleforsurrey\.org\.uk$" name="^(?:___utmv[abm]\w+|SQ_SYSTEM_SESSION)$" /-->
+
+	<securecookie host="^\." name="^(?:incap_ses|visid_incap)_" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/redcare.com.xml b/src/chrome/content/rules/redcare.com.xml
new file mode 100644
index 000000000000..595a1d77dfc1
--- /dev/null
+++ b/src/chrome/content/rules/redcare.com.xml
@@ -0,0 +1,25 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.redcare.com/ => https://www.redcare.com/: (7, 'Failed to connect to www.redcare.com port 443: Connection refused')
+
+	For other BT Group coverage, see BT-Group.xml.
+
+
+	These altnames do not exist:
+
+		- redcare.com
+
+-->
+<ruleset name="Redcare.com" default_off="failed ruleset test">
+
+	<target host="www.redcare.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/redcom.ru.xml b/src/chrome/content/rules/redcom.ru.xml
new file mode 100644
index 000000000000..34c2df5b4d9e
--- /dev/null
+++ b/src/chrome/content/rules/redcom.ru.xml
@@ -0,0 +1,17 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://abonent.redcom.ru/ => https://abonent.redcom.ru/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+redcom.ru self signed
+www.redcom.ru self signed
+forum.redcom.ru mismatch
+icepilots.redcom.ru mismatch
+files.redcom.ru protocol error
+genima.leased.redcom.ru timed out
+-->
+<ruleset name="redcom.ru (partial)" default_off="failed ruleset test">
+	<target host="abonent.redcom.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/reddit-stream.com.xml b/src/chrome/content/rules/reddit-stream.com.xml
new file mode 100644
index 000000000000..ce04f45d53da
--- /dev/null
+++ b/src/chrome/content/rules/reddit-stream.com.xml
@@ -0,0 +1,14 @@
+<!---
+	Connection refused:
+		count.reddit-stream.com
+
+	Invalid certificate:
+		gold.reddit-stream.com (self signed)
+
+-->
+<ruleset name="reddit-stream.com">
+	<target host="reddit-stream.com" />
+	<target host="www.reddit-stream.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/redditblog.com.xml b/src/chrome/content/rules/redditblog.com.xml
new file mode 100644
index 000000000000..acffd785053b
--- /dev/null
+++ b/src/chrome/content/rules/redditblog.com.xml
@@ -0,0 +1,11 @@
+<!--
+	For other Reddit coverage, see Reddit.xml.
+-->
+<ruleset name="Reddit Blog.com">
+	<target host="redditblog.com" />
+	<target host="www.redditblog.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/redditchbc.gov.uk.xml b/src/chrome/content/rules/redditchbc.gov.uk.xml
new file mode 100644
index 000000000000..8830a9d13c9f
--- /dev/null
+++ b/src/chrome/content/rules/redditchbc.gov.uk.xml
@@ -0,0 +1,41 @@
+<!--
+	Redditch Borough Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *redditchbc.gov.uk:
+
+		- access ʳ
+		- bookings ᵈ
+		- www ʳ
+		- www2 ʳ
+
+	ᵈ Dropped
+	ʳ Refused
+
+
+	^redditchbc.gov.uk does not exist
+
+
+	Insecure cookies are set for these hosts:
+
+		- moderngovwebpublic.redditchbc.gov.uk
+
+-->
+<ruleset name="Redditch BC.gov.uk (partial)">
+
+	<target host="moderngovwebpublic.redditchbc.gov.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^moderngovwebpublic\.redditchbc\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/reddituploads.com.xml b/src/chrome/content/rules/reddituploads.com.xml
new file mode 100644
index 000000000000..2c881e1dae73
--- /dev/null
+++ b/src/chrome/content/rules/reddituploads.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="reddituploads.com">
+
+	<target host="i.reddituploads.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/redingtonindia.com.xml b/src/chrome/content/rules/redingtonindia.com.xml
new file mode 100644
index 000000000000..283d3b7eaa04
--- /dev/null
+++ b/src/chrome/content/rules/redingtonindia.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="Redington India.com">
+
+	<target host="redingtonindia.com" />
+	<target host="www.redingtonindia.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/redirectingat.com.xml b/src/chrome/content/rules/redirectingat.com.xml
new file mode 100644
index 000000000000..55bc279cb8ae
--- /dev/null
+++ b/src/chrome/content/rules/redirectingat.com.xml
@@ -0,0 +1,29 @@
+<!--
+	For other SkimLinks coverage, see SkimLinks.xml.
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- .redirectingat.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="redirectingat.com">
+
+	<target host="go.redirectingat.com" />
+
+		<test url="http://go.redirectingat.com/?id=34208X967867&amp;url=http%3A%2F%2Fwww.buch.de%2Fshop%2Fhome%2Fshow%2F&amp;xcust=128724&amp;xs=1" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.redirectingat\.com$" name="^skim(?:GUID|SESS)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/redkestrel.co.uk.xml b/src/chrome/content/rules/redkestrel.co.uk.xml
new file mode 100644
index 000000000000..b1e634008254
--- /dev/null
+++ b/src/chrome/content/rules/redkestrel.co.uk.xml
@@ -0,0 +1,6 @@
+<ruleset name="redkestrel.co.uk">
+	<target host="redkestrel.co.uk" />
+	<target host="www.redkestrel.co.uk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/refugee.ru.xml b/src/chrome/content/rules/refugee.ru.xml
new file mode 100644
index 000000000000..a9a7b81b00b2
--- /dev/null
+++ b/src/chrome/content/rules/refugee.ru.xml
@@ -0,0 +1,16 @@
+<!--
+kids.refugee.ru ²
+old.refugee.ru ¹
+
+
+¹ mismatch
+² refused
+-->
+<ruleset name="refugee.ru">
+	<target host="refugee.ru" />
+	<target host="www.refugee.ru" />
+	<target host="dayshalldeclare.refugee.ru" />
+	<target host="www.dayshalldeclare.refugee.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/regeringen.se.xml b/src/chrome/content/rules/regeringen.se.xml
new file mode 100644
index 000000000000..8d5996be77f1
--- /dev/null
+++ b/src/chrome/content/rules/regeringen.se.xml
@@ -0,0 +1,6 @@
+<ruleset name="regeringen.se">
+	<target host="regeringen.se" />
+	<target host="www.regeringen.se" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/regettingold.com.xml b/src/chrome/content/rules/regettingold.com.xml
new file mode 100644
index 000000000000..d4490af839a9
--- /dev/null
+++ b/src/chrome/content/rules/regettingold.com.xml
@@ -0,0 +1,14 @@
+<!--
+	Refused:
+		dc-fa7ed9332c17.regettingold.com
+		direct.regettingold.com
+-->
+<ruleset name="regettingold.com">
+	<target host="regettingold.com" />
+	<target host="www.regettingold.com" />
+	<target host="you.regettingold.com" />
+	<target host="www.you.regettingold.com" />
+
+	<rule from="^http://www\.you\.regettingold\.com/" to="https://you.regettingold.com/" /> <!-- Redirect cause of unsupported protocol -->
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/regexbuddy.com.xml b/src/chrome/content/rules/regexbuddy.com.xml
new file mode 100644
index 000000000000..03bbe9a28f48
--- /dev/null
+++ b/src/chrome/content/rules/regexbuddy.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="regexbuddy.com">
+	<target host="regexbuddy.com" />
+	<target host="www.regexbuddy.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/regexr.com.xml b/src/chrome/content/rules/regexr.com.xml
new file mode 100644
index 000000000000..eadc57fba30d
--- /dev/null
+++ b/src/chrome/content/rules/regexr.com.xml
@@ -0,0 +1,16 @@
+<!--
+
+	Problematic hosts in *regexr.com:
+
+		- mail ᵐ
+		- * ᵐ
+
+	ᵐ Mismatched
+
+-->
+<ruleset name="regexr.com">
+	<target host="regexr.com" />
+	<target host="www.regexr.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/regular-expressions.info.xml b/src/chrome/content/rules/regular-expressions.info.xml
new file mode 100644
index 000000000000..7a6cc90a9417
--- /dev/null
+++ b/src/chrome/content/rules/regular-expressions.info.xml
@@ -0,0 +1,6 @@
+<ruleset name="regular-expressions.info">
+	<target host="regular-expressions.info" />
+	<target host="www.regular-expressions.info" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/relink.to.xml b/src/chrome/content/rules/relink.to.xml
new file mode 100644
index 000000000000..ca779fbad99d
--- /dev/null
+++ b/src/chrome/content/rules/relink.to.xml
@@ -0,0 +1,13 @@
+<ruleset name="relink.to">
+	<target host="relink.to" />
+  	<target host="www.relink.to" />
+  	<target host="relink.us" />
+  	<target host="www.relink.us" />
+
+	<!-- http://relink.us/ redirects to http://relink.to/, but https://relink.us/ shows error 502 -->
+	<!-- http://www.relink.us/ redirects to http://relink.to/, but https://www.relink.us/ is a redirect loop -->
+	<rule from="^http://(www\.)?relink\.us/"
+		to="https://relink.to/" />
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ren.tv.xml b/src/chrome/content/rules/ren.tv.xml
new file mode 100644
index 000000000000..2243ab0ed075
--- /dev/null
+++ b/src/chrome/content/rules/ren.tv.xml
@@ -0,0 +1,36 @@
+<!--
+4sale.ren.tv ¹
+api.ren.tv ⁵
+chistayarabota.ren.tv ¹
+cloud.ren.tv ¹
+ds01.ren.tv ²
+ds02.ren.tv ²
+forum.ren.tv ²
+goroda.ren.tv ¹
+got.ren.tv ¹
+loza.ren.tv ¹
+loza-test.ren.tv ¹
+lozhkin.ren.tv ¹
+m.ren.tv mixed content
+mintrans.ren.tv ¹
+quiz.ren.tv ¹
+remont.ren.tv ¹
+social.ren.tv ¹
+static.ren.tv ¹
+utro.ren.tv ¹
+vs01.ren.tv ³
+worldvita.ren.tv ¹
+vs02.ren.tv different content
+
+
+¹ mismatch
+² refused
+³ timed out
+⁵ expired
+-->
+<ruleset name="ren.tv">
+	<target host="ren.tv" />
+	<target host="www.ren.tv" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/renoise.com.xml b/src/chrome/content/rules/renoise.com.xml
new file mode 100644
index 000000000000..28c170bdaf0b
--- /dev/null
+++ b/src/chrome/content/rules/renoise.com.xml
@@ -0,0 +1,52 @@
+<!--
+	Nonfunctional hosts in *renoise.com:
+
+		- tutorials ᵃ
+
+	ᵃ Shows forum.renoise.com
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- .renoise.com
+		- backstage.renoise.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- (www.)? from renoise.com ˢ
+			- (www.)? from www.renoise.com ˢ
+			- (www.)? from image.spreadshirt.net ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Renoise.com (partial)">
+
+	<target host="renoise.com" />
+	<target host="backstage.renoise.com" />
+	<target host="files.renoise.com" />
+	<target host="forum.renoise.com" />
+	<target host="www.renoise.com" />
+
+		<!--	Mixed images:
+					-->
+		<!--test url="http://renoise.com/shop" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.renoise\.com$" name="^session_id$" /-->
+	<!--securecookie host="^backstage\.renoise\.com$" name="^JSESSIONID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/repl.it.xml b/src/chrome/content/rules/repl.it.xml
new file mode 100644
index 000000000000..8d707b9b3b3f
--- /dev/null
+++ b/src/chrome/content/rules/repl.it.xml
@@ -0,0 +1,6 @@
+<ruleset name="repl.it">
+	<target host="repl.it" />
+	<target host="www.repl.it" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/reporo.net.xml b/src/chrome/content/rules/reporo.net.xml
new file mode 100644
index 000000000000..6ef7ec33066d
--- /dev/null
+++ b/src/chrome/content/rules/reporo.net.xml
@@ -0,0 +1,33 @@
+<!--
+	For other Reporo coverage, see Reporo.xml.
+
+
+	CDN buckets:
+
+		- netdna-pull.reporo.netdna-cdn.com	← netdna
+
+			- -ssl does not exist
+
+
+	Nonfunctional hosts in *reporo.net:
+
+		- netdna ⁴
+
+	⁴ 404; mismatched, CN: *.netdna-ssl.com)
+
+
+	(www.)?reporo.net does not exist.
+
+-->
+<ruleset name="Reporo.net (partial)">
+
+	<target host="cdn.reporo.net" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/republic.ru.xml b/src/chrome/content/rules/republic.ru.xml
new file mode 100644
index 000000000000..94dfed8d512f
--- /dev/null
+++ b/src/chrome/content/rules/republic.ru.xml
@@ -0,0 +1,14 @@
+<!--
+email.mg.republic.ru ³
+
+
+³ timed out
+-->
+<ruleset name="republic.ru">
+	<target host="republic.ru" />
+	<target host="www.republic.ru" />
+	<target host="dev-2.republic.ru" />
+	<target host="staging.republic.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/rescue.org.xml b/src/chrome/content/rules/rescue.org.xml
new file mode 100644
index 000000000000..dd0b4d970144
--- /dev/null
+++ b/src/chrome/content/rules/rescue.org.xml
@@ -0,0 +1,133 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://diy.rescue.org/sites/all/themes/diytheme/images/sidebar/arrow_postit_gray.gif (200) => https://diy.rescue.org/sites/all/themes/diytheme/images/sidebar/arrow_postit_gray.gif (526)
+Non-2xx HTTP code: http://m.rescue.org/donate/ (200) => https://m.rescue.org/donate/ (526)
+Non-2xx HTTP code: http://m.rescue.org/user (200) => https://m.rescue.org/user (526)
+
+	International Rescue Committee
+
+	For rules causing false/broken MCB, see rescue.org-falsemixed.xml.
+
+
+	Problematic hosts in *rescue.org:
+
+		- feature ˣ
+
+	ˣ Mixed css
+
+
+	Partially covered hosts in *rescue.org:
+
+		- (www.)? ʰ
+		- diy ʰ
+		- gifts ʰ
+		- m ʰ
+
+	ʰ Some pages redirect to http
+
+
+	Insecure cookies are set for these hosts:
+
+		- rescue.org
+		- diy.rescue.org
+		- engage.rescue.org
+		- feature.rescue.org
+		- m.rescue.org
+		- serviceinfo.rescue.org
+		- www.rescue.org
+
+
+	Mixed content:
+
+		- css on feature from $self
+		- Images on feature from $self
+		- favicon on feature from $self
+
+-->
+<ruleset name="Rescue.org (partial)" default_off="failed ruleset test">
+
+	<target host="rescue.org" />
+	<target host="diy.rescue.org" />
+	<target host="engage.rescue.org" />
+	<!--target host="feature.rescue.org" /-->
+	<target host="gifts.rescue.org" />
+	<target host="m.rescue.org" />
+	<target host="serviceinfo.rescue.org" />
+	<target host="www.rescue.org" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://diy\.rescue\.org/(?:$|concert_for_refugees$|diy-faq$)" /-->
+		<!--exclusion pattern="^http://m\.rescue\.org/mobile/locations$" /-->
+		<!--exclusion pattern="^http://www\.rescue\.org/(?:$|careers$|events$|media$|respecting-your-privacy$|take-action$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://(?:diy\.|m\.|www\.)?rescue\.org/+(?!(?:donate|user)(?:$|[?/])|sites/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://diy.rescue.org/concert_for_refugees" />
+			<test url="http://diy.rescue.org/diy-faq" />
+
+			<test url="http://m.rescue.org/mobile/locations" />
+
+			<test url="http://www.rescue.org/careers" />
+			<test url="http://www.rescue.org/events" />
+			<test url="http://www.rescue.org/media" />
+			<test url="http://www.rescue.org/respecting-your-privacy" />
+			<test url="http://www.rescue.org/take-action" />
+
+			<!--	-ve:
+					-->
+			<test url="http://diy.rescue.org/sites/all/themes/diytheme/images/sidebar/arrow_postit_gray.gif" />
+
+			<test url="http://m.rescue.org/sites/all/themes/rescue_mobile/images/nav_bg.png" />
+			<test url="http://m.rescue.org/donate/" />
+			<test url="http://m.rescue.org/user" />
+
+			<test url="http://rescue.org/donate" />
+			<test url="http://www.rescue.org/sites/all/themes/denali/images/home-right-title-btm-border.gif" />
+			<test url="http://www.rescue.org/user" />
+			<test url="http://www.rescue.org/user/register" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://gifts\.rescue\.org/(?:$|cart$|shop/[\w-]+$|sitemap$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://gifts\.rescue\.org/+(?!files/|sites/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://gifts.rescue.org/cart" />
+			<test url="http://gifts.rescue.org/shop/all-charity-holiday-gifts" />
+			<test url="http://gifts.rescue.org/shop/best-sellers" />
+			<test url="http://gifts.rescue.org/sitemap" />
+
+			<!--	-ve:
+					-->
+			<test url="http://gifts.rescue.org/files/css/css_139c84498e14b034e1de1f84c0189686.css" />
+			<test url="http://gifts.rescue.org/misc/menu-expanded.png" />
+			<test url="http://gifts.rescue.org/sites/all/themes/denali/images/bg-solid.png" />
+
+		<!--	Mixed css:
+					-->
+		<!--test url="http://feature.rescue.org/carreport/" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:(?:diy|engage|feature|m|www)\.)?rescue\.org$" name="^BIGipServer" /-->
+	<!--securecookie host="^serviceinfo\.rescue\.org$" name="^django_language$" /-->
+
+	<securecookie host="^\." name="^_gat?$" />
+	<securecookie host="^(?!(?:diy|gifts|m|www)\.)\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/respekt.cz.xml b/src/chrome/content/rules/respekt.cz.xml
new file mode 100644
index 000000000000..d4691cc13c65
--- /dev/null
+++ b/src/chrome/content/rules/respekt.cz.xml
@@ -0,0 +1,6 @@
+<ruleset name="Respekt.cz (partial)">
+	<target host="respekt.cz" />
+	<target host="www.respekt.cz" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/restic.net.xml b/src/chrome/content/rules/restic.net.xml
new file mode 100644
index 000000000000..8891333bd294
--- /dev/null
+++ b/src/chrome/content/rules/restic.net.xml
@@ -0,0 +1,12 @@
+<!--
+	SSL protocol error:
+		- glados.restic.net
+-->
+<ruleset name="restic.net">
+	<target host="restic.net" />
+	<target host="www.restic.net" />
+	<target host="beta.restic.net" />
+	<target host="forum.restic.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/rethink.org.xml b/src/chrome/content/rules/rethink.org.xml
new file mode 100644
index 000000000000..cf4ef6793adb
--- /dev/null
+++ b/src/chrome/content/rules/rethink.org.xml
@@ -0,0 +1,41 @@
+<!--
+	^rethink.org: 404
+
+
+	Insecure cookies are set for these hosts:
+
+		- learning.rethink.org
+		- members.rethink.org
+		- my.rethink.org
+
+-->
+<ruleset name="Rethink.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="learning.rethink.org" />
+	<target host="members.rethink.org" />
+	<target host="my.rethink.org" />
+	<target host="www.rethink.org" />
+
+	<!--	Complications:
+				-->
+	<target host="rethink.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^learning\.rethink\.org$" name="^MoodleSession$" /-->
+	<!--securecookie host="^members\.rethink\.org$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^my\.rethink\.org$" name="^(?:ASP\.NET_SessionId|AnonymousCartId)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://rethink\.org/"
+		to="https://www.rethink.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/rethinkdb.com.xml b/src/chrome/content/rules/rethinkdb.com.xml
new file mode 100644
index 000000000000..bbbf197e67bb
--- /dev/null
+++ b/src/chrome/content/rules/rethinkdb.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="RethinkDB.com">
+
+	<target host="rethinkdb.com" />
+	<target host="www.rethinkdb.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/rethrick.com.xml b/src/chrome/content/rules/rethrick.com.xml
new file mode 100644
index 000000000000..7d6a7d96b5ba
--- /dev/null
+++ b/src/chrome/content/rules/rethrick.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Rethrick.com">
+	<target host="rethrick.com" />
+	<target host="www.rethrick.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/retroachievements.org.xml b/src/chrome/content/rules/retroachievements.org.xml
new file mode 100644
index 000000000000..f7b5e2caecda
--- /dev/null
+++ b/src/chrome/content/rules/retroachievements.org.xml
@@ -0,0 +1,16 @@
+<!--
+	Invalid certificate:
+		i.retroachievements.org
+-->
+<ruleset name="retroachievements.org">
+	<target host="retroachievements.org" />
+	<target host="www.retroachievements.org" />
+	<target host="dev.retroachievements.org" />
+	<target host="dev-api.retroachievements.org" />
+	<target host="dev-static.retroachievements.org" />
+	<target host="docs.retroachievements.org" />
+	<target host="news.retroachievements.org" />
+	<target host="stats.retroachievements.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/retroarch.com.xml b/src/chrome/content/rules/retroarch.com.xml
new file mode 100644
index 000000000000..c6de8257cf18
--- /dev/null
+++ b/src/chrome/content/rules/retroarch.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="retroarch.com">
+	<target host="retroarch.com" />
+	<target host="www.retroarch.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/reuffel.de.xml b/src/chrome/content/rules/reuffel.de.xml
new file mode 100644
index 000000000000..70392241b3bb
--- /dev/null
+++ b/src/chrome/content/rules/reuffel.de.xml
@@ -0,0 +1,7 @@
+<ruleset name="reuffel.de">
+	<target host="reuffel.de"/>
+	<target host="www.reuffel.de"/>
+
+	<rule from="^http:"
+		to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/reuters.tv.xml b/src/chrome/content/rules/reuters.tv.xml
new file mode 100644
index 000000000000..ce13f4b052b9
--- /dev/null
+++ b/src/chrome/content/rules/reuters.tv.xml
@@ -0,0 +1,35 @@
+<!--
+	For other Thomson Reuters coverage, see Thomson-Reuters.xml.
+
+
+	CDN buckets:
+
+		- d33zyg8wiiq6m8.cloudfront.net
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.reuters.tv
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Reuters.TV">
+
+	<target host="reuters.tv" />
+	<target host="cdnstatic.reuters.tv" />
+	<target host="www.reuters.tv" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.reuters\.tv$" name="^(?:region|userGeoLocation)$" /-->
+
+	<securecookie host="^\." name="^(?:_gat|optimizely)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/reutov.ru.xml b/src/chrome/content/rules/reutov.ru.xml
new file mode 100644
index 000000000000..5b786df93d34
--- /dev/null
+++ b/src/chrome/content/rules/reutov.ru.xml
@@ -0,0 +1,11 @@
+<!--
+forum.reutov.ru mismatch
+luchik.reutov.ru protocol error
+-->
+<ruleset name="reutov.ru">
+	<target host="reutov.ru" />
+	<target host="www.reutov.ru" />
+	<target host="my.reutov.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/revcontent.com.xml b/src/chrome/content/rules/revcontent.com.xml
new file mode 100644
index 000000000000..27cfb847ef6a
--- /dev/null
+++ b/src/chrome/content/rules/revcontent.com.xml
@@ -0,0 +1,52 @@
+<!--
+	Nonfunctional hosts in *revcontent.com:
+
+		- blog ʳ
+
+	ʳ Refused
+
+
+	Problematic hosts in *revcontent.com:
+
+		- faq ᵀ ᵐ
+
+	ᵀ Blocks Tor users
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- .revcontent.com
+		- www.revcontent.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Revcontent.com (partial)">
+
+	<target host="revcontent.com" />
+	<target host="cdn.revcontent.com" />
+	<target host="img.revcontent.com" />
+	<target host="labs.revcontent.com" />
+	<target host="labs-cdn.revcontent.com" />
+	<target host="trends.revcontent.com" />
+	<target host="www.revcontent.com" />
+
+		<!--	Sets cookie without secure:
+							-->
+		<!--test url="http://trends.revcontent.com/click.php?d=" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.revcontent\.com$" name="^(?:__ID|rvrt)$" /-->
+	<!--securecookie host="^www\.revcontent\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\." name="^_ga" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/revolvermaps.com.xml b/src/chrome/content/rules/revolvermaps.com.xml
new file mode 100644
index 000000000000..2e2faf120023
--- /dev/null
+++ b/src/chrome/content/rules/revolvermaps.com.xml
@@ -0,0 +1,32 @@
+<ruleset name="RevolverMaps.com (partial)">
+
+	<target host="revolvermaps.com" />
+	<target host="ra.revolvermaps.com" />
+	<target host="rf.revolvermaps.com" />
+	<target host="www.revolvermaps.com" />
+
+		<!--	Avoid potential XHR and flash policy problems:
+									-->
+		<exclusion pattern="^http://r\w\.revolvermaps\.com/.+\.(?:js|swf)(?:$|\?)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://ra.revolvermaps.com/0/0/1.js" />
+			<test url="http://ra.revolvermaps.com/0/0/5.js" />
+			<test url="http://ra.revolvermaps.com/f/g.swf" />
+			<test url="http://rf.revolvermaps.com/0/0/1.js" />
+			<test url="http://rf.revolvermaps.com/f/g.swf" />
+
+		<!--	$ 404s, so:
+					-->
+		<test url="http://ra.revolvermaps.com/h/m/a/0/ff0000/128/0/06zfdy0s4ca.png" />
+		<test url="http://rf.revolvermaps.com/h/m/a/5/ff0000/128/10/5eiov1i7g8z.png" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/revolversweeper.com.xml b/src/chrome/content/rules/revolversweeper.com.xml
new file mode 100644
index 000000000000..61e7d7301471
--- /dev/null
+++ b/src/chrome/content/rules/revolversweeper.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="Revolversweeper.com">
+
+	<target host="revolversweeper.com" />
+	<target host="www.revolversweeper.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/rezdy.com.xml b/src/chrome/content/rules/rezdy.com.xml
new file mode 100644
index 000000000000..981815d65316
--- /dev/null
+++ b/src/chrome/content/rules/rezdy.com.xml
@@ -0,0 +1,18 @@
+<ruleset name="Rezdy">
+
+	<target host=  "rezdy.com" />
+	<target host="*.rezdy.com" />
+
+		<test url="http://app.rezdy.com/" />
+		<test url="http://costaricashuttle.rezdy.com/" />
+		<test url="http://interbus.rezdy.com/" />
+		<test url="http://support.rezdy.com/" />
+		<test url="http://thingdoer.rezdy.com/" />
+		<test url="http://www.rezdy.com/" />
+
+	<securecookie host="^.*\.rezdy\.com$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/rg.ru.xml b/src/chrome/content/rules/rg.ru.xml
new file mode 100644
index 000000000000..9ac6f116b15a
--- /dev/null
+++ b/src/chrome/content/rules/rg.ru.xml
@@ -0,0 +1,90 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://bibliotechka.rg.ru/ => https://bibliotechka.rg.ru/: (7, 'Failed to connect to bibliotechka.rg.ru port 443: Connection refused')
+Fetch error: http://opros.rg.ru/ => https://opros.rg.ru/: (7, 'Failed to connect to opros.rg.ru port 443: Connection refused')
+
+alpha.rg.ru ⁴
+auth.rg.ru ⁴
+beta.rg.ru ³
+biblio-rg.rg.ru ³
+biz.rg.ru ³
+br.rg.ru ²
+c131.rg.ru ²
+delta.rg.ru ³
+editor.rg.ru ⁴
+ftp.rg.ru ³
+hermes.rg.ru ³
+jabber.rg.ru ³
+k4.rg.ru ²
+m.rg.ru ⁴
+mail.rg.ru ³
+mail2.rg.ru ²
+mich.rg.ru ³
+mk.rg.ru ³
+ndragon.rg.ru ³
+node1.rg.ru ²
+node2.rg.ru ³
+ns.rg.ru ²
+ns2.rg.ru ³
+ns3.rg.ru ³
+ns4.rg.ru ²
+octopus.rg.ru ²
+omega.rg.ru ³
+op.rg.ru ³
+photo.rg.ru ⁴
+img.photo.rg.ru ²
+pro.rg.ru ³
+pub.rg.ru ⁴
+pub3.rg.ru ⁴
+rbth.rg.ru ²
+www.rbth.rg.ru ²
+rg.rg.ru ²
+mail.rostov.rg.ru ⁴
+ru-jp.rg.ru ¹
+rus-jap.rg.ru ¹
+sb.rg.ru ²
+sdragon.rg.ru ³
+search.rg.ru ²
+site1.rg.ru ²
+site2.rg.ru ²
+www-test.rg.ru ²
+worldcup2014.rg.ru different content
+
+
+¹ mismatch
+² refused
+³ timed out
+⁴ self signed
+-->
+<ruleset name="rg.ru" default_off="failed ruleset test">
+	<target host="rg.ru" />
+	<target host="www.rg.ru" />
+	<target host="25.rg.ru" />
+	<target host="api.rg.ru" />
+	<target host="bibliotechka.rg.ru" />
+	<target host="cdnimg.rg.ru" />
+	<target host="d2.rg.ru" />
+	<target host="digital.rg.ru" />
+	<target host="dtp.rg.ru" />
+	<target host="ep.rg.ru" />
+	<target host="foto.rg.ru" />
+	<target host="front.rg.ru" />
+	<target host="front-dev.rg.ru" />
+	<target host="img.rg.ru" />
+	<target host="kino.rg.ru" />
+	<target host="matchpoint.rg.ru" />
+	<target host="mc.rg.ru" />
+	<target host="node3.rg.ru" />
+	<target host="opros.rg.ru" />
+	<target host="outer.rg.ru" />
+	<target host="pda.rg.ru" />
+	<target host="pravo.rg.ru" />
+	<target host="quiz.rg.ru" />
+	<target host="rodina.rg.ru" />
+	<target host="sila.rg.ru" />
+	<target host="staging.rg.ru" />
+	<target host="test.rg.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/rh.net.sa.xml b/src/chrome/content/rules/rh.net.sa.xml
new file mode 100644
index 000000000000..6186fc2bd1de
--- /dev/null
+++ b/src/chrome/content/rules/rh.net.sa.xml
@@ -0,0 +1,14 @@
+<!--
+	Unable to Connect:
+		el.rh.net.sa
+-->
+<ruleset name="rh.net.sa">
+	<target host="rh.net.sa" />
+	<target host="www.rh.net.sa" />
+	<target host="demo.rh.net.sa" />
+	<target host="task.rh.net.sa" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/rhap.com.xml b/src/chrome/content/rules/rhap.com.xml
new file mode 100644
index 000000000000..0ccce16174f7
--- /dev/null
+++ b/src/chrome/content/rules/rhap.com.xml
@@ -0,0 +1,21 @@
+<!--
+	For other Rhapsody International coverage, see Rhapsody.xml.
+
+-->
+<ruleset name="Rhap.com">
+
+	<target host="direct.rhap.com" />
+	<!--target host="on.rhap.com" />	handled in Bitly_branded_short_domains.xml -->
+
+		<!--	$ 403s, so:
+					-->
+		<test url="http://direct.rhap.com/imageserver/v2/playlists/pp.222513483/albums/images/500x500.jpeg?montage=3x1" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ri.gov.xml b/src/chrome/content/rules/ri.gov.xml
new file mode 100644
index 000000000000..f49220b25c9c
--- /dev/null
+++ b/src/chrome/content/rules/ri.gov.xml
@@ -0,0 +1,18 @@
+<!--
+	Rhode Island Government
+
+
+-->
+<ruleset name="RI.gov">
+
+	<target host="ri.gov" />
+	<target host="www.ri.gov" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/richmond.gov.uk.xml b/src/chrome/content/rules/richmond.gov.uk.xml
new file mode 100644
index 000000000000..4210408efd29
--- /dev/null
+++ b/src/chrome/content/rules/richmond.gov.uk.xml
@@ -0,0 +1,75 @@
+<!--
+	London Borough of Richmond upon Thames Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *richmond.gov.uk:
+
+		- gis ᵈ
+
+	ᵈ Dropped
+
+
+	Problematic hosts in *richmond.gov.uk:
+
+		- consult ᵐ
+
+	ᵐ Mismatched
+
+
+	These altnames do not exist:
+
+		- www.consultation.richmond.gov.uk
+
+
+	Mixed content:
+
+		- css, on:
+
+			- ^ from fonts.googleapis.com ˢ
+			- ^ from www2.richmond.gov.uk ˢ
+
+		- Images, on:
+
+			- ^ from $self ˢ
+			- ^ from www2.richmond.gov.uk ˢ
+
+		- Bug on ^ from uk.sitestat.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Richmond.gov.uk (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="careers.richmond.gov.uk" />
+	<target host="consultation.richmond.gov.uk" />
+	<target host="forms.richmond.gov.uk" />
+	<target host="www.richmond.gov.uk" />
+	<target host="www2.richmond.gov.uk" />
+
+		<!--	$ shows blank page, so:
+						-->
+		<test url="http://www2.richmond.gov.uk/Account/Login.aspx?ReturnUrl=%2fAccount%2fMember%2fDefault.aspx&amp;cookieCheck=true" />
+
+	<!--	Complications:
+				-->
+	<target host="richmond.gov.uk" />
+	<target host="consult.richmond.gov.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://richmond\.gov\.uk/"
+		to="https://www.richmond.gov.uk/" />
+
+	<rule from="^http://consult\.richmond\.gov\.uk/"
+		to="https://richmond-consult.objective.co.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ridecompare.com.xml b/src/chrome/content/rules/ridecompare.com.xml
new file mode 100644
index 000000000000..96681b67b85b
--- /dev/null
+++ b/src/chrome/content/rules/ridecompare.com.xml
@@ -0,0 +1,20 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ridecompare.com/ => https://ridecompare.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.ridecompare.com/ => https://www.ridecompare.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+-->
+<ruleset name="Ride Compare.com" default_off="failed ruleset test">
+
+	<target host="ridecompare.com" />
+	<target host="www.ridecompare.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ridus.ru.xml b/src/chrome/content/rules/ridus.ru.xml
new file mode 100644
index 000000000000..4bc38dfb0b7d
--- /dev/null
+++ b/src/chrome/content/rules/ridus.ru.xml
@@ -0,0 +1,10 @@
+<!--
+social.ridus.ru mismatch
+map.ridus.ru mixed content
+-->
+<ruleset name="ridus.ru">
+	<target host="ridus.ru" />
+	<target host="www.ridus.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/riksdagen.se.xml b/src/chrome/content/rules/riksdagen.se.xml
new file mode 100644
index 000000000000..c009ac91d31c
--- /dev/null
+++ b/src/chrome/content/rules/riksdagen.se.xml
@@ -0,0 +1,9 @@
+<ruleset name="riksdagen.se">
+	<target host="riksdagen.se" />
+	<target host="www.riksdagen.se" />
+	<target host="data.riksdagen.se" />
+	<target host="eu.riksdagen.se" />
+	<target host="firademokratin.riksdagen.se" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/rio2016.com.xml b/src/chrome/content/rules/rio2016.com.xml
new file mode 100644
index 000000000000..f7b6e8a60383
--- /dev/null
+++ b/src/chrome/content/rules/rio2016.com.xml
@@ -0,0 +1,19 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://rio2016.com/ => https://rio2016.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://portaldovoluntario.rio2016.com/ => https://portaldovoluntario.rio2016.com/: (6, 'Could not resolve host: portaldovoluntario.rio2016.com')
+Fetch error: http://rioexchange.rio2016.com/ => https://rioexchange.rio2016.com/: (6, 'Could not resolve host: rioexchange.rio2016.com')
+
+imprensa.rio2016.com mismatch
+portaldesuprimentos.rio2016.com mismatch
+-->
+<ruleset name="rio2016.com" default_off="failed ruleset test">
+	<target host="rio2016.com" />
+	<target host="www.rio2016.com" />
+	<target host="ingressos.rio2016.com" />
+	<target host="portaldovoluntario.rio2016.com" />
+	<target host="rioexchange.rio2016.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ripmedicaldebt.org.xml b/src/chrome/content/rules/ripmedicaldebt.org.xml
new file mode 100644
index 000000000000..bee639cf2609
--- /dev/null
+++ b/src/chrome/content/rules/ripmedicaldebt.org.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- ripmedicaldebt.org
+		- www.ripmedicaldebt.org
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="RIP Medical Debt.org">
+
+	<target host="ripmedicaldebt.org" />
+	<target host="www.ripmedicaldebt.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?ripmedicaldebt\.org$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/risctraining.org.xml b/src/chrome/content/rules/risctraining.org.xml
new file mode 100644
index 000000000000..ab38d594ce15
--- /dev/null
+++ b/src/chrome/content/rules/risctraining.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="risctraining.org">
+	<target host="risctraining.org" />
+	<target host="www.risctraining.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/risingstack.com.xml b/src/chrome/content/rules/risingstack.com.xml
new file mode 100644
index 000000000000..f03594085990
--- /dev/null
+++ b/src/chrome/content/rules/risingstack.com.xml
@@ -0,0 +1,17 @@
+<!--
+oneshot.risingstack.com ¹
+
+
+¹ mismatch
+-->
+<ruleset name="risingstack.com">
+	<target host="risingstack.com" />
+	<target host="www.risingstack.com" />
+	<target host="blog.risingstack.com" />
+	<target host="trace.risingstack.com" />
+	<target host="survey.risingstack.com" />
+	<target host="resources.risingstack.com" />
+	<target host="quiz.risingstack.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/rivals.com.xml b/src/chrome/content/rules/rivals.com.xml
new file mode 100644
index 000000000000..2de2c07b2926
--- /dev/null
+++ b/src/chrome/content/rules/rivals.com.xml
@@ -0,0 +1,38 @@
+<!--
+	^rivals.com: Refused
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- n from res-4.cloudinary.com ˢ
+			- n from cdn.rivals.com ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="Rivals.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="cdn.rivals.com" />
+	<target host="n.rivals.com" />
+	<target host="rivals.n.rivals.com" />
+
+	<!--	Complications:
+				-->
+	<target host="rivals.com" />
+
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://rivals\.com/"
+		to="https://www.rivals.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/rkh.co.uk.xml b/src/chrome/content/rules/rkh.co.uk.xml
new file mode 100644
index 000000000000..2b932c65dd6c
--- /dev/null
+++ b/src/chrome/content/rules/rkh.co.uk.xml
@@ -0,0 +1,22 @@
+<!--
+	Problematic hosts in *rkh.co.uk:
+
+		- blog ᵐ
+
+	ᵐ Mismatched
+
+-->
+<ruleset name="RKH.co.uk (partial)">
+
+	<target host="rkh.co.uk" />
+	<target host="www.rkh.co.uk" />
+
+
+	<securecookie host="^\." name="^(?:__cfduid|_gat?$|_gat_|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/rkhd.in.xml b/src/chrome/content/rules/rkhd.in.xml
new file mode 100644
index 000000000000..76fe281780a4
--- /dev/null
+++ b/src/chrome/content/rules/rkhd.in.xml
@@ -0,0 +1,38 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://rkhd.in/ => https://rkhd.in/: (60, 'SSL certificate problem: self signed certificate')
+Fetch error: http://www.rkhd.in/ => https://www.rkhd.in/: (60, 'SSL certificate problem: self signed certificate')
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- rkhd.in
+		- www.rkhd.in
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Bug from counter10.01counter.com ʳ
+
+	ʳ Refused
+
+-->
+<ruleset name="RKHD.in" default_off="failed ruleset test">
+
+	<target host="rkhd.in" />
+	<target host="www.rkhd.in" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?rkhd\.in$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/rns.online.xml b/src/chrome/content/rules/rns.online.xml
new file mode 100644
index 000000000000..cf4b467d5fa0
--- /dev/null
+++ b/src/chrome/content/rules/rns.online.xml
@@ -0,0 +1,14 @@
+<ruleset name="rns.online">
+	<target host="rns.online" />
+	<target host="www.rns.online" />
+	<target host="cdn.rns.online" />
+	<target host="m.rns.online" />
+	<test url="http://cdn.rns.online/" />
+	<test url="http://cdn.rns.online/?" />
+	<test url="http://cdn.rns.online/?q" />
+	<test url="http://cdn.rns.online/#" />
+	<exclusion pattern="^http://cdn\.rns\.online/$" />
+	<exclusion pattern="^http://cdn\.rns\.online/\?" />
+	<exclusion pattern="^http://cdn\.rns\.online/#" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/roadtrippers.com-resources.xml b/src/chrome/content/rules/roadtrippers.com-resources.xml
new file mode 100644
index 000000000000..b5b3e395eab7
--- /dev/null
+++ b/src/chrome/content/rules/roadtrippers.com-resources.xml
@@ -0,0 +1,36 @@
+<!--
+	For rules covering more than resources, see Roadtrippers.xml.
+
+	Note: platform is so as not to increase non-Tor
+	distinguishability, given that no pages are covered
+	and no mixed content secured.
+
+-->
+<ruleset name="Roadtrippers.com (resources)" platform="mixedcontent">
+
+	<target host="assets0.roadtrippers.com" />
+	<target host="assets1.roadtrippers.com" />
+	<target host="assets2.roadtrippers.com" />
+	<target host="assets3.roadtrippers.com" />
+	<target host="sa0.roadtrippers.com" />
+	<target host="sa1.roadtrippers.com" />
+	<target host="sa2.roadtrippers.com" />
+	<target host="sa3.roadtrippers.com" />
+
+		<test url="http://assets0.roadtrippers.com/uploads/user/image/2396013/-strip_-quality_60_-interlace_Plane_-resize_50x50_U__-gravity_center_-extent_50x50/user-image-68c8e27e-d070-4046-8a43-b141dbceb48c.jpg" />
+		<test url="http://assets1.roadtrippers.com/uploads/user/image/31354/-strip_-quality_60_-interlace_Plane_-resize_24x24_U__-gravity_center_-extent_24x24/roadtrippers-user-bea790a3-b3af-4edb-99c0-7e4cfdd7992e.png" />
+		<test url="http://assets2.roadtrippers.com/uploads/user/image/2345997/-strip_-quality_60_-interlace_Plane_-resize_24x24_U__-gravity_center_-extent_24x24/user-image-fc0db262-03e1-4b8b-8146-0e6a7135914a.jpg" />
+		<test url="http://assets3.roadtrippers.com/uploads/user/image/31354/-strip_-quality_60_-interlace_Plane_-resize_24x24_U__-gravity_center_-extent_24x24/roadtrippers-user-bea790a3-b3af-4edb-99c0-7e4cfdd7992e.png" />
+		<test url="http://sa0.roadtrippers.com/assets/pinterest-default-37b9d24d2e3dfb06e9d52e22c880d3a6.jpg" />
+		<test url="http://sa1.roadtrippers.com/assets/viator/logo_med-c1f01a2ed433c2967062d88b56f78644.png" />
+		<test url="http://sa2.roadtrippers.com/assets/ultimate_roadtrip/ultimate-roadtrip-cta-485a5f83677bcec82bfcb046d23a0114.jpg" />
+		<test url="http://sa3.roadtrippers.com/assets/app_store-baf6ffb0471cb4bdd6b1201e26baeae4.png" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/roadworks.org.xml b/src/chrome/content/rules/roadworks.org.xml
new file mode 100644
index 000000000000..b5767a8ea36e
--- /dev/null
+++ b/src/chrome/content/rules/roadworks.org.xml
@@ -0,0 +1,38 @@
+<!--
+	www.roadworks.org: 500
+
+
+	Insecure cookies are set for these hosts:
+
+		- portal.roadworks.org
+		- telford.roadworks.org
+
+-->
+<ruleset name="roadworks.org">
+
+	<!--	Direct rewrites:
+				-->
+  <target host="roadworks.org" />
+  <target host="portal.roadworks.org" />
+	<target host="telford.roadworks.org" />
+
+	<!--	Complications:
+				-->
+  <target host="www.roadworks.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^portal\.roadworks\.org$" name="^JSESSIONID$" /-->
+	<!--securecookie host="^telford\.roadworks\.org$" name="^AWSELB$" /-->
+
+	<securecookie host="^\." name="^_(?:_utm|gat?$|gat_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://www\.roadworks\.org/"
+		to="https://roadworks.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/roarmag.org.xml b/src/chrome/content/rules/roarmag.org.xml
new file mode 100644
index 000000000000..97145a8a7b11
--- /dev/null
+++ b/src/chrome/content/rules/roarmag.org.xml
@@ -0,0 +1,13 @@
+<ruleset name="Roar Mag.org">
+
+	<target host="roarmag.org" />
+	<target host="www.roarmag.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/robinhood.xml b/src/chrome/content/rules/robinhood.xml
new file mode 100644
index 000000000000..a741e5f98f3d
--- /dev/null
+++ b/src/chrome/content/rules/robinhood.xml
@@ -0,0 +1,22 @@
+<ruleset name="Robbinghood">
+	<target host="api.robinhood.com" />
+	<target host="app.robinhood.com" />
+	<target host="blog.robinhood.com" />
+	<target host="cdn.robinhood.com" />
+	<target host="www.robinhood.com" />
+	<target host="overmy.robinhood.com" />
+	<target host="support.robinhood.com" />
+	<target host="referral.robinhood.com" />
+	<target host="dudecomedy.robinhood.com" />
+	<target host="careers.robinhood.com" />
+	<target host="signup.robinhood.com" />
+	<target host="share.robinhood.com" />
+	<target host="status.robinhood.com" />
+	<target host="news.robinhood.com" />
+	<target host="learn.robinhood.com" />
+	<target host="snacks.robinhood.com" />
+	<target host="join.robinhood.com" />
+	<target host="robinhood.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/robolinux.org.xml b/src/chrome/content/rules/robolinux.org.xml
new file mode 100644
index 000000000000..10f794f5c28b
--- /dev/null
+++ b/src/chrome/content/rules/robolinux.org.xml
@@ -0,0 +1,5 @@
+<ruleset name="robolinux.org">
+	<target host="robolinux.org" />
+	<target host="www.robolinux.org" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/robustirc.net.xml b/src/chrome/content/rules/robustirc.net.xml
new file mode 100644
index 000000000000..8a0467489b71
--- /dev/null
+++ b/src/chrome/content/rules/robustirc.net.xml
@@ -0,0 +1,14 @@
+<ruleset name="RobustIRC.net">
+
+	<target host="robustirc.net" />
+	<target host="www.robustirc.net" />
+
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/rocars.gov.hk.xml b/src/chrome/content/rules/rocars.gov.hk.xml
new file mode 100644
index 000000000000..40daac2c69be
--- /dev/null
+++ b/src/chrome/content/rules/rocars.gov.hk.xml
@@ -0,0 +1,8 @@
+<!--
+	For other HK government coverage, see GovHK.xml.
+-->
+<ruleset name="Hong Kong Customs and Excise Department - Road Cargo System">
+	<target host="www.rocars.gov.hk" />
+
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/rocksbox.com.xml b/src/chrome/content/rules/rocksbox.com.xml
new file mode 100644
index 000000000000..1b406af20ca7
--- /dev/null
+++ b/src/chrome/content/rules/rocksbox.com.xml
@@ -0,0 +1,25 @@
+<!--
+	^rocksbox.com: refused
+
+-->
+<ruleset name="Rocksbox.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.rocksbox.com" />
+
+	<!--	Complications:
+				-->
+	<target host="rocksbox.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://rocksbox\.com/"
+		to="https://www.rocksbox.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/rodsbooks.com.xml b/src/chrome/content/rules/rodsbooks.com.xml
new file mode 100644
index 000000000000..a22f004ec116
--- /dev/null
+++ b/src/chrome/content/rules/rodsbooks.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="rodsbooks.com">
+	<target host="rodsbooks.com" />
+	<target host="www.rodsbooks.com" />
+	<target host="mail.rodsbooks.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/rofreesbie.org.xml b/src/chrome/content/rules/rofreesbie.org.xml
new file mode 100644
index 000000000000..887d1af8f5bd
--- /dev/null
+++ b/src/chrome/content/rules/rofreesbie.org.xml
@@ -0,0 +1,6 @@
+<ruleset name="rofreesbie.org">
+	<target host="rofreesbie.org" />
+	<target host="www.rofreesbie.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/rol.im.xml b/src/chrome/content/rules/rol.im.xml
new file mode 100644
index 000000000000..ad29b3b696b3
--- /dev/null
+++ b/src/chrome/content/rules/rol.im.xml
@@ -0,0 +1,12 @@
+<!--
+proxima.rol.im ²
+
+
+² refused
+-->
+<ruleset name="rol.im">
+	<target host="rol.im" />
+	<target host="www.rol.im" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/rom1504.fr.xml b/src/chrome/content/rules/rom1504.fr.xml
new file mode 100644
index 000000000000..05238dfb7d1f
--- /dev/null
+++ b/src/chrome/content/rules/rom1504.fr.xml
@@ -0,0 +1,21 @@
+<!--
+www.rom1504.fr different content
+dbpedia.rom1504.fr ¹
+flying-squid.rom1504.fr ¹
+sharelatex.rom1504.fr different content
+
+
+¹ mismatch
+-->
+<ruleset name="rom1504.fr">
+	<target host="rom1504.fr" />
+	<target host="download.rom1504.fr" />
+	<target host="gitlab.rom1504.fr" />
+	<target host="gitlab-ci.rom1504.fr" />
+	<target host="instant.rom1504.fr" />
+	<target host="logs.rom1504.fr" />
+	<target host="phpmyadmin.rom1504.fr" />
+	<target host="tracker.rom1504.fr" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/roofclimb.com.au.xml b/src/chrome/content/rules/roofclimb.com.au.xml
new file mode 100644
index 000000000000..d0676365ea9b
--- /dev/null
+++ b/src/chrome/content/rules/roofclimb.com.au.xml
@@ -0,0 +1,15 @@
+<!--
+	Mixed content:
+		- js from ajax.googleapis.com *
+
+	* Secured by us
+-->
+<ruleset name="Roof Climb Adelaide Oval">
+	<target host="roofclimb.com.au" />
+	<target host="www.roofclimb.com.au" />
+
+	<securecookie host="roofclimb\.com\.au$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/root1024.ch.xml b/src/chrome/content/rules/root1024.ch.xml
new file mode 100644
index 000000000000..3fdf371e8971
--- /dev/null
+++ b/src/chrome/content/rules/root1024.ch.xml
@@ -0,0 +1,22 @@
+<!--
+	Cert mismatch
+		- autoconfig.root1024.ch
+		- ftp.root1024.ch
+		- mail.root1024.ch
+		- webmail.root1024.ch
+-->
+<ruleset name="root1024.ch">
+
+	<target host="root1024.ch"/>
+	<target host="www.root1024.ch"/>
+
+	<target host="blog.root1024.ch"/>
+	<target host="www.blog.root1024.ch"/>
+	<target host="piwik.root1024.ch"/>
+	<target host="www.piwik.root1024.ch"/>
+	<target host="rss.root1024.ch"/>
+	<target host="www.rss.root1024.ch"/>
+
+	<rule from="^http:" to="https:"/>
+
+</ruleset>
diff --git a/src/chrome/content/rules/rootless.org.xml b/src/chrome/content/rules/rootless.org.xml
new file mode 100644
index 000000000000..1ce27deee54b
--- /dev/null
+++ b/src/chrome/content/rules/rootless.org.xml
@@ -0,0 +1,50 @@
+<!--
+	Nonfunctional hosts in *rootless.org:
+
+		- imcjapan ᵃ
+		- ns ᵃ
+
+	ᵃ Shows ^rootless.org
+
+
+	NB: server sends no certificate chain, see https://whatsmychaincert.com
+
+-->
+<ruleset name="rootless.org (partial)" default_off="cert-chain">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="rootless.org" />
+
+	<!--	Complications:
+				-->
+	<target host="www.rootless.org" />
+
+		<!--	404:
+				-->
+		<!--exclusion pattern="^http://(?:www\.)?rootless\.org/(?:botiboti/$|canary/$|goloh/$|kakekomi/$|mailform$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://(?:www\.)?rootless\.org/(?!/*(?:$|\?|webmail(?:$|[?/])))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://rootless.org/botiboti/" />
+			<test url="http://rootless.org/canary/" />
+			<test url="http://rootless.org/goloh/" />
+			<test url="http://www.rootless.org/kakekomi/member.html" />
+			<test url="http://www.rootless.org/mailform" />
+
+			<!--	-ve:
+					-->
+			<test url="http://rootless.org/webmail/src/login.php" />
+
+
+	<rule from="^http://www\.rootless\.org/"
+		to="https://rootless.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/rosamondgiffordzoo.org.xml b/src/chrome/content/rules/rosamondgiffordzoo.org.xml
new file mode 100644
index 000000000000..7af577edd225
--- /dev/null
+++ b/src/chrome/content/rules/rosamondgiffordzoo.org.xml
@@ -0,0 +1,22 @@
+<!--
+	Invalid certificate:
+		ftp.rosamondgiffordzoo.org
+
+	Refused:
+		autodiscover.rosamondgiffordzoo.org
+		localhost.rosamondgiffordzoo.org
+
+	Time out:
+		mail.rosamondgiffordzoo.org
+		mx-24-39-246-227.rosamondgiffordzoo.org
+-->
+<ruleset name="rosamondgiffordzoo.org">
+	<target host="rosamondgiffordzoo.org" />
+	<target host="www.rosamondgiffordzoo.org" />
+	<target host="cpanel.rosamondgiffordzoo.org" />
+	<target host="reservations.rosamondgiffordzoo.org" />
+	<target host="webdisk.rosamondgiffordzoo.org" />
+	<target host="webmail.rosamondgiffordzoo.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/rosbank.ru.xml b/src/chrome/content/rules/rosbank.ru.xml
new file mode 100644
index 000000000000..4dcb4659ad75
--- /dev/null
+++ b/src/chrome/content/rules/rosbank.ru.xml
@@ -0,0 +1,17 @@
+<!--
+rostrade.rosbank.ru ¹
+rtl.rosbank.ru ²
+
+¹ mismatch
+² refused
+-->
+<ruleset name="rosbank.ru">
+	<target host="rosbank.ru" />
+	<target host="www.rosbank.ru" />
+	<target host="getlogin.rosbank.ru" />
+	<target host="ibank.rosbank.ru" />
+	<target host="ib.rosbank.ru" />
+	<target host="mbr.rosbank.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/roseurosud.org.xml b/src/chrome/content/rules/roseurosud.org.xml
new file mode 100644
index 000000000000..2f9e68d56c05
--- /dev/null
+++ b/src/chrome/content/rules/roseurosud.org.xml
@@ -0,0 +1,6 @@
+<ruleset name="roseurosud.org">
+	<target host="roseurosud.org" />
+	<target host="www.roseurosud.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/roskomzakon.ru.xml b/src/chrome/content/rules/roskomzakon.ru.xml
new file mode 100644
index 000000000000..bb3034a6c34c
--- /dev/null
+++ b/src/chrome/content/rules/roskomzakon.ru.xml
@@ -0,0 +1,12 @@
+<!--
+www.roskomzakon.ru self signed
+-->
+<ruleset name="roskomzakon.ru" platform="mixedcontent">
+	<target host="roskomzakon.ru" />
+	<target host="www.roskomzakon.ru" />
+
+	<rule from="^http://www\.roskomzakon\.ru/"
+		to="https://roskomzakon.ru/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/rosminzdrav.ru.xml b/src/chrome/content/rules/rosminzdrav.ru.xml
new file mode 100644
index 000000000000..eae48a994da3
--- /dev/null
+++ b/src/chrome/content/rules/rosminzdrav.ru.xml
@@ -0,0 +1,141 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://fuamo.rosminzdrav.ru/ => https://fuamo.rosminzdrav.ru/: (28, 'Operation timed out after 30004 milliseconds with 0 bytes received')
+Fetch error: http://ms-info.rosminzdrav.ru/ => https://ms-info.rosminzdrav.ru/: (6, 'Could not resolve host: ms-info.rosminzdrav.ru')
+Fetch error: http://pmu-info.rosminzdrav.ru/ => https://pmu-info.rosminzdrav.ru/: (6, 'Could not resolve host: pmu-info.rosminzdrav.ru')
+
+2144.rosminzdrav.ru ⁴
+62old.rosminzdrav.ru ²
+965n.rosminzdrav.ru ⁵
+ahd.rosminzdrav.ru ³
+ahd-centre.rosminzdrav.ru ⁷
+ahd2.rosminzdrav.ru ²
+atlas.rosminzdrav.ru ³
+budget.rosminzdrav.ru ²
+ca.rosminzdrav.ru/: (35, 'error:14092105:SSL routines:ssl3_get_server_hello:wrong cipher returned')
+cr.rosminzdrav.ru ²
+crl1.rosminzdrav.ru/: (35, 'error:14092105:SSL routines:ssl3_get_server_hello:wrong cipher returned')
+crt.rosminzdrav.ru ³
+db.rosminzdrav.ru ⁴
+dbkurort.rosminzdrav.ru ⁴
+doctor.rosminzdrav.ru ⁴
+download.rosminzdrav.ru/: (35, 'error:14092105:SSL routines:ssl3_get_server_hello:wrong cipher returned')
+dpc.rosminzdrav.ru ³
+ns1.edu.rosminzdrav.ru ³
+ns2.edu.rosminzdrav.ru ³
+egisz.rosminzdrav.ru ³
+axd.egisz.rosminzdrav.ru ³
+geo.egisz.rosminzdrav.ru ⁴
+iaslp.egisz.rosminzdrav.ru ²
+ips.egisz.rosminzdrav.ru ¹
+monitoring.egisz.rosminzdrav.ru ⁴
+mz-dns1.egisz.rosminzdrav.ru ²
+mz-dns2.egisz.rosminzdrav.ru ³
+ns1.egisz.rosminzdrav.ru ²
+ns2.egisz.rosminzdrav.ru ³
+uprdsa.egisz.rosminzdrav.ru ⁴
+egisz-docs.rosminzdrav.ru ¹
+er2.rosminzdrav.ru ⁴
+f62.rosminzdrav.ru ¹
+fer.rosminzdrav.ru ³
+mx.fer.rosminzdrav.ru ³
+flu.rosminzdrav.ru/: (35, 'error:14092105:SSL routines:ssl3_get_server_hello:wrong cipher returned')
+grls.rosminzdrav.ru ²
+www.grls.rosminzdrav.ru ²
+gw.rosminzdrav.ru ³
+gw-r3.rosminzdrav.ru ³
+gw-s5.rosminzdrav.ru ³
+konkurs.rosminzdrav.ru ²
+kurort.rosminzdrav.ru ⁴
+kurortold.rosminzdrav.ru ²
+mca.rosminzdrav.ru ²
+mrp.rosminzdrav.ru ³
+mrpmz.rosminzdrav.ru ³
+ms.rosminzdrav.ru/: (35, 'error:14092105:SSL routines:ssl3_get_server_hello:wrong cipher returned')
+mx1.rosminzdrav.ru ³
+mx2.rosminzdrav.ru ³
+nmo.rosminzdrav.ru ³
+nok.rosminzdrav.ru ²
+nrr.rosminzdrav.ru/: (35, 'error:14092105:SSL routines:ssl3_get_server_hello:wrong cipher returned')
+ns.rosminzdrav.ru ²
+obzor.rosminzdrav.ru ²
+old.rosminzdrav.ru ³
+orph.rosminzdrav.ru/: (35, 'error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure')
+pmu.rosminzdrav.ru/: (35, 'error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure')
+profmed.rosminzdrav.ru ¹
+proftest.rosminzdrav.ru ²
+rao.rosminzdrav.ru ³
+remote.rosminzdrav.ru ³
+robot.rosminzdrav.ru ²
+service.rosminzdrav.ru/: (35, 'error:14092105:SSL routines:ssl3_get_server_hello:wrong cipher returned')
+service-test.rosminzdrav.ru/: (35, 'error:14092105:SSL routines:ssl3_get_server_hello:wrong cipher returned')
+sevastopol.rosminzdrav.ru ²
+sk.rosminzdrav.ru/: (35, 'error:14092105:SSL routines:ssl3_get_server_hello:wrong cipher returned')
+smot.rosminzdrav.ru ³
+smp.rosminzdrav.ru/: (35, 'error:14092105:SSL routines:ssl3_get_server_hello:wrong cipher returned')
+soc.rosminzdrav.ru ²
+static.rosminzdrav.ru ³
+stroke.rosminzdrav.ru/: (35, 'error:14092105:SSL routines:ssl3_get_server_hello:wrong cipher returned')
+talon.rosminzdrav.ru/: (35, 'error:14092105:SSL routines:ssl3_get_server_hello:wrong cipher returned')
+terminal-er.rosminzdrav.ru ³
+test.rosminzdrav.ru ⁴
+vmp.rosminzdrav.ru/: (35, 'error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure')
+vsforum.rosminzdrav.ru ²
+vspec.rosminzdrav.ru ⁴
+zakupki.rosminzdrav.ru ²
+ahd-centre.rosminzdrav.ru:8080/: (35, 'Unknown SSL protocol error in connection to ahd-centre.rosminzdrav.ru:8080 ')
+hc.rosminzdrav.ru different content
+
+
+¹ mismatch
+² refused
+³ timed out
+⁴ self signed
+⁵ expired
+⁷ protocol error
+-->
+<ruleset name="rosminzdrav.ru" default_off="failed ruleset test">
+	<target host="rosminzdrav.ru" />
+	<target host="www.rosminzdrav.ru" />
+	<target host="62.rosminzdrav.ru" />
+	<target host="admin-iemc-test.rosminzdrav.ru" />
+	<target host="edu.rosminzdrav.ru" />
+	<target host="www.edu.rosminzdrav.ru" />
+	<target host="authorqt.edu.rosminzdrav.ru" />
+	<target host="eok.edu.rosminzdrav.ru" />
+	<target host="mail.edu.rosminzdrav.ru" />
+	<target host="nci.edu.rosminzdrav.ru" />
+	<target host="plt.edu.rosminzdrav.ru" />
+	<target host="rs.edu.rosminzdrav.ru" />
+	<target host="smm.edu.rosminzdrav.ru" />
+	<target host="ssmf.edu.rosminzdrav.ru" />
+	<target host="ssoa.edu.rosminzdrav.ru" />
+	<target host="static.edu.rosminzdrav.ru" />
+	<target host="testing.edu.rosminzdrav.ru" />
+	<target host="fer.egisz.rosminzdrav.ru" />
+	<target host="fnsi.egisz.rosminzdrav.ru" />
+	<target host="iemk.egisz.rosminzdrav.ru" />
+	<target host="nr.egisz.rosminzdrav.ru" />
+	<target host="nr-test.egisz.rosminzdrav.ru" />
+	<target host="portal.egisz.rosminzdrav.ru" />
+	<target host="zabbix.egisz.rosminzdrav.ru" />
+	<target host="esiaia.rosminzdrav.ru" />
+	<target host="esiaia-test.rosminzdrav.ru" />
+	<target host="fuamo.rosminzdrav.ru" />
+	<target host="fw.rosminzdrav.ru" />
+	<target host="helpdesk.rosminzdrav.ru" />
+	<target host="iemc-test.rosminzdrav.ru" />
+	<target host="ips.rosminzdrav.ru" />
+	<target host="mail.rosminzdrav.ru" />
+	<target host="ms-info.rosminzdrav.ru" />
+	<target host="nsi.rosminzdrav.ru" />
+	<target host="pmu-info.rosminzdrav.ru" />
+	<target host="portal.rosminzdrav.ru" />
+	<target host="static-0.rosminzdrav.ru" />
+	<target host="static-1.rosminzdrav.ru" />
+	<target host="static-2.rosminzdrav.ru" />
+	<target host="static-3.rosminzdrav.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/rosreserv.ru.xml b/src/chrome/content/rules/rosreserv.ru.xml
new file mode 100644
index 000000000000..d6b79769ebab
--- /dev/null
+++ b/src/chrome/content/rules/rosreserv.ru.xml
@@ -0,0 +1,38 @@
+<!--
+aso.rosreserv.ru ³
+calendar.rosreserv.ru ²
+exch01.rosreserv.ru ³
+exch02.rosreserv.ru ³
+flat.rosreserv.ru ⁴
+fw.rosreserv.ru ³
+gw.rosreserv.ru ²
+in-mx.rosreserv.ru ³
+ir01.rosreserv.ru ³
+ir02.rosreserv.ru ³
+kiberry.rosreserv.ru ³
+light.rosreserv.ru ³
+mail.rosreserv.ru ⁴
+ns1.rosreserv.ru ³
+ns2.rosreserv.ru ³
+ntp.rosreserv.ru ³
+storyboard.rosreserv.ru ⁴
+test.rosreserv.ru ³
+vs-i-mbx01.rosreserv.ru ³
+vs-i-mbx02.rosreserv.ru ³
+wp.rosreserv.ru ⁴
+
+
+² refused
+³ timed out
+⁴ self signed
+-->
+<ruleset name="rosreserv.ru">
+	<target host="rosreserv.ru" />
+	<target host="www.rosreserv.ru" />
+	<target host="gate.rosreserv.ru" />
+	<target host="limited.rosreserv.ru" />
+	<target host="pda.rosreserv.ru" />
+	<target host="ss-free2.rosreserv.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/rossp.ru.xml b/src/chrome/content/rules/rossp.ru.xml
new file mode 100644
index 000000000000..2928422913f6
--- /dev/null
+++ b/src/chrome/content/rules/rossp.ru.xml
@@ -0,0 +1,6 @@
+<ruleset name="rossp.ru">
+	<target host="rossp.ru"/>
+	<target host="www.rossp.ru"/>
+
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/rostrud.ru.xml b/src/chrome/content/rules/rostrud.ru.xml
new file mode 100644
index 000000000000..507aced77238
--- /dev/null
+++ b/src/chrome/content/rules/rostrud.ru.xml
@@ -0,0 +1,128 @@
+<!--
+edu.rostrud.ru ⁷
+expo43.rostrud.ru ³
+www.git08.rostrud.ru ¹
+www.git13.rostrud.ru ¹
+www.git16.rostrud.ru ¹
+www.git18.rostrud.ru ¹
+www.git21.rostrud.ru ¹
+www.git23.rostrud.ru ¹
+www.git26.rostrud.ru ¹
+www.git27.rostrud.ru ¹
+www.git31.rostrud.ru ¹
+www.git40.rostrud.ru ¹
+www.git41.rostrud.ru ¹
+www.git48.rostrud.ru ¹
+www.git52.rostrud.ru ¹
+www.git58.rostrud.ru ¹
+www.git61.rostrud.ru ¹
+www.git63.rostrud.ru ¹
+www.git64.rostrud.ru ¹
+www.git65.rostrud.ru ¹
+www.git70.rostrud.ru ¹
+www.git76.rostrud.ru ¹
+www.git77.rostrud.ru ¹
+www.git78.rostrud.ru ¹
+gitstat.rostrud.ru ³
+ns.rostrud.ru ²
+region.rostrud.ru ⁴
+mail.region.rostrud.ru ⁴
+ns.region.rostrud.ru ²
+rt-mx-003.rostrud.ru ³
+mail.rostrud.ru different content
+
+
+¹ mismatch
+² refused
+³ timed out
+⁴ self signed
+⁷ protocol error
+-->
+<ruleset name="rostrud.ru">
+	<target host="rostrud.ru" />
+	<target host="www.rostrud.ru" />
+	<target host="declaration.rostrud.ru" />
+	<target host="git01.rostrud.ru" />
+	<target host="git02.rostrud.ru" />
+	<target host="git03.rostrud.ru" />
+	<target host="git04.rostrud.ru" />
+	<target host="git05.rostrud.ru" />
+	<target host="git07.rostrud.ru" />
+	<target host="git08.rostrud.ru" />
+	<target host="git09.rostrud.ru" />
+	<target host="git10.rostrud.ru" />
+	<target host="git11.rostrud.ru" />
+	<target host="git12.rostrud.ru" />
+	<target host="git13.rostrud.ru" />
+	<target host="git14.rostrud.ru" />
+	<target host="git15.rostrud.ru" />
+	<target host="git16.rostrud.ru" />
+	<target host="git17.rostrud.ru" />
+	<target host="git18.rostrud.ru" />
+	<target host="git19.rostrud.ru" />
+	<target host="git20.rostrud.ru" />
+	<target host="git21.rostrud.ru" />
+	<target host="git22.rostrud.ru" />
+	<target host="git23.rostrud.ru" />
+	<target host="git24.rostrud.ru" />
+	<target host="git25.rostrud.ru" />
+	<target host="git26.rostrud.ru" />
+	<target host="git27.rostrud.ru" />
+	<target host="git28.rostrud.ru" />
+	<target host="git29.rostrud.ru" />
+	<target host="git30.rostrud.ru" />
+	<target host="git31.rostrud.ru" />
+	<target host="git32.rostrud.ru" />
+	<target host="git33.rostrud.ru" />
+	<target host="git34.rostrud.ru" />
+	<target host="git35.rostrud.ru" />
+	<target host="git36.rostrud.ru" />
+	<target host="git37.rostrud.ru" />
+	<target host="git38.rostrud.ru" />
+	<target host="git39.rostrud.ru" />
+	<target host="git40.rostrud.ru" />
+	<target host="git41.rostrud.ru" />
+	<target host="git42.rostrud.ru" />
+	<target host="git43.rostrud.ru" />
+	<target host="git44.rostrud.ru" />
+	<target host="git45.rostrud.ru" />
+	<target host="git46.rostrud.ru" />
+	<target host="git47.rostrud.ru" />
+	<target host="git48.rostrud.ru" />
+	<target host="git49.rostrud.ru" />
+	<target host="git50.rostrud.ru" />
+	<target host="git51.rostrud.ru" />
+	<target host="git52.rostrud.ru" />
+	<target host="git53.rostrud.ru" />
+	<target host="git54.rostrud.ru" />
+	<target host="git55.rostrud.ru" />
+	<target host="git56.rostrud.ru" />
+	<target host="git57.rostrud.ru" />
+	<target host="git58.rostrud.ru" />
+	<target host="git59.rostrud.ru" />
+	<target host="git60.rostrud.ru" />
+	<target host="git61.rostrud.ru" />
+	<target host="git62.rostrud.ru" />
+	<target host="git63.rostrud.ru" />
+	<target host="git64.rostrud.ru" />
+	<target host="git65.rostrud.ru" />
+	<target host="git66.rostrud.ru" />
+	<target host="git67.rostrud.ru" />
+	<target host="git68.rostrud.ru" />
+	<target host="git69.rostrud.ru" />
+	<target host="git70.rostrud.ru" />
+	<target host="git71.rostrud.ru" />
+	<target host="git72.rostrud.ru" />
+	<target host="git73.rostrud.ru" />
+	<target host="git74.rostrud.ru" />
+	<target host="git75.rostrud.ru" />
+	<target host="git76.rostrud.ru" />
+	<target host="git77.rostrud.ru" />
+	<target host="git78.rostrud.ru" />
+	<target host="git79.rostrud.ru" />
+	<target host="git86.rostrud.ru" />
+	<target host="git87.rostrud.ru" />
+	<target host="git89.rostrud.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/rosyama.ru.xml b/src/chrome/content/rules/rosyama.ru.xml
new file mode 100644
index 000000000000..ed9af30f21aa
--- /dev/null
+++ b/src/chrome/content/rules/rosyama.ru.xml
@@ -0,0 +1,15 @@
+<!--
+www.rosyama.ru ⁴
+dev.rosyama.ru ¹
+mx.rosyama.ru ²
+
+
+¹ mismatch
+² refused
+⁴ self signed
+-->
+<ruleset name="rosyama.ru">
+	<target host="rosyama.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/roszkh.ru.xml b/src/chrome/content/rules/roszkh.ru.xml
new file mode 100644
index 000000000000..d39d2e949b30
--- /dev/null
+++ b/src/chrome/content/rules/roszkh.ru.xml
@@ -0,0 +1,12 @@
+<!--
+email.roszkh.ru ³
+
+
+³ timed out
+-->
+<ruleset name="roszkh.ru">
+	<target host="roszkh.ru" />
+	<target host="www.roszkh.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/royaldns.net.xml b/src/chrome/content/rules/royaldns.net.xml
new file mode 100644
index 000000000000..f93b1d68b4d9
--- /dev/null
+++ b/src/chrome/content/rules/royaldns.net.xml
@@ -0,0 +1,11 @@
+<ruleset name="RoyalDNS.net">
+
+	<target host="royaldns.net" />
+	<target host="www.royaldns.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+ </ruleset>
diff --git a/src/chrome/content/rules/royalvoluntaryservice.org.uk.xml b/src/chrome/content/rules/royalvoluntaryservice.org.uk.xml
new file mode 100644
index 000000000000..1c1987ad2683
--- /dev/null
+++ b/src/chrome/content/rules/royalvoluntaryservice.org.uk.xml
@@ -0,0 +1,23 @@
+
+<!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Fetch error: http://grandfest.royalvoluntaryservice.org.uk/ => https://grandfest.royalvoluntaryservice.org.uk/: (35, 'OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to grandfest.royalvoluntaryservice.org.uk:443 ')
+Fetch error: http://www.grandfest.royalvoluntaryservice.org.uk/ => https://www.grandfest.royalvoluntaryservice.org.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'www.grandfest.royalvoluntaryservice.org.uk'")
+
+  Connection refused:
+    - catalogue.royalvoluntaryservice.org.uk
+-->
+
+<ruleset name="Royal Voluntary Service.org.uk">
+
+	<target host="royalvoluntaryservice.org.uk" />
+	<target host="www.royalvoluntaryservice.org.uk" />
+	<!-- <target host="catalogue.royalvoluntaryservice.org.uk" /> -->
+	<!-- target host="grandfest.royalvoluntaryservice.org.uk" /-->
+	<!-- target host="www.grandfest.royalvoluntaryservice.org.uk" /-->
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/rozetka.com.ua.xml b/src/chrome/content/rules/rozetka.com.ua.xml
new file mode 100644
index 000000000000..b3471d1c3493
--- /dev/null
+++ b/src/chrome/content/rules/rozetka.com.ua.xml
@@ -0,0 +1,34 @@
+<!--
+Incomplete certificate chain:
+	video.rozetka.com.ua
+
+Invalid certificate:
+	hotels.rozetka.com.ua
+
+Redirect to HTTP:
+	m.rozetka.com.ua
+	posadiderevo.rozetka.com.ua
+
+Refused connection:
+	in1.rozetka.com.ua
+-->
+<ruleset name="rozetka.com.ua">
+	<target host="rozetka.com.ua"/>
+	<target host="www.rozetka.com.ua"/>
+	<target host="apteka.rozetka.com.ua"/>
+	<target host="bt.rozetka.com.ua"/>
+	<target host="cardtocard.rozetka.com.ua"/>
+	<target host="hard.rozetka.com.ua"/>
+	<target host="hunter.rozetka.com.ua"/>
+	<target host="img.rozetka.com.ua"/>
+	<target host="my.rozetka.com.ua"/>
+	<target host="new.rozetka.com.ua"/>
+	<target host="partner.rozetka.com.ua"/>
+	<target host="rg.rozetka.com.ua"/>
+		<test url="http://rg.rozetka.com.ua/iframe_recent_goods"/>
+	<target host="search.rozetka.com.ua"/>
+	<target host="soft.rozetka.com.ua"/>
+	<target host="tours.rozetka.com.ua"/>
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/rpcmp.ru.xml b/src/chrome/content/rules/rpcmp.ru.xml
new file mode 100644
index 000000000000..95d3b06d6d2a
--- /dev/null
+++ b/src/chrome/content/rules/rpcmp.ru.xml
@@ -0,0 +1,6 @@
+<ruleset name="rpcmp.ru">
+	<target host="rpcmp.ru" />
+	<target host="www.rpcmp.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/rsbsrt.ru.xml b/src/chrome/content/rules/rsbsrt.ru.xml
new file mode 100644
index 000000000000..13b48c98b835
--- /dev/null
+++ b/src/chrome/content/rules/rsbsrt.ru.xml
@@ -0,0 +1,7 @@
+<ruleset name="rsbsrt.ru">
+	<target host="www.rsbsrt.ru" /> <!-- mismatch, wrong content -->
+	<rule from="^http://www\.rsbsrt\.ru/" to="https://rsbsrt.ru/" />
+
+	<target host="rsbsrt.ru" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/rsdn.org.xml b/src/chrome/content/rules/rsdn.org.xml
new file mode 100644
index 000000000000..ea7c0152ae20
--- /dev/null
+++ b/src/chrome/content/rules/rsdn.org.xml
@@ -0,0 +1,15 @@
+<!--
+	These URLs don't have HTTP support.
+		- tc.rsdn.org
+
+	These URLs return non 2xx status code while working correctly with HTTP.
+		- track.rsdn.org
+-->
+<ruleset name="rsdn.org">
+	<target host="rsdn.org" />
+	<target host="www.rsdn.org" />
+	<target host="blogs.rsdn.org" />
+	<target host="files.rsdn.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/rsl.ru.xml b/src/chrome/content/rules/rsl.ru.xml
new file mode 100644
index 000000000000..5b3e85087c05
--- /dev/null
+++ b/src/chrome/content/rules/rsl.ru.xml
@@ -0,0 +1,111 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://ap.rsl.ru/ (200) => https://ap.rsl.ru/ (403)
+
+1812.rsl.ru ¹
+www.1812.rsl.ru ¹
+aleph.rsl.ru ³
+antiplagiat.rsl.ru ³
+bae.rsl.ru non-2xx http code
+beta.rsl.ru non-2xx http code
+bibliotekovedenie.rsl.ru non-2xx http code
+cadd.rsl.ru ³
+combibros.rsl.ru non-2xx http code
+cp.rsl.ru non-2xx http code
+www.cp.rsl.ru ¹
+dc.rsl.ru non-2xx http code
+defview.rsl.ru ³
+depo.rsl.ru ³
+diss.rsl.ru non-2xx http code
+dlib.rsl.ru non-2xx http code
+dvs2.rsl.ru ³
+eidos.rsl.ru non-2xx http code
+elibrary.rsl.ru non-2xx http code
+www.elibrary.rsl.ru ¹
+favorites.rsl.ru non-2xx http code
+gak.rsl.ru non-2xx http code
+gw-wifi.rsl.ru ³
+ha-proxy.rsl.ru non-2xx http code
+ifund.rsl.ru non-2xx http code
+il.rsl.ru ³
+ils.rsl.ru ³
+infoculture.rsl.ru ³
+kp.rsl.ru non-2xx http code
+lbc.rsl.ru ²
+leb.rsl.ru ³
+linweb.rsl.ru non-2xx http code
+marc21.rsl.ru non-2xx http code
+mx0.rsl.ru ³
+mx1.rsl.ru ³
+notes.rsl.ru ³
+ns0.rsl.ru ³
+ns1.rsl.ru ³
+ns2.rsl.ru ³
+observatoria.rsl.ru non-2xx http code
+old.rsl.ru ³
+orel.rsl.ru non-2xx http code
+orel2.rsl.ru non-2xx http code
+orel3.rsl.ru ³
+orient.rsl.ru non-2xx http code
+www.orient.rsl.ru ¹
+pobeda.rsl.ru non-2xx http code
+project.rsl.ru non-2xx http code
+www.project.rsl.ru ¹
+rbk-rsl.rsl.ru ³
+relay.rsl.ru ⁴
+rumchten.rsl.ru non-2xx http code
+www.rumchten.rsl.ru ¹
+test.rusneb.rsl.ru ¹
+search.rsl.ru non-2xx http code
+new.search.rsl.ru ¹
+old.search.rsl.ru ¹
+sigla.rsl.ru ³
+simvolika.rsl.ru non-2xx http code
+sng.rsl.ru non-2xx http code
+sovdir.rsl.ru non-2xx http code
+store.rsl.ru non-2xx http code
+support.rsl.ru ¹
+tdvs.rsl.ru ⁵
+tolstoy-nasledie.rsl.ru non-2xx http code
+tudb.rsl.ru ³
+udb.rsl.ru ³
+udo.rsl.ru ²
+h55.udo.rsl.ru ²
+h56.udo.rsl.ru ³
+h57.udo.rsl.ru ²
+h58.udo.rsl.ru ³
+vdi.rsl.ru ³
+vdiss.rsl.ru ³
+vl.rsl.ru ³
+vpn.rsl.ru ²
+zabbix.rsl.ru ⁴
+www.zabbix.rsl.ru ⁴
+libip.rsl.ru different content
+nebreader.rsl.ru mixed content
+
+
+¹ mismatch
+² refused
+³ timed out
+⁴ self signed
+⁵ expired
+-->
+<ruleset name="rsl.ru" platform="mixedcontent" default_off="failed ruleset test">
+	<target host="rsl.ru" />
+	<target host="www.rsl.ru" />
+	<target host="ap.rsl.ru" />
+	<target host="autodiscover.rsl.ru" />
+	<target host="bd-kp.rsl.ru" />
+	<target host="dvs.rsl.ru" />
+	<target host="eva.rsl.ru" />
+	<target host="oek.rsl.ru" />
+	<target host="owa.rsl.ru" />
+	<target host="passport.rsl.ru" />
+	<target host="presentation.rsl.ru" />
+	<target host="vchz.rsl.ru" />
+	<target host="viewer.rsl.ru" />
+	<target host="vivaldi.rsl.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/rsload.net.xml b/src/chrome/content/rules/rsload.net.xml
new file mode 100644
index 000000000000..d544736cb811
--- /dev/null
+++ b/src/chrome/content/rules/rsload.net.xml
@@ -0,0 +1,13 @@
+<!--
+forum.rsload.net ⁴
+www.forum.rsload.net ⁴
+
+
+⁴ self signed
+-->
+<ruleset name="rsload.net">
+	<target host="rsload.net" />
+	<target host="www.rsload.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/rssowl.org.xml b/src/chrome/content/rules/rssowl.org.xml
new file mode 100644
index 000000000000..af0bbb4be314
--- /dev/null
+++ b/src/chrome/content/rules/rssowl.org.xml
@@ -0,0 +1,17 @@
+<!--
+	Invalid certificate:
+		boreal.rssowl.org
+		mobile.rssowl.org
+		tutorial.rssowl.org
+		wiki.rssowl.org
+
+	Unreachable:
+		project.rssowl.org
+-->
+<ruleset name="rssowl.org">
+	<target host="rssowl.org" />
+	<target host="www.rssowl.org" />
+
+  <rule from="^http://rssowl\.org/" to="https://www.rssowl.org/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/rtbpopd.com.xml b/src/chrome/content/rules/rtbpopd.com.xml
new file mode 100644
index 000000000000..893e8e7e85b2
--- /dev/null
+++ b/src/chrome/content/rules/rtbpopd.com.xml
@@ -0,0 +1,40 @@
+<!--
+	www.rtbpopd.com: Mismatched
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- rtbpopd.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="rtbpopd.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="rtbpopd.com" />
+
+		<!--	Sets cookies without Secure:
+							-->
+		<!--test url="http://rtbpopd.com/afu.php?zoneid=" /-->
+
+	<!--	Complications:
+				-->
+	<target host="www.rtbpopd.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^rtbpopd\.com$" name="^(?:OAGEO[\da-f]+|OAID|OAVARS\[\]|SeenToday)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://www\.rtbpopd\.com/"
+		to="https://rtbpopd.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/rtl-sdr.com.xml b/src/chrome/content/rules/rtl-sdr.com.xml
new file mode 100644
index 000000000000..c8e64bcde6ad
--- /dev/null
+++ b/src/chrome/content/rules/rtl-sdr.com.xml
@@ -0,0 +1,11 @@
+<ruleset name="rtl-sdr.com">
+
+	<target host="rtl-sdr.com" />
+	<target host="www.rtl-sdr.com" />
+	<target host="mail.rtl-sdr.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/rtm.quebec.xml b/src/chrome/content/rules/rtm.quebec.xml
new file mode 100644
index 000000000000..2195221b128e
--- /dev/null
+++ b/src/chrome/content/rules/rtm.quebec.xml
@@ -0,0 +1,27 @@
+<!--
+        Nonfunctional hosts in *.rtm.quebec:
+                - abonnement.rtm.quebec t
+                - m.ledevoir.com m
+                - approvisionnement.rtm.quebec m
+                - www.employeur.rtm.quebec t
+                - www.webapp.rtm.quebec t
+
+        h: http redirect
+        m: certificate mismatch
+        r: connection refused
+        s: self-signed certificate
+        t: timeout on https
+-->
+
+<ruleset name="rtm.quebec">
+	<target host="rtm.quebec" />
+	<target host="www.rtm.quebec" />
+	<target host="autodiscover.rtm.quebec" />
+        <target host="chrono.rtm.quebec" />
+        <target host="cp4t.rtm.quebec" />
+        <target host="employeur.rtm.quebec" />
+        <target host="webapp.rtm.quebec" />
+	<rule from="^http:" to="https:" />
+
+        <securecookie host=".+" name=".+" />
+</ruleset>
diff --git a/src/chrome/content/rules/rtr-vesti.ru.xml b/src/chrome/content/rules/rtr-vesti.ru.xml
new file mode 100644
index 000000000000..a7722b0b5b0e
--- /dev/null
+++ b/src/chrome/content/rules/rtr-vesti.ru.xml
@@ -0,0 +1,32 @@
+<!--
+	Problematic hosts in *rtr-vesti.ru:
+
+		- cdn.static1 ᵐ
+
+	ᵐ Mismatched
+
+-->
+<ruleset name="rtr-vesti.ru">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="cdn-st1.rtr-vesti.ru" />
+	<target host="cdn-st2.rtr-vesti.ru" />
+	<target host="cdn-st3.rtr-vesti.ru" />
+	<target host="cdn-st4.rtr-vesti.ru" />
+
+	<!--	Complications:
+				-->
+	<target host="cdn.static1.rtr-vesti.ru" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://cdn\.static1\.rtr-vesti\.ru/"
+		to="https://cdn-st1.rtr-vesti.ru/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ru-board.com.xml b/src/chrome/content/rules/ru-board.com.xml
new file mode 100644
index 000000000000..e7d7ca26960e
--- /dev/null
+++ b/src/chrome/content/rules/ru-board.com.xml
@@ -0,0 +1,42 @@
+<!--
+	Invalid certificate:
+		ru-board.com
+		www.ru-board.com
+		a.ru-board.com
+		chess.ru-board.com
+		forall.ru-board.com
+		forum2.ru-board.com
+		front1.ru-board.com
+		front2.ru-board.com
+		gal.ru-board.com
+		gallery.ru-board.com
+		gazeta.ru-board.com
+		host1.ru-board.com
+		host3.ru-board.com
+		i.ru-board.com
+		i2.ru-board.com
+		ib.ru-board.com
+		mail.ru-board.com
+		mail2.ru-board.com
+		mods.ru-board.com
+		mygui.ru-board.com
+		newhost.ru-board.com
+		ns1.ru-board.com
+		ns2.ru-board.com
+		rss.ru-board.com
+		shop.ru-board.com
+		smilies.ru-board.com
+		test.ru-board.com
+
+	Time out:
+		dc.ru-board.com
+		www.dc.ru-board.com
+		mail3.ru-board.com
+		tracker.ru-board.com
+-->
+<ruleset name="ru-board.com">
+	<target host="forum.ru-board.com" />
+	<target host="www.forum.ru-board.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ruag.xml b/src/chrome/content/rules/ruag.xml
new file mode 100644
index 000000000000..df7249f667f6
--- /dev/null
+++ b/src/chrome/content/rules/ruag.xml
@@ -0,0 +1,7 @@
+<ruleset name="RUAG">
+	<target host="ruag.com"/>
+	<target host="www.ruag.com"/>
+
+	<rule from="^http://(?:www\.)?ruag\.com/"
+		to="https://www.ruag.com/"/>
+</ruleset>
diff --git a/src/chrome/content/rules/ruanyifeng.com.xml b/src/chrome/content/rules/ruanyifeng.com.xml
new file mode 100644
index 000000000000..60e1d9f3b226
--- /dev/null
+++ b/src/chrome/content/rules/ruanyifeng.com.xml
@@ -0,0 +1,11 @@
+<ruleset name="ruanyifeng.com">
+	<target host="ruanyifeng.com" />
+	<target host="www.ruanyifeng.com" />
+	<target host="es6.ruanyifeng.com" />
+	<target host="javascript.ruanyifeng.com" />
+	<target host="redux.ruanyifeng.com" />
+	<target host="road.ruanyifeng.com" />
+	<target host="survivor.ruanyifeng.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/rubixlinux.org.xml b/src/chrome/content/rules/rubixlinux.org.xml
new file mode 100644
index 000000000000..49481a3ef69f
--- /dev/null
+++ b/src/chrome/content/rules/rubixlinux.org.xml
@@ -0,0 +1,5 @@
+<ruleset name="rubixlinux.org">
+	<target host="rubixlinux.org" />
+	<target host="www.rubixlinux.org" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/rubri.co.xml b/src/chrome/content/rules/rubri.co.xml
new file mode 100644
index 000000000000..583a1ba66a69
--- /dev/null
+++ b/src/chrome/content/rules/rubri.co.xml
@@ -0,0 +1,8 @@
+<ruleset name="rubri.co">
+	<target host="rubri.co" />
+	<target host="www.rubri.co" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/rudimental.co.uk.xml b/src/chrome/content/rules/rudimental.co.uk.xml
new file mode 100644
index 000000000000..85fd70632085
--- /dev/null
+++ b/src/chrome/content/rules/rudimental.co.uk.xml
@@ -0,0 +1,14 @@
+<!--
+	Invalid certificate:
+		archive.rudimental.co.uk
+		ftp.rudimental.co.uk
+		google93c848faceaf772c.rudimental.co.uk
+		newsite.rudimental.co.uk
+-->
+<ruleset name="rudimental.co.uk">
+	<target host="rudimental.co.uk" />
+	<target host="www.rudimental.co.uk" />
+	<target host="earlyaccess.rudimental.co.uk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ruffle.rs.xml b/src/chrome/content/rules/ruffle.rs.xml
new file mode 100644
index 000000000000..0457b49f4d25
--- /dev/null
+++ b/src/chrome/content/rules/ruffle.rs.xml
@@ -0,0 +1,11 @@
+<!--
+	Invalid certificate:
+		www.ruffle.rs
+-->
+<ruleset name="ruffle.rs">
+	<target host="ruffle.rs" />
+	<target host="www.ruffle.rs" />
+
+	<rule from="^http://www\.ruffle\.rs/" to="https://ruffle.rs/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/rufus.ie.xml b/src/chrome/content/rules/rufus.ie.xml
new file mode 100644
index 000000000000..3ffbaacaabcd
--- /dev/null
+++ b/src/chrome/content/rules/rufus.ie.xml
@@ -0,0 +1,5 @@
+<ruleset name="rufus.ie">
+	<target host="rufus.ie" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/runnersconnect.net.xml b/src/chrome/content/rules/runnersconnect.net.xml
new file mode 100644
index 000000000000..d75ed32f978b
--- /dev/null
+++ b/src/chrome/content/rules/runnersconnect.net.xml
@@ -0,0 +1,30 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- runnersconnect.net
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="RunnersConnect.net">
+
+	<target host="runnersconnect.net" />
+	<target host="strength.runnersconnect.net" />
+	<target host="www.runnersconnect.net" />
+
+		<!--	Sets cookie without Secure:
+							-->
+		<!--test url="http://runnersconnect.net/strength-training-runners/" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^runnersconnect.net$" name="^w3tc_referrer$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/runnymede.gov.uk.xml b/src/chrome/content/rules/runnymede.gov.uk.xml
new file mode 100644
index 000000000000..941a6b3acd33
--- /dev/null
+++ b/src/chrome/content/rules/runnymede.gov.uk.xml
@@ -0,0 +1,40 @@
+<!--
+	Runnymede Borough Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+	Non-functional hosts
+		Timeout was reached:
+		- butlerdata.runnymede.gov.uk
+		- butlertestdata.runnymede.gov.uk
+		- documents.runnymede.gov.uk
+		- freja.runnymede.gov.uk
+		- mail.runnymede.gov.uk
+		- planning.runnymede.gov.uk
+		- ww4.runnymede.gov.uk
+
+		SSL peer certificate was not OK:
+		- myaccount.runnymede.gov.uk
+		- ww2.runnymede.gov.uk
+
+		Peer certificate cannot be authenticated with given CA certificates:
+		- myforms.runnymede.gov.uk
+		- ww5.runnymede.gov.uk
+
+		Incomplete certificate chain error:
+		- parking.runnymede.gov.uk
+
+		Mixed content blocking (MCB) triggered:
+		- petitions.runnymede.gov.uk
+-->
+<ruleset name="Runnymede.gov.uk (partial)">
+	<target host="runnymede.gov.uk" />
+	<target host="www.runnymede.gov.uk" />
+	<target host="m.runnymede.gov.uk" />
+	<target host="maps.runnymede.gov.uk" />
+	<target host="payments.runnymede.gov.uk" />
+	<target host="remote.runnymede.gov.uk" />
+	<target host="webmail.runnymede.gov.uk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/runpee.com.xml b/src/chrome/content/rules/runpee.com.xml
new file mode 100644
index 000000000000..f27e17e3c789
--- /dev/null
+++ b/src/chrome/content/rules/runpee.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="runpee.com">
+	<target host="runpee.com" />
+	<target host="www.runpee.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/runtimeverification.com.xml b/src/chrome/content/rules/runtimeverification.com.xml
new file mode 100644
index 000000000000..98352b897e88
--- /dev/null
+++ b/src/chrome/content/rules/runtimeverification.com.xml
@@ -0,0 +1,14 @@
+<ruleset name="Runtime Verification.com">
+
+	<target host="runtimeverification.com" />
+	<target host="www.runtimeverification.com" />
+
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ruptureit.com.xml b/src/chrome/content/rules/ruptureit.com.xml
new file mode 100644
index 000000000000..ba4789405dcf
--- /dev/null
+++ b/src/chrome/content/rules/ruptureit.com.xml
@@ -0,0 +1,28 @@
+<!--
+	STS header includes includeSubdomains.
+
+-->
+<ruleset name="Rupture it.com">
+
+	<target host="ruptureit.com" />
+	<target host="*.ruptureit.com" />
+
+		<!--	includeSubdomains applies to one level only, so:
+									-->
+		<exclusion pattern="^http://(?:[^./]+\.){2,}ruptureit\.com/" />
+
+			<!--	+ve:
+					-->
+			<test url="http://this.host.ruptureit.com/" />
+			<test url="http://exists.not.ruptureit.com/" />
+
+		<test url="http://www.ruptureit.com/" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/rusradio.ru.xml b/src/chrome/content/rules/rusradio.ru.xml
new file mode 100644
index 000000000000..8c9e3719ea6b
--- /dev/null
+++ b/src/chrome/content/rules/rusradio.ru.xml
@@ -0,0 +1,38 @@
+<!--
+	www.rusradio.ru: handshake fails
+
+
+	Insecure cookies are set for these domains: ᶜ
+
+		- .rusradio.ru
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- bugs, from:
+
+			- www.tns-counter.ru ˢ
+			- counter.rambler.ru ˢ
+			- linkmaker.itunes.apple.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="rusradio.ru">
+
+	<target host="rusradio.ru" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.rusradio\.ru$" name="^ARRAffinity$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/russia.tv.xml b/src/chrome/content/rules/russia.tv.xml
new file mode 100644
index 000000000000..a86158a4341a
--- /dev/null
+++ b/src/chrome/content/rules/russia.tv.xml
@@ -0,0 +1,26 @@
+<!--
+www.russia.tv ¹
+2.russia.tv ¹
+test.2.russia.tv ¹
+beta.russia.tv ¹
+hd.russia.tv ¹
+live.russia.tv ¹
+www.live.russia.tv ¹
+old.russia.tv ¹
+sofia.russia.tv ¹
+
+
+¹ mismatch
+-->
+<ruleset name="russia.tv">
+	<target host="russia.tv" />
+	<target host="dance.russia.tv" />
+	<target host="ya.russia.tv" />
+
+	<target host="www.russia.tv" />
+
+	<rule from="^http://www\.russia\.tv/"
+		to="https://russia.tv/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/russian-malta.com.xml b/src/chrome/content/rules/russian-malta.com.xml
new file mode 100644
index 000000000000..62b218a084de
--- /dev/null
+++ b/src/chrome/content/rules/russian-malta.com.xml
@@ -0,0 +1,5 @@
+<ruleset name="russian-malta.com">
+	<target host="russian-malta.com" />
+	<target host="www.russian-malta.com" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/rustedlogic.net.xml b/src/chrome/content/rules/rustedlogic.net.xml
new file mode 100644
index 000000000000..9f9e456234d2
--- /dev/null
+++ b/src/chrome/content/rules/rustedlogic.net.xml
@@ -0,0 +1,168 @@
+<!--
+	Invalid certificate:
+		ftp.acmlm.rustedlogic.net
+		ssh.acmlm.rustedlogic.net
+		anya.rustedlogic.net
+		www.anya.rustedlogic.net
+		ftp.anya.rustedlogic.net
+		ssh.anya.rustedlogic.net
+		ballz.rustedlogic.net
+		www.ballz.rustedlogic.net
+		ftp.ballz.rustedlogic.net
+		ssh.ballz.rustedlogic.net
+		bloodstar.rustedlogic.net
+		www.bloodstar.rustedlogic.net
+		ftp.bloodstar.rustedlogic.net
+		ssh.bloodstar.rustedlogic.net
+		ftp.bmf.rustedlogic.net
+		ssh.bmf.rustedlogic.net
+		cirvante.rustedlogic.net
+		www.cirvante.rustedlogic.net
+		ftp.cirvante.rustedlogic.net
+		ssh.cirvante.rustedlogic.net
+		chineseodyssey.rustedlogic.net
+		www.chineseodyssey.rustedlogic.net
+		ftp.chineseodyssey.rustedlogic.net
+		ssh.chineseodyssey.rustedlogic.net
+		cpu13.rustedlogic.net
+		www.cpu13.rustedlogic.net
+		ftp.cpu13.rustedlogic.net
+		ssh.cpu13.rustedlogic.net
+		ftp.darkdata.rustedlogic.net
+		ssh.darkdata.rustedlogic.net
+		ftp.disgaea.rustedlogic.net
+		ssh.disgaea.rustedlogic.net
+		dotuser.rustedlogic.net
+		www.dotuser.rustedlogic.net
+		ftp.dotuser.rustedlogic.net
+		ssh.dotuser.rustedlogic.net
+		ftp.rustedlogic.net
+		hiryuu.rustedlogic.net
+		www.hiryuu.rustedlogic.net
+		ftp.hiryuu.rustedlogic.net
+		ssh.hiryuu.rustedlogic.net
+		hydrapheetz.rustedlogic.net
+		www.hydrapheetz.rustedlogic.net
+		ftp.hydrapheetz.rustedlogic.net
+		ssh.hydrapheetz.rustedlogic.net
+		inuyasha.rustedlogic.net
+		www.inuyasha.rustedlogic.net
+		ftp.inuyasha.rustedlogic.net
+		ssh.inuyasha.rustedlogic.net
+		ftp.jul.rustedlogic.net
+		ssh.jul.rustedlogic.net
+		ftp.lordbbh.rustedlogic.net
+		ssh.lordbbh.rustedlogic.net
+		ftp.lain.rustedlogic.net
+		ssh.lain.rustedlogic.net
+		luca.rustedlogic.net
+		www.luca.rustedlogic.net
+		ftp.luca.rustedlogic.net
+		ssh.luca.rustedlogic.net
+		minecraft.rustedlogic.net
+		www.minecraft.rustedlogic.net
+		ftp.minecraft.rustedlogic.net
+		ssh.minecraft.rustedlogic.net
+		ftp.ninetales.rustedlogic.net
+		ssh.ninetales.rustedlogic.net
+		peardian.rustedlogic.net
+		www.peardian.rustedlogic.net
+		ftp.peardian.rustedlogic.net
+		ssh.peardian.rustedlogic.net
+		ftp.petscop.rustedlogic.net
+		ssh.petscop.rustedlogic.net
+		qubedstudios.rustedlogic.net
+		www.qubedstudios.rustedlogic.net
+		ftp.qubedstudios.rustedlogic.net
+		ssh.qubedstudios.rustedlogic.net
+		rahan.rustedlogic.net
+		www.rahan.rustedlogic.net
+		ftp.rahan.rustedlogic.net
+		ssh.rahan.rustedlogic.net
+		ftp.retrodev.rustedlogic.net
+		ssh.retrodev.rustedlogic.net
+		ftp.sardoose.rustedlogic.net
+		ssh.sardoose.rustedlogic.net
+		ssh.rustedlogic.net
+		stats.rustedlogic.net
+		www.stats.rustedlogic.net
+		ftp.stats.rustedlogic.net
+		ssh.stats.rustedlogic.net
+		supakitsune.rustedlogic.net
+		www.supakitsune.rustedlogic.net
+		ftp.supakitsune.rustedlogic.net
+		ssh.supakitsune.rustedlogic.net
+		trs.rustedlogic.net
+		www.trs.rustedlogic.net
+		ftp.trs.rustedlogic.net
+		ssh.trs.rustedlogic.net
+		tyty.rustedlogic.net
+		www.tyty.rustedlogic.net
+		ftp.tyty.rustedlogic.net
+		ssh.tyty.rustedlogic.net
+		wiki.rustedlogic.net
+		www.wiki.rustedlogic.net
+		ftp.wiki.rustedlogic.net
+		ssh.wiki.rustedlogic.net
+		xkeeper.rustedlogic.net
+		www.xkeeper.rustedlogic.net
+		ftp.xkeeper.rustedlogic.net
+		ssh.xkeeper.rustedlogic.net
+		tas.xkeeper.rustedlogic.net
+		ftp.tas.xkeeper.rustedlogic.net
+		ssh.tas.xkeeper.rustedlogic.net
+		webmail.rustedlogic.net
+		www.webmail.rustedlogic.net
+
+	Refused:
+		mysql.chineseodyssey.rustedlogic.net
+		mysql.cpu13.rustedlogic.net
+		mysql.disgaea.rustedlogic.net
+		einherjar.rustedlogic.net
+		irc.rustedlogic.net
+		mail.rustedlogic.net
+		mysql.minecraft.rustedlogic.net
+		mysql.rustedlogic.net
+		mysql.ninetales.rustedlogic.net
+		mysql.petscop.rustedlogic.net
+		mysql.retrodev.rustedlogic.net
+		mysql.sardoose.rustedlogic.net
+		mysql.stats.rustedlogic.net
+		mysql.xkeeper.rustedlogic.net
+
+	Time out:
+		new.jul.rustedlogic.net
+		new.stats.rustedlogic.net
+		nextjen.rustedlogic.net
+-->
+<ruleset name="rustedlogic.net">
+	<target host="rustedlogic.net" />
+	<target host="www.rustedlogic.net" />
+	<target host="acmlm.rustedlogic.net" />
+	<target host="www.acmlm.rustedlogic.net" />
+	<target host="bmf.rustedlogic.net" />
+	<target host="www.bmf.rustedlogic.net" />
+	<target host="darkdata.rustedlogic.net" />
+	<target host="www.darkdata.rustedlogic.net" />
+	<target host="disgaea.rustedlogic.net" />
+	<target host="www.disgaea.rustedlogic.net" />
+	<target host="jul.rustedlogic.net" />
+	<target host="www.jul.rustedlogic.net" />
+	<target host="lain.rustedlogic.net" />
+	<target host="www.lain.rustedlogic.net" />
+	<target host="lordbbh.rustedlogic.net" />
+	<target host="www.lordbbh.rustedlogic.net" />
+	<target host="ninetales.rustedlogic.net" />
+	<target host="www.ninetales.rustedlogic.net" />
+	<target host="petscop.rustedlogic.net" />
+	<target host="www.petscop.rustedlogic.net" />
+	<target host="retrodev.rustedlogic.net" />
+	<target host="www.retrodev.rustedlogic.net" />
+	<target host="sanky.rustedlogic.net" />
+	<target host="sanqui.rustedlogic.net" />
+	<target host="sardoose.rustedlogic.net" />
+	<target host="www.sardoose.rustedlogic.net" />
+	<target host="treeki.rustedlogic.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/rutland.gov.uk.xml b/src/chrome/content/rules/rutland.gov.uk.xml
new file mode 100644
index 000000000000..48e2e1e4da1e
--- /dev/null
+++ b/src/chrome/content/rules/rutland.gov.uk.xml
@@ -0,0 +1,44 @@
+<!--
+	Rutland County Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *rutland.gov.uk:
+
+		- (www.)? ʳ
+		- planningonline ʳ
+
+	ʳ Refused
+
+
+	Problematic hosts in *rutland.gov.uk:
+
+		- ris ᵐ
+		- webpayments ᶜ
+
+	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- webpayments.rutland.gov.uk
+
+-->
+<ruleset name="Rutland.gov.uk (partial)" default_off="cert-chain">
+
+	<target host="webpayments.rutland.gov.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^webpayments\.rutland\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/rutracker.org.xml b/src/chrome/content/rules/rutracker.org.xml
new file mode 100644
index 000000000000..d79d7ac26c95
--- /dev/null
+++ b/src/chrome/content/rules/rutracker.org.xml
@@ -0,0 +1,42 @@
+<!--
+	Other rutracker rulesets:
+		rutrk.org.xml
+		t-ru.org.xml
+
+	Login required:
+		adcal.rutracker.org
+		rt.rutracker.org
+
+	Invalid certificate:
+		blog.rutracker.org ( → http://rutracker.news/ )
+		feed.rutracker.org
+		subs.rutracker.org
+		www.rutracker.org
+		www.rutracker.cr
+		www.rutracker.net
+
+	Refused:
+		generation.rutracker.org
+		wiki.rutracker.org ( → http://rutracker.wiki/ )
+
+-->
+<ruleset name="rutracker.org">
+
+	<target host="rutracker.org" />
+	<target host="www.rutracker.org" />
+
+	<target host="rutracker.cr" />
+	<target host="www.rutracker.cr" />
+
+	<target host="rutracker.net" />
+	<target host="www.rutracker.net" />
+
+	<target host="rutracker.nl" />
+	<target host="www.rutracker.nl" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://(www\.)?rutracker\.(org|cr|net|nl)/"
+		to="https://rutracker.$2/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/rutrk.org.xml b/src/chrome/content/rules/rutrk.org.xml
new file mode 100644
index 000000000000..116485aa6387
--- /dev/null
+++ b/src/chrome/content/rules/rutrk.org.xml
@@ -0,0 +1,15 @@
+<!--
+	For other rutracker rulesets, see rutracker.org.xml
+
+	Invalid certificate:
+		www.rutrk.org
+
+-->
+<ruleset name="rutrk.org">
+
+	<target host="rutrk.org" />
+		<test url="http://rutrk.org/logo/logo.gif" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/rutube.ru.xml b/src/chrome/content/rules/rutube.ru.xml
new file mode 100644
index 000000000000..85fb35aa274c
--- /dev/null
+++ b/src/chrome/content/rules/rutube.ru.xml
@@ -0,0 +1,13 @@
+<!--
+dev.rutube.ru ¹
+nr-v-nginx.bl.m77.rutube.ru ¹
+
+
+¹ mismatch
+-->
+<ruleset name="rutube.ru">
+	<target host="rutube.ru" />
+	<target host="www.rutube.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/rw-online.co.uk.xml b/src/chrome/content/rules/rw-online.co.uk.xml
new file mode 100644
index 000000000000..616d0e0d0b57
--- /dev/null
+++ b/src/chrome/content/rules/rw-online.co.uk.xml
@@ -0,0 +1,30 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://rw-online.co.uk/ => https://rw-online.co.uk/: (60, 'SSL certificate problem: certificate has expired')
+
+	Insecure cookies are set for these domains: ᶜ
+
+		- .www.rw-online.co.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="RW-online.co.uk" default_off="failed ruleset test">
+
+	<target host="rw-online.co.uk" />
+	<target host="www.rw-online.co.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.www\.rw-online\.co\.uk$" name="^frontend$" /-->
+
+	<securecookie host="^\w" name=".+" />
+	<securecookie host="^\.w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/rwe.de.xml b/src/chrome/content/rules/rwe.de.xml
new file mode 100644
index 000000000000..289a8ac31e0f
--- /dev/null
+++ b/src/chrome/content/rules/rwe.de.xml
@@ -0,0 +1,37 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://chat.rwe.de/ => https://chat.rwe.de/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://solar.rwe.de/ => https://solar.rwe.de/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://webmarket.rwe.de/ => https://webmarket.rwe.de/: (6, 'Could not resolve host: webmarket.rwe.de')
+
+	^rwe.de: Mismatched
+
+-->
+<ruleset name="RWE.de" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="chat.rwe.de" />
+	<target host="meine.rwe.de" />
+	<target host="solar.rwe.de" />
+	<target host="webmarket.rwe.de" />
+	<target host="www.rwe.de" />
+
+	<!--	Complications:
+				-->
+	<target host="rwe.de" />
+
+
+	<securecookie host=".+" name="^(?:_vm_u|ist)$" />
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://rwe\.de/"
+		to="https://www.rwe.de/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/s-t-d.org.xml b/src/chrome/content/rules/s-t-d.org.xml
new file mode 100644
index 000000000000..a97bd2493629
--- /dev/null
+++ b/src/chrome/content/rules/s-t-d.org.xml
@@ -0,0 +1,5 @@
+<ruleset name="s-t-d.org">
+	<target host="s-t-d.org" />
+	<target host="www.s-t-d.org" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/s81c.com.xml b/src/chrome/content/rules/s81c.com.xml
new file mode 100644
index 000000000000..4fdb07439061
--- /dev/null
+++ b/src/chrome/content/rules/s81c.com.xml
@@ -0,0 +1,15 @@
+<!--
+	For other IBM coverage, see IBM.xml.
+
+-->
+<ruleset name="s81c.com">
+
+	<target host="dw1.s81c.com" />
+	<target host="1.www.s81c.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
+
diff --git a/src/chrome/content/rules/saba.com.xml b/src/chrome/content/rules/saba.com.xml
new file mode 100644
index 000000000000..ed58885e062d
--- /dev/null
+++ b/src/chrome/content/rules/saba.com.xml
@@ -0,0 +1,75 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://help.saba.com/ => https://help.saba.com/: (7, 'Failed to connect to help.saba.com port 443: Connection refused')
+
+	Nonfunctional hosts in *saba.com:
+
+		- www1 ᵃ
+
+	ᵃ Marketo / shows another domain
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- saba.com
+		- www.saba.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css on help from fonts.googleapis.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Saba.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="saba.com" />
+	<target host="help.saba.com" />
+	<target host="support.saba.com" />
+	<target host="www.saba.com" />
+
+	<!--	Complications:
+				-->
+	<target host="www1.saba.com" />
+
+		<exclusion pattern="^http://www1\.saba\.com/(?!/*(?:$|\?|css/|images/|rs/))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www1.saba.com/MobileLearning5.html" />
+			<test url="http://www1.saba.com/PartnerLandingPages_become-a-partner.html" />
+			<test url="http://www1.saba.com/SummerSeriesCourse2.html" />
+			<test url="http://www1.saba.com/SummerSeriesCourse3.html" />
+			<test url="http://www1.saba.com/complimentaryassessment.html" />
+			<test url="http://www1.saba.com/dist/styles/main.css" />
+			<test url="http://www1.saba.com/five-steps-to-selecting-tms.html" />
+			<test url="http://www1.saba.com/index.html" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.saba\.com$" name="^(?:ABTestFieldId|ASP\.NET_SessionId)$" /-->
+
+	<securecookie host="^(?!www1\.)\w" name=".+" />
+
+
+	<rule from="^http://www1\.saba\.com/+(?:\?.*)?$"
+		to="https://www.saba.com/" />
+
+		<test url="http://www1.saba.com/?" />
+
+	<rule from="^http://www1\.saba\.com/"
+		to="https://na-sj07.marketo.com/" />
+
+		<test url="http://www1.saba.com/rs/196-PVO-328/images/BrittanyMcClain-100.png" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/sabb.com.xml b/src/chrome/content/rules/sabb.com.xml
new file mode 100644
index 000000000000..37cd558b645b
--- /dev/null
+++ b/src/chrome/content/rules/sabb.com.xml
@@ -0,0 +1,46 @@
+<!--
+	For other HSBC Holdings coverage, see HSBC.xml.
+
+
+	^sabb.com: mismatched
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.sabb.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- iframe on www from www.youtube.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="SABB.com" default_off="testing">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.sabb.com" />
+
+	<!--	Complications:
+				-->
+	<target host="sabb.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.sabb\.com$" name="^(?:ASP\.NET_SessionId|LB_COOKIE_1|SC_ANALYTICS_(?:GLOBAL|SESSION)_COOKIE)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://sabb\.com/"
+		to="https://www.sabb.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/safeornot.net.xml b/src/chrome/content/rules/safeornot.net.xml
new file mode 100644
index 000000000000..edbae0cf99d1
--- /dev/null
+++ b/src/chrome/content/rules/safeornot.net.xml
@@ -0,0 +1,21 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://safeornot.net/ => https://safeornot.net/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	For other Netsec Interactive Solutions coverage, see nsis.ro.xml.
+
+
+	Nonfunctional subdomains:
+
+		- www 		(cert mismatch, CN: geo.cryptolayer.net)
+
+-->
+<ruleset name="SafeOrNot.net" default_off="failed ruleset test">
+	<target host="safeornot.net" />
+
+  	<securecookie host="^safeornot\.net$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/safervpn.com.xml b/src/chrome/content/rules/safervpn.com.xml
new file mode 100644
index 000000000000..75c375afbb42
--- /dev/null
+++ b/src/chrome/content/rules/safervpn.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="safervpn.com">
+	<target host="safervpn.com" />
+	<target host="www.safervpn.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/saint-petersburg.ru.xml b/src/chrome/content/rules/saint-petersburg.ru.xml
new file mode 100644
index 000000000000..9044c4da1b5b
--- /dev/null
+++ b/src/chrome/content/rules/saint-petersburg.ru.xml
@@ -0,0 +1,9 @@
+<!-- www. nonexist domain -->
+<ruleset name="saint-petersburg.ru">
+	<target host="saint-petersburg.ru" />
+	<target host="www.saint-petersburg.ru" />
+	<target host="m.saint-petersburg.ru" />
+	<rule from="^http://www\.saint-petersburg\.ru/"
+		to="https://saint-petersburg.ru/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/saintcon.org.xml b/src/chrome/content/rules/saintcon.org.xml
new file mode 100644
index 000000000000..315e120a909a
--- /dev/null
+++ b/src/chrome/content/rules/saintcon.org.xml
@@ -0,0 +1,28 @@
+<!--
+	STS header includes includeSubdomains
+
+-->
+<ruleset name="saintcon.org">
+
+	<target host="saintcon.org" />
+	<target host="*.saintcon.org" />
+
+		<!--	includeSubdomains applies to one level only, so:
+									-->
+		<exclusion pattern="^http://(?:[^./]+\.){2,}saintcon\.org/" />
+
+			<!--	+ve:
+					-->
+			<test url="http://this.host.saintcon.org/" />
+			<test url="http://exists.not.saintcon.org/" />
+
+		<test url="http://www.saintcon.org/" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/saintgimp.org.xml b/src/chrome/content/rules/saintgimp.org.xml
new file mode 100644
index 000000000000..2dc08a0ed4c3
--- /dev/null
+++ b/src/chrome/content/rules/saintgimp.org.xml
@@ -0,0 +1,13 @@
+<ruleset name="SaintGimp.org">
+
+	<target host="saintgimp.org" />
+	<target host="www.saintgimp.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/saisobserver.org.xml b/src/chrome/content/rules/saisobserver.org.xml
new file mode 100644
index 000000000000..c9c5ea27e43d
--- /dev/null
+++ b/src/chrome/content/rules/saisobserver.org.xml
@@ -0,0 +1,13 @@
+<ruleset name="SAIS Observer.com">
+
+	<target host="saisobserver.org" />
+	<target host="www.saisobserver.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/sakhalin.info.xml b/src/chrome/content/rules/sakhalin.info.xml
new file mode 100644
index 000000000000..5688e861b628
--- /dev/null
+++ b/src/chrome/content/rules/sakhalin.info.xml
@@ -0,0 +1,53 @@
+<!--
+9may.sakhalin.info refused
+70let.sakhalin.info refused
+games.sakh.com refused
+webcam.sakh.com refused
+postcards.sakh.com refused
+board.sakh.com refused
+www.school9.sakh.com refused
+www.avatara.sakh.com refused
+-->
+<ruleset name="sakhalin.info">
+	<target host="sakhalin.info" />
+	<target host="www.sakhalin.info" />
+	<target host="sakh.com" />
+	<target host="www.sakh.com" />
+	<target host="afisha.sakh.com" />
+	<target host="aleksandrovsk.sakh.com" />
+	<target host="auto.sakh.com" />
+	<target host="avia.sakh.com" />
+	<target host="bilet.sakh.com" />
+	<target host="city.sakh.com" />
+	<target host="dom.sakh.com" />
+	<target host="eda.sakh.com" />
+	<target host="forum.sakh.com" />
+	<target host="i.sakh.com" />
+	<target host="kholmsk.sakh.com" />
+	<target host="korsakov.sakh.com" />
+	<target host="kurilsk.sakh.com" />
+	<target host="makarov.sakh.com" />
+	<target host="maps.sakh.com" />
+	<target host="market.sakh.com" />
+	<target host="menu.sakh.com" />
+	<target host="night.sakh.com" />
+	<target host="nogliki.sakh.com" />
+	<target host="okha.sakh.com" />
+	<target host="pda.sakh.com" />
+	<target host="pogoda.sakh.com" />
+	<target host="poll.sakh.com" />
+	<target host="rabota.sakh.com" />
+	<target host="smirnyh.sakh.com" />
+	<target host="static.sakh.com" />
+	<target host="taxi.sakh.com" />
+	<target host="travel.sakh.com" />
+	<target host="users.sakh.com" />
+	<target host="ys.sakh.com" />
+	<target host="dolinsk.sakh.com" />
+	<target host="nevelsk.sakh.com" />
+	<target host="poronaysk.sakh.com" />
+	<target host="tymovskoe.sakh.com" />
+	<target host="ykurilsk.sakh.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/salesmedia.pl.xml b/src/chrome/content/rules/salesmedia.pl.xml
new file mode 100644
index 000000000000..659f71282e1e
--- /dev/null
+++ b/src/chrome/content/rules/salesmedia.pl.xml
@@ -0,0 +1,34 @@
+<!--
+	Nonfunctional hosts in *salesmedia.pl:
+
+		- system ʰ
+
+	ʰ Redirects to http
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.salesmedia.pl
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="salesmedia.pl (partial)">
+
+	<target host="salesmedia.pl" />
+	<target host="signup.salesmedia.pl" />
+	<target host="www.salesmedia.pl" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.salesmedia\.pl$" name="^symfony$" /-->
+
+	<securecookie host="^\." name="_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/salford.gov.uk.xml b/src/chrome/content/rules/salford.gov.uk.xml
new file mode 100644
index 000000000000..fcae6ab964a1
--- /dev/null
+++ b/src/chrome/content/rules/salford.gov.uk.xml
@@ -0,0 +1,21 @@
+<!--
+	For other UK government coverage, see GOV.UK.xml.
+
+	Non-functional hosts
+		Timeout was reached:
+		- citymayor.salford.gov.uk
+
+		5xx server error:
+		- maps.salford.gov.uk
+-->
+<ruleset name="Salford.gov.uk (partial)">
+	<target host="epetitions.salford.gov.uk" />
+	<target host="publicaccess.salford.gov.uk" />
+	<target host="services.salford.gov.uk" />
+	<target host="stats.salford.gov.uk" />
+	<target host="ww1.salford.gov.uk" />
+	<target host="www.salford.gov.uk" />
+	<target host="youraccount.salford.gov.uk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/salixos.org.xml b/src/chrome/content/rules/salixos.org.xml
new file mode 100644
index 000000000000..d634b08aee05
--- /dev/null
+++ b/src/chrome/content/rules/salixos.org.xml
@@ -0,0 +1,12 @@
+<!--guide. mismatch
+people. refused
+backup. refused
+download. refused-->
+<ruleset name="salixos.org">
+	<target host="salixos.org" />
+	<target host="www.salixos.org" />
+	<target host="docs.salixos.org" />
+	<target host="forum.salixos.org" />
+	<target host="start.salixos.org" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/salt.zone.xml b/src/chrome/content/rules/salt.zone.xml
new file mode 100644
index 000000000000..12305aeb41dd
--- /dev/null
+++ b/src/chrome/content/rules/salt.zone.xml
@@ -0,0 +1,18 @@
+<!--
+www.salt.zone ²
+academy.salt.zone ¹
+
+
+¹ mismatch
+² refused
+-->
+<ruleset name="salt.zone">
+	<target host="salt.zone" />
+
+	<target host="www.salt.zone" />
+
+	<rule from="^http://www\.salt\.zone/"
+		to="https://salt.zone/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/saltpack.org.xml b/src/chrome/content/rules/saltpack.org.xml
new file mode 100644
index 000000000000..04d4bdebd68b
--- /dev/null
+++ b/src/chrome/content/rules/saltpack.org.xml
@@ -0,0 +1,11 @@
+<ruleset name="saltpack.org">
+
+	<target host="saltpack.org" />
+	<target host="www.saltpack.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/samaratoday.ru.xml b/src/chrome/content/rules/samaratoday.ru.xml
new file mode 100644
index 000000000000..46917becb367
--- /dev/null
+++ b/src/chrome/content/rules/samaratoday.ru.xml
@@ -0,0 +1,22 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://samaratoday.ru/ => https://samaratoday.ru/: (51, "SSL: no alternative certificate subject name matches target host name 'samaratoday.ru'")
+Fetch error: http://www.samaratoday.ru/ => https://www.samaratoday.ru/: (51, "SSL: no alternative certificate subject name matches target host name 'www.samaratoday.ru'")
+
+elbi.samaratoday.ru ⁴
+rock.samaratoday.ru ⁴
+forum.samaratoday.ru mixed content
+news.samaratoday.ru mixed content
+
+
+⁴ self signed
+-->
+<ruleset name="samaratoday.ru" default_off="failed ruleset test">
+	<target host="samaratoday.ru" />
+	<target host="www.samaratoday.ru" />
+	<target host="gorodok.samaratoday.ru" />
+	<target host="love.samaratoday.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/samlab.ws.xml b/src/chrome/content/rules/samlab.ws.xml
new file mode 100644
index 000000000000..a10ba660862d
--- /dev/null
+++ b/src/chrome/content/rules/samlab.ws.xml
@@ -0,0 +1,16 @@
+<!--
+	Invalid certificate:
+		ftp.samlab.ws
+		ipv4.samlab.ws
+		mail.samlab.ws
+		webmail.samlab.ws
+
+	Unreachable:
+		ipv6.samlab.ws
+-->
+<ruleset name="samlab.ws">
+	<target host="samlab.ws" />
+	<target host="www.samlab.ws" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/samltool.com.xml b/src/chrome/content/rules/samltool.com.xml
new file mode 100644
index 000000000000..4d68a35f386a
--- /dev/null
+++ b/src/chrome/content/rules/samltool.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="samltool.com">
+	<target host="samltool.com" />
+	<target host="www.samltool.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/sampelongbeach.org.xml b/src/chrome/content/rules/sampelongbeach.org.xml
new file mode 100644
index 000000000000..22d707b3d6db
--- /dev/null
+++ b/src/chrome/content/rules/sampelongbeach.org.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- sampelongbeach.org
+		- www.sampelongbeach.org
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Smape Long Beach.org" default_off="mismatched">
+
+	<target host="sampelongbeach.org" />
+	<target host="www.sampelongbeach.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?sampelongbeach\.org$" name="^dps_site_id$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/samy.pl.xml b/src/chrome/content/rules/samy.pl.xml
new file mode 100644
index 000000000000..8dbd063bf12f
--- /dev/null
+++ b/src/chrome/content/rules/samy.pl.xml
@@ -0,0 +1,24 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.samy.pl/ => https://www.samy.pl/: (51, "SSL: no alternative certificate subject name matches target host name 'www.samy.pl'")
+
+www.imap.samy.pl ¹
+mail.samy.pl ¹
+www.mx1.samy.pl ¹
+www.pmsdns.samy.pl ¹
+www.pop.samy.pl ¹
+smtp.samy.pl ¹
+w.samy.pl ¹
+ww.samy.pl ¹
+
+
+¹ mismatch
+-->
+<ruleset name="samy.pl" default_off="failed ruleset test">
+	<target host="samy.pl" />
+	<target host="www.samy.pl" />
+	<target host="188.165.140.80.ip.samy.pl" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/sandwell.gov.uk.xml b/src/chrome/content/rules/sandwell.gov.uk.xml
new file mode 100644
index 000000000000..83984498b7b3
--- /dev/null
+++ b/src/chrome/content/rules/sandwell.gov.uk.xml
@@ -0,0 +1,71 @@
+<!--
+	Sandwell Metropolitan Borough Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *sandwell.gov.uk:
+
+		- (www.)?irec ʳ
+		- landchargesearch ʳ
+		- clubs.libraries ʳ
+		- register.streetworks ᵈ
+		- webcaps ᵈ
+
+	ᵈ Dropped
+	ʳ Refused
+
+
+	^sandwell.gov.uk: Refused
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- cmis.sandwell.gov.uk
+		- www.sandwell.gov.uk
+		- .www.sandwell.gov.uk
+
+
+	Mixed content:
+
+		- Images on my from www.sandwell.gov.uk ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Sandwell.gov.uk (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="cmis.sandwell.gov.uk" />
+	<target host="forms.sandwell.gov.uk" />
+	<target host="emsonline.lea.sandwell.gov.uk" />
+	<target host="my.sandwell.gov.uk" />
+	<target host="www.sandwell.gov.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="sandwell.gov.uk" />
+
+		<!--	Sets cookies without Secure:
+							-->
+		<!--test url="http://cmis.sandwell.gov.uk/cmis5/ePetitions.aspx" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^cmis\.sandwell\.gov\.uk$" name="^(?:\.ASPXANONYMOUS|ASP\.NET_SessionId|language)$" /-->
+	<!--securecookie host="^www\.sandwell\.gov\.uk$" name="^\w+$" /-->
+	<!--securecookie host="^\.www\.sandwell\.gov\.uk$" name="^TestCookie$" /-->
+
+	<securecookie host="^\.www\." name=".+" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://sandwell\.gov\.uk/"
+		to="https://www.sandwell.gov.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/sanghicement.com.xml b/src/chrome/content/rules/sanghicement.com.xml
new file mode 100644
index 000000000000..46b34f01797f
--- /dev/null
+++ b/src/chrome/content/rules/sanghicement.com.xml
@@ -0,0 +1,13 @@
+<!--
+	Time out:
+		crm.sanghicement.com
+		mail.sanghicement.com
+		mail1.sanghicement.com
+		srm.sanghicement.com
+-->
+<ruleset name="sanghicement.com">
+	<target host="sanghicement.com" />
+	<target host="www.sanghicement.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/sankakucomplex.com.xml b/src/chrome/content/rules/sankakucomplex.com.xml
new file mode 100644
index 000000000000..c73e4709fa7a
--- /dev/null
+++ b/src/chrome/content/rules/sankakucomplex.com.xml
@@ -0,0 +1,28 @@
+<!--
+
+	Nonfunctional domains:
+
+		- charts	(blank page)
+
+-->
+<ruleset name="Sankaku Complex.com">
+
+	<target host="sankakucomplex.com" />
+	<target host="c.sankakucomplex.com" />
+	<target host="data.sankakucomplex.com" />
+	<target host="extra.sankakucomplex.com" />
+	<target host="i.sankakucomplex.com" />
+	<target host="images.sankakucomplex.com" />
+	<target host="www.sankakucomplex.com" />
+	<target host="chan.sankakucomplex.com" />
+	<target host="idol.sankakucomplex.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/sanomacloud.net.xml b/src/chrome/content/rules/sanomacloud.net.xml
new file mode 100644
index 000000000000..26c30669ade1
--- /dev/null
+++ b/src/chrome/content/rules/sanomacloud.net.xml
@@ -0,0 +1,20 @@
+<!--
+	Note: platform is so as not to increase non-Tor
+	distinguishability, given that no pages are covered
+	and no mixed content secured.
+
+-->
+<ruleset name="sanomacloud.net (resources)" platform="mixedcontent">
+
+	<target host="static-sls.smf.aws.sanomacloud.net" />
+
+		<test url="http://static-sls.smf.aws.sanomacloud.net/vauva.fi/s3fs-public/styles/mini_square/public/main_media/tilaauutiskirje.gif" /><!--	3385 -->
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/sanomakauppa.fi.xml b/src/chrome/content/rules/sanomakauppa.fi.xml
new file mode 100644
index 000000000000..9c29e192ee84
--- /dev/null
+++ b/src/chrome/content/rules/sanomakauppa.fi.xml
@@ -0,0 +1,40 @@
+<!--
+	For other Sanoma Corporation coverage, see Sanoma.com.xml.
+
+
+	^sanomakauppa.fi: handshake fails
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.sanomakauppa.fi
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Sanomakauppa.fi">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.sanomakauppa.fi" />
+
+	<!--	Complications:
+				-->
+	<target host="sanomakauppa.fi" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.sanomakauppa\.fi$" name="^(?:pgid|sid)$" /-->
+
+	<securecookie host="^\." name="^_ga" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://sanomakauppa\.fi/"
+		to="https://www.sanomakauppa.fi/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/saptco.com.sa.xml b/src/chrome/content/rules/saptco.com.sa.xml
new file mode 100644
index 000000000000..57bf21db970e
--- /dev/null
+++ b/src/chrome/content/rules/saptco.com.sa.xml
@@ -0,0 +1,11 @@
+<ruleset name="saptco.com.sa">
+	<target host="saptco.com.sa" />
+	<target host="www.saptco.com.sa" />
+	<target host="mobile.saptco.com.sa" />
+	<target host="portal.saptco.com.sa" />
+	<target host="webmail.saptco.com.sa" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/saskatooncarshare.xml b/src/chrome/content/rules/saskatooncarshare.xml
new file mode 100644
index 000000000000..6a1a527ebaac
--- /dev/null
+++ b/src/chrome/content/rules/saskatooncarshare.xml
@@ -0,0 +1,6 @@
+<ruleset name="saskatooncarshare">
+	<target host="saskatooncarshare.com" />
+	<target host="www.saskatooncarshare.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/saskcoop.xml b/src/chrome/content/rules/saskcoop.xml
new file mode 100644
index 000000000000..2d5e5f4ca0bc
--- /dev/null
+++ b/src/chrome/content/rules/saskcoop.xml
@@ -0,0 +1,5 @@
+<ruleset name="saskcoop">
+	<target host="sask.coop" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/saturn.de.xml b/src/chrome/content/rules/saturn.de.xml
new file mode 100644
index 000000000000..3cd2a600f65b
--- /dev/null
+++ b/src/chrome/content/rules/saturn.de.xml
@@ -0,0 +1,85 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://tracking.saturn.de/ => https://tracking.saturn.de/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+abfrage.saturn.de ⁷
+aktion.saturn.de ⁷
+www.ankaufservice.saturn.de ¹
+ausfall.saturn.de ³
+backend-wls-sd.saturn.de ³
+backoffice.saturn.de ³
+drohnen.saturn.de ¹
+ebookdownload.saturn.de ³
+fotoservice.saturn.de ¹
+www.fotoservice.saturn.de ¹
+m.fotoservice.saturn.de ¹
+games.saturn.de ³
+handytarife.saturn.de ⁶
+image.saturn.de ³
+immervorndabei.saturn.de ¹
+jobbaukasten.saturn.de ³
+juke.saturn.de ¹
+www.juke.saturn.de ¹
+link-download.saturn.de ¹
+mcstest.saturn.de ³
+mobilfunkvertrag.saturn.de ²
+mp3.saturn.de ³
+www.mp3.saturn.de ³
+mp3test.saturn.de ⁴
+musicdownloadtest.saturn.de ⁴
+news-de.saturn.de ¹
+newsletter.saturn.de ³
+posterxxlshop.saturn.de ¹
+saturncardimage.saturn.de ¹
+smarthome.saturn.de ¹
+softwaredownload.saturn.de ³
+stadion.saturn.de ¹
+store.saturn.de ³
+surface.saturn.de ¹
+tech-nicks-wohnung.saturn.de ³
+technikbegeisterung.saturn.de ⁴
+test.saturn.de ³
+hb.tracking.saturn.de ⁴
+video-download.saturn.de ³
+video-downloadtest.saturn.de ³
+gewinnspiele.saturn.de different content
+prospekt.saturn.de different content
+
+
+¹ mismatch
+² refused
+³ timed out
+⁴ self signed
+⁶ redirect
+⁷ protocol error
+-->
+<ruleset name="saturn.de" default_off="failed ruleset test">
+	<target host="saturn.de" />
+	<target host="www.saturn.de" />
+	<target host="adventskalender.saturn.de" />
+	<target host="ankaufservice.saturn.de" />
+	<target host="assets.saturn.de" />
+	<target host="bestellservice.saturn.de" />
+	<target host="car.saturn.de" />
+	<target host="community.saturn.de" />
+	<target host="coupons.saturn.de" />
+	<target host="digitaleguthabenkarten.saturn.de" />
+	<target host="gccommunity.saturn.de" />
+	<target host="geschenkefinder.saturn.de" />
+	<target host="hilfe.saturn.de" />
+	<target host="innovationfactory.saturn.de" />
+	<target host="lithium.saturn.de" />
+	<target host="m.saturn.de" />
+	<target host="perf.saturn.de" />
+	<target host="posterxxlshoptest.saturn.de" />
+	<target host="samsung-highlight.saturn.de" />
+	<target host="stage.saturn.de" />
+	<target host="technikwall.saturn.de" />
+	<target host="techtalk.saturn.de" />
+	<target host="tracking.saturn.de" />
+	<target host="widerruf.saturn.de" />
+	<target host="www2.saturn.de" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/save.org.xml b/src/chrome/content/rules/save.org.xml
new file mode 100644
index 000000000000..8173ce87bb4f
--- /dev/null
+++ b/src/chrome/content/rules/save.org.xml
@@ -0,0 +1,32 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.save.org
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Images from $self ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Save.org">
+
+	<target host="save.org" />
+	<target host="www.save.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.save\.org$" name="^(?:PHPSESSID|[\da-z]+_check)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/say.ac.xml b/src/chrome/content/rules/say.ac.xml
new file mode 100644
index 000000000000..5124a063416c
--- /dev/null
+++ b/src/chrome/content/rules/say.ac.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- say.ac
+		- www.say.ac
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Say.ac">
+
+	<target host="say.ac" />
+	<target host="www.say.ac" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?say\.ac$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/scambs.gov.uk.xml b/src/chrome/content/rules/scambs.gov.uk.xml
new file mode 100644
index 000000000000..7e834fb8b76f
--- /dev/null
+++ b/src/chrome/content/rules/scambs.gov.uk.xml
@@ -0,0 +1,59 @@
+<!--
+	South Cambridgeshire District Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *scambs.gov.uk:
+
+		- plan ᵈ
+
+	ᵈ Refused
+
+
+	Partially covered hosts in *scambs.gov.uk:
+
+		- plan
+
+-->
+<ruleset name="SCambs.gov.uk (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="scambs.gov.uk" />
+	<target host="egov.scambs.gov.uk" />
+	<target host="www.scambs.gov.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="plan.scambs.gov.uk" />
+
+		<test url="http://egov.scambs.gov.uk/riaplanning/index_search.html" />
+
+
+	<securecookie host="^(?!plan\.)\w" name=".+" />
+
+
+	<!--	Redirect drops forward slash and args:
+							-->
+	<rule from="^http://plan\.scambs\.gov\.uk/.*"
+		to="https://www.scambs.gov.uk/services/planning-applications" />
+
+		<exclusion pattern="^http://plan\.scambs\.gov\.uk/+(?!$|\?)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://plan.scambs.gov.uk/default.aspx" />
+			<test url="http://plan.scambs.gov.uk/index.htm" />
+			<test url="http://plan.scambs.gov.uk/index.html" />
+			<test url="http://plan.scambs.gov.uk/index.jsp" />
+			<test url="http://plan.scambs.gov.uk/index.php" />
+
+			<!--	-ve:
+					-->
+			<test url="http://plan.scambs.gov.uk/?" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/scarborough.gov.uk.xml b/src/chrome/content/rules/scarborough.gov.uk.xml
new file mode 100644
index 000000000000..6a8277227a07
--- /dev/null
+++ b/src/chrome/content/rules/scarborough.gov.uk.xml
@@ -0,0 +1,53 @@
+<!--
+	Scarborough Borough Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *scarborough.gov.uk:
+
+		- democracy ᵈ
+		- planning ᵈ
+
+	ᵈ Refused
+
+
+	Problematic hosts in *scarborough.gov.uk:
+
+		- ^ ʳ
+		- parkingpcns ᶜ
+		- www ᵐ
+
+	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
+	ᵐ Mismatched
+	ʳ Refused
+
+
+	These altnames do not exist:
+
+		- www.licensing.scarborough.gov.uk
+		- www.parkingpcns.scarborough.gov.uk
+
+
+	Insecure cookies are set for these hosts:
+
+		- parkingpcns.scarborough.gov.uk
+
+-->
+<ruleset name="Scarborough.gov.uk (partial)">
+
+	<target host="licensing.scarborough.gov.uk" />
+	<!--target host="parkingpcns.scarborough.gov.uk" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^parkingpcns\.scarborough\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/schelkovo-net.ru.xml b/src/chrome/content/rules/schelkovo-net.ru.xml
new file mode 100644
index 000000000000..f58e9e30a56d
--- /dev/null
+++ b/src/chrome/content/rules/schelkovo-net.ru.xml
@@ -0,0 +1,17 @@
+<!--
+blacklist.schelkovo-net.ru ³
+offline.schelkovo-net.ru ³
+bonusliga.schelkovo-net.ru different content
+support-online.schelkovo-net.ru different content
+
+
+³ timed out
+-->
+<ruleset name="schelkovo-net.ru">
+	<target host="schelkovo-net.ru" />
+	<target host="www.schelkovo-net.ru" />
+	<target host="cabinet.schelkovo-net.ru" />
+	<target host="corp.schelkovo-net.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/schema.org.xml b/src/chrome/content/rules/schema.org.xml
new file mode 100644
index 000000000000..212f5511dbb4
--- /dev/null
+++ b/src/chrome/content/rules/schema.org.xml
@@ -0,0 +1,25 @@
+<!--
+	Refused:
+		- blog.schema.org
+
+	Timeout:
+		- www.schema.org
+-->
+<ruleset name="schema.org">
+
+	<target host="schema.org" />
+	<target host="attic.schema.org" />
+	<target host="auto.schema.org" />
+	<target host="bib.schema.org" />
+	<target host="fibo.schema.org" />
+	<target host="finance.schema.org" />
+	<target host="google.schema.org" />
+	<target host="health-lifesci.schema.org" />
+	<target host="iot.schema.org" />
+	<target host="legal.schema.org" />
+	<target host="meta.schema.org" />
+	<target host="pending.schema.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/schneierfacts.com.xml b/src/chrome/content/rules/schneierfacts.com.xml
new file mode 100644
index 000000000000..7b19238b3704
--- /dev/null
+++ b/src/chrome/content/rules/schneierfacts.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="Schneier Facts.com">
+
+	<target host="schneierfacts.com" />
+	<target host="www.schneierfacts.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/schokokeks.org-CACert.xml b/src/chrome/content/rules/schokokeks.org-CACert.xml
deleted file mode 100644
index c9b55ac99c4f..000000000000
--- a/src/chrome/content/rules/schokokeks.org-CACert.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<!--	See schokokeks.org.xml also
--->
-<ruleset name="schokokeks.org (CAcert)" platform="cacert">
-
-	<target host="schokokeks.org" />
-	<target host="source.schokokeks.org" />
-	<target host="www.schokokeks.org" />
-
-	<rule from="^http://(source\.|www\.)?schokokeks\.org/"
-		to="https://$1schokokeks.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/schokokeks.org.xml b/src/chrome/content/rules/schokokeks.org.xml
deleted file mode 100644
index 1599c02aef94..000000000000
--- a/src/chrome/content/rules/schokokeks.org.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--	See schokokeks.org-CACert.xml also
--->
-<ruleset name="schokokeks.org">
-
-	<target host="bugs.schokokeks.org" />
-	<target host="config.schokokeks.org" />
-	<target host="keys.schokokeks.org" />
-	<target host="webmail.schokokeks.org" />
-	<target host="wiki.schokokeks.org" />
-
-	<securecookie host="^(bugs|config)\.schokokeks\.org$" name=".*"/>
-
-	<rule from="^http://(bugs|config|keys|webmail|wiki)\.schokokeks\.org/"
-		to="https://$1.schokokeks.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/schotty.com.xml b/src/chrome/content/rules/schotty.com.xml
new file mode 100644
index 000000000000..64f485411806
--- /dev/null
+++ b/src/chrome/content/rules/schotty.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="Schotty.com">
+
+	<target host="schotty.com" />
+	<target host="www.schotty.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/schraubenluchs.de.xml b/src/chrome/content/rules/schraubenluchs.de.xml
new file mode 100644
index 000000000000..831b4e2fa01d
--- /dev/null
+++ b/src/chrome/content/rules/schraubenluchs.de.xml
@@ -0,0 +1,7 @@
+<ruleset name="schraubenluchs.de">
+	<target host="schraubenluchs.de"/>
+	<target host="www.schraubenluchs.de"/>
+
+	<rule from="^http:"
+		to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/schulthess.com.xml b/src/chrome/content/rules/schulthess.com.xml
new file mode 100644
index 000000000000..c79dce7f8925
--- /dev/null
+++ b/src/chrome/content/rules/schulthess.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="schulthess.com">
+	<target host="schulthess.com"/>
+	<target host="www.schulthess.com"/>
+
+	<rule from="^http://schulthess\.com/"
+		to="https://www.schulthess.com/"/>
+	<rule from="^http:"
+		to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/sciamdigital.com.xml b/src/chrome/content/rules/sciamdigital.com.xml
new file mode 100644
index 000000000000..4892841484bf
--- /dev/null
+++ b/src/chrome/content/rules/sciamdigital.com.xml
@@ -0,0 +1,23 @@
+<!--
+	For other Scientific American coverage, see Scientific-American.xml.
+
+
+	(www.)?sciamdigital.com: mismatched
+
+-->
+<ruleset name="SciAm Digital.com (partial)">
+
+	<target host="sciamdigital.com" />
+	<target host="www.sciamdigital.com" />
+
+
+	<!--	Redirect drops path and forward
+		slash but not args:
+						-->
+	<rule from="^http://(?:www\.)?sciamdigital\.com/[^?]*"
+		to="https://www.scientificamerican.com/page/welcome-scientific-american-digital-customers" />
+
+		<test url="http://sciamdigital.com/browse.cfm?sequencenameCHAR=item&amp;methodnameCHAR=resource_getitembrowse&amp;interfacenameCHAR=browse.cfm&amp;ISSUEID_CHAR=8DB13CA8-" />
+		<test url="http://www.sciamdigital.com/index.cfm?fa=Products.ViewIssuePreview&amp;ARTICLEID_CHAR=3D4CC15B-2B35-221B-67A32834EAF3B295" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/sciencealert.com.xml b/src/chrome/content/rules/sciencealert.com.xml
new file mode 100644
index 000000000000..8c154c73c010
--- /dev/null
+++ b/src/chrome/content/rules/sciencealert.com.xml
@@ -0,0 +1,18 @@
+<!--
+	Invalid certificate:
+		staging\d.sciencealert.com
+		www.staging\d.sciencealert.com
+
+-->
+<ruleset name="ScienceAlert.com">
+
+	<target host="sciencealert.com" />
+	<target host="www.sciencealert.com" />
+	<target host="academy.sciencealert.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/sciencedirect.com.xml b/src/chrome/content/rules/sciencedirect.com.xml
new file mode 100644
index 000000000000..3f24d070b8c0
--- /dev/null
+++ b/src/chrome/content/rules/sciencedirect.com.xml
@@ -0,0 +1,53 @@
+<!--
+	No working URL known:
+		cert.sciencedirect.com
+		highlight.sciencedirect.com (503)
+		logger.sciencedirect.com
+
+	Time out:
+		alpha.sciencedirect.com
+
+	Invalid certificate:
+		ars.sciencedirect.com
+		binary-services.sciencedirect.com
+		metrics.sciencedirect.com
+		technology.sciencedirect.com
+
+	Refused connection:
+		help.sciencedirect.com
+			(website sometimes links to //help.sciencedirect.com even though it is not working)
+		info.sciencedirect.com
+		www.info.sciencedirect.com
+
+	Secure connection failed:
+		top25.sciencedirect.com
+
+-->
+<ruleset name="ScienceDirect.com">
+
+	<target host="sciencedirect.com" />
+	<target host="www.sciencedirect.com" />
+		<test url="http://www.sciencedirect.com/science/article/pii/S0004370215000843" />
+	<target host="acw.sciencedirect.com" />
+	<target host="admintool.sciencedirect.com" />
+	<target host="attach.sciencedirect.com" />
+	<target host="blog.sciencedirect.com" />
+	<target host="cdc310-www.sciencedirect.com" />
+	<target host="cdc332-www.sciencedirect.com" />
+	<target host="ehr.sciencedirect.com" />
+		<test url="http://ehr.sciencedirect.com/ehr/manageReports.url" />
+	<target host="feeds.sciencedirect.com" />
+	<target host="holdings.sciencedirect.com" />
+	<target host="pdn.sciencedirect.com" />
+	<target host="rss.sciencedirect.com" />
+
+	<target host="sdfestaticassets.sciencedirectassets.com" />
+		<test url="http://sdfestaticassets.sciencedirectassets.com/prod/9b58ca69938c5ab521a75fffc20b1f4d285d94a0/images/logo.png" />
+	<target host="sdfestaticassets-us-east-1.sciencedirectassets.com" />
+		<test url="http://sdfestaticassets-us-east-1.sciencedirectassets.com/prod/9b58ca69938c5ab521a75fffc20b1f4d285d94a0/images/logo.png" />
+	<target host="sdfestaticassets-us-west-2.sciencedirectassets.com" />
+		<test url="http://sdfestaticassets-us-west-2.sciencedirectassets.com/prod/9b58ca69938c5ab521a75fffc20b1f4d285d94a0/images/logo.png" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/scmagazine.com.xml b/src/chrome/content/rules/scmagazine.com.xml
new file mode 100644
index 000000000000..da18871b72a7
--- /dev/null
+++ b/src/chrome/content/rules/scmagazine.com.xml
@@ -0,0 +1,67 @@
+<!--
+	For other Haymarket coverage, see Haymarket.xml.
+
+
+	CDN buckets:
+
+		- dw5yb2c18zulu.cloudfront.net	← media
+
+
+	Problematic hosts in *scmagazine.com:
+
+		- ^ ᵃ ᵐ
+		- media ᵐ
+		- outsidelens ᵐ
+
+	ᵃ Shows another domain, preemptable redirect
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.scmagazine.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- iframe on www from outsidelens.scmagazine.com
+
+		- Images, on:
+
+			- outsidelens from static.media.magnify.net.s3.amazonaws.com
+			- www from media.scmagazine.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="SC Magazine.com (partial)" platform="mixedcontent">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.scmagazine.com" />
+
+	<!--	Complications:
+				-->
+	<target host="scmagazine.com" />
+	<target host="media.scmagazine.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.scmagazine\.com$" name="^(?:ASP\.NET_SessionId|AWSELB|CustomModalRegistrationDelay2)$" /-->
+
+	<securecookie host=".+" name="^optimizely" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://scmagazine\.com/"
+		to="https://www.scmagazine.com/" />
+
+		<test url="http://media.scmagazine.com/images/2012/07/02/oba_advertising_15_271149_272924.png" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/scnsrc.net.xml b/src/chrome/content/rules/scnsrc.net.xml
new file mode 100644
index 000000000000..69a48114929f
--- /dev/null
+++ b/src/chrome/content/rules/scnsrc.net.xml
@@ -0,0 +1,7 @@
+<ruleset name="scnsrc.net">
+	<target host="scnsrc.net" />
+	<target host="www.scnsrc.net" />
+	<target host="pre.scnsrc.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/scoding.de.xml b/src/chrome/content/rules/scoding.de.xml
new file mode 100644
index 000000000000..c295fc76b57a
--- /dev/null
+++ b/src/chrome/content/rules/scoding.de.xml
@@ -0,0 +1,38 @@
+<!--
+	www.scoding.de: 400, sets STS header
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- cloud.scoding.de
+		- www.scoding.de
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="scoding.de">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="scoding.de" />
+	<target host="cloud.scoding.de" />
+
+	<!--	Complications:
+				-->
+	<target host="www.scoding.de" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:cloud|www)\.scoding\.de$" name="^oc[\da-f]{10}$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://www\.scoding\.de/"
+		to="https://scoding.de/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/scons.org.xml b/src/chrome/content/rules/scons.org.xml
new file mode 100644
index 000000000000..ed8cfc93bf84
--- /dev/null
+++ b/src/chrome/content/rules/scons.org.xml
@@ -0,0 +1,7 @@
+<ruleset name="scons.org">
+	<target host="scons.org" />
+	<target host="www.scons.org" />
+	<!-- mismatch <target host="ftp.scons.org" /> -->
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/scoreassured.com.xml b/src/chrome/content/rules/scoreassured.com.xml
new file mode 100644
index 000000000000..d8527f6b9238
--- /dev/null
+++ b/src/chrome/content/rules/scoreassured.com.xml
@@ -0,0 +1,31 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://scoreassured.com/ => https://scoreassured.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.scoreassured.com/ => https://www.scoreassured.com/: (60, 'SSL certificate problem: certificate has expired')
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- scoreassured.com
+		- www.scoreassured.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Score Assured.com" default_off="failed ruleset test">
+
+	<target host="scoreassured.com" />
+	<target host="www.scoreassured.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?scoreassured\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/scotland.police.uk-mixedcontent.xml b/src/chrome/content/rules/scotland.police.uk-mixedcontent.xml
new file mode 100644
index 000000000000..f45de0215389
--- /dev/null
+++ b/src/chrome/content/rules/scotland.police.uk-mixedcontent.xml
@@ -0,0 +1,37 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.scotland.police.uk/your-community/ => https://www.scotland.police.uk/your-community/: Too many redirects while fetching 'https://www.scotland.police.uk/your-community/'
+Fetch error: http://www.scotland.police.uk/your-community/fife/ => https://www.scotland.police.uk/your-community/fife/: Too many redirects while fetching 'https://www.scotland.police.uk/your-community/fife/'
+
+	For rules not causing MCB, see scotland.police.uk.xml.
+
+
+	NB: See https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Scotland.Police.uk (MCB)" platform="mixedcontent" default_off="failed ruleset test">
+
+	<target host="www.scotland.police.uk" />
+
+		<exclusion pattern="^http://www\.scotland\.police\.uk/(?!/*(?:contact-us/$|your-community/))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.scotland.police.uk/assets/images/small/signing" />
+			<test url="http://www.scotland.police.uk/contact-us/contact-us-form" />
+			<test url="http://www.scotland.police.uk/contact-us/countering-terrorism" />
+			<test url="http://www.scotland.police.uk/contact-us/hate-crime-and-third-party-reporting/" />
+			<test url="http://www.scotland.police.uk/keep-safe/advice-for-victims-of-crime/domestic-abuse/reporting-domestic-abuse/" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.scotland.police.uk/contact-us/" />
+			<test url="http://www.scotland.police.uk/your-community/" />
+			<test url="http://www.scotland.police.uk/your-community/fife/" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/scotland.police.uk.xml b/src/chrome/content/rules/scotland.police.uk.xml
new file mode 100644
index 000000000000..66f06e58b743
--- /dev/null
+++ b/src/chrome/content/rules/scotland.police.uk.xml
@@ -0,0 +1,78 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.askthe.scotland.police.uk/ => https://www.askthe.scotland.police.uk/: (6, 'Could not resolve host: www.askthe.scotland.police.uk')
+
+	For rules causing MCB, see scotland.police.uk-mixedcontent.xml.
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *scotland.police.uk:
+
+		- moodle ʳ
+
+	ʳ Refused
+
+
+	Mixed content:
+
+		- css, on:
+
+			- www from serverapi.arcgisonline.com ˢ
+			- www from live.policestatic.co.uk ʰ
+
+		- Images on www from $self ʰ
+
+	ʰ Unsecurable <= redirects to http
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Scotland.Police.uk (partial)" default_off="failed ruleset test">
+
+	<target host="www.askthe.scotland.police.uk" />
+	<target host="www.scotland.police.uk" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.scotland\.police\.uk/(?:$|assets/(?:images|pdf)/|contact-us/(?:contact-us-form|countering-terrorism|hate-crime-and-third-party-reporting/)$)" /-->
+		<!--
+			Mixed css:
+					-->
+		<!--exclusion pattern="^http://www\.scotland\.police\.uk/(?!/*(?:contact-us/$|your-community/))" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.scotland\.police\.uk/(?!/*(?:domestic-abuse|hate-crime|secureforms)(?:$|[?/]))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.scotland.police.uk/assets/images/small/signing" />
+			<!--
+				(srsly:)
+						-->
+			<test url="http://www.scotland.police.uk/contact-us/contact-us-form" />
+			<test url="http://www.scotland.police.uk/contact-us/countering-terrorism" />
+			<test url="http://www.scotland.police.uk/contact-us/hate-crime-and-third-party-reporting/" />
+			<test url="http://www.scotland.police.uk/keep-safe/advice-for-victims-of-crime/domestic-abuse/reporting-domestic-abuse/" />
+			<!--
+				(mixed css:)
+						-->
+			<test url="http://www.scotland.police.uk/contact-us/" />
+			<test url="http://www.scotland.police.uk/your-community/" />
+			<test url="http://www.scotland.police.uk/your-community/fife/" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.scotland.police.uk/domestic-abuse/" />
+			<test url="http://www.scotland.police.uk/hate-crime/" />
+			<test url="http://www.scotland.police.uk/secureforms/" />
+
+
+	<securecookie host="^(?!www\.s)\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/scrutinizer-ci.com.xml b/src/chrome/content/rules/scrutinizer-ci.com.xml
new file mode 100644
index 000000000000..caf61ae4538d
--- /dev/null
+++ b/src/chrome/content/rules/scrutinizer-ci.com.xml
@@ -0,0 +1,61 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://worker100.scrutinizer-ci.com/ => https://worker100.scrutinizer-ci.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://worker105.scrutinizer-ci.com/ => https://worker105.scrutinizer-ci.com/: (28, 'Connection timed out after 20008 milliseconds')
+Fetch error: http://worker107.scrutinizer-ci.com/ => https://worker107.scrutinizer-ci.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+dbm2.scrutinizer-ci.com ²
+dbm3.scrutinizer-ci.com ²
+db-php.hz.scrutinizer-ci.com ²
+worker1.hz.scrutinizer-ci.com ²
+worker10.hz.scrutinizer-ci.com ²
+worker11.hz.scrutinizer-ci.com ²
+worker12.hz.scrutinizer-ci.com ²
+worker13.hz.scrutinizer-ci.com ²
+worker14.hz.scrutinizer-ci.com ²
+worker16.hz.scrutinizer-ci.com ²
+worker17.hz.scrutinizer-ci.com ²
+worker18.hz.scrutinizer-ci.com ²
+worker19.hz.scrutinizer-ci.com ²
+worker2.hz.scrutinizer-ci.com ²
+worker20.hz.scrutinizer-ci.com ²
+worker3.hz.scrutinizer-ci.com ²
+worker4.hz.scrutinizer-ci.com ²
+worker5.hz.scrutinizer-ci.com ²
+worker6.hz.scrutinizer-ci.com ²
+worker7.hz.scrutinizer-ci.com ²
+worker8.hz.scrutinizer-ci.com ²
+worker9.hz.scrutinizer-ci.com ²
+mail.scrutinizer-ci.com ¹
+nfs1.scrutinizer-ci.com ⁵
+nfs2.scrutinizer-ci.com ³
+s3.scrutinizer-ci.com ³
+deis.wf.scrutinizer-ci.com ¹
+service1.wf.scrutinizer-ci.com ²
+service2.wf.scrutinizer-ci.com ²
+web1.wf.scrutinizer-ci.com ¹
+web2.wf.scrutinizer-ci.com ¹
+worker101.scrutinizer-ci.com ²
+worker102.scrutinizer-ci.com ²
+worker103.scrutinizer-ci.com ²
+worker106.scrutinizer-ci.com ²
+wss.scrutinizer-ci.com different content
+
+
+¹ mismatch
+² refused
+³ timed out
+⁵ expired
+-->
+<ruleset name="scrutinizer-ci.com" default_off="failed ruleset test">
+	<target host="scrutinizer-ci.com" />
+	<target host="www.scrutinizer-ci.com" />
+	<target host="status.scrutinizer-ci.com" />
+	<target host="wf.scrutinizer-ci.com" />
+	<target host="worker100.scrutinizer-ci.com" />
+	<target host="worker105.scrutinizer-ci.com" />
+	<target host="worker107.scrutinizer-ci.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/sdkboy.com.xml b/src/chrome/content/rules/sdkboy.com.xml
new file mode 100644
index 000000000000..3cf4fa39046a
--- /dev/null
+++ b/src/chrome/content/rules/sdkboy.com.xml
@@ -0,0 +1,11 @@
+<ruleset name="sdkboy.com">
+	<target host="sdkboy.com" />
+	<target host="www.sdkboy.com" />
+	<target host="autodiscover.sdkboy.com" />
+	<target host="cpanel.sdkboy.com" />
+	<target host="mail.sdkboy.com" />
+	<target host="webdisk.sdkboy.com" />
+	<target host="webmail.sdkboy.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/sdrplay.com.xml b/src/chrome/content/rules/sdrplay.com.xml
new file mode 100644
index 000000000000..0cb098eabc6a
--- /dev/null
+++ b/src/chrome/content/rules/sdrplay.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="SDRplay.com">
+
+	<target host="sdrplay.com" />
+	<target host="www.sdrplay.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/se-sy.org.xml b/src/chrome/content/rules/se-sy.org.xml
new file mode 100644
index 000000000000..1b8691aa5a49
--- /dev/null
+++ b/src/chrome/content/rules/se-sy.org.xml
@@ -0,0 +1,32 @@
+<!--
+	Nonfunctional hosts in *se-sys.org:
+
+		- blog ᶠ
+
+	ᶠ Blogspot / handshake fails
+
+
+	www.se-sy.org: Mismatched
+
+-->
+<ruleset name="Se-Sy.org">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="se-sy.org" />
+
+	<!--	Complications:
+				-->
+	<target host="www.se-sy.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://www\.se-sy\.org/"
+		to="https://se-sy.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/se.no.xml b/src/chrome/content/rules/se.no.xml
new file mode 100644
index 000000000000..34335a0d120c
--- /dev/null
+++ b/src/chrome/content/rules/se.no.xml
@@ -0,0 +1,48 @@
+<!--
+	Insecure cookies are set for these domains: ᶜ
+
+		- .www.se.no
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css, on:
+
+			- www from blink.dagbladet.no
+			- www from konto.dagbladet.no ˢ
+			- www from $self ˢ
+
+		- Images, on:
+
+			- www from gfx.dagbladet.no ˢ
+			- www from $self ˢ
+
+		- Ads / bugs, on www from dagbladet.tns-cs.net ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="SE.no" platform="mixedcontent">
+
+	<target host="se.no" />
+	<target host="www.se.no" />
+
+		<!--	Sets cookie without Secure:
+							-->
+		<!--test url="http://www.se.no/tv/" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.www\.se\.no$" name="^tvsettings$" /-->
+
+	<securecookie host="^\." name="^(?:_gat?$|_gat_|optimizely)" />
+	<securecookie host="^(?!\.se\.no$)." name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/search404.io.xml b/src/chrome/content/rules/search404.io.xml
new file mode 100644
index 000000000000..8e5a68c7de7d
--- /dev/null
+++ b/src/chrome/content/rules/search404.io.xml
@@ -0,0 +1,8 @@
+<ruleset name="search404.io">
+	<target host="search404.io" />
+	<target host="www.search404.io" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/searchenginejournal.com.xml b/src/chrome/content/rules/searchenginejournal.com.xml
new file mode 100644
index 000000000000..81d75fe67eb4
--- /dev/null
+++ b/src/chrome/content/rules/searchenginejournal.com.xml
@@ -0,0 +1,28 @@
+<!--
+	Problematic hosts in *searchenginejournal.com:
+
+		- jobs ᵐ
+
+	ᵐ Mismatched
+
+-->
+<ruleset name="Search Engine Journal.com (partial)">
+
+	<target host="searchenginejournal.com" />
+	<target host="cdn.searchenginejournal.com" />
+	<target host="www.searchenginejournal.com" />
+
+		<test url="http://cdn.searchenginejournal.com/wp-content/themes/sej14/images/placeholder.gif" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?searchenginejournal\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/searchlock.com.xml b/src/chrome/content/rules/searchlock.com.xml
new file mode 100644
index 000000000000..a9a5bafdcbef
--- /dev/null
+++ b/src/chrome/content/rules/searchlock.com.xml
@@ -0,0 +1,15 @@
+<!--
+	Refused:
+		- blog
+		- community
+
+	Mismatch:
+		- get
+-->
+<ruleset name="searchlock.com">
+	<target host="searchlock.com" />
+	<target host="www.searchlock.com" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/searchteria.co.jp.xml b/src/chrome/content/rules/searchteria.co.jp.xml
new file mode 100644
index 000000000000..cd7824a8b941
--- /dev/null
+++ b/src/chrome/content/rules/searchteria.co.jp.xml
@@ -0,0 +1,20 @@
+<!--
+
+	Called from http://j.gmodmp.jp/js/d.js
+
+	Nonfunctional domains:
+
+	Problematic domains:
+
+		- sem3.searchteria.co.jp	(Invalid cert)
+
+-->
+
+<ruleset name="searchteria.co.jp">
+
+	<target host="op.searchteria.co.jp" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/searchx.mobi.xml b/src/chrome/content/rules/searchx.mobi.xml
new file mode 100644
index 000000000000..1b4ee39453f4
--- /dev/null
+++ b/src/chrome/content/rules/searchx.mobi.xml
@@ -0,0 +1,8 @@
+<ruleset name="searchx.mobi">
+	<target host="searchx.mobi" />
+	<target host="www.searchx.mobi" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/searx.at.xml b/src/chrome/content/rules/searx.at.xml
new file mode 100644
index 000000000000..a3103623e685
--- /dev/null
+++ b/src/chrome/content/rules/searx.at.xml
@@ -0,0 +1,8 @@
+<ruleset name="searx.at">
+	<target host="searx.at" />
+	<target host="www.searx.at" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/searx.ch.xml b/src/chrome/content/rules/searx.ch.xml
new file mode 100644
index 000000000000..bb3af95cd64b
--- /dev/null
+++ b/src/chrome/content/rules/searx.ch.xml
@@ -0,0 +1,8 @@
+<ruleset name="searx.ch">
+	<target host="searx.ch" />
+	<target host="www.searx.ch" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/searx.info.xml b/src/chrome/content/rules/searx.info.xml
new file mode 100644
index 000000000000..fb93aafaaf1e
--- /dev/null
+++ b/src/chrome/content/rules/searx.info.xml
@@ -0,0 +1,14 @@
+<!--
+	Invalid Certificate:
+		www.searx.info
+-->
+<ruleset name="searx.info">
+	<target host="searx.info" />
+	<target host="www.searx.info" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://www\.searx\.info/" to="https://searx.info/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/searx.me.xml b/src/chrome/content/rules/searx.me.xml
new file mode 100644
index 000000000000..f334381d57ad
--- /dev/null
+++ b/src/chrome/content/rules/searx.me.xml
@@ -0,0 +1,8 @@
+<ruleset name="searx.me">
+	<target host="searx.me" />
+	<target host="www.searx.me" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/searx.pw.xml b/src/chrome/content/rules/searx.pw.xml
new file mode 100644
index 000000000000..fdb877e85c08
--- /dev/null
+++ b/src/chrome/content/rules/searx.pw.xml
@@ -0,0 +1,8 @@
+<ruleset name="searx.pw">
+
+	<target host="searx.pw" />
+
+	<rule from="^http:"
+		  to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/secdev-foundation.org.xml b/src/chrome/content/rules/secdev-foundation.org.xml
new file mode 100644
index 000000000000..aacde49496a0
--- /dev/null
+++ b/src/chrome/content/rules/secdev-foundation.org.xml
@@ -0,0 +1,12 @@
+<!--
+new.secdev-foundation.org ¹
+
+
+¹ mismatch
+-->
+<ruleset name="secdev-foundation.org">
+	<target host="secdev-foundation.org" />
+	<target host="www.secdev-foundation.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/secnews.ru.xml b/src/chrome/content/rules/secnews.ru.xml
new file mode 100644
index 000000000000..9330ffd06695
--- /dev/null
+++ b/src/chrome/content/rules/secnews.ru.xml
@@ -0,0 +1,16 @@
+<!--
+	Invalid certificate:
+		ftp.secnews.ru
+		pop.secnews.ru
+		smtp.secnews.ru
+		test.secnews.ru
+
+	Refused:
+		mail.secnews.ru
+-->
+<ruleset name="secnews.ru">
+	<target host="secnews.ru" />
+	<target host="www.secnews.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/secouchermoinsbete.fr.xml b/src/chrome/content/rules/secouchermoinsbete.fr.xml
new file mode 100644
index 000000000000..1d26d293b6a8
--- /dev/null
+++ b/src/chrome/content/rules/secouchermoinsbete.fr.xml
@@ -0,0 +1,7 @@
+<ruleset name="secouchermoinsbete.fr">
+	<target host="secouchermoinsbete.fr" />
+	<target host="www.secouchermoinsbete.fr" />
+	<target host="mobile.secouchermoinsbete.fr" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/secure-decoration.com.xml b/src/chrome/content/rules/secure-decoration.com.xml
new file mode 100644
index 000000000000..3617646d57e7
--- /dev/null
+++ b/src/chrome/content/rules/secure-decoration.com.xml
@@ -0,0 +1,27 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- ftl.secure-decoration.com
+
+
+	Mixed content:
+
+		- Images on ftl from content.jektek.com
+
+-->
+<ruleset name="secure-decoration.com">
+
+	<target host="ftl.secure-decoration.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^ftl\.secure-decoration\.com$" name="^(?:_pc_session_id|c_rt_ppr)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/securedatejoin.com.xml b/src/chrome/content/rules/securedatejoin.com.xml
new file mode 100644
index 000000000000..fdb95f4aa54d
--- /dev/null
+++ b/src/chrome/content/rules/securedatejoin.com.xml
@@ -0,0 +1,27 @@
+<!--
+	www.securedatejoin.com does not exist;
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- securedatejoin.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="securedatejoin.com">
+
+	<target host="securedatejoin.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^securedatejoin\.com$" name="^SVR$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/sediarreda.xml b/src/chrome/content/rules/sediarreda.xml
new file mode 100644
index 000000000000..542908971e61
--- /dev/null
+++ b/src/chrome/content/rules/sediarreda.xml
@@ -0,0 +1,6 @@
+<ruleset name="sediarreda">
+        <target host="sediarreda.com" />
+        <target host="www.sediarreda.com" />
+
+        <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/sedmitza.ru.xml b/src/chrome/content/rules/sedmitza.ru.xml
new file mode 100644
index 000000000000..49fac8bfe111
--- /dev/null
+++ b/src/chrome/content/rules/sedmitza.ru.xml
@@ -0,0 +1,6 @@
+<ruleset name="sedmitza.ru">
+	<target host="sedmitza.ru" />
+	<target host="www.sedmitza.ru" />
+	<!-- <target host="old.sedmitza.ru" /> --><!-- ERROR (35, schannel: SNI or certificate check failed: SEC_E_WRONG_PRINCIPAL (0x80090322) -    .) -->
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/segurosocial.gov.xml b/src/chrome/content/rules/segurosocial.gov.xml
new file mode 100644
index 000000000000..b972d811d7b3
--- /dev/null
+++ b/src/chrome/content/rules/segurosocial.gov.xml
@@ -0,0 +1,12 @@
+<ruleset name="Seguro Social.gov">
+
+	<target host="www.segurosocial.gov" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/select.auction.xml b/src/chrome/content/rules/select.auction.xml
new file mode 100644
index 000000000000..a50737f131e9
--- /dev/null
+++ b/src/chrome/content/rules/select.auction.xml
@@ -0,0 +1,28 @@
+<!--
+	www.select.auction: 404 over http
+
+
+	Insecure cookies are set for these domains: ᶜ
+
+		- .select.auction
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Select.Auction">
+
+	<target host="select.auction" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="\.select\.auction" name="^ARRAffinity$" /-->
+
+	<securecookie host="\." name="^ARRAffinity$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/selfharm.co.uk.xml b/src/chrome/content/rules/selfharm.co.uk.xml
new file mode 100644
index 000000000000..1f018e8ebe3d
--- /dev/null
+++ b/src/chrome/content/rules/selfharm.co.uk.xml
@@ -0,0 +1,26 @@
+<!--
+	For other Youthscape coverage, see youthscape.co.uk.xml.
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.selfharm.co.uk
+
+-->
+<ruleset name="selfharm.co.UK">
+
+	<target host="selfharm.co.uk" />
+	<target host="www.selfharm.co.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.selfharm\.co\.uk$" name="^exp_(?:csrf_token|last_activity|last_visit|tracker)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/selfhtml.org.xml b/src/chrome/content/rules/selfhtml.org.xml
new file mode 100644
index 000000000000..b7b2e904fb6e
--- /dev/null
+++ b/src/chrome/content/rules/selfhtml.org.xml
@@ -0,0 +1,24 @@
+<!--
+    Not covered:
+	community.de.selfhtml.org -> self-signed & is possibly changed/deleted in the near future
+
+    Mixed content:
+	wiki.selfhtml.org (from src.selfhtml.org)
+	blog.selfhtml.org (from blog.selfhtml.org)
+
+    Discussion:
+	https://forum.selfhtml.org/meta/2015/sep/9/https-bei-selfhtml/1649624 (DE)
+	https://forum.selfhtml.org/meta/2015/sep/8/https-fuer-forum-punkt-selfhtml-punkt-org/1649452 (DE)
+-->
+<ruleset name="SelfHTML">
+    <target host="selfhtml.org" />
+    <target host="wiki.selfhtml.org" />
+    <target host="forum.selfhtml.org" />
+    <target host="src.selfhtml.org" />
+    <target host="blog.selfhtml.org" />
+
+    <securecookie host="^(wiki\.|forum\.|blog\.)?selfhtml\.org$" name=".+" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/sell2uk.co.uk.xml b/src/chrome/content/rules/sell2uk.co.uk.xml
new file mode 100644
index 000000000000..8416ce43c647
--- /dev/null
+++ b/src/chrome/content/rules/sell2uk.co.uk.xml
@@ -0,0 +1,25 @@
+<!--
+	For other In-tend coverage, see in-tend.co.uk.xml.
+
+
+	(www.)?sell2uk.co.uk: Mismatched
+
+-->
+<ruleset name="Sell2UK.co.uk">
+
+	<target host="sell2uk.co.uk" />
+	<target host="www.sell2uk.co.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<!--	Redirect keeps path and args,
+		but not forward slash:
+					-->
+	<rule from="^http://(?:www\.)?sell2uk\.co\.uk/+"
+		to="https://sell2.in-tend.co.uk/" />
+
+		<test url="http://www.sell2uk.co.uk/index.aspx" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/semantic-mediawiki.org.xml b/src/chrome/content/rules/semantic-mediawiki.org.xml
index 1c353352ba08..ca8555c007d9 100644
--- a/src/chrome/content/rules/semantic-mediawiki.org.xml
+++ b/src/chrome/content/rules/semantic-mediawiki.org.xml
@@ -1,6 +1,6 @@
 <ruleset name="semantic-mediawiki.org">
     <target host="www.semantic-mediawiki.org" />
     <target host="semantic-mediawiki.org" />
-    <rule from="^http://(www\.)?semantic-mediawiki\.org/" to="https://semantic-mediawiki.org/"/>
+    <rule from="^http:" to="https:" />
 </ruleset>
 
diff --git a/src/chrome/content/rules/semaphoreapp.com.xml b/src/chrome/content/rules/semaphoreapp.com.xml
new file mode 100644
index 000000000000..c1093fc80bef
--- /dev/null
+++ b/src/chrome/content/rules/semaphoreapp.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="semaphoreapp.com">
+	<target host="semaphoreapp.com" />
+	<target host="www.semaphoreapp.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/semver.io.xml b/src/chrome/content/rules/semver.io.xml
new file mode 100644
index 000000000000..7f8357d7a920
--- /dev/null
+++ b/src/chrome/content/rules/semver.io.xml
@@ -0,0 +1,9 @@
+<!--
+www.semver.io different content
+
+-->
+<ruleset name="semver.io">
+	<target host="semver.io" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/semya.tv.xml b/src/chrome/content/rules/semya.tv.xml
new file mode 100644
index 000000000000..6876aa8677af
--- /dev/null
+++ b/src/chrome/content/rules/semya.tv.xml
@@ -0,0 +1,5 @@
+<ruleset name="semya.tv">
+	<target host="semya.tv" />
+	<target host="www.semya.tv" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/seomon.com.xml b/src/chrome/content/rules/seomon.com.xml
new file mode 100644
index 000000000000..7c86b8c7249a
--- /dev/null
+++ b/src/chrome/content/rules/seomon.com.xml
@@ -0,0 +1,27 @@
+<!--
+	For other Vadino coverage, see vadino.com.xml.
+
+
+	Insecure cookies are set for these hosts:
+
+		- seomon.com
+		- www.seomon.com
+
+-->
+<ruleset name="SEOmon.com">
+
+	<target host="seomon.com" />
+	<target host="www.seomon.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?seomon\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/seopressor.com.xml b/src/chrome/content/rules/seopressor.com.xml
new file mode 100644
index 000000000000..b0986813955e
--- /dev/null
+++ b/src/chrome/content/rules/seopressor.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="seopressor.com" platform="mixedcontent">
+	<target host="seopressor.com" />
+	<target host="www.seopressor.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/sepa.org.uk-falsemixed.xml b/src/chrome/content/rules/sepa.org.uk-falsemixed.xml
new file mode 100644
index 000000000000..6abd9af07df7
--- /dev/null
+++ b/src/chrome/content/rules/sepa.org.uk-falsemixed.xml
@@ -0,0 +1,21 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://gis.sepa.org.uk/ (200) => https://gis.sepa.org.uk/ (404)
+
+	For rules not causing false/broken MCB, see sepa.org.uk.xml.
+
+-->
+<ruleset name="SEPA.org.uk (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
+
+	<target host="gis.sepa.org.uk" />
+	<target host="map.sepa.org.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/sepa.org.uk.xml b/src/chrome/content/rules/sepa.org.uk.xml
new file mode 100644
index 000000000000..ad5ee3d7afa7
--- /dev/null
+++ b/src/chrome/content/rules/sepa.org.uk.xml
@@ -0,0 +1,96 @@
+<!--
+	Scottish Environment Protection Agency
+
+	For rules causing false/broken MCB, see sepa.org.uk-falsemixed.xml.
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *sepa.org.uk:
+
+		- apps ⁴
+		- beta ⁴
+		- data ᵈ
+		- flood ⁴
+		- media ⁴
+		- online ᵈ
+		- rict ᵈ
+
+	⁴ 404
+	ᵈ Dropped
+
+
+	Problematic hosts in *sepa.org.uk:
+
+		- ^ ⁴
+		- floodline ᵐ
+		- gis ˣ
+		- map ˣ
+
+	⁴ 404, preemptable redirect
+	ᵐ Mismatched
+	ˣ Mixed css
+
+
+	These altnames do not exist:
+
+		- www.consultation.sepa.org.uk
+
+
+	Insecure cookies are set for these hosts:
+
+		- webpayments.sepa.org.uk
+
+
+	Mixed content:
+
+		- css, on:
+
+			- gis from serverapi.arcgisonline.com ˢ
+			- map from js.arcgisonline.com ˢ
+			- map from code.jquery.com ˢ
+
+		- Images on map from www.sepa.org.uk ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="SEPA.org.uk (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="consultation.sepa.org.uk" />
+	<!--target host="gis.sepa.org.uk" /-->
+	<target host="informatics.sepa.org.uk" />
+	<!--target host="map.sepa.org.uk" /-->
+	<target host="webpayments.sepa.org.uk" />
+	<target host="www.sepa.org.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="sepa.org.uk" />
+
+		<!--	$ prints default page, so:
+							-->
+		<test url="http://informatics.sepa.org.uk/ChargingSchemeCustomerTool/" />
+
+		<!--	Mixed css:
+					-->
+		<!--test url="http://gis.sepa.org.uk/rbmp/" /-->
+		<!--test url="http://map.sepa.org.uk/floodmap/map.htm" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^webpayments\.sepa\.org\.uk$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://sepa\.org\.uk/"
+		to="https://www.sepa.org.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/sergiopizza.ru.xml b/src/chrome/content/rules/sergiopizza.ru.xml
new file mode 100644
index 000000000000..3f4090b4ed24
--- /dev/null
+++ b/src/chrome/content/rules/sergiopizza.ru.xml
@@ -0,0 +1,6 @@
+<ruleset name="sergiopizza.ru">
+	<target host="sergiopizza.ru" />
+	<target host="www.sergiopizza.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/serovglobus.ru.xml b/src/chrome/content/rules/serovglobus.ru.xml
new file mode 100644
index 000000000000..3b94a98861f6
--- /dev/null
+++ b/src/chrome/content/rules/serovglobus.ru.xml
@@ -0,0 +1,5 @@
+<ruleset name="serovglobus.ru" platform="mixedcontent">
+	<target host="serovglobus.ru" />
+	<target host="www.serovglobus.ru" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/serverbase.xml b/src/chrome/content/rules/serverbase.xml
new file mode 100644
index 000000000000..1daa63c1e5a4
--- /dev/null
+++ b/src/chrome/content/rules/serverbase.xml
@@ -0,0 +1,23 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://support.serverbase.ch/ => https://support.serverbase.ch/: (28, 'Connection timed out after 20001 milliseconds')
+
+	Mismatch:
+		serverbase.ch:
+			- stats
+			- status
+			- vm*
+		*serverbase-status.net
+-->
+<ruleset name="ServerBase" default_off="failed ruleset test">
+	<target host="serverbase.ch"/>
+	<target host="www.serverbase.ch"/>
+	<target host="my.serverbase.ch"/>
+	<target host="support.serverbase.ch"/>
+
+	<securecookie host=".*\.serverbase\.ch$" name=".+" />
+
+	<rule from="^http:"
+		to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/servers.ru.xml b/src/chrome/content/rules/servers.ru.xml
new file mode 100644
index 000000000000..ffb0dbd72cdf
--- /dev/null
+++ b/src/chrome/content/rules/servers.ru.xml
@@ -0,0 +1,13 @@
+<!--
+stage.servers.ru ¹
+
+¹ mismatch
+-->
+<ruleset name="servers.ru">
+	<target host="servers.ru" />
+	<target host="www.servers.ru" />
+	<target host="office.servers.ru" />
+	<target host="portal.servers.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/servery.cz.xml b/src/chrome/content/rules/servery.cz.xml
new file mode 100644
index 000000000000..c2f2c67648e2
--- /dev/null
+++ b/src/chrome/content/rules/servery.cz.xml
@@ -0,0 +1,35 @@
+<!--
+	For other Active24.cz coverage, see active24.cz.xml.
+
+	Mismatched:
+		- centrum.servery.cz
+		- www2.servery.cz
+		- w.servery.cz
+		- ww.servery.cz
+		- wwww.servery.cz
+		- webftp.servery.cz
+
+	Refused:
+		- windows.servery.cz
+		- win.servery.cz
+		- controlpanel.servery.cz
+		- zmena.servery.cz
+		- oracle.servery.cz
+		- statistiky.servery.cz
+		- dedikovane.servery.cz
+		- flexible.servery.cz
+		- sankce.servery.cz
+		- www.partner.servery.cz
+		- www.sponzor.servery.cz
+		- www.podminky.servery.cz
+		- email.servery.cz
+		- info.servery.cz
+		- help.servery.cz
+		- dealer.servery.cz
+-->
+<ruleset name="Servery.cz">
+	<target host="servery.cz" />
+	<target host="www.servery.cz" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/servote.de.xml b/src/chrome/content/rules/servote.de.xml
new file mode 100644
index 000000000000..7a1e73864c2c
--- /dev/null
+++ b/src/chrome/content/rules/servote.de.xml
@@ -0,0 +1,15 @@
+<!--
+	This domain contains a wildcard DNS record.
+-->
+<ruleset name="servote.de">
+
+	<target host="servote.de" />
+	<target host="www.servote.de" />
+	<target host="vidapi.servote.de" />
+		<test url="http://vidapi.servote.de/images/gamepro/btcw6n1p8o_76475x76447.jpg" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/sesplan.gov.uk.xml b/src/chrome/content/rules/sesplan.gov.uk.xml
new file mode 100644
index 000000000000..327b991eb5d4
--- /dev/null
+++ b/src/chrome/content/rules/sesplan.gov.uk.xml
@@ -0,0 +1,26 @@
+<!--
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.sesplan.gov.uk
+
+-->
+<ruleset name="SESplan.gov.uk" default_off="mismatched">
+
+	<target host="sesplan.gov.uk" />
+	<target host="www.sesplan.gov.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.sesplan\.gov\.uk$" name="^ci_session$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/setcronjob.com.xml b/src/chrome/content/rules/setcronjob.com.xml
new file mode 100644
index 000000000000..172e7d7073e1
--- /dev/null
+++ b/src/chrome/content/rules/setcronjob.com.xml
@@ -0,0 +1,13 @@
+<!--
+blog.setcronjob.com ⁷
+
+
+⁷ protocol error
+-->
+<ruleset name="setcronjob.com">
+	<target host="setcronjob.com" />
+	<target host="www.setcronjob.com" />
+	<target host="support.setcronjob.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/seven-sky.net.xml b/src/chrome/content/rules/seven-sky.net.xml
new file mode 100644
index 000000000000..9820116c7457
--- /dev/null
+++ b/src/chrome/content/rules/seven-sky.net.xml
@@ -0,0 +1,19 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://stat.seven-sky.net/ => https://stat.seven-sky.net/: (28, 'Connection timed out after 20001 milliseconds')
+
+seven-sky.net mismatch
+www.seven-sky.net mismatch
+b2b.seven-sky.net mismatch
+community.seven-sky.net mismatch
+podpiska.seven-sky.net mismatch
+reg.seven-sky.net mismatch
+-->
+<ruleset name="seven-sky.net (partial)" default_off="failed ruleset test">
+	<target host="lk.seven-sky.net" />
+	<target host="stat.seven-sky.net" />
+	<target host="webmail.seven-sky.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/sevenforums.com.xml b/src/chrome/content/rules/sevenforums.com.xml
new file mode 100644
index 000000000000..9ce97c76ab81
--- /dev/null
+++ b/src/chrome/content/rules/sevenforums.com.xml
@@ -0,0 +1,17 @@
+<!--
+dl2.sevenforums.com ¹
+status.sevenforums.com ²
+vb4.sevenforums.com ³
+
+
+¹ mismatch
+² refused
+³ timed out
+-->
+<ruleset name="sevenforums.com">
+	<target host="sevenforums.com" />
+	<target host="www.sevenforums.com" />
+	<target host="cdn.sevenforums.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/sex8.cc.xml b/src/chrome/content/rules/sex8.cc.xml
new file mode 100644
index 000000000000..931895938ed9
--- /dev/null
+++ b/src/chrome/content/rules/sex8.cc.xml
@@ -0,0 +1,8 @@
+<ruleset name="sex8.cc">
+	<target host="sex8.cc" />
+	<target host="www.sex8.cc" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/sextoyclub.com.xml b/src/chrome/content/rules/sextoyclub.com.xml
new file mode 100644
index 000000000000..16690b9ddb60
--- /dev/null
+++ b/src/chrome/content/rules/sextoyclub.com.xml
@@ -0,0 +1,52 @@
+<!--
+	For other CNV.com coverage, see cnv.com.xml.
+
+
+	Nonfunctional hosts in *sextoyclub.com:
+
+		- forums ᵈ
+
+	ᵈ Dropped
+
+
+	Problematic hosts in *sextoyclub.com:
+
+		- (www.)? ᵉ ᵐ
+		- admin ᵉ
+
+	ᵉ Expired
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these domains: ᶜ
+
+		- .sextoyclub.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- iframe on www from www.youtube.com ˢ
+		- css on (www.)? from $self
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Sex Toy Club.com (partial)">
+
+	<target host="secure2.sextoyclub.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.sextoyclub\.com$" name="^(?:cart_id|z)$" /-->
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/sg-logiciels.fr.xml b/src/chrome/content/rules/sg-logiciels.fr.xml
new file mode 100644
index 000000000000..6490ab4378b9
--- /dev/null
+++ b/src/chrome/content/rules/sg-logiciels.fr.xml
@@ -0,0 +1,38 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.sg-logiciels.fr
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css, from:
+
+			- fonts.googleapis.com ˢ
+			- $self ˢ
+
+		- Images from $self ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="sg-logiciels.fr" platform="mixedcontent">
+
+	<target host="sg-logiciels.fr" />
+	<target host="www.sg-logiciels.fr" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.sg-logiciels\.fr$" name="^[\da-f]{32}$" /-->
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/shaanig.org.xml b/src/chrome/content/rules/shaanig.org.xml
new file mode 100644
index 000000000000..04cdf9db462c
--- /dev/null
+++ b/src/chrome/content/rules/shaanig.org.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.shaanig.org
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Shaanig.org">
+
+	<target host="shaanig.org" />
+	<target host="www.shaanig.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.shaanig\.org$" name="^bb_sessionhash$" /-->
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/shareNice.xml b/src/chrome/content/rules/shareNice.xml
index 38c65bf624b3..7f20b1756d0b 100644
--- a/src/chrome/content/rules/shareNice.xml
+++ b/src/chrome/content/rules/shareNice.xml
@@ -1,6 +1,6 @@
-<ruleset name="shareNice">
-  <target host="sharenice.org" />
-  <target host="www.sharenice.org" />
-
-  <rule from="^http://(www\.)?sharenice\.org/" to="https://sharenice.org/"/>
-</ruleset>
\ No newline at end of file
+<ruleset name="shareNice" default_off="refused">
+	<target host="sharenice.org" />
+	<target host="www.sharenice.org" />
+
+	<rule from="^http://(?:www\.)?sharenice\.org/" to="https://sharenice.org/"/>
+</ruleset>
diff --git a/src/chrome/content/rules/sharedrop.io.xml b/src/chrome/content/rules/sharedrop.io.xml
new file mode 100644
index 000000000000..cc4236ba0a61
--- /dev/null
+++ b/src/chrome/content/rules/sharedrop.io.xml
@@ -0,0 +1,6 @@
+<ruleset name="sharedrop.io">
+	<target host="sharedrop.io" />
+	<target host="www.sharedrop.io" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/sharetobuy.com.xml b/src/chrome/content/rules/sharetobuy.com.xml
new file mode 100644
index 000000000000..096b44bd1f80
--- /dev/null
+++ b/src/chrome/content/rules/sharetobuy.com.xml
@@ -0,0 +1,11 @@
+<ruleset name="sharetobuy.com">
+    <target host="sharetobuy.com" />
+    <target host="*.sharetobuy.com" />
+
+    <securecookie host=".+" name=".+"/>
+
+    <rule from="^http://sharetobuy\.com/"
+        to="https://www.sharetobuy.com/" />
+    <rule from="^http://([^/:@]+)?\.sharetobuy\.com/"
+        to="https://$1.sharetobuy.com/" />
+</ruleset>
diff --git a/src/chrome/content/rules/sheetsu.com.xml b/src/chrome/content/rules/sheetsu.com.xml
new file mode 100644
index 000000000000..efaad308bbff
--- /dev/null
+++ b/src/chrome/content/rules/sheetsu.com.xml
@@ -0,0 +1,24 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- sheetsu.com
+		- www.sheetsu.com
+
+-->
+<ruleset name="Sheetsu.com">
+
+	<target host="sheetsu.com" />
+	<target host="www.sheetsu.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?sheetsu\.com$" name="^_sheetsu_session$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/shields.io.xml b/src/chrome/content/rules/shields.io.xml
new file mode 100644
index 000000000000..22bf19551c90
--- /dev/null
+++ b/src/chrome/content/rules/shields.io.xml
@@ -0,0 +1,13 @@
+<!--
+www.shields.io mismatch
+-->
+<ruleset name="shields.io">
+	<target host="shields.io" />
+	<target host="www.shields.io" />
+	<target host="img.shields.io" />
+
+	<rule from="^http://www\.shields\.io/"
+		to="https://shields.io/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/shinystat.com.xml b/src/chrome/content/rules/shinystat.com.xml
new file mode 100644
index 000000000000..86ce284cd4fb
--- /dev/null
+++ b/src/chrome/content/rules/shinystat.com.xml
@@ -0,0 +1,28 @@
+<!--
+	Mixed content:
+
+		- css on (www.)? fonts.googleapis.com ˢ
+
+		- Bugs, on:
+
+			- (www.)? from s[24].shinystat.com ˢ
+			- (www.)? from www.shinystat.com ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="ShinyStat.com">
+
+	<target host="shinystat.com" />
+	<target host="s2.shinystat.com" />
+	<target host="s4.shinystat.com" />
+	<target host="www.shinystat.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/shippable.com.xml b/src/chrome/content/rules/shippable.com.xml
new file mode 100644
index 000000000000..4ab9135691ef
--- /dev/null
+++ b/src/chrome/content/rules/shippable.com.xml
@@ -0,0 +1,10 @@
+<!--docs. timed out
+blog. mismatch
+content. mismatch
+status. mismatch-->
+<ruleset name="shippable.com">
+	<target host="shippable.com" />
+	<target host="www.shippable.com" />
+	<target host="app.shippable.com" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/shitcoin.com.xml b/src/chrome/content/rules/shitcoin.com.xml
new file mode 100644
index 000000000000..62535fa1bd9d
--- /dev/null
+++ b/src/chrome/content/rules/shitcoin.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="shitcoin.com" >
+
+	<target host="shitcoin.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/shm.ru.xml b/src/chrome/content/rules/shm.ru.xml
new file mode 100644
index 000000000000..cd75a598ad9a
--- /dev/null
+++ b/src/chrome/content/rules/shm.ru.xml
@@ -0,0 +1,23 @@
+<!--
+en.shm.ru ¹
+forum.shm.ru ³
+gate.shm.ru ³
+mail.shm.ru ³
+mail1.shm.ru ³
+mail2.shm.ru ³
+ns.shm.ru ³
+ns1.shm.ru ³
+proxy.shm.ru ³
+tickets.shm.ru ⁴
+
+
+¹ mismatch
+³ timed out
+⁴ self signed
+-->
+<ruleset name="shm.ru">
+	<target host="shm.ru" />
+	<target host="www.shm.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/shootingillustrated.com.xml b/src/chrome/content/rules/shootingillustrated.com.xml
new file mode 100644
index 000000000000..560da36df5cc
--- /dev/null
+++ b/src/chrome/content/rules/shootingillustrated.com.xml
@@ -0,0 +1,31 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://wmp.shootingillustrated.com/ => https://wmp.shootingillustrated.com/: (60, 'SSL certificate problem: certificate has expired')
+
+	For other National Rifle Association coverage, see nra.org.xml.
+
+
+	Mixed content:
+
+		- Bug on www from b.scorecardresearch.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Shooting Illustrated.com" default_off="failed ruleset test">
+
+	<target host="shootingillustrated.com" />
+	<target host="assets.shootingillustrated.com" />
+	<target host="wmp.shootingillustrated.com" />
+	<target host="www.shootingillustrated.com" />
+
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/shop-dent.ru.xml b/src/chrome/content/rules/shop-dent.ru.xml
new file mode 100644
index 000000000000..0e00b2646e35
--- /dev/null
+++ b/src/chrome/content/rules/shop-dent.ru.xml
@@ -0,0 +1,6 @@
+<ruleset name="shop-dent.ru">
+	<target host="shop-dent.ru" />
+	<target host="www.shop-dent.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/shopandmall.ru.xml b/src/chrome/content/rules/shopandmall.ru.xml
new file mode 100644
index 000000000000..bf91e0211590
--- /dev/null
+++ b/src/chrome/content/rules/shopandmall.ru.xml
@@ -0,0 +1,7 @@
+<ruleset name="shopandmall.ru">
+	<target host="shopandmall.ru" />
+	<target host="www.shopandmall.ru" />
+	<rule from="^http://www\.shopandmall\.ru/"
+		to="https://shopandmall.ru/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/shopbop.com.xml b/src/chrome/content/rules/shopbop.com.xml
new file mode 100644
index 000000000000..9d95508a6bd1
--- /dev/null
+++ b/src/chrome/content/rules/shopbop.com.xml
@@ -0,0 +1,31 @@
+<!--
+	For other Amazon coverage, see Amazon.xml.
+
+
+	Insecure cookies are set for these domains: ᶜ
+
+		- .shopbop.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Shopbop.com">
+
+	<target host="shopbop.com" />
+	<target host="cn.shopbop.com" />
+	<target host="ru.shopbop.com" />
+	<target host="www.shopbop.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.shopbop\.com$" name="^bopVisitorData$" /-->
+
+	<securecookie host="^\." name="^(?:aps-trtmnt|bopVisitorData)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/shoporca.com.xml b/src/chrome/content/rules/shoporca.com.xml
new file mode 100644
index 000000000000..df3f1bf10ed1
--- /dev/null
+++ b/src/chrome/content/rules/shoporca.com.xml
@@ -0,0 +1,32 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://shoporca.com/ => https://shoporca.com/: (28, 'Connection timed out after 20008 milliseconds')
+Fetch error: http://www.shoporca.com/ => https://www.shoporca.com/: (28, 'Connection timed out after 20000 milliseconds')
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- shoporca.com
+		- www.shoporca.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Shop Orca.com" default_off="failed ruleset test">
+
+	<target host="shoporca.com" />
+	<target host="www.shoporca.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?shoporca\.com$" name="^ASPSESSIONID[A-Z]{8}$" /-->
+	<!--securecookie host="^www\.shoporca\.com$" name="^vsettings$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/shopsite.com-falsemixed.xml b/src/chrome/content/rules/shopsite.com-falsemixed.xml
new file mode 100644
index 000000000000..378ad7c42a1f
--- /dev/null
+++ b/src/chrome/content/rules/shopsite.com-falsemixed.xml
@@ -0,0 +1,21 @@
+<!--
+	For rules not causing false/broken MCB, see ShopSite.xml.
+
+
+	NB: see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="ShopSite.com (false MCB)" platform="mixedcontent">
+
+	<target host="shopsite.com" />
+	<target host="support.shopsite.com" />
+	<target host="www.shopsite.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/shopspring.com.xml b/src/chrome/content/rules/shopspring.com.xml
new file mode 100644
index 000000000000..fce22cc36775
--- /dev/null
+++ b/src/chrome/content/rules/shopspring.com.xml
@@ -0,0 +1,56 @@
+<!--
+	Nonfunctional hosts in *shopspring.com:
+
+		- blog ᵃ
+
+	ᵃ Tumblr / shows another domain
+
+
+	Problematic hosts in *shopspring.com:
+
+		- docs ᵐ
+		- engineering ᵐ
+		- share ᵐ
+
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- on.shopspring.com
+		- share.shopspring.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css on docs from fonts.googleapis.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Shop Spring.com (partial)">
+
+	<target host="shopspring.com" />
+	<target host="concierge.shopspring.com" />
+	<target host="on.shopspring.com" />
+	<target host="static.shopspring.com" />
+	<target host="www.shopspring.com" />
+
+		<test url="http://on.shopspring.com/download-android" />
+		<test url="http://static.shopspring.com/web/styles/main-085350f2.css" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^on\.shopspring\.com$" name="^__tsid$" /-->
+	<!--securecookie host="^share\.shopspring\.com$" name="^uuid$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/shortnote.jp-falsemixed.xml b/src/chrome/content/rules/shortnote.jp-falsemixed.xml
new file mode 100644
index 000000000000..f4c2c81ff5a0
--- /dev/null
+++ b/src/chrome/content/rules/shortnote.jp-falsemixed.xml
@@ -0,0 +1,16 @@
+<!--
+	For rules not causing false/broken MCB, see shortnote.jp.xml.
+
+-->
+<ruleset name="ShortNote.jp (false MCB)" platform="mixedcontent">
+
+	<target host="mm.shortnote.jp" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/shortnote.jp.xml b/src/chrome/content/rules/shortnote.jp.xml
new file mode 100644
index 000000000000..c1eb78b3fde2
--- /dev/null
+++ b/src/chrome/content/rules/shortnote.jp.xml
@@ -0,0 +1,57 @@
+<!--
+	For rules causing false/broken MCB, see shortnote.jp-falsemixed.xml.
+
+
+	CDN buckets:
+
+		- d1zxaq39zvefje.cloudfront.net	← s
+
+
+	Problematic hosts in *shortnote.jp:
+
+		- mm ˣ
+		- s ᵐ
+
+	ᵐ Cloudfront / mismatched
+	ˣ Mixed css, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+
+	Mixed content:
+
+		- css on mm from $self ˢ
+
+		- Images, on:
+
+			- mm from $self ˢ
+			- mm from s.shortnote.jp ˢ
+			- mm from www.shortnote.jp ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="ShortNote.jp (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="shortnote.jp" />
+	<target host="info.shortnote.jp" />
+	<!--target host="mm.shortnote.jp" /-->
+	<target host="www.shortnote.jp" />
+
+	<!--	Complications:
+				-->
+	<target host="s.shortnote.jp" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://s\.shortnote\.jp/"
+		to="https://d1zxaq39zvefje.cloudfront.net/" />
+
+		<test url="http://s.shortnote.jp/data/notes/A/AM/AMc/AMcfhVoP/i/2_pc2sgpv0.jpg" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/shortoftheweek.com.xml b/src/chrome/content/rules/shortoftheweek.com.xml
new file mode 100644
index 000000000000..67db1c6f360a
--- /dev/null
+++ b/src/chrome/content/rules/shortoftheweek.com.xml
@@ -0,0 +1,11 @@
+<ruleset name="Short of the Week.com">
+
+	<target host="shortoftheweek.com" />
+	<target host="static.shortoftheweek.com" />
+	<target host="www.shortoftheweek.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/shoutlet.com.xml b/src/chrome/content/rules/shoutlet.com.xml
new file mode 100644
index 000000000000..39961e537fc1
--- /dev/null
+++ b/src/chrome/content/rules/shoutlet.com.xml
@@ -0,0 +1,23 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- cdn.shoutlet.com
+
+-->
+<ruleset name="Shoutlet.com">
+
+	<target host="cdn.shoutlet.com" />
+	<target host="srv2.shoutlet.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:cdn|srv2)\.shoutlet\.com$" name="^prod-haproxy$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/showapi.com.xml b/src/chrome/content/rules/showapi.com.xml
new file mode 100644
index 000000000000..64b5e3891616
--- /dev/null
+++ b/src/chrome/content/rules/showapi.com.xml
@@ -0,0 +1,40 @@
+<!--
+	Different HTTP/HTTPS content:
+		- docs.showapi.com
+			(http://docs.showapi.com/jdk7/index.html)
+
+	Refused:
+		- wap.showapi.com
+
+-->
+<ruleset name="showapi.com">
+	<target host="showapi.com" />
+	<target host="www.showapi.com" />
+	<target host="admin.showapi.com" />
+	<target host="api.showapi.com" />
+	<target host="appimg.showapi.com" />
+	<target host="image.showapi.com" />
+	<target host="img.showapi.com" />
+	<target host="manager.showapi.com" />
+	<target host="mng.showapi.com" />
+	<target host="page.showapi.com" />
+	<target host="route.showapi.com" />
+	<target host="static.showapi.com" />
+		<test url="http://static.showapi.com/static/weather/" />
+	<target host="test.showapi.com" />
+	<target host="upload.showapi.com" />
+
+	<!-- MCB -->
+	<target host="bbs.showapi.com" />
+	<rule from="^http://bbs\.showapi\.com/(archiver|data|source|static)/" to="https://bbs.showapi.com/$1/" />
+		<test url="http://bbs.showapi.com/archiver/" />
+		<test url="http://bbs.showapi.com/data/cache/forum.js" />
+		<test url="http://bbs.showapi.com/source/" />
+		<test url="http://bbs.showapi.com/static/image/common/chart.png" />
+		<!-- This exception disables the implicit test created by the target. -->
+		<exclusion pattern="^http://bbs\.showapi\.com/$" />
+
+	<rule from="^http://(www\.|admin\.|api\.|appimg\.|image\.|img\.|manager\.|mng\.|page\.|route\.|static\.|test\.|upload\.)?showapi\.com/"
+		to="https://$1showapi.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/shreksadventure.com.xml b/src/chrome/content/rules/shreksadventure.com.xml
new file mode 100644
index 000000000000..5fcb1a532a4f
--- /dev/null
+++ b/src/chrome/content/rules/shreksadventure.com.xml
@@ -0,0 +1,21 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://secure.shreksadventure.com/ => https://secure.shreksadventure.com/: (28, 'Connection timed out after 20006 milliseconds')
+
+	For other Merlin Entertainments coverage, see Merlin-Entertainments.xml.
+-->
+<ruleset name="Shrek's Adventure" default_off="failed ruleset test">
+	<target host="shreksadventure.com" />
+	<target host="www.shreksadventure.com" />
+	<target host="secure.shreksadventure.com" />
+
+	<securecookie host="www\.shreksadventure\.com$" name=".+" />
+
+	<!-- Timeout: -->
+	<rule from="^http://shreksadventure\.com/"
+		to="https://www.shreksadventure.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/shrew.net.xml b/src/chrome/content/rules/shrew.net.xml
new file mode 100644
index 000000000000..cad6a4c9796e
--- /dev/null
+++ b/src/chrome/content/rules/shrew.net.xml
@@ -0,0 +1,11 @@
+<ruleset name="Shrew Soft">
+
+	<target host=      "shrew.net" />
+	<target host=  "www.shrew.net" />
+
+  	<securecookie host="^.*\.shrew\.net$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/shrib.com.xml b/src/chrome/content/rules/shrib.com.xml
new file mode 100644
index 000000000000..edd5c5a56309
--- /dev/null
+++ b/src/chrome/content/rules/shrib.com.xml
@@ -0,0 +1,14 @@
+<ruleset name="Shrib.com">
+
+	<target host="shrib.com" />
+	<target host="www.shrib.com" />
+
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/shropshire.gov.uk.xml b/src/chrome/content/rules/shropshire.gov.uk.xml
new file mode 100644
index 000000000000..f92a13f93cc3
--- /dev/null
+++ b/src/chrome/content/rules/shropshire.gov.uk.xml
@@ -0,0 +1,28 @@
+<!--
+	For other UK government coverage, see GOV.UK.xml.
+
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- cpp.shropshire.gov.uk
+
+		Incomplete certificate chain error:
+		- etopia.shropshire.gov.uk
+-->
+<ruleset name="Shropshire.gov.uk (partial)">
+	<target host="shropshire.gov.uk" />
+	<target host="libraries.shropshire.gov.uk" />
+	<target host="myview.shropshire.gov.uk" />
+	<target host="new.shropshire.gov.uk" />
+	<target host="oneonline.shropshire.gov.uk" />
+	<target host="pa.shropshire.gov.uk" />
+	<target host="static.shropshire.gov.uk" />
+	<target host="css.static.shropshire.gov.uk" />
+	<target host="images.static.shropshire.gov.uk" />
+	<target host="js.static.shropshire.gov.uk" />
+	<target host="www.shropshire.gov.uk" />
+	<target host="www4.shropshire.gov.uk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/siamogeek.com.xml b/src/chrome/content/rules/siamogeek.com.xml
new file mode 100644
index 000000000000..7de6c9cec428
--- /dev/null
+++ b/src/chrome/content/rules/siamogeek.com.xml
@@ -0,0 +1,23 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.siamogeek.com/ => https://www.siamogeek.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.siamogeek.com'")
+
+	STS header includes includeSubdomains
+
+-->
+<ruleset name="Siamo Geek.com" default_off="failed ruleset test">
+
+	<target host="siamogeek.com" />
+	<target host="*.siamogeek.com" />
+
+		<test url="http://www.siamogeek.com/" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/sibinfo.su.xml b/src/chrome/content/rules/sibinfo.su.xml
new file mode 100644
index 000000000000..b1a7e7a04c85
--- /dev/null
+++ b/src/chrome/content/rules/sibinfo.su.xml
@@ -0,0 +1,12 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://sibinfo.su/ (200) => https://sibinfo.su/ (521)
+Non-2xx HTTP code: http://www.sibinfo.su/ (200) => https://www.sibinfo.su/ (521)
+
+-->
+<ruleset name="sibinfo.su" default_off="failed ruleset test">
+	<target host="sibinfo.su" />
+	<target host="www.sibinfo.su" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/sibttk.ru.xml b/src/chrome/content/rules/sibttk.ru.xml
new file mode 100644
index 000000000000..feb26aa1817a
--- /dev/null
+++ b/src/chrome/content/rules/sibttk.ru.xml
@@ -0,0 +1,17 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://bill.sibttk.ru/ => https://bill.sibttk.ru/: (51, "SSL: no alternative certificate subject name matches target host name 'bill.sibttk.ru'")
+
+sibttk.ru mismatch
+www.sibttk.ru mismatch
+-->
+<ruleset name="sibttk.ru (partial)" default_off="failed ruleset test">
+	<target host="bill.sibttk.ru" />
+
+	<exclusion pattern="^http://bill\.sibttk\.ru:8080/" />
+
+	<test url="http://bill.sibttk.ru:8080/speedcheck/SpeedCheck.php" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/sicurezzarete.com.xml b/src/chrome/content/rules/sicurezzarete.com.xml
new file mode 100644
index 000000000000..b5adfaba0d09
--- /dev/null
+++ b/src/chrome/content/rules/sicurezzarete.com.xml
@@ -0,0 +1,12 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://voltalinux.sicurezzarete.com/ => https://voltalinux.sicurezzarete.com/: (51, "SSL: no alternative certificate subject name matches target host name 'voltalinux.sicurezzarete.com'")
+
+-->
+<ruleset name="sicurezzarete.com" platform="mixedcontent" default_off="failed ruleset test">
+	<target host="voltalinux.sicurezzarete.com" />
+	<target host="sicurezzarete.com" />
+	<target host="www.sicurezzarete.com" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/sierraclubbc.xml b/src/chrome/content/rules/sierraclubbc.xml
new file mode 100644
index 000000000000..6de7c2e61c1e
--- /dev/null
+++ b/src/chrome/content/rules/sierraclubbc.xml
@@ -0,0 +1,6 @@
+<ruleset name="sierraclubbc">
+	<target host="sierraclub.bc.ca" />
+	<target host="www.sierraclub.bc.ca" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/sigidwiki.com.xml b/src/chrome/content/rules/sigidwiki.com.xml
new file mode 100644
index 000000000000..9f83ff4ffe5c
--- /dev/null
+++ b/src/chrome/content/rules/sigidwiki.com.xml
@@ -0,0 +1,14 @@
+<!--
+	Invalid certificate:
+		mail.sigidwiki.com
+-->
+<ruleset name="Signal Identification Wiki">
+
+	<target host="sigidwiki.com" />
+	<target host="www.sigidwiki.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/signalvnoise.com.xml b/src/chrome/content/rules/signalvnoise.com.xml
new file mode 100644
index 000000000000..a9d7e9e3abd9
--- /dev/null
+++ b/src/chrome/content/rules/signalvnoise.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="Signal v Noise.com">
+	<target host="signalvnoise.com" />
+	<target host="m.signalvnoise.com" />
+	<target host="www.signalvnoise.com" />
+
+	<securecookie host="^\w" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/silego.com.xml b/src/chrome/content/rules/silego.com.xml
new file mode 100644
index 000000000000..ef3735ae339c
--- /dev/null
+++ b/src/chrome/content/rules/silego.com.xml
@@ -0,0 +1,31 @@
+<!--
+	Ruleset for Silego, the store for Dialog Semicondictor GreenPAK parts.
+-->
+<ruleset name="silego.com">
+	<target host="silego.com" />
+	<target host="www.silego.com" />
+	<target host="docs.silego.com" />
+	<target host="www.docs.silego.com" />
+	<target host="greenclk.silego.com" />
+	<target host="www.greenclk.silego.com" />
+	<target host="greenclk2.silego.com" />
+	<target host="www.greenclk2.silego.com" />
+	<target host="greenclk3.silego.com" />
+	<target host="www.greenclk3.silego.com" />
+	<target host="greenfet.silego.com" />
+	<target host="www.greenfet.silego.com" />
+	<target host="greenfet3.silego.com" />
+	<target host="www.greenfet3.silego.com" />
+	<target host="greenpak.silego.com" />
+	<target host="www.greenpak.silego.com" />
+	<target host="greenpak2.silego.com" />
+	<target host="www.greenpak2.silego.com" />
+	<target host="greenpak3.silego.com" />
+	<target host="www.greenpak3.silego.com" />
+	<target host="store.silego.com" />
+	<target host="www.store.silego.com" />
+	<target host="support.silego.com" />
+	<target host="www.support.silego.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/silencerforum.com.xml b/src/chrome/content/rules/silencerforum.com.xml
new file mode 100644
index 000000000000..b7f7ac96b27b
--- /dev/null
+++ b/src/chrome/content/rules/silencerforum.com.xml
@@ -0,0 +1,33 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- silencerforum.com
+		- www.silencerforum.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Ads from adnetdelivery.adnet.pro ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Silencer Forum.com">
+
+	<target host="silencerforum.com" />
+	<target host="www.silencerforum.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="(?:www\.)?silencerforum\.com$" name="^ct_checkjs$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/silentsparks.com.xml b/src/chrome/content/rules/silentsparks.com.xml
new file mode 100644
index 000000000000..83e0f98a64fc
--- /dev/null
+++ b/src/chrome/content/rules/silentsparks.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="Silent Sparks.com">
+
+	<target host="silentsparks.com" />
+	<target host="www.silentsparks.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/silverstripe.org.xml b/src/chrome/content/rules/silverstripe.org.xml
new file mode 100644
index 000000000000..54e7ff3f50aa
--- /dev/null
+++ b/src/chrome/content/rules/silverstripe.org.xml
@@ -0,0 +1,7 @@
+<ruleset name="silverstripe.org (partial)">
+	<target host="silverstripe.org" />
+	<target host="www.silverstripe.org" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/silverwoodthemepark.com.xml b/src/chrome/content/rules/silverwoodthemepark.com.xml
new file mode 100644
index 000000000000..198818d21366
--- /dev/null
+++ b/src/chrome/content/rules/silverwoodthemepark.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="Silverwood Theme Park">
+
+	<target host="silverwoodthemepark.com" />
+	<target host="www.silverwoodthemepark.com" />
+	<target host="home.silverwoodthemepark.com" />
+	<target host="home2.silverwoodthemepark.com" />
+	<target host="po.silverwoodthemepark.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/simpel.nl.xml b/src/chrome/content/rules/simpel.nl.xml
new file mode 100644
index 000000000000..8d7358e1a2fc
--- /dev/null
+++ b/src/chrome/content/rules/simpel.nl.xml
@@ -0,0 +1,18 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://mijnsimpel.nl/ => https://mijnsimpel.nl/: (7, 'Failed to connect to mijnsimpel.nl port 443: Connection refused')
+Fetch error: http://www.mijnsimpel.nl/ => https://www.mijnsimpel.nl/: (7, 'Failed to connect to www.mijnsimpel.nl port 443: Connection refused')
+
+-->
+<ruleset name="Simpel.nl" default_off="failed ruleset test">
+
+	<target host="simpel.nl"/>
+	<target host="www.simpel.nl"/>
+	<target host="mijnsimpel.nl"/>
+	<target host="www.mijnsimpel.nl"/>
+	<securecookie host=".+" name=".+"/>
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/simplemachines.xml b/src/chrome/content/rules/simplemachines.xml
new file mode 100644
index 000000000000..dd58d5ef0bc9
--- /dev/null
+++ b/src/chrome/content/rules/simplemachines.xml
@@ -0,0 +1,17 @@
+<ruleset name="Simple Machines">
+	<target host="simplemachines.org"/>
+	<target host="www.simplemachines.org"/>
+	<target host="adsystem.simplemachines.org"/>
+	<target host="blogs.simplemachines.org"/>
+	<target host="custom.simplemachines.org"/>
+	<target host="dev.simplemachines.org"/>
+	<target host="download.simplemachines.org"/>
+	<target host="mods.simplemachines.org"/>
+	<target host="wiki.simplemachines.org"/>
+	<target host="support.simplemachines.org"/>
+	<target host="media.simplemachinesweb.com"/>
+		<test url="http://media.simplemachinesweb.com/smf/default/images/theme/backdrop.png"/>
+		<exclusion pattern="^http://media\.simplemachinesweb\.com/$" />  <!-- nothing here and it causes test to fail /-->
+	<securecookie host=".+" name=".+" />
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/simplesamlphp.org.xml b/src/chrome/content/rules/simplesamlphp.org.xml
new file mode 100644
index 000000000000..729dd2a0df0d
--- /dev/null
+++ b/src/chrome/content/rules/simplesamlphp.org.xml
@@ -0,0 +1,23 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- simplesamlphp.org
+
+-->
+<ruleset name="SimpleSAMLphp.org">
+
+	<target host="simplesamlphp.org" />
+	<target host="www.simplesamlphp.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^simplesamlphp\.org$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/simplewebrtc.com.xml b/src/chrome/content/rules/simplewebrtc.com.xml
new file mode 100644
index 000000000000..f3f00bd46579
--- /dev/null
+++ b/src/chrome/content/rules/simplewebrtc.com.xml
@@ -0,0 +1,15 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.simplewebrtc.com/ => https://www.simplewebrtc.com/: (7, 'Failed to connect to www.simplewebrtc.com port 443: Connection refused')
+Fetch error: http://signaling.simplewebrtc.com/ => https://signaling.simplewebrtc.com/: (6, 'Could not resolve host: signaling.simplewebrtc.com')
+
+-->
+<ruleset name="simplewebrtc.com" default_off="failed ruleset test">
+	<target host="simplewebrtc.com" />
+	<target host="www.simplewebrtc.com" />
+	<target host="sandbox.simplewebrtc.com" />
+	<target host="signaling.simplewebrtc.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/simplifydigital.co.uk.xml b/src/chrome/content/rules/simplifydigital.co.uk.xml
new file mode 100644
index 000000000000..e2f1136947b7
--- /dev/null
+++ b/src/chrome/content/rules/simplifydigital.co.uk.xml
@@ -0,0 +1,37 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- simplifydigital.co.uk
+		- www.simplifydigital.co.uk
+
+
+	Mixed content:
+
+		- css on www from assets.simplifydigital.co.uk ˢ
+		- Images on www from assets.simplifydigital.co.uk ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="Simplify Digital.co.uk" platform="mixedcontent">
+
+	<target host="simplifydigital.co.uk" />
+	<target host="assets.simplifydigital.co.uk" />
+	<target host="www.simplifydigital.co.uk" />
+
+		<test url="http://assets.simplifydigital.co.uk//provider-logos-provhub/ee.png" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:assets\.)?simplifydigital\.co\.uk$" name="^SERVERID$" /-->
+	<!--securecookie host="^www\.simplifydigital\.co\.uk$" name="^(?:ASP\.NET_SessionId|SERVERID|SESS_CUSTOMER_GUID|partnerCookie|referrer|source)$" /-->
+
+	<securecookie host="^\." name="^_gat?$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/simplyzesty.com.xml b/src/chrome/content/rules/simplyzesty.com.xml
new file mode 100644
index 000000000000..d7a04b0daf5e
--- /dev/null
+++ b/src/chrome/content/rules/simplyzesty.com.xml
@@ -0,0 +1,31 @@
+<!--
+	Nonfunctional hosts in *simplyzesty.com:
+
+		- agency ³
+
+	³ 503
+
+
+	Insecure cookies are set for these hosts:
+
+		- simplyzesty.com
+		- www.simplyzesty.com
+
+-->
+<ruleset name="Simply Zesty.com (partial)">
+
+	<target host="simplyzesty.com" />
+	<target host="www.simplyzesty.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?simplyzesty\.com$" name="^(?:ASP\.NET_SessionId|CMSPreferredCulture|CurrentContact|VisitorStatus)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/simtechdev.ru.xml b/src/chrome/content/rules/simtechdev.ru.xml
new file mode 100644
index 000000000000..75fcac3a375b
--- /dev/null
+++ b/src/chrome/content/rules/simtechdev.ru.xml
@@ -0,0 +1,14 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.simtechdev.ru/ => https://www.simtechdev.ru/: (51, "SSL: no alternative certificate subject name matches target host name 'www.simtechdev.ru'")
+
+
+
+-->
+<ruleset name="simtechdev.ru" default_off="failed ruleset test">
+	<target host="simtechdev.ru" />
+	<target host="www.simtechdev.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/singyin.edu.hk.xml b/src/chrome/content/rules/singyin.edu.hk.xml
new file mode 100644
index 000000000000..3931fdded03c
--- /dev/null
+++ b/src/chrome/content/rules/singyin.edu.hk.xml
@@ -0,0 +1,37 @@
+<ruleset name="singyin.edu.hk">
+
+	<target host="www.singyin.edu.hk" /> <!-- Though a loading spinner is on HTTP -->
+	<target host="singyin.edu.hk" /> <!-- Though a loading spinner is on HTTP -->
+	<target host="www.syss.edu.hk" /> <!-- Though a loading spinner is on HTTP -->
+	<target host="syss.edu.hk" /> <!-- Though a loading spinner is on HTTP -->
+
+	<target host="eclass.singyin.edu.hk" />
+	<target host="lib.singyin.edu.hk" />
+	<target host="weather.singyin.edu.hk" />
+	<target host="judge.singyin.edu.hk" />
+	<target host="pastpaper2.singyin.edu.hk" />
+
+<!--
+	Incorrect config
+		www2.singyin.edu.hk (Redirects to judge.)
+
+	Unused subdomains:
+		o365.singyin.edu.hk (Redirects to judge. on HTTP. Invalid page on HTTPS)
+
+	No longer used subdomains:
+		parent.singyin.edu.hk
+		pastpaper.singyin.edu.hk
+
+	Already always redirects to HTTPS
+		loginhelper.singyin.edu.hk
+
+	Subdomains to G Suite, e.g.
+		mail.singyin.edu.hk
+		drive.singyin.edu.hk
+		calendar.singyin.edu.hk
+		syaa.singyin.edu.hk (G Sites subdomain)
+		student.singyin.edu.hk (Redirects to sites.google.com/* G Sites)
+-->
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/sirinlabs.com.xml b/src/chrome/content/rules/sirinlabs.com.xml
new file mode 100644
index 000000000000..201530b8eec2
--- /dev/null
+++ b/src/chrome/content/rules/sirinlabs.com.xml
@@ -0,0 +1,14 @@
+<ruleset name="Sirin Labs.com">
+
+	<target host="sirinlabs.com" />
+	<target host="www.sirinlabs.com" />
+
+
+	<securecookie host="^\." name="^(?:incap_ses|nlbi|visid_incap)_" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/sirsidynix.com-resources.xml b/src/chrome/content/rules/sirsidynix.com-resources.xml
new file mode 100644
index 000000000000..e567b3b9ab2b
--- /dev/null
+++ b/src/chrome/content/rules/sirsidynix.com-resources.xml
@@ -0,0 +1,36 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://go.sirsidynix.com/rs/325-MEI-708/images/socialmedia-01.png (200) => https://na-ab02.marketo.com/rs/325-MEI-708/images/socialmedia-01.png (403)
+
+	For rules covering more than resources, see sirsidynix.com.xml.
+
+	Note: platform is so as not to increase non-Tor
+	distinguishability, given that no pages are covered
+	and no mixed content secured.
+
+-->
+<ruleset name="SirsiDynix.com (resources)" platform="mixedcontent" default_off="failed ruleset test">
+
+	<!--	Complications:
+				-->
+	<target host="go.sirsidynix.com" />
+
+		<exclusion pattern="^http://go\.sirsidynix\.com/(?!/*(?:cs|image|r)s/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://go.sirsidynix.com/2015-12-01-Item-Report-Everyones-Best-Friend.html" />
+			<test url="http://go.sirsidynix.com/2016-02-10-Selecting-Your-ILS-Part-1-Wbr.html" />
+			<test url="http://go.sirsidynix.com/BLUEcloud-Analytics-Overview-On-Demand.html" />
+			<test url="http://go.sirsidynix.com/BLUEcloud-Lists-On-Demand.html" />
+
+			<!--	-ve:
+					-->
+			<test url="http://go.sirsidynix.com/rs/325-MEI-708/images/socialmedia-01.png" />
+
+
+	<rule from="^http://go\.sirsidynix\.com/"
+		to="https://na-ab02.marketo.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/sirsidynix.com.xml b/src/chrome/content/rules/sirsidynix.com.xml
new file mode 100644
index 000000000000..735e711262d1
--- /dev/null
+++ b/src/chrome/content/rules/sirsidynix.com.xml
@@ -0,0 +1,86 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://go.sirsidynix.com/rs/sirsidynix1/images/STEMtoolkit.pdf (200) => https://na-ab02.marketo.com/rs/sirsidynix1/images/STEMtoolkit.pdf (403)
+
+	For rules covering resources which do not secure
+	mixed content, see sirsidynix.com-resources.xml.
+
+
+	Nonfunctional hosts in *sirsidynix.com:
+
+		- (www.)? ᵇ
+		- cosabeta ᵈ
+		- enhancements ᵇ
+		- go ᵃ
+		- marcom2 ᵇ
+
+	ᵃ Marketo / shows another domain
+	ᵇ Shows default page
+	ᵈ Dropped
+
+
+	These altnames do not exist:
+
+		- www.support.sirsidynix.com
+
+-->
+<ruleset name="SirsiDynix.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="support.sirsidynix.com" />
+
+	<!--	Complications:
+				-->
+	<target host="go.sirsidynix.com" />
+
+		<!--exclusion pattern="^http://go\.sirsidynix\.com/(?!/*(?:cs|image|r)s/)" /-->
+		<!--
+			Reduce non-Tor distinguishability:
+								-->
+		<exclusion pattern="^http://go\.sirsidynix\.com/(?!/*rs/.+\.(?:docx?|pdf)(?:$|\?))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://go.sirsidynix.com/2015-12-01-Item-Report-Everyones-Best-Friend.html" />
+			<test url="http://go.sirsidynix.com/2016-02-10-Selecting-Your-ILS-Part-1-Wbr.html" />
+			<test url="http://go.sirsidynix.com/BLUEcloud-Analytics-Overview-On-Demand.html" />
+			<test url="http://go.sirsidynix.com/BLUEcloud-Lists-On-Demand.html" />
+			<test url="http://go.sirsidynix.com/BLUEcloud-Visibility-The-Visible-Advantage-SD-Webinar.html" />
+			<test url="http://go.sirsidynix.com/Embedding-Your-Public-Library-as-a-Community-Anchor_Download-eBook-LP.html" />
+			<test url="http://go.sirsidynix.com/Horizon-Ninja-Series-Damaged-Books-On-Demand.html" />
+			<test url="http://go.sirsidynix.com/Horizon-Ninja-Series-Item-Group-Editor-On-Demand.html" />
+			<!--
+			<test url="http://go.sirsidynix.com/How-to-Lead-Your-Library-Part-Three-Evaluation-SD-Webinar.html" />
+			<test url="http://go.sirsidynix.com/Inspired-Team-How-to-create-a-motivating-workplace-and-engage-your-employees-SD-Webinar.html" />
+			<test url="http://go.sirsidynix.com/Inspired-Team-How-to-create-a-motivating-workplace-and-engage-your-employees-SD-Webinar.html" />
+			<test url="http://go.sirsidynix.com/Kickstart-Your-RFP-eBook.html" />
+			<test url="http://go.sirsidynix.com/Library-Linked-Data-on-the-Open-Web-SD-Webinar.html" />
+			<test url="http://go.sirsidynix.com/Linked-Data-101-Introduction-to-Linked-Data-Wbr.html" />
+			<test url="http://go.sirsidynix.com/MobileCirc-Product-Overview-On-Demand.html" />
+			<test url="http://go.sirsidynix.com/SD-Request-a-Demo.html" />
+			<test url="http://go.sirsidynix.com/Selecting-and-Implementing-an-ILS-Part-2-On-Demand.html" />
+			<test url="http://go.sirsidynix.com/Symphony-Ninja-Series-Searching-Tips-in-Symphony-On-Demand.html" />
+			<test url="http://go.sirsidynix.com/Symphony-Ninja-Series-Searching-Tips-in-Symphony-SD-Webinar.html" />
+			<test url="http://go.sirsidynix.com/Where-Should-I-Host-My-ILS-On-Demand.html" />
+			-->
+
+			<!--	-ve:
+					-->
+			<!--
+			<test url="http://go.sirsidynix.com/rs/325-MEI-708/images/socialmedia-01.png" />
+			-->
+			<test url="http://go.sirsidynix.com/rs/sirsidynix1/images/STEMtoolkit.pdf" />
+
+
+	<securecookie host="^(?!go\.)\w" name=".+" />
+
+
+	<rule from="^http://go\.sirsidynix\.com/"
+		to="https://na-ab02.marketo.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/sis001.xml b/src/chrome/content/rules/sis001.xml
new file mode 100644
index 000000000000..d2aa14f4ece2
--- /dev/null
+++ b/src/chrome/content/rules/sis001.xml
@@ -0,0 +1,14 @@
+<ruleset name="sis001">
+	<target host="sis001.com" />
+	<target host="www.sis001.com" />
+
+	<!--	mismatched	-->
+	<target host="sis001.us" />
+	<target host="www.sis001.us" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://(www\.)?sis001\.us/" to="https://www.sis001.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/sitejam.com.xml b/src/chrome/content/rules/sitejam.com.xml
new file mode 100644
index 000000000000..ac4509fa738a
--- /dev/null
+++ b/src/chrome/content/rules/sitejam.com.xml
@@ -0,0 +1,35 @@
+<!--
+	Problematic hosts in *sitejam.com:
+
+		- ^ ᵐ
+		- 55b558c7-site ᶜ
+		- www ᶜ
+
+	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
+	ᵐ Mismatched
+
+-->
+<ruleset name="sitejam.com" default_off="cert-chain">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="55b558c7-site.sitejam.com" />
+	<target host="www.sitejam.com" />
+
+		<test url="https://55b558c7-site.sitejam.com/_css/site_289695_76615_29.css" />
+
+	<!--	Complications:
+				-->
+	<target host="sitejam.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://sitejam\.com/"
+		to="https://www.sitejam.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/sitelabs.co.uk.xml b/src/chrome/content/rules/sitelabs.co.uk.xml
new file mode 100644
index 000000000000..45db467aa186
--- /dev/null
+++ b/src/chrome/content/rules/sitelabs.co.uk.xml
@@ -0,0 +1,19 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.sitelabs.co.uk/ => https://www.sitelabs.co.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'www.sitelabs.co.uk'")
+
+-->
+<ruleset name="SiteLabs.co.uk" default_off="failed ruleset test">
+
+	<target host="sitelabs.co.uk" />
+	<target host="www.sitelabs.co.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/sitesoft.ru.xml b/src/chrome/content/rules/sitesoft.ru.xml
new file mode 100644
index 000000000000..62c32a2b19b9
--- /dev/null
+++ b/src/chrome/content/rules/sitesoft.ru.xml
@@ -0,0 +1,30 @@
+<!--
+limited.spetsstroy.offline.fso.sitesoft.ru ³
+fsin.sitesoft.ru ⁶
+limited.spetsstroy.offline.fso.sitesoft.ru ³
+fsin.kzn.sitesoft.ru ¹
+34.mvdnew.sitesoft.ru ¹
+06.mvdnew.sitesoft.ru ¹
+67.mvdnew.sitesoft.ru ¹
+uzao.mvd2.sitesoft.ru ¹
+04.mvdnew.sitesoft.ru ¹
+sledcom.vz.sitesoft.ru ¹
+79.mvdnew.sitesoft.ru ¹
+68.mvdnew.sitesoft.ru ¹
+pda.fsin.sitesoft.ru ¹
+36.mvdnew.sitesoft.ru ¹
+spetsstroy.offline.fso.sitesoft.ru ³
+53.mvdnew.sitesoft.ru ¹
+
+
+¹ mismatch
+³ timed out
+⁶ redirect
+-->
+<ruleset name="sitesoft.ru">
+	<target host="sitesoft.ru" />
+	<target host="www.sitesoft.ru" />
+	<target host="petrovka2.sitesoft.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/sixapart.com.xml b/src/chrome/content/rules/sixapart.com.xml
new file mode 100644
index 000000000000..9b2f1a5df9f4
--- /dev/null
+++ b/src/chrome/content/rules/sixapart.com.xml
@@ -0,0 +1,32 @@
+<!--
+	For other Six Apart coverage, see SixApart.xml.
+
+
+	Problematic hosts in *sixapart.com:
+
+		- (www.)? ᵐ
+		- help ᵐ
+
+	ᵐ Mismatched
+
+-->
+<ruleset name="Six Apart.com">
+
+	<!--	Complications:
+				-->
+	<target host="sixapart.com" />
+	<target host="help.sixapart.com" />
+	<target host="www.sixapart.com" />
+
+
+	<!--	Redirect drops all:
+					-->
+	<rule from="^http://(?:www\.)?sixapart\.com/.*"
+		to="https://movabletype.com/" />
+
+		<test url="http://sixapart.com/index.htm" />
+
+	<rule from="^http://help\.sixapart\.com/"
+		to="https://movabletype.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/sixfab.com.xml b/src/chrome/content/rules/sixfab.com.xml
new file mode 100644
index 000000000000..54135af0dcfb
--- /dev/null
+++ b/src/chrome/content/rules/sixfab.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="sixfab.com" platform="mixedcontent">
+	<target host="sixfab.com" />
+	<target host="www.sixfab.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/siz.ch.xml b/src/chrome/content/rules/siz.ch.xml
new file mode 100644
index 000000000000..4638ec16deba
--- /dev/null
+++ b/src/chrome/content/rules/siz.ch.xml
@@ -0,0 +1,12 @@
+<!--
+	404:
+		- exam
+		- web
+-->
+<ruleset name="siz.ch">
+	<target host="siz.ch" />
+	<target host="www.siz.ch" />
+	<target host="find.siz.ch" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/sjme.de.xml b/src/chrome/content/rules/sjme.de.xml
new file mode 100644
index 000000000000..c3721553508c
--- /dev/null
+++ b/src/chrome/content/rules/sjme.de.xml
@@ -0,0 +1,10 @@
+<ruleset name="sjme.de">
+
+	<target host="sjme.de" />
+	<target host="www.sjme.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/sjpl.org.xml b/src/chrome/content/rules/sjpl.org.xml
new file mode 100644
index 000000000000..d12c2c02a072
--- /dev/null
+++ b/src/chrome/content/rules/sjpl.org.xml
@@ -0,0 +1,27 @@
+<!--
+	San Jose Public Library
+
+
+	Insecure cookies are set for these hosts:
+
+		- events.sjpl.org
+
+-->
+<ruleset name="SJPL.org">
+
+	<target host="sjpl.org" />
+	<target host="events.sjpl.org" />
+	<target host="www.sjpl.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^events\.sjpl\.org$" name="^_session_id$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/sk.ru.xml b/src/chrome/content/rules/sk.ru.xml
new file mode 100644
index 000000000000..ab2afb10419c
--- /dev/null
+++ b/src/chrome/content/rules/sk.ru.xml
@@ -0,0 +1,33 @@
+<!--
+autodiscover.sk.ru ³
+contractors.sk.ru ³
+cyber2016.sk.ru ¹
+cyberday.sk.ru ¹
+it.sk.ru ¹
+lab.sk.ru ³
+my.sk.ru ¹
+onco.sk.ru ¹
+owa.sk.ru ¹
+patents.sk.ru ¹
+skonnect.sk.ru ¹
+soft.sk.ru ¹
+stpl.sk.ru ¹
+www.feedback.sk.ru nonexist
+
+
+¹ mismatch
+³ timed out
+-->
+<ruleset name="sk.ru">
+	<target host="sk.ru" />
+	<target host="community.sk.ru" />
+	<target host="contact.sk.ru" />
+	<target host="crm.sk.ru" />
+	<target host="feedback.sk.ru" />
+	<target host="lk.sk.ru" />
+	<target host="skat.sk.ru" />
+	<target host="webvpn.sk.ru" />
+	<target host="www.sk.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/skatelescope.org.xml b/src/chrome/content/rules/skatelescope.org.xml
new file mode 100644
index 000000000000..42c326f02160
--- /dev/null
+++ b/src/chrome/content/rules/skatelescope.org.xml
@@ -0,0 +1,21 @@
+<!--
+	Nonfunctional hosts in *skatelescope.org:
+
+		- astronomers ᵃ
+
+	ᵃ Shows www.skatelescope.org
+
+-->
+<ruleset name="SKA Telescope.org (partial)">
+
+	<target host="skatelescope.org" />
+	<target host="www.skatelescope.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/skbbank.ru.xml b/src/chrome/content/rules/skbbank.ru.xml
new file mode 100644
index 000000000000..dad384f4da21
--- /dev/null
+++ b/src/chrome/content/rules/skbbank.ru.xml
@@ -0,0 +1,7 @@
+<ruleset name="skbbank.ru">
+        <target host="skbbank.ru" />
+        <target host="ib.skbbank.ru" />
+
+        <rule from="^http:"
+                to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/skeptoid.com.xml b/src/chrome/content/rules/skeptoid.com.xml
new file mode 100644
index 000000000000..84ec3d779c52
--- /dev/null
+++ b/src/chrome/content/rules/skeptoid.com.xml
@@ -0,0 +1,40 @@
+<!--
+	www.skeptoid.com: Mismatched
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- skeptoid.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Skeptoid.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="skeptoid.com" />
+
+	<!--	Complications:
+				-->
+	<target host="www.skeptoid.com" />
+
+		<!--	Sets cookie without Secure:
+							-->
+		<!--test url="http://skeptoid.com/book.php" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^skeptoid\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://www\.skeptoid\.com/"
+		to="https://skeptoid.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/skift.com.xml b/src/chrome/content/rules/skift.com.xml
new file mode 100644
index 000000000000..aff69a33cfb5
--- /dev/null
+++ b/src/chrome/content/rules/skift.com.xml
@@ -0,0 +1,47 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.skift.com/ => https://www.skift.com/: Too many redirects while fetching 'https://www.skift.com/'
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- skift.com
+		- edu.skift.com
+		- forum.skift.com
+		- trends.skift.com
+		- www.skift.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- forum from $self ˢ
+			- forum from sknysgf.wpengine.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Skift.com" default_off="failed ruleset test">
+
+	<target host="skift.com" />
+	<target host="edu.skift.com" />
+	<target host="forum.skift.com" />
+	<target host="trends.skift.com" />
+	<target host="www.skift.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:(?:edu|forum|trends|www)\.)?skift\.com$" name="^X-Mapping-" /-->
+
+	<securecookie host="^\." name="_(?:gat?$|gat_|_qca$)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/skillsdevelopmentscotland.co.uk.xml b/src/chrome/content/rules/skillsdevelopmentscotland.co.uk.xml
new file mode 100644
index 000000000000..ef3693572b9e
--- /dev/null
+++ b/src/chrome/content/rules/skillsdevelopmentscotland.co.uk.xml
@@ -0,0 +1,33 @@
+<!--
+	Other Skills Development Scotland rulesets:
+
+		- apprenticeships.scot.xml
+		- myworldofwork.co.uk.xml
+		- ourskillsforce.co.uk.xml
+
+
+	^skillsdevelopmentscotland.co.uk: Handshake fails
+
+-->
+<ruleset name="Skills Development Scotland.co.uk">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.skillsdevelopmentscotland.co.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="skillsdevelopmentscotland.co.uk" />
+
+
+	<securecookie host="^\." name="^_gat?$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://skillsdevelopmentscotland\.co\.uk/"
+		to="https://www.skillsdevelopmentscotland.co.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/sknt.ru.xml b/src/chrome/content/rules/sknt.ru.xml
new file mode 100644
index 000000000000..99815139d010
--- /dev/null
+++ b/src/chrome/content/rules/sknt.ru.xml
@@ -0,0 +1,103 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://bober64.sknt.ru/ => https://bober64.sknt.ru/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://d7.danil.sknt.ru/ => https://d7.danil.sknt.ru/: (7, 'Failed to connect to d7.danil.sknt.ru port 443: No route to host')
+
+al-rein.sknt.ru ⁴
+alexmad.sknt.ru ³
+alfo.sknt.ru ³
+amoris.sknt.ru ³
+an296.sknt.ru ⁴
+anicon.sknt.ru ³
+anima.sknt.ru ³
+arkusha.sknt.ru ²
+bober.sknt.ru ¹
+centrifugo.bober.sknt.ru ¹
+git2.bober.sknt.ru ¹
+centrifugo.sknt.ru ²
+chat.sknt.ru ³
+dale.sknt.ru ³
+danil.sknt.ru ¹
+danya.sknt.ru ³
+dc.sknt.ru ³
+dmdrl.sknt.ru ³
+e-poroshina.sknt.ru ³
+flangeneer.sknt.ru ³
+forum.sknt.ru/: (35, 'error:1408E098:SSL routines:ssl3_get_message:excessive message size')
+freezer.sknt.ru ³
+grekusis.sknt.ru ³
+gta.sknt.ru ³
+hub.sknt.ru ³
+fiber.hub.sknt.ru ⁴
+mail.hub.sknt.ru ⁴
+mux.hub.sknt.ru ³
+id33886.sknt.ru ³
+indi.sknt.ru ³
+infoflow.sknt.ru ³
+kkucherenkov.sknt.ru ³
+limserver.sknt.ru ⁴
+linkpb.sknt.ru ³
+love.sknt.ru ³
+makewarnotlove.sknt.ru ³
+micro.sknt.ru ³
+mitrofanov.sknt.ru ³
+navigator.sknt.ru ³
+newfie.sknt.ru ³
+nikego.sknt.ru ³
+ns.sknt.ru ²
+ns2.sknt.ru ²
+orso.sknt.ru ³
+pand.sknt.ru ³
+pay2.sknt.ru ⁴
+pirogov.sknt.ru ³
+ponomarevs.sknt.ru ³
+pooler.sknt.ru ³
+postfix.sknt.ru ³
+raiderz.sknt.ru ²
+release.sknt.ru ³
+sciproject.sknt.ru ⁵
+sergeynk.sknt.ru ³
+server.sknt.ru ³
+spinout.sknt.ru ³
+ssergey.sknt.ru ³
+toxa.sknt.ru ³
+vasom.sknt.ru ⁴
+vlasovnetwork.sknt.ru ²
+weapon.sknt.ru ⁴
+webmail.sknt.ru ¹
+yiff.sknt.ru ³
+zabbix.sknt.ru ³
+amoris.sknt.ru:8000/: (35, 'Unknown SSL protocol error in connection to amoris.sknt.ru:8000 ')
+
+
+¹ mismatch
+² refused
+³ timed out
+⁴ self signed
+⁵ expired
+-->
+<ruleset name="sknt.ru" default_off="failed ruleset test">
+	<target host="sknt.ru" />
+	<target host="www.sknt.ru" />
+	<target host="abonent-auth.sknt.ru" />
+	<target host="agrr.sknt.ru" />
+	<target host="amatrix.sknt.ru" />
+	<target host="archer.sknt.ru" />
+	<target host="bill.sknt.ru" />
+	<target host="board.sknt.ru" />
+	<target host="docker.bober.sknt.ru" />
+	<target host="git.bober.sknt.ru" />
+	<target host="bober64.sknt.ru" />
+	<target host="d7.danil.sknt.ru" />
+	<target host="feedback.sknt.ru" />
+	<target host="gotya.sknt.ru" />
+	<target host="kycok.sknt.ru" />
+	<target host="dilan.public.sknt.ru" />
+	<target host="redirect.sknt.ru" />
+	<target host="secure.sknt.ru" />
+	<target host="speedtest.sknt.ru" />
+	<target host="start.sknt.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/skolaonline.cz.xml b/src/chrome/content/rules/skolaonline.cz.xml
new file mode 100644
index 000000000000..568221e39e28
--- /dev/null
+++ b/src/chrome/content/rules/skolaonline.cz.xml
@@ -0,0 +1,16 @@
+<ruleset name="ŠKOLA ONLINE a.s.">
+    <target host="aplikace.skolaonline.cz" />
+    <target host="skolaonline.cz" />
+    <target host="www.skolaonline.cz" />
+    <target host="portal.skolaonline.cz" />
+    <target host="podpora.skolaonline.cz" />
+    <target host="firma.skolaonline.cz" />
+    <target host="katedra.skolaonline.cz" />
+    <target host="zakovska.skolaonline.cz" />
+    <target host="olat.skolaonline.cz" />
+    <target host="akademie.skolaonline.cz" />
+    <target host="partner.skolaonline.cz" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/skrinshoter.ru.xml b/src/chrome/content/rules/skrinshoter.ru.xml
new file mode 100644
index 000000000000..cfd20f10324f
--- /dev/null
+++ b/src/chrome/content/rules/skrinshoter.ru.xml
@@ -0,0 +1,15 @@
+<!--
+	Could not resolve:
+		skrinshoter.ru
+
+	Invalid certificate:
+		c.skrinshoter.ru
+		localhost.skrinshoter.ru
+-->
+<ruleset name="skrinshoter.ru">
+	<target host="www.skrinshoter.ru" />
+	<target host="cdn.skrinshoter.ru" />
+	<target host="d0.skrinshoter.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/skycure.com.xml b/src/chrome/content/rules/skycure.com.xml
new file mode 100644
index 000000000000..daeeb0d30233
--- /dev/null
+++ b/src/chrome/content/rules/skycure.com.xml
@@ -0,0 +1,36 @@
+<!--
+	CDN buckets:
+
+		- cg9j53d64gz46qncx41jvxq16p-wpengine.netdna-ssl.com
+
+
+	Problematic hosts in *skycure.com:
+
+		- get ᵐ
+
+	ᵐ Hubspot / mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- mc.skycure.com
+
+-->
+<ruleset name="Skycure.com (partial)">
+
+	<target host="skycure.com" />
+	<target host="mc.skycure.com" />
+	<target host="www.skycure.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^mc\.skycure\.com$" name="^_management_session$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/skyline.tw.xml b/src/chrome/content/rules/skyline.tw.xml
new file mode 100644
index 000000000000..1254e9c8d6af
--- /dev/null
+++ b/src/chrome/content/rules/skyline.tw.xml
@@ -0,0 +1,7 @@
+<ruleset name="skyline.tw">
+	<target host="skyline.tw" />
+	<target host="www.skyline.tw" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/skytal.es.xml b/src/chrome/content/rules/skytal.es.xml
new file mode 100644
index 000000000000..94340f549634
--- /dev/null
+++ b/src/chrome/content/rules/skytal.es.xml
@@ -0,0 +1,19 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.skytal.es/ => https://www.skytal.es/: (51, "SSL: no alternative certificate subject name matches target host name 'www.skytal.es'")
+
+-->
+<ruleset name="Skytal.es" default_off="failed ruleset test">
+
+	<target host="skytal.es" />
+	<target host="www.skytal.es" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/slant.co.xml b/src/chrome/content/rules/slant.co.xml
new file mode 100644
index 000000000000..0c98bf2719aa
--- /dev/null
+++ b/src/chrome/content/rules/slant.co.xml
@@ -0,0 +1,7 @@
+<ruleset name="slant.co">
+	<target host="slant.co" />
+	<target host="www.slant.co" />
+	<target host="cdn.slant.co" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/sledcom.ru.xml b/src/chrome/content/rules/sledcom.ru.xml
new file mode 100644
index 000000000000..e761c6add506
--- /dev/null
+++ b/src/chrome/content/rules/sledcom.ru.xml
@@ -0,0 +1,160 @@
+<!--
+ 	Invalid Certificate:
+        www.altai-krai.sledcom.ru
+        limited.altai-krai.sledcom.ru
+        www.amur.sledcom.ru
+        www.arh.sledcom.ru
+        www.astr.sledcom.ru
+        www.belgorod.sledcom.ru
+        www.bryansk.sledcom.ru
+        www.buryatia.sledcom.ru
+        www.chel.sledcom.ru
+        www.chuvashia.sledcom.ru
+        www.eao.sledcom.ru
+        www.hakasia.sledcom.ru
+        www.hmao.sledcom.ru
+        www.kaluga.sledcom.ru
+        www.karelia.sledcom.ru
+        www.kchr.sledcom.ru
+        www.khabkray.sledcom.ru
+        www.kld.sledcom.ru
+        www.komi.sledcom.ru
+        www.krk.sledcom.ru
+        www.kuban.sledcom.ru
+        limited.kuban.sledcom.ru
+        www.kuzbass.sledcom.ru
+        www.magadan.sledcom.ru
+        www.mordovia.sledcom.ru
+        www.mosobl.sledcom.ru
+        www.murmansk.sledcom.ru
+        www.nnovgorod.sledcom.ru
+        www.nsk.sledcom.ru
+        limited.nsk.sledcom.ru
+        en.m.sledcom.ru
+        www.orel.sledcom.ru
+        www.oren.sledcom.ru
+        www.osetia.sledcom.ru
+        www.primorsky.sledcom.ru
+        www.pskov.sledcom.ru
+        www.rostov.sledcom.ru
+        www.ryazan.sledcom.ru
+        www.saratov.sledcom.ru
+        www.stavropol.sledcom.ru
+        www.surb.sledcom.ru
+        www.sverdlovsk.sledcom.ru
+        www.tambov.sledcom.ru
+        www.tatarstan.sledcom.ru
+        limited.tatarstan.sledcom.ru
+        www.tomsk.sledcom.ru
+        www.tuva.sledcom.ru
+        www.tver.sledcom.ru
+        www.tyumen.sledcom.ru
+        www.vladimir.sledcom.ru
+        www.volgograd.sledcom.ru
+        limited.volgograd.sledcom.ru
+        www.vologda.sledcom.ru
+        www.yanao.sledcom.ru
+        www.yaroslavl.sledcom.ru
+        www.zabaykalye.sledcom.ru
+        www.zapsib-sut.sledcom.ru
+-->
+<ruleset name="Sledcom.ru">
+        <target host="sledcom.ru" />
+        <target host="www.sledcom.ru" />
+        <target host="adygheya.sledcom.ru" />
+        <target host="altai.sledcom.ru" />
+        <target host="altai-krai.sledcom.ru" />
+        <target host="amur.sledcom.ru" />
+        <target host="arh.sledcom.ru" />
+        <target host="astr.sledcom.ru" />
+        <target host="belgorod.sledcom.ru" />
+        <target host="bryansk.sledcom.ru" />
+        <target host="buryatia.sledcom.ru" />
+        <target host="chel.sledcom.ru" />
+        <target host="chr.sledcom.ru" />
+        <target host="chukotka.sledcom.ru" />
+        <target host="chuvashia.sledcom.ru" />
+        <target host="crim.sledcom.ru" />
+        <target host="dagestan.sledcom.ru" />
+        <target host="dvsut.sledcom.ru" />
+        <target host="eao.sledcom.ru" />
+        <target host="en.sledcom.ru" />
+        <target host="hakasia.sledcom.ru" />
+        <target host="hmao.sledcom.ru" />
+        <target host="ingushetia.sledcom.ru" />
+        <target host="irk.sledcom.ru" />
+        <target host="ivanovo.sledcom.ru" />
+        <target host="kalmykia.sledcom.ru" />
+        <target host="kaluga.sledcom.ru" />
+        <target host="kamchatka.sledcom.ru" />
+        <target host="karelia.sledcom.ru" />
+        <target host="kbr.sledcom.ru" />
+        <target host="kchr.sledcom.ru" />
+        <target host="khabkray.sledcom.ru" />
+        <target host="kirov.sledcom.ru" />
+        <target host="kld.sledcom.ru" />
+        <target host="komi.sledcom.ru" />
+        <target host="kostroma.sledcom.ru" />
+        <target host="krk.sledcom.ru" />
+        <target host="kuban.sledcom.ru" />
+        <target host="kurgan.sledcom.ru" />
+        <target host="kursk.sledcom.ru" />
+        <target host="kuzbass.sledcom.ru" />
+        <target host="lenobl.sledcom.ru" />
+        <target host="lipetsk.sledcom.ru" />
+        <target host="m.sledcom.ru" />
+        <target host="magadan.sledcom.ru" />
+        <target host="mari.sledcom.ru" />
+        <target host="mmsut.sledcom.ru" />
+        <target host="mordovia.sledcom.ru" />
+        <target host="moscow.sledcom.ru" />
+        <target host="mosobl.sledcom.ru" />
+        <target host="murmansk.sledcom.ru" />
+        <target host="nnovgorod.sledcom.ru" />
+        <target host="nsk.sledcom.ru" />
+        <target host="omsk.sledcom.ru" />
+        <target host="orel.sledcom.ru" />
+        <target host="oren.sledcom.ru" />
+        <target host="osetia.sledcom.ru" />
+        <target host="penza.sledcom.ru" />
+        <target host="perm.sledcom.ru" />
+        <target host="primorsky.sledcom.ru" />
+        <target host="pskov.sledcom.ru" />
+        <target host="psut.sledcom.ru" />
+        <target host="rostov.sledcom.ru" />
+        <target host="ryazan.sledcom.ru" />
+        <target host="sakh.sledcom.ru" />
+        <target host="samara.sledcom.ru" />
+        <target host="saratov.sledcom.ru" />
+        <target host="sevastopol.sledcom.ru" />
+        <target host="smolensk.sledcom.ru" />
+        <target host="spb.sledcom.ru" />
+        <target host="stavropol.sledcom.ru" />
+        <target host="surb.sledcom.ru" />
+        <target host="sverdlovsk.sledcom.ru" />
+        <target host="szsut.sledcom.ru" />
+        <target host="tambov.sledcom.ru" />
+        <target host="tatarstan.sledcom.ru" />
+        <target host="tomsk.sledcom.ru" />
+        <target host="tula.sledcom.ru" />
+        <target host="tuva.sledcom.ru" />
+        <target host="tver.sledcom.ru" />
+        <target host="tyumen.sledcom.ru" />
+        <target host="udm.sledcom.ru" />
+        <target host="ulyanovsk.sledcom.ru" />
+        <target host="ural-trans.sledcom.ru" />
+        <target host="vladimir.sledcom.ru" />
+        <target host="vnovgorod.sledcom.ru" />
+        <target host="volgograd.sledcom.ru" />
+        <target host="vologda.sledcom.ru" />
+        <target host="voronezh.sledcom.ru" />
+        <target host="vssut.sledcom.ru" />
+        <target host="yanao.sledcom.ru" />
+        <target host="yaroslavl.sledcom.ru" />
+        <target host="ykt.sledcom.ru" />
+        <target host="yusut.sledcom.ru" />
+        <target host="zabaykalye.sledcom.ru" />
+        <target host="zapsib-sut.sledcom.ru" />
+
+        <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/slsknet.org.xml b/src/chrome/content/rules/slsknet.org.xml
new file mode 100644
index 000000000000..800ffcc526ad
--- /dev/null
+++ b/src/chrome/content/rules/slsknet.org.xml
@@ -0,0 +1,9 @@
+<ruleset name="Soulseek">
+
+	<target host="slsknet.org" />
+	<target host="www.slsknet.org" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/smart-DSL.xml b/src/chrome/content/rules/smart-DSL.xml
new file mode 100644
index 000000000000..2be42cd08770
--- /dev/null
+++ b/src/chrome/content/rules/smart-DSL.xml
@@ -0,0 +1,11 @@
+<ruleset name="smart-DSL GmbH">
+
+<target host="smart-dsl.net"/>
+<target host="www.smart-dsl.net" />
+<target host="smartone.de"/>
+<target host="www.smartone.de" />
+
+<rule from="^http://(www\.)?smart\-dsl\.net/" to="https://www.smartone.de/"/>
+<rule from="^http://(www\.)?smartone\.de/" to="https://www.smartone.de/"/>
+
+</ruleset>
diff --git a/src/chrome/content/rules/smart-places.org.xml b/src/chrome/content/rules/smart-places.org.xml
new file mode 100644
index 000000000000..665b915c6099
--- /dev/null
+++ b/src/chrome/content/rules/smart-places.org.xml
@@ -0,0 +1,27 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- optout.smart-places.org
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Smart-Places.org">
+
+	<target host="smart-places.org" />
+	<target host="optout.smart-places.org" />
+	<target host="www.smart-places.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^optout\.smart-places\.org$" name="^(?:AWSELB|PHPSESSID)$" /-->
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/smart-soft.ru.xml b/src/chrome/content/rules/smart-soft.ru.xml
new file mode 100644
index 000000000000..3d3596471c4c
--- /dev/null
+++ b/src/chrome/content/rules/smart-soft.ru.xml
@@ -0,0 +1,19 @@
+<!--
+blog.smart-soft.ru mixed content
+help.smart-soft.ru ⁴
+list.smart-soft.ru ⁴
+masterhost.smart-soft.ru ⁴
+mx.smart-soft.ru ⁴
+mx3.smart-soft.ru ³
+forum.smart-soft.ru different content
+
+
+³ timed out
+⁴ self signed
+-->
+<ruleset name="smart-soft.ru">
+	<target host="smart-soft.ru" />
+	<target host="www.smart-soft.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/smartbear.com.xml b/src/chrome/content/rules/smartbear.com.xml
new file mode 100644
index 000000000000..2f159fa496ef
--- /dev/null
+++ b/src/chrome/content/rules/smartbear.com.xml
@@ -0,0 +1,18 @@
+<!--
+blog.smartbear.com mismatch
+www2.smartbear.com mismatch
+readyapi.smartbear.com timed out
+eclipse.smartbear.com mismatch
+-->
+<ruleset name="smartbear.com">
+	<target host="smartbear.com" />
+	<target host="www.smartbear.com" />
+	<target host="community.smartbear.com" />
+	<target host="my.smartbear.com" />
+	<target host="support.smartbear.com" />
+	<target host="accounts.smartbear.com" />
+	<target host="downloads.smartbear.com" />
+	<target host="login.qacomplete.smartbear.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/smartcity.taipei.xml b/src/chrome/content/rules/smartcity.taipei.xml
new file mode 100644
index 000000000000..476a89913864
--- /dev/null
+++ b/src/chrome/content/rules/smartcity.taipei.xml
@@ -0,0 +1,7 @@
+<ruleset name="smartcity.taipei">
+	<target host="smartcity.taipei" />
+	<target host="www.smartcity.taipei" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/smartdnsproxy.com.xml b/src/chrome/content/rules/smartdnsproxy.com.xml
new file mode 100644
index 000000000000..9eb4c2140c11
--- /dev/null
+++ b/src/chrome/content/rules/smartdnsproxy.com.xml
@@ -0,0 +1,27 @@
+<!--
+	Invalid certificate:
+		cdn.smartdnsproxy.com
+		sdp-regapi.smartdnsproxy.com
+		dns-00-00.smartdnsproxy.com
+		dns-00-02.smartdnsproxy.com
+		try.smartdnsproxy.com
+
+	Refused:
+		mail.smartdnsproxy.com
+
+	Time out:
+		email.smartdnsproxy.com
+-->
+<ruleset name="smartdnsproxy.com">
+	<target host="smartdnsproxy.com" />
+	<target host="www.smartdnsproxy.com" />
+	<target host="cdn77.smartdnsproxy.com" />
+	<target host="css.smartdnsproxy.com" />
+	<target host="images.smartdnsproxy.com" />
+	<target host="lab.smartdnsproxy.com" />
+	<target host="lib.smartdnsproxy.com" />
+	<target host="support.smartdnsproxy.com" />
+	<target host="userdocs.smartdnsproxy.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/smarthead.ru.xml b/src/chrome/content/rules/smarthead.ru.xml
new file mode 100644
index 000000000000..9ddfc975c4bf
--- /dev/null
+++ b/src/chrome/content/rules/smarthead.ru.xml
@@ -0,0 +1,14 @@
+<!--
+share.smarthead.ru different content
+support.smarthead.ru ¹
+
+
+¹ mismatch
+-->
+<ruleset name="smarthead.ru">
+	<target host="smarthead.ru" />
+	<target host="www.smarthead.ru" />
+	<target host="client.smarthead.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/smartmontools.org.xml b/src/chrome/content/rules/smartmontools.org.xml
new file mode 100644
index 000000000000..2f478c779a72
--- /dev/null
+++ b/src/chrome/content/rules/smartmontools.org.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.smartmontools.org
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="smartmontools.org">
+
+	<target host="smartmontools.org" />
+	<target host="www.smartmontools.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.smartmontools\.org$" name="^trac_(?:form_token|session)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/smava.xml b/src/chrome/content/rules/smava.xml
new file mode 100644
index 000000000000..30f0cf0e006c
--- /dev/null
+++ b/src/chrome/content/rules/smava.xml
@@ -0,0 +1,5 @@
+<ruleset name="smava">
+  <target host="www.smava.de" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/smeserver.org.xml b/src/chrome/content/rules/smeserver.org.xml
new file mode 100644
index 000000000000..ae62f5c6a08e
--- /dev/null
+++ b/src/chrome/content/rules/smeserver.org.xml
@@ -0,0 +1,10 @@
+<!--www. mismatch-->
+<ruleset name="smeserver.org">
+	<target host="smeserver.org" />
+	<target host="www.smeserver.org" />
+
+	<rule from="^http://www\.smeserver\.org/"
+		to="https://smeserver.org/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/smile-net.ru.xml b/src/chrome/content/rules/smile-net.ru.xml
new file mode 100644
index 000000000000..c98d0e7a8b4a
--- /dev/null
+++ b/src/chrome/content/rules/smile-net.ru.xml
@@ -0,0 +1,11 @@
+<!--
+smile-net.ru timed out
+www.smile-net.ru timed out
+chat.smile-net.ru timed out
+support.smile-net.ru mismatch
+-->
+<ruleset name="smile-net.ru (partial)">
+	<target host="user.smile-net.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/smokefree.hk.xml b/src/chrome/content/rules/smokefree.hk.xml
new file mode 100644
index 000000000000..57fe42c4e50a
--- /dev/null
+++ b/src/chrome/content/rules/smokefree.hk.xml
@@ -0,0 +1,20 @@
+<!--
+	Nonfunctional hosts in *.smokefree.hk:
+		- catering.smokefree.hk (r)
+		- quitters.smokefree.hk (r)
+		- smokefreefamily.smokefree.hk (r)
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Hong Kong Council on Smoking and Health">
+	<target host="exercise.smokefree.hk" />
+	<target host="smokefreeteens.smokefree.hk" />
+	<target host="smokefree.hk" />
+	<target host="www.smokefree.hk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/smoozed.com.xml b/src/chrome/content/rules/smoozed.com.xml
new file mode 100644
index 000000000000..4ac2b690db8f
--- /dev/null
+++ b/src/chrome/content/rules/smoozed.com.xml
@@ -0,0 +1,14 @@
+<ruleset name="Smoozed.com">
+
+	<target host="smoozed.com" />
+	<target host="www.smoozed.com" />
+
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/smozaika.ru.xml b/src/chrome/content/rules/smozaika.ru.xml
new file mode 100644
index 000000000000..417309d69d5e
--- /dev/null
+++ b/src/chrome/content/rules/smozaika.ru.xml
@@ -0,0 +1,5 @@
+<ruleset name="smozaika.ru">
+	<target host="smozaika.ru" />
+	<target host="www.smozaika.ru" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/sms-online.co.xml b/src/chrome/content/rules/sms-online.co.xml
new file mode 100644
index 000000000000..7b2b559d0250
--- /dev/null
+++ b/src/chrome/content/rules/sms-online.co.xml
@@ -0,0 +1,8 @@
+<ruleset name="sms-online.co">
+	<target host="sms-online.co" />
+	<target host="www.sms-online.co" />
+	<target host="cdn.sms-online.co" />
+	<target host="develop.sms-online.co" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/smspower.org.xml b/src/chrome/content/rules/smspower.org.xml
new file mode 100644
index 000000000000..cb96f358fa54
--- /dev/null
+++ b/src/chrome/content/rules/smspower.org.xml
@@ -0,0 +1,22 @@
+<!--
+	502：
+		^
+
+	Invalid certificate:
+		webmail.smspower.org
+
+	Refused:
+		radio.smspower.org
+		johnnyz.smspower.org
+		bto8.smspower.org
+		shellcore.smspower.org
+		gdri.smspower.org
+		blog.smspower.org
+-->
+<ruleset name="smspower.org">
+	<target host="smspower.org" />
+	<target host="www.smspower.org" />
+
+	<rule from="^http://smspower\.org/" to="https://www.smspower.org/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/smsreceiveonline.com.xml b/src/chrome/content/rules/smsreceiveonline.com.xml
new file mode 100644
index 000000000000..3e85daccc3c9
--- /dev/null
+++ b/src/chrome/content/rules/smsreceiveonline.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="smsreceiveonline.com">
+	<target host="smsreceiveonline.com" />
+	<target host="www.smsreceiveonline.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/snag.gy.xml b/src/chrome/content/rules/snag.gy.xml
new file mode 100644
index 000000000000..dbeaf0ae195b
--- /dev/null
+++ b/src/chrome/content/rules/snag.gy.xml
@@ -0,0 +1,8 @@
+<ruleset name="snag.gy">
+        <target host="snag.gy" />
+        <target host="www.snag.gy" />
+        <target host="i.snag.gy" />
+
+        <rule from="^http:"
+                to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/snap-ci.com.xml b/src/chrome/content/rules/snap-ci.com.xml
new file mode 100644
index 000000000000..6fe92c38a552
--- /dev/null
+++ b/src/chrome/content/rules/snap-ci.com.xml
@@ -0,0 +1,14 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://production-website.snap-ci.com/ => https://production-website.snap-ci.com/: (6, 'Could not resolve host: production-website.snap-ci.com')
+
+-->
+<ruleset name="snap-ci.com" default_off="failed ruleset test">
+	<target host="snap-ci.com" />
+	<target host="www.snap-ci.com" />
+	<target host="blog.snap-ci.com" />
+	<target host="docs.snap-ci.com" />
+	<target host="production-website.snap-ci.com" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/snapraid.it.xml b/src/chrome/content/rules/snapraid.it.xml
new file mode 100644
index 000000000000..47bd72a936fe
--- /dev/null
+++ b/src/chrome/content/rules/snapraid.it.xml
@@ -0,0 +1,9 @@
+<!--
+	Invalid certificate:
+		beta.snapraid.it
+-->
+<ruleset name="snapraid.it">
+	<target host="www.snapraid.it" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/snapsurveys.com.xml b/src/chrome/content/rules/snapsurveys.com.xml
new file mode 100644
index 000000000000..80a1406535ac
--- /dev/null
+++ b/src/chrome/content/rules/snapsurveys.com.xml
@@ -0,0 +1,27 @@
+<!--
+	Mixed content:
+
+		- Images from www.snapsurveys.com ˢ
+		- Bug from seal-concord.bbb.org ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="Snap Surveys.com">
+
+	<target host="snapsurveys.com" />
+	<target host="www.snapsurveys.com" />
+
+		<!--	Mixed content:
+					-->
+		<!--test url="http://www.snapsurveys.com/blog/" /-->
+
+
+	<securecookie host="^\w" name=".+" />
+	<securecookie host="^\." name="^_gat?$" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/sneakerfreaker.com-falsemixed.xml b/src/chrome/content/rules/sneakerfreaker.com-falsemixed.xml
new file mode 100644
index 000000000000..45be05a21e42
--- /dev/null
+++ b/src/chrome/content/rules/sneakerfreaker.com-falsemixed.xml
@@ -0,0 +1,25 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://archive.sneakerfreaker.com/ => https://archive.sneakerfreaker.com/: (60, 'SSL certificate problem: certificate has expired')
+
+	For rules not causing false/broken MCB, see sneakerfreaker.com.xml.
+
+
+	NB: See https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Sneaker Freaker.com (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
+
+	<target host="archive.sneakerfreaker.com" />
+	<target host="forum.sneakerfreaker.com" />
+
+
+	<securecookie host="^\." name="^(?:__cfduid$|__qca$|_gat?$|_gat_|cf_clearance$)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/sneakerfreaker.com.xml b/src/chrome/content/rules/sneakerfreaker.com.xml
new file mode 100644
index 000000000000..165e966a6b76
--- /dev/null
+++ b/src/chrome/content/rules/sneakerfreaker.com.xml
@@ -0,0 +1,57 @@
+<!--
+	For rules causing false/broken MCB, see sneakerfreaker.com.xml.
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- forum.sneakerfreaker.com
+		- shop.sneakerfreaker.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css, on:
+
+			- archive, forum from $self ˢ
+			- www from fonts.googleapis.com ˢ
+
+		- Images, on:
+
+			- archive from from $self ˢ
+			- shop from cdn.shopify.com ˢ
+
+		- Ads, on:
+
+			- archive from au.effectivemeasure.net ˢ
+			- archive from www.facebook.com ˢ
+			- archive from pixel.quantserve.com ˢ
+			- archive from b.scorecardresearch.com ˢ
+			- forum from www.sneakerfreaker.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Sneaker Freaker.com (partial)">
+
+	<target host="sneakerfreaker.com" />
+	<!--target host="archive.sneakerfreaker.com" /-->
+	<!--target host="forum.sneakerfreaker.com" /-->
+	<target host="shop.sneakerfreaker.com" />
+	<target host="www.sneakerfreaker.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^forum\.sneakerfreaker\.com$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^shop\.sneakerfreaker\.com$" name="^(?:_orig_referrer|_landing_page|cart_sig)$" /-->
+
+	<securecookie host="^\." name="^(?:__cfduid$|__qca$|_gat?$|_gat_|cf_clearance$)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/sneakersaddict.com.xml b/src/chrome/content/rules/sneakersaddict.com.xml
new file mode 100644
index 000000000000..13c0d230bb4a
--- /dev/null
+++ b/src/chrome/content/rules/sneakersaddict.com.xml
@@ -0,0 +1,15 @@
+<ruleset name="Sneakers Addict.com">
+
+	<target host="sneakersaddict.com" />
+	<target host="images.sneakersaddict.com" />
+	<target host="www.sneakersaddict.com" />
+
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/snipboard.io.xml b/src/chrome/content/rules/snipboard.io.xml
new file mode 100644
index 000000000000..68a00db40ea9
--- /dev/null
+++ b/src/chrome/content/rules/snipboard.io.xml
@@ -0,0 +1,14 @@
+<!--
+	Refused:
+		email.snipboard.io
+-->
+<ruleset name="snipboard.io">
+	<target host="snipboard.io" />
+	<target host="www.snipboard.io" />
+	<target host="dev.snipboard.io" />
+	<target host="i.snipboard.io" />
+	<target host="static.snipboard.io" />
+
+	<rule from="^http://www\.snipboard\.io/" to="https://snipboard.io/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/sns.gov.uk.xml b/src/chrome/content/rules/sns.gov.uk.xml
new file mode 100644
index 000000000000..4784ffcee817
--- /dev/null
+++ b/src/chrome/content/rules/sns.gov.uk.xml
@@ -0,0 +1,33 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://admin.sns.gov.uk/ => https://admin.sns.gov.uk/: (6, 'Could not resolve host: admin.sns.gov.uk')
+Fetch error: http://www.sns.gov.uk/ => https://admin.sns.gov.uk/: (6, 'Could not resolve host: admin.sns.gov.uk')
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	www.sns.gov.uk: Mismatched
+
+-->
+<ruleset name="SNS.gov.uk" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="admin.sns.gov.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="www.sns.gov.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://www\.sns\.gov\.uk/"
+		to="https://admin.sns.gov.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/snssdk.com.xml b/src/chrome/content/rules/snssdk.com.xml
new file mode 100644
index 000000000000..c824d2c7159f
--- /dev/null
+++ b/src/chrome/content/rules/snssdk.com.xml
@@ -0,0 +1,20 @@
+<!--
+	404:
+		www.snssdk.com
+-->
+
+<ruleset name="snssdk.com">
+	<target host="snssdk.com" />
+	<target host="api.snssdk.com" />
+	<target host="app.snssdk.com" />
+	<target host="eyeu.snssdk.com" />
+	<target host="hotsoon.snssdk.com" />
+	<target host="i.snssdk.com" />
+	<target host="ib.snssdk.com" />
+	<target host="ic.snssdk.com" />
+	<target host="isub.snssdk.com" />
+	<target host="open.snssdk.com" />
+	<target host="temai.snssdk.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/snta.ru.xml b/src/chrome/content/rules/snta.ru.xml
new file mode 100644
index 000000000000..a9c47ccaee51
--- /dev/null
+++ b/src/chrome/content/rules/snta.ru.xml
@@ -0,0 +1,7 @@
+<ruleset name="snta.ru">
+	<target host="snta.ru" />
+	<target host="www.snta.ru" />
+	<target host="sdo.snta.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/snyk.io.xml b/src/chrome/content/rules/snyk.io.xml
new file mode 100644
index 000000000000..efe2ef3f6a81
--- /dev/null
+++ b/src/chrome/content/rules/snyk.io.xml
@@ -0,0 +1,9 @@
+<ruleset name="snyk.io">
+	<target host="snyk.io" />
+	<target host="www.snyk.io" />
+	<target host="app.snyk.io" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/so36.net.xml b/src/chrome/content/rules/so36.net.xml
index 2de22ecea87b..8f48ce9f3a44 100644
--- a/src/chrome/content/rules/so36.net.xml
+++ b/src/chrome/content/rules/so36.net.xml
@@ -1,7 +1,10 @@
-<ruleset name="so36.NET" platform="cacert">
+<ruleset name="so36.NET">
   <target host="so36.net" />
   <target host="*.so36.net" />
 
-	<rule from="^http://so36\.net/" to="https://so36.net/"/>
-	<rule from="^http://([^/:@\.]+)\.so36\.net/" to="https://$1.so36.net/"/>
+		<test url="http://webmail.so36.net/" />
+		<test url="http://www.so36.net/" />
+
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/sobytiya.info.xml b/src/chrome/content/rules/sobytiya.info.xml
new file mode 100644
index 000000000000..236fc221f62b
--- /dev/null
+++ b/src/chrome/content/rules/sobytiya.info.xml
@@ -0,0 +1,13 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://sobytiya.info/ (200) => https://sobytiya.info/ (521)
+Non-2xx HTTP code: http://www.sobytiya.info/ (200) => https://www.sobytiya.info/ (521)
+ afisha. wrong content
+en. wrong content -->
+<ruleset name="sobytiya.info" default_off="failed ruleset test">
+	<target host="sobytiya.info" />
+	<target host="www.sobytiya.info" />
+	<target host="doska.sobytiya.info" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/socialdemocrats.ie.xml b/src/chrome/content/rules/socialdemocrats.ie.xml
new file mode 100644
index 000000000000..fbfa064e5111
--- /dev/null
+++ b/src/chrome/content/rules/socialdemocrats.ie.xml
@@ -0,0 +1,22 @@
+<!--
+	Mixed content:
+
+		- Image on ^ from $self ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Social Democrats.ie">
+
+	<target host="socialdemocrats.ie" />
+	<target host="www.socialdemocrats.ie" />
+
+
+	<securecookie host="^\." name="^(?:__cfduid$|_ga|cf_clearance$)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/softforge.de.xml b/src/chrome/content/rules/softforge.de.xml
new file mode 100644
index 000000000000..e6f7fc2591ce
--- /dev/null
+++ b/src/chrome/content/rules/softforge.de.xml
@@ -0,0 +1,5 @@
+<ruleset name="softforge.de">
+	<target host="softforge.de" />
+	<target host="www.softforge.de" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/softline.ru.xml b/src/chrome/content/rules/softline.ru.xml
new file mode 100644
index 000000000000..728f24be48e6
--- /dev/null
+++ b/src/chrome/content/rules/softline.ru.xml
@@ -0,0 +1,122 @@
+<!--
+softline.ru ⁶
+www.softline.ru ⁶
+1468.softline.ru ¹
+20let.softline.ru ¹
+CWA.softline.ru ³
+acad.softline.ru ¹
+autodesk.softline.ru ¹
+azure.softline.ru ¹
+bizspark.softline.ru ¹
+cisco.softline.ru ¹
+citrix-test.softline.ru ⁴
+cloud.softline.ru ¹
+www.cloud.softline.ru ¹
+av-edge01.saas.cloud.softline.ru ³
+dialin.saas.cloud.softline.ru ³
+dirpool01.saas.cloud.softline.ru ³
+lyncpool01.saas.cloud.softline.ru ³
+meet.saas.cloud.softline.ru ³
+msk01-hvh-01.saas.cloud.softline.ru ¹
+msk01-hvh-09.saas.cloud.softline.ru ¹
+msk01-ns-01.saas.cloud.softline.ru ³
+sip-edge01.saas.cloud.softline.ru ³
+web-edge01.saas.cloud.softline.ru ³
+connect8.softline.ru ³
+connect8media.softline.ru ³
+controlpanel.softline.ru ⁵
+adfsnlb.crm.softline.ru ¹
+crystal.softline.ru ¹
+csg.softline.ru ⁴
+ctx-test.softline.ru ³
+cwa.softline.ru ³
+dell.softline.ru ¹
+demo.softline.ru ³
+mail.demo.softline.ru ³
+deskwork.softline.ru ⁴
+videoconf.deskwork.softline.ru ⁵
+docs.softline.ru ¹
+edu.softline.ru ¹
+www.edu.softline.ru ¹
+education.softline.ru ¹
+employment.softline.ru ¹
+events.softline.ru ¹
+google.softline.ru ¹
+mail.googleapps.softline.ru ¹
+mx.googleapps.softline.ru ²
+ns1.googleapps.softline.ru ²
+ns2.googleapps.softline.ru ¹
+graduate.softline.ru ¹
+helpdesk.softline.ru ⁵
+hosting.softline.ru ⁵
+ibm.softline.ru ¹
+ibm-bi.softline.ru ¹
+ibm-bw.softline.ru ²
+ibm-security.softline.ru ¹
+img.softline.ru ¹
+intel.softline.ru ¹
+it.softline.ru ³
+itout.softline.ru ¹
+kerio.softline.ru ¹
+lenovo.softline.ru ¹
+mail01.softline.ru ³
+mail02.softline.ru ³
+www.maxipack.softline.ru ¹
+meet.softline.ru ⁴
+mindjet.softline.ru ¹
+ms365.softline.ru ¹
+msdn.softline.ru ¹
+msk02.softline.ru ⁴
+news.softline.ru ¹
+ns1.softline.ru ³
+ns2.softline.ru ³
+o365.softline.ru ¹
+newaxoft.office.softline.ru ³
+out.softline.ru ⁴
+owa.softline.ru ³
+paessler.softline.ru ¹
+portal.softline.ru ³
+promo.softline.ru ¹
+sayt.softline.ru ¹
+security.softline.ru ¹
+seminars.softline.ru ¹
+services.softline.ru ¹
+shkola.softline.ru ⁶
+www.shkola.softline.ru ¹
+shkolaedu.softline.ru ¹
+sip.softline.ru ⁷
+slbackup.softline.ru ³
+slphp5backend.softline.ru ³
+slslhd.softline.ru ⁵
+smart.softline.ru ¹
+soft.softline.ru ¹
+www.soft.softline.ru ¹
+www.store.softline.ru ¹
+symdemo.softline.ru ³
+vsp.softline.ru ³
+vstudio.softline.ru ¹
+webdev.softline.ru ¹
+ws3.softline.ru ³
+xpress.softline.ru ¹
+
+
+¹ mismatch
+² refused
+³ timed out
+⁴ self signed
+⁵ expired
+⁶ redirect
+⁷ protocol error
+-->
+<ruleset name="softline.ru (partial)">
+	<target host="aflex.bpmonline.softline.ru" />
+	<target host="client.softline.ru" />
+	<target host="cp.cloud.softline.ru" />
+	<target host="googleapps.softline.ru" />
+	<target host="mdm.softline.ru" />
+	<target host="mso365msk.softline.ru" />
+	<target host="spla.softline.ru" />
+	<target host="store.softline.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/softnik.com.xml b/src/chrome/content/rules/softnik.com.xml
new file mode 100644
index 000000000000..76555962698e
--- /dev/null
+++ b/src/chrome/content/rules/softnik.com.xml
@@ -0,0 +1,27 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- softnik.com
+		- support.softnik.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Softnik.com">
+
+	<target host="softnik.com" />
+	<target host="support.softnik.com" />
+	<target host="www.softnik.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:support\.)?softnik\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/softschools.com.xml b/src/chrome/content/rules/softschools.com.xml
new file mode 100644
index 000000000000..23f309f36aa5
--- /dev/null
+++ b/src/chrome/content/rules/softschools.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="softschools.com">
+	<target host="softschools.com" />
+	<target host="www.softschools.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/software.ac.uk.xml b/src/chrome/content/rules/software.ac.uk.xml
new file mode 100644
index 000000000000..0ec54a3bf8d1
--- /dev/null
+++ b/src/chrome/content/rules/software.ac.uk.xml
@@ -0,0 +1,6 @@
+<ruleset name="software.ac.uk">
+	<target host="software.ac.uk" />
+	<target host="www.software.ac.uk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/softwareok.com.xml b/src/chrome/content/rules/softwareok.com.xml
new file mode 100644
index 000000000000..bfb96739e5b8
--- /dev/null
+++ b/src/chrome/content/rules/softwareok.com.xml
@@ -0,0 +1,19 @@
+<!--
+	Invalid certificate:
+		www.cc.softwareok.com
+		clk.softwareok.com
+		usa.softwareok.com
+
+	Refused:
+		autodiscover.softwareok.com
+		cc.softwareok.com
+		autodiscover.cc.softwareok.com
+		ftp.cc.softwareok.com
+		ftp.softwareok.com
+-->
+<ruleset name="softwareok.com">
+	<target host="softwareok.com" />
+	<target host="www.softwareok.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/sojern.com.xml b/src/chrome/content/rules/sojern.com.xml
new file mode 100644
index 000000000000..2f3e6c519352
--- /dev/null
+++ b/src/chrome/content/rules/sojern.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="sojern.com">
+
+	<target host="pixel.sojern.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/soku.com.xml b/src/chrome/content/rules/soku.com.xml
new file mode 100644
index 000000000000..af9c85b65f89
--- /dev/null
+++ b/src/chrome/content/rules/soku.com.xml
@@ -0,0 +1,18 @@
+<!--
+	Refused:
+		^
+
+	MCB:
+		www.soku.com
+-->
+
+<ruleset name="soku.com">
+	<target host="static.soku.com"/>
+	<rule from="^http://static\.soku\.com/" to="https://static.youku.com/"/>
+
+	<target host="account.soku.com"/>
+	<target host="log.soku.com"/>
+	<target host="tip.soku.com"/>
+
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/sol.no.xml b/src/chrome/content/rules/sol.no.xml
new file mode 100644
index 000000000000..419dbb2c0675
--- /dev/null
+++ b/src/chrome/content/rules/sol.no.xml
@@ -0,0 +1,50 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://sol.no/ => https://sol.no/: Too many redirects while fetching 'https://sol.no/'
+Fetch error: http://m.sol.no/ => https://m.sol.no/: Too many redirects while fetching 'https://m.sol.no/'
+Fetch error: http://www.sol.no/ => https://www.sol.no/: Too many redirects while fetching 'https://www.sol.no/'
+
+	Problematic hosts in *sol.no:
+
+		- siste ᵐ
+
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- sol.no
+		- guru.sol.no
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Bug on siste from eniro.tns-cs.net ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Sol.no (partial)" default_off="failed ruleset test">
+
+	<target host="sol.no" />
+	<target host="guru.sol.no" />
+	<target host="m.sol.no" />
+	<target host="www.sol.no" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^sol\.no$" name="^(?:SOL-User|auroraAB)$" /-->
+	<!--securecookie host="^guru\.sol\.no$" name="^express\.sid$" /-->
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/solarizde.xml b/src/chrome/content/rules/solarizde.xml
new file mode 100644
index 000000000000..8c7d3eca67f7
--- /dev/null
+++ b/src/chrome/content/rules/solarizde.xml
@@ -0,0 +1,6 @@
+<ruleset name="solariz.de">
+	<target host="solariz.de" />
+	<target host="www.solariz.de" />
+	<securecookie host="^solariz\.de$" name=".+" />
+	<rule from="^http://(?:www\.)?solariz\.de/" to="https://solariz.de/" />
+</ruleset>
diff --git a/src/chrome/content/rules/solidarites.ch.xml b/src/chrome/content/rules/solidarites.ch.xml
new file mode 100644
index 000000000000..4621b9b42b2d
--- /dev/null
+++ b/src/chrome/content/rules/solidarites.ch.xml
@@ -0,0 +1,9 @@
+<ruleset name="solidarites.ch">
+	<target host="solidarites.ch"/>
+	<target host="www.solidarites.ch"/>
+	<target host="ge.solidarites.ch"/>
+	<target host="ne.solidarites.ch"/>
+
+	<rule from="^http:"
+		to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/soltana.ma.xml b/src/chrome/content/rules/soltana.ma.xml
new file mode 100644
index 000000000000..e4d0def8cc51
--- /dev/null
+++ b/src/chrome/content/rules/soltana.ma.xml
@@ -0,0 +1,9 @@
+<ruleset name="soltana.ma" platform="mixedcontent">
+	<target host="soltana.ma" />
+	<target host="www.soltana.ma" />
+	<target host="m.soltana.ma" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/solydxk.com.xml b/src/chrome/content/rules/solydxk.com.xml
new file mode 100644
index 000000000000..5b1f7399202c
--- /dev/null
+++ b/src/chrome/content/rules/solydxk.com.xml
@@ -0,0 +1,16 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://dev.solydxk.com/ => https://dev.solydxk.com/: (6, 'Could not resolve host: dev.solydxk.com')
+
+downloads.solydxk.com refused
+repository.solydxk.com refused
+-->
+<ruleset name="solydxk.com" default_off="failed ruleset test">
+	<target host="solydxk.com" />
+	<target host="www.solydxk.com" />
+	<target host="forums.solydxk.com" />
+	<target host="dev.solydxk.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/somafm.com.xml b/src/chrome/content/rules/somafm.com.xml
new file mode 100644
index 000000000000..4b105deea913
--- /dev/null
+++ b/src/chrome/content/rules/somafm.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="SomaFM">
+        <target host="somafm.com" />
+
+        <rule from="^http:"
+                to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/songkick.com.xml b/src/chrome/content/rules/songkick.com.xml
new file mode 100644
index 000000000000..a7da03a9967b
--- /dev/null
+++ b/src/chrome/content/rules/songkick.com.xml
@@ -0,0 +1,24 @@
+<!--
+	Problematic subdomains:
+		- ^ ¹
+		- support ²
+	¹: Redirects to HTTP
+	²: Mismatched
+-->
+<ruleset name="Songkick">
+
+	<target host="songkick.com"/>
+	<target host="www.songkick.com"/>
+
+	<target host="accounts.songkick.com"/>
+	<target host="blog.songkick.com"/>
+	<target host="devblog.songkick.com"/>
+	<target host="help.songkick.com" />
+	<target host="tourbox.songkick.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://songkick\.com/" to="https://www.songkick.com/"/>
+	<rule from="^http:" to="https:"/>
+
+</ruleset>
diff --git a/src/chrome/content/rules/soom.cz.xml b/src/chrome/content/rules/soom.cz.xml
index 9e7287054609..cc6c398f1c55 100644
--- a/src/chrome/content/rules/soom.cz.xml
+++ b/src/chrome/content/rules/soom.cz.xml
@@ -1,6 +1,11 @@
-<ruleset name="Soom">
+<!--
+	Mismatched:
+	- irc.soom.cz
+	- pravo.soom.cz
+-->
+<ruleset name="Soom.cz">
 	<target host="soom.cz"/>
 	<target host="www.soom.cz"/>
 
-	<rule from="^http://(www\.)?soom\.cz/" to="https://www.soom.cz/"/>
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/sosmedecins-lille.fr.xml b/src/chrome/content/rules/sosmedecins-lille.fr.xml
new file mode 100644
index 000000000000..a75277e5e459
--- /dev/null
+++ b/src/chrome/content/rules/sosmedecins-lille.fr.xml
@@ -0,0 +1,8 @@
+<ruleset name="sosmedecins-lille.fr">
+	<target host="sosmedecins-lille.fr" />
+	<target host="www.sosmedecins-lille.fr" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/soso.com.xml b/src/chrome/content/rules/soso.com.xml
new file mode 100644
index 000000000000..d85f77f17187
--- /dev/null
+++ b/src/chrome/content/rules/soso.com.xml
@@ -0,0 +1,17 @@
+<!--
+	Most subdomains of soso.com are redirected to sogou.com or qq.com.
+	HTTPS break them.
+	For example:
+		www.soso.com
+		baike.soso.com
+		jiejing.soso.com
+-->
+
+<ruleset name="soso.com">
+	<target host="cache.soso.com" />
+		<test url="http://cache.soso.com/wenwen/deploy/css/common_imgs/icon_73144d8.png" />
+	<target host="pic.wenwen.soso.com" />
+		<test url="http://pic.wenwen.soso.com/p/20120830/20120830175657-1666030643.jpg" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/sostav.ru.xml b/src/chrome/content/rules/sostav.ru.xml
new file mode 100644
index 000000000000..a60c54935326
--- /dev/null
+++ b/src/chrome/content/rules/sostav.ru.xml
@@ -0,0 +1,19 @@
+<!--
+sostav.ru non-2xx http code
+www.sostav.ru non-2xx http code
+cdn1.sostav.ru ¹
+cdn2.sostav.ru ¹
+cdn3.sostav.ru ¹
+cdn4.sostav.ru ¹
+m.sostav.ru ¹
+mail.sostav.ru ¹
+main.sostav.ru ¹
+
+
+¹ mismatch
+-->
+<ruleset name="sostav.ru (partial)">
+	<target host="rating.sostav.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/sotawiki.net.xml b/src/chrome/content/rules/sotawiki.net.xml
new file mode 100644
index 000000000000..0adecf306b4f
--- /dev/null
+++ b/src/chrome/content/rules/sotawiki.net.xml
@@ -0,0 +1,18 @@
+<!--
+	Invalid certificate:
+		autodiscover.sotawiki.net
+		ftp.sotawiki.net
+		imap.sotawiki.net
+		pop.sotawiki.net
+		smtp.sotawiki.net
+
+	Refused:
+		localhost.sotawiki.net
+-->
+<ruleset name="sotawiki.net">
+	<target host="sotawiki.net" />
+	<target host="www.sotawiki.net" />
+	<target host="mail.sotawiki.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/soundbounce.org.xml b/src/chrome/content/rules/soundbounce.org.xml
new file mode 100644
index 000000000000..abe7fbe3872e
--- /dev/null
+++ b/src/chrome/content/rules/soundbounce.org.xml
@@ -0,0 +1,11 @@
+<!--
+	Time out:
+		app.soundbounce.org
+-->
+<ruleset name="soundbounce.org">
+	<target host="soundbounce.org" />
+	<target host="www.soundbounce.org" />
+	<target host="v2.soundbounce.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/sourcemod.net.xml b/src/chrome/content/rules/sourcemod.net.xml
new file mode 100644
index 000000000000..4aa9b919d8be
--- /dev/null
+++ b/src/chrome/content/rules/sourcemod.net.xml
@@ -0,0 +1,9 @@
+<ruleset name="sourcemod.net">
+	<target host="sourcemod.net" />
+	<target host="www.sourcemod.net" />
+	<target host="doc.sourcemod.net" />
+	<target host="docs.sourcemod.net" />
+	<target host="update.sourcemod.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/south-wales.police.uk.xml b/src/chrome/content/rules/south-wales.police.uk.xml
new file mode 100644
index 000000000000..6f963409a0dd
--- /dev/null
+++ b/src/chrome/content/rules/south-wales.police.uk.xml
@@ -0,0 +1,71 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://sports.south-wales.police.uk/ => https://sports.south-wales.police.uk/: (28, 'Connection timed out after 20000 milliseconds')
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	CDN buckets:
+
+		- pcclivewww.blob.core.windows.net
+		- swplive.blob.core.windows.net
+
+
+	Problematic hosts in *south-wales.police.uk:
+
+		- dev ᵐ
+		- commissioner ᵐ
+
+	ᵐ Mismatched
+
+
+	^south-wales.police.uk: Reset over http, dropped over https
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- commissioner.south-wales.police.uk
+		- dev.south-wales.police.uk
+		- .dev.south-wales.police.uk
+		- eservices.south-wales.police.uk
+		- www.south-wales.police.uk
+		- .www.south-wales.police.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css on commissioner, dev, www from fonts.googleapis.com ˢ
+		- Images on commissioner from pcclivewww.blob.core.windows.net ˢ
+		- Images on www from swplive.blob.core.windows.net ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="South-Wales.Police.uk (partial)" default_off="failed ruleset test">
+
+	<target host="eservices.south-wales.police.uk" />
+	<target host="sports.south-wales.police.uk" />
+	<target host="www.south-wales.police.uk" />
+
+		<!--	Sets cookies without Secure:
+							-->
+		<!--test url="http://eservices.south-wales.police.uk/Jobs/Default.aspx?ReturnUrl=%2fjobs" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^eservices\.south-wales\.police\.uk$" name="^(?:ASP\.NET_SessionId|language)$" /-->
+	<!--securecookie host="^(?:commissioner|dev|www)\.south-wales\.police\.uk$" name="^pll_language$" /-->
+	<!--securecookie host="^\.(?:dev|www)\.south-wales\.police\.uk$" name="^ARRAffinity$" /-->
+
+	<securecookie host="^\.www\." name=".+" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/southdowns.gov.uk.xml b/src/chrome/content/rules/southdowns.gov.uk.xml
new file mode 100644
index 000000000000..4ebda4a18ef0
--- /dev/null
+++ b/src/chrome/content/rules/southdowns.gov.uk.xml
@@ -0,0 +1,68 @@
+<!--
+	South Downs National Park Authority
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *southdowns.gov.uk:
+
+		- citrix ᵇ
+		- planningpublicaccess ᵈ
+		- snpr ᶠ
+
+	ᵇ Shows default page
+	ᵈ Dropped
+	ᶠ Handshake fails
+
+
+	Problematic hosts in *southdowns.gov.uk:
+
+		- archive ᶜ ᵐ
+		- learningmap ᵉ ᵐ ᵘ
+		- maps ᵐ
+		- sopt ᶜ ᵐ
+
+	ᵉ Expired
+	ᵐ Mismatched
+	ᵘ Untrusted root
+	ˣ Mixed css
+
+
+	Insecure cookies are set for these hosts:
+
+		- learningmap.southdowns.gov.uk
+		- www.southdowns.gov.uk
+
+
+	Mixed content:
+
+		- css, on:
+
+			- learning from fast.fonts.net ˢ
+			- learning, learningmap, maps from fonts.googleapis.com ˢ
+			- learningmap from learning.southdowns.gov.uk * ˢ
+
+	* Inconsequantial <= 404 over http
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="South Downs.gov.uk (partial)">
+
+	<target host="southdowns.gov.uk" />
+	<target host="consult.southdowns.gov.uk" />
+	<target host="learning.southdowns.gov.uk" />
+	<target host="www.southdowns.gov.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^learningmap\.southdowns\.gov\.uk$" name="^ci_session$" /-->
+	<!--securecookie host="^www\.southdowns\.gov\.uk$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/southend-on-the-move.org.uk.xml b/src/chrome/content/rules/southend-on-the-move.org.uk.xml
new file mode 100644
index 000000000000..fb8031a08d6d
--- /dev/null
+++ b/src/chrome/content/rules/southend-on-the-move.org.uk.xml
@@ -0,0 +1,29 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://southend-on-the-move.org.uk/ => https://southend-on-the-move.org.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'southend-on-the-move.org.uk'")
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	These altnames don't exist:
+
+		- m.southend-on-the-move.org.uk
+		- mtest.southend-on-the-move.org.uk
+		- train.southend-on-the-move.org.uk
+
+-->
+<ruleset name="Southend-on-the-move.org.uk" default_off="failed ruleset test">
+
+	<target host="southend-on-the-move.org.uk" />
+	<target host="test1.southend-on-the-move.org.uk" />
+	<target host="www.southend-on-the-move.org.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/southoxon.gov.uk.xml b/src/chrome/content/rules/southoxon.gov.uk.xml
new file mode 100644
index 000000000000..bc9ac5e46dd2
--- /dev/null
+++ b/src/chrome/content/rules/southoxon.gov.uk.xml
@@ -0,0 +1,32 @@
+<!--
+	South Oxfordshire District Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *southoxon.gov.uk:
+
+		- democratic ³
+		- maps ³
+		- www ³
+
+	³ 403
+
+-->
+<ruleset name="South Oxon.gov.uk (partial)">
+
+	<target host="eform.southoxon.gov.uk" />
+	<target host="revenuesbenefits.southoxon.gov.uk" />
+
+		<!--	$ 403s, so:
+					-->
+		<test url="http://revenuesbenefits.southoxon.gov.uk/publicaccesslive/selfservice/services/counciltax/summary.htm" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/southribble.gov.uk.xml b/src/chrome/content/rules/southribble.gov.uk.xml
new file mode 100644
index 000000000000..34f118e4f07e
--- /dev/null
+++ b/src/chrome/content/rules/southribble.gov.uk.xml
@@ -0,0 +1,29 @@
+<!--
+	South Ribble Borough Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+	Non-functional hosts
+		Couldn't connect to server:
+		- licensing.southribble.gov.uk
+
+		Timeout was reached:
+		- documents.southribble.gov.uk
+		- egenda.southribble.gov.uk
+		- mail.southribble.gov.uk
+		- mobile.southribble.gov.uk
+		- publicaccess.southribble.gov.uk
+		- smtp.southribble.gov.uk
+
+		Mixed content blocking (MCB) triggered:
+		- www.southribble.gov.uk
+-->
+<ruleset name="South Ribble.gov.uk (partial)">
+	<target host="southribble.gov.uk" />
+	<target host="ebilling.southribble.gov.uk" />
+	<target host="maps.southribble.gov.uk" />
+	<target host="remote.southribble.gov.uk" />
+	<target host="ssl.southribble.gov.uk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/southrivertech.com.xml b/src/chrome/content/rules/southrivertech.com.xml
new file mode 100644
index 000000000000..31841e948c11
--- /dev/null
+++ b/src/chrome/content/rules/southrivertech.com.xml
@@ -0,0 +1,15 @@
+<ruleset name="southrivertech.com">
+
+	<target host="southrivertech.com"/>
+	<target host="www.southrivertech.com"/>
+	<target host="support.southrivertech.com" />
+
+	<!--	Failed; Redirect on http mode.	-->
+	<target host="southrivertechnologies.com"/>
+	<target host="www.southrivertechnologies.com"/>
+
+	<rule from="^http://(www\.)?southrivertechnologies\.com/"
+			to="https://$1southrivertech.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/sovcombank.ru.xml b/src/chrome/content/rules/sovcombank.ru.xml
new file mode 100644
index 000000000000..8f66650e509c
--- /dev/null
+++ b/src/chrome/content/rules/sovcombank.ru.xml
@@ -0,0 +1,28 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://stm.sovcombank.ru/ => https://stm.sovcombank.ru/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+lk.sovcombank.ru different content
+
+
+-->
+<ruleset name="sovcombank.ru" default_off="failed ruleset test">
+	<target host="sovcombank.ru" />
+	<target host="www.sovcombank.ru" />
+	<target host="doktor.sovcombank.ru" />
+	<target host="elf.sovcombank.ru" />
+	<target host="event.sovcombank.ru" />
+	<target host="fingrad.sovcombank.ru" />
+	<target host="ib.sovcombank.ru" />
+	<target host="ibank.sovcombank.ru" />
+	<target host="liga.sovcombank.ru" />
+	<target host="msb.sovcombank.ru" />
+	<target host="people.sovcombank.ru" />
+	<target host="portal.sovcombank.ru" />
+	<target host="sovcomded.sovcombank.ru" />
+	<target host="stm.sovcombank.ru" />
+	<target host="superplus.sovcombank.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/soverin.net.xml b/src/chrome/content/rules/soverin.net.xml
new file mode 100644
index 000000000000..d11d189b5ee1
--- /dev/null
+++ b/src/chrome/content/rules/soverin.net.xml
@@ -0,0 +1,13 @@
+<ruleset name="soverin.net">
+	<target host="soverin.net" />
+	<target host="www.soverin.net" />
+	<target host="autodiscover.soverin.net" />
+	<target host="lb1.soverin.net" />
+	<target host="love.soverin.net" />
+	<target host="my.soverin.net" />
+	<target host="noc.soverin.net" />
+	<target host="status.soverin.net" />
+	<target host="support.soverin.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/sovrn.com.xml b/src/chrome/content/rules/sovrn.com.xml
new file mode 100644
index 000000000000..f015e87423ef
--- /dev/null
+++ b/src/chrome/content/rules/sovrn.com.xml
@@ -0,0 +1,21 @@
+<!--
+	Other sovrn rulesets:
+
+		- Lijit.com.xml
+
+-->
+<ruleset name="sovrn.com">
+
+	<target host="sovrn.com" />
+	<target host="meridian.sovrn.com" />
+	<target host="www.sovrn.com" />
+
+
+	<securecookie host="^\." name="(?:^_gat?$|^_gat_|^mp_|mixpanel$|^optimizely)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/sovsekretno.ru.xml b/src/chrome/content/rules/sovsekretno.ru.xml
new file mode 100644
index 000000000000..6e6adadf6437
--- /dev/null
+++ b/src/chrome/content/rules/sovsekretno.ru.xml
@@ -0,0 +1,5 @@
+<ruleset name="sovsekretno.ru">
+	<target host="sovsekretno.ru" />
+	<target host="www.sovsekretno.ru" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/spacechase0.com.xml b/src/chrome/content/rules/spacechase0.com.xml
new file mode 100644
index 000000000000..7d1721d004d6
--- /dev/null
+++ b/src/chrome/content/rules/spacechase0.com.xml
@@ -0,0 +1,8 @@
+<!--
+	spacechase0.com has a wildcard DNS record but only spacechase0.com certificate exists
+-->
+<ruleset name="spacechase0.com">
+	<target host="spacechase0.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/spacecraft.co.uk.xml b/src/chrome/content/rules/spacecraft.co.uk.xml
new file mode 100644
index 000000000000..a04c495651f1
--- /dev/null
+++ b/src/chrome/content/rules/spacecraft.co.uk.xml
@@ -0,0 +1,19 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://spacecraft.co.uk/ => https://spacecraft.co.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'spacecraft.co.uk'")
+
+-->
+<ruleset name="Spacecraft.co.uk" default_off="failed ruleset test">
+
+	<target host="spacecraft.co.uk" />
+	<target host="www.spacecraft.co.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/spacecraft.digital.xml b/src/chrome/content/rules/spacecraft.digital.xml
new file mode 100644
index 000000000000..56355a711021
--- /dev/null
+++ b/src/chrome/content/rules/spacecraft.digital.xml
@@ -0,0 +1,13 @@
+<ruleset name="Spacecraft.Digital">
+
+	<target host="spacecraft.digital" />
+	<target host="www.spacecraft.digital" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/spacenews.com.xml b/src/chrome/content/rules/spacenews.com.xml
new file mode 100644
index 000000000000..7e06522643fd
--- /dev/null
+++ b/src/chrome/content/rules/spacenews.com.xml
@@ -0,0 +1,27 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://spacenews.com/ => https://spacenews.com/: Too many redirects while fetching 'https://spacenews.com/'
+Fetch error: http://www.spacenews.com/ => https://www.spacenews.com/: Too many redirects while fetching 'https://www.spacenews.com/'
+
+	Mixed content:
+
+		- css from fonts.googleapis.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="SpaceNews.com" default_off="failed ruleset test">
+
+	<target host="spacenews.com" />
+	<target host="www.spacenews.com" />
+
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/spacepools.org.xml b/src/chrome/content/rules/spacepools.org.xml
new file mode 100644
index 000000000000..27eb59979f8a
--- /dev/null
+++ b/src/chrome/content/rules/spacepools.org.xml
@@ -0,0 +1,28 @@
+
+<ruleset name="spacepools.org">
+
+	<target host="spacepools.org" />
+	<target host="dero.spacepools.org" />
+	<target host="api.dero.spacepools.org" />
+	<target host="etn.spacepools.org" />
+	<target host="api.etn.spacepools.org" />
+	<target host="graft.spacepools.org" />
+	<target host="api.graft.spacepools.org" />
+	<target host="intense.spacepools.org" />
+	<target host="api.intense.spacepools.org" />
+	<target host="ipbc.spacepools.org" />
+	<target host="api.ipbc.spacepools.org" />
+	<target host="masari.spacepools.org" />
+	<target host="api.masari.spacepools.org" />
+	<target host="monero.spacepools.org" />
+	<target host="api.monero.spacepools.org" />
+	<target host="sumo.spacepools.org" />
+	<target host="api.sumo.spacepools.org" />
+	<target host="turtle.spacepools.org" />
+	<target host="api.turtle.spacepools.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/spamcop.xml b/src/chrome/content/rules/spamcop.xml
new file mode 100644
index 000000000000..739b6798c0d2
--- /dev/null
+++ b/src/chrome/content/rules/spamcop.xml
@@ -0,0 +1,6 @@
+<ruleset name="SpamCop">
+    <target host="spamcop.net" />
+    <target host="www.spamcop.net" />
+
+    <rule from="^http://(www\.)?spamcop\.net/" to="https://www.spamcop.net/" />
+</ruleset>
diff --git a/src/chrome/content/rules/sparebank1.no.xml b/src/chrome/content/rules/sparebank1.no.xml
new file mode 100644
index 000000000000..04b6307d537e
--- /dev/null
+++ b/src/chrome/content/rules/sparebank1.no.xml
@@ -0,0 +1,95 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://statistikk.sparebank1.no/sensor/statistic => https://statistikk.sparebank1.no/sensor/statistic: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://bolig.sparebank1.no/ => https://bolig.sparebank1.no/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://boligprat.sparebank1.no/ => https://boligprat.sparebank1.no/: (51, "SSL: no alternative certificate subject name matches target host name 'boligprat.sparebank1.no'")
+Fetch error: http://demo.sparebank1.no/ => https://demo.sparebank1.no/: (6, 'Could not resolve host: demo.sparebank1.no')
+Fetch error: http://kredittkort.sparebank1.no/ => https://kredittkort.sparebank1.no/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://mobil.sparebank1.no/ => https://mobil.sparebank1.no/: (51, "SSL: no alternative certificate subject name matches target host name 'mobil.sparebank1.no'")
+Fetch error: http://portal01.sparebank1.no/ => https://portal01.sparebank1.no/: (51, "SSL: no alternative certificate subject name matches target host name 'portal01.sparebank1.no'")
+Fetch error: http://pressesenter.sparebank1.no/ => https://pressesenter.sparebank1.no/: (6, 'Could not resolve host: pressesenter.sparebank1.no')
+Fetch error: http://sikkerhetsbutikken.sparebank1.no/ => https://sikkerhetsbutikken.sparebank1.no/: (35, 'Unknown SSL protocol error in connection to sikkerhetsbutikken.sparebank1.no:443 ')
+Fetch error: http://statistikk.sparebank1.no/ => https://statistikk.sparebank1.no/: (28, 'Connection timed out after 20001 milliseconds')
+
+	Nonfunctional hosts in *sparebank1.no:
+
+		- epost ⁴
+
+	⁴ 404
+
+
+	Problematic hosts in *sparebank1.no:
+
+		- gientier ᵐ
+		- investor ᵘ
+
+	ᵐ Mismatched
+	ᵘ Untrusted root
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- .sparebank1.no
+		- portal01.sparebank1.no
+		- sikkerhetsbutikken.sparebank1.no
+		- spabol.sparebank1.no
+		- spacom.sparebank1.no
+		- www.sparebank1.no
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="SpareBank 1.no (partial)" default_off="failed ruleset test">
+
+	<target host="sparebank1.no" />
+	<target host="bolig.sparebank1.no" />
+	<target host="boligprat.sparebank1.no" />
+	<target host="demo.sparebank1.no" />
+	<target host="forsikring.sparebank1.no" />
+	<target host="helse.sparebank1.no" />
+	<target host="kfb.sparebank1.no" />
+	<target host="kredittkort.sparebank1.no" />
+	<target host="kundeforsikring.sparebank1.no" />
+	<target host="www.liv.sparebank1.no" />
+	<target host="login.sparebank1.no" />
+	<target host="m.sparebank1.no" />
+	<target host="mobil.sparebank1.no" />
+	<target host="mobildemo.sparebank1.no" />
+	<target host="nyheter.sparebank1.no" />
+	<target host="personforsikring.sparebank1.no" />
+	<target host="portal01.sparebank1.no" />
+	<target host="pressesenter.sparebank1.no" />
+	<target host="sikkerhetsbutikken.sparebank1.no" />
+	<target host="spabol.sparebank1.no" />
+	<target host="spacom.sparebank1.no" />
+	<target host="statistikk.sparebank1.no" />
+	<target host="webskjema.sparebank1.no" />
+	<target host="www.sparebank1.no" />
+	<target host="www2.sparebank1.no" />
+
+		<!--	$ 403s, so:
+					-->
+		<test url="http://statistikk.sparebank1.no/sensor/statistic" />
+
+		<!--	$ 404s, so:
+					-->
+		<test url="http://webskjema.sparebank1.no/erstatning" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.sparebank1\.no$" name="^Spor$" /-->
+	<!--securecookie host="^portal01\.sparebank1\.no$" name="^DSESSIONID$" /-->
+	<!--securecookie host="^sikkerhetsbutikken\.sparebank1\.no$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^spabol\.sparebank1\.no$" name="^spabol__(?:csrf_token|last_activity|last_visit|tracker)$" /-->
+	<!--securecookie host="^spacom\.sparebank1\.no$" name="^spabol__(?:last_activity|last_visit|tracker)$" /-->
+	<!--securecookie host="^www\.sparebank1\.no$" name="^(?:DSESSIONID|cxm)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/spark-com.ru.xml b/src/chrome/content/rules/spark-com.ru.xml
new file mode 100644
index 000000000000..fe5a35b625f5
--- /dev/null
+++ b/src/chrome/content/rules/spark-com.ru.xml
@@ -0,0 +1,30 @@
+<!--
+spark-com.ru ²
+www.spark-com.ru ²
+activation-redirect.spark-com.ru ³
+billing.spark-com.ru ³
+fz114.spark-com.ru ³
+go2ethernet.spark-com.ru ²
+idea.spark-com.ru ¹
+ivideon.spark-com.ru ³
+lk-temp.spark-com.ru ¹
+noaccess.spark-com.ru ⁴
+oldstat.spark-com.ru ²
+podpiska.spark-com.ru ¹
+ryazan.spark-com.ru ²
+speedtest.spark-com.ru ²
+stat2.spark-com.ru ³
+temp.spark-com.ru ²
+wbak.spark-com.ru ³
+
+
+¹ mismatch
+² refused
+³ timed out
+⁴ self signed
+-->
+<ruleset name="spark-com.ru (partial)">
+	<target host="stat.spark-com.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/sparkasse.at.xml b/src/chrome/content/rules/sparkasse.at.xml
new file mode 100644
index 000000000000..0c864154c16b
--- /dev/null
+++ b/src/chrome/content/rules/sparkasse.at.xml
@@ -0,0 +1,6 @@
+<ruleset name="sparkasse.at (partial)">
+	<target host="www.sparkasse.at" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/sparkplatform.com.xml b/src/chrome/content/rules/sparkplatform.com.xml
new file mode 100644
index 000000000000..5ea7d3dc56b0
--- /dev/null
+++ b/src/chrome/content/rules/sparkplatform.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="SparkPlatform.com">
+	<target host="cdn.resize.sparkplatform.com" />
+	<target host="sparkplatform.com" />
+	<target host="www.sparkplatform.com" />
+	<target host="documents.sparkplatform.com" />
+	<target host="dev.sparkplatform.com" />
+	<target host="alpha.sparkplatform.com" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/spbelect.info.xml b/src/chrome/content/rules/spbelect.info.xml
new file mode 100644
index 000000000000..c133334d4612
--- /dev/null
+++ b/src/chrome/content/rules/spbelect.info.xml
@@ -0,0 +1,6 @@
+<ruleset name="spbelect.info">
+    <target host="spbelect.info" />
+    <target host="www.spbelect.info" />
+    <rule from="^http:" to="https:" />
+    <securecookie host="^(?:www\.|\.)?spbelect\.info$" name=".+" />
+</ruleset>
diff --git a/src/chrome/content/rules/spbelect.org.xml b/src/chrome/content/rules/spbelect.org.xml
new file mode 100644
index 000000000000..d9a93d6db1ee
--- /dev/null
+++ b/src/chrome/content/rules/spbelect.org.xml
@@ -0,0 +1,6 @@
+<ruleset name="spbelect.org">
+    <target host="spbelect.org" />
+    <target host="www.spbelect.org" />
+    <rule from="^http:" to="https:" />
+    <securecookie host="^(?:www\.|\.)?spbelect\.org$" name=".+" />
+</ruleset>
diff --git a/src/chrome/content/rules/spdb.com.cn.xml b/src/chrome/content/rules/spdb.com.cn.xml
new file mode 100644
index 000000000000..5576c324918f
--- /dev/null
+++ b/src/chrome/content/rules/spdb.com.cn.xml
@@ -0,0 +1,11 @@
+<!--
+	Incomplete cert chain:
+		eservice.spdb.com.cn	https://eservice.spdb.com.cn/eservice/welcome.do
+-->
+<ruleset name="spdb.com.cn">
+	<target host="download.spdb.com.cn" />
+	<target host="ebank.spdb.com.cn" />
+	<target host="wap.spdb.com.cn" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/spdbccc.com.cn.xml b/src/chrome/content/rules/spdbccc.com.cn.xml
new file mode 100644
index 000000000000..46a3862b6c54
--- /dev/null
+++ b/src/chrome/content/rules/spdbccc.com.cn.xml
@@ -0,0 +1,53 @@
+<!--
+	404:
+		image.spdbccc.com.cn
+
+	502:
+		http://ecentre.spdbccc.com.cn/$
+
+	Not exist:
+		^spdbccc.com.cn
+		http://cardsonline.spdbccc.com.cn/$
+
+	MCB:
+		service.spdbccc.com.cn
+		trip.spdbccc.com.cn
+
+	Incomplete certificate chain:
+		mall.spdbccc.com.cn
+
+	Invalid cert:
+		dreamcard.spdbccc.com.cn
+		pfad.spdbccc.com.cn
+
+	Different http/https content: Only https mode is right.
+		cardsonline.spdbccc.com.cn
+		ebill.spdbccc.com.cn
+		ecentre.spdbccc.com.cn
+		mbank.spdbccc.com.cn
+		onlineapp.spdbccc.com.cn
+		quanyiwap.spdbccc.com.cn
+-->
+
+<ruleset name="spdbccc.com.cn">
+	<target host="www.spdbccc.com.cn" />
+		<test url="http://www.spdbccc.com.cn/zh/wap/newwap/main.html" />
+	<target host="cardsonline.spdbccc.com.cn" />
+		<exclusion pattern="^http://cardsonline\.spdbccc\.com\.cn/$" />
+		<test url="http://cardsonline.spdbccc.com.cn/icard/LineActivationInput.do" />
+	<target host="ebill.spdbccc.com.cn" />
+	<target host="ecentre.spdbccc.com.cn" />
+		<exclusion pattern="^http://ecentre\.spdbccc\.com\.cn/$" />
+		<test url="http://ecentre.spdbccc.com.cn/creditcard/" />
+	<target host="game.spdbccc.com.cn" />
+	<target host="life.spdbccc.com.cn" />
+	<target host="mbank.spdbccc.com.cn" />
+		<test url="http://mbank.spdbccc.com.cn/creditcard/" />
+	<target host="onlineapp.spdbccc.com.cn" />
+	<target host="quanyi.spdbccc.com.cn" />
+	<target host="quanyiwap.spdbccc.com.cn" />
+	<target host="serviceonline.spdbccc.com.cn" />
+	<target host="weixin.spdbccc.com.cn" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/spectator.co.uk-mixedcontent.xml b/src/chrome/content/rules/spectator.co.uk-mixedcontent.xml
new file mode 100644
index 000000000000..b2d6c7f706e6
--- /dev/null
+++ b/src/chrome/content/rules/spectator.co.uk-mixedcontent.xml
@@ -0,0 +1,35 @@
+<!--
+	For rules not causing false/broken MCB, see spectator.co.uk.xml.
+
+
+	NB: See https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Spectator.co.uk (false MCB)" platform="mixedcontent">
+
+	<target host="spectator.co.uk" />
+	<target host="blogs.spectator.co.uk" />
+	<target host="www.spectator.co.uk" />
+
+		<!--	Redirects to http:
+						-->
+		<exclusion pattern="^http://(?:www\.)?spectator\.co\.uk/comic(?:$|[?/])" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.spectator.co.uk/comic/" />
+			<test url="http://www.spectator.co.uk/comic/doctor-6/" />
+			<test url="http://www.spectator.co.uk/comic/escalator/" />
+			<test url="http://www.spectator.co.uk/comic/greek-2/" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.spectator.co.uk/2016/04/books-arent-medicine-theyre-more-powerful-than-that/" />
+			<test url="http://www.spectator.co.uk/content/plugins/follow-us-widgets/assets/css/widget.css" />
+			<test url="http://www.spectator.co.uk/content/themes/spectator-new/assets/images/facebook-share.svg" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/spectator.co.uk.xml b/src/chrome/content/rules/spectator.co.uk.xml
new file mode 100644
index 000000000000..d571625656bb
--- /dev/null
+++ b/src/chrome/content/rules/spectator.co.uk.xml
@@ -0,0 +1,63 @@
+<!--
+
+2018:
+	CDN buckets no longer in use and this site is now setting redirects for content urls. We should allow that to occur
+
+
+2016
+	For rules causing MCB, see spectator.co.uk-mixedcontent.xml.
+
+	CDN buckets:
+
+		- d31orrwkxpucnl.cloudfront.net	← cdn
+		- d35f2nn85hoamp.cloudfront.net	← cdn2
+
+
+	Problematic hosts in *spectator.co.uk:
+
+		- blogs ˣ
+		- cdn ᵐ
+		- cdn2 ᵐ
+		- www * ˣ
+
+	* Protocol relative inclusions of cdn2?
+	ᵐ Cloudfront / mismatched
+	ˣ Mixed css
+
+
+	Mixed content:
+
+		- iframes, on:
+
+			- blogs from newsletters.spectator.co.uk
+			- www from embed.acast.com ˢ
+
+		- css on blogs, www from $self ˢ
+
+		- Images, on:
+
+			- blogs, health from www.spectator.co.uk ˢ
+			- health from cdn.spectator.co.uk ˢ
+			- health, www from $self ˢ
+			- www from blogs.spectator.co.uk ˢ
+
+		- Ads/bugs, on:
+
+			- blogs, health, www from adserver.adtech.de ˢ
+			- blogs, www from b.scorecardresearch.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Spectator.co.uk (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<!-- <target host="spectator.co.uk" /> -->
+	<!--target host="blogs.spectator.co.uk" /-->
+	<target host="health.spectator.co.uk" />
+	<!-- <target host="www.spectator.co.uk" /> -->
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/speech-language-therapy-jobs.org.xml b/src/chrome/content/rules/speech-language-therapy-jobs.org.xml
new file mode 100644
index 000000000000..025b007db3fd
--- /dev/null
+++ b/src/chrome/content/rules/speech-language-therapy-jobs.org.xml
@@ -0,0 +1,16 @@
+<!--
+	^speech-language-therapy-jobs.org: dropped over http & https
+
+-->
+<ruleset name="Speech-Language-Therapy-Jobs.org">
+
+	<target host="www.speech-language-therapy-jobs.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/speech.leseweb.dk.xml b/src/chrome/content/rules/speech.leseweb.dk.xml
index b824c0254353..88e91a9c3664 100644
--- a/src/chrome/content/rules/speech.leseweb.dk.xml
+++ b/src/chrome/content/rules/speech.leseweb.dk.xml
@@ -1,5 +1,5 @@
-<ruleset name="speech.leseweb.dk">
-  <target host="speech.leseweb.dk" />
-
-  <rule from="^http://speech\.leseweb\.dk/" to="https://speech.leseweb.dk/" />
-</ruleset>
\ No newline at end of file
+<ruleset name="speech.leseweb.dk">
+  <target host="speech.leseweb.dk" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/speedwellsoftware.com.xml b/src/chrome/content/rules/speedwellsoftware.com.xml
new file mode 100644
index 000000000000..f52ef70765e5
--- /dev/null
+++ b/src/chrome/content/rules/speedwellsoftware.com.xml
@@ -0,0 +1,37 @@
+
+<!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Fetch error: http://speedwellsoftware.com/ => https://speedwellsoftware.com/: (51, "SSL: no alternative certificate subject name matches target host name 'speedwellsoftware.com'")
+Fetch error: http://www2.speedwellsoftware.com/ => https://www2.speedwellsoftware.com/: (6, 'Could not resolve host: www2.speedwellsoftware.com')
+
+	Other Speedwell Software rulesets:
+
+
+
+	Mixed content:
+
+		- css on www from fonts.googleapis.com ˢ
+		- Image on www from $self ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Speedwell Software.com">
+
+	<!-- target host="speedwellsoftware.com" /-->
+	<target host="www.speedwellsoftware.com" />
+	<!-- target host="www2.speedwellsoftware.com" /-->
+
+		<!--	Mixed image:
+					-->
+		<!--test url="http://www.speedwellsoftware.com/surveys" /-->
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/speedyline.ru.xml b/src/chrome/content/rules/speedyline.ru.xml
new file mode 100644
index 000000000000..87d8d1305ca1
--- /dev/null
+++ b/src/chrome/content/rules/speedyline.ru.xml
@@ -0,0 +1,15 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://web.speedyline.ru/ => https://web.speedyline.ru/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+speedyline.ru mismatch
+www.speedyline.ru mismatch
+vidnoe.speedyline.ru mismatch
+artelamp.speedyline.ru mismatch
+-->
+<ruleset name="speedyline.ru" default_off="failed ruleset test">
+	<target host="web.speedyline.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/spektrix.com.xml b/src/chrome/content/rules/spektrix.com.xml
new file mode 100644
index 000000000000..4a95f63bdad9
--- /dev/null
+++ b/src/chrome/content/rules/spektrix.com.xml
@@ -0,0 +1,32 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- system.spektrix.com
+		- www.spektrix.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Spektrix.com">
+
+	<target host="spektrix.com" />
+	<target host="system.spektrix.com" />
+	<target host="www.spektrix.com" />
+
+		<!--	Sets cookies without Secure:
+							-->
+		<!--test url="http://system.spektrix.com/bedfordcornexchange/website/Chooseseats.aspx?resize=true&amp;WebInstanceID=" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^system\.spektrix\.com$" name="^(?:ASP\.NET_SessionId|CookieDetection)$" /-->
+	<!--securecookie host="^www\.spektrix\.com$" name="^(?:PHPSESSID|exp_(?:csrf_token|last_activity|last_visit))$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/spelthorne.gov.uk.xml b/src/chrome/content/rules/spelthorne.gov.uk.xml
new file mode 100644
index 000000000000..8d760d5436b2
--- /dev/null
+++ b/src/chrome/content/rules/spelthorne.gov.uk.xml
@@ -0,0 +1,54 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://democracy.spelthorne.gov.uk/ => https://democracy.spelthorne.gov.uk/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://larissa.spelthorne.gov.uk/ => https://larissa.spelthorne.gov.uk/: (28, 'Connection timed out after 20001 milliseconds')
+
+	Spelthorne Borough Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *spelthorne.gov.uk:
+
+		- my ᵈ
+		- petitions ᵗ
+
+	ᵈ Dropped
+	ᵗ Reset
+
+
+	Problematic hosts in *spelthorne.gov.uk:
+
+		- m ᵐ
+
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- spelthorne.gov.uk
+		- democracy.spelthorne.gov.uk
+		- www.spelthorne.gov.uk
+
+-->
+<ruleset name="Spelthorne.gov.uk (partial)" default_off="failed ruleset test">
+
+	<target host="spelthorne.gov.uk" />
+	<target host="democracy.spelthorne.gov.uk" />
+	<target host="larissa.spelthorne.gov.uk" />
+	<target host="www.spelthorne.gov.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?spelthorne\.gov\.uk$" name="^(?:ASP\.NET_SessionId|TextOnlyX|clientvars|mode)$" /-->
+	<!--securecookie host="^democracy\.spelthorne\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/sphere.ly.xml b/src/chrome/content/rules/sphere.ly.xml
new file mode 100644
index 000000000000..47546ce439f2
--- /dev/null
+++ b/src/chrome/content/rules/sphere.ly.xml
@@ -0,0 +1,21 @@
+<!--
+	Nonfunctional hosts in *sphere.ly:
+
+		- (www.)? ʰ
+		- host ʰ
+
+	ʰ Redirects to http
+
+-->
+<ruleset name="sphere.ly (partial)">
+
+	<target host="git.sphere.ly" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/spi-inc.org.xml b/src/chrome/content/rules/spi-inc.org.xml
new file mode 100644
index 000000000000..68381bca0a92
--- /dev/null
+++ b/src/chrome/content/rules/spi-inc.org.xml
@@ -0,0 +1,17 @@
+<!--
+	Mismatch:
+		oldwww.spi-inc.org
+	443 port closed:
+		lists.spi-inc.org
+-->
+<ruleset name="SPI Inc">
+	<target host="spi-inc.org" />
+	<target host="git.spi-inc.org" /> <!-- HTTP 302 -->
+	<target host="members.spi-inc.org" /> <!-- HSTS not preloaded -->
+	<target host="rt.spi-inc.org" /> <!-- HTTP 302 -->
+	<target host="www.spi-inc.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/spkrb.de.xml b/src/chrome/content/rules/spkrb.de.xml
new file mode 100644
index 000000000000..864dbc7caf8b
--- /dev/null
+++ b/src/chrome/content/rules/spkrb.de.xml
@@ -0,0 +1,19 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://spkrb.de/ => https://info.spkrb.de/: (6, 'Could not resolve host: info.spkrb.de')
+Fetch error: http://www.spkrb.de/ => https://info.spkrb.de/: (6, 'Could not resolve host: info.spkrb.de')
+Fetch error: http://info.spkrb.de/ => https://info.spkrb.de/: (6, 'Could not resolve host: info.spkrb.de')
+
+-->
+<ruleset name="spkrb.de" default_off="failed ruleset test">
+	<target host="spkrb.de" />
+	<target host="www.spkrb.de" />
+	<target host="info.spkrb.de" />
+	<target host="banking.spkrb.de" />
+
+	<securecookie host="^(?:www\.|info\.|banking\.)?spkrb\.de$" name=".+" />
+
+	<rule from="^http://(?:www\.|info\.)?spkrb\.de/" to="https://info.spkrb.de/" />
+	<rule from="^http://banking\.spkrb\.de/" to="https://banking.spkrb.de/" />
+</ruleset>
diff --git a/src/chrome/content/rules/splitpdf.com.xml b/src/chrome/content/rules/splitpdf.com.xml
new file mode 100644
index 000000000000..66bd2d197388
--- /dev/null
+++ b/src/chrome/content/rules/splitpdf.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="splitpdf.com">
+	<target host=    "splitpdf.com" />
+	<target host="www.splitpdf.com" />
+
+	<securecookie host="^www\.splitpdf\.com$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/splitsider.com.xml b/src/chrome/content/rules/splitsider.com.xml
new file mode 100644
index 000000000000..2fd8f03d0127
--- /dev/null
+++ b/src/chrome/content/rules/splitsider.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="splitsider.com">
+	<target host="splitsider.com" />
+	<target host="www.splitsider.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/spnet.ru.xml b/src/chrome/content/rules/spnet.ru.xml
new file mode 100644
index 000000000000..38722d8cc8c1
--- /dev/null
+++ b/src/chrome/content/rules/spnet.ru.xml
@@ -0,0 +1,53 @@
+<!--
+1380stl5.spnet.ru ³
+at34.spnet.ru ²
+at35.spnet.ru ³
+at36.spnet.ru ³
+blockbox.spnet.ru ²
+blockbox2.spnet.ru ³
+core40.spnet.ru ³
+core65.spnet.ru ³
+essss-pka238.spnet.ru ²
+essss-pka240-1.spnet.ru ²
+essss-pka240-2.spnet.ru ³
+fas33.spnet.ru ²
+gate44.spnet.ru ³
+gate45.spnet.ru ³
+gfrimen.spnet.ru ³
+igvik.spnet.ru ⁷
+mt37.spnet.ru ³
+mt38.spnet.ru ³
+mt39.spnet.ru ²
+4x4drive.ru.spnet.ru ⁷
+wike.spnet.ru ³
+hosting.spnet.ru different content
+forum.spnet.ru mixed content
+*.spnet.ru ¹
+
+
+¹ mismatch
+² refused
+³ timed out
+⁷ protocol error
+-->
+<ruleset name="spnet.ru">
+	<target host="spnet.ru" />
+	<target host="bill.spnet.ru" />
+	<target host="cacti.spnet.ru" />
+	<target host="imap.spnet.ru" />
+	<target host="imaps.spnet.ru" />
+	<target host="mail.spnet.ru" />
+	<target host="pbx.spnet.ru" />
+	<target host="pop3.spnet.ru" />
+	<target host="pop3s.spnet.ru" />
+	<target host="smtp.spnet.ru" />
+	<target host="wiki.spnet.ru" />
+	<target host="zabbix.spnet.ru" />
+
+	<target host="www.spnet.ru" />
+
+	<rule from="^http://www\.spnet\.ru/"
+		to="https://spnet.ru/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/spongecell.com.xml b/src/chrome/content/rules/spongecell.com.xml
new file mode 100644
index 000000000000..37feede20ae2
--- /dev/null
+++ b/src/chrome/content/rules/spongecell.com.xml
@@ -0,0 +1,104 @@
+<!--
+	CDN buckets:
+
+		- spongecell-assets.s3.amazonaws.com
+
+
+	Problematic hosts in *spongecell.com:
+
+		- www2 ᵐ
+
+	ᵐ Pardot / mismatched
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- spongecell.com
+		- .spongecell.com
+		- royale.spongecell.com
+		- .royale.spongecell.com
+		- royale-ssl.spongecell.com
+		- .royale-ssl.spongecell.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Spongecell.com (partial)">
+
+	<target host="spongecell.com" />
+	<target host="analytics.spongecell.com" />
+	<target host="live-ssl.cdn.spongecell.com" />
+	<target host="royale.spongecell.com" />
+	<target host="royale-ssl.spongecell.com" />
+	<target host="www.spongecell.com" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.spongecell\.com/(?:$|blog$|contact-us$|jobs$|technology$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://www\.spongecell\.com/(?!/*(?:favicon\.ico|sites/))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.spongecell.com/blog" />
+			<test url="http://www.spongecell.com/contact-us" />
+			<test url="http://www.spongecell.com/jobs" />
+			<test url="http://www.spongecell.com/technology" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.spongecell.com/favicon.ico" />
+			<test url="http://www.spongecell.com/sites/all/themes/spongecell/img/spongecell-logo.png" />
+
+		<!--	Set cookie without Secure:
+							-->
+		<!--test url="http://analytics.spongecell.com/ad_tags/00000000?ad_version=&amp;type=&amp;flight_id=&amp;screen=&amp;noflash=&amp;noscript=&amp;creative_id=1&amp;external_placement_id=1&amp;external_site_id=&amp;anticache=&amp;e=" /-->
+		<!--test url="http://royale.spongecell.com/api/ad_tags/00000000/clickthrough?creative_id=&amp;noflash=&amp;iid=&amp;external_placement_id=&amp;external_site_id=&amp;anticache=&amp;click_tag=" /-->
+		<!--test url="http://royale-ssl.spongecell.com/api/ad_tags/00000000/clickthrough?creative_id=&amp;noflash=&amp;noscript=&amp;external_placement_id=&amp;external_site_id=&amp;anticache=&amp;click_tag=&amp;sig=&amp;urlfix=&amp;adurl=&amp;landingPages1=&amp;c3nid=&amp;c3creative=&amp;c3adid=&amp;c3size=&amp;utm_source=&amp;utm_medium=&amp;utm_campaign=" /-->
+
+	<!--	Complications:
+				-->
+	<target host="www2.spongecell.com" />
+
+		<exclusion pattern="^http://www2\.spongecell\.com/(?!/*(?:$|\?|[el]/))" />
+
+			<!--	See below respective rules for negative cases.
+
+				+ve:
+					-->
+			<test url="http://www2.spongecell.com/COREverview" />
+			<test url="http://www2.spongecell.com/downloads/retargeting_playbook_2015" />
+			<test url="http://www2.spongecell.com/default.aspx" />
+			<test url="http://www2.spongecell.com/index.htm" />
+			<test url="http://www2.spongecell.com/index.html" />
+			<test url="http://www2.spongecell.com/index.php" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:royale\.|royale-ssl\.)?spongecell\.com$" name="^XSRF-TOKEN$" /-->
+	<!--securecookie host="^\.spongecell\.com$" name="^(?:_spongecell_loves_u|spongekey)$" /-->
+	<!--securecookie host="^\.royale(?:-ssl)?\.spongecell\.com$" name="^_spongecell_loves_u$" /-->
+
+	<securecookie host="^\." name="^spongekey$" />
+	<securecookie host="^(?!www2?\.)\w" name=".+" />
+
+
+	<!--	Redirect drops args and forward slash:
+							-->
+	<rule from="^http://www2\.spongecell\.com/+(?:\?.*)?$"
+		to="https://www.spongecell.com/" />
+
+		<test url="http://www2.spongecell.com/?" />
+
+	<rule from="^http://www2\.spongecell\.com/"
+		to="https://go.pardot.com/" />
+
+		<test url="http://www2.spongecell.com/l/105302/2015-11-03/33mpz" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/sport-express.ru.xml b/src/chrome/content/rules/sport-express.ru.xml
new file mode 100644
index 000000000000..ac258afe46ac
--- /dev/null
+++ b/src/chrome/content/rules/sport-express.ru.xml
@@ -0,0 +1,82 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://video.sport-express.ru/ => https://video.sport-express.ru/: (6, 'Could not resolve host: video.sport-express.ru')
+
+bitrix-01.sport-express.ru ⁶
+blog.sport-express.ru ¹
+dev-commerce.sport-express.ru ⁴
+fantasy.sport-express.ru ²
+fantasysport.sport-express.ru ¹
+ftp1.sport-express.ru ³
+game.sport-express.ru ²
+games1.sport-express.ru ²
+www.honda.sport-express.ru ²
+i-mode.sport-express.ru ²
+konkurs.sport-express.ru ²
+ns.sport-express.ru ³
+ns1.sport-express.ru ³
+ns3.sport-express.ru ³
+pal.sport-express.ru ²
+pda.sport-express.ru ²
+portal.sport-express.ru ⁴
+push.sport-express.ru ⁴
+rb.sport-express.ru ³
+robin.sport-express.ru ³
+subscribe.sport-express.ru ⁶
+wap.sport-express.ru ²
+translations.portal.sport-express.ru:643 ³
+front-group.sport-express.ru different content
+airtal.sport-express.ru mixed content
+americanfootball.sport-express.ru mixed content
+bandy.sport-express.ru mixed content
+basketball.sport-express.ru mixed content
+clarins.sport-express.ru mixed content
+football.sport-express.ru mixed content
+formula.sport-express.ru mixed content
+futsal.sport-express.ru mixed content
+handball.sport-express.ru mixed content
+hockey.sport-express.ru mixed content
+news.sport-express.ru mixed content
+revenant.sport-express.ru mixed content
+summer.sport-express.ru mixed content
+tdk.sport-express.ru mixed content
+tennis.sport-express.ru mixed content
+tissot.sport-express.ru mixed content
+volleyball.sport-express.ru mixed content
+vpower.sport-express.ru mixed content
+winter.sport-express.ru mixed content
+
+
+¹ mismatch
+² refused
+³ timed out
+⁴ self signed
+⁶ redirect
+-->
+<ruleset name="sport-express.ru" default_off="failed ruleset test">
+	<target host="sport-express.ru" />
+	<target host="www.sport-express.ru" />
+	<target host="archive.sport-express.ru" />
+	<target host="boxing.sport-express.ru" />
+	<target host="conference.sport-express.ru" />
+	<target host="doublepower.sport-express.ru" />
+	<target host="extreme.sport-express.ru" />
+	<target host="games.sport-express.ru" />
+	<target host="games-others.sport-express.ru" />
+	<target host="hockeytest.sport-express.ru" />
+	<target host="id.sport-express.ru" />
+	<target host="live.sport-express.ru" />
+	<target host="m.sport-express.ru" />
+	<target host="motor.sport-express.ru" />
+	<target host="mtdk.sport-express.ru" />
+	<target host="others.sport-express.ru" />
+	<target host="playstation.sport-express.ru" />
+	<target host="shop.sport-express.ru" />
+	<target host="ss.sport-express.ru" />
+	<target host="video.sport-express.ru" />
+	<target host="webmail.sport-express.ru" />
+	<target host="zvuki.sport-express.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/sport.de.xml b/src/chrome/content/rules/sport.de.xml
new file mode 100644
index 000000000000..882b8ba1c678
--- /dev/null
+++ b/src/chrome/content/rules/sport.de.xml
@@ -0,0 +1,53 @@
+<!--
+	This domain contains a wildcard DNS record.
+
+	Connection closed:
+		- heimspiel
+		- track
+
+	Refused:
+		- 22www
+		- 22zdf
+		- (www.)?ard
+		- auto-motor-und
+		- autoimg
+		- www.bild
+		- damoh
+		- dewww
+		- euro
+		- fussballdaten
+		- injuredwww
+		- ivw
+		- kienbaum
+		- liveticker
+		- lux
+		- mobil
+		- partner
+		- www.ritter
+		- roto
+		- tv
+		- un
+		- ww
+		- xn-\-kln-sna
+		- (www.)?zdf
+-->
+<ruleset name="sport.de">
+
+	<target host="sport.de" />
+	<target host="www.sport.de" />
+	<target host="app.sport.de" />
+	<target host="ssl.1.damoh.sport.de" />
+	<target host="ssl.2.damoh.sport.de" />
+	<target host="ssl.3.damoh.sport.de" />
+	<target host="s.sport.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<!-- Connection refused on https://sport.de/,
+	http://sport.de/ redirects to https://www.sport.de/.-->
+	<rule from="^http://sport\.de/"
+		to="https://www.sport.de/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/sportbox.ru.xml b/src/chrome/content/rules/sportbox.ru.xml
new file mode 100644
index 000000000000..2c1f6177e8d8
--- /dev/null
+++ b/src/chrome/content/rules/sportbox.ru.xml
@@ -0,0 +1,46 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.sportbox.ru/ => https://www.sportbox.ru/: (7, 'Failed to connect to www.sportbox.ru port 443: No route to host')
+Fetch error: http://2.sportbox.ru/ => https://2.sportbox.ru/: (7, 'Failed to connect to 2.sportbox.ru port 443: No route to host')
+Fetch error: http://m.sportbox.ru/ => https://m.sportbox.ru/: (7, 'Failed to connect to m.sportbox.ru port 443: No route to host')
+Fetch error: http://stats.sportbox.ru/ => https://stats.sportbox.ru/: (6, 'Could not resolve host: stats.sportbox.ru')
+Fetch error: http://video.sportbox.ru/ => https://video.sportbox.ru/: (6, 'Could not resolve host: video.sportbox.ru')
+
+megafon.cdn.sportbox.ru ¹
+s.cdn.sportbox.ru ¹
+live.cdnvideo.sportbox.ru ¹
+vod.cdnvideo.sportbox.ru ¹
+foto.sportbox.ru ²
+mta.sportbox.ru ²
+mx.sportbox.ru ²
+www.news.sportbox.ru ¹
+live.ngenix.sportbox.ru ¹
+vod.ngenix.sportbox.ru ¹
+ns1.sportbox.ru ²
+redmine.sportbox.ru ³
+tk.sportbox.ru ³
+www.video.sportbox.ru ¹
+blogs.sportbox.ru mixed content
+forum.sportbox.ru mixed content
+
+¹ mismatch
+² refused
+³ timed out
+-->
+<ruleset name="sportbox.ru" default_off="failed ruleset test">
+	<target host="sportbox.ru" />
+	<target host="www.sportbox.ru" />
+	<target host="2.sportbox.ru" />
+	<target host="live.sportbox.ru" />
+	<target host="m.sportbox.ru" />
+	<target host="news.sportbox.ru" />
+	<target host="s.sportbox.ru" />
+	<target host="s-cdn.sportbox.ru" />
+	<target host="stats.sportbox.ru" />
+	<target host="tv.sportbox.ru" />
+	<target host="video.sportbox.ru" />
+	<target host="whoiam.sportbox.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/sportdepot.co.il.xml b/src/chrome/content/rules/sportdepot.co.il.xml
new file mode 100644
index 000000000000..9f5ff1dc2213
--- /dev/null
+++ b/src/chrome/content/rules/sportdepot.co.il.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these domains and hosts:
+
+		- .sportdepot.co.il
+		- www.sportdepot.co.il
+
+-->
+<ruleset name="sportdepot.co.il">
+
+	<target host="sportdepot.co.il" />
+	<target host="www.sportdepot.co.il" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.sportdepot\.co\.il$" name="^siteCookie$" /-->
+	<!--securecookie host="^www\.sportdepot\.co\.il$" name="^(?:PHPSESSID|basketContent)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/sportmaster.ru.xml b/src/chrome/content/rules/sportmaster.ru.xml
new file mode 100644
index 000000000000..24d92bea5e70
--- /dev/null
+++ b/src/chrome/content/rules/sportmaster.ru.xml
@@ -0,0 +1,93 @@
+<!--
+2015.sportmaster.ru ⁴
+www.2015.sportmaster.ru ⁴
+aw-cs.sportmaster.ru ³
+aw-ds.sportmaster.ru ³
+b2b.sportmaster.ru ⁴
+www.b2b.sportmaster.ru ⁴
+b2b-portal.sportmaster.ru ³
+b2bas.sportmaster.ru ⁵
+b2bold.sportmaster.ru ⁴
+blog.sportmaster.ru ⁴
+cdn2.sportmaster.ru ¹
+eem.sportmaster.ru ³
+eem2014.sportmaster.ru ³
+eem2014test.sportmaster.ru ³
+eemtest.sportmaster.ru ³
+m.etalonsmtestim.sportmaster.ru ¹
+smtp.ex.sportmaster.ru ³
+ftp.sportmaster.ru ³
+ftpc.sportmaster.ru ³
+game.sportmaster.ru ³
+job.sportmaster.ru ³
+l.sportmaster.ru ¹
+mail1.sportmaster.ru ³
+mail2.sportmaster.ru ³
+mail4.sportmaster.ru ³
+mailimages.sportmaster.ru ⁴
+mdm.sportmaster.ru ³
+mobileapptestim.sportmaster.ru ¹
+nike.sportmaster.ru ⁴
+old.sportmaster.ru ³
+podarki.sportmaster.ru ³
+www.pro.sportmaster.ru ¹
+fb.pro.sportmaster.ru ³
+search.sportmaster.ru ³
+smtp0.sportmaster.ru ³
+smtp1.sportmaster.ru ³
+smtp2.sportmaster.ru ³
+static-uat-ostin.sportmaster.ru ³
+www.uat.sportmaster.ru ⁶
+new.uat.sportmaster.ru ⁶
+cc.new.uat.sportmaster.ru ¹
+m.new.uat.sportmaster.ru ¹
+uat-ostin.sportmaster.ru ³
+vconf10.sportmaster.ru ³
+vconf13.sportmaster.ru ³
+vconf14.sportmaster.ru ³
+vconf7.sportmaster.ru ³
+vpn-global.sportmaster.ru ³
+vpn-sg.sportmaster.ru ¹
+vpn-test.sportmaster.ru ³
+vpn3.sportmaster.ru ³
+vv.sportmaster.ru ²
+wbx.sportmaster.ru ⁴
+wbx-cn.sportmaster.ru ³
+wbxirp1.sportmaster.ru ³
+wbxirp2.sportmaster.ru ³
+zakupki.sportmaster.ru ⁶
+eem2014.sportmaster.ru:15000 ³
+cdn.sportmaster.ru different content
+
+
+¹ mismatch
+² refused
+³ timed out
+⁴ self signed
+⁵ expired
+⁶ redirect
+-->
+<ruleset name="sportmaster.ru">
+	<target host="sportmaster.ru" />
+	<target host="www.sportmaster.ru" />
+	<target host="cc.sportmaster.ru" />
+	<target host="etalonsm.sportmaster.ru" />
+	<target host="etalonsmtestim.sportmaster.ru" />
+	<target host="autodiscover.ex.sportmaster.ru" />
+	<target host="mail.ex.sportmaster.ru" />
+	<target host="kiosk.sportmaster.ru" />
+	<target host="m.sportmaster.ru" />
+	<target host="mobile.sportmaster.ru" />
+	<target host="mobileapp.sportmaster.ru" />
+	<target host="o-test.sportmaster.ru" />
+	<target host="personalcab.sportmaster.ru" />
+	<target host="pro.sportmaster.ru" />
+	<target host="push.sportmaster.ru" />
+	<target host="m.uat.sportmaster.ru" />
+	<target host="mobileapp.uat.sportmaster.ru" />
+	<target host="vpn.sportmaster.ru" />
+	<target host="vpn-mobile.sportmaster.ru" />
+	<target host="vpn-ru.sportmaster.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/sportradar.com.xml b/src/chrome/content/rules/sportradar.com.xml
new file mode 100644
index 000000000000..aeabeec68f09
--- /dev/null
+++ b/src/chrome/content/rules/sportradar.com.xml
@@ -0,0 +1,44 @@
+<!--
+	Problematic hosts in *sportradar.com:
+
+		- developer ᵐ
+		- m ᵐ
+		- tgim ᵐ
+		- toid ᵐ
+		- lsreact.uvui ᵐ
+		- ww ᵐ
+		- wwwams ᵐ
+		- xecb ᵐ
+		- zrhwww ᵐ
+
+	ᵐ Mismatched
+
+-->
+<ruleset name="Sportradar.com (partial)">
+
+	<target host="sportradar.com" />
+	<target host="cs.sportradar.com" />
+	<target host="fps.sportradar.com" />
+	<target host="integrity.sportradar.com" />
+	<target host="ls.sportradar.com" />
+	<target host="ls.sir.sportradar.com" />
+	<target host="lsdev.sir.sportradar.com" />
+	<target host="www.sportradar.com" />
+
+		<!--	$ redirects to 404, so:
+						-->
+		<test url="http://fps.sportradar.com/gr" />
+
+		<!--	$ 404s, so:
+					-->
+		<test url="http://ls.sportradar.com/ls/crest/small/bg.png" />
+		<test url="http://lsdev.sir.sportradar.com/canliskor" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/sporx.com.xml b/src/chrome/content/rules/sporx.com.xml
new file mode 100644
index 000000000000..2d5fc0dd2e4c
--- /dev/null
+++ b/src/chrome/content/rules/sporx.com.xml
@@ -0,0 +1,117 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://sporx.com/ => https://sporx.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://m.sporx.com/ => https://m.sporx.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.sporx.com/ => https://www.sporx.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	CDN buckets:
+
+		- img-sporx.mncdn.com	← mdcdn
+
+
+	Nonfunctional hosts in *sporx.com:
+
+		- mz ᵈ
+		- oyunparki ᵈ
+
+	ᵈ Dropped
+
+
+	Problematic hosts in *sporx.com:
+
+		- anadoluefessk ᵐ ˣ
+		- euro2016 ᵐ ˣ
+		- m ˣ
+		- mdcdn ᵐ
+		- my ᵐ ˣ
+		- nba ᵐ ˣ
+		- t4f ᵐ
+		- turkcell ᵐ ˣ
+		- www ˣ
+
+	ᵐ Mismatched
+	ˣ Mixed iframes or css
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- anadoluefessk.sporx.com
+		- euro2016.sporx.com
+		- m.sporx.com
+		- my.sporx.com
+		- nba.sporx.com
+		- t4f.sporx.com
+		- turkcell.sporx.com
+		- www.sporx.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- iframes, on:
+
+			- euro2016 from www.sporx.com ˢ
+			- nba from tr.global.nba.com
+			- www from nba.sporx.com
+			- www from ligradyo.com.tr ᶠ
+			- www from $self ˢ
+
+		- css, on:
+
+			- anadoluefessk from www.sporx.com ˢ
+			- m from $self ˢ
+			- my, turkcell from $self
+
+		- Images, on:
+
+			- anadoluefessk, euro2016, turkcell, www from mdcdn.sporx.com ˢ
+			- m from sporxtv-p.mncdn.com ˢ
+			- m, www from $self ˢ
+			- euro2016, turkcell from $self
+			- euro2016, m, my, nba turkcell, from www.sporx.com ˢ
+			- t4f from img-super11.mncdn.com ˢ
+
+		- favicon on m from $self ˢ
+
+		- Ads / bugs, on:
+
+			- euro2016 from widgets-script.broadagesports.com ˢ
+			- euro2016, nba, turkcell, www from b.scorecardresearch.com ˢ
+			- turkcell, www from gdetr.hit.gemius.pl ˢ
+
+	ᶠ Unsecurable <= handshake fails
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Sporx.com (partial)" platform="mixedcontent" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="sporx.com" />
+	<target host="m.sporx.com" />
+	<target host="www.sporx.com" />
+
+	<!--	Complications:
+				-->
+	<target host="mdcdn.sporx.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:anadoluefessk|euro2016|m|my|nba|t4f|turkcell|www)\.sporx\.com$" name="^(?:BIGipServer|PHPSESSID$)" /-->
+
+	<securecookie host="^\." name="_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://mdcdn\.sporx\.com/"
+		to="https://img-sporx.mncdn.com/" />
+
+		<test url="http://mdcdn.sporx.com/img/55/2016/2016-06-20t200812z_1175802251_lr1ec6k1jxdi9_rtrmadp_3_soccer-euro-rus-wal.jpg" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/spreadshirt.at.xml b/src/chrome/content/rules/spreadshirt.at.xml
new file mode 100644
index 000000000000..e47eee937139
--- /dev/null
+++ b/src/chrome/content/rules/spreadshirt.at.xml
@@ -0,0 +1,16 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- www.forum.spreadshirt.at
+-->
+<ruleset name="spreadshirt.at">
+	<target host="spreadshirt.at" />
+	<target host="forum.spreadshirt.at" />
+	<target host="shop.spreadshirt.at" />
+	<target host="wikileaks.spreadshirt.at" />
+	<target host="www.spreadshirt.at" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/spreadshirt.be.xml b/src/chrome/content/rules/spreadshirt.be.xml
new file mode 100644
index 000000000000..8319fa6c94f7
--- /dev/null
+++ b/src/chrome/content/rules/spreadshirt.be.xml
@@ -0,0 +1,16 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- www.forum.spreadshirt.be
+-->
+<ruleset name="spreadshirt.be">
+	<target host="spreadshirt.be" />
+	<target host="forum.spreadshirt.be" />
+	<target host="shop.spreadshirt.be" />
+	<target host="wikileaks.spreadshirt.be" />
+	<target host="www.spreadshirt.be" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/spreadshirt.ch.xml b/src/chrome/content/rules/spreadshirt.ch.xml
new file mode 100644
index 000000000000..7573533f55af
--- /dev/null
+++ b/src/chrome/content/rules/spreadshirt.ch.xml
@@ -0,0 +1,16 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- www.forum.spreadshirt.ch
+-->
+<ruleset name="spreadshirt.ch">
+	<target host="spreadshirt.ch" />
+	<target host="forum.spreadshirt.ch" />
+	<target host="shop.spreadshirt.ch" />
+	<target host="wikileaks.spreadshirt.ch" />
+	<target host="www.spreadshirt.ch" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/spreadshirt.co.uk.xml b/src/chrome/content/rules/spreadshirt.co.uk.xml
new file mode 100644
index 000000000000..6698096b37d4
--- /dev/null
+++ b/src/chrome/content/rules/spreadshirt.co.uk.xml
@@ -0,0 +1,11 @@
+<ruleset name="spreadshirt.co.uk">
+	<target host="spreadshirt.co.uk" />
+	<target host="forum.spreadshirt.co.uk" />
+	<target host="shop.spreadshirt.co.uk" />
+	<target host="wikileaks.spreadshirt.co.uk" />
+	<target host="www.spreadshirt.co.uk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/spreadshirt.com.au.xml b/src/chrome/content/rules/spreadshirt.com.au.xml
new file mode 100644
index 000000000000..d7e1b004d29f
--- /dev/null
+++ b/src/chrome/content/rules/spreadshirt.com.au.xml
@@ -0,0 +1,16 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- www.forum.spreadshirt.com.au
+-->
+<ruleset name="spreadshirt.com.au">
+	<target host="spreadshirt.com.au" />
+	<target host="forum.spreadshirt.com.au" />
+	<target host="shop.spreadshirt.com.au" />
+	<target host="wikileaks.spreadshirt.com.au" />
+	<target host="www.spreadshirt.com.au" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/spreadshirt.com.xml b/src/chrome/content/rules/spreadshirt.com.xml
new file mode 100644
index 000000000000..90e168c27950
--- /dev/null
+++ b/src/chrome/content/rules/spreadshirt.com.xml
@@ -0,0 +1,11 @@
+<ruleset name="spreadshirt.com">
+	<target host="spreadshirt.com" />
+	<target host="forum.spreadshirt.com" />
+	<target host="shop.spreadshirt.com" />
+	<target host="wikileaks.spreadshirt.com" />
+	<target host="www.spreadshirt.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/spreadshirt.de.xml b/src/chrome/content/rules/spreadshirt.de.xml
new file mode 100644
index 000000000000..072083f30333
--- /dev/null
+++ b/src/chrome/content/rules/spreadshirt.de.xml
@@ -0,0 +1,11 @@
+<ruleset name="spreadshirt.de">
+	<target host="spreadshirt.de" />
+	<target host="forum.spreadshirt.de" />
+	<target host="shop.spreadshirt.de" />
+	<target host="wikileaks.spreadshirt.de" />
+	<target host="www.spreadshirt.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/spreadshirt.dk.xml b/src/chrome/content/rules/spreadshirt.dk.xml
new file mode 100644
index 000000000000..6e7e235c33e3
--- /dev/null
+++ b/src/chrome/content/rules/spreadshirt.dk.xml
@@ -0,0 +1,16 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- www.forum.spreadshirt.dk
+-->
+<ruleset name="spreadshirt.dk">
+	<target host="spreadshirt.dk" />
+	<target host="forum.spreadshirt.dk" />
+	<target host="shop.spreadshirt.dk" />
+	<target host="wikileaks.spreadshirt.dk" />
+	<target host="www.spreadshirt.dk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/spreadshirt.es.xml b/src/chrome/content/rules/spreadshirt.es.xml
new file mode 100644
index 000000000000..482a78412cfd
--- /dev/null
+++ b/src/chrome/content/rules/spreadshirt.es.xml
@@ -0,0 +1,16 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- www.forum.spreadshirt.es
+-->
+<ruleset name="spreadshirt.es">
+	<target host="spreadshirt.es" />
+	<target host="forum.spreadshirt.es" />
+	<target host="shop.spreadshirt.es" />
+	<target host="wikileaks.spreadshirt.es" />
+	<target host="www.spreadshirt.es" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/spreadshirt.fi.xml b/src/chrome/content/rules/spreadshirt.fi.xml
new file mode 100644
index 000000000000..a04e1011535e
--- /dev/null
+++ b/src/chrome/content/rules/spreadshirt.fi.xml
@@ -0,0 +1,16 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- www.forum.spreadshirt.fi
+-->
+<ruleset name="spreadshirt.fi">
+	<target host="spreadshirt.fi" />
+	<target host="forum.spreadshirt.fi" />
+	<target host="shop.spreadshirt.fi" />
+	<target host="wikileaks.spreadshirt.fi" />
+	<target host="www.spreadshirt.fi" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/spreadshirt.fr.xml b/src/chrome/content/rules/spreadshirt.fr.xml
new file mode 100644
index 000000000000..0fde6aac45a4
--- /dev/null
+++ b/src/chrome/content/rules/spreadshirt.fr.xml
@@ -0,0 +1,11 @@
+<ruleset name="spreadshirt.fr">
+	<target host="spreadshirt.fr" />
+	<target host="forum.spreadshirt.fr" />
+	<target host="shop.spreadshirt.fr" />
+	<target host="wikileaks.spreadshirt.fr" />
+	<target host="www.spreadshirt.fr" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/spreadshirt.ie.xml b/src/chrome/content/rules/spreadshirt.ie.xml
new file mode 100644
index 000000000000..1b5da91930f1
--- /dev/null
+++ b/src/chrome/content/rules/spreadshirt.ie.xml
@@ -0,0 +1,16 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- www.forum.spreadshirt.ie
+-->
+<ruleset name="spreadshirt.ie">
+	<target host="spreadshirt.ie" />
+	<target host="forum.spreadshirt.ie" />
+	<target host="shop.spreadshirt.ie" />
+	<target host="wikileaks.spreadshirt.ie" />
+	<target host="www.spreadshirt.ie" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/spreadshirt.it.xml b/src/chrome/content/rules/spreadshirt.it.xml
new file mode 100644
index 000000000000..717ea345a027
--- /dev/null
+++ b/src/chrome/content/rules/spreadshirt.it.xml
@@ -0,0 +1,16 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- www.forum.spreadshirt.it
+-->
+<ruleset name="spreadshirt.it">
+	<target host="spreadshirt.it" />
+	<target host="forum.spreadshirt.it" />
+	<target host="shop.spreadshirt.it" />
+	<target host="wikileaks.spreadshirt.it" />
+	<target host="www.spreadshirt.it" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/spreadshirt.net.xml b/src/chrome/content/rules/spreadshirt.net.xml
new file mode 100644
index 000000000000..00c0a372c9de
--- /dev/null
+++ b/src/chrome/content/rules/spreadshirt.net.xml
@@ -0,0 +1,13 @@
+<ruleset name="spreadshirt.net">
+	<target host="spreadshirt.net" />
+	<target host="forum.spreadshirt.net" />
+	<target host="mobile.spreadshirt.net" />
+	<target host="shop.spreadshirt.net" />
+	<target host="wikileaks.spreadshirt.net" />
+	<target host="www.spreadshirt.net" />
+	<target host="image.spreadshirtmedia.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/spreadshirt.nl.xml b/src/chrome/content/rules/spreadshirt.nl.xml
new file mode 100644
index 000000000000..e182f30b6e28
--- /dev/null
+++ b/src/chrome/content/rules/spreadshirt.nl.xml
@@ -0,0 +1,11 @@
+<ruleset name="spreadshirt.nl">
+	<target host="spreadshirt.nl" />
+	<target host="forum.spreadshirt.nl" />
+	<target host="shop.spreadshirt.nl" />
+	<target host="wikileaks.spreadshirt.nl" />
+	<target host="www.spreadshirt.nl" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/spreadshirt.no.xml b/src/chrome/content/rules/spreadshirt.no.xml
new file mode 100644
index 000000000000..312f6a61fed1
--- /dev/null
+++ b/src/chrome/content/rules/spreadshirt.no.xml
@@ -0,0 +1,16 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- www.forum.spreadshirt.no
+-->
+<ruleset name="spreadshirt.no">
+	<target host="spreadshirt.no" />
+	<target host="forum.spreadshirt.no" />
+	<target host="shop.spreadshirt.no" />
+	<target host="wikileaks.spreadshirt.no" />
+	<target host="www.spreadshirt.no" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/spreadshirt.pl.xml b/src/chrome/content/rules/spreadshirt.pl.xml
new file mode 100644
index 000000000000..8adf495240cb
--- /dev/null
+++ b/src/chrome/content/rules/spreadshirt.pl.xml
@@ -0,0 +1,16 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- www.forum.spreadshirt.pl
+-->
+<ruleset name="spreadshirt.pl">
+	<target host="spreadshirt.pl" />
+	<target host="forum.spreadshirt.pl" />
+	<target host="shop.spreadshirt.pl" />
+	<target host="wikileaks.spreadshirt.pl" />
+	<target host="www.spreadshirt.pl" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/spreadshirt.se.xml b/src/chrome/content/rules/spreadshirt.se.xml
new file mode 100644
index 000000000000..2d5b6f392e82
--- /dev/null
+++ b/src/chrome/content/rules/spreadshirt.se.xml
@@ -0,0 +1,16 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- www.forum.spreadshirt.se
+-->
+<ruleset name="spreadshirt.se">
+	<target host="spreadshirt.se" />
+	<target host="forum.spreadshirt.se" />
+	<target host="shop.spreadshirt.se" />
+	<target host="wikileaks.spreadshirt.se" />
+	<target host="www.spreadshirt.se" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/springer.com-falsemixed.xml b/src/chrome/content/rules/springer.com-falsemixed.xml
new file mode 100644
index 000000000000..2205bc89df9a
--- /dev/null
+++ b/src/chrome/content/rules/springer.com-falsemixed.xml
@@ -0,0 +1,16 @@
+<!--
+	For rules not causing false/broken MCB, see Springer.xml.
+
+-->
+<ruleset name="Springer.com (false MCB)" platform="mixedcontent">
+
+	<target host="lod.springer.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/sprinklecontent.com.xml b/src/chrome/content/rules/sprinklecontent.com.xml
new file mode 100644
index 000000000000..bf6e12e68e0d
--- /dev/null
+++ b/src/chrome/content/rules/sprinklecontent.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="sprinklecontent.com">
+		<target host="sprinklecontent.com" />
+		<target host="www.sprinklecontent.com" />
+		<target host="widgets.sprinklecontent.com" />
+
+		<!-- track.sprinklecontent.com is non-functional -->
+
+		<test url="http://widgets.sprinklecontent.com/v2/sprinkle.js" />
+
+		<rule from="^http:"
+				to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/sprinklr.com.xml b/src/chrome/content/rules/sprinklr.com.xml
new file mode 100644
index 000000000000..53ea581c71e6
--- /dev/null
+++ b/src/chrome/content/rules/sprinklr.com.xml
@@ -0,0 +1,20 @@
+<!--
+	CDN buckets:
+
+		- 2c5pah1z6hb21uo7d01fenam-wpengine.netdna-ssl.com
+
+-->
+<ruleset name="Sprinklr.com">
+
+	<target host="sprinklr.com" />
+	<target host="www.sprinklr.com" />
+
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/spsch.eu.xml b/src/chrome/content/rules/spsch.eu.xml
new file mode 100644
index 000000000000..afe1a38e81c5
--- /dev/null
+++ b/src/chrome/content/rules/spsch.eu.xml
@@ -0,0 +1,7 @@
+<ruleset name="SPŠCHG Ostrava">
+    <target host="spsch.eu" />
+    <target host="www.spsch.eu" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/spsr.ru.xml b/src/chrome/content/rules/spsr.ru.xml
new file mode 100644
index 000000000000..28e5453237db
--- /dev/null
+++ b/src/chrome/content/rules/spsr.ru.xml
@@ -0,0 +1,40 @@
+<!--
+ff.spsr.ru ³
+gw-01.spsr.ru ²
+gw-02.spsr.ru ²
+hand.spsr.ru ²
+rubato.spsr.ru ⁴
+stesso.spsr.ru ²
+www.tambov.spsr.ru ¹
+trois.spsr.ru ²
+tutte.spsr.ru ²
+zmb0.spsr.ru ²
+3pl.spsr.ru different content
+sine.spsr.ru different content
+stretto.spsr.ru different content
+
+
+¹ mismatch
+² refused
+³ timed out
+⁴ self signed
+-->
+<ruleset name="spsr.ru">
+	<target host="spsr.ru" />
+	<target host="www.spsr.ru" />
+	<target host="api.spsr.ru" />
+	<target host="cabinet.spsr.ru" />
+	<target host="cabinetold.spsr.ru" />
+	<target host="grazia.spsr.ru" />
+	<target host="jira.spsr.ru" />
+	<target host="kaluga.spsr.ru" />
+	<target host="lktest.spsr.ru" />
+	<target host="mail.spsr.ru" />
+	<target host="parceltrack.spsr.ru" />
+	<target host="report.spsr.ru" />
+	<target host="widget.spsr.ru" />
+	<target host="yaroslavl.spsr.ru" />
+	<target host="zuvor.spsr.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/sputniknews.com.xml b/src/chrome/content/rules/sputniknews.com.xml
new file mode 100644
index 000000000000..c61dee032cb6
--- /dev/null
+++ b/src/chrome/content/rules/sputniknews.com.xml
@@ -0,0 +1,65 @@
+<!--
+	Insecure cookies are set for these domains: ᶜ
+
+		- .sputniknews.com
+		- .cz.sputniknews.com
+		- .id.sputniknews.com
+		- .jp.sputniknews.com
+		- .kr.sputniknews.com
+		- .mundo.sputniknews.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css on m from fonts.googleapis.com ˢ
+		- Bug on (www.)?, cz, jp, kr, m, mundo from b.scorecardresearch.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Sputnik News.com">
+
+	<target host="sputniknews.com" />
+	<target host="cz.sputniknews.com" />
+	<target host="id.sputniknews.com" />
+
+	<target host="cdn1.img.sputniknews.com" />
+	<target host="cdn2.img.sputniknews.com" />
+	<target host="cdn3.img.sputniknews.com" />
+	<target host="cdn4.img.sputniknews.com" />
+	<target host="cdn5.img.sputniknews.com" />
+	<target host="cdncz1.img.sputniknews.com" />
+	<target host="cdncz2.img.sputniknews.com" />
+	<target host="cdnmundo1.img.sputniknews.com" />
+	<target host="cdnmundo2.img.sputniknews.com" />
+
+	<target host="jp.sputniknews.com" />
+	<target host="kr.sputniknews.com" />
+	<target host="m.sputniknews.com" />
+	<target host="mundo.sputniknews.com" />
+	<target host="www.sputniknews.com" />
+
+		<test url="http://cdn1.img.sputniknews.com/min/css/mobile/index.css" />
+		<test url="http://cdn2.img.sputniknews.com/images/104104/03/1041040333.jpg" />
+		<test url="http://cdn3.img.sputniknews.com/images/102779/96/1027799674.jpg" />
+		<test url="http://cdn4.img.sputniknews.com/images/101610/42/1016104260.jpg" />
+		<test url="http://cdn5.img.sputniknews.com/images/103262/06/1032620651.jpg" />
+		<test url="http://cdncz1.img.sputniknews.com/images/297/25/2972560.jpg" />
+		<test url="http://cdncz2.img.sputniknews.com/images/117/49/1174927.jpg" />
+		<test url="http://cdnmundo1.img.sputniknews.com/images/105603/38/1056033814.jpg" />
+		<test url="http://cdnmundo2.img.sputniknews.com/images/105603/32/1056033283.jpg" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.(?:(?:cz|id|jp|kr|mundo)\.)?sputniknews\.com$" name="^sputnik_" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/spydus.co.uk.xml b/src/chrome/content/rules/spydus.co.uk.xml
new file mode 100644
index 000000000000..9cdbd5029a0a
--- /dev/null
+++ b/src/chrome/content/rules/spydus.co.uk.xml
@@ -0,0 +1,63 @@
+<!--
+	Note: p://stats.../$ redirects to s:// 503
+	?=> fetch test failure
+
+	For other Civica Group coverage, see civica.co.uk.xml.
+
+
+	These altnames do not exist:
+
+		- spydus.co.uk
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- argyll-bute from www.argyll-bute.gov.uk
+			- rochdale from www.rochdale.gov.uk
+
+-->
+<ruleset name="spydus.co.uk">
+
+	<target host="aberdeencity.spydus.co.uk" />
+	<target host="aberdeenshire.spydus.co.uk" />
+	<target host="angus.spydus.co.uk" />
+	<target host="argyll-bute.spydus.co.uk" />
+	<target host="bolton.spydus.co.uk" />
+	<target host="brighton-hove.spydus.co.uk" />
+	<target host="buckinghamshire.spydus.co.uk" />
+	<target host="bwdlibraries.spydus.co.uk" />
+	<target host="cambridgeshire.spydus.co.uk" />
+	<target host="camden.spydus.co.uk" />
+	<target host="demouk.spydus.co.uk" />
+	<target host="herts.spydus.co.uk" />
+	<target host="iow.spydus.co.uk" />
+	<target host="kent.spydus.co.uk" />
+	<target host="lanark.spydus.co.uk" />
+	<target host="lbhf.spydus.co.uk" />
+	<target host="lincolnshire.spydus.co.uk" />
+	<target host="manchester.spydus.co.uk" />
+	<target host="medway.spydus.co.uk" />
+	<target host="miltonkeynes.spydus.co.uk" />
+	<target host="norfolk.spydus.co.uk" />
+	<target host="oldham.spydus.co.uk" />
+	<target host="peterborough.spydus.co.uk" />
+	<target host="rbwm.spydus.co.uk" />
+	<target host="richmond.spydus.co.uk" />
+	<target host="rochdale.spydus.co.uk" />
+	<target host="selms.spydus.co.uk" />
+	<target host="stats.spydus.co.uk" />
+	<target host="strathaven.spydus.co.uk" />
+	<target host="suffolk.spydus.co.uk" />
+	<target host="westberks.spydus.co.uk" />
+	<target host="wokingham.spydus.co.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/sql-join.com.xml b/src/chrome/content/rules/sql-join.com.xml
new file mode 100644
index 000000000000..cb016543e8a1
--- /dev/null
+++ b/src/chrome/content/rules/sql-join.com.xml
@@ -0,0 +1,11 @@
+<!--
+	Invalid certificate:
+		email.sql-join.com
+		ftp.sql-join.com
+-->
+<ruleset name="sql-join.com">
+	<target host="sql-join.com" />
+	<target host="www.sql-join.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/squarecdn.xml b/src/chrome/content/rules/squarecdn.xml
new file mode 100644
index 000000000000..097f3017c33a
--- /dev/null
+++ b/src/chrome/content/rules/squarecdn.xml
@@ -0,0 +1,18 @@
+<!--
+	For other Square coverage, see Square.xml.
+
+-->
+<ruleset name="Square CDN.com">
+
+	<target host="cash-f.squarecdn.com" />
+
+		<test url="http://cash-f.squarecdn.com/ember/feba3f96f1421b19fa5516eab77332b4142f9a5b/assets/images/marketing/icon-star.svg" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/squarefaction.ru.xml b/src/chrome/content/rules/squarefaction.ru.xml
new file mode 100644
index 000000000000..54b5eb8eca9a
--- /dev/null
+++ b/src/chrome/content/rules/squarefaction.ru.xml
@@ -0,0 +1,17 @@
+<!--
+	Invalid certificate:
+		www.squarefaction.ru
+		assets.squarefaction.ru
+		m.squarefaction.ru
+		mail.squarefaction.ru
+		staging.squarefaction.ru
+		trk.squarefaction.ru
+		wiki.squarefaction.ru
+-->
+<ruleset name="squarefaction.ru">
+	<target host="squarefaction.ru" />
+	<target host="www.squarefaction.ru" />
+
+	<rule from="^http://www\.squarefaction\.ru/" to="https://squarefaction.ru/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/squat.net.xml b/src/chrome/content/rules/squat.net.xml
new file mode 100644
index 000000000000..ec8062ba6ff3
--- /dev/null
+++ b/src/chrome/content/rules/squat.net.xml
@@ -0,0 +1,187 @@
+<!--
+	Nonfunctional hosts in *squat.net:
+
+		- boligaksjonen ᵗ
+		- lawaai ᵗ
+		- video ᵗ
+		- woningnjet ᵗ
+
+	ᵗ Reset
+
+
+	Problematic hosts in *squat.net:
+
+		- creatoulouse ˣ
+		- krakengent ˣ
+		- loukaze ˣ
+		- praha ˣ
+		- rigaer94 ˣ
+		- rooftopresistance ˣ
+		- www.sama32 ᵐ
+		- www.stressfaktor ᵐ
+		- vrankrijk * ᶜ
+
+	* Protocol-relative redirect
+	ᵐ Mismatched
+	ˣ Mixed css, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- ar.squat.net
+		- ca.squat.net
+		- destrijd.squat.net
+		- en.squat.net
+		- kanal.squat.net
+		- kankolmo.squat.net
+		- planet.squat.net
+		- pt.squat.net
+		- tr.squat.net
+		- transfo.squat.net
+		- vrankrijk.squat.net
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css, on:
+
+			- creatoulouse, krakengent, loukaze, praha, rigaer94, rooftopresistance, worldhomelessactionday from $self
+			- kankolmo, zeharkagenda from fonts.googleapis.com ˢ
+
+		- Images, on:
+
+			- ar, cibulka, creatoulouse, de, en, encres-noires, huizespoorloos, kankolmo, la13-14, lahormigonera, montpellier, nl, pl, redandblackumbrella, resiste, rooftopresistance, ru, sqek, squatting-manual, stressfaktor, sw12, transfo, worldhomelessactionday, zeharkagenda from $self ˢ
+			- cibulka from i.nyx.cz ˢ
+			- en, es, fr, it, nl, pl, planet, praha, pt from de.squat.net ˢ
+			- eus. planet from ca.squat.net ˢ
+			- pl, ru from en.squat.net ˢ
+			- es from barcelona.indymedia.org ⁴
+			- kankolmo from resiste.squat.net ˢ
+			- lepalmier from www.halemfrance.org ᵐ ᵘ
+			- london-squat-project from agitamadrid.org ⁴
+			- montpellier from virgulesama.pagesperso-orange.fr
+			- old from www.indymedia.org.uk ˢ
+			- resiste from \d.bp.blogspot.com ˢ
+			- resiste from torresmasaltashancaido.espivblogs.net ˢ
+			- resiste from static.fsf.org ˢ
+			- resiste from www.khimkiforest.org
+			- resiste from zad.nadir.org
+			- resiste from policespiesoutoflives.org.uk
+			- resiste from radioblackout.org
+			- resiste from radiobronka.info
+			- resiste from usurpa.squat.net ˢ
+			- ru from \d+.vk.me ʳ
+			- ru from poslezavtra.be ᵐ
+			- ru from rumahapi.weebly.com
+			- ru from criminalnaya.ru ʳ
+			- ru from oranssi.net ⁴
+			- sama32 from www.sama32.squat.net ˢ
+			- stressfaktor from www.stressfaktor.squat.net ˢ
+			- sw12 from www.indymedia.nl ˢ
+
+		- Bug on old from webstats.squat.net ˢ
+
+	⁴ Unsecurable <= 404
+	ᵐ Not secured by us <= mismatched
+	ʳ Unsecurable <= refused
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+	ᵘ Not secured by us <= untrusted root
+
+-->
+<ruleset name="squat.net (partial)">
+
+	<target host="squat.net" />
+	<target host="ar.squat.net" />
+	<target host="atopya.squat.net" />
+	<target host="burntout.squat.net" />
+	<target host="ca.squat.net" />
+	<target host="cardiff.squat.net" />
+	<target host="casanaranja.squat.net" />
+	<target host="cibulka.squat.net" />
+	<!--target host="creatoulouse.squat.net" /-->
+	<target host="csoa15gatxs.squat.net" />
+	<target host="de.squat.net" />
+	<target host="destrijd.squat.net" />
+	<target host="en.squat.net" />
+	<target host="encres-noires.squat.net" />
+	<target host="es.squat.net" />
+	<target host="espaceautogere.squat.net" />
+	<target host="eus.squat.net" />
+	<target host="fr.squat.net" />
+	<target host="grotebroek.squat.net" />
+	<target host="help.squat.net" />
+	<target host="housingamsterdam.squat.net" />
+	<target host="huizespoorloos.squat.net" />
+	<target host="it.squat.net" />
+	<target host="kanal.squat.net" />
+	<target host="kankolmo.squat.net" />
+	<target host="krakaoke.squat.net" />
+	<target host="krakelbont.squat.net" />
+	<!--target host="krakengent.squat.net" /-->
+	<target host="la13-14.squat.net" />
+	<target host="lahormigonera.squat.net" />
+	<target host="lepalmier.squat.net" />
+	<target host="london-squat-project.squat.net" />
+	<!--target host="loukaze.squat.net" /-->
+	<target host="lubakiagenda.squat.net" />
+	<target host="montpellier.squat.net" />
+	<target host="nl.squat.net" />
+	<target host="okupesbcn.squat.net" />
+	<target host="palmira.squat.net" />
+	<target host="pl.squat.net" />
+	<target host="planet.squat.net" />
+	<!--target host="praha.squat.net" /-->
+	<target host="ps18.squat.net" />
+	<target host="pt.squat.net" />
+	<target host="radar.squat.net" />
+	<target host="redandblackumbrella.squat.net" />
+	<target host="resiste.squat.net" />
+	<!--target host="rigaer94.squat.net" /-->
+	<!--target host="rooftopresistance.squat.net" /-->
+	<target host="ru.squat.net" />
+	<target host="sama32.squat.net" />
+	<target host="schwarzerkanal.squat.net" />
+	<target host="slug.squat.net" />
+	<target host="sqek.squat.net" />
+	<target host="squatting-manual.squat.net" />
+	<target host="stressfaktor.squat.net" />
+	<target host="sw12.squat.net" />
+	<target host="tanneries.squat.net" />
+	<target host="toulouse.squat.net" />
+	<target host="tr.squat.net" />
+	<target host="transfo.squat.net" />
+	<target host="uk-squatting-archive.squat.net" />
+	<target host="usurpa.squat.net" />
+	<target host="vanmonckautonomousgym.squat.net" />
+	<target host="vestbredden.squat.net" />
+	<target host="vzpominkynabudoucnost.squat.net" />
+	<target host="webstats.squat.net" />
+	<!--target host="worldhomelessactionday.squat.net" /-->
+	<target host="www.squat.net" />
+	<target host="xarxadestudis.squat.net" />
+	<target host="zeharkagenda.squat.net" />
+
+	<!--	Complications:
+				-->
+	<target host="www.sama32.squat.net" />
+	<target host="www.stressfaktor.squat.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:ar|ca|destrijd|kanal|pt|tr|transfo|vrankrijk)\.squat\.net$" name="^slimstat_tracking_code$" /-->
+	<!--securecookie host="^(?:en|planet)\.squat\.net$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^kankolmo\.squat\.net$" name="^(?:PHPSESSID|slimstat_tracking_code)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://www\.([^.]+)\.squat\.net/"
+		to="https://$1.squat.net/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/sr.ht.xml b/src/chrome/content/rules/sr.ht.xml
new file mode 100644
index 000000000000..3cb3bc925e55
--- /dev/null
+++ b/src/chrome/content/rules/sr.ht.xml
@@ -0,0 +1,47 @@
+<!--
+	Refused:
+		- cirno.sr.ht
+		- cirno1.sr.ht
+		- cirno2.sr.ht
+		- ns1.sr.ht
+		- ns2.sr.ht
+		- azusa.runners.sr.ht
+		- yui.runners.sr.ht
+
+	Mismatched:
+		- alice1.sr.ht
+		- mail.sr.ht
+		- graf.metrics.sr.ht
+		- static1.sr.ht
+
+	Expired:
+		- alice2.sr.ht
+		- alice3.sr.ht
+-->
+<ruleset name="sr.ht">
+	<target host="sr.ht" />
+	<target host="builds.sr.ht" />
+	<target host="dispatch.sr.ht" />
+	<target host="git.sr.ht" />
+	<target host="hg.sr.ht" />
+	<target host="hub.sr.ht" />
+	<target host="l.sr.ht" />
+	<target host="legacy.sr.ht" />
+	<target host="lists.sr.ht" />
+	<target host="mail-b.sr.ht" />
+	<target host="man.sr.ht" />
+	<target host="meta.sr.ht" />
+	<target host="metrics.sr.ht" />
+	<target host="aggr.metrics.sr.ht" />
+	<target host="prom.metrics.sr.ht" />
+	<target host="push.metrics.sr.ht" />
+	<target host="mirror.sr.ht" />
+	<target host="pasta.sr.ht" />
+	<target host="paste.sr.ht" />
+	<target host="patchouli.sr.ht" />
+	<target host="status.sr.ht" />
+	<target host="todo.sr.ht" />
+	<target host="yukari.sr.ht" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/srad.jp.xml b/src/chrome/content/rules/srad.jp.xml
new file mode 100644
index 000000000000..8f2987ee3d94
--- /dev/null
+++ b/src/chrome/content/rules/srad.jp.xml
@@ -0,0 +1,46 @@
+<!--
+	Non-functional hosts
+		No working 200/3XX URL(s):
+			 - api.srad.jp
+
+		Couldn't connect to server:
+			 - ns1.srad.jp
+			 - ns2.srad.jp
+
+		SSL peer certificate or SSH remote key was not OK:
+			 - images.srad.mages.srad.jp
+			 - ns0.srad.jp
+			 - www.security.srad.jp
+
+-->
+<ruleset name="srad.jp">
+    <target host="srad.jp" />
+	<target host="www.srad.jp" />
+	<target host="2011azure.srad.jp" />
+	<target host="apple.srad.jp" />
+	<target host="askslashdot.srad.jp" />
+	<target host="developers.srad.jp" />
+	<target host="hardware.srad.jp" />
+	<target host="idle.srad.jp" />
+	<target host="images.srad.jp" />
+	<test url="http://images.srad.jp/topics/japan_64.png" />
+	<test url="http://images.srad.jp/topics/nasa_64.png" />
+
+	<target host="index.srad.jp" />
+	<target host="interview.srad.jp" />
+	<target host="it.srad.jp" />
+	<target host="linux.srad.jp" />
+	<target host="m.srad.jp" />
+	<target host="mobile.srad.jp" />
+	<target host="opensource.srad.jp" />
+	<target host="review.srad.jp" />
+	<target host="science.srad.jp" />
+	<target host="security.srad.jp" />
+	<target host="slash.srad.jp" />
+	<target host="tenshoku.srad.jp" />
+	<target host="yro.srad.jp" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/srv2020real.com.xml b/src/chrome/content/rules/srv2020real.com.xml
new file mode 100644
index 000000000000..0c3d98bed313
--- /dev/null
+++ b/src/chrome/content/rules/srv2020real.com.xml
@@ -0,0 +1,21 @@
+<!--
+	For other Lead Forensics coverage, see Lead_Forensics.com.xml.
+
+
+	www.srv2020real.com: Mismatched
+
+	srv2020real.com does not exist.
+
+-->
+<ruleset name="srv2020real.com">
+
+	<target host="www.srv2020real.com" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://www\.srv2020real\.com/"
+		to="https://secure.leadforensics.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ss-iptv.com.xml b/src/chrome/content/rules/ss-iptv.com.xml
new file mode 100644
index 000000000000..f7f2b7e5bb1f
--- /dev/null
+++ b/src/chrome/content/rules/ss-iptv.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="ss-iptv.com">
+	<target host="ss-iptv.com" />
+	<target host="www.ss-iptv.com" />
+	<target host="api.ss-iptv.com" />
+	<target host="app.ss-iptv.com" />
+	<target host="epg.ss-iptv.com" />
+	<target host="forum.ss-iptv.com" />
+	<target host="img.ss-iptv.com" />
+	<target host="lg.ss-iptv.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ssa.gov.xml b/src/chrome/content/rules/ssa.gov.xml
new file mode 100644
index 000000000000..7d2268bc645a
--- /dev/null
+++ b/src/chrome/content/rules/ssa.gov.xml
@@ -0,0 +1,62 @@
+<!--
+
+
+	These altnames do not exist:
+
+		- www.oig.ssa.gov
+
+
+	Insecure cookies are set for these hosts:
+
+		- faq.ssa.gov
+		- faq-es.ssa.gov
+		- secure.ssa.gov
+
+
+	Mixed content:
+
+		- css, on:
+
+			- oig from fonts.googleapis.com ˢ
+			- secure from mwww.ba.ssa.gov *
+
+	* Inconsequential <= host does not exist
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="SSA.gov">
+
+	<target host="ssa.gov" />
+	<target host="best.ssa.gov" />
+	<target host="edata.ssa.gov" />
+	<target host="eme.ssa.gov" />
+	<target host="faq.ssa.gov" />
+	<target host="faq-es.ssa.gov" />
+	<target host="hspd12.ssa.gov" />
+	<target host="oig.ssa.gov" />
+	<target host="policy.ssa.gov" />
+	<target host="prisonedata.ssa.gov" />
+	<target host="search.ssa.gov" />
+	<target host="secure.ssa.gov" />
+	<target host="www.ssa.gov" />
+
+		<!--	Set cookie without Secure:
+							-->
+		<!--test url="http://faq.ssa.gov/FileManagement/Download/0a17eea7ff3544c0b5ccf68d7ee23082" /-->
+		<!--test url="http://faq-es.ssa.gov/FileManagement/Download/0a17eea7ff3544c0b5ccf68d7ee23082" /-->
+		<!--test url="http://secure.ssa.gov/acu/LoginWeb/loginHandler.do?SUITE=G2GSO" /-->
+		<!--test url="http://secure.ssa.gov/acu/iresear/login" /--><!--	(+ MCB)	-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^faq(?:-es)?\.ssa\.gov$" name="^FM_PERSIST$" /-->
+	<!--securecookie host="^secure\.ssa\.gov$" name="(?:JSESSIONID|^LangPref|^PD_STATEFUL_[\da-f-]+)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ssi.gouv.fr.xml b/src/chrome/content/rules/ssi.gouv.fr.xml
new file mode 100644
index 000000000000..49cb491603aa
--- /dev/null
+++ b/src/chrome/content/rules/ssi.gouv.fr.xml
@@ -0,0 +1,25 @@
+<!--
+	Secure connection failed:
+		cert.ssi.gouv.fr
+		www.cert.ssi.gouv.fr
+		certa.ssi.gouv.fr
+		www.certa.ssi.gouv.fr
+		icsec.ssi.gouv.fr
+		observatoire.ssi.gouv.fr
+		publication-cfssi.ssi.gouv.fr
+		regions.ssi.gouv.fr
+		support-formation.ssi.gouv.fr
+
+	Refused:
+		club.ssi.gouv.fr
+		www.club.ssi.gouv.fr
+
+-->
+<ruleset name="ANSSI">
+
+	<target host="ssi.gouv.fr" />
+	<target host="www.ssi.gouv.fr" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ssk.de.xml b/src/chrome/content/rules/ssk.de.xml
new file mode 100644
index 000000000000..ea2cdeb5a5c3
--- /dev/null
+++ b/src/chrome/content/rules/ssk.de.xml
@@ -0,0 +1,9 @@
+<ruleset name="Strahlenschutzkommission">
+	<!-- German Commission on Radiological Protection -->
+
+	<target host="www.ssk.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ssk.uk.com.xml b/src/chrome/content/rules/ssk.uk.com.xml
new file mode 100644
index 000000000000..56702936a728
--- /dev/null
+++ b/src/chrome/content/rules/ssk.uk.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="ssk.uk.com">
+	<target host="ssk.uk.com" />
+	<target host="www.ssk.uk.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ssl-tools.xml b/src/chrome/content/rules/ssl-tools.xml
new file mode 100644
index 000000000000..090c2f5409b9
--- /dev/null
+++ b/src/chrome/content/rules/ssl-tools.xml
@@ -0,0 +1,12 @@
+<!--
+	www.ssl-tools.net doesn't exist.
+
+-->
+<ruleset name="SSL-Tools.net">
+
+  <target host="ssl-tools.net" />
+
+  <rule from="^http:"
+    to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/sspai.com.xml b/src/chrome/content/rules/sspai.com.xml
new file mode 100644
index 000000000000..cd1636e592cc
--- /dev/null
+++ b/src/chrome/content/rules/sspai.com.xml
@@ -0,0 +1,18 @@
+<!--
+	Invalid Cert:
+		matrix.sspai.com
+
+	Failed:
+		temp.sspai.com
+		test.sspai.com
+-->
+
+<ruleset name="sspai.com">
+	<target host="sspai.com" />
+	<target host="www.sspai.com" />
+	<target host="cdn.sspai.com" />
+		<test url="http://cdn.sspai.com/attachment/origin/2015/01/29/220109.png" />
+	<target host="static.sspai.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/sspl.org.xml b/src/chrome/content/rules/sspl.org.xml
new file mode 100644
index 000000000000..de934a3f2cd3
--- /dev/null
+++ b/src/chrome/content/rules/sspl.org.xml
@@ -0,0 +1,31 @@
+<!--
+	Nonfunctional hosts in *sspl.org:
+
+		- friends ²
+		- salon ⁴
+
+	² 200 "Site Not Found"
+	⁴ 404 at redirect destination
+
+
+	Problematic hosts in *sspl.org:
+
+		- guides ᵐ
+
+	ᵐ LibGuides / mismatched
+
+-->
+<ruleset name="SSPL.org (partial)">
+
+	<target host="sspl.org" />
+	<target host="www.sspl.org" />
+
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/sstaffs.gov.uk.xml b/src/chrome/content/rules/sstaffs.gov.uk.xml
new file mode 100644
index 000000000000..39bd3ceaa55f
--- /dev/null
+++ b/src/chrome/content/rules/sstaffs.gov.uk.xml
@@ -0,0 +1,53 @@
+<!--
+	South Staffordshire District Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *sstaffs.gov.uk:
+
+		- (www.)? ᵈ
+		- lsp ᵈ
+		- www2 ᵈ
+
+	ᵈ Dropped
+
+
+	Insecure cookies are set for these hosts:
+
+		- services.sstaffs.gov.uk
+
+
+	Mixed content:
+
+		- Images on services from www.sstaffs.gov.uk ᵈ
+
+	ᵈ Unsecurable <= dropped
+
+-->
+<ruleset name="SStaffs.gov.uk (partial)">
+
+	<target host="apps.sstaffs.gov.uk" />
+	<target host="licensing.sstaffs.gov.uk" />
+	<target host="services.sstaffs.gov.uk" />
+
+		<!--	Sets cookies without Secure:
+							-->
+		<!--test url="http://services.sstaffs.gov.uk/cmis/Committees.aspx" /-->
+
+		<!--	$ 403s, so:
+					-->
+		<test url="http://apps.sstaffs.gov.uk/sscwebviewer" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^services\.sstaffs\.gov\.uk$" name="^(?:\.ASPXANONYMOUS|ASP\.NET_SessionId|language)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ssusa.org.xml b/src/chrome/content/rules/ssusa.org.xml
new file mode 100644
index 000000000000..a287a81d21c7
--- /dev/null
+++ b/src/chrome/content/rules/ssusa.org.xml
@@ -0,0 +1,27 @@
+<!--
+	For other National Rifle Association coverage, see nra.org.xml.
+
+
+	Mixed content:
+
+		- Bugs from b.scorecardresearch.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="SS USA.org">
+
+	<target host="ssusa.org" />
+	<target host="assets.ssusa.org" />
+	<target host="wmp.ssusa.org" />
+	<target host="www.ssusa.org" />
+
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/st.uz.xml b/src/chrome/content/rules/st.uz.xml
new file mode 100644
index 000000000000..7558c0337e09
--- /dev/null
+++ b/src/chrome/content/rules/st.uz.xml
@@ -0,0 +1,36 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://mail.st.uz/ => https://mail.st.uz/: (28, 'Connection timed out after 20001 milliseconds')
+
+blocked.st.uz ⁴
+ns2.cloud.st.uz ²
+fortune.st.uz ⁷
+galeon.st.uz ⁷
+hosting1.st.uz ²
+isphosting.st.uz ⁴
+mirrors.st.uz ²
+novostiuzbekistana.st.uz ⁷
+www.novostiuzbekistana.st.uz ⁷
+ns.st.uz ³
+ns1.st.uz ³
+ns2.st.uz ³
+
+
+² refused
+³ timed out
+⁴ self signed
+⁷ protocol error
+-->
+<ruleset name="st.uz" default_off="failed ruleset test">
+	<target host="st.uz" />
+	<target host="www.st.uz" />
+	<target host="cabinet.st.uz" />
+	<target host="cloud.st.uz" />
+	<target host="mail.st.uz" />
+	<target host="online.st.uz" />
+	<target host="space.st.uz" />
+	<target host="vds.st.uz" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/st65.ru.xml b/src/chrome/content/rules/st65.ru.xml
new file mode 100644
index 000000000000..a746ea3a50cf
--- /dev/null
+++ b/src/chrome/content/rules/st65.ru.xml
@@ -0,0 +1,14 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://mail.st65.ru/ => https://mail.st65.ru/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+st65.ru expired
+www.st65.ru expired
+-->
+<ruleset name="st65.ru (partial)" default_off="failed ruleset test">
+	<target host="stat.st65.ru" />
+	<target host="mail.st65.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/stableit.ru.xml b/src/chrome/content/rules/stableit.ru.xml
new file mode 100644
index 000000000000..ca1a868ec98d
--- /dev/null
+++ b/src/chrome/content/rules/stableit.ru.xml
@@ -0,0 +1,6 @@
+<ruleset name="stableit.ru">
+	<target host="stableit.ru" />
+	<target host="www.stableit.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/stadium.ru.xml b/src/chrome/content/rules/stadium.ru.xml
new file mode 100644
index 000000000000..ddce8b5dac32
--- /dev/null
+++ b/src/chrome/content/rules/stadium.ru.xml
@@ -0,0 +1,7 @@
+<!-- .archive mismatch
+new. mismatch -->
+<ruleset name="stadium.ru">
+	<target host="stadium.ru" />
+	<target host="www.stadium.ru" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/stadtwiki.net.xml b/src/chrome/content/rules/stadtwiki.net.xml
new file mode 100644
index 000000000000..3588877b7189
--- /dev/null
+++ b/src/chrome/content/rules/stadtwiki.net.xml
@@ -0,0 +1,21 @@
+<!--
+	Invalid certificate:
+		www.stadtwiki.net
+		allmende.stadtwiki.net
+		ettlingen.stadtwiki.net
+		tr.ka.stadtwiki.net
+
+	Timeout:
+		stadtwiki.net
+
+-->
+<ruleset name="Stadtwiki">
+
+	<target host="ka.stadtwiki.net" />
+	<target host="en.ka.stadtwiki.net" />
+	<target host="es.ka.stadtwiki.net" />
+	<target host="fr.ka.stadtwiki.net" />
+	<target host="ru.ka.stadtwiki.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/staempfliverlag.com.xml b/src/chrome/content/rules/staempfliverlag.com.xml
new file mode 100644
index 000000000000..8e83d9d99b90
--- /dev/null
+++ b/src/chrome/content/rules/staempfliverlag.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="Stämpfli Verlag">
+	<target host="staempfliverlag.com"/>
+	<target host="www.staempfliverlag.com"/>
+
+	<rule from="^http:"
+		to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/staffordbc.gov.uk.xml b/src/chrome/content/rules/staffordbc.gov.uk.xml
new file mode 100644
index 000000000000..c00ebeb15379
--- /dev/null
+++ b/src/chrome/content/rules/staffordbc.gov.uk.xml
@@ -0,0 +1,33 @@
+<!--
+	Stafford Borough Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *staffordbc.gov.uk:
+
+		- (www.)? ᵈ
+		- m ʳ
+		- www9 ʳ
+
+	ᵈ Dropped
+	ʳ Refused
+
+
+	These altnames do not exist:
+
+		- www.www12.staffordbc.gov.uk
+
+-->
+<ruleset name="Stafford BC.gov.uk (partial)">
+
+	<target host="www12.staffordbc.gov.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/stalbans.gov.uk.xml b/src/chrome/content/rules/stalbans.gov.uk.xml
new file mode 100644
index 000000000000..800ba6e4387a
--- /dev/null
+++ b/src/chrome/content/rules/stalbans.gov.uk.xml
@@ -0,0 +1,88 @@
+<!--
+	St Albans City and District Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *stalbans.gov.uk:
+
+		- gis ᵈ
+		- licensing ᵈ
+		- planning ᵈ
+
+	ᵈ Dropped
+
+
+	Problematic hosts in *stalbans.gov.uk:
+
+		- connect ᶜ
+		- landlord ᶜ
+		- search ᵐ
+
+	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
+	ᵐ Mismatched
+
+
+	Partially covered hosts in *stalbans.gov.uk:
+
+		- search ʰ
+
+	ʰ Some paths redirect to http
+
+
+	Insecure cookies are set for these hosts:
+
+		- stalbans.gov.uk
+		- landlord.stalbans.gov.uk
+		- membersinfo.stalbans.gov.uk
+		- popi.stalbans.gov.uk
+		- www.stalbans.gov.uk
+
+-->
+<ruleset name="St Albans.gov.uk (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="stalbans.gov.uk" />
+	<!--target host="connect.stalbans.gov.uk" /-->
+	<!--target host="landlord.stalbans.gov.uk" /-->
+	<target host="mailarray.stalbans.gov.uk" />
+	<target host="membersinfo.stalbans.gov.uk" />
+	<target host="popi.stalbans.gov.uk" />
+	<target host="portal.stalbans.gov.uk" />
+	<target host="www.stalbans.gov.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="search.stalbans.gov.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?stalbans\.gov\.uk$" name="^(?:\.ASPXANONYMOUS|ASP\.NET_SessionId)$" /-->
+	<!--securecookie host="^landlord\.stalbans\.gov\.uk$" name="^SSRV_AUTHENTICATION$" /-->
+	<!--securecookie host="^membersinfo\.stalbans\.gov\.uk$" name="^(?:_mglogon_|ASP\.NET_SessionId)$" /-->
+	<!--securecookie host="^popi\.stalbans\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^(?!search\.)\w" name=".+" />
+
+
+	<rule from="^http://search\.stalbans\.gov\.uk/"
+		to="https://search3.openobjects.com/" />
+
+		<exclusion pattern="^http://search\.stalbans\.gov\.uk/(?!.+/includes/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://search.stalbans.gov.uk/jobs-and-careers/" />
+			<test url="http://search.stalbans.gov.uk/kb5/stalbans/search/atoz.page" />
+			<test url="http://search.stalbans.gov.uk/sitetools/sitemap.aspx" />
+
+			<!--	-ve:
+					-->
+			<test url="http://search.stalbans.gov.uk/kb5/stalbans/search/includes/images/bullets.png" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/stalkscan.com.xml b/src/chrome/content/rules/stalkscan.com.xml
new file mode 100644
index 000000000000..74dd74cf947d
--- /dev/null
+++ b/src/chrome/content/rules/stalkscan.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="stalkscan.com">
+    <target host="stalkscan.com" />
+    <target host="www.stalkscan.com" />
+
+    <rule from="^http:"
+          to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/stamus-networks.com.xml b/src/chrome/content/rules/stamus-networks.com.xml
new file mode 100644
index 000000000000..b518e02a241b
--- /dev/null
+++ b/src/chrome/content/rules/stamus-networks.com.xml
@@ -0,0 +1,11 @@
+<!--
+packages.stamus-networks.com mismatch
+dl.stamus-networks.com mismatch
+-->
+<ruleset name="stamus-networks.com">
+	<target host="stamus-networks.com" />
+	<target host="www.stamus-networks.com" />
+	<rule from="^http://stamus-networks\.com/"
+		to="https://www.stamus-networks.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/standardjs.com.xml b/src/chrome/content/rules/standardjs.com.xml
new file mode 100644
index 000000000000..18e5259879af
--- /dev/null
+++ b/src/chrome/content/rules/standardjs.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="standardjs.com">
+	<target host="standardjs.com" />
+	<target host="www.standardjs.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/starfishsolutions.com.xml b/src/chrome/content/rules/starfishsolutions.com.xml
new file mode 100644
index 000000000000..ad23a0da7937
--- /dev/null
+++ b/src/chrome/content/rules/starfishsolutions.com.xml
@@ -0,0 +1,86 @@
+<!--
+	For other Hobsons coverage, see hobsons.com.xml.
+
+
+	CDN buckets:
+
+		- s3.amazonaws.com/starfish-cdn/	← cdn
+
+
+	Nonfunctional hosts in *starfishsolutions.com:
+
+		- ^ ᵈ
+		- bb ᵈ
+		- www ʰ
+
+	ᵈ Dropped
+	ʰ WP Engine / redirects to http
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- (client_vhost).starfishsolutions.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Starfish Solutions.com (partial)">
+
+	<target host="cdn.starfishsolutions.com" />
+
+	<!--	(accounts:) -->
+	<target host="agnesscott.starfishsolutions.com" />
+	<target host="becker.starfishsolutions.com" />
+	<target host="fau.starfishsolutions.com" />
+	<target host="goucher.starfishsolutions.com" />
+	<target host="ku.starfishsolutions.com" />
+	<target host="laroche.starfishsolutions.com" />
+	<target host="montclair.starfishsolutions.com" />
+	<target host="nmt.starfishsolutions.com" />
+	<target host="philau.starfishsolutions.com" />
+	<target host="sierracollege.starfishsolutions.com" />
+	<target host="siue.starfishsolutions.com" />
+	<target host="spcc.starfishsolutions.com" />
+	<target host="stu.starfishsolutions.com" />
+	<target host="thenewschool.starfishsolutions.com" />
+	<target host="uark.starfishsolutions.com" />
+	<target host="umw.starfishsolutions.com" />
+	<target host="und.starfishsolutions.com" />
+	<target host="unm.starfishsolutions.com" />
+
+		<test url="http://cdn.starfishsolutions.com/fonts/sf-font/sf-font.css" />
+
+		<!--	$ 404s, so:
+					-->
+		<test url="http://agnesscott.starfishsolutions.com/starfish-ops/support/login.html" />
+		<test url="http://becker.starfishsolutions.com/starfish-ops/support/login.html" />
+		<test url="http://fau.starfishsolutions.com/starfish-ops/support/login.html" />
+		<test url="http://goucher.starfishsolutions.com/starfish-ops/support/login.html" />
+		<test url="http://ku.starfishsolutions.com/starfish-ops/support/login.html" />
+		<test url="http://laroche.starfishsolutions.com/starfish-ops/support/login.html" />
+		<test url="http://montclair.starfishsolutions.com/starfish-ops/support/login.html" />
+		<test url="http://nmt.starfishsolutions.com/starfish-ops/support/login.html" />
+		<test url="http://philau.starfishsolutions.com/starfish-ops/support/login.html" />
+		<test url="http://sierracollege.starfishsolutions.com/starfish-ops/support/login.html" />
+		<test url="http://siue.starfishsolutions.com/starfish-ops/support/login.html" />
+		<test url="http://spcc.starfishsolutions.com/starfish-ops/support/login.html" />
+		<test url="http://stu.starfishsolutions.com/starfish-ops/support/login.html" />
+		<test url="http://thenewschool.starfishsolutions.com/starfish-ops/support/login.html" />
+		<test url="http://uark.starfishsolutions.com/starfish-ops/support/login.html" />
+		<test url="http://umw.starfishsolutions.com/starfish-ops/support/login.html" />
+		<test url="http://und.starfishsolutions.com/starfish-ops/support/login.html" />
+		<test url="http://unm.starfishsolutions.com/starfish-ops/support/login.html" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(client_vhost)\.starfishsolutions\.com$" name="^(?:AWSELB|JSESSIONID)$" /-->
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/starlink.ru.xml b/src/chrome/content/rules/starlink.ru.xml
new file mode 100644
index 000000000000..ceaa914249e8
--- /dev/null
+++ b/src/chrome/content/rules/starlink.ru.xml
@@ -0,0 +1,19 @@
+<!--
+starlink.ru redirect
+www.starlink.ru redirect
+coliqn.starlink.ru timed out
+pelikan.starlink.ru timed out
+drweb.starlink.ru non-2xx http code
+speedtest.starlink.ru timed out
+slujbamehaniz.starlink.ru nonexist
+serials.starlink.ru timed out
+iptv.starlink.ru redirect
+-->
+<ruleset name="starlink.ru (partial)">
+	<target host="stat.starlink.ru" />
+	<target host="lg.starlink.ru" />
+	<target host="forum.starlink.ru" />
+	<target host="mail.starlink.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/startovac.cz.xml b/src/chrome/content/rules/startovac.cz.xml
new file mode 100644
index 000000000000..d6e73216289d
--- /dev/null
+++ b/src/chrome/content/rules/startovac.cz.xml
@@ -0,0 +1,7 @@
+<ruleset name="Startovač">
+    <target host="startovac.cz" />
+    <target host="www.startovac.cz" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/startsmile.ru.xml b/src/chrome/content/rules/startsmile.ru.xml
new file mode 100644
index 000000000000..6decc604076b
--- /dev/null
+++ b/src/chrome/content/rules/startsmile.ru.xml
@@ -0,0 +1,265 @@
+<!--
+aktobe.startsmile.ru ¹
+almaty.startsmile.ru ¹
+atyrau.startsmile.ru ¹
+hackertrace1.internal.nsa.gov.startsmile.ru ¹
+hackertrace2.internal.nsa.gov.startsmile.ru ¹
+hackertrace3.internal.nsa.gov.startsmile.ru ¹
+hackertrace4.internal.nsa.gov.startsmile.ru ¹
+kokshetau.startsmile.ru ¹
+uralsk.startsmile.ru ¹
+
+
+¹ mismatch
+-->
+<ruleset name="startsmile.ru">
+	<target host="startsmile.ru" />
+	<target host="www.startsmile.ru" />
+	<target host="adygeysk.startsmile.ru" />
+	<target host="akhtubinsk.startsmile.ru" />
+	<target host="aktanysh.startsmile.ru" />
+	<target host="aleksandrov.startsmile.ru" />
+	<target host="almetevsk.startsmile.ru" />
+	<target host="amursk.startsmile.ru" />
+	<target host="anapa.startsmile.ru" />
+	<target host="angarsk.startsmile.ru" />
+	<target host="arkhangelsk.startsmile.ru" />
+	<target host="armavir.startsmile.ru" />
+	<target host="azov.startsmile.ru" />
+	<target host="baksan.startsmile.ru" />
+	<target host="balakovo.startsmile.ru" />
+	<target host="balashov.startsmile.ru" />
+	<target host="barabinsk.startsmile.ru" />
+	<target host="barnaul.startsmile.ru" />
+	<target host="belgorod.startsmile.ru" />
+	<target host="belogorsk.startsmile.ru" />
+	<target host="belorechensk.startsmile.ru" />
+	<target host="beloretsk.startsmile.ru" />
+	<target host="berdsk.startsmile.ru" />
+	<target host="berezniki.startsmile.ru" />
+	<target host="bezhetsk.startsmile.ru" />
+	<target host="birobidzhan.startsmile.ru" />
+	<target host="birsk.startsmile.ru" />
+	<target host="biysk.startsmile.ru" />
+	<target host="blagodarny.startsmile.ru" />
+	<target host="bobrov.startsmile.ru" />
+	<target host="bogatyesaby.startsmile.ru" />
+	<target host="bogoroditsk.startsmile.ru" />
+	<target host="bolshoykamen.startsmile.ru" />
+	<target host="bor.startsmile.ru" />
+	<target host="borisoglebsk.startsmile.ru" />
+	<target host="borovichi.startsmile.ru" />
+	<target host="bratsk.startsmile.ru" />
+	<target host="bryansk.startsmile.ru" />
+	<target host="bugulma.startsmile.ru" />
+	<target host="buguruslan.startsmile.ru" />
+	<target host="buzuluk.startsmile.ru" />
+	<target host="chaykovsky.startsmile.ru" />
+	<target host="chebarkul.startsmile.ru" />
+	<target host="chelyabinsk.startsmile.ru" />
+	<target host="cherkessk.startsmile.ru" />
+	<target host="chernogorsk.startsmile.ru" />
+	<target host="chistopol.startsmile.ru" />
+	<target host="chita.startsmile.ru" />
+	<target host="chulym.startsmile.ru" />
+	<target host="chusovoy.startsmile.ru" />
+	<target host="dalnegorsk.startsmile.ru" />
+	<target host="demidov.startsmile.ru" />
+	<target host="derbent.startsmile.ru" />
+	<target host="donetsk.startsmile.ru" />
+	<target host="dzerzhinsk.startsmile.ru" />
+	<target host="elets.startsmile.ru" />
+	<target host="elista.startsmile.ru" />
+	<target host="elizovo.startsmile.ru" />
+	<target host="emanzhelinsk.startsmile.ru" />
+	<target host="engels.startsmile.ru" />
+	<target host="eysk.startsmile.ru" />
+	<target host="gatchina.startsmile.ru" />
+	<target host="glazov.startsmile.ru" />
+	<target host="gorodets.startsmile.ru" />
+	<target host="grozny.startsmile.ru" />
+	<target host="gryazi.startsmile.ru" />
+	<target host="gubkin.startsmile.ru" />
+	<target host="gulkevichi.startsmile.ru" />
+	<target host="irkutsk.startsmile.ru" />
+	<target host="ishim.startsmile.ru" />
+	<target host="ivangorod.startsmile.ru" />
+	<target host="ivanovo.startsmile.ru" />
+	<target host="izhevsk.startsmile.ru" />
+	<target host="kaliningrad.startsmile.ru" />
+	<target host="kaluga.startsmile.ru" />
+	<target host="kamyshin.startsmile.ru" />
+	<target host="kanash.startsmile.ru" />
+	<target host="kaspysk.startsmile.ru" />
+	<target host="kazan.startsmile.ru" />
+	<target host="kem.startsmile.ru" />
+	<target host="kemerovo.startsmile.ru" />
+	<target host="khabarovsk.startsmile.ru" />
+	<target host="khanty-mansysk.startsmile.ru" />
+	<target host="kineshma.startsmile.ru" />
+	<target host="kingisepp.startsmile.ru" />
+	<target host="kirishi.startsmile.ru" />
+	<target host="kislovodsk.startsmile.ru" />
+	<target host="kizlyar.startsmile.ru" />
+	<target host="klintsy.startsmile.ru" />
+	<target host="knyaginino.startsmile.ru" />
+	<target host="kogalym.startsmile.ru" />
+	<target host="kolchugino.startsmile.ru" />
+	<target host="kolpino.startsmile.ru" />
+	<target host="kopeysk.startsmile.ru" />
+	<target host="kostomuksha.startsmile.ru" />
+	<target host="kostroma.startsmile.ru" />
+	<target host="kovrov.startsmile.ru" />
+	<target host="kozelsk.startsmile.ru" />
+	<target host="kozmodemyansk.startsmile.ru" />
+	<target host="krasnodar.startsmile.ru" />
+	<target host="krasnoufimsk.startsmile.ru" />
+	<target host="krasnysulin.startsmile.ru" />
+	<target host="kropotkin.startsmile.ru" />
+	<target host="krymsk.startsmile.ru" />
+	<target host="kstovo.startsmile.ru" />
+	<target host="kulebaki.startsmile.ru" />
+	<target host="kungur.startsmile.ru" />
+	<target host="kurgan.startsmile.ru" />
+	<target host="kuvandyk.startsmile.ru" />
+	<target host="kuybyshev.startsmile.ru" />
+	<target host="kuznetsk.startsmile.ru" />
+	<target host="kyshtym.startsmile.ru" />
+	<target host="labinsk.startsmile.ru" />
+	<target host="lebedyan.startsmile.ru" />
+	<target host="leninogorsk.startsmile.ru" />
+	<target host="lesosibirsk.startsmile.ru" />
+	<target host="lipetsk.startsmile.ru" />
+	<target host="liski.startsmile.ru" />
+	<target host="lomonosov.startsmile.ru" />
+	<target host="luga.startsmile.ru" />
+	<target host="lysva.startsmile.ru" />
+	<target host="maloyaroslavets.startsmile.ru" />
+	<target host="maykop.startsmile.ru" />
+	<target host="mednogorsk.startsmile.ru" />
+	<target host="mezhdurechensk.startsmile.ru" />
+	<target host="miass.startsmile.ru" />
+	<target host="mikhaylovsk.startsmile.ru" />
+	<target host="mineralnyevody.startsmile.ru" />
+	<target host="minusinsk.startsmile.ru" />
+	<target host="mozhga.startsmile.ru" />
+	<target host="mtsensk.startsmile.ru" />
+	<target host="murashi.startsmile.ru" />
+	<target host="murmansk.startsmile.ru" />
+	<target host="murom.startsmile.ru" />
+	<target host="nakhodka.startsmile.ru" />
+	<target host="nalchik.startsmile.ru" />
+	<target host="neftekamsk.startsmile.ru" />
+	<target host="nevinnomyssk.startsmile.ru" />
+	<target host="nevyansk.startsmile.ru" />
+	<target host="nikolaevsk-na-amure.startsmile.ru" />
+	<target host="nikolskoe.startsmile.ru" />
+	<target host="nizhnekamsk.startsmile.ru" />
+	<target host="nizhneudinsk.startsmile.ru" />
+	<target host="nizhnevartovsk.startsmile.ru" />
+	<target host="novoaltaysk.startsmile.ru" />
+	<target host="novokubansk.startsmile.ru" />
+	<target host="novomoskovsk.startsmile.ru" />
+	<target host="novorossysk.startsmile.ru" />
+	<target host="novoshakhtinsk.startsmile.ru" />
+	<target host="novouralsk.startsmile.ru" />
+	<target host="novovoronezh.startsmile.ru" />
+	<target host="nyagan.startsmile.ru" />
+	<target host="obninsk.startsmile.ru" />
+	<target host="onega.startsmile.ru" />
+	<target host="orenburg.startsmile.ru" />
+	<target host="orsk.startsmile.ru" />
+	<target host="osinniki.startsmile.ru" />
+	<target host="ostashkov.startsmile.ru" />
+	<target host="ostrogozhsk.startsmile.ru" />
+	<target host="partizansk.startsmile.ru" />
+	<target host="penza.startsmile.ru" />
+	<target host="perm.startsmile.ru" />
+	<target host="pervouralsk.startsmile.ru" />
+	<target host="petergof.startsmile.ru" />
+	<target host="petrovsk-zabaykalsky.startsmile.ru" />
+	<target host="priozersk.startsmile.ru" />
+	<target host="prokopevsk.startsmile.ru" />
+	<target host="proletarsk.startsmile.ru" />
+	<target host="pskov.startsmile.ru" />
+	<target host="pushkin.startsmile.ru" />
+	<target host="pyatigorsk.startsmile.ru" />
+	<target host="rating.startsmile.ru" />
+	<target host="rossosh.startsmile.ru" />
+	<target host="rostov-na-donu.startsmile.ru" />
+	<target host="ryazan.startsmile.ru" />
+	<target host="rybinsk.startsmile.ru" />
+	<target host="safonovo.startsmile.ru" />
+	<target host="salekhard.startsmile.ru" />
+	<target host="samara.startsmile.ru" />
+	<target host="saransk.startsmile.ru" />
+	<target host="saratov.startsmile.ru" />
+	<target host="sarov.startsmile.ru" />
+	<target host="satka.startsmile.ru" />
+	<target host="sayanogorsk.startsmile.ru" />
+	<target host="sebezh.startsmile.ru" />
+	<target host="sergach.startsmile.ru" />
+	<target host="severodvinsk.startsmile.ru" />
+	<target host="severouralsk.startsmile.ru" />
+	<target host="sharypovo.startsmile.ru" />
+	<target host="shcherbinka.startsmile.ru" />
+	<target host="sibay.startsmile.ru" />
+	<target host="simferopol.startsmile.ru" />
+	<target host="slantsy.startsmile.ru" />
+	<target host="sochi.startsmile.ru" />
+	<target host="solikamsk.startsmile.ru" />
+	<target host="sosnovoborsk.startsmile.ru" />
+	<target host="sovetsk.startsmile.ru" />
+	<target host="spb.startsmile.ru" />
+	<target host="sterlitamak.startsmile.ru" />
+	<target host="strunino.startsmile.ru" />
+	<target host="sukhoylog.startsmile.ru" />
+	<target host="surgut.startsmile.ru" />
+	<target host="suvorov.startsmile.ru" />
+	<target host="taganrog.startsmile.ru" />
+	<target host="tayshet.startsmile.ru" />
+	<target host="temryuk.startsmile.ru" />
+	<target host="tikhoretsk.startsmile.ru" />
+	<target host="tikhvin.startsmile.ru" />
+	<target host="timashevsk.startsmile.ru" />
+	<target host="tobolsk.startsmile.ru" />
+	<target host="tolyatti.startsmile.ru" />
+	<target host="tomsk.startsmile.ru" />
+	<target host="torzhok.startsmile.ru" />
+	<target host="tula.startsmile.ru" />
+	<target host="tuymazy.startsmile.ru" />
+	<target host="tver.startsmile.ru" />
+	<target host="tynda.startsmile.ru" />
+	<target host="ufa.startsmile.ru" />
+	<target host="ukhta.startsmile.ru" />
+	<target host="ulan-ude.startsmile.ru" />
+	<target host="usinsk.startsmile.ru" />
+	<target host="usole-sibirskoe.startsmile.ru" />
+	<target host="ussurysk.startsmile.ru" />
+	<target host="ustyuzhna.startsmile.ru" />
+	<target host="uzlovaya.startsmile.ru" />
+	<target host="valday.startsmile.ru" />
+	<target host="velikieluki.startsmile.ru" />
+	<target host="verkhnyayapyshma.startsmile.ru" />
+	<target host="vladikavkaz.startsmile.ru" />
+	<target host="vladimir.startsmile.ru" />
+	<target host="vladivostok.startsmile.ru" />
+	<target host="volgodonsk.startsmile.ru" />
+	<target host="volgograd.startsmile.ru" />
+	<target host="vologda.startsmile.ru" />
+	<target host="voronezh.startsmile.ru" />
+	<target host="votkinsk.startsmile.ru" />
+	<target host="vyborg.startsmile.ru" />
+	<target host="vyksa.startsmile.ru" />
+	<target host="yakutsk.startsmile.ru" />
+	<target host="yaroslavl.startsmile.ru" />
+	<target host="yoshkar-ola.startsmile.ru" />
+	<target host="yuzhno-sahalinsk.startsmile.ru" />
+	<target host="zapadnayadivna.startsmile.ru" />
+	<target host="zelenogorskspb.startsmile.ru" />
+	<target host="zheleznogorsk.startsmile.ru" />
+	<target host="zhirnovsk.startsmile.ru" />
+	<target host="zlatoust.startsmile.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/stat.fi.xml b/src/chrome/content/rules/stat.fi.xml
new file mode 100644
index 000000000000..ea9226613aa3
--- /dev/null
+++ b/src/chrome/content/rules/stat.fi.xml
@@ -0,0 +1,32 @@
+<ruleset name="stat.fi (partial)">
+	<target host="stat.fi" />
+	<target host="www.stat.fi" />
+	<target host="cinereus.stat.fi" />
+	<target host="digiremppa.stat.fi" />
+	<target host="guides.stat.fi" />
+	<target host="kaimaani.stat.fi" />
+	<target host="kototietokanta.stat.fi" />
+	<target host="laaturaportointi.stat.fi" />
+	<target host="mixed1.stat.fi" />
+	<target host="montanus.stat.fi" />
+	<target host="ombre.stat.fi" />
+	<target host="platypus.stat.fi" />
+	<target host="pxgraf2.stat.fi" />
+	<target host="pxhopea2.stat.fi" />
+	<target host="pxnet2.stat.fi" />
+	<target host="pxwebapi2.stat.fi" />
+	<target host="taika.stat.fi" />
+	<target host="tem-tilastopalvelu.stat.fi" />
+	<target host="tieliikenneonnettomuudet.stat.fi" />
+	<target host="tilastokoulu.stat.fi" />
+	<target host="trafi2.stat.fi" />
+	<target host="dev.verkko.stat.fi" />
+	<target host="vero2.stat.fi" />
+	<target host="vertinet2.stat.fi" />
+	<target host="visitfinland.stat.fi" />
+	<target host="webcollect2.stat.fi" />
+	<target host="webkeruu1.stat.fi" />
+	<target host="yritystietopalvelu2.stat.fi" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/state.gov-falsemixed.xml b/src/chrome/content/rules/state.gov-falsemixed.xml
new file mode 100644
index 000000000000..c9b6d3e94d07
--- /dev/null
+++ b/src/chrome/content/rules/state.gov-falsemixed.xml
@@ -0,0 +1,19 @@
+<!--
+	For rules not causing false/broken MCB, see US_State_Department.xml.
+
+
+	NB: See https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="State.gov (false MCB)" platform="mixedcontent">
+
+	<target host="diplomacy.state.gov" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/static-chomikuj.pl.xml b/src/chrome/content/rules/static-chomikuj.pl.xml
new file mode 100644
index 000000000000..67af69e7f2a1
--- /dev/null
+++ b/src/chrome/content/rules/static-chomikuj.pl.xml
@@ -0,0 +1,17 @@
+<!--
+	For other Chomikuj coverage, see chomikuj.pl.xml.
+
+	Invalid certificate:
+		mail.static-chomikuj.pl
+-->
+<ruleset name="static-chomikuj.pl">
+	<target host="static-chomikuj.pl" />
+	<target host="profile.static-chomikuj.pl" />
+	<target host="x.static-chomikuj.pl" />
+	<target host="x1.static-chomikuj.pl" />
+	<target host="x2.static-chomikuj.pl" />
+	<target host="x3.static-chomikuj.pl" />
+	<target host="x4.static-chomikuj.pl" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/static-fra.de.xml b/src/chrome/content/rules/static-fra.de.xml
new file mode 100644
index 000000000000..0d7feba38eba
--- /dev/null
+++ b/src/chrome/content/rules/static-fra.de.xml
@@ -0,0 +1,25 @@
+<!--
+	Refused:
+		- static-fra.de
+		- www.static-fra.de
+		- a.static-fra.de
+		- ak.static-fra.de
+		- tts.ak.static-fra.de
+		- getautoimg.static-fra.de
+		- m.static-fra.de
+		- pms.static-fra.de
+		- www.pms.static-fra.de
+		- tts.static-fra.de
+-->
+<ruleset name="static-fra.de">
+
+	<target host="autoimg.static-fra.de" />
+	<target host="bilder.static-fra.de" />
+	<target host="cdn.static-fra.de" />
+		<test url="http://cdn.static-fra.de/lib/rtli/video-tracking/build/videotracking.min.js" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/status.io.xml b/src/chrome/content/rules/status.io.xml
new file mode 100644
index 000000000000..24bdeb9c6be8
--- /dev/null
+++ b/src/chrome/content/rules/status.io.xml
@@ -0,0 +1,29 @@
+<ruleset name="status.io">
+
+	<target host="status.io" />
+	<target host="www.status.io" />
+	<target host="api.status.io" />
+	<target host="app.status.io" />
+	<target host="blog.status.io" />
+	<target host="custdc.status.io" />
+	<target host="dragonflybsd.status.io" />
+	<target host="drift.status.io" />
+	<target host="dynatrace.status.io" />
+	<target host="gopay.status.io" />
+	<target host="help.status.io" />
+	<target host="iplantcore.status.io" />
+	<target host="kb.status.io" />
+	<target host="letsencrypt.status.io" />
+	<target host="mbed.status.io" />
+	<target host="qualifio.status.io" />
+	<target host="retarus.status.io" />
+	<target host="sectigocertificatemanager.status.io" />
+	<target host="status.status.io" />
+	<target host="townnews.status.io" />
+	<target host="turnitin.status.io" />
+	<target host="upwork.status.io" />
+	<target host="whatsup.status.io" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/stavklass.ru.xml b/src/chrome/content/rules/stavklass.ru.xml
new file mode 100644
index 000000000000..3edd776dcefd
--- /dev/null
+++ b/src/chrome/content/rules/stavklass.ru.xml
@@ -0,0 +1,8 @@
+<ruleset name="stavklass.ru">
+	<target host="stavklass.ru"/>
+	<target host="www.stavklass.ru"/>
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/stayintheknow.co.uk.xml b/src/chrome/content/rules/stayintheknow.co.uk.xml
new file mode 100644
index 000000000000..39812a6808fa
--- /dev/null
+++ b/src/chrome/content/rules/stayintheknow.co.uk.xml
@@ -0,0 +1,13 @@
+<ruleset name="Stay in the Know.co.uk">
+
+	<target host="stayintheknow.co.uk" />
+	<target host="www.stayintheknow.co.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/stealthy.co.xml b/src/chrome/content/rules/stealthy.co.xml
new file mode 100644
index 000000000000..99c5b74f7ca0
--- /dev/null
+++ b/src/chrome/content/rules/stealthy.co.xml
@@ -0,0 +1,20 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://webproxy.stealthy.co/ => https://webproxy.stealthy.co/: (60, 'SSL certificate problem: certificate has expired')
+
+stealthy.co ²
+
+
+² refused
+-->
+<ruleset name="stealthy.co" default_off="failed ruleset test">
+	<target host="stealthy.co" />
+	<target host="www.stealthy.co" />
+	<target host="webproxy.stealthy.co" />
+
+	<rule from="^http://stealthy\.co/"
+		to="https://www.stealthy.co/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/steamstat.ru.xml b/src/chrome/content/rules/steamstat.ru.xml
new file mode 100644
index 000000000000..027b162f0930
--- /dev/null
+++ b/src/chrome/content/rules/steamstat.ru.xml
@@ -0,0 +1,14 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.steamstat.ru/ => https://www.steamstat.ru/: (51, "SSL: no alternative certificate subject name matches target host name 'www.steamstat.ru'")
+
+
+
+-->
+<ruleset name="steamstat.ru" default_off="failed ruleset test">
+	<target host="steamstat.ru" />
+	<target host="www.steamstat.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/stellarium.org.xml b/src/chrome/content/rules/stellarium.org.xml
new file mode 100644
index 000000000000..561e4e5cda71
--- /dev/null
+++ b/src/chrome/content/rules/stellarium.org.xml
@@ -0,0 +1,16 @@
+<!--
+	Invalid certificate:
+		addons.stellarium.org
+		dss.stellarium.org
+
+	Refused:
+		buildbot.stellarium.org
+-->
+<ruleset name="stellarium.org">
+	<target host="stellarium.org" />
+	<target host="www.stellarium.org" />
+	<target host="data.stellarium.org" />
+	<target host="freegeoip.stellarium.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/stelligent.com.xml b/src/chrome/content/rules/stelligent.com.xml
new file mode 100644
index 000000000000..25ec047e4e2a
--- /dev/null
+++ b/src/chrome/content/rules/stelligent.com.xml
@@ -0,0 +1,9 @@
+<!--
+arc307.stelligent.com timed out
+-->
+<ruleset name="stelligent.com">
+	<target host="stelligent.com" />
+	<target host="www.stelligent.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/stewilliams.com.xml b/src/chrome/content/rules/stewilliams.com.xml
new file mode 100644
index 000000000000..ee6f49f83af7
--- /dev/null
+++ b/src/chrome/content/rules/stewilliams.com.xml
@@ -0,0 +1,22 @@
+<!--
+	Mixed content:
+
+		- css from fonts.googleapis.com ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="ste williams.com">
+
+	<target host="stewilliams.com" />
+	<target host="www.stewilliams.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/stgeorge.com.au.xml b/src/chrome/content/rules/stgeorge.com.au.xml
new file mode 100644
index 000000000000..9a0a63e6f3fd
--- /dev/null
+++ b/src/chrome/content/rules/stgeorge.com.au.xml
@@ -0,0 +1,28 @@
+<!--
+	St.George Bank
+
+
+	Nonfunctional hosts in *stgeorge.com.au:
+
+		- privatebank ᶠ
+
+	ᶠ Handshake fails
+
+
+	^stgeorge.com.au: Dropped over http & https
+
+-->
+<ruleset name="StGeorge.com.au (partial)">
+
+	<target host="ibanking.stgeorge.com.au" />
+	<target host="webapps.stgeorge.com.au" />
+	<target host="www.stgeorge.com.au" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/stihi.ru.xml b/src/chrome/content/rules/stihi.ru.xml
new file mode 100644
index 000000000000..eb37846fe253
--- /dev/null
+++ b/src/chrome/content/rules/stihi.ru.xml
@@ -0,0 +1,17 @@
+<!--
+Invalid certificate:
+	new.stihi.ru
+	portal.stihi.ru
+	prg.stihi.ru
+	prv.stihi.ru
+	www2.stihi.ru
+	www3.stihi.ru
+-->
+<ruleset name="stihi.ru">
+	<target host="stihi.ru"/>
+	<target host="www.stihi.ru"/>
+	<target host="new.stihi.ru" />
+
+	<rule from="^http://new\.stihi\.ru/" to="https://www.stihi.ru/"/>
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/stinpriza.org.xml b/src/chrome/content/rules/stinpriza.org.xml
new file mode 100644
index 000000000000..dd8dda005243
--- /dev/null
+++ b/src/chrome/content/rules/stinpriza.org.xml
@@ -0,0 +1,26 @@
+<!--
+Self signed:
+intefix.stinpriza.org
+
+-->
+
+<ruleset name="stinpriza.org">
+	<target host="stinpriza.org" />
+	<target host="www.stinpriza.org" />
+	<target host="m.stinpriza.org" />
+	<target host="lists.stinpriza.org" />
+	<target host="cacofonix.stinpriza.org" />
+	<target host="asterix.stinpriza.org" />
+	<target host="dev.stinpriza.org" />
+	<target host="ola.stinpriza.org" />
+	<target host="owncloud.stinpriza.org" />
+	<target host="prizama.stinpriza.org" />
+	<target host="diaxvas.stinpriza.org" />
+	<target host="webmail.stinpriza.org" />
+	<target host="stats.stinpriza.org" />
+	<target host="search.stinpriza.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/stockport.gov.uk.xml b/src/chrome/content/rules/stockport.gov.uk.xml
new file mode 100644
index 000000000000..04948d1a664f
--- /dev/null
+++ b/src/chrome/content/rules/stockport.gov.uk.xml
@@ -0,0 +1,74 @@
+<!--
+	For other UK government coverage, see GOV.UK.xml.
+
+	Non-functional hosts
+		Couldn't connect to server:
+		- stockport.gov.uk
+		- a6marr.stockport.gov.uk
+		- buildingcontrol.stockport.gov.uk
+		- democracy.stockport.gov.uk
+		- old.stockport.gov.uk
+		- planning.stockport.gov.uk
+		- rb1.stockport.gov.uk
+		- scncag.stockport.gov.uk
+		- scncsg.stockport.gov.uk
+
+		Timeout was reached:
+		- mail.stockport.gov.uk
+		- sip.stockport.gov.uk
+		- virtualschool.stockport.gov.uk
+
+		SSL connect error:
+		- betteroff.stockport.gov.uk
+		- betteroff2.stockport.gov.uk
+		- betteroff3.stockport.gov.uk
+		- support.stockport.gov.uk
+
+		SSL peer certificate was not OK:
+		- betteroff-api.stockport.gov.uk
+		- betteroff-api2.stockport.gov.uk
+		- betteroff-api3.stockport.gov.uk
+
+		SSL read error:
+		- wes.stockport.gov.uk
+
+		Incomplete certificate chain error:
+		- ra1.stockport.gov.uk
+
+		4xx client error:
+		- exws.stockport.gov.uk
+		- education.stockport.gov.uk
+		- scwd.stockport.gov.uk
+
+		5xx server error:
+		- adfs.stockport.gov.uk
+		- scniyss.stockport.gov.uk
+-->
+<ruleset name="Stockport.gov.uk (partial)">
+	<target host="stockport.gov.uk" />
+	<target host="www.stockport.gov.uk" />
+	<target host="lyncdiscover.stockport.gov.uk" />
+	<target host="airwatch.stockport.gov.uk" />
+	<target host="authenticate.stockport.gov.uk" />
+	<target host="autodiscover.stockport.gov.uk" />
+	<target host="consultation.stockport.gov.uk" />
+	<target host="ess.stockport.gov.uk" />
+	<target host="hrb.stockport.gov.uk" />
+	<target host="interactive.stockport.gov.uk" />
+	<target host="jobs.stockport.gov.uk" />
+	<target host="lws.stockport.gov.uk" />
+	<target host="maps.stockport.gov.uk" />
+	<target host="myaccount.stockport.gov.uk" />
+	<target host="rb2.stockport.gov.uk" />
+	<target host="rdsgw.stockport.gov.uk" />
+	<target host="scnowa1.stockport.gov.uk" />
+	<target host="secureportal.stockport.gov.uk" />
+	<target host="servicedesk.stockport.gov.uk" />
+	<target host="vpn.stockport.gov.uk" />
+
+	<rule from="^http://stockport\.gov\.uk/"
+			to="https://www.stockport.gov.uk/" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/stoke.gov.uk.xml b/src/chrome/content/rules/stoke.gov.uk.xml
new file mode 100644
index 000000000000..f49589f391ee
--- /dev/null
+++ b/src/chrome/content/rules/stoke.gov.uk.xml
@@ -0,0 +1,55 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://jobsonline.stoke.gov.uk/ => https://jobsonline.stoke.gov.uk/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://planning.stoke.gov.uk/ => https://planning.stoke.gov.uk/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	Stoke-on-Trent City Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *stoke.gov.uk:
+
+		- (www.)? ᵃ
+		- filmoffice ᵃ
+		- librariesonline ʳ
+		- localoffer ᵃ
+		- miyourbusiness ʳ
+		- www.safeguardingchildren ᵃ
+		- webapps ʳ
+
+	ᵃ Shows another domain
+	ʳ Refused
+
+
+	Insecure cookies are set for these hosts:
+
+		- myaccount.stoke.gov.uk
+
+-->
+<ruleset name="Stoke.gov.uk (partial)" default_off="failed ruleset test">
+
+	<target host="admissions.stoke.gov.uk" />
+	<target host="www.admissions.stoke.gov.uk" />
+	<target host="jobsonline.stoke.gov.uk" />
+	<target host="myaccount.stoke.gov.uk" />
+	<target host="planning.stoke.gov.uk" />
+	<target host="securestoke.stoke.gov.uk" />
+
+		<!--	$ 403s, so:
+					-->
+		<test url="http://securestoke.stoke.gov.uk/EHSform/SupportForm.aspx" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^myaccount\.admissions\.stoke\.gov\.uk$" name="^cookietest$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/stoloto.ru.xml b/src/chrome/content/rules/stoloto.ru.xml
new file mode 100644
index 000000000000..53067b33e541
--- /dev/null
+++ b/src/chrome/content/rules/stoloto.ru.xml
@@ -0,0 +1,52 @@
+<!--
+stoloto.ru ⁶
+www.stoloto.ru ⁶
+23feb.stoloto.ru ¹
+api.stoloto.ru non-2xx http code
+100loto.dev.stoloto.ru ¹
+api.dev.stoloto.ru ¹
+en.stoloto.ru ⁶
+expe.stoloto.ru ³
+football-6x36.stoloto.ru ⁶
+igra-rl.stoloto.ru ¹
+join2.stoloto.ru ³
+letters.stoloto.ru ³
+live.stoloto.ru ⁴
+lyncdiscover.stoloto.ru ⁵
+mm.stoloto.ru ⁴
+ny2017.stoloto.ru ¹
+pc.stoloto.ru ³
+rewards.stoloto.ru ⁴
+rl.stoloto.ru ¹
+s4bdialin.stoloto.ru ⁵
+s4bextweb.stoloto.ru ⁵
+s4bmeet.stoloto.ru ⁵
+s4bwebcon.stoloto.ru/: (56, 'SSL read: error:00000000:lib(0):func(0):reason(0), errno 104')
+vpn0.stoloto.ru ⁴
+vpn1.stoloto.ru ⁴
+
+
+¹ mismatch
+³ timed out
+⁴ self signed
+⁵ expired
+⁶ redirect
+-->
+<ruleset name="stoloto.ru (partial)">
+	<target host="agent.stoloto.ru" />
+	<target host="expejg.stoloto.ru" />
+	<target host="jabberguest.stoloto.ru" />
+	<target host="join1.stoloto.ru" />
+	<target host="log.stoloto.ru" />
+	<target host="m.stoloto.ru" />
+	<target host="mail.stoloto.ru" />
+	<target host="mail2.stoloto.ru" />
+	<target host="mx.stoloto.ru" />
+	<target host="mx2.stoloto.ru" />
+	<target host="s.stoloto.ru" />
+	<target host="sip.stoloto.ru" />
+	<target host="static.stoloto.ru" />
+	<target host="static-orig.stoloto.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/stonewall.org.uk.xml b/src/chrome/content/rules/stonewall.org.uk.xml
new file mode 100644
index 000000000000..849e9d819c1b
--- /dev/null
+++ b/src/chrome/content/rules/stonewall.org.uk.xml
@@ -0,0 +1,22 @@
+<!--
+	Nonfunctional hosts in *stonewall.org.uk:
+
+		- (www.)?healthylives ᵈ
+
+	ᵈ Dropped
+
+-->
+<ruleset name="Stonewall.org.uk (partial)">
+
+	<target host="stonewall.org.uk" />
+	<target host="web.stonewall.org.uk" />
+	<target host="www.stonewall.org.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/stonewallcymru.org.uk.xml b/src/chrome/content/rules/stonewallcymru.org.uk.xml
new file mode 100644
index 000000000000..1ad4d77ac8a5
--- /dev/null
+++ b/src/chrome/content/rules/stonewallcymru.org.uk.xml
@@ -0,0 +1,13 @@
+<ruleset name="Stonewall Cymru.org.uk">
+
+	<target host="stonewallcymru.org.uk" />
+	<target host="www.stonewallcymru.org.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/stonewallscotland.org.uk.xml b/src/chrome/content/rules/stonewallscotland.org.uk.xml
new file mode 100644
index 000000000000..50d36bf3aaf6
--- /dev/null
+++ b/src/chrome/content/rules/stonewallscotland.org.uk.xml
@@ -0,0 +1,13 @@
+<ruleset name="Stonewall Scotland.org.uk">
+
+	<target host="stonewallscotland.org.uk" />
+	<target host="www.stonewallscotland.org.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/store.twentyonepilots.com.xml b/src/chrome/content/rules/store.twentyonepilots.com.xml
new file mode 100644
index 000000000000..2ff06d82dabc
--- /dev/null
+++ b/src/chrome/content/rules/store.twentyonepilots.com.xml
@@ -0,0 +1,11 @@
+<!--
+	Invalid Certificate:
+	- twentyonepilots.com
+	- www.twentyonepilots.com
+	- yourplatform.twentyonepilots.com
+-->
+
+<ruleset name="Twentyonepilots Store">
+	<target host="store.twentyonepilots.com"/>
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/storehouse.co.xml b/src/chrome/content/rules/storehouse.co.xml
new file mode 100644
index 000000000000..3743f6504f4f
--- /dev/null
+++ b/src/chrome/content/rules/storehouse.co.xml
@@ -0,0 +1,26 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://storehouse.co/ => https://storehouse.co/: (6, 'Could not resolve host: storehouse.co')
+Fetch error: http://www.storehouse.co/ => https://www.storehouse.co/: (6, 'Could not resolve host: www.storehouse.co')
+
+	Nonfunctional hosts in *storehouse.co:
+
+		- blog ³
+
+	³ 403
+
+-->
+<ruleset name="Storehouse.co (partial)" default_off="failed ruleset test">
+
+	<target host="storehouse.co" />
+	<target host="www.storehouse.co" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/strana.ua.xml b/src/chrome/content/rules/strana.ua.xml
new file mode 100644
index 000000000000..135ea918d422
--- /dev/null
+++ b/src/chrome/content/rules/strana.ua.xml
@@ -0,0 +1,16 @@
+<!--
+Invalid certificate:
+	editor.strana.ua
+	i.strana.ua
+	longread.strana.ua
+-->
+<ruleset name="Strana.ua">
+	<target host="strana.ua" />
+	<target host="www.strana.ua" />
+	<target host="amp.strana.ua" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://amp\.strana\.ua/" to="https://strana.ua/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/strangeremains.com.xml b/src/chrome/content/rules/strangeremains.com.xml
new file mode 100644
index 000000000000..a2eabccf10b1
--- /dev/null
+++ b/src/chrome/content/rules/strangeremains.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="Strange Remains.com">
+
+	<target host="strangeremains.com" />
+	<target host="www.strangeremains.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/strasbourgfestival.com.xml b/src/chrome/content/rules/strasbourgfestival.com.xml
new file mode 100644
index 000000000000..6d2254969080
--- /dev/null
+++ b/src/chrome/content/rules/strasbourgfestival.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="strasbourgfestival.com">
+	<target host="strasbourgfestival.com" />
+	<target host="www.strasbourgfestival.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/strategypage.com.xml b/src/chrome/content/rules/strategypage.com.xml
new file mode 100644
index 000000000000..717a441280ab
--- /dev/null
+++ b/src/chrome/content/rules/strategypage.com.xml
@@ -0,0 +1,33 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- strategypage.com
+		- www.strategypage.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Images on (www.)? from ecx.images-amazon.com *
+
+	* See https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="StrategyPage.com">
+
+	<target host="strategypage.com" />
+	<target host="www.strategypage.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?strategypage\.com$" name="^(?:ASP\.NET_SessionId|saveSP)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/stratford.gov.uk.xml b/src/chrome/content/rules/stratford.gov.uk.xml
new file mode 100644
index 000000000000..a43fe99a1d0e
--- /dev/null
+++ b/src/chrome/content/rules/stratford.gov.uk.xml
@@ -0,0 +1,33 @@
+<!--
+	Stratford-on-Avon District Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Insecure cookies are set for these hosts:
+
+		- stratford.gov.uk
+		- democracy.stratford.gov.uk
+		- www.stratford.gov.uk
+
+-->
+<ruleset name="Stratford.gov.uk">
+
+	<target host="stratford.gov.uk" />
+	<target host="apps.stratford.gov.uk" />
+	<target host="democracy.stratford.gov.uk" />
+	<target host="www.stratford.gov.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^democracy\.stratford\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^www\.stratford\.gov\.uk$" name="^CF(?:ID|TOKEN)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/streak.com.xml b/src/chrome/content/rules/streak.com.xml
new file mode 100644
index 000000000000..9916552e0474
--- /dev/null
+++ b/src/chrome/content/rules/streak.com.xml
@@ -0,0 +1,32 @@
+<!--
+	Nonfunctional hosts in *streak.com:
+
+		- blog ᶠ
+
+	ᶠ Blogger / handshake fails
+
+
+	^streak.com: Dropped
+
+-->
+<ruleset name="Streak.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.streak.com" />
+
+	<!--	Complications:
+				-->
+	<target host="streak.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://streak\.com/"
+		to="https://www.streak.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/streamamg.com.xml b/src/chrome/content/rules/streamamg.com.xml
new file mode 100644
index 000000000000..1dc0fd3de8bd
--- /dev/null
+++ b/src/chrome/content/rules/streamamg.com.xml
@@ -0,0 +1,42 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://devlegapallacanestro.streamamg.com/ => https://devlegapallacanestro.streamamg.com/: (7, 'Failed to connect to devlegapallacanestro.streamamg.com port 443: Connection timed out')
+
+	Nonfunctional hosts in *streamamg.com:
+
+		- eucouncildevui ᵈ
+
+	ᵈ Dropped
+
+
+	Mixed content:
+
+		- css on mp from fonts.googleapis.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="StreamAMG.com" default_off="failed ruleset test">
+
+	<target host="streamamg.com" />
+	<target host="devlegapallacanestro.streamamg.com" />
+	<target host="klspayments.streamamg.com" />
+	<target host="lpcpayments.streamamg.com" />
+	<target host="lvfpayments.streamamg.com" />
+	<target host="matchroompool.streamamg.com" />
+	<target host="mp.streamamg.com" />
+	<target host="open.http.mp.streamamg.com" />
+	<target host="okligapayments.streamamg.com" />
+	<target host="seriebtvpayments.streamamg.com" />
+	<target host="stagingtvpass.streamamg.com" />
+	<target host="www.streamamg.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/streamline.com.xml b/src/chrome/content/rules/streamline.com.xml
new file mode 100644
index 000000000000..23147d97be8b
--- /dev/null
+++ b/src/chrome/content/rules/streamline.com.xml
@@ -0,0 +1,28 @@
+<!--
+	For other Union Pacific Railroad Company coverage, see up.com.xml.
+
+
+	^streamline.com: refused
+
+-->
+<ruleset name="Streamline.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.streamline.com" />
+
+	<!--	Complications:
+				-->
+	<target host="streamline.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://streamline\.com/"
+		to="https://www.streamline.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/streamuk.com.xml b/src/chrome/content/rules/streamuk.com.xml
new file mode 100644
index 000000000000..60a87e0e9d68
--- /dev/null
+++ b/src/chrome/content/rules/streamuk.com.xml
@@ -0,0 +1,65 @@
+<!--
+	For other StreamAMG coverage, see streamamg.com.xml.
+
+
+	Nonfunctional hosts in *streamuk.com:
+
+		- howtotrainyourdragonbooks ⁴
+		- muchamore ⁴
+		- stjohn2015 ⁴
+
+	⁴ 404
+
+
+	Problematic hosts in *streamuk.com:
+
+		- (www.)? ᵉ ᵘ
+
+	ᵉ Expired
+	ᵘ Untrusted root
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- bbcnewsupload.streamuk.com
+		- cbeebies.streamuk.com
+		- scpro.streamuk.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="StreamUK.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="bbcnewsupload.streamuk.com" />
+	<target host="cbeebies.streamuk.com" />
+	<target host="pov.streamuk.com" />
+	<target host="scpro.streamuk.com" />
+	<target host="staticcontent.streamuk.com" />
+
+	<!--	Complications:
+				-->
+	<target host="streamuk.com" />
+	<target host="www.streamuk.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:bbcnewsupload|cbeebies)\.streamuk\.com$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^scpro\.streamuk\.com$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<!--	Redirect keeps all but forward slash:
+							-->
+	<rule from="^http://(?:www\.)?streamuk\.com/+"
+		to="https://www.streamamg.com/" />
+
+		<test url="http://www.streamuk.com/contact/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/streetepistemology.xml b/src/chrome/content/rules/streetepistemology.xml
new file mode 100644
index 000000000000..7e56e2f7012f
--- /dev/null
+++ b/src/chrome/content/rules/streetepistemology.xml
@@ -0,0 +1,10 @@
+<ruleset name="Street Epistemology">
+  <target host="streetepistemology.com" />
+  <target host="www.streetepistemology.com" />
+
+  <!-- Looks like https://www.streetepistemology.com/ doesn't work -->
+  <rule from="^http://www\.streetepistemology\.com/"
+    to="https://streetepistemology.com/" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/streetlife.com.xml b/src/chrome/content/rules/streetlife.com.xml
new file mode 100644
index 000000000000..c0f9e651d7c8
--- /dev/null
+++ b/src/chrome/content/rules/streetlife.com.xml
@@ -0,0 +1,15 @@
+<ruleset name="Streetlife.com">
+
+	<target host="streetlife.com" />
+	<target host="static.streetlife.com" />
+	<target host="www.streetlife.com" />
+
+
+	<securecookie host="^\." name="^_qca$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/streetlink.org.uk.xml b/src/chrome/content/rules/streetlink.org.uk.xml
new file mode 100644
index 000000000000..fbab9ceaf626
--- /dev/null
+++ b/src/chrome/content/rules/streetlink.org.uk.xml
@@ -0,0 +1,13 @@
+<ruleset name="Streetlink.org.uk" default_off="mismatched">
+
+	<target host="streetlink.org.uk" />
+	<target host="www.streetlink.org.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/strelatelecom.ru.xml b/src/chrome/content/rules/strelatelecom.ru.xml
new file mode 100644
index 000000000000..2435c4dfc3d1
--- /dev/null
+++ b/src/chrome/content/rules/strelatelecom.ru.xml
@@ -0,0 +1,23 @@
+<!--
+strelatelecom.ru self signed
+www.strelatelecom.ru self signed
+030.strelatelecom.ru self signed
+031.strelatelecom.ru self signed
+270.strelatelecom.ru self signed
+380.strelatelecom.ru self signed
+381.strelatelecom.ru self signed
+382.strelatelecom.ru self signed
+383.strelatelecom.ru self signed
+384.strelatelecom.ru self signed
+730.strelatelecom.ru self signed
+www.270.strelatelecom.ru self signed
+bonus.030.strelatelecom.ru self signed
+bonus.381.strelatelecom.ru self signed
+bonus.382.strelatelecom.ru self signed
+bonus.270.strelatelecom.ru self signed
+-->
+<ruleset name="strelatelecom.ru (partial)">
+	<target host="bill.strelatelecom.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/stresslinux.org.xml b/src/chrome/content/rules/stresslinux.org.xml
new file mode 100644
index 000000000000..b3ff778aad86
--- /dev/null
+++ b/src/chrome/content/rules/stresslinux.org.xml
@@ -0,0 +1,7 @@
+<!--download. timed out
+download1. refused-->
+<ruleset name="stresslinux.org">
+	<target host="stresslinux.org" />
+	<target host="www.stresslinux.org" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/stripchat.com.xml b/src/chrome/content/rules/stripchat.com.xml
new file mode 100644
index 000000000000..961b3d9ca2b4
--- /dev/null
+++ b/src/chrome/content/rules/stripchat.com.xml
@@ -0,0 +1,24 @@
+<ruleset name="Stripchat.com">
+
+	<target host="stripchat.com" />
+	<target host="cdne.stripchat.com" />
+	<target host="de.stripchat.com" />
+	<target host="es.stripchat.com" />
+	<target host="fr.stripchat.com" />
+	<target host="it.stripchat.com" />
+	<target host="nl.stripchat.com" />
+	<target host="pl.stripchat.com" />
+	<target host="pt.stripchat.com" />
+	<target host="ru.stripchat.com" />
+	<target host="www.stripchat.com" />
+
+		<test url="http://cdne.stripchat.com/assets/common/images/bg_xh.png" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/stroeerdigitalgroup.de.xml b/src/chrome/content/rules/stroeerdigitalgroup.de.xml
new file mode 100644
index 000000000000..4bc30dfa9e1d
--- /dev/null
+++ b/src/chrome/content/rules/stroeerdigitalgroup.de.xml
@@ -0,0 +1,35 @@
+<!--
+	Invalid certificate:
+		lyncdiscover
+		meet
+		sip
+-->
+<ruleset name="stroeerdigitalgroup.de">
+
+	<target host="stroeerdigitalgroup.de" />
+	<target host="www.stroeerdigitalgroup.de" />
+	<target host="cdn.stroeerdigitalgroup.de" />
+		<test url="http://cdn.stroeerdigitalgroup.de/metatag/live/t-o-nachrichten/metaTag.min.js" />
+	<target host="consent.stroeerdigitalgroup.de" />
+	<target host="dev.iam.stroeerdigitalgroup.de" />
+	<target host="live.iam.stroeerdigitalgroup.de" />
+	<target host="manage.iam.stroeerdigitalgroup.de" />
+	<target host="staging.iam.stroeerdigitalgroup.de" />
+	<target host="newsletter.stroeerdigitalgroup.de" />
+	<target host="privacy.stroeerdigitalgroup.de" />
+	<target host="support.stroeerdigitalgroup.de" />
+	<target host="ticket.stroeerdigitalgroup.de" />
+	<target host="tr.stroeerdigitalgroup.de" />
+	<target host="uploadtool.stroeerdigitalgroup.de" />
+	<target host="uploadtool-s3.stroeerdigitalgroup.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<!-- Refused on https://stroeerdigitalgroup.de/,
+	http://stroeerdigitalgroup.de/ redirects to https://www.stroeer.de/. -->
+	<rule from="^http://stroeerdigitalgroup\.de/"
+		to="https://www.stroeer.de/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/strongSwan.xml b/src/chrome/content/rules/strongSwan.xml
new file mode 100644
index 000000000000..8f3580da2994
--- /dev/null
+++ b/src/chrome/content/rules/strongSwan.xml
@@ -0,0 +1,21 @@
+<ruleset name="strongSwan">
+    <target host="strongswan.org" />
+    <target host="*.strongswan.org" />
+
+    <!--    Observed cookie domains:
+        - ^/
+        - ^wiki
+        - ^www
+        -->
+    <securecookie host=".+" name=".+" />
+
+
+    <!--    Observed subdomains:
+            - download
+            - git
+            - wiki
+            - www
+    -->
+    <rule from="^http://(\w+\.)?strongswan\.org/"
+        to="https://$1strongswan.org/" />
+</ruleset>
diff --git a/src/chrome/content/rules/stubhubstatic.com.xml b/src/chrome/content/rules/stubhubstatic.com.xml
new file mode 100644
index 000000000000..24637d929efb
--- /dev/null
+++ b/src/chrome/content/rules/stubhubstatic.com.xml
@@ -0,0 +1,48 @@
+<!--
+	Non-functional subdomains:
+
+		- www	(t)
+		- s	(t)
+		- slcq016-cache15	(t)
+		- slcq045-cache11	(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="stubhubstatic.com">
+
+	<target host="3-cache1.stubhubstatic.com" />
+	<target host="3-cache11.stubhubstatic.com" />
+	<target host="3-cache12.stubhubstatic.com" />
+	<target host="3-cache13.stubhubstatic.com" />
+	<target host="3-cache14.stubhubstatic.com" />
+	<target host="3-cache15.stubhubstatic.com" />
+	<target host="31-cache1.stubhubstatic.com" />
+	<target host="31-cache11.stubhubstatic.com" />
+	<target host="31-cache12.stubhubstatic.com" />
+	<target host="31-cache13.stubhubstatic.com" />
+	<target host="31-cache14.stubhubstatic.com" />
+	<target host="cache1.stubhubstatic.com" />
+	<target host="cache11.stubhubstatic.com" />
+	<target host="cache12.stubhubstatic.com" />
+	<target host="cache13.stubhubstatic.com" />
+	<target host="cache14.stubhubstatic.com" />
+	<target host="cache15.stubhubstatic.com" />
+	<target host="cache2.stubhubstatic.com" />
+	<target host="cache21.stubhubstatic.com" />
+	<target host="cache22.stubhubstatic.com" />
+	<target host="cache23.stubhubstatic.com" />
+	<target host="cache3.stubhubstatic.com" />
+	<target host="cache31.stubhubstatic.com" />
+	<target host="cache32.stubhubstatic.com" />
+	<target host="cache33.stubhubstatic.com" />
+	<target host="origin-cache1.stubhubstatic.com" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/studentprivacypledge.org.xml b/src/chrome/content/rules/studentprivacypledge.org.xml
new file mode 100644
index 000000000000..ddc32b6bfc25
--- /dev/null
+++ b/src/chrome/content/rules/studentprivacypledge.org.xml
@@ -0,0 +1,11 @@
+<ruleset name="Student Privacy Pledge.org">
+
+	<target host="studentprivacypledge.org" />
+	<target host="www.studentprivacypledge.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/studyinsweden.se.xml b/src/chrome/content/rules/studyinsweden.se.xml
new file mode 100644
index 000000000000..558619fc9119
--- /dev/null
+++ b/src/chrome/content/rules/studyinsweden.se.xml
@@ -0,0 +1,23 @@
+<!--
+	Mixed content:
+
+		- Images on blogs from $self ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="Study in Sweden.se">
+
+	<target host="studyinsweden.se" />
+	<target host="blogs.studyinsweden.se" />
+	<target host="www.studyinsweden.se" />
+
+
+	<securecookie host="^\." name="^_gat?$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/studyres.com.xml b/src/chrome/content/rules/studyres.com.xml
new file mode 100644
index 000000000000..16397248e0a2
--- /dev/null
+++ b/src/chrome/content/rules/studyres.com.xml
@@ -0,0 +1,17 @@
+<!--
+
+	Problematic hosts in *studyres.com:
+
+		- www (different content)
+
+-->
+<ruleset name="studyres.com">
+	<target host="studyres.com" />
+	<target host="deploy.studyres.com" />
+	<target host="s1.studyres.com" />
+	<target host="s1deploy.studyres.com" />
+	<target host="vs1.studyres.com" />
+	<target host="vs1deploy.studyres.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/stuffgate.com.xml b/src/chrome/content/rules/stuffgate.com.xml
new file mode 100644
index 000000000000..17439637e62e
--- /dev/null
+++ b/src/chrome/content/rules/stuffgate.com.xml
@@ -0,0 +1,11 @@
+<!--
+Refused connection:
+	www.stuffgate.com
+-->
+<ruleset name="stuffgate.com">
+	<target host="stuffgate.com" />
+	<target host="www.stuffgate.com" />
+
+	<rule from="^http://www\.stuffgate\.com/" to="https://stuffgate.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/stylershop.ru.xml b/src/chrome/content/rules/stylershop.ru.xml
new file mode 100644
index 000000000000..847630a76c23
--- /dev/null
+++ b/src/chrome/content/rules/stylershop.ru.xml
@@ -0,0 +1,12 @@
+<!--
+test.stylershop.ru ¹
+
+
+¹ mismatch
+-->
+<ruleset name="stylershop.ru">
+	<target host="stylershop.ru" />
+	<target host="www.stylershop.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/sub.fm.xml b/src/chrome/content/rules/sub.fm.xml
new file mode 100644
index 000000000000..5d13dde06194
--- /dev/null
+++ b/src/chrome/content/rules/sub.fm.xml
@@ -0,0 +1,29 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- sub.fm
+		- www.sub.fm
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Sub.FM">
+
+	<target host="sub.fm" />
+	<target host="archive.sub.fm" />
+	<target host="tv.sub.fm" />
+	<target host="www.sub.fm" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?sub\.fm$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/sublimetextbook.com.xml b/src/chrome/content/rules/sublimetextbook.com.xml
new file mode 100644
index 000000000000..aaabaf9efa53
--- /dev/null
+++ b/src/chrome/content/rules/sublimetextbook.com.xml
@@ -0,0 +1,25 @@
+<!--
+	www.sublimetextbook.com: Mismatched
+
+-->
+<ruleset name="Sublime Textbook.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="sublimetextbook.com" />
+
+	<!--	Complications:
+				-->
+	<target host="www.sublimetextbook.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://www\.sublimetextbook\.com/"
+		to="https://sublimetextbook.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/submarinecablemap.com.xml b/src/chrome/content/rules/submarinecablemap.com.xml
new file mode 100644
index 000000000000..1d8be1f12171
--- /dev/null
+++ b/src/chrome/content/rules/submarinecablemap.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="Submarine Cable Map">
+
+	<target host="submarinecablemap.com" />
+	<target host="www.submarinecablemap.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/submittable.com.xml b/src/chrome/content/rules/submittable.com.xml
new file mode 100644
index 000000000000..86aba9e82ab3
--- /dev/null
+++ b/src/chrome/content/rules/submittable.com.xml
@@ -0,0 +1,51 @@
+<!--
+	Nonfunctional hosts in *submittable.com:
+
+		- apidoc ⁴
+		- blog ʳ
+
+	⁴ 404
+	ʳ Refused
+
+
+	Problematic hosts in *submittable.com:
+
+		- help ᵐ
+
+	ᵐ Uservoice / mismatched
+
+
+	Insecure cookies are set for these domains:
+
+		- .submittable.com
+
+
+	Mixed content:
+
+		- css, on:
+
+			- www from fonts.googleapis.com ˢ
+			- www from netdna.bootstrapcdn.com ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="Submittable.com (partial)">
+
+	<target host="submittable.com" />
+	<target host="manager.submittable.com" />
+	<target host="resume.submittable.com" />
+	<target host="www.submittable.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.submittable\.com$" name="test-cookie$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/subnet05.ru.xml b/src/chrome/content/rules/subnet05.ru.xml
new file mode 100644
index 000000000000..4400b0d7f93e
--- /dev/null
+++ b/src/chrome/content/rules/subnet05.ru.xml
@@ -0,0 +1,9 @@
+<!--
+lk.subnet05.ru mismatch
+-->
+<ruleset name="subnet05.ru">
+	<target host="subnet05.ru" />
+	<target host="www.subnet05.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/subscene.com.xml b/src/chrome/content/rules/subscene.com.xml
new file mode 100644
index 000000000000..1a422699ae1c
--- /dev/null
+++ b/src/chrome/content/rules/subscene.com.xml
@@ -0,0 +1,29 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- subscene.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Subscene.com">
+
+	<target host="subscene.com" />
+	<target host="c.subscene.com" />
+	<target host="forum.subscene.com" />
+	<target host="u.subscene.com" />
+	<target host="www.subscene.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^subscene\.com$" name="^OpenIdConnect\.nonce\." /-->
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/subscribeonandroid.com.xml b/src/chrome/content/rules/subscribeonandroid.com.xml
new file mode 100644
index 000000000000..06c9f473a6a7
--- /dev/null
+++ b/src/chrome/content/rules/subscribeonandroid.com.xml
@@ -0,0 +1,17 @@
+<!--
+	For other Blubrry coverage, see blubrry.com.xml.
+
+-->
+<ruleset name="Subscribe on Android.com">
+
+	<target host="subscribeonandroid.com" />
+	<target host="www.subscribeonandroid.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/sudact.ru.xml b/src/chrome/content/rules/sudact.ru.xml
new file mode 100644
index 000000000000..a1bf0478242c
--- /dev/null
+++ b/src/chrome/content/rules/sudact.ru.xml
@@ -0,0 +1,15 @@
+<!--
+Certificate mismatch:
+	mail.sudact.ru
+
+Refused connection:
+	update.sudact.ru
+-->
+<ruleset name="sudact.ru">
+	<target host="sudact.ru" />
+	<target host="www.sudact.ru" />
+	<target host="mail.sudact.ru" />
+
+	<rule from="^http://mail\.sudact\.ru/" to="https://sudact.ru/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/sumatrapdfreader.org.xml b/src/chrome/content/rules/sumatrapdfreader.org.xml
new file mode 100644
index 000000000000..104563dbda5f
--- /dev/null
+++ b/src/chrome/content/rules/sumatrapdfreader.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="sumatrapdfreader.org">
+
+	<target host="sumatrapdfreader.org" />
+	<target host="www.sumatrapdfreader.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/sumo.com.xml b/src/chrome/content/rules/sumo.com.xml
new file mode 100644
index 000000000000..2cd868fc88a3
--- /dev/null
+++ b/src/chrome/content/rules/sumo.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Invalid Certificate:
+		giveaways.sumo.com
+		gtm.sumo.com
+		page.sumo.com
+
+		email1k.sumome.com
+-->
+<ruleset name="sumo.com">
+	<target host="sumo.com" />
+	<target host="www.sumo.com" />
+	<target host="load.sumo.com" />
+	<target host="media.sumo.com" />
+	<target host="slack.sumo.com" />
+
+	<target host="sumome.com" />
+	<target host="www.sumome.com" />
+	<target host="load.sumome.com" />
+	<target host="help.sumome.com" />
+	<target host="slack.sumome.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/sumtel.ru.xml b/src/chrome/content/rules/sumtel.ru.xml
new file mode 100644
index 000000000000..d2017636390b
--- /dev/null
+++ b/src/chrome/content/rules/sumtel.ru.xml
@@ -0,0 +1,110 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://zabbix.sumtel.ru/ => https://zabbix.sumtel.ru/: (60, 'SSL certificate problem: self signed certificate in certificate chain')
+
+www.sumtel.ru ¹
+balance.sumtel.ru ¹
+bill.sumtel.ru ³
+corp.sumtel.ru ¹
+dag.corp.sumtel.ru ¹
+krasnodar.corp.sumtel.ru ¹
+lipetsk.corp.sumtel.ru ¹
+rostov.corp.sumtel.ru ¹
+spb.corp.sumtel.ru ¹
+tver.corp.sumtel.ru ¹
+voronezh.corp.sumtel.ru ¹
+corpftp.sumtel.ru ²
+eais.sumtel.ru ⁷
+ex.sumtel.ru ⁴
+ex2010.sumtel.ru ³
+exchange.sumtel.ru ³
+vk.forum.sumtel.ru ¹
+hotspot.sumtel.ru ²
+internet.sumtel.ru ¹
+ns1.krd.sumtel.ru ²
+promo.krd.sumtel.ru ³
+krd-pve.sumtel.ru ³
+ns1.lpk.sumtel.ru ²
+speed.lpk.sumtel.ru ²
+speedtest.lpk.sumtel.ru ²
+mail.sumtel.ru ³
+hotspot.mhl.sumtel.ru ²
+ns1.mhl.sumtel.ru ²
+ns2.mhl.sumtel.ru ³
+speedtest.mhl.sumtel.ru ³
+mphost.sumtel.ru ²
+mrxgw.sumtel.ru ³
+ixr-0-lo-1.msk.sumtel.ru ³
+msk-p-0.sumtel.ru ²
+msk-pve.sumtel.ru ³
+my.sumtel.ru ⁴
+ns1.nn.sumtel.ru ³
+ns2.nn.sumtel.ru ³
+noc.sumtel.ru ⁴
+ns1.sumtel.ru ²
+ns2.sumtel.ru ²
+ns3.sumtel.ru ²
+om.sumtel.ru ⁴
+ns1.orl.sumtel.ru ³
+podpiska.sumtel.ru ¹
+relay.sumtel.ru ²
+relay2.sumtel.ru ³
+relay3.sumtel.ru ²
+ns1.rnd.sumtel.ru ²
+s.sumtel.ru ¹
+samba.sumtel.ru ³
+smm.sumtel.ru ²
+smotreshka.sumtel.ru ¹
+www.spb.sumtel.ru ¹
+ns1.spb.sumtel.ru ²
+ns2.spb.sumtel.ru ²
+ns3.spb.sumtel.ru ²
+ns4.spb.sumtel.ru ²
+promo.spb.sumtel.ru ³
+relay.spb.sumtel.ru ²
+speed.spb.sumtel.ru ²
+spb-pve.sumtel.ru ³
+tv.sumtel.ru ¹
+ns1.tvr.sumtel.ru ³
+vadim.sumtel.ru ³
+notice.vrn.sumtel.ru ³
+ns1.vrn.sumtel.ru ²
+vrn-pve.sumtel.ru ³
+wiki.sumtel.ru ⁴
+
+
+¹ mismatch
+² refused
+³ timed out
+⁴ self signed
+⁷ protocol error
+-->
+<ruleset name="sumtel.ru" default_off="failed ruleset test">
+	<target host="sumtel.ru" />
+	<target host="cloud.sumtel.ru" />
+	<target host="dag.sumtel.ru" />
+	<target host="forum.sumtel.ru" />
+	<target host="krasnodar.sumtel.ru" />
+	<target host="lipetsk.sumtel.ru" />
+	<target host="livechat.sumtel.ru" />
+	<target host="logs.sumtel.ru" />
+	<target host="msk.sumtel.ru" />
+	<target host="nnov.sumtel.ru" />
+	<target host="orel.sumtel.ru" />
+	<target host="redmine.sumtel.ru" />
+	<target host="rostov.sumtel.ru" />
+	<target host="spb.sumtel.ru" />
+	<target host="stat.sumtel.ru" />
+	<target host="tver.sumtel.ru" />
+	<target host="voronezh.sumtel.ru" />
+	<target host="yakutsk.sumtel.ru" />
+	<target host="zabbix.sumtel.ru" />
+
+	<target host="www.sumtel.ru" />
+
+	<rule from="^http://www\.sumtel\.ru/"
+		to="https://sumtel.ru/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/sundance.tv.xml b/src/chrome/content/rules/sundance.tv.xml
new file mode 100644
index 000000000000..817d354f47f2
--- /dev/null
+++ b/src/chrome/content/rules/sundance.tv.xml
@@ -0,0 +1,55 @@
+<!--
+	For other AMC Networks coverage, see AMC.xml.
+
+
+	Nonfunctional hosts in *sundance.tv:
+
+		- channelfinder ³
+
+	³ 403
+
+
+	^sundance.tv: Dropped
+
+
+	Mixed content:
+
+		- iframe on www from channelfinder.sundance.tv
+		- css on www from $self ˢ
+
+		- Images, on:
+
+			- www from $self
+			- www from images.amcnetworks.com ˢ
+
+		- Bugs, on:
+
+			- www from \d+.fls.doubleclick.net
+			- www from b.scorecardresearch.com ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="Sundance.TV (partial)" platform="mixedcontent">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="media.sundance.tv" />
+	<target host="www.sundance.tv" />
+
+	<!--	Complications:
+				-->
+	<target host="sundance.tv" />
+
+
+	<securecookie host="^\." name="^_gat?$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://sundance\.tv/"
+		to="https://www.sundance.tv/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/sunmotors.co.uk.xml b/src/chrome/content/rules/sunmotors.co.uk.xml
new file mode 100644
index 000000000000..8a4d7042de75
--- /dev/null
+++ b/src/chrome/content/rules/sunmotors.co.uk.xml
@@ -0,0 +1,71 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.sunmotors.co.uk/account => https://www.sunmotors.co.uk/account: (51, "SSL: no alternative certificate subject name matches target host name 'www.sunmotors.co.uk'")
+Fetch error: http://www.sunmotors.co.uk/account/sellyourcar/ => https://www.sunmotors.co.uk/account/sellyourcar/: (51, "SSL: no alternative certificate subject name matches target host name 'www.sunmotors.co.uk'")
+Fetch error: http://www.sunmotors.co.uk/account/signin => https://www.sunmotors.co.uk/account/signin: (51, "SSL: no alternative certificate subject name matches target host name 'www.sunmotors.co.uk'")
+Fetch error: http://www.sunmotors.co.uk/motors-cdn/images/icon_search.png => https://www.sunmotors.co.uk/motors-cdn/images/icon_search.png: (51, "SSL: no alternative certificate subject name matches target host name 'www.sunmotors.co.uk'")
+
+	For other News Corporation coverage, see News-Corporation.xml.
+
+
+	Nonfunctional hosts in *sunmotors.co.uk:
+
+		- cdn-[34] ⁴
+		- cdn.wp ⁴
+
+	⁴ 504
+
+
+	These altnames do not exist:
+
+		- images.sunmotors.co.uk
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.sunmotors.co.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="sunmotors.co.uk" default_off="failed ruleset test">
+
+	<target host="sunmotors.co.uk" />
+	<target host="www.sunmotors.co.uk" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.sunmotors\.co\.uk/(?:$|about-us/$|car-valuations/$|contact/$|news/$|privacy-policy/$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://(?:www\.)?sunmotors\.co\.uk/(?!/*(?:account(?:$|[?/])|motors-cdn/))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.sunmotors.co.uk/about-us/" />
+			<test url="http://www.sunmotors.co.uk/car-valuations/" />
+			<test url="http://www.sunmotors.co.uk/contact/" />
+			<test url="http://www.sunmotors.co.uk/news/" />
+			<test url="http://www.sunmotors.co.uk/privacy-policy/" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.sunmotors.co.uk/account" />
+			<test url="http://www.sunmotors.co.uk/account/sellyourcar/" />
+			<test url="http://www.sunmotors.co.uk/account/signin" />
+			<test url="http://www.sunmotors.co.uk/motors-cdn/images/icon_search.png" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.sunmotors\.co\.uk$" name="^(?:motbreadcrumbsv2|motses)$" /-->
+
+	<securecookie host="^\." name="_ga(?:t?$|t_)" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/suntech.cz.xml b/src/chrome/content/rules/suntech.cz.xml
new file mode 100644
index 000000000000..dc175f8e5dae
--- /dev/null
+++ b/src/chrome/content/rules/suntech.cz.xml
@@ -0,0 +1,6 @@
+<ruleset name="Suntech.cz">
+	<target host="suntech.cz" />
+	<target host="www.suntech.cz" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/sunxdcc.com.xml b/src/chrome/content/rules/sunxdcc.com.xml
new file mode 100644
index 000000000000..9eabda72c8da
--- /dev/null
+++ b/src/chrome/content/rules/sunxdcc.com.xml
@@ -0,0 +1,10 @@
+<!--
+	Invalid certificate:
+		mail.sunxdcc.com
+-->
+<ruleset name="sunxdcc.com">
+	<target host="sunxdcc.com" />
+	<target host="www.sunxdcc.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/suomi.fi.xml b/src/chrome/content/rules/suomi.fi.xml
index 148ef5385d01..e440b340c768 100644
--- a/src/chrome/content/rules/suomi.fi.xml
+++ b/src/chrome/content/rules/suomi.fi.xml
@@ -3,13 +3,14 @@
 	<!-- Has a few subdomains which have cookies too -->
 
 	<target host="suomi.fi" />
-	<target host="*.suomi.fi" />
+	<target host="www.suomi.fi" />
+	<target host="asiointitili.suomi.fi" />
+	<target host="tunnistus.suomi.fi" />
 
 
 	<securecookie host="^[^@:/\.]+\.suomi\.fi" name=".+" />
 
 
-	<rule from="^http://((?:www|asiointitili|tunnistus)\.)?suomi\.fi/"
-		to="https://$1suomi.fi/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/supagro.fr.xml b/src/chrome/content/rules/supagro.fr.xml
new file mode 100644
index 000000000000..a10d77c7d01c
--- /dev/null
+++ b/src/chrome/content/rules/supagro.fr.xml
@@ -0,0 +1,10 @@
+<ruleset name="Supagro.fr">
+
+	<target host="supagro.fr" />
+	<target host="www.supagro.fr" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/superbreak.com.xml b/src/chrome/content/rules/superbreak.com.xml
new file mode 100644
index 000000000000..68301cca0c23
--- /dev/null
+++ b/src/chrome/content/rules/superbreak.com.xml
@@ -0,0 +1,18 @@
+<!--
+	For other Bookit coverage, see bookit.nl.xml.
+
+-->
+<ruleset name="SuperBreak.com">
+
+	<target host="superbreak.com" />
+	<target host="affiliates.superbreak.com" />
+	<target host="www.superbreak.com" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/superdesk.org.xml b/src/chrome/content/rules/superdesk.org.xml
new file mode 100644
index 000000000000..8cc3bbe5133b
--- /dev/null
+++ b/src/chrome/content/rules/superdesk.org.xml
@@ -0,0 +1,28 @@
+<!--
+	For other Sourcefabric coverage, see Sourcefabric.org.xml.
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.superdesk.org
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Superdesk.org">
+
+	<target host="superdesk.org" />
+	<target host="www.superdesk.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.superdesk\.org$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/superstranka.cz.xml b/src/chrome/content/rules/superstranka.cz.xml
new file mode 100644
index 000000000000..15e9db00340c
--- /dev/null
+++ b/src/chrome/content/rules/superstranka.cz.xml
@@ -0,0 +1,18 @@
+<!--
+	For other Active24.cz coverage, see active24.cz.xml.
+
+	Expired:
+		- objednavka.superstranka.cz
+
+	Mismatched:
+		- proc.superstranka.cz
+
+	Self signed:
+		- blog.superstranka.cz
+-->
+<ruleset name="Superstranka.cz">
+	<target host="superstranka.cz" />
+	<target host="www.superstranka.cz" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/surina.net.xml b/src/chrome/content/rules/surina.net.xml
new file mode 100644
index 000000000000..92a52a98424b
--- /dev/null
+++ b/src/chrome/content/rules/surina.net.xml
@@ -0,0 +1,8 @@
+<ruleset name="surina.net">
+	<target host="surina.net" />
+	<target host="www.surina.net" />
+	<target host="audioshift.surina.net" />
+	<target host="soundtouch.surina.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/surreycc.gov.xml b/src/chrome/content/rules/surreycc.gov.xml
new file mode 100644
index 000000000000..7c6b8cb1a0dd
--- /dev/null
+++ b/src/chrome/content/rules/surreycc.gov.xml
@@ -0,0 +1,82 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://new.surreycc.gov.uk/ => https://new.surreycc.gov.uk/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www2.surreycc.gov.uk/ => https://www2.surreycc.gov.uk/: (6, 'Could not resolve host: www2.surreycc.gov.uk')
+
+	Surrey County Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *surreycc.gov.uk:
+
+		- data ⁴
+		- ebooks ʰ
+		- findmynearest ⁵
+		- petitions ᵗ
+		- travel ᵈ
+		- www1 ⁵
+
+	⁴ 404
+	⁵ 503
+	ᵈ Dropped
+	ʰ Redirects to http
+	ᵗ Reset
+
+
+	Problematic hosts in *surreycc.gov.uk:
+
+		- news ᵐ
+		- online ᶜ
+
+	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- .surreycc.gov.uk
+		- .classic.surreycc.gov.uk
+		- mycouncil.surreycc.gov.uk
+		- new.surreycc.gov.uk
+		- online.surreycc.gov.uk
+		- performance.surreycc.gov.uk
+		- surreymaps.surreycc.gov.uk
+		- wccpensions.surreycc.gov.uk
+		- www.surreycc.gov.uk
+		- www2.surreycc.gov.uk
+
+-->
+<ruleset name="Surrey CC.gov.uk (partial)" default_off="failed ruleset test">
+
+	<target host="surreycc.gov.uk" />
+	<target host="classic.surreycc.gov.uk" />
+	<target host="mycouncil.surreycc.gov.uk" />
+	<target host="new.surreycc.gov.uk" />
+	<!--target host="online.surreycc.gov.uk" /-->
+	<target host="performance.surreycc.gov.uk" />
+	<target host="surreymaps.surreycc.gov.uk" />
+	<target host="wccpensions.surreycc.gov.uk" />
+	<target host="www.surreycc.gov.uk" />
+	<target host="www2.surreycc.gov.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.surreycc\.gov\.uk$" name="^(?:incap_ses_\d+|nlbi|visid_incap)_\d+$" /-->
+	<!--securecookie host="^(?:classic|new|online|surreymaps|wccpensions|www2)\.surreycc\.gov\.uk$" name="^___utmv[abm]\w+$" /-->
+	<!--securecookie host="^\.classic\.surreycc\.gov\.uk$" name="^SQ_SYSTEM_SESSION$" /-->
+	<!--securecookie host="^mycouncil\.surreycc\.gov\.uk$" name="^(?:___utmv[abm]\w+|ASP\.NET_SessionId)$" /-->
+	<!--securecookie host="^performance\.surreycc\.gov\.uk$" name="^logged_in$" /-->
+	<!--securecookie host="^www\.surreycc\.gov\.uk$" name="^(?:___utmv[abm]\w+|SQ_SYSTEM_SESSION)$" /-->
+
+	<securecookie host="^\.classic\." name=".+" />
+	<securecookie host="^\." name="^(?:_gat?$|_gat_|incap_|nlbi_|visid_incap_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/surreyheath-online.gov.uk.xml b/src/chrome/content/rules/surreyheath-online.gov.uk.xml
new file mode 100644
index 000000000000..a849493aee39
--- /dev/null
+++ b/src/chrome/content/rules/surreyheath-online.gov.uk.xml
@@ -0,0 +1,37 @@
+<!--
+	Surrey Heath Borough Council Online Portal
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	(www.)?surreyheath-online.gov.uk: Refused
+
+
+	Problematic hosts in *surreyheath-online.gov.uk:
+
+		- www.public ᵐ
+
+	ᵐ Mismatched
+
+-->
+<ruleset name="Surreyheath-Online.gov.uk (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.staffportal.surreyheath-online.gov.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="www.public.surreyheath-online.gov.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://www\.public\.surreyheath-online\.gov\.uk/"
+		to="https://www.staffportal.surreyheath-online.gov.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/surreyheath.gov.uk.xml b/src/chrome/content/rules/surreyheath.gov.uk.xml
new file mode 100644
index 000000000000..ac8ed1ce8f9c
--- /dev/null
+++ b/src/chrome/content/rules/surreyheath.gov.uk.xml
@@ -0,0 +1,29 @@
+<!--
+	Surrey Heath Borough Council
+
+
+	Nonfunctional hosts in *surreyheath.gov.uk:
+
+		- (www.)? ʳ
+		- isharemaps ⁴
+
+	⁴ 404
+	ʳ Refused
+
+-->
+<ruleset name="Surrey Heath.gov.uk (partial)">
+
+	<target host="prepayparking.surreyheath.gov.uk" />
+
+		<!--	404:
+				-->
+		<!--test url="http://isharemaps.surreyheath.gov.uk/ishare54/Proxy/planning.proxy?documentid=2119526" /-->
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/surreyoutdoorlearning.uk.xml b/src/chrome/content/rules/surreyoutdoorlearning.uk.xml
new file mode 100644
index 000000000000..674323eb8e3d
--- /dev/null
+++ b/src/chrome/content/rules/surreyoutdoorlearning.uk.xml
@@ -0,0 +1,33 @@
+<!--
+	Insecure cookies are set for these domains and hosts:
+
+		- .surreyoutdoorlearning.uk
+		- www.surreyoutdoorlearning.uk
+
+
+	Mixed content:
+
+		- Images from www.surreyoutdoorlearning.uk ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Surrey Outdoor Learning.uk">
+
+	<target host="surreyoutdoorlearning.uk" />
+	<target host="www.surreyoutdoorlearning.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.surreyoutdoorlearning\.uk$" name="^(?:incap_ses_\d+|visid_incap)_\d+$" /-->
+	<!--securecookie host="^www\.surreyoutdoorlearning\.uk$" name="^(?:___utm[abm]\d+|SQ_SYSTEM_SESSION)$" /-->
+
+	<securecookie host="^\." name="^(?:incap|visid_incap)_" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/sustrans.org.uk.xml b/src/chrome/content/rules/sustrans.org.uk.xml
new file mode 100644
index 000000000000..7a6419116c89
--- /dev/null
+++ b/src/chrome/content/rules/sustrans.org.uk.xml
@@ -0,0 +1,43 @@
+<!--
+	Nonfunctional hosts in *sustrans.org.uk:
+
+		- bigshift ᵖ
+		- bigshiftcymru ᵖ
+		- bigstreetsurvey ʳ
+		- girochallenge ʳ
+		- maps ᵈ
+
+	ᵈ Dropped
+	ᵖ Plaintext reply
+	ʳ Refused
+
+-->
+<ruleset name="Sustrans.org.uk (partial)">
+
+	<target host="sustrans.org.uk" />
+	<target host="www.sustrans.org.uk" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.sustrans\.org\.uk/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://(?:www\.)?sustrans\.org\.uk/(?!/*(?:misc|sites)/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.sustrans.org.uk/contact-us" />
+			<test url="http://www.sustrans.org.uk/news" />
+			<test url="http://www.sustrans.org.uk/support-us/donate-now/safeguard-network-appeal" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.sustrans.org.uk/misc/menu-leaf.png" />
+			<test url="http://www.sustrans.org.uk/sites/all/themes/sustrans_sasson/images/indicator-green-arrow-up.png" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/sutton.gov.uk.xml b/src/chrome/content/rules/sutton.gov.uk.xml
new file mode 100644
index 000000000000..80385c1e1359
--- /dev/null
+++ b/src/chrome/content/rules/sutton.gov.uk.xml
@@ -0,0 +1,27 @@
+<!--
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- moderngov.sutton.gov.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Sutton.gov.uk">
+
+	<target host="moderngov.sutton.gov.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^moderngov\.sutton\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/suttonhomechoice.org.uk.xml b/src/chrome/content/rules/suttonhomechoice.org.uk.xml
new file mode 100644
index 000000000000..57fea8dad2f1
--- /dev/null
+++ b/src/chrome/content/rules/suttonhomechoice.org.uk.xml
@@ -0,0 +1,34 @@
+<!--
+	^suttonhomechoice.org.uk: 200 "URL is not recognised"
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.suttonhomechoice.org.uk
+
+-->
+<ruleset name="Sutton Homechoice.org.uk">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.suttonhomechoice.org.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="suttonhomechoice.org.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.suttonhomechoice\.org\.uk$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://suttonhomechoice\.org\.uk/"
+		to="https://www.suttonhomechoice.org.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/suttonhousingpartnership.org.uk.xml b/src/chrome/content/rules/suttonhousingpartnership.org.uk.xml
new file mode 100644
index 000000000000..788918207602
--- /dev/null
+++ b/src/chrome/content/rules/suttonhousingpartnership.org.uk.xml
@@ -0,0 +1,47 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- myshp.suttonhousingpartnership.org.uk
+
+-->
+<ruleset name="Sutton Housing Partnership.org.uk (partial)">
+
+	<target host="suttonhousingpartnership.org.uk" />
+	<target host="myshp.suttonhousingpartnership.org.uk" />
+	<target host="www.suttonhousingpartnership.org.uk" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://(?:www\.)?suttonhousingpartnership\.org\.uk/(?:AboutUs/PrivacyStatement|HowDoI/ContactSomeone|YourRent/Money-Advice-and-Information/ManagingYourMoney/Managing-Your-Money|sitemap)\.aspx" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://(?:www\.)?suttonhousingpartnership\.org\.uk/(?!/*(?:Document|Image|SiteElement)s/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.suttonhousingpartnership.org.uk/AboutUs/PrivacyStatement.aspx" />
+			<test url="http://www.suttonhousingpartnership.org.uk/HowDoI/ContactSomeone.aspx" />
+			<test url="http://www.suttonhousingpartnership.org.uk/YourRent/Money-Advice-and-Information/ManagingYourMoney/Managing-Your-Money.aspx" />
+			<test url="http://www.suttonhousingpartnership.org.uk/sitemap.aspx" />
+
+			<!--	-ve:
+					-->
+			<!--test url="http://suttonhousingpartnership.org.uk/Documents/AboutUs/SHPmap.pdf" /-->
+			<test url="http://suttonhousingpartnership.org.uk/Images/Logos/Disabled-Icon150x115.png" />
+			<test url="http://www.suttonhousingpartnership.org.uk/SiteElements/Images/VDivide.gif" />
+			<test url="http://www.suttonhousingpartnership.org.uk/SiteElements/Styles/500-Print.css" />
+
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^myshp\.suttonhousingpartnership\.org\.uk$" name="^(?:CFID|CFTOKEN|JSESSIONID)$" /-->
+
+	<securecookie host="^(?!www\.)\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/suumo.com.xml b/src/chrome/content/rules/suumo.com.xml
new file mode 100644
index 000000000000..b6394cb12536
--- /dev/null
+++ b/src/chrome/content/rules/suumo.com.xml
@@ -0,0 +1,20 @@
+<!--
+
+	For more SUUMO coverage, see SUUMO.jp.xml
+
+	Nonfunctional subdomains:
+
+		- www	(times out)
+
+-->
+
+<ruleset name="suumo.com">
+
+	<target host="img01.suumo.com" />
+
+	<test url="http://img01.suumo.com/front/gazo/banner/030/C900010/img/31/20010931.gif" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/svazuerich.ch.xml b/src/chrome/content/rules/svazuerich.ch.xml
new file mode 100644
index 000000000000..0b6574104b99
--- /dev/null
+++ b/src/chrome/content/rules/svazuerich.ch.xml
@@ -0,0 +1,7 @@
+<ruleset name="SVA Zürich">
+	<target host="svazurich.ch"/>
+	<target host="www.svazurich.ch"/>
+
+	<rule from="^http:"
+		to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/svoboda.org.xml b/src/chrome/content/rules/svoboda.org.xml
new file mode 100644
index 000000000000..d14d6de3cd0e
--- /dev/null
+++ b/src/chrome/content/rules/svoboda.org.xml
@@ -0,0 +1,22 @@
+<!--
+svoboda.org ¹
+archive.svoboda.org ³
+direct.svoboda.org ²
+euro.svoboda.org ¹
+
+
+¹ mismatch
+² refused
+³ timed out
+-->
+<ruleset name="svoboda.org">
+	<target host="www.svoboda.org" />
+	<target host="staging.svoboda.org" />
+
+	<target host="svoboda.org" />
+
+	<rule from="^http://svoboda\.org/"
+		to="https://www.svoboda.org/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/svyaznoy.ru.xml b/src/chrome/content/rules/svyaznoy.ru.xml
new file mode 100644
index 000000000000..755479317c56
--- /dev/null
+++ b/src/chrome/content/rules/svyaznoy.ru.xml
@@ -0,0 +1,76 @@
+<!--
+b.svyaznoy.ru ⁶
+bilet.svyaznoy.ru ²
+credit.svyaznoy.ru ³
+cert.dev.svyaznoy.ru ⁴
+job2.dev.svyaznoy.ru ⁴
+site.sandbox.dev.svyaznoy.ru ⁴
+service.dev.svyaznoy.ru ⁴
+www.dom.svyaznoy.ru ⁴
+efio.svyaznoy.ru ¹
+es.svyaznoy.ru ³
+gw.svyaznoy.ru non-2xx http code
+int.svyaznoy.ru non-2xx http code
+intranet.svyaznoy.ru non-2xx http code
+job.svyaznoy.ru ⁴
+www.job.svyaznoy.ru ⁴
+links.svyaznoy.ru ¹
+www.m.svyaznoy.ru ¹
+mail.svyaznoy.ru ³
+microsoft.svyaznoy.ru non-2xx http code
+mobile.svyaznoy.ru ³
+api.mobile.svyaznoy.ru ³
+login.mobile.svyaznoy.ru ⁵
+mta1.svyaznoy.ru ³
+mta2.svyaznoy.ru ³
+mta3.svyaznoy.ru ³
+mta4.svyaznoy.ru ³
+mta5.svyaznoy.ru ³
+mta6.svyaznoy.ru ³
+mta7.svyaznoy.ru ³
+mta8.svyaznoy.ru ³
+nokia.svyaznoy.ru non-2xx http code
+ok.svyaznoy.ru ¹
+www.service-ok.svyaznoy.ru ¹
+services.svyaznoy.ru ³
+sp-soft.svyaznoy.ru ⁴
+www.sp-soft.svyaznoy.ru ⁴
+strahovoy.svyaznoy.ru non-2xx http code
+dev.strahovoy.svyaznoy.ru ¹
+transfer.svyaznoy.ru ²
+travel.svyaznoy.ru ³
+wap.svyaznoy.ru ¹
+wcp.svyaznoy.ru non-2xx http code
+isp.svyaznoy.ru different content
+
+
+¹ mismatch
+² refused
+³ timed out
+⁴ self signed
+⁵ expired
+⁶ redirect
+-->
+<ruleset name="svyaznoy.ru">
+	<target host="svyaznoy.ru" />
+	<target host="www.svyaznoy.ru" />
+	<target host="app.svyaznoy.ru" />
+	<target host="auth.svyaznoy.ru" />
+	<target host="broker.svyaznoy.ru" />
+	<target host="broker-test.svyaznoy.ru" />
+	<target host="pdoc.home.svyaznoy.ru" />
+	<target host="photo-maraphon.home.svyaznoy.ru" />
+	<target host="iframe.svyaznoy.ru" />
+	<target host="jira.svyaznoy.ru" />
+	<target host="life.svyaznoy.ru" />
+	<target host="m.svyaznoy.ru" />
+	<target host="office.svyaznoy.ru" />
+	<target host="promo.svyaznoy.ru" />
+	<target host="push.svyaznoy.ru" />
+	<target host="retail.svyaznoy.ru" />
+	<target host="service-ok.svyaznoy.ru" />
+	<target host="sso.svyaznoy.ru" />
+	<target host="static.svyaznoy.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/svz-bw.de.xml b/src/chrome/content/rules/svz-bw.de.xml
new file mode 100644
index 000000000000..93a989e934eb
--- /dev/null
+++ b/src/chrome/content/rules/svz-bw.de.xml
@@ -0,0 +1,17 @@
+<!--
+	Refused:
+		lkw-parken.svz-bw.de
+		verkehrskameras.svz-bw.de
+		karte.verkehrskameras.svz-bw.de
+
+-->
+<ruleset name="Straßenverkehrszentrale Baden-Württemberg">
+
+	<target host="svz-bw.de" />
+	<target host="www.svz-bw.de" />
+	<target host="m.svz-bw.de" />
+	<target host="piwik.svz-bw.de" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/svzt.ru.xml b/src/chrome/content/rules/svzt.ru.xml
new file mode 100644
index 000000000000..0a83a723e39f
--- /dev/null
+++ b/src/chrome/content/rules/svzt.ru.xml
@@ -0,0 +1,9 @@
+<!--
+www.svzt.ru mismatch
+svzt.ru different content
+-->
+<ruleset name="svzt.ru (partial)">
+	<target host="stat.svzt.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/swale.gov.uk.xml b/src/chrome/content/rules/swale.gov.uk.xml
new file mode 100644
index 000000000000..27027f2f6434
--- /dev/null
+++ b/src/chrome/content/rules/swale.gov.uk.xml
@@ -0,0 +1,35 @@
+<!--
+	For other UK government coverage, see GOV.UK.xml.
+
+	Non-functional hosts
+		Timeout was reached:
+		- connect.swale.gov.uk
+		- mapping.swale.gov.uk
+		- mobile.swale.gov.uk
+
+		SSL connect error:
+		- maps.swale.gov.uk
+		- selfserve.swale.gov.uk
+		- tourism.swale.gov.uk
+		- www2.swale.gov.uk
+
+		SSL peer certificate was not OK:
+		- beta.swale.gov.uk
+		- mail.swale.gov.uk
+		- vacancies.swale.gov.uk
+
+		4XX client error:
+		- jobs.swale.gov.uk
+		- visit.swale.gov.uk
+-->
+<ruleset name="Swale.gov.uk">
+	<target host="swale.gov.uk" />
+	<target host="www.swale.gov.uk" />
+	<target host="api.swale.gov.uk" />
+	<target host="accessedge.swale.gov.uk" />
+	<target host="archive.swale.gov.uk" />
+	<target host="meet.swale.gov.uk" />
+	<target host="services.swale.gov.uk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/swarmapp.com.xml b/src/chrome/content/rules/swarmapp.com.xml
new file mode 100644
index 000000000000..8e955d32996d
--- /dev/null
+++ b/src/chrome/content/rules/swarmapp.com.xml
@@ -0,0 +1,24 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .swarmapp.com
+
+-->
+<ruleset name="Swarm app.com">
+
+	<target host="swarmapp.com" />
+	<target host="www.swarmapp.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.swarmapp\.com$" name="^bbhive$" /-->
+
+	<securecookie host="^\." name="^bbhive$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/swatmag.com.xml b/src/chrome/content/rules/swatmag.com.xml
new file mode 100644
index 000000000000..989770b5d4b4
--- /dev/null
+++ b/src/chrome/content/rules/swatmag.com.xml
@@ -0,0 +1,33 @@
+<!--
+	These altnames do not exist:
+
+		- www.subscribe.swatmag.com
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- subscribe.swatmag.com
+		- www.swatmag.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="SWAT Mag.com">
+
+	<target host="swatmag.com" />
+	<target host="subscribe.swatmag.com" />
+	<target host="www.swatmag.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^subscribe\.swatmag\.com$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^www\.swatmag\.com$" name="^(?:exp_last_activity|exp_last_visit|exp_tracker|PHPSESSID)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/swiss-prime-site.ch.xml b/src/chrome/content/rules/swiss-prime-site.ch.xml
new file mode 100644
index 000000000000..dadb9ab3b908
--- /dev/null
+++ b/src/chrome/content/rules/swiss-prime-site.ch.xml
@@ -0,0 +1,7 @@
+<ruleset name="swiss-prime-site.ch">
+	<target host="swiss-prime-site.ch" />
+	<target host="www.swiss-prime-site.ch" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/swissgov.xml b/src/chrome/content/rules/swissgov.xml
new file mode 100644
index 000000000000..5269afba9b11
--- /dev/null
+++ b/src/chrome/content/rules/swissgov.xml
@@ -0,0 +1,368 @@
+<!--
+	Other swissgov rulesets:
+
+		- ag.ch.xml
+		- dot.swiss.xml
+		- Swiss_Federal_Institute_of_Intellectual_Property.xml
+		- Swiss_Financial_Market_Supervisory_Authority.xml
+
+
+	no certificate:
+		- ai.ch
+		- bs.ch
+		- nw.ch
+		- ow.ch
+		- sg.ch
+		- sz.ch
+		- tg.ch
+		- ti.ch
+		- ur.ch
+		- vd.ch
+
+	lu.ch (r)
+
+	ne.ch (t)
+
+	miljobs.ch (s)
+
+	be.ch
+		- ^ (m)
+
+	ge.ch
+		- bdp
+		- edu
+		- icp
+		- ot
+		- rc
+		- slj
+		- wwwedu
+		- wap
+		- vnm
+
+	gl.ch
+		- (www.) (mixed content)
+
+	gr.ch
+		- www.*
+	mixed content:
+		- geo
+
+	jura.ch
+		- ^ (d)
+		- extranet
+		- geoportail
+		- mapfish
+		- w3
+		- album (d)
+		- eco (d)
+		- rsju (d)
+
+	sh.ch
+		- *.sh.ch (d)
+
+	so.ch
+		- ausbildungsprogramm
+		- lehrmittelshop
+		- rrb
+		- www.*
+		- bgs (m)
+
+	vs.ch
+		- escadaweb
+		- web
+		- webta
+		- www.*
+
+	zg.ch
+		- iopac
+		- wetter
+
+	zh.ch
+		- www.*
+
+
+	admin.ch:
+		- rpvz.nb (m)
+		- www.afd (d)
+		- www.ar (m)
+		- www.babs (m)
+		- www.bak (r)
+		- www.baspo (m)
+		- www.bfe (h)
+		- www.big (m)
+		- www.bit (h)
+		- www.comcom (r)
+		- www.deseco (m)
+		- www.disclaimer (m)
+		- www.esti (h)
+		- www.gs-vbs (m)
+		- www.hydrodaten (t)
+		- www.lw (m)
+		- www.meteoschweiz (m)
+		- www.meteosuisse (m)
+		- www.meteosvizzera (m)
+		- www.meteoswiss (m)
+		- www.ndb (m)
+		- www.oa (m)
+		- www.postcom (r)
+		- www.sib (s)
+		- www.vbs (m)
+		- www.vtg (m)
+
+	^admin.ch doesn't exist.
+
+
+	ensi.ch:
+		- static (m)
+
+	(www.)dasgebaeudeprogramm.ch (m)
+
+	(www.)isdc.ch (f)
+
+	(www.)gottardo2016.ch (m)
+
+	naturgefahren.ch (t)
+	www.naturgefahren.ch (m)
+	dangers-naturels.ch (t)
+	www.dangers-naturels.ch (m)
+	pericoli-naturali.ch (t)
+	www.pericoli-naturali.ch (m)
+	privels-natira.ch (t)
+	www.privels-natira.ch (m)
+	natural-hazards.ch (t)
+	www.natural-hazards.ch (m)
+
+	rab-asr.ch:
+		- newsletter (m)
+		- register (m)
+
+	metas.ch:
+		- legnet (t)
+
+	^publica.ch (d)
+
+
+	d: data differs from http
+	f: secure connection failed
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+
+
+	No valid test url known:
+		- link.admin.ch
+-->
+<ruleset name="Schweizer Regierung">
+	<target host="www.admin.ch" />
+	<target host="www.cms-etcount.admin.ch" />
+	<target host="www.newsd.admin.ch" />
+
+	<target host="www.nkvf.admin.ch" />
+
+
+	<!-- hosts sorted by department -->
+
+
+	<target host="www.bk.admin.ch" />
+		<target host="www.staatskalender.admin.ch" />
+		<target host="www.media.bk.admin.ch" />
+			<test url ="http://www.media.bk.admin.ch/epaper/bk/" />
+
+
+	<target host="www.eda.admin.ch"/>
+
+
+	<target host="www.edi.admin.ch" />
+		<target host="www.bag.admin.ch" />
+		<target host="www.bar.admin.ch" />
+		<target host="www.bfs.admin.ch" />
+			<target host="www.somed.bfs.admin.ch" />
+			<securecookie host="^www\.somed\.bfs\.admin\.ch$" name=".+" />
+		<target host="www.blv.admin.ch" />
+		<target host="www.bsv.admin.ch" />
+			<target host="www.regress.admin.ch" />
+	<target host="www.ebg.admin.ch" />
+	<target host="www.nb.admin.ch" />
+
+		<target host="www.swissmedic.ch" />
+		<target host="www.gate.swissmedic.ch" />
+		<target host="www.ndsweb.swissmedic.ch" />
+
+
+	<target host="www.ejpd.admin.ch" />
+		<target host="www.bj.admin.ch" />
+		<target host="www.btm.admin.ch" />
+		<target host="www.ch-edoc-passantrag.admin.ch"/>
+		<target host="www.ekm.admin.ch" />
+		<target host="www.esbk.admin.ch" />
+		<target host="www.eschk.admin.ch" />
+		<target host="www.fedpol.admin.ch" />
+			<target host="www.cybercrime.admin.ch"/>
+		<target host="www.isc-ejpd.admin.ch" />
+		<target host="www.li.admin.ch" />
+		<target host="www.rhf.admin.ch" />
+		<target host="www.sem.admin.ch" />
+
+		<target host="rab-asr.ch" />
+		<target host="www.rab-asr.ch" />
+
+		<target host="ecert.metas.ch" />
+		<target host="www.metas.ch" />
+
+
+	<target host="www.efd.admin.ch" />
+		<target host="www.bbl.admin.ch" />
+			<target host="www.bundespublikationen.admin.ch"/>
+		<target host="www.eav.admin.ch" />
+		<target host="www.efk.admin.ch" />
+			<!-- http redirect on $ -->
+			<exclusion pattern="http://www.efk.admin.ch/$" />
+			<test url ="http://www.efk.admin.ch/index.php" />
+		<target host="www.efv.admin.ch" />
+		<target host="www.epa.admin.ch" />
+		<target host="www.estv.admin.ch" />
+		<target host="www.ezv.admin.ch" />
+		<target host="www.isb.admin.ch" />
+		<target host="www.sif.admin.ch" />
+		<target host="www.stelle.admin.ch" />
+		<target host="www.webftp.admin.ch" />
+
+		<target host="www.publica.ch" />
+
+
+	<target host="www.wbf.admin.ch" />
+		<target host="www.blw.admin.ch" />
+		<target host="www.bwl.admin.ch" />
+		<target host="www.bwo.admin.ch" />
+		<target host="www.kmu.admin.ch"/>
+		<target host="www.konsum.admin.ch" />
+		<target host="www.kti.admin.ch"/>
+		<target host="www.sas.admin.ch"/>
+		<target host="www.sbfi.admin.ch"/>
+		<target host="www.seco.admin.ch"/>
+		<target host="www.weko.admin.ch"/>
+		<target host="www.zivi.admin.ch"/>
+
+
+	<target host="www.uvek.admin.ch" />
+		<target host="www.are.admin.ch" />
+		<target host="www.astra.admin.ch" />
+		<target host="www.bafu.admin.ch" />
+		<target host="www.bakom.admin.ch" />
+		<target host="www.bav.admin.ch" />
+		<target host="www.bazl.admin.ch" />
+		<target host="www.elcom.admin.ch" />
+		<target host="www.energie-vorbild.admin.ch" />
+		<target host="www.eofcom.admin.ch" />
+		<target host="www.geo.admin.ch"/>
+			<target host="api3.geo.admin.ch"/>
+			<target host="map.geo.admin.ch"/>
+			<target host="wms.geo.admin.ch"/>
+		<target host="www.gruenewirtschaft.admin.ch" />
+		<target host="www.ske.admin.ch" />
+		<target host="www.sust.admin.ch" />
+		<target host="www.ubi.admin.ch" />
+
+		<target host="energieschweiz.ch" />
+		<target host="www.energieschweiz.ch" />
+
+		<target host="ensi.ch" />
+		<target host="www.ensi.ch" />
+		<target host="mobile.ensi.ch" />
+
+
+	<!-- VBS -->
+		<target host="www.swisstopo.admin.ch" />
+		<target host="www.sphair.admin.ch" />
+
+
+	<target host="www.edoeb.admin.ch"/>
+		<target host="www.blog.edoeb.admin.ch"/>
+
+	<!-- Errors in fetch tests
+	<target host="parlament.ch"/>
+		<target host="www.parlament.ch"/>
+		<target host="biblio.parlament.ch"/> -->
+
+
+	<!-- canton sites -->
+
+
+	<target host="ge.ch"/>
+		<target host="www.ge.ch"/>
+
+
+	<target host="ar.ch"/>
+		<target host="www.ar.ch"/>
+
+
+	<target host="jura.ch"/>
+		<target host="guichet.jura.ch"/>
+		<target host="www.jura.ch"/>
+
+
+	<!-- ZH -->
+		<target host="dsb.zh.ch"/>
+		<target host="www.zh.ch"/>
+
+
+	<!-- VS -->
+		<target host="webtransfer.vs.ch"/>
+		<target host="www.vs.ch"/>
+
+
+	<target host="bl.ch"/>
+		<target host="www.bl.ch"/>
+		<target host="baselland.ch"/>
+		<target host="www.baselland.ch"/>
+
+
+	<target host="be.ch"/>
+		<target host="www.be.ch"/>
+
+
+	<target host="sh.ch"/>
+		<target host="www.sh.ch"/>
+
+
+	<target host="so.ch"/>
+		<target host="bbzsogr.so.ch"/>
+		<target host="berufsmatura.so.ch"/>
+		<target host="pkso.so.ch"/>
+		<target host="www.so.ch"/>
+
+
+		<!-- GR -->
+		<target host="www.gr.ch"/>
+
+
+	<target host="fr.ch"/>
+		<target host="www.fr.ch"/>
+
+	<target host="zg.ch"/>
+		<target host="www.zg.ch"/>
+		<target host="bgs.zg.ch"/>
+		<target host="elearning.zg.ch"/>
+		<target host="extranet.zg.ch"/>
+		<target host="iform.zg.ch"/>
+			<test url="http://iform.zg.ch/iform/pub/egov204/" />
+		<target host="izug.zg.ch"/>
+		<target host="portal.zg.ch"/>
+		<target host="regizug.zg.ch"/>
+		<target host="securemail.zg.ch"/>
+		<target host="vpn.zg.ch"/>
+			<test url="http://vpn.zg.ch/dana-na/auth/welcome.cgi?p=rolelogo" />
+
+
+	<rule from="^http://be\.ch/"
+		to="https://www.be.ch/" />
+	<rule from="^http://jura\.ch/"
+		to="https://www.jura.ch/" />
+	<rule from="^http://sh\.ch/"
+		to="https://www.sh.ch/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/swissnode.ch.xml b/src/chrome/content/rules/swissnode.ch.xml
new file mode 100644
index 000000000000..fdebda1e7c66
--- /dev/null
+++ b/src/chrome/content/rules/swissnode.ch.xml
@@ -0,0 +1,8 @@
+<ruleset name="swissnode.ch">
+	<target host="swissnode.ch" />
+	<target host="www.swissnode.ch" />
+	<target host="hosting04.swissnode.ch" />
+	<target host="remote.swissnode.ch" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/swtch.com.xml b/src/chrome/content/rules/swtch.com.xml
new file mode 100644
index 000000000000..1ab860a873d3
--- /dev/null
+++ b/src/chrome/content/rules/swtch.com.xml
@@ -0,0 +1,12 @@
+<!--
+research.swtch.com ⁷
+
+
+⁷ protocol error
+-->
+<ruleset name="swtch.com">
+	<target host="swtch.com" />
+	<target host="www.swtch.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/sydney.edu.au.xml b/src/chrome/content/rules/sydney.edu.au.xml
new file mode 100644
index 000000000000..7d050d097d56
--- /dev/null
+++ b/src/chrome/content/rules/sydney.edu.au.xml
@@ -0,0 +1,113 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://login.ezproxy1.library.sydney.edu.au/ => https://login.ezproxy1.library.sydney.edu.au/: (6, 'Could not resolve host: login.ezproxy1.library.sydney.edu.au')
+Fetch error: http://www.sydney.edu.au/ => https://www.sydney.edu.au/: Too many redirects while fetching 'https://www.sydney.edu.au/'
+
+	The University of Sydney
+
+	Other University of Sydney rulesets:
+
+		- usyd.edu.au.xml
+
+
+	Nonfunctional hosts in *sydney.edu.au:
+
+		- inspired ʳ
+		- manage.profiles ʳ
+
+	ᵈ Dropped
+	ʳ Refused
+
+
+	These altnames don't exist:
+
+		- www.staff.ask.sydney.edu.au
+		- www.whatson.sydney.edu.au
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- sydney.edu.au
+		- staff.ask.sydney.edu.au
+		- bookings-streaming.sydney.edu.au
+		- campusassist.sydney.edu.au
+		- elearning.sydney.edu.au
+		- irma.sydney.edu.au
+		- myhr.sydney.edu.au
+		- myuni.sydney.edu.au
+		- cas.myuni.sydney.edu.au
+		- shb.myuni.sydney.edu.au
+		- ppd.sydney.edu.au
+		- rdmp.sydney.edu.au
+		- riskware.sydney.edu.au
+		- sydneystudent.sydney.edu.au
+		- webmail.sydney.edu.au
+		- .whatson.sydney.edu.au
+
+
+	Mixed content:
+
+		- favicon on staff.ask from ^sydney.edu.au ˢ
+		- Bug on ^ from www.googletagmanager.com ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="Sydney.edu.au (partial)" default_off="failed ruleset test">
+
+	<target host="sydney.edu.au" />
+	<target host="staff.ask.sydney.edu.au" />
+	<target host="bookings-streaming.sydney.edu.au" />
+	<target host="campusassist.sydney.edu.au" />
+	<target host="cms.sydney.edu.au" />
+	<target host="elearning.sydney.edu.au" />
+	<target host="intranet.sydney.edu.au" />
+	<target host="irma.sydney.edu.au" />
+	<target host="login.ezproxy1.library.sydney.edu.au" />
+	<target host="myhr.sydney.edu.au" />
+	<target host="myuni.sydney.edu.au" />
+	<target host="cas.myuni.sydney.edu.au" />
+	<target host="shb.myuni.sydney.edu.au" />
+	<target host="ppd.sydney.edu.au" />
+	<target host="rdmp.sydney.edu.au" />
+	<target host="riskware.sydney.edu.au" />
+	<target host="wordvine.sydney.edu.au" />
+	<target host="staging.wordvine.sydney.edu.au" />
+	<target host="sydneystudent.sydney.edu.au" />
+	<target host="webmail.sydney.edu.au" />
+	<target host="whatson.sydney.edu.au" />
+	<target host="www.sydney.edu.au" />
+
+		<!--	Mixed bug:
+					-->
+		<!--test url="http://sydney.edu.au/library/" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^sydney\.edu\.au$" name="^BIGipServer" /-->
+	<!--securecookie host="^staff\.ask\.sydney\.edu\.au$" name="^cp_session$" /-->
+	<!--securecookie host="^bookings-streaming\.sydney\.edu\.au$" name="^(?:BIGipServer|PHPSESSID$)" /-->
+	<!--securecookie host="^campusassist\.sydney\.edu\.au$" name="^(?:BIGipServer|JSESSIONID$)" /-->
+	<!--securecookie host="^elearning\.sydney\.edu\.au$" name="^(?:BIGipServer|session_id$)" /-->
+	<!--securecookie host="^irma\.sydney\.edu\.au$" name="^ASPSESSIONID[A-Z]{8}$" /-->
+	<!--securecookie host="^myhr\.sydney\.edu\.au$" name="^(?:BIGipServer|JSESSIONID)" /-->
+	<!--securecookie host="^myuni\.sydney\.edu\.au$" name="^MyUniPersist$" /-->
+	<!--securecookie host="^cas\.myuni\.sydney\.edu\.au$" name="^CasMyuniPersist$" /-->
+	<!--securecookie host="^shb\.myuni\.sydney\.edu\.au$" name="^(?:_idp_authn_lc_key|shbMyuniPersist)$" /-->
+	<!--securecookie host="^ppd\.sydney\.edu\.au$" name="^(?:__RequestVerificationToken|BIGipServer|AspxAutoDetectCookieSupport$)" /-->
+	<!--securecookie host="^rdmp\.sydney\.edu\.au$" name="^(?:BIGipServer|JSESSIONID$)" /-->
+	<!--securecookie host="^riskware\.sydney\.edu\.au$" name="^(?:ASP\.NET_SessionId|ctl00_S2Sam)$" /-->
+	<!--securecookie host="^sydneystudent\.sydney\.edu\.au$" name="^BIGipServer" /-->
+	<!--securecookie host="^webmail\.sydney\.edu\.au$" name="^(?:BIGipServer|cadata$|sessionid$)" /-->
+	<!--securecookie host="^\.whatson\.sydney\.edu\.au$" name="^SQ_SYSTEM_SESSION$" /-->
+
+	<securecookie host="^(?:\w|\.whatson\.)" name=".+" />
+	<securecookie host="^\." name="^_(?:gat?$|_utm)" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/syllable.org.xml b/src/chrome/content/rules/syllable.org.xml
new file mode 100644
index 000000000000..59f0dbf49268
--- /dev/null
+++ b/src/chrome/content/rules/syllable.org.xml
@@ -0,0 +1,13 @@
+<ruleset name="syllable.org" platform="mixedcontent">
+	<target host="syllable.org" />
+	<target host="www.syllable.org" />
+	<target host="de.syllable.org" />
+	<target host="ar.syllable.org" />
+	<target host="nl.syllable.org" />
+	<target host="ru.syllable.org" />
+	<target host="sl.syllable.org" />
+	<target host="forum.syllable.org" />
+	<target host="development.syllable.org" />
+	<target host="web.syllable.org" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/synapsepay.com.xml b/src/chrome/content/rules/synapsepay.com.xml
new file mode 100644
index 000000000000..57103a95b3a2
--- /dev/null
+++ b/src/chrome/content/rules/synapsepay.com.xml
@@ -0,0 +1,21 @@
+<!--
+	Non-functional subdomains:
+
+		- help	 	(mismatched, CN: *.zendesk.com, zendesk.com)
+		- status	(mismatched, CN: *.statuspage.io, statuspage.io)
+-->
+<ruleset name="SynapsePay (partial)">
+
+	<target host=          "synapsepay.com" />
+	<target host=      "cdn.synapsepay.com" />
+	<target host="dashboard.synapsepay.com" />
+	<target host=  "discuss.synapsepay.com" />
+	<target host=     "docs.synapsepay.com" />
+	<target host=      "www.synapsepay.com" />
+
+	<securecookie host="^(discuss|docs)\.synapsepay\.com$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/synonymer.se.xml b/src/chrome/content/rules/synonymer.se.xml
new file mode 100644
index 000000000000..3f00d86134a0
--- /dev/null
+++ b/src/chrome/content/rules/synonymer.se.xml
@@ -0,0 +1,8 @@
+<ruleset name="synonymer.se">
+	<target host="synonymer.se" />
+	<target host="www.synonymer.se" />
+	<target host="api.synonymer.se" />
+	<target host="dev.synonymer.se" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/syrianmalware.com.xml b/src/chrome/content/rules/syrianmalware.com.xml
new file mode 100644
index 000000000000..2a7054d65962
--- /dev/null
+++ b/src/chrome/content/rules/syrianmalware.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="syrianmalware.com">
+	<target host="syrianmalware.com" />
+	<target host="www.syrianmalware.com" />
+	
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/sysadmins.ru.xml b/src/chrome/content/rules/sysadmins.ru.xml
new file mode 100644
index 000000000000..8bf09b676919
--- /dev/null
+++ b/src/chrome/content/rules/sysadmins.ru.xml
@@ -0,0 +1,14 @@
+<!--
+Invalid certificate:
+	eng.sysadmins.ru
+	forum.sysadmins.ru
+	mail.sysadmins.ru
+-->
+<ruleset name="sysadmins.ru">
+	<target host="sysadmins.ru" />
+	<target host="www.sysadmins.ru" />
+	<target host="forum.sysadmins.ru" />
+
+	<rule from="^http://forum\.sysadmins\.ru/" to="https://sysadmins.ru/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/sysax.com.xml b/src/chrome/content/rules/sysax.com.xml
new file mode 100644
index 000000000000..b5cea86661f6
--- /dev/null
+++ b/src/chrome/content/rules/sysax.com.xml
@@ -0,0 +1,47 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- sysax.com
+		- www.sysax.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css on (www.)? from www.sysax.com ˢ
+		- Images on (www.)? from www.sysax.com ˢ
+
+		- Bug, on:
+
+			- (www.)? from static.getclicky.com ˢ
+			- (www.)? from www.sysax.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Sysax.com" platform="mixedcontent">
+
+	<target host="sysax.com" />
+	<target host="www.sysax.com" />
+
+		<!--	Sets cookie without Secure:
+							-->
+		<!--test url="http://sysax.com/strx/track/default.html?st=1" /-->
+
+		<!--	Mixed css:
+					-->
+		<!--test url="http://sysax.com/support/index.php" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?sysax\.com$" name="ns_visitor$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/sysdig.com.xml b/src/chrome/content/rules/sysdig.com.xml
new file mode 100644
index 000000000000..aa03381e6c82
--- /dev/null
+++ b/src/chrome/content/rules/sysdig.com.xml
@@ -0,0 +1,25 @@
+<!--
+	www.sysdig.com: Expired cert at redirect destination
+
+-->
+<ruleset name="Sysdig.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="sysdig.com" />
+
+	<!--	Complications:
+				-->
+	<target host="www.sysdig.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://www\.sysdig\.com/"
+		to="https://sysdig.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/sysprovide.xml b/src/chrome/content/rules/sysprovide.xml
index 27b5090fae84..000d1df44a28 100644
--- a/src/chrome/content/rules/sysprovide.xml
+++ b/src/chrome/content/rules/sysprovide.xml
@@ -4,8 +4,8 @@
 	<target host="sysprovide.de"/>
 	<target host="www.sysprovide.de"/>
 
-	<securecookie host=".*\.sysproserver\.de$" name=".*"/>
-	<securecookie host="^www\.sysprovide\.de$" name=".*"/>
+	<securecookie host=".*\.sysproserver\.de$" name=".+" />
+	<securecookie host="^www\.sysprovide\.de$" name=".+" />
 
 	<rule from="^http://(srv|webmail)(\d\d)\.sysproserver\.de/"
 		to="https://$1$2.sysproserver.de/"/>
diff --git a/src/chrome/content/rules/system-rescue-cd.org.xml b/src/chrome/content/rules/system-rescue-cd.org.xml
new file mode 100644
index 000000000000..52f4e52b7d25
--- /dev/null
+++ b/src/chrome/content/rules/system-rescue-cd.org.xml
@@ -0,0 +1,27 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://system-rescue-cd.org/ => https://system-rescue-cd.org/: Too many redirects while fetching 'https://system-rescue-cd.org/'
+Fetch error: http://www.system-rescue-cd.org/ => https://www.system-rescue-cd.org/: Too many redirects while fetching 'https://www.system-rescue-cd.org/'
+Fetch error: http://sysresccd.org/ => https://sysresccd.org/: Too many redirects while fetching 'https://sysresccd.org/'
+Fetch error: http://www.sysresccd.org/ => https://www.sysresccd.org/: Too many redirects while fetching 'https://www.sysresccd.org/'
+
+beta.system-rescue-cd.org self signed
+beta.sysresccd.org broken because it redirects to https://beta.system-rescue-cd.org
+-->
+<ruleset name="System-Rescue-Cd.org" default_off="failed ruleset test">
+
+	<target host="system-rescue-cd.org" />
+	<target host="www.system-rescue-cd.org" />
+	<target host="sysresccd.org" />
+	<target host="www.sysresccd.org" />
+
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/systemd.io.xml b/src/chrome/content/rules/systemd.io.xml
new file mode 100644
index 000000000000..c7389ba5040f
--- /dev/null
+++ b/src/chrome/content/rules/systemd.io.xml
@@ -0,0 +1,15 @@
+<!--
+	Timeout:
+		cfp.systemd.io
+-->
+<ruleset name="systemd.io">
+
+	<target host="systemd.io" />
+	<target host="www.systemd.io" />
+	<target host="brand.systemd.io" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/szfw.org.xml b/src/chrome/content/rules/szfw.org.xml
new file mode 100644
index 000000000000..c37a473781f5
--- /dev/null
+++ b/src/chrome/content/rules/szfw.org.xml
@@ -0,0 +1,22 @@
+<!--
+	Nonfunctional hosts in *szfw.org:
+
+		- (www.)? ᵃ
+		- icon ᵃ
+
+	ᵃ Shows another domain
+
+-->
+<ruleset name="szfw.org (partial)">
+
+	<target host="credit.szfw.org" />
+	<target host="search.szfw.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/t-analytics.com.xml b/src/chrome/content/rules/t-analytics.com.xml
new file mode 100644
index 000000000000..77fbfc2737ad
--- /dev/null
+++ b/src/chrome/content/rules/t-analytics.com.xml
@@ -0,0 +1,16 @@
+<!--
+	For other TripAdvisor coverage, see TripAdvisor.xml.
+
+-->
+<ruleset name="T-Analytics.com">
+
+	<target host="www.t-analytics.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/t-mobilebankowe.pl.xml b/src/chrome/content/rules/t-mobilebankowe.pl.xml
new file mode 100644
index 000000000000..a785514fdfb4
--- /dev/null
+++ b/src/chrome/content/rules/t-mobilebankowe.pl.xml
@@ -0,0 +1,94 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://konto.t-mobilebankowe.pl/? (200) => https://www.t-mobilebankowe.pl/porownywarka-kont? (404)
+Non-2xx HTTP code: http://konto.t-mobilebankowe.pl/ (200) => https://www.t-mobilebankowe.pl/porownywarka-kont (404)
+
+	Nonfunctional hosts in *t-mobilebankowe.pl:
+
+		- kampanie ᵈ
+		- konto ᵈ
+		- www.rewards ᵈ
+		- wakacje ᵈ
+
+	ᵈ Dropped
+
+
+	Partially covered hosts in *t-mobilebankowe.pl:
+
+		- konto ⁴
+
+	⁴ /*\w 404s
+
+
+	^t-mobilebankowe.pl doesn't exist
+
+
+	Insecure cookies are set for these hosts:
+
+		- form.t-mobilebankowe.pl
+		- online.t-mobilebankowe.pl
+		- m.online.t-mobilebankowe.pl
+		- static.t-mobilebankowe.pl
+		- wnioski.t-mobilebankowe.pl
+		- www.t-mobilebankowe.pl
+
+-->
+<ruleset name="T-mobilebankowe.pl (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="form.t-mobilebankowe.pl" />
+	<target host="online.t-mobilebankowe.pl" />
+	<target host="m.online.t-mobilebankowe.pl" />
+	<target host="static.t-mobilebankowe.pl" />
+	<target host="wnioski.t-mobilebankowe.pl" />
+	<target host="www.t-mobilebankowe.pl" />
+
+	<!--	Complications:
+				-->
+	<target host="konto.t-mobilebankowe.pl" />
+
+		<!--	Sets cookie without Secure:
+							-->
+		<!--test url="http://form.t-mobilebankowe.pl/fk_forms/index.html?application_ID=&amp;partner_id=&amp;source=" /-->
+		<!--test url="http://wnioski.t-mobilebankowe.pl/directcreditsystem-frontend-application-creditcard/cms/?partnerId=T_KK_AB_PRC&amp;transactionCode=main" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^form\.t-mobilebankowe\.pl$" name="^(?:JSESSIONID|TS[\da-f]{8}|lbsc)$" /-->
+	<!--securecookie host="^online\.t-mobilebankowe\.pl$" name="^(?:\w+|TS[\da-f]{8})$" /-->
+	<!--securecookie host="^m\.online\.t-mobilebankowe\.pl$" name="^(?:\w+|TS[\da-f]{8}|org\.springframework\.web\.servlet\.theme\.CookieThemeResolver\.THEME)$" /-->
+	<!--securecookie host="^static\.t-mobilebankowe\.pl$" name="^TS[\da-f]{8}$" /-->
+	<!--securecookie host="^wnioski\.t-mobilebankowe\.pl$" name="^(?:JSESSIONID|TS[\da-f]{8}|dcsseccookie|lbsc)$" /-->
+	<!--securecookie host="^www\.t-mobilebankowe\.pl$" name="^(?:\w+|TS[\da-f]{8})$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<!--	Redirect keeps args but not forward slash:
+								-->
+	<rule from="^http://konto\.t-mobilebankowe\.pl/[^?]*"
+		to="https://www.t-mobilebankowe.pl/porownywarka-kont" />
+
+		<!--	/*\w 404s:
+					-->
+		<exclusion pattern="^http://konto\.t-mobilebankowe\.pl/+(?!$|\?)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://konto.t-mobilebankowe.pl/default.aspx" />
+			<test url="http://konto.t-mobilebankowe.pl/index.htm" />
+			<test url="http://konto.t-mobilebankowe.pl/index.html" />
+			<test url="http://konto.t-mobilebankowe.pl/index.jsp" />
+			<test url="http://konto.t-mobilebankowe.pl/index.php" />
+
+			<!--	-ve:
+					-->
+			<test url="http://konto.t-mobilebankowe.pl/?" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/t-ru.org.xml b/src/chrome/content/rules/t-ru.org.xml
new file mode 100644
index 000000000000..d099206e9e1f
--- /dev/null
+++ b/src/chrome/content/rules/t-ru.org.xml
@@ -0,0 +1,26 @@
+<!--
+	For other rutracker, see rutracker.org.xml
+
+	bt.t-ru.org ²
+	bt2.t-ru.org ²
+	bt3.t-ru.org ²
+	bt4.t-ru.org ²
+	ns1.t-ru.org ⁴
+	ns2.t-ru.org ⁴
+	static2.t-ru.org ¹
+
+
+	¹ mismatch
+	² refused
+	⁴ self signed
+
+-->
+<ruleset name="t-ru.org (partial)">
+
+	<target host="api.t-ru.org" />
+	<target host="static.t-ru.org" />
+		<test url="http://static.t-ru.org/favicon.ico" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/t.me.xml b/src/chrome/content/rules/t.me.xml
new file mode 100644
index 000000000000..2aca98d8fc5f
--- /dev/null
+++ b/src/chrome/content/rules/t.me.xml
@@ -0,0 +1,11 @@
+<!--
+	For other Telegram coverage, see Telegram.me.xml.
+-->
+
+<ruleset name="t.me">
+		<target host="t.me" />
+		<target host="www.t.me" />
+
+		<rule from="^http:"
+				to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/t.umblr.com.xml b/src/chrome/content/rules/t.umblr.com.xml
new file mode 100644
index 000000000000..fb32870ef070
--- /dev/null
+++ b/src/chrome/content/rules/t.umblr.com.xml
@@ -0,0 +1,14 @@
+<!--
+	For other Tumblr coverage, see Tumblr.xml.
+
+-->
+<ruleset name="t.umblr.com">
+
+	<target host="t.umblr.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/t2-project.org.xml b/src/chrome/content/rules/t2-project.org.xml
new file mode 100644
index 000000000000..6c6b21b2271e
--- /dev/null
+++ b/src/chrome/content/rules/t2-project.org.xml
@@ -0,0 +1,9 @@
+<!--www2. nonexist
+bugs. mismatch
+torrent. timed out
+dl. incomplete cert chain-->
+<ruleset name="t2-project.org">
+	<target host="t2-project.org" />
+	<target host="www.t2-project.org" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/t3n.de.xml b/src/chrome/content/rules/t3n.de.xml
new file mode 100644
index 000000000000..b4b580822f19
--- /dev/null
+++ b/src/chrome/content/rules/t3n.de.xml
@@ -0,0 +1,22 @@
+<ruleset name="t3n.de">
+
+	<target host="t3n.de" />
+	<target host="www.t3n.de" />
+	<target host="amp.t3n.de" />
+	<target host="api.t3n.de" />
+	<target host="faq.t3n.de" />
+	<target host="go.t3n.de" />
+	<target host="media.t3n.de" />
+	<target host="api.stage.t3n.de" />
+	<target host="cc.stage.t3n.de" />
+	<target host="content-api.stage.t3n.de" />
+	<target host="next.stage.t3n.de" />
+	<target host="private-api.stage.t3n.de" />
+	<target host="wp.stage.t3n.de" />
+	<target host="storybook.t3n.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/t66y.com.xml b/src/chrome/content/rules/t66y.com.xml
new file mode 100644
index 000000000000..809b83003b69
--- /dev/null
+++ b/src/chrome/content/rules/t66y.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="t66y.com">
+	<target host="t66y.com" />
+	<target host="www.t66y.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/t6k.co.xml b/src/chrome/content/rules/t6k.co.xml
new file mode 100644
index 000000000000..74d89ca00823
--- /dev/null
+++ b/src/chrome/content/rules/t6k.co.xml
@@ -0,0 +1,16 @@
+<!--
+	Secure connection failed:
+		a.t6k.co
+-->
+
+<ruleset name="t6k.co">
+	<target host="t6k.co" />
+	<target host="www.t6k.co" />
+	<target host="img.t6k.co" />
+	<target host="img2.t6k.co" />
+	<target host="pay.t6k.co" />
+	<target host="s.t6k.co" />
+	<target host="s3.t6k.co" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/tab-beim-bundestag.de.xml b/src/chrome/content/rules/tab-beim-bundestag.de.xml
new file mode 100644
index 000000000000..e5a8e77dbd81
--- /dev/null
+++ b/src/chrome/content/rules/tab-beim-bundestag.de.xml
@@ -0,0 +1,25 @@
+<!--
+	^tab-beim-bundestag.de: Mismatched
+
+-->
+<ruleset name="Tab-Beim-Bundestag.de">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.tab-beim-bundestag.de" />
+
+	<!--	Complications:
+				-->
+	<target host="tab-beim-bundestag.de" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://tab-beim-bundestag\.de/"
+		to="https://www.tab-beim-bundestag.de/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/tabac-info-service.fr.xml b/src/chrome/content/rules/tabac-info-service.fr.xml
new file mode 100644
index 000000000000..2c2e9cc695f8
--- /dev/null
+++ b/src/chrome/content/rules/tabac-info-service.fr.xml
@@ -0,0 +1,19 @@
+<!--
+	Invalid certificate:
+		go.coaching.tabac-info-service.fr
+
+-->
+<ruleset name="tabac-info-service.fr">
+
+	<target host="tabac-info-service.fr" />
+	<target host="www.tabac-info-service.fr" />
+	<target host="coaching.tabac-info-service.fr" />
+	<target host="mois-sans-tabac.tabac-info-service.fr" />
+	<target host="partenaires-mois-sans-tabac.tabac-info-service.fr" />
+	<target host="pro.tabac-info-service.fr" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/tacdn.com.xml b/src/chrome/content/rules/tacdn.com.xml
new file mode 100644
index 000000000000..9d53d38851f2
--- /dev/null
+++ b/src/chrome/content/rules/tacdn.com.xml
@@ -0,0 +1,26 @@
+<!--
+	For other TripAdvisor coverage, see TripAdvisor.xml.
+
+-->
+<ruleset name="TA CDN.com">
+
+	<target host="c1.tacdn.com" />
+	<target host="static.tacdn.com" />
+
+		<test url="http://c1.tacdn.com/img2/t4b/Stacked_TA_logo.png" />
+
+		<!--	Access-Control-Allow-Origin=*:
+							-->
+		<test url="http://static.tacdn.com/css2/home_2011_meta-v21873910252b.css" />
+		<test url="http://static.tacdn.com/css2/t4b_review_express-v22306584000b.css" />
+		<test url="http://static.tacdn.com/css2/t4b_owners-v24288156394b.css" />
+		<test url="http://static.tacdn.com/css2/universal_new-v21717239814b.css" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/tacticalsecret.com.xml b/src/chrome/content/rules/tacticalsecret.com.xml
new file mode 100644
index 000000000000..a8ccc5ecd43f
--- /dev/null
+++ b/src/chrome/content/rules/tacticalsecret.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="tactical secret.com">
+
+	<target host="tacticalsecret.com" />
+	<target host="www.tacticalsecret.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/taganrogprav.ru.xml b/src/chrome/content/rules/taganrogprav.ru.xml
new file mode 100644
index 000000000000..75b6f6a8ee3c
--- /dev/null
+++ b/src/chrome/content/rules/taganrogprav.ru.xml
@@ -0,0 +1,5 @@
+<ruleset name="taganrogprav.ru">
+	<target host="taganrogprav.ru" />
+	<target host="www.taganrogprav.ru" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/tagboard.com.xml b/src/chrome/content/rules/tagboard.com.xml
new file mode 100644
index 000000000000..e38a2b8a60ef
--- /dev/null
+++ b/src/chrome/content/rules/tagboard.com.xml
@@ -0,0 +1,74 @@
+<!--
+	Nonfunctional hosts in *tagboard.com:
+
+		- blog ʳ
+
+	ʳ Tumblr / refused
+
+
+	Problematic hosts in *tagboard.com:
+
+		- account *
+
+	* Redirect differs
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- support.tagboard.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Image on account from media.tumblr.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Tagboard.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="tagboard.com" />
+	<target host="about.tagboard.com" />
+	<target host="display.tagboard.com" />
+	<target host="static.tagboard.com" />
+	<target host="support.tagboard.com" />
+	<target host="user.tagboard.com" />
+	<target host="www.tagboard.com" />
+
+		<test url="http://static.tagboard.com/public/img/icon-search-alt.png" />
+
+		<!--	$ 404s, so:
+					-->
+		<test url="http://user.tagboard.com/auth/twitter" />
+
+	<!--	Complications:
+				-->
+	<target host="account.tagboard.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^support\.tagboard\.com$" name="^(?:XSRF-TOKEN|connect\.sid)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://account\.tagboard\.com/$"
+		to="https://account.tagboard.com/u/" />
+
+	<!--	Redirect drops args:
+					-->
+	<rule from="^http://account\.tagboard\.com/\?.*"
+		to="https://account.tagboard.com/search" />
+
+		<test url="http://account.tagboard.com/?" />
+		<test url="http://account.tagboard.com/?foo" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/tagesschau.de.xml b/src/chrome/content/rules/tagesschau.de.xml
new file mode 100644
index 000000000000..bf23f764c3a5
--- /dev/null
+++ b/src/chrome/content/rules/tagesschau.de.xml
@@ -0,0 +1,65 @@
+<!--
+	Invalid Certificate:
+		enterpriseregistration.tagesschau.de
+		klima.tagesschau.de
+		www.klima.tagesschau.de
+		miss.tagesschau.de
+		origin.tagesschau.de
+		stat.tagesschau.de
+		rbb24.wahl.tagesschau.de
+		wahl-o-mat.tagesschau.de
+		wahlarchiv.tagesschau.de
+		wahlomat.tagesschau.de
+
+	Mixed content:
+		karten.tagesschau.de
+		wahl.tagesschau.de
+
+	Refused:
+		atlas.tagesschau.de
+		chat.tagesschau.de
+		download.tagesschau.de
+		spiel.tagesschau.de
+		umfrage.tagesschau.de
+
+	SSL error:
+		forum.tagesschau.de
+		www.forum.tagesschau.de
+
+	Timeout:
+		admin.tagesschau.de
+		fbia.tagesschau.de
+		relaunch.tagesschau.de
+		test.tagesschau.de
+
+	Unable to get local issuer certificate:
+		prodforum.tagesschau.de
+		todo.tagesschau.de
+		wiki.tagesschau.de
+-->
+<ruleset name="tagesschau.de (partial)">
+
+	<target host="tagesschau.de" />
+	<target host="www.tagesschau.de" />
+	<target host="autodiscover.tagesschau.de" />
+	<target host="blog.tagesschau.de" />
+	<target host="www.blog.tagesschau.de" />
+	<target host="faktenfinder.tagesschau.de" />
+	<target host="autodiscover.forum.tagesschau.de" />
+	<target host="intern.tagesschau.de" />
+	<target host="korrespondenten.tagesschau.de" />
+	<target host="media.tagesschau.de" />
+	<target host="download.media.tagesschau.de" />
+	<target host="meta.tagesschau.de" />
+	<target host="netzwerk.tagesschau.de" />
+	<target host="service.tagesschau.de" />
+	<target host="wahl.tagesschau.de" />
+	<target host="www.wahl.tagesschau.de" />
+	<target host="wetter.tagesschau.de" />
+	<target host="wetterstationen.tagesschau.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/taiget.ru.xml b/src/chrome/content/rules/taiget.ru.xml
new file mode 100644
index 000000000000..46e42b2d3869
--- /dev/null
+++ b/src/chrome/content/rules/taiget.ru.xml
@@ -0,0 +1,13 @@
+<!--
+sec.taiget.ru non-2xx http code
+notice.taiget.ru mismatch
+test.taiget.ru mismatch
+-->
+<ruleset name="taiget.ru">
+	<target host="taiget.ru" />
+	<target host="www.taiget.ru" />
+	<target host="vpn.taiget.ru" />
+	<target host="eirc.taiget.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/taihe.com.xml b/src/chrome/content/rules/taihe.com.xml
new file mode 100644
index 000000000000..ace1b06c7154
--- /dev/null
+++ b/src/chrome/content/rules/taihe.com.xml
@@ -0,0 +1,40 @@
+<!--
+	Mismatched:
+		mail.taihe.com
+		ob.taihe.com
+		obforest.taihe.com
+		touch.taihe.com
+		tr.taihe.com
+		
+	Refused:
+		about.taihe.com
+		cms2.taihe.com
+		imap.taihe.com
+		pop.taihe.com
+		smtp.taihe.com
+
+	Timeout:
+		cms.taihe.com
+		live.taihe.com
+		office.taihe.com
+		rs.taihe.com
+		v.taihe.com
+		video.taihe.com
+-->
+<ruleset name="taihe.com">
+	<target host="taihe.com" />
+	<target host="www.taihe.com" />
+	<target host="bar.taihe.com" />
+	<target host="c.taihe.com" />
+	<target host="embedmusic.taihe.com" />
+	<target host="feed.taihe.com" />
+	<target host="fm.taihe.com" />
+	<target host="lebo.taihe.com" />
+	<target host="music.taihe.com" />
+	<target host="musicapi.taihe.com" />
+	<target host="passport.taihe.com" />
+	<target host="play.taihe.com" />
+	<target host="y.taihe.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/taiwantradeshows.com.tw.xml b/src/chrome/content/rules/taiwantradeshows.com.tw.xml
new file mode 100644
index 000000000000..eb2d02845387
--- /dev/null
+++ b/src/chrome/content/rules/taiwantradeshows.com.tw.xml
@@ -0,0 +1,14 @@
+<ruleset name="Taiwan Trade Shows.com.tw">
+
+	<target host="download.taiwantradeshows.com.tw" />
+
+		<test url="http://download.taiwantradeshows.com.tw/files/css/tpl16/en_US/c01/layout/my-sitemap-btn.png" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/takevoucher.com.xml b/src/chrome/content/rules/takevoucher.com.xml
new file mode 100644
index 000000000000..1e7de9ecad50
--- /dev/null
+++ b/src/chrome/content/rules/takevoucher.com.xml
@@ -0,0 +1,31 @@
+<!--
+	CDN buckets:
+
+		- d24ovsjoaud4so.cloudfront.net
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- takevoucher.com
+		- www.takevoucher.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="takevoucher.com">
+
+	<target host="takevoucher.com" />
+	<target host="www.takevoucher.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?takevoucher\.com$" name="^(?:PHPSESSID|festi_cart_for_woocommerce_storage|woocommerce_cart_hash)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/talentbrew.com.xml b/src/chrome/content/rules/talentbrew.com.xml
new file mode 100644
index 000000000000..949486576b46
--- /dev/null
+++ b/src/chrome/content/rules/talentbrew.com.xml
@@ -0,0 +1,14 @@
+<ruleset name="talentbrew.com">
+
+	<target host="tbcdn.talentbrew.com" />
+
+		<test url="http://tbcdn.talentbrew.com/company/4680/full_v1_0_en/images/print-thomson-reuters-logo.png" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/talkable.com.xml b/src/chrome/content/rules/talkable.com.xml
new file mode 100644
index 000000000000..2d693ccc0100
--- /dev/null
+++ b/src/chrome/content/rules/talkable.com.xml
@@ -0,0 +1,52 @@
+<!--
+	CDN buckets:
+
+		- d2jjzw81hqbuqv.cloudfront.net
+
+
+	Nonfunctional hosts in *talkable.com:
+
+		- blog ʳ
+		- email.offers ᵈ
+		- email.p2p ᵈ
+
+	ᵈ Dropped
+	ʳ Refused
+
+
+	Problematic hosts in *talkable.com:
+
+		- help ᵐ
+
+	ᵐ Helpjuice / mismatched
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.talkable.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Talkable.com (partial)">
+
+	<target host="talkable.com" />
+	<target host="www.talkable.com" />
+
+		<!--	Sets cookie without Secure:
+							-->
+		<!--test url="http://www.talkable.com/public/1x1.gif?current_visitor_uuid=" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.talkable\.com$" name="^uuid$" /-->
+
+	<securecookie host="^\." name="^_ga" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/talks.by.xml b/src/chrome/content/rules/talks.by.xml
new file mode 100644
index 000000000000..34458af1136d
--- /dev/null
+++ b/src/chrome/content/rules/talks.by.xml
@@ -0,0 +1,7 @@
+<ruleset name="talks.by">
+	<target host="talks.by"/>
+	<target host="www.talks.by"/>
+
+	<rule from="^http://www\.talks\.by/" to="https://talks.by/" />
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/tameside.gov.uk.xml b/src/chrome/content/rules/tameside.gov.uk.xml
new file mode 100644
index 000000000000..c742bda3e273
--- /dev/null
+++ b/src/chrome/content/rules/tameside.gov.uk.xml
@@ -0,0 +1,128 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://adultportal.tameside.gov.uk/ => https://adultportal.tameside.gov.uk/: (7, 'Failed to connect to adultportal.tameside.gov.uk port 443: Connection refused')
+Fetch error: http://ecitizen.tameside.gov.uk/ => https://ecitizen.tameside.gov.uk/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	Tameside Metropolitan Borough Council
+
+	For rules causing MCB, see tameside.gov.uk-mixedcontent.xml.
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *tameside.gov.uk:
+
+		- citizen ʳ
+		- lalpacpa ᵈ
+		- online ᵈ
+		- online:8080 ʳ
+		- plandocs ʳ
+		- public ᵈ
+		- webgis2 ᵈ
+		- www ʳ
+
+	ᵈ Dropped
+	ʳ Refused
+
+
+	Problematic hosts in *tameside.gov.uk:
+
+		- pimsweb ᶜ
+		- web ˣ
+
+	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
+	ˣ Mixed css
+
+
+	Partially covered hosts in *tameside.gov.uk:
+
+		- whatson ʰ
+
+	ʰ Some pages redirect to http
+
+
+	Insecure cookies are set for these hosts:
+
+		- pimsweb.tameside.gov.uk
+		- secure.tameside.gov.uk
+
+
+	Mixed content:
+
+		- css on web from www.tameside.gov.uk ʳ
+
+		- Images, on:
+
+			- web from public.tameside.gov.uk ᵈ
+			- web, whatson from www.tameside.gov.uk ʳ
+
+	ᵈ Unsecurable <= dropped
+	ʳ Unsecurable <= refused
+
+-->
+<ruleset name="Tameside.gov.uk (partial)" default_off="failed ruleset test">
+
+	<target host="admission.tameside.gov.uk" />
+	<target host="adultportal.tameside.gov.uk" />
+	<target host="ecitizen.tameside.gov.uk" />
+	<target host="eyf.tameside.gov.uk" />
+	<target host="isppweb.tameside.gov.uk" />
+	<target host="pimsweb.tameside.gov.uk" />
+	<target host="secure.tameside.gov.uk" />
+	<!--target host="web.tameside.gov.uk" /-->
+	<target host="whatson.tameside.gov.uk" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="http://whatson\.tameside\.gov\.uk/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="http://whatson\.tameside\.gov\.uk/+(?!Account/|[Cc]ommunity[Gg]roup/|Content/|EmailSubscription/|Event/(?:Recurrence|Thumbnail)/|eventscalendar/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://whatson.tameside.gov.uk/?OrganisationName=Church%20of%20Jesus%20Christ%20of%20Latter-day%20Saints" />
+			<test url="http://whatson.tameside.gov.uk/?SearchMode=Day" />
+			<test url="http://whatson.tameside.gov.uk/?SearchMode=List" />
+			<test url="http://whatson.tameside.gov.uk/?SearchMode=Map" />
+			<test url="http://whatson.tameside.gov.uk/?SearchMode=Month" />
+			<test url="http://whatson.tameside.gov.uk/?SearchMode=Table" />
+			<test url="http://whatson.tameside.gov.uk/?SearchMode=Week" />
+			<test url="http://whatson.tameside.gov.uk/syndication/getrssfeed/2" />
+
+			<!--	-ve:
+					-->
+			<test url="http://whatson.tameside.gov.uk/Account/LogOn" />
+			<test url="http://whatson.tameside.gov.uk/Account/Register" />
+			<test url="http://whatson.tameside.gov.uk/CommunityGroup/Index" />
+			<test url="http://whatson.tameside.gov.uk/Content/icons/tick.png" />
+			<test url="http://whatson.tameside.gov.uk/EmailSubscription/Create" />
+			<test url="http://whatson.tameside.gov.uk/Event/Recurrence/7073" />
+			<test url="http://whatson.tameside.gov.uk/Event/Thumbnail/7316" />
+			<test url="http://whatson.tameside.gov.uk/eventscalendar/category.asp?catid=11" />
+			<test url="http://whatson.tameside.gov.uk/eventscalendar/index.asp" /><!-- Mixed images -->
+
+		<!--	Mixed css:
+					-->
+		<!--test url="http://web.tameside.gov.uk/bluebadge/bluebadge" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^pimsweb\.tameside\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^secure\.tameside\.gov\.uk$" name="^ASPSESSIONID[A-Z]{8}$" /-->
+
+	<securecookie host="^(?!whatson\.)\w" name=".+" />
+
+
+	<rule from="^http://adultportal\.tameside\.gov\.uk:14500/"
+		to="https://adultportal.tameside.gov.uk:14500/" />
+
+		<test url="http://adultportal.tameside.gov.uk:14500/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/tamworth.gov.uk.xml b/src/chrome/content/rules/tamworth.gov.uk.xml
new file mode 100644
index 000000000000..ff4a702403ba
--- /dev/null
+++ b/src/chrome/content/rules/tamworth.gov.uk.xml
@@ -0,0 +1,51 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://benefits.tamworth.gov.uk/eGovHub/Viewer/Org/Production/Apps/HBCalculatorPaged/Launch.aspx => https://benefits.tamworth.gov.uk/eGovHub/Viewer/Org/Production/Apps/HBCalculatorPaged/Launch.aspx: (6, 'Could not resolve host: benefits.tamworth.gov.uk')
+Fetch error: http://benefits.tamworth.gov.uk/ => https://benefits.tamworth.gov.uk/: (6, 'Could not resolve host: benefits.tamworth.gov.uk')
+
+	Tamworth Borough Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *tamworth.gov.uk:
+
+		- democracy ʳ
+		- planning ᵈ
+		- www ʳ
+
+	ᵈ Dropped
+	ʳ Refused
+
+
+	These altnames do not exist:
+
+		- tamworth.gov.uk
+
+
+	Insecure cookies are set for these hosts:
+
+		- benefits.tamworth.gov.uk
+
+-->
+<ruleset name="Tamworth.gov.uk (partial)" default_off="failed ruleset test">
+
+	<target host="benefits.tamworth.gov.uk" />
+
+		<!--	$ 403s, so:
+					-->
+		<test url="http://benefits.tamworth.gov.uk/eGovHub/Viewer/Org/Production/Apps/HBCalculatorPaged/Launch.aspx" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^benefits\.tamworth\.gov\.uk$" name="^(?:\.ASPXAUTH|ASP\.NET_SessionId$)" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/tantquil.net.xml b/src/chrome/content/rules/tantquil.net.xml
new file mode 100644
index 000000000000..2f66f045d698
--- /dev/null
+++ b/src/chrome/content/rules/tantquil.net.xml
@@ -0,0 +1,16 @@
+<ruleset name="tantquil.net">
+
+	<target host="tantquil.net" />
+	<target host="www.tantquil.net" />
+	<target host="19h17.tantquil.net" />
+	<target host="www.19h17.tantquil.net" />
+	<target host="classeenlutte.tantquil.net" />
+	<target host="www.classeenlutte.tantquil.net" />
+	<target host="lassomarseillaise.tantquil.net" />
+	<target host="www.lassomarseillaise.tantquil.net" />
+	<target host="reseauantigestion.tantquil.net" />
+	<target host="www.reseauantigestion.tantquil.net" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/tanx.com.xml b/src/chrome/content/rules/tanx.com.xml
new file mode 100644
index 000000000000..bd1ae9b1281c
--- /dev/null
+++ b/src/chrome/content/rules/tanx.com.xml
@@ -0,0 +1,53 @@
+<!--
+
+	Break Redirects:
+		dmp
+		ex
+		monitor
+
+	Redirect to http:
+		^
+		ade
+		adx
+		c
+		monitor
+		ope
+		ssp
+		www
+
+	Mismatch:
+		cdn
+		ef.opendsp.tanx.com
+		openssp
+
+-->
+
+<ruleset name="tanx.com (partial)">
+
+	<target host="click.tanx.com" />
+		<test url="http://click.tanx.com/oc?e=XXX.apk" />
+	<target host="cmc.tanx.com" />
+		<test url="http://cmc.tanx.com/youku?youku_uid=14672735392805Lx&amp;r=1119411835" />
+	<target host="ecpm.tanx.com" />
+		<test url="http://ecpm.tanx.com/ex?i=mm_12852562_1778064_9087844&amp;cb=jsonp_callback_993&amp;callback=&amp;userid=&amp;o=&amp;f=&amp;n=&amp;re=1366x768&amp;r=&amp;cah=728&amp;caw=1366&amp;ccd=32&amp;ctz=8&amp;chl=2&amp;cja=1&amp;cpl=36&amp;cmm=53&amp;cf=11.9&amp;cg=a496a6f368d8ef0cf220c9b9ceb21c2e&amp;pvid=af206bd6a226631bf9801c9ea3c62464&amp;ai=4&amp;ac=6354&amp;prq=88431394&amp;cas=prq&amp;cbh=2945&amp;cbw=1349&amp;dx=1&amp;u=http%3A%2F%2Fwww.taobao.com%2F&amp;k=&amp;tt=%E6%B7%98%E5%AE%9D%E7%BD%91%20-%20%E6%B7%98%EF%BC%81%E6%88%91%E5%96%9C%E6%AC%A2" />
+	<target host="ets.tanx.com" />
+
+	<target host="mu.tanx.com" />
+	<!--	MCB:	-->
+	<exclusion pattern="^http://mu\.tanx\.com/index\.htm" />
+		<test url="http://mu.tanx.com/index.htm" />
+
+	<target host="opehs.tanx.com" />
+		<test url="http://opehs.tanx.com/ex?i=mm_26632322_6858406_35046203&amp;cb=jsonp_callback_19009&amp;callback=&amp;userid=&amp;o=&amp;f=&amp;n=&amp;re=1680x1050&amp;r=1&amp;cah=976&amp;caw=1680&amp;ccd=24&amp;ctz=-4&amp;chl=1&amp;cja=1&amp;cpl=5&amp;cmm=32&amp;cf=-1&amp;cg=c384a7c6ec6c51aeedd1ce6ad0743f18&amp;pvid=aeaa80fbb507a52a5b89f9004514cf14&amp;pvid_1=f1fb97f07c4d2d4b59ade3ce3ff94093&amp;ai=0&amp;ac=6867&amp;prm=26246211&amp;cas=prm&amp;cbh=4603&amp;cbw=400&amp;dx=1&amp;u=https%3A%2F%2Fwww.hao123.com%2F&amp;k=&amp;tt=hao123_%E4%B8%8A%E7%BD%91%E4%BB%8E%E8%BF%99%E9%87%8C%E5%BC%80%E5%A7%8B" />
+	<target host="p.tanx.com" />
+		<test url="http://p.tanx.com/ex?i=mm_10054360_4228956_14384474" />
+	<target host="pass.tanx.com" />
+
+	<target host="phs.tanx.com" />
+		<test url="http://phs.tanx.com/acbeacon4.html" />
+	<target host="rdstat.tanx.com" />
+		<test url="http://rdstat.tanx.com/trd?f=&amp;k=a09e279ad7f7a12a&amp;p=mm_52614553_5708351_21330357&amp;pvid=0a623c60000255bdbe7c9563" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/tapochek.net.xml b/src/chrome/content/rules/tapochek.net.xml
new file mode 100644
index 000000000000..2a0e4e4a177d
--- /dev/null
+++ b/src/chrome/content/rules/tapochek.net.xml
@@ -0,0 +1,14 @@
+<!--
+bt.tapochek.net ¹
+rpl.tapochek.net ¹
+rpl2.tapochek.net ¹
+
+
+¹ mismatch
+-->
+<ruleset name="tapochek.net">
+	<target host="tapochek.net" />
+	<target host="www.tapochek.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/tattelecom.ru.xml b/src/chrome/content/rules/tattelecom.ru.xml
new file mode 100644
index 000000000000..f3b24683f3d8
--- /dev/null
+++ b/src/chrome/content/rules/tattelecom.ru.xml
@@ -0,0 +1,15 @@
+<!--
+tattelecom.ru non-2xx http code
+www.tattelecom.ru non-2xx http code
+dealer.tattelecom.ru non-2xx http code
+b2b.tattelecom.ru timed out
+wifi.tattelecom.ru timed out
+forum.pl.tattelecom.ru self signed
+webcab.tattelecom.ru protocol error
+-->
+<ruleset name="tattelecom.ru (partial)">
+	<target host="newlk.tattelecom.ru" />
+	<target host="lkwifi.tattelecom.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/tbz.ch.xml b/src/chrome/content/rules/tbz.ch.xml
new file mode 100644
index 000000000000..0ce7e55d2a42
--- /dev/null
+++ b/src/chrome/content/rules/tbz.ch.xml
@@ -0,0 +1,17 @@
+<!--
+	Invalid certificate:
+	- webmail.tbz.ch
+	- vpn.tbz.ch
+	- intranet.tbz.ch
+-->
+
+<ruleset name="tbz.ch">
+	<target host="tbz.ch"/>
+	<target host="www.tbz.ch"/>
+	<target host="bscw.tbz.ch"/>
+	<target host="orgweb.tbz.ch"/>
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/tcinet.ru.xml b/src/chrome/content/rules/tcinet.ru.xml
new file mode 100644
index 000000000000..d10858ab8110
--- /dev/null
+++ b/src/chrome/content/rules/tcinet.ru.xml
@@ -0,0 +1,116 @@
+<!--
+actinium.tcinet.ru ³
+americium.tcinet.ru ³
+astatium.tcinet.ru ³
+bagira.tcinet.ru ²
+bagira-lb1.tcinet.ru ³
+bagira-lb2.tcinet.ru ³
+bagira1.tcinet.ru ³
+bagira2.tcinet.ru ³
+balu.tcinet.ru ²
+balu-lb1.tcinet.ru ³
+balu-lb2.tcinet.ru ³
+balu1.tcinet.ru ³
+balu2.tcinet.ru ³
+barium.tcinet.ru ³
+bat1.tcinet.ru ³
+bat2.tcinet.ru ³
+bat3.tcinet.ru ²
+bat4.tcinet.ru ²
+beldmit.tcinet.ru ³
+berklium.tcinet.ru ³
+beryllium.tcinet.ru ³
+blader.tcinet.ru ³
+brass.tcinet.ru ³
+bromum.tcinet.ru ³
+bronze.tcinet.ru ³
+calcium.tcinet.ru ³
+californium.tcinet.ru ³
+cane.tcinet.ru ³
+cat1.tcinet.ru ³
+cat1-vip.tcinet.ru ³
+cat2.tcinet.ru ³
+cat2-vip.tcinet.ru ³
+cat3.tcinet.ru ³
+cat4.tcinet.ru ³
+cep.tcinet.ru ³
+cepout.tcinet.ru ³
+ceptest.tcinet.ru ³
+ceres.tcinet.ru ³
+chlorum.tcinet.ru ³
+chromium.tcinet.ru ³
+clarnet1.tcinet.ru ³
+clarnet1vnx.tcinet.ru ³
+clarnet2.tcinet.ru ³
+clarnet2vnx.tcinet.ru ³
+clarnet3.tcinet.ru ³
+clarnet4.tcinet.ru ³
+clarnet5.tcinet.ru ³
+clarnet6.tcinet.ru ³
+clarnet7.tcinet.ru ³
+clarnet8.tcinet.ru ³
+cobaltum.tcinet.ru ³
+dc01.tcinet.ru ³
+dc01-mgmt.tcinet.ru ³
+dc02.tcinet.ru ³
+drtp.tcinet.ru ³
+drtptest.tcinet.ru ³
+dysprosium.tcinet.ru ³
+eeyore01.tcinet.ru ³
+emelyanova.tcinet.ru ³
+europium.tcinet.ru ³
+backup.farm.tcinet.ru ³
+cc.farm.tcinet.ru ³
+cc-mgmt.farm.tcinet.ru ³
+cc-stex.farm.tcinet.ru ³
+hv1a-mgmt.farm.tcinet.ru ³
+hv1b-mgmt.farm.tcinet.ru ³
+hv1c-mgmt.farm.tcinet.ru ³
+hv1d-mgmt.farm.tcinet.ru ³
+hv2a-mgmt.farm.tcinet.ru ³
+hv2b-mgmt.farm.tcinet.ru ³
+hv2c-mgmt.farm.tcinet.ru ³
+hv2d-mgmt.farm.tcinet.ru ³
+hv3a-mgmt.farm.tcinet.ru ³
+hv3b-mgmt.farm.tcinet.ru ³
+hv3c-mgmt.farm.tcinet.ru ³
+hv3d-mgmt.farm.tcinet.ru ³
+hv4a-mgmt.farm.tcinet.ru ³
+hv4b-mgmt.farm.tcinet.ru ³
+hv4c-mgmt.farm.tcinet.ru ³
+hv4d-mgmt.farm.tcinet.ru ³
+ferrum.tcinet.ru ³
+fluorum.tcinet.ru ³
+ftp.tcinet.ru ²
+git.tcinet.ru ³
+gravy.tcinet.ru ³
+gravy-clarnet.tcinet.ru ³
+gravy2.tcinet.ru ³
+gtld-abuse.tcinet.ru ³
+helium.tcinet.ru ³
+hermes.tcinet.ru ³
+horus.tcinet.ru ³
+horus-mgmt.tcinet.ru ³
+intranet.tcinet.ru ³
+invar.tcinet.ru ³
+iodum.tcinet.ru ³
+jabber.tcinet.ru ²
+kanga1.tcinet.ru ³
+kanga2.tcinet.ru ³
+mnptest.tcinet.ru ³
+uap.tcinet.ru ³
+whois.tcinet.ru ²
+deti.whoistest.tcinet.ru ³
+uaptest.tcinet.ru:8092 ⁴
+
+
+² refused
+³ timed out
+⁴ self signed
+-->
+<ruleset name="tcinet.ru">
+	<target host="tcinet.ru" />
+	<target host="www.tcinet.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/tcs.ch.xml b/src/chrome/content/rules/tcs.ch.xml
new file mode 100644
index 000000000000..d2b42df55a05
--- /dev/null
+++ b/src/chrome/content/rules/tcs.ch.xml
@@ -0,0 +1,7 @@
+<ruleset name="TCS Schweiz (partial)">
+	<target host="www.tcs.ch" />
+	<target host="webmaptcs.trafficmap.ch" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/tdnetdiscover.com.xml b/src/chrome/content/rules/tdnetdiscover.com.xml
new file mode 100644
index 000000000000..5b5ce2f5284f
--- /dev/null
+++ b/src/chrome/content/rules/tdnetdiscover.com.xml
@@ -0,0 +1,24 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- dml.tdnetdiscover.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="tdnetdiscover.com">
+
+	<target host="dml.tdnetdiscover.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^dml\.tdnetdiscover\.com$" name="^(?:REDIRECT\.AutoLogin|TDNSESS)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/te-st.ru.xml b/src/chrome/content/rules/te-st.ru.xml
new file mode 100644
index 000000000000..bd4689d489fd
--- /dev/null
+++ b/src/chrome/content/rules/te-st.ru.xml
@@ -0,0 +1,52 @@
+<!--
+teploserver.te-st.ru ⁴
+
+
+⁴ self signed
+-->
+<ruleset name="te-st.ru">
+	<target host="te-st.ru" />
+	<target host="www.te-st.ru" />
+	<target host="altai.te-st.ru" />
+	<target host="audit.te-st.ru" />
+	<target host="crowd.te-st.ru" />
+	<target host="crowd16.te-st.ru" />
+	<target host="dev.te-st.ru" />
+	<target host="ecohack.te-st.ru" />
+	<target host="edu.te-st.ru" />
+	<target host="ekb.te-st.ru" />
+	<target host="gg.te-st.ru" />
+	<target host="giger.te-st.ru" />
+	<target host="hack.te-st.ru" />
+	<target host="inclu2016.te-st.ru" />
+	<target host="incluhack.te-st.ru" />
+	<target host="infocon.te-st.ru" />
+	<target host="interna.te-st.ru" />
+	<target host="itv.te-st.ru" />
+	<target host="kazan.te-st.ru" />
+	<target host="kms.te-st.ru" />
+	<target host="kotiki.te-st.ru" />
+	<target host="krsk.te-st.ru" />
+	<target host="kurs.te-st.ru" />
+	<target host="leyka.te-st.ru" />
+	<target host="mobile.te-st.ru" />
+	<target host="nn.te-st.ru" />
+	<target host="nn15.te-st.ru" />
+	<target host="nsk.te-st.ru" />
+	<target host="openrynda.te-st.ru" />
+	<target host="paseka.te-st.ru" />
+	<target host="penza.te-st.ru" />
+	<target host="perm.te-st.ru" />
+	<target host="rare.te-st.ru" />
+	<target host="samara.te-st.ru" />
+	<target host="sihack.te-st.ru" />
+	<target host="spb.te-st.ru" />
+	<target host="ulsk.te-st.ru" />
+	<target host="ural.te-st.ru" />
+	<target host="vio.te-st.ru" />
+	<target host="vn.te-st.ru" />
+	<target host="vrn.te-st.ru" />
+	<target host="zdrav.te-st.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/teachable.com.xml b/src/chrome/content/rules/teachable.com.xml
new file mode 100644
index 000000000000..96b16ceb9230
--- /dev/null
+++ b/src/chrome/content/rules/teachable.com.xml
@@ -0,0 +1,41 @@
+<!--
+	Nonfunctional hosts in *teachable.com:
+
+		- support ʰ
+
+	ʰ Redirects to http
+
+
+	Problematic hosts in *teachable.com:
+
+		- blog ᵐ
+		- status ᵐ
+		- teachable ᵐ
+
+	ᵐ Mismatched
+
+-->
+<ruleset name="Teachable.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="teachable.com" />
+	<target host="www.teachable.com" />
+
+	<!--	Complications:
+				-->
+	<target host="status.teachable.com" />
+
+
+	<securecookie host=".+" name="^optimizely" />
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://status\.teachable\.com/"
+		to="https://teachable.statuspage.io/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/teachcraft.net.xml b/src/chrome/content/rules/teachcraft.net.xml
new file mode 100644
index 000000000000..fc81dc8a27cc
--- /dev/null
+++ b/src/chrome/content/rules/teachcraft.net.xml
@@ -0,0 +1,11 @@
+<!--
+		Remark: *.teachcraft.net have a wildcard DNS Record.
+-->
+<ruleset name="teachcraft.net">
+	<target host="teachcraft.net" />
+	<target host="www.teachcraft.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/teacherspensions.co.uk.xml b/src/chrome/content/rules/teacherspensions.co.uk.xml
new file mode 100644
index 000000000000..6eeedbe00d7f
--- /dev/null
+++ b/src/chrome/content/rules/teacherspensions.co.uk.xml
@@ -0,0 +1,33 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://teacherspensions.co.uk/ => https://www.www.teacherspensions.co.uk/: (6, 'Could not resolve host: www.www.teacherspensions.co.uk')
+
+	Nonfunctional hosts in *teacherspensions.co.uk:
+
+		- mail ʳ
+
+	ʳ Refused
+
+-->
+<ruleset name="Teachers Pensions.co.uk (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.teacherspensions.co.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="teacherspensions.co.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://teacherspensions\.co\.uk/"
+		to="https://www.www.teacherspensions.co.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/team29.org.xml b/src/chrome/content/rules/team29.org.xml
new file mode 100644
index 000000000000..59ce56657e70
--- /dev/null
+++ b/src/chrome/content/rules/team29.org.xml
@@ -0,0 +1,15 @@
+<!--
+guide.team29.org ¹
+mk.team29.org ¹
+old.team29.org ¹
+
+
+¹ mismatch
+-->
+<ruleset name="team29.org">
+	<target host="team29.org" />
+	<target host="www.team29.org" />
+	<target host="media.team29.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/teamfortress.com.xml b/src/chrome/content/rules/teamfortress.com.xml
new file mode 100644
index 000000000000..19db9ff38cc0
--- /dev/null
+++ b/src/chrome/content/rules/teamfortress.com.xml
@@ -0,0 +1,27 @@
+<!--
+	For other Valve coverage, see Valve.xml.
+
+
+	(www.)?teamfortress.com: 403
+
+
+	Nonfunctional hosts in *teamfortress.com:
+
+		- (www.)? ³
+		- store ³
+
+	³ 403
+
+-->
+<ruleset name="Team Fortress (partial)">
+
+	<target host="wiki.teamfortress.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/teatime.fm.xml b/src/chrome/content/rules/teatime.fm.xml
new file mode 100644
index 000000000000..c90d9a277db0
--- /dev/null
+++ b/src/chrome/content/rules/teatime.fm.xml
@@ -0,0 +1,14 @@
+<!--
+	Invalid certificate:
+		listen.teatime.fm
+
+-->
+<ruleset name="TeaTime.FM">
+
+	<target host="teatime.fm" />
+	<target host="www.teatime.fm" />
+	<target host="admin.teatime.fm" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/techanarchy.net.xml b/src/chrome/content/rules/techanarchy.net.xml
new file mode 100644
index 000000000000..48194940e26a
--- /dev/null
+++ b/src/chrome/content/rules/techanarchy.net.xml
@@ -0,0 +1,13 @@
+<ruleset name="Tech Anarchy.net">
+
+	<target host="techanarchy.net" />
+	<target host="www.techanarchy.net" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/technet-cz.xml b/src/chrome/content/rules/technet-cz.xml
new file mode 100644
index 000000000000..77ff185467c9
--- /dev/null
+++ b/src/chrome/content/rules/technet-cz.xml
@@ -0,0 +1,6 @@
+<ruleset name="iDNES.cz">
+	<target host="technet.cz" />
+	
+	<rule from="^http://technet\.cz/"
+		to="https://idnes.cz/technet/" />
+</ruleset>
diff --git a/src/chrome/content/rules/technical-service.net.xml b/src/chrome/content/rules/technical-service.net.xml
new file mode 100644
index 000000000000..9611c6facd3e
--- /dev/null
+++ b/src/chrome/content/rules/technical-service.net.xml
@@ -0,0 +1,19 @@
+<ruleset name="technical-service.net">
+
+	<target host="technical-service.net" />
+	<target host="www.technical-service.net" />
+	<target host="staging.technical-service.net" />
+	<target host="staging-www.technical-service.net" />
+	<target host="te.technical-service.net" />
+		<test url="http://te.technical-service.net/api?pa=17" />
+	<target host="te-staging.technical-service.net" />
+	<target host="te-test.technical-service.net" />
+	<target host="tr.technical-service.net" />
+	<target host="tr-staging.technical-service.net" />
+	<target host="tr-test.technical-service.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/technik-museum.de.xml b/src/chrome/content/rules/technik-museum.de.xml
new file mode 100644
index 000000000000..bf98ee55336c
--- /dev/null
+++ b/src/chrome/content/rules/technik-museum.de.xml
@@ -0,0 +1,27 @@
+<!--
+	Invalid certificate:
+		on wildcard subdomains
+
+-->
+<ruleset name="technik-museum.de">
+
+	<target host="technik-museum.de" />
+	<target host="www.technik-museum.de" />
+	<target host="brazzeltag.technik-museum.de" />
+	<target host="www.brazzeltag.technik-museum.de" />
+	<target host="media.technik-museum.de" />
+	<target host="www.media.technik-museum.de" />
+	<target host="pdf.technik-museum.de" />
+	<target host="www.pdf.technik-museum.de" />
+	<target host="shop.technik-museum.de" />
+	<target host="www.shop.technik-museum.de" />
+	<target host="sinsheim.technik-museum.de" />
+	<target host="www.sinsheim.technik-museum.de" />
+	<target host="speyer.technik-museum.de" />
+	<target host="www.speyer.technik-museum.de" />
+	<target host="video.technik-museum.de" />
+	<target host="www.video.technik-museum.de" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/technobase.fm.xml b/src/chrome/content/rules/technobase.fm.xml
new file mode 100644
index 000000000000..468b6d44e42f
--- /dev/null
+++ b/src/chrome/content/rules/technobase.fm.xml
@@ -0,0 +1,18 @@
+<!--
+	Invalid certificate:
+		listen.technobase.fm
+		tray.technobase.fm
+
+	Not found:
+		chat.technobase.fm
+
+-->
+<ruleset name="TechnoBase.FM">
+
+	<target host="technobase.fm" />
+	<target host="www.technobase.fm" />
+	<target host="admin.technobase.fm" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/technologyconversations.com.xml b/src/chrome/content/rules/technologyconversations.com.xml
new file mode 100644
index 000000000000..4b587443f428
--- /dev/null
+++ b/src/chrome/content/rules/technologyconversations.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="technologyconversations.com">
+	<target host="technologyconversations.com" />
+	<target host="www.technologyconversations.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/technologyreview.in.xml b/src/chrome/content/rules/technologyreview.in.xml
new file mode 100644
index 000000000000..2c33527ec7fa
--- /dev/null
+++ b/src/chrome/content/rules/technologyreview.in.xml
@@ -0,0 +1,22 @@
+<!--
+	For other MIT coverage, see MIT.xml.
+
+
+	(www.)?technologyreview.in: Refused
+
+-->
+<ruleset name="TechnologyReview.in">
+
+	<target host="technologyreview.in" />
+	<target host="www.technologyreview.in" />
+
+
+	<!--	Redirect keeps path and args,
+		but not forward slash:
+					-->
+	<rule from="^http://(?:www\.)?technologyreview\.in/+"
+		to="https://www.technologyreview.com/" />
+
+		<test url="http://www.technologyreview.in/index.html" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/technopark.ru.xml b/src/chrome/content/rules/technopark.ru.xml
new file mode 100644
index 000000000000..0887ea891d04
--- /dev/null
+++ b/src/chrome/content/rules/technopark.ru.xml
@@ -0,0 +1,67 @@
+<!--
+autodiscover.technopark.ru ²
+bork.technopark.ru ³
+email.technopark.ru ²
+www.email.technopark.ru ²
+bounce.email.technopark.ru ²
+mta-1.email.technopark.ru ²
+www.nizhniy-novgorod.technopark.ru ¹
+opt.technopark.ru ¹
+spb.technopark.ru.technopark.ru ¹
+technopark.ruwww.technopark.ru ¹
+sklad.technopark.ru ¹
+www.spb.technopark.ru ¹
+spb.spb.technopark.ru ¹
+bi.technopark.ru different content
+mail.technopark.ru different content
+
+
+¹ mismatch
+² refused
+³ timed out
+-->
+<ruleset name="technopark.ru">
+	<target host="technopark.ru" />
+	<target host="www.technopark.ru" />
+	<target host="lyncdiscover.technopark.ru" />
+	<target host="lyncdiscoverinternal.technopark.ru" />
+	<target host="belgorod.technopark.ru" />
+	<target host="pbsrv.bonus.technopark.ru" />
+	<target host="pd.bonus.technopark.ru" />
+	<target host="bryansk.technopark.ru" />
+	<target host="cdn.technopark.ru" />
+	<target host="cdn1.technopark.ru" />
+	<target host="cdn2.technopark.ru" />
+	<target host="ekaterinburg.technopark.ru" />
+	<target host="himki.technopark.ru" />
+	<target host="kaluga.technopark.ru" />
+	<target host="kazakhstan.technopark.ru" />
+	<target host="krasnogorsk.technopark.ru" />
+	<target host="kursk.technopark.ru" />
+	<target host="meet.technopark.ru" />
+	<target host="new.technopark.ru" />
+	<target host="nizhniy-novgorod.technopark.ru" />
+	<target host="noginsk.technopark.ru" />
+	<target host="novomoskovsk.technopark.ru" />
+	<target host="novosibirsk.technopark.ru" />
+	<target host="obninsk.technopark.ru" />
+	<target host="omsk.technopark.ru" />
+	<target host="orel.technopark.ru" />
+	<target host="post.technopark.ru" />
+	<target host="push.technopark.ru" />
+	<target host="retail.technopark.ru" />
+	<target host="rostov-na-donu.technopark.ru" />
+	<target host="sergiev-posad.technopark.ru" />
+	<target host="sip.technopark.ru" />
+	<target host="sochi.technopark.ru" />
+	<target host="spb.technopark.ru" />
+	<target host="srvmail.technopark.ru" />
+	<target host="surgut.technopark.ru" />
+	<target host="test-gpb.technopark.ru" />
+	<target host="tula.technopark.ru" />
+	<target host="tyumen.technopark.ru" />
+	<target host="vladimir.technopark.ru" />
+	<target host="vologda.technopark.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/techpowerup.org.xml b/src/chrome/content/rules/techpowerup.org.xml
new file mode 100644
index 000000000000..a9b4cfe17cd9
--- /dev/null
+++ b/src/chrome/content/rules/techpowerup.org.xml
@@ -0,0 +1,7 @@
+<ruleset name="techpowerup.org">
+	<target host="techpowerup.org" />
+	<target host="www.techpowerup.org" />
+	<target host="img.techpowerup.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/techspot.com.xml b/src/chrome/content/rules/techspot.com.xml
new file mode 100644
index 000000000000..ef6d12989941
--- /dev/null
+++ b/src/chrome/content/rules/techspot.com.xml
@@ -0,0 +1,15 @@
+<!--
+			Insecure:
+				- www.in.techspot.com
+				- static.techspot.com
+			Can't connect:
+				- in.techspot.com
+-->
+<ruleset name="techspot.com">
+	<target host="techspot.com" />
+	<target host="www.techspot.com" />
+	<target host="store.techspot.com" />
+
+	<securecookie host=".+" name=".+" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/tehsausage.com.xml b/src/chrome/content/rules/tehsausage.com.xml
new file mode 100644
index 000000000000..706b0fe525ef
--- /dev/null
+++ b/src/chrome/content/rules/tehsausage.com.xml
@@ -0,0 +1,15 @@
+<!--
+	Invalid certificate:
+		sausage.tehsausage.com
+
+	Time out:
+		git.tehsausage.com
+-->
+<ruleset name="tehsausage.com">
+	<target host="tehsausage.com" />
+	<target host="www.tehsausage.com" />
+	<target host="cache.tehsausage.com" />
+
+	<rule from="^http://www\.tehsausage\.com/" to="https://tehsausage.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/tekram.com.xml b/src/chrome/content/rules/tekram.com.xml
new file mode 100644
index 000000000000..f72dfe0b953b
--- /dev/null
+++ b/src/chrome/content/rules/tekram.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="tekram.com">
+	<target host="tekram.com" />
+	<target host="www.tekram.com" />
+
+	<rule from="^http:" to="https:" />
+
+	<securecookie host="^\.tekram\.com$" name=".+" />
+</ruleset>
diff --git a/src/chrome/content/rules/telebasel.ch.xml b/src/chrome/content/rules/telebasel.ch.xml
new file mode 100644
index 000000000000..fd66380431bd
--- /dev/null
+++ b/src/chrome/content/rules/telebasel.ch.xml
@@ -0,0 +1,7 @@
+<ruleset name="telebasel.ch" platform="mixedcontent">
+	<target host="telebasel.ch" />
+	<target host="www.telebasel.ch" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/teleguide.info.xml b/src/chrome/content/rules/teleguide.info.xml
new file mode 100644
index 000000000000..bd9df621fce4
--- /dev/null
+++ b/src/chrome/content/rules/teleguide.info.xml
@@ -0,0 +1,20 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://node1.teleguide.info/ => https://node1.teleguide.info/: (28, 'Operation timed out after 30005 milliseconds with 0 bytes received')
+
+mail.teleguide.info/: (52, 'Empty reply from server')
+rt.teleguide.info ¹
+
+
+¹ mismatch
+-->
+<ruleset name="teleguide.info" default_off="failed ruleset test">
+	<target host="teleguide.info" />
+	<target host="www.teleguide.info" />
+	<target host="img.teleguide.info" />
+	<target host="node1.teleguide.info" />
+	<target host="service.teleguide.info" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/teleport2001.ru.xml b/src/chrome/content/rules/teleport2001.ru.xml
new file mode 100644
index 000000000000..79a6d9c7f7fc
--- /dev/null
+++ b/src/chrome/content/rules/teleport2001.ru.xml
@@ -0,0 +1,9 @@
+<!--new. mismatch
+www.doska. mismatch-->
+<ruleset name="teleport2001.ru">
+	<target host="teleport2001.ru" />
+	<target host="www.teleport2001.ru" />
+	<target host="info.teleport2001.ru" />
+	<target host="afisha.teleport2001.ru" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/telesign.com.xml b/src/chrome/content/rules/telesign.com.xml
new file mode 100644
index 000000000000..fe36a6f66cd3
--- /dev/null
+++ b/src/chrome/content/rules/telesign.com.xml
@@ -0,0 +1,35 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://telesign.com/ => https://telesign.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.telesign.com/ => https://www.telesign.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- developer.telesign.com
+		- teleportal.telesign.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="telesign.com" default_off="failed ruleset test">
+
+	<target host="telesign.com" />
+	<target host="developer.telesign.com" />
+	<target host="teleportal.telesign.com" />
+	<target host="www.telesign.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^developer\.telesign\.com$" name="^(?:XSRF-TOKEN|connect\.sid)$" /-->
+	<!--securecookie host="^teleportal\.telesign\.com$" name="^csrftoken$" /-->
+
+	<securecookie host="^\." name="_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/teletrust.de.xml b/src/chrome/content/rules/teletrust.de.xml
new file mode 100644
index 000000000000..633f02156be0
--- /dev/null
+++ b/src/chrome/content/rules/teletrust.de.xml
@@ -0,0 +1,25 @@
+<!--
+	^teletrust.de: Refused
+
+-->
+<ruleset name="TeleTrusT.de">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.teletrust.de" />
+
+	<!--	Complications:
+				-->
+	<target host="teletrust.de" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://teletrust\.de/"
+		to="https://www.teletrust.de/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/telford.gov.uk-falsemixed.xml b/src/chrome/content/rules/telford.gov.uk-falsemixed.xml
new file mode 100644
index 000000000000..86a8a29b5381
--- /dev/null
+++ b/src/chrome/content/rules/telford.gov.uk-falsemixed.xml
@@ -0,0 +1,25 @@
+<!--
+	For rules not causing false/broken MCB, see telford.gov.uk.xml.
+
+
+	NB: See https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Telford.gov.uk (false MCB)" platform="mixedcontent">
+
+	<!--	Complications:
+				-->
+	<target host="securetheatre.telford.gov.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<!--	Redirect drops all:
+					-->
+	<rule from="^http://securetheatre\.telford\.gov\.uk/.*"
+		to="https://theplacetelford.com/" />
+
+		<test url="http://securetheatre.telford.gov.uk/default.aspx" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/telford.gov.uk.xml b/src/chrome/content/rules/telford.gov.uk.xml
new file mode 100644
index 000000000000..59d934a621c6
--- /dev/null
+++ b/src/chrome/content/rules/telford.gov.uk.xml
@@ -0,0 +1,107 @@
+<!--
+	Telford & Wrekin Council
+
+	For rules causing false/broken MCB, see telford.gov.uk-falsemixed.xml.
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *telford.gov.uk:
+
+		- crmonlineforms ᵈ
+		- crmonlineforms:8080 ᵖ
+		- newsroom ⁴
+		- ocs ᵗ
+
+	⁴ 404
+	ᵈ Dropped
+	ᵖ Plaintext reply
+	ᵗ Reset
+
+
+	Problematic hosts in *telford.gov.uk:
+
+		- consult ᵐ
+		- securetheatre ⁴ ˣ
+
+	⁴ 404; preemptable redirect
+	ᵐ Mismatched
+	ˣ Mixed iframe at redirect destination, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- telford.gov.uk
+		- .telford.gov.uk
+		- apps.telford.gov.uk
+		- tlc.telford.gov.uk
+		- webapps.telford.gov.uk
+		- webforms.telford.gov.uk
+		- www.telford.gov.uk
+		- .www.telford.gov.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css on apps from fonts.googleapis.com ˢ
+		- favicon on apps from www.telford.gov.uk ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Telford.gov.uk (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="telford.gov.uk" />
+	<target host="applications.telford.gov.uk" />
+	<target host="apps.telford.gov.uk" />
+	<target host="mail.telford.gov.uk" />
+	<target host="maps.telford.gov.uk" />
+	<target host="secureleisure.telford.gov.uk" />
+	<target host="tlc.telford.gov.uk" />
+	<target host="webapps.telford.gov.uk" />
+	<target host="webforms.telford.gov.uk" />
+	<target host="webmail.telford.gov.uk" />
+	<target host="www.telford.gov.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="consult.telford.gov.uk" />
+	<!--target host="securetheatre.telford.gov.uk" /-->
+
+		<!--	Mixed content:
+					-->
+		<!--test url="http://apps.telford.gov.uk/CouncilAndDemocracy/Councillors" /-->
+		<!--test url="http://apps.telford.gov.uk/snowline/" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:(?:tlc|webforms|www)\.)?telford\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^\.telford\.gov\.uk$" name="^cadata[\dA-F]{32}$" /-->
+	<!--securecookie host="^webapps\.telford\.gov\.uk$" name="^SecurEnvoy4$" /-->
+	<!--securecookie host="^\.www\.telford\.gov\.uk$" name="^TestCookie$" /-->
+
+	<securecookie host="^\." name="^cadata" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://consult\.telford\.gov\.uk/"
+		to="https://telford-consult.objective.co.uk/" />
+
+		<test url="http://consult.telford.gov.uk/portal/contact_us" />
+
+	<!--	Redirect drops forward slash, path, and args:
+								-->
+	<!--rule from="^http://securetheatre\.telford\.gov\.uk/.*"
+		to="https://theplacetelford.com/" /-->
+
+		<!--test url="http://securetheatre.telford.gov.uk/default.aspx" /-->
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/tellapart.com.xml b/src/chrome/content/rules/tellapart.com.xml
new file mode 100644
index 000000000000..4a964ae7ee42
--- /dev/null
+++ b/src/chrome/content/rules/tellapart.com.xml
@@ -0,0 +1,36 @@
+<!--
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- tellapart.com
+		- .tellapart.com
+		- www.tellapart.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="TellApart.com">
+
+	<target host="tellapart.com" />
+	<target host="a.tellapart.com" />
+	<target host="t.tellapart.com" />
+	<target host="www.tellapart.com" />
+
+		<!--	Set cookies without Secure:
+							-->
+		<!--test url="http://a.tellapart.com/btexclude" /-->
+		<!--test url="http://t.tellapart.com/ttp?source=1&amp;aaid=1&amp;txn_id=&amp;tw_sale_amount=0&amp;tw_order_quantity=0&amp;p_id=Twitter&amp;twitter_partner_user_id=" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?tellapart\.com$" name="^X-Mapping-" /-->
+	<!--securecookie host="^\.tellapart\.com$" name="^(?:__[a-zA-Z]+|taoptout)$" /-->
+
+	<securecookie host="^\." name="^_" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/tellmescotland.gov.uk.xml b/src/chrome/content/rules/tellmescotland.gov.uk.xml
new file mode 100644
index 000000000000..dcc0ba263088
--- /dev/null
+++ b/src/chrome/content/rules/tellmescotland.gov.uk.xml
@@ -0,0 +1,28 @@
+<!--
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.tellmescotland.gov.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Tellme Scotland.gov.uk">
+
+	<target host="tellmescotland.gov.uk" />
+	<target host="www.tellmescotland.gov.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.tellmescotland\.gov\.uk$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/termbin.com.xml b/src/chrome/content/rules/termbin.com.xml
new file mode 100644
index 000000000000..f392d7cd152a
--- /dev/null
+++ b/src/chrome/content/rules/termbin.com.xml
@@ -0,0 +1,11 @@
+<!--
+	SSL error:
+		- www.l
+-->
+<ruleset name="termbin.com">
+	<target host="termbin.com" />
+	<target host="www.termbin.com" />
+	<target host="l.termbin.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/terrariaotherworld.com.xml b/src/chrome/content/rules/terrariaotherworld.com.xml
new file mode 100644
index 000000000000..c37bf1ddcdb4
--- /dev/null
+++ b/src/chrome/content/rules/terrariaotherworld.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="terrariaotherworld.com">
+	<target host="terrariaotherworld.com" />
+	<target host="www.terrariaotherworld.com" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/tesglobal.com.xml b/src/chrome/content/rules/tesglobal.com.xml
new file mode 100644
index 000000000000..e1f9313dad60
--- /dev/null
+++ b/src/chrome/content/rules/tesglobal.com.xml
@@ -0,0 +1,20 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://tesglobal.com/ => https://tesglobal.com/: (28, 'Connection timed out after 20000 milliseconds')
+
+-->
+<ruleset name="TES Global.com" default_off="failed ruleset test">
+
+	<target host="tesglobal.com" />
+	<target host="www.tesglobal.com" />
+
+
+	<securecookie host="^\." name="^_ga" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/tesla.com.xml b/src/chrome/content/rules/tesla.com.xml
new file mode 100644
index 000000000000..4a610def2ce8
--- /dev/null
+++ b/src/chrome/content/rules/tesla.com.xml
@@ -0,0 +1,28 @@
+<!--
+	Other Tesla Motors rulesets:
+
+		- Tesla_Motors.xml
+
+
+	Nonfunctional hosts in *tesla.com:
+
+		- ir ᵈ
+
+	ᵈ Dropped
+
+-->
+<ruleset name="Tesla.com (partial)">
+
+	<target host="tesla.com" />
+	<target host="forums.tesla.com" />
+	<target host="www.tesla.com" />
+
+
+	<securecookie host="^\." name="^(?:_gat?$|_gat_|optimizely)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/test-smoke.org.xml b/src/chrome/content/rules/test-smoke.org.xml
new file mode 100644
index 000000000000..bae453b6a435
--- /dev/null
+++ b/src/chrome/content/rules/test-smoke.org.xml
@@ -0,0 +1,23 @@
+<!--
+	Invalid certificate:
+		test-smoke.org
+		www.test-smoke.org
+		diane.test-smoke.org
+		mail.test-smoke.org
+		w3.test-smoke.org
+
+	Non-2xx HTTP code:
+		jenkins.test-smoke.org
+
+	Time out:
+		fido.test-smoke.org
+		fidovcs.test-smoke.org
+		fidobackend.test-smoke.org
+-->
+<ruleset name="test-smoke.org">
+	<target host="keizum.test-smoke.org" />
+	<target host="perl5.test-smoke.org" />
+	<target host="source.test-smoke.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/testament-erbe-und-pflichtteil.de.xml b/src/chrome/content/rules/testament-erbe-und-pflichtteil.de.xml
new file mode 100644
index 000000000000..907fcde62152
--- /dev/null
+++ b/src/chrome/content/rules/testament-erbe-und-pflichtteil.de.xml
@@ -0,0 +1,13 @@
+<ruleset name="Testament-Erbe-und-Pflichtteil.de">
+
+	<target host="testament-erbe-und-pflichtteil.de" />
+	<target host="www.testament-erbe-und-pflichtteil.de" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/tested.com.xml b/src/chrome/content/rules/tested.com.xml
new file mode 100644
index 000000000000..548998dbbba6
--- /dev/null
+++ b/src/chrome/content/rules/tested.com.xml
@@ -0,0 +1,13 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- tested.com
+
+		4xx client error:
+		- files.tested.com
+-->
+<ruleset name="tested.com">
+	<target host="www.tested.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/testfabrik.com.xml b/src/chrome/content/rules/testfabrik.com.xml
new file mode 100644
index 000000000000..cca7aaf9b9d6
--- /dev/null
+++ b/src/chrome/content/rules/testfabrik.com.xml
@@ -0,0 +1,22 @@
+<!--
+	Mixed content:
+
+		- css from fonts.googleapis.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Testfabrik.com">
+
+	<target host="testfabrik.com" />
+	<target host="tracking.testfabrik.com" />
+	<target host="www.testfabrik.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/testling.com.xml b/src/chrome/content/rules/testling.com.xml
new file mode 100644
index 000000000000..48ab1e44be8c
--- /dev/null
+++ b/src/chrome/content/rules/testling.com.xml
@@ -0,0 +1,9 @@
+<!--
+testling.com mismatch
+www.testling.com mismatch
+-->
+<ruleset name="testling.com (partial)">
+	<target host="ci.testling.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/tetadrogerie.cz.xml b/src/chrome/content/rules/tetadrogerie.cz.xml
new file mode 100644
index 000000000000..1dd9a35bf8ff
--- /dev/null
+++ b/src/chrome/content/rules/tetadrogerie.cz.xml
@@ -0,0 +1,7 @@
+<ruleset name="Teta drogerie">
+    <target host="tetadrogerie.cz" />
+    <target host="www.tetadrogerie.cz" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/textmechanic.com.xml b/src/chrome/content/rules/textmechanic.com.xml
new file mode 100644
index 000000000000..bc223e907401
--- /dev/null
+++ b/src/chrome/content/rules/textmechanic.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="TextMechanic.com" platform="mixedcontent">
+	<target host="textmechanic.com" />
+	<target host="www.textmechanic.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/tfgamessite.com.xml b/src/chrome/content/rules/tfgamessite.com.xml
new file mode 100644
index 000000000000..1b0ef97ab08b
--- /dev/null
+++ b/src/chrome/content/rules/tfgamessite.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="tfgamessite.com">
+	<target host="tfgamessite.com" />
+	<target host="www.tfgamessite.com" />
+	<target host="git.tfgamessite.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/tfm.ro.xml b/src/chrome/content/rules/tfm.ro.xml
new file mode 100644
index 000000000000..3e552cf201ad
--- /dev/null
+++ b/src/chrome/content/rules/tfm.ro.xml
@@ -0,0 +1,101 @@
+<!--
+aschi.tfm.ro ²
+aura.tfm.ro ²
+bede.tfm.ro ¹
+audio.bede.tfm.ro/: (52, 'Empty reply from server')
+cna.bede.tfm.ro ¹
+ipxe.bede.tfm.ro ¹
+monitor.bede.tfm.ro/: (52, 'Empty reply from server')
+plex.bede.tfm.ro ¹
+plex1.bede.tfm.ro ¹
+plex2.bede.tfm.ro ¹
+poze.bede.tfm.ro ¹
+radionet.bede.tfm.ro ¹
+repo.bede.tfm.ro ¹
+school.bede.tfm.ro/: (52, 'Empty reply from server')
+syno.bede.tfm.ro ¹
+test.bede.tfm.ro ¹
+test1.bede.tfm.ro ¹
+test2.bede.tfm.ro ¹
+test3.bede.tfm.ro ¹
+test4.bede.tfm.ro ¹
+test5.bede.tfm.ro ¹
+tftp.bede.tfm.ro ¹
+web.bede.tfm.ro ¹
+wifi1.bede.tfm.ro ¹
+wifi2.bede.tfm.ro ¹
+blog.tfm.ro ¹
+catsnpearls.tfm.ro ³
+cop.tfm.ro ¹
+devel.tfm.ro ³
+download.tfm.ro ³
+etp.tfm.ro ²
+felicitari.tfm.ro ¹
+gigix.tfm.ro ³
+cna.gigix.tfm.ro ³
+ipxe.gigix.tfm.ro ³
+kradio.gigix.tfm.ro ³
+monitor.gigix.tfm.ro ³
+nas.gigix.tfm.ro ³
+plex.gigix.tfm.ro ³
+plex1.gigix.tfm.ro ³
+plex2.gigix.tfm.ro ³
+radio.gigix.tfm.ro ³
+radionet.gigix.tfm.ro ³
+repo.gigix.tfm.ro ³
+router.gigix.tfm.ro ³
+syno.gigix.tfm.ro ³
+test.gigix.tfm.ro ³
+test1.gigix.tfm.ro ³
+test2.gigix.tfm.ro ³
+test3.gigix.tfm.ro ³
+test4.gigix.tfm.ro ³
+test5.gigix.tfm.ro ³
+tftp.gigix.tfm.ro ³
+web.gigix.tfm.ro ³
+wifi1.gigix.tfm.ro ³
+wifi2.gigix.tfm.ro ³
+host01.tfm.ro ²
+hq.tfm.ro ³
+hst.tfm.ro ³
+mail01.tfm.ro ²
+mike.tfm.ro ²
+mlm.tfm.ro ¹
+l.mon.tfm.ro ⁴
+crm.mvp.tfm.ro ¹
+p1.mvp.tfm.ro ¹
+p2.mvp.tfm.ro ¹
+p3.mvp.tfm.ro ¹
+mx1.tfm.ro ³
+ns.tfm.ro ³
+ns1.tfm.ro ³
+l.ovirt.tfm.ro ³
+portal.tfm.ro ¹
+secure.tfm.ro ³
+security.tfm.ro ²
+teo.tfm.ro ²
+victor.tfm.ro ¹
+l.vpn.tfm.ro ⁴
+confluence.tfm.ro different content
+jira.tfm.ro different content
+jenkins.mvp.tfm.ro different content
+sso.tfm.ro different content
+
+
+¹ mismatch
+² refused
+³ timed out
+⁴ self signed
+-->
+<ruleset name="tfm.ro (partial)">
+	<target host="tfm.ro" />
+	<target host="www.tfm.ro" />
+	<target host="cart.bede.tfm.ro" />
+	<target host="kradio.bede.tfm.ro" />
+	<target host="nas.bede.tfm.ro" />
+	<target host="radio.bede.tfm.ro" />
+	<target host="router.bede.tfm.ro" />
+	<target host="stash.tfm.ro" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/tgstation13.org.xml b/src/chrome/content/rules/tgstation13.org.xml
new file mode 100644
index 000000000000..cab054fe8a76
--- /dev/null
+++ b/src/chrome/content/rules/tgstation13.org.xml
@@ -0,0 +1,9 @@
+<ruleset name="tgstation13.org">
+	<target host="tgstation13.org" />
+	<target host="www.tgstation13.org" />
+	<target host="status.tgstation13.org" />
+
+	<rule from="^http:" to="https:" />
+		<test url="http://tgstation13.org/phpBB/" />
+		<test url="http://tgstation13.org/wiki/" />
+</ruleset>
diff --git a/src/chrome/content/rules/th3professional.com.xml b/src/chrome/content/rules/th3professional.com.xml
new file mode 100644
index 000000000000..229580ec7ebc
--- /dev/null
+++ b/src/chrome/content/rules/th3professional.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="th3professional.com">
+	<target host="th3professional.com" />
+	<target host="www.th3professional.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/thamesvalley.police.uk.xml b/src/chrome/content/rules/thamesvalley.police.uk.xml
new file mode 100644
index 000000000000..82fcdc4ac920
--- /dev/null
+++ b/src/chrome/content/rules/thamesvalley.police.uk.xml
@@ -0,0 +1,35 @@
+<!--
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *thamesvalley.police.uk:
+
+		- (www.)? ³
+		- crimestats ³
+
+	³ 403
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- reportonline.thamesvalley.police.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Thames Valley.Police.uk (partial)">
+
+	<target host="reportonline.thamesvalley.police.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^reportonline\.thamesvalley\.police\.uk$" name="^ISAWPLB\{[\dA-F-]+\}$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/thamesvalleyalert.co.uk.xml b/src/chrome/content/rules/thamesvalleyalert.co.uk.xml
new file mode 100644
index 000000000000..cb5206017579
--- /dev/null
+++ b/src/chrome/content/rules/thamesvalleyalert.co.uk.xml
@@ -0,0 +1,13 @@
+<ruleset name="Thames Valley Alert.co.uk">
+
+	<target host="thamesvalleyalert.co.uk" />
+	<target host="www.thamesvalleyalert.co.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/thcservers.com.xml b/src/chrome/content/rules/thcservers.com.xml
new file mode 100644
index 000000000000..33d7d2b0c97e
--- /dev/null
+++ b/src/chrome/content/rules/thcservers.com.xml
@@ -0,0 +1,43 @@
+<!--
+	Nonfunctional hosts in *thcservers.com:
+
+		- blog *
+
+	* Redirects to www.thcservers.com
+
+
+	Problematic hosts in *thcservers.com:
+
+		- server7 *
+
+	* Protocol-relative redirects to other domains
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.thcservers.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="THCServers.com (partial)">
+
+	<target host="thcservers.com" />
+	<target host="www.thcservers.com" />
+
+		<!--	Sets cookie without Secure:
+							-->
+		<!--test url="http://www.thcservers.com/portal/submitticket" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.thcservers\.com$" name="^WHMCS\w+$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/the-eye.eu.xml b/src/chrome/content/rules/the-eye.eu.xml
new file mode 100644
index 000000000000..9dde6a9b5d18
--- /dev/null
+++ b/src/chrome/content/rules/the-eye.eu.xml
@@ -0,0 +1,35 @@
+<!--
+	HTTPS != HTTP
+		- autodiscover
+
+	Connection refused:
+		- dash
+
+	Mismatched:
+		- rc
+
+	Expired:
+		- feed
+		- tt
+		- wsb
+-->
+<ruleset name="the-eye.eu">
+	<target host="the-eye.eu" />
+	<target host="www.the-eye.eu" />
+	<target host="beet.the-eye.eu" />
+	<target host="beta.the-eye.eu" />
+	<target host="cgs.the-eye.eu" />
+ 	<target host="exodos.the-eye.eu" />
+	<target host="fusker.the-eye.eu" />
+	<target host="irar.the-eye.eu" />
+	<target host="od-db.the-eye.eu" />
+	<target host="parazite.the-eye.eu" />
+	<target host="requests.the-eye.eu" />
+	<target host="rocketchat.the-eye.eu" />
+	<target host="s2.the-eye.eu" />
+ 	<target host="searchin.the-eye.eu" />
+	<target host="uptime.the-eye.eu" />
+	<target host="vv.the-eye.eu" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/the-i.de.xml b/src/chrome/content/rules/the-i.de.xml
new file mode 100644
index 000000000000..561980e598a5
--- /dev/null
+++ b/src/chrome/content/rules/the-i.de.xml
@@ -0,0 +1,13 @@
+<ruleset name="the-I.de">
+
+	<target host="the-i.de" />
+	<target host="www.the-i.de" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/the42.ie.xml b/src/chrome/content/rules/the42.ie.xml
new file mode 100644
index 000000000000..d503ad4b9709
--- /dev/null
+++ b/src/chrome/content/rules/the42.ie.xml
@@ -0,0 +1,51 @@
+<!--
+	For other TheJournal coverage, see TheJournal.ie.xml.
+
+
+	Problematic hosts in *the42.ie:
+
+		- ^ ᵐ
+		- static ᵐ
+
+	ᵐ Mismatched
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- www from static.the42.ie ˢ
+			- www from b0.thejournal.ie ˢ
+			- www from c[0-3].thejournal.ie ˢ
+			- www from img2.thejournal.ie ˢ
+
+		- Bug on www from b.scorecardresearch.com ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="The42.ie">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.the42.ie" />
+
+	<!--	Complications:
+				-->
+	<target host="the42.ie" />
+	<target host="static.the42.ie" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://the42\.ie/"
+		to="https://www.the42.ie/" />
+
+	<rule from="^http://static\.the42\.ie/"
+		to="https://b0.thejournal.ie/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/theCHIVE.com.xml b/src/chrome/content/rules/theCHIVE.com.xml
new file mode 100644
index 000000000000..db33fbc06874
--- /dev/null
+++ b/src/chrome/content/rules/theCHIVE.com.xml
@@ -0,0 +1,26 @@
+<!--
+Invalid certificate:
+	cdn.thechive.com
+	giveaway.thechive.com
+	social.thechive.com
+
+Redirect to HTTP:
+	i.thechive.com
+	static.i.thechive.com
+	my.thechive.com
+
+Refused connection:
+	advertise.thechive.com
+	nation.thechive.com
+-->
+<ruleset name="theCHIVE.com">
+	<target host="thechive.com" />
+	<target host="www.thechive.com" />
+	<target host="api.thechive.com" />
+	<target host="b.thechive.com" />
+	<target host="forums.thechive.com" />
+	<target host="m.thechive.com" />
+	<target host="thebrigade.thechive.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/theadulthub.com-falsemixed.xml b/src/chrome/content/rules/theadulthub.com-falsemixed.xml
new file mode 100644
index 000000000000..31fe38c5a369
--- /dev/null
+++ b/src/chrome/content/rules/theadulthub.com-falsemixed.xml
@@ -0,0 +1,21 @@
+<!--
+	For rules not causing false/broken MCB, see theadulthub.com-falsemixed.xml.
+
+
+	NB: See https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="The Adult Hub.com (false MCB)" platform="mixedcontent">
+
+	<target host="theadulthub.com" />
+	<target host="www.theadulthub.com" />
+
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/theadulthub.com.xml b/src/chrome/content/rules/theadulthub.com.xml
new file mode 100644
index 000000000000..448a5d8c2503
--- /dev/null
+++ b/src/chrome/content/rules/theadulthub.com.xml
@@ -0,0 +1,57 @@
+<!--
+	For rules causing false/broken MCB, see theadulthub.com-falsemixed.xml.
+
+
+	Nonfunctional hosts in *theadulthub.com:
+
+		- blog ᵈ
+		- hookup ᵃ
+
+	ᵃ Shows another domain
+	ᵈ Dropped
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- theadulthub.com
+		- swingers.theadulthub.com
+		- www.theadulthub.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css, on:
+
+			- (www.)? from fonts.googleapis.com ˢ
+			- (www.)? from cdna.thehubpeople.com
+
+		- Images on (www.)? from cdna.thehubpeople.com
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="The Adult Hub.com (partial)">
+
+	<!--target host="theadulthub.com" /-->
+	<target host="swingers.theadulthub.com" />
+	<!--target host="www.theadulthub.com" /-->
+
+		<!--	Mixed css:
+					-->
+		<!--test url="http://www.theadulthub.com/signup/signup1.aspx?partnerId=" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?theadulthub\.com$" name="^(?:_siteNicheEventsFiltering|ASP\.NET_SessionId)$" /-->
+	<!--securecookie host="^swingers\.theadulthub\.com$" name="^(?:ASP\.NET_SessionId|countryId|memberType|partnerId|regionId$)" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/theamericangenius.com.xml b/src/chrome/content/rules/theamericangenius.com.xml
new file mode 100644
index 000000000000..0bfcfdcd206b
--- /dev/null
+++ b/src/chrome/content/rules/theamericangenius.com.xml
@@ -0,0 +1,21 @@
+<!--
+	Mixed content:
+
+		- Bug on ^ from c.statcounter.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="The American Genius.com">
+
+	<target host="theamericangenius.com" />
+	<target host="www.theamericangenius.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/thebodyshop.co.id.xml b/src/chrome/content/rules/thebodyshop.co.id.xml
new file mode 100644
index 000000000000..c2c93d657552
--- /dev/null
+++ b/src/chrome/content/rules/thebodyshop.co.id.xml
@@ -0,0 +1,36 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://thebodyshop.co.id/ => https://thebodyshop.co.id/: (28, 'Connection timed out after 20001 milliseconds')
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.thebodyshop.co.id
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- favicon on www from $self ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="The Body Shop.id" default_off="failed ruleset test">
+
+	<target host="thebodyshop.co.id" />
+	<target host="www.thebodyshop.co.id" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.thebodyshop\.co\.id$" name="^(?:JSESSIONID|ROUTEID|thebodyshop-cart)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/thechinfamily.hk.xml b/src/chrome/content/rules/thechinfamily.hk.xml
new file mode 100644
index 000000000000..2e027a13225e
--- /dev/null
+++ b/src/chrome/content/rules/thechinfamily.hk.xml
@@ -0,0 +1,18 @@
+<!--
+	For other HK government coverage, see GovHK.xml.
+
+	Nonfunctional hosts in *.thechinfamily.hk:
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="thechinfamily.hk">
+	<target host="thechinfamily.hk" />
+	<target host="www.thechinfamily.hk" />
+	<target host="sc.thechinfamily.hk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/thecipherbrief.com.xml b/src/chrome/content/rules/thecipherbrief.com.xml
new file mode 100644
index 000000000000..2b4b34b115c4
--- /dev/null
+++ b/src/chrome/content/rules/thecipherbrief.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Mixed content:
+
+		- Image from $self thecipherbrief.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="The Cipher Brief.com">
+
+	<target host="thecipherbrief.com" />
+	<target host="www.thecipherbrief.com" />
+
+		<!--	Mixed image:
+					-->
+		<!--test url="http://thecipherbrief.com/subscribe" /-->
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/thecommunicationtrust.org.uk.xml b/src/chrome/content/rules/thecommunicationtrust.org.uk.xml
new file mode 100644
index 000000000000..11ef44a1ae1e
--- /dev/null
+++ b/src/chrome/content/rules/thecommunicationtrust.org.uk.xml
@@ -0,0 +1,24 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- thecommunicationtrust.org.uk
+		- www.thecommunicationtrust.org.uk
+
+-->
+<ruleset name="The Communication Trust.org.uk">
+
+	<target host="thecommunicationtrust.org.uk" />
+	<target host="www.thecommunicationtrust.org.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?thecommunicationtrust\.org\.uk$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/thedarkmod.com.xml b/src/chrome/content/rules/thedarkmod.com.xml
new file mode 100644
index 000000000000..197a99fbbbcc
--- /dev/null
+++ b/src/chrome/content/rules/thedarkmod.com.xml
@@ -0,0 +1,23 @@
+<!--
+	Invalid certificate:
+		forumsbeta.thedarkmod.com
+		ftp.thedarkmod.com
+		hg.thedarkmod.com
+		mirrors.thedarkmod.com
+		mysql.thedarkmod.com
+		webmail.thedarkmod.com
+-->
+<ruleset name="thedarkmod.com">
+	<target host="thedarkmod.com" />
+	<target host="www.thedarkmod.com" />
+	<target host="bugs.thedarkmod.com" />
+	<target host="forums.thedarkmod.com" />
+	<target host="mail.thedarkmod.com" />
+	<target host="missions.thedarkmod.com" />
+	<target host="update.thedarkmod.com" />
+	  <test url="http://update.thedarkmod.com/zipsync/tdm_installer.exe.zip" />
+	<target host="svn.thedarkmod.com" />
+	<target host="wiki.thedarkmod.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/thedebrief.co.uk.xml b/src/chrome/content/rules/thedebrief.co.uk.xml
new file mode 100644
index 000000000000..5ba7a69cd8d4
--- /dev/null
+++ b/src/chrome/content/rules/thedebrief.co.uk.xml
@@ -0,0 +1,26 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://thedebrief.co.uk/ => https://thedebrief.co.uk/: (7, 'Failed to connect to thedebrief.co.uk port 443: Connection timed out')
+
+	Mixed content:
+
+		- Images from mediastorage-lls.bauermedia.co.uk
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="The Debrief.co.uk" default_off="failed ruleset test">
+
+	<target host="thedebrief.co.uk" />
+	<target host="www.thedebrief.co.uk" />
+
+
+	<securecookie host="^\." name="_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/theeca.com.xml b/src/chrome/content/rules/theeca.com.xml
new file mode 100644
index 000000000000..bd753e06b928
--- /dev/null
+++ b/src/chrome/content/rules/theeca.com.xml
@@ -0,0 +1,20 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- theeca.com
+		- www.theeca.com
+		- action.theeca.com
+		- eee.theeca.com
+		- forums.theeca.com
+		- www.forums.theeca.com
+-->
+<ruleset name="theeca.com" default_off="cert-invalid">
+	<target host="theeca.com" />
+	<target host="www.theeca.com" />
+	<target host="action.theeca.com" />
+	<target host="eee.theeca.com" />
+	<target host="forums.theeca.com" />
+	<target host="www.forums.theeca.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/thefiringline.com.xml b/src/chrome/content/rules/thefiringline.com.xml
new file mode 100644
index 000000000000..66e6a11ef6e3
--- /dev/null
+++ b/src/chrome/content/rules/thefiringline.com.xml
@@ -0,0 +1,28 @@
+<!--
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- thefiringline.com
+		- .thefiringline.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="The Firing Line.com">
+
+	<target host="thefiringline.com" />
+	<target host="www.thefiringline.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^thefiringline\.com$" name="^bb2_screener$" /-->
+	<!--securecookie host="^\.thefiringline\.com$" name="^bbsessionhash$" /-->
+
+	<securecookie host="^\." name="^(?:__cfduid|bbsessionhash|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/theforeman.org.xml b/src/chrome/content/rules/theforeman.org.xml
new file mode 100644
index 000000000000..1761a0ae24e3
--- /dev/null
+++ b/src/chrome/content/rules/theforeman.org.xml
@@ -0,0 +1,37 @@
+<!--
+	Nonfunctional hosts in *theforeman.org:
+
+		- projects ᵐ
+
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- projects.theforeman.org
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="The Foreman.org (partial)">
+
+	<target host="theforeman.org" />
+	<target host="deb.theforeman.org" />
+	<target host="debugs.theforeman.org" />
+	<target host="downloads.theforeman.org" />
+	<target host="stagingdeb.theforeman.org" />
+	<target host="www.theforeman.org" />
+	<target host="yum.theforeman.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^projects\.theforeman\.org$" name="^_redmine_session$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/thegeekblog.co.uk.xml b/src/chrome/content/rules/thegeekblog.co.uk.xml
new file mode 100644
index 000000000000..518337385473
--- /dev/null
+++ b/src/chrome/content/rules/thegeekblog.co.uk.xml
@@ -0,0 +1,11 @@
+<!--
+	Invalid certificate:
+		ftp.thegeekblog.co.uk
+-->
+<ruleset name="thegeekblog.co.uk">
+	<target host="thegeekblog.co.uk" />
+	<target host="www.thegeekblog.co.uk" />
+
+	<rule from="^http://thegeekblog\.co\.uk/" to="https://www.thegeekblog.co.uk/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/thegenealogist.co.uk.xml b/src/chrome/content/rules/thegenealogist.co.uk.xml
new file mode 100644
index 000000000000..6ec1b440eb8a
--- /dev/null
+++ b/src/chrome/content/rules/thegenealogist.co.uk.xml
@@ -0,0 +1,23 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- www.thegenealogist.co.uk
+
+-->
+<ruleset name="The Genealogist.co.uk">
+
+	<target host="thegenealogist.co.uk" />
+	<target host="www.thegenealogist.co.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.thegenealogist\.co\.uk$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/thegyllenhall.com.xml b/src/chrome/content/rules/thegyllenhall.com.xml
new file mode 100644
index 000000000000..4411e4720912
--- /dev/null
+++ b/src/chrome/content/rules/thegyllenhall.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="thegyllenhall.com">
+	<target host="thegyllenhall.com" />
+	<target host="www.thegyllenhall.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/theindigokitchen.com.xml b/src/chrome/content/rules/theindigokitchen.com.xml
new file mode 100644
index 000000000000..43847fa2cf60
--- /dev/null
+++ b/src/chrome/content/rules/theindigokitchen.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="theindigokitchen.com">
+	<target host="theindigokitchen.com" />
+	<target host="www.theindigokitchen.com" />
+	
+	
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/theinfosphere.org.xml b/src/chrome/content/rules/theinfosphere.org.xml
new file mode 100644
index 000000000000..d97c08f5ba8d
--- /dev/null
+++ b/src/chrome/content/rules/theinfosphere.org.xml
@@ -0,0 +1,22 @@
+<!--
+	Mixed content:
+
+		- favicon from ^theinfosphere.org ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="The Infosphere.org">
+
+	<target host="theinfosphere.org" />
+	<target host="www.theinfosphere.org" />
+
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/theinquirer.net.xml b/src/chrome/content/rules/theinquirer.net.xml
new file mode 100644
index 000000000000..b89819bfa293
--- /dev/null
+++ b/src/chrome/content/rules/theinquirer.net.xml
@@ -0,0 +1,24 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://assets.theinquirer.net/ => https://assets.theinquirer.net/: (60, 'SSL certificate problem: certificate has expired')
+
+Invalid certificate:
+	email.theinquirer.net
+	live.theinquirer.net
+	newswires.theinquirer.net
+	research.theinquirer.net
+	tour.theinquirer.net
+-->
+<ruleset name="theinquirer.net" default_off="failed ruleset test">
+	<target host="theinquirer.net"/>
+	<target host="www.theinquirer.net"/>
+	<target host="assets.theinquirer.net"/>
+	<target host="debates.theinquirer.net"/>
+	<target host="m.theinquirer.net"/>
+	<target host="research.theinquirer.net"/>
+	<target host="store.theinquirer.net"/>
+
+	<rule from="^http://research\.theinquirer\.net/" to="https://www.theinquirer.net/"/>
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/theins.ru.xml b/src/chrome/content/rules/theins.ru.xml
new file mode 100644
index 000000000000..0e145f200089
--- /dev/null
+++ b/src/chrome/content/rules/theins.ru.xml
@@ -0,0 +1,6 @@
+<ruleset name="theins.ru">
+	<target host="theins.ru" />
+	<target host="www.theins.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/thekelleys.org.uk.xml b/src/chrome/content/rules/thekelleys.org.uk.xml
new file mode 100644
index 000000000000..bdb7967181a8
--- /dev/null
+++ b/src/chrome/content/rules/thekelleys.org.uk.xml
@@ -0,0 +1,6 @@
+<ruleset name="thekelleys.org.uk">
+	<target host="thekelleys.org.uk" />
+	<target host="www.thekelleys.org.uk" />
+	<target host="lists.thekelleys.org.uk" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/theladbible.com.xml b/src/chrome/content/rules/theladbible.com.xml
new file mode 100644
index 000000000000..731ba98b98e7
--- /dev/null
+++ b/src/chrome/content/rules/theladbible.com.xml
@@ -0,0 +1,40 @@
+<!--
+	For other Lad Bible Group coverage, see theladbiblegroup.com.xml.
+
+
+	Nonfunctional hosts in *theladbible.com:
+
+		- submissions ʳ
+		- www ʰ
+
+	ʰ Redirects to http
+	ʳ Refused
+
+-->
+<ruleset name="The Lad Bible.com (partial)">
+
+	<!--target host="theladbible.com" /-->
+	<target host="cdn.theladbible.com" />
+	<target host="www1.theladbible.com" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.theladbible\.com/(?:$|bundles/\w+/images/|css/|images/)" /-->
+
+			<!--	+ve:
+					-->
+			<!--test url="http://www.theladbible.com/bundles/theladbiblecontent/images/footer-more.png" /-->
+			<!--test url="http://www.theladbible.com/css/main.css" /-->
+			<!--test url="http://www.theladbible.com/images/b93ca21.png" /-->
+
+		<test url="http://www1.theladbible.com/images/content/320w/892e4f0856f584587369796d9abcaf6f.jpg" />
+
+
+	<securecookie host="^\." name="^_(?:_cfduid|gat?$|gat_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/theladbiblegroup.com.xml b/src/chrome/content/rules/theladbiblegroup.com.xml
new file mode 100644
index 000000000000..0566ba355bd8
--- /dev/null
+++ b/src/chrome/content/rules/theladbiblegroup.com.xml
@@ -0,0 +1,42 @@
+<!--
+	Other Lad Bible Group rulesets:
+
+		- pretty52.com.xml
+		- theladbible.com.xml
+		- theoddsbible.com.xml
+		- thesportbible.com.xml
+
+
+	Insecure cookies are set for these hosts:
+
+		- 20.theladbiblegroup.com
+
+
+	Mixed content:
+
+		- css from fonts.googleapis.com ˢ
+		- css from $self ˢ
+		- Images from $self ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="The Lad Bible Group.com" platform="mixedcontent">
+
+	<target host="theladbiblegroup.com" />
+	<target host="20.theladbiblegroup.com" />
+	<target host="www.theladbiblegroup.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^20\.theladbiblegroup\.com$" name="^SERVERID$" /-->
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/thelateroomsgroup.com.xml b/src/chrome/content/rules/thelateroomsgroup.com.xml
new file mode 100644
index 000000000000..6a90173d1c56
--- /dev/null
+++ b/src/chrome/content/rules/thelateroomsgroup.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="The Late Rooms Group.com">
+
+	<target host="a0.thelateroomsgroup.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/thelayoff.com.xml b/src/chrome/content/rules/thelayoff.com.xml
new file mode 100644
index 000000000000..af593f82ec69
--- /dev/null
+++ b/src/chrome/content/rules/thelayoff.com.xml
@@ -0,0 +1,17 @@
+<!--
+	Non-functional subdomain:
+		- !www		(unknown protocol)
+-->
+<ruleset name="TheLayoff.com">
+	<target host="thelayoff.com" />
+	<target host="www.thelayoff.com" />
+
+	<securecookie host="www\.thelayoff\.com$" name=".+" />
+
+	<!-- unknown protocol: -->
+	<rule from="^http://thelayoff\.com/"
+		to="https://www.thelayoff.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/thelocal.at.xml b/src/chrome/content/rules/thelocal.at.xml
new file mode 100644
index 000000000000..0cf660507eaf
--- /dev/null
+++ b/src/chrome/content/rules/thelocal.at.xml
@@ -0,0 +1,44 @@
+<!--
+	For other The Local coverage, see Local.xml.
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.thelocal.at
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Image on www from $self ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="The Local.at">
+
+	<target host="thelocal.at" />
+	<target host="www.thelocal.at" />
+
+		<!--	Mixed image:
+							-->
+		<!--test url="http://www.thelocal.at/jobs/recruiters/" /-->
+
+		<!--	Sets cookie without Secure:
+							-->
+		<!--test url="http://www.thelocal.at/members/register" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.thelocal\.at$" name="^(?:PHPSESSID|ci_session)$" /-->
+
+	<securecookie host="^\." name="^_ga" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/thelocal.ch.xml b/src/chrome/content/rules/thelocal.ch.xml
new file mode 100644
index 000000000000..2d922d136d48
--- /dev/null
+++ b/src/chrome/content/rules/thelocal.ch.xml
@@ -0,0 +1,51 @@
+<!--
+	For other The Local coverage, see Local.xml.
+
+
+	Nonfunctional hosts in *thelocal.ch:
+
+		- dating ᵈ
+
+	ᵈ Dropped
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.thelocal.ch
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Image on www from $self ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="The Local.ch (partial)">
+
+	<target host="thelocal.ch" />
+	<target host="www.thelocal.ch" />
+
+		<!--	Mixed image:
+							-->
+		<!--test url="http://www.thelocal.ch/jobs/recruiters/" /-->
+
+		<!--	Sets cookie without Secure:
+							-->
+		<!--test url="http://www.thelocal.ch/members/register" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.thelocal\.ch$" name="^(?:PHPSESSID|ci_session)$" /-->
+
+	<securecookie host="^\." name="^_ga" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/thelocal.de.xml b/src/chrome/content/rules/thelocal.de.xml
new file mode 100644
index 000000000000..e14bb8bf08b0
--- /dev/null
+++ b/src/chrome/content/rules/thelocal.de.xml
@@ -0,0 +1,57 @@
+<!--
+	For other The Local coverage, see Local.xml.
+
+
+	Nonfunctional hosts in *thelocal.de:
+
+		- dating ᵈ
+
+	ᵈ Dropped
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.thelocal.de
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Image on www from $self ˢ
+
+		- Ads, on:
+
+			- www from $self ˢ
+			- www from www.thelocal.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="The Local.de (partial)">
+
+	<target host="thelocal.de" />
+	<target host="www.thelocal.de" />
+
+		<!--	Mixed content:
+					-->
+		<!--test url="http://www.thelocal.de/jobs/?alljobs=1" /-->
+		<!--test url="http://www.thelocal.de/jobs/recruiters/" /-->
+
+		<!--	Sets cookie without Secure:
+							-->
+		<!--test url="http://www.thelocal.de/members/register" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.thelocal\.de$" name="^(?:PHPSESSID|ci_session)$" /-->
+
+	<securecookie host="^\." name="^_ga" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/thelocal.dk.xml b/src/chrome/content/rules/thelocal.dk.xml
new file mode 100644
index 000000000000..43440a5b9b34
--- /dev/null
+++ b/src/chrome/content/rules/thelocal.dk.xml
@@ -0,0 +1,44 @@
+<!--
+	For other The Local coverage, see Local.xml.
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.thelocal.dk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Image on www from $self ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="The Local.dk">
+
+	<target host="thelocal.dk" />
+	<target host="www.thelocal.dk" />
+
+		<!--	Mixed image:
+							-->
+		<!--test url="http://www.thelocal.dk/jobs/recruiters/" /-->
+
+		<!--	Sets cookie without Secure:
+							-->
+		<!--test url="http://www.thelocal.dk/members/register" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.thelocal\.dk$" name="^(?:PHPSESSID|ci_session)$" /-->
+
+	<securecookie host="^\." name="^_ga" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/thelocal.es.xml b/src/chrome/content/rules/thelocal.es.xml
new file mode 100644
index 000000000000..a2462e0afab5
--- /dev/null
+++ b/src/chrome/content/rules/thelocal.es.xml
@@ -0,0 +1,44 @@
+<!--
+	For other The Local coverage, see Local.xml.
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.thelocal.es
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Image on www from $self ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="The Local.es">
+
+	<target host="thelocal.es" />
+	<target host="www.thelocal.es" />
+
+		<!--	Mixed image:
+							-->
+		<!--test url="http://www.thelocal.es/jobs/recruiters/" /-->
+
+		<!--	Sets cookie without Secure:
+							-->
+		<!--test url="http://www.thelocal.es/members/register" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.thelocal\.es$" name="^(?:PHPSESSID|ci_session)$" /-->
+
+	<securecookie host="^\." name="^_ga" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/thelocal.fr.xml b/src/chrome/content/rules/thelocal.fr.xml
new file mode 100644
index 000000000000..0328da68eff7
--- /dev/null
+++ b/src/chrome/content/rules/thelocal.fr.xml
@@ -0,0 +1,51 @@
+<!--
+	For other The Local coverage, see Local.xml.
+
+
+	Nonfunctional hosts in *thelocal.fr:
+
+		- dating ᵈ
+
+	ᵈ Dropped
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.thelocal.fr
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Image on www from $self ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="The Local.fr (partial)">
+
+	<target host="thelocal.fr" />
+	<target host="www.thelocal.fr" />
+
+		<!--	Mixed image:
+							-->
+		<!--test url="http://www.thelocal.fr/jobs/recruiters/" /-->
+
+		<!--	Sets cookie without Secure:
+							-->
+		<!--test url="http://www.thelocal.fr/members/register" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.thelocal\.fr$" name="^(?:PHPSESSID|ci_session)$" /-->
+
+	<securecookie host="^\." name="^_ga" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/thelocal.it.xml b/src/chrome/content/rules/thelocal.it.xml
new file mode 100644
index 000000000000..7065ed4d28df
--- /dev/null
+++ b/src/chrome/content/rules/thelocal.it.xml
@@ -0,0 +1,43 @@
+<!--
+	For other The Local coverage, see Local.xml.
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.thelocal.it
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Image on www from $self ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="The Local.it">
+
+	<target host="thelocal.it" />
+	<target host="www.thelocal.it" />
+
+		<!--	Mixed image:
+							-->
+		<!--test url="http://www.thelocal.it/jobs/recruiters/" /-->
+
+		<!--	Sets cookie without Secure:
+							-->
+		<!--test url="http://www.thelocal.it/members/register" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.thelocal\.it$" name="^(?:PHPSESSID|ci_session)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/thelocal.no.xml b/src/chrome/content/rules/thelocal.no.xml
new file mode 100644
index 000000000000..73f24355a68b
--- /dev/null
+++ b/src/chrome/content/rules/thelocal.no.xml
@@ -0,0 +1,43 @@
+<!--
+	For other The Local coverage, see Local.xml.
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.thelocal.no
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Image on www from $self ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="The Local.no">
+
+	<target host="thelocal.no" />
+	<target host="www.thelocal.no" />
+
+		<!--	Mixed image:
+							-->
+		<!--test url="http://www.thelocal.no/jobs/recruiters/" /-->
+
+		<!--	Sets cookie without Secure:
+							-->
+		<!--test url="http://www.thelocal.no/members/register" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.thelocal\.no$" name="^(?:PHPSESSID|ci_session)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/thelocal.se.xml b/src/chrome/content/rules/thelocal.se.xml
new file mode 100644
index 000000000000..314ada5768fe
--- /dev/null
+++ b/src/chrome/content/rules/thelocal.se.xml
@@ -0,0 +1,64 @@
+<!--
+	For other The Local coverage, see Local.xml.
+
+
+	Nonfunctional hosts in *thelocal.se:
+
+		- dating ᵈ
+
+	ᵈ Dropped
+
+
+	Problematic hosts in *thelocal.se:
+
+		- shop ᵐ
+
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.thelocal.se
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css on shop from www.thelocal.se ˢ
+
+		- Images, on:
+
+			- shop from $self ᵐ
+			- www from $self ˢ
+
+	ᵐ Not secured by us <= mismatched
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="The Local.se (partial)">
+
+	<target host="thelocal.se" />
+	<target host="www.thelocal.se" />
+
+		<!--	Mixed images:
+					-->
+		<!--test url="http://www.thelocal.se/jobs/" /-->
+		<!--test url="http://www.thelocal.se/jobs/recruiters/" /-->
+
+		<!--	Sets cookie without Secure:
+							-->
+		<!--test url="http://www.thelocal.se/members/register" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.thelocal\.se$" name="^(?:PHPSESSID|ci_session)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/themeforest.net.xml b/src/chrome/content/rules/themeforest.net.xml
new file mode 100644
index 000000000000..539869b2d784
--- /dev/null
+++ b/src/chrome/content/rules/themeforest.net.xml
@@ -0,0 +1,12 @@
+<!--
+		Redirect to HTML: preview.themeforest.net
+		Blank page: go.themeforest.net
+-->
+<ruleset name="themeforest.net">
+	<target host="themeforest.net" />
+	<target host="www.themeforest.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/themoscowtimes.com.xml b/src/chrome/content/rules/themoscowtimes.com.xml
new file mode 100644
index 000000000000..a793eaa0f9e5
--- /dev/null
+++ b/src/chrome/content/rules/themoscowtimes.com.xml
@@ -0,0 +1,33 @@
+<!--
+	Nonfunctional hosts in *themoscowtimes.com:
+
+		- old ʳ
+
+	ʳ Refused
+
+
+	www.themoscowtimes.com: Mismatched
+
+-->
+<ruleset name="The Moscow Times.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="themoscowtimes.com" />
+
+	<!--	Complications:
+				-->
+	<target host="www.themoscowtimes.com" />
+
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://www\.themoscowtimes\.com/"
+		to="https://themoscowtimes.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/theoddsbible.com.xml b/src/chrome/content/rules/theoddsbible.com.xml
new file mode 100644
index 000000000000..afce7557e2a4
--- /dev/null
+++ b/src/chrome/content/rules/theoddsbible.com.xml
@@ -0,0 +1,26 @@
+<!--
+	For other Lad Bible Group coverage, see theladbiblegroup.com.xml.
+
+
+	Insecure cookies are set for these domains:
+
+		- .theoddsbible.com
+
+-->
+<ruleset name="The Odds Bible.com">
+
+	<target host="theoddsbible.com" />
+	<target host="www.theoddsbible.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.theoddsbible\.com$" name="^(?:basket|logged_in|mobile_redirect|mobile_welcome_centre|number_access|odds_type|odds_default_stake|oddsbible_device|recently_viewed|session-id)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/thepeak.com.hk.xml b/src/chrome/content/rules/thepeak.com.hk.xml
new file mode 100644
index 000000000000..90830f62c116
--- /dev/null
+++ b/src/chrome/content/rules/thepeak.com.hk.xml
@@ -0,0 +1,6 @@
+<ruleset name="The Peak Hong Kong">
+	<target host="thepeak.com.hk" />
+	<target host="www.thepeak.com.hk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/thepensionsregulator.gov.uk.xml b/src/chrome/content/rules/thepensionsregulator.gov.uk.xml
new file mode 100644
index 000000000000..2407316709a9
--- /dev/null
+++ b/src/chrome/content/rules/thepensionsregulator.gov.uk.xml
@@ -0,0 +1,77 @@
+<!--
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Problematic hosts in *thepensionsregulator.gov.uk:
+
+		- help ᵐ
+
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- administration.thepensionsregulator.gov.uk
+		- education.thepensionsregulator.gov.uk
+		- help.thepensionsregulator.gov.uk
+		- login.thepensionsregulator.gov.uk
+		- trusteetoolkit.thepensionsregulator.gov.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css on automation from fonts.googleapis.com ˢ
+		- Images on forms, trusteetoolkit from www.thepensionsregulator.gov.uk ⁴
+		- Bugs on automation, forms, help from logw309.ati-host.net ʳ
+
+	⁴ Unsecurable <= 404
+	ʳ Unsecurable <= refused
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="The Pensions Regulator.gov.uk (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="administration.thepensionsregulator.gov.uk" />
+	<target host="automation.thepensionsregulator.gov.uk" />
+	<target host="education.thepensionsregulator.gov.uk" />
+	<target host="exchange.thepensionsregulator.gov.uk" />
+	<target host="forms.thepensionsregulator.gov.uk" />
+	<target host="helpfiles.thepensionsregulator.gov.uk" />
+	<target host="login.thepensionsregulator.gov.uk" />
+	<target host="secure.thepensionsregulator.gov.uk" />
+	<target host="trusteetoolkit.thepensionsregulator.gov.uk" />
+
+		<!--	$ 404s, so:
+					-->
+		<test url="http://forms.thepensionsregulator.gov.uk/subscribe.aspx" />
+
+		<!--	$ 403s, so:
+					-->
+		<test url="http://secure.thepensionsregulator.gov.uk/toolkit-survey.aspx" />
+
+	<!--	Complications:
+				-->
+	<target host="help.thepensionsregulator.gov.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:automation|login)\.thepensionsregulator\.gov\.uk$" name="^__RequestVerificationToken$" /-->
+	<!--securecookie host="^(?:education|trusteetoolkit)\.thepensionsregulator\.gov\.uk$" name="^MoodleSession$" /-->
+	<!--securecookie host="^help\.thepensionsregulator\.gov\.uk$" name="^(?:identitytoken|vsid)$" /-->
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://help\.thepensionsregulator\.gov\.uk/"
+		to="https://tpr.metafaq.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/thepiratebay-legacy.xml b/src/chrome/content/rules/thepiratebay-legacy.xml
new file mode 100644
index 000000000000..8c1f11130f9d
--- /dev/null
+++ b/src/chrome/content/rules/thepiratebay-legacy.xml
@@ -0,0 +1,60 @@
+<!--
+piratebay.se timed out
+www.piratebay.se nonexist
+thepiratebay.gl redirect
+www.thepiratebay.gl redirect
+thepiratebay.sx nonexist
+www.thepiratebay.sx nonexist
+thepiratebay.ac nonexist
+www.thepiratebay.ac nonexist
+thepiratebay.pe mismatch
+www.thepiratebay.pe mismatch
+thepiratebay.gy nonexist
+www.thepiratebay.gy nonexist
+thepiratebay.gs nonexist
+www.thepiratebay.gs nonexist
+thepiratebay.la nonexist
+www.thepiratebay.la nonexist
+thepiratebay.vg self signed
+www.thepiratebay.vg self signed
+thepiratebay.am nonexist
+www.thepiratebay.am nonexist
+thepiratebay.mn nonexist
+www.thepiratebay.mn nonexist
+thepiratebay.gd nonexist
+www.thepiratebay.gd nonexist
+thepiratebay.is mismatch
+www.thepiratebay.is mismatch
+-->
+<!--The Pirate Bay legacy domains Main ruleset: ThePirateBay.xml-->
+<ruleset name="The Pirate Bay legacy">
+	<target host="piratebay.se" />
+	<target host="www.piratebay.se" />
+	<target host="thepiratebay.gl" />
+	<target host="www.thepiratebay.gl" />
+	<target host="thepiratebay.sx" />
+	<target host="www.thepiratebay.sx" />
+	<target host="thepiratebay.ac" />
+	<target host="www.thepiratebay.ac" />
+	<target host="thepiratebay.pe" />
+	<target host="www.thepiratebay.pe" />
+	<target host="thepiratebay.gy" />
+	<target host="www.thepiratebay.gy" />
+	<target host="thepiratebay.gs" />
+	<target host="www.thepiratebay.gs" />
+	<target host="thepiratebay.la" />
+	<target host="www.thepiratebay.la" />
+	<target host="thepiratebay.vg" />
+	<target host="www.thepiratebay.vg" />
+	<target host="thepiratebay.am" />
+	<target host="www.thepiratebay.am" />
+	<target host="thepiratebay.mn" />
+	<target host="www.thepiratebay.mn" />
+	<target host="thepiratebay.gd" />
+	<target host="www.thepiratebay.gd" />
+	<target host="thepiratebay.is" />
+	<target host="www.thepiratebay.is" />
+
+	<rule from="^http://(www\.)?piratebay\.se/" to="https://$1thepiratebay.org/"/>
+	<rule from="^http://(www\.)?thepiratebay\.(?:gl|sx|ac|pe|gy|gs|la|vg|am|mn|gd|is)/" to="https://$1thepiratebay.org/"/>
+</ruleset>
diff --git a/src/chrome/content/rules/thepiratebay.cd.xml b/src/chrome/content/rules/thepiratebay.cd.xml
new file mode 100644
index 000000000000..1da716401a86
--- /dev/null
+++ b/src/chrome/content/rules/thepiratebay.cd.xml
@@ -0,0 +1,8 @@
+<ruleset name="thepiratebay.cd">
+	<target host="thepiratebay.cd" />
+	<target host="www.thepiratebay.cd" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/thepiratebay.red.xml b/src/chrome/content/rules/thepiratebay.red.xml
new file mode 100644
index 000000000000..f83e19b11ef3
--- /dev/null
+++ b/src/chrome/content/rules/thepiratebay.red.xml
@@ -0,0 +1,8 @@
+<ruleset name="thepiratebay.red">
+	<target host="thepiratebay.red" />
+	<target host="www.thepiratebay.red" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/thepiratebay.rocks.xml b/src/chrome/content/rules/thepiratebay.rocks.xml
new file mode 100644
index 000000000000..e9d3e02289af
--- /dev/null
+++ b/src/chrome/content/rules/thepiratebay.rocks.xml
@@ -0,0 +1,9 @@
+<ruleset name="thepiratebay.rocks">
+	<target host="thepiratebay.rocks" />
+	<target host="www.thepiratebay.rocks" />
+	<target host="m.thepiratebay.rocks" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/thepiratebay.uk.net.xml b/src/chrome/content/rules/thepiratebay.uk.net.xml
new file mode 100644
index 000000000000..3a97082407d7
--- /dev/null
+++ b/src/chrome/content/rules/thepiratebay.uk.net.xml
@@ -0,0 +1,7 @@
+<ruleset name="thepiratebay.uk.net">
+	<target host="thepiratebay.uk.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/theplacetelford.com.xml b/src/chrome/content/rules/theplacetelford.com.xml
new file mode 100644
index 000000000000..de41bc658f5a
--- /dev/null
+++ b/src/chrome/content/rules/theplacetelford.com.xml
@@ -0,0 +1,45 @@
+<!--
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	www.theplacetelford.com: Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- theplacetelford.com
+
+
+	Mixed content:
+
+		- css from fonts.googleapis.com ˢ
+		- iframe from system.spektrix.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="The Place Telford.com" platform="mixedcontent">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="theplacetelford.com" />
+
+	<!--	Complications:
+				-->
+	<target host="www.theplacetelford.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^theplacetelford\.com$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://www\.theplacetelford\.com/"
+		to="https://theplacetelford.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/theravive.com.xml b/src/chrome/content/rules/theravive.com.xml
new file mode 100644
index 000000000000..f72ed6976e8c
--- /dev/null
+++ b/src/chrome/content/rules/theravive.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Mixed content:
+
+		- css from www.theravive.com ˢ
+		- Images from www.theravive.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Theravive.com" platform="mixedcontent">
+
+	<target host="theravive.com" />
+	<target host="www.theravive.com" />
+
+		<!--	Mixed css:
+					-->
+		<!--test url="http://theravive.com/today/" /-->
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/therealreal.com.xml b/src/chrome/content/rules/therealreal.com.xml
new file mode 100644
index 000000000000..4c372f0a7775
--- /dev/null
+++ b/src/chrome/content/rules/therealreal.com.xml
@@ -0,0 +1,45 @@
+<!--
+	Nonfunctional hosts in *therealreal.com:
+
+		- realstyle ʰ
+
+	ʰ WP Engine / redirects to http
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.therealreal.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="The RealReal.com (partial)">
+
+	<target host="therealreal.com" />
+	<target host="sales-images1.therealreal.com" />
+	<target host="sales-images2.therealreal.com" />
+	<target host="sales-images3.therealreal.com" />
+	<target host="sales-images4.therealreal.com" />
+	<target host="web-assets.therealreal.com" />
+	<target host="www.therealreal.com" />
+
+		<test url="http://sales-images1.therealreal.com/flash_sale/main/24164/upcoming.jpg" />
+		<test url="http://sales-images2.therealreal.com/flash_sale/main/24173/upcoming.jpg" />
+		<test url="http://sales-images3.therealreal.com/flash_sale/main/24174/upcoming.jpg" />
+		<test url="http://sales-images4.therealreal.com/flash_sale/main/24179/upcoming.jpg" />
+		<test url="http://web-assets.therealreal.com/assets/icons/account-d77b5970d71fc0a8f6187b3b69bdf21e.svg" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.therealreal\.com$" name="^(?:_session_id|first_visit_at)$" /-->
+
+	<securecookie host=".+" name="^optimizely" />
+	<securecookie host="^\." name="^_(?:_qca$|gat?$|gat_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/therebellin.com.xml b/src/chrome/content/rules/therebellin.com.xml
new file mode 100644
index 000000000000..c7603e8a3f93
--- /dev/null
+++ b/src/chrome/content/rules/therebellin.com.xml
@@ -0,0 +1,5 @@
+<ruleset name="therebellin.com">
+	<target host="therebellin.com" />
+	<target host="www.therebellin.com" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/theregister.co.uk.xml b/src/chrome/content/rules/theregister.co.uk.xml
new file mode 100644
index 000000000000..9e73cde2e9d2
--- /dev/null
+++ b/src/chrome/content/rules/theregister.co.uk.xml
@@ -0,0 +1,55 @@
+<!--
+Invalid certificate:
+	edit.theregister.co.uk
+
+Refused connection:
+	theregister.co.uk
+	books.theregister.co.uk
+	comments.theregister.co.uk
+	downloads.theregister.co.uk
+	forms.theregister.co.uk
+	forums01.theregister.co.uk
+	forums02.theregister.co.uk
+	forums03.theregister.co.uk
+	forums04.theregister.co.uk
+	media.theregister.co.uk
+	ns1.theregister.co.uk
+	ns2.theregister.co.uk
+	ns3.theregister.co.uk
+	ns4.theregister.co.uk
+	ns5.theregister.co.uk
+	ns6.theregister.co.uk
+	web01.theregister.co.uk
+	web02.theregister.co.uk
+	web03.theregister.co.uk
+	web04.theregister.co.uk
+-->
+<ruleset name="theregister.co.uk">
+	<target host="theregister.co.uk" />
+	<target host="www.theregister.co.uk" />
+	<target host="account.theregister.co.uk"/>
+	<target host="books.theregister.co.uk"/>
+	<target host="comments.theregister.co.uk"/>
+	<target host="downloads.theregister.co.uk"/>
+	<target host="edit.theregister.co.uk"/>
+	<target host="feed.theregister.co.uk"/>
+	<target host="forums.theregister.co.uk"/>
+	<target host="m.forums.theregister.co.uk"/>
+	<target host="go.theregister.co.uk"/>
+	<target host="m.theregister.co.uk"/>
+	<target host="ns1.theregister.co.uk"/>
+	<target host="ns2.theregister.co.uk"/>
+	<target host="ns3.theregister.co.uk"/>
+	<target host="ns4.theregister.co.uk"/>
+	<target host="ns5.theregister.co.uk"/>
+	<target host="ns6.theregister.co.uk"/>
+	<target host="research.theregister.co.uk"/>
+	<target host="search.theregister.co.uk"/>
+	<target host="m.search.theregister.co.uk"/>
+	<target host="whitepapers.theregister.co.uk"/>
+
+	<rule from="^http://theregister\.co\.uk/" to="https://www.theregister.co.uk/" />
+	<rule from="^http://(books|downloads|edit|ns[1-6])\.theregister\.co\.uk/" to="https://www.theregister.co.uk/" />
+	<rule from="^http://comments\.theregister\.co\.uk/" to="https://forums.theregister.co.uk/" />
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/theriffrepeater.com.xml b/src/chrome/content/rules/theriffrepeater.com.xml
new file mode 100644
index 000000000000..9b21da776889
--- /dev/null
+++ b/src/chrome/content/rules/theriffrepeater.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="theriffrepeater.com">
+	<target host="theriffrepeater.com" />
+	<target host="www.theriffrepeater.com" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/therunet.com.xml b/src/chrome/content/rules/therunet.com.xml
new file mode 100644
index 000000000000..12496bc7fccd
--- /dev/null
+++ b/src/chrome/content/rules/therunet.com.xml
@@ -0,0 +1,18 @@
+<!--
+20.therunet.com ²
+www.20.therunet.com ²
+20let.therunet.com ⁴
+20years.therunet.com ⁴
+en.therunet.com ²
+eng.therunet.com ²
+
+
+² refused
+⁴ self signed
+-->
+<ruleset name="therunet.com">
+	<target host="therunet.com" />
+	<target host="www.therunet.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/thesciencegeek.org.xml b/src/chrome/content/rules/thesciencegeek.org.xml
new file mode 100644
index 000000000000..b26e5949da24
--- /dev/null
+++ b/src/chrome/content/rules/thesciencegeek.org.xml
@@ -0,0 +1,13 @@
+<ruleset name="The Science Geek.org">
+
+	<target host="thesciencegeek.org" />
+	<target host="www.thesciencegeek.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/thescottishsun.co.uk.xml b/src/chrome/content/rules/thescottishsun.co.uk.xml
new file mode 100644
index 000000000000..c9d6389f7d04
--- /dev/null
+++ b/src/chrome/content/rules/thescottishsun.co.uk.xml
@@ -0,0 +1,34 @@
+<!--
+	For other News Corporation coverage, see News-Corporation.xml.
+
+
+	www.thescottishsun.co.uk: Redirects to http
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- home.thescottishsun.co.uk
+		- join.thescottishsun.co.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="The Scottish Sun.co.uk (partial)">
+
+	<target host="home.thescottishsun.co.uk" />
+	<target host="join.thescottishsun.co.uk" />
+	<target host="login.thescottishsun.co.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^home\.thescottishsun\.co\.uk$" name="^(?:AWSELB|JSESSIONID)$" /-->
+	<!--securecookie host="^join\.thescottishsun\.co\.uk$" name="^AWSELB$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/theses.fr.xml b/src/chrome/content/rules/theses.fr.xml
new file mode 100644
index 000000000000..824d33db4309
--- /dev/null
+++ b/src/chrome/content/rules/theses.fr.xml
@@ -0,0 +1,25 @@
+<!--
+	Invalid certificate:
+		theses.fr
+
+	No working URL known:
+		barracuda.theses.fr
+		imports.theses.fr (404)
+		lotus.theses.fr (404)
+		staroai.theses.fr (404)
+
+-->
+<ruleset name="Theses.fr">
+
+	<target host="theses.fr" />
+	<target host="www.theses.fr" />
+	<target host="imports.theses.fr" />
+	<target host="star.theses.fr" />
+	<target host="step.theses.fr" />
+
+	<rule from="^http://theses\.fr/"
+		to="https://www.theses.fr/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/thesportbible.com.xml b/src/chrome/content/rules/thesportbible.com.xml
new file mode 100644
index 000000000000..0028f52e34e5
--- /dev/null
+++ b/src/chrome/content/rules/thesportbible.com.xml
@@ -0,0 +1,26 @@
+<!--
+	For other Lad Bible Group coverage, see theladbiblegroup.com.xml.
+
+
+	Mixed content:
+
+		- css from fonts.googleapis.com ˢ
+		- Images from 20.theladbiblegroup.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="The Sport Bible.com">
+
+	<target host="thesportbible.com" />
+	<target host="www.thesportbible.com" />
+
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/thesun.co.uk.xml b/src/chrome/content/rules/thesun.co.uk.xml
new file mode 100644
index 000000000000..04f19c4d6c9f
--- /dev/null
+++ b/src/chrome/content/rules/thesun.co.uk.xml
@@ -0,0 +1,60 @@
+<!--
+	For other News Corporation coverage, see News-Corporation.xml.
+
+
+	Nonfunctional hosts in *thesun.co.uk:
+
+		- extras ⁴
+		- directory ᵈ
+		- favourite ³
+		- help ʰ
+		- img ʰ
+		- perks ³
+
+	³ 503
+	⁴ 504
+	ᵈ Dropped
+	ʰ Redirects to http
+
+
+	Problematic hosts in *thesun.co.uk:
+
+		- jobs ᵐ
+
+	ᵐ Mismatched
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- home.thesun.co.uk
+		- jobs.thesun.co.uk
+		- join.thesun.co.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="The Sun.co.uk (partial)">
+
+	<target host="thesun.co.uk" />
+	<target host="feeds.thesun.co.uk" />
+	<target host="home.thesun.co.uk" />
+	<target host="join.thesun.co.uk" />
+	<target host="login.thesun.co.uk" />
+	<target host="www.thesun.co.uk" />
+
+		<!--	$ 503s, so:
+					-->
+		<test url="http://feeds.thesun.co.uk/puzzles/wordsearch/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:home|join)\.thesun\.co\.uk$" name="^AWSELB$" /-->
+	<!--securecookie host="^jobs\.thesun\.co\.uk$" name="^(?:AnonymousUserId|BrowserSession|FixedFacetDefaults)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/thesun.ie.xml b/src/chrome/content/rules/thesun.ie.xml
new file mode 100644
index 000000000000..a49cd0136233
--- /dev/null
+++ b/src/chrome/content/rules/thesun.ie.xml
@@ -0,0 +1,35 @@
+<!--
+	For other News Corporation coverage, see News-Corporation.xml.
+
+
+	^thesun.ie: Mismatched
+	www.thesun.ie: Redirects to http
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- home.thesun.ie
+		- join.thesun.ie
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="The Sun.ie (partial)">
+
+	<target host="home.thesun.ie" />
+	<target host="join.thesun.ie" />
+	<target host="login.thesun.ie" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^home\.thesun\.ie$" name="^(?:AWSELB|JSESSIONID)$" /-->
+	<!--securecookie host="^join\.thesun\.ie$" name="^AWSELB$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/thesyriacampaign.org.xml b/src/chrome/content/rules/thesyriacampaign.org.xml
new file mode 100644
index 000000000000..6d15669001f0
--- /dev/null
+++ b/src/chrome/content/rules/thesyriacampaign.org.xml
@@ -0,0 +1,34 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.thesyriacampaign.org/ => https://www.thesyriacampaign.org/: Too many redirects while fetching 'https://www.thesyriacampaign.org/'
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- thesyriacampaign.org
+		- act.thesyriacampaign.org
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="The Syria Campaign.org" default_off="failed ruleset test">
+
+	<target host="thesyriacampaign.org" />
+	<target host="act.thesyriacampaign.org" />
+	<target host="diary.thesyriacampaign.org" />
+	<target host="www.thesyriacampaign.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^thesyriacampaign\.org$" name="^_icl_current_language$" /-->
+	<!--securecookie host="^act\.thesyriacampaign\.org$" name="^sid$" /-->
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/thetruthaboutguns.com.xml b/src/chrome/content/rules/thetruthaboutguns.com.xml
new file mode 100644
index 000000000000..3f04179de6ce
--- /dev/null
+++ b/src/chrome/content/rules/thetruthaboutguns.com.xml
@@ -0,0 +1,36 @@
+<!--
+	CDN buckets:
+
+		- truthaboutguns-zippykid.netdna-ssl.com
+
+
+	Mixed content:
+
+		- Image on www from my-webpresence.com ᵖ
+
+		- Bugs, on:
+
+			- www from getzone.cinesport.com ⁴
+			- www from s3.feedly.com ˢ
+			- www from u.openx.net ˢ
+			- www from \w\w-d.openx.net
+
+	⁴ Unsecurable <= 404
+	ᵖ Unsecurable <= plaintext reply
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="The Truth About Guns.com">
+
+	<target host="thetruthaboutguns.com" />
+	<target host="www.thetruthaboutguns.com" />
+
+
+	<securecookie host="^\." name="^s_v" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/thezoo.com.au.xml b/src/chrome/content/rules/thezoo.com.au.xml
new file mode 100644
index 000000000000..a9336e5b5470
--- /dev/null
+++ b/src/chrome/content/rules/thezoo.com.au.xml
@@ -0,0 +1,21 @@
+<!--
+	Invalid certificate:
+		autodiscover.thezoo.com.au
+		dev.thezoo.com.au
+		www.dev.thezoo.com.au
+		autodiscover.dev.thezoo.com.au
+		webmail.dev.thezoo.com.au
+		ftp.thezoo.com.au
+		mail.thezoo.com.au
+		update.thezoo.com.au
+		www.update.thezoo.com.au
+		autodiscover.update.thezoo.com.au
+		webmail.update.thezoo.com.au
+		webmail.thezoo.com.au
+-->
+<ruleset name="thezoo.com.au">
+	<target host="thezoo.com.au" />
+	<target host="www.thezoo.com.au" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/thinkmoney.co.uk.xml b/src/chrome/content/rules/thinkmoney.co.uk.xml
new file mode 100644
index 000000000000..a088f91fced8
--- /dev/null
+++ b/src/chrome/content/rules/thinkmoney.co.uk.xml
@@ -0,0 +1,27 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.thinkmoney.co.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="thinkmoney.co.uk">
+
+	<target host="thinkmoney.co.uk" />
+	<target host="my.thinkmoney.co.uk" />
+	<target host="www.thinkmoney.co.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.thinkmoney\.co\.uk$" name="^(?:ASP\.NET_SessionId|TrackingConsent)$" /-->
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/thinkupthemes.com.xml b/src/chrome/content/rules/thinkupthemes.com.xml
new file mode 100644
index 000000000000..99c2cece615d
--- /dev/null
+++ b/src/chrome/content/rules/thinkupthemes.com.xml
@@ -0,0 +1,29 @@
+<!--
+	Mixed content:
+
+		- css, on:
+
+			- www from fonts.googleapis.com ˢ
+			- www from www.thinkupthemes.com ˢ
+
+		- Images, on:
+
+			- www from ^thinkupthemes.com ˢ
+			- www from $self ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Think Up Themes.com" platform="mixedcontent">
+
+	<target host="thinkupthemes.com" />
+	<target host="www.thinkupthemes.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/thirtymilesofcorruption.com.xml b/src/chrome/content/rules/thirtymilesofcorruption.com.xml
new file mode 100644
index 000000000000..56a9a516b116
--- /dev/null
+++ b/src/chrome/content/rules/thirtymilesofcorruption.com.xml
@@ -0,0 +1,21 @@
+<!--
+	Mixed content:
+
+		- Bug from qrcode.kaywa.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Thirty Miles of Corruption.com">
+
+	<target host="thirtymilesofcorruption.com" />
+	<target host="www.thirtymilesofcorruption.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/thom-designstudio.com.xml b/src/chrome/content/rules/thom-designstudio.com.xml
new file mode 100644
index 000000000000..e2c424b302ba
--- /dev/null
+++ b/src/chrome/content/rules/thom-designstudio.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="thom-designstudio.com">
+	<target host="thom-designstudio.com" />
+	<target host="www.thom-designstudio.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/thomashunter.name.xml b/src/chrome/content/rules/thomashunter.name.xml
new file mode 100644
index 000000000000..31273ba3bff3
--- /dev/null
+++ b/src/chrome/content/rules/thomashunter.name.xml
@@ -0,0 +1,23 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.thomashunter.name/ => https://www.thomashunter.name/: (51, "SSL: no alternative certificate subject name matches target host name 'www.thomashunter.name'")
+
+	STS header includes includeSubdomains
+
+-->
+<ruleset name="Thomas Hunter.name" default_off="failed ruleset test">
+
+	<target host="thomashunter.name" />
+	<target host="*.thomashunter.name" />
+
+		<test url="http://www.thomashunter.name/" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/thomsoninnovation.com.xml b/src/chrome/content/rules/thomsoninnovation.com.xml
new file mode 100644
index 000000000000..2ad5c2e33465
--- /dev/null
+++ b/src/chrome/content/rules/thomsoninnovation.com.xml
@@ -0,0 +1,30 @@
+<!--
+	For other Thomson Reuters coverage, see Thomson-Reuters.xml.
+
+
+	Nonfunctional hosts in *thomsoninnovation.com:
+
+		- info ʳ
+
+	ʳ Refused
+
+
+	^thomsoninnovation.com does not exist.
+
+-->
+<ruleset name="Thomson Innovation.com (partial)">
+
+	<target host="www.thomsoninnovation.com" />
+
+		<!--	$ redirects to another domain, so:
+								-->
+		<test url="http://www.thomsoninnovation.com/login/" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/thomsonreuters.com-resources.xml b/src/chrome/content/rules/thomsonreuters.com-resources.xml
new file mode 100644
index 000000000000..c4e1078062ad
--- /dev/null
+++ b/src/chrome/content/rules/thomsonreuters.com-resources.xml
@@ -0,0 +1,50 @@
+<!--
+	For rules covering more than resources, see Thomson-Reuters.xml.
+
+	Note: platform is so as not to increase non-Tor
+	distinguishability, given that no pages are covered
+	and no mixed content secured.
+
+-->
+<ruleset name="Thomson Reuters.com (resources)" platform="mixedcontent">
+
+	<target host="legalsolutions.thomsonreuters.com" />
+	<target host="uklawstudent.thomsonreuters.com" />
+
+
+		<exclusion pattern="^http://legalsolutions\.thomsonreuters\.com/(?!/*(?:favicon\.ico|law-products/(?:_ui|onlineopinionV5|static|stylesheets)/|medias/))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://legalsolutions.thomsonreuters.com/law-products/" />
+			<test url="http://legalsolutions.thomsonreuters.com/law-products/jurisdictions/" />
+			<test url="http://legalsolutions.thomsonreuters.com/law-products/law-books/blacks-law-dictionary" />
+			<test url="http://legalsolutions.thomsonreuters.com/law-products/law-books/collections/finplan" />
+			<test url="http://legalsolutions.thomsonreuters.com/law-products/law-products/customer-service/onepass" />
+			<test url="http://legalsolutions.thomsonreuters.com/law-products/practice/" />
+			<test url="http://legalsolutions.thomsonreuters.com/law-products/westlaw-legal-research/training-support" />
+
+			<!--	-ve:
+					-->
+			<test url="http://legalsolutions.thomsonreuters.com/favicon.ico" />
+			<test url="http://legalsolutions.thomsonreuters.com/law-products/_ui/blueprint/print.css" />
+			<test url="http://legalsolutions.thomsonreuters.com/law-products/onlineopinionV5/oo_style.css" />
+			<test url="http://legalsolutions.thomsonreuters.com/law-products/static/ui/swc/screen.css" />
+			<test url="http://legalsolutions.thomsonreuters.com/law-products/stylesheets/themes/redmond/jquery-ui-1.8.9.custom.css" />
+
+		<exclusion pattern="^http://uklawstudent\.thomsonreuters\.com/(?!/*wp-content/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://uklawstudent.thomsonreuters.com/blog/" />
+			<test url="http://uklawstudent.thomsonreuters.com/learn-the-law/" />
+
+			<!--	-ve:
+					-->
+			<test url="http://uklawstudent.thomsonreuters.com/wp-content/themes/tr-alpha/resources/images/widget-background.png" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/thomsonreuters.com.ar.xml b/src/chrome/content/rules/thomsonreuters.com.ar.xml
new file mode 100644
index 000000000000..dffc2411450b
--- /dev/null
+++ b/src/chrome/content/rules/thomsonreuters.com.ar.xml
@@ -0,0 +1,30 @@
+<!--
+	For other Thomson Reuters coverage, see Thomson-Reuters.xml.
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- thomsonreuters.com.ar
+		- www.thomsonreuters.com.ar
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Thomson Reuters.com.ar">
+
+	<target host="thomsonreuters.com.ar" />
+	<target host="www.thomsonreuters.com.ar" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?thomsonreuters\.com\.ar$" name="^BIGipServer" /-->
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/thorpeparkmania.co.uk.xml b/src/chrome/content/rules/thorpeparkmania.co.uk.xml
new file mode 100644
index 000000000000..6d7c472a4397
--- /dev/null
+++ b/src/chrome/content/rules/thorpeparkmania.co.uk.xml
@@ -0,0 +1,15 @@
+<!--
+	Invalid certificate:
+		new.thorpeparkmania.co.uk
+-->
+<ruleset name="Thorpe Park Mania">
+
+	<target host="thorpeparkmania.co.uk" />
+	<target host="www.thorpeparkmania.co.uk" />
+	<target host="content.thorpeparkmania.co.uk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/threatmatrix.com.xml b/src/chrome/content/rules/threatmatrix.com.xml
new file mode 100644
index 000000000000..9fc227ce7a2c
--- /dev/null
+++ b/src/chrome/content/rules/threatmatrix.com.xml
@@ -0,0 +1,35 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://threatmatrix.com/ => https://threatmatrix.com/: (51, "SSL: no alternative certificate subject name matches target host name 'threatmatrix.com'")
+Fetch error: http://ask.threatmatrix.com/ => https://ask.threatmatrix.com/: (51, "SSL: no alternative certificate subject name matches target host name 'ask.threatmatrix.com'")
+Fetch error: http://info.threatmatrix.com/ => https://info.threatmatrix.com/: (51, "SSL: no alternative certificate subject name matches target host name 'info.threatmatrix.com'")
+Fetch error: http://www.threatmatrix.com/ => https://www.threatmatrix.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.threatmatrix.com'")
+
+	Insecure cookies are set for these hosts:
+
+		- info.threatmatrix.com
+		- www.threatmatrix.com
+
+-->
+<ruleset name="ThreatMatrix.com" default_off="failed ruleset test">
+
+	<target host="threatmatrix.com" />
+	<target host="ask.threatmatrix.com" />
+	<target host="info.threatmatrix.com" />
+	<target host="www.threatmatrix.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^info\.threatmatrix\.com$" name="^BIGipServer" /-->
+	<!--securecookie host="^www\.threatmatrix\.com$" name="^_icl_current_language$" /-->
+
+	<securecookie host="^\." name="^_gat?$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/thregr.org.xml b/src/chrome/content/rules/thregr.org.xml
new file mode 100644
index 000000000000..81333910fc05
--- /dev/null
+++ b/src/chrome/content/rules/thregr.org.xml
@@ -0,0 +1,9 @@
+<ruleset name="thregr.org">
+
+  <target host="www.thregr.org" />
+  <target host="thregr.org" />
+
+  <rule from="^http:"
+          to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/thrillist.com.xml b/src/chrome/content/rules/thrillist.com.xml
new file mode 100644
index 000000000000..1193b72ef67e
--- /dev/null
+++ b/src/chrome/content/rules/thrillist.com.xml
@@ -0,0 +1,45 @@
+<!--
+	^thrillist.com: Refused
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- .thrillist.com
+		- signup.thrillist.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Thrillist.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="assets-c.thrillist.com" />
+	<target host="assets3.thrillist.com" />
+	<target host="signup.thrillist.com" />
+	<target host="www.thrillist.com" />
+
+		<test url="http://assets-c.thrillist.com/css/thrillist/thrillist.css" />
+		<test url="http://assets3.thrillist.com/v1/image/1728225/size/tl-homepage_thumbnail_mobile.jpg" />
+
+	<!--	Complications:
+				-->
+	<target host="thrillist.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.thrillist\.com$" name="^PINNF$" /-->
+	<!--securecookie host="^signup\.thrillist\.com$" name="^CAKEPHP$" /-->
+
+	<securecookie host="^\." name="^(?:_gat?$|_gat_|PINNF$)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://thrillist\.com/"
+		to="https://www.thrillist.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/thrysoee.dk.xml b/src/chrome/content/rules/thrysoee.dk.xml
new file mode 100644
index 000000000000..e28e3e375268
--- /dev/null
+++ b/src/chrome/content/rules/thrysoee.dk.xml
@@ -0,0 +1,6 @@
+<ruleset name="thrysoee.dk">
+	<target host="thrysoee.dk" />
+	<target host="www.thrysoee.dk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/thumbalizr.xml b/src/chrome/content/rules/thumbalizr.xml
new file mode 100644
index 000000000000..b6d29214889f
--- /dev/null
+++ b/src/chrome/content/rules/thumbalizr.xml
@@ -0,0 +1,13 @@
+<!--
+	Refused:
+	- blog.thumbalizr.com
+-->
+
+<ruleset name="thumbalizr">
+        <target host="thumbalizr.com" />
+        <target host="www.thumbalizr.com" />
+        <target host="api.thumbalizr.com" />
+
+        <rule from="^http:"
+                to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/tianya.cn-mixedcontent.xml b/src/chrome/content/rules/tianya.cn-mixedcontent.xml
new file mode 100644
index 000000000000..ff11b8926c5f
--- /dev/null
+++ b/src/chrome/content/rules/tianya.cn-mixedcontent.xml
@@ -0,0 +1,10 @@
+<!--
+	Main rule: tianya.cn.xml
+-->
+<ruleset name="tianya.cn-mixedcontent" platform="mixedcontent">
+	<target host="help.tianya.cn" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/tianya.cn.xml b/src/chrome/content/rules/tianya.cn.xml
new file mode 100644
index 000000000000..e535c003852b
--- /dev/null
+++ b/src/chrome/content/rules/tianya.cn.xml
@@ -0,0 +1,20 @@
+<!--
+	Mixed Content:
+		tianya.cn-mixedcontent.xml
+
+	TLS1.0 and TLS1.1:
+		service.tianya.cn
+-->
+<ruleset name="tianya.cn">
+	<target host="tianya.cn" />
+	<target host="www.tianya.cn" />
+	<target host="bbs.tianya.cn" />
+	<target host="801.tianya.cn" />
+		<test url="http://801.tianya.cn/dolphin/tianya/2019/08/0_50.jpg" />
+	<target host="join.tianya.cn" />
+	<target host="passport.tianya.cn" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/tibia.com.xml b/src/chrome/content/rules/tibia.com.xml
new file mode 100644
index 000000000000..225ff004e73a
--- /dev/null
+++ b/src/chrome/content/rules/tibia.com.xml
@@ -0,0 +1,26 @@
+<ruleset name="tibia.com">
+	<target host="www.tibia.com" />
+	<target host="forum.tibia.com" />
+	<rule from="^http://forum\.tibia\.com/$"
+		to="https://www.tibia.com/forum/" />
+	<rule from="^http://(www|forum)\.tibia\.com/"
+		to="https://www.tibia.com/" />
+	<test url="http://forum.tibia.com/forum/" />
+
+	<target host="www.test.tibia.com" />
+	<target host="forum.test.tibia.com" />
+	<rule from="^http://forum\.test\.tibia\.com/$"
+		to="https://www.test.tibia.com/forum/" />
+	<rule from="^http://(www|forum)\.test\.tibia\.com/"
+		to="https://www.test.tibia.com/" />
+	<test url="http://forum.test.tibia.com/forum/" />
+
+	<target host="secure.tibia.com" />
+	<target host="secure.test.tibia.com" />
+
+	<securecookie host="^(www|secure)\.(test\.)?tibia\.com$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+	<test url="http://www.tibia.com/news/?subtopic=latestnews" />
+	<test url="http://www.test.tibia.com/news/?subtopic=latestnews" />
+</ruleset>
diff --git a/src/chrome/content/rules/tibiamaps.io.xml b/src/chrome/content/rules/tibiamaps.io.xml
new file mode 100644
index 000000000000..e15e1dc0da6c
--- /dev/null
+++ b/src/chrome/content/rules/tibiamaps.io.xml
@@ -0,0 +1,6 @@
+<ruleset name="tibiamaps.io">
+	<target host="tibiamaps.io" />
+	<target host="www.tibiamaps.io" />
+	<rule from="^http:" to="https:" />
+	<securecookie host="^tibiamaps\.io$" name=".+" />
+</ruleset>
diff --git a/src/chrome/content/rules/tibus.com.xml b/src/chrome/content/rules/tibus.com.xml
new file mode 100644
index 000000000000..d45973fa2c29
--- /dev/null
+++ b/src/chrome/content/rules/tibus.com.xml
@@ -0,0 +1,31 @@
+<!--
+	Nonfunctional hosts in *tibus.com:
+
+		- soap2 ⁴
+		- nicsrecruitment.vhost ᶠ
+		- onlineccms.vhost ⁴
+
+	⁴ 404
+	ᶠ Handshake fails
+
+
+	Problematic hosts in *tibus.com:
+
+		- common ᵐ
+
+	ᵐ Mismatched
+
+-->
+<ruleset name="Tibus.com (partial)">
+
+	<target host="tibus.com" />
+	<target host="www.tibus.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ticket4u.xml b/src/chrome/content/rules/ticket4u.xml
new file mode 100644
index 000000000000..aad469aa708e
--- /dev/null
+++ b/src/chrome/content/rules/ticket4u.xml
@@ -0,0 +1,16 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ticket4u.com.my/ => https://ticket4u.com.my/: (7, 'Failed to connect to ticket4u.com.my port 443: No route to host')
+Fetch error: http://www.ticket4u.com.my/ => https://www.ticket4u.com.my/: (7, 'Failed to connect to www.ticket4u.com.my port 443: No route to host')
+
+-->
+<ruleset name="ticket4u" default_off="failed ruleset test">
+	<target host=    "ticket4u.com.my" />
+	<target host="www.ticket4u.com.my" />
+
+  	<securecookie host="^(www\.)?ticket4u\.com\.my$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/tiera.ru.xml b/src/chrome/content/rules/tiera.ru.xml
new file mode 100644
index 000000000000..035d94ca2c5e
--- /dev/null
+++ b/src/chrome/content/rules/tiera.ru.xml
@@ -0,0 +1,14 @@
+<!--
+tiera.ru mismatch
+www.tiera.ru mismatch
+forum.tiera.ru mismatch
+bib.tiera.ru mismatch
+webmail.tiera.ru mismatch
+f3.tiera.ru mismatch
+fs1.bib.tiera.ru timed out
+-->
+<ruleset name="tiera.ru (partial)">
+	<target host="my.tiera.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/tifbs.net.xml b/src/chrome/content/rules/tifbs.net.xml
new file mode 100644
index 000000000000..52c79c8f1f71
--- /dev/null
+++ b/src/chrome/content/rules/tifbs.net.xml
@@ -0,0 +1,16 @@
+<!--
+	For other United Internet coverage, see United-Internet.xml.
+
+-->
+<ruleset name="tifbs.net">
+
+	<target host="uim.tifbs.net"/>
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/tilda.cc.xml b/src/chrome/content/rules/tilda.cc.xml
new file mode 100644
index 000000000000..e2165720af03
--- /dev/null
+++ b/src/chrome/content/rules/tilda.cc.xml
@@ -0,0 +1,32 @@
+<!--
+	Invalid certificate:
+		blog.tilda.cc
+		blog-en.tilda.cc
+		go.tilda.cc
+		help.tilda.cc
+		www.newsletter.tilda.cc
+		img.newsletter.tilda.cc
+		mail.newsletter.tilda.cc
+		r.newsletter.tilda.cc
+		newsletter-en.tilda.cc
+		newsletter-ru.tilda.cc
+		www.newsletter-ru.tilda.cc
+		webinars.tilda.cc
+		zero.tilda.cc
+
+	Time out:
+		newsletter.tilda.cc
+-->
+<ruleset name="tilda.cc">
+	<target host="tilda.cc" />
+	<target host="www.tilda.cc" />
+	<target host="answers.tilda.cc" />
+	<target host="crm.tilda.cc" />
+	<target host="experts.tilda.cc" />
+	<target host="feeds.tilda.cc" />
+	<target host="flows.tilda.cc" />
+	<target host="members.tilda.cc" />
+	<target host="store.tilda.cc" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/tildeslash.com.xml b/src/chrome/content/rules/tildeslash.com.xml
new file mode 100644
index 000000000000..8f01cab617ff
--- /dev/null
+++ b/src/chrome/content/rules/tildeslash.com.xml
@@ -0,0 +1,14 @@
+<!--
+	Invalid certificate:
+		mail.tildeslash.com
+		tildeslash1n.tildeslash.com
+
+	Time out:
+		tildeslash2n.tildeslash.com
+-->
+<ruleset name="tildeslash.com">
+	<target host="tildeslash.com" />
+	<target host="www.tildeslash.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/times.am.xml b/src/chrome/content/rules/times.am.xml
new file mode 100644
index 000000000000..ab29119fcf7a
--- /dev/null
+++ b/src/chrome/content/rules/times.am.xml
@@ -0,0 +1,7 @@
+<ruleset name="times.am">
+	<target host="times.am" />
+	<target host="www.times.am" />
+	<target host="sport.times.am" />
+	<target host="blog.times.am" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/timus.online.xml b/src/chrome/content/rules/timus.online.xml
new file mode 100644
index 000000000000..19514d920973
--- /dev/null
+++ b/src/chrome/content/rules/timus.online.xml
@@ -0,0 +1,12 @@
+<!--
+    Mismatched:
+        - www
+        - acm
+        - ftp
+        - mirror
+-->
+<ruleset name="timus.online">
+    <target host="timus.online" />
+
+    <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/tinkernut.com.xml b/src/chrome/content/rules/tinkernut.com.xml
new file mode 100644
index 000000000000..3464457202d5
--- /dev/null
+++ b/src/chrome/content/rules/tinkernut.com.xml
@@ -0,0 +1,10 @@
+<!--
+clone.tinkernut.com mismatch
+-->
+
+<ruleset name="tinkernut.com">
+	<target host="tinkernut.com" />
+	<target host="www.tinkernut.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/tinyimg.io.xml b/src/chrome/content/rules/tinyimg.io.xml
new file mode 100644
index 000000000000..9ec0fb10c9ce
--- /dev/null
+++ b/src/chrome/content/rules/tinyimg.io.xml
@@ -0,0 +1,6 @@
+<ruleset name="tinyimg.io">
+	<target host="tinyimg.io" />
+	<target host="www.tinyimg.io" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/tinymce.com.xml b/src/chrome/content/rules/tinymce.com.xml
new file mode 100644
index 000000000000..60620f997dcd
--- /dev/null
+++ b/src/chrome/content/rules/tinymce.com.xml
@@ -0,0 +1,19 @@
+<!--
+community.tinymce.com ⁴
+blog.tinymce.com ¹
+archive.tinymce.com ¹
+go.tinymce.com ¹
+fiddle.tinymce.com ¹
+skin.tinymce.com ¹
+
+
+¹ mismatch
+⁴ self signed
+-->
+<ruleset name="tinymce.com">
+	<target host="tinymce.com" />
+	<target host="www.tinymce.com" />
+	<target host="cdn.tinymce.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/tipeeestream.com.xml b/src/chrome/content/rules/tipeeestream.com.xml
new file mode 100644
index 000000000000..f8cfd9b6e8fb
--- /dev/null
+++ b/src/chrome/content/rules/tipeeestream.com.xml
@@ -0,0 +1,29 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.tipeeestream.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="TipeeeStream.com">
+
+	<target host="tipeeestream.com" />
+	<target host="www.tipeeestream.com" />
+
+		<!--	Sets cookie without Secure:
+							-->
+		<!--test url="http://www.tipeeestream.com/news" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.tipeeestream\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/tippebannere.no.xml b/src/chrome/content/rules/tippebannere.no.xml
new file mode 100644
index 000000000000..8e2e1dc01e3d
--- /dev/null
+++ b/src/chrome/content/rules/tippebannere.no.xml
@@ -0,0 +1,14 @@
+<ruleset name="tippebannere.no">
+
+	<target host="widget.tippebannere.no" />
+
+		<test url="http://widget.tippebannere.no/v3/iframes/RSSBilag/RSSBilag.css" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/tiras.ru.xml b/src/chrome/content/rules/tiras.ru.xml
new file mode 100644
index 000000000000..f08aac4a8ec2
--- /dev/null
+++ b/src/chrome/content/rules/tiras.ru.xml
@@ -0,0 +1,5 @@
+<ruleset name="tiras.ru">
+	<target host="tiras.ru" />
+	<target host="www.tiras.ru" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/tivision.ru.xml b/src/chrome/content/rules/tivision.ru.xml
new file mode 100644
index 000000000000..ad04b9cd9eca
--- /dev/null
+++ b/src/chrome/content/rules/tivision.ru.xml
@@ -0,0 +1,14 @@
+<ruleset name="tivision.ru">
+
+	<target host="st.tivision.ru" />
+
+		<test url="http://st.tivision.ru/css/landing__world.css?ver=ceae81f1ec3f2122a607444887a0ab43" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/tkgorod.ru.xml b/src/chrome/content/rules/tkgorod.ru.xml
new file mode 100644
index 000000000000..c95248dbe398
--- /dev/null
+++ b/src/chrome/content/rules/tkgorod.ru.xml
@@ -0,0 +1,13 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://tkgorod.ru/ => https://tkgorod.ru/: Too many redirects while fetching 'https://tkgorod.ru/'
+Fetch error: http://www.tkgorod.ru/ => https://tkgorod.ru/: Too many redirects while fetching 'https://tkgorod.ru/'
+www. to many redirects-->
+<ruleset name="tkgorod.ru" default_off="failed ruleset test">
+	<target host="tkgorod.ru" />
+	<target host="www.tkgorod.ru" />
+	<rule from="^http://www\.tkgorod\.ru/"
+		to="https://tkgorod.ru/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/tlasecure.com.xml b/src/chrome/content/rules/tlasecure.com.xml
new file mode 100644
index 000000000000..c09bb2410fe3
--- /dev/null
+++ b/src/chrome/content/rules/tlasecure.com.xml
@@ -0,0 +1,52 @@
+<!--
+	Problematic hosts in *tlasecure.com:
+
+		- ^ ᵐ
+		- static ᵐ
+
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- tlasecure.com
+		- images.tlasecure.com
+		- static.tlasecure.com
+		- www.tlasecure.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="TLA Secure.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="images.tlasecure.com" />
+	<target host="www.tlasecure.com" />
+
+		<test url="http://images.tlasecure.com/skins/graphics/bkg-top.gif" />
+
+	<!--	Complications:
+				-->
+	<target host="tlasecure.com" />
+	<target host="static.tlasecure.com" />
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:(?:images|static|www)\.)?tlasecure\.com$" name="^(?:CFID|CFTOKEN|FUSE|IMAGE|USE|VER)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://tlasecure\.com/"
+		to="https://www.tlasecure.com/" />
+
+	<rule from="^http://static\.tlasecure\.com/"
+		to="https://images.tlasecure.com/" />
+
+		<test url="http://static.tlasecure.com/Skins/graphics/buttons/linkToThis.png" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/tldp.org.xml b/src/chrome/content/rules/tldp.org.xml
new file mode 100644
index 000000000000..aee7b806270c
--- /dev/null
+++ b/src/chrome/content/rules/tldp.org.xml
@@ -0,0 +1,29 @@
+<!--
+	Invalid certificate:
+		auth.tldp.org
+		es.tldp.org
+		portal.tldp.org
+		reload.tldp.org
+
+	Refused:
+		docs.tldp.org
+		lists.tldp.org
+		wiki.tldp.org
+		www.wiki.tldp.org
+
+	Time out:
+		email.sso.tldp.org
+-->
+<ruleset name="tldp.org">
+	<target host="tldp.org" />
+	<target host="www.tldp.org" />
+	<target host="community.tldp.org" />
+	<target host="drone.tldp.org" />
+	<target host="git.tldp.org" />
+	<target host="new.tldp.org" />
+	<target host="sso.tldp.org" />
+	<target host="stallman.tldp.org" />
+	<target host="test.tldp.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/tldpros.com.xml b/src/chrome/content/rules/tldpros.com.xml
new file mode 100644
index 000000000000..8639d4f59594
--- /dev/null
+++ b/src/chrome/content/rules/tldpros.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- .external.tldpros.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="tldpros.com">
+
+	<target host="external.tldpros.com" />
+
+		<test url="http://external.tldpros.com/Content/Domaining/Images/750-118.jpg" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.external\.tldpros\.com" name="^ARRAffinity$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/tldrio.xml b/src/chrome/content/rules/tldrio.xml
index 4d7ca5582561..f7c567cff819 100644
--- a/src/chrome/content/rules/tldrio.xml
+++ b/src/chrome/content/rules/tldrio.xml
@@ -1,5 +1,26 @@
-<ruleset name="tldrio">
-  <target host="tldr.io" />
+<!--
+	Problematic hosts in *tldr.io:
 
-  <rule from="^http://tldr\.io/" to="https://tldr.io/"/>
+		- ^ ¹ ²
+		- api ²
+		- www ² ³
+
+	¹ Mismatched
+	² Server sends no certificate chain, see https://whatsmychaincert.com
+	³ 401
+
+
+	These altnames don't exist:
+
+		- www.api.tldr.io
+
+-->
+<ruleset name="tldr.io (partial)" default_off="cert-chain">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="api.tldr.io" />
+
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/tlgrm.ru.xml b/src/chrome/content/rules/tlgrm.ru.xml
new file mode 100644
index 000000000000..6e5bc2e24351
--- /dev/null
+++ b/src/chrome/content/rules/tlgrm.ru.xml
@@ -0,0 +1,12 @@
+<ruleset name="tlgrm.ru">
+	<target host="tlgrm.ru" />
+	<target host="www.tlgrm.ru" />
+	<target host="api.tlgrm.ru" />
+	<target host="games.tlgrm.ru" />
+	<target host="gg.tlgrm.ru" />
+	<target host="javadoc.tlgrm.ru" />
+	<target host="st.tlgrm.ru" />
+	<target host="web.tlgrm.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/tmall.com.xml b/src/chrome/content/rules/tmall.com.xml
new file mode 100644
index 000000000000..d976adc70e26
--- /dev/null
+++ b/src/chrome/content/rules/tmall.com.xml
@@ -0,0 +1,91 @@
+<!--
+	NB: Hosts may^Wwill take a long time to respond!
+
+	Fetch tests will probably receive
+	corrupted packets and resets also.
+
+
+	Nonfunctional hosts in *tmall.com:
+
+		- mymy.maowo *
+
+	* Dropped
+
+
+	^tmall.com: Dropped
+
+
+	Insecure cookies are set for these domains:
+
+		- .tmall.com
+
+
+	Mixed content:
+
+		- Image on fws from img0\d.taobaocdn.com ¹
+		- Ad/bug on fws from img.tongji.linezing.com ²
+
+	¹ Secured by us
+	² Unsecurable <= refused
+
+-->
+<ruleset name="Tmall.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="3c.tmall.com" />
+	<target host="aliqin.tmall.com" />
+	<target host="bhmc.tmall.com" />
+	<target host="car.tmall.com" />
+	<target host="cart.tmall.com" />
+	<target host="detail.tmall.com" />
+	<target host="dexinzhai.tmall.com" />
+	<target host="err.tmall.com" />
+	<target host="fw.tmall.com" />
+	<target host="fws.tmall.com" />
+	<target host="gongxiao.tmall.com" />
+	<target host="houdask.tmall.com" />
+	<target host="huawei.tmall.com" />
+	<target host="jia.tmall.com" />
+	<target host="kktvkj.tmall.com" />
+	<target host="ladygo.tmall.com" />
+	<target host="list.tmall.com" />
+	<target host="login.tmall.com" />
+	<target host="3c.m.tmall.com" />
+	<target host="mobile.tmall.com" />
+	<target host="msi.tmall.com" />
+	<target host="mybrand.tmall.com" />
+	<target host="new3c.tmall.com" />
+	<target host="pass.tmall.com" />
+	<target host="peixun.tmall.com" />
+	<target host="px.tmall.com" />
+	<target host="reg.tmall.com" />
+	<target host="register.tmall.com" />
+	<target host="rule.tmall.com" />
+	<target host="service.tmall.com" />
+	<target host="shangjia.tmall.com" />
+	<target host="shouji.tmall.com" />
+	<target host="msi.world.tmall.com" />
+	<target host="www.tmall.com"/>
+	<target host="youmiwang.tmall.com" />
+	<target host="yunos.tmall.com" />
+	<target host="zhaoshang.tmall.com" />
+	<target host="zhiku.tmall.com" />
+	<target host="zhongaiyisheng.tmall.com" />
+
+	<!--	Complications:
+				-->
+	<target host="tmall.com"/>
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.tmall\.com$" name="^(?:_tb_token|cookie2|t)$" /-->
+
+
+	<rule from="^http://tmall\.com/"
+		to="https://www.tmall.com/"/>
+
+	<rule from="^http:" to="https:"/>
+
+</ruleset>
diff --git a/src/chrome/content/rules/tmetric.com.xml b/src/chrome/content/rules/tmetric.com.xml
new file mode 100644
index 000000000000..ad61aa8e5ac5
--- /dev/null
+++ b/src/chrome/content/rules/tmetric.com.xml
@@ -0,0 +1,23 @@
+<!--
+	Connection failed:
+		test-mail.gsuite.tmetric.com
+
+	Invalid certificate:
+		mail.tmetric.com
+-->
+<ruleset name="TMetric.com">
+
+	<target host="tmetric.com" />
+	<target host="www.tmetric.com" />
+	<target host="al.tmetric.com" />
+	<target host="app.tmetric.com" />
+	<target host="beta.tmetric.com" />
+	<target host="betaid.tmetric.com" />
+	<target host="id.tmetric.com" />
+	<target host="support.tmetric.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/tmp.ninja.xml b/src/chrome/content/rules/tmp.ninja.xml
new file mode 100644
index 000000000000..8417a06d59c8
--- /dev/null
+++ b/src/chrome/content/rules/tmp.ninja.xml
@@ -0,0 +1,8 @@
+<!--
+	www doesn't exist.
+-->
+<ruleset name="tmp.ninja">
+	<target host="tmp.ninja" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/tms-media.co.uk.xml b/src/chrome/content/rules/tms-media.co.uk.xml
new file mode 100644
index 000000000000..0a62325c5a4a
--- /dev/null
+++ b/src/chrome/content/rules/tms-media.co.uk.xml
@@ -0,0 +1,20 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://agilisys.tms-media.co.uk/ => https://agilisys.tms-media.co.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'agilisys.tms-media.co.uk'")
+
+	(www.)?tms-media.co.uk: Mismatched
+
+-->
+<ruleset name="TMS-Media.co.uk (partial)" default_off="failed ruleset test">
+
+	<target host="agilisys.tms-media.co.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/tms.pl.xml b/src/chrome/content/rules/tms.pl.xml
new file mode 100644
index 000000000000..f136c9d5933c
--- /dev/null
+++ b/src/chrome/content/rules/tms.pl.xml
@@ -0,0 +1,25 @@
+<!--
+	TMS Brokers S.A.
+
+	Non-functional hosts:
+		Expired:
+		- ct.tms.pl
+
+-->
+<ruleset name="TMS.pl">
+
+	<target host="tms.pl" />
+	<target host="connect.tms.pl" />
+	<target host="instalacja.tms.pl" />
+	<target host="konkurs.tms.pl" />
+	<target host="lp.tms.pl" />
+	<target host="nonstop.tms.pl" />
+	<target host="trader.tms.pl" />
+	<target host="www.tms.pl" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/tn123.xml b/src/chrome/content/rules/tn123.xml
index b671946e81cf..cc3429e357b6 100644
--- a/src/chrome/content/rules/tn123.xml
+++ b/src/chrome/content/rules/tn123.xml
@@ -3,7 +3,6 @@
 	<target host="tn123.org"/>
 	<target host="www.tn123.org"/>
 
-	<rule from="^http://(www\.)?tn123\.org/"
-		to="https://$1tn123.org/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/tns-cs.net.xml b/src/chrome/content/rules/tns-cs.net.xml
new file mode 100644
index 000000000000..e4d5dc3a9309
--- /dev/null
+++ b/src/chrome/content/rules/tns-cs.net.xml
@@ -0,0 +1,44 @@
+<!--
+	Problematic hosts in *tns-cs.net:
+
+		- (account_name) ʳ
+
+	ʳ Refused, equivalent to another domain
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- .tns-cs.net
+		- ssl-(account_name).tns-cs.net
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="tns-cs.net (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ssl-nrk.tns-cs.net" />
+
+	<!--	Complications:
+				-->
+	<target host="nrk.tns-cs.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.tns-cs\.net$" name="^i00$" /-->
+	<!--securecookie host="^ssl-(account_name)\.tns-cs\.net$" name="^srp$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://nrk\.tns-cs\.net/"
+		to="https://ssl-nrk.tns-cs.net/" />
+
+		<test url="http://nrk.tns-cs.net/blank.gif" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/tnwcdn.com.xml b/src/chrome/content/rules/tnwcdn.com.xml
new file mode 100644
index 000000000000..2f4fcbb0a70d
--- /dev/null
+++ b/src/chrome/content/rules/tnwcdn.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="tnwcdn.com (partial)">
+	<target host="canvas.tnwcdn.com" />
+	<target host="cdn0.tnwcdn.com" />
+	<target host="cdn1.tnwcdn.com" />
+	<target host="cdn2.tnwcdn.com" />
+	<target host="cdn3.tnwcdn.com" />
+	<target host="index.tnwcdn.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/toaruos.org.xml b/src/chrome/content/rules/toaruos.org.xml
new file mode 100644
index 000000000000..f2ba87427b88
--- /dev/null
+++ b/src/chrome/content/rules/toaruos.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="toaruos.org">
+	<target host="toaruos.org" />
+	<target host="www.toaruos.org" />
+	<target host="git.toaruos.org" />
+	<target host="packages.toaruos.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/todayifoundout.com.xml b/src/chrome/content/rules/todayifoundout.com.xml
new file mode 100644
index 000000000000..80a1ab15f752
--- /dev/null
+++ b/src/chrome/content/rules/todayifoundout.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="todayifoundout.com" platform="mixedcontent">
+	<target host="todayifoundout.com" />
+	<target host="www.todayifoundout.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/togethertrust.org.uk.xml b/src/chrome/content/rules/togethertrust.org.uk.xml
new file mode 100644
index 000000000000..85f9dadf3514
--- /dev/null
+++ b/src/chrome/content/rules/togethertrust.org.uk.xml
@@ -0,0 +1,22 @@
+<!--
+	Nonfunctional hosts in *togethertrust.org.uk:
+
+		- careers ⁴
+
+	⁴ 404
+
+-->
+<ruleset name="Together Trust.org.uk (partial)">
+
+	<target host="togethertrust.org.uk" />
+	<target host="data.togethertrust.org.uk" />
+	<target host="www.togethertrust.org.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/tokenly.com.xml b/src/chrome/content/rules/tokenly.com.xml
new file mode 100644
index 000000000000..94ffe50ae666
--- /dev/null
+++ b/src/chrome/content/rules/tokenly.com.xml
@@ -0,0 +1,56 @@
+<!--
+accounts.tokenly.com ³
+blog.tokenly.com ³
+fund.tokenly.com ⁵
+apidocs.music-stage.tokenly.com ³
+pockets.tokenly.com ³
+pusher.tokenly.com ³
+pusher-stage.tokenly.com ³
+
+
+³ timed out
+⁵ expired
+-->
+<ruleset name="tokenly.com">
+	<target host="tokenly.com" />
+	<target host="www.tokenly.com" />
+	<target host="apidocs.tokenly.com" />
+	<target host="apidocs-stage.tokenly.com" />
+	<target host="bitsplit.tokenly.com" />
+	<target host="bitsplit-stage.tokenly.com" />
+	<target host="bvam.tokenly.com" />
+	<target host="bvam-stage.tokenly.com" />
+	<target host="containerbuilder.tokenly.com" />
+	<target host="deliver.tokenly.com" />
+	<target host="deliver-stage.tokenly.com" />
+	<target host="ipfs.tokenly.com" />
+	<target host="listen.tokenly.com" />
+	<target host="listen-stage.tokenly.com" />
+	<target host="music.tokenly.com" />
+	<target host="player.music.tokenly.com" />
+	<target host="music-stage.tokenly.com" />
+	<target host="player.music-stage.tokenly.com" />
+	<target host="platform-monitor.tokenly.com" />
+	<target host="pockets-service.tokenly.com" />
+	<target host="quotebot.tokenly.com" />
+	<target host="quotebot-stage.tokenly.com" />
+	<target host="redeem.tokenly.com" />
+	<target host="robohash.tokenly.com" />
+	<target host="robohash-stage.tokenly.com" />
+	<target host="slots.tokenly.com" />
+	<target host="swapbot.tokenly.com" />
+	<target host="swapbot-stage.tokenly.com" />
+	<target host="swapbotembed.tokenly.com" />
+	<target host="swapbotembed-stage.tokenly.com" />
+	<target host="swapbotstats.tokenly.com" />
+	<target host="swapbotstats-stage.tokenly.com" />
+	<target host="tokenpass.tokenly.com" />
+	<target host="tokenpass-stage.tokenly.com" />
+	<target host="tokenrank.tokenly.com" />
+	<target host="tokenrank-stage.tokenly.com" />
+	<target host="xchain-stage.tokenly.com" />
+	<target host="xwallet.tokenly.com" />
+	<target host="xwallet-stage.tokenly.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/tokyo2020.jp.xml b/src/chrome/content/rules/tokyo2020.jp.xml
new file mode 100644
index 000000000000..b4b5fe5de2e3
--- /dev/null
+++ b/src/chrome/content/rules/tokyo2020.jp.xml
@@ -0,0 +1,18 @@
+<!--
+www.tokyo2020.jp mismatch
+sorry.tokyo2020.jp mismatch
+-->
+<ruleset name="tokyo2020.jp">
+	<target host="tokyo2020.jp" />
+	<target host="www.tokyo2020.jp" />
+	<target host="m.tokyo2020.jp" />
+	<target host="media.tokyo2020.jp" />
+	<target host="pregamestraining.tokyo2020.jp" />
+	<target host="id.tokyo2020.jp" />
+	<target host="trainingcamp.tokyo2020.jp" />
+
+	<rule from="^http://www\.tokyo2020\.jp/"
+		to="https://tokyo2020.jp/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/tomgate.net.xml b/src/chrome/content/rules/tomgate.net.xml
new file mode 100644
index 000000000000..17618f8a572a
--- /dev/null
+++ b/src/chrome/content/rules/tomgate.net.xml
@@ -0,0 +1,85 @@
+<!--
+air.tomgate.net ⁴
+bart.tomgate.net ⁴
+box.tomgate.net ²
+alfalab.client.tomgate.net ³
+breeze.client.tomgate.net ³
+digestfm.client.tomgate.net ³
+etalon20.client.tomgate.net ²
+etasrv2.client.tomgate.net ³
+govorusha.client.tomgate.net ³
+krasotasm.client.tomgate.net ³
+maxim.client.tomgate.net ³
+mipor.client.tomgate.net ³
+sb.client.tomgate.net ³
+sibnedra.client.tomgate.net ³
+sibriver.client.tomgate.net ³
+sinergo.client.tomgate.net ³
+srcmol.client.tomgate.net ³
+svet70.client.tomgate.net ³
+tngp.client.tomgate.net ³
+toktb.client.tomgate.net ³
+tomsklab.client.tomgate.net ³
+ts70.client.tomgate.net ³
+colo-gw.tomgate.net ¹
+colo2-gw.tomgate.net ¹
+core-sw.tomgate.net ²
+edge2.tomgate.net ¹
+homer.tomgate.net ¹
+homer-srv.tomgate.net ¹
+host24-5.tomgate.net ¹
+hosting.tomgate.net ⁴
+imap.tomgate.net ¹
+internet.tomgate.net ¹
+internet-ext.tomgate.net ²
+internet-ext-gw.tomgate.net ²
+internet-gw.tomgate.net ¹
+jasmina.tomgate.net ³
+kinomax.tomgate.net ⁴
+l3-mar8-core.tomgate.net ¹
+l3-mat8.tomgate.net ¹
+lan32-gw.tomgate.net ¹
+lunev.tomgate.net ¹
+maggie.tomgate.net ²
+mail.tomgate.net ¹
+marge.tomgate.net ²
+mtandnat.tomgate.net ³
+neotelecom.tomgate.net ³
+netcom.tomgate.net ³
+netcom-gw.tomgate.net ²
+new.tomgate.net ¹
+noc.tomgate.net ¹
+ns1.tomgate.net ²
+ns2.tomgate.net ¹
+ns3.tomgate.net ⁴
+ns4.tomgate.net ⁴
+promregion-gw.tomgate.net ¹
+revolution.tomgate.net ¹
+sibinet.tomgate.net ³
+sibinet-gw.tomgate.net ²
+smtp.tomgate.net ¹
+something.tomgate.net ¹
+stepnet.tomgate.net ²
+stepnet-gw.tomgate.net ²
+styx.tomgate.net ³
+support.tomgate.net ¹
+symmetra.tomgate.net ¹
+vitim-vl3515-gw.tomgate.net ¹
+vpn-peer.tomgate.net ¹
+vpn2.tomgate.net ¹
+welena.tomgate.net ¹
+air.tomgate.net:8001/: (35, 'Unknown SSL protocol error in connection to air.tomgate.net:8001 ')
+
+
+¹ mismatch
+² refused
+³ timed out
+⁴ self signed
+-->
+<ruleset name="tomgate.net">
+	<target host="tomgate.net" />
+	<target host="www.tomgate.net" />
+	<target host="access.tomgate.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/tomritterbassljd.onion.xml b/src/chrome/content/rules/tomritterbassljd.onion.xml
new file mode 100644
index 000000000000..4352ca0ce50d
--- /dev/null
+++ b/src/chrome/content/rules/tomritterbassljd.onion.xml
@@ -0,0 +1,14 @@
+<!--
+	For related clearnet domain rules, see Ritter.vg.xml
+
+-->
+<ruleset name="Ritter.vg (onion)">
+
+	<target host="tomritterbassljd.onion" />
+	<target host="www.tomritterbassljd.onion" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/tomtel.ru.xml b/src/chrome/content/rules/tomtel.ru.xml
new file mode 100644
index 000000000000..376866102401
--- /dev/null
+++ b/src/chrome/content/rules/tomtel.ru.xml
@@ -0,0 +1,23 @@
+<!--
+tomtel.ru self signed
+www.tomtel.ru self signed
+bonus.tomtel.ru self signed
+catalog.tomtel.ru timed out
+disk.tomtel.ru timed out
+ftp.tomtel.ru timed out
+germes.tomtel.ru mismatch
+hosting.tomtel.ru self signed
+sport.tomtel.ru self signed
+tv.tomtel.ru mismatch
+www.tomtel.ru self signed
+ttzk.tomtel.ru timed out
+icepilots.tomtel.ru mismatch
+eht.tomtel.ru self signed
+ns2.hosting.tomtel.ru nonexist
+ftp.winka.tomtel.ru self signed
+-->
+<ruleset name="tomtel.ru (partial)">
+	<target host="bill.tomtel.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/tonicdev.com.xml b/src/chrome/content/rules/tonicdev.com.xml
new file mode 100644
index 000000000000..748c973bec34
--- /dev/null
+++ b/src/chrome/content/rules/tonicdev.com.xml
@@ -0,0 +1,10 @@
+<!--
+blog.tonicdev.com mismatch
+-->
+<ruleset name="tonicdev.com">
+	<target host="tonicdev.com" />
+	<target host="www.tonicdev.com" />
+	<target host="discuss.tonicdev.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/tonmo.com.xml b/src/chrome/content/rules/tonmo.com.xml
new file mode 100644
index 000000000000..fbe3eb996238
--- /dev/null
+++ b/src/chrome/content/rules/tonmo.com.xml
@@ -0,0 +1,14 @@
+<ruleset name="Tonmo.com">
+
+	<target host="tonmo.com" />
+	<target host="www.tonmo.com" />
+
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/tools4noobs.com.xml b/src/chrome/content/rules/tools4noobs.com.xml
new file mode 100644
index 000000000000..93539a19be2b
--- /dev/null
+++ b/src/chrome/content/rules/tools4noobs.com.xml
@@ -0,0 +1,19 @@
+<!--
+dir.tools4noobs.com non-2xx http code
+indy.tools4noobs.com non-2xx http code
+media.tools4noobs.com non-2xx http code
+www.media.tools4noobs.com/: (35, 'error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error')
+nitroglicerine.tools4noobs.com non-2xx http code
+ns1.tools4noobs.com ⁴
+support.tools4noobs.com ⁴
+whois.tools4noobs.com ⁴
+
+
+⁴ self signed
+-->
+<ruleset name="tools4noobs.com">
+	<target host="tools4noobs.com" />
+	<target host="www.tools4noobs.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/topachat.com.xml b/src/chrome/content/rules/topachat.com.xml
new file mode 100644
index 000000000000..f89e08288e50
--- /dev/null
+++ b/src/chrome/content/rules/topachat.com.xml
@@ -0,0 +1,18 @@
+<!--
+	Connection refused:
+		topachat.com
+-->
+<ruleset name="topachat.com">
+	<target host="topachat.com" />
+	<target host="www.topachat.com" />
+	<target host="cart.topachat.com" />
+	<target host="client.topachat.com" />
+	<target host="customer.topachat.com" />
+	<target host="eptica.topachat.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://topachat\.com/" to="https://www.topachat.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/topekazoo.org.xml b/src/chrome/content/rules/topekazoo.org.xml
new file mode 100644
index 000000000000..f31ec99b4125
--- /dev/null
+++ b/src/chrome/content/rules/topekazoo.org.xml
@@ -0,0 +1,16 @@
+<!--
+	Invalid certificate:
+		email.topekazoo.org
+		imap.topekazoo.org
+		mail.topekazoo.org
+		pop.topekazoo.org
+		smtp.topekazoo.org
+		webmail.topekazoo.org
+-->
+<ruleset name="topekazoo.org">
+	<target host="topekazoo.org" />
+	<target host="www.topekazoo.org" />
+	<target host="store.topekazoo.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/topg.org.xml b/src/chrome/content/rules/topg.org.xml
new file mode 100644
index 000000000000..eb205e1cbb5f
--- /dev/null
+++ b/src/chrome/content/rules/topg.org.xml
@@ -0,0 +1,6 @@
+<ruleset name="topg.org">
+	<target host="topg.org"/>
+	<target host="www.topg.org"/>
+
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/topicbox.com.xml b/src/chrome/content/rules/topicbox.com.xml
new file mode 100644
index 000000000000..10da918a6f8c
--- /dev/null
+++ b/src/chrome/content/rules/topicbox.com.xml
@@ -0,0 +1,33 @@
+<!-- 
+	For other Fastmail coverage, see Fastmail.xml 
+
+	Invalid certificate:
+
+		- api.stage.topicbox.com 	CN mismatch
+-->
+
+<ruleset name="topicbox.com">
+	<target host="topicbox.com" />
+	<target host="www.topicbox.com" />
+
+	<target host="api.topicbox.com" />
+	<target host="carpentries.topicbox.com" />
+	<target host="fasterize.topicbox.com" />
+	<target host="gmgma.topicbox.com" />
+	<target host="hacklondon.topicbox.com" />
+	<target host="iapp.topicbox.com" />
+	<target host="illumos.topicbox.com" />
+	<target host="k4.topicbox.com" />
+	<target host="openzfs.topicbox.com" />
+	<target host="postmaster.topicbox.com" />
+	<target host="sea.topicbox.com" />
+	<target host="stage.topicbox.com" />
+	<target host="thunderbird.topicbox.com" />
+
+	<target host="topicbox.blog" />
+	<target host="www.topicbox.blog" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/toppreise.ch.xml b/src/chrome/content/rules/toppreise.ch.xml
new file mode 100644
index 000000000000..512473b0856e
--- /dev/null
+++ b/src/chrome/content/rules/toppreise.ch.xml
@@ -0,0 +1,35 @@
+<!--
+	Nonfunctional hosts in *toppreise.ch:
+
+		- buch ʳ
+		- music ʳ
+		- musik ʳ
+		- musique ʳ
+
+	ʳ Refused
+
+
+	Insecure cookies are set for these domains:
+
+		- .toppreise.ch
+
+-->
+<ruleset name="Toppreise.ch (partial)">
+
+	<target host="toppreise.ch" />
+	<target host="imgsrv.toppreise.ch" />
+	<target host="m.toppreise.ch" />
+	<target host="www.toppreise.ch" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.toppreise\.ch$" name="^(?:SID|cses|lang|tpusrcId)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/topshop.com.xml b/src/chrome/content/rules/topshop.com.xml
new file mode 100644
index 000000000000..90ce694afb41
--- /dev/null
+++ b/src/chrome/content/rules/topshop.com.xml
@@ -0,0 +1,116 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://insideout.topshop.com/2012/05/get-ready-for-richard-nicoll-bridal (200) => https://www.topshop.com/blog/2012/05/get-ready-for-richard-nicoll-bridal (403)
+Fetch error: http://topshop.com/ => https://topshop.com/: (51, "SSL: no alternative certificate subject name matches target host name 'topshop.com'")
+Non-2xx HTTP code: http://au.topshop.com/ (200) => https://au.topshop.com/ (403)
+Fetch error: http://cdn-au.topshop.com/ => https://cdn-au.topshop.com/: (6, 'Could not resolve host: cdn-au.topshop.com')
+Non-2xx HTTP code: http://de.topshop.com/ (200) => https://de.topshop.com/ (403)
+Non-2xx HTTP code: http://eu.topshop.com/ (200) => https://eu.topshop.com/ (403)
+Non-2xx HTTP code: http://fr.topshop.com/ (200) => https://fr.topshop.com/ (403)
+Non-2xx HTTP code: http://sg.topshop.com/ (200) => https://sg.topshop.com/ (403)
+Non-2xx HTTP code: http://insideout.topshop.com/ (200) => https://www.topshop.com/blog/ (403)
+
+	Nonfunctional hosts in *topshop.com:
+
+		- www.careers ᶠ
+		- japan ᵃ
+
+	ᵃ Shows another domain
+	ᶠ Handshake fails
+
+
+	Problematic hosts in *topshop.com:
+
+		- insideout ʳ
+		- m ᵀ
+		- m.us ᵀ
+
+	ᵀ Blocks Tor users
+	ʳ Refused, preemptable redirect
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- .topshop.com
+		- de.topshop.com
+		- eu.topshop.com
+		- fr.topshop.com
+		- .fr.topshop.com
+		- il.topshop.com
+		- .il.topshop.com
+		- cdn.il.topshop.com
+		- incdn.il.topshop.com
+		- m.topshop.com
+		- my.topshop.com
+		- .my.topshop.com
+		- sg.topshop.com
+		- .sg.topshop.com
+		- th.topshop.com
+		- .th.topshop.com
+		- .us.topshop.com
+		- m.us.topshop.com
+		- www.topshop.com
+		- .www.topshop.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Topshop.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="topshop.com" />
+	<target host="au.topshop.com" />
+	<target host="cdn-au.topshop.com" />
+	<target host="de.topshop.com" />
+	<target host="eu.topshop.com" />
+	<target host="fr.topshop.com" />
+	<target host="il.topshop.com" />
+	<target host="cdn.il.topshop.com" />
+	<target host="incdn.il.topshop.com" />
+	<target host="media.topshop.com" />
+	<target host="mediaus.topshop.com" />
+	<target host="my.topshop.com" />
+	<target host="sg.topshop.com" />
+	<target host="sstats.topshop.com" />
+	<target host="us.topshop.com" />
+	<target host="www.topshop.com" />
+
+	<!--	Complications:
+				-->
+	<target host="insideout.topshop.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.topshop\.com$" name="^(?:incap_ses_\d+_\d+|s_vi|visid_incap_\d+)$" /-->
+	<!--securecookie host="^de\.topshop\.com$" name="^(?:akavpau_VP_TS|usergeo)$" /-->
+	<!--securecookie host="^eu\.topshop\.com$" name="^(?:WC_ACTIVEPOINTER|WC_AUTHENTICATION_-\d+|WC_GENERIC_ACTIVITYDATA|WC_PERSISTENT|WC_SESSION_ESTABLISHED|WC_USERACTIVITY_-\d+|akavpau_VP_TS)$" /-->
+	<!--securecookie host="^fr\.topshop\.com$" name="^(?:Apache|JSESSIONID|WC_PERSISTENT|akavpau_VP_TS|usergeo)$" /-->
+	<!--securecookie host="^\.fr\.topshop\.com$" name="^geoIpCtry$" /-->
+	<!--securecookie host="^\.(?:fr|us|www)\.topshop\.com$" name="^usergeo$" /-->
+	<!--securecookie host="^(?:cdn\.|incdn\.)?il\.topshop\.com$" name="^___utm" /-->
+	<!--securecookie host="^\.il\.topshop\.com$" name="^(?:frontend|incap_ses_\d+_\d+)$" /-->
+	<!--securecookie host="^(?:m|th|m\.us|www)\.topshop\.com$" name="^akavpau_VP_TS$" /-->
+	<!--securecookie host="^my\.topshop\.com$" name="^(?:Apache|akavpau_VP_TS)$" /-->
+	<!--securecookie host="^sg\.topshop\.com$" name="^(?:Apache|akavpau_VP_TS)$" /-->
+	<!--securecookie host="^\.sg\.topshop\.com$" name="^(?:prefShipCtry|userCountry\userLanguage|usergeo)$" /-->
+	<!--securecookie host="^\.(?:fr|us|www)\.topshop\.com$" name="^usergeo$" /-->
+	<!--securecookie host="^www\.topshop\.com$" name="^akavpau_VP_TS$" /-->
+
+	<securecookie host="^\." name="^(?:__qca|_ga|s_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<!--	Redirect keeps all but forward slash:
+							-->
+	<rule from="^http://insideout\.topshop\.com/+"
+		to="https://www.topshop.com/blog/" />
+
+		<test url="http://insideout.topshop.com/2012/05/get-ready-for-richard-nicoll-bridal" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/topspb.tv.xml b/src/chrome/content/rules/topspb.tv.xml
new file mode 100644
index 000000000000..3d81b4b8a079
--- /dev/null
+++ b/src/chrome/content/rules/topspb.tv.xml
@@ -0,0 +1,8 @@
+<ruleset name="topspb.tv">
+	<target host="topspb.tv" />
+	<target host="www.topspb.tv" />
+	<target host="starts.topspb.tv" />
+	<target host="server1.topspb.tv" />
+	<target host="server2.topspb.tv" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/topuniversities.com.xml b/src/chrome/content/rules/topuniversities.com.xml
new file mode 100644
index 000000000000..cea5110496f6
--- /dev/null
+++ b/src/chrome/content/rules/topuniversities.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="Top Universities">
+
+	<target host="topuniversities.com" />
+	<target host="www.topuniversities.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/topwar.ru.xml b/src/chrome/content/rules/topwar.ru.xml
new file mode 100644
index 000000000000..feea42d8430a
--- /dev/null
+++ b/src/chrome/content/rules/topwar.ru.xml
@@ -0,0 +1,18 @@
+<!--
+www.topwar.ru ¹
+forum.topwar.ru ⁶
+wf.topwar.ru ¹
+mt.topwar.ru ¹
+
+
+¹ mismatch
+⁶ redirects
+-->
+<ruleset name="topwar.ru">
+	<target host="topwar.ru" />
+	<target host="www.topwar.ru" />
+	<target host="cdn.topwar.ru" />
+	<rule from="^http://www\.topwar\.ru/"
+		to="https://topwar.ru/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/tori.net.xml b/src/chrome/content/rules/tori.net.xml
new file mode 100644
index 000000000000..d2963c2aa886
--- /dev/null
+++ b/src/chrome/content/rules/tori.net.xml
@@ -0,0 +1,81 @@
+<!--
+	Note: platform is so as not to increase non-Tor
+	distinguishability, given that no pages are covered
+	and no mixed content secured.
+
+
+	CDN buckets:
+
+		- d38a5rkle4vfil.cloudfront.net	← static
+
+
+	(www.)?tori.net: dropped
+
+
+	Problematic hosts in *tori.net:
+
+		- cp ᶜ
+		- static ᵐ
+		- www2 ᵉ ᵘ
+
+	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
+	ᵉ Expired
+	ᵐ Cloudfront / mismatched
+	ᵘ Untrusted root
+
+
+	Insecure cookies are set for these domains: ᶜ
+
+		- .tori.net
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css on cp from www.tori.fi ᵈ
+		- Images on cp from www.tori.fi ᵈ
+
+		- Bugs, on:
+
+			- cp from logc183.xiti.com ˢ
+			- www2 from tori.spring-tns.net ˢ
+
+	ᵈ Unseurable <= dropped
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="tori.net (partial)" platform="mixedcontent">
+
+	<!--	Direct rewrites:
+				-->
+	<!--target host="cp.tori.net" /-->
+
+	<!--	Complications:
+				-->
+	<target host="media.tori.net" />
+	<!--target host="static.tori.net" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.tori\.fi$" name="^s$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+		<test url="http://media.tori.net/image/images_150x100/42/4263752581.jpg" />
+
+	<!--rule from="^http://static\.tori\.net/"
+		to="https://???.cloudfront.net/" /-->
+
+		<!--
+		<test url="http://static.tori.net/img/transparent.gif" />
+		-->
+
+	<!--rule from="^http:"
+		to="https:" /-->
+
+</ruleset>
diff --git a/src/chrome/content/rules/tornadoliste.de.xml b/src/chrome/content/rules/tornadoliste.de.xml
new file mode 100644
index 000000000000..a23edf48d88d
--- /dev/null
+++ b/src/chrome/content/rules/tornadoliste.de.xml
@@ -0,0 +1,18 @@
+<ruleset name="Tornadoliste Deutschland">
+
+	<target host="tornadoliste.de" />
+	<target host="www.tornadoliste.de" />
+	<target host="img.tornadoliste.de" />
+	<target host="scripts.tornadoliste.de" />
+	<target host="tad.tornadoliste.de" />
+	<target host="uploads.tornadoliste.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<!-- Invalid certificate on https://tornadoliste.de/ -->
+	<rule from="^http://tornadoliste\.de/"
+		to="https://www.tornadoliste.de/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/torpat.ch.xml b/src/chrome/content/rules/torpat.ch.xml
new file mode 100644
index 000000000000..16aa7bc0953b
--- /dev/null
+++ b/src/chrome/content/rules/torpat.ch.xml
@@ -0,0 +1,8 @@
+<ruleset name="torpat.ch">
+	<target host="torpat.ch" />
+	<target host="www.torpat.ch" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/torrentdownload.ch.xml b/src/chrome/content/rules/torrentdownload.ch.xml
new file mode 100644
index 000000000000..b5908e9ace3e
--- /dev/null
+++ b/src/chrome/content/rules/torrentdownload.ch.xml
@@ -0,0 +1,6 @@
+<ruleset name="torrentdownload.ch">
+	<target host="torrentdownload.ch" />
+	<target host="www.torrentdownload.ch" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/torrentdownloads.me.xml b/src/chrome/content/rules/torrentdownloads.me.xml
new file mode 100644
index 000000000000..8c0acc595b1f
--- /dev/null
+++ b/src/chrome/content/rules/torrentdownloads.me.xml
@@ -0,0 +1,14 @@
+<ruleset name="TorrentDownloads">
+	<target host="torrentdownloads.cc" />
+	<target host="www.torrentdownloads.cc" />
+	<target host="torrentdownloads.co" />
+	<target host="www.torrentdownloads.co" />
+	<target host="torrentdownloads.me" />
+	<target host="www.torrentdownloads.me" />
+	<target host="torrentdownloads.net" />
+	<target host="www.torrentdownloads.net" />
+	<target host="torrentsdownload.co" />
+	<target host="www.torrentsdownload.co" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/torrenthound.com.xml b/src/chrome/content/rules/torrenthound.com.xml
new file mode 100644
index 000000000000..564694486713
--- /dev/null
+++ b/src/chrome/content/rules/torrenthound.com.xml
@@ -0,0 +1,14 @@
+<!--
+a.mx.torrenthound.com/: (35, 'error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error')
+dc-cf22092d-a.mx.torrenthound.com ²
+
+
+² refused
+-->
+<ruleset name="torrenthound.com">
+	<target host="torrenthound.com" />
+	<target host="www.torrenthound.com" />
+	<target host="i.torrenthound.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/torrents-time.com.xml b/src/chrome/content/rules/torrents-time.com.xml
new file mode 100644
index 000000000000..e53c5fd53aa6
--- /dev/null
+++ b/src/chrome/content/rules/torrents-time.com.xml
@@ -0,0 +1,14 @@
+<ruleset name="Torrents-Time.com">
+
+	<target host="torrents-time.com" />
+	<target host="cdn.torrents-time.com" />
+	<target host="www.torrents-time.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/torrents.me.xml b/src/chrome/content/rules/torrents.me.xml
new file mode 100644
index 000000000000..99d9f0025596
--- /dev/null
+++ b/src/chrome/content/rules/torrents.me.xml
@@ -0,0 +1,13 @@
+<ruleset name="Torrents.me">
+
+	<target host="torrents.me"/>
+	<target host="www.torrents.me"/>
+	<target host="cdn.torrents.me"/>
+	<target host="torrents.to" />
+	<target host="www.torrents.to" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/tortall.net.xml b/src/chrome/content/rules/tortall.net.xml
new file mode 100644
index 000000000000..33874b754536
--- /dev/null
+++ b/src/chrome/content/rules/tortall.net.xml
@@ -0,0 +1,8 @@
+<ruleset name="tortall.net">
+	<target host="tortall.net" />
+	<target host="www.tortall.net" />
+	<target host="cvs.tortall.net" />
+	<target host="yasm.tortall.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/totalpolitics.com.xml b/src/chrome/content/rules/totalpolitics.com.xml
new file mode 100644
index 000000000000..12b29cd9ff14
--- /dev/null
+++ b/src/chrome/content/rules/totalpolitics.com.xml
@@ -0,0 +1,22 @@
+<!--
+	Mixed content:
+
+		- Image from www.totalpolitics.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="TotalPolitics.com">
+
+	<target host="totalpolitics.com" />
+	<target host="www.totalpolitics.com" />
+
+
+	<securecookie host="^\." name="^_ga" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/toughchoices.co.uk.xml b/src/chrome/content/rules/toughchoices.co.uk.xml
new file mode 100644
index 000000000000..965879e8a781
--- /dev/null
+++ b/src/chrome/content/rules/toughchoices.co.uk.xml
@@ -0,0 +1,17 @@
+<!--
+	For other UK government coverage, see GOV.UK.xml.
+
+-->
+<ruleset name="Tough Choices.co.uk">
+
+	<target host="toughchoices.co.uk" />
+	<target host="www.toughchoices.co.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/towelroot.xml b/src/chrome/content/rules/towelroot.xml
new file mode 100644
index 000000000000..dec7d1e72850
--- /dev/null
+++ b/src/chrome/content/rules/towelroot.xml
@@ -0,0 +1,7 @@
+<ruleset name="towelroot">
+	<target host="towelroot.com" />
+	<target host="www.towelroot.com" />
+
+	<rule from="^http://(?:www\.)?towelroot\.com/"
+		to="https://towelroot.com/" />
+</ruleset>
diff --git a/src/chrome/content/rules/toynews-online.biz.xml b/src/chrome/content/rules/toynews-online.biz.xml
new file mode 100644
index 000000000000..0e3b6fb7c7a6
--- /dev/null
+++ b/src/chrome/content/rules/toynews-online.biz.xml
@@ -0,0 +1,36 @@
+<!--
+	For other NewsBay Media coverage, see Intent-Media.xml.
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.toynews-online.biz
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css on www from fonts.googleapis.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="ToyNews-online.biz" default_off="testing">
+
+	<target host="toynews-online.biz" />
+	<target host="subs.toynews-online.biz" />
+	<target host="www.toynews-online.biz" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.toynews-online\.biz$" name="(?:^DeviceClass|Session)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/toyou.co.uk.xml b/src/chrome/content/rules/toyou.co.uk.xml
new file mode 100644
index 000000000000..75c49499ed5c
--- /dev/null
+++ b/src/chrome/content/rules/toyou.co.uk.xml
@@ -0,0 +1,17 @@
+<!--
+	For other Wal-Mart coverage, see Walmart.com.xml.
+
+-->
+<ruleset name="toyou.co.uk">
+
+	<target host="toyou.co.uk" />
+	<target host="www.toyou.co.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/tpb.gr.xml b/src/chrome/content/rules/tpb.gr.xml
new file mode 100644
index 000000000000..2a5a6922eca9
--- /dev/null
+++ b/src/chrome/content/rules/tpb.gr.xml
@@ -0,0 +1,8 @@
+<ruleset name="tpb.gr">
+	<target host="tpb.gr" />
+	<target host="www.tpb.gr" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/tpblist.xyz.xml b/src/chrome/content/rules/tpblist.xyz.xml
new file mode 100644
index 000000000000..2a435c79eaa3
--- /dev/null
+++ b/src/chrome/content/rules/tpblist.xyz.xml
@@ -0,0 +1,82 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://proxybay.press/ => https://proxybay.press/: (7, 'Failed to connect to proxybay.press port 443: Connection timed out')
+Fetch error: http://www.proxybay.press/ => https://www.proxybay.press/: (7, 'Failed to connect to www.proxybay.press port 443: Connection timed out')
+Fetch error: http://proxybay.bid/ => https://proxybay.bid/: (6, 'Could not resolve host: proxybay.bid')
+Fetch error: http://www.proxybay.bid/ => https://www.proxybay.bid/: (6, 'Could not resolve host: www.proxybay.bid')
+Fetch error: http://tpb.accountant/ => https://tpb.accountant/: (6, 'Could not resolve host: tpb.accountant')
+Fetch error: http://www.tpb.accountant/ => https://www.tpb.accountant/: (6, 'Could not resolve host: www.tpb.accountant')
+Fetch error: http://tpb.cricket/ => https://tpb.cricket/: (6, 'Could not resolve host: tpb.cricket')
+Fetch error: http://www.tpb.cricket/ => https://www.tpb.cricket/: (6, 'Could not resolve host: www.tpb.cricket')
+Fetch error: http://tpb.review/ => https://tpb.review/: (6, 'Could not resolve host: tpb.review')
+Fetch error: http://www.tpb.review/ => https://www.tpb.review/: (6, 'Could not resolve host: www.tpb.review')
+Fetch error: http://piratebay.unlockproject.us/ => https://piratebay.unlockproject.us/: (51, "SSL: no alternative certificate subject name matches target host name 'piratebay.unlockproject.us'")
+Fetch error: http://piratebay.ukbypass.xyz/ => https://piratebay.ukbypass.xyz/: (6, 'Could not resolve host: piratebay.ukbypass.xyz')
+Fetch error: http://piratebay.usbypass.xyz/ => https://piratebay.usbypass.xyz/: (6, 'Could not resolve host: piratebay.usbypass.xyz')
+Fetch error: http://piratebay.esbypass.download/ => https://piratebay.esbypass.download/: (6, 'Could not resolve host: piratebay.esbypass.download')
+Fetch error: http://piratebay.esbypass.xyz/ => https://piratebay.esbypass.xyz/: (6, 'Could not resolve host: piratebay.esbypass.xyz')
+Fetch error: http://piratebay.inbypass.download/ => https://piratebay.inbypass.download/: (6, 'Could not resolve host: piratebay.inbypass.download')
+Fetch error: http://piratebay.inbypass.xyz/ => https://piratebay.inbypass.xyz/: (6, 'Could not resolve host: piratebay.inbypass.xyz')
+Fetch error: http://tpb.unblock.bid/ => https://tpb.unblock.bid/: (6, 'Could not resolve host: tpb.unblock.bid')
+Fetch error: http://tpb.unlockme.site/ => https://tpb.unlockme.site/: (6, 'Could not resolve host: tpb.unlockme.site')
+Fetch error: http://tpb.unlockme.download/ => https://tpb.unlockme.download/: (6, 'Could not resolve host: tpb.unlockme.download')
+Fetch error: http://tpb.unlockme.top/ => https://tpb.unlockme.top/: (6, 'Could not resolve host: tpb.unlockme.top')
+Fetch error: http://tpb.tormirror.download/ => https://tpb.tormirror.download/: (6, 'Could not resolve host: tpb.tormirror.download')
+
+www.ahoy.one nonexist
+tpb.proxyduck.net self signed
+www.pbp.rocks refused
+-->
+<!--The Pirate Bay proxies from tpblist.xyz Main ruleset: ThePirateBay.xml-->
+<ruleset name="tpblist.xyz" default_off="failed ruleset test">
+	<target host="tpblist.xyz" />
+	<target host="www.tpblist.xyz" />
+	<target host="tpb.host" />
+	<target host="www.tpb.host" />
+	<target host="proxybay.press" />
+	<target host="www.proxybay.press" />
+	<target host="proxybay.bid" />
+	<target host="www.proxybay.bid" />
+	<target host="tpb-proxy.top" />
+	<target host="www.tpb-proxy.top" />
+	<target host="tpb.accountant" />
+	<target host="www.tpb.accountant" />
+	<target host="tpb.cricket" />
+	<target host="www.tpb.cricket" />
+	<target host="tpb.review" />
+	<target host="www.tpb.review" />
+	<target host="piratebay.unlockproject.com" />
+	<target host="piratebay.unlockproject.online" />
+	<target host="piratebay.unlockproject.xyz" />
+	<target host="piratebay.unlockproject.us" />
+	<target host="piratebay.unlockproject.tech" />
+	<target host="piratebay.unlockproject.top" />
+	<target host="piratebay.unlockproject.win" />
+	<target host="piratebay.unlockproject.download" />
+	<target host="piratebay.unlockproject.bid" />
+	<target host="piratebay.unlockproject.host" />
+	<target host="piratebay.unlockproject.pw" />
+	<target host="piratebay.ukbypass.top" />
+	<target host="piratebay.ukbypass.online" />
+	<target host="piratebay.ukbypass.xyz" />
+	<target host="piratebay.usbypass.top" />
+	<target host="piratebay.usbypass.online" />
+	<target host="piratebay.usbypass.xyz" />
+	<target host="piratebay.esbypass.download" />
+	<target host="piratebay.esbypass.xyz" />
+	<target host="piratebay.inbypass.download" />
+	<target host="piratebay.inbypass.xyz" />
+	<target host="tpb.unblock.bid" />
+	<target host="tpb.unlockme.site" />
+	<target host="tpb.unlockme.download" />
+	<target host="tpb.unlockme.top" />
+	<target host="tpb.tormirror.download" />
+	<target host="tpb.unlockme.club" />
+	<target host="tpb.unlockme.online" />
+	<target host="tpb.unlockme.space" />
+	<target host="tpb.unlockme.bid" />
+	<target host="thepiratebay_org.unblocked.lol" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/tpprf.ru.xml b/src/chrome/content/rules/tpprf.ru.xml
new file mode 100644
index 000000000000..f70824f82785
--- /dev/null
+++ b/src/chrome/content/rules/tpprf.ru.xml
@@ -0,0 +1,214 @@
+<!--
+ach.tpprf.ru ³
+agro.tpprf.ru ⁴
+brics.tpprf.ru ³
+cciexperts.tpprf.ru non-2xx http code
+sim.eav.tpprf.ru ¹
+gw.tpprf.ru ³
+imxo.tpprf.ru ³
+karnet.tpprf.ru ⁴
+lists.tpprf.ru ³
+mail.tpprf.ru ³
+nm.tpprf.ru ³
+ns.tpprf.ru ³
+sim.of.tpprf.ru ¹
+old.tpprf.ru ³
+reestr.tpprf.ru ⁷
+srvdebex.tpprf.ru ⁷
+srvtconf.tpprf.ru ³
+sim.st1.tpprf.ru ¹
+sim.st1uz.tpprf.ru ¹
+subcontract.tpprf.ru ³
+v.tpprf.ru ³
+zakupki.tpprf.ru non-2xx http code
+
+
+¹ mismatch
+³ timed out
+⁴ self signed
+⁷ protocol error
+-->
+<ruleset name="tpprf.ru">
+	<target host="tpprf.ru" />
+	<target host="www.tpprf.ru" />
+	<target host="abinsk.tpprf.ru" />
+	<target host="adr.tpprf.ru" />
+	<target host="altai.tpprf.ru" />
+	<target host="amur.tpprf.ru" />
+	<target host="anapa.tpprf.ru" />
+	<target host="apsheronsk.tpprf.ru" />
+	<target host="armavir.tpprf.ru" />
+	<target host="astrakhan.tpprf.ru" />
+	<target host="au-sk.tpprf.ru" />
+	<target host="belgorod.tpprf.ru" />
+	<target host="belorechensk.tpprf.ru" />
+	<target host="benelux-france.tpprf.ru" />
+	<target host="bryansk.tpprf.ru" />
+	<target host="bulgaria.tpprf.ru" />
+	<target host="central-asia.tpprf.ru" />
+	<target host="certsoft.tpprf.ru" />
+	<target host="chechnya.tpprf.ru" />
+	<target host="china.tpprf.ru" />
+	<target host="chita.tpprf.ru" />
+	<target host="chuvashia.tpprf.ru" />
+	<target host="comoffers.tpprf.ru" />
+	<target host="crimea.tpprf.ru" />
+	<target host="dinsk.tpprf.ru" />
+	<target host="dmitrov.tpprf.ru" />
+	<target host="dzno.tpprf.ru" />
+	<target host="eastern-asia.tpprf.ru" />
+	<target host="electrostal.tpprf.ru" />
+	<target host="evao.tpprf.ru" />
+	<target host="events.tpprf.ru" />
+	<target host="fryazino.tpprf.ru" />
+	<target host="gelendzhik.tpprf.ru" />
+	<target host="germany.tpprf.ru" />
+	<target host="gk.tpprf.ru" />
+	<target host="gubkin.tpprf.ru" />
+	<target host="gulkevichi.tpprf.ru" />
+	<target host="hmao.tpprf.ru" />
+	<target host="ifip.tpprf.ru" />
+	<target host="india.tpprf.ru" />
+	<target host="istra.tpprf.ru" />
+	<target host="ivanovo.tpprf.ru" />
+	<target host="kaliningrad.tpprf.ru" />
+	<target host="kalmykia.tpprf.ru" />
+	<target host="kaluga.tpprf.ru" />
+	<target host="kamenskshah.tpprf.ru" />
+	<target host="kamyshin.tpprf.ru" />
+	<target host="test.karnet.tpprf.ru" />
+	<target host="kbr.tpprf.ru" />
+	<target host="kchr.tpprf.ru" />
+	<target host="khakassia.tpprf.ru" />
+	<target host="khimki.tpprf.ru" />
+	<target host="kirov.tpprf.ru" />
+	<target host="kolchugino.tpprf.ru" />
+	<target host="kolomna.tpprf.ru" />
+	<target host="korenovsk.tpprf.ru" />
+	<target host="korolev.tpprf.ru" />
+	<target host="kostroma.tpprf.ru" />
+	<target host="krasnogorsk.tpprf.ru" />
+	<target host="krasnoyarsk.tpprf.ru" />
+	<target host="kronshtadt.tpprf.ru" />
+	<target host="kuban.tpprf.ru" />
+	<target host="kurgan.tpprf.ru" />
+	<target host="kurganinsk.tpprf.ru" />
+	<target host="kursk.tpprf.ru" />
+	<target host="kushevskaya.tpprf.ru" />
+	<target host="kuzbass.tpprf.ru" />
+	<target host="lipetsk.tpprf.ru" />
+	<target host="lo.tpprf.ru" />
+	<target host="lobnya.tpprf.ru" />
+	<target host="mac.tpprf.ru" />
+	<target host="magadan.tpprf.ru" />
+	<target host="magnitogorsk.tpprf.ru" />
+	<target host="mediation.tpprf.ru" />
+	<target host="mgo.tpprf.ru" />
+	<target host="minusinsk.tpprf.ru" />
+	<target host="mkas.tpprf.ru" />
+	<target host="mordovia.tpprf.ru" />
+	<target host="moscow.tpprf.ru" />
+	<target host="mosobl.tpprf.ru" />
+	<target host="mozhaisk.tpprf.ru" />
+	<target host="mytischi.tpprf.ru" />
+	<target host="nalog.tpprf.ru" />
+	<target host="nalogforum.tpprf.ru" />
+	<target host="nf.tpprf.ru" />
+	<target host="nizhnevartovsk.tpprf.ru" />
+	<target host="nnov.tpprf.ru" />
+	<target host="novgorod.tpprf.ru" />
+	<target host="novocherkassk.tpprf.ru" />
+	<target host="novorossiysk.tpprf.ru" />
+	<target host="novosibobl.tpprf.ru" />
+	<target host="obninsk.tpprf.ru" />
+	<target host="odintsovo.tpprf.ru" />
+	<target host="omsk.tpprf.ru" />
+	<target host="orel.tpprf.ru" />
+	<target host="orenburg.tpprf.ru" />
+	<target host="pavlraion.tpprf.ru" />
+	<target host="penza.tpprf.ru" />
+	<target host="perm.tpprf.ru" />
+	<target host="podolsk.tpprf.ru" />
+	<target host="portal.tpprf.ru" />
+	<target host="predstvo.tpprf.ru" />
+	<target host="prim.tpprf.ru" />
+	<target host="pskov.tpprf.ru" />
+	<target host="pushkin.tpprf.ru" />
+	<target host="pyatigorsk.tpprf.ru" />
+	<target host="ra.tpprf.ru" />
+	<target host="rd.tpprf.ru" />
+	<target host="reutov.tpprf.ru" />
+	<target host="rostov.tpprf.ru" />
+	<target host="rsoa.tpprf.ru" />
+	<target host="rus-asean.tpprf.ru" />
+	<target host="rus-cub.tpprf.ru" />
+	<target host="rus-eg.tpprf.ru" />
+	<target host="rus-embc.tpprf.ru" />
+	<target host="rus-esp.tpprf.ru" />
+	<target host="rus-irn.tpprf.ru" />
+	<target host="rus-isr.tpprf.ru" />
+	<target host="rus-jap.tpprf.ru" />
+	<target host="rus-omn.tpprf.ru" />
+	<target host="rus-sco.tpprf.ru" />
+	<target host="rus-serb.tpprf.ru" />
+	<target host="rus-svk.tpprf.ru" />
+	<target host="ruza.tpprf.ru" />
+	<target host="ryazan.tpprf.ru" />
+	<target host="sakha.tpprf.ru" />
+	<target host="sakhalin.tpprf.ru" />
+	<target host="samara.tpprf.ru" />
+	<target host="saratov.tpprf.ru" />
+	<target host="serpukhov.tpprf.ru" />
+	<target host="sevastopol.tpprf.ru" />
+	<target host="severskaya.tpprf.ru" />
+	<target host="shakhty.tpprf.ru" />
+	<target host="shchyolkovo.tpprf.ru" />
+	<target host="slavyansk.tpprf.ru" />
+	<target host="smb-strategy.tpprf.ru" />
+	<target host="sochi.tpprf.ru" />
+	<target host="soln.tpprf.ru" />
+	<target host="spb.tpprf.ru" />
+	<target host="sport.tpprf.ru" />
+	<target host="srvporta.tpprf.ru" />
+	<target host="starooskol.tpprf.ru" />
+	<target host="stavropol.tpprf.ru" />
+	<target host="surgut.tpprf.ru" />
+	<target host="taganrog.tpprf.ru" />
+	<target host="tambov.tpprf.ru" />
+	<target host="tatarstan.tpprf.ru" />
+	<target host="temryuk.tpprf.ru" />
+	<target host="tertpp.tpprf.ru" />
+	<target host="tikhoretsk.tpprf.ru" />
+	<target host="timashyovsk.tpprf.ru" />
+	<target host="tlt.tpprf.ru" />
+	<target host="tomsk.tpprf.ru" />
+	<target host="ts.tpprf.ru" />
+	<target host="tuapse.tpprf.ru" />
+	<target host="tula.tpprf.ru" />
+	<target host="turkey.tpprf.ru" />
+	<target host="tuva.tpprf.ru" />
+	<target host="tver.tpprf.ru" />
+	<target host="tyumen.tpprf.ru" />
+	<target host="udmurtia.tpprf.ru" />
+	<target host="ufa.tpprf.ru" />
+	<target host="uk.tpprf.ru" />
+	<target host="ulyanovsk.tpprf.ru" />
+	<target host="ural.tpprf.ru" />
+	<target host="uslugi.tpprf.ru" />
+	<target host="verification.tpprf.ru" />
+	<target host="vladimir.tpprf.ru" />
+	<target host="volgograd.tpprf.ru" />
+	<target host="vologda.tpprf.ru" />
+	<target host="vomo.tpprf.ru" />
+	<target host="voronezh.tpprf.ru" />
+	<target host="voskresensk.tpprf.ru" />
+	<target host="vs.tpprf.ru" />
+	<target host="vyselki.tpprf.ru" />
+	<target host="yaroslavl.tpprf.ru" />
+	<target host="yegoryevsk.tpprf.ru" />
+	<target host="yeisk.tpprf.ru" />
+	<target host="ynao.tpprf.ru" />
+	<target host="zakam.tpprf.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/tpucdn.com.xml b/src/chrome/content/rules/tpucdn.com.xml
new file mode 100644
index 000000000000..c52ff84f0a9c
--- /dev/null
+++ b/src/chrome/content/rules/tpucdn.com.xml
@@ -0,0 +1,17 @@
+<!--
+	For other TechPowerUp coverage, see Techpowerup.com.xml.
+
+-->
+<ruleset name="TPU CDN.com">
+
+	<target host="tpucdn.com" />
+	<target host="www.tpucdn.com" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/tqn.com.xml b/src/chrome/content/rules/tqn.com.xml
new file mode 100644
index 000000000000..bd2aba408d4c
--- /dev/null
+++ b/src/chrome/content/rules/tqn.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="tqn.com">
+
+	<target host="0.tqn.com" />
+	<target host="fthmb.tqn.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/traceroute-online.com.xml b/src/chrome/content/rules/traceroute-online.com.xml
new file mode 100644
index 000000000000..eab56b2a6ebd
--- /dev/null
+++ b/src/chrome/content/rules/traceroute-online.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="traceroute-online.com">
+	<target host="traceroute-online.com" />
+	<target host="www.traceroute-online.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/tradeadexchange.com.xml b/src/chrome/content/rules/tradeadexchange.com.xml
new file mode 100644
index 000000000000..7ccc0057bd39
--- /dev/null
+++ b/src/chrome/content/rules/tradeadexchange.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="tradeadexchange.com">
+
+	<target host="tradeadexchange.com" />
+	<target host="www.tradeadexchange.com" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/trafficjunky.com.xml b/src/chrome/content/rules/trafficjunky.com.xml
new file mode 100644
index 000000000000..95490b0a4ef7
--- /dev/null
+++ b/src/chrome/content/rules/trafficjunky.com.xml
@@ -0,0 +1,62 @@
+<!--
+	Other TrafficJunky rulesets:
+
+		- TrafficJunky.xml
+
+
+	Nonfunctional hosts in *trafficjunky.com:
+
+		- blog ʳ
+
+	ʳ Refused
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- trafficjunky.com
+		- www.trafficjunky.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="TrafficJunky.com (partial)">
+
+	<target host="trafficjunky.com" />
+	<target host="static.trafficjunky.com" />
+	<target host="www.trafficjunky.com" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://(?:www\.)?trafficjunky\.com/(?:$|about-us$|mobile$|privacy-policy$|publishers$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://(?:www\.)?trafficjunky\.com/(?!/*(?:member/forgotpassword|signin|signup)(?:$|\?))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.trafficjunky.com/about-us" />
+			<test url="http://www.trafficjunky.com/about-us/newsletter" />
+			<test url="http://www.trafficjunky.com/advertisers" />
+			<test url="http://www.trafficjunky.com/mobile" />
+			<test url="http://www.trafficjunky.com/privacy-policy" />
+			<test url="http://www.trafficjunky.com/publishers" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.trafficjunky.com/signin" />
+			<test url="http://www.trafficjunky.com/member/forgotpassword" />
+			<test url="http://www.trafficjunky.com/signup" />
+
+		<test url="http://static.trafficjunky.com/mp3/bundles/manwinadsbase/images/TJ/front/body_bg.png?v=3" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?trafficjunky\.com$" name="^(?:PHPSESSID|RNLBSERVERID)$" /-->
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/trafficrouter.io.xml b/src/chrome/content/rules/trafficrouter.io.xml
new file mode 100644
index 000000000000..a97392ed5b0f
--- /dev/null
+++ b/src/chrome/content/rules/trafficrouter.io.xml
@@ -0,0 +1,24 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- go.trafficrouter.io
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="trafficrouter.io">
+
+	<target host="go.trafficrouter.io" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^go\.trafficrouter\.io$" name="^epersist$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/trafficstars.com.xml b/src/chrome/content/rules/trafficstars.com.xml
new file mode 100644
index 000000000000..f123604f1f30
--- /dev/null
+++ b/src/chrome/content/rules/trafficstars.com.xml
@@ -0,0 +1,30 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- trafficstars.com
+		- admin.trafficstars.com
+		- www.trafficstars.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="TrafficStars.com">
+
+	<target host="trafficstars.com" />
+	<target host="admin.trafficstars.com" />
+	<target host="cdn.trafficstars.com" />
+	<target host="rotator.trafficstars.com" />
+	<target host="www.trafficstars.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--ssecurecookie host="^(?:admin\.|www\.)?trafficstars\.com$" name="^(?:csrftoken|sessionid)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/traidnt.net.xml b/src/chrome/content/rules/traidnt.net.xml
new file mode 100644
index 000000000000..192a25425d44
--- /dev/null
+++ b/src/chrome/content/rules/traidnt.net.xml
@@ -0,0 +1,15 @@
+<ruleset name="traidnt.net">
+	<target host="traidnt.net" />
+	<target host="www.traidnt.net" />
+	<target host="ads.traidnt.net" />
+	<target host="dir.traidnt.net" />
+	<target host="news.traidnt.net" />
+	<target host="privacy.traidnt.net" />
+	<target host="tw.traidnt.net" />
+	<target host="up.traidnt.net" />
+	<target host="upload.traidnt.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/trainingjournal.com.xml b/src/chrome/content/rules/trainingjournal.com.xml
new file mode 100644
index 000000000000..a65d1139bc2b
--- /dev/null
+++ b/src/chrome/content/rules/trainingjournal.com.xml
@@ -0,0 +1,14 @@
+<ruleset name="Training Journal.com">
+
+	<target host="trainingjournal.com" />
+	<target host="www.trainingjournal.com" />
+
+
+	<securecookie host="^\." name="^_ga" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/trakt.xml b/src/chrome/content/rules/trakt.xml
new file mode 100644
index 000000000000..91db587e0cdb
--- /dev/null
+++ b/src/chrome/content/rules/trakt.xml
@@ -0,0 +1,31 @@
+<!--
+	Mixed content on secure:
+
+		- Images, from:
+
+			- i0.wp.com (from Gravatar)
+
+-->
+<ruleset name="trakt">
+
+	<target host="trakt.tv" />
+	<target host="www.trakt.tv" />
+	<target host="support.trakt.tv" />
+
+	<!-- For securecookie rule below (host used for movie etc. images) -->
+	<target host="*.trakt.us" />
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.trakt\.(tv|us)$" name="^__cfduid$" /-->
+	<!--securecookie host="^\.?support\.trakt\.tv$" name="^_session_id$" /-->
+	<!--securecookie host="^(www\.)?trakt\.tv$" name="^(_traktsession|AWSELB|trakt_username|remember_user_token)$" /-->
+
+	<securecookie host="^(\.|www\.)?trakt\.tv$" name=".+" />
+	<securecookie host="^\.?support\.trakt\.tv$" name=".+" />
+	<securecookie host="^\.trakt\.us$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/trancebase.fm.xml b/src/chrome/content/rules/trancebase.fm.xml
new file mode 100644
index 000000000000..afd346681784
--- /dev/null
+++ b/src/chrome/content/rules/trancebase.fm.xml
@@ -0,0 +1,14 @@
+<!--
+	Invalid certificate:
+		listen.trancebase.fm
+
+-->
+<ruleset name="TranceBase.FM">
+
+	<target host="trancebase.fm" />
+	<target host="www.trancebase.fm" />
+	<target host="admin.trancebase.fm" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/trane.com.xml b/src/chrome/content/rules/trane.com.xml
new file mode 100644
index 000000000000..641d681a22a8
--- /dev/null
+++ b/src/chrome/content/rules/trane.com.xml
@@ -0,0 +1,21 @@
+<!--
+	Mixed content:
+
+		- css on netdna.bootstrapcdn.com ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="Trane.com">
+
+	<target host="trane.com" />
+	<target host="www.trane.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/transfer.sh.xml b/src/chrome/content/rules/transfer.sh.xml
new file mode 100644
index 000000000000..f498f66dec2c
--- /dev/null
+++ b/src/chrome/content/rules/transfer.sh.xml
@@ -0,0 +1,11 @@
+<!--
+	Wildcard DNS and cert.
+-->
+<ruleset name="transfer.sh" >
+	<target host="transfer.sh" />
+	<target host="www.transfer.sh" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/transfermarkt.de.xml b/src/chrome/content/rules/transfermarkt.de.xml
new file mode 100644
index 000000000000..b2c8d5257d91
--- /dev/null
+++ b/src/chrome/content/rules/transfermarkt.de.xml
@@ -0,0 +1,19 @@
+<!--
+		Wildcard DNS:
+		*.transfermarkt.de
+
+		404:
+			transfermarkt.de
+-->
+<ruleset name="Transfermarkt.de">
+
+	<target host="transfermarkt.de" />
+	<target host="www.transfermarkt.de" />
+
+	<rule from="^http://transfermarkt\.de/"
+			to="https://www.transfermarkt.de/" />
+
+	<rule from="^http:"
+			to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/transip.de.xml b/src/chrome/content/rules/transip.de.xml
new file mode 100644
index 000000000000..0a6263db1433
--- /dev/null
+++ b/src/chrome/content/rules/transip.de.xml
@@ -0,0 +1,9 @@
+<ruleset name="Transip">
+    <target host="transip.de" />
+    <target host="www.transip.de" />
+
+    <securecookie host="^(www\.)?transip\.de$" name=".+" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/translations.com.xml b/src/chrome/content/rules/translations.com.xml
new file mode 100644
index 000000000000..a6f3f5dcef01
--- /dev/null
+++ b/src/chrome/content/rules/translations.com.xml
@@ -0,0 +1,47 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.translations.com/ => https://www.translations.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://translations.com/ => https://www.translations.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	Nonfunctional hosts in *translations.com:
+
+		- rips ᵈ
+
+	ᵈ Dropped
+
+
+	^translations.com: server sends no certificate chain, see https://whatsmychaincert.com
+
+
+	Mixed content:
+
+		- Images on www from cdn.transperfect.com ˡ
+		- Bug on www from a.analytics.yahoo.com *
+
+	ˡ Unsecurable <= redirect loop
+	* See https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Translations.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="secureportal.translations.com" />
+	<target host="www.translations.com" />
+
+	<!--	Complications:
+				-->
+	<target host="translations.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://translations\.com/"
+		to="https://www.translations.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/transparency.hu.xml b/src/chrome/content/rules/transparency.hu.xml
new file mode 100644
index 000000000000..649cc5ad0cf8
--- /dev/null
+++ b/src/chrome/content/rules/transparency.hu.xml
@@ -0,0 +1,29 @@
+<!--
+	For other Transparency International coverage, see Transparency.org.xml.
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- transparency.hu
+		- www.transparency.hu
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Transparency.hu">
+
+	<target host="transparency.hu" />
+	<target host="www.transparency.hu" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?transparency\.hu$" name="^(?:_icl_current_language|wpml_referer_url)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/transparency.org.ru.xml b/src/chrome/content/rules/transparency.org.ru.xml
new file mode 100644
index 000000000000..f9841e7f5f35
--- /dev/null
+++ b/src/chrome/content/rules/transparency.org.ru.xml
@@ -0,0 +1,15 @@
+<!--
+azbuka.transparency.org.ru ¹
+redrabbit.transparency.org.ru ¹
+new.transparency.org.ru ¹
+old.transparency.org.ru ¹
+
+
+¹ mismatch
+-->
+<ruleset name="transparency.org.ru">
+	<target host="transparency.org.ru" />
+	<target host="www.transparency.org.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/transperfect.com-problematic.xml b/src/chrome/content/rules/transperfect.com-problematic.xml
new file mode 100644
index 000000000000..6cb7011b3ef1
--- /dev/null
+++ b/src/chrome/content/rules/transperfect.com-problematic.xml
@@ -0,0 +1,20 @@
+<!--
+	For rules that are on by default, see transperfect.com.xml.
+
+
+	NB: see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="TransPerfect.com (missing certificate chain)" default_off="cert-chain">
+
+	<target host="transperfect.com" />
+	<target host="www.transperfect.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/transperfect.com.xml b/src/chrome/content/rules/transperfect.com.xml
new file mode 100644
index 000000000000..f98657af81d1
--- /dev/null
+++ b/src/chrome/content/rules/transperfect.com.xml
@@ -0,0 +1,58 @@
+<!--
+	For problematic rules, see transperfect.com-problematic.xml.
+
+	Other TransPerfect rulesets:
+
+		- trialinteractive.com.xml
+
+
+	Nonfunctional hosts in *transperfect.com:
+
+		- cdn ˡ
+		- legal ˡ
+		- www.legal ³
+		- lifesciences ʳ
+		- tri ʳ
+
+	³ 403
+	ˡ Loops
+	ʳ Refused
+
+
+	Problematic hosts in *transperfect.com:
+
+		- (www.)? ᶜ
+		- es ᵉ ᵐ
+		- pharma ᶜ ᵐ
+		- web ᶜ
+
+	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
+	ᵉ Expired
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- securetls.transperfect.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="TransPerfect.com (partial)">
+
+	<!--target host="transperfect.com" /-->
+	<target host="securetls.transperfect.com" />
+	<!--target host="www.transperfect.com" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^securetls\.transperfect\.com$" name="^(?:CSRFHolder|RelativityId)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/trashbox.ru.xml b/src/chrome/content/rules/trashbox.ru.xml
new file mode 100644
index 000000000000..658ccb1898a4
--- /dev/null
+++ b/src/chrome/content/rules/trashbox.ru.xml
@@ -0,0 +1,6 @@
+<ruleset name="trashbox.ru">
+	<target host="trashbox.ru" />
+	<target host="www.trashbox.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/trashy.com.xml b/src/chrome/content/rules/trashy.com.xml
new file mode 100644
index 000000000000..601fd7b15b7d
--- /dev/null
+++ b/src/chrome/content/rules/trashy.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- trashy.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Trashy.com">
+
+	<target host="trashy.com" />
+	<target host="www.trashy.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^trashy\.com$" name="^(?:_landing_page|_orig_referrer|cart_sig)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/travel-assets.com.xml b/src/chrome/content/rules/travel-assets.com.xml
new file mode 100644
index 000000000000..25927f21aa5d
--- /dev/null
+++ b/src/chrome/content/rules/travel-assets.com.xml
@@ -0,0 +1,18 @@
+<!--
+	For other Expedia coverage, see Expedia.com.xml
+
+-->
+<ruleset name="travel-assets.com">
+
+	<target host="a.travel-assets.com" />
+	<target host="b.travel-assets.com" />
+	<target host="c.travel-assets.com" />
+	<target host="d.travel-assets.com" />
+	<target host="e.travel-assets.com" />
+	<target host="f.travel-assets.com" />
+	<target host="forever.travel-assets.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/trbo.com.xml b/src/chrome/content/rules/trbo.com.xml
new file mode 100644
index 000000000000..b7a998db644b
--- /dev/null
+++ b/src/chrome/content/rules/trbo.com.xml
@@ -0,0 +1,38 @@
+<!--
+	This domain contains a wildcard DNS record.
+
+	Invalid certificate:
+		charger
+		checkip.dyndns.orgtrack2
+
+	Non-2xx HTTP code:
+		uk
+-->
+<ruleset name="trbo.com">
+
+	<target host="trbo.com" />
+	<target host="www.trbo.com" />
+	<target host="api.trbo.com" />
+	<target host="api-v2.trbo.com" />
+	<target host="api-v3.trbo.com" />
+	<target host="api-v4.trbo.com" />
+	<target host="beta.trbo.com" />
+	<target host="charger-v2.trbo.com" />
+	<target host="collect.trbo.com" />
+	<target host="data.trbo.com" />
+	<target host="data-v2.trbo.com" />
+	<target host="newsletter-api.trbo.com" />
+	<target host="static.trbo.com" />
+	<target host="static-v2.trbo.com" />
+		<test url="http://static-v2.trbo.com/plugin/trbo_12950_e3e6429cafe91e81a7fbb224b1bacf9c.js" />
+	<target host="track.trbo.com" />
+	<target host="track2.trbo.com" />
+	<target host="v2.trbo.com" />
+	<target host="v4.trbo.com" />
+	<target host="xng.trbo.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/trend.az.xml b/src/chrome/content/rules/trend.az.xml
new file mode 100644
index 000000000000..ab1339b4520a
--- /dev/null
+++ b/src/chrome/content/rules/trend.az.xml
@@ -0,0 +1,12 @@
+<ruleset name="trend.az">
+	<target host="trend.az" />
+	<target host="www.trend.az" />
+	<target host="az.trend.az" />
+	<target host="en.trend.az" />
+	<target host="tr.trend.az" />
+	<target host="ar.trend.az" />
+	<target host="fa.trend.az" />
+	<target host="photo.trend.az" />
+	<target host="cdn.trend.az" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/trialinteractive.com.xml b/src/chrome/content/rules/trialinteractive.com.xml
new file mode 100644
index 000000000000..d2715710068e
--- /dev/null
+++ b/src/chrome/content/rules/trialinteractive.com.xml
@@ -0,0 +1,31 @@
+<!--
+	For other TransPerfect coverage, see transperfect.com.xml.
+
+
+	(www.)?trialinteractive.com: Refused
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- login.trialinteractive.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Trial Interactive.com (partial)">
+
+	<target host="login.trialinteractive.com" />
+	<target host="secure.trialinteractive.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^login\.trialinteractive\.com$" name="^org\.springframework\.web\.servlet\.i18n\.CookieLocaleResolver\.LOCALE$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/tribepad.com-falsemixed.xml b/src/chrome/content/rules/tribepad.com-falsemixed.xml
new file mode 100644
index 000000000000..af668bca6cda
--- /dev/null
+++ b/src/chrome/content/rules/tribepad.com-falsemixed.xml
@@ -0,0 +1,25 @@
+<!--
+	For rules not causing false/broken MCB, see tribepad.com.xml.
+
+-->
+<ruleset name="TribePad.com (false MCB)" platform="mixedcontent">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.tribepad.com" />
+
+	<!--	Complications:
+				-->
+	<target host="tribepad.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://tribepad\.com/"
+		to="https://www.tribepad.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/tribepad.com.xml b/src/chrome/content/rules/tribepad.com.xml
new file mode 100644
index 000000000000..78d817f57905
--- /dev/null
+++ b/src/chrome/content/rules/tribepad.com.xml
@@ -0,0 +1,74 @@
+<!--
+	For rules causing false/broken MCB, see tribepad.com-falsemixed.xml.
+
+
+	CDN buckets:
+
+		- tribepad-manual.s3.amazonaws.com
+
+
+	^tribepad.com: Mismatched
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- support.tribepad.com
+		- tracking.tribepad.com
+		- www.tribepad.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css, on:
+
+			- support, www from fonts.googleapis.com ˢ
+			- support from tribepad-manual.s3.amazonaws.com ˢ
+			- www from $self ˢ
+
+		- Images on support, www from www.tribepad.com ˢ
+		- Bug on www from www.lead-analytics-1000.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="TribePad.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="cdn-1.tribepad.com" />
+	<target host="cdn-2.tribepad.com" />
+	<target host="cdn-3.tribepad.com" />
+	<target host="support.tribepad.com" />
+	<target host="tracking.tribepad.com" />
+	<!--target host="www.tribepad.com" /-->
+
+		<test url="http://cdn-1.tribepad.com/g4s/images/IndImgGal.png" />
+		<test url="http://cdn-2.tribepad.com/g4s/images/bg_top_menu_li-1.png" />
+		<test url="http://cdn-3.tribepad.com/g4s/images/bg_bottom.jpg" />
+
+		<!--	Mixed content:
+					-->
+		<!--test url="http://support.tribepad.com/manual/" /-->
+
+	<!--	Complications:
+				-->
+	<!--target host="tribepad.com" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:support|www)\.tribepad\.com$" name="^(?:PHPSESSID$|X-Mapping-)" /-->
+	<!--securecookie host="^tracking\.tribepad\.com$" name="^X-Mapping-" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<!--rule from="^http://tribepad\.com/"
+		to="https://www.tribepad.com/" /-->
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/tribuna.pl.ua.xml b/src/chrome/content/rules/tribuna.pl.ua.xml
new file mode 100644
index 000000000000..6168754659bd
--- /dev/null
+++ b/src/chrome/content/rules/tribuna.pl.ua.xml
@@ -0,0 +1,5 @@
+<ruleset name="tribuna.pl.ua">
+	<target host="tribuna.pl.ua" />
+	<target host="www.tribuna.pl.ua" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/trick-or-trade.com.xml b/src/chrome/content/rules/trick-or-trade.com.xml
new file mode 100644
index 000000000000..8f594b901c68
--- /dev/null
+++ b/src/chrome/content/rules/trick-or-trade.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="trick-or-trade.com">
+	<target host="trick-or-trade.com" />
+	<target host="www.trick-or-trade.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/tricolor.tv.xml b/src/chrome/content/rules/tricolor.tv.xml
new file mode 100644
index 000000000000..b5cbef5040ea
--- /dev/null
+++ b/src/chrome/content/rules/tricolor.tv.xml
@@ -0,0 +1,92 @@
+<!--
+www.beta.tricolor.tv ¹
+blog.tricolor.tv ¹
+emc.cc.tricolor.tv ³
+dealers.tricolor.tv ¹
+k.dev.tricolor.tv ²
+dron.tricolor.tv ²
+www.dron.tricolor.tv ²
+www.dw.tricolor.tv ²
+ekat.tricolor.tv ¹
+football.tricolor.tv ²
+www.football.tricolor.tv ²
+forum.tricolor.tv ¹
+goldcard.tricolor.tv ²
+www.goldcard.tricolor.tv ²
+golos.tricolor.tv ²
+help.tricolor.tv ¹
+www.help.tricolor.tv ²
+jira.tricolor.tv ²
+kaluga.tricolor.tv ¹
+kazan.tricolor.tv ¹
+kino.tricolor.tv ²
+www.kino.tricolor.tv ²
+krasnodar.tricolor.tv ¹
+lyncmeet.tricolor.tv ⁴
+magazine.tricolor.tv ²
+mail.tricolor.tv ¹
+money.tricolor.tv ²
+www.money.tricolor.tv ²
+msk.tricolor.tv ¹
+mx.tricolor.tv ²
+new.tricolor.tv ¹
+m.new.tricolor.tv ¹
+nnov.tricolor.tv ¹
+nochnoy.tricolor.tv ²
+www.nochnoy.tricolor.tv ²
+novosib.tricolor.tv ¹
+ns.tricolor.tv ³
+old.tricolor.tv ²
+omap.tricolor.tv ²
+organizations.tricolor.tv ¹
+perm.tricolor.tv ¹
+radio.tricolor.tv ²
+raskraska.tricolor.tv ²
+rostov.tricolor.tv ¹
+ryazan.tricolor.tv ¹
+sales.tricolor.tv ³
+samara.tricolor.tv ¹
+scad.tricolor.tv ²
+shop.tricolor.tv ³
+sip.tricolor.tv ³
+site.tricolor.tv ²
+smolensk.tricolor.tv ¹
+smotri.tricolor.tv ¹
+sozdaytv.tricolor.tv ³
+spb.tricolor.tv ¹
+stavropol.tricolor.tv ¹
+svoi.tricolor.tv ²
+telecompas.tricolor.tv ²
+trolls.tricolor.tv ²
+www.trolls.tricolor.tv ²
+tula.tricolor.tv ¹
+tver.tricolor.tv ¹
+ufa.tricolor.tv ¹
+ultrahd.tricolor.tv ²
+volgograd.tricolor.tv ¹
+voronezh.tricolor.tv ¹
+www1.tricolor.tv ¹
+www2.tricolor.tv ¹
+year.tricolor.tv ²
+www.year.tricolor.tv ²
+
+
+¹ mismatch
+² refused
+³ timed out
+⁴ self signed
+-->
+<ruleset name="tricolor.tv">
+	<target host="tricolor.tv" />
+	<target host="www.tricolor.tv" />
+	<target host="lk.tricolor.tv" />
+	<target host="lk-dealer.tricolor.tv" />
+	<target host="lk-legal.tricolor.tv" />
+	<target host="lk-subscr.tricolor.tv" />
+	<target host="m.tricolor.tv" />
+	<target host="pay.tricolor.tv" />
+	<target host="public.tricolor.tv" />
+	<target host="registration.tricolor.tv" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/trilightzone.org.xml b/src/chrome/content/rules/trilightzone.org.xml
new file mode 100644
index 000000000000..28e484c200d3
--- /dev/null
+++ b/src/chrome/content/rules/trilightzone.org.xml
@@ -0,0 +1,28 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- trilightzone.org
+		- www.trilightzone.org
+
+-->
+<ruleset name="Trilight Zone.org">
+
+	<target host="trilightzone.org" />
+	<target host="www.trilightzone.org" />
+
+		<!--	Sets cookies without Secure:
+							-->
+		<!--test url="http://trilightzone.org/board/index.php" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?trilightzone\.org$" name="^phpbb2mysql_(?:data|sid)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/trimble.com.xml b/src/chrome/content/rules/trimble.com.xml
new file mode 100644
index 000000000000..95d6428a94b5
--- /dev/null
+++ b/src/chrome/content/rules/trimble.com.xml
@@ -0,0 +1,16 @@
+<ruleset name="trimble.com">
+
+  <target host="trimble.com" />
+  <target host="www.trimble.com" />
+  <target host="agriculture.trimble.com" />
+  <target host="construction.trimble.com" />
+  <target host="foundation.trimble.com" />
+  <target host="gc.trimble.com" />
+  <target host="geospatial.trimble.com" />
+  <target host="mep.trimble.com" />
+  <target host="positioningservices.trimble.com" />
+  
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/tripadvisor.ca.xml b/src/chrome/content/rules/tripadvisor.ca.xml
new file mode 100644
index 000000000000..2040995a7d13
--- /dev/null
+++ b/src/chrome/content/rules/tripadvisor.ca.xml
@@ -0,0 +1,29 @@
+<!--
+	For other TripAdvisor coverage, see TripAdvisor.xml.
+
+
+	Insecure cookies are set for these domains:
+
+		- .tripadvisor.ca
+		- .www.tripadvisor.ca
+
+-->
+<ruleset name="TripAdvisor.ca">
+
+	<target host="tripadvisor.ca" />
+	<target host="www.tripadvisor.ca" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.tripadvisor\.ca$" name="^(?:CM|ServerPool|TAReturnTo|TASession|TATravelInfo|TAUD|TAUnique)$" /-->
+	<!--securecookie host="^\.www\.tripadvisor\.ca$" name="^TASSK$" /-->
+
+	<securecookie host="^\." name="^(?:ServerPool|TAUnique)$" />
+	<securecookie host="^\.www\." name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/tripadvisor.co.nz.xml b/src/chrome/content/rules/tripadvisor.co.nz.xml
new file mode 100644
index 000000000000..e1c3b577011d
--- /dev/null
+++ b/src/chrome/content/rules/tripadvisor.co.nz.xml
@@ -0,0 +1,29 @@
+<!--
+	For other TripAdvisor coverage, see TripAdvisor.xml.
+
+
+	Insecure cookies are set for these domains:
+
+		- .tripadvisor.co.nz
+		- .www.tripadvisor.co.nz
+
+-->
+<ruleset name="TripAdvisor.co.nz">
+
+	<target host="tripadvisor.co.nz" />
+	<target host="www.tripadvisor.co.nz" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.tripadvisor\.co\.nz$" name="^(?:CM|ServerPool|TAReturnTo|TASession|TATravelInfo|TAUD|TAUnique)$" /-->
+	<!--securecookie host="^\.www\.tripadvisor\.co\.nz$" name="^TASSK$" /-->
+
+	<securecookie host="^\." name="^(?:ServerPool|TAUnique)$" />
+	<securecookie host="^\.www\." name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/tripadvisor.co.uk.xml b/src/chrome/content/rules/tripadvisor.co.uk.xml
new file mode 100644
index 000000000000..975b0d05495a
--- /dev/null
+++ b/src/chrome/content/rules/tripadvisor.co.uk.xml
@@ -0,0 +1,51 @@
+<!--
+	For other TripAdvisor coverage, see TripAdvisor.xml.
+
+
+	Problematic hosts in *tripadvisor.co.uk:
+
+		- help ᵐ
+
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these domains: ᶜ
+
+		- .tripadvisor.co.uk
+		- .www.tripadvisor.co.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="TripAdvisor.co.uk">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="tripadvisor.co.uk" />
+	<target host="www.tripadvisor.co.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="help.tripadvisor.co.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.tripadvisor\.co\.uk$" name="^(?:CM|ServerPool|TAReturnTo|TASession|TATravelInfo|TAUD|TAUnique)$" /-->
+	<!--securecookie host="^\.www\.tripadvisor\.co\.uk$" name="^TASSK$" /-->
+
+	<securecookie host="^\." name="^(?:ServerPool|TAUnique)$" />
+	<securecookie host="^\.www\." name=".+" />
+
+
+	<!--	Redirect keeps path and args, but not forward slash:
+									-->
+	<rule from="^http://help\.tripadvisor\.co\.uk/+"
+		to="https://www.tripadvisorsupport.com/hc/en-gb/" />
+
+		<test url="http://help.tripadvisor.co.uk/categories/200056887-Guidelines" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/tripadvisorsupport.com.xml b/src/chrome/content/rules/tripadvisorsupport.com.xml
new file mode 100644
index 000000000000..702448181a9f
--- /dev/null
+++ b/src/chrome/content/rules/tripadvisorsupport.com.xml
@@ -0,0 +1,21 @@
+<!--
+	For other TripAdvisor coverage, see TripAdvisor.xml.
+
+
+	These altnames do not exist:
+
+		- tripadvisorsupport.com
+
+-->
+<ruleset name="TripAdvisor Support.com">
+
+	<target host="www.tripadvisorsupport.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/tripletex.no.xml b/src/chrome/content/rules/tripletex.no.xml
new file mode 100644
index 000000000000..7f60a14381bc
--- /dev/null
+++ b/src/chrome/content/rules/tripletex.no.xml
@@ -0,0 +1,21 @@
+<!--
+	Nonfunctional hosts in *tripletex.no:
+
+		- blogg ʳ
+
+	ʳ Refused
+
+-->
+<ruleset name="Tripletex.no (partial)">
+
+	<target host="tripletex.no" />
+	<target host="www.tripletex.no" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/truecommerce.com.xml b/src/chrome/content/rules/truecommerce.com.xml
new file mode 100644
index 000000000000..e1453150db78
--- /dev/null
+++ b/src/chrome/content/rules/truecommerce.com.xml
@@ -0,0 +1,29 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- customercenter.truecommerce.com
+		- www.truecommerce.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="TrueCommerce.com">
+
+	<target host="truecommerce.com" />
+	<target host="customercenter.truecommerce.com" />
+	<target host="www.truecommerce.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^customercenter\.truecommerce\.com$" name="^BIGipServer" /-->
+	<!--securecookie host="^www\.truecommerce\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\." name="^_ga" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/truecorp.xml b/src/chrome/content/rules/truecorp.xml
index b1ab68a6f0ca..891ff4d90e4f 100644
--- a/src/chrome/content/rules/truecorp.xml
+++ b/src/chrome/content/rules/truecorp.xml
@@ -1,9 +1,11 @@
+<!--
+	TrueLife Plus Co.,Ltd.
+
+-->
 <ruleset name="True Corporation">
 
 	<target host="www3.truecorp.co.th"/>
-	<target host="login.truelife.com"/>
 
-	<rule from="^http://www3\.truecorp\.co\.th/" to="https://www3.truecorp.co.th/"/>
-	<rule from="^http://login\.truelife\.com/" to="https://login.truelife.com/"/>
+	<rule from="^http:" to="https:"/>
 
 </ruleset>
diff --git a/src/chrome/content/rules/trust.org.xml b/src/chrome/content/rules/trust.org.xml
new file mode 100644
index 000000000000..a6be33384f02
--- /dev/null
+++ b/src/chrome/content/rules/trust.org.xml
@@ -0,0 +1,17 @@
+<ruleset name="trust.org">
+	<target host="trust.org" />
+	<target host="news.trust.org" />
+	<target host="survey.trust.org" />
+	<target host="surveys.trust.org" />
+	<target host="www.trust.org" />
+	
+	<!--	Redirect keeps path and args:
+						-->
+	<rule from="^http://surveys\.trust\.org/s3/+"
+		to="https://surveys.trust.org/s3/" />
+	
+		<test url="http://surveys.trust.org/s3/Newsletter-Subscription" />
+		<test url="http://surveys.trust.org/s3/covid19-biggerpicture-submission" />
+	
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/trv-science.ru.xml b/src/chrome/content/rules/trv-science.ru.xml
new file mode 100644
index 000000000000..f1079e954a7f
--- /dev/null
+++ b/src/chrome/content/rules/trv-science.ru.xml
@@ -0,0 +1,5 @@
+<ruleset name="trv-science.ru">
+	<target host="trv-science.ru" />
+	<target host="www.trv-science.ru" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/trvl-media.com.xml b/src/chrome/content/rules/trvl-media.com.xml
new file mode 100644
index 000000000000..becb31c82828
--- /dev/null
+++ b/src/chrome/content/rules/trvl-media.com.xml
@@ -0,0 +1,14 @@
+<!--
+	For other Expedia coverage, see Expedia.com.xml
+
+-->
+<ruleset name="trvl-media.com">
+
+	<target host="forever.trvl-media.com" />
+	<target host="images.trvl-media.com" />
+	<target host="thumbnails.int.trvl-media.com" />
+	<target host="thumbnails.trvl-media.com" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/trvl-px.com.xml b/src/chrome/content/rules/trvl-px.com.xml
new file mode 100644
index 000000000000..bee9a6e42da7
--- /dev/null
+++ b/src/chrome/content/rules/trvl-px.com.xml
@@ -0,0 +1,26 @@
+<!--
+	For other Expedia coverage, see Expedia.com.xml
+
+
+	Non-functional subdomains:
+		- travel-pixel-web.ap-southeast-1	(m)
+		- travel-pixel-web.eu-west-1	(m)
+		- travel-pixel-web.us-west-1	(m)
+
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="trvl-px.com">
+
+	<target host="www.trvl-px.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/trybooth.com.xml b/src/chrome/content/rules/trybooth.com.xml
new file mode 100644
index 000000000000..bd3c3b23bf14
--- /dev/null
+++ b/src/chrome/content/rules/trybooth.com.xml
@@ -0,0 +1,17 @@
+<!--
+	Non-functional subdomain:
+		- www	(timeout)
+-->
+<ruleset name="trybooth.com">
+	<target host=    "trybooth.com" />
+	<target host="www.trybooth.com" />
+
+  	<securecookie host="^trybooth\.com$" name=".+" />
+
+	<!-- timeout -->
+	<rule from="^http://www\.trybooth\.com/"
+		to="https://trybooth.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/tsbohemia.cz.xml b/src/chrome/content/rules/tsbohemia.cz.xml
new file mode 100644
index 000000000000..f51b458109d3
--- /dev/null
+++ b/src/chrome/content/rules/tsbohemia.cz.xml
@@ -0,0 +1,14 @@
+<!--
+    Other T.S.BOHEMIA a.s. rulesets:
+        - Alfa.cz.xml
+-->
+<ruleset name="T.S.BOHEMIA a.s.">
+    <target host="tsbohemia.cz" />
+    <target host="www.tsbohemia.cz" />
+
+    <securecookie host="^tsbohemia\.cz$" name=".+" />
+    <securecookie host="^\.tsbohemia\.cz$" name=".+" />
+    <securecookie host="^www\.tsbohemia\.cz$" name=".+" />
+
+    <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/tset.de.xml b/src/chrome/content/rules/tset.de.xml
new file mode 100644
index 000000000000..8228128f73d6
--- /dev/null
+++ b/src/chrome/content/rules/tset.de.xml
@@ -0,0 +1,7 @@
+<ruleset name="tset.de" default_off="cert-chain">
+	<target host="tset.de" />
+	<target host="www.tset.de" />
+	<target host="hg.tset.de" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/tsn.ua.xml b/src/chrome/content/rules/tsn.ua.xml
new file mode 100644
index 000000000000..0e0e7791cef1
--- /dev/null
+++ b/src/chrome/content/rules/tsn.ua.xml
@@ -0,0 +1,12 @@
+<ruleset name="tsn.ua">
+	<target host="tsn.ua" />
+	<target host="www.tsn.ua" />
+	<target host="prosport.tsn.ua" />
+	<target host="lady.tsn.ua" />
+	<target host="auto.tsn.ua" />
+	<target host="ru.tsn.ua" />
+	<target host="old.tsn.ua" />
+	<target host="image.tsn.ua" />
+	<target host="img.tsn.ua" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/tsowell.xml b/src/chrome/content/rules/tsowell.xml
new file mode 100644
index 000000000000..e0856caa8aea
--- /dev/null
+++ b/src/chrome/content/rules/tsowell.xml
@@ -0,0 +1,6 @@
+<ruleset name="tsowell.com">
+	<target host="tsowell.com" />
+	<target host="www.tsowell.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/tsp.gov.xml b/src/chrome/content/rules/tsp.gov.xml
new file mode 100644
index 000000000000..650659b94ecc
--- /dev/null
+++ b/src/chrome/content/rules/tsp.gov.xml
@@ -0,0 +1,18 @@
+<!--
+	Federal Retirement Thrift Investment Board
+
+
+-->
+<ruleset name="TSP.gov">
+
+	<target host="tsp.gov" />
+	<target host="www.tsp.gov" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ttk-chita.ru.xml b/src/chrome/content/rules/ttk-chita.ru.xml
new file mode 100644
index 000000000000..d41ded6477ca
--- /dev/null
+++ b/src/chrome/content/rules/ttk-chita.ru.xml
@@ -0,0 +1,16 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://stat.ttk-chita.ru/ => https://stat.ttk-chita.ru/: (60, 'SSL certificate problem: certificate has expired')
+
+podpiska.ttk-chita.ru mismatch
+webcam.ttk-chita.ru timed out
+kodar.ttk-chita.ru timed out
+ttk-chita.ru different content
+www.ttk-chita.ru different content
+-->
+<ruleset name="ttk-chita.ru (partial)" default_off="failed ruleset test">
+	<target host="stat.ttk-chita.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/tuc.org.uk.xml b/src/chrome/content/rules/tuc.org.uk.xml
new file mode 100644
index 000000000000..bad3076a0201
--- /dev/null
+++ b/src/chrome/content/rules/tuc.org.uk.xml
@@ -0,0 +1,26 @@
+<!--
+	^tuc.org.uk: refused
+
+-->
+<ruleset name="TUC.org.uk">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.tuc.org.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="tuc.org.uk" />
+
+
+	<securecookie host="^\." name="^(?:__cfduid$|_ga|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://tuc\.org\.uk/"
+		to="https://www.tuc.org.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/tuceducation.org.uk.xml b/src/chrome/content/rules/tuceducation.org.uk.xml
new file mode 100644
index 000000000000..9185567b7415
--- /dev/null
+++ b/src/chrome/content/rules/tuceducation.org.uk.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.tuceducation.org.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="TUC Education.org.uk">
+
+	<target host="tuceducation.org.uk" />
+	<target host="www.tuceducation.org.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.tuceducation\.org\.uk$" name="^TotaraSession$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/tugatech.com.pt.xml b/src/chrome/content/rules/tugatech.com.pt.xml
new file mode 100644
index 000000000000..876bb439cad2
--- /dev/null
+++ b/src/chrome/content/rules/tugatech.com.pt.xml
@@ -0,0 +1,17 @@
+<ruleset name="tugatech.com.pt">
+
+	<target host="tugatech.com.pt" />
+	<target host="www.tugatech.com.pt" />
+	<target host="files.tugatech.com.pt" />
+	<target host="files1.tugatech.com.pt" />
+	<target host="files2.tugatech.com.pt" />
+	<target host="files3.tugatech.com.pt" />
+	<target host="files4.tugatech.com.pt" />
+	<target host="host.tugatech.com.pt" />
+	<target host="blog.tugatech.com.pt" />
+	<target host="magazine.tugatech.com.pt" />
+	<target host="webradio.tugatech.com.pt" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/tumba.ch.xml b/src/chrome/content/rules/tumba.ch.xml
new file mode 100644
index 000000000000..7021b2555083
--- /dev/null
+++ b/src/chrome/content/rules/tumba.ch.xml
@@ -0,0 +1,18 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://api.tumba.ch/ => https://api.tumba.ch/: (51, "SSL: no alternative certificate subject name matches target host name 'api.tumba.ch'")
+Fetch error: http://les.tumba.ch/ => https://les.tumba.ch/: (51, "SSL: no alternative certificate subject name matches target host name 'les.tumba.ch'")
+Fetch error: http://u.tumba.ch/ => https://u.tumba.ch/: (51, "SSL: no alternative certificate subject name matches target host name 'u.tumba.ch'")
+
+-->
+<ruleset name="tumba.ch" default_off="failed ruleset test">
+        <target host="tumba.ch" />
+        <target host="www.tumba.ch" />
+        <target host="api.tumba.ch" />
+        <target host="les.tumba.ch" />
+        <target host="u.tumba.ch" />
+
+        <rule from="^http:"
+                to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/tummy.com.xml b/src/chrome/content/rules/tummy.com.xml
new file mode 100644
index 000000000000..333b56a093e9
--- /dev/null
+++ b/src/chrome/content/rules/tummy.com.xml
@@ -0,0 +1,8 @@
+<!--mirrors. refused
+lists.community. self signed
+ftp. self signed-->
+<ruleset name="tummy.com">
+	<target host="tummy.com" />
+	<target host="www.tummy.com" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/tune.com.xml b/src/chrome/content/rules/tune.com.xml
new file mode 100644
index 000000000000..ae8352a2009b
--- /dev/null
+++ b/src/chrome/content/rules/tune.com.xml
@@ -0,0 +1,107 @@
+
+<!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Fetch error: http://audience.tune.com/ => https://audience.tune.com/: (6, 'Could not resolve host: audience.tune.com')
+Fetch error: http://bi.tune.com/ => https://bi.tune.com/: (6, 'Could not resolve host: bi.tune.com')
+Fetch error: http://mc.tune.com/ => https://mc.tune.com/: (6, 'Could not resolve host: mc.tune.com')
+
+	Other Tune rulesets:
+
+		- HasOffers.xml
+
+
+	Problematic hosts in *tune.com:
+
+		- academy ᵐ
+		- in ᵐ
+		- nyk ᵐ
+		- scholars ᵐ
+		- wehack ᵐ
+
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- help.tune.com
+		- mc.tune.com
+		- nyk.tune.com
+		- scholars.tune.com
+		- wehack.tune.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- www from ^tune.com ˢ
+			- www from www.hasoffers.com
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Tune.com (partial)">
+
+	<target host="tune.com" />
+	<!-- target host="audience.tune.com" /-->
+	<!-- target host="bi.tune.com" /-->
+	<target host="help.tune.com" />
+	<target host="ma.tune.com" />
+	<!-- target host="mc.tune.com" /-->
+	<target host="partners.tune.com" />
+	<target host="www.tune.com" />
+
+		<!--	Mixed images:
+					-->
+		<!--test url="http://www.tune.com/blog/" /-->
+
+	<!--	Complications:
+				-->
+	<target host="in.tune.com" />
+
+		<exclusion pattern="^http://in\.tune\.com/(?!/*(?:$|\?|[el]/))" />
+
+			<!--	See below respective rules for negative cases.
+
+				+ve:
+					-->
+			<test url="http://in.tune.com/HOmobilemarketingstatistics" />
+			<test url="http://in.tune.com/bluepodmedia" />
+			<test url="http://in.tune.com/gartnerworldwidedeviceshipments" />
+			<test url="http://in.tune.com/hostatistaappdownloads" />
+			<test url="http://in.tune.com/tmc-site-complete-guide" />
+			<test url="http://in.tune.com/wp-ads-tracking-and-privacy" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^help\.tune\.com$" name="^_icl_current_language$" /-->
+	<!--securecookie host="^ma\.tune\.com$" name="^_session_id$" /-->
+	<!--securecookie host="^mc\.tune\.com$" name="^session$" /-->
+	<!--securecookie host="^(?:nyk|scholars|wehack)\.tune\.com$" name="^(?:php-console-server|spl)$" /-->
+	<!--securecookie host="^partners\.tune\.com$" name="^sid$" /-->
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^(?!in\.)\w" name=".+" />
+
+
+	<!--	Redirect drops args and forward slash:
+							-->
+	<rule from="^http://in\.tune\.com/+(?:\?.*)?$"
+		to="https://www.tune.com/" />
+
+		<test url="http://in.tune.com/?" />
+
+	<rule from="^http://in\.tune\.com/"
+		to="https://go.pardot.com/" />
+
+		<test url="http://in.tune.com/e/23402/TuneOSS/xl81g/956851987" />
+		<test url="http://in.tune.com/l/23402/2014-08-14/4r8cw/23402/41794/HasOffers_by_Tune_Logo.jpg" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/tunnelsup.com.xml b/src/chrome/content/rules/tunnelsup.com.xml
new file mode 100644
index 000000000000..14abf77183b9
--- /dev/null
+++ b/src/chrome/content/rules/tunnelsup.com.xml
@@ -0,0 +1,23 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .tunnelsup.com
+
+-->
+<ruleset name="TunnelsUp.com">
+
+	<target host="tunnelsup.com" />
+	<target host="www.tunnelsup.com" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.tunnelsup\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/turisticke-znamky.xml b/src/chrome/content/rules/turisticke-znamky.xml
new file mode 100644
index 000000000000..808b06d9c587
--- /dev/null
+++ b/src/chrome/content/rules/turisticke-znamky.xml
@@ -0,0 +1,7 @@
+<ruleset name="Turistické známky">
+    <target host="turisticke-znamky.cz" />
+    <target host="www.turisticke-znamky.cz" />
+
+    <rule from="^http:"
+            to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/turku.fi.xml b/src/chrome/content/rules/turku.fi.xml
index a3384dc26da2..3653ba300ee7 100644
--- a/src/chrome/content/rules/turku.fi.xml
+++ b/src/chrome/content/rules/turku.fi.xml
@@ -1,17 +1,21 @@
+
 <!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://www.bussit.turku.fi/ (200) => https://www.turku.fi/public/default.aspx?nodeid=11916 (410)
+
 	Cert matches only www
 
 	Problematic links that need to be excluded:
 		- www.turku.fi/(ahtela|bussar|busses|bussit|paikalla|paplats|
 		ippe|nuorikulttuuri|sustainable-city|...)
 -->
-<ruleset name="Turku.fi" platform="mixedcontent">
+<ruleset name="Turku.fi" platform="mixedcontent" default_off="failed ruleset test">
 	<target host="www.turku.fi" />
 	<target host="turku.fi" />
 	<target host="www.bussit.turku.fi" />
 	<target host="opaskartta.turku.fi" />
 
-	<rule from="^https?://(?:www\.)?turku\.fi/"
+	<rule from="^http://(?:www\.)?turku\.fi/"
 		to="https://www.turku.fi/" />
 
 	<rule from="^http://opaskartta\.turku\.fi/"
@@ -22,14 +26,14 @@
 	<exclusion pattern="^http://(?:www\.)?turku\.fi/(?!bussit$|buses$|bussar$)[\w-]+$" />
 
 	<!-- Redirect problematic subdomain and links -->
-	<rule from="^https?://www\.bussit\.turku\.fi/$"
+	<rule from="^http://www\.bussit\.turku\.fi/$"
 		to="https://www.turku.fi/public/default.aspx?nodeid=11916" />
 
-	<rule from="^https?://(?:www\.)?turku\.fi/bussit$"
+	<rule from="^http://(?:www\.)?turku\.fi/bussit$"
 		to="https://www.turku.fi/public/default.aspx?nodeid=11916&#38;contentlan=1" />
-	<rule from="^https?://(?:www\.)?turku\.fi/buses$"
+	<rule from="^http://(?:www\.)?turku\.fi/buses$"
 		to="https://www.turku.fi/public/default.aspx?nodeid=11916&#38;contentlan=2" />
-	<rule from="^https?://(?:www\.)?turku\.fi/bussar$"
+	<rule from="^http://(?:www\.)?turku\.fi/bussar$"
 		to="https://www.turku.fi/public/default.aspx?nodeid=11916&#38;contentlan=3" />
 
 	<securecookie host="^\w+\.turku\.fi" name=".+" />
diff --git a/src/chrome/content/rules/turnoff.xml b/src/chrome/content/rules/turnoff.xml
new file mode 100644
index 000000000000..18042e34ef88
--- /dev/null
+++ b/src/chrome/content/rules/turnoff.xml
@@ -0,0 +1,7 @@
+<ruleset name="Turnoff">
+	<target host="turnoff.us" />
+	<target host="www.turnoff.us" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/tushino.com.xml b/src/chrome/content/rules/tushino.com.xml
new file mode 100644
index 000000000000..91fa39507fcc
--- /dev/null
+++ b/src/chrome/content/rules/tushino.com.xml
@@ -0,0 +1,15 @@
+<!--
+soft.tushino.com mismatch
+support.tushino.com self signed
+css.tushino.com protocol error
+www.malshakov.tushino.com self signed
+-->
+<ruleset name="tushino.com">
+	<target host="tushino.com" />
+	<target host="www.tushino.com" />
+	<target host="cabinet.tushino.com" />
+	<target host="webmail.tushino.com" />
+	<target host="forum.tushino.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/tutti.ch.xml b/src/chrome/content/rules/tutti.ch.xml
new file mode 100644
index 000000000000..51e9f6cb9e15
--- /dev/null
+++ b/src/chrome/content/rules/tutti.ch.xml
@@ -0,0 +1,28 @@
+<!--
+	mismatch, selfsigned:
+	- (www.)win-win-tutti.ch
+	- magazin.tutti.ch
+	- magazine.tutti.ch
+	- rivista.tutti.ch
+-->
+<ruleset name="tutti.ch">
+	<target host="tutti.ch" />
+	<target host="www.tutti.ch" />
+	<target host="c.tutti.ch" />
+	<target host="www2.tutti.ch" />
+	<target host="m.tutti.ch" />
+
+	<!-- product pages on desktop redirect to http -->
+	<exclusion pattern="^http://www\.tutti\.ch/[\w/-]+\d{3,}\.htm$" />
+	<test url="http://www.tutti.ch/bern/kleidung-accessoires/schuhe-fuer-damen/angebote/nike-schuhe_11448617.htm" />
+	<test url="http://www.tutti.ch/neuchatel/livres/romans/offres/juste-avant-l-orage_3288278.htm" />
+	<test url="http://www.tutti.ch/tessin-fr/maison/electromenager-ustensiles/offres/climatizzatore_11448580.htm" />
+
+	<!-- CORS issue https://github.com/EFForg/https-everywhere/issues/13953 -->
+	<exclusion pattern="^http://www\.tutti\.ch/ajax/" />
+	<exclusion pattern="^http://www\.tutti\.ch/get_marked$" />
+	<test url="http://www.tutti.ch/ajax/phoneview" />
+	<test url="http://www.tutti.ch/get_marked" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/tuxfamily.net.xml b/src/chrome/content/rules/tuxfamily.net.xml
new file mode 100644
index 000000000000..3a6b1f9762b7
--- /dev/null
+++ b/src/chrome/content/rules/tuxfamily.net.xml
@@ -0,0 +1,16 @@
+<!--
+	For other TuxFamily coverage, see TuxFamily.org.xml.
+
+-->
+<ruleset name="TuxFamily.net" default_off="mismatched">
+
+	<target host="web.tuxfamily.net" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/tuxfamily.org-falsemixed.xml b/src/chrome/content/rules/tuxfamily.org-falsemixed.xml
new file mode 100644
index 000000000000..226bcdf1c83f
--- /dev/null
+++ b/src/chrome/content/rules/tuxfamily.org-falsemixed.xml
@@ -0,0 +1,58 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://gimpphoto.tuxfamily.org/ => https://gimpphoto.tuxfamily.org/: (60, 'SSL certificate problem: self signed certificate')
+Fetch error: http://www.gimpphoto.tuxfamily.org/ => https://gimpphoto.tuxfamily.org/: (60, 'SSL certificate problem: self signed certificate')
+
+	For rules not causing false/broken MCB, see TuxFamily.org.xml.
+
+
+	NB: see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="TuxFamily.org (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="0vercl0k.tuxfamily.org" />
+	<target host="blenderclan.tuxfamily.org" />
+	<target host="bugparis.tuxfamily.org" />
+	<target host="celmir.tuxfamily.org" />
+	<target host="eigen.tuxfamily.org" />
+	<target host="feeblemind.tuxfamily.org" />
+	<target host="ffdiaporama.tuxfamily.org" />
+	<target host="gimpphoto.tuxfamily.org" />
+	<target host="joliebulle.tuxfamily.org" />
+	<target host="non.tuxfamily.org" />
+	<target host="popaul77.tuxfamily.org" />
+	<target host="scoretarot.tuxfamily.org" />
+	<target host="stickyvibe.tuxfamily.org" />
+	<target host="xcfa.tuxfamily.org" />
+
+	<!--	Complications:
+				-->
+	<target host="www.0vercl0k.tuxfamily.org" />
+	<target host="www.blenderclan.tuxfamily.org" />
+	<target host="www.bugparis.tuxfamily.org" />
+	<target host="www.celmir.tuxfamily.org" />
+	<target host="www.eigen.tuxfamily.org" />
+	<target host="www.feeblemind.tuxfamily.org" />
+	<target host="www.ffdiaporama.tuxfamily.org" />
+	<target host="www.gimpphoto.tuxfamily.org" />
+	<target host="www.joliebulle.tuxfamily.org" />
+	<target host="www.popaul77.tuxfamily.org" />
+	<target host="www.scoretarot.tuxfamily.org" />
+	<target host="www.stickyvibe.tuxfamily.org" />
+	<target host="www.xcfa.tuxfamily.org" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://www\.([^.]+)\.tuxfamily\.org/"
+		to="https://$1.tuxfamily.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/tvQuran.com.xml b/src/chrome/content/rules/tvQuran.com.xml
new file mode 100644
index 000000000000..a5ba26dcd1e3
--- /dev/null
+++ b/src/chrome/content/rules/tvQuran.com.xml
@@ -0,0 +1,17 @@
+<!--
+	Invalid certificate:
+	- old.tvquran.com
+
+	Refused:
+	- beta.tvquran.com
+
+-->
+<ruleset name="tvQuran.com">
+	<target host="tvquran.com" />
+	<target host="www.tvquran.com" />
+	<target host="download.tvquran.com" />
+
+	<securecookie host="^www\.tvquran\.com$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/tvc.ru.xml b/src/chrome/content/rules/tvc.ru.xml
new file mode 100644
index 000000000000..0d05328c5c2a
--- /dev/null
+++ b/src/chrome/content/rules/tvc.ru.xml
@@ -0,0 +1,10 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cdn.tvc.ru/ => https://cdn.tvc.ru/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+-->
+<ruleset name="tvc.ru" default_off="failed ruleset test">
+	<target host="cdn.tvc.ru" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/tvcom-tv.ru.xml b/src/chrome/content/rules/tvcom-tv.ru.xml
new file mode 100644
index 000000000000..89ecc7b6c2b0
--- /dev/null
+++ b/src/chrome/content/rules/tvcom-tv.ru.xml
@@ -0,0 +1,8 @@
+<!--www. redirect-->
+<ruleset name="tvcom-tv.ru">
+	<target host="tvcom-tv.ru" />
+	<target host="www.tvcom-tv.ru" />
+	<rule from="^http://www\.tvcom-tv\.ru/"
+		to="https://tvcom-tv.ru/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/tverigrad.ru.xml b/src/chrome/content/rules/tverigrad.ru.xml
new file mode 100644
index 000000000000..38eac4c3539c
--- /dev/null
+++ b/src/chrome/content/rules/tverigrad.ru.xml
@@ -0,0 +1,16 @@
+<!--
+www.tverigrad.ru ¹
+reklama.tverigrad.ru ¹
+m.tverigrad.ru ¹
+client.tverigrad.ru ¹
+
+
+¹ mismatch
+-->
+<ruleset name="tverigrad.ru">
+	<target host="tverigrad.ru" />
+	<target host="www.tverigrad.ru" />
+	<rule from="^http://www\.tverigrad\.ru/"
+		to="https://tverigrad.ru/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/tverweek.com.xml b/src/chrome/content/rules/tverweek.com.xml
new file mode 100644
index 000000000000..1a455fad89ca
--- /dev/null
+++ b/src/chrome/content/rules/tverweek.com.xml
@@ -0,0 +1,8 @@
+<!-- www. mismatch -->
+<ruleset name="tverweek.com">
+	<target host="tverweek.com" />
+	<target host="www.tverweek.com" />
+	<rule from="^http://www\.tverweek\.com/"
+		to="https://tverweek.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/tvkultura.ru.xml b/src/chrome/content/rules/tvkultura.ru.xml
new file mode 100644
index 000000000000..55f8777f945a
--- /dev/null
+++ b/src/chrome/content/rules/tvkultura.ru.xml
@@ -0,0 +1,48 @@
+<!--
+	www.tvkultura.ru: mismatched
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- tvkultura.ru
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Images from cdn-st[1-4].rtr-vesti.ru ˢ
+
+		- Ads, from:
+
+			- u\d+.\d+.spylog.com
+			- openstat.net ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="tvkultura.ru">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="tvkultura.ru" />
+
+	<!--	Complications:
+				-->
+	<target host="www.tvkultura.ru" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^tvkultura\.ru$" name="^ngx_uid$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://www\.tvkultura\.ru/"
+		to="https://tvkultura.ru/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/tvmazecdn.com.xml b/src/chrome/content/rules/tvmazecdn.com.xml
new file mode 100644
index 000000000000..6a8ef682eb26
--- /dev/null
+++ b/src/chrome/content/rules/tvmazecdn.com.xml
@@ -0,0 +1,19 @@
+<!--
+	Note: platform is so as not to increase non-Tor
+	distinguishability, given that no pages are covered
+	and no mixed content secured.
+
+-->
+<ruleset name="TVmaze CDN.com" platform="mixedcontent">
+
+	<target host="tvmazecdn.com" />
+	<target host="www.tvmazecdn.com" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/tvrain.ru.xml b/src/chrome/content/rules/tvrain.ru.xml
new file mode 100644
index 000000000000..633b9446083f
--- /dev/null
+++ b/src/chrome/content/rules/tvrain.ru.xml
@@ -0,0 +1,5 @@
+<ruleset name="tvrain.ru">
+	<target host="tvrain.ru" />
+	<target host="www.tvrain.ru" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/tvtv.de.xml b/src/chrome/content/rules/tvtv.de.xml
new file mode 100644
index 000000000000..1b6af9e0ec03
--- /dev/null
+++ b/src/chrome/content/rules/tvtv.de.xml
@@ -0,0 +1,26 @@
+<!--
+	Invalid certificate:
+		spiele.tvtv.de
+
+	Timeout:
+		beta.tvtv.de
+		m.beta.tvtv.de
+		jenkins.tvtv.de
+
+	Unable to get local issuer certificate:
+		test.tvtv.de
+		m.test.tvtv.de
+-->
+<ruleset name="tvtv.de">
+
+	<target host="tvtv.de" />
+	<target host="www.tvtv.de" />
+	<target host="images.tvtv.de" />
+	<target host="link.tvtv.de" />
+	<target host="m.tvtv.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/tweetamonial.com.xml b/src/chrome/content/rules/tweetamonial.com.xml
new file mode 100644
index 000000000000..93931ffd5086
--- /dev/null
+++ b/src/chrome/content/rules/tweetamonial.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these domains: ᶜ
+
+		- .tweetamonial.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Tweetamonial.com">
+
+	<target host="tweetamonial.com" />
+	<target host="www.tweetamonial.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.tweetamonial\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\." name="^PHPSESSID$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/twinery.org.xml b/src/chrome/content/rules/twinery.org.xml
new file mode 100644
index 000000000000..d44428851205
--- /dev/null
+++ b/src/chrome/content/rules/twinery.org.xml
@@ -0,0 +1,6 @@
+<ruleset name="twinery.org">
+	<target host="twinery.org" />
+	<target host="www.twinery.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/twistlock.com.xml b/src/chrome/content/rules/twistlock.com.xml
new file mode 100644
index 000000000000..89c25a0350f5
--- /dev/null
+++ b/src/chrome/content/rules/twistlock.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="Twistlock.com">
+
+	<target host="twistlock.com" />
+	<target host="www.twistlock.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/twitchstatus.com.xml b/src/chrome/content/rules/twitchstatus.com.xml
new file mode 100644
index 000000000000..78c0e1f16f4e
--- /dev/null
+++ b/src/chrome/content/rules/twitchstatus.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="twitchstatus.com">
+	<target host="twitchstatus.com" />
+	<target host="www.twitchstatus.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/tygem.com.xml b/src/chrome/content/rules/tygem.com.xml
new file mode 100644
index 000000000000..cf9ed7098f92
--- /dev/null
+++ b/src/chrome/content/rules/tygem.com.xml
@@ -0,0 +1,42 @@
+<!--
+	404:
+		^	( equal to www )
+
+	Redirect to http:
+		tad.tygem.com
+
+	Timeout:
+		download.tygem.com
+		download2.tygem.com
+		filetad.tygem.com
+		game.tygem.com
+		mail.tygem.com
+		mailq.tygem.com
+		mov.tygem.com
+		newgibo.tygem.com
+		pigwing.tygem.com
+		util.tygem.com
+
+	Refused:
+		gate.tygem.com
+
+	Mismatch:
+		mu.tygem.com
+		youbs.tygem.com
+-->
+
+<ruleset name="tygem.com">
+
+	<target host="tygem.com" />
+	<rule from="^http://tygem\.com/" to="https://www.tygem.com/" />
+
+	<target host="bill.tygem.com" />
+	<target host="file.tygem.com" />
+	<target host="img.tygem.com" />
+	<target host="mi.tygem.com" />
+	<target host="service.tygem.com" />
+	<target host="www.tygem.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/typescriptlang.org.xml b/src/chrome/content/rules/typescriptlang.org.xml
new file mode 100644
index 000000000000..9fa1e2e06e36
--- /dev/null
+++ b/src/chrome/content/rules/typescriptlang.org.xml
@@ -0,0 +1,13 @@
+<ruleset name="typescriptlang.org">
+		<target host="typescriptlang.org" />
+		<target host="www.typescriptlang.org" />
+
+
+		<!--
+			Just adding the target won't work here, since typescriptlang.org does not support https.
+			It needs to be redirected to https://www.typescriptlang.org/ explicitly.
+		-->
+		<rule from="^http://typescriptlang\.org/" to="https://www.typescriptlang.org/" />
+		<rule from="^http:"
+				to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/tyresales.com.au.xml b/src/chrome/content/rules/tyresales.com.au.xml
new file mode 100644
index 000000000000..2d3a0a113d1b
--- /dev/null
+++ b/src/chrome/content/rules/tyresales.com.au.xml
@@ -0,0 +1,26 @@
+<!--
+	Non-functional subdomains:
+		- login		(r)
+		- pre-uat	(t)
+		- staging1	(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="tyresales.com.au">
+
+	<target host="tyresales.com.au" />
+	<target host="www.tyresales.com.au" />
+	<target host="dealers.tyresales.com.au" />
+	<target host="racv-uat.tyresales.com.au" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/tyumedia.ru.xml b/src/chrome/content/rules/tyumedia.ru.xml
new file mode 100644
index 000000000000..f45a9d2832ba
--- /dev/null
+++ b/src/chrome/content/rules/tyumedia.ru.xml
@@ -0,0 +1,13 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://tyumedia.ru/ => https://tyumedia.ru/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.tyumedia.ru/ => https://tyumedia.ru/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+ www. mismatch -->
+<ruleset name="tyumedia.ru" default_off="failed ruleset test">
+	<target host="tyumedia.ru" />
+	<target host="www.tyumedia.ru" />
+	<rule from="^http://www\.tyumedia\.ru/"
+		to="https://tyumedia.ru/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/u-f.ru.xml b/src/chrome/content/rules/u-f.ru.xml
new file mode 100644
index 000000000000..6e4e422fc062
--- /dev/null
+++ b/src/chrome/content/rules/u-f.ru.xml
@@ -0,0 +1,6 @@
+<ruleset name="u-f.ru" platform="mixedcontent">
+	<target host="u-f.ru" />
+	<target host="www.u-f.ru" />
+	<target host="uf.u-f.ru" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/u51.com.xml b/src/chrome/content/rules/u51.com.xml
new file mode 100644
index 000000000000..39be8d3d42e9
--- /dev/null
+++ b/src/chrome/content/rules/u51.com.xml
@@ -0,0 +1,18 @@
+<ruleset name="u51.com">
+	<target host="u51.com" />
+	<target host="www.u51.com" />
+	<target host="credit.u51.com" />
+	<target host="img.credit.u51.com" />
+	<target host="h5.u51.com" />
+	<target host="pic.u51.com" />
+	<target host="web.u51.com" />
+
+	<rule from="^http://u51\.com/" to="https://www.u51.com/" />
+
+	<rule from="^http://img\.credit\.u51\.com/" to="https://credit.u51.com/" />
+		<test url="http://img.credit.u51.com/uploads/post/160325/6d/ca5191442e64302f9006789394f640.png" />
+
+		<test url="http://h5.u51.com/u51/cashback-newer/index.html?act=100128" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/uTorrent.xml b/src/chrome/content/rules/uTorrent.xml
index 0edb2b84bc5e..6f98034c3148 100644
--- a/src/chrome/content/rules/uTorrent.xml
+++ b/src/chrome/content/rules/uTorrent.xml
@@ -7,7 +7,6 @@
 
 		- bittorrent.vo.llnwd.net
 			- ....hs.llnwd.net doesn't exist
-			- www
 			- ll.download3
 			- ll.static
 
@@ -16,22 +15,30 @@
 
 	Nonfunctional subdomains:
 
-		- www		(cert: *.hs.llnwd.net; 400)
 		- blog		(cert: *.wpengine.com; 301s to http)
+		- featuredcontent (redirect to bittorrent.com)
+		- help (cert error)
+		- mac (cert error)
+		- macreleasenotes (cert error)
+		- releasenotes (cert error)
+		- translate (cert error)
+		- search (404)
+		- new (timeout)
 		- ll.download3	(cert: *.hs.llnwd.net; 400)
 		- ll.static	(ditto)
 
 -->
-<ruleset name="µTorrent (partial)">
-
-	<target host="*.utorrent.com" />
-	<target host="ll.*.utorrent.com" />
-
-
-	<rule from="^http://(forum|remote)\.utorrent\.com/"
-		to="https://$1.utorrent.com/" />
-
-	<rule from="^https?://(?:ll\.)?(download3?|static)\.utorrent\.com/"
-		to="https://$1.utorrent.com/" />
+<ruleset name="µTorrent">
+
+	<target host="utorrent.com" />
+	<target host="www.utorrent.com" />
+	<target host="forum.utorrent.com" />
+	<target host="macupdate.utorrent.com" />
+	<target host="remote.utorrent.com" />
+	<target host="update.utorrent.com" />
+	<target host="utclient.utorrent.com" />
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/uVPN.xml b/src/chrome/content/rules/uVPN.xml
index ea3ca80ef4bf..98cf63db157e 100644
--- a/src/chrome/content/rules/uVPN.xml
+++ b/src/chrome/content/rules/uVPN.xml
@@ -1,8 +1,13 @@
-<ruleset name="uVPN">
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://uvpn.de/ => https://uvpn.de/: (7, 'Failed to connect to uvpn.de port 443: Connection refused')
+Fetch error: http://www.uvpn.de/ => https://uvpn.de/: (7, 'Failed to connect to uvpn.de port 443: Connection refused')
+-->
+<ruleset name="uVPN" default_off="refused">
   <target host="uvpn.de" />
   <target host="www.uvpn.de" />
 
-  <securecookie host="^(?:www\.)?uvpn\.de$" name=".+" />
-
-  <rule from="^http://(?:www\.)?uvpn\.de/" to="https://uvpn.de/" />
+	<!--	Redirect keeps path and args:
+						-->
+  <rule from="^http://(?:www\.)?uvpn\.de/+" to="https://fremaks.de/" />
 </ruleset>
diff --git a/src/chrome/content/rules/uainfo.org.xml b/src/chrome/content/rules/uainfo.org.xml
new file mode 100644
index 000000000000..13eb303aeda0
--- /dev/null
+++ b/src/chrome/content/rules/uainfo.org.xml
@@ -0,0 +1,13 @@
+<!--
+new.uainfo.org ¹
+static.uainfo.org ¹
+
+
+¹ mismatch
+-->
+<ruleset name="uainfo.org">
+	<target host="uainfo.org" />
+	<target host="www.uainfo.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ualinux.com.xml b/src/chrome/content/rules/ualinux.com.xml
new file mode 100644
index 000000000000..1f2f20b4b1b7
--- /dev/null
+++ b/src/chrome/content/rules/ualinux.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="ualinux.com">
+	<target host="ualinux.com" />
+	<target host="www.ualinux.com" />
+	<target host="archive.ualinux.com" />
+	<target host="ftp.ualinux.com" />
+	<target host="radio.ualinux.com" />
+	<target host="shop.ualinux.com" />
+	<target host="support.ualinux.com" />
+	<target host="server.ualinux.com" />
+	<target host="journal.ualinux.com" />
+	<target host="www.journal.ualinux.com" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ubalt.edu.xml b/src/chrome/content/rules/ubalt.edu.xml
new file mode 100644
index 000000000000..542de6cf5b4f
--- /dev/null
+++ b/src/chrome/content/rules/ubalt.edu.xml
@@ -0,0 +1,149 @@
+<!--
+	Invalid certificate:
+		baltimoreauthors.ubalt.edu
+		bothandneither.ubalt.edu
+		cyberdiscovery.ubalt.edu
+		filemaker.ubalt.edu
+		www.law.ubalt.edu
+		www.noc.ubalt.edu
+		sip.ubalt.edu
+		scooby.ubalt.edu
+		mba.towson.ubalt.edu
+		wiki.ubalt.edu
+
+	Refused:
+		autodiscover.ubalt.edu
+		df.ubalt.edu
+		pesod-slma.ubalt.edu
+		rvaam.ubalt.edu
+		zimride.ubalt.edu
+
+	Time out:
+		accounting.ubalt.edu
+		ace.ubalt.edu
+		allan.ubalt.edu
+		auth.ubalt.edu
+		bambam.ubalt.edu
+		c3po.ubalt.edu
+		cow.ubalt.edu
+		crow.ubalt.edu
+		csilink.ubalt.edu
+		dctt.ubalt.edu
+		dilbert.ubalt.edu
+		dsr-ac.ubalt.edu
+		ed.ubalt.edu
+		eddie.ubalt.edu
+		edgar.ubalt.edu
+		eeyore.ubalt.edu
+		fm.ubalt.edu
+		george.ubalt.edu
+		gist.ubalt.edu
+		gumby.ubalt.edu
+		headroom.ubalt.edu
+		iat.ubalt.edu
+		idp.ubalt.edu
+		igor.ubalt.edu
+		iprint.ubalt.edu
+		jen.ubalt.edu
+		kenny.ubalt.edu
+		marci.ubalt.edu
+		mis.ubalt.edu
+		moof.ubalt.edu
+		mrfrench.ubalt.edu
+		mycallpilot.ubalt.edu
+		nigel.ubalt.edu
+		oraclep.ubalt.edu
+		peggy.ubalt.edu
+		peoplebooks.ubalt.edu
+		pesod-igw-pub.ubalt.edu
+		pesop-igw-pub.ubalt.edu
+		pesop-rpt-fn.ubalt.edu
+		pokey.ubalt.edu
+		portfolio.ubalt.edu
+		poster.ubalt.edu
+		region.ubalt.edu
+		rudy.ubalt.edu
+		sad.ubalt.edu
+		schroeder.ubalt.edu
+		sluggo.ubalt.edu
+		smart.ubalt.edu
+		tigger.ubalt.edu
+		ured.ubalt.edu
+		urlbaron.ubalt.edu
+		velma.ubalt.edu
+		wanderer.ubalt.edu
+		webmail.ubalt.edu
+		webteach2.ubalt.edu
+		wwwd.ubalt.edu
+		xserve1.ubalt.edu
+		yogi.ubalt.edu
+		ziggy.ubalt.edu
+-->
+<ruleset name="ubalt.edu">
+	<target host="ubalt.edu" />
+	<target host="www.ubalt.edu" />
+	<target host="archives.ubalt.edu" />
+	<target host="archivesspace.ubalt.edu" />
+	<target host="asa.ubalt.edu" />
+	<target host="beheardbaltimore.ubalt.edu" />
+	<target host="blogs.ubalt.edu" />
+	<target host="business.ubalt.edu" />
+	<target host="courses.ubalt.edu" />
+	<target host="crwportal.ubalt.edu" />
+	<target host="eprint.ubalt.edu" />
+	<target host="gots.ubalt.edu" />
+	<target host="home.ubalt.edu" />
+	<target host="housing.ubalt.edu" />
+	<target host="hybrid.ubalt.edu" />
+	<target host="iliad.ubalt.edu" />
+	<target host="illiad.ubalt.edu" />
+	<target host="internal.ubalt.edu" />
+	<target host="involvement.ubalt.edu" />
+	<target host="jitm.ubalt.edu" />
+	<target host="jitmreview.ubalt.edu" />
+	<target host="langsdale.ubalt.edu" />
+	<target host="law.ubalt.edu" />
+	<target host="library.ubalt.edu" />
+	<target host="listserv.ubalt.edu" />
+	<target host="logon.ubalt.edu" />
+	<target host="m.ubalt.edu" />
+	<target host="main.ubalt.edu" />
+	<target host="marylandcpm.ubalt.edu" />
+	<target host="meilp.ubalt.edu" />
+	<target host="myfiles.ubalt.edu" />
+	<target host="mypw.ubalt.edu" />
+	<target host="myub.ubalt.edu" />
+	<target host="myubtowsonmba.ubalt.edu" />
+	<target host="noc.ubalt.edu" />
+	<target host="oa.ubalt.edu" />
+	<target host="otsnet.ubalt.edu" />
+	<target host="pcounter.ubalt.edu" />
+	<target host="peso.ubalt.edu" />
+	<target host="pesod-tam.ubalt.edu" />
+	<target host="pesop-app.ubalt.edu" />
+	<target host="pesop-cs.ubalt.edu" />
+	<target host="pesop-hr.ubalt.edu" />
+	<target host="pesop-pa.ubalt.edu" />
+	<target host="pesop-pa-tmp.ubalt.edu" />
+	<target host="pesop-phire.ubalt.edu" />
+	<target host="pesop-rpt-cs.ubalt.edu" />
+	<target host="pesop-rpt-hr.ubalt.edu" />
+	<target host="pesop-tam.ubalt.edu" />
+	<target host="raven.ubalt.edu" />
+	<target host="scholarworks.law.ubalt.edu" />
+	<target host="scpp.ubalt.edu" />
+	<target host="spss.ubalt.edu" />
+	<target host="telecom.ubalt.edu" />
+	<target host="ubonline.ubalt.edu" />
+	<target host="ubpeso.ubalt.edu" />
+	<target host="ubwiki.ubalt.edu" />
+	<target host="umubdr.ubalt.edu" />
+	<target host="view.ubalt.edu" />
+	<target host="vpn.ubalt.edu" />
+	<target host="vpnmonj.ubalt.edu" />
+	<target host="wa.ubalt.edu" />
+	<target host="webnow.ubalt.edu" />
+	<target host="welter.ubalt.edu" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/uberflip.com.xml b/src/chrome/content/rules/uberflip.com.xml
new file mode 100644
index 000000000000..3ac99b16be78
--- /dev/null
+++ b/src/chrome/content/rules/uberflip.com.xml
@@ -0,0 +1,36 @@
+<!--
+	Problematic hosts in *uberflip.com:
+
+		- cdn ᵐ
+
+	ᵐ Cloudfront / mismatched
+
+
+	These altnames do not exist:
+
+		- www.get.uberflip.com
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- get.uberflip.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="uberflip.com (partial)">
+
+	<target host="get.uberflip.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^get\.uberflip\.com$" name="^ub(?:pv|vs|vt)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ubuntu-fi.org.xml b/src/chrome/content/rules/ubuntu-fi.org.xml
new file mode 100644
index 000000000000..0cac0153a304
--- /dev/null
+++ b/src/chrome/content/rules/ubuntu-fi.org.xml
@@ -0,0 +1,10 @@
+<ruleset name="ubuntu-fi.org">
+		<target host="ubuntu-fi.org" />
+		<target host="www.ubuntu-fi.org" />
+		<target host="forum.ubuntu-fi.org" />
+		<target host="wiki.ubuntu-fi.org" />
+		<target host="blog.ubuntu-fi.org" />
+
+		<rule from="^http:"
+				to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ubuntugeek.com.xml b/src/chrome/content/rules/ubuntugeek.com.xml
new file mode 100644
index 000000000000..c2911527b07e
--- /dev/null
+++ b/src/chrome/content/rules/ubuntugeek.com.xml
@@ -0,0 +1,23 @@
+<!--
+	Invalid certificate:
+		dc-b02638f16c24.ubuntugeek.com
+		e.ubuntugeek.com
+		mobilemail.ubuntugeek.com
+		pda.ubuntugeek.com
+		webmail.ubuntugeek.com
+
+	Time out:
+		imap.ubuntugeek.com
+		mail.ubuntugeek.com
+		pop.ubuntugeek.com
+		smtp.ubuntugeek.com
+-->
+<ruleset name="ubuntugeek.com">
+	<target host="ubuntugeek.com" />
+	<target host="www.ubuntugeek.com" />
+	<target host="email.ubuntugeek.com" />
+	<target host="forum.ubuntugeek.com" />
+	<target host="www2.ubuntugeek.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ubuntupodcast.org.xml b/src/chrome/content/rules/ubuntupodcast.org.xml
new file mode 100644
index 000000000000..1de6a3fad8e0
--- /dev/null
+++ b/src/chrome/content/rules/ubuntupodcast.org.xml
@@ -0,0 +1,16 @@
+<!--
+	Refused:
+		feed.ubuntupodcast.org
+		feeds.ubuntupodcast.org
+		live.ubuntupodcast.org
+		mail.ubuntupodcast.org
+		mail2.ubuntupodcast.org
+		static.ubuntupodcast.org
+-->
+<ruleset name="ubuntupodcast.org">
+	<target host="ubuntupodcast.org" />
+	<target host="www.ubuntupodcast.org" />
+	<target host="stats.ubuntupodcast.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ubuntutheaterproject.com.xml b/src/chrome/content/rules/ubuntutheaterproject.com.xml
new file mode 100644
index 000000000000..d27468ea5d18
--- /dev/null
+++ b/src/chrome/content/rules/ubuntutheaterproject.com.xml
@@ -0,0 +1,10 @@
+<!--
+	Refused:
+		m.ubuntutheaterproject.com
+-->
+<ruleset name="ubuntutheaterproject.com">
+	<target host="ubuntutheaterproject.com" />
+	<target host="www.ubuntutheaterproject.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ucanet.ru.xml b/src/chrome/content/rules/ucanet.ru.xml
new file mode 100644
index 000000000000..40714e218bb9
--- /dev/null
+++ b/src/chrome/content/rules/ucanet.ru.xml
@@ -0,0 +1,13 @@
+<!--
+ucanet.ru timed out
+www.ucanet.ru timed out
+forum.ucanet.ru timed out
+my.ucanet.ru timed out
+yp.ucanet.ru timed out
+tv.ucanet.ru timed out
+-->
+<ruleset name="ucanet.ru (partial)">
+	<target host="stat.ucanet.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/uclick.com.xml b/src/chrome/content/rules/uclick.com.xml
new file mode 100644
index 000000000000..758ccc775bea
--- /dev/null
+++ b/src/chrome/content/rules/uclick.com.xml
@@ -0,0 +1,35 @@
+<!--
+	These altnames do not exist:
+
+		- www.admin.uclick.com
+
+
+	Mixed content:
+
+		- css, on:
+
+			- (www.)? from media.washingtonpost.com ˢ
+			- (www.)? from media3.washingtonpost.com
+			- (www.)? from www.washingtonpost.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="uclick.com" platform="mixedcontent">
+
+	<target host="uclick.com" />
+	<target host="admin.uclick.com" />
+	<target host="www.uclick.com" />
+
+		<!--	Mixed css:
+					-->
+		<!--test url="http://www.uclick.com/client/wpc/wpdom/" /-->
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ucu.org.uk.xml b/src/chrome/content/rules/ucu.org.uk.xml
new file mode 100644
index 000000000000..20bcde24a287
--- /dev/null
+++ b/src/chrome/content/rules/ucu.org.uk.xml
@@ -0,0 +1,14 @@
+<ruleset name="UCU.org.uk">
+
+	<target host="ucu.org.uk" />
+	<target host="www.ucu.org.uk" />
+
+
+	<securecookie host="^\." name="^_ga" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/udifo.com.xml b/src/chrome/content/rules/udifo.com.xml
new file mode 100644
index 000000000000..a9088443f3f0
--- /dev/null
+++ b/src/chrome/content/rules/udifo.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="udifo.com">
+	<target host="udifo.com" />
+	<target host="www.udifo.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ufanet.ru.xml b/src/chrome/content/rules/ufanet.ru.xml
new file mode 100644
index 000000000000..6edd67a7fb07
--- /dev/null
+++ b/src/chrome/content/rules/ufanet.ru.xml
@@ -0,0 +1,85 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://orsk.ufanet.ru/ => https://orsk.ufanet.ru/: (7, 'Failed to connect to orsk.ufanet.ru port 443: Connection refused')
+Fetch error: http://store.ufanet.ru/ => https://store.ufanet.ru/: (6, 'Could not resolve host: store.ufanet.ru')
+Fetch error: http://art.ufanet.ru/ => https://art.ufanet.ru/: (6, 'Could not resolve host: art.ufanet.ru')
+
+www.ufanet.ru mismatch
+forum.ufanet.ru timed out
+mir.ufanet.ru timed out
+www.ufanet.ru mismatch
+tv.ufanet.ru timed out
+csdb.ufanet.ru mismatch
+kvazar.ufanet.ru timed out
+ejevichka.ufanet.ru timed out
+mkrb.ufanet.ru mismatch
+svet.ufanet.ru timed out
+operenie.ufanet.ru timed out
+bsk.ufanet.ru timed out
+help.ufanet.ru non-2xx http code
+utec.ufanet.ru mismatch
+acid.ufanet.ru mismatch
+ugh.ufanet.ru self signed
+kv.ufanet.ru timed out
+korob.ufanet.ru timed out
+les.ufanet.ru timed out
+linkme.ufanet.ru timed out
+www.moto.ufanet.ru timed out
+www.musa.ufanet.ru timed out
+www.labrador.ufanet.ru timed out
+marks.on.ufanet.ru timed out
+scotch.on.ufanet.ru timed out
+tourmuseum.legko.ufanet.ru timed out
+sch83.legko.ufanet.ru timed out
+compoman.on.ufanet.ru timed out
+gelster.on.ufanet.ru timed out
+se.on.ufanet.ru timed out
+www.oren.ufanet.ru mismatch
+refcentr.on.ufanet.ru timed out
+finalfrenzy.on.ufanet.ru timed out
+komp.on.ufanet.ru timed out
+airrb.on.ufanet.ru timed out
+spichki.on.ufanet.ru timed out
+sch159.legko.ufanet.ru timed out
+mbti.on.ufanet.ru timed out
+izoterm.on.ufanet.ru timed out
+jurtech.on.ufanet.ru timed out
+www.bashpoisk.ufanet.ru timed out
+bavarokna.on.ufanet.ru timed out
+tdbsbt.on.ufanet.ru timed out
+melesta.on.ufanet.ru timed out
+musubi.on.ufanet.ru timed out
+kurt.on.ufanet.ru timed out
+horizont.on.ufanet.ru timed out
+www.strategia.ufanet.ru timed out
+leonardo.on.ufanet.ru timed out
+www.museumnesterova.ufanet.ru timed out
+ra9wox.on.ufanet.ru timed out
+ok.on.ufanet.ru timed out
+www.billiard.ufanet.ru timed out
+go1.hypo.ufanet.ru expired
+kvartx.on.ufanet.ru timed out
+kinestetic.legko.ufanet.ru timed out
+algoritm.on.ufanet.ru timed out
+kimovsk.on.ufanet.ru timed out
+lansforth.on.ufanet.ru timed out
+islam.on.ufanet.ru timed out
+ufanet.ru different content
+igs.ufanet.ru different content
+neft.ufanet.ru different content
+nn.ufanet.ru different content
+oktgs.ufanet.ru different content
+oren.ufanet.ru different content
+slv.ufanet.ru different content
+str.ufanet.ru different content
+-->
+<ruleset name="ufanet.ru (partial)" default_off="failed ruleset test">
+	<target host="my.ufanet.ru" />
+	<target host="orsk.ufanet.ru" />
+	<target host="store.ufanet.ru" />
+	<target host="art.ufanet.ru" />
+	<target host="school.ufanet.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ugmk-telecom.ru.xml b/src/chrome/content/rules/ugmk-telecom.ru.xml
new file mode 100644
index 000000000000..994021e28880
--- /dev/null
+++ b/src/chrome/content/rules/ugmk-telecom.ru.xml
@@ -0,0 +1,21 @@
+<!--
+ugmk-telecom.ru timed out
+www.ugmk-telecom.ru timed out
+forum.ugmk-telecom.ru timed out
+sibai.ugmk-telecom.ru timed out
+ekb.ugmk-telecom.ru timed out
+kirov.ugmk-telecom.ru timed out
+krtur.ugmk-telecom.ru timed out
+vn.ugmk-telecom.ru timed out
+krur.ugmk-telecom.ru timed out
+rubc.ugmk-telecom.ru timed out
+kol.ugmk-telecom.ru timed out
+serov.ugmk-telecom.ru timed out
+hotice.ugmk-telecom.ru timed out
+online.ugmk-telecom.ru timed out
+-->
+<ruleset name="ugmk-telecom.ru (partial)">
+	<target host="lk.ugmk-telecom.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/uhrp.org.xml b/src/chrome/content/rules/uhrp.org.xml
new file mode 100644
index 000000000000..241187e7de16
--- /dev/null
+++ b/src/chrome/content/rules/uhrp.org.xml
@@ -0,0 +1,19 @@
+<!--
+Nonfunctional domains:
+
+Certificate mismatch:
+ - pressrelease.uhrp.org
+ - cn.uhrp.org
+ - ftp.uhrp.org
+ - chinese.uhrp.org
+-->
+
+<ruleset name="uhrp.org">
+	<target host="uhrp.org" />
+	<target host="docs.uhrp.org" />
+	<target host="weblog.uhrp.org" />
+	<target host="chineseblog.uhrp.org" />
+	<target host="www.uhrp.org" />
+  
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/uibk.ac.at.xml b/src/chrome/content/rules/uibk.ac.at.xml
new file mode 100644
index 000000000000..3c510fd7ece8
--- /dev/null
+++ b/src/chrome/content/rules/uibk.ac.at.xml
@@ -0,0 +1,10 @@
+<ruleset name="uibk.ac.at">
+	<!-- University Innsbruck (Austria) -->
+	<!-- UIBK LFU -->
+	<target host="orawww.uibk.ac.at" />
+	<!-- UIBK OLAT -->
+	<target host="lms.uibk.ac.at" />
+	<!-- UIBK VPN -->
+	<target host="vpn.uibk.ac.at" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ukconstitutionallaw.org.xml b/src/chrome/content/rules/ukconstitutionallaw.org.xml
new file mode 100644
index 000000000000..19a8a761704b
--- /dev/null
+++ b/src/chrome/content/rules/ukconstitutionallaw.org.xml
@@ -0,0 +1,13 @@
+<ruleset name="UK Constitutional Law.org">
+
+	<target host="ukconstitutionallaw.org" />
+	<target host="www.ukconstitutionallaw.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ukpirateproxy.xyz.xml b/src/chrome/content/rules/ukpirateproxy.xyz.xml
new file mode 100644
index 000000000000..67f4172126e6
--- /dev/null
+++ b/src/chrome/content/rules/ukpirateproxy.xyz.xml
@@ -0,0 +1,7 @@
+<ruleset name="ukpirateproxy.xyz">
+	<target host="ukpirateproxy.xyz" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ukrcash.com.xml b/src/chrome/content/rules/ukrcash.com.xml
new file mode 100644
index 000000000000..9c800292b63b
--- /dev/null
+++ b/src/chrome/content/rules/ukrcash.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="ukrcash.com">
+	<target host="ukrcash.com" />
+	<target host="www.ukrcash.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ukxcam.co.uk.xml b/src/chrome/content/rules/ukxcam.co.uk.xml
new file mode 100644
index 000000000000..4a755c17cbfa
--- /dev/null
+++ b/src/chrome/content/rules/ukxcam.co.uk.xml
@@ -0,0 +1,37 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ukxcam.co.uk/ => https://ukxcam.co.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'ukxcam.co.uk'")
+Fetch error: http://www.ukxcam.co.uk/ => https://www.ukxcam.co.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'www.ukxcam.co.uk'")
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.ukxcam.co.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Image from img.wlresources.com ˢ
+
+	ˢ See https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="ukxcam.co.uk" default_off="failed ruleset test">
+
+	<target host="ukxcam.co.uk" />
+	<target host="www.ukxcam.co.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.ukxcam\.co\.uk$" name="^(?:Date|From|PHPSESSID|date_visite|set_lang|xlove_id_affi)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ul.se.xml b/src/chrome/content/rules/ul.se.xml
new file mode 100644
index 000000000000..3bb10e2a8441
--- /dev/null
+++ b/src/chrome/content/rules/ul.se.xml
@@ -0,0 +1,15 @@
+<!--
+
+	Incomplete certificate chain:
+		- timecare.ul.se
+
+-->
+<ruleset name="UL.se">
+	<target host="ul.se" />
+	<target host="www.ul.se" />
+	<target host="api.ul.se" />
+	<target host="resegaranti.ul.se" />
+	<target host="trafikstorning.ul.se" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ulgov.ru.xml b/src/chrome/content/rules/ulgov.ru.xml
new file mode 100644
index 000000000000..f27522d8be11
--- /dev/null
+++ b/src/chrome/content/rules/ulgov.ru.xml
@@ -0,0 +1,97 @@
+<!--
+www.build.ulgov.ru ¹
+www.dgizo.ulgov.ru ¹
+dialog.ulgov.ru ⁵
+dom.ulgov.ru ¹
+www.fondmama.ulgov.ru ¹
+geo.ulgov.ru ⁷
+gis.ulgov.ru ⁷
+gosuslugi.ulgov.ru ¹
+www.gosuslugi.ulgov.ru ¹
+www.inter.ulgov.ru ¹
+www.kadr.ulgov.ru ¹
+www.ku.ulgov.ru ¹
+www.med.ulgov.ru ¹
+www.mfc.ulgov.ru ¹
+www.minobr.ulgov.ru ¹
+old.minobr.ulgov.ru ¹
+www.minprom.ulgov.ru ¹
+www.mirsud.ulgov.ru ¹
+www.mpol.ulgov.ru ¹
+www.mvp.ulgov.ru ¹
+www.nasledie73.ulgov.ru ¹
+www.new.ulgov.ru ¹
+www.prom73.ulgov.ru ¹
+regulation.ulgov.ru ¹
+www.rezerv.ulgov.ru ¹
+www.sme.ulgov.ru ¹
+old.sme.ulgov.ru ¹
+www.old.sme.ulgov.ru ¹
+www.solncemarafon.ulgov.ru ¹
+www.tek.ulgov.ru ¹
+www.trud.ulgov.ru ¹
+viewmysurvey.docu.ulgilinspekt.ulgov.ru ¹
+mysurvey.docview.ulgilinspekt.ulgov.ru ¹
+mysurveydocview.ulgilinspekt.ulgov.ru ¹
+secure.myvanguard.ulgilinspekt.ulgov.ru ¹
+www.vet73.ulgov.ru ¹
+www.zags.ulgov.ru ¹
+admref.ulgov.ru different content
+anticorrupt.ulgov.ru different content
+build.ulgov.ru different content
+culture.ulgov.ru different content
+data.ulgov.ru different content
+dgizo.ulgov.ru different content
+econom.ulgov.ru different content
+eservice.ulgov.ru different content
+feedback.ulgov.ru different content
+finkontrol73.ulgov.ru different content
+gz.ulgov.ru different content
+inter.ulgov.ru different content
+ja-grazhdanin.ulgov.ru different content
+kadr.ulgov.ru different content
+ku.ulgov.ru different content
+law.ulgov.ru different content
+med.ulgov.ru different content
+mfc.ulgov.ru different content
+minobr.ulgov.ru different content
+minprom.ulgov.ru different content
+mirsud.ulgov.ru different content
+moodle.ulgov.ru different content
+morozov.ulgov.ru different content
+mpol.ulgov.ru different content
+municipal.ulgov.ru different content
+mvp.ulgov.ru different content
+nasledie73.ulgov.ru different content
+new.ulgov.ru different content
+opendata.ulgov.ru different content
+pnp.ulgov.ru different content
+polls.ulgov.ru different content
+prom73.ulgov.ru different content
+reglament.ulgov.ru different content
+rezerv.ulgov.ru different content
+sme.ulgov.ru different content
+smi.ulgov.ru different content
+solncemarafon.ulgov.ru different content
+sport.ulgov.ru different content
+structure.ulgov.ru different content
+tek.ulgov.ru different content
+uldemografiya.ulgov.ru different content
+vet73.ulgov.ru different content
+zags.ulgov.ru different content
+
+
+¹ mismatch
+⁵ expired
+⁷ protocol error
+-->
+<ruleset name="ulgov.ru">
+	<target host="ulgov.ru" />
+	<target host="www.ulgov.ru" />
+	<target host="golos.ulgov.ru" />
+	<target host="invest.ulgov.ru" />
+	<target host="socrazvitie.ulgov.ru" />
+	<target host="tarif.ulgov.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ulogin.ru.xml b/src/chrome/content/rules/ulogin.ru.xml
new file mode 100644
index 000000000000..a1bcfec68b14
--- /dev/null
+++ b/src/chrome/content/rules/ulogin.ru.xml
@@ -0,0 +1,12 @@
+<!--
+translate.ulogin.ru ¹
+
+
+¹ mismatch
+-->
+<ruleset name="ulogin.ru">
+	<target host="ulogin.ru" />
+	<target host="www.ulogin.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ultimarc.com.xml b/src/chrome/content/rules/ultimarc.com.xml
new file mode 100644
index 000000000000..3d7ae2c21657
--- /dev/null
+++ b/src/chrome/content/rules/ultimarc.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="Ultimarc.com">
+
+	<target host="ultimarc.com" />
+	<target host="www.ultimarc.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ultimate-guitar.com.xml b/src/chrome/content/rules/ultimate-guitar.com.xml
new file mode 100644
index 000000000000..2048cb2bd5e3
--- /dev/null
+++ b/src/chrome/content/rules/ultimate-guitar.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Ultimate-guitar.com">
+  <target host="ultimate-guitar.com" />
+  <target host="www.ultimate-guitar.com" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ultimateeditionoz.com.xml b/src/chrome/content/rules/ultimateeditionoz.com.xml
new file mode 100644
index 000000000000..6e9e9ebca8e0
--- /dev/null
+++ b/src/chrome/content/rules/ultimateeditionoz.com.xml
@@ -0,0 +1,12 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ultimateeditionoz.com/ => https://ultimateeditionoz.com/: (7, 'Failed to connect to ultimateeditionoz.com port 443: Connection refused')
+Fetch error: http://www.ultimateeditionoz.com/ => https://www.ultimateeditionoz.com/: (7, 'Failed to connect to www.ultimateeditionoz.com port 443: Connection refused')
+
+-->
+<ruleset name="ultimateeditionoz.com" default_off="failed ruleset test">
+	<target host="ultimateeditionoz.com" />
+	<target host="www.ultimateeditionoz.com" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ultimedecathlon.com.xml b/src/chrome/content/rules/ultimedecathlon.com.xml
new file mode 100644
index 000000000000..27ebae9b0cf9
--- /dev/null
+++ b/src/chrome/content/rules/ultimedecathlon.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="ultimedecathlon.com">
+        <target host="ultimedecathlon.com" />
+        <target host="www.ultimedecathlon.com" />
+
+        <rule from="^http:"
+                to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ultimedia.com.xml b/src/chrome/content/rules/ultimedia.com.xml
new file mode 100644
index 000000000000..e69454c4acfa
--- /dev/null
+++ b/src/chrome/content/rules/ultimedia.com.xml
@@ -0,0 +1,79 @@
+<!--
+	Connection failed:
+		stats.ultimedia.com
+		stream[4|6].ultimedia.com
+		web[16|20|34].ultimedia.com
+
+	Invalid certificate:
+		img.ultimedia.com
+		stream5.ultimedia.com
+		web35.ultimedia.com
+
+	Timeout:
+		stream[8|10|13].ultimedia.com
+		web32.ultimedia.com
+
+	Unable to get local issuer certificate:
+		m.ultimedia.com
+		web37.ultimedia.com
+-->
+<ruleset name="Ultimedia.com">
+
+	<target host="ultimedia.com" />
+	<target host="www.ultimedia.com" />
+	<target host="ca-lb.ultimedia.com" />
+	<target host="dig.ultimedia.com" />
+	<target host="fr-lb.ultimedia.com" />
+	<target host="loadbalancing.ultimedia.com" />
+	<target host="media1.ultimedia.com" />
+	<target host="media2.ultimedia.com" />
+	<target host="medialb.ultimedia.com" />
+	<target host="secure.ultimedia.com" />
+	<target host="static.ultimedia.com" />
+	<target host="statics.ultimedia.com" />
+	<target host="stats2.ultimedia.com" />
+	<target host="web01.ultimedia.com" />
+	<target host="web02.ultimedia.com" />
+	<target host="web03.ultimedia.com" />
+	<target host="web04.ultimedia.com" />
+	<target host="web05.ultimedia.com" />
+	<target host="web06.ultimedia.com" />
+	<target host="web07.ultimedia.com" />
+	<target host="web08.ultimedia.com" />
+	<target host="web09.ultimedia.com" />
+	<target host="web10.ultimedia.com" />
+	<target host="web11.ultimedia.com" />
+	<target host="web12.ultimedia.com" />
+	<target host="web13.ultimedia.com" />
+	<target host="web14.ultimedia.com" />
+	<target host="web15.ultimedia.com" />
+	<target host="web17.ultimedia.com" />
+	<target host="web18.ultimedia.com" />
+	<target host="web19.ultimedia.com" />
+	<target host="web21.ultimedia.com" />
+	<target host="web22.ultimedia.com" />
+	<target host="web23.ultimedia.com" />
+	<target host="web24.ultimedia.com" />
+	<target host="web25.ultimedia.com" />
+	<target host="web26.ultimedia.com" />
+	<target host="web27.ultimedia.com" />
+	<target host="web28.ultimedia.com" />
+	<target host="web29.ultimedia.com" />
+	<target host="web30.ultimedia.com" />
+	<target host="web31.ultimedia.com" />
+	<target host="web33.ultimedia.com" />
+	<target host="web36.ultimedia.com" />
+	<target host="web38.ultimedia.com" />
+	<target host="web39.ultimedia.com" />
+	<target host="web40.ultimedia.com" />
+	<target host="web41.ultimedia.com" />
+	<target host="web42.ultimedia.com" />
+	<target host="web43.ultimedia.com" />
+	<target host="web44.ultimedia.com" />
+	<target host="webgeo.ultimedia.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/umeng.xml b/src/chrome/content/rules/umeng.xml
new file mode 100644
index 000000000000..cffc747aac57
--- /dev/null
+++ b/src/chrome/content/rules/umeng.xml
@@ -0,0 +1,46 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://umeng.com/ => https://umeng.com/: (7, 'Failed to connect to umeng.com port 443: Connection refused')
+
+	Mismatch:
+	- opentest.rest.api.wsq.umeng.com
+	- tip.umeng.com
+
+	Redirects to http
+	- bbs.umeng.com
+	- blog.umeng.com
+	- bugbeta.umeng.com
+	- im.umeng.com
+	- message.umeng.com
+	- push.umeng.com
+	- track.umeng.com
+	- ubdc2016.umeng.com
+
+	Refused:
+	- huodong.umeng.com
+-->
+
+<ruleset name="umeng (partial)" default_off="failed ruleset test">
+	<target host="umeng.com" />
+	<target host="beta.umeng.com" />
+	<target host="dev.umeng.com" />
+	<target host="dplus.umeng.com" />
+	<target host="i.umeng.com" />
+	<target host="index.umeng.com" />
+	<target host="mobile.umeng.com" />
+	<target host="s.umeng.com" />
+	<target host="salon.umeng.com" />
+	<target host="static.umeng.com" />
+	<target host="wsq.umeng.com" />
+	<target host="api.wsq.umeng.com" />
+	<target host="www.umeng.com" />
+
+	<!--mixed content:-->
+	<exclusion pattern="^http://salon\.umeng\.com/(detail_\d+\.html)?$" />
+		<test url="http://salon.umeng.com/" />
+		<test url="http://salon.umeng.com/detail_31.html" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/umftgm.ro.xml b/src/chrome/content/rules/umftgm.ro.xml
new file mode 100644
index 000000000000..70410e8f5032
--- /dev/null
+++ b/src/chrome/content/rules/umftgm.ro.xml
@@ -0,0 +1,30 @@
+<!--
+umftgm.ro different content
+70.umftgm.ro different content
+blog.umftgm.ro different content
+ccamf.umftgm.ro different content
+fise.umftgm.ro different content
+librarie.umftgm.ro different content
+phd.umftgm.ro different content
+roelme.umftgm.ro ³
+simulationconference.umftgm.ro different content
+zilele.umftgm.ro different content
+
+
+³ timed out
+-->
+<ruleset name="umftgm.ro">
+	<target host="umftgm.ro" />
+	<target host="www.umftgm.ro" />
+	<target host="admission.umftgm.ro" />
+	<target host="admitere.umftgm.ro" />
+	<target host="cazare.umftgm.ro" />
+	<target host="quantis.umftgm.ro" />
+	<target host="ums.umftgm.ro" />
+	<target host="webmail.umftgm.ro" />
+
+	<rule from="^http://umftgm\.ro/"
+		to="https://www.umftgm.ro/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/umgum.com.xml b/src/chrome/content/rules/umgum.com.xml
new file mode 100644
index 000000000000..bc150dfa1712
--- /dev/null
+++ b/src/chrome/content/rules/umgum.com.xml
@@ -0,0 +1,19 @@
+<!--
+	Invalid certificate:
+		mx.umgum.com
+		ns.umgum.com
+
+	Refused:
+		ns2.umgum.com
+		static.umgum.com
+-->
+<ruleset name="umgum.com">
+	<target host="umgum.com" />
+	<target host="www.umgum.com" />
+	<target host="dir.umgum.com" />
+	<target host="mail.umgum.com" />
+	<target host="map.umgum.com" />
+	<target host="pma.umgum.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/umontpellier.fr.xml b/src/chrome/content/rules/umontpellier.fr.xml
new file mode 100644
index 000000000000..7ada006cfa15
--- /dev/null
+++ b/src/chrome/content/rules/umontpellier.fr.xml
@@ -0,0 +1,40 @@
+<!--
+	Refused:
+		umontpellier.fr
+		www.umontpellier.fr
+		www.fde.umontpellier.fr
+		formations.umontpellier.fr
+		osipe.umontpellier.fr
+
+	No working URL known:
+		app.umontpellier.fr (503)
+		federation.umontpellier.fr (503)
+
+	Redirect to http:
+		edu.umontpellier.fr
+		*.edu.umontpellier.fr
+
+-->
+<ruleset name="Université de Montpellier">
+
+	<target host="assoetud.umontpellier.fr" />
+	<target host="campec.umontpellier.fr" />
+	<target host="cas.umontpellier.fr" />
+	<target host="collections.umontpellier.fr" />
+	<target host="cs.umontpellier.fr" />
+	<target host="ebureau.umontpellier.fr" />
+	<target host="ent.umontpellier.fr" />
+	<target host="marchefo.umontpellier.fr" />
+	<target host="mmdn.umontpellier.fr" />
+	<target host="moodle.umontpellier.fr" />
+	<target host="www.moodle.umontpellier.fr" />
+	<target host="orec.umontpellier.fr" />
+	<target host="peluche.umontpellier.fr" />
+	<target host="questionnaire.umontpellier.fr" />
+	<target host="vacens.umontpellier.fr" />
+	<target host="video.umontpellier.fr" />
+	<target host="wifi.umontpellier.fr" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/unbubble.eu.xml b/src/chrome/content/rules/unbubble.eu.xml
new file mode 100644
index 000000000000..eeaf661c3c8c
--- /dev/null
+++ b/src/chrome/content/rules/unbubble.eu.xml
@@ -0,0 +1,11 @@
+<!--
+	Mismatch:
+		- derefer.unbubble.eu
+-->
+<ruleset name="unbubble.eu">
+	<target host="unbubble.eu" />
+	<target host="www.unbubble.eu" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/undraw.co.xml b/src/chrome/content/rules/undraw.co.xml
new file mode 100644
index 000000000000..7d0c8137537b
--- /dev/null
+++ b/src/chrome/content/rules/undraw.co.xml
@@ -0,0 +1,8 @@
+<ruleset name="Undraw.co">
+	<target host="undraw.co" />
+	<target host="evie.undraw.co" />
+	<target host="halloween.undraw.co" />
+
+	<securecookie host=".+" name=".+" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/unet.by.xml b/src/chrome/content/rules/unet.by.xml
new file mode 100644
index 000000000000..ce375a1eeab5
--- /dev/null
+++ b/src/chrome/content/rules/unet.by.xml
@@ -0,0 +1,48 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://pro.unet.by/ => https://pro.unet.by/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://testmy.unet.by/ => https://testmy.unet.by/: (60, 'SSL certificate problem: certificate has expired')
+
+ci.unet.by ⁵
+clip2net.unet.by ²
+dns0.unet.by ²
+drweb.unet.by ¹
+es40-42.unet.by ³
+flussonic.unet.by ⁴
+help.unet.by ²
+www.help.unet.by ²
+home.unet.by ¹
+www.home.unet.by ³
+hotspot.unet.by ¹
+www.my.unet.by ¹
+rcam1.unet.by ²
+rcamstorage1.unet.by ²
+speedtest1.unet.by ²
+tdadmin.unet.by ³
+testadmin.unet.by ⁴
+unet.unet.by ¹
+devmy.unet.by different content
+
+
+¹ mismatch
+² refused
+³ timed out
+⁴ self signed
+⁵ expired
+-->
+<ruleset name="unet.by" default_off="failed ruleset test">
+	<target host="unet.by" />
+	<target host="www.unet.by" />
+	<target host="admin.unet.by" />
+	<target host="box.unet.by" />
+	<target host="cdn.unet.by" />
+	<target host="dev.unet.by" />
+	<target host="hsadmin.unet.by" />
+	<target host="my.unet.by" />
+	<target host="pro.unet.by" />
+	<target host="support.unet.by" />
+	<target host="testmy.unet.by" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/uni-mannheim.de.xml b/src/chrome/content/rules/uni-mannheim.de.xml
new file mode 100644
index 000000000000..bd0a71d1e5a2
--- /dev/null
+++ b/src/chrome/content/rules/uni-mannheim.de.xml
@@ -0,0 +1,42 @@
+<ruleset name="Universität Mannheim (partial)">
+
+	<!-- *uni-mannheim.de -->
+	<target host="www.uni-mannheim.de"/>
+	<target host="www2.uni-mannheim.de"/>
+	<target host="staff.webmail.uni-mannheim.de"/>
+	<target host="students.webmail.uni-mannheim.de"/>
+	<target host="staffmail.uni-mannheim.de"/>
+	<target host="webmail.verwaltung.uni-mannheim.de"/>
+	<target host="mailman.uni-mannheim.de"/>
+	<target host="portal.uni-mannheim.de"/>
+	<target host="portal2.uni-mannheim.de"/>
+	<target host="cas.uni-mannheim.de"/>
+	<target host="admdx.uni-mannheim.de"/>
+	<target host="passwort.uni-mannheim.de"/>
+	<target host="vpn.uni-mannheim.de"/>
+	<target host="fim.uni-mannheim.de"/>
+	<target host="gess.uni-mannheim.de"/>
+	<target host="dsh.uni-mannheim.de"/>
+	<target host="mafat.uni-mannheim.de"/>
+	<target host="deltapruefung.uni-mannheim.de"/>
+	<target host="onlinebewerbung.uni-mannheim.de"/>
+	<target host="bewerbung.uni-mannheim.de"/>
+	<target host="www.career.uni-mannheim.de"/>
+	<target host="www.campusshop.uni-mannheim.de"/>
+	<target host="www.studiumgenerale.uni-mannheim.de"/>
+	<target host="bib.uni-mannheim.de"/>
+	<target host="www.bib.uni-mannheim.de"/>
+	<target host="ub-madoc.bib.uni-mannheim.de"/>
+	<target host="digi.bib.uni-mannheim.de"/>
+	<target host="www.vwl.uni-mannheim.de"/>
+	<target host="www.bwl.uni-mannheim.de"/>
+	<target host="homburg.bwl.uni-mannheim.de"/>
+	<target host="www.hdz.uni-mannheim.de"/>
+	<target host="www.mzes.uni-mannheim.de"/>
+	<target host="www.wim.uni-mannheim.de"/>
+	<target host="www.jdm.uni-mannheim.de"/>
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/uni-ulm.de.xml b/src/chrome/content/rules/uni-ulm.de.xml
new file mode 100644
index 000000000000..f64270b8b1bd
--- /dev/null
+++ b/src/chrome/content/rules/uni-ulm.de.xml
@@ -0,0 +1,62 @@
+<!--
+	Ulm University
+
+
+	Nonfunctional hosts in *uni-ulm.de:
+
+		- www.akademie ᵃ
+		- www.biologie ʳ
+		- campuswelle ʳ
+		- dbis.eprints ᵃ
+		- ftp ʳ
+		- ki2004 ʳ
+		- www.mathematik ʳ
+		- fakultaet.medizin ʳ
+		- sysbio ⁴
+		- vts ᵈ
+
+	⁴ 404
+	ᵃ Shows another domain
+	ᵈ Dropped
+	ʳ Refused
+
+
+	^uni-ulm.de: Refused
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.informatik.uni-ulm.de
+		- sport.uni-ulm.de
+
+-->
+<ruleset name="Uni-Ulm.de (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.informatik.uni-ulm.de" />
+	<target host="nt.uni-ulm.de" />
+	<target host="sogo.uni-ulm.de" />
+	<target host="sport.uni-ulm.de" />
+	<target host="www.uni-ulm.de" />
+
+	<!--	Complications:
+				-->
+	<target host="uni-ulm.de" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.informatik\.uni-ulm\.de$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^sport\.uni-ulm\.de$" name="^fe_typo_user$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://uni-ulm\.de/"
+		to="https://www.uni-ulm.de/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/unian.net.xml b/src/chrome/content/rules/unian.net.xml
new file mode 100644
index 000000000000..d7ed28330e30
--- /dev/null
+++ b/src/chrome/content/rules/unian.net.xml
@@ -0,0 +1,47 @@
+<!--
+monitoring.unian.info ³
+photo.unian.net ³
+monitoring.unian.net ³
+pogoda.unian.ua different content
+support.unian.ua different content
+
+
+³ timed out
+-->
+<ruleset name="UNIAN" platform="mixedcontent">
+	<target host="unian.info" />
+	<target host="www.unian.info" />
+	<target host="economics.unian.info" />
+	<target host="kiev.unian.info" />
+	<target host="unian.net" />
+	<target host="www.unian.net" />
+	<target host="consumers.unian.net" />
+	<target host="culture.unian.net" />
+	<target host="ecology.unian.net" />
+	<target host="economics.unian.net" />
+	<target host="health.unian.net" />
+	<target host="images.unian.net" />
+	<target host="kiev.unian.net" />
+	<target host="pogoda.unian.net" />
+	<target host="press.unian.net" />
+	<target host="religions.unian.net" />
+	<target host="social.unian.net" />
+	<target host="sport.unian.net" />
+	<target host="yearago.unian.net" />
+	<target host="unian.ua" />
+	<target host="www.unian.ua" />
+	<target host="army.unian.ua" />
+	<target host="consumers.unian.ua" />
+	<target host="ecology.unian.ua" />
+	<target host="economics.unian.ua" />
+	<target host="grechkometr.unian.ua" />
+	<target host="health.unian.ua" />
+	<target host="kiev.unian.ua" />
+	<target host="press.unian.ua" />
+	<target host="religions.unian.ua" />
+	<target host="sport.unian.ua" />
+	<target host="ternopil.unian.ua" />
+	<target host="vinnica.unian.ua" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/unichange.me.xml b/src/chrome/content/rules/unichange.me.xml
new file mode 100644
index 000000000000..4d77066e5d5b
--- /dev/null
+++ b/src/chrome/content/rules/unichange.me.xml
@@ -0,0 +1,15 @@
+<!--
+blog.unichange.me ⁷
+tracking.unichange.me ¹
+
+
+¹ mismatch
+⁷ protocol error
+-->
+<ruleset name="unichange.me">
+	<target host="unichange.me" />
+	<target host="www.unichange.me" />
+	<target host="support.unichange.me" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/unicode.org.xml b/src/chrome/content/rules/unicode.org.xml
new file mode 100644
index 000000000000..3a398068de16
--- /dev/null
+++ b/src/chrome/content/rules/unicode.org.xml
@@ -0,0 +1,24 @@
+<!-- Non-working hosts
+		Redirect to HTTP:
+			cldr-build.unicode.org
+
+		Secure Connection Failed:
+			cldr.unicode.org
+			blog.unicode.org
+			uli.unicode.org
+
+		Mismatch:
+		ftp.unicode.org
+-->
+
+<ruleset name="unicode.org">
+
+	<target host="unicode.org" />
+	<target host="www.unicode.org" />
+	<target host="cldr-smoke.unicode.org" />
+	<target host="st.unicode.org" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/unimatrix.si.xml b/src/chrome/content/rules/unimatrix.si.xml
new file mode 100644
index 000000000000..91d06050e738
--- /dev/null
+++ b/src/chrome/content/rules/unimatrix.si.xml
@@ -0,0 +1,68 @@
+<!--
+	For rules covering resources which do not secure
+	mixed content, see unimatrix.si-resources.xml.
+
+
+	(www.)?unimatrix.si: Shows cpanel01.unimatrix.si
+
+
+	These altnames do not exist:
+
+		- www.advertisment.unimatrix.si
+		- www.cpanel01.unimatrix.si
+
+-->
+<ruleset name="Unimatrix.si (partial)">
+
+	<target host="advertisment.unimatrix.si" />
+	<target host="cpanel01.unimatrix.si" />
+	<target host="hosting.unimatrix.si" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://hosting\.unimatrix\.si/(?:announcements|downloads|index|knowledgebase)\.php" /-->
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="^http://hosting\.unimatrix\.si/(?!/*(?:assets/|(?:cart|cart|clientarea|contact|domainchecker|pwreset|serverstatus|supporttickets)\.php|templates/))" /-->
+		<!--
+			Reduce non-Tor distinguishability:
+								-->
+		<exclusion pattern="^http://hosting\.unimatrix\.si/(?!/*(?:cart|cart|clientarea|contact|domainchecker|pwreset|serverstatus|supporttickets)\.php)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://hosting.unimatrix.si/announcements.php" />
+			<test url="http://hosting.unimatrix.si/default.asp" />
+			<test url="http://hosting.unimatrix.si/default.aspx" />
+			<test url="http://hosting.unimatrix.si/downloads.php" />
+			<test url="http://hosting.unimatrix.si/favicon.ico" />
+			<test url="http://hosting.unimatrix.si/index.htm" />
+			<test url="http://hosting.unimatrix.si/index.html" />
+			<test url="http://hosting.unimatrix.si/index.php" />
+			<test url="http://hosting.unimatrix.si/knowledgebase.php" />
+
+			<!--	-ve:
+					-->
+			<!--
+			<test url="http://hosting.unimatrix.si/assets/css/font-awesome.min.css" />
+			-->
+			<test url="http://hosting.unimatrix.si/cart.php?a=view" />
+			<test url="http://hosting.unimatrix.si/clientarea.php" />
+			<test url="http://hosting.unimatrix.si/contact.php" />
+			<test url="http://hosting.unimatrix.si/domainchecker.php" />
+			<test url="http://hosting.unimatrix.si/pwreset.php" />
+			<test url="http://hosting.unimatrix.si/serverstatus.php" />
+			<test url="http://hosting.unimatrix.si/supporttickets.php" />
+			<!--
+			<test url="http://hosting.unimatrix.si/templates/six/css/custom.css" />
+			-->
+
+
+	<securecookie host="^(?!hosting\.)\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/uninic.ru.xml b/src/chrome/content/rules/uninic.ru.xml
new file mode 100644
index 000000000000..64f945b9e98c
--- /dev/null
+++ b/src/chrome/content/rules/uninic.ru.xml
@@ -0,0 +1,16 @@
+<!--
+ex1.uninic.ru ²
+ex2.uninic.ru ²
+vo.uninic.ru ⁴
+
+
+² refused
+⁴ self signed
+-->
+<ruleset name="uninic.ru">
+	<target host="uninic.ru" />
+	<target host="www.uninic.ru" />
+	<target host="mail.uninic.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/uniongang.net.xml b/src/chrome/content/rules/uniongang.net.xml
new file mode 100644
index 000000000000..1b8b8ae86d14
--- /dev/null
+++ b/src/chrome/content/rules/uniongang.net.xml
@@ -0,0 +1,6 @@
+<ruleset name="uniongang.net">
+	<target host="uniongang.net" />
+	<target host="www.uniongang.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/uniongang.tv.xml b/src/chrome/content/rules/uniongang.tv.xml
new file mode 100644
index 000000000000..8944d1be4d71
--- /dev/null
+++ b/src/chrome/content/rules/uniongang.tv.xml
@@ -0,0 +1,13 @@
+<!--
+mail.uniongang.tv ⁴
+uniongang.tv mixed content
+www.uniongang.tv mixed content
+
+
+⁴ self signed
+-->
+<ruleset name="uniongang.tv (partial)" platform="mixedcontent">
+	<target host="forum.uniongang.tv" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/unionlearn.org.uk.xml b/src/chrome/content/rules/unionlearn.org.uk.xml
new file mode 100644
index 000000000000..651441c0f2c9
--- /dev/null
+++ b/src/chrome/content/rules/unionlearn.org.uk.xml
@@ -0,0 +1,14 @@
+<ruleset name="Unionlearn.org.uk">
+
+	<target host="unionlearn.org.uk" />
+	<target host="www.unionlearn.org.uk" />
+
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/unionreps.org.uk.xml b/src/chrome/content/rules/unionreps.org.uk.xml
new file mode 100644
index 000000000000..4e90fd2e5e4a
--- /dev/null
+++ b/src/chrome/content/rules/unionreps.org.uk.xml
@@ -0,0 +1,13 @@
+<ruleset name="Union Reps.org.uk">
+
+	<target host="unionreps.org.uk" />
+	<target host="www.unionreps.org.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/unit4.com-resources.xml b/src/chrome/content/rules/unit4.com-resources.xml
new file mode 100644
index 000000000000..d7d068fbc5c5
--- /dev/null
+++ b/src/chrome/content/rules/unit4.com-resources.xml
@@ -0,0 +1,38 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://info.unit4.com/css/SocialShare.css (200) => https://na-ab12.marketo.com/css/SocialShare.css (403)
+Non-2xx HTTP code: http://info.unit4.com/rs/900-SZD-631/images/unit4-screen.css (200) => https://na-ab12.marketo.com/rs/900-SZD-631/images/unit4-screen.css (403)
+
+	For rules covering more than resources, see unit4.com.xml.
+
+	Note: platform is so as not to increase non-Tor
+	distinguishability, given that no pages are covered
+	and no mixed content secured.
+
+-->
+<ruleset name="Unit4.com (resources)" platform="mixedcontent" default_off="failed ruleset test">
+
+	<!--	Complications:
+				-->
+	<target host="info.unit4.com" />
+
+		<exclusion pattern="^http://info\.unit4\.com/(?!/*(?:cs|image|r)s/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://info.unit4.com/Kunskapsdagen.html" />
+			<test url="http://info.unit4.com/NA-CL-WB-Non-Profit-ERP-Webinar_LP.html" />
+			<test url="http://info.unit4.com/NL-CF-AP-ES-ERP-marktvergelijking_LP.html" />
+			<test url="http://info.unit4.com/NL-CL-AP-IDC-Financial-Impact-of-ERP-architecture_LP.html" />
+
+			<!--	-ve:
+					-->
+			<test url="http://info.unit4.com/css/SocialShare.css" />
+			<test url="http://info.unit4.com/rs/900-SZD-631/images/unit4-screen.css" />
+
+
+	<rule from="^http://info\.unit4\.com/"
+		to="https://na-ab12.marketo.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/unit4.com.xml b/src/chrome/content/rules/unit4.com.xml
new file mode 100644
index 000000000000..b97bf2ac11b4
--- /dev/null
+++ b/src/chrome/content/rules/unit4.com.xml
@@ -0,0 +1,180 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://info.unit4.com/rs/900-SZD-631/images/Justify_Your_Attendance_Letter.docx (200) => https://na-ab12.marketo.com/rs/900-SZD-631/images/Justify_Your_Attendance_Letter.docx (403)
+Non-2xx HTTP code: http://info.unit4.com/rs/900-SZD-631/images/U4-U4BW-WHO-CS-Veris-Construction.pdf (200) => https://na-ab12.marketo.com/rs/900-SZD-631/images/U4-U4BW-WHO-CS-Veris-Construction.pdf (403)
+
+	For rules covering resources which do not secure
+	mixed content, see unit4.com-resources.xml.
+
+
+	Nonfunctional hosts in *unit4.com:
+
+		- ^ ʳ
+		- info ᵃ
+		- nieuwsbrief ᶠ
+		- www ʰ
+
+	ᵃ Marketo / shows another domain
+	ᶠ Handshake fails
+	ʰ Redirects to http
+	ʳ Refused
+
+
+	Problematic hosts in *unit4.com:
+
+		- downloadcoda ᶜ
+		- pub.nieuwsbrief ᵐ
+		- u4 ᵐ
+
+	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- careers.unit4.com
+		- downloadcoda.unit4.com
+		- my.unit4.com
+		- public.unit4.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Unit4.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="ap.unit4.com" />
+	<target host="careers.unit4.com" />
+	<target host="digipoort.unit4.com" />
+	<!--target host="downloadcoda.unit4.com" /-->
+	<target host="my.unit4.com" />
+	<target host="partners.unit4.com" />
+	<target host="public.unit4.com" />
+	<target host="selfservice.unit4.com" />
+	<target host="supportcoda.unit4.com" />
+	<target host="xnet.unit4.com" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.unit4\.com/(?:$|partners$|support-your-way$)" /-->
+
+			<!--	+ve:
+					-->
+			<!--test url="http://www.unit4.com/partners" /-->
+			<!--test url="http://www.unit4.com/support-your-way" /-->
+
+	<!--	Complications:
+				-->
+	<target host="info.unit4.com" />
+	<target host="pub.nieuwsbrief.unit4.com" />
+	<!--target host="u4.unit4.com" /-->
+
+		<!--exclusion pattern="^http://info\.unit4\.com/(?!/*(?:cs|image|r)s/)" /-->
+		<!--
+			Reduce non-Tor distinguishability:
+								-->
+		<exclusion pattern="^http://info\.unit4\.com/(?!/*rs/.+\.(?:docx?|pdf)(?:$|\?))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://info.unit4.com/Kunskapsdagen.html" />
+			<test url="http://info.unit4.com/NA-CL-WB-Non-Profit-ERP-Webinar_LP.html" />
+			<test url="http://info.unit4.com/NL-CF-AP-ES-ERP-marktvergelijking_LP.html" />
+			<test url="http://info.unit4.com/NL-CL-AP-IDC-Financial-Impact-of-ERP-architecture_LP.html" />
+			<test url="http://info.unit4.com/NL-CL-WP-Juiste-fulfilment-strategie-essentieel-voor-groothandel_LP.html" />
+			<test url="http://info.unit4.com/NL-CL-WP-Vergeten-vragen-bij-ERP-selectie_LP.html" />
+			<test url="http://info.unit4.com/Sjekkliste.html" />
+			<!--
+			<test url="http://info.unit4.com/U4-WB-20160510-CFOWebinarwithRayLeclercq_LP-On-Demand.html?online_lead_source=Blog" />
+			<test url="http://info.unit4.com/U4D-CL-AR-IG-4-Steps-To-Become-A-Business-Partner_LP.html" />
+			<test url="http://info.unit4.com/U4D-CL-WP-CON-12-Changes-That-Determine-The-Future-For-The-Financial-Controller_LP.html?online_lead_source=Blog" />
+			<test url="http://info.unit4.com/U4D-CL-WP-EDU-7-Roadblocks-To-Boosting-Student-Success_LP.html" />
+			<test url="http://info.unit4.com/U4D-CL-WP-PRO-12-Methods-to-Overcome-Scoop-Creep-On-Projects_LP.html?online_lead_source=blog-local" />
+			<test url="http://info.unit4.com/U4D-CL-WP-Self-driving-Experience_LP.html" />
+			<test url="http://info.unit4.com/higher-education-future_LP.html" />
+			-->
+
+			<!--	-ve:
+					-->
+			<!--
+			<test url="http://info.unit4.com/css/SocialShare.css" />
+			-->
+			<test url="http://info.unit4.com/rs/900-SZD-631/images/Justify_Your_Attendance_Letter.docx" />
+			<test url="http://info.unit4.com/rs/900-SZD-631/images/U4-U4BW-WHO-CS-Veris-Construction.pdf" />
+			<!--
+			<test url="http://info.unit4.com/rs/900-SZD-631/images/unit4-screen.css" />
+			-->
+
+		<exclusion pattern="^http://pub\.nieuwsbrief\.unit4\.com/(?!/*r/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://pub.nieuwsbrief.unit4.com/default.aspx" />
+			<test url="http://pub.nieuwsbrief.unit4.com/index.html" />
+
+			<!--	-ve:
+					-->
+			<test url="http://pub.nieuwsbrief.unit4.com/r/+fks8D1lthyJS95wNWzRdg/83JTe2CLCJ_4bfXCK7gpxQ/tbMNVJieuQQ0V6KarRplag" />
+			<test url="http://pub.nieuwsbrief.unit4.com/r/0E1fBlB6V0CGEZPIf1tSYA/2wrlDaaazTAPR0kKAVhMug/9HAyjiC7dkaG6wHMuJlxcQ" />
+			<!--
+			<test url="http://pub.nieuwsbrief.unit4.com/r/0e7uwP7SQOBMzIZFtEU8TA/IfZPvfoZtE_IkaRz5sorNQ/PzQ2ZMtxw6rNa6gVtkvSGA" />
+			<test url="http://pub.nieuwsbrief.unit4.com/r/1c8cltuFtYWx3hWVbjVdFQ/iDGEcKOYtRCza5UEwhEPfA/iRMLwYBNoenB64ej_Wa1Yw" />
+			<test url="http://pub.nieuwsbrief.unit4.com/r/4MNoDPNQ+8bwODhu+hX9kA/Sq_Kmgu_jywwcpYM7aa+Uw/iYiymlBRiXdC3TW9oMNK1Q" />
+			<test url="http://pub.nieuwsbrief.unit4.com/r/4vmQKXsPAloT9PiwSOq2NQ/xl0CzGs0g_6mn64jNoZ3OA/84nmCkmPbiE6yDiEX1F0OQ" />
+			<test url="http://pub.nieuwsbrief.unit4.com/r/5DyEswFFCLK10KJjZ7lXew/DhmbiakfysJQJD2R_mr69g/j2gb8MNoZCQ0cARVwo_v2Q" />
+			<test url="http://pub.nieuwsbrief.unit4.com/r/7+gnr2HymlzBCAD4rrMqkA/IfZPvfoZtE_IkaRz5sorNQ/PzQ2ZMtxw6rNa6gVtkvSGA" />
+			<test url="http://pub.nieuwsbrief.unit4.com/r/I4rDeqWRwOfVJkNuiQQZuw/-/-" />
+			<test url="http://pub.nieuwsbrief.unit4.com/r/Ka7ydlwdxM_5j+MtCVR6YA/jVAsG990BNHy3UB6eDt+0A/W4g2pmGFkDTj9fzVC5IGKw" />
+			<test url="http://pub.nieuwsbrief.unit4.com/r/Q2Z0DKY2MVJucxJBN_QsFw/g2NJMzjB2j3F9NipoeZYDg/qHL+3EmAl5oZL_ncbPsjcg" />
+			<test url="http://pub.nieuwsbrief.unit4.com/r/TaNFIYl6_ODauFKYWjnVrQ/IKjF0JLx4RWsoy6luc8z2w/TJkmnkKCsUkTaTWRNl3usA" />
+			<test url="http://pub.nieuwsbrief.unit4.com/r/VFim7tW82yZAr3p++ImP4A/utLsX0HnHDpfKDVPxMVVJQ/qHL+3EmAl5oZL_ncbPsjcg" />
+			<test url="http://pub.nieuwsbrief.unit4.com/r/_cAF0WoHCoa3adqbytBLeg/jQGMlsm9IxGPnqBXXp7BvA/nB9RuhVu9HfbUnI+5hfy3Q" />
+			<test url="http://pub.nieuwsbrief.unit4.com/r/h4YmPDDLwBRLTVV__TDuFw/GVormn3mycy4Oz8238m2Zw/Uah0obB4teL5YvJdmwYy4w" />
+			<test url="http://pub.nieuwsbrief.unit4.com/r/jgM1LMk4kiNVHMUmmLO19Q/-/-" />
+			<test url="http://pub.nieuwsbrief.unit4.com/r/lpIBkAjS8SIvJJTcV5wN5g/oPgdd+ICkAoTPun3FbtqzQ/aWLNMu2OSFq8Iil3MJGoXg" />
+			<test url="http://pub.nieuwsbrief.unit4.com/r/wrwlcF7NNs1rpy0Hj6vqCA/oPgdd+ICkAoTPun3FbtqzQ/aWLNMu2OSFq8Iil3MJGoXg" />
+			<test url="http://pub.nieuwsbrief.unit4.com/r/yzqNat_WhHeNRcMxhM+uXQ/oPgdd+ICkAoTPun3FbtqzQ/aWLNMu2OSFq8Iil3MJGoXg" />
+			-->
+
+		<!--exclusion pattern="^http://u4\.unit4\.com/(?!/*acton/)" /-->
+
+			<!--	+ve:
+					-->
+			<!--
+			<test url="http://u4.unit4.com/default.aspx" />
+			<test url="http://u4.unit4.com/index.htm" />
+			-->
+
+			<!--	-ve:
+					-->
+			<!--
+			<test url="http://u4.unit4.com/acton/media/5506/cfo-strategic-empowerment-series-part-1" />
+			-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^careers\.unit4\.com$" name="^(?:XSRF-TOKEN|laravel_session)$" /-->
+	<!--securecookie host="^downloadcoda\.unit4\.com$" name="^PLAY_(?:ERRORS|FLASH|SESSION)$" /-->
+	<!--securecookie host="^my\.unit4\.com$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^public\.unit4\.com$" name="^(?:ASP\.NET_SessionId|ASPSESSIONID[A-Z]{8}|HATServerCookie|uniquesig[\dA-F]+)$" /-->
+
+	<securecookie host="^\." name="^_ga" />
+	<securecookie host="^(?!info\.|pub\.nieuwsbrief\.)\w" name=".+" />
+
+
+	<rule from="^http://info\.unit4\.com/"
+		to="https://na-ab12.marketo.com/" />
+
+	<rule from="^http://pub\.nieuwsbrief\.unit4\.com/"
+		to="https://mailing.finalist.nl/" />
+
+	<!--rule from="^http://u4\.unit4\.com/"
+		to="https://unit4.actonsoftware.com/" /-->
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/universalcoin.com.xml b/src/chrome/content/rules/universalcoin.com.xml
new file mode 100644
index 000000000000..9a2cb0354b18
--- /dev/null
+++ b/src/chrome/content/rules/universalcoin.com.xml
@@ -0,0 +1,38 @@
+<!--
+	^universalcoin.com: Mismatched
+
+
+	Insecure cookies are set for these domains: ᶜ
+
+		- .www.universalcoin.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Universal Coin.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.universalcoin.com" />
+
+	<!--	Complications:
+				-->
+	<target host="universalcoin.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.www\.universalcoin\.com$" name="^(?:currency|language)$" /-->
+
+	<securecookie host="^\." name="^_(?:_qca$|gat?$|gat_)" />
+	<securecookie host="^\w" name=".+" />
+	<securecookie host="^\.www\." name=".+" />
+
+
+	<rule from="^http://universalcoin\.com/"
+		to="https://www.universalcoin.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/unlocator.com.xml b/src/chrome/content/rules/unlocator.com.xml
new file mode 100644
index 000000000000..f84b551d290c
--- /dev/null
+++ b/src/chrome/content/rules/unlocator.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="unlocator.com">
+	<target host="unlocator.com" />
+	<target host="www.unlocator.com" />
+	<target host="support.unlocator.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/unruly.co.xml b/src/chrome/content/rules/unruly.co.xml
new file mode 100644
index 000000000000..a1f46b126f04
--- /dev/null
+++ b/src/chrome/content/rules/unruly.co.xml
@@ -0,0 +1,82 @@
+<!--
+	Other Unruly Group rulesets:
+
+		- unrulymedia.com.xml
+
+
+	Problematic hosts in *unruly.co:
+
+		- go ᵐ
+		- tech ᵐ
+
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- unruly.co
+		- partnerportal.unruly.co
+		- www.unruly.co
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Bug from c.statcounter.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Unruly.co (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="unruly.co" />
+	<target host="partnerportal.unruly.co" />
+	<target host="www.unruly.co" />
+
+	<!--	Complications:
+				-->
+	<target host="go.unruly.co" />
+
+		<exclusion pattern="^http://go\.unruly\.co/(?!/*(?:$|\?|[el]/))" />
+
+			<test url="http://go.unruly.co/2016-trends" />
+			<test url="http://go.unruly.co/FacebookVVC" />
+			<test url="http://go.unruly.co/TwitterVideoChart" />
+			<test url="http://go.unruly.co/fovadownload" />
+			<test url="http://go.unruly.co/nc-blog-social" />
+			<test url="http://go.unruly.co/nc-social" />
+			<test url="http://go.unruly.co/pp-about-unrulyx" />
+			<test url="http://go.unruly.co/pp-contact" />
+			<test url="http://go.unruly.co/vertical" />
+			<test url="http://go.unruly.co/webhero10" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="(?:partnerportal\.|www\.)?unruly\.co$" name="^(?:X-Mapping-|wordpress_google_apps_login)$" /-->
+
+	<securecookie host="^\." name="_ga(?:t?$|t_)" />
+	<securecookie host="^(?!go\.)\w" name=".+" />
+
+
+	<rule from="^http://go\.unruly\.co/+(?:\?.*)?$"
+		to="https://unruly.co/" />
+
+		<test url="http://go.unruly.co/?" />
+
+	<rule from="^http://go\.unruly\.co/"
+		to="https://go.pardot.com/" />
+
+		<test url="http://go.unruly.co/l/50182/2014-11-11/rtxy" />
+		<test url="http://go.unruly.co/l/50182/2015-08-17/3wmwmr/50182/63492/submit_button.png" />
+		<test url="http://go.unruly.co/l/50182/2015-12-09/57f3t2/50182/82583/SB_template_v1.png" />
+		<test url="http://go.unruly.co/l/50182/2015-12-09/57r24x" />
+		<test url="http://go.unruly.co/l/50182/2016-04-28/66l55p" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/unrulymedia.com-resources.xml b/src/chrome/content/rules/unrulymedia.com-resources.xml
new file mode 100644
index 000000000000..483f252b41c0
--- /dev/null
+++ b/src/chrome/content/rules/unrulymedia.com-resources.xml
@@ -0,0 +1,40 @@
+<!--
+	For rules covering more than resources, see unrulymedia.com.xml.
+
+	Note: platform is so as not to increase non-Tor
+	distinguishability, given that no pages are covered
+	and no mixed content secured.
+
+-->
+<ruleset name="Unrulymedia.com (resources)" platform="mixedcontent">
+
+	<target host="console.unrulymedia.com" />
+
+		<!--exclusion pattern="^http://console\.unrulymedia\.com/(?:$|login$|misc/settings/showResetPassword$)" /-->
+		<!--
+			Avoid potential XHR problems:
+							-->
+		<!--exclusion pattern="^http://console\.unrulymedia\.com/.+\.js(?:$|\?)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://console\.unrulymedia\.com/(?!/*resource/(?!.+\.js(?:$|\?)))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://console.unrulymedia.com/resource/js/jquery.colorbox.js" />
+			<test url="http://console.unrulymedia.com/resource/js/jquery.multiselect.filter.js" />
+			<test url="http://console.unrulymedia.com/resource/js/jquery.multiselect.min.js" />
+			<test url="http://console.unrulymedia.com/resource/js/jquery.qtip-1.0.0-rc3.min.js" />
+			<test url="http://console.unrulymedia.com/resource/js/prototype.js" />
+			<test url="http://console.unrulymedia.com/resource/js/select2-2.0.min.js" />
+
+			<!--	-ve:
+					-->
+			<test url="http://console.unrulymedia.com/resource/css/channels.css" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/unrulymedia.com.xml b/src/chrome/content/rules/unrulymedia.com.xml
new file mode 100644
index 000000000000..82c2eb74502a
--- /dev/null
+++ b/src/chrome/content/rules/unrulymedia.com.xml
@@ -0,0 +1,80 @@
+<!--
+	For rules covering resources which do not secure
+	mixed content, see unrulymedia.com-resources.xml.
+
+	For other Unruly Group coverage, see unruly.co.xml.
+
+
+	Partially covered hosts in *unrulymedia.com:
+
+		- console ʰ
+
+	ʰ >= 3 pages redirect to http
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- console.unrulymedia.com
+		- wiki.unrulymedia.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Unrulymedia.com (partial)">
+
+	<target host="cloud-video.unrulymedia.com" />
+	<!--target host="console.unrulymedia.com" /-->
+	<target host="video.unrulymedia.com" />
+	<target host="wiki.unrulymedia.com" />
+
+		<!--exclusion pattern="^http://console\.unrulymedia\.com/(?:$|login$|misc/settings/showResetPassword$)" /-->
+		<!--
+			Avoid potential XHR problems:
+							-->
+		<!--exclusion pattern="^http://console\.unrulymedia\.com/.+\.js(?:$|\?)" /-->
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="^http://console\.unrulymedia\.com/(?!/*resource/(?!.+\.js(?:$|\?)))" /-->
+
+			<!--	+ve:
+					-->
+			<!--
+			<test url="http://console.unrulymedia.com/login" />
+			<test url="http://console.unrulymedia.com/misc/settings/showResetPassword" />
+			<test url="http://console.unrulymedia.com/publisher/video/signup" />
+			<test url="http://console.unrulymedia.com/resource/js/chosen.jquery.js" />
+			<test url="http://console.unrulymedia.com/resource/js/jquery.colorbox.js" />
+			<test url="http://console.unrulymedia.com/resource/js/jquery.multiselect.filter.js" />
+			<test url="http://console.unrulymedia.com/resource/js/jquery.multiselect.min.js" />
+			<test url="http://console.unrulymedia.com/resource/js/jquery.qtip-1.0.0-rc3.min.js" />
+			<test url="http://console.unrulymedia.com/resource/js/prototype.js" />
+			<test url="http://console.unrulymedia.com/resource/js/select2-2.0.min.js" />
+			-->
+
+			<!--	-ve:
+					-->
+			<!--
+			<test url="http://console.unrulymedia.com/resource/css/channels.css" />
+			-->
+
+		<!--	$ shows blank page, so:
+						-->
+		<test url="http://cloud-video.unrulymedia.com/ux-guidelines/latest/styles/unruly-styles.css" />
+
+		<!--	$ 403s, so:
+					-->
+		<test url="http://video.unrulymedia.com/rtbprivacypolicy/index.html" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:console|wiki)\.unrulymedia\.com$" name="^JSESSIONID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/unterstuetzung-die-ankommt.de.xml b/src/chrome/content/rules/unterstuetzung-die-ankommt.de.xml
new file mode 100644
index 000000000000..97800c1191d5
--- /dev/null
+++ b/src/chrome/content/rules/unterstuetzung-die-ankommt.de.xml
@@ -0,0 +1,8 @@
+<ruleset name="unterstuetzung-die-ankommt.de">
+
+	<target host="unterstuetzung-die-ankommt.de" />
+	<target host="www.unterstuetzung-die-ankommt.de" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/unwetteralarm.com.xml b/src/chrome/content/rules/unwetteralarm.com.xml
new file mode 100644
index 000000000000..8f7143947e34
--- /dev/null
+++ b/src/chrome/content/rules/unwetteralarm.com.xml
@@ -0,0 +1,15 @@
+<ruleset name="unwetteralarm.com">
+
+	<target host="unwetteralarm.com" />
+	<target host="www.unwetteralarm.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<!-- Invalid certificate on https://www.unwetteralarm.com/,
+	http://www.unwetteralarm.com/ redirects to http://unwetteralarm.com/ -->
+	<rule from="^http://www\.unwetteralarm\.com/"
+		to="https://unwetteralarm.com/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/unz.com.xml b/src/chrome/content/rules/unz.com.xml
new file mode 100644
index 000000000000..b1a394494ee8
--- /dev/null
+++ b/src/chrome/content/rules/unz.com.xml
@@ -0,0 +1,11 @@
+<!--
+	Mismatched:
+		- email
+-->
+<ruleset name="unz.com">
+	<target host="unz.com" />
+	<target host="www.unz.com" />
+	<target host="ftp.unz.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/up.com.xml b/src/chrome/content/rules/up.com.xml
new file mode 100644
index 000000000000..f786e60be6e3
--- /dev/null
+++ b/src/chrome/content/rules/up.com.xml
@@ -0,0 +1,60 @@
+<!--
+	Union Pacific Railroad Company
+
+	Other Union Pacific Railroad Company rulesets:
+
+		- streamline.com.xml
+		- up.jobs.xml
+		- upds.com.xml
+		- uprr.com.xml
+
+
+	Problematic hosts in *up.com:
+
+		- ^ ʳ
+		- m *
+
+	* gateres($|\?) differs from http
+	ʳ Refused, preemptable redirect
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.up.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="UP.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.up.com" />
+
+	<!--	Complications:
+				-->
+	<target host="up.com" />
+	<target host="m.up.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.up\.com$" name="^IDCCS_SESSIONID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://up\.com/"
+		to="https://www.up.com/" />
+
+	<!--	Redirect drops args:
+					-->
+	<rule from="^http://m\.up\.com/gateres(?:\?.*)?$"
+		to="https://m.up.com/c02/wet-mobile/jas/index?command=gateTrace" />
+
+		<test url="http://m.up.com/gateres" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/up.jobs.xml b/src/chrome/content/rules/up.jobs.xml
new file mode 100644
index 000000000000..1005ddad0464
--- /dev/null
+++ b/src/chrome/content/rules/up.jobs.xml
@@ -0,0 +1,39 @@
+<!--
+	For other Union Pacific Railroad Company coverage, see up.com.xml.
+
+
+	www.up.jobs: refused
+
+
+	Insecure cookies are set for these domains: ᶜ
+
+		- .up.jobs
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="UP.jobs">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="up.jobs" />
+
+	<!--	Complications:
+				-->
+	<target host="www.up.jobs" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.up\.jobs$" name="^wt_up$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://www\.up\.jobs/"
+		to="https://up.jobs/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/upc-cablecom.xml b/src/chrome/content/rules/upc-cablecom.xml
new file mode 100644
index 000000000000..13355ad45183
--- /dev/null
+++ b/src/chrome/content/rules/upc-cablecom.xml
@@ -0,0 +1,76 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://upc-cablecom.ch/ => https://www.upc-cablecom.ch/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.upc-cablecom.ch/ => https://www.upc-cablecom.ch/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://jira.upc-cablecom.ch/ => https://jira.upc-cablecom.ch/: (6, 'Could not resolve host: jira.upc-cablecom.ch')
+Fetch error: http://jobs.upc-cablecom.ch/ => https://jobs.upc-cablecom.ch/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://myupc.upc-cablecom.ch/ => https://myupc.upc-cablecom.ch/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://nws.upc-cablecom.ch/ => https://nws.upc-cablecom.ch/: (6, 'Could not resolve host: nws.upc-cablecom.ch')
+Fetch error: http://order.upc-cablecom.ch/ => https://order.upc-cablecom.ch/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://upc-cablecom.biz/ => https://www.upc-cablecom.biz/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.upc-cablecom.biz/ => https://www.upc-cablecom.biz/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://origin.www.upc-cablecom.ch/ => https://origin.www.upc-cablecom.ch/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://preprod.www.hispeed.ch/ => https://preprod.www.hispeed.ch/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://preprod.fr.hispeed.ch/ => https://preprod.fr.hispeed.ch/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://preprod.it.hispeed.ch/ => https://preprod.it.hispeed.ch/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://preprod.en.hispeed.ch/ => https://preprod.en.hispeed.ch/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://webmail.hispeed.ch/ => https://webmail.hispeed.ch/: (7, 'Failed to connect to webmail.hispeed.ch port 443: Connection refused')
+
+	CDN buckets:
+
+		- www.orion.lgi.com.c.footprint.net
+
+			- static.horizon.tv
+
+		- upc.d2.sc.omtrdc.net
+
+
+	Problematic subdomains:
+
+		- ^	(mismatched, CN: www.chello.com)
+
+
+	Fully covered subdomains:
+
+		- (www.)	(^ → www)
+		- oesp
+		- static
+
+-->
+<ruleset name="UPC Cablecom" default_off="failed ruleset test">
+	<target host="upc-cablecom.ch"/>
+	<target host="www.upc-cablecom.ch"/>
+	<target host="jira.upc-cablecom.ch"/>
+	<target host="jobs.upc-cablecom.ch"/>
+	<target host="myupc.upc-cablecom.ch"/>
+	<target host="nws.upc-cablecom.ch"/>
+	<target host="order.upc-cablecom.ch"/>
+	<target host="support.upc-cablecom.ch"/>
+	<target host="support-en.upc-cablecom.ch"/>
+	<target host="support-fr.upc-cablecom.ch"/>
+	<target host="support-it.upc-cablecom.ch"/>
+	<target host="upc-cablecom.biz"/>
+	<target host="www.upc-cablecom.biz"/>
+	<target host="origin.www.upc-cablecom.ch"/>
+	<target host="preprod.www.hispeed.ch"/>
+	<target host="preprod.fr.hispeed.ch"/>
+	<target host="preprod.it.hispeed.ch"/>
+	<target host="preprod.en.hispeed.ch"/>
+	<target host="registration.hispeed.ch"/>
+	<target host="webmail.hispeed.ch"/>
+	<target host="your.hispeed.ch"/>
+	<target host="horizon.tv"/>
+	<target host="www.horizon.tv"/>
+	<target host="oesp.horizon.tv"/>
+	<target host="static.horizon.tv"/>
+
+	<securecookie host="^\.horizon\.tv$" name=".+" />
+
+	<rule from="^http://upc-cablecom\.ch/"
+		to="https://www.upc-cablecom.ch/"/>
+	<rule from="^http://upc-cablecom\.biz/"
+		to="https://www.upc-cablecom.biz/"/>
+	<rule from="^http:"
+		to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/upds.com.xml b/src/chrome/content/rules/upds.com.xml
new file mode 100644
index 000000000000..fa13719e41eb
--- /dev/null
+++ b/src/chrome/content/rules/upds.com.xml
@@ -0,0 +1,28 @@
+<!--
+	For other Union Pacific Railroad Company coverage, see up.com.xml.
+
+
+	^upds.com: refused
+
+-->
+<ruleset name="UPDS.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.upds.com" />
+
+	<!--	Complications:
+				-->
+	<target host="upds.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://upds\.com/"
+		to="https://www.upds.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/upload.af.xml b/src/chrome/content/rules/upload.af.xml
new file mode 100644
index 000000000000..26e4771a5314
--- /dev/null
+++ b/src/chrome/content/rules/upload.af.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these domains: ᶜ
+
+		- .upload.af
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Upload.af">
+
+	<target host="upload.af" />
+	<target host="www.upload.af" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.upload\.af$" name="^lang$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/uppr.de.xml b/src/chrome/content/rules/uppr.de.xml
new file mode 100644
index 000000000000..45be0b4fc2db
--- /dev/null
+++ b/src/chrome/content/rules/uppr.de.xml
@@ -0,0 +1,43 @@
+<!--
+	Nonfunctional hosts in *uppr.de:
+
+		- login ᵃ
+
+	ᵃ Shows another domain
+
+
+	(www.)?uppr.de: Mismatched, self-signed
+
+
+	These altnames do not exist:
+
+		- www.t.uppr.de
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- t.uppr.de
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="uppr.de (partial)">
+
+	<target host="t.uppr.de" />
+
+		<!--	Sets cookie without Secure:
+							-->
+		<!--test url="http://t.uppr.de/tm_js.aspx?trackid=&amp;mode=&amp;dt_freetext=&amp;dt_subid1=&amp;dt_subid2=&amp;dt_keywords=" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^t\.uppr\.de$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/uprising.org.uk.xml b/src/chrome/content/rules/uprising.org.uk.xml
new file mode 100644
index 000000000000..d82d0c905897
--- /dev/null
+++ b/src/chrome/content/rules/uprising.org.uk.xml
@@ -0,0 +1,43 @@
+<!--
+	Insecure cookies are set for these domains: ᶜ
+
+		- .uprising.org.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- iframes, from:
+
+			- app.clicktools.com ˢ
+			- survey.clicktools.com ˢ
+
+		- css from fonts.googleapis.com ˢ
+		- Images from www.uprising.org.uk ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Uprising.org.uk" platform="mixedcontent">
+
+	<target host="uprising.org.uk" />
+	<target host="www.uprising.org.uk" />
+
+		<!--	Mixed iframes:
+					-->
+		<!--test url="http://uprising.org.uk/apply" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.uprising\.org\.uk$" name="^SESS[\da-f]{32}$" /-->
+
+	<securecookie host="^\." name="^SESS" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/uprr.com.xml b/src/chrome/content/rules/uprr.com.xml
new file mode 100644
index 000000000000..4ffb26dad205
--- /dev/null
+++ b/src/chrome/content/rules/uprr.com.xml
@@ -0,0 +1,122 @@
+<!--
+	For rules causing false/broken MCB, see uprr.com-falsemixed.xml.
+
+	For other Union Pacific Railroad Company coverage, see up.com.xml.
+
+
+	Problematic hosts in *uprr.com:
+
+		- ^ ʳ
+		- v0g.prod-e.web.apps ᵐ
+		- dx01.my ˣ
+
+		- v007.ax2600ab.omdx ᵐ
+		- v015.ax2600ab.omdx ᵐ
+		- v034.ax2600ab.omdx ᵐ
+
+		- v007.ax2600ab.omhq ᵐ
+		- v034.ax2600ab.omhq ᵐ
+		- v084.ax2600ab.omhq ᵐ
+		- streamline ʳ
+
+	ᵐ Mismatched
+	ʳ Refused, preemptable redirect
+	ˣ Mixed css, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+
+	Insecure cookies are set for these domains: ᶜ
+
+		- .uprr.com
+		- suppliers.www.uprr.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css, on:
+
+			- dx01.my from my.uprr.com ˢ
+			- dx01.my from c01.my.uprr.com ˢ
+
+		- Images, on:
+
+			- dx01.my from my.uprr.com ˢ
+			- dx01.my from c01.my.uprr.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="UPrr.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="e.uprr.com" />
+	<target host="my.uprr.com" />
+
+	<target host="c01.my.uprr.com" />
+	<target host="c02.my.uprr.com" />
+	<!--target host="dx01.my.uprr.com" /-->
+
+	<target host="www.streamline.uprr.com" />
+	<target host="www.uprr.com" />
+
+	<target host="employees.www.uprr.com" />
+	<target host="foreignrr.www.uprr.com" />
+	<target host="jobs.www.uprr.com" />
+	<target host="leaves.www.uprr.com" />
+	<target host="retirees.www.uprr.com" />
+	<target host="sapext.www.uprr.com" />
+	<target host="suppliers.www.uprr.com" />
+
+		<!--	Sets cookies without Secure:
+							-->
+		<!--test url="http://suppliers.www.uprr.com/srmt/registration/index.cfm" /-->
+
+	<!--	Complications:
+				-->
+	<target host="uprr.com" />
+	<target host="v0g.prod-e.web.apps.uprr.com" />
+
+	<target host="v007.ax2600ab.omdx.uprr.com" />
+	<target host="v015.ax2600ab.omdx.uprr.com" />
+	<target host="v034.ax2600ab.omdx.uprr.com" />
+
+	<target host="v007.ax2600ab.omhq.uprr.com" />
+	<target host="v034.ax2600ab.omhq.uprr.com" />
+	<target host="v084.ax2600ab.omhq.uprr.com" />
+
+	<target host="streamline.uprr.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.uprr\.com$" name="^(?:SMDOMINODATA|wt_up)$" /-->
+	<!--securecookie host="^suppliers\.www\.uprr\.com$" name="^(?:CFID|CFTOKEN|JSESSIONID|UP_CFCLUSTER)$" /-->
+
+	<securecookie host="^\." name="^wt_up$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://(streamline\.)?uprr\.com/"
+		to="https://www.$1uprr.com/" />
+
+	<rule from="^http://v0g\.prod-e\.web\.apps\.uprr\.com/"
+		to="https://www.up.com/" />
+
+	<rule from="^http://v007\.ax2600ab\.om(?:dx|hq)\.uprr\.com/"
+		to="https://www.upds.com/" />
+
+	<rule from="^http://v015\.ax2600ab\.omdx\.uprr\.com/"
+		to="https://www.unionpacific.jobs/" />
+
+	<rule from="^http://v034\.ax2600ab\.om(?:dx|hq)\.uprr\.com/"
+		to="https://www.unionpacific.jobs/" />
+
+	<rule from="^http://v084\.ax2600ab\.omhq\.uprr\.com/"
+		to="https://www.streamline.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/uptimeinstitute.com.xml b/src/chrome/content/rules/uptimeinstitute.com.xml
new file mode 100644
index 000000000000..1f1c3c15e9cd
--- /dev/null
+++ b/src/chrome/content/rules/uptimeinstitute.com.xml
@@ -0,0 +1,31 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://symposium.uptimeinstitute.com/ => https://symposium.uptimeinstitute.com/: (51, "SSL: no alternative certificate subject name matches target host name 'symposium.uptimeinstitute.com'")
+
+atd.uptimeinstitute.com ¹
+ats.uptimeinstitute.com ¹
+es-forms.uptimeinstitute.com non-2xx http code
+insidetrack.uptimeinstitute.com ⁴
+professionalservices.uptimeinstitute.com ¹
+www.symposium.uptimeinstitute.com ¹
+upload.uptimeinstitute.com ¹
+pt-forms.uptimeinstitute.com different content
+
+
+¹ mismatch
+⁴ self signed
+-->
+<ruleset name="uptimeinstitute.com" default_off="failed ruleset test">
+	<target host="uptimeinstitute.com" />
+	<target host="www.uptimeinstitute.com" />
+	<target host="es.uptimeinstitute.com" />
+	<target host="journal.uptimeinstitute.com" />
+	<target host="pt.uptimeinstitute.com" />
+	<target host="ru.uptimeinstitute.com" />
+	<target host="symposium.uptimeinstitute.com" />
+	<target host="translations.uptimeinstitute.com" />
+	<target host="zh.uptimeinstitute.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/uptobox.com.xml b/src/chrome/content/rules/uptobox.com.xml
new file mode 100644
index 000000000000..803a8005855a
--- /dev/null
+++ b/src/chrome/content/rules/uptobox.com.xml
@@ -0,0 +1,15 @@
+<!--
+	Refused:
+		- support
+
+	Cloudflare error:
+		- status
+-->
+
+<ruleset name="uptobox.com">
+	<target host="uptobox.com"/>
+	<target host="www.uptobox.com"/>
+	<target host="login.uptobox.com"/>
+
+	<rule from="^http:"	to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/uptodown.com.xml b/src/chrome/content/rules/uptodown.com.xml
new file mode 100644
index 000000000000..e4e8a3a7c97c
--- /dev/null
+++ b/src/chrome/content/rules/uptodown.com.xml
@@ -0,0 +1,54 @@
+<!--
+	There are too much subdomains to list them all.
+	(appname).(country).uptodown.com
+	dw\d+.uptodown.com
+	And so on.
+
+	Related:
+		uptodown.net.xml
+		utdstc.com.xml
+
+	Mismatch:
+		*.downloads.uptodown.com
+-->
+
+<ruleset name="uptodown.com">
+	<target host="uptodown.com" />
+		<test url="http://gstatic.uptodown.com/css/v10.86.css" />
+
+	<target host="*.uptodown.com" />
+		<exclusion pattern="^http://\S+\.downloads\.uptodown\.com/" />
+		<test url="http://vlc.downloads.uptodown.com/" />
+		<test url="http://vlc-media-player.downloads.uptodown.com/" />
+
+	<rule from="^http:" to="https:" />
+		<test url="http://ar.uptodown.com/" />
+		<test url="http://br.uptodown.com/" />
+		<test url="http://cn.uptodown.com/" />
+		<test url="http://de.uptodown.com/" />
+		<test url="http://en.uptodown.com/" />
+		<test url="http://fr.uptodown.com/" />
+		<test url="http://id.uptodown.com/" />
+		<test url="http://in.uptodown.com/" />
+		<test url="http://it.uptodown.com/" />
+		<test url="http://jp.uptodown.com/" />
+		<test url="http://kr.uptodown.com/" />
+		<test url="http://ru.uptodown.com/" />
+		<test url="http://th.uptodown.com/" />
+		<test url="http://tr.uptodown.com/" />
+
+		<test url="http://vlc-media-player.ar.uptodown.com/" />
+		<test url="http://vlc-media-player.br.uptodown.com/" />
+		<test url="http://vlc-media-player.cn.uptodown.com/" />
+		<test url="http://vlc-media-player.de.uptodown.com/" />
+		<test url="http://vlc-media-player.en.uptodown.com/" />
+		<test url="http://vlc-media-player.fr.uptodown.com/" />
+		<test url="http://vlc-media-player.id.uptodown.com/" />
+		<test url="http://vlc-media-player.in.uptodown.com/" />
+		<test url="http://vlc-media-player.it.uptodown.com/" />
+		<test url="http://vlc-media-player.jp.uptodown.com/" />
+		<test url="http://vlc-media-player.kr.uptodown.com/" />
+		<test url="http://vlc-media-player.ru.uptodown.com/" />
+		<test url="http://vlc-media-player.th.uptodown.com/" />
+		<test url="http://vlc-media-player.tr.uptodown.com/" />
+</ruleset>
diff --git a/src/chrome/content/rules/uptodown.net.xml b/src/chrome/content/rules/uptodown.net.xml
new file mode 100644
index 000000000000..98c0d05f3ea8
--- /dev/null
+++ b/src/chrome/content/rules/uptodown.net.xml
@@ -0,0 +1,36 @@
+<!--
+	Related:
+		+ uptodown.com.xml
+		+ utdstc.com.xml
+
+	Mismatch:
+		^
+		www.uptodown.net
+		gstatic.uptodown.net
+		stat.uptodown.net
+		stc.uptodown.net
+		downloads\d.uptodown.net
+
+	Expired:
+		img.uptodown.net
+-->
+
+<ruleset name="uptodown.net">
+	<target host="uptodown.net" />
+	<target host="www.uptodown.net" />
+	<target host="gstatic.uptodown.net" />
+	<target host="stat.uptodown.net" />
+	<target host="stc.uptodown.net" />
+	<rule from="^http://(www\.|gstatic\.|stat\.|stc\.)?uptodown\.net/"
+			to="https://$1uptodown.com/" />
+		<test url="http://uptodown.net/webapps" />
+		<test url="http://www.uptodown.net/webapps" />
+		<test url="http://gstatic.uptodown.net/css/v10.86.css" />
+		<test url="http://gstatic.uptodown.net/v9/btn_pizza_v8.png" />
+		<test url="http://stat.uptodown.net/search/whatsapp-plus.gif" />
+		<test url="http://stc.uptodown.net/favicon.ico" />
+
+	<!-- target host="img.uptodown.net" />
+		<test url="http://img.uptodown.net/screen/android/desc/vlc-001.jpg" / -->
+
+</ruleset>
diff --git a/src/chrome/content/rules/ura.gov.sg.xml b/src/chrome/content/rules/ura.gov.sg.xml
new file mode 100644
index 000000000000..fb9fb1801467
--- /dev/null
+++ b/src/chrome/content/rules/ura.gov.sg.xml
@@ -0,0 +1,18 @@
+<!--
+	^ura.gov.sg does not exist.
+
+-->
+<ruleset name="URA.gov.sg">
+
+	<target host="spring.ura.gov.sg" />
+	<target host="sunrise.ura.gov.sg" />
+	<target host="www.ura.gov.sg" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/url.cn.xml b/src/chrome/content/rules/url.cn.xml
new file mode 100644
index 000000000000..0a1bb201cbdc
--- /dev/null
+++ b/src/chrome/content/rules/url.cn.xml
@@ -0,0 +1,25 @@
+<!--
+	The Tencent's short url serve, just like t.co
+
+	Mismatch:
+		^
+		www.
+		……	(too much to list)
+-->
+
+<ruleset name="url.cn (partial)">
+
+	<target host="1.url.cn" />
+	<target host="2.url.cn" />
+	<target host="3.url.cn" />
+	<target host="4.url.cn" />
+	<target host="5.url.cn" />
+	<target host="6.url.cn" />
+	<target host="7.url.cn" />
+	<target host="8.url.cn" />
+	<target host="9.url.cn" />
+	<target host="10.url.cn" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/urlaubspiraten.xml b/src/chrome/content/rules/urlaubspiraten.xml
new file mode 100644
index 000000000000..31da5a7bbc88
--- /dev/null
+++ b/src/chrome/content/rules/urlaubspiraten.xml
@@ -0,0 +1,6 @@
+<ruleset name="urlaubspiraten">
+  <target host="urlaubspiraten.de" />
+  <target host="www.urlaubspiraten.de" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/urldecode.org.xml b/src/chrome/content/rules/urldecode.org.xml
new file mode 100644
index 000000000000..50791a447e8c
--- /dev/null
+++ b/src/chrome/content/rules/urldecode.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="urldecode.org">
+	<target host="urldecode.org" />
+	<target host="www.urldecode.org" />
+	<target host="urlencode.org" />
+	<target host="www.urlencode.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/us.jobs.xml b/src/chrome/content/rules/us.jobs.xml
new file mode 100644
index 000000000000..119e2e28a702
--- /dev/null
+++ b/src/chrome/content/rules/us.jobs.xml
@@ -0,0 +1,57 @@
+<!--
+	CDN buckets:
+
+		- d1rap9luh07sve.cloudfront.net	← images
+
+
+	Problematic hosts in *us.jobs:
+
+		- images ᵐ
+
+	ᵐ Cloudfront / mismatched
+
+
+	Mixed content:
+
+		- iframe on ^ from player.vimeo.com ˢ
+
+		- css, on:
+
+			- ^ from ajax.googleapis.com ˢ
+			- ^ from css.nlx.org ˢ
+			- ^ from $self ˢ
+
+		- Images, on:
+
+			- ^ from de.nlx.org ˢ
+			- ^ from png.nlx.org ˢ
+			- ^ from images.us.jobs ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="US.jobs" platform="mixedcontent">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="us.jobs" />
+	<target host="www.us.jobs" />
+
+	<!--	Complications:
+				-->
+	<target host="images.us.jobs" />
+
+
+	<securecookie host="^\." name="^__qca$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://images\.us\.jobs/"
+		to="https://d1rap9luh07sve.cloudfront.net/" />
+
+		<test url="http://images.us.jobs/usdj/format/topbar.png" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/usainteanne.xml b/src/chrome/content/rules/usainteanne.xml
new file mode 100644
index 000000000000..8ac5a3218c2a
--- /dev/null
+++ b/src/chrome/content/rules/usainteanne.xml
@@ -0,0 +1,23 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://webmail.usainteanne.ca/ => https://webmail.usainteanne.ca/: (6, 'Could not resolve host: webmail.usainteanne.ca')
+Fetch error: http://smtp.usainteanne.ca/ => https://smtp.usainteanne.ca/: (28, 'Connection timed out after 20001 milliseconds')
+
+-->
+<ruleset name="usainteanne" default_off="failed ruleset test">
+  <target host="usainteanne.ca" />
+  <target host="www.usainteanne.ca" />
+  <target host="webmail.usainteanne.ca" />
+  <target host="smtp.usainteanne.ca" />
+  <target host="moodle.usainteanne.ca" />
+  <target host="login.usainteanne.ca" />
+  <target host="vpn.usainteanne.ca" />
+
+  <rule from="^http://(?:www\.)?usainteanne\.ca/" to="https://www.usainteanne.ca/" />
+  <rule from="^http://webmail\.usainteanne\.ca/" to="https://webmail.usainteanne.ca/" />
+  <rule from="^http://smtp\.usainteanne\.ca/" to="https://smtp.usainteanne.ca/" />
+  <rule from="^http://moodle\.usainteanne\.ca/" to="https://moodle.usainteanne.ca/" />
+  <rule from="^http://login\.usainteanne\.ca/" to="https://login.usainteanne.ca/" />
+  <rule from="^http://vpn\.usainteanne\.ca/" to="https://vpn.usainteanne.ca/" />
+</ruleset>
diff --git a/src/chrome/content/rules/usatodayw7vu5egc.onion.xml b/src/chrome/content/rules/usatodayw7vu5egc.onion.xml
new file mode 100644
index 000000000000..c02c8e8a92fb
--- /dev/null
+++ b/src/chrome/content/rules/usatodayw7vu5egc.onion.xml
@@ -0,0 +1,8 @@
+<!--
+	For other Gannett Company coverage, see Gannett-Company.xml.
+-->
+<ruleset name="usatodayw7vu5egc.onion">
+	<target host="usatodayw7vu5egc.onion" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/usefedora.com.xml b/src/chrome/content/rules/usefedora.com.xml
new file mode 100644
index 000000000000..60a2d2726942
--- /dev/null
+++ b/src/chrome/content/rules/usefedora.com.xml
@@ -0,0 +1,29 @@
+<ruleset name="usefedora.com" platform="mixedcontent">
+
+	<target host="usefedora.com" />
+	<target host="*.usefedora.com" />
+
+		<exclusion pattern="^http://(?:[^./]+\.){2,}usefedora\.com/" />
+
+			<!--	+ve:
+					-->
+			<test url="http://this.host.usefedora.com/" />
+			<test url="http://exists.not.usefedora.com/" />
+
+		<test url="http://www.usefedora.com/" />
+
+		<!--	Account vhosts:
+					-->
+		<test url="http://learncalligraphy.usefedora.com/" />
+		<test url="http://optiontiger.usefedora.com/" />
+		<test url="http://jessicasprague.usefedora.com/" /><!--	mixed css -->
+
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/usembassy.gov.xml b/src/chrome/content/rules/usembassy.gov.xml
new file mode 100644
index 000000000000..8bf6fddbb8bb
--- /dev/null
+++ b/src/chrome/content/rules/usembassy.gov.xml
@@ -0,0 +1,416 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://argentina.usembassy.gov/ => https://argentina.usembassy.gov/: (6, 'Could not resolve host: argentina.usembassy.gov')
+Fetch error: http://spanish.argentina.usembassy.gov/ => https://spanish.argentina.usembassy.gov/: (6, 'Could not resolve host: spanish.argentina.usembassy.gov')
+Fetch error: http://german.austria.usembassy.gov/ => https://german.austria.usembassy.gov/: (6, 'Could not resolve host: german.austria.usembassy.gov')
+Fetch error: http://bahrain.usembassy.gov/ => https://bahrain.usembassy.gov/: (6, 'Could not resolve host: bahrain.usembassy.gov')
+Fetch error: http://botswana.usembassy.gov/ => https://botswana.usembassy.gov/: (6, 'Could not resolve host: botswana.usembassy.gov')
+Fetch error: http://brazil.usembassy.gov/ => https://brazil.usembassy.gov/: (6, 'Could not resolve host: brazil.usembassy.gov')
+Fetch error: http://portuguese.brazil.usembassy.gov/ => https://portuguese.brazil.usembassy.gov/: (6, 'Could not resolve host: portuguese.brazil.usembassy.gov')
+Fetch error: http://french.burkinafaso.usembassy.gov/ => https://french.burkinafaso.usembassy.gov/: (6, 'Could not resolve host: french.burkinafaso.usembassy.gov')
+Fetch error: http://burma.usembassy.gov/ => https://burma.usembassy.gov/: (6, 'Could not resolve host: burma.usembassy.gov')
+Fetch error: http://chile.usembassy.gov/ => https://chile.usembassy.gov/: (6, 'Could not resolve host: chile.usembassy.gov')
+Fetch error: http://spanish.chile.usembassy.gov/ => https://spanish.chile.usembassy.gov/: (6, 'Could not resolve host: spanish.chile.usembassy.gov')
+Fetch error: http://french.cotedivoire.usembassy.gov/ => https://french.cotedivoire.usembassy.gov/: (6, 'Could not resolve host: french.cotedivoire.usembassy.gov')
+Fetch error: http://denmark.usembassy.gov/ => https://denmark.usembassy.gov/: (6, 'Could not resolve host: denmark.usembassy.gov')
+Fetch error: http://djibouti.usembassy.gov/ => https://djibouti.usembassy.gov/: (6, 'Could not resolve host: djibouti.usembassy.gov')
+Fetch error: http://egypt.usembassy.gov/ => https://egypt.usembassy.gov/: (6, 'Could not resolve host: egypt.usembassy.gov')
+Fetch error: http://france.usembassy.gov/ => https://france.usembassy.gov/: (6, 'Could not resolve host: france.usembassy.gov')
+Fetch error: http://french.france.usembassy.gov/ => https://french.france.usembassy.gov/: (6, 'Could not resolve host: french.france.usembassy.gov')
+Fetch error: http://germany.usembassy.gov/ => https://germany.usembassy.gov/: (6, 'Could not resolve host: germany.usembassy.gov')
+Fetch error: http://german.germany.usembassy.gov/ => https://german.germany.usembassy.gov/: (6, 'Could not resolve host: german.germany.usembassy.gov')
+Fetch error: http://honduras.usembassy.gov/ => https://honduras.usembassy.gov/: (6, 'Could not resolve host: honduras.usembassy.gov')
+Fetch error: http://spanish.honduras.usembassy.gov/ => https://spanish.honduras.usembassy.gov/: (6, 'Could not resolve host: spanish.honduras.usembassy.gov')
+Fetch error: http://iceland.usembassy.gov/ => https://iceland.usembassy.gov/: (6, 'Could not resolve host: iceland.usembassy.gov')
+Fetch error: http://iran.usembassy.gov/ => https://iran.usembassy.gov/: (6, 'Could not resolve host: iran.usembassy.gov')
+Fetch error: http://persian.iran.usembassy.gov/ => https://persian.iran.usembassy.gov/: (6, 'Could not resolve host: persian.iran.usembassy.gov')
+Fetch error: http://israel.usembassy.gov/ => https://israel.usembassy.gov/: (6, 'Could not resolve host: israel.usembassy.gov')
+Fetch error: http://hebrew.israel.usembassy.gov/ => https://hebrew.israel.usembassy.gov/: (6, 'Could not resolve host: hebrew.israel.usembassy.gov')
+Fetch error: http://italy.usembassy.gov/ => https://italy.usembassy.gov/: (6, 'Could not resolve host: italy.usembassy.gov')
+Fetch error: http://italian.italy.usembassy.gov/ => https://italian.italy.usembassy.gov/: (6, 'Could not resolve host: italian.italy.usembassy.gov')
+Fetch error: http://kingston.usembassy.gov/ => https://kingston.usembassy.gov/: (6, 'Could not resolve host: kingston.usembassy.gov')
+Fetch error: http://minsk.usembassy.gov/ => https://minsk.usembassy.gov/: (6, 'Could not resolve host: minsk.usembassy.gov')
+Fetch error: http://nassau.usembassy.gov/ => https://nassau.usembassy.gov/: (6, 'Could not resolve host: nassau.usembassy.gov')
+Fetch error: http://newdelhi.usembassy.gov/ => https://newdelhi.usembassy.gov/: (6, 'Could not resolve host: newdelhi.usembassy.gov')
+Fetch error: http://ouagadougou.usembassy.gov/ => https://ouagadougou.usembassy.gov/: (6, 'Could not resolve host: ouagadougou.usembassy.gov')
+Fetch error: http://southafrica.usembassy.gov/ => https://southafrica.usembassy.gov/: (6, 'Could not resolve host: southafrica.usembassy.gov')
+Fetch error: http://suva.usembassy.gov/ => https://suva.usembassy.gov/: (6, 'Could not resolve host: suva.usembassy.gov')
+
+
+
+	Nonfunctional hosts in *usembassy.gov:
+
+		- blogs ³
+		- iipdigital ᵃ
+		- japan2 ᵖ
+		- sdc ᶠ
+
+	³ 503
+	ᵃ Shows another domain
+	ᶠ Handshake fails
+	ᵖ Plaintext reply
+
+
+	Problematic hosts in *usembassy.gov:
+
+		- ^ ᵉ ᵐ ˢ
+		- beijing ᵉ ᵐ ˢ
+		- osce ᵉ ᵐ ˢ
+
+	ᵉ Expired
+	ᵐ Mismatched
+	ˢ Self-signed
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- ar.usembassy.gov
+		- .ar.usembassy.gov
+		- br.usembassy.gov
+		- .br.usembassy.gov
+		- ca.usembassy.gov
+		- .ca.usembassy.gov
+		- ci.usembassy.gov
+		- .ci.usembassy.gov
+		- cz.usembassy.gov
+		- .cz.usembassy.gov
+		- de.usembassy.gov
+		- .de.usembassy.gov
+		- fr.usembassy.gov
+		- .fr.usembassy.gov
+		- ie.usembassy.gov
+		- .ie.usembassy.gov
+		- kh.usembassy.gov
+		- .kh.usembassy.gov
+		- lr.usembassy.gov
+		- mx.usembassy.gov
+		- .mx.usembassy.gov
+		- nz.usembassy.gov
+		- pl.usembassy.gov
+		- .pl.usembassy.gov
+		- sa.usembassy.gov
+		- .sa.usembassy.gov
+		- se.usembassy.gov
+		- .se.usembassy.gov
+		- uk.usembassy.gov
+		- utils.usembassy.gov
+		- vn.usembassy.gov
+		- .vn.usembassy.gov
+		- uk.usembassy.gov
+		- ws.usembassy.gov
+		- za.usembassy.gov
+		- zm.usembassy.gov
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- iframe on macedonia, tanzania from www.youtube.com ˢ
+
+		- Images, on:
+
+			- abudhabi, arabic.algeria, french.algeria, algiers, angola, portuguese.angola, www.antananarivo, armenia, armenian.armenia, russian.ashgabat, turkmen.ashgabat, athens, austria, german.austria, azerbaijan, azeri.azerbaijan, bahrain, bangkok, thai.bangkok, bangui, banjul, barbados, belgium, dutch.belgium, french.belgium, belize, french.benin, bern, bishkek, kyrgyz.bishkek, russian.bishkek, bogota, spanish.bogota, bolivia, spanish.bolivia, botswana, brazzaville, french.brazzaville, brunei, bulgaria, bulgarian.bulgaria, french.burkinafaso, burma, burundi, canberra, caracas, spanish.caracas, french.chad, chile, spanish.chile, conakry, costarica, spanish.costarica, costarica, cotonou, dakar, french.dakar, damascus, denmark, dhaka, djibouti, dushanbe, russian.dushanbe, tajik.dushanbe, ecuador, spanish.ecuador, egypt, eritrea, estonia, estonian.estonia, russian.estonia, ethiopia, finland, freetown, georgetown, georgia, georgian.georgia, ghana, guatemala, spanish.guatemala, french.guinea, haiti, french.haiti, harare, havana, honduras, spanish.honduras, hungary, hungarian.hungary, iceland, iran, persian.iran, iraq, arabic.iraq, islamabad, israel, hebrew.israel, italy, italian.italy, jakarta, jordan, kabul, kazakhstan, kingston, kinshasa, kolonia, kuwait, laos, lebanon, libreville, libya, lilongwe, lima, luxembourg, macedonia, madrid, majuro, malabo, mali, malta, manila, maputo, maseru, mauritania, mauritius, minsk, moldova, mongolia, morocco, nairobi, nassau, ndjamena, nepal, newdelhi, niamey, nicaragua, nigeria, norway, oman, ouagadougou, palau, panama, paraguay, podgorica, portmoresby, portugal, praia, pristina, qatar, riga, latvian.riga, romania, rwanda, sansalvador, santodomingo, sarajevo, seoul, serbia, singapore, slovakia, slovenia, southsudan, srilanka, sudan, suriname, suva, swaziland, tanzania, thehague, tirana, togo, trinidad, tunisia, turkey, turkmenistan, ukraine, uruguay, uzbekistan, vilnius, windhoek, www, yaounde, yemen, zagreb from photos.state.gov ˢ
+			- www.antananarivo, athens, azeri.azerbaijan, belize, belgium, dutch.belgium, bogota, spanish.bogota, bolivia, spanish.bolivia, french.brazzaville, brunei, ghana, dushanbe, french.guinea, harare, honduras, luxembourg, majuro, minsk, moscow, newdelhi, srilanka, sudan, suriname, tanzania, thehague, turkey, vatican, windhoek, yemen from photos.america.gov ˢ
+			- azerbaijan, azeri.azerbaijan from s97095.gridserver.com ᵒ
+			- bahrain, israel, mongolia, newdelhi, singapore, togo, turkey from www.state.gov ˢ
+			- caracas from i.imgur.com ˢ
+			- damascus from www.usaid.gov
+			- ebrew.israel from www.niehs.nih.gov ˢ
+			- georgia from travel.state.gov ˢ
+			- iran, persian.iran from gdb.voanews.com
+			- japan from japan2.usembassy.gov ᵖ
+			- jordan from southafrica.usembassy.gov
+			- jordan from www.usembassy.org.uk
+			- libreville, mongolia from americanenglish.state.gov ˢ
+			- macedonia, mongolia, portmoresby from blogs.state.gov ʰ
+			- manila from www.va.gov
+			- moscow from $self ˢ
+			- newdelhi from clonewdelhi.com ᵖ
+			- qatar from educationusa.state.gov ˢ
+			- santodomingo from dakar.usembassy.gov ˢ
+			- singapore from media.defense.gov ʰ
+			- singapore from www.cbp.gov ˢ
+			- slovenia from germany.usembassy.de
+			- sudan from www.lumosdigital.com
+
+		- Bug on arabic.algeria, bangui, barbados, burma, chile, spanish.chile, conakry, djibouti, estonia, estonian.estonia, russian.estonia, georgian.georgia, guatemala, spanish.guatemala, french.guinea, iraq, islamabad, jakarta, jordan, kabul, kinshasa, libreville, madrid, mali, maputo, maseru, moldova, morocco, moscow, nicaragua, nigeria, riga, sansalvador, slovenia, srilanka, tanzania, trinidad, ukraine, uzbekistan, vilnius, www, yaounde from www.facebook.com ˢ
+
+	ʰ Unsecurable <= redirects to http
+	ᵒ Ruleset disabled by default <= insufficient tests
+	ᵖ Unsecurable <= plaintext reply
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="US Embassy.gov (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="abudhabi.usembassy.gov" />
+	<target host="arabic.algeria.usembassy.gov" />
+	<target host="french.algeria.usembassy.gov" />
+	<target host="algiers.usembassy.gov" />
+	<target host="angola.usembassy.gov" />
+	<target host="portuguese.angola.usembassy.gov" />
+	<target host="www.antananarivo.usembassy.gov" />
+	<target host="ar.usembassy.gov" />
+	<target host="argentina.usembassy.gov" />
+	<target host="spanish.argentina.usembassy.gov" />
+	<target host="armenia.usembassy.gov" />
+	<target host="armenian.armenia.usembassy.gov" />
+	<target host="russian.ashgabat.usembassy.gov" />
+	<target host="turkmen.ashgabat.usembassy.gov" />
+	<target host="athens.usembassy.gov" />
+	<target host="austria.usembassy.gov" />
+	<target host="german.austria.usembassy.gov" />
+	<target host="azerbaijan.usembassy.gov" />
+	<target host="azeri.azerbaijan.usembassy.gov" />
+	<target host="bahrain.usembassy.gov" />
+	<target host="bangkok.usembassy.gov" />
+	<target host="thai.bangkok.usembassy.gov" />
+	<target host="bangui.usembassy.gov" />
+	<target host="banjul.usembassy.gov" />
+	<target host="barbados.usembassy.gov" />
+	<target host="belgium.usembassy.gov" />
+	<target host="dutch.belgium.usembassy.gov" />
+	<target host="french.belgium.usembassy.gov" />
+	<target host="belize.usembassy.gov" />
+	<target host="french.benin.usembassy.gov" />
+	<target host="bern.usembassy.gov" />
+	<target host="bishkek.usembassy.gov" />
+	<target host="kyrgyz.bishkek.usembassy.gov" />
+	<target host="russian.bishkek.usembassy.gov" />
+	<target host="bogota.usembassy.gov" />
+	<target host="spanish.bogota.usembassy.gov" />
+	<target host="bolivia.usembassy.gov" />
+	<target host="spanish.bolivia.usembassy.gov" />
+	<target host="botswana.usembassy.gov" />
+	<target host="br.usembassy.gov" />
+	<target host="brazil.usembassy.gov" />
+	<target host="portuguese.brazil.usembassy.gov" />
+	<target host="brazzaville.usembassy.gov" />
+	<target host="french.brazzaville.usembassy.gov" />
+	<target host="brunei.usembassy.gov" />
+	<target host="bulgaria.usembassy.gov" />
+	<target host="bulgarian.bulgaria.usembassy.gov" />
+	<target host="french.burkinafaso.usembassy.gov" />
+	<target host="burma.usembassy.gov" />
+	<target host="burundi.usembassy.gov" />
+	<target host="ca.usembassy.gov" />
+	<target host="khmer.cambodia.usembassy.gov" />
+	<target host="canberra.usembassy.gov" />
+	<target host="caracas.usembassy.gov" />
+	<target host="spanish.caracas.usembassy.gov" />
+	<target host="french.chad.usembassy.gov" />
+	<target host="chile.usembassy.gov" />
+	<target host="spanish.chile.usembassy.gov" />
+	<target host="ci.usembassy.gov" />
+	<target host="conakry.usembassy.gov" />
+	<target host="costarica.usembassy.gov" />
+	<target host="spanish.costarica.usembassy.gov" />
+	<target host="french.cotedivoire.usembassy.gov" />
+	<target host="cotonou.usembassy.gov" />
+	<target host="cyprus.usembassy.gov" />
+	<target host="cz.usembassy.gov" />
+	<target host="dakar.usembassy.gov" />
+	<target host="french.dakar.usembassy.gov" />
+	<target host="damascus.usembassy.gov" />
+	<target host="de.usembassy.gov" />
+	<target host="denmark.usembassy.gov" />
+	<target host="dhaka.usembassy.gov" />
+	<target host="djibouti.usembassy.gov" />
+	<target host="dushanbe.usembassy.gov" />
+	<target host="russian.dushanbe.usembassy.gov" />
+	<target host="tajik.dushanbe.usembassy.gov" />
+	<target host="ecuador.usembassy.gov" />
+	<target host="spanish.ecuador.usembassy.gov" />
+	<target host="ve.edit.usembassy.gov" />
+	<target host="egypt.usembassy.gov" />
+	<target host="eritrea.usembassy.gov" />
+	<target host="estonia.usembassy.gov" />
+	<target host="estonian.estonia.usembassy.gov" />
+	<target host="russian.estonia.usembassy.gov" />
+	<target host="ethiopia.usembassy.gov" />
+	<target host="finland.usembassy.gov" />
+	<target host="fr.usembassy.gov" />
+	<target host="france.usembassy.gov" />
+	<target host="french.france.usembassy.gov" />
+	<target host="freetown.usembassy.gov" />
+	<target host="ghana.usembassy.gov" />
+	<target host="georgetown.usembassy.gov" />
+	<target host="georgia.usembassy.gov" />
+	<target host="georgian.georgia.usembassy.gov" />
+	<target host="germany.usembassy.gov" />
+	<target host="german.germany.usembassy.gov" />
+	<target host="guatemala.usembassy.gov" />
+	<target host="spanish.guatemala.usembassy.gov" />
+	<target host="french.guinea.usembassy.gov" />
+	<target host="haiti.usembassy.gov" />
+	<target host="french.haiti.usembassy.gov" />
+	<target host="harare.usembassy.gov" />
+	<target host="havana.usembassy.gov" />
+	<target host="honduras.usembassy.gov" />
+	<target host="spanish.honduras.usembassy.gov" />
+	<target host="hungary.usembassy.gov" />
+	<target host="hungarian.hungary.usembassy.gov" />
+	<target host="iceland.usembassy.gov" />
+	<target host="ie.usembassy.gov" />
+	<target host="iran.usembassy.gov" />
+	<target host="persian.iran.usembassy.gov" />
+	<target host="iraq.usembassy.gov" />
+	<target host="arabic.iraq.usembassy.gov" />
+	<target host="islamabad.usembassy.gov" />
+	<target host="israel.usembassy.gov" />
+	<target host="hebrew.israel.usembassy.gov" />
+	<target host="italy.usembassy.gov" />
+	<target host="italian.italy.usembassy.gov" />
+	<target host="jakarta.usembassy.gov" />
+	<target host="japan.usembassy.gov" />
+	<target host="jordan.usembassy.gov" />
+	<target host="kabul.usembassy.gov" />
+	<target host="kazakhstan.usembassy.gov" />
+	<target host="kh.usembassy.gov" />
+	<target host="kingston.usembassy.gov" />
+	<target host="kinshasa.usembassy.gov" />
+	<target host="kolonia.usembassy.gov" />
+	<target host="kr.usembassy.gov" />
+	<target host="kuwait.usembassy.gov" />
+	<target host="laos.usembassy.gov" />
+	<target host="lebanon.usembassy.gov" />
+	<target host="libreville.usembassy.gov" />
+	<target host="libya.usembassy.gov" />
+	<target host="lilongwe.usembassy.gov" />
+	<target host="lima.usembassy.gov" />
+	<target host="lr.usembassy.gov" />
+	<target host="luxembourg.usembassy.gov" />
+	<target host="madrid.usembassy.gov" />
+	<target host="majuro.usembassy.gov" />
+	<target host="malabo.usembassy.gov" />
+	<target host="mali.usembassy.gov" />
+	<target host="malta.usembassy.gov" />
+	<target host="manila.usembassy.gov" />
+	<target host="maputo.usembassy.gov" />
+	<target host="maseru.usembassy.gov" />
+	<target host="mauritania.usembassy.gov" />
+	<target host="mauritius.usembassy.gov" />
+	<target host="minsk.usembassy.gov" />
+	<target host="moldova.usembassy.gov" />
+	<target host="mongolia.usembassy.gov" />
+	<target host="morocco.usembassy.gov" />
+	<target host="moscow.usembassy.gov" />
+	<target host="mx.usembassy.gov" />
+	<target host="my.usembassy.gov" />
+	<target host="nairobi.usembassy.gov" />
+	<target host="nassau.usembassy.gov" />
+	<target host="ndjamena.usembassy.gov" />
+	<target host="nepal.usembassy.gov" />
+	<target host="newdelhi.usembassy.gov" />
+	<target host="niamey.usembassy.gov" />
+	<target host="nicaragua.usembassy.gov" />
+	<target host="nigeria.usembassy.gov" />
+	<target host="norway.usembassy.gov" />
+	<target host="nz.usembassy.gov" />
+	<target host="oman.usembassy.gov" />
+	<target host="ouagadougou.usembassy.gov" />
+	<target host="palau.usembassy.gov" />
+	<target host="panama.usembassy.gov" />
+	<target host="paraguay.usembassy.gov" />
+	<target host="pl.usembassy.gov" />
+	<target host="podgorica.usembassy.gov" />
+	<target host="portmoresby.usembassy.gov" />
+	<target host="portugal.usembassy.gov" />
+	<target host="praia.usembassy.gov" />
+	<target host="pristina.usembassy.gov" />
+	<target host="qatar.usembassy.gov" />
+	<target host="riga.usembassy.gov" />
+	<target host="latvian.riga.usembassy.gov" />
+	<target host="romania.usembassy.gov" />
+	<target host="rwanda.usembassy.gov" />
+	<target host="sa.usembassy.gov" />
+	<target host="sansalvador.usembassy.gov" />
+	<target host="santodomingo.usembassy.gov" />
+	<target host="sarajevo.usembassy.gov" />
+	<target host="se.usembassy.gov" />
+	<target host="seoul.usembassy.gov" />
+	<target host="serbia.usembassy.gov" />
+	<target host="singapore.usembassy.gov" />
+	<target host="slovakia.usembassy.gov" />
+	<target host="slovenia.usembassy.gov" />
+	<target host="southafrica.usembassy.gov" />
+	<target host="southsudan.usembassy.gov" />
+	<target host="srilanka.usembassy.gov" />
+	<target host="sudan.usembassy.gov" />
+	<target host="suriname.usembassy.gov" />
+	<target host="suva.usembassy.gov" />
+	<target host="swaziland.usembassy.gov" />
+	<target host="tanzania.usembassy.gov" />
+	<target host="thehague.usembassy.gov" />
+	<target host="tirana.usembassy.gov" />
+	<target host="togo.usembassy.gov" />
+	<target host="trinidad.usembassy.gov" />
+	<target host="tunisia.usembassy.gov" />
+	<target host="turkey.usembassy.gov" />
+	<target host="turkmenistan.usembassy.gov" />
+	<target host="ug.usembassy.gov" />
+	<target host="uk.usembassy.gov" />
+	<target host="ukraine.usembassy.gov" />
+	<target host="uruguay.usembassy.gov" />
+	<target host="utils.usembassy.gov" />
+	<target host="uzbekistan.usembassy.gov" />
+	<target host="vatican.usembassy.gov" />
+	<target host="vietnam.usembassy.gov" />
+	<target host="vilnius.usembassy.gov" />
+	<target host="vn.usembassy.gov" />
+	<target host="windhoek.usembassy.gov" />
+	<target host="ws.usembassy.gov" />
+	<target host="www.usembassy.gov" />
+	<target host="yaounde.usembassy.gov" />
+	<target host="yemen.usembassy.gov" />
+	<target host="za.usembassy.gov" />
+	<target host="zagreb.usembassy.gov" />
+	<target host="zm.usembassy.gov" />
+
+		<!--	$ redirects to another domain, so:
+								-->
+		<test url="http://ve.edit.usembassy.gov/wp-content/themes/cms3/assets/images/default-blog-seal.png" />
+
+		<!--	Mixed images:
+					-->
+		<!--test url="http://manila.usembassy.gov/wwwha013.html" /-->
+
+		<!--	Sets cookie without Secure:
+							-->
+		<!--test url="http://utils.usembassy.gov/yseali/index.php" /-->
+
+	<!--	Complications:
+				-->
+	<target host="usembassy.gov" />
+	<target host="osce.usembassy.gov" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:ar|br|ci|cz|ca|de|fr|ie|kh|lr|mx|nz|pl|sa|se|ug|uk|vn|ws|za|zm)\.usembassy\.gov$" name="^wordpress_google_apps_login$" /-->
+	<!--securecookie host="^\.(?:ar|br|ci|cz|ca|de|fr|ie|kh|mx|pl|sa|se|ug|vn)\.usembassy\.gov$" name="^pll_language$" /-->
+	<!--securecookie host="^utils\.usembassy\.gov$" name="^ci_session$" /-->
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://usembassy\.gov/"
+		to="https://www.usembassy.gov/" />
+
+	<!--	Redirect keeps path and args,
+		but not forward slash:
+					-->
+	<rule from="^http://osce\.usembassy\.gov/+"
+		to="https://osce.usmission.gov/" />
+
+		<test url="http://osce.usembassy.gov/index.htm" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/usenetter.nl.xml b/src/chrome/content/rules/usenetter.nl.xml
new file mode 100644
index 000000000000..ea4e994d2cc8
--- /dev/null
+++ b/src/chrome/content/rules/usenetter.nl.xml
@@ -0,0 +1,30 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.usenetter.nl/ => https://www.usenetter.nl/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://usenetter.nl/ => https://www.usenetter.nl/: (60, 'SSL certificate problem: certificate has expired')
+
+	^usenetter.nl: Mismatched
+
+-->
+<ruleset name="Usenetter.nl" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.usenetter.nl" />
+
+	<!--	Complications:
+				-->
+	<target host="usenetter.nl" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://usenetter\.nl/"
+		to="https://www.usenetter.nl/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/user.fm.xml b/src/chrome/content/rules/user.fm.xml
new file mode 100644
index 000000000000..6331ec87d9c6
--- /dev/null
+++ b/src/chrome/content/rules/user.fm.xml
@@ -0,0 +1,16 @@
+<!--
+	For other Fastmail coverage, see Fastmail.xml
+
+	user.fm: Fastmail user websites
+
+	- If www.example.com was hosted on Fastmail, it would also be available
+	  as http://www.example.com.user.fm/ and https://user.fm/www.example.com/
+
+	- Unfortunately rewriting *.user.fm to subdirectories would break many
+	  relative links in sites such as to '/css/style.css'.
+-->
+<ruleset name="user.fm">
+    <target host="user.fm" />
+
+    <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/userapi.com.xml b/src/chrome/content/rules/userapi.com.xml
new file mode 100644
index 000000000000..d39a1c12e141
--- /dev/null
+++ b/src/chrome/content/rules/userapi.com.xml
@@ -0,0 +1,16 @@
+<!--
+	For other VK coverage, see VK.xml.
+
+	cs[0-9].userapi.com may also work, but there are currently no test urls.
+
+	Timeout:
+		.cs\d\d+
+-->
+<ruleset name="userapi.com">
+	<target host="userapi.com" />
+	<target host="www.userapi.com" />
+	<target host="st0.userapi.com" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/userstory.ru.xml b/src/chrome/content/rules/userstory.ru.xml
new file mode 100644
index 000000000000..909b36709067
--- /dev/null
+++ b/src/chrome/content/rules/userstory.ru.xml
@@ -0,0 +1,59 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.userstory.ru/ => https://www.userstory.ru/: (51, "SSL: no alternative certificate subject name matches target host name 'www.userstory.ru'")
+
+portfolio.userstory.ru ²
+www.visitrussia.office.userstory.ru ¹
+stable.kdv.office.userstory.ru ¹
+www.demo2.kr-pro.office.userstory.ru ¹
+www.stable.kr-pro.office.userstory.ru ¹
+test1.kdv.office.userstory.ru ¹
+www.demo1.loko.office.userstory.ru ¹
+stadium.demo1.loko.office.userstory.ru ¹
+www.demo5.loko.office.userstory.ru ¹
+school.stable.loko.office.userstory.ru ¹
+tickets.stable.loko.office.userstory.ru ¹
+www.stable.loko.office.userstory.ru ¹
+stadium.stable.loko.office.userstory.ru ¹
+www.demo2.loko.office.userstory.ru ¹
+demo2.loko.office.userstory.ru ¹
+www.newchool.stable.loko.office.userstory.ru ¹
+shop.stable.loko.office.userstory.ru ¹
+www.newschool.stable.loko.office.userstory.ru ¹
+school.newchool.stable.loko.office.userstory.ru ¹
+stadium.newchool.stable.loko.office.userstory.ru ¹
+stable.loko.office.userstory.ru ¹
+shop.demo1.loko.office.userstory.ru ¹
+www.visitrussia.office.userstory.ru ¹
+stable.kdv.office.userstory.ru ¹
+visitrussia.office.userstory.ru ¹
+test1.kdv.office.userstory.ru ¹
+www.demo1.loko.office.userstory.ru ¹
+stadium.demo1.loko.office.userstory.ru ¹
+www.demo5.loko.office.userstory.ru ¹
+school.stable.loko.office.userstory.ru ¹
+tickets.stable.loko.office.userstory.ru ¹
+www.stable.loko.office.userstory.ru ¹
+stadium.stable.loko.office.userstory.ru ¹
+www.demo2.loko.office.userstory.ru ¹
+demo2.loko.office.userstory.ru ¹
+www.newchool.stable.loko.office.userstory.ru ¹
+shop.stable.loko.office.userstory.ru ¹
+www.newschool.stable.loko.office.userstory.ru ¹
+school.newchool.stable.loko.office.userstory.ru ¹
+stadium.newchool.stable.loko.office.userstory.ru ¹
+stable.loko.office.userstory.ru ¹
+shop.demo1.loko.office.userstory.ru ¹
+
+
+¹ mismatch
+² refused
+-->
+<ruleset name="userstory.ru" default_off="failed ruleset test">
+	<target host="userstory.ru" />
+	<target host="www.userstory.ru" />
+	<target host="blog.userstory.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/userstyles.org.xml b/src/chrome/content/rules/userstyles.org.xml
new file mode 100644
index 000000000000..bf040fe58717
--- /dev/null
+++ b/src/chrome/content/rules/userstyles.org.xml
@@ -0,0 +1,29 @@
+<!--
+	Insecure cookies are set for these domains:
+
+		- .userstyles.org
+
+
+	Mixed content:
+
+		- Image on forum from cdn.vanillaforums.com *
+
+	* Secured by us
+
+-->
+<ruleset name="Userstyles.org">
+  <target host="userstyles.org" />
+	<target host="forum.userstyles.org" />
+  <target host="www.userstyles.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.userstyles\.org$" name="^_session_id$" /-->
+
+	<securecookie host="^\.userstyles\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/usrportage.de.xml b/src/chrome/content/rules/usrportage.de.xml
index 550b3ece9db8..fe431edd842b 100644
--- a/src/chrome/content/rules/usrportage.de.xml
+++ b/src/chrome/content/rules/usrportage.de.xml
@@ -1,14 +1,17 @@
-<ruleset name="usrportage.de" default_off="expired, mismatch">
+<!--
+	trivial mixed content from https://ghbtns.com/github-btn.html
+	secured by us.
+-->
+<ruleset name="usrportage.de">
 
-	<!--	Cert:	schokokeks.org	-->
 	<target host="usrportage.de" />
 	<target host="www.usrportage.de" />
 
 
-	<securecookie host="^usrportage\.de$" name=".*" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^https?://(?:www\.)?usrportage\.de/"
-		to="https://usrportage.de/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/usyd.edu.au.xml b/src/chrome/content/rules/usyd.edu.au.xml
new file mode 100644
index 000000000000..6f30439a3aad
--- /dev/null
+++ b/src/chrome/content/rules/usyd.edu.au.xml
@@ -0,0 +1,103 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.alumniandfriends.usyd.edu.au/ => https://www.alumniandfriends.usyd.edu.au/: (28, 'Connection timed out after 20000 milliseconds')
+
+	For other University of Sydney coverage, see sydney.edu.au.xml.
+
+
+	Nonfunctional hosts in *usyd.edu.au:
+
+		- exams.library ᵈ
+		- libguides.library ʰ
+		- news.library ᵈ
+		- staff.library ᵈ
+		- www.library ᵈ
+
+		- timesheets ʳ
+		- webstats ʰ
+
+	ᵈ Dropped
+	ʰ Redirects to http
+	ʳ Refused
+
+
+	Problematic hosts in *usyd.edu.au:
+
+		- (www.)? ᵐ
+		- www.alumni ᵐ
+		- cms.ucc ᶜ
+
+	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
+	ᵐ Mismatched
+
+
+	These altnames don't exist:
+
+		- auth.usyd.edu.au
+		- www.cms.ucc.usyd.edu.au
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- www.alumniandfriends.usyd.edu.au
+
+		- .library.usyd.edu.au
+		- m.library.usyd.edu.au
+		- opac.library.usyd.edu.au
+		- orion.library.usyd.edu.au
+
+		- cms.ucc.usyd.edu.au
+
+
+	Mixed content:
+
+		- Image on opac.library from sydney.edu.au ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="USyd.edu.au (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.alumniandfriends.usyd.edu.au" />
+	<target host="www.auth.usyd.edu.au" />
+
+	<target host="m.library.usyd.edu.au" />
+	<target host="opac.library.usyd.edu.au" />
+	<target host="orion.library.usyd.edu.au" />
+
+	<!--target host="cms.ucc.usyd.edu.au" /-->
+	<target host="wasm.usyd.edu.au" />
+
+	<!--	Complications:
+				-->
+	<target host="usyd.edu.au" />
+	<target host="www.usyd.edu.au" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.alumniandfriends\.usyd\.edu\.au$" name="^ASPSESSIONID[A-Z]{8}$" /-->
+	<!--securecookie host="^\.library\.usyd\.edu\.au$" name="^(?:III_EXPT_FILE|III_SESSION_ID|SESSION_LANGUAGE)$" /-->
+	<!--securecookie host="^(?:m|opac)\.library\.usyd\.edu\.au$" name="^SESSION_SCOPE$" /-->
+	<!--securecookie host="^orion\.library\.usyd\.edu\.au$" name="^(?:PHPSESSID|lang)$" /-->
+	<!--securecookie host="^cms\.ucc\.usyd\.edu\.au$" name="^JSESSIONID$" /-->
+
+	<securecookie host="^\." name="^_gat?$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<!--	Redirect keeps path and args,
+		but not forward slash:
+					-->
+	<rule from="^http://(?:www\.)?usyd\.edu\.au/+"
+		to="https://sydney.edu.au/" />
+
+		<test url="http://www.usyd.edu.au/home.html" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/utbm.fr.xml b/src/chrome/content/rules/utbm.fr.xml
new file mode 100644
index 000000000000..082cfabe4727
--- /dev/null
+++ b/src/chrome/content/rules/utbm.fr.xml
@@ -0,0 +1,9 @@
+<ruleset name="Utbm.fr">
+  <target host="utbm.fr" />
+  <target host="www.utbm.fr" />
+  <target host="ae.utbm.fr" />
+
+  <rule from="^http://(www\.)?utbm\.fr/" to="https://www.utbm.fr/" />
+  <rule from="^http://ae\.utbm\.fr/" to="https://ae.utbm.fr/" />
+</ruleset>
+
diff --git a/src/chrome/content/rules/utdstc.com.xml b/src/chrome/content/rules/utdstc.com.xml
new file mode 100644
index 000000000000..988c6e68f74c
--- /dev/null
+++ b/src/chrome/content/rules/utdstc.com.xml
@@ -0,0 +1,17 @@
+<!--
+	Related:
+		uptodown.com.xml
+		uptodown.net.xml
+
+	Mismatch:
+		i.utdstc.com	https://i.utdstc.com/screen/android/desc/call-recorder-acr.jpg
+-->
+
+<ruleset name="utdstc.com">
+	<target host="img.utdstc.com" />
+		<test url="http://img.utdstc.com/screen/android/desc/vlc-001.jpg" />
+	<target host="stc.utdstc.com" />
+		<test url="http://stc.utdstc.com/favicon.ico" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/utex-telecom.ru.xml b/src/chrome/content/rules/utex-telecom.ru.xml
new file mode 100644
index 000000000000..73224865514f
--- /dev/null
+++ b/src/chrome/content/rules/utex-telecom.ru.xml
@@ -0,0 +1,9 @@
+<!--
+utex-telecom.ru mismatch
+www.utex-telecom.ru mismatch
+-->
+<ruleset name="utex-telecom.ru (partial)">
+	<target host="cabinet.utex-telecom.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/utf8everywhere.org.xml b/src/chrome/content/rules/utf8everywhere.org.xml
new file mode 100644
index 000000000000..97de1c703ff0
--- /dev/null
+++ b/src/chrome/content/rules/utf8everywhere.org.xml
@@ -0,0 +1,7 @@
+<ruleset name="utf8everywhere.org">
+	<target host="utf8everywhere.org" />
+	<target host="www.utf8everywhere.org" />
+
+	<rule from="^http://www\.utf8everywhere\.org/" to="https://utf8everywhere.org/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/utopia-ad.org.xml b/src/chrome/content/rules/utopia-ad.org.xml
new file mode 100644
index 000000000000..aacefa912cf2
--- /dev/null
+++ b/src/chrome/content/rules/utopia-ad.org.xml
@@ -0,0 +1,13 @@
+<ruleset name="Utopia-AD.org">
+
+	<target host="utopia-ad.org" />
+	<target host="www.utopia-ad.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/v-dem.net.xml b/src/chrome/content/rules/v-dem.net.xml
new file mode 100644
index 000000000000..3636abdeb786
--- /dev/null
+++ b/src/chrome/content/rules/v-dem.net.xml
@@ -0,0 +1,17 @@
+<!--
+	Varieties of Democracy Institute
+
+-->
+<ruleset name="V-Dem.net">
+
+	<target host="v-dem.net" />
+	<target host="www.v-dem.net" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/v.gd.xml b/src/chrome/content/rules/v.gd.xml
new file mode 100644
index 000000000000..67b831628771
--- /dev/null
+++ b/src/chrome/content/rules/v.gd.xml
@@ -0,0 +1,10 @@
+<ruleset name="v.gd">
+    <target host="v.gd" />
+    <target host="*.v.gd" />
+
+    <securecookie host="v\.gd$" name=".+" />
+    <securecookie host="\.v\.gd$" name="^__cfduid$" />
+
+    <rule from="^http://v\.gd/"
+        to="https://v.gd/" />
+</ruleset>
diff --git a/src/chrome/content/rules/v2ex.xml b/src/chrome/content/rules/v2ex.xml
deleted file mode 100644
index ead41e96c923..000000000000
--- a/src/chrome/content/rules/v2ex.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="v2ex">
-  <target host="www.v2ex.com" />
-  <target host="v2ex.com" />
-
-  <rule from="^http://(www\.)?v2ex\.com/" to="https://v2ex.com/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/v4c.org.xml b/src/chrome/content/rules/v4c.org.xml
new file mode 100644
index 000000000000..d50c7b4405b0
--- /dev/null
+++ b/src/chrome/content/rules/v4c.org.xml
@@ -0,0 +1,35 @@
+<!--
+	Problematic hosts in *v4c.org:
+
+		- dev ᵉ ᵐ ˢ
+
+	ᵉ Expired
+	ᵐ Mismatched
+	ˢ Self-signed
+
+
+	Mixed content:
+
+		- css, on:
+
+			- www from mywebfont.appspot.com ˢ
+			- www from mmwebfonts.comquas.com ˢ
+
+		- Bug on www from i.creativecommons.org ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="V4C.org (partial)">
+
+	<target host="v4c.org" />
+	<target host="www.v4c.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/vadino.com.xml b/src/chrome/content/rules/vadino.com.xml
new file mode 100644
index 000000000000..18b6f05850b3
--- /dev/null
+++ b/src/chrome/content/rules/vadino.com.xml
@@ -0,0 +1,20 @@
+<!--
+	Other Vadino rulesets:
+
+		- seomon.com.xml
+
+-->
+<ruleset name="Vadino.com">
+
+	<target host="vadino.com" />
+	<target host="www.vadino.com" />
+
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/vagosec.org.xml b/src/chrome/content/rules/vagosec.org.xml
new file mode 100644
index 000000000000..d893c5b78bf7
--- /dev/null
+++ b/src/chrome/content/rules/vagosec.org.xml
@@ -0,0 +1,13 @@
+<ruleset name="VaGoSec.org">
+
+	<target host="vagosec.org" />
+	<target host="www.vagosec.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/valdikss.org.ru.xml b/src/chrome/content/rules/valdikss.org.ru.xml
new file mode 100644
index 000000000000..672ca98c31b0
--- /dev/null
+++ b/src/chrome/content/rules/valdikss.org.ru.xml
@@ -0,0 +1,32 @@
+<!--
+www.valdikss.org.ru ¹
+anime.valdikss.org.ru ¹
+antiblock-alt.valdikss.org.ru ²
+muc.valdikss.org.ru ²
+serv.valdikss.org.ru ²
+spf.valdikss.org.ru ¹
+totallynota.valdikss.org.ru ²
+muc.totallynota.valdikss.org.ru ²
+proxy.totallynota.valdikss.org.ru ²
+tv.valdikss.org.ru ²
+xproxy.valdikss.org.ru ²
+xup.valdikss.org.ru ²
+
+
+¹ mismatch
+² refused
+-->
+<ruleset name="valdikss.org.ru">
+	<target host="valdikss.org.ru" />
+	<target host="acct.valdikss.org.ru" />
+	<target host="antiblock.valdikss.org.ru" />
+	<target host="tj.valdikss.org.ru" />
+	<target host="witch.valdikss.org.ru" />
+
+	<target host="www.valdikss.org.ru" />
+
+	<rule from="^http://www\.valdikss\.org\.ru/"
+		to="https://valdikss.org.ru/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/valelearning.com.xml b/src/chrome/content/rules/valelearning.com.xml
new file mode 100644
index 000000000000..33019aafd70f
--- /dev/null
+++ b/src/chrome/content/rules/valelearning.com.xml
@@ -0,0 +1,35 @@
+<!--
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	www.valelearning.com: Redirects to http
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- .valelearning.com
+		- secure.valelearning.com
+
+-->
+<ruleset name="Vale Learning.com (partial)">
+
+	<target host="secure.valelearning.com" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.valelearning\.com/(?:$|Style%20Library/)" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.valelearning\.com$" name="^cadata[\dA-F]{32}$" /-->
+	<!--securecookie host="^secure\.valelearning\.com$" name="^ValeWebCookie$" /-->
+
+	<securecookie host="^\." name="^cadata" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/valgrind.org.xml b/src/chrome/content/rules/valgrind.org.xml
new file mode 100644
index 000000000000..56fbdfe4574d
--- /dev/null
+++ b/src/chrome/content/rules/valgrind.org.xml
@@ -0,0 +1,11 @@
+<ruleset name="valgrind.org">
+	<target host="valgrind.org" />
+	<target host="www.valgrind.org" />
+	<!--
+	non-functional
+	<target host="svn.valgrind.org" />
+	<target host="njn.valgrind.org" />
+	-->
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/vanguard.xml b/src/chrome/content/rules/vanguard.xml
new file mode 100644
index 000000000000..b70b81c66463
--- /dev/null
+++ b/src/chrome/content/rules/vanguard.xml
@@ -0,0 +1,11 @@
+
+<ruleset name="vanguard.com">
+  <target host="vanguard.com" />
+  <target host="investor.vanguard.com" />
+  <target host="personal.vanguard.com" />
+
+
+  <rule from="^http:"
+          to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/variantweb.net.xml b/src/chrome/content/rules/variantweb.net.xml
new file mode 100644
index 000000000000..6187f6156fda
--- /dev/null
+++ b/src/chrome/content/rules/variantweb.net.xml
@@ -0,0 +1,17 @@
+<ruleset name="variantweb.net">
+
+	<target host="variantweb.net" />
+	<target host="www.variantweb.net" />
+
+		<!--	$ 404s, so:
+					-->
+		<test url="http://www.variantweb.net/blog/" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/vas-hosting.cz.xml b/src/chrome/content/rules/vas-hosting.cz.xml
new file mode 100644
index 000000000000..0e3aad645cc2
--- /dev/null
+++ b/src/chrome/content/rules/vas-hosting.cz.xml
@@ -0,0 +1,31 @@
+<!--
+	Mixed content:
+	- nastaveni.vas-hosting.cz
+	- ci.vas-hosting.cz
+	- fa.vas-hosting.cz
+	- ftp.vas-hosting.cz
+-->
+<ruleset name="Váš-hosting.cz">
+	<target host="vas-hosting.cz" />
+	<target host="www.vas-hosting.cz" />
+	<target host="centrum.vas-hosting.cz" />
+	<target host="webftp.vas-hosting.cz" />
+	<target host="mail.vas-hosting.cz" />
+	<target host="payment.vas-hosting.cz" />
+	<target host="programpartner.vas-hosting.cz" />
+	<target host="uhrada.vas-hosting.cz" />
+	<target host="edit.vas-hosting.cz" />
+	<target host="mysql.vas-hosting.cz" />
+	<target host="reboot.vas-hosting.cz" />
+	<target host="ca.vas-hosting.cz" />
+	<target host="adminer12.vas-hosting.cz" />
+	<target host="mysql12.vas-hosting.cz" />
+	<target host="adminer10.vas-hosting.cz" />
+	<target host="mysql10.vas-hosting.cz" />
+	<target host="adminer9.vas-hosting.cz" />
+	<target host="mysql9.vas-hosting.cz" />
+	<target host="pgsql.vas-hosting.cz" />
+	<target host="ss3.vas-hosting.cz" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/vasexperts.ru.xml b/src/chrome/content/rules/vasexperts.ru.xml
new file mode 100644
index 000000000000..1db9aa423842
--- /dev/null
+++ b/src/chrome/content/rules/vasexperts.ru.xml
@@ -0,0 +1,12 @@
+<!--
+blog.vasexperts.ru ⁴
+
+
+⁴ self signed
+-->
+<ruleset name="vasexperts.ru">
+	<target host="vasexperts.ru" />
+	<target host="www.vasexperts.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/vaticannews.va.xml b/src/chrome/content/rules/vaticannews.va.xml
new file mode 100644
index 000000000000..b55d72b43ea0
--- /dev/null
+++ b/src/chrome/content/rules/vaticannews.va.xml
@@ -0,0 +1,14 @@
+<!--
+	Timeout:
+		tts.vaticannews.va
+-->
+<ruleset name="vaticannews.va">
+
+	<target host="www.vaticannews.va" />
+	<target host="media.vaticannews.va" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/vaultoro.com.xml b/src/chrome/content/rules/vaultoro.com.xml
new file mode 100644
index 000000000000..58e1e26ecbe1
--- /dev/null
+++ b/src/chrome/content/rules/vaultoro.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Nonfunctional hosts in *vaultoro.com:
+
+		- blog ³
+		- support ³
+
+	³ 403
+
+-->
+<ruleset name="Vaultoro.com (partial)">
+
+	<target host="vaultoro.com" />
+	<target host="api.vaultoro.com" />
+	<target host="audit.vaultoro.com" />
+	<target host="trade.vaultoro.com" />
+	<target host="www.vaultoro.com" />
+
+
+	<securecookie host="^\." name="^(?:incap_ses|visid_incap)_" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/vauva.fi.xml b/src/chrome/content/rules/vauva.fi.xml
new file mode 100644
index 000000000000..7c91549a06df
--- /dev/null
+++ b/src/chrome/content/rules/vauva.fi.xml
@@ -0,0 +1,40 @@
+<!--
+	Note: platform is so as not to increase non-Tor
+	distinguishability, given that no pages are covered
+	and no mixed content secured.
+
+-->
+<ruleset name="Vauva.fi (partial)" platform="mixedcontent">
+
+	<target host="vauva.fi" />
+	<target host="www.vauva.fi" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.vauva\.fi/(?:$|blogit$|haku$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://(?:www\.)?vauva\.fi/(?!/*(?:s3fs-css/|sites/|tilaa/*(?:$|\?)))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.vauva.fi/haku" />
+			<test url="http://www.vauva.fi/comment/27089859" />
+			<test url="http://www.vauva.fi/comment/27098725" />
+			<test url="http://www.vauva.fi/comment/27100482" />
+			<test url="http://www.vauva.fi/comment/27098725" />
+			<test url="http://www.vauva.fi/comment/27083019" />
+			<test url="http://www.vauva.fi/blogit" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.vauva.fi/s3fs-css/css/css_WqV69UA1faoRQbJdtSwGwUJ8MK7FrjmmaCOY4qeUK-c.css" />
+			<test url="http://www.vauva.fi/sites/all/themes/custom/vauva/logo.svg" />
+			<test url="http://www.vauva.fi/tilaa" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/vcephysics.com.xml b/src/chrome/content/rules/vcephysics.com.xml
new file mode 100644
index 000000000000..73336cba6a47
--- /dev/null
+++ b/src/chrome/content/rules/vcephysics.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="vcephysics.com" platform="mixedcontent">
+	<target host="vcephysics.com" />
+	<target host="www.vcephysics.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/vdvc.de.xml b/src/chrome/content/rules/vdvc.de.xml
new file mode 100644
index 000000000000..e08938555fea
--- /dev/null
+++ b/src/chrome/content/rules/vdvc.de.xml
@@ -0,0 +1,6 @@
+<ruleset name="vdvc.de">
+	<target host="vdvc.de" />
+	<target host="www.vdvc.de" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/vedomosti.ru-falsemixed.xml b/src/chrome/content/rules/vedomosti.ru-falsemixed.xml
new file mode 100644
index 000000000000..31d87608af84
--- /dev/null
+++ b/src/chrome/content/rules/vedomosti.ru-falsemixed.xml
@@ -0,0 +1,16 @@
+<!--
+	For rules not causing false/broken MCB, see vedomosti.ru.xml.
+
+-->
+<ruleset name="Vedomosti.ru (false MCB)" platform="mixedcontent">
+
+	<target host="id.vedomosti.ru" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/vedomosti.ru.xml b/src/chrome/content/rules/vedomosti.ru.xml
new file mode 100644
index 000000000000..e073ccaa41ba
--- /dev/null
+++ b/src/chrome/content/rules/vedomosti.ru.xml
@@ -0,0 +1,75 @@
+<!--
+	For rules causing false/broken MCB, see vedomosti.ru-falsemixed.xml.
+
+
+	Problematic hosts in *vedomosti.ru:
+
+		- friday ᵉ
+		- id ˣ
+		- info ᵉ
+		- kp ᵉ
+		- old ᵉ
+
+	ᵉ Expired
+	ˣ Mixed css, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- vedomosti.ru
+		- .vedomosti.ru
+		- buy.vedomosti.ru
+		- friday.vedomosti.ru
+		- id.vedomosti.ru
+		- kp.vedomosti.ru
+		- m.vedomosti.ru
+		- promo.vedomosti.ru
+		- www.vedomosti.ru
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css on id from $self ˢ
+		- Images on id from $self ˢ
+		- favicons on id, promo from $self ˢ
+
+		- Bugs, on:
+
+			- buy, id, kp, promo from counter.rambler.ru ˢ
+			- kp from top.list.ru ˢ
+			- kp from www.tns-counter.ru ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Vedomosti.ru (partial)">
+
+	<target host="vedomosti.ru" />
+	<target host="buy.vedomosti.ru" />
+	<target host="cdn.vedomosti.ru" />
+	<!--target host="id.vedomosti.ru" /-->
+	<target host="m.vedomosti.ru" />
+	<target host="promo.vedomosti.ru" />
+	<target host="www.vedomosti.ru" />
+
+		<!--	Mixed content:
+					-->
+		<!--test url="http://promo.vedomosti.ru/gift/" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:(?:buy|id|m|promo|www)\.)?vedomosti\.ru$" name="^srv_id$" /-->
+	<!--securecookie host="^\.vedomosti\.ru$" name="^(?:access_token|is_mobile|original_referer|vid)$" /-->
+	<!--securecookie host="^(?:friday|kp)\.vedomosti\.ru$" name="^Apache$" /-->
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/vedtver.ru.xml b/src/chrome/content/rules/vedtver.ru.xml
new file mode 100644
index 000000000000..e16acdfd9443
--- /dev/null
+++ b/src/chrome/content/rules/vedtver.ru.xml
@@ -0,0 +1,5 @@
+<ruleset name="vedtver.ru">
+	<target host="vedtver.ru" />
+	<target host="www.vedtver.ru" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/vegatele.com.xml b/src/chrome/content/rules/vegatele.com.xml
new file mode 100644
index 000000000000..924bcee6d0fb
--- /dev/null
+++ b/src/chrome/content/rules/vegatele.com.xml
@@ -0,0 +1,13 @@
+<!--
+vegatele.com redirect
+www.vegatele.com redirect
+music.vegatele.com timed out
+stat.vegatele.com protocol error
+drweb.vegatele.com timed out
+chat.vegatele.com timed out
+-->
+<ruleset name="vegatele.com (partial)">
+	<target host="my.vegatele.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/veggiekarte.de.xml b/src/chrome/content/rules/veggiekarte.de.xml
new file mode 100644
index 000000000000..f59f879e732a
--- /dev/null
+++ b/src/chrome/content/rules/veggiekarte.de.xml
@@ -0,0 +1,8 @@
+<ruleset name="veggiekarte.de">
+	<target host="veggiekarte.de" />
+	<target host="www.veggiekarte.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/veloplus.xml b/src/chrome/content/rules/veloplus.xml
new file mode 100644
index 000000000000..818c38666e57
--- /dev/null
+++ b/src/chrome/content/rules/veloplus.xml
@@ -0,0 +1,13 @@
+<!--
+	self-signed:
+		- blog.veloplus.ch
+-->
+<ruleset name="Veloplus">
+	<target host="veloplus.ch"/>
+	<target host="www.veloplus.ch"/>
+	<target host="velofinder.ch"/>
+	<target host="www.velofinder.ch"/>
+
+	<rule from="^http:"
+		to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/vendini.com.xml b/src/chrome/content/rules/vendini.com.xml
new file mode 100644
index 000000000000..59bedc328e2e
--- /dev/null
+++ b/src/chrome/content/rules/vendini.com.xml
@@ -0,0 +1,90 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://landing.vendini.com/css/mktLPSupportCompat.css (200) => https://na-ab05.marketo.com/css/mktLPSupportCompat.css (403)
+Non-2xx HTTP code: http://landing.vendini.com/rs/vendini/images/nav_bg.jpg (200) => https://na-ab05.marketo.com/rs/vendini/images/nav_bg.jpg (403)
+
+	Nonfunctional hosts in *vendini.com:
+
+		- ^ *
+		- landing ᵃ
+		- siteline ᵈ
+		- siteline2 ᵈ
+		- tracker ᵈ
+
+	* No supported ciphers
+	ᵃ Marketo / shows another domain
+	ᵈ Dropped
+
+
+	Problematic hosts in *vendini.com:
+
+		- bristolrhythm.lm ᶜ
+		- essence.lm ᶜ
+		- newportfestivals.lm ᶜ
+
+	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- apps.vendini.com
+		- queue.vendini.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Vendini.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="apps.vendini.com" />
+
+	<!--target host="bristolrhythm.lm.vendini.com" /-->
+	<!--target host="essence.lm.vendini.com" /-->
+	<!--target host="newportfestivals.lm.vendini.com" /-->
+
+	<target host="queue.vendini.com" />
+	<target host="support.vendini.com" />
+	<target host="www.vendini.com" />
+
+		<!--	$ redirects to ^vendini.com, so:
+							-->
+		<test url="http://www.vendini.com/ticket-software.html" />
+
+	<!--	Complications:
+				-->
+	<target host="landing.vendini.com" />
+
+		<exclusion pattern="^http://landing\.vendini\.com/(?!/*(?:cs|image|r)s/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://landing.vendini.com/Definitive-Buyers-Guide-for-Ticketing-Software.html" />
+			<test url="http://landing.vendini.com/demo-request-comedy-01.html" />
+			<test url="http://landing.vendini.com/demo-request-fest-01.html" />
+			<test url="http://landing.vendini.com/demo-request-ga-02.html" />
+			<test url="http://landing.vendini.com/demo-request-pa-01.html" />
+			<test url="http://landing.vendini.com/webinar-multigenerational-audiences.html" />
+			<test url="http://landing.vendini.com/webinar-price-optimization.html" />
+			<test url="http://landing.vendini.com/webinar-rental-business.html" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^apps\.vendini\.com$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^queue\.vendini\.com$" name="^Queue-it" /-->
+
+	<securecookie host="^(?!landing\.)\w" name=".+" />
+
+
+	<rule from="^http://landing\.vendini\.com/"
+		to="https://na-ab05.marketo.com/" />
+
+		<test url="http://landing.vendini.com/css/mktLPSupportCompat.css" />
+		<test url="http://landing.vendini.com/rs/vendini/images/nav_bg.jpg" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/venuu.fi.xml b/src/chrome/content/rules/venuu.fi.xml
new file mode 100644
index 000000000000..56836c45097b
--- /dev/null
+++ b/src/chrome/content/rules/venuu.fi.xml
@@ -0,0 +1,48 @@
+<!--
+	Nonfunctional hosts in *venuu.fi:
+
+		- cheek ʳ
+
+	ʳ Refused
+
+
+	Problematic hosts in *venuu.fi:
+
+		- blog ᵐ
+		- partnerit ᵐ
+
+	ᵐ Hubspot / mismatched
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- venuu.fi
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css on blog, partnerit from $self ˢ
+		- Images on blog, partnerit from $self ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Venuu.fi (partial)">
+
+	<target host="venuu.fi" />
+	<target host="www.venuu.fi" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^venuu\.fi$" name="^(?:_csrf_token|_session_id|ajs_anonymous|checkify_a|visitor_uuid)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/veritas.com.xml b/src/chrome/content/rules/veritas.com.xml
new file mode 100644
index 000000000000..a00274f8d8b8
--- /dev/null
+++ b/src/chrome/content/rules/veritas.com.xml
@@ -0,0 +1,28 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- my.veritas.com
+		- www.veritas.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Veritas.com">
+
+	<target host="veritas.com" />
+	<target host="my.veritas.com" />
+	<target host="www.veritas.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^my\.veritas\.com$" name="^(?:BIGipServer|JSESSIONID$)" /-->
+	<!--securecookie host="^www\.veritas\.com$" name="^BIGipServer" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/verizon.net.xml b/src/chrome/content/rules/verizon.net.xml
new file mode 100644
index 000000000000..fe76020dc102
--- /dev/null
+++ b/src/chrome/content/rules/verizon.net.xml
@@ -0,0 +1,74 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://static-business.verizon.net/ => https://static-business.verizon.net/: (51, "SSL: no alternative certificate subject name matches target host name 'static-business.verizon.net'")
+
+	For other Verizon coverage, see Verizon.xml.
+
+
+	CDN buckets:
+
+		- wildcard.verizon.net.edgekey.net	← static-business
+		- vrzn.lithium.com	← forums.verizon.com
+
+
+	Problematic hosts in *verizon.net:
+
+		- ^ ᵐ
+		- businessforums ʳ
+
+	ᵐ Mismatched
+	ʳ Refused; preemptable redirect
+
+
+	Insecure cookies are set for these hosts:
+
+		- care.verizon.net
+
+-->
+<ruleset name="Verizon.net (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="business.verizon.net" />
+	<!--target host="care.verizon.net" /-->
+	<target host="static-business.verizon.net" />
+	<target host="www.verizon.net" />
+
+	<!--	Complications:
+				-->
+	<target host="verizon.net" />
+	<target host="businessforums.verizon.net" />
+
+		<!--	No longer seems to redirect.
+							-->
+		<!--exclusion pattern="^http://business\.verizon\.net/.*SMBPortalWeb/login$" /-->
+
+			<test url="http://business.verizon.net/SMBPortalWeb/vanity.url?orig_url=/SMBPortalWeb/login" />
+
+		<!--	Sets cookie without Secure:
+							-->
+		<!--test url="http://care.verizon.net/iha/IHAPC.aspx" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^care\.verizon\.net$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^(?:www\.)?verizon\.net$" name=".+" />
+
+
+	<rule from="^http://verizon\.net/"
+		to="https://www.verizon.net/" />
+
+	<!--	Redirect drops all:
+					-->
+	<rule from="^http://businessforums\.verizon\.net/.*"
+		to="https://business.verizon.com/MyBusinessAccount/one.portal?_nfpb=true&amp;_pageLabel=gb_mycommunity" />
+
+		<test url="http://businessforums.verizon.net/default.aspx" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/verizonbusiness.com.xml b/src/chrome/content/rules/verizonbusiness.com.xml
new file mode 100644
index 000000000000..0ce41b718b26
--- /dev/null
+++ b/src/chrome/content/rules/verizonbusiness.com.xml
@@ -0,0 +1,25 @@
+<!--
+	For other Verizon coverage, see Verizon.xml.
+
+
+	www.verizonbusiness.com: Mismatched; preemptable redirect
+
+	^verizonbusiness.com: Dropped over http & https
+
+-->
+<ruleset name="Verizon Business.com">
+
+	<!--	Complications:
+				-->
+	<target host="www.verizonbusiness.com" />
+
+
+	<!--	Redirect keeps all:
+					-->
+	<rule from="^http://www\.verizonbusiness\.com/"
+		to="https://www.verizonenterprise.com/" />
+
+		<test url="http://www.verizonbusiness.com/guide/" />
+		<test url="http://www.verizonbusiness.com/it/solutions/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/verkaufen.ch.xml b/src/chrome/content/rules/verkaufen.ch.xml
new file mode 100644
index 000000000000..2bd3154512e1
--- /dev/null
+++ b/src/chrome/content/rules/verkaufen.ch.xml
@@ -0,0 +1,22 @@
+<!--
+	Wrong content:
+		- verkaufen.ch
+
+	Mismatch:
+		- reparieren.ch
+-->
+<ruleset name="verkaufen.ch">
+	<target host="verkaufen.ch"/>
+	<target host="www.verkaufen.ch"/>
+	<target host="admin.verkaufen.ch"/>
+	<target host="shop.verkaufen.ch"/>
+	<target host="reparieren.ch"/>
+	<target host="www.reparieren.ch"/>
+
+	<rule from="^http://verkaufen\.ch/"
+		to="https://www.verkaufen.ch/"/>
+	<rule from="^http://reparieren\.ch/"
+		to="https://www.reparieren.ch/"/>
+	<rule from="^http:"
+		to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/vermont-it.ru.xml b/src/chrome/content/rules/vermont-it.ru.xml
new file mode 100644
index 000000000000..7c2749f65888
--- /dev/null
+++ b/src/chrome/content/rules/vermont-it.ru.xml
@@ -0,0 +1,9 @@
+<!--
+vermont-it.ru mismatch
+www.vermont-it.ru mismatch
+-->
+<ruleset name="vermont-it.ru (partial)">
+	<target host="stat.vermont-it.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/verseone.com.xml b/src/chrome/content/rules/verseone.com.xml
new file mode 100644
index 000000000000..e30550fa97b0
--- /dev/null
+++ b/src/chrome/content/rules/verseone.com.xml
@@ -0,0 +1,64 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://hc.verseone.com/default.aspx => https://www.howard-cottage.co.uk/default.aspx: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://hc.verseone.com/ => https://www.howard-cottage.co.uk/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	Nonfunctional hosts in *verseone.com:
+
+		- aruneastpreston ᶠ
+		- arunfelpham ᶠ
+		- arunarundel ᶠ
+		- kht ᵃ
+		- lewisham ᶠ
+
+	ᵃ Shows another domain
+	ᶠ Handshake fails
+
+
+	Problematic hosts in *verseone.com:
+
+		- hc ᶠ
+		- hightown ᵐ
+
+	ᶠ Handshake fails, preemptable redirect
+	ᵐ Mismatched
+
+-->
+<ruleset name="VerseOne.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="verseone.com" />
+	<target host="www.verseone.com" />
+
+	<!--	Complications:
+				-->
+	<target host="hc.verseone.com" />
+	<target host="hightown.verseone.com" />
+
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<!--	Redirect keeps path and args,
+		but not forward slash:
+						-->
+	<rule from="^http://hc\.verseone\.com/+"
+		to="https://www.howard-cottage.co.uk/" />
+
+		<test url="http://hc.verseone.com/default.aspx" />
+
+	<!--	Redirect keeps path and args,
+		but not forward slash:
+						-->
+	<rule from="^http://hightown\.verseone\.com/+"
+		to="https://myaccount.hightownha.org.uk/" />
+
+		<test url="http://hightown.verseone.com/register" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/version6.ru.xml b/src/chrome/content/rules/version6.ru.xml
new file mode 100644
index 000000000000..a5be073bdc06
--- /dev/null
+++ b/src/chrome/content/rules/version6.ru.xml
@@ -0,0 +1,8 @@
+<!--
+www.version6.ru nonexist
+-->
+<ruleset name="version6.ru">
+	<target host="version6.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/versionista.com.xml b/src/chrome/content/rules/versionista.com.xml
new file mode 100644
index 000000000000..773b61cbffca
--- /dev/null
+++ b/src/chrome/content/rules/versionista.com.xml
@@ -0,0 +1,20 @@
+<!--
+	CDN buckets:
+
+		- d2yvi9gznhuo9f.cloudfront.net
+
+-->
+<ruleset name="Versionista.com">
+
+	<target host="versionista.com" />
+	<target host="www.versionista.com" />
+
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/verywell.com.xml b/src/chrome/content/rules/verywell.com.xml
new file mode 100644
index 000000000000..2bdac5aa72db
--- /dev/null
+++ b/src/chrome/content/rules/verywell.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- .verywell.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Verywell.com">
+
+	<target host="verywell.com" />
+	<target host="www.verywell.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.verywell\.com$" name="^(?:Mint|TMog|pc)$" /-->
+
+	<securecookie host="^\." name="^_ga" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/vesti.ru.xml b/src/chrome/content/rules/vesti.ru.xml
new file mode 100644
index 000000000000..f01269265f33
--- /dev/null
+++ b/src/chrome/content/rules/vesti.ru.xml
@@ -0,0 +1,104 @@
+<!--
+vesti.ru ¹
+2001.vesti.ru ¹
+9may.vesti.ru ¹
+abudhabi.vesti.ru ⁷
+android.vesti.ru ⁴
+athletic.vesti.ru ¹
+auto.vesti.ru ¹
+buy.auto.vesti.ru ¹
+m.auto.vesti.ru ¹
+rc.auto.vesti.ru ¹
+avto.vesti.ru ¹
+biathlon.vesti.ru ¹
+www.biathlon.vesti.ru ¹
+bruni.vesti.ru ¹
+www.bruni.vesti.ru ¹
+cards.vesti.ru ¹
+cdn1.vesti.ru ¹
+cdnmg.vesti.ru ¹
+consultant.vesti.ru ³
+app.consultant.vesti.ru ²
+cr.vesti.ru ²
+england.vesti.ru ¹
+www.england.vesti.ru ¹
+2011.england.vesti.ru ¹
+2012.england.vesti.ru ¹
+england2013.vesti.ru ¹
+euro2012.vesti.ru ¹
+euro2016.vesti.ru ¹
+eurovision.vesti.ru ¹
+football.vesti.ru ¹
+forum2012.vesti.ru ¹
+forum2016.vesti.ru ¹
+france.vesti.ru ¹
+health.vesti.ru ¹
+hitech.vesti.ru ¹
+www.hitech.vesti.ru ¹
+test.hitech.vesti.ru ¹
+hockey.vesti.ru ¹
+www.hockey.vesti.ru ¹
+www.hockey2011.vesti.ru ¹
+ipad.vesti.ru ⁴
+iphone.vesti.ru ⁴
+jordan.vesti.ru ²
+kino.vesti.ru ¹
+light.vesti.ru ⁴
+london2012.vesti.ru ¹
+mb.vesti.ru ³
+reklama.mb.vesti.ru ⁷
+video.mb.vesti.ru ⁷
+med.vesti.ru ²
+mobile.vesti.ru ⁴
+multivita.vesti.ru ¹
+muzarteria.vesti.ru ⁷
+narodnayakarta.vesti.ru ¹
+narodnaykarta.vesti.ru ¹
+www.narodnaykarta.vesti.ru ¹
+nokian.vesti.ru ⁷
+www.operator.vesti.ru ¹
+pics.vesti.ru ¹
+pics1.vesti.ru ³
+probki.vesti.ru ⁴
+radio.vesti.ru ¹
+www.radio.vesti.ru ¹
+realty.vesti.ru ¹
+www.realty.vesti.ru ¹
+test.realty.vesti.ru ¹
+reporter.vesti.ru ³
+services.vesti.ru ⁴
+sochi2014.vesti.ru ¹
+sport.vesti.ru ¹
+www.sport.vesti.ru ¹
+static.vesti.ru ²
+www.static.vesti.ru ¹
+static2.vesti.ru ¹
+strana.vesti.ru ³
+toolbar.vesti.ru ⁴
+travel.vesti.ru ¹
+test.travel.vesti.ru ¹
+vera.vesti.ru ¹
+old.vera.vesti.ru ¹
+vera2.vesti.ru ¹
+vukavuka.vesti.ru ⁷
+
+
+¹ mismatch
+² refused
+³ timed out
+⁴ self signed
+⁷ protocol error
+-->
+<ruleset name="vesti.ru">
+	<target host="www.vesti.ru" />
+	<target host="n.vesti.ru" />
+	<target host="news.vesti.ru" />
+	<target host="nocache.vesti.ru" />
+
+	<target host="vesti.ru" />
+
+	<rule from="^http://vesti\.ru/"
+		to="https://www.vesti.ru/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/vevent.com.xml b/src/chrome/content/rules/vevent.com.xml
new file mode 100644
index 000000000000..885fdff560dd
--- /dev/null
+++ b/src/chrome/content/rules/vevent.com.xml
@@ -0,0 +1,31 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://vevent.com/ => https://vevent.com/: (6, 'Could not resolve host: vevent.com')
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- engage.vevent.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="vevent.com" default_off="failed ruleset test">
+
+	<target host="vevent.com" />
+	<target host="engage.vevent.com" />
+	<target host="support.vevent.com" />
+	<target host="www.vevent.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^engage\.vevent\.com$" name="^BIGipServer" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/vex.net.xml b/src/chrome/content/rules/vex.net.xml
new file mode 100644
index 000000000000..ad2b1e6d7749
--- /dev/null
+++ b/src/chrome/content/rules/vex.net.xml
@@ -0,0 +1,36 @@
+<!--
+	^vex.net: Handshake fails
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.vex.net
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Vex.net">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.vex.net" />
+
+	<!--	Complications:
+				-->
+	<target host="vex.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.vex\.net$" name="^VYBE-user$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://vex\.net/"
+		to="https://www.vex.net/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/vexor.io.xml b/src/chrome/content/rules/vexor.io.xml
new file mode 100644
index 000000000000..a97307edbeff
--- /dev/null
+++ b/src/chrome/content/rules/vexor.io.xml
@@ -0,0 +1,9 @@
+<!--
+www.vexor.io nonexist
+-->
+<ruleset name="vexor.io">
+	<target host="vexor.io" />
+	<target host="ci.vexor.io" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/vfl.ru.xml b/src/chrome/content/rules/vfl.ru.xml
new file mode 100644
index 000000000000..86313742e994
--- /dev/null
+++ b/src/chrome/content/rules/vfl.ru.xml
@@ -0,0 +1,32 @@
+<!--
+	Invalid certificate:
+		da.vfl.ru
+		storage02.vfl.ru
+		storage04.vfl.ru
+		wiki.vfl.ru
+		www.wiki.vfl.ru
+
+	Refused:
+		images01.vfl.ru
+		mx.vfl.ru
+		storage03.vfl.ru
+-->
+<ruleset name="vfl.ru">
+	<target host="vfl.ru" />
+	<target host="www.vfl.ru" />
+	<target host="forum.vfl.ru" />
+	<target host="fotohosting.vfl.ru" />
+	<target host="frontend.vfl.ru" />
+	<target host="images.vfl.ru" />
+	<target host="images06.vfl.ru" />
+	<target host="m.vfl.ru" />
+	<target host="pf.vfl.ru" />
+	<target host="storage.vfl.ru" />
+	<target host="storage05.vfl.ru" />
+	<target host="images02.vfl.ru" />
+	<target host="images03.vfl.ru" />
+	<target host="images04.vfl.ru" />
+	<target host="images07.vfl.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/vg247.com.xml b/src/chrome/content/rules/vg247.com.xml
new file mode 100644
index 000000000000..6523bcd053a4
--- /dev/null
+++ b/src/chrome/content/rules/vg247.com.xml
@@ -0,0 +1,38 @@
+<!--
+	CDN buckets:
+
+		- images.vg247.com.s3.amazonaws.com | d2f23iedlijwim.cloudfront.net
+			- aws permanently redirects
+
+
+	Mixed content:
+
+		- Image on www from assets.vg247.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="VG247.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="vg247.com" />
+	<target host="assets.vg247.com" />
+	<target host="www.vg247.com" />
+
+	<!--	Complications:
+				-->
+	<target host="images.vg247.com" />
+
+		<!--	Mixed image:
+					-->
+		<!--test url="http://www.vg247.com/2016/03/12/star-wars-battlefronts-outer-rim-dated-and-priced-by-gamestop/" /-->
+
+
+	<rule from="^http://images\.vg247\.com/"
+		to="https://d2f23iedlijwim.cloudfront.net/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/vgtrk.com.xml b/src/chrome/content/rules/vgtrk.com.xml
new file mode 100644
index 000000000000..25341093598a
--- /dev/null
+++ b/src/chrome/content/rules/vgtrk.com.xml
@@ -0,0 +1,59 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- vgtrk.com
+		- www.vgtrk.com
+
+
+	Nonfunctional hosts in *.vgtrk.com:
+
+		- cable.vgtrk.com (mx)
+		- www.chorus.vgtrk.com (m)
+		- mobile.vgtrk.com (m)
+		- old.vgtrk.com (mx)
+		- sales.vgtrk.com (s)
+		- tendering.vgtrk.com (mx)
+
+	h: http redirect
+	m: certificate mismatch
+	mx: mixed content
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+
+
+	Mixed content:
+
+		- css from fonts.googleapis.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="VGTRK.com">
+
+	<target host="vgtrk.com" />
+	<target host="www.vgtrk.com" />
+	<target host="api.vgtrk.com" />
+	<target host="chorus.vgtrk.com" />
+		<target host="www.chorus.vgtrk.com" />
+	<target host="files.vgtrk.com" />
+		<test url="http://files.vgtrk.com/022.pdf" />
+	<target host="old.vgtrk.com" />
+	<target host="player.vgtrk.com" />
+	<target host="tech.vgtrk.com" />
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?vgtrk\.com$" name="^ngx_uid$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<!-- cert only matches *.vgtrk.com -->
+	<rule from="^http://www\.chorus\.vgtrk\.com/"
+		to="https://chorus.vgtrk.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/vhf-expired.xml b/src/chrome/content/rules/vhf-expired.xml
deleted file mode 100644
index add404d3c953..000000000000
--- a/src/chrome/content/rules/vhf-expired.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="vhf (expired)" default_off="expired">
-
-	<target host="vhf.de"/>
-	<target host="*.vhf.de"/>
-
-	<rule from="^http://(?:www1?\.)?vhf\.de/"
-		to="https://www.vhf.de/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/vhf.de.xml b/src/chrome/content/rules/vhf.de.xml
new file mode 100644
index 000000000000..d618125acc90
--- /dev/null
+++ b/src/chrome/content/rules/vhf.de.xml
@@ -0,0 +1,11 @@
+<ruleset name="vhf.de">
+
+	<target host="vhf.de"/>
+	<target host="www.vhf.de"/>
+	<target host="shop.vhf.de"/>
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/vhf.xml b/src/chrome/content/rules/vhf.xml
deleted file mode 100644
index 1851023c64eb..000000000000
--- a/src/chrome/content/rules/vhf.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="vhf (partial)" platform="mixedcontent">
-
-	<target host="shop.vhf.de"/>
-
-	<rule from="^http://shop\.vhf\.de/"
-		to="https://shop.vhf.de/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/vhffs.org.xml b/src/chrome/content/rules/vhffs.org.xml
new file mode 100644
index 000000000000..07439a3bc28a
--- /dev/null
+++ b/src/chrome/content/rules/vhffs.org.xml
@@ -0,0 +1,22 @@
+<!--
+projects.vhffs.org ³
+panel.vhffs.org ³
+
+
+³ timed out
+
+-->
+<ruleset name="VHFFS.org">
+
+	<target host="vhffs.org" />
+	<target host="bugs.vhffs.org" />
+	<target host="www.vhffs.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/vhs-karlsruhe.de.xml b/src/chrome/content/rules/vhs-karlsruhe.de.xml
new file mode 100644
index 000000000000..693e05f7752b
--- /dev/null
+++ b/src/chrome/content/rules/vhs-karlsruhe.de.xml
@@ -0,0 +1,10 @@
+<ruleset name="vhs Karlsruhe">
+
+	<target host="vhs-karlsruhe.de" />
+	<target host="www.vhs-karlsruhe.de" />
+	<target host="moodle.vhs-karlsruhe.de" />
+	<target host="upgrade.vhs-karlsruhe.de" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/vhs-lu.de.xml b/src/chrome/content/rules/vhs-lu.de.xml
new file mode 100644
index 000000000000..c8a10afd9987
--- /dev/null
+++ b/src/chrome/content/rules/vhs-lu.de.xml
@@ -0,0 +1,8 @@
+<ruleset name="Volkshochschule Ludwigshafen">
+
+	<target host="vhs-lu.de" />
+	<target host="www.vhs-lu.de" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/vi-serve.com.xml b/src/chrome/content/rules/vi-serve.com.xml
new file mode 100644
index 000000000000..1184366a06fe
--- /dev/null
+++ b/src/chrome/content/rules/vi-serve.com.xml
@@ -0,0 +1,17 @@
+<ruleset name="vi-serve.com">
+
+	<target host="c.vi-serve.com" />
+	<target host="nv.vi-serve.com" />
+	<target host="pb.vi-serve.com" />
+	<target host="pb0.vi-serve.com" />
+	<target host="s.vi-serve.com" />
+		<test url="http://s.vi-serve.com/tagLoader.js" />
+	<target host="s404-1.vi-serve.com" />
+	<target host="t.vi-serve.com" />
+	<target host="vis.vi-serve.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/viceland.com.xml b/src/chrome/content/rules/viceland.com.xml
new file mode 100644
index 000000000000..34d86a6e30d4
--- /dev/null
+++ b/src/chrome/content/rules/viceland.com.xml
@@ -0,0 +1,28 @@
+<!--
+	For other Vice coverage, see Vice.xml.
+
+
+	Mixed content:
+
+		- Bug from b.scorecardresearch.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Viceland.com">
+
+	<target host="viceland.com" />
+	<target host="scs.viceland.com" />
+	<target host="www.viceland.com" />
+
+		<test url="http://scs.viceland.com/int/v17n2/htdocs/ryan-comic-344/ryan-mining-colony.gif" />
+
+
+	<securecookie host="^\." name="^(?:__qca$|optimizely)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/victoriaforms.com.xml b/src/chrome/content/rules/victoriaforms.com.xml
new file mode 100644
index 000000000000..814def0f283b
--- /dev/null
+++ b/src/chrome/content/rules/victoriaforms.com.xml
@@ -0,0 +1,20 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Non-2xx HTTP code: http://victoriaforms.com/ (200) => https://victoriaforms.com/ (403)
+Non-2xx HTTP code: http://www.victoriaforms.com/ (200) => https://www.victoriaforms.com/ (403)
+
+-->
+<ruleset name="Victoria forms.com" default_off="failed ruleset test">
+
+	<target host="victoriaforms.com" />
+	<target host="www.victoriaforms.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/video-download.online.xml b/src/chrome/content/rules/video-download.online.xml
new file mode 100644
index 000000000000..b406d80248e4
--- /dev/null
+++ b/src/chrome/content/rules/video-download.online.xml
@@ -0,0 +1,27 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- video-download.online
+		- www.video-download.online
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Video-Download.online">
+
+	<target host="video-download.online" />
+	<target host="www.video-download.online" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?video-download\.online$" name="^sid$" /-->
+
+	<securecookie host="^\." name="^(?:__cfduid$|_ga|cf_clearance$)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/videoincloud.com.xml b/src/chrome/content/rules/videoincloud.com.xml
new file mode 100644
index 000000000000..dc44ff62c80c
--- /dev/null
+++ b/src/chrome/content/rules/videoincloud.com.xml
@@ -0,0 +1,18 @@
+<!--
+	Fail:
+		^
+		www.videoincloud.com
+
+ 	Mismatched:
+		ts.videoincloud.com
+-->
+<ruleset name="videoincloud.com">
+	<target host="click.videoincloud.com" />
+	<target host="live.videoincloud.com" />
+	<target host="player.videoincloud.com" />
+	<target host="static.videoincloud.com" />
+	<target host="v.videoincloud.com" />
+	<target host="vod.videoincloud.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/videos.toypics.net.xml b/src/chrome/content/rules/videos.toypics.net.xml
new file mode 100644
index 000000000000..af1163ca56ab
--- /dev/null
+++ b/src/chrome/content/rules/videos.toypics.net.xml
@@ -0,0 +1,5 @@
+<ruleset name="Toypics" platform="mixedcontent">
+  <target host="videos.toypics.net" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/viewablemedia.net.xml b/src/chrome/content/rules/viewablemedia.net.xml
new file mode 100644
index 000000000000..4f740680c8cd
--- /dev/null
+++ b/src/chrome/content/rules/viewablemedia.net.xml
@@ -0,0 +1,19 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://viewablemedia.net/ => https://www.viewablemedia.net/: (7, 'Failed to connect to www.viewablemedia.net port 443: Connection timed out')
+Fetch error: http://www.viewablemedia.net/ => https://www.viewablemedia.net/: (7, 'Failed to connect to www.viewablemedia.net port 443: Connection timed out')
+
+	For other Visible Measures coverage, see Visible-Measures.xml.
+
+-->
+<ruleset name="Viewable Media.net" default_off="failed ruleset test">
+
+	<target host="viewablemedia.net" />
+	<target host="www.viewablemedia.net" />
+
+
+	<rule from="^http://(?:www\.)?viewablemedia\.net/"
+		to="https://www.viewablemedia.net/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/viidii.info.xml b/src/chrome/content/rules/viidii.info.xml
new file mode 100644
index 000000000000..bb0d304c63b3
--- /dev/null
+++ b/src/chrome/content/rules/viidii.info.xml
@@ -0,0 +1,11 @@
+<!--
+	503:
+		^
+-->
+
+<ruleset name="viidii.info">
+	<target host="www.viidii.info" />
+		<test url="http://www.viidii.info/web/style.css" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/vim-cn.com.xml b/src/chrome/content/rules/vim-cn.com.xml
new file mode 100644
index 000000000000..af20d7d894ec
--- /dev/null
+++ b/src/chrome/content/rules/vim-cn.com.xml
@@ -0,0 +1,16 @@
+<!--
+	Invalid Certificate:
+		- vim-cn.com
+		- www.vim-cn.com
+		- dimg.vim-cn.com
+		- p.vim-cn.com
+-->
+<ruleset name="vim-cn.com">
+	<target host="cfp.vim-cn.com" />
+	<target host="chat.vim-cn.com" />
+	<target host="img.vim-cn.com" />
+
+	<securecookie host="^chat\.vim-cn\.com$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/vinelinux.org.xml b/src/chrome/content/rules/vinelinux.org.xml
new file mode 100644
index 000000000000..4eeb40e44932
--- /dev/null
+++ b/src/chrome/content/rules/vinelinux.org.xml
@@ -0,0 +1,17 @@
+<!--
+ml.vinelinux.org ²
+planet.vinelinux.org ²
+trac.vinelinux.org ²
+beta.vinelinux.org ³
+mantis.vinelinux.org ²
+ftp.vinelinux.org ³
+
+² refused
+³ timed out
+-->
+<ruleset name="vinelinux.org">
+	<target host="vinelinux.org" />
+	<target host="www.vinelinux.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/virtmo.com.xml b/src/chrome/content/rules/virtmo.com.xml
new file mode 100644
index 000000000000..3e6c5bb98303
--- /dev/null
+++ b/src/chrome/content/rules/virtmo.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="Virtmo.com (partial)">
+	<target host="virtmo.com" />
+	<target host="www.virtmo.com" />
+	<target host="my.virtmo.com" />
+  <securecookie host=".+" name=".+"/>
+  <rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/virtualglobaltaskforce.com.xml b/src/chrome/content/rules/virtualglobaltaskforce.com.xml
new file mode 100644
index 000000000000..754677d1c5dc
--- /dev/null
+++ b/src/chrome/content/rules/virtualglobaltaskforce.com.xml
@@ -0,0 +1,30 @@
+<!--
+	www.virtualglobaltaskforce.com: Mismatched
+
+
+	Mixed content:
+
+		- Images from $self
+
+-->
+<ruleset name="Virtual Global Task Force.com" default_off="expired, self-signed">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="virtualglobaltaskforce.com" />
+
+	<!--	Complications:
+				-->
+	<target host="www.virtualglobaltaskforce.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://www\.virtualglobaltaskforce\.com/"
+		to="https://virtualglobaltaskforce.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/visitsealife.com.xml b/src/chrome/content/rules/visitsealife.com.xml
new file mode 100644
index 000000000000..c75e24ede154
--- /dev/null
+++ b/src/chrome/content/rules/visitsealife.com.xml
@@ -0,0 +1,17 @@
+<!--
+	For other Merlin Entertainments coverage, see Merlin-Entertainments.xml.
+
+	Nonfunctional domain:
+		- ^			(expired cert)
+		- assets		(timeout)
+-->
+<ruleset name="SEA LIFE">
+	<target host="secure.visitsealife.com" />
+	<target host="www.visitsealife.com" />
+	<target host="www2.visitsealife.com" />
+
+	<securecookie host="www2\.visitsealife\.com$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/visma.no.xml b/src/chrome/content/rules/visma.no.xml
new file mode 100644
index 000000000000..73bad89510ca
--- /dev/null
+++ b/src/chrome/content/rules/visma.no.xml
@@ -0,0 +1,52 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://reportingvsn.visma.no/ => https://reportingvsn.visma.no/: (7, 'Failed to connect to reportingvsn.visma.no port 443: Connection refused')
+
+	Nonfunctional hosts in *visma.no:
+
+		- (www.)? ʳ
+		- blog ʳ
+		- www.lonnogpersonalabc ʳ
+		- partnerlounge ᵈ
+
+	ᵈ Dropped
+	ʳ Refused
+
+
+	Problematic hosts in *visma.no:
+
+		- media ᵐ
+
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- .visma.no
+		- community.visma.no
+		- media.visma.no
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Visma.no (partial)" default_off="failed ruleset test">
+
+	<target host="community.visma.no" />
+	<target host="reportingvsn.visma.no" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.visma\.no$" name="^(?:_mynewsdesk_session|origin_site|picked_site)$" /-->
+	<!--securecookie host="^community\.visma\.no$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^media\.visma\.no$" name="^comebacks$" /-->
+
+	<securecookie host="^\." name="^_ga" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/vismaservices.no.xml b/src/chrome/content/rules/vismaservices.no.xml
new file mode 100644
index 000000000000..bd512906febe
--- /dev/null
+++ b/src/chrome/content/rules/vismaservices.no.xml
@@ -0,0 +1,24 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- reporting.vismaservices.no
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="visma.no">
+
+	<target host="reporting.vismaservices.no" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^reporting\.vismaservices\.no$" name="^(?:ASP\.NET_SessionId|VismaReporting_Language)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/vissel-kobe.co.jp.xml b/src/chrome/content/rules/vissel-kobe.co.jp.xml
new file mode 100644
index 000000000000..24e6fc97d8d2
--- /dev/null
+++ b/src/chrome/content/rules/vissel-kobe.co.jp.xml
@@ -0,0 +1,14 @@
+<!--
+	Invalid Certificate:
+		www1.vissel-kobe.co.jp
+		crimson.vissel-kobe.co.jp
+		mobile.vissel-kobe.co.jp
+-->
+<ruleset name="vissel-kobe.co.jp">
+	<target host="vissel-kobe.co.jp" />
+	<target host="www.vissel-kobe.co.jp" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/vitalsource.com.xml b/src/chrome/content/rules/vitalsource.com.xml
new file mode 100644
index 000000000000..5587a3729e30
--- /dev/null
+++ b/src/chrome/content/rules/vitalsource.com.xml
@@ -0,0 +1,37 @@
+<!--
+	Other VitalSource rulesets:
+
+		- coursesmart.com.xml
+
+
+	Problematic hosts in *vitalsource.com:
+
+		- status ᵐ
+
+	ᵐ StatusPage.io / mismatched
+
+-->
+<ruleset name="VitalSource.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="vitalsource.com" />
+	<target host="developer.vitalsource.com" />
+	<target host="support.vitalsource.com" />
+	<target host="www.vitalsource.com" />
+
+	<!--	Complications:
+				-->
+	<target host="status.vitalsource.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://status\.vitalsource\.com/"
+		to="https://vitalsource.statuspage.io/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/viu.tv.xml b/src/chrome/content/rules/viu.tv.xml
new file mode 100644
index 000000000000..2294f6e55469
--- /dev/null
+++ b/src/chrome/content/rules/viu.tv.xml
@@ -0,0 +1,17 @@
+<ruleset name="ViuTV">
+	<target host="viu.tv" />
+	<target host="www.viu.tv" />
+	<target host="edm.viu.tv" />
+	<target host="event.viu.tv" />
+	<target host="static.viu.tv" />
+
+	<!-- Redirects to HTTP -->
+	<exclusion pattern="^http://(www\.)?viu\.tv/encore/" />
+		<test url="http://viu.tv/encore/now-report" />
+		<test url="http://www.viu.tv/encore/now-report" />
+	<exclusion pattern="^http://(www\.)?viu\.tv/ch/" />
+		<test url="http://viu.tv/ch/99" />
+		<test url="http://www.viu.tv/ch/99" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/vizzion.com.xml b/src/chrome/content/rules/vizzion.com.xml
new file mode 100644
index 000000000000..811b1ac09f02
--- /dev/null
+++ b/src/chrome/content/rules/vizzion.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="vizzion.com">
+	<target host="vizzion.com" />
+	<target host="www.vizzion.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/vluki.ru.xml b/src/chrome/content/rules/vluki.ru.xml
new file mode 100644
index 000000000000..a2a0eb7300d5
--- /dev/null
+++ b/src/chrome/content/rules/vluki.ru.xml
@@ -0,0 +1,15 @@
+<!--mail. protocol error
+magna. self signed
+anva. self signed
+gnom. self signed
+www.souzmebel. self signed
+kurs. self signed
+www.mikron. self signed
+argo. self signed-->
+<ruleset name="vluki.ru">
+	<target host="vluki.ru" />
+	<target host="www.vluki.ru" />
+	<target host="cdn.vluki.ru" />
+	<target host="clients.vluki.ru" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/vmxray.com.xml b/src/chrome/content/rules/vmxray.com.xml
new file mode 100644
index 000000000000..dfedaa5ed723
--- /dev/null
+++ b/src/chrome/content/rules/vmxray.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="vmxray.com" platform="mixedcontent">
+	<target host="vmxray.com" />
+	<target host="www.vmxray.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/vnews34.ru.xml b/src/chrome/content/rules/vnews34.ru.xml
new file mode 100644
index 000000000000..a7ccd9275609
--- /dev/null
+++ b/src/chrome/content/rules/vnews34.ru.xml
@@ -0,0 +1,5 @@
+<ruleset name="vnews34.ru">
+	<target host="vnews34.ru" />
+	<target host="www.vnews34.ru" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/vntsm.com.xml b/src/chrome/content/rules/vntsm.com.xml
new file mode 100644
index 000000000000..dda9cdbdb05b
--- /dev/null
+++ b/src/chrome/content/rules/vntsm.com.xml
@@ -0,0 +1,31 @@
+<!--
+	Cert mismatch:
+		- ads.vntsm.com
+		- cdn3-marketplace.vntsm.com
+		- littlestpetshop.vntsm.com
+		- portal.vntsm.com
+
+	Connection refused:
+		- market.venatusmedia.com
+	Timeout:
+		- api-market.vntsm.com
+		- test.venatusmedia.com
+-->
+	<ruleset name="VenatusMedia">
+
+	<target host="cdn1.vntsm.com" />
+	<target host="cdn1-marketplace.vntsm.com" />
+	<target host="cdn2-marketplace.vntsm.com" />
+	<target host="core.vntsm.com" />
+	<target host="hb.vntsm.com" />
+	<target host="hb-config.vntsm.com" />
+
+	<target host="www.venatusmedia.com" />
+	<target host="track.venatusmedia.com" />
+
+	<securecookie host="^\w" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/vnu.ru.xml b/src/chrome/content/rules/vnu.ru.xml
new file mode 100644
index 000000000000..7da2ccd0bb6e
--- /dev/null
+++ b/src/chrome/content/rules/vnu.ru.xml
@@ -0,0 +1,15 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cash.vnu.ru/ => https://cash.vnu.ru/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+vnu.ru mismatch
+www.vnu.ru mismatch
+equil.vnu.ru mismatch
+mail.vnu.ru mismatch
+-->
+<ruleset name="vnu.ru (partial)" default_off="failed ruleset test">
+	<target host="cash.vnu.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/voa.gov.uk.xml b/src/chrome/content/rules/voa.gov.uk.xml
new file mode 100644
index 000000000000..84a02524e76a
--- /dev/null
+++ b/src/chrome/content/rules/voa.gov.uk.xml
@@ -0,0 +1,75 @@
+<!--
+	Valuation Office Agency
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *voa.gov.uk:
+
+		- www.2010 ᵈ
+		- app ³
+		- cti ⁵
+		- manuals ³
+
+	³ 403
+	⁵ 503
+	ᵈ Dropped
+
+
+	(www.)?voa.gov.uk: Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- batransandbareports.voa.gov.uk
+
+-->
+<ruleset name="VOA.gov.uk (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="batransandbareports.voa.gov.uk" />
+	<target host="ebusiness.voa.gov.uk" />
+	<target host="housing.voa.gov.uk" />
+	<target host="lha-direct.voa.gov.uk" />
+	<target host="open.voa.gov.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="voa.gov.uk" />
+	<target host="www.voa.gov.uk" />
+
+		<!--	Sets cookie without Secure
+							-->
+		<!--test url="http://batransandbareports.voa.gov.uk/for6003_app_pres_ApplicationWeb/viewIdentityFORAction.do" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^batransandbareports\.voa\.gov\.uk$" name="^JSESSIONID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<!--	Redirect drops forward slash and args:
+							-->
+	<rule from="^http://(?:www\.)?voa\.gov\.uk/.*"
+		to="https://www.gov.uk/government/organisations/valuation-office-agency" />
+
+		<!--	/*\w does not redirect:
+						-->
+		<exclusion pattern="^http://(?:www\.)?voa\.gov\.uk/+(?!$|\?)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://voa.gov.uk/default.aspx" />
+			<test url="http://voa.gov.uk/index.htm" />
+			<test url="http://voa.gov.uk/index.html" />
+			<test url="http://www.voa.gov.uk/index.html" />
+			<test url="http://www.voa.gov.uk/index.jsp" />
+			<test url="http://www.voa.gov.uk/index.php" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/vocab.com.xml b/src/chrome/content/rules/vocab.com.xml
new file mode 100644
index 000000000000..736e16907924
--- /dev/null
+++ b/src/chrome/content/rules/vocab.com.xml
@@ -0,0 +1,20 @@
+<!--
+	For other Vocabulary.com coverage, see Vocabulary.com.xml.
+
+-->
+<ruleset name="Vocab.com">
+
+	<target host="vocab.com" />
+	<target host="cdn.vocab.com" />
+	<target host="www.vocab.com" />
+
+		<test url="http://cdn.vocab.com/css/responsive-1bpl35i.css" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/vocabulary.com.xml b/src/chrome/content/rules/vocabulary.com.xml
new file mode 100644
index 000000000000..3d38f4fba87f
--- /dev/null
+++ b/src/chrome/content/rules/vocabulary.com.xml
@@ -0,0 +1,31 @@
+<!--
+	Other Vocabulary.com rulesets:
+
+		- vocab.com.xml
+
+
+	Insecure cookies are set for these domains: ᶜ
+
+		- .vocabulary.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Vocabulary.com">
+
+	<target host="vocabulary.com" />
+	<target host="www.vocabulary.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.vocabulary\.com$" name="^(?:_asid|AWSELB)$" /-->
+
+	<securecookie host="^\." name="^AWSELB$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/vocoll.com.xml b/src/chrome/content/rules/vocoll.com.xml
new file mode 100644
index 000000000000..262e2ddae334
--- /dev/null
+++ b/src/chrome/content/rules/vocoll.com.xml
@@ -0,0 +1,29 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- (account_vhost).vocoll.com
+
+-->
+<ruleset name="Vocoll.com">
+
+	<target host="vocoll.com" />
+	<target host="www.vocoll.com" />
+
+	<!--	(account vhosts:)
+					-->
+	<target host="lambeth.vocoll.com" />
+	<target host="verseone.vocoll.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(account_vhost)\.vocoll\.com$" name="^session-testecho-sid$" /-->
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/vogogo.com.xml b/src/chrome/content/rules/vogogo.com.xml
new file mode 100644
index 000000000000..cb66deccea6c
--- /dev/null
+++ b/src/chrome/content/rules/vogogo.com.xml
@@ -0,0 +1,22 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://app.vogogo.com/ => https://app.vogogo.com/: (6, 'Could not resolve host: app.vogogo.com')
+Fetch error: http://docs.vogogo.com/ => https://docs.vogogo.com/: (6, 'Could not resolve host: docs.vogogo.com')
+Fetch error: http://interac.vogogo.com/ => https://interac.vogogo.com/: (6, 'Could not resolve host: interac.vogogo.com')
+
+-->
+<ruleset name="Vogogo" default_off="failed ruleset test">
+
+	<target host="vogogo.com" />
+	<target host="app.vogogo.com" />
+	<target host="docs.vogogo.com" />
+	<target host="interac.vogogo.com" />
+	<target host="www.vogogo.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/void.gr.xml b/src/chrome/content/rules/void.gr.xml
new file mode 100644
index 000000000000..a32eed542e44
--- /dev/null
+++ b/src/chrome/content/rules/void.gr.xml
@@ -0,0 +1,19 @@
+<!--
+	Mismatched:
+		- grrbl
+		- ns
+-->
+
+<ruleset name="void.gr">
+	<target host="void.gr" />
+	<target host="www.void.gr" />
+	<target host="keys.void.gr" />
+	<target host="pad.void.gr" />
+	<target host="tormap.void.gr" />
+	<target host="tails.void.gr" />
+	<target host="tor.void.gr" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/voidtools.com.xml b/src/chrome/content/rules/voidtools.com.xml
new file mode 100644
index 000000000000..a4b26d77b73f
--- /dev/null
+++ b/src/chrome/content/rules/voidtools.com.xml
@@ -0,0 +1,15 @@
+<ruleset name="voidtools.com">
+
+	<!--	Mismatch on  www.forum.voidtools.com	-->
+
+	<target host="www.forum.voidtools.com"/>
+	<rule from="^http://www\.forum\.voidtools\.com/" to="https://www.voidtools.com/forum/" />
+
+	<!--	Directly	-->
+
+	<target host="voidtools.com"/>
+	<target host="www.voidtools.com"/>
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/voipuserportal.co.uk.xml b/src/chrome/content/rules/voipuserportal.co.uk.xml
new file mode 100644
index 000000000000..7e274680621d
--- /dev/null
+++ b/src/chrome/content/rules/voipuserportal.co.uk.xml
@@ -0,0 +1,32 @@
+<!--
+	For other Entanet coverage, see Entanet.xml.
+
+
+	NB: server sends no certificate chain, see https://whatsmychaincert.com
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- voipuserportal.co.uk
+		- www.voipuserportal.co.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="VOIP user portal.co.uk" default_off="cert-chain">
+
+	<target host="voipuserportal.co.uk" />
+	<target host="www.voipuserportal.co.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?voipuserportal\.co\.uk$" name="^PHPSESSID$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/voirfilms.info.xml b/src/chrome/content/rules/voirfilms.info.xml
new file mode 100644
index 000000000000..db40bf7e16b1
--- /dev/null
+++ b/src/chrome/content/rules/voirfilms.info.xml
@@ -0,0 +1,8 @@
+<ruleset name="voirfilms.info" platform="mixedcontent">
+	<target host="voirfilms.info" />
+	<target host="www.voirfilms.info" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/volafile.io.xml b/src/chrome/content/rules/volafile.io.xml
new file mode 100644
index 000000000000..3f45b9638837
--- /dev/null
+++ b/src/chrome/content/rules/volafile.io.xml
@@ -0,0 +1,16 @@
+<ruleset name="Volafile.io">
+
+	<target host="volafile.io" />
+	<target host="static.volafile.io" />
+	<target host="www.volafile.io" />
+
+		<test url="http://static.volafile.io/static/css/style.css" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/volistob.ru.xml b/src/chrome/content/rules/volistob.ru.xml
new file mode 100644
index 000000000000..0a3b4f171231
--- /dev/null
+++ b/src/chrome/content/rules/volistob.ru.xml
@@ -0,0 +1,12 @@
+<!--
+www.volistob.ru mismatch
+-->
+<ruleset name="volistob.ru">
+	<target host="volistob.ru" />
+	<target host="www.volistob.ru" />
+
+	<rule from="^http://www\.volistob\.ru/"
+		to="https://volistob.ru/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/voltairenet.org.xml b/src/chrome/content/rules/voltairenet.org.xml
new file mode 100644
index 000000000000..12766baf218d
--- /dev/null
+++ b/src/chrome/content/rules/voltairenet.org.xml
@@ -0,0 +1,27 @@
+<!--
+	Mixed content:
+
+		- css, from:
+
+			- fonts.googleapis.com ˢ
+			- www.voltairenet.org ˢ
+
+		- Images from www.voltairenet.org ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Voltairenet.org" platform="mixedcontent">
+
+	<target host="voltairenet.org" />
+	<target host="www.voltairenet.org" />
+
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/volumio.org.xml b/src/chrome/content/rules/volumio.org.xml
new file mode 100644
index 000000000000..8fe03d2b16c1
--- /dev/null
+++ b/src/chrome/content/rules/volumio.org.xml
@@ -0,0 +1,15 @@
+<!--
+demo.volumio.org ²
+docs.volumio.org ²
+
+
+² refused
+-->
+<ruleset name="volumio.org">
+	<target host="volumio.org" />
+	<target host="www.volumio.org" />
+	<target host="cdn.volumio.org" />
+	<target host="new.volumio.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/voluumtrk2.com.xml b/src/chrome/content/rules/voluumtrk2.com.xml
new file mode 100644
index 000000000000..a836134ddc86
--- /dev/null
+++ b/src/chrome/content/rules/voluumtrk2.com.xml
@@ -0,0 +1,24 @@
+<!--
+	Insecure cookies are set for these domains: ᶜ
+
+		- .lrzxk.voluumtrk2.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="voluumtrk2.com">
+
+	<target host="lrzxk.voluumtrk2.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.lrzxk\.voluumtrk2\.com$" name="^(?:[\da-f-]+|voluum-cid)-v4$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/voog.com.xml b/src/chrome/content/rules/voog.com.xml
new file mode 100644
index 000000000000..e588cbd74d39
--- /dev/null
+++ b/src/chrome/content/rules/voog.com.xml
@@ -0,0 +1,40 @@
+<!--
+	Nonfunctional hosts in *voog.com:
+
+		- fse ʰ
+		- ridango ʰ
+		- tab ʰ
+		- tammistepersonal ʰ
+		- taxipinheiro ʰ
+
+	ʰ Redirects to http
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.voog.com
+
+-->
+<ruleset name="Voog.com (partial)">
+
+	<target host="voog.com" />
+	<target host="media.voog.com" />
+	<target host="static.voog.com" />
+	<target host="www.voog.com" />
+
+		<test url="http://media.voog.com/0000/0036/0235/photos/icon-defence-aerospace.svg" />
+		<!--test url="http://media.voog.com/0000/0037/1081/photos/Picnic%20table%20waiting%20for%20the%20group_medium.jpg" /-->
+		<test url="http://static.voog.com/assets/site_search/2.0/site_search.css" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.voog\.com$" name="^site_lang$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/vortexbox.org.xml b/src/chrome/content/rules/vortexbox.org.xml
new file mode 100644
index 000000000000..58b568199f07
--- /dev/null
+++ b/src/chrome/content/rules/vortexbox.org.xml
@@ -0,0 +1,16 @@
+<!--
+vortexbox.org ⁴
+yum.vortexbox.org timed out
+
+
+⁴ self signed
+-->
+<ruleset name="vortexbox.org" platform="mixedcontent">
+	<target host="www.vortexbox.org" />
+	<target host="wiki.vortexbox.org" />
+	<target host="vortexbox.org" />
+	<rule from="^http://vortexbox\.org/"
+		to="https://www.vortexbox.org/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/voterinfo.gov.hk.xml b/src/chrome/content/rules/voterinfo.gov.hk.xml
new file mode 100644
index 000000000000..eeda88b8bb61
--- /dev/null
+++ b/src/chrome/content/rules/voterinfo.gov.hk.xml
@@ -0,0 +1,17 @@
+<!--
+	For other HK government coverage, see GovHK.xml.
+
+	Problematic subdomains:
+	- www.	(cert mismatch: www2.voterinfo.gov.hk)
+-->
+
+<ruleset name="voterinfo.gov.hk">
+	<target host="www.voterinfo.gov.hk" />
+	<target host="www1.voterinfo.gov.hk" />
+	<target host="www2.voterinfo.gov.hk" />
+
+	<rule from="^http://www\.voterinfo\.gov\.hk/"
+		to="https://www1.voterinfo.gov.hk/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/vott.ru.xml b/src/chrome/content/rules/vott.ru.xml
new file mode 100644
index 000000000000..c78410c6ede6
--- /dev/null
+++ b/src/chrome/content/rules/vott.ru.xml
@@ -0,0 +1,6 @@
+<ruleset name="vott.ru">
+	<target host="vott.ru" />
+	<target host="www.vott.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/vouchercloud.com.xml b/src/chrome/content/rules/vouchercloud.com.xml
new file mode 100644
index 000000000000..e9b9ef2e853a
--- /dev/null
+++ b/src/chrome/content/rules/vouchercloud.com.xml
@@ -0,0 +1,58 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://a2-content.vouchercloud.com/content/2014.87.1.0/images/footer/apple.png => https://a2-content.vouchercloud.com/content/2014.87.1.0/images/footer/apple.png: (6, 'Could not resolve host: a2-content.vouchercloud.com')
+Fetch error: http://a3-content.vouchercloud.com/content/2014.87.1.0/images/footer/windows.png => https://a3-content.vouchercloud.com/content/2014.87.1.0/images/footer/windows.png: (6, 'Could not resolve host: a3-content.vouchercloud.com')
+Fetch error: http://a4-content.vouchercloud.com/content/2014.87.1.0/images/footer/google.png => https://a4-content.vouchercloud.com/content/2014.87.1.0/images/footer/google.png: (6, 'Could not resolve host: a4-content.vouchercloud.com')
+Fetch error: http://a5-content.vouchercloud.com/content/2014.87.1.0/images/offers/terms-down.gif => https://a5-content.vouchercloud.com/content/2014.87.1.0/images/offers/terms-down.gif: (6, 'Could not resolve host: a5-content.vouchercloud.com')
+Fetch error: http://media.vouchercloud.com/Thumbnail.aspx?png=false&picLoc=Venues/T/TOPSHOP/3747-topshop.jpg&width=700&res=85 => https://media.vouchercloud.com/Thumbnail.aspx?png=false&picLoc=Venues/T/TOPSHOP/3747-topshop.jpg&width=700&res=85: (6, 'Could not resolve host: media.vouchercloud.com')
+Fetch error: http://a2-content.vouchercloud.com/ => https://a2-content.vouchercloud.com/: (6, 'Could not resolve host: a2-content.vouchercloud.com')
+Fetch error: http://a3-content.vouchercloud.com/ => https://a3-content.vouchercloud.com/: (6, 'Could not resolve host: a3-content.vouchercloud.com')
+Fetch error: http://a4-content.vouchercloud.com/ => https://a4-content.vouchercloud.com/: (6, 'Could not resolve host: a4-content.vouchercloud.com')
+Fetch error: http://a5-content.vouchercloud.com/ => https://a5-content.vouchercloud.com/: (6, 'Could not resolve host: a5-content.vouchercloud.com')
+Fetch error: http://media.vouchercloud.com/ => https://media.vouchercloud.com/: (6, 'Could not resolve host: media.vouchercloud.com')
+
+	CDN buckets:
+
+		- vouchercloud-blog.s3.amazonaws.com
+		- invitationdigital-res.cloudinary.com
+		- invitationdigital-res-[1-5].cloudinary.com
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- www.vouchercloud.com
+		- .www.vouchercloud.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="VoucherCloud.com" default_off="failed ruleset test">
+
+	<target host="vouchercloud.com" />
+	<target host="a2-content.vouchercloud.com" />
+	<target host="a3-content.vouchercloud.com" />
+	<target host="a4-content.vouchercloud.com" />
+	<target host="a5-content.vouchercloud.com" />
+	<target host="media.vouchercloud.com" />
+	<target host="www.vouchercloud.com" />
+
+		<test url="http://a2-content.vouchercloud.com/content/2014.87.1.0/images/footer/apple.png" />
+		<test url="http://a3-content.vouchercloud.com/content/2014.87.1.0/images/footer/windows.png" />
+		<test url="http://a4-content.vouchercloud.com/content/2014.87.1.0/images/footer/google.png" />
+		<test url="http://a5-content.vouchercloud.com/content/2014.87.1.0/images/offers/terms-down.gif" />
+		<test url="http://media.vouchercloud.com/Thumbnail.aspx?png=false&amp;picLoc=Venues/T/TOPSHOP/3747-topshop.jpg&amp;width=700&amp;res=85" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.vouchercloud\.com$" name="^(?:LoginReturnPoint|X-IDL-UAProps)$" /-->
+	<!--securecookie host="^\.www\.vouchercloud\.com$" name="^AnonUser$" /-->
+
+	<securecookie host="^(?!\.vouchercloud\.com$)." name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/vouchercodes.co.uk.xml b/src/chrome/content/rules/vouchercodes.co.uk.xml
new file mode 100644
index 000000000000..ad70b7d7fe71
--- /dev/null
+++ b/src/chrome/content/rules/vouchercodes.co.uk.xml
@@ -0,0 +1,35 @@
+<!--
+	Nonfunctional hosts in *vouchercodes.co.uk:
+
+		- support ʰ
+
+	ʰ Zendesk / redirects to http
+
+
+	Insecure cookies are set for these domains: ᶜ
+
+		- .www.vouchercodes.co.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="VoucherCodes.co.uk (partial)">
+
+	<target host="vouchercodes.co.uk" />
+	<target host="static-cdn.vouchercodes.co.uk" />
+	<target host="www.vouchercodes.co.uk" />
+
+		<test url="http://static-cdn.vouchercodes.co.uk/v10/images/offer-module/white-1x1.png" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.www\.vouchercodes\.co\.uk$" name="^(?:_wotst_|dvc|firstpage|s|showncookiepopup|t|vc_session|vid)$" /-->
+
+	<securecookie host="^(?!\.vouchercodes\.co\.uk$)." name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/voxmedia.com-resources.xml b/src/chrome/content/rules/voxmedia.com-resources.xml
new file mode 100644
index 000000000000..87f7d44b53b2
--- /dev/null
+++ b/src/chrome/content/rules/voxmedia.com-resources.xml
@@ -0,0 +1,23 @@
+<!--
+	For rules covering more than resources, see Vox_Media.com.xml.
+
+	Non-functional hosts:
+		Connection timeout:
+		- providence.voxmedia.com
+-->
+<ruleset name="Vox Media.com (resources)">
+
+	<target host="ea-cdn.voxmedia.com" />
+	<target host="fonts.voxmedia.com" />
+	<target host="phonograph-static.voxmedia.com" />
+	<target host="phonograph2.voxmedia.com" />
+
+		<test url="http://ea-cdn.voxmedia.com/production/voxmedia/images/about/chorus-e232d7e7.svg" />
+		<test url="http://fonts.voxmedia.com/unison/voxmedia/voxmedia.css" />
+		<test url="http://phonograph2.voxmedia.com/pickup.js" />
+		<test url="http://phonograph-static.voxmedia.com/beacon-min.js" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/vpn.ac.xml b/src/chrome/content/rules/vpn.ac.xml
new file mode 100644
index 000000000000..5dc07e790c6e
--- /dev/null
+++ b/src/chrome/content/rules/vpn.ac.xml
@@ -0,0 +1,33 @@
+<!--
+	For other Netsec Interactive Solutions coverage, see nsis.ro.xml.
+
+
+	Nonfunctional subdomains:
+
+		- forum			(cert mismatch, CN: blog.vpn.ac)
+		- *.vpnac.com		(cert mismatch, CN: vpn.ac)
+
+
+	These altnames don't exist:
+
+		- www.blog.vpn.ac
+		- www.forum.vpn.ac
+
+-->
+<ruleset name="VPN.AC">
+
+	<!--	Direct rewrites:
+				-->
+	<target host=      "vpn.ac" />
+	<target host= "blog.vpn.ac" />
+	<target host=  "www.vpn.ac" />
+	<target host=      "vpnac.com" />
+
+
+	<securecookie host="^(blog\.|www\.)?vpn\.ac$" name=".+" />
+	<securecookie host="^vpnac\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/vpn.asia.xml b/src/chrome/content/rules/vpn.asia.xml
new file mode 100644
index 000000000000..395bacd861ce
--- /dev/null
+++ b/src/chrome/content/rules/vpn.asia.xml
@@ -0,0 +1,27 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- vpn.asia
+		- www.vpn.asia
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="VPN.Asia">
+
+	<target host="vpn.asia" />
+	<target host="blog.vpn.asia" />
+	<target host="www.vpn.asia" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?vpn\.asia$" name="^(?:Is_redirected|laravel_session)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/vpsFree.cz.xml b/src/chrome/content/rules/vpsFree.cz.xml
new file mode 100644
index 000000000000..5992371a59ac
--- /dev/null
+++ b/src/chrome/content/rules/vpsFree.cz.xml
@@ -0,0 +1,20 @@
+<!--
+	Incomplete certificate chain:
+	- rt.vpsfree.cz
+-->
+<ruleset name="vpsFree.cz">
+	<target host="vpsfree.cz" />
+	<target host="www.vpsfree.cz" />
+	<target host="kb.vpsfree.cz" />
+	<target host="vpsadmin.vpsfree.cz" />
+	<target host="git.vpsfree.cz" />
+	<target host="redmine.vpsfree.cz" />
+	<target host="prasiatko.vpsfree.cz" />
+	<target host="foto.vpsfree.cz" />
+	<target host="blog.vpsfree.cz" />
+	<target host="api.vpsfree.cz" />
+	<target host="dev.vpsfree.cz" />
+	<target host="projects.vpsfree.cz" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/vrbo.com.xml b/src/chrome/content/rules/vrbo.com.xml
new file mode 100644
index 000000000000..12dce9e64a79
--- /dev/null
+++ b/src/chrome/content/rules/vrbo.com.xml
@@ -0,0 +1,30 @@
+<!--
+	For other HomeAway.com coverage, see homeaway.com.xml.
+
+
+	^vrbo.com: dropped over http & https
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.vrbo.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="VRBO.com">
+
+	<target host="www.vrbo.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.vrbo\.com$" name="^(?:[\da-f-]+|JSESSIONID|ha[sv]|ha-cookie-consent)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/vrijstellingoldtimer.nl.xml b/src/chrome/content/rules/vrijstellingoldtimer.nl.xml
new file mode 100644
index 000000000000..7998ad9b6649
--- /dev/null
+++ b/src/chrome/content/rules/vrijstellingoldtimer.nl.xml
@@ -0,0 +1,13 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://vrijstellingoldtimer.nl/ => https://vrijstellingoldtimer.nl/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.vrijstellingoldtimer.nl/ => https://www.vrijstellingoldtimer.nl/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="Vrijstelling Oldtimer" platform="mixedcontent" default_off="failed ruleset test">
+  <target host="vrijstellingoldtimer.nl" />
+  <target host="www.vrijstellingoldtimer.nl" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/vs4.com.xml b/src/chrome/content/rules/vs4.com.xml
new file mode 100644
index 000000000000..3c678397ef04
--- /dev/null
+++ b/src/chrome/content/rules/vs4.com.xml
@@ -0,0 +1,40 @@
+<!--
+	^vs4.com: Mismatched
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.vs4.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="vs4.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.vs4.com" />
+
+		<!--	$ 403s, so:
+					-->
+		<test url="http://www.vs4.com/img.php?z=&amp;r=" />
+
+	<!--	Complications:
+				-->
+	<target host="vs4.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.vs4\.com$" name="^BIGipServer" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://vs4\.com/"
+		to="https://www.vs4.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/vsemetri.com.xml b/src/chrome/content/rules/vsemetri.com.xml
new file mode 100644
index 000000000000..ac52ca9cd74a
--- /dev/null
+++ b/src/chrome/content/rules/vsemetri.com.xml
@@ -0,0 +1,11 @@
+<!-- tobolsk. mismatch
+surgut. mismatch
+www. mismatch -->
+<ruleset name="vsemetri.com">
+	<target host="vsemetri.com" />
+	<target host="www.vsemetri.com" />
+	<target host="news.vsemetri.com" />
+	<rule from="^http://www\.vsemetri\.com/"
+		to="https://vsemetri.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/vsenovostint.ru.xml b/src/chrome/content/rules/vsenovostint.ru.xml
new file mode 100644
index 000000000000..b2ec88757a6d
--- /dev/null
+++ b/src/chrome/content/rules/vsenovostint.ru.xml
@@ -0,0 +1,5 @@
+<ruleset name="vsenovostint.ru">
+	<target host="vsenovostint.ru" />
+	<target host="www.vsenovostint.ru" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/vtb24.ru.xml b/src/chrome/content/rules/vtb24.ru.xml
new file mode 100644
index 000000000000..a0e9d17362c0
--- /dev/null
+++ b/src/chrome/content/rules/vtb24.ru.xml
@@ -0,0 +1,31 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://mbco.vtb24.ru/ => https://mbco.vtb24.ru/: (51, "SSL: no alternative certificate subject name matches target host name 'mbco.vtb24.ru'")
+Fetch error: http://webquik.vtb24.ru/ => https://webquik.vtb24.ru/: (7, 'Failed to connect to webquik.vtb24.ru port 443: Connection refused')
+
+welcome.vtb24.ru mismatch
+travel.vtb24.ru self signed
+cbvtb24back.vtb24.ru expired
+onlinebroker.vtb24.ru redirect
+gb.vtb24.ru mismatch
+trade.vtb24.ru expired
+career.vtb24.ru timed out
+-->
+<ruleset name="vtb24.ru" default_off="failed ruleset test">
+	<target host="vtb24.ru" />
+	<target host="www.vtb24.ru" />
+	<target host="bco.vtb24.ru" />
+	<target host="bonus.vtb24.ru" />
+	<target host="m.vtb24.ru" />
+	<target host="online.vtb24.ru" />
+	<target host="perevod.vtb24.ru" />
+	<target host="start.vtb24.ru" />
+	<target host="uc.vtb24.ru" />
+	<target host="mobile.vtb24.ru" />
+	<target host="mbco.vtb24.ru" />
+	<target host="webquik.vtb24.ru" />
+	<target host="3ds.vtb24.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/vulture.com.xml b/src/chrome/content/rules/vulture.com.xml
new file mode 100644
index 000000000000..3dadca162ad3
--- /dev/null
+++ b/src/chrome/content/rules/vulture.com.xml
@@ -0,0 +1,24 @@
+<!--
+	Invalid certificate:
+		e.vulture.com
+		b.e.vulture.com
+		f.e.vulture.com
+		m.e.vulture.com
+		horizon.vulture.com
+		instagram.vulture.com
+		vulture.com.112.2o7.net
+
+	Time out:
+		reg.e.vulture.com
+-->
+<ruleset name="vulture.com">
+	<target host="vulture.com" />
+	<target host="www.vulture.com" />
+	<target host="client.vulture.com" />
+	<target host="link.vulture.com" />
+	<target host="stats.vulture.com" />
+	<target host="video.vulture.com" />
+	<target host="videos.vulture.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/vuxml.org.xml b/src/chrome/content/rules/vuxml.org.xml
new file mode 100644
index 000000000000..cdafb34710c3
--- /dev/null
+++ b/src/chrome/content/rules/vuxml.org.xml
@@ -0,0 +1,15 @@
+<!--
+	Refused over both http and https:
+		vuxml.org
+
+-->
+<ruleset name="VuXML.org">
+
+	<target host="www.vuxml.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/vxlabs.com.xml b/src/chrome/content/rules/vxlabs.com.xml
new file mode 100644
index 000000000000..ec09b023377e
--- /dev/null
+++ b/src/chrome/content/rules/vxlabs.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="vxlabs.com">
+
+	<target host="vxlabs.com" />
+	<target host="www.vxlabs.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/vxsbill.com.xml b/src/chrome/content/rules/vxsbill.com.xml
new file mode 100644
index 000000000000..8868b9dabd93
--- /dev/null
+++ b/src/chrome/content/rules/vxsbill.com.xml
@@ -0,0 +1,21 @@
+<!--
+	(www.)?vxsbill.com: dropped
+
+-->
+<ruleset name="VXSBill.com (partial)">
+
+	<target host="admin.vxsbill.com" />
+	<target host="secure.vxsbill.com" />
+
+		<!--	$ prints hostname, so:
+						-->
+		<test url="http://secure.vxsbill.com/service.php3?site=878&amp;customer=imc" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/w3techs.com.xml b/src/chrome/content/rules/w3techs.com.xml
new file mode 100644
index 000000000000..f8c4e747a1ec
--- /dev/null
+++ b/src/chrome/content/rules/w3techs.com.xml
@@ -0,0 +1,16 @@
+<!--
+www.w3techs.com ¹
+a.w3techs.com different content
+
+
+¹ mismatch
+-->
+<ruleset name="w3techs.com">
+	<target host="w3techs.com" />
+	<target host="www.w3techs.com" />
+
+	<rule from="^http://www\.w3techs\.com/"
+		to="https://w3techs.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/wag.com.xml b/src/chrome/content/rules/wag.com.xml
new file mode 100644
index 000000000000..91444c72a051
--- /dev/null
+++ b/src/chrome/content/rules/wag.com.xml
@@ -0,0 +1,48 @@
+<!--
+	For other Amazon coverage, see Amazon.xml.
+
+
+	CDN buckets:
+
+		- wag.q-assets.com
+
+
+	^wag.com: Refused
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- .wag.com
+		- www.wag.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Wag.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.wag.com" />
+
+	<!--	Complications:
+				-->
+	<target host="wag.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.wag\.com$" name="^(?:cookie-check|session-id|ubid-main)$" /-->
+	<!--securecookie host="^www\.wag\.com$" name="^(?:GEO_COUNTRYCODE|GEO_ZIPCODE|VISITOR_ID|cookie-check)$" /-->
+
+	<securecookie host=".+" name="^aps-trtmnt$" />
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://wag\.com/"
+		to="https://www.wag.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/wagnardsoft.com.xml b/src/chrome/content/rules/wagnardsoft.com.xml
new file mode 100644
index 000000000000..a0fd02f4aa70
--- /dev/null
+++ b/src/chrome/content/rules/wagnardsoft.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="wagnardsoft.com">
+	<target host="wagnardsoft.com" />
+	<target host="www.wagnardsoft.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/waidelotte.org.xml b/src/chrome/content/rules/waidelotte.org.xml
new file mode 100644
index 000000000000..71481014ac4a
--- /dev/null
+++ b/src/chrome/content/rules/waidelotte.org.xml
@@ -0,0 +1,18 @@
+<!--
+	Invalid certificate:
+		ftp.waidelotte.org
+		imap.waidelotte.org
+		mail.waidelotte.org
+		pop3.waidelotte.org
+		smtp.waidelotte.org
+
+	Refused:
+		autodiscover.waidelotte.org
+-->
+<ruleset name="waidelotte.org">
+	<target host="waidelotte.org" />
+	<target host="www.waidelotte.org" />
+
+	<rule from="^http://www\.waidelotte\.org/" to="https://waidelotte.org/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/wakefield.gov.uk.xml b/src/chrome/content/rules/wakefield.gov.uk.xml
new file mode 100644
index 000000000000..1b7009d940ef
--- /dev/null
+++ b/src/chrome/content/rules/wakefield.gov.uk.xml
@@ -0,0 +1,73 @@
+<!--
+	Wakefield Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *wakefield.gov.uk:
+
+		- (www.)? ᵈ
+		- collections ⁴
+		- licensing ᵈ
+		- onlineadmissions ³
+
+	³ 403
+	⁴ 404
+	ᵈ Dropped
+
+
+	Problematic hosts in *wakefield.gov.uk:
+
+		- aces *
+		- consult ᵐ
+		- eforms (timeout)
+		- mapping ᶜ
+		- observatory ᵐ
+
+	* Refused
+	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- ieg4app.wakefield.gov.uk
+		- observatory.wakefield.gov.uk
+		- portal.wakefield.gov.uk
+		- spocc.wakefield.gov.uk
+		- sports.wakefield.gov.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- eforms from www.wakefield.gov.uk ᵈ
+			- observatory from observatory.bradford.gov.uk ᵐ
+			- observatory from observatory.calderdale.gov.uk ᵐ
+			- observatory from observatory.kirklees.gov.uk ᵐ
+			- observatory from observatory.leeds.gov.uk ˢ
+			- observatory from $self ᵐ
+
+	ᵈ Unsecurable <= dropped
+	ᵐ Not secured by us <= mismatched
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Wakefield.gov.uk (partial)">
+
+	<target host="ieg4app.wakefield.gov.uk" />
+	<target host="libraries.wakefield.gov.uk" />
+	<target host="planning.wakefield.gov.uk" />
+	<target host="portal.wakefield.gov.uk" />
+	<target host="spocc.wakefield.gov.uk" />
+	<target host="sports.wakefield.gov.uk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/wald0.com.xml b/src/chrome/content/rules/wald0.com.xml
new file mode 100644
index 000000000000..05fe4d3db63a
--- /dev/null
+++ b/src/chrome/content/rules/wald0.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="wald0.com">
+
+	<target host="wald0.com" />
+	<target host="www.wald0.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/waldkulturerbe.de.xml b/src/chrome/content/rules/waldkulturerbe.de.xml
new file mode 100644
index 000000000000..baba15a039f0
--- /dev/null
+++ b/src/chrome/content/rules/waldkulturerbe.de.xml
@@ -0,0 +1,11 @@
+<ruleset name="Waldkulturerbe.de">
+
+	<target host="waldkulturerbe.de" />
+	<target host="www.waldkulturerbe.de" />
+	<target host="bilder.waldkulturerbe.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/walkit.xml b/src/chrome/content/rules/walkit.xml
deleted file mode 100644
index a7fa35728abd..000000000000
--- a/src/chrome/content/rules/walkit.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="walkit.com" platform="mixedcontent">
-
-  <target host="walkit.com" />
-  <target host="www.walkit.com" />
-
-  <rule from="^http://(www\.)?walkit\.com/"
-          to="https://walkit.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/walla.co.il.xml b/src/chrome/content/rules/walla.co.il.xml
new file mode 100644
index 000000000000..dcd7be5f7a5d
--- /dev/null
+++ b/src/chrome/content/rules/walla.co.il.xml
@@ -0,0 +1,43 @@
+<!--
+	For other Bezeq coverage, see bezeq.co.il.xml.
+
+
+	Nonfunctional hosts in *walla.co.il:
+
+		- ^ ᵈ
+		- a ᵈ
+		- weather ᵈ
+		- www ⁴
+
+	ᵈ Dropped
+	⁴ 504
+
+
+	Problematic hosts in *walla.co.il:
+
+		- maps ᴬ
+
+	ᴬ Akamai / mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- fus.walla.co.il
+
+-->
+<ruleset name="Walla.co.il (partial)">
+
+	<target host="fus.walla.co.il" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^fus\.walla\.co\.il$" name="^Fusion\.s0$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/walsall.gov.uk-mixedcontent.xml b/src/chrome/content/rules/walsall.gov.uk-mixedcontent.xml
new file mode 100644
index 000000000000..f5e73f284494
--- /dev/null
+++ b/src/chrome/content/rules/walsall.gov.uk-mixedcontent.xml
@@ -0,0 +1,16 @@
+<!--
+	For rules not causing MCB, see walsall.gov.uk.xml.
+
+-->
+<ruleset name="Walsall.gov.uk (MCB)" platform="mixedcontent">
+
+	<target host="www2.walsall.gov.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/walsall.gov.uk.xml b/src/chrome/content/rules/walsall.gov.uk.xml
new file mode 100644
index 000000000000..5a2f8968a5dc
--- /dev/null
+++ b/src/chrome/content/rules/walsall.gov.uk.xml
@@ -0,0 +1,93 @@
+<!--
+	Walsall Metropolitan Borough Council
+
+	For rules causing MCB, see walsall.gov.uk-mixedcontent.xml.
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *walsall.gov.uk:
+
+		- cms ᵖ
+		- planning ᵈ
+
+	ᵈ Dropped
+	ᵖ Plaintext reply
+
+
+	Problematic hosts in *walsall.gov.uk:
+
+		- ^ ᵉ ᵐ
+		- www2 ˣ
+
+	ᵉ Expired
+	ᵐ Mismatched
+	ˣ Mixed css
+
+
+	Insecure cookies are set for these hosts:
+
+		- cmispublic.walsall.gov.uk
+		- pref.walsall.gov.uk
+		- www.walsall.gov.uk
+		- www4.walsall.gov.uk
+
+
+	Mixed content:
+
+		- css, on:
+
+			- www2 from cms.walsall.gov.uk ᵖ
+			- www2 from $self ᵖ
+
+		- Images, on:
+
+			- cmispublic, www2, www4 from cms.walsall.gov.uk ᵖ
+			- www4 from www.walsall.gov.uk ᵖ
+
+		- Bug on www2 from www.4fieldroad.co.uk ʳ
+
+	ᵖ Unsecurable <= plaintext reply
+	ʳ Unsecurable <= refused
+
+-->
+<ruleset name="Walsall.gov.uk (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="cmispublic.walsall.gov.uk" />
+	<target host="libcat.walsall.gov.uk" />
+	<target host="pref.walsall.gov.uk" />
+	<target host="www.walsall.gov.uk" />
+	<!--target host="www2.walsall.gov.uk" /-->
+	<target host="www4.walsall.gov.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="walsall.gov.uk" />
+
+		<!--	Mixed css:
+					-->
+		<!--test url="http://www2.walsall.gov.uk/jobshop/JobDetails.asp?JobRef=RS31915" /-->
+
+		<!--	$ 403s, so:
+					-->
+		<test url="http://www4.walsall.gov.uk/Northgate/M3ScriptingEngine/process.aspx?pageid=50106" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^cmispublic\.walsall\.gov\.uk$" name="^(?:\.ASPXANONYMOUS|ASP\.NET_SessionId|language)$" /-->
+	<!--securecookie host="^(?:pref|www)\.walsall\.gov\.uk$" name="^__RequestVerificationToken$" /-->
+	<!--securecookie host="^www4\.walsall\.gov\.uk$" name="^(?:\.MVMONLINE|ASP\.NET_SessionId|MVMSession)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://walsall\.gov\.uk/"
+		to="https://www.walsall.gov.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/wanderreitkarte.de.xml b/src/chrome/content/rules/wanderreitkarte.de.xml
new file mode 100644
index 000000000000..bb61567b42a1
--- /dev/null
+++ b/src/chrome/content/rules/wanderreitkarte.de.xml
@@ -0,0 +1,22 @@
+<!--
+	Invalid certificate:
+		bilder.wanderreitkarte.de
+		topo5.wanderreitkarte.de
+-->
+<ruleset name="wanderreitkarte.de">
+
+	<target host="wanderreitkarte.de" />
+	<target host="www.wanderreitkarte.de" />
+	<target host="abo.wanderreitkarte.de" />
+	<target host="radicale.wanderreitkarte.de" />
+	<target host="thor.wanderreitkarte.de" />
+	<target host="topo.wanderreitkarte.de" />
+	<target host="topo2.wanderreitkarte.de" />
+	<target host="topo3.wanderreitkarte.de" />
+	<target host="topo4.wanderreitkarte.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/wao.gov.uk.xml b/src/chrome/content/rules/wao.gov.uk.xml
new file mode 100644
index 000000000000..72b82c50be67
--- /dev/null
+++ b/src/chrome/content/rules/wao.gov.uk.xml
@@ -0,0 +1,41 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://email.wao.gov.uk/ => https://email.wao.gov.uk/: (28, 'Connection timed out after 20001 milliseconds')
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- email.wao.gov.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css on (www.)? from fonts.googleapis.com ˢ
+		- Images on (www.)? from audit.wales ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="WAO.gov.uk" default_off="failed ruleset test">
+
+	<target host="wao.gov.uk" />
+	<target host="email.wao.gov.uk" />
+	<target host="www.wao.gov.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^email\.wao\.gov\.uk$" name="^ClientId$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/wareable.com.xml b/src/chrome/content/rules/wareable.com.xml
new file mode 100644
index 000000000000..8dad2ce93dc3
--- /dev/null
+++ b/src/chrome/content/rules/wareable.com.xml
@@ -0,0 +1,45 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- community.wareable.com
+		- www.wareable.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Image on community from www.wareable.com ˢ
+		- favicon on community from www.wareable.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Wareable.com">
+
+	<target host="wareable.com" />
+	<target host="community.wareable.com" />
+	<target host="static1.wareable.com" />
+	<target host="static2.wareable.com" />
+	<target host="static3.wareable.com" />
+	<target host="static4.wareable.com" />
+	<target host="www.wareable.com" />
+
+		<test url="http://static1.wareable.com/media/imager/14245-b537e676968d952f1fd0ef09bccc7d49.jpg" />
+		<test url="http://static2.wareable.com/media/imager/14809-adff80be2ec5ae9fadfe984ce9933e11.jpg" />
+		<test url="http://static3.wareable.com/media/imager/11563-b05e307ace1e9ac8887bf95eeac35279.jpg" />
+		<test url="http://static4.wareable.com/media/imager/14116-fffc82b29e9201fce1f62950adcdc01a.jpg" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^community\.wareable\.com$" name="^_forum_session$" /-->
+	<!--securecookie host="^www\.wareable\.com$" name="^(?:has_viewed_notice|wareable)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/warisboring.com.xml b/src/chrome/content/rules/warisboring.com.xml
new file mode 100644
index 000000000000..abdaed0bdaaa
--- /dev/null
+++ b/src/chrome/content/rules/warisboring.com.xml
@@ -0,0 +1,13 @@
+<!--
+	Mismatch
+		- www
+-->
+<ruleset name="War Is Boring.com">
+	<target host="warisboring.com" />
+	<target host="www.warisboring.com" />
+
+	<securecookie host="^\w" name=".+" />
+
+	<rule from="^http://(www\.)?warisboring\.com/"
+		to="https://warisboring.com/" />
+</ruleset>
diff --git a/src/chrome/content/rules/warthunder.com-falsemixed.xml b/src/chrome/content/rules/warthunder.com-falsemixed.xml
new file mode 100644
index 000000000000..44a4e698a6c6
--- /dev/null
+++ b/src/chrome/content/rules/warthunder.com-falsemixed.xml
@@ -0,0 +1,17 @@
+<!--
+	For rules not causing false/broken MCB, see warthunder.com.xml.
+
+-->
+<ruleset name="War Thunder.com (false MCB)" platform="mixedcontent">
+
+	<target host="wiki.warthunder.com" />
+
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name="^session_id$" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/warthunder.com.xml b/src/chrome/content/rules/warthunder.com.xml
new file mode 100644
index 000000000000..32c6d7356c18
--- /dev/null
+++ b/src/chrome/content/rules/warthunder.com.xml
@@ -0,0 +1,49 @@
+<!--
+	For rules causing false/broken MCB, see warthunder.com.xml.
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- warthunder.com
+		- .warthunder.com
+		- forum.warthunder.com
+
+
+	Nonfunctional hosts in warthunder.ru.com:
+
+		- live ʰ
+
+	ʰ Redirects to http
+
+
+	Mixed content:
+
+		- css on wiki from $self ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="War Thunder.com (partial)">
+
+	<target host="warthunder.com" />
+	<target host="devblog.warthunder.com" />
+	<target host="forum.warthunder.com" />
+	<target host="static.warthunder.com" />
+	<!--target host="wiki.warthunder.com" /-->
+	<target host="www.warthunder.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^warthunder\.com$" name="^identity_sid$" /-->
+	<!--securecookie host="^\.warthunder\.com$" name="^(?:language|partner_info|proposed_lang|track_lp|wt_code|wt_conntrack|wt_l_page|wt_l_page_url)$" /-->
+	<!--securecookie host="^forum\.warthunder\.com$" name="^session_id$" /-->
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name="^session_id$" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/warthunder.ru-falsemixed.xml b/src/chrome/content/rules/warthunder.ru-falsemixed.xml
new file mode 100644
index 000000000000..eb9e320bdf86
--- /dev/null
+++ b/src/chrome/content/rules/warthunder.ru-falsemixed.xml
@@ -0,0 +1,17 @@
+<!--
+	For rules not causing false/broken MCB, see warthunder.ru.xml.
+
+-->
+<ruleset name="War Thunder.ru (false MCB)" platform="mixedcontent">
+
+	<target host="wiki.warthunder.ru" />
+
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name="^session_id$" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/warthunder.ru.xml b/src/chrome/content/rules/warthunder.ru.xml
new file mode 100644
index 000000000000..7b279c8bf870
--- /dev/null
+++ b/src/chrome/content/rules/warthunder.ru.xml
@@ -0,0 +1,42 @@
+<!--
+	For rules causing false/broken MCB, see warthunder.ru-falsemixed.xml.
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- warthunder.ru
+		- .warthunder.ru
+		- forum.warthunder.ru
+
+
+	Mixed content:
+
+		- css on wiki from $self ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="War Thunder.ru (partial)">
+
+	<target host="warthunder.ru" />
+	<target host="devblog.warthunder.ru" />
+	<target host="forum.warthunder.ru" />
+	<target host="static.warthunder.ru" />
+	<!--target host="wiki.warthunder.ru" /-->
+	<target host="www.warthunder.ru" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^warthunder\.ru$" name="^identity_sid$" /-->
+	<!--securecookie host="^\.warthunder\.ru$" name="^(?:language|partner_info|proposed_lang|track_lp|wt_code|wt_conntrack|wt_l_page|wt_l_page_url)$" /-->
+	<!--securecookie host="^forum\.warthunder\.ru$" name="^session_id$" /-->
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name="^session_id$" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/warwickdc.gov.uk.xml b/src/chrome/content/rules/warwickdc.gov.uk.xml
new file mode 100644
index 000000000000..1e006c92f96b
--- /dev/null
+++ b/src/chrome/content/rules/warwickdc.gov.uk.xml
@@ -0,0 +1,79 @@
+<!--
+	Warwick District Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *warwickdc.gov.uk:
+
+		- planningdocuments ʳ
+
+	ʳ Refused
+
+
+	Partially covered hosts in *warwickdc.gov.uk:
+
+		- estates5 *
+
+	* Some pages 404, others 500
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- warwickdc.gov.uk
+		- www.warwickdc.gov.uk
+		- .www.warwickdc.gov.uk
+
+
+	Mixed content:
+
+		- Bug on (www.)? from socitm.govmetric.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Warwick DC.gov.uk (partial)">
+
+	<target host="warwickdc.gov.uk" />
+	<target host="estates4.warwickdc.gov.uk" />
+	<target host="estates5.warwickdc.gov.uk" />
+	<target host="flexweb.warwickdc.gov.uk" />
+	<target host="www.warwickdc.gov.uk" />
+
+		<exclusion pattern="^http://estates5\.warwickdc\.gov\.uk/(?!/*(?:HomeChoice2010RSL|HomeHoice2015|pcn)(?:$|[?/]))" />
+			<!--	404:
+					-->
+			<test url="http://estates5.warwickdc.gov.uk/BuildingControlFeeCalculator/forms/calculatefees.aspx" />
+			<test url="http://estates5.warwickdc.gov.uk/BuildingControlRegister/forms/searchResults.aspx?search=2" />
+			<test url="http://estates5.warwickdc.gov.uk/LicensingPortal/Forms/Search.aspx" />
+			<!--
+				500:
+					-->
+			<test url="http://estates5.warwickdc.gov.uk/PropertyPortal/Property/Search" />
+
+			<!--	-ve:
+					-->
+			<test url="http://estates5.warwickdc.gov.uk/HomeChoice2010RSL/Forms/RSLLogin.aspx" />
+			<test url="http://estates5.warwickdc.gov.uk/HomeChoice2015/Property" />
+			<test url="http://estates5.warwickdc.gov.uk/HomeChoice2015/Results?m=1&amp;y=2016" />
+			<test url="http://estates5.warwickdc.gov.uk/pcn/forms/pcnDetails.aspx" />
+
+		<!--	$ shows default page, so:
+							-->
+		<test url="http://estates4.warwickdc.gov.uk/openaccess/openaccess.asp" />
+		<test url="http://flexweb.warwickdc.gov.uk/live/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?warwickdc\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^\.warwickdc\.gov\.uk$" name="^TestCookie$" /-->
+
+	<securecookie host="^\.www\." name=".+" />
+	<securecookie host="^(?!estates5\.)\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/warwickshire.gov.uk.xml b/src/chrome/content/rules/warwickshire.gov.uk.xml
new file mode 100644
index 000000000000..bab7c1d23297
--- /dev/null
+++ b/src/chrome/content/rules/warwickshire.gov.uk.xml
@@ -0,0 +1,129 @@
+<!--
+	Warwickshire County Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *warwickshire.gov.uk:
+
+		- business ᵈ
+		- library3 ᵈ
+		- oop ᵈ
+		- timetrail ⁴
+		- ws ʳ
+
+	⁴ 404
+	ᵈ Dropped
+	ʳ Refused
+
+
+	Problematic hosts in *warwickshire.gov.uk:
+
+		- carshare * ᶜ ᵐ
+		- countryparks ᵐ ˣ
+		- heritage ᵐ
+		- hwb ᵐ
+		- invest ᵐ
+		- laf ᵐ
+		- maps ᶜ ᵐ ᵘ
+		- printservices ᵐ
+		- publichealth ᵐ
+		- wcctest ᵐ
+		- whittlefordpark ᵐ
+		- wwp ᵐ
+
+	* Missing certificate chain at redirect destination
+	ᶜ Missing certificate chain
+	ᵐ Mismatched
+	ᵘ Untrusted root
+	ˣ Mixed iframe, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+
+	These altnames do not exist:
+
+		- www.library.warwickshire.gov.uk
+		- www.news.warwickshire.gov.uk
+		- www.sfeconnect.warwickshire.gov.uk
+
+
+	Insecure cookies are set for these hosts:
+
+		- democratic.warwickshire.gov.uk
+		- directory.warwickshire.gov.uk
+		- library.warwickshire.gov.uk
+		- maps.warwickshire.gov.uk
+		- planning.warwickshire.gov.uk
+
+
+	Mixed content:
+
+		- iframes, on:
+
+			- countryparks from maps.google.com ˢ
+			- countryparks, news from www.youtube.com ˢ
+
+		- css on countryparks, news from fonts.googleapis.com ˢ
+
+		- Images, on:
+
+			- (www.)?, apps, countryparks from www.warwickshire.gov.uk ˢ
+			- countryparks, heritage, hwb, invest, laf, news, printservices, publichealth, whittlefordpark, wwp from news.warwickshire.gov.uk ˢ
+			- invest, heritage from $self ᵐ
+
+	ᵐ Not secured by us <= mismatched
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Warwickshire.gov.uk (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="warwickshire.gov.uk" />
+	<target host="admissions.warwickshire.gov.uk" />
+	<target host="apps.warwickshire.gov.uk" />
+	<target host="democratic.warwickshire.gov.uk" />
+	<target host="directory.warwickshire.gov.uk" />
+	<target host="img.warwickshire.gov.uk" />
+	<target host="info.warwickshire.gov.uk" />
+	<target host="library.warwickshire.gov.uk" />
+	<target host="news.warwickshire.gov.uk" />
+	<target host="planning.warwickshire.gov.uk" />
+	<target host="rss.warwickshire.gov.uk" />
+	<target host="sfeconnect.warwickshire.gov.uk" />
+	<target host="webutils.warwickshire.gov.uk" />
+	<target host="www.warwickshire.gov.uk" />
+
+	<!--	Complications:
+				-->
+	<!--target host="carshare.warwickshire.gov.uk" /-->
+
+		<!--	$ 403s, so:
+					-->
+		<test url="http://admissions.warwickshire.gov.uk/Enrol/Website/" />
+		<test url="http://apps.warwickshire.gov.uk/OpenData" />
+		<test url="http://democratic.warwickshire.gov.uk/cmis5/" />
+
+		<!--	Sets cookies without Secure:
+							-->
+		<!--test url="http://library.warwickshire.gov.uk/iguana/www.main.cls?p=&amp;v=#GuestRegistration=1" /-->
+		<!--test url="http://planning.warwickshire.gov.uk/swiftlg/apas/run/wphappcriteria.display" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:directory|planning)\.warwickshire\.gov\.uk$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^democratic\.warwickshire\.gov\.uk$" name="^(?:\.ASPXANONYMOUS|ASP\.NET_SessionId|language)$" /-->
+	<!--securecookie host="^library\.warwickshire\.gov\.uk$" name="^(?:ClientBrowser|ClientBrowserVersion|ClientEntryPoint|ClientOs|ClientUserAgent|lang)$" /-->
+	<!--securecookie host="^maps\.warwickshire\.gov\.uk$" name="^ias\.Locale$" /-->
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<!--rule from="^http://carshare\.warwickshire\.gov\.uk/"
+		to="https://rbwmcarshare.co.uk/" /-->
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/washingtonblade.com.xml b/src/chrome/content/rules/washingtonblade.com.xml
new file mode 100644
index 000000000000..fd0fbf87fc38
--- /dev/null
+++ b/src/chrome/content/rules/washingtonblade.com.xml
@@ -0,0 +1,24 @@
+<!--
+	Mixed content:
+
+		- css on www from $self ˢ
+		- Images on www from $self ˢ
+		- Bug on www from w.sharethis.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Washington Blade.com" platform="mixedcontent">
+
+	<target host="washingtonblade.com" />
+	<target host="www.washingtonblade.com" />
+
+
+	<securecookie host="^\." name="^_ga" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/washingtonpost.com-falsemixed.xml b/src/chrome/content/rules/washingtonpost.com-falsemixed.xml
new file mode 100644
index 000000000000..92d816bab5a1
--- /dev/null
+++ b/src/chrome/content/rules/washingtonpost.com-falsemixed.xml
@@ -0,0 +1,20 @@
+<!--
+	For rules not causing false/broken MCB, see Washington-Post-Company.xml.
+
+
+	NB: see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Washington Post.com (false MCB)" platform="mixedcontent">
+
+	<!--	Complications:
+				-->
+	<target host="wpcomics.washingtonpost.com" />
+
+		<test url="http://wpcomics.washingtonpost.com/client/wpc/wpdom/" />
+
+
+	<rule from="^http://wpcomics\.washingtonpost\.com/"
+		to="https://www.uclick.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/wasserwacht.bayern.xml b/src/chrome/content/rules/wasserwacht.bayern.xml
new file mode 100644
index 000000000000..dc8c52f4b20d
--- /dev/null
+++ b/src/chrome/content/rules/wasserwacht.bayern.xml
@@ -0,0 +1,16 @@
+<!--
+	Invalid certificate:
+		lyncdiscover.wasserwacht.bayern
+
+	Timeout:
+		autodiscover.wasserwacht.bayern
+-->
+<ruleset name="wasserwacht.bayern">
+
+	<target host="wasserwacht.bayern" />
+	<target host="www.wasserwacht.bayern" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/wastereduction.gov.hk.xml b/src/chrome/content/rules/wastereduction.gov.hk.xml
new file mode 100644
index 000000000000..ff7506967753
--- /dev/null
+++ b/src/chrome/content/rules/wastereduction.gov.hk.xml
@@ -0,0 +1,18 @@
+<!--
+	For other HK government coverage, see GovHK.xml.
+
+	Non-functional hosts
+		Couldn't connect to server:
+		- wastereduction.gov.hk
+-->
+<ruleset name="Hong Kong Waste Reduction Website">
+	<target host="wastereduction.gov.hk" />
+	<target host="www.wastereduction.gov.hk" />
+	<target host="wasteexchange.wastereduction.gov.hk" />
+
+	<rule from="^http://wastereduction\.gov\.hk/"
+			to="https://www.wastereduction.gov.hk/" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/watchcurbyourenthusiasm.com.xml b/src/chrome/content/rules/watchcurbyourenthusiasm.com.xml
new file mode 100644
index 000000000000..e95f39240aee
--- /dev/null
+++ b/src/chrome/content/rules/watchcurbyourenthusiasm.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="watchcurbyourenthusiasm.com">
+
+	<target host="watchcurbyourenthusiasm.com" />
+	<target host="www.watchcurbyourenthusiasm.com" />
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/waterfall.com.xml b/src/chrome/content/rules/waterfall.com.xml
new file mode 100644
index 000000000000..b9e6ed10981e
--- /dev/null
+++ b/src/chrome/content/rules/waterfall.com.xml
@@ -0,0 +1,28 @@
+<!--
+	Other Waterfall International rulesets:
+
+		- msgme.com.xml
+
+
+	(www.)?waterfall.com: Shows another domain
+
+
+	Problematic hosts in *waterfall.com:
+
+		- choose ᵐ
+
+	ᵐ Unbound / mismatched
+
+-->
+<ruleset name="Waterfall.com (partial)">
+
+	<target host="app.waterfall.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/watford.gov.uk.xml b/src/chrome/content/rules/watford.gov.uk.xml
new file mode 100644
index 000000000000..69a0e1e1ab6f
--- /dev/null
+++ b/src/chrome/content/rules/watford.gov.uk.xml
@@ -0,0 +1,42 @@
+<!--
+	Watford Borough Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *watford.gov.uk:
+
+		- maps ᵈ
+
+	ᵈ Dropped
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- watford.gov.uk
+		- www.watford.gov.uk
+		- .www.watford.gov.uk
+
+-->
+<ruleset name="Watford.gov.uk (partial)">
+
+	<target host="watford.gov.uk" />
+	<target host="connect.watford.gov.uk" />
+	<target host="www.watford.gov.uk" />
+
+		<test url="http://connect.watford.gov.uk/wpublicaccesslive/selfservice/dashboard.htm" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?watford\.gov\.uk$" name="^\w{16}$" /-->
+	<!--securecookie host="^\.www\.watford\.gov\.uk$" name="^TestCookie$" /-->
+
+	<securecookie host="^\w" name=".+" />
+	<securecookie host="^\.www\." name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/watson.ch.xml b/src/chrome/content/rules/watson.ch.xml
new file mode 100644
index 000000000000..20df5645d2ea
--- /dev/null
+++ b/src/chrome/content/rules/watson.ch.xml
@@ -0,0 +1,6 @@
+<ruleset name="Watson.ch">
+	<target host="watson.ch"/>
+	<target host="www.watson.ch"/>
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/watson.de.xml b/src/chrome/content/rules/watson.de.xml
new file mode 100644
index 000000000000..1ecfb7c851fd
--- /dev/null
+++ b/src/chrome/content/rules/watson.de.xml
@@ -0,0 +1,20 @@
+<!--
+	This domain contains a wildcard DNS record.
+-->
+<ruleset name="watson.de">
+
+	<target host="watson.de" />
+	<target host="www.watson.de" />
+	<target host="ampivw.watson.de" />
+	<target host="beta.watson.de" />
+	<target host="cdn1.watson.de" />
+	<target host="cdn2.watson.de" />
+	<target host="go.watson.de" />
+	<target host="viral.watson.de" />
+	<target host="werbung.watson.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/waverly.gov.uk.xml b/src/chrome/content/rules/waverly.gov.uk.xml
new file mode 100644
index 000000000000..abd90b6fde27
--- /dev/null
+++ b/src/chrome/content/rules/waverly.gov.uk.xml
@@ -0,0 +1,76 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://modgov.waverly.gov.uk/ => https://modgov.waverly.gov.uk/: (6, 'Could not resolve host: modgov.waverly.gov.uk')
+Fetch error: http://pay.waverly.gov.uk/ => https://pay.waverly.gov.uk/: (6, 'Could not resolve host: pay.waverly.gov.uk')
+Fetch error: http://www.waverly.gov.uk/ => https://www.waverly.gov.uk/: (6, 'Could not resolve host: www.waverly.gov.uk')
+
+	Waverley Borough Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *waverly.gov.uk:
+
+		- pcnchallenge:2188 ᵖ
+		- planning ᵈ
+		- waverweb ᵈ
+
+	ᵈ Dropped
+	ᵖ Plaintext reply
+
+
+	Problematic hosts in *waverly.gov.uk:
+
+		- consult ᵐ ˢ
+
+	ᵐ Mismatched
+	ˢ Self-signed
+
+
+	These altnames do not exist:
+
+		- waverly.gov.uk
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- modgov.waverly.gov.uk
+		- www.waverly.gov.uk
+		- .www.waverly.gov.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Image on www from f1.eu.readspeaker.com ᵐ
+
+	ᵐ Not secured by us <= mismatched
+
+-->
+<ruleset name="Waverly.gov.uk (partial)" default_off="failed ruleset test">
+
+	<target host="modgov.waverly.gov.uk" />
+	<target host="pay.waverly.gov.uk" />
+	<target host="www.waverly.gov.uk" />
+
+		<!--	$ shows default page, so:
+							-->
+		<test url="http://pay.waverley.gov.uk/payonline/" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^modgov\.waverly\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^www\.waverly\.gov\.uk$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^\.www\.waverly\.gov\.uk$" name="^TestCookie$" /-->
+
+	<securecookie host="^\.www\." name=".+" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/waz.de.xml b/src/chrome/content/rules/waz.de.xml
new file mode 100644
index 000000000000..34658e7b252f
--- /dev/null
+++ b/src/chrome/content/rules/waz.de.xml
@@ -0,0 +1,42 @@
+<!--
+	Invalid certificate:
+		cue.aws.waz.de
+
+	Redirect error:
+		interaktiv.waz.de
+
+	Refused:
+		ihre.waz.de
+		jobs.waz.de
+
+	Timeout:
+		dev[1-5].aws.waz.de
+		diashow.waz.de
+-->
+<ruleset name="waz.de">
+
+	<target host="waz.de" />
+	<target host="www.waz.de" />
+	<target host="70jahre.waz.de" />
+	<target host="angebote.waz.de" />
+	<target host="bochum70.waz.de" />
+	<target host="www.bochum70.waz.de" />
+	<target host="emag.waz.de" />
+	<target host="email.waz.de" />
+	<target host="extracontent.waz.de" />
+	<target host="files1.waz.de" />
+	<target host="img.waz.de" />
+	<target host="leserladen.waz.de" />
+	<target host="live.waz.de" />
+	<target host="reader.waz.de" />
+	<target host="secure.waz.de" />
+	<target host="service.waz.de" />
+	<target host="sportdaten.waz.de" />
+	<target host="sporttabellen.waz.de" />
+	<target host="tv.waz.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/wbond.xml b/src/chrome/content/rules/wbond.xml
new file mode 100644
index 000000000000..504667ddfe0a
--- /dev/null
+++ b/src/chrome/content/rules/wbond.xml
@@ -0,0 +1,5 @@
+<ruleset name="Will Bond">
+	<target host="sublime.wbond.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/wclc.com.xml b/src/chrome/content/rules/wclc.com.xml
new file mode 100644
index 000000000000..e3d5c260a311
--- /dev/null
+++ b/src/chrome/content/rules/wclc.com.xml
@@ -0,0 +1,25 @@
+<ruleset name="wclc.com">
+	<target host="wclc.com" />
+	<target host="www.wclc.com" />
+	<target host="cashfrenzy.wclc.com" />
+	<target host="crossword.wclc.com" />
+	<target host="emeraldmine.wclc.com" />
+	<target host="files.wclc.com" />
+	<target host="holiday.wclc.com" />
+	<target host="moneybag.wclc.com" />
+	<target host="mvpservice.wclc.com" />
+	<target host="pickyourpresent.wclc.com" />
+	<target host="remote.wclc.com" />
+	<target host="repstaging.wclc.com" />
+	<target host="sportselect.wclc.com" />
+	<target host="www.sportselect.wclc.com" />
+	<target host="m.sportselect.wclc.com" />
+	<target host="stage-cashfrenzy.wclc.com" />
+	<target host="stage-holiday.wclc.com" />
+	<target host="stage-moneybag.wclc.com" />
+	<target host="superslots.wclc.com" />
+	<target host="ultimateroadtrip.wclc.com" />
+	
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/wealden.gov.uk.xml b/src/chrome/content/rules/wealden.gov.uk.xml
new file mode 100644
index 000000000000..b690da27f97f
--- /dev/null
+++ b/src/chrome/content/rules/wealden.gov.uk.xml
@@ -0,0 +1,98 @@
+<!--
+	Wealden District Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *wealden.gov.uk:
+
+		- communitystrategy ⁴
+
+	⁴ 404
+
+
+	Problematic hosts in *wealden.gov.uk:
+
+		- ^ ᵐ
+		- consult ᵐ
+
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.wealden.gov.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Images on secure from www.wealden.gov.uk ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Wealden.gov.uk (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="secure.wealden.gov.uk" />
+	<target host="www.wealden.gov.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="wealden.gov.uk" />
+	<target host="consult.wealden.gov.uk" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.wealden\.gov\.uk/(?:aelive\.aspx\?sitearea=&amp;pagename=requestpassword|home/home\.aspx)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://(?:www\.)?wealden\.gov\.uk/(?!/*(?:(?:Wealden)?Login\.aspx|favicon\.ico|web/StyleSheets/|web/multimediafiles/|Upload/))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.wealden.gov.uk/DisplayAllEvents.aspx" />
+			<test url="http://www.wealden.gov.uk/Wealden/Leisure/Leisure.aspx" />
+			<test url="http://www.wealden.gov.uk/Wealden/Site_Map.aspx" />
+			<test url="http://www.wealden.gov.uk/aelive.aspx?sitearea=&amp;pagename=requestpassword" />
+			<test url="http://www.wealden.gov.uk/council.aspx" />
+			<test url="http://www.wealden.gov.uk/home/home.aspx" />
+			<test url="http://www.wealden.gov.uk/housing" />
+
+			<!--	-ve:
+					-->
+			<test url="http://wealden.gov.uk/Upload/home-icon.png" />
+			<test url="http://www.wealden.gov.uk/Login.aspx" />
+			<test url="http://www.wealden.gov.uk/WealdenLogin.aspx" />
+			<test url="http://www.wealden.gov.uk/favicon.ico" />
+			<test url="http://www.wealden.gov.uk/web/StyleSheets/print_tube.css" />
+			<test url="http://www.wealden.gov.uk/web/multimediafiles/cleanforthequeen_med_land.jpg" />
+
+		<!--	Mixed images:
+					-->
+		<!--test url="http://secure.wealden.gov.uk/WealdenPortal/AboutWealden247.aspx" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.wealden\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^(?!www\.)\w" name=".+" />
+
+
+	<rule from="^http://wealden\.gov\.uk/"
+		to="https://www.wealden.gov.uk/" />
+
+	<rule from="^http://consult\.wealden\.gov\.uk/"
+		to="https://wealden-consult.objective.co.uk/" />
+
+		<test url="http://consult.wealden.gov.uk/portal/contact_us" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/weareone.fm.xml b/src/chrome/content/rules/weareone.fm.xml
new file mode 100644
index 000000000000..e290899c0711
--- /dev/null
+++ b/src/chrome/content/rules/weareone.fm.xml
@@ -0,0 +1,43 @@
+<ruleset name="WeAreOne.FM">
+
+	<target host="weareone.fm" />
+	<target host="www.weareone.fm" />
+	<target host="admin.weareone.fm" />
+	<target host="api.weareone.fm" />
+	<target host="casting.weareone.fm" />
+	<target host="image.weareone.fm" />
+	<target host="a.image.weareone.fm" />
+	<target host="b.image.weareone.fm" />
+	<target host="c.image.weareone.fm" />
+	<target host="d.image.weareone.fm" />
+	<target host="e.image.weareone.fm" />
+	<target host="f.image.weareone.fm" />
+	<target host="g.image.weareone.fm" />
+	<target host="h.image.weareone.fm" />
+	<target host="i.image.weareone.fm" />
+	<target host="j.image.weareone.fm" />
+	<target host="k.image.weareone.fm" />
+	<target host="l.image.weareone.fm" />
+	<target host="m.image.weareone.fm" />
+	<target host="n.image.weareone.fm" />
+	<target host="o.image.weareone.fm" />
+	<target host="p.image.weareone.fm" />
+	<target host="q.image.weareone.fm" />
+	<target host="r.image.weareone.fm" />
+	<target host="s.image.weareone.fm" />
+	<target host="t.image.weareone.fm" />
+	<target host="u.image.weareone.fm" />
+	<target host="v.image.weareone.fm" />
+	<target host="w.image.weareone.fm" />
+	<target host="x.image.weareone.fm" />
+	<target host="y.image.weareone.fm" />
+	<target host="z.image.weareone.fm" />
+	<target host="redaktion.weareone.fm" />
+	<target host="stats.weareone.fm" />
+	<target host="image.web.weareone.fm" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/webcaster.pro.xml b/src/chrome/content/rules/webcaster.pro.xml
new file mode 100644
index 000000000000..4f793d7c814b
--- /dev/null
+++ b/src/chrome/content/rules/webcaster.pro.xml
@@ -0,0 +1,26 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- webcaster.pro
+		- otr.webcaster.pro
+		- www.webcaster.pro
+
+-->
+<ruleset name="Webcaster.pro">
+
+	<target host="webcaster.pro" />
+	<target host="bl.webcaster.pro" />
+	<target host="otr.webcaster.pro" />
+	<target host="rec-2-1.webcaster.pro" />
+	<target host="rec-2-7.webcaster.pro" />
+	<target host="www.webcaster.pro" />
+
+		<test url="http://bl.webcaster.pro/events/405699/main_thumbnail/360.jpg" />
+		<test url="http://rec-2-1.webcaster.pro/fc/sda4/thumbnails/events/405699/489284011.jpg" />
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/webconverger.com.xml b/src/chrome/content/rules/webconverger.com.xml
new file mode 100644
index 000000000000..6b93f5e5aec3
--- /dev/null
+++ b/src/chrome/content/rules/webconverger.com.xml
@@ -0,0 +1,22 @@
+<!--
+www.webconverger.com timed out
+neon.webconverger.com mismatch
+talks.webconverger.com self signed
+dl.webconverger.com timed out
+archive.webconverger.com mismatch
+attract.webconverger.com mismatch
+cvt.webconverger.com mismatch
+download.webconverger.com timed out
+eu.download.webconverger.com mismatch
+prefs.webconverger.com timed out
+support.webconverger.com mismatch
+-->
+<ruleset name="webconverger.com">
+	<target host="webconverger.com" />
+	<target host="www.webconverger.com" />
+	<target host="config.webconverger.com" />
+	<target host="na.download.webconverger.com" />
+	<rule from="^http://www\.webconverger\.com/"
+		to="https://webconverger.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/webcron.org.xml b/src/chrome/content/rules/webcron.org.xml
new file mode 100644
index 000000000000..2d23a50a12a5
--- /dev/null
+++ b/src/chrome/content/rules/webcron.org.xml
@@ -0,0 +1,6 @@
+<ruleset name="webcron.org">
+	<target host="webcron.org" />
+	<target host="www.webcron.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/webenrol.com.xml b/src/chrome/content/rules/webenrol.com.xml
new file mode 100644
index 000000000000..2c69255b6cb0
--- /dev/null
+++ b/src/chrome/content/rules/webenrol.com.xml
@@ -0,0 +1,34 @@
+<!--
+	^webenrol.com: Shows another domain
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.webenrol.com
+
+-->
+<ruleset name="Web Enrol.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.webenrol.com" />
+
+	<!--	Complications:
+				-->
+	<target host="webenrol.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.webenrol\.com$" name="^ASPSESSIONID[A-Z]{8}$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://webenrol\.com/"
+		to="https://www.webenrol.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/webleads-tracker.com.xml b/src/chrome/content/rules/webleads-tracker.com.xml
new file mode 100644
index 000000000000..5a9a308b1604
--- /dev/null
+++ b/src/chrome/content/rules/webleads-tracker.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="webleads-tracker.com">
+
+	<target host="stats.webleads-tracker.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/webm.red.xml b/src/chrome/content/rules/webm.red.xml
new file mode 100644
index 000000000000..f2b69f560d74
--- /dev/null
+++ b/src/chrome/content/rules/webm.red.xml
@@ -0,0 +1,38 @@
+<!--
+	www.webm.red: Differs from http
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- webm.red
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="webm.red">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="webm.red" />
+
+	<!--	Complications:
+				-->
+	<target host="www.webm.red" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^webm\.red$" name="^(?:XSRF-TOKEN|laravel_session)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<!--	Redirect keeps all:
+					-->
+	<rule from="^http://www\.webm\.red/"
+		to="https://linear.enterprises/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/webmasterpro.de.xml b/src/chrome/content/rules/webmasterpro.de.xml
new file mode 100644
index 000000000000..51c1dce073be
--- /dev/null
+++ b/src/chrome/content/rules/webmasterpro.de.xml
@@ -0,0 +1,34 @@
+<!--
+	(www.)?webmasterpro.de: Server sends no certificate chain, see https://whatsmychaincert.com
+
+
+	Insecure cookies are set for these hosts:
+
+		- fc.webmasterpro.de
+		- .fc.webmasterpro.de
+
+-->
+<ruleset name="Webmasterpro.de (partial)">
+
+	<!--target host="webmasterpro.de" /-->
+	<target host="fc.webmasterpro.de" />
+	<!--target host="www.webmasterpro.de" /-->
+
+		<!--	Sets cookies without Secure:
+							-->
+		<!--test url="http://fc.webmasterpro.de/as_noscript.php?name=browserupdate" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^fc\.webmasterpro\.de$" name="^alreadytested$" /-->
+	<!--securecookie host="^\.fc\.webmasterpro\.de$" name="^fc(?:session)?\d+$" /-->
+
+	<securecookie host="^\.fc\." name=".+" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/webmine.cz.xml b/src/chrome/content/rules/webmine.cz.xml
new file mode 100644
index 000000000000..5f66cadfb367
--- /dev/null
+++ b/src/chrome/content/rules/webmine.cz.xml
@@ -0,0 +1,8 @@
+<ruleset name="webmine.cz">
+	<target host="webmine.cz" />
+	<target host="www.webmine.cz" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/webnames.ru.xml b/src/chrome/content/rules/webnames.ru.xml
new file mode 100644
index 000000000000..ad1120aed0b4
--- /dev/null
+++ b/src/chrome/content/rules/webnames.ru.xml
@@ -0,0 +1,10 @@
+<!--stat. timed out
+vcard2. refused
+seminar. self signed-->
+<ruleset name="webnames.ru">
+	<target host="webnames.ru" />
+	<target host="www.webnames.ru" />
+	<target host="m.webnames.ru" />
+	<target host="whois.webnames.ru" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/webrover.ru.xml b/src/chrome/content/rules/webrover.ru.xml
new file mode 100644
index 000000000000..5ab4bb6be206
--- /dev/null
+++ b/src/chrome/content/rules/webrover.ru.xml
@@ -0,0 +1,16 @@
+<!--
+chicagovka.webrover.ru ⁴
+zankov.webrover.ru ²
+economy.krueger.webrover.ru ⁴
+en.2014.webrover.ru ⁴
+
+
+² refused
+⁴ self signed
+-->
+<ruleset name="webrover.ru">
+	<target host="webrover.ru" />
+	<target host="www.webrover.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/weburg.me.xml b/src/chrome/content/rules/weburg.me.xml
new file mode 100644
index 000000000000..3dc350ab79f6
--- /dev/null
+++ b/src/chrome/content/rules/weburg.me.xml
@@ -0,0 +1,20 @@
+<!--
+www.weburg.me mismatch
+weburg.net mismatch
+www.weburg.net mismatch
+rss.weburg.net mismatch
+static.weburg.net mismatch
+speedtest.weburg.net timed out
+best2012.weburg.net mismatch
+passport.weburg.net mismatch
+-->
+<ruleset name="weburg.me">
+	<target host="weburg.me" />
+	<target host="www.weburg.me" />
+
+	<rule from="^http://www\.weburg\.me/"
+		to="https://weburg.me/" />
+
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/wecamgirls.com.xml b/src/chrome/content/rules/wecamgirls.com.xml
new file mode 100644
index 000000000000..50624c4073ea
--- /dev/null
+++ b/src/chrome/content/rules/wecamgirls.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- www.wecamgirls.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="WeCamgirls.com">
+
+	<target host="wecamgirls.com" />
+	<target host="www.wecamgirls.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.wecamgirls\.com$" name="^myCookie$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/weekendjeweg.nl.xml b/src/chrome/content/rules/weekendjeweg.nl.xml
new file mode 100644
index 000000000000..4c0d06450b50
--- /dev/null
+++ b/src/chrome/content/rules/weekendjeweg.nl.xml
@@ -0,0 +1,17 @@
+<!--
+	For other Bookit coverage, see bookit.nl.xml.
+
+-->
+<ruleset name="Weekendjeweg.nl">
+
+	<target host="weekendjeweg.nl"/>
+	<target host="www.weekendjeweg.nl"/>
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/weicaifu.com.xml b/src/chrome/content/rules/weicaifu.com.xml
new file mode 100644
index 000000000000..cb4985c0c635
--- /dev/null
+++ b/src/chrome/content/rules/weicaifu.com.xml
@@ -0,0 +1,26 @@
+<!--
+	^weicaifu.com: 503
+
+-->
+<ruleset name="weicaifu.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="gold.weicaifu.com" />
+	<target host="www.weicaifu.com" />
+
+	<!--	Complications:
+				-->
+	<target host="weicaifu.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://weicaifu\.com/"
+		to="https://www.weicaifu.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/weillcornell.org.xml b/src/chrome/content/rules/weillcornell.org.xml
new file mode 100644
index 000000000000..639903098887
--- /dev/null
+++ b/src/chrome/content/rules/weillcornell.org.xml
@@ -0,0 +1,69 @@
+<!--
+	For other Cornell University coverage, see Cornell.xml
+
+
+	Nonfunctional hosts in *weillcornell.org:
+
+		- eggdonor ᵃ
+		- (www.)?prc ᵃ
+		- primarycare ᵃ
+
+	ᵃ Shows another domain
+
+
+	Problematic hosts in *weillcornell.org:
+
+		- hearthealth ᵐ
+		- www ᵐ
+
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- cardiology.weillcornell.org
+		- jillrobertsibdcenter.weillcornell.org
+		- pops.weillcornell.org
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Image on jillrobertsibdcenter from $self ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Weill Cornell.org (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="weillcornell.org" />
+	<target host="cardiology.weillcornell.org" />
+	<target host="jillrobertsibdcenter.weillcornell.org" />
+	<target host="pops.weillcornell.org" />
+	<target host="radiology.weillcornell.org" />
+	<target host="urology.weillcornell.org" />
+	<target host="veintreatment.weillcornell.org" />
+
+	<!--	Complications:
+				-->
+	<target host="www.weillcornell.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:cardiology|jillrobertsibdcenter)\.weillcornell\.org$" name="^SimpleSAMLSessionID$" /-->
+	<!--securecookie host="^pops\.weillcornell\.org$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://www\.weillcornell\.org/"
+		to="https://weillcornell.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/weimarnetz.de.xml b/src/chrome/content/rules/weimarnetz.de.xml
new file mode 100644
index 000000000000..31244740e32f
--- /dev/null
+++ b/src/chrome/content/rules/weimarnetz.de.xml
@@ -0,0 +1,46 @@
+<!--
+	www.weimarnetz.de: Mismatched
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- meshkit.weimarnetz.de
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Bug on ^, news, server from ja.ishalt.so ᵘ
+
+	ᵘ Not secured by us <= CAcert
+
+-->
+<ruleset name="Weimarnetz.de">
+
+	<!--	Complications:
+				-->
+	<target host="weimarnetz.de" />
+	<target host="meshkit.weimarnetz.de" />
+	<target host="news.weimarnetz.de" />
+	<target host="server.weimarnetz.de" />
+
+	<!--	Complications:
+				-->
+	<target host="www.weimarnetz.de" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^meshkit\.weimarnetz\.de$" name="^session_id_meshkit$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://www\.weimarnetz\.de/"
+		to="https://weimarnetz.de/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/wellcome.ac.uk.xml b/src/chrome/content/rules/wellcome.ac.uk.xml
new file mode 100644
index 000000000000..9ab0744cd64b
--- /dev/null
+++ b/src/chrome/content/rules/wellcome.ac.uk.xml
@@ -0,0 +1,118 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://grants.wellcome.ac.uk/ => https://grants.wellcome.ac.uk/: (6, 'Could not resolve host: grants.wellcome.ac.uk')
+Fetch error: http://jobs.wellcome.ac.uk/ => https://jobs.wellcome.ac.uk/: (28, 'Connection timed out after 20000 milliseconds')
+
+	The Wellcome Trust
+
+	Other Wellcome Trust rulesets:
+
+		- wellcomelibrary.org.xml
+
+
+	Nonfunctional hosts in *wellcome.ac.uk:
+
+		- (www.)? ᵃ
+		- archives ᵈ
+		- catalogue ᵈ
+		- genome ᵃ
+		- conf.hinxton ᵃ
+		- malaria ᵃ
+		- myprofile ᶠ
+		- spin ᵈ
+		- strategy ᵃ
+
+	ᵃ Shows another domain
+	ᵈ Dropped
+	ᶠ Handshake fails
+
+
+	Problematic hosts in *wellcome.ac.uk:
+
+		- blog ᵐ
+		- film:15151 ᵖ
+		- library ᵐ
+		- libsys ᵐ
+		- thecrunch ᶜ
+
+	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
+	ᵐ Mismatched
+	ᵖ Plaintext reply
+
+
+	These altnames do not exist:
+
+		- www.webmail.hinxton.wellcome.ac.uk
+
+
+	Insecure cookies are set for these hosts:
+
+		- autodiscover.hinxton.wellcome.ac.uk
+		- registration.hinxton.wellcome.ac.uk
+		- wtac.hinxton.wellcome.ac.uk
+
+		- jobs.wellcome.ac.uk
+		- oadeposit.wellcome.ac.uk
+		- thecrunch.wellcome.ac.uk
+		- trustnet.wellcome.ac.uk
+
+
+	Mixed content:
+
+		- Images on thecrunch from $self
+
+-->
+<ruleset name="Wellcome.ac.uk (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="account.wellcome.ac.uk" />
+	<target host="grants.wellcome.ac.uk" />
+
+	<target host="autodiscover.hinxton.wellcome.ac.uk" />
+	<target host="registration.hinxton.wellcome.ac.uk" />
+	<target host="webmail.hinxton.wellcome.ac.uk" />
+	<target host="wtac.hinxton.wellcome.ac.uk" />
+
+	<target host="jobs.wellcome.ac.uk" />
+	<target host="oadeposit.wellcome.ac.uk" />
+	<target host="secure.wellcome.ac.uk" />
+	<!--target host="thecrunch.wellcome.ac.uk" /-->
+	<target host="trustnet.wellcome.ac.uk" />
+	<target host="wtgrants.wellcome.ac.uk" />
+	<target host="wtreset.wellcome.ac.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="library.wellcome.ac.uk" />
+
+		<!--	Set cookie without Secure:
+							-->
+		<!--test url="http://wtac.hinxton.wellcome.ac.uk/portal/DesktopDefault.aspx?e=" /-->
+		<!--test url="http://jobs.wellcome.ac.uk/iRecruit/Home.aspx" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:(?:registration|wtac)\.hinxton|oadeposit|thecrunch)\.wellcome\.ac\.uk$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^(?:autodiscover|webmail)\.hinxton\.wellcome\.ac\.uk$" name="^cadata[\dA-F]{32}$" /-->
+	<!--securecookie host="^jobs\.wellcome\.ac\.uk$" name="^\.ASPXANONYMOUS$" /-->
+	<!--securecookie host="^trustnet\.wellcome\.ac\.uk$" name="^BIGipServer" /-->
+
+	<securecookie host="^\." name="^(?:__qca|_gat?)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<!--	Redirect keeps path and args,
+		but not forward slash:
+					-->
+	<rule from="^http://library\.wellcome\.ac\.uk/+"
+		to="https://wellcomelibrary.org/" />
+
+		<test url="http://library.wellcome.ac.uk/index.htm" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/wellcomelibrary.org.xml b/src/chrome/content/rules/wellcomelibrary.org.xml
new file mode 100644
index 000000000000..6daba9c02567
--- /dev/null
+++ b/src/chrome/content/rules/wellcomelibrary.org.xml
@@ -0,0 +1,63 @@
+<!--
+	For other Wellcome Trust coverage, see wellcome.ac.uk.xml.
+
+
+	Nonfunctional hosts in *wellcomelibrary.org:
+
+		- catalogue *
+		- search ʰ
+
+	* Redirects to login
+	ʰ Redirects to http
+
+
+	Problematic hosts in *wellcomelibrary.org:
+
+		- blog ᶜ
+		- www ᵐ
+
+	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
+	ᵐ Mismatched
+
+-->
+<ruleset name="Wellcome Library.org (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="wellcomelibrary.org" />
+	<!--target host="blog.wellcomelibrary.org" /-->
+
+	<!--	Complications:
+				-->
+	<target host="www.wellcomelibrary.org" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://blog\.wellcomelibrary\.org/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="^http://blog\.wellcomelibrary\.org/+(?!wp-content/)" /-->
+
+			<!--	+ve:
+					-->
+			<!--test url="http://blog.wellcomelibrary.org/author/pharkins/" /-->
+			<!--test url="http://blog.wellcomelibrary.org/tag/seminars/" /-->
+
+			<!--	-ve:
+					-->
+			<!--test url="http://blog.wellcomelibrary.org/wp-content/plugins/add-to-any/addtoany.min.css" /-->
+
+
+	<securecookie host="^\." name="^_gat?$" />
+	<!--securecookie host="^(?!blog\.)\w" name="." /-->
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://www\.wellcomelibrary\.org/"
+		to="https://wellcomelibrary.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/welmers.net.xml b/src/chrome/content/rules/welmers.net.xml
new file mode 100644
index 000000000000..089a826fea54
--- /dev/null
+++ b/src/chrome/content/rules/welmers.net.xml
@@ -0,0 +1,18 @@
+<ruleset name="welmers.net">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="welmers.net" />
+	<target host="www.welmers.net" />
+	<target host="www4.welmers.net" />
+	<target host="www6.welmers.net" />
+	<target host="users.welmers.net" />
+	<target host="gallery.welmers.net" />
+
+
+	<securecookie host="^(www.?|users|gallery)\.welmers\.net$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/wercker.com.xml b/src/chrome/content/rules/wercker.com.xml
new file mode 100644
index 000000000000..f0bed44a1e40
--- /dev/null
+++ b/src/chrome/content/rules/wercker.com.xml
@@ -0,0 +1,26 @@
+<!--
+wercker.com ³
+beta.wercker.com ³
+corp-staging.wercker.com ³
+devcenter-staging.wercker.com ³
+old-devcenter.wercker.com/: (35, 'error:14077458:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 unrecognized name')
+slack.wercker.com ¹
+blog.wercker.com mixed content
+
+
+¹ mismatch
+³ timed out
+-->
+<ruleset name="wercker.com">
+	<target host="www.wercker.com" />
+	<target host="app.wercker.com" />
+	<target host="dev.wercker.com" />
+	<target host="devcenter.wercker.com" />
+
+	<target host="wercker.com" />
+
+	<rule from="^http://wercker\.com/"
+		to="https://www.wercker.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/werkema.com.xml b/src/chrome/content/rules/werkema.com.xml
new file mode 100644
index 000000000000..6ff3537d35ad
--- /dev/null
+++ b/src/chrome/content/rules/werkema.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="werkema.com">
+	<target host="werkema.com" />
+	<target host="www.werkema.com" />
+	
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/wesnoth.org-falsemixed.xml b/src/chrome/content/rules/wesnoth.org-falsemixed.xml
new file mode 100644
index 000000000000..27ae916930d3
--- /dev/null
+++ b/src/chrome/content/rules/wesnoth.org-falsemixed.xml
@@ -0,0 +1,12 @@
+<!--
+	For rules not causing false/broken MCB, see Wesnoth.xml.
+
+-->
+<ruleset name="Wesnoth.org (false MCB)" platform="mixedcontent">
+
+	<target host="collectd.wesnoth.org" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/west-norfolk.gov.uk.xml b/src/chrome/content/rules/west-norfolk.gov.uk.xml
new file mode 100644
index 000000000000..6536639354c7
--- /dev/null
+++ b/src/chrome/content/rules/west-norfolk.gov.uk.xml
@@ -0,0 +1,71 @@
+<!--
+	Borough Council of King's Lynn and West Norfolk
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *west-norfolk.gov.uk:
+
+		- apps ᵇ
+		- democracy ³
+		- homechoice ᵖ
+		- m ᵇ
+
+	³ 403
+	ᵇ Shows default page
+	ᵖ Plaintext reply
+
+
+	Problematic hosts in *west-norfolk.gov.uk:
+
+		- consult ᵐ
+		- mylimehouse ᵐ
+
+	ᵐ Mismatched
+
+
+	These altnames do not exist:
+
+		- mail.west-norfolk.gov.uk
+
+
+	Insecure cookies are set for these domains: ᶜ
+
+		- .www.west-norfolk.gov.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="West-Norfolk.gov.uk (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="west-norfolk.gov.uk" />
+	<target host="autodiscover.west-norfolk.gov.uk" />
+	<target host="owa.west-norfolk.gov.uk" />
+	<target host="parkingpermits.west-norfolk.gov.uk" />
+	<target host="www.west-norfolk.gov.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="consult.west-norfolk.gov.uk" />
+	<target host="mylimehouse.west-norfolk.gov.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.www\.west-norfolk\.gov\.uk$" name="^TestCookie$" /-->
+
+	<securecookie host="^(?!\.west-norfolk\.gov\.uk$)." name=".+" />
+
+
+	<rule from="^http://consult\.west-norfolk\.gov\.uk/"
+		to="https://west-norfolk-consult.objective.co.uk/" />
+
+	<rule from="^http://mylimehouse\.west-norfolk\.gov\.uk/"
+		to="https://west-norfolk.objective.co.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/westberks.gov.uk.xml b/src/chrome/content/rules/westberks.gov.uk.xml
new file mode 100644
index 000000000000..9b78ea1d7afd
--- /dev/null
+++ b/src/chrome/content/rules/westberks.gov.uk.xml
@@ -0,0 +1,157 @@
+<!--
+	West Berkshire Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *westberks.gov.uk:
+
+		- decisionmaking ᵃ
+		- publicaccess ʳ
+		- ww2 ʳ
+
+	ᵃ Shows another domain
+	ʳ Refused
+
+
+	Problematic hosts in *westberks.gov.uk:
+
+		- consult ᵉ ᵐ
+		- fis ᵐ
+		- info ᵐ
+		- scip ᵐ
+		- spocc ᵘ
+
+	ᵉ Expired
+	ᵐ Mismatched
+	ᵘ Untrusted root
+
+
+	Partially covered hosts in *westberks.gov.uk:
+
+		- (www.)?
+		- fis		(→ search3.openobjects.com)
+		- scip		(→ search3.openobjects.com)
+
+
+	Insecure cookies are set for these hosts:
+
+		- restricted.westberks.gov.uk
+		- spocc.westberks.gov.uk
+
+-->
+<ruleset name="West Berks.gov.uk (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="westberks.gov.uk" />
+	<target host="ems.westberks.gov.uk" />
+	<target host="restricted.westberks.gov.uk" />
+	<target host="www.westberks.gov.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="fis.westberks.gov.uk" />
+	<target host="scip.westberks.gov.uk" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://(?:www\.)?westberks\.gov\.uk/(?:index\.aspx\?articleid=(?:26909|27098|27123|27793|27928|27941|28162|28190|28515|28660|29068|29072|29103|29278|29283|29318|29622|30053|30183|30187|30263|31417|32455)$|newlogin$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://(?:www\.)?westberks\.gov\.uk/(?!/*(?:CHttpHandler\.ashx|index\.aspx\?(?:.*&amp;)?articleid=(?:2798[89]|28004|2801[39]|28023|28034|2824[01]|29089|29609|31065|32455)(?:$|&amp;)|media/image/|service/assets/css/|service/template/|servicerequests/(?:describe_case|reg_user)\.aspx|shared/css/|shared/img/))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://westberks.gov.uk/index.aspx?articleid=26909" />
+			<test url="http://westberks.gov.uk/index.aspx?articleid=27098" />
+			<test url="http://westberks.gov.uk/index.aspx?articleid=27123" />
+			<test url="http://westberks.gov.uk/index.aspx?articleid=27793" />
+			<test url="http://westberks.gov.uk/index.aspx?articleid=27928" />
+			<test url="http://westberks.gov.uk/index.aspx?articleid=27941" />
+			<test url="http://westberks.gov.uk/index.aspx?articleid=28162" />
+			<test url="http://westberks.gov.uk/index.aspx?articleid=28190" />
+			<test url="http://westberks.gov.uk/index.aspx?articleid=28515" />
+			<test url="http://westberks.gov.uk/index.aspx?articleid=28660" />
+			<test url="http://westberks.gov.uk/index.aspx?articleid=29068" />
+			<test url="http://westberks.gov.uk/index.aspx?articleid=29072" />
+			<test url="http://westberks.gov.uk/index.aspx?articleid=29103" />
+			<test url="http://westberks.gov.uk/index.aspx?articleid=29278" />
+			<test url="http://westberks.gov.uk/index.aspx?articleid=29283" />
+			<test url="http://westberks.gov.uk/index.aspx?articleid=29318" />
+			<test url="http://westberks.gov.uk/index.aspx?articleid=29622" />
+			<test url="http://westberks.gov.uk/index.aspx?articleid=30053" />
+			<test url="http://westberks.gov.uk/index.aspx?articleid=30183" />
+			<test url="http://westberks.gov.uk/index.aspx?articleid=30187" />
+			<test url="http://westberks.gov.uk/index.aspx?articleid=30263" />
+			<test url="http://westberks.gov.uk/index.aspx?articleid=31417" />
+			<test url="http://westberks.gov.uk/newlogin" />
+
+			<!--	-ve:
+					-->
+			<test url="http://westberks.gov.uk/CHttpHandler.ashx" />
+			<test url="http://westberks.gov.uk/index.aspx?articleid=27988" />
+			<test url="http://westberks.gov.uk/index.aspx?articleid=27989" />
+			<test url="http://westberks.gov.uk/index.aspx?articleid=28004" />
+			<test url="http://westberks.gov.uk/index.aspx?articleid=28013" />
+			<test url="http://westberks.gov.uk/index.aspx?articleid=28019" />
+			<test url="http://westberks.gov.uk/index.aspx?articleid=28023" />
+			<test url="http://westberks.gov.uk/index.aspx?articleid=28034" />
+			<test url="http://westberks.gov.uk/index.aspx?articleid=28240" />
+			<test url="http://westberks.gov.uk/index.aspx?articleid=28241" />
+			<test url="http://westberks.gov.uk/index.aspx?articleid=29089" />
+			<test url="http://westberks.gov.uk/index.aspx?articleid=29609" />
+			<test url="http://westberks.gov.uk/index.aspx?articleid=31065" />
+			<test url="http://westberks.gov.uk/index.aspx?articleid=32455" />
+			<test url="http://westberks.gov.uk/media/image/m/g/consumer_and_environmental_.png" />
+			<test url="http://westberks.gov.uk/service/assets/css/style.css" />
+			<test url="http://westberks.gov.uk/service/template/wbhome/images/top_task_back_311.png" />
+			<test url="http://westberks.gov.uk/servicerequests/describe_case.aspx" />
+			<test url="http://westberks.gov.uk/servicerequests/reg_user.aspx" />
+			<test url="http://westberks.gov.uk/shared/css/print.css" />
+			<test url="http://www.westberks.gov.uk/shared/img/social/icon_social_twitter.png" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?westberks\.gov\.uk$" name="^(?:TextOnlyX|clientvars|mode|screenwidth)$" /-->
+	<!--securecookie host="^(?:restricted|spocc)\.westberks\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^[^.fsw]" name=".+" />
+
+
+	<rule from="^http://(?:fis|scip)\.westberks\.gov\.uk/"
+		to="https://search3.openobjects.com/" />
+
+		<exclusion pattern="^http://(?:fis|scip)\.westberks\.gov\.uk/(?!.+/(?:(?:cs|image)s/|(?:contact|register|sign_in)\.page))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://fis.westberks.gov.uk/kb5/westberkshire/fsd/home.page" />
+			<test url="http://fis.westberks.gov.uk/kb5/westberkshire/fsd/localoffer.page?familychannel=4" />
+			<test url="http://fis.westberks.gov.uk/kb5/westberkshire/fsd/service.page?id=ATxRiDG8sLw" />
+			<test url="http://fis.westberks.gov.uk/kb5/westberkshire/fsd/service.page?id=lm5OFkdzZ9c" />
+			<test url="http://scip.westberks.gov.uk/kb5/westberkshire/asch/home.page" />
+			<test url="http://scip.westberks.gov.uk/kb5/westberkshire/fsd/home.page" />
+			<test url="http://scip.westberks.gov.uk/kb5/westberkshire/fsd/service.page?id=WP2B6ZW3eLM" />
+
+			<!--	-ve:
+					-->
+			<test url="http://fis.westberks.gov.uk/kb5/westberkshire/fsd/contact.page" />
+			<test url="http://fis.westberks.gov.uk/kb5/westberkshire/fsd/css/customer-print.css" />
+			<test url="http://fis.westberks.gov.uk/kb5/westberkshire/fsd/images/customer/wbc_header_logo_white.png" />
+			<test url="http://fis.westberks.gov.uk/kb5/westberkshire/fsd/register.page" />
+			<test url="http://scip.westberks.gov.uk/kb5/westberkshire/asch/contact.page" />
+			<test url="http://scip.westberks.gov.uk/kb5/westberkshire/asch/css/customer.css" />
+			<test url="http://scip.westberks.gov.uk/kb5/westberkshire/asch/images/customer/category_2.jpg" />
+			<test url="http://scip.westberks.gov.uk/kb5/westberkshire/asch/register.page" />
+			<test url="http://scip.westberks.gov.uk/kb5/westberkshire/asch/sign_in.page" />
+			<test url="http://scip.westberks.gov.uk/kb5/westberkshire/fsd/css/jquery-ui-1.8.23.css" />
+			<test url="http://scip.westberks.gov.uk/kb5/westberkshire/fsd/images/icons/email.png" />
+			<test url="http://scip.westberks.gov.uk/kb5/westberkshire/fsd/sign_in.page" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/westbyte.com.xml b/src/chrome/content/rules/westbyte.com.xml
new file mode 100644
index 000000000000..8cb6eadc3410
--- /dev/null
+++ b/src/chrome/content/rules/westbyte.com.xml
@@ -0,0 +1,18 @@
+<!--
+addons.westbyte.com ⁴
+download.westbyte.com ²
+download1.westbyte.com ⁴
+forum.westbyte.com ²
+mail.westbyte.com ¹
+
+
+¹ mismatch
+² refused
+⁴ self signed
+-->
+<ruleset name="westbyte.com">
+	<target host="westbyte.com" />
+	<target host="www.westbyte.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/westlan.ru.xml b/src/chrome/content/rules/westlan.ru.xml
new file mode 100644
index 000000000000..33ab5bdeec0a
--- /dev/null
+++ b/src/chrome/content/rules/westlan.ru.xml
@@ -0,0 +1,10 @@
+<!--
+westlan.ru mismatch
+www.westlan.ru mismatch
+bonus.westlan.ru refused
+-->
+<ruleset name="westlan.ru (partial)">
+	<target host="bill.westlan.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/westlancs.gov.uk.xml b/src/chrome/content/rules/westlancs.gov.uk.xml
new file mode 100644
index 000000000000..7dd6f66b2634
--- /dev/null
+++ b/src/chrome/content/rules/westlancs.gov.uk.xml
@@ -0,0 +1,52 @@
+<!--
+	West Lancashire Borough Council
+
+	For rules causing false/broken MCB, see westlancs.gov.uk-falsemixed.xml.
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *westlancs.gov.uk:
+
+		- (www.)? ᵈ
+		- webapp1 ᵈ
+
+	ᵈ Dropped
+
+
+	Problematic hosts in *westlancs.gov.uk:
+
+		- maps ˣ
+
+	ˣ Mixed css, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+
+	Mixed content:
+
+		- css on maps from serverapi.arcgisonline.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="West Lancs.gov.uk (partial)">
+
+	<!--target host="maps.westlancs.gov.uk" /-->
+	<target host="pa.westlancs.gov.uk" />
+	<target host="secure.westlancs.gov.uk" />
+
+		<!--	$ shows default page, so:
+							-->
+		<!--test url="http://maps.westlancs.gov.uk/wlbclocalplan/" /-->
+
+		<!--	$ redirects to www.westlancs.gov.uk, so:
+								-->
+		<test url="http://secure.westlancs.gov.uk/SelfServe/ServicePage.aspx?servicePath=" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/westlancsdc.gov.uk.xml b/src/chrome/content/rules/westlancsdc.gov.uk.xml
new file mode 100644
index 000000000000..4a9cc96e5ba8
--- /dev/null
+++ b/src/chrome/content/rules/westlancsdc.gov.uk.xml
@@ -0,0 +1,35 @@
+<!--
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *westlancsdc.gov.uk:
+
+		- (www.)? ᵈ
+		- publicaccess ᵈ
+
+	ᵈ Dropped
+
+
+	Problematic hosts in *westlancsdc.gov.uk:
+
+		- online ᵐ
+
+	ᵐ Mismatched
+
+-->
+<ruleset name="West Lancs DC.gov.uk (partial)">
+
+	<!--	Complications:
+				-->
+	<target host="online.westlancsdc.gov.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://online\.westlancsdc\.gov\.uk/"
+		to="https://secure.westlancs.gov.uk/" />
+
+		<test url="http://online.westlancsdc.gov.uk/coins/calendar.asp" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/westlothian.gov.uk-falsemixed.xml b/src/chrome/content/rules/westlothian.gov.uk-falsemixed.xml
new file mode 100644
index 000000000000..362eafb34823
--- /dev/null
+++ b/src/chrome/content/rules/westlothian.gov.uk-falsemixed.xml
@@ -0,0 +1,16 @@
+<!--
+	For rules not causing false/broken MCB, see westlothian.gov.uk.xml
+
+-->
+<ruleset name="West Lothian.gov.uk (false MCB)" platform="mixedcontent">
+
+	<target host="newsletters.westlothian.gov.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/westlothian.gov.uk.xml b/src/chrome/content/rules/westlothian.gov.uk.xml
new file mode 100644
index 000000000000..b90c5a73559b
--- /dev/null
+++ b/src/chrome/content/rules/westlothian.gov.uk.xml
@@ -0,0 +1,55 @@
+<!--
+	West Lothian Council
+
+	For rules causing false/broken MCB, see westlothian.gov.uk-falsemixed.xml
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *westlothian.gov.uk:
+
+		- coins ᵈ
+		- webpac ᵈ
+		- www ᵈ
+
+	ᵈ Dropped
+
+
+	^westlothian.gov.uk does not exist
+
+
+	Insecure cookies are set for these hosts:
+
+		- eforms2.westlothian.gov.uk
+
+
+	Mixed content:
+
+		- css on newsletters from $self ˢ
+		- Images on newsletters from $self ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="West Lothian.gov.uk (partial)">
+
+	<target host="eforms2.westlothian.gov.uk" />
+	<!--target host="newsletters.westlothian.gov.uk" /-->
+	<target host="planning.westlothian.gov.uk" />
+
+		<!--	Sets cookie without Secure:
+							-->
+		<!--test url="http://eforms2.westlothian.gov.uk/counciltaxenquiry/" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^eforms2\.westlothian\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/wetlandpark.gov.hk.xml b/src/chrome/content/rules/wetlandpark.gov.hk.xml
new file mode 100644
index 000000000000..031e2f199830
--- /dev/null
+++ b/src/chrome/content/rules/wetlandpark.gov.hk.xml
@@ -0,0 +1,17 @@
+<!--
+	For other HK government coverage, see GovHK.xml.
+
+	Mismatch:
+		- wetlandpark.gov.hk
+
+	Self-signed:
+		- beta1.wetlandpark.gov.hk
+-->
+<ruleset name="Hong Kong Wetland Park">
+	<target host="wetlandpark.gov.hk" />
+	<target host="www.wetlandpark.gov.hk" />
+
+	<rule from="^http://(www\.)?wetlandpark\.gov\.hk/"
+		to="https://www.wetlandpark.gov.hk/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/wetter.com.xml b/src/chrome/content/rules/wetter.com.xml
new file mode 100644
index 000000000000..9cf46b0a6164
--- /dev/null
+++ b/src/chrome/content/rules/wetter.com.xml
@@ -0,0 +1,103 @@
+<!--
+	wetter.com:
+
+	Invalid certificate:
+		www.at.wetter.com
+		www.ch.wetter.com
+		echtzeit.wetter.com
+		mindup.wetter.com
+		newsletter.wetter.com
+		reise.wetter.com
+		android.rwds2.wetter.com
+		ios.rwds2.wetter.com
+		spiele.wetter.com
+		static[1-2].wetter.com
+		www.zephyros.wetter.com
+
+	Timeout:
+		global.wetter.com
+		hbbtv.wetter.com
+		imgs(-2)?.wetter.com
+		ls[1-2].wetter.com
+		m[1-2].wetter.com
+		maps(-2)?.wetter.com
+		metro.wetter.com
+		pushel.wetter.com
+		search.wetter.com
+		shop.wetter.com
+		stylefinder.wetter.com
+		video.wetter.com
+		videos(-2)?.wetter.com
+		vista.wetter.com
+		wcms3.wetter.com
+		wetterarchiv.wetter.com
+		www5.wetter.com
+
+
+	wettercomassets.com:
+
+	Timeout:
+		wettercomassets.com
+		www.wettercomassets.com
+		lt[1-4].wettercomassets.com
+		lv1.wettercomassets.com
+		m[1-2].wettercomassets.com
+-->
+<ruleset name="wetter.com">
+
+	<!-- wetter.com -->
+
+	<target host="wetter.com" />
+	<target host="www.wetter.com" />
+	<target host="api.wetter.com" />
+	<target host="asapi.wetter.com" />
+	<target host="at.wetter.com" />
+	<target host="boreas.wetter.com" />
+	<target host="ch.wetter.com" />
+	<target host="de.wetter.com" />
+	<target host="gadgets.wetter.com" />
+	<target host="iphone.wetter.com" />
+	<target host="kinder.wetter.com" />
+	<target host="m.wetter.com" />
+	<target host="mobile.wetter.com" />
+	<target host="netzwerk.wetter.com" />
+	<target host="partnerservice.wetter.com" />
+	<target host="rwds2.wetter.com" />
+	<target host="srwds2.wetter.com" />
+	<target host="www.stage.wetter.com" />
+	<target host="at.stage.wetter.com" />
+	<target host="ch.stage.wetter.com" />
+	<target host="netzwerk.stage.wetter.com" />
+	<target host="winter.stage.wetter.com" />
+	<target host="support.wetter.com" />
+	<target host="videobackend.wetter.com" />
+	<target host="w.wetter.com" />
+	<target host="winter.wetter.com" />
+	<target host="woys.wetter.com" />
+	<target host="ww.wetter.com" />
+	<target host="wwww.wetter.com" />
+
+
+	<!-- wettercomassets.com -->
+
+	<target host="cbm3.wettercomassets.com" />
+	<target host="cm3.wettercomassets.com" />
+	<target host="cs1.wettercomassets.com" />
+	<target host="cs2.wettercomassets.com" />
+	<target host="cs3.wettercomassets.com" />
+	<target host="cs4.wettercomassets.com" />
+	<target host="cs5.wettercomassets.com" />
+	<target host="ct3.wettercomassets.com" />
+	<target host="cv.wettercomassets.com" />
+	<target host="cv1.wettercomassets.com" />
+	<target host="cv2.wettercomassets.com" />
+	<target host="ls1.wettercomassets.com" />
+	<target host="ls2.wettercomassets.com" />
+	<target host="sayt.wettercomassets.com" />
+	<target host="sayt2.wettercomassets.com" />
+	<target host="static-radar.wettercomassets.com" />
+	<target host="t1.wettercomassets.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/wh0rd.org.xml b/src/chrome/content/rules/wh0rd.org.xml
new file mode 100644
index 000000000000..ba623c0ed8a5
--- /dev/null
+++ b/src/chrome/content/rules/wh0rd.org.xml
@@ -0,0 +1,13 @@
+<ruleset name="wh0rd.org">
+
+	<target host="wh0rd.org" />
+	<target host="www.wh0rd.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/whatculture.com.xml b/src/chrome/content/rules/whatculture.com.xml
new file mode 100644
index 000000000000..e52803073781
--- /dev/null
+++ b/src/chrome/content/rules/whatculture.com.xml
@@ -0,0 +1,33 @@
+<!--
+	Nonfunctional hosts in *whatculture.com:
+
+		- shop ʰ
+
+	ʰ Redirects to http
+
+
+	www.whatculture.com: shows default page
+
+-->
+<ruleset name="WhatCulture.com (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="whatculture.com" />
+
+	<!--	Complications:
+				-->
+	<target host="www.whatculture.com" />
+
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://www\.whatculture\.com/"
+		to="https://whatculture.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/whatismyreferer.com.xml b/src/chrome/content/rules/whatismyreferer.com.xml
new file mode 100644
index 000000000000..f590944f5bea
--- /dev/null
+++ b/src/chrome/content/rules/whatismyreferer.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="whatismyreferer.com">
+
+	<target host="whatismyreferer.com" />
+	<target host="www.whatismyreferer.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/whatsappbrand.com.xml b/src/chrome/content/rules/whatsappbrand.com.xml
new file mode 100644
index 000000000000..f2a5df792c65
--- /dev/null
+++ b/src/chrome/content/rules/whatsappbrand.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="WhatsApp Brand.com">
+
+	<target host="whatsappbrand.com" />
+	<target host="www.whatsappbrand.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/whitehatters.academy.xml b/src/chrome/content/rules/whitehatters.academy.xml
new file mode 100644
index 000000000000..e8f98f6f58c6
--- /dev/null
+++ b/src/chrome/content/rules/whitehatters.academy.xml
@@ -0,0 +1,21 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://whitehatters.academy/ => https://whitehatters.academy/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.whitehatters.academy/ => https://www.whitehatters.academy/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="Whitehatters.Academy" default_off="failed ruleset test">
+
+	<target host="whitehatters.academy" />
+	<target host="www.whitehatters.academy" />
+
+
+	<securecookie host="^\." name="^ARRAffinity$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/whitehelmets.org.xml b/src/chrome/content/rules/whitehelmets.org.xml
new file mode 100644
index 000000000000..4cde65542b6d
--- /dev/null
+++ b/src/chrome/content/rules/whitehelmets.org.xml
@@ -0,0 +1,29 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- herofund.whitehelmets.org
+		- www.whitehelmets.org
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="White Helmets.org">
+
+	<target host="whitehelmets.org" />
+	<target host="herofund.whitehelmets.org" />
+	<target host="www.whitehelmets.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^herofund\.whitehelmets\.org$" name="^sid$" /-->
+	<!--securecookie host="^www\.whitehelmets\.org$" name="^(?:_aleppo_session|request_method)$" /-->
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/whitehousehistory.org.xml b/src/chrome/content/rules/whitehousehistory.org.xml
new file mode 100644
index 000000000000..11e0ba95cfb6
--- /dev/null
+++ b/src/chrome/content/rules/whitehousehistory.org.xml
@@ -0,0 +1,14 @@
+<ruleset name="White House History.org">
+
+	<target host="whitehousehistory.org" />
+	<target host="www.whitehousehistory.org" />
+
+
+	<securecookie host="^\." name="^(?:incap_ses|visid_incap)_" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/whitelabeldating.com.xml b/src/chrome/content/rules/whitelabeldating.com.xml
new file mode 100644
index 000000000000..a00ef981ee28
--- /dev/null
+++ b/src/chrome/content/rules/whitelabeldating.com.xml
@@ -0,0 +1,28 @@
+<!--
+	(www.)?whitelabeldating.com: Shows default page
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- login.whitelabeldating.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="White Label Dating.com (partial)">
+
+	<target host="login.whitelabeldating.com" />
+	<target host="portal.whitelabeldating.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^login\.whitelabeldating\.com$" name="^_partnger_portal_session$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/whocanivotefor.co.uk.xml b/src/chrome/content/rules/whocanivotefor.co.uk.xml
new file mode 100644
index 000000000000..89c386a15a9e
--- /dev/null
+++ b/src/chrome/content/rules/whocanivotefor.co.uk.xml
@@ -0,0 +1,28 @@
+<!--
+	For other Democracy Lab coverage, see democracyclub.org.uk.xml.
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- whocanivotefor.co.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Who Can I Vote For.co.uk">
+
+	<target host="whocanivotefor.co.uk" />
+	<target host="www.whocanivotefor.co.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^whocanivotefor\.co\.uk$" name="^(?:csrftoken|sessionid)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/whois.net.xml b/src/chrome/content/rules/whois.net.xml
new file mode 100644
index 000000000000..cc20c4120db6
--- /dev/null
+++ b/src/chrome/content/rules/whois.net.xml
@@ -0,0 +1,6 @@
+<ruleset name="whois.net">
+	<target host="whois.net" />
+	<target host="www.whois.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/whoisds.xml b/src/chrome/content/rules/whoisds.xml
new file mode 100644
index 000000000000..d379c975ec8d
--- /dev/null
+++ b/src/chrome/content/rules/whoisds.xml
@@ -0,0 +1,6 @@
+<ruleset name="whoisds.com">
+	<target host="whoisds.com" />
+	<target host="www.whoisds.com" />
+	<target host="mail.whoisds.com" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/whyopencomputing.xml b/src/chrome/content/rules/whyopencomputing.xml
new file mode 100644
index 000000000000..f89b21fb44ad
--- /dev/null
+++ b/src/chrome/content/rules/whyopencomputing.xml
@@ -0,0 +1,35 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://why-opencomputing.com/ => https://why-opencomputing.com/: (51, "SSL: no alternative certificate subject name matches target host name 'why-opencomputing.com'")
+Fetch error: http://www.why-opencomputing.com/ => https://www.why-opencomputing.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.why-opencomputing.com'")
+
+-->
+<ruleset name="why! open computing" default_off="failed ruleset test">
+	<target host="why-opencomputing.com"/>
+	<target host="whyopencomputing.ch"/>
+	<target host="whyopencomputing.com"/>
+	<!-- target host="whyopencomputing.fr"/ currently refused -->
+
+	<target host="www.why-opencomputing.com"/>
+	<target host="www.whyopencomputing.ch"/>
+	<target host="www.whyopencomputing.com"/>
+	<target host="www.whyopencomputing.fr"/>
+
+	<target host="blog.whyopencomputing.ch"/>
+
+	<target host="oem.why-opencomputing.com"/>
+	<target host="oem.whyopencomputing.ch"/>
+	<target host="oem.whyopencomputing.com"/>
+	<target host="oem.whyopencomputing.fr"/>
+
+	<target host="shop.why-opencomputing.com"/>
+	<target host="shop.whyopencomputing.ch"/>
+	<target host="shop.whyopencomputing.com"/>
+	<target host="shop.whyopencomputing.fr"/>
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/wi-fi.hk.xml b/src/chrome/content/rules/wi-fi.hk.xml
new file mode 100644
index 000000000000..06c1efb3a768
--- /dev/null
+++ b/src/chrome/content/rules/wi-fi.hk.xml
@@ -0,0 +1,17 @@
+<!--
+	For other HK government coverage, see GovHK.xml.
+
+	Nonfunctional hosts in *.wi-fi.hk:
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Wi-Fi.HK">
+	<target host="wi-fi.hk" />
+	<target host="www.wi-fi.hk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/widevine.com.xml b/src/chrome/content/rules/widevine.com.xml
new file mode 100644
index 000000000000..08d21362e6a9
--- /dev/null
+++ b/src/chrome/content/rules/widevine.com.xml
@@ -0,0 +1,27 @@
+<!--
+	Not found:
+		owa.widevine.com
+		www.owa.widevine.com
+		secure-internal.widevine.com
+-->
+<ruleset name="Widevine.com">
+
+	<target host="widevine.com" />
+	<target host="www.widevine.com" />
+	<target host="developer.widevine.com" />
+	<target host="integration.widevine.com" />
+	<target host="license.widevine.com" />
+	<target host="integration.uat.widevine.com" />
+	<target host="license.uat.widevine.com" />
+	<target host="proxy.uat.widevine.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<!-- Content not found on https://widevine.com/,
+	http://widevine.com/ redirects to http://www.widevine.com/ -->
+	<rule from="^http://widevine\.com/"
+		to="https://www.widevine.com/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/widgit-online.com.xml b/src/chrome/content/rules/widgit-online.com.xml
new file mode 100644
index 000000000000..eed247e06198
--- /dev/null
+++ b/src/chrome/content/rules/widgit-online.com.xml
@@ -0,0 +1,18 @@
+<!--
+	For other Widgit Software coverage, see widgit.com.xml.
+
+-->
+<ruleset name="Widgit-Online.com">
+
+	<target host="widgit-online.com" />
+	<target host="www.widgit-online.com" />
+
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/widgit.com.xml b/src/chrome/content/rules/widgit.com.xml
new file mode 100644
index 000000000000..7290b73b8a8f
--- /dev/null
+++ b/src/chrome/content/rules/widgit.com.xml
@@ -0,0 +1,22 @@
+<!--
+	Other Widgit Software rulesets:
+
+		- widgit-online.com.xml
+		- widgitonline.com.xml
+
+-->
+<ruleset name="Widgit.com">
+
+	<target host="widgit.com" />
+	<target host="point.widgit.com" />
+	<target host="www.widgit.com" />
+
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/widgitonline.com.xml b/src/chrome/content/rules/widgitonline.com.xml
new file mode 100644
index 000000000000..9fe2c653bf51
--- /dev/null
+++ b/src/chrome/content/rules/widgitonline.com.xml
@@ -0,0 +1,27 @@
+<!--
+	For other Widgit Software coverage, see widgit.com.xml.
+
+
+	Insecure cookies are set for these hosts:
+
+		- widgitonline.com
+
+-->
+<ruleset name="Widgit Online.com">
+
+	<target host="widgitonline.com" />
+	<target host="www.widgitonline.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^widgitonline\.com$" name="^_session_id$" /-->
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/wien.gv.at.xml b/src/chrome/content/rules/wien.gv.at.xml
new file mode 100644
index 000000000000..08f0dd13f8de
--- /dev/null
+++ b/src/chrome/content/rules/wien.gv.at.xml
@@ -0,0 +1,80 @@
+<!--
+(www.)?buechereien.wien.gv.at mismatch
+(www.)?akh.wien.gv.at mismatch
+(www.)?verwaltungsgericht.wien.gv.at mismatch
+(www.)?stadtrechnungshof.wien.gv.at mismatch
+(www.)?verwaltungsgericht.wien.gv.at mismatch
+(www.)?buechereien.wien.gv.at mismatch
+(www.)?akh.wien.gv.at mismatch
+(www.)?stadtrechnungshof.wien.gv.at mismatch
+(www.)?hilfe.wien.gv.at/: (35, 'error:14077458:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 unrecognized name')
+www.m.wien.gv.at mismatch
+(www.)?seestadt.wien.at mismatch
+(www.)?info.wien.at mismatch
+(www.)?virtuellebuecherei.wien.at mismatch
+(www.)?gewaesser.wien.at mismatch
+(www.)?frauen.wien.at mismatch
+(www.)?donaukanal.wien.at mismatch
+(www.)?museen.wien.at mismatch
+(www.)?favoriten.wien.at mismatch
+(www.)?modeschule.wien.at mismatch
+(www.)?sicherheit.wien.at mismatch
+(www.)?bruessel.wien.at mismatch
+(www.)?nordbahnhof.wien.at mismatch
+(www.)?patientenanwalt.wien.at mismatch
+(www.)?liesing.wien.at mismatch
+(www.)?sport.wien.at mismatch
+(www.)?kulturhilft.wien.at mismatch
+(www.)?park.wien.at mismatch
+(www.)?integration.wien.at mismatch
+(www.)?natuerlich.wien.at mismatch
+(www.)?frauennotruf.wien.at mismatch
+(www.)?penzing.wien.at mismatch
+(www.)?alsergrund.wien.at mismatch
+(www.)?oekokauf.wien.at mismatch
+(www.)?kulturgut.wien.at mismatch
+(www.)?marktamt.wien.at mismatch
+(www.)?wetter.wien.at mismatch
+(www.)?musikschule.wien.at mismatch
+(www.)?ma39.wien.at mismatch
+(www.)?safebike.wien.at mismatch
+(www.)?statistik.wien.at mismatch
+(www.)?doebling.wien.at mismatch
+(www.)?josefstadt.wien.at mismatch
+(www.)?donaustrategie.wien.at mismatch
+(www.)?energieplanung.wien.at mismatch
+(www.)?waehring.wien.at mismatch
+(www.)?vorlesungen.wien.at mismatch
+(www.)?schulweg.wien.at mismatch
+(www.)?parkpickerl.wien.at mismatch
+(www.)?donauinsel.wien.at mismatch
+(www.)?brigittenau.wien.at mismatch
+-->
+<ruleset name="wien.gv.at">
+	<target host="wien.gv.at" />
+	<target host="www.wien.gv.at" />
+	<target host="48ertandler.wien.gv.at" />
+	<target host="www.48ertandler.wien.gv.at" />
+	<target host="fluechtlinge.wien.gv.at" />
+	<target host="www.fluechtlinge.wien.gv.at" />
+	<target host="open.wien.gv.at" />
+	<target host="www.open.wien.gv.at" />
+	<target host="smartcity.wien.gv.at" />
+	<target host="www.smartcity.wien.gv.at" />
+	<target host="miteinander.mariahilf.wien.gv.at" />
+	<target host="m.wien.gv.at" />
+	<target host="wien.at" />
+	<target host="www.wien.at" />
+	<target host="gemeinderecht.wien.at" />
+	<target host="www.gemeinderecht.wien.at" />
+	<target host="data.wien.at" />
+	<target host="www.data.wien.at" />
+	<target host="fluechtlinge.wien.at" />
+	<target host="www.fluechtlinge.wien.at" />
+	<target host="open.wien.at" />
+	<target host="www.open.wien.at" />
+	<target host="smartcity.wien.at" />
+	<target host="www.smartcity.wien.at" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/wijgaannaareg.nl.xml b/src/chrome/content/rules/wijgaannaareg.nl.xml
new file mode 100644
index 000000000000..0ab78b66411c
--- /dev/null
+++ b/src/chrome/content/rules/wijgaannaareg.nl.xml
@@ -0,0 +1,13 @@
+<ruleset name="Wij gaan naar EG.nl">
+
+	<target host="wijgaannaareg.nl" />
+	<target host="www.wijgaannaareg.nl" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/wiki.vg.xml b/src/chrome/content/rules/wiki.vg.xml
new file mode 100644
index 000000000000..f7b7b9c97ebf
--- /dev/null
+++ b/src/chrome/content/rules/wiki.vg.xml
@@ -0,0 +1,10 @@
+<!--
+	Connection refused:
+		- email
+-->
+<ruleset name="wiki.vg">
+	<target host="wiki.vg" />
+	<target host="www.wiki.vg" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/wikidot.com.xml b/src/chrome/content/rules/wikidot.com.xml
new file mode 100644
index 000000000000..aec74e9bcdfd
--- /dev/null
+++ b/src/chrome/content/rules/wikidot.com.xml
@@ -0,0 +1,55 @@
+<!--
+	Redirect to HTTP:
+		101.wikidot.com
+		asen.wikidot.com
+		backupstorage.wikidot.com
+		bugs.wikidot.com
+		chatroom.wikidot.com
+		community.wikidot.com
+		community-playground.wikidot.com
+		convert.wikidot.com
+		csi.wikidot.com
+		css.wikidot.com
+		docpl.wikidot.com
+		faq.wikidot.com
+		feedback.wikidot.com
+		forum.wikidot.com
+		forum-template.wikidot.com
+		handbook.wikidot.com
+		incl.wikidot.com
+		irc.wikidot.com
+		irongiant.wikidot.com
+		liblivadia.wikidot.com
+		media.wikidot.com
+		news.wikidot.com
+		packages.wikidot.com
+		pogon.wikidot.com
+		projects.wikidot.com
+		psms.wikidot.com
+		roadmap.wikidot.com
+		as6.s.wikidot.com
+		sasana.wikidot.com
+		spambotdeathwall.wikidot.com
+		shop.wikidot.com
+		snippets.wikidot.com
+		spolecznosc.wikidot.com
+		tlug.wikidot.com
+		translate.wikidot.com
+		try.wikidot.com
+		uml.wikidot.com
+		user-gemeinschaft.wikidot.com
+		veritasbatheo.wikidot.com
+		viotikoskosmos.wikidot.com
+		wikirhye.wikidot.com
+-->
+<ruleset name="wikidot.com (partial)">
+	<target host="wikidot.com" />
+	<target host="www.wikidot.com" />
+	<target host="admindevelopement.wikidot.com" />
+	<target host="blog.wikidot.com" />
+	<target host="bootstrap-playground.wikidot.com" />
+	<target host="themes.wikidot.com" />
+	<target host="www-old.wikidot.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/wikipediocracy.com.xml b/src/chrome/content/rules/wikipediocracy.com.xml
new file mode 100644
index 000000000000..7b01a93b8daa
--- /dev/null
+++ b/src/chrome/content/rules/wikipediocracy.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="wikipediocracy.comu">
+	<target host="wikipediocracy.com" />
+	<target host="www.wikipediocracy.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/wikiwand.com.xml b/src/chrome/content/rules/wikiwand.com.xml
new file mode 100644
index 000000000000..cda63c6221dc
--- /dev/null
+++ b/src/chrome/content/rules/wikiwand.com.xml
@@ -0,0 +1,27 @@
+<!--
+	Insecure cookies are set for these hosts:
+
+		- wikiwand.com
+		- www.wikiwand.com
+
+-->
+<ruleset name="Wikiwand.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="wikiwand.com" />
+	<target host="www.wikiwand.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(www\.)?wikiwand\.com$" name="^wikiwand\.p_c$" /-->
+	<!--securecookie host="^www\.wikiwand\.com$" name="^i18next$" /-->
+
+	<securecookie host="^(?:www\.)?wikiwand\.com$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/wilhelmtux.ch.xml b/src/chrome/content/rules/wilhelmtux.ch.xml
new file mode 100644
index 000000000000..3f04b42f29d9
--- /dev/null
+++ b/src/chrome/content/rules/wilhelmtux.ch.xml
@@ -0,0 +1,14 @@
+<ruleset name="Wilhelm Tux.ch">
+
+	<target host="wilhelmtux.ch" />
+	<target host="wiki.wilhelmtux.ch" />
+	<target host="www.wilhelmtux.ch" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/wilkinsons-auctioneers.co.uk.xml b/src/chrome/content/rules/wilkinsons-auctioneers.co.uk.xml
new file mode 100644
index 000000000000..dfb51f6fa7ea
--- /dev/null
+++ b/src/chrome/content/rules/wilkinsons-auctioneers.co.uk.xml
@@ -0,0 +1,13 @@
+<ruleset name="Wilkinsons-Auctioneers.co.uk">
+
+	<target host="wilkinsons-auctioneers.co.uk" />
+	<target host="www.wilkinsons-auctioneers.co.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/wiltshire.police.uk-resources.xml b/src/chrome/content/rules/wiltshire.police.uk-resources.xml
new file mode 100644
index 000000000000..d884e43e77d0
--- /dev/null
+++ b/src/chrome/content/rules/wiltshire.police.uk-resources.xml
@@ -0,0 +1,56 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.wiltshire.police.uk/cache/widgetkit/widgetkit-a8627bc1.css => https://www.wiltshire.police.uk/cache/widgetkit/widgetkit-a8627bc1.css: Too many redirects while fetching 'https://www.wiltshire.police.uk/cache/widgetkit/widgetkit-a8627bc1.css'
+
+	For rules covering more than resources, see wiltshire.police.uk.xml.
+
+	Note: platform is so as not to increase non-Tor
+	distinguishability, given that no pages are covered
+	and no mixed content secured.
+
+-->
+<ruleset name="Wiltshire.Police.uk (resources)" platform="mixedcontent" default_off="failed ruleset test">
+
+	<target host="www.wiltshire.police.uk" />
+
+		<exclusion pattern="^http://www\.wiltshire\.police\.uk/(?!/*(?:cache|components|images|media|modules|plugins|templates)/)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.wiltshire.police.uk/contact-us/click-on" />
+			<test url="http://www.wiltshire.police.uk/contact-us/click-on/222-contact-us/click-on/151-report-a-crime-online" />
+			<test url="http://www.wiltshire.police.uk/contact-us/click-on/policy-procedural-complaint" />
+			<test url="http://www.wiltshire.police.uk/contact-us/click-on/staff-complaint" />
+			<test url="http://www.wiltshire.police.uk/contact-us/what-is-the-best-way-to-contact-us" />
+			<test url="http://www.wiltshire.police.uk/contact-us/write-in" />
+			<test url="http://www.wiltshire.police.uk/departments/diversity-community-affairs/hate-crime/report-a-hate-crime" />
+			<test url="http://www.wiltshire.police.uk/horizon" />
+
+			<!--	-ve:
+					-->
+			<test url="http://www.wiltshire.police.uk/cache/widgetkit/widgetkit-a8627bc1.css" />
+			<test url="http://www.wiltshire.police.uk/components/com_rsform/assets/themes/green/images/bg-input.gif" />
+			<test url="http://www.wiltshire.police.uk/images/logos/twitter.png" />
+			<test url="http://www.wiltshire.police.uk/media/system/images/arrow.png" />
+			<test url="http://www.wiltshire.police.uk/modules/mod_gtranslate/tmpl/lang/blank.png" />
+			<test url="http://www.wiltshire.police.uk/plugins/content/itpsocialbuttons/images/classy/twitter.png" />
+			<test url="http://www.wiltshire.police.uk/templates/yoo_balance/css/extensions.css" />
+
+		<!--	Avoid possible XHR problems:
+							-->
+		<exclusion pattern="^http://www\.wiltshire\.police\.uk/.+\.js(?:on)?(?:$|\?)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.wiltshire.police.uk/cache/widgetkit/widgetkit-02b341f4.js" />
+			<test url="http://www.wiltshire.police.uk/media/jui/js/bootstrap.min.js" />
+			<test url="http://www.wiltshire.police.uk/media/jui/js/jquery-migrate.min.js" />
+			<test url="http://www.wiltshire.police.uk/media/jui/js/jquery-noconflict.js" />
+			<test url="http://www.wiltshire.police.uk/templates/yoo_balance/warp/js/dropdownmenu.js" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/wiltshire.police.uk.xml b/src/chrome/content/rules/wiltshire.police.uk.xml
new file mode 100644
index 000000000000..fcb44259926c
--- /dev/null
+++ b/src/chrome/content/rules/wiltshire.police.uk.xml
@@ -0,0 +1,88 @@
+<!--
+	For rules covering resources which do not secure
+	mixed content, see wiltshire.police.uk-resources.xml.
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	These altnames do not exist:
+
+		- wiltshire.police.uk
+
+-->
+<ruleset name="Wiltshire.Police.uk (partial)">
+
+	<target host="www.wiltshire.police.uk" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.wiltshire\.police\.uk/(?:$|contact-us/click-on(?:$/click-on/222-contact-us/click-on/151-report-a-crime-online$|/click-on/policy-procedural-complaint$|/click-on/staff-complaint$)|contact-us/what-is-the-best-way-to-contact-us$|information/faqs$|news/appeals/\d+-[\w-]+$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="^http://www\.wiltshire\.police\.uk/(?!/*(?:(?:cache|components|images|media|modules|plugins|templates)/|contact-us(?:/click-on/domestic-abuse-contact-form|/click-on/sarah-s-law/child-sex-offenders-disclosure-form)?(?:$|\?)))" /-->
+		<!--
+			Do not increase non-Tor distinguishability:
+									-->
+		<exclusion pattern="^http://www\.wiltshire\.police\.uk/(?!/*contact-us(?:/click-on/domestic-abuse-contact-form|/click-on/sarah-s-law/child-sex-offenders-disclosure-form)?(?:$|\?))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.wiltshire.police.uk/contact-us/click-on" />
+			<test url="http://www.wiltshire.police.uk/contact-us/click-on/222-contact-us/click-on/151-report-a-crime-online" />
+			<test url="http://www.wiltshire.police.uk/contact-us/click-on/policy-procedural-complaint" />
+			<!--
+				(srsly:)
+					-->
+			<test url="http://www.wiltshire.police.uk/contact-us/click-on/staff-complaint" />
+			<test url="http://www.wiltshire.police.uk/contact-us/what-is-the-best-way-to-contact-us" />
+			<test url="http://www.wiltshire.police.uk/contact-us/write-in" />
+			<!--
+			<test url="http://www.wiltshire.police.uk/departments/diversity-community-affairs/hate-crime/report-a-hate-crime" />
+			<test url="http://www.wiltshire.police.uk/horizon" />
+			<test url="http://www.wiltshire.police.uk/horizon/horizon-contact-us" />
+			<test url="http://www.wiltshire.police.uk/information" />
+			<test url="http://www.wiltshire.police.uk/information/faqs" />
+			<test url="http://www.wiltshire.police.uk/news" />
+			<test url="http://www.wiltshire.police.uk/news/appeals/2644-witness-appeal-rogue-traders-in-sallisbury" />
+			<test url="http://www.wiltshire.police.uk/search" />
+			-->
+
+			<!--	-ve:
+					-->
+			<!--
+			<test url="http://www.wiltshire.police.uk/cache/widgetkit/widgetkit-a8627bc1.css" />
+			<test url="http://www.wiltshire.police.uk/components/com_rsform/assets/themes/green/images/bg-input.gif" />
+			-->
+			<test url="http://www.wiltshire.police.uk/contact-us" />
+			<test url="http://www.wiltshire.police.uk/contact-us/click-on/domestic-abuse-contact-form" />
+			<test url="http://www.wiltshire.police.uk/contact-us/click-on/sarah-s-law/child-sex-offenders-disclosure-form" />
+			<!--
+			<test url="http://www.wiltshire.police.uk/images/logos/twitter.png" />
+			<test url="http://www.wiltshire.police.uk/media/system/images/arrow.png" />
+			<test url="http://www.wiltshire.police.uk/modules/mod_gtranslate/tmpl/lang/blank.png" />
+			<test url="http://www.wiltshire.police.uk/plugins/content/itpsocialbuttons/images/classy/twitter.png" />
+			<test url="http://www.wiltshire.police.uk/templates/yoo_balance/css/extensions.css" />
+			-->
+
+		<!--	Avoid possible XHR problems:
+							-->
+		<!--
+		<exclusion pattern="^http://www\.wiltshire\.police\.uk/.+\.js(?:on)?(?:$|\?)" />
+		-->
+
+			<!--	+ve:
+					-->
+			<!--
+			<test url="http://www.wiltshire.police.uk/cache/widgetkit/widgetkit-02b341f4.js" />
+			<test url="http://www.wiltshire.police.uk/media/jui/js/bootstrap.min.js" />
+			<test url="http://www.wiltshire.police.uk/media/jui/js/jquery-migrate.min.js" />
+			<test url="http://www.wiltshire.police.uk/media/jui/js/jquery-noconflict.js" />
+			<test url="http://www.wiltshire.police.uk/templates/yoo_balance/warp/js/dropdownmenu.js" />
+			-->
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/wiltsmessaging.co.uk.xml b/src/chrome/content/rules/wiltsmessaging.co.uk.xml
new file mode 100644
index 000000000000..57d7f940632b
--- /dev/null
+++ b/src/chrome/content/rules/wiltsmessaging.co.uk.xml
@@ -0,0 +1,13 @@
+<ruleset name="wiltsmessaging.co.uk">
+
+	<target host="wiltsmessaging.co.uk" />
+	<target host="www.wiltsmessaging.co.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/windows93.net.xml b/src/chrome/content/rules/windows93.net.xml
new file mode 100644
index 000000000000..e005f30b7f01
--- /dev/null
+++ b/src/chrome/content/rules/windows93.net.xml
@@ -0,0 +1,13 @@
+<ruleset name="windows93.net">
+	<target host="windows93.net" />
+	<target host="www.windows93.net" />
+	<target host="myspace.windows93.net" />
+	<target host="radio.windows93.net" />
+	<target host="v0.windows93.net" />
+	<target host="v1.windows93.net" />
+	<target host="v2.windows93.net" />
+	<target host="v3.windows93.net" />
+
+	<rule from="^http://windows93\.net/" to="https://www.windows93.net/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/windstar.com.xml b/src/chrome/content/rules/windstar.com.xml
new file mode 100644
index 000000000000..a20671826336
--- /dev/null
+++ b/src/chrome/content/rules/windstar.com.xml
@@ -0,0 +1,24 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- trr.windstar.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="windstar.com">
+
+	<target host="trr.windstar.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^trr\.windstar\.com$" name="^WINDSTAR_CLIENT_SESSION$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/winehq.org.ru.xml b/src/chrome/content/rules/winehq.org.ru.xml
new file mode 100644
index 000000000000..8936d6851b41
--- /dev/null
+++ b/src/chrome/content/rules/winehq.org.ru.xml
@@ -0,0 +1,15 @@
+<!--
+	Problematic subdomains:
+		www.winehq.org.ru (certificate mismatch)
+
+	Invalid certificate:
+		appdb.winehq.org.ru
+		new.appdb.winehq.org.ru
+-->
+<ruleset name="winehq.org.ru">
+	<target host="winehq.org.ru" />
+	<target host="www.winehq.org.ru" />
+
+	<rule from="^http://www\.winehq\.org\.ru/" to="https://winehq.org.ru/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/winxdvd.com.xml b/src/chrome/content/rules/winxdvd.com.xml
new file mode 100644
index 000000000000..b05b416fce20
--- /dev/null
+++ b/src/chrome/content/rules/winxdvd.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="winxdvd.com">
+	<target host="winxdvd.com" />
+	<target host="www.winxdvd.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/wipe.de.xml b/src/chrome/content/rules/wipe.de.xml
new file mode 100644
index 000000000000..1fd96ce9a331
--- /dev/null
+++ b/src/chrome/content/rules/wipe.de.xml
@@ -0,0 +1,24 @@
+<!--
+
+		No host:
+		- wipe.de
+		- www.wipe.de
+
+		Mismatch:
+		- pub.oy1.oe.wipe.de
+
+		Timeout:
+		- affiliate.oe.wipe.de
+		- adjump.gewusst-wo.wipe.de
+		- adjump.informiert.wipe.de
+
+-->
+
+<ruleset name="wipe.de">
+        <target host="wwa.wipe.de" />
+        <target host="wa.wipe.de" />
+        <target host="wpt.wipe.de" />
+
+        <rule from="^http:"
+                to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/wired.co.uk.xml b/src/chrome/content/rules/wired.co.uk.xml
new file mode 100644
index 000000000000..60797809c4e7
--- /dev/null
+++ b/src/chrome/content/rules/wired.co.uk.xml
@@ -0,0 +1,35 @@
+<!--
+	For other Condé Nast coverage, see Conde-Nast.xml.
+
+
+	CDN buckets:
+
+		- s3.amazonaws.com/img.wired.co.uk/	| d2f0ban6dhfdsw.cloudfront.net
+			- AWS permanently redirects.
+
+	Refused:
+		wired.co.uk
+
+	Invalid certificate:
+		cdni.wired.co.uk
+
+	No working URL known:
+		app.wired.co.uk
+
+-->
+<ruleset name="Wired.co.uk">
+
+	<target host="wired.co.uk" />
+	<target host="www.wired.co.uk" />
+	<target host="cdni.wired.co.uk" />
+
+	<rule from="^http://wired\.co\.uk/"
+		to="https://www.wired.co.uk/" />
+
+	<rule from="^http://cdni\.wired\.co\.uk/"
+		to="https://d2f0ban6dhfdsw.cloudfront.net/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/wiremask.eu.xml b/src/chrome/content/rules/wiremask.eu.xml
new file mode 100644
index 000000000000..eec4e0bd5ddb
--- /dev/null
+++ b/src/chrome/content/rules/wiremask.eu.xml
@@ -0,0 +1,13 @@
+<ruleset name="Wiremask.eu">
+
+	<target host="wiremask.eu" />
+	<target host="www.wiremask.eu" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/wiroos.com.xml b/src/chrome/content/rules/wiroos.com.xml
new file mode 100644
index 000000000000..51faaf86f979
--- /dev/null
+++ b/src/chrome/content/rules/wiroos.com.xml
@@ -0,0 +1,30 @@
+<!--
+	Insecure cookies are set for these domains and hosts:
+
+		- wiroos.com
+		- .wiroos.com
+		- clientes.wiroos.com
+		- www.wiroos.com
+
+-->
+<ruleset name="Wiroos.com">
+
+	<target host="wiroos.com" />
+	<target host="clientes.wiroos.com" />
+	<target host="www.wiroos.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?wiroos\.com$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^\.wiroos\.com$" name="^language$" /-->
+	<!--securecookie host="^clientes\.wiroos\.com$" name="^WHMCS\w+$" /-->
+
+	<securecookie host="^\." name="^language$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/wisdomweb.ru.xml b/src/chrome/content/rules/wisdomweb.ru.xml
new file mode 100644
index 000000000000..14ee1633090e
--- /dev/null
+++ b/src/chrome/content/rules/wisdomweb.ru.xml
@@ -0,0 +1,31 @@
+<!--
+	Invalid certificate:
+		autoconfig.wisdomweb.ru
+		ftp.wisdomweb.ru
+		autodiscover.raybreaker.wisdomweb.ru
+		webmail.raybreaker.wisdomweb.ru
+		autodiscover.raytheme.wisdomweb.ru
+		webmail.raytheme.wisdomweb.ru
+		autodiscover.rumpire.wisdomweb.ru
+		webmail.rumpire.wisdomweb.ru
+
+	Refused:
+		localhost.wisdomweb.ru
+-->
+<ruleset name="wisdomweb.ru">
+	<target host="wisdomweb.ru" />
+	<target host="www.wisdomweb.ru" />
+	<target host="autodiscover.wisdomweb.ru" />
+	<target host="cpanel.wisdomweb.ru" />
+	<target host="mail.wisdomweb.ru" />
+	<target host="raybreaker.wisdomweb.ru" />
+	<target host="www.raybreaker.wisdomweb.ru" />
+	<target host="raytheme.wisdomweb.ru" />
+	<target host="www.raytheme.wisdomweb.ru" />
+	<target host="rumpire.wisdomweb.ru" />
+	<target host="www.rumpire.wisdomweb.ru" />
+	<target host="webdisk.wisdomweb.ru" />
+	<target host="webmail.wisdomweb.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/wku.edu.xml b/src/chrome/content/rules/wku.edu.xml
new file mode 100644
index 000000000000..62a2aa261f49
--- /dev/null
+++ b/src/chrome/content/rules/wku.edu.xml
@@ -0,0 +1,147 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ecas-sso.wku.edu/ => https://ecas-sso.wku.edu/: (6, 'Could not resolve host: ecas-sso.wku.edu')
+
+	Western Kentucky University
+
+	Other Western Kentucky University rulesets:
+
+		- wkustore.com.xml
+
+
+	Nonfunctional hosts in *wku.edu:
+
+		- acadmedia ⁴
+		- astro ʳ
+		- climlist ᵃ
+		- orgs ᵃ
+		- physics ʳ
+		- rct ʳ
+		- social *
+
+	* Erroneous redirect
+	⁴ 404
+	ᵃ Shows another domain
+	ʳ Refused
+
+
+	Problematic hosts in *wku.edu:
+
+		- (www.)?alumni ᵐ
+		- engineering.blog ᵐ
+		- honorsadvising.blog ᵐ
+		- (www.)?bookstore ᵐ
+		- digitalcommons ᵐ
+		- portal ʰ
+		- topnet ᵐ
+		- webmail ᵐ
+
+	ʰ Redirects to http, preemptable redirect
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- .wku.edu
+		- adweb01.wku.edu
+		- apps.wku.edu
+		- blackboard.wku.edu
+		- cpdonline.wku.edu
+		- email.wku.edu
+		- my.wku.edu
+		- td.wku.edu
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Image on (www.)? from img.youtube.com ˢ
+
+		- Bugs, on:
+
+			- alumni from www.facebook.com ˢ
+			- alumni from www.intagme.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="WKU.edu (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="wku.edu" />
+	<target host="acsapps.wku.edu" />
+	<target host="adweb01.wku.edu" />
+	<target host="apps.wku.edu" />
+	<target host="asaweb2.wku.edu" />
+	<target host="blackboard.wku.edu" />
+	<target host="blog.wku.edu" />
+	<target host="cas.wku.edu" />
+	<target host="cpdonline.wku.edu" />
+	<target host="connect.wku.edu" />
+	<target host="ecas-sso.wku.edu" />
+	<target host="email.wku.edu" />
+	<target host="intranet.wku.edu" />
+	<target host="itweb.wku.edu" />
+	<target host="my.wku.edu" />
+	<target host="mystuff.wku.edu" />
+	<target host="people.wku.edu" />
+	<target host="td.wku.edu" />
+	<target host="www.wku.edu" />
+
+		<!--	Sets cookies without Secure:
+							-->
+		<!--test url="http://apps.wku.edu/iwku/lab-traffic/?theme=mywku" /-->
+		<!--test url="http://intranet.wku.edu/php/prod/mystuff/index.php" /-->
+
+	<!--	Complications:
+				-->
+	<target host="bookstore.wku.edu" />
+	<target host="www.bookstore.wku.edu" />
+	<target host="portal.wku.edu" />
+	<target host="webmail.wku.edu" />
+
+		<!--	404:
+				-->
+		<!--test url="http://acadmedia.wku.edu/UC100/links/kheaa_fedfinaid.html" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.wku\.edu$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^(?:adweb01|td)\.wku\.edu$" name="^ASP\.NET_SessionId$" /-->
+	<!--securecookie host="^apps\.wku\.edu$" name="^(?:PHPSESSID|iwkutheme)$" /-->
+	<!--securecookie host="^(?:blackboard|cpdonline)\.wku\.edu$" name="^session_id$" /-->
+	<!--securecookie host="^email\.wku\.edu$" name="^(?:cadata|sessionid)$" /-->
+	<!--securecookie host="^my\.wku\.edu$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<!--	Redirect drops all:
+					-->
+	<rule from="^http://(?:www\.)?bookstore\.wku\.edu/.*"
+		to="https://www.wkustore.com/" />
+
+	<!--	Redirect kees path and args,
+		but not forward slash:
+					-->
+	<rule from="^http://portal\.wku\.edu/+"
+		to="https://www.wku.edu/it/portal-redirect/" />
+
+		<test url="http://portal.wku.edu/index.php" />
+
+	<!--	Redirect kees path and args,
+		but not forward slash:
+					-->
+	<rule from="^http://webmail\.wku\.edu/+"
+		to="https://www.wku.edu/it/webmail" />
+
+		<test url="http://webmail.wku.edu/index.php" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/wkustore.com.xml b/src/chrome/content/rules/wkustore.com.xml
new file mode 100644
index 000000000000..e7ae8c33582e
--- /dev/null
+++ b/src/chrome/content/rules/wkustore.com.xml
@@ -0,0 +1,36 @@
+<!--
+	For other Western Kentucky University coverage, see wku.edu.xml.
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- wkustore.com
+		- www.wkustore.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css from fonts.googleapis.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="WKU Store.com">
+
+	<target host="wkustore.com" />
+	<target host="www.wkustore.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?wkustore\.com$" name="^(?:\.ASPXANONYMOUS|ASP\.NET_SessionId)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/wlresources.com.xml b/src/chrome/content/rules/wlresources.com.xml
new file mode 100644
index 000000000000..2a1d5653b8af
--- /dev/null
+++ b/src/chrome/content/rules/wlresources.com.xml
@@ -0,0 +1,68 @@
+<ruleset name="wlresources.com">
+
+	<target host="img.wlresources.com" />
+	<target host="img0.wlresources.com" />
+	<target host="img1.wlresources.com" />
+	<target host="img2.wlresources.com" />
+	<target host="img3.wlresources.com" />
+	<target host="img4.wlresources.com" />
+	<target host="img5.wlresources.com" />
+	<target host="img6.wlresources.com" />
+	<target host="img7.wlresources.com" />
+	<target host="img8.wlresources.com" />
+	<target host="img9.wlresources.com" />
+	<target host="medianew.wlresources.com" />
+	<target host="s.wlresources.com" />
+	<target host="s0.wlresources.com" />
+	<target host="s1.wlresources.com" />
+	<target host="s2.wlresources.com" />
+	<target host="s3.wlresources.com" />
+	<target host="s4.wlresources.com" />
+	<target host="s5.wlresources.com" />
+	<target host="s6.wlresources.com" />
+	<target host="s7.wlresources.com" />
+	<target host="s8.wlresources.com" />
+	<target host="s9.wlresources.com" />
+
+		<!--	Avoid potential XHR problems:
+							-->
+		<exclusion pattern="\.js(?:$|\?)" />
+
+			<!--	+ve:
+					-->
+			<test url="http://s1.wlresources.com/xlove/v2/js/common.js" />
+			<test url="http://s1.wlresources.com/xlove/v2/js/fancybox/v2.1.5/jquery.fancybox.js" />
+			<test url="http://s1.wlresources.com/xlove/v2/js/jquery.dropdown.min.js" />
+			<test url="http://s1.wlresources.com/xlove/v2/js/noUiSlider/jquery.nouislider.min.js" />
+			<test url="http://s1.wlresources.com/xlove/v2/js/template3_header.js" />
+			<test url="http://s2.wlresources.com/xlove/sp/js/adapter.min.js" />
+			<test url="http://s2.wlresources.com/xlove/sp/js/spImgOnly.min.js" />
+			<test url="http://s2.wlresources.com/xlove/sp/js/streamPlayer.min.js" />
+			<test url="http://s4.wlresources.com/vendor/check.js" />
+			<test url="http://s4.wlresources.com/vendor/internal/js/canvas.js" />
+			<test url="http://s4.wlresources.com/vendor/internal/js/string.js" />
+			<test url="http://s4.wlresources.com/vendor/jqaddon/flexslider/v2.5/flexslider.min.js" />
+			<test url="http://s4.wlresources.com/vendor/jquery/v1/jquery-1.11.3.min.js" />
+
+		<test url="http://img.wlresources.com/img_trans.gif" /><!--	.04KB -->
+		<test url="http://img0.wlresources.com/model/mylove4you-sex-cam-live-show-44-36844.jpg" /><!--	9.26K -->
+		<test url="http://img1.wlresources.com/model/laureanne-sex-cam-live-show-52-143152.jpg" /><!--	9.71K -->
+		<test url="http://img2.wlresources.com/model/kinkystuffforu-sex-cam-live-show-71-162771.jpg" /><!--	9.34K -->
+		<test url="http://img3.wlresources.com/model/loveprivateforyou-sex-cam-live-show-47-95447.jpg" /><!--	11.52K -->
+		<test url="http://img4.wlresources.com/model/chaudeechatte-sex-cam-live-show-14-149214.jpg" /><!--	8.68K -->
+		<test url="http://img5.wlresources.com/model/yourtastysparkle-sex-cam-live-show-20-163220.jpg" /><!--	8.13KB -->
+		<test url="http://img8.wlresources.com/model/dalilasweet-sex-cam-live-show-90-267990.jpg" /><!--	7.58KB -->
+		<test url="http://img9.wlresources.com/model/alessiafountaine-sex-cam-live-show-29-295929.jpg" /><!--	7.35KB -->
+		<test url="http://medianew.wlresources.com/img/flag/nl.png" /><!--	.42KB -->
+		<test url="http://s1.wlresources.com/xlove/v2/css/extra/jquery.dropdown.min.css" /><!--	1.58KB -->
+		<test url="http://s4.wlresources.com/vendor/internal/xlove/tipIcon/v2/css/main.css" /><!--	3.27KB -->
+		<test url="http://s8.wlresources.com/xlove/v2/css/gen-6.css" /><!--	3.27KB -->
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/woking.gov.uk.xml b/src/chrome/content/rules/woking.gov.uk.xml
new file mode 100644
index 000000000000..7e704abc6b9f
--- /dev/null
+++ b/src/chrome/content/rules/woking.gov.uk.xml
@@ -0,0 +1,94 @@
+<!--
+	Woking Borough Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *woking.gov.uk:
+
+		- caps ʳ
+		- datashare ᵃ
+		- dsdocs ᵃ
+		- petitions ᵗ
+
+	ᵃ Shows another domain
+	ʳ Refused
+	ᵗ Reset
+
+
+	These altnames do not exist:
+
+		- www.eforms.woking.gov.uk
+		- www.my.woking.gov.uk
+
+-->
+<ruleset name="Woking.gov.uk (partial)">
+
+	<target host="woking.gov.uk" />
+	<target host="eforms.woking.gov.uk" />
+	<target host="my.woking.gov.uk" />
+	<target host="selfservice.woking.gov.uk" />
+	<target host="www.woking.gov.uk" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.woking\.gov\.uk/(?:$|apply$|community$|contact$|gateway/register$|pay$|report$)" /-->
+		<!--
+			Exceptions:
+
+			(namely, resources & form redirects)
+								-->
+		<exclusion pattern="^http://(?:www\.)?woking\.gov\.uk/(?!/*(?:(?:community/edsi/harm|community/edsi/harm/harrasdisc|contact/form|council/election/electoraloffences/fraudform|environment/env(?:crime/flytipping/flypostingform|services/deadanimals/deadanimalsform|services/publictoilets/publictoiletsreportform)|gateway/for(?:gotpin|pass)|transport/streets/(?:boroughboundarysigns/boundarysigns|busshelters/bussheltersform|footpaths/footpathspavementsform))(?:$|\?)|images/|res/))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.woking.gov.uk/apply" />
+			<test url="http://www.woking.gov.uk/az" />
+			<test url="http://www.woking.gov.uk/community/edsi/harm/dov" />
+			<test url="http://www.woking.gov.uk/contact" />
+			<test url="http://www.woking.gov.uk/contact/media" />
+			<test url="http://www.woking.gov.uk/council/election/electoraloffences" />
+			<test url="http://www.woking.gov.uk/environment/envcrime" />
+			<test url="http://www.woking.gov.uk/environment/envcrime/flytipping" />
+			<test url="http://www.woking.gov.uk/environment/envservices" />
+			<test url="http://www.woking.gov.uk/environment/envservices/deadanimals" />
+			<test url="http://www.woking.gov.uk/environment/wasterecycle/gardenwastecomposting/gardenwastecollection/gardenwasteonline" />
+			<test url="http://www.woking.gov.uk/environment/wasterecycle/gardenwastecomposting/gardenwastecollection/gardenwasteonline/renew" />
+			<test url="http://www.woking.gov.uk/gateway" />
+			<test url="http://www.woking.gov.uk/gateway/register" />
+			<test url="http://www.woking.gov.uk/housing" />
+			<test url="http://www.woking.gov.uk/housing/privatesectorhousing/emptyhomes" />
+			<test url="http://www.woking.gov.uk/pay" />
+			<test url="http://www.woking.gov.uk/planning/makeplanningapplication" />
+			<test url="http://www.woking.gov.uk/report" />
+			<test url="http://www.woking.gov.uk/transport/parking" />
+			<test url="http://www.woking.gov.uk/transport/streets" />
+			<test url="http://www.woking.gov.uk/transport/streets/busshelters" />
+			<test url="http://www.woking.gov.uk/woking/visit/todo/whatson" />
+
+			<!--	-ve:
+					-->
+			<test url="http://woking.gov.uk/community/edsi/harm" />
+			<test url="http://woking.gov.uk/community/edsi/harm/harrasdisc" />
+			<test url="http://woking.gov.uk/contact/form" />
+			<test url="http://woking.gov.uk/council/election/electoraloffences/fraudform" />
+			<test url="http://woking.gov.uk/environment/envcrime/flytipping/flypostingform" />
+			<test url="http://woking.gov.uk/environment/envservices/deadanimals/deadanimalsform" />
+			<test url="http://woking.gov.uk/environment/envservices/publictoilets/publictoiletsreportform" />
+			<test url="http://www.woking.gov.uk/gateway/forgotpin" />
+			<test url="http://www.woking.gov.uk/gateway/forpass" />
+			<test url="http://www.woking.gov.uk/images/homepage/gateway.gif" />
+			<test url="http://www.woking.gov.uk/res/frameworks/default/chrome/back_to_top.gif" />
+			<test url="http://www.woking.gov.uk/res/frameworks/default/css/twitter2.css" />
+			<test url="http://www.woking.gov.uk/transport/streets/boroughboundarysigns/boundarysigns" />
+			<test url="http://www.woking.gov.uk/transport/streets/busshelters/bussheltersform" />
+			<test url="http://www.woking.gov.uk/transport/streets/footpaths/footpathspavementsform" />
+
+
+	<securecookie host="^(?!www\.)\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/wokingham.gov.uk.xml b/src/chrome/content/rules/wokingham.gov.uk.xml
new file mode 100644
index 000000000000..55222726ce53
--- /dev/null
+++ b/src/chrome/content/rules/wokingham.gov.uk.xml
@@ -0,0 +1,112 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://wokingham.gov.uk/EasySiteWeb/EasySite/StyleData/Wokingham_Page_2014/CSS/EasySite_FF.css => https://wokingham.gov.uk/EasySiteWeb/EasySite/StyleData/Wokingham_Page_2014/CSS/EasySite_FF.css: (51, "SSL: no alternative certificate subject name matches target host name 'wokingham.gov.uk'")
+Fetch error: http://www.wokingham.gov.uk/contacts/ => https://www.wokingham.gov.uk/contacts/: Too many redirects while fetching 'https://www.wokingham.gov.uk/contacts/'
+
+	Wokingham Borough Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *wokingham.gov.uk:
+
+		- consultations ⁴
+
+	⁴ 400
+
+
+	Problematic hosts in *wokingham.gov.uk:
+
+		- childrenincarecouncil ᵐ
+		- fostering ᵐ
+		- info ᵐ
+		- wsh ᵐ
+
+	ᵐ Mismatched
+
+
+	Partially covered hosts in *wokingham.gov.uk:
+
+		- (www.)? ʰ
+		- directory ʰ
+
+	ʰ Some pags redirect to http
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- selfservice.wokingham.gov.uk
+		- www.wokingham.gov.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Wokingham.gov.uk (partial)" default_off="failed ruleset test">
+
+	<target host="wokingham.gov.uk" />
+	<target host="booking.wokingham.gov.uk" />
+	<target host="buspass.wokingham.gov.uk" />
+	<target host="directory.wokingham.gov.uk" />
+	<target host="schoolsonline.wokingham.gov.uk" />
+	<target host="selfservice.wokingham.gov.uk" />
+	<target host="www.wokingham.gov.uk" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://(?:www\.)?wokingham\.gov\.uk/(?:$|a-to-z/$|contact-us/sign-up-manage-text-and-email-alerts/$)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://(?:www\.)?wokingham\.gov\.uk/(?!/*(?:contact(?:-u)?s/*(?:$|\?)|[Ee]asy[Ss]ite[Ww]eb/))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://www.wokingham.gov.uk/a-to-z/" />
+			<test url="http://www.wokingham.gov.uk/benefits/" />
+			<test url="http://www.wokingham.gov.uk/boroughnews" />
+			<test url="http://www.wokingham.gov.uk/communitytrigger" />
+			<test url="http://www.wokingham.gov.uk/contact-us/sign-up-manage-text-and-email-alerts/" />
+			<test url="http://www.wokingham.gov.uk/housing" />
+			<test url="http://www.wokingham.gov.uk/maps/" />
+
+			<!--	-ve:
+					-->
+			<test url="http://wokingham.gov.uk/EasySiteWeb/EasySite/StyleData/Wokingham_Page_2014/CSS/EasySite_FF.css" />
+			<test url="http://www.wokingham.gov.uk/EasySiteWeb/style/faux/css/ux.net.css" />
+			<test url="http://www.wokingham.gov.uk/EasysiteWeb/getresource.axd?AssetID=365071&amp;type=full&amp;servicetype=Inline" />
+			<test url="http://www.wokingham.gov.uk/contacts/" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://directory\.wokingham\.gov\.uk/(?:$|kb5/wokingham/directory/home\.page)" /-->
+		<!--
+			Exceptions:
+					-->
+		<exclusion pattern="^http://directory\.wokingham\.gov\.uk/(?!/*kb5/wokingham/directory/(?:assets/|sign_in\.page))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://directory.wokingham.gov.uk/kb5/wokingham/directory/app.proxy" />
+			<test url="http://directory.wokingham.gov.uk/kb5/wokingham/directory/home.page" />
+			<test url="http://directory.wokingham.gov.uk/kb5/wokingham/directory/whats_on.page" />
+
+			<!--	-ve:
+					-->
+			<test url="http://directory.wokingham.gov.uk/kb5/wokingham/directory/assets/css/print.min.css" />
+			<test url="http://directory.wokingham.gov.uk/kb5/wokingham/directory/assets/images/presence/close.png" />
+			<test url="http://directory.wokingham.gov.uk/kb5/wokingham/directory/sign_in.page" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^selfservice\.wokingham\.gov\.uk$" name="^anonprofile$" /-->
+	<!--securecookie host="^www\.wokingham\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^(?!directory\.|www\.)\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/wolfbeast.com.xml b/src/chrome/content/rules/wolfbeast.com.xml
new file mode 100644
index 000000000000..d5e433eba64a
--- /dev/null
+++ b/src/chrome/content/rules/wolfbeast.com.xml
@@ -0,0 +1,19 @@
+<!--
+	Invalid certificate:
+		abws-server02.wolfbeast.com
+		postkantoor.wolfbeast.com
+		webmail.wolfbeast.com
+
+	Refused:
+		localhost.wolfbeast.com
+
+	Unreachable:
+		coh.wolfbeast.com
+-->
+<ruleset name="wolfbeast.com">
+	<target host="wolfbeast.com" />
+	<target host="www.wolfbeast.com" />
+
+	<rule from="^http://wolfbeast\.com/" to="https://www.wolfbeast.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/wolfssl.com.xml b/src/chrome/content/rules/wolfssl.com.xml
new file mode 100644
index 000000000000..71b73f39af0b
--- /dev/null
+++ b/src/chrome/content/rules/wolfssl.com.xml
@@ -0,0 +1,5 @@
+<ruleset name="wolfssl.com">
+	<target host="wolfssl.com" />
+	<target host="www.wolfssl.com" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/wondershare.com-falsemixed.xml b/src/chrome/content/rules/wondershare.com-falsemixed.xml
new file mode 100644
index 000000000000..9a615a8e507d
--- /dev/null
+++ b/src/chrome/content/rules/wondershare.com-falsemixed.xml
@@ -0,0 +1,19 @@
+<!--
+	For rules not causing false/broken MCB, see wondershare.com.xml.
+
+
+	NB: see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Wondershare.com (false MCB)" platform="mixedcontent">
+
+	<target host="my.wondershare.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/wondershare.com.xml b/src/chrome/content/rules/wondershare.com.xml
new file mode 100644
index 000000000000..6eef82241dd2
--- /dev/null
+++ b/src/chrome/content/rules/wondershare.com.xml
@@ -0,0 +1,77 @@
+<!--
+	For rules causing false/broken MCB, see wondershare.com-falsemixed.xml.
+
+
+	Nonfunctional hosts in *wondershare.com:
+
+		- filmora ʰ
+		- mobilego ʰ
+		- nl ʰ
+		- images.nl ³
+		- ru ʰ
+		- images.ru ⁴
+		- support ʰ
+
+	³ 403
+	⁴ 404
+	ʰ Redirects to http
+
+
+	Problematic hosts in *wondershare.com:
+
+		- download ᴬ
+		- my ˣ
+
+	ᴬ Akamai / mismatched
+	ˣ Mixed css, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- my.wondershare.com
+		- store.wondershare.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css, on:
+
+			- my from fonts.googleapis.com ˢ
+			- my from $self ˢ
+
+		- Images, on:
+
+			- my from images.wondershare.com ˢ
+			- my from $self ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Wondershare.com (partial)">
+
+	<target host="wondershare.com" />
+	<target host="datarecovery.wondershare.com" />
+	<target host="images.wondershare.com" />
+	<!--target host="my.wondershare.com" /-->
+	<target host="pdf.wondershare.com" />
+	<target host="pdfimages.wondershare.com" />
+	<target host="www.wondershare.com" />
+
+		<test url="http://images.wondershare.com/styles/images/new_23.png" />
+		<test url="http://pdfimages.wondershare.com/style/images/icon_arrow_yw.png" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^my\.wondershare\.com$" name="^PHPSESSID$" /-->
+	<!--securecookie host="^store\.wondershare\.com$" name="^(?:PHPSESSID|USD\[cart_code\])$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/woodlandtrust.org.uk.xml b/src/chrome/content/rules/woodlandtrust.org.uk.xml
new file mode 100644
index 000000000000..d5c83c3238c0
--- /dev/null
+++ b/src/chrome/content/rules/woodlandtrust.org.uk.xml
@@ -0,0 +1,14 @@
+<ruleset name="Woodland Trust.org.uk">
+
+	<target host="woodlandtrust.org.uk" />
+	<target host="www.woodlandtrust.org.uk" />
+
+
+	<securecookie host="^\." name="^_ga" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/worcestershire.gov.uk.xml b/src/chrome/content/rules/worcestershire.gov.uk.xml
new file mode 100644
index 000000000000..f7c35a47d023
--- /dev/null
+++ b/src/chrome/content/rules/worcestershire.gov.uk.xml
@@ -0,0 +1,23 @@
+<!--
+	For other UK government coverage, see GOV.UK.xml.
+
+	Non-functional hosts
+		Timeout was reached:
+		- atlas.worcestershire.gov.uk
+		- public.worcestershire.gov.uk
+
+		SSL connect error:
+		- e-services.worcestershire.gov.uk
+
+		Incomplete certificate chain error:
+		- capublic.worcestershire.gov.uk
+-->
+<ruleset name="worcestershire.gov.uk (partial)">
+	<target host="worcestershire.gov.uk" />
+	<target host="emsi.worcestershire.gov.uk" />
+	<target host="gis.worcestershire.gov.uk" />
+	<target host="www.worcestershire.gov.uk" />
+	<target host="ylyc.worcestershire.gov.uk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/word.camera.xml b/src/chrome/content/rules/word.camera.xml
new file mode 100644
index 000000000000..7ef0c50b4a3a
--- /dev/null
+++ b/src/chrome/content/rules/word.camera.xml
@@ -0,0 +1,18 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://word.camera/ => https://word.camera/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.word.camera/ => https://word.camera/: (28, 'Connection timed out after 20000 milliseconds')
+
+-->
+<ruleset name="word.camera" default_off="failed ruleset test">
+	<target host=    "word.camera" />
+	<target host="www.word.camera" />
+
+	<!-- hostname mismatch -->
+	<rule from="^http://www\.word\.camera/"
+		to="https://word.camera/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/wordreference.com.xml b/src/chrome/content/rules/wordreference.com.xml
new file mode 100644
index 000000000000..78f278e4c536
--- /dev/null
+++ b/src/chrome/content/rules/wordreference.com.xml
@@ -0,0 +1,19 @@
+<!--
+	Refused:
+		wordreference.com
+-->
+<ruleset name="wordreference.com">
+	<target host="wordreference.com" />
+	<target host="www.wordreference.com" />
+	<target host="www2.wordreference.com" />
+	<target host="cdn77f.wordreference.com" />
+	<target host="daily.wordreference.com" />
+	<target host="forum.wordreference.com" />
+	<target host="lists.wordreference.com" />
+
+	<rule from="^http://wordreference\.com/"
+		to="https://www.wordreference.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/workaround.ch.xml b/src/chrome/content/rules/workaround.ch.xml
new file mode 100644
index 000000000000..1cb9396caff9
--- /dev/null
+++ b/src/chrome/content/rules/workaround.ch.xml
@@ -0,0 +1,8 @@
+<!--bitflu. refused
+slackintosh. self signed-->
+<ruleset name="workaround.ch">
+	<target host="workaround.ch" />
+	<target host="www.workaround.ch" />
+	<target host="piggeldy.workaround.ch" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/workingatbooking.com.xml b/src/chrome/content/rules/workingatbooking.com.xml
new file mode 100644
index 000000000000..03b12024ec23
--- /dev/null
+++ b/src/chrome/content/rules/workingatbooking.com.xml
@@ -0,0 +1,18 @@
+<!--
+	For other Booking.com coverage, see Booking.com.xml.
+
+-->
+<ruleset name="Working at Booking.com">
+
+	<target host="workingatbooking.com" />
+	<target host="www.workingatbooking.com" />
+
+
+	<securecookie host="^\." name="^_ga" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/worksmart.org.uk.xml b/src/chrome/content/rules/worksmart.org.uk.xml
new file mode 100644
index 000000000000..365da74159a3
--- /dev/null
+++ b/src/chrome/content/rules/worksmart.org.uk.xml
@@ -0,0 +1,13 @@
+<ruleset name="worksmart.org.uk">
+
+	<target host="worksmart.org.uk" />
+	<target host="www.worksmart.org.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/workzonesafety.org.xml b/src/chrome/content/rules/workzonesafety.org.xml
new file mode 100644
index 000000000000..9cf8d9bdf5e5
--- /dev/null
+++ b/src/chrome/content/rules/workzonesafety.org.xml
@@ -0,0 +1,13 @@
+<ruleset name="Work Zone Safety.org">
+
+	<target host="workzonesafety.org" />
+	<target host="www.workzonesafety.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/world-airport-codes.com.xml b/src/chrome/content/rules/world-airport-codes.com.xml
new file mode 100644
index 000000000000..a51052e854ef
--- /dev/null
+++ b/src/chrome/content/rules/world-airport-codes.com.xml
@@ -0,0 +1,19 @@
+<!--
+	Mixed content:
+
+		- Images from $self
+
+-->
+<ruleset name="World-Airport-Codes.com">
+
+	<target host="world-airport-codes.com" />
+	<target host="www.world-airport-codes.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/world-lotteries.org.xml b/src/chrome/content/rules/world-lotteries.org.xml
new file mode 100644
index 000000000000..027fb4225d56
--- /dev/null
+++ b/src/chrome/content/rules/world-lotteries.org.xml
@@ -0,0 +1,27 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- world-lotteries.org
+		- www.world-lotteries.org
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="World-Lotteries.org">
+
+	<target host="world-lotteries.org" />
+	<target host="contacts.world-lotteries.org" />
+	<target host="www.world-lotteries.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?world-lotteries\.org$" name="^(?:[\da-f]{32}|jfcookie\[lang\])$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/worldofplayers.de.xml b/src/chrome/content/rules/worldofplayers.de.xml
new file mode 100644
index 000000000000..c901c1eb0a31
--- /dev/null
+++ b/src/chrome/content/rules/worldofplayers.de.xml
@@ -0,0 +1,27 @@
+<!--
+	*.worldofplayers.de has a wildcard DNS Record
+
+	Invalid Certificate:
+	acropolis.worldofplayers.de
+	dlord.worldofplayers.de
+	dragonage.worldofplayers.de
+	farcry.worldofplayers.de
+	forenarchiv.worldofplayers.de
+	lego.worldofplayers.de
+	messiah.worldofplayers.de
+	rpb.worldofplayers.de
+	witcher.worldofplayers.de
+	wogen.worldofplayers.de
+	wotor.worldofplayers.de
+
+-->
+<ruleset name="World of Players (partial)">
+
+	<target host="worldofplayers.de" />
+	<target host="www.worldofplayers.de" />
+	<target host="forum.worldofplayers.de" />
+	<target host="upload.worldofplayers.de" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/worldofspectrum.org.xml b/src/chrome/content/rules/worldofspectrum.org.xml
new file mode 100644
index 000000000000..6d50695cef7e
--- /dev/null
+++ b/src/chrome/content/rules/worldofspectrum.org.xml
@@ -0,0 +1,21 @@
+<ruleset name="worldofspectrum.org">
+	<target host="worldofspectrum.org" />
+	<target host="www.worldofspectrum.org" />
+	<target host="agd.worldofspectrum.org" />
+	<target host="www.agd.worldofspectrum.org" />
+	<target host="cpanel.worldofspectrum.org" />
+	<target host="dev.worldofspectrum.org" />
+	<target host="www.dev.worldofspectrum.org" />
+	<target host="live.worldofspectrum.org" />
+	<target host="www.live.worldofspectrum.org" />
+	<target host="live2.worldofspectrum.org" />
+	<target host="www.live2.worldofspectrum.org" />
+	<target host="tipshop.worldofspectrum.org" />
+	<target host="www.tipshop.worldofspectrum.org" />
+	<target host="tipshop2.worldofspectrum.org" />
+	<target host="www.tipshop2.worldofspectrum.org" />
+	<target host="webdisk.worldofspectrum.org" />
+	<target host="webmail.worldofspectrum.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/worldsoffun.com.xml b/src/chrome/content/rules/worldsoffun.com.xml
new file mode 100644
index 000000000000..f619bfda8a7c
--- /dev/null
+++ b/src/chrome/content/rules/worldsoffun.com.xml
@@ -0,0 +1,17 @@
+<!--
+	This domain uses a wildcard DNS record.
+-->
+<ruleset name="Worlds of Fun">
+
+	<target host="worldsoffun.com" />
+	<target host="www.worldsoffun.com" />
+	<target host="dance.worldsoffun.com" />
+	<target host="festival.worldsoffun.com" />
+	<target host="lodging.worldsoffun.com" />
+	<target host="reservations.worldsoffun.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/wormly.com.xml b/src/chrome/content/rules/wormly.com.xml
new file mode 100644
index 000000000000..c59a913487b0
--- /dev/null
+++ b/src/chrome/content/rules/wormly.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="wormly.com">
+	<target host="wormly.com" />
+	<target host="www.wormly.com" />
+	<target host="blog.wormly.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/wpa_supplicant.xml b/src/chrome/content/rules/wpa_supplicant.xml
index 7a0007a18af6..a8da8ab7af8a 100644
--- a/src/chrome/content/rules/wpa_supplicant.xml
+++ b/src/chrome/content/rules/wpa_supplicant.xml
@@ -1,8 +1,7 @@
-<ruleset name="wpa_supplicant" default_off="self-signed">
+<ruleset name="wpa_supplicant" default_off="broken">
 
 	<target host="hostap.epitest.fi"/>
 
-	<rule from="^http://hostap\.epitest\.fi/"
-		to="https://hostap.epitest.fi/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/wpimg.pl.xml b/src/chrome/content/rules/wpimg.pl.xml
new file mode 100644
index 000000000000..e82315df938c
--- /dev/null
+++ b/src/chrome/content/rules/wpimg.pl.xml
@@ -0,0 +1,49 @@
+<!--
+	For other Wirtualna Polska coverage, see WP.pl.xml.
+
+
+	Nonfunctional hosts in *wpimg.pl:
+
+		- d ʳ
+
+	ʳ Refused
+
+
+	Problematic hosts in *wpimg.pl:
+
+		- b ᵐ
+		- c ᵐ
+		- money ᵐ
+
+	ᵐ Mismatched
+
+-->
+<ruleset name="WPimg.pl (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="a.wpimg.pl" />
+	<target host="i.wpimg.pl" />
+	<target host="j.wpimg.pl" />
+	<target host="x.wpimg.pl" />
+	<target host="y.wpimg.pl" />
+
+	<!--	Complications:
+				-->
+	<target host="b.wpimg.pl" />
+	<target host="c.wpimg.pl" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://b\.wpimg\.pl/"
+		to="https://a.wpimg.pl/" />
+
+	<rule from="^http://c\.wpimg\.pl/"
+		to="https://i.wp.pl/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/wpitchoune.net.xml b/src/chrome/content/rules/wpitchoune.net.xml
new file mode 100644
index 000000000000..1b420aaf9d17
--- /dev/null
+++ b/src/chrome/content/rules/wpitchoune.net.xml
@@ -0,0 +1,34 @@
+<!--
+	Invalid certificate:
+		cloud.wpitchoune.net
+		home.wpitchoune.net
+		kb.wpitchoune.net
+		lumosesport.wpitchoune.net
+		mail.wpitchoune.net
+		monitoring.wpitchoune.net
+		news.wpitchoune.net
+		news2.wpitchoune.net
+		photos-test.wpitchoune.net
+		photos-webdav.wpitchoune.net
+		radio.wpitchoune.net
+		webdav.wpitchoune.net
+		webmail.wpitchoune.net
+
+	Refused:
+		blog.wpitchoune.net
+		imap.wpitchoune.net
+		pop.wpitchoune.net
+		smtp.wpitchoune.net
+-->
+<ruleset name="wpitchoune.net">
+	<target host="wpitchoune.net" />
+	<target host="www.wpitchoune.net" />
+	<target host="bookmark.wpitchoune.net" />
+	<target host="git.wpitchoune.net" />
+	<target host="photos.wpitchoune.net" />
+	<target host="test.wpitchoune.net" />
+	<target host="vietvodao.wpitchoune.net" />
+
+	<rule from="^http://www\.wpitchoune\.net/" to="https://wpitchoune.net/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/writtenchinese.com.xml b/src/chrome/content/rules/writtenchinese.com.xml
new file mode 100644
index 000000000000..761b5493a271
--- /dev/null
+++ b/src/chrome/content/rules/writtenchinese.com.xml
@@ -0,0 +1,48 @@
+<!--
+	^writtenchinese.com: Refused
+
+
+	Insecure cookies are set for these hosts:
+
+		- dictionary.writtenchinese.com
+
+
+	Mixed content:
+
+		- css on dictionary from fonts.googleapis.com ˢ
+
+		- Images, on:
+
+			- www from writtenchinese.com ˢ
+			- www from www.writtenchinese.com ˢ
+			- www from writtenchinese.staging.wpengine.com
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Written Chinese.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="dictionary.writtenchinese.com" />
+	<target host="www.writtenchinese.com" />
+
+	<!--	Complications:
+				-->
+	<target host="writtenchinese.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^dictionary\.writtenchinese\.com$" name="^JSESSIONID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://writtenchinese\.com/"
+		to="https://www.writtenchinese.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/wrzru.xml b/src/chrome/content/rules/wrzru.xml
index 3dcc50d167bb..27e47a49ba38 100644
--- a/src/chrome/content/rules/wrzru.xml
+++ b/src/chrome/content/rules/wrzru.xml
@@ -1,9 +1,13 @@
-<ruleset name="WRZRU">
+<!--
+	(www.)?: Mismatched, CN: www.foscam-bg.com
+
+-->
+<ruleset name="WRZRU.com" default_off="mismatched">
 
 	<target host="wrzru.com" />
-	<target host="*.wrzru.com" />
+	<target host="www.wrzru.com" />
 
-	<rule from="^http://(?:bt\.|www\.)?wrzru\.com/"
-		to="https://bt.wrzru.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/www.bankia.es.xml b/src/chrome/content/rules/www.bankia.es.xml
new file mode 100644
index 000000000000..09b3ddfb2d0c
--- /dev/null
+++ b/src/chrome/content/rules/www.bankia.es.xml
@@ -0,0 +1,6 @@
+<ruleset name="bankia.es">
+  <target host="bankia.es" />
+  <target host="www.bankia.es" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/www.decathlon.es.xml b/src/chrome/content/rules/www.decathlon.es.xml
new file mode 100644
index 000000000000..0c7239667971
--- /dev/null
+++ b/src/chrome/content/rules/www.decathlon.es.xml
@@ -0,0 +1,6 @@
+<ruleset name="www.decathlon.es">
+  <target host="decathlon.es" />
+  <target host="www.decathlon.es" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/www.inet.no.xml b/src/chrome/content/rules/www.inet.no.xml
new file mode 100644
index 000000000000..de4eed1ddf2b
--- /dev/null
+++ b/src/chrome/content/rules/www.inet.no.xml
@@ -0,0 +1,8 @@
+<ruleset name="www.inet.no">
+	<target host="www.inet.no" />
+	<!-- non-functional
+	<target host="larsen.inet.no" />
+	<target host="tahi.inet.no" />
+	-->
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/www.jobandtalent.com.xml b/src/chrome/content/rules/www.jobandtalent.com.xml
new file mode 100644
index 000000000000..872a05b8f0b1
--- /dev/null
+++ b/src/chrome/content/rules/www.jobandtalent.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="jobandtalent.com">
+  <target host="jobandtalent.com" />
+  <target host="www.jobandtalent.com" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/www.mediamarkt.es.xml b/src/chrome/content/rules/www.mediamarkt.es.xml
new file mode 100644
index 000000000000..aae6c1f75baf
--- /dev/null
+++ b/src/chrome/content/rules/www.mediamarkt.es.xml
@@ -0,0 +1,6 @@
+<ruleset name="mediamarkt.es">
+  <target host="mediamarkt.es" />
+  <target host="www.mediamarkt.es" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/www.pepephone.com.xml b/src/chrome/content/rules/www.pepephone.com.xml
new file mode 100644
index 000000000000..f97cb4eb78a9
--- /dev/null
+++ b/src/chrome/content/rules/www.pepephone.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="pepephone.com">
+  <target host="pepephone.com" />
+  <target host="www.pepephone.com" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/www.tecgraf.puc-rio.br.xml b/src/chrome/content/rules/www.tecgraf.puc-rio.br.xml
new file mode 100644
index 000000000000..fb696f136348
--- /dev/null
+++ b/src/chrome/content/rules/www.tecgraf.puc-rio.br.xml
@@ -0,0 +1,4 @@
+<ruleset name="www.tecgraf.puc-rio.br">
+	<target host="www.tecgraf.puc-rio.br" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/www.zaragoza.es.xml b/src/chrome/content/rules/www.zaragoza.es.xml
new file mode 100644
index 000000000000..4023c4c4e496
--- /dev/null
+++ b/src/chrome/content/rules/www.zaragoza.es.xml
@@ -0,0 +1,6 @@
+<ruleset name="zaragoza.es">
+  <target host="zaragoza.es" />
+  <target host="www.zaragoza.es" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/wwwpromoter.com.xml b/src/chrome/content/rules/wwwpromoter.com.xml
new file mode 100644
index 000000000000..168b40c61ff6
--- /dev/null
+++ b/src/chrome/content/rules/wwwpromoter.com.xml
@@ -0,0 +1,35 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- creative.wwwpromoter.com
+		- login.wwwpromoter.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="WWWPromoter.com">
+
+	<target host="wwwpromoter.com" />
+	<target host="cdn.wwwpromoter.com" />
+	<target host="creative.wwwpromoter.com" />
+	<target host="login.wwwpromoter.com" />
+	<target host="www.wwwpromoter.com" />
+
+		<!--	Sets cookie without Secure:
+							-->
+		<!--test url="http://creative.wwwpromoter.com/260?d=POP" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^creative\.wwwpromoter\.com$" name="^wd$" /-->
+	<!--securecookie host="^login\.wwwpromoter\.com$" name="^(?:_csrf_token|session)$" /-->
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/wxwidgets.org.xml b/src/chrome/content/rules/wxwidgets.org.xml
new file mode 100644
index 000000000000..b9ffa1f3d56b
--- /dev/null
+++ b/src/chrome/content/rules/wxwidgets.org.xml
@@ -0,0 +1,31 @@
+<!--
+	Nonfunctional hosts in *wxwidgets.org:
+
+		- docs ʳ
+		- trac ᵇ
+
+	ᵇ "Under Construction"
+	ʳ Refused
+
+
+	These altnames don't exist:
+
+		- www.forums.wxwidgets.org
+		- www.wiki.wxwidgets.org
+
+-->
+<ruleset name="wxWidgets.org (partial)">
+
+	<target host="wxwidgets.org" />
+	<target host="forums.wxwidgets.org" />
+	<target host="wiki.wxwidgets.org" />
+	<target host="www.wxwidgets.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/wychavon.gov.uk.xml b/src/chrome/content/rules/wychavon.gov.uk.xml
new file mode 100644
index 000000000000..8a72e3617261
--- /dev/null
+++ b/src/chrome/content/rules/wychavon.gov.uk.xml
@@ -0,0 +1,35 @@
+<!--
+	Wychavon District Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Nonfunctional hosts in *wychavon.gov.uk:
+
+		- beta ʳ
+		- wam ᵈ
+		- www ʳ
+
+	ᵈ Dropped
+	ʳ Refused
+
+
+	^wychavon.gov.uk does not exist.
+
+-->
+<ruleset name="Wychavon.gov.uk (partial)">
+
+	<target host="payments.wychavon.gov.uk" />
+
+		<!--	$ 403s, so:
+					-->
+		<test url="http://payments.wychavon.gov.uk/payments/" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/wylsa.com.xml b/src/chrome/content/rules/wylsa.com.xml
new file mode 100644
index 000000000000..d7f23650b59e
--- /dev/null
+++ b/src/chrome/content/rules/wylsa.com.xml
@@ -0,0 +1,11 @@
+<!--
+blog.wylsa.com ¹
+
+
+¹ mismatch
+-->
+<ruleset name="wylsa.com">
+	<target host="wylsa.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/wyre.gov.uk.xml b/src/chrome/content/rules/wyre.gov.uk.xml
new file mode 100644
index 000000000000..97a27189d9ef
--- /dev/null
+++ b/src/chrome/content/rules/wyre.gov.uk.xml
@@ -0,0 +1,57 @@
+<!--
+	Wyre Borough Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	Problematic hosts in *wyre.gov.uk:
+
+		- consult ᵐ
+
+	ᵐ Mismatched
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- wyre.gov.uk
+		- www.wyre.gov.uk
+		- .www.wyre.gov.uk
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Images on (www.)? from www.wyre.gov.uk ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Wyre.gov.uk">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="wyre.gov.uk" />
+	<target host="www.wyre.gov.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="consult.wyre.gov.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?wyre\.gov\.uk$" name="^\w{16}$" /-->
+	<!--securecookie host="^\.www\.wyre\.gov\.uk$" name="^TestCookie$" /-->
+
+	<securecookie host="^\.www\." name=".+" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://consult\.wyre\.gov\.uk/"
+		to="https://wyrebc-consult.objective.co.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/wyreforestdc.gov.uk.xml b/src/chrome/content/rules/wyreforestdc.gov.uk.xml
new file mode 100644
index 000000000000..252a5fb4eafa
--- /dev/null
+++ b/src/chrome/content/rules/wyreforestdc.gov.uk.xml
@@ -0,0 +1,42 @@
+<!--
+	Wyre Forest District Council
+
+	For other UK government coverage, see GOV.UK.xml.
+
+	Non-functional hosts
+		Couldn't connect to server:
+			 - assist.wyreforestdc.gov.uk
+			 - gemini.wyreforestdc.gov.uk
+			 - npa.wyreforestdc.gov.uk
+
+		Timeout was reached:
+			 - wyreforestdc.gov.uk
+			 - www.wyreforestdc.gov.uk
+			 - mail.wyreforestdc.gov.uk
+			 - mail2.wyreforestdc.gov.uk
+			 - radish.wyreforestdc.gov.uk
+
+		SSL peer certificate was not OK:
+			 - apps.wyreforestdc.gov.uk
+			 - ns.wyreforestdc.gov.uk
+
+		Peer certificate cannot be authenticated with given CA certificates:
+			 - isth.wyreforestdc.gov.uk
+			 - portal.wyreforestdc.gov.uk
+			 - ras.wyreforestdc.gov.uk
+			 - rashq.wyreforestdc.gov.uk
+			 - webmail.wyreforestdc.gov.uk
+
+		Incomplete certificate chain error:
+			 - ishq.wyreforestdc.gov.uk
+			 - remote.wyreforestdc.gov.uk
+-->
+<ruleset name="Wyre Forest DC.gov.uk (partial)">
+	<target host="mytaxandbenefits.wyreforestdc.gov.uk" />
+	<target host="rasth.wyreforestdc.gov.uk" />
+	<target host="share.wyreforestdc.gov.uk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/wz2100.net.xml b/src/chrome/content/rules/wz2100.net.xml
new file mode 100644
index 000000000000..195c20200343
--- /dev/null
+++ b/src/chrome/content/rules/wz2100.net.xml
@@ -0,0 +1,48 @@
+<!--
+	Invalid certificate:
+		2100www.wz2100.net
+		2www.wz2100.net
+		aaa.wz2100.net
+		account.wz2100.net
+		addon.wz2100.net
+		www.addon.wz2100.net
+		awww.wz2100.net
+		blog.wz2100.net
+		bwiki.wz2100.net
+		docs.wz2100.net
+		files.wz2100.net
+		forum.wz2100.net
+		guide.wz2100.net
+		lab.wz2100.net
+		mail.wz2100.net
+		site.wz2100.net
+		srvvm1.wz2100.net
+		stats.wz2100.net
+		trac.wz2100.net
+		wiki.wz2100.net
+		wzhost.wz2100.net
+
+	Unreachable:
+		warhost.wz2100.net
+-->
+<ruleset name="wz2100.net">
+	<target host="wz2100.net" />
+	<target host="www.wz2100.net" />
+	<target host="addons.wz2100.net" />
+	<target host="betaguide.wz2100.net" />
+	<target host="buildbot.wz2100.net" />
+	<target host="data.wz2100.net" />
+	<target host="developer.wz2100.net" />
+	<target host="donations.wz2100.net" />
+	<target host="down.wz2100.net" />
+	<target host="forums.wz2100.net" />
+	<target host="gamecheck.wz2100.net" />
+	<target host="lobby.wz2100.net" />
+	<target host="logsite.wz2100.net" />
+	<target host="phppgadmin.wz2100.net" />
+	<target host="static.wz2100.net" />
+	<target host="status.wz2100.net" />
+	<target host="translate.wz2100.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/x-plarium.com.xml b/src/chrome/content/rules/x-plarium.com.xml
new file mode 100644
index 000000000000..ad48583e069c
--- /dev/null
+++ b/src/chrome/content/rules/x-plarium.com.xml
@@ -0,0 +1,16 @@
+<ruleset name="x-Plarium.com">
+
+	<target host="cdn01.x-plarium.com" />
+	<target host="static.x-plarium.com" />
+
+		<test url="http://cdn01.x-plarium.com/browser/content/forum/common/logotypes/plarium_logo_47_32_white.png" />
+		<test url="http://static.x-plarium.com/browser/canvas/pp/86/styles/main.css" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/x-ways.net.xml b/src/chrome/content/rules/x-ways.net.xml
new file mode 100644
index 000000000000..cd0d645afc5d
--- /dev/null
+++ b/src/chrome/content/rules/x-ways.net.xml
@@ -0,0 +1,10 @@
+<!--
+	Time out:
+		ftp.x-ways.net
+-->
+<ruleset name="x-ways.net">
+	<target host="x-ways.net" />
+	<target host="www.x-ways.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/x.ai.xml b/src/chrome/content/rules/x.ai.xml
new file mode 100644
index 000000000000..80404cc5d68a
--- /dev/null
+++ b/src/chrome/content/rules/x.ai.xml
@@ -0,0 +1,14 @@
+<!--
+	Timeout:
+		dev.x.ai
+-->
+<ruleset name="x.ai">
+	<target host="x.ai" />
+	<target host="www.x.ai" />
+	<target host="cdn.x.ai" />
+	<target host="my.x.ai" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/x360ce.com.xml b/src/chrome/content/rules/x360ce.com.xml
new file mode 100644
index 000000000000..32569540740b
--- /dev/null
+++ b/src/chrome/content/rules/x360ce.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="x360ce.com">
+	<target host="x360ce.com" />
+	<target host="www.x360ce.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/xServers-mirrors.xml b/src/chrome/content/rules/xServers-mirrors.xml
deleted file mode 100644
index da51eb9aa9b2..000000000000
--- a/src/chrome/content/rules/xServers-mirrors.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="xServers mirrors" default_off="self-signed">
-
-<!--	/mirrors. is self-signed, see also xServers.xml --> 
-
-	<target host="mirrors.xservers.ro" />
-
-	<rule from="^http://mirrors\.xservers\.ro/"
-		to="https://mirrors.xservers.ro/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/xServers.xml b/src/chrome/content/rules/xServers.xml
index 9bc3b29427ba..14d19db3a273 100644
--- a/src/chrome/content/rules/xServers.xml
+++ b/src/chrome/content/rules/xServers.xml
@@ -1,12 +1,26 @@
-<ruleset name="xServers">
+<!--
 
-<!--	xservers.com doesn't work - record is too long
-	See xServers-mirrors.xml for self-signed free software mirror -->
+
+	Nonfunctional subdomains:
+
+		- blog ¹
+		- mirrors ²
+		- www ³
+
+	¹ Shows www
+	² Refused
+	³ Redirects to http
+
+-->
+<ruleset name="xServers (partial)">
 
 	<target host="xservers.ro" />
-	<target host="www.xservers.ro" />
+	<!--target host="www.xservers.ro" /-->
+		<!--
+			Redirects to http:
+						-->
+		<!--exclusion pattern="^http://www\.xservers\.ro/($|css/|favicon\.ico|hosting/|img/|servere-dedicate/|vps-servere-virtuale/)" /-->
 
-	<rule from="^http://(?:www\.)?xservers\.ro/"
-		to="https://xservers.ro/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/xael.org.xml b/src/chrome/content/rules/xael.org.xml
new file mode 100644
index 000000000000..4d4237822b00
--- /dev/null
+++ b/src/chrome/content/rules/xael.org.xml
@@ -0,0 +1,24 @@
+<!--
+	Invalid certificate:
+		vps3temp.xael.org
+
+	Refused:
+		vps4.xael.org
+
+	Time out:
+		www.xael.org
+		maison.xael.org
+		reader.xael.org
+		seafile.xael.org
+		stats.xael.org
+		vps.xael.org
+		vps2.xael.org
+		wiki.xael.org
+-->
+<ruleset name="xael.org">
+	<target host="xael.org" />
+	<target host="photos.xael.org" />
+	<target host="vps3.xael.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/xanmod.org.xml b/src/chrome/content/rules/xanmod.org.xml
new file mode 100644
index 000000000000..5fdb7857dad2
--- /dev/null
+++ b/src/chrome/content/rules/xanmod.org.xml
@@ -0,0 +1,25 @@
+<!--
+	Mixed content:
+
+		- css from fonts.googleapis.com ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="XanMod.org">
+
+	<target host="xanmod.org" />
+	<target host="www.xanmod.org" />
+
+		<!--	Mixed css:
+					-->
+		<!--test url="http://xanmod.org/forum/" /-->
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/xcelab.net.xml b/src/chrome/content/rules/xcelab.net.xml
new file mode 100644
index 000000000000..624f8c156987
--- /dev/null
+++ b/src/chrome/content/rules/xcelab.net.xml
@@ -0,0 +1,8 @@
+<ruleset name="xcelab.net">
+
+	<target host="xcelab.net" />
+	<target host="www.xcelab.net" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/xchange.cc.xml b/src/chrome/content/rules/xchange.cc.xml
new file mode 100644
index 000000000000..1c2afa60b4c2
--- /dev/null
+++ b/src/chrome/content/rules/xchange.cc.xml
@@ -0,0 +1,15 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://xchange.cc/ => https://xchange.cc/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.xchange.cc/ => https://www.xchange.cc/: (28, 'Operation timed out after 30006 milliseconds with 0 bytes received')
+Fetch error: http://support.xchange.cc/ => https://support.xchange.cc/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+-->
+<ruleset name="xchange.cc" default_off="failed ruleset test">
+	<target host="xchange.cc" />
+	<target host="www.xchange.cc" />
+	<target host="support.xchange.cc" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/xchange.is.xml b/src/chrome/content/rules/xchange.is.xml
new file mode 100644
index 000000000000..a639a48bdd7f
--- /dev/null
+++ b/src/chrome/content/rules/xchange.is.xml
@@ -0,0 +1,13 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://xchange.is/ => https://xchange.is/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.xchange.is/ => https://www.xchange.is/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+-->
+<ruleset name="xchange.is" default_off="failed ruleset test">
+	<target host="xchange.is" />
+	<target host="www.xchange.is" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/xda-cdn.com.xml b/src/chrome/content/rules/xda-cdn.com.xml
new file mode 100644
index 000000000000..1e156ed18ec3
--- /dev/null
+++ b/src/chrome/content/rules/xda-cdn.com.xml
@@ -0,0 +1,28 @@
+<!--
+	Related: XDA-Developers.com.xml
+
+	Mismatch:
+		^
+-->
+
+<ruleset name="xda-cdn.com">
+	<target host="forum.xda-cdn.com" />
+		<test url="http://forum.xda-cdn.com/images/icons/icon1.gif" />
+	<target host="forum-lw-1.xda-cdn.com" />
+		<test url="http://forum-lw-1.xda-cdn.com/images/leaseweb175x50.png" />
+	<target host="forum-lw-2.xda-cdn.com" />
+		<test url="http://forum-lw-2.xda-cdn.com/analytics.js" />
+	<target host="forum-lw-3.xda-cdn.com" />
+		<test url="http://forum-lw-3.xda-cdn.com/analytics.js" />
+	<target host="forum-lw-4.xda-cdn.com" />
+		<test url="http://forum-lw-4.xda-cdn.com/analytics.js" />
+	<target host="img.xda-cdn.com" />
+		<test url="http://img.xda-cdn.com/sG7JOLTRv7ziGu770rW-oJMIX7M=/330x165/smart/www.xda-developers.com/files/2016/12/teamwin-recovery-project-twrp-logo.jpg" />
+	<target host="labs-public-dl.xda-cdn.com" />
+		<test url="http://labs-public-dl.xda-cdn.com/screenshots/e5ed498e-77fe-4c4a-a5b7-05f5b7f93f48.png" />
+	<target host="www.xda-cdn.com" />
+	<target host="www1-lw.xda-cdn.com" />
+		<test url="http://www1-lw.xda-cdn.com/forum-links/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/xen.org.xml b/src/chrome/content/rules/xen.org.xml
new file mode 100644
index 000000000000..0c3eacbfcfbf
--- /dev/null
+++ b/src/chrome/content/rules/xen.org.xml
@@ -0,0 +1,28 @@
+<!--
+	For other Linux Foundation coverage, see LinuxFoundation.xml.
+
+
+	Nonfunctional hosts in *xen.org:
+
+		- (www.)? ᵃ
+
+	ᵃ Shows connection is not secure error
+
+-->
+<ruleset name="Xen.org (partial)">
+
+	<target host="blog.xen.org" />
+	<target host="downloads.xen.org" />
+	<target host="lists.xen.org" />
+	<target host="mail.xen.org" />
+	<target host="wiki.xen.org" />
+	<target host="xenbits.xen.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/xfinity.com.xml b/src/chrome/content/rules/xfinity.com.xml
new file mode 100644
index 000000000000..93d5f2f23888
--- /dev/null
+++ b/src/chrome/content/rules/xfinity.com.xml
@@ -0,0 +1,68 @@
+<!--
+	For other Comcast coverage, see Comcast.xml.
+
+	Nonfunctional hosts in *xfinity.com:
+
+		- constantguard ᵈ
+		- dns ᵈ
+		- games ᵈ
+		- networkmanagement ʳ
+		- parents ʳ
+		- speedtest ᵈ
+		- techfund ʳ
+		- hotspots.wifi ᵈ
+
+	ᵈ Dropped
+	ʳ Refused
+
+	Problematic hosts in *xfinity.com:
+
+		- my ²
+		- serviceo ³
+		- store ¹
+		- tvgo ²
+
+	¹ Redirects to 200 notfound.html
+	² Mismatched (akamai)
+	³ Mismatched (2o7.net)
+
+	Mixed content:
+
+		- Images, on:
+			- forums from i221.photobucket.com *
+			- www.stg from cdn.comcast.com *
+			- www.stg from $self *
+
+		- favicon on forums from www.xfinity.com *
+
+	* Secured by us
+-->
+
+<ruleset name="Xfinity.com (partial)">
+	<target host="customer.xfinity.com" />
+	<target host="es.xfinity.com" />
+	<target host="forums.xfinity.com" />
+	<target host="partner.xfinity.com" />
+	<target host="customer.pdc.prd.xfinity.com" />
+	<target host="www.pdc.prd.xfinity.com" />
+	<target host="referafriend.xfinity.com" />
+	<target host="secure.xfinity.com" />
+	<target host="securestore.xfinity.com" />
+	<target host="customer.stg.xfinity.com" />
+	<target host="www.stg.xfinity.com" />
+	<target host="wifi.xfinity.com" />
+	<target host="accesspass.wifi.xfinity.com" />
+	<target host="prov.wifi.xfinity.com" />
+	<target host="wifilogin.xfinity.com" />
+	<target host="www.xfinity.com" />
+	<target host="serviceo.xfinity.com" />
+	<target host="store.xfinity.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://serviceo\.xfinity\.com/" to="https://xfinity.112.2o7.net/" />
+
+	<rule from="^http://store\.xfinity\.com/" to="https://securestore.xfinity.com/" />
+
+	<rule from="^http:"	to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/xiala.net.xml b/src/chrome/content/rules/xiala.net.xml
new file mode 100644
index 000000000000..1027a94997fa
--- /dev/null
+++ b/src/chrome/content/rules/xiala.net.xml
@@ -0,0 +1,21 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://piwik.xiala.net/ => https://piwik.xiala.net/: (60, 'SSL certificate problem: certificate has expired')
+
+	(www.)?xiala.net: expired
+
+-->
+<ruleset name="xiala.net (partial)" default_off="failed ruleset test">
+
+	<target host="piwik.xiala.net" />
+	<target host="zimbra.xiala.net" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ximalaya.xml b/src/chrome/content/rules/ximalaya.xml
new file mode 100644
index 000000000000..e2bc836cd94a
--- /dev/null
+++ b/src/chrome/content/rules/ximalaya.xml
@@ -0,0 +1,17 @@
+<ruleset name="ximalaya">
+	<target host="ximalaya.com"/>
+	<target host="www.ximalaya.com"/>
+	<target host="adse.ximalaya.com"/>
+	<target host="m.ximalaya.com"/>
+	<target host="xdcs-collector.ximalaya.com"/>
+
+	<target host="www.xmcdn.com"/>
+		<test url="http://www.xmcdn.com/group52/M04/CE/5B/wKgLe1w2fDmAreolAC0NYmv-5MU988.m4a" />
+	<target host="audio.xmcdn.com"/>
+		<test url="http://audio.xmcdn.com/group52/M04/CE/5B/wKgLe1w2fDmAreolAC0NYmv-5MU988.m4a" />
+	<target host="fdfs.xmcdn.com"/>
+	<target host="imagev2.xmcdn.com"/>
+	<target host="s1.xmcdn.com"/>
+
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/xkcd.xml b/src/chrome/content/rules/xkcd.xml
index ae93f7ac149a..bc9f14d63138 100644
--- a/src/chrome/content/rules/xkcd.xml
+++ b/src/chrome/content/rules/xkcd.xml
@@ -1,73 +1,60 @@
 <!--
-	store-xkcd-com.myshopify.com
-
-
-	Nonfunctional xkcd.com subdomains:
-
-		- blag *
-		- blog *
-		- es *
-		- fora *
-		- forums *
-		- wiki *
-
-	* Refused
-
-
-	Problematic domains:
-
-		- (www.)store.xkcd.com		(redirects to http; mismatched, CN: *.myshopify.com)
-		- (www.)xkcd.org *
-		- m.xkcd.org *
-
-	* Works; mismatched, CN: *.xkcd.com
-
-
-	Fully covered domains:
-
-		- xkcd.com subdomains:
-
-			- (www.)
-			- 3d
-			- c0
-			- dynamic
-			- imgs
-			- m
-			- sslimgs
-			- (www.)store	(→ store-xkcd-com.myshopify.com)
-			- uni
-			- whatif
-			- what-if
-
-		- (www.)xkcd.org	(→ xkcd.com)
-		- m.xkcd.org		(→ m.xkcd.com)
-
-
-	Mixed content:
-
-		- Images, on:
-
-			- ^ from imgs *
-			- m from imgs *
-
-	* Secured by us, doesn't trip MCB
+	Invalid certificate:
+		aram.xkcd.com
+		es.xkcd.com
+		www.imgs.xkcd.com
+		origin.imgs.xkcd.com
+		www.store.xkcd.com
+		www.what-if.xkcd.com
+
+	Refused:
+		fora.xkcd.com
+		forums.xkcd.com
+		www.forums.xkcd.com
+		forums3.xkcd.com
+		wiki.xkcd.com
+		www.wiki.xkcd.com
 
 -->
 <ruleset name="xkcd">
 
 	<target host="xkcd.com" />
-	<target host="xkcd.org" />
-	<target host="*.xkcd.com" />
-	<target host="*.xkcd.org" />
+	<target host="www.xkcd.com" />
+	<target host="3d.xkcd.com" />
+	<target host="almamater.xkcd.com" />
+	<target host="blag.xkcd.com" />
+	<target host="blog.xkcd.com" />
+	<target host="c.xkcd.com" />
+	<target host="c0.xkcd.com" />
+	<target host="c1.xkcd.com" />
+	<target host="c2.xkcd.com" />
+	<target host="c3.xkcd.com" />
+	<target host="c4.xkcd.com" />
+	<target host="c5.xkcd.com" />
+	<target host="c6.xkcd.com" />
+	<target host="c7.xkcd.com" />
+	<target host="c8.xkcd.com" />
+	<target host="dynamic.xkcd.com" />
+	<target host="imgs.xkcd.com" />
+		<test url="http://imgs.xkcd.com/comics/hottest_editors.png" />
+	<target host="m.xkcd.com" />
+	<target host="sslimgs.xkcd.com" />
+		<test url="http://sslimgs.xkcd.com/comics/hottest_editors.png" />
+	<target host="store.xkcd.com" />
+	<target host="www.store.xkcd.com" />
+	<target host="uni.xkcd.com" />
+	<target host="whatif.xkcd.com" />
+	<target host="what-if.xkcd.com" />
+	<target host="xk3d.xkcd.com" />
 
+	<target host="xkcd.org" />
+	<target host="www.xkcd.org" />
+	<target host="m.xkcd.org" />
 
-	<rule from="^http://(www\.|m\.)?xkcd\.(?:com|org)/"
-		to="https://$1xkcd.com/" />
-
-	<rule from="^http://(3d|c0|dynamic|imgs|sslimgs|uni|what-?if)\.xkcd\.com/"
-		to="https://$1.xkcd.com/" />
+	<rule from="^http://www\.store\.xkcd\.com/"
+		to="https://store.xkcd.com/" />
 
-	<rule from="^http://(?:www\.)?store\.xkcd\.com/"
-		to="https://store-xkcd-com.myshopify.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/xlove.com.xml b/src/chrome/content/rules/xlove.com.xml
new file mode 100644
index 000000000000..ca73f32e05d4
--- /dev/null
+++ b/src/chrome/content/rules/xlove.com.xml
@@ -0,0 +1,31 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://xlove.com/ => https://xlove.com/: (51, "SSL: no alternative certificate subject name matches target host name 'xlove.com'")
+Fetch error: http://www.xlove.com/ => https://www.xlove.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.xlove.com'")
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- xlove.com
+		- www.xlove.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Xlove.com" default_off="failed ruleset test">
+
+	<target host="xlove.com" />
+	<target host="www.xlove.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?xlove\.com$" name="^(?:PHPSESSID|lang_suggest)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/xn--90aijkdmaud0d.xn--p1ai.xml b/src/chrome/content/rules/xn--90aijkdmaud0d.xn--p1ai.xml
new file mode 100644
index 000000000000..990f470f1151
--- /dev/null
+++ b/src/chrome/content/rules/xn--90aijkdmaud0d.xn--p1ai.xml
@@ -0,0 +1,10 @@
+<ruleset name="мособлеирц.рф" default_off="failed ruleset test">
+	<target host="xn--90aijkdmaud0d.xn--p1ai" />
+	<target host="www.xn--90aijkdmaud0d.xn--p1ai" />
+	<target host="xn--b1aoke0e.xn--90aijkdmaud0d.xn--p1ai" />
+	<target host="www.xn--b1aoke0e.xn--90aijkdmaud0d.xn--p1ai" />
+	<target host="xn--j1aab.xn--90aijkdmaud0d.xn--p1ai" />
+	<target host="www.xn--j1aab.xn--90aijkdmaud0d.xn--p1ai" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/xrllc.com.xml b/src/chrome/content/rules/xrllc.com.xml
new file mode 100644
index 000000000000..a132e1f5cd57
--- /dev/null
+++ b/src/chrome/content/rules/xrllc.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="XR LLC.com">
+
+	<target host="marketing.xrllc.com" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/xsport.ua.xml b/src/chrome/content/rules/xsport.ua.xml
new file mode 100644
index 000000000000..52de1092b495
--- /dev/null
+++ b/src/chrome/content/rules/xsport.ua.xml
@@ -0,0 +1,5 @@
+<ruleset name="xsport.ua">
+	<target host="xsport.ua" />
+	<target host="www.xsport.ua" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/xtremegunsandammo.com.xml b/src/chrome/content/rules/xtremegunsandammo.com.xml
new file mode 100644
index 000000000000..f4f3747bd6ab
--- /dev/null
+++ b/src/chrome/content/rules/xtremegunsandammo.com.xml
@@ -0,0 +1,31 @@
+<!--
+	NB: Server sends no certificate chain, see https://whatsmychaincert.com
+
+
+	Insecure cookies are set for these domains: ᶜ
+
+		- .xtremegunsandammo.com
+		- .www.xtremegunsandammo.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Xtreme Guns and Ammo.com" default_off="cert-chain">
+
+	<target host="xtremegunsandammo.com" />
+	<target host="www.xtremegunsandammo.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="\.(?:www\.)?xtremegunsandammo\.com$" name="^(?:external_no_cache|frontend)$" /-->
+
+	<securecookie host="^\." name="^(?:external_no_cache|frontend)$" />
+	<securecookie host="^\.www\." name=".+" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/xxxhubba.com.xml b/src/chrome/content/rules/xxxhubba.com.xml
new file mode 100644
index 000000000000..41b57572882e
--- /dev/null
+++ b/src/chrome/content/rules/xxxhubba.com.xml
@@ -0,0 +1,39 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- xxxhubba.com
+		- www.xxxhubba.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Images, from:
+
+			- s\d+.pixxxels.org ˢ
+			- img-egc.xvideos.com ˢ
+			- img-hw.xvideos.com ˢ
+			- img-l3.xvideos.com ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="XXX Hubba.com">
+
+	<target host="xxxhubba.com" />
+	<target host="www.xxxhubba.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?xxxhubba\.com$" name="^PHPSESSID$" /-->
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/xxxyours.com.xml b/src/chrome/content/rules/xxxyours.com.xml
new file mode 100644
index 000000000000..03a592f9c863
--- /dev/null
+++ b/src/chrome/content/rules/xxxyours.com.xml
@@ -0,0 +1,39 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://cdn-srv-public-c.xxxyours.com/files/thumbs/2016/06/19/39922b4e-ce9f-43d1-3b8f-13ac019a959f-384x216-3.jpg => https://cdn-srv-public-c.xxxyours.com/files/thumbs/2016/06/19/39922b4e-ce9f-43d1-3b8f-13ac019a959f-384x216-3.jpg: (6, 'Could not resolve host: cdn-srv-public-c.xxxyours.com')
+Fetch error: http://analytics.xxxyours.com/ => https://analytics.xxxyours.com/: (6, 'Could not resolve host: analytics.xxxyours.com')
+Fetch error: http://cdn-srv-public-c.xxxyours.com/ => https://cdn-srv-public-c.xxxyours.com/: (6, 'Could not resolve host: cdn-srv-public-c.xxxyours.com')
+Fetch error: http://srv44c.xxxyours.com/ => https://srv44c.xxxyours.com/: (6, 'Could not resolve host: srv44c.xxxyours.com')
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- xxxyours.com
+		- .xxxyours.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="xxxYours.com" default_off="failed ruleset test">
+
+	<target host="xxxyours.com" />
+	<target host="analytics.xxxyours.com" />
+	<target host="cdn-srv-public-c.xxxyours.com" />
+	<target host="srv44c.xxxyours.com" />
+	<target host="www.xxxyours.com" />
+
+		<test url="http://cdn-srv-public-c.xxxyours.com/files/thumbs/2016/06/19/39922b4e-ce9f-43d1-3b8f-13ac019a959f-384x216-3.jpg" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^xxxyours\.com$" name="^(?:XSRF-TOKEN|laravel_session)$" /-->
+	<!--securecookie host="^\.xxxyours\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/yWorks.com.xml b/src/chrome/content/rules/yWorks.com.xml
new file mode 100644
index 000000000000..4fd539e7f4da
--- /dev/null
+++ b/src/chrome/content/rules/yWorks.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="yWorks.com">
+    <target host="www.yworks.com" />
+    <target     host="yworks.com" />
+
+    <rule from="^http:"	to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/yadg.cc.xml b/src/chrome/content/rules/yadg.cc.xml
index 07f81c96c3f5..8031ac0738b4 100644
--- a/src/chrome/content/rules/yadg.cc.xml
+++ b/src/chrome/content/rules/yadg.cc.xml
@@ -1,6 +1,6 @@
 <ruleset name="YADG.cc">
   <target host="yadg.cc" />
   <target host="www.yadg.cc" />
-  
-<rule from="^http://(www\.)?yadg\.cc/" to="https://yadg.cc/"/>
+
+<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/yanao.ru.xml b/src/chrome/content/rules/yanao.ru.xml
new file mode 100644
index 000000000000..92e65c2027bb
--- /dev/null
+++ b/src/chrome/content/rules/yanao.ru.xml
@@ -0,0 +1,137 @@
+<!--
+75.yanao.ru ³
+adm.yanao.ru ³
+www.adm.yanao.ru ³
+admin.yanao.ru ³
+apparat.yanao.ru ⁴
+depzdrav.yanao.ru ³
+dgz.yanao.ru ³
+dprr-baz.yanao.ru ²
+www.dpv.yanao.ru ¹
+ds.yanao.ru/: (52, 'Empty reply from server')
+exmail.yanao.ru ⁴
+files.yanao.ru ⁴
+gasu.yanao.ru ²
+gov.yanao.ru ³
+db.gov.yanao.ru ³
+de.gov.yanao.ru ³
+admin.dgzt.gov.yanao.ru ³
+weblogic.dtszn.gov.yanao.ru ³
+fgs.gov.yanao.ru ¹
+geo.gov.yanao.ru ²
+it.gov.yanao.ru ⁴
+mail.gov.yanao.ru ⁴
+monitoring.gov.yanao.ru ³
+mx.gov.yanao.ru ³
+nedra.gov.yanao.ru ³
+www.nedra.gov.yanao.ru ³
+netflow.gov.yanao.ru ³
+ns.gov.yanao.ru ³
+ns1.gov.yanao.ru ³
+ns3.gov.yanao.ru ³
+ns4.gov.yanao.ru ³
+pgu-db.gov.yanao.ru ³
+prognoz.gov.yanao.ru ³
+rgu.gov.yanao.ru ³
+siu.gov.yanao.ru ⁴
+ssc.gov.yanao.ru ²
+torgi.gov.yanao.ru ³
+torgi1.gov.yanao.ru ³
+vbox.gov.yanao.ru ²
+vpn.gov.yanao.ru ⁴
+webmail.gov.yanao.ru ³
+zags.gov.yanao.ru ³
+gusi.yanao.ru ³
+www.gusi.yanao.ru ³
+home.yanao.ru ³
+iii.yanao.ru ³
+info.yanao.ru ³
+infoteh.yanao.ru ³
+www.infoteh.yanao.ru ³
+mt.infoteh.yanao.ru ²
+invest.yanao.ru ³
+kmns.yanao.ru ³
+www.kmns.yanao.ru ³
+kobilkin.yanao.ru ²
+ks.yanao.ru ³
+lk.yanao.ru ¹
+lotus.yanao.ru ³
+meeting.yanao.ru ⁴
+memorybook.yanao.ru ⁴
+mfc.yanao.ru ⁴
+www.mfc.yanao.ru ³
+monitoring.yanao.ru ³
+mxs.yanao.ru ³
+nac.yanao.ru ³
+nadym.yanao.ru ³
+mail.nurengoy.yanao.ru ⁴
+old.yanao.ru ³
+omb.yanao.ru ⁴
+orv.yanao.ru ³
+portal.yanao.ru ³
+forum.portal.yanao.ru ³
+ppu.yanao.ru ³
+pravitelstvo.yanao.ru ²
+rca.yanao.ru/: (35, 'error:14092105:SSL routines:ssl3_get_server_hello:wrong cipher returned')
+reestrnko.yanao.ru ²
+relay.yanao.ru ³
+sametime.yanao.ru ⁴
+sc.yanao.ru ³
+slh.yanao.ru ³
+system.yanao.ru ³
+taxi.yanao.ru ⁴
+admshd.test.yanao.ru ⁴
+gubweek.test.yanao.ru ⁴
+nadymregion.test.yanao.ru ⁴
+olympicsk.test.yanao.ru ⁴
+zsyanao.test.yanao.ru ⁴
+torgi.yanao.ru ³
+www.torgi.yanao.ru ³
+tsp.yanao.ru ²
+weblotus.yanao.ru/: (52, 'Empty reply from server')
+webmail.yanao.ru ⁴
+yamal-info.yanao.ru ³
+www.yamal-info.yanao.ru ³
+yamaltech.yanao.ru ³
+www.yatech.yanao.ru ²
+monitoring.yanao.ru:81 ⁷
+dgzp.yanao.ru mixed content
+dszn.yanao.ru mixed content
+smev.yanao.ru mixed content
+
+
+¹ mismatch
+² refused
+³ timed out
+⁴ self signed
+⁷ protocol error
+-->
+<ruleset name="yanao.ru">
+	<target host="yanao.ru" />
+	<target host="www.yanao.ru" />
+	<target host="admhetta.yanao.ru" />
+	<target host="csonlab.yanao.ru" />
+	<target host="dflbt.yanao.ru" />
+	<target host="dgjn.yanao.ru" />
+	<target host="ditis.yanao.ru" />
+	<target host="docserver.yanao.ru" />
+	<target host="dpv.yanao.ru" />
+	<target host="eks.yanao.ru" />
+	<target host="folkler.yanao.ru" />
+	<target host="gkups.yanao.ru" />
+	<target host="hosting.yanao.ru" />
+	<target host="karta.yanao.ru" />
+	<target host="lbt.yanao.ru" />
+	<target host="lib-shd.yanao.ru" />
+	<target host="nb.yanao.ru" />
+	<target host="nic.yanao.ru" />
+	<target host="rabota.yanao.ru" />
+	<target host="szn-ksk.yanao.ru" />
+	<target host="tbd.yanao.ru" />
+	<target host="vks.yanao.ru" />
+	<target host="webinar.yanao.ru" />
+	<target host="yuribey.yanao.ru" />
+	<target host="zapolyarny-adm.yanao.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/yaostrov.ru.xml b/src/chrome/content/rules/yaostrov.ru.xml
new file mode 100644
index 000000000000..9a487ba67f3d
--- /dev/null
+++ b/src/chrome/content/rules/yaostrov.ru.xml
@@ -0,0 +1,5 @@
+<ruleset name="yaostrov.ru">
+	<target host="yaostrov.ru" />
+	<target host="www.yaostrov.ru" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/yapfiles.ru.xml b/src/chrome/content/rules/yapfiles.ru.xml
new file mode 100644
index 000000000000..b8790eb12312
--- /dev/null
+++ b/src/chrome/content/rules/yapfiles.ru.xml
@@ -0,0 +1,12 @@
+<!--
+Invalid certificate:
+	alpha.yapfiles.ru
+-->
+<ruleset name="yapfiles.ru">
+	<target host="yapfiles.ru" />
+	<target host="www.yapfiles.ru" />
+	<target host="s01.yapfiles.ru" />
+	<target host="s02.yapfiles.ru" />
+
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/yaplakal.com.xml b/src/chrome/content/rules/yaplakal.com.xml
new file mode 100644
index 000000000000..d0d1386a0036
--- /dev/null
+++ b/src/chrome/content/rules/yaplakal.com.xml
@@ -0,0 +1,33 @@
+<!--
+Invalid certificate:
+	www.2009.yaplakal.com
+	www.cs.yaplakal.com
+	flash.yaplakal.com
+	games.yaplakal.com
+	incubator.yaplakal.com
+	mail.yaplakal.com
+	www.s00.yaplakal.com
+	dav.s02.yaplakal.com
+	stat.yaplakal.com
+	ww.yaplakal.com
+	ww1.yaplakal.com
+	wwww.yaplakal.com
+-->
+<ruleset name="yaplakal.com">
+	<target host="yaplakal.com" />
+	<target host="www.yaplakal.com" />
+	<target host="alpha.yaplakal.com" />
+	<target host="animals.yaplakal.com" />
+	<target host="api.yaplakal.com" />
+	<target host="art.yaplakal.com" />
+	<target host="auto.yaplakal.com" />
+	<target host="fotozhaba.yaplakal.com" />
+	<target host="inkubator.yaplakal.com" />
+	<target host="m.yaplakal.com" />
+	<target host="news.yaplakal.com" />
+	<target host="pics.yaplakal.com" />
+	<target host="s00.yaplakal.com" />
+	<target host="video.yaplakal.com" />
+
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/yapx.ru.xml b/src/chrome/content/rules/yapx.ru.xml
new file mode 100644
index 000000000000..686a0e2a3df1
--- /dev/null
+++ b/src/chrome/content/rules/yapx.ru.xml
@@ -0,0 +1,13 @@
+<!--
+	Invalid certificate:
+		mail.yapx.ru
+		t.yapx.ru
+		test.yapx.ru
+-->
+<ruleset name="yapx.ru">
+	<target host="yapx.ru" />
+	<target host="www.yapx.ru" />
+	<target host="i.yapx.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/yarcube.ru.xml b/src/chrome/content/rules/yarcube.ru.xml
new file mode 100644
index 000000000000..5a5240b1c3e7
--- /dev/null
+++ b/src/chrome/content/rules/yarcube.ru.xml
@@ -0,0 +1,6 @@
+<ruleset name="yarcube.ru">
+	<target host="yarcube.ru" />
+	<target host="www.yarcube.ru" />
+	<!-- <target host="soft.yarcube.ru" /> --><!-- ERROR (35, schannel: SNI or certificate check failed: SEC_E_WRONG_PRINCIPAL (0x80090322) -    .) -->
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/yarnpkg.com.xml b/src/chrome/content/rules/yarnpkg.com.xml
new file mode 100644
index 000000000000..1689621f02ff
--- /dev/null
+++ b/src/chrome/content/rules/yarnpkg.com.xml
@@ -0,0 +1,17 @@
+<ruleset name="YarnPKG.com">
+
+	<target host="yarnpkg.com" />
+	<target host="www.yarnpkg.com" />
+	<target host="dl.yarnpkg.com" />
+	<target host="i18n.yarnpkg.com" />
+	<target host="nightly.yarnpkg.com" />
+	<target host="registry.yarnpkg.com" />
+	<target host="release.yarnpkg.com" />
+	<target host="stats.yarnpkg.com" />
+	<target host="status.yarnpkg.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/yartv.ru.xml b/src/chrome/content/rules/yartv.ru.xml
new file mode 100644
index 000000000000..b0ffce84053c
--- /dev/null
+++ b/src/chrome/content/rules/yartv.ru.xml
@@ -0,0 +1,16 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://yartv.ru/ => https://yartv.ru/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.yartv.ru/ => https://www.yartv.ru/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://cabinet.yartv.ru/ => https://cabinet.yartv.ru/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+-->
+<ruleset name="yartv.ru" default_off="failed ruleset test">
+	<target host="yartv.ru" />
+	<target host="www.yartv.ru" />
+	<target host="newcabinet.yartv.ru" />
+	<target host="cabinet.yartv.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/yash.osdn.jp.xml b/src/chrome/content/rules/yash.osdn.jp.xml
new file mode 100644
index 000000000000..b6a55b46b26d
--- /dev/null
+++ b/src/chrome/content/rules/yash.osdn.jp.xml
@@ -0,0 +1,5 @@
+<ruleset name="yash.osdn.jp">
+	<target host="yash.osdn.jp" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ycbi.org.xml b/src/chrome/content/rules/ycbi.org.xml
new file mode 100644
index 000000000000..150294cc2c82
--- /dev/null
+++ b/src/chrome/content/rules/ycbi.org.xml
@@ -0,0 +1,20 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://ycbi.org/ => https://ycbi.org/: (60, 'SSL certificate problem: certificate has expired')
+
+	www.ycbi.org: Differs from http & ^ycbi.org
+
+-->
+<ruleset name="YC BI.com (partial)" default_off="failed ruleset test">
+
+	<target host="ycbi.org" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/yell.com.xml b/src/chrome/content/rules/yell.com.xml
new file mode 100644
index 000000000000..c483a99fa49d
--- /dev/null
+++ b/src/chrome/content/rules/yell.com.xml
@@ -0,0 +1,95 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://st.yell.com/ => https://st.yell.com/: (6, 'Could not resolve host: st.yell.com')
+
+	Note: This website blocks Tor users.
+
+
+	Problematic hosts in *yell.com:
+
+		- (www.)? ᵀ
+		- hotels ᵐ
+
+	ᵀ Blocks Tor users
+	ᵐ Mismatched
+
+
+	Partially covered hosts in *yell.com:
+
+		- marketing *
+
+	* Some pages redirect to http, others 404
+
+
+	Mixed content:
+
+		- Images on marketing from st.yell.com ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="Yell.com (partial)" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
+	<!--target host="yell.com" />		needs clearnet testing -->
+	<target host="auth.yell.com" />
+	<target host="business.yell.com" />
+	<target host="careers.yell.com" />
+	<target host="s-omniture.yell.com" />
+	<target host="st.yell.com" />
+	<!--target host="www.yell.com" />	needs clearnet testing -->
+
+	<!--	Complications:
+				-->
+	<target host="marketing.yell.com" />
+
+		<!--	Redirects to http:
+						-->
+		<!--exclusion pattern="^http://marketing\.yell\.com/(?:$|contact\.html)" /-->
+		<!--
+			404:
+				-->
+		<!--exclusion pattern="^http://marketing\.yell\.com/contact/$" /-->
+		<!--
+			Exceptions:
+					-->
+		<!--exclusion pattern="^http://marketing\.yell\.com/(?!help(?:$|[?/]))" /-->
+		<!--
+			(& preempted redirect:)
+						-->
+		<exclusion pattern="^http://marketing\.yell\.com/+(?!$|help(?:$|[?/]))" />
+
+			<!--	+ve:
+					-->
+			<test url="http://marketing.yell.com/contact.html" />
+			<test url="http://marketing.yell.com/contact/" />
+			<test url="http://marketing.yell.com/legal/prominence-rules/" />
+			<test url="http://marketing.yell.com/legal/security-policy/" />
+			<test url="http://marketing.yell.com/legal/sms-spec/" />
+			<test url="http://marketing.yell.com/web-design/yell-com/" />
+
+			<!--	-ve:
+					-->
+			<test url="http://marketing.yell.com/help/accounts-billing.html" />
+
+
+	<securecookie host="^\." name="^(?:_gat?$|s_v\w)" />
+	<securecookie host="^(?!marketing\.)\w" name=".+" />
+
+
+	<!--	Redirects to http first:
+					-->
+	<rule from="^http://marketing\.yell\.com/$"
+		to="https://business.yell.com/" />
+
+		<!--	There be faulty regex somewhere
+			in the coverage checker...
+							-->
+		<test url="http://marketing.yell.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/yelpblog.com.xml b/src/chrome/content/rules/yelpblog.com.xml
new file mode 100644
index 000000000000..5ea849160e51
--- /dev/null
+++ b/src/chrome/content/rules/yelpblog.com.xml
@@ -0,0 +1,17 @@
+<!--
+	For other Yelp coverage, see Yelp.xml.
+
+-->
+<ruleset name="Yelp Blog.com">
+
+	<target host="yelpblog.com" />
+	<target host="www.yelpblog.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/yelpreservations.com.xml b/src/chrome/content/rules/yelpreservations.com.xml
new file mode 100644
index 000000000000..cff0acd091df
--- /dev/null
+++ b/src/chrome/content/rules/yelpreservations.com.xml
@@ -0,0 +1,21 @@
+<!--
+	For other Yelp coverage, see Yelp.xml.
+
+-->
+<ruleset name="Yelp Reservations.com">
+
+	<target host="yelpreservations.com" />
+	<target host="static.yelpreservations.com" />
+	<target host="www.yelpreservations.com" />
+
+		<test url="http://static.yelpreservations.com/img/consumer/frontpage/small-iphone.png" />
+
+
+	<securecookie host="^\." name="^_ga" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/yerkramas.org.xml b/src/chrome/content/rules/yerkramas.org.xml
new file mode 100644
index 000000000000..2dbb5be681aa
--- /dev/null
+++ b/src/chrome/content/rules/yerkramas.org.xml
@@ -0,0 +1,12 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://yerkramas.org/ => https://yerkramas.org/: (51, "SSL: no alternative certificate subject name matches target host name 'yerkramas.org'")
+Fetch error: http://www.yerkramas.org/ => https://www.yerkramas.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.yerkramas.org'")
+
+-->
+<ruleset name="yerkramas.org" platform="mixedcontent" default_off="failed ruleset test">
+	<target host="yerkramas.org" />
+	<target host="www.yerkramas.org" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/yes.co.il.xml b/src/chrome/content/rules/yes.co.il.xml
new file mode 100644
index 000000000000..57527796b093
--- /dev/null
+++ b/src/chrome/content/rules/yes.co.il.xml
@@ -0,0 +1,50 @@
+<!--
+	For other Bezeq coverage, see bezeq.co.il.xml.
+
+
+	Nonfunctional hosts in *yes.co.il:
+
+		- blog ᵃ
+		- join ᵃ
+
+	ᵃ Shows another domain
+
+
+	Insecure cookies are set for these domains and hosts:
+
+		- yes.co.il
+		- .yes.co.il
+		- chat.yes.co.il
+		- img.yes.co.il
+		- secure.yes.co.il
+		- www.yes.co.il
+
+-->
+<ruleset name="Yes.co.il (partial)">
+
+	<target host="yes.co.il" />
+	<target host="chat.yes.co.il" />
+	<target host="img.yes.co.il" />
+	<target host="secure.yes.co.il" />
+	<target host="www.yes.co.il" />
+
+		<!--	$ prints 200 error page, so:
+							-->
+		<test url="http://chat.yes.co.il/ICR/Default.aspx?l=56" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:secure\.|www\.)?yes\.co\.il$" name="^(?:TS[\da-f]{8}|f5_cspm)$" /-->
+	<!--securecookie host="^\.yes\.co\.il$" name="^(?:TS[\da-f]{8}|dtCookie)$" /-->
+	<!--securecookie host="^chat\.yes\.co\.il$" name="^(?:ASP\.NET_SessionId|TS[\da-f]{8})$" /-->
+	<!--securecookie host="^img\.yes\.co\.il$" name="^TS[\da-f]{8}$" /-->
+
+	<securecookie host="^\." name="^(?:_gat?$|_gat_|TS[\da-f]{8})" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/yeungrealtors.com.xml b/src/chrome/content/rules/yeungrealtors.com.xml
new file mode 100644
index 000000000000..a3d91ae3897b
--- /dev/null
+++ b/src/chrome/content/rules/yeungrealtors.com.xml
@@ -0,0 +1,16 @@
+<!--
+	Invalid certificate:
+		autodiscover.yeungrealtors.com
+
+	Refused:
+		localhost.yeungrealtors.com
+-->
+<ruleset name="yeungrealtors.com">
+	<target host="yeungrealtors.com" />
+	<target host="www.yeungrealtors.com" />
+	<target host="cpanel.yeungrealtors.com" />
+	<target host="webdisk.yeungrealtors.com" />
+	<target host="webmail.yeungrealtors.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/yfrog.xml b/src/chrome/content/rules/yfrog.xml
index c02d7b153003..072380251a1c 100644
--- a/src/chrome/content/rules/yfrog.xml
+++ b/src/chrome/content/rules/yfrog.xml
@@ -1,13 +1,37 @@
-<ruleset name="yfrog">
 
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://yfrog.com/about => https://yfrog.com/about: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://yfrog.com/ => https://yfrog.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://desmond.yfrog.com/ => https://desmond.yfrog.com/: (6, 'Could not resolve host: desmond.yfrog.com')
+Fetch error: http://twitter.yfrog.com/ => https://twitter.yfrog.com/: (6, 'Could not resolve host: twitter.yfrog.com')
+Fetch error: http://www.yfrog.com/ => https://www.yfrog.com/: (28, 'Connection timed out after 20001 milliseconds')
+
+	Mixed content:
+
+		- css on (www.)? from fonts.googleapis.com *
+
+	* Secured by us
+
+-->
+<ruleset name="yfrog.com" default_off="failed ruleset test">
+
+	<!--	Direct rewrites:
+				-->
 	<target host="yfrog.com" />
-	<target host="*.yfrog.com" />
+	<target host="desmond.yfrog.com" />
+	<target host="twitter.yfrog.com" />
+	<target host="www.yfrog.com" />
+
+		<!--	Mixed css from fonts.googleapis.com:
+							-->
+		<test url="http://yfrog.com/about" />
 
 
-	<securecookie host="^\.twitter.yfrog.com$" name=".+" />
+	<securecookie host="^\.twitter\.yfrog\.com$" name=".+" />
 
 
-	<rule from="^http://(?:(desmond\.|twitter\.)|www\.)?yfrog\.com/"
-		to="https://$1yfrog.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/yidianzixun.com.xml b/src/chrome/content/rules/yidianzixun.com.xml
new file mode 100644
index 000000000000..d5bff4a85a8a
--- /dev/null
+++ b/src/chrome/content/rules/yidianzixun.com.xml
@@ -0,0 +1,17 @@
+<!--
+	Refused:
+		campus.yidianzixun.com
+-->
+<ruleset name="yidianzixun.com">
+	<target host="yidianzixun.com"/>
+	<target host="www.yidianzixun.com"/>
+	<target host="download.yidianzixun.com"/>
+	<target host="mb.yidianzixun.com"/>
+	<target host="mp.yidianzixun.com"/>
+	<target host="oppo.yidianzixun.com"/>
+	<target host="static.yidianzixun.com"/>
+	<target host="staticimg.yidianzixun.com"/>
+	<target host="tag.yidianzixun.com"/>
+
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/yikeweiqi.com.xml b/src/chrome/content/rules/yikeweiqi.com.xml
new file mode 100644
index 000000000000..8b177ba86935
--- /dev/null
+++ b/src/chrome/content/rules/yikeweiqi.com.xml
@@ -0,0 +1,35 @@
+<!--
+	HTTP ≠ HTTPS:
+		go4go.yikeweiqi.com		https://go4go.yikeweiqi.com/thumbnail/52071.png
+
+	Mismatched:
+		res.yikeweiqi.com		get from https://baoming.yikeweiqi.com/
+
+		admin.golinksworld.com	get from https://portal.yikeweiqi.com/online/golive/livedetail?id=11105&hall=1&room=6638088
+		image.golinksworld.com
+-->
+<ruleset name="yikeweiqi.com">
+	<target host="yikeweiqi.com" />
+	<target host="www.yikeweiqi.com" />
+	<target host="apis.yikeweiqi.com" />
+	<target host="baoming.yikeweiqi.com" />
+	<target host="cdn.yikeweiqi.com" />
+	<target host="home.yikeweiqi.com" />
+	<target host="image.yikeweiqi.com" />
+	<target host="portal.yikeweiqi.com" />
+	<target host="rtgame.yikeweiqi.com" />
+	<target host="shaoer.yikeweiqi.com" />
+	<target host="share.yikeweiqi.com" />
+
+	<!-- Mismatched: -->
+	<target host="admin.golinksworld.com" />
+	<target host="image.golinksworld.com" />
+	<rule from="^http://(admin|image)\.golinksworld\.com/"
+			to="https://cdn.yikeweiqi.com/" />
+		<test url="http://admin.golinksworld.com/upload/gonews/635975449106261406.jpg" />
+		<test url="http://image.golinksworld.com/ueditor/20170323/636258791421487411.jpg" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/yiwutaro.com.xml b/src/chrome/content/rules/yiwutaro.com.xml
new file mode 100644
index 000000000000..cf8a578927e5
--- /dev/null
+++ b/src/chrome/content/rules/yiwutaro.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="yiwutaro.com">
+
+	<target host="yiwutaro.com" />
+	<target host="www.yiwutaro.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/ykimg.com.xml b/src/chrome/content/rules/ykimg.com.xml
new file mode 100644
index 000000000000..8a7cd068a2ec
--- /dev/null
+++ b/src/chrome/content/rules/ykimg.com.xml
@@ -0,0 +1,47 @@
+<!--
+	Invalid certificate:
+		res.mfs.ykimg.com
+		qrcode.ykimg.com
+-->
+
+<ruleset name="ykimg.com">
+	<!--Complication:-->
+	<target host="res.mfs.ykimg.com" />
+	<rule from="^http://res\.mfs\.ykimg\.com/" to="https://mfs.ykimg.com/" />
+		<test url="http://res.mfs.ykimg.com/100120110117153611CDE50BE3309AD4EFD7C853B1128C531E" />
+
+	<!--Directly:-->
+	<target host="css.ykimg.com" />
+		<test url="http://css.ykimg.com/youku/dist/css/find/external/ykheader_37.css" />
+	<target host="g1.ykimg.com" />
+		<test url="http://g1.ykimg.com/05110000494903FC6730B3562DD73071" />
+	<target host="g2.ykimg.com" />
+		<test url="http://g2.ykimg.com/05110000494903FC6730B3562DD73071" />
+	<target host="g3.ykimg.com" />
+		<test url="http://g3.ykimg.com/05110000494903FC6730B3562DD73071" />
+	<target host="g4.ykimg.com" />
+		<test url="http://g4.ykimg.com/01270F1F464E5872635C1600000000122A1C24-0703-6A13-619E-F6618C1E8751" />
+	<target host="js.ykimg.com" />
+		<test url="http://js.ykimg.com/youku/dist/js/page/find/external/ykheader_69.js" />
+	<target host="m1.ykimg.com" />
+		<test url="http://m1.ykimg.com/0A020000154E1D53EFCFD5CE7902B367" />
+	<target host="m2.ykimg.com" />
+	<target host="m3.ykimg.com" />
+	<target host="m4.ykimg.com" />
+	<target host="mfs.ykimg.com" />
+		<test url="http://mfs.ykimg.com/100120110117153611CDE50BE3309AD4EFD7C853B1128C531E" />
+	<target host="r1.ykimg.com" />
+		<test url="http://r1.ykimg.com/0510000057EE2D376714C03EDA06E4F1" />
+	<target host="r2.ykimg.com" />
+		<test url="http://r2.ykimg.com/05100000539958846737B346450E1326" />
+	<target host="r3.ykimg.com" />
+		<test url="http://r3.ykimg.com/051000005731C3EA67BC3D3B170AE441" />
+	<target host="r4.ykimg.com" />
+		<test url="http://r4.ykimg.com/051000005427AB176737B324FD06368C" />
+	<target host="res.ykimg.com" />
+		<test url="http://res.ykimg.com/100120110117153611CDE50BE3309AD4EFD7C853B1128C531E" />
+	<target host="static.ykimg.com" />
+		<test url="http://static.ykimg.com/yk/ypartner/bin/ypd-20160705.79d5a89146.pdf" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ylilauta.xml b/src/chrome/content/rules/ylilauta.xml
deleted file mode 100644
index fe7bccb68eda..000000000000
--- a/src/chrome/content/rules/ylilauta.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="Ylilauta">
-  <target host="www.ylilauta.org" />
-  <target host="ylilauta.org" />
-  <target host="boards.ylilauta.org" />
-  <target host="static.ylilauta.org" />
-
-  <rule from="^http://(www\.)?ylilauta\.org/" to="https://ylilauta.org/"/>
-  <rule from="^http://boards\.ylilauta\.org/" to="https://boards.ylilauta.org/"/>
-  <rule from="^http://static\.ylilauta\.org/" to="https://static.ylilauta.org/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/yoogiscloset.com.xml b/src/chrome/content/rules/yoogiscloset.com.xml
new file mode 100644
index 000000000000..4838dbb31bfc
--- /dev/null
+++ b/src/chrome/content/rules/yoogiscloset.com.xml
@@ -0,0 +1,14 @@
+<ruleset name="Yoogis Closet.com">
+
+	<target host="yoogiscloset.com" />
+	<target host="www.yoogiscloset.com" />
+
+
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/yota.ru.xml b/src/chrome/content/rules/yota.ru.xml
new file mode 100644
index 000000000000..58afd7194ded
--- /dev/null
+++ b/src/chrome/content/rules/yota.ru.xml
@@ -0,0 +1,22 @@
+<!--
+trpz.yota.ru self signed
+futureproof.yota.ru self signed
+forbidden.yota.ru mismatch
+many.yota.ru non-2xx http code
+status.yota.ru nonexist
+wifi.yota.ru non-2xx http code
+speedtest.spb.yota.ru mismatch
+monthfree.yota.ru mismatch
+way.yota.ru mismatch
+-->
+<ruleset name="yota.ru">
+	<target host="yota.ru" />
+	<target host="www.yota.ru" />
+	<target host="corp.yota.ru" />
+	<target host="my.yota.ru" />
+	<target host="partner.yota.ru" />
+	<target host="in.yota.ru" />
+	<target host="static.yota.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/yottos.com.xml b/src/chrome/content/rules/yottos.com.xml
new file mode 100644
index 000000000000..c7bff83124ad
--- /dev/null
+++ b/src/chrome/content/rules/yottos.com.xml
@@ -0,0 +1,54 @@
+<!--
+	Nonfunctional hosts in *yottos.com:
+
+		- adload ᵃ
+		- blog ᵈ
+
+	ᵃ Shows mail.yottos.com
+	ᵈ Dropped
+
+
+	Problematic hosts in *yottos.com:
+
+		- www.cdn ᵐ
+		- mail ᶜ
+
+	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
+	ᵐ Mismatched
+
+
+	STS header includes includeSubdomains
+	for cdn
+
+-->
+<ruleset name="Yottos.com (partial)">
+
+	<target host="yottos.com" />
+	<target host="cdn.yottos.com" />
+	<target host="*.cdn.yottos.com" />
+	<!--target host="mail.yottos.com" /-->
+	<target host="www.yottos.com" />
+
+		<!--	includeSubdomains applies to one level only, so:
+									-->
+		<exclusion pattern="^http://(?:[^./]+\.){2,}cdn\.yottos\.com/" />
+
+			<!--	+ve:
+					-->
+			<test url="http://this.host.cdn.yottos.com/" />
+			<test url="http://exists.not.cdn.yottos.com/" />
+
+
+	<securecookie host="^\." name="^_ga" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://www\.cdn\.yottos\.com/"
+		to="https://cdn.yottos.com/" />
+
+		<test url="http://www.cdn.yottos.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/yougetsignal.com.xml b/src/chrome/content/rules/yougetsignal.com.xml
new file mode 100644
index 000000000000..5f6d972f840e
--- /dev/null
+++ b/src/chrome/content/rules/yougetsignal.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="yougetsignal.com">
+	<target host="yougetsignal.com" />
+	<target host="www.yougetsignal.com" />
+	<target host="ports.yougetsignal.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/youla.io.xml b/src/chrome/content/rules/youla.io.xml
new file mode 100644
index 000000000000..fe53f3205a53
--- /dev/null
+++ b/src/chrome/content/rules/youla.io.xml
@@ -0,0 +1,19 @@
+<!--
+ap.youla.io different content
+m.youla.io different content
+
+
+-->
+<ruleset name="youla.io">
+	<target host="youla.io" />
+	<target host="www.youla.io" />
+	<target host="api.youla.io" />
+	<target host="app.youla.io" />
+	<target host="cache.youla.io" />
+	<target host="cache2.youla.io" />
+	<target host="cache3.youla.io" />
+	<target host="promo.youla.io" />
+	<target host="storage.youla.io" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/youngstonewall.org.uk.xml b/src/chrome/content/rules/youngstonewall.org.uk.xml
new file mode 100644
index 000000000000..95e9d98de777
--- /dev/null
+++ b/src/chrome/content/rules/youngstonewall.org.uk.xml
@@ -0,0 +1,13 @@
+<ruleset name="Young Stonewall.org.uk">
+
+	<target host="youngstonewall.org.uk" />
+	<target host="www.youngstonewall.org.uk" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/youporn.com.xml b/src/chrome/content/rules/youporn.com.xml
new file mode 100644
index 000000000000..daaf74d856d2
--- /dev/null
+++ b/src/chrome/content/rules/youporn.com.xml
@@ -0,0 +1,63 @@
+<!--
+Invalid certificate:
+	www01.cosmicboner.youporn.com
+	feedback.youporn.com
+
+Refused connection:
+	cms.youporn.com
+	stage.cms.youporn.com
+	rtsp.youporn.com
+-->
+<ruleset name="youporn.com">
+	<target host="youporn.com"/>
+	<target host="www.youporn.com"/>
+	<target host="blog.youporn.com"/>
+	<target host="br.youporn.com"/>
+	<target host="de.youporn.com"/>
+	<target host="en.youporn.com"/>
+	<target host="es.youporn.com"/>
+	<target host="fr.youporn.com"/>
+	<target host="hardcore.youporn.com"/>
+	<target host="ht.youporn.com"/>
+	<target host="it.youporn.com"/>
+	<target host="jp.youporn.com"/>
+	<target host="nl.youporn.com"/>
+	<target host="pl.youporn.com"/>
+	<target host="pt.youporn.com"/>
+	<target host="ru.youporn.com"/>
+	<target host="stage.youporn.com"/>
+	<target host="store.youporn.com"/>
+	<target host="tr.youporn.com"/>
+	<!-- CDNs -->
+	<target host="bd.ypncdn.com"/>
+	<target host="be.ypncdn.com"/>
+	<target host="be-ph.ypncdn.com"/>
+	<target host="bi1.ypncdn.com"/>
+	<target host="bv.ypncdn.com"/>
+	<target host="bv-ph.ypncdn.com"/>
+	<target host="dd.ypncdn.com"/>
+	<target host="de.ypncdn.com"/>
+	<target host="de-ph.ypncdn.com"/>
+	<target host="di1.ypncdn.com"/>
+	<target host="di1-ph.ypncdn.com"/>
+	<target host="di2.ypncdn.com"/>
+	<target host="di2-ph.ypncdn.com"/>
+	<target host="dp.ypncdn.com"/>
+	<target host="dp-ph.ypncdn.com"/>
+	<target host="ds.ypncdn.com"/>
+	<target host="dv.ypncdn.com"/>
+	<target host="dv-ph.ypncdn.com"/>
+	<target host="ee.ypncdn.com"/>
+	<target host="ee-ph.ypncdn.com"/>
+	<target host="ev.ypncdn.com" />
+	<target host="ev-ph.ypncdn.com" />
+	<target host="fe.ypncdn.com"/>
+	<target host="fi1.ypncdn.com"/>
+	<target host="fi1-ph.ypncdn.com"/>
+	<target host="fi2.ypncdn.com"/>
+	<target host="fi2-ph.ypncdn.com"/>
+	<target host="fm.ypncdn.com"/>
+	<target host="fs.ypncdn.com"/>
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/yourchoiceyourhome.org.uk.xml b/src/chrome/content/rules/yourchoiceyourhome.org.uk.xml
new file mode 100644
index 000000000000..9da02b9e34ff
--- /dev/null
+++ b/src/chrome/content/rules/yourchoiceyourhome.org.uk.xml
@@ -0,0 +1,44 @@
+<!--
+	For other UK government coverage, see GOV.UK.xml.
+
+
+	^yourchoiceyourhome.org.uk: Mismatched
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.yourchoiceyourhome.org.uk
+
+
+	Mixed content:
+
+		- Image from www.browsealoud.com ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="Your Choice Your Home.org.uk">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.yourchoiceyourhome.org.uk" />
+
+	<!--	Complications:
+				-->
+	<target host="yourchoiceyourhome.org.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.yourchoiceyourhome\.org\.uk$" name="^ASP\.NET_SessionId$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://yourchoiceyourhome\.org\.uk/"
+		to="https://www.yourchoiceyourhome.org.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/yourcmc.ru.xml b/src/chrome/content/rules/yourcmc.ru.xml
new file mode 100644
index 000000000000..6aa837c20f3a
--- /dev/null
+++ b/src/chrome/content/rules/yourcmc.ru.xml
@@ -0,0 +1,15 @@
+<!--
+	Invalid certificate:
+		www.yourcmc.ru
+		gtwp.yourcmc.ru
+		svn.yourcmc.ru
+		www.svn.yourcmc.ru
+		vmx.yourcmc.ru
+		www.vmx.yourcmc.ru
+-->
+<ruleset name="yourcmc.ru">
+	<target host="yourcmc.ru" />
+		<test url="http://yourcmc.ru/wiki/Grive2" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/yourls.org.xml b/src/chrome/content/rules/yourls.org.xml
new file mode 100644
index 000000000000..8a62fc4d6432
--- /dev/null
+++ b/src/chrome/content/rules/yourls.org.xml
@@ -0,0 +1,7 @@
+<ruleset name="yourls.org">
+	<target host="yourls.org" />
+	<target host="www.yourls.org" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/yourpensionservice.org.uk.xml b/src/chrome/content/rules/yourpensionservice.org.uk.xml
new file mode 100644
index 000000000000..3d61f18354e3
--- /dev/null
+++ b/src/chrome/content/rules/yourpensionservice.org.uk.xml
@@ -0,0 +1,30 @@
+<!--
+	These altnames do not exist:
+
+		- yourpensionservice.org.uk
+
+
+	Insecure cookies are set for these hosts:
+
+		- cumbriamss.yourpensionservice.org.uk
+		- lancashiremss.yourpensionservice.org.uk
+
+-->
+<ruleset name="Your Pension Service.org.uk">
+
+	<target host="cumbriamss.yourpensionservice.org.uk" />
+	<target host="lancashiremss.yourpensionservice.org.uk" />
+	<target host="www.yourpensionservice.org.uk" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:cumbria|lancashire)mss\.yourpensionservice\.org\.uk$" name="^(?:javax\.faces\.ClientToken|scheEmp)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/yousuu.com.xml b/src/chrome/content/rules/yousuu.com.xml
new file mode 100644
index 000000000000..36a6fd3a3cd2
--- /dev/null
+++ b/src/chrome/content/rules/yousuu.com.xml
@@ -0,0 +1,15 @@
+<!--
+	Mismatch:
+		^	( equal to www )
+		js
+-->
+
+<ruleset name="yousuu.com">
+	<target host="yousuu.com" />
+	<target host="www.yousuu.com" />
+	<target host="img.yousuu.com" />
+
+	<rule from="^http://yousuu\.com/" to="https://www.yousuu.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/youth.cn.xml b/src/chrome/content/rules/youth.cn.xml
new file mode 100644
index 000000000000..e12f19652176
--- /dev/null
+++ b/src/chrome/content/rules/youth.cn.xml
@@ -0,0 +1,54 @@
+<!--
+	Mismatched:
+		bbs.youth.cn
+		sns.qnzs.youth.cn
+
+	Timeout:
+		^
+		book.youth.cn
+		en.youth.cn
+		fr.youth.cn
+		ftpd.youth.cn
+		jp.youth.cn
+		mail.youth.cn
+		news.youth.cn
+		t.m.youth.cn	https://t.m.youth.cn/transfer/toutiao/url/3g.youth.cn/rdzx/201809/t20180922_11735714.htm
+		v.youth.cn
+		vr.youth.cn
+		yq.youth.cn
+		zhijh.youth.cn
+-->
+<ruleset name="youth.cn">
+	<target host="www.youth.cn" />
+	<target host="3g.youth.cn" />
+	<target host="agzy.youth.cn" />
+	<target host="auto.youth.cn" />
+	<target host="cheers.youth.cn" />
+	<target host="cunguan.youth.cn" />
+	<target host="d.youth.cn" />
+	<target host="df.youth.cn" />
+	<target host="edu.youth.cn" />
+	<target host="finance.youth.cn" />
+	<target host="fun.youth.cn" />
+	<target host="g.youth.cn" />
+	<target host="gy.youth.cn" />
+	<target host="he.youth.cn" />
+	<target host="kandian.youth.cn" />
+	<target host="kr.youth.cn" />
+	<target host="picture.youth.cn" />
+	<target host="pinglun.youth.cn" />
+	<target host="qclz.youth.cn" />
+	<target host="qnzs.youth.cn" />
+	<target host="qnzz.youth.cn" />
+	<target host="ru.youth.cn" />
+	<target host="shuhua.youth.cn" />
+	<target host="sxx.youth.cn" />
+	<target host="m.youth.cn" />
+	<target host="tour.youth.cn" />
+	<target host="txs.youth.cn" />
+	<target host="wenhua.youth.cn" />
+	<target host="xibu.youth.cn" />
+	<target host="youxi.youth.cn" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/youthscape.co.uk.xml b/src/chrome/content/rules/youthscape.co.uk.xml
new file mode 100644
index 000000000000..8626d494de18
--- /dev/null
+++ b/src/chrome/content/rules/youthscape.co.uk.xml
@@ -0,0 +1,33 @@
+<!--
+	Other Youthscape rulesets:
+
+		- selfharm.co.uk.xml
+
+
+	Insecure cookies are set for these hosts:
+
+		- youthscape.co.uk
+		- www.youthscape.co.uk
+
+-->
+<ruleset name="Youthscape.co.uk">
+
+	<target host="youthscape.co.uk" />
+	<target host="www.youthscape.co.uk" />
+
+		<!--	Sets cookies without Secure:
+							-->
+		<!--test url="http://www.youthscape.co.uk/store" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:www\.)?youthscape\.co\.uk$" name="^exp_(?:csrf_token|exist_session_hash|last_activity|last_visit|tracker|ys_tools_redirect)$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/youtube-dl.org.xml b/src/chrome/content/rules/youtube-dl.org.xml
new file mode 100644
index 000000000000..5fd4d9dc9aa0
--- /dev/null
+++ b/src/chrome/content/rules/youtube-dl.org.xml
@@ -0,0 +1,13 @@
+<!--
+	Invalid certificate:
+		mx.youtube-dl.org
+
+-->
+<ruleset name="youtube-dl">
+
+	<target host="youtube-dl.org" />
+	<target host="www.youtube-dl.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/yoyo.com.xml b/src/chrome/content/rules/yoyo.com.xml
new file mode 100644
index 000000000000..c3aca02fd12e
--- /dev/null
+++ b/src/chrome/content/rules/yoyo.com.xml
@@ -0,0 +1,48 @@
+<!--
+	For other Amazon coverage, see Amazon.xml.
+
+
+	CDN buckets:
+
+		- yoyo.q-assets.com
+
+
+	^yoyo.com: Refused
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- .yoyo.com
+		- www.yoyo.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Yoyo.com">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="www.yoyo.com" />
+
+	<!--	Complications:
+				-->
+	<target host="yoyo.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^\.yoyo\.com$" name="^(?:cookie-check|session-id|ubid-main)$" /-->
+	<!--securecookie host="^www\.yoyo\.com$" name="^(?:VISITOR_ID|cookie-check)$" /-->
+
+	<securecookie host=".+" name="^ps-trtmnt$" />
+	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://yoyo\.com/"
+		to="https://www.yoyo.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/yoyogames.com.xml b/src/chrome/content/rules/yoyogames.com.xml
new file mode 100644
index 000000000000..9e7f06fda7b8
--- /dev/null
+++ b/src/chrome/content/rules/yoyogames.com.xml
@@ -0,0 +1,12 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://yoyogames.com/ => https://yoyogames.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+-->
+<ruleset name="Yoyogames.com" default_off="failed ruleset test">
+  <target host="yoyogames.com" />
+  <target host="www.yoyogames.com" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/yp.ru.xml b/src/chrome/content/rules/yp.ru.xml
new file mode 100644
index 000000000000..82b3c31cb3d2
--- /dev/null
+++ b/src/chrome/content/rules/yp.ru.xml
@@ -0,0 +1,11 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://yp.ru/ => https://yp.ru/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+<ruleset name="yp.ru" default_off="failed ruleset test">
+	<target host="yp.ru" />
+	<target host="www.yp.ru" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/yr.no.xml b/src/chrome/content/rules/yr.no.xml
new file mode 100644
index 000000000000..063a1d62dd0d
--- /dev/null
+++ b/src/chrome/content/rules/yr.no.xml
@@ -0,0 +1,42 @@
+
+<!--
+	Nonfunctional hosts in *yr.no:
+
+		- artikkel
+		- dev ʳ
+		- gfx ʳ
+		- om
+		- tillegg ʳ
+
+	ʳ Refused
+
+	Problematic hosts in *yr.no:
+
+		- vindpil
+
+	Invalid certificate:
+		- api
+
+-->
+<ruleset name="yr.no (partial)">
+
+	<target host="yr.no" />
+	<target host="beta.yr.no" />
+	<target host="m.yr.no" />
+	<target host="symbol.yr.no" />
+	<target host="www.yr.no" />
+		<test url="http://symbol.yr.no/grafikk/sym/b38/46.png" />
+
+	<!--	Complications:
+						-->
+	<target host="api.yr.no" />
+
+	<securecookie host="^\w" name=".+" />
+
+	<rule from="^http://api\.yr\.no/"
+		to="https://api.met.no/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/yts.ag.xml b/src/chrome/content/rules/yts.ag.xml
new file mode 100644
index 000000000000..b4675039bd7a
--- /dev/null
+++ b/src/chrome/content/rules/yts.ag.xml
@@ -0,0 +1,6 @@
+<ruleset name="yts.ag">
+	<target host="yts.ag" />
+	<target host="www.yts.ag" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/yuga.ru.xml b/src/chrome/content/rules/yuga.ru.xml
new file mode 100644
index 000000000000..a1a82fd8b4fd
--- /dev/null
+++ b/src/chrome/content/rules/yuga.ru.xml
@@ -0,0 +1,36 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://m.yuga.ru/ => https://m.yuga.ru/: (51, "SSL: no alternative certificate subject name matches target host name 'm.yuga.ru'")
+flirt. mismatch
+club. mismatch
+yachting. mismatch
+biznes. mismatch
+iskra. mismatch
+fckuban. mismatch
+internet. mismatch-->
+<ruleset name="yuga.ru" default_off="failed ruleset test">
+	<target host="yuga.ru" />
+	<target host="www.yuga.ru" />
+	<target host="bank.yuga.ru" />
+	<target host="dom.yuga.ru" />
+	<target host="auto.yuga.ru" />
+	<target host="kurort.yuga.ru" />
+	<target host="afisha.yuga.ru" />
+	<target host="job.yuga.ru" />
+	<target host="online.yuga.ru" />
+	<target host="passport.yuga.ru" />
+	<target host="pogoda.yuga.ru" />
+	<target host="drive.yuga.ru" />
+	<target host="konkurs.yuga.ru" />
+	<target host="nalog.yuga.ru" />
+	<target host="m.yuga.ru" />
+	<target host="img.yuga.ru" />
+	<target host="css.yuga.ru" />
+	<target host="euro.yuga.ru" />
+	<target host="catalog.yuga.ru" />
+	<target host="maps.yuga.ru" />
+	<target host="delo.yuga.ru" />
+	<target host="otvet.yuga.ru" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/yuji.ne.jp.xml b/src/chrome/content/rules/yuji.ne.jp.xml
new file mode 100644
index 000000000000..9ccaf13c06e9
--- /dev/null
+++ b/src/chrome/content/rules/yuji.ne.jp.xml
@@ -0,0 +1,10 @@
+<!--
+	Ruleset for YUJI.NE.JP
+-->
+
+<ruleset name="yuji.ne.jp">
+	<target host="yuji.ne.jp" />
+	<target host="www.yuji.ne.jp" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/yunaq.com.xml b/src/chrome/content/rules/yunaq.com.xml
new file mode 100644
index 000000000000..703e6a0e3ec6
--- /dev/null
+++ b/src/chrome/content/rules/yunaq.com.xml
@@ -0,0 +1,15 @@
+<!--
+	Mismach:
+		bbs.yunaq.com
+		help.yunaq.com
+		jk.yunaq.com
+-->
+
+<ruleset name="yunaq.com (partial)">
+	<target host="yunaq.com" />
+	<target host="www.yunaq.com" />
+	<target host="sso.yunaq.com" />
+	<target host="static.yunaq.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/yupoo.com.xml b/src/chrome/content/rules/yupoo.com.xml
new file mode 100644
index 000000000000..637fa2632563
--- /dev/null
+++ b/src/chrome/content/rules/yupoo.com.xml
@@ -0,0 +1,20 @@
+<!--
+	MCB:
+		www.yupoo.com	( ^ redirects to www by server. )
+
+	Mismatched:
+		abc.yupoo.com
+		photo.yupoo.com
+		v.yupoo.com
+		*.v.yupoo.com
+	There are too much hosts by users to list them all.
+-->
+<ruleset name="yupoo.com">
+	<target host="pic.yupoo.com" />
+	<target host="photo.yupoo.com" />
+
+	<test url="http://photo.yupoo.com/anderadpas/0545767dd85c/small.jpg" />
+	<test url="http://pic.yupoo.com/anderadpas/0545767dd85c/small.jpg" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/yuzusushisanmateo.com.xml b/src/chrome/content/rules/yuzusushisanmateo.com.xml
new file mode 100644
index 000000000000..166ab3786514
--- /dev/null
+++ b/src/chrome/content/rules/yuzusushisanmateo.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="yuzusushisanmateo.com">
+	<target host="yuzusushisanmateo.com" />
+	<target host="www.yuzusushisanmateo.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/yvt.jp.xml b/src/chrome/content/rules/yvt.jp.xml
new file mode 100644
index 000000000000..bb9fa1f650af
--- /dev/null
+++ b/src/chrome/content/rules/yvt.jp.xml
@@ -0,0 +1,21 @@
+<!--
+	Invalid certificate:
+		celestia.yvt.jp
+-->
+<ruleset name="yvt.jp">
+	<target host="yvt.jp" />
+	<target host="www.yvt.jp" />
+	<target host="a.yvt.jp" />
+	<target host="codebin.yvt.jp" />
+	<target host="dlg.yvt.jp" />
+	<target host="gs.yvt.jp" />
+	<target host="ij.yvt.jp" />
+	<target host="img2text.yvt.jp" />
+	<target host="notes.yvt.jp" />
+	<target host="openspades.yvt.jp" />
+	<target host="openspadesmedia.yvt.jp" />
+	<target host="ylog.yvt.jp" />
+
+	<rule from="^http://www\.yvt\.jp/" to="https://yvt.jp/" /> <!-- Invalid certificate -->
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/z.cash.xml b/src/chrome/content/rules/z.cash.xml
new file mode 100644
index 000000000000..75ef459acfed
--- /dev/null
+++ b/src/chrome/content/rules/z.cash.xml
@@ -0,0 +1,16 @@
+<!--
+	www.z.cash doesn't exist.
+
+-->
+<ruleset name="Z.cash">
+
+	<target host="z.cash" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/z0r.de.xml b/src/chrome/content/rules/z0r.de.xml
new file mode 100644
index 000000000000..028193f1cdd6
--- /dev/null
+++ b/src/chrome/content/rules/z0r.de.xml
@@ -0,0 +1,12 @@
+<!--
+	Mismatched:
+		- index
+-->
+<ruleset name="z0r.de">
+	<target host="z0r.de" />
+	<target host="www.z0r.de" />
+	<target host="board.z0r.de" />
+	<target host="test.z0r.de" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/zabmedia.ru.xml b/src/chrome/content/rules/zabmedia.ru.xml
new file mode 100644
index 000000000000..0b4ad8ec9ecc
--- /dev/null
+++ b/src/chrome/content/rules/zabmedia.ru.xml
@@ -0,0 +1,41 @@
+<!--
+adm.zabmedia.ru ¹
+www.adm.zabmedia.ru ¹
+afisha.zabmedia.ru ¹
+www.afisha.zabmedia.ru ¹
+bikini.zabmedia.ru ¹
+bikini13.zabmedia.ru ¹
+biz.zabmedia.ru ¹
+www.chudo.zabmedia.ru ¹
+derfex.zabmedia.ru ¹
+epics.zabmedia.ru ¹
+images.zabmedia.ru ¹
+miss.zabmedia.ru ¹
+www.miss.zabmedia.ru ¹
+miss11.zabmedia.ru ¹
+miss12.zabmedia.ru ¹
+n.zabmedia.ru ¹
+www.n.zabmedia.ru ¹
+wwww.n.zabmedia.ru ¹
+new.zabmedia.ru ¹
+www.new.zabmedia.ru ¹
+old.zabmedia.ru ¹
+persona.zabmedia.ru ¹
+www.persona.zabmedia.ru ¹
+pics.zabmedia.ru ¹
+repka.zabmedia.ru ¹
+turizm.zabmedia.ru ¹
+zabkupon.zabmedia.ru ¹
+zabru.zabmedia.ru ¹
+zabtv.zabmedia.ru ¹
+1000.zabmedia.ru ¹
+
+
+¹ mismatch
+-->
+<ruleset name="zabmedia.ru">
+	<target host="zabmedia.ru" />
+	<target host="www.zabmedia.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/zaks.ru.xml b/src/chrome/content/rules/zaks.ru.xml
new file mode 100644
index 000000000000..ed0f1284ce6c
--- /dev/null
+++ b/src/chrome/content/rules/zaks.ru.xml
@@ -0,0 +1,6 @@
+<ruleset name="zaks.ru">
+	<target host="zaks.ru" />
+	<target host="www.zaks.ru" />
+	<target host="munizipal.zaks.ru" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/zamos.ru.xml b/src/chrome/content/rules/zamos.ru.xml
new file mode 100644
index 000000000000..4fe2e9704d2f
--- /dev/null
+++ b/src/chrome/content/rules/zamos.ru.xml
@@ -0,0 +1,8 @@
+<ruleset name="zamos.ru">
+	<target host="zamos.ru" />
+	<target host="www.zamos.ru" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/zaobao.com.xml b/src/chrome/content/rules/zaobao.com.xml
new file mode 100644
index 000000000000..b843061ce498
--- /dev/null
+++ b/src/chrome/content/rules/zaobao.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="zaobao.com">
+	<target host="zaobao.com" />
+	<target host="www.zaobao.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/zarunet.org.xml b/src/chrome/content/rules/zarunet.org.xml
new file mode 100644
index 000000000000..48be441f4c90
--- /dev/null
+++ b/src/chrome/content/rules/zarunet.org.xml
@@ -0,0 +1,15 @@
+<!--
+www.zarunet.org ¹
+
+
+¹ self signed
+-->
+<ruleset name="zarunet.org">
+	<target host="zarunet.org" />
+	<target host="www.zarunet.org" />
+
+	<rule from="^http://www\.zarunet\.org/"
+		to="https://zarunet.org/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/zchat.com.xml b/src/chrome/content/rules/zchat.com.xml
new file mode 100644
index 000000000000..285224556060
--- /dev/null
+++ b/src/chrome/content/rules/zchat.com.xml
@@ -0,0 +1,25 @@
+<!--
+	For other CuteSoft Components coverage, see cutesoft.net.xml.
+
+
+	Nonfunctional hosts in *zchat.com:
+
+		- demo ⁴
+
+	⁴ 404
+
+-->
+<ruleset name="ZChat.com (partial)">
+
+	<target host="zchat.com" />
+	<target host="www.zchat.com" />
+
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/zdf.xml b/src/chrome/content/rules/zdf.xml
new file mode 100644
index 000000000000..4e750895ba64
--- /dev/null
+++ b/src/chrome/content/rules/zdf.xml
@@ -0,0 +1,76 @@
+<!--
+	Invalid certificate:
+		- lobbyradar.de
+		- abenteuermako.tivi.de
+		- fehlersuche.spiel.tivi.de
+
+	Mismatch:
+		- cl.zdfsport.de
+		- quartett.tivi.de
+		- spiel.tivi.de
+
+	No secure connection:
+		- wohin.heute.de
+-->
+<ruleset name="ZDF (partial)">
+
+	<target host="zdf.de" />
+	<target host="www.zdf.de" />
+	<target host="1914.zdf.de" />
+	<target host="blog.zdf.de" />
+	<target host="cl.zdf.de" />
+	<target host="godscloud.zdf.de" />
+	<target host="kinderhilfe.zdf.de" />
+	<target host="ly.zdf.de" />
+	<target host="m.zdf.de" />
+	<target host="medienforschung.zdf.de" />
+	<target host="module.zdf.de" />
+	<target host="momentedergeschichte.zdf.de" />
+	<target host="presseportal.zdf.de" />
+	<target host="ticketservice.zdf.de" />
+	<target host="tippcenter.zdf.de" />
+	<target host="tivi.zdf.de" />
+	<target host="trailer.zdf.de" />
+	<target host="webapp.zdf.de" />
+	<target host="wisoreisen.zdf.de" />
+	<target host="wwwdyn.zdf.de" />
+
+	<target host="heute.de" />
+	<target host="www.heute.de" />
+	<target host="m.heute.de" />
+	<target host="podcast.heute.de" />
+
+	<target host="zdfinfo.de" />
+	<target host="www.zdfinfo.de" />
+
+	<target host="zdfneo.de" />
+	<target host="www.zdfneo.de" />
+
+	<target host="zdfsport.de" />
+	<target host="www.zdfsport.de" />
+	<target host="m.zdfsport.de" />
+
+	<target host="zdfkultur.de" />
+	<target host="www.zdfkultur.de" />
+
+	<target host="neo-magazin-royale.de" />
+	<target host="www.neo-magazin-royale.de" />
+
+	<target host="tivi.de" />
+	<target host="www.tivi.de" />
+	<target host="blog.tivi.de" />
+	<target host="modul.tivi.de" />
+	<target host="quiz.tivi.de" />
+	<target host="typtest.tivi.de" />
+	<target host="vr.tivi.de" />
+		<test url="http://vr.tivi.de/checkpoint/" />
+
+	<target host="heute-show.de" />
+	<target host="www.heute-show.de" />
+
+	<!-- Invalid certificate on https://(www.)?heute-show.de/,
+	http://(www.)?heute-show.de/ redirects to https://www.zdf.de/comedy/heute-show/.-->
+	<rule from="^http://(www\.)?heute-show\.de/" to="https://www.zdf.de/comedy/heute-show/" />
+
+	<rule from="^http:"	to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/zdoom.xml b/src/chrome/content/rules/zdoom.xml
new file mode 100644
index 000000000000..9fe3ef188c1d
--- /dev/null
+++ b/src/chrome/content/rules/zdoom.xml
@@ -0,0 +1,10 @@
+<ruleset name="ZDoom">
+	<target host="zdoom.org" />
+	<target host="www.zdoom.org" />
+	<target host="forum.zdoom.org" />
+	<target host="mantis.zdoom.org" />
+	<target host="remilia.zdoom.org" />
+
+	<securecookie host=".+" name=".+" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/zealdocs.org.xml b/src/chrome/content/rules/zealdocs.org.xml
new file mode 100644
index 000000000000..54ed8d937d8b
--- /dev/null
+++ b/src/chrome/content/rules/zealdocs.org.xml
@@ -0,0 +1,14 @@
+<ruleset name="Zeal docs.org">
+
+	<target host="zealdocs.org" />
+	<target host="www.zealdocs.org" />
+
+
+	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/zeczec.com.xml b/src/chrome/content/rules/zeczec.com.xml
new file mode 100644
index 000000000000..b950eaba93c0
--- /dev/null
+++ b/src/chrome/content/rules/zeczec.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="zeczec.com">
+	<target host="zeczec.com" />
+	<target host="www.zeczec.com" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/zenhub.io.xml b/src/chrome/content/rules/zenhub.io.xml
new file mode 100644
index 000000000000..a31b7d1d5c81
--- /dev/null
+++ b/src/chrome/content/rules/zenhub.io.xml
@@ -0,0 +1,8 @@
+<ruleset name="zenhub.io">
+	<target host="zenhub.io" />
+	<target host="www.zenhub.io" />
+	<target host="api.zenhub.io" />
+	<target host="dashboard.zenhub.io" />
+	<target host="files.zenhub.io" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/zentralbahn.ch.xml b/src/chrome/content/rules/zentralbahn.ch.xml
new file mode 100644
index 000000000000..cb14b20f44a9
--- /dev/null
+++ b/src/chrome/content/rules/zentralbahn.ch.xml
@@ -0,0 +1,8 @@
+<ruleset name="zentralbahn.ch">
+	<target host="zentralbahn.ch"/>
+	<target host="www.zentralbahn.ch"/>
+	<target host="jobs.zentralbahn.ch"/>
+
+	<rule from="^http:"
+		to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/zeranoe.com.xml b/src/chrome/content/rules/zeranoe.com.xml
new file mode 100644
index 000000000000..983d833ceec2
--- /dev/null
+++ b/src/chrome/content/rules/zeranoe.com.xml
@@ -0,0 +1,16 @@
+<!--
+	HTTP 526:
+		- www
+		- gstreamer
+-->
+
+<ruleset name="zeranoe.com">
+	<target host="zeranoe.com" />
+	<target host="www.zeranoe.com" />
+	<target host="ffmpeg.zeranoe.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://www\.zeranoe\.com/" to="https://zeranoe.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/zeroanthropology.net.xml b/src/chrome/content/rules/zeroanthropology.net.xml
new file mode 100644
index 000000000000..243fd72cf618
--- /dev/null
+++ b/src/chrome/content/rules/zeroanthropology.net.xml
@@ -0,0 +1,13 @@
+<ruleset name="Zero Anthropology.net">
+
+	<target host="zeroanthropology.net" />
+	<target host="www.zeroanthropology.net" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/zeus-software.com.xml b/src/chrome/content/rules/zeus-software.com.xml
new file mode 100644
index 000000000000..ff4bcb42d939
--- /dev/null
+++ b/src/chrome/content/rules/zeus-software.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="zeus-software.com">
+	<target host="zeus-software.com" />
+	<target host="www.zeus-software.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/zhukovsky.net.xml b/src/chrome/content/rules/zhukovsky.net.xml
new file mode 100644
index 000000000000..e2e2953512c9
--- /dev/null
+++ b/src/chrome/content/rules/zhukovsky.net.xml
@@ -0,0 +1,7 @@
+<ruleset name="zhukovsky.net">
+	<target host="zhukovsky.net" />
+	<target host="www.zhukovsky.net" />
+	<target host="lk.zhukovsky.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/zimuku.la.xml b/src/chrome/content/rules/zimuku.la.xml
new file mode 100644
index 000000000000..265143e934b5
--- /dev/null
+++ b/src/chrome/content/rules/zimuku.la.xml
@@ -0,0 +1,7 @@
+<ruleset name="zimuku.la">
+	<target host="zimuku.la" />
+	<target host="www.zimuku.la" />
+	<target host="static.zimuku.la" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/zipPay.com.au.xml b/src/chrome/content/rules/zipPay.com.au.xml
new file mode 100644
index 000000000000..ab571c3d9aeb
--- /dev/null
+++ b/src/chrome/content/rules/zipPay.com.au.xml
@@ -0,0 +1,12 @@
+<ruleset name="zipPay.com.au">
+
+	<target host="zippay.com.au" />
+	<target host="www.zippay.com.au" />
+	<target host="promo.zippay.com.au" />
+	<target host="signup.zippay.com.au" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/zli.ch.xml b/src/chrome/content/rules/zli.ch.xml
new file mode 100644
index 000000000000..ec102234e2a4
--- /dev/null
+++ b/src/chrome/content/rules/zli.ch.xml
@@ -0,0 +1,8 @@
+<ruleset name="zli.ch">
+	<target host="zli.ch" />
+	<target host="www.zli.ch" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/zlib.net.xml b/src/chrome/content/rules/zlib.net.xml
new file mode 100644
index 000000000000..7fdb2e50cd61
--- /dev/null
+++ b/src/chrome/content/rules/zlib.net.xml
@@ -0,0 +1,13 @@
+<ruleset name="zlib.net">
+
+	<target host="zlib.net" />
+	<target host="www.zlib.net" />
+	<target host="autodiscover.zlib.net" />
+	<target host="cpanel.zlib.net" />
+	<target host="mail.zlib.net" />
+	<target host="webdisk.zlib.net" />
+	<target host="webmail.zlib.net" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/zmtcdn.com.xml b/src/chrome/content/rules/zmtcdn.com.xml
new file mode 100644
index 000000000000..b76003a22f0d
--- /dev/null
+++ b/src/chrome/content/rules/zmtcdn.com.xml
@@ -0,0 +1,16 @@
+<!--
+	For other Zomato Media coverage, see Zomato.com.xml.
+
+-->
+<ruleset name="ZmtCDN.com">
+
+	<target host="b.zmtcdn.com" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/znak.com.xml b/src/chrome/content/rules/znak.com.xml
new file mode 100644
index 000000000000..e074460771f0
--- /dev/null
+++ b/src/chrome/content/rules/znak.com.xml
@@ -0,0 +1,18 @@
+<!--
+gw.znak.com ³
+new.znak.com ³
+vpn.znak.com ³
+web.znak.com ³
+
+
+³ timed out
+-->
+<ruleset name="znak.com">
+	<target host="znak.com" />
+	<target host="www.znak.com" />
+	<target host="ads.znak.com" />
+	<target host="img.znak.com" />
+	<target host="sport.znak.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/zoll.de.xml b/src/chrome/content/rules/zoll.de.xml
new file mode 100644
index 000000000000..7e9be4f443b2
--- /dev/null
+++ b/src/chrome/content/rules/zoll.de.xml
@@ -0,0 +1,51 @@
+<!--
+	Invalid certificate:
+		auktion.zoll.de
+		www.auktion.zoll.de
+		www.museum.zoll.de
+		www.wup.zoll.de
+
+	Not found:
+		ipr.zoll.dewww.museum.zoll.de
+
+	Timeout:
+		en.zoll.de
+		www.fms-zgr.zoll.de
+		hzajonas.zoll.de
+		www.hzajonas.zoll.de
+		ns1.zoll.de
+		ns2.zoll.de
+		www1.zoll.de
+-->
+<ruleset name="Zoll.de">
+
+	<target host="zoll.de" />
+	<target host="www.zoll.de" />
+	<target host="atlas.zoll.de" />
+	<target host="www.atlas.zoll.de" />
+	<target host="enstransv.zoll.de" />
+	<target host="fks.zoll.de" />
+	<target host="www.fks.zoll.de" />
+	<target host="iaeo.zoll.de" />
+	<target host="www.iea.zoll.de" />
+	<target host="ila.zoll.de" />
+	<target host="info.zoll.de" />
+	<target host="www.info.zoll.de" />
+	<target host="www.internetantrag-abin.zoll.de" />
+	<target host="www.internetbeteiligtenantrag.zoll.de" />
+	<target host="www.ipr.zoll.de" />
+	<target host="museum.zoll.de" />
+	<target host="skiteam.zoll.de" />
+	<target host="www.skiteam.zoll.de" />
+	<target host="www.testedich.zoll.de" />
+	<target host="tnz.zoll.de" />
+	<target host="wup.zoll.de" />
+	<target host="www.zgr-online.zoll.de" />
+	<target host="zka.zoll.de" />
+	<target host="www.zka.zoll.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/zone-telechargement.ws.xml b/src/chrome/content/rules/zone-telechargement.ws.xml
new file mode 100644
index 000000000000..5f5c4f82ecaf
--- /dev/null
+++ b/src/chrome/content/rules/zone-telechargement.ws.xml
@@ -0,0 +1,9 @@
+<ruleset name="zone-telechargement.ws" platform="mixedcontent">
+	<target host="zone-telechargement.ws" />
+	<target host="www.zone-telechargement.ws" />
+	<target host="tchat.zone-telechargement.ws" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/zongheng.com.xml b/src/chrome/content/rules/zongheng.com.xml
new file mode 100644
index 000000000000..25175dcc898e
--- /dev/null
+++ b/src/chrome/content/rules/zongheng.com.xml
@@ -0,0 +1,62 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://www.zongheng.com/ => https://www.zongheng.com/: (35, 'error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure')
+
+	Nonfunctional hosts in *zongheng.com:
+
+		- author ᵃ
+		- home ᵃ
+		- news ᵃ
+		- pay ᵃ
+		- static ᵃ
+
+	ᵃ Shows www.zongheng.com
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- zongheng.com
+		- .zongheng.com
+		- passport.zongheng.com
+		- .passport.zongheng.com
+		- www.zongheng.com
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- css on (www.)?, passport from static.zongheng.com ᵃ
+
+		- Images, on:
+
+			- (www.)?, passport from passport.zongheng.com ˢ
+			- (www.)?, passport from static.zongheng.com ᵃ
+
+	ᵃ Unsecurable <= shows another domain
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Zongheng.com (partial)" platform="mixedcontent" default_off="failed ruleset test">
+
+	<target host="zongheng.com" />
+	<target host="passport.zongheng.com" />
+	<target host="www.zongheng.com" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^(?:passport\.|www\.)?zongheng\.com$" name="^JSESSIONID$" /-->
+	<!--securecookie host="^\.zongheng\.com$" name="^PassportCaptchaId$" /-->
+	<!--securecookie host="^\.passport\.zongheng\.com$" name="^server_time$" /-->
+
+	<securecookie host="^\." name="^PassportCaptchaId$" />
+	<securecookie host="^\.passport\." name=".+" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/zoo-bordeaux-pessac.com.xml b/src/chrome/content/rules/zoo-bordeaux-pessac.com.xml
new file mode 100644
index 000000000000..79c7fe2bdae6
--- /dev/null
+++ b/src/chrome/content/rules/zoo-bordeaux-pessac.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="zoo-bordeaux-pessac.com">
+	<target host="zoo-bordeaux-pessac.com" />
+	<target host="www.zoo-bordeaux-pessac.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/zoo-frankfurt.de.xml b/src/chrome/content/rules/zoo-frankfurt.de.xml
new file mode 100644
index 000000000000..5df4d0d5dbe7
--- /dev/null
+++ b/src/chrome/content/rules/zoo-frankfurt.de.xml
@@ -0,0 +1,6 @@
+<ruleset name="zoo-frankfurt.de">
+	<target host="zoo-frankfurt.de" />
+	<target host="www.zoo-frankfurt.de" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/zoocdn.com.xml b/src/chrome/content/rules/zoocdn.com.xml
new file mode 100644
index 000000000000..f327635e24a6
--- /dev/null
+++ b/src/chrome/content/rules/zoocdn.com.xml
@@ -0,0 +1,20 @@
+<!--
+	Note: platform is so as not to increase non-Tor
+	distinguishability, given that no pages are covered
+	and no mixed content secured.
+
+-->
+<ruleset name="ZooCDN.com" platform="mixedcontent">
+
+	<target host="c.zoocdn.com" />
+
+		<test url="http://c.zoocdn.com/static/1467204751/www/w/primelocation/css/modules/landing.css" />
+
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/zoonegaramalaysia.my.xml b/src/chrome/content/rules/zoonegaramalaysia.my.xml
new file mode 100644
index 000000000000..9fd668018c01
--- /dev/null
+++ b/src/chrome/content/rules/zoonegaramalaysia.my.xml
@@ -0,0 +1,27 @@
+<!--
+	Invalid certificate:
+		ftp.zoonegaramalaysia.my
+		webmail.jwg.zoonegaramalaysia.my
+		webmail.testing.zoonegaramalaysia.my
+		webmail.testingjoomla.zoonegaramalaysia.my
+
+	Refused:
+		localhost.zoonegaramalaysia.my
+		testing.zoonegaramalaysia.my
+		www.testing.zoonegaramalaysia.my
+		zoomail.zoonegaramalaysia.my
+-->
+<ruleset name="zoonegaramalaysia.my">
+	<target host="zoonegaramalaysia.my" />
+	<target host="www.zoonegaramalaysia.my" />
+	<target host="cpanel.zoonegaramalaysia.my" />
+	<target host="jwg.zoonegaramalaysia.my" />
+	<target host="www.jwg.zoonegaramalaysia.my" />
+	<target host="mail.zoonegaramalaysia.my" />
+	<target host="testingjoomla.zoonegaramalaysia.my" />
+	<target host="www.testingjoomla.zoonegaramalaysia.my" />
+	<target host="webdisk.zoonegaramalaysia.my" />
+	<target host="webmail.zoonegaramalaysia.my" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/zr.ru.xml b/src/chrome/content/rules/zr.ru.xml
new file mode 100644
index 000000000000..5a8b40d3c65a
--- /dev/null
+++ b/src/chrome/content/rules/zr.ru.xml
@@ -0,0 +1,76 @@
+<!--
+autoshow.zr.ru ³
+www.debaty.zr.ru ⁴
+moto.dev.zr.ru ³
+proxy.dev.zr.ru ³
+files.zr.ru ³
+mail.zr.ru ²
+email.mailgun.zr.ru ³
+www.mas-expo.zr.ru ¹
+www.moe-mnenie.zr.ru ¹
+mx.zr.ru ²
+mxn.zr.ru ²
+ns.zr.ru ³
+ns1.zr.ru ³
+ns2.zr.ru ³
+ns5.zr.ru ³
+arkan.people.zr.ru ¹
+www.arkan.people.zr.ru ¹
+blogpost.people.zr.ru ¹
+drive-our-largus.people.zr.ru ¹
+experts.people.zr.ru ¹
+help.people.zr.ru ¹
+prokhorovazg.people.zr.ru ¹
+proxy.zr.ru ³
+www.shop.zr.ru ¹
+social.zr.ru ¹
+cmt.social.zr.ru ¹
+www.zr.ru:8080 ⁷
+analytics.zr.ru different content
+cache.zr.ru different content
+forum.zr.ru different content
+grandprix.zr.ru different content
+m.zr.ru different content
+mas-expo.zr.ru different content
+oasis.zr.ru different content
+old.zr.ru different content
+paris-expo.zr.ru different content
+people.zr.ru different content
+race.zr.ru different content
+shop.zr.ru different content
+special.zr.ru different content
+st1.zr.ru different content
+st2.zr.ru different content
+st3.zr.ru different content
+st4.zr.ru different content
+st5.zr.ru different content
+trade.zr.ru different content
+wiki.zr.ru different content
+
+
+¹ mismatch
+² refused
+³ timed out
+⁴ self signed
+⁷ protocol error
+-->
+<ruleset name="zr.ru">
+	<target host="zr.ru" />
+	<target host="www.zr.ru" />
+	<target host="aes.zr.ru" />
+	<target host="api.zr.ru" />
+	<target host="arch.zr.ru" />
+	<target host="auto.zr.ru" />
+	<target host="beta.zr.ru" />
+	<target host="gzr.zr.ru" />
+	<target host="knigi.zr.ru" />
+	<target host="kupiauto.zr.ru" />
+	<target host="moto.zr.ru" />
+	<target host="motoo.zr.ru" />
+	<target host="oao.zr.ru" />
+	<target host="reis.zr.ru" />
+	<target host="www2.zr.ru" />
+	<target host="wwwu.zr.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/zrey.com.xml b/src/chrome/content/rules/zrey.com.xml
new file mode 100644
index 000000000000..bef4fd90ac91
--- /dev/null
+++ b/src/chrome/content/rules/zrey.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="zrey.com">
+
+	<target host="zrey.com" />
+	<target host="www.zrey.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/zsh.org.xml b/src/chrome/content/rules/zsh.org.xml
new file mode 100644
index 000000000000..32280118a336
--- /dev/null
+++ b/src/chrome/content/rules/zsh.org.xml
@@ -0,0 +1,19 @@
+<!--
+	Invalid certificate:
+		zsh.org
+
+	Refused:
+		ftp.zsh.org
+
+-->
+<ruleset name="zsh.org">
+
+	<target host="zsh.org" />
+	<target host="www.zsh.org" />
+
+	<rule from="^http://zsh\.org/"
+		to="https://www.zsh.org/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/zsnes.com.xml b/src/chrome/content/rules/zsnes.com.xml
new file mode 100644
index 000000000000..7cef6001a3d7
--- /dev/null
+++ b/src/chrome/content/rules/zsnes.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="zsnes.com">
+	<target host="zsnes.com" />
+	<target host="www.zsnes.com" />
+	<target host="board.zsnes.com" />
+	<target host="www.board.zsnes.com" />
+	<target host="merlin.zsnes.com" />
+	<target host="www.merlin.zsnes.com" />
+	<target host="mail.merlin.zsnes.com" />
+	<target host="svn.zsnes.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/zucks.co.jp.xml b/src/chrome/content/rules/zucks.co.jp.xml
new file mode 100644
index 000000000000..03a6ea9022aa
--- /dev/null
+++ b/src/chrome/content/rules/zucks.co.jp.xml
@@ -0,0 +1,38 @@
+<!--
+	Other Zucks rulesets:
+
+		- zucks.net.xml
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- zucks.co.jp
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="Zucks.co.jp">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="zucks.co.jp" />
+
+	<!--	Complications:
+				-->
+	<target host="www.zucks.co.jp" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^zucks\.co\.jp$" name="^zuckscojp$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http://www\.zucks\.co\.jp/"
+		to="https://zucks.co.jp/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/zucks.net.xml b/src/chrome/content/rules/zucks.net.xml
new file mode 100644
index 000000000000..d9c98bbd65f0
--- /dev/null
+++ b/src/chrome/content/rules/zucks.net.xml
@@ -0,0 +1,17 @@
+<!--
+	For other Zucks coverage, see zucks.co.jp.xml.
+
+-->
+<ruleset name="Zucks.net">
+
+	<target host="k.zucks.net" />
+	<target host="sh.zucks.net" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/zuerich.ch.xml b/src/chrome/content/rules/zuerich.ch.xml
new file mode 100644
index 000000000000..3cc46786c612
--- /dev/null
+++ b/src/chrome/content/rules/zuerich.ch.xml
@@ -0,0 +1,13 @@
+<!--
+	Mismatch:
+		- ^
+-->
+<ruleset name="zuerich.ch">
+	<target host="zuerich.ch"/>
+	<target host="www.zuerich.ch"/>
+
+	<rule from="^http://zuerich\.ch/"
+		to="https://www.zuerich.ch/"/>
+	<rule from="^http:"
+		to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/zufe.edu.cn.xml b/src/chrome/content/rules/zufe.edu.cn.xml
new file mode 100644
index 000000000000..bd1743c3e7ee
--- /dev/null
+++ b/src/chrome/content/rules/zufe.edu.cn.xml
@@ -0,0 +1,67 @@
+<!--
+	404 Not Found:
+		cjlc.zufe.edu.cn
+		jwxt.zufe.edu.cn
+		lib.zufe.edu.cn
+		tc.zufe.edu.cn
+		xsgl.zufe.edu.cn
+		xyw.zufe.edu.cn
+
+	Invalid certificate:
+		vpn.zufe.edu.cn (incomplete certificate chain, intrusted Symantec certificate)
+
+	Refused:
+		caiyun.zufe.edu.cn
+-->
+<ruleset name="zufe.edu.cn">
+	<target host="www.zufe.edu.cn" />
+	<target host="cafr.zufe.edu.cn" />
+	<target host="career.zufe.edu.cn" />
+	<target host="cas.zufe.edu.cn" />
+	<target host="cba.zufe.edu.cn" />
+	<target host="cce.zufe.edu.cn" />
+	<target host="coe.zufe.edu.cn" />
+	<target host="cyqn.zufe.edu.cn" />
+	<target host="cz.zufe.edu.cn" />
+	<target host="ds.zufe.edu.cn" />
+	<target host="e.zufe.edu.cn" />
+	<target host="ggxy.zufe.edu.cn" />
+	<target host="hq.zufe.edu.cn" />
+	<target host="jm.zufe.edu.cn" />
+	<target host="info.zufe.edu.cn" />
+	<target host="intl.zufe.edu.cn" />
+	<target host="irr.zufe.edu.cn" />
+	<target host="jrxy.zufe.edu.cn" />
+	<target host="it.zufe.edu.cn" />
+	<target host="jwc.zufe.edu.cn" />
+	<target host="kyc.zufe.edu.cn" />
+	<target host="law.zufe.edu.cn" />
+	<target host="mail.zufe.edu.cn" />
+	<target host="mba.zufe.edu.cn" />
+	<target host="mpa.zufe.edu.cn" />
+	<target host="mpacc.zufe.edu.cn" />
+	<target host="one.zufe.edu.cn" />
+	<target host="open.zufe.edu.cn" />
+	<target host="rsc.zufe.edu.cn" />
+	<target host="rwxy.zufe.edu.cn" />
+	<target host="sau.zufe.edu.cn" />
+	<target host="sslvpn.zufe.edu.cn" />
+	<target host="sie.zufe.edu.cn" />
+	<target host="szb.zufe.edu.cn" />
+	<target host="tsjy.zufe.edu.cn" />
+	<target host="tyb.zufe.edu.cn" />
+	<target host="wgy.zufe.edu.cn" />
+	<target host="wlkt.zufe.edu.cn" />
+	<target host="wx.zufe.edu.cn" />
+	<target host="ygw.zufe.edu.cn" />
+	<target host="xcb.zufe.edu.cn" />
+	<target host="xsc.zufe.edu.cn" />
+	<target host="yjsc.zufe.edu.cn" />
+	<target host="ys.zufe.edu.cn" />
+	<target host="zcdyy.zufe.edu.cn" />
+	<target host="zjacc.zufe.edu.cn" />
+	<target host="zs.zufe.edu.cn" />
+
+
+	<rule from="^http:" to="https:" />
+</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/zugaina.net.xml b/src/chrome/content/rules/zugaina.net.xml
new file mode 100644
index 000000000000..05813c3eb088
--- /dev/null
+++ b/src/chrome/content/rules/zugaina.net.xml
@@ -0,0 +1,31 @@
+<!--
+	Insecure cookies are set for these hosts: ᶜ
+
+		- stats.zugaina.net
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Image on stats from $self ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Zugaina.net">
+
+	<target host="stats.zugaina.net" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^stats\.zugaina\.net$" name="^PIWIK_SESSID$" /-->
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/zugutfuerdietonne.de.xml b/src/chrome/content/rules/zugutfuerdietonne.de.xml
new file mode 100644
index 000000000000..9dd033814b8b
--- /dev/null
+++ b/src/chrome/content/rules/zugutfuerdietonne.de.xml
@@ -0,0 +1,15 @@
+<!--
+	Invalid certificate:
+		news.zugutfuerdietonne.de
+-->
+<ruleset name="Zu gut für die Tonne">
+
+	<target host="zugutfuerdietonne.de" />
+	<target host="www.zugutfuerdietonne.de" />
+	<target host="app2.zugutfuerdietonne.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/zuoyebang.xml b/src/chrome/content/rules/zuoyebang.xml
new file mode 100644
index 000000000000..d36b9bd37adc
--- /dev/null
+++ b/src/chrome/content/rules/zuoyebang.xml
@@ -0,0 +1,19 @@
+<!--
+	Invalid certificate:
+		- www.zuoyebang.com
+		- zuoyebang.cc
+		- www.zuoyebang.cc
+		- bd-s.zuoyebang.cc
+-->
+<ruleset name="Zuoyebang">
+	<target host="www.zuoyebang.com" />
+		<rule from="^http://www\.zuoyebang\.com/"
+			  to="https://www.zybang.com/" />
+	<target host="www.zybang.com" />
+	<target host="uregister.zybang.com" />
+	<target host="ws-s.zuoyebang.cc" />
+		<test url="http://ws-s.zuoyebang.cc/static/question/widget/question/topbar/resource/images/logo_icon_1aaaa71.png" />
+	<securecookie host="^ws-s\.zuoyebang\.cc$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/zvv.ch.xml b/src/chrome/content/rules/zvv.ch.xml
new file mode 100644
index 000000000000..ce194737d673
--- /dev/null
+++ b/src/chrome/content/rules/zvv.ch.xml
@@ -0,0 +1,24 @@
+<!--
+	Mismatch:
+		- (www.)fahrplaninfo
+		- fcd
+		- maps.fahrplan
+		- monitor.fahrplan
+		- widgetswi.fahrplan
+		- www.ausflugstipps
+
+	Refused:
+		- trophy
+-->
+<ruleset name="ZVV.ch" platform="mixedcontent">
+	<target host="zvv.ch"/>
+	<target host="www.zvv.ch"/>
+	<target host="ausflugstipps.zvv.ch"/>
+	<target host="fahrplan.zvv.ch"/>
+	<target host="schulinfo.zvv.ch"/>
+	<target host="tickets.zvv.ch"/>
+	<target host="online.fahrplan.zvv.ch"/>
+
+	<rule from="^http:"
+		to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/zyxel.ru.xml b/src/chrome/content/rules/zyxel.ru.xml
new file mode 100644
index 000000000000..d65a9e48e081
--- /dev/null
+++ b/src/chrome/content/rules/zyxel.ru.xml
@@ -0,0 +1,27 @@
+
+<!--
+Disabled by https-everywhere-checker because:
+Fetch error: http://m.zyxel.ru/ => https://m.zyxel.ru/: (51, "SSL: no alternative certificate subject name matches target host name 'm.zyxel.ru'")
+Fetch error: http://my.zyxel.ru/ => https://my.zyxel.ru/: (51, "SSL: no alternative certificate subject name matches target host name 'my.zyxel.ru'")
+Fetch error: http://sd.zyxel.ru/ => https://sd.zyxel.ru/: (51, "SSL: no alternative certificate subject name matches target host name 'sd.zyxel.ru'")
+
+download.from.zyxel.ru ⁴
+new.my.zyxel.ru ¹
+st.zyxel.ru ⁴
+stage-sd.zyxel.ru ⁴
+store.zyxel.ru ¹
+support.zyxel.ru ⁴
+
+
+¹ mismatch
+⁴ self signed
+-->
+<ruleset name="zyxel.ru" default_off="failed ruleset test">
+	<target host="zyxel.ru" />
+	<target host="www.zyxel.ru" />
+	<target host="m.zyxel.ru" />
+	<target host="my.zyxel.ru" />
+	<target host="sd.zyxel.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/ruleset-tests-status.css b/src/chrome/content/ruleset-tests-status.css
deleted file mode 100644
index 30dad1877159..000000000000
--- a/src/chrome/content/ruleset-tests-status.css
+++ /dev/null
@@ -1,14 +0,0 @@
-#ruleset-tests-status {
-    padding: 20px;
-}
-#wrapper {
-    text-align: center;
-}
-#progess-bar {
-    width: 300px;
-    height: 20px;
-}
-#log {
-    width: 400px;
-    height: 300px;
-}
diff --git a/src/chrome/content/ruleset-tests-status.js b/src/chrome/content/ruleset-tests-status.js
deleted file mode 100644
index 0bee33e4ccf8..000000000000
--- a/src/chrome/content/ruleset-tests-status.js
+++ /dev/null
@@ -1,31 +0,0 @@
-var HTTPSEverywhere = null;
-
-function updateStatusBar(current_test, total_tests) {
-  var labelText = "Test "+current_test+" of "+total_tests;
-  document.getElementById("progress-bar-label").value = labelText;
-
-  var percent = current_test / total_tests;
-  document.getElementById("progress-bar").value = percent;
-}
-
-function updateLog(msg) {
-  document.getElementById("log").value += msg+'\n';
-}
-
-function cancel() {
-  updateLog("Canceling early ...");
-  HTTPSEverywhere.httpseRulesetTests.cancel = true;
-}
-
-function start() {
-  HTTPSEverywhere = Components.classes["@eff.org/https-everywhere;1"]
-    .getService(Components.interfaces.nsISupports)
-    .wrappedJSObject;
-
-  HTTPSEverywhere.httpseRulesetTests.updateStatusBar = updateStatusBar;
-  HTTPSEverywhere.httpseRulesetTests.updateLog = updateLog;
-  HTTPSEverywhere.httpseRulesetTests.cancel = false;
-
-  updateLog("Starting ruleset tests ...");
-  HTTPSEverywhere.httpseRulesetTests.testRunner();
-}
diff --git a/src/chrome/content/ruleset-tests-status.xul b/src/chrome/content/ruleset-tests-status.xul
deleted file mode 100644
index 0efcd5d9a072..000000000000
--- a/src/chrome/content/ruleset-tests-status.xul
+++ /dev/null
@@ -1,44 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<?xml-stylesheet href="chrome://global/skin/" type="text/css"?>
-<?xml-stylesheet href="ruleset-tests-status.css" type="text/css"?>
-<!DOCTYPE window SYSTEM "chrome://https-everywhere/locale/https-everywhere.dtd">
-<window id="ruleset-tests-status" 
-    xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul" 
-    xmlns:html="http://www.w3.org/1999/xhtml" 
-    title="&https-everywhere.ruleset-tests.status_title;" 
-    >
-    
-    <script type="application/x-javascript" src="ruleset-tests-status.js" />
-
-    <commandgroup>
-        <command id="cancel" oncommand="cancel();" />
-        <command id="start" oncommand="start();" />
-    </commandgroup>
-
-    <html:div id="wrapper"> 
-        <vbox flex="1" style="width:100%">
-            <label id="progress-bar-label" value="Click Start to start the tests"></label>
-            
-            <spacer flex="1"/>
-            
-            <progressmeter id="progress-bar" mode="determined" value="0" />
-            
-            <spacer flex="1"/>
-
-            <textbox id="log" multiline="true" readonly="true" value="" />
-            
-            <spacer flex="1"/>
-
-            <button 
-                id="cancel-button" 
-                label="&https-everywhere.ruleset-tests.status_cancel_button;" 
-                command="cancel" />
-
-            <button 
-                id="start-button" 
-                label="&https-everywhere.ruleset-tests.status_start_button;" 
-                command="start" />
-        </vbox>
-    </html:div>
-</window>
-
diff --git a/src/chrome/content/ruleset-tests.js b/src/chrome/content/ruleset-tests.js
deleted file mode 100644
index 1aa94d8ecb43..000000000000
--- a/src/chrome/content/ruleset-tests.js
+++ /dev/null
@@ -1,155 +0,0 @@
-// load the HTTPS Everywhere component
-var HTTPSEverywhere = null;
-try {
-  HTTPSEverywhere = Components.classes["@eff.org/https-everywhere;1"]
-    .getService(Components.interfaces.nsISupports)
-    .wrappedJSObject;
-} catch(e) {
-  // HTTPS Everywhere doesn't seem to be installed
-}
-
-// attach testRunner to the HTTPS Everywhere component so that status.js can run it
-if(HTTPSEverywhere) {
-  HTTPSEverywhere.httpseRulesetTests = {
-    testRunner: testRunner
-  };
-}
-
-
-function openStatus() {
-  // make sure mixed content blocking preferences are correct
-  Services.prefs.setBoolPref("security.mixed_content.block_display_content", false);
-  Services.prefs.setBoolPref("security.mixed_content.block_active_content", true);
-   
-  // open the status tab
-  var statusTab = gBrowser.addTab('chrome://https-everywhere/content/ruleset-tests-status.xul');
-  gBrowser.selectedTab = statusTab;
-}
-
-function testRunner() {
-  Components.utils.import("resource://gre/modules/PopupNotifications.jsm");
-  
-  const numTabs = 6;
-  var finished = false;
-  var output = [];
-  var urls = [];
-  var num = 0;
- 
-  for(var target in HTTPSEverywhere.https_rules.targets) {
-    if(!target.indexOf("*") != -1)  {
-      urls.push({ 
-        url: 'https://'+target, 
-        target: target, 
-        ruleset_names: HTTPSEverywhere.https_rules.targets[target]
-      });
-    }
-  }
-
-  function test() {
-    var i;
- 
-    HTTPSEverywhere.httpseRulesetTests.updateStatusBar(num, urls.length); 
-
-    // start loading all the tabs
-    window.focus
-    for(i=0; i<numTabs; i++) {
-      newTab(num);
-    }
-  }
-
-  function newTab(number) {
-    num +=1;
-    // start a test in this tab
-    if(urls.length) {
-
-      // open a new tab
-      var tab = gBrowser.addTab(urls[number].url);
-
-      // wait for the page to load
-      var intervalId = window.setTimeout(function(){
-
-        // detect mixed content blocker
-        if(PopupNotifications.getNotification("mixed-content-blocked", gBrowser.getBrowserForTab(tab))) {
-          // build output to log
-          ruleset_xmls = '';
-          for(let i=0; i<urls[number].ruleset_names.length; i++) {
-            ruleset_xmls += urls[number].ruleset_names[i].xmlName + ', ';
-          }
-          if(ruleset_xmls != '')
-            ruleset_xmls = ruleset_xmls.substring(ruleset_xmls.length-2, 2);
-          var output = 'MCB triggered: '+urls[number].url+' ('+ruleset_xmls+')';
-
-          HTTPSEverywhere.httpseRulesetTests.updateLog(output);
-        }
-
-        // close this tab, and open another
-        closeTab(tab);
-
-      }, 10000);
-
-    } else {
-
-      //to run if urls is empty
-      if (!finished) { 
-        finished = true;
-        window.setTimeout(function(){
-          gBrowser.removeCurrentTab();
-        }, 10000);
-      }
-    }
-  }
-
-  //closes tab
-  function closeTab(tab) {
-    HTTPSEverywhere.httpseRulesetTests.updateStatusBar(num, urls.length); 
-
-    gBrowser.selectedTab = tab;
-    gBrowser.removeCurrentTab();
-
-    // open a new tab, if the tests haven't been canceled
-    if(!HTTPSEverywhere.httpseRulesetTests.cancel) {
-      newTab(num);
-    }
-  }
-
-  //manages write out of output mochilog.txt, which contains sites that trigger mcb
-  function writeout(weburl) {
-
-    //initialize file
-    var file = Components.classes["@mozilla.org/file/directory_service;1"].
-    getService(Components.interfaces.nsIProperties).
-    get("Home", Components.interfaces.nsIFile);
-    writeoutfile = "mochilog.txt";
-    file.append(writeoutfile);
-
-    //create file if it does not already exist
-    if(!file.exists()) {
-      file.create(Components.interfaces.nsIFile.NORMAL_FILE_TYPE, 420);
-    } 
-
-    //initialize output stream
-    var stream = Components.classes["@mozilla.org/network/file-output-stream;1"]
-      .createInstance(Components.interfaces.nsIFileOutputStream);
-
-    //permissions are set to append (will not delete existing contents)
-    stream.init(file, 0x02 | 0x08 | 0x10, 0666, 0);
-
-    var content = weburl + "\n";
-
-    //Deal with ascii text and write out
-    var converter = Components.classes["@mozilla.org/intl/converter-output-stream;1"].
-      createInstance(Components.interfaces.nsIConverterOutputStream);
-    converter.init(stream, "UTF-8", 0, 0);
-    converter.writeString(content);
-    converter.close();
-
-    //alternative write out if ascii is not a concern
-    //stream.write(content,content.length);
-    //stream.close();
-
-  }
-  test();
-}
-
-
-
diff --git a/src/chrome/content/toolbar_button.js b/src/chrome/content/toolbar_button.js
deleted file mode 100644
index bcc0f6580635..000000000000
--- a/src/chrome/content/toolbar_button.js
+++ /dev/null
@@ -1,325 +0,0 @@
-window.addEventListener("load", https_everywhere_load, true);
-window.addEventListener("load", function load(event) {
-  // need to wrap migratePreferences in another callback so that notification
-  // always displays on browser restart
-  window.removeEventListener("load", load, false);
-  gBrowser.addEventListener("DOMContentLoaded", migratePreferences, true);
-}, false);
-
-const CI = Components.interfaces;
-const CC = Components.classes;
-
-// LOG LEVELS ---
-VERB=1;
-DBUG=2;
-INFO=3;
-NOTE=4;
-WARN=5;
-
-HTTPSEverywhere = CC["@eff.org/https-everywhere;1"]
-                      .getService(Components.interfaces.nsISupports)
-                      .wrappedJSObject;
-
-// avoid polluting global namespace
-if (!httpsEverywhere) { var httpsEverywhere = {}; }
-
-/**
- * JS Object for used to display toolbar hints to new users and change toolbar
- * UI for cases such as when the toolbar is disabled.
- *
- */
-httpsEverywhere.toolbarButton = {
-
-  /**
-   * Used to determine if a hint has been previously shown.
-   * TODO: Probably extraneous, look into removing
-   */
-  hintShown: false,
-
-  /**
-   * Initialize the toolbar button used to hint new users and update UI on
-   * certain events.
-   */
-  init: function() {
-    HTTPSEverywhere.log(DBUG, 'Removing listener for toolbarButton init.');
-    window.removeEventListener('load', httpsEverywhere.toolbarButton.init, false);
-
-    var tb = httpsEverywhere.toolbarButton;
-
-    // make sure icon is proper color during init
-    tb.changeIcon();
-
-    // show ruleset counter when a tab is changed
-    tb.updateRulesetsApplied();
-    gBrowser.tabContainer.addEventListener(
-      'TabSelect', 
-      tb.updateRulesetsApplied, 
-      false
-    );
-
-    // hook event for when page loads
-    var onPageLoad = function() {
-      // Timeout is used for a number of reasons.
-      // 1) For Performance since we want to defer computation.
-      // 2) Sometimes the page is loaded before all applied rulesets are
-      //    calculated; in such a case, a half-second wait works.
-      setTimeout(tb.updateRulesetsApplied, 500);
-    };
-
-    var appcontent = document.getElementById('appcontent');
-    if (appcontent) {
-      appcontent.addEventListener('load', onPageLoad, true);
-    }
-
-    // decide whether to show toolbar hint
-    let hintPref = "extensions.https_everywhere.toolbar_hint_shown";
-    if (!Services.prefs.getPrefType(hintPref) 
-        || !Services.prefs.getBoolPref(hintPref)) { 
-      // only run once
-      Services.prefs.setBoolPref(hintPref, true);
-      gBrowser.addEventListener("DOMContentLoaded", tb.handleShowHint, true);
-    }
-  },
-
-  /**
-   * Shows toolbar hint if previously not shown.
-   */
-  handleShowHint: function() {
-    var tb = httpsEverywhere.toolbarButton;
-    if (!tb.hintShown){
-      tb.hintShown = true;
-      const faqURL = "https://www.eff.org/https-everywhere/faq";
-      var nBox = gBrowser.getNotificationBox();
-      var strings = document.getElementById('HttpsEverywhereStrings');
-      var msg = strings.getString('https-everywhere.toolbar.hint');
-      var hint = nBox.appendNotification(
-        msg, 
-        'https-everywhere', 
-        'chrome://https-everywhere/skin/https-everywhere-24.png', 
-        nBox.PRIORITY_WARNING_MEDIUM,
-	[],
-	function(action) {
-	  // see https://developer.mozilla.org/en-US/docs/XUL/Method/appendNotification#Notification_box_events
-	  gBrowser.selectedTab = gBrowser.addTab(faqURL);
-	}
-      );
-    }
-    gBrowser.removeEventListener("DOMContentLoaded", tb.handleShowHint, true);
-  },
-
-  /**
-   * Changes HTTPS Everywhere toolbar icon based on whether HTTPS Everywhere
-   * is enabled or disabled.
-   */
-  changeIcon: function() {
-    var enabled = HTTPSEverywhere.prefs.getBoolPref("globalEnabled");
-
-    var toolbarbutton = document.getElementById('https-everywhere-button');
-    if (enabled) {
-      toolbarbutton.setAttribute('status', 'enabled');
-    } else {
-      toolbarbutton.setAttribute('status', 'disabled');
-    }
-  },
-
-  /**
-   * Update the rulesets applied counter for the current tab.
-   */
-  updateRulesetsApplied: function() {
-    var toolbarbutton = document.getElementById('https-everywhere-button');
-    var enabled = HTTPSEverywhere.prefs.getBoolPref("globalEnabled");
-    if (!enabled) { 
-      toolbarbutton.setAttribute('rulesetsApplied', 0);
-      return;
-    }
-
-    var domWin = content.document.defaultView.top;
-    var alist = HTTPSEverywhere.getExpando(domWin,"applicable_rules", null);
-    if (!alist) {
-      return;
-    }
-    // Make sure the list is up to date
-    alist.populate_list();
-
-    var counter = 0;
-    for (var x in alist.active) {
-      if (!(x in alist.breaking)) {
-        ++counter;
-      }
-    }
-    for (var x in alist.moot) {
-      if (!(x in alist.active)) {
-        ++counter;
-      }
-    }
-
-    toolbarbutton.setAttribute('rulesetsApplied', counter);
-    HTTPSEverywhere.log(INFO, 'Setting icon counter to: ' + counter);
-  } 
-};
-
-function https_everywhere_load() {
-  window.removeEventListener('load', https_everywhere_load, true);
-  // on first run, put the context menu in the addons bar
-  try {
-    var first_run;
-    try {
-      first_run = Services.prefs.getBoolPref("extensions.https_everywhere.firstrun_context_menu");
-    } catch(e) {
-      Services.prefs.setBoolPref("extensions.https_everywhere.firstrun_context_menu", true);
-      first_run = true;
-    }
-    if(first_run) {
-      Services.prefs.setBoolPref("extensions.https_everywhere.firstrun_context_menu", false);
-      var navbar = document.getElementById("nav-bar");
-      if(navbar.currentSet.indexOf("https-everywhere-button") == -1) {
-        var set = navbar.currentSet+',https-everywhere-button';
-        navbar.setAttribute('currentset', set);
-        navbar.currentSet = set;
-        document.persist('nav-bar', 'currentset');
-      }
-    }
-  } catch(e) { }
-}
-
-function stitch_context_menu() {
-  // the same menu appears both under Tools and via the toolbar button:
-  var menu = document.getElementById("https-everywhere-menu");
-  if (!menu.firstChild) {
-    var popup = document.getElementById("https-everywhere-context");
-    menu.appendChild(popup.cloneNode(true));
-  }
-}
-function stitch_context_menu2() {
-  // the same menu appears both under Tools and via the toolbar button:
-  var menu = document.getElementById("https-everywhere-menu2");
-  if (!menu.firstChild) {
-    var popup = document.getElementById("https-everywhere-context");
-    menu.appendChild(popup.cloneNode(true));
-  }
-}
-
-var rulesetTestsMenuItem = null;
-
-function show_applicable_list(menupopup) {
-  var domWin = content.document.defaultView.top;
-  if (!(domWin instanceof CI.nsIDOMWindow)) {
-    alert(domWin + " is not an nsIDOMWindow");
-    return null;
-  }
-
-  var alist = HTTPSEverywhere.getExpando(domWin,"applicable_rules", null);
-  var weird=false;
-  
-  if (!alist) {
-    // This case occurs for error pages and similar.  We need a dummy alist
-    // because populate_menu lives in there.  Would be good to refactor this
-    // away.
-    alist = new HTTPSEverywhere.ApplicableList(HTTPSEverywhere.log, document, domWin);
-    weird = true;
-  }
-  alist.populate_menu(document, menupopup, weird);
-
-  // should we also show the ruleset tests menu item?
-  if(HTTPSEverywhere.prefs.getBoolPref("show_ruleset_tests")) {
-
-    if(!rulesetTestsMenuItem) {
-      let strings = document.getElementById('HttpsEverywhereStrings');
-      let label = strings.getString('https-everywhere.menu.ruleset-tests');
-
-      rulesetTestsMenuItem = this.document.createElement('menuitem');
-      rulesetTestsMenuItem.setAttribute('command', 'https-everywhere-menuitem-ruleset-tests');
-      rulesetTestsMenuItem.setAttribute('label', label);
-    }
-
-    if(!menupopup.contains(rulesetTestsMenuItem)) 
-      menupopup.appendChild(rulesetTestsMenuItem);
-  }
-  
-}
-
-function toggle_rule(rule_id) {
-  // toggle the rule state
-  HTTPSEverywhere.https_rules.rulesetsByID[rule_id].toggle();
-  var domWin = content.document.defaultView.top;
-  /*if (domWin instanceof CI.nsIDOMWindow) {
-    var alist = HTTPSEverywhere.getExpando(domWin,"applicable_rules", null);
-    if (alist) alist.empty();
-  }*/
-  reload_window();
-}
-
-function reload_window() {
-  var domWin = content.document.defaultView.top;
-  if (!(domWin instanceof CI.nsIDOMWindow)) {
-    HTTPSEverywhere.log(WARN, domWin + " is not an nsIDOMWindow");
-    return null;
-  }
-  try {
-    var webNav =  domWin.QueryInterface(CI.nsIInterfaceRequestor)
-                        .getInterface(CI.nsIWebNavigation)
-                        .QueryInterface(CI.nsIDocShell);
-  } catch(e) {
-    HTTPSEverywhere.log(WARN,"failed to get webNav");
-    return null;
-  }
-  // This choice of flags comes from NoScript's quickReload function; not sure
-  // if it's optimal
-  webNav.reload(webNav.LOAD_FLAGS_CHARSET_CHANGE);  
-}
-
-function toggleEnabledState(){
-	HTTPSEverywhere.toggleEnabledState();
-	reload_window();	
-
-  // Change icon depending on enabled state
-  httpsEverywhere.toolbarButton.changeIcon();
-}
-
-function open_in_tab(url) {
-  var wm = Components.classes["@mozilla.org/appshell/window-mediator;1"]
-                     .getService(Components.interfaces.nsIWindowMediator);
-  var recentWindow = wm.getMostRecentWindow("navigator:browser");
-  recentWindow.delayedOpenTab(url, null, null, null, null);
-}
-
-// hook event for showing hint
-HTTPSEverywhere.log(DBUG, 'Adding listener for toolbarButton init.');
-window.addEventListener("load", httpsEverywhere.toolbarButton.init, false);
-
-function migratePreferences() {
-  gBrowser.removeEventListener("DOMContentLoaded", migratePreferences, true);
-  let prefs_version = HTTPSEverywhere.prefs.getIntPref("prefs_version");
-  
-  // first migration loses saved prefs
-  if(prefs_version == 0) {
-    try {
-      // upgrades will have old rules as preferences, such as the EFF rule
-      let upgrade = false;
-      let childList = HTTPSEverywhere.prefs.getChildList("", {});
-      for(let i=0; i<childList.length; i++) {
-        if(childList[i] == 'EFF') {
-          upgrade = true;
-          break;
-        }
-      }
-
-      if(upgrade) {
-        let nBox = gBrowser.getNotificationBox();
-        let strings = document.getElementById('HttpsEverywhereStrings');
-        let msg = strings.getString('https-everywhere.migration.notification0');
-        nBox.appendNotification(
-          msg, 
-          'https-everywhere-migration0', 
-          'chrome://https-everywhere/skin/https-everywhere-24.png', 
-          nBox.PRIORITY_WARNING_MEDIUM
-        );
-      }
-    } catch(e) {
-      HTTPSEverywhere.log(WARN, "Migration from prefs_version 0 error: "+e);
-    }
-
-    HTTPSEverywhere.prefs.setIntPref("prefs_version", prefs_version+1);
-  }
-}
-
diff --git a/src/chrome/content/toolbar_button.xul b/src/chrome/content/toolbar_button.xul
deleted file mode 100644
index 444faeb36003..000000000000
--- a/src/chrome/content/toolbar_button.xul
+++ /dev/null
@@ -1,68 +0,0 @@
-<?xml version="1.0"?>
-<?xml-stylesheet href="chrome://https-everywhere/skin/https-everywhere.css" type="text/css"?>
-
-<!DOCTYPE overlay SYSTEM "chrome://https-everywhere/locale/https-everywhere.dtd">
-
-<!-- helpful docs at 
-     https://developer.mozilla.org/en/XUL/PopupGuide/PopupEvents -->
-
-<overlay id="https-everywhere-button-overlay" xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">
-  <script type="application/x-javascript" src="chrome://https-everywhere/content/toolbar_button.js"/>
-  <script type="application/x-javascript" src="chrome://https-everywhere/content/ruleset-tests.js"/>
-  
-    <stringbundleset id="stringbundleset">
-        <stringbundle id="HttpsEverywhereStrings"
-      src="chrome://https-everywhere/locale/https-everywhere.properties" />
-    </stringbundleset>
-
-  <!-- this works in Firefox, we need a Seamonkey version too... -->
-  <menupopup id="menu_ToolsPopup" onpopupshowing="stitch_context_menu()">
-    <menu id="https-everywhere-menu" label="&https-everywhere.about.ext_name;"> 
-      <!-- "https-everywhere-context" below gets .cloneNode()ed in here -->
-    </menu>
-  </menupopup>
-
-  <menupopup id="toolsPopup" onpopupshowing="stitch_context_menu2()">
-    <menu id="https-everywhere-menu2" label="&https-everywhere.about.ext_name;">
-      <!-- "https-everywhere-context" below gets .cloneNode()ed in here -->
-    </menu>
-  </menupopup>
-  
-  <toolbarpalette id="BrowserToolbarPalette">
-    <toolbarbutton 
-      id="https-everywhere-button"
-      tooltiptext="&https-everywhere.about.ext_name;"
-      label="HTTPS"
-      context="https-everywhere-context-menu"
-      oncontextmenu="this.open = true;"
-      oncommand="this.open = true;"
-      buttonstyle="pictures"
-      type="menu"
-      rulesetsApplied="0">
-
-      <menupopup id="https-everywhere-context" onpopupshowing="show_applicable_list(this)">
-        <!-- entries will be written here by ApplicableList.populate_menu() -->
-        <menuseparator />
-        <menuitem label="&https-everywhere.menu.observatory;" command="https-everywhere-menuitem-observatory" />
-        <menuitem label="&https-everywhere.menu.about;" command="https-everywhere-menuitem-about" />
-      </menupopup>
-    </toolbarbutton>
-  </toolbarpalette>
-  <commandset>
-    <command id="https-everywhere-menuitem-globalEnableToggle"
-      oncommand="toggleEnabledState();" />
-    <command id="https-everywhere-menuitem-preferences"
-      oncommand="HTTPSEverywhere.chrome_opener('chrome://https-everywhere/content/preferences.xul', 'chrome,centerscreen,resizable=yes');" />
-    <command id="https-everywhere-menuitem-about"
-      oncommand="HTTPSEverywhere.chrome_opener('chrome://https-everywhere/content/about.xul');" />
-    <command id="https-everywhere-menuitem-observatory"
-      oncommand="HTTPSEverywhere.chrome_opener('chrome://https-everywhere/content/observatory-preferences.xul', 'chrome,centerscreen,resizable=yes');" />
-    <command id="https-everywhere-menuitem-donate-eff" 
-      oncommand="open_in_tab('https://www.eff.org/donate');" />
-    <command id="https-everywhere-menuitem-donate-tor" 
-      oncommand="open_in_tab('https://www.torproject.org/donate');" />
-    <command id="https-everywhere-menuitem-ruleset-tests" 
-      oncommand="openStatus();" />
-  </commandset>
-</overlay>
-
diff --git a/src/chrome/content/toolbar_button_binding.xml b/src/chrome/content/toolbar_button_binding.xml
deleted file mode 100644
index 26e7d8dbff17..000000000000
--- a/src/chrome/content/toolbar_button_binding.xml
+++ /dev/null
@@ -1,33 +0,0 @@
-<?xml version="1.0"?>
-<!-- 
-Toolbar button needs to be extended to show a counter for the number of
-rulesets applied, and this can be done using XBL. 
-
-See: https://developer.mozilla.org/en-US/docs/XBL
--->
-<bindings xmlns="http://www.mozilla.org/xbl"
-    xmlns:xbl="http://www.mozilla.org/xbl"
-    xmlns:xul="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">
-
-  <binding id="https-everywhere-binding">
-    <content>
-      <!-- ruleset counter (rscounter) and rulesets applied (rsapplied) -->
-      <xul:stack id="rscounter">
-        <xul:label id="rsapplied" xbl:inherits="value=rulesetsApplied" />
-      </xul:stack>
-
-      <!-- 
-      Https everywhere toolbar button is already defined; just use its settings. 
-      TODO: Look into any issues with oncommand/oncontext.
-      -->
-      <xul:toolbarbutton 
-          class="https-everywhere-button toolbarbutton-1 chromeclass-toolbar-additional"
-          flex="1" 
-          allowevents="true"
-          xbl:inherits="type,crop,image,label,accesskey,command,align,dir,pack,orient">
-
-        <children includes="menupopup" />
-      </xul:toolbarbutton>
-    </content>
-  </binding>
-</bindings>
diff --git a/src/chrome/locale/README.txt b/src/chrome/locale/README.txt
new file mode 100644
index 000000000000..dcc37c46d289
--- /dev/null
+++ b/src/chrome/locale/README.txt
@@ -0,0 +1,15 @@
+We handle translations through Transifex, using the Tor Project's
+account. If you'd like to improve a translation, please visit
+https://www.transifex.com/otf/torproject/translate and sign up as a
+translator. The results will be automatically pushed to the https_everywhere
+branch of https://git.torproject.org/translation.git, which is included as
+a submodule here.
+
+If you'd like to update the translations in your locally checked-out repo, run:
+
+cd translations/
+git pull origin https_everywhere
+
+If you'd like to add a new string for translation, add it to the `en` locale.
+Once your change has been merged to master, it will show up in Transifex as
+available for translation.
diff --git a/src/chrome/locale/ar/https-everywhere.dtd b/src/chrome/locale/ar/https-everywhere.dtd
deleted file mode 100644
index b0f391deef60..000000000000
--- a/src/chrome/locale/ar/https-everywhere.dtd
+++ /dev/null
@@ -1,47 +0,0 @@
-<!ENTITY https-everywhere.about.title "عن HTTPS Everywhere">
-<!ENTITY https-everywhere.about.ext_name "HTTPS Everywhere">
-<!ENTITY https-everywhere.about.ext_description "شفر شبكة الإنترنت! استخدم تلقائيا تقنية HTTPS للأمان مع الكثير من المواقع.">
-<!ENTITY https-everywhere.about.version "النسخة">
-<!ENTITY https-everywhere.about.created_by "أنشأه">
-<!ENTITY https-everywhere.about.librarians "جامعيْ القواعد">
-<!ENTITY https-everywhere.about.thanks "شكراً لكل من">
-<!ENTITY https-everywhere.about.contribute  "إن أعجبتك إضافة HTTPS Everywhere، فكر بـ">
-<!ENTITY https-everywhere.about.donate_tor "التبرع لتور">
-<!ENTITY https-everywhere.about.tor_lang_code "en">
-<!ENTITY https-everywhere.about.donate_eff "التبرع للـ EFF">
-
-<!ENTITY https-everywhere.menu.about "عن  HTTPS Everywhere">
-<!ENTITY https-everywhere.menu.observatory "خيارات مرصد SSL">
-<!ENTITY https-everywhere.menu.globalEnable "فعّل HTTPS Everywhere">
-<!ENTITY https-everywhere.menu.globalDisable "عطّل  HTTPS Everywhere">
-
-<!ENTITY https-everywhere.prefs.title "خيارات  HTTPS Everywhere">
-<!ENTITY https-everywhere.prefs.enable_all "فعّل الكل">
-<!ENTITY https-everywhere.prefs.disable_all "عطّل الكل">
-<!ENTITY https-everywhere.prefs.reset_defaults "استعادة الإعدادات الافتراضية">
-<!ENTITY https-everywhere.prefs.search "بحث">
-<!ENTITY https-everywhere.prefs.site "موقع">
-<!ENTITY https-everywhere.prefs.notes "ملاحظات">
-<!ENTITY https-everywhere.prefs.list_caption "أي من قواعد إعادة توجيه HTTPS يجب أن تطبق؟">
-<!ENTITY https-everywhere.prefs.enabled "مفعّل">
-<!ENTITY https-everywhere.prefs.ruleset_howto "يمكنك تعلم كيفية كتابة قواعد خاصة بك (لإضافة الدعم لمواقع أخرى)">
-<!ENTITY https-everywhere.prefs.here_link "هنا">
-<!ENTITY https-everywhere.prefs.toggle "بدّل">
-<!ENTITY https-everywhere.prefs.reset_default "استعادة الإعداد الافتراضي">
-<!ENTITY https-everywhere.prefs.view_xml_source "افحص مصدر XML">
-
-<!ENTITY https-everywhere.source.downloading "يحُمل حالياً">
-<!ENTITY https-everywhere.source.filename "اسم الملف">
-<!ENTITY https-everywhere.source.unable_to_download "تعذّر تنزيل المصدر.">
-
-<!ENTITY https-everywhere.popup.title "HTTPS Everywhere 4.0development.11 notification">
-<!ENTITY https-everywhere.popup.paragraph1 "عذراً. انت كنت تستخدم اصدار مستقر من HTTPS Everywhere، ولكن تم تحديث اصدارك إلي الاصدار التجريبي عن طريق الخطء.">
-<!ENTITY https-everywhere.popup.paragraph2 "هل ترغب في العودة  للاصدار المستقر؟">
-<!ENTITY https-everywhere.popup.paragraph3 "كنا نحب لو واصلت استخدام الاصدار التجريبي من HTTPS Everywhere لان ذلك يساعدنا علي جعل البرنامج أفضل! قد تجد في الاصدار التجريبي بعض الأخطاء التي يمكنك ان تبلغ عنها بمراسلة https-everywhere@eff.org. نآسف على الإزعاج و شكراً لأستخدامك HTTPS Everywhere.">
-<!ENTITY https-everywhere.popup.keep "ابقني علي الاصدار التجريبي">
-<!ENTITY https-everywhere.popup.revert "حمل الاصدار المستقر الاخير">
-
-<!ENTITY https-everywhere.ruleset-tests.status_title "HTTPS Everywhere Ruleset Tests">
-<!ENTITY https-everywhere.ruleset-tests.status_cancel_button "Cancel">
-<!ENTITY https-everywhere.ruleset-tests.status_start_button "Start">
-
diff --git a/src/chrome/locale/ar/https-everywhere.properties b/src/chrome/locale/ar/https-everywhere.properties
deleted file mode 100644
index 261833590110..000000000000
--- a/src/chrome/locale/ar/https-everywhere.properties
+++ /dev/null
@@ -1,8 +0,0 @@
-https-everywhere.menu.globalEnable = فعّل HTTPS Everywhere
-https-everywhere.menu.globalDisable = أوقف HTTPS Everywhere
-https-everywhere.menu.enableDisable = فعل / اوقف القوانين
-https-everywhere.menu.noRules = (هذه الصفحة لا تحتوي على قوانين)
-https-everywhere.menu.unknownRules = (قواين هذه الصفحة غير معروفة)
-https-everywhere.toolbar.hint = HTTPS Everywhere مفعل الان. يمكنك تفعيله او تعطيله علي حسب الموقع الذي تزور عن طريق الضغط علي الرمز في شريطة العناوين.
-https-everywhere.migration.notification0 = من أجل أن تنفيذ اصلاح مهم، هذا التحديث يعيد قوانين HTTPS Everywhere إلى حالتها الإفتراضية.
-https-everywhere.menu.ruleset-tests = Run HTTPS Everywhere Ruleset Tests
diff --git a/src/chrome/locale/ar/ssl-observatory.dtd b/src/chrome/locale/ar/ssl-observatory.dtd
deleted file mode 100644
index 04e3e9140443..000000000000
--- a/src/chrome/locale/ar/ssl-observatory.dtd
+++ /dev/null
@@ -1,97 +0,0 @@
-<!-- Observatory popup window -->
-<!ENTITY ssl-observatory.popup.details "التفاصيل ومعلومات الخصوصية">
-<!ENTITY ssl-observatory.popup.later "إسألني لاحقاً">
-<!ENTITY ssl-observatory.popup.no "لا">
-
-<!ENTITY ssl-observatory.popup.text "HTTPS Everywhere يمكن له أن يكتشف الهجمات
-ضد متصفحك عبر إرسال الشهادات التي تستقبلها إلى المرصد.
-هل تريد تشغيل هذه الخاصية؟">
-
-<!--<!ENTITY ssl-observatory.popup.text 
-"EFF's SSL Observatory can detect attacks against HTTPS websites by collecting
-and auditing the certificates being presented to your browser. Would you like
-to turn it on?">-->
-
-<!ENTITY ssl-observatory.popup.title 
-"هل تريد أن يستخدم HTTPS Everywhere خاصية SSL Observatory؟">
-
-<!ENTITY ssl-observatory.popup.yes "نعم">
-
-<!-- Observatory preferences dialog -->
-
-<!ENTITY ssl-observatory.prefs.adv_priv_opts1
-"ان استخدام تلك الخاصية آمن إلا إذا كنت تستخدم الإنترنت ضمن شبكة شركة ذات إعدادات رقابية:">
-
-<!ENTITY ssl-observatory.prefs.adv_priv_opts2
-"آمن، إلا إذا كنت تستخدم شبكة شركة داخلية تستخدم أسماء سرية لخوادمها:">
-
-<!ENTITY ssl-observatory.prefs.alt_roots 
-"أرسل وتحقق من الشهادات الموقعة بواسطة سلطة غير معتمدة.">
-
-<!ENTITY ssl-observatory.prefs.alt_roots_tooltip 
-"من الآمن (والمستحسن) تفعيل هذا الخيار، إلا إذا كنت تستخدم شبكة شركة تطفلية أو برنامج كاسبرسكي المضاد للڤيروسات الذي يراقب تصفحك عن طريق TLS بروكسي و private root Certificate Authority.  إذا فعلت الخاصية على شبكة مماثلة، قد ينشر هذا الخيار أدلة على أي نطاقات https:// تمت زيارتها عبر ذلك البروكسي، وذلك بسبب الشهادات الفريدة التي يمكن أن ينتجها. ولذلك نحن نتركه غير مفعل في الإعدادات الافتراضية.">
-
-<!ENTITY ssl-observatory.prefs.anonymous "تحقق من الشهادات باستخدام تور لإخفاء الهوية">
-<!ENTITY ssl-observatory.prefs.anonymous_unavailable 
-"تحقق من الشهادات باستخدام تور لإخفاء الهوية (يتطلب تور)">
-<!ENTITY ssl-observatory.prefs.anonymous_tooltip 
-"يتطلب هذا الخيار تثبيت و تشغيل تور">
-
-<!ENTITY ssl-observatory.prefs.asn 
-"عندما ترى شهادة جديدة، أخبر المرصد عن هوية مزود خدمة الإنترنت الخاص بك.">
-
-<!ENTITY ssl-observatory.prefs.asn_tooltip
-"هذا سيجلب و يرسل &quot;رقم النظام المستقل&quot; الخاص بشبكتك. هذا سيساعدنا على تحديد موقع الهجمات ضد HTTPS، وتحديد ما إذا كان لدينا ملاحظات من شبكات في أماكن مثل سوريا وإيران حيث هذه الهجمات شائعة نسبياً.">
-
-<!ENTITY ssl-observatory.prefs.done "انتهى">
-
-<!ENTITY ssl-observatory.prefs.explanation 
-"HTTPS Everywhere يمكن له أن يستخدم مرصد SSL من الـEFF وهذا يعني شيئين: (۱)
-إرسال نسخ من شهادات HTTPS إلى المرصد لمساعدتنا على كشف هجمات 'رجل-في-الوسط'
- وتحسين الأمان على الإنترنت، و (٢) يسمح لنا بتحذيرك عن الاتصالات غير الآمنة أو الهجمات على متصفحك.">
-
-<!--<!ENTITY ssl-observatory.prefs.explanation2
-"When you visit https://www.example.com, the Observatory will learn that
-somebody visited that site, but will not know who or what page they looked at.
-Mouseover the options for further details:">-->
-
-<!ENTITY ssl-observatory.prefs.explanation2
-
-"على سبيل المثال، عندما تقوم بزيارة https://www.something.com, فإن الشهادة
-التي يتلقاها المرصد تشير إلى أن شخصاً ما قام بزيارة www.something.com, ولكن ليس من قام بالزيارة
-أو ما هي الصفحات التي قاموا بقراءتها. أشر بالفأرة فوق الخيار للمزيد من التفاصيل:">
-
-<!ENTITY ssl-observatory.prefs.hide "أخفِ الخيارات المتقدمة">
-
-<!ENTITY ssl-observatory.prefs.nonanon 
-"تحقق من الشهادات حتى لو لم يكن تور متاح">
-
-<!ENTITY ssl-observatory.prefs.nonanon_tooltip
-"سنحاول الحفاظ على سرية البيانات، ولكن هذا الخيار أقل أمناً">
-
-<!ENTITY ssl-observatory.prefs.priv_dns 
-"أرسل وتحقق من شهادات أسماء DNS غير العامة">
-
-<!ENTITY ssl-observatory.prefs.priv_dns_tooltip
-"ما لم يتم تحديد هذا الخيار، لن يسجل المرصد الشهادات للأسماء التي لا يستطيع حلها عبر نظام DNS.">
-
-<!ENTITY ssl-observatory.prefs.show "أظهر الخيارات المتقدمة">
-
-<!ENTITY ssl-observatory.prefs.title "تفضيلات مرصد SSL">
-
-<!ENTITY ssl-observatory.prefs.use "استخدم المرصد؟">
-<!ENTITY ssl-observatory.warning.title "تحذير من مرصد SSL الخاص بـEFF">
-<!ENTITY ssl-observatory.warning.showcert "أظهر سلسة الشهادة">
-<!ENTITY ssl-observatory.warning.okay "أنا أفهم">
-<!ENTITY ssl-observatory.warning.text "أصدر مرصد SSL من الـEFF تحذيراً حول شهادة ( أو شهادات) HTTPS لهذا الموقع:">
-<!ENTITY ssl-observatory.warning.defense "إن كنت مسجل الدخول في هذا الموقع، ننصحك بتغيير كلمة السر عندما تحصل علي اتصال آمن بالإنترنت.">
-
-<!ENTITY ssl-observatory.prefs.self_signed
-"اعرض و تحقق من الشهادات الموقعة ذاتياً">
-<!ENTITY ssl-observatory.prefs.self_signed_tooltip
-"هذا مفضل ; فمشاكل التشفير شائعة بشكل خاص في الأجهزة المدمجة الموقعة ذاتياً">
-
-<!ENTITY https-everywhere.ruleset-tests.status_title "HTTPS Everywhere Ruleset Tests">
-<!ENTITY https-everywhere.ruleset-tests.status_cancel_button "Cancel">
-<!ENTITY https-everywhere.ruleset-tests.status_start_button "Start">
-
diff --git a/src/chrome/locale/bg/https-everywhere.dtd b/src/chrome/locale/bg/https-everywhere.dtd
deleted file mode 100644
index 2673ca3597af..000000000000
--- a/src/chrome/locale/bg/https-everywhere.dtd
+++ /dev/null
@@ -1,47 +0,0 @@
-<!ENTITY https-everywhere.about.title "За HTTPS на всякаде">
-<!ENTITY https-everywhere.about.ext_name "HTTPS на всякаде">
-<!ENTITY https-everywhere.about.ext_description "Заключи интернетат! Автоматично ползваи HTTPS защита на много страници.">
-<!ENTITY https-everywhere.about.version "Версия">
-<!ENTITY https-everywhere.about.created_by "Създаване от">
-<!ENTITY https-everywhere.about.librarians "Правилни Книжарници">
-<!ENTITY https-everywhere.about.thanks "Благодаря на">
-<!ENTITY https-everywhere.about.contribute  "Ако харесвате HTTPS на всякаде, можете да разгледате">
-<!ENTITY https-everywhere.about.donate_tor "Даряване към">
-<!ENTITY https-everywhere.about.tor_lang_code "en">
-<!ENTITY https-everywhere.about.donate_eff "Даряване към ЕФФ">
-
-<!ENTITY https-everywhere.menu.about "За HTTPS на всякаде">
-<!ENTITY https-everywhere.menu.observatory "SSL Обсержатория настроики">
-<!ENTITY https-everywhere.menu.globalEnable "Включете HTTPS на всякаде">
-<!ENTITY https-everywhere.menu.globalDisable "Изключете HTTPS на всякаде">
-
-<!ENTITY https-everywhere.prefs.title "HTTPS на всякаде настроики">
-<!ENTITY https-everywhere.prefs.enable_all "Включи Всички">
-<!ENTITY https-everywhere.prefs.disable_all "Изключи Всички">
-<!ENTITY https-everywhere.prefs.reset_defaults "Възстанови стандартните">
-<!ENTITY https-everywhere.prefs.search "Търси">
-<!ENTITY https-everywhere.prefs.site "Страница">
-<!ENTITY https-everywhere.prefs.notes "Бележки">
-<!ENTITY https-everywhere.prefs.list_caption "Кой HTTPS преадресираня да деистват?">
-<!ENTITY https-everywhere.prefs.enabled "Включен">
-<!ENTITY https-everywhere.prefs.ruleset_howto "Можеш да научеш да пишеш твоите правила(да добавяте страници)">
-<!ENTITY https-everywhere.prefs.here_link "тук">
-<!ENTITY https-everywhere.prefs.toggle "Копче">
-<!ENTITY https-everywhere.prefs.reset_default "Възстанови стандартните">
-<!ENTITY https-everywhere.prefs.view_xml_source "Виж XML Кода">
-
-<!ENTITY https-everywhere.source.downloading "Изтегляне">
-<!ENTITY https-everywhere.source.filename "Име на файл">
-<!ENTITY https-everywhere.source.unable_to_download "Невъзможно да свали кода.">
-
-<!ENTITY https-everywhere.popup.title "HTTPS Everywhere 4.0development.11 notification">
-<!ENTITY https-everywhere.popup.paragraph1 "Oops. You were using the stable version of HTTPS Everywhere, but we might have accidentally upgraded you to the development version in our last release.">
-<!ENTITY https-everywhere.popup.paragraph2 "Would you like to go back to stable?">
-<!ENTITY https-everywhere.popup.paragraph3 "We'd love it if you continued using our development release and helped us make HTTPS Everywhere better! You might find there are a few more bugs here and there, which you can report to https-everywhere@eff.org. Sorry about the inconvenience, and thank you for using HTTPS Everywhere.">
-<!ENTITY https-everywhere.popup.keep "Keep me on the development version">
-<!ENTITY https-everywhere.popup.revert "Download the latest stable version">
-
-<!ENTITY https-everywhere.ruleset-tests.status_title "HTTPS Everywhere Ruleset Tests">
-<!ENTITY https-everywhere.ruleset-tests.status_cancel_button "Cancel">
-<!ENTITY https-everywhere.ruleset-tests.status_start_button "Start">
-
diff --git a/src/chrome/locale/bg/https-everywhere.properties b/src/chrome/locale/bg/https-everywhere.properties
deleted file mode 100644
index ec166154bb38..000000000000
--- a/src/chrome/locale/bg/https-everywhere.properties
+++ /dev/null
@@ -1,8 +0,0 @@
-https-everywhere.menu.globalEnable = Ключи HTTPS на всякаде
-https-everywhere.menu.globalDisable = Изключете 
-https-everywhere.menu.enableDisable = Включи / Изключи Правила
-https-everywhere.menu.noRules = (Няма Правила за Тази Страница)
-https-everywhere.menu.unknownRules = (Непознати Правила за Тази Страница)
-https-everywhere.toolbar.hint = HTTPS Everywhere is now active. You can toggle it on a site-by-site basis by clicking the icon in the address bar.
-https-everywhere.migration.notification0 = In order to implement a crucial fix, this update resets your HTTPS Everywhere rule preferences to their default values.
-https-everywhere.menu.ruleset-tests = Run HTTPS Everywhere Ruleset Tests
diff --git a/src/chrome/locale/bg/ssl-observatory.dtd b/src/chrome/locale/bg/ssl-observatory.dtd
deleted file mode 100644
index a0f88fd3bcae..000000000000
--- a/src/chrome/locale/bg/ssl-observatory.dtd
+++ /dev/null
@@ -1,93 +0,0 @@
-<!-- Observatory popup window -->
-<!ENTITY ssl-observatory.popup.details "Детайли и Информачя за Уединение">
-<!ENTITY ssl-observatory.popup.later "Попитай ме по-късно">
-<!ENTITY ssl-observatory.popup.no "Не">
-
-<!ENTITY ssl-observatory.popup.text "HTTPS Everywhere може да засече атаки
-против твоя браузър като праща сертификатите, които получаваш към
-Observatory.  Включи тази опция?">
-
-<!--<!ENTITY ssl-observatory.popup.text 
-"EFF's SSL Observatory can detect attacks against HTTPS websites by collecting
-and auditing the certificates being presented to your browser. Would you like
-to turn it on?">-->
-
-<!ENTITY ssl-observatory.popup.title 
-"HTTPS Everywhere да използва ли SSL Observatory?">
-
-<!ENTITY ssl-observatory.popup.yes "Да">
-
-<!-- Observatory preferences dialog -->
-
-<!ENTITY ssl-observatory.prefs.adv_priv_opts1
-"Безопастно е да влючеш това, освен ако ползваш много шпионска връска:">
-
-<!ENTITY ssl-observatory.prefs.adv_priv_opts2
-"Безопасно, усвен ако ползвате таиен интернет с таини имена на сървърите:">
-
-<!ENTITY ssl-observatory.prefs.alt_roots 
-"Вкарай и провери сертификати подписани от не-стандартни CAта">
-
-<!ENTITY ssl-observatory.prefs.alt_roots_tooltip 
-"">
-
-<!ENTITY ssl-observatory.prefs.anonymous "Проверявай сертификати като използваш Tor за анонимност">
-<!ENTITY ssl-observatory.prefs.anonymous_unavailable 
-"Проверявай сертификати като използваш Tor за анонимност (изисква  Torbutton)">
-<!ENTITY ssl-observatory.prefs.anonymous_tooltip 
-"Тази опция изисква Tor и Torbutton да бъдат инсталирани">
-
-<!ENTITY ssl-observatory.prefs.asn 
-"Когато видиш нов сертификат кажи на Observatory към кой ISP си свързан">
-
-<!ENTITY ssl-observatory.prefs.asn_tooltip
-"">
-
-<!ENTITY ssl-observatory.prefs.done "Готово">
-
-<!ENTITY ssl-observatory.prefs.explanation 
-"">
-
-<!--<!ENTITY ssl-observatory.prefs.explanation2
-"When you visit https://www.example.com, the Observatory will learn that
-somebody visited that site, but will not know who or what page they looked at.
-Mouseover the options for further details:">-->
-
-<!ENTITY ssl-observatory.prefs.explanation2
-
-"">
-
-<!ENTITY ssl-observatory.prefs.hide "Скрий разширени настройки">
-
-<!ENTITY ssl-observatory.prefs.nonanon 
-"Проверявай сертификати даье ако Tor ние свободен">
-
-<!ENTITY ssl-observatory.prefs.nonanon_tooltip
-"Все още ше опитаме да пазим данните анонимни, но тази настройка е по малко сигорна">
-
-<!ENTITY ssl-observatory.prefs.priv_dns 
-"Вкараи и провери сертификати за частни DNS имена">
-
-<!ENTITY ssl-observatory.prefs.priv_dns_tooltip
-"">
-
-<!ENTITY ssl-observatory.prefs.show "Покажи разширени настройки">
-
-<!ENTITY ssl-observatory.prefs.title "SSL Обсержатория Nастроики">
-
-<!ENTITY ssl-observatory.prefs.use "Използвай Observatory?">
-<!ENTITY ssl-observatory.warning.title "ВНИМАНИЕ от SSL обсерваторята на ЕФФ">
-<!ENTITY ssl-observatory.warning.showcert "Покажи веригата на сертификата">
-<!ENTITY ssl-observatory.warning.okay "Разбирам">
-<!ENTITY ssl-observatory.warning.text "SSL Обсерваторята на ЕФФ е дала признак за HTTPS сертификат(и) на тази страница:">
-<!ENTITY ssl-observatory.warning.defense "Ако си влязал в тази страница, предложено е да смениш паролата когато имаш безопастна връска.">
-
-<!ENTITY ssl-observatory.prefs.self_signed
-"Вкарай и провери само-подписани сертификати">
-<!ENTITY ssl-observatory.prefs.self_signed_tooltip
-"Това е предложено; проблеми с криптография съ спесифично нормални в само-подписани дребни девизи ">
-
-<!ENTITY https-everywhere.ruleset-tests.status_title "HTTPS Everywhere Ruleset Tests">
-<!ENTITY https-everywhere.ruleset-tests.status_cancel_button "Cancel">
-<!ENTITY https-everywhere.ruleset-tests.status_start_button "Start">
-
diff --git a/src/chrome/locale/cs/https-everywhere.dtd b/src/chrome/locale/cs/https-everywhere.dtd
deleted file mode 100644
index 54d0a78eafa8..000000000000
--- a/src/chrome/locale/cs/https-everywhere.dtd
+++ /dev/null
@@ -1,47 +0,0 @@
-<!ENTITY https-everywhere.about.title "O aplikaci HTTPS Everywhere">
-<!ENTITY https-everywhere.about.ext_name "HTTPS Everywhere">
-<!ENTITY https-everywhere.about.ext_description "Zašifrujte Web! Automaticky používejte HTTPS zabezpečení na mnoha stránkách.">
-<!ENTITY https-everywhere.about.version "Verze">
-<!ENTITY https-everywhere.about.created_by "Vytvořil">
-<!ENTITY https-everywhere.about.librarians "Knihovníci Pravidel">
-<!ENTITY https-everywhere.about.thanks "Poděkování">
-<!ENTITY https-everywhere.about.contribute  "Pokud se vám líbí HTTPS Everywhere, můžete">
-<!ENTITY https-everywhere.about.donate_tor "Přispět na Tor">
-<!ENTITY https-everywhere.about.tor_lang_code "en">
-<!ENTITY https-everywhere.about.donate_eff "Přispět na EFF">
-
-<!ENTITY https-everywhere.menu.about "O aplikaci HTTPS Everywhere">
-<!ENTITY https-everywhere.menu.observatory "Nastavení SSL Observatoře">
-<!ENTITY https-everywhere.menu.globalEnable "Zapnout HTTPS Everywhere">
-<!ENTITY https-everywhere.menu.globalDisable "Vypnout HTTPS Everywhere">
-
-<!ENTITY https-everywhere.prefs.title "Nastavení HTTPS Everywhere">
-<!ENTITY https-everywhere.prefs.enable_all "Zapnout vše">
-<!ENTITY https-everywhere.prefs.disable_all "Vypnout vše">
-<!ENTITY https-everywhere.prefs.reset_defaults "Vrátit výchozí nastavení">
-<!ENTITY https-everywhere.prefs.search "Hledat">
-<!ENTITY https-everywhere.prefs.site "Stránky">
-<!ENTITY https-everywhere.prefs.notes "Poznámky">
-<!ENTITY https-everywhere.prefs.list_caption "Která pravdila HTTPS pro přesměrování mají platit?">
-<!ENTITY https-everywhere.prefs.enabled "Zapnuto">
-<!ENTITY https-everywhere.prefs.ruleset_howto "Návod, jak si vytvořit vlastní sadu pravidel (pro přidání podpory dalších webů) najdete">
-<!ENTITY https-everywhere.prefs.here_link "zde">
-<!ENTITY https-everywhere.prefs.toggle "Změnit">
-<!ENTITY https-everywhere.prefs.reset_default "Vrátit výchozí nastavení">
-<!ENTITY https-everywhere.prefs.view_xml_source "Zobrazit Zdroj v XML">
-
-<!ENTITY https-everywhere.source.downloading "Stahování">
-<!ENTITY https-everywhere.source.filename "Název souboru">
-<!ENTITY https-everywhere.source.unable_to_download "Zdroj nelze stáhnout.">
-
-<!ENTITY https-everywhere.popup.title "HTTPS Everywhere 4.0development.11 notification">
-<!ENTITY https-everywhere.popup.paragraph1 "Oops. You were using the stable version of HTTPS Everywhere, but we might have accidentally upgraded you to the development version in our last release.">
-<!ENTITY https-everywhere.popup.paragraph2 "Would you like to go back to stable?">
-<!ENTITY https-everywhere.popup.paragraph3 "We'd love it if you continued using our development release and helped us make HTTPS Everywhere better! You might find there are a few more bugs here and there, which you can report to https-everywhere@eff.org. Sorry about the inconvenience, and thank you for using HTTPS Everywhere.">
-<!ENTITY https-everywhere.popup.keep "Keep me on the development version">
-<!ENTITY https-everywhere.popup.revert "Download the latest stable version">
-
-<!ENTITY https-everywhere.ruleset-tests.status_title "HTTPS Everywhere Ruleset Tests">
-<!ENTITY https-everywhere.ruleset-tests.status_cancel_button "Cancel">
-<!ENTITY https-everywhere.ruleset-tests.status_start_button "Start">
-
diff --git a/src/chrome/locale/cs/https-everywhere.properties b/src/chrome/locale/cs/https-everywhere.properties
deleted file mode 100644
index 98fb982c0366..000000000000
--- a/src/chrome/locale/cs/https-everywhere.properties
+++ /dev/null
@@ -1,8 +0,0 @@
-https-everywhere.menu.globalEnable = Zapnout HTTPS Everywhere
-https-everywhere.menu.globalDisable = Vypnout HTTPS Everywhere
-https-everywhere.menu.enableDisable = Zapnout / Vypnout Pravidla
-https-everywhere.menu.noRules = (Pro tuto stránku neexistují žádná pravidla)
-https-everywhere.menu.unknownRules = (Pravidla pro tuto stránku nejsou známá)
-https-everywhere.toolbar.hint = HTTPS Everywhere is now active. You can toggle it on a site-by-site basis by clicking the icon in the address bar.
-https-everywhere.migration.notification0 = In order to implement a crucial fix, this update resets your HTTPS Everywhere rule preferences to their default values.
-https-everywhere.menu.ruleset-tests = Run HTTPS Everywhere Ruleset Tests
diff --git a/src/chrome/locale/cs/ssl-observatory.dtd b/src/chrome/locale/cs/ssl-observatory.dtd
deleted file mode 100644
index 724c84259faa..000000000000
--- a/src/chrome/locale/cs/ssl-observatory.dtd
+++ /dev/null
@@ -1,94 +0,0 @@
-<!-- Observatory popup window -->
-<!ENTITY ssl-observatory.popup.details "Podrobnosti a informace o soukromí">
-<!ENTITY ssl-observatory.popup.later "Rozhodnu se později">
-<!ENTITY ssl-observatory.popup.no "Ne">
-
-<!ENTITY ssl-observatory.popup.text "HTTPS Everywhere umí odhalit útotky
-proti vašemu prohlížeči tak, že posílá certifikáty, které obdržíte, do
-Observatoře.  Zapnout tuto funkci?">
-
-<!--<!ENTITY ssl-observatory.popup.text 
-"EFF's SSL Observatory can detect attacks against HTTPS websites by collecting
-and auditing the certificates being presented to your browser. Would you like
-to turn it on?">-->
-
-<!ENTITY ssl-observatory.popup.title 
-"Má HTTPS Everywhere používat SSL Observatoř?">
-
-<!ENTITY ssl-observatory.popup.yes "Ano">
-
-<!-- Observatory preferences dialog -->
-
-<!ENTITY ssl-observatory.prefs.adv_priv_opts1
-"Povolit tuto funkci je bezpečné, pokud nejste na velmi
-dotěrné firemní síti:">
-
-<!ENTITY ssl-observatory.prefs.adv_priv_opts2
-"Bezpečné, pokud nepoužíváte firemní síť s tajnými jmény intranetových serverů:">
-
-<!ENTITY ssl-observatory.prefs.alt_roots 
-"Odeslat a prověřit certikáty podepsané nestadartními kořenovými Certifikačními Autoritami">
-
-<!ENTITY ssl-observatory.prefs.alt_roots_tooltip 
-"Je bezpečné (a doporučené) tuto možnost povolit, pokud nepoužíváte dotěrnou firemní síť nebo antivirový sofware Kaspersky který monitoruje vaše surfování s TLS proxy a sorkoumou kořenovou Certifikační Autoritou.   Pokud ji na takové síti povolíte, může tato možnost publikovat důkazy o tom které https:// servery byly skrze tuto proxy navštíveny, kvůli jedinečným certifikátům které by takto vznikly.   Proto nechváme tuto možnost ve výchozím nastavení vypnoutou.">
-
-<!ENTITY ssl-observatory.prefs.anonymous "Prověřovat certifikáty skrze Tor pro zajištění anonymity">
-<!ENTITY ssl-observatory.prefs.anonymous_unavailable 
-"Prověřovat certifikáty skrze Tor pro zajištění anonymity (vyžaduje Torbutton)">
-<!ENTITY ssl-observatory.prefs.anonymous_tooltip 
-"Pro použití této možnosti je třeba mít nainstalovaný Tor a Torbutton">
-
-<!ENTITY ssl-observatory.prefs.asn 
-"Když uvidíte nový certifikát, řekněte Observatoři přes kterého ISP jste připojení">
-
-<!ENTITY ssl-observatory.prefs.asn_tooltip
-"Toto načte a odešle &quot;číslo Autonomního Systému&quot; vaší sítě.   Pomůže nám to lokalizovat útoky na HTTPS, a rozpoznat jestli máme hlášení ze sítí v zemích jako je Írán a Sýrie, kde jsou útoky relativně časté.">
-
-<!ENTITY ssl-observatory.prefs.done "Hotovo">
-
-<!ENTITY ssl-observatory.prefs.explanation 
-"HTTPS Everywhere umí použít SSL Observatoř od EFF.  Ta udělá dvě věci: (1)
-oděšle kopie HTTPS cerifikátů do observotře, což nám pomůže detekovat útoky typu 'man in the middle' a zlepšit bezpečnost na Webu; a (2)
-umožní nám varovat vás před nezabezpečným připojením nebo útokem na váš prohlížeč.">
-
-<!--<!ENTITY ssl-observatory.prefs.explanation2
-"When you visit https://www.example.com, the Observatory will learn that
-somebody visited that site, but will not know who or what page they looked at.
-Mouseover the options for further details:">-->
-
-<!ENTITY ssl-observatory.prefs.explanation2
-
-"Pokud například navštívíte https://www.something.com, certifikát, kerý příjde do Observatoře nás informuje o tom, že někdo navštívil
-www.something.com, ale neřekne kdo to byl, ani na jakou konkrétní stránku se
-díval.   Pro zobrazení podrobností najeďte na možnosti myší.">
-
-<!ENTITY ssl-observatory.prefs.hide "Skrýt pokročilé nastavení">
-
-<!ENTITY ssl-observatory.prefs.nonanon 
-"Prověřovat certifikáty i pokud Tor není dostupný">
-
-<!ENTITY ssl-observatory.prefs.nonanon_tooltip
-"I tak se budeme snažit, aby data zůstala anonymní, ale tato možnost není tak bezpečná">
-
-<!ENTITY ssl-observatory.prefs.priv_dns 
-"Odesílat a prověřovat certifikáty neveřejných DNS jmen">
-
-<!ENTITY ssl-observatory.prefs.priv_dns_tooltip
-"Pokud není tato možnost zaškrtnutá, Observatoř nebude zaznamenávat certifikáty pro jména která nenajde v DNS systému.">
-
-<!ENTITY ssl-observatory.prefs.show "Zobrazit pokročilé nastavení">
-
-<!ENTITY ssl-observatory.prefs.title "Nastavení SSL Observatoře">
-
-<!ENTITY ssl-observatory.prefs.use "Používat Observatoř?">
-<!ENTITY ssl-observatory.warning.title "VAROVÁNÍ z SSL Observatoře od EFF">
-<!ENTITY ssl-observatory.warning.showcert "Zobrazit řetězec certifikátů">
-<!ENTITY ssl-observatory.warning.okay "Rozumím">
-<!ENTITY ssl-observatory.warning.text "SSL Observatoř od EFF vydala varování před HTTPS cetifikátem / certifikáty na těchto stránkách:">
-<!ENTITY ssl-observatory.warning.defense "Pokud jste se na těchto stránkách přihlásili, doporučujeme změnit si heslo, až budete připojeni bezpečným připojením.">
-
-<!ENTITY ssl-observatory.prefs.self_signed
-"Odesílat a prověrovat certifikáty podepsané sami sebou">
-<!ENTITY ssl-observatory.prefs.self_signed_tooltip
-"Tuto možnost dopručujeme zapnout; kryprografické problémy jsou obzvášť časté u takto podepsaných vestavěných zařízení">
-
diff --git a/src/chrome/locale/da/https-everywhere.dtd b/src/chrome/locale/da/https-everywhere.dtd
deleted file mode 100644
index a0b9bea982a6..000000000000
--- a/src/chrome/locale/da/https-everywhere.dtd
+++ /dev/null
@@ -1,47 +0,0 @@
-<!ENTITY https-everywhere.about.title "Om HTTPS Overalt">
-<!ENTITY https-everywhere.about.ext_name "HTTPS Overalt">
-<!ENTITY https-everywhere.about.ext_description "Kryptér nettet! Brug HTTPS-sikkerhed automatisk på mange steder.">
-<!ENTITY https-everywhere.about.version "Version">
-<!ENTITY https-everywhere.about.created_by "Oprettet af">
-<!ENTITY https-everywhere.about.librarians "Regelsæt-bibliotekarer">
-<!ENTITY https-everywhere.about.thanks "Tak til">
-<!ENTITY https-everywhere.about.contribute  "Hvis du kan lide HTTPS Overalt, så vil du måske overveje">
-<!ENTITY https-everywhere.about.donate_tor "Giv bidrag til Tor">
-<!ENTITY https-everywhere.about.tor_lang_code "da">
-<!ENTITY https-everywhere.about.donate_eff "Giv bidrag til EFF">
-
-<!ENTITY https-everywhere.menu.about "Om HTTPS Overalt">
-<!ENTITY https-everywhere.menu.observatory "Indstillinger for SSL-observatorie">
-<!ENTITY https-everywhere.menu.globalEnable "Aktivér HTTPS Overalt">
-<!ENTITY https-everywhere.menu.globalDisable "Deaktivér HTTPS Overalt">
-
-<!ENTITY https-everywhere.prefs.title "Indstillinger for HTTPS Overalt">
-<!ENTITY https-everywhere.prefs.enable_all "Aktivér alle">
-<!ENTITY https-everywhere.prefs.disable_all "Deaktivér alle">
-<!ENTITY https-everywhere.prefs.reset_defaults "Nulstil til standardindstillinger">
-<!ENTITY https-everywhere.prefs.search "Søg">
-<!ENTITY https-everywhere.prefs.site "Sted">
-<!ENTITY https-everywhere.prefs.notes "Noter">
-<!ENTITY https-everywhere.prefs.list_caption "Hvilke HTTPS-regler skal anvendes?">
-<!ENTITY https-everywhere.prefs.enabled "Aktiveret">
-<!ENTITY https-everywhere.prefs.ruleset_howto "Du kan lære om at skrive dine egne regelsæt (for at føje understøttelse til andre websteder)">
-<!ENTITY https-everywhere.prefs.here_link "her">
-<!ENTITY https-everywhere.prefs.toggle "Slå til/fra">
-<!ENTITY https-everywhere.prefs.reset_default "Nulstil til standardindstilling">
-<!ENTITY https-everywhere.prefs.view_xml_source "Vis XML-kilde">
-
-<!ENTITY https-everywhere.source.downloading "Henter">
-<!ENTITY https-everywhere.source.filename "Filnavn">
-<!ENTITY https-everywhere.source.unable_to_download "Kan ikke hente kilde">
-
-<!ENTITY https-everywhere.popup.title "HTTPS Everywhere 4.0development.11 meddelelse">
-<!ENTITY https-everywhere.popup.paragraph1 "Ups. Du anvendte den stabile version af HTTPS Everywhere, men vi har ved et uheld måske opdateret til udvikler-versionen ved den sidste opdatering.">
-<!ENTITY https-everywhere.popup.paragraph2 "Vil du skifte tilbage til den stabile version?">
-<!ENTITY https-everywhere.popup.paragraph3 "Vi ville sætte pris på at du fortsatte med at anvende vores udvikler-version, og derved hjalp os med at gøre HTTPS Everywhere bedre! Der er optræder måske fejl her og der, som du kan rapportere på https-everywhere@eff.org, på engelsk. Vi beklager besværet. Tak fordi du anvender HTTPS Everywhere.">
-<!ENTITY https-everywhere.popup.keep "Behold udvikler-versionen">
-<!ENTITY https-everywhere.popup.revert "Hent den seneste stabile version">
-
-<!ENTITY https-everywhere.ruleset-tests.status_title "HTTPS Everywhere Ruleset Tests">
-<!ENTITY https-everywhere.ruleset-tests.status_cancel_button "Cancel">
-<!ENTITY https-everywhere.ruleset-tests.status_start_button "Start">
-
diff --git a/src/chrome/locale/da/https-everywhere.properties b/src/chrome/locale/da/https-everywhere.properties
deleted file mode 100644
index dcd8a3680838..000000000000
--- a/src/chrome/locale/da/https-everywhere.properties
+++ /dev/null
@@ -1,8 +0,0 @@
-https-everywhere.menu.globalEnable = Aktivér HTTPS Overalt
-https-everywhere.menu.globalDisable = Deaktivér HTTPS Overalt
-https-everywhere.menu.enableDisable = Aktivér / Deaktivér regler
-https-everywhere.menu.noRules = (Der er ikke opsat regler for denne side)
-https-everywhere.menu.unknownRules = (Regler for denne side ukendt)
-https-everywhere.toolbar.hint = HTTPS Everywhere er nu aktiv. De kan tænde den ved et side-ved-side basis ved at klikke på ikonet i adresse baren.
-https-everywhere.migration.notification0 = For at rette en vigtig fejl, nulstiller denne opdatering dine HTTPS Everywhere indstillinger til deres oprindelige værdier.
-https-everywhere.menu.ruleset-tests = Run HTTPS Everywhere Ruleset Tests
diff --git a/src/chrome/locale/da/ssl-observatory.dtd b/src/chrome/locale/da/ssl-observatory.dtd
deleted file mode 100644
index 05722e888521..000000000000
--- a/src/chrome/locale/da/ssl-observatory.dtd
+++ /dev/null
@@ -1,100 +0,0 @@
-<!-- Observatory popup window -->
-<!ENTITY ssl-observatory.popup.details "Detaljer og information om privatliv">
-<!ENTITY ssl-observatory.popup.later "Spørg mig senere">
-<!ENTITY ssl-observatory.popup.no "Nej">
-
-<!ENTITY ssl-observatory.popup.text "HTTPS Overalt kan registrere angreb
-mod din browser ved at sende certifikaterne du modtager til
-Observatoriet.  Slå dette til?">
-
-<!--<!ENTITY ssl-observatory.popup.text 
-"EFF's SSL Observatory can detect attacks against HTTPS websites by collecting
-and auditing the certificates being presented to your browser. Would you like
-to turn it on?">-->
-
-<!ENTITY ssl-observatory.popup.title 
-"Skal HTTPS Overalt anvende SSL-observatoriet?">
-
-<!ENTITY ssl-observatory.popup.yes "Ja">
-
-<!-- Observatory preferences dialog -->
-
-<!ENTITY ssl-observatory.prefs.adv_priv_opts1
-"Dette kan trygt aktiveres, medmindre du brug et virksomhedsnetværk
-som er udsat for meget indtrængen:">
-
-<!ENTITY ssl-observatory.prefs.adv_priv_opts2
-"Sikker, medmindre du bruger et virksomhedsnetværk med skjulte intranet-servernavne:">
-
-<!ENTITY ssl-observatory.prefs.alt_roots 
-"Indsend og tjek certifikater signeret af ikke-standardiserede rod-certifikat-autoriteter">
-
-<!ENTITY ssl-observatory.prefs.alt_roots_tooltip 
-"Det er sikkert (og en god ide) at aktivere denne valgmulighed, medmindre du bruger virksomhedsnetværk med meget indtrængen eller antivirus-software fra Kaspersky, der overvåger din browserbrug med en TLS-proxy og en privat rod-certifikat-autoritet.  Hvis den er aktiveret på sådan et netværk, så kan dette tilvalg risikere at udgive spor af hvilke https://-domæner som blev benyttet gennem proxy'en, som følge af de unikke certifikater den ville fremstille.  Lad den derfor være slået fra som standard.">
-
-<!ENTITY ssl-observatory.prefs.anonymous "Tjek certifikater med brug af Tor for anonymitet">
-<!ENTITY ssl-observatory.prefs.anonymous_unavailable 
-"Tjek certifikater med brug af Tor for anonymitet (kræver Torbutton)">
-<!ENTITY ssl-observatory.prefs.anonymous_tooltip 
-"Dette tilvalg kræver at Tor og Torbutton er installerede.">
-
-<!ENTITY ssl-observatory.prefs.asn 
-"Når du ser et nyt certifikat, så fortæl Observatoriet hvilken internetudbyder du er tilsluttet til">
-
-<!ENTITY ssl-observatory.prefs.asn_tooltip
-"Dette vil hente og sende det &quot;autonome systemnummer&quot; for dit netværk.  Dette vil hjælpe os med at lokalisere angreb mod HTTPS, og afgøre hvorvidt vi har observationer fra netværk fra steder som Iran og Syrien, hvor angreb set under sammenligning forekommer hyppigt.">
-
-<!ENTITY ssl-observatory.prefs.done "Færdig">
-
-<!ENTITY ssl-observatory.prefs.explanation 
-"HTTPS Overalt kan benytte EFFs SSL-observatorie.  Dette indebærer to
-ting: (1) der sendes kopier af HTTPS-certifikater til observatoriet, der
-hjælper os med at registrere 'manden i midten'-angreb og forøge sikkerheden på nettet; og (2) giver os mulighed for at advare dig om usikre forbindelser eller angreb på din browser.">
-
-<!--<!ENTITY ssl-observatory.prefs.explanation2
-"When you visit https://www.example.com, the Observatory will learn that
-somebody visited that site, but will not know who or what page they looked at.
-Mouseover the options for further details:">-->
-
-<!ENTITY ssl-observatory.prefs.explanation2
-
-"Som eksempel, når du besøger https://www.etellerandet.com, så vil
-certifikatet som Observatoriet har modtaget indikere at nogen besøgte
-www.etellerandet.com, men ikke hvem som besøgte stedet, eller hvilken
-specifik side de kiggede på.  Hold musen over valgmuligheder for at flere
-detaljer:">
-
-<!ENTITY ssl-observatory.prefs.hide "Skjul avancerede valgmuligheder">
-
-<!ENTITY ssl-observatory.prefs.nonanon 
-"Tjek certifikater, selv når Tor ikke er tilgængelig">
-
-<!ENTITY ssl-observatory.prefs.nonanon_tooltip
-"Vi vil stadig forsøge at bevare data anonyme, men denne valgmulighed er mindre sikker">
-
-<!ENTITY ssl-observatory.prefs.priv_dns 
-"Indsend og tjek certifikater for DNS-navne som ikke er offentlige">
-
-<!ENTITY ssl-observatory.prefs.priv_dns_tooltip
-"Medmindre denne valgmulighed er valgt, så vil observatoriet ikke registrere certifikater for navne som den ikke kan opløse gennem DNS-systemet.">
-
-<!ENTITY ssl-observatory.prefs.show "Vis avanceret valgmuligheder">
-
-<!ENTITY ssl-observatory.prefs.title "Indstillinger for SSL-Observatoriet">
-
-<!ENTITY ssl-observatory.prefs.use "Brug Observatoriet?">
-<!ENTITY ssl-observatory.warning.title "ADVARSEL fra EFF's SSL-observatorie">
-<!ENTITY ssl-observatory.warning.showcert "Vis certifikat-kæden">
-<!ENTITY ssl-observatory.warning.okay "Jeg forstår">
-<!ENTITY ssl-observatory.warning.text "EFF's SSL-observatorie har udsted en advarsel om HTTPS-certifikaterne for  dette sted:">
-<!ENTITY ssl-observatory.warning.defense "Hvis du er logget ind på dette sted, så kan det tilrådes at ændre din adgangskode når du har etableret en sikker forbindelse. ">
-
-<!ENTITY ssl-observatory.prefs.self_signed
-"Indsend og tjek selvsignerede certifikater">
-<!ENTITY ssl-observatory.prefs.self_signed_tooltip
-"Dette er anbefalet, da kryptografiske problemer er oftere findes i selvsignerede indlejrede enheder">
-
-<!ENTITY https-everywhere.ruleset-tests.status_title "HTTPS Everywhere Ruleset Tests">
-<!ENTITY https-everywhere.ruleset-tests.status_cancel_button "Cancel">
-<!ENTITY https-everywhere.ruleset-tests.status_start_button "Start">
-
diff --git a/src/chrome/locale/de/https-everywhere.dtd b/src/chrome/locale/de/https-everywhere.dtd
deleted file mode 100644
index 42d9ea8fb513..000000000000
--- a/src/chrome/locale/de/https-everywhere.dtd
+++ /dev/null
@@ -1,47 +0,0 @@
-<!ENTITY https-everywhere.about.title "Über HTTPS Everywhere">
-<!ENTITY https-everywhere.about.ext_name "HTTPS Everywhere">
-<!ENTITY https-everywhere.about.ext_description "Sichere deine Internet Anbindung! Automatische HTTPS-Sicherheit auf vielen Web-Seiten.">
-<!ENTITY https-everywhere.about.version "Version">
-<!ENTITY https-everywhere.about.created_by "Entwickelt durch">
-<!ENTITY https-everywhere.about.librarians "Regelliste">
-<!ENTITY https-everywhere.about.thanks "Dank an">
-<!ENTITY https-everywhere.about.contribute  "Wenn du HTTPS-Everywhere magst, solltest du mal dieses ausprobieren">
-<!ENTITY https-everywhere.about.donate_tor "Spende an Tor">
-<!ENTITY https-everywhere.about.tor_lang_code "de-DE">
-<!ENTITY https-everywhere.about.donate_eff "Spende an EFF">
-
-<!ENTITY https-everywhere.menu.about "Über HTTPS Everywhere">
-<!ENTITY https-everywhere.menu.observatory "SSL Observatory Einstellungen">
-<!ENTITY https-everywhere.menu.globalEnable "HTTPS Everywhere aktivieren">
-<!ENTITY https-everywhere.menu.globalDisable "HTTPS Everywhere deaktivieren">
-
-<!ENTITY https-everywhere.prefs.title "HTTPS Everywhere Einstellungen">
-<!ENTITY https-everywhere.prefs.enable_all "Alle aktivieren">
-<!ENTITY https-everywhere.prefs.disable_all "Alle deaktivieren">
-<!ENTITY https-everywhere.prefs.reset_defaults "Zurücksetzen">
-<!ENTITY https-everywhere.prefs.search "Suchen">
-<!ENTITY https-everywhere.prefs.site "Seite">
-<!ENTITY https-everywhere.prefs.notes "Notizen">
-<!ENTITY https-everywhere.prefs.list_caption "Welche HTTPS-Weiterleitung soll gewählt werden?">
-<!ENTITY https-everywhere.prefs.enabled "Gestartet">
-<!ENTITY https-everywhere.prefs.ruleset_howto "Lerne, deine eigene Regelliste zu schreiben (Füge Regeln für andere Web-Seiten hinzu)">
-<!ENTITY https-everywhere.prefs.here_link "Hier">
-<!ENTITY https-everywhere.prefs.toggle "Toggle">
-<!ENTITY https-everywhere.prefs.reset_default "Reset to Default">
-<!ENTITY https-everywhere.prefs.view_xml_source "XML-Quelle ansehen">
-
-<!ENTITY https-everywhere.source.downloading "Downloade">
-<!ENTITY https-everywhere.source.filename "Dateiname">
-<!ENTITY https-everywhere.source.unable_to_download "Quelle konnte nicht heruntergeladen werden.">
-
-<!ENTITY https-everywhere.popup.title "Nachricht von HTTPS Everywhere 4.0development.11">
-<!ENTITY https-everywhere.popup.paragraph1 "Oops. Du hattest die stabile Version von HTTPS Everywhere benutzt, aber wir haben dich möglicherweise in unserem letztdem Update auf eine Entwickler-Version geupgraded.">
-<!ENTITY https-everywhere.popup.paragraph2 "Möchtest du zurück zur stabilen Version?">
-<!ENTITY https-everywhere.popup.paragraph3 "Wir würden uns freuen, wenn du weiterhin die Entwickler-Version benutzen würdest, um uns zu helfen HTTPS Everywhere zu verbessern! Es könnte sein, dass du hier und da einige Fehler findest, welche du an https-everywhere@eff.org melden kannst. Entschuldige die Unannehmlichkeit und danke, dass du HTTPS Everywhere benutzt.">
-<!ENTITY https-everywhere.popup.keep "Entwickler-Version beibehalten.">
-<!ENTITY https-everywhere.popup.revert "Die letzte stabile Version herunterladen">
-
-<!ENTITY https-everywhere.ruleset-tests.status_title "HTTPS Everywhere Ruleset Tests">
-<!ENTITY https-everywhere.ruleset-tests.status_cancel_button "Cancel">
-<!ENTITY https-everywhere.ruleset-tests.status_start_button "Start">
-
diff --git a/src/chrome/locale/de/https-everywhere.properties b/src/chrome/locale/de/https-everywhere.properties
deleted file mode 100644
index c1d34383c890..000000000000
--- a/src/chrome/locale/de/https-everywhere.properties
+++ /dev/null
@@ -1,8 +0,0 @@
-https-everywhere.menu.globalEnable = HTTPS Everywhere aktivieren
-https-everywhere.menu.globalDisable = HTTPS Everywhere deaktivieren
-https-everywhere.menu.enableDisable = Regeln Aktivieren / Deaktivieren
-https-everywhere.menu.noRules = (Keine Regeln für diese Seite)
-https-everywhere.menu.unknownRules = (Regeln für diese Seite unbekannt)
-https-everywhere.toolbar.hint = HTTPS Everywhere ist nun aktiv. Sie können es für bestimmte Seiten ein- oder ausschalten, indem Sie auf das Icon in der Adresszeile klicken.
-https-everywhere.migration.notification0 = Um einen wichtigen Fix zu implementieren, wird dieses Update deine HTTPS Everywhere Regel-Einstellungen zurücksetzen.
-https-everywhere.menu.ruleset-tests = Run HTTPS Everywhere Ruleset Tests
diff --git a/src/chrome/locale/de/ssl-observatory.dtd b/src/chrome/locale/de/ssl-observatory.dtd
deleted file mode 100644
index 74483cc0847c..000000000000
--- a/src/chrome/locale/de/ssl-observatory.dtd
+++ /dev/null
@@ -1,91 +0,0 @@
-<!-- Observatory popup window -->
-<!ENTITY ssl-observatory.popup.details "Details und Datenschutz Informationen">
-<!ENTITY ssl-observatory.popup.later "Später nachfragen">
-<!ENTITY ssl-observatory.popup.no "Nein">
-
-<!ENTITY ssl-observatory.popup.text "HTTPS Everywhere kann Angriffe gegen Ihren Browser erkennen, indem es Zertifikate, die Sie empfangen, zum SSL Observatory sendet. Einstellung aktivieren?">
-
-<!--<!ENTITY ssl-observatory.popup.text 
-"EFF's SSL Observatory can detect attacks against HTTPS websites by collecting
-and auditing the certificates being presented to your browser. Would you like
-to turn it on?">-->
-
-<!ENTITY ssl-observatory.popup.title 
-"Soll HTTPS Everywhere SSL Observatory benutzen?">
-
-<!ENTITY ssl-observatory.popup.yes "Ja">
-
-<!-- Observatory preferences dialog -->
-
-<!ENTITY ssl-observatory.prefs.adv_priv_opts1
-"Es ist sicher, diese Option zu aktivieren, es sei denn, Sie benutzen ein sehr aufdringliches Firmennetzwerk:">
-
-<!ENTITY ssl-observatory.prefs.adv_priv_opts2
-"Sicher, es sei denn, Sie benutzen ein Firmennetzwerk mit geheimen Intranet Servernamen:">
-
-<!ENTITY ssl-observatory.prefs.alt_roots 
-"Sende und überprüfe Zertifikate, die nicht von Stammzertifizierungsstellen ausgestellt wurden">
-
-<!ENTITY ssl-observatory.prefs.alt_roots_tooltip 
-"Es ist sicher (und eine gute Idee), diese Option zu aktivieren, es sei denn, Sie benutzen ein aufdringliches Firmennetzwerk, oder Kaspersky Antiviren-Software, die Sie beim Browsen mittels eines TLS Proxyservers und einer privaten Zertifizierungsstelle überwacht. Wenn diese Option in einem solchen Netzwerk verwendet wird, könnte Sie Hinweise (in Form der dadurch erstellten eindeutigen Zertifikate) auf die durch diesen Proxyserver besuchten https:// Domains hinterlassen.">
-
-<!ENTITY ssl-observatory.prefs.anonymous "Überprüfe Zertifikate mit Tor, um Anonymität zu bewahren">
-<!ENTITY ssl-observatory.prefs.anonymous_unavailable 
-"Überprüfte Zertifikate mit Tor, um Anonymität zu bewahren (benötigt Torbutton)">
-<!ENTITY ssl-observatory.prefs.anonymous_tooltip 
-"Diese Option macht die Installation von Tor und Torbutton erforderlich">
-
-<!ENTITY ssl-observatory.prefs.asn 
-"Dem SSL Observatory mitteilen, welchen ISP Sie verwenden, wenn Sie ein neues Zertifikat zu sehen bekommen">
-
-<!ENTITY ssl-observatory.prefs.asn_tooltip
-"Diese Option verwendet die 'Autonome System Zahl' Ihres Netzwerks. Das hilft uns, Angriffe gegen HTTPS zu orten und festzustellen, ob es sich um Angriffe von Netzwerken in Ländern wie Iran und Syrien handelt, in denen solche Angriffe vergleichsweise häufig sind.">
-
-<!ENTITY ssl-observatory.prefs.done "Fertig">
-
-<!ENTITY ssl-observatory.prefs.explanation 
-"HTTPS Everywhere kann EFF's SSL Observatory verwenden. Das ermöglicht uns 1. die Erkennung von 'man in the middle' Angriffen und damit eine Verbesserung der Internetsicherheit, indem Kopien der HTTPS Zertifikate an das SSL Observatory gesendet werden; und 2. können wir Sie bei unsicheren Verbindungen oder Angriffen gegen Ihren Browser warnen.">
-
-<!--<!ENTITY ssl-observatory.prefs.explanation2
-"When you visit https://www.example.com, the Observatory will learn that
-somebody visited that site, but will not know who or what page they looked at.
-Mouseover the options for further details:">-->
-
-<!ENTITY ssl-observatory.prefs.explanation2
-
-"Beispiel: Wenn Sie https://www.irgendetwas.com besuchen, kann das SSL Observatory lediglich feststellen, dass irgendjemand www.irgendetwas.com besucht hat, aber nicht wer es war oder welche genaue Informationen aufgerufen wurde. Für mehr Informationen, fahren Sie mit der Maus über diese Option:">
-
-<!ENTITY ssl-observatory.prefs.hide "Verstecke erweiterte Optionen">
-
-<!ENTITY ssl-observatory.prefs.nonanon 
-"Zertifikate auch überprüfen, wenn Tor nicht verfügbar ist">
-
-<!ENTITY ssl-observatory.prefs.nonanon_tooltip
-"Wir bemühen uns, die Daten dennoch anonym zu halten, aber diese Option ist weniger sicher.">
-
-<!ENTITY ssl-observatory.prefs.priv_dns 
-"Zertifikate für nicht-öffentliche DNS-Namen Senden und Überprüfen">
-
-<!ENTITY ssl-observatory.prefs.priv_dns_tooltip
-"Wenn diese Option nicht aktiviert ist, wird das Observatory keine Zertifikate für Domain Namen aufnehmen, die es nicht über das DNS-System auflösen kann.">
-
-<!ENTITY ssl-observatory.prefs.show "Zeige erweiterte Optionen">
-
-<!ENTITY ssl-observatory.prefs.title "SSL Observatory Einstellungen">
-
-<!ENTITY ssl-observatory.prefs.use "SSL Observatory verwenden?">
-<!ENTITY ssl-observatory.warning.title "WARNUNG von EFF's SSL Observatory">
-<!ENTITY ssl-observatory.warning.showcert "Zertifikatskette anzeigen">
-<!ENTITY ssl-observatory.warning.okay "Ich verstehe">
-<!ENTITY ssl-observatory.warning.text "EFF's SSL Observatory hat eine Warnung zu dem HTTPS Zertifikat dieser Seite veröffentlicht:">
-<!ENTITY ssl-observatory.warning.defense "Wenn Sie auf dieser Seite eingeloggt sind, kann es empfehlenswert sein, das Passwort zu ändern, sobald Sie eine sichere Verbindung haben.">
-
-<!ENTITY ssl-observatory.prefs.self_signed
-"Selbstsignierte Zertifikate Senden und Überprüfen">
-<!ENTITY ssl-observatory.prefs.self_signed_tooltip
-"Empfehlenswert; kryptographische Probleme sind in selbstsignierten eingebetteten Geräten besonders häufig.">
-
-<!ENTITY https-everywhere.ruleset-tests.status_title "HTTPS Everywhere Ruleset Tests">
-<!ENTITY https-everywhere.ruleset-tests.status_cancel_button "Cancel">
-<!ENTITY https-everywhere.ruleset-tests.status_start_button "Start">
-
diff --git a/src/chrome/locale/el/https-everywhere.dtd b/src/chrome/locale/el/https-everywhere.dtd
deleted file mode 100644
index bc25a528d17f..000000000000
--- a/src/chrome/locale/el/https-everywhere.dtd
+++ /dev/null
@@ -1,47 +0,0 @@
-<!ENTITY https-everywhere.about.title "Σχετικά με το HTTPS Everywhere">
-<!ENTITY https-everywhere.about.ext_name "HTTPS Everywhere">
-<!ENTITY https-everywhere.about.ext_description "Κρυπτογραφήστε τον Παγκόσμιο Ιστό! Χρησιμοποιήστε ασφάλεια HTTPS σε πολλούς δικτυακούς τόπους.">
-<!ENTITY https-everywhere.about.version "Έκδοση">
-<!ENTITY https-everywhere.about.created_by "Δημιουργήθηκε από">
-<!ENTITY https-everywhere.about.librarians "Βιβλιοθήκες για κανόνες">
-<!ENTITY https-everywhere.about.thanks "Ευχαριστούμε τους">
-<!ENTITY https-everywhere.about.contribute  "Αν σας αρέσει το HTTPS Everywhere, δοκιμάστε">
-<!ENTITY https-everywhere.about.donate_tor "Δωρίστε στο Tor">
-<!ENTITY https-everywhere.about.tor_lang_code "en">
-<!ENTITY https-everywhere.about.donate_eff "Δωρίστε στο EFF">
-
-<!ENTITY https-everywhere.menu.about "Σχετικά με το HTTPS Everywhere">
-<!ENTITY https-everywhere.menu.observatory "Προτιμήσεις για το Παρατηρητήριο SSL">
-<!ENTITY https-everywhere.menu.globalEnable "Ενεργοποίηση του HTTPS Everywhere">
-<!ENTITY https-everywhere.menu.globalDisable "Απενεργοποίηση του HTTPS Everywhere">
-
-<!ENTITY https-everywhere.prefs.title "Προτιμήσεις του HTTPS Everywhere">
-<!ENTITY https-everywhere.prefs.enable_all "Ενεργοποίηση όλων">
-<!ENTITY https-everywhere.prefs.disable_all "Απενεργοποίηση όλων">
-<!ENTITY https-everywhere.prefs.reset_defaults "Επαναφορά προεπιλεγμένων κανόνων">
-<!ENTITY https-everywhere.prefs.search "Αναζήτηση">
-<!ENTITY https-everywhere.prefs.site "Δικτυακός τόπος">
-<!ENTITY https-everywhere.prefs.notes "Σημειώσεις">
-<!ENTITY https-everywhere.prefs.list_caption "Ποιοι κανόνες ανακατεύθυνσης σε HTTPS να εφαρμοστούν;">
-<!ENTITY https-everywhere.prefs.enabled "Ενεργοποιημένο">
-<!ENTITY https-everywhere.prefs.ruleset_howto "Μπορείτε να μάθετε πώς να γράφετε τους δικούς σας κανόνες (ώστε να υποστηρίξετε και άλλους δικτυακούς τόπους)">
-<!ENTITY https-everywhere.prefs.here_link "εδώ">
-<!ENTITY https-everywhere.prefs.toggle "Εναλλαγή">
-<!ENTITY https-everywhere.prefs.reset_default "Επαναφορά προεπιλογών">
-<!ENTITY https-everywhere.prefs.view_xml_source "Προβολή του Πηγαίου Κώδικα XML">
-
-<!ENTITY https-everywhere.source.downloading "Γίνεται λήψη">
-<!ENTITY https-everywhere.source.filename "Όνομα αρχείου">
-<!ENTITY https-everywhere.source.unable_to_download "Αδυναμί λήψης πηγαίου κώδικα.">
-
-<!ENTITY https-everywhere.popup.title "HTTPS Everywhere 4.0development.11 notification">
-<!ENTITY https-everywhere.popup.paragraph1 "Oops. You were using the stable version of HTTPS Everywhere, but we might have accidentally upgraded you to the development version in our last release.">
-<!ENTITY https-everywhere.popup.paragraph2 "Would you like to go back to stable?">
-<!ENTITY https-everywhere.popup.paragraph3 "We'd love it if you continued using our development release and helped us make HTTPS Everywhere better! You might find there are a few more bugs here and there, which you can report to https-everywhere@eff.org. Sorry about the inconvenience, and thank you for using HTTPS Everywhere.">
-<!ENTITY https-everywhere.popup.keep "Keep me on the development version">
-<!ENTITY https-everywhere.popup.revert "Download the latest stable version">
-
-<!ENTITY https-everywhere.ruleset-tests.status_title "HTTPS Everywhere Ruleset Tests">
-<!ENTITY https-everywhere.ruleset-tests.status_cancel_button "Cancel">
-<!ENTITY https-everywhere.ruleset-tests.status_start_button "Start">
-
diff --git a/src/chrome/locale/el/https-everywhere.properties b/src/chrome/locale/el/https-everywhere.properties
deleted file mode 100644
index 1906756fd168..000000000000
--- a/src/chrome/locale/el/https-everywhere.properties
+++ /dev/null
@@ -1,8 +0,0 @@
-https-everywhere.menu.globalEnable = Ενεργοποίηση του HTTPS Everywhere
-https-everywhere.menu.globalDisable = Απενεργοποίηση του HTTPS Everywhere
-https-everywhere.menu.enableDisable = Ενεργοποίηση / Απενεργοποίηση των κανόνων 
-https-everywhere.menu.noRules = (Δεν υπάρχουν κανόνες για αυτή την σελίδα)
-https-everywhere.menu.unknownRules = (Κανόνες για αυτή τη σελίδα: Άγνωστοι)
-https-everywhere.toolbar.hint = Το HTTPS Everywhere ειναι τωρα ενεργοποιημενο. Μπορείτε να το αλλάξετε με βάση την τοποθεσία ανά τοποθεσία, κάνοντας κλικ στο εικονίδιο στη γραμμή διευθύνσεων. 
-https-everywhere.migration.notification0 = Αυτή η ενημέρωση επαναφέρει τις ρυθμίσεις κανόνων του HTTPS Everywhere στις προεπιλεγμένες τιμές, με σκοπό να εφαρμοστεί μια κρίσιμη διόρθωση.
-https-everywhere.menu.ruleset-tests = Run HTTPS Everywhere Ruleset Tests
diff --git a/src/chrome/locale/el/ssl-observatory.dtd b/src/chrome/locale/el/ssl-observatory.dtd
deleted file mode 100644
index 28641ed8035e..000000000000
--- a/src/chrome/locale/el/ssl-observatory.dtd
+++ /dev/null
@@ -1,99 +0,0 @@
-<!-- Observatory popup window -->
-<!ENTITY ssl-observatory.popup.details "Λεπτομέρειες και Πληροφορίες Ιδιωτικότητας">
-<!ENTITY ssl-observatory.popup.later "Θέλω να Ενημερωθώ Αργότερα">
-<!ENTITY ssl-observatory.popup.no "Όχι">
-
-<!ENTITY ssl-observatory.popup.text "Το HTTPS Everywhere μπορεί να εντοπίσει επιθέσεις
-εναντίον του φυλλομετρητή σου στέλνοντας τα πιστοποιητικά που λαμβάνεις 
-στο Παρατηρητήριο. Επιθυμείς ενεργοποίηση;">
-
-<!--<!ENTITY ssl-observatory.popup.text 
-"EFF's SSL Observatory can detect attacks against HTTPS websites by collecting
-and auditing the certificates being presented to your browser. Would you like
-to turn it on?">-->
-
-<!ENTITY ssl-observatory.popup.title 
-"Επιθυμείς το HTTPS Everywhere να χρησιμοποιεί το Παρατηρητήριο SSL;">
-
-<!ENTITY ssl-observatory.popup.yes "Ναι">
-
-<!-- Observatory preferences dialog -->
-
-<!ENTITY ssl-observatory.prefs.adv_priv_opts1
-"Η ενεργοποίηση της επιλογής είναι ασφαλής, εκτός αν χρησιμοποιείς εταιρικό δίκτυο 
-υψηλής παρεμβατικότητας:">
-
-<!ENTITY ssl-observatory.prefs.adv_priv_opts2
-"Η ενεργοποίηση της επιλογής είναι ασφαλής, εκτός αν χρησιμοποιείς εταιρικό δίκτυο με μυστικά ονόματα διακομιστών:">
-
-<!ENTITY ssl-observatory.prefs.alt_roots 
-"Υποβολή και έλεγχος πιστοποιητικών υπογεγραμμένων από μη-εγκεκριμένες Αρχές Πιστοποίησης πιστοποιητικών">
-
-<!ENTITY ssl-observatory.prefs.alt_roots_tooltip 
-"Είναι ασφαλές (και καλή ιδέα) να ενεργοποιηθεί η συγκεκριμένη επιλογή, εκτός αν χρησιμοποιείς εταιρικό δίκτυο υψηλής παρεμβατικότητας ή το λογισμικό προστασίας από ιούς 'Kaspersky' το οποίο παρακολουθεί την περιήγηση μέσω ενός TLS διακομιστή μεσολάβησης και μιας ιδιωτικής Αρχής Πιστοποίησης πιστοποιητικών. Αν ενεργοποιηθεί σε ένα τέτοιο δίκτυο, μπορεί να δημοσιοποιήσει στοιχεία για το ποια https:// ονόματα ιστοτόπων επισκέφθηκες μέσω αυτού του διακομιστή μεσολάβησης, εξαιτίας της μοναδικότητας των πιστοποιητικών που θα παράγει. Γι' αυτό το έχουμε αφήσει εξ' αρχής απενεργοποιημένο.">
-
-<!ENTITY ssl-observatory.prefs.anonymous "Έλεγχος πιστοποιητικών χρησιμοποιώντας το Tor για εξασφάλιση ανωνυμίας">
-<!ENTITY ssl-observatory.prefs.anonymous_unavailable 
-"Έλεγχος πιστοποιητικών χρησιμοποιώντας το Tor για εξασφάλιση ανωνυμίας (απαιτείται η εγκατάσταση του Torbutton)">
-<!ENTITY ssl-observatory.prefs.anonymous_tooltip 
-"Η συγκεκριμένη επιλογή απαιτεί την εγκατάσταση του Tor και του Torbutton">
-
-<!ENTITY ssl-observatory.prefs.asn 
-"Όταν βλέπεις ένα νέο πιστοποιητικό, πες στο Παρατηρητήριο με ποιον Πάροχο Υπηρεσιών Διαδικτύου έχεις συνδεθεί.">
-
-<!ENTITY ssl-observatory.prefs.asn_tooltip
-"Η συγκεκριμένη επιλογή θα ανακτήσει και θα αποστείλει τον &quot;Αυτόνομο Αριθμό Συστήματος&quot; (Autonomous System number) του δικτύου σου. Αυτό θα μας βοηθήσει να εντοπίσουμε επιθέσεις εναντίον του HTTPS και να καθορίσουμε αν έχουν παρατηρηθεί επιθέσεις από μέρη όπως η Συρία και το Ιράν όπου αυτές οι επιθέσεις είναι συγκριτικά πιο συνηθισμένες.">
-
-<!ENTITY ssl-observatory.prefs.done "Έγινε">
-
-<!ENTITY ssl-observatory.prefs.explanation 
-"Το HTTPS Everywhere μπορεί να χρησιμοποιήσει το Παρατηρητήριο SSL του EFF, το οποίο πραγματοποιεί τα εξής: (1)
-στέλνει αντίγραφα των πιστοποιητικών HTTPS στο Παρατηρητήριο, για να μας βοηθήσει να ανιχνεύσουμε επιθέσεις 'ενδιάμεσου παρατηρητή' και να βελτιώσει την ασφάλεια του Παγκόσμιου Ιστού (2)
-μας επιτρέπει να σε προειδοποιούμε σχετικά με μη-ασφαλείς συνδέσεις ή επιθέσεις στο φυλλομετρητή σου.">
-
-<!--<!ENTITY ssl-observatory.prefs.explanation2
-"When you visit https://www.example.com, the Observatory will learn that
-somebody visited that site, but will not know who or what page they looked at.
-Mouseover the options for further details:">-->
-
-<!ENTITY ssl-observatory.prefs.explanation2
-
-"Για παράδειγμα, όταν επισκέπτεσαι το https://www.example.com, το πιστοποιητικό
-που λαμβάνει το Παρατηρητήριο θα δείξει ότι κάποιος κάποιος επισκέφθηκε
-τον ιστότοπο www.something.com, αλλά όχι ποιος επισκέφθηκε τον ιστότοπο ή ποια συγκεκριμένη σελίδα
-είδε. Σύρε το ποντίκι πάνω από τις επιλογές για περισσότερες πληροφορίες:">
-
-<!ENTITY ssl-observatory.prefs.hide "Απόκρυψη επιλογών για προχωρημένους">
-
-<!ENTITY ssl-observatory.prefs.nonanon 
-"Έλεγχος πιστοποιητικών ακόμα κι αν το Tor δεν είναι διαθέσιμο ">
-
-<!ENTITY ssl-observatory.prefs.nonanon_tooltip
-"Συνεχίζουμε την προσπάθεια να κρατήσουμε ανώνυμα τα δεδομένα, αλλά αυτή η επιλογή είναι λιγότερο ασφαλής">
-
-<!ENTITY ssl-observatory.prefs.priv_dns 
-"Υποβολή και έλεγχος πιστοποιητικών για μη δημόσια DNS ονόματα">
-
-<!ENTITY ssl-observatory.prefs.priv_dns_tooltip
-"Εκτός αν  η συγκεκριμένη επιλογή ενεργοποιηθεί, το Παρατηρητήριο δε θα καταγράφει Πιστοποιητικά για ονόματα που δε θα μπορεί να εξακριβώσει μέσω του συστήματος DNS">
-
-<!ENTITY ssl-observatory.prefs.show "Προβολή επιλογών για προχωρημένους">
-
-<!ENTITY ssl-observatory.prefs.title "Προτιμήσεις Παρατηρητηρίου SSL">
-
-<!ENTITY ssl-observatory.prefs.use "Να χρησιμοποιηθεί το Παρατηρητήριο;">
-<!ENTITY ssl-observatory.warning.title "ΠΡΟΕΙΔΟΠΟΙΗΣΗ από το Παρατηρητήριο SSL του EFF">
-<!ENTITY ssl-observatory.warning.showcert "Προβολή της αλυσίδας πιστοποιητικών">
-<!ENTITY ssl-observatory.warning.okay "Καταλαβαίνω">
-<!ENTITY ssl-observatory.warning.text "Το Παρατηρητήριο SSL του EFF έχει εκδώσει μια προειδοποίηση σχετικά με το πιστοποιητικό HTTPS του συγκεκριμένου ιστότοπου:">
-<!ENTITY ssl-observatory.warning.defense "Αν είσαι συνδεδεμένος στο συγκεκριμένο ιστότοπο, προτείνεται να αλλάξεις τον κωδικό ασφαλείας σου όταν αποκτήσεις ασφαλή σύνδεση.">
-
-<!ENTITY ssl-observatory.prefs.self_signed
-"Υποβολή και αυτο-υπογεγραμμένα πιστοποιητικά">
-<!ENTITY ssl-observatory.prefs.self_signed_tooltip
-"Συνιστώμενη ενέργεια· τα κρυπτογραφικά προβλήματα είναι ιδιαιτέρως κοινά στις αυτο-υπογεγραμμένες ενσωματωμένες συσκευές">
-
-<!ENTITY https-everywhere.ruleset-tests.status_title "HTTPS Everywhere Ruleset Tests">
-<!ENTITY https-everywhere.ruleset-tests.status_cancel_button "Cancel">
-<!ENTITY https-everywhere.ruleset-tests.status_start_button "Start">
-
diff --git a/src/chrome/locale/en/https-everywhere.dtd b/src/chrome/locale/en/https-everywhere.dtd
index 33cd86d2b29f..cde60e0b4222 100644
--- a/src/chrome/locale/en/https-everywhere.dtd
+++ b/src/chrome/locale/en/https-everywhere.dtd
@@ -2,45 +2,80 @@
 <!ENTITY https-everywhere.about.ext_name "HTTPS Everywhere">
 <!ENTITY https-everywhere.about.ext_description "Encrypt the Web! Automatically use HTTPS security on many sites.">
 <!ENTITY https-everywhere.about.version "Version">
-<!ENTITY https-everywhere.about.created_by "Created by">
-<!ENTITY https-everywhere.about.librarians "Ruleset Librarians">
-<!ENTITY https-everywhere.about.thanks "Thanks to">
-<!ENTITY https-everywhere.about.contribute  "If you like HTTPS Everywhere, you might consider">
-<!ENTITY https-everywhere.about.donate_tor "Donating to Tor">
-<!ENTITY https-everywhere.about.tor_lang_code "en">
-<!ENTITY https-everywhere.about.donate_eff "Donating to EFF">
+<!ENTITY https-everywhere.about.rulesets_version "Rulesets version for">
+<!ENTITY https-everywhere.about.add_new_rule "Add New Rule">
 
-<!ENTITY https-everywhere.menu.about "About HTTPS Everywhere">
+<!ENTITY https-everywhere.menu.donate_eff_imperative "Donate to EFF">
 <!ENTITY https-everywhere.menu.observatory "SSL Observatory Preferences">
-<!ENTITY https-everywhere.menu.globalEnable "Enable HTTPS Everywhere">
-<!ENTITY https-everywhere.menu.globalDisable "Disable HTTPS Everywhere">
+<!ENTITY https-everywhere.menu.globalDisable "HTTPS Everywhere is OFF">
+<!ENTITY https-everywhere.menu.globalEnable "HTTPS Everywhere is ON">
+<!ENTITY https-everywhere.menu.encryptAllSitesEligibleOn "Encrypt All Sites Eligible is ON">
+<!ENTITY https-everywhere.menu.encryptAllSitesEligibleOff "Encrypt All Sites Eligible is OFF">
+<!ENTITY https-everywhere.menu.httpNoWhereExplainedBlocked "Unencrypted requests are currently blocked">
+<!ENTITY https-everywhere.menu.httpNoWhereExplainedAllowed "Unencrypted requests are currently allowed">
+<!ENTITY https-everywhere.menu.seeMore "See more">
+<!ENTITY https-everywhere.menu.seeLess "See less">
+<!ENTITY https-everywhere.menu.httpNoWhereMore "This mode blocks unencrypted content and requests">
+<!ENTITY https-everywhere.menu.showCounter "Show Counter">
+<!ENTITY https-everywhere.menu.viewAllRules "View All Rules">
 
-<!ENTITY https-everywhere.prefs.title "HTTPS Everywhere Preferences">
-<!ENTITY https-everywhere.prefs.enable_all "Enable All">
-<!ENTITY https-everywhere.prefs.disable_all "Disable All">
+<!ENTITY https-everywhere.options.settings "Settings">
+<!ENTITY https-everywhere.options.generalSettings "General Settings">
+<!ENTITY https-everywhere.options.advancedSettings "Advanced Settings">
+<!ENTITY https-everywhere.options.updateChannels "Update Channels">
+<!ENTITY https-everywhere.options.enableMixedRulesets "Enable mixed content rulesets">
+<!ENTITY https-everywhere.options.showDevtoolsTab "Show Devtools tab">
+<!ENTITY https-everywhere.options.autoUpdateRulesets "Auto-update rulesets">
+<!ENTITY https-everywhere.options.userRulesListed "HTTPS Everywhere User Rules">
+<!ENTITY https-everywhere.options.disabledUrlsListed "HTTPS Everywhere Sites Disabled">
+<!ENTITY https-everywhere.options.updateChannelsWarning "Warning: Adding update channels can cause attackers to hijack your browser. Only edit this section if you know what you're doing!">
+<!ENTITY https-everywhere.options.addDisabledSite "Add Disabled Site">
+<!ENTITY https-everywhere.options.enterDisabledSite "Enter disabled site">
+<!ENTITY https-everywhere.options.hostNotFormattedCorrectly "This host could not be added because it was not formatted correctly. Please check it and try again.">
+<!ENTITY https-everywhere.options.addUpdateChannel "Add Update Channel">
+<!ENTITY https-everywhere.options.enterUpdateChannelName "Enter update channel name">
+<!ENTITY https-everywhere.options.delete "Delete">
+<!ENTITY https-everywhere.options.update "Update">
+<!ENTITY https-everywhere.options.storedRulesetsVersion "Stored rulesets version: ">
+<!ENTITY https-everywhere.options.updatesLastChecked "Updates last checked: ">
+<!ENTITY https-everywhere.options.updatesLastCheckedNever "never">
+<!ENTITY https-everywhere.options.debuggingRulesets "Debugging Rulesets (advanced)">
+
+<!ENTITY https-everywhere.prefs.export_settings "Export Settings">
 <!ENTITY https-everywhere.prefs.reset_defaults "Reset to Defaults">
-<!ENTITY https-everywhere.prefs.search "Search">
-<!ENTITY https-everywhere.prefs.site "Site">
-<!ENTITY https-everywhere.prefs.notes "Notes">
-<!ENTITY https-everywhere.prefs.list_caption "Which HTTPS redirection rules should apply?">
-<!ENTITY https-everywhere.prefs.enabled "Enabled">
-<!ENTITY https-everywhere.prefs.ruleset_howto "You can learn how to write your own rulesets (to add support for other web sites)">
-<!ENTITY https-everywhere.prefs.here_link "here">
-<!ENTITY https-everywhere.prefs.toggle "Toggle">
-<!ENTITY https-everywhere.prefs.reset_default "Reset to Default">
-<!ENTITY https-everywhere.prefs.view_xml_source "View XML Source">
+<!ENTITY https-everywhere.prefs.reset_defaults_message "This will reset each ruleset to its default state. Continue?">
+
+<!ENTITY https-everywhere.cancel.he_blocking_explainer "HTTPS Everywhere noticed you were navigating to a non-HTTPS page, and tried to send you to the HTTPS version instead. The HTTPS version is unavailable. Most likely this site does not support HTTPS, but it is also possible that an attacker is blocking the HTTPS version. If you wish to view the unencrypted version of this page, you can still do so by disabling the 'Encrypt All Sites Eligible' (EASE) option in your HTTPS Everywhere extension. Be aware that disabling this option could make your browser vulnerable to network-based downgrade attacks on websites you visit.">
+<!ENTITY https-everywhere.cancel.he_blocking_network "network-based downgrade attacks">
+<!ENTITY https-everywhere.cancel.copy_url "Copy URL">
+<!ENTITY https-everywhere.cancel.copied_url "Copied to Clipboard">
+<!ENTITY https-everywhere.cancel.open_page "Disable on this site">
+<!ENTITY https-everywhere.cancel.http_once "Proceed anyway (unsafe)">
 
-<!ENTITY https-everywhere.source.downloading "Downloading">
-<!ENTITY https-everywhere.source.filename "Filename">
-<!ENTITY https-everywhere.source.unable_to_download "Unable to download source.">
+<!ENTITY https-everywhere.onboarding.intro "Encrypt the Web! Automatically use HTTPS security on many sites.">
+<!ENTITY https-everywhere.onboarding.header "HTTPS Everywhere has been updated!">
+<!ENTITY https-everywhere.onboarding.footer "HTTPS Everywhere is an EFF project">
 
-<!ENTITY https-everywhere.popup.title "HTTPS Everywhere 4.0development.11 notification">
-<!ENTITY https-everywhere.popup.paragraph1 "Oops. You were using the stable version of HTTPS Everywhere, but we might have accidentally upgraded you to the development version in our last release.">
-<!ENTITY https-everywhere.popup.paragraph2 "Would you like to go back to stable?">
-<!ENTITY https-everywhere.popup.paragraph3 "We'd love it if you continued using our development release and helped us make HTTPS Everywhere better! You might find there are a few more bugs here and there, which you can report to https-everywhere@eff.org. Sorry about the inconvenience, and thank you for using HTTPS Everywhere.">
-<!ENTITY https-everywhere.popup.keep "Keep me on the development version">
-<!ENTITY https-everywhere.popup.revert "Download the latest stable version">
+<!ENTITY https-everywhere.chrome.settings_for_this_site_header "Settings for this site">
+<!ENTITY https-everywhere.chrome.settings_for_this_site_subheader "Change your preferences for encrypted connections">
+<!ENTITY https-everywhere.chrome.settings_for_this_site_explained "As you browse different websites, you can change your preferences for each website">
+<!ENTITY https-everywhere.chrome.stable_rules "Stable rules">
+<!ENTITY https-everywhere.chrome.stable_rules_description "Force encrypted connections to these websites:">
+<!ENTITY https-everywhere.chrome.experimental_rules "Experimental rules">
+<!ENTITY https-everywhere.chrome.experimental_rules_description "May cause warnings or breakage. Disabled by default.">
+<!ENTITY https-everywhere.chrome.disable_on_this_site "Disable on this site">
+<!ENTITY https-everywhere.chrome.enable_on_this_site "Enable on this site">
+<!ENTITY https-everywhere.chrome.add_rule "Add a rule for this site">
+<!ENTITY https-everywhere.chrome.add_new_rule "Add a new rule for this site">
+<!ENTITY https-everywhere.chrome.always_https_for_host "Always use https for this host">
+<!ENTITY https-everywhere.chrome.host "Host:">
+<!ENTITY https-everywhere.chrome.show_advanced "Show advanced">
+<!ENTITY https-everywhere.chrome.hide_advanced "Hide advanced">
+<!ENTITY https-everywhere.chrome.rule_name "Rule name">
+<!ENTITY https-everywhere.chrome.regex "Matching regex">
+<!ENTITY https-everywhere.chrome.redirect_to "Redirect to">
+<!ENTITY https-everywhere.chrome.status_cancel_button "Cancel">
 
-<!ENTITY https-everywhere.ruleset-tests.status_title "HTTPS Everywhere Ruleset Tests">
-<!ENTITY https-everywhere.ruleset-tests.status_cancel_button "Cancel">
-<!ENTITY https-everywhere.ruleset-tests.status_start_button "Start">
+<!ENTITY https-everywhere.standalone.proxy_server_info_prefix "Proxy server running on">
+<!ENTITY https-everywhere.standalone.transparent_true "You must set up your firewall rules to forward packets to the specified host and port.">
+<!ENTITY https-everywhere.standalone.transparent_false "You must configure your applications to use an HTTP proxy on the specified host and port.">
diff --git a/src/chrome/locale/en/https-everywhere.properties b/src/chrome/locale/en/https-everywhere.properties
deleted file mode 100644
index be838311a3cc..000000000000
--- a/src/chrome/locale/en/https-everywhere.properties
+++ /dev/null
@@ -1,8 +0,0 @@
-https-everywhere.menu.globalEnable = Enable HTTPS Everywhere
-https-everywhere.menu.globalDisable = Disable HTTPS Everywhere
-https-everywhere.menu.enableDisable = Enable / Disable Rules
-https-everywhere.menu.noRules = (No Rules for This Page)
-https-everywhere.menu.unknownRules = (Rules for This Page Unknown)
-https-everywhere.toolbar.hint = HTTPS Everywhere is now active. You can toggle it on a site-by-site basis by clicking the icon in the address bar.
-https-everywhere.migration.notification0 = In order to implement a crucial fix, this update resets your HTTPS Everywhere rule preferences to their default values.
-https-everywhere.menu.ruleset-tests = Run HTTPS Everywhere Ruleset Tests
diff --git a/src/chrome/locale/en/ssl-observatory.dtd b/src/chrome/locale/en/ssl-observatory.dtd
deleted file mode 100644
index 85640828621e..000000000000
--- a/src/chrome/locale/en/ssl-observatory.dtd
+++ /dev/null
@@ -1,95 +0,0 @@
-<!-- Observatory popup window -->
-<!ENTITY ssl-observatory.popup.details "Details and Privacy Information">
-<!ENTITY ssl-observatory.popup.later "Ask Me Later">
-<!ENTITY ssl-observatory.popup.no "No">
-
-<!ENTITY ssl-observatory.popup.text "HTTPS Everywhere can detect attacks
-against your browser by sending the certificates you receive to the
-Observatory.  Turn this on?">
-
-<!--<!ENTITY ssl-observatory.popup.text 
-"EFF's SSL Observatory can detect attacks against HTTPS websites by collecting
-and auditing the certificates being presented to your browser. Would you like
-to turn it on?">-->
-
-<!ENTITY ssl-observatory.popup.title 
-"Should HTTPS Everywhere use the SSL Observatory?">
-
-<!ENTITY ssl-observatory.popup.yes "Yes">
-
-<!-- Observatory preferences dialog -->
-
-<!ENTITY ssl-observatory.prefs.adv_priv_opts1
-"It is safe to enable this, unless you use a very
-intrusive corporate network:">
-
-<!ENTITY ssl-observatory.prefs.adv_priv_opts2
-"Safe, unless you use a corporate network with secret intranet server names:">
-
-<!ENTITY ssl-observatory.prefs.alt_roots 
-"Submit and check certificates signed by non-standard root CAs">
-
-<!ENTITY ssl-observatory.prefs.alt_roots_tooltip 
-"It is safe (and a good idea) to enable this option, unless you use an intrusive corporate network or Kaspersky antivirus software that monitors your browsing with a TLS proxy and a private root Certificate Authority.  If enabled on such a network, this option might publish evidence of which https:// domains were being visited through that proxy, because of the unique certificates it would produce.  So we leave it off by default.">
-
-<!ENTITY ssl-observatory.prefs.anonymous "Check certificates using Tor for anonymity">
-<!ENTITY ssl-observatory.prefs.anonymous_unavailable 
-"Check certificates using Tor for anonymity (requires Tor)">
-<!ENTITY ssl-observatory.prefs.anonymous_tooltip 
-"This option requires Tor to be installed and running">
-
-<!ENTITY ssl-observatory.prefs.asn 
-'When you see a new certificate, tell the Observatory which ISP you are connected to'>
-
-<!ENTITY ssl-observatory.prefs.asn_tooltip
-'This will fetch and send the "Autonomous System number" of your network.  This will help us locate attacks against HTTPS, and to determine whether we have observations from networks in places like Iran and Syria where attacks are comparatively common.'>
-
-<!ENTITY ssl-observatory.prefs.done "Done">
-
-<!ENTITY ssl-observatory.prefs.explanation 
-"HTTPS Everywhere can use EFF's SSL Observatory.  This does two things: (1)
-sends copies of HTTPS certificates to the Observatory, to help us
-detect 'man in the middle' attacks and improve the Web's security; and (2)
-lets us warn you about insecure connections or attacks on your browser.">
-
-<!--<!ENTITY ssl-observatory.prefs.explanation2
-"When you visit https://www.example.com, the Observatory will learn that
-somebody visited that site, but will not know who or what page they looked at.
-Mouseover the options for further details:">-->
-
-<!ENTITY ssl-observatory.prefs.explanation2
-
-"For example, when you visit https://www.something.com, the certificate
-received by the Observatory will indicate that somebody visited
-www.something.com, but not who visited the site, or what specific page they
-looked at.  Mouseover the options for further details:">
-
-<!ENTITY ssl-observatory.prefs.hide "Hide advanced options">
-
-<!ENTITY ssl-observatory.prefs.nonanon 
-"Check certificates even if Tor is not available">
-
-<!ENTITY ssl-observatory.prefs.nonanon_tooltip
-"We will still try to keep the data anonymous, but this option is less secure">
-
-<!ENTITY ssl-observatory.prefs.priv_dns 
-"Submit and check certificates for non-public DNS names">
-
-<!ENTITY ssl-observatory.prefs.priv_dns_tooltip
-"Unless this option is checked, the Observatory will not record certificates for names that it cannot resolve through the DNS system.">
-
-<!ENTITY ssl-observatory.prefs.show "Show advanced options">
-
-<!ENTITY ssl-observatory.prefs.title "SSL Observatory Preferences">
-
-<!ENTITY ssl-observatory.prefs.use "Use the Observatory?">
-<!ENTITY ssl-observatory.warning.title "WARNING from EFF's SSL Observatory">
-<!ENTITY ssl-observatory.warning.showcert "Show the certificate chain">
-<!ENTITY ssl-observatory.warning.okay "I understand">
-<!ENTITY ssl-observatory.warning.text "EFF's SSL Observatory has issued a warning about the HTTPS certificiate(s) for this site:">
-<!ENTITY ssl-observatory.warning.defense "If you are logged in to this site, it may be advisable to change your password once you have a safe connection.">
-
-<!ENTITY ssl-observatory.prefs.self_signed
-"Submit and check self-signed certificates">
-<!ENTITY ssl-observatory.prefs.self_signed_tooltip
-"This is recommended; cryptographic problems are especially common in self-signed embedded devices">
diff --git a/src/chrome/locale/es/https-everywhere.dtd b/src/chrome/locale/es/https-everywhere.dtd
deleted file mode 100644
index 9971a54e26d5..000000000000
--- a/src/chrome/locale/es/https-everywhere.dtd
+++ /dev/null
@@ -1,47 +0,0 @@
-<!ENTITY https-everywhere.about.title "Acerca de HTTPS Everywhere (HTTPS en cualquier sitio)">
-<!ENTITY https-everywhere.about.ext_name "HTTPS Everywhere">
-<!ENTITY https-everywhere.about.ext_description "¡Cifre la Web! Utilice automáticamente la seguridad HTTPS en muchos sitios.">
-<!ENTITY https-everywhere.about.version "Versión">
-<!ENTITY https-everywhere.about.created_by "Creado por">
-<!ENTITY https-everywhere.about.librarians "Bibliotecarios de las reglas">
-<!ENTITY https-everywhere.about.thanks "Agradecimientos para">
-<!ENTITY https-everywhere.about.contribute  "Si le agrada HTTPS Everywhere (HTTPS en cualquier sitio), podría considerar">
-<!ENTITY https-everywhere.about.donate_tor "donar a Tor">
-<!ENTITY https-everywhere.about.tor_lang_code "es">
-<!ENTITY https-everywhere.about.donate_eff "donar a la Fundación Fronteras Electrónicas (EFF)">
-
-<!ENTITY https-everywhere.menu.about "Acerca de HTTPS Everywhere (HTTPS en cualquier sitio)">
-<!ENTITY https-everywhere.menu.observatory "Opciones del Observatorio SSL">
-<!ENTITY https-everywhere.menu.globalEnable "Activar HTTPS Everywhere">
-<!ENTITY https-everywhere.menu.globalDisable "Desactivar HTTPS Everywhere">
-
-<!ENTITY https-everywhere.prefs.title "Preferencias de HTTPS Everywhere">
-<!ENTITY https-everywhere.prefs.enable_all "Habilitar todo">
-<!ENTITY https-everywhere.prefs.disable_all "Deshabilitar todo">
-<!ENTITY https-everywhere.prefs.reset_defaults "Restablecer configuraciones predeterminadas">
-<!ENTITY https-everywhere.prefs.search "Buscar">
-<!ENTITY https-everywhere.prefs.site "Sitio">
-<!ENTITY https-everywhere.prefs.notes "Notas">
-<!ENTITY https-everywhere.prefs.list_caption "¿Qué reglas de redirección HTTPS deberían aplicarse?">
-<!ENTITY https-everywhere.prefs.enabled "Habilitado">
-<!ENTITY https-everywhere.prefs.ruleset_howto "Puede aprender a escribir sus propias reglas (para añadir soporte para otros sitios web)">
-<!ENTITY https-everywhere.prefs.here_link "aquí">
-<!ENTITY https-everywhere.prefs.toggle "Cambiar">
-<!ENTITY https-everywhere.prefs.reset_default "Restablecer configuración predeterminada">
-<!ENTITY https-everywhere.prefs.view_xml_source "Ver código XML">
-
-<!ENTITY https-everywhere.source.downloading "Descargando">
-<!ENTITY https-everywhere.source.filename "Nombre de fichero">
-<!ENTITY https-everywhere.source.unable_to_download "No fue posible descargar el código.">
-
-<!ENTITY https-everywhere.popup.title "Notificación de HTTPS Everywhere 4.0development.11">
-<!ENTITY https-everywhere.popup.paragraph1 "Uups. Está usted usando la versión estable de HTTPS Everywhere, pero podríamos haberle elevado accidentalmente a la versión de desarrollo al publicar la última versión.">
-<!ENTITY https-everywhere.popup.paragraph2 "¿Le gustaría volver a la versión estable?">
-<!ENTITY https-everywhere.popup.paragraph3 "Nos encantaría que continuase usando nuestra versión de desarrollo ¡y nos ayudara a hacer HTTPS Everywhere mejor! Podría encontrar que hay unos pocos fallos más aquí y allá, de los que puede informar a 'https-everywhere@eff.org'. Disculpe la inconveniencia, y gracias por usar HTTPS Everywhere.">
-<!ENTITY https-everywhere.popup.keep "Manténganme en la versión de desarrollo.">
-<!ENTITY https-everywhere.popup.revert "Descargar la última versión estable.">
-
-<!ENTITY https-everywhere.ruleset-tests.status_title "HTTPS Everywhere Ruleset Tests">
-<!ENTITY https-everywhere.ruleset-tests.status_cancel_button "Cancel">
-<!ENTITY https-everywhere.ruleset-tests.status_start_button "Start">
-
diff --git a/src/chrome/locale/es/https-everywhere.properties b/src/chrome/locale/es/https-everywhere.properties
deleted file mode 100644
index 89521589028f..000000000000
--- a/src/chrome/locale/es/https-everywhere.properties
+++ /dev/null
@@ -1,8 +0,0 @@
-https-everywhere.menu.globalEnable = Activar HTTPS Everywhere
-https-everywhere.menu.globalDisable = Desactivar HTTPS Everywhere
-https-everywhere.menu.enableDisable = Habilitar/Deshabilitar reglas
-https-everywhere.menu.noRules = (No hay reglas para esta página)
-https-everywhere.menu.unknownRules = (No se conocen reglas para esta página)
-https-everywhere.toolbar.hint = HTTPS Everywhere no está activo. Puede activarlo sitio por sitio haciendo clic en el icono de la barra de direcciones.
-https-everywhere.migration.notification0 = Para implementar esta reparación crucial, esta actualización restablece sus preferencias de reglas de HTTPS Everywhere a los valores predeterminados.
-https-everywhere.menu.ruleset-tests = Run HTTPS Everywhere Ruleset Tests
diff --git a/src/chrome/locale/es/ssl-observatory.dtd b/src/chrome/locale/es/ssl-observatory.dtd
deleted file mode 100644
index b5ded8096ee0..000000000000
--- a/src/chrome/locale/es/ssl-observatory.dtd
+++ /dev/null
@@ -1,100 +0,0 @@
-<!-- Observatory popup window -->
-<!ENTITY ssl-observatory.popup.details "Detalles e información de privacidad">
-<!ENTITY ssl-observatory.popup.later "Preguntarme luego">
-<!ENTITY ssl-observatory.popup.no "No">
-
-<!ENTITY ssl-observatory.popup.text "HTTPS Everywhere puede detectar ataques 
-contra su navegador enviando los certificados que reciba 
-al Observatorio. ¿Quiere activarlo?">
-
-<!--<!ENTITY ssl-observatory.popup.text 
-"EFF's SSL Observatory can detect attacks against HTTPS websites by collecting
-and auditing the certificates being presented to your browser. Would you like
-to turn it on?">-->
-
-<!ENTITY ssl-observatory.popup.title 
-"¿Debe HTTPS Everywhere utilizar el Observatorio SSL?">
-
-<!ENTITY ssl-observatory.popup.yes "Sí">
-
-<!-- Observatory preferences dialog -->
-
-<!ENTITY ssl-observatory.prefs.adv_priv_opts1
-"Habilitar esto es seguro, a menos que use 
-una red corporativa muy intrusiva:">
-
-<!ENTITY ssl-observatory.prefs.adv_priv_opts2
-"Seguro, a menos que use una red corporativa con nombres de servidores de intranet secretos:">
-
-<!ENTITY ssl-observatory.prefs.alt_roots 
-"Envía y verifica los certificados firmados por autoridades de certificación raíz (ACs/CAs) no standard">
-
-<!ENTITY ssl-observatory.prefs.alt_roots_tooltip 
-"Es seguro (y una buena idea) habilitar esta opción, a menos que utilice una red corporativa intrusiva o el software antivirus Kaspersky que monitoriza su navegación con un proxy TLS y una Autoridad de Certificación raíz privada.  Si se habilita en una red así, esta opción podría evidenciar qué dominios https:// fueron visitados por medio de ese proxy, debido a los certificados únicos que produciría. Por ello viene desactivado por defecto.">
-
-<!ENTITY ssl-observatory.prefs.anonymous "Verificar certificados utilizando Tor para obtener anonimato">
-<!ENTITY ssl-observatory.prefs.anonymous_unavailable 
-"Verificar certificados utilizando Tor para obtener anonimato (requiere Tor)">
-<!ENTITY ssl-observatory.prefs.anonymous_tooltip 
-"Esta opción precisa tener Tor instalado y ejecutandose">
-
-<!ENTITY ssl-observatory.prefs.asn 
-"Al ver un nuevo certificado, comunicar al Observatorio a qué ISP se está conectado">
-
-<!ENTITY ssl-observatory.prefs.asn_tooltip
-"Esto obtendrá y enviará el &quot;número de Sistema Autónomo&quot; (AS) de su red. Esto nos ayudará a ubicar ataques contra HTTPS, y a determinar si tenemos observaciones desde redes en lugares como Irán o Siria donde los ataques son comparativamente más comunes.">
-
-<!ENTITY ssl-observatory.prefs.done "Listo">
-
-<!ENTITY ssl-observatory.prefs.explanation 
-"HTTPS Everywhere puede utilizar el Observatorio SSL de EFF. Esto hace dos cosas: 
-(1) envía copias de los certificados HTTPS al Observatorio, para ayudarnos 
-a detectar ataques de 'hombre en el medio' (MitM) y mejorar la seguridad de la Web; y 
-(2) nos permite advertirle de conexiones inseguras o ataques sobre su navegador.">
-
-<!--<!ENTITY ssl-observatory.prefs.explanation2
-"When you visit https://www.example.com, the Observatory will learn that
-somebody visited that site, but will not know who or what page they looked at.
-Mouseover the options for further details:">-->
-
-<!ENTITY ssl-observatory.prefs.explanation2
-
-"Por ejemplo, cuando visite https://www.algo.com, el certificado 
-recibido por el Observatorio indicará que alguien visitó 
-www.algo.com, pero no quién visitó el sitio, o qué página específica 
-consultó. Pase el ratón sobre las opciones para mayores detalles:">
-
-<!ENTITY ssl-observatory.prefs.hide "Ocultar opciones avanzadas">
-
-<!ENTITY ssl-observatory.prefs.nonanon 
-"Verificar certificados incluso si Tor no está disponible">
-
-<!ENTITY ssl-observatory.prefs.nonanon_tooltip
-"Aún trataremos de mantener anónimos los datos, pero esta opción es menos segura">
-
-<!ENTITY ssl-observatory.prefs.priv_dns 
-"Enviar y verificar certificados para nombres no públicados en DNS">
-
-<!ENTITY ssl-observatory.prefs.priv_dns_tooltip
-"A menos que esta opción esté marcada, el Observatorio no registra certificados para nombres que no pueda resolver a través de DNS.">
-
-<!ENTITY ssl-observatory.prefs.show "Mostrar opciones avanzadas">
-
-<!ENTITY ssl-observatory.prefs.title "Opciones del Observatorio SSL">
-
-<!ENTITY ssl-observatory.prefs.use "¿Utilizar el Observatorio?">
-<!ENTITY ssl-observatory.warning.title "ADVERTENCIA del Observatorio SSL de la EFF">
-<!ENTITY ssl-observatory.warning.showcert "Mostrar la cadena del certificado">
-<!ENTITY ssl-observatory.warning.okay "Entendido">
-<!ENTITY ssl-observatory.warning.text "El Observatorio SSL de la EFF ha emitido una advertencia sobre el(los) certificado(s) para este sitio:">
-<!ENTITY ssl-observatory.warning.defense "Si está autentificado en este sitio, sería aconsejable cambiar su contraseña una vez que se vuelva a autentificar de forma segura.">
-
-<!ENTITY ssl-observatory.prefs.self_signed
-"Enviar y verificar certificados auto-firmados">
-<!ENTITY ssl-observatory.prefs.self_signed_tooltip
-"Esto es recomendable; los problemas de cifrado son especialmente comunes en dispositivos embebidos auto-firmados">
-
-<!ENTITY https-everywhere.ruleset-tests.status_title "HTTPS Everywhere Ruleset Tests">
-<!ENTITY https-everywhere.ruleset-tests.status_cancel_button "Cancel">
-<!ENTITY https-everywhere.ruleset-tests.status_start_button "Start">
-
diff --git a/src/chrome/locale/eu/https-everywhere.dtd b/src/chrome/locale/eu/https-everywhere.dtd
deleted file mode 100644
index 94d9af5ca1cf..000000000000
--- a/src/chrome/locale/eu/https-everywhere.dtd
+++ /dev/null
@@ -1,47 +0,0 @@
-<!ENTITY https-everywhere.about.title "HTTPS Everywhere buruz">
-<!ENTITY https-everywhere.about.ext_name "HTTPS Everywhere">
-<!ENTITY https-everywhere.about.ext_description "Weba enkriptatu! Automatikoki erabili HTTPS segurtasuna leku askotan.">
-<!ENTITY https-everywhere.about.version "Bertsioa">
-<!ENTITY https-everywhere.about.created_by "Sortzaileak">
-<!ENTITY https-everywhere.about.librarians "Arau-sorta Liburuzainak">
-<!ENTITY https-everywhere.about.thanks "Eskerrak">
-<!ENTITY https-everywhere.about.contribute  "HTTPS Everywhere gustoko baduzu, kontutan har zenezake">
-<!ENTITY https-everywhere.about.donate_tor "Torera dohaintza eman">
-<!ENTITY https-everywhere.about.tor_lang_code "en">
-<!ENTITY https-everywhere.about.donate_eff "EFFra dohaintza eman">
-
-<!ENTITY https-everywhere.menu.about "HTTPS Everywhere buruz">
-<!ENTITY https-everywhere.menu.observatory "SSL Behatokiaren Hobespenak">
-<!ENTITY https-everywhere.menu.globalEnable "HTTPS Everywhere gaitu">
-<!ENTITY https-everywhere.menu.globalDisable "HTTPS Everywhere ezgaitu">
-
-<!ENTITY https-everywhere.prefs.title "HTTPS Everywhere Hobespenak">
-<!ENTITY https-everywhere.prefs.enable_all "Gaitu dena">
-<!ENTITY https-everywhere.prefs.disable_all "Ezgaitu dena">
-<!ENTITY https-everywhere.prefs.reset_defaults "Lehenetsiak berrezarri">
-<!ENTITY https-everywhere.prefs.search "Bilatu">
-<!ENTITY https-everywhere.prefs.site "Lekua">
-<!ENTITY https-everywhere.prefs.notes "Oharrak">
-<!ENTITY https-everywhere.prefs.list_caption "Zein HTTPS berbiderapen arau aplikatu beharko nituzke?">
-<!ENTITY https-everywhere.prefs.enabled "Gaituta">
-<!ENTITY https-everywhere.prefs.ruleset_howto "Zure arau-sortak nola idatzi ikas dezakezu (beste webguneentzako laguntza gehitzeko)">
-<!ENTITY https-everywhere.prefs.here_link "hemen">
-<!ENTITY https-everywhere.prefs.toggle "Aldatu">
-<!ENTITY https-everywhere.prefs.reset_default "Lehenetsia berrezarri">
-<!ENTITY https-everywhere.prefs.view_xml_source "XML Iturria ikusi">
-
-<!ENTITY https-everywhere.source.downloading "Deskargatzen">
-<!ENTITY https-everywhere.source.filename "Fitxategi izena">
-<!ENTITY https-everywhere.source.unable_to_download "Ezin izan da iturria deskargatu">
-
-<!ENTITY https-everywhere.popup.title "HTTPS Everywhere 4.0development.11 notification">
-<!ENTITY https-everywhere.popup.paragraph1 "Oops. You were using the stable version of HTTPS Everywhere, but we might have accidentally upgraded you to the development version in our last release.">
-<!ENTITY https-everywhere.popup.paragraph2 "Would you like to go back to stable?">
-<!ENTITY https-everywhere.popup.paragraph3 "We'd love it if you continued using our development release and helped us make HTTPS Everywhere better! You might find there are a few more bugs here and there, which you can report to https-everywhere@eff.org. Sorry about the inconvenience, and thank you for using HTTPS Everywhere.">
-<!ENTITY https-everywhere.popup.keep "Keep me on the development version">
-<!ENTITY https-everywhere.popup.revert "Download the latest stable version">
-
-<!ENTITY https-everywhere.ruleset-tests.status_title "HTTPS Everywhere Ruleset Tests">
-<!ENTITY https-everywhere.ruleset-tests.status_cancel_button "Cancel">
-<!ENTITY https-everywhere.ruleset-tests.status_start_button "Start">
-
diff --git a/src/chrome/locale/eu/https-everywhere.properties b/src/chrome/locale/eu/https-everywhere.properties
deleted file mode 100644
index 20460eb5d691..000000000000
--- a/src/chrome/locale/eu/https-everywhere.properties
+++ /dev/null
@@ -1,8 +0,0 @@
-https-everywhere.menu.globalEnable = HTTPS Everywhere gaitu
-https-everywhere.menu.globalDisable = HTTPS Everywhere ezgaitu
-https-everywhere.menu.enableDisable = Gaitu / Ezgaitu arauak
-https-everywhere.menu.noRules = (Araurik ez gune honetarako)
-https-everywhere.menu.unknownRules = (Gune honetarako arauak ezezagunak)
-https-everywhere.toolbar.hint = HTTPS Everywhere aktibo dago orain. Gunez-gune bere egoera txandakatu dezakezu nabigazio tresna-barrako ikonoan sakatuz.
-https-everywhere.migration.notification0 = In order to implement a crucial fix, this update resets your HTTPS Everywhere rule preferences to their default values.
-https-everywhere.menu.ruleset-tests = Run HTTPS Everywhere Ruleset Tests
diff --git a/src/chrome/locale/eu/ssl-observatory.dtd b/src/chrome/locale/eu/ssl-observatory.dtd
deleted file mode 100644
index 2936b43e9f5e..000000000000
--- a/src/chrome/locale/eu/ssl-observatory.dtd
+++ /dev/null
@@ -1,95 +0,0 @@
-<!-- Observatory popup window -->
-<!ENTITY ssl-observatory.popup.details "Xehetasunak eta Pribatutasun Informazioa">
-<!ENTITY ssl-observatory.popup.later "Beranduago galdeidazu">
-<!ENTITY ssl-observatory.popup.no "Ez">
-
-<!ENTITY ssl-observatory.popup.text "HTTPS Everywherek zure nabigatzailearen aurkako erasoak antzeman ditzake jaso dituzun ziurtagiriak Behatokira bidaliz. Gaitu hau?">
-
-<!--<!ENTITY ssl-observatory.popup.text 
-"EFF's SSL Observatory can detect attacks against HTTPS websites by collecting
-and auditing the certificates being presented to your browser. Would you like
-to turn it on?">-->
-
-<!ENTITY ssl-observatory.popup.title 
-"HTTPS Everywherek SSL Behatokia erabili beharko luke?">
-
-<!ENTITY ssl-observatory.popup.yes "Bai">
-
-<!-- Observatory preferences dialog -->
-
-<!ENTITY ssl-observatory.prefs.adv_priv_opts1
-"Hau gaitzea segurua da, sare korporatibo oso intrusibo bat erabiltzen ez duzun bitartean:">
-
-<!ENTITY ssl-observatory.prefs.adv_priv_opts2
-"Segurua, sare korporatibo bat intranet zerbitzari izen sekretuekin erabiltzen ez duzun bitartean:">
-
-<!ENTITY ssl-observatory.prefs.alt_roots 
-"CA erro ez-estandarrek sinatutako ziurtagiriak egiaztatu eta aurkeztu">
-
-<!ENTITY ssl-observatory.prefs.alt_roots_tooltip 
-"Aukera hau gaitzea segurua (eta ideia ona) da, sare korporatibo intrusibo bat edo TLS proxy batekin eta Ziurtagiri Aginpide erro pribatu batekin zure nabigazioa jarraitzen duen Kaspersky antibirus softwarea erabiltzen ez duzun bitartean. Horrelako sare batean gaitzen baduzu, aukera honek proxy horren bitartez zein https:// domeinu bisitatu diren argitara dezake, sortuko dituen ziurtagiri bakarrengatik. Beraz itzalita uztea lehentsi dugu.">
-
-<!ENTITY ssl-observatory.prefs.anonymous "Egiaztatu ziurtagiriak Tor anonimotasunerako erabiliz">
-<!ENTITY ssl-observatory.prefs.anonymous_unavailable 
-"Egiaztatu ziurtagiriak Tor anonimotasunerako erabiliz (Torbutton behar du)">
-<!ENTITY ssl-observatory.prefs.anonymous_tooltip 
-"Aukera honek Tor eta Torbutton instalatuta izatea behar du">
-
-<!ENTITY ssl-observatory.prefs.asn 
-"Ziurtagiri berri bat ikusten duzunean, Behatokiari zein ISPra konektatuta zauden esan">
-
-<!ENTITY ssl-observatory.prefs.asn_tooltip
-"Honek zure sarearen &quot;Sistema Autonomo zenbakia&quot; lortu eta bidaliko du. Hau HTTPSren aurkako erasoak aurkitzen lagunduko gaitu, eta erasoak konparatiboki arruntak diren Iran eta Siria bezalako lekuetan behaketak ditugun zehaztu.">
-
-<!ENTITY ssl-observatory.prefs.done "Eginda">
-
-<!ENTITY ssl-observatory.prefs.explanation 
-"HTTPS Everywherek EFFren SSL Behatokia erabili dezake. Honek bi gauza egiten ditu: (1)
-HTTPS ziurtagirien kopiak Behatokira bidaltzen ditu, 'man in the middle' erasoak detektatzen eta Webguneen segurtasuna hobetzen lagun gaitzan; eta (2)
-seguruak ez diren konexioetaz edo zure nabigatzailearen aurkako erasoetaz abisa zaitzagun baimentzen digu.">
-
-<!--<!ENTITY ssl-observatory.prefs.explanation2
-"When you visit https://www.example.com, the Observatory will learn that
-somebody visited that site, but will not know who or what page they looked at.
-Mouseover the options for further details:">-->
-
-<!ENTITY ssl-observatory.prefs.explanation2
-
-"Esate baterako, https://www.zerbait.com bisitatzen duzunean, Behatokiak jasotzen duen ziurtagiriak
- norbait www.zerbait.com bisitatu duela adieraziko du, baina ez nork bisitatu duen, edo zehazki zein orri ikusi duen.
-Xehetasun gehiagorako pasa ezazu sagua aukeren gainetik:">
-
-<!ENTITY ssl-observatory.prefs.hide "Aukera aurreratuak ezkutatu">
-
-<!ENTITY ssl-observatory.prefs.nonanon 
-"Ziurtagiriak egiaztatu Tor eskuragarri ez badago ere">
-
-<!ENTITY ssl-observatory.prefs.nonanon_tooltip
-"Oraindik datuak anonimoki mantentzen saiatuko gara, baina aukera hau ez da hain segurua">
-
-<!ENTITY ssl-observatory.prefs.priv_dns 
-"DNS izen ez-publikoentzako ziurtagiriak egiaztatu eta aurkeztu">
-
-<!ENTITY ssl-observatory.prefs.priv_dns_tooltip
-"Aukera hau gaituta ez dagoen bitartean, Behatokiak DNS sistemaren bitartez ebatzi ezin dituen izenentzako ziurtagiriak ez ditu erregistraruko.">
-
-<!ENTITY ssl-observatory.prefs.show "Aukera aurreratuak erakutsi">
-
-<!ENTITY ssl-observatory.prefs.title "SSL Behatokiaren Hobespenak">
-
-<!ENTITY ssl-observatory.prefs.use "Behatokia erabili?">
-<!ENTITY ssl-observatory.warning.title "EFFren SSL Behatokiaren ABISUA">
-<!ENTITY ssl-observatory.warning.showcert "Ziurtagiri katea erakutsi">
-<!ENTITY ssl-observatory.warning.okay "Ulertzen dut">
-<!ENTITY ssl-observatory.warning.text "EFFren SSL Behatokiak leku honen HTTPS ziurtagiri(ar)entzako abisua igorri du:">
-<!ENTITY ssl-observatory.warning.defense "Leku honetan saioa hasi baduzu, konexio seguru bat duzunean zure pasahitza aldatzea komeni da.">
-
-<!ENTITY ssl-observatory.prefs.self_signed
-"Bidali eta egiaztatu norberak-sinatutako ziurtagiriak">
-<!ENTITY ssl-observatory.prefs.self_signed_tooltip
-"Hau gomendatzen da; arazo kriptografikoak norberak-sinatutako kapsulatutako gailuetan bereziki arruntak dira">
-
-<!ENTITY https-everywhere.ruleset-tests.status_title "HTTPS Everywhere Ruleset Tests">
-<!ENTITY https-everywhere.ruleset-tests.status_cancel_button "Cancel">
-<!ENTITY https-everywhere.ruleset-tests.status_start_button "Start">
-
diff --git a/src/chrome/locale/fa/https-everywhere.dtd b/src/chrome/locale/fa/https-everywhere.dtd
deleted file mode 100644
index a8b18f50734a..000000000000
--- a/src/chrome/locale/fa/https-everywhere.dtd
+++ /dev/null
@@ -1,47 +0,0 @@
-<!ENTITY https-everywhere.about.title "درباره‌ی HTTPS همه‌جا">
-<!ENTITY https-everywhere.about.ext_name "HTTPS همه‌جا">
-<!ENTITY https-everywhere.about.ext_description "وب را رمزگذاری کنید! از امنیت HTTPS بصورت خودکار برای بسیاری از وب‌سایت‌ها استفاده کنید.">
-<!ENTITY https-everywhere.about.version "نسخه">
-<!ENTITY https-everywhere.about.created_by "نوشته‌شده توسط">
-<!ENTITY https-everywhere.about.librarians "Ruleset Librarians">
-<!ENTITY https-everywhere.about.thanks "با تشکر از">
-<!ENTITY https-everywhere.about.contribute  "اگر شما از HTTPS همه‌جا راضی هستید، پیشنهاد می‌کنیم">
-<!ENTITY https-everywhere.about.donate_tor "به Tor کمک مالی کنید.">
-<!ENTITY https-everywhere.about.tor_lang_code "fa">
-<!ENTITY https-everywhere.about.donate_eff "به EFF کمک مالی کنید.">
-
-<!ENTITY https-everywhere.menu.about "درباره‌ی HTTPS همه‌جا">
-<!ENTITY https-everywhere.menu.observatory "تنظیم‌های رصدخانه‌ی SSL">
-<!ENTITY https-everywhere.menu.globalEnable "HTTPS همه‌جا را فعال کنید">
-<!ENTITY https-everywhere.menu.globalDisable "HTTPS همه‌جا را غیرفعال کنید">
-
-<!ENTITY https-everywhere.prefs.title "تنظیم‌های HTTPS همه‌جا">
-<!ENTITY https-everywhere.prefs.enable_all "همه‌ی موارد را فعال کنید">
-<!ENTITY https-everywhere.prefs.disable_all "همه‌ی موارد را غیرفعال کنید">
-<!ENTITY https-everywhere.prefs.reset_defaults "بازگشت به تنظیم‌های اولیه">
-<!ENTITY https-everywhere.prefs.search "جستجو">
-<!ENTITY https-everywhere.prefs.site "وب‌سایت">
-<!ENTITY https-everywhere.prefs.notes "یادداشت‌ها">
-<!ENTITY https-everywhere.prefs.list_caption "کدام روال‌های تغییر مسیر HTTPS باید اعمال شوند؟">
-<!ENTITY https-everywhere.prefs.enabled "فعال">
-<!ENTITY https-everywhere.prefs.ruleset_howto "شما می‌توانید یادبگیرید که مجموعه روال‌های خود را بنویسید (تا از وب‌سایت‌های دیگر پشتیبانی کنید)">
-<!ENTITY https-everywhere.prefs.here_link "اینجا">
-<!ENTITY https-everywhere.prefs.toggle "تغییر">
-<!ENTITY https-everywhere.prefs.reset_default "بازگشت به تنظیم‌های اولیه">
-<!ENTITY https-everywhere.prefs.view_xml_source "مشاهده منبع XML">
-
-<!ENTITY https-everywhere.source.downloading "در حال دانلود">
-<!ENTITY https-everywhere.source.filename "نام فایل">
-<!ENTITY https-everywhere.source.unable_to_download "امکان دانلود منبع وجود ندارد.">
-
-<!ENTITY https-everywhere.popup.title "آگهی از همه جا HTTPS نسخه 4.0development.11">
-<!ENTITY https-everywhere.popup.paragraph1 "اوه! شما از نسخه پایدار «همه جا HTTPS» استفاده می کردید، اما احتمالا ما به طور تصادفی در حین آخرین انتشار، شما را به نسخه در حال توسعه ارتقا دادیم. ">
-<!ENTITY https-everywhere.popup.paragraph2 "آیا مایلید به نسخه‌ی پایدار بازگردید؟">
-<!ENTITY https-everywhere.popup.paragraph3 "ما خوشحال می شویم اگر شما همچنان از آخرین نسخه‌ی در حال توسعه منتشر شده ما استفاده کنید! شاید اینجا و آنجا به یکی دو مشکل برخورد کنید که می توانید آنها را به آدرس https-everywhere@eff.org اطلاع دهید. با عرض پوزش به خاطر مشکلات احتمالی و با تشکر به خاطر استفاده از «همه جا HTTPS».">
-<!ENTITY https-everywhere.popup.keep "آخرین نسخه پایدار را داونلود کن">
-<!ENTITY https-everywhere.popup.revert "آخرین نسخه پایدار را داونلود کن">
-
-<!ENTITY https-everywhere.ruleset-tests.status_title "HTTPS Everywhere Ruleset Tests">
-<!ENTITY https-everywhere.ruleset-tests.status_cancel_button "Cancel">
-<!ENTITY https-everywhere.ruleset-tests.status_start_button "Start">
-
diff --git a/src/chrome/locale/fa/https-everywhere.properties b/src/chrome/locale/fa/https-everywhere.properties
deleted file mode 100644
index 7e7959c49da1..000000000000
--- a/src/chrome/locale/fa/https-everywhere.properties
+++ /dev/null
@@ -1,8 +0,0 @@
-https-everywhere.menu.globalEnable = HTTPS همه‌جا را فعال کنید
-https-everywhere.menu.globalDisable = HTTPS همه‌جا را غیرفعال کنید
-https-everywhere.menu.enableDisable = فعال/غیر فعال کردن قوانین
-https-everywhere.menu.noRules = (هیچ قانونی برای این صفحه وجود ندارد)
-https-everywhere.menu.unknownRules = (قوانین مربوط به این صفحه ناشناخته است)
-https-everywhere.toolbar.hint = HTTPS همه‌جا فعال شد. می‌توانید آن را برای هر سایتی که خواستید فعال یا غیرفعال کنید. کافیست روی نمایه آن در نوار آدرس کلیک کنید.
-https-everywhere.migration.notification0 = In order to implement a crucial fix, this update resets your HTTPS Everywhere rule preferences to their default values.
-https-everywhere.menu.ruleset-tests = Run HTTPS Everywhere Ruleset Tests
diff --git a/src/chrome/locale/fa/ssl-observatory.dtd b/src/chrome/locale/fa/ssl-observatory.dtd
deleted file mode 100644
index 3bec572c77e6..000000000000
--- a/src/chrome/locale/fa/ssl-observatory.dtd
+++ /dev/null
@@ -1,91 +0,0 @@
-<!-- Observatory popup window -->
-<!ENTITY ssl-observatory.popup.details "جزییات و حفظ حریم شخصی">
-<!ENTITY ssl-observatory.popup.later "بعدا بپرس">
-<!ENTITY ssl-observatory.popup.no "خیر">
-
-<!ENTITY ssl-observatory.popup.text "HTTPS همه‌جا می‌تواند جمله به مرورگر شما را از طریق ارسال گواهینامه‌هایی که شما دریافت می‌کنید به رصدگر کشف کند. آیا می‌خواهید این امکان فعال شود؟">
-
-<!--<!ENTITY ssl-observatory.popup.text 
-"EFF's SSL Observatory can detect attacks against HTTPS websites by collecting
-and auditing the certificates being presented to your browser. Would you like
-to turn it on?">-->
-
-<!ENTITY ssl-observatory.popup.title 
-"آیا HTTPS همه‌جا باید از رصدگر SSL استفاده کند؟">
-
-<!ENTITY ssl-observatory.popup.yes "بله">
-
-<!-- Observatory preferences dialog -->
-
-<!ENTITY ssl-observatory.prefs.adv_priv_opts1
-"فعال‌کردن این گزینه امن است، مگر این‌که شما از یک شبکه‌ی کاری با درجه‌ی نظارت بالا استفاده کنید:">
-
-<!ENTITY ssl-observatory.prefs.adv_priv_opts2
-"امن، مگر اینکه شما از یک شبکه‌ی کاری با نام‌های مخفی در شبکه‌ی داخلی استفاده کنید:">
-
-<!ENTITY ssl-observatory.prefs.alt_roots 
-"گواهینامه‌های امضا شده توسط نهادهای تایید (CA) غیراستاندارد را برای بررسی ارسال کنید. ">
-
-<!ENTITY ssl-observatory.prefs.alt_roots_tooltip 
-"این یک انتخاب امن (و یک پیشنهاد خوب) است که شما این گزینه را فعال کنید، مگر اینکه شما از یک شبکه‌ی کاری با درجه‌ی نظارت بالا استفاده کنید یا نرم‌افزار ضدویروس کاسپرسکی، که رفتار شما روی وب را به‌کمک TLS proxy و یک نهاد تایید (CA) خصوصی بازرسی می‌کند، روی کامپیوتر شما نصب شده‌باشد. اگر روی شبکه‌ای مانند آن‌چه گفته‌شد قرار دارید، این گزینه می‌توانند این تصور را ایجاد کند که آدرس‌های https:// از طریق یک پروکسی باز شده‌اند. این به‌دلیل گواهینامه‌های منحصربه‌فردی است که در این فرایند تولید می‌شوند. بنابراین، ما این گزینه را بصورت پیشنهاده خاموش کرده‌ایم.">
-
-<!ENTITY ssl-observatory.prefs.anonymous "استفاده از Tor برای مخفی کردن هویت در زمان آزمایش گواهینامه">
-<!ENTITY ssl-observatory.prefs.anonymous_unavailable 
-"استفاده از Tor برای مخفی کردن هویت در زمان آزمایش گواهینامه (نیاز به Torbutton دارد)">
-<!ENTITY ssl-observatory.prefs.anonymous_tooltip 
-"برای استفاده از این امکان لازم است Tor و Torbutton نصب شده‌باشند">
-
-<!ENTITY ssl-observatory.prefs.asn 
-"ارسال نام ISPی که ارتباط را ایجاد کرده است به رصدگر زمانی که یک گواهینامه‌ی جدید دیده شد">
-
-<!ENTITY ssl-observatory.prefs.asn_tooltip
-"این گزینه محتوای Autonomous System number شما را بازیابی کرده و ارسال خواهد کرد. این اطلاع به ما کمک خواهد کرد که حمله علیه HTTPS را مکان‌یابی کنیم و از این طریق ما خواهیم دانست که آیا این مشاهدات به شبکه‌هایی در مناطقی نظیر ایران و سوریه مربوط هستند یا خیر. حملاتی نظیر آنچه گفته‌شد در این مناطق نسبتا معمول هستند.">
-
-<!ENTITY ssl-observatory.prefs.done "انجام شد">
-
-<!ENTITY ssl-observatory.prefs.explanation 
-"HTTPS همه‌جا می‌تواند از رصدگر SSLی که توسط EFF اداره می‌شود استفاده کند. این امکان منتهی به دو اقدام می‌شود. ۱- به این‌ترتیب نسخه‌هایی از گواهینامه‌های HTTPS به رصدگر فرستاده می‌شوند. این مساله به ما این امکان را می‌دهد که حملات «مردی در میان» را کشف کنیم و به این‌ترتیب به امنیت وب کمک کنیم. ۲- ما این امکان را خواهیم داشت که به شما درباره‌ی ارتباطات ناامن یا حملات به مرورگر شما هشدار بدهیم.">
-
-<!--<!ENTITY ssl-observatory.prefs.explanation2
-"When you visit https://www.example.com, the Observatory will learn that
-somebody visited that site, but will not know who or what page they looked at.
-Mouseover the options for further details:">-->
-
-<!ENTITY ssl-observatory.prefs.explanation2
-
-"برای مثال، زمانی که شما صفحه‌ی https://www.something.com را بازدید می‌کنید، گواهینامه‌ای که برای رصدگر ارسال می‌شود نشان خواهد داد که کسی از www.something.com بازدید کرده‌است، اما اینکه دقیقا چه‌کسی یا از چه صفحه‌ای بازدید کرده‌است برای رصدگر دانسته نخواهد بود. موشواره‌ را روی این گزینه ببرید تا اطلاعات بیشتری در این زمینه بگیرید:">
-
-<!ENTITY ssl-observatory.prefs.hide "مخفی‌کردن گزینه‌های پیشرفته">
-
-<!ENTITY ssl-observatory.prefs.nonanon 
-"آزمایش گواهینامه حتی اگر Tor نیز نصب نشده‌باشد">
-
-<!ENTITY ssl-observatory.prefs.nonanon_tooltip
-"ما هم‌چنان تلاش خواهیم کرد که اطلاعات شما را محرمانه نگه‌داریم، اما این گزینه امنیت کمتری دارد">
-
-<!ENTITY ssl-observatory.prefs.priv_dns 
-"ارسال و آزمایش گواهینامه‌ی برای نام‌های DNS غیرعمومی">
-
-<!ENTITY ssl-observatory.prefs.priv_dns_tooltip
-"اگر این گزینه انتخاب نشده‌باشد، رصدگر اطلاعات گواهینامه‌هایی که نام آن‌ها از طریق DNS تعیین‌تکلیف نشود را ذخیره نخواهد کرد.">
-
-<!ENTITY ssl-observatory.prefs.show "نمایش گزینه‌های پیشرفته">
-
-<!ENTITY ssl-observatory.prefs.title "تنظیم‌های رصدگر SSL">
-
-<!ENTITY ssl-observatory.prefs.use "آیا باید از رصدگر استفاده شود؟">
-<!ENTITY ssl-observatory.warning.title "هشدار از رصدگر SSLی که توسط EFF اداره می‌شود">
-<!ENTITY ssl-observatory.warning.showcert "نمایش زنجیره‌ی گواهینامه">
-<!ENTITY ssl-observatory.warning.okay "می‌فهمم">
-<!ENTITY ssl-observatory.warning.text "رصدگر SSLی که توسط EFF اداره می‌شود برای گواهینامه(ها)ی HTTPS این وب‌سایت هشدار صادر کرده‌است:">
-<!ENTITY ssl-observatory.warning.defense "اگر شما در این وب‌سایت لاگین کرده‌اید، پیشنهاد می‌کنیم که زمانی که با یک اتصال امن وارد شدید رمز ورود خود را تغییر دهید.">
-
-<!ENTITY ssl-observatory.prefs.self_signed
-"ارسال و گواهینامه های خود-امضا را بررسی کن">
-<!ENTITY ssl-observatory.prefs.self_signed_tooltip
-"این پیشنهاد میشه؛ مشکلات رمزنگاری بویژه در دستگاههای تعبیه شده خود-امضا رایج هستند">
-
-<!ENTITY https-everywhere.ruleset-tests.status_title "HTTPS Everywhere Ruleset Tests">
-<!ENTITY https-everywhere.ruleset-tests.status_cancel_button "Cancel">
-<!ENTITY https-everywhere.ruleset-tests.status_start_button "Start">
-
diff --git a/src/chrome/locale/fi/https-everywhere.dtd b/src/chrome/locale/fi/https-everywhere.dtd
deleted file mode 100644
index b5211ee5ca1e..000000000000
--- a/src/chrome/locale/fi/https-everywhere.dtd
+++ /dev/null
@@ -1,47 +0,0 @@
-<!ENTITY https-everywhere.about.title "Tietoja HTTPS Everywheresta">
-<!ENTITY https-everywhere.about.ext_name "HTTPS Everywhere">
-<!ENTITY https-everywhere.about.ext_description "Salaa Web! Käytä automaattisesti HTTPS-suojausta useilla sivustoilla.">
-<!ENTITY https-everywhere.about.version "Versio">
-<!ENTITY https-everywhere.about.created_by "Tekijät">
-<!ENTITY https-everywhere.about.librarians "Sääntöjen hallinnoijat">
-<!ENTITY https-everywhere.about.thanks "Kiitokset">
-<!ENTITY https-everywhere.about.contribute  "Jos pidät HTTPS Everywheresta, sinun on mahdollista">
-<!ENTITY https-everywhere.about.donate_tor "lahjoittaa Torille">
-<!ENTITY https-everywhere.about.tor_lang_code "en">
-<!ENTITY https-everywhere.about.donate_eff "lahjoittaa EFFille">
-
-<!ENTITY https-everywhere.menu.about "Tietoja HTTPS Everywheresta">
-<!ENTITY https-everywhere.menu.observatory "SSL Observatoryn asetukset">
-<!ENTITY https-everywhere.menu.globalEnable "Ota HTTPS Everywhere käyttöön">
-<!ENTITY https-everywhere.menu.globalDisable "Poista HTTPS Everywhere käytöstä">
-
-<!ENTITY https-everywhere.prefs.title "HTTPS Everywheren asetukset">
-<!ENTITY https-everywhere.prefs.enable_all "Ota kaikki käyttöön">
-<!ENTITY https-everywhere.prefs.disable_all "Poista kaikki käytöstä">
-<!ENTITY https-everywhere.prefs.reset_defaults "Palauta oletusarvoihin">
-<!ENTITY https-everywhere.prefs.search "Hae">
-<!ENTITY https-everywhere.prefs.site "Sivusto">
-<!ENTITY https-everywhere.prefs.notes "Huomautus">
-<!ENTITY https-everywhere.prefs.list_caption "Mitä HTTPS-uudelleenohjauksia tulisi käyttää?">
-<!ENTITY https-everywhere.prefs.enabled "Käytössä">
-<!ENTITY https-everywhere.prefs.ruleset_howto "Voit opetella kirjoittamaan omia sääntöjäsi (laajentaaksesi muiden sivustojen tukea)">
-<!ENTITY https-everywhere.prefs.here_link "täällä">
-<!ENTITY https-everywhere.prefs.toggle "Vaihda tilaa">
-<!ENTITY https-everywhere.prefs.reset_default "Palauta oletusasetus">
-<!ENTITY https-everywhere.prefs.view_xml_source "Katso XML-lähde">
-
-<!ENTITY https-everywhere.source.downloading "Ladataan">
-<!ENTITY https-everywhere.source.filename "Tiedostonimi">
-<!ENTITY https-everywhere.source.unable_to_download "Lähteen lataaminen epäonnistui.">
-
-<!ENTITY https-everywhere.popup.title "HTTPS Everywhere 4.0development.11 notification">
-<!ENTITY https-everywhere.popup.paragraph1 "Oops. You were using the stable version of HTTPS Everywhere, but we might have accidentally upgraded you to the development version in our last release.">
-<!ENTITY https-everywhere.popup.paragraph2 "Would you like to go back to stable?">
-<!ENTITY https-everywhere.popup.paragraph3 "We'd love it if you continued using our development release and helped us make HTTPS Everywhere better! You might find there are a few more bugs here and there, which you can report to https-everywhere@eff.org. Sorry about the inconvenience, and thank you for using HTTPS Everywhere.">
-<!ENTITY https-everywhere.popup.keep "Keep me on the development version">
-<!ENTITY https-everywhere.popup.revert "Download the latest stable version">
-
-<!ENTITY https-everywhere.ruleset-tests.status_title "HTTPS Everywhere Ruleset Tests">
-<!ENTITY https-everywhere.ruleset-tests.status_cancel_button "Cancel">
-<!ENTITY https-everywhere.ruleset-tests.status_start_button "Start">
-
diff --git a/src/chrome/locale/fi/https-everywhere.properties b/src/chrome/locale/fi/https-everywhere.properties
deleted file mode 100644
index ada876fbdf7f..000000000000
--- a/src/chrome/locale/fi/https-everywhere.properties
+++ /dev/null
@@ -1,8 +0,0 @@
-https-everywhere.menu.globalEnable = Ota HTTPS Everywhere käyttöön
-https-everywhere.menu.globalDisable = Poista HTTPS Everywhere käytöstä
-https-everywhere.menu.enableDisable = Ota sääntöjä käyttöön / poista käytöstä
-https-everywhere.menu.noRules = (Tälle sivulle ei ole sääntöjä)
-https-everywhere.menu.unknownRules = (Sivun sääntöä ei tunnistettu)
-https-everywhere.toolbar.hint = HTTPS Everywhere on käytössä. Voit valita, millä sivustoilla ohjelmaa käytetään, kun napsautat osoiterivissä olevaa kuvaketta.
-https-everywhere.migration.notification0 = In order to implement a crucial fix, this update resets your HTTPS Everywhere rule preferences to their default values.
-https-everywhere.menu.ruleset-tests = Run HTTPS Everywhere Ruleset Tests
diff --git a/src/chrome/locale/fi/ssl-observatory.dtd b/src/chrome/locale/fi/ssl-observatory.dtd
deleted file mode 100644
index 2d53a2567435..000000000000
--- a/src/chrome/locale/fi/ssl-observatory.dtd
+++ /dev/null
@@ -1,91 +0,0 @@
-<!-- Observatory popup window -->
-<!ENTITY ssl-observatory.popup.details "Lisä- ja yksityisyystiedot">
-<!ENTITY ssl-observatory.popup.later "Kysy myöhemmin">
-<!ENTITY ssl-observatory.popup.no "Ei">
-
-<!ENTITY ssl-observatory.popup.text "HTTPS Everywhere voi tunnistaa selaimeen kohdistuvat hyökkäykset lähettämällä varmenteet Observatoryyn. Otetaanko toiminto käyttöön?">
-
-<!--<!ENTITY ssl-observatory.popup.text 
-"EFF's SSL Observatory can detect attacks against HTTPS websites by collecting
-and auditing the certificates being presented to your browser. Would you like
-to turn it on?">-->
-
-<!ENTITY ssl-observatory.popup.title 
-"Tulisiko HTTPS Everywheren käyttää SSL Observatorya?">
-
-<!ENTITY ssl-observatory.popup.yes "Kyllä">
-
-<!-- Observatory preferences dialog -->
-
-<!ENTITY ssl-observatory.prefs.adv_priv_opts1
-"Käyttöön ottaminen on turvallista, jos et käytä hyvin tunkeilevaa yritysverkkoa:">
-
-<!ENTITY ssl-observatory.prefs.adv_priv_opts2
-"Turvallista, jos et käytä yritysverkkoa, jonka intranetin palvelinten nimet on salattu:">
-
-<!ENTITY ssl-observatory.prefs.alt_roots 
-"Lähetä ja tarkista varmenteet, jotka on allekirjoittanut epävirallinen päämyöntäjä">
-
-<!ENTITY ssl-observatory.prefs.alt_roots_tooltip 
-"On turvallista (ja hyvä idea) valita tämä, jos et käytä tunkeilevaa yritysverkkoa tai Kasperskyn viruksentorjuntaohjelmaa, joka seuraa selaamista TLS-välipalvelimen ja yksityisen varmenteen päämyöntäjän avulla. Tällaisessa verkossa tämä asetus voi antaa vihjeitä siitä, missä HTTPS-verkkotunnuksissa välipalvelimen avulla on vierailtu. Vihjeiden syynä ovat niiden tuottamat ainutlaatuiset varmenteet. Tästä syystä valinta ei ole päällä oletusasetuksena.">
-
-<!ENTITY ssl-observatory.prefs.anonymous "Tarkista varmenteet anonyymisti Torilla">
-<!ENTITY ssl-observatory.prefs.anonymous_unavailable 
-"Tarkista varmenteet anonyymisti Torilla (vaatii Torin)">
-<!ENTITY ssl-observatory.prefs.anonymous_tooltip 
-"Tämä valinta edellyttää, että Tor on asennettu ja käytössä.">
-
-<!ENTITY ssl-observatory.prefs.asn 
-"Kun näet uuden varmenteen, kerro Observatorylle, mihin palveluntarjoajaan olet yhteydessä">
-
-<!ENTITY ssl-observatory.prefs.asn_tooltip
-"Tämä noutaa ja lähettää verkkosi autonomisen järjestelmän numerotunnuksen (ASN). Näin pystymme paikantamaan HTTPS:ään kohdistuvat hyökkäykset ja voimme selvittää, ovatko havainnot Iranin ja Syyrian kaltaisten alueiden verkoista, joissa hyökkäykset ovat yleisiä.">
-
-<!ENTITY ssl-observatory.prefs.done "Valmis">
-
-<!ENTITY ssl-observatory.prefs.explanation 
-"HTTPS Everywhere voi hyödyntää EFFin SSL Observatorya. Sillä on kaksi tehtävää: (1) Se lähettää HTTPS-varmenteiden kopiot Observatoryyn, jotta pystyisimme tunnistamaan epärehellisen välittäjän (MitM) hyökkäykset ja edistämään WWW:n turvallisuutta. (2) Sen avulla voimme varoittaa sinua turvattomista yhteyksistä ja selaimeen kohdistuvista hyökkäyksistä.">
-
-<!--<!ENTITY ssl-observatory.prefs.explanation2
-"When you visit https://www.example.com, the Observatory will learn that
-somebody visited that site, but will not know who or what page they looked at.
-Mouseover the options for further details:">-->
-
-<!ENTITY ssl-observatory.prefs.explanation2
-
-"Jos esimerkiksi käyt sivustolla https://www.something.com, Observatoryn vastaanottama varmenne kertoo, että joku on vieraillut osoitteessa www.something.com. Varmenne ei kuitenkaan kerro, kuka on käynyt sivustolla ja mitä tiettyjä sivuja on katseltu. Saat lisätietoja, kun kohdistat hiiren osoittimen valinnan päälle:">
-
-<!ENTITY ssl-observatory.prefs.hide "Piilota lisäasetukset">
-
-<!ENTITY ssl-observatory.prefs.nonanon 
-"Tarkista varmenteet, vaikka Tor ei ole käytössä">
-
-<!ENTITY ssl-observatory.prefs.nonanon_tooltip
-"Yritämme pitää tiedot nimettömänä, mutta tämä valinta on aina turvattomampi.">
-
-<!ENTITY ssl-observatory.prefs.priv_dns 
-"Lähetä ja tarkista yksityisten DNS-nimien varmenteet">
-
-<!ENTITY ssl-observatory.prefs.priv_dns_tooltip
-"Jos tätä valintaa ei ole valittu, Observatory ei kerää varmenteita, joiden nimiä se ei pysty selvittämään nimipalvelujärjestelmällä (DNS).">
-
-<!ENTITY ssl-observatory.prefs.show "Näytä lisäasetukset">
-
-<!ENTITY ssl-observatory.prefs.title "SSL Observatoryn asetukset">
-
-<!ENTITY ssl-observatory.prefs.use "Käytä Observatorya?">
-<!ENTITY ssl-observatory.warning.title "VAROITUS EFFin SSL Observatorylta">
-<!ENTITY ssl-observatory.warning.showcert "Näytä palvelimen varmenneketju">
-<!ENTITY ssl-observatory.warning.okay "Ymmärrän">
-<!ENTITY ssl-observatory.warning.text "EFFin SSL Observatory on varoittanut tämän sivuston yhdestä tai useammasta HTTPS-varmenteesta:">
-<!ENTITY ssl-observatory.warning.defense "Jos olet kirjautunut sivustolle, voi olla suositeltavaa vaihtaa salasana, sitten kun käytössäsi on turvallinen yhteys.">
-
-<!ENTITY ssl-observatory.prefs.self_signed
-"Lähetä ja tarkista sivuston itsensä allekirjoittama varmenne">
-<!ENTITY ssl-observatory.prefs.self_signed_tooltip
-"Tämä on suositeltavaa. Salaukseen liittyvät ongelmat ovat hyvin yleisiä itsensä allekirjoittaneissa sulautetuissa järjestelmissä.">
-
-<!ENTITY https-everywhere.ruleset-tests.status_title "HTTPS Everywhere Ruleset Tests">
-<!ENTITY https-everywhere.ruleset-tests.status_cancel_button "Cancel">
-<!ENTITY https-everywhere.ruleset-tests.status_start_button "Start">
-
diff --git a/src/chrome/locale/fr/https-everywhere.dtd b/src/chrome/locale/fr/https-everywhere.dtd
deleted file mode 100644
index 5efc86220ce7..000000000000
--- a/src/chrome/locale/fr/https-everywhere.dtd
+++ /dev/null
@@ -1,47 +0,0 @@
-<!ENTITY https-everywhere.about.title "À propos de HTTPS Everywhere">
-<!ENTITY https-everywhere.about.ext_name "HTTPS Everywhere">
-<!ENTITY https-everywhere.about.ext_description "Chiffrer le Web ! Utilisez HTTPS automatiquement avec de nombreux sites.">
-<!ENTITY https-everywhere.about.version "Version">
-<!ENTITY https-everywhere.about.created_by "Créé par">
-<!ENTITY https-everywhere.about.librarians "Bibliothécaires de règles">
-<!ENTITY https-everywhere.about.thanks "Merci à">
-<!ENTITY https-everywhere.about.contribute  "Si vous aimez HTTPS Everywhere, vous pouvez">
-<!ENTITY https-everywhere.about.donate_tor "Donner à Tor">
-<!ENTITY https-everywhere.about.tor_lang_code "en">
-<!ENTITY https-everywhere.about.donate_eff "Donner à l'EFF">
-
-<!ENTITY https-everywhere.menu.about "À propos de HTTPS Everywhere">
-<!ENTITY https-everywhere.menu.observatory "Préférences de l'Observatoire SSL ">
-<!ENTITY https-everywhere.menu.globalEnable "Activer HTTPS Everywhere">
-<!ENTITY https-everywhere.menu.globalDisable "Désactiver HTTPS Everywhere">
-
-<!ENTITY https-everywhere.prefs.title "Préférences de HTTPS Everywhere">
-<!ENTITY https-everywhere.prefs.enable_all "Tout activer">
-<!ENTITY https-everywhere.prefs.disable_all "Tout désactiver">
-<!ENTITY https-everywhere.prefs.reset_defaults "Revenir aux paramètres par défaut">
-<!ENTITY https-everywhere.prefs.search "Recherche">
-<!ENTITY https-everywhere.prefs.site "Site">
-<!ENTITY https-everywhere.prefs.notes "Notes">
-<!ENTITY https-everywhere.prefs.list_caption "Quelles règles de redirection HTTPS devraient s'appliquer ?">
-<!ENTITY https-everywhere.prefs.enabled "Activé">
-<!ENTITY https-everywhere.prefs.ruleset_howto "Vous pouvez apprendre à rédiger vos propres règles de redirection (pour la prise en charge d'autres sites Internet)">
-<!ENTITY https-everywhere.prefs.here_link "Ici">
-<!ENTITY https-everywhere.prefs.toggle "Retour">
-<!ENTITY https-everywhere.prefs.reset_default "Revenir aux paramètres par défaut.">
-<!ENTITY https-everywhere.prefs.view_xml_source "Regarder le code source XML">
-
-<!ENTITY https-everywhere.source.downloading "Telécharger">
-<!ENTITY https-everywhere.source.filename "Nom du fichier">
-<!ENTITY https-everywhere.source.unable_to_download "Impossible de télécharger le code source.">
-
-<!ENTITY https-everywhere.popup.title "Notification de HTTPS Everywhere 4.0development.11">
-<!ENTITY https-everywhere.popup.paragraph1 "Oups. Vous utilisiez la version stable de HTTPS Everywhere, mais notre dernière version a pu accidentellement effectuer la mise à jour vers la version de développement.">
-<!ENTITY https-everywhere.popup.paragraph2 "Est-ce que vous souhaitez revenir vers la version stable ?">
-<!ENTITY https-everywhere.popup.paragraph3 "Nous aimerions vous voir continuer à utiliser notre version de développement et à nous aider à améliorer HTTPS Everywhere ! Vous allez peut-être trouver des bugs ça et là, que vous pouvez rapporter (en anglais) en écrivant à https-everywhere@eff.org. Désolé pour le dérangement, et merci d'utiliser HTTPS Everywhere.">
-<!ENTITY https-everywhere.popup.keep "Rester sur la version de développement">
-<!ENTITY https-everywhere.popup.revert "Télécharger la dernière version stable">
-
-<!ENTITY https-everywhere.ruleset-tests.status_title "HTTPS Everywhere Ruleset Tests">
-<!ENTITY https-everywhere.ruleset-tests.status_cancel_button "Cancel">
-<!ENTITY https-everywhere.ruleset-tests.status_start_button "Start">
-
diff --git a/src/chrome/locale/fr/https-everywhere.properties b/src/chrome/locale/fr/https-everywhere.properties
deleted file mode 100644
index a64e511cb22c..000000000000
--- a/src/chrome/locale/fr/https-everywhere.properties
+++ /dev/null
@@ -1,8 +0,0 @@
-https-everywhere.menu.globalEnable = Activer HTTPS Everywhere
-https-everywhere.menu.globalDisable = Désactiver HTTPS Everywhere
-https-everywhere.menu.enableDisable = Activer / Désactiver les règles
-https-everywhere.menu.noRules = (Aucune règle pour cette page)
-https-everywhere.menu.unknownRules = (Règles inconnues pour cette page)
-https-everywhere.toolbar.hint = HTTPS Everywhere est désormais actif. Vous pouvez l'activer sur les sites au cas par cas en cliquant sur l'icône dans la barre d'adresse.
-https-everywhere.migration.notification0 = Afin d'appliquer un correctif crucial, cette mise à jour réinitialise vos règles de préférences HTTPS Everywhere, à leurs valeurs par défaut.
-https-everywhere.menu.ruleset-tests = Run HTTPS Everywhere Ruleset Tests
diff --git a/src/chrome/locale/fr/ssl-observatory.dtd b/src/chrome/locale/fr/ssl-observatory.dtd
deleted file mode 100644
index 0d4d394134bf..000000000000
--- a/src/chrome/locale/fr/ssl-observatory.dtd
+++ /dev/null
@@ -1,90 +0,0 @@
-<!-- Observatory popup window -->
-<!ENTITY ssl-observatory.popup.details "Informations relatives à la vie privée">
-<!ENTITY ssl-observatory.popup.later "Plus tard">
-<!ENTITY ssl-observatory.popup.no "Non">
-
-<!ENTITY ssl-observatory.popup.text " HTTPS Everywhere peut détecter les attaques contre votre navigateur en adressant les certificats reçus à l'Observatoire. Souhaitez-vous activer cette fonctionnalité ?">
-
-<!--<!ENTITY ssl-observatory.popup.text 
-"EFF's SSL Observatory can detect attacks against HTTPS websites by collecting
-and auditing the certificates being presented to your browser. Would you like
-to turn it on?">-->
-
-<!ENTITY ssl-observatory.popup.title 
-"Activer l'usage de l'Observatoire SSL par HTTPS Everywhere ?">
-
-<!ENTITY ssl-observatory.popup.yes "Oui">
-
-<!-- Observatory preferences dialog -->
-
-<!ENTITY ssl-observatory.prefs.adv_priv_opts1
-"Cette option est sécurisée, sauf si vous vous connectez via un réseau d'entreprise très intrusif :">
-
-<!ENTITY ssl-observatory.prefs.adv_priv_opts2
-"Cette option est sécurisée, sauf si vous passez par un réseau d'entreprise qui comporte des serveurs Intranet masqués :">
-
-<!ENTITY ssl-observatory.prefs.alt_roots 
-"Soumettre et vérifier les certificats signés par des autorités inhabituelles">
-
-<!ENTITY ssl-observatory.prefs.alt_roots_tooltip 
-" Il est sûr (et c'est une bonne idée) d'activer cette option, sauf si vous utilisez un réseau d'entreprise intrusif ou le logiciel antivirus Kaspersky qui surveille votre navigation avec un proxy TLS et une autorité racine privée du certificat. Si elle est activée sur un tel réseau, cette option pourrait publier des preuves que tel ou tel domaine a été visité en https:// à travers ce proxy, à cause des certificats uniques qu'elle produirait. Nous la désactivons donc par défaut">
-
-<!ENTITY ssl-observatory.prefs.anonymous "Vérifier les certificats et utiliser l'outil d'anonymat TOR">
-<!ENTITY ssl-observatory.prefs.anonymous_unavailable 
-"Vérifier les certificats et utiliser l'outil d'anonymat TOR (installation du TORbutton indispensable)">
-<!ENTITY ssl-observatory.prefs.anonymous_tooltip 
-"Cette option requiert l'installation de TOR et du Torbutton">
-
-<!ENTITY ssl-observatory.prefs.asn 
-"Quand vous voyez un nouveau certificat, indiquez à l'Observatoire quel FAI vous utilisez maintenant.">
-
-<!ENTITY ssl-observatory.prefs.asn_tooltip
-"Cette option récupérera et rapportera le « Autonomous System number » de votre réseau.  Cela nous aidera à localiser les attaques contre HTTPS, et savoir si nous avons des observations à partir de réseaux dans des pays comme l'Iran et la Syrie où ces attaques sont fréquentes.">
-
-<!ENTITY ssl-observatory.prefs.done "OK">
-
-<!ENTITY ssl-observatory.prefs.explanation 
-"HTTPS Everywhere peut également faire appel à l'Observatoire SSL de l'EFF.  Cela permet deux choses: (1)
-cela adresse les copies des certificats HTTPS à l'Observatoire, ce qui permet de détecter les attaques de type Homme du milieu et d'améliorer la sécurité globale de l'Internet ; et (2)
-cela nous permet de mieux vous informer quant aux connexions non sécurisées et aux attaques sur votre navigateur.">
-
-<!--<!ENTITY ssl-observatory.prefs.explanation2
-"When you visit https://www.example.com, the Observatory will learn that
-somebody visited that site, but will not know who or what page they looked at.
-Mouseover the options for further details:">-->
-
-<!ENTITY ssl-observatory.prefs.explanation2
-
-"Par exemple, si vous visitez https://www.something.com, le certificat reçu par l'Observatoire indiquera que quelqu'un a visité 
-www.something.com, mais pas qui a visité le site, ou quelle page a été lue. Passez votre souris sur les options pour plus d'informations:">
-
-<!ENTITY ssl-observatory.prefs.hide "Cacher les options avancées">
-
-<!ENTITY ssl-observatory.prefs.nonanon 
-"Vérifier les certificats même si TOR n'est pas disponible">
-
-<!ENTITY ssl-observatory.prefs.nonanon_tooltip
-"Nous essaierons toujours de faire en sorte que les données restent confidentielles, mais cette option est moins sécurisée">
-
-<!ENTITY ssl-observatory.prefs.priv_dns 
-"Soumettre et vérifier les certificats des DNS privés">
-
-<!ENTITY ssl-observatory.prefs.priv_dns_tooltip
-"Si cette option est activée, l'Observatoire conservera les certificats des domaines qui ne peuvent être résolus par le système DNS public">
-
-<!ENTITY ssl-observatory.prefs.show "Options avancées">
-
-<!ENTITY ssl-observatory.prefs.title "Préférences de l'Observatoire SSL">
-
-<!ENTITY ssl-observatory.prefs.use "Utiliser l'Observatoire ?">
-<!ENTITY ssl-observatory.warning.title "Avertissement de l'Observatoire SSL">
-<!ENTITY ssl-observatory.warning.showcert "Montrer l'empreinte du certificat">
-<!ENTITY ssl-observatory.warning.okay "Je comprends">
-<!ENTITY ssl-observatory.warning.text "L'Observatoire SSL de l'EFF a publié un avertissement sur les certificats SSL émis par ce site :">
-<!ENTITY ssl-observatory.warning.defense "Si vous vous êtes connecté à ce site, vous devriez changer de mot de passe dès que vous retrouvez une connexion sécurisée.">
-
-<!ENTITY ssl-observatory.prefs.self_signed
-"Envoyer et vérifier des certificats auto-signés">
-<!ENTITY ssl-observatory.prefs.self_signed_tooltip
-"Ceci est recommandé ; les problèmes cryptographiques sont particulièrement fréquents dans les systèmes embarqués auto-signés">
-
diff --git a/src/chrome/locale/he/https-everywhere.dtd b/src/chrome/locale/he/https-everywhere.dtd
deleted file mode 100644
index 1e0109aaf0b3..000000000000
--- a/src/chrome/locale/he/https-everywhere.dtd
+++ /dev/null
@@ -1,47 +0,0 @@
-<!ENTITY https-everywhere.about.title "אודות HTTPS בכל מקום">
-<!ENTITY https-everywhere.about.ext_name "HTTPS בכל מקום">
-<!ENTITY https-everywhere.about.ext_description "הצפן את הרשת! השתמש ב-HTTPS אוטומטית">
-<!ENTITY https-everywhere.about.version "גרסה">
-<!ENTITY https-everywhere.about.created_by "נבנה על ידי">
-<!ENTITY https-everywhere.about.librarians "ספרני מערכת כללים">
-<!ENTITY https-everywhere.about.thanks "תודות ל">
-<!ENTITY https-everywhere.about.contribute  "אם אהבת את HTTPS בכל מקום, אולי תרצה">
-<!ENTITY https-everywhere.about.donate_tor "לתרום ל-Tor">
-<!ENTITY https-everywhere.about.tor_lang_code "אנגלית">
-<!ENTITY https-everywhere.about.donate_eff "תרומה לEFF">
-
-<!ENTITY https-everywhere.menu.about "אודות HTTPS בכל מקום">
-<!ENTITY https-everywhere.menu.observatory "העדפות SSL Observatory">
-<!ENTITY https-everywhere.menu.globalEnable "הפעל את HTTPS בכל מקום">
-<!ENTITY https-everywhere.menu.globalDisable "השבת את HTTPS בכל מקום">
-
-<!ENTITY https-everywhere.prefs.title "הגדרות HTTPS בכל מקום">
-<!ENTITY https-everywhere.prefs.enable_all "הפעל הכל">
-<!ENTITY https-everywhere.prefs.disable_all "השבת הכל">
-<!ENTITY https-everywhere.prefs.reset_defaults "איפוס לברירת מחדל">
-<!ENTITY https-everywhere.prefs.search "חפש">
-<!ENTITY https-everywhere.prefs.site "אתר">
-<!ENTITY https-everywhere.prefs.notes "פתקים">
-<!ENTITY https-everywhere.prefs.list_caption "אילו הגדרות ניתוב HTTPS ליישם?">
-<!ENTITY https-everywhere.prefs.enabled "פועל">
-<!ENTITY https-everywhere.prefs.ruleset_howto "אתה יכול ללמוד איך לכתוב rulesets משלך (להוספת תמיכה באתרי אינטרנט אחרים)">
-<!ENTITY https-everywhere.prefs.here_link "פה">
-<!ENTITY https-everywhere.prefs.toggle "Toggle">
-<!ENTITY https-everywhere.prefs.reset_default "החזר לברירת מחדל">
-<!ENTITY https-everywhere.prefs.view_xml_source "הצג מקור XML">
-
-<!ENTITY https-everywhere.source.downloading "מוריד">
-<!ENTITY https-everywhere.source.filename "שם הקובץ">
-<!ENTITY https-everywhere.source.unable_to_download "הורדת המקור נכשלה">
-
-<!ENTITY https-everywhere.popup.title "HTTPS Everywhere 4.0development.11 notification">
-<!ENTITY https-everywhere.popup.paragraph1 "Oops. You were using the stable version of HTTPS Everywhere, but we might have accidentally upgraded you to the development version in our last release.">
-<!ENTITY https-everywhere.popup.paragraph2 "Would you like to go back to stable?">
-<!ENTITY https-everywhere.popup.paragraph3 "We'd love it if you continued using our development release and helped us make HTTPS Everywhere better! You might find there are a few more bugs here and there, which you can report to https-everywhere@eff.org. Sorry about the inconvenience, and thank you for using HTTPS Everywhere.">
-<!ENTITY https-everywhere.popup.keep "Keep me on the development version">
-<!ENTITY https-everywhere.popup.revert "Download the latest stable version">
-
-<!ENTITY https-everywhere.ruleset-tests.status_title "HTTPS Everywhere Ruleset Tests">
-<!ENTITY https-everywhere.ruleset-tests.status_cancel_button "Cancel">
-<!ENTITY https-everywhere.ruleset-tests.status_start_button "Start">
-
diff --git a/src/chrome/locale/he/https-everywhere.properties b/src/chrome/locale/he/https-everywhere.properties
deleted file mode 100644
index 434edd318774..000000000000
--- a/src/chrome/locale/he/https-everywhere.properties
+++ /dev/null
@@ -1,8 +0,0 @@
-https-everywhere.menu.globalEnable = להפעיל את HTTPS Everywhere
-https-everywhere.menu.globalDisable = להשבית את HTTPS Everywhere
-https-everywhere.menu.enableDisable = להפעיל/להשבית כללים
-https-everywhere.menu.noRules = (אין כללים עבור דף זה)
-https-everywhere.menu.unknownRules = (כללים לדף זה אינם ידועים)
-https-everywhere.toolbar.hint = HTTPS Everywhere is now active. You can toggle it on a site-by-site basis by clicking the icon in the address bar.
-https-everywhere.migration.notification0 = In order to implement a crucial fix, this update resets your HTTPS Everywhere rule preferences to their default values.
-https-everywhere.menu.ruleset-tests = Run HTTPS Everywhere Ruleset Tests
diff --git a/src/chrome/locale/he/ssl-observatory.dtd b/src/chrome/locale/he/ssl-observatory.dtd
deleted file mode 100644
index ab3ed7791c64..000000000000
--- a/src/chrome/locale/he/ssl-observatory.dtd
+++ /dev/null
@@ -1,92 +0,0 @@
-<!-- Observatory popup window -->
-<!ENTITY ssl-observatory.popup.details "פרטים ומידע אישי">
-<!ENTITY ssl-observatory.popup.later "שאל אותי אחר כך">
-<!ENTITY ssl-observatory.popup.no "לא">
-
-<!ENTITY ssl-observatory.popup.text " ">
-
-<!--<!ENTITY ssl-observatory.popup.text 
-"EFF's SSL Observatory can detect attacks against HTTPS websites by collecting
-and auditing the certificates being presented to your browser. Would you like
-to turn it on?">-->
-
-<!ENTITY ssl-observatory.popup.title 
-"האם כדאי ש- HTTPS בכל מקום  ישתמש בתצפית SSL?">
-
-<!ENTITY ssl-observatory.popup.yes "כן">
-
-<!-- Observatory preferences dialog -->
-
-<!ENTITY ssl-observatory.prefs.adv_priv_opts1
-"בטוח לאפשר זאת, אלא אם כן אתה משתמש ברשת תאגידית פולשנית מאוד:">
-
-<!ENTITY ssl-observatory.prefs.adv_priv_opts2
-"בטוח, אלא אם כן אתה משתמש ברשת תאגידית עם שמות שרתים סודיים ברשת זמנית:">
-
-<!ENTITY ssl-observatory.prefs.alt_roots 
-"שלח ובדוק אישורים החתומים על ידי רשויות האישורים העליונות הלא רגילות">
-
-<!ENTITY ssl-observatory.prefs.alt_roots_tooltip 
-"זה בטוח (ורעיון טוב) לאפשר אפשרות זאת, אלא אם כן אתה משתמש ברשת תאגידית פולשנית או תוכנת אנטיוירוס קספרסקי שמנטרת את הגלישה שלך עם פרוקסי TLS  ורשות אישורים עליונה אישית. אם מאופשרת רשת כזאת, אפשרות זאת יכולה לפרסם עדות של אילו כתובות שמתחילות ב https:// בוקרו דרך הפרוקסי הזה, בשל האישור המיוחד שהוא מייצר.  לכן נשאיר זאת כבוי כברירת מחדל.">
-
-<!ENTITY ssl-observatory.prefs.anonymous "בדוק אישורים לשימוש  ב TOR באנונימיות">
-<!ENTITY ssl-observatory.prefs.anonymous_unavailable 
-"בדוק אישורים לשימוש ב  Tor באנונימיות (דורש  Tor )">
-<!ENTITY ssl-observatory.prefs.anonymous_tooltip 
-"אפשרות זאת דורשת ש  Tor יותקן וירוץ ">
-
-<!ENTITY ssl-observatory.prefs.asn 
-"כאשר אתה רואה אישור חדש, תגיד למצפה לאיזה ספק אתה מחובר">
-
-<!ENTITY ssl-observatory.prefs.asn_tooltip
-"זה מביא ושולח את &quot;מספר המערכת האנונימי&quot; של הרשת שלך. זה יעזור לנו למקם התקפות נגד HTTPS, ולקבוע האם יש לנו תצפיות מרשתות במקומות כמו איראן וסוריה שבהם התקפות נפוצות באופן השוואתי.">
-
-<!ENTITY ssl-observatory.prefs.done "הושלם">
-
-<!ENTITY ssl-observatory.prefs.explanation 
-"HTTPS בכל מקום יכול להשתמש במצפה SSL של EFF. זה מקיים שני דברים: 
-(1) שולח עותקים של אישורי  HTTPS למצפה, כדי לעזור לנו לגלות התקפות 'איש באמצע' ולשפר את אבטחת הרשת;  ו (2) מאפשר  לנו להזהיר אותך מפני חיבורים לא מאובטחים או  התקפות על הדפדפן שלך.">
-
-<!--<!ENTITY ssl-observatory.prefs.explanation2
-"When you visit https://www.example.com, the Observatory will learn that
-somebody visited that site, but will not know who or what page they looked at.
-Mouseover the options for further details:">-->
-
-<!ENTITY ssl-observatory.prefs.explanation2
-
-"לדוגמא, כאשר אתה מבקר ב  https://www.something.com, האישור שהתקבל על ידי המצפה יציין שמישהו ביקר ב www.something.com, אבל לא מי ביקר באתר, או על איזה עמוד ספציפי הם הסתכלו. תעבור עם העכבר על האפשרויות בשביל פרטים נוספים:">
-
-<!ENTITY ssl-observatory.prefs.hide "הסתר אפשרויות מתקדמות">
-
-<!ENTITY ssl-observatory.prefs.nonanon 
-"בדוק אישורים אפילו אם Tor לא זמין">
-
-<!ENTITY ssl-observatory.prefs.nonanon_tooltip
-"עדיין ננסה לשמור את הנתונים אנונימיים, אבל אפשרות זאת פחות מאובטחת">
-
-<!ENTITY ssl-observatory.prefs.priv_dns 
-"שלח ובדוק אישורים עבור שמות DNS לא ציבוריים">
-
-<!ENTITY ssl-observatory.prefs.priv_dns_tooltip
-"אלא אם כן האפשרות הזאת נבדקה, המצפה לא יתעד אישורים עבור שמות שהוא לא יכול לגלות דרך מערכת ה DNS ">
-
-<!ENTITY ssl-observatory.prefs.show "הראה אפשרויות מתקדמות">
-
-<!ENTITY ssl-observatory.prefs.title "עדיפויות מצפה SSL">
-
-<!ENTITY ssl-observatory.prefs.use "האם להשתמש במצפה?">
-<!ENTITY ssl-observatory.warning.title "אזהרה ממצפה SSL של EFF">
-<!ENTITY ssl-observatory.warning.showcert "הראה את שרשרת האישורים">
-<!ENTITY ssl-observatory.warning.okay "אני מבין">
-<!ENTITY ssl-observatory.warning.text "מצפה SSL של EFF עוסק באזהרה מפני האישור(ים) של HTTPS  עבור האתר הזה:">
-<!ENTITY ssl-observatory.warning.defense "אם נרשמת לאתר הזה, כדאי לשנות את הסיסמא שלך ברגע שיש לך חיבור בטוח.">
-
-<!ENTITY ssl-observatory.prefs.self_signed
-"שלח ובדוק את האישורים החתומים על ידך">
-<!ENTITY ssl-observatory.prefs.self_signed_tooltip
-"זה מומלץ;  בעיות הצפנה נפוצות במיוחד בכלים משובצים חתומים עצמית">
-
-<!ENTITY https-everywhere.ruleset-tests.status_title "HTTPS Everywhere Ruleset Tests">
-<!ENTITY https-everywhere.ruleset-tests.status_cancel_button "Cancel">
-<!ENTITY https-everywhere.ruleset-tests.status_start_button "Start">
-
diff --git a/src/chrome/locale/hr/https-everywhere.dtd b/src/chrome/locale/hr/https-everywhere.dtd
deleted file mode 100644
index abed09c2be58..000000000000
--- a/src/chrome/locale/hr/https-everywhere.dtd
+++ /dev/null
@@ -1,47 +0,0 @@
-<!ENTITY https-everywhere.about.title "About HTTPS Everywhere">
-<!ENTITY https-everywhere.about.ext_name "HTTPS Everywhere">
-<!ENTITY https-everywhere.about.ext_description "Encrypt the Web! Automatically use HTTPS security on many sites.">
-<!ENTITY https-everywhere.about.version "Version">
-<!ENTITY https-everywhere.about.created_by "Created by">
-<!ENTITY https-everywhere.about.librarians "Ruleset Librarians">
-<!ENTITY https-everywhere.about.thanks "Thanks to">
-<!ENTITY https-everywhere.about.contribute  "If you like HTTPS Everywhere, you might consider">
-<!ENTITY https-everywhere.about.donate_tor "Donating to Tor">
-<!ENTITY https-everywhere.about.tor_lang_code "en">
-<!ENTITY https-everywhere.about.donate_eff "Donating to EFF">
-
-<!ENTITY https-everywhere.menu.about "About HTTPS Everywhere">
-<!ENTITY https-everywhere.menu.observatory "SSL Observatory Preferences">
-<!ENTITY https-everywhere.menu.globalEnable "Enable HTTPS Everywhere">
-<!ENTITY https-everywhere.menu.globalDisable "Disable HTTPS Everywhere">
-
-<!ENTITY https-everywhere.prefs.title "HTTPS Everywhere Preferences">
-<!ENTITY https-everywhere.prefs.enable_all "Enable All">
-<!ENTITY https-everywhere.prefs.disable_all "Disable All">
-<!ENTITY https-everywhere.prefs.reset_defaults "Reset to Defaults">
-<!ENTITY https-everywhere.prefs.search "Search">
-<!ENTITY https-everywhere.prefs.site "Site">
-<!ENTITY https-everywhere.prefs.notes "Notes">
-<!ENTITY https-everywhere.prefs.list_caption "Which HTTPS redirection rules should apply?">
-<!ENTITY https-everywhere.prefs.enabled "Enabled">
-<!ENTITY https-everywhere.prefs.ruleset_howto "You can learn how to write your own rulesets (to add support for other web sites)">
-<!ENTITY https-everywhere.prefs.here_link "here">
-<!ENTITY https-everywhere.prefs.toggle "Toggle">
-<!ENTITY https-everywhere.prefs.reset_default "Reset to Default">
-<!ENTITY https-everywhere.prefs.view_xml_source "View XML Source">
-
-<!ENTITY https-everywhere.source.downloading "Downloading">
-<!ENTITY https-everywhere.source.filename "Filename">
-<!ENTITY https-everywhere.source.unable_to_download "Unable to download source.">
-
-<!ENTITY https-everywhere.popup.title "HTTPS Everywhere 4.0development.11 notification">
-<!ENTITY https-everywhere.popup.paragraph1 "Oops. You were using the stable version of HTTPS Everywhere, but we might have accidentally upgraded you to the development version in our last release.">
-<!ENTITY https-everywhere.popup.paragraph2 "Would you like to go back to stable?">
-<!ENTITY https-everywhere.popup.paragraph3 "We'd love it if you continued using our development release and helped us make HTTPS Everywhere better! You might find there are a few more bugs here and there, which you can report to https-everywhere@eff.org. Sorry about the inconvenience, and thank you for using HTTPS Everywhere.">
-<!ENTITY https-everywhere.popup.keep "Keep me on the development version">
-<!ENTITY https-everywhere.popup.revert "Download the latest stable version">
-
-<!ENTITY https-everywhere.ruleset-tests.status_title "HTTPS Everywhere Ruleset Tests">
-<!ENTITY https-everywhere.ruleset-tests.status_cancel_button "Cancel">
-<!ENTITY https-everywhere.ruleset-tests.status_start_button "Start">
-
diff --git a/src/chrome/locale/hr/https-everywhere.properties b/src/chrome/locale/hr/https-everywhere.properties
deleted file mode 100644
index 7f5aca3b6061..000000000000
--- a/src/chrome/locale/hr/https-everywhere.properties
+++ /dev/null
@@ -1,8 +0,0 @@
-https-everywhere.menu.globalEnable = Omogući HTTPS Svuda
-https-everywhere.menu.globalDisable = Onemogući HTTPS Svuda
-https-everywhere.menu.enableDisable = Omogući / Onemogući Pravila
-https-everywhere.menu.noRules = (Nema Pravila za Ovu Stranicu)
-https-everywhere.menu.unknownRules = (Pravila za Ovu Stranicu Nepoznata)
-https-everywhere.toolbar.hint = HTTPS Svuda je aktivan. Možete ga prebacivati od stranice do stranice tako da kliknete na ikonu na adresnoj traci.
-https-everywhere.migration.notification0 = In order to implement a crucial fix, this update resets your HTTPS Everywhere rule preferences to their default values.
-https-everywhere.menu.ruleset-tests = Run HTTPS Everywhere Ruleset Tests
diff --git a/src/chrome/locale/hr/ssl-observatory.dtd b/src/chrome/locale/hr/ssl-observatory.dtd
deleted file mode 100644
index 430846f8759a..000000000000
--- a/src/chrome/locale/hr/ssl-observatory.dtd
+++ /dev/null
@@ -1,98 +0,0 @@
-<!-- Observatory popup window -->
-<!ENTITY ssl-observatory.popup.details "Pojedinosti i informacije privatnosti">
-<!ENTITY ssl-observatory.popup.later "Pitaj me kasnije">
-<!ENTITY ssl-observatory.popup.no "Ne">
-
-<!ENTITY ssl-observatory.popup.text "HTTPS Everywhere može otkriti napade
-na vaš preglednik šaljući certifikate koje primite
-Opservatoriju.  Želite li uključiti ovo?">
-
-<!--<!ENTITY ssl-observatory.popup.text 
-"EFF's SSL Observatory can detect attacks against HTTPS websites by collecting
-and auditing the certificates being presented to your browser. Would you like
-to turn it on?">-->
-
-<!ENTITY ssl-observatory.popup.title 
-"Treba li HTTPS Everywhere koristiti SSL Opservatorij?">
-
-<!ENTITY ssl-observatory.popup.yes "Da">
-
-<!-- Observatory preferences dialog -->
-
-<!ENTITY ssl-observatory.prefs.adv_priv_opts1
-"Sigurnije je da omogućite ovo, osim ako koristite jako ometajuću korporativnu mrežu:">
-
-<!ENTITY ssl-observatory.prefs.adv_priv_opts2
-"Sigurno, osim ako koristite korporativnu mrežu sa tajnim internet nazivima poslužitelja:">
-
-<!ENTITY ssl-observatory.prefs.alt_roots 
-"Prijavi i provjeri certifikate potpisanim od ne-standardnih korijenskih certifikata">
-
-<!ENTITY ssl-observatory.prefs.alt_roots_tooltip 
-"Sigurno je (i dobra je ideja) da omogućite ovu mogućnost, osim ako koristite ometajuću korporativnu mrežu ili Kaspersky antivirusni softver koji nadgleda vaše surfanje sa TLS proxyjem i privatnim korijenskim certifikatima ovlasti.  Ako je omogućeno na takvoj mreži, ova mogućnost bi mogla objaviti dokaz koja https:// domena je bila posjećena kroz taj proxy, zbog jedinstvenog certifikata kojeg bi proizvela.  Stoga je zadano, ostavljena isključena.">
-
-<!ENTITY ssl-observatory.prefs.anonymous "Provjeri certifikate koristeći Tor za anonimnost">
-<!ENTITY ssl-observatory.prefs.anonymous_unavailable 
-"Provjeri certifikate koristeći Tor za anonimnost (zahtijeva Tortipku)">
-<!ENTITY ssl-observatory.prefs.anonymous_tooltip 
-"Ova mogućnost zahtijeva instalirani Tor i Tortipku">
-
-<!ENTITY ssl-observatory.prefs.asn 
-"Kada vidite novi certifikat, recite Opservatoriju na koji ste ISP spojeni">
-
-<!ENTITY ssl-observatory.prefs.asn_tooltip
-"Ovo će dohvatiti i poslati &quot;Autonomni broj sustava&quot; vaše mreže.  To će nam pomoći u lociranju napada na HTTPS i u otkrivanju kada nas promatraju iz mreža sa mjesta poput Irana i Sirije odkuda stižu učestali napadi.">
-
-<!ENTITY ssl-observatory.prefs.done "Učinjeno">
-
-<!ENTITY ssl-observatory.prefs.explanation 
-"HTTPS Everywhere može koristiti EFF-ov SSL Opservatorij.  Ovo čini dvije stvari: (1)
-šalje kopije HTTPS certifikata Opservatoriju, da nam pomogne otkriti 'glavnog u sredini' napadača i poboljša Web sigurnost; i (2)
-da vas upozorimo o nesigurnim vezama ili napadima na vaš preglednik.">
-
-<!--<!ENTITY ssl-observatory.prefs.explanation2
-"When you visit https://www.example.com, the Observatory will learn that
-somebody visited that site, but will not know who or what page they looked at.
-Mouseover the options for further details:">-->
-
-<!ENTITY ssl-observatory.prefs.explanation2
-
-"Npr., kada posjetite https://www.something.com, certifikat
-primljen od Opservatorija će naznačiti da je netko posjetio
-www.something.com, ali ne tko je posjetio stranicu, ili koju su određenu
-stranicu tražili.  Prelazak mišem za daljnje pojedinosti:">
-
-<!ENTITY ssl-observatory.prefs.hide "Sakrij napredne mogućnpsti">
-
-<!ENTITY ssl-observatory.prefs.nonanon 
-"Provjeri certifikate iako Tor nije dostupan">
-
-<!ENTITY ssl-observatory.prefs.nonanon_tooltip
-"Mi ćemo još uvijek pokušati držati podatke anonimnim, ali ova mogućnost je manje sigurna">
-
-<!ENTITY ssl-observatory.prefs.priv_dns 
-"Prijavite i provjerite certifikate za ne-javne DNS nazive">
-
-<!ENTITY ssl-observatory.prefs.priv_dns_tooltip
-"Ako ova mogućnost nije odabrana, Opservatorij neće snimati certifikate za nazive koji se ne mogu razriješiti kroz DNS sustav.">
-
-<!ENTITY ssl-observatory.prefs.show "Prikaži napredne mogućnosti ">
-
-<!ENTITY ssl-observatory.prefs.title "Osobitosti SSL Opservatorija">
-
-<!ENTITY ssl-observatory.prefs.use "Koristi Opservatorij?">
-<!ENTITY ssl-observatory.warning.title "UPOZORENJE iz EFF-ovog SSL Opservatorija">
-<!ENTITY ssl-observatory.warning.showcert "Prikaži podatak certifikata">
-<!ENTITY ssl-observatory.warning.okay "Razumijem">
-<!ENTITY ssl-observatory.warning.text "EFF-ov SSL Opservatorij je izdao upozorenje o HTTPS certifikatu(ima) za ovu stranicu:">
-<!ENTITY ssl-observatory.warning.defense "Ako ste povezani sa ovom stranicom, preporučljivo je da promijenite svoju lozinku kada uspostavite sigurnu povezanost.">
-
-<!ENTITY ssl-observatory.prefs.self_signed
-"Prijavite i provijerite samopotpisane certifikate">
-<!ENTITY ssl-observatory.prefs.self_signed_tooltip
-"To je preporučljivo; kriptografski problemi su naročito česti u samopotpisanim ugrađenim uređajima">
-
-<!ENTITY https-everywhere.ruleset-tests.status_title "HTTPS Everywhere Ruleset Tests">
-<!ENTITY https-everywhere.ruleset-tests.status_cancel_button "Cancel">
-<!ENTITY https-everywhere.ruleset-tests.status_start_button "Start">
-
diff --git a/src/chrome/locale/hu/https-everywhere.dtd b/src/chrome/locale/hu/https-everywhere.dtd
deleted file mode 100644
index 9a16f3d29bce..000000000000
--- a/src/chrome/locale/hu/https-everywhere.dtd
+++ /dev/null
@@ -1,47 +0,0 @@
-<!ENTITY https-everywhere.about.title "A HTTPS Everywhere névjegye">
-<!ENTITY https-everywhere.about.ext_name "HTTPS Everywhere">
-<!ENTITY https-everywhere.about.ext_description "Titkosítsa a Web-et! Automatikusan használja a HTTPS titkosítást a legtöbb oldalon.">
-<!ENTITY https-everywhere.about.version "Verzió">
-<!ENTITY https-everywhere.about.created_by "Készítette:">
-<!ENTITY https-everywhere.about.librarians "Szabálykészlet könyvtárosok">
-<!ENTITY https-everywhere.about.thanks "Köszönet:">
-<!ENTITY https-everywhere.about.contribute  "Ha tetszik a HTTPS Everywhere, talán megfontolja a következőket:">
-<!ENTITY https-everywhere.about.donate_tor "A Tor támogatása">
-<!ENTITY https-everywhere.about.tor_lang_code "en">
-<!ENTITY https-everywhere.about.donate_eff "Az EFF támogatása">
-
-<!ENTITY https-everywhere.menu.about "A HTTPS Everywhere névjegye">
-<!ENTITY https-everywhere.menu.observatory "SSL Observatory Beállítások">
-<!ENTITY https-everywhere.menu.globalEnable "HTTPS Everywhere bekapcsolása">
-<!ENTITY https-everywhere.menu.globalDisable "HTTPS Everywhere kikapcsolása">
-
-<!ENTITY https-everywhere.prefs.title "HTTPS Everywhere Preferences">
-<!ENTITY https-everywhere.prefs.enable_all "Mind bekapcsolása">
-<!ENTITY https-everywhere.prefs.disable_all "Mind kikapcsolása">
-<!ENTITY https-everywhere.prefs.reset_defaults "Visszaállítás alaphelyzetre">
-<!ENTITY https-everywhere.prefs.search "Keresés">
-<!ENTITY https-everywhere.prefs.site "Oldal">
-<!ENTITY https-everywhere.prefs.notes "Megjegyzések">
-<!ENTITY https-everywhere.prefs.list_caption "Mely HTTPS átirányításokat szeretné használni?">
-<!ENTITY https-everywhere.prefs.enabled "Bekapcsolva">
-<!ENTITY https-everywhere.prefs.ruleset_howto "Megtanulhatja, hogy adhatja hozzá a saját szabálykészletét (hogy további oldalakat támogasson) ">
-<!ENTITY https-everywhere.prefs.here_link "itt">
-<!ENTITY https-everywhere.prefs.toggle "Vált">
-<!ENTITY https-everywhere.prefs.reset_default "Visszaállítás alaphelyzetre">
-<!ENTITY https-everywhere.prefs.view_xml_source "Az XML forrás megtekintése">
-
-<!ENTITY https-everywhere.source.downloading "Letöltés">
-<!ENTITY https-everywhere.source.filename "Fájlnév">
-<!ENTITY https-everywhere.source.unable_to_download "A forrás letöltése sikertelen.">
-
-<!ENTITY https-everywhere.popup.title "HTTPS Everywhere 4.0development.11 notification">
-<!ENTITY https-everywhere.popup.paragraph1 "Oops. You were using the stable version of HTTPS Everywhere, but we might have accidentally upgraded you to the development version in our last release.">
-<!ENTITY https-everywhere.popup.paragraph2 "Would you like to go back to stable?">
-<!ENTITY https-everywhere.popup.paragraph3 "We'd love it if you continued using our development release and helped us make HTTPS Everywhere better! You might find there are a few more bugs here and there, which you can report to https-everywhere@eff.org. Sorry about the inconvenience, and thank you for using HTTPS Everywhere.">
-<!ENTITY https-everywhere.popup.keep "Keep me on the development version">
-<!ENTITY https-everywhere.popup.revert "Download the latest stable version">
-
-<!ENTITY https-everywhere.ruleset-tests.status_title "HTTPS Everywhere Ruleset Tests">
-<!ENTITY https-everywhere.ruleset-tests.status_cancel_button "Cancel">
-<!ENTITY https-everywhere.ruleset-tests.status_start_button "Start">
-
diff --git a/src/chrome/locale/hu/https-everywhere.properties b/src/chrome/locale/hu/https-everywhere.properties
deleted file mode 100644
index 1c95984b9c0e..000000000000
--- a/src/chrome/locale/hu/https-everywhere.properties
+++ /dev/null
@@ -1,8 +0,0 @@
-https-everywhere.menu.globalEnable = HTTPS Everywhere bekapcsolása
-https-everywhere.menu.globalDisable = HTTPS Everywhere kikapcsolása
-https-everywhere.menu.enableDisable = Szabályok Engedélyezése / Tiltása
-https-everywhere.menu.noRules = (nincs szabály ehhez az oldalhoz)
-https-everywhere.menu.unknownRules = (az oldalhoz tartozó szabályok ismeretlenek)
-https-everywhere.toolbar.hint = HTTPS Everywhere is now active. You can toggle it on a site-by-site basis by clicking the icon in the address bar.
-https-everywhere.migration.notification0 = In order to implement a crucial fix, this update resets your HTTPS Everywhere rule preferences to their default values.
-https-everywhere.menu.ruleset-tests = Run HTTPS Everywhere Ruleset Tests
diff --git a/src/chrome/locale/hu/ssl-observatory.dtd b/src/chrome/locale/hu/ssl-observatory.dtd
deleted file mode 100644
index d8291e4c1b2c..000000000000
--- a/src/chrome/locale/hu/ssl-observatory.dtd
+++ /dev/null
@@ -1,96 +0,0 @@
-<!-- Observatory popup window -->
-<!ENTITY ssl-observatory.popup.details "Részletek és adatvédelmi információk">
-<!ENTITY ssl-observatory.popup.later "Kérdezzen meg később">
-<!ENTITY ssl-observatory.popup.no "Nem">
-
-<!ENTITY ssl-observatory.popup.text "A HTTPS Everywhere a böngésző elleni támadásokat képes észlelni, azzal ,hogy elküldi a megkapott tanúsítványokat az Observatory részére. Bekapcsoljuk ezt a funkciót?">
-
-<!--<!ENTITY ssl-observatory.popup.text 
-"EFF's SSL Observatory can detect attacks against HTTPS websites by collecting
-and auditing the certificates being presented to your browser. Would you like
-to turn it on?">-->
-
-<!ENTITY ssl-observatory.popup.title 
-"Használja a HTTPS Everywhere az SSL Observatory-t?">
-
-<!ENTITY ssl-observatory.popup.yes "Igen">
-
-<!-- Observatory preferences dialog -->
-
-<!ENTITY ssl-observatory.prefs.adv_priv_opts1
-"Biztonságos, ha bekapcsolja, kivéve, ha nagyon privát szférába hatoló vállalati hálózatot használ:">
-
-<!ENTITY ssl-observatory.prefs.adv_priv_opts2
-"Biztonságos, ha nem használ titkos internet szerver nevekkel rendelkező vállalati hálózatot:">
-
-<!ENTITY ssl-observatory.prefs.alt_roots 
-"Küldje be és ellenőrizze azon tanúsítványokat, amelyek nem standard tanúsítványkiadótól származnak">
-
-<!ENTITY ssl-observatory.prefs.alt_roots_tooltip 
-"Biztonságos (és javasolt) ha bekapcsolja ezt az opciót, kivéve ha nagyon figyelt vállalati hálózatról vagy Kaspersky víruskereső szoftvert használ, ami figyeli a böngészést egy TLS proxy-val, és egy helyi tanúsítványkiadóval.
-Ha bekapcsolja, az az opció nyomokat hagyhat arról, hogy mely https:// oldalakor látogatott meg azon a proxy-n keresztül, mert egyedi tanúsítványokat hoz létre.
-Tehát hagyja kikapcsolva alapértelmezetten.
-">
-
-<!ENTITY ssl-observatory.prefs.anonymous "A tanúsítványok ellenőrzése Tor-on keresztül az anonimitás megőrzéséhez.">
-<!ENTITY ssl-observatory.prefs.anonymous_unavailable 
-"A tanúsítványok ellenőrzése Tor-on keresztül az anonimitás megőrzéséhez. (Torbutton szükséges hozzá)">
-<!ENTITY ssl-observatory.prefs.anonymous_tooltip 
-"Ez az opció a Tor és Torbutton szoftverek telepítését igényli.">
-
-<!ENTITY ssl-observatory.prefs.asn 
-"Ha új tanúsítványt lát, küldje el az Observatory-nak, hogy mely internet szolgáltatóhoz csatlakozik éppen">
-
-<!ENTITY ssl-observatory.prefs.asn_tooltip
-"Ez kiolvassa és elküldi az ASN számát a hálózatának.  Ez segít a HTTPS elleni támadások észlelésében, és lehetővé teszi az észlelést annak, hogy a támadás olyan hálózatokon zajlik-e mint Irán vagy Szíria, ahol a támadások meglehetősen gyakoriak.">
-
-<!ENTITY ssl-observatory.prefs.done "Kész">
-
-<!ENTITY ssl-observatory.prefs.explanation 
-"A HTTPS Everywhere használni tudja az EFF's SSL Obszervatóriumát (Observatory).  Ez két dolgot jelent: (1)
-elküldi a másolatát a HTTPS kapcoslatok tanúsítványainak az Obszervatóriumba, hogy segítse a MITM támadások észlelését, és növelje a Web biztonságát; és (2)
-lehetővé teszi, hogy figyelmeztessük, ha nem biztonságos a kapcoslata, vagy valaki támadja a böngészőjét.">
-
-<!--<!ENTITY ssl-observatory.prefs.explanation2
-"When you visit https://www.example.com, the Observatory will learn that
-somebody visited that site, but will not know who or what page they looked at.
-Mouseover the options for further details:">-->
-
-<!ENTITY ssl-observatory.prefs.explanation2
-
-"Például, ha meglátogatja a https://www.valami.hu oldalt, a tanúsítvány amit az Obszervatórium megkap, azt jelzi majd, hogy valaki meglátogatta a www.valami.hu oldalt, de nem mutatja, hogy ki, és hogy melyik oldalt nézte.  Húzza az egeret az opciók felé a részletekért:">
-
-<!ENTITY ssl-observatory.prefs.hide "Speciális beállítások elrejtése">
-
-<!ENTITY ssl-observatory.prefs.nonanon 
-"A tanúsítványok ellenőrzése akkor is, ha a Tor nem elérhető">
-
-<!ENTITY ssl-observatory.prefs.nonanon_tooltip
-"Továbbra is megpróbáljuk az adatot névtelenül kezelni, de ez a beállítás kevésbé biztonságos">
-
-<!ENTITY ssl-observatory.prefs.priv_dns 
-"Nem publikus DNS nevekhez tartozó tanúsítványok elküldése és ellenőrzése">
-
-<!ENTITY ssl-observatory.prefs.priv_dns_tooltip
-"Ha ez az opció nicns bejelölve, akkor az Observatory nem rögzíti azon tanúsítványokat, amelyek nem feloldhatók publikus DNS rendszereken keresztül.">
-
-<!ENTITY ssl-observatory.prefs.show "Speciális beállítások megjelenítése">
-
-<!ENTITY ssl-observatory.prefs.title "SSL Observatory Beállítások">
-
-<!ENTITY ssl-observatory.prefs.use "Az Observatory használata?">
-<!ENTITY ssl-observatory.warning.title "FIGYELMEZTETÉS az EFF SSL Observatory-tól">
-<!ENTITY ssl-observatory.warning.showcert "A tanúsítványlánc megjelenítése">
-<!ENTITY ssl-observatory.warning.okay "Megértettem">
-<!ENTITY ssl-observatory.warning.text "Az EFF SSL Oeservatory figyelmeztetést bocsátott az alábbi tanúsítványokról, ehhez az oldalhoz:">
-<!ENTITY ssl-observatory.warning.defense "Ha belépett erre az oldalra, ha már biztonságos kapcsolattal rendelkezik, hogy lecserélje a jelszavát.">
-
-<!ENTITY ssl-observatory.prefs.self_signed
-"A használt önaláírt tanúsítványok feltöltése és ellenőrzése">
-<!ENTITY ssl-observatory.prefs.self_signed_tooltip
-"Ez ajánlott; a kriptográfiai problémák széles körben elterjedtek az önaláírt tanúsítvánnyal ellátott céleszközöknél.">
-
-<!ENTITY https-everywhere.ruleset-tests.status_title "HTTPS Everywhere Ruleset Tests">
-<!ENTITY https-everywhere.ruleset-tests.status_cancel_button "Cancel">
-<!ENTITY https-everywhere.ruleset-tests.status_start_button "Start">
-
diff --git a/src/chrome/locale/it/https-everywhere.dtd b/src/chrome/locale/it/https-everywhere.dtd
deleted file mode 100644
index 48f27958a80b..000000000000
--- a/src/chrome/locale/it/https-everywhere.dtd
+++ /dev/null
@@ -1,47 +0,0 @@
-<!ENTITY https-everywhere.about.title "Informazioni su HTTPS Everywhere">
-<!ENTITY https-everywhere.about.ext_name "HTTPS Everywhere">
-<!ENTITY https-everywhere.about.ext_description "Cripta il Web! Usa HTTPS automaticamente su numerosi siti.">
-<!ENTITY https-everywhere.about.version "Versione">
-<!ENTITY https-everywhere.about.created_by "Creato da">
-<!ENTITY https-everywhere.about.librarians "Autori regole">
-<!ENTITY https-everywhere.about.thanks "Grazie a">
-<!ENTITY https-everywhere.about.contribute  "Se ti piace HTTPS Everywhere, considera anche">
-<!ENTITY https-everywhere.about.donate_tor "Donazioni a Tor">
-<!ENTITY https-everywhere.about.tor_lang_code "it">
-<!ENTITY https-everywhere.about.donate_eff "Donazioni a EFF">
-
-<!ENTITY https-everywhere.menu.about "Informazioni su HTTPS Everywhere">
-<!ENTITY https-everywhere.menu.observatory "Preferenze Osservatorio SSL">
-<!ENTITY https-everywhere.menu.globalEnable "Abilita HTTPS Everywhere">
-<!ENTITY https-everywhere.menu.globalDisable "Disabilita HTTPS Everywhere">
-
-<!ENTITY https-everywhere.prefs.title "Preferenze di HTTPS Everywhere">
-<!ENTITY https-everywhere.prefs.enable_all "Abilita Tutto">
-<!ENTITY https-everywhere.prefs.disable_all "Disabilita Tutto">
-<!ENTITY https-everywhere.prefs.reset_defaults "Ripristina Predefiniti">
-<!ENTITY https-everywhere.prefs.search "Cerca">
-<!ENTITY https-everywhere.prefs.site "Sito">
-<!ENTITY https-everywhere.prefs.notes "Note">
-<!ENTITY https-everywhere.prefs.list_caption "Quali regole di reindirizzamento HTTPS dovrebbero essere applicate?">
-<!ENTITY https-everywhere.prefs.enabled "Abilitato">
-<!ENTITY https-everywhere.prefs.ruleset_howto "Puoi imparare a scrivere i tuoi set di regole (per aggiungere supporto ad altri siti)">
-<!ENTITY https-everywhere.prefs.here_link "qui">
-<!ENTITY https-everywhere.prefs.toggle "Commuta">
-<!ENTITY https-everywhere.prefs.reset_default "Ripristina Predefiniti">
-<!ENTITY https-everywhere.prefs.view_xml_source "Mostra Sorgente XML">
-
-<!ENTITY https-everywhere.source.downloading "Scaricamento">
-<!ENTITY https-everywhere.source.filename "Nome file">
-<!ENTITY https-everywhere.source.unable_to_download "Impossibile scaricare la sorgente.">
-
-<!ENTITY https-everywhere.popup.title "HTTPS Everywhere 4.0development.11 notification">
-<!ENTITY https-everywhere.popup.paragraph1 "Oops. You were using the stable version of HTTPS Everywhere, but we might have accidentally upgraded you to the development version in our last release.">
-<!ENTITY https-everywhere.popup.paragraph2 "Would you like to go back to stable?">
-<!ENTITY https-everywhere.popup.paragraph3 "We'd love it if you continued using our development release and helped us make HTTPS Everywhere better! You might find there are a few more bugs here and there, which you can report to https-everywhere@eff.org. Sorry about the inconvenience, and thank you for using HTTPS Everywhere.">
-<!ENTITY https-everywhere.popup.keep "Keep me on the development version">
-<!ENTITY https-everywhere.popup.revert "Download the latest stable version">
-
-<!ENTITY https-everywhere.ruleset-tests.status_title "HTTPS Everywhere Ruleset Tests">
-<!ENTITY https-everywhere.ruleset-tests.status_cancel_button "Cancel">
-<!ENTITY https-everywhere.ruleset-tests.status_start_button "Start">
-
diff --git a/src/chrome/locale/it/https-everywhere.properties b/src/chrome/locale/it/https-everywhere.properties
deleted file mode 100644
index a6150b219a7a..000000000000
--- a/src/chrome/locale/it/https-everywhere.properties
+++ /dev/null
@@ -1,8 +0,0 @@
-https-everywhere.menu.globalEnable = Abilita HTTPS Everywhere
-https-everywhere.menu.globalDisable = Disabilita HTTPS Everywhere
-https-everywhere.menu.enableDisable = Abilita / Disabilita Regole
-https-everywhere.menu.noRules = (Nessuna Regola per Questa Pagina)
-https-everywhere.menu.unknownRules = (Regole per Questa Pagina Sconosciute)
-https-everywhere.toolbar.hint = HTTPS Everywhere is now active. You can toggle it on a site-by-site basis by clicking the icon in the address bar.
-https-everywhere.migration.notification0 = In order to implement a crucial fix, this update resets your HTTPS Everywhere rule preferences to their default values.
-https-everywhere.menu.ruleset-tests = Run HTTPS Everywhere Ruleset Tests
diff --git a/src/chrome/locale/it/ssl-observatory.dtd b/src/chrome/locale/it/ssl-observatory.dtd
deleted file mode 100644
index 40cbb9fd2684..000000000000
--- a/src/chrome/locale/it/ssl-observatory.dtd
+++ /dev/null
@@ -1,98 +0,0 @@
-<!-- Observatory popup window -->
-<!ENTITY ssl-observatory.popup.details "Dettagli e informazioni sulla privacy">
-<!ENTITY ssl-observatory.popup.later "Chiedimelo più tardi">
-<!ENTITY ssl-observatory.popup.no "No">
-
-<!ENTITY ssl-observatory.popup.text "HTTPS Everywhere può rilevare attacchi
-contro il tuo browser inviando i certificati che ricevi all'
-Osservatorio.  Vuoi abilitarla?">
-
-<!--<!ENTITY ssl-observatory.popup.text 
-"EFF's SSL Observatory can detect attacks against HTTPS websites by collecting
-and auditing the certificates being presented to your browser. Would you like
-to turn it on?">-->
-
-<!ENTITY ssl-observatory.popup.title 
-"Vuoi che HTTPS Everywhere usi l' Osservatorio SSL?">
-
-<!ENTITY ssl-observatory.popup.yes "Sì">
-
-<!-- Observatory preferences dialog -->
-
-<!ENTITY ssl-observatory.prefs.adv_priv_opts1
-"È consigliato abilitarla, a meno che non utilizzi una rete aziendale molto intrusiva:">
-
-<!ENTITY ssl-observatory.prefs.adv_priv_opts2
-"Consigliato, a meno che non utilizzi una rete aziendale con nomi server intranet segreti:">
-
-<!ENTITY ssl-observatory.prefs.alt_roots 
-"Invia e controlla certificati firmati da CA root non standard">
-
-<!ENTITY ssl-observatory.prefs.alt_roots_tooltip 
-"È una buona idea abilitare questa opzione, a meno che non utilizzi una rete aziendale intrusiva o l'antivirus Kaspersky che monitora la tua navigazione con un proxy TLS e una Certificate Authority root privata.  Se viene abilitata in quel caso, questa opzione può pubblicare prove evidenti su quali domini https:// sono stati visitati attraverso quel proxy, a causa di certificati unici che produrrebbe.  Per questo la lasciamo disabilitata in partenza.">
-
-<!ENTITY ssl-observatory.prefs.anonymous "Controlla i certificati usando Tor per l'anonimato">
-<!ENTITY ssl-observatory.prefs.anonymous_unavailable 
-"Controlla i certificati usando Tor per l'anonimato (richiede Torbutton)">
-<!ENTITY ssl-observatory.prefs.anonymous_tooltip 
-"Questa opzione richiede Tor e Torbutton installati">
-
-<!ENTITY ssl-observatory.prefs.asn 
-"Quando trovi un certificato nuovo, comunica all' Osservatorio a quale ISP sei connesso">
-
-<!ENTITY ssl-observatory.prefs.asn_tooltip
-"Recupera e invia il &quot;numero di Sistema Autonomo&quot; della tua rete.  Questo ci aiuterà a localizzare gli attacchi contro HTTPS e a determinare se abbiamo osservazioni provenienti da reti in luoghi come Iran e Siria dove gli attacchi sono relativamente comuni.">
-
-<!ENTITY ssl-observatory.prefs.done "Fatto">
-
-<!ENTITY ssl-observatory.prefs.explanation 
-"HTTPS Everywhere può usare l' Osservatorio SSL di EFF.  Questo fa due cose: (1)
-invia copie dei certificati HTTPS all' Osservatorio per aiutarci ad individuare attacchi 'man in the middle' e migliorare la sicurezza del Web; e (2)
-ci consente di metterti in guardia da connessioni insicure o attacchi al tuo browser.">
-
-<!--<!ENTITY ssl-observatory.prefs.explanation2
-"When you visit https://www.example.com, the Observatory will learn that
-somebody visited that site, but will not know who or what page they looked at.
-Mouseover the options for further details:">-->
-
-<!ENTITY ssl-observatory.prefs.explanation2
-
-"Ad esempio, quando visiti https://www.qualcosa.com, il certificato
-ricevuto dall' Osservatorio indicherà che qualcuno ha visitato
-www.qualcosa.com, ma non chi ha visitato il sito, o quale particolare pagina
-ha visto.  Passa sopra le opzioni con il mouse per maggiori dettagli:">
-
-<!ENTITY ssl-observatory.prefs.hide "Nascondi opzioni avanzate">
-
-<!ENTITY ssl-observatory.prefs.nonanon 
-"Controlla certificati anche se Tor non è disponibile">
-
-<!ENTITY ssl-observatory.prefs.nonanon_tooltip
-"Cercheremo comunque di mantenere i dati anonimi, ma questa opzione è meno sicura">
-
-<!ENTITY ssl-observatory.prefs.priv_dns 
-"Invia e controlla certificati per nomi DNS non pubblici">
-
-<!ENTITY ssl-observatory.prefs.priv_dns_tooltip
-"A meno che questa opzione sia selezionata, l' Osservatorio non registrerà i certificati per nomi che non può risolvere attraverso il sistema DNS.">
-
-<!ENTITY ssl-observatory.prefs.show "Mostra opzioni avanzate">
-
-<!ENTITY ssl-observatory.prefs.title "Preferenze Osservatorio SSL">
-
-<!ENTITY ssl-observatory.prefs.use "Usare l' Osservatorio?">
-<!ENTITY ssl-observatory.warning.title "AVVISO dall' Osservatorio SSL di EFF">
-<!ENTITY ssl-observatory.warning.showcert "Mostra la catena di certificati">
-<!ENTITY ssl-observatory.warning.okay "Capisco">
-<!ENTITY ssl-observatory.warning.text "L' Osservatorio SSL di EFF ha emesso un avviso sul(i) certificato(i) HTTPS di questo sito:">
-<!ENTITY ssl-observatory.warning.defense "Se hai effettuato l'accesso a questo sito, può essere consigliabile cambiare la password appena hai una connessione sicura.">
-
-<!ENTITY ssl-observatory.prefs.self_signed
-"Invia e controlla certificati autofirmati">
-<!ENTITY ssl-observatory.prefs.self_signed_tooltip
-"Consigliato; problemi di crittografia sono particolarmente comuni in dispositivi embedded autofirmati">
-
-<!ENTITY https-everywhere.ruleset-tests.status_title "HTTPS Everywhere Ruleset Tests">
-<!ENTITY https-everywhere.ruleset-tests.status_cancel_button "Cancel">
-<!ENTITY https-everywhere.ruleset-tests.status_start_button "Start">
-
diff --git a/src/chrome/locale/ja/https-everywhere.dtd b/src/chrome/locale/ja/https-everywhere.dtd
deleted file mode 100644
index 140df905ffbe..000000000000
--- a/src/chrome/locale/ja/https-everywhere.dtd
+++ /dev/null
@@ -1,47 +0,0 @@
-<!ENTITY https-everywhere.about.title "HTTPS Everywhereについて">
-<!ENTITY https-everywhere.about.ext_name "HTTPS Everywhere">
-<!ENTITY https-everywhere.about.ext_description "ウェブの暗号化！自動的に多くのサイトにHTTPSセキュリティを使用します。">
-<!ENTITY https-everywhere.about.version "バージョン">
-<!ENTITY https-everywhere.about.created_by "作成者:">
-<!ENTITY https-everywhere.about.librarians "ルール設定ライブラリ">
-<!ENTITY https-everywhere.about.thanks "Thanks to">
-<!ENTITY https-everywhere.about.contribute  "HTTPS Everywhereが好きなら、検討してください">
-<!ENTITY https-everywhere.about.donate_tor "Torに寄付する">
-<!ENTITY https-everywhere.about.tor_lang_code "英語">
-<!ENTITY https-everywhere.about.donate_eff "EFFに寄付する">
-
-<!ENTITY https-everywhere.menu.about "HTTPS Everywhereについて">
-<!ENTITY https-everywhere.menu.observatory "ssl Observatoryの設定">
-<!ENTITY https-everywhere.menu.globalEnable "HTTPS Everywhereを有効化">
-<!ENTITY https-everywhere.menu.globalDisable "HTTPS Everywhereを無効化">
-
-<!ENTITY https-everywhere.prefs.title "HTTPS Everywhereの設定">
-<!ENTITY https-everywhere.prefs.enable_all "全て有効化">
-<!ENTITY https-everywhere.prefs.disable_all "すべて無効化">
-<!ENTITY https-everywhere.prefs.reset_defaults "デフォルトにリセット">
-<!ENTITY https-everywhere.prefs.search "検索">
-<!ENTITY https-everywhere.prefs.site "サイト">
-<!ENTITY https-everywhere.prefs.notes "履歴">
-<!ENTITY https-everywhere.prefs.list_caption "どのHTTPSリダイレクトスールを適用しますか？">
-<!ENTITY https-everywhere.prefs.enabled "有効">
-<!ENTITY https-everywhere.prefs.ruleset_howto "自分のルール設定の書き方を学べます (他のウェブサイトへのサポートを追加)">
-<!ENTITY https-everywhere.prefs.here_link "ここ">
-<!ENTITY https-everywhere.prefs.toggle "切り替え">
-<!ENTITY https-everywhere.prefs.reset_default "デフォルトにリセット">
-<!ENTITY https-everywhere.prefs.view_xml_source "XMLソースを表示">
-
-<!ENTITY https-everywhere.source.downloading "ダウンロード中">
-<!ENTITY https-everywhere.source.filename "ファイル名">
-<!ENTITY https-everywhere.source.unable_to_download "ソースをダウンロード出来ません。">
-
-<!ENTITY https-everywhere.popup.title "HTTPS Everywhere 4.0development.11 notification">
-<!ENTITY https-everywhere.popup.paragraph1 "Oops. You were using the stable version of HTTPS Everywhere, but we might have accidentally upgraded you to the development version in our last release.">
-<!ENTITY https-everywhere.popup.paragraph2 "Would you like to go back to stable?">
-<!ENTITY https-everywhere.popup.paragraph3 "We'd love it if you continued using our development release and helped us make HTTPS Everywhere better! You might find there are a few more bugs here and there, which you can report to https-everywhere@eff.org. Sorry about the inconvenience, and thank you for using HTTPS Everywhere.">
-<!ENTITY https-everywhere.popup.keep "Keep me on the development version">
-<!ENTITY https-everywhere.popup.revert "Download the latest stable version">
-
-<!ENTITY https-everywhere.ruleset-tests.status_title "HTTPS Everywhere Ruleset Tests">
-<!ENTITY https-everywhere.ruleset-tests.status_cancel_button "Cancel">
-<!ENTITY https-everywhere.ruleset-tests.status_start_button "Start">
-
diff --git a/src/chrome/locale/ja/https-everywhere.properties b/src/chrome/locale/ja/https-everywhere.properties
deleted file mode 100644
index 2135ddd5836d..000000000000
--- a/src/chrome/locale/ja/https-everywhere.properties
+++ /dev/null
@@ -1,8 +0,0 @@
-https-everywhere.menu.globalEnable = HTTPS Everywhereを有効化
-https-everywhere.menu.globalDisable = HTTPS Everywhereを無効化
-https-everywhere.menu.enableDisable = ルールを有効化/無効化
-https-everywhere.menu.noRules = (このページにルールはありません)
-https-everywhere.menu.unknownRules = (このページのルールは不明)
-https-everywhere.toolbar.hint = HTTPS Everywhereはげんざい有効です。アドレスバーのアイコンをクリックするとサイトごとを基本に切り替えることができます。
-https-everywhere.migration.notification0 = In order to implement a crucial fix, this update resets your HTTPS Everywhere rule preferences to their default values.
-https-everywhere.menu.ruleset-tests = Run HTTPS Everywhere Ruleset Tests
diff --git a/src/chrome/locale/ja/ssl-observatory.dtd b/src/chrome/locale/ja/ssl-observatory.dtd
deleted file mode 100644
index d9be24fa0d5d..000000000000
--- a/src/chrome/locale/ja/ssl-observatory.dtd
+++ /dev/null
@@ -1,94 +0,0 @@
-<!-- Observatory popup window -->
-<!ENTITY ssl-observatory.popup.details "詳細とプライバシー情報">
-<!ENTITY ssl-observatory.popup.later "後で通知する">
-<!ENTITY ssl-observatory.popup.no "いいえ">
-
-<!ENTITY ssl-observatory.popup.text "HTTPS EverywhereはObservatoryに受け取る証明書を送信することで、あなたのブラウザに対する攻撃を検知できます。これを有効にしますか？">
-
-<!--<!ENTITY ssl-observatory.popup.text 
-"EFF's SSL Observatory can detect attacks against HTTPS websites by collecting
-and auditing the certificates being presented to your browser. Would you like
-to turn it on?">-->
-
-<!ENTITY ssl-observatory.popup.title 
-"HTTPS EverywhereはSSL Observatoryを使用するべきですか？">
-
-<!ENTITY ssl-observatory.popup.yes "はい">
-
-<!-- Observatory preferences dialog -->
-
-<!ENTITY ssl-observatory.prefs.adv_priv_opts1
-"非常に鑑賞される企業ネットワークを使用していなければ、これを有効にする方が安全です:">
-
-<!ENTITY ssl-observatory.prefs.adv_priv_opts2
-"次の秘密イントラネットのサーバー名で企業ネットワークを使用しなければ、安全です:">
-
-<!ENTITY ssl-observatory.prefs.alt_roots 
-"非標準のルートCAによって署名された証明書を確認して情報提供する。">
-
-<!ENTITY ssl-observatory.prefs.alt_roots_tooltip 
-"干渉される企業ネットワークや、TLSプロキシとプライベートルート認証局であなたのブラウジングをモニターしているKasperskyアンチウイルスソフトウェアを使用していなければ、このオプションを有効にすることは安全です (そして、良いアイディアです)。そのようなネットワークで有効にした場合、このオプションは、それが発行する一意な証明書のために、どんなhttps:// domainsがそのプロキシを通じて訪れられたかの証拠を提供してしまう恐れがあります。そのために、私たちはデフォルトではそれをオフにしています。">
-
-<!ENTITY ssl-observatory.prefs.anonymous "匿名性のために証明書のチェックにTorを使う。">
-<!ENTITY ssl-observatory.prefs.anonymous_unavailable 
-"匿名性のために証明書のチェックにTorを使う (Torが必要)。">
-<!ENTITY ssl-observatory.prefs.anonymous_tooltip 
-"このオプションはTorがインストールされ、動作している必要があります。">
-
-<!ENTITY ssl-observatory.prefs.asn 
-"新しい証明書を確認したとき、ObservatoryにあなたがどのISPに接続しているのか伝える">
-
-<!ENTITY ssl-observatory.prefs.asn_tooltip
-"これはあなたのネットワークの「自律システム番号」を収集し、送信します。これは私たちがHTTPSに対する攻撃を検出しするのを支援します。また、私たちが攻撃が比較的一般的であるイランやシリアのような場所でネットワークに観測所を持っているのか確認するのに役立ちます。">
-
-<!ENTITY ssl-observatory.prefs.done "完了">
-
-<!ENTITY ssl-observatory.prefs.explanation 
-"HTTPS EverywhereはEFFのSSL Observatoryを使用することができます。これは２つの働きをします: (1)
-私たちが中間者攻撃を検出し、ウェブセキュリティを向上させるのを支援するために、HTTP証明書のコピーを観測所に送信します。
-そして、(2)
-私たちが安全でない接続やブラウザへの攻撃を警告できるようにします。">
-
-<!--<!ENTITY ssl-observatory.prefs.explanation2
-"When you visit https://www.example.com, the Observatory will learn that
-somebody visited that site, but will not know who or what page they looked at.
-Mouseover the options for further details:">-->
-
-<!ENTITY ssl-observatory.prefs.explanation2
-
-"例えば、https://www.something.com を訪れるとき、観測所が受信した証明書は誰かがwww.something.comを訪れたことを示しますが、誰がこのサイトを訪れたのか、どの特定のページを見ていたのかは示されません。詳細はオプションを選択してください:">
-
-<!ENTITY ssl-observatory.prefs.hide "高度な設定を隠す">
-
-<!ENTITY ssl-observatory.prefs.nonanon 
-"Torが利用できない場合でも証明書をチェックする">
-
-<!ENTITY ssl-observatory.prefs.nonanon_tooltip
-"私たちは今まで通りデータを匿名に保とうとするでしょうが、このオプションは安全性を低下させます">
-
-<!ENTITY ssl-observatory.prefs.priv_dns 
-"非公開DNS名の証明書を確認して提供する">
-
-<!ENTITY ssl-observatory.prefs.priv_dns_tooltip
-"このオプションがチェックされていない場合、ObservatoryはDNSシステムを通して解決できない名前への証明書を記録しません。">
-
-<!ENTITY ssl-observatory.prefs.show "高度な設定を表示する">
-
-<!ENTITY ssl-observatory.prefs.title "ssl Observatoryの設定">
-
-<!ENTITY ssl-observatory.prefs.use "Observatoryを使用しますか?">
-<!ENTITY ssl-observatory.warning.title "EFFのSSL Observatoryから警告">
-<!ENTITY ssl-observatory.warning.showcert "証明書のチェーンを表示">
-<!ENTITY ssl-observatory.warning.okay "了解します">
-<!ENTITY ssl-observatory.warning.text "EFFのSSL ObservatoryはこのサイトへのHTTPS証明書についての警告を出しました。()">
-<!ENTITY ssl-observatory.warning.defense "このサイトにログインしている場合、一度安全な接続を確保してからパスワードを変更するのが賢明かもしれません。">
-
-<!ENTITY ssl-observatory.prefs.self_signed
-"自己署名の証明書を確認して提供する">
-<!ENTITY ssl-observatory.prefs.self_signed_tooltip
-"これは推奨されます。暗号化の問題は、自己署名された組み込みデバイスで特に一般的です。">
-
-<!ENTITY https-everywhere.ruleset-tests.status_title "HTTPS Everywhere Ruleset Tests">
-<!ENTITY https-everywhere.ruleset-tests.status_cancel_button "Cancel">
-<!ENTITY https-everywhere.ruleset-tests.status_start_button "Start">
-
diff --git a/src/chrome/locale/ko/https-everywhere.dtd b/src/chrome/locale/ko/https-everywhere.dtd
deleted file mode 100644
index 55bd81b08374..000000000000
--- a/src/chrome/locale/ko/https-everywhere.dtd
+++ /dev/null
@@ -1,48 +0,0 @@
-<!ENTITY https-everywhere.about.title "HTTPS Everywhere에 대하여
-">
-<!ENTITY https-everywhere.about.ext_name "HTTPS Everywhere">
-<!ENTITY https-everywhere.about.ext_description "웹 암호화! 자동으로 여러 사이트에 HTTPS 보안을 사용합니다.">
-<!ENTITY https-everywhere.about.version "Version">
-<!ENTITY https-everywhere.about.created_by "작성">
-<!ENTITY https-everywhere.about.librarians "규칙설정 라이브러리">
-<!ENTITY https-everywhere.about.thanks "Thanks to">
-<!ENTITY https-everywhere.about.contribute  "모든곳에서 HTTPS를 사용하려면, 고려해 보십시오">
-<!ENTITY https-everywhere.about.donate_tor "Tor에 기부하기">
-<!ENTITY https-everywhere.about.tor_lang_code "en">
-<!ENTITY https-everywhere.about.donate_eff "EFF에 기부하기">
-
-<!ENTITY https-everywhere.menu.about "HTTPS Everywhere에 대하여">
-<!ENTITY https-everywhere.menu.observatory "SSL 관측 환경 설정">
-<!ENTITY https-everywhere.menu.globalEnable "모든곳에서 HTTPS 사용">
-<!ENTITY https-everywhere.menu.globalDisable "모든곳에서 HTTPS 사용 안 함">
-
-<!ENTITY https-everywhere.prefs.title "HTTPS 모든곳 사용 환경 설정">
-<!ENTITY https-everywhere.prefs.enable_all "모두 사용">
-<!ENTITY https-everywhere.prefs.disable_all "모두 사용 안 함">
-<!ENTITY https-everywhere.prefs.reset_defaults "기본값으로 다시 설정">
-<!ENTITY https-everywhere.prefs.search "검색">
-<!ENTITY https-everywhere.prefs.site "사이트">
-<!ENTITY https-everywhere.prefs.notes "참고">
-<!ENTITY https-everywhere.prefs.list_caption "HTTPS 리디렉션 규칙을 적용하시겟습니까?">
-<!ENTITY https-everywhere.prefs.enabled "사용">
-<!ENTITY https-everywhere.prefs.ruleset_howto "자신의 규칙 작성 방법을 배울 수 있습니다 (다른 웹 사이트에 대한 지원 추가)">
-<!ENTITY https-everywhere.prefs.here_link "여기">
-<!ENTITY https-everywhere.prefs.toggle "전환">
-<!ENTITY https-everywhere.prefs.reset_default "기본값으로 다시 설정">
-<!ENTITY https-everywhere.prefs.view_xml_source "XML 소스 보기">
-
-<!ENTITY https-everywhere.source.downloading "다운로드">
-<!ENTITY https-everywhere.source.filename "파일명">
-<!ENTITY https-everywhere.source.unable_to_download "소스를 다운로드할 수 없습니다.">
-
-<!ENTITY https-everywhere.popup.title "HTTPS Everywhere 4.0development.11 notification">
-<!ENTITY https-everywhere.popup.paragraph1 "Oops. You were using the stable version of HTTPS Everywhere, but we might have accidentally upgraded you to the development version in our last release.">
-<!ENTITY https-everywhere.popup.paragraph2 "Would you like to go back to stable?">
-<!ENTITY https-everywhere.popup.paragraph3 "We'd love it if you continued using our development release and helped us make HTTPS Everywhere better! You might find there are a few more bugs here and there, which you can report to https-everywhere@eff.org. Sorry about the inconvenience, and thank you for using HTTPS Everywhere.">
-<!ENTITY https-everywhere.popup.keep "Keep me on the development version">
-<!ENTITY https-everywhere.popup.revert "Download the latest stable version">
-
-<!ENTITY https-everywhere.ruleset-tests.status_title "HTTPS Everywhere Ruleset Tests">
-<!ENTITY https-everywhere.ruleset-tests.status_cancel_button "Cancel">
-<!ENTITY https-everywhere.ruleset-tests.status_start_button "Start">
-
diff --git a/src/chrome/locale/ko/https-everywhere.properties b/src/chrome/locale/ko/https-everywhere.properties
deleted file mode 100644
index 110e0b8de278..000000000000
--- a/src/chrome/locale/ko/https-everywhere.properties
+++ /dev/null
@@ -1,8 +0,0 @@
-https-everywhere.menu.globalEnable = 모든 곳에서 HTTPS 사용
-https-everywhere.menu.globalDisable = 모든 곳에서 HTTPS 사용 안 함
-https-everywhere.menu.enableDisable = 규칙 활성화 / 비활성화
-https-everywhere.menu.noRules = (이 페이지를 위한 규칙 없음)
-https-everywhere.menu.unknownRules = (알 수 없는 이 페이지를 위한 규칙)
-https-everywhere.toolbar.hint = HTTPS Everywhere is now active. You can toggle it on a site-by-site basis by clicking the icon in the address bar.
-https-everywhere.migration.notification0 = In order to implement a crucial fix, this update resets your HTTPS Everywhere rule preferences to their default values.
-https-everywhere.menu.ruleset-tests = Run HTTPS Everywhere Ruleset Tests
diff --git a/src/chrome/locale/ko/ssl-observatory.dtd b/src/chrome/locale/ko/ssl-observatory.dtd
deleted file mode 100644
index 83deb5982f57..000000000000
--- a/src/chrome/locale/ko/ssl-observatory.dtd
+++ /dev/null
@@ -1,92 +0,0 @@
-<!-- Observatory popup window -->
-<!ENTITY ssl-observatory.popup.details "세부 사항과 사생활 정보">
-<!ENTITY ssl-observatory.popup.later "나중에 알림">
-<!ENTITY ssl-observatory.popup.no "아니도">
-
-<!ENTITY ssl-observatory.popup.text "HTTPS Everywhere">
-
-<!--<!ENTITY ssl-observatory.popup.text 
-"EFF's SSL Observatory can detect attacks against HTTPS websites by collecting
-and auditing the certificates being presented to your browser. Would you like
-to turn it on?">-->
-
-<!ENTITY ssl-observatory.popup.title 
-"HTTPS Everywhere이 SSL 관측소를 사용해야 합니까?">
-
-<!ENTITY ssl-observatory.popup.yes "예">
-
-<!-- Observatory preferences dialog -->
-
-<!ENTITY ssl-observatory.prefs.adv_priv_opts1
-"매우 방해하는 기업 네트워크를 사용중이지 않으면, 이것을 사용하는 것이 안전압니다.">
-
-<!ENTITY ssl-observatory.prefs.adv_priv_opts2
-"다음 비밀 서버 이름과 기업 네트워크를 사용하지 않는다면, 안전합니다.">
-
-<!ENTITY ssl-observatory.prefs.alt_roots 
-"비표준 루트 CA로부터 서명되지 않은 인증서를 확인하고 제보함.">
-
-<!ENTITY ssl-observatory.prefs.alt_roots_tooltip 
-"개인 루트 인증서 권한과 부라우징을 모니터하는 방해하는 기업 네트워크나 TLS 프록시와  카스퍼스키 안티바이러스를 사용하지 않는다면,  이 옵션을 활성화하는 것은 안전합니다(그리고 좋은 생각입니다).   그 네트워크에서 활성화된다면, 이 옵션은 제공되어져야하는 드문 인증서 때문에 https:// 도메인을 그 프록시를 통해 방문한 증거를 알릴 것입니다.  그래서 우리는 기본값으로 두는 것을 추천합니다.">
-
-<!ENTITY ssl-observatory.prefs.anonymous "익명을 위해 Tor를 사용하는 동안 인증서 확인">
-<!ENTITY ssl-observatory.prefs.anonymous_unavailable 
-"익명을 위해 Tor를 사용하는 동안 인증서 확인 (Torcheck 권장)">
-<!ENTITY ssl-observatory.prefs.anonymous_tooltip 
-"이 옵션은 Tor와 Torbutton이 설치된 경우 권장됩니다.">
-
-<!ENTITY ssl-observatory.prefs.asn 
-"새로운 인증서를 볼 때, 어떤 ISP에 연결되어 있는지 관측소에 말하십시오.">
-
-<!ENTITY ssl-observatory.prefs.asn_tooltip
-"이것은 귀하의 네트워크의 &quot;자율 시스템 번호&quot;를 수집하고 전송할 것입니다.  이것은 우리가 HTTPS에 대항하는 공격을 찾는 것에 대해 도움을 줄 것입니다. 그리고 우리는 공격이 비교적 일반적인 이란과 시리아와 같은 장소에서 네트워크에서 관측소를 가지고 있는지에 대한 여부를 확인하는 데 도움이 될 것입니다.">
-
-<!ENTITY ssl-observatory.prefs.done "완료">
-
-<!ENTITY ssl-observatory.prefs.explanation 
-"HTTPS Everywhere은 EFF의 SSL 관측소를 사용할 수 있습니다.  이것은 두 가지 일을 합니다: (1)
-중간자 공격을 감지하고 웹의 보안을 향상시키는 것을 돕기 위해, HTTPS 인증서의 복사본을 SSL 관측소로 보냅니다. 그리고 (2) 우리가 귀하에게 보안적이지 않는 연결이나 브라우저에 대한 공격에 대해 경고하도록 합니다.">
-
-<!--<!ENTITY ssl-observatory.prefs.explanation2
-"When you visit https://www.example.com, the Observatory will learn that
-somebody visited that site, but will not know who or what page they looked at.
-Mouseover the options for further details:">-->
-
-<!ENTITY ssl-observatory.prefs.explanation2
-
-"예를 들어, https://www.something.com을 방문할 때, 관측소에서 받은 인증서는 누가 사이트를 방문했는지가 아닌, 누가 www.something.com을 방문했거나, 그들이 본 특정한 페이지 키를 표시할 것입니다.  더 많은 세부사항을 위해 옵션을 선택하십시오.">
-
-<!ENTITY ssl-observatory.prefs.hide "고급 설정 숨기기">
-
-<!ENTITY ssl-observatory.prefs.nonanon 
-"Tor가 가능하지 않더라도 인증서 확인">
-
-<!ENTITY ssl-observatory.prefs.nonanon_tooltip
-"우리는 계속 데이터를 익명으로 보내겠지만, 이 선택은 덜 보안적입니다.">
-
-<!ENTITY ssl-observatory.prefs.priv_dns 
-"non-public DNS 이름을 위한 인증서 확인과 제출">
-
-<!ENTITY ssl-observatory.prefs.priv_dns_tooltip
-"이 옵션이 선택되지 않는다면, 관측소는 DNS 시스템을 통해 분석될 수 없는 인증서를 기록하지 않을 것입니다.">
-
-<!ENTITY ssl-observatory.prefs.show "고급 설정 보이기">
-
-<!ENTITY ssl-observatory.prefs.title "SSL 관측소 설정">
-
-<!ENTITY ssl-observatory.prefs.use "관측소 사용?">
-<!ENTITY ssl-observatory.warning.title "EFF의 SSL 관측소로부터의 경고">
-<!ENTITY ssl-observatory.warning.showcert "인증서 체인 보이기">
-<!ENTITY ssl-observatory.warning.okay "이해했습니다.">
-<!ENTITY ssl-observatory.warning.text "EFF의 SSL 관측소가 다음 사이트를 위한 HTTPS 인증서에 대한 경고를 보내왔습니다.">
-<!ENTITY ssl-observatory.warning.defense "만약 이 사이트에 로그인되어 있다면, 안전한 연결에 일단 연결한 뒤, 비밀번호를 바꾸는 것이 권장됩니다.">
-
-<!ENTITY ssl-observatory.prefs.self_signed
-"자신-서명 인증서 확인 및 제보">
-<!ENTITY ssl-observatory.prefs.self_signed_tooltip
-"이것은 추천됩니다: 암호화 문제는 자기 서명된 임베디드 장치에서 특히 일반적입니다.">
-
-<!ENTITY https-everywhere.ruleset-tests.status_title "HTTPS Everywhere Ruleset Tests">
-<!ENTITY https-everywhere.ruleset-tests.status_cancel_button "Cancel">
-<!ENTITY https-everywhere.ruleset-tests.status_start_button "Start">
-
diff --git a/src/chrome/locale/lt/https-everywhere.dtd b/src/chrome/locale/lt/https-everywhere.dtd
deleted file mode 100644
index 14a40cc8559d..000000000000
--- a/src/chrome/locale/lt/https-everywhere.dtd
+++ /dev/null
@@ -1,47 +0,0 @@
-<!ENTITY https-everywhere.about.title "Apie HTTPS Everywhere">
-<!ENTITY https-everywhere.about.ext_name "HTTPS Everywhere">
-<!ENTITY https-everywhere.about.ext_description "Šifruokite žiniatinklį! Automatiškai naudokite HTTPS apsaugą daugelyje svetainių.">
-<!ENTITY https-everywhere.about.version "Versija">
-<!ENTITY https-everywhere.about.created_by "Sukūrė">
-<!ENTITY https-everywhere.about.librarians "Taisyklių bibliotekininkai">
-<!ENTITY https-everywhere.about.thanks "Dėkojame">
-<!ENTITY https-everywhere.about.contribute  "Jei Jums patinka HTTPS Everywhere, galbūt norėsite">
-<!ENTITY https-everywhere.about.donate_tor "Paaukoti Tor projektui">
-<!ENTITY https-everywhere.about.tor_lang_code "lt">
-<!ENTITY https-everywhere.about.donate_eff "Paaukoti EFF">
-
-<!ENTITY https-everywhere.menu.about "Apie HTTPS Everywhere">
-<!ENTITY https-everywhere.menu.observatory "SSL Observatorijos nustatymai">
-<!ENTITY https-everywhere.menu.globalEnable "Įgalinti HTTPS Everywhere">
-<!ENTITY https-everywhere.menu.globalDisable "Išjungti HTTPS Everywhere">
-
-<!ENTITY https-everywhere.prefs.title "HTTPS Everywhere nustatymai">
-<!ENTITY https-everywhere.prefs.enable_all "Įgalinti visas">
-<!ENTITY https-everywhere.prefs.disable_all "Uždrausti visas">
-<!ENTITY https-everywhere.prefs.reset_defaults "Atstatyti numatytas">
-<!ENTITY https-everywhere.prefs.search "Ieškoti">
-<!ENTITY https-everywhere.prefs.site "Tinklapis">
-<!ENTITY https-everywhere.prefs.notes "Pastabos">
-<!ENTITY https-everywhere.prefs.list_caption "Kurias HTTPS nukreipimo taisykles naudoti?">
-<!ENTITY https-everywhere.prefs.enabled "Įgalinta">
-<!ENTITY https-everywhere.prefs.ruleset_howto "Galite sužinoti, kaip patiems rašyti nukreipimo taisykles (kad pridėtumėte kitų svetainių palaikymą)">
-<!ENTITY https-everywhere.prefs.here_link "čia">
-<!ENTITY https-everywhere.prefs.toggle "Perjungti">
-<!ENTITY https-everywhere.prefs.reset_default "Atstatyti numatytą">
-<!ENTITY https-everywhere.prefs.view_xml_source "Žiūrėti XML šaltinį">
-
-<!ENTITY https-everywhere.source.downloading "Atsisiunčiama">
-<!ENTITY https-everywhere.source.filename "Failo pavadinimas">
-<!ENTITY https-everywhere.source.unable_to_download "Nepavyko atsisiųsti šaltinio">
-
-<!ENTITY https-everywhere.popup.title "HTTPS Everywhere 4.0development.11 notification">
-<!ENTITY https-everywhere.popup.paragraph1 "Oops. You were using the stable version of HTTPS Everywhere, but we might have accidentally upgraded you to the development version in our last release.">
-<!ENTITY https-everywhere.popup.paragraph2 "Would you like to go back to stable?">
-<!ENTITY https-everywhere.popup.paragraph3 "We'd love it if you continued using our development release and helped us make HTTPS Everywhere better! You might find there are a few more bugs here and there, which you can report to https-everywhere@eff.org. Sorry about the inconvenience, and thank you for using HTTPS Everywhere.">
-<!ENTITY https-everywhere.popup.keep "Keep me on the development version">
-<!ENTITY https-everywhere.popup.revert "Download the latest stable version">
-
-<!ENTITY https-everywhere.ruleset-tests.status_title "HTTPS Everywhere Ruleset Tests">
-<!ENTITY https-everywhere.ruleset-tests.status_cancel_button "Cancel">
-<!ENTITY https-everywhere.ruleset-tests.status_start_button "Start">
-
diff --git a/src/chrome/locale/lt/https-everywhere.properties b/src/chrome/locale/lt/https-everywhere.properties
deleted file mode 100644
index 00fdde9efddd..000000000000
--- a/src/chrome/locale/lt/https-everywhere.properties
+++ /dev/null
@@ -1,8 +0,0 @@
-https-everywhere.menu.globalEnable = \u012ejungti HTTPS Everywhere
-https-everywhere.menu.globalDisable = I\u0161jungti HTTPS Everywhere
-https-everywhere.menu.enableDisable = Ijungti/i\u0161jungti taisykles
-https-everywhere.menu.noRules = (\u0160iam puslapiui taisykli\u0173 n\u0117ra)
-https-everywhere.menu.unknownRules = (\u0160io puslapio taisykl\u0117s ne\u017einomos)
-https-everywhere.toolbar.hint = HTTPS Everywhere aktyvuotas. Galite \u012fjungti/i\u0161jungti j\u012f konkre\u010dioje svetain\u0117je spausdami \u017eenkliuk\u0105 adresyno juostoje.
-https-everywhere.migration.notification0 = In order to implement a crucial fix, this update resets your HTTPS Everywhere rule preferences to their default values.
-https-everywhere.menu.ruleset-tests = Run HTTPS Everywhere Ruleset Tests
diff --git a/src/chrome/locale/lt/ssl-observatory.dtd b/src/chrome/locale/lt/ssl-observatory.dtd
deleted file mode 100644
index f17e52cb49b7..000000000000
--- a/src/chrome/locale/lt/ssl-observatory.dtd
+++ /dev/null
@@ -1,100 +0,0 @@
-<!-- Observatory popup window -->
-<!ENTITY ssl-observatory.popup.details "Detalės ir informacija apie privatumą">
-<!ENTITY ssl-observatory.popup.later "Klausti vėliau">
-<!ENTITY ssl-observatory.popup.no "Ne">
-
-<!ENTITY ssl-observatory.popup.text "HTTPS Everywhere gali aptikti atakas
-nukreiptas prieš jūsų naršyklę, siųsdama gautus sertifikatus į SSL
-Observatoriją.  Ar įjungti?">
-
-<!--<!ENTITY ssl-observatory.popup.text 
-"EFF's SSL Observatory can detect attacks against HTTPS websites by collecting
-and auditing the certificates being presented to your browser. Would you like
-to turn it on?">-->
-
-<!ENTITY ssl-observatory.popup.title 
-"Ar HTTPS Everywhere turėtų naudoti SSL Observatoriją?">
-
-<!ENTITY ssl-observatory.popup.yes "Taip">
-
-<!-- Observatory preferences dialog -->
-
-<!ENTITY ssl-observatory.prefs.adv_priv_opts1
-"Įjungti yra saugu, nebent naudojate labai ribojamą
-korporatyvinį tinklą:">
-
-<!ENTITY ssl-observatory.prefs.adv_priv_opts2
-"Saugu, nebent naudojate korporatyvinį tinklą su slaptais vidinio tinklo serverių pavadinimais:">
-
-<!ENTITY ssl-observatory.prefs.alt_roots 
-"Siųsti ir tikrinti sertifikatus, pasirašytus nestandartinių sertifikavimo centrų">
-
-<!ENTITY ssl-observatory.prefs.alt_roots_tooltip 
-"Įjungti šią parinktį yra saugu (ir gera mintis), nebent naudojate ribojamą korporatyvinį tinklą, kuris stebi jūsų naršymą su TLS įgaliotuoju serveriu ir privačiu sertifikavimo centru.  Jei įjungsite tokiame tinkle, ši parinktis gali palikti informacijos apie tai, kurios https:// svetainės buvo aplankytos naudojant šį įgaliotąjį serverį, nes bus naudojami unikalūs sertifikatai.  Todėl pagal nutylėjimą tai išjungiame.">
-
-<!ENTITY ssl-observatory.prefs.anonymous "Tikrinti sertifikatus naudojant Tor tinklą anonimiškumui">
-<!ENTITY ssl-observatory.prefs.anonymous_unavailable 
-"Tikrinti sertifikatus naudojant Tor tinklą anonimiškumui (reikalauja Torbutton)">
-<!ENTITY ssl-observatory.prefs.anonymous_tooltip 
-"Ši parinktis reikalauja, kad būtų įdiegti Tor ir Torbutton">
-
-<!ENTITY ssl-observatory.prefs.asn 
-"Sutikus naują sertifikatą pranešti Observatorijai, prie kokio interneto paslaugų tiekėjo esate prisijungę">
-
-<!ENTITY ssl-observatory.prefs.asn_tooltip
-"Gaus ir išsiųs jūsų tinklo &quot;autonominį sistemos numerį&quot;.  Tai padės mums aptikti atakas nukreiptas prieš HTTPS ir nustatyti, ar mes turime duomenų apie tinklus iš tokių vietų kaip Iranas ar Sirija, kur atakos yra gana dažnos.">
-
-<!ENTITY ssl-observatory.prefs.done "Atlikta">
-
-<!ENTITY ssl-observatory.prefs.explanation 
-"HTTPS Everywhere gali naudoti EFF SSL Observatoriją.  Ji atlieka du dalykus: (1)
-siunčia HTTPS sertifikatų kopijas į Observatoriją, kad padėtų mums
-aptikti 'žmogaus viduryje' atakas ir pagerinti žiniatinkio saugumą; ir (2)
-leidžia mums įspėti jus apie nesaugius prisijungimus ar atakas nukreiptas prieš jūsų naršyklę.">
-
-<!--<!ENTITY ssl-observatory.prefs.explanation2
-"When you visit https://www.example.com, the Observatory will learn that
-somebody visited that site, but will not know who or what page they looked at.
-Mouseover the options for further details:">-->
-
-<!ENTITY ssl-observatory.prefs.explanation2
-
-"Pavyzdžiui, kai aplankote https://www.kazkas.com, Observatorijos
-gautas sertifikatas rodys, kad kažkas aplankė www.kazkas.com,
-bet ne tai, kas aplankė svetainę, ar kokį konkrečiai puslapį jie
-žiūrėjo.  Išsamesniai informacijai, užveskite pelės žymeklį virš parinkčių:">
-
-<!ENTITY ssl-observatory.prefs.hide "Slėpti išsamesnius nustatymus">
-
-<!ENTITY ssl-observatory.prefs.nonanon 
-"Tikrinti sertifikatus net jei Tor nepasiekiamas">
-
-<!ENTITY ssl-observatory.prefs.nonanon_tooltip
-"Mes vis vien bandysime išlaikyti duomenis anonimiškus, bet ši parinktis yra mažiau saugi">
-
-<!ENTITY ssl-observatory.prefs.priv_dns 
-"Siųsti ir tikrinti sertifikatus gautus iš neviešų DNS vardų">
-
-<!ENTITY ssl-observatory.prefs.priv_dns_tooltip
-"Jei ši parinktis išjungta, Observatorija neįrašinės tų sertifikatų, kurių vardų nepavyksta gauti per DNS sistemą.">
-
-<!ENTITY ssl-observatory.prefs.show "Rodyti išsamesnius nustatymus">
-
-<!ENTITY ssl-observatory.prefs.title "SSL Observatorijos nustatymai">
-
-<!ENTITY ssl-observatory.prefs.use "Naudoti Observatoriją?">
-<!ENTITY ssl-observatory.warning.title "ĮSPĖJIMAS iš EFF SSL Observatorijos">
-<!ENTITY ssl-observatory.warning.showcert "Rodyti sertifikatų grandinę">
-<!ENTITY ssl-observatory.warning.okay "Suprantu">
-<!ENTITY ssl-observatory.warning.text "EFF SSL Observatorija įspėja apie šių svetainių HTTPS sertifikatus:">
-<!ENTITY ssl-observatory.warning.defense "Jei esate prisiregistravę prie šios svetainės, patartina pasikeisti slaptažodį, kai turėsite saugų ryšį.">
-
-<!ENTITY ssl-observatory.prefs.self_signed
-"Teikti ir tikrinti savo paties pasirašytus sertifikatus">
-<!ENTITY ssl-observatory.prefs.self_signed_tooltip
-"Rekomenduojama. Kriptografijos problemos ypač dažnos savo paties pasirašytuose įmontuotuosiuose įtaisuose">
-
-<!ENTITY https-everywhere.ruleset-tests.status_title "HTTPS Everywhere Ruleset Tests">
-<!ENTITY https-everywhere.ruleset-tests.status_cancel_button "Cancel">
-<!ENTITY https-everywhere.ruleset-tests.status_start_button "Start">
-
diff --git a/src/chrome/locale/lv/https-everywhere.dtd b/src/chrome/locale/lv/https-everywhere.dtd
deleted file mode 100644
index fc81a78c60b8..000000000000
--- a/src/chrome/locale/lv/https-everywhere.dtd
+++ /dev/null
@@ -1,47 +0,0 @@
-<!ENTITY https-everywhere.about.title "Par HTTPS Everywhere">
-<!ENTITY https-everywhere.about.ext_name "HTTPS Everywhere">
-<!ENTITY https-everywhere.about.ext_description "Šifrēt tīmekli! Automātiski lietot HTTPS drošību daudzās vietnēs.">
-<!ENTITY https-everywhere.about.version "Versija">
-<!ENTITY https-everywhere.about.created_by "Autori">
-<!ENTITY https-everywhere.about.librarians "Ruleset Librarians">
-<!ENTITY https-everywhere.about.thanks "Pateicoties">
-<!ENTITY https-everywhere.about.contribute  "ja Jums patīk HTTPS Everywhere, iespējams vēlaties">
-<!ENTITY https-everywhere.about.donate_tor "ziedot Tor'am">
-<!ENTITY https-everywhere.about.tor_lang_code "an">
-<!ENTITY https-everywhere.about.donate_eff "ziedot EFF'am">
-
-<!ENTITY https-everywhere.menu.about "Par HTTPS Everywhere">
-<!ENTITY https-everywhere.menu.observatory "SSL Observatory preferences">
-<!ENTITY https-everywhere.menu.globalEnable "Iespējot HTTPS Everywhere">
-<!ENTITY https-everywhere.menu.globalDisable "Atspējot HTTPS Everywhere">
-
-<!ENTITY https-everywhere.prefs.title "HTTPS Everywhere preferences">
-<!ENTITY https-everywhere.prefs.enable_all "Iespējot visus">
-<!ENTITY https-everywhere.prefs.disable_all "Atspējot visus">
-<!ENTITY https-everywhere.prefs.reset_defaults "Atiestatīt uz noklusējuma vērtībām">
-<!ENTITY https-everywhere.prefs.search "Meklēt">
-<!ENTITY https-everywhere.prefs.site "Vietne">
-<!ENTITY https-everywhere.prefs.notes "Piezīmes">
-<!ENTITY https-everywhere.prefs.list_caption "Kurus HTTPS pāradresācijas noteikumus lietot?">
-<!ENTITY https-everywhere.prefs.enabled "Iespējots">
-<!ENTITY https-everywhere.prefs.ruleset_howto "Variet iemācīties kā rakstīt savus noteikumu komplektus (lai pievienotu citu tīmekļa vietņu atbalstu)">
-<!ENTITY https-everywhere.prefs.here_link "te">
-<!ENTITY https-everywhere.prefs.toggle "Pārslēgt">
-<!ENTITY https-everywhere.prefs.reset_default "Atiestatīt uz noklusējuma vērtībām">
-<!ENTITY https-everywhere.prefs.view_xml_source "Skatīt XML avotu">
-
-<!ENTITY https-everywhere.source.downloading "Lejupielādē">
-<!ENTITY https-everywhere.source.filename "Datnes_nosaukums">
-<!ENTITY https-everywhere.source.unable_to_download "Nevar lejupielādēt avotu.">
-
-<!ENTITY https-everywhere.popup.title "HTTPS Everywhere 4.0development.11 paziņojums">
-<!ENTITY https-everywhere.popup.paragraph1 "Opā! Jūs lietojāt stabilu HTTPS Everywhere versiju, bet, iespējams, mūsu jaunākajā laidienā mēs nejauši jauninājām Jūsu līdzšinējo versiju ar izstrādātāju versiju.">
-<!ENTITY https-everywhere.popup.paragraph2 "Vai vēlaties atgriezties pie stabilās versijas?">
-<!ENTITY https-everywhere.popup.paragraph3 "Mēs ļoti priecātos, ja Jūs turpinātu lietot izstrādātāju versiju un palīdzētu padarīt HTTPS Everywhere labāku! Iespējams, ka laiku pa laikam pamanīsit kādas kļūdas, par kurām varat ziņot rakstot angļu valodā https-everywhere@eff.org . Atvainojamies par sagādātajām neērtībām un pateicamies par to, ka lietojat HTTPS Everywhere.">
-<!ENTITY https-everywhere.popup.keep "Izvēlos strādāt ar izstrādātāja versiju">
-<!ENTITY https-everywhere.popup.revert "Lejuplādēt jaunāko stabilo versiju">
-
-<!ENTITY https-everywhere.ruleset-tests.status_title "HTTPS Everywhere Ruleset Tests">
-<!ENTITY https-everywhere.ruleset-tests.status_cancel_button "Cancel">
-<!ENTITY https-everywhere.ruleset-tests.status_start_button "Start">
-
diff --git a/src/chrome/locale/lv/https-everywhere.properties b/src/chrome/locale/lv/https-everywhere.properties
deleted file mode 100644
index aeef29d8b3fc..000000000000
--- a/src/chrome/locale/lv/https-everywhere.properties
+++ /dev/null
@@ -1,8 +0,0 @@
-https-everywhere.menu.globalEnable = Iespējot HTTPS visur
-https-everywhere.menu.globalDisable = Izslēgt HTTPS visur
-https-everywhere.menu.enableDisable = Iespējot / Izslēgt kārtulas
-https-everywhere.menu.noRules = (Šai lapai kārtulu nav)
-https-everywhere.menu.unknownRules = (šīs lapas kārtulas nav zināmas)
-https-everywhere.toolbar.hint = HTTPS Everywhere tagad ir aktīvs. Klikšķinot ikonu adreses joslā, Jūs varat to pārslēgt ikvienā vietnē.
-https-everywhere.migration.notification0 = Lai ieviestu kritisku labojumu, šis jauninājums atiestata Jūsu HTTPS visur kārtulu preferences uz to noklusējuma vērtībām.
-https-everywhere.menu.ruleset-tests = Run HTTPS Everywhere Ruleset Tests
diff --git a/src/chrome/locale/lv/ssl-observatory.dtd b/src/chrome/locale/lv/ssl-observatory.dtd
deleted file mode 100644
index a0e33e3fbe33..000000000000
--- a/src/chrome/locale/lv/ssl-observatory.dtd
+++ /dev/null
@@ -1,99 +0,0 @@
-<!-- Observatory popup window -->
-<!ENTITY ssl-observatory.popup.details "Papildu informācija un privātums">
-<!ENTITY ssl-observatory.popup.later "Jautāt man vēlāk">
-<!ENTITY ssl-observatory.popup.no "Nē">
-
-<!ENTITY ssl-observatory.popup.text "HTTPS visur var atklāt uzbrukumus Jūsu pārlūkam, nosūtot uz Observatory sertifikātus, kurus saņemat.
-Ieslēgt šo funkciju?">
-
-<!--<!ENTITY ssl-observatory.popup.text 
-"EFF's SSL Observatory can detect attacks against HTTPS websites by collecting
-and auditing the certificates being presented to your browser. Would you like
-to turn it on?">-->
-
-<!ENTITY ssl-observatory.popup.title 
-"Vai HTTPS visur jāizmanto SSL Observatory?">
-
-<!ENTITY ssl-observatory.popup.yes "Jā">
-
-<!-- Observatory preferences dialog -->
-
-<!ENTITY ssl-observatory.prefs.adv_priv_opts1
-"Iespējot ir droši, ja vien neizmantojat
-ļoti traucējošu jeb uzmācīgu korporatīvo tīklu:">
-
-<!ENTITY ssl-observatory.prefs.adv_priv_opts2
-"Droši, ja vien neizmantojat korporatīvo tīklu ar slepeniem iekštīkla serveru vārdiem:">
-
-<!ENTITY ssl-observatory.prefs.alt_roots 
-"Iesniegt un pārbaudīt sertifikātus, kurus parakstījušas nestandarta saknes CA jeb sertifikācijas iestādes">
-
-<!ENTITY ssl-observatory.prefs.alt_roots_tooltip 
-"Ir droši (un arī ir laba doma) iespējot šo opciju, ja vien neizmantojat traucējošu jeb uzmācīgu korporatīvu tīklu, kurš jūsu veiktajai pārlūkošanai seko, izmantojot TLS starpniekserveri un privāto saknes sertifikācijas iestādi. 
-Opcija, kas iespējota šādā tīklā, varētu publicēt pierādījumus tam, kuri https:// domēni tiek skatīti caur šo starpniekserveri, tā izsniegto unikālo sertifikātu dēļ.  Tādēļ, pēc noklusējuma, mēs šo izvēli esam izslēguši.">
-
-<!ENTITY ssl-observatory.prefs.anonymous "Anonimitātes nodrošināšanai pārbaudīt sertifikātus izmantojot Tor">
-<!ENTITY ssl-observatory.prefs.anonymous_unavailable 
-"Anonimitātes nodrošināšanai pārbaudīt sertifikātus izmantojot Tor (nepieciešams Torbutton)">
-<!ENTITY ssl-observatory.prefs.anonymous_tooltip 
-"Opcijas lietošanai nepieciešams instalēt Tor un Torbutton">
-
-<!ENTITY ssl-observatory.prefs.asn 
-"Kad redzat jaunu sertifikātu, informējiet Observatory par ISP, pie kura esat pieslēdzies">
-
-<!ENTITY ssl-observatory.prefs.asn_tooltip
-"Darbība nolasīs un nosūtīs jūsu tīkla &quot;Autonomo sistēmas numuru&quot;. 
-Tas palīdzēs mums noteikt uzbrukumus pret HTTPS, un atklāt vai no tīkliem tiek veikta pārraudzība tādās valstīs kā Irāna un Sīrija, kur uzbrukumi notiek salīdzinoši bieži.">
-
-<!ENTITY ssl-observatory.prefs.done "Gatavs">
-
-<!ENTITY ssl-observatory.prefs.explanation 
-"HTTPS visur var lietot EFF's SSL Observatory. 
-Tas veic divas darbības: (1)
-sūta Obsevatory HTTPS sertifikātu kopijas, lai palīdzētu mums
-noteikt &quot;starpnieka&quot; uzbrukumus, un palielinātu tīmekļa drošību, un (2)
-ļauj mums brīdināt jūs par nedrošiem savienojumiem vai uzbrukumiem jūsu pārlūkam.">
-
-<!--<!ENTITY ssl-observatory.prefs.explanation2
-"When you visit https://www.example.com, the Observatory will learn that
-somebody visited that site, but will not know who or what page they looked at.
-Mouseover the options for further details:">-->
-
-<!ENTITY ssl-observatory.prefs.explanation2
-
-"Piemēram, kad apmeklējat https://www.something.com , tad sertifikāts, kuru saņem Observatory, rādīs, ka kāds ir apmeklējis www.something.com , bet nerādīs ne to, kurš ir apmeklējis šo vietni, ne ari to kuras lapas skatītas.  Slidiniet peli pār opcijām, lai iegūtu papildu informāciju:">
-
-<!ENTITY ssl-observatory.prefs.hide "Slēpt papildu opcijas">
-
-<!ENTITY ssl-observatory.prefs.nonanon 
-"Pārbaudīt sertifikātus pat ja Tor nav pieejams">
-
-<!ENTITY ssl-observatory.prefs.nonanon_tooltip
-"Mēs joprojām centīsimies nodrošināt datu anonimitāti, tomēr šī opcija ir mazāk droša">
-
-<!ENTITY ssl-observatory.prefs.priv_dns 
-"Iesniegt un pārbaudīt sertifikātus DNS nosaukumiem, kuri nav publiski ">
-
-<!ENTITY ssl-observatory.prefs.priv_dns_tooltip
-"Ja vien šī opcija nav atzīmēta, Observatory neierakstīs sertifikātus nosaukumiem, kurus tā nevar atrisināt caur DNS sistēmu.">
-
-<!ENTITY ssl-observatory.prefs.show "Parādīt papildu opcijas">
-
-<!ENTITY ssl-observatory.prefs.title "Observatory SSL preferences">
-
-<!ENTITY ssl-observatory.prefs.use "Izmantot Observatory?">
-<!ENTITY ssl-observatory.warning.title "EFF's Observatory SSL BRĪDINĀJUMS">
-<!ENTITY ssl-observatory.warning.showcert "Parādīt sertificēšanas ķēdi">
-<!ENTITY ssl-observatory.warning.okay "Es saprotu">
-<!ENTITY ssl-observatory.warning.text "EFF's SSL Observatory SSL izsniedza brīdinājumu saistībā ar norādītās vietnes HTTPS sertifikātu(iem):">
-<!ENTITY ssl-observatory.warning.defense "Ja šajā vietnē esat reģistrējies darbam, tad pēc droša savienojuma izveides apsveriet paroles maiņu.">
-
-<!ENTITY ssl-observatory.prefs.self_signed
-"Iesniegt un pārbaudīt pašparakstītus sertifikātus">
-<!ENTITY ssl-observatory.prefs.self_signed_tooltip
-"Tiek rekomendēts; ar šifrēšanu saistītas problēmas ir īpaši biežas iegultās, pašparakstošās iekārtās">
-
-<!ENTITY https-everywhere.ruleset-tests.status_title "HTTPS Everywhere Ruleset Tests">
-<!ENTITY https-everywhere.ruleset-tests.status_cancel_button "Cancel">
-<!ENTITY https-everywhere.ruleset-tests.status_start_button "Start">
-
diff --git a/src/chrome/locale/ms/https-everywhere.dtd b/src/chrome/locale/ms/https-everywhere.dtd
deleted file mode 100644
index 10d3046ddc3d..000000000000
--- a/src/chrome/locale/ms/https-everywhere.dtd
+++ /dev/null
@@ -1,47 +0,0 @@
-<!ENTITY https-everywhere.about.title "Mengenai HTTPS Everywhere">
-<!ENTITY https-everywhere.about.ext_name "HTTPS Everywhere">
-<!ENTITY https-everywhere.about.ext_description "Encrypt laman sesawang! Gunakan HTTPS secara automatik di kebanyakan laman sesawang.">
-<!ENTITY https-everywhere.about.version "Versi">
-<!ENTITY https-everywhere.about.created_by "Dihasilkan oleh">
-<!ENTITY https-everywhere.about.librarians "Pustaka set aturan">
-<!ENTITY https-everywhere.about.thanks "Terima kasih kepada">
-<!ENTITY https-everywhere.about.contribute  "Sekiranya anda menyukai HTTPS Everywhere, anda mungkin ingin mempertimbangkan untuk">
-<!ENTITY https-everywhere.about.donate_tor "Menderma kepada Tor">
-<!ENTITY https-everywhere.about.tor_lang_code "ms-MY">
-<!ENTITY https-everywhere.about.donate_eff "Menderma kepada EFF">
-
-<!ENTITY https-everywhere.menu.about "Mengenai HTTPS Everywhere">
-<!ENTITY https-everywhere.menu.observatory "Tetapan Pemantau SSL">
-<!ENTITY https-everywhere.menu.globalEnable "Pengaktifan HTTPS Everywhere">
-<!ENTITY https-everywhere.menu.globalDisable "Nyah-aktifkan HTTPS Everywhere">
-
-<!ENTITY https-everywhere.prefs.title "Tetapan HTTPS Everywhere">
-<!ENTITY https-everywhere.prefs.enable_all "Pengaktifan semua">
-<!ENTITY https-everywhere.prefs.disable_all "Nyah-aktifkan All">
-<!ENTITY https-everywhere.prefs.reset_defaults "Tetapan semula kepada asal">
-<!ENTITY https-everywhere.prefs.search "Carian">
-<!ENTITY https-everywhere.prefs.site "Laman">
-<!ENTITY https-everywhere.prefs.notes "Nota">
-<!ENTITY https-everywhere.prefs.list_caption "Penghalaan aturan HTTPS yang manakah patut digunakan?">
-<!ENTITY https-everywhere.prefs.enabled "Pengaktifan">
-<!ENTITY https-everywhere.prefs.ruleset_howto "Anda boleh mempelajari penulisan set aturan tersendiri (bagi menambah sokongan kepada laman sesawang yang lain)">
-<!ENTITY https-everywhere.prefs.here_link "di sini">
-<!ENTITY https-everywhere.prefs.toggle "Togol">
-<!ENTITY https-everywhere.prefs.reset_default "Tetapan semula kepada asal">
-<!ENTITY https-everywhere.prefs.view_xml_source "Papar Sumber XML">
-
-<!ENTITY https-everywhere.source.downloading "Sedang memuat turun">
-<!ENTITY https-everywhere.source.filename "Nama fail">
-<!ENTITY https-everywhere.source.unable_to_download "Gagal untuk memuat turun sumber.">
-
-<!ENTITY https-everywhere.popup.title "HTTPS Everywhere 4.0development.11 notification">
-<!ENTITY https-everywhere.popup.paragraph1 "Oops. You were using the stable version of HTTPS Everywhere, but we might have accidentally upgraded you to the development version in our last release.">
-<!ENTITY https-everywhere.popup.paragraph2 "Would you like to go back to stable?">
-<!ENTITY https-everywhere.popup.paragraph3 "We'd love it if you continued using our development release and helped us make HTTPS Everywhere better! You might find there are a few more bugs here and there, which you can report to https-everywhere@eff.org. Sorry about the inconvenience, and thank you for using HTTPS Everywhere.">
-<!ENTITY https-everywhere.popup.keep "Keep me on the development version">
-<!ENTITY https-everywhere.popup.revert "Download the latest stable version">
-
-<!ENTITY https-everywhere.ruleset-tests.status_title "HTTPS Everywhere Ruleset Tests">
-<!ENTITY https-everywhere.ruleset-tests.status_cancel_button "Cancel">
-<!ENTITY https-everywhere.ruleset-tests.status_start_button "Start">
-
diff --git a/src/chrome/locale/ms/https-everywhere.properties b/src/chrome/locale/ms/https-everywhere.properties
deleted file mode 100644
index c369b37dd1f6..000000000000
--- a/src/chrome/locale/ms/https-everywhere.properties
+++ /dev/null
@@ -1,8 +0,0 @@
-https-everywhere.menu.globalEnable = Pengaktifan HTTPS Everywhere
-https-everywhere.menu.globalDisable = Nyah-aktifkan HTTPS Everywhere
-https-everywhere.menu.enableDisable = Enable / Disable Rules
-https-everywhere.menu.noRules = (No Rules for This Page)
-https-everywhere.menu.unknownRules = (Rules for This Page Unknown)
-https-everywhere.toolbar.hint = HTTPS Everywhere is now active. You can toggle it on a site-by-site basis by clicking the icon in the address bar.
-https-everywhere.migration.notification0 = In order to implement a crucial fix, this update resets your HTTPS Everywhere rule preferences to their default values.
-https-everywhere.menu.ruleset-tests = Run HTTPS Everywhere Ruleset Tests
diff --git a/src/chrome/locale/ms/ssl-observatory.dtd b/src/chrome/locale/ms/ssl-observatory.dtd
deleted file mode 100644
index 9b95cc0d2657..000000000000
--- a/src/chrome/locale/ms/ssl-observatory.dtd
+++ /dev/null
@@ -1,104 +0,0 @@
-<!-- Observatory popup window -->
-<!ENTITY ssl-observatory.popup.details "Keterangan dan Maklumat Privasi">
-<!ENTITY ssl-observatory.popup.later "Tanya Saya Kemudian">
-<!ENTITY ssl-observatory.popup.no "Tidak">
-
-<!ENTITY ssl-observatory.popup.text "HTTPS Everywhere boleh mengesan serangan 
-terhadap pelayar web anda dengan menghantar sijil SSL yang anda terima ke 
-Pemantau SSL.  Aktifkan fungsi ini?">
-
-<!--<!ENTITY ssl-observatory.popup.text 
-"EFF's SSL Observatory can detect attacks against HTTPS websites by collecting
-and auditing the certificates being presented to your browser. Would you like
-to turn it on?">-->
-
-<!ENTITY ssl-observatory.popup.title 
-"Perlukah HTTPS Everywhere mengunakan Pemantau SSL?">
-
-<!ENTITY ssl-observatory.popup.yes "Ya">
-
-<!-- Observatory preferences dialog -->
-
-<!ENTITY ssl-observatory.prefs.adv_priv_opts1
-"Ianya adalah selamat untuk pengaktifan, melainkan
-anda menggunakan rangkaian koprat yang sangat merejah:">
-
-<!ENTITY ssl-observatory.prefs.adv_priv_opts2
-"Selamat, melainkan anda menggunakan rangkaian koprat
-dengan pelayan nama internet rahsia:">
-
-<!ENTITY ssl-observatory.prefs.alt_roots 
-"Hantar dan semak sijil SSL yang ditandatangani oleh 
-root CA yang tidak standard">
-
-<!ENTITY ssl-observatory.prefs.alt_roots_tooltip 
-"Ianya adalah selamat (dan satu idea yang bagus) untuk mengaktifkan pilihan ini, melainkan anda menggunakan rangkaian koprat yang sangat merejah atau perisian Kaspersky antivirus yang memantau pelayaran anda dengan proksi TLS dan root Certificate Authority persendirian. Sekiranya diaktifkan di atas rangkaian berkenaan, pilihan ini mungkin akan memaparkan bukti domain https:// yang telah dilawati menggunakan proksi tersebut, disebabkan oleh sijil SSL yang unik yang dihasilkan. Oleh itu kami, secara asalnya kami biarkan ia tidak aktif.">
-
-<!ENTITY ssl-observatory.prefs.anonymous "Semak sijil SSL menggunakan Tor untuk ujuan anonymiti">
-<!ENTITY ssl-observatory.prefs.anonymous_unavailable 
-"Semak sijil SSL menggunakan Tor untuk tujuan anonimiti (memerlukan Torbutton)">
-<!ENTITY ssl-observatory.prefs.anonymous_tooltip 
-"Pemilihan ini memerlukan Tor and Torbutton sedia terpasang">
-
-<!ENTITY ssl-observatory.prefs.asn 
-"Apabila terpapar sijil SSL yang baru, maklumkan kepada Pemantau SSL tentang ISP yang telah berjaya disambungkan">
-
-<!ENTITY ssl-observatory.prefs.asn_tooltip
-"Ini akan capai dan hantar &quot;Autonomous System number&quot; rangkaian anda. Ia akan membantu mengesan serangan terhadap HTTPS, dan untuk menentukan samada terdapat pemantauan dari rangkaian seperti Iran dan Syria di mana serangan sering berlaku.">
-
-<!ENTITY ssl-observatory.prefs.done "Selesai">
-
-<!ENTITY ssl-observatory.prefs.explanation 
-"HTTPS Everywhere boleh menggunakan Pemantau SSL EFF. Terdapat dua 
-perkara yang dilakukan iaitu: (1) menghantar salinan sijil SSL kepada 
-Pemantau bagi tujuan mengesan serangan &quot;man in the middle&quot; serta 
-menambah baik keselamatan web; dan (2) memberi amaran kepada anda tentang 
-rangkaian yang tidak selamat atau serangan ke atas pelayar web anda.">
-
-<!--<!ENTITY ssl-observatory.prefs.explanation2
-"When you visit https://www.example.com, the Observatory will learn that
-somebody visited that site, but will not know who or what page they looked at.
-Mouseover the options for further details:">-->
-
-<!ENTITY ssl-observatory.prefs.explanation2
-
-"Contohnya, apabila melawati laman https://www.something.com, sijil SSL 
-yang diterima oleh Pemantau SSL akan memberitahu bahawa ada pelawat yang 
-telah ke laman tersebut, tetapi bukan siapa yang telah melawatinya, atau 
-halaman yang mereka telah kunjungi.  Halakan tetikus kepada senarai pilihan 
-untuk butiran lanjut:">
-
-<!ENTITY ssl-observatory.prefs.hide "Sembunyikan tetapan maju">
-
-<!ENTITY ssl-observatory.prefs.nonanon 
-"Semak sijil SSL walaupun ketiadaan Tor">
-
-<!ENTITY ssl-observatory.prefs.nonanon_tooltip
-"Kami akan cuba menyimpan data secara anonimus, namun langkah ini adalah kurang selamat">
-
-<!ENTITY ssl-observatory.prefs.priv_dns 
-"Hantar dan semak sijil SSL untuk nama DNS yang tidak awam">
-
-<!ENTITY ssl-observatory.prefs.priv_dns_tooltip
-"Pemantau SSL tidak akan merakam sijil SSL yang namanya tidak dapat diselesaikan oleh sistem DNS, selagi pilihan ini tidak terpilih.">
-
-<!ENTITY ssl-observatory.prefs.show "Paparkan pilihan maju">
-
-<!ENTITY ssl-observatory.prefs.title "Tetapan Pemantau SSL">
-
-<!ENTITY ssl-observatory.prefs.use "Gunakan Pemantau SSL?">
-<!ENTITY ssl-observatory.warning.title "AMARAN dari Pemantau SSL EFF">
-<!ENTITY ssl-observatory.warning.showcert "Paparkan rantaian sijil SSL">
-<!ENTITY ssl-observatory.warning.okay "Saya faham">
-<!ENTITY ssl-observatory.warning.text "Amaran tentang sijil SSL untuk laman ini telah diberikan oleh Pemantau SSL EFF:">
-<!ENTITY ssl-observatory.warning.defense "Jika anda berjaya memasuki laman sesawang ini, anda dinasihatkan supaya menukar kata laluan setelah berada dalam sambungan yang selamat.">
-
-<!ENTITY ssl-observatory.prefs.self_signed
-"Hantar dan periksa sijil sendiri-bertanda">
-<!ENTITY ssl-observatory.prefs.self_signed_tooltip
-"Disarankan, masalah kriptografik adalah biasa pada peranti self-signed ">
-
-<!ENTITY https-everywhere.ruleset-tests.status_title "HTTPS Everywhere Ruleset Tests">
-<!ENTITY https-everywhere.ruleset-tests.status_cancel_button "Cancel">
-<!ENTITY https-everywhere.ruleset-tests.status_start_button "Start">
-
diff --git a/src/chrome/locale/nb/https-everywhere.dtd b/src/chrome/locale/nb/https-everywhere.dtd
deleted file mode 100644
index c90d95f437e1..000000000000
--- a/src/chrome/locale/nb/https-everywhere.dtd
+++ /dev/null
@@ -1,47 +0,0 @@
-<!ENTITY https-everywhere.about.title "Om HTTPS Everywhere">
-<!ENTITY https-everywhere.about.ext_name "HTTPS Everywhere">
-<!ENTITY https-everywhere.about.ext_description "Kryptér nettet. Bruk HTTPS-sikkerhet automatisk på mange nettsider.">
-<!ENTITY https-everywhere.about.version "Versjon">
-<!ENTITY https-everywhere.about.created_by "Lagd av">
-<!ENTITY https-everywhere.about.librarians "Regelsettbibliotekarer">
-<!ENTITY https-everywhere.about.thanks "Takk til">
-<!ENTITY https-everywhere.about.contribute  "Hvis du liker HTTPS Everywhere, vurder å">
-<!ENTITY https-everywhere.about.donate_tor "Donére til Tor">
-<!ENTITY https-everywhere.about.tor_lang_code "en">
-<!ENTITY https-everywhere.about.donate_eff "Donére til EFF">
-
-<!ENTITY https-everywhere.menu.about "Om HTTPS Everywhere">
-<!ENTITY https-everywhere.menu.observatory "SSL Observatory Innstillinger">
-<!ENTITY https-everywhere.menu.globalEnable "Aktiver HTTPS Everywhere">
-<!ENTITY https-everywhere.menu.globalDisable "Deaktiver HTTPS Everywhere">
-
-<!ENTITY https-everywhere.prefs.title "HTTPS Everywhere Innstillinger">
-<!ENTITY https-everywhere.prefs.enable_all "Aktiver Alle">
-<!ENTITY https-everywhere.prefs.disable_all "Deaktiver Alle">
-<!ENTITY https-everywhere.prefs.reset_defaults "Gjenopprett Standardinnstillinger">
-<!ENTITY https-everywhere.prefs.search "Søk">
-<!ENTITY https-everywhere.prefs.site "Side">
-<!ENTITY https-everywhere.prefs.notes "Merknader">
-<!ENTITY https-everywhere.prefs.list_caption "Hvilke HTTPS omdirigeringsregler skal gjelde?">
-<!ENTITY https-everywhere.prefs.enabled "Aktivert">
-<!ENTITY https-everywhere.prefs.ruleset_howto "Du kan lære mer om hvordan du lager dine egne regelsett (for å støtte andre websider)">
-<!ENTITY https-everywhere.prefs.here_link "her">
-<!ENTITY https-everywhere.prefs.toggle "Av/På">
-<!ENTITY https-everywhere.prefs.reset_default "Gjenopprett Standardinnstilling">
-<!ENTITY https-everywhere.prefs.view_xml_source "Vis XML Kilde">
-
-<!ENTITY https-everywhere.source.downloading "Laster ned">
-<!ENTITY https-everywhere.source.filename "Filnavn">
-<!ENTITY https-everywhere.source.unable_to_download "Klarte ikke å laste ned kilde.">
-
-<!ENTITY https-everywhere.popup.title "HTTPS Everywhere 4.0development.11 notification">
-<!ENTITY https-everywhere.popup.paragraph1 "Oops. You were using the stable version of HTTPS Everywhere, but we might have accidentally upgraded you to the development version in our last release.">
-<!ENTITY https-everywhere.popup.paragraph2 "Would you like to go back to stable?">
-<!ENTITY https-everywhere.popup.paragraph3 "We'd love it if you continued using our development release and helped us make HTTPS Everywhere better! You might find there are a few more bugs here and there, which you can report to https-everywhere@eff.org. Sorry about the inconvenience, and thank you for using HTTPS Everywhere.">
-<!ENTITY https-everywhere.popup.keep "Keep me on the development version">
-<!ENTITY https-everywhere.popup.revert "Download the latest stable version">
-
-<!ENTITY https-everywhere.ruleset-tests.status_title "HTTPS Everywhere Ruleset Tests">
-<!ENTITY https-everywhere.ruleset-tests.status_cancel_button "Cancel">
-<!ENTITY https-everywhere.ruleset-tests.status_start_button "Start">
-
diff --git a/src/chrome/locale/nb/https-everywhere.properties b/src/chrome/locale/nb/https-everywhere.properties
deleted file mode 100644
index 0bf50bc89ed2..000000000000
--- a/src/chrome/locale/nb/https-everywhere.properties
+++ /dev/null
@@ -1,8 +0,0 @@
-https-everywhere.menu.globalEnable = Aktiver HTTPS Everywhere
-https-everywhere.menu.globalDisable = Deaktiver HTTPS Everywhere
-https-everywhere.menu.enableDisable = Aktiver / Deaktiver Regler
-https-everywhere.menu.noRules = (Ingen regler for denne siden)
-https-everywhere.menu.unknownRules = (Reglene for denne siden er ukjente)
-https-everywhere.toolbar.hint = HTTPS Everywhere er nå aktiv. Du kan aktivere/deaktivere fra side til side ved å klikke på ikonet i adresselinjen.
-https-everywhere.migration.notification0 = In order to implement a crucial fix, this update resets your HTTPS Everywhere rule preferences to their default values.
-https-everywhere.menu.ruleset-tests = Run HTTPS Everywhere Ruleset Tests
diff --git a/src/chrome/locale/nb/ssl-observatory.dtd b/src/chrome/locale/nb/ssl-observatory.dtd
deleted file mode 100644
index a7fce6388281..000000000000
--- a/src/chrome/locale/nb/ssl-observatory.dtd
+++ /dev/null
@@ -1,100 +0,0 @@
-<!-- Observatory popup window -->
-<!ENTITY ssl-observatory.popup.details "Detaljer og Personvernsinformasjon">
-<!ENTITY ssl-observatory.popup.later "Spør Meg Senere">
-<!ENTITY ssl-observatory.popup.no "Nei">
-
-<!ENTITY ssl-observatory.popup.text "HTTPS Everywhere kan oppdage angrep
-mot nettleseren din ved å sende sertifikatene du mottar til
-Observatory. Aktivere dette?">
-
-<!--<!ENTITY ssl-observatory.popup.text 
-"EFF's SSL Observatory can detect attacks against HTTPS websites by collecting
-and auditing the certificates being presented to your browser. Would you like
-to turn it on?">-->
-
-<!ENTITY ssl-observatory.popup.title 
-"Skal HTTPS Everywhere bruke SSL Observatory?">
-
-<!ENTITY ssl-observatory.popup.yes "Ja">
-
-<!-- Observatory preferences dialog -->
-
-<!ENTITY ssl-observatory.prefs.adv_priv_opts1
-"Det er trygt å aktivere dette, hvis du ikke er på et veldig
-påtrengende bedriftsnettverk:">
-
-<!ENTITY ssl-observatory.prefs.adv_priv_opts2
-"Trygt, med mindre du bruker et bedriftsnettverk med hemmelige intranett servernavn.">
-
-<!ENTITY ssl-observatory.prefs.alt_roots 
-"Send inn og sjekk sertifikater signert av ikke-standardiserte rotsertifiseringsinstanser">
-
-<!ENTITY ssl-observatory.prefs.alt_roots_tooltip 
-"Det er trygt (og en god idé) å aktivere denne innstillingen, med mindre du bruker et påtrengende bedriftsnettverk eller Kaspersky antivirusprogramvare som overvåker surfingen din med en TLS proxy og en privat rotsertifiseringsinstans. Hvis du aktiverer dette på et slikt nettverk, kan innstillingen publisere bevis på hvilke https://-domener som ble besøk gjennom den proxyen, som følge av de unike sertifkatene den vil lage. Så vi deaktiverer den som standard.">
-
-<!ENTITY ssl-observatory.prefs.anonymous "Sjekk sertifikatene ved å bruke Tor for anonymitet">
-<!ENTITY ssl-observatory.prefs.anonymous_unavailable 
-"Sjekk sertifikater anonymt ved å bruke Tor (Tor kreves)">
-<!ENTITY ssl-observatory.prefs.anonymous_tooltip 
-"Denne innstillingen krever at Tor installeres og aktiveres">
-
-<!ENTITY ssl-observatory.prefs.asn 
-"Når du ser et nytt sertifikat, fortell Observatory hvilken internettleverandør du er tilkoblet">
-
-<!ENTITY ssl-observatory.prefs.asn_tooltip
-"Dette vil hente og sende ditt nettverks &quot;autonome systemnummer&quot;.  Dette vil hjelpe oss med å lokalisere angrep mot HTTPS og med å avgjøre om vi har observasjoner fra nettverk i Iran og Syria, hvor angrep er relativt vanlige.">
-
-<!ENTITY ssl-observatory.prefs.done "Ferdig">
-
-<!ENTITY ssl-observatory.prefs.explanation 
-"HTTPS Everywhere kan bruke EFF's SSL Observatory.  Dette gjør to ting: (1)
-sender kopier av HTTPS sertifikater til Observatory, for å hjelpe oss å
-avsløre 'mellommann'-angrep og forbedre sikkerheten på nettet; og (2)
-lar oss advare deg mot usikre tilkoblinger og angrep på nettleseren din.">
-
-<!--<!ENTITY ssl-observatory.prefs.explanation2
-"When you visit https://www.example.com, the Observatory will learn that
-somebody visited that site, but will not know who or what page they looked at.
-Mouseover the options for further details:">-->
-
-<!ENTITY ssl-observatory.prefs.explanation2
-
-"For eksempel, hvis du besøker https://www.something.com, vil sertifikatet
-Observatory mottar indikere at noen besøkte
-www.something.com, men ikke hvem som besøkte siden, eller spesifikt hvilken side
-de så på. Hold muspekeren over innstillingene for flere detaljer:">
-
-<!ENTITY ssl-observatory.prefs.hide "Skjul avanserte innstillinger">
-
-<!ENTITY ssl-observatory.prefs.nonanon 
-"Sjekk sertifikater selv om Tor ikke er tilgjengelig.">
-
-<!ENTITY ssl-observatory.prefs.nonanon_tooltip
-"Vil vil fortsatt prøve å holde dataene anonyme, men denne innstillingen er mindre sikker">
-
-<!ENTITY ssl-observatory.prefs.priv_dns 
-"Send inn og sjekk sertifikater til DNS-navn som ikke er offentlige">
-
-<!ENTITY ssl-observatory.prefs.priv_dns_tooltip
-"Hvis denne innstillingen ikke er aktivert, vil ikke Observatory registrere sertikatene til navn som ikke kan analyseres gjennom DNS-systemet.">
-
-<!ENTITY ssl-observatory.prefs.show "Vis avanserte innstillinger">
-
-<!ENTITY ssl-observatory.prefs.title "SSL Observatory Innstillinger">
-
-<!ENTITY ssl-observatory.prefs.use "Bruke Observatory?">
-<!ENTITY ssl-observatory.warning.title "ADVARSEL fra EFF's SSL Observatory ">
-<!ENTITY ssl-observatory.warning.showcert "Vis sertifikatkjede">
-<!ENTITY ssl-observatory.warning.okay "Jeg forstår">
-<!ENTITY ssl-observatory.warning.text "EFF's SSL Observatory har utstedt en advarsel om bruk av HTTPS sertifikatene på denne siden:">
-<!ENTITY ssl-observatory.warning.defense "Hvis du er innlogget på denne siden, er det anbefalt at du forandrer passordet så snart du har en sikker tilkobling.">
-
-<!ENTITY ssl-observatory.prefs.self_signed
-"Send og sjekk selvsignerte sertifikater">
-<!ENTITY ssl-observatory.prefs.self_signed_tooltip
-"Dette er anbefalt; kryptografiske problemer er spesielt vanlig i selvsignerte enheter">
-
-<!ENTITY https-everywhere.ruleset-tests.status_title "HTTPS Everywhere Ruleset Tests">
-<!ENTITY https-everywhere.ruleset-tests.status_cancel_button "Cancel">
-<!ENTITY https-everywhere.ruleset-tests.status_start_button "Start">
-
diff --git a/src/chrome/locale/nl/https-everywhere.dtd b/src/chrome/locale/nl/https-everywhere.dtd
deleted file mode 100644
index 6483f3854abe..000000000000
--- a/src/chrome/locale/nl/https-everywhere.dtd
+++ /dev/null
@@ -1,47 +0,0 @@
-<!ENTITY https-everywhere.about.title "Over HTTPS Everywhere">
-<!ENTITY https-everywhere.about.ext_name "HTTPS Everywhere">
-<!ENTITY https-everywhere.about.ext_description "Versleutel het web! Gebruik HTTPS-beveiliging automatisch op vele sites.">
-<!ENTITY https-everywhere.about.version "Versie">
-<!ENTITY https-everywhere.about.created_by "Gemaakt door">
-<!ENTITY https-everywhere.about.librarians "Regelsetbibliothecarissen">
-<!ENTITY https-everywhere.about.thanks "Met dank aan">
-<!ENTITY https-everywhere.about.contribute  "Als HTTPS Everywhere u bevalt, kunt u overwegen">
-<!ENTITY https-everywhere.about.donate_tor "te doneren aan Tor">
-<!ENTITY https-everywhere.about.tor_lang_code "en">
-<!ENTITY https-everywhere.about.donate_eff "te doneren aan het EFF">
-
-<!ENTITY https-everywhere.menu.about "Over HTTPS Everywhere">
-<!ENTITY https-everywhere.menu.observatory "SSL-observatoriumvoorkeuren">
-<!ENTITY https-everywhere.menu.globalEnable "HTTPS Everywhere inschakelen">
-<!ENTITY https-everywhere.menu.globalDisable "HTTPS Everywhere uitschakelen">
-
-<!ENTITY https-everywhere.prefs.title "HTTPS Everywhere-voorkeuren">
-<!ENTITY https-everywhere.prefs.enable_all "Alles inschakelen">
-<!ENTITY https-everywhere.prefs.disable_all "Alles uitschakelen">
-<!ENTITY https-everywhere.prefs.reset_defaults "Standaardwaarden herstellen">
-<!ENTITY https-everywhere.prefs.search "Zoeken">
-<!ENTITY https-everywhere.prefs.site "Site">
-<!ENTITY https-everywhere.prefs.notes "Opmerkingen">
-<!ENTITY https-everywhere.prefs.list_caption "Welke HTTPS-omleidingsregels moeten worden toegepast?">
-<!ENTITY https-everywhere.prefs.enabled "Ingeschakeld">
-<!ENTITY https-everywhere.prefs.ruleset_howto "Om ondersteuning voor andere websites toe te voegen, kunt u">
-<!ENTITY https-everywhere.prefs.here_link "zelf regelsets opstellen">
-<!ENTITY https-everywhere.prefs.toggle "Schakelen">
-<!ENTITY https-everywhere.prefs.reset_default "Standaardwaarden herstellen">
-<!ENTITY https-everywhere.prefs.view_xml_source "XML-broncode bekijken">
-
-<!ENTITY https-everywhere.source.downloading "Bezig met downloaden">
-<!ENTITY https-everywhere.source.filename "Bestandsnaam">
-<!ENTITY https-everywhere.source.unable_to_download "Kan broncode niet downloaden.">
-
-<!ENTITY https-everywhere.popup.title "HTTPS Everywhere 4.0development.11 bericht">
-<!ENTITY https-everywhere.popup.paragraph1 "Oeps! U gebruikte de stabiele versie van HTTPS Everywhere, maar het is mogelijk dat we u tijdens de laatste uitgave per ongeluk naar de ontwikkelversie hebben geupgrade.">
-<!ENTITY https-everywhere.popup.paragraph2 "Wilt u teruggaan naar de stabiele versie?">
-<!ENTITY https-everywhere.popup.paragraph3 "We zouden het op prijs stellen als u doorging met het gebruik van onze ontwikkelde versie en ons hielp met het verbeteren van HTTPS Everywhere! U zult hier en daar wat bugs tegenkomen, die u kunt melden aan https-everywhere@eff.org. Excuses voor het ongemak, en veel dank voor het gebruik van HTTPS Everywhere.">
-<!ENTITY https-everywhere.popup.keep "Hou me op de ontwikkelde versie">
-<!ENTITY https-everywhere.popup.revert "Download de meest recenste stabiele uitgave.">
-
-<!ENTITY https-everywhere.ruleset-tests.status_title "HTTPS Everywhere Ruleset Tests">
-<!ENTITY https-everywhere.ruleset-tests.status_cancel_button "Cancel">
-<!ENTITY https-everywhere.ruleset-tests.status_start_button "Start">
-
diff --git a/src/chrome/locale/nl/https-everywhere.properties b/src/chrome/locale/nl/https-everywhere.properties
deleted file mode 100644
index a96fdc729f5d..000000000000
--- a/src/chrome/locale/nl/https-everywhere.properties
+++ /dev/null
@@ -1,7 +0,0 @@
-https-everywhere.menu.globalEnable = HTTPS Everywhere inschakelen
-https-everywhere.menu.globalDisable = HTTPS Everywhere uitschakelen
-https-everywhere.menu.enableDisable = Regels in-/uitschakelen
-https-everywhere.menu.noRules = (Geen regels voor deze pagina)
-https-everywhere.menu.unknownRules = (Regels voor deze pagina zijn onbekend)
-https-everywhere.toolbar.hint = HTTPS Everywhere is nu geactiveerd. Je kan dit aanpassen door op een site-by-site basis te clicken op het icoon naast de adres bar.
-https-everywhere.menu.ruleset-tests = Run HTTPS Everywhere Ruleset Tests
diff --git a/src/chrome/locale/nl/ssl-observatory.dtd b/src/chrome/locale/nl/ssl-observatory.dtd
deleted file mode 100644
index e576db50388c..000000000000
--- a/src/chrome/locale/nl/ssl-observatory.dtd
+++ /dev/null
@@ -1,99 +0,0 @@
-<!-- Observatory popup window -->
-<!ENTITY ssl-observatory.popup.details "Details en privacy-informatie">
-<!ENTITY ssl-observatory.popup.later "Later opnieuw vragen">
-<!ENTITY ssl-observatory.popup.no "Nee">
-
-<!ENTITY ssl-observatory.popup.text "HTTPS Everywhere kan aanvallen op uw browser detecteren door
-de certificaten die u ontvangt, naar het observatorium door te sturen. Wilt u dit inschakelen?">
-
-<!--<!ENTITY ssl-observatory.popup.text 
-"EFF's SSL Observatory can detect attacks against HTTPS websites by collecting
-and auditing the certificates being presented to your browser. Would you like
-to turn it on?">-->
-
-<!ENTITY ssl-observatory.popup.title 
-"SSL-observatorium gebruiken?">
-
-<!ENTITY ssl-observatory.popup.yes "Ja">
-
-<!-- Observatory preferences dialog -->
-
-<!ENTITY ssl-observatory.prefs.adv_priv_opts1
-"Het is veilig om dit in te schakelen, tenzij u een zeer indringend bedrijfsnetwerk gebruikt:">
-
-<!ENTITY ssl-observatory.prefs.adv_priv_opts2
-"Veilig, tenzij u een bedrijfsnetwerk met geheime intranetservernamen gebruikt:">
-
-<!ENTITY ssl-observatory.prefs.alt_roots 
-"Certificaten ondertekend door niet-standaard hoofd-CA’s opsturen en controleren">
-
-<!ENTITY ssl-observatory.prefs.alt_roots_tooltip 
-"Het is veilig (en aangeraden) om deze optie in te schakelen, tenzij u een indringend
-bedrijfsnetwerk gebruikt dat uw surfgedrag met een TLS-proxy en een
-privé-hoofdcertificaatautoriteit monitort. Indien deze optie op een dergelijk netwerk is ingeschakeld,
-kan deze bewijs publiceren over welke HTTPS-domeinen via die proxy werden bezocht, vanwege de unieke
-certificaten die dan worden geproduceerd. De optie is daarom standaard uitgeschakeld.">
-
-<!ENTITY ssl-observatory.prefs.anonymous "Certificaten omwille van anonimiteit via Tor controleren">
-<!ENTITY ssl-observatory.prefs.anonymous_unavailable 
-"Certificaten omwille van anonimiteit via Tor controleren (vereist Torbutton)">
-<!ENTITY ssl-observatory.prefs.anonymous_tooltip 
-"Voor deze optie zijn Tor en Torbutton vereist">
-
-<!ENTITY ssl-observatory.prefs.asn 
-"Melden met welke ISP u bent verbonden indien u een nieuwe certificaat ziet">
-
-<!ENTITY ssl-observatory.prefs.asn_tooltip
-"Dit zal het Autonoom Systeem-nummer van uw netwerk ophalen en verzenden als het observatorium een
-waarschuwing afgeeft over een certificaat dat u zag. Dit helpt ons aanvallen op HTTPS te lokaliseren.">
-
-<!ENTITY ssl-observatory.prefs.done "OK">
-
-<!ENTITY ssl-observatory.prefs.explanation 
-"HTTPS Everywhere kan het SSL-observatorium van EFF gebruiken. Dit doet twee dingen: ten eerste zendt
-het kopieën van HTTPS-certificaten naar het observatorium om ons te helpen man-in-the-middle-aanvallen
-te detecteren en de veiligheid van het web te verbeteren; ten tweede laat het ons u waarschuwen over
-onveilige verbindingen en aanvallen op uw browser.">
-
-<!--<!ENTITY ssl-observatory.prefs.explanation2
-"When you visit https://www.example.com, the Observatory will learn that
-somebody visited that site, but will not know who or what page they looked at.
-Mouseover the options for further details:">-->
-
-<!ENTITY ssl-observatory.prefs.explanation2
-
-"Als u bijvoorbeeld https://www.iets.nl bezoekt, geeft het certificaat dat het observatorium ontvangt aan
-dat iemand www.iets.nl bezocht, maar niet wie de site bezocht of welke specifieke pagina de bezoeker
-bekeek. Plaats uw muis boven de opties voor meer details:">
-
-<!ENTITY ssl-observatory.prefs.hide "Geavanceerde opties verbergen">
-
-<!ENTITY ssl-observatory.prefs.nonanon 
-"Certificaten controleren zelfs als Tor niet beschikbaar is">
-
-<!ENTITY ssl-observatory.prefs.nonanon_tooltip
-"We zullen nog steeds proberen de gegevens anoniem te houden, maar deze optie is minder veilig">
-
-<!ENTITY ssl-observatory.prefs.priv_dns 
-"Certificaten voor niet-openbare DNS-namen opsturen en controleren">
-
-<!ENTITY ssl-observatory.prefs.priv_dns_tooltip
-"Tenzij deze optie is aangevinkt, legt het observatorium geen certificaten vast voor namen die niet via
-het DNS-systeem zijn op te lossen.">
-
-<!ENTITY ssl-observatory.prefs.show "Geavanceerde opties tonen">
-
-<!ENTITY ssl-observatory.prefs.title "Voorkeuren SSL-observatorium">
-
-<!ENTITY ssl-observatory.prefs.use "Het observatorium gebruiken?">
-<!ENTITY ssl-observatory.warning.title "WAARSCHUWING van SSL-observatorium van EFF">
-<!ENTITY ssl-observatory.warning.showcert "Toon de certificaatketen">
-<!ENTITY ssl-observatory.warning.okay "Ik begrijp het">
-<!ENTITY ssl-observatory.warning.text "Het SSL-observatorium van EFF heeft een waarschuwing uitgegeven over een HTTPS-certificaat voor deze site:">
-<!ENTITY ssl-observatory.warning.defense "Als u bent ingelogd op deze site, is het aan te raden uw wachtwoord te wijzigen zodra u een veilige verbinding hebt.">
-
-<!ENTITY ssl-observatory.prefs.self_signed
-"Verstuur en controleer zelf-getekende certificaten">
-<!ENTITY ssl-observatory.prefs.self_signed_tooltip
-"Dit is aanbevolen; cryptografische problemen zijn veel voorkomend in zelf-getekende embedded apparaten">
-
diff --git a/src/chrome/locale/pl/https-everywhere.dtd b/src/chrome/locale/pl/https-everywhere.dtd
deleted file mode 100644
index 989b0ab7ed9b..000000000000
--- a/src/chrome/locale/pl/https-everywhere.dtd
+++ /dev/null
@@ -1,47 +0,0 @@
-<!ENTITY https-everywhere.about.title "O HTTPS Everywhere">
-<!ENTITY https-everywhere.about.ext_name "HTTPS Everywhere">
-<!ENTITY https-everywhere.about.ext_description "Szyfruj sieć! Automatycznie używaj zabezpieczeń HTTPS na wielu stronach.">
-<!ENTITY https-everywhere.about.version "Wersja">
-<!ENTITY https-everywhere.about.created_by "Stworzone przez">
-<!ENTITY https-everywhere.about.librarians "Ruleset Librarians">
-<!ENTITY https-everywhere.about.thanks "Dzięki dla">
-<!ENTITY https-everywhere.about.contribute  "Jeżeli lubisz HTTPS Everywhere, możesz rozważyć ">
-<!ENTITY https-everywhere.about.donate_tor "Dotacje dla Tora">
-<!ENTITY https-everywhere.about.tor_lang_code "en">
-<!ENTITY https-everywhere.about.donate_eff "Dotacje dla Electronic Frontier Foundation">
-
-<!ENTITY https-everywhere.menu.about "O HTTPS Everywhere">
-<!ENTITY https-everywhere.menu.observatory "Ustawienia SSL Observatory">
-<!ENTITY https-everywhere.menu.globalEnable "Włącz HTTPS Everywhere">
-<!ENTITY https-everywhere.menu.globalDisable "Wyłącz HTTPS Everywhere">
-
-<!ENTITY https-everywhere.prefs.title "Ustawienia HTTPS Everywhere">
-<!ENTITY https-everywhere.prefs.enable_all "Włącz wszystko">
-<!ENTITY https-everywhere.prefs.disable_all "Wyłącz wszystko">
-<!ENTITY https-everywhere.prefs.reset_defaults "Przywróć ustawienia fabryczne">
-<!ENTITY https-everywhere.prefs.search "Szukaj">
-<!ENTITY https-everywhere.prefs.site "Strona">
-<!ENTITY https-everywhere.prefs.notes "Notatki">
-<!ENTITY https-everywhere.prefs.list_caption "Które z opcji przekierowań HTTPS należy zastosować?">
-<!ENTITY https-everywhere.prefs.enabled "Włączone">
-<!ENTITY https-everywhere.prefs.ruleset_howto "Możesz nauczyć się jak pisać własne pakiety reguł (by dać wsparcie innym stronom)">
-<!ENTITY https-everywhere.prefs.here_link "tutaj">
-<!ENTITY https-everywhere.prefs.toggle "Przełączanie">
-<!ENTITY https-everywhere.prefs.reset_default "Przywróć ustawienia fabryczne">
-<!ENTITY https-everywhere.prefs.view_xml_source "Zobacz źródło XML ">
-
-<!ENTITY https-everywhere.source.downloading "Ściąganie">
-<!ENTITY https-everywhere.source.filename "Nazwa pliku">
-<!ENTITY https-everywhere.source.unable_to_download "Nie można ściągnąć źródła.  ">
-
-<!ENTITY https-everywhere.popup.title "Powiadomienie o wersji HTTPS Everywhere 4.0development.11">
-<!ENTITY https-everywhere.popup.paragraph1 "Ojej. Używałeś stabilnej wersji HTTPS Everywhere, ale mogliśmy wraz z najnowszą wersją przypadkowo zaktualizować Twój system do wersji rozwojowej.">
-<!ENTITY https-everywhere.popup.paragraph2 "Czy chciałbyś wrócić do wersji stabilnej?">
-<!ENTITY https-everywhere.popup.paragraph3 "Pragnęlibyśmy abyś dalej używał naszej wersji rozwojowej i pomógł nam uczyć HTTPS Everywhere lepszym! Może się okazać, że jest trochę więcej błędów tu  i tam, które możesz zgłosić pod adres https-everywhere@eff.org. Wybacz proszę tę niedogodność. Dziękujemy za używanie HTTPS Everywhere.">
-<!ENTITY https-everywhere.popup.keep "Pozostań przy wersji rozwojowej">
-<!ENTITY https-everywhere.popup.revert "Pobierz najnowszą wersję stabilną">
-
-<!ENTITY https-everywhere.ruleset-tests.status_title "HTTPS Everywhere Ruleset Tests">
-<!ENTITY https-everywhere.ruleset-tests.status_cancel_button "Cancel">
-<!ENTITY https-everywhere.ruleset-tests.status_start_button "Start">
-
diff --git a/src/chrome/locale/pl/https-everywhere.properties b/src/chrome/locale/pl/https-everywhere.properties
deleted file mode 100644
index 03428a2b199b..000000000000
--- a/src/chrome/locale/pl/https-everywhere.properties
+++ /dev/null
@@ -1,8 +0,0 @@
-https-everywhere.menu.globalEnable = Włącz HTTPS Everywhere
-https-everywhere.menu.globalDisable = Wyłącz HTTPS Everywhere
-https-everywhere.menu.enableDisable = Włącz/Wyłącz reguły
-https-everywhere.menu.noRules = (brak reguł dla tej strony)
-https-everywhere.menu.unknownRules = (reguły dla strony nieznane)
-https-everywhere.toolbar.hint = HTTPS Everywhere jest teraz aktywne. Możesz przełączać to dla poszczególnych stron, klikając ikonę w pasku adresu.
-https-everywhere.migration.notification0 = W celu implementacji pewnej kluczowej poprawki, ta aktualizacja zresetuje ustawienia reguł HTTPS Everywhere do ich domyślnych wartości.
-https-everywhere.menu.ruleset-tests = Run HTTPS Everywhere Ruleset Tests
diff --git a/src/chrome/locale/pl/ssl-observatory.dtd b/src/chrome/locale/pl/ssl-observatory.dtd
deleted file mode 100644
index bd515b33c883..000000000000
--- a/src/chrome/locale/pl/ssl-observatory.dtd
+++ /dev/null
@@ -1,91 +0,0 @@
-<!-- Observatory popup window -->
-<!ENTITY ssl-observatory.popup.details "Szczegóły i Polityka Prywatności">
-<!ENTITY ssl-observatory.popup.later "Zapytaj mnie później">
-<!ENTITY ssl-observatory.popup.no "Nie">
-
-<!ENTITY ssl-observatory.popup.text "HTTPS Everywhere może wykryć ataki
-na twoją przeglądarkę przez wysyłanie do ciebie certyfikatów, które otrzymujesz
-do &quot;SSL Observatory&quot;. Włączyć tą opcję?">
-
-<!--<!ENTITY ssl-observatory.popup.text 
-"EFF's SSL Observatory can detect attacks against HTTPS websites by collecting
-and auditing the certificates being presented to your browser. Would you like
-to turn it on?">-->
-
-<!ENTITY ssl-observatory.popup.title 
-"Czy HTTPS Everywhere ma używać &quot;SSL Observatory&quot;?">
-
-<!ENTITY ssl-observatory.popup.yes "Tak">
-
-<!-- Observatory preferences dialog -->
-
-<!ENTITY ssl-observatory.prefs.adv_priv_opts1
-"Bezpiecznym jest używanie tej opcji, chyba że korzystasz
-z intruzywnej sieci korporacyjnej.">
-
-<!ENTITY ssl-observatory.prefs.adv_priv_opts2
-"Bezpieczne, jeżeli używasz sieci korporacyjnej z ukrytymi nazwami serwerów Intranetowych.">
-
-<!ENTITY ssl-observatory.prefs.alt_roots 
-"Wysyłaj i sprawdzaj certyfikaty podpisane przez niestandardowe ośrodki certyfikacji">
-
-<!ENTITY ssl-observatory.prefs.alt_roots_tooltip 
-"Jest bezpiecznym, (i dobrym pomysłem), by włączyć tą opcję, chyba że używasz intruzywnej sieci korporacyjnej lub antywirusa firmy Kaspersky, które monitorują twoje przeglądanie za pomocą TLS proxy i prywatnego roota CA. Jeżeli ta opcja jest włączona na takich właśnie sieciach, opcja ta może przyczynić się do publikacji dowodów na temat stron, które były odwiedzane przez ten proxy, ponieważ unikalne certyfikaty zostaną utworzone. Dlatego też opcja ta domyślnie jest wyłączona.">
-
-<!ENTITY ssl-observatory.prefs.anonymous "Sprawdź certyfikaty używając Tora dla prywatności">
-<!ENTITY ssl-observatory.prefs.anonymous_unavailable 
-"Sprawdź certyfikaty używając Tora dla prywatności (wymaga aplikacji Torbutton)">
-<!ENTITY ssl-observatory.prefs.anonymous_tooltip 
-"Ta opcja, do instalacji, wymaga Tora oraz aplikacji Torbutton ">
-
-<!ENTITY ssl-observatory.prefs.asn 
-"Jeżeli dostrzeżesz nowe certyfikaty, potwierdź SLL Observatory, do którego ISP jesteś obecnie podłączony">
-
-<!ENTITY ssl-observatory.prefs.asn_tooltip
-"To pobierze i wyśle &quot;numer Autonomicznego Systemu&quot; Twojej sieci.
-To pomoże nam zlokalizować ataki na HTTPS i określić, czy mamy obserwacje sieci w miejscach takich jak Iran czy Syria, gdzie ataki są porównywalnie częste.">
-
-<!ENTITY ssl-observatory.prefs.done "Gotowe">
-
-<!ENTITY ssl-observatory.prefs.explanation 
-"HTTPS Everywhere może używać EFF's SSL Observatory. Daje to dwie rzeczy: (1) wysyła kopie certyfikatów HTTPS do SSL Observatory, pomagając nam wykryć ataki osób podsłuchujących; i (2) daje nam znać o niezabezpieczonych połączeniach lub atakach na twoją przeklądarkę.">
-
-<!--<!ENTITY ssl-observatory.prefs.explanation2
-"When you visit https://www.example.com, the Observatory will learn that
-somebody visited that site, but will not know who or what page they looked at.
-Mouseover the options for further details:">-->
-
-<!ENTITY ssl-observatory.prefs.explanation2
-
-"Dla przykładu, jeżeli odwiedzasz https://www.something.com, certyfikat otrzymany przez SSL Observatory wskaże, że ktoś odwiedził https://www.something.com ale nie wskaże kto dokładnie ją odwiedzał i jakie strony przeglądał. Najedź kursorem na opcje by zobaczyć więcej szczegółów ">
-
-<!ENTITY ssl-observatory.prefs.hide "Schowaj zaawansowane opcje">
-
-<!ENTITY ssl-observatory.prefs.nonanon 
-"Sprawdź certyfikaty nawet jeżeli Tor nie jest dostępny">
-
-<!ENTITY ssl-observatory.prefs.nonanon_tooltip
-"Postaramy się zachować anonimowość twoich danych, jednak ta opcja jest mniej bezpieczna.">
-
-<!ENTITY ssl-observatory.prefs.priv_dns 
-"Wyślij i sprawdź certyfikaty dla niepublicznych nazw DNSów">
-
-<!ENTITY ssl-observatory.prefs.priv_dns_tooltip
-"Jeśli ta opcja nie jest włączona, Obserwatorium nie zarejestruje certyfikatów dla nazw, których nie można znaleźć w systemie DNS.">
-
-<!ENTITY ssl-observatory.prefs.show "Pokaż zaawansowane opcje">
-
-<!ENTITY ssl-observatory.prefs.title "Preferencje SLL Observatory">
-
-<!ENTITY ssl-observatory.prefs.use "Użyj Observatory?">
-<!ENTITY ssl-observatory.warning.title "OSTRZEŻENIE od EFF's SSL Observatory">
-<!ENTITY ssl-observatory.warning.showcert "Pokaż łańcuch certyfikatu">
-<!ENTITY ssl-observatory.warning.okay "Tak rozumie">
-<!ENTITY ssl-observatory.warning.text "EFF's SSL Observatory wystawił ostrzeżenie na temat certyfikatów HTTPS dla tej stron:">
-<!ENTITY ssl-observatory.warning.defense "Jeżeli zalogowałeś się do tej strony, bezpiecznym będzie zmiana hasła, po ponownym połączeniu się z bezpieczną siecią.">
-
-<!ENTITY ssl-observatory.prefs.self_signed
-"Wysyłaj i sprawdzaj samopodpisane certyfikaty">
-<!ENTITY ssl-observatory.prefs.self_signed_tooltip
-"To jest zalecane; problemy kryptograficzne są szczególnie częste w samopodpisanych urządzeniach wbudowanych.">
-
diff --git a/src/chrome/locale/pt/https-everywhere.dtd b/src/chrome/locale/pt/https-everywhere.dtd
deleted file mode 100644
index f0017c0b572e..000000000000
--- a/src/chrome/locale/pt/https-everywhere.dtd
+++ /dev/null
@@ -1,47 +0,0 @@
-<!ENTITY https-everywhere.about.title "Sobre o HTTPS Everywhere">
-<!ENTITY https-everywhere.about.ext_name "HTTPS Everywhere">
-<!ENTITY https-everywhere.about.ext_description "Criptografe a Web! Use automaticamente a segurança HTTPS em diversos sites.">
-<!ENTITY https-everywhere.about.version "Versão">
-<!ENTITY https-everywhere.about.created_by "Criado por">
-<!ENTITY https-everywhere.about.librarians "Bibliotecários dos Conjuntos de Regras">
-<!ENTITY https-everywhere.about.thanks "Obrigado a">
-<!ENTITY https-everywhere.about.contribute  "Se você gostar do HTTPS Everywhere, considere">
-<!ENTITY https-everywhere.about.donate_tor "Fazer uma doação para o Tor">
-<!ENTITY https-everywhere.about.tor_lang_code "en">
-<!ENTITY https-everywhere.about.donate_eff "Fazer uma doação para a EFF">
-
-<!ENTITY https-everywhere.menu.about "Sobre o HTTPS Everywhere">
-<!ENTITY https-everywhere.menu.observatory "Preferências do Observatório SSL">
-<!ENTITY https-everywhere.menu.globalEnable "Habilitar HTTPS Everywhere">
-<!ENTITY https-everywhere.menu.globalDisable "Desabilitar HTTPS Everywhere">
-
-<!ENTITY https-everywhere.prefs.title "Preferências do HTTPS Everywhere ">
-<!ENTITY https-everywhere.prefs.enable_all "Habilitar tudo">
-<!ENTITY https-everywhere.prefs.disable_all "Desabilitar tudo">
-<!ENTITY https-everywhere.prefs.reset_defaults "Restaurar as configurações padrão">
-<!ENTITY https-everywhere.prefs.search "Procurar">
-<!ENTITY https-everywhere.prefs.site "Site">
-<!ENTITY https-everywhere.prefs.notes "Notas">
-<!ENTITY https-everywhere.prefs.list_caption "Quais regras de redirecionamento HTTPS devem ser aplicadas?">
-<!ENTITY https-everywhere.prefs.enabled "Habilitado(a)">
-<!ENTITY https-everywhere.prefs.ruleset_howto "Você pode aprender como escrever seu próprio conjunto de regras (para adicionar suporte para outros websites)">
-<!ENTITY https-everywhere.prefs.here_link "aqui">
-<!ENTITY https-everywhere.prefs.toggle "Alternar">
-<!ENTITY https-everywhere.prefs.reset_default "Restaurar as configurações padrão">
-<!ENTITY https-everywhere.prefs.view_xml_source "Ver Fonte XML">
-
-<!ENTITY https-everywhere.source.downloading "Fazendo download">
-<!ENTITY https-everywhere.source.filename "Nome do Arquivo">
-<!ENTITY https-everywhere.source.unable_to_download "Impossível fazer download da origem.">
-
-<!ENTITY https-everywhere.popup.title "Aviso do HTTPS Everywhere 4.0development.11">
-<!ENTITY https-everywhere.popup.paragraph1 "Desculpe. Você usava a versão estável do HTTPS Everywhere, mas, na nossa última liberação, sem querer podemos ter atualizado seu navegador para a versão de desenvolvimento.">
-<!ENTITY https-everywhere.popup.paragraph2 "Gostaria de voltar à versão estável?">
-<!ENTITY https-everywhere.popup.paragraph3 "Seria útil para o nosso projeto se quiser continuar a usar a versão de desenvolvimento para ajudar-nos a melhorar o HTTPS Everywhere. Porém, pode encontrar mais bugs; pode informar sobre eles escrevendo para https-everywhere@eff.org. Desculpe pelo incômodo, e obrigado por usar o HTTPS Everywhere.">
-<!ENTITY https-everywhere.popup.keep "Manter o navegador na versão de desenvolvimento">
-<!ENTITY https-everywhere.popup.revert "Baixar a versão estável mais recente">
-
-<!ENTITY https-everywhere.ruleset-tests.status_title "HTTPS Everywhere Ruleset Tests">
-<!ENTITY https-everywhere.ruleset-tests.status_cancel_button "Cancel">
-<!ENTITY https-everywhere.ruleset-tests.status_start_button "Start">
-
diff --git a/src/chrome/locale/pt/https-everywhere.properties b/src/chrome/locale/pt/https-everywhere.properties
deleted file mode 100644
index 66160e4d5640..000000000000
--- a/src/chrome/locale/pt/https-everywhere.properties
+++ /dev/null
@@ -1,8 +0,0 @@
-https-everywhere.menu.globalEnable = Habilitar HTTPS Everywhere
-https-everywhere.menu.globalDisable = Desabilitar HTTPS Everywhere
-https-everywhere.menu.enableDisable = Habilitar / Desabilitar Regras
-https-everywhere.menu.noRules = (Não há Regras para Esta Página)
-https-everywhere.menu.unknownRules = (Regras Desconhecidas para Esta Página)
-https-everywhere.toolbar.hint = HTTPS Everywhere foi ativado. Você pode habilitá-lo individualmente para cada site, clicando no ícone na barra de endereços.
-https-everywhere.migration.notification0 = Para implementar uma reparação crucial, esta atualização limpa sua preferência de regras do HTTPS Everywhere para valores padrão.
-https-everywhere.menu.ruleset-tests = Run HTTPS Everywhere Ruleset Tests
diff --git a/src/chrome/locale/pt/ssl-observatory.dtd b/src/chrome/locale/pt/ssl-observatory.dtd
deleted file mode 100644
index 7ef2617c247e..000000000000
--- a/src/chrome/locale/pt/ssl-observatory.dtd
+++ /dev/null
@@ -1,94 +0,0 @@
-<!-- Observatory popup window -->
-<!ENTITY ssl-observatory.popup.details "Detalhes e Informações sobre a Privacidade">
-<!ENTITY ssl-observatory.popup.later "Pergunte-me mais tarde">
-<!ENTITY ssl-observatory.popup.no "Não">
-
-<!ENTITY ssl-observatory.popup.text "HTTPS Everywhere detecta ataques
-contra seu navegador enviando os certificados que você receber
-ao Observatório.  Você gostaria de ativá-lo?">
-
-<!--<!ENTITY ssl-observatory.popup.text 
-"EFF's SSL Observatory can detect attacks against HTTPS websites by collecting
-and auditing the certificates being presented to your browser. Would you like
-to turn it on?">-->
-
-<!ENTITY ssl-observatory.popup.title 
-"O HTTPS Everywhere deverá usar o Observatório SSL?">
-
-<!ENTITY ssl-observatory.popup.yes "Sim">
-
-<!-- Observatory preferences dialog -->
-
-<!ENTITY ssl-observatory.prefs.adv_priv_opts1
-"É seguro habilitar isto, a não ser que você use uma
-rede corporativa muito intrusiva:">
-
-<!ENTITY ssl-observatory.prefs.adv_priv_opts2
-"Seguro, a não ser que você use uma rede corporativa com nomes de servidores secretos na intranet:">
-
-<!ENTITY ssl-observatory.prefs.alt_roots 
-"Submeta e verifique os certificados assinados pelas non-standard root CAs">
-
-<!ENTITY ssl-observatory.prefs.alt_roots_tooltip 
-"É seguro (e uma boa idéia) habilitar esta opção, a não ser que você use uma rede corporativa intrusiva ou o Kapersky antivirus que monitora sua navegação com uma proxy TLS e um certificado Certificate Authority privado raiz.  Se habilitado em uma rede deste tipo, esta opção pode publicar evidências de quais domínios httpss:// foram visitados através daquele proxy, por causa dos certificados únicos que serão produzidos.  Então nós deixamos isto desabilitado por padrão.">
-
-<!ENTITY ssl-observatory.prefs.anonymous "Checar certificados usando Tor para anonimato">
-<!ENTITY ssl-observatory.prefs.anonymous_unavailable 
-"Checar certificados usando Tor para anonimato (requer Torbutton)">
-<!ENTITY ssl-observatory.prefs.anonymous_tooltip 
-"Esta opção requer que o Tor e o Torbutton estejam instalados">
-
-<!ENTITY ssl-observatory.prefs.asn 
-"Quando você vir um novo certificado, diga ao Observatório a qual ISP você está conectado">
-
-<!ENTITY ssl-observatory.prefs.asn_tooltip
-"Isto irá buscar e enviar o &quot;Autonomous System Number&quot; de sua rede.  Isto irá nos ajudar a localizar ataques contra HTTPS, e a determinar se nós temos observações das redes localizadas em lugares como Irã e Síria, onde os ataques são relativamente mais comuns.">
-
-<!ENTITY ssl-observatory.prefs.done "Pronto">
-
-<!ENTITY ssl-observatory.prefs.explanation 
-"HTTPS Everywhere pode usar o Observatório SSL de EFF, para realizar duas funções: (1) enviar cópias dos certificados HTTPS ao Observatório, para ajudar-nos
-a detectar o &quot;homem no meio&quot; dos ataques e melhorar a segurança da Web; e (2)
-Avisar-nos sobre conexões não seguras ou ataques ao seu navegador.">
-
-<!--<!ENTITY ssl-observatory.prefs.explanation2
-"When you visit https://www.example.com, the Observatory will learn that
-somebody visited that site, but will not know who or what page they looked at.
-Mouseover the options for further details:">-->
-
-<!ENTITY ssl-observatory.prefs.explanation2
-
-"Por exemplo, quando você visita https://www.algumacoisa.com, o certificado
-recebido pelo Observatório indicará que alguém visitou 
-www.algumacoisa.com, mas não quem visitou o site, ou qual página específica foi vista.  Passe o mouse sobre as opções para mais detalhes:">
-
-<!ENTITY ssl-observatory.prefs.hide "Ocultar opções avançadas">
-
-<!ENTITY ssl-observatory.prefs.nonanon 
-"Checar os certificados mesmo se o Tor não estiver disponível">
-
-<!ENTITY ssl-observatory.prefs.nonanon_tooltip
-"Nós continuaremos tentando manter os dados anônimos, mas esta opção é menos segura">
-
-<!ENTITY ssl-observatory.prefs.priv_dns 
-"Submeter e checar os certificados para nomes de DNS não-públicos">
-
-<!ENTITY ssl-observatory.prefs.priv_dns_tooltip
-"A não ser que esta opção esteja marcada, o Observatório gravará os certificados para os nomes impossíveis de resolver através do sistema DNS.">
-
-<!ENTITY ssl-observatory.prefs.show "Mostrar opções avançadas">
-
-<!ENTITY ssl-observatory.prefs.title "Preferências do Observatório SSL">
-
-<!ENTITY ssl-observatory.prefs.use "Usar este Observatório?">
-<!ENTITY ssl-observatory.warning.title "AVISO do Observatório SSL de EFF">
-<!ENTITY ssl-observatory.warning.showcert "Mostrar a série do certificado">
-<!ENTITY ssl-observatory.warning.okay "Eu entendi">
-<!ENTITY ssl-observatory.warning.text "O Observatório SSL de EFF emitiu um aviso sobre o(s) certificados(s) HTTPS para este site:">
-<!ENTITY ssl-observatory.warning.defense "Se você estiver logado neste site, é aconselhável trocar sua senha assim que você tiver uma conexão segura.">
-
-<!ENTITY ssl-observatory.prefs.self_signed
-"Envie e verifique os certificados auto-assinados">
-<!ENTITY ssl-observatory.prefs.self_signed_tooltip
-"Isto é recomendado; problemas de criptografia são especialmente comuns em certificados auto-assinados de sistemas embarcados">
-
diff --git a/src/chrome/locale/ru/https-everywhere.dtd b/src/chrome/locale/ru/https-everywhere.dtd
deleted file mode 100644
index 0ccab29b09ed..000000000000
--- a/src/chrome/locale/ru/https-everywhere.dtd
+++ /dev/null
@@ -1,47 +0,0 @@
-<!ENTITY https-everywhere.about.title "О HTTPS Everywhere">
-<!ENTITY https-everywhere.about.ext_name "HTTPS Everywhere">
-<!ENTITY https-everywhere.about.ext_description "Зашифруйте сеть! Автоматически переключайтесь на безопасный протокол HTTPS там, где это возможно.">
-<!ENTITY https-everywhere.about.version "Версия">
-<!ENTITY https-everywhere.about.created_by "Авторы">
-<!ENTITY https-everywhere.about.librarians "Хранители правил">
-<!ENTITY https-everywhere.about.thanks "Благодарности">
-<!ENTITY https-everywhere.about.contribute  "Если Вам нравится HTTPS Everywhere, возможно, Вы хотели бы сделать">
-<!ENTITY https-everywhere.about.donate_tor "пожертвование Tor">
-<!ENTITY https-everywhere.about.tor_lang_code "ru">
-<!ENTITY https-everywhere.about.donate_eff "пожертвование EFF">
-
-<!ENTITY https-everywhere.menu.about "О HTTPS Everywhere">
-<!ENTITY https-everywhere.menu.observatory "Настройки SSL Observatory">
-<!ENTITY https-everywhere.menu.globalEnable "Включить HTTPS Everywhere">
-<!ENTITY https-everywhere.menu.globalDisable "Выключить HTTPS Everywhere">
-
-<!ENTITY https-everywhere.prefs.title "Настройки HTTPS Everywhere">
-<!ENTITY https-everywhere.prefs.enable_all "Включить всё">
-<!ENTITY https-everywhere.prefs.disable_all "Выключить всё">
-<!ENTITY https-everywhere.prefs.reset_defaults "По умолчанию">
-<!ENTITY https-everywhere.prefs.search "Поиск">
-<!ENTITY https-everywhere.prefs.site "Сайт">
-<!ENTITY https-everywhere.prefs.notes "Примечания">
-<!ENTITY https-everywhere.prefs.list_caption "Какие правила перенаправлений следует использовать?">
-<!ENTITY https-everywhere.prefs.enabled "Включено">
-<!ENTITY https-everywhere.prefs.ruleset_howto "Руководство по созданию новых правил находится">
-<!ENTITY https-everywhere.prefs.here_link "здесь">
-<!ENTITY https-everywhere.prefs.toggle "Переключить">
-<!ENTITY https-everywhere.prefs.reset_default "Сбросить к значению по умолчанию">
-<!ENTITY https-everywhere.prefs.view_xml_source "Просмотреть исходник XML">
-
-<!ENTITY https-everywhere.source.downloading "Загрузка">
-<!ENTITY https-everywhere.source.filename "Имя файла">
-<!ENTITY https-everywhere.source.unable_to_download "Не могу загрузить исходник">
-
-<!ENTITY https-everywhere.popup.title "HTTPS Everywhere 4.0development.11 уведомление">
-<!ENTITY https-everywhere.popup.paragraph1 "Ой. Вы использовали стабильную версию HTTPS Everywhere, но мы, возможно, случайно обновили Вам её до разрабатываемой версии.">
-<!ENTITY https-everywhere.popup.paragraph2 "Хотели бы Вы вернуться к стабильной версии?">
-<!ENTITY https-everywhere.popup.paragraph3 "Мы были бы рады, если бы Вы продолжили использовать разрабатываемую версию, и помогли нам сделать HTTPS Everywhere лучше! Вы могли бы найти несколько ошибок, и прислать их нам на https-everywhere@eff.org. Извините за неудобства, и спасибо за использование HTTPS Everywhere.">
-<!ENTITY https-everywhere.popup.keep "Остаться на разрабатываемой версии">
-<!ENTITY https-everywhere.popup.revert "Загрузить последнюю стабильную версию">
-
-<!ENTITY https-everywhere.ruleset-tests.status_title "HTTPS Everywhere Ruleset Tests">
-<!ENTITY https-everywhere.ruleset-tests.status_cancel_button "Cancel">
-<!ENTITY https-everywhere.ruleset-tests.status_start_button "Start">
-
diff --git a/src/chrome/locale/ru/https-everywhere.properties b/src/chrome/locale/ru/https-everywhere.properties
deleted file mode 100644
index 36530f3a5747..000000000000
--- a/src/chrome/locale/ru/https-everywhere.properties
+++ /dev/null
@@ -1,8 +0,0 @@
-https-everywhere.menu.globalEnable = Включить HTTPS Everywhere
-https-everywhere.menu.globalDisable = Выключить HTTPS Everywhere
-https-everywhere.menu.enableDisable = Включить / Выключить правила
-https-everywhere.menu.noRules = Нет правил для этой страницы
-https-everywhere.menu.unknownRules = Правила для этой страницы неизвестны
-https-everywhere.toolbar.hint = HTTPS Everywhere активен. Вы можете отключить его для этого сайта кликнув по значку.
-https-everywhere.migration.notification0 = В целях реализации критических исправлений, это обновление сбрасывает настройки правил HTTPS Everywhere к значениям по умолчанию.
-https-everywhere.menu.ruleset-tests = Run HTTPS Everywhere Ruleset Tests
diff --git a/src/chrome/locale/ru/ssl-observatory.dtd b/src/chrome/locale/ru/ssl-observatory.dtd
deleted file mode 100644
index f0f06bd7074d..000000000000
--- a/src/chrome/locale/ru/ssl-observatory.dtd
+++ /dev/null
@@ -1,120 +0,0 @@
-<!-- Observatory popup window -->
-<!ENTITY ssl-observatory.popup.details "Подробная информация и сведения о конфиденциальности">
-<!ENTITY ssl-observatory.popup.later "Спросить позже">
-<!ENTITY ssl-observatory.popup.no "Нет">
-
-<!ENTITY ssl-observatory.popup.text "HTTPS Everywhere может распознавать атаки на Ваш браузер,
-путём отправки получаемых сертификатов в SSL Observatory.
-Включить данную опцию?">
-
-<!--<!ENTITY ssl-observatory.popup.text 
-"EFF's SSL Observatory can detect attacks against HTTPS websites by collecting
-and auditing the certificates being presented to your browser. Would you like
-to turn it on?">-->
-
-<!ENTITY ssl-observatory.popup.title 
-"Должен ли HTTPS Everywhere использовать SSL Observatory?">
-
-<!ENTITY ssl-observatory.popup.yes "Да">
-
-<!-- Observatory preferences dialog -->
-
-<!ENTITY ssl-observatory.prefs.adv_priv_opts1
-"Включение данной опции безопасно, кроме случая когда
-Вы используете очень навязчивую корпоративную сеть">
-
-<!ENTITY ssl-observatory.prefs.adv_priv_opts2
-"Безопасно, кроме случая когда Вы используете
-корпоративную сеть с секретными именами серверов">
-
-<!ENTITY ssl-observatory.prefs.alt_roots 
-"Отправить и проверить сертификаты, подписанные
-нестандартными корневыми центрами сертификации">
-
-<!ENTITY ssl-observatory.prefs.alt_roots_tooltip 
-"Это безопасно (а так же хорошая идея) включить данную опцию,
-кроме случая, когда Вы используете навязчивую корпоративную сеть
-или Антивирус Касперского, который следит за Вашей работой в сети
-с помощью TLS прокси и частного корневого Центра Сертификации.
-Если она будет включена в такой сети, то может обнародовать
-сведения о том какие домены https:// были посещены через этот
-прокси, вследствие уникальных сертификатов которые он будет
-издавать. Поэтому мы оставили её выключенной по умолчанию.">
-
-<!ENTITY ssl-observatory.prefs.anonymous "Проверить сертификаты используемые Tor для анонимности">
-<!ENTITY ssl-observatory.prefs.anonymous_unavailable 
-"Проверить сертификаты используемые Tor
-для анонимности (требует Tor)">
-<!ENTITY ssl-observatory.prefs.anonymous_tooltip 
-"Эта опция требует наличия установленного и включенного Tor.">
-
-<!ENTITY ssl-observatory.prefs.asn 
-"При получении нового сертификата, сообщить
-SSL Observatory к какому провайдеру Вы подключены">
-
-<!ENTITY ssl-observatory.prefs.asn_tooltip
-"Будет получать и отправлять &quot;Номер Автономной Системы&quot;
-Вашей сети. Это поможет нам локализовать атаки против HTTPS
-и определить наличие наблюдений для сетей в таких местах как
-Иран и Сирия, где атаки сравнительно часты.">
-
-<!ENTITY ssl-observatory.prefs.done "Готово">
-
-<!ENTITY ssl-observatory.prefs.explanation 
-"HTTPS Everywhere может использовать SSL Observatory. Это
-обеспечивает две вещи: (1) отправляет копии сертификатов в SSL
-Observatory, что бы помочь нам определить атаки 'человек
-посередине' и улучшить безопасность Веб; и (2) позволяет нам
-предупреждать Вас о небезопасных соединениях или атаках на
-Ваш браузер.">
-
-<!--<!ENTITY ssl-observatory.prefs.explanation2
-"When you visit https://www.example.com, the Observatory will learn that
-somebody visited that site, but will not know who or what page they looked at.
-Mouseover the options for further details:">-->
-
-<!ENTITY ssl-observatory.prefs.explanation2
-
-"Например, когда Вы заходите на https://www.something.com,
-сертификат полученный SSL Observatory будет означать что кто-то
-посетил www.something.com, но не кто именно его посетил, или
-какую конкретную страницу он просматривал. Наведите курсор на
-опции для более подробной информации:">
-
-<!ENTITY ssl-observatory.prefs.hide "Скрыть дополнительные опции">
-
-<!ENTITY ssl-observatory.prefs.nonanon 
-"Проверять сертификаты даже если Tor недоступен">
-
-<!ENTITY ssl-observatory.prefs.nonanon_tooltip
-"Мы по-прежнему стараемся сохранить Ваши
-данные анонимными, но эта опция менее безопасна.">
-
-<!ENTITY ssl-observatory.prefs.priv_dns 
-"Отправить и проверить сертификаты для непубличных DNS имён">
-
-<!ENTITY ssl-observatory.prefs.priv_dns_tooltip
-"Если данная опция выключена, SSL Observatory не будет
-регистрировать сертификаты для имён, которые он не может
-разрешить через DNS.">
-
-<!ENTITY ssl-observatory.prefs.show "Показать дополнительные опции">
-
-<!ENTITY ssl-observatory.prefs.title "Настройки SSL Observatory">
-
-<!ENTITY ssl-observatory.prefs.use "Использовать SSL Observatory?">
-<!ENTITY ssl-observatory.warning.title "ПРЕДУПРЕЖДЕНИЕ от SSL Observatory">
-<!ENTITY ssl-observatory.warning.showcert "Показать цепочку сертификатов">
-<!ENTITY ssl-observatory.warning.okay "Я понимаю">
-<!ENTITY ssl-observatory.warning.text "SSL Observatory выдал предупреждение
-для сертификат(-а/-ов) данного сайта:">
-<!ENTITY ssl-observatory.warning.defense "Если Вы вошли в учётную запись на данном сайте, может быть
-целесообразно сменить пароль после установки безопасного
-соединения.">
-
-<!ENTITY ssl-observatory.prefs.self_signed
-"Подтвердите и проверьте собственные сертификаты">
-<!ENTITY ssl-observatory.prefs.self_signed_tooltip
-"Рекомендуется. Криптографические проблемы особенно
-распространены в самоподписанных встраиваемых устройствах.">
-
diff --git a/src/chrome/locale/si/https-everywhere.dtd b/src/chrome/locale/si/https-everywhere.dtd
deleted file mode 100644
index 4221d5a2f08e..000000000000
--- a/src/chrome/locale/si/https-everywhere.dtd
+++ /dev/null
@@ -1,47 +0,0 @@
-<!ENTITY https-everywhere.about.title "HTTPS Everywhere පිලිබඳව">
-<!ENTITY https-everywhere.about.ext_name "HTTPS Everywhere">
-<!ENTITY https-everywhere.about.ext_description "බොහෝ වෙබ් අඩවි සඳහා HTTPS ආරක්ෂාව ස්වයංක්‍රීයව පාවිච්චි කරන්න.">
-<!ENTITY https-everywhere.about.version "සංස්කරණය">
-<!ENTITY https-everywhere.about.created_by "නිර්මිත">
-<!ENTITY https-everywhere.about.librarians "Ruleset Librarians">
-<!ENTITY https-everywhere.about.thanks "ස්තුතිය">
-<!ENTITY https-everywhere.about.contribute  "HTTPS Everywhere පිලිබඳව ඔබ කැමතිනම් මේවා සලකා බැලිය යුතුය">
-<!ENTITY https-everywhere.about.donate_tor "Tor වලට ආධාර කිරීම">
-<!ENTITY https-everywhere.about.tor_lang_code "ඉංග්‍රීසි">
-<!ENTITY https-everywhere.about.donate_eff " EFF වලට ආධාර කරන්න">
-
-<!ENTITY https-everywhere.menu.about "HTTPS Everywhere පිලිබඳව">
-<!ENTITY https-everywhere.menu.observatory "SSL නිරික්ෂණාගාර මනාප ">
-<!ENTITY https-everywhere.menu.globalEnable "HTTPS Everywhere ක්‍රියාකරවන්න">
-<!ENTITY https-everywhere.menu.globalDisable "HTTPS Everywhere ක්‍රියාවිරහිත කරවන්න">
-
-<!ENTITY https-everywhere.prefs.title "HTTPS Everywhere මනාප ">
-<!ENTITY https-everywhere.prefs.enable_all "සියල්ල සබල කරන්න ">
-<!ENTITY https-everywhere.prefs.disable_all "සියල්ල අබල කරන්න ">
-<!ENTITY https-everywhere.prefs.reset_defaults "යථා තත්වයට පත් කරන්න">
-<!ENTITY https-everywhere.prefs.search "සොයන්න">
-<!ENTITY https-everywhere.prefs.site "අඩවිය">
-<!ENTITY https-everywhere.prefs.notes "සටහන්">
-<!ENTITY https-everywhere.prefs.list_caption "කුමන HTTPS හැරවුම් කොන්දේසිය තෝරගන්නද ?    ">
-<!ENTITY https-everywhere.prefs.enabled "සබල කරන ලදී ">
-<!ENTITY https-everywhere.prefs.ruleset_howto "ඔබගේ rulesets ලියන ආකාරය පිළිබද ඔබට ඉගෙනගත හැක(අනෙකුත් වෙබ් අඩවි සදහා සහය එකතු කිරීමට) ">
-<!ENTITY https-everywhere.prefs.here_link "මෙහි ">
-<!ENTITY https-everywhere.prefs.toggle "ටොගලය ">
-<!ENTITY https-everywhere.prefs.reset_default "යථා තත්වයට පත් කරන්න">
-<!ENTITY https-everywhere.prefs.view_xml_source "XML කේත පෙන්වන්න ">
-
-<!ENTITY https-everywhere.source.downloading "භාගත වෙමින්">
-<!ENTITY https-everywhere.source.filename "ගොනු නම">
-<!ENTITY https-everywhere.source.unable_to_download "භාගත කිරීම සිදුකල නොහැක.">
-
-<!ENTITY https-everywhere.popup.title "HTTPS Everywhere 4.0development.11 notification">
-<!ENTITY https-everywhere.popup.paragraph1 "Oops. You were using the stable version of HTTPS Everywhere, but we might have accidentally upgraded you to the development version in our last release.">
-<!ENTITY https-everywhere.popup.paragraph2 "Would you like to go back to stable?">
-<!ENTITY https-everywhere.popup.paragraph3 "We'd love it if you continued using our development release and helped us make HTTPS Everywhere better! You might find there are a few more bugs here and there, which you can report to https-everywhere@eff.org. Sorry about the inconvenience, and thank you for using HTTPS Everywhere.">
-<!ENTITY https-everywhere.popup.keep "Keep me on the development version">
-<!ENTITY https-everywhere.popup.revert "Download the latest stable version">
-
-<!ENTITY https-everywhere.ruleset-tests.status_title "HTTPS Everywhere Ruleset Tests">
-<!ENTITY https-everywhere.ruleset-tests.status_cancel_button "Cancel">
-<!ENTITY https-everywhere.ruleset-tests.status_start_button "Start">
-
diff --git a/src/chrome/locale/si/https-everywhere.properties b/src/chrome/locale/si/https-everywhere.properties
deleted file mode 100644
index 7cdeccb7404b..000000000000
--- a/src/chrome/locale/si/https-everywhere.properties
+++ /dev/null
@@ -1,8 +0,0 @@
-https-everywhere.menu.globalEnable = HTTPS Everywhere  සබල කරවන්න
-https-everywhere.menu.globalDisable = HTTPS Everywhere අබල කරවන්න
-https-everywhere.menu.enableDisable = සබල/ දුබල කරවීමේ නීති
-https-everywhere.menu.noRules = (මෙම පිටුව සදහා නීති කිසිවක් නැත)
-https-everywhere.menu.unknownRules = (මෙම පිටුව සම්බන්ද නීති පිළිබද සදහනක් නැත)
-https-everywhere.toolbar.hint = HTTPS Everywhere දැන් ක්‍රියාත්මකයි. ඔබට එය දැන් යොමු තීරුවේ ඇති නිරූපකය ඔබමින් අඩවියෙන් අඩවියට ටොගල් කල හැක. 
-https-everywhere.migration.notification0 = In order to implement a crucial fix, this update resets your HTTPS Everywhere rule preferences to their default values.
-https-everywhere.menu.ruleset-tests = Run HTTPS Everywhere Ruleset Tests
diff --git a/src/chrome/locale/si/ssl-observatory.dtd b/src/chrome/locale/si/ssl-observatory.dtd
deleted file mode 100644
index 006446633abd..000000000000
--- a/src/chrome/locale/si/ssl-observatory.dtd
+++ /dev/null
@@ -1,100 +0,0 @@
-<!-- Observatory popup window -->
-<!ENTITY ssl-observatory.popup.details "විස්තර හා පෞද්ගලික තොරතුරු ">
-<!ENTITY ssl-observatory.popup.later "පසුව මගෙන් අසන්න.">
-<!ENTITY ssl-observatory.popup.no "නැත">
-
-<!ENTITY ssl-observatory.popup.text "HTTPS Everywhere ඔබේ බ්‍රව්සරයට එරෙහිව ඇතිවන ආක්‍රමණ
-හදුනාගන්නා අතර, ඔබට ලැබෙන සහතික නිරික්ෂණාගාරයට යවයි.
-මෙම ක්‍රියාවලිය සිදුකරනවාට ඔබ කැමතිද?">
-
-<!--<!ENTITY ssl-observatory.popup.text 
-"EFF's SSL Observatory can detect attacks against HTTPS websites by collecting
-and auditing the certificates being presented to your browser. Would you like
-to turn it on?">-->
-
-<!ENTITY ssl-observatory.popup.title 
-"HTTPS Everywhere SSL නිරික්ෂණාගාරය භාවිතා කල යුතුද?">
-
-<!ENTITY ssl-observatory.popup.yes "ඔව්">
-
-<!-- Observatory preferences dialog -->
-
-<!ENTITY ssl-observatory.prefs.adv_priv_opts1
-"ආගන්තුක සංයුක්ත ජාලයක් භාවිතා කරන විට හැරෙන්න 
-මෙය සබල කිරීම සුරක්ෂිත වේ:">
-
-<!ENTITY ssl-observatory.prefs.adv_priv_opts2
-"ඔබ රහසිගත අන්තඃජාල සේවාදායක නමක් සමග සංයුක්ත ජාලයක් භාවිතා නොකරන්නේ නම් ඔබ සුරක්ෂිතය.">
-
-<!ENTITY ssl-observatory.prefs.alt_roots 
-"යොමුකරීමෙන් පසු අසම්මත මුල සහතික බලධාරීන් අත්සන් කල සහතික පරික්ෂා කරන්න.">
-
-<!ENTITY ssl-observatory.prefs.alt_roots_tooltip 
-"ආගන්තුක සංයුක්ත ජාලයක් හෝ TLS proxy හා පෞද්ගලික සහතික බලධාරියා විසින් ඔබේ පිරික්සුම් නිරීක්ෂණය කරන ලබන Kaspersky ප්‍රතිවයිරස මෘදුකාංගයක් හෝ භාවිතා කරන විට මෙම විකල්පය සබල කිරීම සුරක්ෂිත නොවේ (එමෙන්ම මෙය අනුවණ අදහසකි). මෙවැනි ජාලයක මෙම විකල්පය සබල කර තැබුවහොත් එම proxy යොදා ගිය https:// වසම් පිළිබද සාක්ෂි හෙළිවිය හැක. ඒ නිසා මෙම විකල්පය සාමාන්‍යයෙන් අබල කර ඇත.">
-
-<!ENTITY ssl-observatory.prefs.anonymous "නිර්නාමිකතාව සදහා Tor යොදාගන්නා සහතික බලන්න.">
-<!ENTITY ssl-observatory.prefs.anonymous_unavailable 
-"නිර්නාමිකතාව උදෙසා Tor භාවිතා කරන (Tor අවශ්‍ය වන) සහතික පරික්ෂා කරන්න">
-<!ENTITY ssl-observatory.prefs.anonymous_tooltip 
-"මෙම විකල්පය සදහා Tor ස්ථාපනය කර ක්‍රියාත්මක කල යුතුයි.">
-
-<!ENTITY ssl-observatory.prefs.asn 
-"ඔබ නව සහතිකයක් දකිනවිට නිරික්ෂනාගාරයට ඔබ සම්බන්ධ වී ඇති ISPය පවසන්න.">
-
-<!ENTITY ssl-observatory.prefs.asn_tooltip
-"මෙමගින් ඔබේ ජාලයේ &quot;ස්වතන්ත්‍ර පද්ධති අංකය&quot; අමුණා යවයි. මෙමගින් අපට HTTPS වලට විරුද්ධව හටගන්නා ආක්‍රමණ හදුනාගැනීමටත්, අපගේ ජාලය කවුරුන් හෝ නිරීක්ෂණය කරන්නේ දැයි දැනගැනීමටත් උපකාරී වේ. සිරියාව හා ඉරානය වැනි රටවල්වල මෙවැනි ආක්‍රමණ ඉතා සුලබ වේ.">
-
-<!ENTITY ssl-observatory.prefs.done "කාර්යය ඉටු කරන ලදී">
-
-<!ENTITY ssl-observatory.prefs.explanation 
-"HTTPS Everywhere මගින් EFF's SSL නිරික්ෂණාගාරය භාවිතා කල හැක. මෙමගින් කර්තව්‍යයන් 2 ක් සිදුවේ: (1)
-HTTPS සහතිකවල අනුපිටපත් නිරික්ෂණාගාරයට යැවීමෙන්,
-'man in the middle' ආක්‍රමණය හදුනාගැනීමට හා ජාල ආරක්ෂාව සදහා උපකාරී වේ; තවද (2)
-මෙමගින් ඔබට අනාරක්ෂිත සබැදියා හා ඔබේ බ්‍රව්සරයට එල්ලවන ආක්‍රමණය පිළිබද අනතුරු අගවයි.">
-
-<!--<!ENTITY ssl-observatory.prefs.explanation2
-"When you visit https://www.example.com, the Observatory will learn that
-somebody visited that site, but will not know who or what page they looked at.
-Mouseover the options for further details:">-->
-
-<!ENTITY ssl-observatory.prefs.explanation2
-
-"උදාහරණයක් ලෙස ඔබ https://www.something.com නම් වෙබ් අඩවියට ඇතුළු වූ විට, 
-නිරික්ෂණාගාරයට ලැබෙන සහතිකයෙන් යම් පුද්ගලයෙක් www.something.com වෙබ් අඩවියට ප්‍රවේශ වූ බව සදහන් කෙරුනද,
- මෙම වෙබ් අඩවියට ප්‍රවේශ කල පුද්ගලයා හෝ එම පුද්ගලයා නරඹන ලද වෙබ් පිටුවන් පිළිබද තොරතුරු ලැබෙන්නේ නැත. 
-වැඩිපුර විස්තර දැනගැනීමට මෙම විකල්ප මත මුසකය තබන්න:">
-
-<!ENTITY ssl-observatory.prefs.hide "ප්‍රගමන විකල්ප සගවන්න.">
-
-<!ENTITY ssl-observatory.prefs.nonanon 
-"Tor උපයෝජ්‍ය නොවන අවස්ථා වලදී ද සහතික පරික්ෂා කරන්න.">
-
-<!ENTITY ssl-observatory.prefs.nonanon_tooltip
-"මෙම විකල්පය එතරම් සුරක්ෂිත නොවන නමුදු, ඔබේ දත්ත නිර්නාමිකව තබාගැනීමට අප උත්සහ කරමු">
-
-<!ENTITY ssl-observatory.prefs.priv_dns 
-"යොමුකිරීමෙන් පසු පොදු -නොවන DNS නම් සදහා සහතික පරික්ෂා කරන්න ">
-
-<!ENTITY ssl-observatory.prefs.priv_dns_tooltip
-"මෙම විකල්පය තෝරාගෙන නොමැති නම්, නිරික්ෂණාගාරය මගින් DNS නාම නිශ්චය කරගැනීමට නොහැකි සහතික සටහන් කරගන්නේ නැත. ">
-
-<!ENTITY ssl-observatory.prefs.show "ප්‍රගමන විකල්පයන් පෙන්වන්න ">
-
-<!ENTITY ssl-observatory.prefs.title "SSL නිරික්ෂණාගාර මනාප ">
-
-<!ENTITY ssl-observatory.prefs.use "නිරික්ෂණාගාරය භාවිතා කරයි ද?">
-<!ENTITY ssl-observatory.warning.title "EFF හී SSL නිරික්ෂණාගාරය අවවාදයක් නිකුත් කරයි ">
-<!ENTITY ssl-observatory.warning.showcert "සහතික දාමය පෙන්වන්න ">
-<!ENTITY ssl-observatory.warning.okay "මම වටහාගතිමි">
-<!ENTITY ssl-observatory.warning.text "EFF හී SSL නිරික්ෂණාගාරය මෙම වෙබ් අඩවියෙහි HTTPS සහතික(ය) පිළිබද අවවාදයක් නිකුත් කර ඇත:">
-<!ENTITY ssl-observatory.warning.defense "ඔබ මෙම වෙබ් අඩවියට පුරන වී ඇති නම්, ඔබට සුරක්ෂිත සම්බන්ධතාවක් ඇතිවිට ඔබේ මුරපදය වෙනස් කිරීම වඩා උචිත වේ.">
-
-<!ENTITY ssl-observatory.prefs.self_signed
-"යොමු කිරීමෙන් පසු ස්වයං-අත්සන් යොදන ලද සහතික පරික්ෂා කරන්න.">
-<!ENTITY ssl-observatory.prefs.self_signed_tooltip
-"මෙය නිර්දේශිතයි; සංකේතන ගැටලු ස්‌වයං-අත්සන් කරන ලද උපක්‍රමවල බහුලය.">
-
-<!ENTITY https-everywhere.ruleset-tests.status_title "HTTPS Everywhere Ruleset Tests">
-<!ENTITY https-everywhere.ruleset-tests.status_cancel_button "Cancel">
-<!ENTITY https-everywhere.ruleset-tests.status_start_button "Start">
-
diff --git a/src/chrome/locale/sk/https-everywhere.dtd b/src/chrome/locale/sk/https-everywhere.dtd
deleted file mode 100644
index 0fd311f3a45c..000000000000
--- a/src/chrome/locale/sk/https-everywhere.dtd
+++ /dev/null
@@ -1,47 +0,0 @@
-<!ENTITY https-everywhere.about.title "O HTTPS Everywhere">
-<!ENTITY https-everywhere.about.ext_name "HTTPS Everywhere">
-<!ENTITY https-everywhere.about.ext_description "Zašifruj Web! Automatické použitie HTTPS zabezpečenia na mnohých stránkach.">
-<!ENTITY https-everywhere.about.version "Verzia">
-<!ENTITY https-everywhere.about.created_by "Autori">
-<!ENTITY https-everywhere.about.librarians "Ruleset Librarians">
-<!ENTITY https-everywhere.about.thanks "Poďakovanie">
-<!ENTITY https-everywhere.about.contribute  "Ak sa Vám páči HTTPS Everywhere, môžno by ste mohli">
-<!ENTITY https-everywhere.about.donate_tor "Prispieť na Tor">
-<!ENTITY https-everywhere.about.tor_lang_code "sk">
-<!ENTITY https-everywhere.about.donate_eff "Prispieť na EFF">
-
-<!ENTITY https-everywhere.menu.about "O HTTPS Everywhere">
-<!ENTITY https-everywhere.menu.observatory "Nastavenia SSL Observatory">
-<!ENTITY https-everywhere.menu.globalEnable "Povoliť HTTPS Everywhere">
-<!ENTITY https-everywhere.menu.globalDisable "Zakázať HTTPS Everywhere">
-
-<!ENTITY https-everywhere.prefs.title "Nastavenia HTTPS Everywhere">
-<!ENTITY https-everywhere.prefs.enable_all "Povoliť všetko">
-<!ENTITY https-everywhere.prefs.disable_all "Zakázať všetko">
-<!ENTITY https-everywhere.prefs.reset_defaults "Obnoviť predvolené">
-<!ENTITY https-everywhere.prefs.search "Hľadať">
-<!ENTITY https-everywhere.prefs.site "Stránka">
-<!ENTITY https-everywhere.prefs.notes "Poznámky">
-<!ENTITY https-everywhere.prefs.list_caption "Ktoré pravidlá pre HTTPS presmerovanie mám použiť?">
-<!ENTITY https-everywhere.prefs.enabled "Povolené">
-<!ENTITY https-everywhere.prefs.ruleset_howto "Môžete sa naučiť ako napísať svoje vlastné pravidlá (pridať podporu pre ďalšie webové stránky)">
-<!ENTITY https-everywhere.prefs.here_link "tu">
-<!ENTITY https-everywhere.prefs.toggle "Prepnúť">
-<!ENTITY https-everywhere.prefs.reset_default "Obnoviť predvolené">
-<!ENTITY https-everywhere.prefs.view_xml_source "Zobraziť zdroj XML">
-
-<!ENTITY https-everywhere.source.downloading "Sťahovanie">
-<!ENTITY https-everywhere.source.filename "Názov súboru">
-<!ENTITY https-everywhere.source.unable_to_download "Nie je možné stiahnuť zdroj.">
-
-<!ENTITY https-everywhere.popup.title "HTTPS Everywhere 4.0development.11 notification">
-<!ENTITY https-everywhere.popup.paragraph1 "Oops. You were using the stable version of HTTPS Everywhere, but we might have accidentally upgraded you to the development version in our last release.">
-<!ENTITY https-everywhere.popup.paragraph2 "Would you like to go back to stable?">
-<!ENTITY https-everywhere.popup.paragraph3 "We'd love it if you continued using our development release and helped us make HTTPS Everywhere better! You might find there are a few more bugs here and there, which you can report to https-everywhere@eff.org. Sorry about the inconvenience, and thank you for using HTTPS Everywhere.">
-<!ENTITY https-everywhere.popup.keep "Keep me on the development version">
-<!ENTITY https-everywhere.popup.revert "Download the latest stable version">
-
-<!ENTITY https-everywhere.ruleset-tests.status_title "HTTPS Everywhere Ruleset Tests">
-<!ENTITY https-everywhere.ruleset-tests.status_cancel_button "Cancel">
-<!ENTITY https-everywhere.ruleset-tests.status_start_button "Start">
-
diff --git a/src/chrome/locale/sk/https-everywhere.properties b/src/chrome/locale/sk/https-everywhere.properties
deleted file mode 100644
index 9ceec894d03d..000000000000
--- a/src/chrome/locale/sk/https-everywhere.properties
+++ /dev/null
@@ -1,8 +0,0 @@
-https-everywhere.menu.globalEnable = Povoliť HTTPS Everywhere
-https-everywhere.menu.globalDisable = Zakázať HTTPS Everywhere
-https-everywhere.menu.enableDisable = Povoliť / Zakázať Pravidlá
-https-everywhere.menu.noRules = (Pre Túto Stránku Neexistujú Žiadne Pravidlá)
-https-everywhere.menu.unknownRules = (Pravidlá Pre Túto Stránku Sú Neznáme)
-https-everywhere.toolbar.hint = HTTPS Everywhere is now active. You can toggle it on a site-by-site basis by clicking the icon in the address bar.
-https-everywhere.migration.notification0 = In order to implement a crucial fix, this update resets your HTTPS Everywhere rule preferences to their default values.
-https-everywhere.menu.ruleset-tests = Run HTTPS Everywhere Ruleset Tests
diff --git a/src/chrome/locale/sk/ssl-observatory.dtd b/src/chrome/locale/sk/ssl-observatory.dtd
deleted file mode 100644
index 7fd9f572a398..000000000000
--- a/src/chrome/locale/sk/ssl-observatory.dtd
+++ /dev/null
@@ -1,100 +0,0 @@
-<!-- Observatory popup window -->
-<!ENTITY ssl-observatory.popup.details "Podrobnosti a Informácie o súkromí">
-<!ENTITY ssl-observatory.popup.later "Opýtajte sa ma neskôr">
-<!ENTITY ssl-observatory.popup.no "Nie">
-
-<!ENTITY ssl-observatory.popup.text "HTTPS Everywhere dokáže detekovať útoky
-na Váš prehliadač tak, že pošle certifikát, ktorý ste dostali do
-Observatory.  Zapnúť túto funkciu?">
-
-<!--<!ENTITY ssl-observatory.popup.text 
-"EFF's SSL Observatory can detect attacks against HTTPS websites by collecting
-and auditing the certificates being presented to your browser. Would you like
-to turn it on?">-->
-
-<!ENTITY ssl-observatory.popup.title 
-"Má HTTPS Everywhere použiť SSL Observatory?">
-
-<!ENTITY ssl-observatory.popup.yes "Áno">
-
-<!-- Observatory preferences dialog -->
-
-<!ENTITY ssl-observatory.prefs.adv_priv_opts1
-"Použitie tejto funkcie je bezpečné, pokiaľ nepoužívate
-firemnú sieť:">
-
-<!ENTITY ssl-observatory.prefs.adv_priv_opts2
-"Bezpečné, pokiaľ nepoužívate firemnú sieť s menami utajených intranetových serverov:">
-
-<!ENTITY ssl-observatory.prefs.alt_roots 
-"Pošli a skontroluj certifikáty podpísané neštandardnou koreňovou certifikačnou autoritou">
-
-<!ENTITY ssl-observatory.prefs.alt_roots_tooltip 
-"Povoliť túto možnosť je bezpečné (a aj dobrý nápad) pokiaľ nepoužívate firemnú sieť alebo antivírový softvér Kaspersky, ktorý monitoruje Vaše prehliadanie s TLS proxy a súkromné koreňové certifikačné autority.  Ak povolíte túto možnosť na takejto sieti, tak pomocou unikátnych certifikátov sa môžu uverejniť dôkazy o tom aké https:// domény ste navštívili cez túto proxy.  Tak sme ju nechali v predvolenom nastavení vypnutú.">
-
-<!ENTITY ssl-observatory.prefs.anonymous "Skontrolovať certifikát pomocou Tor kvôli anonymite">
-<!ENTITY ssl-observatory.prefs.anonymous_unavailable 
-"Skontrolovať certifikát pomocou Tor kvôli anonymite (vyžaduje Torbutton)">
-<!ENTITY ssl-observatory.prefs.anonymous_tooltip 
-"Aby ste mohli použiť toto nastavenie, musíte mať nainštalovaný Tor a Torbutton">
-
-<!ENTITY ssl-observatory.prefs.asn 
-"Ak zistíš nový certifikát, povedz Observatory, ku ktorému poskytovateľovi internetového pripojenia si pripojený">
-
-<!ENTITY ssl-observatory.prefs.asn_tooltip
-"Toto stiahne a pošle &quot;Autonomous System Number&quot; Vašej siete.  Pomôže nám to lokalizovať útok proti HTTPS a určiť či máme pozorovania zo sietí z miest ako je Iran a Syria, kde sú útoky pomerne časté.">
-
-<!ENTITY ssl-observatory.prefs.done "Hotovo">
-
-<!ENTITY ssl-observatory.prefs.explanation 
-"HTTPS Everywhere môže používať SSL Observatory od EFF.  Toto spraví dve veci: (1)
-pošle kópie HTTPS certifikátov do Observatory, aby nám pomohli detekovať
-'man in the middle' útoky a zdokonaľovať bezpečnosť na Webe; a (2)
-umožní nám varovať Vás o nebezpečných pripojeniach alebo útokoch na Váš prehliadač.">
-
-<!--<!ENTITY ssl-observatory.prefs.explanation2
-"When you visit https://www.example.com, the Observatory will learn that
-somebody visited that site, but will not know who or what page they looked at.
-Mouseover the options for further details:">-->
-
-<!ENTITY ssl-observatory.prefs.explanation2
-
-"Napríklad, ak navštívite https://www.niečo.com, certifikát prijatý pomocou
-Observatory indikuje, že niekto navštívil www.niečo.com, ale nie kto ju navštívil
-alebo čo konkrétne pozeral.  Prejdite kurzorom nad jednotlivé možnosti
-pre ďalšie podrobnosti.">
-
-<!ENTITY ssl-observatory.prefs.hide "Skryť pokročilé možnosti">
-
-<!ENTITY ssl-observatory.prefs.nonanon 
-"Skontrolujte certifikát, aj keď Tor nebude k dispozícií">
-
-<!ENTITY ssl-observatory.prefs.nonanon_tooltip
-"Pokúsime sa aj naďalej udržať dáta anonymné, lenže táto možnosť je menej bezpečná">
-
-<!ENTITY ssl-observatory.prefs.priv_dns 
-"Pošli a skontroluj certifikáty pre neverejné názvy DNS">
-
-<!ENTITY ssl-observatory.prefs.priv_dns_tooltip
-"Ak je táto voľba aktívna, tak Observatory nebude zaznamenávať certifikáty pre názvy, ktoré nedokáže rozoznať pomocou systému DNS.">
-
-<!ENTITY ssl-observatory.prefs.show "Ukázať pokročilé možnosti">
-
-<!ENTITY ssl-observatory.prefs.title "Nastavenia SSL Observatory">
-
-<!ENTITY ssl-observatory.prefs.use "Použiť Observatory?">
-<!ENTITY ssl-observatory.warning.title "VAROVANIE od EFF SSL Observatory">
-<!ENTITY ssl-observatory.warning.showcert "Zobraziť reťaz certifikátov">
-<!ENTITY ssl-observatory.warning.okay "Porozumel som">
-<!ENTITY ssl-observatory.warning.text "EFF's SSL Observatory vydalo varovanie o HTTPS certifikáte(certifikátoch) pre túto stránku:">
-<!ENTITY ssl-observatory.warning.defense "Ak ste prihlásený na tejto stránke, tak sa odporúča, aby ste si zmenili heslo hneď ako budete mať bezpečné pripojenie">
-
-<!ENTITY ssl-observatory.prefs.self_signed
-"Posielať a preverovať certifikáty podpísané samé sebou">
-<!ENTITY ssl-observatory.prefs.self_signed_tooltip
-"Toto sa odporúča; kryptografické problémy sú veľmi časté u vstavaných zariadení, ktoré sú podpísané samé sebou">
-
-<!ENTITY https-everywhere.ruleset-tests.status_title "HTTPS Everywhere Ruleset Tests">
-<!ENTITY https-everywhere.ruleset-tests.status_cancel_button "Cancel">
-<!ENTITY https-everywhere.ruleset-tests.status_start_button "Start">
-
diff --git a/src/chrome/locale/sl/https-everywhere.dtd b/src/chrome/locale/sl/https-everywhere.dtd
deleted file mode 100644
index ce039f9a92cc..000000000000
--- a/src/chrome/locale/sl/https-everywhere.dtd
+++ /dev/null
@@ -1,47 +0,0 @@
-<!ENTITY https-everywhere.about.title "O HTTPS Everywhere">
-<!ENTITY https-everywhere.about.ext_name "HTTPS Everywhere">
-<!ENTITY https-everywhere.about.ext_description "Zakodirajte internet! Samodejno uporabite HTTPS zaščito na mnogih spletnih straneh.">
-<!ENTITY https-everywhere.about.version "Različica">
-<!ENTITY https-everywhere.about.created_by "Izdelal">
-<!ENTITY https-everywhere.about.librarians "Izdelovalci pravil">
-<!ENTITY https-everywhere.about.thanks "Zahvala">
-<!ENTITY https-everywhere.about.contribute  "Če vam je HTTPS Everywhere všeč, razmislite o">
-<!ENTITY https-everywhere.about.donate_tor "donaciji za Tor">
-<!ENTITY https-everywhere.about.tor_lang_code "en">
-<!ENTITY https-everywhere.about.donate_eff "donaciji za EFF">
-
-<!ENTITY https-everywhere.menu.about "O HTTPS Everywhere">
-<!ENTITY https-everywhere.menu.observatory "Nastavitve SSL Observatorija">
-<!ENTITY https-everywhere.menu.globalEnable "Omogoči HTTPS Everywhere">
-<!ENTITY https-everywhere.menu.globalDisable "Onemogoči HTTPS Everywhere">
-
-<!ENTITY https-everywhere.prefs.title "Nastavitve HTTPS Everywhere">
-<!ENTITY https-everywhere.prefs.enable_all "Omogoči vse">
-<!ENTITY https-everywhere.prefs.disable_all "Onemogoči vse">
-<!ENTITY https-everywhere.prefs.reset_defaults "Ponastavi na privzeto">
-<!ENTITY https-everywhere.prefs.search "Išči">
-<!ENTITY https-everywhere.prefs.site "Stran">
-<!ENTITY https-everywhere.prefs.notes "Opombe">
-<!ENTITY https-everywhere.prefs.list_caption "Katera pravila za preusmeritev HTTPS naj bodo upoštevana?">
-<!ENTITY https-everywhere.prefs.enabled "Omogočeno">
-<!ENTITY https-everywhere.prefs.ruleset_howto "Lahko se naučite pisati svoja pravila (da dodate podporo za druge spletne strani)">
-<!ENTITY https-everywhere.prefs.here_link "tukaj">
-<!ENTITY https-everywhere.prefs.toggle "Preklopi">
-<!ENTITY https-everywhere.prefs.reset_default "Ponastavi na privzeto">
-<!ENTITY https-everywhere.prefs.view_xml_source "Ogled XML kode">
-
-<!ENTITY https-everywhere.source.downloading "Prenos">
-<!ENTITY https-everywhere.source.filename "Ime datoteke">
-<!ENTITY https-everywhere.source.unable_to_download "Ne morem prenesti izvora.">
-
-<!ENTITY https-everywhere.popup.title "HTTPS Everywhere 4.0development.11 notification">
-<!ENTITY https-everywhere.popup.paragraph1 "Oops. You were using the stable version of HTTPS Everywhere, but we might have accidentally upgraded you to the development version in our last release.">
-<!ENTITY https-everywhere.popup.paragraph2 "Would you like to go back to stable?">
-<!ENTITY https-everywhere.popup.paragraph3 "We'd love it if you continued using our development release and helped us make HTTPS Everywhere better! You might find there are a few more bugs here and there, which you can report to https-everywhere@eff.org. Sorry about the inconvenience, and thank you for using HTTPS Everywhere.">
-<!ENTITY https-everywhere.popup.keep "Keep me on the development version">
-<!ENTITY https-everywhere.popup.revert "Download the latest stable version">
-
-<!ENTITY https-everywhere.ruleset-tests.status_title "HTTPS Everywhere Ruleset Tests">
-<!ENTITY https-everywhere.ruleset-tests.status_cancel_button "Cancel">
-<!ENTITY https-everywhere.ruleset-tests.status_start_button "Start">
-
diff --git a/src/chrome/locale/sl/https-everywhere.properties b/src/chrome/locale/sl/https-everywhere.properties
deleted file mode 100644
index f70d2ee8ad65..000000000000
--- a/src/chrome/locale/sl/https-everywhere.properties
+++ /dev/null
@@ -1,8 +0,0 @@
-https-everywhere.menu.globalEnable = Omogoči HTTPS Everywhere
-https-everywhere.menu.globalDisable = Onemogoči HTTPS Everywhere
-https-everywhere.menu.enableDisable = Omogoči / Onemogoči pravila
-https-everywhere.menu.noRules = (Za to stran ni pravil)
-https-everywhere.menu.unknownRules = (Pravila za to stran neznana)
-https-everywhere.toolbar.hint = HTTPS Everywhere je sedaj aktiven. Za posamezne spletne strani ga lahko preklapljate s klikom na ikono v naslovni vrstici.
-https-everywhere.migration.notification0 = In order to implement a crucial fix, this update resets your HTTPS Everywhere rule preferences to their default values.
-https-everywhere.menu.ruleset-tests = Run HTTPS Everywhere Ruleset Tests
diff --git a/src/chrome/locale/sl/ssl-observatory.dtd b/src/chrome/locale/sl/ssl-observatory.dtd
deleted file mode 100644
index 26917a3217fe..000000000000
--- a/src/chrome/locale/sl/ssl-observatory.dtd
+++ /dev/null
@@ -1,97 +0,0 @@
-<!-- Observatory popup window -->
-<!ENTITY ssl-observatory.popup.details "Podrobnosti in informacije o zasebnosti">
-<!ENTITY ssl-observatory.popup.later "Vprašaj me kasneje">
-<!ENTITY ssl-observatory.popup.no "Ne">
-
-<!ENTITY ssl-observatory.popup.text "HTTPS Everywhere lahko zazna napade
-na vaš brskalnik tako, da pošlje certifikate ki jih prejmete v
-Observatorij. Želite to vključiti?">
-
-<!--<!ENTITY ssl-observatory.popup.text 
-"EFF's SSL Observatory can detect attacks against HTTPS websites by collecting
-and auditing the certificates being presented to your browser. Would you like
-to turn it on?">-->
-
-<!ENTITY ssl-observatory.popup.title 
-"Ali naj HTTPS Everywhere uporablja SSL Observatorij?">
-
-<!ENTITY ssl-observatory.popup.yes "Da">
-
-<!-- Observatory preferences dialog -->
-
-<!ENTITY ssl-observatory.prefs.adv_priv_opts1
-"Omogočanje tega je varno, razen če uporabljate zelo
-vsiljivo poslovno omrežje:">
-
-<!ENTITY ssl-observatory.prefs.adv_priv_opts2
-"Varno, razen če uporabljate poslovno omrežje s tajnimi imeni lokalnih strežnikov:">
-
-<!ENTITY ssl-observatory.prefs.alt_roots 
-"Predloži in preveri certifikate nestandardnih overoviteljev">
-
-<!ENTITY ssl-observatory.prefs.alt_roots_tooltip 
-"Omogočanje tega je varno (in priporočljivo), razen če uporabljate vsiljivo poslovno omrežje ali protivirusni program Kaspersky, ki spremlja vaše brskanje s TLS proksijem in privatnim overoviteljem certifikatov.  Če je omogočeno v takem omrežju lahko ta možnost objavi dokazila o tem, katere https:// domene so bile obiskane preko tega proksija, ker bi ustvarila edinstvene certifikate. Zato je to privzeto izključeno.">
-
-<!ENTITY ssl-observatory.prefs.anonymous "Anonimno preveri certifikate preko omrežja Tor">
-<!ENTITY ssl-observatory.prefs.anonymous_unavailable 
-"Anonimno preveri certifikate preko omrežja Tor (potrebuje Tor)">
-<!ENTITY ssl-observatory.prefs.anonymous_tooltip 
-"Za to možnost mora biti Tor nameščen in zagnan">
-
-<!ENTITY ssl-observatory.prefs.asn 
-"Ko zasledite nov certifikat povejte Observatoriju h kateremu internetnemu ponudniku ste priključeni">
-
-<!ENTITY ssl-observatory.prefs.asn_tooltip
-"To bo pridobilo in poslalo &quot;Avtonomno številko sistema&quot; (ASN) vašega omrežja. To nam bo pomagalo locirati napade na HTTPS in določiti, ali so opažanja iz omrežij na področjih kot so Iran in Sirija, kjer so napadi razmeroma pogosti.">
-
-<!ENTITY ssl-observatory.prefs.done "Končano">
-
-<!ENTITY ssl-observatory.prefs.explanation 
-"HTTPS Everywhere lahko uporablja EFF SSL Observatorij.  S tem naredi dvoje: (1)
-pošlje kopije HTTPS certifikatov observatoriju, da nam pomaga odkriti napade 'man in the middle' in izboljšati varnost medmrežja; (2)
-nam omogoči, da vas opozorimo na nevarne povezave ali napade na vaš brskalnik.">
-
-<!--<!ENTITY ssl-observatory.prefs.explanation2
-"When you visit https://www.example.com, the Observatory will learn that
-somebody visited that site, but will not know who or what page they looked at.
-Mouseover the options for further details:">-->
-
-<!ENTITY ssl-observatory.prefs.explanation2
-
-"Ko na primer obiščete https://www.nekadomena.com bo certifikat, ki ga sprejme observatorij, nakazal, da je nekdo obiskal www.nekadomena.com, ne pa kdo je to bil ali katero stran si je ogledal.
-Pridržite miško nad možnosti za več podrobnosti:">
-
-<!ENTITY ssl-observatory.prefs.hide "Skrij napredne možnosti">
-
-<!ENTITY ssl-observatory.prefs.nonanon 
-"Preveri certifikate tudi če ni Tor omrežja">
-
-<!ENTITY ssl-observatory.prefs.nonanon_tooltip
-"Poskušali bomo ohraniti anonimnost podatkov, vendar je ta možnost manj varna">
-
-<!ENTITY ssl-observatory.prefs.priv_dns 
-"Predloži in preveri certifikate za ne-javna imena DNS">
-
-<!ENTITY ssl-observatory.prefs.priv_dns_tooltip
-"Če je ta možnost ni izbrana, observatorij ne bo zabeležil potrdil za imena, ki jih ni mogoče razkriti s sistemom DNS.">
-
-<!ENTITY ssl-observatory.prefs.show "Pokaži napredne možnosti">
-
-<!ENTITY ssl-observatory.prefs.title "Nastavitve SSL Observatorija">
-
-<!ENTITY ssl-observatory.prefs.use "Uporabim Observatorij?">
-<!ENTITY ssl-observatory.warning.title "OPOZORILO s strani EFF SSL Observatorija">
-<!ENTITY ssl-observatory.warning.showcert "Pokaži certifikatno verigo">
-<!ENTITY ssl-observatory.warning.okay "Razumem">
-<!ENTITY ssl-observatory.warning.text "EFF SSL Observatorij je izdal opozorilo za HTTPS certifikat(e) za to stran:">
-<!ENTITY ssl-observatory.warning.defense "Če ste vpisani na tej strani je priporočljivo, da spremenite geslo, ko boste varno povezani.">
-
-<!ENTITY ssl-observatory.prefs.self_signed
-"Predložite in preverite samopodpisana potrdila">
-<!ENTITY ssl-observatory.prefs.self_signed_tooltip
-"To je priporočljivo; težave s šifriranjem so posebej pogoste pri samopodpisanih vgnezdenih napravah.">
-
-<!ENTITY https-everywhere.ruleset-tests.status_title "HTTPS Everywhere Ruleset Tests">
-<!ENTITY https-everywhere.ruleset-tests.status_cancel_button "Cancel">
-<!ENTITY https-everywhere.ruleset-tests.status_start_button "Start">
-
diff --git a/src/chrome/locale/sv/https-everywhere.dtd b/src/chrome/locale/sv/https-everywhere.dtd
deleted file mode 100644
index d197dd4edffd..000000000000
--- a/src/chrome/locale/sv/https-everywhere.dtd
+++ /dev/null
@@ -1,47 +0,0 @@
-<!ENTITY https-everywhere.about.title "About HTTPS Everywhere">
-<!ENTITY https-everywhere.about.ext_name "HTTPS Everywhere">
-<!ENTITY https-everywhere.about.ext_description "Encrypt the Web! Automatically use HTTPS security on many sites.">
-<!ENTITY https-everywhere.about.version "Version">
-<!ENTITY https-everywhere.about.created_by "Created by">
-<!ENTITY https-everywhere.about.librarians "Ruleset Librarians">
-<!ENTITY https-everywhere.about.thanks "Thanks to">
-<!ENTITY https-everywhere.about.contribute  "If you like HTTPS Everywhere, you might consider">
-<!ENTITY https-everywhere.about.donate_tor "Donating to Tor">
-<!ENTITY https-everywhere.about.tor_lang_code "en">
-<!ENTITY https-everywhere.about.donate_eff "Donating to EFF">
-
-<!ENTITY https-everywhere.menu.about "About HTTPS Everywhere">
-<!ENTITY https-everywhere.menu.observatory "SSL Observatory Preferences">
-<!ENTITY https-everywhere.menu.globalEnable "Aktivera HTTPS Everywhere">
-<!ENTITY https-everywhere.menu.globalDisable "Inaktivera HTTPS Everywhere">
-
-<!ENTITY https-everywhere.prefs.title "HTTPS Everywhere: Inställningar">
-<!ENTITY https-everywhere.prefs.enable_all "Aktivera alla">
-<!ENTITY https-everywhere.prefs.disable_all "Inaktivera alla">
-<!ENTITY https-everywhere.prefs.reset_defaults "Återställ till standard">
-<!ENTITY https-everywhere.prefs.search "Search">
-<!ENTITY https-everywhere.prefs.site "Site">
-<!ENTITY https-everywhere.prefs.notes "Notes">
-<!ENTITY https-everywhere.prefs.list_caption "Which HTTPS redirection rules should apply?">
-<!ENTITY https-everywhere.prefs.enabled "Enabled">
-<!ENTITY https-everywhere.prefs.ruleset_howto "You can learn how to write your own rulesets (to add support for other web sites)">
-<!ENTITY https-everywhere.prefs.here_link "here">
-<!ENTITY https-everywhere.prefs.toggle "Toggle">
-<!ENTITY https-everywhere.prefs.reset_default "Reset to Default">
-<!ENTITY https-everywhere.prefs.view_xml_source "">
-
-<!ENTITY https-everywhere.source.downloading "">
-<!ENTITY https-everywhere.source.filename "">
-<!ENTITY https-everywhere.source.unable_to_download "">
-
-<!ENTITY https-everywhere.popup.title "HTTPS Everywhere 4.0development.11 notification">
-<!ENTITY https-everywhere.popup.paragraph1 "Oops. You were using the stable version of HTTPS Everywhere, but we might have accidentally upgraded you to the development version in our last release.">
-<!ENTITY https-everywhere.popup.paragraph2 "Would you like to go back to stable?">
-<!ENTITY https-everywhere.popup.paragraph3 "We'd love it if you continued using our development release and helped us make HTTPS Everywhere better! You might find there are a few more bugs here and there, which you can report to https-everywhere@eff.org. Sorry about the inconvenience, and thank you for using HTTPS Everywhere.">
-<!ENTITY https-everywhere.popup.keep "Keep me on the development version">
-<!ENTITY https-everywhere.popup.revert "Download the latest stable version">
-
-<!ENTITY https-everywhere.ruleset-tests.status_title "HTTPS Everywhere Ruleset Tests">
-<!ENTITY https-everywhere.ruleset-tests.status_cancel_button "Cancel">
-<!ENTITY https-everywhere.ruleset-tests.status_start_button "Start">
-
diff --git a/src/chrome/locale/sv/https-everywhere.properties b/src/chrome/locale/sv/https-everywhere.properties
deleted file mode 100644
index fd3c8edf4a36..000000000000
--- a/src/chrome/locale/sv/https-everywhere.properties
+++ /dev/null
@@ -1,8 +0,0 @@
-https-everywhere.menu.globalEnable = Aktivera HTTPS Everywhere
-https-everywhere.menu.globalDisable = Inaktivera HTTPS Everywhere
-https-everywhere.menu.enableDisable = Aktivera / inaktivera regler
-https-everywhere.menu.noRules = (Inga Regler för Denna Sida)
-https-everywhere.menu.unknownRules = (Regler för Denna Sida Okänt)
-https-everywhere.toolbar.hint = HTTPS Everywhere is now active. You can toggle it on a site-by-site basis by clicking the icon in the address bar.
-https-everywhere.migration.notification0 = In order to implement a crucial fix, this update resets your HTTPS Everywhere rule preferences to their default values.
-https-everywhere.menu.ruleset-tests = Run HTTPS Everywhere Ruleset Tests
diff --git a/src/chrome/locale/sv/ssl-observatory.dtd b/src/chrome/locale/sv/ssl-observatory.dtd
deleted file mode 100644
index 4cfac8b78589..000000000000
--- a/src/chrome/locale/sv/ssl-observatory.dtd
+++ /dev/null
@@ -1,100 +0,0 @@
-<!-- Observatory popup window -->
-<!ENTITY ssl-observatory.popup.details "Details and Privacy Information">
-<!ENTITY ssl-observatory.popup.later "Ask Me Later">
-<!ENTITY ssl-observatory.popup.no "No">
-
-<!ENTITY ssl-observatory.popup.text "HTTPS Everywhere can detect attacks
-against your browser by sending the certificates you receive to the
-Observatory.  Turn this on?">
-
-<!--<!ENTITY ssl-observatory.popup.text 
-"EFF's SSL Observatory can detect attacks against HTTPS websites by collecting
-and auditing the certificates being presented to your browser. Would you like
-to turn it on?">-->
-
-<!ENTITY ssl-observatory.popup.title 
-"Should HTTPS Everywhere use the SSL Observatory?">
-
-<!ENTITY ssl-observatory.popup.yes "Yes">
-
-<!-- Observatory preferences dialog -->
-
-<!ENTITY ssl-observatory.prefs.adv_priv_opts1
-"It is safe to enable this, unless you use a very
-intrusive corporate network:">
-
-<!ENTITY ssl-observatory.prefs.adv_priv_opts2
-"Safe, unless you use a corporate network with secret intranet server names:">
-
-<!ENTITY ssl-observatory.prefs.alt_roots 
-"Submit and check certificates signed by non-standard root CAs">
-
-<!ENTITY ssl-observatory.prefs.alt_roots_tooltip 
-"It is safe (and a good idea) to enable this option, unless you use an intrusive corporate network that monitors your browsing with a TLS proxy and a private root Certificate Authority.  If enabled on such a network, this option might publish evidence of which https:// domains were being visited through that proxy, because of the unique certificates it would produce.  So we leave it off by default.">
-
-<!ENTITY ssl-observatory.prefs.anonymous "Check certificates using Tor for anonymity">
-<!ENTITY ssl-observatory.prefs.anonymous_unavailable 
-"Check certificates using Tor for anonymity (requires Torbutton)">
-<!ENTITY ssl-observatory.prefs.anonymous_tooltip 
-"This option requires Tor and Torbutton to be installed">
-
-<!ENTITY ssl-observatory.prefs.asn 
-"When you see a new certificate, tell the Observatory which ISP you are connected to">
-
-<!ENTITY ssl-observatory.prefs.asn_tooltip
-"This will fetch and send the &quot;Autonomous System number&quot; of your network.  This will help us locate attacks against HTTPS, and to determine whether we have observations from networks in places like Iran and Syria where attacks are comparatively common.">
-
-<!ENTITY ssl-observatory.prefs.done "Done">
-
-<!ENTITY ssl-observatory.prefs.explanation 
-"HTTPS Everywhere can use EFF's SSL Observatory.  This does two things: (1)
-sends copies of HTTPS certificates to the Observatory, to help us
-detect 'man in the middle' attacks and improve the Web's security; and (2)
-lets us warn you about insecure connections or attacks on your browser.">
-
-<!--<!ENTITY ssl-observatory.prefs.explanation2
-"When you visit https://www.example.com, the Observatory will learn that
-somebody visited that site, but will not know who or what page they looked at.
-Mouseover the options for further details:">-->
-
-<!ENTITY ssl-observatory.prefs.explanation2
-
-"For example, when you visit https://www.something.com, the certificate
-received by the Observatory will indicate that somebody visited
-www.something.com, but not who visited the site, or what specific page they
-looked at.  Mouseover the options for further details:">
-
-<!ENTITY ssl-observatory.prefs.hide "Hide advanced options">
-
-<!ENTITY ssl-observatory.prefs.nonanon 
-"Check certificates even if Tor is not available">
-
-<!ENTITY ssl-observatory.prefs.nonanon_tooltip
-"We will still try to keep the data anonymous, but this option is less secure">
-
-<!ENTITY ssl-observatory.prefs.priv_dns 
-"Submit and check certificates for non-public DNS names">
-
-<!ENTITY ssl-observatory.prefs.priv_dns_tooltip
-"Unless this option is checked, the Observatory will not record certificates for names that it cannot resolve through the DNS system.">
-
-<!ENTITY ssl-observatory.prefs.show "Show advanced options">
-
-<!ENTITY ssl-observatory.prefs.title "SSL Observatory Preferences">
-
-<!ENTITY ssl-observatory.prefs.use "Use the Observatory?">
-<!ENTITY ssl-observatory.warning.title "WARNING from EFF's SSL Observatory">
-<!ENTITY ssl-observatory.warning.showcert "Show the certificate chain">
-<!ENTITY ssl-observatory.warning.okay "I understand">
-<!ENTITY ssl-observatory.warning.text "EFF's SSL Observatory has issued a warning about the HTTPS certificiate(s) for this site:">
-<!ENTITY ssl-observatory.warning.defense "If you are logged in to this site, it may be advisable to change your password once you have a safe connection.">
-
-<!ENTITY ssl-observatory.prefs.self_signed
-"Skicka och kolla själv-signerade certifikat">
-<!ENTITY ssl-observatory.prefs.self_signed_tooltip
-"Detta är rekommenderat; kryptografiska problem är särskilt vanliga i själv-signerad inbäddad utrustning">
-
-<!ENTITY https-everywhere.ruleset-tests.status_title "HTTPS Everywhere Ruleset Tests">
-<!ENTITY https-everywhere.ruleset-tests.status_cancel_button "Cancel">
-<!ENTITY https-everywhere.ruleset-tests.status_start_button "Start">
-
diff --git a/src/chrome/locale/tr/https-everywhere.dtd b/src/chrome/locale/tr/https-everywhere.dtd
deleted file mode 100644
index 4a0e55695a90..000000000000
--- a/src/chrome/locale/tr/https-everywhere.dtd
+++ /dev/null
@@ -1,47 +0,0 @@
-<!ENTITY https-everywhere.about.title "Hakkında">
-<!ENTITY https-everywhere.about.ext_name "HTTPS Everywhere">
-<!ENTITY https-everywhere.about.ext_description "İnternet'i şifrele ! Bir çok sitede otomatik olarak HTTPS kullan.">
-<!ENTITY https-everywhere.about.version "Sürüm">
-<!ENTITY https-everywhere.about.created_by "Yaratıcı">
-<!ENTITY https-everywhere.about.librarians "Kural Seti Kütüphaneleri">
-<!ENTITY https-everywhere.about.thanks "Teşekkürler">
-<!ENTITY https-everywhere.about.contribute  "Eğer HTTPS Everywhere'i sevdiysen, sen de destek olabilirsin">
-<!ENTITY https-everywhere.about.donate_tor "Tor'a bağışla">
-<!ENTITY https-everywhere.about.tor_lang_code "en">
-<!ENTITY https-everywhere.about.donate_eff "EFF'e bağışla">
-
-<!ENTITY https-everywhere.menu.about "Hakkında">
-<!ENTITY https-everywhere.menu.observatory "SSL Gözlemcisi Tercihleri">
-<!ENTITY https-everywhere.menu.globalEnable "Etkinleştir">
-<!ENTITY https-everywhere.menu.globalDisable "Devre Dışı Bırak">
-
-<!ENTITY https-everywhere.prefs.title "HTTPS Everywhere Tercihleri">
-<!ENTITY https-everywhere.prefs.enable_all "Tümünü Etkinleştir">
-<!ENTITY https-everywhere.prefs.disable_all "Tümünü Devre Dışı Bırak">
-<!ENTITY https-everywhere.prefs.reset_defaults "Varsayılana Dön">
-<!ENTITY https-everywhere.prefs.search "Ara">
-<!ENTITY https-everywhere.prefs.site "Site">
-<!ENTITY https-everywhere.prefs.notes "Notlar">
-<!ENTITY https-everywhere.prefs.list_caption "Hangi HTTPS yönlendirme kuralları etkin olarak uygulansın?">
-<!ENTITY https-everywhere.prefs.enabled "Etkin">
-<!ENTITY https-everywhere.prefs.ruleset_howto "Kendi kural setini nasıl yazabileceğini">
-<!ENTITY https-everywhere.prefs.here_link "öğrenebilirsin.">
-<!ENTITY https-everywhere.prefs.toggle "Değiştir">
-<!ENTITY https-everywhere.prefs.reset_default "Varsayılana Dön">
-<!ENTITY https-everywhere.prefs.view_xml_source "XML Kaynağını Görüntüle">
-
-<!ENTITY https-everywhere.source.downloading "İndiriliyor">
-<!ENTITY https-everywhere.source.filename "Dosya Adı">
-<!ENTITY https-everywhere.source.unable_to_download "Kaynak indirmeye uygun değil">
-
-<!ENTITY https-everywhere.popup.title "HTTPS Everywhere 4.0development.11 notification">
-<!ENTITY https-everywhere.popup.paragraph1 "Oops. You were using the stable version of HTTPS Everywhere, but we might have accidentally upgraded you to the development version in our last release.">
-<!ENTITY https-everywhere.popup.paragraph2 "Would you like to go back to stable?">
-<!ENTITY https-everywhere.popup.paragraph3 "We'd love it if you continued using our development release and helped us make HTTPS Everywhere better! You might find there are a few more bugs here and there, which you can report to https-everywhere@eff.org. Sorry about the inconvenience, and thank you for using HTTPS Everywhere.">
-<!ENTITY https-everywhere.popup.keep "Keep me on the development version">
-<!ENTITY https-everywhere.popup.revert "Download the latest stable version">
-
-<!ENTITY https-everywhere.ruleset-tests.status_title "HTTPS Everywhere Ruleset Tests">
-<!ENTITY https-everywhere.ruleset-tests.status_cancel_button "Cancel">
-<!ENTITY https-everywhere.ruleset-tests.status_start_button "Start">
-
diff --git a/src/chrome/locale/tr/https-everywhere.properties b/src/chrome/locale/tr/https-everywhere.properties
deleted file mode 100644
index 37182cffaf85..000000000000
--- a/src/chrome/locale/tr/https-everywhere.properties
+++ /dev/null
@@ -1,8 +0,0 @@
-https-everywhere.menu.globalEnable = Etkinleştir
-https-everywhere.menu.globalDisable = Devre dışı
-https-everywhere.menu.enableDisable = Kuralları Aç / Kapa
-https-everywhere.menu.noRules = (Bu sayfa için hiçbir kural yok)
-https-everywhere.menu.unknownRules = (Bu sayfa için hangi kuralların kullanılacağı bilinmiyor)
-https-everywhere.toolbar.hint = HTTPS Everywhere şuan etkin. Adres çubuğundaki simgeye tıklayarak istediğiniz sitelerde etkinliğini değiştirebilirsiniz.
-https-everywhere.migration.notification0 = In order to implement a crucial fix, this update resets your HTTPS Everywhere rule preferences to their default values.
-https-everywhere.menu.ruleset-tests = Run HTTPS Everywhere Ruleset Tests
diff --git a/src/chrome/locale/tr/ssl-observatory.dtd b/src/chrome/locale/tr/ssl-observatory.dtd
deleted file mode 100644
index f9fd37c08ee9..000000000000
--- a/src/chrome/locale/tr/ssl-observatory.dtd
+++ /dev/null
@@ -1,96 +0,0 @@
-<!-- Observatory popup window -->
-<!ENTITY ssl-observatory.popup.details "Detaylar ve Gizlilik Bilgileri">
-<!ENTITY ssl-observatory.popup.later "Daha Sonra Sor">
-<!ENTITY ssl-observatory.popup.no "Hayır">
-
-<!ENTITY ssl-observatory.popup.text "HTTPS Everywhere tarayıcınıza
-karşı yapılacak saldırıları Gözlemci'ye alır.
-Bu özelliği aktif etmek ister misiniz?">
-
-<!--<!ENTITY ssl-observatory.popup.text 
-"EFF's SSL Observatory can detect attacks against HTTPS websites by collecting
-and auditing the certificates being presented to your browser. Would you like
-to turn it on?">-->
-
-<!ENTITY ssl-observatory.popup.title 
-"HTTPS Everywhere SSL Gözlemcisini kullansın mı?">
-
-<!ENTITY ssl-observatory.popup.yes "Evet">
-
-<!-- Observatory preferences dialog -->
-
-<!ENTITY ssl-observatory.prefs.adv_priv_opts1
-"Elverişsiz bir şirket ağı kullanmıyorsanız,
-etkinleştirmek sizin için güvenlidir.">
-
-<!ENTITY ssl-observatory.prefs.adv_priv_opts2
-"Güvenli, gizli intranet şirket sunucularını kullanmadığınız sürece:">
-
-<!ENTITY ssl-observatory.prefs.alt_roots 
-"Geçerli bir otorite tarafından imzalanmamış sertifikaları gönder ve kontrol et">
-
-<!ENTITY ssl-observatory.prefs.alt_roots_tooltip 
-"Eğer ki TLS proxy veya özel kök Sertifika Otoritesi ile internet gezintilerini gözlemleyebilen Kaspersky antivirüs yazılımı ya da araya girilebilen bir şirket ağı kullanmıyorsanız bu özelliği etkinleştirmek güvenlidir (ve akıllıca), Eğer ağ üzerinde bunlar etkinse, bu seçenek eşsiz sertifikalar verdiğinden vekil sunucu üzerinden https:// adreslerine eriştiğinize kanıt olmuşturur. Dolayısıyla varsayılan ayarlarda kapalı bıraktık.">
-
-<!ENTITY ssl-observatory.prefs.anonymous "Gizliliğim için Tor kullanırken de sertifikaları kontrol et">
-<!ENTITY ssl-observatory.prefs.anonymous_unavailable 
-"Gizliliğim için Tor kullanırken de sertifikaları kontrol et (Torbutton gerektirir)">
-<!ENTITY ssl-observatory.prefs.anonymous_tooltip 
-"Bu özellik Tor ve Torbutton'un yüklü olmasını gerektirir.">
-
-<!ENTITY ssl-observatory.prefs.asn 
-"Yeni bir sertifika gördüğünde, hangi ISS'den bağlandığımı Gözlemci'ye bildir">
-
-<!ENTITY ssl-observatory.prefs.asn_tooltip
-"Bu ağın &quot;Özerk Sistemi numarası&quot; alıp göndereceğiz. Bu bize HTTPS'e karşı gerçekleştirilen yerel saldırıları belirlemekte ve nispeten İran ve Suriye gibi yerlerde ağlara karşı gözlemler olup olmadığını belirlemek için yardımcı olacaktır.">
-
-<!ENTITY ssl-observatory.prefs.done "Tamamlandı">
-
-<!ENTITY ssl-observatory.prefs.explanation 
-"HTTPS Everywhere EFF'nin SSL Gözlemcisini kullanır. Gözlemci iki olay gerçekleştirir:(1)
-HTTPS sertifikalarının kopyalarını Gözlemci'ye yollar ki MITM saldırılarının tespitinde yardım edelim, internet güvenliğini geliştirebilelim; ve (2)
-seni güvensiz bağlantılar hakkında uyarabilelim.">
-
-<!--<!ENTITY ssl-observatory.prefs.explanation2
-"When you visit https://www.example.com, the Observatory will learn that
-somebody visited that site, but will not know who or what page they looked at.
-Mouseover the options for further details:">-->
-
-<!ENTITY ssl-observatory.prefs.explanation2
-
-"Örneğin, https://www.hack4career.com adresini ziyaret ettiğinde ve eğer ki sayfayı daha önce hiç kimse ziyaret etmemişse sertifika Gözlemci tarafından ileride bu siteyi ziyaret edecekler için alınır. Daha fazla bilgi için aşağıdan gözlemciyi aktif etmelisiniz:">
-
-<!ENTITY ssl-observatory.prefs.hide "Gelişmiş ayarları gizle">
-
-<!ENTITY ssl-observatory.prefs.nonanon 
-"Tor uygun olmadığında dahi sertifikaları kontrol et">
-
-<!ENTITY ssl-observatory.prefs.nonanon_tooltip
-"Verilerini anonim tutmaya çalışıyoruz, ama bu özellik pek güvenli değil">
-
-<!ENTITY ssl-observatory.prefs.priv_dns 
-"Özel DNS isimleri için olan sertifikaları gönder ve kontrol et">
-
-<!ENTITY ssl-observatory.prefs.priv_dns_tooltip
-"Bu seçenek işaretlenmediği sürece, Gözlemci DNS sistemleri üzerinden çözümleyemediği sertifika isimlerini kaydetmeyecektir.">
-
-<!ENTITY ssl-observatory.prefs.show "Gelişmiş ayarları göster">
-
-<!ENTITY ssl-observatory.prefs.title "SSL Gözlemci Tercihleri">
-
-<!ENTITY ssl-observatory.prefs.use "Gözlemci kullanılsın mı?">
-<!ENTITY ssl-observatory.warning.title " EFF'in SSL Gözlemcisi'nden UYARI">
-<!ENTITY ssl-observatory.warning.showcert "Sertifika zincirini göster">
-<!ENTITY ssl-observatory.warning.okay "Anladım">
-<!ENTITY ssl-observatory.warning.text "EFF SSL Gözlemcisi bu sitenin HTTPS serfikası (ları) hakkında bir sorun olduğunu belirtiyor:">
-<!ENTITY ssl-observatory.warning.defense "Eğer bu siteye giriş yaptıysan, güvenli bir bağlantı sağlandığında site sana şifreni değiştirmeni tavsiye edebilir.">
-
-<!ENTITY ssl-observatory.prefs.self_signed
-"Kendinden imzalı sertifikaları gönder ve kontrol et">
-<!ENTITY ssl-observatory.prefs.self_signed_tooltip
-"Bu bir öneridir; özellikle kendinden imzalanmış gömülü cihazlarda şifreleme problemleri mevcut ">
-
-<!ENTITY https-everywhere.ruleset-tests.status_title "HTTPS Everywhere Ruleset Tests">
-<!ENTITY https-everywhere.ruleset-tests.status_cancel_button "Cancel">
-<!ENTITY https-everywhere.ruleset-tests.status_start_button "Start">
-
diff --git a/src/chrome/locale/zh-CN/https-everywhere.dtd b/src/chrome/locale/zh-CN/https-everywhere.dtd
deleted file mode 100644
index 5007b9344f0e..000000000000
--- a/src/chrome/locale/zh-CN/https-everywhere.dtd
+++ /dev/null
@@ -1,47 +0,0 @@
-<!ENTITY https-everywhere.about.title "关于 HTTPS Everywhere">
-<!ENTITY https-everywhere.about.ext_name "HTTPS Everywhere">
-<!ENTITY https-everywhere.about.ext_description "加密网络浏览，自动使用 HTTPS 连接访问站点，更加安全。">
-<!ENTITY https-everywhere.about.version "版本">
-<!ENTITY https-everywhere.about.created_by "创建者">
-<!ENTITY https-everywhere.about.librarians "规则管理员">
-<!ENTITY https-everywhere.about.thanks "致谢">
-<!ENTITY https-everywhere.about.contribute  "如果喜欢 HTTPS Everywhere，您可以考虑">
-<!ENTITY https-everywhere.about.donate_tor "捐助 Tor">
-<!ENTITY https-everywhere.about.tor_lang_code "en">
-<!ENTITY https-everywhere.about.donate_eff "捐助电子前线基金会 (EFF)">
-
-<!ENTITY https-everywhere.menu.about "关于 HTTPS Everywhere">
-<!ENTITY https-everywhere.menu.observatory "SSL Observatory 首选项">
-<!ENTITY https-everywhere.menu.globalEnable "启用 HTTPS Everywhere">
-<!ENTITY https-everywhere.menu.globalDisable "禁用 HTTPS Everywhere">
-
-<!ENTITY https-everywhere.prefs.title "HTTPS Everywhere 首选项">
-<!ENTITY https-everywhere.prefs.enable_all "全部启用">
-<!ENTITY https-everywhere.prefs.disable_all "全部禁用">
-<!ENTITY https-everywhere.prefs.reset_defaults "重置为默认值">
-<!ENTITY https-everywhere.prefs.search "搜索">
-<!ENTITY https-everywhere.prefs.site "站点">
-<!ENTITY https-everywhere.prefs.notes "注释">
-<!ENTITY https-everywhere.prefs.list_caption "应用哪些 HTTPS 重定向规则？">
-<!ENTITY https-everywhere.prefs.enabled "已启用">
-<!ENTITY https-everywhere.prefs.ruleset_howto "您可以学习如何编写您自己的规则（以增加对其他网站的支持）">
-<!ENTITY https-everywhere.prefs.here_link "这里">
-<!ENTITY https-everywhere.prefs.toggle "切换">
-<!ENTITY https-everywhere.prefs.reset_default "重置为默认值">
-<!ENTITY https-everywhere.prefs.view_xml_source "查看 XML 格式的源代码">
-
-<!ENTITY https-everywhere.source.downloading "正在下载">
-<!ENTITY https-everywhere.source.filename "文件名">
-<!ENTITY https-everywhere.source.unable_to_download "无法下载源代码。">
-
-<!ENTITY https-everywhere.popup.title "HTTPS Everywhere 4.0development.11 通知">
-<!ENTITY https-everywhere.popup.paragraph1 "抱歉，你之前用的是 HTTPS Everywhere 稳定版，在上次发布时，我们可能不小心将你用的版本升级为开发版。">
-<!ENTITY https-everywhere.popup.paragraph2 "是否需要换为稳定版？">
-<!ENTITY https-everywhere.popup.paragraph3 "如果您愿意，我们非常欢迎您继续使用我们的开发版本，并以此帮助我们改善 HTTPS Everywhere！您也许会遇到更多的缺陷问题，您可以报告到 https-everywhere@eff.org。对此带来的不便我们深感抱歉，感谢您使用 HTTPS Everywhere。">
-<!ENTITY https-everywhere.popup.keep "我要继续使用开发版">
-<!ENTITY https-everywhere.popup.revert "下载最新稳定版">
-
-<!ENTITY https-everywhere.ruleset-tests.status_title "HTTPS Everywhere Ruleset Tests">
-<!ENTITY https-everywhere.ruleset-tests.status_cancel_button "Cancel">
-<!ENTITY https-everywhere.ruleset-tests.status_start_button "Start">
-
diff --git a/src/chrome/locale/zh-CN/https-everywhere.properties b/src/chrome/locale/zh-CN/https-everywhere.properties
deleted file mode 100644
index 0e24891328e1..000000000000
--- a/src/chrome/locale/zh-CN/https-everywhere.properties
+++ /dev/null
@@ -1,8 +0,0 @@
-https-everywhere.menu.globalEnable = 启用 HTTPS Everywhere
-https-everywhere.menu.globalDisable = 禁用 HTTPS Everywhere
-https-everywhere.menu.enableDisable = 启用/禁用规则
-https-everywhere.menu.noRules = （本页面无规则）
-https-everywhere.menu.unknownRules = （此页面规则未知）
-https-everywhere.toolbar.hint = HTTPS Everywhere 当前已激活。根据每个网站，可点击地址栏中图标启用或禁用该功能。
-https-everywhere.migration.notification0 = 为了部署重要修订，该更新将 HTTPS Everywhere 规则偏好重置为默认值。
-https-everywhere.menu.ruleset-tests = Run HTTPS Everywhere Ruleset Tests
diff --git a/src/chrome/locale/zh-CN/ssl-observatory.dtd b/src/chrome/locale/zh-CN/ssl-observatory.dtd
deleted file mode 100644
index 6998aa61df6a..000000000000
--- a/src/chrome/locale/zh-CN/ssl-observatory.dtd
+++ /dev/null
@@ -1,98 +0,0 @@
-<!-- Observatory popup window -->
-<!ENTITY ssl-observatory.popup.details "详情与隐私信息">
-<!ENTITY ssl-observatory.popup.later "以后再说">
-<!ENTITY ssl-observatory.popup.no "否">
-
-<!ENTITY ssl-observatory.popup.text "通过将接收到的证书
-提交至 Observatory，HTTPS Everywhere 能够检测针对浏览器的攻击。
-是否启用该功能？">
-
-<!--<!ENTITY ssl-observatory.popup.text 
-"EFF's SSL Observatory can detect attacks against HTTPS websites by collecting
-and auditing the certificates being presented to your browser. Would you like
-to turn it on?">-->
-
-<!ENTITY ssl-observatory.popup.title 
-"是否允许 HTTPS Everywhere 使用 SSL Observatory？">
-
-<!ENTITY ssl-observatory.popup.yes "是">
-
-<!-- Observatory preferences dialog -->
-
-<!ENTITY ssl-observatory.prefs.adv_priv_opts1
-"启用这个功能是安全的，除非你所用的是高侵入性的企业网络：">
-
-<!ENTITY ssl-observatory.prefs.adv_priv_opts2
-"安全，除非所用的企业网络具有加密的内部网服务器名称：">
-
-<!ENTITY ssl-observatory.prefs.alt_roots 
-"提交并检查由非标准根 CA 所签名的证书">
-
-<!ENTITY ssl-observatory.prefs.alt_roots_tooltip 
-"启用此选项是安全（而且有益的），除非所用的是高侵入性的公司网络，或者使用卡巴斯基防病毒软件通过本地 TLS 代理与私有根证书认证方检测互联网浏览行为。对于这样的网络，由于生成的数字证书是唯一的，启用该选项可能将公开通过该代理访问的 https:// 网域名称，因此默认关闭该功能。">
-
-<!ENTITY ssl-observatory.prefs.anonymous "通过 Tor 网络进行数字证书的检查，以保护匿名性">
-<!ENTITY ssl-observatory.prefs.anonymous_unavailable 
-"通过 Tor 网络进行数字证书的检查，以保护匿名性（需要有 Tor）">
-<!ENTITY ssl-observatory.prefs.anonymous_tooltip 
-"此选项需要已经安装并运行 Tor">
-
-<!ENTITY ssl-observatory.prefs.asn 
-"遇到新的数字证书时，通知 Observatory 当前使用的互联网服务提供商 (ISP)">
-
-<!ENTITY ssl-observatory.prefs.asn_tooltip
-"这将抓取网络的“自治系统号码”(Autonomous System number)。这将有助于找出对 HTTPS 发动攻击的源头，并判断在攻击相对常见的地区网络上，如伊朗和叙利亚，我们是否具有观测数据。">
-
-<!ENTITY ssl-observatory.prefs.done "完成">
-
-<!ENTITY ssl-observatory.prefs.explanation 
-"HTTPS Everywhere 可以使用 EFF 的 SSL 观测站 。 这有两个功能： 
-(1) 将 HTTPS 数字证书寄送到观测站，以协助我们侦测中间人式的攻击
-并改善网络的安全性；
-(2) 针对不安全的连接以及对你的浏览器进行的攻击，向你发出警告。">
-
-<!--<!ENTITY ssl-observatory.prefs.explanation2
-"When you visit https://www.example.com, the Observatory will learn that
-somebody visited that site, but will not know who or what page they looked at.
-Mouseover the options for further details:">-->
-
-<!ENTITY ssl-observatory.prefs.explanation2
-
-"例如，在访问 https://www.something.com 时，观测站收到的数字证书显示
-某人访问了 www.something.com，但不会显示是谁访问了该站点或者浏览了
-哪些页面。将鼠标移至该选项可了解更多详细信息：">
-
-<!ENTITY ssl-observatory.prefs.hide "隐藏高级选项">
-
-<!ENTITY ssl-observatory.prefs.nonanon 
-"在没有 Tor 网络的情况下依然检查数字证书">
-
-<!ENTITY ssl-observatory.prefs.nonanon_tooltip
-"我们仍将尽力确保数据的匿名性，但该选项的安全性较低">
-
-<!ENTITY ssl-observatory.prefs.priv_dns 
-"提交并检查非公开 DNS 名称的数字证书">
-
-<!ENTITY ssl-observatory.prefs.priv_dns_tooltip
-"除非勾选该选项，否则观测站将不会记录通过 DNS 系统无法解析域名的证书。">
-
-<!ENTITY ssl-observatory.prefs.show "显示高级选项">
-
-<!ENTITY ssl-observatory.prefs.title "SSL Observatory 首选项">
-
-<!ENTITY ssl-observatory.prefs.use "是否使用观测站？">
-<!ENTITY ssl-observatory.warning.title "EFF 的 SSL 观测站发布的警告">
-<!ENTITY ssl-observatory.warning.showcert "显示数字证书链">
-<!ENTITY ssl-observatory.warning.okay "我已了解">
-<!ENTITY ssl-observatory.warning.text "EFF 的 SSL 观测站已对该 HTTPS 数字证书发出警告：">
-<!ENTITY ssl-observatory.warning.defense "如果已登录该站点，在使用安全连接时，可能建议你修改该站点的密码。">
-
-<!ENTITY ssl-observatory.prefs.self_signed
-"提交并检查自签名证书">
-<!ENTITY ssl-observatory.prefs.self_signed_tooltip
-"我们推荐该选项；在自签名的嵌入式设备中，加密问题尤为常见">
-
-<!ENTITY https-everywhere.ruleset-tests.status_title "HTTPS Everywhere Ruleset Tests">
-<!ENTITY https-everywhere.ruleset-tests.status_cancel_button "Cancel">
-<!ENTITY https-everywhere.ruleset-tests.status_start_button "Start">
-
diff --git a/src/chrome/locale/zh-TW/https-everywhere.dtd b/src/chrome/locale/zh-TW/https-everywhere.dtd
deleted file mode 100644
index d6933935ca9b..000000000000
--- a/src/chrome/locale/zh-TW/https-everywhere.dtd
+++ /dev/null
@@ -1,48 +0,0 @@
-<!ENTITY https-everywhere.about.title "關於 HTTPS Everywhere">
-<!ENTITY https-everywhere.about.ext_name "HTTPS Everywhere">
-<!ENTITY https-everywhere.about.ext_description "Encrypt the Web! Automatically use HTTPS security on many sites.
-使網路加密！於眾多網站上自動使用 HTTPS 安全連線。">
-<!ENTITY https-everywhere.about.version "版本">
-<!ENTITY https-everywhere.about.created_by "建立於">
-<!ENTITY https-everywhere.about.librarians "規則庫管理">
-<!ENTITY https-everywhere.about.thanks "致謝">
-<!ENTITY https-everywhere.about.contribute  "若喜歡 HTTPS Everywhere，或許您可以考慮">
-<!ENTITY https-everywhere.about.donate_tor "贊助 Tor">
-<!ENTITY https-everywhere.about.tor_lang_code "zh-TW">
-<!ENTITY https-everywhere.about.donate_eff "贊助 EFF">
-
-<!ENTITY https-everywhere.menu.about "關於 HTTPS Everywhere">
-<!ENTITY https-everywhere.menu.observatory "SSL 觀測站偏好設定">
-<!ENTITY https-everywhere.menu.globalEnable "啟用 HTTPS Everywhere">
-<!ENTITY https-everywhere.menu.globalDisable "停用 HTTPS Everywhere">
-
-<!ENTITY https-everywhere.prefs.title "HTTPS Everywhere 偏好設定">
-<!ENTITY https-everywhere.prefs.enable_all "全部啟用">
-<!ENTITY https-everywhere.prefs.disable_all "全部停用">
-<!ENTITY https-everywhere.prefs.reset_defaults "恢復預設值">
-<!ENTITY https-everywhere.prefs.search "搜尋">
-<!ENTITY https-everywhere.prefs.site "網站">
-<!ENTITY https-everywhere.prefs.notes "備註">
-<!ENTITY https-everywhere.prefs.list_caption "要使用哪些 HTTPS 導向規則？">
-<!ENTITY https-everywhere.prefs.enabled "已啟用">
-<!ENTITY https-everywhere.prefs.ruleset_howto "要了解如何編寫自訂規則(以增加對其他網站的支援)">
-<!ENTITY https-everywhere.prefs.here_link "請看這裡">
-<!ENTITY https-everywhere.prefs.toggle "切換">
-<!ENTITY https-everywhere.prefs.reset_default "恢復預設值">
-<!ENTITY https-everywhere.prefs.view_xml_source "檢視 XML 原始碼">
-
-<!ENTITY https-everywhere.source.downloading "下載中">
-<!ENTITY https-everywhere.source.filename "檔案名稱">
-<!ENTITY https-everywhere.source.unable_to_download "無法下載原始碼">
-
-<!ENTITY https-everywhere.popup.title "HTTPS Everywhere 4.0 dev.11通知">
-<!ENTITY https-everywhere.popup.paragraph1 "糟糕。以前您一直使用HTTPS Everywhere 穩定版本，但我們可能已經不小心升級您在我們最新版本中為開發中版本。">
-<!ENTITY https-everywhere.popup.paragraph2 "您想回復為穩定版本？">
-<!ENTITY https-everywhere.popup.paragraph3 "如果您繼續使用我們的開發中版本，並幫助我們使得HTTPS Everywhere變得更好，我們也很願意！您可能會發現這裡和那裡有一些更多的錯誤，您可以向https-everywhere@eff.org提交報告，對不起您添麻煩了，感謝您使用HTTPS Everywhere。">
-<!ENTITY https-everywhere.popup.keep "讓我為持於開發中版本">
-<!ENTITY https-everywhere.popup.revert "下載最新的穩定版本">
-
-<!ENTITY https-everywhere.ruleset-tests.status_title "HTTPS Everywhere Ruleset Tests">
-<!ENTITY https-everywhere.ruleset-tests.status_cancel_button "Cancel">
-<!ENTITY https-everywhere.ruleset-tests.status_start_button "Start">
-
diff --git a/src/chrome/locale/zh-TW/https-everywhere.properties b/src/chrome/locale/zh-TW/https-everywhere.properties
deleted file mode 100644
index e944b0dfd1a6..000000000000
--- a/src/chrome/locale/zh-TW/https-everywhere.properties
+++ /dev/null
@@ -1,8 +0,0 @@
-https-everywhere.menu.globalEnable = 啟用 HTTPS Everywhere
-https-everywhere.menu.globalDisable = 停用 HTTPS Everywhere
-https-everywhere.menu.enableDisable = 啟用 / 停用規則
-https-everywhere.menu.noRules = (沒有規則適用於此網頁)
-https-everywhere.menu.unknownRules = (適用此網頁的規則不明)
-https-everywhere.toolbar.hint = HTTPS Everywhere 已啟用。您可以根據網站站點基礎上透過切換網址列圖示以啟用。
-https-everywhere.migration.notification0 = 為了徹底落實關鍵修正，更新重置您的HTTPS Everywhere 規則設定至它們的預設值。
-https-everywhere.menu.ruleset-tests = Run HTTPS Everywhere Ruleset Tests
diff --git a/src/chrome/locale/zh-TW/ssl-observatory.dtd b/src/chrome/locale/zh-TW/ssl-observatory.dtd
deleted file mode 100644
index 496c3dfe5ab9..000000000000
--- a/src/chrome/locale/zh-TW/ssl-observatory.dtd
+++ /dev/null
@@ -1,91 +0,0 @@
-<!-- Observatory popup window -->
-<!ENTITY ssl-observatory.popup.details "詳細資料與隱私訊息">
-<!ENTITY ssl-observatory.popup.later "稍後再詢問">
-<!ENTITY ssl-observatory.popup.no "取消">
-
-<!ENTITY ssl-observatory.popup.text "HTTPS Everywhere 能將您收到的憑證送到觀測站，以偵測出對您瀏覽器的攻擊。要啟用本功能嗎？">
-
-<!--<!ENTITY ssl-observatory.popup.text 
-"EFF's SSL Observatory can detect attacks against HTTPS websites by collecting
-and auditing the certificates being presented to your browser. Would you like
-to turn it on?">-->
-
-<!ENTITY ssl-observatory.popup.title 
-"要讓 HTTPS Everywhere 使用 SSL 觀測站嗎？">
-
-<!ENTITY ssl-observatory.popup.yes "確定">
-
-<!-- Observatory preferences dialog -->
-
-<!ENTITY ssl-observatory.prefs.adv_priv_opts1
-"啟用這個選項是安全的，除非您使用高侵入性的企業網路（corporate network）:">
-
-<!ENTITY ssl-observatory.prefs.adv_priv_opts2
-"啟用這個選項是安全的，除非您使用含有隱密內部網路伺服器名稱的企業網路（corporate network）:">
-
-<!ENTITY ssl-observatory.prefs.alt_roots 
-"送出並檢查由非正規的根憑證所簽署的憑證">
-
-<!ENTITY ssl-observatory.prefs.alt_roots_tooltip 
-"啟用這個選項是安全的（而且也推薦啟用），除非您使用侵入性的企業網路，或者 Kaspersky 防毒軟體監控到您透過 TLS proxy 瀏覽並使用私人的根憑證。  在這類的網路環境啟用此選項，可能會因為所產生的特有憑證，導致經由此代理伺服器瀏覽特定 https:// 網域的證明被公開。  因此預設為不啟用此選項。">
-
-<!ENTITY ssl-observatory.prefs.anonymous "以 Tor 匿名檢測憑證">
-<!ENTITY ssl-observatory.prefs.anonymous_unavailable 
-"以 Tor 匿名檢測憑證（需安裝 Torbutton）">
-<!ENTITY ssl-observatory.prefs.anonymous_tooltip 
-"這個選項必須安裝 Tor 及 Torbutton">
-
-<!ENTITY ssl-observatory.prefs.asn 
-"看到新的憑證時，告訴觀測站您連線的 ISP">
-
-<!ENTITY ssl-observatory.prefs.asn_tooltip
-"這個選項會取得並回傳您的網路的自治系統號碼（Autonomous System Number）。  這個動作能協助我們定位對 HTTPS 的攻擊，並判定我們所觀測到發自伊朗及敘利亞等地網路的攻擊是否較為常見。">
-
-<!ENTITY ssl-observatory.prefs.done "完成">
-
-<!ENTITY ssl-observatory.prefs.explanation 
-"HTTPS Everywhere 可以使用 EFF 的 SSL 觀測站。這麼做有兩個效果：(1) 將 HTTPS 憑證的副本傳送到觀測站，協助我們偵測「中間人」攻擊並增進網路安全性；(2) 當您遇到不安全的連線或瀏覽器遭到攻擊時，我們能夠提出警告。">
-
-<!--<!ENTITY ssl-observatory.prefs.explanation2
-"When you visit https://www.example.com, the Observatory will learn that
-somebody visited that site, but will not know who or what page they looked at.
-Mouseover the options for further details:">-->
-
-<!ENTITY ssl-observatory.prefs.explanation2
-
-"例如當您開啟 https://www.something.com（範例網址）時，觀測站所收到的憑證會顯示有人瀏覽 www.something.com，但不會指出瀏覽者身分或者觀看的是哪些特定頁面。將游標移至選項上可得到詳細說明:">
-
-<!ENTITY ssl-observatory.prefs.hide "隱藏進階選項">
-
-<!ENTITY ssl-observatory.prefs.nonanon 
-"在 Tor 無法使用時仍檢查憑證">
-
-<!ENTITY ssl-observatory.prefs.nonanon_tooltip
-"我們仍會試圖維持資料的匿名性，但這個選項的安全性較低">
-
-<!ENTITY ssl-observatory.prefs.priv_dns 
-"送出並檢查非公共域名系統（non-public DNS）名稱的憑證">
-
-<!ENTITY ssl-observatory.prefs.priv_dns_tooltip
-"觀測站不會記錄名稱未經 DNS 系統解析的憑證，除非您有勾選這個選項。">
-
-<!ENTITY ssl-observatory.prefs.show "顯示進階選項">
-
-<!ENTITY ssl-observatory.prefs.title "SSL 觀測站偏好設定">
-
-<!ENTITY ssl-observatory.prefs.use "使用觀測站？">
-<!ENTITY ssl-observatory.warning.title "EFF 的 SSL 觀測站提出警告">
-<!ENTITY ssl-observatory.warning.showcert "顯示憑證鍊（certificate chain）">
-<!ENTITY ssl-observatory.warning.okay "我了解">
-<!ENTITY ssl-observatory.warning.text "EFF 的 SSL 觀測站對這個網站的 HTTPS 憑證提出警告:">
-<!ENTITY ssl-observatory.warning.defense "若您已登入此網站，當您能使用安全連線時最好變更一下密碼。">
-
-<!ENTITY ssl-observatory.prefs.self_signed
-"送出並檢查自我簽署的憑證">
-<!ENTITY ssl-observatory.prefs.self_signed_tooltip
-"建議啟用；加密問題在自我簽署的嵌入式裝置極為常見。">
-
-<!ENTITY https-everywhere.ruleset-tests.status_title "HTTPS Everywhere Ruleset Tests">
-<!ENTITY https-everywhere.ruleset-tests.status_cancel_button "Cancel">
-<!ENTITY https-everywhere.ruleset-tests.status_start_button "Start">
-
diff --git a/src/chrome/skin/cross.png b/src/chrome/skin/cross.png
deleted file mode 100644
index e39a083364d3..000000000000
Binary files a/src/chrome/skin/cross.png and /dev/null differ
diff --git a/src/chrome/skin/https-everywhere-16-gray.png b/src/chrome/skin/https-everywhere-16-gray.png
deleted file mode 100644
index dc362dc5e90f..000000000000
Binary files a/src/chrome/skin/https-everywhere-16-gray.png and /dev/null differ
diff --git a/src/chrome/skin/https-everywhere-16.png b/src/chrome/skin/https-everywhere-16.png
deleted file mode 100644
index a2071803c5f8..000000000000
Binary files a/src/chrome/skin/https-everywhere-16.png and /dev/null differ
diff --git a/src/chrome/skin/https-everywhere-24-gray.png b/src/chrome/skin/https-everywhere-24-gray.png
deleted file mode 100644
index 9cf0798c18af..000000000000
Binary files a/src/chrome/skin/https-everywhere-24-gray.png and /dev/null differ
diff --git a/src/chrome/skin/https-everywhere-24.png b/src/chrome/skin/https-everywhere-24.png
deleted file mode 100644
index b4bffc0352fc..000000000000
Binary files a/src/chrome/skin/https-everywhere-24.png and /dev/null differ
diff --git a/src/chrome/skin/https-everywhere-banner.jpg b/src/chrome/skin/https-everywhere-banner.jpg
deleted file mode 100644
index 6154da6ba3dc..000000000000
Binary files a/src/chrome/skin/https-everywhere-banner.jpg and /dev/null differ
diff --git a/src/chrome/skin/https-everywhere-half-24.png b/src/chrome/skin/https-everywhere-half-24.png
deleted file mode 100644
index b4bffc0352fc..000000000000
Binary files a/src/chrome/skin/https-everywhere-half-24.png and /dev/null differ
diff --git a/src/chrome/skin/https-everywhere.css b/src/chrome/skin/https-everywhere.css
deleted file mode 100644
index 3f20181b5c96..000000000000
--- a/src/chrome/skin/https-everywhere.css
+++ /dev/null
@@ -1,64 +0,0 @@
-#https-everywhere-button {
-  -moz-binding: url("chrome://https-everywhere/content/toolbar_button_binding.xml#https-everywhere-binding");
-  -moz-box-orient: horizontal;
-}
-
-#https-everywhere-button > .https-everywhere-button {
-  list-style-image: url("chrome://https-everywhere/skin/https-everywhere-24.png");
-  -moz-box-orient: horizontal;
-}
-
-toolbar[iconsize="small"] #https-everywhere-button > .https-everywhere-button {
-  list-style-image: url("chrome://https-everywhere/skin/https-everywhere-16.png");
-  -moz-box-orient: horizontal;
-}
-
-/* Use CSS attribute selector for changing icon */
-#https-everywhere-button[status="disabled"] > .https-everywhere-button {
-  list-style-image: url("chrome://https-everywhere/skin/https-everywhere-24-gray.png");
-}
-
-toolbar[iconsize="small"] #https-everywhere-button[status="disabled"] > .https-everywhere-button {
-  list-style-image: url("chrome://https-everywhere/skin/https-everywhere-16-gray.png");
-}
-
-/* ruleset counter */
-#rscounter {
-  margin: 3px -12px 0 -8px; 
-  display: block;
-  -moz-box-sizing: border-box;
-}
-
-/* rulesets applied label */
-#rsapplied {
-  -moz-box-sizing: border-box;
-  font-size: 12px;
-  color: #000;
-  background-color: #FFF;
-  border-width: 1px; 
-  border-style: solid;
-  padding: 1px 1px 1px 1px; 
-  visibility: hidden;
-}
-
-#https-everywhere-button:not([rulesetsApplied="0"]) #rsapplied {
-  visibility: visible;
-}
-
-#https-everywhere-button menuitem.active-item label {
-  color: #9AD100;
-  font-weight: bold;
-}
-#https-everywhere-button menuitem.moot-item label {
-  color: #9AD100;
-  opacity: 0.5;
-  font-weight: bold;
-}
-#https-everywhere-button menuitem.breaking-item label {
-  color: #b99999;
-  font-weight: bold;
-}
-#https-everywhere-button menuitem.inactive-item label {
-  color: #999999;
-  font-weight: bold;
-}
diff --git a/src/chrome/skin/https-everywhere.png b/src/chrome/skin/https-everywhere.png
deleted file mode 100644
index 5e2168845cb2..000000000000
Binary files a/src/chrome/skin/https-everywhere.png and /dev/null differ
diff --git a/src/chrome/skin/loop.png b/src/chrome/skin/loop.png
deleted file mode 100644
index 33dfd4224339..000000000000
Binary files a/src/chrome/skin/loop.png and /dev/null differ
diff --git a/src/chrome/skin/ssl-observatory-messy.jpg b/src/chrome/skin/ssl-observatory-messy.jpg
deleted file mode 100644
index 84c43e9e7254..000000000000
Binary files a/src/chrome/skin/ssl-observatory-messy.jpg and /dev/null differ
diff --git a/src/chrome/skin/tick-moot.png b/src/chrome/skin/tick-moot.png
deleted file mode 100644
index 5d3c0851ad37..000000000000
Binary files a/src/chrome/skin/tick-moot.png and /dev/null differ
diff --git a/src/chrome/skin/tick.png b/src/chrome/skin/tick.png
deleted file mode 100644
index f0553122a06e..000000000000
Binary files a/src/chrome/skin/tick.png and /dev/null differ
diff --git a/src/components/https-everywhere.js b/src/components/https-everywhere.js
deleted file mode 100644
index c7704d7f140a..000000000000
--- a/src/components/https-everywhere.js
+++ /dev/null
@@ -1,810 +0,0 @@
-// LOG LEVELS ---
-
-VERB=1;
-DBUG=2;
-INFO=3;
-NOTE=4;
-WARN=5;
-
-// PREFERENCE BRANCHES
-PREFBRANCH_ROOT=0;
-PREFBRANCH_RULE_TOGGLE=1;
-
-//---------------
-
-https_domains = {};              // maps domain patterns (with at most one
-                                 // wildcard) to RuleSets
-
-https_everywhere_blacklist = {}; // URLs we've given up on rewriting because
-                                 // of redirection loops
-
-https_blacklist_domains = {};    // domains for which there is at least one
-                                 // blacklisted URL
-
-//
-const CI = Components.interfaces;
-const CC = Components.classes;
-const CU = Components.utils;
-const CR = Components.results;
-const Ci = Components.interfaces;
-const Cc = Components.classes;
-const Cu = Components.utils;
-const Cr = Components.results;
-
-const CP_SHOULDPROCESS = 4;
-
-const SERVICE_CTRID = "@eff.org/https-everywhere;1";
-const SERVICE_ID=Components.ID("{32c165b4-fe5e-4964-9250-603c410631b4}");
-const SERVICE_NAME = "Encrypts your communications with a number of major websites";
-
-const LLVAR = "LogLevel";
-
-const IOS = CC["@mozilla.org/network/io-service;1"].getService(CI.nsIIOService);
-const OS = CC['@mozilla.org/observer-service;1'].getService(CI.nsIObserverService);
-const LOADER = CC["@mozilla.org/moz/jssubscript-loader;1"].getService(CI.mozIJSSubScriptLoader);
-const _INCLUDED = {};
-
-// NoScript uses this blob to include js constructs that stored in the chrome/
-// directory, but are not attached to the Firefox UI (normally, js located
-// there is attached to an Overlay and therefore is part of the UI).
-
-// Reasons for this: things in components/ directory cannot be split into
-// separate files; things in chrome/ can be
-
-const INCLUDE = function(name) {
-  if (arguments.length > 1)
-    for (var j = 0, len = arguments.length; j < len; j++)
-      INCLUDE(arguments[j]);
-  else if (!_INCLUDED[name]) {
-    // we used to try/catch here, but that was less useful because it didn't
-    // produce line numbers for syntax errors
-    LOADER.loadSubScript("chrome://https-everywhere/content/code/"
-            + name + ".js");
-    _INCLUDED[name] = true;
-  }
-};
-
-const WP_STATE_START = CI.nsIWebProgressListener.STATE_START;
-const WP_STATE_STOP = CI.nsIWebProgressListener.STATE_STOP;
-const WP_STATE_DOC = CI.nsIWebProgressListener.STATE_IS_DOCUMENT;
-const WP_STATE_START_DOC = WP_STATE_START | WP_STATE_DOC;
-const WP_STATE_RESTORING = CI.nsIWebProgressListener.STATE_RESTORING;
-
-const LF_VALIDATE_ALWAYS = CI.nsIRequest.VALIDATE_ALWAYS;
-const LF_LOAD_BYPASS_ALL_CACHES = CI.nsIRequest.LOAD_BYPASS_CACHE | CI.nsICachingChannel.LOAD_BYPASS_LOCAL_CACHE;
-
-const NS_OK = 0;
-const NS_BINDING_ABORTED = 0x804b0002;
-const NS_BINDING_REDIRECTED = 0x804b0003;
-const NS_ERROR_UNKNOWN_HOST = 0x804b001e;
-const NS_ERROR_REDIRECT_LOOP = 0x804b001f;
-const NS_ERROR_CONNECTION_REFUSED = 0x804b000e;
-const NS_ERROR_NOT_AVAILABLE = 0x804b0111;
-
-const LOG_CONTENT_BLOCK = 1;
-const LOG_CONTENT_CALL = 2;
-const LOG_CONTENT_INTERCEPT = 4;
-const LOG_CHROME_WIN = 8;
-const LOG_XSS_FILTER = 16;
-const LOG_INJECTION_CHECK = 32;
-const LOG_DOM = 64;
-const LOG_JS = 128;
-const LOG_LEAKS = 1024;
-const LOG_SNIFF = 2048;
-const LOG_CLEARCLICK = 4096;
-const LOG_ABE = 8192;
-
-const HTML_NS = "http://www.w3.org/1999/xhtml";
-
-const WHERE_UNTRUSTED = 1;
-const WHERE_TRUSTED = 2;
-const ANYWHERE = 3;
-
-const N_COHORTS = 1000; 
-
-const DUMMY_OBJ = {};
-DUMMY_OBJ.wrappedJSObject = DUMMY_OBJ;
-const DUMMY_FUNC = function() {};
-const DUMMY_ARRAY = [];
-
-const EARLY_VERSION_CHECK = !("nsISessionStore" in CI && typeof(/ /) === "object");
-
-// This is probably obsolete since the switch to the channel.redirectTo API
-const OBSERVER_TOPIC_URI_REWRITE = "https-everywhere-uri-rewrite";
-
-// XXX: Better plan for this?
-// We need it to exist to make our updates of ChannelReplacement.js easier.
-var ABE = {
-  consoleDump: false,
-  log: function(str) {
-    https_everywhereLog(WARN, str);
-  }
-};
-
-function xpcom_generateQI(iids) {
-  var checks = [];
-  for each (var iid in iids) {
-    checks.push("CI." + iid.name + ".equals(iid)");
-  }
-  var src = checks.length
-    ? "if (" + checks.join(" || ") + ") return this;\n"
-    : "";
-  return new Function("iid", src + "throw Components.results.NS_ERROR_NO_INTERFACE;");
-}
-
-function xpcom_checkInterfaces(iid,iids,ex) {
-  for (var j = iids.length; j-- >0;) {
-    if (iid.equals(iids[j])) return true;
-  }
-  throw ex;
-}
-
-INCLUDE('ChannelReplacement', 'IOUtil', 'HTTPSRules', 'HTTPS', 'Thread', 'ApplicableList');
-
-Components.utils.import("resource://gre/modules/XPCOMUtils.jsm");
-
-// This is black magic for storing Expando data w/ an nsIDOMWindow 
-// See http://pastebin.com/qY28Jwbv , 
-// https://developer.mozilla.org/en/XPCOM_Interface_Reference/nsIControllers
-
-StorageController.prototype = {
-  QueryInterface: XPCOMUtils.generateQI(
-    [ Components.interfaces.nsISupports,
-      Components.interfaces.nsIController ]),
-  wrappedJSObject: null,  // Initialized by constructor
-  supportsCommand: function (cmd) {return (cmd == this.command);},
-  isCommandEnabled: function (cmd) {return (cmd == this.command);},
-  onEvent: function(eventName) {return true;},
-  doCommand: function() {return true;}
-};
-
-function StorageController(command) {
-  this.command = command;
-  this.data = {};
-  this.wrappedJSObject = this;
-}
-
-/*var Controller = Class("Controller", XPCOM(CI.nsIController), {
-  init: function (command, data) {
-      this.command = command;
-      this.data = data;
-  },
-  supportsCommand: function (cmd) cmd === this.command
-});*/
-
-function HTTPSEverywhere() {
-
-  // Set up logging in each component:
-  HTTPS.log = HTTPSRules.log = RuleWriter.log = this.log = https_everywhereLog;
-
-  this.log = https_everywhereLog;
-  this.wrappedJSObject = this;
-  this.https_rules = HTTPSRules;
-  this.INCLUDE=INCLUDE;
-  this.ApplicableList = ApplicableList;
-  
-  this.prefs = this.get_prefs();
-  this.rule_toggle_prefs = this.get_prefs(PREFBRANCH_RULE_TOGGLE);
-  
-  // We need to use observers instead of categories for FF3.0 for these:
-  // https://developer.mozilla.org/en/Observer_Notifications
-  // https://developer.mozilla.org/en/nsIObserverService.
-  // https://developer.mozilla.org/en/nsIObserver
-  // We also use the observer service to let other extensions know about URIs
-  // we rewrite.
-  this.obsService = CC["@mozilla.org/observer-service;1"]
-                    .getService(Components.interfaces.nsIObserverService);
-                    
-  if(this.prefs.getBoolPref("globalEnabled")){
-    this.obsService.addObserver(this, "profile-before-change", false);
-    this.obsService.addObserver(this, "profile-after-change", false);
-    this.obsService.addObserver(this, "sessionstore-windows-restored", false);
-  }
-
-  var pref_service = Components.classes["@mozilla.org/preferences-service;1"]
-      .getService(Components.interfaces.nsIPrefBranchInternal);
-  var branch = pref_service.QueryInterface(Components.interfaces.nsIPrefBranchInternal);
-
-  branch.addObserver("extensions.https_everywhere.enable_mixed_rulesets",
-                         this, false);
-  branch.addObserver("security.mixed_content.block_active_content",
-                         this, false);
-
-  return;
-}
-
-
-// nsIContentPolicy interface
-// we use numeric constants for performance sake: 
-const TYPE_OTHER = 1;
-const TYPE_SCRIPT = 2;
-const TYPE_IMAGE = 3;
-const TYPE_STYLESHEET = 4;
-const TYPE_OBJECT = 5;
-const TYPE_DOCUMENT = 6;
-const TYPE_SUBDOCUMENT = 7;
-const TYPE_REFRESH = 8;
-const TYPE_XBL = 9;
-const TYPE_PING = 10;
-const TYPE_XMLHTTPREQUEST = 11;
-const TYPE_OBJECT_SUBREQUEST = 12;
-const TYPE_DTD  = 13;
-const TYPE_FONT = 14;
-const TYPE_MEDIA = 15;  
-// --------------
-// REJECT_SERVER = -3
-// ACCEPT = 1
-
-
-// Some of these types are known by arbitrary assertion at
-// https://bugzilla.mozilla.org/show_bug.cgi?id=677643#c47
-// TYPE_FONT was required to fix https://trac.torproject.org/projects/tor/ticket/4194
-// TYPE_SUBDOCUMENT was required to fix https://trac.torproject.org/projects/tor/ticket/4149
-// I have NO IDEA why JS won't let me use the constants above in defining this
-const shouldLoadTargets = {
-  1 : true,
-  3 : true,
-  5 : true,
-  12 : true,
-  14 : true,
-  7 : true
-};
-
-
-
-/*
-In recent versions of Firefox and HTTPS Everywhere, the call stack for performing an HTTP -> HTTPS rewrite looks like this:
-
-1. HTTPSEverywhere.observe() gets a callback with the "http-on-modify-request" topic, and the channel as a subject
-
-    2. HTTPS.replaceChannel() 
-
-       3. HTTPSRules.rewrittenURI() 
-            
-           4. HTTPSRules.potentiallyApplicableRulesets uses <target host=""> elements to identify relevant rulesets
-
-           foreach RuleSet:
-
-               4. RuleSet.transformURI()
-
-                   5. RuleSet.apply() does the tests and rewrites with RegExps, returning a string
-
-               4. RuleSet.transformURI() makes a new uri object for the destination string, if required
-
-    2. HTTPS.replaceChannel() calls channel.redirectTo() if a redirect is needed
-
-
-In addition, the following other important tasks happen along the way:
-
-HTTPSEverywhere.observe()    aborts if there is a redirect loop
-                             finds a reference to the ApplicableList or alist that represents the toolbar context menu
-
-HTTPS.replaceChannel()       notices redirect loops (and used to do much more complex XPCOM API work in the NoScript-based past)
-
-HTTPSRules.rewrittenURI()    works around weird URI types like about: and http://user:pass@example.com/
-                             and notifies the alist of what it should display for each ruleset
-
-*/
-
-// This defines for Mozilla what stuff HTTPSEverywhere will implement.
-
-// ChannelEventSink used to be necessary in order to handle redirects (eg
-// HTTP redirects) correctly.  It may now be obsolete? XXX
-
-HTTPSEverywhere.prototype = {
-  prefs: null,
-  // properties required for XPCOM registration:
-  classDescription: SERVICE_NAME,
-  classID:          SERVICE_ID,
-  contractID:       SERVICE_CTRID,
-
-  _xpcom_factory: {
-    createInstance: function (outer, iid) {
-      if (outer != null)
-        throw Components.results.NS_ERROR_NO_AGGREGATION;
-      if (!HTTPSEverywhere.instance)
-        HTTPSEverywhere.instance = new HTTPSEverywhere();
-      return HTTPSEverywhere.instance.QueryInterface(iid);
-    },
-
-    QueryInterface: XPCOMUtils.generateQI(
-      [ Components.interfaces.nsISupports,
-        Components.interfaces.nsIModule,
-        Components.interfaces.nsIFactory ])
-  },
-
-  // [optional] an array of categories to register this component in.
-  _xpcom_categories: [
-    {
-      category: "app-startup",
-    },
-  ],
-
-  // QueryInterface implementation, e.g. using the generateQI helper
-  QueryInterface: XPCOMUtils.generateQI(
-    [ Components.interfaces.nsIObserver,
-      Components.interfaces.nsIMyInterface,
-      Components.interfaces.nsISupports,
-      Components.interfaces.nsISupportsWeakReference,
-      Components.interfaces.nsIWebProgressListener,
-      Components.interfaces.nsIWebProgressListener2,
-      Components.interfaces.nsIChannelEventSink ]),
-
-  wrappedJSObject: null,  // Initialized by constructor
-
-  getWeakReference: function () {
-    return Components.utils.getWeakReference(this);
-  },
-
-  // An "expando" is an attribute glued onto something.  From NoScript.
-  getExpando: function(domWin, key) {
-    var c = domWin.controllers.getControllerForCommand("https-everywhere-storage");
-    try {
-      if (c) {
-        c = c.wrappedJSObject;
-        //this.log(DBUG, "Found a controller, returning data");
-        return c.data[key];
-      } else {
-        this.log(INFO, "No controller attached to " + domWin);
-        return null;
-      }
-    } catch(e) {
-      // Firefox 3.5
-      this.log(WARN,"exception in getExpando");
-      this.getExpando = this.getExpando_old;
-      this.setExpando = this.setExpando_old;
-      return this.getExpando_old(domWin, key, null);
-    }
-  },
-  setExpando: function(domWin, key, value) {
-    var c = domWin.controllers.getControllerForCommand("https-everywhere-storage");
-    try {
-      if (!c) {
-        this.log(DBUG, "Appending new StorageController for " + domWin);
-        c = new StorageController("https-everywhere-storage");
-        domWin.controllers.appendController(c);
-      } else {
-        c = c.wrappedJSObject;
-      }
-      c.data[key] = value;
-    } catch(e) {
-      this.log(WARN,"exception in setExpando");
-      this.getExpando = this.getExpando_old;
-      this.setExpando = this.setExpando_old;
-      this.setExpando_old(domWin, key, value);
-    }
-  },
-
-  // This method is straight out of NoScript... we fall back to it in FF 3.*?
-  getExpando_old: function(domWin, key, defValue) {
-    var domObject = domWin.document;
-    return domObject && domObject.__httpsEStorage && domObject.__httpsEStorage[key] || 
-           (defValue ? this.setExpando(domObject, key, defValue) : null);
-  },
-  setExpando_old: function(domWin, key, value) {
-    var domObject = domWin.document;
-    if (!domObject) return null;
-    if (!domObject.__httpsEStorage) domObject.__httpsEStorage = {};
-    if (domObject.__httpsEStorage) domObject.__httpsEStorage[key] = value;
-    else this.log(WARN, "Warning: cannot set expando " + key + " to value " + value);
-    return value;
-  },
-
-  // We use onLocationChange to make a fresh list of rulesets that could have
-  // applied to the content in the current page (the "applicable list" is used
-  // for the context menu in the UI).  This will be appended to as various
-  // content is embedded / requested by JavaScript.
-  onLocationChange: function(wp, req, uri) {
-    if (wp instanceof CI.nsIWebProgress) {
-      if (!this.newApplicableListForDOMWin(wp.DOMWindow)) 
-        this.log(WARN,"Something went wrong in onLocationChange");
-    } else {
-      this.log(WARN,"onLocationChange: no nsIWebProgress");
-    }
-  },
-
-  getWindowForChannel: function(channel) {
-    // Obtain an nsIDOMWindow from a channel
-    try {
-      var nc = channel.notificationCallbacks ? channel.notificationCallbacks : channel.loadGroup.notificationCallbacks;
-    } catch(e) {
-      this.log(WARN,"no loadgroup notificationCallbacks for "+channel.URI.spec);
-      return null;
-    }
-    if (!nc) {
-      this.log(DBUG, "no window for " + channel.URI.spec);
-      return null;
-    } 
-    try {
-      var domWin = nc.getInterface(CI.nsIDOMWindow);
-    } catch(e) {
-      this.log(INFO, "No window associated with request: " + channel.URI.spec);
-      return null;
-    }
-    if (!domWin) {
-      this.log(NOTE, "failed to get DOMWin for " + channel.URI.spec);
-      return null;
-    }
-    domWin = domWin.top;
-    return domWin;
-  },
-
-  // the lists get made when the urlbar is loading something new, but they
-  // need to be appended to with reference only to the channel
-  getApplicableListForChannel: function(channel) {
-    var domWin = this.getWindowForChannel(channel);
-    return this.getApplicableListForDOMWin(domWin, "on-modify-request w " + domWin);
-  },
-
-  newApplicableListForDOMWin: function(domWin) {
-    if (!domWin || !(domWin instanceof CI.nsIDOMWindow)) {
-      this.log(WARN, "Get alist without domWin");
-      return null;
-    }
-    var dw = domWin.top;
-    var alist = new ApplicableList(this.log,dw.document,dw);
-    this.setExpando(dw,"applicable_rules",alist);
-    return alist;
-  },
-
-  getApplicableListForDOMWin: function(domWin, where) {
-    if (!domWin || !(domWin instanceof CI.nsIDOMWindow)) {
-      //this.log(WARN, "Get alist without domWin");
-      return null;
-    }
-    var dw = domWin.top;
-    var alist= this.getExpando(dw,"applicable_rules",null);
-    if (alist) {
-      //this.log(DBUG,"get AL success in " + where);
-      return alist;
-    } else {
-      //this.log(DBUG, "Making new AL in getApplicableListForDOMWin in " + where);
-      alist = new ApplicableList(this.log,dw.document,dw);
-      this.setExpando(dw,"applicable_rules",alist);
-    }
-    return alist;
-  },
-
-  observe: function(subject, topic, data) {
-    // Top level glue for the nsIObserver API
-    var channel = subject;
-    //this.log(VERB,"Got observer topic: "+topic);
-
-    if (topic == "http-on-modify-request") {
-      if (!(channel instanceof CI.nsIHttpChannel)) return;
-      
-      this.log(DBUG,"Got http-on-modify-request: "+channel.URI.spec);
-      var lst = this.getApplicableListForChannel(channel); // null if no window is associated (ex: xhr)
-      if (channel.URI.spec in https_everywhere_blacklist) {
-        this.log(DBUG, "Avoiding blacklisted " + channel.URI.spec);
-        if (lst) lst.breaking_rule(https_everywhere_blacklist[channel.URI.spec]);
-        else        this.log(NOTE,"Failed to indicate breakage in content menu");
-        return;
-      }
-      HTTPS.replaceChannel(lst, channel);
-    } else if (topic == "http-on-examine-response") {
-         this.log(DBUG, "Got http-on-examine-response @ "+ (channel.URI ? channel.URI.spec : '') );
-         HTTPS.handleSecureCookies(channel);
-    } else if (topic == "http-on-examine-merged-response") {
-         this.log(DBUG, "Got http-on-examine-merged-response ");
-         HTTPS.handleSecureCookies(channel);
-    } else if (topic == "cookie-changed") {
-      // Javascript can add cookies via document.cookie that are insecure.
-      if (data == "added" || data == "changed") {
-        // subject can also be an nsIArray! bleh.
-        try {
-          subject.QueryInterface(CI.nsIArray);
-          var elems = subject.enumerate();
-          while (elems.hasMoreElements()) {
-            var cookie = elems.getNext()
-                            .QueryInterface(CI.nsICookie2);
-            if (!cookie.isSecure) {
-              HTTPS.handleInsecureCookie(cookie);
-            }
-          }
-        } catch(e) {
-          subject.QueryInterface(CI.nsICookie2);
-          if(!subject.isSecure) {
-            HTTPS.handleInsecureCookie(subject);
-          }
-        }
-      }
-    } else if (topic == "profile-before-change") {
-      this.log(INFO, "Got profile-before-change");
-      var catman = Components.classes["@mozilla.org/categorymanager;1"]
-           .getService(Components.interfaces.nsICategoryManager);
-      catman.deleteCategoryEntry("net-channel-event-sinks", SERVICE_CTRID, true);
-      Thread.hostRunning = false;
-    } else if (topic == "profile-after-change") {
-      this.log(DBUG, "Got profile-after-change");
-      
-      if(this.prefs.getBoolPref("globalEnabled")){
-        OS.addObserver(this, "cookie-changed", false);
-        OS.addObserver(this, "http-on-modify-request", false);
-        OS.addObserver(this, "http-on-examine-merged-response", false);
-        OS.addObserver(this, "http-on-examine-response", false);
-        
-        var dls = CC['@mozilla.org/docloaderservice;1']
-            .getService(CI.nsIWebProgress);
-        dls.addProgressListener(this, CI.nsIWebProgress.NOTIFY_LOCATION);
-        this.log(INFO,"ChannelReplacement.supported = "+ChannelReplacement.supported);
-
-        HTTPSRules.init();
-
-        Thread.hostRunning = true;
-        var catman = Components.classes["@mozilla.org/categorymanager;1"]
-           .getService(Components.interfaces.nsICategoryManager);
-        // hook on redirections (non persistent, otherwise crashes on 1.8.x)
-        catman.addCategoryEntry("net-channel-event-sinks", SERVICE_CTRID,
-            SERVICE_CTRID, false, true);
-      }
-    } else if (topic == "sessionstore-windows-restored") {
-      this.log(DBUG,"Got sessionstore-windows-restored");
-      this.maybeShowObservatoryPopup();
-      this.maybeShowDevPopup();
-    } else if (topic == "nsPref:changed") {
-        // If the user toggles the Mixed Content Blocker settings, reload the rulesets
-        // to enable/disable the mixedcontent ones
-        switch (data) {
-            case "security.mixed_content.block_active_content":
-            case "extensions.https_everywhere.enable_mixed_rulesets":
-                HTTPSRules.init();
-                break;
-        }
-    }
-    return;
-  },
-
-  maybeShowObservatoryPopup: function() {
-    // Show the popup at most once.  Users who enabled the Observatory before
-    // a version that would have shown it to them, don't need to see it
-    // again.
-    var ssl_observatory = CC["@eff.org/ssl-observatory;1"]
-                      .getService(Components.interfaces.nsISupports)
-                      .wrappedJSObject;
-    var shown = ssl_observatory.myGetBoolPref("popup_shown");
-    var enabled = ssl_observatory.myGetBoolPref("enabled");
-    var that = this;
-    var obs_popup_callback = function(result) {
-      if (result) that.log(INFO, "Got positive proxy test.");
-      else        that.log(INFO, "Got negative proxy text.");
-      // We are now ready to show the popup in its most informative state
-      that.chrome_opener("chrome://https-everywhere/content/observatory-popup.xul");
-    };
-    if (!shown && !enabled)
-      ssl_observatory.registerProxyTestNotification(obs_popup_callback);
-  },
-
-  maybeShowDevPopup: function() {
-    /*
-     * Users who installed 3.3.2 accidentally got upgraded to the
-     * dev branch. We need to push this code to a dev release so
-     * that they get a popup letting them know that they can switch
-     * back to the stable branch if they want.
-     */
-    var was_stable = true;
-    var shown = this.prefs.getBoolPref("dev_popup_shown");
-    try {
-      // this pref should exist only for people who used to be stable
-      // since getExperimentalFeatureCohort was never run in the
-      // development channel
-      this.prefs.getIntPref("experimental_feature_cohort");
-    } catch(e) {
-      was_stable = false;
-    }
-    if (was_stable && !shown) {
-      this.tab_opener("chrome://https-everywhere/content/dev-popup.xul");
-    }
-  },
-
-  getExperimentalFeatureCohort: function() {
-    // This variable is used for gradually turning on features for testing and
-    // scalability purposes.  It is a random integer [0,N_COHORTS) generated
-    // once and stored thereafter.
-    // 
-    // This is not currently used/called in the development branch
-    var cohort;
-    try {
-      cohort = this.prefs.getIntPref("experimental_feature_cohort");
-    } catch(e) {
-      cohort = Math.round(Math.random() * N_COHORTS);
-      this.prefs.setIntPref("experimental_feature_cohort", cohort);
-    }
-    return cohort;
-  },
-
-  // nsIChannelEventSink implementation
-  // XXX This was here for rewrites in the past.  Do we still need it?
-  onChannelRedirect: function(oldChannel, newChannel, flags) {  
-    const uri = newChannel.URI;
-    this.log(DBUG,"Got onChannelRedirect to "+uri.spec);
-    if (!(newChannel instanceof CI.nsIHttpChannel)) {
-      this.log(DBUG, newChannel + " is not an instance of nsIHttpChannel");
-      return;
-    }
-    var alist = this.juggleApplicableListsDuringRedirection(oldChannel, newChannel);
-    HTTPS.replaceChannel(alist,newChannel);
-  },
-
-  juggleApplicableListsDuringRedirection: function(oldChannel, newChannel) {
-    // If the new channel doesn't yet have a list of applicable rulesets, start
-    // with the old one because that's probably a better representation of how
-    // secure the load process was for this page
-    var domWin = this.getWindowForChannel(oldChannel);
-    var old_alist = null;
-    if (domWin) 
-      old_alist = this.getExpando(domWin,"applicable_rules", null);
-    domWin = this.getWindowForChannel(newChannel);
-    if (!domWin) return null;
-    var new_alist = this.getExpando(domWin,"applicable_rules", null);
-    if (old_alist && !new_alist) {
-      new_alist = old_alist;
-      this.setExpando(domWin,"applicable_rules",new_alist);
-    } else if (!new_alist) {
-      new_alist = new ApplicableList(this.log, domWin.document, domWin);
-      this.setExpando(domWin,"applicable_rules",new_alist);
-    }
-    return new_alist;
-  },
-
-  asyncOnChannelRedirect: function(oldChannel, newChannel, flags, callback) {
-        this.onChannelRedirect(oldChannel, newChannel, flags);
-        callback.onRedirectVerifyCallback(0);
-  },
-
-  get_prefs: function(prefBranch) {
-    if(!prefBranch) prefBranch = PREFBRANCH_ROOT;
-
-    // get our preferences branch object
-    // FIXME: Ugly hack stolen from https
-    var branch_name;
-    if(prefBranch == PREFBRANCH_RULE_TOGGLE)
-      branch_name = "extensions.https_everywhere.rule_toggle.";
-    else
-      branch_name = "extensions.https_everywhere.";
-    var o_prefs = false;
-    var o_branch = false;
-    // this function needs to be called from inside https_everywhereLog, so
-    // it needs to do its own logging...
-    var econsole = Components.classes["@mozilla.org/consoleservice;1"]
-      .getService(Components.interfaces.nsIConsoleService);
-
-    o_prefs = Components.classes["@mozilla.org/preferences-service;1"]
-                        .getService(Components.interfaces.nsIPrefService);
-
-    if (!o_prefs)
-    {
-      econsole.logStringMessage("HTTPS Everywhere: Failed to get preferences-service!");
-      return false;
-    }
-
-    o_branch = o_prefs.getBranch(branch_name);
-    if (!o_branch)
-    {
-      econsole.logStringMessage("HTTPS Everywhere: Failed to get prefs branch!");
-      return false;
-    }
-
-    if(prefBranch == PREFBRANCH_ROOT) {
-      // make sure there's an entry for our log level
-      try {
-        o_branch.getIntPref(LLVAR);
-      } catch (e) {
-        econsole.logStringMessage("Creating new about:config https_everywhere.LogLevel variable");
-        o_branch.setIntPref(LLVAR, WARN);
-      }
-    }
-
-    return o_branch;
-  },
-
-  chrome_opener: function(uri, args) {
-    // we don't use window.open, because we need to work around TorButton's 
-    // state control
-    args = args || 'chrome,centerscreen';
-    return CC['@mozilla.org/appshell/window-mediator;1']
-      .getService(CI.nsIWindowMediator) 
-      .getMostRecentWindow('navigator:browser')
-      .open(uri,'', args );
-  },
-
-  tab_opener: function(uri) {
-    var gb = CC['@mozilla.org/appshell/window-mediator;1']
-      .getService(CI.nsIWindowMediator) 
-      .getMostRecentWindow('navigator:browser')
-      .gBrowser;
-    var tab = gb.addTab(uri);
-    gb.selectedTab = tab;
-    return tab;
-  },
-
-  toggleEnabledState: function() {
-    if(this.prefs.getBoolPref("globalEnabled")){    
-        try{    
-            this.obsService.removeObserver(this, "profile-before-change");
-            this.obsService.removeObserver(this, "profile-after-change");
-            this.obsService.removeObserver(this, "sessionstore-windows-restored");      
-            OS.removeObserver(this, "cookie-changed");
-            OS.removeObserver(this, "http-on-modify-request");
-            OS.removeObserver(this, "http-on-examine-merged-response");
-            OS.removeObserver(this, "http-on-examine-response");  
-            
-            var catman = Components.classes["@mozilla.org/categorymanager;1"]
-           .getService(Components.interfaces.nsICategoryManager);
-            catman.deleteCategoryEntry("net-channel-event-sinks", SERVICE_CTRID, true);
-                        
-            var dls = CC['@mozilla.org/docloaderservice;1']
-            .getService(CI.nsIWebProgress);
-            dls.removeProgressListener(this);
-            
-            this.prefs.setBoolPref("globalEnabled", false);
-        }
-        catch(e){
-            this.log(WARN, "Couldn't remove observers: " + e);          
-        }
-    }
-    else{   
-        try{      
-            this.obsService.addObserver(this, "profile-before-change", false);
-            this.obsService.addObserver(this, "profile-after-change", false);
-            this.obsService.addObserver(this, "sessionstore-windows-restored", false);      
-            OS.addObserver(this, "cookie-changed", false);
-            OS.addObserver(this, "http-on-modify-request", false);
-            OS.addObserver(this, "http-on-examine-merged-response", false);
-            OS.addObserver(this, "http-on-examine-response", false);  
-            
-            var dls = CC['@mozilla.org/docloaderservice;1']
-            .getService(CI.nsIWebProgress);
-            dls.addProgressListener(this, CI.nsIWebProgress.NOTIFY_LOCATION);
-            
-            this.log(INFO,"ChannelReplacement.supported = "+ChannelReplacement.supported);
-
-            if(!Thread.hostRunning)
-                Thread.hostRunning = true;
-            
-            var catman = Components.classes["@mozilla.org/categorymanager;1"]
-            .getService(Components.interfaces.nsICategoryManager);
-            // hook on redirections (non persistent, otherwise crashes on 1.8.x)
-            catman.addCategoryEntry("net-channel-event-sinks", SERVICE_CTRID,
-                SERVICE_CTRID, false, true);            
-            
-            HTTPSRules.init();          
-            this.prefs.setBoolPref("globalEnabled", true);
-        }
-        catch(e){
-            this.log(WARN, "Couldn't add observers: " + e);         
-        }
-    }
-  }
-};
-
-var prefs = 0;
-var econsole = 0;
-function https_everywhereLog(level, str) {
-  if (prefs == 0) {
-    prefs = HTTPSEverywhere.instance.get_prefs();
-    econsole = Components.classes["@mozilla.org/consoleservice;1"]
-               .getService(Components.interfaces.nsIConsoleService);
-  } 
-  try {
-    var threshold = prefs.getIntPref(LLVAR);
-  } catch (e) {
-    econsole.logStringMessage( "HTTPS Everywhere: Failed to read about:config LogLevel");
-    threshold = WARN;
-  }
-  if (level >= threshold) {
-    dump(str+"\n");
-    econsole.logStringMessage("HTTPS Everywhere: " +str);
-  }
-}
-
-/**
-* XPCOMUtils.generateNSGetFactory was introduced in Mozilla 2 (Firefox 4).
-* XPCOMUtils.generateNSGetModule is for Mozilla 1.9.2 (Firefox 3.6).
-*/
-if (XPCOMUtils.generateNSGetFactory)
-    var NSGetFactory = XPCOMUtils.generateNSGetFactory([HTTPSEverywhere]);
-else
-    var NSGetModule = XPCOMUtils.generateNSGetModule([HTTPSEverywhere]);
-
-/* vim: set tabstop=4 expandtab: */
diff --git a/src/components/ssl-observatory.js b/src/components/ssl-observatory.js
deleted file mode 100644
index bb92a2d3bc14..000000000000
--- a/src/components/ssl-observatory.js
+++ /dev/null
@@ -1,900 +0,0 @@
-const Ci = Components.interfaces;
-const Cc = Components.classes;
-const Cr = Components.results;
-
-const CI = Components.interfaces;
-const CC = Components.classes;
-const CR = Components.results;
-
-// Log levels
-VERB=1;
-DBUG=2;
-INFO=3;
-NOTE=4;
-WARN=5;
-
-BASE_REQ_SIZE=4096;
-MAX_OUTSTANDING = 20; // Max # submission XHRs in progress
-MAX_DELAYED = 32;     // Max # XHRs are waiting around to be sent or retried 
-TIMEOUT = 60000;
-
-ASN_PRIVATE = -1;     // Do not record the ASN this cert was seen on
-ASN_IMPLICIT = -2;     // ASN can be learned from connecting IP
-ASN_UNKNOWABLE = -3;  // Cert was seen in the absence of [trustworthy] Internet access
-
-// XXX: We should make the _observatory tree relative.
-LLVAR="extensions.https_everywhere.LogLevel";
-
-Components.utils.import("resource://gre/modules/XPCOMUtils.jsm");
-Components.utils.import("resource://gre/modules/ctypes.jsm");
-
-
-const OS = Cc['@mozilla.org/observer-service;1'].getService(CI.nsIObserverService);
-
-const SERVICE_CTRID = "@eff.org/ssl-observatory;1";
-const SERVICE_ID=Components.ID("{0f9ab521-986d-4ad8-9c1f-6934e195c15c}");
-const SERVICE_NAME = "Anonymously Submits SSL certificates to EFF for security auditing.";
-const LOADER = CC["@mozilla.org/moz/jssubscript-loader;1"].getService(CI.mozIJSSubScriptLoader);
-
-const _INCLUDED = {};
-
-const INCLUDE = function(name) {
-  if (arguments.length > 1)
-    for (var j = 0, len = arguments.length; j < len; j++)
-      INCLUDE(arguments[j]);
-  else if (!_INCLUDED[name]) {
-    try {
-      LOADER.loadSubScript("chrome://https-everywhere/content/code/"
-              + name + ".js");
-      _INCLUDED[name] = true;
-    } catch(e) {
-      dump("INCLUDE " + name + ": " + e + "\n");
-    }
-  }
-};
-
-INCLUDE('Root-CAs');
-INCLUDE('sha256');
-INCLUDE('X509ChainWhitelist');
-INCLUDE('NSS');
-
-function SSLObservatory() {
-  this.prefs = CC["@mozilla.org/preferences-service;1"]
-        .getService(CI.nsIPrefBranch);
-
-  try {
-    // Check for torbutton
-    this.tor_logger = CC["@torproject.org/torbutton-logger;1"]
-          .getService(CI.nsISupports).wrappedJSObject;
-    this.torbutton_installed = true;
-  } catch(e) {
-    this.torbutton_installed = false;
-  }
-
-  /* The proxy test result starts out null until the test is attempted.
-   * This is for UI notification purposes */
-  this.proxy_test_successful = null;
-  this.proxy_test_callback = null;
-  this.cto_url = "https://check.torproject.org/?TorButton=true";
-  // a regexp to match the above URL
-  this.cto_regexp = RegExp("^https://check\\.torproject\\.org/");
-
-  this.public_roots = root_ca_hashes;
-
-  // Clear these on cookies-cleared observer event
-  this.already_submitted = {};
-  this.delayed_submissions = {};
-  OS.addObserver(this, "cookie-changed", false);
-
-  // Figure out the url to submit to
-  this.submit_host = null;
-  this.findSubmissionTarget();
-
-  // Used to track current number of pending requests to the server
-  this.current_outstanding_requests = 0;
-
-  // Generate nonce to append to url, to catch in nsIProtocolProxyFilter
-  // and to protect against CSRF
-  this.csrf_nonce = "#"+Math.random().toString()+Math.random().toString();
-
-  this.compatJSON = Cc["@mozilla.org/dom/json;1"].createInstance(Ci.nsIJSON);
-
-  // Register observer
-  OS.addObserver(this, "http-on-examine-response", false);
-
-  // Register protocolproxyfilter
-  this.pps = CC["@mozilla.org/network/protocol-proxy-service;1"]
-                    .getService(CI.nsIProtocolProxyService);
-
-  this.pps.registerFilter(this, 0);
-  this.wrappedJSObject = this;
-
-  this.client_asn = ASN_PRIVATE;
-  if (this.myGetBoolPref("send_asn")) 
-    this.setupASNWatcher();
-
-  try {
-    NSS.initialize("");
-  } catch(e) {
-    this.log(WARN, "Failed to initialize NSS component:" + e);
-  }
-
-  this.testProxySettings();
-
-  this.log(DBUG, "Loaded observatory component!");
-}
-
-SSLObservatory.prototype = {
-  // QueryInterface implementation, e.g. using the generateQI helper
-  QueryInterface: XPCOMUtils.generateQI(
-    [ CI.nsIObserver,
-      CI.nsIProtocolProxyFilter,
-      //CI.nsIWifiListener,
-      CI.nsIBadCertListener2]),
-
-  wrappedJSObject: null,  // Initialized by constructor
-
-  // properties required for XPCOM registration:
-  classDescription: SERVICE_NAME,
-  classID:          SERVICE_ID,
-  contractID:       SERVICE_CTRID,
-
-  // https://developer.mozilla.org/En/How_to_check_the_security_state_of_an_XMLHTTPRequest_over_SSL
-  getSSLCert: function(channel) {
-    try {
-        // Do we have a valid channel argument?
-        if (!channel instanceof Ci.nsIChannel) {
-            return null;
-        }
-        var secInfo = channel.securityInfo;
-
-        // Print general connection security state
-        if (secInfo instanceof Ci.nsITransportSecurityInfo) {
-            secInfo.QueryInterface(Ci.nsITransportSecurityInfo);
-        } else {
-            return null;
-        }
-
-        if (secInfo instanceof Ci.nsISSLStatusProvider) {
-            return secInfo.QueryInterface(Ci.nsISSLStatusProvider).
-                   SSLStatus.QueryInterface(Ci.nsISSLStatus).serverCert;
-        }
-        return null;
-    } catch(err) {
-      return null;
-    }
-  },
-
-  findSubmissionTarget: function() {
-    // Compute the URL that the Observatory will currently submit to
-    var host = this.prefs.getCharPref("extensions.https_everywhere._observatory.server_host");
-    // Rebuild the regexp iff the host has changed
-    if (host != this.submit_host) {
-      this.submit_host = host;
-      this.submit_url = "https://" + host + "/submit_cert";
-      this.submission_regexp = RegExp("^" + this.regExpEscape(this.submit_url));
-    }
-  },
-
-  regExpEscape: function(s) {
-    // Borrowed from the Closure Library,
-    // https://closure-library.googlecode.com/svn/docs/closure_goog_string_string.js.source.html
-     return String(s).replace(/([-()\[\]{}+?*.$\^|,:#<!\\])/g, '\\$1').replace(/\x08/g, '\\x08');
-  },
-
-  notifyCertProblem: function(socketInfo, status, targetSite) {
-    this.log(NOTE, "cert warning for " + targetSite);
-    if (targetSite == "observatory.eff.org") {
-      this.log(WARN, "Surpressing observatory warning");
-      return true;
-    }
-    return false;
-  },
-
-  setupASNWatcher: function() {
-    this.getClientASN();
-    this.max_ap = null;
-
-    // we currently do not actually do *any* ASN watching from the client
-    // (in other words, the db will not have ASNs for certs submitted 
-    // through Tor, even if the user checks the "send ASN" option)
-    // all of this code for guessing at changes in our public IP via WiFi hints
-    // is therefore disabled
-    /*
-    // Observe network changes to get new ASNs
-    OS.addObserver(this, "network:offline-status-changed", false);
-    var pref_service = Cc["@mozilla.org/preferences-service;1"]
-        .getService(Ci.nsIPrefBranchInternal);
-    var proxy_branch = pref_service.QueryInterface(Ci.nsIPrefBranchInternal);
-    proxy_branch.addObserver("network.proxy", this, false);
-
-    try {
-      var wifi_service = Cc["@mozilla.org/wifi/monitor;1"].getService(Ci.nsIWifiMonitor);
-      wifi_service.startWatching(this);
-    } catch(e) {
-      this.log(INFO, "Failed to register ASN change monitor: "+e);
-    }*/
-  },
-
-  stopASNWatcher: function() {
-    this.client_asn = ASN_PRIVATE;
-    /*
-    // unhook the observers we registered above
-    OS.removeObserver(this, "network:offline-status-changed");
-    var pref_service = Cc["@mozilla.org/preferences-service;1"]
-        .getService(Ci.nsIPrefBranchInternal);
-    var proxy_branch = pref_service.QueryInterface(Ci.nsIPrefBranchInternal);
-    proxy_branch.removeObserver(this, "network.proxy");
-    try {
-      var wifi_service = Cc["@mozilla.org/wifi/monitor;1"].getService(Ci.nsIWifiMonitor);
-      wifi_service.stopWatching(this);
-    } catch(e) {
-      this.log(WARN, "Failed to stop wifi state monitor: "+e);
-    }*/
-  },
-
-  getClientASN: function() {
-    // Fetch a new client ASN..
-    if (!this.myGetBoolPref("send_asn")) {
-      this.client_asn = ASN_PRIVATE;
-      return;
-    }
-    else if (!this.torbutton_installed) {
-      this.client_asn = ASN_IMPLICIT;
-      return;
-    }
-    // XXX As a possible base case: the user is running Tor, is not using
-    // bridges, and has send_asn enabled: should we ping an eff.org URL to
-    // learn our ASN?
-    return;
-  },
-
-  /*
-  // Wifi status listener
-  onChange: function(accessPoints) {
-    try {
-      var max_ap = accessPoints[0].mac;
-    } catch(e) {
-      return null;  // accessPoints[0] is undefined
-    }
-    var max_signal = accessPoints[0].signal;
-    var old_max_present = false;
-    for (var i=0; i<accessPoints.length; i++) {
-      if (accessPoints[i].mac == this.max_ap) {
-        old_max_present = true;
-      }
-      if (accessPoints[i].signal > max_signal) {
-        max_ap = accessPoints[i].mac;
-        max_signal = accessPoints[i].signal;
-      }
-    }
-    this.max_ap = max_ap;
-    if (!old_max_present) {
-      this.log(INFO, "Old access point is out of range. Getting new ASN");
-      this.getClientASN();
-    } else {
-      this.log(DBUG, "Old access point is still in range.");
-    }
-  },
-
-  // Wifi status listener
-  onError: function(value) {
-    // XXX: Do we care?
-    this.log(NOTE, "ASN change observer got an error: "+value);
-    this.getClientASN();
-  },
-  */
-
-  ourFingerprint: function(cert) {
-    // Calculate our custom fingerprint from an nsIX509Cert
-    return (cert.md5Fingerprint+cert.sha1Fingerprint).replace(":", "", "g");
-  },
-
-  observe: function(subject, topic, data) {
-    if (topic == "cookie-changed" && data == "cleared") {
-      this.already_submitted = {};
-      this.delayed_submissions = {};
-      this.log(INFO, "Cookies were cleared. Purging list of pending and already submitted certs");
-      return;
-    }
-
-    if (topic == "nsPref:changed") {
-      // XXX: We somehow need to only call this once. Right now, we'll make
-      // like 3 calls to getClientASN().. The only thing I can think
-      // of is a timer...
-      if (data == "network.proxy.ssl" || data == "network.proxy.ssl_port" ||
-          data == "network.proxy.socks" || data == "network.proxy.socks_port") {
-        this.log(INFO, "Proxy settings have changed. Getting new ASN");
-        this.getClientASN();
-      }
-      return;
-    }
-
-    if (topic == "network:offline-status-changed" && data == "online") {
-      this.log(INFO, "Browser back online. Getting new ASN.");
-      this.getClientASN();
-      return;
-    }
-
-    if ("http-on-examine-response" == topic) {
-
-      if (!this.observatoryActive()) return;
-
-      var host_ip = "-1";
-      var httpchannelinternal = subject.QueryInterface(Ci.nsIHttpChannelInternal);
-      try { 
-        host_ip = httpchannelinternal.remoteAddress;
-      } catch(e) {
-          this.log(INFO, "Could not get server IP address.");
-      }
-      subject.QueryInterface(Ci.nsIHttpChannel);
-      var certchain = this.getSSLCert(subject);
-      if (certchain) {
-        var chainEnum = certchain.getChain();
-        var chainArray = [];
-        var chainArrayFpStr = '';
-        var fps = [];
-        for(var i = 0; i < chainEnum.length; i++) {
-          var cert = chainEnum.queryElementAt(i, Ci.nsIX509Cert);
-          chainArray.push(cert);
-          var fp = this.ourFingerprint(cert);
-          fps.push(fp);
-          chainArrayFpStr = chainArrayFpStr + fp;
-        }
-        var chain_hash = sha256_digest(chainArrayFpStr).toUpperCase();
-        this.log(INFO, "SHA-256 hash of cert chain for "+new String(subject.URI.host)+" is "+ chain_hash);
-
-        if(!this.myGetBoolPref("use_whitelist")) {
-          this.log(WARN, "Not using whitelist to filter cert chains.");
-        }
-        else if (this.isChainWhitelisted(chain_hash)) {
-          this.log(INFO, "This cert chain is whitelisted. Not submitting.");
-          return;
-        }
-        else {
-          this.log(INFO, "Cert chain is NOT whitelisted. Proceeding with submission.");
-        }
-
-        if (subject.URI.port == -1) {
-            this.submitChain(chainArray, fps, new String(subject.URI.host), subject, host_ip, false);
-        } else {
-            this.submitChain(chainArray, fps, subject.URI.host+":"+subject.URI.port, subject, host_ip, false);
-        }
-      }
-    }
-  },
-
-  observatoryActive: function() {
-                         
-    if (!this.myGetBoolPref("enabled"))
-      return false;
-
-    if (this.torbutton_installed && this.proxy_test_successful) {
-      // Allow Tor users to choose if they want to submit
-      // during tor and/or non-tor
-      if (this.myGetBoolPref("submit_during_tor") && 
-           this.prefs.getBoolPref("extensions.torbutton.tor_enabled")) 
-        return true;
-
-      if (this.myGetBoolPref("submit_during_nontor") && 
-          !this.prefs.getBoolPref("extensions.torbutton.tor_enabled")) 
-        return true;
-
-      return false;
-    }
-
-    if (this.proxy_test_successful) {
-      return true;
-    } else if (this.myGetBoolPref("use_custom_proxy")) {
-      // no torbutton; the custom proxy is probably the user opting to
-      // submit certs without strong anonymisation.  Because the
-      // anonymisation is weak, we avoid submitting during private browsing
-      // mode.
-      try {
-        var pbs = CC["@mozilla.org/privatebrowsing;1"].getService(CI.nsIPrivateBrowsingService);
-        if (pbs.privateBrowsingEnabled) return false;
-      } catch (e) { /* seamonkey or old firefox */ }
-    
-      return true;
-    }
-
-    return false;
-  },
-
-  myGetBoolPref: function(prefstring) {
-    // syntactic sugar
-    return this.prefs.getBoolPref ("extensions.https_everywhere._observatory." + prefstring);
-  },
-
-  isChainWhitelisted: function(chainhash) {
-    if (X509ChainWhitelist == null) {
-      this.log(WARN, "Could not find whitelist of popular certificate chains, so ignoring whitelist");
-      return false;
-    }
-    if (X509ChainWhitelist[chainhash] != null) {
-      return true;
-    }
-    return false;
-  },
-
-  findRootInChain: function(certArray) {
-    // Return the position in the chain Array of the/a root CA
-    var rootidx = -1;
-    var nextInChain = certArray[0].issuer;
-    for (var i = 0; i < certArray.length; i++) {
-      // Find the next cert in the valid chain
-      if (certArray[i].equals(nextInChain)) {
-        if (certArray[i].issuerName == certArray[i].subjectName) {
-          // All X509 root certs are self-signed
-          this.log(INFO, "Got root cert at position: "+i);
-          rootidx = i;
-          break;
-        } else {
-          // This is an intermediate CA cert; keep looking for the root
-          nextInChain = certArray[i].issuer;
-        }
-      }
-    }
-    return rootidx;
-  },
-
-  processConvergenceChain: function(chain) {
-    // Make sure the chain we're working with is sane, even if Convergence is
-    // present.
-
-    // Convergence currently performs MITMs against the Firefox in order to
-    // get around https://bugzilla.mozilla.org/show_bug.cgi?id=644640.  The
-    // end-entity cert produced by Convergence contains a copy of the real
-    // end-entity cert inside an X509v3 extension.  We extract this and send
-    // it rather than the Convergence certs.
-    var convergence = Components.classes['@thoughtcrime.org/convergence;1'];
-    if (!convergence) return null;
-    convergence = convergence.getService().wrappedJSObject;
-    if (!convergence || !convergence.enabled) return null;
-
-    this.log(INFO, "Convergence uses its own internal root certs; not submitting those");
-    
-    //this.log(WARN, convergence.certificateStatus.getVerificiationStatus(chain.certArray[0]));
-    try {
-      var certInfo = this.extractRealLeafFromConveregenceLeaf(chain.certArray[0]);
-      var b64Cert = certInfo["certificate"];
-      var certDB = Cc["@mozilla.org/security/x509certdb;1"].getService(Ci.nsIX509CertDB);
-      chain.leaf = certDB.constructX509FromBase64(b64Cert);
-      chain.certArray = [chain.leaf];
-      chain.fps = [this.ourFingerprint(chain.leaf)];
-    } catch (e) {
-      this.log(WARN, "Failed to extract leaf cert from Convergence cert " + e);
-      chain.certArray = chain.certArray.slice(0,1);
-      chain.fps = chain.fps.slice(0,1);
-    }
-
-  },
-
-  extractRealLeafFromConveregenceLeaf: function(certificate) {
-    // Copied from Convergence's CertificateStatus.getVerificiationStatus
-    var len = {};
-    var derEncoding = certificate.getRawDER(len);
-
-    var derItem = NSS.types.SECItem();
-    derItem.data = NSS.lib.ubuffer(derEncoding);
-    derItem.len = len.value;
-
-    var completeCertificate = NSS.lib.CERT_DecodeDERCertificate(derItem.address(), 1, null);
-
-    var extItem = NSS.types.SECItem();
-    var status = NSS.lib.CERT_FindCertExtension(completeCertificate, 
-                                                NSS.lib.SEC_OID_NS_CERT_EXT_COMMENT, 
-                                                extItem.address());
-    if (status != -1) {
-      var encoded = '';
-      var asArray = ctypes.cast(extItem.data, ctypes.ArrayType(ctypes.unsigned_char, extItem.len).ptr).contents;
-      var marker = false;
-
-      for (var i=0;i<asArray.length;i++) {
-        if (marker) {
-          encoded += String.fromCharCode(asArray[i]);
-        } else if (asArray[i] == 0x00) {
-          marker = true;
-        }
-      }
-
-      return JSON.parse(encoded);
-    }
-  },
-
-  shouldSubmit: function(chain, domain) {
-    // Return true if we should submit this chain to the SSL Observatory
-    var rootidx = this.findRootInChain(chain.certArray);
-    var ss = false;  // ss: self-signed
-
-    if (chain.leaf.issuerName == chain.leaf.subjectName) 
-      ss = true;
-
-    if (!this.myGetBoolPref("self_signed") && ss) {
-      this.log(INFO, "Not submitting self-signed cert for " + domain);
-      return false;
-    }
-
-    if (!ss && !this.myGetBoolPref("alt_roots")) {
-      if (rootidx == -1) {
-        // A cert with an unknown/absent Issuer.  Out of caution, don't submit these
-        this.log(INFO, "Cert for " + domain + " issued by unknown CA " +
-                 chain.leaf.issuerName + " (not submitting due to settings)");
-        return false;
-      } else if (!(chain.fps[rootidx] in this.public_roots)) {
-        // A cert with a known but non-public Issuer
-        this.log(INFO, "Got a private root cert. Ignoring domain "
-                 +domain+" with root "+chain.fps[rootidx]);
-        return false;
-      }
-    }
-
-    if (chain.fps[0] in this.already_submitted) {
-      this.log(INFO, "Already submitted cert for "+domain+". Ignoring");
-      return false;
-    }
-    return true;
-  },
-
-  submitChain: function(certArray, fps, domain, channel, host_ip, resubmitting) {
-    var base64Certs = [];
-    // Put all this chain data in one object so that it can be modified by
-    // subroutines if required
-    var c = {}; c.certArray = certArray; c.fps = fps; c.leaf = certArray[0];
-    this.processConvergenceChain(c);
-    if (!this.shouldSubmit(c,domain)) return;
-
-    // only try to submit now if there aren't too many outstanding requests
-    if (this.current_outstanding_requests > MAX_OUTSTANDING) {
-      this.log(WARN, "Too many outstanding requests ("+this.current_outstanding_requests+"), not submitting");
-
-      // if there are too many current requests but not too many
-      // delayed/pending ones, then delay this one
-      if (Object.keys(this.delayed_submissions).length < MAX_DELAYED)
-        if (!(c.fps[0] in this.delayed_submissions)) {
-          this.log(WARN, "Planning to retry submission...");
-          let retry = function() { this.submitChain(certArray, fps, domain, channel, host_ip, true); };
-          this.delayed_submissions[c.fps[0]] = retry;
-        }
-      return;
-    }
-
-    for (var i = 0; i < c.certArray.length; i++) {
-      var len = new Object();
-      var derData = c.certArray[i].getRawDER(len);
-      let result = "";
-      for (let j = 0, dataLength = derData.length; j < dataLength; ++j) 
-        result += String.fromCharCode(derData[j]);
-      base64Certs.push(btoa(result));
-    }
-
-    var reqParams = [];
-    reqParams.push("domain="+domain);
-    reqParams.push("server_ip="+host_ip);
-    if (this.myGetBoolPref("testing")) {
-      reqParams.push("testing=1");
-      // The server can compute these, but they're a nice test suite item!
-      reqParams.push("fplist="+this.compatJSON.encode(c.fps));
-    }
-    reqParams.push("certlist="+this.compatJSON.encode(base64Certs));
-
-    if (resubmitting) {
-      reqParams.push("client_asn="+ASN_UNKNOWABLE);
-    }
-    else {
-      reqParams.push("client_asn="+this.client_asn);
-    }
-
-    if (this.myGetBoolPref("priv_dns")) {
-      reqParams.push("private_opt_in=1");
-    }
-    else {
-      reqParams.push("private_opt_in=0");
-    }
-
-    var params = reqParams.join("&") + "&padding=0";
-    var tot_len = BASE_REQ_SIZE;
-
-    this.log(INFO, "Submitting cert for "+domain);
-    this.log(DBUG, "submit_cert params: "+params);
-
-    // Pad to exp scale. This is done because the distribution of cert sizes
-    // is almost certainly pareto, and definitely not uniform.
-    for (tot_len = BASE_REQ_SIZE; tot_len < params.length; tot_len*=2);
-
-    while (params.length != tot_len) {
-      params += "0";
-    }
-
-    var that = this; // We have neither SSLObservatory nor this in scope in the lambda
-
-    var HTTPSEverywhere = CC["@eff.org/https-everywhere;1"]
-                            .getService(Components.interfaces.nsISupports)
-                            .wrappedJSObject;
-    var win = channel ? HTTPSEverywhere.getWindowForChannel(channel) : null;
-    var req = this.buildRequest(params);
-    req.timeout = TIMEOUT;
-
-    req.onreadystatechange = function(evt) {
-      if (req.readyState == 4) {
-        // pop off one outstanding request
-        that.current_outstanding_requests -= 1;
-        that.log(DBUG, "Popping one off of outstanding requests, current num is: "+that.current_outstanding_requests);
-
-        if (req.status == 200) {
-          that.log(INFO, "Successful cert submission");
-          if (!that.prefs.getBoolPref("extensions.https_everywhere._observatory.cache_submitted")) 
-            if (c.fps[0] in that.already_submitted)
-              delete that.already_submitted[c.fps[0]];
-          
-          // Retry up to two previously failed submissions
-          let n = 0;
-          for (let fp in that.delayed_submissions) {
-            that.log(WARN, "Retrying a submission...");
-            that.delayed_submissions[fp]();
-            delete that.delayed_submissions[fp];
-            if (++n >= 2) break;
-          }
-        } else if (req.status == 403) {
-          that.log(WARN, "The SSL Observatory has issued a warning about this certificate for " + domain);
-          try {
-            var warningObj = JSON.parse(req.responseText);
-            if (win) that.warnUser(warningObj, win, c.certArray[0]);
-          } catch(e) {
-            that.log(WARN, "Failed to process SSL Observatory cert warnings :( " + e);
-            that.log(WARN, req.responseText);
-          }
-        } else {
-          // Submission failed
-          if (c.fps[0] in that.already_submitted)
-            delete that.already_submitted[c.fps[0]];
-          try {
-            that.log(WARN, "Cert submission failure "+req.status+": "+req.responseText);
-          } catch(e) {
-            that.log(WARN, "Cert submission failure and exception: "+e);
-          }
-          // If we don't have too many delayed submissions, and this isn't
-          // (somehow?) one of them, then plan to retry this submission later
-          if (Object.keys(that.delayed_submissions).length < MAX_DELAYED)
-            if (!(c.fps[0] in that.delayed_submissions)) {
-              that.log(WARN, "Planning to retry submission...");
-              let retry = function() { that.submitChain(certArray, fps, domain, channel, host_ip, true); };
-              that.delayed_submissions[c.fps[0]] = retry;
-            }
-
-        }
-      }
-    };
-
-    // Cache this here to prevent multiple submissions for all the content elements.
-    that.already_submitted[c.fps[0]] = true;
-
-    // add one to current outstanding request number
-    that.current_outstanding_requests += 1;
-    that.log(DBUG, "Adding outstanding request, current num is: "+that.current_outstanding_requests);
-    req.send(params);
-  },
-
-  buildRequest: function(params) {
-    var req = Cc["@mozilla.org/xmlextras/xmlhttprequest;1"]
-                 .createInstance(Ci.nsIXMLHttpRequest);
-
-    // We do this again in case the user altered about:config
-    this.findSubmissionTarget();
-    req.open("POST", this.submit_url+this.csrf_nonce, true);
-
-    // Send the proper header information along with the request
-    // Do not set gzip header.. It will ruin the padding
-    req.setRequestHeader("X-Privacy-Info", "EFF SSL Observatory: https://eff.org/r.22c");
-    req.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
-    req.setRequestHeader("Content-length", params.length);
-    req.setRequestHeader("Connection", "close");
-    // Need to clear useragent and other headers..
-    req.setRequestHeader("User-Agent", "");
-    req.setRequestHeader("Accept", "");
-    req.setRequestHeader("Accept-Language", "");
-    req.setRequestHeader("Accept-Encoding", "");
-    req.setRequestHeader("Accept-Charset", "");
-    return req;
-  },
-
-  warnUser: function(warningObj, win, cert) {
-    var aWin = CC['@mozilla.org/appshell/window-mediator;1']
-                 .getService(CI.nsIWindowMediator) 
-                 .getMostRecentWindow('navigator:browser');
-    aWin.openDialog("chrome://https-everywhere/content/observatory-warning.xul",
-                    "","chrome,centerscreen", warningObj, win, cert);
-  },
-
-  registerProxyTestNotification: function(callback_fcn) {
-    if (this.proxy_test_successful != null) {
-      /* Proxy test already ran. Callback immediately. */
-      callback_fcn(this.proxy_test_successful);
-      this.proxy_test_callback = null;
-      return;
-    } else {
-      this.proxy_test_callback = callback_fcn;
-    }
-  },
-
-  testProxySettings: function() {
-    /* Plan:
-     * 1. Launch an async XMLHttpRequest to check.tp.o with magic nonce
-     * 3. Filter the nonce in protocolProxyFilter to use proxy settings
-     * 4. Async result function sets test result status based on check.tp.o
-     */
-    this.proxy_test_successful = null;
-
-    try {
-      var req = Components.classes["@mozilla.org/xmlextras/xmlhttprequest;1"]
-                              .createInstance(Components.interfaces.nsIXMLHttpRequest);
-      var url = this.cto_url + this.csrf_nonce;
-      req.open('GET', url, true);
-      req.channel.loadFlags |= Ci.nsIRequest.LOAD_BYPASS_CACHE;
-      req.overrideMimeType("text/xml");
-      var that = this; // Scope gymnastics for async callback
-      req.onreadystatechange = function (oEvent) {
-        if (req.readyState === 4) {
-          that.proxy_test_successful = false;
-
-          if(req.status == 200) {
-            if(!req.responseXML) {
-              that.log(INFO, "Tor check failed: No XML returned by check service.");
-              return;
-            }
-
-            var result = req.responseXML.getElementById('TorCheckResult');
-            if(result===null) {
-              that.log(INFO, "Tor check failed: Non-XML returned by check service.");
-            } else if(typeof(result.target) == 'undefined' 
-                    || result.target === null) {
-              that.log(INFO, "Tor check failed: Busted XML returned by check service.");
-            } else if(result.target === "success") {
-              that.log(INFO, "Tor check succeeded.");
-              that.proxy_test_successful = true;
-            } else {
-              that.log(INFO, "Tor check failed: "+result.target);
-            }
-          } else {
-            that.log(INFO, "Tor check failed: HTTP Error "+req.status);
-          }
-
-          /* Notify the UI of the test result */
-          if (that.proxy_test_callback) {
-            that.proxy_test_callback(that.proxy_test_successful);
-            that.proxy_test_callback = null;
-          }
-        }
-      };
-      req.send(null);
-    } catch(e) {
-      this.proxy_test_successful = false;
-      if(e.result == 0x80004005) { // NS_ERROR_FAILURE
-        this.log(INFO, "Tor check failed: Proxy not running.");
-      }
-      this.log(INFO, "Tor check failed: Internal error: "+e);
-      if (this.proxy_test_callback) {
-        this.proxy_test_callback(this.proxy_test_successful);
-        this.proxy_test_callback = null;
-      }
-    }
-  },
-
-  getProxySettings: function(testingForTor) {
-    // This may be called either for an Observatory submission, or during a test to see if Tor is
-    // present.  The testingForTor argument is true in the latter case.
-    var proxy_settings = ["direct", "", 0];
-    this.log(INFO,"in getProxySettings()");
-    var custom_proxy_type = this.prefs.getCharPref("extensions.https_everywhere._observatory.proxy_type");
-    if (this.torbutton_installed && this.myGetBoolPref("use_tor_proxy")) {
-      this.log(INFO,"CASE: use_tor_proxy");
-      // extract torbutton proxy settings
-      proxy_settings[0] = "http";
-      proxy_settings[1] = this.prefs.getCharPref("extensions.torbutton.https_proxy");
-      proxy_settings[2] = this.prefs.getIntPref("extensions.torbutton.https_port");
-
-      if (proxy_settings[2] == 0) {
-        proxy_settings[0] = "socks";
-        proxy_settings[1] = this.prefs.getCharPref("extensions.torbutton.socks_host");
-        proxy_settings[2] = this.prefs.getIntPref("extensions.torbutton.socks_port");
-      }
-    /* Regarding the test below:
-     *
-     * custom_proxy_type == "direct" is indicative of the user having selected "submit certs even if
-     * Tor is not available", rather than true custom Tor proxy settings.  So in that case, there's
-     * not much point probing to see if the direct proxy is actually a Tor connection, and
-     * localhost:9050 is a better bet.  People whose networks send all traffc through Tor can just
-     * tell the Observatory to submit certs without Tor.
-     */
-    } else if (this.myGetBoolPref("use_custom_proxy") && !(testingForTor && custom_proxy_type == "direct")) {
-      this.log(INFO,"CASE: use_custom_proxy");
-      proxy_settings[0] = custom_proxy_type;
-      proxy_settings[1] = this.prefs.getCharPref("extensions.https_everywhere._observatory.proxy_host");
-      proxy_settings[2] = this.prefs.getIntPref("extensions.https_everywhere._observatory.proxy_port");
-    } else {
-      /* Take a guess at default tor proxy settings */
-      this.log(INFO,"CASE: try localhost:9050");
-      proxy_settings[0] = "socks";
-      proxy_settings[1] = "localhost";
-      proxy_settings[2] = 9050;
-    }
-    this.log(INFO, "Using proxy: " + proxy_settings);
-    return proxy_settings;
-  },
-
-  applyFilter: function(aProxyService, inURI, aProxy) {
-
-    try {
-      if (inURI instanceof Ci.nsIURI) {
-        var aURI = inURI.QueryInterface(Ci.nsIURI);
-        if (!aURI) this.log(WARN, "Failed to QI to nsIURI!");
-      } else {
-        this.log(WARN, "applyFilter called without URI");
-      }
-    } catch (e) {
-      this.log(WARN, "EXPLOSION: " + e);
-    }
-
-    var isSubmission = this.submission_regexp.test(aURI.spec);
-    var testingForTor = this.cto_regexp.test(aURI.spec);
-
-    if (isSubmission || testingForTor) {
-      if (aURI.path.search(this.csrf_nonce+"$") != -1) {
-
-        this.log(INFO, "Got observatory url + nonce: "+aURI.spec);
-        var proxy_settings = null;
-        var proxy = null;
-
-        // Send it through tor by creating an nsIProxy instance
-        // for the torbutton proxy settings.
-        try {
-          proxy_settings = this.getProxySettings(testingForTor);
-          proxy = this.pps.newProxyInfo(proxy_settings[0], proxy_settings[1],
-                    proxy_settings[2],
-                    Ci.nsIProxyInfo.TRANSPARENT_PROXY_RESOLVES_HOST,
-                    0xFFFFFFFF, null);
-        } catch(e) {
-          this.log(WARN, "Error specifying proxy for observatory: "+e);
-        }
-
-        this.log(INFO, "Specifying proxy: "+proxy);
-
-        // TODO: Use new identity or socks u/p to ensure we get a unique
-        // tor circuit for this request
-        return proxy;
-      }
-    }
-    return aProxy;
-  },
-
-  // [optional] an array of categories to register this component in.
-  // Hack to cause us to get instantiate early
-  _xpcom_categories: [ { category: "profile-after-change" }, ],
-
-  encString: 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/',
-  encStringS: 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_',
-  
-  log: function(level, str) {
-    var econsole = CC["@mozilla.org/consoleservice;1"]
-      .getService(CI.nsIConsoleService);
-    try {
-      var threshold = this.prefs.getIntPref(LLVAR);
-    } catch (e) {
-      econsole.logStringMessage( "SSL Observatory: Failed to read about:config LogLevel");
-      threshold = WARN;
-    }
-    if (level >= threshold) {
-      dump("SSL Observatory: "+str+"\n");
-      econsole.logStringMessage("SSL Observatory: " +str);
-    }
-  }
-};
-
-/**
-* XPCOMUtils.generateNSGetFactory was introduced in Mozilla 2 (Firefox 4).
-* XPCOMUtils.generateNSGetModule is for Mozilla 1.9.2 (Firefox 3.6).
-*/
-if (XPCOMUtils.generateNSGetFactory)
-    var NSGetFactory = XPCOMUtils.generateNSGetFactory([SSLObservatory]);
-else
-    var NSGetModule = XPCOMUtils.generateNSGetModule([SSLObservatory]);
diff --git a/src/defaults/preferences/preferences.js b/src/defaults/preferences/preferences.js
deleted file mode 100644
index ff2fe3a88bb0..000000000000
--- a/src/defaults/preferences/preferences.js
+++ /dev/null
@@ -1,40 +0,0 @@
-pref("extensions.https_everywhere.LogLevel", 5);
-pref("extensions.https_everywhere.globalEnabled",true);
-
-// this is the HTTPS Everywhere preferences version (for migrations)
-pref("extensions.https_everywhere.prefs_version", 0);
-
-// this is a popup asking whether the user really meant to be on the dev branch
-pref("extensions.https_everywhere.dev_popup_shown", false);
-
-// show ruleset tests in the menu
-pref("extensions.https_everywhere.show_ruleset_tests", false);
-
-// enable rulesets that trigger mixed content blocking
-pref("extensions.https_everywhere.enable_mixed_rulesets", false);
-
-// SSl Observatory preferences
-pref("extensions.https_everywhere._observatory.enabled",false);
-
-// "testing" currently means send unecessary fingerprints and other test-suite
-// type stuff
-pref("extensions.https_everywhere._observatory.testing",false);
-
-pref("extensions.https_everywhere._observatory.server_host","observatory.eff.org");
-pref("extensions.https_everywhere._observatory.use_tor_proxy",true);
-pref("extensions.https_everywhere._observatory.submit_during_tor",true);
-pref("extensions.https_everywhere._observatory.submit_during_nontor",true);
-
-pref("extensions.https_everywhere._observatory.cache_submitted",true);
-
-pref("extensions.https_everywhere._observatory.use_custom_proxy",false);
-pref("extensions.https_everywhere._observatory.popup_shown",false);
-pref("extensions.https_everywhere._observatory.proxy_host","");
-pref("extensions.https_everywhere._observatory.proxy_port",0);
-pref("extensions.https_everywhere._observatory.proxy_type","direct");
-pref("extensions.https_everywhere._observatory.use_tor_proxy",true);
-pref("extensions.https_everywhere._observatory.alt_roots",false);
-pref("extensions.https_everywhere._observatory.self_signed",true);
-pref("extensions.https_everywhere._observatory.priv_dns",false);
-pref("extensions.https_everywhere._observatory.send_asn",true);
-pref("extensions.https_everywhere._observatory.use_whitelist",true);
diff --git a/src/install.rdf b/src/install.rdf
deleted file mode 100644
index 20a77abb0b39..000000000000
--- a/src/install.rdf
+++ /dev/null
@@ -1,68 +0,0 @@
-<?xml version="1.0"?>
-<RDF xmlns="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
-     xmlns:em="http://www.mozilla.org/2004/em-rdf#">
-
-    <Description about="urn:mozilla:install-manifest">
-        <em:name>HTTPS-Everywhere</em:name>
-        <em:creator>Mike Perry &amp; Peter Eckersley</em:creator>
-        <em:aboutURL>chrome://https-everywhere/content/about.xul</em:aboutURL>
-        <em:id>https-everywhere@eff.org</em:id>
-        <em:description>Encrypt the Web! Automatically use HTTPS security on many sites.</em:description>
-        <em:version>4.0development.15</em:version>
-        <em:homepageURL>https://www.eff.org/https-everywhere</em:homepageURL>
-        <em:optionsURL>chrome://https-everywhere/content/meta-preferences.xul</em:optionsURL>
-        <em:iconURL>chrome://https-everywhere/skin/https-everywhere.png</em:iconURL>
-        <em:updateURL>https://www.eff.org/files/https-everywhere-devel-update-2048.rdf</em:updateURL>
-		<em:unpack>true</em:unpack> <!-- Required for Firefox 4 -->
-        <em:updateKey>MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6MR8W/galdxnpGqBsYbqOzQb2eyW15YFjDDEMI0ZOzt8f504obNs920lDnpPD2/KqgsfjOgw2K7xWDJIj/18xUvWPk3LDkrnokNiRkA3KOx3W6fHycKL+zID7zy+xZYBuh2fLyQtWV1VGQ45iNRp9+Zo7rH86cdfgkdnWTlNSHyTLW9NbXvyv/E12bppPcEvgCTAQXgnDVJ0/sqmeiijn9tTFh03aM+R2V/21h8aTraAS24qiPCz6gkmYGC8yr6mglcnNoYbsLNYZ69zF1XHcXPduCPdPdfLlzVlKK1/U7hkA28eG3BIAMh6uJYBRJTpiGgaGdPd7YekUB8S6cy+CQIDAQAB</em:updateKey>
-        <!-- firefox -->
-        <em:targetApplication>
-            <Description>
-                <em:id>{ec8030f7-c20a-464f-9b0e-13a3a9e97384}</em:id>
-                <em:minVersion>20</em:minVersion>
-                <em:maxVersion>99.*</em:maxVersion>
-            </Description>
-        </em:targetApplication>
-        <!-- Seamonkey -->
-        <em:targetApplication>
-            <Description>
-                <em:id>{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}</em:id>
-                <em:minVersion>2.17</em:minVersion>
-                <em:maxVersion>99.*</em:maxVersion>
-            </Description>
-        </em:targetApplication>
-        <!-- thunderbird --> 
-        <em:targetApplication> 
-            <Description> 
-                <em:id>{3550f703-e582-4d05-9a08-453d09bdfdc6}</em:id> 
-                <em:minVersion>17.0.5</em:minVersion> 
-                <em:maxVersion>99.*</em:maxVersion> 
-            </Description> 
-        </em:targetApplication> 
-        <!-- Conkeror -->
-        <em:targetApplication>
-          <Description>
-            <em:id>{a79fe89b-6662-4ff4-8e88-09950ad4dfde}</em:id>
-            <em:minVersion>0.1</em:minVersion>
-            <em:maxVersion>99.*</em:maxVersion>
-          </Description>
-        </em:targetApplication>
-        <!-- Fennec / Mobile Firefox -->
-        <em:targetApplication>
-          <Description>
-            <em:id>{a23983c0-fd0e-11dc-95ff-0800200c9a66}</em:id>
-            <em:minVersion>0.1</em:minVersion>
-            <em:maxVersion>99.*</em:maxVersion>
-          </Description>
-        </em:targetApplication>
-        <!-- Firefox Mobile for Android -->
-        <em:targetApplication>
-          <Description>
-            <em:id>{aa3c5121-dab2-40e2-81ca-7ea25febc110}</em:id>
-            <em:minVersion>0.1</em:minVersion>
-            <em:maxVersion>99.*</em:maxVersion>
-          </Description>
-        </em:targetApplication>
-
-    </Description>
-</RDF>
diff --git a/test.sh b/test.sh
new file mode 100755
index 000000000000..64c9b27c68b8
--- /dev/null
+++ b/test.sh
@@ -0,0 +1,19 @@
+#!/bin/bash -ex
+# Run tests for HTTPS Everywhere
+
+# Get into the project-root. This script may be executed as `test.sh`
+# or as .git/hooks/pre-push, so we need to find the directory containing
+# test.sh before we can proceed.
+
+if [ -n "$GIT_DIR" ]
+then
+    # $GIT_DIR is set, so we're running as a hook.
+    cd $GIT_DIR
+else
+    # Git command exists? Cool, let's CD to the right place.
+    git rev-parse && cd "$(git rev-parse --show-toplevel)"
+fi
+
+./test/validations.sh
+./test/firefox.sh $@
+./test/chromium.sh $@
diff --git a/test/README.md b/test/README.md
new file mode 100644
index 000000000000..5b4e2441ff27
--- /dev/null
+++ b/test/README.md
@@ -0,0 +1,50 @@
+# Automated Tests for HTTPS Everywhere
+
+## Running
+
+    bash test.sh
+
+## Requirements for Selenium Testing
+
+- Python 3.6
+- Selenium
+      - Install Selenium as a python package using ```pip3 install selenium```, or run install-dev-dependencies.sh and it will do the job
+- GeckoDriver
+      - Manually download GeckoDriver from [here](https://github.com/mozilla/geckodriver/releases). Extract the executable to `/usr/bin/`, so that the pasted executable's full path becomes `/usr/bin/geckodriver`.
+
+# List of Manual tests
+
+These are integrated into Travis for automated end-to-end testing within Firefox and Chrome/Chromium browsers
+
+# Firefox
+
+- Visit a site that triggers a ruleset (e.g., Reddit.com).
+- Click HTTPS Everywhere icon, verify ruleset shows up in blue.
+- Click 'show more' text and view ruleset and toggle off ruleset.
+- Reopen HTTPS Everywhere menu, verify ruleset shows up in grey.
+- Reload HTTP version of the site, ensure it doesn't get rewritten now that the ruleset is disabled.
+- Click HTTP Everywhere icon, click ruleset again.
+- Click HTTPS Everywhere icon menu, click 'Encrypt All Sites Eligible'. Verify icon
+  turns red.
+- Visit an HTTP site known to not have a rewrite rule. http://http.badssl.com is a
+  good example. Verify page does not load.
+- Visit an HTTPS site that contains passive mixed content that is not rewritten
+  to HTTPS. https://jacob.hoffman-andrews.com/passive-mixed-content.html is a
+  good example. Verify the passive mixed content (e.g., image) does not load.
+- Click menu, click 'HTTPS Everywhere is ON' to 'HTTPS Everywhere is OFF' Verify icon turns grey.
+- Visit a site that would normally trigger a ruleset. Verify it is not rewritten to HTTPS.
+- Click menu, click 'Enable HTTPS Everywhere.' Verify icon turns blue. Verify page reloads and is rewritten to HTTPS.
+- Look at log output, look for errors.
+- Browser Menu > Web Developer > Web Console. Check for errors.
+
+# Chromium
+
+- Visit a site that triggers a ruleset (e.g., Reddit.com). Verify counter appears
+  within the HTTPS Everywhere menu under 'show more'.
+- Click HTTPS Everywhere menu. Verify it contains appropriate ruleset.
+- Disable ruleset.
+- Visit HTTP version of the site again. Verify it does not get redirected to HTTPS.
+- Re-enable ruleset.
+- Visit HTTP version of the site again. Verify it does get redirected.
+- Visit site that does not have a ruleset. Under the 'show more' menu, click 'Add this site', and complete site-adding process.
+- Reload the site. Verify it gets redirected to HTTPS.
diff --git a/test/chromium.sh b/test/chromium.sh
new file mode 100755
index 000000000000..70f6c712a798
--- /dev/null
+++ b/test/chromium.sh
@@ -0,0 +1,41 @@
+#!/bin/bash -ex
+# Run Chromium tests for HTTPS Everywhere
+
+# Get to the repo root directory, even when we're symlinked as a hook.
+if [ -n "$GIT_DIR" ]
+then
+    # $GIT_DIR is set, so we're running as a hook.
+    cd $GIT_DIR
+else
+    # Git command exists? Cool, let's CD to the right place.
+    git rev-parse && cd "$(git rev-parse --show-toplevel)"
+fi
+
+# Make sure we have xvfb-run and it's not already set.
+if [ -z "$XVFB_RUN" -a -n "$(which xvfb-run)" ]; then
+  XVFB_RUN=xvfb-run
+fi
+
+# If you just want to run Chromium with the latest code:
+if [ "$1" == "--justrun" ]; then
+	shift
+	./make.sh
+	echo "running Chromium"
+	source utils/mktemp.sh
+
+	PROFILE_DIRECTORY="$(mktemp -d)"
+	trap 'rm -r "$PROFILE_DIRECTORY"' EXIT
+
+	# Chromium package name is 'chromium' in Debian 7 (wheezy) and other distros like Arch
+	BROWSER="chromium-browser"
+	which $BROWSER || BROWSER="chromium"
+	$BROWSER \
+		--user-data-dir="$PROFILE_DIRECTORY" \
+		--load-extension=pkg/crx-cws/ \
+		"$@"
+else
+	./make.sh
+	echo "running tests"
+	CRX_NAME="`ls -tr pkg/*.crx | tail -1`"
+	$XVFB_RUN python3 test/script.py Chrome $CRX_NAME
+fi
diff --git a/test/chromium/README.md b/test/chromium/README.md
new file mode 120000
index 000000000000..32d46ee883b5
--- /dev/null
+++ b/test/chromium/README.md
@@ -0,0 +1 @@
+../README.md
\ No newline at end of file
diff --git a/test/chromium/requirements.txt b/test/chromium/requirements.txt
new file mode 100644
index 000000000000..7cb6656b279f
--- /dev/null
+++ b/test/chromium/requirements.txt
@@ -0,0 +1 @@
+selenium
diff --git a/test/fetch.sh b/test/fetch.sh
new file mode 100755
index 000000000000..6f08359e525b
--- /dev/null
+++ b/test/fetch.sh
@@ -0,0 +1,30 @@
+#!/bin/bash
+# Run https-everywhere-checker for each changed ruleset
+# This is run from test/travis.sh, but should work just as well without travis
+# as long as $RULESETS_CHANGED is supplied.
+
+RULETESTFOLDER="test/rules"
+
+# Exclude those rulesets that do not exist.
+for RULESET in $RULESETS_CHANGED; do
+  # First check if the given ruleset actually exists
+  if [ ! -f $RULESET ]; then
+    echo >&2 "Skipped $RULESET; file not found."
+    continue
+  fi
+  TO_BE_TESTED="$TO_BE_TESTED $RULESET"
+done
+
+if [ "$TO_BE_TESTED" ]; then
+  # Do the actual test, using https-everywhere-checker.
+  OUTPUT_FILE=`mktemp`
+  trap 'rm "$OUTPUT_FILE"' EXIT
+  python3 $RULETESTFOLDER/src/https_everywhere_checker/check_rules.py $RULETESTFOLDER/http.checker.config $TO_BE_TESTED 2>&1 | tee $OUTPUT_FILE
+  # Unfortunately, no specific exit codes are available for connection
+  # failures, so we catch those with grep.
+  if [[ `cat $OUTPUT_FILE | grep ERROR | wc -l` -ge 1 ]]; then
+    echo >&2 "Test URL test failed."
+    exit 1
+  fi
+fi
+echo >&2 "Test URL test succeeded."
diff --git a/test/firefox.sh b/test/firefox.sh
new file mode 100755
index 000000000000..1e99239fdab2
--- /dev/null
+++ b/test/firefox.sh
@@ -0,0 +1,65 @@
+#!/bin/bash -ex
+# Run Firefox tests for HTTPS Everywhere
+
+# Get to the repo root directory, even when we're symlinked as a hook.
+if [ -n "$GIT_DIR" ]
+then
+    # $GIT_DIR is set, so we're running as a hook.
+    cd $GIT_DIR
+else
+    # Git command exists? Cool, let's CD to the right place.
+    git rev-parse && cd "$(git rev-parse --show-toplevel)"
+fi
+
+
+source utils/mktemp.sh
+
+# We'll create a Firefox profile here and install HTTPS Everywhere into it.
+PROFILE_DIRECTORY="$(mktemp -d)"
+trap 'rm -r "$PROFILE_DIRECTORY"' EXIT
+HTTPSE_INSTALL_FILE=$PROFILE_DIRECTORY/extensions/https-everywhere-eff@eff.org.xpi
+
+# Build the XPI to run all the validations in make.sh, and to ensure that
+# we test what is actually getting built.
+./make.sh
+XPI_NAME="`ls -tr pkg/https-everywhere-20*.xpi | tail -1`"
+
+# Set up a skeleton profile and then install into it.
+# The skeleton contains a few files required to trick Firefox into thinking
+# that the extension was fully installed rather than just unpacked.
+cp -a test/firefox/test_profile_skeleton/* $PROFILE_DIRECTORY
+cp $XPI_NAME $HTTPSE_INSTALL_FILE
+
+die() {
+  echo "$@"
+  exit 1
+}
+
+if [ ! -f "$HTTPSE_INSTALL_FILE" ]; then
+  die "Firefox profile does not have HTTPS Everywhere installed"
+fi
+
+# Make sure we have xvfb-run and it's not already set.
+if [ -z "$XVFB_RUN" -a -n "$(which xvfb-run)" ]; then
+  XVFB_RUN=xvfb-run
+fi
+
+# If you just want to run Firefox with the latest code:
+if [ "$1" == "--justrun" ]; then
+  echo "running firefox"
+  shift
+  if [ $(uname) == Darwin ]; then
+    open /Applications/Firefox.app --wait-apps --new --args -no-remote -profile "$PROFILE_DIRECTORY" "$@"
+  else
+    ${FIREFOX:-firefox} -no-remote -profile "$PROFILE_DIRECTORY" "$@"
+  fi
+else
+  echo "running tests"
+
+  PATH=/home/user/geckodriver:$PATH
+  if [ -n "$FIREFOX" ]; then
+    $XVFB_RUN python3 test/script.py Firefox "$PROFILE_DIRECTORY" $FIREFOX
+  else
+    $XVFB_RUN python3 test/script.py Firefox "$PROFILE_DIRECTORY"
+  fi
+fi
diff --git a/test/firefox/README.md b/test/firefox/README.md
new file mode 120000
index 000000000000..32d46ee883b5
--- /dev/null
+++ b/test/firefox/README.md
@@ -0,0 +1 @@
+../README.md
\ No newline at end of file
diff --git a/test/firefox/test_profile_skeleton/README b/test/firefox/test_profile_skeleton/README
new file mode 100644
index 000000000000..31b1215b5a7c
--- /dev/null
+++ b/test/firefox/test_profile_skeleton/README
@@ -0,0 +1,15 @@
+Method to produce this skeleton Firefox profile directory:
+
+Create an empty profile directory.
+Unpack the XPI into $PROFILE_DIRECTORY/extensions/https-everywhere@eff.org.
+This "installs" the extension but doesn't really install it. At first start of
+Firefox, you will be prompted whether you want to install the extension.
+
+Run firefox -profile $PROFILE_DIRECTORY, but *do not* click install yet.
+Instead, cp -r $PROFILE_DIRECTORY to $PROFILE_DIRECTORY.copy. Then go back to
+Firefox and click install. Quit Firefox, and run diff -r $PROFILE_DIRECTORY,
+$PROFILE_DIRECTORY.copy. The files that differ are the ones that are required
+for Firefox to consider the extension installed. Use some judgement to determine
+which ones are critical, modify them as necessary (for instance, enable verbose
+logging in prefs.js), and save them to this skeleton directory.
+
diff --git a/test/firefox/test_profile_skeleton/extensions.json b/test/firefox/test_profile_skeleton/extensions.json
new file mode 100644
index 000000000000..471c313bb25c
--- /dev/null
+++ b/test/firefox/test_profile_skeleton/extensions.json
@@ -0,0 +1,48 @@
+{
+    "addons": [
+        {
+            "aboutURL": null,
+            "active": true,
+            "appDisabled": false,
+            "applyBackgroundUpdates": 1,
+            "blocklistState": 0,
+            "blocklistURL": null,
+            "defaultLocale": {
+                "contributors": null,
+                "creator": "extension-devs@eff.org",
+                "description": "Encrypt the Web! Automatically use HTTPS security on many sites.",
+                "developers": null,
+                "homepageURL": "https://www.eff.org/https-everywhere",
+                "name": "HTTPS Everywhere",
+                "translators": null
+            },
+            "dependencies": [],
+            "foreignInstall": false,
+            "hidden": false,
+            "iconURL": null,
+            "id": "https-everywhere-eff@eff.org",
+            "installDate": 1559865340000,
+            "installTelemetryInfo": {
+                "method": "link",
+                "source": "unknown"
+            },
+            "loader": null,
+            "location": "app-profile",
+            "optionsBrowserStyle": true,
+            "optionsType": 5,
+            "releaseNotesURI": null,
+            "seen": true,
+            "signedState": 2,
+            "skinnable": false,
+            "softDisabled": false,
+            "sourceURI": "https://www.eff.org/files/https-everywhere-latest.xpi",
+            "startupData": null,
+            "strictCompatibility": true,
+            "targetPlatforms": [],
+            "type": "extension",
+            "updateDate": 1559865340000,
+            "userDisabled": false,
+            "visible": true
+        }
+    ]
+}
diff --git a/test/firefox/test_profile_skeleton/extensions/placeholder b/test/firefox/test_profile_skeleton/extensions/placeholder
new file mode 100644
index 000000000000..e69de29bb2d1
diff --git a/test/firefox/test_profile_skeleton/prefs.js b/test/firefox/test_profile_skeleton/prefs.js
new file mode 100644
index 000000000000..d1c0e37d53b0
--- /dev/null
+++ b/test/firefox/test_profile_skeleton/prefs.js
@@ -0,0 +1,10 @@
+// Make it quicker to make manual config changes.
+user_pref("general.warnOnAboutConfig", false);
+// Minimize unnecessary requests.
+user_pref("browser.safebrowsing.enabled", false);
+user_pref("browser.safebrowsing.malware.enabled", false);
+// These two preferences allow debugging the extension
+user_pref("devtools.chrome.enabled", true);
+user_pref("devtools.debugger.remote-enabled", true);
+// Disable signature requirement so we can run testing addons
+user_pref("xpinstall.signatures.required", false);
diff --git a/test/manual.sh b/test/manual.sh
new file mode 100755
index 000000000000..d16a977f178c
--- /dev/null
+++ b/test/manual.sh
@@ -0,0 +1,6 @@
+#!/bin/bash
+# This script assists ruleset creators in ensuring that there is proper test
+# coverage for their rules, and performs a network "fetch" test to alert the
+# contributor of potential problems.
+
+exec python3 test/rules/src/https_everywhere_checker/check_rules.py test/rules/manual.checker.config "$@"
diff --git a/test/rules/.gitignore b/test/rules/.gitignore
new file mode 100644
index 000000000000..27c9ba271743
--- /dev/null
+++ b/test/rules/.gitignore
@@ -0,0 +1,51 @@
+.*.swp
+checker.config
+*.kpf
+*.pyc
+*.pyo
+rules
+*.html
+
+*.py[cod]
+
+# C extensions
+*.so
+
+# Packages
+*.egg
+*.egg-info
+dist
+build
+eggs
+parts
+bin
+var
+sdist
+develop-eggs
+.installed.cfg
+lib
+lib64
+
+# Installer logs
+pip-log.txt
+
+# Unit test / coverage reports
+.coverage
+.tox
+nosetests.xml
+htmlcov
+
+# Translations
+*.mo
+
+# Mr Developer
+.mr.developer.cfg
+.project
+.pydevproject
+
+# Complexity
+output/*.html
+output/*/index.html
+
+# Sphinx
+docs/_build
diff --git a/test/rules/LICENSE.txt b/test/rules/LICENSE.txt
new file mode 100644
index 000000000000..94a9ed024d38
--- /dev/null
+++ b/test/rules/LICENSE.txt
@@ -0,0 +1,674 @@
+                    GNU GENERAL PUBLIC LICENSE
+                       Version 3, 29 June 2007
+
+ Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+                            Preamble
+
+  The GNU General Public License is a free, copyleft license for
+software and other kinds of works.
+
+  The licenses for most software and other practical works are designed
+to take away your freedom to share and change the works.  By contrast,
+the GNU General Public License is intended to guarantee your freedom to
+share and change all versions of a program--to make sure it remains free
+software for all its users.  We, the Free Software Foundation, use the
+GNU General Public License for most of our software; it applies also to
+any other work released this way by its authors.  You can apply it to
+your programs, too.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+them if you wish), that you receive source code or can get it if you
+want it, that you can change the software or use pieces of it in new
+free programs, and that you know you can do these things.
+
+  To protect your rights, we need to prevent others from denying you
+these rights or asking you to surrender the rights.  Therefore, you have
+certain responsibilities if you distribute copies of the software, or if
+you modify it: responsibilities to respect the freedom of others.
+
+  For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must pass on to the recipients the same
+freedoms that you received.  You must make sure that they, too, receive
+or can get the source code.  And you must show them these terms so they
+know their rights.
+
+  Developers that use the GNU GPL protect your rights with two steps:
+(1) assert copyright on the software, and (2) offer you this License
+giving you legal permission to copy, distribute and/or modify it.
+
+  For the developers' and authors' protection, the GPL clearly explains
+that there is no warranty for this free software.  For both users' and
+authors' sake, the GPL requires that modified versions be marked as
+changed, so that their problems will not be attributed erroneously to
+authors of previous versions.
+
+  Some devices are designed to deny users access to install or run
+modified versions of the software inside them, although the manufacturer
+can do so.  This is fundamentally incompatible with the aim of
+protecting users' freedom to change the software.  The systematic
+pattern of such abuse occurs in the area of products for individuals to
+use, which is precisely where it is most unacceptable.  Therefore, we
+have designed this version of the GPL to prohibit the practice for those
+products.  If such problems arise substantially in other domains, we
+stand ready to extend this provision to those domains in future versions
+of the GPL, as needed to protect the freedom of users.
+
+  Finally, every program is threatened constantly by software patents.
+States should not allow patents to restrict development and use of
+software on general-purpose computers, but in those that do, we wish to
+avoid the special danger that patents applied to a free program could
+make it effectively proprietary.  To prevent this, the GPL assures that
+patents cannot be used to render the program non-free.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+                       TERMS AND CONDITIONS
+
+  0. Definitions.
+
+  "This License" refers to version 3 of the GNU General Public License.
+
+  "Copyright" also means copyright-like laws that apply to other kinds of
+works, such as semiconductor masks.
+
+  "The Program" refers to any copyrightable work licensed under this
+License.  Each licensee is addressed as "you".  "Licensees" and
+"recipients" may be individuals or organizations.
+
+  To "modify" a work means to copy from or adapt all or part of the work
+in a fashion requiring copyright permission, other than the making of an
+exact copy.  The resulting work is called a "modified version" of the
+earlier work or a work "based on" the earlier work.
+
+  A "covered work" means either the unmodified Program or a work based
+on the Program.
+
+  To "propagate" a work means to do anything with it that, without
+permission, would make you directly or secondarily liable for
+infringement under applicable copyright law, except executing it on a
+computer or modifying a private copy.  Propagation includes copying,
+distribution (with or without modification), making available to the
+public, and in some countries other activities as well.
+
+  To "convey" a work means any kind of propagation that enables other
+parties to make or receive copies.  Mere interaction with a user through
+a computer network, with no transfer of a copy, is not conveying.
+
+  An interactive user interface displays "Appropriate Legal Notices"
+to the extent that it includes a convenient and prominently visible
+feature that (1) displays an appropriate copyright notice, and (2)
+tells the user that there is no warranty for the work (except to the
+extent that warranties are provided), that licensees may convey the
+work under this License, and how to view a copy of this License.  If
+the interface presents a list of user commands or options, such as a
+menu, a prominent item in the list meets this criterion.
+
+  1. Source Code.
+
+  The "source code" for a work means the preferred form of the work
+for making modifications to it.  "Object code" means any non-source
+form of a work.
+
+  A "Standard Interface" means an interface that either is an official
+standard defined by a recognized standards body, or, in the case of
+interfaces specified for a particular programming language, one that
+is widely used among developers working in that language.
+
+  The "System Libraries" of an executable work include anything, other
+than the work as a whole, that (a) is included in the normal form of
+packaging a Major Component, but which is not part of that Major
+Component, and (b) serves only to enable use of the work with that
+Major Component, or to implement a Standard Interface for which an
+implementation is available to the public in source code form.  A
+"Major Component", in this context, means a major essential component
+(kernel, window system, and so on) of the specific operating system
+(if any) on which the executable work runs, or a compiler used to
+produce the work, or an object code interpreter used to run it.
+
+  The "Corresponding Source" for a work in object code form means all
+the source code needed to generate, install, and (for an executable
+work) run the object code and to modify the work, including scripts to
+control those activities.  However, it does not include the work's
+System Libraries, or general-purpose tools or generally available free
+programs which are used unmodified in performing those activities but
+which are not part of the work.  For example, Corresponding Source
+includes interface definition files associated with source files for
+the work, and the source code for shared libraries and dynamically
+linked subprograms that the work is specifically designed to require,
+such as by intimate data communication or control flow between those
+subprograms and other parts of the work.
+
+  The Corresponding Source need not include anything that users
+can regenerate automatically from other parts of the Corresponding
+Source.
+
+  The Corresponding Source for a work in source code form is that
+same work.
+
+  2. Basic Permissions.
+
+  All rights granted under this License are granted for the term of
+copyright on the Program, and are irrevocable provided the stated
+conditions are met.  This License explicitly affirms your unlimited
+permission to run the unmodified Program.  The output from running a
+covered work is covered by this License only if the output, given its
+content, constitutes a covered work.  This License acknowledges your
+rights of fair use or other equivalent, as provided by copyright law.
+
+  You may make, run and propagate covered works that you do not
+convey, without conditions so long as your license otherwise remains
+in force.  You may convey covered works to others for the sole purpose
+of having them make modifications exclusively for you, or provide you
+with facilities for running those works, provided that you comply with
+the terms of this License in conveying all material for which you do
+not control copyright.  Those thus making or running the covered works
+for you must do so exclusively on your behalf, under your direction
+and control, on terms that prohibit them from making any copies of
+your copyrighted material outside their relationship with you.
+
+  Conveying under any other circumstances is permitted solely under
+the conditions stated below.  Sublicensing is not allowed; section 10
+makes it unnecessary.
+
+  3. Protecting Users' Legal Rights From Anti-Circumvention Law.
+
+  No covered work shall be deemed part of an effective technological
+measure under any applicable law fulfilling obligations under article
+11 of the WIPO copyright treaty adopted on 20 December 1996, or
+similar laws prohibiting or restricting circumvention of such
+measures.
+
+  When you convey a covered work, you waive any legal power to forbid
+circumvention of technological measures to the extent such circumvention
+is effected by exercising rights under this License with respect to
+the covered work, and you disclaim any intention to limit operation or
+modification of the work as a means of enforcing, against the work's
+users, your or third parties' legal rights to forbid circumvention of
+technological measures.
+
+  4. Conveying Verbatim Copies.
+
+  You may convey verbatim copies of the Program's source code as you
+receive it, in any medium, provided that you conspicuously and
+appropriately publish on each copy an appropriate copyright notice;
+keep intact all notices stating that this License and any
+non-permissive terms added in accord with section 7 apply to the code;
+keep intact all notices of the absence of any warranty; and give all
+recipients a copy of this License along with the Program.
+
+  You may charge any price or no price for each copy that you convey,
+and you may offer support or warranty protection for a fee.
+
+  5. Conveying Modified Source Versions.
+
+  You may convey a work based on the Program, or the modifications to
+produce it from the Program, in the form of source code under the
+terms of section 4, provided that you also meet all of these conditions:
+
+    a) The work must carry prominent notices stating that you modified
+    it, and giving a relevant date.
+
+    b) The work must carry prominent notices stating that it is
+    released under this License and any conditions added under section
+    7.  This requirement modifies the requirement in section 4 to
+    "keep intact all notices".
+
+    c) You must license the entire work, as a whole, under this
+    License to anyone who comes into possession of a copy.  This
+    License will therefore apply, along with any applicable section 7
+    additional terms, to the whole of the work, and all its parts,
+    regardless of how they are packaged.  This License gives no
+    permission to license the work in any other way, but it does not
+    invalidate such permission if you have separately received it.
+
+    d) If the work has interactive user interfaces, each must display
+    Appropriate Legal Notices; however, if the Program has interactive
+    interfaces that do not display Appropriate Legal Notices, your
+    work need not make them do so.
+
+  A compilation of a covered work with other separate and independent
+works, which are not by their nature extensions of the covered work,
+and which are not combined with it such as to form a larger program,
+in or on a volume of a storage or distribution medium, is called an
+"aggregate" if the compilation and its resulting copyright are not
+used to limit the access or legal rights of the compilation's users
+beyond what the individual works permit.  Inclusion of a covered work
+in an aggregate does not cause this License to apply to the other
+parts of the aggregate.
+
+  6. Conveying Non-Source Forms.
+
+  You may convey a covered work in object code form under the terms
+of sections 4 and 5, provided that you also convey the
+machine-readable Corresponding Source under the terms of this License,
+in one of these ways:
+
+    a) Convey the object code in, or embodied in, a physical product
+    (including a physical distribution medium), accompanied by the
+    Corresponding Source fixed on a durable physical medium
+    customarily used for software interchange.
+
+    b) Convey the object code in, or embodied in, a physical product
+    (including a physical distribution medium), accompanied by a
+    written offer, valid for at least three years and valid for as
+    long as you offer spare parts or customer support for that product
+    model, to give anyone who possesses the object code either (1) a
+    copy of the Corresponding Source for all the software in the
+    product that is covered by this License, on a durable physical
+    medium customarily used for software interchange, for a price no
+    more than your reasonable cost of physically performing this
+    conveying of source, or (2) access to copy the
+    Corresponding Source from a network server at no charge.
+
+    c) Convey individual copies of the object code with a copy of the
+    written offer to provide the Corresponding Source.  This
+    alternative is allowed only occasionally and noncommercially, and
+    only if you received the object code with such an offer, in accord
+    with subsection 6b.
+
+    d) Convey the object code by offering access from a designated
+    place (gratis or for a charge), and offer equivalent access to the
+    Corresponding Source in the same way through the same place at no
+    further charge.  You need not require recipients to copy the
+    Corresponding Source along with the object code.  If the place to
+    copy the object code is a network server, the Corresponding Source
+    may be on a different server (operated by you or a third party)
+    that supports equivalent copying facilities, provided you maintain
+    clear directions next to the object code saying where to find the
+    Corresponding Source.  Regardless of what server hosts the
+    Corresponding Source, you remain obligated to ensure that it is
+    available for as long as needed to satisfy these requirements.
+
+    e) Convey the object code using peer-to-peer transmission, provided
+    you inform other peers where the object code and Corresponding
+    Source of the work are being offered to the general public at no
+    charge under subsection 6d.
+
+  A separable portion of the object code, whose source code is excluded
+from the Corresponding Source as a System Library, need not be
+included in conveying the object code work.
+
+  A "User Product" is either (1) a "consumer product", which means any
+tangible personal property which is normally used for personal, family,
+or household purposes, or (2) anything designed or sold for incorporation
+into a dwelling.  In determining whether a product is a consumer product,
+doubtful cases shall be resolved in favor of coverage.  For a particular
+product received by a particular user, "normally used" refers to a
+typical or common use of that class of product, regardless of the status
+of the particular user or of the way in which the particular user
+actually uses, or expects or is expected to use, the product.  A product
+is a consumer product regardless of whether the product has substantial
+commercial, industrial or non-consumer uses, unless such uses represent
+the only significant mode of use of the product.
+
+  "Installation Information" for a User Product means any methods,
+procedures, authorization keys, or other information required to install
+and execute modified versions of a covered work in that User Product from
+a modified version of its Corresponding Source.  The information must
+suffice to ensure that the continued functioning of the modified object
+code is in no case prevented or interfered with solely because
+modification has been made.
+
+  If you convey an object code work under this section in, or with, or
+specifically for use in, a User Product, and the conveying occurs as
+part of a transaction in which the right of possession and use of the
+User Product is transferred to the recipient in perpetuity or for a
+fixed term (regardless of how the transaction is characterized), the
+Corresponding Source conveyed under this section must be accompanied
+by the Installation Information.  But this requirement does not apply
+if neither you nor any third party retains the ability to install
+modified object code on the User Product (for example, the work has
+been installed in ROM).
+
+  The requirement to provide Installation Information does not include a
+requirement to continue to provide support service, warranty, or updates
+for a work that has been modified or installed by the recipient, or for
+the User Product in which it has been modified or installed.  Access to a
+network may be denied when the modification itself materially and
+adversely affects the operation of the network or violates the rules and
+protocols for communication across the network.
+
+  Corresponding Source conveyed, and Installation Information provided,
+in accord with this section must be in a format that is publicly
+documented (and with an implementation available to the public in
+source code form), and must require no special password or key for
+unpacking, reading or copying.
+
+  7. Additional Terms.
+
+  "Additional permissions" are terms that supplement the terms of this
+License by making exceptions from one or more of its conditions.
+Additional permissions that are applicable to the entire Program shall
+be treated as though they were included in this License, to the extent
+that they are valid under applicable law.  If additional permissions
+apply only to part of the Program, that part may be used separately
+under those permissions, but the entire Program remains governed by
+this License without regard to the additional permissions.
+
+  When you convey a copy of a covered work, you may at your option
+remove any additional permissions from that copy, or from any part of
+it.  (Additional permissions may be written to require their own
+removal in certain cases when you modify the work.)  You may place
+additional permissions on material, added by you to a covered work,
+for which you have or can give appropriate copyright permission.
+
+  Notwithstanding any other provision of this License, for material you
+add to a covered work, you may (if authorized by the copyright holders of
+that material) supplement the terms of this License with terms:
+
+    a) Disclaiming warranty or limiting liability differently from the
+    terms of sections 15 and 16 of this License; or
+
+    b) Requiring preservation of specified reasonable legal notices or
+    author attributions in that material or in the Appropriate Legal
+    Notices displayed by works containing it; or
+
+    c) Prohibiting misrepresentation of the origin of that material, or
+    requiring that modified versions of such material be marked in
+    reasonable ways as different from the original version; or
+
+    d) Limiting the use for publicity purposes of names of licensors or
+    authors of the material; or
+
+    e) Declining to grant rights under trademark law for use of some
+    trade names, trademarks, or service marks; or
+
+    f) Requiring indemnification of licensors and authors of that
+    material by anyone who conveys the material (or modified versions of
+    it) with contractual assumptions of liability to the recipient, for
+    any liability that these contractual assumptions directly impose on
+    those licensors and authors.
+
+  All other non-permissive additional terms are considered "further
+restrictions" within the meaning of section 10.  If the Program as you
+received it, or any part of it, contains a notice stating that it is
+governed by this License along with a term that is a further
+restriction, you may remove that term.  If a license document contains
+a further restriction but permits relicensing or conveying under this
+License, you may add to a covered work material governed by the terms
+of that license document, provided that the further restriction does
+not survive such relicensing or conveying.
+
+  If you add terms to a covered work in accord with this section, you
+must place, in the relevant source files, a statement of the
+additional terms that apply to those files, or a notice indicating
+where to find the applicable terms.
+
+  Additional terms, permissive or non-permissive, may be stated in the
+form of a separately written license, or stated as exceptions;
+the above requirements apply either way.
+
+  8. Termination.
+
+  You may not propagate or modify a covered work except as expressly
+provided under this License.  Any attempt otherwise to propagate or
+modify it is void, and will automatically terminate your rights under
+this License (including any patent licenses granted under the third
+paragraph of section 11).
+
+  However, if you cease all violation of this License, then your
+license from a particular copyright holder is reinstated (a)
+provisionally, unless and until the copyright holder explicitly and
+finally terminates your license, and (b) permanently, if the copyright
+holder fails to notify you of the violation by some reasonable means
+prior to 60 days after the cessation.
+
+  Moreover, your license from a particular copyright holder is
+reinstated permanently if the copyright holder notifies you of the
+violation by some reasonable means, this is the first time you have
+received notice of violation of this License (for any work) from that
+copyright holder, and you cure the violation prior to 30 days after
+your receipt of the notice.
+
+  Termination of your rights under this section does not terminate the
+licenses of parties who have received copies or rights from you under
+this License.  If your rights have been terminated and not permanently
+reinstated, you do not qualify to receive new licenses for the same
+material under section 10.
+
+  9. Acceptance Not Required for Having Copies.
+
+  You are not required to accept this License in order to receive or
+run a copy of the Program.  Ancillary propagation of a covered work
+occurring solely as a consequence of using peer-to-peer transmission
+to receive a copy likewise does not require acceptance.  However,
+nothing other than this License grants you permission to propagate or
+modify any covered work.  These actions infringe copyright if you do
+not accept this License.  Therefore, by modifying or propagating a
+covered work, you indicate your acceptance of this License to do so.
+
+  10. Automatic Licensing of Downstream Recipients.
+
+  Each time you convey a covered work, the recipient automatically
+receives a license from the original licensors, to run, modify and
+propagate that work, subject to this License.  You are not responsible
+for enforcing compliance by third parties with this License.
+
+  An "entity transaction" is a transaction transferring control of an
+organization, or substantially all assets of one, or subdividing an
+organization, or merging organizations.  If propagation of a covered
+work results from an entity transaction, each party to that
+transaction who receives a copy of the work also receives whatever
+licenses to the work the party's predecessor in interest had or could
+give under the previous paragraph, plus a right to possession of the
+Corresponding Source of the work from the predecessor in interest, if
+the predecessor has it or can get it with reasonable efforts.
+
+  You may not impose any further restrictions on the exercise of the
+rights granted or affirmed under this License.  For example, you may
+not impose a license fee, royalty, or other charge for exercise of
+rights granted under this License, and you may not initiate litigation
+(including a cross-claim or counterclaim in a lawsuit) alleging that
+any patent claim is infringed by making, using, selling, offering for
+sale, or importing the Program or any portion of it.
+
+  11. Patents.
+
+  A "contributor" is a copyright holder who authorizes use under this
+License of the Program or a work on which the Program is based.  The
+work thus licensed is called the contributor's "contributor version".
+
+  A contributor's "essential patent claims" are all patent claims
+owned or controlled by the contributor, whether already acquired or
+hereafter acquired, that would be infringed by some manner, permitted
+by this License, of making, using, or selling its contributor version,
+but do not include claims that would be infringed only as a
+consequence of further modification of the contributor version.  For
+purposes of this definition, "control" includes the right to grant
+patent sublicenses in a manner consistent with the requirements of
+this License.
+
+  Each contributor grants you a non-exclusive, worldwide, royalty-free
+patent license under the contributor's essential patent claims, to
+make, use, sell, offer for sale, import and otherwise run, modify and
+propagate the contents of its contributor version.
+
+  In the following three paragraphs, a "patent license" is any express
+agreement or commitment, however denominated, not to enforce a patent
+(such as an express permission to practice a patent or covenant not to
+sue for patent infringement).  To "grant" such a patent license to a
+party means to make such an agreement or commitment not to enforce a
+patent against the party.
+
+  If you convey a covered work, knowingly relying on a patent license,
+and the Corresponding Source of the work is not available for anyone
+to copy, free of charge and under the terms of this License, through a
+publicly available network server or other readily accessible means,
+then you must either (1) cause the Corresponding Source to be so
+available, or (2) arrange to deprive yourself of the benefit of the
+patent license for this particular work, or (3) arrange, in a manner
+consistent with the requirements of this License, to extend the patent
+license to downstream recipients.  "Knowingly relying" means you have
+actual knowledge that, but for the patent license, your conveying the
+covered work in a country, or your recipient's use of the covered work
+in a country, would infringe one or more identifiable patents in that
+country that you have reason to believe are valid.
+
+  If, pursuant to or in connection with a single transaction or
+arrangement, you convey, or propagate by procuring conveyance of, a
+covered work, and grant a patent license to some of the parties
+receiving the covered work authorizing them to use, propagate, modify
+or convey a specific copy of the covered work, then the patent license
+you grant is automatically extended to all recipients of the covered
+work and works based on it.
+
+  A patent license is "discriminatory" if it does not include within
+the scope of its coverage, prohibits the exercise of, or is
+conditioned on the non-exercise of one or more of the rights that are
+specifically granted under this License.  You may not convey a covered
+work if you are a party to an arrangement with a third party that is
+in the business of distributing software, under which you make payment
+to the third party based on the extent of your activity of conveying
+the work, and under which the third party grants, to any of the
+parties who would receive the covered work from you, a discriminatory
+patent license (a) in connection with copies of the covered work
+conveyed by you (or copies made from those copies), or (b) primarily
+for and in connection with specific products or compilations that
+contain the covered work, unless you entered into that arrangement,
+or that patent license was granted, prior to 28 March 2007.
+
+  Nothing in this License shall be construed as excluding or limiting
+any implied license or other defenses to infringement that may
+otherwise be available to you under applicable patent law.
+
+  12. No Surrender of Others' Freedom.
+
+  If conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot convey a
+covered work so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you may
+not convey it at all.  For example, if you agree to terms that obligate you
+to collect a royalty for further conveying from those to whom you convey
+the Program, the only way you could satisfy both those terms and this
+License would be to refrain entirely from conveying the Program.
+
+  13. Use with the GNU Affero General Public License.
+
+  Notwithstanding any other provision of this License, you have
+permission to link or combine any covered work with a work licensed
+under version 3 of the GNU Affero General Public License into a single
+combined work, and to convey the resulting work.  The terms of this
+License will continue to apply to the part which is the covered work,
+but the special requirements of the GNU Affero General Public License,
+section 13, concerning interaction through a network will apply to the
+combination as such.
+
+  14. Revised Versions of this License.
+
+  The Free Software Foundation may publish revised and/or new versions of
+the GNU General Public License from time to time.  Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+  Each version is given a distinguishing version number.  If the
+Program specifies that a certain numbered version of the GNU General
+Public License "or any later version" applies to it, you have the
+option of following the terms and conditions either of that numbered
+version or of any later version published by the Free Software
+Foundation.  If the Program does not specify a version number of the
+GNU General Public License, you may choose any version ever published
+by the Free Software Foundation.
+
+  If the Program specifies that a proxy can decide which future
+versions of the GNU General Public License can be used, that proxy's
+public statement of acceptance of a version permanently authorizes you
+to choose that version for the Program.
+
+  Later license versions may give you additional or different
+permissions.  However, no additional obligations are imposed on any
+author or copyright holder as a result of your choosing to follow a
+later version.
+
+  15. Disclaimer of Warranty.
+
+  THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
+APPLICABLE LAW.  EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
+HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
+OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
+THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+PURPOSE.  THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
+IS WITH YOU.  SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
+ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
+
+  16. Limitation of Liability.
+
+  IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
+THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
+GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
+USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
+DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
+PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
+EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGES.
+
+  17. Interpretation of Sections 15 and 16.
+
+  If the disclaimer of warranty and limitation of liability provided
+above cannot be given local legal effect according to their terms,
+reviewing courts shall apply local law that most closely approximates
+an absolute waiver of all civil liability in connection with the
+Program, unless a warranty or assumption of liability accompanies a
+copy of the Program in return for a fee.
+
+                     END OF TERMS AND CONDITIONS
+
+            How to Apply These Terms to Your New Programs
+
+  If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+  To do so, attach the following notices to the program.  It is safest
+to attach them to the start of each source file to most effectively
+state the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+    <one line to give the program's name and a brief idea of what it does.>
+    Copyright (C) <year>  <name of author>
+
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+Also add information on how to contact you by electronic and paper mail.
+
+  If the program does terminal interaction, make it output a short
+notice like this when it starts in an interactive mode:
+
+    <program>  Copyright (C) <year>  <name of author>
+    This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+    This is free software, and you are welcome to redistribute it
+    under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License.  Of course, your program's commands
+might be different; for a GUI interface, you would use an "about box".
+
+  You should also get your employer (if you work as a programmer) or school,
+if any, to sign a "copyright disclaimer" for the program, if necessary.
+For more information on this, and how to apply and follow the GNU GPL, see
+<http://www.gnu.org/licenses/>.
+
+  The GNU General Public License does not permit incorporating your program
+into proprietary programs.  If your program is a subroutine library, you
+may consider it more useful to permit linking proprietary applications with
+the library.  If this is what you want to do, use the GNU Lesser General
+Public License instead of this License.  But first, please read
+<http://www.gnu.org/philosophy/why-not-lgpl.html>.
diff --git a/test/rules/README.md b/test/rules/README.md
new file mode 100644
index 000000000000..8c574b0f408f
--- /dev/null
+++ b/test/rules/README.md
@@ -0,0 +1,74 @@
+# HTTPS Everywhere Rule Checker
+
+Author: Ondrej Mikle, CZ.NIC (ondrej.mikle@nic.cz)
+
+## Configuration
+
+Copy `checker.config.sample` to `checker.config` and change the `rulesdir` under `[rulesets]` to point to a directory with the XML files of HTTPS Everywhere rules (usually the `src/chrome/content/rules` of locally checked out git tree of HTTPS Everywhere).
+
+## Running
+
+Once you have modified the config, run:
+
+    check-https-rules checker.config
+
+Output will be written to selected log file, infos/warnings/errors contain the useful information.
+
+## Features
+
+* Attempts to follow Firefox behavior as closely as possible (including rewriting HTTP redirects according to rules; well except for Javascript and meta-redirects)
+* IDN domain support
+* Currently two metrics on "distance" of two resources implemented, one is purely string-based, the other tries to measure "similarity of the shape of DOM tree"
+* Multi-threaded scanner
+* Support for various "platforms" (e.g. CAcert), i.e. sets of CA certificate sets which can be switched during following of redirects
+* set of used CA certificates can be statically restricted to one CA certificate set (see `static_ca_path` in config file)
+
+## What errors in rulesets can be detected
+
+* big difference in HTML page structure
+* error in ruleset - declared target that no rule rewrites, bad regexps (usually capture groups are wrong), incomplete FQDNs, non-existent domains
+* HTTP 200 in original page, while rewritten page returns 4xx/5xx
+* cycle detection in redirects
+* transvalid certificates (incomplete chains)
+* other invalid certificate detection (self-signed, expired, CN mismatch...)
+
+## False positives and shortcomings
+
+* Some pages deliberately have different HTTP and HTTPS page, some for example redirect to different page under https
+* URLs to scan are naively guessed from target hosts, having test set of URLs in a ruleset would improve it (better coverage)
+
+## Known bugs
+
+### At most 9 capture groups in rule supported
+
+This is a workaround for ambiguous rewrites in rules such as:
+
+    <rule from="^http://(www\.)?01\.org/" to="https://$101.org/" />
+
+The `$101` would actually mean 101-st group, so we assume that only first digit after `$` denotes the group (which is how it seems to work in javascript).
+
+### May not work under Windows
+
+According to [PyCURL documentation](http://curl.haxx.se/libcurl/c/curl_easy_setopt.html#CURLOPTCAPATH), using CAPATH may not work under Windows. I'd guess it's due to openssl's `c_rehash` utility that creates symlinks to PEM certificates. Hypothetically it could work if the symlinks were replaced by regular files with identical names, but haven't tried.
+
+### Threading bugs and workarounds
+
+There are some race conditions with Python threads and OpenSSL/GnuTLS that cause about due to SIGPIPE or SIGSEGV. While libcurl code seems to have implemented the necessary callbacks, there's a bug somewhere :-)
+
+Workaround: set `fetch_in_subprocess` under `http` section in config to true when using multiple threads for fetching. Using subprocess is on by default.
+
+You might have to set PYTHONPATH if working dir is different from code dir with python scripts.
+
+If underlying SSL library is NSS, threading looks fine.
+
+As a side effect, the CURL+NSS SNI bug does not happen with subprocesses (SSL session ID cache is not kept among process invocations).
+
+If pure-threaded version starts eating too much memory (like 1 GB in a minute), turn on the ``fetch_in_subprocess`` option metioned above. Some combinations of CURL and SSL library versions do that. Spawning separate subprocesses prevents any caches building up and eating too much memory.
+
+Using subprocess hypothetically might cause a deadlock due to insufficient buffer size when exchanging data through stdin/stdout in case of a large HTML page, but hasn't happened for any of the rules (I've tried to run them on the complete batch of rulesets contained in HTTPS Everywhere Nov 2 2012 commit c343f230a49d960dba90424799c3bacc2325fc94). Though in case deadlock happens, increase buffer size in `subprocess.Popen` invocation in `http_client.py`.
+
+### Generic bugs/quirks of SSL libraries
+
+Each of the three possible libraries (OpenSSL, GnuTLS, NSS) has different set of quirks. GnuTLS seems to be the most strict one regarding relevant RFCs and will not for instance tolerate certificate chain in wrong order or forgive server not sending `close_notify` alert.
+
+Thus it's entirely possible that while a server chain and SSL/TLS handshake seems OK when using one lib, it may break with the other.
diff --git a/test/rules/checker.config.sample b/test/rules/checker.config.sample
new file mode 100644
index 000000000000..d75bbf49f604
--- /dev/null
+++ b/test/rules/checker.config.sample
@@ -0,0 +1,69 @@
+#Directory with XML files describing HTTPS Everywhere rulesets
+[rulesets]
+rulesdir = /path/to/https-everywhere/src/chrome/content/rules
+check_coverage = true
+
+#Certificate trust anchors for checking chains in HTTPS connections
+[certificates]
+basedir = platform_certs
+
+#HTTP(S) fetching options
+# Timeouts are in seconds.
+# redirect_depth - max number of redirects followed, otherwise it's a cycle
+# threads - number of threads to use for fetching HTTP(S) data
+# user_agent is optional, by default PyCURL's UA is used
+# curl_verbose - optional boolean parameter to turn on PyCURL debug output
+# ssl_version - SSL/TLS version to use, options are:
+#   - when not set, use the default version of linked SSL/TLS library
+#   - TLSv1 - TLSv1 (may be 1.0 or 1.1, e.g. current gnutls defaults to latter)
+#   - SSLv3 - use SSL 3, this is also workaround for the SNI HTTP 400 described
+#     in README
+#   - SSLv2 - use SSL 2 (generally not recommended except for testing special
+#     cases)
+# fetch_in_subprocess - spawn subprocess to fetch HTTP(S) URLs. Intended as
+#   workaround for threading race conditions when underlying SSL library is
+#   gnutls or openssl. Default is true as process-level separation seems to
+#   serve as workaround for all kinds of bugs.
+# static_capath - use to disable setting CA cert path based on what rule
+#   'platform' attribute says and use a fixed CA path instead. Should point to
+#   a directory with CA certificates/intermediate certificates.
+# url_list - file containing http URLs to be tested, one per line. These URLs
+#   will be tested instead of guessing URLs based on "target" element in rulesets.
+[http]
+connect_timeout = 10
+read_timeout = 15
+redirect_depth = 10
+threads = 10
+# user_agent should be that of the latest ESR version on which TBB is based on.
+# https://blog.torproject.org/browser-fingerprinting-introduction-and-challenges-ahead
+#user_agent = Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
+#curl_verbose = true
+#ssl_version = TLSv1
+fetch_in_subprocess = true
+#static_ca_path = platform_certs/firefox_transvalid
+#url_list = urls
+
+#Logging
+# logfile - filename or use - for stderr
+# loglevel - minimal log messages severity - one of debug, info, warn, error, fatal
+[log]
+logfile = -
+loglevel = debug
+
+#Metric and threshold for marking two HTML pages "different"
+# metric - what metric to use, either "markup" or "bsdiff"
+# threshold - float value in range [0, 1]; distance >= threshold will be reported
+[thresholds]
+metric = markup
+max_distance = 0.1
+
+#Debugging features
+# dump_graphviz_trie - dump ruleset trie in graphviz dot format, iff set to true.
+#	Default is false.
+# graphviz_file - graphviz output file, use - for stdout
+# exit_after_dump - do not continue with actual fetch/compare, only dump the
+#   trie and exit
+[debug]
+#dump_graphviz_trie = false
+graphviz_file = HTEC_trie.dot
+exit_after_dump = true
diff --git a/test/rules/coverage.checker.config b/test/rules/coverage.checker.config
new file mode 100644
index 000000000000..8b73bf7cff06
--- /dev/null
+++ b/test/rules/coverage.checker.config
@@ -0,0 +1,39 @@
+# Config for running https-everywhere-checker in coverage-only mode.
+# Only check whether rulesets have sufficient coverage with test URLs. If
+# any ruleset needs additional coverage, exit with status 1. No HTTP fetching.
+[rulesets]
+rulesdir = src/chrome/content/rules
+check_coverage = true
+check_target_validity = true
+check_nonmatch_groups = true
+check_test_formatting = true
+include_default_off = false
+skiplist = utils/ruleset-allowlist.csv
+skipfield = 1
+
+[certificates]
+basedir = test/rules/platform_certs
+
+[http]
+# user_agent should be that of the latest ESR version on which TBB is based on.
+# https://blog.torproject.org/browser-fingerprinting-introduction-and-challenges-ahead
+user_agent = Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
+# Don't bother doing HTTP, we are just checking coverage and want it to be fast.
+enabled = false
+connect_timeout = 20
+read_timeout = 30
+redirect_depth = 10
+threads = 10
+fetch_in_subprocess = false
+
+[log]
+logfile = -
+loglevel = error
+
+[thresholds]
+metric = markup
+max_distance = 0.1
+
+[debug]
+graphviz_file = HTEC_trie.dot
+exit_after_dump = true
diff --git a/test/rules/disable-broken-rulesets.checker.config b/test/rules/disable-broken-rulesets.checker.config
new file mode 100644
index 000000000000..f9156a3e4f62
--- /dev/null
+++ b/test/rules/disable-broken-rulesets.checker.config
@@ -0,0 +1,33 @@
+# Config for fetching test URLs for all rulesets and auto-disabling any rulesets
+# that fail.
+[rulesets]
+rulesdir = src/chrome/content/rules
+check_coverage = false
+auto_disable = true
+include_default_off = false
+
+[certificates]
+# Certificate trust anchors for checking chains in HTTPS connections
+basedir = test/rules/platform_certs
+
+[http]
+user_agent = Mozilla/5.0 (X11; Linux x86_64; rv:36.0) Gecko/20100101 Firefox/36.0
+enabled = true
+connect_timeout = 20
+read_timeout = 30
+redirect_depth = 10
+threads = 20
+fetch_in_subprocess = false
+ssl_version = TLSv1_2
+
+[log]
+logfile = -
+loglevel = info
+
+[thresholds]
+metric = markup
+max_distance = 0.1
+
+[debug]
+graphviz_file = HTEC_trie.dot
+exit_after_dump = true
diff --git a/test/rules/http.checker.config b/test/rules/http.checker.config
new file mode 100644
index 000000000000..ecdd8e36d802
--- /dev/null
+++ b/test/rules/http.checker.config
@@ -0,0 +1,40 @@
+# Config for checking connections of non-default_off rules
+# without checking coverage.
+[rulesets]
+# Directory with XML files describing HTTPS Everywhere rulesets
+rulesdir = src/chrome/content/rules
+check_coverage = false
+check_nonmatch_groups = false
+check_test_formatting = false
+auto_disable = false
+include_default_off = false
+skiplist = utils/ruleset-allowlist.csv
+skipfield = 2
+
+[certificates]
+# Certificate trust anchors for checking chains in HTTPS connections
+basedir = test/rules/platform_certs
+
+[http]
+# user_agent should be that of the latest ESR version on which TBB is based on.
+# https://blog.torproject.org/browser-fingerprinting-introduction-and-challenges-ahead
+user_agent = Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
+enabled = true
+connect_timeout = 20
+read_timeout = 30
+redirect_depth = 10
+threads = 40
+fetch_in_subprocess = false
+ssl_version = TLSv1_2
+
+[log]
+logfile = -
+loglevel = info
+
+[thresholds]
+metric = markup
+max_distance = 0.1
+
+[debug]
+graphviz_file = HTEC_trie.dot
+exit_after_dump = true
diff --git a/test/rules/manual.checker.config b/test/rules/manual.checker.config
new file mode 100644
index 000000000000..74066fc6ae43
--- /dev/null
+++ b/test/rules/manual.checker.config
@@ -0,0 +1,36 @@
+# Config for checking single rules or a handful of rules manually while working
+# on them.
+[rulesets]
+# Directory with XML files describing HTTPS Everywhere rulesets
+rulesdir = src/chrome/content/rules
+check_coverage = true
+auto_disable = false
+include_default_off = true
+check_target_validity = true
+
+[certificates]
+# Certificate trust anchors for checking chains in HTTPS connections
+basedir = test/rules/platform_certs
+
+[http]
+# user_agent should be that of the latest ESR version on which TBB is based on.
+# https://blog.torproject.org/browser-fingerprinting-introduction-and-challenges-ahead
+user_agent = Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
+enabled = true
+connect_timeout = 20
+read_timeout = 30
+redirect_depth = 10
+threads = 40
+fetch_in_subprocess = false
+
+[log]
+logfile = -
+loglevel = info
+
+[thresholds]
+metric = markup
+max_distance = 0.1
+
+[debug]
+graphviz_file = HTEC_trie.dot
+exit_after_dump = true
diff --git a/test/rules/platform_certs/default/00673b5b.0 b/test/rules/platform_certs/default/00673b5b.0
new file mode 120000
index 000000000000..302405f29057
--- /dev/null
+++ b/test/rules/platform_certs/default/00673b5b.0
@@ -0,0 +1 @@
+cert028.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/02265526.0 b/test/rules/platform_certs/default/02265526.0
new file mode 120000
index 000000000000..62f8be0348c9
--- /dev/null
+++ b/test/rules/platform_certs/default/02265526.0
@@ -0,0 +1 @@
+cert100.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/03179a64.0 b/test/rules/platform_certs/default/03179a64.0
new file mode 120000
index 000000000000..fecfe84b3ea3
--- /dev/null
+++ b/test/rules/platform_certs/default/03179a64.0
@@ -0,0 +1 @@
+cert097.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/04f60c28.0 b/test/rules/platform_certs/default/04f60c28.0
new file mode 120000
index 000000000000..fe8b7f684bf0
--- /dev/null
+++ b/test/rules/platform_certs/default/04f60c28.0
@@ -0,0 +1 @@
+cert093.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/062cdee6.0 b/test/rules/platform_certs/default/062cdee6.0
new file mode 120000
index 000000000000..07df9b5eca3e
--- /dev/null
+++ b/test/rules/platform_certs/default/062cdee6.0
@@ -0,0 +1 @@
+cert051.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/064e0aa9.0 b/test/rules/platform_certs/default/064e0aa9.0
new file mode 120000
index 000000000000..b81347e699c8
--- /dev/null
+++ b/test/rules/platform_certs/default/064e0aa9.0
@@ -0,0 +1 @@
+cert084.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/06dc52d5.0 b/test/rules/platform_certs/default/06dc52d5.0
new file mode 120000
index 000000000000..d358a74650d5
--- /dev/null
+++ b/test/rules/platform_certs/default/06dc52d5.0
@@ -0,0 +1 @@
+cert122.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/080911ac.0 b/test/rules/platform_certs/default/080911ac.0
new file mode 120000
index 000000000000..d752b5b008b5
--- /dev/null
+++ b/test/rules/platform_certs/default/080911ac.0
@@ -0,0 +1 @@
+cert012.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/09789157.0 b/test/rules/platform_certs/default/09789157.0
new file mode 120000
index 000000000000..0413f9be7825
--- /dev/null
+++ b/test/rules/platform_certs/default/09789157.0
@@ -0,0 +1 @@
+cert058.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/0a775a30.0 b/test/rules/platform_certs/default/0a775a30.0
new file mode 120000
index 000000000000..158192fc7dde
--- /dev/null
+++ b/test/rules/platform_certs/default/0a775a30.0
@@ -0,0 +1 @@
+cert128.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/0b1b94ef.0 b/test/rules/platform_certs/default/0b1b94ef.0
new file mode 120000
index 000000000000..92d55d0abb91
--- /dev/null
+++ b/test/rules/platform_certs/default/0b1b94ef.0
@@ -0,0 +1 @@
+cert102.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/0bf05006.0 b/test/rules/platform_certs/default/0bf05006.0
new file mode 120000
index 000000000000..fbeb5ff12554
--- /dev/null
+++ b/test/rules/platform_certs/default/0bf05006.0
@@ -0,0 +1 @@
+cert121.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/0c4c9b6c.0 b/test/rules/platform_certs/default/0c4c9b6c.0
new file mode 120000
index 000000000000..426310756475
--- /dev/null
+++ b/test/rules/platform_certs/default/0c4c9b6c.0
@@ -0,0 +1 @@
+cert055.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/0d69c7e1.0 b/test/rules/platform_certs/default/0d69c7e1.0
new file mode 120000
index 000000000000..6d6bdec5e46b
--- /dev/null
+++ b/test/rules/platform_certs/default/0d69c7e1.0
@@ -0,0 +1 @@
+cert094.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/0f5dc4f3.0 b/test/rules/platform_certs/default/0f5dc4f3.0
new file mode 120000
index 000000000000..68fd619a62a8
--- /dev/null
+++ b/test/rules/platform_certs/default/0f5dc4f3.0
@@ -0,0 +1 @@
+cert131.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/0f6fa695.0 b/test/rules/platform_certs/default/0f6fa695.0
new file mode 120000
index 000000000000..dc215b21fff3
--- /dev/null
+++ b/test/rules/platform_certs/default/0f6fa695.0
@@ -0,0 +1 @@
+cert116.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/1001acf7.0 b/test/rules/platform_certs/default/1001acf7.0
new file mode 120000
index 000000000000..4cb45c9ec0e0
--- /dev/null
+++ b/test/rules/platform_certs/default/1001acf7.0
@@ -0,0 +1 @@
+cert126.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/10531352.0 b/test/rules/platform_certs/default/10531352.0
new file mode 120000
index 000000000000..0413f9be7825
--- /dev/null
+++ b/test/rules/platform_certs/default/10531352.0
@@ -0,0 +1 @@
+cert058.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/106f3e4d.0 b/test/rules/platform_certs/default/106f3e4d.0
new file mode 120000
index 000000000000..ecbee746f069
--- /dev/null
+++ b/test/rules/platform_certs/default/106f3e4d.0
@@ -0,0 +1 @@
+cert101.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/111e6273.0 b/test/rules/platform_certs/default/111e6273.0
new file mode 120000
index 000000000000..97e8273eff0f
--- /dev/null
+++ b/test/rules/platform_certs/default/111e6273.0
@@ -0,0 +1 @@
+cert002.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/116bf586.0 b/test/rules/platform_certs/default/116bf586.0
new file mode 120000
index 000000000000..cf064caaea2f
--- /dev/null
+++ b/test/rules/platform_certs/default/116bf586.0
@@ -0,0 +1 @@
+cert043.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/128805a3.0 b/test/rules/platform_certs/default/128805a3.0
new file mode 120000
index 000000000000..3cae6c5e8d73
--- /dev/null
+++ b/test/rules/platform_certs/default/128805a3.0
@@ -0,0 +1 @@
+cert073.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/12d55845.0 b/test/rules/platform_certs/default/12d55845.0
new file mode 120000
index 000000000000..bae4f779ba1e
--- /dev/null
+++ b/test/rules/platform_certs/default/12d55845.0
@@ -0,0 +1 @@
+cert024.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/14bc7599.0 b/test/rules/platform_certs/default/14bc7599.0
new file mode 120000
index 000000000000..ac3fdcd6aae6
--- /dev/null
+++ b/test/rules/platform_certs/default/14bc7599.0
@@ -0,0 +1 @@
+cert134.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/157753a5.0 b/test/rules/platform_certs/default/157753a5.0
new file mode 120000
index 000000000000..62d8c8df6ceb
--- /dev/null
+++ b/test/rules/platform_certs/default/157753a5.0
@@ -0,0 +1 @@
+cert006.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/1636090b.0 b/test/rules/platform_certs/default/1636090b.0
new file mode 120000
index 000000000000..fd0b85b2c438
--- /dev/null
+++ b/test/rules/platform_certs/default/1636090b.0
@@ -0,0 +1 @@
+cert067.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/18856ac4.0 b/test/rules/platform_certs/default/18856ac4.0
new file mode 120000
index 000000000000..a569193e45b9
--- /dev/null
+++ b/test/rules/platform_certs/default/18856ac4.0
@@ -0,0 +1 @@
+cert049.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/1d3472b9.0 b/test/rules/platform_certs/default/1d3472b9.0
new file mode 120000
index 000000000000..8e9e075e0404
--- /dev/null
+++ b/test/rules/platform_certs/default/1d3472b9.0
@@ -0,0 +1 @@
+cert095.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/1dcd6f4c.0 b/test/rules/platform_certs/default/1dcd6f4c.0
new file mode 120000
index 000000000000..73fc246f6c27
--- /dev/null
+++ b/test/rules/platform_certs/default/1dcd6f4c.0
@@ -0,0 +1 @@
+cert020.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/1df5a75f.0 b/test/rules/platform_certs/default/1df5a75f.0
new file mode 120000
index 000000000000..924725c67632
--- /dev/null
+++ b/test/rules/platform_certs/default/1df5a75f.0
@@ -0,0 +1 @@
+cert074.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/1e08bfd1.0 b/test/rules/platform_certs/default/1e08bfd1.0
new file mode 120000
index 000000000000..14cb25329686
--- /dev/null
+++ b/test/rules/platform_certs/default/1e08bfd1.0
@@ -0,0 +1 @@
+cert099.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/1e09d511.0 b/test/rules/platform_certs/default/1e09d511.0
new file mode 120000
index 000000000000..68c876e8ea1b
--- /dev/null
+++ b/test/rules/platform_certs/default/1e09d511.0
@@ -0,0 +1 @@
+cert081.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/1e1eab7c.0 b/test/rules/platform_certs/default/1e1eab7c.0
new file mode 120000
index 000000000000..590f09763ca0
--- /dev/null
+++ b/test/rules/platform_certs/default/1e1eab7c.0
@@ -0,0 +1 @@
+cert072.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/1e8e7201.0 b/test/rules/platform_certs/default/1e8e7201.0
new file mode 120000
index 000000000000..07df9b5eca3e
--- /dev/null
+++ b/test/rules/platform_certs/default/1e8e7201.0
@@ -0,0 +1 @@
+cert051.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/1eb37bdf.0 b/test/rules/platform_certs/default/1eb37bdf.0
new file mode 120000
index 000000000000..14745ca2234d
--- /dev/null
+++ b/test/rules/platform_certs/default/1eb37bdf.0
@@ -0,0 +1 @@
+cert054.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/1f58a078.0 b/test/rules/platform_certs/default/1f58a078.0
new file mode 120000
index 000000000000..b81347e699c8
--- /dev/null
+++ b/test/rules/platform_certs/default/1f58a078.0
@@ -0,0 +1 @@
+cert084.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/219d9499.0 b/test/rules/platform_certs/default/219d9499.0
new file mode 120000
index 000000000000..a5914a9ae27a
--- /dev/null
+++ b/test/rules/platform_certs/default/219d9499.0
@@ -0,0 +1 @@
+cert018.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/23f4c490.0 b/test/rules/platform_certs/default/23f4c490.0
new file mode 120000
index 000000000000..6d3afc9f7b75
--- /dev/null
+++ b/test/rules/platform_certs/default/23f4c490.0
@@ -0,0 +1 @@
+cert019.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/244b5494.0 b/test/rules/platform_certs/default/244b5494.0
new file mode 120000
index 000000000000..5ba8f65d5e5e
--- /dev/null
+++ b/test/rules/platform_certs/default/244b5494.0
@@ -0,0 +1 @@
+cert023.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/27af790d.0 b/test/rules/platform_certs/default/27af790d.0
new file mode 120000
index 000000000000..cf064caaea2f
--- /dev/null
+++ b/test/rules/platform_certs/default/27af790d.0
@@ -0,0 +1 @@
+cert043.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/2923b3f9.0 b/test/rules/platform_certs/default/2923b3f9.0
new file mode 120000
index 000000000000..fe08ce674247
--- /dev/null
+++ b/test/rules/platform_certs/default/2923b3f9.0
@@ -0,0 +1 @@
+cert133.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/2add47b6.0 b/test/rules/platform_certs/default/2add47b6.0
new file mode 120000
index 000000000000..8e9e075e0404
--- /dev/null
+++ b/test/rules/platform_certs/default/2add47b6.0
@@ -0,0 +1 @@
+cert095.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/2ae6433e.0 b/test/rules/platform_certs/default/2ae6433e.0
new file mode 120000
index 000000000000..dcfdea4695e9
--- /dev/null
+++ b/test/rules/platform_certs/default/2ae6433e.0
@@ -0,0 +1 @@
+cert076.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/2b349938.0 b/test/rules/platform_certs/default/2b349938.0
new file mode 120000
index 000000000000..fa7fca3f2ea3
--- /dev/null
+++ b/test/rules/platform_certs/default/2b349938.0
@@ -0,0 +1 @@
+cert059.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/2c543cd1.0 b/test/rules/platform_certs/default/2c543cd1.0
new file mode 120000
index 000000000000..7cabe938c30a
--- /dev/null
+++ b/test/rules/platform_certs/default/2c543cd1.0
@@ -0,0 +1 @@
+cert008.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/2d9dafe4.0 b/test/rules/platform_certs/default/2d9dafe4.0
new file mode 120000
index 000000000000..234aa2b2c2cc
--- /dev/null
+++ b/test/rules/platform_certs/default/2d9dafe4.0
@@ -0,0 +1 @@
+cert071.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/2e4eed3c.0 b/test/rules/platform_certs/default/2e4eed3c.0
new file mode 120000
index 000000000000..302405f29057
--- /dev/null
+++ b/test/rules/platform_certs/default/2e4eed3c.0
@@ -0,0 +1 @@
+cert028.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/2e5ac55d.0 b/test/rules/platform_certs/default/2e5ac55d.0
new file mode 120000
index 000000000000..bae4f779ba1e
--- /dev/null
+++ b/test/rules/platform_certs/default/2e5ac55d.0
@@ -0,0 +1 @@
+cert024.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/2fa87019.0 b/test/rules/platform_certs/default/2fa87019.0
new file mode 120000
index 000000000000..2089bf3e0005
--- /dev/null
+++ b/test/rules/platform_certs/default/2fa87019.0
@@ -0,0 +1 @@
+cert033.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/302904dd.0 b/test/rules/platform_certs/default/302904dd.0
new file mode 120000
index 000000000000..bbce6c435741
--- /dev/null
+++ b/test/rules/platform_certs/default/302904dd.0
@@ -0,0 +1 @@
+cert132.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/304d27c3.0 b/test/rules/platform_certs/default/304d27c3.0
new file mode 120000
index 000000000000..3b86526d9425
--- /dev/null
+++ b/test/rules/platform_certs/default/304d27c3.0
@@ -0,0 +1 @@
+cert130.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/31188b5e.0 b/test/rules/platform_certs/default/31188b5e.0
new file mode 120000
index 000000000000..d3d34182b0b4
--- /dev/null
+++ b/test/rules/platform_certs/default/31188b5e.0
@@ -0,0 +1 @@
+cert115.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/32888f65.0 b/test/rules/platform_certs/default/32888f65.0
new file mode 120000
index 000000000000..ad1a2c9e4e96
--- /dev/null
+++ b/test/rules/platform_certs/default/32888f65.0
@@ -0,0 +1 @@
+cert106.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/33ee480d.0 b/test/rules/platform_certs/default/33ee480d.0
new file mode 120000
index 000000000000..498662811fe8
--- /dev/null
+++ b/test/rules/platform_certs/default/33ee480d.0
@@ -0,0 +1 @@
+cert120.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/343eb6cb.0 b/test/rules/platform_certs/default/343eb6cb.0
new file mode 120000
index 000000000000..565938c977ad
--- /dev/null
+++ b/test/rules/platform_certs/default/343eb6cb.0
@@ -0,0 +1 @@
+cert037.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/349f2832.0 b/test/rules/platform_certs/default/349f2832.0
new file mode 120000
index 000000000000..5b97615af165
--- /dev/null
+++ b/test/rules/platform_certs/default/349f2832.0
@@ -0,0 +1 @@
+cert066.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/35105088.0 b/test/rules/platform_certs/default/35105088.0
new file mode 120000
index 000000000000..4d799e74ef9e
--- /dev/null
+++ b/test/rules/platform_certs/default/35105088.0
@@ -0,0 +1 @@
+cert092.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/3513523f.0 b/test/rules/platform_certs/default/3513523f.0
new file mode 120000
index 000000000000..cb763a0db33c
--- /dev/null
+++ b/test/rules/platform_certs/default/3513523f.0
@@ -0,0 +1 @@
+cert022.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/399e7759.0 b/test/rules/platform_certs/default/399e7759.0
new file mode 120000
index 000000000000..cb763a0db33c
--- /dev/null
+++ b/test/rules/platform_certs/default/399e7759.0
@@ -0,0 +1 @@
+cert022.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/3a3b02ce.0 b/test/rules/platform_certs/default/3a3b02ce.0
new file mode 120000
index 000000000000..dfc09b96e7a1
--- /dev/null
+++ b/test/rules/platform_certs/default/3a3b02ce.0
@@ -0,0 +1 @@
+cert035.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/3ad48a91.0 b/test/rules/platform_certs/default/3ad48a91.0
new file mode 120000
index 000000000000..d4fbe1793401
--- /dev/null
+++ b/test/rules/platform_certs/default/3ad48a91.0
@@ -0,0 +1 @@
+cert005.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/3bde41ac.0 b/test/rules/platform_certs/default/3bde41ac.0
new file mode 120000
index 000000000000..caeacfb82a92
--- /dev/null
+++ b/test/rules/platform_certs/default/3bde41ac.0
@@ -0,0 +1 @@
+cert052.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/3c58f906.0 b/test/rules/platform_certs/default/3c58f906.0
new file mode 120000
index 000000000000..62d8c8df6ceb
--- /dev/null
+++ b/test/rules/platform_certs/default/3c58f906.0
@@ -0,0 +1 @@
+cert006.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/3c6676aa.0 b/test/rules/platform_certs/default/3c6676aa.0
new file mode 120000
index 000000000000..fecfe84b3ea3
--- /dev/null
+++ b/test/rules/platform_certs/default/3c6676aa.0
@@ -0,0 +1 @@
+cert097.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/3c860d51.0 b/test/rules/platform_certs/default/3c860d51.0
new file mode 120000
index 000000000000..e71a9e353763
--- /dev/null
+++ b/test/rules/platform_certs/default/3c860d51.0
@@ -0,0 +1 @@
+cert025.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/3c899c73.0 b/test/rules/platform_certs/default/3c899c73.0
new file mode 120000
index 000000000000..be63f53484ff
--- /dev/null
+++ b/test/rules/platform_certs/default/3c899c73.0
@@ -0,0 +1 @@
+cert125.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/3c9a4d3b.0 b/test/rules/platform_certs/default/3c9a4d3b.0
new file mode 120000
index 000000000000..31b630c7c1ed
--- /dev/null
+++ b/test/rules/platform_certs/default/3c9a4d3b.0
@@ -0,0 +1 @@
+cert077.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/3d441de8.0 b/test/rules/platform_certs/default/3d441de8.0
new file mode 120000
index 000000000000..91faf4e1386e
--- /dev/null
+++ b/test/rules/platform_certs/default/3d441de8.0
@@ -0,0 +1 @@
+cert047.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/3e44d2f7.0 b/test/rules/platform_certs/default/3e44d2f7.0
new file mode 120000
index 000000000000..09d377c2dbdf
--- /dev/null
+++ b/test/rules/platform_certs/default/3e44d2f7.0
@@ -0,0 +1 @@
+cert118.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/3e45d192.0 b/test/rules/platform_certs/default/3e45d192.0
new file mode 120000
index 000000000000..48214313f446
--- /dev/null
+++ b/test/rules/platform_certs/default/3e45d192.0
@@ -0,0 +1 @@
+cert048.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/3e7271e8.0 b/test/rules/platform_certs/default/3e7271e8.0
new file mode 120000
index 000000000000..b7bed8af659f
--- /dev/null
+++ b/test/rules/platform_certs/default/3e7271e8.0
@@ -0,0 +1 @@
+cert004.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/40193066.0 b/test/rules/platform_certs/default/40193066.0
new file mode 120000
index 000000000000..2d41f6757f8c
--- /dev/null
+++ b/test/rules/platform_certs/default/40193066.0
@@ -0,0 +1 @@
+cert105.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/4042bcee.0 b/test/rules/platform_certs/default/4042bcee.0
new file mode 120000
index 000000000000..b07ab0a7620c
--- /dev/null
+++ b/test/rules/platform_certs/default/4042bcee.0
@@ -0,0 +1 @@
+cert108.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/40547a79.0 b/test/rules/platform_certs/default/40547a79.0
new file mode 120000
index 000000000000..94b886e2cf5d
--- /dev/null
+++ b/test/rules/platform_certs/default/40547a79.0
@@ -0,0 +1 @@
+cert032.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/406c9bb1.0 b/test/rules/platform_certs/default/406c9bb1.0
new file mode 120000
index 000000000000..c64998b14fa3
--- /dev/null
+++ b/test/rules/platform_certs/default/406c9bb1.0
@@ -0,0 +1 @@
+cert135.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/40dc992e.0 b/test/rules/platform_certs/default/40dc992e.0
new file mode 120000
index 000000000000..fd0b85b2c438
--- /dev/null
+++ b/test/rules/platform_certs/default/40dc992e.0
@@ -0,0 +1 @@
+cert067.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/4304c5e5.0 b/test/rules/platform_certs/default/4304c5e5.0
new file mode 120000
index 000000000000..2089bf3e0005
--- /dev/null
+++ b/test/rules/platform_certs/default/4304c5e5.0
@@ -0,0 +1 @@
+cert033.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/455f1b52.0 b/test/rules/platform_certs/default/455f1b52.0
new file mode 120000
index 000000000000..62f8be0348c9
--- /dev/null
+++ b/test/rules/platform_certs/default/455f1b52.0
@@ -0,0 +1 @@
+cert100.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/480720ec.0 b/test/rules/platform_certs/default/480720ec.0
new file mode 120000
index 000000000000..184c078f7fc0
--- /dev/null
+++ b/test/rules/platform_certs/default/480720ec.0
@@ -0,0 +1 @@
+cert027.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/48a195d8.0 b/test/rules/platform_certs/default/48a195d8.0
new file mode 120000
index 000000000000..4509178e43b6
--- /dev/null
+++ b/test/rules/platform_certs/default/48a195d8.0
@@ -0,0 +1 @@
+cert053.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/48bec511.0 b/test/rules/platform_certs/default/48bec511.0
new file mode 120000
index 000000000000..eec3208f5839
--- /dev/null
+++ b/test/rules/platform_certs/default/48bec511.0
@@ -0,0 +1 @@
+cert063.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/4a6481c9.0 b/test/rules/platform_certs/default/4a6481c9.0
new file mode 120000
index 000000000000..97e8273eff0f
--- /dev/null
+++ b/test/rules/platform_certs/default/4a6481c9.0
@@ -0,0 +1 @@
+cert002.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/4b718d9b.0 b/test/rules/platform_certs/default/4b718d9b.0
new file mode 120000
index 000000000000..2707f01ae817
--- /dev/null
+++ b/test/rules/platform_certs/default/4b718d9b.0
@@ -0,0 +1 @@
+cert136.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/4be590e0.0 b/test/rules/platform_certs/default/4be590e0.0
new file mode 120000
index 000000000000..14cb25329686
--- /dev/null
+++ b/test/rules/platform_certs/default/4be590e0.0
@@ -0,0 +1 @@
+cert099.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/4bfab552.0 b/test/rules/platform_certs/default/4bfab552.0
new file mode 120000
index 000000000000..07968211a11f
--- /dev/null
+++ b/test/rules/platform_certs/default/4bfab552.0
@@ -0,0 +1 @@
+cert057.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/4f316efb.0 b/test/rules/platform_certs/default/4f316efb.0
new file mode 120000
index 000000000000..e71a9e353763
--- /dev/null
+++ b/test/rules/platform_certs/default/4f316efb.0
@@ -0,0 +1 @@
+cert025.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/5046c355.0 b/test/rules/platform_certs/default/5046c355.0
new file mode 120000
index 000000000000..3b6c44b909cc
--- /dev/null
+++ b/test/rules/platform_certs/default/5046c355.0
@@ -0,0 +1 @@
+cert026.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/524d9b43.0 b/test/rules/platform_certs/default/524d9b43.0
new file mode 120000
index 000000000000..f70c743200ef
--- /dev/null
+++ b/test/rules/platform_certs/default/524d9b43.0
@@ -0,0 +1 @@
+cert044.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/5273a94c.0 b/test/rules/platform_certs/default/5273a94c.0
new file mode 120000
index 000000000000..62897b262628
--- /dev/null
+++ b/test/rules/platform_certs/default/5273a94c.0
@@ -0,0 +1 @@
+cert080.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/52b525c7.0 b/test/rules/platform_certs/default/52b525c7.0
new file mode 120000
index 000000000000..5d47613f1135
--- /dev/null
+++ b/test/rules/platform_certs/default/52b525c7.0
@@ -0,0 +1 @@
+cert083.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/5443e9e3.0 b/test/rules/platform_certs/default/5443e9e3.0
new file mode 120000
index 000000000000..590f09763ca0
--- /dev/null
+++ b/test/rules/platform_certs/default/5443e9e3.0
@@ -0,0 +1 @@
+cert072.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/54657681.0 b/test/rules/platform_certs/default/54657681.0
new file mode 120000
index 000000000000..fd8f34d766f4
--- /dev/null
+++ b/test/rules/platform_certs/default/54657681.0
@@ -0,0 +1 @@
+cert070.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/57bcb2da.0 b/test/rules/platform_certs/default/57bcb2da.0
new file mode 120000
index 000000000000..3b6c44b909cc
--- /dev/null
+++ b/test/rules/platform_certs/default/57bcb2da.0
@@ -0,0 +1 @@
+cert026.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/583d0756.0 b/test/rules/platform_certs/default/583d0756.0
new file mode 120000
index 000000000000..d358a74650d5
--- /dev/null
+++ b/test/rules/platform_certs/default/583d0756.0
@@ -0,0 +1 @@
+cert122.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/5a250ea7.0 b/test/rules/platform_certs/default/5a250ea7.0
new file mode 120000
index 000000000000..aa04b7c3f5bf
--- /dev/null
+++ b/test/rules/platform_certs/default/5a250ea7.0
@@ -0,0 +1 @@
+cert096.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/5a3f0ff8.0 b/test/rules/platform_certs/default/5a3f0ff8.0
new file mode 120000
index 000000000000..94b886e2cf5d
--- /dev/null
+++ b/test/rules/platform_certs/default/5a3f0ff8.0
@@ -0,0 +1 @@
+cert032.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/5a4d6896.0 b/test/rules/platform_certs/default/5a4d6896.0
new file mode 120000
index 000000000000..aa04b7c3f5bf
--- /dev/null
+++ b/test/rules/platform_certs/default/5a4d6896.0
@@ -0,0 +1 @@
+cert096.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/5acf816d.0 b/test/rules/platform_certs/default/5acf816d.0
new file mode 120000
index 000000000000..b293d2f9656d
--- /dev/null
+++ b/test/rules/platform_certs/default/5acf816d.0
@@ -0,0 +1 @@
+cert129.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/5ad8a5d6.0 b/test/rules/platform_certs/default/5ad8a5d6.0
new file mode 120000
index 000000000000..bbd07385c8a6
--- /dev/null
+++ b/test/rules/platform_certs/default/5ad8a5d6.0
@@ -0,0 +1 @@
+cert001.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/5c44d531.0 b/test/rules/platform_certs/default/5c44d531.0
new file mode 120000
index 000000000000..91faf4e1386e
--- /dev/null
+++ b/test/rules/platform_certs/default/5c44d531.0
@@ -0,0 +1 @@
+cert047.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/5cd81ad7.0 b/test/rules/platform_certs/default/5cd81ad7.0
new file mode 120000
index 000000000000..b4ef283ffd60
--- /dev/null
+++ b/test/rules/platform_certs/default/5cd81ad7.0
@@ -0,0 +1 @@
+cert079.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/5cf9d536.0 b/test/rules/platform_certs/default/5cf9d536.0
new file mode 120000
index 000000000000..d752b5b008b5
--- /dev/null
+++ b/test/rules/platform_certs/default/5cf9d536.0
@@ -0,0 +1 @@
+cert012.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/5d3033c5.0 b/test/rules/platform_certs/default/5d3033c5.0
new file mode 120000
index 000000000000..3f7d7d6c2ac4
--- /dev/null
+++ b/test/rules/platform_certs/default/5d3033c5.0
@@ -0,0 +1 @@
+cert117.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/5e4e69e7.0 b/test/rules/platform_certs/default/5e4e69e7.0
new file mode 120000
index 000000000000..a151a41100d0
--- /dev/null
+++ b/test/rules/platform_certs/default/5e4e69e7.0
@@ -0,0 +1 @@
+cert045.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/5e98733a.0 b/test/rules/platform_certs/default/5e98733a.0
new file mode 120000
index 000000000000..b02322a14ba4
--- /dev/null
+++ b/test/rules/platform_certs/default/5e98733a.0
@@ -0,0 +1 @@
+cert138.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/5f15c80c.0 b/test/rules/platform_certs/default/5f15c80c.0
new file mode 120000
index 000000000000..6c367fd21202
--- /dev/null
+++ b/test/rules/platform_certs/default/5f15c80c.0
@@ -0,0 +1 @@
+cert078.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/5f47b495.0 b/test/rules/platform_certs/default/5f47b495.0
new file mode 120000
index 000000000000..cd5cecffb316
--- /dev/null
+++ b/test/rules/platform_certs/default/5f47b495.0
@@ -0,0 +1 @@
+cert068.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/607986c7.0 b/test/rules/platform_certs/default/607986c7.0
new file mode 120000
index 000000000000..20b6b56b9c5f
--- /dev/null
+++ b/test/rules/platform_certs/default/607986c7.0
@@ -0,0 +1 @@
+cert088.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/60afe812.0 b/test/rules/platform_certs/default/60afe812.0
new file mode 120000
index 000000000000..ad82a9029e39
--- /dev/null
+++ b/test/rules/platform_certs/default/60afe812.0
@@ -0,0 +1 @@
+cert046.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/6187b673.0 b/test/rules/platform_certs/default/6187b673.0
new file mode 120000
index 000000000000..b07ab0a7620c
--- /dev/null
+++ b/test/rules/platform_certs/default/6187b673.0
@@ -0,0 +1 @@
+cert108.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/626dceaf.0 b/test/rules/platform_certs/default/626dceaf.0
new file mode 120000
index 000000000000..d5f16f42cfce
--- /dev/null
+++ b/test/rules/platform_certs/default/626dceaf.0
@@ -0,0 +1 @@
+cert127.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/63a2c897.0 b/test/rules/platform_certs/default/63a2c897.0
new file mode 120000
index 000000000000..b4ef283ffd60
--- /dev/null
+++ b/test/rules/platform_certs/default/63a2c897.0
@@ -0,0 +1 @@
+cert079.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/6410666e.0 b/test/rules/platform_certs/default/6410666e.0
new file mode 120000
index 000000000000..73fc246f6c27
--- /dev/null
+++ b/test/rules/platform_certs/default/6410666e.0
@@ -0,0 +1 @@
+cert020.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/653b494a.0 b/test/rules/platform_certs/default/653b494a.0
new file mode 120000
index 000000000000..d4fbe1793401
--- /dev/null
+++ b/test/rules/platform_certs/default/653b494a.0
@@ -0,0 +1 @@
+cert005.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/67495436.0 b/test/rules/platform_certs/default/67495436.0
new file mode 120000
index 000000000000..214c9452624b
--- /dev/null
+++ b/test/rules/platform_certs/default/67495436.0
@@ -0,0 +1 @@
+cert042.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/68dd7389.0 b/test/rules/platform_certs/default/68dd7389.0
new file mode 120000
index 000000000000..2a40c649daa9
--- /dev/null
+++ b/test/rules/platform_certs/default/68dd7389.0
@@ -0,0 +1 @@
+cert137.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/69105f4f.0 b/test/rules/platform_certs/default/69105f4f.0
new file mode 120000
index 000000000000..1a4e06971594
--- /dev/null
+++ b/test/rules/platform_certs/default/69105f4f.0
@@ -0,0 +1 @@
+cert021.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/6b03dec0.0 b/test/rules/platform_certs/default/6b03dec0.0
new file mode 120000
index 000000000000..158192fc7dde
--- /dev/null
+++ b/test/rules/platform_certs/default/6b03dec0.0
@@ -0,0 +1 @@
+cert128.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/6b99d060.0 b/test/rules/platform_certs/default/6b99d060.0
new file mode 120000
index 000000000000..b7c6ac77893d
--- /dev/null
+++ b/test/rules/platform_certs/default/6b99d060.0
@@ -0,0 +1 @@
+cert007.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/6d41d539.0 b/test/rules/platform_certs/default/6d41d539.0
new file mode 120000
index 000000000000..f79cc53a1883
--- /dev/null
+++ b/test/rules/platform_certs/default/6d41d539.0
@@ -0,0 +1 @@
+cert111.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/6fa5da56.0 b/test/rules/platform_certs/default/6fa5da56.0
new file mode 120000
index 000000000000..498662811fe8
--- /dev/null
+++ b/test/rules/platform_certs/default/6fa5da56.0
@@ -0,0 +1 @@
+cert120.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/706f604c.0 b/test/rules/platform_certs/default/706f604c.0
new file mode 120000
index 000000000000..5717d782c0b8
--- /dev/null
+++ b/test/rules/platform_certs/default/706f604c.0
@@ -0,0 +1 @@
+cert017.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/749e9e03.0 b/test/rules/platform_certs/default/749e9e03.0
new file mode 120000
index 000000000000..5d47613f1135
--- /dev/null
+++ b/test/rules/platform_certs/default/749e9e03.0
@@ -0,0 +1 @@
+cert083.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/75680d2e.0 b/test/rules/platform_certs/default/75680d2e.0
new file mode 120000
index 000000000000..f3d65f9515d0
--- /dev/null
+++ b/test/rules/platform_certs/default/75680d2e.0
@@ -0,0 +1 @@
+cert011.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/75d1b2ed.0 b/test/rules/platform_certs/default/75d1b2ed.0
new file mode 120000
index 000000000000..5d5f80e33054
--- /dev/null
+++ b/test/rules/platform_certs/default/75d1b2ed.0
@@ -0,0 +1 @@
+cert090.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/76579174.0 b/test/rules/platform_certs/default/76579174.0
new file mode 120000
index 000000000000..5717d782c0b8
--- /dev/null
+++ b/test/rules/platform_certs/default/76579174.0
@@ -0,0 +1 @@
+cert017.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/76cb8f92.0 b/test/rules/platform_certs/default/76cb8f92.0
new file mode 120000
index 000000000000..565938c977ad
--- /dev/null
+++ b/test/rules/platform_certs/default/76cb8f92.0
@@ -0,0 +1 @@
+cert037.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/76faf6c0.0 b/test/rules/platform_certs/default/76faf6c0.0
new file mode 120000
index 000000000000..be14627b585c
--- /dev/null
+++ b/test/rules/platform_certs/default/76faf6c0.0
@@ -0,0 +1 @@
+cert014.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/7719f463.0 b/test/rules/platform_certs/default/7719f463.0
new file mode 120000
index 000000000000..ee2dc90a4912
--- /dev/null
+++ b/test/rules/platform_certs/default/7719f463.0
@@ -0,0 +1 @@
+cert107.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/773e07ad.0 b/test/rules/platform_certs/default/773e07ad.0
new file mode 120000
index 000000000000..be63f53484ff
--- /dev/null
+++ b/test/rules/platform_certs/default/773e07ad.0
@@ -0,0 +1 @@
+cert125.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/7892ad52.0 b/test/rules/platform_certs/default/7892ad52.0
new file mode 120000
index 000000000000..8e03fa2ac01b
--- /dev/null
+++ b/test/rules/platform_certs/default/7892ad52.0
@@ -0,0 +1 @@
+cert123.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/7999be0d.0 b/test/rules/platform_certs/default/7999be0d.0
new file mode 120000
index 000000000000..7cabe938c30a
--- /dev/null
+++ b/test/rules/platform_certs/default/7999be0d.0
@@ -0,0 +1 @@
+cert008.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/7a7c655d.0 b/test/rules/platform_certs/default/7a7c655d.0
new file mode 120000
index 000000000000..4e69bf016efd
--- /dev/null
+++ b/test/rules/platform_certs/default/7a7c655d.0
@@ -0,0 +1 @@
+cert112.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/7a819ef2.0 b/test/rules/platform_certs/default/7a819ef2.0
new file mode 120000
index 000000000000..9d25f0e60cb0
--- /dev/null
+++ b/test/rules/platform_certs/default/7a819ef2.0
@@ -0,0 +1 @@
+cert013.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/7aaf71c0.0 b/test/rules/platform_certs/default/7aaf71c0.0
new file mode 120000
index 000000000000..5b20fc4c4385
--- /dev/null
+++ b/test/rules/platform_certs/default/7aaf71c0.0
@@ -0,0 +1 @@
+cert119.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/7c302982.0 b/test/rules/platform_certs/default/7c302982.0
new file mode 120000
index 000000000000..3f7d7d6c2ac4
--- /dev/null
+++ b/test/rules/platform_certs/default/7c302982.0
@@ -0,0 +1 @@
+cert117.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/7d0b38bd.0 b/test/rules/platform_certs/default/7d0b38bd.0
new file mode 120000
index 000000000000..a151a41100d0
--- /dev/null
+++ b/test/rules/platform_certs/default/7d0b38bd.0
@@ -0,0 +1 @@
+cert045.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/7d453d8f.0 b/test/rules/platform_certs/default/7d453d8f.0
new file mode 120000
index 000000000000..48fb898242bc
--- /dev/null
+++ b/test/rules/platform_certs/default/7d453d8f.0
@@ -0,0 +1 @@
+cert003.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/7f3d5d1d.0 b/test/rules/platform_certs/default/7f3d5d1d.0
new file mode 120000
index 000000000000..f43f71de09a2
--- /dev/null
+++ b/test/rules/platform_certs/default/7f3d5d1d.0
@@ -0,0 +1 @@
+cert087.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/8160b96c.0 b/test/rules/platform_certs/default/8160b96c.0
new file mode 120000
index 000000000000..f8a471e0b6e2
--- /dev/null
+++ b/test/rules/platform_certs/default/8160b96c.0
@@ -0,0 +1 @@
+cert050.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/81b9768f.0 b/test/rules/platform_certs/default/81b9768f.0
new file mode 120000
index 000000000000..5ba8f65d5e5e
--- /dev/null
+++ b/test/rules/platform_certs/default/81b9768f.0
@@ -0,0 +1 @@
+cert023.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/82223c44.0 b/test/rules/platform_certs/default/82223c44.0
new file mode 120000
index 000000000000..fd8f34d766f4
--- /dev/null
+++ b/test/rules/platform_certs/default/82223c44.0
@@ -0,0 +1 @@
+cert070.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/85cde254.0 b/test/rules/platform_certs/default/85cde254.0
new file mode 120000
index 000000000000..07968211a11f
--- /dev/null
+++ b/test/rules/platform_certs/default/85cde254.0
@@ -0,0 +1 @@
+cert057.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/86212b19.0 b/test/rules/platform_certs/default/86212b19.0
new file mode 120000
index 000000000000..d521e6e25fa9
--- /dev/null
+++ b/test/rules/platform_certs/default/86212b19.0
@@ -0,0 +1 @@
+cert060.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/869fbf79.0 b/test/rules/platform_certs/default/869fbf79.0
new file mode 120000
index 000000000000..2707f01ae817
--- /dev/null
+++ b/test/rules/platform_certs/default/869fbf79.0
@@ -0,0 +1 @@
+cert136.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/87753b0d.0 b/test/rules/platform_certs/default/87753b0d.0
new file mode 120000
index 000000000000..cd459c934ec9
--- /dev/null
+++ b/test/rules/platform_certs/default/87753b0d.0
@@ -0,0 +1 @@
+cert010.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/882de061.0 b/test/rules/platform_certs/default/882de061.0
new file mode 120000
index 000000000000..d0902e3730e9
--- /dev/null
+++ b/test/rules/platform_certs/default/882de061.0
@@ -0,0 +1 @@
+cert039.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/8867006a.0 b/test/rules/platform_certs/default/8867006a.0
new file mode 120000
index 000000000000..cd459c934ec9
--- /dev/null
+++ b/test/rules/platform_certs/default/8867006a.0
@@ -0,0 +1 @@
+cert010.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/88950faa.0 b/test/rules/platform_certs/default/88950faa.0
new file mode 120000
index 000000000000..fbeb5ff12554
--- /dev/null
+++ b/test/rules/platform_certs/default/88950faa.0
@@ -0,0 +1 @@
+cert121.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/89c02a45.0 b/test/rules/platform_certs/default/89c02a45.0
new file mode 120000
index 000000000000..cc53c2682802
--- /dev/null
+++ b/test/rules/platform_certs/default/89c02a45.0
@@ -0,0 +1 @@
+cert034.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/8cb5ee0f.0 b/test/rules/platform_certs/default/8cb5ee0f.0
new file mode 120000
index 000000000000..4e69bf016efd
--- /dev/null
+++ b/test/rules/platform_certs/default/8cb5ee0f.0
@@ -0,0 +1 @@
+cert112.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/8d6437c3.0 b/test/rules/platform_certs/default/8d6437c3.0
new file mode 120000
index 000000000000..e5bfdc4fd316
--- /dev/null
+++ b/test/rules/platform_certs/default/8d6437c3.0
@@ -0,0 +1 @@
+cert086.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/8d86cdd1.0 b/test/rules/platform_certs/default/8d86cdd1.0
new file mode 120000
index 000000000000..d0902e3730e9
--- /dev/null
+++ b/test/rules/platform_certs/default/8d86cdd1.0
@@ -0,0 +1 @@
+cert039.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/91739615.0 b/test/rules/platform_certs/default/91739615.0
new file mode 120000
index 000000000000..3cae6c5e8d73
--- /dev/null
+++ b/test/rules/platform_certs/default/91739615.0
@@ -0,0 +1 @@
+cert073.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/9282e51c.0 b/test/rules/platform_certs/default/9282e51c.0
new file mode 120000
index 000000000000..92d55d0abb91
--- /dev/null
+++ b/test/rules/platform_certs/default/9282e51c.0
@@ -0,0 +1 @@
+cert102.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/930ac5d2.0 b/test/rules/platform_certs/default/930ac5d2.0
new file mode 120000
index 000000000000..cd5cecffb316
--- /dev/null
+++ b/test/rules/platform_certs/default/930ac5d2.0
@@ -0,0 +1 @@
+cert068.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/9339512a.0 b/test/rules/platform_certs/default/9339512a.0
new file mode 120000
index 000000000000..be14627b585c
--- /dev/null
+++ b/test/rules/platform_certs/default/9339512a.0
@@ -0,0 +1 @@
+cert014.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/93bc0acc.0 b/test/rules/platform_certs/default/93bc0acc.0
new file mode 120000
index 000000000000..d521e6e25fa9
--- /dev/null
+++ b/test/rules/platform_certs/default/93bc0acc.0
@@ -0,0 +1 @@
+cert060.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/9479c8c3.0 b/test/rules/platform_certs/default/9479c8c3.0
new file mode 120000
index 000000000000..ee2dc90a4912
--- /dev/null
+++ b/test/rules/platform_certs/default/9479c8c3.0
@@ -0,0 +1 @@
+cert107.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/9576d26b.0 b/test/rules/platform_certs/default/9576d26b.0
new file mode 120000
index 000000000000..dcfdea4695e9
--- /dev/null
+++ b/test/rules/platform_certs/default/9576d26b.0
@@ -0,0 +1 @@
+cert076.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/95aff9e3.0 b/test/rules/platform_certs/default/95aff9e3.0
new file mode 120000
index 000000000000..eec3208f5839
--- /dev/null
+++ b/test/rules/platform_certs/default/95aff9e3.0
@@ -0,0 +1 @@
+cert063.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/9685a493.0 b/test/rules/platform_certs/default/9685a493.0
new file mode 120000
index 000000000000..48214313f446
--- /dev/null
+++ b/test/rules/platform_certs/default/9685a493.0
@@ -0,0 +1 @@
+cert048.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/9772ca32.0 b/test/rules/platform_certs/default/9772ca32.0
new file mode 120000
index 000000000000..184c078f7fc0
--- /dev/null
+++ b/test/rules/platform_certs/default/9772ca32.0
@@ -0,0 +1 @@
+cert027.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/985c1f52.0 b/test/rules/platform_certs/default/985c1f52.0
new file mode 120000
index 000000000000..4d3818fc7c3e
--- /dev/null
+++ b/test/rules/platform_certs/default/985c1f52.0
@@ -0,0 +1 @@
+cert124.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/988a38cb.0 b/test/rules/platform_certs/default/988a38cb.0
new file mode 120000
index 000000000000..ad82a9029e39
--- /dev/null
+++ b/test/rules/platform_certs/default/988a38cb.0
@@ -0,0 +1 @@
+cert046.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/9c2e7d30.0 b/test/rules/platform_certs/default/9c2e7d30.0
new file mode 120000
index 000000000000..80f821db43c6
--- /dev/null
+++ b/test/rules/platform_certs/default/9c2e7d30.0
@@ -0,0 +1 @@
+cert016.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/9c8dfbd4.0 b/test/rules/platform_certs/default/9c8dfbd4.0
new file mode 120000
index 000000000000..089e357b6505
--- /dev/null
+++ b/test/rules/platform_certs/default/9c8dfbd4.0
@@ -0,0 +1 @@
+cert062.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/9d04f354.0 b/test/rules/platform_certs/default/9d04f354.0
new file mode 120000
index 000000000000..e5bfdc4fd316
--- /dev/null
+++ b/test/rules/platform_certs/default/9d04f354.0
@@ -0,0 +1 @@
+cert086.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/9d6523ce.0 b/test/rules/platform_certs/default/9d6523ce.0
new file mode 120000
index 000000000000..00871c6d7da0
--- /dev/null
+++ b/test/rules/platform_certs/default/9d6523ce.0
@@ -0,0 +1 @@
+cert038.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/9f533518.0 b/test/rules/platform_certs/default/9f533518.0
new file mode 120000
index 000000000000..426310756475
--- /dev/null
+++ b/test/rules/platform_certs/default/9f533518.0
@@ -0,0 +1 @@
+cert055.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/a2c66da8.0 b/test/rules/platform_certs/default/a2c66da8.0
new file mode 120000
index 000000000000..5d5f80e33054
--- /dev/null
+++ b/test/rules/platform_certs/default/a2c66da8.0
@@ -0,0 +1 @@
+cert090.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/a3418fda.0 b/test/rules/platform_certs/default/a3418fda.0
new file mode 120000
index 000000000000..b293d2f9656d
--- /dev/null
+++ b/test/rules/platform_certs/default/a3418fda.0
@@ -0,0 +1 @@
+cert129.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/a3896b44.0 b/test/rules/platform_certs/default/a3896b44.0
new file mode 120000
index 000000000000..6b9e3cee1364
--- /dev/null
+++ b/test/rules/platform_certs/default/a3896b44.0
@@ -0,0 +1 @@
+cert015.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/a7605362.0 b/test/rules/platform_certs/default/a7605362.0
new file mode 120000
index 000000000000..80f821db43c6
--- /dev/null
+++ b/test/rules/platform_certs/default/a7605362.0
@@ -0,0 +1 @@
+cert016.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/a7d2cf64.0 b/test/rules/platform_certs/default/a7d2cf64.0
new file mode 120000
index 000000000000..2f975bd5f8dc
--- /dev/null
+++ b/test/rules/platform_certs/default/a7d2cf64.0
@@ -0,0 +1 @@
+cert041.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/a81e292b.0 b/test/rules/platform_certs/default/a81e292b.0
new file mode 120000
index 000000000000..d59e7b0ac35d
--- /dev/null
+++ b/test/rules/platform_certs/default/a81e292b.0
@@ -0,0 +1 @@
+cert104.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/a94d09e5.0 b/test/rules/platform_certs/default/a94d09e5.0
new file mode 120000
index 000000000000..31b630c7c1ed
--- /dev/null
+++ b/test/rules/platform_certs/default/a94d09e5.0
@@ -0,0 +1 @@
+cert077.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/ab5346f4.0 b/test/rules/platform_certs/default/ab5346f4.0
new file mode 120000
index 000000000000..a569193e45b9
--- /dev/null
+++ b/test/rules/platform_certs/default/ab5346f4.0
@@ -0,0 +1 @@
+cert049.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/ab59055e.0 b/test/rules/platform_certs/default/ab59055e.0
new file mode 120000
index 000000000000..dc215b21fff3
--- /dev/null
+++ b/test/rules/platform_certs/default/ab59055e.0
@@ -0,0 +1 @@
+cert116.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/ad088e1d.0 b/test/rules/platform_certs/default/ad088e1d.0
new file mode 120000
index 000000000000..bc0f98e93038
--- /dev/null
+++ b/test/rules/platform_certs/default/ad088e1d.0
@@ -0,0 +1 @@
+cert009.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/aeb67534.0 b/test/rules/platform_certs/default/aeb67534.0
new file mode 120000
index 000000000000..5b97615af165
--- /dev/null
+++ b/test/rules/platform_certs/default/aeb67534.0
@@ -0,0 +1 @@
+cert066.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/aee5f10d.0 b/test/rules/platform_certs/default/aee5f10d.0
new file mode 120000
index 000000000000..b7bed8af659f
--- /dev/null
+++ b/test/rules/platform_certs/default/aee5f10d.0
@@ -0,0 +1 @@
+cert004.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/b0e59380.0 b/test/rules/platform_certs/default/b0e59380.0
new file mode 120000
index 000000000000..6d6bdec5e46b
--- /dev/null
+++ b/test/rules/platform_certs/default/b0e59380.0
@@ -0,0 +1 @@
+cert094.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/b0ed035a.0 b/test/rules/platform_certs/default/b0ed035a.0
new file mode 120000
index 000000000000..6c367fd21202
--- /dev/null
+++ b/test/rules/platform_certs/default/b0ed035a.0
@@ -0,0 +1 @@
+cert078.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/b0f3e76e.0 b/test/rules/platform_certs/default/b0f3e76e.0
new file mode 120000
index 000000000000..bbd07385c8a6
--- /dev/null
+++ b/test/rules/platform_certs/default/b0f3e76e.0
@@ -0,0 +1 @@
+cert001.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/b1159c4c.0 b/test/rules/platform_certs/default/b1159c4c.0
new file mode 120000
index 000000000000..1a4e06971594
--- /dev/null
+++ b/test/rules/platform_certs/default/b1159c4c.0
@@ -0,0 +1 @@
+cert021.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/b1b8a7f3.0 b/test/rules/platform_certs/default/b1b8a7f3.0
new file mode 120000
index 000000000000..dfc09b96e7a1
--- /dev/null
+++ b/test/rules/platform_certs/default/b1b8a7f3.0
@@ -0,0 +1 @@
+cert035.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/b204d74a.0 b/test/rules/platform_certs/default/b204d74a.0
new file mode 120000
index 000000000000..b71513fe981a
--- /dev/null
+++ b/test/rules/platform_certs/default/b204d74a.0
@@ -0,0 +1 @@
+cert029.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/b3fb433b.0 b/test/rules/platform_certs/default/b3fb433b.0
new file mode 120000
index 000000000000..ecbee746f069
--- /dev/null
+++ b/test/rules/platform_certs/default/b3fb433b.0
@@ -0,0 +1 @@
+cert101.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/b66938e9.0 b/test/rules/platform_certs/default/b66938e9.0
new file mode 120000
index 000000000000..98e1e5456f37
--- /dev/null
+++ b/test/rules/platform_certs/default/b66938e9.0
@@ -0,0 +1 @@
+cert031.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/b727005e.0 b/test/rules/platform_certs/default/b727005e.0
new file mode 120000
index 000000000000..78c8c289bffe
--- /dev/null
+++ b/test/rules/platform_certs/default/b727005e.0
@@ -0,0 +1 @@
+cert061.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/b74d2bd5.0 b/test/rules/platform_certs/default/b74d2bd5.0
new file mode 120000
index 000000000000..ac3fdcd6aae6
--- /dev/null
+++ b/test/rules/platform_certs/default/b74d2bd5.0
@@ -0,0 +1 @@
+cert134.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/b7a5b843.0 b/test/rules/platform_certs/default/b7a5b843.0
new file mode 120000
index 000000000000..3c31427efb37
--- /dev/null
+++ b/test/rules/platform_certs/default/b7a5b843.0
@@ -0,0 +1 @@
+cert064.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/b7db1890.0 b/test/rules/platform_certs/default/b7db1890.0
new file mode 120000
index 000000000000..3c31427efb37
--- /dev/null
+++ b/test/rules/platform_certs/default/b7db1890.0
@@ -0,0 +1 @@
+cert064.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/b872f2b4.0 b/test/rules/platform_certs/default/b872f2b4.0
new file mode 120000
index 000000000000..ff9922e53b2d
--- /dev/null
+++ b/test/rules/platform_certs/default/b872f2b4.0
@@ -0,0 +1 @@
+cert082.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/b936d1c6.0 b/test/rules/platform_certs/default/b936d1c6.0
new file mode 120000
index 000000000000..b87664a35dce
--- /dev/null
+++ b/test/rules/platform_certs/default/b936d1c6.0
@@ -0,0 +1 @@
+cert109.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/ba89ed3b.0 b/test/rules/platform_certs/default/ba89ed3b.0
new file mode 120000
index 000000000000..214c9452624b
--- /dev/null
+++ b/test/rules/platform_certs/default/ba89ed3b.0
@@ -0,0 +1 @@
+cert042.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/bc3f2570.0 b/test/rules/platform_certs/default/bc3f2570.0
new file mode 120000
index 000000000000..04e7d30f51b2
--- /dev/null
+++ b/test/rules/platform_certs/default/bc3f2570.0
@@ -0,0 +1 @@
+cert056.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/bd43e1dd.0 b/test/rules/platform_certs/default/bd43e1dd.0
new file mode 120000
index 000000000000..2a40c649daa9
--- /dev/null
+++ b/test/rules/platform_certs/default/bd43e1dd.0
@@ -0,0 +1 @@
+cert137.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/bdacca6f.0 b/test/rules/platform_certs/default/bdacca6f.0
new file mode 120000
index 000000000000..98e1e5456f37
--- /dev/null
+++ b/test/rules/platform_certs/default/bdacca6f.0
@@ -0,0 +1 @@
+cert031.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/bf64f35b.0 b/test/rules/platform_certs/default/bf64f35b.0
new file mode 120000
index 000000000000..b7c6ac77893d
--- /dev/null
+++ b/test/rules/platform_certs/default/bf64f35b.0
@@ -0,0 +1 @@
+cert007.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/c01cdfa2.0 b/test/rules/platform_certs/default/c01cdfa2.0
new file mode 120000
index 000000000000..f70c743200ef
--- /dev/null
+++ b/test/rules/platform_certs/default/c01cdfa2.0
@@ -0,0 +1 @@
+cert044.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/c01eb047.0 b/test/rules/platform_certs/default/c01eb047.0
new file mode 120000
index 000000000000..3b86526d9425
--- /dev/null
+++ b/test/rules/platform_certs/default/c01eb047.0
@@ -0,0 +1 @@
+cert130.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/c089bbbd.0 b/test/rules/platform_certs/default/c089bbbd.0
new file mode 120000
index 000000000000..2f975bd5f8dc
--- /dev/null
+++ b/test/rules/platform_certs/default/c089bbbd.0
@@ -0,0 +1 @@
+cert041.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/c0ff1f52.0 b/test/rules/platform_certs/default/c0ff1f52.0
new file mode 120000
index 000000000000..48fb898242bc
--- /dev/null
+++ b/test/rules/platform_certs/default/c0ff1f52.0
@@ -0,0 +1 @@
+cert003.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/c28a8a30.0 b/test/rules/platform_certs/default/c28a8a30.0
new file mode 120000
index 000000000000..924725c67632
--- /dev/null
+++ b/test/rules/platform_certs/default/c28a8a30.0
@@ -0,0 +1 @@
+cert074.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/c2c1704e.0 b/test/rules/platform_certs/default/c2c1704e.0
new file mode 120000
index 000000000000..5b20fc4c4385
--- /dev/null
+++ b/test/rules/platform_certs/default/c2c1704e.0
@@ -0,0 +1 @@
+cert119.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/c47d9980.0 b/test/rules/platform_certs/default/c47d9980.0
new file mode 120000
index 000000000000..14745ca2234d
--- /dev/null
+++ b/test/rules/platform_certs/default/c47d9980.0
@@ -0,0 +1 @@
+cert054.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/c491639e.0 b/test/rules/platform_certs/default/c491639e.0
new file mode 120000
index 000000000000..f43f71de09a2
--- /dev/null
+++ b/test/rules/platform_certs/default/c491639e.0
@@ -0,0 +1 @@
+cert087.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/c51c224c.0 b/test/rules/platform_certs/default/c51c224c.0
new file mode 120000
index 000000000000..077461e29492
--- /dev/null
+++ b/test/rules/platform_certs/default/c51c224c.0
@@ -0,0 +1 @@
+cert069.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/c559d742.0 b/test/rules/platform_certs/default/c559d742.0
new file mode 120000
index 000000000000..d5f16f42cfce
--- /dev/null
+++ b/test/rules/platform_certs/default/c559d742.0
@@ -0,0 +1 @@
+cert127.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/c7e2a638.0 b/test/rules/platform_certs/default/c7e2a638.0
new file mode 120000
index 000000000000..ae5698946b79
--- /dev/null
+++ b/test/rules/platform_certs/default/c7e2a638.0
@@ -0,0 +1 @@
+cert040.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/c907e29b.0 b/test/rules/platform_certs/default/c907e29b.0
new file mode 120000
index 000000000000..8270bf0a9083
--- /dev/null
+++ b/test/rules/platform_certs/default/c907e29b.0
@@ -0,0 +1 @@
+cert114.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/c90bc37d.0 b/test/rules/platform_certs/default/c90bc37d.0
new file mode 120000
index 000000000000..20b6b56b9c5f
--- /dev/null
+++ b/test/rules/platform_certs/default/c90bc37d.0
@@ -0,0 +1 @@
+cert088.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/ca6e4ad9.0 b/test/rules/platform_certs/default/ca6e4ad9.0
new file mode 120000
index 000000000000..00871c6d7da0
--- /dev/null
+++ b/test/rules/platform_certs/default/ca6e4ad9.0
@@ -0,0 +1 @@
+cert038.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/cb156124.0 b/test/rules/platform_certs/default/cb156124.0
new file mode 120000
index 000000000000..62897b262628
--- /dev/null
+++ b/test/rules/platform_certs/default/cb156124.0
@@ -0,0 +1 @@
+cert080.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/cb1c3204.0 b/test/rules/platform_certs/default/cb1c3204.0
new file mode 120000
index 000000000000..2d41f6757f8c
--- /dev/null
+++ b/test/rules/platform_certs/default/cb1c3204.0
@@ -0,0 +1 @@
+cert105.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/cbf06781.0 b/test/rules/platform_certs/default/cbf06781.0
new file mode 120000
index 000000000000..04e7d30f51b2
--- /dev/null
+++ b/test/rules/platform_certs/default/cbf06781.0
@@ -0,0 +1 @@
+cert056.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/cc450945.0 b/test/rules/platform_certs/default/cc450945.0
new file mode 120000
index 000000000000..4509178e43b6
--- /dev/null
+++ b/test/rules/platform_certs/default/cc450945.0
@@ -0,0 +1 @@
+cert053.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/ccc52f49.0 b/test/rules/platform_certs/default/ccc52f49.0
new file mode 120000
index 000000000000..089e357b6505
--- /dev/null
+++ b/test/rules/platform_certs/default/ccc52f49.0
@@ -0,0 +1 @@
+cert062.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/cd58d51e.0 b/test/rules/platform_certs/default/cd58d51e.0
new file mode 120000
index 000000000000..90c574c79ffc
--- /dev/null
+++ b/test/rules/platform_certs/default/cd58d51e.0
@@ -0,0 +1 @@
+cert065.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/cd8c0d63.0 b/test/rules/platform_certs/default/cd8c0d63.0
new file mode 120000
index 000000000000..b87664a35dce
--- /dev/null
+++ b/test/rules/platform_certs/default/cd8c0d63.0
@@ -0,0 +1 @@
+cert109.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/ce5e74ef.0 b/test/rules/platform_certs/default/ce5e74ef.0
new file mode 120000
index 000000000000..819e00043983
--- /dev/null
+++ b/test/rules/platform_certs/default/ce5e74ef.0
@@ -0,0 +1 @@
+cert110.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/cert001.pem b/test/rules/platform_certs/default/cert001.pem
new file mode 100644
index 000000000000..f6713f2a26f7
--- /dev/null
+++ b/test/rules/platform_certs/default/cert001.pem
@@ -0,0 +1,19 @@
+GlobalSign Root CA
+-----BEGIN CERTIFICATE-----
+MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkGA1UEBhMCQkUx
+GTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jvb3QgQ0ExGzAZBgNVBAMTEkds
+b2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAwMDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNV
+BAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYD
+VQQDExJHbG9iYWxTaWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDa
+DuaZjc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavpxy0Sy6sc
+THAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp1Wrjsok6Vjk4bwY8iGlb
+Kk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdGsnUOhugZitVtbNV4FpWi6cgKOOvyJBNP
+c1STE4U6G7weNLWLBYy5d4ux2x8gkasJU26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrX
+gzT/LCrBbBlDSgeF59N89iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV
+HRMBAf8EBTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0BAQUF
+AAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOzyj1hTdNGCbM+w6Dj
+Y1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE38NflNUVyRRBnMRddWQVDf9VMOyG
+j/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymPAbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhH
+hm4qxFYxldBniYUr+WymXUadDKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveC
+X4XSQRjbgbMEHMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A==
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert002.pem b/test/rules/platform_certs/default/cert002.pem
new file mode 100644
index 000000000000..546ef773ef6c
--- /dev/null
+++ b/test/rules/platform_certs/default/cert002.pem
@@ -0,0 +1,20 @@
+GlobalSign Root CA - R2
+-----BEGIN CERTIFICATE-----
+MIIDujCCAqKgAwIBAgILBAAAAAABD4Ym5g0wDQYJKoZIhvcNAQEFBQAwTDEgMB4GA1UECxMXR2xv
+YmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNpZ24xEzARBgNVBAMTCkdsb2Jh
+bFNpZ24wHhcNMDYxMjE1MDgwMDAwWhcNMjExMjE1MDgwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxT
+aWduIFJvb3QgQ0EgLSBSMjETMBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2ln
+bjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKbPJA6+Lm8omUVCxKs+IVSbC9N/hHD6
+ErPLv4dfxn+G07IwXNb9rfF73OX4YJYJkhD10FPe+3t+c4isUoh7SqbKSaZeqKeMWhG8eoLrvozp
+s6yWJQeXSpkqBy+0Hne/ig+1AnwblrjFuTosvNYSuetZfeLQBoZfXklqtTleiDTsvHgMCJiEbKjN
+S7SgfQx5TfC4LcshytVsW33hoCmEofnTlEnLJGKRILzdC9XZzPnqJworc5HGnRusyMvo4KD0L5CL
+TfuwNhv2GXqF4G3yYROIXJ/gkwpRl4pazq+r1feqCapgvdzZX99yqWATXgAByUr6P6TqBwMhAo6C
+ygPCm48CAwEAAaOBnDCBmTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4E
+FgQUm+IHV2ccHsBqBt5ZtJot39wZhi4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5nbG9i
+YWxzaWduLm5ldC9yb290LXIyLmNybDAfBgNVHSMEGDAWgBSb4gdXZxwewGoG3lm0mi3f3BmGLjAN
+BgkqhkiG9w0BAQUFAAOCAQEAmYFThxxol4aR7OBKuEQLq4GsJ0/WwbgcQ3izDJr86iw8bmEbTUsp
+9Z8FHSbBuOmDAGJFtqkIk7mpM0sYmsL4h4hO291xNBrBVNpGP+DTKqttVCL1OmLNIG+6KYnX3ZHu
+01yiPqFbQfXf5WRDLenVOavSot+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG7
+9G+dwfCMNYxdAfvDbbnvRG15RjF+Cv6pgsH/76tuIMRQyV+dTZsXjAzlAcmgQWpzU/qlULRuJQ/7
+TBj0/VLZjmmx6BEP3ojY+x1J96relc8geMJgEtslQIxq/H5COEBkEveegeGTLg==
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert003.pem b/test/rules/platform_certs/default/cert003.pem
new file mode 100644
index 000000000000..a0efb64ca419
--- /dev/null
+++ b/test/rules/platform_certs/default/cert003.pem
@@ -0,0 +1,22 @@
+Verisign Class 3 Public Primary Certification Authority - G3
+-----BEGIN CERTIFICATE-----
+MIIEGjCCAwICEQCbfgZJoz5iudXukEhxKe9XMA0GCSqGSIb3DQEBBQUAMIHKMQswCQYDVQQGEwJV
+UzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdv
+cmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNl
+IG9ubHkxRTBDBgNVBAMTPFZlcmlTaWduIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNh
+dGlvbiBBdXRob3JpdHkgLSBHMzAeFw05OTEwMDEwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMIHKMQsw
+CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRy
+dXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhv
+cml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWduIENsYXNzIDMgUHVibGljIFByaW1hcnkg
+Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBAMu6nFL8eB8aHm8bN3O9+MlrlBIwT/A2R/XQkQr1F8ilYcEWQE37imGQ5XYgwREGfassbqb1
+EUGO+i2tKmFZpGcmTNDovFJbcCAEWNF6yaRpvIMXZK0Fi7zQWM6NjPXr8EJJC52XJ2cybuGukxUc
+cLwgTS8Y3pKI6GyFVxEa6X7jJhFUokWWVYPKMIno3Nij7SqAP395ZVc+FSBmCC+Vk7+qRy+oRpfw
+EuL+wgorUeZ25rdGt+INpsyow0xZVYnm6FNcHOqd8GIWC6fJXwzw3sJ2zq/3avL6QaaiMxTJ5Xpj
+055iN9WFZZ4O5lMkdBteHRJTW8cs54NJOxWuimi5V5cCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEA
+ERSWwauSCPc/L8my/uRan2Te2yFPhpk0djZX3dAVL8WtfxUfN2JzPtTnX84XA9s1+ivbrmAJXx5f
+j267Cz3qWhMeDGBvtcC1IyIuBwvLqXTLR7sdwdela8wv0kL9Sd2nic9TutoAWii/gt/4uhMdUIaC
+/Y4wjylGsB49Ndo4YhYYSq3mtlFs3q9i6wHQHiT+eo8SGhJouPtmmRQURVyu565pF4ErWjfJXir0
+xuKhXFSbplQAz/DxwceYMBo7Nhbbo27q/a2ywtrvAkcTisDxszGtTxzhT5yvDwyd93gN2PQ1VoDa
+t20Xj50egWTh/sVFuq1ruQp6Tk9LhO5L8X3dEQ==
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert004.pem b/test/rules/platform_certs/default/cert004.pem
new file mode 100644
index 000000000000..f06211fe06db
--- /dev/null
+++ b/test/rules/platform_certs/default/cert004.pem
@@ -0,0 +1,22 @@
+Entrust.net Premium 2048 Secure Server CA
+-----BEGIN CERTIFICATE-----
+MIIEKjCCAxKgAwIBAgIEOGPe+DANBgkqhkiG9w0BAQUFADCBtDEUMBIGA1UEChMLRW50cnVzdC5u
+ZXQxQDA+BgNVBAsUN3d3dy5lbnRydXN0Lm5ldC9DUFNfMjA0OCBpbmNvcnAuIGJ5IHJlZi4gKGxp
+bWl0cyBsaWFiLikxJTAjBgNVBAsTHChjKSAxOTk5IEVudHJ1c3QubmV0IExpbWl0ZWQxMzAxBgNV
+BAMTKkVudHJ1c3QubmV0IENlcnRpZmljYXRpb24gQXV0aG9yaXR5ICgyMDQ4KTAeFw05OTEyMjQx
+NzUwNTFaFw0yOTA3MjQxNDE1MTJaMIG0MRQwEgYDVQQKEwtFbnRydXN0Lm5ldDFAMD4GA1UECxQ3
+d3d3LmVudHJ1c3QubmV0L0NQU18yMDQ4IGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTEl
+MCMGA1UECxMcKGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDEzMDEGA1UEAxMqRW50cnVzdC5u
+ZXQgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgKDIwNDgpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEArU1LqRKGsuqjIAcVFmQqK0vRvwtKTY7tgHalZ7d4QMBzQshowNtTK91euHaYNZOL
+Gp18EzoOH1u3Hs/lJBQesYGpjX24zGtLA/ECDNyrpUAkAH90lKGdCCmziAv1h3edVc3kw37XamSr
+hRSGlVuXMlBvPci6Zgzj/L24ScF2iUkZ/cCovYmjZy/Gn7xxGWC4LeksyZB2ZnuU4q941mVTXTzW
+nLLPKQP5L6RQstRIzgUyVYr9smRMDuSYB3Xbf9+5CFVghTAp+XtIpGmG4zU/HoZdenoVve8AjhUi
+VBcAkCaTvA5JaJG/+EfTnZVCwQ5N328mz8MYIWJmQ3DW1cAH4QIDAQABo0IwQDAOBgNVHQ8BAf8E
+BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUVeSB0RGAvtiJuQijMfmhJAkWuXAwDQYJ
+KoZIhvcNAQEFBQADggEBADubj1abMOdTmXx6eadNl9cZlZD7Bh/KM3xGY4+WZiT6QBshJ8rmcnPy
+T/4xmf3IDExoU8aAghOY+rat2l098c5u9hURlIIM7j+VrxGrD9cv3h8Dj1csHsm7mhpElesYT6Yf
+zX1XEC+bBAlahLVu2B064dae0Wx5XnkcFMXj0EyTO2U87d89vqbllRrDtRnDvV5bu/8j72gZyxKT
+J1wDLW8w0B62GqzeWvfRqqgnpv55gcR5mTNXuhKwqeBCbJPKVt7+bYQLCIt+jerXmCHG8+c8eS9e
+nNFMFY3h7CI3zJpDC5fcgJCNs2ebb0gIFVbPv/ErfF6adulZkMV8gzURZVE=
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert005.pem b/test/rules/platform_certs/default/cert005.pem
new file mode 100644
index 000000000000..a9e4bcdd8c67
--- /dev/null
+++ b/test/rules/platform_certs/default/cert005.pem
@@ -0,0 +1,19 @@
+Baltimore CyberTrust Root
+-----BEGIN CERTIFICATE-----
+MIIDdzCCAl+gAwIBAgIEAgAAuTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJJRTESMBAGA1UE
+ChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYDVQQDExlCYWx0aW1vcmUgQ3li
+ZXJUcnVzdCBSb290MB4XDTAwMDUxMjE4NDYwMFoXDTI1MDUxMjIzNTkwMFowWjELMAkGA1UEBhMC
+SUUxEjAQBgNVBAoTCUJhbHRpbW9yZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFs
+dGltb3JlIEN5YmVyVHJ1c3QgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKME
+uyKrmD1X6CZymrV51Cni4eiVgLGw41uOKymaZN+hXe2wCQVt2yguzmKiYv60iNoS6zjrIZ3AQSsB
+UnuId9Mcj8e6uYi1agnnc+gRQKfRzMpijS3ljwumUNKoUMMo6vWrJYeKmpYcqWe4PwzV9/lSEy/C
+G9VwcPCPwBLKBsua4dnKM3p31vjsufFoREJIE9LAwqSuXmD+tqYF/LTdB1kC1FkYmGP1pWPgkAx9
+XbIGevOF6uvUA65ehD5f/xXtabz5OTZydc93Uk3zyZAsuT3lySNTPx8kmCFcB5kpvcY67Oduhjpr
+l3RjM71oGDHweI12v/yejl0qhqdNkNwnGjkCAwEAAaNFMEMwHQYDVR0OBBYEFOWdWTCCR1jMrPoI
+VDaGezq1BE3wMBIGA1UdEwEB/wQIMAYBAf8CAQMwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEB
+BQUAA4IBAQCFDF2O5G9RaEIFoN27TyclhAO992T9Ldcw46QQF+vaKSm2eT929hkTI7gQCvlYpNRh
+cL0EYWoSihfVCr3FvDB81ukMJY2GQE/szKN+OMY3EU/t3WgxjkzSswF07r51XgdIGn9w/xZchMB5
+hbgF/X++ZRGjD8ACtPhSNzkE1akxehi/oCr0Epn3o0WC4zxe9Z2etciefC7IpJ5OCBRLbf1wbWsa
+Y71k5h+3zvDyny67G7fyUIhzksLi4xaNmjICq44Y3ekQEe5+NauQrz4wlHrQMz2nZQ/1/I6eYs9H
+RCwBXbsdtTLSR9I4LtD+gdwyah617jzV/OeBHRnDJELqYzmp
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert006.pem b/test/rules/platform_certs/default/cert006.pem
new file mode 100644
index 000000000000..a8387e86a2f2
--- /dev/null
+++ b/test/rules/platform_certs/default/cert006.pem
@@ -0,0 +1,22 @@
+AddTrust External Root
+-----BEGIN CERTIFICATE-----
+MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEUMBIGA1UEChML
+QWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYD
+VQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEw
+NDgzOFowbzELMAkGA1UEBhMCU0UxFDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRU
+cnVzdCBFeHRlcm5hbCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0Eg
+Um9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALf3GjPm8gAELTngTlvtH7xsD821
++iO2zt6bETOXpClMfZOfvUq8k+0DGuOPz+VtUFrWlymUWoCwSXrbLpX9uMq/NzgtHj6RQa1wVsfw
+Tz/oMp50ysiQVOnGXw94nZpAPA6sYapeFI+eh6FqUNzXmk6vBbOmcZSccbNQYArHE504B4YCqOmo
+aSYYkKtMsE8jqzpPhNjfzp/haW+710LXa0Tkx63ubUFfclpxCDezeWWkWaCUN/cALw3CknLa0Dhy
+2xSoRcRdKn23tNbE7qzNE0S3ySvdQwAl+mG5aWpYIxG3pzOPVnVZ9c0p10a3CitlttNCbxWyuHv7
+7+ldU9U0WicCAwEAAaOB3DCB2TAdBgNVHQ4EFgQUrb2YejS0Jvf6xCZU7wO94CTLVBowCwYDVR0P
+BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wgZkGA1UdIwSBkTCBjoAUrb2YejS0Jvf6xCZU7wO94CTL
+VBqhc6RxMG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRUcnVzdCBBQjEmMCQGA1UECxMdQWRk
+VHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdvcmsxIjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENB
+IFJvb3SCAQEwDQYJKoZIhvcNAQEFBQADggEBALCb4IUlwtYj4g+WBpKdQZic2YR5gdkeWxQHIzZl
+j7DYd7usQWxHYINRsPkyPef89iYTx4AWpb9a/IfPeHmJIZriTAcKhjW88t5RxNKWt9x+Tu5w/Rw5
+6wwCURQtjr0W4MHfRnXnJK3s9EK0hZNwEGe6nQY1ShjTK3rMUUKhemPR5ruhxSvCNr4TDea9Y355
+e6cJDUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEXc4g/VhsxOBi0cQ+azcgOno4u
+G+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5amnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgQ=
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert007.pem b/test/rules/platform_certs/default/cert007.pem
new file mode 100644
index 000000000000..fe45da183c92
--- /dev/null
+++ b/test/rules/platform_certs/default/cert007.pem
@@ -0,0 +1,24 @@
+Entrust Root Certification Authority
+-----BEGIN CERTIFICATE-----
+MIIEkTCCA3mgAwIBAgIERWtQVDANBgkqhkiG9w0BAQUFADCBsDELMAkGA1UEBhMCVVMxFjAUBgNV
+BAoTDUVudHJ1c3QsIEluYy4xOTA3BgNVBAsTMHd3dy5lbnRydXN0Lm5ldC9DUFMgaXMgaW5jb3Jw
+b3JhdGVkIGJ5IHJlZmVyZW5jZTEfMB0GA1UECxMWKGMpIDIwMDYgRW50cnVzdCwgSW5jLjEtMCsG
+A1UEAxMkRW50cnVzdCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA2MTEyNzIwMjM0
+MloXDTI2MTEyNzIwNTM0MlowgbAxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMu
+MTkwNwYDVQQLEzB3d3cuZW50cnVzdC5uZXQvQ1BTIGlzIGluY29ycG9yYXRlZCBieSByZWZlcmVu
+Y2UxHzAdBgNVBAsTFihjKSAyMDA2IEVudHJ1c3QsIEluYy4xLTArBgNVBAMTJEVudHJ1c3QgUm9v
+dCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+ALaVtkNC+sZtKm9I35RMOVcF7sN5EUFoNu3s/poBj6E4KPz3EEZmLk0eGrEaTsbRwJWIsMn/MYsz
+A9u3g3s+IIRe7bJWKKf44LlAcTfFy0cOlypowCKVYhXbR9n10Cv/gkvJrT7eTNuQgFA/CYqEAOww
+Cj0Yzfv9KlmaI5UXLEWeH25DeW0MXJj+SKfFI0dcXv1u5x609mhF0YaDW6KKjbHjKYD+JXGIrb68
+j6xSlkuqUY3kEzEZ6E5Nn9uss2rVvDlUccp6en+Q3X0dgNmBu1kmwhH+5pPi94DkZfs0Nw4pgHBN
+rziGLp5/V6+eF67rHMsoIV+2HNjnogQi+dPa2MsCAwEAAaOBsDCBrTAOBgNVHQ8BAf8EBAMCAQYw
+DwYDVR0TAQH/BAUwAwEB/zArBgNVHRAEJDAigA8yMDA2MTEyNzIwMjM0MlqBDzIwMjYxMTI3MjA1
+MzQyWjAfBgNVHSMEGDAWgBRokORnpKZTgMeGZqTx90tD+4S9bTAdBgNVHQ4EFgQUaJDkZ6SmU4DH
+hmak8fdLQ/uEvW0wHQYJKoZIhvZ9B0EABBAwDhsIVjcuMTo0LjADAgSQMA0GCSqGSIb3DQEBBQUA
+A4IBAQCT1DCw1wMgKtD5Y+iRDAUgqV8ZyntyTtSx29CW+1RaGSwMCPeyvIWonX9tO1KzKtvn1ISM
+Y/YPyyYBkVBs9F8U4pN0wBOeMDpQ47RgxRzwIkSNcUesyBrJ6ZuaAGAT/3B+XxFNSRuzFVJ7yVTa
+v52Vr2ua2J7p8eRDjeIRRDq/r72DQnNSi6q7pynP9WQcCk3RvKqsnyrQ/39/2n3qse0wJcGE2jTS
+W3iDVuycNsMm4hH2Z0kdkquM++v/eu6FSqdQgPCnXEqULl8FmTxSQeDNtGPPAUO6nIPcj2A781q0
+tHuu2guQOHXvgR1m0vdXcDazv/wor3ElhVsT/h5/WrQ8
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert008.pem b/test/rules/platform_certs/default/cert008.pem
new file mode 100644
index 000000000000..f3d39d9e1421
--- /dev/null
+++ b/test/rules/platform_certs/default/cert008.pem
@@ -0,0 +1,19 @@
+GeoTrust Global CA
+-----BEGIN CERTIFICATE-----
+MIIDVDCCAjygAwIBAgIDAjRWMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVTMRYwFAYDVQQK
+Ew1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9iYWwgQ0EwHhcNMDIwNTIxMDQw
+MDAwWhcNMjIwNTIxMDQwMDAwWjBCMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5j
+LjEbMBkGA1UEAxMSR2VvVHJ1c3QgR2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEA2swYYzD99BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9mOSm9BXiLnTjo
+BbdqfnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIuT8rxh0PBFpVXLVDviS2Aelet
+8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6cJmTM386DGXHKTubU1XupGc1V3sjs0l44U+Vc
+T4wt/lAjNvxm5suOpDkZALeVAjmRCw7+OC7RHQWa9k0+bw8HHa8sHo9gOeL6NlMTOdReJivbPagU
+vTLrGAMoUgRx5aszPeE4uwc2hGKceeoWMPRfwCvocWvk+QIDAQABo1MwUTAPBgNVHRMBAf8EBTAD
+AQH/MB0GA1UdDgQWBBTAephojYn7qwVkDBF9qn1luMrMTjAfBgNVHSMEGDAWgBTAephojYn7qwVk
+DBF9qn1luMrMTjANBgkqhkiG9w0BAQUFAAOCAQEANeMpauUvXVSOKVCUn5kaFOSPeCpilKInZ57Q
+zxpeR+nBsqTP3UEaBU6bS+5Kb1VSsyShNwrrZHYqLizz/Tt1kL/6cdjHPTfStQWVYrmm3ok9Nns4
+d0iXrKYgjy6myQzCsplFAMfOEVEiIuCl6rYVSAlk6l5PdPcFPseKUgzbFbS9bZvlxrFUaKnjaZC2
+mqUPuLk/IH2uSrW4nOQdtqvmlKXBx4Ot2/Unhw4EbNX/3aBd7YdStysVAq45pmp06drE57xNNB6p
+XE0zX5IJL4hmXXeXxx12E6nV5fEWCRE11azbJHFwLJhWC9kXtNHjUStedejV0NxPNO3CBWaAocvm
+Mw==
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert009.pem b/test/rules/platform_certs/default/cert009.pem
new file mode 100644
index 000000000000..199c0cc31e49
--- /dev/null
+++ b/test/rules/platform_certs/default/cert009.pem
@@ -0,0 +1,28 @@
+GeoTrust Universal CA
+-----BEGIN CERTIFICATE-----
+MIIFaDCCA1CgAwIBAgIBATANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJVUzEWMBQGA1UEChMN
+R2VvVHJ1c3QgSW5jLjEeMBwGA1UEAxMVR2VvVHJ1c3QgVW5pdmVyc2FsIENBMB4XDTA0MDMwNDA1
+MDAwMFoXDTI5MDMwNDA1MDAwMFowRTELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IElu
+Yy4xHjAcBgNVBAMTFUdlb1RydXN0IFVuaXZlcnNhbCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIP
+ADCCAgoCggIBAKYVVaCjxuAfjJ0hUNfBvitbtaSeodlyWL0AG0y/YckUHUWCq8YdgNY96xCcOq9t
+JPi8cQGeBvV8Xx7BDlXKg5pZMK4ZyzBIle0iN430SppyZj6tlcDgFgDgEB8rMQ7XlFTTQjOgNB0e
+RXbdT8oYN+yFFXoZCPzVx5zw8qkuEKmS5j1YPakWaDwvdSEYfyh3peFhF7em6fgemdtzbvQKoiFs
+7tqqhZJmr/Z6a4LauiIINQ/PQvE1+mrufislzDoR5G2vc7J2Ha3QsnhnGqQ5HFELZ1aD/ThdDc7d
+8Lsrlh/eezJS/R27tQahsiFepdaVaH/wmZ7cRQg+59IJDTWU3YBOU5fXtQlEIGQWFwMCTFMNaN7V
+qnJNk22CDtucvc+081xdVHppCZbW2xHBjXWotM85yM48vCR85mLK4b19p71XZQvk/iXttmkQ3Cga
+Rr0BHdCXteGYO8A3ZNY9lO4L4fUorgtWv3GLIylBjobFS1J72HGrH4oVpjuDWtdYAVHGTEHZf9hB
+Z3KiKN9gg6meyHv8U3NyWfWTehd2Ds735VzZC1U0oqpbtWpU5xPKV+yXbfReBi9Fi1jUIxaS5BZu
+KGNZMN9QAZxjiRqf2xeUgnA3wySemkfWWspOqGmJch+RbNt+nhutxx9z3SxPGWX9f5NAEC7S8O08
+ni4oPmkmM8V7AgMBAAGjYzBhMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFNq7LqqwDLiIJlF0
+XG0D08DYj3rWMB8GA1UdIwQYMBaAFNq7LqqwDLiIJlF0XG0D08DYj3rWMA4GA1UdDwEB/wQEAwIB
+hjANBgkqhkiG9w0BAQUFAAOCAgEAMXjmx7XfuJRAyXHEqDXsRh3ChfMoWIawC/yOsjmPRFWrZIRc
+aanQmjg8+uUfNeVE44B5lGiku8SfPeE0zTBGi1QrlaXv9z+ZhP015s8xxtxqv6fXIwjhmF7DWgh2
+qaavdy+3YL1ERmrvl/9zlcGO6JP7/TG37FcREUWbMPEaiDnBTzynANXH/KttgCJwpQzgXQQpAvvL
+oJHRfNbDflDVnVi+QTjruXU8FdmbyUqDWcDaU/0zuzYYm4UPFd3uLax2k7nZAY1IEKj79TiG8dsK
+xr2EoyNB3tZ3b4XUhRxQ4K5RirqNPnbiucon8l+f725ZDQbYKxek0nxru18UGkiPGkzns0ccjkxF
+KyDuSN/n3QmOGKjaQI2SJhFTYXNd673nxE0pN2HrrDktZy4W1vUAg4WhzH92xH3kt0tm7wNFYGm2
+DFKWkoRepqO1pD4r2czYG0eq8kTaT/kD6PAUyz/zg97QwVTjt+gKN02LIFkDMBmhLMi9ER/frslK
+xfMnZmaGrGiR/9nmUxwPi1xpZQomyB40w11Re9epnAahNt3ViZS82eQtDF4JbAiXfKM9fJP/P6EU
+p8+1Xevb2xzEdt+Iub1FBZUbrvxGakyvSOPOrg/SfuvmbJxPgWp6ZKy7PtXny3YuxadIwVyQD8vI
+P/rmMuGNG2+k5o7Y+SlIis5z/iw=
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert010.pem b/test/rules/platform_certs/default/cert010.pem
new file mode 100644
index 000000000000..38210db06c9b
--- /dev/null
+++ b/test/rules/platform_certs/default/cert010.pem
@@ -0,0 +1,28 @@
+GeoTrust Universal CA 2
+-----BEGIN CERTIFICATE-----
+MIIFbDCCA1SgAwIBAgIBATANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJVUzEWMBQGA1UEChMN
+R2VvVHJ1c3QgSW5jLjEgMB4GA1UEAxMXR2VvVHJ1c3QgVW5pdmVyc2FsIENBIDIwHhcNMDQwMzA0
+MDUwMDAwWhcNMjkwMzA0MDUwMDAwWjBHMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3Qg
+SW5jLjEgMB4GA1UEAxMXR2VvVHJ1c3QgVW5pdmVyc2FsIENBIDIwggIiMA0GCSqGSIb3DQEBAQUA
+A4ICDwAwggIKAoICAQCzVFLByT7y2dyxUxpZKeexw0Uo5dfR7cXFS6GqdHtXr0om/Nj1XqduGdt0
+DE81WzILAePb63p3NeqqWuDW6KFXlPCQo3RWlEQwAx5cTiuFJnSCegx2oG9NzkEtoBUGFF+3Qs17
+j1hhNNwqCPkuwwGmIkQcTAeC5lvO0Ep8BNMZcyfwqph/Lq9O64ceJHdqXbboW0W63MOhBW9Wjo8Q
+JqVJwy7XQYci4E+GymC16qFjwAGXEHm9ADwSbSsVsaxLse4YuU6W3Nx2/zu+z18DwPw76L5GG//a
+QMJS9/7jOvdqdzXQ2o3rXhhqMcceujwbKNZrVMaqW9eiLBsZzKIC9ptZvTdrhrVtgrrY6slWvKk2
+WP0+GfPtDCapkzj4T8FdIgbQl+rhrcZV4IErKIM6+vR7IVEAvlI4zs1meaj0gVbi0IMJR1FbUGrP
+20gaXT73y/Zl92zxlfgCOzJWgjl6W70viRu/obTo/3+NjN8D8WBOWBFM66M/ECuDmgFz2ZRthAAn
+ZqzwcEAJQpKtT5MNYQlRJNiS1QuUYbKHsu3/mjX/hVTK7URDrBs8FmtISgocQIgfksILAAX/8sgC
+SqSqqcyZlpwvWOB94b67B9xfBHJcMTTD7F8t4D1kkCLm0ey4Lt1ZrtmhN79UNdxzMk+MBB4zsslG
+8dhcyFVQyWi9qLo2CQIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBR281Xh+qQ2
++/CfXGJx7Tz0RzgQKzAfBgNVHSMEGDAWgBR281Xh+qQ2+/CfXGJx7Tz0RzgQKzAOBgNVHQ8BAf8E
+BAMCAYYwDQYJKoZIhvcNAQEFBQADggIBAGbBxiPz2eAubl/oz66wsCVNK/g7WJtAJDday6sWSf+z
+dXkzoS9tcBc0kf5nfo/sm+VegqlVHy/c1FEHEv6sFj4sNcZj/NwQ6w2jqtB8zNHQL1EuxBRa3ugZ
+4T7GzKQp5y6EqgYweHZUcyiYWTjgAA1i00J9IZ+uPTqM1fp3DRgrFg5fNuH8KrUwJM/gYwx7WBr+
+mbpCErGR9Hxo4sjoryzqyX6uuyo9DRXcNJW2GHSoag/HtPQTxORb7QrSpJdMKu0vbBKJPfEncKpq
+A1Ihn0CoZ1Dy81of398j9tx4TuaYT1U6U+Pv8vSfx3zYWK8pIpe44L2RLrB27FcRz+8pRPPphXpg
+Y+RdM4kX2TGq2tbzGDVyz4crL2MjhF2EjD9XoIj8mZEoJmmZ1I+XRL6O1UixpCgp8RW04eWe3fiP
+pm8m1wk8OhwRDqZsN/etRIcsKMfYdIKz0G9KV7s1KSegi+ghp4dkNl3M2Basx7InQJJVOCiNUW7d
+FGdTbHFcJoRNdVq2fmBWqU2t+5sel/MN2dKXVHfaPRK34B7vCAas+YWH6aLcr34YEoP9VhdBLtUp
+gn2Z9DH2canPLAEnpQW5qrJITirvn5NSUZU8UnOOVkwXQMAJKOSLakhT2+zNVVXxxvjpoixMptEm
+X36vWkzaH6byHCx+rgIW0lbQL1dTR+iS
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert011.pem b/test/rules/platform_certs/default/cert011.pem
new file mode 100644
index 000000000000..4bf6108424c9
--- /dev/null
+++ b/test/rules/platform_certs/default/cert011.pem
@@ -0,0 +1,22 @@
+Comodo AAA Services root
+-----BEGIN CERTIFICATE-----
+MIIEMjCCAxqgAwIBAgIBATANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJHQjEbMBkGA1UECAwS
+R3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRowGAYDVQQKDBFDb21vZG8gQ0Eg
+TGltaXRlZDEhMB8GA1UEAwwYQUFBIENlcnRpZmljYXRlIFNlcnZpY2VzMB4XDTA0MDEwMTAwMDAw
+MFoXDTI4MTIzMTIzNTk1OVowezELMAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFuY2hl
+c3RlcjEQMA4GA1UEBwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQxITAfBgNV
+BAMMGEFBQSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBAL5AnfRu4ep2hxxNRUSOvkbIgwadwSr+GB+O5AL686tdUIoWMQuaBtDFcCLNSS1UY8y2bmhG
+C1Pqy0wkwLxyTurxFa70VJoSCsN6sjNg4tqJVfMiWPPe3M/vg4aijJRPn2jymJBGhCfHdr/jzDUs
+i14HZGWCwEiwqJH5YZ92IFCokcdmtet4YgNW8IoaE+oxox6gmf049vYnMlhvB/VruPsUK6+3qszW
+Y19zjNoFmag4qMsXeDZRrOme9Hg6jc8P2ULimAyrL58OAd7vn5lJ8S3frHRNG5i1R8XlKdH5kBjH
+Ypy+g8cmez6KJcfA3Z3mNWgQIJ2P2N7Sw4ScDV7oL8kCAwEAAaOBwDCBvTAdBgNVHQ4EFgQUoBEK
+Iz6W8Qfs4q8p74Klf9AwpLQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wewYDVR0f
+BHQwcjA4oDagNIYyaHR0cDovL2NybC5jb21vZG9jYS5jb20vQUFBQ2VydGlmaWNhdGVTZXJ2aWNl
+cy5jcmwwNqA0oDKGMGh0dHA6Ly9jcmwuY29tb2RvLm5ldC9BQUFDZXJ0aWZpY2F0ZVNlcnZpY2Vz
+LmNybDANBgkqhkiG9w0BAQUFAAOCAQEACFb8AvCb6P+k+tZ7xkSAzk/ExfYAWMymtrwUSWgEdujm
+7l3sAg9g1o1QGE8mTgHj5rCl7r+8dFRBv/38ErjHT1r0iWAFf2C3BUrz9vHCv8S5dIa2LX1rzNLz
+Rt0vxuBqw8M0Ayx9lt1awg6nCpnBBYurDC/zXDrPbDdVCYfeU0BsWO/8tqtlbgT2G9w84FoVxp7Z
+8VlIMCFlA2zs6SFz7JsDoeA3raAVGI/6ugLOpyypEBMs1OUIJqsil2D4kF501KKaU73yqWjgom7C
+12yxow+ev+to51byrvLjKzg6CYG1a4XXvi3tPxq3smPi9WIsgtRqAEFQ8TmDn5XpNpaYbg==
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert012.pem b/test/rules/platform_certs/default/cert012.pem
new file mode 100644
index 000000000000..80203eb2fe06
--- /dev/null
+++ b/test/rules/platform_certs/default/cert012.pem
@@ -0,0 +1,30 @@
+QuoVadis Root CA
+-----BEGIN CERTIFICATE-----
+MIIF0DCCBLigAwIBAgIEOrZQizANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJCTTEZMBcGA1UE
+ChMQUXVvVmFkaXMgTGltaXRlZDElMCMGA1UECxMcUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0
+eTEuMCwGA1UEAxMlUXVvVmFkaXMgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wMTAz
+MTkxODMzMzNaFw0yMTAzMTcxODMzMzNaMH8xCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRp
+cyBMaW1pdGVkMSUwIwYDVQQLExxSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MS4wLAYDVQQD
+EyVRdW9WYWRpcyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEAv2G1lVO6V/z68mcLOhrfEYBklbTRvM16z/Ypli4kVEAkOPcahdxYTMuk
+J0KX0J+DisPkBgNbAKVRHnAEdOLB1Dqr1607BxgFjv2DrOpm2RgbaIr1VxqYuvXtdj182d6UajtL
+F8HVj71lODqV0D1VNk7feVcxKh7YWWVJWCCYfqtffp/p1k3sg3Spx2zY7ilKhSoGFPlU5tPaZQeL
+YzcS19Dsw3sgQUSj7cugF+FxZc4dZjH3dgEZyH0DWLaVSR2mEiboxgx24ONmy+pdpibu5cxfvWen
+AScOospUxbF6lR1xHkopigPcakXBpBlebzbNw6Kwt/5cOOJSvPhEQ+aQuwIDAQABo4ICUjCCAk4w
+PQYIKwYBBQUHAQEEMTAvMC0GCCsGAQUFBzABhiFodHRwczovL29jc3AucXVvdmFkaXNvZmZzaG9y
+ZS5jb20wDwYDVR0TAQH/BAUwAwEB/zCCARoGA1UdIASCAREwggENMIIBCQYJKwYBBAG+WAABMIH7
+MIHUBggrBgEFBQcCAjCBxxqBxFJlbGlhbmNlIG9uIHRoZSBRdW9WYWRpcyBSb290IENlcnRpZmlj
+YXRlIGJ5IGFueSBwYXJ0eSBhc3N1bWVzIGFjY2VwdGFuY2Ugb2YgdGhlIHRoZW4gYXBwbGljYWJs
+ZSBzdGFuZGFyZCB0ZXJtcyBhbmQgY29uZGl0aW9ucyBvZiB1c2UsIGNlcnRpZmljYXRpb24gcHJh
+Y3RpY2VzLCBhbmQgdGhlIFF1b1ZhZGlzIENlcnRpZmljYXRlIFBvbGljeS4wIgYIKwYBBQUHAgEW
+Fmh0dHA6Ly93d3cucXVvdmFkaXMuYm0wHQYDVR0OBBYEFItLbe3TKbkGGew5Oanwl4Rqy+/fMIGu
+BgNVHSMEgaYwgaOAFItLbe3TKbkGGew5Oanwl4Rqy+/foYGEpIGBMH8xCzAJBgNVBAYTAkJNMRkw
+FwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMSUwIwYDVQQLExxSb290IENlcnRpZmljYXRpb24gQXV0
+aG9yaXR5MS4wLAYDVQQDEyVRdW9WYWRpcyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggQ6
+tlCLMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAitQUtf70mpKnGdSkfnIYj9lo
+fFIk3WdvOXrEql494liwTXCYhGHoG+NpGA7O+0dQoE7/8CQfvbLO9Sf87C9TqnN7Az10buYWnuul
+LsS/VidQK2K6vkscPFVcQR0kvoIgR13VRH56FmjffU1RcHhXHTMe/QKZnAzNCgVPx7uOpHX6Sm2x
+gI4JVrmcGmD+XcHXetwReNDWXcG31a0ymQM6isxUJTkxgXsTIlG6Rmyhu576BGxJJnSP0nPrzDCi
+5upZIof4l/UO/erMkqQWxFIY6iHOsfHmhIHluqmGKPJDWl0Snawe2ajlCmqnf6CHKc/yiU3U7MXi
+5nrQNiOKSnQ2+Q==
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert013.pem b/test/rules/platform_certs/default/cert013.pem
new file mode 100644
index 000000000000..47f65009b98c
--- /dev/null
+++ b/test/rules/platform_certs/default/cert013.pem
@@ -0,0 +1,29 @@
+QuoVadis Root CA 2
+-----BEGIN CERTIFICATE-----
+MIIFtzCCA5+gAwIBAgICBQkwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0xGTAXBgNVBAoT
+EFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJvb3QgQ0EgMjAeFw0wNjExMjQx
+ODI3MDBaFw0zMTExMjQxODIzMzNaMEUxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBM
+aW1pdGVkMRswGQYDVQQDExJRdW9WYWRpcyBSb290IENBIDIwggIiMA0GCSqGSIb3DQEBAQUAA4IC
+DwAwggIKAoICAQCaGMpLlA0ALa8DKYrwD4HIrkwZhR0In6spRIXzL4GtMh6QRr+jhiYaHv5+HBg6
+XJxgFyo6dIMzMH1hVBHL7avg5tKifvVrbxi3Cgst/ek+7wrGsxDp3MJGF/hd/aTa/55JWpzmM+Yk
+lvc/ulsrHHo1wtZn/qtmUIttKGAr79dgw8eTvI02kfN/+NsRE8Scd3bBrrcCaoF6qUWD4gXmuVbB
+lDePSHFjIuwXZQeVikvfj8ZaCuWw419eaxGrDPmF60Tp+ARz8un+XJiM9XOva7R+zdRcAitMOeGy
+lZUtQofX1bOQQ7dsE/He3fbE+Ik/0XX1ksOR1YqI0JDs3G3eicJlcZaLDQP9nL9bFqyS2+r+eXyt
+66/3FsvbzSUr5R/7mp/iUcw6UwxI5g69ybR2BlLmEROFcmMDBOAENisgGQLodKcftslWZvB1Jdxn
+wQ5hYIizPtGo/KPaHbDRsSNU30R2be1B2MGyIrZTHN81Hdyhdyox5C315eXbyOD/5YDXC2Og/zOh
+D7osFRXql7PSorW+8oyWHhqPHWykYTe5hnMz15eWniN9gqRMgeKh0bpnX5UHoycR7hYQe7xFSkyy
+BNKr79X9DFHOUGoIMfmR2gyPZFwDwzqLID9ujWc9Otb+fVuIyV77zGHcizN300QyNQliBJIWENie
+J0f7OyHj+OsdWwIDAQABo4GwMIGtMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1Ud
+DgQWBBQahGK8SEwzJQTU7tD2A8QZRtGUazBuBgNVHSMEZzBlgBQahGK8SEwzJQTU7tD2A8QZRtGU
+a6FJpEcwRTELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMT
+ElF1b1ZhZGlzIFJvb3QgQ0EgMoICBQkwDQYJKoZIhvcNAQEFBQADggIBAD4KFk2fBluornFdLwUv
+Z+YTRYPENvbzwCYMDbVHZF34tHLJRqUDGCdViXh9duqWNIAXINzng/iN/Ae42l9NLmeyhP3ZRPx3
+UIHmfLTJDQtyU/h2BwdBR5YM++CCJpNVjP4iH2BlfF/nJrP3MpCYUNQ3cVX2kiF495V5+vgtJodm
+VjB3pjd4M1IQWK4/YY7yarHvGH5KWWPKjaJW1acvvFYfzznB4vsKqBUsfU16Y8Zsl0Q80m/DShcK
++JDSV6IZUaUtl0HaB0+pUNqQjZRG4T7wlP0QADj1O+hA4bRuVhogzG9Yje0uRY/W6ZM/57Es3zrW
+IozchLsib9D45MY56QSIPMO661V6bYCZJPVsAfv4l7CUW+v90m/xd2gNNWQjrLhVoQPRTUIZ3Ph1
+WVaj+ahJefivDrkRoHy3au000LYmYjgahwz46P0u05B/B5EqHdZ+XIWDmbA4CD/pXvk1B+TJYm5X
+f6dQlfe6yJvmjqIBxdZmv3lh8zwc4bmCXF2gw+nYSL0ZohEUGW6yhhtoPkg3Goi3XZZenMfvJ2II
+4pEZXNLxId26F0KCl3GBUzGpn/Z9Yr9y4aOTHcyKJloJONDO1w2AFrR4pTqHTI2KpdVGl/IsELm8
+VCLAAVBpQ570su9t+Oza8eOx79+Rj1QqCyXBJhnEUhAFZdWCEOrCMc0u
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert014.pem b/test/rules/platform_certs/default/cert014.pem
new file mode 100644
index 000000000000..e5e47cf8150e
--- /dev/null
+++ b/test/rules/platform_certs/default/cert014.pem
@@ -0,0 +1,33 @@
+QuoVadis Root CA 3
+-----BEGIN CERTIFICATE-----
+MIIGnTCCBIWgAwIBAgICBcYwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0xGTAXBgNVBAoT
+EFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJvb3QgQ0EgMzAeFw0wNjExMjQx
+OTExMjNaFw0zMTExMjQxOTA2NDRaMEUxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBM
+aW1pdGVkMRswGQYDVQQDExJRdW9WYWRpcyBSb290IENBIDMwggIiMA0GCSqGSIb3DQEBAQUAA4IC
+DwAwggIKAoICAQDMV0IWVJzmmNPTTe7+7cefQzlKZbPoFog02w1ZkXTPkrgEQK0CSzGrvI2RaNgg
+DhoB4hp7Thdd4oq3P5kazethq8Jlph+3t723j/z9cI8LoGe+AaJZz3HmDyl2/7FWeUUrH556VOij
+KTVopAFPD6QuN+8bv+OPEKhyq1hX51SGyMnzW9os2l2ObjyjPtr7guXd8lyyBTNvijbO0BNO/79K
+DDRMpsMhvVAEVeuxu537RR5kFd5VAYwCdrXLoT9CabwvvWhDFlaJKjdhkf2mrk7AyxRllDdLkgbv
+BNDInIjbC3uBr7E9KsRlOni27tyAsdLTmZw67mtaa7ONt9XOnMK+pUsvFrGeaDsGb659n/je7Mwp
+p5ijJUMv7/FfJuGITfhebtfZFG4ZM2mnO4SJk8RTVROhUXhA+LjJou57ulJCg54U7QVSWllWp5f8
+nT8KKdjcT5EOE7zelaTfi5m+rJsziO+1ga8bxiJTyPbH7pcUsMV8eFLI8M5ud2CEpukqdiDtWAEX
+MJPpGovgc2PZapKUSU60rUqFxKMiMPwJ7Wgic6aIDFUhWMXhOp8q3crhkODZc6tsgLjoC2SToJyM
+Gf+z0gzskSaHirOi4XCPLArlzW1oUevaPwV/izLmE1xr/l9A4iLItLRkT9a6fUg+qGkM17uGcclz
+uD87nSVL2v9A6wIDAQABo4IBlTCCAZEwDwYDVR0TAQH/BAUwAwEB/zCB4QYDVR0gBIHZMIHWMIHT
+BgkrBgEEAb5YAAMwgcUwgZMGCCsGAQUFBwICMIGGGoGDQW55IHVzZSBvZiB0aGlzIENlcnRpZmlj
+YXRlIGNvbnN0aXR1dGVzIGFjY2VwdGFuY2Ugb2YgdGhlIFF1b1ZhZGlzIFJvb3QgQ0EgMyBDZXJ0
+aWZpY2F0ZSBQb2xpY3kgLyBDZXJ0aWZpY2F0aW9uIFByYWN0aWNlIFN0YXRlbWVudC4wLQYIKwYB
+BQUHAgEWIWh0dHA6Ly93d3cucXVvdmFkaXNnbG9iYWwuY29tL2NwczALBgNVHQ8EBAMCAQYwHQYD
+VR0OBBYEFPLAE+CCQz777i9nMpY1XNu4ywLQMG4GA1UdIwRnMGWAFPLAE+CCQz777i9nMpY1XNu4
+ywLQoUmkRzBFMQswCQYDVQQGEwJCTTEZMBcGA1UEChMQUXVvVmFkaXMgTGltaXRlZDEbMBkGA1UE
+AxMSUXVvVmFkaXMgUm9vdCBDQSAzggIFxjANBgkqhkiG9w0BAQUFAAOCAgEAT62gLEz6wPJv92ZV
+qyM07ucp2sNbtrCD2dDQ4iH782CnO11gUyeim/YIIirnv6By5ZwkajGxkHon24QRiSemd1o417+s
+hvzuXYO8BsbRd2sPbSQvS3pspweWyuOEn62Iix2rFo1bZhfZFvSLgNLd+LJ2w/w4E6oM3kJpK27z
+POuAJ9v1pkQNn1pVWQvVDVJIxa6f8i+AxeoyUDUSly7B4f/xI4hROJ/yZlZ25w9Rl6VSDE1JUZU2
+Pb+iSwwQHYaZTKrzchGT5Or2m9qoXadNt54CrnMAyNojA+j56hl0YgCUyyIgvpSnWbWCar6ZeXqp
+8kokUvd0/bpO5qgdAm6xDYBEwa7TIzdfu4V8K5Iu6H6li92Z4b8nby1dqnuH/grdS/yO9SbkbnBC
+bjPsMZ57k8HkyWkaPcBrTiJt7qtYTcbQQcEr6k8Sh17rRdhs9ZgC06DYVYoGmRmioHfRMJ6szHXu
+g/WwYjnPbFfiTNKRCw51KBuav/0aQ/HKd/s7j2G4aSgWQgRecCocIdiP4b0jWy10QJLZYxkNc91p
+vGJHvOB0K7Lrfb5BG7XARsWhIstfTsEokt4YutUqKLsRixeTmJlglFwjz1onl14LBQaTNx47aTbr
+qZ5hHY8y2o4M1nQ+ewkk2gF3R8Q7zTSMmfXK4SVhM7JZG+Ju1zdXtg2pEto=
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert015.pem b/test/rules/platform_certs/default/cert015.pem
new file mode 100644
index 000000000000..15b78a463515
--- /dev/null
+++ b/test/rules/platform_certs/default/cert015.pem
@@ -0,0 +1,19 @@
+Security Communication Root CA
+-----BEGIN CERTIFICATE-----
+MIIDWjCCAkKgAwIBAgIBADANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJKUDEYMBYGA1UEChMP
+U0VDT00gVHJ1c3QubmV0MScwJQYDVQQLEx5TZWN1cml0eSBDb21tdW5pY2F0aW9uIFJvb3RDQTEw
+HhcNMDMwOTMwMDQyMDQ5WhcNMjMwOTMwMDQyMDQ5WjBQMQswCQYDVQQGEwJKUDEYMBYGA1UEChMP
+U0VDT00gVHJ1c3QubmV0MScwJQYDVQQLEx5TZWN1cml0eSBDb21tdW5pY2F0aW9uIFJvb3RDQTEw
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzs/5/022x7xZ8V6UMbXaKL0u/ZPtM7orw
+8yl89f/uKuDp6bpbZCKamm8sOiZpUQWZJtzVHGpxxpp9Hp3dfGzGjGdnSj74cbAZJ6kJDKaVv0uM
+DPpVmDvY6CKhS3E4eayXkmmziX7qIWgGmBSWh9JhNrxtJ1aeV+7AwFb9Ms+k2Y7CI9eNqPPYJayX
+5HA49LY6tJ07lyZDo6G8SVlyTCMwhwFY9k6+HGhWZq/NQV3Is00qVUarH9oe4kA92819uZKAnDfd
+DJZkndwi92SL32HeFZRSFaB9UslLqCHJxrHty8OVYNEP8Ktw+N/LTX7s1vqr2b1/VPKl6Xn62dZ2
+JChzAgMBAAGjPzA9MB0GA1UdDgQWBBSgc0mZaNyFW2XjmygvV5+9M7wHSDALBgNVHQ8EBAMCAQYw
+DwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAaECpqLvkT115swW1F7NgE+vGkl3g
+0dNq/vu+m22/xwVtWSDEHPC32oRYAmP6SBbvT6UL90qY8j+eG61Ha2POCEfrUj94nK9NrvjVT8+a
+mCoQQTlSxN3Zmw7vkwGusi7KaEIkQmywszo+zenaSMQVy+n5Bw+SUEmK3TGXX8npN6o7WWWXlDLJ
+s58+OmJYxUmtYg5xpTKqL8aJdkNAExNnPaJUJRDL8Try2frbSVa7pv6nQTXD4IhhyYjH3zYQIphZ
+6rBK+1YWc26sTfcioU+tHXotRSflMMFe8toTyyVCUZVHA4xsIcx0Qu1T/zOLjw9XARYvz6buyXAi
+FL39vmwLAw==
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert016.pem b/test/rules/platform_certs/default/cert016.pem
new file mode 100644
index 000000000000..141e435e5842
--- /dev/null
+++ b/test/rules/platform_certs/default/cert016.pem
@@ -0,0 +1,18 @@
+Sonera Class 2 Root CA
+-----BEGIN CERTIFICATE-----
+MIIDIDCCAgigAwIBAgIBHTANBgkqhkiG9w0BAQUFADA5MQswCQYDVQQGEwJGSTEPMA0GA1UEChMG
+U29uZXJhMRkwFwYDVQQDExBTb25lcmEgQ2xhc3MyIENBMB4XDTAxMDQwNjA3Mjk0MFoXDTIxMDQw
+NjA3Mjk0MFowOTELMAkGA1UEBhMCRkkxDzANBgNVBAoTBlNvbmVyYTEZMBcGA1UEAxMQU29uZXJh
+IENsYXNzMiBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJAXSjWdyvANlsdE+hY3
+/Ei9vX+ALTU74W+oZ6m/AxxNjG8yR9VBaKQTBME1DJqEQ/xcHf+Js+gXGM2RX/uJ4+q/Tl18GybT
+dXnt5oTjV+WtKcT0OijnpXuENmmz/V52vaMtmdOQTiMofRhj8VQ7Jp12W5dCsv+u8E7s3TmVToMG
+f+dJQMjFAbJUWmYdPfz56TwKnoG4cPABi+QjVHzIrviQHgCWctRUz2EjvOr7nQKV0ba5cTppCD8P
+tOFCx4j1P5iop7oc4HFx71hXgVB6XGt0Rg6DA5jDjqhu8nYybieDwnPz3BjotJPqdURrBGAgcVeH
+nfO+oJAjPYok4doh28MCAwEAAaMzMDEwDwYDVR0TAQH/BAUwAwEB/zARBgNVHQ4ECgQISqCqWITT
+XjwwCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQBazof5FnIVV0sd2ZvnoiYw7JNn39Yt
+0jSv9zilzqsWuasvfDXLrNAPtEwr/IDva4yRXzZ299uzGxnq9LIR/WFxRL8oszodv7ND6J+/3DEI
+cbCdjdY0RzKQxmUk96BKfARzjzlvF4xytb1LyHr4e4PDKE6cCepnP7JnBBvDFNr450kkkdAdavph
+Oe9r5yF1BgfYErQhIHBCcYHaPJo2vqZbDWpsmh+Re/n570K6Tk6ezAyNlNzZRZxe7EJQY670XcSx
+EtzKO6gunRRaBXW37Ndj4ro1tgQIkejanZz2ZrUYrAqmVCY0M9IbwdR/GjqOC6oybtv8TyWf2TLH
+llpwrN9M
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert017.pem b/test/rules/platform_certs/default/cert017.pem
new file mode 100644
index 000000000000..16d5486f7ec9
--- /dev/null
+++ b/test/rules/platform_certs/default/cert017.pem
@@ -0,0 +1,22 @@
+XRamp Global CA Root
+-----BEGIN CERTIFICATE-----
+MIIEMDCCAxigAwIBAgIQUJRs7Bjq1ZxN1ZfvdY+grTANBgkqhkiG9w0BAQUFADCBgjELMAkGA1UE
+BhMCVVMxHjAcBgNVBAsTFXd3dy54cmFtcHNlY3VyaXR5LmNvbTEkMCIGA1UEChMbWFJhbXAgU2Vj
+dXJpdHkgU2VydmljZXMgSW5jMS0wKwYDVQQDEyRYUmFtcCBHbG9iYWwgQ2VydGlmaWNhdGlvbiBB
+dXRob3JpdHkwHhcNMDQxMTAxMTcxNDA0WhcNMzUwMTAxMDUzNzE5WjCBgjELMAkGA1UEBhMCVVMx
+HjAcBgNVBAsTFXd3dy54cmFtcHNlY3VyaXR5LmNvbTEkMCIGA1UEChMbWFJhbXAgU2VjdXJpdHkg
+U2VydmljZXMgSW5jMS0wKwYDVQQDEyRYUmFtcCBHbG9iYWwgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
+dHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYJB69FbS638eMpSe2OAtp87ZOqCwu
+IR1cRN8hXX4jdP5efrRKt6atH67gBhbim1vZZ3RrXYCPKZ2GG9mcDZhtdhAoWORlsH9KmHmf4MMx
+foArtYzAQDsRhtDLooY2YKTVMIJt2W7QDxIEM5dfT2Fa8OT5kavnHTu86M/0ay00fOJIYRyO82FE
+zG+gSqmUsE3a56k0enI4qEHMPJQRfevIpoy3hsvKMzvZPTeL+3o+hiznc9cKV6xkmxnr9A8ECIqs
+AxcZZPRaJSKNNCyy9mgdEm3Tih4U2sSPpuIjhdV6Db1q4Ons7Be7QhtnqiXtRYMh/MHJfNViPvry
+xS3T/dRlAgMBAAGjgZ8wgZwwEwYJKwYBBAGCNxQCBAYeBABDAEEwCwYDVR0PBAQDAgGGMA8GA1Ud
+EwEB/wQFMAMBAf8wHQYDVR0OBBYEFMZPoj0GY4QJnM5i5ASsjVy16bYbMDYGA1UdHwQvMC0wK6Ap
+oCeGJWh0dHA6Ly9jcmwueHJhbXBzZWN1cml0eS5jb20vWEdDQS5jcmwwEAYJKwYBBAGCNxUBBAMC
+AQEwDQYJKoZIhvcNAQEFBQADggEBAJEVOQMBG2f7Shz5CmBbodpNl2L5JFMn14JkTpAuw0kbK5rc
+/Kh4ZzXxHfARvbdI4xD2Dd8/0sm2qlWkSLoC295ZLhVbO50WfUfXN+pfTXYSNrsf16GBBEYgoyxt
+qZ4Bfj8pzgCT3/3JknOJiWSe5yvkHJEs0rnOfc5vMZnT5r7SHpDwCRR5XCOrTdLaIR9NmXmd4c8n
+nxCbHIgNsIpkQTG4DmyQJKSbXHGPurt+HBvbaoAPIbzp26a3QPSyi6mx5O+aGtA9aZnuqCij4Tyz
+8LIRnM98QObd50N9otg6tamN8jSZxNQQ4Qb9CYQQO+7ETPTsJ3xCwnR8gooJybQDJbw=
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert018.pem b/test/rules/platform_certs/default/cert018.pem
new file mode 100644
index 000000000000..7adada8b3ffd
--- /dev/null
+++ b/test/rules/platform_certs/default/cert018.pem
@@ -0,0 +1,22 @@
+Go Daddy Class 2 CA
+-----BEGIN CERTIFICATE-----
+MIIEADCCAuigAwIBAgIBADANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMY
+VGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRp
+ZmljYXRpb24gQXV0aG9yaXR5MB4XDTA0MDYyOTE3MDYyMFoXDTM0MDYyOTE3MDYyMFowYzELMAkG
+A1UEBhMCVVMxITAfBgNVBAoTGFRoZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28g
+RGFkZHkgQ2xhc3MgMiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASAwDQYJKoZIhvcNAQEBBQAD
+ggENADCCAQgCggEBAN6d1+pXGEmhW+vXX0iG6r7d/+TvZxz0ZWizV3GgXne77ZtJ6XCAPVYYYwhv
+2vLM0D9/AlQiVBDYsoHUwHU9S3/Hd8M+eKsaA7Ugay9qK7HFiH7Eux6wwdhFJ2+qN1j3hybX2C32
+qRe3H3I2TqYXP2WYktsqbl2i/ojgC95/5Y0V4evLOtXiEqITLdiOr18SPaAIBQi2XKVlOARFmR6j
+YGB0xUGlcmIbYsUfb18aQr4CUWWoriMYavx4A6lNf4DD+qta/KFApMoZFv6yyO9ecw3ud72a9nmY
+vLEHZ6IVDd2gWMZEewo+YihfukEHU1jPEX44dMX4/7VpkI+EdOqXG68CAQOjgcAwgb0wHQYDVR0O
+BBYEFNLEsNKR1EwRcbNhyz2h/t2oatTjMIGNBgNVHSMEgYUwgYKAFNLEsNKR1EwRcbNhyz2h/t2o
+atTjoWekZTBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMu
+MTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwG
+A1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBADJL87LKPpH8EsahB4yOd6AzBhRckB4Y9wim
+PQoZ+YeAEW5p5JYXMP80kWNyOO7MHAGjHZQopDH2esRU1/blMVgDoszOYtuURXO1v0XJJLXVggKt
+I3lpjbi2Tc7PTMozI+gciKqdi0FuFskg5YmezTvacPd+mSYgFFQlq25zheabIZ0KbIIOqPjCDPoQ
+HmyW74cNxA9hi63ugyuV+I6ShHI56yDqg+2DzZduCLzrTia2cyvk0/ZM/iZx4mERdEr/VxqHD3VI
+Ls9RaRegAhJhldXRQLIQTO7ErBBDpqWeCtWVYpoNz4iCxTIM5CufReYNnyicsbkqWletNw+vHX/b
+vZ8=
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert019.pem b/test/rules/platform_certs/default/cert019.pem
new file mode 100644
index 000000000000..52679e74119b
--- /dev/null
+++ b/test/rules/platform_certs/default/cert019.pem
@@ -0,0 +1,22 @@
+Starfield Class 2 CA
+-----BEGIN CERTIFICATE-----
+MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzElMCMGA1UEChMc
+U3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZpZWxkIENsYXNzIDIg
+Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQwNjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBo
+MQswCQYDVQQGEwJVUzElMCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAG
+A1UECxMpU3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqG
+SIb3DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf8MOh2tTY
+bitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN+lq2cwQlZut3f+dZxkqZ
+JRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVm
+epsZGD3/cVE8MC5fvj13c7JdBmzDI1aaK4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSN
+F4Azbl5KXZnJHoe0nRrA1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HF
+MIHCMB0GA1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fRzt0f
+hvRbVazc1xDCDqmI56FspGowaDELMAkGA1UEBhMCVVMxJTAjBgNVBAoTHFN0YXJmaWVsZCBUZWNo
+bm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBDbGFzcyAyIENlcnRpZmljYXRpb24g
+QXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGs
+afPzWdqbAYcaT1epoXkJKtv3L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLM
+PUxA2IGvd56Deruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl
+xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynpVSJYACPq4xJD
+KVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEYWQPJIrSPnNVeKtelttQKbfi3
+QBFGmh95DmK/D5fs4C8fF5Q=
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert020.pem b/test/rules/platform_certs/default/cert020.pem
new file mode 100644
index 000000000000..b81665fff7f8
--- /dev/null
+++ b/test/rules/platform_certs/default/cert020.pem
@@ -0,0 +1,28 @@
+Taiwan GRCA
+-----BEGIN CERTIFICATE-----
+MIIFcjCCA1qgAwIBAgIQH51ZWtcvwgZEpYAIaeNe9jANBgkqhkiG9w0BAQUFADA/MQswCQYDVQQG
+EwJUVzEwMC4GA1UECgwnR292ZXJubWVudCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4X
+DTAyMTIwNTEzMjMzM1oXDTMyMTIwNTEzMjMzM1owPzELMAkGA1UEBhMCVFcxMDAuBgNVBAoMJ0dv
+dmVybm1lbnQgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCAiIwDQYJKoZIhvcNAQEBBQAD
+ggIPADCCAgoCggIBAJoluOzMonWoe/fOW1mKydGGEghU7Jzy50b2iPN86aXfTEc2pBsBHH8eV4qN
+w8XRIePaJD9IK/ufLqGU5ywck9G/GwGHU5nOp/UKIXZ3/6m3xnOUT0b3EEk3+qhZSV1qgQdW8or5
+BtD3cCJNtLdBuTK4sfCxw5w/cP1T3YGq2GN49thTbqGsaoQkclSGxtKyyhwOeYHWtXBiCAEuTk8O
+1RGvqa/lmr/czIdtJuTJV6L7lvnM4T9TjGxMfptTCAtsF/tnyMKtsc2AtJfcdgEWFelq16TheEfO
+htX7MfP6Mb40qij7cEwdScevLJ1tZqa2jWR+tSBqnTuBto9AAGdLiYa4zGX+FVPpBMHWXx1E1wov
+J5pGfaENda1UhhXcSTvxls4Pm6Dso3pdvtUqdULle96ltqqvKKyskKw4t9VoNSZ63Pc78/1Fm9G7
+Q3hub/FCVGqY8A2tl+lSXunVanLeavcbYBT0peS2cWeqH+riTcFCQP5nRhc4L0c/cZyu5SHKYS1t
+B6iEfC3uUSXxY5Ce/eFXiGvviiNtsea9P63RPZYLhY3Naye7twWb7LuRqQoHEgKXTiCQ8P8NHuJB
+O9NAOueNXdpm5AKwB1KYXA6OM5zCppX7VRluTI6uSw+9wThNXo+EHWbNxWCWtFJaBYmOlXqYwZE8
+lSOyDvR5tMl8wUohAgMBAAGjajBoMB0GA1UdDgQWBBTMzO/MKWCkO7GStjz6MmKPrCUVOzAMBgNV
+HRMEBTADAQH/MDkGBGcqBwAEMTAvMC0CAQAwCQYFKw4DAhoFADAHBgVnKgMAAAQUA5vwIhP/lSg2
+09yewDL7MTqKUWUwDQYJKoZIhvcNAQEFBQADggIBAECASvomyc5eMN1PhnR2WPWus4MzeKR6dBcZ
+TulStbngCnRiqmjKeKBMmo4sIy7VahIkv9Ro04rQ2JyftB8M3jh+Vzj8jeJPXgyfqzvS/3WXy6Tj
+Zwj/5cAWtUgBfen5Cv8b5Wppv3ghqMKnI6mGq3ZW6A4M9hPdKmaKZEk9GhiHkASfQlK3T8v+R0F2
+Ne//AHY2RTKbxkaFXeIksB7jSJaYV0eUVXoPQbFEJPPB/hprv4j9wabak2BegUqZIJxIZhm1AHlU
+D7gsL0u8qV1bYH+Mh6XgUmMqvtg7hUAV/h62ZT/FS9p+tXo1KaMuephgIqP0fSdOLeq0dDzpD6Qz
+DxARvBMB1uUO07+1EqLhRSPAzAhuYbeJq4PjJB7mXQfnHyA+z2fI56wwbSdLaG5LKlwCCDTb+Hbk
+Z6MmnD+iMsJKxYEYMRBWqoTvLQr/uB930r+lWKBi5NdLkXWNiYCYfm3LU05er/ayl4WXudpVBrkk
+7tfGOB5jGxI7leFYrPLfhNVfmS8NVVvmONsuP3LpSIXLuykTjx44VbnzssQwmSNOXfJIoRIM3BKQ
+CZBUkQM8R+XVyWXgt0t97EfTsws+rZ7QdAAO671RrcDeLMDDav7v3Aun+kbfYNucpllQdSNpc5Oy
++fwC00fmcc4QAu4njIT/rEUNE1yDMuAlpYYsfPQS
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert021.pem b/test/rules/platform_certs/default/cert021.pem
new file mode 100644
index 000000000000..95f5124c7c93
--- /dev/null
+++ b/test/rules/platform_certs/default/cert021.pem
@@ -0,0 +1,20 @@
+DigiCert Assured ID Root CA
+-----BEGIN CERTIFICATE-----
+MIIDtzCCAp+gAwIBAgIQDOfg5RfYRv6P5WD8G/AwOTANBgkqhkiG9w0BAQUFADBlMQswCQYDVQQG
+EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSQw
+IgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgQ0EwHhcNMDYxMTEwMDAwMDAwWhcNMzEx
+MTEwMDAwMDAwWjBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQL
+ExB3d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgQ0Ew
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtDhXO5EOAXLGH87dg+XESpa7cJpSIqvTO
+9SA5KFhgDPiA2qkVlTJhPLWxKISKityfCgyDF3qPkKyK53lTXDGEKvYPmDI2dsze3Tyoou9q+yHy
+UmHfnyDXH+Kx2f4YZNISW1/5WBg1vEfNoTb5a3/UsDg+wRvDjDPZ2C8Y/igPs6eD1sNuRMBhNZYW
+/lmci3Zt1/GiSw0r/wty2p5g0I6QNcZ4VYcgoc/lbQrISXwxmDNsIumH0DJaoroTghHtORedmTpy
+oeb6pNnVFzF1roV9Iq4/AUaG9ih5yLHa5FcXxH4cDrC0kqZWs72yl+2qp/C3xag/lRbQ/6GW6whf
+GHdPAgMBAAGjYzBhMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRF
+66Kv9JLLgjEtUYunpyGd823IDzAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYunpyGd823IDzANBgkq
+hkiG9w0BAQUFAAOCAQEAog683+Lt8ONyc3pklL/3cmbYMuRCdWKuh+vy1dneVrOfzM4UKLkNl2Bc
+EkxY5NM9g0lFWJc1aRqoR+pWxnmrEthngYTffwk8lOa4JiwgvT2zKIn3X/8i4peEH+ll74fg38Fn
+SbNd67IJKusm7Xi+fT8r87cmNW1fiQG2SVufAQWbqz0lwcy2f8Lxb4bG+mRo64EtlOtCt/qMHt1i
+8b5QZ7dsvfPxH2sMNgcWfzd8qVttevESRmCD1ycEvkvOl77DZypoEd+A5wwzZr8TDRRu838fYxAe
++o0bJW1sj6W3YQGx0qMmoRBxna3iw/nDmVG3KwcIzi7mULKn+gpFL6Lw8g==
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert022.pem b/test/rules/platform_certs/default/cert022.pem
new file mode 100644
index 000000000000..838107962066
--- /dev/null
+++ b/test/rules/platform_certs/default/cert022.pem
@@ -0,0 +1,20 @@
+DigiCert Global Root CA
+-----BEGIN CERTIFICATE-----
+MIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBhMQswCQYDVQQG
+EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSAw
+HgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBDQTAeFw0wNjExMTAwMDAwMDBaFw0zMTExMTAw
+MDAwMDBaMGExCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3
+dy5kaWdpY2VydC5jb20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jvhEXLeqKTTo1eqUKKPC3eQyaKl7hLOllsBCSDMAZOn
+TjC3U/dDxGkAV53ijSLdhwZAAIEJzs4bg7/fzTtxRuLWZscFs3YnFo97nh6Vfe63SKMI2tavegw5
+BmV/Sl0fvBf4q77uKNd0f3p4mVmFaG5cIzJLv07A6Fpt43C/dxC//AH2hdmoRBBYMql1GNXRor5H
+4idq9Joz+EkIYIvUX7Q6hL+hqkpMfT7PT19sdl6gSzeRntwi5m3OFBqOasv+zbMUZBfHWymeMr/y
+7vrTC0LUq7dBMtoM1O/4gdW7jVg/tRvoSSiicNoxBN33shbyTApOB6jtSj1etX+jkMOvJwIDAQAB
+o2MwYTAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA95QNVbRTLtm
+8KPiGxvDl7I90VUwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUwDQYJKoZIhvcNAQEF
+BQADggEBAMucN6pIExIK+t1EnE9SsPTfrgT1eXkIoyQY/EsrhMAtudXH/vTBH1jLuG2cenTnmCmr
+EbXjcKChzUyImZOMkXDiqw8cvpOp/2PV5Adg06O/nVsJ8dWO41P0jmP6P6fbtGbfYmbW0W5BjfIt
+tep3Sp+dWOIrWcBAI+0tKIJFPnlUkiaY4IBIqDfv8NZ5YBberOgOzW6sRBc4L0na4UU+Krk2U886
+UAb3LujEV0lsYSEY1QSteDwsOoBrp+uvFRTp2InBuThs4pFsiv9kuXclVzDAGySj4dzp30d8tbQk
+CAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4=
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert023.pem b/test/rules/platform_certs/default/cert023.pem
new file mode 100644
index 000000000000..f3b42554e677
--- /dev/null
+++ b/test/rules/platform_certs/default/cert023.pem
@@ -0,0 +1,20 @@
+DigiCert High Assurance EV Root CA
+-----BEGIN CERTIFICATE-----
+MIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBsMQswCQYDVQQG
+EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSsw
+KQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5jZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAw
+MFoXDTMxMTExMDAwMDAwMFowbDELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZ
+MBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFu
+Y2UgRVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbM5XPm+9S75S0t
+Mqbf5YE/yc0lSbZxKsPVlDRnogocsF9ppkCxxLeyj9CYpKlBWTrT3JTWPNt0OKRKzE0lgvdKpVMS
+OO7zSW1xkX5jtqumX8OkhPhPYlG++MXs2ziS4wblCJEMxChBVfvLWokVfnHoNb9Ncgk9vjo4UFt3
+MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFBIk5lYYeBQVCmeVyJ3hlKV9Uu5l0cUyx+mM0aBhakaHPQ
+NAQTXKFx01p8VdteZOE3hzBWBOURtCmAEvF5OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUe
+h10aUAsgEsxBu24LUTi4S8sCAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMB
+Af8wHQYDVR0OBBYEFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaAFLE+w2kD+L9HAdSY
+JhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3NecnzyIZgYIVyHbIUf4KmeqvxgydkAQ
+V8GK83rZEWWONfqe/EW1ntlMMUu4kehDLI6zeM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFp
+myPInngiK3BD41VHMWEZ71jFhS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkK
+mNEVX58Svnw2Yzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe
+vEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep+OkuE6N36B9K
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert024.pem b/test/rules/platform_certs/default/cert024.pem
new file mode 100644
index 000000000000..1063f5be6ac1
--- /dev/null
+++ b/test/rules/platform_certs/default/cert024.pem
@@ -0,0 +1,18 @@
+DST Root CA X3
+-----BEGIN CERTIFICATE-----
+MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/MSQwIgYDVQQK
+ExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMTDkRTVCBSb290IENBIFgzMB4X
+DTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVowPzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1
+cmUgVHJ1c3QgQ28uMRcwFQYDVQQDEw5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBAN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmT
+rE4Orz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEqOLl5CjH9
+UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9bxiqKqy69cK3FCxolkHRy
+xXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40d
+utolucbY38EVAjqr2m7xPi71XAicPNaDaeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0T
+AQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQ
+MA0GCSqGSIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69ikug
+dB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXrAvHRAosZy5Q6XkjE
+GB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZzR8srzJmwN0jP41ZL9c8PDHIyh8bw
+RLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubS
+fZGL+T0yjWW06XyxV3bqxbYoOb8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert025.pem b/test/rules/platform_certs/default/cert025.pem
new file mode 100644
index 000000000000..4bd1dc0739c4
--- /dev/null
+++ b/test/rules/platform_certs/default/cert025.pem
@@ -0,0 +1,29 @@
+SwissSign Gold CA - G2
+-----BEGIN CERTIFICATE-----
+MIIFujCCA6KgAwIBAgIJALtAHEP1Xk+wMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkNIMRUw
+EwYDVQQKEwxTd2lzc1NpZ24gQUcxHzAdBgNVBAMTFlN3aXNzU2lnbiBHb2xkIENBIC0gRzIwHhcN
+MDYxMDI1MDgzMDM1WhcNMzYxMDI1MDgzMDM1WjBFMQswCQYDVQQGEwJDSDEVMBMGA1UEChMMU3dp
+c3NTaWduIEFHMR8wHQYDVQQDExZTd2lzc1NpZ24gR29sZCBDQSAtIEcyMIICIjANBgkqhkiG9w0B
+AQEFAAOCAg8AMIICCgKCAgEAr+TufoskDhJuqVAtFkQ7kpJcyrhdhJJCEyq8ZVeCQD5XJM1QiyUq
+t2/876LQwB8CJEoTlo8jE+YoWACjR8cGp4QjK7u9lit/VcyLwVcfDmJlD909Vopz2q5+bbqBHH5C
+jCA12UNNhPqE21Is8w4ndwtrvxEvcnifLtg+5hg3Wipy+dpikJKVyh+c6bM8K8vzARO/Ws/BtQpg
+vd21mWRTuKCWs2/iJneRjOBiEAKfNA+k1ZIzUd6+jbqEemA8atufK+ze3gE/bk3lUIbLtK/tREDF
+ylqM2tIrfKjuvqblCqoOpd8FUrdVxyJdMmqXl2MT28nbeTZ7hTpKxVKJ+STnnXepgv9VHKVxaSvR
+AiTysybUa9oEVeXBCsdtMDeQKuSeFDNeFhdVxVu1yzSJkvGdJo+hB9TGsnhQ2wwMC3wLjEHXuend
+jIj3o02yMszYF9rNt85mndT9Xv+9lz4pded+p2JYryU0pUHHPbwNUMoDAw8IWh+Vc3hiv69yFGkO
+peUDDniOJihC8AcLYiAQZzlG+qkDzAQ4embvIIO1jEpWjpEA/I5cgt6IoMPiaG59je883WX0XaxR
+7ySArqpWl2/5rX3aYT+YdzylkbYcjCbaZaIJbcHiVOO5ykxMgI93e2CaHt+28kgeDrpOVG2Y4OGi
+GqJ3UM/EY5LsRxmd6+ZrzsECAwEAAaOBrDCBqTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUw
+AwEB/zAdBgNVHQ4EFgQUWyV7lqRlUX64OfPAeGZe6Drn8O4wHwYDVR0jBBgwFoAUWyV7lqRlUX64
+OfPAeGZe6Drn8O4wRgYDVR0gBD8wPTA7BglghXQBWQECAQEwLjAsBggrBgEFBQcCARYgaHR0cDov
+L3JlcG9zaXRvcnkuc3dpc3NzaWduLmNvbS8wDQYJKoZIhvcNAQEFBQADggIBACe645R88a7A3hfm
+5djV9VSwg/S7zV4Fe0+fdWavPOhWfvxyeDgD2StiGwC5+OlgzczOUYrHUDFu4Up+GC9pWbY9ZIEr
+44OE5iKHjn3g7gKZYbge9LgriBIWhMIxkziWMaa5O1M/wySTVltpkuzFwbs4AOPsF6m43Md8AYOf
+Mke6UiI0HTJ6CVanfCU2qT1L2sCCbwq7EsiHSycR+R4tx5M/nttfJmtS2S6K8RTGRI0Vqbe/vd6m
+Gu6uLftIdxf+u+yvGPUqUfA5hJeVbG4bwyvEdGB5JbAKJ9/fXtI5z0V9QkvfsywexcZdylU6oJxp
+mo/a77KwPJ+HbBIrZXAVUjEaJM9vMSNQH4xPjyPDdEFjHFWoFN0+4FFQz/EbMFYOkrCChdiDyyJk
+vC24JdVUorgG6q2SpCSgwYa1ShNqR88uC1aVVMvOmttqtKay20EIhid392qgQmwLOM7XdVAyksLf
+KzAiSNDVQTglXaTpXZ/GlHXQRf0wl0OPkKsKx4ZzYEppLd6leNcG2mqeSz53OiATIgHQv2ieY2Br
+NU0LbbqhPcCT4H8js1WtciVORvnSFu+wZMEBnunKoGqYDs/YYPIvSbjkQuE4NRb0yG5P94FW6Lqj
+viOvrv1vA+ACOzB2+httQc8Bsem4yWb02ybzOqR08kkkW8mw0FfB+j564ZfJ
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert026.pem b/test/rules/platform_certs/default/cert026.pem
new file mode 100644
index 000000000000..62ab3c87b99b
--- /dev/null
+++ b/test/rules/platform_certs/default/cert026.pem
@@ -0,0 +1,29 @@
+SwissSign Silver CA - G2
+-----BEGIN CERTIFICATE-----
+MIIFvTCCA6WgAwIBAgIITxvUL1S7L0swDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UEBhMCQ0gxFTAT
+BgNVBAoTDFN3aXNzU2lnbiBBRzEhMB8GA1UEAxMYU3dpc3NTaWduIFNpbHZlciBDQSAtIEcyMB4X
+DTA2MTAyNTA4MzI0NloXDTM2MTAyNTA4MzI0NlowRzELMAkGA1UEBhMCQ0gxFTATBgNVBAoTDFN3
+aXNzU2lnbiBBRzEhMB8GA1UEAxMYU3dpc3NTaWduIFNpbHZlciBDQSAtIEcyMIICIjANBgkqhkiG
+9w0BAQEFAAOCAg8AMIICCgKCAgEAxPGHf9N4Mfc4yfjDmUO8x/e8N+dOcbpLj6VzHVxumK4DV644
+N0MvFz0fyM5oEMF4rhkDKxD6LHmD9ui5aLlV8gREpzn5/ASLHvGiTSf5YXu6t+WiE7brYT7QbNHm
++/pe7R20nqA1W6GSy/BJkv6FCgU+5tkL4k+73JU3/JHpMjUi0R86TieFnbAVlDLaYQ1HTWBCrpJH
+6INaUFjpiou5XaHc3ZlKHzZnu0jkg7Y360g6rw9njxcH6ATK72oxh9TAtvmUcXtnZLi2kUpCe2Uu
+MGoM9ZDulebyzYLs2aFK7PayS+VFheZteJMELpyCbTapxDFkH4aDCyr0NQp4yVXPQbBH6TCfmb5h
+qAaEuSh6XzjZG6k4sIN/c8HDO0gqgg8hm7jMqDXDhBuDsz6+pJVpATqJAHgE2cn0mRmrVn5bi4Y5
+FZGkECwJMoBgs5PAKrYYC51+jUnyEEp/+dVGLxmSo5mnJqy7jDzmDrxHB9xzUfFwZC8I+bRHHTBs
+ROopN4WSaGa8gzj+ezku01DwH/teYLappvonQfGbGHLy9YR0SslnxFSuSGTfjNFusB3hB48IHpmc
+celM2KX3RxIfdNFRnobzwqIjQAtz20um53MGjMGg6cFZrEb65i/4z3GcRm25xBWNOHkDRUjvxF3X
+CO6HOSKGsg0PWEP3calILv3q1h8CAwEAAaOBrDCBqTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/
+BAUwAwEB/zAdBgNVHQ4EFgQUF6DNweRBtjpbO8tFnb0cwpj6hlgwHwYDVR0jBBgwFoAUF6DNweRB
+tjpbO8tFnb0cwpj6hlgwRgYDVR0gBD8wPTA7BglghXQBWQEDAQEwLjAsBggrBgEFBQcCARYgaHR0
+cDovL3JlcG9zaXRvcnkuc3dpc3NzaWduLmNvbS8wDQYJKoZIhvcNAQEFBQADggIBAHPGgeAn0i0P
+4JUw4ppBf1AsX19iYamGamkYDHRJ1l2E6kFSGG9YrVBWIGrGvShpWJHckRE1qTodvBqlYJ7YH39F
+kWnZfrt4csEGDyrOj4VwYaygzQu4OSlWhDJOhrs9xCrZ1x9y7v5RoSJBsXECYxqCsGKrXlcSH9/L
+3XWgwF15kIwb4FDm3jH+mHtwX6WQ2K34ArZv02DdQEsixT2tOnqfGhpHkXkzuoLcMmkDlm4fS/Bx
+/uNncqCxv1yL5PqZIseEuRuNI5c/7SXgz2W79WEE790eslpBIlqhn10s6FvJbakMDHiqYMZWjwFa
+DGi8aRl5xB9+lwW/xekkUV7U1UtT7dkjWjYDZaPBA61BMPNGG4WQr2W11bHkFlt4dR2Xem1ZqSqP
+e97Dh4kQmUlzeMg9vVE1dCrV8X5pGyq7O70luJpaPXJhkGaH7gzWTdQRdAtq/gsD/KNVV4n+Ssuu
+WxcFyPKNIzFTONItaj+CuY0IavdeQXRuwxF+B6wpYJE/OMpXEA29MC/HpeZBoNquBYeaoKRlbEwJ
+DIm6uNO5wJOKMPqN5ZprFQFOZ6raYlY+hAhm0sQ2fac+EPyI4NSA5QC9qvNOBqN6avlicuMJT+ub
+DgEj8Z+7fNzcbBGXJbLytGMU0gYqZ4yD9c7qB9iaah7s5Aq7KkzrCWA5zspi2C5u
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert027.pem b/test/rules/platform_certs/default/cert027.pem
new file mode 100644
index 000000000000..c9bb1af7e170
--- /dev/null
+++ b/test/rules/platform_certs/default/cert027.pem
@@ -0,0 +1,19 @@
+GeoTrust Primary Certification Authority
+-----BEGIN CERTIFICATE-----
+MIIDfDCCAmSgAwIBAgIQGKy1av1pthU6Y2yv2vrEoTANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQG
+EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjExMC8GA1UEAxMoR2VvVHJ1c3QgUHJpbWFyeSBD
+ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjExMjcwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMFgx
+CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMTEwLwYDVQQDEyhHZW9UcnVzdCBQ
+cmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEAvrgVe//UfH1nrYNke8hCUy3f9oQIIGHWAVlqnEQRr+92/ZV+zmEwu3qDXwK9AWbK7hWN
+b6EwnL2hhZ6UOvNWiAAxz9juapYC2e0DjPt1befquFUWBRaa9OBesYjAZIVcFU2Ix7e64HXprQU9
+nceJSOC7KMgD4TCTZF5SwFlwIjVXiIrxlQqD17wxcwE07e9GceBrAqg1cmuXm2bgyxx5X9gaBGge
+RwLmnWDiNpcB3841kt++Z8dtd1k7j53WkBWUvEI0EME5+bEnPn7WinXFsq+W06Lem+SYvn3h6YGt
+tm/81w7a4DSwDRp35+MImO9Y+pyEtzavwt+s0vQQBnBxNQIDAQABo0IwQDAPBgNVHRMBAf8EBTAD
+AQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQULNVQQZcVi/CPNmFbSvtr2ZnJM5IwDQYJKoZI
+hvcNAQEFBQADggEBAFpwfyzdtzRP9YZRqSa+S7iq8XEN3GHHoOo0Hnp3DwQ16CePbJC/kRYkRj5K
+Ts4rFtULUh38H2eiAkUxT87z+gOneZ1TatnaYzr4gNfTmeGl4b7UVXGYNTq+k+qurUKykG/g/CFN
+NWMziUnWm07Kx+dOCQD32sfvmWKZd7aVIl6KoKv0uHiYyjgZmclynnjNS6yvGaBzEi38wkG6gZHa
+Floxt/m0cYASSJlyc1pZU8FjUjPtp8nSOQJw+uCxQmYpqptR7TBUIhRf2asdweSU8Pj1K/fqynhG
+1riR/aYNKxoUAT6A8EKglQdebc3MS6RFjasS6LPeWuWgfOgPIh1a6Vk=
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert028.pem b/test/rules/platform_certs/default/cert028.pem
new file mode 100644
index 000000000000..6549fc986a66
--- /dev/null
+++ b/test/rules/platform_certs/default/cert028.pem
@@ -0,0 +1,22 @@
+thawte Primary Root CA
+-----BEGIN CERTIFICATE-----
+MIIEIDCCAwigAwIBAgIQNE7VVyDV7exJ9C/ON9srbTANBgkqhkiG9w0BAQUFADCBqTELMAkGA1UE
+BhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2
+aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIwMDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhv
+cml6ZWQgdXNlIG9ubHkxHzAdBgNVBAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwHhcNMDYxMTE3
+MDAwMDAwWhcNMzYwNzE2MjM1OTU5WjCBqTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwg
+SW5jLjEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMv
+KGMpIDIwMDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxHzAdBgNVBAMT
+FnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCs
+oPD7gFnUnMekz52hWXMJEEUMDSxuaPFsW0hoSVk3/AszGcJ3f8wQLZU0HObrTQmnHNK4yZc2AreJ
+1CRfBsDMRJSUjQJib+ta3RGNKJpchJAQeg29dGYvajig4tVUROsdB58Hum/u6f1OCyn1PoSgAfGc
+q/gcfomk6KHYcWUNo1F77rzSImANuVud37r8UVsLr5iy6S7pBOhih94ryNdOwUxkHt3Ph1i6Sk/K
+aAcdHJ1KxtUvkcx8cXIcxcBn6zL9yZJclNqFwJu/U30rCfSMnZEfl2pSy94JNqR32HuHUETVPm4p
+afs5SSYeCaWAe0At6+gnhcn+Yf1+5nyXHdWdAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYD
+VR0PAQH/BAQDAgEGMB0GA1UdDgQWBBR7W0XPr87Lev0xkhpqtvNG61dIUDANBgkqhkiG9w0BAQUF
+AAOCAQEAeRHAS7ORtvzw6WfUDW5FvlXok9LOAz/t2iWwHVfLHjp2oEzsUHboZHIMpKnxuIvW1oeE
+uzLlQRHAd9mzYJ3rG9XRbkREqaYB7FViHXe4XI5ISXycO1cRrK1zN44veFyQaEfZYGDm/Ac9IiAX
+xPcW6cTYcvnIc3zfFi8VqT79aie2oetaupgf1eNNZAqdE8hhuvU5HIe6uL17In/2/qxAeeWsEG89
+jxt5dovEN7MhGITlNgDrYyCZuen+MwS7QcjBAvlEYyCegc5C09Y/LHbTY5xZ3Y+m4Q6gLkH3LpVH
+z7z9M/P2C2F+fpErgUfCJzDupxBdN49cOSvkBPB7jVaMaA==
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert029.pem b/test/rules/platform_certs/default/cert029.pem
new file mode 100644
index 000000000000..dab832fb884d
--- /dev/null
+++ b/test/rules/platform_certs/default/cert029.pem
@@ -0,0 +1,25 @@
+VeriSign Class 3 Public Primary Certification Authority - G5
+-----BEGIN CERTIFICATE-----
+MIIE0zCCA7ugAwIBAgIQGNrRniZ96LtKIVjNzGs7SjANBgkqhkiG9w0BAQUFADCByjELMAkGA1UE
+BhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBO
+ZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVk
+IHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRp
+ZmljYXRpb24gQXV0aG9yaXR5IC0gRzUwHhcNMDYxMTA4MDAwMDAwWhcNMzYwNzE2MjM1OTU5WjCB
+yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2ln
+biBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZvciBh
+dXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmlt
+YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQCvJAgIKXo1nmAMqudLO07cfLw8RRy7K+D+KQL5VwijZIUVJ/XxrcgxiV0i6CqqpkKz
+j/i5Vbext0uz/o9+B1fs70PbZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6/WhkcIzSdhD
+Y2pSS9KP6HBRTdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQGBO+QueQA5N06tRn/
+Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+rCpSx4/VBEnkjWNHiDxpg8v+R70r
+fk/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10/NIeWiu5T6CUVAgMBAAGjgbIwga8wDwYDVR0TAQH/
+BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2Uv
+Z2lmMCEwHzAHBgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVy
+aXNpZ24uY29tL3ZzbG9nby5naWYwHQYDVR0OBBYEFH/TZafC3ey78DAJ80M5+gKvMzEzMA0GCSqG
+SIb3DQEBBQUAA4IBAQCTJEowX2LP2BqYLz3q3JktvXf2pXkiOOzEp6B4Eq1iDkVwZMXnl2YtmAl+
+X6/WzChl8gGqCBpH3vn5fJJaCGkgDdk+bW48DW7Y5gaRQBi5+MHt39tBquCWIMnNZBU4gcmU7qKE
+KQsTb47bDN0lAtukixlE0kF6BWlKWE9gyn6CagsCqiUXObXbf+eEZSqVir2G3l6BFoMtEMze/aiC
+Km0oHw0LxOXnGiYZ4fQRbxC1lfznQgUy286dUV4otp6F01vvpX1FQHKOtw5rDgb7MzVIcbidJ4vE
+ZV8NhnacRHr2lVz2XTIIM6RUthg/aFzyQkqFOFSDX9HoLPKsEdao7WNq
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert030.pem b/test/rules/platform_certs/default/cert030.pem
new file mode 100644
index 000000000000..eebada208adf
--- /dev/null
+++ b/test/rules/platform_certs/default/cert030.pem
@@ -0,0 +1,20 @@
+SecureTrust CA
+-----BEGIN CERTIFICATE-----
+MIIDuDCCAqCgAwIBAgIQDPCOXAgWpa1Cf/DrJxhZ0DANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQG
+EwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24xFzAVBgNVBAMTDlNlY3VyZVRy
+dXN0IENBMB4XDTA2MTEwNzE5MzExOFoXDTI5MTIzMTE5NDA1NVowSDELMAkGA1UEBhMCVVMxIDAe
+BgNVBAoTF1NlY3VyZVRydXN0IENvcnBvcmF0aW9uMRcwFQYDVQQDEw5TZWN1cmVUcnVzdCBDQTCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKukgeWVzfX2FI7CT8rU4niVWJxB4Q2ZQCQX
+OZEzZum+4YOvYlyJ0fwkW2Gz4BERQRwdbvC4u/jep4G6pkjGnx29vo6pQT64lO0pGtSO0gMdA+9t
+DWccV9cGrcrI9f4Or2YlSASWC12juhbDCE/RRvgUXPLIXgGZbf2IzIaowW8xQmxSPmjL8xk037uH
+GFaAJsTQ3MBv396gwpEWoGQRS0S8Hvbn+mPeZqx2pHGj7DaUaHp3pLHnDi+BeuK1cobvomuL8A/b
+01k/unK8RCSc43Oz969XL0Imnal0ugBS8kvNU3xHCzaFDmapCJcWNFfBZveA4+1wVMeT4C4oFVmH
+ursCAwEAAaOBnTCBmjATBgkrBgEEAYI3FAIEBh4EAEMAQTALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/
+BAUwAwEB/zAdBgNVHQ4EFgQUQjK2FvoE/f5dS3rD/fdMQB1aQ68wNAYDVR0fBC0wKzApoCegJYYj
+aHR0cDovL2NybC5zZWN1cmV0cnVzdC5jb20vU1RDQS5jcmwwEAYJKwYBBAGCNxUBBAMCAQAwDQYJ
+KoZIhvcNAQEFBQADggEBADDtT0rhWDpSclu1pqNlGKa7UTt36Z3q059c4EVlew3KW+JwULKUBRSu
+SceNQQcSc5R+DCMh/bwQf2AQWnL1mA6s7Ll/3XpvXdMc9P+IBWlCqQVxyLesJugutIxq/3HcuLHf
+mbx8IVQr5Fiiu1cprp6poxkmD5kuCLDv/WnPmRoJjeOnnyvJNjR7JLN4TJUXpAYmHrZkUjZfYGfZ
+nMUFdAvnZyPSCPyI6a6Lf+Ew9Dd+/cYy2i2eRDAwbO4H3tI0/NL/QPZL9GZGBlSm8jIKYyYwa5vR
+3ItHuuG51WLQoqD0ZwV4KWMabwTW+MZMo5qxN7SN5ShLHZ4swrhovO0C7jE=
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert031.pem b/test/rules/platform_certs/default/cert031.pem
new file mode 100644
index 000000000000..5d24e1f3b233
--- /dev/null
+++ b/test/rules/platform_certs/default/cert031.pem
@@ -0,0 +1,20 @@
+Secure Global CA
+-----BEGIN CERTIFICATE-----
+MIIDvDCCAqSgAwIBAgIQB1YipOjUiolN9BPI8PjqpTANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQG
+EwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24xGTAXBgNVBAMTEFNlY3VyZSBH
+bG9iYWwgQ0EwHhcNMDYxMTA3MTk0MjI4WhcNMjkxMjMxMTk1MjA2WjBKMQswCQYDVQQGEwJVUzEg
+MB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24xGTAXBgNVBAMTEFNlY3VyZSBHbG9iYWwg
+Q0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvNS7YrGxVaQZx5RNoJLNP2MwhR/jx
+YDiJiQPpvepeRlMJ3Fz1Wuj3RSoC6zFh1ykzTM7HfAo3fg+6MpjhHZevj8fcyTiW89sa/FHtaMbQ
+bqR8JNGuQsiWUGMu4P51/pinX0kuleM5M2SOHqRfkNJnPLLZ/kG5VacJjnIFHovdRIWCQtBJwB1g
+8NEXLJXr9qXBkqPFwqcIYA1gBBCWeZ4WNOaptvolRTnIHmX5k/Wq8VLcmZg9pYYaDDUz+kulBAYV
+HDGA76oYa8J719rO+TMg1fW9ajMtgQT7sFzUnKPiXB3jqUJ1XnvUd+85VLrJChgbEplJL4hL/VBi
+0XPnj3pDAgMBAAGjgZ0wgZowEwYJKwYBBAGCNxQCBAYeBABDAEEwCwYDVR0PBAQDAgGGMA8GA1Ud
+EwEB/wQFMAMBAf8wHQYDVR0OBBYEFK9EBMJBfkiD2045AuzshHrmzsmkMDQGA1UdHwQtMCswKaAn
+oCWGI2h0dHA6Ly9jcmwuc2VjdXJldHJ1c3QuY29tL1NHQ0EuY3JsMBAGCSsGAQQBgjcVAQQDAgEA
+MA0GCSqGSIb3DQEBBQUAA4IBAQBjGghAfaReUw132HquHw0LURYD7xh8yOOvaliTFGCRsoTciE6+
+OYo68+aCiV0BN7OrJKQVDpI1WkpEXk5X+nXOH0jOZvQ8QCaSmGwb7iRGDBezUqXbpZGRzzfTb+cn
+CDpOGR86p1hcF895P4vkp9MmI50mD1hp/Ed+stCNi5O/KU9DaXR2Z0vPB4zmAve14bRDtUstFJ/5
+3CYNv6ZHdAbYiNE6KTCEztI5gGIbqMdXSbxqVVFnFUq+NQfk1XWYN3kwFNspnWzFacxHVaIw98xc
+f8LDmBxrThaA63p4ZUWiABqvDA1VZDRIuJK58bRQKfJPIx/abKwfROHdI3hRW8cW
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert032.pem b/test/rules/platform_certs/default/cert032.pem
new file mode 100644
index 000000000000..993c2b76ecae
--- /dev/null
+++ b/test/rules/platform_certs/default/cert032.pem
@@ -0,0 +1,22 @@
+COMODO Certification Authority
+-----BEGIN CERTIFICATE-----
+MIIEHTCCAwWgAwIBAgIQToEtioJl4AsC7j41AkblPTANBgkqhkiG9w0BAQUFADCBgTELMAkGA1UE
+BhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgG
+A1UEChMRQ09NT0RPIENBIExpbWl0ZWQxJzAlBgNVBAMTHkNPTU9ETyBDZXJ0aWZpY2F0aW9uIEF1
+dGhvcml0eTAeFw0wNjEyMDEwMDAwMDBaFw0yOTEyMzEyMzU5NTlaMIGBMQswCQYDVQQGEwJHQjEb
+MBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFD
+T01PRE8gQ0EgTGltaXRlZDEnMCUGA1UEAxMeQ09NT0RPIENlcnRpZmljYXRpb24gQXV0aG9yaXR5
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ECLi3LjkRv3UcEbVASY06m/weaKXTuH
++7uIzg3jLz8GlvCiKVCZrts7oVewdFFxze1CkU1B/qnI2GqGd0S7WWaXUF601CxwRM/aN5VCaTww
+xHGzUvAhTaHYujl8HJ6jJJ3ygxaYqhZ8Q5sVW7euNJH+1GImGEaaP+vB+fGQV+useg2L23IwambV
+4EajcNxo2f8ESIl33rXp+2dtQem8Ob0y2WIC8bGoPW43nOIv4tOiJovGuFVDiOEjPqXSJDlqR6sA
+1KGzqSX+DT+nHbrTUcELpNqsOO9VUCQFZUaTNE8tja3G1CEZ0o7KBWFxB3NH5YoZEr0ETc5OnKVI
+rLsm9wIDAQABo4GOMIGLMB0GA1UdDgQWBBQLWOWLxkwVN6RAqTCpIb5HNlpW/zAOBgNVHQ8BAf8E
+BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zBJBgNVHR8EQjBAMD6gPKA6hjhodHRwOi8vY3JsLmNvbW9k
+b2NhLmNvbS9DT01PRE9DZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNybDANBgkqhkiG9w0BAQUFAAOC
+AQEAPpiem/Yb6dc5t3iuHXIYSdOH5EOC6z/JqvWote9VfCFSZfnVDeFs9D6Mk3ORLgLETgdxb8CP
+OGEIqB6BCsAvIC9Bi5HcSEW88cbeunZrM8gALTFGTO3nnc+IlP8zwFboJIYmuNg4ON8qa90SzMc/
+RxdMosIGlgnW2/4/PEZB31jiVg88O8EckzXZOFKs7sjsLjBOlDW0JB9LeGna8gI4zJVSk/BwJVmc
+IGfE7vmLV2H0knZ9P4SNVbfo5azV8fUZVqZa+5Acr5Pr5RzUZ5ddBA6+C4OmF4O5MBKgxTMVBbkN
++8cFduPYSo38NBejxiEovjBFMR7HeL5YYTisO+IBZQ==
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert033.pem b/test/rules/platform_certs/default/cert033.pem
new file mode 100644
index 000000000000..632f1e71301d
--- /dev/null
+++ b/test/rules/platform_certs/default/cert033.pem
@@ -0,0 +1,21 @@
+Network Solutions Certificate Authority
+-----BEGIN CERTIFICATE-----
+MIID5jCCAs6gAwIBAgIQV8szb8JcFuZHFhfjkDFo4DANBgkqhkiG9w0BAQUFADBiMQswCQYDVQQG
+EwJVUzEhMB8GA1UEChMYTmV0d29yayBTb2x1dGlvbnMgTC5MLkMuMTAwLgYDVQQDEydOZXR3b3Jr
+IFNvbHV0aW9ucyBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDYxMjAxMDAwMDAwWhcNMjkxMjMx
+MjM1OTU5WjBiMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYTmV0d29yayBTb2x1dGlvbnMgTC5MLkMu
+MTAwLgYDVQQDEydOZXR3b3JrIFNvbHV0aW9ucyBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkvH6SMG3G2I4rC7xGzuAnlt7e+foS0zwzc7MEL7xx
+jOWftiJgPl9dzgn/ggwbmlFQGiaJ3dVhXRncEg8tCqJDXRfQNJIg6nPPOCwGJgl6cvf6UDL4wpPT
+aaIjzkGxzOTVHzbRijr4jGPiFFlp7Q3Tf2vouAPlT2rlmGNpSAW+Lv8ztumXWWn4Zxmuk2GWRBXT
+crA/vGp97Eh/jcOrqnErU2lBUzS1sLnFBgrEsEX1QV1uiUV7PTsmjHTC5dLRfbIR1PtYMiKagMnc
+/Qzpf14Dl847ABSHJ3A4qY5usyd2mFHgBeMhqxrVhSI8KbWaFsWAqPS7azCPL0YCorEMIuDTAgMB
+AAGjgZcwgZQwHQYDVR0OBBYEFCEwyfsA106Y2oeqKtCnLrFAMadMMA4GA1UdDwEB/wQEAwIBBjAP
+BgNVHRMBAf8EBTADAQH/MFIGA1UdHwRLMEkwR6BFoEOGQWh0dHA6Ly9jcmwubmV0c29sc3NsLmNv
+bS9OZXR3b3JrU29sdXRpb25zQ2VydGlmaWNhdGVBdXRob3JpdHkuY3JsMA0GCSqGSIb3DQEBBQUA
+A4IBAQC7rkvnt1frf6ott3NHhWrB5KUd5Oc86fRZZXe1eltajSU24HqXLjjAV2CDmAaDn7l2em5Q
+4LqILPxFzBiwmZVRDuwduIj/h1AcgsLj4DKAv6ALR8jDMe+ZZzKATxcheQxpXN5eNK4CtSbqUN9/
+GGUsyfJj4akH/nxxH2szJGoeBfcFaMBqEssuXmHLrijTfsK0ZpEmXzwuJF/LWA/rKOyvEZbz3Htv
+wKeI8lN3s2Berq4o2jUsbzRF0ybh3uxbTydrFny9RAQYgrOJeRcQcT16ohZO9QHNpGxlaKFJdlxD
+ydi8NmdspZS11My5vWo1ViHe2MPr+8ukYEywVaCge1ey
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert034.pem b/test/rules/platform_certs/default/cert034.pem
new file mode 100644
index 000000000000..32011efbc364
--- /dev/null
+++ b/test/rules/platform_certs/default/cert034.pem
@@ -0,0 +1,15 @@
+COMODO ECC Certification Authority
+-----BEGIN CERTIFICATE-----
+MIICiTCCAg+gAwIBAgIQH0evqmIAcFBUTAGem2OZKjAKBggqhkjOPQQDAzCBhTELMAkGA1UEBhMC
+R0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UE
+ChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBFQ0MgQ2VydGlmaWNhdGlvbiBB
+dXRob3JpdHkwHhcNMDgwMzA2MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMCR0Ix
+GzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMR
+Q09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBFQ0MgQ2VydGlmaWNhdGlvbiBBdXRo
+b3JpdHkwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQDR3svdcmCFYX7deSRFtSrYpn1PlILBs5BAH+X
+4QokPB0BBO490o0JlwzgdeT6+3eKKvUDYEs2ixYjFq0JcfRK9ChQtP6IHG4/bC8vCVlbpVsLM5ni
+wz2J+Wos77LTBumjQjBAMB0GA1UdDgQWBBR1cacZSBm8nZ3qQUfflMRId5nTeTAOBgNVHQ8BAf8E
+BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjEA7wNbeqy3eApyt4jf/7VG
+FAkK+qDmfQjGGoe9GKhzvSbKYAydzpmfz1wPMOG+FDHqAjAU9JM8SaczepBGR7NjfRObTrdvGDeA
+U/7dIOA1mjbRxwG55tzd8/8dLDoWV9mSOdY=
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert035.pem b/test/rules/platform_certs/default/cert035.pem
new file mode 100644
index 000000000000..9ba70f2b4b50
--- /dev/null
+++ b/test/rules/platform_certs/default/cert035.pem
@@ -0,0 +1,21 @@
+OISTE WISeKey Global Root GA CA
+-----BEGIN CERTIFICATE-----
+MIID8TCCAtmgAwIBAgIQQT1yx/RrH4FDffHSKFTfmjANBgkqhkiG9w0BAQUFADCBijELMAkGA1UE
+BhMCQ0gxEDAOBgNVBAoTB1dJU2VLZXkxGzAZBgNVBAsTEkNvcHlyaWdodCAoYykgMjAwNTEiMCAG
+A1UECxMZT0lTVEUgRm91bmRhdGlvbiBFbmRvcnNlZDEoMCYGA1UEAxMfT0lTVEUgV0lTZUtleSBH
+bG9iYWwgUm9vdCBHQSBDQTAeFw0wNTEyMTExNjAzNDRaFw0zNzEyMTExNjA5NTFaMIGKMQswCQYD
+VQQGEwJDSDEQMA4GA1UEChMHV0lTZUtleTEbMBkGA1UECxMSQ29weXJpZ2h0IChjKSAyMDA1MSIw
+IAYDVQQLExlPSVNURSBGb3VuZGF0aW9uIEVuZG9yc2VkMSgwJgYDVQQDEx9PSVNURSBXSVNlS2V5
+IEdsb2JhbCBSb290IEdBIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy0+zAJs9
+Nt350UlqaxBJH+zYK7LG+DKBKUOVTJoZIyEVRd7jyBxRVVuuk+g3/ytr6dTqvirdqFEr12bDYVxg
+Asj1znJ7O7jyTmUIms2kahnBAbtzptf2w93NvKSLtZlhuAGio9RN1AU9ka34tAhxZK9w8RxrfvbD
+d50kc3vkDIzh2TbhmYsFmQvtRTEJysIA2/dyoJaqlYfQjse2YXMNdmaM3Bu0Y6Kff5MTMPGhJ9vZ
+/yxViJGg4E8HsChWjBgbl0SOid3gF27nKu+POQoxhILYQBRJLnpB5Kf+42TMwVlxSywhp1t94B3R
+LoGbw9ho972WG6xwsRYUC9tguSYBBQIDAQABo1EwTzALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUw
+AwEB/zAdBgNVHQ4EFgQUswN+rja8sHnR3JQmthG+IbJphpQwEAYJKwYBBAGCNxUBBAMCAQAwDQYJ
+KoZIhvcNAQEFBQADggEBAEuh/wuHbrP5wUOxSPMowB0uyQlB+pQAHKSkq0lPjz0e701vvbyk9vIm
+MMkQyh2I+3QZH4VFvbBsUfk2ftv1TDI6QU9bR8/oCy22xBmddMVHxjtqD6wU2zz0c5ypBd8A3HR4
++vg1YFkCExh8vPtNsCBtQ7tgMHpnM1zFmdH4LTlSc/uMqpclXHLZCB6rTjzjgTGfA6b7wP4piFXa
+hNVQA7bihKOmNqoROgHhGEvWRGizPflTdISzRpFGlgC3gCy24eMQ4tui5yiPAZZiFj4A4xylNoEY
+okxSdsARo27mHbrjWr42U8U+dY+GaSlYU7Wcu2+fXMUY7N0v4ZjJ/L7fCg0=
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert036.pem b/test/rules/platform_certs/default/cert036.pem
new file mode 100644
index 000000000000..0a6a0cd53972
--- /dev/null
+++ b/test/rules/platform_certs/default/cert036.pem
@@ -0,0 +1,20 @@
+Certigna
+-----BEGIN CERTIFICATE-----
+MIIDqDCCApCgAwIBAgIJAP7c4wEPyUj/MA0GCSqGSIb3DQEBBQUAMDQxCzAJBgNVBAYTAkZSMRIw
+EAYDVQQKDAlEaGlteW90aXMxETAPBgNVBAMMCENlcnRpZ25hMB4XDTA3MDYyOTE1MTMwNVoXDTI3
+MDYyOTE1MTMwNVowNDELMAkGA1UEBhMCRlIxEjAQBgNVBAoMCURoaW15b3RpczERMA8GA1UEAwwI
+Q2VydGlnbmEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIaPHJ1tazNHUmgh7stL7q
+XOEm7RFHYeGifBZ4QCHkYJ5ayGPhxLGWkv8YbWkj4Sti993iNi+RB7lIzw7sebYs5zRLcAglozyH
+GxnygQcPOJAZ0xH+hrTy0V4eHpbNgGzOOzGTtvKg0KmVEn2lmsxryIRWijOp5yIVUxbwzBfsV1/p
+ogqYCd7jX5xv3EjjhQsVWqa6n6xI4wmy9/Qy3l40vhx4XUJbzg4ij02Q130yGLMLLGq/jj8UEYkg
+DncUtT2UCIf3JR7VsmAA7G8qKCVuKj4YYxclPz5EIBb2JsglrgVKtOdjLPOMFlN+XPsRGgjBRmKf
+Irjxwo1p3Po6WAbfAgMBAAGjgbwwgbkwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUGu3+QTmQ
+tCRZvgHyUtVF9lo53BEwZAYDVR0jBF0wW4AUGu3+QTmQtCRZvgHyUtVF9lo53BGhOKQ2MDQxCzAJ
+BgNVBAYTAkZSMRIwEAYDVQQKDAlEaGlteW90aXMxETAPBgNVBAMMCENlcnRpZ25hggkA/tzjAQ/J
+SP8wDgYDVR0PAQH/BAQDAgEGMBEGCWCGSAGG+EIBAQQEAwIABzANBgkqhkiG9w0BAQUFAAOCAQEA
+hQMeknH2Qq/ho2Ge6/PAD/Kl1NqV5ta+aDY9fm4fTIrv0Q8hbV6lUmPOEvjvKtpv6zf+EwLHyzs+
+ImvaYS5/1HI93TDhHkxAGYwP15zRgzB7mFncfca5DClMoTOi62c6ZYTTluLtdkVwj7Ur3vkj1klu
+PBS1xp81HlDQwY9qcEQCYsuuHWhBp6pX6FOqB9IG9tUUBguRA3UsbHK1YZWaDYu5Def131TN3ubY
+1gkIl2PlwS6wt0QmwCbAr1UwnjvVNioZBPRcHv/PLLf/0P2HQBHVESO7SMAhqaQoLf0V+LBOK/Qw
+WyH8EZE0vkHve52Xdf+XlcCWWC/qu0bXu+TZLg==
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert037.pem b/test/rules/platform_certs/default/cert037.pem
new file mode 100644
index 000000000000..d14681661ead
--- /dev/null
+++ b/test/rules/platform_certs/default/cert037.pem
@@ -0,0 +1,20 @@
+Cybertrust Global Root
+-----BEGIN CERTIFICATE-----
+MIIDoTCCAomgAwIBAgILBAAAAAABD4WqLUgwDQYJKoZIhvcNAQEFBQAwOzEYMBYGA1UEChMPQ3li
+ZXJ0cnVzdCwgSW5jMR8wHQYDVQQDExZDeWJlcnRydXN0IEdsb2JhbCBSb290MB4XDTA2MTIxNTA4
+MDAwMFoXDTIxMTIxNTA4MDAwMFowOzEYMBYGA1UEChMPQ3liZXJ0cnVzdCwgSW5jMR8wHQYDVQQD
+ExZDeWJlcnRydXN0IEdsb2JhbCBSb290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
++Mi8vRRQZhP/8NN57CPytxrHjoXxEnOmGaoQ25yiZXRadz5RfVb23CO21O1fWLE3TdVJDm71aofW
+0ozSJ8bi/zafmGWgE07GKmSb1ZASzxQG9Dvj1Ci+6A74q05IlG2OlTEQXO2iLb3VOm2yHLtgwEZL
+AfVJrn5GitB0jaEMAs7u/OePuGtm839EAL9mJRQr3RAwHQeWP032a7iPt3sMpTjr3kfb1V05/Iin
+89cqdPHoWqI7n1C6poxFNcJQZZXcY4Lv3b93TZxiyWNzFtApD0mpSPCzqrdsxacwOUBdrsTiXSZT
+8M4cIwhhqJQZugRiQOwfOHB3EgZxpzAYXSUnpQIDAQABo4GlMIGiMA4GA1UdDwEB/wQEAwIBBjAP
+BgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBS2CHsNesysIEyGVjJez6tuhS1wVzA/BgNVHR8EODA2
+MDSgMqAwhi5odHRwOi8vd3d3Mi5wdWJsaWMtdHJ1c3QuY29tL2NybC9jdC9jdHJvb3QuY3JsMB8G
+A1UdIwQYMBaAFLYIew16zKwgTIZWMl7Pq26FLXBXMA0GCSqGSIb3DQEBBQUAA4IBAQBW7wojoFRO
+lZfJ+InaRcHUowAl9B8Tq7ejhVhpwjCt2BWKLePJzYFa+HMjWqd8BfP9IjsO0QbE2zZMcwSO5bAi
+5MXzLqXZI+O4Tkogp24CJJ8iYGd7ix1yCcUxXOl5n4BHPa2hCwcUPUf/A2kaDAtE52Mlp3+yybh2
+hO0j9n0Hq0V+09+zv+mKts2oomcrUtW3ZfA5TGOgkXmTUg9U3YO7n9GPp1Nzw8v/MOx8BLjYRB+T
+X3EJIrduPuocA06dGiBh+4E37F78CkWr1+cXVdCg6mCbpvbjjFspwgZgFJ0tl0ypkxWdYcQBX0jW
+WL1WMRJOEcgh4LMRkWXbtKaIOM5V
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert038.pem b/test/rules/platform_certs/default/cert038.pem
new file mode 100644
index 000000000000..cf2d1496d727
--- /dev/null
+++ b/test/rules/platform_certs/default/cert038.pem
@@ -0,0 +1,29 @@
+ePKI Root Certification Authority
+-----BEGIN CERTIFICATE-----
+MIIFsDCCA5igAwIBAgIQFci9ZUdcr7iXAF7kBtK8nTANBgkqhkiG9w0BAQUFADBeMQswCQYDVQQG
+EwJUVzEjMCEGA1UECgwaQ2h1bmdod2EgVGVsZWNvbSBDby4sIEx0ZC4xKjAoBgNVBAsMIWVQS0kg
+Um9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNDEyMjAwMjMxMjdaFw0zNDEyMjAwMjMx
+MjdaMF4xCzAJBgNVBAYTAlRXMSMwIQYDVQQKDBpDaHVuZ2h3YSBUZWxlY29tIENvLiwgTHRkLjEq
+MCgGA1UECwwhZVBLSSBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjANBgkqhkiG9w0B
+AQEFAAOCAg8AMIICCgKCAgEA4SUP7o3biDN1Z82tH306Tm2d0y8U82N0ywEhajfqhFAHSyZbCUNs
+IZ5qyNUD9WBpj8zwIuQf5/dqIjG3LBXy4P4AakP/h2XGtRrBp0xtInAhijHyl3SJCRImHJ7K2RKi
+lTza6We/CKBk49ZCt0Xvl/T29de1ShUCWH2YWEtgvM3XDZoTM1PRYfl61dd4s5oz9wCGzh1NlDiv
+qOx4UXCKXBCDUSH3ET00hl7lSM2XgYI1TBnsZfZrxQWh7kcT1rMhJ5QQCtkkO7q+RBNGMD+XPNjX
+12ruOzjjK9SXDrkb5wdJfzcq+Xd4z1TtW0ado4AOkUPB1ltfFLqfpo0kR0BZv3I4sjZsN/+Z0V0O
+WQqraffAsgRFelQArr5T9rXn4fg8ozHSqf4hUmTFpmfwdQcGlBSBVcYn5AGPF8Fqcde+S/uUWH1+
+ETOxQvdibBjWzwloPn9s9h6PYq2lY9sJpx8iQkEeb5mKPtf5P0B6ebClAZLSnT0IFaUQAS2zMnao
+lQ2zepr7BxB4EW/hj8e6DyUadCrlHJhBmd8hh+iVBmoKs2pHdmX2Os+PYhcZewoozRrSgx4hxyy/
+vv9haLdnG7t4TY3OZ+XkwY63I2binZB1NJipNiuKmpS5nezMirH4JYlcWrYvjB9teSSnUmjDhDXi
+Zo1jDiVN1Rmy5nk3pyKdVDECAwEAAaNqMGgwHQYDVR0OBBYEFB4M97Zn8uGSJglFwFU5Lnc/Qkqi
+MAwGA1UdEwQFMAMBAf8wOQYEZyoHAAQxMC8wLQIBADAJBgUrDgMCGgUAMAcGBWcqAwAABBRFsMLH
+ClZ87lt4DJX5GFPBphzYEDANBgkqhkiG9w0BAQUFAAOCAgEACbODU1kBPpVJufGBuvl2ICO1J2B0
+1GqZNF5sAFPZn/KmsSQHRGoqxqWOeBLoR9lYGxMqXnmbnwoqZ6YlPwZpVnPDimZI+ymBV3QGypzq
+KOg4ZyYr8dW1P2WT+DZdjo2NQCCHGervJ8A9tDkPJXtoUHRVnAxZfVo9QZQlUgjgRywVMRnVvwdV
+xrsStZf0X4OFunHB2WyBEXYKCrC/gpf36j36+uwtqSiUO1bd0lEursC9CBWMd1I0ltabrNMdjmEP
+NXubrjlpC2JgQCA2j6/7Nu4tCEoduL+bXPjqpRugc6bY+G7gMwRfaKonh+3ZwZCc7b3jajWvY9+r
+GNm65ulK6lCKD2GTHuItGeIwlDWSXQ62B68ZgI9HkFFLLk3dheLSClIKF5r8GrBQAuUBo2M3IUxE
+xJtRmREOc5wGj1QupyheRDmHVi03vYVElOEMSyycw5KFNGHLD7ibSkNS/jQ6fbjpKdx2qcgw+BRx
+gMYeNkh0IkFch4LoGHGLQYlE535YW6i4jRPpp2zDR+2zGp1iro2C6pSe3VkQw63d4k3jMdXH7Ojy
+sP6SHhYKGvzZ8/gntsm+HbRsZJB/9OTEW9c3rkIO3aQab3yIVMUWbuF6aC74Or8NpDyJO3inTmOD
+BCEIZ43ygknQW/2xzQ+DhNQ+IIX3Sj0rnP0qCglN6oH4EZw=
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert039.pem b/test/rules/platform_certs/default/cert039.pem
new file mode 100644
index 000000000000..3f3078052e62
--- /dev/null
+++ b/test/rules/platform_certs/default/cert039.pem
@@ -0,0 +1,18 @@
+certSIGN ROOT CA
+-----BEGIN CERTIFICATE-----
+MIIDODCCAiCgAwIBAgIGIAYFFnACMA0GCSqGSIb3DQEBBQUAMDsxCzAJBgNVBAYTAlJPMREwDwYD
+VQQKEwhjZXJ0U0lHTjEZMBcGA1UECxMQY2VydFNJR04gUk9PVCBDQTAeFw0wNjA3MDQxNzIwMDRa
+Fw0zMTA3MDQxNzIwMDRaMDsxCzAJBgNVBAYTAlJPMREwDwYDVQQKEwhjZXJ0U0lHTjEZMBcGA1UE
+CxMQY2VydFNJR04gUk9PVCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALczuX7I
+JUqOtdu0KBuqV5Do0SLTZLrTk+jUrIZhQGpgV2hUhE28alQCBf/fm5oqrl0Hj0rDKH/v+yv6efHH
+rfAQUySQi2bJqIirr1qjAOm+ukbuW3N7LBeCgV5iLKECZbO9xSsAfsT8AzNXDe3i+s5dRdY4zTW2
+ssHQnIFKquSyAVwdj1+ZxLGt24gh65AIgoDzMKND5pCCrlUoSe1b16kQOA7+j0xbm0bqQfWwCHTD
+0IgztnzXdN/chNFDDnU5oSVAKOp4yw4sLjmdjItuFhwvJoIQ4uNllAoEwF73XVv4EOLQunpL+943
+AAAaWyjj0pxzPjKHmKHJUS/X3qwzs08CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8B
+Af8EBAMCAcYwHQYDVR0OBBYEFOCMm9slSbPxfIbWskKHC9BroNnkMA0GCSqGSIb3DQEBBQUAA4IB
+AQA+0hyJLjX8+HXd5n9liPRyTMks1zJO890ZeUe9jjtbkw9QSSQTaxQGcu8J06Gh40CEyecYMnQ8
+SG4Pn0vU9x7Tk4ZkVJdjclDVVc/6IJMCopvDI5NOFlV2oHB5bc0hH88vLbwZ44gx+FkagQnIl6Z0
+x2DEW8xXjrJ1/RsCCdtZb3KTafcxQdaIOL+Hsr0Wefmq5L6IJd1hJyMctTEHBDa0GpC9oHRxUIlt
+vBTjD4au8as+x6AJzKNI0eDbZOeStc+vckNwi/nDhDwTqn6Sm1dTk/pwwpEOMfmbZ13pljheX7Nz
+TogVZ96edhBiIL5VaZVDADlN9u6wWk5JRFRYX0KD
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert040.pem b/test/rules/platform_certs/default/cert040.pem
new file mode 100644
index 000000000000..1c0ff0054c29
--- /dev/null
+++ b/test/rules/platform_certs/default/cert040.pem
@@ -0,0 +1,21 @@
+GeoTrust Primary Certification Authority - G3
+-----BEGIN CERTIFICATE-----
+MIID/jCCAuagAwIBAgIQFaxulBmyeUtB9iepwxgPHzANBgkqhkiG9w0BAQsFADCBmDELMAkGA1UE
+BhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xOTA3BgNVBAsTMChjKSAyMDA4IEdlb1RydXN0
+IEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTE2MDQGA1UEAxMtR2VvVHJ1c3QgUHJpbWFy
+eSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEczMB4XDTA4MDQwMjAwMDAwMFoXDTM3MTIwMTIz
+NTk1OVowgZgxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMTkwNwYDVQQLEzAo
+YykgMjAwOCBHZW9UcnVzdCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxNjA0BgNVBAMT
+LUdlb1RydXN0IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMzCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBANziXmJYHTNXOTIz+uvLh4yn1ErdBojqZI4xmKU4kB6Yzy5j
+K/BGvESyiaHAKAxJcCGVn2TAppMSAmUmhsalifD614SgcK9PGpc/BkTVyetyEH3kMSj7HGHmKAdE
+c5IiaacDiGydY8hS2pgn5whMcD60yRLBxWeDXTPzAxHsatBT4tG6NmCUgLthY2xbF37fQJQeqw3C
+IShwiP/WJmxsYAQlTlV+fe+/lEjetx3dcI0FX4ilm/LC7urRQEFtYjgdVgbFA0dRIBn8exALDmKu
+dlW/X3e+PkkBUz2YJQN2JFodtNuJ6nnltrM7P7pMKEF/BqxqjsHQ9gUdfeZChuOl1UcCAwEAAaNC
+MEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMR5yo6hTgMdHNxr
+2zFblD4/MH8tMA0GCSqGSIb3DQEBCwUAA4IBAQAtxRPPVoB7eni9n64smefv2t+UXglpp+duaIy9
+cr5HqQ6XErhK8WTTOd8lNNTBzU6B8A8ExCSzNJbGpqow32hhc9f5joWJ7w5elShKKiePEI4ufIbE
+Ap7aDHdlDkQNkv39sxY2+hENHYwOB4lqKVb3cvTdFZx3NWZXqxNT2I7BQMXXExZacse3aQHEerGD
+AWh9jUGhlBjBJVz88P6DAod8DQ3PLghcSkANPuyBYeYk28rgDi0Hsj5W3I31QYUHSJsMC8tJP33s
+t/3LjWeJGqvtux6jAAgIFyqCXDFdRootD4abdNlF+9RAsXqqaC2Gspki4cErx5z481+oghLrGREt
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert041.pem b/test/rules/platform_certs/default/cert041.pem
new file mode 100644
index 000000000000..35274749ac64
--- /dev/null
+++ b/test/rules/platform_certs/default/cert041.pem
@@ -0,0 +1,15 @@
+thawte Primary Root CA - G2
+-----BEGIN CERTIFICATE-----
+MIICiDCCAg2gAwIBAgIQNfwmXNmET8k9Jj1Xm67XVjAKBggqhkjOPQQDAzCBhDELMAkGA1UEBhMC
+VVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjE4MDYGA1UECxMvKGMpIDIwMDcgdGhhd3RlLCBJbmMu
+IC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxJDAiBgNVBAMTG3RoYXd0ZSBQcmltYXJ5IFJvb3Qg
+Q0EgLSBHMjAeFw0wNzExMDUwMDAwMDBaFw0zODAxMTgyMzU5NTlaMIGEMQswCQYDVQQGEwJVUzEV
+MBMGA1UEChMMdGhhd3RlLCBJbmMuMTgwNgYDVQQLEy8oYykgMjAwNyB0aGF3dGUsIEluYy4gLSBG
+b3IgYXV0aG9yaXplZCB1c2Ugb25seTEkMCIGA1UEAxMbdGhhd3RlIFByaW1hcnkgUm9vdCBDQSAt
+IEcyMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEotWcgnuVnfFSeIf+iha/BebfowJPDQfGAFG6DAJS
+LSKkQjnE/o/qycG+1E3/n3qe4rF8mq2nhglzh9HnmuN6papu+7qzcMBniKI11KOasf2twu8x+qi5
+8/sIxpHR+ymVo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQU
+mtgAMADna3+FGO6Lts6KDPgR4bswCgYIKoZIzj0EAwMDaQAwZgIxAN344FdHW6fmCsO99YCKlzUN
+G4k8VIZ3KMqh9HneteY4sPBlcIx/AlTCv//YoT7ZzwIxAMSNlPzcU9LcnXgWHxUzI1NS41oxXZ3K
+rr0TKUQNJ1uo52icEvdYPy5yAlejj6EULg==
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert042.pem b/test/rules/platform_certs/default/cert042.pem
new file mode 100644
index 000000000000..c47e14ae28ea
--- /dev/null
+++ b/test/rules/platform_certs/default/cert042.pem
@@ -0,0 +1,22 @@
+thawte Primary Root CA - G3
+-----BEGIN CERTIFICATE-----
+MIIEKjCCAxKgAwIBAgIQYAGXt0an6rS0mtZLL/eQ+zANBgkqhkiG9w0BAQsFADCBrjELMAkGA1UE
+BhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2
+aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIwMDggdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhv
+cml6ZWQgdXNlIG9ubHkxJDAiBgNVBAMTG3RoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EgLSBHMzAeFw0w
+ODA0MDIwMDAwMDBaFw0zNzEyMDEyMzU5NTlaMIGuMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhh
+d3RlLCBJbmMuMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9uMTgwNgYD
+VQQLEy8oYykgMjAwOCB0aGF3dGUsIEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTEkMCIG
+A1UEAxMbdGhhd3RlIFByaW1hcnkgUm9vdCBDQSAtIEczMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAsr8nLPvb2FvdeHsbnndmgcs+vHyu86YnmjSjaDFxODNi5PNxZnmxqWWjpYvVj2At
+P0LMqmsywCPLLEHd5N/8YZzic7IilRFDGF/Eth9XbAoFWCLINkw6fKXRz4aviKdEAhN0cXMKQlkC
++BsUa0Lfb1+6a4KinVvnSr0eAXLbS3ToO39/fR8EtCab4LRarEc9VbjXsCZSKAExQGbY2SS99irY
+7CFJXJv2eul/VTV+lmuNk5Mny5K76qxAwJ/C+IDPXfRa3M50hqY+bAtTyr2SzhkGcuYMXDhpxwTW
+vGzOW/b3aJzcJRVIiKHpqfiYnODz1TEoYRFsZ5aNOZnLwkUkOQIDAQABo0IwQDAPBgNVHRMBAf8E
+BTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUrWyqlGCc7eT/+j4KdCtjA/e2Wb8wDQYJ
+KoZIhvcNAQELBQADggEBABpA2JVlrAmSicY59BDlqQ5mU1143vokkbvnRFHfxhY0Cu9qRFHqKweK
+A3rD6z8KLFIWoCtDuSWQP3CpMyVtRRooOyfPqsMpQhvfO0zAMzRbQYi/aytlryjvsvXDqmbOe1bu
+t8jLZ8HJnBoYuMTDSQPxYA5QzUbF83d597YV4Djbxy8ooAw/dyZ02SUS2jHaGh7cKUGRIjxpp7sC
+8rZcJwOJ9Abqm+RyguOhCcHpABnTPtRwa7pxpqpYrvS76Wy274fMm7v/OeZWYdMKp8RcTGB7BXcm
+er/YB1IsYvdwY9k5vG8cwnncdimvzsUsZAReiDZuMdRAGmI0Nj81Aa6sY6A=
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert043.pem b/test/rules/platform_certs/default/cert043.pem
new file mode 100644
index 000000000000..15754c10f138
--- /dev/null
+++ b/test/rules/platform_certs/default/cert043.pem
@@ -0,0 +1,16 @@
+GeoTrust Primary Certification Authority - G2
+-----BEGIN CERTIFICATE-----
+MIICrjCCAjWgAwIBAgIQPLL0SAoA4v7rJDteYD7DazAKBggqhkjOPQQDAzCBmDELMAkGA1UEBhMC
+VVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xOTA3BgNVBAsTMChjKSAyMDA3IEdlb1RydXN0IElu
+Yy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTE2MDQGA1UEAxMtR2VvVHJ1c3QgUHJpbWFyeSBD
+ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcyMB4XDTA3MTEwNTAwMDAwMFoXDTM4MDExODIzNTk1
+OVowgZgxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMTkwNwYDVQQLEzAoYykg
+MjAwNyBHZW9UcnVzdCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxNjA0BgNVBAMTLUdl
+b1RydXN0IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMjB2MBAGByqGSM49AgEG
+BSuBBAAiA2IABBWx6P0DFUPlrOuHNxFi79KDNlJ9RVcLSo17VDs6bl8VAsBQps8lL33KSLjHUGMc
+KiEIfJo22Av+0SbFWDEwKCXzXV2juLaltJLtbCyf691DiaI8S0iRHVDsJt/WYC69IaNCMEAwDwYD
+VR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFBVfNVdRVfslsq0DafwBo/q+
+EVXVMAoGCCqGSM49BAMDA2cAMGQCMGSWWaboCd6LuvpaiIjwH5HTRqjySkwCY/tsXzjbLkGTqQ7m
+ndwxHLKgpxgceeHHNgIwOlavmnRs9vuD4DPTCF+hnMJbn0bWtsuRBmOiBuczrD6ogRLQy7rQkgu2
+npaqBA+K
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert044.pem b/test/rules/platform_certs/default/cert044.pem
new file mode 100644
index 000000000000..570338d6a7ba
--- /dev/null
+++ b/test/rules/platform_certs/default/cert044.pem
@@ -0,0 +1,25 @@
+VeriSign Universal Root Certification Authority
+-----BEGIN CERTIFICATE-----
+MIIEuTCCA6GgAwIBAgIQQBrEZCGzEyEDDrvkEhrFHTANBgkqhkiG9w0BAQsFADCBvTELMAkGA1UE
+BhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBO
+ZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwOCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVk
+IHVzZSBvbmx5MTgwNgYDVQQDEy9WZXJpU2lnbiBVbml2ZXJzYWwgUm9vdCBDZXJ0aWZpY2F0aW9u
+IEF1dGhvcml0eTAeFw0wODA0MDIwMDAwMDBaFw0zNzEyMDEyMzU5NTlaMIG9MQswCQYDVQQGEwJV
+UzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdv
+cmsxOjA4BgNVBAsTMShjKSAyMDA4IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNl
+IG9ubHkxODA2BgNVBAMTL1ZlcmlTaWduIFVuaXZlcnNhbCBSb290IENlcnRpZmljYXRpb24gQXV0
+aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx2E3XrEBNNti1xWb/1hajCMj
+1mCOkdeQmIN65lgZOIzF9uVkhbSicfvtvbnazU0AtMgtc6XHaXGVHzk8skQHnOgO+k1KxCHfKWGP
+MiJhgsWHH26MfF8WIFFE0XBPV+rjHOPMee5Y2A7Cs0WTwCznmhcrewA3ekEzeOEz4vMQGn+HLL72
+9fdC4uW/h2KJXwBL38Xd5HVEMkE6HnFuacsLdUYI0crSK5XQz/u5QGtkjFdN/BMReYTtXlT2NJ8I
+AfMQJQYXStrxHXpma5hgZqTZ79IugvHw7wnqRMkVauIDbjPTrJ9VAMf2CGqUuV/c4DPxhGD5WycR
+tPwW8rtWaoAljQIDAQABo4GyMIGvMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMG0G
+CCsGAQUFBwEMBGEwX6FdoFswWTBXMFUWCWltYWdlL2dpZjAhMB8wBwYFKw4DAhoEFI/l0xqGrI2O
+a8PPgGrUSBgsexkuMCUWI2h0dHA6Ly9sb2dvLnZlcmlzaWduLmNvbS92c2xvZ28uZ2lmMB0GA1Ud
+DgQWBBS2d/ppSEefUxLVwuoHMnYH0ZcHGTANBgkqhkiG9w0BAQsFAAOCAQEASvj4sAPmLGd75JR3
+Y8xuTPl9Dg3cyLk1uXBPY/ok+myDjEedO2Pzmvl2MpWRsXe8rJq+seQxIcaBlVZaDrHC1LGmWazx
+Y8u4TB1ZkErvkBYoH1quEPuBUDgMbMzxPcP1Y+Oz4yHJJDnp/RVmRvQbEdBNc6N9Rvk97ahfYtTx
+P/jgdFcrGJ2BtMQo2pSXpXDrrB2+BxHw1dvd5Yzw1TKwg+ZX4o+/vqGqvz0dtdQ46tewXDpPaj+P
+wGZsY6rp2aQW9IHRlRQOfc2VNNnSj3BzgXucfr2YYdhFh5iQxeuGMMY1v/D/w1WIg0vvBZIGcfK4
+mJO37M2CYfE45k+XmCpajQ==
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert045.pem b/test/rules/platform_certs/default/cert045.pem
new file mode 100644
index 000000000000..426a600f809d
--- /dev/null
+++ b/test/rules/platform_certs/default/cert045.pem
@@ -0,0 +1,19 @@
+VeriSign Class 3 Public Primary Certification Authority - G4
+-----BEGIN CERTIFICATE-----
+MIIDhDCCAwqgAwIBAgIQL4D+I4wOIg9IZxIokYesszAKBggqhkjOPQQDAzCByjELMAkGA1UEBhMC
+VVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3
+b3JrMTowOAYDVQQLEzEoYykgMjAwNyBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVz
+ZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmlj
+YXRpb24gQXV0aG9yaXR5IC0gRzQwHhcNMDcxMTA1MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCByjEL
+MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBU
+cnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNyBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRo
+b3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5
+IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzQwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAASnVnp8
+Utpkmw4tXNherJI9/gHmGUo9FANL+mAnINmDiWn6VMaaGF5VKmTeBvaNSjutEDxlPZCIBIngMGGz
+rl0Bp3vefLK+ymVhAIau2o970ImtTR1ZmkGxvEeA3J5iw/mjgbIwga8wDwYDVR0TAQH/BAUwAwEB
+/zAOBgNVHQ8BAf8EBAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2UvZ2lmMCEw
+HzAHBgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVyaXNpZ24u
+Y29tL3ZzbG9nby5naWYwHQYDVR0OBBYEFLMWkf3upm7ktS5Jj4d4gYDs5bG1MAoGCCqGSM49BAMD
+A2gAMGUCMGYhDBgmYFo4e1ZC4Kf8NoRRkSAsdk1DPcQdhCPQrNZ8NQbOzWm9kA3bbEhCHQ6qQgIx
+AJw9SDkjOVgaFRJZap7v1VmyHVIsmXHNxynfGyphe3HR3vPA5Q06Sqotp9iGKt0uEA==
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert046.pem b/test/rules/platform_certs/default/cert046.pem
new file mode 100644
index 000000000000..6333238ed5d0
--- /dev/null
+++ b/test/rules/platform_certs/default/cert046.pem
@@ -0,0 +1,22 @@
+NetLock Arany (Class Gold) Főtanúsítvány
+-----BEGIN CERTIFICATE-----
+MIIEFTCCAv2gAwIBAgIGSUEs5AAQMA0GCSqGSIb3DQEBCwUAMIGnMQswCQYDVQQGEwJIVTERMA8G
+A1UEBwwIQnVkYXBlc3QxFTATBgNVBAoMDE5ldExvY2sgS2Z0LjE3MDUGA1UECwwuVGFuw7pzw610
+dsOhbnlraWFkw7NrIChDZXJ0aWZpY2F0aW9uIFNlcnZpY2VzKTE1MDMGA1UEAwwsTmV0TG9jayBB
+cmFueSAoQ2xhc3MgR29sZCkgRsWRdGFuw7pzw610dsOhbnkwHhcNMDgxMjExMTUwODIxWhcNMjgx
+MjA2MTUwODIxWjCBpzELMAkGA1UEBhMCSFUxETAPBgNVBAcMCEJ1ZGFwZXN0MRUwEwYDVQQKDAxO
+ZXRMb2NrIEtmdC4xNzA1BgNVBAsMLlRhbsO6c8OtdHbDoW55a2lhZMOzayAoQ2VydGlmaWNhdGlv
+biBTZXJ2aWNlcykxNTAzBgNVBAMMLE5ldExvY2sgQXJhbnkgKENsYXNzIEdvbGQpIEbFkXRhbsO6
+c8OtdHbDoW55MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxCRec75LbRTDofTjl5Bu
+0jBFHjzuZ9lk4BqKf8owyoPjIMHj9DrTlF8afFttvzBPhCf2nx9JvMaZCpDyD/V/Q4Q3Y1GLeqVw
+/HpYzY6b7cNGbIRwXdrzAZAj/E4wqX7hJ2Pn7WQ8oLjJM2P+FpD/sLj916jAwJRDC7bVWaaeVtAk
+H3B5r9s5VA1lddkVQZQBr17s9o3x/61k/iCa11zr/qYfCGSji3ZVrR47KGAuhyXoqq8fxmRGILdw
+fzzeSNuWU7c5d+Qa4scWhHaXWy+7GRWF+GmF9ZmnqfI0p6m2pgP8b4Y9VHx2BJtr+UBdADTHLpl1
+neWIA6pN+APSQnbAGwIDAKiLo0UwQzASBgNVHRMBAf8ECDAGAQH/AgEEMA4GA1UdDwEB/wQEAwIB
+BjAdBgNVHQ4EFgQUzPpnk/C2uNClwB7zU/2MU9+D15YwDQYJKoZIhvcNAQELBQADggEBAKt/7hwW
+qZw8UQCgwBEIBaeZ5m8BiFRhbvG5GK1Krf6BQCOUL/t1fC8oS2IkgYIL9WHxHG64YTjrgfpioTta
+YtOUZcTh5m2C+C8lcLIhJsFyUR+MLMOEkMNaj7rP9KdlpeuY0fsFskZ1FSNqb4VjMIDw1Z4fKRzC
+bLBQWV2QWzuoDTDPv31/zvGdg73JRm4gpvlhUbohL3u+pRVjodSVh/GeufOJ8z2FuLjbvrW5Kfna
+NwUASZQDhETnv0Mxz3WLJdH0pmT1kvarBes96aULNmLazAZfNou2XjG4Kvte9nHfRCaexOYNkbQu
+dZWAUWpLMKawYqGT8ZvYzsRjdT9ZR7E=
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert047.pem b/test/rules/platform_certs/default/cert047.pem
new file mode 100644
index 000000000000..a87baf6a45c8
--- /dev/null
+++ b/test/rules/platform_certs/default/cert047.pem
@@ -0,0 +1,30 @@
+Staat der Nederlanden Root CA - G2
+-----BEGIN CERTIFICATE-----
+MIIFyjCCA7KgAwIBAgIEAJiWjDANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJOTDEeMBwGA1UE
+CgwVU3RhYXQgZGVyIE5lZGVybGFuZGVuMSswKQYDVQQDDCJTdGFhdCBkZXIgTmVkZXJsYW5kZW4g
+Um9vdCBDQSAtIEcyMB4XDTA4MDMyNjExMTgxN1oXDTIwMDMyNTExMDMxMFowWjELMAkGA1UEBhMC
+TkwxHjAcBgNVBAoMFVN0YWF0IGRlciBOZWRlcmxhbmRlbjErMCkGA1UEAwwiU3RhYXQgZGVyIE5l
+ZGVybGFuZGVuIFJvb3QgQ0EgLSBHMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMVZ
+5291qj5LnLW4rJ4L5PnZyqtdj7U5EILXr1HgO+EASGrP2uEGQxGZqhQlEq0i6ABtQ8SpuOUfiUtn
+vWFI7/3S4GCI5bkYYCjDdyutsDeqN95kWSpGV+RLufg3fNU254DBtvPUZ5uW6M7XxgpT0GtJlvOj
+CwV3SPcl5XCsMBQgJeN/dVrlSPhOewMHBPqCYYdu8DvEpMfQ9XQ+pV0aCPKbJdL2rAQmPlU6Yiil
+e7Iwr/g3wtG61jj99O9JMDeZJiFIhQGp5Rbn3JBV3w/oOM2ZNyFPXfUib2rFEhZgF1XyZWampzCR
+OME4HYYEhLoaJXhena/MUGDWE4dS7WMfbWV9whUYdMrhfmQpjHLYFhN9C0lK8SgbIHRrxT3dsKpI
+CT0ugpTNGmXZK4iambwYfp/ufWZ8Pr2UuIHOzZgweMFvZ9C+X+Bo7d7iscksWXiSqt8rYGPy5V65
+48r6f1CGPqI0GAwJaCgRHOThuVw+R7oyPxjMW4T182t0xHJ04eOLoEq9jWYv6q012iDTiIJh8BIi
+trzQ1aTsr1SIJSQ8p22xcik/Plemf1WvbibG/ufMQFxRRIEKeN5KzlW/HdXZt1bv8Hb/C3m1r737
+qWmRRpdogBQ2HbN/uymYNqUg+oJgYjOk7Na6B6duxc8UpufWkjTYgfX8HV2qXB72o007uPc5AgMB
+AAGjgZcwgZQwDwYDVR0TAQH/BAUwAwEB/zBSBgNVHSAESzBJMEcGBFUdIAAwPzA9BggrBgEFBQcC
+ARYxaHR0cDovL3d3dy5wa2lvdmVyaGVpZC5ubC9wb2xpY2llcy9yb290LXBvbGljeS1HMjAOBgNV
+HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFJFoMocVHYnitfGsNig0jQt8YojrMA0GCSqGSIb3DQEBCwUA
+A4ICAQCoQUpnKpKBglBu4dfYszk78wIVCVBR7y29JHuIhjv5tLySCZa59sCrI2AGeYwRTlHSeYAz
++51IvuxBQ4EffkdAHOV6CMqqi3WtFMTC6GY8ggen5ieCWxjmD27ZUD6KQhgpxrRW/FYQoAUXvQwj
+f/ST7ZwaUb7dRUG/kSS0H4zpX897IZmflZ85OkYcbPnNe5yQzSipx6lVu6xiNGI1E0sUOlWDuYaN
+kqbG9AclVMwWVxJKgnjIFNkXgiYtXSAfea7+1HAWFpWD2DU5/1JddRwWxRNVz0fMdWVSSt7wsKfk
+CpYL+63C4iWEst3kvX5ZbJvw8NjnyvLplzh+ib7M+zkXYT9y2zqR2GUBGR2tUKRXCnxLvJxxcypF
+URmFzI79R6d0lR2o0a9OF7FpJsKqeFdbxU2n5Z4FF5TKsl+gSRiNNOkmbEgeqmiSBeGCc1qb3Adb
+CG19ndeNIdn8FCCqwkXfP+cAslHkwvgFuXkajDTznlvkN1trSt8sV4pAWja63XVECDdCcAz+3F4h
+oKOKwJCcaNpQ5kUQR3i2TtJlycM33+FCY7BXN0Ute4qcvwXqZVUz9zkQxSgqIXobisQk+T8VyJoV
+IPVVYpbtbZNQvOSqeK3Zywplh6ZmwcSBo3c6WB4L7oOLnR7SUqTMHW+wmG2UMbX4cQrcufx9MmDm
+66+KAQ==
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert048.pem b/test/rules/platform_certs/default/cert048.pem
new file mode 100644
index 000000000000..7e3c8df25c1a
--- /dev/null
+++ b/test/rules/platform_certs/default/cert048.pem
@@ -0,0 +1,18 @@
+Hongkong Post Root CA 1
+-----BEGIN CERTIFICATE-----
+MIIDMDCCAhigAwIBAgICA+gwDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UEBhMCSEsxFjAUBgNVBAoT
+DUhvbmdrb25nIFBvc3QxIDAeBgNVBAMTF0hvbmdrb25nIFBvc3QgUm9vdCBDQSAxMB4XDTAzMDUx
+NTA1MTMxNFoXDTIzMDUxNTA0NTIyOVowRzELMAkGA1UEBhMCSEsxFjAUBgNVBAoTDUhvbmdrb25n
+IFBvc3QxIDAeBgNVBAMTF0hvbmdrb25nIFBvc3QgUm9vdCBDQSAxMIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEArP84tulmAknjorThkPlAj3n54r15/gK97iSSHSL22oVyaf7XPwnU3ZG1
+ApzQjVrhVcNQhrkpJsLj2aDxaQMoIIBFIi1WpztUlVYiWR8o3x8gPW2iNr4joLFutbEnPzlTCeqr
+auh0ssJlXI6/fMN4hM2eFvz1Lk8gKgifd/PFHsSaUmYeSF7jEAaPIpjhZY4bXSNmO7ilMlHIhqqh
+qZ5/dpTCpmy3QfDVyAY45tQM4vM7TG1QjMSDJ8EThFk9nnV0ttgCXjqQesBCNnLsak3c78QA3xMY
+V18meMjWCnl3v/evt3a5pQuEF10Q6m/hq5URX208o1xNg1vysxmKgIsLhwIDAQABoyYwJDASBgNV
+HRMBAf8ECDAGAQH/AgEDMA4GA1UdDwEB/wQEAwIBxjANBgkqhkiG9w0BAQUFAAOCAQEADkbVPK7i
+h9legYsCmEEIjEy82tvuJxuC52pF7BaLT4Wg87JwvVqWuspube5Gi27nKi6Wsxkz67SfqLI37pio
+l7Yutmcn1KZJ/RyTZXaeQi/cImyaT/JaFTmxcdcrUehtHJjA2Sr0oYJ71clBoiMBdDhViw+5Lmei
+IAQ32pwL0xch4I+XeTRvhEgCIDMb5jREn5Fw9IBehEPCKdJsEhTkYY2sEJCehFC78JZvRZ+K88ps
+T/oROhUVRsPNH4NbLUES7VBnQRM9IauUiqpOfMGx+6fWtScvl6tu4B3i0RwsH0Ti/L6RoZz71ilT
+c4afU9hDDl3WY4JxHYB0yvbiAmvZWg==
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert049.pem b/test/rules/platform_certs/default/cert049.pem
new file mode 100644
index 000000000000..6bea4b13da3d
--- /dev/null
+++ b/test/rules/platform_certs/default/cert049.pem
@@ -0,0 +1,19 @@
+SecureSign RootCA11
+-----BEGIN CERTIFICATE-----
+MIIDbTCCAlWgAwIBAgIBATANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJKUDErMCkGA1UEChMi
+SmFwYW4gQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcywgSW5jLjEcMBoGA1UEAxMTU2VjdXJlU2lnbiBS
+b290Q0ExMTAeFw0wOTA0MDgwNDU2NDdaFw0yOTA0MDgwNDU2NDdaMFgxCzAJBgNVBAYTAkpQMSsw
+KQYDVQQKEyJKYXBhbiBDZXJ0aWZpY2F0aW9uIFNlcnZpY2VzLCBJbmMuMRwwGgYDVQQDExNTZWN1
+cmVTaWduIFJvb3RDQTExMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/XeqpRyQBTvL
+TJszi1oURaTnkBbR31fSIRCkF/3frNYfp+TbfPfs37gD2pRY/V1yfIw/XwFndBWW4wI8h9uuywGO
+wvNmxoVF9ALGOrVisq/6nL+k5tSAMJjzDbaTj6nU2DbysPyKyiyhFTOVMdrAG/LuYpmGYz+/3ZMq
+g6h2uRMft85OQoWPIucuGvKVCbIFtUROd6EgvanyTgp9UK31BQ1FT0Zx/Sg+U/sE2C3XZR1KG/rP
+O7AxmjVuyIsG0wCR8pQIZUyxNAYAeoni8McDWc/V1uinMrPmmECGxc0nEovMe863ETxiYAcjPitA
+bpSACW22s293bzUIUPsCh8U+iQIDAQABo0IwQDAdBgNVHQ4EFgQUW/hNT7KlhtQ60vFjmqC+CfZX
+t94wDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAKCh
+OBZmLqdWHyGcBvod7bkixTgm2E5P7KN/ed5GIaGHd48HCJqypMWvDzKYC3xmKbabfSVSSUOrTC4r
+bnpwrxYO4wJs+0LmGJ1F2FXI6Dvd5+H0LgscNFxsWEr7jIhQX5Ucv+2rIrVls4W6ng+4reV6G4pQ
+Oh29Dbx7VFALuUKvVaAYga1lme++5Jy/xIWrQbJUb9wlze144o4MjQlJ3WN7WmmWAiGovVJZ6X01
+y8hSyn+B/tlr0/cR7SXf+Of5pPpyl4RTDaXQMhhRdlkUbA/r7F+AjHVDg8OFmP9Mni0N5HeDk061
+lgeLKBObjBmNQSdJQO7e5iNEOdyhIta6A/I=
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert050.pem b/test/rules/platform_certs/default/cert050.pem
new file mode 100644
index 000000000000..23de03568974
--- /dev/null
+++ b/test/rules/platform_certs/default/cert050.pem
@@ -0,0 +1,22 @@
+Microsec e-Szigno Root CA 2009
+-----BEGIN CERTIFICATE-----
+MIIECjCCAvKgAwIBAgIJAMJ+QwRORz8ZMA0GCSqGSIb3DQEBCwUAMIGCMQswCQYDVQQGEwJIVTER
+MA8GA1UEBwwIQnVkYXBlc3QxFjAUBgNVBAoMDU1pY3Jvc2VjIEx0ZC4xJzAlBgNVBAMMHk1pY3Jv
+c2VjIGUtU3ppZ25vIFJvb3QgQ0EgMjAwOTEfMB0GCSqGSIb3DQEJARYQaW5mb0BlLXN6aWduby5o
+dTAeFw0wOTA2MTYxMTMwMThaFw0yOTEyMzAxMTMwMThaMIGCMQswCQYDVQQGEwJIVTERMA8GA1UE
+BwwIQnVkYXBlc3QxFjAUBgNVBAoMDU1pY3Jvc2VjIEx0ZC4xJzAlBgNVBAMMHk1pY3Jvc2VjIGUt
+U3ppZ25vIFJvb3QgQ0EgMjAwOTEfMB0GCSqGSIb3DQEJARYQaW5mb0BlLXN6aWduby5odTCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOn4j/NjrdqG2KfgQvvPkd6mJviZpWNwrZuuyjNA
+fW2WbqEORO7hE52UQlKavXWFdCyoDh2Tthi3jCyoz/tccbna7P7ofo/kLx2yqHWH2Leh5TvPmUpG
+0IMZfcChEhyVbUr02MelTTMuhTlAdX4UfIASmFDHQWe4oIBhVKZsTh/gnQ4H6cm6M+f+wFUoLAKA
+pxn1ntxVUwOXewdI/5n7N4okxFnMUBBjjqqpGrCEGob5X7uxUG6k0QrM1XF+H6cbfPVTbiJfyyvm
+1HxdrtbCxkzlBQHZ7Vf8wSN5/PrIJIOV87VqUQHQd9bpEqH5GoP7ghu5sJf0dgYzQ0mg/wu1+rUC
+AwEAAaOBgDB+MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBTLD8bf
+QkPMPcu1SCOhGnqmKrs0aDAfBgNVHSMEGDAWgBTLD8bfQkPMPcu1SCOhGnqmKrs0aDAbBgNVHREE
+FDASgRBpbmZvQGUtc3ppZ25vLmh1MA0GCSqGSIb3DQEBCwUAA4IBAQDJ0Q5eLtXMs3w+y/w9/w0o
+lZMEyL/azXm4Q5DwpL7v8u8hmLzU1F0G9u5C7DBsoKqpyvGvivo/C3NqPuouQH4frlRheesuCDfX
+I/OMn74dseGkddug4lQUsbocKaQY9hK6ohQU4zE1yED/t+AFdlfBHFny+L/k7SViXITwfn4fs775
+tyERzAMBVnCnEJIeGzSBHq2cGsMEPO0CYdYeBvNfOofyK/FFh+U9rNHHV4S9a67c2Pm2G2JwCz02
+yULyMtd6YebS2z3PyKnJm9zbWETXbzivf3jTo60adbocwTZ8jx5tHMN1Rq41Bab2XD0h7lbwyYIi
+LXpUq3DDfSJlgnCW
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert051.pem b/test/rules/platform_certs/default/cert051.pem
new file mode 100644
index 000000000000..7917400e8383
--- /dev/null
+++ b/test/rules/platform_certs/default/cert051.pem
@@ -0,0 +1,19 @@
+GlobalSign Root CA - R3
+-----BEGIN CERTIFICATE-----
+MIIDXzCCAkegAwIBAgILBAAAAAABIVhTCKIwDQYJKoZIhvcNAQELBQAwTDEgMB4GA1UECxMXR2xv
+YmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkdsb2JhbFNpZ24xEzARBgNVBAMTCkdsb2Jh
+bFNpZ24wHhcNMDkwMzE4MTAwMDAwWhcNMjkwMzE4MTAwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxT
+aWduIFJvb3QgQ0EgLSBSMzETMBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2ln
+bjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMwldpB5BngiFvXAg7aEyiie/QV2EcWt
+iHL8RgJDx7KKnQRfJMsuS+FggkbhUqsMgUdwbN1k0ev1LKMPgj0MK66X17YUhhB5uzsTgHeMCOFJ
+0mpiLx9e+pZo34knlTifBtc+ycsmWQ1z3rDI6SYOgxXG71uL0gRgykmmKPZpO/bLyCiR5Z2KYVc3
+rHQU3HTgOu5yLy6c+9C7v/U9AOEGM+iCK65TpjoWc4zdQQ4gOsC0p6Hpsk+QLjJg6VfLuQSSaGjl
+OCZgdbKfd/+RFO+uIEn8rUAVSNECMWEZXriX7613t2Saer9fwRPvm2L7DWzgVGkWqQPabumDk3F2
+xmmFghcCAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE
+FI/wS3+oLkUkrk1Q+mOai97i3Ru8MA0GCSqGSIb3DQEBCwUAA4IBAQBLQNvAUKr+yAzv95ZURUm7
+lgAJQayzE4aGKAczymvmdLm6AC2upArT9fHxD4q/c2dKg8dEe3jgr25sbwMpjjM5RcOO5LlXbKr8
+EpbsU8Yt5CRsuZRj+9xTaGdWPoO4zzUhw8lo/s7awlOqzJCK6fBdRoyV3XpYKBovHd7NADdBj+1E
+bddTKJd+82cEHhXXipa0095MJ6RMG3NzdvQXmcIfeg7jLQitChws/zyrVQ4PkX4268NXSb7hLi18
+YIvDQVETI53O9zJrlAGomecsMx86OyXShkDOOyyGeMlhLxS67ttVb9+E7gUJTb0o2HLO02JQZR7r
+kpeDMdmztcpHWD9f
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert052.pem b/test/rules/platform_certs/default/cert052.pem
new file mode 100644
index 000000000000..751d1d493329
--- /dev/null
+++ b/test/rules/platform_certs/default/cert052.pem
@@ -0,0 +1,31 @@
+Autoridad de Certificacion Firmaprofesional CIF A62634068
+-----BEGIN CERTIFICATE-----
+MIIGFDCCA/ygAwIBAgIIU+w77vuySF8wDQYJKoZIhvcNAQEFBQAwUTELMAkGA1UEBhMCRVMxQjBA
+BgNVBAMMOUF1dG9yaWRhZCBkZSBDZXJ0aWZpY2FjaW9uIEZpcm1hcHJvZmVzaW9uYWwgQ0lGIEE2
+MjYzNDA2ODAeFw0wOTA1MjAwODM4MTVaFw0zMDEyMzEwODM4MTVaMFExCzAJBgNVBAYTAkVTMUIw
+QAYDVQQDDDlBdXRvcmlkYWQgZGUgQ2VydGlmaWNhY2lvbiBGaXJtYXByb2Zlc2lvbmFsIENJRiBB
+NjI2MzQwNjgwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDKlmuO6vj78aI14H9M2uDD
+Utd9thDIAl6zQyrET2qyyhxdKJp4ERppWVevtSBC5IsP5t9bpgOSL/UR5GLXMnE42QQMcas9UX4P
+B99jBVzpv5RvwSmCwLTaUbDBPLutN0pcyvFLNg4kq7/DhHf9qFD0sefGL9ItWY16Ck6WaVICqjaY
+7Pz6FIMMNx/Jkjd/14Et5cS54D40/mf0PmbR0/RAz15iNA9wBj4gGFrO93IbJWyTdBSTo3OxDqqH
+ECNZXyAFGUftaI6SEspd/NYrspI8IM/hX68gvqB2f3bl7BqGYTM+53u0P6APjqK5am+5hyZvQWyI
+plD9amML9ZMWGxmPsu2bm8mQ9QEM3xk9Dz44I8kvjwzRAv4bVdZO0I08r0+k8/6vKtMFnXkIoctX
+MbScyJCyZ/QYFpM6/EfY0XiWMR+6KwxfXZmtY4laJCB22N/9q06mIqqdXuYnin1oKaPnirjaEbsX
+LZmdEyRG98Xi2J+Of8ePdG1asuhy9azuJBCtLxTa/y2aRnFHvkLfuwHb9H/TKI8xWVvTyQKmtFLK
+bpf7Q8UIJm+K9Lv9nyiqDdVF8xM6HdjAeI9BZzwelGSuewvF6NkBiDkal4ZkQdU7hwxu+g/GvUgU
+vzlN1J5Bto+WHWOWk9mVBngxaJ43BjuAiUVhOSPHG0SjFeUc+JIwuwIDAQABo4HvMIHsMBIGA1Ud
+EwEB/wQIMAYBAf8CAQEwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBRlzeurNR4APn7VdMActHNH
+DhpkLzCBpgYDVR0gBIGeMIGbMIGYBgRVHSAAMIGPMC8GCCsGAQUFBwIBFiNodHRwOi8vd3d3LmZp
+cm1hcHJvZmVzaW9uYWwuY29tL2NwczBcBggrBgEFBQcCAjBQHk4AUABhAHMAZQBvACAAZABlACAA
+bABhACAAQgBvAG4AYQBuAG8AdgBhACAANAA3ACAAQgBhAHIAYwBlAGwAbwBuAGEAIAAwADgAMAAx
+ADcwDQYJKoZIhvcNAQEFBQADggIBABd9oPm03cXF661LJLWhAqvdpYhKsg9VSytXjDvlMd3+xDLx
+51tkljYyGOylMnfX40S2wBEqgLk9am58m9Ot/MPWo+ZkKXzR4Tgegiv/J2Wv+xYVxC5xhOW1//qk
+R71kMrv2JYSiJ0L1ILDCExARzRAVukKQKtJE4ZYm6zFIEv0q2skGz3QeqUvVhyj5eTSSPi5E6PaP
+T481PyWzOdxjKpBrIF/EUhJOlywqrJ2X3kjyo2bbwtKDlaZmp54lD+kLM5FlClrD2VQS3a/DTg4f
+Jl4N3LON7NWBcN7STyQF82xO9UxJZo3R/9ILJUFI/lGExkKvgATP0H5kSeTy36LssUzAKh3ntLFl
+osS88Zj0qnAHY7S42jtM+kAiMFsRpvAFDsYCA0irhpuF3dvd6qJ2gHN99ZwExEWN57kci57q13XR
+crHedUTnQn3iV2t93Jm8PYMo6oCTjcVMZcFwgbg4/EMxsvYDNEeyrPsiBsse3RdHHF9mudMaotoR
+saS8I8nkvof/uZS2+F0gStRf571oe2XyFR7SOqkt6dhrJKyXWERHrVkY8SFlcN7ONGCoQPHzPKTD
+KCOM/iczQ0CgFzzr6juwcqajuUpLXhZI9LK8yIySxZ2frHI2vDSANGupi5LAuBft7HZT9SQBjLMi
+6Et8Vcad+qMUu2WFbm5PEn4KPJ2V
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert053.pem b/test/rules/platform_certs/default/cert053.pem
new file mode 100644
index 000000000000..52e7459c17f3
--- /dev/null
+++ b/test/rules/platform_certs/default/cert053.pem
@@ -0,0 +1,30 @@
+Izenpe.com
+-----BEGIN CERTIFICATE-----
+MIIF8TCCA9mgAwIBAgIQALC3WhZIX7/hy/WL1xnmfTANBgkqhkiG9w0BAQsFADA4MQswCQYDVQQG
+EwJFUzEUMBIGA1UECgwLSVpFTlBFIFMuQS4xEzARBgNVBAMMCkl6ZW5wZS5jb20wHhcNMDcxMjEz
+MTMwODI4WhcNMzcxMjEzMDgyNzI1WjA4MQswCQYDVQQGEwJFUzEUMBIGA1UECgwLSVpFTlBFIFMu
+QS4xEzARBgNVBAMMCkl6ZW5wZS5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDJ
+03rKDx6sp4boFmVqscIbRTJxldn+EFvMr+eleQGPicPK8lVx93e+d5TzcqQsRNiekpsUOqHnJJAK
+ClaOxdgmlOHZSOEtPtoKct2jmRXagaKH9HtuJneJWK3W6wyyQXpzbm3benhB6QiIEn6HLmYRY2xU
++zydcsC8Lv/Ct90NduM61/e0aL6i9eOBbsFGb12N4E3GVFWJGjMxCrFXuaOKmMPsOzTFlUFpfnXC
+PCDFYbpRR6AgkJOhkEvzTnyFRVSa0QUmQbC1TR0zvsQDyCV8wXDbO/QJLVQnSKwv4cSsPsjLkkxT
+OTcj7NMB+eAJRE1NZMDhDVqHIrytG6P+JrUV86f8hBnp7KGItERphIPzidF0BqnMC9bC3ieFUCbK
+F7jJeodWLBoBHmy+E60QrLUk9TiRodZL2vG70t5HtfG8gfZZa88ZU+mNFctKy6lvROUbQc/hhqfK
+0GqfvEyNBjNaooXlkDWgYlwWTvDjovoDGrQscbNYLN57C9saD+veIR8GdwYDsMnvmfzAuU8Lhij+
+0rnq49qlw0dpEuDb8PYZi+17cNcC1u2HGCgsBCRMd+RIihrGO5rUD8r6ddIBQFqNeb+Lz0vPqhbB
+leStTIo+F5HUsWLlguWABKQDfo2/2n+iD5dPDNMN+9fR5XJ+HMh3/1uaD7euBUbl8agW7EekFwID
+AQABo4H2MIHzMIGwBgNVHREEgagwgaWBD2luZm9AaXplbnBlLmNvbaSBkTCBjjFHMEUGA1UECgw+
+SVpFTlBFIFMuQS4gLSBDSUYgQTAxMzM3MjYwLVJNZXJjLlZpdG9yaWEtR2FzdGVpeiBUMTA1NSBG
+NjIgUzgxQzBBBgNVBAkMOkF2ZGEgZGVsIE1lZGl0ZXJyYW5lbyBFdG9yYmlkZWEgMTQgLSAwMTAx
+MCBWaXRvcmlhLUdhc3RlaXowDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0O
+BBYEFB0cZQ6o8iV7tJHP5LGx5r1VdGwFMA0GCSqGSIb3DQEBCwUAA4ICAQB4pgwWSp9MiDrAyw6l
+Fn2fuUhfGI8NYjb2zRlrrKvV9pF9rnHzP7MOeIWblaQnIUdCSnxIOvVFfLMMjlF4rJUT3sb9fbga
+kEyrkgPH7UIBzg/YsfqikuFgba56awmqxinuaElnMIAkejEWOVt+8Rwu3WwJrfIxwYJOubv5vr8q
+hT/AQKM6WfxZSzwoJNu0FXWuDYi6LnPAvViH5ULy617uHjAimcs30cQhbIHsvm0m5hzkQiCeR7Cs
+g1lwLDXWrzY0tM07+DKo7+N4ifuNRSzanLh+QBxh5z6ikixL8s36mLYp//Pye6kfLqCTVyvehQP5
+aTfLnnhqBbTFMXiJ7HqnheG5ezzevh55hM6fcA5ZwjUukCox2eRFekGkLhObNA5me0mrZJfQRsN5
+nXJQY6aYWwa9SG3YOYNw6DXwBdGqvOPbyALqfP2C2sJbUjWumDqtujWTI6cfSN01RpiyEGjkpTHC
+ClguGYEQyVB1/OpaFs4R1+7vUIgtYf8/QnMFlEPVjjxOAToZpR9GTnfQXeWBIiGH/pR9hNiTrdZo
+Q0iy2+tzJOeRf1SktoA+naM8THLCV8Sg1Mw4J87VBp6iSNnpn86CcDaTmjvfliHjWbcM2pE38P1Z
+WrOZyGlsQyYBNWNgVYkDOnXYukrZVP/u3oDYLdE41V4tC5h9Pmzb/CaIxw==
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert054.pem b/test/rules/platform_certs/default/cert054.pem
new file mode 100644
index 000000000000..ba9343141530
--- /dev/null
+++ b/test/rules/platform_certs/default/cert054.pem
@@ -0,0 +1,36 @@
+Chambers of Commerce Root - 2008
+-----BEGIN CERTIFICATE-----
+MIIHTzCCBTegAwIBAgIJAKPaQn6ksa7aMA0GCSqGSIb3DQEBBQUAMIGuMQswCQYDVQQGEwJFVTFD
+MEEGA1UEBxM6TWFkcmlkIChzZWUgY3VycmVudCBhZGRyZXNzIGF0IHd3dy5jYW1lcmZpcm1hLmNv
+bS9hZGRyZXNzKTESMBAGA1UEBRMJQTgyNzQzMjg3MRswGQYDVQQKExJBQyBDYW1lcmZpcm1hIFMu
+QS4xKTAnBgNVBAMTIENoYW1iZXJzIG9mIENvbW1lcmNlIFJvb3QgLSAyMDA4MB4XDTA4MDgwMTEy
+Mjk1MFoXDTM4MDczMTEyMjk1MFowga4xCzAJBgNVBAYTAkVVMUMwQQYDVQQHEzpNYWRyaWQgKHNl
+ZSBjdXJyZW50IGFkZHJlc3MgYXQgd3d3LmNhbWVyZmlybWEuY29tL2FkZHJlc3MpMRIwEAYDVQQF
+EwlBODI3NDMyODcxGzAZBgNVBAoTEkFDIENhbWVyZmlybWEgUy5BLjEpMCcGA1UEAxMgQ2hhbWJl
+cnMgb2YgQ29tbWVyY2UgUm9vdCAtIDIwMDgwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC
+AQCvAMtwNyuAWko6bHiUfaN/Gh/2NdW928sNRHI+JrKQUrpjOyhYb6WzbZSm891kDFX29ufyIiKA
+XuFixrYp4YFs8r/lfTJqVKAyGVn+H4vXPWCGhSRv4xGzdz4gljUha7MI2XAuZPeEklPWDrCQiorj
+h40G072QDuKZoRuGDtqaCrsLYVAGUvGef3bsyw/QHg3PmTA9HMRFEFis1tPo1+XqxQEHd9ZR5gN/
+ikilTWh1uem8nk4ZcfUyS5xtYBkL+8ydddy/Js2Pk3g5eXNeJQ7KXOt3EgfLZEFHcpOrUMPrCXZk
+NNI5t3YRCQ12RcSprj1qr7V9ZS+UWBDsXHyvfuK2GNnQm05aSd+pZgvMPMZ4fKecHePOjlO+Bd5g
+D2vlGts/4+EhySnB8esHnFIbAURRPHsl18TlUlRdJQfKFiC4reRB7noI/plvg6aRArBsNlVq5331
+lubKgdaX8ZSD6e2wsWsSaR6s+12pxZjptFtYer49okQ6Y1nUCyXeG0+95QGezdIp1Z8XGQpvvwyQ
+0wlf2eOKNcx5Wk0ZN5K3xMGtr/R5JJqyAQuxr1yW84Ay+1w9mPGgP0revq+ULtlVmhduYJ1jbLhj
+ya6BXBg14JC7vjxPNyK5fuvPnnchpj04gftI2jE9K+OJ9dC1vX7gUMQSibMjmhAxhduub+84Mxh2
+EQIDAQABo4IBbDCCAWgwEgYDVR0TAQH/BAgwBgEB/wIBDDAdBgNVHQ4EFgQU+SSsD7K1+HnA+mCI
+G8TZTQKeFxkwgeMGA1UdIwSB2zCB2IAU+SSsD7K1+HnA+mCIG8TZTQKeFxmhgbSkgbEwga4xCzAJ
+BgNVBAYTAkVVMUMwQQYDVQQHEzpNYWRyaWQgKHNlZSBjdXJyZW50IGFkZHJlc3MgYXQgd3d3LmNh
+bWVyZmlybWEuY29tL2FkZHJlc3MpMRIwEAYDVQQFEwlBODI3NDMyODcxGzAZBgNVBAoTEkFDIENh
+bWVyZmlybWEgUy5BLjEpMCcGA1UEAxMgQ2hhbWJlcnMgb2YgQ29tbWVyY2UgUm9vdCAtIDIwMDiC
+CQCj2kJ+pLGu2jAOBgNVHQ8BAf8EBAMCAQYwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUH
+AgEWHGh0dHA6Ly9wb2xpY3kuY2FtZXJmaXJtYS5jb20wDQYJKoZIhvcNAQEFBQADggIBAJASryI1
+wqM58C7e6bXpeHxIvj99RZJe6dqxGfwWPJ+0W2aeaufDuV2I6A+tzyMP3iU6XsxPpcG1Lawk0lgH
+3qLPaYRgM+gQDROpI9CF5Y57pp49chNyM/WqfcZjHwj0/gF/JM8rLFQJ3uIrbZLGOU8W6jx+ekbU
+RWpGqOt1glanq6B8aBMz9p0w8G8nOSQjKpD9kCk18pPfNKXG9/jvjA9iSnyu0/VU+I22mlaHFoI6
+M6taIgj3grrqLuBHmrS1RaMFO9ncLkVAO+rcf+g769HsJtg1pDDFOqxXnrN2pSB7+R5KBWIBpih1
+YJeSDW4+TTdDDZIVnBgizVGZoCkaPF+KMjNbMMeJL0eYD6MDxvbxrN8y8NmBGuScvfaAFPDRLLmF
+9dijscilIeUcE5fuDr3fKanvNFNb0+RqE4QGtjICxFKuItLcsiFCGtpA8CnJ7AoMXOLQusxI0zcK
+zBIKinmwPQN/aUv0NCB9szTqjktk9T79syNnFQ0EuPAtwQlRPLJsFfClI9eDdOTlLsn+mCdCxqvG
+nrDQWzilm1DefhiYtUU79nm06PcaewaD+9CL2rvHvRirCG88gGtAPxkZumWK5r7VXNM21+9AUiRg
+OGcEMeyP84LG3rlV8zsxkVrctQgVrXYlCg17LofiDKYGvCYQbTed7N14jHyAxfDZd0jQ
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert055.pem b/test/rules/platform_certs/default/cert055.pem
new file mode 100644
index 000000000000..45aa496004c0
--- /dev/null
+++ b/test/rules/platform_certs/default/cert055.pem
@@ -0,0 +1,36 @@
+Global Chambersign Root - 2008
+-----BEGIN CERTIFICATE-----
+MIIHSTCCBTGgAwIBAgIJAMnN0+nVfSPOMA0GCSqGSIb3DQEBBQUAMIGsMQswCQYDVQQGEwJFVTFD
+MEEGA1UEBxM6TWFkcmlkIChzZWUgY3VycmVudCBhZGRyZXNzIGF0IHd3dy5jYW1lcmZpcm1hLmNv
+bS9hZGRyZXNzKTESMBAGA1UEBRMJQTgyNzQzMjg3MRswGQYDVQQKExJBQyBDYW1lcmZpcm1hIFMu
+QS4xJzAlBgNVBAMTHkdsb2JhbCBDaGFtYmVyc2lnbiBSb290IC0gMjAwODAeFw0wODA4MDExMjMx
+NDBaFw0zODA3MzExMjMxNDBaMIGsMQswCQYDVQQGEwJFVTFDMEEGA1UEBxM6TWFkcmlkIChzZWUg
+Y3VycmVudCBhZGRyZXNzIGF0IHd3dy5jYW1lcmZpcm1hLmNvbS9hZGRyZXNzKTESMBAGA1UEBRMJ
+QTgyNzQzMjg3MRswGQYDVQQKExJBQyBDYW1lcmZpcm1hIFMuQS4xJzAlBgNVBAMTHkdsb2JhbCBD
+aGFtYmVyc2lnbiBSb290IC0gMjAwODCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMDf
+VtPkOpt2RbQT2//BthmLN0EYlVJH6xedKYiONWwGMi5HYvNJBL99RDaxccy9Wglz1dmFRP+RVyXf
+XjaOcNFccUMd2drvXNL7G706tcuto8xEpw2uIRU/uXpbknXYpBI4iRmKt4DS4jJvVpyR1ogQC7N0
+ZJJ0YPP2zxhPYLIj0Mc7zmFLmY/CDNBAspjcDahOo7kKrmCgrUVSY7pmvWjg+b4aqIG7HkF4ddPB
+/gBVsIdU6CeQNR1MM62X/JcumIS/LMmjv9GYERTtY/jKmIhYF5ntRQOXfjyGHoiMvvKRhI9lNNgA
+TH23MRdaKXoKGCQwoze1eqkBfSbW+Q6OWfH9GzO1KTsXO0G2Id3UwD2ln58fQ1DJu7xsepeY7s2M
+H/ucUa6LcL0nn3HAa6x9kGbo1106DbDVwo3VyJ2dwW3Q0L9R5OP4wzg2rtandeavhENdk5IMagfe
+Ox2YItaswTXbo6Al/3K1dh3ebeksZixShNBFks4c5eUzHdwHU1SjqoI7mjcv3N2gZOnm3b2u/GSF
+HTynyQbehP9r6GsaPMWis0L7iwk+XwhSx2LE1AVxv8Rk5Pihg+g+EpuoHtQ2TS9x9o0o9oOpE9Jh
+wZG7SMA0j0GMS0zbaRL/UJScIINZc+18ofLx/d33SdNDWKBWY8o9PeU1VlnpDsogzCtLkykPAgMB
+AAGjggFqMIIBZjASBgNVHRMBAf8ECDAGAQH/AgEMMB0GA1UdDgQWBBS5CcqcHtvTbDprru1U8VuT
+BjUuXjCB4QYDVR0jBIHZMIHWgBS5CcqcHtvTbDprru1U8VuTBjUuXqGBsqSBrzCBrDELMAkGA1UE
+BhMCRVUxQzBBBgNVBAcTOk1hZHJpZCAoc2VlIGN1cnJlbnQgYWRkcmVzcyBhdCB3d3cuY2FtZXJm
+aXJtYS5jb20vYWRkcmVzcykxEjAQBgNVBAUTCUE4Mjc0MzI4NzEbMBkGA1UEChMSQUMgQ2FtZXJm
+aXJtYSBTLkEuMScwJQYDVQQDEx5HbG9iYWwgQ2hhbWJlcnNpZ24gUm9vdCAtIDIwMDiCCQDJzdPp
+1X0jzjAOBgNVHQ8BAf8EBAMCAQYwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUHAgEWHGh0
+dHA6Ly9wb2xpY3kuY2FtZXJmaXJtYS5jb20wDQYJKoZIhvcNAQEFBQADggIBAICIf3DekijZBZRG
+/5BXqfEv3xoNa/p8DhxJJHkn2EaqbylZUohwEurdPfWbU1Rv4WCiqAm57OtZfMY18dwY6fFn5a+6
+ReAJ3spED8IXDneRRXozX1+WLGiLwUePmJs9wOzL9dWCkoQ10b42OFZyMVtHLaoXpGNR6woBrX/s
+dZ7LoR/xfxKxueRkf2fWIyr0uDldmOghp+G9PUIadJpwr2hsUF1Jz//7Dl3mLEfXgTpZALVza2Mg
+9jFFCDkO9HB+QHBaP9BrQql0PSgvAm11cpUJjUhjxsYjV5KTXjXBjfkK9yydYhz2rXzdpjEetrHH
+foUm+qRqtdpjMNHvkzeyZi99Bffnt0uYlDXA2TopwZ2yUDMdSqlapskD7+3056huirRXhOukP9Du
+qqqHW2Pok+JrqNS4cnhrG+055F3Lm6qH1U9OAP7Zap88MQ8oAgF9mOinsKJknnn4SPIVqczmyETr
+P3iZ8ntxPjzxmKfFGBI/5rsoM0LpRQp8bfKGeS/Fghl9CYl8slR2iK7ewfPM4W7bMdaTrpmg7yVq
+c5iJWzouE4gev8CSlDQb4ye3ix5vQv/n6TebUB0tovkC7stYWDpxvGjjqsGvHCgfotwjZT+B6q6Z
+09gwzxMNTxXJhLynSC34MCN32EZLeW32jO06f2ARePTpm67VVMB0gNELQp/B
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert056.pem b/test/rules/platform_certs/default/cert056.pem
new file mode 100644
index 000000000000..f95b11bf2c15
--- /dev/null
+++ b/test/rules/platform_certs/default/cert056.pem
@@ -0,0 +1,20 @@
+Go Daddy Root Certificate Authority - G2
+-----BEGIN CERTIFICATE-----
+MIIDxTCCAq2gAwIBAgIBADANBgkqhkiG9w0BAQsFADCBgzELMAkGA1UEBhMCVVMxEDAOBgNVBAgT
+B0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoTEUdvRGFkZHkuY29tLCBJbmMu
+MTEwLwYDVQQDEyhHbyBEYWRkeSBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5
+MDkwMTAwMDAwMFoXDTM3MTIzMTIzNTk1OVowgYMxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6
+b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjExMC8G
+A1UEAxMoR28gRGFkZHkgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAL9xYgjx+lk09xvJGKP3gElY6SKDE6bFIEMBO4Tx5oVJnyfq
+9oQbTqC023CYxzIBsQU+B07u9PpPL1kwIuerGVZr4oAH/PMWdYA5UXvl+TW2dE6pjYIT5LY/qQOD
++qK+ihVqf94Lw7YZFAXK6sOoBJQ7RnwyDfMAZiLIjWltNowRGLfTshxgtDj6AozO091GB94KPutd
+fMh8+7ArU6SSYmlRJQVhGkSBjCypQ5Yj36w6gZoOKcUcqeldHraenjAKOc7xiID7S13MMuyFYkMl
+NAJWJwGRtDtwKj9useiciAF9n9T521NtYJ2/LOdYq7hfRvzOxBsDPAnrSTFcaUaz4EcCAwEAAaNC
+MEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFDqahQcQZyi27/a9
+BUFuIMGU2g/eMA0GCSqGSIb3DQEBCwUAA4IBAQCZ21151fmXWWcDYfF+OwYxdS2hII5PZYe096ac
+vNjpL9DbWu7PdIxztDhC2gV7+AJ1uP2lsdeu9tfeE8tTEH6KRtGX+rcuKxGrkLAngPnon1rpN5+r
+5N9ss4UXnT3ZJE95kTXWXwTrgIOrmgIttRD02JDHBHNA7XIloKmf7J6raBKZV8aPEjoJpL1E/QYV
+N8Gb5DKj7Tjo2GTzLH4U/ALqn83/B2gX2yKQOC16jdFU8WnjXzPKej17CuPKf1855eJ1usV2GDPO
+LPAvTK33sefOT6jEm0pUBsV/fdUID+Ic/n4XuKxe9tQWskMJDE32p2u0mYRlynqI4uJEvlz36hz1
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert057.pem b/test/rules/platform_certs/default/cert057.pem
new file mode 100644
index 000000000000..7d2fb3afa6a5
--- /dev/null
+++ b/test/rules/platform_certs/default/cert057.pem
@@ -0,0 +1,21 @@
+Starfield Root Certificate Authority - G2
+-----BEGIN CERTIFICATE-----
+MIID3TCCAsWgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMCVVMxEDAOBgNVBAgT
+B0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoTHFN0YXJmaWVsZCBUZWNobm9s
+b2dpZXMsIEluYy4xMjAwBgNVBAMTKVN0YXJmaWVsZCBSb290IENlcnRpZmljYXRlIEF1dGhvcml0
+eSAtIEcyMB4XDTA5MDkwMTAwMDAwMFoXDTM3MTIzMTIzNTk1OVowgY8xCzAJBgNVBAYTAlVTMRAw
+DgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxTdGFyZmllbGQg
+VGVjaG5vbG9naWVzLCBJbmMuMTIwMAYDVQQDEylTdGFyZmllbGQgUm9vdCBDZXJ0aWZpY2F0ZSBB
+dXRob3JpdHkgLSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL3twQP89o/8ArFv
+W59I2Z154qK3A2FWGMNHttfKPTUuiUP3oWmb3ooa/RMgnLRJdzIpVv257IzdIvpy3Cdhl+72WoTs
+bhm5iSzchFvVdPtrX8WJpRBSiUZV9Lh1HOZ/5FSuS/hVclcCGfgXcVnrHigHdMWdSL5stPSksPNk
+N3mSwOxGXn/hbVNMYq/NHwtjuzqd+/x5AJhhdM8mgkBj87JyahkNmcrUDnXMN/uLicFZ8WJ/X7Nf
+ZTD4p7dNdloedl40wOiWVpmKs/B/pM293DIxfJHP4F8R+GuqSVzRmZTRouNjWwl2tVZi4Ut0HZbU
+JtQIBFnQmA4O5t78w+wfkPECAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC
+AQYwHQYDVR0OBBYEFHwMMh+n2TB/xH1oo2Kooc6rB1snMA0GCSqGSIb3DQEBCwUAA4IBAQARWfol
+TwNvlJk7mh+ChTnUdgWUXuEok21iXQnCoKjUsHU48TRqneSfioYmUeYs0cYtbpUgSpIB7LiKZ3sx
+4mcujJUDJi5DnUox9g61DLu34jd/IroAow57UvtruzvE03lRTs2Q9GcHGcg8RnoNAX3FWOdt5oUw
+F5okxBDgBPfg8n/Uqgr/Qh037ZTlZFkSIHc40zI+OIF1lnP6aI+xy84fxez6nH7PfrHxBy22/L/K
+pL/QlwVKvOoYKAKQvVR4CSFx09F9HdkWsKlhPdAKACL8x3vLCWRFCztAgfd9fDL1mMpYjn0q7pBZ
+c2T5NnReJaH1ZgUufzkVqSr7UIuOhWn0
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert058.pem b/test/rules/platform_certs/default/cert058.pem
new file mode 100644
index 000000000000..a575ff262332
--- /dev/null
+++ b/test/rules/platform_certs/default/cert058.pem
@@ -0,0 +1,21 @@
+Starfield Services Root Certificate Authority - G2
+-----BEGIN CERTIFICATE-----
+MIID7zCCAtegAwIBAgIBADANBgkqhkiG9w0BAQsFADCBmDELMAkGA1UEBhMCVVMxEDAOBgNVBAgT
+B0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoTHFN0YXJmaWVsZCBUZWNobm9s
+b2dpZXMsIEluYy4xOzA5BgNVBAMTMlN0YXJmaWVsZCBTZXJ2aWNlcyBSb290IENlcnRpZmljYXRl
+IEF1dGhvcml0eSAtIEcyMB4XDTA5MDkwMTAwMDAwMFoXDTM3MTIzMTIzNTk1OVowgZgxCzAJBgNV
+BAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxT
+dGFyZmllbGQgVGVjaG5vbG9naWVzLCBJbmMuMTswOQYDVQQDEzJTdGFyZmllbGQgU2VydmljZXMg
+Um9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBANUMOsQq+U7i9b4Zl1+OiFOxHz/Lz58gE20pOsgPfTz3a3Y4Y9k2YKibXlwAgLIvWX/2
+h/klQ4bnaRtSmpDhcePYLQ1Ob/bISdm28xpWriu2dBTrz/sm4xq6HZYuajtYlIlHVv8loJNwU4Pa
+hHQUw2eeBGg6345AWh1KTs9DkTvnVtYAcMtS7nt9rjrnvDH5RfbCYM8TWQIrgMw0R9+53pBlbQLP
+LJGmpufehRhJfGZOozptqbXuNC66DQO4M99H67FrjSXZm86B0UVGMpZwh94CDklDhbZsc7tk6mFB
+rMnUVN+HL8cisibMn1lUaJ/8viovxFUcdUBgF4UCVTmLfwUCAwEAAaNCMEAwDwYDVR0TAQH/BAUw
+AwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFJxfAN+qAdcwKziIorhtSpzyEZGDMA0GCSqG
+SIb3DQEBCwUAA4IBAQBLNqaEd2ndOxmfZyMIbw5hyf2E3F/YNoHN2BtBLZ9g3ccaaNnRbobhiCPP
+E95Dz+I0swSdHynVv/heyNXBve6SbzJ08pGCL72CQnqtKrcgfU28elUSwhXqvfdqlS5sdJ/PHLTy
+xQGjhdByPq1zqwubdQxtRbeOlKyWN7Wg0I8VRw7j6IPdj/3vQQF3zCepYoUz8jcI73HPdwbeyBkd
+iEDPfUYd/x7H4c7/I9vG+o1VTqkC50cRRj70/b17KSa7qWFiNyi2LSr2EIZkyXCn0q23KXB56jza
+YyWf/Wi3MOxw+3WKt21gZ7IeyLnp2KhvAotnDU0mV3HaIPzBSlCNsSi6
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert059.pem b/test/rules/platform_certs/default/cert059.pem
new file mode 100644
index 000000000000..0ea335ce36a7
--- /dev/null
+++ b/test/rules/platform_certs/default/cert059.pem
@@ -0,0 +1,18 @@
+AffirmTrust Commercial
+-----BEGIN CERTIFICATE-----
+MIIDTDCCAjSgAwIBAgIId3cGJyapsXwwDQYJKoZIhvcNAQELBQAwRDELMAkGA1UEBhMCVVMxFDAS
+BgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVzdCBDb21tZXJjaWFsMB4XDTEw
+MDEyOTE0MDYwNloXDTMwMTIzMTE0MDYwNlowRDELMAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmly
+bVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVzdCBDb21tZXJjaWFsMIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEA9htPZwcroRX1BiLLHwGy43NFBkRJLLtJJRTWzsO3qyxPxkEylFf6Eqdb
+DuKPHx6GGaeqtS25Xw2Kwq+FNXkyLbscYjfysVtKPcrNcV/pQr6U6Mje+SJIZMblq8Yrba0F8PrV
+C8+a5fBQpIs7R6UjW3p6+DM/uO+Zl+MgwdYoic+U+7lF7eNAFxHUdPALMeIrJmqbTFeurCA+ukV6
+BfO9m2kVrn1OIGPENXY6BwLJN/3HR+7o8XYdcxXyl6S1yHp52UKqK39c/s4mT6NmgTWvRLpUHhww
+MmWd5jyTXlBOeuM61G7MGvv50jeuJCqrVwMiKA1JdX+3KNp1v47j3A55MQIDAQABo0IwQDAdBgNV
+HQ4EFgQUnZPGU4teyq8/nx4P5ZmVvCT2lI8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC
+AQYwDQYJKoZIhvcNAQELBQADggEBAFis9AQOzcAN/wr91LoWXym9e2iZWEnStB03TX8nfUYGXUPG
+hi4+c7ImfU+TqbbEKpqrIZcUsd6M06uJFdhrJNTxFq7YpFzUf1GO7RgBsZNjvbz4YYCanrHOQnDi
+qX0GJX0nof5v7LMeJNrjS1UaADs1tDvZ110w/YETifLCBivtZ8SOyUOyXGsViQK8YvxO8rUzqrJv
+0wqiUOP2O+guRMLbZjipM1ZI8W0bM40NjD9gN53Tym1+NH4Nn3J2ixufcv1SNUFFApYvHLKac0kh
+sUlHRUe072o0EclNmsxZt9YCnlpOZbWUrhvfKbAW8b8Angc6F2S1BLUjIZkKlTuXfO8=
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert060.pem b/test/rules/platform_certs/default/cert060.pem
new file mode 100644
index 000000000000..d19d4d329d30
--- /dev/null
+++ b/test/rules/platform_certs/default/cert060.pem
@@ -0,0 +1,18 @@
+AffirmTrust Networking
+-----BEGIN CERTIFICATE-----
+MIIDTDCCAjSgAwIBAgIIfE8EORzUmS0wDQYJKoZIhvcNAQEFBQAwRDELMAkGA1UEBhMCVVMxFDAS
+BgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVzdCBOZXR3b3JraW5nMB4XDTEw
+MDEyOTE0MDgyNFoXDTMwMTIzMTE0MDgyNFowRDELMAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmly
+bVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVzdCBOZXR3b3JraW5nMIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEAtITMMxcua5Rsa2FSoOujz3mUTOWUgJnLVWREZY9nZOIG41w3SfYvm4SE
+Hi3yYJ0wTsyEheIszx6e/jarM3c1RNg1lho9Nuh6DtjVR6FqaYvZ/Ls6rnla1fTWcbuakCNrmreI
+dIcMHl+5ni36q1Mr3Lt2PpNMCAiMHqIjHNRqrSK6mQEubWXLviRmVSRLQESxG9fhwoXA3hA/Pe24
+/PHxI1Pcv2WXb9n5QHGNfb2V1M6+oF4nI979ptAmDgAp6zxG8D1gvz9Q0twmQVGeFDdCBKNwV6gb
+h+0t+nvujArjqWaJGctB+d1ENmHP4ndGyH329JKBNv3bNPFyfvMMFr20FQIDAQABo0IwQDAdBgNV
+HQ4EFgQUBx/S55zawm6iQLSwelAQUHTEyL0wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC
+AQYwDQYJKoZIhvcNAQEFBQADggEBAIlXshZ6qML91tmbmzTCnLQyFE2npN/svqe++EPbkTfOtDIu
+UFUaNU52Q3Eg75N3ThVwLofDwR1t3Mu1J9QsVtFSUzpE0nPIxBsFZVpikpzuQY0x2+c06lkh1QF6
+12S4ZDnNye2v7UsDSKegmQGA3GWjNq5lWUhPgkvIZfFXHeVZLgo/bNjR9eUJtGxUAArgFU2HdW23
+WJZa3W3SAKD0m0i+wzekujbgfIeFlxoVot4uolu9rxj5kFDNcFn4J2dHy8egBzp90SxdbBk6ZrV9
+/ZFvgrG+CJPbFEfxojfHRZ48x3evZKiT3/Zpg4Jg8klCNO1aAFSFHBY2kgxc+qatv9s=
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert061.pem b/test/rules/platform_certs/default/cert061.pem
new file mode 100644
index 000000000000..be39ab5951bd
--- /dev/null
+++ b/test/rules/platform_certs/default/cert061.pem
@@ -0,0 +1,27 @@
+AffirmTrust Premium
+-----BEGIN CERTIFICATE-----
+MIIFRjCCAy6gAwIBAgIIbYwURrGmCu4wDQYJKoZIhvcNAQEMBQAwQTELMAkGA1UEBhMCVVMxFDAS
+BgNVBAoMC0FmZmlybVRydXN0MRwwGgYDVQQDDBNBZmZpcm1UcnVzdCBQcmVtaXVtMB4XDTEwMDEy
+OTE0MTAzNloXDTQwMTIzMTE0MTAzNlowQTELMAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRy
+dXN0MRwwGgYDVQQDDBNBZmZpcm1UcnVzdCBQcmVtaXVtMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A
+MIICCgKCAgEAxBLfqV/+Qd3d9Z+K4/as4Tx4mrzY8H96oDMq3I0gW64tb+eT2TZwamjPjlGjhVtn
+BKAQJG9dKILBl1fYSCkTtuG+kU3fhQxTGJoeJKJPj/CihQvL9Cl/0qRY7iZNyaqoe5rZ+jjeRFcV
+5fiMyNlI4g0WJx0eyIOFJbe6qlVBzAMiSy2RjYvmia9mx+n/K+k8rNrSs8PhaJyJ+HoAVt70VZVs
++7pk3WKL3wt3MutizCaam7uqYoNMtAZ6MMgpv+0GTZe5HMQxK9VfvFMSF5yZVylmd2EhMQcuJUmd
+GPLu8ytxjLW6OQdJd/zvLpKQBY0tL3d770O/Nbua2Plzpyzy0FfuKE4mX4+QaAkvuPjcBukumj5R
+p9EixAqnOEhss/n/fauGV+O61oV4d7pD6kh/9ti+I20ev9E2bFhc8e6kGVQa9QPSdubhjL08s9NI
+S+LI+H+SqHZGnEJlPqQewQcDWkYtuJfzt9WyVSHvutxMAJf7FJUnM7/oQ0dG0giZFmA7mn7S5u04
+6uwBHjxIVkkJx0w3AJ6IDsBz4W9m6XJHMD4Q5QsDyZpCAGzFlH5hxIrff4IaC1nEWTJ3s7xgaVY5
+/bQGeyzWZDbZvUjthB9+pSKPKrhC9IK31FOQeE4tGv2Bb0TXOwF0lkLgAOIua+rF7nKsu7/+6qqo
++Nz2snmKtmcCAwEAAaNCMEAwHQYDVR0OBBYEFJ3AZ6YMItkm9UWrpmVSESfYRaxjMA8GA1UdEwEB
+/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBDAUAA4ICAQCzV00QYk465KzquByv
+MiPIs0laUZx2KI15qldGF9X1Uva3ROgIRL8YhNILgM3FEv0AVQVhh0HctSSePMTYyPtwni94loMg
+Nt58D2kTiKV1NpgIpsbfrM7jWNa3Pt668+s0QNiigfV4Py/VpfzZotReBA4Xrf5B8OWycvpEgjNC
+6C1Y91aMYj+6QrCcDFx+LmUmXFNPALJ4fqENmS2NuB2OosSw/WDQMKSOyARiqcTtNd56l+0OOF6S
+L5Nwpamcb6d9Ex1+xghIsV5n61EIJenmJWtSKZGc0jlzCFfemQa0W50QBuHCAKi4HEoCChTQwUHK
++4w1IX2COPKpVJEZNZOUbWo6xbLQu4mGk+ibyQ86p3q4ofB4Rvr8Ny/lioTz3/4E2aFooC8k4gmV
+BtWVyuEklut89pMFu+1z6S3RdTnX5yTb2E5fQ4+e0BQ5v1VwSJlXMbSc7kqYA5YwH2AG7hsj/oFg
+IxpHYoWlzBk0gG+zrBrjn/B7SK3VAdlntqlyk+otZrWyuOQ9PLLvTIzq6we/qzWaVYa8GKa1qF60
+g2xraUDTn9zxw2lrueFtCfTxqlB2Cnp9ehehVZZCmTEJ3WARjQUwfuaORtGdFNrHF+QFlozEJLUb
+zxQHskD4o55BhrwE0GuWyCqANP2/7waj3VjFhT0+j/6eKeC2uAloGRwYQw==
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert062.pem b/test/rules/platform_certs/default/cert062.pem
new file mode 100644
index 000000000000..10562b05e1e0
--- /dev/null
+++ b/test/rules/platform_certs/default/cert062.pem
@@ -0,0 +1,13 @@
+AffirmTrust Premium ECC
+-----BEGIN CERTIFICATE-----
+MIIB/jCCAYWgAwIBAgIIdJclisc/elQwCgYIKoZIzj0EAwMwRTELMAkGA1UEBhMCVVMxFDASBgNV
+BAoMC0FmZmlybVRydXN0MSAwHgYDVQQDDBdBZmZpcm1UcnVzdCBQcmVtaXVtIEVDQzAeFw0xMDAx
+MjkxNDIwMjRaFw00MDEyMzExNDIwMjRaMEUxCzAJBgNVBAYTAlVTMRQwEgYDVQQKDAtBZmZpcm1U
+cnVzdDEgMB4GA1UEAwwXQWZmaXJtVHJ1c3QgUHJlbWl1bSBFQ0MwdjAQBgcqhkjOPQIBBgUrgQQA
+IgNiAAQNMF4bFZ0D0KF5Nbc6PJJ6yhUczWLznCZcBz3lVPqj1swS6vQUX+iOGasvLkjmrBhDeKzQ
+N8O9ss0s5kfiGuZjuD0uL3jET9v0D6RoTFVya5UdThhClXjMNzyR4ptlKymjQjBAMB0GA1UdDgQW
+BBSaryl6wBE1NSZRMADDav5A1a7WPDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAK
+BggqhkjOPQQDAwNnADBkAjAXCfOHiFBar8jAQr9HX/VsaobgxCd05DhT1wV/GzTjxi+zygk8N53X
+57hG8f2h4nECMEJZh0PUUd+60wkyWs6Iflc9nF9Ca/UHLbXwgpP5WW+uZPpY5Yse42O+tYHNbwKM
+eQ==
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert063.pem b/test/rules/platform_certs/default/cert063.pem
new file mode 100644
index 000000000000..35cdfeebd2f9
--- /dev/null
+++ b/test/rules/platform_certs/default/cert063.pem
@@ -0,0 +1,20 @@
+Certum Trusted Network CA
+-----BEGIN CERTIFICATE-----
+MIIDuzCCAqOgAwIBAgIDBETAMA0GCSqGSIb3DQEBBQUAMH4xCzAJBgNVBAYTAlBMMSIwIAYDVQQK
+ExlVbml6ZXRvIFRlY2hub2xvZ2llcyBTLkEuMScwJQYDVQQLEx5DZXJ0dW0gQ2VydGlmaWNhdGlv
+biBBdXRob3JpdHkxIjAgBgNVBAMTGUNlcnR1bSBUcnVzdGVkIE5ldHdvcmsgQ0EwHhcNMDgxMDIy
+MTIwNzM3WhcNMjkxMjMxMTIwNzM3WjB+MQswCQYDVQQGEwJQTDEiMCAGA1UEChMZVW5pemV0byBU
+ZWNobm9sb2dpZXMgUy5BLjEnMCUGA1UECxMeQ2VydHVtIENlcnRpZmljYXRpb24gQXV0aG9yaXR5
+MSIwIAYDVQQDExlDZXJ0dW0gVHJ1c3RlZCBOZXR3b3JrIENBMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEA4/t9o3K6wvDJFIf1awFO4W5AB7ptJ11/91sts1rHUV+rpDKmYYe2bg+G0jAC
+l/jXaVehGDldamR5xgFZrDwxSjh80gTSSyjoIF87B6LMTXPb865Px1bVWqeWifrzq2jUI4ZZJ88J
+J7ysbnKDHDBy3+Ci6dLhdHUZvSqeexVUBBvXQzmtVSjF4hq79MDkrjhJM8x2hZ85RdKknvISjFH4
+fOQtf/WsX+sWn7Et0brMkUJ3TCXJkDhv2/DM+44el1k+1WBO5gUo7Ul5E0u6SNsv+XLTOcr+H9g0
+cvW0QM8xAcPs3hEtF10fuFDRXhmnad4HMyjKUJX5p1TLVIZQRan5SQIDAQABo0IwQDAPBgNVHRMB
+Af8EBTADAQH/MB0GA1UdDgQWBBQIds3LB/8k9sXN7buQvOKEN0Z19zAOBgNVHQ8BAf8EBAMCAQYw
+DQYJKoZIhvcNAQEFBQADggEBAKaorSLOAT2mo/9i0Eidi15ysHhE49wcrwn9I0j6vSrEuVUEtRCj
+jSfeC4Jj0O7eDDd5QVsisrCaQVymcODU0HfLI9MA4GxWL+FpDQ3Zqr8hgVDZBqWo/5U30Kr+4rP1
+mS1FhIrlQgnXdAIv94nYmem8J9RHjboNRhx3zxSkHLmkMcScKHQDNP8zGSal6Q10tz6XxnboJ5aj
+Zt3hrvJBW8qYVoNzcOSGGtIxQbovvi0TWnZvTuhOgQ4/WwMioBK+ZlgRSssDxLQqKi2WF+A5VLxI
+03YnnZotBqbJ7DnSq9ufmgsnAjUpsUCV5/nonFWIGUbWtzT1fs45mtk48VH3Tyw=
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert064.pem b/test/rules/platform_certs/default/cert064.pem
new file mode 100644
index 000000000000..cc44be1d013d
--- /dev/null
+++ b/test/rules/platform_certs/default/cert064.pem
@@ -0,0 +1,19 @@
+TWCA Root Certification Authority
+-----BEGIN CERTIFICATE-----
+MIIDezCCAmOgAwIBAgIBATANBgkqhkiG9w0BAQUFADBfMQswCQYDVQQGEwJUVzESMBAGA1UECgwJ
+VEFJV0FOLUNBMRAwDgYDVQQLDAdSb290IENBMSowKAYDVQQDDCFUV0NBIFJvb3QgQ2VydGlmaWNh
+dGlvbiBBdXRob3JpdHkwHhcNMDgwODI4MDcyNDMzWhcNMzAxMjMxMTU1OTU5WjBfMQswCQYDVQQG
+EwJUVzESMBAGA1UECgwJVEFJV0FOLUNBMRAwDgYDVQQLDAdSb290IENBMSowKAYDVQQDDCFUV0NB
+IFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQCwfnK4pAOU5qfeCTiRShFAh6d8WWQUe7UREN3+v9XAu1bihSX0NXIP+FPQQeFEAcK0HMMx
+QhZHhTMidrIKbw/lJVBPhYa+v5guEGcevhEFhgWQxFnQfHgQsIBct+HHK3XLfJ+utdGdIzdjp9xC
+oi2SBBtQwXu4PhvJVgSLL1KbralW6cH/ralYhzC2gfeXRfwZVzsrb+RH9JlF/h3x+JejiB03HFyP
+4HYlmlD4oFT/RJB2I9IyxsOrBr/8+7/zrX2SYgJbKdM1o5OaQ2RgXbL6Mv87BK9NQGr5x+PvI/1r
+y+UPizgN7gr8/g+YnzAx3WxSZfmLgb4i4RxYA7qRG4kHAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIB
+BjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRqOFsmjd6LWvJPelSDGRjjCDWmujANBgkqhkiG
+9w0BAQUFAAOCAQEAPNV3PdrfibqHDAhUaiBQkr6wQT25JmSDCi/oQMCXKCeCMErJk/9q56YAf4lC
+mtYR5VPOL8zy2gXE/uJQxDqGfczafhAJO5I1KlOy/usrBdlsXebQ79NqZp4VKIV66IIArB6nCWlW
+QtNoURi+VJq/REG6Sb4gumlc7rh3zc5sH62Dlhh9DrUUOYTxKOkto557HnpyWoOzeW/vtPzQCqVY
+T0bf+215WfKEIlKuD8z7fDvnaspHYcN6+NOSBB+4IIThNlQWx0DeO4pz3N/GCUzf7Nr/1FNCocny
+Yh0igzyXxfkZYiesZSLX0zzG5Y6yU8xJzrww/nsOM5D77dIUkR8Hrw==
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert065.pem b/test/rules/platform_certs/default/cert065.pem
new file mode 100644
index 000000000000..b2a190c2cd1a
--- /dev/null
+++ b/test/rules/platform_certs/default/cert065.pem
@@ -0,0 +1,19 @@
+Security Communication RootCA2
+-----BEGIN CERTIFICATE-----
+MIIDdzCCAl+gAwIBAgIBADANBgkqhkiG9w0BAQsFADBdMQswCQYDVQQGEwJKUDElMCMGA1UEChMc
+U0VDT00gVHJ1c3QgU3lzdGVtcyBDTy4sTFRELjEnMCUGA1UECxMeU2VjdXJpdHkgQ29tbXVuaWNh
+dGlvbiBSb290Q0EyMB4XDTA5MDUyOTA1MDAzOVoXDTI5MDUyOTA1MDAzOVowXTELMAkGA1UEBhMC
+SlAxJTAjBgNVBAoTHFNFQ09NIFRydXN0IFN5c3RlbXMgQ08uLExURC4xJzAlBgNVBAsTHlNlY3Vy
+aXR5IENvbW11bmljYXRpb24gUm9vdENBMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+ANAVOVKxUrO6xVmCxF1SrjpDZYBLx/KWvNs2l9amZIyoXvDjChz335c9S672XewhtUGrzbl+dp++
++T42NKA7wfYxEUV0kz1XgMX5iZnK5atq1LXaQZAQwdbWQonCv/Q4EpVMVAX3NuRFg3sUZdbcDE3R
+3n4MqzvEFb46VqZab3ZpUql6ucjrappdUtAtCms1FgkQhNBqyjoGADdH5H5XTz+L62e4iKrFvlNV
+spHEfbmwhRkGeC7bYRr6hfVKkaHnFtWOojnflLhwHyg/i/xAXmODPIMqGplrz95Zajv8bxbXH/1K
+EOtOghY6rCcMU/Gt1SSwawNQwS08Ft1ENCcadfsCAwEAAaNCMEAwHQYDVR0OBBYEFAqFqXdlBZh8
+QIH4D5csOPEK7DzPMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEB
+CwUAA4IBAQBMOqNErLlFsceTfsgLCkLfZOoc7llsCLqJX2rKSpWeeo8HxdpFcoJxDjrSzG+ntKEj
+u/Ykn8sX/oymzsLS28yN/HH8AynBbF0zX2S2ZTuJbxh2ePXcokgfGT+Ok+vx+hfuzU7jBBJV1uXk
+3fs+BXziHV7Gp7yXT2g69ekuCkO2r1dcYmh8t/2jioSgrGK+KwmHNPBqAbubKVY8/gA3zyNs8U6q
+tnRGEmyR7jTV7JqR50S+kDFy1UkC9gLl9B/rfNmWVan/7Ir5mUf/NVoCqgTLiluHcSmRvaS0eg29
+mvVXIwAHIRc/SjnRBUkLp7Y3gaVdjKozXoEofKd9J+sAro03
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert066.pem b/test/rules/platform_certs/default/cert066.pem
new file mode 100644
index 000000000000..3b91dfb65701
--- /dev/null
+++ b/test/rules/platform_certs/default/cert066.pem
@@ -0,0 +1,28 @@
+EC-ACC
+-----BEGIN CERTIFICATE-----
+MIIFVjCCBD6gAwIBAgIQ7is969Qh3hSoYqwE893EATANBgkqhkiG9w0BAQUFADCB8zELMAkGA1UE
+BhMCRVMxOzA5BgNVBAoTMkFnZW5jaWEgQ2F0YWxhbmEgZGUgQ2VydGlmaWNhY2lvIChOSUYgUS0w
+ODAxMTc2LUkpMSgwJgYDVQQLEx9TZXJ2ZWlzIFB1YmxpY3MgZGUgQ2VydGlmaWNhY2lvMTUwMwYD
+VQQLEyxWZWdldSBodHRwczovL3d3dy5jYXRjZXJ0Lm5ldC92ZXJhcnJlbCAoYykwMzE1MDMGA1UE
+CxMsSmVyYXJxdWlhIEVudGl0YXRzIGRlIENlcnRpZmljYWNpbyBDYXRhbGFuZXMxDzANBgNVBAMT
+BkVDLUFDQzAeFw0wMzAxMDcyMzAwMDBaFw0zMTAxMDcyMjU5NTlaMIHzMQswCQYDVQQGEwJFUzE7
+MDkGA1UEChMyQWdlbmNpYSBDYXRhbGFuYSBkZSBDZXJ0aWZpY2FjaW8gKE5JRiBRLTA4MDExNzYt
+SSkxKDAmBgNVBAsTH1NlcnZlaXMgUHVibGljcyBkZSBDZXJ0aWZpY2FjaW8xNTAzBgNVBAsTLFZl
+Z2V1IGh0dHBzOi8vd3d3LmNhdGNlcnQubmV0L3ZlcmFycmVsIChjKTAzMTUwMwYDVQQLEyxKZXJh
+cnF1aWEgRW50aXRhdHMgZGUgQ2VydGlmaWNhY2lvIENhdGFsYW5lczEPMA0GA1UEAxMGRUMtQUND
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsyLHT+KXQpWIR4NA9h0X84NzJB5R85iK
+w5K4/0CQBXCHYMkAqbWUZRkiFRfCQ2xmRJoNBD45b6VLeqpjt4pEndljkYRm4CgPukLjbo73FCeT
+ae6RDqNfDrHrZqJyTxIThmV6PttPB/SnCWDaOkKZx7J/sxaVHMf5NLWUhdWZXqBIoH7nF2W4onW4
+HvPlQn2v7fOKSGRdghST2MDk/7NQcvJ29rNdQlB50JQ+awwAvthrDk4q7D7SzIKiGGUzE3eeml0a
+E9jD2z3Il3rucO2n5nzbcc8tlGLfbdb1OL4/pYUKGbio2Al1QnDE6u/LDsg0qBIimAy4E5S2S+zw
+0JDnJwIDAQABo4HjMIHgMB0GA1UdEQQWMBSBEmVjX2FjY0BjYXRjZXJ0Lm5ldDAPBgNVHRMBAf8E
+BTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUoMOLRKo3pUW/l4Ba0fF4opvpXY0wfwYD
+VR0gBHgwdjB0BgsrBgEEAfV4AQMBCjBlMCwGCCsGAQUFBwIBFiBodHRwczovL3d3dy5jYXRjZXJ0
+Lm5ldC92ZXJhcnJlbDA1BggrBgEFBQcCAjApGidWZWdldSBodHRwczovL3d3dy5jYXRjZXJ0Lm5l
+dC92ZXJhcnJlbCAwDQYJKoZIhvcNAQEFBQADggEBAKBIW4IB9k1IuDlVNZyAelOZ1Vr/sXE7zDkJ
+lF7W2u++AVtd0x7Y/X1PzaBB4DSTv8vihpw3kpBWHNzrKQXlxJ7HNd+KDM3FIUPpqojlNcAZQmNa
+Al6kSBg6hW/cnbw/nZzBh7h6YQjpdwt/cKt63dmXLGQehb+8dJahw3oS7AwaboMMPOhyRp/7SNVe
+l+axofjk70YllJyJ22k4vuxcDlbHZVHlUIiIv0LVKz3l+bqeLrPK9HOSAgu+TGbrIP65y7WZf+a2
+E/rKS03Z7lNGBjvGTq2TWoF+bCpLagVFjPIhpDGQh2xlnJ2lYJU6Un/10asIbvPuW/mIPX64b24D
+5EI=
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert067.pem b/test/rules/platform_certs/default/cert067.pem
new file mode 100644
index 000000000000..2ac1e6674f16
--- /dev/null
+++ b/test/rules/platform_certs/default/cert067.pem
@@ -0,0 +1,22 @@
+Hellenic Academic and Research Institutions RootCA 2011
+-----BEGIN CERTIFICATE-----
+MIIEMTCCAxmgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBlTELMAkGA1UEBhMCR1IxRDBCBgNVBAoT
+O0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgQ2VydC4gQXV0aG9y
+aXR5MUAwPgYDVQQDEzdIZWxsZW5pYyBBY2FkZW1pYyBhbmQgUmVzZWFyY2ggSW5zdGl0dXRpb25z
+IFJvb3RDQSAyMDExMB4XDTExMTIwNjEzNDk1MloXDTMxMTIwMTEzNDk1MlowgZUxCzAJBgNVBAYT
+AkdSMUQwQgYDVQQKEztIZWxsZW5pYyBBY2FkZW1pYyBhbmQgUmVzZWFyY2ggSW5zdGl0dXRpb25z
+IENlcnQuIEF1dGhvcml0eTFAMD4GA1UEAxM3SGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJlc2VhcmNo
+IEluc3RpdHV0aW9ucyBSb290Q0EgMjAxMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+AKlTAOMupvaO+mDYLZU++CwqVE7NuYRhlFhPjz2L5EPzdYmNUeTDN9KKiE15HrcS3UN4SoqS5tdI
+1Q+kOilENbgH9mgdVc04UfCMJDGFr4PJfel3r+0ae50X+bOdOFAPplp5kYCvN66m0zH7tSYJnTxa
+71HFK9+WXesyHgLacEnsbgzImjeN9/E2YEsmLIKe0HjzDQ9jpFEw4fkrJxIH2Oq9GGKYsFk3fb7u
+8yBRQlqD75O6aRXxYp2fmTmCobd0LovUxQt7L/DICto9eQqakxylKHJzkUOap9FNhYS5qXSPFEDH
+3N6sQWRstBmbAmNtJGSPRLIl6s5ddAxjMlyNh+UCAwEAAaOBiTCBhjAPBgNVHRMBAf8EBTADAQH/
+MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUppFC/RNhSiOeCKQp5dgTBCPuQSUwRwYDVR0eBEAwPqA8
+MAWCAy5ncjAFggMuZXUwBoIELmVkdTAGggQub3JnMAWBAy5ncjAFgQMuZXUwBoEELmVkdTAGgQQu
+b3JnMA0GCSqGSIb3DQEBBQUAA4IBAQAf73lB4XtuP7KMhjdCSk4cNx6NZrokgclPEg8hwAOXhiVt
+XdMiKahsog2p6z0GW5k6x8zDmjR/qw7IThzh+uTczQ2+vyT+bOdrwg3IBp5OjWEopmr95fZi6hg8
+TqBTnbI6nOulnJEWtk2C4AwFSKls9cz4y51JtPACpf1wA+2KIaWuE4ZJwzNzvoc7dIsXRSZMFpGD
+/md9zU1jZ/rzAxKWeAaNsWftjj++n08C9bMJL/NMh98qy5V8AcysNnq/onN694/BtZqhFLKPM58N
+7yLcZnuEvUUXBj08yrl3NI/K6s8/MT7jiOOASSXIl7WdmplNsDz4SgCbZN2fOUvRJ9e4
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert068.pem b/test/rules/platform_certs/default/cert068.pem
new file mode 100644
index 000000000000..c3f1c959e3f4
--- /dev/null
+++ b/test/rules/platform_certs/default/cert068.pem
@@ -0,0 +1,29 @@
+Actalis Authentication Root CA
+-----BEGIN CERTIFICATE-----
+MIIFuzCCA6OgAwIBAgIIVwoRl0LE48wwDQYJKoZIhvcNAQELBQAwazELMAkGA1UEBhMCSVQxDjAM
+BgNVBAcMBU1pbGFuMSMwIQYDVQQKDBpBY3RhbGlzIFMucC5BLi8wMzM1ODUyMDk2NzEnMCUGA1UE
+AwweQWN0YWxpcyBBdXRoZW50aWNhdGlvbiBSb290IENBMB4XDTExMDkyMjExMjIwMloXDTMwMDky
+MjExMjIwMlowazELMAkGA1UEBhMCSVQxDjAMBgNVBAcMBU1pbGFuMSMwIQYDVQQKDBpBY3RhbGlz
+IFMucC5BLi8wMzM1ODUyMDk2NzEnMCUGA1UEAwweQWN0YWxpcyBBdXRoZW50aWNhdGlvbiBSb290
+IENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAp8bEpSmkLO/lGMWwUKNvUTufClrJ
+wkg4CsIcoBh/kbWHuUA/3R1oHwiD1S0eiKD4j1aPbZkCkpAW1V8IbInX4ay8IMKx4INRimlNAJZa
+by/ARH6jDuSRzVju3PvHHkVH3Se5CAGfpiEd9UEtL0z9KK3giq0itFZljoZUj5NDKd45RnijMCO6
+zfB9E1fAXdKDa0hMxKufgFpbOr3JpyI/gCczWw63igxdBzcIy2zSekciRDXFzMwujt0q7bd9Zg1f
+YVEiVRvjRuPjPdA1YprbrxTIW6HMiRvhMCb8oJsfgadHHwTrozmSBp+Z07/T6k9QnBn+locePGX2
+oxgkg4YQ51Q+qDp2JE+BIcXjDwL4k5RHILv+1A7TaLndxHqEguNTVHnd25zS8gebLra8Pu2Fbe8l
+EfKXGkJh90qX6IuxEAf6ZYGyojnP9zz/GPvG8VqLWeICrHuS0E4UT1lF9gxeKF+w6D9Fz8+vm2/7
+hNN3WpVvrJSEnu68wEqPSpP4RCHiMUVhUE4Q2OM1fEwZtN4Fv6MGn8i1zeQf1xcGDXqVdFUNaBr8
+EBtiZJ1t4JWgw5QHVw0U5r0F+7if5t+L4sbnfpb2U8WANFAoWPASUHEXMLrmeGO89LKtmyuy/uE5
+jF66CyCU3nuDuP/jVo23Eek7jPKxwV2dpAtMK9myGPW1n0sCAwEAAaNjMGEwHQYDVR0OBBYEFFLY
+iDrIn3hm7YnzezhwlMkCAjbQMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUUtiIOsifeGbt
+ifN7OHCUyQICNtAwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4ICAQALe3KHwGCmSUyI
+WOYdiPcUZEim2FgKDk8TNd81HdTtBjHIgT5q1d07GjLukD0R0i70jsNjLiNmsGe+b7bAEzlgqqI0
+JZN1Ut6nna0Oh4lScWoWPBkdg/iaKWW+9D+a2fDzWochcYBNy+A4mz+7+uAwTc+G02UQGRjRlwKx
+K3JCaKygvU5a2hi/a5iB0P2avl4VSM0RFbnAKVy06Ij3Pjaut2L9HmLecHgQHEhb2rykOLpn7VU+
+Xlff1ANATIGk0k9jpwlCCRT8AKnCgHNPLsBA2RF7SOp6AsDT6ygBJlh0wcBzIm2Tlf05fbsq4/aC
+4yyXX04fkZT6/iyj2HYauE2yOE+b+h1IYHkm4vP9qdCa6HCPSXrW5b0KDtst842/6+OkfcvHlXHo
+2qN8xcL4dJIEG4aspCJTQLas/kx2z/uUMsA1n3Y/buWQbqCmJqK4LL7RK4X9p2jIugErsWx0Hbhz
+lefut8cl8ABMALJ+tguLHPPAUJ4lueAI3jZm/zel0btUZCzJJ7VLkn5l/9Mt4blOvH+kQSGQQXem
+OR/qnuOf0GZvBeyqdn6/axag67XH/JJULysRJyU3eExRarDzzFhdFPFqSBX/wge2sY0PjlxQRrM9
+vwGYT7JZVEc+NHt4bVaTLnPqZih4zR0Uv6CPLy64Lo7yFIrM6bV8+2ydDKXhlg==
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert069.pem b/test/rules/platform_certs/default/cert069.pem
new file mode 100644
index 000000000000..9c0aaeb7709f
--- /dev/null
+++ b/test/rules/platform_certs/default/cert069.pem
@@ -0,0 +1,19 @@
+Trustis FPS Root CA
+-----BEGIN CERTIFICATE-----
+MIIDZzCCAk+gAwIBAgIQGx+ttiD5JNM2a/fH8YygWTANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQG
+EwJHQjEYMBYGA1UEChMPVHJ1c3RpcyBMaW1pdGVkMRwwGgYDVQQLExNUcnVzdGlzIEZQUyBSb290
+IENBMB4XDTAzMTIyMzEyMTQwNloXDTI0MDEyMTExMzY1NFowRTELMAkGA1UEBhMCR0IxGDAWBgNV
+BAoTD1RydXN0aXMgTGltaXRlZDEcMBoGA1UECxMTVHJ1c3RpcyBGUFMgUm9vdCBDQTCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMVQe547NdDfxIzNjpvto8A2mfRC6qc+gIMPpqdZh8mQ
+RUN+AOqGeSoDvT03mYlmt+WKVoaTnGhLaASMk5MCPjDSNzoiYYkchU59j9WvezX2fihHiTHcDnlk
+H5nSW7r+f2C/revnPDgpai/lkQtV/+xvWNUtyd5MZnGPDNcE2gfmHhjjvSkCqPoc4Vu5g6hBSLwa
+cY3nYuUtsuvffM/bq1rKMfFMIvMFE/eC+XN5DL7XSxzA0RU8k0Fk0ea+IxciAIleH2ulrG6nS4zt
+o3Lmr2NNL4XSFDWaLk6M6jKYKIahkQlBOrTh4/L68MkKokHdqeMDx4gVOxzUGpTXn2RZEm0CAwEA
+AaNTMFEwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBS6+nEleYtXQSUhhgtx67JkDoshZzAd
+BgNVHQ4EFgQUuvpxJXmLV0ElIYYLceuyZA6LIWcwDQYJKoZIhvcNAQEFBQADggEBAH5Y//01GX2c
+GE+esCu8jowU/yyg2kdbw++BLa8F6nRIW/M+TgfHbcWzk88iNVy2P3UnXwmWzaD+vkAMXBJV+JOC
+yinpXj9WV4s4NvdFGkwozZ5BuO1WTISkQMi4sKUraXAEasP41BIy+Q7DsdwyhEQsb8tGD+pmQQ9P
+8Vilpg0ND2HepZ5dfWWhPBfnqFVO76DH7cZEf1T1o+CP8HxVIo8ptoGj4W1OLBuAZ+ytIJ8MYmHV
+l/9D7S3B2l0pKoU/rGXuhg8FjZBf3+6f9L/uHfuY5H+QK4R4EA5sSVPvFVtlRkpdr7r7OnIdzfYl
+iB6XzCGcKQENZetX2fNXlrtIzYE=
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert070.pem b/test/rules/platform_certs/default/cert070.pem
new file mode 100644
index 000000000000..2edc96f284d6
--- /dev/null
+++ b/test/rules/platform_certs/default/cert070.pem
@@ -0,0 +1,28 @@
+Buypass Class 2 Root CA
+-----BEGIN CERTIFICATE-----
+MIIFWTCCA0GgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJOTzEdMBsGA1UECgwU
+QnV5cGFzcyBBUy05ODMxNjMzMjcxIDAeBgNVBAMMF0J1eXBhc3MgQ2xhc3MgMiBSb290IENBMB4X
+DTEwMTAyNjA4MzgwM1oXDTQwMTAyNjA4MzgwM1owTjELMAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1
+eXBhc3MgQVMtOTgzMTYzMzI3MSAwHgYDVQQDDBdCdXlwYXNzIENsYXNzIDIgUm9vdCBDQTCCAiIw
+DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANfHXvfBB9R3+0Mh9PT1aeTuMgHbo4Yf5FkNuud1
+g1Lr6hxhFUi7HQfKjK6w3Jad6sNgkoaCKHOcVgb/S2TwDCo3SbXlzwx87vFKu3MwZfPVL4O2fuPn
+9Z6rYPnT8Z2SdIrkHJasW4DptfQxh6NR/Md+oW+OU3fUl8FVM5I+GC911K2GScuVr1QGbNgGE41b
+/+EmGVnAJLqBcXmQRFBoJJRfuLMR8SlBYaNByyM21cHxMlAQTn/0hpPshNOOvEu/XAFOBz3cFIqU
+CqTqc/sLUegTBxj6DvEr0VQVfTzh97QZQmdiXnfgolXsttlpF9U6r0TtSsWe5HonfOV116rLJeff
+awrbD02TTqigzXsu8lkBarcNuAeBfos4GzjmCleZPe4h6KP1DBbdi+w0jpwqHAAVF41og9JwnxgI
+zRFo1clrUs3ERo/ctfPYV3Me6ZQ5BL/T3jjetFPsaRyifsSP5BtwrfKi+fv3FmRmaZ9JUaLiFRhn
+Bkp/1Wy1TbMz4GHrXb7pmA8y1x1LPC5aAVKRCfLf6o3YBkBjqhHk/sM3nhRSP/TizPJhk9H9Z2vX
+Uq6/aKtAQ6BXNVN48FP4YUIHZMbXb5tMOA1jrGKvNouicwoN9SG9dKpN6nIDSdvHXx1iY8f93ZHs
+M+71bbRuMGjeyNYmsHVee7QHIJihdjK4TWxPAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYD
+VR0OBBYEFMmAd+BikoL1RpzzuvdMw964o605MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsF
+AAOCAgEAU18h9bqwOlI5LJKwbADJ784g7wbylp7ppHR/ehb8t/W2+xUbP6umwHJdELFx7rxP462s
+A20ucS6vxOOto70MEae0/0qyexAQH6dXQbLArvQsWdZHEIjzIVEpMMpghq9Gqx3tOluwlN5E40EI
+osHsHdb9T7bWR9AUC8rmyrV7d35BH16Dx7aMOZawP5aBQW9gkOLo+fsicdl9sz1Gv7SEr5AcD48S
+aq/v7h56rgJKihcrdv6sVIkkLE8/trKnToyokZf7KcZ7XC25y2a2t6hbElGFtQl+Ynhw/qlqYLYd
+DnkM/crqJIByw5c/8nerQyIKx+u2DISCLIBrQYoIwOula9+ZEsuK1V6ADJHgJgg2SMX6OBE1/yWD
+LfJ6v9r9jv6ly0UsH8SIU653DtmadsWOLB2jutXsMq7Aqqz30XpN69QH4kj3Io6wpJ9qzo6ysmD0
+oyLQI+uUWnpp3Q+/QFesa1lQ2aOZ4W7+jQF5JyMV3pKdewlNWudLSDBaGOYKbeaP4NK75t98biGC
+wWg5TbSYWGZizEqQXsP6JwSxeRV0mcy+rSDeJmAc61ZRpqPq5KM/p/9h3PFaTWwyI0PurKju7koS
+CTxdccK+efrCh2gdC/1cacwG0Jp9VJkqyTkaGa9LKkPzY11aWOIv4x3kqdbQCtCev9eBCfHJxyYN
+rJgWVqA=
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert071.pem b/test/rules/platform_certs/default/cert071.pem
new file mode 100644
index 000000000000..694db28238e0
--- /dev/null
+++ b/test/rules/platform_certs/default/cert071.pem
@@ -0,0 +1,28 @@
+Buypass Class 3 Root CA
+-----BEGIN CERTIFICATE-----
+MIIFWTCCA0GgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJOTzEdMBsGA1UECgwU
+QnV5cGFzcyBBUy05ODMxNjMzMjcxIDAeBgNVBAMMF0J1eXBhc3MgQ2xhc3MgMyBSb290IENBMB4X
+DTEwMTAyNjA4Mjg1OFoXDTQwMTAyNjA4Mjg1OFowTjELMAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1
+eXBhc3MgQVMtOTgzMTYzMzI3MSAwHgYDVQQDDBdCdXlwYXNzIENsYXNzIDMgUm9vdCBDQTCCAiIw
+DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKXaCpUWUOOV8l6ddjEGMnqb8RB2uACatVI2zSRH
+sJ8YZLya9vrVediQYkwiL944PdbgqOkcLNt4EemOaFEVcsfzM4fkoF0LXOBXByow9c3EN3coTRiR
+5r/VUv1xLXA+58bEiuPwKAv0dpihi4dVsjoT/Lc+JzeOIuOoTyrvYLs9tznDDgFHmV0ST9tD+leh
+7fmdvhFHJlsTmKtdFoqwNxxXnUX/iJY2v7vKB3tvh2PX0DJq1l1sDPGzbjniazEuOQAnFN44wOwZ
+ZoYS6J1yFhNkUsepNxz9gjDthBgd9K5c/3ATAOux9TN6S9ZV+AWNS2mw9bMoNlwUxFFzTWsL8TQH
+2xc519woe2v1n/MuwU8XKhDzzMro6/1rqy6any2CbgTUUgGTLT2G/H783+9CHaZr77kgxve9oKeV
+/afmiSTYzIw0bOIjL9kSGiG5VZFvC5F5GQytQIgLcOJ60g7YaEi7ghM5EFjp2CoHxhLbWNvSO1UQ
+RwUVZ2J+GGOmRj8JDlQyXr8NYnon74Do29lLBlo3WiXQCBJ31G8JUJc9yB3D34xFMFbG02SrZvPA
+Xpacw8Tvw3xrizp5f7NJzz3iiZ+gMEuFuZyUJHmPfWupRWgPK9Dx2hzLabjKSWJtyNBjYt1gD1iq
+j6G8BaVmos8bdrKEZLFMOVLAMLrwjEsCsLa3AgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYD
+VR0OBBYEFEe4zf/lb+74suwvTg75JbCOPGvDMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsF
+AAOCAgEAACAjQTUEkMJAYmDv4jVM1z+s4jSQuKFvdvoWFqRINyzpkMLyPPgKn9iB5btb2iUspKdV
+cSQy9sgL8rxq+JOssgfCX5/bzMiKqr5qb+FJEMwx14C7u8jYog5kV+qi9cKpMRXSIGrs/CIBKM+G
+uIAeqcwRpTzyFrNHnfzSgCHEy9BHcEGhyoMZCCxt8l13nIoUE9Q2HJLw5QY33KbmkJs4j1xrG0aG
+Q0JfPgEHU1RdZX33inOhmlRaHylDFCfChQ+1iHsaO5S3HWCntZznKWlXWpuTekMwGwPXYshApqr8
+ZORK15FTAaggiG6cX0S5y2CBNOxv033aSF/rtJC8LakcC6wc1aJoIIAE1vyxjy+7SjENSoYc6+I2
+KSb12tjE8nVhz36udmNKekBlk4f4HoCMhuWG1o8O/FMsYOgWYRqiPkN7zTlgVGr18okmAWiDSKIz
+6MkEkbIRNBE+6tBDGR8Dk5AM/1E9V/RBbuHLoL7ryWPNbczk+DaqaJ3tvV2XcEQNtg413OEMXbug
+UZTLfhbrES+jkkXITHHZvMmZUldGL1DPvTVp9D0VzgalLA8+9oG6lLvDu79leNKGef9JOxqDDPDe
+eOzI8k1MGt6CKfjBWtrt7uYnXuhF0J0cUahoq0Tj0Itq4/g7u9xN12TyUb7mqqta6THuBrxzvxNi
+Cp/HuZc=
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert072.pem b/test/rules/platform_certs/default/cert072.pem
new file mode 100644
index 000000000000..e2232c988acd
--- /dev/null
+++ b/test/rules/platform_certs/default/cert072.pem
@@ -0,0 +1,20 @@
+T-TeleSec GlobalRoot Class 3
+-----BEGIN CERTIFICATE-----
+MIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoM
+IlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBU
+cnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDMwHhcNMDgx
+MDAxMTAyOTU2WhcNMzMxMDAxMjM1OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lz
+dGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBD
+ZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDMwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQC9dZPwYiJvJK7genasfb3ZJNW4t/zN8ELg63iIVl6bmlQdTQyK
+9tPPcPRStdiTBONGhnFBSivwKixVA9ZIw+A5OO3yXDw/RLyTPWGrTs0NvvAgJ1gORH8EGoel15YU
+NpDQSXuhdfsaa3Ox+M6pCSzyU9XDFES4hqX2iys52qMzVNn6chr3IhUciJFrf2blw2qAsCTz34ZF
+iP0Zf3WHHx+xGwpzJFu5ZeAsVMhg02YXP+HMVDNzkQI6pn97djmiH5a2OK61yJN0HZ65tOVgnS9W
+0eDrXltMEnAMbEQgqxHY9Bn20pxSN+f6tsIxO0rUFJmtxxr1XV/6B7h8DR/Wgx6zAgMBAAGjQjBA
+MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS1A/d2O2GCahKqGFPr
+AyGUv/7OyjANBgkqhkiG9w0BAQsFAAOCAQEAVj3vlNW92nOyWL6ukK2YJ5f+AbGwUgC4TeQbIXQb
+fsDuXmkqJa9c1h3a0nnJ85cp4IaH3gRZD/FZ1GSFS5mvJQQeyUapl96Cshtwn5z2r3Ex3XsFpSzT
+ucpH9sry9uetuUg/vBa3wW306gmv7PO15wWeph6KU1HWk4HMdJP2udqmJQV0eVp+QD6CSyYRMG7h
+P0HHRwA11fXT91Q+gT3aSWqas+8QPebrb9HIIkfLzM8BMZLZGOMivgkeGj5asuRrDFR6fUNOuIml
+e9eiPZaGzPImNC1qkp2aGtAw4l1OBLBfiyB+d8E9lYLRRpo7PHi4b6HQDWSieB4pTpPDpFQUWw==
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert073.pem b/test/rules/platform_certs/default/cert073.pem
new file mode 100644
index 000000000000..b8f77e06a077
--- /dev/null
+++ b/test/rules/platform_certs/default/cert073.pem
@@ -0,0 +1,22 @@
+EE Certification Centre Root CA
+-----BEGIN CERTIFICATE-----
+MIIEAzCCAuugAwIBAgIQVID5oHPtPwBMyonY43HmSjANBgkqhkiG9w0BAQUFADB1MQswCQYDVQQG
+EwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1czEoMCYGA1UEAwwfRUUgQ2Vy
+dGlmaWNhdGlvbiBDZW50cmUgUm9vdCBDQTEYMBYGCSqGSIb3DQEJARYJcGtpQHNrLmVlMCIYDzIw
+MTAxMDMwMTAxMDMwWhgPMjAzMDEyMTcyMzU5NTlaMHUxCzAJBgNVBAYTAkVFMSIwIAYDVQQKDBlB
+UyBTZXJ0aWZpdHNlZXJpbWlza2Vza3VzMSgwJgYDVQQDDB9FRSBDZXJ0aWZpY2F0aW9uIENlbnRy
+ZSBSb290IENBMRgwFgYJKoZIhvcNAQkBFglwa2lAc2suZWUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQDIIMDs4MVLqwd4lfNE7vsLDP90jmG7sWLqI9iroWUyeuuOF0+W2Ap7kaJjbMeM
+TC55v6kF/GlclY1i+blw7cNRfdCT5mzrMEvhvH2/UpvObntl8jixwKIy72KyaOBhU8E2lf/slLo2
+rpwcpzIP5Xy0xm90/XsY6KxX7QYgSzIwWFv9zajmofxwvI6Sc9uXp3whrj3B9UiHbCe9nyV0gVWw
+93X2PaRka9ZP585ArQ/dMtO8ihJTmMmJ+xAdTX7Nfh9WDSFwhfYggx/2uh8Ej+p3iDXE/+pOoYtN
+P2MbRMNE1CV2yreN1x5KZmTNXMWcg+HCCIia7E6j8T4cLNlsHaFLAgMBAAGjgYowgYcwDwYDVR0T
+AQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFBLyWj7qVhy/zQas8fElyalL1BSZ
+MEUGA1UdJQQ+MDwGCCsGAQUFBwMCBggrBgEFBQcDAQYIKwYBBQUHAwMGCCsGAQUFBwMEBggrBgEF
+BQcDCAYIKwYBBQUHAwkwDQYJKoZIhvcNAQEFBQADggEBAHv25MANqhlHt01Xo/6tu7Fq1Q+e2+Rj
+xY6hUFaTlrg4wCQiZrxTFGGVv9DHKpY5P30osxBAIWrEr7BSdxjhlthWXePdNl4dp1BUoMUq5KqM
+lIpPnTX/dqQGE5Gion0ARD9V04I8GtVbvFZMIi5GQ4okQC3zErg7cBqklrkar4dBGmoYDQZPxz5u
+uSlNDUmJEYcyW+ZLBMjkXOZ0c5RdFpgTlf7727FE5TpwrDdr5rMzcijJs1eg9gIWiAYLtqZLICjU
+3j2LrTcFU3T+bsy8QxdxXvnFzBqpYe73dgzzcvRyrc9yAjYHR8/vGVCJYMzpJJUPwssd8m92kMfM
+dcGWxZ0=
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert074.pem b/test/rules/platform_certs/default/cert074.pem
new file mode 100644
index 000000000000..90d38315809e
--- /dev/null
+++ b/test/rules/platform_certs/default/cert074.pem
@@ -0,0 +1,22 @@
+D-TRUST Root Class 3 CA 2 2009
+-----BEGIN CERTIFICATE-----
+MIIEMzCCAxugAwIBAgIDCYPzMA0GCSqGSIb3DQEBCwUAME0xCzAJBgNVBAYTAkRFMRUwEwYDVQQK
+DAxELVRydXN0IEdtYkgxJzAlBgNVBAMMHkQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgMjAwOTAe
+Fw0wOTExMDUwODM1NThaFw0yOTExMDUwODM1NThaME0xCzAJBgNVBAYTAkRFMRUwEwYDVQQKDAxE
+LVRydXN0IEdtYkgxJzAlBgNVBAMMHkQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgMjAwOTCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANOySs96R+91myP6Oi/WUEWJNTrGa9v+2wBoqOAD
+ER03UAifTUpolDWzU9GUY6cgVq/eUXjsKj3zSEhQPgrfRlWLJ23DEE0NkVJD2IfgXU42tSHKXzlA
+BF9bfsyjxiupQB7ZNoTWSPOSHjRGICTBpFGOShrvUD9pXRl/RcPHAY9RySPocq60vFYJfxLLHLGv
+KZAKyVXMD9O0Gu1HNVpK7ZxzBCHQqr0ME7UAyiZsxGsMlFqVlNpQmvH/pStmMaTJOKDfHR+4CS7z
+p+hnUquVH+BGPtikw8paxTGA6Eian5Rp/hnd2HN8gcqW3o7tszIFZYQ05ub9VxC1X3a/L7AQDcUC
+AwEAAaOCARowggEWMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFP3aFMSfMN4hvR5COfyrYyNJ
+4PGEMA4GA1UdDwEB/wQEAwIBBjCB0wYDVR0fBIHLMIHIMIGAoH6gfIZ6bGRhcDovL2RpcmVjdG9y
+eS5kLXRydXN0Lm5ldC9DTj1ELVRSVVNUJTIwUm9vdCUyMENsYXNzJTIwMyUyMENBJTIwMiUyMDIw
+MDksTz1ELVRydXN0JTIwR21iSCxDPURFP2NlcnRpZmljYXRlcmV2b2NhdGlvbmxpc3QwQ6BBoD+G
+PWh0dHA6Ly93d3cuZC10cnVzdC5uZXQvY3JsL2QtdHJ1c3Rfcm9vdF9jbGFzc18zX2NhXzJfMjAw
+OS5jcmwwDQYJKoZIhvcNAQELBQADggEBAH+X2zDI36ScfSF6gHDOFBJpiBSVYEQBrLLpME+bUMJm
+2H6NMLVwMeniacfzcNsgFYbQDfC+rAF1hM5+n02/t2A7nPPKHeJeaNijnZflQGDSNiH+0LS4F9p0
+o3/U37CYAqxva2ssJSRyoWXuJVrl5jLn8t+rSfrzkGkj2wTZ51xY/GXUl77M/C4KzCUqNQT4YJEV
+dT1B/yMfGchs64JTBKbkTCJNjYy6zltz7GRUUG3RnFX7acM2w4y8PIWmawomDeCTmGCufsYkl4ph
+X5GOZpIJhzbNi5stPvZR1FDUWSi9g/LMKHtThm3YJohw1+qRzT65ysCQblrGXnRl11z+o+I=
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert075.pem b/test/rules/platform_certs/default/cert075.pem
new file mode 100644
index 000000000000..cd874b93b2b9
--- /dev/null
+++ b/test/rules/platform_certs/default/cert075.pem
@@ -0,0 +1,23 @@
+D-TRUST Root Class 3 CA 2 EV 2009
+-----BEGIN CERTIFICATE-----
+MIIEQzCCAyugAwIBAgIDCYP0MA0GCSqGSIb3DQEBCwUAMFAxCzAJBgNVBAYTAkRFMRUwEwYDVQQK
+DAxELVRydXN0IEdtYkgxKjAoBgNVBAMMIUQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgRVYgMjAw
+OTAeFw0wOTExMDUwODUwNDZaFw0yOTExMDUwODUwNDZaMFAxCzAJBgNVBAYTAkRFMRUwEwYDVQQK
+DAxELVRydXN0IEdtYkgxKjAoBgNVBAMMIUQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgRVYgMjAw
+OTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJnxhDRwui+3MKCOvXwEz75ivJn9gpfS
+egpnljgJ9hBOlSJzmY3aFS3nBfwZcyK3jpgAvDw9rKFs+9Z5JUut8Mxk2og+KbgPCdM03TP1YtHh
+zRnp7hhPTFiu4h7WDFsVWtg6uMQYZB7jM7K1iXdODL/ZlGsTl28So/6ZqQTMFexgaDbtCHu39b+T
+7WYxg4zGcTSHThfqr4uRjRxWQa4iN1438h3Z0S0NL2lRp75mpoo6Kr3HGrHhFPC+Oh25z1uxav60
+sUYgovseO3Dvk5h9jHOW8sXvhXCtKSb8HgQ+HKDYD8tSg2J87otTlZCpV6LqYQXY+U3EJ/pure35
+11H3a6UCAwEAAaOCASQwggEgMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFNOUikxiEyoZLsyv
+cop9NteaHNxnMA4GA1UdDwEB/wQEAwIBBjCB3QYDVR0fBIHVMIHSMIGHoIGEoIGBhn9sZGFwOi8v
+ZGlyZWN0b3J5LmQtdHJ1c3QubmV0L0NOPUQtVFJVU1QlMjBSb290JTIwQ2xhc3MlMjAzJTIwQ0El
+MjAyJTIwRVYlMjAyMDA5LE89RC1UcnVzdCUyMEdtYkgsQz1ERT9jZXJ0aWZpY2F0ZXJldm9jYXRp
+b25saXN0MEagRKBChkBodHRwOi8vd3d3LmQtdHJ1c3QubmV0L2NybC9kLXRydXN0X3Jvb3RfY2xh
+c3NfM19jYV8yX2V2XzIwMDkuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQA07XtaPKSUiO8aEXUHL7P+
+PPoeUSbrh/Yp3uDx1MYkCenBz1UbtDDZzhr+BlGmFaQt77JLvyAoJUnRpjZ3NOhk31KxEcdzes05
+nsKtjHEh8lprr988TlWvsoRlFIm5d8sqMb7Po23Pb0iUMkZv53GMoKaEGTcH8gNFCSuGdXzfX2lX
+ANtu2KZyIktQ1HWYVt+3GP9DQ1CuekR78HlR10M9p9OB0/DJT7naxpeG0ILD5EJt/rDiZE4OJudA
+NCa1CInXCGNjOCd1HjPqbqjdn5lPdE2BiYBL3ZqXKVwvvoFBuYz/6n1gBp7N1z3TLqMVvKjmJuVv
+w9y4AyHqnxbxLFS1
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert076.pem b/test/rules/platform_certs/default/cert076.pem
new file mode 100644
index 000000000000..e1336960f501
--- /dev/null
+++ b/test/rules/platform_certs/default/cert076.pem
@@ -0,0 +1,28 @@
+CA Disig Root R2
+-----BEGIN CERTIFICATE-----
+MIIFaTCCA1GgAwIBAgIJAJK4iNuwisFjMA0GCSqGSIb3DQEBCwUAMFIxCzAJBgNVBAYTAlNLMRMw
+EQYDVQQHEwpCcmF0aXNsYXZhMRMwEQYDVQQKEwpEaXNpZyBhLnMuMRkwFwYDVQQDExBDQSBEaXNp
+ZyBSb290IFIyMB4XDTEyMDcxOTA5MTUzMFoXDTQyMDcxOTA5MTUzMFowUjELMAkGA1UEBhMCU0sx
+EzARBgNVBAcTCkJyYXRpc2xhdmExEzARBgNVBAoTCkRpc2lnIGEucy4xGTAXBgNVBAMTEENBIERp
+c2lnIFJvb3QgUjIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCio8QACdaFXS1tFPbC
+w3OeNcJxVX6B+6tGUODBfEl45qt5WDza/3wcn9iXAng+a0EE6UG9vgMsRfYvZNSrXaNHPWSb6Wia
+xswbP7q+sos0Ai6YVRn8jG+qX9pMzk0DIaPY0jSTVpbLTAwAFjxfGs3Ix2ymrdMxp7zo5eFm1tL7
+A7RBZckQrg4FY8aAamkw/dLukO8NJ9+flXP04SXabBbeQTg06ov80egEFGEtQX6sx3dOy1FU+16S
+GBsEWmjGycT6txOgmLcRK7fWV8x8nhfRyyX+hk4kLlYMeE2eARKmK6cBZW58Yh2EhN/qwGu1pSqV
+g8NTEQxzHQuyRpDRQjrOQG6Vrf/GlK1ul4SOfW+eioANSW1z4nuSHsPzwfPrLgVv2RvPN3YEyLRa
+5Beny912H9AZdugsBbPWnDTYltxhh5EF5EQIM8HauQhl1K6yNg3ruji6DOWbnuuNZt2Zz9aJQfYE
+koopKW1rOhzndX0CcQ7zwOe9yxndnWCywmZgtrEE7snmhrmaZkCo5xHtgUUDi/ZnWejBBhG93c+A
+Ak9lQHhcR1DIm+YfgXvkRKhbhZri3lrVx/k6RGZL5DJUfORsnLMOPReisjQS1n6yqEm70XooQL6i
+Fh/f5DcfEXP7kAplQ6INfPgGAVUzfbANuPT1rqVCV3w2EYx7XsQDnYx5nQIDAQABo0IwQDAPBgNV
+HRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUtZn4r7CU9eMg1gqtzk5WpC5u
+Qu0wDQYJKoZIhvcNAQELBQADggIBACYGXnDnZTPIgm7ZnBc6G3pmsgH2eDtpXi/q/075KMOYKmFM
+tCQSin1tERT3nLXK5ryeJ45MGcipvXrA1zYObYVybqjGom32+nNjf7xueQgcnYqfGopTpti72TVV
+sRHFqQOzVju5hJMiXn7B9hJSi+osZ7z+Nkz1uM/Rs0mSO9MpDpkblvdhuDvEK7Z4bLQjb/D907Je
+dR+Zlais9trhxTF7+9FGs9K8Z7RiVLoJ92Owk6Ka+elSLotgEqv89WBW7xBci8QaQtyDW2QOy7W8
+1k/BfDxujRNt+3vrMNDcTa/F1balTFtxyegxvug4BkihGuLq0t4SOVga/4AOgnXmt8kHbA7v/zjx
+mHHEt38OFdAlab0inSvtBfZGR6ztwPDUO+Ls7pZbkBNOHlY667DvlruWIxG68kOGdGSVyCh13x01
+utI3gzhTODY7z2zp+WsO0PsE6E9312UBeIYMej4hYvF/Y3EMyZ9E26gnonW+boE+18DrG5gPcFw0
+sorMwIUY6256s/daoQe/qUKS82Ail+QUoQebTnbAjn39pCXHR+3/H3OszMOl6W8KjptlwlCFtaOg
+UxLMVYdh84GuEEZhvUQhuMI9dM9+JDX6HAcOmz0iyu8xL4ysEr3vQCj8KWefshNPZiTEUxnpHikV
+7+ZtsH8tZ/3zbBt1RqPlShfppNcL
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert077.pem b/test/rules/platform_certs/default/cert077.pem
new file mode 100644
index 000000000000..b261207dbfe6
--- /dev/null
+++ b/test/rules/platform_certs/default/cert077.pem
@@ -0,0 +1,39 @@
+ACCVRAIZ1
+-----BEGIN CERTIFICATE-----
+MIIH0zCCBbugAwIBAgIIXsO3pkN/pOAwDQYJKoZIhvcNAQEFBQAwQjESMBAGA1UEAwwJQUNDVlJB
+SVoxMRAwDgYDVQQLDAdQS0lBQ0NWMQ0wCwYDVQQKDARBQ0NWMQswCQYDVQQGEwJFUzAeFw0xMTA1
+MDUwOTM3MzdaFw0zMDEyMzEwOTM3MzdaMEIxEjAQBgNVBAMMCUFDQ1ZSQUlaMTEQMA4GA1UECwwH
+UEtJQUNDVjENMAsGA1UECgwEQUNDVjELMAkGA1UEBhMCRVMwggIiMA0GCSqGSIb3DQEBAQUAA4IC
+DwAwggIKAoICAQCbqau/YUqXry+XZpp0X9DZlv3P4uRm7x8fRzPCRKPfmt4ftVTdFXxpNRFvu8gM
+jmoYHtiP2Ra8EEg2XPBjs5BaXCQ316PWywlxufEBcoSwfdtNgM3802/J+Nq2DoLSRYWoG2ioPej0
+RGy9ocLLA76MPhMAhN9KSMDjIgro6TenGEyxCQ0jVn8ETdkXhBilyNpAlHPrzg5XPAOBOp0KoVdD
+aaxXbXmQeOW1tDvYvEyNKKGno6e6Ak4l0Squ7a4DIrhrIA8wKFSVf+DuzgpmndFALW4ir50awQUZ
+0m/A8p/4e7MCQvtQqR0tkw8jq8bBD5L/0KIV9VMJcRz/RROE5iZe+OCIHAr8Fraocwa48GOEAqDG
+WuzndN9wrqODJerWx5eHk6fGioozl2A3ED6XPm4pFdahD9GILBKfb6qkxkLrQaLjlUPTAYVtjrs7
+8yM2x/474KElB0iryYl0/wiPgL/AlmXz7uxLaL2diMMxs0Dx6M/2OLuc5NF/1OVYm3z61PMOm3WR
+5LpSLhl+0fXNWhn8ugb2+1KoS5kE3fj5tItQo05iifCHJPqDQsGH+tUtKSpacXpkatcnYGMN285J
+9Y0fkIkyF/hzQ7jSWpOGYdbhdQrqeWZ2iE9x6wQl1gpaepPluUsXQA+xtrn13k/c4LOsOxFwYIRK
+Q26ZIMApcQrAZQIDAQABo4ICyzCCAscwfQYIKwYBBQUHAQEEcTBvMEwGCCsGAQUFBzAChkBodHRw
+Oi8vd3d3LmFjY3YuZXMvZmlsZWFkbWluL0FyY2hpdm9zL2NlcnRpZmljYWRvcy9yYWl6YWNjdjEu
+Y3J0MB8GCCsGAQUFBzABhhNodHRwOi8vb2NzcC5hY2N2LmVzMB0GA1UdDgQWBBTSh7Tj3zcnk1X2
+VuqB5TbMjB4/vTAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFNKHtOPfNyeTVfZW6oHlNsyM
+Hj+9MIIBcwYDVR0gBIIBajCCAWYwggFiBgRVHSAAMIIBWDCCASIGCCsGAQUFBwICMIIBFB6CARAA
+QQB1AHQAbwByAGkAZABhAGQAIABkAGUAIABDAGUAcgB0AGkAZgBpAGMAYQBjAGkA8wBuACAAUgBh
+AO0AegAgAGQAZQAgAGwAYQAgAEEAQwBDAFYAIAAoAEEAZwBlAG4AYwBpAGEAIABkAGUAIABUAGUA
+YwBuAG8AbABvAGcA7QBhACAAeQAgAEMAZQByAHQAaQBmAGkAYwBhAGMAaQDzAG4AIABFAGwAZQBj
+AHQAcgDzAG4AaQBjAGEALAAgAEMASQBGACAAUQA0ADYAMAAxADEANQA2AEUAKQAuACAAQwBQAFMA
+IABlAG4AIABoAHQAdABwADoALwAvAHcAdwB3AC4AYQBjAGMAdgAuAGUAczAwBggrBgEFBQcCARYk
+aHR0cDovL3d3dy5hY2N2LmVzL2xlZ2lzbGFjaW9uX2MuaHRtMFUGA1UdHwROMEwwSqBIoEaGRGh0
+dHA6Ly93d3cuYWNjdi5lcy9maWxlYWRtaW4vQXJjaGl2b3MvY2VydGlmaWNhZG9zL3JhaXphY2N2
+MV9kZXIuY3JsMA4GA1UdDwEB/wQEAwIBBjAXBgNVHREEEDAOgQxhY2N2QGFjY3YuZXMwDQYJKoZI
+hvcNAQEFBQADggIBAJcxAp/n/UNnSEQU5CmH7UwoZtCPNdpNYbdKl02125DgBS4OxnnQ8pdpD70E
+R9m+27Up2pvZrqmZ1dM8MJP1jaGo/AaNRPTKFpV8M9xii6g3+CfYCS0b78gUJyCpZET/LtZ1qmxN
+YEAZSUNUY9rizLpm5U9EelvZaoErQNV/+QEnWCzI7UiRfD+mAM/EKXMRNt6GGT6d7hmKG9Ww7Y49
+nCrADdg9ZuM8Db3VlFzi4qc1GwQA9j9ajepDvV+JHanBsMyZ4k0ACtrJJ1vnE5Bc5PUzolVt3OAJ
+TS+xJlsndQAJxGJ3KQhfnlmstn6tn1QwIgPBHnFk/vk4CpYY3QIUrCPLBhwepH2NDd4nQeit2hW3
+sCPdK6jT2iWH7ehVRE2I9DZ+hJp4rPcOVkkO1jMl1oRQQmwgEh0q1b688nCBpHBgvgW1m54ERL5h
+I6zppSSMEYCUWqKiuUnSwdzRp+0xESyeGabu4VXhwOrPDYTkF7eifKXeVSUG7szAh1xA2syVP1Xg
+Nce4hL60Xc16gwFy7ofmXx2utYXGJt/mwZrpHgJHnyqobalbz+xFd3+YJ5oyXSrjhO7FmGYvliAd
+3djDJ9ew+f7Zfc3Qn48LFFhRny+Lwzgt3uiP1o2HpPVWQxaZLPSkVrQ0uGE3ycJYgBugl6H8WY3p
+EfbRD0tVNEYqi4Y7
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert078.pem b/test/rules/platform_certs/default/cert078.pem
new file mode 100644
index 000000000000..7c69ef53587c
--- /dev/null
+++ b/test/rules/platform_certs/default/cert078.pem
@@ -0,0 +1,27 @@
+TWCA Global Root CA
+-----BEGIN CERTIFICATE-----
+MIIFQTCCAymgAwIBAgICDL4wDQYJKoZIhvcNAQELBQAwUTELMAkGA1UEBhMCVFcxEjAQBgNVBAoT
+CVRBSVdBTi1DQTEQMA4GA1UECxMHUm9vdCBDQTEcMBoGA1UEAxMTVFdDQSBHbG9iYWwgUm9vdCBD
+QTAeFw0xMjA2MjcwNjI4MzNaFw0zMDEyMzExNTU5NTlaMFExCzAJBgNVBAYTAlRXMRIwEAYDVQQK
+EwlUQUlXQU4tQ0ExEDAOBgNVBAsTB1Jvb3QgQ0ExHDAaBgNVBAMTE1RXQ0EgR2xvYmFsIFJvb3Qg
+Q0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCwBdvI64zEbooh745NnHEKH1Jw7W2C
+nJfF10xORUnLQEK1EjRsGcJ0pDFfhQKX7EMzClPSnIyOt7h52yvVavKOZsTuKwEHktSz0ALfUPZV
+r2YOy+BHYC8rMjk1Ujoog/h7FsYYuGLWRyWRzvAZEk2tY/XTP3VfKfChMBwqoJimFb3u/Rk28OKR
+Q4/6ytYQJ0lM793B8YVwm8rqqFpD/G2Gb3PpN0Wp8DbHzIh1HrtsBv+baz4X7GGqcXzGHaL3SekV
+tTzWoWH1EfcFbx39Eb7QMAfCKbAJTibc46KokWofwpFFiFzlmLhxpRUZyXx1EcxwdE8tmx2RRP1W
+KKD+u4ZqyPpcC1jcxkt2yKsi2XMPpfRaAok/T54igu6idFMqPVMnaR1sjjIsZAAmY2E2TqNGtz99
+sy2sbZCilaLOz9qC5wc0GZbpuCGqKX6mOL6OKUohZnkfs8O1CWfe1tQHRvMq2uYiN2DLgbYPoA/p
+yJV/v1WRBXrPPRXAb94JlAGD1zQbzECl8LibZ9WYkTunhHiVJqRaCPgrdLQABDzfuBSO6N+pjWxn
+kjMdwLfS7JLIvgm/LCkFbwJrnu+8vyq8W8BQj0FwcYeyTbcEqYSjMq+u7msXi7Kx/mzhkIyIqJdI
+zshNy/MGz19qCkKxHh53L46g5pIOBvwFItIm4TFRfTLcDwIDAQABoyMwITAOBgNVHQ8BAf8EBAMC
+AQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAXzSBdu+WHdXltdkCY4QWwa6g
+cFGn90xHNcgL1yg9iXHZqjNB6hQbbCEAwGxCGX6faVsgQt+i0trEfJdLjbDorMjupWkEmQqSpqsn
+LhpNgb+E1HAerUf+/UqdM+DyucRFCCEK2mlpc3INvjT+lIutwx4116KD7+U4x6WFH6vPNOw/KP4M
+8VeGTslV9xzU2KV9Bnpv1d8Q34FOIWWxtuEXeZVFBs5fzNxGiWNoRI2T9GRwoD2dKAXDOXC4Ynsg
+/eTb6QihuJ49CcdP+yz4k3ZB3lLg4VfSnQO8d57+nile98FRYB/e2guyLXW3Q0iT5/Z5xoRdgFlg
+lPx4mI88k1HtQJAH32RjJMtOcQWh15QaiDLxInQirqWm2BJpTGCjAu4r7NRjkgtevi92a6O2JryP
+A9gK8kxkRr05YuWW6zRjESjMlfGt7+/cgFhI6Uu46mWs6fyAtbXIRfmswZ/ZuepiiI7E8UuDEq3m
+i4TWnsLrgxifarsbJGAzcMzs9zLzXNl5fe+epP7JI8Mk7hWSsT2RTyaGvWZzJBPqpK5jwa19hAM8
+EHiGG3njxPPyBJUgriOCxLM6AGK/5jYk4Ve6xx6QddVfP5VhK8E7zeWzaGHQRiapIVJpLesux+t3
+zqY6tQMzT3bR51xUAV3LePTJDL/PEo4XLSNolOer/qmyKwbQBM0=
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert079.pem b/test/rules/platform_certs/default/cert079.pem
new file mode 100644
index 000000000000..f5bd27acb7c2
--- /dev/null
+++ b/test/rules/platform_certs/default/cert079.pem
@@ -0,0 +1,27 @@
+TeliaSonera Root CA v1
+-----BEGIN CERTIFICATE-----
+MIIFODCCAyCgAwIBAgIRAJW+FqD3LkbxezmCcvqLzZYwDQYJKoZIhvcNAQEFBQAwNzEUMBIGA1UE
+CgwLVGVsaWFTb25lcmExHzAdBgNVBAMMFlRlbGlhU29uZXJhIFJvb3QgQ0EgdjEwHhcNMDcxMDE4
+MTIwMDUwWhcNMzIxMDE4MTIwMDUwWjA3MRQwEgYDVQQKDAtUZWxpYVNvbmVyYTEfMB0GA1UEAwwW
+VGVsaWFTb25lcmEgUm9vdCBDQSB2MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMK+
+6yfwIaPzaSZVfp3FVRaRXP3vIb9TgHot0pGMYzHw7CTww6XScnwQbfQ3t+XmfHnqjLWCi65ItqwA
+3GV17CpNX8GH9SBlK4GoRz6JI5UwFpB/6FcHSOcZrr9FZ7E3GwYq/t75rH2D+1665I+XZ75Ljo1k
+B1c4VWk0Nj0TSO9P4tNmHqTPGrdeNjPUtAa9GAH9d4RQAEX1jF3oI7x+/jXh7VB7qTCNGdMJjmhn
+Xb88lxhTuylixcpecsHHltTbLaC0H2kD7OriUPEMPPCs81Mt8Bz17Ww5OXOAFshSsCPN4D7c3TxH
+oLs1iuKYaIu+5b9y7tL6pe0S7fyYGKkmdtwoSxAgHNN/Fnct7W+A90m7UwW7XWjH1Mh1Fj+JWov3
+F0fUTPHSiXk+TT2YqGHeOh7S+F4D4MHJHIzTjU3TlTazN19jY5szFPAtJmtTfImMMsJu7D0hADnJ
+oWjiUIMusDor8zagrC/kb2HCUQk5PotTubtn2txTuXZZNp1D5SDgPTJghSJRt8czu90VL6R4pgd7
+gUY2BIbdeTXHlSw7sKMXNeVzH7RcWe/a6hBle3rQf5+ztCo3O3CLm1u5K7fsslESl1MpWtTwEhDc
+TwK7EpIvYtQ/aUN8Ddb8WHUBiJ1YFkveupD/RwGJBmr2X7KQarMCpgKIv7NHfirZ1fpoeDVNAgMB
+AAGjPzA9MA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBTwj1k4ALP1j5qW
+DNXr+nuqF+gTEjANBgkqhkiG9w0BAQUFAAOCAgEAvuRcYk4k9AwI//DTDGjkk0kiP0Qnb7tt3oNm
+zqjMDfz1mgbldxSR651Be5kqhOX//CHBXfDkH1e3damhXwIm/9fH907eT/j3HEbAek9ALCI18Bmx
+0GtnLLCo4MBANzX2hFxc469CeP6nyQ1Q6g2EdvZR74NTxnr/DlZJLo961gzmJ1TjTQpgcmLNkQfW
+pb/ImWvtxBnmq0wROMVvMeJuScg/doAmAyYp4Db29iBT4xdwNBedY2gea+zDTYa4EzAvXUYNR0PV
+G6pZDrlcjQZIrXSHX8f8MVRBE+LHIQ6e4B4N4cB7Q4WQxYpYxmUKeFfyxiMPAdkgS94P+5KFdSpc
+c41teyWRyu5FrgZLAMzTsVlQ2jqIOylDRl6XK1TOU2+NSueW+r9xDkKLfP0ooNBIytrEgUy7onOT
+JsjrDNYmiLbAJM+7vVvrdX3pCI6GMyx5dwlppYn8s3CQh3aP0yK7Qs69cwsgJirQmz1wHiRszYd2
+qReWt88NkvuOGKmYSdGe/mBEciG5Ge3C9THxOUiIkCR1VBatzvT4aRRkOfujuLpwQMcnHL/EVlP6
+Y2XQ8xwOFvVrhlhNGNTkDY6lnVuR3HYkUD/GKvvZt5y11ubQ2egZixVxSK236thZiNSQvxaz2ems
+WWFUyBy6ysHK4bkgTI86k4mloMy/0/Z1pHWWbVY=
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert080.pem b/test/rules/platform_certs/default/cert080.pem
new file mode 100644
index 000000000000..d2dbf23e5cde
--- /dev/null
+++ b/test/rules/platform_certs/default/cert080.pem
@@ -0,0 +1,32 @@
+E-Tugra Certification Authority
+-----BEGIN CERTIFICATE-----
+MIIGSzCCBDOgAwIBAgIIamg+nFGby1MwDQYJKoZIhvcNAQELBQAwgbIxCzAJBgNVBAYTAlRSMQ8w
+DQYDVQQHDAZBbmthcmExQDA+BgNVBAoMN0UtVHXEn3JhIEVCRyBCaWxpxZ9pbSBUZWtub2xvamls
+ZXJpIHZlIEhpem1ldGxlcmkgQS7Fni4xJjAkBgNVBAsMHUUtVHVncmEgU2VydGlmaWthc3lvbiBN
+ZXJrZXppMSgwJgYDVQQDDB9FLVR1Z3JhIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTEzMDMw
+NTEyMDk0OFoXDTIzMDMwMzEyMDk0OFowgbIxCzAJBgNVBAYTAlRSMQ8wDQYDVQQHDAZBbmthcmEx
+QDA+BgNVBAoMN0UtVHXEn3JhIEVCRyBCaWxpxZ9pbSBUZWtub2xvamlsZXJpIHZlIEhpem1ldGxl
+cmkgQS7Fni4xJjAkBgNVBAsMHUUtVHVncmEgU2VydGlmaWthc3lvbiBNZXJrZXppMSgwJgYDVQQD
+DB9FLVR1Z3JhIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjANBgkqhkiG9w0BAQEFAAOCAg8A
+MIICCgKCAgEA4vU/kwVRHoViVF56C/UYB4Oufq9899SKa6VjQzm5S/fDxmSJPZQuVIBSOTkHS0vd
+hQd2h8y/L5VMzH2nPbxHD5hw+IyFHnSOkm0bQNGZDbt1bsipa5rAhDGvykPL6ys06I+XawGb1Q5K
+CKpbknSFQ9OArqGIW66z6l7LFpp3RMih9lRozt6Plyu6W0ACDGQXwLWTzeHxE2bODHnv0ZEoq1+g
+ElIwcxmOj+GMB6LDu0rw6h8VqO4lzKRG+Bsi77MOQ7osJLjFLFzUHPhdZL3Dk14opz8n8Y4e0ypQ
+BaNV2cvnOVPAmJ6MVGKLJrD3fY185MaeZkJVgkfnsliNZvcHfC425lAcP9tDJMW/hkd5s3kc91r0
+E+xs+D/iWR+V7kI+ua2oMoVJl0b+SzGPWsutdEcf6ZG33ygEIqDUD13ieU/qbIWGvaimzuT6w+Gz
+rt48Ue7LE3wBf4QOXVGUnhMMti6lTPk5cDZvlsouDERVxcr6XQKj39ZkjFqzAQqptQpHF//vkUAq
+jqFGOjGY5RH8zLtJVor8udBhmm9lbObDyz51Sf6Pp+KJxWfXnUYTTjF2OySznhFlhqt/7x3U+Lzn
+rFpct1pHXFXOVbQicVtbC/DP3KBhZOqp12gKY6fgDT+gr9Oq0n7vUaDmUStVkhUXU8u3Zg5mTPj5
+dUyQ5xJwx0UCAwEAAaNjMGEwHQYDVR0OBBYEFC7j27JJ0JxUeVz6Jyr+zE7S6E5UMA8GA1UdEwEB
+/wQFMAMBAf8wHwYDVR0jBBgwFoAULuPbsknQnFR5XPonKv7MTtLoTlQwDgYDVR0PAQH/BAQDAgEG
+MA0GCSqGSIb3DQEBCwUAA4ICAQAFNzr0TbdF4kV1JI+2d1LoHNgQk2Xz8lkGpD4eKexd0dCrfOAK
+kEh47U6YA5n+KGCRHTAduGN8qOY1tfrTYXbm1gdLymmasoR6d5NFFxWfJNCYExL/u6Au/U5Mh/jO
+XKqYGwXgAEZKgoClM4so3O0409/lPun++1ndYYRP0lSWE2ETPo+Aab6TR7U1Q9Jauz1c77NCR807
+VRMGsAnb/WP2OogKmW9+4c4bU2pEZiNRCHu8W1Ki/QY3OEBhj0qWuJA3+GbHeJAAFS6LrVE1Uweo
+a2iu+U48BybNCAVwzDk/dr2l02cmAYamU9JgO3xDf1WKvJUawSg5TB9D0pH0clmKuVb8P7Sd2nCc
+dlqMQ1DujjByTd//SffGqWfZbawCEeI6FiWnWAjLb1NBnEg4R2gz0dfHj9R0IdTDBZB6/86WiLEV
+KV0jq9BgoRJP3vQXzTLlyb/IQ639Lo7xr+L0mPoSHyDYwKcMhcWQ9DstliaxLL5Mq+ux0orJ23gT
+Dx4JnW2PAJ8C2sH6H3p6CcRK5ogql5+Ji/03X186zjhZhkuvcQu02PJwT58yE+Owp1fl2tpDy4Q0
+8ijE6m30Ku/Ba3ba+367hTzSU8JNvnHhRdH9I2cNE3X7z2VnIp2usAnRCf8dNL/+I5c30jn6PQ0G
+C7TbO6Orb1wdtn7os4I07QZcJA==
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert081.pem b/test/rules/platform_certs/default/cert081.pem
new file mode 100644
index 000000000000..71499a1bed01
--- /dev/null
+++ b/test/rules/platform_certs/default/cert081.pem
@@ -0,0 +1,20 @@
+T-TeleSec GlobalRoot Class 2
+-----BEGIN CERTIFICATE-----
+MIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoM
+IlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBU
+cnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDIwHhcNMDgx
+MDAxMTA0MDE0WhcNMzMxMDAxMjM1OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lz
+dGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBD
+ZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDIwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQCqX9obX+hzkeXaXPSi5kfl82hVYAUdAqSzm1nzHoqvNK38DcLZ
+SBnuaY/JIPwhqgcZ7bBcrGXHX+0CfHt8LRvWurmAwhiCFoT6ZrAIxlQjgeTNuUk/9k9uN0goOA/F
+vudocP05l03Sx5iRUKrERLMjfTlH6VJi1hKTXrcxlkIF+3anHqP1wvzpesVsqXFP6st4vGCvx970
+2cu+fjOlbpSD8DT6IavqjnKgP6TeMFvvhk1qlVtDRKgQFRzlAVfFmPHmBiiRqiDFt1MmUUOyCxGV
+WOHAD3bZwI18gfNycJ5v/hqO2V81xrJvNHy+SE/iWjnX2J14np+GPgNeGYtEotXHAgMBAAGjQjBA
+MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS/WSA2AHmgoCJrjNXy
+YdK4LMuCSjANBgkqhkiG9w0BAQsFAAOCAQEAMQOiYQsfdOhyNsZt+U2e+iKo4YFWz827n+qrkRk4
+r6p8FU3ztqONpfSO9kSpp+ghla0+AGIWiPACuvxhI+YzmzB6azZie60EI4RYZeLbK4rnJVM3YlNf
+vNoBYimipidx5joifsFvHZVwIEoHNN/q/xWA5brXethbdXwFeilHfkCoMRN3zUA7tFFHei4R40cR
+3p1m0IvVVGb6g1XqfMIpiRvpb7PO4gWEyS8+eIVibslfwXhjdFjASBgMmTnrpMwatXlajRWc2BQN
+9noHV8cigwUtPJslJj0Ys6lDfMjIq2SPDqO/nBudMNva0Bkuqjzx+zOAduTNrRlPBSeOE6Fuwg==
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert082.pem b/test/rules/platform_certs/default/cert082.pem
new file mode 100644
index 000000000000..2a9b5689940f
--- /dev/null
+++ b/test/rules/platform_certs/default/cert082.pem
@@ -0,0 +1,19 @@
+Atos TrustedRoot 2011
+-----BEGIN CERTIFICATE-----
+MIIDdzCCAl+gAwIBAgIIXDPLYixfszIwDQYJKoZIhvcNAQELBQAwPDEeMBwGA1UEAwwVQXRvcyBU
+cnVzdGVkUm9vdCAyMDExMQ0wCwYDVQQKDARBdG9zMQswCQYDVQQGEwJERTAeFw0xMTA3MDcxNDU4
+MzBaFw0zMDEyMzEyMzU5NTlaMDwxHjAcBgNVBAMMFUF0b3MgVHJ1c3RlZFJvb3QgMjAxMTENMAsG
+A1UECgwEQXRvczELMAkGA1UEBhMCREUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCV
+hTuXbyo7LjvPpvMpNb7PGKw+qtn4TaA+Gke5vJrf8v7MPkfoepbCJI419KkM/IL9bcFyYie96mvr
+54rMVD6QUM+A1JX76LWC1BTFtqlVJVfbsVD2sGBkWXppzwO3bw2+yj5vdHLqqjAqc2K+SZFhyBH+
+DgMq92og3AIVDV4VavzjgsG1xZ1kCWyjWZgHJ8cblithdHFsQ/H3NYkQ4J7sVaE3IqKHBAUsR320
+HLliKWYoyrfhk/WklAOZuXCFteZI6o1Q/NnezG8HDt0Lcp2AMBYHlT8oDv3FdU9T1nSatCQujgKR
+z3bFmx5VdJx4IbHwLfELn8LVlhgf8FQieowHAgMBAAGjfTB7MB0GA1UdDgQWBBSnpQaxLKYJYO7R
+l+lwrrw7GWzbITAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFKelBrEspglg7tGX6XCuvDsZ
+bNshMBgGA1UdIAQRMA8wDQYLKwYBBAGwLQMEAQEwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEB
+CwUAA4IBAQAmdzTblEiGKkGdLD4GkGDEjKwLVLgfuXvTBznk+j57sj1O7Z8jvZfza1zv7v1Apt+h
+k6EKhqzvINB5Ab149xnYJDE0BAGmuhWawyfc2E8PzBhj/5kPDpFrdRbhIfzYJsdHt6bPWHJxfrrh
+TZVHO8mvbaG0weyJ9rQPOLXiZNwlz6bb65pcmaHFCN795trV1lpFDMS3wrUU77QR/w4VtfX128a9
+61qn8FYiqTxlVMYVqL2Gns2Dlmh6cYGJ4Qvh6hEbaAjMaZ7snkGeRDImeuKHCnE96+RapNLbxc3G
+3mB/ufNPRJLvKrcYPqcZ2Qt9sTdBQrC6YB3y/gkRsPCHe6ed
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert083.pem b/test/rules/platform_certs/default/cert083.pem
new file mode 100644
index 000000000000..dd4d451ac717
--- /dev/null
+++ b/test/rules/platform_certs/default/cert083.pem
@@ -0,0 +1,28 @@
+QuoVadis Root CA 1 G3
+-----BEGIN CERTIFICATE-----
+MIIFYDCCA0igAwIBAgIUeFhfLq0sGUvjNwc1NBMotZbUZZMwDQYJKoZIhvcNAQELBQAwSDELMAkG
+A1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAcBgNVBAMTFVF1b1ZhZGlzIFJv
+b3QgQ0EgMSBHMzAeFw0xMjAxMTIxNzI3NDRaFw00MjAxMTIxNzI3NDRaMEgxCzAJBgNVBAYTAkJN
+MRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMR4wHAYDVQQDExVRdW9WYWRpcyBSb290IENBIDEg
+RzMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCgvlAQjunybEC0BJyFuTHK3C3kEakE
+PBtVwedYMB0ktMPvhd6MLOHBPd+C5k+tR4ds7FtJwUrVu4/sh6x/gpqG7D0DmVIB0jWerNrwU8lm
+PNSsAgHaJNM7qAJGr6Qc4/hzWHa39g6QDbXwz8z6+cZM5cOGMAqNF34168Xfuw6cwI2H44g4hWf6
+Pser4BOcBRiYz5P1sZK0/CPTz9XEJ0ngnjybCKOLXSoh4Pw5qlPafX7PGglTvF0FBM+hSo+LdoIN
+ofjSxxR3W5A2B4GbPgb6Ul5jxaYA/qXpUhtStZI5cgMJYr2wYBZupt0lwgNm3fME0UDiTouG9G/l
+g6AnhF4EwfWQvTA9xO+oabw4m6SkltFi2mnAAZauy8RRNOoMqv8hjlmPSlzkYZqn0ukqeI1RPToV
+7qJZjqlc3sX5kCLliEVx3ZGZbHqfPT2YfF72vhZooF6uCyP8Wg+qInYtyaEQHeTTRCOQiJ/GKubX
+9ZqzWB4vMIkIG1SitZgj7Ah3HJVdYdHLiZxfokqRmu8hqkkWCKi9YSgxyXSthfbZxbGL0eUQMk1f
+iyA6PEkfM4VZDdvLCXVDaXP7a3F98N/ETH3Goy7IlXnLc6KOTk0k+17kBL5yG6YnLUlamXrXXAkg
+t3+UuU/xDRxeiEIbEbfnkduebPRq34wGmAOtzCjvpUfzUwIDAQABo0IwQDAPBgNVHRMBAf8EBTAD
+AQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUo5fW816iEOGrRZ88F2Q87gFwnMwwDQYJKoZI
+hvcNAQELBQADggIBABj6W3X8PnrHX3fHyt/PX8MSxEBd1DKquGrX1RUVRpgjpeaQWxiZTOOtQqOC
+MTaIzen7xASWSIsBx40Bz1szBpZGZnQdT+3Btrm0DWHMY37XLneMlhwqI2hrhVd2cDMT/uFPpiN3
+GPoajOi9ZcnPP/TJF9zrx7zABC4tRi9pZsMbj/7sPtPKlL92CiUNqXsCHKnQO18LwIE6PWThv6ct
+Tr1NxNgpxiIY0MWscgKCP6o6ojoilzHdCGPDdRS5YCgtW2jgFqlmgiNR9etT2DGbe+m3nUvriBbP
++V04ikkwj+3x6xn0dxoxGE1nVGwvb2X52z3sIexe9PSLymBlVNFxZPT5pqOBMzYzcfCkeF9OrYMh
+3jRJjehZrJ3ydlo28hP0r+AJx2EqbPfgna67hkooby7utHnNkDPDs3b69fBsnQGQ+p6Q9pxyz0fa
+wx/kNSBT8lTR32GDpgLiJTjehTItXnOQUl1CxM49S+H5GYQd1aJQzEH7QRTDvdbJWqNjZgKAvQU6
+O0ec7AAmTPWIUb+oI38YB7AL7YsmoWTTYUrrXJ/es69nA7Mf3W1daWhpq1467HxpvMc7hU6eFbm0
+FU/DlXpY18ls6Wy58yljXrQs8C097Vpl4KlbQMJImYFtnh8GKjwStIsPm6Ik8KaN1nrgS7ZklmOV
+hMJKzRwuJIczYOXD
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert084.pem b/test/rules/platform_certs/default/cert084.pem
new file mode 100644
index 000000000000..95a5c8c60e12
--- /dev/null
+++ b/test/rules/platform_certs/default/cert084.pem
@@ -0,0 +1,28 @@
+QuoVadis Root CA 2 G3
+-----BEGIN CERTIFICATE-----
+MIIFYDCCA0igAwIBAgIURFc0JFuBiZs18s64KztbpybwdSgwDQYJKoZIhvcNAQELBQAwSDELMAkG
+A1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAcBgNVBAMTFVF1b1ZhZGlzIFJv
+b3QgQ0EgMiBHMzAeFw0xMjAxMTIxODU5MzJaFw00MjAxMTIxODU5MzJaMEgxCzAJBgNVBAYTAkJN
+MRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMR4wHAYDVQQDExVRdW9WYWRpcyBSb290IENBIDIg
+RzMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQChriWyARjcV4g/Ruv5r+LrI3HimtFh
+ZiFfqq8nUeVuGxbULX1QsFN3vXg6YOJkApt8hpvWGo6t/x8Vf9WVHhLL5hSEBMHfNrMWn4rjyduY
+NM7YMxcoRvynyfDStNVNCXJJ+fKH46nafaF9a7I6JaltUkSs+L5u+9ymc5GQYaYDFCDy54ejiK2t
+oIz/pgslUiXnFgHVy7g1gQyjO/Dh4fxaXc6AcW34Sas+O7q414AB+6XrW7PFXmAqMaCvN+ggOp+o
+MiwMzAkd056OXbxMmO7FGmh77FOm6RQ1o9/NgJ8MSPsc9PG/Srj61YxxSscfrf5BmrODXfKEVu+l
+V0POKa2Mq1W/xPtbAd0jIaFYAI7D0GoT7RPjEiuA3GfmlbLNHiJuKvhB1PLKFAeNilUSxmn1uIZo
+L1NesNKqIcGY5jDjZ1XHm26sGahVpkUG0CM62+tlXSoREfA7T8pt9DTEceT/AFr2XK4jYIVz8eQQ
+sSWu1ZK7E8EM4DnatDlXtas1qnIhO4M15zHfeiFuuDIIfR0ykRVKYnLP43ehvNURG3YBZwjgQQvD
+6xVu+KQZ2aKrr+InUlYrAoosFCT5v0ICvybIxo/gbjh9Uy3l7ZizlWNof/k19N+IxWA1ksB8aRxh
+lRbQ694Lrz4EEEVlWFA4r0jyWbYW8jwNkALGcC4BrTwV1wIDAQABo0IwQDAPBgNVHRMBAf8EBTAD
+AQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQU7edvdlq/YOxJW8ald7tyFnGbxD0wDQYJKoZI
+hvcNAQELBQADggIBAJHfgD9DCX5xwvfrs4iP4VGyvD11+ShdyLyZm3tdquXK4Qr36LLTn91nMX66
+AarHakE7kNQIXLJgapDwyM4DYvmL7ftuKtwGTTwpD4kWilhMSA/ohGHqPHKmd+RCroijQ1h5fq7K
+pVMNqT1wvSAZYaRsOPxDMuHBR//47PERIjKWnML2W2mWeyAMQ0GaW/ZZGYjeVYg3UQt4XAoeo0L9
+x52ID8DyeAIkVJOviYeIyUqAHerQbj5hLja7NQ4nlv1mNDthcnPxFlxHBlRJAHpYErAK74X9sbgz
+dWqTHBLmYF5vHX/JHyPLhGGfHoJE+V+tYlUkmlKY7VHnoX6XOuYvHxHaU4AshZ6rNRDbIl9qxV6X
+U/IyAgkwo1jwDQHVcsaxfGl7w/U2Rcxhbl5MlMVerugOXou/983g7aEOGzPuVBj+D77vfoRrQ+Nw
+mNtddbINWQeFFSM51vHfqSYP1kjHs6Yi9TM3WpVHn3u6GBVv/9YUZINJ0gpnIdsPNWNgKCLjsZWD
+zYWm3S8P52dSbrsvhXz1SnPnxT7AvSESBT/8twNJAlvIJebiVDj1eYeMHVOyToV7BjjHLPj4sHKN
+JeV3UvQDHEimUF+IIDBu8oJDqz2XhOdT+yHBTw8imoa4WSr2Rz0ZiC3oheGe7IUIarFsNMkd7Egr
+O3jtZsSOeWmD3n+M
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert085.pem b/test/rules/platform_certs/default/cert085.pem
new file mode 100644
index 000000000000..cd999ae3da64
--- /dev/null
+++ b/test/rules/platform_certs/default/cert085.pem
@@ -0,0 +1,28 @@
+QuoVadis Root CA 3 G3
+-----BEGIN CERTIFICATE-----
+MIIFYDCCA0igAwIBAgIULvWbAiin23r/1aOp7r0DoM8Sah0wDQYJKoZIhvcNAQELBQAwSDELMAkG
+A1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAcBgNVBAMTFVF1b1ZhZGlzIFJv
+b3QgQ0EgMyBHMzAeFw0xMjAxMTIyMDI2MzJaFw00MjAxMTIyMDI2MzJaMEgxCzAJBgNVBAYTAkJN
+MRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMR4wHAYDVQQDExVRdW9WYWRpcyBSb290IENBIDMg
+RzMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCzyw4QZ47qFJenMioKVjZ/aEzHs286
+IxSR/xl/pcqs7rN2nXrpixurazHb+gtTTK/FpRp5PIpM/6zfJd5O2YIyC0TeytuMrKNuFoM7pmRL
+Mon7FhY4futD4tN0SsJiCnMK3UmzV9KwCoWdcTzeo8vAMvMBOSBDGzXRU7Ox7sWTaYI+FrUoRqHe
+6okJ7UO4BUaKhvVZR74bbwEhELn9qdIoyhA5CcoTNs+cra1AdHkrAj80//ogaX3T7mH1urPnMNA3
+I4ZyYUUpSFlob3emLoG+B01vr87ERRORFHAGjx+f+IdpsQ7vw4kZ6+ocYfx6bIrc1gMLnia6Et3U
+VDmrJqMz6nWB2i3ND0/kA9HvFZcba5DFApCTZgIhsUfei5pKgLlVj7WiL8DWM2fafsSntARE60f7
+5li59wzweyuxwHApw0BiLTtIadwjPEjrewl5qW3aqDCYz4ByA4imW0aucnl8CAMhZa634RylsSqi
+Md5mBPfAdOhx3v89WcyWJhKLhZVXGqtrdQtEPREoPHtht+KPZ0/l7DxMYIBpVzgeAVuNVejH38DM
+dyM0SXV89pgR6y3e7UEuFAUCf+D+IOs15xGsIs5XPd7JMG0QA4XN8f+MFrXBsj6IbGB/kE+V9/Yt
+rQE5BwT6dYB9v0lQ7e/JxHwc64B+27bQ3RP+ydOc17KXqQIDAQABo0IwQDAPBgNVHRMBAf8EBTAD
+AQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUxhfQvKjqAkPyGwaZXSuQILnXnOQwDQYJKoZI
+hvcNAQELBQADggIBADRh2Va1EodVTd2jNTFGu6QHcrxfYWLopfsLN7E8trP6KZ1/AvWkyaiTt3px
+KGmPc+FSkNrVvjrlt3ZqVoAh313m6Tqe5T72omnHKgqwGEfcIHB9UqM+WXzBusnIFUBhynLWcKzS
+t/Ac5IYp8M7vaGPQtSCKFWGafoaYtMnCdvvMujAWzKNhxnQT5WvvoxXqA/4Ti2Tk08HS6IT7SdEQ
+TXlm66r99I0xHnAUrdzeZxNMgRVhvLfZkXdxGYFgu/BYpbWcC/ePIlUnwEsBbTuZDdQdm2NnL9Du
+DcpmvJRPpq3t/O5jrFc/ZSXPsoaP0Aj/uHYUbt7lJ+yreLVTubY/6CD50qi+YUbKh4yE8/nxoGib
+Ih6BJpsQBJFxwAYf3KDTuVan45gtf4Od34wrnDKOMpTwATwiKp9Dwi7DmDkHOHv8XgBCH/MyJnmD
+hPbl8MFREsALHgQjDFSlTC9JxUrRtm5gDWv8a4uFJGS3iQ6rJUdbPM9+Sb3H6QrG2vd+DhcI00iX
+0HGS8A85PjRqHH3Y8iKuu2n0M7SmSFXRDw4m6Oy2Cy2nhTXN/VnIn9HNPlopNLk9hM6xZdRZkZFW
+dSHBd575euFgndOtBBj0fOtek49TSiIp+EgrPk2GrFt/ywaZWWDYWGWVjUTR939+J399roD1B0y2
+PpxxVJkES/1Y+Zj0
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert086.pem b/test/rules/platform_certs/default/cert086.pem
new file mode 100644
index 000000000000..0ed774566a19
--- /dev/null
+++ b/test/rules/platform_certs/default/cert086.pem
@@ -0,0 +1,20 @@
+DigiCert Assured ID Root G2
+-----BEGIN CERTIFICATE-----
+MIIDljCCAn6gAwIBAgIQC5McOtY5Z+pnI7/Dr5r0SzANBgkqhkiG9w0BAQsFADBlMQswCQYDVQQG
+EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSQw
+IgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzIwHhcNMTMwODAxMTIwMDAwWhcNMzgw
+MTE1MTIwMDAwWjBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQL
+ExB3d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzIw
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZ5ygvUj82ckmIkzTz+GoeMVSAn61UQbVH
+35ao1K+ALbkKz3X9iaV9JPrjIgwrvJUXCzO/GU1BBpAAvQxNEP4HteccbiJVMWWXvdMX0h5i89vq
+bFCMP4QMls+3ywPgym2hFEwbid3tALBSfK+RbLE4E9HpEgjAALAcKxHad3A2m67OeYfcgnDmCXRw
+VWmvo2ifv922ebPynXApVfSr/5Vh88lAbx3RvpO704gqu52/clpWcTs/1PPRCv4o76Pu2ZmvA9OP
+YLfykqGxvYmJHzDNw6YuYjOuFgJ3RFrngQo8p0Quebg/BLxcoIfhG69Rjs3sLPr4/m3wOnyqi+Rn
+lTGNAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBTO
+w0q5mVXyuNtgv6l+vVa1lzan1jANBgkqhkiG9w0BAQsFAAOCAQEAyqVVjOPIQW5pJ6d1Ee88hjZv
+0p3GeDgdaZaikmkuOGybfQTUiaWxMTeKySHMq2zNixya1r9I0jJmwYrA8y8678Dj1JGG0VDjA9tz
+d29KOVPt3ibHtX2vK0LRdWLjSisCx1BL4GnilmwORGYQRI+tBev4eaymG+g3NJ1TyWGqolKvSnAW
+hsI6yLETcDbYz+70CjTVW0z9B5yiutkBclzzTcHdDrEcDcRjvq30FPuJ7KJBDkzMyFdA0G4Dqs0M
+jomZmWzwPDCvON9vvKO+KSAnq3T/EyJ43pdSVR6DtVQgA+6uwE9W3jfMw3+qBCe703e4YtsXfJwo
+IhNzbM8m9Yop5w==
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert087.pem b/test/rules/platform_certs/default/cert087.pem
new file mode 100644
index 000000000000..5f893978490b
--- /dev/null
+++ b/test/rules/platform_certs/default/cert087.pem
@@ -0,0 +1,14 @@
+DigiCert Assured ID Root G3
+-----BEGIN CERTIFICATE-----
+MIICRjCCAc2gAwIBAgIQC6Fa+h3foLVJRK/NJKBs7DAKBggqhkjOPQQDAzBlMQswCQYDVQQGEwJV
+UzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSQwIgYD
+VQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzMwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1
+MTIwMDAwWjBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
+d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzMwdjAQ
+BgcqhkjOPQIBBgUrgQQAIgNiAAQZ57ysRGXtzbg/WPuNsVepRC0FFfLvC/8QdJ+1YlJfZn4f5dwb
+RXkLzMZTCp2NXQLZqVneAlr2lSoOjThKiknGvMYDOAdfVdp+CW7if17QRSAPWXYQ1qAk8C3eNvJs
+KTmjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBTL0L2p4ZgF
+UaFNN6KDec6NHSrkhDAKBggqhkjOPQQDAwNnADBkAjAlpIFFAmsSS3V0T8gj43DydXLefInwz5Fy
+YZ5eEJJZVrmDxxDnOOlYJjZ91eQ0hjkCMHw2U/Aw5WJjOpnitqM7mzT6HtoQknFekROn3aRukswy
+1vUhZscv6pZjamVFkpUBtA==
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert088.pem b/test/rules/platform_certs/default/cert088.pem
new file mode 100644
index 000000000000..4715cc06e81b
--- /dev/null
+++ b/test/rules/platform_certs/default/cert088.pem
@@ -0,0 +1,20 @@
+DigiCert Global Root G2
+-----BEGIN CERTIFICATE-----
+MIIDjjCCAnagAwIBAgIQAzrx5qcRqaC7KGSxHQn65TANBgkqhkiG9w0BAQsFADBhMQswCQYDVQQG
+EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSAw
+HgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBHMjAeFw0xMzA4MDExMjAwMDBaFw0zODAxMTUx
+MjAwMDBaMGExCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3
+dy5kaWdpY2VydC5jb20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEcyMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuzfNNNx7a8myaJCtSnX/RrohCgiN9RlUyfuI2/Ou8jqJ
+kTx65qsGGmvPrC3oXgkkRLpimn7Wo6h+4FR1IAWsULecYxpsMNzaHxmx1x7e/dfgy5SDN67sH0NO
+3Xss0r0upS/kqbitOtSZpLYl6ZtrAGCSYP9PIUkY92eQq2EGnI/yuum06ZIya7XzV+hdG82MHauV
+BJVJ8zUtluNJbd134/tJS7SsVQepj5WztCO7TG1F8PapspUwtP1MVYwnSlcUfIKdzXOS0xZKBgyM
+UNGPHgm+F6HmIcr9g+UQvIOlCsRnKPZzFBQ9RnbDhxSJITRNrw9FDKZJobq7nMWxM4MphQIDAQAB
+o0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUTiJUIBiV5uNu
+5g/6+rkS7QYXjzkwDQYJKoZIhvcNAQELBQADggEBAGBnKJRvDkhj6zHd6mcY1Yl9PMWLSn/pvtsr
+F9+wX3N3KjITOYFnQoQj8kVnNeyIv/iPsGEMNKSuIEyExtv4NeF22d+mQrvHRAiGfzZ0JFrabA0U
+WTW98kndth/Jsw1HKj2ZL7tcu7XUIOGZX1NGFdtom/DzMNU+MeKNhJ7jitralj41E6Vf8PlwUHBH
+QRFXGU7Aj64GxJUTFy8bJZ918rGOmaFvE7FBcf6IKshPECBV1/MUReXgRPTqh5Uykw7+U0b6LJ3/
+iyK5S9kJRaTepLiaWN0bfVKfjllDiIGknibVb63dDcY3fe0Dkhvld1927jyNxF1WW6LZZm6zNTfl
+MrY=
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert089.pem b/test/rules/platform_certs/default/cert089.pem
new file mode 100644
index 000000000000..a01d9ffcf46a
--- /dev/null
+++ b/test/rules/platform_certs/default/cert089.pem
@@ -0,0 +1,14 @@
+DigiCert Global Root G3
+-----BEGIN CERTIFICATE-----
+MIICPzCCAcWgAwIBAgIQBVVWvPJepDU1w6QP1atFcjAKBggqhkjOPQQDAzBhMQswCQYDVQQGEwJV
+UzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSAwHgYD
+VQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBHMzAeFw0xMzA4MDExMjAwMDBaFw0zODAxMTUxMjAw
+MDBaMGExCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5k
+aWdpY2VydC5jb20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEczMHYwEAYHKoZIzj0C
+AQYFK4EEACIDYgAE3afZu4q4C/sLfyHS8L6+c/MzXRq8NOrexpu80JX28MzQC7phW1FGfp4tn+6O
+YwwX7Adw9c+ELkCDnOg/QW07rdOkFFk2eJ0DQ+4QE2xy3q6Ip6FrtUPOZ9wj/wMco+I+o0IwQDAP
+BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUs9tIpPmhxdiuNkHMEWNp
+Yim8S8YwCgYIKoZIzj0EAwMDaAAwZQIxAK288mw/EkrRLTnDCgmXc/SINoyIJ7vmiI1Qhadj+Z4y
+3maTD/HMsQmP3Wyr+mt/oAIwOWZbwmSNuJ5Q3KjVSaLtx9zRSX8XAbjIho9OjIgrqJqpisXRAL34
+VOKa5Vt8sycX
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert090.pem b/test/rules/platform_certs/default/cert090.pem
new file mode 100644
index 000000000000..4b7b355f12ee
--- /dev/null
+++ b/test/rules/platform_certs/default/cert090.pem
@@ -0,0 +1,29 @@
+DigiCert Trusted Root G4
+-----BEGIN CERTIFICATE-----
+MIIFkDCCA3igAwIBAgIQBZsbV56OITLiOQe9p3d1XDANBgkqhkiG9w0BAQwFADBiMQswCQYDVQQG
+EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSEw
+HwYDVQQDExhEaWdpQ2VydCBUcnVzdGVkIFJvb3QgRzQwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1
+MTIwMDAwWjBiMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
+d3cuZGlnaWNlcnQuY29tMSEwHwYDVQQDExhEaWdpQ2VydCBUcnVzdGVkIFJvb3QgRzQwggIiMA0G
+CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC/5pBzaN675F1KPDAiMGkz7MKnJS7JIT3yithZwuEp
+pz1Yq3aaza57G4QNxDAf8xukOBbrVsaXbR2rsnnyyhHS5F/WBTxSD1Ifxp4VpX6+n6lXFllVcq9o
+k3DCsrp1mWpzMpTREEQQLt+C8weE5nQ7bXHiLQwb7iDVySAdYyktzuxeTsiT+CFhmzTrBcZe7Fsa
+vOvJz82sNEBfsXpm7nfISKhmV1efVFiODCu3T6cw2Vbuyntd463JT17lNecxy9qTXtyOj4DatpGY
+QJB5w3jHtrHEtWoYOAMQjdjUN6QuBX2I9YI+EJFwq1WCQTLX2wRzKm6RAXwhTNS8rhsDdV14Ztk6
+MUSaM0C/CNdaSaTC5qmgZ92kJ7yhTzm1EVgX9yRcRo9k98FpiHaYdj1ZXUJ2h4mXaXpI8OCiEhtm
+mnTK3kse5w5jrubU75KSOp493ADkRSWJtppEGSt+wJS00mFt6zPZxd9LBADMfRyVw4/3IbKyEbe7
+f/LVjHAsQWCqsWMYRJUadmJ+9oCw++hkpjPRiQfhvbfmQ6QYuKZ3AeEPlAwhHbJUKSWJbOUOUlFH
+dL4mrLZBdd56rF+NP8m800ERElvlEFDrMcXKchYiCd98THU/Y+whX8QgUWtvsauGi0/C1kVfnSD8
+oR7FwI+isX4KJpn15GkvmB0t9dmpsh3lGwIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1Ud
+DwEB/wQEAwIBhjAdBgNVHQ4EFgQU7NfjgtJxXWRM3y5nP+e6mK4cD08wDQYJKoZIhvcNAQEMBQAD
+ggIBALth2X2pbL4XxJEbw6GiAI3jZGgPVs93rnD5/ZpKmbnJeFwMDF/k5hQpVgs2SV1EY+CtnJYY
+ZhsjDT156W1r1lT40jzBQ0CuHVD1UvyQO7uYmWlrx8GnqGikJ9yd+SeuMIW59mdNOj6PWTkiU0Tr
+yF0Dyu1Qen1iIQqAyHNm0aAFYF/opbSnr6j3bTWcfFqK1qI4mfN4i/RN0iAL3gTujJtHgXINwBQy
+7zBZLq7gcfJW5GqXb5JQbZaNaHqasjYUegbyJLkJEVDXCLG4iXqEI2FCKeWjzaIgQdfRnGTZ6iah
+ixTXTBmyUEFxPT9NcCOGDErcgdLMMpSEDQgJlxxPwO5rIHQw0uA5NBCFIRUBCOhVMt5xSdkoF1BN
+5r5N0XWs0Mr7QbhDparTwwVETyw2m+L64kW4I1NsBm9nVX9GtUw/bihaeSbSpKhil9Ie4u1Ki7wb
+/UdKDd9nZn6yW0HQO+T0O/QEY+nvwlQAUaCKKsnOeMzV6ocEGLPOr0mIr/OSmbaz5mEP0oUA51Aa
+5BuVnRmhuZyxm7EAHu/QD09CbMkKvO5D+jpxpchNJqU1/YldvIViHTLSoCtU7ZpXwdv6EM8Zt4tK
+G48BtieVU+i2iW1bvGjUI+iLUaJW+fCmgKDWHrO8Dw9TdSmq6hN35N6MgSGtBxBHEa2HPQfRdbzP
+82Z+
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert091.pem b/test/rules/platform_certs/default/cert091.pem
new file mode 100644
index 000000000000..88b9cd8335db
--- /dev/null
+++ b/test/rules/platform_certs/default/cert091.pem
@@ -0,0 +1,30 @@
+COMODO RSA Certification Authority
+-----BEGIN CERTIFICATE-----
+MIIF2DCCA8CgAwIBAgIQTKr5yttjb+Af907YWwOGnTANBgkqhkiG9w0BAQwFADCBhTELMAkGA1UE
+BhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgG
+A1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlv
+biBBdXRob3JpdHkwHhcNMTAwMTE5MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMC
+R0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UE
+ChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlvbiBB
+dXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCR6FSS0gpWsawNJN3Fz0Rn
+dJkrN6N9I3AAcbxT38T6KhKPS38QVr2fcHK3YX/JSw8Xpz3jsARh7v8Rl8f0hj4K+j5c+ZPmNHrZ
+FGvnnLOFoIJ6dq9xkNfs/Q36nGz637CC9BR++b7Epi9Pf5l/tfxnQ3K9DADWietrLNPtj5gcFKt+
+5eNu/Nio5JIk2kNrYrhV/erBvGy2i/MOjZrkm2xpmfh4SDBF1a3hDTxFYPwyllEnvGfDyi62a+pG
+x8cgoLEfZd5ICLqkTqnyg0Y3hOvozIFIQ2dOciqbXL1MGyiKXCJ7tKuY2e7gUYPDCUZObT6Z+pUX
+2nwzV0E8jVHtC7ZcryxjGt9XyD+86V3Em69FmeKjWiS0uqlWPc9vqv9JWL7wqP/0uK3pN/u6uPQL
+OvnoQ0IeidiEyxPx2bvhiWC4jChWrBQdnArncevPDt09qZahSL0896+1DSJMwBGB7FY79tOi4lu3
+sgQiUpWAk2nojkxl8ZEDLXB0AuqLZxUpaVICu9ffUGpVRr+goyhhf3DQw6KqLCGqR84onAZFdr+C
+GCe01a60y1Dma/RMhnEw6abfFobg2P9A3fvQQoh/ozM6LlweQRGBY84YcWsr7KaKtzFcOmpH4MN5
+WdYgGq/yapiqcrxXStJLnbsQ/LBMQeXtHT1eKJ2czL+zUdqnR+WEUwIDAQABo0IwQDAdBgNVHQ4E
+FgQUu69+Aj36pvE8hI6t7jiY7NkyMtQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8w
+DQYJKoZIhvcNAQEMBQADggIBAArx1UaEt65Ru2yyTUEUAJNMnMvlwFTPoCWOAvn9sKIN9SCYPBMt
+rFaisNZ+EZLpLrqeLppysb0ZRGxhNaKatBYSaVqM4dc+pBroLwP0rmEdEBsqpIt6xf4FpuHA1sj+
+nq6PK7o9mfjYcwlYRm6mnPTXJ9OV2jeDchzTc+CiR5kDOF3VSXkAKRzH7JsgHAckaVd4sjn8OoSg
+tZx8jb8uk2IntznaFxiuvTwJaP+EmzzV1gsD41eeFPfR60/IvYcjt7ZJQ3mFXLrrkguhxuhoqEwW
+sRqZCuhTLJK7oQkYdQxlqHvLI7cawiiFwxv/0Cti76R7CZGYZ4wUAc1oBmpjIXUDgIiKboHGhfKp
+pC3n9KUkEEeDys30jXlYsQab5xoq2Z0B15R97QNKyvDb6KkBPvVWmckejkk9u+UJueBPSZI9FoJA
+zMxZxuY67RIuaTxslbH9qh17f4a+Hg4yRvv7E491f0yLS0Zj/gA0QHDBw7mh3aZw4gSzQbzpgJHq
+ZJx64SIDqZxubw5lT2yHh17zbqD5daWbQOhTsiedSrnAdyGN/4fy3ryM7xfft0kL0fJuMAsaDk52
+7RH89elWsn2/x20Kk4yl0MC2Hb46TpSi125sC8KKfPog88Tk5c0NqMuRkrF8hey1FGlmDoLnzc7I
+LaZRfyHBNVOFBkpdn627G190
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert092.pem b/test/rules/platform_certs/default/cert092.pem
new file mode 100644
index 000000000000..f3ebdf4ee8e3
--- /dev/null
+++ b/test/rules/platform_certs/default/cert092.pem
@@ -0,0 +1,30 @@
+USERTrust RSA Certification Authority
+-----BEGIN CERTIFICATE-----
+MIIF3jCCA8agAwIBAgIQAf1tMPyjylGoG7xkDjUDLTANBgkqhkiG9w0BAQwFADCBiDELMAkGA1UE
+BhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQK
+ExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNh
+dGlvbiBBdXRob3JpdHkwHhcNMTAwMjAxMDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBiDELMAkGA1UE
+BhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQK
+ExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNh
+dGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCAEmUXNg7D2wiz
+0KxXDXbtzSfTTK1Qg2HiqiBNCS1kCdzOiZ/MPans9s/B3PHTsdZ7NygRK0faOca8Ohm0X6a9fZ2j
+Y0K2dvKpOyuR+OJv0OwWIJAJPuLodMkYtJHUYmTbf6MG8YgYapAiPLz+E/CHFHv25B+O1ORRxhFn
+RghRy4YUVD+8M/5+bJz/Fp0YvVGONaanZshyZ9shZrHUm3gDwFA66Mzw3LyeTP6vBZY1H1dat//O
++T23LLb2VN3I5xI6Ta5MirdcmrS3ID3KfyI0rn47aGYBROcBTkZTmzNg95S+UzeQc0PzMsNT79uq
+/nROacdrjGCT3sTHDN/hMq7MkztReJVni+49Vv4M0GkPGw/zJSZrM233bkf6c0Plfg6lZrEpfDKE
+Y1WJxA3Bk1QwGROs0303p+tdOmw1XNtB1xLaqUkL39iAigmTYo61Zs8liM2EuLE/pDkP2QKe6xJM
+lXzzawWpXhaDzLhn4ugTncxbgtNMs+1b/97lc6wjOy0AvzVVdAlJ2ElYGn+SNuZRkg7zJn0cTRe8
+yexDJtC/QV9AqURE9JnnV4eeUB9XVKg+/XRjL7FQZQnmWEIuQxpMtPAlR1n6BB6T1CZGSlCBst6+
+eLf8ZxXhyVeEHg9j1uliutZfVS7qXMYoCAQlObgOK6nyTJccBz8NUvXt7y+CDwIDAQABo0IwQDAd
+BgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rIDZsswDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQF
+MAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAFzUfA3P9wF9QZllDHPFUp/L+M+ZBn8b2kMVn54CVVeW
+FPFSPCeHlCjtHzoBN6J2/FNQwISbxmtOuowhT6KOVWKR82kV2LyI48SqC/3vqOlLVSoGIG1VeCkZ
+7l8wXEskEVX/JJpuXior7gtNn3/3ATiUFJVDBwn7YKnuHKsSjKCaXqeYalltiz8I+8jRRa8YFWSQ
+Eg9zKC7F4iRO/Fjs8PRF/iKz6y+O0tlFYQXBl2+odnKPi4w2r78NBc5xjeambx9spnFixdjQg3IM
+8WcRiQycE0xyNN+81XHfqnHd4blsjDwSXWXavVcStkNr/+XeTWYRUc+ZruwXtuhxkYzeSf7dNXGi
+FSeUHM9h4ya7b6NnJSFd5t0dCy5oGzuCr+yDZ4XUmFF0sbmZgIn/f3gZXHlKYC6SQK5MNyosycdi
+yA5d9zZbyuAlJQG03RoHnHcAP9Dc1ew91Pq7P8yF1m9/qS3fuQL39ZeatTXaw2ewh0qpKJ4jjv9c
+J2vhsE/zB+4ALtRZh8tSQZXq9EfX7mRBVXyNWQKV3WKdwrnuWih0hKWbt5DHDAff9Yk2dDLWKMGw
+sAvgnEzDHNb842m1R0aBL6KCq9NjRHDEjf8tM7qtj3u1cIiuPhnPQCjY/MiQu12ZIvVS5ljFH4gx
+Q+6IHdfGjjxDah2nGN59PRbxYvnKkKj9
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert093.pem b/test/rules/platform_certs/default/cert093.pem
new file mode 100644
index 000000000000..ce0daaec8095
--- /dev/null
+++ b/test/rules/platform_certs/default/cert093.pem
@@ -0,0 +1,15 @@
+USERTrust ECC Certification Authority
+-----BEGIN CERTIFICATE-----
+MIICjzCCAhWgAwIBAgIQXIuZxVqUxdJxVt7NiYDMJjAKBggqhkjOPQQDAzCBiDELMAkGA1UEBhMC
+VVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVU
+aGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBFQ0MgQ2VydGlmaWNhdGlv
+biBBdXRob3JpdHkwHhcNMTAwMjAxMDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBiDELMAkGA1UEBhMC
+VVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVU
+aGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBFQ0MgQ2VydGlmaWNhdGlv
+biBBdXRob3JpdHkwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQarFRaqfloI+d61SRvU8Za2EurxtW2
+0eZzca7dnNYMYf3boIkDuAUU7FfO7l0/4iGzzvfUinngo4N+LZfQYcTxmdwlkWOrfzCjtHDix6Ez
+nPO/LlxTsV+zfTJ/ijTjeXmjQjBAMB0GA1UdDgQWBBQ64QmG1M8ZwpZ2dEl23OA1xmNjmjAOBgNV
+HQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjA2Z6EWCNzklwBB
+HU6+4WMBzzuqQhFkoJ2UOQIReVx7Hfpkue4WQrO/isIJxOzksU0CMQDpKmFHjFJKS04YcPbWRNZu
+9YO6bVi9JNlWSOrvxKJGgYhqOkbRqZtNyWHa0V1Xahg=
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert094.pem b/test/rules/platform_certs/default/cert094.pem
new file mode 100644
index 000000000000..b05ff11c8649
--- /dev/null
+++ b/test/rules/platform_certs/default/cert094.pem
@@ -0,0 +1,12 @@
+GlobalSign ECC Root CA - R4
+-----BEGIN CERTIFICATE-----
+MIIB4TCCAYegAwIBAgIRKjikHJYKBN5CsiilC+g0mAIwCgYIKoZIzj0EAwIwUDEkMCIGA1UECxMb
+R2xvYmFsU2lnbiBFQ0MgUm9vdCBDQSAtIFI0MRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQD
+EwpHbG9iYWxTaWduMB4XDTEyMTExMzAwMDAwMFoXDTM4MDExOTAzMTQwN1owUDEkMCIGA1UECxMb
+R2xvYmFsU2lnbiBFQ0MgUm9vdCBDQSAtIFI0MRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQD
+EwpHbG9iYWxTaWduMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEuMZ5049sJQ6fLjkZHAOkrprl
+OQcJFspjsbmG+IpXwVfOQvpzofdlQv8ewQCybnMO/8ch5RikqtlxP6jUuc6MHaNCMEAwDgYDVR0P
+AQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFFSwe61FuOJAf/sKbvu+M8k8o4TV
+MAoGCCqGSM49BAMCA0gAMEUCIQDckqGgE6bPA7DmxCGXkPoUVy0D7O48027KqGx2vKLeuwIgJ6iF
+JzWbVsaj8kfSt24bAgAXqmemFZHe+pTsewv4n4Q=
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert095.pem b/test/rules/platform_certs/default/cert095.pem
new file mode 100644
index 000000000000..d6cef1e9cb2c
--- /dev/null
+++ b/test/rules/platform_certs/default/cert095.pem
@@ -0,0 +1,13 @@
+GlobalSign ECC Root CA - R5
+-----BEGIN CERTIFICATE-----
+MIICHjCCAaSgAwIBAgIRYFlJ4CYuu1X5CneKcflK2GwwCgYIKoZIzj0EAwMwUDEkMCIGA1UECxMb
+R2xvYmFsU2lnbiBFQ0MgUm9vdCBDQSAtIFI1MRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQD
+EwpHbG9iYWxTaWduMB4XDTEyMTExMzAwMDAwMFoXDTM4MDExOTAzMTQwN1owUDEkMCIGA1UECxMb
+R2xvYmFsU2lnbiBFQ0MgUm9vdCBDQSAtIFI1MRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQD
+EwpHbG9iYWxTaWduMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAER0UOlvt9Xb/pOdEh+J8LttV7HpI6
+SFkc8GIxLcB6KP4ap1yztsyX50XUWPrRd21DosCHZTQKH3rd6zwzocWdTaRvQZU4f8kehOvRnkmS
+h5SHDDqFSmafnVmTTZdhBoZKo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAd
+BgNVHQ4EFgQUPeYpSJvqB8ohREom3m7e0oPQn1kwCgYIKoZIzj0EAwMDaAAwZQIxAOVpEslu28Yx
+uglB4Zf4+/2a4n0Sye18ZNPLBSWLVtmg515dTguDnFt2KaAJJiFqYgIwcdK1j1zqO+F4CYWodZI7
+yFz9SO8NdCKoCOJuxUnOxwy8p2Fp8fc74SrL+SvzZpA3
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert096.pem b/test/rules/platform_certs/default/cert096.pem
new file mode 100644
index 000000000000..34e8c0665ecb
--- /dev/null
+++ b/test/rules/platform_certs/default/cert096.pem
@@ -0,0 +1,28 @@
+Staat der Nederlanden Root CA - G3
+-----BEGIN CERTIFICATE-----
+MIIFdDCCA1ygAwIBAgIEAJiiOTANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJOTDEeMBwGA1UE
+CgwVU3RhYXQgZGVyIE5lZGVybGFuZGVuMSswKQYDVQQDDCJTdGFhdCBkZXIgTmVkZXJsYW5kZW4g
+Um9vdCBDQSAtIEczMB4XDTEzMTExNDExMjg0MloXDTI4MTExMzIzMDAwMFowWjELMAkGA1UEBhMC
+TkwxHjAcBgNVBAoMFVN0YWF0IGRlciBOZWRlcmxhbmRlbjErMCkGA1UEAwwiU3RhYXQgZGVyIE5l
+ZGVybGFuZGVuIFJvb3QgQ0EgLSBHMzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAL4y
+olQPcPssXFnrbMSkUeiFKrPMSjTysF/zDsccPVMeiAho2G89rcKezIJnByeHaHE6n3WWIkYFsO2t
+x1ueKt6c/DrGlaf1F2cY5y9JCAxcz+bMNO14+1Cx3Gsy8KL+tjzk7FqXxz8ecAgwoNzFs21v0IJy
+EavSgWhZghe3eJJg+szeP4TrjTgzkApyI/o1zCZxMdFyKJLZWyNtZrVtB0LrpjPOktvA9mxjeM3K
+Tj215VKb8b475lRgsGYeCasH/lSJEULR9yS6YHgamPfJEf0WwTUaVHXvQ9Plrk7O53vDxk5hUUur
+mkVLoR9BvUhTFXFkC4az5S6+zqQbwSmEorXLCCN2QyIkHxcE1G6cxvx/K2Ya7Irl1s9N9WMJtxU5
+1nus6+N86U78dULI7ViVDAZCopz35HCz33JvWjdAidiFpNfxC95DGdRKWCyMijmev4SH8RY7Ngzp
+07TKbBlBUgmhHbBqv4LvcFEhMtwFdozL92TkA1CvjJFnq8Xy7ljY3r735zHPbMk7ccHViLVlvMDo
+FxcHErVc0qsgk7TmgoNwNsXNo42ti+yjwUOH5kPiNL6VizXtBznaqB16nzaeErAMZRKQFWDZJkBE
+41ZgpRDUajz9QdwOWke275dhdU/Z/seyHdTtXUmzqWrLZoQT1Vyg3N9udwbRcXXIV2+vD3dbAgMB
+AAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBRUrfrHkleu
+yjWcLhL75LpdINyUVzANBgkqhkiG9w0BAQsFAAOCAgEAMJmdBTLIXg47mAE6iqTnB/d6+Oea31BD
+U5cqPco8R5gu4RV78ZLzYdqQJRZlwJ9UXQ4DO1t3ApyEtg2YXzTdO2PCwyiBwpwpLiniyMMB8jPq
+KqrMCQj3ZWfGzd/TtiunvczRDnBfuCPRy5FOCvTIeuXZYzbB1N/8Ipf3YF3qKS9Ysr1YvY2WTxB1
+v0h7PVGHoTx0IsL8B3+A3MSs/mrBcDCw6Y5p4ixpgZQJut3+TcCDjJRYwEYgr5wfAvg1VUkvRtTA
+8KCWAg8zxXHzniN9lLf9OtMJgwYh/WA9rjLA0u6NpvDntIJ8CsxwyXmA+P5M9zWEGYox+wrZ13+b
+8KKaa8MFSu1BYBQw0aoRQm7TIwIEC8Zl3d1Sd9qBa7Ko+gE4uZbqKmxnl4mUnrzhVNXkanjvSr0r
+mj1AfsbAddJu+2gw7OyLnflJNZoaLNmzlTnVHpL3prllL+U9bTpITAjc5CgSKL59NVzq4BZ+Extq
+1z7XnvwtdbLBFNUjA9tbbws+eC8N3jONFrdI54OagQ97wUNNVQQXOEpR1VmiiXTTn74eS9fGbbeI
+JG9gkaSChVtWQbzQRKtqE77RLFi3EjNYsjdj3BP1lB0/QFH1T/U67cjF68IeHRaVesd+QnGTbksV
+tzDfqu1XhUisHWrdOWnk4Xl4vs4Fv6EM94B7IWcnMFk=
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert097.pem b/test/rules/platform_certs/default/cert097.pem
new file mode 100644
index 000000000000..32293c551d92
--- /dev/null
+++ b/test/rules/platform_certs/default/cert097.pem
@@ -0,0 +1,28 @@
+Staat der Nederlanden EV Root CA
+-----BEGIN CERTIFICATE-----
+MIIFcDCCA1igAwIBAgIEAJiWjTANBgkqhkiG9w0BAQsFADBYMQswCQYDVQQGEwJOTDEeMBwGA1UE
+CgwVU3RhYXQgZGVyIE5lZGVybGFuZGVuMSkwJwYDVQQDDCBTdGFhdCBkZXIgTmVkZXJsYW5kZW4g
+RVYgUm9vdCBDQTAeFw0xMDEyMDgxMTE5MjlaFw0yMjEyMDgxMTEwMjhaMFgxCzAJBgNVBAYTAk5M
+MR4wHAYDVQQKDBVTdGFhdCBkZXIgTmVkZXJsYW5kZW4xKTAnBgNVBAMMIFN0YWF0IGRlciBOZWRl
+cmxhbmRlbiBFViBSb290IENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA48d+ifkk
+SzrSM4M1LGns3Amk41GoJSt5uAg94JG6hIXGhaTK5skuU6TJJB79VWZxXSzFYGgEt9nCUiY4iKTW
+O0Cmws0/zZiTs1QUWJZV1VD+hq2kY39ch/aO5ieSZxeSAgMs3NZmdO3dZ//BYY1jTw+bbRcwJu+r
+0h8QoPnFfxZpgQNH7R5ojXKhTbImxrpsX23Wr9GxE46prfNeaXUmGD5BKyF/7otdBwadQ8QpCiv8
+Kj6GyzyDOvnJDdrFmeK8eEEzduG/L13lpJhQDBXd4Pqcfzho0LKmeqfRMb1+ilgnQ7O6M5HTp5gV
+XJrm0w912fxBmJc+qiXbj5IusHsMX/FjqTf5m3VpTCgmJdrV8hJwRVXj33NeN/UhbJCONVrJ0yPr
+08C+eKxCKFhmpUZtcALXEPlLVPxdhkqHz3/KRawRWrUgUY0viEeXOcDPusBCAUCZSCELa6fS/ZbV
+0b5GnUngC6agIk440ME8MLxwjyx1zNDFjFE7PZQIZCZhfbnDZY8UnCHQqv0XcgOPvZuM5l5Tnrmd
+74K74bzickFbIZTTRTeU0d8JOV3nI6qaHcptqAqGhYqCvkIH1vI4gnPah1vlPNOePqc7nvQDs/nx
+fRN0Av+7oeX6AHkcpmZBiFxgV6YuCcS6/ZrPpx9Aw7vMWgpVSzs4dlG4Y4uElBbmVvMCAwEAAaNC
+MEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFP6rAJCYniT8qcwa
+ivsnuL8wbqg7MA0GCSqGSIb3DQEBCwUAA4ICAQDPdyxuVr5Os7aEAJSrR8kN0nbHhp8dB9O2tLsI
+eK9p0gtJ3jPFrK3CiAJ9Brc1AsFgyb/E6JTe1NOpEyVa/m6irn0F3H3zbPB+po3u2dfOWBfoqSmu
+c0iH55vKbimhZF8ZE/euBhD/UcabTVUlT5OZEAFTdfETzsemQUHSv4ilf0X8rLiltTMMgsT7B/Zq
+5SWEXwbKwYY5EdtYzXc7LMJMD16a4/CrPmEbUCTCwPTxGfARKbalGAKb12NMcIxHowNDXLldRqAN
+b/9Zjr7dn3LDWyvfjFvO5QxGbJKyCqNMVEIYFRIYvdr8unRu/8G2oGTYqV9Vrp9canaW2HNnh/tN
+f1zuacpzEPuKqf2evTY4SUmH9A4U8OmHuD+nT3pajnnUk+S7aFKErGzp85hwVXIy+TSrK0m1zSBi
+5Dp6Z2Orltxtrpfs/J92VoguZs9btsmksNcFuuEnL5O7Jiqik7Ab846+HUCjuTaPPoIaGl6I6lD4
+WeKDRikL40Rc4ZW2aZCaFG+XroHPaO+Zmr615+F/+PoTRxZMzG0IQOeLeG9QgkRQP2YGiqtDhFZK
+DyAthg710tvSeopLzaXoTvFeJiUBWSOgftL2fiFX1ye8FVdMpEbB4IMeDExNH08GGeL5qPQ6gqGy
+eUN51q1veieQA6TqJIc/2b3Z6fJfUEkc7uzXLg==
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert098.pem b/test/rules/platform_certs/default/cert098.pem
new file mode 100644
index 000000000000..d14ca1f12bc8
--- /dev/null
+++ b/test/rules/platform_certs/default/cert098.pem
@@ -0,0 +1,28 @@
+IdenTrust Commercial Root CA 1
+-----BEGIN CERTIFICATE-----
+MIIFYDCCA0igAwIBAgIQCgFCgAAAAUUjyES1AAAAAjANBgkqhkiG9w0BAQsFADBKMQswCQYDVQQG
+EwJVUzESMBAGA1UEChMJSWRlblRydXN0MScwJQYDVQQDEx5JZGVuVHJ1c3QgQ29tbWVyY2lhbCBS
+b290IENBIDEwHhcNMTQwMTE2MTgxMjIzWhcNMzQwMTE2MTgxMjIzWjBKMQswCQYDVQQGEwJVUzES
+MBAGA1UEChMJSWRlblRydXN0MScwJQYDVQQDEx5JZGVuVHJ1c3QgQ29tbWVyY2lhbCBSb290IENB
+IDEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCnUBneP5k91DNG8W9RYYKyqU+PZ4ld
+hNlT3Qwo2dfw/66VQ3KZ+bVdfIrBQuExUHTRgQ18zZshq0PirK1ehm7zCYofWjK9ouuU+ehcCuz/
+mNKvcbO0U59Oh++SvL3sTzIwiEsXXlfEU8L2ApeN2WIrvyQfYo3fw7gpS0l4PJNgiCL8mdo2yMKi
+1CxUAGc1bnO/AljwpN3lsKImesrgNqUZFvX9t++uP0D1bVoE/c40yiTcdCMbXTMTEl3EASX2MN0C
+XZ/g1Ue9tOsbobtJSdifWwLziuQkkORiT0/Br4sOdBeo0XKIanoBScy0RnnGF7HamB4HWfp1IYVl
+3ZBWzvurpWCdxJ35UrCLvYf5jysjCiN2O/cz4ckA82n5S6LgTrx+kzmEB/dEcH7+B1rlsazRGMzy
+NeVJSQjKVsk9+w8YfYs7wRPCTY/JTw436R+hDmrfYi7LNQZReSzIJTj0+kuniVyc0uMNOYZKdHzV
+WYfCP04MXFL0PfdSgvHqo6z9STQaKPNBiDoT7uje/5kdX7rL6B7yuVBgwDHTc+XvvqDtMwt0viAg
+xGds8AgDelWAf0ZOlqf0Hj7h9tgJ4TNkK2PXMl6f+cB7D3hvl7yTmvmcEpB4eoCHFddydJxVdHix
+uuFucAS6T6C6aMN7/zHwcz09lCqxC0EOoP5NiGVreTO01wIDAQABo0IwQDAOBgNVHQ8BAf8EBAMC
+AQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU7UQZwNPwBovupHu+QucmVMiONnYwDQYJKoZI
+hvcNAQELBQADggIBAA2ukDL2pkt8RHYZYR4nKM1eVO8lvOMIkPkp165oCOGUAFjvLi5+U1KMtlwH
+6oi6mYtQlNeCgN9hCQCTrQ0U5s7B8jeUeLBfnLOic7iPBZM4zY0+sLj7wM+x8uwtLRvM7Kqas6pg
+ghstO8OEPVeKlh6cdbjTMM1gCIOQ045U8U1mwF10A0Cj7oV+wh93nAbowacYXVKV7cndJZ5t+qnt
+ozo00Fl72u1Q8zW/7esUTTHHYPTa8Yec4kjixsU3+wYQ+nVZZjFHKdp2mhzpgq7vmrlR94gjmmmV
+YjzlVYA211QC//G5Xc7UI2/YRYRKW2XviQzdFKcgyxilJbQN+QHwotL0AMh0jqEqSI5l2xPE4iUX
+feu+h1sXIFRRk0pTAwvsXcoz7WL9RccvW9xYoIA55vrX/hMUpu09lEpCdNTDd1lzzY9GvlU47/ro
+kTLql1gEIt44w8y8bckzOmoKaT+gyOpyj4xjhiO9bTyWnpXgSUyqorkqG5w2gXjtw+hG4iZZRHUe
+2XWJUc0QhJ1hYMtd+ZciTY6Y5uN/9lu7rs3KSoFrXgvzUeF0K+l+J6fZmUlO+KWA2yUPHGNiiskz
+Z2s8EIPGrd6ozRaOjfAHN3Gf8qv8QfXBi+wAN10J5U6A7/qxXDgGpRtK4dw4LTzcqx+QGtVKnO7R
+cGzM7vRX+Bi6hG6H
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert099.pem b/test/rules/platform_certs/default/cert099.pem
new file mode 100644
index 000000000000..294e36711366
--- /dev/null
+++ b/test/rules/platform_certs/default/cert099.pem
@@ -0,0 +1,28 @@
+IdenTrust Public Sector Root CA 1
+-----BEGIN CERTIFICATE-----
+MIIFZjCCA06gAwIBAgIQCgFCgAAAAUUjz0Z8AAAAAjANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQG
+EwJVUzESMBAGA1UEChMJSWRlblRydXN0MSowKAYDVQQDEyFJZGVuVHJ1c3QgUHVibGljIFNlY3Rv
+ciBSb290IENBIDEwHhcNMTQwMTE2MTc1MzMyWhcNMzQwMTE2MTc1MzMyWjBNMQswCQYDVQQGEwJV
+UzESMBAGA1UEChMJSWRlblRydXN0MSowKAYDVQQDEyFJZGVuVHJ1c3QgUHVibGljIFNlY3RvciBS
+b290IENBIDEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC2IpT8pEiv6EdrCvsnduTy
+P4o7ekosMSqMjbCpwzFrqHd2hCa2rIFCDQjrVVi7evi8ZX3yoG2LqEfpYnYeEe4IFNGyRBb06tD6
+Hi9e28tzQa68ALBKK0CyrOE7S8ItneShm+waOh7wCLPQ5CQ1B5+ctMlSbdsHyo+1W/CD80/HLaXI
+rcuVIKQxKFdYWuSNG5qrng0M8gozOSI5Cpcu81N3uURF/YTLNiCBWS2ab21ISGHKTN9T0a9SvESf
+qy9rg3LvdYDaBjMbXcjaY8ZNzaxmMc3R3j6HEDbhuaR672BQssvKplbgN6+rNBM5Jeg5ZuSYeqoS
+mJxZZoY+rfGwyj4GD3vwEUs3oERte8uojHH01bWRNszwFcYr3lEXsZdMUD2xlVl8BX0tIdUAvwFn
+ol57plzy9yLxkA2T26pEUWbMfXYD62qoKjgZl3YNa4ph+bz27nb9cCvdKTz4Ch5bQhyLVi9VGxyh
+LrXHFub4qjySjmm2AcG1hp2JDws4lFTo6tyePSW8Uybt1as5qsVATFSrsrTZ2fjXctscvG29ZV/v
+iDUqZi/u9rNl8DONfJhBaUYPQxxp+pu10GFqzcpL2UyQRqsVWaFHVCkugyhfHMKiq3IXAAaOReyL
+4jM9f9oZRORicsPfIsbyVtTdX5Vy7W1f90gDW/3FKqD2cyOEEBsB5wIDAQABo0IwQDAOBgNVHQ8B
+Af8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU43HgntinQtnbcZFrlJPrw6PRFKMw
+DQYJKoZIhvcNAQELBQADggIBAEf63QqwEZE4rU1d9+UOl1QZgkiHVIyqZJnYWv6IAcVYpZmxI1Qj
+t2odIFflAWJBF9MJ23XLblSQdf4an4EKwt3X9wnQW3IV5B4Jaj0z8yGa5hV+rVHVDRDtfULAj+7A
+mgjVQdZcDiFpboBhDhXAuM/FSRJSzL46zNQuOAXeNf0fb7iAaJg9TaDKQGXSc3z1i9kKlT/YPyNt
+GtEqJBnZhbMX73huqVjRI9PHE+1yJX9dsXNw0H8GlwmEKYBhHfpe/3OsoOOJuBxxFcbeMX8S3OFt
+m6/n6J91eEyrRjuazr8FGF1NFTwWmhlQBJqymm9li1JfPFgEKCXAZmExfrngdbkaqIHWchezxQMx
+NRF4eKLg6TCMf4DfWN88uieW4oA0beOY02QnrEh+KHdcxiVhJfiFDGX6xDIvpZgF5PgLZxYWxoK4
+Mhn5+bl53B/N66+rDt0b20XkeucC4pVd/GnwU2lhlXV5C15V5jgclKlZM57IcXR5f1GJtshquDDI
+ajjDbp7hNxbqBWJMWxJH7ae0s1hWx0nzfxJoCTFx8G34Tkf71oXuxVhAGaQdp/lLQzfcaFpPz+vC
+ZHTetBXZ9FRUGi8c15dxVJCO2SCdUyt/q4/i6jC8UDfv8Ue1fXwsBOxonbRJRBD0ckscZOf85muQ
+3Wl9af0AVqW3rLatt8o+Ae+c
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert100.pem b/test/rules/platform_certs/default/cert100.pem
new file mode 100644
index 000000000000..af749d22d793
--- /dev/null
+++ b/test/rules/platform_certs/default/cert100.pem
@@ -0,0 +1,23 @@
+Entrust Root Certification Authority - G2
+-----BEGIN CERTIFICATE-----
+MIIEPjCCAyagAwIBAgIESlOMKDANBgkqhkiG9w0BAQsFADCBvjELMAkGA1UEBhMCVVMxFjAUBgNV
+BAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVy
+bXMxOTA3BgNVBAsTMChjKSAyMDA5IEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ug
+b25seTEyMDAGA1UEAxMpRW50cnVzdCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzIw
+HhcNMDkwNzA3MTcyNTU0WhcNMzAxMjA3MTc1NTU0WjCBvjELMAkGA1UEBhMCVVMxFjAUBgNVBAoT
+DUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMx
+OTA3BgNVBAsTMChjKSAyMDA5IEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25s
+eTEyMDAGA1UEAxMpRW50cnVzdCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzIwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6hLZy254Ma+KZ6TABp3bqMriVQRrJ2mFOWHLP
+/vaCeb9zYQYKpSfYs1/TRU4cctZOMvJyig/3gxnQaoCAAEUesMfnmr8SVycco2gvCoe9amsOXmXz
+HHfV1IWNcCG0szLni6LVhjkCsbjSR87kyUnEO6fe+1R9V77w6G7CebI6C1XiUJgWMhNcL3hWwcKU
+s/Ja5CeanyTXxuzQmyWC48zCxEXFjJd6BmsqEZ+pCm5IO2/b1BEZQvePB7/1U1+cPvQXLOZprE4y
+TGJ36rfo5bs0vBmLrpxR57d+tVOxMyLlbc9wPBr64ptntoP0jaWvYkxN4FisZDQSA/i2jZRjJKRx
+AgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRqciZ6
+0B7vfec7aVHUbI2fkBJmqzANBgkqhkiG9w0BAQsFAAOCAQEAeZ8dlsa2eT8ijYfThwMEYGprmi5Z
+iXMRrEPR9RP/jTkrwPK9T3CMqS/qF8QLVJ7UG5aYMzyorWKiAHarWWluBh1+xLlEjZivEtRh2woZ
+Rkfz6/djwUAFQKXSt/S1mja/qYh2iARVBCuch38aNzx+LaUa2NSJXsq9rD1s2G2v1fN2D807iDgi
+nWyTmsQ9v4IbZT+mD12q/OWyFcq1rca8PdCE6OoGcrBNOTJ4vz4RnAuknZoh8/CbCzB428Hch0P+
+vGOaysXCHMnHjf87ElgI5rY97HosTvuDls4MPGmHVHOkc8KT/1EQrBVUAdj8BbGJoX90g5pJ19xO
+e4pIb4tF9g==
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert101.pem b/test/rules/platform_certs/default/cert101.pem
new file mode 100644
index 000000000000..706aa90b130e
--- /dev/null
+++ b/test/rules/platform_certs/default/cert101.pem
@@ -0,0 +1,17 @@
+Entrust Root Certification Authority - EC1
+-----BEGIN CERTIFICATE-----
+MIIC+TCCAoCgAwIBAgINAKaLeSkAAAAAUNCR+TAKBggqhkjOPQQDAzCBvzELMAkGA1UEBhMCVVMx
+FjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50cnVzdC5uZXQvbGVn
+YWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDEyIEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXpl
+ZCB1c2Ugb25seTEzMDEGA1UEAxMqRW50cnVzdCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5
+IC0gRUMxMB4XDTEyMTIxODE1MjUzNloXDTM3MTIxODE1NTUzNlowgb8xCzAJBgNVBAYTAlVTMRYw
+FAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUgd3d3LmVudHJ1c3QubmV0L2xlZ2Fs
+LXRlcm1zMTkwNwYDVQQLEzAoYykgMjAxMiBFbnRydXN0LCBJbmMuIC0gZm9yIGF1dGhvcml6ZWQg
+dXNlIG9ubHkxMzAxBgNVBAMTKkVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAt
+IEVDMTB2MBAGByqGSM49AgEGBSuBBAAiA2IABIQTydC6bUF74mzQ61VfZgIaJPRbiWlH47jCffHy
+AsWfoPZb1YsGGYZPUxBtByQnoaD41UcZYUx9ypMn6nQM72+WCf5j7HBdNq1nd67JnXxVRDqiY1Ef
+9eNi1KlHBz7MIKNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE
+FLdj5xrdjekIplWDpOBqUEFlEUJJMAoGCCqGSM49BAMDA2cAMGQCMGF52OVCR98crlOZF7ZvHH3h
+vxGU0QOIdeSNiaSKd0bebWHvAvX7td/M/k7//qnmpwIwW5nXhTcGtXsI/esni0qU+eH6p44mCOh8
+kmhtc9hvJqwhAriZtyZBWyVgrtBIGu4G
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert102.pem b/test/rules/platform_certs/default/cert102.pem
new file mode 100644
index 000000000000..b3a47b9738e2
--- /dev/null
+++ b/test/rules/platform_certs/default/cert102.pem
@@ -0,0 +1,28 @@
+CFCA EV ROOT
+-----BEGIN CERTIFICATE-----
+MIIFjTCCA3WgAwIBAgIEGErM1jANBgkqhkiG9w0BAQsFADBWMQswCQYDVQQGEwJDTjEwMC4GA1UE
+CgwnQ2hpbmEgRmluYW5jaWFsIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRUwEwYDVQQDDAxDRkNB
+IEVWIFJPT1QwHhcNMTIwODA4MDMwNzAxWhcNMjkxMjMxMDMwNzAxWjBWMQswCQYDVQQGEwJDTjEw
+MC4GA1UECgwnQ2hpbmEgRmluYW5jaWFsIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRUwEwYDVQQD
+DAxDRkNBIEVWIFJPT1QwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDXXWvNED8fBVnV
+BU03sQ7smCuOFR36k0sXgiFxEFLXUWRwFsJVaU2OFW2fvwwbwuCjZ9YMrM8irq93VCpLTIpTUnrD
+7i7es3ElweldPe6hL6P3KjzJIx1qqx2hp/Hz7KDVRM8Vz3IvHWOX6Jn5/ZOkVIBMUtRSqy5J35DN
+uF++P96hyk0g1CXohClTt7GIH//62pCfCqktQT+x8Rgp7hZZLDRJGqgG16iI0gNyejLi6mhNbiyW
+ZXvKWfry4t3uMCz7zEasxGPrb382KzRzEpR/38wmnvFyXVBlWY9ps4deMm/DGIq1lY+wejfeWkU7
+xzbh72fROdOXW3NiGUgthxwG+3SYIElz8AXSG7Ggo7cbcNOIabla1jj0Ytwli3i/+Oh+uFzJlU9f
+py25IGvPa931DfSCt/SyZi4QKPaXWnuWFo8BGS1sbn85WAZkgwGDg8NNkt0yxoekN+kWzqotaK8K
+gWU6cMGbrU1tVMoqLUuFG7OA5nBFDWteNfB/O7ic5ARwiRIlk9oKmSJgamNgTnYGmE69g60dWIol
+hdLHZR4tjsbftsbhf4oEIRUpdPA+nJCdDC7xij5aqgwJHsfVPKPtl8MeNPo4+QgO48BdK4PRVmrJ
+tqhUUy54Mmc9gn900PvhtgVguXDbjgv5E1hvcWAQUhC5wUEJ73IfZzF4/5YFjQIDAQABo2MwYTAf
+BgNVHSMEGDAWgBTj/i39KNALtbq2osS/BqoFjJP7LzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB
+/wQEAwIBBjAdBgNVHQ4EFgQU4/4t/SjQC7W6tqLEvwaqBYyT+y8wDQYJKoZIhvcNAQELBQADggIB
+ACXGumvrh8vegjmWPfBEp2uEcwPenStPuiB/vHiyz5ewG5zz13ku9Ui20vsXiObTej/tUxPQ4i9q
+ecsAIyjmHjdXNYmEwnZPNDatZ8POQQaIxffu2Bq41gt/UP+TqhdLjOztUmCypAbqTuv0axn96/Ua
+4CUqmtzHQTb3yHQFhDmVOdYLO6Qn+gjYXB74BGBSESgoA//vU2YApUo0FmZ8/Qmkrp5nGm9BC2sG
+E5uPhnEFtC+NiWYzKXZUmhH4J/qyP5Hgzg0b8zAarb8iXRvTvyUFTeGSGn+ZnzxEk8rUQElsgIfX
+BDrDMlI1Dlb4pd19xIsNER9Tyx6yF7Zod1rg1MvIB671Oi6ON7fQAUtDKXeMOZePglr4UeWJoBjn
+aH9dCi77o0cOPaYjesYBx4/IXr9tgFa+iiS6M+qf4TIRnvHST4D2G0CvOJ4RUHlzEhLN5mydLIhy
+PDCBBpEi6lmt2hkuIsKNuYyH4Ga8cyNfIWRjgEj1oDwYPZTISEEdQLpe/v5WOaHIz16eGWRGENoX
+kbcFgKyLmZJ956LYBws2J+dIeWCKw9cTXPhyQN9Ky8+ZAAoACxGV2lZFA4gKn2fQ1XmxqI1AbQ3C
+ekD6819kR5LLU7m7Wc5P/dAVUwHY3+vZ5nbv0CO7O6l5s9UCKc2Jo5YPSjXnTkLAdc0Hz+Ys63su
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert103.pem b/test/rules/platform_certs/default/cert103.pem
new file mode 100644
index 000000000000..8bd0e06bfcad
--- /dev/null
+++ b/test/rules/platform_certs/default/cert103.pem
@@ -0,0 +1,20 @@
+OISTE WISeKey Global Root GB CA
+-----BEGIN CERTIFICATE-----
+MIIDtTCCAp2gAwIBAgIQdrEgUnTwhYdGs/gjGvbCwDANBgkqhkiG9w0BAQsFADBtMQswCQYDVQQG
+EwJDSDEQMA4GA1UEChMHV0lTZUtleTEiMCAGA1UECxMZT0lTVEUgRm91bmRhdGlvbiBFbmRvcnNl
+ZDEoMCYGA1UEAxMfT0lTVEUgV0lTZUtleSBHbG9iYWwgUm9vdCBHQiBDQTAeFw0xNDEyMDExNTAw
+MzJaFw0zOTEyMDExNTEwMzFaMG0xCzAJBgNVBAYTAkNIMRAwDgYDVQQKEwdXSVNlS2V5MSIwIAYD
+VQQLExlPSVNURSBGb3VuZGF0aW9uIEVuZG9yc2VkMSgwJgYDVQQDEx9PSVNURSBXSVNlS2V5IEds
+b2JhbCBSb290IEdCIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Be3HEokKtaX
+scriHvt9OO+Y9bI5mE4nuBFde9IllIiCFSZqGzG7qFshISvYD06fWvGxWuR51jIjK+FTzJlFXHtP
+rby/h0oLS5daqPZI7H17Dc0hBt+eFf1Biki3IPShehtX1F1Q/7pn2COZH8g/497/b1t3sWtuuMlk
+9+HKQUYOKXHQuSP8yYFfTvdv37+ErXNku7dCjmn21HYdfp2nuFeKUWdy19SouJVUQHMD9ur06/4o
+Qnc/nSMbsrY9gBQHTC5P99UKFg29ZkM3fiNDecNAhvVMKdqOmq0NpQSHiB6F4+lT1ZvIiwNjeOvg
+GUpuuy9rM2RYk61pv48b74JIxwIDAQABo1EwTzALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB
+/zAdBgNVHQ4EFgQUNQ/INmNe4qPs+TtmFc5RUuORmj0wEAYJKwYBBAGCNxUBBAMCAQAwDQYJKoZI
+hvcNAQELBQADggEBAEBM+4eymYGQfp3FsLAmzYh7KzKNbrghcViXfa43FK8+5/ea4n32cZiZBKpD
+dHij40lhPnOMTZTg+XHEthYOU3gf1qKHLwI5gSk8rxWYITD+KJAAjNHhy/peyP34EEY7onhCkRd0
+VQreUGdNZtGn//3ZwLWoo4rOZvUPQ82nK1d7Y0Zqqi5S2PTt4W2tKZB4SLrhI6qjiey1q5bAtEui
+HZeeevJuQHHfaPFlTc58Bd9TZaml8LGXBHAVRgOY1NK/VLSgWH1Sb9pWJmLU2NuJMW8c8CLC02Ic
+Nc1MaRVUGpCY3useX8p3x8uOPUNpnJpY0CQ73xtAln41rYHHTnG6iBM=
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert104.pem b/test/rules/platform_certs/default/cert104.pem
new file mode 100644
index 000000000000..e6857a0e56b5
--- /dev/null
+++ b/test/rules/platform_certs/default/cert104.pem
@@ -0,0 +1,19 @@
+SZAFIR ROOT CA2
+-----BEGIN CERTIFICATE-----
+MIIDcjCCAlqgAwIBAgIUPopdB+xV0jLVt+O2XwHrLdzk1uQwDQYJKoZIhvcNAQELBQAwUTELMAkG
+A1UEBhMCUEwxKDAmBgNVBAoMH0tyYWpvd2EgSXpiYSBSb3psaWN6ZW5pb3dhIFMuQS4xGDAWBgNV
+BAMMD1NaQUZJUiBST09UIENBMjAeFw0xNTEwMTkwNzQzMzBaFw0zNTEwMTkwNzQzMzBaMFExCzAJ
+BgNVBAYTAlBMMSgwJgYDVQQKDB9LcmFqb3dhIEl6YmEgUm96bGljemVuaW93YSBTLkEuMRgwFgYD
+VQQDDA9TWkFGSVIgUk9PVCBDQTIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3vD5Q
+qEvNQLXOYeeWyrSh2gwisPq1e3YAd4wLz32ohswmUeQgPYUM1ljj5/QqGJ3a0a4m7utT3PSQ1hNK
+DJA8w/Ta0o4NkjrcsbH/ON7Dui1fgLkCvUqdGw+0w8LBZwPd3BucPbOw3gAeqDRHu5rr/gsUvTaE
+2g0gv/pby6kWIK05YO4vdbbnl5z5Pv1+TW9NL++IDWr63fE9biCloBK0TXC5ztdyO4mTp4CEHCdJ
+ckm1/zuVnsHMyAHs6A6KCpbns6aH5db5BSsNl0BwPLqsdVqc1U2dAgrSS5tmS0YHF2Wtn2yIANwi
+ieDhZNRnvDF5YTy7ykHNXGoAyDw4jlivAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
+AQH/BAQDAgEGMB0GA1UdDgQWBBQuFqlKGLXLzPVvUPMjX/hd56zwyDANBgkqhkiG9w0BAQsFAAOC
+AQEAtXP4A9xZWx126aMqe5Aosk3AM0+qmrHUuOQn/6mWmc5G4G18TKI4pAZw8PRBEew/R40/cof5
+O/2kbytTAOD/OblqBw7rHRz2onKQy4I9EYKL0rufKq8h5mOGnXkZ7/e7DDWQw4rtTw/1zBLZpD67
+oPwglV9PJi8RI4NOdQcPv5vRtB3pEAT+ymCPoky4rc/hkA/NrgrHXXu3UNLUYfrVFdvXn4dRVOul
+4+vJhaAlIDf7js4MNIThPIGyd05DpYhfhmehPea0XGG2Ptv+tyjFogeutcrKjSoS75ftwjCkySp6
++/NNIxuZMzSgLvWpCz/UXeHPhJ/iGcJfitYgHuNztw==
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert105.pem b/test/rules/platform_certs/default/cert105.pem
new file mode 100644
index 000000000000..7634cab47ebd
--- /dev/null
+++ b/test/rules/platform_certs/default/cert105.pem
@@ -0,0 +1,30 @@
+Certum Trusted Network CA 2
+-----BEGIN CERTIFICATE-----
+MIIF0jCCA7qgAwIBAgIQIdbQSk8lD8kyN/yqXhKN6TANBgkqhkiG9w0BAQ0FADCBgDELMAkGA1UE
+BhMCUEwxIjAgBgNVBAoTGVVuaXpldG8gVGVjaG5vbG9naWVzIFMuQS4xJzAlBgNVBAsTHkNlcnR1
+bSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEkMCIGA1UEAxMbQ2VydHVtIFRydXN0ZWQgTmV0d29y
+ayBDQSAyMCIYDzIwMTExMDA2MDgzOTU2WhgPMjA0NjEwMDYwODM5NTZaMIGAMQswCQYDVQQGEwJQ
+TDEiMCAGA1UEChMZVW5pemV0byBUZWNobm9sb2dpZXMgUy5BLjEnMCUGA1UECxMeQ2VydHVtIENl
+cnRpZmljYXRpb24gQXV0aG9yaXR5MSQwIgYDVQQDExtDZXJ0dW0gVHJ1c3RlZCBOZXR3b3JrIENB
+IDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC9+Xj45tWADGSdhhuWZGc/IjoedQF9
+7/tcZ4zJzFxrqZHmuULlIEub2pt7uZld2ZuAS9eEQCsn0+i6MLs+CRqnSZXvK0AkwpfHp+6bJe+o
+CgCXhVqqndwpyeI1B+twTUrWwbNWuKFBOJvR+zF/j+Bf4bE/D44WSWDXBo0Y+aomEKsq09DRZ40b
+Rr5HMNUuctHFY9rnY3lEfktjJImGLjQ/KUxSiyqnwOKRKIm5wFv5HdnnJ63/mgKXwcZQkpsCLL2p
+uTRZCr+ESv/f/rOf69me4Jgj7KZrdxYq28ytOxykh9xGc14ZYmhFV+SQgkK7QtbwYeDBoz1mo130
+GO6IyY0XRSmZMnUCMe4pJshrAua1YkV/NxVaI2iJ1D7eTiew8EAMvE0Xy02isx7QBlrd9pPPV3WZ
+9fqGGmd4s7+W/jTcvedSVuWz5XV710GRBdxdaeOVDUO5/IOWOZV7bIBaTxNyxtd9KXpEulKkKtVB
+Rgkg/iKgtlswjbyJDNXXcPiHUv3a76xRLgezTv7QCdpw75j6VuZt27VXS9zlLCUVyJ4ueE742pye
+hizKV/Ma5ciSixqClnrDvFASadgOWkaLOusm+iPJtrCBvkIApPjW/jAux9JG9uWOdf3yzLnQh1vM
+BhBgu4M1t15n3kfsmUjxpKEV/q2MYo45VU85FrmxY53/twIDAQABo0IwQDAPBgNVHRMBAf8EBTAD
+AQH/MB0GA1UdDgQWBBS2oVQ5AsOgP46KvPrU+Bym0ToO/TAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZI
+hvcNAQENBQADggIBAHGlDs7k6b8/ONWJWsQCYftMxRQXLYtPU2sQF/xlhMcQSZDe28cmk4gmb3DW
+Al45oPePq5a1pRNcgRRtDoGCERuKTsZPpd1iHkTfCVn0W3cLN+mLIMb4Ck4uWBzrM9DPhmDJ2vuA
+L55MYIR4PSFk1vtBHxgP58l1cb29XN40hz5BsA72udY/CROWFC/emh1auVbONTqwX3BNXuMp8SMo
+clm2q8KMZiYcdywmdjWLKKdpoPk79SPdhRB0yZADVpHnr7pH1BKXESLjokmUbOe3lEu6LaTaM4tM
+pkT/WjzGHWTYtTHkpjx6qFcL2+1hGsvxznN3Y6SHb0xRONbkX8eftoEq5IVIeVheO/jbAoJnwTnb
+w3RLPTYe+SmTiGhbqEQZIfCn6IENLOiTNrQ3ssqwGyZ6miUfmpqAnksqP/ujmv5zMnHCnsZy4Ypo
+J/HkD7TETKVhk/iXEAcqMCWpuchxuO9ozC1+9eB+D4Kob7a6bINDd82Kkhehnlt4Fj1F4jNy3eFm
+ypnTycUm/Q1oBEauttmbjL4ZvrHG8hnjXALKLNhvSgfZyTXaQHXyxKcZb55CEJh15pWLYLztxRLX
+is7VmFxWlgPF7ncGNf/P5O4/E2Hu29othfDNrp2yGAlFw5Khchf8R7agCyzxxN5DaAhqXzvwdmP7
+zAYspsbiDrW5viSP
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert106.pem b/test/rules/platform_certs/default/cert106.pem
new file mode 100644
index 000000000000..d982ddd9c97c
--- /dev/null
+++ b/test/rules/platform_certs/default/cert106.pem
@@ -0,0 +1,31 @@
+Hellenic Academic and Research Institutions RootCA 2015
+-----BEGIN CERTIFICATE-----
+MIIGCzCCA/OgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBpjELMAkGA1UEBhMCR1IxDzANBgNVBAcT
+BkF0aGVuczFEMEIGA1UEChM7SGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJlc2VhcmNoIEluc3RpdHV0
+aW9ucyBDZXJ0LiBBdXRob3JpdHkxQDA+BgNVBAMTN0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNl
+YXJjaCBJbnN0aXR1dGlvbnMgUm9vdENBIDIwMTUwHhcNMTUwNzA3MTAxMTIxWhcNNDAwNjMwMTAx
+MTIxWjCBpjELMAkGA1UEBhMCR1IxDzANBgNVBAcTBkF0aGVuczFEMEIGA1UEChM7SGVsbGVuaWMg
+QWNhZGVtaWMgYW5kIFJlc2VhcmNoIEluc3RpdHV0aW9ucyBDZXJ0LiBBdXRob3JpdHkxQDA+BgNV
+BAMTN0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgUm9vdENBIDIw
+MTUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDC+Kk/G4n8PDwEXT2QNrCROnk8Zlrv
+bTkBSRq0t89/TSNTt5AA4xMqKKYx8ZEA4yjsriFBzh/a/X0SWwGDD7mwX5nh8hKDgE0GPt+sr+eh
+iGsxr/CL0BgzuNtFajT0AoAkKAoCFZVedioNmToUW/bLy1O8E00BiDeUJRtCvCLYjqOWXjrZMts+
+6PAQZe104S+nfK8nNLspfZu2zwnI5dMK/IhlZXQK3HMcXM1AsRzUtoSMTFDPaI6oWa7CJ06CojXd
+FPQf/7J31Ycvqm59JCfnxssm5uX+Zwdj2EUN3TpZZTlYepKZcj2chF6IIbjV9Cz82XBST3i4vTwr
+i5WY9bPRaM8gFH5MXF/ni+X1NYEZN9cRCLdmvtNKzoNXADrDgfgXy5I2XdGj2HUb4Ysn6npIQf1F
+GQatJ5lOwXBH3bWfgVMS5bGMSF0xQxfjjMZ6Y5ZLKTBOhE5iGV48zpeQpX8B653g+IuJ3SWYPZK2
+fu/Z8VFRfS0myGlZYeCsargqNhEEelC9MoS+L9xy1dcdFkfkR2YgP/SWxa+OAXqlD3pk9Q0Yh9mu
+iNX6hME6wGkoLfINaFGq46V3xqSQDqE3izEjR8EJCOtu93ib14L8hCCZSRm2Ekax+0VVFqmjZayc
+Bw/qa9wfLgZy7IaIEuQt218FL+TwA9MmM+eAws1CoRc0CwIDAQABo0IwQDAPBgNVHRMBAf8EBTAD
+AQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUcRVnyMjJvXVdctA4GGqd83EkVAswDQYJKoZI
+hvcNAQELBQADggIBAHW7bVRLqhBYRjTyYtcWNl0IXtVsyIe9tC5G8jH4fOpCtZMWVdyhDBKg2mF+
+D1hYc2Ryx+hFjtyp8iY/xnmMsVMIM4GwVhO+5lFc2JsKT0ucVlMC6U/2DWDqTUJV6HwbISHTGzrM
+d/K4kPFox/la/vot9L/J9UUbzjgQKjeKeaO04wlshYaT/4mWJ3iBj2fjRnRUjtkNaeJK9E10A/+y
+d+2VZ5fkscWrv2oj6NSU4kQoYsRL4vDY4ilrGnB+JGGTe08DMiUNRSQrlrRGar9KC/eaj8GsGsVn
+82800vpzY4zvFrCopEYq+OsS7HK07/grfoxSwIuEVPkvPuNVqNxmsdnhX9izjFk0WaSrT2y7Hxjb
+davYy5LNlDhhDgcGH0tGEPEVvo2FXDtKK4F5D7Rpn0lQl033DlZdwJVqwjbDG2jJ9SrcR5q+ss7F
+Jej6A7na+RZukYT1HCjI/CbM1xyQVqdfbzoEvM14iQuODy+jqk+iGxI9FghAD/FGTNeqewjBCvVt
+J94Cj8rDtSvK6evIIVM4pcw72Hc3MKJP2W/R8kCtQXoXxdZKNYm3QdV8hn9VTYNKpXMgwDqvkPGa
+JI7ZjnHKe7iG2rKPmT4dEw0SEe7Uq/DpFXYC5ODfqiAeW2GFZECpkJcNrVPSWh2HagCXZWK0vm9q
+p/UsQu0yrbYhnr68
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert107.pem b/test/rules/platform_certs/default/cert107.pem
new file mode 100644
index 000000000000..d0602cca4eea
--- /dev/null
+++ b/test/rules/platform_certs/default/cert107.pem
@@ -0,0 +1,16 @@
+Hellenic Academic and Research Institutions ECC RootCA 2015
+-----BEGIN CERTIFICATE-----
+MIICwzCCAkqgAwIBAgIBADAKBggqhkjOPQQDAjCBqjELMAkGA1UEBhMCR1IxDzANBgNVBAcTBkF0
+aGVuczFEMEIGA1UEChM7SGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJlc2VhcmNoIEluc3RpdHV0aW9u
+cyBDZXJ0LiBBdXRob3JpdHkxRDBCBgNVBAMTO0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJj
+aCBJbnN0aXR1dGlvbnMgRUNDIFJvb3RDQSAyMDE1MB4XDTE1MDcwNzEwMzcxMloXDTQwMDYzMDEw
+MzcxMlowgaoxCzAJBgNVBAYTAkdSMQ8wDQYDVQQHEwZBdGhlbnMxRDBCBgNVBAoTO0hlbGxlbmlj
+IEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgQ2VydC4gQXV0aG9yaXR5MUQwQgYD
+VQQDEztIZWxsZW5pYyBBY2FkZW1pYyBhbmQgUmVzZWFyY2ggSW5zdGl0dXRpb25zIEVDQyBSb290
+Q0EgMjAxNTB2MBAGByqGSM49AgEGBSuBBAAiA2IABJKgQehLgoRc4vgxEZmGZE4JJS+dQS8KrjVP
+dJWyUWRrjWvmP3CV8AVER6ZyOFB2lQJajq4onvktTpnvLEhvTCUp6NFxW98dwXU3tNf6e3pCnGoK
+Vlp8aQuqgAkkbH7BRqNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0O
+BBYEFLQiC4KZJAEOnLvkDv2/+5cgk5kqMAoGCCqGSM49BAMCA2cAMGQCMGfOFmI4oqxiRaeplSTA
+GiecMjvAwNW6qef4BENThe5SId6d9SWDPp5YSy/XZxMOIQIwBeF1Ad5o7SofTUwJCA3sS61kFyjn
+dc5FZXIhF8siQQ6ME5g4mlRtm8rifOoCWCKR
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert108.pem b/test/rules/platform_certs/default/cert108.pem
new file mode 100644
index 000000000000..1ce7bf748394
--- /dev/null
+++ b/test/rules/platform_certs/default/cert108.pem
@@ -0,0 +1,28 @@
+ISRG Root X1
+-----BEGIN CERTIFICATE-----
+MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAwTzELMAkGA1UE
+BhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2VhcmNoIEdyb3VwMRUwEwYDVQQD
+EwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4WhcNMzUwNjA0MTEwNDM4WjBPMQswCQYDVQQG
+EwJVUzEpMCcGA1UEChMgSW50ZXJuZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMT
+DElTUkcgUm9vdCBYMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK3oJHP0FDfzm54r
+Vygch77ct984kIxuPOZXoHj3dcKi/vVqbvYATyjb3miGbESTtrFj/RQSa78f0uoxmyF+0TM8ukj1
+3Xnfs7j/EvEhmkvBioZxaUpmZmyPfjxwv60pIgbz5MDmgK7iS4+3mX6UA5/TR5d8mUgjU+g4rk8K
+b4Mu0UlXjIB0ttov0DiNewNwIRt18jA8+o+u3dpjq+sWT8KOEUt+zwvo/7V3LvSye0rgTBIlDHCN
+Aymg4VMk7BPZ7hm/ELNKjD+Jo2FR3qyHB5T0Y3HsLuJvW5iB4YlcNHlsdu87kGJ55tukmi8mxdAQ
+4Q7e2RCOFvu396j3x+UCB5iPNgiV5+I3lg02dZ77DnKxHZu8A/lJBdiB3QW0KtZB6awBdpUKD9jf
+1b0SHzUvKBds0pjBqAlkd25HN7rOrFleaJ1/ctaJxQZBKT5ZPt0m9STJEadao0xAH0ahmbWnOlFu
+hjuefXKnEgV4We0+UXgVCwOPjdAvBbI+e0ocS3MFEvzG6uBQE3xDk3SzynTnjh8BCNAw1FtxNrQH
+usEwMFxIt4I7mKZ9YIqioymCzLq9gwQbooMDQaHWBfEbwrbwqHyGO0aoSCqI3Haadr8faqU9GY/r
+OPNk3sgrDQoo//fb4hVC1CLQJ13hef4Y53CIrU7m2Ys6xt0nUW7/vGT1M0NPAgMBAAGjQjBAMA4G
+A1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBR5tFnme7bl5AFzgAiIyBpY
+9umbbjANBgkqhkiG9w0BAQsFAAOCAgEAVR9YqbyyqFDQDLHYGmkgJykIrGF1XIpu+ILlaS/V9lZL
+ubhzEFnTIZd+50xx+7LSYK05qAvqFyFWhfFQDlnrzuBZ6brJFe+GnY+EgPbk6ZGQ3BebYhtF8GaV
+0nxvwuo77x/Py9auJ/GpsMiu/X1+mvoiBOv/2X/qkSsisRcOj/KKNFtY2PwByVS5uCbMiogziUwt
+hDyC3+6WVwW6LLv3xLfHTjuCvjHIInNzktHCgKQ5ORAzI4JMPJ+GslWYHb4phowim57iaztXOoJw
+TdwJx4nLCgdNbOhdjsnvzqvHu7UrTkXWStAmzOVyyghqpZXjFaH3pO3JLF+l+/+sKAIuvtd7u+Nx
+e5AW0wdeRlN8NwdCjNPElpzVmbUq4JUagEiuTDkHzsxHpFKVK7q4+63SM1N95R1NbdWhscdCb+ZA
+JzVcoyi3B43njTOQ5yOf+1CceWxG1bQVs5ZufpsMljq4Ui0/1lvh+wjChP4kqKOJ2qxq4RgqsahD
+YVvTH9w7jXbyLeiNdd8XM2w9U/t7y0Ff/9yi0GE44Za4rF2LN9d11TPAmRGunUHBcnWEvgJBQl9n
+JEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57demyPxgcYxn/eR44/KJ4EBs+lVDR3veyJ
+m+kXQ99b21/+jh5Xos1AnX5iItreGCc=
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert109.pem b/test/rules/platform_certs/default/cert109.pem
new file mode 100644
index 000000000000..a0a7df1fbdc5
--- /dev/null
+++ b/test/rules/platform_certs/default/cert109.pem
@@ -0,0 +1,28 @@
+AC RAIZ FNMT-RCM
+-----BEGIN CERTIFICATE-----
+MIIFgzCCA2ugAwIBAgIPXZONMGc2yAYdGsdUhGkHMA0GCSqGSIb3DQEBCwUAMDsxCzAJBgNVBAYT
+AkVTMREwDwYDVQQKDAhGTk1ULVJDTTEZMBcGA1UECwwQQUMgUkFJWiBGTk1ULVJDTTAeFw0wODEw
+MjkxNTU5NTZaFw0zMDAxMDEwMDAwMDBaMDsxCzAJBgNVBAYTAkVTMREwDwYDVQQKDAhGTk1ULVJD
+TTEZMBcGA1UECwwQQUMgUkFJWiBGTk1ULVJDTTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
+ggIBALpxgHpMhm5/yBNtwMZ9HACXjywMI7sQmkCpGreHiPibVmr75nuOi5KOpyVdWRHbNi63URcf
+qQgfBBckWKo3Shjf5TnUV/3XwSyRAZHiItQDwFj8d0fsjz50Q7qsNI1NOHZnjrDIbzAzWHFctPVr
+btQBULgTfmxKo0nRIBnuvMApGGWn3v7v3QqQIecaZ5JCEJhfTzC8PhxFtBDXaEAUwED653cXeuYL
+j2VbPNmaUtu1vZ5Gzz3rkQUCwJaydkxNEJY7kvqcfw+Z374jNUUeAlz+taibmSXaXvMiwzn15Cou
+08YfxGyqxRxqAQVKL9LFwag0Jl1mpdICIfkYtwb1TplvqKtMUejPUBjFd8g5CSxJkjKZqLsXF3mw
+WsXmo8RZZUc1g16p6DULmbvkzSDGm0oGObVo/CK67lWMK07q87Hj/LaZmtVC+nFNCM+HHmpxffnT
+tOmlcYF7wk5HlqX2doWjKI/pgG6BU6VtX7hI+cL5NqYuSf+4lsKMB7ObiFj86xsc3i1w4peSMKGJ
+47xVqCfWS+2QrYv6YyVZLag13cqXM7zlzced0ezvXg5KkAYmY6252TUtB7p2ZSysV4999AeU14EC
+ll2jB0nVetBX+RvnU0Z1qrB5QstocQjpYL05ac70r8NWQMetUqIJ5G+GR4of6ygnXYMgrwTJbFaa
+i0b1AgMBAAGjgYMwgYAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYE
+FPd9xf3E6Jobd2Sn9R2gzL+HYJptMD4GA1UdIAQ3MDUwMwYEVR0gADArMCkGCCsGAQUFBwIBFh1o
+dHRwOi8vd3d3LmNlcnQuZm5tdC5lcy9kcGNzLzANBgkqhkiG9w0BAQsFAAOCAgEAB5BK3/MjTvDD
+nFFlm5wioooMhfNzKWtN/gHiqQxjAb8EZ6WdmF/9ARP67Jpi6Yb+tmLSbkyU+8B1RXxlDPiyN8+s
+D8+Nb/kZ94/sHvJwnvDKuO+3/3Y3dlv2bojzr2IyIpMNOmqOFGYMLVN0V2Ue1bLdI4E7pWYjJ2cJ
+j+F3qkPNZVEI7VFY/uY5+ctHhKQV8Xa7pO6kO8Rf77IzlhEYt8llvhjho6Tc+hj507wTmzl6NLrT
+Qfv6MooqtyuGC2mDOL7Nii4LcK2NJpLuHvUBKwrZ1pebbuCoGRw6IYsMHkCtA+fdZn71uSANA+iW
++YJF1DngoABd15jmfZ5nc8OaKveri6E6FO80vFIOiZiaBECEHX5FaZNXzuvO+FB8TxxuBEOb+dY7
+Ixjp6o7RTUaN8Tvkasq6+yO3m/qZASlaWFot4/nUbQ4mrcFuNLwy+AwF+mWj2zs3gyLp1txyM/1d
+8iC9djwj2ij3+RvrWWTV3F9yfiD8zYm1kGdNYno/Tq0dwzn+evQoFt9B9kiABdcPUXmsEKvU7ANm
+5mqwujGSQkBqvjrTcuFqN1W8rB2Vt2lh8kORdOag0wokRqEIr9baRRmW1FMdW4R58MD3R++Lj8UG
+rp1MYp3/RgT408m2ECVAdf4WqslKYIYvuu8wd+RU4riEmViAqhOLUTpPSPaLtrM=
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert110.pem b/test/rules/platform_certs/default/cert110.pem
new file mode 100644
index 000000000000..1a2778910e94
--- /dev/null
+++ b/test/rules/platform_certs/default/cert110.pem
@@ -0,0 +1,18 @@
+Amazon Root CA 1
+-----BEGIN CERTIFICATE-----
+MIIDQTCCAimgAwIBAgITBmyfz5m/jAo54vB4ikPmljZbyjANBgkqhkiG9w0BAQsFADA5MQswCQYD
+VQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24gUm9vdCBDQSAxMB4XDTE1
+MDUyNjAwMDAwMFoXDTM4MDExNzAwMDAwMFowOTELMAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpv
+bjEZMBcGA1UEAxMQQW1hem9uIFJvb3QgQ0EgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBALJ4gHHKeNXjca9HgFB0fW7Y14h29Jlo91ghYPl0hAEvrAIthtOgQ3pOsqTQNroBvo3bSMgH
+FzZM9O6II8c+6zf1tRn4SWiw3te5djgdYZ6k/oI2peVKVuRF4fn9tBb6dNqcmzU5L/qwIFAGbHrQ
+gLKm+a/sRxmPUDgH3KKHOVj4utWp+UhnMJbulHheb4mjUcAwhmahRWa6VOujw5H5SNz/0egwLX0t
+dHA114gk957EWW67c4cX8jJGKLhD+rcdqsq08p8kDi1L93FcXmn/6pUCyziKrlA4b9v7LWIbxcce
+VOF34GfID5yHI9Y/QCB/IIDEgEw+OyQmjgSubJrIqg0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB
+/zAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0OBBYEFIQYzIU07LwMlJQuCFmcx7IQTgoIMA0GCSqGSIb3
+DQEBCwUAA4IBAQCY8jdaQZChGsV2USggNiMOruYou6r4lK5IpDB/G/wkjUu0yKGX9rbxenDIU5PM
+CCjjmCXPI6T53iHTfIUJrU6adTrCC2qJeHZERxhlbI1Bjjt/msv0tadQ1wUsN+gDS63pYaACbvXy
+8MWy7Vu33PqUXHeeE6V/Uq2V8viTO96LXFvKWlJbYK8U90vvo/ufQJVtMVT8QtPHRh8jrdkPSHCa
+2XV4cdFyQzR1bldZwgJcJmApzyMZFo6IQ6XU5MsI+yMRQ+hDKXJioaldXgjUkK642M4UwtBV8ob2
+xJNDd2ZhwLnoQdeXeGADbkpyrqXRfboQnoZsG4q5WTP468SQvvG5
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert111.pem b/test/rules/platform_certs/default/cert111.pem
new file mode 100644
index 000000000000..449d424d86b1
--- /dev/null
+++ b/test/rules/platform_certs/default/cert111.pem
@@ -0,0 +1,27 @@
+Amazon Root CA 2
+-----BEGIN CERTIFICATE-----
+MIIFQTCCAymgAwIBAgITBmyf0pY1hp8KD+WGePhbJruKNzANBgkqhkiG9w0BAQwFADA5MQswCQYD
+VQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24gUm9vdCBDQSAyMB4XDTE1
+MDUyNjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTELMAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpv
+bjEZMBcGA1UEAxMQQW1hem9uIFJvb3QgQ0EgMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
+ggIBAK2Wny2cSkxKgXlRmeyKy2tgURO8TW0G/LAIjd0ZEGrHJgw12MBvIITplLGbhQPDW9tK6Mj4
+kHbZW0/jTOgGNk3Mmqw9DJArktQGGWCsN0R5hYGCrVo34A3MnaZMUnbqQ523BNFQ9lXg1dKmSYXp
+N+nKfq5clU1Imj+uIFptiJXZNLhSGkOQsL9sBbm2eLfq0OQ6PBJTYv9K8nu+NQWpEjTj82R0Yiw9
+AElaKP4yRLuH3WUnAnE72kr3H9rN9yFVkE8P7K6C4Z9r2UXTu/Bfh+08LDmG2j/e7HJV63mjrdvd
+fLC6HM783k81ds8P+HgfajZRRidhW+mez/CiVX18JYpvL7TFz4QuK/0NURBs+18bvBt+xa47mAEx
+kv8LV/SasrlX6avvDXbR8O70zoan4G7ptGmh32n2M8ZpLpcTnqWHsFcQgTfJU7O7f/aS0ZzQGPSS
+btqDT6ZjmUyl+17vIWR6IF9sZIUVyzfpYgwLKhbcAS4y2j5L9Z469hdAlO+ekQiG+r5jqFoz7Mt0
+Q5X5bGlSNscpb/xVA1wf+5+9R+vnSUeVC06JIglJ4PVhHvG/LopyboBZ/1c6+XUyo05f7O0oYtlN
+c/LMgRdg7c3r3NunysV+Ar3yVAhU/bQtCSwXVEqY0VThUWcI0u1ufm8/0i2BWSlmy5A5lREedCf+
+3euvAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBSw
+DPBMMPQFWAJI/TPlUq9LhONmUjANBgkqhkiG9w0BAQwFAAOCAgEAqqiAjw54o+Ci1M3m9Zh6O+oA
+A7CXDpO8Wqj2LIxyh6mx/H9z/WNxeKWHWc8w4Q0QshNabYL1auaAn6AFC2jkR2vHat+2/XcycuUY
++gn0oJMsXdKMdYV2ZZAMA3m3MSNjrXiDCYZohMr/+c8mmpJ5581LxedhpxfL86kSk5Nrp+gvU5LE
+YFiwzAJRGFuFjWJZY7attN6a+yb3ACfAXVU3dJnJUH/jWS5E4ywl7uxMMne0nxrpS10gxdr9HIcW
+xkPo1LsmmkVwXqkLN1PiRnsn/eBG8om3zEK2yygmbtmlyTrIQRNg91CMFa6ybRoVGld45pIq2WWQ
+gj9sAq+uEjonljYE1x2igGOpm/HlurR8FLBOybEfdF849lHqm/osohHUqS0nGkWxr7JOcQ3AWEbW
+aQbLU8uz/mtBzUF+fUwPfHJ5elnNXkoOrJupmHN5fLT0zLm4BwyydFy4x2+IoZCn9Kr5v2c69BoV
+Yh63n749sSmvZ6ES8lgQGVMDMBu4Gon2nL2XA46jCfMdiyHxtN/kHNGfZQIG6lzWE7OE76KlXIx3
+KadowGuuQNKotOrN8I1LOJwZmhsoVLiJkO/KdYE+HvJkJMcYr07/R54H9jVlpNMKVv/1F2Rs76gi
+JUmTtt8AF9pYfl3uxRuw0dFfIRDH+fO6AgonB8Xx1sfT4PsJYGw=
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert112.pem b/test/rules/platform_certs/default/cert112.pem
new file mode 100644
index 000000000000..1254c66d4b3a
--- /dev/null
+++ b/test/rules/platform_certs/default/cert112.pem
@@ -0,0 +1,11 @@
+Amazon Root CA 3
+-----BEGIN CERTIFICATE-----
+MIIBtjCCAVugAwIBAgITBmyf1XSXNmY/Owua2eiedgPySjAKBggqhkjOPQQDAjA5MQswCQYDVQQG
+EwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24gUm9vdCBDQSAzMB4XDTE1MDUy
+NjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTELMAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZ
+MBcGA1UEAxMQQW1hem9uIFJvb3QgQ0EgMzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABCmXp8ZB
+f8ANm+gBG1bG8lKlui2yEujSLtf6ycXYqm0fc4E7O5hrOXwzpcVOho6AF2hiRVd9RFgdszflZwjr
+Zt6jQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBSrttvXBp43
+rDCGB5Fwx5zEGbF4wDAKBggqhkjOPQQDAgNJADBGAiEA4IWSoxe3jfkrBqWTrBqYaGFy+uGh0Psc
+eGCmQ5nFuMQCIQCcAu/xlJyzlvnrxir4tiz+OpAUFteMYyRIHN8wfdVoOw==
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert113.pem b/test/rules/platform_certs/default/cert113.pem
new file mode 100644
index 000000000000..5473fcd441b4
--- /dev/null
+++ b/test/rules/platform_certs/default/cert113.pem
@@ -0,0 +1,12 @@
+Amazon Root CA 4
+-----BEGIN CERTIFICATE-----
+MIIB8jCCAXigAwIBAgITBmyf18G7EEwpQ+Vxe3ssyBrBDjAKBggqhkjOPQQDAzA5MQswCQYDVQQG
+EwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24gUm9vdCBDQSA0MB4XDTE1MDUy
+NjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTELMAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZ
+MBcGA1UEAxMQQW1hem9uIFJvb3QgQ0EgNDB2MBAGByqGSM49AgEGBSuBBAAiA2IABNKrijdPo1MN
+/sGKe0uoe0ZLY7Bi9i0b2whxIdIA6GO9mif78DluXeo9pcmBqqNbIJhFXRbb/egQbeOc4OO9X4Ri
+83BkM6DLJC9wuoihKqB1+IGuYgbEgds5bimwHvouXKNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
+HQ8BAf8EBAMCAYYwHQYDVR0OBBYEFNPsxzplbszh2naaVvuc84ZtV+WBMAoGCCqGSM49BAMDA2gA
+MGUCMDqLIfG9fhGt0O9Yli/W651+kI0rz2ZVwyzjKKlwCkcO8DdZEv8tmZQoTipPNU0zWgIxAOp1
+AE47xDqUEpHJWEadIRNyp4iciuRMStuW1KyLa2tJElMzrdfkviT8tQp21KW8EA==
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert114.pem b/test/rules/platform_certs/default/cert114.pem
new file mode 100644
index 000000000000..95096f8043a7
--- /dev/null
+++ b/test/rules/platform_certs/default/cert114.pem
@@ -0,0 +1,29 @@
+LuxTrust Global Root 2
+-----BEGIN CERTIFICATE-----
+MIIFwzCCA6ugAwIBAgIUCn6m30tEntpqJIWe5rgV0xZ/u7EwDQYJKoZIhvcNAQELBQAwRjELMAkG
+A1UEBhMCTFUxFjAUBgNVBAoMDUx1eFRydXN0IFMuQS4xHzAdBgNVBAMMFkx1eFRydXN0IEdsb2Jh
+bCBSb290IDIwHhcNMTUwMzA1MTMyMTU3WhcNMzUwMzA1MTMyMTU3WjBGMQswCQYDVQQGEwJMVTEW
+MBQGA1UECgwNTHV4VHJ1c3QgUy5BLjEfMB0GA1UEAwwWTHV4VHJ1c3QgR2xvYmFsIFJvb3QgMjCC
+AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANeFl78RmOnwYoNMPIf5U2o3C/IPPIfOb9wm
+Kb3FibrJgz337spbxm1Jc7TJRqMbNBM/wYlFV/TZsfs2ZUv7COJIcRHIbjuend+JZTemhfY7RBi2
+xjcwYkSSl2l9QjAk5A0MiWtj3sXh306pFGxT4GHO9hcvHTy95iJMHZP1EMShduxq3sVs35a0VkBC
+wGKSMKEtFZSg0iAGCW5qbeXrt77U8PEVfIvmTroTzEsnXpk8F12PgX8zPU/TPxvsXD/wPEx1bvKm
+1Z3aLQdjAsZy6ZS8TEmVT4hSyNvoaYL4zDRbIvCGp4m9SAptZoFtyMhk+wHh9OHe2Z7d21vUKpkm
+FRseTJIpgp7VkoGSQXAZ96Tlk0u8d2cx3Rz9MXANF5kM+Qw5GSoXtTBxVdUPrljhPS80m8+f9niF
+wpN6cj5mj5wWEWCPnolvZ77gR1o7DJpni89Gxq44o/KnvObWhWszJHAiS8sIm7vI+AIpHb4gDEa/
+a4ebsypmQjVGbKq6rfmYe+lQVRQxv7HaLe2ArWgk+2mr2HETMOZns4dA/Yl+8kPREd8vZS9kzl8U
+ubG/Mb2HeFpZZYiq/FkySIbWTLkpS5XTdvN3JW1CHDiDTf2jX5t/Lax5Gw5CMZdjpPuKadUiDTSQ
+MC6otOBttpSsvItO13D8xTiOZCXhTTmQzsmHhFhxAgMBAAGjgagwgaUwDwYDVR0TAQH/BAUwAwEB
+/zBCBgNVHSAEOzA5MDcGByuBKwEBAQowLDAqBggrBgEFBQcCARYeaHR0cHM6Ly9yZXBvc2l0b3J5
+Lmx1eHRydXN0Lmx1MA4GA1UdDwEB/wQEAwIBBjAfBgNVHSMEGDAWgBT/GCh2+UgFLKGu8SsbK7JT
++Et8szAdBgNVHQ4EFgQU/xgodvlIBSyhrvErGyuyU/hLfLMwDQYJKoZIhvcNAQELBQADggIBAGoZ
+FO1uecEsh9QNcH7X9njJCwROxLHOk3D+sFTAMs2ZMGQXvw/l4jP9BzZAcg4atmpZ1gDlaCDdLnIN
+H2pkMSCEfUmmWjfrRcmF9dTHF5kH5ptV5AzoqbTOjFu1EVzPig4N1qx3gf4ynCSecs5U89BvolbW
+7MM3LGVYvlcAGvI1+ut7MV3CwRI9loGIlonBWVx65n9wNOeD4rHh4bhY79SV5GCc8JaXcozrhAIu
+ZY+kt9J/Z93I055cqqmkoCUUBpvsT34tC38ddfEz2O3OuHVtPlu5mB0xDVbYQw8wkbIEa91WvpWA
+VWe+2M2D2RjuLg+GLZKecBPs3lHJQ3gCpU3I+V/EkVhGFndadKpAvAefMLmx9xIX3eP/JEAdemrR
+TxgKqpAd60Ae36EeRJIQmvKN4dFLRp7oRUKX6kWZ8+xm1QL68qZKJKrezrnK+T+Tb/mjuuqlPpmt
+/f97mfVl7vBZKGfXkJWkE4SphMHozs51k2MavDzq1WQfLSoSOcbDWjLtR5EWDrw4wVDej8oqkDQc
+7kGUnF4ZLvhFSZl0kbAEb+MEWrGrKqv+x9CWttrhSmQGbmBNvUJO/3jaJMobtNeWOWyu8Q6qp31I
+iyBMz2TWuJdGsE7RKlY6oJO9r4Ak4Ap+58rVyuiFVdw2KuGUaJPHZnJED4AhMmwlxyOAgwrr
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert115.pem b/test/rules/platform_certs/default/cert115.pem
new file mode 100644
index 000000000000..94a5b2da68f3
--- /dev/null
+++ b/test/rules/platform_certs/default/cert115.pem
@@ -0,0 +1,23 @@
+TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1
+-----BEGIN CERTIFICATE-----
+MIIEYzCCA0ugAwIBAgIBATANBgkqhkiG9w0BAQsFADCB0jELMAkGA1UEBhMCVFIxGDAWBgNVBAcT
+D0dlYnplIC0gS29jYWVsaTFCMEAGA1UEChM5VHVya2l5ZSBCaWxpbXNlbCB2ZSBUZWtub2xvamlr
+IEFyYXN0aXJtYSBLdXJ1bXUgLSBUVUJJVEFLMS0wKwYDVQQLEyRLYW11IFNlcnRpZmlrYXN5b24g
+TWVya2V6aSAtIEthbXUgU00xNjA0BgNVBAMTLVRVQklUQUsgS2FtdSBTTSBTU0wgS29rIFNlcnRp
+ZmlrYXNpIC0gU3VydW0gMTAeFw0xMzExMjUwODI1NTVaFw00MzEwMjUwODI1NTVaMIHSMQswCQYD
+VQQGEwJUUjEYMBYGA1UEBxMPR2ViemUgLSBLb2NhZWxpMUIwQAYDVQQKEzlUdXJraXllIEJpbGlt
+c2VsIHZlIFRla25vbG9qaWsgQXJhc3Rpcm1hIEt1cnVtdSAtIFRVQklUQUsxLTArBgNVBAsTJEth
+bXUgU2VydGlmaWthc3lvbiBNZXJrZXppIC0gS2FtdSBTTTE2MDQGA1UEAxMtVFVCSVRBSyBLYW11
+IFNNIFNTTCBLb2sgU2VydGlmaWthc2kgLSBTdXJ1bSAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAr3UwM6q7a9OZLBI3hNmNe5eA027n/5tQlT6QlVZC1xl8JoSNkvoBHToP4mQ4t4y8
+6Ij5iySrLqP1N+RAjhgleYN1Hzv/bKjFxlb4tO2KRKOrbEz8HdDc72i9z+SqzvBV96I01INrN3wc
+wv61A+xXzry0tcXtAA9TNypN9E8Mg/uGz8v+jE69h/mniyFXnHrfA2eJLJ2XYacQuFWQfw4tJzh0
+3+f92k4S400VIgLI4OD8D62K18lUUMw7D8oWgITQUVbDjlZ/iSIzL+aFCr2lqBs23tPcLG07xxO9
+WSMs5uWk99gL7eqQQESolbuT1dCANLZGeA4fAJNG4e7p+exPFwIDAQABo0IwQDAdBgNVHQ4EFgQU
+ZT/HiobGPN08VFw1+DrtUgxHV8gwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJ
+KoZIhvcNAQELBQADggEBACo/4fEyjq7hmFxLXs9rHmoJ0iKpEsdeV31zVmSAhHqT5Am5EM2fKifh
+AHe+SMg1qIGf5LgsyX8OsNJLN13qudULXjS99HMpw+0mFZx+CFOKWI3QSyjfwbPfIPP54+M638yc
+lNhOT8NrF7f3cuitZjO1JVOr4PhMqZ398g26rrnZqsZr+ZO7rqu4lzwDGrpDxpa5RXI4s6ehlj2R
+e37AIVNMh+3yC1SVUZPVIqUNivGTDj5UDrDYyU7c8jEyVupk+eq1nRZmQnLzf9OxMUP8pI4X8W0j
+q5Rm+K37DwhuJi1/FwcJsoz7UMCflo3Ptv0AnVoUmr8CRPXBwp8iXqIPoeM=
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert116.pem b/test/rules/platform_certs/default/cert116.pem
new file mode 100644
index 000000000000..ecb51c9a3077
--- /dev/null
+++ b/test/rules/platform_certs/default/cert116.pem
@@ -0,0 +1,28 @@
+GDCA TrustAUTH R5 ROOT
+-----BEGIN CERTIFICATE-----
+MIIFiDCCA3CgAwIBAgIIfQmX/vBH6nowDQYJKoZIhvcNAQELBQAwYjELMAkGA1UEBhMCQ04xMjAw
+BgNVBAoMKUdVQU5HIERPTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZIENPLixMVEQuMR8wHQYDVQQD
+DBZHRENBIFRydXN0QVVUSCBSNSBST09UMB4XDTE0MTEyNjA1MTMxNVoXDTQwMTIzMTE1NTk1OVow
+YjELMAkGA1UEBhMCQ04xMjAwBgNVBAoMKUdVQU5HIERPTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZ
+IENPLixMVEQuMR8wHQYDVQQDDBZHRENBIFRydXN0QVVUSCBSNSBST09UMIICIjANBgkqhkiG9w0B
+AQEFAAOCAg8AMIICCgKCAgEA2aMW8Mh0dHeb7zMNOwZ+Vfy1YI92hhJCfVZmPoiC7XJjDp6L3TQs
+AlFRwxn9WVSEyfFrs0yw6ehGXTjGoqcuEVe6ghWinI9tsJlKCvLriXBjTnnEt1u9ol2x8kECK62p
+OqPseQrsXzrj/e+APK00mxqriCZ7VqKChh/rNYmDf1+uKU49tm7srsHwJ5uu4/Ts765/94Y9cnrr
+pftZTqfrlYwiOXnhLQiPzLyRuEH3FMEjqcOtmkVEs7LXLM3GKeJQEK5cy4KOFxg2fZfmiJqwTTQJ
+9Cy5WmYqsBebnh52nUpmMUHfP/vFBu8btn4aRjb3ZGM74zkYI+dndRTVdVeSN72+ahsmUPI2JgaQ
+xXABZG12ZuGR224HwGGALrIuL4xwp9E7PLOR5G62xDtw8mySlwnNR30YwPO7ng/Wi64HtloPzgsM
+R6flPri9fcebNaBhlzpBdRfMK5Z3KpIhHtmVdiBnaM8Nvd/WHwlqmuLMc3GkL30SgLdTMEZeS1SZ
+D2fJpcjyIMGC7J0R38IC+xo70e0gmu9lZJIQDSri3nDxGGeCjGHeuLzRL5z7D9Ar7Rt2ueQ5Vfj4
+oR24qoAATILnsn8JuLwwoC8N9VKejveSswoAHQBUlwbgsQfZxw9cZX08bVlX5O2ljelAU58VS6Bx
+9hoh49pwBiFYFIeFd3mqgnkCAwEAAaNCMEAwHQYDVR0OBBYEFOLJQJ9NzuiaoXzPDj9lxSmIahlR
+MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQDRSVfg
+p8xoWLoBDysZzY2wYUWsEe1jUGn4H3++Fo/9nesLqjJHdtJnJO29fDMylyrHBYZmDRd9FBUb1Ov9
+H5r2XpdptxolpAqzkT9fNqyL7FeoPueBihhXOYV0GkLH6VsTX4/5COmSdI31R9KrO9b7eGZONn35
+6ZLpBN79SWP8bfsUcZNnL0dKt7n/HipzcEYwv1ryL3ml4Y0M2fmyYzeMN2WFcGpcWwlyua1jPLHd
++PwyvzeG5LuOmCd+uh8W4XAR8gPfJWIyJyYYMoSf/wA6E7qaTfRPuBRwIrHKK5DOKcFw9C+df/KQ
+HtZa37dG/OaG+svgIHZ6uqbL9XzeYqWxi+7egmaKTjowHz+Ay60nugxe19CxVsp3cbK1daFQqUBD
+F8Io2c9Si1vIY9RCPqAzekYu9wogRlR+ak8x8YF+QnQ4ZXMn7sZ8uI7XpTrXmKGcjBBV09tL7ECQ
+8s1uV9JiDnxXk7Gnbc2dg7sq5+W2O3FYrf3RRbxake5TFW/TRQl1brqQXR4EzzffHqhmsYzmIGrv
+/EhOdJhCrylvLmrH+33RZjEizIYAfmaDDEL0vTSSwxrqT8p+ck0LcIymSLumoRT2+1hEmRSuqguT
+aaApJUqlyyvdimYHFngVV3Eb7PVHhPOeMTd61X8kreS8/f3MboPoDKi3QWwH3b08hpcv0g==
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert117.pem b/test/rules/platform_certs/default/cert117.pem
new file mode 100644
index 000000000000..20b597bbe847
--- /dev/null
+++ b/test/rules/platform_certs/default/cert117.pem
@@ -0,0 +1,22 @@
+TrustCor RootCert CA-1
+-----BEGIN CERTIFICATE-----
+MIIEMDCCAxigAwIBAgIJANqb7HHzA7AZMA0GCSqGSIb3DQEBCwUAMIGkMQswCQYDVQQGEwJQQTEP
+MA0GA1UECAwGUGFuYW1hMRQwEgYDVQQHDAtQYW5hbWEgQ2l0eTEkMCIGA1UECgwbVHJ1c3RDb3Ig
+U3lzdGVtcyBTLiBkZSBSLkwuMScwJQYDVQQLDB5UcnVzdENvciBDZXJ0aWZpY2F0ZSBBdXRob3Jp
+dHkxHzAdBgNVBAMMFlRydXN0Q29yIFJvb3RDZXJ0IENBLTEwHhcNMTYwMjA0MTIzMjE2WhcNMjkx
+MjMxMTcyMzE2WjCBpDELMAkGA1UEBhMCUEExDzANBgNVBAgMBlBhbmFtYTEUMBIGA1UEBwwLUGFu
+YW1hIENpdHkxJDAiBgNVBAoMG1RydXN0Q29yIFN5c3RlbXMgUy4gZGUgUi5MLjEnMCUGA1UECwwe
+VHJ1c3RDb3IgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MR8wHQYDVQQDDBZUcnVzdENvciBSb290Q2Vy
+dCBDQS0xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv463leLCJhJrMxnHQFgKq1mq
+jQCj/IDHUHuO1CAmujIS2CNUSSUQIpidRtLByZ5OGy4sDjjzGiVoHKZaBeYei0i/mJZ0PmnK6bV4
+pQa81QBeCQryJ3pS/C3Vseq0iWEk8xoT26nPUu0MJLq5nux+AHT6k61sKZKuUbS701e/s/OojZz0
+JEsq1pme9J7+wH5COucLlVPat2gOkEz7cD+PSiyU8ybdY2mplNgQTsVHCJCZGxdNuWxu72CVEY4h
+gLW9oHPY0LJ3xEXqWib7ZnZ2+AYfYW0PVcWDtxBWcgYHpfOxGgMFZA6dWorWhnAbJN7+KIor0Gqw
+/Hqi3LJ5DotlDwIDAQABo2MwYTAdBgNVHQ4EFgQU7mtJPHo/DeOxCbeKyKsZn3MzUOcwHwYDVR0j
+BBgwFoAU7mtJPHo/DeOxCbeKyKsZn3MzUOcwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC
+AYYwDQYJKoZIhvcNAQELBQADggEBACUY1JGPE+6PHh0RU9otRCkZoB5rMZ5NDp6tPVxBb5UrJKF5
+mDo4Nvu7Zp5I/5CQ7z3UuJu0h3U/IJvOcs+hVcFNZKIZBqEHMwwLKeXx6quj7LUKdJDHfXLy11yf
+ke+Ri7fc7Waiz45mO7yfOgLgJ90WmMCV1Aqk5IGadZQ1nJBfiDcGrVmVCrDRZ9MZyonnMlo2HD6C
+qFqTvsbQZJG2z9m2GM/bftJlo6bEjhcxwft+dtvTheNYsnd6djtsL1Ac59v2Z3kf9YKVmgenFK+P
+3CghZwnS1k1aHBkcjndcw5QkPTJrS37UeJSDvjdNzl/HHk484IkzlQsPpTLWPFp5LBk=
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert118.pem b/test/rules/platform_certs/default/cert118.pem
new file mode 100644
index 000000000000..8bf6d29369df
--- /dev/null
+++ b/test/rules/platform_certs/default/cert118.pem
@@ -0,0 +1,31 @@
+TrustCor RootCert CA-2
+-----BEGIN CERTIFICATE-----
+MIIGLzCCBBegAwIBAgIIJaHfyjPLWQIwDQYJKoZIhvcNAQELBQAwgaQxCzAJBgNVBAYTAlBBMQ8w
+DQYDVQQIDAZQYW5hbWExFDASBgNVBAcMC1BhbmFtYSBDaXR5MSQwIgYDVQQKDBtUcnVzdENvciBT
+eXN0ZW1zIFMuIGRlIFIuTC4xJzAlBgNVBAsMHlRydXN0Q29yIENlcnRpZmljYXRlIEF1dGhvcml0
+eTEfMB0GA1UEAwwWVHJ1c3RDb3IgUm9vdENlcnQgQ0EtMjAeFw0xNjAyMDQxMjMyMjNaFw0zNDEy
+MzExNzI2MzlaMIGkMQswCQYDVQQGEwJQQTEPMA0GA1UECAwGUGFuYW1hMRQwEgYDVQQHDAtQYW5h
+bWEgQ2l0eTEkMCIGA1UECgwbVHJ1c3RDb3IgU3lzdGVtcyBTLiBkZSBSLkwuMScwJQYDVQQLDB5U
+cnVzdENvciBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxHzAdBgNVBAMMFlRydXN0Q29yIFJvb3RDZXJ0
+IENBLTIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCnIG7CKqJiJJWQdsg4foDSq8Gb
+ZQWU9MEKENUCrO2fk8eHyLAnK0IMPQo+QVqedd2NyuCb7GgypGmSaIwLgQ5WoD4a3SwlFIIvl9Nk
+RvRUqdw6VC0xK5mC8tkq1+9xALgxpL56JAfDQiDyitSSBBtlVkxs1Pu2YVpHI7TYabS3OtB0PAx1
+oYxOdqHp2yqlO/rOsP9+aij9JxzIsekp8VduZLTQwRVtDr4uDkbIXvRR/u8OYzo7cbrPb1nKDOOb
+XUm4TOJXsZiKQlecdu/vvdFoqNL0Cbt3Nb4lggjEFixEIFapRBF37120Hapeaz6LMvYHL1cEksr1
+/p3C6eizjkxLAjHZ5DxIgif3GIJ2SDpxsROhOdUuxTTCHWKF3wP+TfSvPd9cW436cOGlfifHhi5q
+jxLGhF5DUVCcGZt45vz27Ud+ez1m7xMTiF88oWP7+ayHNZ/zgp6kPwqcMWmLmaSISo5uZk3vFsQP
+eSghYA2FFn3XVDjxklb9tTNMg9zXEJ9L/cb4Qr26fHMC4P99zVvh1Kxhe1fVSntb1IVYJ12/+Ctg
+rKAmrhQhJ8Z3mjOAPF5GP/fDsaOGM8boXg25NSyqRsGFAnWAoOsk+xWq5Gd/bnc/9ASKL3x74xdh
+8N0JqSDIvgmk0H5Ew7IwSjiqqewYmgeCK9u4nBit2uBGF6zPXQIDAQABo2MwYTAdBgNVHQ4EFgQU
+2f4hQG6UnrybPZx9mCAZ5YwwYrIwHwYDVR0jBBgwFoAU2f4hQG6UnrybPZx9mCAZ5YwwYrIwDwYD
+VR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQADggIBAJ5Fngw7tu/h
+Osh80QA9z+LqBrWyOrsGS2h60COXdKcs8AjYeVrXWoSK2BKaG9l9XE1wxaX5q+WjiYndAfrs3fnp
+kpfbsEZC89NiqpX+MWcUaViQCqoL7jcjx1BRtPV+nuN79+TMQjItSQzL/0kMmx40/W5ulop5A7Zv
+2wnL/V9lFDfhOPXzYRZY5LVtDQsEGz9QLX+zx3oaFoBg+Iof6Rsqxvm6ARppv9JYx1RXCI/hOWB3
+S6xZhBqI8d3LT3jX5+EzLfzuQfogsL7L9ziUwOHQhQ+77Sxzq+3+knYaZH9bDTMJBzN7Bj8RpFxw
+PIXAz+OQqIN3+tvmxYxoZxBnpVIt8MSZj3+/0WvitUfW2dCFmU2Umw9Lje4AWkcdEQOsQRivh7dv
+DDqPys/cA8GiCcjl/YBeyGBCARsaU1q7N6a3vLqE6R5sGtRk2tRD/pOLS/IseRYQ1JMLiI+h2IYU
+RpFHmygk71dSTlxCnKr3Sewn6EAes6aJInKc9Q0ztFijMDvd1GpUk74aTfOTlPf8hAs/hCBcNANE
+xdqtvArBAs8e5ZTZ845b2EzwnexhF7sUMlQMAimTHpKG9n/v55IFDlndmQguLvqcAFLTxWYp5KeX
+RKQOKIETNcX2b2TmQcTVL8w0RSXPQQCWPUouwpaYT05KnJe32x+SMsj/D1Fu1uwJ
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert119.pem b/test/rules/platform_certs/default/cert119.pem
new file mode 100644
index 000000000000..ca5310bb3093
--- /dev/null
+++ b/test/rules/platform_certs/default/cert119.pem
@@ -0,0 +1,22 @@
+TrustCor ECA-1
+-----BEGIN CERTIFICATE-----
+MIIEIDCCAwigAwIBAgIJAISCLF8cYtBAMA0GCSqGSIb3DQEBCwUAMIGcMQswCQYDVQQGEwJQQTEP
+MA0GA1UECAwGUGFuYW1hMRQwEgYDVQQHDAtQYW5hbWEgQ2l0eTEkMCIGA1UECgwbVHJ1c3RDb3Ig
+U3lzdGVtcyBTLiBkZSBSLkwuMScwJQYDVQQLDB5UcnVzdENvciBDZXJ0aWZpY2F0ZSBBdXRob3Jp
+dHkxFzAVBgNVBAMMDlRydXN0Q29yIEVDQS0xMB4XDTE2MDIwNDEyMzIzM1oXDTI5MTIzMTE3Mjgw
+N1owgZwxCzAJBgNVBAYTAlBBMQ8wDQYDVQQIDAZQYW5hbWExFDASBgNVBAcMC1BhbmFtYSBDaXR5
+MSQwIgYDVQQKDBtUcnVzdENvciBTeXN0ZW1zIFMuIGRlIFIuTC4xJzAlBgNVBAsMHlRydXN0Q29y
+IENlcnRpZmljYXRlIEF1dGhvcml0eTEXMBUGA1UEAwwOVHJ1c3RDb3IgRUNBLTEwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPj+ARtZ+odnbb3w9U73NjKYKtR8aja+3+XzP4Q1HpGjOR
+MRegdMTUpwHmspI+ap3tDvl0mEDTPwOABoJA6LHip1GnHYMma6ve+heRK9jGrB6xnhkB1Zem6g23
+xFUfJ3zSCNV2HykVh0A53ThFEXXQmqc04L/NyFIduUd+Dbi7xgz2c1cWWn5DkR9VOsZtRASqnKmc
+p0yJF4OuowReUoCLHhIlERnXDH19MURB6tuvsBzvgdAsxZohmz3tQjtQJvLsznFhBmIhVE5/wZ0+
+fyCMgMsq2JdiyIMzkX2woloPV+g7zPIlstR8L+xNxqE6FXrntl019fZISjZFZtS6mFjBAgMBAAGj
+YzBhMB0GA1UdDgQWBBREnkj1zG1I1KBLf/5ZJC+Dl5mahjAfBgNVHSMEGDAWgBREnkj1zG1I1KBL
+f/5ZJC+Dl5mahjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsF
+AAOCAQEABT41XBVwm8nHc2FvcivUwo/yQ10CzsSUuZQRg2dd4mdsdXa/uwyqNsatR5Nj3B5+1t4u
+/ukZMjgDfxT2AHMsWbEhBuH7rBiVDKP/mZb3Kyeb1STMHd3BOuCYRLDE5D53sXOpZCz2HAF8P11F
+hcCF5yWPldwX8zyfGm6wyuMdKulMY/okYWLW2n62HGz1Ah3UKt1VkOsqEUc8Ll50soIipX1TH0Xs
+J5F95yIW6MBoNtjG8U+ARDL54dHRHareqKucBK+tIA5kmE2la8BIWJZpTdwHjFGTot+fDz2LYLSC
+jaoITmJF4PkL0uDgPFveXHEnJcLmA4GLEFPjx1WitJ/X5g==
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert120.pem b/test/rules/platform_certs/default/cert120.pem
new file mode 100644
index 000000000000..333c225c5d8e
--- /dev/null
+++ b/test/rules/platform_certs/default/cert120.pem
@@ -0,0 +1,30 @@
+SSL.com Root Certification Authority RSA
+-----BEGIN CERTIFICATE-----
+MIIF3TCCA8WgAwIBAgIIeyyb0xaAMpkwDQYJKoZIhvcNAQELBQAwfDELMAkGA1UEBhMCVVMxDjAM
+BgNVBAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQKDA9TU0wgQ29ycG9yYXRpb24x
+MTAvBgNVBAMMKFNTTC5jb20gUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSBSU0EwHhcNMTYw
+MjEyMTczOTM5WhcNNDEwMjEyMTczOTM5WjB8MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMx
+EDAOBgNVBAcMB0hvdXN0b24xGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjExMC8GA1UEAwwoU1NM
+LmNvbSBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IFJTQTCCAiIwDQYJKoZIhvcNAQEBBQAD
+ggIPADCCAgoCggIBAPkP3aMrfcvQKv7sZ4Wm5y4bunfh4/WvpOz6Sl2RxFdHaxh3a3by/ZPkPQ/C
+Fp4LZsNWlJ4Xg4XOVu/yFv0AYvUiCVToZRdOQbngT0aXqhvIuG5iXmmxX9sqAn78bMrzQdjt0Oj8
+P2FI7bADFB0QDksZ4LtO7IZl/zbzXmcCC52GVWH9ejjt/uIZALdvoVBidXQ8oPrIJZK0bnoix/ge
+oeOy3ZExqysdBP+lSgQ36YWkMyv94tZVNHwZpEpox7Ko07fKoZOI68GXvIz5HdkihCR0xwQ9aqkp
+k8zruFvh/l8lqjRYyMEjVJ0bmBHDOJx+PYZspQ9AhnwC9FwCTyjLrnGfDzrIM/4RJTXq/LrFYD3Z
+fBjVsqnTdXgDciLKOsMf7yzlLqn6niy2UUb9rwPW6mBo6oUWNmuF6R7As93EJNyAKoFBbZQ+yODJ
+gUEAnl6/f8UImKIYLEJAs/lvOCdLToD0PYFH4Ih86hzOtXVcUS4cK38acijnALXRdMbX5J+tB5O2
+UzU1/Dfkw/ZdFr4hc96SCvigY2q8lpJqPvi8ZVWb3vUNiSYE/CUapiVpy8JtynziWV+XrOvvLsi8
+1xtZPCvM8hnIk2snYxnP/Okm+Mpxm3+T/jRnhE6Z6/yzeAkzcLpmpnbtG3PrGqUNxCITIJRWCk4s
+bE6x/c+cCbqiM+2HAgMBAAGjYzBhMB0GA1UdDgQWBBTdBAkHovV6fVJTEpKV7jiAJQ2mWTAPBgNV
+HRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFN0ECQei9Xp9UlMSkpXuOIAlDaZZMA4GA1UdDwEB/wQE
+AwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAIBgRlCn7Jp0cHh5wYfGVcpNxJK1ok1iOMq8bs3AD/CUr
+dIWQPXhq9LmLpZc7tRiRux6n+UBbkflVma8eEdBcHadm47GUBwwyOabqG7B52B2ccETjit3E+ZUf
+ijhDPwGFpUenPUayvOUiaPd7nNgsPgohyC0zrL/FgZkxdMF1ccW+sfAjRfSda/wZY52jvATGGAsl
+u1OJD7OAUN5F7kR/q5R4ZJjT9ijdh9hwZXT7DrkT66cPYakylszeu+1jTBi7qUD3oFRuIIhxdRjq
+erQ0cuAjJ3dctpDqhiVAq+8zD8ufgr6iIPv2tS0a5sKFsXQP+8hlAqRSAUfdSSLBv9jra6x+3uxj
+MxW3IwiPxg+NQVrdjsW5j+VFP3jbutIbQLH+cU0/4IGiul607BXgk90IH37hVZkLId6Tngr75qNJ
+vTYw/ud3sqB1l7UtgYgXZSD32pAAn8lSzDLKNXz1PQ/YK9f1JmzJBjSWFupwWRoyeXkLtoh/D1JI
+Pb9s2KJELtFOt3JY04kTlf5Eq/jXixtunLwsoFvVagCvXzfh1foQC5ichucmj87w7G6KVwuA406y
+wKBjYZC6VWg3dGq2ktufoYYitmUnDuy2n0Jg5GfCtdpBC8TTi2EbvPofkSvXRAdeuims2cXp71NI
+WuuA8ShYIc2wBlX7Jz9TkHCpBB5XJ7k=
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert121.pem b/test/rules/platform_certs/default/cert121.pem
new file mode 100644
index 000000000000..682d48f6dca1
--- /dev/null
+++ b/test/rules/platform_certs/default/cert121.pem
@@ -0,0 +1,15 @@
+SSL.com Root Certification Authority ECC
+-----BEGIN CERTIFICATE-----
+MIICjTCCAhSgAwIBAgIIdebfy8FoW6gwCgYIKoZIzj0EAwIwfDELMAkGA1UEBhMCVVMxDjAMBgNV
+BAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQKDA9TU0wgQ29ycG9yYXRpb24xMTAv
+BgNVBAMMKFNTTC5jb20gUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSBFQ0MwHhcNMTYwMjEy
+MTgxNDAzWhcNNDEwMjEyMTgxNDAzWjB8MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxEDAO
+BgNVBAcMB0hvdXN0b24xGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjExMC8GA1UEAwwoU1NMLmNv
+bSBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IEVDQzB2MBAGByqGSM49AgEGBSuBBAAiA2IA
+BEVuqVDEpiM2nl8ojRfLliJkP9x6jh3MCLOicSS6jkm5BBtHllirLZXI7Z4INcgn64mMU1jrYor+
+8FsPazFSY0E7ic3s7LaNGdM0B9y7xgZ/wkWV7Mt/qCPgCemB+vNH06NjMGEwHQYDVR0OBBYEFILR
+hXMw5zUE044CkvvlpNHEIejNMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUgtGFczDnNQTT
+jgKS++Wk0cQh6M0wDgYDVR0PAQH/BAQDAgGGMAoGCCqGSM49BAMCA2cAMGQCMG/n61kRpGDPYbCW
+e+0F+S8Tkdzt5fxQaxFGRrMcIQBiu77D5+jNB5n5DQtdcj7EqgIwH7y6C+IwJPt8bYBVCpk+gA0z
+5Wajs6O7pdWLjwkspl1+4vAHCGht0nxpbl/f5Wpl
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert122.pem b/test/rules/platform_certs/default/cert122.pem
new file mode 100644
index 000000000000..7ca1878bdb7e
--- /dev/null
+++ b/test/rules/platform_certs/default/cert122.pem
@@ -0,0 +1,30 @@
+SSL.com EV Root Certification Authority RSA R2
+-----BEGIN CERTIFICATE-----
+MIIF6zCCA9OgAwIBAgIIVrYpzTS8ePYwDQYJKoZIhvcNAQELBQAwgYIxCzAJBgNVBAYTAlVTMQ4w
+DAYDVQQIDAVUZXhhczEQMA4GA1UEBwwHSG91c3RvbjEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9u
+MTcwNQYDVQQDDC5TU0wuY29tIEVWIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgUlNBIFIy
+MB4XDTE3MDUzMTE4MTQzN1oXDTQyMDUzMDE4MTQzN1owgYIxCzAJBgNVBAYTAlVTMQ4wDAYDVQQI
+DAVUZXhhczEQMA4GA1UEBwwHSG91c3RvbjEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMTcwNQYD
+VQQDDC5TU0wuY29tIEVWIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgUlNBIFIyMIICIjAN
+BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAjzZlQOHWTcDXtOlG2mvqM0fNTPl9fb69LT3w23jh
+hqXZuglXaO1XPqDQCEGD5yhBJB/jchXQARr7XnAjssufOePPxU7Gkm0mxnu7s9onnQqG6YE3Bf7w
+cXHswxzpY6IXFJ3vG2fThVUCAtZJycxa4bH3bzKfydQ7iEGonL3Lq9ttewkfokxykNorCPzPPFTO
+Zw+oz12WGQvE43LrrdF9HSfvkusQv1vrO6/PgN3B0pYEW3p+pKk8OHakYo6gOV7qd89dAFmPZiw+
+B6KjBSYRaZfqhbcPlgtLyEDhULouisv3D5oi53+aNxPN8k0TayHRwMwi8qFG9kRpnMphNQcAb9Zh
+CBHqurj26bNg5U257J8UZslXWNvNh2n4ioYSA0e/ZhN2rHd9NCSFg83XqpyQGp8hLH94t2S42Oim
+9HizVcuE0jLEeK6jj2HdzghTreyI/BXkmg3mnxp3zkyPuBQVPWKchjgGAGYS5Fl2WlPAApiiECto
+RHuOec4zSnaqW4EWG7WK2NAAe15itAnWhmMOpgWVSbooi4iTsjQc2KRVbrcc0N6ZVTsj9CLg+Slm
+JuwgUHfbSguPvuUCYHBBXtSuUDkiFCbLsjtzdFVHB3mBOagwE0TlBIqulhMlQg+5U8Sb/M3kHN48
++qvWBkofZ6aYMBzdLNvcGJVXZsb/XItW9XcCAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAfBgNV
+HSMEGDAWgBT5YLvU49U09rj1BoAlp3PbRmmonjAdBgNVHQ4EFgQU+WC71OPVNPa49QaAJadz20Zp
+qJ4wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQBWs47LCp1Jjr+kxJG7ZhcFUZh1
+++VQLHqe8RT6q9OKPv+RKY9ji9i0qVQBDb6Thi/5Sm3HXvVX+cpVHBK+Rw82xd9qt9t1wkclf7nx
+Y/hoLVUE0fKNsKTPvDxeH3jnpaAgcLAExbf3cqfeIg29MyVGjGSSJuM+LmOW2puMPfgYCdcDzH2G
+guDKBAdRUNf/ktUM79qGn5nX67evaOI5JpS6aLe/g9Pqemc9YmeuJeVy6OLk7K4S9ksrPJ/psEDz
+OFSz/bdoyNrGj1E8svuR3Bznm53htw1yj+KkxKl4+esUrMZDBcJlOSgYAsOCsp0FvmXtll9ldDz7
+CTUue5wT/RsPXcdtgTpWD8w74a8CLyKsRspGPKAcTNZEtF4uXBVmCeEmKf7GUmG6sXP/wwyc5Wxq
+lD8UykAWlYTzWamsX0xhk23RO8yilQwipmdnRC652dKKQbNmC1r7fSOl8hqw/96bg5Qu0T/fkreR
+rwU7ZcegbLHNYhLDkBvjJc40vG93drEQw/cFGsDWr3RiSBd3kmmQYRzelYB0VI8YHMPzA9C/pEN1
+hlMYegouCRw2n5H9gooiS9EOUCXdywMMF8mDAAhONU2Ki+3wApRmLER/y5UnlhetCTCstnEXbosX
+9hwJ1C07mKVx01QT2WDz9UtmT/rx7iASjbSsV7FFY6GsdqnC+w==
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert123.pem b/test/rules/platform_certs/default/cert123.pem
new file mode 100644
index 000000000000..d6148cd711c0
--- /dev/null
+++ b/test/rules/platform_certs/default/cert123.pem
@@ -0,0 +1,15 @@
+SSL.com EV Root Certification Authority ECC
+-----BEGIN CERTIFICATE-----
+MIIClDCCAhqgAwIBAgIILCmcWxbtBZUwCgYIKoZIzj0EAwIwfzELMAkGA1UEBhMCVVMxDjAMBgNV
+BAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQKDA9TU0wgQ29ycG9yYXRpb24xNDAy
+BgNVBAMMK1NTTC5jb20gRVYgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSBFQ0MwHhcNMTYw
+MjEyMTgxNTIzWhcNNDEwMjEyMTgxNTIzWjB/MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMx
+EDAOBgNVBAcMB0hvdXN0b24xGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjE0MDIGA1UEAwwrU1NM
+LmNvbSBFViBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IEVDQzB2MBAGByqGSM49AgEGBSuB
+BAAiA2IABKoSR5CYG/vvw0AHgyBO8TCCogbR8pKGYfL2IWjKAMTH6kMAVIbc/R/fALhBYlzccBYy
+3h+Z1MzFB8gIH2EWB1E9fVwHU+M1OIzfzZ/ZLg1KthkuWnBaBu2+8KGwytAJKaNjMGEwHQYDVR0O
+BBYEFFvKXuXe0oGqzagtZFG22XKbl+ZPMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUW8pe
+5d7SgarNqC1kUbbZcpuX5k8wDgYDVR0PAQH/BAQDAgGGMAoGCCqGSM49BAMCA2gAMGUCMQCK5kCJ
+N+vp1RPZytRrJPOwPYdGWBrssd9v+1a6cGvHOMzosYxPD/fxZ3YOg9AeUY8CMD32IygmTMZgh5Mm
+m7I1HrrW9zzRHM76JTymGoEVW/MSD2zuZYrJh6j5B+BimoxcSg==
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert124.pem b/test/rules/platform_certs/default/cert124.pem
new file mode 100644
index 000000000000..d35f07211e31
--- /dev/null
+++ b/test/rules/platform_certs/default/cert124.pem
@@ -0,0 +1,28 @@
+GlobalSign Root CA - R6
+-----BEGIN CERTIFICATE-----
+MIIFgzCCA2ugAwIBAgIORea7A4Mzw4VlSOb/RVEwDQYJKoZIhvcNAQEMBQAwTDEgMB4GA1UECxMX
+R2xvYmFsU2lnbiBSb290IENBIC0gUjYxEzARBgNVBAoTCkdsb2JhbFNpZ24xEzARBgNVBAMTCkds
+b2JhbFNpZ24wHhcNMTQxMjEwMDAwMDAwWhcNMzQxMjEwMDAwMDAwWjBMMSAwHgYDVQQLExdHbG9i
+YWxTaWduIFJvb3QgQ0EgLSBSNjETMBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFs
+U2lnbjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJUH6HPKZvnsFMp7PPcNCPG0RQss
+grRIxutbPK6DuEGSMxSkb3/pKszGsIhrxbaJ0cay/xTOURQh7ErdG1rG1ofuTToVBu1kZguSgMpE
+3nOUTvOniX9PeGMIyBJQbUJmL025eShNUhqKGoC3GYEOfsSKvGRMIRxDaNc9PIrFsmbVkJq3MQbF
+vuJtMgamHvm566qjuL++gmNQ0PAYid/kD3n16qIfKtJwLnvnvJO7bVPiSHyMEAc4/2ayd2F+4OqM
+PKq0pPbzlUoSB239jLKJz9CgYXfIWHSw1CM69106yqLbnQneXUQtkPGBzVeS+n68UARjNN9rkxi+
+azayOeSsJDa38O+2HBNXk7besvjihbdzorg1qkXy4J02oW9UivFyVm4uiMVRQkQVlO6jxTiWm05O
+WgtH8wY2SXcwvHE35absIQh1/OZhFj931dmRl4QKbNQCTXTAFO39OfuD8l4UoQSwC+n+7o/hbguy
+CLNhZglqsQY6ZZZZwPA1/cnaKI0aEYdwgQqomnUdnjqGBQCe24DWJfncBZ4nWUx2OVvq+aWh2IMP
+0f/fMBH5hc8zSPXKbWQULHpYT9NLCEnFlWQaYw55PfWzjMpYrZxCRXluDocZXFSxZba/jJvcE+kN
+b7gu3GduyYsRtYQUigAZcIN5kZeR1BonvzceMgfYFGM8KEyvAgMBAAGjYzBhMA4GA1UdDwEB/wQE
+AwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSubAWjkxPioufi1xzWx/B/yGdToDAfBgNV
+HSMEGDAWgBSubAWjkxPioufi1xzWx/B/yGdToDANBgkqhkiG9w0BAQwFAAOCAgEAgyXt6NH9lVLN
+nsAEoJFp5lzQhN7craJP6Ed41mWYqVuoPId8AorRbrcWc+ZfwFSY1XS+wc3iEZGtIxg93eFyRJa0
+lV7Ae46ZeBZDE1ZXs6KzO7V33EByrKPrmzU+sQghoefEQzd5Mr6155wsTLxDKZmOMNOsIeDjHfrY
+BzN2VAAiKrlNIC5waNrlU/yDXNOd8v9EDERm8tLjvUYAGm0CuiVdjaExUd1URhxN25mW7xocBFym
+Fe944Hn+Xds+qkxV/ZoVqW/hpvvfcDDpw+5CRu3CkwWJ+n1jez/QcYF8AOiYrg54NMMl+68KnyBr
+3TsTjxKM4kEaSHpzoHdpx7Zcf4LIHv5YGygrqGytXm3ABdJ7t+uA/iU3/gKbaKxCXcPu9czc8FB1
+0jZpnOZ7BN9uBmm23goJSFmH63sUYHpkqmlD75HHTOwY3WzvUy2MmeFe8nI+z1TIvWfspA9MRf/T
+uTAjB0yPEL+GltmZWrSZVxykzLsViVO6LAUP5MSeGbEYNNVMnbrt9x+vJJUEeKgDu+6B5dpffItK
+oZB0JaezPkvILFa9x8jvOOJckvB595yEunQtYQEgfn7R8k8HWV+LLUNS60YMlOH1Zkd5d9VUWx+t
+JDfLRVpOoERIyNiwmcUVhAn21klJwGW45hpxbqCo8YLoRT5s1gLXCmeDBVrJpBA=
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert125.pem b/test/rules/platform_certs/default/cert125.pem
new file mode 100644
index 000000000000..53e930be20ca
--- /dev/null
+++ b/test/rules/platform_certs/default/cert125.pem
@@ -0,0 +1,14 @@
+OISTE WISeKey Global Root GC CA
+-----BEGIN CERTIFICATE-----
+MIICaTCCAe+gAwIBAgIQISpWDK7aDKtARb8roi066jAKBggqhkjOPQQDAzBtMQswCQYDVQQGEwJD
+SDEQMA4GA1UEChMHV0lTZUtleTEiMCAGA1UECxMZT0lTVEUgRm91bmRhdGlvbiBFbmRvcnNlZDEo
+MCYGA1UEAxMfT0lTVEUgV0lTZUtleSBHbG9iYWwgUm9vdCBHQyBDQTAeFw0xNzA1MDkwOTQ4MzRa
+Fw00MjA1MDkwOTU4MzNaMG0xCzAJBgNVBAYTAkNIMRAwDgYDVQQKEwdXSVNlS2V5MSIwIAYDVQQL
+ExlPSVNURSBGb3VuZGF0aW9uIEVuZG9yc2VkMSgwJgYDVQQDEx9PSVNURSBXSVNlS2V5IEdsb2Jh
+bCBSb290IEdDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAETOlQwMYPchi82PG6s4nieUqjFqdr
+VCTbUf/q9Akkwwsin8tqJ4KBDdLArzHkdIJuyiXZjHWd8dvQmqJLIX4Wp2OQ0jnUsYd4XxiWD1Ab
+NTcPasbc2RNNpI6QN+a9WzGRo1QwUjAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAd
+BgNVHQ4EFgQUSIcUrOPDnpBgOtfKie7TrYy0UGYwEAYJKwYBBAGCNxUBBAMCAQAwCgYIKoZIzj0E
+AwMDaAAwZQIwJsdpW9zV57LnyAyMjMPdeYwbY9XJUpROTYJKcx6ygISpJcBMWm1JKWB4E+J+SOtk
+AjEA2zQgMgj/mkkCtojeFK9dbJlxjRo/i9fgojaGHAeCOnZT/cKi7e97sIBPWA9LUzm9
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert126.pem b/test/rules/platform_certs/default/cert126.pem
new file mode 100644
index 000000000000..e3bdabc17ee2
--- /dev/null
+++ b/test/rules/platform_certs/default/cert126.pem
@@ -0,0 +1,28 @@
+GTS Root R1
+-----BEGIN CERTIFICATE-----
+MIIFWjCCA0KgAwIBAgIQbkepxUtHDA3sM9CJuRz04TANBgkqhkiG9w0BAQwFADBHMQswCQYDVQQG
+EwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJv
+b3QgUjEwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAwMDAwWjBHMQswCQYDVQQGEwJVUzEiMCAG
+A1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjEwggIi
+MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC2EQKLHuOhd5s73L+UPreVp0A8of2C+X0yBoJx
+9vaMf/vo27xqLpeXo4xL+Sv2sfnOhB2x+cWX3u+58qPpvBKJXqeqUqv4IyfLpLGcY9vXmX7wCl7r
+aKb0xlpHDU0QM+NOsROjyBhsS+z8CZDfnWQpJSMHobTSPS5g4M/SCYe7zUjwTcLCeoiKu7rPWRnW
+r4+wB7CeMfGCwcDfLqZtbBkOtdh+JhpFAz2weaSUKK0PfyblqAj+lug8aJRT7oM6iCsVlgmy4HqM
+LnXWnOunVmSPlk9orj2XwoSPwLxAwAtcvfaHszVsrBhQf4TgTM2S0yDpM7xSma8ytSmzJSq0SPly
+4cpk9+aCEI3oncKKiPo4Zor8Y/kB+Xj9e1x3+naH+uzfsQ55lVe0vSbv1gHR6xYKu44LtcXFilWr
+06zqkUspzBmkMiVOKvFlRNACzqrOSbTqn3yDsEB750Orp2yjj32JgfpMpf/VjsPOS+C12LOORc92
+wO1AK/1TD7Cn1TsNsYqiA94xrcx36m97PtbfkSIS5r762DL8EGMUUXLeXdYWk70paDPvOmbsB4om
+3xPXV2V4J95eSRQAogB/mqghtqmxlbCluQ0WEdrHbEg8QOB+DVrNVjzRlwW5y0vtOUucxD/SVRNu
+JLDWcfr0wbrM7Rv1/oFB2ACYPTrIrnqYNxgFlQIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYD
+VR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU5K8rJnEaK0gnhS9SZizv8IkTcT4wDQYJKoZIhvcNAQEM
+BQADggIBADiWCu49tJYeX++dnAsznyvgyv3SjgofQXSlfKqE1OXyHuY3UjKcC9FhHb8owbZEKTV1
+d5iyfNm9dKyKaOOpMQkpAWBz40d8U6iQSifvS9efk+eCNs6aaAyC58/UEBZvXw6ZXPYfcX3v73sv
+fuo21pdwCxXu11xWajOl40k4DLh9+42FpLFZXvRq4d2h9mREruZRgyFmxhE+885H7pwoHyXa/6xm
+ld01D1zvICxi/ZG6qcz8WpyTgYMpl0p8WnK0OdC3d8t5/Wk6kjftbjhlRn7pYL15iJdfOBL07q9b
+gsiG1eGZbYwE8na6SfZu6W0eX6DvJ4J2QPim01hcDyxC2kLGe4g0x8HYRZvBPsVhHdljUEn2NIVq
+4BjFbkerQUIpm/ZgDdIx02OYI5NaAIFItO/Nis3Jz5nu2Z6qNuFoS3FJFDYoOj0dzpqPJeaAcWEr
+tXvM+SUWgeExX6GjfhaknBZqlxi9dnKlC54dNuYvoS++cJEPqOba+MSSQGwlfnuzCdyyF62ARPBo
+pY+Udf90WuioAnwMCeKpSwughQtiue+hMZL77/ZRBIls6Kl0obsXs7X9SQ98POyDGCBDTtWTurQ0
+sR8WNh8M5mQ5Fkzc4P4dyKliPUDqysU0ArSuiYgzNdwsE3PYJ/HQcu51OyLemGhmW/HGY0dVHLql
+CFF1pkgl
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert127.pem b/test/rules/platform_certs/default/cert127.pem
new file mode 100644
index 000000000000..ee03650a975a
--- /dev/null
+++ b/test/rules/platform_certs/default/cert127.pem
@@ -0,0 +1,28 @@
+GTS Root R2
+-----BEGIN CERTIFICATE-----
+MIIFWjCCA0KgAwIBAgIQbkepxlqz5yDFMJo/aFLybzANBgkqhkiG9w0BAQwFADBHMQswCQYDVQQG
+EwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJv
+b3QgUjIwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAwMDAwWjBHMQswCQYDVQQGEwJVUzEiMCAG
+A1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjIwggIi
+MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDO3v2m++zsFDQ8BwZabFn3GTXd98GdVarTzTuk
+k3LvCvptnfbwhYBboUhSnznFt+4orO/LdmgUud+tAWyZH8QiHZ/+cnfgLFuv5AS/T3KgGjSY6Dlo
+7JUle3ah5mm5hRm9iYz+re026nO8/4Piy33B0s5Ks40FnotJk9/BW9BuXvAuMC6C/Pq8tBcKSOWI
+m8Wba96wyrQD8Nr0kLhlZPdcTK3ofmZemde4wj7I0BOdre7kRXuJVfeKH2JShBKzwkCX44ofR5Gm
+dFrS+LFjKBC4swm4VndAoiaYecb+3yXuPuWgf9RhD1FLPD+M2uFwdNjCaKH5wQzpoeJ/u1U8dgbu
+ak7MkogwTZq9TwtImoS1mKPV+3PBV2HdKFZ1E66HjucMUQkQdYhMvI35ezzUIkgfKtzra7tEscsz
+cTJGr61K8YzodDqs5xoic4DSMPclQsciOzsSrZYuxsN2B6ogtzVJV+mSSeh2FnIxZyuWfoqjx5RW
+Ir9qS34BIbIjMt/kmkRtWVtd9QCgHJvGeJeNkP+byKq0rxFROV7Z+2et1VsRnTKaG73Vululycsl
+aVNVJ1zgyjbLiGH7HrfQy+4W+9OmTN6SpdTi3/UGVN4unUu0kzCqgc7dGtxRcw1PcOnlthYhGXmy
+5okLdWTK1au8CcEYof/UVKGFPP0UJAOyh9OktwIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYD
+VR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUu//KjiOfT5nK2+JopqUVJxce2Q4wDQYJKoZIhvcNAQEM
+BQADggIBALZp8KZ3/p7uC4Gt4cCpx/k1HUCCq+YEtN/L9x0Pg/B+E02NjO7jMyLDOfxA325BS0JT
+vhaI8dI4XsRomRyYUpOM52jtG2pzegVATX9lO9ZY8c6DR2Dj/5epnGB3GFW1fgiTz9D2PGcDFWEJ
++YF59exTpJ/JjwGLc8R3dtyDovUMSRqodt6Sm2T4syzFJ9MHwAiApJiS4wGWAqoC7o87xdFtCjMw
+c3i5T1QWvwsHoaRc5svJXISPD+AVdyx+Jn7axEvbpxZ3B7DNdehyQtaVhJ2Gg/LkkM0JR9SLA3Da
+WsYDQvTtN6LwG1BUSw7YhN4ZKJmBR64JGz9I0cNv4rBgF/XuIwKl2gBbbZCr7qLpGzvpx0QnRY5r
+n/WkhLx3+WuXrD5RRaIRpsyF7gpo8j5QOHokYh4XIDdtak23CZvJ/KRY9bb7nE4Yu5UC56Gtmwfu
+Nmsk0jmGwZODUNKBRqhfYlcsu2xkiAhu7xNUX90txGdj08+JN7+dIPT7eoOboB6BAFDC5AwiWVIQ
+7UNWhwD4FFKnHYuTjKJNRn8nxnGbJN7k2oaLDX5rIMHAnuFl2GqjpuiFizoHCBy69Y9Vmhh1fuXs
+gWbRIXOhNUQLgD1bnF5vKheW0YMjiGZt5obicDIvUiLnyOd/xCxgXS/Dr55FBcOEArf9LAhST4Ld
+o/DUhgkC
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert128.pem b/test/rules/platform_certs/default/cert128.pem
new file mode 100644
index 000000000000..41e3202bf72c
--- /dev/null
+++ b/test/rules/platform_certs/default/cert128.pem
@@ -0,0 +1,13 @@
+GTS Root R3
+-----BEGIN CERTIFICATE-----
+MIICDDCCAZGgAwIBAgIQbkepx2ypcyRAiQ8DVd2NHTAKBggqhkjOPQQDAzBHMQswCQYDVQQGEwJV
+UzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3Qg
+UjMwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAwMDAwWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UE
+ChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjMwdjAQBgcq
+hkjOPQIBBgUrgQQAIgNiAAQfTzOHMymKoYTey8chWEGJ6ladK0uFxh1MJ7x/JlFyb+Kf1qPKzEUU
+Rout736GjOyxfi//qXGdGIRFBEFVbivqJn+7kAHjSxm65FSWRQmx1WyRRK2EE46ajA2ADDL24Cej
+QjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTB8Sa6oC2uhYHP
+0/EqEr24Cmf9vDAKBggqhkjOPQQDAwNpADBmAjEAgFukfCPAlaUs3L6JbyO5o91lAFJekazInXJ0
+glMLfalAvWhgxeG4VDvBNhcl2MG9AjEAnjWSdIUlUfUk7GRSJFClH9voy8l27OyCbvWFGFPouOOa
+KaqW04MjyaR7YbPMAuhd
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert129.pem b/test/rules/platform_certs/default/cert129.pem
new file mode 100644
index 000000000000..18d2d1950a27
--- /dev/null
+++ b/test/rules/platform_certs/default/cert129.pem
@@ -0,0 +1,13 @@
+GTS Root R4
+-----BEGIN CERTIFICATE-----
+MIICCjCCAZGgAwIBAgIQbkepyIuUtui7OyrYorLBmTAKBggqhkjOPQQDAzBHMQswCQYDVQQGEwJV
+UzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3Qg
+UjQwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAwMDAwWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UE
+ChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjQwdjAQBgcq
+hkjOPQIBBgUrgQQAIgNiAATzdHOnaItgrkO4NcWBMHtLSZ37wWHO5t5GvWvVYRg1rkDdc/eJkTBa
+6zzuhXyiQHY7qca4R9gq55KRanPpsXI5nymfopjTX15YhmUPoYRlBtHci8nHc8iMai/lxKvRHYqj
+QjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSATNbrdP9JNqPV
+2Py1PsVq8JQdjDAKBggqhkjOPQQDAwNnADBkAjBqUFJ0CMRw3J5QdCHojXohw0+WbhXRIjVhLfoI
+N+4Zba3bssx9BzT1YBkstTTZbyACMANxsbqjYAuG7ZoIapVon+Kz4ZNkfF6Tpt95LY2F45TPI11x
+zPKwTdb+mciUqXWi4w==
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert130.pem b/test/rules/platform_certs/default/cert130.pem
new file mode 100644
index 000000000000..0dacc520e53a
--- /dev/null
+++ b/test/rules/platform_certs/default/cert130.pem
@@ -0,0 +1,27 @@
+UCA Global G2 Root
+-----BEGIN CERTIFICATE-----
+MIIFRjCCAy6gAwIBAgIQXd+x2lqj7V2+WmUgZQOQ7zANBgkqhkiG9w0BAQsFADA9MQswCQYDVQQG
+EwJDTjERMA8GA1UECgwIVW5pVHJ1c3QxGzAZBgNVBAMMElVDQSBHbG9iYWwgRzIgUm9vdDAeFw0x
+NjAzMTEwMDAwMDBaFw00MDEyMzEwMDAwMDBaMD0xCzAJBgNVBAYTAkNOMREwDwYDVQQKDAhVbmlU
+cnVzdDEbMBkGA1UEAwwSVUNBIEdsb2JhbCBHMiBSb290MIICIjANBgkqhkiG9w0BAQEFAAOCAg8A
+MIICCgKCAgEAxeYrb3zvJgUno4Ek2m/LAfmZmqkywiKHYUGRO8vDaBsGxUypK8FnFyIdK+35KYmT
+oni9kmugow2ifsqTs6bRjDXVdfkX9s9FxeV67HeToI8jrg4aA3++1NDtLnurRiNb/yzmVHqUwCoV
+8MmNsHo7JOHXaOIxPAYzRrZUEaalLyJUKlgNAQLx+hVRZ2zA+te2G3/RVogvGjqNO7uCEeBHANBS
+h6v7hn4PJGtAnTRnvI3HLYZveT6OqTwXS3+wmeOwcWDcC/Vkw85DvG1xudLeJ1uK6NjGruFZfc8o
+LTW4lVYa8bJYS7cSN8h8s+1LgOGN+jIjtm+3SJUIsUROhYw6AlQgL9+/V087OpAh18EmNVQg7Mc/
+R+zvWr9LesGtOxdQXGLYD0tK3Cv6brxzks3sx1DoQZbXqX5t2Okdj4q1uViSukqSKwxW/YDrCPBe
+KW4bHAyvj5OJrdu9o54hyokZ7N+1wxrrFv54NkzWbtA+FxyQF2smuvt6L78RHBgOLXMDj6DlNaBa
+4kx1HXHhOThTeEDMg5PXCp6dW4+K5OXgSORIskfNTip1KnvyIvbJvgmRlld6iIis7nCs+dwp4wwc
+OxJORNanTrAmyPPZGpeRaOrvjUYG0lZFWJo8DA+DuAUlwznPO6Q0ibd5Ei9Hxeepl2n8pndntd97
+8XplFeRhVmUCAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0O
+BBYEFIHEjMz15DD/pQwIX4wVZyF0Ad/fMA0GCSqGSIb3DQEBCwUAA4ICAQATZSL1jiutROTL/7lo
+5sOASD0Ee/ojL3rtNtqyzm325p7lX1iPyzcyochltq44PTUbPrw7tgTQvPlJ9Zv3hcU2tsu8+Mg5
+1eRfB70VVJd0ysrtT7q6ZHafgbiERUlMjW+i67HM0cOU2kTC5uLqGOiiHycFutfl1qnN3e92mI0A
+Ds0b+gO3joBYDic/UvuUospeZcnWhNq5NXHzJsBPd+aBJ9J3O5oUb3n09tDh05S60FdRvScFDcH9
+yBIw7m+NESsIndTUv4BFFJqIRNow6rSn4+7vW4LVPtateJLbXDzz2K36uGt/xDYotgIVilQsnLAX
+c47QN6MUPJiVAAwpBVueSUmxX8fjy88nZY41F7dXyDDZQVu5FLbowg+UMaeUmMxq67XhJ/UQqAHo
+jhJi6IjMtX9Gl8CbEGY4GjZGXyJoPd/JxhMnq1MGrKI8hgZlb7F+sSlEmqO6SWkoaY/X5V+tBIZk
+bxqgDMUIYs6Ao9Dz7GjevjPHF1t/gMRMTLGmhIrDO7gJzRSBuhjjVFc2/tsvfEehOjPI+Vg7RE+x
+ygKJBJYoaMVLuCaJu9YzL1DV/pqJuhgyklTGW+Cd+V7lDSKb9triyCGyYiGqhkCyLmTTX8jjfhFn
+RR8F/uOi77Oos/N9j/gMHyIfLXC0uAE0djAA5SN4p1bXUB+K+wb1whnw0A==
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert131.pem b/test/rules/platform_certs/default/cert131.pem
new file mode 100644
index 000000000000..b9ffb5d67f20
--- /dev/null
+++ b/test/rules/platform_certs/default/cert131.pem
@@ -0,0 +1,28 @@
+UCA Extended Validation Root
+-----BEGIN CERTIFICATE-----
+MIIFWjCCA0KgAwIBAgIQT9Irj/VkyDOeTzRYZiNwYDANBgkqhkiG9w0BAQsFADBHMQswCQYDVQQG
+EwJDTjERMA8GA1UECgwIVW5pVHJ1c3QxJTAjBgNVBAMMHFVDQSBFeHRlbmRlZCBWYWxpZGF0aW9u
+IFJvb3QwHhcNMTUwMzEzMDAwMDAwWhcNMzgxMjMxMDAwMDAwWjBHMQswCQYDVQQGEwJDTjERMA8G
+A1UECgwIVW5pVHJ1c3QxJTAjBgNVBAMMHFVDQSBFeHRlbmRlZCBWYWxpZGF0aW9uIFJvb3QwggIi
+MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCpCQcoEwKwmeBkqh5DFnpzsZGgdT6o+uM4AHrs
+iWogD4vFsJszA1qGxliG1cGFu0/GnEBNyr7uaZa4rYEwmnySBesFK5pI0Lh2PpbIILvSsPGP2KxF
+Rv+qZ2C0d35qHzwaUnoEPQc8hQ2E0B92CvdqFN9y4zR8V05WAT558aopO2z6+I9tTcg1367r3CTu
+eUWnhbYFiN6IXSV8l2RnCdm/WhUFhvMJHuxYMjMR83dksHYf5BA1FxvyDrFspCqjc/wJHx4yGVMR
+59mzLC52LqGj3n5qiAno8geK+LLNEOfic0CTuwjRP+H8C5SzJe98ptfRr5//lpr1kXuYC3fUfugH
+0mK1lTnj8/FtDw5lhIpjVMWAtuCeS31HJqcBCF3RiJ7XwzJE+oJKCmhUfzhTA8ykADNkUVkLo4KR
+el7sFsLzKuZi2irbWWIQJUoqgQtHB0MGcIfS+pMRKXpITeuUx3BNr2fVUbGAIAEBtHoIppB/TuDv
+B0GHr2qlXov7z1CymlSvw4m6WC31MJixNnI5fkkE/SmnTHnkBVfblLkWU41Gsx2VYVdWf6/wFlth
+WG82UBEL2KwrlRYaDh8IzTY0ZRBiZtWAXxQgXy0MoHgKaNYs1+lvK9JKBZP8nm9rZ/+I8U6laUpS
+NwXqxhaN0sSZ0YIrO7o1dfdRUVjzyAfd5LQDfwIDAQABo0IwQDAdBgNVHQ4EFgQU2XQ65DA9DfcS
+3H5aBZ8eNJr34RQwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQEL
+BQADggIBADaNl8xCFWQpN5smLNb7rhVpLGsaGvdftvkHTFnq88nIua7Mui563MD1sC3AO6+fcAUR
+ap8lTwEpcOPlDOHqWnzcSbvBHiqB9RZLcpHIojG5qtr8nR/zXUACE/xOHAbKsxSQVBcZEhrxH9cM
+aVr2cXj0lH2RC47skFSOvG+hTKv8dGT9cZr4QQehzZHkPJrgmzI5c6sq1WnIeJEmMX3ixzDx/BR4
+dxIOE/TdFpS/S2d7cFOFyrC78zhNLJA5wA3CXWvp4uXViI3WLL+rG761KIcSF3Ru/H38j9CHJrAb
++7lsq+KePRXBOy5nAliRn+/4Qh8st2j1da3Ptfb/EX3C8CSlrdP6oDyp+l3cpaDvRKS+1ujl5BOW
+F3sGPjLtx7dCvHaj2GU4Kzg1USEODm8uNBNA4StnDG1KQTAYI1oyVZnJF+A83vbsea0rWBmirSwi
+GpWOvpaQXUJXxPkUAzUrHC1RVwinOt4/5Mi0A3PCwSaAuwtCH60NryZy2sy+s6ODWA2CxR9GUeOc
+GMyNm43sSet1UNWMKFnKdDTajAshqx7qG+XH/RU+wBeq+yNuJkbL+vmxcmtpzyKEC2IPrNkZAJSi
+djzULZrtBJ4tBmIQN1IchXIbJ+XMxjHsN+xjWZsLHXbMfjKaiJUINlK73nZfdklJrX+9ZSCyycEr
+dhh2n1ax
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert132.pem b/test/rules/platform_certs/default/cert132.pem
new file mode 100644
index 000000000000..fcfc4e9327b0
--- /dev/null
+++ b/test/rules/platform_certs/default/cert132.pem
@@ -0,0 +1,32 @@
+Certigna Root CA
+-----BEGIN CERTIFICATE-----
+MIIGWzCCBEOgAwIBAgIRAMrpG4nxVQMNo+ZBbcTjpuEwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UE
+BhMCRlIxEjAQBgNVBAoMCURoaW15b3RpczEcMBoGA1UECwwTMDAwMiA0ODE0NjMwODEwMDAzNjEZ
+MBcGA1UEAwwQQ2VydGlnbmEgUm9vdCBDQTAeFw0xMzEwMDEwODMyMjdaFw0zMzEwMDEwODMyMjda
+MFoxCzAJBgNVBAYTAkZSMRIwEAYDVQQKDAlEaGlteW90aXMxHDAaBgNVBAsMEzAwMDIgNDgxNDYz
+MDgxMDAwMzYxGTAXBgNVBAMMEENlcnRpZ25hIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4IC
+DwAwggIKAoICAQDNGDllGlmx6mQWDoyUJJV8g9PFOSbcDO8WV43X2KyjQn+Cyu3NW9sOty3tRQgX
+stmzy9YXUnIo245Onoq2C/mehJpNdt4iKVzSs9IGPjA5qXSjklYcoW9MCiBtnyN6tMbaLOQdLNyz
+KNAT8kxOAkmhVECe5uUFoC2EyP+YbNDrihqECB63aCPuI9Vwzm1RaRDuoXrC0SIxwoKF0vJVdlB8
+JXrJhFwLrN1CTivngqIkicuQstDuI7pmTLtipPlTWmR7fJj6o0ieD5Wupxj0auwuA0Wv8HT4Ks16
+XdG+RCYyKfHx9WzMfgIhC59vpD++nVPiz32pLHxYGpfhPTc3GGYo0kDFUYqMwy3OU4gkWGQwFsWq
+4NYKpkDfePb1BHxpE4S80dGnBs8B92jAqFe7OmGtBIyT46388NtEbVncSVmurJqZNjBBe3YzIoej
+wpKGbvlw7q6Hh5UbxHq9MfPU0uWZ/75I7HX1eBYdpnDBfzwboZL7z8g81sWTCo/1VTp2lc5ZmIoJ
+lXcymoO6LAQ6l73UL77XbJuiyn1tJslV1c/DeVIICZkHJC1kJWumIWmbat10TWuXekG9qxf5kBdI
+jzb5LdXF2+6qhUVB+s06RbFo5jZMm5BX7CO5hwjCxAnxl4YqKE3idMDaxIzb3+KhF1nOJFl0Mdp/
+/TBt2dzhauH8XwIDAQABo4IBGjCCARYwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw
+HQYDVR0OBBYEFBiHVuBud+4kNTxOc5of1uHieX4rMB8GA1UdIwQYMBaAFBiHVuBud+4kNTxOc5of
+1uHieX4rMEQGA1UdIAQ9MDswOQYEVR0gADAxMC8GCCsGAQUFBwIBFiNodHRwczovL3d3d3cuY2Vy
+dGlnbmEuZnIvYXV0b3JpdGVzLzBtBgNVHR8EZjBkMC+gLaArhilodHRwOi8vY3JsLmNlcnRpZ25h
+LmZyL2NlcnRpZ25hcm9vdGNhLmNybDAxoC+gLYYraHR0cDovL2NybC5kaGlteW90aXMuY29tL2Nl
+cnRpZ25hcm9vdGNhLmNybDANBgkqhkiG9w0BAQsFAAOCAgEAlLieT/DjlQgi581oQfccVdV8AOIt
+OoldaDgvUSILSo3L6btdPrtcPbEo/uRTVRPPoZAbAh1fZkYJMyjhDSSXcNMQH+pkV5a7XdrnxIxP
+TGRGHVyH41neQtGbqH6mid2PHMkwgu07nM3A6RngatgCdTer9zQoKJHyBApPNeNgJgH60BGM+RFq
+7q89w1DTj18zeTyGqHNFkIwgtnJzFyO+B2XleJINugHA64wcZr+shncBlA2c5uk5jR+mUYyZDDl3
+4bSb+hxnV29qao6pK0xXeXpXIs/NX2NGjVxZOob4Mkdio2cNGJHc+6Zr9UhhcyNZjgKnvETq9Emd
+8VRY+WCv2hikLyhF3HqgiIZd8zvn/yk1gPxkQ5Tm4xxvvq0OKmOZK8l+hfZx6AYDlf7ej0gcWtSS
+6Cvu5zHbugRqh5jnxV/vfaci9wHYTfmJ0A6aBVmknpjZbyvKcL5kwlWj9Omvw5Ip3IgWJJk8jSaY
+tlu3zM63Nwf9JtmYhST/WSMDmu2dnajkXjjO11INb9I/bbEFa0nOipFGc/T2L/Coc3cOZayhjWZS
+aX5LaAzHHjcng6WMxwLkFM1JAbBzs/3GkDpv0mztO+7skb6iQ12LAEpmJURw3kAP+HwV96LOPNde
+E4yBFxgX0b3xdxA61GU5wSesVywlVP+i2k+KYTlerj1KjL0=
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert133.pem b/test/rules/platform_certs/default/cert133.pem
new file mode 100644
index 000000000000..056b4b067423
--- /dev/null
+++ b/test/rules/platform_certs/default/cert133.pem
@@ -0,0 +1,20 @@
+emSign Root CA - G1
+-----BEGIN CERTIFICATE-----
+MIIDlDCCAnygAwIBAgIKMfXkYgxsWO3W2DANBgkqhkiG9w0BAQsFADBnMQswCQYDVQQGEwJJTjET
+MBEGA1UECxMKZW1TaWduIFBLSTElMCMGA1UEChMcZU11ZGhyYSBUZWNobm9sb2dpZXMgTGltaXRl
+ZDEcMBoGA1UEAxMTZW1TaWduIFJvb3QgQ0EgLSBHMTAeFw0xODAyMTgxODMwMDBaFw00MzAyMTgx
+ODMwMDBaMGcxCzAJBgNVBAYTAklOMRMwEQYDVQQLEwplbVNpZ24gUEtJMSUwIwYDVQQKExxlTXVk
+aHJhIFRlY2hub2xvZ2llcyBMaW1pdGVkMRwwGgYDVQQDExNlbVNpZ24gUm9vdCBDQSAtIEcxMIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk0u76WaK7p1b1TST0Bsew+eeuGQzf2N4aLTN
+LnF115sgxk0pvLZoYIr3IZpWNVrzdr3YzZr/k1ZLpVkGoZM0Kd0WNHVO8oG0x5ZOrRkVUkr+PHB1
+cM2vK6sVmjM8qrOLqs1D/fXqcP/tzxE7lM5OMhbTI0Aqd7OvPAEsbO2ZLIvZTmmYsvePQbAyeGHW
+DV/D+qJAkh1cF+ZwPjXnorfCYuKrpDhMtTk1b+oDafo6VGiFbdbyL0NVHpENDtjVaqSW0RM8LHhQ
+6DqS0hdW5TUaQBw+jSztOd9C4INBdN+jzcKGYEho42kLVACL5HZpIQ15TjQIXhTCzLG3rdd8cIrH
+hQIDAQABo0IwQDAdBgNVHQ4EFgQU++8Nhp6w492pufEhF38+/PB3KxowDgYDVR0PAQH/BAQDAgEG
+MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAFn/8oz1h31xPaOfG1vR2vjTnGs2
+vZupYeveFix0PZ7mddrXuqe8QhfnPZHr5X3dPpzxz5KsbEjMwiI/aTvFthUvozXGaCocV685743Q
+NcMYDHsAVhzNixl03r4PEuDQqqE/AjSxcM6dGNYIAwlG7mDgfrbESQRRfXBgvKqy/3lyeqYdPV8q
++Mri/Tm3R7nrft8EI6/6nAYH6ftjk4BAtcZsCjEozgyfz7MjNYBBjWzEN3uBL4ChQEKF6dk4jeih
+U80Bv2noWgbyRQuQ+q7hv53yrlc8pa6yVvSLZUDp/TGBLPQ5Cdjua6e0ph0VpZj3AYHYhX3zUVxx
+iN66zB+Afko=
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert134.pem b/test/rules/platform_certs/default/cert134.pem
new file mode 100644
index 000000000000..c43a67b50c25
--- /dev/null
+++ b/test/rules/platform_certs/default/cert134.pem
@@ -0,0 +1,14 @@
+emSign ECC Root CA - G3
+-----BEGIN CERTIFICATE-----
+MIICTjCCAdOgAwIBAgIKPPYHqWhwDtqLhDAKBggqhkjOPQQDAzBrMQswCQYDVQQGEwJJTjETMBEG
+A1UECxMKZW1TaWduIFBLSTElMCMGA1UEChMcZU11ZGhyYSBUZWNobm9sb2dpZXMgTGltaXRlZDEg
+MB4GA1UEAxMXZW1TaWduIEVDQyBSb290IENBIC0gRzMwHhcNMTgwMjE4MTgzMDAwWhcNNDMwMjE4
+MTgzMDAwWjBrMQswCQYDVQQGEwJJTjETMBEGA1UECxMKZW1TaWduIFBLSTElMCMGA1UEChMcZU11
+ZGhyYSBUZWNobm9sb2dpZXMgTGltaXRlZDEgMB4GA1UEAxMXZW1TaWduIEVDQyBSb290IENBIC0g
+RzMwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQjpQy4LRL1KPOxst3iAhKAnjlfSU2fySU0WXTsuwYc
+58Byr+iuL+FBVIcUqEqy6HyC5ltqtdyzdc6LBtCGI79G1Y4PPwT01xySfvalY8L1X44uT6EYGQIr
+MgqCZH0Wk9GjQjBAMB0GA1UdDgQWBBR8XQKEE9TMipuBzhccLikenEhjQjAOBgNVHQ8BAf8EBAMC
+AQYwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAwNpADBmAjEAvvNhzwIQHWSVB7gYboiFBS+D
+CBeQyh+KTOgNG3qxrdWBCUfvO6wIBHxcmbHtRwfSAjEAnbpV/KlK6O3t5nYBQnvI+GDZjVGLVTv7
+jHvrZQnD+JbNR6iC8hZVdyR+EhCVBCyj
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert135.pem b/test/rules/platform_certs/default/cert135.pem
new file mode 100644
index 000000000000..04179a44bf1f
--- /dev/null
+++ b/test/rules/platform_certs/default/cert135.pem
@@ -0,0 +1,19 @@
+emSign Root CA - C1
+-----BEGIN CERTIFICATE-----
+MIIDczCCAlugAwIBAgILAK7PALrEzzL4Q7IwDQYJKoZIhvcNAQELBQAwVjELMAkGA1UEBhMCVVMx
+EzARBgNVBAsTCmVtU2lnbiBQS0kxFDASBgNVBAoTC2VNdWRocmEgSW5jMRwwGgYDVQQDExNlbVNp
+Z24gUm9vdCBDQSAtIEMxMB4XDTE4MDIxODE4MzAwMFoXDTQzMDIxODE4MzAwMFowVjELMAkGA1UE
+BhMCVVMxEzARBgNVBAsTCmVtU2lnbiBQS0kxFDASBgNVBAoTC2VNdWRocmEgSW5jMRwwGgYDVQQD
+ExNlbVNpZ24gUm9vdCBDQSAtIEMxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz+up
+ufGZBczYKCFK83M0UYRWEPWgTywS4/oTmifQz/l5GnRfHXk5/Fv4cI7gklL35CX5VIPZHdPIWoU/
+Xse2B+4+wM6ar6xWQio5JXDWv7V7Nq2s9nPczdcdioOl+yuQFTdrHCZH3DspVpNqs8FqOp099cGX
+OFgFixwR4+S0uF2FHYP+eF8LRWgYSKVGczQ7/g/IdrvHGPMF0Ybzhe3nudkyrVWIzqa2kbBPrH4V
+I5b2P/AgNBbeCsbEBEV5f6f9vtKppa+cxSMq9zwhbL2vj07FOrLzNBL834AaSaTUqZX3noleooms
+lMuoaJuvimUnzYnu3Yy1aylwQ6BpC+S5DwIDAQABo0IwQDAdBgNVHQ4EFgQU/qHgcB4qAzlSWkK+
+XJGFehiqTbUwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQAD
+ggEBAMJKVvoVIXsoounlHfv4LcQ5lkFMOycsxGwYFYDGrK9HWS8mC+M2sO87/kOXSTKZEhVb3xEp
+/6tT+LvBeA+snFOvV71ojD1pM/CjoCNjO2RnIkSt1XHLVip4kqNPEjE2NuLe/gDEo2APJ62gsIq1
+NnpSob0n9CAnYuhNlCQT5AoE6TyrLshDCUrGYQTlSTR+08TI9Q/Aqum6VF7zYytPT1DU/rl7mYw9
+wC68AivTxEDkigcxHpvOJpkT+xHqmiIMERnHXhuBUDDIlhJu58tBf5E7oke3VIAb3ADMmpDqw8NQ
+BmIMMMAVSKeoWXzhriKi4gp6D/piq1JM4fHfyr6DDUI=
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert136.pem b/test/rules/platform_certs/default/cert136.pem
new file mode 100644
index 000000000000..5d185a78a22c
--- /dev/null
+++ b/test/rules/platform_certs/default/cert136.pem
@@ -0,0 +1,13 @@
+emSign ECC Root CA - C3
+-----BEGIN CERTIFICATE-----
+MIICKzCCAbGgAwIBAgIKe3G2gla4EnycqDAKBggqhkjOPQQDAzBaMQswCQYDVQQGEwJVUzETMBEG
+A1UECxMKZW1TaWduIFBLSTEUMBIGA1UEChMLZU11ZGhyYSBJbmMxIDAeBgNVBAMTF2VtU2lnbiBF
+Q0MgUm9vdCBDQSAtIEMzMB4XDTE4MDIxODE4MzAwMFoXDTQzMDIxODE4MzAwMFowWjELMAkGA1UE
+BhMCVVMxEzARBgNVBAsTCmVtU2lnbiBQS0kxFDASBgNVBAoTC2VNdWRocmEgSW5jMSAwHgYDVQQD
+ExdlbVNpZ24gRUNDIFJvb3QgQ0EgLSBDMzB2MBAGByqGSM49AgEGBSuBBAAiA2IABP2lYa57JhAd
+6bciMK4G9IGzsUJxlTm801Ljr6/58pc1kjZGDoeVjbk5Wum739D+yAdBPLtVb4OjavtisIGJAnB9
+SMVK4+kiVCJNk7tCDK93nCOmfddhEc5lx/h//vXyqaNCMEAwHQYDVR0OBBYEFPtaSNCAIEDyqOkA
+B2kZd6fmw/TPMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMDA2gA
+MGUCMQC02C8Cif22TGK6Q04ThHK1rt0c3ta13FaPWEBaLd4gTCKDypOofu4SQMfWh0/434UCMBwU
+ZOR8loMRnLDRWmFLpg9J0wD8ofzkpf9/rdcw0Md3f76BB1UwUCAU9Vc4CqgxUQ==
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert137.pem b/test/rules/platform_certs/default/cert137.pem
new file mode 100644
index 000000000000..e2132d1d4b14
--- /dev/null
+++ b/test/rules/platform_certs/default/cert137.pem
@@ -0,0 +1,30 @@
+Hongkong Post Root CA 3
+-----BEGIN CERTIFICATE-----
+MIIFzzCCA7egAwIBAgIUCBZfikyl7ADJk0DfxMauI7gcWqQwDQYJKoZIhvcNAQELBQAwbzELMAkG
+A1UEBhMCSEsxEjAQBgNVBAgTCUhvbmcgS29uZzESMBAGA1UEBxMJSG9uZyBLb25nMRYwFAYDVQQK
+Ew1Ib25na29uZyBQb3N0MSAwHgYDVQQDExdIb25na29uZyBQb3N0IFJvb3QgQ0EgMzAeFw0xNzA2
+MDMwMjI5NDZaFw00MjA2MDMwMjI5NDZaMG8xCzAJBgNVBAYTAkhLMRIwEAYDVQQIEwlIb25nIEtv
+bmcxEjAQBgNVBAcTCUhvbmcgS29uZzEWMBQGA1UEChMNSG9uZ2tvbmcgUG9zdDEgMB4GA1UEAxMX
+SG9uZ2tvbmcgUG9zdCBSb290IENBIDMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCz
+iNfqzg8gTr7m1gNt7ln8wlffKWihgw4+aMdoWJwcYEuJQwy51BWy7sFOdem1p+/l6TWZ5Mwc50tf
+jTMwIDNT2aa71T4Tjukfh0mtUC1Qyhi+AViiE3CWu4mIVoBc+L0sPOFMV4i707mV78vH9toxdCim
+5lSJ9UExyuUmGs2C4HDaOym71QP1mbpV9WTRYA6ziUm4ii8F0oRFKHyPaFASePwLtVPLwpgchKOe
+sL4jpNrcyCse2m5FHomY2vkALgbpDDtw1VAliJnLzXNg99X/NWfFobxeq81KuEXryGgeDQ0URhLj
+0mRiikKYvLTGCAj4/ahMZJx2Ab0vqWwzD9g/KLg8aQFChn5pwckGyuV6RmXpwtZQQS4/t+TtbNe/
+JgERohYpSms0BpDsE9K2+2p20jzt8NYt3eEV7KObLyzJPivkaTv/ciWxNoZbx39ri1UbSsUgYT2u
+y1DhCDq+sI9jQVMwCFk8mB13umOResoQUGC/8Ne8lYePl8X+l2oBlKN8W4UdKjk60FSh0Tlxnf0h
++bV78OLgAo9uliQlLKAeLKjEiafv7ZkGL7YKTE/bosw3Gq9HhS2KX8Q0NEwA/RiTZxPRN+ZItIsG
+xVd7GYYKecsAyVKvQv83j+GjHno9UKtjBucVtT+2RTeUN7F+8kjDf8V1/peNRY8apxpyKBpADwID
+AQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAfBgNVHSMEGDAWgBQXnc0e
+i9Y5K3DTXNSguB+wAPzFYTAdBgNVHQ4EFgQUF53NHovWOStw01zUoLgfsAD8xWEwDQYJKoZIhvcN
+AQELBQADggIBAFbVe27mIgHSQpsY1Q7XZiNc4/6gx5LS6ZStS6LG7BJ8dNVI0lkUmcDrudHr9Egw
+W62nV3OZqdPlt9EuWSRY3GguLmLYauRwCy0gUCCkMpXRAJi70/33MvJJrsZ64Ee+bs7Lo3I6LWld
+y8joRTnU+kLBEUx3XZL7av9YROXrgZ6voJmtvqkBZss4HTzfQx/0TW60uhdG/H39h4F5ag0zD/ov
++BS5gLNdTaqX4fnkGMX41TiMJjz98iji7lpJiCzfeT2OnpA8vUFKOt1b9pq0zj8lMH8yfaIDlNDc
+eqFS3m6TjRgm/VWsvY+b0s+v54Ysyx8Jb6NvqYTUc79NoXQbTiNg8swOqn+knEwlqLJmOzj/2ZQw
+9nKEvmhVEA/GcywWaZMH/rFF7buiVWqw2rVKAiUnhde3t4ZEFolsgCs+l6mc1X5VTMbeRRAc6uk7
+nwNT7u56AQIWeNTowr5GdogTPyK7SBIdUgC0An4hGh6cJfTzPV4e0hz5sy229zdcxsshTrD3mUcY
+hcErulWuBurQB7Lcq9CClnXO0lD+mefPL5/ndtFhKvshuzHQqp9HpLIiyhY6UFfEW0NnxWViA0kB
+60PZ2Pierc+xYw5F9KBaLJstxabArahH9CdMOA0uG0k7UvToiIMrVCjU8jVStDKDYmlkDJGcn5fq
+dBb9HxEGmpv0
+-----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert138.pem b/test/rules/platform_certs/default/cert138.pem
new file mode 100644
index 000000000000..85ace10ff735
--- /dev/null
+++ b/test/rules/platform_certs/default/cert138.pem
@@ -0,0 +1,33 @@
+Entrust Root Certification Authority - G4
+-----BEGIN CERTIFICATE-----
+MIIGSzCCBDOgAwIBAgIRANm1Q3+vqTkPAAAAAFVlrVgwDQYJKoZIhvcNAQELBQAwgb4xCzAJBgNV
+BAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUgd3d3LmVudHJ1c3Qu
+bmV0L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykgMjAxNSBFbnRydXN0LCBJbmMuIC0gZm9yIGF1
+dGhvcml6ZWQgdXNlIG9ubHkxMjAwBgNVBAMTKUVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1
+dGhvcml0eSAtIEc0MB4XDTE1MDUyNzExMTExNloXDTM3MTIyNzExNDExNlowgb4xCzAJBgNVBAYT
+AlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUgd3d3LmVudHJ1c3QubmV0
+L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykgMjAxNSBFbnRydXN0LCBJbmMuIC0gZm9yIGF1dGhv
+cml6ZWQgdXNlIG9ubHkxMjAwBgNVBAMTKUVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhv
+cml0eSAtIEc0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAsewsQu7i0TD/pZJH4i3D
+umSXbcr3DbVZwbPLqGgZ2K+EbTBwXX7zLtJTmeH+H17ZSK9dE43b/2MzTdMAArzE+NEGCJR5WIoV
+3imz/f3ET+iq4qA7ec2/a0My3dl0ELn39GjUu9CH1apLiipvKgS1sqbHoHrmSKvS0VnM1n4j5pds
+8ELl3FFLFUHtSUrJ3hCX1nbB76W1NhSXNdh4IjVS70O92yfbYVaCNNzLiGAMC1rlLAHGVK/XqsEQ
+e9IFWrhAnoanw5CGAlZSCXqc0ieCU0plUmr1POeo8pyvi73TDtTUXm6Hnmo9RR3RXRv06QqsYJn7
+ibT/mCzPfB3pAqoEmh643IhuJbNsZvc8kPNXwbMv9W3y+8qh+CmdRouzavbmZwe+LGcKKh9asj5X
+xNMhIWNlUpEbsZmOeX7m640A2Vqq6nPopIICR5b+W45UYaPrL0swsIsjdXJ8ITzI9vF01Bx7owVV
+7rtNOzK+mndmnqxpkCIHH2E6lr7lmk/MBTwoWdPBDFSoWWG9yHJM6Nyfh3+9nEg2XpWjDrk4JFX8
+dWbrAuMINClKxuMrLzOg2qOGpRKX/YAr2hRC45K9PvJdXmd0LhyIRyk0X+IyqJwlN4y6mACXi0mW
+Hv0liqzc2thddG5msP9E36EYxr5ILzeUePiVSj9/E15dWf10hkNjc0kCAwEAAaNCMEAwDwYDVR0T
+AQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFJ84xFYjwznooHFs6FRM5Og6sb9n
+MA0GCSqGSIb3DQEBCwUAA4ICAQAS5UKme4sPDORGpbZgQIeMJX6tuGguW8ZAdjwD+MlZ9POrYs4Q
+jbRaZIxowLByQzTSGwv2LFPSypBLhmb8qoMi9IsabyZIrHZ3CL/FmFz0Jomee8O5ZDIBf9PD3Vht
+7LGrhFV0d4QEJ1JrhkzO3bll/9bGXp+aEJlLdWr+aumXIOTkdnrG0CSqkM0gkLpHZPt/B7NTeLUK
+YvJzQ85BK4FqLoUWlFPUa19yIqtRLULVAJyZv967lDtX/Zr1hstWO1uIAeV8KEsD+UmDfLJ/fOPt
+jqF/YFOOVZ1QNBIPt5d7bIdKROf1beyAN/BYGW5KaHbwH5Lk6rWS02FREAutp9lfx1/cH6NcjKF+
+m7ee01ZvZl4HliDtC3T7Zk6LERXpgUl+b7DUUH8i119lAg2m9IUe2K4GS0qn0jFmwvjO5QimpAKW
+RGhXxNUzzxkvFMSUHHuk2fCfDrGA4tGeEWSpiBE6doLlYsKA2KSD7ZPvfC+QsDJMlhVoSFLUmQjA
+JOgc47OlIQ6SwJAfzyBfyjs4x7dtOvPmRLgOMWuIjnDrnBdSqEGULoe256YSxXXfW8AKbnuk5F6G
++TaU33fD6Q3AOfF5u0aOq0NZJ7cguyPpVkAh7DE9ZapD8j3fcEThuk0mEDuYn/PIjhs4ViFqUZPT
+kcpG2om3PVODLAgfi49T3f+sHw==
+-----END CERTIFICATE-----
+
diff --git a/test/rules/platform_certs/default/cf701eeb.0 b/test/rules/platform_certs/default/cf701eeb.0
new file mode 120000
index 000000000000..997960c9a6fd
--- /dev/null
+++ b/test/rules/platform_certs/default/cf701eeb.0
@@ -0,0 +1 @@
+cert030.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/d06393bb.0 b/test/rules/platform_certs/default/d06393bb.0
new file mode 120000
index 000000000000..68c876e8ea1b
--- /dev/null
+++ b/test/rules/platform_certs/default/d06393bb.0
@@ -0,0 +1 @@
+cert081.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/d0cddf45.0 b/test/rules/platform_certs/default/d0cddf45.0
new file mode 120000
index 000000000000..09d377c2dbdf
--- /dev/null
+++ b/test/rules/platform_certs/default/d0cddf45.0
@@ -0,0 +1 @@
+cert118.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/d16a5865.0 b/test/rules/platform_certs/default/d16a5865.0
new file mode 120000
index 000000000000..caeacfb82a92
--- /dev/null
+++ b/test/rules/platform_certs/default/d16a5865.0
@@ -0,0 +1 @@
+cert052.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/d18e9066.0 b/test/rules/platform_certs/default/d18e9066.0
new file mode 120000
index 000000000000..d30fd61516a0
--- /dev/null
+++ b/test/rules/platform_certs/default/d18e9066.0
@@ -0,0 +1 @@
+cert098.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/d41b5e2a.0 b/test/rules/platform_certs/default/d41b5e2a.0
new file mode 120000
index 000000000000..e6f2f7d1094b
--- /dev/null
+++ b/test/rules/platform_certs/default/d41b5e2a.0
@@ -0,0 +1 @@
+cert113.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/d4c339cb.0 b/test/rules/platform_certs/default/d4c339cb.0
new file mode 120000
index 000000000000..3f93be5f29e1
--- /dev/null
+++ b/test/rules/platform_certs/default/d4c339cb.0
@@ -0,0 +1 @@
+cert091.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/d4dae3dd.0 b/test/rules/platform_certs/default/d4dae3dd.0
new file mode 120000
index 000000000000..b6fe338c1eae
--- /dev/null
+++ b/test/rules/platform_certs/default/d4dae3dd.0
@@ -0,0 +1 @@
+cert075.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/d59297b8.0 b/test/rules/platform_certs/default/d59297b8.0
new file mode 120000
index 000000000000..90c574c79ffc
--- /dev/null
+++ b/test/rules/platform_certs/default/d59297b8.0
@@ -0,0 +1 @@
+cert065.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/d6325660.0 b/test/rules/platform_certs/default/d6325660.0
new file mode 120000
index 000000000000..3f93be5f29e1
--- /dev/null
+++ b/test/rules/platform_certs/default/d6325660.0
@@ -0,0 +1 @@
+cert091.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/d7746a63.0 b/test/rules/platform_certs/default/d7746a63.0
new file mode 120000
index 000000000000..b6fe338c1eae
--- /dev/null
+++ b/test/rules/platform_certs/default/d7746a63.0
@@ -0,0 +1 @@
+cert075.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/d7e8dc79.0 b/test/rules/platform_certs/default/d7e8dc79.0
new file mode 120000
index 000000000000..9d25f0e60cb0
--- /dev/null
+++ b/test/rules/platform_certs/default/d7e8dc79.0
@@ -0,0 +1 @@
+cert013.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/d853d49e.0 b/test/rules/platform_certs/default/d853d49e.0
new file mode 120000
index 000000000000..077461e29492
--- /dev/null
+++ b/test/rules/platform_certs/default/d853d49e.0
@@ -0,0 +1 @@
+cert069.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/da7377f6.0 b/test/rules/platform_certs/default/da7377f6.0
new file mode 120000
index 000000000000..68fd619a62a8
--- /dev/null
+++ b/test/rules/platform_certs/default/da7377f6.0
@@ -0,0 +1 @@
+cert131.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/dbc54cab.0 b/test/rules/platform_certs/default/dbc54cab.0
new file mode 120000
index 000000000000..78c8c289bffe
--- /dev/null
+++ b/test/rules/platform_certs/default/dbc54cab.0
@@ -0,0 +1 @@
+cert061.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/dbff3a01.0 b/test/rules/platform_certs/default/dbff3a01.0
new file mode 120000
index 000000000000..c64998b14fa3
--- /dev/null
+++ b/test/rules/platform_certs/default/dbff3a01.0
@@ -0,0 +1 @@
+cert135.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/dc4d6a89.0 b/test/rules/platform_certs/default/dc4d6a89.0
new file mode 120000
index 000000000000..4d3818fc7c3e
--- /dev/null
+++ b/test/rules/platform_certs/default/dc4d6a89.0
@@ -0,0 +1 @@
+cert124.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/dc99f41e.0 b/test/rules/platform_certs/default/dc99f41e.0
new file mode 120000
index 000000000000..ad1a2c9e4e96
--- /dev/null
+++ b/test/rules/platform_certs/default/dc99f41e.0
@@ -0,0 +1 @@
+cert106.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/dd8e9d41.0 b/test/rules/platform_certs/default/dd8e9d41.0
new file mode 120000
index 000000000000..125e20d7689f
--- /dev/null
+++ b/test/rules/platform_certs/default/dd8e9d41.0
@@ -0,0 +1 @@
+cert089.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/de6d66f3.0 b/test/rules/platform_certs/default/de6d66f3.0
new file mode 120000
index 000000000000..e6f2f7d1094b
--- /dev/null
+++ b/test/rules/platform_certs/default/de6d66f3.0
@@ -0,0 +1 @@
+cert113.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/def36a68.0 b/test/rules/platform_certs/default/def36a68.0
new file mode 120000
index 000000000000..8270bf0a9083
--- /dev/null
+++ b/test/rules/platform_certs/default/def36a68.0
@@ -0,0 +1 @@
+cert114.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/dfc0fe80.0 b/test/rules/platform_certs/default/dfc0fe80.0
new file mode 120000
index 000000000000..412847d766b1
--- /dev/null
+++ b/test/rules/platform_certs/default/dfc0fe80.0
@@ -0,0 +1 @@
+cert103.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/e113c810.0 b/test/rules/platform_certs/default/e113c810.0
new file mode 120000
index 000000000000..80aa69139189
--- /dev/null
+++ b/test/rules/platform_certs/default/e113c810.0
@@ -0,0 +1 @@
+cert036.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/e18bfb83.0 b/test/rules/platform_certs/default/e18bfb83.0
new file mode 120000
index 000000000000..b03c490c2905
--- /dev/null
+++ b/test/rules/platform_certs/default/e18bfb83.0
@@ -0,0 +1 @@
+cert085.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/e2799e36.0 b/test/rules/platform_certs/default/e2799e36.0
new file mode 120000
index 000000000000..ae5698946b79
--- /dev/null
+++ b/test/rules/platform_certs/default/e2799e36.0
@@ -0,0 +1 @@
+cert040.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/e36a6752.0 b/test/rules/platform_certs/default/e36a6752.0
new file mode 120000
index 000000000000..ff9922e53b2d
--- /dev/null
+++ b/test/rules/platform_certs/default/e36a6752.0
@@ -0,0 +1 @@
+cert082.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/e442e424.0 b/test/rules/platform_certs/default/e442e424.0
new file mode 120000
index 000000000000..b03c490c2905
--- /dev/null
+++ b/test/rules/platform_certs/default/e442e424.0
@@ -0,0 +1 @@
+cert085.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/e48193cf.0 b/test/rules/platform_certs/default/e48193cf.0
new file mode 120000
index 000000000000..fa7fca3f2ea3
--- /dev/null
+++ b/test/rules/platform_certs/default/e48193cf.0
@@ -0,0 +1 @@
+cert059.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/e73d606e.0 b/test/rules/platform_certs/default/e73d606e.0
new file mode 120000
index 000000000000..412847d766b1
--- /dev/null
+++ b/test/rules/platform_certs/default/e73d606e.0
@@ -0,0 +1 @@
+cert103.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/e775ed2d.0 b/test/rules/platform_certs/default/e775ed2d.0
new file mode 120000
index 000000000000..bc0f98e93038
--- /dev/null
+++ b/test/rules/platform_certs/default/e775ed2d.0
@@ -0,0 +1 @@
+cert009.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/e8651083.0 b/test/rules/platform_certs/default/e8651083.0
new file mode 120000
index 000000000000..f8a471e0b6e2
--- /dev/null
+++ b/test/rules/platform_certs/default/e8651083.0
@@ -0,0 +1 @@
+cert050.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/e8de2f56.0 b/test/rules/platform_certs/default/e8de2f56.0
new file mode 120000
index 000000000000..234aa2b2c2cc
--- /dev/null
+++ b/test/rules/platform_certs/default/e8de2f56.0
@@ -0,0 +1 @@
+cert071.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/ed39abd0.0 b/test/rules/platform_certs/default/ed39abd0.0
new file mode 120000
index 000000000000..125e20d7689f
--- /dev/null
+++ b/test/rules/platform_certs/default/ed39abd0.0
@@ -0,0 +1 @@
+cert089.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/ee64a828.0 b/test/rules/platform_certs/default/ee64a828.0
new file mode 120000
index 000000000000..f3d65f9515d0
--- /dev/null
+++ b/test/rules/platform_certs/default/ee64a828.0
@@ -0,0 +1 @@
+cert011.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/eed8c118.0 b/test/rules/platform_certs/default/eed8c118.0
new file mode 120000
index 000000000000..cc53c2682802
--- /dev/null
+++ b/test/rules/platform_certs/default/eed8c118.0
@@ -0,0 +1 @@
+cert034.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/ef954a4e.0 b/test/rules/platform_certs/default/ef954a4e.0
new file mode 120000
index 000000000000..d30fd61516a0
--- /dev/null
+++ b/test/rules/platform_certs/default/ef954a4e.0
@@ -0,0 +1 @@
+cert098.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/f013ecaf.0 b/test/rules/platform_certs/default/f013ecaf.0
new file mode 120000
index 000000000000..4cb45c9ec0e0
--- /dev/null
+++ b/test/rules/platform_certs/default/f013ecaf.0
@@ -0,0 +1 @@
+cert126.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/f081611a.0 b/test/rules/platform_certs/default/f081611a.0
new file mode 120000
index 000000000000..a5914a9ae27a
--- /dev/null
+++ b/test/rules/platform_certs/default/f081611a.0
@@ -0,0 +1 @@
+cert018.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/f0c70a8d.0 b/test/rules/platform_certs/default/f0c70a8d.0
new file mode 120000
index 000000000000..8e03fa2ac01b
--- /dev/null
+++ b/test/rules/platform_certs/default/f0c70a8d.0
@@ -0,0 +1 @@
+cert123.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/f0cd152c.0 b/test/rules/platform_certs/default/f0cd152c.0
new file mode 120000
index 000000000000..b02322a14ba4
--- /dev/null
+++ b/test/rules/platform_certs/default/f0cd152c.0
@@ -0,0 +1 @@
+cert138.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/f30dd6ad.0 b/test/rules/platform_certs/default/f30dd6ad.0
new file mode 120000
index 000000000000..fe8b7f684bf0
--- /dev/null
+++ b/test/rules/platform_certs/default/f30dd6ad.0
@@ -0,0 +1 @@
+cert093.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/f3377b1b.0 b/test/rules/platform_certs/default/f3377b1b.0
new file mode 120000
index 000000000000..6b9e3cee1364
--- /dev/null
+++ b/test/rules/platform_certs/default/f3377b1b.0
@@ -0,0 +1 @@
+cert015.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/f387163d.0 b/test/rules/platform_certs/default/f387163d.0
new file mode 120000
index 000000000000..6d3afc9f7b75
--- /dev/null
+++ b/test/rules/platform_certs/default/f387163d.0
@@ -0,0 +1 @@
+cert019.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/f39fc864.0 b/test/rules/platform_certs/default/f39fc864.0
new file mode 120000
index 000000000000..997960c9a6fd
--- /dev/null
+++ b/test/rules/platform_certs/default/f39fc864.0
@@ -0,0 +1 @@
+cert030.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/f459871d.0 b/test/rules/platform_certs/default/f459871d.0
new file mode 120000
index 000000000000..fe08ce674247
--- /dev/null
+++ b/test/rules/platform_certs/default/f459871d.0
@@ -0,0 +1 @@
+cert133.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/f51bb24c.0 b/test/rules/platform_certs/default/f51bb24c.0
new file mode 120000
index 000000000000..bbce6c435741
--- /dev/null
+++ b/test/rules/platform_certs/default/f51bb24c.0
@@ -0,0 +1 @@
+cert132.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/facacbc6.0 b/test/rules/platform_certs/default/facacbc6.0
new file mode 120000
index 000000000000..b71513fe981a
--- /dev/null
+++ b/test/rules/platform_certs/default/facacbc6.0
@@ -0,0 +1 @@
+cert029.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/fb5fa911.0 b/test/rules/platform_certs/default/fb5fa911.0
new file mode 120000
index 000000000000..f79cc53a1883
--- /dev/null
+++ b/test/rules/platform_certs/default/fb5fa911.0
@@ -0,0 +1 @@
+cert111.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/fc5a8f99.0 b/test/rules/platform_certs/default/fc5a8f99.0
new file mode 120000
index 000000000000..4d799e74ef9e
--- /dev/null
+++ b/test/rules/platform_certs/default/fc5a8f99.0
@@ -0,0 +1 @@
+cert092.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/fd08c599.0 b/test/rules/platform_certs/default/fd08c599.0
new file mode 120000
index 000000000000..819e00043983
--- /dev/null
+++ b/test/rules/platform_certs/default/fd08c599.0
@@ -0,0 +1 @@
+cert110.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/fde84897.0 b/test/rules/platform_certs/default/fde84897.0
new file mode 120000
index 000000000000..80aa69139189
--- /dev/null
+++ b/test/rules/platform_certs/default/fde84897.0
@@ -0,0 +1 @@
+cert036.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/fe8a2cd8.0 b/test/rules/platform_certs/default/fe8a2cd8.0
new file mode 120000
index 000000000000..d59e7b0ac35d
--- /dev/null
+++ b/test/rules/platform_certs/default/fe8a2cd8.0
@@ -0,0 +1 @@
+cert104.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/ff34af3f.0 b/test/rules/platform_certs/default/ff34af3f.0
new file mode 120000
index 000000000000..d3d34182b0b4
--- /dev/null
+++ b/test/rules/platform_certs/default/ff34af3f.0
@@ -0,0 +1 @@
+cert115.pem
\ No newline at end of file
diff --git a/test/rules/requirements.txt b/test/rules/requirements.txt
new file mode 100644
index 000000000000..0057c226a169
--- /dev/null
+++ b/test/rules/requirements.txt
@@ -0,0 +1,6 @@
+lxml>=3.3.3
+pycurl
+regex
+bsdiff4
+python-Levenshtein
+tldextract
diff --git a/test/rules/src/https_everywhere_checker/check_rules.py b/test/rules/src/https_everywhere_checker/check_rules.py
new file mode 100644
index 000000000000..f3d5baf00152
--- /dev/null
+++ b/test/rules/src/https_everywhere_checker/check_rules.py
@@ -0,0 +1,504 @@
+#!/usr/bin/env python3
+
+import binascii
+import argparse
+import copy
+import json
+import glob
+import hashlib
+import logging
+import os
+import queue
+import re
+import sys
+import threading
+import time
+
+from configparser import ConfigParser
+
+from lxml import etree
+
+import http_client
+import metrics
+import urllib.parse
+from rules import Ruleset
+from rule_trie import RuleTrie
+from datetime import datetime
+
+timestamp = datetime.now().replace(microsecond=0)
+
+def convertLoglevel(levelString):
+    """Converts string 'debug', 'info', etc. into corresponding
+    logging.XXX value which is returned.
+
+    @raises ValueError if the level is undefined
+    """
+    try:
+        return getattr(logging, levelString.upper())
+    except AttributeError:
+        raise ValueError("No such loglevel - {}".format(levelString))
+
+
+def getMetricClass(metricType):
+    """Get class for metric type from config file.
+
+    @raises ValueError if the metric type is unknown
+    """
+    metricMap = {
+        "markup": metrics.MarkupMetric,
+        "bsdiff": metrics.BSDiffMetric,
+    }
+
+    if metricType not in metricMap:
+        raise ValueError("Metric type '{}' is not known".format(metricType))
+
+    return metricMap[metricType]
+
+
+class ComparisonTask(object):
+    """Container for objects necessary for several plain/rewritten URL comparison
+             associated with a single ruleset.
+    """
+
+    def __init__(self, urls, fetcherPlain, fetchersRewriting, ruleset):
+        self.urls = urls
+        self.fetcherPlain = fetcherPlain
+        self.fetchersRewriting = fetchersRewriting
+        self.ruleset = ruleset
+        self.ruleFname = ruleset.filename
+
+
+class UrlComparisonThread(threading.Thread):
+    """Thread worker for comparing plain and rewritten URLs.
+    """
+
+    def __init__(self, taskQueue, metric, thresholdDistance, autoDisable, resQueue):
+        """
+        Comparison thread running HTTP/HTTPS scans.
+
+        @param taskQueue: Queue.Queue filled with ComparisonTask objects
+        @param metric: metric.Metric instance
+        @param threshold: min distance that is reported as "too big"
+        @param resQueue: Result Queue, results are added there
+        """
+        self.taskQueue = taskQueue
+        self.resQueue = resQueue
+        self.metric = metric
+        self.thresholdDistance = thresholdDistance
+        self.autoDisable = autoDisable
+        threading.Thread.__init__(self)
+
+    def run(self):
+        while True:
+            try:
+                self.processTask(self.taskQueue.get())
+                self.taskQueue.task_done()
+            except Exception as e:
+                logging.exception(e)
+            if self.taskQueue.empty():
+                break
+
+    def processTask(self, task):
+        problems = []
+        for url in task.urls:
+            result = self.processUrl(url, task)
+            if result[0]:
+                problems.append(result)
+        if problems:
+            for problem in problems:
+                logging.error("{}: {}".format(task.ruleFname, problem[0]))
+            if self.autoDisable:
+                urlCount = len(task.urls)
+                disableRuleset(task.ruleset, problems, urlCount)
+
+    def queue_result(self, result, details, fname, url, https_url=None):
+        """
+        Add results to result Queue
+
+        @param result: Result of the test. "error" or "success"
+        @param details: More detailed results (in case of error)
+        @param fname: rule file name
+        @param  url: base url of the test (http)
+        @param https_url: re-written https url
+        """
+
+        res = {"result": result,
+               "details": details,
+               "fname": fname,
+               "url": url}
+        if https_url:
+            res["https_url"] = https_url
+        self.resQueue.put(res)
+
+    def fetchUrl(self, plainUrl, transformedUrl, fetcherPlain, fetcherRewriting, ruleFname):
+        logging.debug("=**= Start {} => {} ****".format(plainUrl, transformedUrl))
+        logging.debug("Fetching transformed page {}".format(transformedUrl))
+        transformedRcode, transformedPage = fetcherRewriting.fetchHtml(
+            transformedUrl)
+        logging.debug("Fetching plain page {}".format(plainUrl))
+        # If we get an exception (e.g. connection refused,
+        # connection timeout) on the plain page, don't treat
+        # that as a failure (except DNS resolution errors)
+        plainRcode, plainPage = None, None
+        try:
+            plainRcode, plainPage = fetcherPlain.fetchHtml(plainUrl)
+        except Exception as e:
+            errno, message = e.args
+            if errno == 6:
+                message = "Time: {}\n Fetch error: {} => {}: {}".format(timestamp,
+                    plainUrl, transformedUrl, e)
+                self.queue_result("error", "fetch-error {}".format(e),
+                                  ruleFname, plainUrl, https_url=transformedUrl)
+                return message
+
+            logging.debug(
+                "Non-fatal fetch error for plain page {}: {}".format(plainUrl, e))
+
+        # Compare HTTP return codes - if original page returned 2xx,
+        # but the transformed didn't, consider it an error in ruleset
+        # (note this is not symmetric, we don't care if orig page is broken).
+        # We don't handle 1xx codes for now.
+        if plainRcode and plainRcode//100 == 2 and transformedRcode//100 != 2:
+            message = "Non-2xx HTTP code: {} ({}) => {} ({})".format(
+                plainUrl, plainRcode, transformedUrl, transformedRcode)
+            self.queue_result("error", "non-2xx http code",
+                              ruleFname, plainUrl, https_url=transformedUrl)
+            logging.debug(message)
+            return message
+
+        # If the plain page fetch got an exception, we don't
+        # need to do the distance comparison. Intuitively, if a
+        # plain page is fetchable people expect it to have the
+        # same content as the HTTPS page. But if the plain page
+        # is unreachable, there's nothing to compare to.
+        if plainPage:
+            distance = self.metric.distanceNormed(plainPage, transformedPage)
+
+            logging.debug("==== D: {:.4f}; {} ({}) -> {} ({}) =====".format(
+                          distance, plainUrl, len(plainPage), transformedUrl, len(transformedPage)))
+            if distance >= self.thresholdDistance:
+                logging.info("Big distance {:.4f}: {} ({}) -> {} ({}). Rulefile: {} =====".format(
+                             distance, plainUrl, len(plainPage), transformedUrl, len(transformedPage), ruleFname))
+
+        self.queue_result("success", "", ruleFname, plainUrl)
+
+    def processUrl(self, plainUrl, task):
+        fetcherPlain = task.fetcherPlain
+        fetchersRewriting = task.fetchersRewriting
+        ruleFname = task.ruleFname
+
+        try:
+            transformedUrl = task.ruleset.apply(plainUrl)
+        except Exception as e:
+            self.queue_result("regex_error", str(e), ruleFname, plainUrl)
+            logging.error("{}: Regex Error {}".format(ruleFname, str(e)))
+            return
+
+        fetchersFailed = 0
+        for fetcherRewriting in fetchersRewriting:
+            try:
+                message = self.fetchUrl(
+                    plainUrl, transformedUrl, fetcherPlain, fetcherRewriting, ruleFname)
+                break
+
+            except Exception as e:
+                fetchersFailed += 1
+                if fetchersFailed == len(fetchersRewriting):
+                    message = "Fetch error: {} => {}: {}".format(
+                        plainUrl, transformedUrl, e)
+                    self.queue_result("error", "fetch-error {}".format(e),
+                                    ruleFname, plainUrl, https_url=transformedUrl)
+                    logging.debug(message)
+
+        logging.info("Finished comparing {} -> {}. Rulefile: {}.".format(
+                    plainUrl, transformedUrl, ruleFname))
+
+        return [message, plainUrl]
+
+
+def disableRuleset(ruleset, problemRules, urlCount):
+    problems = [problem[0] for problem in problemRules]
+    rules = [problem[1] for problem in problemRules]
+    contents = open(ruleset.filename).read()
+
+    # Don't bother to disable rulesets that are already disabled
+    if re.search("\bdefault_off=", contents):
+        return
+
+    # Go ahead and disable rulset if all targets are problematic
+    if urlCount == len(problemRules):
+        logging.info("Disabling ruleset {}".format(ruleset.filename))
+        disableMessage = "Entire ruleset disabled at {}\n".format(timestamp)
+        contents = re.sub("(<ruleset [^>]*)>",
+            "\\1 default_off=\"failed ruleset test\">", contents);
+    # If not all targets, just the target
+    else:
+        for rule in rules:
+            disableMessage = "The following targets have been disabled at {}:\n".format(timestamp)
+            host = urllib.parse.urlparse(rule)
+            logging.info("Disabling target {}".format(host.netloc))
+            contents = re.sub('<[ \n]*target[ \n]+host[ \n]*=[ \n]*"{}"[ \n]*/?[ \n]*>'.format(host.netloc),
+                '<!-- target host="{}" /-->'.format(host.netloc), contents);
+
+    # Since the problems are going to be inserted into an XML comment, they cannot
+    # contain "--", or they will generate a parse error. Split up all "--" with a
+    # space in the middle.
+    safeProblems = [re.sub('--', '- -', p) for p in problems]
+    # If there's not already a comment section at the beginning, add one.
+    if not re.search("^<!--", contents):
+        contents = "<!--\n-->\n" + contents
+    problemStatement = ("""
+<!--
+{}
+{}
+""".format(disableMessage, "\n".join(problems)))
+    contents = re.sub("^<!--", problemStatement, contents)
+    with open(ruleset.filename, "w") as f:
+        f.write(contents)
+
+
+# A dict indexed by binary SHA256 hashes. A ruleset whose hash matches an entry in
+# the skiplist will skip tests. This is a way to grandfather in rules written
+# before the coverage tests were required, but also require coverage
+# improvements when updating the rules.
+skipdict = {}
+
+
+def skipFile(filename):
+    hasher = hashlib.new('sha256')
+    with open(filename, 'rb') as f:
+        hasher.update(f.read())
+    if hasher.digest() in skipdict:
+        return True
+    else:
+        return False
+
+
+def json_output(resQueue, json_file, problems):
+    """
+    output results in json format
+
+    @param resQueue: The result Queue
+    @param json_file: json file name to write to
+    @param problems: A list of problems in XML files
+    """
+    data = {}
+    try:
+        res = resQueue.get_nowait()
+        while res:
+            result_val = res["result"]
+            del (res["result"])
+            if not result_val in data:
+                data[result_val] = []
+            data[result_val].append(res)
+
+            res = resQueue.get_nowait()
+    except queue.Empty:
+        pass  # Got everything
+
+    data["coverage"] = problems
+
+    with open(json_file, "wt") as fh:
+        json.dump(data, fh, indent=4)
+
+
+def cli():
+    parser = argparse.ArgumentParser(
+        description='Check HTTPs rules for validity')
+    parser.add_argument(
+        'checker_config', help='an integer for the accumulator')
+    parser.add_argument('rule_files', nargs="*", default=[],
+                        help="Specific XML rule files")
+    parser.add_argument('--json_file', default=None,
+                        help='write results in json file')
+    args = parser.parse_args()
+
+    config = ConfigParser()
+    config.read(args.checker_config)
+
+    logfile = config.get("log", "logfile")
+    loglevel = convertLoglevel(config.get("log", "loglevel"))
+    if logfile == "-":
+        logging.basicConfig(stream=sys.stderr, level=loglevel,
+                            format="%(levelname)s %(message)s")
+    else:
+        logging.basicConfig(filename=logfile, level=loglevel,
+                            format="%(asctime)s %(levelname)s %(message)s [%(pathname)s:%(lineno)d]")
+
+    autoDisable = False
+    if config.has_option("rulesets", "auto_disable"):
+        autoDisable = config.getboolean("rulesets", "auto_disable")
+    # Test rules even if they have default_off=...
+    includeDefaultOff = False
+    if config.has_option("rulesets", "include_default_off"):
+        includeDefaultOff = config.getboolean(
+            "rulesets", "include_default_off")
+    ruledir = config.get("rulesets", "rulesdir")
+    checkCoverage = False
+    if config.has_option("rulesets", "check_coverage"):
+        checkCoverage = config.getboolean("rulesets", "check_coverage")
+    checkTargetValidity = False
+    if config.has_option("rulesets", "check_target_validity"):
+        checkTargetValidity = config.getboolean(
+            "rulesets", "check_target_validity")
+    checkNonmatchGroups = False
+    if config.has_option("rulesets", "check_nonmatch_groups"):
+        checkNonmatchGroups = config.getboolean(
+            "rulesets", "check_nonmatch_groups")
+    checkTestFormatting = False
+    if config.has_option("rulesets", "check_test_formatting"):
+        checkTestFormatting = config.getboolean(
+            "rulesets", "check_test_formatting")
+    certdir = config.get("certificates", "basedir")
+    if config.has_option("rulesets", "skiplist") and config.has_option("rulesets", "skipfield"):
+        skiplist = config.get("rulesets", "skiplist")
+        skipfield = config.get("rulesets", "skipfield")
+        with open(skiplist) as f:
+            f.readline()
+            for line in f:
+                splitLine = line.split(",")
+                fileHash = splitLine[0]
+                if splitLine[int(skipfield)] == "1":
+                    skipdict[binascii.unhexlify(fileHash)] = 1
+
+    threadCount = config.getint("http", "threads")
+    httpEnabled = True
+    if config.has_option("http", "enabled"):
+        httpEnabled = config.getboolean("http", "enabled")
+
+    metricName = config.get("thresholds", "metric")
+    thresholdDistance = config.getfloat("thresholds", "max_distance")
+    metricClass = getMetricClass(metricName)
+    metric = metricClass()
+
+    if args.rule_files:
+        xmlFnames = args.rule_files
+    else:
+        xmlFnames = glob.glob(os.path.join(ruledir, "*.xml"))
+    trie = RuleTrie()
+
+    rulesets = []
+    coverageProblemsExist = False
+    targetValidityProblemExist = False
+    nonmatchGroupProblemsExist = False
+    testFormattingProblemsExist = False
+    for xmlFname in xmlFnames:
+        logging.debug("Parsing {}".format(xmlFname))
+        if skipFile(xmlFname):
+            logging.debug(
+                "Skipping rule file '{}', matches skiplist.".format(xmlFname))
+            continue
+
+        with open(xmlFname, "rb") as f:
+            ruleset = Ruleset(etree.parse(f).getroot(), xmlFname)
+        if ruleset.defaultOff and not includeDefaultOff:
+            logging.debug("Skipping rule '{}', reason: {}".format(
+                          ruleset.name, ruleset.defaultOff))
+            continue
+        # Check whether ruleset coverage by tests was sufficient.
+        if checkCoverage:
+            logging.debug("Checking coverage for '{}'.".format(ruleset.name))
+            problems = ruleset.getCoverageProblems()
+            for problem in problems:
+                coverageProblemsExist = True
+                logging.error(problem)
+        if checkTargetValidity:
+            logging.debug("Checking target validity for '{}'.".format(ruleset.name))
+            problems = ruleset.getTargetValidityProblems()
+            for problem in problems:
+                targetValidityProblemExist = True
+                logging.error(problem)
+        if checkNonmatchGroups:
+            logging.debug("Checking non-match groups for '{}'.".format(ruleset.name))
+            problems = ruleset.getNonmatchGroupProblems()
+            for problem in problems:
+                nonmatchGroupProblemsExist = True
+                logging.error(problem)
+        if checkTestFormatting:
+            logging.debug("Checking test formatting for '{}'.".format(ruleset.name))
+            problems = ruleset.getTestFormattingProblems()
+            for problem in problems:
+                testFormattingProblemsExist = True
+                logging.error(problem)
+        trie.addRuleset(ruleset)
+        rulesets.append(ruleset)
+
+    fetchOptions = http_client.FetchOptions(config)
+    fetchers = list()
+
+    # Ensure "default" is in the platform dirs
+    if not os.path.isdir(os.path.join(certdir, "default")):
+        raise RuntimeError(
+            "Platform 'default' is missing from certificate directories")
+
+    platforms = http_client.CertificatePlatforms(
+        os.path.join(certdir, "default"))
+    fetchers.append(http_client.HTTPFetcher(
+        "default", platforms, fetchOptions, trie))
+    # fetches pages with unrewritten URLs
+    fetcherPlain = http_client.HTTPFetcher("default", platforms, fetchOptions)
+
+    urlList = []
+    if config.has_option("http", "url_list"):
+        with open(config.get("http", "url_list")) as urlFile:
+            urlList = [line.rstrip() for line in urlFile.readlines()]
+
+    if httpEnabled:
+        taskQueue = queue.Queue(1000)
+        resQueue = queue.Queue()
+        startTime = time.time()
+        testedUrlPairCount = 0
+
+        for i in range(threadCount):
+            t = UrlComparisonThread(
+                taskQueue, metric, thresholdDistance, autoDisable, resQueue)
+            t.setDaemon(True)
+            t.start()
+
+        # set of main pages to test
+        mainPages = set(urlList)
+        # If list of URLs to test/scan was not defined, use the test URL extraction
+        # methods built into the Ruleset implementation.
+        if not urlList:
+            for ruleset in rulesets:
+                if ruleset.platform != "default" and os.path.isdir(os.path.join(certdir, ruleset.platform)):
+                    theseFetchers = copy.deepcopy(fetchers)
+                    platforms.addPlatform(ruleset.platform, os.path.join(certdir, ruleset.platform))
+                    theseFetchers.append(http_client.HTTPFetcher(
+                        ruleset.platform, platforms, fetchOptions, trie))
+                else:
+                    theseFetchers = fetchers
+                testUrls = []
+                for test in ruleset.tests:
+                    if not ruleset.excludes(test.url):
+                        testedUrlPairCount += 1
+                        testUrls.append(test.url)
+                    else:
+                        # TODO: We should fetch the non-rewritten exclusion URLs to make
+                        # sure they still exist.
+                        logging.debug("Skipping excluded URL {}".format(test.url))
+                task = ComparisonTask(testUrls, fetcherPlain, theseFetchers, ruleset)
+                taskQueue.put(task)
+
+        taskQueue.join()
+        logging.info("Finished in {:.2f} seconds. Loaded rulesets: {}, URL pairs: {}.".format(
+                     time.time() - startTime, len(xmlFnames), testedUrlPairCount))
+        if args.json_file:
+            json_output(resQueue, args.json_file, problems)
+    if checkCoverage:
+        if coverageProblemsExist:
+            return 1  # exit with error code
+    if checkTargetValidity:
+        if targetValidityProblemExist:
+            return 1  # exit with error code
+    if checkNonmatchGroups:
+        if nonmatchGroupProblemsExist:
+            return 1  # exit with error code
+    if checkTestFormatting:
+        if testFormattingProblemsExist:
+            return 1  # exit with error code
+    return 0  # exit with success
+
+
+if __name__ == '__main__':
+    sys.exit(cli())
diff --git a/test/rules/src/https_everywhere_checker/http_client.py b/test/rules/src/https_everywhere_checker/http_client.py
new file mode 100644
index 000000000000..7cd0f5178dd3
--- /dev/null
+++ b/test/rules/src/https_everywhere_checker/http_client.py
@@ -0,0 +1,468 @@
+import sys
+import logging
+import pycurl
+import urllib.parse
+import io
+import pathlib
+import pickle
+import tempfile
+import traceback
+import subprocess
+import re
+
+# We need a cookie jar because some sites (e.g. forums.aws.amazon.com) go into a
+# redirect loop without it.
+COOKIE_FILE_NAME = tempfile.mkstemp()[1]
+
+
+class CertificatePlatforms(object):
+    """Maps platform names from rulesets to CA certificate sets"""
+
+    def __init__(self, defaultCAPath):
+        """Initialize with default path for CA certificates.
+
+        @param defaultCAPath: directory with PEM certificates of trusted
+        CA certificates that have been run throug openssl's c_rehash
+        """
+        self.defaultCAPath = defaultCAPath
+        self.platformPaths = {"default": defaultCAPath}
+
+    def addPlatform(self, platform, caPath):
+        """Add a directory with CA certificates for given platform.
+
+        @param platform: string name that matches the "platform"
+        attribute in <ruleset> element
+        @param caPath: path to dir with c_rehash'd PEM certificates
+        """
+        self.platformPaths[platform] = caPath
+
+    def getCAPath(self, platform):
+        """Return path to CA certs for chosen platform. If it does not
+        exist, return default CA path.
+        """
+        return self.platformPaths.get(platform) or self.defaultCAPath
+
+
+class FetchOptions(object):
+    """HTTP fetcher options like timeouts."""
+
+    # The default list of cipher suites that are supported in Firefox ESR, Chrome
+    # These naming formats are from OpenSSL
+    # This list is crosschecked with https://wiki.mozilla.org/Security/Cipher_Suites and https://clienttest.ssllabs.com
+    _DEFAULT_CIPHERLIST = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA"
+
+    def __init__(self, config):
+        """Parse options from [http] section
+
+        @param config: ConfigParser object - a config with [http] section
+        """
+        self.connectTimeout = config.getint("http", "connect_timeout")
+        self.readTimeout = config.getint("http", "read_timeout")
+        self.redirectDepth = config.getint("http", "redirect_depth")
+        self.userAgent = None
+        self.curlVerbose = False
+        self.sslVersion = pycurl.SSLVERSION_DEFAULT
+        self.useSubprocess = True
+        self.staticCAPath = None
+        self.cipherList = self._DEFAULT_CIPHERLIST
+
+        if config.has_option("http", "user_agent"):
+            self.userAgent = config.get("http", "user_agent")
+        if config.has_option("http", "curl_verbose"):
+            self.curlVerbose = config.getboolean("http", "curl_verbose")
+        if config.has_option("http", "fetch_in_subprocess"):
+            self.useSubprocess = config.getboolean(
+                "http", "fetch_in_subprocess")
+        if config.has_option("http", "cipherList"):
+            self.cipherList = config.get("http", "cipherList")
+        if config.has_option("http", "ssl_version"):
+            versionStr = config.get("http", "ssl_version")
+            try:
+                self.sslVersion = getattr(pycurl, 'SSLVERSION_' + versionStr)
+            except AttributeError:
+                raise ValueError(
+                    "SSL version '{}' specified in config is unsupported.".format(versionStr))
+        if config.has_option("http", "static_ca_path"):
+            self.staticCAPath = config.get("http", "static_ca_path")
+
+
+class FetcherInArgs(object):
+    """Container for parameters necessary to be passed to CURL fetcher when
+    invoked in subprocess to workaround openssl/gnutls+curl threading bugs.
+    """
+
+    def __init__(self, url, options, platformPath):
+        """
+        @param url: IDNA-encoded URL
+        @param options: FetchOptions instance
+        @param platformPath: directory with platform certificates
+        """
+        self.url = url
+        self.options = options
+        self.platformPath = platformPath
+
+    def check(self):
+        """Throw HTTPFetcherError unless attributes are set and sane."""
+        if not isinstance(self.url, str) or not self.url:
+            raise HTTPFetcherError("URL missing or bad type")
+        if not isinstance(self.options, FetchOptions):
+            raise HTTPFetcherError("Options have bad type")
+        if not isinstance(self.platformPath, str) or not self.platformPath:
+            raise HTTPFetcherError("Platform path missing or bad type")
+
+
+class FetcherOutArgs(object):
+    """Container for data returned from fetcher. Picklable object to use
+    with subprocess PyCURL invocation.
+    """
+
+    def __init__(self, httpCode=None, data=None, headerStr=None,
+                 errorStr=None, shortError=None):
+        """
+        @param httpCode: return HTTP code as int
+        @param data: data fetched from URL as str
+        @param headerStr: HTTP headers as str
+        @param errorStr: formatted backtrace from exception as str
+        @param shortError: short one-line error description
+        """
+        self.httpCode = httpCode
+        self.data = data
+        self.headerStr = headerStr
+        self.errorStr = errorStr
+        self.shortError = shortError
+
+
+class HTTPFetcherError(RuntimeError):
+    pass
+
+
+class ErrorSanitizer():
+    """ Sanitize errors thrown by sub-tools and libraries
+    """
+
+    def __init__(self):
+        self.fetch_pattern = [("Could not resolve host", "Could not resolve host"),
+                              ("Resolving timed out after", "Resolving timeout"),
+                              ("Operation timed out after", "Operation timeout"),
+                              ("Connection timed out after", "Connection timeout"),
+                              ("Error in protocol version",
+                               "gnutls: protocol version error"),
+                              ("server certificate verification failed",
+                               "gnutls: certificate verification failed"),
+                              ("The server name sent was not recognized",
+                               "gnutls: server name not recognized"),
+                              ("The TLS connection was non-properly terminated",
+                               "gnutls: termination error"),
+                              ("gnutls_handshake\\(\\) failed: Handshake failed",
+                               "gnutls: handshake failed"),
+                              ("gnutls_handshake\\(\\) failed: A record packet with illegal version was received",
+                               "gnutls: handshake fail, illegal version"),
+                              ("does not match target host name.*SSL: certificate subject name",
+                               "ssl: certificate subject mismatch"),
+                              ("Failed to connect to .*No route to host",
+                               "no route to host"),
+                              ("Failed to connect to .*Connection refused",
+                               "connection refused"),
+                              ("gnutls_handshake\\(\\) failed: Error in the pull function\\.",
+                               "gnutls: handshake fail in pull"),
+                              ("gnutls_handshake\\(\\) failed: Internal error",
+                               "gnutls: handshake fail internal error"),
+                              ("Empty reply from server", "empty reply")
+                              ]
+        pass
+
+    def fetcher(self, shortError, errorStr):
+        """ Sanitize fetcher errors
+        qparam shortError:
+        qparam errorStr:
+        qreturn: The new error string
+        """
+
+        for pattern, replacement in self.fetch_pattern:
+            p = re.compile(pattern)
+            m = p.search(errorStr)
+            if m:
+                return replacement
+
+        return "Fetcher subprocess error: {}\n{}".format(shortError, errorStr)
+
+
+class HTTPFetcher(object):
+    """Fetches HTTP(S) pages via PyCURL. CA certificates can be configured.
+    """
+
+    def __init__(self, platform, certPlatforms, fetchOptions, ruleTrie=None):
+        """Create fetcher that validates certificates using selected
+        platform.
+
+        @param platform: platform name to use for TLS cert verification
+        @param certPlatforms: CertificatePlatforms instance with caPaths
+        for known platforms
+        @param ruleTrie: rules.RuleTrie to apply on URLs for following.
+        Set to None if redirects should not be rewritten
+        """
+        self.platformPath = certPlatforms.getCAPath(platform)
+        self.certPlatforms = certPlatforms
+        self.options = fetchOptions
+        self.ruleTrie = ruleTrie
+
+    def absolutizeUrl(self, base, url):
+        """
+        Construct a full ("absolute") URL by combining a "base URL" (base)
+        with another URL (url) as per RFC 3986.
+
+        @param base: base URL of original document
+        @param url: URL to be resolved against base URL
+        """
+
+        # urljoin fails for some of the abnormal examples in section 5.4.2
+        # of RFC 3986 if there are too many ./ or ../
+        # See https://bugs.python.org/issue3647
+        joinedUrl = urllib.parse.urljoin(base, url)
+        joinedUrlParts = urllib.parse.urlparse(joinedUrl)
+
+        # Strip any leading ./ and ../
+        path = joinedUrlParts.path
+        if path[:1] == '/':
+            segments = path.split('/')
+            while '.' in segments:
+                segments.remove('.')
+            while '..' in segments:
+                segments.remove('..')
+            path = '/'.join(segments)
+
+        # Non-trivial rewrites do not work without a trailing '/'
+        # See https://github.com/EFForg/https-everywhere/issues/14365
+        if path == '':
+            path = '/'
+
+        joinedUrlParts = urllib.parse.ParseResult(
+            joinedUrlParts.scheme,
+            joinedUrlParts.netloc,
+            path,
+            joinedUrlParts.params,
+            joinedUrlParts.query,
+            joinedUrlParts.fragment,
+        )
+        return joinedUrlParts.geturl()
+
+    @staticmethod
+    def _doFetch(url, options, platformPath):
+        """
+        Fetch data from URL. If options.useSubprocess is True, spawn
+        subprocess for fetching.
+
+        @see HTTPFetcher.staticFetch() for parameter description
+
+        @throws: anything staticFetch() throws
+        @throws: HTTPFetcherError in case of problem in subprocess invocation
+        @throws: cPickle.UnpicklingError when we get garbage from subprocess
+        """
+        if not options.useSubprocess:
+            return HTTPFetcher.staticFetch(url, options, platformPath)
+
+        inArgs = FetcherInArgs(url, options, platformPath)
+
+        # Workaround for cPickle seeing module name as __main__ if we
+        # just directly executed this script.
+        # TODO: check PYTHONPATH etc if not in the same dir as script
+        # TODO: we should set the main process to be session leader
+        trampoline = 'from https_everywhere_checker import http_client; http_client.subprocessFetch()'
+
+        # Spawn subprocess, call this module as "main" program. I tried
+        # also using python's multiprocessing module, but for some
+        # reason it was a hog on CPU and RAM (maybe due to the queues?)
+        # Also, logging module didn't play along nicely.
+        args = [sys.executable, '-c', trampoline]
+        p = subprocess.Popen(args, stdin=subprocess.PIPE,
+                             stdout=subprocess.PIPE,	stderr=subprocess.PIPE)
+
+        # Hopefully we shouldn't deadlock here: first all data is written
+        # to subprocess's stdin, it will unpickle them first. Then we
+        # wait for resulting pickled data from stdout. In case of trouble,
+        # try using big bufsize or bufsize=-1 in Popen invocation.
+        #
+        # Doc page for subprocess says "don't use communicate() with big
+        # or unlimited data", but doesn't say what is the alternative
+        (outData, errData) = p.communicate(pickle.dumps(inArgs))
+        exitCode = p.wait()
+
+        if exitCode != 0:
+            raise HTTPFetcherError(
+                "Subprocess failed with exit code {}".format(exitCode))
+
+        #logging.debug("Subprocess finished OK")
+        unpickled = pickle.loads(outData)
+        if not isinstance(unpickled, FetcherOutArgs):
+            raise HTTPFetcherError("Unexpected datatype received from subprocess: {}".format(
+                                   type(unpickled)))
+        if unpickled.errorStr:  # chained exception tracebacks are bit ugly/long
+            assert unpickled.shortError is not None
+            raise HTTPFetcherError(ErrorSanitizer().fetcher(
+                unpickled.shortError, unpickled.errorStr))
+
+        return unpickled
+
+    @staticmethod
+    def staticFetch(url, options, platformPath):
+        """Construct a PyCURL object and fetch given URL.
+
+        @param url: IDNA-encoded URL
+        @param options: FetchOptions instance
+        @param platformPath: directory with platform certificates
+        @returns: FetcherOutArgs instance with fetched URL data
+
+        @throws: anything PyCURL can throw (SSL error, timeout, etc.)
+        """
+        try:
+            buf = io.BytesIO()
+            headerBuf = io.BytesIO()
+
+            urlParts = urllib.parse.urlparse(url)
+
+            c = pycurl.Curl()
+            c.setopt(c.URL, url)
+            c.setopt(c.WRITEFUNCTION, buf.write)
+            c.setopt(c.HEADERFUNCTION, headerBuf.write)
+            c.setopt(c.CONNECTTIMEOUT, options.connectTimeout)
+            c.setopt(c.COOKIEJAR, COOKIE_FILE_NAME)
+            c.setopt(c.COOKIEFILE, COOKIE_FILE_NAME)
+            c.setopt(c.TIMEOUT, options.readTimeout)
+            # Validation should not be disabled except for debugging
+            #c.setopt(c.SSL_VERIFYPEER, 0)
+            #c.setopt(c.SSL_VERIFYHOST, 0)
+            c.setopt(c.CAPATH, platformPath)
+            # We want to check against only the above path, but unfortunately
+            # curl will not function properly unless *some* valid certificate
+            # is provided for CURLOPT_CAINFO. This can not be set to null...
+            c.setopt(c.CAINFO, str(pathlib.Path('test', 'rules', 'platform_certs', 'default', 'cert001.pem')))
+            if options.userAgent:
+                c.setopt(c.USERAGENT, options.userAgent)
+            # Sending this extra header is necessary for weird edge cases.  See https://github.com/EFForg/https-everywhere/pull/10944
+            c.setopt(c.HTTPHEADER, ['X-Extra-Header: true'])
+            c.setopt(c.SSLVERSION, options.sslVersion)
+            c.setopt(c.VERBOSE, options.curlVerbose)
+            c.setopt(c.SSL_CIPHER_LIST, options.cipherList)
+            if urlParts.hostname[-6:] == '.onion':
+                c.setopt(c.PROXY, 'socks5h://127.0.0.1:9050')
+            c.perform()
+
+            bufValue = buf.getvalue()
+            headerStr = headerBuf.getvalue().decode('utf-8', 'ignore')
+            httpCode = c.getinfo(pycurl.HTTP_CODE)
+        finally:
+            buf.close()
+            headerBuf.close()
+            c.close()
+
+        fetched = FetcherOutArgs(httpCode, bufValue, headerStr)
+        return fetched
+
+    def fetchHtml(self, url):
+        """Fetch HTML from given http/https URL. Return codes 301, 302,
+        303, 307, and 308 are followed, URLs rewritten using HTTPS
+        Everywhere rules.
+
+        @param url: string URL of http(s) resource
+        @returns: tuple (httpResponseCode, htmlData)
+
+        @throws pycurl.error: on failed fetch
+        @throws HTTPFetcherError: on failed fetch/redirection
+        """
+        newUrl = url
+        # While going through 301/302 redirects we might encounter URL
+        # that was rewritten using different platform and need to use
+        # that platform's certs for the next fetch.
+        newUrlPlatformPath = self.platformPath
+
+        # set of URLs seen in redirects for cycle detection
+        seenUrls = set()
+
+        options = self.options
+
+        # handle 301/302 redirects while also rewriting them with HTE rules
+        # limit redirect depth
+        for depth in range(options.redirectDepth):
+            seenUrls.add(newUrl)
+
+            # override platform path detected from ruleset files
+            if options.staticCAPath:
+                newUrlPlatformPath = options.staticCAPath
+
+            fetched = HTTPFetcher._doFetch(newUrl, options, newUrlPlatformPath)
+
+            httpCode = fetched.httpCode
+            bufValue = fetched.data
+            headerStr = fetched.headerStr
+
+            # shitty HTTP header parsing
+            if httpCode == 0:
+                raise HTTPFetcherError("Pycurl fetch failed for '{}'".format(newUrl))
+            elif httpCode in (301, 302, 303, 307, 308):
+                location = None
+                for piece in headerStr.split('\n'):
+                    if piece.lower().startswith('location:'):
+                        location = piece[len('location:'):].strip()
+                if location is None:
+                    raise HTTPFetcherError(
+                        "Redirect for '{}' missing location header".format(newUrl))
+
+                location = self.absolutizeUrl(newUrl, location)
+                logging.debug("Following redirect {} => {}".format(newUrl, location))
+
+                if self.ruleTrie:
+                    ruleMatch = self.ruleTrie.transformUrl(location)
+                    newUrl = ruleMatch.url
+
+                    # Platform for cert validation might have changed.
+                    # Record CA path for the platform or reset if not known.
+                    # Not really sure fallback to first CA platform is always
+                    # correct, but it's expected that the platforms would be
+                    # same as the originating site.
+                    if ruleMatch.ruleset:
+                        newUrlPlatformPath = self.certPlatforms.getCAPath(
+                            ruleMatch.ruleset.platform)
+                    else:
+                        newUrlPlatformPath = self.platformPath
+
+                    if newUrl != location:
+                        logging.debug(
+                            "Redirect rewritten: {} => {}".format(location, newUrl))
+                else:
+                    newUrl = location
+
+                continue  # fetch redirected location
+
+            return (httpCode, bufValue)
+
+        raise HTTPFetcherError("Too many redirects while fetching '{}'".format(url))
+
+
+def subprocessFetch():
+    """
+    Used for invocation in fetcher subprocess. Reads pickled FetcherInArgs
+    from stdin and write FetcherOutArgs to stdout. Implementation of the
+    subprocess URL fetch.
+    """
+    outArgs = None
+
+    try:
+        inArgs = pickle.load(sys.stdin)
+        inArgs.check()
+        outArgs = HTTPFetcher.staticFetch(
+            inArgs.url, inArgs.options, inArgs.platformPath)
+    except BaseException as e:  # this will trap KeyboardInterrupt as well
+        errorStr = traceback.format_exc()
+        shortError = str(e)
+        outArgs = FetcherOutArgs(errorStr=errorStr, shortError=shortError)
+
+    if outArgs is None:
+        shortError = "Subprocess logic error - no output args"
+        errorStr = traceback.format_exception_only(HTTPFetcherError,
+                                                   HTTPFetcherError(shortError))
+        outArgs = FetcherOutArgs(errorStr=errorStr, shortError=shortError)
+
+    try:
+        pickle.dump(outArgs, sys.stdout)
+    except:
+        pickle.dump(None, sys.stdout)  # catch-all case
diff --git a/test/rules/src/https_everywhere_checker/metrics.py b/test/rules/src/https_everywhere_checker/metrics.py
new file mode 100644
index 000000000000..e03e62151252
--- /dev/null
+++ b/test/rules/src/https_everywhere_checker/metrics.py
@@ -0,0 +1,127 @@
+# Metrics for measuring similarity of two strings, HTML/XML DOM trees, etc.
+# They are not (yet) guarranteed to be "proper metrics" in calculus sense.
+
+from lxml import etree
+from io import StringIO
+
+import struct
+import bsdiff4 as bsdiff
+import Levenshtein
+
+
+class Metric(object):
+    """Abstract interface for Metric objects."""
+
+    def __init__(self):
+        pass
+
+    def distanceNormed(self, s1, s2):
+        """Return float distance metric of two strings s1 and s2 in
+        range [0, 1].
+        """
+        raise NotImlementedError()
+
+
+class BSDiffMetric(Metric):
+    """String similarity metric based on BSDiff."""
+
+    def __init__(self):
+        Metric.__init__(self)
+
+    def distanceNormed(self, s1, s2):
+        if len(s1) == 0 and len(s2) == 0:
+            return 0
+
+        # bsdiff is not symmetric, so take max from both diffs
+        control, diffBlock, extra = bsdiff.Diff(s1, s2)
+        extraRatio1 = float(len(extra))/float(max(len(s1), len(s2)))
+
+        control, diffBlock, extra = bsdiff.Diff(s2, s1)
+        extraRatio2 = float(len(extra))/float(max(len(s1), len(s2)))
+
+        return max(extraRatio1, extraRatio2)
+
+
+class MarkupMetric(Metric):
+    """Metric for tree-like hierarchical languages - XML, HTML."""
+
+    def __init__(self):
+        Metric.__init__(self)
+
+    def tagNameToCharMap(self, doc1, doc2, minIndex=0):
+        """Returns a dict that maps element names to unicode characters uniquely.
+
+        @param doc1: html/xml tree string as lxml Element or ElementTree
+        @param doc2: html/xml tree string as lxml Element or ElementTree
+        @param minIndex: start numbering with this unicode value
+        """
+        tags = set((elem.tag for elem in doc1.xpath("//*")))
+        tags.update((elem.tag for elem in doc2.xpath("//*")))
+
+        # Number them consistently among those two documents.
+        # Hackish way to map custom alphabet onto unicode chars, but works for
+        # up to >= 55000 element names which should be more than enough.
+        unicodeAlphabet = (struct.pack("<H", index).decode('utf-16')
+                           for index in range(minIndex, minIndex+len(tags)))
+        numberedTags = zip(tags, unicodeAlphabet)
+
+        return dict(numberedTags)
+
+    def mapTree(self, elem, tagToCharMap):
+        """Map element to unicode character. If it has no children, it'll be mapped
+        to a single char, otherwise mapped as "(X + Y + Z)" where X, Y, Z is
+        mapping of its children (+ is concatenation).
+
+        @param elem: lxml Element
+        @param tagToCharMap: dict from tag name to unicode char
+        """
+        # this isinstance test is in lxml tutorial, dunno how else to skip comments
+        children = [child for child in list(
+            elem) if isinstance(child.tag, str)]
+        thisElem = tagToCharMap[elem.tag]
+
+        if children:
+            childrenMap = [self.mapTree(child, tagToCharMap)
+                           for child in children]
+            return thisElem + '(' + "".join(childrenMap) + ')'
+        else:
+            return thisElem
+
+    def mappedTrees(self, doc1, doc2):
+        """Returns unicode string that represents the tree structure of
+        the HTML/XML documents. Only tag names are considered.
+
+        @returns: tuple of two unicode strings
+        """
+        # The 42 is first char after parentheses in unicode encoding
+        tagToCharMap = self.tagNameToCharMap(doc1, doc2, 42)
+
+        return (self.mapTree(doc1, tagToCharMap), self.mapTree(doc2, tagToCharMap))
+
+    def distanceNormed(self, s1, s2):
+        """
+        """
+        # Empty strings are not proper HTML/XML, but we can consider them
+        # same for our purpose.
+        if len(s1) == 0 and len(s2) == 0:
+            return 0
+        if s1 == s2:
+            return 0
+
+        try:
+            doc1 = etree.parse(StringIO(s1), etree.HTMLParser())
+            doc2 = etree.parse(StringIO(s2), etree.HTMLParser())
+        except:
+            # Some documents don't parse as XML. In that case, punt and return 0
+            # distance.
+            return 0
+
+        # If we failed to parse either document, return max Levenshtein distance.
+        # Note this will happen for non-HTML documents like favicons.
+        # Identical documents should hit the equality check before parsing.
+        if not doc1 or not doc2 or doc1.getroot() is None or doc2.getroot() is None:
+            return 1
+
+        mapped1, mapped2 = self.mappedTrees(doc1.getroot(), doc2.getroot())
+
+        return 1.0-Levenshtein.ratio(mapped1, mapped2)
diff --git a/test/rules/src/https_everywhere_checker/rule_trie.py b/test/rules/src/https_everywhere_checker/rule_trie.py
new file mode 100644
index 000000000000..a2cb2e1e123f
--- /dev/null
+++ b/test/rules/src/https_everywhere_checker/rule_trie.py
@@ -0,0 +1,210 @@
+import urllib.parse
+import os.path
+
+# Rule trie
+#
+# Rule trie is a suffix tree that resolves which rulesets should apply for a
+# given FDQN. FQDN is first transformed from potential IDN form into punycode
+# ASCII. Every node in the tree has a list of rulesets that maps the part of
+# FQDN between dots to list/set of rulesets.
+#
+# Children subdomains are mapped using dict.
+#
+#
+#                               +--------+
+#                           +---| root . |----+
+#                           |   +--------+    |
+#                           |                 |
+#                           |                 |
+#                           v                 v
+#                        +-----+           +-----+
+#                  +-----|  *  |     +-----| com |-----+
+#                  |     +-----+     |     +-----+     |
+#                  |                 |                 |
+#                  v                 v                 v
+#              +------+          +------+            +----+
+#           +--|google|---+      |google|-+      +---|blee|---+
+#           |  +------+   |      +------+ |      |   +----+   |
+#           |     |       |       |       |      |     |      |
+#           |     |       |       |       |      |     |      |
+#           v     v       v       v       v      v     v      v
+#         +---+ +---+ +----+    +---+   +---+  +---+ +----+ +---+
+#         | * | |www| |docs|    | * |   |www|  |www| |www2| |ssl|
+#         +---+ +---+ +----+    +---+   +---+  +---+ +----+ +---+
+#
+# At every node of the tree, there might be rulesets present. If a domain
+# a.b.c is looked up, at every location of * the search is branched into
+# multiple children - one with * and the other matching the domain part
+# exactly.
+#
+# Assuming complexity of lookup in dict is O(1), lookup of FQDN consisting
+# of N parts is O(N) if there are no * in the tree. Otherwise in theory
+# it could be O(2^N), but the HTTPS Everywhere rules require only one *, so we
+# still get O(N).
+
+
+class RuleTransformError(ValueError):
+    """Thrown when invalid scheme like file:/// is attempted to be
+    transformed.
+    """
+    pass
+
+
+class DomainNode(object):
+    """Node of suffix trie for searching of applicable rulesets."""
+
+    def __init__(self, subDomain, rulesets, depth):
+        """Create instance for part of FQDN.
+        @param subDomain: part of FQDN between "dots"
+        @param rulesets: rules.Ruleset list that applies for this node in tree
+        """
+        self.subDomain = subDomain
+        self.rulesets = rulesets
+        self.children = {}  # map of subdomain to instance of DomainNode
+        self.depth = depth  # depth in tree, root is at depth 0
+
+    def addChild(self, subNode):
+        """Add DomainNode for more-specific subdomains of this one."""
+        self.children[subNode.subDomain] = subNode
+
+    def matchingRulesets(self, domain):
+        """Find matching rulesets for domain in this subtree.
+        @param domain: domain to search for in this node's subtrees;
+        empty string matches this node. Must not contain wildcards.
+        @return: set of applicate rulesets
+        """
+        # we are the leaf that matched
+        if domain == "":
+            return self.rulesets
+
+        applicableRules = set()
+
+        # Wildcard node can expand to any number of subdomains per
+        # HTE rulesets, if it's at least 3-rd level domain.
+        # E.g. *.fbcdn.net target will also cover profile.ak.fbcdn.net
+        #
+        # See:
+        #  https://gitweb.torproject.org/https-everywhere.git/commitdiff/6ca405d010062d2b2cb91b2024d4ebf7d405dee7
+        #  https://www.eff.org/https-everywhere/rulesets (see also footnote)
+        #
+        # Currently there should be no targets with wildcard in the
+        # middle in HTE rules, like bla.*.something.tld
+        if self.depth >= 3 and self.subDomain == "*":
+            applicableRules.update(self.rulesets)
+
+        parts = domain.rsplit(".", 1)
+
+        if len(parts) == 1:  # direct match on children
+            childDomain = domain
+            subLevelDomain = ""
+        else:
+            subLevelDomain, childDomain = parts
+
+        wildcardChild = self.children.get("*")
+        ruleChild = self.children.get(childDomain)
+
+        # we need to consider direct matches as well as wildcard matches so
+        # that match for things like "bla.google.*" work
+        if ruleChild:
+            applicableRules.update(ruleChild.matchingRulesets(subLevelDomain))
+        if wildcardChild:
+            applicableRules.update(
+                wildcardChild.matchingRulesets(subLevelDomain))
+
+        return applicableRules
+
+    def prettyPrint(self, offset=0):
+        """Pretty print for debugging"""
+        print(" "*offset,)
+        print(self)
+        for child in self.children.values():
+            child.prettyPrint(offset+3)
+
+    def __str__(self):
+        return "<DomainNode for '{}', rulesets: {}>".format(self.subDomain, self.rulesets)
+
+    def __repr__(self):
+        return "<DomainNode for '{}>".format(self.subDomain,)
+
+
+class RuleMatch(object):
+    """Result of a rule match, contains transformed url and ruleset that
+    matched (might be None if no match was found).
+    """
+
+    def __init__(self, url, ruleset):
+        """Create instance that records url and ruleset that matched.
+
+        @param url: transformed url after applying ruleset
+        @param ruleset: ruleset that was used for the transform
+        """
+        self.url = url
+        self.ruleset = ruleset
+
+
+class RuleTrie(object):
+    """Suffix trie for rulesets."""
+
+    def __init__(self):
+        self.root = DomainNode("", [], 0)
+
+    def matchingRulesets(self, fqdn):
+        """Return rulesets applicable for FQDN. Wildcards not allowed.
+        """
+        return self.root.matchingRulesets(fqdn)
+
+    def addRuleset(self, ruleset):
+        """Creates structure for given ruleset in the trie.
+        @param ruleset: rules.Ruleset instance
+        """
+        for target in ruleset.targets:
+            node = self.root
+            # enumerate parts so we know when we hit leaf where
+            # rulesets are to be stored
+            parts = list(enumerate(target.split(".")))
+            depth = 0
+
+            for (idx, part) in reversed(parts):
+                depth += 1
+                partNode = node.children.get(part)
+
+                # create node if not existing already and stuff
+                # the rulesets in leaf
+                if not partNode:
+                    partNode = DomainNode(part, [], depth)
+                    node.addChild(partNode)
+                if idx == 0:
+                    # there should be only one ruleset, but...
+                    partNode.rulesets.append(ruleset)
+
+                node = partNode
+
+    def acceptedScheme(self, url):
+        """Returns True iff the scheme in URL is accepted (http, https).
+        """
+        parsed = urllib.parse.urlparse(url)
+        return parsed.scheme in ("http", "https")
+
+    def transformUrl(self, url):
+        """Look for rules applicable to URL and apply first one. If no
+        ruleset matched, resulting RuleMatch object will have None set
+        as the matching ruleset.
+
+        @returns: RuleMatch with transformed URL and ruleset that applied
+        @throws: RuleTransformError if scheme is wrong (e.g. file:///)
+        """
+        parsed = urllib.parse.urlparse(url)
+        if parsed.scheme not in ("http", "https"):
+            raise RuleTransformError("Unknown scheme '{}' in '{}'".format(parsed.scheme, url))
+
+        fqdn = parsed.netloc.lower()
+        matching = self.matchingRulesets(fqdn)
+
+        for ruleset in matching:
+            newUrl = ruleset.apply(url)
+            if newUrl != url:
+                return RuleMatch(newUrl, ruleset)
+        return RuleMatch(url, None)
+
+    def prettyPrint(self):
+        self.root.prettyPrint()
diff --git a/test/rules/src/https_everywhere_checker/rules.py b/test/rules/src/https_everywhere_checker/rules.py
new file mode 100644
index 000000000000..431819677216
--- /dev/null
+++ b/test/rules/src/https_everywhere_checker/rules.py
@@ -0,0 +1,433 @@
+from tldextract import tldextract
+from urllib.parse import urlparse
+
+import regex
+import socket
+
+
+class Rule(object):
+    """Represents one from->to rule element."""
+
+    def __init__(self, ruleElem):
+        """Convert one <rule> element.
+        @param: etree <rule>Element
+        """
+        attrs = ruleElem.attrib
+        self.fromPattern = attrs["from"]
+        # Switch $1, $2... JS capture patterns to Python \g<1>, \g<2>...
+        # The \g<1> named capture is used instead of \1 because it would
+        # break for rules whose domain begins with a digit.
+        self.toPattern = regex.sub(r"\$(\d)", r"\\g<\1>", attrs["to"])
+        self.fromRe = regex.compile(self.fromPattern)
+        # Test cases that this rule applies to.
+        self.tests = []
+
+    def apply(self, url):
+        """Apply rule to URL string and return result."""
+        return self.fromRe.sub(self.toPattern, url)
+
+    def matches(self, url):
+        """Returns true iff this rule matches given url
+        @param url: URL to check as string
+        """
+        return self.fromRe.search(url) is not None
+
+    def __repr__(self):
+        return "<Rule from '{}' to '{}'>".format(self.fromRe.pattern, self.toPattern)
+
+    def __str__(self):
+        return self.__repr__()
+
+    def _id(self):
+        """Indentity for __eq__ and __hash__"""
+        return (self.fromPattern, self.toPattern)
+
+    def __eq__(self, other):
+        return self._id() == other._id()
+
+    def __hash__(self):
+        return hash(self._id())
+
+
+class Exclusion(object):
+    """Exclusion rule for <exclusion pattern=""> element"""
+
+    def __init__(self, exclusionElem):
+        """Create instance from <exclusion> element
+        @param exclusionElem: <exclusion> element from lxml tree
+        """
+        self.exclusionPattern = exclusionElem.attrib["pattern"]
+        self.exclusionRe = regex.compile(self.exclusionPattern)
+        # Test cases that this exclusion applies to.
+        self.tests = []
+
+    def matches(self, url):
+        """Returns true iff this exclusion rule matches given url
+        @param url: URL to check as string
+        """
+        return self.exclusionRe.search(url) is not None
+
+    def __repr__(self):
+        return "<Exclusion pattern '{}'>".format(self.exclusionPattern)
+
+
+class Test(object):
+    """A test case from a <test url=""> element"""
+
+    def __init__(self, url):
+        """Create instance from <test> element
+        @param exclusionElem: <test> element from lxml tree
+        """
+        self.url = url
+
+    def __eq__(test1, test2):
+        return test1.url == test2.url
+
+    def __hash__(self):
+        return self.url.__hash__()
+
+class Ruleset(object):
+    """Represents one XML ruleset file."""
+
+    # extracts value of first attribute in list as a string
+    def _strAttr(attrList): return attrList[0]
+
+    # extract attribute value
+    def _targetAttrs(attrList): return tuple(attr for attr in attrList)
+
+    # convert each etree Element of list into Rule
+    def _rulesConvert(elemList): return [Rule(elem) for elem in elemList]
+
+    # convert each etree Element of list into Exclusion
+    def _exclusionConvert(elemList): return [
+        Exclusion(elem) for elem in elemList]
+
+    def _testConvert(elemList): return [Test(
+        elem.attrib["url"]) for elem in elemList]
+
+    # functional description of converting XML elements/attributes into
+    # instance variables. Tuples are:
+    #(attribute name in this class, XPath expression, conversion function into value)
+    _attrConvert = [
+        ("name",	"@name", 		_strAttr),
+        ("platform",	"@platform", 		_strAttr),
+        ("defaultOff",	"@default_off", 	_strAttr),
+        ("targets",	"target/@host",		_targetAttrs),
+        ("rules",	"rule", 		_rulesConvert),
+        ("exclusions",	"exclusion", 		_exclusionConvert),
+        ("tests",	"test", 		_testConvert),
+    ]
+
+    def __init__(self, xmlTree, filename):
+        """Create instance from given XML (sub)tree.
+
+        @param xmlTree: XML (sub)tree corresponding to the <ruleset> element
+        @param filename: filename this ruleset originated from (for
+        reporting purposes)
+        """
+        root = xmlTree
+        # set default values for rule attributes, makes it easier for
+        # code completion
+        self.name = None
+        self.platform = "default"
+        self.defaultOff = None
+        self.rules = []
+        self.targets = []
+        self.exclusions = []
+        self.filename = filename
+        self.tests = []
+        self.determine_test_application_run = False
+
+        for (attrName, xpath, conversion) in self._attrConvert:
+            elems = root.xpath(xpath)
+            if elems:
+                setattr(self, attrName, conversion(elems))
+
+        self._addTests()
+
+    def excludes(self, url):
+        """Returns True iff one of exclusion patterns matches the url."""
+        return any((exclusion.matches(url) for exclusion in self.exclusions))
+
+    def apply(self, url):
+        """Apply rules from this ruleset on the given url. Exclusions
+        are checked.
+
+        @param url: string URL
+        """
+        if self.excludes(url):
+            return url
+
+        for rule in self.rules:
+            try:
+                newUrl = rule.apply(url)
+                if url != newUrl:
+                    return newUrl  # only one rewrite
+            except Exception as e:
+                raise Exception(e.__str__() + " " + rule.fromPattern)
+
+        return url  # nothing rewritten
+
+    def _addTests(self):
+        """In addition to any tests provided as <test> elements, add a test case for
+        each non-wildcard target."""
+        for target in self.targets:
+            if '*' in target:
+                continue
+            self.tests.append(Test("http://{}/".format(target)))
+
+    def _determineTestApplication(self):
+        """Match each test against a rule or exclusion if possible, and hang them
+                 off that rule or exclusion.  Return any coverage problems."""
+        if not self.determine_test_application_run:
+            self.test_application_problems = []
+
+            # check for duplicated test urls
+            if len(self.tests) != len(set(self.tests)):
+                for test in set(self.tests):
+                    if self.tests.count(test) > 1:
+                        self.test_application_problems.append("%s: Duplicated test URL found %s" % (
+                            self.filename, test.url))
+
+            for test in self.tests:
+                applies = self.whatApplies(test.url)
+                if applies:
+                    applies.tests.append(test)
+                else:
+                    self.test_application_problems.append("{}: No rule or exclusion applies to test URL {}".format(
+                        self.filename, test.url))
+
+            for test in self.tests:
+                urlParts = urlparse(test.url)
+                hostname = urlParts.hostname
+
+                isCovered = hostname in self.targets
+
+                if not isCovered:
+                    parts = hostname.split('.')
+
+                    for i in range(len(parts)):
+                        tmp = parts[i]
+                        parts[i] = '*'
+
+                        if '.'.join(parts) in self.targets:
+                            isCovered = True
+                            break
+
+                        if '.'.join(parts[i:len(parts)]) in self.targets:
+                            isCovered = True
+                            break
+
+                        parts[i] = tmp
+
+                if not isCovered:
+                    self.test_application_problems.append("{}: No target applies to test URL {}".format(
+                        self.filename, test.url))
+
+            self.determine_test_application_run = True
+        return self.test_application_problems
+
+    def getTargetValidityProblems(self):
+        """Verify that each target has a valid TLD in order to prevent problematic rewrite
+                 as stated in EFForg/https-everywhere/issues/10877. In particular,
+                 right-wildcard target are ignored from this test.
+
+                 Returns an array of strings reporting any coverage problems if they exist,
+                 or empty list if coverage is sufficient.
+                 """
+        problems = self._determineTestApplication()
+
+        # Next, make sure each target has a valid TLD and doesn't overlap with others
+        for target in self.targets:
+            # If it's a wildcard, check which other targets it covers
+            if '*' in target:
+                target_re = regex.escape(target)
+
+                if target_re.startswith(r'\*'):
+                    target_re = target_re[2:]
+                else:
+                    target_re = r'\A' + target_re
+
+                target_re = regex.compile(
+                    target_re.replace(r'\*', r'[^.]*') + r'\Z')
+
+                others = [other for other in self.targets if other !=
+                          target and target_re.search(other)]
+
+                if others:
+                    problems.append("{}: Target '{}' also covers {}".format(self.filename, target, others))
+
+            # Ignore right-wildcard targets for TLD checks
+            if target.endswith(".*"):
+                continue
+
+            # Ignore if target is an ipv4 address
+            try:
+                socket.inet_aton(target)
+                continue
+            except:
+                pass
+
+            # Ignore if target is an ipv6 address
+            try:
+                socket.inet_pton(socket.AF_INET6, target)
+                continue
+            except:
+                pass
+
+            # Extract TLD from target if possible
+            res = tldextract.extract(target)
+            if res.suffix == "":
+                problems.append("{}: Target '{}' missing eTLD".format(self.filename, target))
+            elif res.domain == "":
+                problems.append("{}: Target '{}' containing entire eTLD".format(
+                    self.filename, target))
+
+        return problems
+
+    def getCoverageProblems(self):
+        """Verify that each target, rule and exclusion has the right number of tests
+                 that applies to it. Also check that each target has the right
+                 number of tests. In particular left-wildcard targets should have at least
+                 three tests. Right-wildcard targets should have at least ten tests.
+
+                 Returns an array of strings reporting any coverage problems if they exist,
+                 or empty list if coverage is sufficient.
+                 """
+        self._determineTestApplication()
+        problems = []
+
+        # First, check each target has the right number of tests
+        myTestTargets = []
+
+        # Only take tests which are not excluded into account
+        for test in self.tests:
+            if not self.excludes(test.url):
+                urlParts = urlparse(test.url)
+                hostname = urlParts.hostname
+                myTestTargets.append(hostname)
+
+        for target in self.targets:
+            actual_count = 0
+            needed_count = 1
+
+            if target.startswith("*."):
+                needed_count = 3
+
+            if target.endswith(".*"):
+                needed_count = 10
+
+            # non-wildcard target always have an implicit test url, if is it not excluded
+            if not "*" in target and not self.excludes(("http://{}/".format(target))):
+                continue
+
+            # According to the logic in rules.js available at
+            # EFForg/https-everywhere/blob/07fe9bd51456cc963c2d99e327f3183e032374ee/chromium/rules.js#L404
+            #
+            pattern = target.replace('.', r'\.')  # .replace('*', '.+')
+
+            # `*.example.com` matches `bar.example.com` and `foo.bar.example.com` etc.
+            if pattern[0] == '*':
+                pattern = pattern.replace('*', '.+')
+
+            # however, `example.*` match `example.com` but not `example.co.uk`
+            if pattern[-1] == '*':
+                pattern = pattern.replace('*', '[^.]+')
+
+            # `www.*.example.com` match `www.image.example.com` but not `www.ssl.image.example.com`
+            pattern = pattern.replace('*', '[^.]+')
+
+            pattern = '^' + pattern + '$'
+
+            for test in myTestTargets:
+                if regex.search(pattern, test) is not None:
+                    actual_count += 1
+
+                    if not actual_count < needed_count:
+                        break
+
+            if actual_count < needed_count:
+                problems.append("{}: Not enough tests ({} vs {}) for {}".format(
+                    self.filename, actual_count, needed_count, target))
+
+        # Next, make sure each rule or exclusion has sufficient tests.
+        for rule in self.rules:
+            needed_count = 1 + len(regex.findall("[+*?|]", rule.fromPattern))
+            # Don't treat the question mark in non-capturing and lookahead groups as increasing the
+            # number of required tests.
+            needed_count = needed_count - \
+                len(regex.findall(r"\(\?:", rule.fromPattern))
+            needed_count = needed_count - \
+                len(regex.findall(r"\(\?!", rule.fromPattern))
+            needed_count = needed_count - \
+                len(regex.findall(r"\(\?=", rule.fromPattern))
+            # Don't treat escaped questions marks as increasing the number of required
+            # tests.
+            needed_count = needed_count - \
+                len(regex.findall(r"\?", rule.fromPattern))
+            actual_count = len(rule.tests)
+            if actual_count < needed_count:
+                problems.append("{}: Not enough tests ({} vs {}) for {}".format(
+                    self.filename, actual_count, needed_count, rule))
+                pass
+        for exclusion in self.exclusions:
+            needed_count = 1 + \
+                len(regex.findall("[+*?|]", exclusion.exclusionPattern))
+            needed_count = needed_count - \
+                len(regex.findall(r"\(\?:", exclusion.exclusionPattern))
+            needed_count = needed_count - \
+                len(regex.findall(r"\?", rule.fromPattern))
+            actual_count = len(exclusion.tests)
+            if actual_count < needed_count:
+                problems.append("{}: Not enough tests ({} vs {}) for {}".format(
+                    self.filename, actual_count, needed_count, exclusion))
+        return problems
+
+    def getNonmatchGroupProblems(self):
+        """Verify that when rules are actually applied, no non-match groups (e.g.
+                 '$1', '$2' etc.) will exist in the rewritten url"""
+        self._determineTestApplication()
+        problems = []
+        for rule in self.rules:
+            test_urls = [test.url for test in rule.tests]
+            for test in rule.tests:
+                try:
+                    replacement_url = rule.apply(test.url)
+                except Exception as e:
+                    if ~e.message.index("invalid group reference"):
+                        problems.append("{}: Rules include non-matched groups in replacement for url: {}".format(
+                            self.filename, test.url))
+        return problems
+
+    def getTestFormattingProblems(self):
+        """Verify that tests are formatted properly.  This ensures that no test url
+                will lack a '/' in the path."""
+        problems = []
+        for rule in self.rules:
+            for test in rule.tests:
+                parsed_url = urlparse(test.url)
+                if parsed_url.path == '':
+                    problems.append("{}: Test url lacks a trailing /: {}".format(
+                        self.filename, test.url))
+        return problems
+
+    def whatApplies(self, url):
+        for exclusion in self.exclusions:
+            if exclusion.matches(url):
+                return exclusion
+        for rule in self.rules:
+            if rule.matches(url):
+                return rule
+
+    def __repr__(self):
+        return "<Ruleset(name={}, platform={})>".format(repr(self.name), repr(self.platform))
+
+    def __str__(self):
+        return self.__repr__()
+
+    def __eq__(self, other):
+        """We consider name to be unique identifier."""
+        return self.name == other.name
+
+    def __hash__(self):
+        return hash(self.name)
diff --git a/test/run_travis.sh b/test/run_travis.sh
new file mode 100755
index 000000000000..9d2c7758c3a4
--- /dev/null
+++ b/test/run_travis.sh
@@ -0,0 +1,109 @@
+#!/bin/bash
+set -x
+toplevel="$(git rev-parse --show-toplevel)"
+testdir="${toplevel}/test/selenium"
+srcdir="${toplevel}/chromium"
+linter="${toplevel}/utils/eslint/node_modules/.bin/eslint --ignore-path ${srcdir}/.eslintignore"
+
+
+function run_lint {
+  $linter $srcdir
+  if [ $? != 0 ]; then
+    echo "Linting errors"
+    exit 1
+  fi
+}
+
+function run_unittests {
+  pushd ${srcdir}
+    npm run cover # run with coverage
+    if [ $? != 0 ]; then
+        echo "unittest errors"
+        exit 1
+    fi
+    npm run report
+  popd
+}
+
+function run_selenium {
+  ENABLE_XVFB=1 pytest -v --capture=no ${testdir} # autodiscover and run the tests
+}
+
+if [ "$TEST" == "lint" ]; then
+    echo "running lint tests"
+    run_lint
+elif [ "$TEST" == "unittests" ]; then
+    echo "Running unittests"
+    run_unittests
+elif [ "$TEST" == "validations" ] || [ "$TEST" == "fetch" ] || [ "$TEST" == "preloaded" ]; then
+
+    # Folder paths, relative to parent
+    RULESETFOLDER="src/chrome/content/rules"
+
+    # Go to git repo root; taken from ../test.sh. Note that
+    # $GIT_DIR is .git in this case.
+    if [ -n "$GIT_DIR" ]
+    then
+      # $GIT_DIR is set, so we're running as a hook.
+      cd $GIT_DIR
+      cd ..
+    else
+      # Let's CD to the right place.
+      cd $toplevel
+    fi
+
+    # Fetch the current GitHub version of HTTPS-E to compare to its master
+    git remote add upstream-for-travis https://github.com/EFForg/https-everywhere.git
+    trap 'git remote remove upstream-for-travis' EXIT
+
+    # Only do a shallow fetch if we're in Travis.  No need otherwise.
+    if [ $TRAVIS ]; then
+      git fetch --depth=50 upstream-for-travis master
+    else
+      git fetch upstream-for-travis master
+    fi
+
+    COMMON_BASE_COMMIT=$(git merge-base upstream-for-travis/master HEAD)
+    RULESETS_CHANGED=$(git diff --name-only $COMMON_BASE_COMMIT | grep $RULESETFOLDER | grep '.xml')
+    if [ "$(git diff --name-only $COMMON_BASE_COMMIT)" != "$RULESETS_CHANGED" ]; then
+      ONLY_RULESETS_CHANGED=false
+    fi
+
+    # At this point, if anything fails, the test should fail
+    set -e
+
+    if [ "$TEST" == "validations" ]; then
+      echo >&2 "Performing validations on rulesets."
+      docker run --rm -ti -v $(pwd):/opt httpse bash -c "test/validations.sh"
+    fi
+
+    if [ "$TEST" == "fetch" ]; then
+      echo >&2 "Testing test URLs in all changed rulesets."
+      # NET_ADMIN capability is required here for miredo to create a network tunnel
+      docker run --rm -ti -v $(pwd):/opt -e RULESETS_CHANGED="$RULESETS_CHANGED" --sysctl net.ipv6.conf.all.disable_ipv6=0 --cap-add NET_ADMIN --cap-add MKNOD httpse bash -c "mkdir -p /dev/net && mknod /dev/net/tun c 10 200 && service miredo start && service tor start && test/fetch.sh"
+    fi
+
+    if [ "$TEST" == "preloaded" ]; then
+      echo >&2 "Ensuring rulesets do not introduce targets which are already HSTS preloaded."
+      docker run --rm -ti -v $(pwd):/opt -e RULESETS_CHANGED="$RULESETS_CHANGED" node bash -c "cd /opt/utils/hsts-prune && npm install && node index.js"
+      [ `git diff --name-only $RULESETFOLDER | wc -l` -eq 0 ]
+    fi
+
+    exit 0
+
+else
+    case $BROWSER in
+      *chrome*)
+        echo "running tests on chrome"
+        run_selenium
+        ;;
+      *firefox*)
+        echo "running tests on firefox"
+        run_selenium
+        ;;
+      *)
+        echo "bad TEST variable, got $TEST"
+        exit 1
+        ;;
+    esac
+fi
diff --git a/test/script.py b/test/script.py
new file mode 100644
index 000000000000..f2f671a1b26e
--- /dev/null
+++ b/test/script.py
@@ -0,0 +1,97 @@
+#!/usr/bin/env python3
+#
+# Run Selenium tests for HTTPS Everywhere
+#
+# This script may be executed as `python3 script.py [directory of CRX]`
+#
+# The script is compatible with Python 3.6.
+# Selenium, WebDriver and Google Chrome (or Chromium) must be installed
+# in order for the script to run successfully. A desktop version
+# of linux is required for the script to run correctly as well.
+# Otherwise, use pyvirtualdisplay.
+
+import sys, os, time
+from selenium import webdriver
+from selenium.common.exceptions import WebDriverException
+from selenium.webdriver.firefox.firefox_binary import FirefoxBinary
+
+class bcolors:
+    OKGREEN = '\033[92m'
+    FAIL = '\033[91m'
+    ENDC = '\033[0m'
+
+
+if sys.argv[1] == "Chrome":
+    chromeOps = webdriver.ChromeOptions()
+    chromeOps.add_extension(sys.argv[2])
+    if os.getuid() == 0:
+        chromeOps.add_argument("--no-sandbox")
+
+    # Find the path to chromedriver
+    chromedriver_path = "chromedriver"
+    if sys.platform.startswith("linux"):
+        locations = (
+            "/usr/lib/chromium-browser/chromedriver",
+            "/usr/lib/chromium/chromedriver",
+        )
+        for location in locations:
+            if os.path.isfile(location):
+                chromedriver_path = location
+                break
+
+    try:
+        # First argument is optional, if not specified will search path.
+        driver = webdriver.Chrome(chromedriver_path, options=chromeOps)
+    except WebDriverException as e:
+        error = e.__str__()
+
+        if "executable needs to be in PATH" in e.__str__():
+            print("ChromeDriver isn't installed. Check test/chromium/README.md " \
+                "for instructions on how to install ChromeDriver")
+
+            sys.exit(2)
+        else:
+            raise e
+    
+    # Allow the extension time to load
+    time.sleep(1)
+
+if sys.argv[1] == "Firefox":
+    fp = webdriver.FirefoxProfile(sys.argv[2])
+    try:
+        if len(sys.argv) == 4:
+            binary = FirefoxBinary(sys.argv[3])
+            driver = webdriver.Firefox(fp, firefox_binary=binary, service_log_path=os.devnull)
+        else:
+            driver = webdriver.Firefox(fp, service_log_path=os.devnull)
+    except WebDriverException as e:
+        error = e.__str__()
+
+        if "executable needs to be in PATH" in e.__str__():
+            print("GeckoDriver isn't installed. Check test/firefox/README.md " \
+                "for instructions on how to install GeckoDriver")
+
+            sys.exit(2)
+        else:
+            raise e
+
+    # Allow the extension time to load
+    time.sleep(1)
+
+print('')
+
+driver.get('http://freerangekitten.com')
+
+test_failed = False
+if driver.current_url.startswith('https'):
+    print(bcolors.OKGREEN + sys.argv[1] + ": HTTP to HTTPS redirection successful" + bcolors.ENDC)
+elif driver.current_url.startswith('http'):
+    print(bcolors.FAIL + sys.argv[1] + ": HTTP to HTTPS redirection failed" + bcolors.ENDC)
+    test_failed = True
+
+print('')
+
+driver.quit()
+
+if test_failed:
+    sys.exit(1)
diff --git a/test/selenium/.flake8 b/test/selenium/.flake8
new file mode 100644
index 000000000000..2a1147af355e
--- /dev/null
+++ b/test/selenium/.flake8
@@ -0,0 +1,2 @@
+[flake8]
+ignore = E501, E731
diff --git a/test/selenium/requirements.txt b/test/selenium/requirements.txt
new file mode 100644
index 000000000000..518a89e7698a
--- /dev/null
+++ b/test/selenium/requirements.txt
@@ -0,0 +1,4 @@
+selenium
+xvfbwrapper
+pytest>=3
+lxml
diff --git a/test/selenium/shim.py b/test/selenium/shim.py
new file mode 100644
index 000000000000..b75612294278
--- /dev/null
+++ b/test/selenium/shim.py
@@ -0,0 +1,187 @@
+import os
+from contextlib import contextmanager
+from collections import namedtuple
+import subprocess
+import time
+import shutil
+
+from selenium import webdriver
+from selenium.webdriver import DesiredCapabilities
+from selenium.webdriver.chrome.options import Options
+
+firefox_info = {'extension_id': 'https-everywhere-eff@eff.org', 'uuid': 'd56a5b99-51b6-4e83-ab23-796216679614'}
+chrome_info = {'extension_id': 'kofalhllfompobhklifpbealgeckijek'}
+
+
+BROWSER_TYPES = ['chrome', 'firefox']
+BROWSER_NAMES = ['google-chrome', 'google-chrome-stable', 'google-chrome-beta', 'firefox']
+
+Specifics = namedtuple('Specifics', ['manager', 'background_url', 'info'])
+
+parse_stdout = lambda res: res.strip().decode('utf-8')
+
+run_shell_command = lambda command: parse_stdout(subprocess.check_output(command))
+
+get_git_root = lambda: run_shell_command(['git', 'rev-parse', '--show-toplevel'])
+
+
+def unix_which(command, silent=False):
+    try:
+        return run_shell_command(['which', command])
+    except subprocess.CalledProcessError as e:
+        if silent:
+            return None
+        raise e
+
+
+def get_browser_type(string):
+    for t in BROWSER_TYPES:
+        if t in string:
+            return t
+    raise ValueError("couldn't get browser type from {}".format(string))
+
+
+def get_browser_name(string):
+    if ('/' in string) or ('\\' in string):  # its a path
+        return os.path.basename(string)
+    else:  # its a browser type
+        for bn in BROWSER_NAMES:
+            if string in bn and unix_which(bn, silent=True):
+                return os.path.basename(unix_which(bn))
+        raise ValueError('Could not get browser name from {}'.format(string))
+
+
+def build_crx():
+    '''Builds the .crx file for Chrome and returns the path to it'''
+    cmd = [os.path.join(get_git_root(), 'make.sh'), '--remove-update-channels']
+    run_shell_command(cmd)
+
+    # Since this is an unpacked extension we're loading, the extension ID is
+    # determined by the below `crx_dir` path alone. Don't alter it without
+    # changing the corresponding ID at the top of this file.
+
+    crx_dir = os.path.join(os.sep, 'tmp','https-everywhere-test')
+    shutil.rmtree(crx_dir, True)
+    shutil.copytree(os.path.join(get_git_root(), 'pkg', 'crx-cws'), crx_dir)
+    return crx_dir
+
+
+def build_xpi():
+    cmd = [os.path.join(get_git_root(), 'make.sh'), '--remove-update-channels']
+    return os.path.join(get_git_root(), run_shell_command(cmd).split()[-5])
+
+
+def install_ext_on_ff(driver, extension_path):
+    '''
+    Use Selenium's internal API's to manually send a message to geckodriver
+    to install the extension. We should remove this once the functionality is
+    included in Selenium. See https://github.com/SeleniumHQ/selenium/issues/4215
+    '''
+    command = 'addonInstall'
+    driver.install_addon(extension_path, temporary = True)
+    time.sleep(2)
+
+
+class Shim:
+    _browser_msg = '''BROWSER should be one of:
+* /path/to/a/browser
+* a browser executable name so we can find the browser with "which $BROWSER"
+* something from BROWSER_TYPES
+'''
+    __doc__ = 'Chooses the correct driver and extension_url based on the BROWSER environment\nvariable. ' + _browser_msg
+
+    def __init__(self, chrome_info, firefox_info):
+        print('Configuring the test run')
+        self.chrome_info, self.firefox_info = chrome_info, firefox_info
+        self._specifics = None
+        browser = os.environ.get('BROWSER')
+        # get browser_path and broser_type first
+        if browser is None:
+            raise ValueError("The BROWSER environment variable is not set. " + self._browser_msg)
+        elif ("/" in browser) or ("\\" in browser):  # path to a browser binary
+            self.browser_path = browser
+            self.browser_type = get_browser_type(self.browser_path)
+
+        elif unix_which(browser, silent=True):  # executable browser name like 'google-chrome-stable'
+            self.browser_path = unix_which(browser)
+            self.browser_type = get_browser_type(browser)
+
+        elif get_browser_type(browser):  # browser type like 'firefox' or 'chrome'
+            bname = get_browser_name(browser)
+            self.browser_path = unix_which(bname)
+            self.browser_type = browser
+        else:
+            raise ValueError("could not infer BROWSER from {}".format(browser))
+
+        self.extension_path = self.get_ext_path()
+        self._set_specifics()
+        print('\nUsing browser path: {} \nwith browser type: {} \nand extension path: {}'.format(self.browser_path, self.browser_type, self.extension_path))
+        self._set_urls(self.base_url)
+
+    def _set_specifics(self):
+        self._specifics = self._specifics or {
+            'chrome': Specifics(self.chrome_manager,
+                                'chrome-extension://{}/'.format(self.chrome_info['extension_id']),
+                                self.chrome_info),
+            'firefox': Specifics(self.firefox_manager,
+                                 'moz-extension://{}/'.format(self.firefox_info['uuid']),
+                                 self.firefox_info)}
+        self.manager, self.base_url, self.info = self._specifics[self.browser_type]
+
+    def _set_urls(self, base_url):
+        self.base_url = base_url
+        self.bg_url = base_url + "_generated_background_page.html"
+        self.popup_url = base_url + "pages/popup/index.html"
+        self.options_url = base_url + "pages/options/index.html"
+
+    def get_ext_path(self):
+        if self.browser_type == 'chrome':
+            return build_crx()
+        elif self.browser_type == 'firefox':
+            return build_xpi()
+        else:
+            raise ValueError("bad browser getting extension path")
+
+    @property
+    def wants_xvfb(self):
+        if self.on_travis or bool(int(os.environ.get('ENABLE_XVFB', 0))):
+            return True
+        return False
+
+    @property
+    def on_travis(self):
+        if "TRAVIS" in os.environ:
+            return True
+        return False
+
+    @contextmanager
+    def chrome_manager(self):
+        opts = Options()
+        if self.on_travis:  # github.com/travis-ci/travis-ci/issues/938
+            opts.add_argument("--no-sandbox")
+        opts.add_argument("--load-extension=" + self.extension_path)
+        opts.binary_location = self.browser_path
+        opts.add_experimental_option("prefs", {"profile.block_third_party_cookies": False})
+
+        caps = DesiredCapabilities.CHROME.copy()
+
+        driver = webdriver.Chrome(options=opts, desired_capabilities=caps)
+        try:
+            yield driver
+        finally:
+            driver.quit()
+
+    @contextmanager
+    def firefox_manager(self):
+        ffp = webdriver.FirefoxProfile()
+        # make extension id constant across runs
+        ffp.set_preference('extensions.webextensions.uuids', '{{"{}": "{}"}}'.format(self.info['extension_id'], self.info['uuid']))
+
+        driver = webdriver.Firefox(firefox_profile=ffp, firefox_binary=self.browser_path)
+        install_ext_on_ff(driver, self.extension_path)
+        try:
+            yield driver
+        finally:
+            time.sleep(2)
+            driver.quit()
+            time.sleep(2)
diff --git a/test/selenium/test_navigation.py b/test/selenium/test_navigation.py
new file mode 100644
index 000000000000..ccc403fc56fb
--- /dev/null
+++ b/test/selenium/test_navigation.py
@@ -0,0 +1,31 @@
+import unittest
+from time import sleep
+
+from util import ExtensionTestCase
+
+kittens_url = 'http://freerangekitten.com/'
+
+http_url = 'http://http.badssl.com/'
+
+class TestNavigation(ExtensionTestCase):
+    def test_redirect(self):
+        sleep(3)
+        self.driver.get(kittens_url)
+        self.assertTrue(self.driver.current_url.startswith('https'))
+
+    def test_no_redirect_when_disabled(self):
+        self.toggle_disabled()
+        self.driver.get(kittens_url)
+        self.assertEqual(self.driver.current_url, kittens_url)  # not https
+
+    def test_httpnowhere_blocks(self):
+        # if self.shim.browser_type == 'firefox':
+        #     raise unittest.SkipTest('broken on firefox')
+        href_script = 'return window.location.href;'
+        self.driver.get(http_url)
+        self.toggle_http_nowhere()
+        self.assertFalse(http_url == self.driver.execute_script(href_script))
+
+    def test_http_site_not_blocked(self):
+        self.driver.get(http_url)
+        self.assertTrue(self.driver.current_url == http_url)
diff --git a/test/selenium/test_options.py b/test/selenium/test_options.py
new file mode 100644
index 000000000000..eeb301285f8b
--- /dev/null
+++ b/test/selenium/test_options.py
@@ -0,0 +1,11 @@
+import unittest
+from time import sleep
+from util import ExtensionTestCase
+
+class OptionsTest(ExtensionTestCase):
+    def load_options(self):
+        self.driver.get(self.shim.options_url)
+
+    def test_options(self):
+        self.load_options()
+        self.assertEqual(self.driver.current_url, self.shim.options_url)
diff --git a/test/selenium/test_popup.py b/test/selenium/test_popup.py
new file mode 100644
index 000000000000..b25c19725011
--- /dev/null
+++ b/test/selenium/test_popup.py
@@ -0,0 +1,64 @@
+import unittest
+from util import ExtensionTestCase
+
+
+class TestPopup(ExtensionTestCase):
+    def test_rule_shown(self):
+        url = 'http://freerangekitten.com'
+        with self.load_popup_for(url):
+            #Open Rule Management section
+            see_more_prompt = self.query_selector('#RuleManagement__see_more--prompt')
+            see_more_prompt.click()
+
+            #Check to see if stable rule is checked
+            checkbox_el = self.driver.find_element_by_id('stable_ruleset_1')
+            self.assertTrue(checkbox_el.is_selected())
+
+    def test_disable_enable(self):
+        selector = '#onoffswitch__label'
+        checkbox = 'onoffswitch'
+        var_name = 'background.state.isExtensionEnabled'
+
+        # disable https everywhere
+        with self.load_popup_for():
+            el = self.query_selector(selector)
+            # Using query_selector does not work here if element isn't "plainly" visible on page, fails on Chrome
+            checkbox_el = self.driver.find_element_by_id(checkbox)
+            self.assertTrue(checkbox_el.is_selected())
+            el.click() # disable
+
+        with self.load_popup_for():
+            el = self.query_selector(selector)
+            checkbox_el = self.driver.find_element_by_id(checkbox)
+            self.assertFalse(checkbox_el.is_selected())
+            el.click()
+
+        with self.load_popup_for():
+            el = self.query_selector(selector)
+            checkbox_el = self.driver.find_element_by_id(checkbox)
+            self.assertTrue(checkbox_el.is_selected())
+
+    def test_http_nowhere(self):
+        selector = '#http-nowhere-checkbox_label'
+        checkbox = 'http-nowhere-checkbox'
+        var_name = 'background.state.httpNowhereOn'
+
+        # check default state and enable
+        with self.load_popup_for():
+            el = self.query_selector(selector)
+            # Using query_selector does not work here if element isn't "plainly" visible on page, fails on Chrome
+            checkbox_el = self.driver.find_element_by_id(checkbox)
+            self.assertFalse(checkbox_el.is_selected())
+            el.click()
+
+        # check it is enabled, and disable
+        with self.load_popup_for():
+            el = self.query_selector(selector)
+            checkbox_el = self.driver.find_element_by_id(checkbox)
+            self.assertTrue(checkbox_el.is_selected())
+            el.click() # disable
+
+        # check disabled
+        with self.load_popup_for():
+            checkbox_el = self.driver.find_element_by_id(checkbox)
+            self.assertFalse(checkbox_el.is_selected()) # default state
diff --git a/test/selenium/util.py b/test/selenium/util.py
new file mode 100644
index 000000000000..d0a8e59b2c5a
--- /dev/null
+++ b/test/selenium/util.py
@@ -0,0 +1,127 @@
+# -*- coding: UTF-8 -*-
+from contextlib import contextmanager
+import os
+import unittest
+import subprocess
+import time
+
+from selenium.webdriver.support.ui import WebDriverWait
+from selenium.webdriver.support import expected_conditions as EC
+from selenium.webdriver.common.by import By
+from selenium.common.exceptions import NoSuchWindowException
+
+import shim
+
+SEL_DEFAULT_WAIT_TIMEOUT = 20
+
+parse_stdout = lambda res: res.strip().decode('utf-8')
+
+run_shell_command = lambda command: parse_stdout(subprocess.check_output(command))
+
+get_git_root = lambda: run_shell_command(['git', 'rev-parse', '--show-toplevel'])
+
+
+class ExtensionTestCase(unittest.TestCase):
+
+    shim = shim.Shim(shim.chrome_info, shim.firefox_info)
+
+    @classmethod
+    def setUpClass(cls):
+        cls.manager = cls.shim.manager
+        cls.base_url = cls.shim.bg_url
+        cls.wants_xvfb = cls.shim.wants_xvfb
+        if cls.wants_xvfb:
+            from xvfbwrapper import Xvfb
+            cls.vdisplay = Xvfb(width=1280, height=720)
+            cls.vdisplay.start()
+
+        # setting DBUS_SESSION_BUS_ADDRESS to nonsense prevents frequent
+        # hangs of chromedriver (possibly due to crbug.com/309093).
+        os.environ["DBUS_SESSION_BUS_ADDRESS"] = "/dev/null"
+        cls.proj_root = get_git_root()
+
+    @classmethod
+    def tearDownClass(cls):
+        if cls.wants_xvfb:
+            cls.vdisplay.stop()
+
+    def init(self, driver):
+        self.driver = driver
+        self.bg_url = self.base_url + "_generated_background_page.html"
+
+    def run(self, result=None):
+        with self.manager() as driver:
+            self.init(driver)
+            super(ExtensionTestCase, self).run(result)
+
+    def query_selector(self, css_selector, timeout=SEL_DEFAULT_WAIT_TIMEOUT):
+        return WebDriverWait(self.driver, timeout).until(
+            EC.visibility_of_element_located((By.CSS_SELECTOR, css_selector)))
+
+    def wait(self, func, timeout=SEL_DEFAULT_WAIT_TIMEOUT):
+        return WebDriverWait(self.driver, timeout).until(func)
+
+    def switch_to_url(self, target, open_url=False):
+        for wh in self.driver.window_handles:
+            self.driver.switch_to.window(wh)
+            # use `in` bc we don't care about queries or fragments
+            if target in self.driver.current_url:
+                return self.driver.refresh()
+        if open_url:
+            return self.driver.get(target)
+        raise ValueError('Target ({}) not found in current urls'.format(target))
+
+    def get_variable(self, name):
+        return self.driver.execute_script('return {};'.format(name))
+
+    @contextmanager
+    def load_popup_for(self, url='about:blank'):
+        create_url_and_popup_js_str = '''
+        (function(done) {{
+          chrome.tabs.create({{url: '{}'}}, function(tab) {{
+            setTimeout(
+              () => chrome.tabs.create({{url: '{}' + '?tabId=' + String(tab.id)}}, done),
+              500
+            );
+          }});
+        }})(arguments[0]);
+        '''
+        script = create_url_and_popup_js_str.format(url, self.shim.popup_url)
+
+        self.driver.get(self.shim.bg_url)
+        time.sleep(0.5)
+
+        bg = self.driver.current_window_handle
+
+        before_windows = set(self.driver.window_handles)
+        self.driver.execute_async_script(script)
+        new_windows = set(self.driver.window_handles) ^ before_windows
+
+        self.switch_to_url(self.shim.popup_url)
+
+        yield
+
+        time.sleep(0.1)
+        for wh in new_windows:
+            if len(self.driver.window_handles) > 1:
+                try:
+                    self.driver.switch_to.window(wh)
+                    self.driver.close()
+                except NoSuchWindowException:
+                    pass
+
+        self.driver.switch_to.window(bg)
+
+    def toggle_disabled(self):
+        selector = '#onoffswitch__label'
+        with self.load_popup_for():
+            el = self.query_selector(selector)
+            el.click()
+            time.sleep(0.25)
+
+    def toggle_http_nowhere(self):
+        selector = '#http-nowhere-checkbox_label'
+        with self.load_popup_for():
+            el = self.query_selector(selector)
+            el.click()
+            time.sleep(0.25)
diff --git a/test/setup_travis.sh b/test/setup_travis.sh
new file mode 100755
index 000000000000..859df38a4474
--- /dev/null
+++ b/test/setup_travis.sh
@@ -0,0 +1,77 @@
+#!/bin/bash
+set -x
+toplevel=$(git rev-parse --show-toplevel)
+
+function setup_chrome {
+    # install the appropriate chromedriver version (for chrome stable & beta)
+    chrome_version=$("${BROWSER}" --product-version | cut -d . -f 1-3)
+    chromedriver_version_url=https://chromedriver.storage.googleapis.com/LATEST_RELEASE_"${chrome_version}"
+    chromedriver_version=$(wget "${chromedriver_version_url}" -q -O -)
+    chromedriver_url=https://chromedriver.storage.googleapis.com/"${chromedriver_version}"/chromedriver_linux64.zip
+
+    echo "Setting up chromedriver ${chromedriver_version} for ${1} ${chrome_version}"
+
+    wget -O /tmp/chromedriver.zip ${chromedriver_url}
+    sudo unzip /tmp/chromedriver.zip chromedriver -d /usr/local/bin/
+    sudo chmod a+x /usr/local/bin/chromedriver
+}
+
+function setup_firefox {
+    # install the latest version of geckodriver
+    firefox_version=$("${BROWSER}" -version)
+    geckodriver_version=$(curl -sI https://github.com/mozilla/geckodriver/releases/latest | grep -i "^Location: " | sed 's/.*\///' | tr -d '\r')
+    geckodriver_url="https://github.com/mozilla/geckodriver/releases/download/${geckodriver_version}/geckodriver-${geckodriver_version}-linux64.tar.gz"
+
+    echo "Setting up geckodriver ${geckodriver_version} for ${firefox_version}"
+
+    wget -O /tmp/geckodriver.tar.gz ${geckodriver_url}
+    sudo tar -xvf /tmp/geckodriver.tar.gz -C /usr/local/bin/
+    sudo chmod a+x /usr/local/bin/geckodriver
+}
+
+function browser_setup {
+  # install python stuff
+  pip3 install -r ${toplevel}/test/selenium/requirements.txt
+}
+
+function setup_lint {
+  pushd ${toplevel}/utils/eslint
+    npm install
+  popd
+}
+
+function setup_unittests {
+  pushd ${toplevel}/chromium
+    npm install
+  popd
+}
+
+function setup_docker {
+  docker build -t httpse .
+}
+
+case $TEST in
+  *chrome*)
+    setup_chrome "$TEST"
+    browser_setup
+    ;;
+  *firefox*) # Install the latest version of geckodriver
+    setup_firefox
+    browser_setup
+    ;;
+  *lint*)
+    setup_lint
+    ;;
+  *unittests*)
+    setup_unittests
+    ;;
+  *validations*|*fetch*)
+    setup_docker
+    ;;
+  *preloaded*)
+    ;;
+  *)
+    echo "bad TEST variable, got $TEST"
+    exit 1
+    ;;
+esac
diff --git a/test/tor-browser.sh b/test/tor-browser.sh
new file mode 100755
index 000000000000..c789c50b7849
--- /dev/null
+++ b/test/tor-browser.sh
@@ -0,0 +1,60 @@
+#!/bin/bash -ex
+# Just run the Tor Browser with HTTPS Everywhere
+
+# Get to the repo root directory, even when we're symlinked as a hook.
+
+if [ -n "$GIT_DIR" ]
+then
+  # $GIT_DIR is set, so we're running as a hook.
+  cd $GIT_DIR
+else
+  # Git command exists? Cool, let's CD to the right place.
+  git rev-parse && cd "$(git rev-parse --show-toplevel)"
+fi
+
+source utils/mktemp.sh
+
+die() {
+  echo "$@"
+  exit 1
+}
+
+# Unzip the Tor Browser archive to a temporary directory
+if [ ! -f "$1" ] && [ "`echo $1 | tail -c 8 | head -c 7`" != ".tar.xz" ]; then
+  echo "Usage: $0 [path_to_tor_archive]"
+  echo
+  die "File provided is not a valid Tor Browser archive."
+fi
+
+PROFILE_DIRECTORY="$(mktemp -d)"
+trap 'rm -r "$PROFILE_DIRECTORY"' EXIT
+tar -Jxvf $1 -C $PROFILE_DIRECTORY > /dev/null
+TBB_LOCALIZED_DIRECTORY=`find $PROFILE_DIRECTORY -maxdepth 1 -mindepth 1 -type d`
+HTTPSE_INSTALL_XPI=$TBB_LOCALIZED_DIRECTORY/Browser/TorBrowser/Data/Browser/profile.default/extensions/https-everywhere-eff@eff.org.xpi
+# Remove the prebundled HTTPSE
+rm -rf $HTTPSE_INSTALL_XPI
+
+# Allow unsigned extensions
+echo '
+user_pref("xpinstall.signatures.required", false);
+user_pref("devtools.chrome.enabled", true);
+user_pref("devtools.debugger.remote-enabled", true);
+' >> $TBB_LOCALIZED_DIRECTORY/Browser/TorBrowser/Data/Browser/profile.default/user.js
+
+# Build the XPI to run all the validations in make.sh, and to ensure that
+# we test what is actually getting built.
+./make.sh
+XPI_NAME="`ls -tr pkg/https-everywhere-20*.xpi | tail -1`"
+
+# Install into our fresh Tor Browser
+cp -a $XPI_NAME $HTTPSE_INSTALL_XPI
+
+if [ ! -f "$HTTPSE_INSTALL_XPI" ]; then
+  die "Tor Browser does not have HTTPS Everywhere installed"
+fi
+
+echo "Running Tor Browser"
+$TBB_LOCALIZED_DIRECTORY/Browser/start-tor-browser --verbose ${@:2}
+
+shasum=$(openssl dgst -sha256 "$XPI_NAME")
+echo -e "Git commit `git rev-parse HEAD`\n$shasum"
diff --git a/test/validations.sh b/test/validations.sh
new file mode 100755
index 000000000000..bdd18834dcc0
--- /dev/null
+++ b/test/validations.sh
@@ -0,0 +1,10 @@
+#!/bin/bash -ex
+# Perform validations on rulesets.
+
+utils/remove-obsolete-references.sh
+test/validations/path/run.sh
+test/validations/test-coverage/run.sh
+python3 test/validations/securecookie/run.py
+python3 test/validations/filename/run.py
+python3 test/validations/relaxng/run.py
+python3 test/validations/special/run.py --quiet
diff --git a/test/validations/filename/run.py b/test/validations/filename/run.py
new file mode 100755
index 000000000000..e0adf6c886ad
--- /dev/null
+++ b/test/validations/filename/run.py
@@ -0,0 +1,40 @@
+#!/usr/bin/env python3
+#
+# Validates and provides a generator for ruleset filenames
+#
+
+import glob
+import os
+import re
+import sys
+
+import collections
+
+def validate_filenames():
+    # Sort filenames so output is deterministic.
+    filenames = sorted(glob.glob('src/chrome/content/rules/*'))
+
+    counted_lowercase_names = collections.Counter([name.lower() for name in filenames])
+    most_common_entry = counted_lowercase_names.most_common(1)[0]
+    if most_common_entry[1] > 1:
+        dupe_filename = re.compile(re.escape(most_common_entry[0]), re.IGNORECASE)
+        print("{} failed case-insensitivity testing.".format(list(filter(dupe_filename.match, filenames))))
+        print("Rules exist with identical case-insensitive names, which breaks some filesystems.")
+        sys.exit(1)
+
+    for fi in filenames:
+        basename = fi.split(os.path.sep)[-1]
+        if basename == '00README' or basename == 'make-trivial-rule' or basename == 'default.rulesets' or basename == 'default.rulesets.json':
+            continue
+
+        if " " in fi:
+            print("{} failed validity: Rule filenames cannot contain spaces".format(fi))
+            sys.exit(1)
+        if not fi.endswith('.xml'):
+            print("{} failed validity: Rule filenames must end in .xml".format(fi))
+            sys.exit(1)
+
+        yield fi
+
+if __name__ == "__main__":
+    [ fi for fi in validate_filenames() ]
diff --git a/test/validations/path/run.sh b/test/validations/path/run.sh
new file mode 100755
index 000000000000..6909183aa6e8
--- /dev/null
+++ b/test/validations/path/run.sh
@@ -0,0 +1,22 @@
+#!/bin/bash
+
+RULESETFOLDER=src/chrome/content/rules
+
+FILES=`git grep --name-only . | grep -v $RULESETFOLDER | grep '\.xml$'`
+
+EXIT_CODE=0
+
+if [ "$FILES" != "" ]; then
+  while read FILE; do
+    # check if changed file is actually a ruleset
+    egrep -q "^<ruleset[^>]+>" "$FILE"
+
+    # if file matched the RegExp
+    if [ $? -eq 0 ]; then
+      echo >&2 "ERROR: $FILE Inclusion of ruleset outside of $RULESETFOLDER"
+      EXIT_CODE=1
+    fi
+  done <<< "$FILES"
+fi
+
+exit $EXIT_CODE
diff --git a/test/validations/relaxng/run.py b/test/validations/relaxng/run.py
new file mode 100644
index 000000000000..aa9395bb9015
--- /dev/null
+++ b/test/validations/relaxng/run.py
@@ -0,0 +1,45 @@
+#!/usr/bin/env python3
+# -*- encoding: utf-8 -*-
+
+import argparse
+import glob
+import os
+
+from lxml import etree
+
+# commandline arguments parsing (nobody use it, though)
+parser = argparse.ArgumentParser(description="Validate rulesets against relaxng schema.xml")
+parser.add_argument("--source_dir", default="src/chrome/content/rules")
+
+args = parser.parse_args()
+
+# XML ruleset files
+files = glob.glob(os.path.join(args.source_dir, "*.xml"))
+
+# read the schema file
+relaxng_doc = etree.parse('test/validations/relaxng/schema.xml')
+relaxng = etree.RelaxNG(relaxng_doc)
+
+exit_code = 0
+
+print("Validation of rulesets against relaxng schema.xml begins...")
+
+for filename in sorted(files):
+    tree = etree.parse(filename)
+
+    if not relaxng.validate(tree):
+        exit_code = 1
+        e = relaxng.error_log.last_error
+        print("{} {}:{}:{}: {}".format(e.level_name, e.filename, e.line, e.column, e.message))
+
+if exit_code == 0:
+    message = "Validation of rulesets against relaxng schema.xml succeeded."
+else:
+    message = "\nTwo very common reasons for this are the following:\n" \
+              " - missing caret (^) in 'from' attribute: it should be \"^http:\" and not \"http:\"\n" \
+              " - missing trailing slashes in 'from' or 'to' when specifying full hostnames: \n" \
+              "   it should be \"https://eff.org/\" and not \"https://eff.org\"\n\n" \
+              "Validation of rulesets against relaxng schema.xml failed."
+
+print(message)
+exit(exit_code)
diff --git a/test/validations/relaxng/schema.xml b/test/validations/relaxng/schema.xml
new file mode 100644
index 000000000000..c2232903f1c9
--- /dev/null
+++ b/test/validations/relaxng/schema.xml
@@ -0,0 +1,79 @@
+<element xmlns="http://relaxng.org/ns/structure/1.0" name="ruleset" datatypeLibrary="http://www.w3.org/2001/XMLSchema-datatypes">
+  <attribute name="name" />
+
+  <optional>
+    <attribute name="default_off" />
+  </optional>
+
+  <optional>
+    <attribute name="platform">
+      <data type="string">
+        <param name="pattern">mixedcontent</param>
+      </data>
+    </attribute>
+  </optional>
+
+  <interleave>
+
+    <zeroOrMore>
+      <element name="test">
+        <attribute name="url">
+          <data type="string">
+            <param name="pattern">http[^\\]+</param>
+          </data>
+        </attribute>
+      </element>
+    </zeroOrMore>
+
+    <oneOrMore>
+      <element name="target">
+        <attribute name="host">
+          <data type="string">
+            <param name="pattern">(\*\.)?([a-z0-9_-]+\.)+([a-z0-9-]+|\*)</param>
+          </data>
+        </attribute>
+      </element>
+    </oneOrMore>
+
+    <zeroOrMore>
+      <element name="exclusion">
+        <attribute name="pattern" />
+      </element>
+    </zeroOrMore>
+
+    <zeroOrMore>
+      <element name="securecookie">
+        <attribute name="host"/>
+          <data type="string">
+            <param name="pattern">[^/]*</param>
+          </data>
+        <attribute name="name"/>
+      </element>
+    </zeroOrMore>
+
+    <oneOrMore>
+      <element name="rule">
+        <attribute name="from">
+          <data type="string">
+            <!-- The from attribute of a rule must start with a caret.
+                 It also must contain two slashes (separating the protocol from
+                 the hostname), and at least one other slash (terminating the
+                 hostname, and possible beginning a path). Alternatively it can be
+                 the literal string "^http:". -->
+            <param name="pattern">(\^http://.*/.*|\^http:)</param>
+          </data>
+        </attribute>
+        <attribute name="to">
+          <data type="string">
+            <!-- The to attribute of a rule must not contain spaces or
+                 backslashes. It also must contain at least one slash after the
+                 hostname. Alternatively it can be the literal string "https:"-->
+            <param name="pattern">(https://[^ \\]*/[^ \\]*|https:)</param>
+          </data>
+        </attribute>
+      </element>
+    </oneOrMore>
+
+  </interleave>
+
+</element>
diff --git a/test/validations/securecookie/run.py b/test/validations/securecookie/run.py
new file mode 100644
index 000000000000..76738dea8b31
--- /dev/null
+++ b/test/validations/securecookie/run.py
@@ -0,0 +1,58 @@
+#!/usr/bin/env python3
+
+# This python utility check for wildcard securecookies which
+# can be normalized, warn and exit with non-zero when such
+# rulesets exist.
+
+# This is create in attempt to fix the issues on
+# https://github.com/EFForg/https-everywhere/pull/13840
+# https://github.com/EFForg/https-everywhere/pull/12493
+
+import argparse
+import glob
+import os
+import unicodedata
+import xml.etree.ElementTree
+
+def normalize_fn(fn):
+    """
+    OSX and Linux filesystems encode composite characters differently in
+    filenames. We should normalize to NFC: https://unicode.org/reports/tr15/
+    """
+    fn = unicodedata.normalize("NFC", fn)
+    return fn
+
+def should_normalize_securecookie(host, name):
+    wildcards = [ ".", ".*" ]
+    return True if host in wildcards or name in wildcards else False
+
+# commandline arguments parsing (nobody use it, though)
+parser = argparse.ArgumentParser(description="Normalize wildcard securecookies")
+parser.add_argument("--source_dir", default="src/chrome/content/rules")
+
+args = parser.parse_args()
+
+# Exit code
+exit_with_non_zero = False
+
+# XML ruleset files
+filenames = map(normalize_fn, glob.glob(os.path.join(args.source_dir, "*.xml")))
+
+for filename in filenames:
+    tree = xml.etree.ElementTree.parse(filename)
+    root = tree.getroot()
+
+    for branch in root:
+        if branch.tag != "securecookie":
+            continue
+
+        host = branch.attrib["host"]
+        name = branch.attrib["name"]
+
+        if should_normalize_securecookie(host, name):
+            print ("ERROR {}: contains wildcard securecookies "\
+                    "which can be normalized.".format(filename))
+            exit_with_non_zero = True
+            break
+
+exit(0) if not exit_with_non_zero else exit(1)
diff --git a/test/validations/special/duplicate-allowlist-cleanup.sh b/test/validations/special/duplicate-allowlist-cleanup.sh
new file mode 100755
index 000000000000..38f58c759b5d
--- /dev/null
+++ b/test/validations/special/duplicate-allowlist-cleanup.sh
@@ -0,0 +1,14 @@
+#!/bin/sh
+
+TMPFILE=`mktemp /tmp/buffer.XXXXXXXX`
+trap 'rm "$TMPFILE"' EXIT
+
+for host in `cat test/validations/special/duplicate-allowlist.txt`; do
+    REGEX_ESCAPED_HOST=`python3 -c "import re; print(re.escape('$host'))"`
+    REPEATS=`egrep -l "<target\s+host=\s*\"$REGEX_ESCAPED_HOST\"\s*/>" src/chrome/content/rules/*.xml | wc -l`
+    if [ $REPEATS -gt 1 ]; then
+        echo $host
+    fi
+done > $TMPFILE
+
+cp --force $TMPFILE test/validations/special/duplicate-allowlist.txt
diff --git a/test/validations/special/duplicate-allowlist.txt b/test/validations/special/duplicate-allowlist.txt
new file mode 100644
index 000000000000..7d3a62a9b3fc
--- /dev/null
+++ b/test/validations/special/duplicate-allowlist.txt
@@ -0,0 +1,113 @@
+mailing.channel4.com
+training.citrix.com
+drownedinsound.com
+now.eloqua.com
+foxydeal.com
+foxydeal.de
+www.gfi.com
+forum.girlsoutwest.com
+forums.girlsoutwest.com
+gsu.edu
+hostoople.com
+ieeexplore.ieee.org
+infinet.com.au
+ivegotkids.com
+ideas.joomla.org
+jrrt.org.uk
+esat.kuleuven.be
+www.esat.kuleuven.be
+latimes.com
+liberalamerica.org
+liftdna.com
+fundusze-emerytalne.money.pl
+fundusze-inwestycyjne.money.pl
+karty-kredytowe.money.pl
+kredyty-gotowkowe.money.pl
+kredyty-mieszkaniowe.money.pl
+kredyty-samochodowe.money.pl
+lokaty-bankowe.money.pl
+npmawesome.com
+webmail.nyi.net
+nykeurope.com
+careers.peopleclick.com
+www.rackspace.com
+redbullmobile.at
+reddpics.com
+www.cits.ruhr-uni-bochum.de
+www.ruhr-uni-bochum.de
+www2.scribblelive.com
+sparxtrading.com
+thompsonhotels.com
+togevi.com
+blog.trendmicro.com
+countermeasures.trendmicro.eu
+flow.typo3.org
+ul.ie
+businessforums.verizon.net
+digitalcommons.wustl.edu
+openscholarship.wustl.edu
+tpsnews.ca
+www.tpsnews.ca
+pygmyboats.com
+www.pygmyboats.com
+petitions.moveon.org
+email.bild.de
+direct.asda.com
+info.mheducation.com
+www.wiltshire.police.uk
+www.coochey.net
+www.zdv.uni-mainz.de
+go.sirsidynix.com
+amazingcareers.firstdirect.com
+www.amazingcareers.firstdirect.com
+info.unit4.com
+licensing.ofcom.org.uk
+styles.ofcom.org.uk
+www.autotrader.co.uk
+autotrader.co.uk
+nitroflare.com
+www.nitroflare.com
+www.scotland.police.uk
+councilmeetings.lewisham.gov.uk
+files.conferencemanager.dk
+huuto.net
+salattu.huuto.net
+www.huuto.net
+www.thebureauinvestigates.com
+www.upi.com
+blog.sigfig.com
+www.pumo.com.tw
+www.hkyantoyan.com
+www.888173.net
+www.ratfishoil.com
+www.tum.de
+www.filmlinc.com
+shop.look.co.uk
+blog.vungle.com
+www.vungle.com
+www.jeffnabers.com
+www.suppliesfordreams.org
+www.sparxtrading.com
+landing.lyris.com
+www.ebuyer.com
+blog.ebuyer.com
+wiki.sequanux.org
+www.opensrs.com
+www.redbullmobile.at
+k.ilius.net
+stda.ilius.net
+wp-poc.details.com
+www.jrrt.org.uk
+www.ul.ie
+www.hostoople.com
+hostooplecms.hostooplecom.netdna-cdn.com
+www.gsu.edu
+thumbs.dreamstime.com
+support.arpnetworks.com
+jobs.datacenterknowledge.com
+cdn.nejm.org
+guides.thenextweb.com
+jobs.thenextweb.com
+www.liberalamerica.org
+www.latimes.com
+www.thompsonhotels.com
diff --git a/test/validations/special/run.py b/test/validations/special/run.py
new file mode 100755
index 000000000000..14b0ed6ff9ec
--- /dev/null
+++ b/test/validations/special/run.py
@@ -0,0 +1,205 @@
+#!/usr/bin/env python3
+
+import glob
+import argparse
+import os
+import re
+import sys
+
+from lxml import etree
+from collections import Counter
+
+parser = argparse.ArgumentParser(
+    formatter_class=argparse.RawDescriptionHelpFormatter,
+    description="Ruleset validation script.")
+parser.add_argument('--quiet', action="store_true",
+    default=False, help="Suppress debug output."
+    )
+
+args = parser.parse_args()
+
+quiet = args.quiet
+
+def warn(s):
+    if not quiet:
+        sys.stdout.write("warning: %s\n" % s)
+
+def fail(s):
+    sys.stdout.write("failure: %s\n" % s)
+
+# Precompile xpath expressions that get run repeatedly.
+xpath_exclusion_pattern = etree.XPath("/ruleset/exclusion/@pattern")
+xpath_cookie_host_pattern = etree.XPath("/ruleset/securecookie/@host")
+xpath_cookie_name_pattern = etree.XPath("/ruleset/securecookie/@name")
+
+# Load lists of ruleset names allowlisted for duplicate rules
+thispath = os.path.dirname(os.path.realpath(__file__))
+with open(thispath + '/duplicate-allowlist.txt') as duplicate_fh:
+    duplicate_allowed_list = [x.rstrip('\n') for x in duplicate_fh.readlines()]
+
+filenames = glob.glob(thispath + '/../../../src/chrome/content/rules/*')
+
+def test_bad_regexp(tree, rulename, from_attrib, to):
+    # Rules with invalid regular expressions.
+    """The rule contains an invalid extended regular expression."""
+    patterns = (from_attrib + xpath_exclusion_pattern(tree) +
+        xpath_cookie_host_pattern(tree) + xpath_cookie_name_pattern(tree))
+    for pat in patterns:
+        try:
+            re.compile(pat)
+        except:
+            return False
+    return True
+
+def unescaped_dot(s):
+    escaped = False
+    bracketed = False
+    for c in s:
+        if c == "\\":
+           escaped = not escaped
+        elif not escaped and c == "[":
+           bracketed = True
+        elif not escaped and c == "]":
+           bracketed = False
+        elif not escaped and not bracketed and c == ".":
+           return True
+        elif not bracketed and c == "/":
+           break
+        else:
+           escaped = False
+    return False
+
+def test_unescaped_dots(tree, rulename, from_attrib, to):
+    # Rules containing unescaped dots outside of brackets and before slash.
+    # Note: this is meant to require example\.com instead of example.com,
+    # but it also forbids things like .* which usually ought to be replaced
+    # with something like ([^/:@\.]+)
+    """The 'from' rule contains unescaped period in regular expression.  Try escaping it with a backslash."""
+    for f in from_attrib:
+        s = re.sub("^\^https?://", "", f)
+        if unescaped_dot(s):
+            return False
+    return True
+
+def test_unescaped_dots_in_exclusion(tree, rulename, from_attrib, to):
+    """The 'exclusion' tag contains unescaped period in regular expression. Try escaping it with a backslash."""
+    pattern_attrib = etree.XPath("/ruleset/exclusion/@pattern")(tree)
+    for f in pattern_attrib:
+        if unescaped_dot(f):
+            return False
+    return True
+
+xpath_rule = etree.XPath("/ruleset/rule")
+def test_unencrypted_to(tree, rulename, from_attrib, to):
+    # Rules that redirect to something other than https or http.
+    # This used to test for http: but testing for lack of https: will
+    # catch more kinds of mistakes.
+    """Rule redirects to something other than https."""
+    for rule in xpath_rule(tree):
+        to = rule.get("to")
+        if to[:6] != "https:":
+            return False
+    return True
+
+printable_characters = set(map(chr, list(range(32, 127))))
+
+def test_non_ascii(tree, rulename, from_attrib, to):
+    # Rules containing non-printable characters.
+    """Rule contains non-printable character in 'to' pattern."""
+    for t in to:
+        for c in t:
+            if c not in printable_characters:
+                return False
+    return True
+
+def is_valid_target_host(host):
+    # Rules where a target host contains multiple wildcards or a slash.
+    """The target host must be a hostname, not URL, and must use at most one wildcard."""
+    if "/" in host:
+        return False
+    if host.count("*") > 1:
+        return False
+    return True
+
+def nomes_all(where=sys.argv[1:]):
+    """Returns generator to extract all files from a list of files/dirs"""
+    if not where: where=['.']
+    for i in where:
+        if os.path.isfile(i):
+            yield i
+        elif os.path.isdir(i):
+            for r, d, f in os.walk(i):
+                for filename in f:
+                    yield os.path.join(r, filename)
+
+tests = [
+  test_bad_regexp,
+  test_unescaped_dots,
+  test_unescaped_dots_in_exclusion,
+  test_unencrypted_to,
+  test_non_ascii
+]
+
+failure = 0
+seen_file = False
+
+xpath_ruleset = etree.XPath("/ruleset")
+xpath_ruleset_name = etree.XPath("/ruleset/@name")
+xpath_ruleset_platform = etree.XPath("/ruleset/@platform")
+xpath_host = etree.XPath("/ruleset/target/@host")
+xpath_from = etree.XPath("/ruleset/rule/@from")
+xpath_to = etree.XPath("/ruleset/rule/@to")
+
+print("Complex validations & assertions of rulesets using test/validations/special/run.py begins...")
+
+host_counter = Counter()
+for filename in filenames:
+    xml_parser = etree.XMLParser(remove_blank_text=True)
+
+    basename = filename.split(os.path.sep)[-1]
+    if basename == '00README' or basename == 'make-trivial-rule' or basename == 'default.rulesets' or basename == 'default.rulesets.json':
+        continue
+
+    try:
+        tree = etree.parse(filename, xml_parser)
+    except Exception as oops:
+        print("{} failed XML validity: {}\n".format(filename, oops))
+        sys.exit(1)
+
+    if not xpath_ruleset(tree):
+        continue
+    rn = xpath_ruleset_name(tree)[0]
+    if not rn:
+        failure = 1
+        fail("unnamed ruleset")
+        continue
+    from_attrib = xpath_from(tree)
+    to = xpath_to(tree)
+    for test in tests:
+        if not test(tree, rn, from_attrib=from_attrib, to=to):
+            failure = 1
+            fail("%s failed test: %s" % (filename, test.__doc__))
+
+    targets = xpath_host(tree)
+    for target in targets:
+        host_counter.update([target])
+
+
+for host, count in host_counter.most_common():
+    if count > 1:
+        if host in duplicate_allowed_list:
+            warn("Allowlisted hostname %s shows up in %d different rulesets." % (host, count))
+        else:
+            failure = 1
+            fail("Hostname %s shows up in %d different rulesets." % (host, count))
+    if not is_valid_target_host(host):
+        failure = 1
+        fail("%s failed: %s" % (host, is_valid_target_host.__doc__))
+
+if failure > 0:
+    print("Complex validations & assertions of rulesets using test/validations/special/run.py failed.")
+else:
+    print("Complex validations & assertions of rulesets using test/validations/special/run.py succeeded.")
+
+
+sys.exit(failure)
diff --git a/test/validations/test-coverage/run.sh b/test/validations/test-coverage/run.sh
new file mode 100755
index 000000000000..953f6008da77
--- /dev/null
+++ b/test/validations/test-coverage/run.sh
@@ -0,0 +1,45 @@
+#!/bin/bash -e
+#
+# Test that all rulesets modified after a certain date have sufficient test
+# coverage, according to the ruleset checker.
+#
+
+# Get to the repo root directory, even when we're symlinked as a hook.
+if [ -n "$GIT_DIR" ]
+then
+    # $GIT_DIR is set, so we're running as a hook.
+    cd $GIT_DIR
+else
+    # Git command exists? Cool, let's CD to the right place.
+    git rev-parse && cd "$(git rev-parse --show-toplevel)"
+fi
+
+source utils/mktemp.sh
+
+TMP="$(mktemp)"
+trap 'rm "$TMP"' EXIT
+if ! [ -d test/rules ] ; then
+  echo "Submodule https-everywhere-checker is missing. Run"
+  echo "./install-dev-dependencies.sh"
+  exit 1
+fi
+if [ $# -gt 0 ] ; then
+  exec python3 test/rules/src/https_everywhere_checker/check_rules.py \
+    test/rules/coverage.checker.config "$@"
+fi
+if ! python3 test/rules/src/https_everywhere_checker/check_rules.py \
+      test/rules/coverage.checker.config; then
+  echo '
+Ruleset test coverage was insufficient.
+
+Under the new ruleset testing rules (February 2015), any modified ruleset
+must have sufficient test coverage. You can often improve test coverage by
+adding <test url="..." /> tags, or by restructuring the rule to avoid
+wildcard <target> tags. See these documents:
+https://github.com/EFForg/https-everywhere/blob/master/ruleset-testing.md
+https://github.com/EFForg/https-everywhere/blob/master/CONTRIBUTING.md#ruleset-style-guide
+'
+  exit 1
+else
+  exit 0
+fi
diff --git a/translations b/translations
new file mode 160000
index 000000000000..5885a200bb15
--- /dev/null
+++ b/translations
@@ -0,0 +1 @@
+Subproject commit 5885a200bb15b5d7320e8f53293ff067a9943629
diff --git a/utils/android-push.sh b/utils/android-push.sh
new file mode 100755
index 000000000000..6e09b50c70c4
--- /dev/null
+++ b/utils/android-push.sh
@@ -0,0 +1,43 @@
+#!/bin/bash
+set -o errexit
+
+cd $(dirname $0)
+XPI_NAME=$1
+ANDROID_APP_ID=org.mozilla.firefox
+if [ -z "$XPI_NAME" ] ; then
+  echo "No package name given to android-push.sh."
+  exit 1
+fi
+
+# Push to Android Firefox if device is connected
+# XXX on some systems, adb may require sudo...
+if type adb > /dev/null 2>/dev/null ; then
+  #running `adb devices` below will start adb server/daemon if it wasn't running already
+  #we start it and make note if it's us that started it or not, so we can stop it afterwards
+  if adb start-server 2>&1 |grep -qF 'daemon not running' ; then
+    we_started_adb_daemon=1
+  else
+    we_started_adb_daemon=0
+  fi
+  on_exit() {
+    if test "$we_started_adb_daemon" == "1"; then
+      #if we started it we kill it, to avoid constant dmesg PME# spam, see issue 18103
+      adb kill-server
+    fi
+  }
+  trap on_exit EXIT SIGINT
+
+  if adb devices >/dev/null 2>/dev/null ; then
+    ADB_FOUND=`adb devices | grep -v 'offline$' | tail -2 | head -1 | cut -f 1 | sed 's/ *$//g'`
+    if [ "$ADB_FOUND" != "List of devices attached" ]; then
+      echo Pushing "$XPI_NAME" to /sdcard/"$XPI_NAME"
+      adb push "../$XPI_NAME" /sdcard/"$XPI_NAME"
+      adb shell am start -a android.intent.action.VIEW \
+                         -c android.intent.category.DEFAULT \
+                         -d file:///mnt/sdcard/pkg/ \
+                         -n $ANDROID_APP_ID/.App
+    fi
+  fi
+fi
+
+
diff --git a/utils/check_certs.py b/utils/check_certs.py
deleted file mode 100755
index bf6dee856257..000000000000
--- a/utils/check_certs.py
+++ /dev/null
@@ -1,40 +0,0 @@
-#!/usr/bin/env python
-
-import sys
-import re
-from subprocess import Popen, PIPE
-from glob import glob
-
-host_targets = re.compile(r'<target *host="([a-z0-9\-\*\.]+)"')
-wget_cmd = lambda h : ["wget", "-O", "/dev/null", "https://" + h]
-
-for fname in sys.argv[1:]:
-  hosts = host_targets.findall(open(fname).read())
-  if not hosts:
-    print("Could not find <target hosts> in " + fname)
-    continue
-  successes = []
-  failures = []
-  for h in hosts:
-    h2 = h.replace("*", "www")
-    cmd = Popen(wget_cmd(h2), stdout=PIPE, stderr=PIPE)
-    out, err = cmd.communicate()
-    for l in err.split("\n"):
-      if "certificate" in l:
-        failures.append(l)
-        break
-    else:
-      successes.append(h)
-  if successes and not failures:
-    print(fname + " no cert warnings")
-  elif failures and not successes:
-    print(fname + " categorical failure:")
-    for f in failures:
-      print("    " + f)
-  else:
-    print(fname + " mixed results:")
-    for s in successes:
-      print("    " + s + " is OK")
-    for f in failures:
-      print("    " + f)
-
diff --git a/utils/chromium-preloads.py b/utils/chromium-preloads.py
deleted file mode 100644
index 99a240db225b..000000000000
--- a/utils/chromium-preloads.py
+++ /dev/null
@@ -1,95 +0,0 @@
-#!/usr/bin/env python
-
-# autogenerate sample versions of rules from Chromium browser's HSTS
-# preload list (in the from-preloads/ directory)
-
-import urllib.request, urllib.error, urllib.parse, re, glob, os
-from lxml import etree
-
-preloads = urllib.request.urlopen("https://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.h?content-type=text%2Fplain").read()
-preloads = preloads.decode('utf-8')
-
-def escape(s):
-    return re.sub("\.", "\\.", s)
-
-def get_targets():
-    """extract unique targets from the set of https-e rulesets"""
-    ruledir = "src/chrome/content/rules/"
-    rules = [ruledir+fi for fi in os.listdir(ruledir) if fi.endswith(".xml")]
-    targets = set()
-    for fi in rules:
-        tree = etree.parse(fi)
-        targets.update(tree.xpath("/ruleset/target/@host"))
-    return targets
-
-def is_dup(rule, targets):
-    """find if a rule is duplicated in the existing https-e rulesets"""
-    if rule.lower() in map(lambda x: x.lower(), targets):
-        return True
-    else:
-        wildcards = filter(lambda x: '*' in x, targets)
-        for url in wildcards:
-            url = re.escape(url)
-            url = re.sub(r'\\\*', '.*', url)  # handle wildcards
-            url = '^'+url+'$'
-            if re.compile(url, re.I).search(rule):
-                return True
-            else:
-                continue
-        return False
-
-def make_rule(name, hosts):
-    output = """<!-- This rule was automatically generated based on an HSTS
-     preload rule in the Chromium browser.  See
-     https://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.h
-     for the list of preloads.  Sites are added to the Chromium HSTS
-     preload list on request from their administrators, so HTTPS should
-     work properly everywhere on this site.
-
-     Because Chromium and derived browsers automatically force HTTPS for
-     every access to this site, this rule applies only to Firefox. -->\n"""
-    output += '<ruleset name="%s" platform="firefox">\n' % name.capitalize()
-    for h in hosts:
-        output += '<target host="%s" />\n' % h
-
-    output += "\n"
-
-    for h in hosts:
-        output += '<securecookie host="^%s$" name=".+" />\n' % escape(h)
-
-    output += "\n"
-
-    for h in hosts:
-        output += '<rule from="^http://%s/" to="https://%s/" />\n' % (escape(h), h)
-
-    output += "</ruleset>\n"
-    open("from-preloads/%s.xml" % name.capitalize(), "w").write(output)
-
-t = re.compile('&quot;, true')
-preloads = list(filter(t.search,preloads.split("\n")))
-
-preloads = [x.split('&quot;')[1] for x in preloads]
-preloads = [re.sub('\\\\[0-9]*', '.', x) for x in preloads]
-preloads = [re.sub('^\.', '', x) for x in preloads]
-
-print("Found %d targets total in HSTS preloads list" % len(preloads))
-
-#rules = [open(x).read() for x in glob.glob("src/chrome/content/rules/*.xml")]
-
-targets = get_targets()
-
-d = {}
-for x in preloads:
-    if is_dup(x, targets):
-        print("Ignored existing domain", x)
-        continue
-    domain = ".".join(x.split(".")[-2:])
-    d.setdefault(domain, []).append(x)
-
-if not os.access("from-preloads", 0):
-    os.mkdir("from-preloads")
-
-for k in d:
-    make_rule(k, d[k])
-
-print("Please examine %d new rules in from-preloads/ directory." % len(d))
diff --git a/utils/chromium-translations.py b/utils/chromium-translations.py
new file mode 100644
index 000000000000..a9d7318efc13
--- /dev/null
+++ b/utils/chromium-translations.py
@@ -0,0 +1,39 @@
+#!/usr/bin/env python3
+"""
+Given two directories, copy Firefox-style https-everywhere.dtd translations from
+the first directory into appropriately-named Chromium-style messages.json
+translations in the second directory.
+"""
+import re
+import sys
+import os
+import json
+
+source_dir = sys.argv[1]
+dest_dir = sys.argv[2]
+
+message_regex = re.compile("<!ENTITY https-everywhere\.([\w.-]+) \"(.*?)\">")
+
+def convert(locale):
+  translation_file = os.path.join(source_dir, locale, "https-everywhere.dtd")
+  if os.path.isfile(translation_file):
+    target_messages = {}
+    with open(translation_file, 'r', encoding='utf-8') as f:
+      for line in f:
+        m = message_regex.search(line)
+        if m:
+          message_name = m.group(1)
+          message_value = m.group(2)
+          message_name = re.sub("[.-]", "_", message_name)
+          target_messages[message_name] = {
+            "message": message_value
+          }
+    target_dir = os.path.join(dest_dir, locale)
+    if not os.path.isdir(target_dir):
+      os.mkdir(target_dir)
+    with open(os.path.join(target_dir, "messages.json"), "w") as out_file:
+      out_file.write(json.dumps(target_messages, sort_keys=True, indent=4))
+
+for locale in os.listdir(source_dir):
+  if not "." in locale:
+    convert(locale)
diff --git a/utils/compare-locales.sh b/utils/compare-locales.sh
deleted file mode 100755
index 69678e7a8c65..000000000000
--- a/utils/compare-locales.sh
+++ /dev/null
@@ -1,17 +0,0 @@
-#!/usr/bin/env bash
-
-# Check whether all included rules include every entity defined in the
-# English locale DTDs.  (Missing an entity is a fatal error.)
-
-# Requires bash in order to avoid making temporary files.  We could
-# change this but we'd probably need to create temporary files.
-
-status=0
-
-pushd src/chrome/locale
-for lang in *
-do
-   comm -2 -3 <(grep '^<!ENTITY' en/* | cut -d' ' -f2 | sort -u) <(grep '^<!ENTITY' $lang/* | cut -d' ' -f2 | sort -u) | grep . && echo "\_ missing for locale" $lang && status=1
-done
-
-exit $status
diff --git a/utils/convert-hsts/.gitignore b/utils/convert-hsts/.gitignore
new file mode 100644
index 000000000000..e2e6009a5904
--- /dev/null
+++ b/utils/convert-hsts/.gitignore
@@ -0,0 +1,2 @@
+node_modules
+hsts.xml
diff --git a/utils/convert-hsts/index.js b/utils/convert-hsts/index.js
new file mode 100644
index 000000000000..6b374505e290
--- /dev/null
+++ b/utils/convert-hsts/index.js
@@ -0,0 +1,75 @@
+'use strict';
+
+const _ = require('highland');
+const fs = require('fs');
+const https = require('https');
+const JSONStream = require('JSONStream');
+const base64 = require('base64-stream');
+const xmlBuilder = require('xmlbuilder');
+
+function hostToRegex(host) {
+  return host.replace(/\./g, '\\.');
+}
+
+_(push => {
+  https.get('https://chromium.googlesource.com/chromium/src/net/+/master/http/transport_security_state_static.json?format=TEXT', res => {
+    push(null, res);
+    push(null, _.nil);
+  });
+})
+  .flatMap(_)
+  .pipe(_.pipeline(
+    base64.decode(),
+    _.split(),
+    _.filter(line => !/^\s*\/\//.test(line)),
+    JSONStream.parse('entries.*')
+  ))
+  .reduce({
+    xml: xmlBuilder.create('rulesetlibrary'),
+    rulesets: new Map(),
+    greedyInclusions: '(?!)',
+    potentialExclusions: new Map()
+  }, (acc, { name, mode = '', include_subdomains = false }) => {
+    if (mode === 'force-https') {
+      const ruleset = acc.xml.ele('ruleset', { name });
+      acc.rulesets.set(name, ruleset);
+      ruleset.ele('target', {
+        host: name
+      });
+      if (include_subdomains) {
+        acc.greedyInclusions += `|${hostToRegex(name)}`;
+        ruleset.ele('target', {
+          host: `*.${name}`
+        });
+      }
+      ruleset.ele('rule', {
+        from: '^http:',
+        to: 'https:'
+      });
+    } else {
+      acc.potentialExclusions.set(name, include_subdomains);
+    }
+    return acc;
+  })
+  .map(acc => {
+    const regexp = new RegExp(`\.(${acc.greedyInclusions})$`);
+    for (const [ name, include_subdomains ] of acc.potentialExclusions) {
+      const match = name.match(regexp);
+      if (match) {
+        const ruleset = acc.rulesets.get(match[1]);
+        ruleset.ele('exclusion', {
+          pattern: `^http://${include_subdomains ? '(?:[\\w-]+\\.)*' : ''}${hostToRegex(name)}/`
+        });
+        ruleset.ele('test', {
+          url: `http://${name}/`
+        });
+        if (include_subdomains) {
+          ruleset.ele('test', {
+            url: `http://host-part.${name}/`
+          });
+        }
+      }
+    }
+    return acc.xml.end({ pretty: true });
+  })
+  .pipe(fs.createWriteStream(`${__dirname}/hsts.xml`));
diff --git a/utils/convert-hsts/package.json b/utils/convert-hsts/package.json
new file mode 100644
index 000000000000..106a79311bbe
--- /dev/null
+++ b/utils/convert-hsts/package.json
@@ -0,0 +1,15 @@
+{
+  "name": "convert-hsts",
+  "version": "1.0.0",
+  "dependencies": {
+    "JSONStream": "^1.2.1",
+    "base64-stream": "^0.1.3",
+    "highland": "^2.10.0",
+    "xmlbuilder": "^8.2.2"
+  },
+  "keywords": [],
+  "author": "Ingvar Stepanyan",
+  "description": "Script to generate HTTPS Everywhere ruleset library from HSTS list",
+  "license": "MIT",
+  "private": true
+}
diff --git a/utils/create-platform-certs/.gitignore b/utils/create-platform-certs/.gitignore
new file mode 100644
index 000000000000..45b7a69b29ba
--- /dev/null
+++ b/utils/create-platform-certs/.gitignore
@@ -0,0 +1,2 @@
+certdata.txt
+mk-ca-bundle.pl
diff --git a/utils/create-platform-certs/README.md b/utils/create-platform-certs/README.md
new file mode 100644
index 000000000000..35986902d079
--- /dev/null
+++ b/utils/create-platform-certs/README.md
@@ -0,0 +1,17 @@
+# create-platform-certs
+
+This repository creates and fills `test/rules/platform_certs/default/`.
+
+## Setup
+
+Download `certdata.txt` and `mk-ca-bundle.pl` and put them in this directory.
+You can find the download locations in `SHA256SUMS`.
+
+## Run
+
+You can repopulate the certificates with `create_platform_certs.sh`. The
+certificates should be bit-for-bit identical if you use the same `certdata.txt`
+and `mk-ca-bundle.pl`.
+
+You can update the certificates by using a new `certdata.txt` and
+`mk-ca-bundle.pl`. Be sure to also update `SHA256SUMS`.
diff --git a/utils/create-platform-certs/SHA256SUMS b/utils/create-platform-certs/SHA256SUMS
new file mode 100644
index 000000000000..59c7f8083fe0
--- /dev/null
+++ b/utils/create-platform-certs/SHA256SUMS
@@ -0,0 +1,5 @@
+# Use `curl -I 'https://download.mozilla.org/?product=firefox-latest&os=linux64&lang=en_US'` to determine the latest stable version, and replace the tag in the URL below.
+# https://hg.mozilla.org/releases/mozilla-release/raw-file/FIREFOX_73_0_1_RELEASE/security/nss/lib/ckfw/builtins/certdata.txt
+f3bdcd74612952da8476a9d4147f50b29ad0710b7dd95b4c8690500209986d70  certdata.txt
+# https://raw.githubusercontent.com/curl/curl/curl-7_69_0/lib/mk-ca-bundle.pl
+9d828d97053868907ce6229d132132f0f26772393405dadd037b6f85a5c5b219  mk-ca-bundle.pl
diff --git a/utils/create-platform-certs/create_platform_certs.sh b/utils/create-platform-certs/create_platform_certs.sh
new file mode 100755
index 000000000000..8b2b1739c668
--- /dev/null
+++ b/utils/create-platform-certs/create_platform_certs.sh
@@ -0,0 +1,26 @@
+#!/usr/bin/env bash
+set -xe
+
+GIT_REPO_TOP_LEVEL="$(git rev-parse --show-toplevel)"
+
+cd "${GIT_REPO_TOP_LEVEL}"/utils/create-platform-certs
+
+COMBINED_CERT_FILE=./ca-bundle.crt
+HASH_FILE=./SHA256SUMS
+MK_CA_BUNDLE_PL_EXEC=./mk-ca-bundle.pl
+SPLIT_CERT_DIR="${GIT_REPO_TOP_LEVEL}"/test/rules/platform_certs/default/
+SPLIT_COMBINED_CERT_FILE_EXEC=./split_combined_cert_file.py
+
+sha256sum -c "${HASH_FILE}"
+
+git rm -r -f -q "${SPLIT_CERT_DIR}"
+
+perl "${MK_CA_BUNDLE_PL_EXEC}" -n "${COMBINED_CERT_FILE}"
+
+python3 "${SPLIT_COMBINED_CERT_FILE_EXEC}" "${COMBINED_CERT_FILE}" "${SPLIT_CERT_DIR}"
+
+c_rehash "${SPLIT_CERT_DIR}" > /dev/null
+
+rm "${COMBINED_CERT_FILE}"
+
+git add "${SPLIT_CERT_DIR}"
diff --git a/utils/create-platform-certs/split_combined_cert_file.py b/utils/create-platform-certs/split_combined_cert_file.py
new file mode 100755
index 000000000000..783d54ebf105
--- /dev/null
+++ b/utils/create-platform-certs/split_combined_cert_file.py
@@ -0,0 +1,37 @@
+#!/usr/bin/env python3
+import argparse
+import codecs
+import os
+import pathlib
+import re
+
+if __name__ == '__main__':
+    parser = argparse.ArgumentParser()
+    parser.add_argument(
+        'cert_file',
+        help='combined crt/pem file to split',
+    )
+    parser.add_argument(
+        'output_dir',
+        help='output directory for split files',
+    )
+    args = parser.parse_args()
+    with codecs.open(args.cert_file, 'r', encoding='utf-8') as cert_file:
+        bundle = cert_file.read()
+        certs = re.compile('\n{2,}').split(bundle)
+
+        # First element of certs is a comment
+        certs = certs[1:]
+        cert_filename_num_width = len(str(len(certs)))
+        pathlib.Path(args.output_dir).mkdir(parents=True, exist_ok=True)
+        for index, cert in enumerate(certs):
+            cert_name, cert_content = re.compile("\n=+\n").split(cert)
+            cert_filename = os.path.join(
+                args.output_dir,
+                "cert{}.pem".format(str(index+1).zfill(cert_filename_num_width))
+            )
+            with codecs.open(
+                    cert_filename, 'w', encoding='utf-8') as cert_file:
+                cert_file.write("%s\n" % cert_name)
+                cert_file.write(cert_content)
+                cert_file.write('\n')
diff --git a/utils/create_xpi.py b/utils/create_xpi.py
deleted file mode 100644
index fb3f1c658ce4..000000000000
--- a/utils/create_xpi.py
+++ /dev/null
@@ -1,38 +0,0 @@
-#!/usr/bin/python
-
-# Uses the Python zip implementation to create deterministic XPI's
-# Author: Yan Zhu, yan@mit.edu
-
-"""
-Usage: python create_xpi.py -x <exclusions> -n <name of zipped file> <directory>
-"""
-
-import argparse
-import zipfile_deterministic as zipfile
-import sys
-import glob
-
-parser = argparse.ArgumentParser(
-    description="Deterministic XPI file creator.")
-parser.add_argument("-x", type=str, nargs="?",
-    dest="exclusions", metavar="File with file pattern exclusions",
-    default=".build_exclusions", help="Excluded file patterns.")
-parser.add_argument("-n", type=str,
-    dest="xpiname", help="Name of target XPI file.")
-parser.add_argument("directory", type=str,
-    help="Directory to compress.")
-
-args = parser.parse_args()
-
-exclusions = []
-with open(args.exclusions) as f:
-    for line in f:
-        exclusions.extend(glob.glob(line.strip()))
-exclusions = map(lambda x: './'+x, exclusions)
-
-compress = zipfile.ZIP_DEFLATED
-
-xpiFile = zipfile.ZipFile(args.xpiname, mode='w', compression=compress)
-
-xpiFile.write_from_directory(args.directory, exclusions, compress_type=compress)
-xpiFile.close()
diff --git a/utils/create_zip.py b/utils/create_zip.py
new file mode 100755
index 000000000000..d8af693fa17b
--- /dev/null
+++ b/utils/create_zip.py
@@ -0,0 +1,41 @@
+#!/usr/bin/env python3
+
+# Uses the Python zip implementation to create deterministic zip's
+# Author: Yan Zhu, yan@mit.edu
+
+"""
+Usage: python3 create_zip.py -x <exclusions> -n <name of zipped file> <directory>
+"""
+
+import argparse
+import glob
+import os
+import zipfile_deterministic as zipfile
+
+parser = argparse.ArgumentParser(
+    description="Deterministic zip file creator.")
+parser.add_argument("-x", type=str, nargs="?",
+    dest="exclusions", metavar="File with file pattern exclusions",
+    default=".build_exclusions", help="Excluded file patterns.")
+parser.add_argument("-n", type=str,
+    dest="zipname", help="Name of target zip file.")
+parser.add_argument("directory", type=str,
+    help="Directory to compress.")
+
+args = parser.parse_args()
+
+compress = zipfile.ZIP_DEFLATED
+
+createdZipFile = zipfile.ZipFile(args.zipname, mode='w', compression=compress)
+
+f = open(args.exclusions)
+
+os.chdir(args.directory)
+
+exclusions = []
+for line in f:
+    exclusions.extend(glob.glob(line.strip()))
+exclusions = list(map(lambda x: './'+x, exclusions))
+
+createdZipFile.write_from_directory(".", exclusions, compress_type=compress)
+createdZipFile.close()
diff --git a/utils/dbconnect.py b/utils/dbconnect.py
deleted file mode 100644
index 7a39e179e965..000000000000
--- a/utils/dbconnect.py
+++ /dev/null
@@ -1,24 +0,0 @@
-#!/usr/bin/env python
-import MySQLdb
-
-try:    from db_private import DB_USER
-except: DB_USER = "root"  # customise for your install
-
-try:    from db_private import DB_PASS
-except: DB_PASS = "root"  # customise
-
-try:    from db_private import DB_NAME  
-except: DB_NAME = "observatory_api"
-
-TEST_DB_NAME = "tmp_TESTDB1"
-
-def dbconnect():
-  db = MySQLdb.connect(user=DB_USER, passwd=DB_PASS, db=DB_NAME)
-  dbc = db.cursor()
-  return db,dbc
-
-def dbconnecttest():
-  db = MySQLdb.connect(user=DB_USER, passwd=DB_PASS, db=TEST_DB_NAME)
-  dbc = db.cursor()
-  return db,dbc
-  
diff --git a/utils/diff-noscript.sh b/utils/diff-noscript.sh
deleted file mode 100755
index 4acff48c8c80..000000000000
--- a/utils/diff-noscript.sh
+++ /dev/null
@@ -1,32 +0,0 @@
-#!/bin/sh
-
-# Used to import upstream changes to the NoScript code that use for request
-# rewriting.
-
-# The merging process is roughly this:
-# 0. Download noscript xpi's or git checkouts corresponding to the last
-#    merge version and the current merge version.
-# 1. Update the FROM and TO versions appropriately below.
-# 2  execute:
-#    ./utils/diff-noscript.sh > noscript-merge.diff
-#    cd ./src/chrome/content/code/
-#    patch -p4 < ../../../../noscript-merge.diff
-# 3. Clean up the mess.
-# 4. Manually extract the IOUtil, Thread, and IO objects from 
-#    $TO/components/noscriptservice.js and drop them into 
-#    the corresponding js files in ./src/chrome/content/code/.
-#
-# Note: This whole process can be likely simplified a bit. You
-# might be able to get away with simply copying ChannelReplacement.js
-# from newer NoScript versions, since I believe we've taken a more
-# active ownership of the rest of the files and we've diverged quite
-# a bit.
-
-FROM=../noscript-2.0.9.8rc1
-TO=../noscript-2.3.7
-
-for i in ./src/chrome/content/code/*.js
-do
-  name=`basename $i`
-  diff -u $FROM/chrome/content/noscript/$name $TO/chrome/content/noscript/$name
-done
diff --git a/utils/eff-pubkey.der b/utils/eff-pubkey.der
deleted file mode 100644
index b7e2669ec8ad..000000000000
Binary files a/utils/eff-pubkey.der and /dev/null differ
diff --git a/utils/eslint/.gitignore b/utils/eslint/.gitignore
new file mode 100644
index 000000000000..3c3629e647f5
--- /dev/null
+++ b/utils/eslint/.gitignore
@@ -0,0 +1 @@
+node_modules
diff --git a/utils/eslint/package-lock.json b/utils/eslint/package-lock.json
new file mode 100644
index 000000000000..066503c6a00e
--- /dev/null
+++ b/utils/eslint/package-lock.json
@@ -0,0 +1,897 @@
+{
+  "requires": true,
+  "lockfileVersion": 1,
+  "dependencies": {
+    "@babel/code-frame": {
+      "version": "7.10.4",
+      "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.10.4.tgz",
+      "integrity": "sha512-vG6SvB6oYEhvgisZNFRmRCUkLz11c7rp+tbNTynGqc6mS1d5ATd/sGyV6W0KZZnXRKMTzZDRgQT3Ou9jhpAfUg==",
+      "dev": true,
+      "requires": {
+        "@babel/highlight": "^7.10.4"
+      }
+    },
+    "@babel/helper-validator-identifier": {
+      "version": "7.10.4",
+      "resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.10.4.tgz",
+      "integrity": "sha512-3U9y+43hz7ZM+rzG24Qe2mufW5KhvFg/NhnNph+i9mgCtdTCtMJuI1TMkrIUiK7Ix4PYlRF9I5dhqaLYA/ADXw==",
+      "dev": true
+    },
+    "@babel/highlight": {
+      "version": "7.10.4",
+      "resolved": "https://registry.npmjs.org/@babel/highlight/-/highlight-7.10.4.tgz",
+      "integrity": "sha512-i6rgnR/YgPEQzZZnbTHHuZdlE8qyoBNalD6F+q4vAFlcMEcqmkoG+mPqJYJCo63qPf74+Y1UZsl3l6f7/RIkmA==",
+      "dev": true,
+      "requires": {
+        "@babel/helper-validator-identifier": "^7.10.4",
+        "chalk": "^2.0.0",
+        "js-tokens": "^4.0.0"
+      },
+      "dependencies": {
+        "chalk": {
+          "version": "2.4.2",
+          "resolved": "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz",
+          "integrity": "sha512-Mti+f9lpJNcwF4tWV8/OrTTtF1gZi+f8FqlyAdouralcFWFQWF2+NgCHShjkCb+IFBLq9buZwE1xckQU4peSuQ==",
+          "dev": true,
+          "requires": {
+            "ansi-styles": "^3.2.1",
+            "escape-string-regexp": "^1.0.5",
+            "supports-color": "^5.3.0"
+          }
+        }
+      }
+    },
+    "@eslint/eslintrc": {
+      "version": "0.1.0",
+      "resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-0.1.0.tgz",
+      "integrity": "sha512-bfL5365QSCmH6cPeFT7Ywclj8C7LiF7sO6mUGzZhtAMV7iID1Euq6740u/SRi4C80NOnVz/CEfK8/HO+nCAPJg==",
+      "dev": true,
+      "requires": {
+        "ajv": "^6.12.4",
+        "debug": "^4.1.1",
+        "import-fresh": "^3.2.1",
+        "strip-json-comments": "^3.1.1"
+      }
+    },
+    "@types/color-name": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/@types/color-name/-/color-name-1.1.1.tgz",
+      "integrity": "sha512-rr+OQyAjxze7GgWrSaJwydHStIhHq2lvY3BOC2Mj7KnzI7XK0Uw1TOOdI9lDoajEbSWLiYgoo4f1R51erQfhPQ==",
+      "dev": true
+    },
+    "acorn": {
+      "version": "7.4.0",
+      "resolved": "https://registry.npmjs.org/acorn/-/acorn-7.4.0.tgz",
+      "integrity": "sha512-+G7P8jJmCHr+S+cLfQxygbWhXy+8YTVGzAkpEbcLo2mLoL7tij/VG41QSHACSf5QgYRhMZYHuNc6drJaO0Da+w==",
+      "dev": true
+    },
+    "acorn-jsx": {
+      "version": "5.2.0",
+      "resolved": "https://registry.npmjs.org/acorn-jsx/-/acorn-jsx-5.2.0.tgz",
+      "integrity": "sha512-HiUX/+K2YpkpJ+SzBffkM/AQ2YE03S0U1kjTLVpoJdhZMOWy8qvXVN9JdLqv2QsaQ6MPYQIuNmwD8zOiYUofLQ==",
+      "dev": true
+    },
+    "ajv": {
+      "version": "6.12.4",
+      "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.12.4.tgz",
+      "integrity": "sha512-eienB2c9qVQs2KWexhkrdMLVDoIQCz5KSeLxwg9Lzk4DOfBtIK9PQwwufcsn1jjGuf9WZmqPMbGxOzfcuphJCQ==",
+      "dev": true,
+      "requires": {
+        "fast-deep-equal": "^3.1.1",
+        "fast-json-stable-stringify": "^2.0.0",
+        "json-schema-traverse": "^0.4.1",
+        "uri-js": "^4.2.2"
+      }
+    },
+    "ansi-colors": {
+      "version": "4.1.1",
+      "resolved": "https://registry.npmjs.org/ansi-colors/-/ansi-colors-4.1.1.tgz",
+      "integrity": "sha512-JoX0apGbHaUJBNl6yF+p6JAFYZ666/hhCGKN5t9QFjbJQKUU/g8MNbFDbvfrgKXvI1QpZplPOnwIo99lX/AAmA==",
+      "dev": true
+    },
+    "ansi-regex": {
+      "version": "5.0.1",
+      "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz",
+      "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==",
+      "dev": true
+    },
+    "ansi-styles": {
+      "version": "3.2.1",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz",
+      "integrity": "sha512-VT0ZI6kZRdTh8YyJw3SMbYm/u+NqfsAxEpWO0Pf9sq8/e94WxxOpPKx9FR1FlyCtOVDNOQ+8ntlqFxiRc+r5qA==",
+      "dev": true,
+      "requires": {
+        "color-convert": "^1.9.0"
+      }
+    },
+    "argparse": {
+      "version": "1.0.10",
+      "resolved": "https://registry.npmjs.org/argparse/-/argparse-1.0.10.tgz",
+      "integrity": "sha512-o5Roy6tNG4SL/FOkCAN6RzjiakZS25RLYFrcMttJqbdd8BWrnA+fGz57iN5Pb06pvBGvl5gQ0B48dJlslXvoTg==",
+      "dev": true,
+      "requires": {
+        "sprintf-js": "~1.0.2"
+      }
+    },
+    "astral-regex": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/astral-regex/-/astral-regex-1.0.0.tgz",
+      "integrity": "sha512-+Ryf6g3BKoRc7jfp7ad8tM4TtMiaWvbF/1/sQcZPkkS7ag3D5nMBCe2UfOTONtAkaG0tO0ij3C5Lwmf1EiyjHg==",
+      "dev": true
+    },
+    "balanced-match": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.0.tgz",
+      "integrity": "sha1-ibTRmasr7kneFk6gK4nORi1xt2c=",
+      "dev": true
+    },
+    "brace-expansion": {
+      "version": "1.1.11",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz",
+      "integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==",
+      "dev": true,
+      "requires": {
+        "balanced-match": "^1.0.0",
+        "concat-map": "0.0.1"
+      }
+    },
+    "callsites": {
+      "version": "3.1.0",
+      "resolved": "https://registry.npmjs.org/callsites/-/callsites-3.1.0.tgz",
+      "integrity": "sha512-P8BjAsXvZS+VIDUI11hHCQEv74YT67YUi5JJFNWIqL235sBmjX4+qx9Muvls5ivyNENctx46xQLQ3aTuE7ssaQ==",
+      "dev": true
+    },
+    "chalk": {
+      "version": "4.1.0",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.0.tgz",
+      "integrity": "sha512-qwx12AxXe2Q5xQ43Ac//I6v5aXTipYrSESdOgzrN+9XjgEpyjpKuvSGaN4qE93f7TQTlerQQ8S+EQ0EyDoVL1A==",
+      "dev": true,
+      "requires": {
+        "ansi-styles": "^4.1.0",
+        "supports-color": "^7.1.0"
+      },
+      "dependencies": {
+        "ansi-styles": {
+          "version": "4.2.1",
+          "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.2.1.tgz",
+          "integrity": "sha512-9VGjrMsG1vePxcSweQsN20KY/c4zN0h9fLjqAbwbPfahM3t+NL+M9HC8xeXG2I8pX5NoamTGNuomEUFI7fcUjA==",
+          "dev": true,
+          "requires": {
+            "@types/color-name": "^1.1.1",
+            "color-convert": "^2.0.1"
+          }
+        },
+        "color-convert": {
+          "version": "2.0.1",
+          "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
+          "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
+          "dev": true,
+          "requires": {
+            "color-name": "~1.1.4"
+          }
+        },
+        "color-name": {
+          "version": "1.1.4",
+          "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
+          "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==",
+          "dev": true
+        },
+        "has-flag": {
+          "version": "4.0.0",
+          "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
+          "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
+          "dev": true
+        },
+        "supports-color": {
+          "version": "7.2.0",
+          "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
+          "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
+          "dev": true,
+          "requires": {
+            "has-flag": "^4.0.0"
+          }
+        }
+      }
+    },
+    "color-convert": {
+      "version": "1.9.3",
+      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz",
+      "integrity": "sha512-QfAUtd+vFdAtFQcC8CCyYt1fYWxSqAiK2cSD6zDB8N3cpsEBAvRxp9zOGg6G/SHHJYAT88/az/IuDGALsNVbGg==",
+      "dev": true,
+      "requires": {
+        "color-name": "1.1.3"
+      }
+    },
+    "color-name": {
+      "version": "1.1.3",
+      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz",
+      "integrity": "sha1-p9BVi9icQveV3UIyj3QIMcpTvCU=",
+      "dev": true
+    },
+    "concat-map": {
+      "version": "0.0.1",
+      "resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz",
+      "integrity": "sha1-2Klr13/Wjfd5OnMDajug1UBdR3s=",
+      "dev": true
+    },
+    "cross-spawn": {
+      "version": "7.0.3",
+      "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz",
+      "integrity": "sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==",
+      "dev": true,
+      "requires": {
+        "path-key": "^3.1.0",
+        "shebang-command": "^2.0.0",
+        "which": "^2.0.1"
+      }
+    },
+    "debug": {
+      "version": "4.1.1",
+      "resolved": "https://registry.npmjs.org/debug/-/debug-4.1.1.tgz",
+      "integrity": "sha512-pYAIzeRo8J6KPEaJ0VWOh5Pzkbw/RetuzehGM7QRRX5he4fPHx2rdKMB256ehJCkX+XRQm16eZLqLNS8RSZXZw==",
+      "dev": true,
+      "requires": {
+        "ms": "^2.1.1"
+      }
+    },
+    "deep-is": {
+      "version": "0.1.3",
+      "resolved": "https://registry.npmjs.org/deep-is/-/deep-is-0.1.3.tgz",
+      "integrity": "sha1-s2nW+128E+7PUk+RsHD+7cNXzzQ=",
+      "dev": true
+    },
+    "doctrine": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/doctrine/-/doctrine-3.0.0.tgz",
+      "integrity": "sha512-yS+Q5i3hBf7GBkd4KG8a7eBNNWNGLTaEwwYWUijIYM7zrlYDM0BFXHjjPWlWZ1Rg7UaddZeIDmi9jF3HmqiQ2w==",
+      "dev": true,
+      "requires": {
+        "esutils": "^2.0.2"
+      }
+    },
+    "emoji-regex": {
+      "version": "7.0.3",
+      "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-7.0.3.tgz",
+      "integrity": "sha512-CwBLREIQ7LvYFB0WyRvwhq5N5qPhc6PMjD6bYggFlI5YyDgl+0vxq5VHbMOFqLg7hfWzmu8T5Z1QofhmTIhItA==",
+      "dev": true
+    },
+    "enquirer": {
+      "version": "2.3.6",
+      "resolved": "https://registry.npmjs.org/enquirer/-/enquirer-2.3.6.tgz",
+      "integrity": "sha512-yjNnPr315/FjS4zIsUxYguYUPP2e1NK4d7E7ZOLiyYCcbFBiTMyID+2wvm2w6+pZ/odMA7cRkjhsPbltwBOrLg==",
+      "dev": true,
+      "requires": {
+        "ansi-colors": "^4.1.1"
+      }
+    },
+    "escape-string-regexp": {
+      "version": "1.0.5",
+      "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz",
+      "integrity": "sha1-G2HAViGQqN/2rjuyzwIAyhMLhtQ=",
+      "dev": true
+    },
+    "eslint": {
+      "version": "7.8.0",
+      "resolved": "https://registry.npmjs.org/eslint/-/eslint-7.8.0.tgz",
+      "integrity": "sha512-qgtVyLZqKd2ZXWnLQA4NtVbOyH56zivOAdBFWE54RFkSZjokzNrcP4Z0eVWsZ+84ByXv+jL9k/wE1ENYe8xRFw==",
+      "dev": true,
+      "requires": {
+        "@babel/code-frame": "^7.0.0",
+        "@eslint/eslintrc": "^0.1.0",
+        "ajv": "^6.10.0",
+        "chalk": "^4.0.0",
+        "cross-spawn": "^7.0.2",
+        "debug": "^4.0.1",
+        "doctrine": "^3.0.0",
+        "enquirer": "^2.3.5",
+        "eslint-scope": "^5.1.0",
+        "eslint-utils": "^2.1.0",
+        "eslint-visitor-keys": "^1.3.0",
+        "espree": "^7.3.0",
+        "esquery": "^1.2.0",
+        "esutils": "^2.0.2",
+        "file-entry-cache": "^5.0.1",
+        "functional-red-black-tree": "^1.0.1",
+        "glob-parent": "^5.0.0",
+        "globals": "^12.1.0",
+        "ignore": "^4.0.6",
+        "import-fresh": "^3.0.0",
+        "imurmurhash": "^0.1.4",
+        "is-glob": "^4.0.0",
+        "js-yaml": "^3.13.1",
+        "json-stable-stringify-without-jsonify": "^1.0.1",
+        "levn": "^0.4.1",
+        "lodash": "^4.17.19",
+        "minimatch": "^3.0.4",
+        "natural-compare": "^1.4.0",
+        "optionator": "^0.9.1",
+        "progress": "^2.0.0",
+        "regexpp": "^3.1.0",
+        "semver": "^7.2.1",
+        "strip-ansi": "^6.0.0",
+        "strip-json-comments": "^3.1.0",
+        "table": "^5.2.3",
+        "text-table": "^0.2.0",
+        "v8-compile-cache": "^2.0.3"
+      }
+    },
+    "eslint-scope": {
+      "version": "5.1.0",
+      "resolved": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-5.1.0.tgz",
+      "integrity": "sha512-iiGRvtxWqgtx5m8EyQUJihBloE4EnYeGE/bz1wSPwJE6tZuJUtHlhqDM4Xj2ukE8Dyy1+HCZ4hE0fzIVMzb58w==",
+      "dev": true,
+      "requires": {
+        "esrecurse": "^4.1.0",
+        "estraverse": "^4.1.1"
+      }
+    },
+    "eslint-utils": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/eslint-utils/-/eslint-utils-2.1.0.tgz",
+      "integrity": "sha512-w94dQYoauyvlDc43XnGB8lU3Zt713vNChgt4EWwhXAP2XkBvndfxF0AgIqKOOasjPIPzj9JqgwkwbCYD0/V3Zg==",
+      "dev": true,
+      "requires": {
+        "eslint-visitor-keys": "^1.1.0"
+      }
+    },
+    "eslint-visitor-keys": {
+      "version": "1.3.0",
+      "resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-1.3.0.tgz",
+      "integrity": "sha512-6J72N8UNa462wa/KFODt/PJ3IU60SDpC3QXC1Hjc1BXXpfL2C9R5+AU7jhe0F6GREqVMh4Juu+NY7xn+6dipUQ==",
+      "dev": true
+    },
+    "espree": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/espree/-/espree-7.3.0.tgz",
+      "integrity": "sha512-dksIWsvKCixn1yrEXO8UosNSxaDoSYpq9reEjZSbHLpT5hpaCAKTLBwq0RHtLrIr+c0ByiYzWT8KTMRzoRCNlw==",
+      "dev": true,
+      "requires": {
+        "acorn": "^7.4.0",
+        "acorn-jsx": "^5.2.0",
+        "eslint-visitor-keys": "^1.3.0"
+      }
+    },
+    "esprima": {
+      "version": "4.0.1",
+      "resolved": "https://registry.npmjs.org/esprima/-/esprima-4.0.1.tgz",
+      "integrity": "sha512-eGuFFw7Upda+g4p+QHvnW0RyTX/SVeJBDM/gCtMARO0cLuT2HcEKnTPvhjV6aGeqrCB/sbNop0Kszm0jsaWU4A==",
+      "dev": true
+    },
+    "esquery": {
+      "version": "1.3.1",
+      "resolved": "https://registry.npmjs.org/esquery/-/esquery-1.3.1.tgz",
+      "integrity": "sha512-olpvt9QG0vniUBZspVRN6lwB7hOZoTRtT+jzR+tS4ffYx2mzbw+z0XCOk44aaLYKApNX5nMm+E+P6o25ip/DHQ==",
+      "dev": true,
+      "requires": {
+        "estraverse": "^5.1.0"
+      },
+      "dependencies": {
+        "estraverse": {
+          "version": "5.2.0",
+          "resolved": "https://registry.npmjs.org/estraverse/-/estraverse-5.2.0.tgz",
+          "integrity": "sha512-BxbNGGNm0RyRYvUdHpIwv9IWzeM9XClbOxwoATuFdOE7ZE6wHL+HQ5T8hoPM+zHvmKzzsEqhgy0GrQ5X13afiQ==",
+          "dev": true
+        }
+      }
+    },
+    "esrecurse": {
+      "version": "4.3.0",
+      "resolved": "https://registry.npmjs.org/esrecurse/-/esrecurse-4.3.0.tgz",
+      "integrity": "sha512-KmfKL3b6G+RXvP8N1vr3Tq1kL/oCFgn2NYXEtqP8/L3pKapUA4G8cFVaoF3SU323CD4XypR/ffioHmkti6/Tag==",
+      "dev": true,
+      "requires": {
+        "estraverse": "^5.2.0"
+      },
+      "dependencies": {
+        "estraverse": {
+          "version": "5.2.0",
+          "resolved": "https://registry.npmjs.org/estraverse/-/estraverse-5.2.0.tgz",
+          "integrity": "sha512-BxbNGGNm0RyRYvUdHpIwv9IWzeM9XClbOxwoATuFdOE7ZE6wHL+HQ5T8hoPM+zHvmKzzsEqhgy0GrQ5X13afiQ==",
+          "dev": true
+        }
+      }
+    },
+    "estraverse": {
+      "version": "4.3.0",
+      "resolved": "https://registry.npmjs.org/estraverse/-/estraverse-4.3.0.tgz",
+      "integrity": "sha512-39nnKffWz8xN1BU/2c79n9nB9HDzo0niYUqx6xyqUnyoAnQyyWpOTdZEeiCch8BBu515t4wp9ZmgVfVhn9EBpw==",
+      "dev": true
+    },
+    "esutils": {
+      "version": "2.0.3",
+      "resolved": "https://registry.npmjs.org/esutils/-/esutils-2.0.3.tgz",
+      "integrity": "sha512-kVscqXk4OCp68SZ0dkgEKVi6/8ij300KBWTJq32P/dYeWTSwK41WyTxalN1eRmA5Z9UU/LX9D7FWSmV9SAYx6g==",
+      "dev": true
+    },
+    "fast-deep-equal": {
+      "version": "3.1.3",
+      "resolved": "https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-3.1.3.tgz",
+      "integrity": "sha512-f3qQ9oQy9j2AhBe/H9VC91wLmKBCCU/gDOnKNAYG5hswO7BLKj09Hc5HYNz9cGI++xlpDCIgDaitVs03ATR84Q==",
+      "dev": true
+    },
+    "fast-json-stable-stringify": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/fast-json-stable-stringify/-/fast-json-stable-stringify-2.1.0.tgz",
+      "integrity": "sha512-lhd/wF+Lk98HZoTCtlVraHtfh5XYijIjalXck7saUtuanSDyLMxnHhSXEDJqHxD7msR8D0uCmqlkwjCV8xvwHw==",
+      "dev": true
+    },
+    "fast-levenshtein": {
+      "version": "2.0.6",
+      "resolved": "https://registry.npmjs.org/fast-levenshtein/-/fast-levenshtein-2.0.6.tgz",
+      "integrity": "sha1-PYpcZog6FqMMqGQ+hR8Zuqd5eRc=",
+      "dev": true
+    },
+    "file-entry-cache": {
+      "version": "5.0.1",
+      "resolved": "https://registry.npmjs.org/file-entry-cache/-/file-entry-cache-5.0.1.tgz",
+      "integrity": "sha512-bCg29ictuBaKUwwArK4ouCaqDgLZcysCFLmM/Yn/FDoqndh/9vNuQfXRDvTuXKLxfD/JtZQGKFT8MGcJBK644g==",
+      "dev": true,
+      "requires": {
+        "flat-cache": "^2.0.1"
+      }
+    },
+    "flat-cache": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/flat-cache/-/flat-cache-2.0.1.tgz",
+      "integrity": "sha512-LoQe6yDuUMDzQAEH8sgmh4Md6oZnc/7PjtwjNFSzveXqSHt6ka9fPBuso7IGf9Rz4uqnSnWiFH2B/zj24a5ReA==",
+      "dev": true,
+      "requires": {
+        "flatted": "^2.0.0",
+        "rimraf": "2.6.3",
+        "write": "1.0.3"
+      }
+    },
+    "flatted": {
+      "version": "2.0.2",
+      "resolved": "https://registry.npmjs.org/flatted/-/flatted-2.0.2.tgz",
+      "integrity": "sha512-r5wGx7YeOwNWNlCA0wQ86zKyDLMQr+/RB8xy74M4hTphfmjlijTSSXGuH8rnvKZnfT9i+75zmd8jcKdMR4O6jA==",
+      "dev": true
+    },
+    "fs.realpath": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz",
+      "integrity": "sha1-FQStJSMVjKpA20onh8sBQRmU6k8=",
+      "dev": true
+    },
+    "functional-red-black-tree": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/functional-red-black-tree/-/functional-red-black-tree-1.0.1.tgz",
+      "integrity": "sha1-GwqzvVU7Kg1jmdKcDj6gslIHgyc=",
+      "dev": true
+    },
+    "glob": {
+      "version": "7.1.6",
+      "resolved": "https://registry.npmjs.org/glob/-/glob-7.1.6.tgz",
+      "integrity": "sha512-LwaxwyZ72Lk7vZINtNNrywX0ZuLyStrdDtabefZKAY5ZGJhVtgdznluResxNmPitE0SAO+O26sWTHeKSI2wMBA==",
+      "dev": true,
+      "requires": {
+        "fs.realpath": "^1.0.0",
+        "inflight": "^1.0.4",
+        "inherits": "2",
+        "minimatch": "^3.0.4",
+        "once": "^1.3.0",
+        "path-is-absolute": "^1.0.0"
+      }
+    },
+    "glob-parent": {
+      "version": "5.1.2",
+      "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz",
+      "integrity": "sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow==",
+      "dev": true,
+      "requires": {
+        "is-glob": "^4.0.1"
+      }
+    },
+    "globals": {
+      "version": "12.4.0",
+      "resolved": "https://registry.npmjs.org/globals/-/globals-12.4.0.tgz",
+      "integrity": "sha512-BWICuzzDvDoH54NHKCseDanAhE3CeDorgDL5MT6LMXXj2WCnd9UC2szdk4AWLfjdgNBCXLUanXYcpBBKOSWGwg==",
+      "dev": true,
+      "requires": {
+        "type-fest": "^0.8.1"
+      }
+    },
+    "has-flag": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz",
+      "integrity": "sha1-tdRU3CGZriJWmfNGfloH87lVuv0=",
+      "dev": true
+    },
+    "ignore": {
+      "version": "4.0.6",
+      "resolved": "https://registry.npmjs.org/ignore/-/ignore-4.0.6.tgz",
+      "integrity": "sha512-cyFDKrqc/YdcWFniJhzI42+AzS+gNwmUzOSFcRCQYwySuBBBy/KjuxWLZ/FHEH6Moq1NizMOBWyTcv8O4OZIMg==",
+      "dev": true
+    },
+    "import-fresh": {
+      "version": "3.2.1",
+      "resolved": "https://registry.npmjs.org/import-fresh/-/import-fresh-3.2.1.tgz",
+      "integrity": "sha512-6e1q1cnWP2RXD9/keSkxHScg508CdXqXWgWBaETNhyuBFz+kUZlKboh+ISK+bU++DmbHimVBrOz/zzPe0sZ3sQ==",
+      "dev": true,
+      "requires": {
+        "parent-module": "^1.0.0",
+        "resolve-from": "^4.0.0"
+      }
+    },
+    "imurmurhash": {
+      "version": "0.1.4",
+      "resolved": "https://registry.npmjs.org/imurmurhash/-/imurmurhash-0.1.4.tgz",
+      "integrity": "sha1-khi5srkoojixPcT7a21XbyMUU+o=",
+      "dev": true
+    },
+    "inflight": {
+      "version": "1.0.6",
+      "resolved": "https://registry.npmjs.org/inflight/-/inflight-1.0.6.tgz",
+      "integrity": "sha1-Sb1jMdfQLQwJvJEKEHW6gWW1bfk=",
+      "dev": true,
+      "requires": {
+        "once": "^1.3.0",
+        "wrappy": "1"
+      }
+    },
+    "inherits": {
+      "version": "2.0.4",
+      "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz",
+      "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==",
+      "dev": true
+    },
+    "is-extglob": {
+      "version": "2.1.1",
+      "resolved": "https://registry.npmjs.org/is-extglob/-/is-extglob-2.1.1.tgz",
+      "integrity": "sha1-qIwCU1eR8C7TfHahueqXc8gz+MI=",
+      "dev": true
+    },
+    "is-fullwidth-code-point": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-2.0.0.tgz",
+      "integrity": "sha1-o7MKXE8ZkYMWeqq5O+764937ZU8=",
+      "dev": true
+    },
+    "is-glob": {
+      "version": "4.0.1",
+      "resolved": "https://registry.npmjs.org/is-glob/-/is-glob-4.0.1.tgz",
+      "integrity": "sha512-5G0tKtBTFImOqDnLB2hG6Bp2qcKEFduo4tZu9MT/H6NQv/ghhy30o55ufafxJ/LdH79LLs2Kfrn85TLKyA7BUg==",
+      "dev": true,
+      "requires": {
+        "is-extglob": "^2.1.1"
+      }
+    },
+    "isexe": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/isexe/-/isexe-2.0.0.tgz",
+      "integrity": "sha1-6PvzdNxVb/iUehDcsFctYz8s+hA=",
+      "dev": true
+    },
+    "js-tokens": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz",
+      "integrity": "sha512-RdJUflcE3cUzKiMqQgsCu06FPu9UdIJO0beYbPhHN4k6apgJtifcoCtT9bcxOpYBtpD2kCM6Sbzg4CausW/PKQ==",
+      "dev": true
+    },
+    "js-yaml": {
+      "version": "3.14.0",
+      "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.0.tgz",
+      "integrity": "sha512-/4IbIeHcD9VMHFqDR/gQ7EdZdLimOvW2DdcxFjdyyZ9NsbS+ccrXqVWDtab/lRl5AlUqmpBx8EhPaWR+OtY17A==",
+      "dev": true,
+      "requires": {
+        "argparse": "^1.0.7",
+        "esprima": "^4.0.0"
+      }
+    },
+    "json-schema-traverse": {
+      "version": "0.4.1",
+      "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz",
+      "integrity": "sha512-xbbCH5dCYU5T8LcEhhuh7HJ88HXuW3qsI3Y0zOZFKfZEHcpWiHU/Jxzk629Brsab/mMiHQti9wMP+845RPe3Vg==",
+      "dev": true
+    },
+    "json-stable-stringify-without-jsonify": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/json-stable-stringify-without-jsonify/-/json-stable-stringify-without-jsonify-1.0.1.tgz",
+      "integrity": "sha1-nbe1lJatPzz+8wp1FC0tkwrXJlE=",
+      "dev": true
+    },
+    "levn": {
+      "version": "0.4.1",
+      "resolved": "https://registry.npmjs.org/levn/-/levn-0.4.1.tgz",
+      "integrity": "sha512-+bT2uH4E5LGE7h/n3evcS/sQlJXCpIp6ym8OWJ5eV6+67Dsql/LaaT7qJBAt2rzfoa/5QBGBhxDix1dMt2kQKQ==",
+      "dev": true,
+      "requires": {
+        "prelude-ls": "^1.2.1",
+        "type-check": "~0.4.0"
+      }
+    },
+    "lodash": {
+      "version": "4.17.21",
+      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz",
+      "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==",
+      "dev": true
+    },
+    "minimatch": {
+      "version": "3.0.4",
+      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.0.4.tgz",
+      "integrity": "sha512-yJHVQEhyqPLUTgt9B83PXu6W3rx4MvvHvSUvToogpwoGDOUQ+yDrR0HRot+yOCdCO7u4hX3pWft6kWBBcqh0UA==",
+      "dev": true,
+      "requires": {
+        "brace-expansion": "^1.1.7"
+      }
+    },
+    "minimist": {
+      "version": "1.2.6",
+      "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.6.tgz",
+      "integrity": "sha512-Jsjnk4bw3YJqYzbdyBiNsPWHPfO++UGG749Cxs6peCu5Xg4nrena6OVxOYxrQTqww0Jmwt+Ref8rggumkTLz9Q==",
+      "dev": true
+    },
+    "mkdirp": {
+      "version": "0.5.5",
+      "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-0.5.5.tgz",
+      "integrity": "sha512-NKmAlESf6jMGym1++R0Ra7wvhV+wFW63FaSOFPwRahvea0gMUcGUhVeAg/0BC0wiv9ih5NYPB1Wn1UEI1/L+xQ==",
+      "dev": true,
+      "requires": {
+        "minimist": "^1.2.5"
+      }
+    },
+    "ms": {
+      "version": "2.1.2",
+      "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz",
+      "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==",
+      "dev": true
+    },
+    "natural-compare": {
+      "version": "1.4.0",
+      "resolved": "https://registry.npmjs.org/natural-compare/-/natural-compare-1.4.0.tgz",
+      "integrity": "sha1-Sr6/7tdUHywnrPspvbvRXI1bpPc=",
+      "dev": true
+    },
+    "once": {
+      "version": "1.4.0",
+      "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz",
+      "integrity": "sha1-WDsap3WWHUsROsF9nFC6753Xa9E=",
+      "dev": true,
+      "requires": {
+        "wrappy": "1"
+      }
+    },
+    "optionator": {
+      "version": "0.9.1",
+      "resolved": "https://registry.npmjs.org/optionator/-/optionator-0.9.1.tgz",
+      "integrity": "sha512-74RlY5FCnhq4jRxVUPKDaRwrVNXMqsGsiW6AJw4XK8hmtm10wC0ypZBLw5IIp85NZMr91+qd1RvvENwg7jjRFw==",
+      "dev": true,
+      "requires": {
+        "deep-is": "^0.1.3",
+        "fast-levenshtein": "^2.0.6",
+        "levn": "^0.4.1",
+        "prelude-ls": "^1.2.1",
+        "type-check": "^0.4.0",
+        "word-wrap": "^1.2.3"
+      }
+    },
+    "parent-module": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/parent-module/-/parent-module-1.0.1.tgz",
+      "integrity": "sha512-GQ2EWRpQV8/o+Aw8YqtfZZPfNRWZYkbidE9k5rpl/hC3vtHHBfGm2Ifi6qWV+coDGkrUKZAxE3Lot5kcsRlh+g==",
+      "dev": true,
+      "requires": {
+        "callsites": "^3.0.0"
+      }
+    },
+    "path-is-absolute": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz",
+      "integrity": "sha1-F0uSaHNVNP+8es5r9TpanhtcX18=",
+      "dev": true
+    },
+    "path-key": {
+      "version": "3.1.1",
+      "resolved": "https://registry.npmjs.org/path-key/-/path-key-3.1.1.tgz",
+      "integrity": "sha512-ojmeN0qd+y0jszEtoY48r0Peq5dwMEkIlCOu6Q5f41lfkswXuKtYrhgoTpLnyIcHm24Uhqx+5Tqm2InSwLhE6Q==",
+      "dev": true
+    },
+    "prelude-ls": {
+      "version": "1.2.1",
+      "resolved": "https://registry.npmjs.org/prelude-ls/-/prelude-ls-1.2.1.tgz",
+      "integrity": "sha512-vkcDPrRZo1QZLbn5RLGPpg/WmIQ65qoWWhcGKf/b5eplkkarX0m9z8ppCat4mlOqUsWpyNuYgO3VRyrYHSzX5g==",
+      "dev": true
+    },
+    "progress": {
+      "version": "2.0.3",
+      "resolved": "https://registry.npmjs.org/progress/-/progress-2.0.3.tgz",
+      "integrity": "sha512-7PiHtLll5LdnKIMw100I+8xJXR5gW2QwWYkT6iJva0bXitZKa/XMrSbdmg3r2Xnaidz9Qumd0VPaMrZlF9V9sA==",
+      "dev": true
+    },
+    "punycode": {
+      "version": "2.1.1",
+      "resolved": "https://registry.npmjs.org/punycode/-/punycode-2.1.1.tgz",
+      "integrity": "sha512-XRsRjdf+j5ml+y/6GKHPZbrF/8p2Yga0JPtdqTIY2Xe5ohJPD9saDJJLPvp9+NSBprVvevdXZybnj2cv8OEd0A==",
+      "dev": true
+    },
+    "regexpp": {
+      "version": "3.1.0",
+      "resolved": "https://registry.npmjs.org/regexpp/-/regexpp-3.1.0.tgz",
+      "integrity": "sha512-ZOIzd8yVsQQA7j8GCSlPGXwg5PfmA1mrq0JP4nGhh54LaKN3xdai/vHUDu74pKwV8OxseMS65u2NImosQcSD0Q==",
+      "dev": true
+    },
+    "resolve-from": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/resolve-from/-/resolve-from-4.0.0.tgz",
+      "integrity": "sha512-pb/MYmXstAkysRFx8piNI1tGFNQIFA3vkE3Gq4EuA1dF6gHp/+vgZqsCGJapvy8N3Q+4o7FwvquPJcnZ7RYy4g==",
+      "dev": true
+    },
+    "rimraf": {
+      "version": "2.6.3",
+      "resolved": "https://registry.npmjs.org/rimraf/-/rimraf-2.6.3.tgz",
+      "integrity": "sha512-mwqeW5XsA2qAejG46gYdENaxXjx9onRNCfn7L0duuP4hCuTIi/QO7PDK07KJfp1d+izWPrzEJDcSqBa0OZQriA==",
+      "dev": true,
+      "requires": {
+        "glob": "^7.1.3"
+      }
+    },
+    "semver": {
+      "version": "7.3.2",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.3.2.tgz",
+      "integrity": "sha512-OrOb32TeeambH6UrhtShmF7CRDqhL6/5XpPNp2DuRH6+9QLw/orhp72j87v8Qa1ScDkvrrBNpZcDejAirJmfXQ==",
+      "dev": true
+    },
+    "shebang-command": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/shebang-command/-/shebang-command-2.0.0.tgz",
+      "integrity": "sha512-kHxr2zZpYtdmrN1qDjrrX/Z1rR1kG8Dx+gkpK1G4eXmvXswmcE1hTWBWYUzlraYw1/yZp6YuDY77YtvbN0dmDA==",
+      "dev": true,
+      "requires": {
+        "shebang-regex": "^3.0.0"
+      }
+    },
+    "shebang-regex": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/shebang-regex/-/shebang-regex-3.0.0.tgz",
+      "integrity": "sha512-7++dFhtcx3353uBaq8DDR4NuxBetBzC7ZQOhmTQInHEd6bSrXdiEyzCvG07Z44UYdLShWUyXt5M/yhz8ekcb1A==",
+      "dev": true
+    },
+    "slice-ansi": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/slice-ansi/-/slice-ansi-2.1.0.tgz",
+      "integrity": "sha512-Qu+VC3EwYLldKa1fCxuuvULvSJOKEgk9pi8dZeCVK7TqBfUNTH4sFkk4joj8afVSfAYgJoSOetjx9QWOJ5mYoQ==",
+      "dev": true,
+      "requires": {
+        "ansi-styles": "^3.2.0",
+        "astral-regex": "^1.0.0",
+        "is-fullwidth-code-point": "^2.0.0"
+      }
+    },
+    "sprintf-js": {
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz",
+      "integrity": "sha1-BOaSb2YolTVPPdAVIDYzuFcpfiw=",
+      "dev": true
+    },
+    "string-width": {
+      "version": "3.1.0",
+      "resolved": "https://registry.npmjs.org/string-width/-/string-width-3.1.0.tgz",
+      "integrity": "sha512-vafcv6KjVZKSgz06oM/H6GDBrAtz8vdhQakGjFIvNrHA6y3HCF1CInLy+QLq8dTJPQ1b+KDUqDFctkdRW44e1w==",
+      "dev": true,
+      "requires": {
+        "emoji-regex": "^7.0.1",
+        "is-fullwidth-code-point": "^2.0.0",
+        "strip-ansi": "^5.1.0"
+      },
+      "dependencies": {
+        "ansi-regex": {
+          "version": "4.1.1",
+          "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-4.1.1.tgz",
+          "integrity": "sha512-ILlv4k/3f6vfQ4OoP2AGvirOktlQ98ZEL1k9FaQjxa3L1abBgbuTDAdPOpvbGncC0BTVQrl+OM8xZGK6tWXt7g==",
+          "dev": true
+        },
+        "strip-ansi": {
+          "version": "5.2.0",
+          "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-5.2.0.tgz",
+          "integrity": "sha512-DuRs1gKbBqsMKIZlrffwlug8MHkcnpjs5VPmL1PAh+mA30U0DTotfDZ0d2UUsXpPmPmMMJ6W773MaA3J+lbiWA==",
+          "dev": true,
+          "requires": {
+            "ansi-regex": "^4.1.0"
+          }
+        }
+      }
+    },
+    "strip-ansi": {
+      "version": "6.0.0",
+      "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.0.tgz",
+      "integrity": "sha512-AuvKTrTfQNYNIctbR1K/YGTR1756GycPsg7b9bdV9Duqur4gv6aKqHXah67Z8ImS7WEz5QVcOtlfW2rZEugt6w==",
+      "dev": true,
+      "requires": {
+        "ansi-regex": "^5.0.0"
+      }
+    },
+    "strip-json-comments": {
+      "version": "3.1.1",
+      "resolved": "https://registry.npmjs.org/strip-json-comments/-/strip-json-comments-3.1.1.tgz",
+      "integrity": "sha512-6fPc+R4ihwqP6N/aIv2f1gMH8lOVtWQHoqC4yK6oSDVVocumAsfCqjkXnqiYMhmMwS/mEHLp7Vehlt3ql6lEig==",
+      "dev": true
+    },
+    "supports-color": {
+      "version": "5.5.0",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz",
+      "integrity": "sha512-QjVjwdXIt408MIiAqCX4oUKsgU2EqAGzs2Ppkm4aQYbjm+ZEWEcW4SfFNTr4uMNZma0ey4f5lgLrkB0aX0QMow==",
+      "dev": true,
+      "requires": {
+        "has-flag": "^3.0.0"
+      }
+    },
+    "table": {
+      "version": "5.4.6",
+      "resolved": "https://registry.npmjs.org/table/-/table-5.4.6.tgz",
+      "integrity": "sha512-wmEc8m4fjnob4gt5riFRtTu/6+4rSe12TpAELNSqHMfF3IqnA+CH37USM6/YR3qRZv7e56kAEAtd6nKZaxe0Ug==",
+      "dev": true,
+      "requires": {
+        "ajv": "^6.10.2",
+        "lodash": "^4.17.14",
+        "slice-ansi": "^2.1.0",
+        "string-width": "^3.0.0"
+      }
+    },
+    "text-table": {
+      "version": "0.2.0",
+      "resolved": "https://registry.npmjs.org/text-table/-/text-table-0.2.0.tgz",
+      "integrity": "sha1-f17oI66AUgfACvLfSoTsP8+lcLQ=",
+      "dev": true
+    },
+    "type-check": {
+      "version": "0.4.0",
+      "resolved": "https://registry.npmjs.org/type-check/-/type-check-0.4.0.tgz",
+      "integrity": "sha512-XleUoc9uwGXqjWwXaUTZAmzMcFZ5858QA2vvx1Ur5xIcixXIP+8LnFDgRplU30us6teqdlskFfu+ae4K79Ooew==",
+      "dev": true,
+      "requires": {
+        "prelude-ls": "^1.2.1"
+      }
+    },
+    "type-fest": {
+      "version": "0.8.1",
+      "resolved": "https://registry.npmjs.org/type-fest/-/type-fest-0.8.1.tgz",
+      "integrity": "sha512-4dbzIzqvjtgiM5rw1k5rEHtBANKmdudhGyBEajN01fEyhaAIhsoKNy6y7+IN93IfpFtwY9iqi7kD+xwKhQsNJA==",
+      "dev": true
+    },
+    "uri-js": {
+      "version": "4.4.0",
+      "resolved": "https://registry.npmjs.org/uri-js/-/uri-js-4.4.0.tgz",
+      "integrity": "sha512-B0yRTzYdUCCn9n+F4+Gh4yIDtMQcaJsmYBDsTSG8g/OejKBodLQ2IHfN3bM7jUsRXndopT7OIXWdYqc1fjmV6g==",
+      "dev": true,
+      "requires": {
+        "punycode": "^2.1.0"
+      }
+    },
+    "v8-compile-cache": {
+      "version": "2.1.1",
+      "resolved": "https://registry.npmjs.org/v8-compile-cache/-/v8-compile-cache-2.1.1.tgz",
+      "integrity": "sha512-8OQ9CL+VWyt3JStj7HX7/ciTL2V3Rl1Wf5OL+SNTm0yK1KvtReVulksyeRnCANHHuUxHlQig+JJDlUhBt1NQDQ==",
+      "dev": true
+    },
+    "which": {
+      "version": "2.0.2",
+      "resolved": "https://registry.npmjs.org/which/-/which-2.0.2.tgz",
+      "integrity": "sha512-BLI3Tl1TW3Pvl70l3yq3Y64i+awpwXqsGBYWkkqMtnbXgrMD+yj7rhW0kuEDxzJaYXGjEW5ogapKNMEKNMjibA==",
+      "dev": true,
+      "requires": {
+        "isexe": "^2.0.0"
+      }
+    },
+    "word-wrap": {
+      "version": "1.2.3",
+      "resolved": "https://registry.npmjs.org/word-wrap/-/word-wrap-1.2.3.tgz",
+      "integrity": "sha512-Hz/mrNwitNRh/HUAtM/VT/5VH+ygD6DV7mYKZAtHOrbs8U7lvPS6xf7EJKMF0uW1KJCl0H701g3ZGus+muE5vQ==",
+      "dev": true
+    },
+    "wrappy": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz",
+      "integrity": "sha1-tSQ9jz7BqjXxNkYFvA0QNuMKtp8=",
+      "dev": true
+    },
+    "write": {
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/write/-/write-1.0.3.tgz",
+      "integrity": "sha512-/lg70HAjtkUgWPVZhZcm+T4hkL8Zbtp1nFNOn3lRrxnlv50SRBv7cR7RqR+GMsd3hUXy9hWBo4CHTbFTcOYwig==",
+      "dev": true,
+      "requires": {
+        "mkdirp": "^0.5.1"
+      }
+    }
+  }
+}
diff --git a/utils/eslint/package.json b/utils/eslint/package.json
new file mode 100644
index 000000000000..918b95da0ea8
--- /dev/null
+++ b/utils/eslint/package.json
@@ -0,0 +1,5 @@
+{
+  "devDependencies": {
+    "eslint": "^7.8.0"
+  }
+}
diff --git a/utils/find_rules.py b/utils/find_rules.py
deleted file mode 100644
index 8cc2d1a4380d..000000000000
--- a/utils/find_rules.py
+++ /dev/null
@@ -1,111 +0,0 @@
-"""
-Copyleft 2013 Osama Khalid.
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU Affero General Public License as
-published by the Free Software Foundation, either version 3 of the
-License, or (at your option) any later version.
-
-This tool extracts HTTPSEverywhere rulesets and converts any given URL
-to the secure version if it exists, or it returns None.  Here is a
-sample:
-
-  >>> import find_rules
-  >>> replacer = find_rules.FindRules("/path/to/default.rulesets")
-  >>> replacer.find("http://en.wikipedia.org/")
-  'https://en.wikipedia.org/'
-  >>> replacer.find("http://en.wikipedi.org/") # With a typo
-  >>>
-"""
-
-import re
-import xml.etree.ElementTree as ET
-
-class FindRules:
-    def __init__(self, filename):
-        self.extract_rulesets(filename)
-
-    def verify_target(self, target, host):
-        matching_target = target.strip("*.")
-        matching_target = matching_target.strip(".*")
-        if target.startswith("*."):
-            if host.endswith(matching_target):
-                #print target, "matches", host
-                return True
-        elif target.endswith(".*"):
-            if host.startswith(matching_target):
-                #print target, "matches", host
-                return True
-        else:
-            if host == matching_target:
-                #print target, "matches", host
-                return True
-
-    def convert_to_python(self, matching, replacement):
-        """Instead of $1 that is used by Javascript,
-        Python uses \1."""
-        new_matching = matching.replace(")?", "|)") # to avoid "unmatched group" error
-        new_replacement = re.sub(r"\$(\d)", r"\\g<\1>", replacement)
-        return new_matching, new_replacement
-
-    def extract_rulesets(self, filename):
-        tree = ET.parse(filename)
-        root = tree.getroot()
-
-        self.dict = {}
-        for child in root:
-            if child.tag == "ruleset":
-                if "default_off" in child.attrib:
-                    continue
-                ruleset_name = child.attrib['name']
-                ruleset = child.getchildren()
-                self.dict[ruleset_name] = {}
-                self.dict[ruleset_name]['targets'] = []
-                self.dict[ruleset_name]['rules'] = []
-                self.dict[ruleset_name]['exclusions'] = []
-                for rule in ruleset:
-                    if rule.tag == "target":
-                        self.dict[ruleset_name]['targets'].append(rule.attrib['host'])
-                    if rule.tag == "rule":
-                        self.dict[ruleset_name]['rules'].append((rule.attrib['from'], rule.attrib['to']))
-                    if rule.tag == "exclusion":
-                        self.dict[ruleset_name]['exclusions'].append(rule.attrib['pattern'])
-
-    def find(self, url):
-        hostname_regex = r"https?://([^/]+)"
-        try: #Remove
-            host = re.findall(hostname_regex, url)[0]
-        except IndexError, e:
-            print url
-            raise IndexError, e
-
-        # In HTTPSEverywhere, URLs must contain a '/'.
-        if url.replace("http://", "").find("/") == -1:
-            url += "/"
-
-        for ruleset in self.dict:
-            for target in self.dict[ruleset]['targets']:
-                if self.verify_target(target, host):
-                    for exclusion in self.dict[ruleset]['exclusions']:
-                        if re.findall(exclusion, url):
-                            return None
-                    for rule in self.dict[ruleset]['rules']:
-                        matching_regex = rule[0] # "from"
-                        replacement_regex = rule[1] # "to"
-                        new_matching, new_replacement = self.convert_to_python(matching_regex, replacement_regex)
-                        try:
-                            replace_url = re.sub(new_matching, new_replacement, url)
-                        except re.error, e:
-                            print new_matching, new_replacement, url
-                            raise re.error, e
-                        if url != replace_url:
-                            return replace_url
-        return None
-
-if __name__ == "__main__":
-    import sys
-    filename = sys.argv[1]
-    url = sys.argv[2]
-    script = FindRules(filename)
-    replaced_url = script.find(url)
-    print replaced_url
diff --git a/utils/hsts-prune/.gitignore b/utils/hsts-prune/.gitignore
new file mode 100644
index 000000000000..3c3629e647f5
--- /dev/null
+++ b/utils/hsts-prune/.gitignore
@@ -0,0 +1 @@
+node_modules
diff --git a/utils/hsts-prune/README.md b/utils/hsts-prune/README.md
new file mode 100644
index 000000000000..ba4e5069d662
--- /dev/null
+++ b/utils/hsts-prune/README.md
@@ -0,0 +1,11 @@
+# HTTPS Everywhere - HSTS Prune
+
+Running this will remove targets from the rulesets which are preloaded in Firefox {Dev, Stable, ESR} as well as the latest Chromium head.  If all targets would be removed from a ruleset, the ruleset itself is instead deleted.
+
+## Installing Dependencies
+
+    npm install
+
+## Running
+
+    node index.js
diff --git a/utils/hsts-prune/index.js b/utils/hsts-prune/index.js
new file mode 100644
index 000000000000..882aa05c43e6
--- /dev/null
+++ b/utils/hsts-prune/index.js
@@ -0,0 +1,343 @@
+"use strict";
+
+const _ = require('highland');
+const fs = require('fs');
+const read_dir = _.wrapCallback(fs.readdir);
+const read_file = _.wrapCallback(fs.readFile);
+const write_file = _.wrapCallback(fs.writeFile);
+const unlink = _.wrapCallback(fs.unlink);
+const parse_xml = _.wrapCallback(require('xml2js').parseString);
+const async = require('async');
+const https = require('https');
+const http = require('http');
+const request = require('request');
+const split = require('split');
+const JSONStream = require('JSONStream');
+const base64 = require('base64-stream');
+const filter = require('stream-filter');
+const ProgressBar = require('progress');
+const escape_string_regexp = require('escape-string-regexp');
+
+const stable_version_url = "https://download.mozilla.org/?product=firefox-latest&os=linux64&lang=en_US";
+const esr_version_url = "https://download.mozilla.org/?product=firefox-esr-latest&os=linux64&lang=en_US";
+const chromium_version_url = "https://dl.google.com/linux/direct/google-chrome-stable_current_x86_64.rpm";
+const rules_dir = `${__dirname}/../../src/chrome/content/rules`;
+
+let bar;
+
+let rulesets_changed;
+if('RULESETS_CHANGED' in process.env){
+  rulesets_changed = process.env.RULESETS_CHANGED.split("\n");
+  for(let i in rulesets_changed){
+    let split_path = rulesets_changed[i].split("/");
+    rulesets_changed[i] = split_path[split_path.length - 1];
+  }
+}
+
+// Here begins the process of fetching HSTS rules and parsing the from the
+// relevant URLs
+
+const firefox_version_fetch = version_url => {
+  return cb => {
+    https.get(version_url, res => {
+      cb(null, res.headers.location
+        .match(/firefox-(.*).tar.*/)[1].replace(/\./g, "_"));
+    });
+  };
+};
+
+const chromium_version_fetch = version_url => {
+  return cb => {
+    _(request.get(version_url))
+      .on('error', err => {
+        cb(err);
+      })
+      .on('data', data => {
+        cb(null, String(data).match(/google-chrome-stable-([0-9\.]+)/)[1]);
+      })
+      .pull(_ => _);
+  }
+};
+
+
+const parse_include = include_url => {
+  let regex = RegExp(/ "(.+?)", (true|false) /);
+
+  return cb => {
+    let hsts = {};
+    request.get(include_url)
+      .on('error', err => {
+        cb(err);
+      })
+      .pipe(split())
+      .on('data', line => {
+        line = line.replace(new RegExp('^([^,]+), 1'), ' \"$1\", true ');
+        line = line.replace(new RegExp('^([^,]+), 0'), ' \"$1\", false ');
+
+        let regex_res = line.match(regex)
+        if(regex_res){
+          hsts[regex_res[1]] = Boolean(regex_res[2])
+        }
+      })
+      .on('end', _ => {
+        cb(null, hsts);
+      });
+  };
+};
+
+const parse_json = json_url => {
+  return cb => {
+    let hsts = {};
+    request.get(json_url)
+      .on('error', err => {
+        cb(err);
+      })
+      .pipe(base64.decode())
+      .pipe(split())
+      .pipe(filter(line => {
+        return !String(line).match(/\/\//);
+      }))
+      .pipe(JSONStream.parse('entries.*'))
+      .on('data', entry => {
+        if(entry.mode == "force-https"){
+          hsts[entry.name] = entry.include_subdomains;
+        }
+      })
+      .on('end', _ => {
+        cb(null, hsts);
+      });
+  };
+}
+
+const check_inclusion = (structs, domain) => {
+  if(domain in structs.esr &&
+     domain in structs.dev &&
+     domain in structs.stable &&
+     domain in structs.chromium){
+    return [true, domain];
+  } else {
+    let fqdn_shards = domain.split('.');
+    for(let x = 1; x < fqdn_shards.length; x++){
+      let recombined_fqdn = fqdn_shards.slice(x).join('.');
+      if(structs.esr[recombined_fqdn] == true &&
+         structs.dev[recombined_fqdn] == true &&
+         structs.stable[recombined_fqdn] == true &&
+         structs.chromium[recombined_fqdn] == true){
+        return [true, recombined_fqdn];
+      }
+    }
+  }
+  return [false, null];
+}
+
+const check_header_directives = (check_domain, cb) => {
+  let sent_callback = false;
+  https.get('https://' + check_domain, res => {
+    if('strict-transport-security' in res.headers){
+      let preload = Boolean(
+        res.headers['strict-transport-security'].match(/preload/i));
+      let include_subdomains = Boolean(
+        res.headers['strict-transport-security'].match(/includesubdomains/i));
+      let max_age_match =
+        res.headers['strict-transport-security'].match(/max-age=([0-9]+)/i)
+      let max_age;
+      if(max_age_match){
+        max_age = Number(max_age_match[1]);
+      }
+      cb(null,
+        preload && include_subdomains && max_age >= 31536000);
+      sent_callback = true;
+    } else {
+      cb(null, false);
+      sent_callback = true;
+    }
+  }).on('error', err => {
+    if(!sent_callback){
+      cb(null, false);
+    }
+  });
+};
+
+const check_https_redirection_and_header_directives = (check_domain, cb) => {
+  let sent_callback = false;
+  http.get('http://' + check_domain, res => {
+    let escaped_check_domain = escape_string_regexp(check_domain);
+    let check_domain_regex = RegExp(`^https://${escaped_check_domain}`, 'i');
+    if(Math.floor(res.statusCode / 100) == 3 &&
+       'location' in res.headers &&
+       res.headers.location.match(check_domain_regex)){
+      check_header_directives(check_domain, cb);
+    } else {
+      cb(null, false);
+      sent_callback = true;
+    }
+  }).on('error', err => {
+    if(!sent_callback){
+      check_header_directives(check_domain, cb);
+    }
+  });
+};
+
+
+// Here we begin parsing the XML files and modifying the targets
+
+function remove_target_from_xml(source, target) {
+  // escape the regexp for targets that have a *
+  target = escape_string_regexp(target);
+
+  const target_regex = RegExp(`\n[ \t]*<target host=\\s*"${target}"\\s*/>\\s*?\n`);
+
+  if(!source.match(target_regex)){
+    throw new Error(`${target_regex} was not found in ${source}`);
+  }
+  return source.replace(target_regex, "\n");
+}
+
+const files =
+  read_dir(rules_dir)
+    .tap(rules => {
+      bar = new ProgressBar(':bar', { total: rules.length, stream: process.stdout });
+    })
+    .sequence()
+    .filter(name => {
+      if(rulesets_changed){
+        return ~rulesets_changed.indexOf(name);
+      } else {
+        return name.endsWith('.xml');
+      }
+    });
+
+const sources =
+  files.fork()
+    .map(name => read_file(`${rules_dir}/${name}`, 'utf-8'))
+    .parallel(10);
+
+const rules =
+  sources.fork()
+    .flatMap(parse_xml)
+    .errors((err, push) => {
+      push(null, { err });
+    })
+    .zip(files.fork())
+    .map(([ { ruleset, err }, name ]) => {
+      if (err) {
+        err.message += ` (${name})`;
+        this.emit('error', err);
+      } else {
+        return ruleset;
+      }
+    });
+
+// This async call determines the current versions of the supported browsers
+
+async.parallel({
+  stable: firefox_version_fetch(stable_version_url),
+  esr: firefox_version_fetch(esr_version_url),
+  chromium: chromium_version_fetch(chromium_version_url)
+}, (err, versions) => {
+  versions.esr_major = versions.esr.replace(/_.*/, "");
+
+  let stable_url = `https://hg.mozilla.org/releases/mozilla-release/raw-file/FIREFOX_${versions.stable}_RELEASE/security/manager/ssl/nsSTSPreloadList.inc`;
+  let dev_url = `https://hg.mozilla.org/releases/mozilla-beta/raw-file/tip/security/manager/ssl/nsSTSPreloadList.inc`;
+  let esr_url = `https://hg.mozilla.org/releases/mozilla-esr${versions.esr_major}/raw-file/FIREFOX_${versions.esr}_RELEASE/security/manager/ssl/nsSTSPreloadList.inc`;
+  let chromium_url = `https://chromium.googlesource.com/chromium/src.git/+/${versions.chromium}/net/http/transport_security_state_static.json?format=TEXT`;
+
+  // This async call fetches and builds hash for the HSTS preloads included in
+  // each of the supported browsers.
+
+  async.parallel({
+    esr: parse_include(esr_url),
+    dev: parse_include(dev_url),
+    stable: parse_include(stable_url),
+    chromium: parse_json(chromium_url)
+  }, (err, structs) => {
+
+    files.fork().zipAll([ sources.fork(), rules ])
+      .consume((err, ruleset_data, push, next) => {
+        if(ruleset_data === _.nil){
+          push(null, ruleset_data);
+          return;
+        }
+
+        let [name, source, ruleset] = ruleset_data;
+        if(!rulesets_changed){
+          bar.tick();
+        }
+
+        let targets = ruleset.target.map(target => target.$.host);
+
+        // First, determine whether the targets are included in the preload
+        // list for all relevant browsers.  If at least one of them isn't, we
+        // can't delete the file.  If any of them are, we need to perform
+        // additional checks on the included domain.
+
+        let can_be_deleted = true;
+        let preload_check_mapping = {};
+        for(let target of targets){
+          let [included, included_domain] = check_inclusion(structs, target);
+          if(included == false){
+            can_be_deleted = false;
+          } else {
+            preload_check_mapping[included_domain] =
+              preload_check_mapping[included_domain] || [];
+            preload_check_mapping[included_domain].push(target);
+          }
+        }
+
+        // Additional checks are as follows: curl the included domain, and if
+        // the 'preload' directive is included, remove all targets that
+        // correspond to that domain.  If the preload directive is absent, make
+        // sure not to delete the file.
+        //
+        // Ref: https://github.com/EFForg/https-everywhere/pull/7081
+
+        let checks = [];
+        let source_overwritten = false;
+        for(let included_domain in preload_check_mapping){
+          checks.push(cb => {
+            check_https_redirection_and_header_directives(
+              included_domain, (err, meets_header_requirements) => {
+                if(err) return cb(err);
+                if(meets_header_requirements){
+                  for(let target of preload_check_mapping[included_domain]){
+                    console.log(`Removing ${target} from ${name}`);
+                    source = remove_target_from_xml(source, target);
+                    source_overwritten = true;
+                  }
+                } else {
+                  can_be_deleted = false;
+                }
+                cb();
+              }
+            );
+          });
+        }
+
+        // After building the additional checks in the form of the
+        // checks array of functions, run the checks in parallel and
+        // perform the appropriate actions based on the results.
+
+        async.parallel(checks, err => {
+          if(err) return console.log(err);
+          if(can_be_deleted){
+            console.log(`All targets removed for ${name}, deleting file...`);
+            push(null, unlink(`${rules_dir}/${name}`));
+            next();
+          } else {
+            if(source_overwritten == false){
+              push(null, false);
+              next();
+            } else {
+              console.log(`Some targets removed for ${name}, overwriting file...`);
+              push(null, write_file(`${rules_dir}/${name}`, source));
+              next();
+            }
+          }
+        });
+
+      })
+      .filter(Boolean)
+      .parallel(10)
+      .each(_ => _);
+  });
+});
diff --git a/utils/hsts-prune/package-lock.json b/utils/hsts-prune/package-lock.json
new file mode 100644
index 000000000000..d9a47270e0e6
--- /dev/null
+++ b/utils/hsts-prune/package-lock.json
@@ -0,0 +1,502 @@
+{
+  "name": "hsts-prune",
+  "version": "1.0.0",
+  "lockfileVersion": 1,
+  "requires": true,
+  "dependencies": {
+    "JSONStream": {
+      "version": "1.3.4",
+      "resolved": "https://registry.npmjs.org/JSONStream/-/JSONStream-1.3.4.tgz",
+      "integrity": "sha512-Y7vfi3I5oMOYIr+WxV8NZxDSwcbNgzdKYsTNInmycOq9bUYwGg9ryu57Wg5NLmCjqdFPNUmpMBo3kSJN9tCbXg==",
+      "requires": {
+        "jsonparse": "^1.2.0",
+        "through": ">=2.2.7 <3"
+      }
+    },
+    "ajv": {
+      "version": "6.12.6",
+      "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz",
+      "integrity": "sha512-j3fVLgvTo527anyYyJOGTYJbG+vnnQYvE0m5mmkc1TK+nxAppkCLMIL0aZ4dblVCNoGShhm+kzE4ZUykBoMg4g==",
+      "requires": {
+        "fast-deep-equal": "^3.1.1",
+        "fast-json-stable-stringify": "^2.0.0",
+        "json-schema-traverse": "^0.4.1",
+        "uri-js": "^4.2.2"
+      },
+      "dependencies": {
+        "fast-deep-equal": {
+          "version": "3.1.3",
+          "resolved": "https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-3.1.3.tgz",
+          "integrity": "sha512-f3qQ9oQy9j2AhBe/H9VC91wLmKBCCU/gDOnKNAYG5hswO7BLKj09Hc5HYNz9cGI++xlpDCIgDaitVs03ATR84Q=="
+        },
+        "json-schema-traverse": {
+          "version": "0.4.1",
+          "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz",
+          "integrity": "sha512-xbbCH5dCYU5T8LcEhhuh7HJ88HXuW3qsI3Y0zOZFKfZEHcpWiHU/Jxzk629Brsab/mMiHQti9wMP+845RPe3Vg=="
+        }
+      }
+    },
+    "asn1": {
+      "version": "0.2.4",
+      "resolved": "https://registry.npmjs.org/asn1/-/asn1-0.2.4.tgz",
+      "integrity": "sha512-jxwzQpLQjSmWXgwaCZE9Nz+glAG01yF1QnWgbhGwHI5A6FRIEY6IVqtHhIepHqI7/kyEyQEagBC5mBEFlIYvdg==",
+      "requires": {
+        "safer-buffer": "~2.1.0"
+      }
+    },
+    "assert-plus": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/assert-plus/-/assert-plus-1.0.0.tgz",
+      "integrity": "sha1-8S4PPF13sLHN2RRpQuTpbB5N1SU="
+    },
+    "async": {
+      "version": "2.6.4",
+      "resolved": "https://registry.npmjs.org/async/-/async-2.6.4.tgz",
+      "integrity": "sha512-mzo5dfJYwAn29PeiJ0zvwTo04zj8HDJj0Mn8TD7sno7q12prdbnasKJHhkm2c1LgrhlJ0teaea8860oxi51mGA==",
+      "requires": {
+        "lodash": "^4.17.14"
+      }
+    },
+    "asynckit": {
+      "version": "0.4.0",
+      "resolved": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz",
+      "integrity": "sha1-x57Zf380y48robyXkLzDZkdLS3k="
+    },
+    "aws-sign2": {
+      "version": "0.7.0",
+      "resolved": "https://registry.npmjs.org/aws-sign2/-/aws-sign2-0.7.0.tgz",
+      "integrity": "sha1-tG6JCTSpWR8tL2+G1+ap8bP+dqg="
+    },
+    "aws4": {
+      "version": "1.8.0",
+      "resolved": "https://registry.npmjs.org/aws4/-/aws4-1.8.0.tgz",
+      "integrity": "sha512-ReZxvNHIOv88FlT7rxcXIIC0fPt4KZqZbOlivyWtXLt8ESx84zd3kMC6iK5jVeS2qt+g7ftS7ye4fi06X5rtRQ=="
+    },
+    "base64-stream": {
+      "version": "0.1.3",
+      "resolved": "https://registry.npmjs.org/base64-stream/-/base64-stream-0.1.3.tgz",
+      "integrity": "sha1-drA3C3ebuBbRL9QXZKa4Vz61/sM=",
+      "requires": {
+        "readable-stream": "^2.0.2"
+      }
+    },
+    "bcrypt-pbkdf": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/bcrypt-pbkdf/-/bcrypt-pbkdf-1.0.2.tgz",
+      "integrity": "sha1-pDAdOJtqQ/m2f/PKEaP2Y342Dp4=",
+      "optional": true,
+      "requires": {
+        "tweetnacl": "^0.14.3"
+      }
+    },
+    "caseless": {
+      "version": "0.12.0",
+      "resolved": "https://registry.npmjs.org/caseless/-/caseless-0.12.0.tgz",
+      "integrity": "sha1-G2gcIf+EAzyCZUMJBolCDRhxUdw="
+    },
+    "combined-stream": {
+      "version": "1.0.6",
+      "resolved": "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.6.tgz",
+      "integrity": "sha1-cj599ugBrFYTETp+RFqbactjKBg=",
+      "requires": {
+        "delayed-stream": "~1.0.0"
+      }
+    },
+    "core-util-is": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.2.tgz",
+      "integrity": "sha1-tf1UIgqivFq1eqtxQMlAdUUDwac="
+    },
+    "dashdash": {
+      "version": "1.14.1",
+      "resolved": "https://registry.npmjs.org/dashdash/-/dashdash-1.14.1.tgz",
+      "integrity": "sha1-hTz6D3y+L+1d4gMmuN1YEDX24vA=",
+      "requires": {
+        "assert-plus": "^1.0.0"
+      }
+    },
+    "delayed-stream": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz",
+      "integrity": "sha1-3zrhmayt+31ECqrgsp4icrJOxhk="
+    },
+    "ecc-jsbn": {
+      "version": "0.1.2",
+      "resolved": "https://registry.npmjs.org/ecc-jsbn/-/ecc-jsbn-0.1.2.tgz",
+      "integrity": "sha1-OoOpBOVDUyh4dMVkt1SThoSamMk=",
+      "optional": true,
+      "requires": {
+        "jsbn": "~0.1.0",
+        "safer-buffer": "^2.1.0"
+      }
+    },
+    "escape-string-regexp": {
+      "version": "1.0.5",
+      "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz",
+      "integrity": "sha1-G2HAViGQqN/2rjuyzwIAyhMLhtQ="
+    },
+    "extend": {
+      "version": "3.0.2",
+      "resolved": "https://registry.npmjs.org/extend/-/extend-3.0.2.tgz",
+      "integrity": "sha512-fjquC59cD7CyW6urNXK0FBufkZcoiGG80wTuPujX590cB5Ttln20E2UB4S/WARVqhXffZl2LNgS+gQdPIIim/g=="
+    },
+    "extsprintf": {
+      "version": "1.3.0",
+      "resolved": "https://registry.npmjs.org/extsprintf/-/extsprintf-1.3.0.tgz",
+      "integrity": "sha1-lpGEQOMEGnpBT4xS48V06zw+HgU="
+    },
+    "fast-json-stable-stringify": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/fast-json-stable-stringify/-/fast-json-stable-stringify-2.0.0.tgz",
+      "integrity": "sha1-1RQsDK7msRifh9OnYREGT4bIu/I="
+    },
+    "forever-agent": {
+      "version": "0.6.1",
+      "resolved": "https://registry.npmjs.org/forever-agent/-/forever-agent-0.6.1.tgz",
+      "integrity": "sha1-+8cfDEGt6zf5bFd60e1C2P2sypE="
+    },
+    "form-data": {
+      "version": "2.3.2",
+      "resolved": "https://registry.npmjs.org/form-data/-/form-data-2.3.2.tgz",
+      "integrity": "sha1-SXBJi+YEwgwAXU9cI67NIda0kJk=",
+      "requires": {
+        "asynckit": "^0.4.0",
+        "combined-stream": "1.0.6",
+        "mime-types": "^2.1.12"
+      }
+    },
+    "getpass": {
+      "version": "0.1.7",
+      "resolved": "https://registry.npmjs.org/getpass/-/getpass-0.1.7.tgz",
+      "integrity": "sha1-Xv+OPmhNVprkyysSgmBOi6YhSfo=",
+      "requires": {
+        "assert-plus": "^1.0.0"
+      }
+    },
+    "har-schema": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/har-schema/-/har-schema-2.0.0.tgz",
+      "integrity": "sha1-qUwiJOvKwEeCoNkDVSHyRzW37JI="
+    },
+    "har-validator": {
+      "version": "5.1.5",
+      "resolved": "https://registry.npmjs.org/har-validator/-/har-validator-5.1.5.tgz",
+      "integrity": "sha512-nmT2T0lljbxdQZfspsno9hgrG3Uir6Ks5afism62poxqBM6sDnMEuPmzTq8XN0OEwqKLLdh1jQI3qyE66Nzb3w==",
+      "requires": {
+        "ajv": "^6.12.3",
+        "har-schema": "^2.0.0"
+      }
+    },
+    "highland": {
+      "version": "2.13.0",
+      "resolved": "https://registry.npmjs.org/highland/-/highland-2.13.0.tgz",
+      "integrity": "sha512-zGZBcgAHPY2Zf9VG9S5IrlcC7CH9ELioXVtp9T5bU2a4fP2zIsA+Y8pV/n/h2lMwbWMHTX0I0xN0ODJ3Pd3aBQ==",
+      "requires": {
+        "util-deprecate": "^1.0.2"
+      }
+    },
+    "http-signature": {
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/http-signature/-/http-signature-1.2.0.tgz",
+      "integrity": "sha1-muzZJRFHcvPZW2WmCruPfBj7rOE=",
+      "requires": {
+        "assert-plus": "^1.0.0",
+        "jsprim": "^1.2.2",
+        "sshpk": "^1.7.0"
+      }
+    },
+    "inherits": {
+      "version": "2.0.3",
+      "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.3.tgz",
+      "integrity": "sha1-Yzwsg+PaQqUC9SRmAiSA9CCCYd4="
+    },
+    "is-typedarray": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/is-typedarray/-/is-typedarray-1.0.0.tgz",
+      "integrity": "sha1-5HnICFjfDBsR3dppQPlgEfzaSpo="
+    },
+    "isarray": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz",
+      "integrity": "sha1-u5NdSFgsuhaMBoNJV6VKPgcSTxE="
+    },
+    "isstream": {
+      "version": "0.1.2",
+      "resolved": "https://registry.npmjs.org/isstream/-/isstream-0.1.2.tgz",
+      "integrity": "sha1-R+Y/evVa+m+S4VAOaQ64uFKcCZo="
+    },
+    "jsbn": {
+      "version": "0.1.1",
+      "resolved": "https://registry.npmjs.org/jsbn/-/jsbn-0.1.1.tgz",
+      "integrity": "sha1-peZUwuWi3rXyAdls77yoDA7y9RM=",
+      "optional": true
+    },
+    "json-schema": {
+      "version": "0.2.3",
+      "resolved": "https://registry.npmjs.org/json-schema/-/json-schema-0.2.3.tgz",
+      "integrity": "sha1-tIDIkuWaLwWVTOcnvT8qTogvnhM="
+    },
+    "json-stringify-safe": {
+      "version": "5.0.1",
+      "resolved": "https://registry.npmjs.org/json-stringify-safe/-/json-stringify-safe-5.0.1.tgz",
+      "integrity": "sha1-Epai1Y/UXxmg9s4B1lcB4sc1tus="
+    },
+    "jsonparse": {
+      "version": "1.3.1",
+      "resolved": "https://registry.npmjs.org/jsonparse/-/jsonparse-1.3.1.tgz",
+      "integrity": "sha1-P02uSpH6wxX3EGL4UhzCOfE2YoA="
+    },
+    "jsprim": {
+      "version": "1.4.1",
+      "resolved": "https://registry.npmjs.org/jsprim/-/jsprim-1.4.1.tgz",
+      "integrity": "sha1-MT5mvB5cwG5Di8G3SZwuXFastqI=",
+      "requires": {
+        "assert-plus": "1.0.0",
+        "extsprintf": "1.3.0",
+        "json-schema": "0.2.3",
+        "verror": "1.10.0"
+      }
+    },
+    "lodash": {
+      "version": "4.17.21",
+      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz",
+      "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg=="
+    },
+    "mime-db": {
+      "version": "1.35.0",
+      "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.35.0.tgz",
+      "integrity": "sha512-JWT/IcCTsB0Io3AhWUMjRqucrHSPsSf2xKLaRldJVULioggvkJvggZ3VXNNSRkCddE6D+BUI4HEIZIA2OjwIvg=="
+    },
+    "mime-types": {
+      "version": "2.1.19",
+      "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.19.tgz",
+      "integrity": "sha512-P1tKYHVSZ6uFo26mtnve4HQFE3koh1UWVkp8YUC+ESBHe945xWSoXuHHiGarDqcEZ+whpCDnlNw5LON0kLo+sw==",
+      "requires": {
+        "mime-db": "~1.35.0"
+      }
+    },
+    "oauth-sign": {
+      "version": "0.9.0",
+      "resolved": "https://registry.npmjs.org/oauth-sign/-/oauth-sign-0.9.0.tgz",
+      "integrity": "sha512-fexhUFFPTGV8ybAtSIGbV6gOkSv8UtRbDBnAyLQw4QPKkgNlsH2ByPGtMUqdWkos6YCRmAqViwgZrJc/mRDzZQ=="
+    },
+    "performance-now": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/performance-now/-/performance-now-2.1.0.tgz",
+      "integrity": "sha1-Ywn04OX6kT7BxpMHrjZLSzd8nns="
+    },
+    "process-nextick-args": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/process-nextick-args/-/process-nextick-args-2.0.0.tgz",
+      "integrity": "sha512-MtEC1TqN0EU5nephaJ4rAtThHtC86dNN9qCuEhtshvpVBkAW5ZO7BASN9REnF9eoXGcRub+pFuKEpOHE+HbEMw=="
+    },
+    "progress": {
+      "version": "1.1.8",
+      "resolved": "https://registry.npmjs.org/progress/-/progress-1.1.8.tgz",
+      "integrity": "sha1-4mDHj2Fhzdmw5WzD4Khd4Xx6V74="
+    },
+    "psl": {
+      "version": "1.1.29",
+      "resolved": "https://registry.npmjs.org/psl/-/psl-1.1.29.tgz",
+      "integrity": "sha512-AeUmQ0oLN02flVHXWh9sSJF7mcdFq0ppid/JkErufc3hGIV/AMa8Fo9VgDo/cT2jFdOWoFvHp90qqBH54W+gjQ=="
+    },
+    "punycode": {
+      "version": "1.4.1",
+      "resolved": "https://registry.npmjs.org/punycode/-/punycode-1.4.1.tgz",
+      "integrity": "sha1-wNWmOycYgArY4esPpSachN1BhF4="
+    },
+    "qs": {
+      "version": "6.5.2",
+      "resolved": "https://registry.npmjs.org/qs/-/qs-6.5.2.tgz",
+      "integrity": "sha512-N5ZAX4/LxJmF+7wN74pUD6qAh9/wnvdQcjq9TZjevvXzSUo7bfmw91saqMjzGS2xq91/odN2dW/WOl7qQHNDGA=="
+    },
+    "readable-stream": {
+      "version": "2.3.6",
+      "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.6.tgz",
+      "integrity": "sha512-tQtKA9WIAhBF3+VLAseyMqZeBjW0AHJoxOtYqSUZNJxauErmLbVm2FW1y+J/YA9dUrAC39ITejlZWhVIwawkKw==",
+      "requires": {
+        "core-util-is": "~1.0.0",
+        "inherits": "~2.0.3",
+        "isarray": "~1.0.0",
+        "process-nextick-args": "~2.0.0",
+        "safe-buffer": "~5.1.1",
+        "string_decoder": "~1.1.1",
+        "util-deprecate": "~1.0.1"
+      }
+    },
+    "request": {
+      "version": "2.88.0",
+      "resolved": "https://registry.npmjs.org/request/-/request-2.88.0.tgz",
+      "integrity": "sha512-NAqBSrijGLZdM0WZNsInLJpkJokL72XYjUpnB0iwsRgxh7dB6COrHnTBNwN0E+lHDAJzu7kLAkDeY08z2/A0hg==",
+      "requires": {
+        "aws-sign2": "~0.7.0",
+        "aws4": "^1.8.0",
+        "caseless": "~0.12.0",
+        "combined-stream": "~1.0.6",
+        "extend": "~3.0.2",
+        "forever-agent": "~0.6.1",
+        "form-data": "~2.3.2",
+        "har-validator": "~5.1.0",
+        "http-signature": "~1.2.0",
+        "is-typedarray": "~1.0.0",
+        "isstream": "~0.1.2",
+        "json-stringify-safe": "~5.0.1",
+        "mime-types": "~2.1.19",
+        "oauth-sign": "~0.9.0",
+        "performance-now": "^2.1.0",
+        "qs": "~6.5.2",
+        "safe-buffer": "^5.1.2",
+        "tough-cookie": "~2.4.3",
+        "tunnel-agent": "^0.6.0",
+        "uuid": "^3.3.2"
+      }
+    },
+    "safe-buffer": {
+      "version": "5.1.2",
+      "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz",
+      "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g=="
+    },
+    "safer-buffer": {
+      "version": "2.1.2",
+      "resolved": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz",
+      "integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg=="
+    },
+    "sax": {
+      "version": "1.2.4",
+      "resolved": "https://registry.npmjs.org/sax/-/sax-1.2.4.tgz",
+      "integrity": "sha512-NqVDv9TpANUjFm0N8uM5GxL36UgKi9/atZw+x7YFnQ8ckwFGKrl4xX4yWtrey3UJm5nP1kUbnYgLopqWNSRhWw=="
+    },
+    "split": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/split/-/split-1.0.1.tgz",
+      "integrity": "sha512-mTyOoPbrivtXnwnIxZRFYRrPNtEFKlpB2fvjSnCQUiAA6qAZzqwna5envK4uk6OIeP17CsdF3rSBGYVBsU0Tkg==",
+      "requires": {
+        "through": "2"
+      }
+    },
+    "sshpk": {
+      "version": "1.14.2",
+      "resolved": "https://registry.npmjs.org/sshpk/-/sshpk-1.14.2.tgz",
+      "integrity": "sha1-xvxhZIo9nE52T9P8306hBeSSupg=",
+      "requires": {
+        "asn1": "~0.2.3",
+        "assert-plus": "^1.0.0",
+        "bcrypt-pbkdf": "^1.0.0",
+        "dashdash": "^1.12.0",
+        "ecc-jsbn": "~0.1.1",
+        "getpass": "^0.1.1",
+        "jsbn": "~0.1.0",
+        "safer-buffer": "^2.0.2",
+        "tweetnacl": "~0.14.0"
+      }
+    },
+    "stream-filter": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/stream-filter/-/stream-filter-2.1.0.tgz",
+      "integrity": "sha1-vf9O7jzeTBUl4Ct43ek9gh/lKb0=",
+      "requires": {
+        "through2": "^2.0.1",
+        "xtend": "^4.0.1"
+      }
+    },
+    "string_decoder": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz",
+      "integrity": "sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==",
+      "requires": {
+        "safe-buffer": "~5.1.0"
+      }
+    },
+    "through": {
+      "version": "2.3.8",
+      "resolved": "https://registry.npmjs.org/through/-/through-2.3.8.tgz",
+      "integrity": "sha1-DdTJ/6q8NXlgsbckEV1+Doai4fU="
+    },
+    "through2": {
+      "version": "2.0.3",
+      "resolved": "https://registry.npmjs.org/through2/-/through2-2.0.3.tgz",
+      "integrity": "sha1-AARWmzfHx0ujnEPzzteNGtlBQL4=",
+      "requires": {
+        "readable-stream": "^2.1.5",
+        "xtend": "~4.0.1"
+      }
+    },
+    "tough-cookie": {
+      "version": "2.4.3",
+      "resolved": "https://registry.npmjs.org/tough-cookie/-/tough-cookie-2.4.3.tgz",
+      "integrity": "sha512-Q5srk/4vDM54WJsJio3XNn6K2sCG+CQ8G5Wz6bZhRZoAe/+TxjWB/GlFAnYEbkYVlON9FMk/fE3h2RLpPXo4lQ==",
+      "requires": {
+        "psl": "^1.1.24",
+        "punycode": "^1.4.1"
+      }
+    },
+    "tunnel-agent": {
+      "version": "0.6.0",
+      "resolved": "https://registry.npmjs.org/tunnel-agent/-/tunnel-agent-0.6.0.tgz",
+      "integrity": "sha1-J6XeoGs2sEoKmWZ3SykIaPD8QP0=",
+      "requires": {
+        "safe-buffer": "^5.0.1"
+      }
+    },
+    "tweetnacl": {
+      "version": "0.14.5",
+      "resolved": "https://registry.npmjs.org/tweetnacl/-/tweetnacl-0.14.5.tgz",
+      "integrity": "sha1-WuaBd/GS1EViadEIr6k/+HQ/T2Q=",
+      "optional": true
+    },
+    "uri-js": {
+      "version": "4.4.1",
+      "resolved": "https://registry.npmjs.org/uri-js/-/uri-js-4.4.1.tgz",
+      "integrity": "sha512-7rKUyy33Q1yc98pQ1DAmLtwX109F7TIfWlW1Ydo8Wl1ii1SeHieeh0HHfPeL2fMXK6z0s8ecKs9frCuLJvndBg==",
+      "requires": {
+        "punycode": "^2.1.0"
+      },
+      "dependencies": {
+        "punycode": {
+          "version": "2.1.1",
+          "resolved": "https://registry.npmjs.org/punycode/-/punycode-2.1.1.tgz",
+          "integrity": "sha512-XRsRjdf+j5ml+y/6GKHPZbrF/8p2Yga0JPtdqTIY2Xe5ohJPD9saDJJLPvp9+NSBprVvevdXZybnj2cv8OEd0A=="
+        }
+      }
+    },
+    "util-deprecate": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz",
+      "integrity": "sha1-RQ1Nyfpw3nMnYvvS1KKJgUGaDM8="
+    },
+    "uuid": {
+      "version": "3.3.2",
+      "resolved": "https://registry.npmjs.org/uuid/-/uuid-3.3.2.tgz",
+      "integrity": "sha512-yXJmeNaw3DnnKAOKJE51sL/ZaYfWJRl1pK9dr19YFCu0ObS231AB1/LbqTKRAQ5kw8A90rA6fr4riOUpTZvQZA=="
+    },
+    "verror": {
+      "version": "1.10.0",
+      "resolved": "https://registry.npmjs.org/verror/-/verror-1.10.0.tgz",
+      "integrity": "sha1-OhBcoXBTr1XW4nDB+CiGguGNpAA=",
+      "requires": {
+        "assert-plus": "^1.0.0",
+        "core-util-is": "1.0.2",
+        "extsprintf": "^1.2.0"
+      }
+    },
+    "xml2js": {
+      "version": "0.4.19",
+      "resolved": "https://registry.npmjs.org/xml2js/-/xml2js-0.4.19.tgz",
+      "integrity": "sha512-esZnJZJOiJR9wWKMyuvSE1y6Dq5LCuJanqhxslH2bxM6duahNZ+HMpCLhBQGZkbX6xRf8x1Y2eJlgt2q3qo49Q==",
+      "requires": {
+        "sax": ">=0.6.0",
+        "xmlbuilder": "~9.0.1"
+      }
+    },
+    "xmlbuilder": {
+      "version": "9.0.7",
+      "resolved": "https://registry.npmjs.org/xmlbuilder/-/xmlbuilder-9.0.7.tgz",
+      "integrity": "sha1-Ey7mPS7FVlxVfiD0wi35rKaGsQ0="
+    },
+    "xtend": {
+      "version": "4.0.1",
+      "resolved": "https://registry.npmjs.org/xtend/-/xtend-4.0.1.tgz",
+      "integrity": "sha1-pcbVMr5lbiPbgg77lDofBJmNY68="
+    }
+  }
+}
diff --git a/utils/hsts-prune/package.json b/utils/hsts-prune/package.json
new file mode 100644
index 000000000000..fcd6741cb985
--- /dev/null
+++ b/utils/hsts-prune/package.json
@@ -0,0 +1,23 @@
+{
+  "name": "hsts-prune",
+  "version": "1.0.0",
+  "description": "",
+  "main": "index.js",
+  "scripts": {
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "author": "William Budington",
+  "license": "GPL-3.0",
+  "dependencies": {
+    "JSONStream": "^1.3.0",
+    "async": "^2.6.4",
+    "base64-stream": "^0.1.3",
+    "escape-string-regexp": "^1.0.5",
+    "highland": "^2.10.1",
+    "progress": "^1.1.8",
+    "request": "^2.79.0",
+    "split": "^1.0.0",
+    "stream-filter": "^2.1.0",
+    "xml2js": "^0.4.17"
+  }
+}
diff --git a/utils/memusage.js b/utils/memusage.js
new file mode 100644
index 000000000000..7db7faaa1189
--- /dev/null
+++ b/utils/memusage.js
@@ -0,0 +1,50 @@
+/* eslint-env es6, node */
+/* globals gc */
+
+'use strict';
+
+if (typeof gc !== 'function') {
+	throw new Error('Please re-run with `node --expose-gc utils/memusage.js`');
+}
+
+const { RuleSets } = require('../chromium/background-scripts/rules');
+const { readFileSync } = require('fs');
+const json = JSON.parse(readFileSync(`${__dirname}/../rules/default.rulesets`, 'utf-8'));
+
+function memUsage() {
+	gc(); // don't measure garbage
+	return process.memoryUsage().heapUsed;
+}
+
+function memToString(before, after) {
+	return (Math.round((after - before) / (1 << 20) * 10) / 10).toLocaleString() + ' MB';
+}
+
+const start = memUsage();
+let middle, end;
+
+{
+	const ruleSets = new RuleSets(Object.create(null));
+	ruleSets.addFromJson(json);
+	middle = memUsage();
+}
+
+{
+	const oldRegExp = RegExp;
+
+	global.RegExp = function (...args) {
+		let r = new oldRegExp(...args);
+		r.test(''); // force engine to compile RegExp
+		return r;
+	};
+
+	const ruleSets = new RuleSets(Object.create(null));
+	ruleSets.addFromJson(json);
+	end = memUsage();
+}
+
+// rulesets loaded but regexps are not compiled
+console.log('Initial usage:', memToString(start, middle));
+
+// with all regexps compiled
+console.log('Maximum usage:', memToString(middle, end));
diff --git a/utils/merge-rulesets.py b/utils/merge-rulesets.py
index 2cfbdf5f76f4..efd62cbaf8d8 100644
--- a/utils/merge-rulesets.py
+++ b/utils/merge-rulesets.py
@@ -1,99 +1,114 @@
-#!/usr/bin/env python
+#!/usr/bin/env python3
 
 # Merge all the .xml rulesets into a single "default.rulesets" file -- this
-# prevents inodes from wasting disk space, but more importantly, works around
-# the fact that zip does not perform well on a pile of small files.
+# prevents inodes from wasting disk space, but more importantly, this works
+# around the fact that zip does not perform well on a pile of small files.
 
-# currently a very literal translation of merge-rulesets.sh, but about five
-# times faster
-from __future__ import print_function
-pass
+# Currently, it merges rulesets into a JSON Object for minimal overhead,
+# in both storage and parsing speed.
+
+import argparse
+import glob
+import json
 import os
-from glob import glob
-from subprocess import call
-import sys
-import traceback
-import re
 import unicodedata
-
+import xml.etree.ElementTree
 
 def normalize(f):
     """
-    OSX and Linux filesystems encode composite characters differently in filenames.
-    We should normalize to NFC: http://unicode.org/reports/tr15/.
+    OSX and Linux filesystems encode composite characters differently in
+    filenames. We should normalize to NFC: http://unicode.org/reports/tr15/
     """
-    f = unicodedata.normalize('NFC', unicode(f, 'utf-8')).encode('utf-8')
+    f = unicodedata.normalize("NFC", f)
     return f
 
-os.chdir("src")
-rulesets_fn="chrome/content/rules/default.rulesets"
-xml_ruleset_files = map(normalize, glob("chrome/content/rules/*.xml"))
-
-# cleanup after bugs :/
-misfile = rulesets_fn + "r"
-if os.path.exists(misfile):
-  print("Cleaning up malformed rulesets file...")
-  os.unlink(misfile)
-
-if "--fast" in sys.argv:
-  library_compiled_time = os.path.getmtime(rulesets_fn)
-  newest_xml = max([os.path.getmtime(f) for f in xml_ruleset_files])
-  if library_compiled_time >= newest_xml:
-    print("Library is newer that all rulesets, skipping rebuild...")
-    sys.exit(0)
-
-print("Creating ruleset library...")
-
-# Under git bash, sed -i issues errors and sets the file "read only".  Thanks.
-if os.path.isfile(rulesets_fn):
-  os.system("chmod u+w " + rulesets_fn)
-
-def rulesize():
-  return len(open(rulesets_fn).read())
-
-def clean_up(rulefile):
-    """Remove extra whitespace and comments from a ruleset"""
-    comment_and_newline_pattern = re.compile(r"<!--.*?-->|\n|\r", flags=re.DOTALL)
-    rulefile = comment_and_newline_pattern.sub('', rulefile)
-    to_and_from_pattern = re.compile(r'\s*(to=|from=)')
-    rulefile = to_and_from_pattern.sub(r' \1', rulefile)
-    rulefile = re.sub(r">\s*<", r"><", rulefile)
-    rulefile = re.sub(r"</ruleset>\s*", r"</ruleset>\n", rulefile)
-    rulefile = re.sub(r"\s*(/>|<ruleset)", r"\1", rulefile)
-    return rulefile
-
-library = open(rulesets_fn,"w")
-
-try:
-  commit_id = os.environ["GIT_COMMIT_ID"]
-  library.write('<rulesetlibrary gitcommitid="%s">' % commit_id)
-except:
-  # Chromium
-  library.write('<rulesetlibrary>')
-
-# Include the filename.xml as the "f" attribute
-print("Removing whitespaces and comments...")
-
-for rfile in sorted(xml_ruleset_files):
-  ruleset = open(rfile).read()
-  fn = os.path.basename(rfile)
-  ruleset = ruleset.replace("<ruleset", '<ruleset f="%s"' % fn, 1)
-  library.write(clean_up(ruleset))
-library.write("</rulesetlibrary>\n")
-library.close()
-
-try:
-  if 0 == call(["xmllint", "--noout", rulesets_fn]):
-    print(rulesets_fn, "passed XML validity test.")
-  else:
-    print("ERROR:", rulesets_fn, "failed XML validity test!")
-    sys.exit(1)
-except OSError as e:
-  if "No such file or directory" not in traceback.format_exc():
-    raise
-  print("WARNING: xmllint not present; validation of", rulesets_fn, " skipped.")
-
-# We make default.rulesets at build time, but it shouldn't have a variable
-# timestamp
-call(["touch", "-r", "install.rdf", rulesets_fn])
+# commandline arguments parsing (nobody use it, though)
+parser = argparse.ArgumentParser(description="Merge rulesets")
+parser.add_argument("--source_dir", default="src/chrome/content/rules")
+
+args = parser.parse_args()
+
+# output filename, pointed to the merged ruleset
+ofn = os.path.join(args.source_dir, "default.rulesets")
+ojson = os.path.join(args.source_dir, "default.rulesets.json")
+
+# XML Ruleset Files
+files = map(normalize, glob.glob(os.path.join(args.source_dir, "*.xml")))
+
+# Under git bash, sed -i issues errors and sets the file "read-only".
+if os.path.isfile(ofn):
+    os.system("chmod u+w " + ofn)
+if os.path.isfile(ojson):
+    os.system("chmod u+w " + ojson)
+
+# Library (JSON Object)
+library = []
+
+# Parse XML ruleset and construct JSON library
+print(" * Parsing XML ruleset and constructing JSON library...")
+for filename in sorted(files):
+    tree = xml.etree.ElementTree.parse(filename)
+    root = tree.getroot()
+
+    ruleset = {}
+    trivialNameSecureCookie = None
+
+    for attr in root.attrib:
+        ruleset[attr] = root.attrib[attr]
+
+    for child in root:
+        if child.tag in ["target", "rule", "securecookie", "exclusion"]:
+            if child.tag not in ruleset:
+                ruleset[child.tag] = []
+        else:
+            continue
+
+        if child.tag == "target":
+            ruleset["target"].append(child.attrib["host"])
+
+        elif child.tag == "rule":
+            ru = {}
+            ru["from"] = child.attrib["from"]
+            ru["to"] = child.attrib["to"]
+
+            ruleset["rule"].append(ru)
+
+        elif child.tag == "securecookie":
+            if child.attrib["name"] == ".+":
+                if not trivialNameSecureCookie:
+                    trivialNameSecureCookie = {}
+                    trivialNameSecureCookie["host"] = child.attrib["host"]
+                    trivialNameSecureCookie["name"] = ".+"
+                else:
+                    trivialNameSecureCookie["host"] = (trivialNameSecureCookie["host"] + "|" + child.attrib["host"])
+            else:
+                sc = {}
+                sc["host"] = child.attrib["host"]
+                sc["name"] = child.attrib["name"]
+
+                ruleset["securecookie"].append(sc)
+
+        elif child.tag == "exclusion":
+            if len(ruleset["exclusion"]) == 0:
+                ruleset["exclusion"].append(child.attrib["pattern"])
+            else:
+                ruleset["exclusion"][0] = (ruleset["exclusion"][0] + "|" + child.attrib["pattern"])
+
+    if trivialNameSecureCookie:
+        ruleset["securecookie"].insert(0, trivialNameSecureCookie)
+
+    library.append(ruleset);
+
+# Write to default.rulesets
+print(" * Writing JSON library to %s and %s"% (ofn, ojson) )
+outfile = open(ofn, "w")
+jsonout = open(ojson, "w")
+
+outfile.write(json.dumps(library, separators=(",", ":")))
+jsonout.write(json.dumps(library, separators=(",", ":")))
+
+outfile.close()
+jsonout.close()
 
+# Everything is okay.
+print(" * Everything is okay.")
diff --git a/utils/merge-rulesets.sh b/utils/merge-rulesets.sh
deleted file mode 100644
index 568b2468cecd..000000000000
--- a/utils/merge-rulesets.sh
+++ /dev/null
@@ -1,160 +0,0 @@
-#!/bin/sh
-
-# Merge all the .xml rulesets into a single "default.rulesets" file -- this
-# prevents inodes from wasting disk space, but more importantly, works around
-# the fact that zip does not perform well on a pile of small files.
-
-RULESETS=chrome/content/rules/default.rulesets
-
-INDENT_CHAR='    '
-# Any whitespace that marks one level of indentation.
-
-TAG_DEFINITIONS='
-# tag | level of indentation | + prepended linebreaks | + appended linebreaks
-rulesetlibrary  0 -1  0
-ruleset         0  1  0
-rule            1  0  0
-target          1  0  0
-exclusion       2  0  0
-securecookie    2  0  0'
-# Extra prepended linebreaks are added before the opening <tags>,
-# and appended after closing </tags> and <tags/>. It's not perfect but it works.
-# One linebreak is implicitly prepended; opt out by supplying -1
-# This does not work whatsoever with nested tags, mind.
-
-SED_TRIM_CMD='
-	:a
-	s/<!--.*-->//g
-	/<!--/N
-	//ba
-
-	s/\([^ ]\)\(to\|from\|name\)=/\1 \2=/g
-	s: />:/>:g
-	s/\([^ ]\) \{2,\}/\1/g
-	s/ \+$//g
-	s:\(http[s?]\{,2\}\)[^:]//:\1\://:g
-	s:\([^:]\)/\{2,\}:\1/:g'
-# sed command to scrub comments and fix various whitespace irregularities;
-# missing whitespace inbetween tag fields: <x y="z"trapped=":("/>,
-# random double and trailing whitespace, unwanted whitespace before '/>',
-# semicolons after protocols;// (rather than colons), and mid-URI double slashes
-
-
-# Functions
-
-repeat_char() {
-	[ $2 -gt 0 ] || return
-	local i
-	for i in $(seq 1 $2); do printf "$1"; done
-}
-
-format_rulesets() {
-	local IFS tag idepth prebreaks postbreaks
-	local _indent _pre _post _sed_pre _sed_post _sed_oneshot
-
-	# Print pretty banner, very hardcoded
-	printf '\n'
-	printf '%15s | %s | %s | %s\n' 'tag name' 'indent' 'prebreak' 'postbreak'
-	printf '%15s-+-%s-+-%s-+-%s\n' \
-		'-------------' '------' '--------' '----------'
-
-	# Iterate through tags and add appropriate indentation and linebreaks
-	while read tag idepth prebreaks postbreaks; do
-		( [ "$tag" = '#' ] || [ ! $postbreaks ] ) && continue  # Invalid; skip
-		unset _indent _pre _post _sed_pre _sed_post _sed_oneshot
-
-		printf "%15s | %6d | %8d | %9s\n" "$tag" $idepth $prebreaks $postbreaks
-
-		# Special characters (\n) need double escaping when saved to a variable
-		# since they are dereferenced and break everytime they're passed around.
-		# bash printf has a %q format character for this, but we're /bin/sh
-
-		# Should always be a prepended linebreak unless we opt out with -1
-		_pre="$(repeat_char '\\n' $((prebreaks+1)))"
-		_post="$(repeat_char '\\n' $postbreaks)"
-		_indent="$(repeat_char "$INDENT_CHAR" $idepth)"
-
-		# breaks before opening <tags> and <tags/>
-		_sed_pre="s:<${tag}[ />]:${_pre}${_indent}\0:g;"
-		# breaks after closing </tags>
-		_sed_post="s:</${tag}>:\n${_indent}\0${_post}:g;"
-		# breaks after oneshot <tags/>
-		_sed_oneshot="s:<${tag}\(/>\| [^>]\+/>\):\0${_post}:g;"
-
-		sed -ir "$_sed_pre $_sed_post $_sed_oneshot" $RULESETS
-	done <<- EOF
-		$TAG_DEFINITIONS
-	EOF
-
-	echo #padding for some distance after the tag table
-}
-
-rulesize() {
-	wc -c < $RULESETS
-}
-
-populate_rulesets() {
-	local xmlfile
-	# Under git bash, sed -i issues errors and sets the file "read only"
-	[ -f "$RULESETS" ] && chmod u+w $RULESETS
-
-	printf '<rulesetlibrary gitcommitid="%s">' \
-		"${GIT_COMMIT_ID:-unset}" > $RULESETS
-
-	# Include the filename.xml as the "f" attribute
-	for xmlfile in chrome/content/rules/*.xml; do
-		sed "s/<ruleset/\0 f=\"${xmlfile##*/}\"/g" "$xmlfile" >> $RULESETS
-	done
-
-	echo "</rulesetlibrary>" >> $RULESETS
-}
-
-flatten_file() {
-	# Strip *all* control chars; we'll re-add them soon as per tag definitions.
-	# tr cannot edit in-place so we need to temp, either in a file or a variable
-	echo "$(tr -d '[:cntrl:]' < $RULESETS | tr -s '[:space:]')" > $RULESETS
-	# Beware that this *assumes* the used shell accepts variable sizes of >2Mb.
-}
-
-
-# Execution start
-
-cd src
-
-echo "Creating ruleset library..."
-populate_rulesets
-
-echo "Removing control characters, whitespace and comments..."
-PRECRUSH=$(rulesize)
-flatten_file
-
-echo "Formatting..."
-format_rulesets
-
-echo "Final touches..."
-# sed -i is not portable (GNU extension), but maybe we don't care.
-sed -ir "$SED_TRIM_CMD" $RULESETS
-POSTCRUSH=$(rulesize)
-
-# All done, print summary
-printf "Crushed %d bytes of rulesets into %d (delta %d)\n" \
-	$PRECRUSH $POSTCRUSH $((POSTCRUSH-PRECRUSH))
-
-# Timestamp
-touch -r chrome/content/rules $RULESETS
-
-# We need to keep $RULESETS for makecrx.sh but the rest is of no further use
-unset INDENT_CHAR TAG_DEFINITIONS SED_TRIM_CMD PRECRUSH POSTCRUSH
-unset repeat_char format_rulesets rulesize populate_rulesets flatten_file
-
-cd ..
-
-
-# grep tests to ensure the sed magic worked (should find no matches):
-#
-#   non-indenting double whitespace: '[^ ] \{2,\}'
-#   missing space after field:       '="[^"]\+"[^ />]'  # not perfect
-#   trailing whitespace:             ' $'               # pipe to | cat -A -
-#   malformed http(s) protocol text  'http[s?]\{,2\}[^:]//'
-#   random double+ slashes:          '[^:;]//'
-#
diff --git a/utils/mk_client_whitelist.py b/utils/mk_client_whitelist.py
deleted file mode 100755
index 1ae5e6cad04b..000000000000
--- a/utils/mk_client_whitelist.py
+++ /dev/null
@@ -1,51 +0,0 @@
-#!/usr/bin/env python
-
-# Make a list of the current top 1,000 certs to whitelist from the
-# Decentralized SSL Observatory's client submissions, to live in
-# https-everywhere/src/chrome/content/code/X509ChainWhitelist.js
-
-import dbconnect
-import sys
-
-db, dbc = dbconnect.dbconnect()
-
-import time
-few_days_ago = time.gmtime(time.time() - 3600 * 24 * 3)
-cutoff = time.strftime("%Y-%m-%d", few_days_ago)
-
-# This currently runs on the decentralized observatory server, but will also
-# run on the published datasets and read-only SQL servers too...
-
-q = """
-SELECT hex(reports.chain_fp), count, `Validity:Not After`, Subject 
-FROM reports JOIN chains       ON reports.chain_fp = chains.chain_fp 
-             JOIN parsed_certs ON reports.cert_fp  = parsed_certs.cert_fp 
-WHERE count > 1000 AND 
-      `Validity:Not After` > "%s" 
-GROUP BY reports.chain_fp 
-ORDER BY count DESC 
-LIMIT 1000
-""" % (cutoff,)
-
-dbc.execute(q)
-results = dbc.fetchmany(1000)
-
-sys.stderr.write("TOP 100:\n")
-for n in range(100):
-  sys.stderr.write(repr(results[n][1:4]) + '\n')
-
-header = """
-// These are SHA256 fingerprints for the most common chains observed by the
-// Decentralized SSL Observatory.  These should not be resubmitted.  
-// This file is automatically generated by utils/mk_client_whitelist.py
-
-const X509ChainWhitelist = {"""
-
-print(header)
-for chain_fp in sorted([row[0] for row in results]):
-  print("  '%s' : true," % chain_fp)
-
-footer = "} ;"
-print(footer)
-
-
diff --git a/utils/mktemp.sh b/utils/mktemp.sh
new file mode 100755
index 000000000000..6089b9336c9e
--- /dev/null
+++ b/utils/mktemp.sh
@@ -0,0 +1,11 @@
+#!/bin/sh
+#
+# BSD and GNU mktemp have slightly different invocation patterns.
+# BSD's needs a -t option specifying a "template." 'everywhere' will
+# end up in the temp-folder name, so in the event it doesn't get cleaned
+# up, there's some indication of where it originated.
+
+MKTEMP=`which mktemp`
+function mktemp() {
+    $MKTEMP $@ 2>/dev/null || $MKTEMP -t everywhere $@
+}
diff --git a/utils/relaxng.xml b/utils/relaxng.xml
deleted file mode 100644
index b1dfa00128e6..000000000000
--- a/utils/relaxng.xml
+++ /dev/null
@@ -1,61 +0,0 @@
-<element xmlns="http://relaxng.org/ns/structure/1.0" name="ruleset" datatypeLibrary="http://www.w3.org/2001/XMLSchema-datatypes">
-  <attribute name="name" />
-
-  <optional>
-    <attribute name="match_rule" />
-  </optional>
-
-  <optional>
-    <attribute name="default_off" />
-  </optional>
-
-  <optional>
-    <attribute name="platform">
-      <data type="string">
-        <param name="pattern">(firefox|chromium|cacert|ipsca|mixedcontent)( (firefox|chromium|cacert|ipsca|mixedcontent))*</param>
-      </data>
-    </attribute>
-  </optional>
-
-  <interleave>
-
-    <oneOrMore>
-      <element name="target">
-        <attribute name="host">
-          <data type="string">
-            <param name="pattern">(([A-Za-z0-9äö-]+|\*)\.)*([A-Za-z0-9äö-]+|\*)</param>
-          </data>
-        </attribute>
-      </element>
-    </oneOrMore>
-
-    <zeroOrMore>
-      <element name="exclusion">
-        <attribute name="pattern" />
-      </element>
-    </zeroOrMore>
-
-    <zeroOrMore>
-      <element name="securecookie">
-        <attribute name="host"/>
-        <attribute name="name"/>
-      </element>
-    </zeroOrMore>
-
-    <oneOrMore>
-      <element name="rule">
-        <attribute name="from"/>
-        <attribute name="to">
-          <data type="string">
-            <param name="pattern">https?://.*</param>
-          </data>
-        </attribute>
-        <optional>
-            <attribute name="downgrade" />
-        </optional>
-      </element>
-    </oneOrMore>
-
-  </interleave>
-
-</element>
diff --git a/utils/remove-obsolete-references.sh b/utils/remove-obsolete-references.sh
new file mode 100755
index 000000000000..04dba095c2c3
--- /dev/null
+++ b/utils/remove-obsolete-references.sh
@@ -0,0 +1,39 @@
+#!/bin/bash
+# Remove obsolete references to child rulesets which
+# has been renamed/ deleted
+
+
+# Change directory to git root; taken from ../test/test.sh
+if [ -n "$GIT_DIR" ]
+then
+    # $GIT_DIR is set, so we're running as a hook.
+    cd $GIT_DIR
+else
+    # Git command exists? Cool, let's CD to the right place.
+    git rev-parse && cd "$(git rev-parse --show-toplevel)"
+fi
+
+# Run from ruleset folder to simplify the output
+cd src/chrome/content/rules
+
+# Default exit status
+EXIT_CODE=0
+
+# List of file(s) which contain at least one reference
+FILES=`egrep -l '^\s*[-|+]\s*([^ ]*\.xml)\s*$' *.xml`
+
+while read FILE; do
+    # List of referenced rulesets
+    REFS=`sed -n 's/^\s*[-|+]\s*\([^ ]*\.xml\)\s*$/\1/gp' "$FILE"`
+
+    while read REF; do
+        if [ ! -f "$REF" ]; then
+            echo >&2 "ERROR src/chrome/content/rules/$FILE: Dangling reference to $REF"
+            sed -i "/^\s*[-|+]\s*$REF$/d" "$FILE"
+            EXIT_CODE=1
+        fi
+    done <<< "$REFS"
+done <<< "$FILES"
+
+# Exit with errors, if any
+exit "$EXIT_CODE"
diff --git a/utils/rewriter/.gitignore b/utils/rewriter/.gitignore
new file mode 100644
index 000000000000..07e6e472cc75
--- /dev/null
+++ b/utils/rewriter/.gitignore
@@ -0,0 +1 @@
+/node_modules
diff --git a/utils/rewriter/README.md b/utils/rewriter/README.md
new file mode 100644
index 000000000000..e69de29bb2d1
diff --git a/utils/rewriter/package.json b/utils/rewriter/package.json
new file mode 100644
index 000000000000..a62493ad2762
--- /dev/null
+++ b/utils/rewriter/package.json
@@ -0,0 +1,10 @@
+{
+  "name": "https-everywhere-rewriter",
+  "version": "1.0.0",
+  "dependencies": {
+    "event-stream": "3.0.20",
+    "readdirp": "2.0.1",
+    "urijs": "^1.19.1",
+    "xmldom": "0.1.17"
+  }
+}
diff --git a/utils/rewriter/rewriter.js b/utils/rewriter/rewriter.js
new file mode 100644
index 000000000000..5a25d5cdfafe
--- /dev/null
+++ b/utils/rewriter/rewriter.js
@@ -0,0 +1,128 @@
+// HTTPS Rewriter.
+//
+// Uses the rulesets from HTTPS to recursively rewrite URL references in a
+// given directory to HTTPS. Uses protocol-relative URLs wherever possible.
+// Makes a copy of each file at filename.bak.
+//
+// Usage:
+//  cd https-everywhere
+//  ./make.sh # to build default.rulesets
+//  cd rewriter
+//  (install node and npm)
+//  npm install
+//  node rewriter.js ~/path/to/my/webapp
+//  cd ~/path/to/my/webapp
+//  git diff
+
+global.self = global;
+require("../../lib-wasm/pkg/https_everywhere_lib_wasm.js");
+
+var path = require("path"),
+  fs = require("fs"),
+  DOMParser = require('xmldom').DOMParser,
+  readdirp = require('readdirp'),
+  es = require('event-stream'),
+
+  rules = require("../../chromium/background-scripts/rules"),
+
+  URI = require("urijs");
+
+var ruleSets = null;
+
+/**
+ * For a given directory, recursively edit all files in it that match a filename
+ * pattern representing source code. Replace URLs in those files with rewritten
+ * ones if possible.
+ */
+function processDir(dir) {
+  var stream = readdirp({
+    root: dir,
+    fileFilter: ['*.html', '*.js', '*.rb', '*.erb', '*.mustache',
+      '*.scala', '*.c', '*.cc', '*.cpp', '*.cxx',
+      '*.java', '*.go', '*.php', '*.css', '*.pl', '*.py',
+      '*.rhtml', '*.sh', '*.yaml']
+  });
+
+  stream
+    .on('warn', function (err) {
+      console.error('non-fatal error', err);
+    // Optionally call stream.destroy() here in order to abort and cause 'close' to be emitted
+    })
+    .on('error', function (err) { console.error('fatal error', err); })
+    .pipe(es.mapSync(function (entry) {
+      var filename = path.join(dir, entry.path);
+      console.log("Rewriting " + filename);
+      try {
+        processFile(filename);
+      } catch(e) {
+        console.log(filename, e);
+      }
+    }));
+}
+
+/**
+ * Overwrite the default URI find_uri_expression with a modified one that
+ * mitigates a catastrophic backtracking issue common in CSS.
+ * The workaround was to insist that URLs start with http, since those are the
+ * only ones we want to rewrite anyhow. Note that this may still go exponential
+ * on certain inputs. http://www.regular-expressions.info/catastrophic.html
+ * Example string that blows up URI.withinString:
+ *  image:url(http://img.youtube.com/vi/x7f
+ */
+URI.find_uri_expression = /\b((?:http:(?:\/{1,3}|[a-z0-9%])|www\d{0,3}[.]|[a-z0-9.\-]+[.][a-z]{2,4}\/)(?:[^\s()<>]+)+(?:\(([^\s()<>]+|(\([^\s()<>]+\)))*\)|[^\s`!()\[\]{};:'".,<>?«»“”‘’]))/ig;
+
+function processFile(filename) {
+  var contents = fs.readFileSync(filename, 'utf8');
+  var rewrittenFile = URI.withinString(contents, function(url) {
+    console.log("Found ", url);
+    var uri = new URI(url);
+    if (uri.protocol() != 'http') return url;
+
+    uri.normalize();
+    var rewritten = ruleSets.rewriteURI(uri.toString(), uri.host());
+    if (rewritten) {
+      return rewritten;
+    } else {
+      return url;
+    }
+  });
+
+  fs.writeFileSync(filename + ".new", rewrittenFile);
+  fs.renameSync(filename, filename + ".bak");
+  fs.renameSync(filename + ".new", filename);
+}
+
+/**
+ * Load all rulesets for rewriting.
+ */
+function loadRuleSets() {
+  console.log("Loading rules...");
+  var fileContents = fs.readFileSync(path.join(__dirname, '../../pkg/crx-eff/rules/default.rulesets'), 'utf8');
+  ruleSets = new rules.RuleSets({});
+  ruleSets.addFromJson(JSON.parse(fileContents));
+}
+
+function usage() {
+  console.log("Usage: \n   nodejs rewriter.js /path/to/my/webapp \n");
+  process.exit(1);
+}
+
+if (process.argv.length <= 2) {
+  usage();
+}
+
+for (var i = 2; i < process.argv.length; i++) {
+  var rewritePath = process.argv[i];
+  if (rewritePath.indexOf('-') == 0) {
+    usage();
+  }
+  if (!fs.existsSync(rewritePath)) {
+    console.log("Path doesn't exist: " + rewritePath);
+    process.exit(1);
+  }
+}
+
+loadRuleSets();
+for (var i = 2; i < process.argv.length; i++) {
+  processDir(process.argv[i]);
+}
diff --git a/utils/ruleset-allowlist-cleanup.sh b/utils/ruleset-allowlist-cleanup.sh
new file mode 100755
index 000000000000..1975665b41bf
--- /dev/null
+++ b/utils/ruleset-allowlist-cleanup.sh
@@ -0,0 +1,42 @@
+#!/bin/bash
+# Remove from ruleset allowlist the filenames of files that
+# no longer exist or have no matching hash sums.
+
+# Change directory to git root; taken from ../test/test.sh
+if [ -n "$GIT_DIR" ]
+then
+    # $GIT_DIR is set, so we're running as a hook.
+    cd $GIT_DIR
+else
+    # Git command exists? Cool, let's CD to the right place.
+    git rev-parse && cd "$(git rev-parse --show-toplevel)"
+fi
+
+# Run from ruleset folder to simplify sha256sum output
+cd src/chrome/content/rules
+WLIST=../../../../utils/ruleset-allowlist.csv
+DELIM=","
+
+(read; while IFS=$DELIM read listed_hash coverage_flag fetch_flag file; do
+  display_hash=$(echo $listed_hash | cut -c-7)
+  # Remove those that no longer exist
+  if [ ! -f $file ]; then
+    sed -i "/$listed_hash$DELIM$coverage_flag$DELIM$fetch_flag$DELIM$file/d" $WLIST
+    echo >&2 "Removed $file ($display_hash): file no longer exists"
+  elif [ "$coverage_flag" == "0" -a "$fetch_flag" == "0" ]; then
+    sed -i "/$listed_hash$DELIM$coverage_flag$DELIM$fetch_flag$DELIM$file/d" $WLIST
+    echo >&2 "Removed $file ($display_hash): obsolete, all flags set to false"
+  else
+    actual_hash=$(sha256sum $file | cut -c-64)
+    # Remove those whose hashes do not match
+    if [ "$listed_hash" != "$actual_hash" ]; then
+      sed -i "/$listed_hash$DELIM$coverage_flag$DELIM$fetch_flag$DELIM$file/d" $WLIST
+      echo >&2 "Removed $file ($display_hash): listed hash does not match actual hash"
+    fi
+  fi
+done) < "$WLIST"
+
+# Sorting by the 4th column (ruleset name)
+TMPFILE=`mktemp`
+(head -n1 "$WLIST" && tail -n +2 "$WLIST" | LC_ALL=C sort -t"," -b -u -k4) > "$TMPFILE"
+mv "$TMPFILE" "$WLIST"
diff --git a/utils/ruleset-allowlist.csv b/utils/ruleset-allowlist.csv
new file mode 100644
index 000000000000..2e3e1c481b91
--- /dev/null
+++ b/utils/ruleset-allowlist.csv
@@ -0,0 +1,2222 @@
+hash,auto-pass coverage test,auto-pass fetch test,filename
+fbb2d56d33f886b53c314eac3446eed8bad7916660ad0709367936fe8335d987,0,1,112_Cafe.com.xml
+5b650e2b6084539440a1b66b5b45f5825a2d61db7812c7521e1a1e0860c4b6a3,1,1,16163.com.xml
+b5c96ae391a5b0971fb2438e3afd37ec7ce439e7dbb271276cf7bbeb0eb61450,1,1,16personalities.com.xml
+55b1ea082e1da07a13ef7bca833f779a23335658d345294a35e4944b90c5c136,0,1,1TW.org.xml
+4d7ea51ecce8ef52d7f14fe3d2196e7647c347ae491a8c51ff84555426f4c05b,0,1,1phads.com.xml
+4209813635498e7b1f9c944d648173507b41e0e3260e16b3fdb6f3f945ffc28a,1,1,24-7-Media.xml
+feb478f3b2f281637dc660c70688a7002af3e4c8643f49bc2a45dc451a2fe450,1,0,2K.com.xml
+106d40535445ceb77ef877d7cd43e68522ee15426bb20391be72da7ee7ed0319,1,0,33Across.xml
+2754710db32540a9e4fc610476d2da4ced0e742af02f5db582aacc553436a822,0,1,37Signals.xml
+0b112de7f3114b9432277ced9283996b39d7d7a9f5f3471fb98545630f674d8f,1,1,3M.com.xml
+3cd9cc0b3921f83d5bea3d5e948e0b95223f24dde3afa2bea2c346aba084eeb7,1,1,3dglassesfree.com.xml
+41753915c41cfe07253511c84b34de0e41983d64ca36ca0dac6922c325573249,0,1,3g2upl4pq6kufc4m.onion.xml
+c82fc176343c2425fb39f152c4819a3c68802a973835817b8fc2ab9cf2462db2,1,1,4gamer.net.xml
+8223ab030d3a507686a55a6d13875fea38888ee6e1aefcb086e0ff99d83116f4,1,1,888173.net.xml
+53ad3f31c9603c3fa9ef4e1737d60c314a2033b5646398e64986f1952d11bb2a,1,1,972mag.com.xml
+7a25ea9f7d589947b91e6c4d54f91fadb6727107093a0154936119eac027ff8b,1,1,A1WebStats.com.xml
+471b1cb8ca62bde3a1c77076ded432fee9ad7a31911abbdb70d99bd5a6c22f0f,0,1,AA.net.uk.xml
+a77b292e0258a8a9a81a8e05fa342741e226a1e024978fe7c6677c7c65150ae3,0,1,AAMC.org.xml
+f97657791892c8df7bdc53f8d0207d699859a190444fbf975e98861d4cf53650,0,1,ABIS-studien.se.xml
+b46e53a6f571bb484c20bd6d6506fdd6616e344cbd8c4ee987994878ba6f28b7,0,1,ACLU-of-Louisiana.xml
+ebb612af087df8278b2f48f19db43fb3cac73d6a4e9b4e1e58e37e1738164c7e,0,1,ACLU-of-Texas.xml
+9dd2d07280b679205432600769a989ace5a9feebe2ab2e5288b509719325be90,0,1,ADP_Screening_and_Selection_Services.xml
+276a2773697e1f02e05064c9caafa4958b2dbab8110457e719a14e3d15db499b,0,1,AEUP.eu.xml
+bde27e017263a64c388195a0091c24f9dffb1c23ce90deb3c63919c75bb5598f,0,1,AFCEA.xml
+9fcb7423caa4b2db65448eea1b798f7a4fa939e5f50cf55d934f37a8a5ea67e7,1,1,AGU.org.xml
+f8154916d6f3d0255e6589d3f054caa5644cf7a8a744c2aae37522463d78d7f0,0,1,ALSOActebis.xml
+a4e558ea2da104b30ed669a14016d712364b596f25b49a9cefc3a339622acd46,0,1,AMMEC.de.xml
+fdb40ffd6a457474b8b7ce3e12667c6fde61187460b7ad9e4cc2f1dc04b89205,1,1,AMetSoc.org.xml
+e0a596183d10f82f7039179e8031bf5d27f2afb43efc173da4c38862d7827142,0,1,AOptix.xml
+264085253948aa5b59a18c70206b9eece60a5099a73c6f8db8cb7fd6ac0c9c99,1,0,APO_Box.com.xml
+1d1610c5c021fe4971a3c73f2a7a718989786ce202bb464ba5e9b226436fd59a,1,0,ARPNetworks.com.xml
+12a54fdd75f8a200b6da25d78514f8ed3e3a3bc516307e3729b9220792921514,1,1,ARRL.xml
+dec3921e5bb388e22d0ecde04515a7263b9df10ecf6107700c79cc618d3a88cc,0,1,ATNAME.xml
+2b730c5435e15989ce7cd5f714b20fe9bc36f3ca56b78c1e4d85b4ba01bd3222,0,1,ATrpms.net.xml
+3e632fd55a29b917584ac35e60d0bdba0adc9d707aba3d7c541c79db1bd81da8,1,1,AVG.com.xml
+406d709a4fd37483cfbd763d8d6a17a98f3ecfede0fcee4a9a7405093b5dce6b,1,1,AXA_Winterthur.xml
+a60c7c65acc781e40afc32649894a7aff53c245970ca91c85743ae9df637539e,1,1,Aart_de_Vos.xml
+0010505a729eaac27f576a7f3f1b3648a21f0847103d8c00d9aa511b4758eae9,0,1,Abercrombie.xml
+dfde2866b7ef90b4edd3ff9e03fa9f1d4ba62b14864a901eecb7e8246de39024,1,1,Academy-of-Model-Aeronautics.xml
+3ace3b65a3c533db55345e50ccdb151b967e0d65a029286b8a9951fa9273646f,1,1,Accessorize.xml
+e870aa56bf0a79c94302665c8deb5aaf19aef59a030513d4bcfcb2741be474ad,1,0,Accordance_Bible.com.xml
+e3a863c01dd5fdfa2b204b371f9a16ce8fcc136e0a65241a9bf0f41ac3454b60,1,1,Account_Online.com.xml
+c058b6077ff1338a785e3e7bfd003eaaf0eda151b28e81cb76e4bacd3d25e116,1,1,Accountservergroup.com.xml
+299017a21aa2f2d62f8a3e289cb80398b46a3a649ccdad3b34b2c0660e68c3ac,1,1,Ace_Hotel.com.xml
+b3dfd66a48d1e541fee3ed314b832e2b039e191c04e5563fce8ee3ab71054925,1,1,Acenet.xml
+f377ffea5847776bd076e6e8fa38cd0e4153de88f0e331ed9836465441efb0f1,1,0,Acessoseguro.net.xml
+5306a00bbba97f3edf93cd3bfe9f2231ba896ddf81fda180d35b3d7d44ebcd89,1,1,Acro-Media.xml
+456fd4d09e6c35ce998d9bc48a14678c06ca3daeb0c273e23232d8736b734e18,1,0,Act-On-Software.xml
+15a0856f0603c5730add28e9a2e6a36acc432c7704a7bb007517f496cd35fc65,1,1,ActionKit.com.xml
+7d7739709de4be107d5f32d7bb0c84ece7761f864e6d9b434b3c239db0b247c9,1,0,Active-Events.xml
+c60221ccd829ab0724101819b906f5c4ccd5b873d62b7bcdd15c5bd0003d6ef1,1,0,Active.com.xml
+8f3e75367b17bc3d389eacda994ed6cd57fd7334cb2c82a30d58d44c2051710e,1,0,Active_Melody.xml
+d35917ccc23128fe80d44bcd2ad4bdddf8487d216e51525f54e75977ec52e1d2,1,1,Active_Network.com.xml
+fc7c90d849f4bb81243211a9562b2c2b9a56cd5bbbdfe376a1c891c0c3fce0e2,1,1,Activision_Blizzard.com.xml
+e87c8a23db52372be00ffa86181ccc6e32cea7ff5f646f884a452187c543f2d3,0,1,AdJuggler-problematic.xml
+5dffa6059f25b1934cbcb4b3c3cadfc7f0c45711cf7a3940141fe366c1dc632a,1,1,AdJuggler.xml
+c781e81a341599aecb674a36f114512b59f5f7930fc309097a456c71e28db902,1,1,Adaptavist.com.xml
+41cb473fd48fd1426473a4b354e411f72cbd21f785e70587407d0d76eb4b1439,1,0,Adbooth.net.xml
+92c3d1535f321874ed0ae5dc36c44342c32dbe4fd19e1d86d8bc5b1c9887204e,1,1,Addison.com.hk.xml
+fb4bb543e6864dac40ac3c6bd5bd334eafeb53da00be2cd0100eb00f4cded31b,1,0,Addison_Lee.xml
+e0ff242fb2ed135c25e1a448a2daca9cf95a16e57c989bfdfeed1bd97b32667e,0,1,Adelaide.edu.au.xml
+a739830eca763ae9a818d8ab8919a0fc8c20a857877dab194e0424ee0644cc1b,0,1,Adestra.xml
+f5baecc41e25a8692ba863429d14c3bf84e8dc68684d8ca4c4fde749996e3c31,0,1,Adkontekst.pl-problematic.xml
+ce56c65406df4436852f26458e9264c88c627758762ab195945b3e30a19353d4,1,1,Adobe_login.com.xml
+55617aacb1813b061771e4f721507b7bd5b63d25478c1725256e12085e03b36a,1,0,Adpay.com.xml
+f914b14018606153a7c24280dff27d29e752c1d4219f548fda58fb25becd3a77,1,0,Adult_Webmaster_Empire.xml
+7cb2786a2b879652734cbb50bbd97b194bdb20a9ee61e7bcad4f2c8f4e0e081f,1,1,AdvertServe.com.xml
+00bc0f8d49ed0c18f7f093f5a131fd8a2c0272abc61fadf67390f165850902e3,1,1,Adverticum.xml
+2e68f7aa2b6c7621049ae1fdb584c4a851715e61e1756605f9fef462365e1e9f,1,1,Adverts.ie.xml
+d739ae917fa93939b84610ee6f929652200a550db28565e5ab38e60f7e82163a,0,1,Advisor_Mailout.com.xml
+94cd248d16402173c247f14ae927f72c16737f5d59fdbe8e789a543bc9c92dac,1,0,AeXp-static.com.xml
+448b66df63589e61859860a7af43ec4fdc1f5e80ef85755b137b966cec8df262,0,1,Aereo.com-problematic.xml
+004141042389a227021f73c7e33b69086d8202034e4e2b387670f82769d6a411,1,1,Affili.net.xml
+d7080434a9f73a06d758696e4ec5e7b3c60968c0c1a4271e70e32cdf4ac1a170,0,1,Afford.com.xml
+0d3d535b12985b71c14e04ad635d3ae2ae6c5b1a869f3b9a2a664dae9492767a,1,0,Agari.xml
+1893f4cc7fcce53078404d3fc8962e0012bf30b9788af805942b6f07a2fb36c4,1,1,Agri_Supply.com.xml
+af6ba8f96429ea0d649275a6cada17a2d691e8d3fb35f37f498f9a11ce1f91f0,1,0,Ahm.com.au.xml
+7cc75135ed0cd3b81ef62e24de4ca2da433caeb54b12aca1bd0d4efdc01f31db,1,0,Akamai.xml
+5e1cdb7d9af34842a8c2b7c7f414caa8b84bafe4072bb7d883f7084dd5edcdfb,0,1,Akban.org.xml
+eb52feaec70c7afe2368ad23be6728e6828280b983a39991d2e31fe51ae6ec17,0,1,Akinator.com.xml
+699895da3cfb27a96f1d6a46ed31aaa29c34653a511057a9ead4861a3722db7f,1,0,Aktion-Deutschland-Hilft.de.xml
+187e9c128e4b4237887a14de2f1efeb6fdf647e2549b0abb4f2fc09112879a59,1,1,Alcatel-Lucent.com.xml
+1a75f296456093e211748b9d5dc4f8c2460d36d5ea29f0a72872e00ccaa93a94,1,1,Aleavia.xml
+a275d12398d9e55d91c2b48ac3733fcbdb64251ff7098b39fc28c2996de573f4,1,1,Alert_Investor_Relations.xml
+691e2338225111a1b09f19c600acdbeb09e900d0ef7595d6a5588fb54c3e37eb,0,1,Alibaba.xml
+e5c67d653dde583fa8a8f5e0afcdbde59247ccdaac71972115bd27b769e469dd,0,1,Allianz_fur_Cyber-Sicherheit.xml
+32f4695b029c352f7dff4eb59d4b5e19a648e8feb3b737878b772bc2a9609176,1,0,AlliedMods.xml
+3ceec0f2763c711f5f4b5b43c4dcb2c58e4e94ddea1fdca51018d4f5b03b4d4f,0,1,Ally_Financial-problematic.xml
+51262d5e1bb4a313c8ac7a866f4b31d429585df60e66a630771066099d190716,1,1,Altera.com.xml
+5d30fe7992767abd2f1648d0508b16d78a0333eda4a987917db02ef25941175e,1,1,Alticore.xml
+50a3d1c2bc7e498fe0d89321f53d144e668803742d1c19b0e3e4d2007621ef6f,1,1,AlumFX.com.xml
+83aae8644fbd60dda604ede8c58cd14dc739f87281bba346cead0c5989ab41df,1,1,Alzforum.org.xml
+4127fbcd8c7aebf2b075ae24d003bd16ecda40badc5e10a43692c51ae9902fdd,1,1,Alzheimers_Association.xml
+b026e083c80c6f98518189b67d38b2e7bddf53fd115db0e144e8bc3ed2c8e933,1,0,Alzheimers_Society.xml
+fd44fb9d85d3ea27ebcf317f6c0529d2dc6862604f82f1f48a03fac77bad06e8,1,1,Amber_Swann_Publishing.xml
+70ac36559fc444a01a91bb411bcbd38d4418bda22a84084bf81b316c42aad7b7,1,0,Amd.co.at.xml
+65f0082277fdcc1873158996ca405d0fb8f7db9a4633b2142ae014a826066f9f,0,1,American-Postal-Workers-Union.xml
+5365603eba6a90d384eef5b01bf8985b659093cca2ddba066b78d06d87ea0ca8,1,0,American_Academy_of_Neurology.xml
+f58f2cd4524af0b47bee314b416ba5ef4be1213d7db98f2a18fdac91492c6e48,1,1,American_Ancestors.org.xml
+92e9a46b0c218161a6977d43f3ad0e2c2e175caa825d293044f5a8f2b00cb13d,1,1,American_Bar_Association.xml
+df85d394f005f959e805ee526de3801708f5c61a2379604202d22c6dcd4742e9,1,0,American_College_of_Radiology.xml
+79271c5ed9f153da84ab9914b1e98622bc8d3b51c30fba7bf0f7047863831247,1,1,American_Heart.org.xml
+f2c64f5833815703ac02cbd11efd4c4e48132a3c81a6196692fb4734580c20b8,1,1,Amiando.xml
+dd70debfd991bb22af84defbd2e2e138ffcb6833abc14c2306ca8a74884adc69,1,1,Analytics.edgesuite.net.xml
+b5ae6c5519ee1727036dbfbaed594fec60654b0e534350c2799ddde2b1259472,0,1,Anders.com.xml
+0d5ae660c24c66e5c6521950658bbf3130fd5b3803ef7caf0523b80519580e58,1,1,Animoto.com.xml
+97a0818a118c603fb45f76723e857af28aeabe0b668b7ec35e4c554ff9660975,1,0,AnnualCreditReport.com.xml
+160285b816e182481868f37c9b2bc23013ad94a5749227eb6e34be710ec7c57d,0,1,Anonymizer.xml
+af2eac7a517c666c869e80a72d8e077915069bce3435d7d465b60393ed94b4f1,0,1,Antifa.cz.xml
+187ce6d87d040f1cf02412e81bf7864a3981614318d9b91a8b59c39828772b37,0,1,AppThemes.com.xml
+9f93c63514ef6ca29521cf00a0a3c8504c12c8be7dbdaffe3d19a7a837fb28a6,0,1,Applebees.xml
+f6df9862c3d4f316ad29a953c74defc81d73ddcedeb0d88f48ced3d45e7910b6,0,1,Applicom.xml
+d4c84528d88d91dd63d1f67c6fb47e38fbaf8e5a22c2b1c362ffd68c52d449e2,1,0,Aquent.xml
+df29ec4c06bdc5c8adf99c1ac94e4c583a09c800aa6a5befde1dbba03a92694b,1,0,Aquiss.xml
+1b55285393adb6253ffe5d1b8eae0e7ec7a2f09dcc0a10f18cf2c2beb489784b,0,1,Architects_Journal.xml
+420a2671c39d5d7ef278de619e17ed6f0f9530656d2200e35186d8050337e0d0,0,1,Archomedia.xml
+a2afbfa23bd03a416c6835d25abaa56f08f1b958f49b1af5f539d1d805929c98,1,0,Argonne-National-Laboratory.xml
+b7da8eb71bac9196944afa62279d4f6c1143b87a1ba2090b301c1f760164bead,0,1,Arizona_State_University-problematic.xml
+35b8bcb9a8c7ca87094f12b24aba2343a5087db4abc52cf267ca2303b36c2af8,0,1,ArmyTimes.com.xml
+cda60d257787e7061e709192d5cf0a94a4984b46985afa9f3b0cfd0dcef90cee,0,1,Armyoutlet.de.xml
+deaf1f8eefa9c210569f9f4f765b65abc1dfdae41d569ce26661ecc62329ab26,0,1,ArtChristina.xml
+7a27bf5aa36474cdb4f6be7c8acba249c5f15b44c4343b8dbafa8733792b587f,1,1,Art_Lebedev.ru.xml
+9ab5584b55ec935924daf83d9f2ede2f2cebc76604d5465536225d1cd3db786b,1,0,Asahi_Shimbun.xml
+f9990d6c03425415964794d370821ab71b241c42ecb3ca3470f4f68a91c6b753,1,1,Ashford.com.xml
+9df71aa013165efa180c520096902f74771dc83d900cb04ed8c7cb5b82025b8b,0,1,Ask_a_Patient.xml
+c7a5b3c8f14fc542deadaa515a2c62cd7837363313997853f1bcca5c8841ddd9,0,1,Asknet.xml
+ee30c86b81fee828b7b66094087dad1ceada6a09b8846c76e1323017614a41ae,0,1,Asmc.de.xml
+d262fbf653e06eae187698c0fde725bd7227fb6ae69b0f8ed0a579d28ec582d9,0,1,Asnetworks.com.xml
+a1a402d40a355131bf1e37b4c0a6b8c8e084191cd61fe56af0ed34936e72e61b,1,0,Aspen.com.xml
+1d869ec0561b6315e5a76adb6647f320420368539419435c266a2d5fcea3e1e2,1,0,Aspsys.com.xml
+757f6d69b3b210524c02e9568327d146094fea887b981abd5cde8bfc0be27fe9,1,1,Assayassured.co.uk.xml
+ac0e2ffaed6bfd83b89d6afbfc399d307ed3cec22127daf150363ebf87bd19b8,0,1,Assembla-mismatches.xml
+59ed37f0dd3e4eccecd52a1d9870385931f4232c8c206bf38fd5be09ac71c69b,1,0,Assembla.xml
+a5863f348dec427d596329290881cb9c98ae69b9750e221c6671f4d8f71db317,1,1,Association_for_Learning_Technology.xml
+69d39068d71ebbbe56a4f4c895624727b18fd4078a9ca49b5fa171faadbc243a,1,1,Asterisk_Exchange.xml
+3d5ed7f1111c25632f3b7292512a4a9e264500c02ceba089033607e8885f5a87,1,0,Atlantic.net.xml
+895e39745fbfc4d380f4420f1cf25cf081d509a3769b92d74b51ecf096f88d3f,1,0,Atrativa.com.br.xml
+cd59b21753dc080061d890781f4f8b140208a2cbccfbab0f050eb31dbcfc6a21,1,0,Attracta.xml
+a5fdb3bb0c29355ff44f0bf35678043d85d2c9fe07316744efb753c2ceb955a6,1,0,Audible.de.xml
+95bb51781fa963035cd1a58058b9bfdfc9abfbc3ffb4f8d7e21ac08f3339e504,1,1,Audience_IQ.com.xml
+e93b07e0b6cc742be0b8402e08c42fad688a33ab622fc34541ff95d78ab98c84,0,1,AutoTrack.nl.xml
+5c3a3f5275c8e00d18aa36f50a1e4feaf8fe8e703eabc2bb2110c803b7004207,0,1,Automotive-Industries.xml
+8faac2dc54797656378a0a9ae829bb67ee8a653695ad946842dc0e80a9879779,1,0,Avangate.xml
+7f5b9cdfe9276bf67d2a4bbbd009f9f3d2fad527198a2e5f8ce1b8cdc2d3235d,1,0,Avaya.xml
+7e32f6880a2dee58ee25136d1d36244edae86abaa00015db534b174ac543d77f,1,0,Avinc.com.xml
+08bbac27f594c550b305154cc02cc5988b7cc1c6976c6bd6ffddb0fac17bb590,0,1,Avtrade.xml
+9b72647c715ae4fef53f22ce772e79a5dc5853ab6e8dec175bbcdebd769e5c07,0,1,Avue_Digital_Services.xml
+74d92b32d3809a7a7971171faadf4515df67bb8a33af80353a53826a45326e82,1,1,Axantum.com.xml
+aa3e6486761566210c9bfa7fbe3d495a5d7273bfe0632ac3efe0a1793a585671,1,1,Axel-Springer.xml
+f6468f106fec675cba71920bfd2243936771900e9d15bc40349e5d5bbcf0e3c9,1,1,BASE.xml
+bbbfd3e4a82e15d4d89dad020b350321c0fca4e5e8b89075201cc8861f1a7fdc,1,0,BCGolf.com-mismatches.xml
+5a01a4ef9e0b0e572a6d075091320139a3748bb339b996271e71fde911ab68d1,0,1,BHosting.ru.xml
+6844b64d58c80eff8e30edee7d55d176d295fe2294b5220be007c536f929eda7,0,1,BIKT.xml
+a5c928606e0d561e5d440f462785ac080a8573075ecb058ca61d7467dbe1118f,1,1,BLOX.xml
+2f97c8acb30a49ebee76c6baffea70625f0fe101f79860965816b3416940f04e,1,0,BMC.com.xml
+f220626aac6f6f1da031f3bd445bef227d59da713beb06685215af440614d8aa,0,1,BTH.se.xml
+f02719e41dfc1e6cf086314cb5d1b4fdf6495ca9e012de645a3e62bb9fafae95,0,1,BTR_CDN.com.xml
+1f8a223fef58d2230c7688901cd5a2b66dfce9d34b6ebff320e54fa2ca1e9482,0,1,BTR_static.com.xml
+d6eb4f47bb565d059dbdf0ab826d37a817a8e460b4311d411a870bfe8a1d1fa6,1,1,BabyMed.com.xml
+5227426403d71b31d56748097f18c23e1d5a998e3affb1392b16594c57fc9126,1,0,Backcountry.com.xml
+35c9ec0e0c41b6699ae89b448b17ccd757f53a3fcc28c44258f2ac512f44a3b4,0,1,Bahn-BKK.xml
+afe0cb9f879460f9754e11ead8b76e9e36684548dc1f3ba9721da1806ba94ae3,1,0,BalaBit.com.xml
+193bdef49c71f93c783fcc8600a835156cfe321b00943b81cc1c9f4dc048c87d,0,1,Balkongshoppen.se.xml
+ffe89a541e79d166ab51bb9585db0ccad767e29203521e306764c7f0b80cf5e2,1,1,Balsamiq.xml
+4d64f5fbdeb952a226359e530e592e1675a9b5447cf754cb586c11dfffd2611d,0,1,Bangor-University-self-signed.xml
+c0572421747129369f8219d06a95b1e5ba601619dc79095bb4b459458f30850d,1,1,BankofScotland.de.xml
+811e7555f76a87ebeded357e918a1fd67d34f72bd9b7d3dfd6b61f6cc97ae335,1,0,Banque_CIC.xml
+3cfecf241423076e62d74a2ea4fe98ac038526a14652dc28d053e64390218d5f,1,1,Bardwil_Home.xml
+b60d916c30d712566b0fd5b697b4a754a4d7fb05597485109a1c9d92f721dbd4,1,1,BarnesandNoble.xml
+3671a9a071ce22b0d7ebffd007a6164eb32681c72692e4ae734895f4e3592691,0,1,Bartleby.com.xml
+06d7ddc36e464c176e85127f3364705691b70fec942e9163fb78fe4dca6e6ccc,1,1,Battelle.xml
+e53b66541d1bc87544993925566d303fcf2dc85f6fdb84a831b5e548ab65ad22,1,0,Battle.net.xml
+7cf5aadbcf3f8af1e874d034d45865b41f7dd57449aa653220901edcfd4880c7,1,0,Bauhaus-University_Weimar.xml
+8c5c56a3ae46e7b0e0dff2f9c0109cdea46cb5aa1332746944a2fee27c8f993d,0,1,Bayan.ir-expired.xml
+1ca67dd8c8e778bde03249a0ef9d97a48259a2d8261222df72e54d3ad1c63d21,1,1,Bbsey.es.xml
+c34685ecb3fb87f6100e138ac70635fe33ece2a7d6a636ece3d702a2494a45c6,1,1,BeCoquin.com.xml
+2c3ef75bae006356ec0462053c32b3dd70e0486cdb889243746fcd64074d3a3c,1,0,BeNaughty.com.xml
+12129b04f6dd2125cfb4b15ef93ff8bd2d6224ed9430565825912e54a0522176,0,1,BeastNode-problematic.xml
+f538f44371178d2f1c7c9b2956fb6fcf9c453aa7a05700f9c63cd56caf09e196,1,0,Beaverbrooks.co.uk.xml
+72f0100b35813d1d23dd13e8cd8a9b707db6323a37c5528fbba66ac557f3077b,1,0,BeenVerified.xml
+d69ef30208a20afc98cca9bcc5fc6af1b67a7328f3773ddb9f47665539183228,1,1,Belkin.xml
+774ce0054a322ac1ac0ec628ac8fd5905f72750d3c618790d14aff98474fd3f1,0,1,Belly_Button_Biodiversity.xml
+4fa3697cf81af513b6a90b5cedbb048caebd70f8035f36ac80b193d040e0f173,1,1,Belnet.be.xml
+d1cc057906222afeaad9143a7a19f12da584f2301f648e424e38c19394bf0705,1,0,Bennetts.xml
+f8a9517520b6042b8d0106a36de5e62b23ca5f353a9e02558cf495d86b466bb9,1,1,Benzinga.com.xml
+0dc9ce63ba5308df05d72ddd5e472216806bb7c13248cf3ffdaa9c4b66b331b7,0,1,Berliner-Energietisch.xml
+2809c2e484297fa0bc3ec2c02d1e646b272d8f2b9db0af829e6bdac955efc1c2,1,0,Bestcovery.com.xml
+10862e3c350ba15fe9258295149a8f688c3a6669527ba1ddc003efd50b0db2d5,0,1,Better_Sales.se.xml
+85369d0cd3eaa85d5426e92adefe7af4f9f814d1e0e15576cb81373454683ca3,0,1,Biciperros.org.xml
+d68ee3cc47157f440dacfb19f654c89b597cfb31cc7bde24504adfe61ee50c05,1,1,BigCommerce.xml
+ed5df40362cb3e1124a4a48ac5a4c876987e58beeea367a46a912ac59c7288c8,1,1,Big_Concerts.xml
+bc1dce36b45b3964aa4ad44bac9f4f21f9ae6c58f7c538f56ac592aec5e9c56c,0,1,Bild.de-mixed.xml
+dc5adf6c19510d6c30641e13b570ae53d2b027a52bf710efcb332650b99b11b7,1,0,Billiger.de.xml
+66039ca34034afbc98fb093623ea40b2ba4f8fe8f733763a593ba204f4731453,0,1,Binary-Biz.xml
+113777f338466bc6512680297e9af75a0ec7d94855ec4e652710551dfa5be09a,1,1,Binero.se.xml
+59d72a6ec8f9c18c9d47abbb9999d6dba95204101d8492d4d921599bfda7a9fc,1,0,Biotrim_Labs.com.xml
+a0134fe6daf1357222392652186d939db2bff2d536c66f04be36c9cc4d40d016,1,1,Birthday_in_a_Box.xml
+573cba521c4d30634c5a52f669401e6fa01062c2ac6862f3a084d43b566d34e7,1,1,Bishop_Interactive.xml
+0e7aa1032567406b6d90062e0aea70739d396e8df454174215feffc75583274c,0,1,Bitcoin_Plus.xml
+d8ee4c87b0620b6042c91603f08487127062a0a139d668e8c750d02a08fb2a77,0,1,Bitsontherun.com.xml
+08fef6e8d57b0a993adafca479dc40f171557bd674f61c1de7347fe97871ea63,0,1,BlackDiamondEquipment.com.xml
+6601feab3dbc022ef37296d161f15fa92f5d1235d8aebfe882f0e6e447e18775,1,1,BlackTonic.com.xml
+0e454d16adbcb95ee565d998a6275a57e98d6f89d3e261a31ef9b7a006a9f692,1,0,BlackVPN.xml
+488fd6c9aaf93eddc2eb9d2bda98d612269a42d022db8d847eb51910ab0a1595,0,1,Black_Box.co.uk.xml
+3b4d5afa29fc1c08ba4f9bba3efa9c6864ef88073269865673fa63074e5a6ec5,1,0,Black_Duck_Software.com.xml
+26d68e684c4b831a43fedd18972f20da578d54bcd88cefa69adab09d570ffcaa,1,0,Blau.de.xml
+8197a554073f79c50efa6b58339f3d3908a786c5041c7e446e3f94d2e41fe190,0,1,Blaze.com.xml
+d081389526c163f91d221dc4e3f6581207b863cd53970e1880ce0c72f335f5bd,1,0,Blazonco.com.xml
+878916341a96e0461e4eaa31ff855f8bcdcfe3df38c204200f5a4ee26c0ed2c1,0,1,BlimpMe.com.xml
+c532f455966d1864042489e42a050a7d2f7c59dcb18deb69de94d6a18599565b,0,1,BlockScript.xml
+5f627234aca463926eac998ef133407e322eb94921136ef0dcd5acb73423d1c0,0,1,BlockitPocket.com.xml
+f74faa732db51e1226ecbb603ed1bcea00ddb67a6d5ffe2e1b922471ea33a107,0,1,Blog.ir.xml
+1f133fbee8bcb5a78a7b039865a38c14c1e6435f48d93a61a9125ccc4d83f90c,1,1,BlogTalkRadio.xml
+0345c0f4ef1e2c9b07dd7af1ef177809cb3437ca02fe2d6e4eeff5bc45d8c2b9,1,1,Blogg.se.xml
+3958f7571262401df5596dc64eb26c150ccc8e8cb412301000e4c13d5561b13e,0,1,Blottr.xml
+b3fa84409abf942170fa0a73032e4a05a134968155340466e8a776a7b0a7cc77,1,0,BlueSSL.xml
+35530c1de082fe8c03754f797d1dfc1696c62ccde7587877e11be615397e8f50,0,1,BlueZ.xml
+fec60c661c82f9e6973e837a53a3604a7bd2dd503dd1d31b7a6802a84f4db6ca,0,1,Bluegiga.com.xml
+3a9ea6977bb0bec960b933eb5fe45b15527fd66b114e2fcc16db7aac0b0fe105,1,1,Bluehosting.pl.xml
+a9a5d4fddac6d697f375624eaf93768c3830b8f4a02ab875bef448a248632fec,1,0,Bluemix.net.xml
+049d52950b84b0ad4a13c8d019b8a1c0431dcb8134a602dce2de09747b89fed4,0,1,Blutmagie.de.xml
+c9a373826a1033dcb91fe698e08565a239407f4dbe6b4b9e665763369fcf482d,1,1,Boerse_Frankfurt.xml
+42244265357ba444d6ae9d1307d6e2e52b442206eabe091dd84d109cab1c04b9,0,1,Bolagsverket.se.xml
+a553123cfce927b1c373d5ce2380bf609f9d6dca9a8e61d51ecffcc5edece1d3,1,1,Booking.com.xml
+7a7a503d185e2edfd16ea359cf98ccab897c35723e5fabef91c8e3ad9f62ee26,1,0,Boots.com.xml
+45421bcab88efc09f590ba1deb06a30f8ebbfa1178d7061f2c06def617407790,0,1,Boots.ie.xml
+33fdd006644fc9144ab8e95658080cc6a7a02dbd974d3ef819a370534b3af584,1,1,Bosch-Sensortec.com.xml
+cd5d99534f588512306421c08f2731bd2e8f7bf28d34a8ff58ccc0ce90db9d0c,0,1,Bosch.com.xml
+82bd19dea8f72137448543133b8f92a4d5a51ba51ffa09ebb42ff5bbfac4a787,1,1,BoxOffice.xml
+7c899ec80cc19d4ae8e2999849a3624f6891c104df4058edd230652897815e28,0,1,BrainBench.xml
+8d94c07043530873917a955ddc49f56d1004c0fb4c1ff72b6f9d94eca9aa5b03,1,0,Brainshark.xml
+fbf85e04eab9c52f529decf30cd53a57da2d70650241c0116447e78e3f8077ad,1,0,Brainsonic.xml
+3fbe3fba810c1999458523eb42e7066bcacb7f5f134e0b86ea220ab111fc5a73,1,1,Brainstorage.me.xml
+bb99bc99df1c831b11f24c7b67956dc23df65fd60e912ffdcc34ae62d34b5845,0,1,BreNet-mismatches.xml
+c868592f7203fe56cfaf6f91a4c8982cd132e3e09617de3c7d4134a85eb39568,1,1,Breuninger.xml
+0e2a8dc117d3acd6fb19e37f88bfe2027d3f5b253b3a1c1331fcb8a4058db82a,1,1,Briggs_and_Riley.xml
+5fe89f289d284cd7126a18158e7c3fa5d2a7a288112d158836291a8383e0886a,0,1,BrightTag-problematic.xml
+9fbbf43514333a5a4dc5cc25f26f3687485fd24d043af068d148f808a76a894f,1,0,Brightcove.xml
+9450fdcdde9f469e30ea3b62c725b33adc64bd353f99ff52a38c70e42e8cb58f,1,0,Brighton.xml
+07b6e7331097c6a623202e7c864131d2bf7a686411c6f6435e350f50d7ddd29c,0,1,BriteObjects.xml
+087639bc23c5c1d881eb705e36827a4dcaa30a6009a986b030a7b2cae0183aff,1,1,British_National_Formulary.xml
+a511d6d05a4c679cf818c0eb369fd0038cce2736bee09f45e8a018948a3a8b73,1,0,British_Red_Cross.xml
+32b9248b21536ba2f3543da40e005493be51e230f39f5728920e45a5d5afa9f5,1,1,Bronto_Software.xml
+b8a7549d679696fcac931a3b47b361c08b2c57690fa83635ea9ab16907a4c895,1,1,Brown-Paper-Tickets.xml
+4325d39e0e10a221fef89c4c06e91596114b3a730107e98de7d66f473cc3a759,0,1,Browser_Addon.com.xml
+08ccc26490b9f326c737e8ebb878ce2f46f8131fc47bebf0b68051adfc09fbb7,0,1,BruCON.org.xml
+15045b256d3c25cb833b608efdb944f2dbe76c4e7dd2e666e3fe975ca5534e04,0,1,Bruno-Postle.xml
+51249e771817637e82f106f9105c78ae51b0d4f9ea6690ecfccdad8d997f1619,0,1,Bruteforce.gr.xml
+cdfc30bffe359836ae3497140988a0e232b84ec88b89e1173bc7cb0bb0b3bcd4,1,1,BucketListly.com.xml
+8e7f67c2c91f31f555d547b8c28b2fda823f60ac8cbf7343bcf63b2b3279db12,1,1,BuddyPress.org.xml
+dd371551522c75ec9295ca5f17700e00b4ce5487edc6512957a9e66a5329a476,1,1,Budgetkredit.ch.xml
+42207f5a81e9c20cfeffbda745d6b910f88f06740f8d21e3252abfb9ce7fac35,1,1,Bulletproof_Exec.com.xml
+b868f832ff3636c59aa9c3c764058525b955fd7160f2885afa2e1a2a4ab4d1af,1,1,Bundeskanzlerin.xml
+4a993016b9d3017b227427c90e48cd8373fd6134897945f279849307d9f40a77,1,1,Bundespolizei.xml
+729e6bac190e385ebcdcaff9a55511b012dc9487b95fb2db92126227a459d14a,0,1,Bundesverband_IT-Mittelstand.xml
+7a65a358848726715fb7e1ff742b7dc41fd1078f94ffdc4a4963ceae9abbf330,0,1,Burstnet.com.xml
+a7275bcfe771b298e64447d2124dc4b1025079638ada3663ff20283d3e264bb3,1,1,Business_2_Community.xml
+1828776117613179b01abfeeb5c873f8198051e1a751002ee4bc516169072d90,0,1,Business_Catalyst.com.xml
+f84dc3b861bdd8e0606b938940f1acc036781645b2abf5db29d86a81897ba279,1,0,BuySellAds.xml
+7a7763a7ff5ea2984706824337edf735a0b89de74fc26db49e859ecbc4ff0661,1,1,Buy_Veteran.xml
+b538310cfbe7f06f481c733d23a8b41facd488c3a91f0613142b44155369e6db,0,1,BuzzFocus.xml
+97d0a30dada7f04c8cb3429a1048b8ac805bfd37e57920737e76e97124366f38,1,1,Byteark.com.xml
+59445b251d79594d7aa1407e55b9567d488c9dfaf69a539fc55557e142a84ffb,1,0,CAREpackage.xml
+815b13c84f20fa674c550256fd7f0faff27092abe79bb7f6994d68604d6219d3,0,1,CARI.net-self-signed.xml
+cb89627369982908c0f26a2057bfc12a61b87dc3859a7524a6fb20f638d07db2,1,0,CBSIstatic.net.xml
+a753690fd77b86bf61011ed27f054c2415145c25276bde90dfc628846af112d8,0,1,CDN77.com-problematic.xml
+91cd42e26c618a6f255052b9e8f5e45427b3b9a22e5f9fafd9ac51369f9bdf3e,1,1,CDN77.com.xml
+cf5327ce99f02ed18d5249e6578f78a7584c6f43c05d2cd4ddf8a1aef16a1223,0,1,CDWG.xml
+4e62d9366810238d6a5c6c158302001663b2614a37f9ab6051adb058057f5264,1,0,CD_Universe.xml
+d6a8f71386d93781c880b1b2a5745306b956ce7a6e9054a32c8180e1d5882de3,0,1,CED-Magazine.xml
+3ed7d88f741d017d81079b08092a0b75a1bd408adac37b7fb215109394c72deb,1,0,CERT-Bund.xml
+e0bc56896fb53e6613aa9a3f3763ad2d52d4e33cd6df56902ec986f73533f469,1,0,CERT-Verbund.xml
+93dc55d6a222b5dd2fd74e0f6ab9461b388709001769611fda746eaf6cee2f87,1,0,CERT.at.xml
+ba6674337fbbf9905f5cb4804d367cae792ece098bf42cc5d6b97c311edc4ccb,1,1,CEntrance.xml
+fe1cb1da747d4c59487f8561bd5d048a746a615428080805d68bd12f5a45d764,1,0,CHIP-Kiosk.de.xml
+fc08fadbc356c1c170c2e48c51fd76cf1e6238e5c6d1eb71e76f0b9c4def968d,0,1,CHIP-Online-mismatches.xml
+ceec987f3e67e3e7b1f4cec6c706fc9e0dcf3bb51ef908f6a7122b195a9f3e13,0,1,CHL.it.xml
+dbc46881deffd783f88ddcd087523d767b4fbbe2c73a1266479dd4e46670b5d2,1,1,CIBC.xml
+4a3251f6ef0a80747dc6d59dd8975adb0d07942f4babd0fc8ea79048f2be6f24,0,1,CICLOPS.xml
+bbeac73bb5a9ae8cbe2b25f35490c13cabf5cc706ebcd3c7cc334c852bc754b7,1,0,CIO.com.xml
+dac42200d1d949890405596afc238f175edbeaf06a39176b40e16234f5b8ebe9,0,1,CLIC-study.xml
+96a1e4d8a7a151bf30f2ce5bdbcb762f5322add6297e6a17c1d26ede3953146a,1,1,COSMOS_magazine.xml
+7ad4d3c27fac03a257936dd9c380abec312479338110714cb22eb95085035d35,0,1,CTOvision.com.xml
+df7e93723ac3330c2859e73e2c28a08791e41be17d4586f5bb3a610ece41c7a9,1,1,Cabal_WS.xml
+496e7c05fe03d3ef39378a01c47ab48dd3cce74f05ee486588bc569e1a230c29,0,1,CableTV.com.xml
+0cf99299088ed1e5c7b0392b22233d2fae9545c038c78270c6fb8def0df55c32,1,1,CacheFly.xml
+2b9ec7a31a1ef2ecfd802b57c36056e193b665f99ff11b3e612cd7adbd47e056,1,1,Cadence-Design-Systems.xml
+04a9f7119bd93b943ec37555c866274a2f8af7239be84e78388b0ec6fa56eb0c,1,1,Cadw.xml
+e55fdb3ed55be22fc13d061d3ad8574dcb11a1f33a5cbd00f06e08919a187b10,1,1,CainTV.xml
+12623ec61a5d5503db22f3e44b0593f77e1d37e42a5b7223da9649fc4c43a26a,1,0,Calendars.com.xml
+54b9ec4e58489329294ea814503b75b685a861fa36329912f7c5508107aad516,1,1,Caller.com.xml
+213b44c9505b03054a9590a41dd3995d718801ddc16553e2c3e35596e3f301f2,0,1,Campina-mismatches.xml
+528b6476090e1c81a1576d377aa8826d779a297d92403f52bafb36a1b943a5cc,1,1,CanadaHelps.xml
+7361432018d08c1eb212a2c9d1cdb6901fad4a8a2486a3bbc5985dc410d0fcb4,1,1,CanadaPost.xml
+5d08dda7d1b74303183590208bbf76c0a0ea1df76df2b3497beaad6d8f332054,1,1,Canadian_Press.xml
+aa84ff00fbeb0f753bb8fe1414ccdf017caf54f3df9c4ed98bd4c51b34974fd2,1,1,CandH_Lures.com.xml
+90eff7965a6d548ff46af2a7b4047fc367be453a1c2570c6bd022de54509c796,0,1,Capistrano.xml
+8d34adc4fc479c3b59361d7f5e438717feca76f7dca3490ecf92af5dcc75ded1,1,0,Cargo.xml
+b0646f0d9bf56655517ee0319fa8db5608f3c1ef08469771ee6578cf4184709e,1,0,Carl_Zeiss.xml
+3852082463af19e77d7399ccbdb262aadec30307485ede3196168b1ab6c8c05c,1,0,Carleton.ca.xml
+c047260fe241591aff0d21678c993c268a8e8e26a0a9a2bed56c4fc93d6a9d2d,0,1,CarltonBale.com.xml
+141ea88067d92c50d1a74818556a91d19f24ee41f0104520f795975cd83391af,1,0,Carnegie-Mellon-University.xml
+cb7405d2c2753f150dbe71bc0859cfbfabaff2a13093a8408e93bc1c5f5770e2,0,1,Caseking.biz.xml
+8d20c6d30851429f971fef3d1209f0352f9b1bcd5fbe6e3d9c17ab4b4f5b5115,1,1,Cases_Ladder.xml
+811c33d7ad9dde56ad15954e3460969dab20d0f9fa930584443266e21feff865,1,1,Casro.xml
+f20f66759481152d644ac6d66b0beb2c0c6294a7f5c3931b3ddab5c43aa95551,0,1,Cdngeek.net.xml
+e3d1fbf663250b13e6cec1485aa7fe068e14180f6883b42fa9681f007004852f,1,1,Cdnme.se.xml
+b09ee57848b20dc5f0edde7dff31b6dd704d171d7494f0b4e566b62c8587cded,1,1,CeBIT.de.xml
+ff8d40bf74ef03e97bb141833608fd1af15eadf315b3d4375b2f343a6ffe8043,0,1,Center-for-Documentation-of-Violations-in-Syria.xml
+7d22b530e3d76f27ad05eb2b78c570d62bcaf8ae57582777e110f1a5d5c58ae3,1,0,Centre_for_the_Protection_of_National_Infrastructure.xml
+5bd8e0e2fd30fc0a28fd33d451a35b60e7275837c4fd405dfce8bc81af27ead1,1,0,Cfapps.io.xml
+657c3fc76a95e653075c9146e79384f35deb6602ff616d54387921bbab2c83a3,1,1,Chakas_Mmm.com.xml
+a9462ddd5256f9df0f92ac9e68dee69860bc04afeda1ad4ca62d125ba046e723,1,0,ChampionCasino.net.xml
+5af512985fa4e71798ebbb40592cb7de443d76a65e66ac2b270853590d4ec0f0,1,0,Change.org.xml
+b59e3733248b31c4fb739059009c4ecc1cebbaa907e505f9999e0f23b0207b05,0,1,Chapman.edu.xml
+749013b2fc545464572701ed1335b9f6a5592b6a0af3474d9703994874179830,1,0,Chartbeat.net.xml
+f1432b9c958b7d77317856b509738eea679ae9483f0bd86a27b70c5c9b644313,1,1,ChatMe.im.xml
+ae8377ac78832a22be16f277f28a52ef84b854bea59e84c67a206835a35b5b11,1,1,Check24.de.xml
+a661d52f01a655aca11ad14b59ebd2b1dc43fe4ec22803909f5cc80f9f2c7972,1,1,Checkmarx.com.xml
+c35f7c9558325a1c388b1a71d37aa032cbbd2189084eb366243641ba716a9ebc,0,1,Cheema.com.xml
+10fa5a17c9fc13e685fe8cf8b8a631768e81152d63045308597137c3d5f44be0,1,1,ChessBase-shop.com.xml
+a486b3a9a8fdfb5af7161460ce10f22575e2dfbbc388f9e39473a09f526f89f0,1,1,ChipIn.xml
+a55226a41482b55b64ea5dd690a09fe19d0999ccb8131b436b690784d6cf4e0e,1,1,Chlomo.org.xml
+69576d9694982fc30c67473122078602be85d16838123c7ced7cc7bba8715f83,0,1,Christian_Heilmann.xml
+635611ba0802ed40b2ee5b905ce99d4880a24e557dac0278a893e36ff9b3f88a,0,1,Chtah.net.xml
+cfdfa99b1e7ddec951fc52f57172762a09c9666866168b24a750f1f232debd3c,0,1,Church-of-the-SubGenius.xml
+636172dcc21bd3193f15e29b0748bdb46eb069477d946d5c6ff640509c270093,1,1,Church_Hill_Classics.xml
+90dc83350ae58f9b37967bfe33406f3cfbbd9de47f797d5691ae0c64b9dd573a,1,1,Ciao.xml
+47e5ba3bdc841cea4d8839bd57ece724b8fa99abd3d3100bc1f64d9d978b3b18,0,1,CinCHouse.com.xml
+de19403594b073d50fc83ab38402f494cbbbf9920f2d6281eb1865d7096f1e12,0,1,CinemaCon.com.xml
+887f6dedc09d6436d8cb9aebc7ab7f71603ab89ee3a25784273b275fb8f81a60,1,1,Citadium.com.xml
+22f77342cf73bf250f617eef28d1de55cc9d90afa8f099f88ad62444121ca5f5,0,1,Citi_Alumni_Network.xml
+324aa263ab69f494cbd37fe69d6716c07bcd7b46853ae25a5f7377722146afd2,1,1,City-of-Sedona.xml
+f0fdee87d984d3e109fd469af66fea523facd0c39bee4db87ab1bea1f8131570,0,1,City_University_of_New_York-problematic.xml
+88da9400d16c491db6e3d8ec956cc78ecb20de9aae1521da6cc70af4b3918ab6,0,1,Ciuvo.com.xml
+e249278f416d20f664c2601ce481854bc0181db54ee5ec4fc35e1f647bc2cacb,1,0,CivicScience.xml
+b3158d31c71457363975019cab7d54e2a1df3c4704e8ec39284edb1a7599ed71,0,1,Ckom.xml
+e239c746877388cbb5e8bdda31133b3d1bbf51631ba8974d6c07ced5016a01f0,0,1,Clasohlson.se.xml
+11f8b0f6e4735f79afb373f2c312f8f38c01cedf75703145b65f1d4d0ee82933,1,1,Clear-link.com.xml
+3bb97c7edc6c521bfb2d37b3110814bf4e8c754e494817f319fbe8276e46aad3,1,1,ClickBank.xml
+62783dfa5b3b4bddfd71f4d15fcdf1fc88f23205c834446cdb3c76b15d78ffa5,1,0,CloudSwitch.xml
+18667621076275ec475015222a4a65bb0ecd59b5d07234cacc92d5d2e1c2fa89,0,1,CloudWorks.nu.xml
+c954c0e37df82e9c356ad3611313c5aebca46fe4c2ad4291b1fff6ff2c90d3e4,1,1,Cloudforce.com.xml
+5ffb20d9923257da6e73e1909a6d8cf7d68be914c8e160458e60e2914bd758c6,1,1,Cloudimage.io.xml
+299cb39fec29918dea7265b547b0b58d83d9b27c9a8ccf46f35e15369acbf137,0,1,Cloudset.net.xml
+ebe8861f8b01a594f2009032190e254730320f03a4381474c1f43796ab9fe25d,1,1,Cluster_Connection.com.xml
+5df01438ac79becb6644b3dec650a57c8c40b84ecf6939e91896504548a7ccfc,1,0,Codecoop.org.xml
+42ca47ccb9e98d900b89def6bfeae2fcdd7866441c42f053afae64e4885a17c3,1,0,CollabNet.xml
+0338333878edb6a0f6c006f0fc18d49805899c908f920c7e612ac5496c034271,1,1,College-of-Nurses-of-Ontario.xml
+01e3cce2c68b60c53bd29c022fab016da33cfea386c371fe6bd47a6eef0ae66c,0,1,CollegeHumor-mismatches.xml
+339bc36fa7e42abc1eeed143a5bc24c08ce6bcb11d33db4313da65d6eaa08007,0,1,CollegeHumor.xml
+6347c91fce42e33944bf4e68147dded6b142f3f8ab49dd7f90c014502fc0704e,1,1,Colorado_College.edu.xml
+5d2d4e55901909af90f1fd161eee4af4421326bcba3a564b60140a27d843ebc3,1,1,Columbia_University.xml
+ed1a6a91ec23f12636e85fcab140be7b53ce9ead8bcd48f7173655f06843308a,1,1,CommLink.org.xml
+3af3263a9dff6b5035200ebb25481b147aff9690c0599db533b199790dda6708,1,1,CommScope.com.xml
+f4dff27943c317c1cb2a502eff51cf6436170f4688ea0d3a554d16895ded6cf5,1,0,Commission_Junction.xml
+5259790909abd7c2980520d48f3f158799be1f5cc478b835cdb44ad1d6b0e970,1,1,Common-Short-Code-Administration.xml
+0beb4f7db8e69085f900b08bd02e29436a366662c70152be72eb205ae61ab9ee,1,0,Common_Criteria_Portal.xml
+99330baf93c8ae708130f47714837655c0c21bc656cd4d61a4c8ac61f1a60956,0,1,Communicator_Corporation.xml
+a0270496346c1a4d130f64cbf829e15e696d488001d9ead97bb1be95707f088d,1,0,Comparis.xml
+2312684f5e6a7b373e8dc2893216c8f9eade472012cfd4bbca6d9e5e990bd08e,0,1,Competitive_Enterprise_Institute-problematic.xml
+bb4335a9690793a7035cbbb5025258304be703efbb97fb0071f617996808fcdc,0,1,Computer-Steroids.xml
+36639069762c5623cb782a792b17088694f3242fa84db5e8686b431d36d74f07,0,1,Computer_Lab_Solutions.xml
+53750f61d79098ab338a56cff7ac2567092601c8d9861be25e79cebacc73d197,1,1,Computeruniverse.xml
+4f25e864b2b2c8023c72a18c4645f2bc659b9f3efdad9b5a8623fd3becf08780,0,1,Comviq.se.xml
+a718eb8d43a995d416edb0bcdc23ab00e6d92287e72954db9ce67d642b0f9247,0,1,Conde_Nast_Traveler-problematic.xml
+2f7e378568ff6f03f3cc9b31fd1f9528ab7cae735de71354eaebb079bcd85cff,1,1,Conduit-data.com.xml
+02b3153c54aaade0387d2be93976bcd83cec356da2217dfd19b1d5f5bce58703,1,1,Confused.com.xml
+4e4afd9324120965f69988b05d3a414e70fc93ae07c352cd628b10921a166680,0,1,Confuzzled.xml
+c77f628b580660dfba342b2bbfa4a0e22744a48321539828dee5403c32470e4e,0,1,ConnectMyPhone.com.xml
+a79534ae1059876bc76c072c81fee31b3ee5572980bfbe2f87943f023829d2c3,1,1,ConsCallHome.com.xml
+2ceb9721bb2044c6d2d9ec83baea99106fee843c6eda1b90e5d0971dd569593c,0,1,Construx.xml
+436c49a3cd92b2d701c90db91f96cf8ebf3a3bdccf609537f23d6cad31bdd6be,1,1,ContactUs.com.xml
+710d5a714c74db826cade92c25b332038409f800ef616a03360634fac19fbc1c,0,1,Conversions_Box.com.xml
+07aec2b14f80428ac276fa287ea846bfba851a6d46b0f39e4640e6fddbc10a65,0,1,Coochey.net-falsemixed.xml
+650b5d9a73344bcff3834fd3851ffa14e7f810949a518eb27ce679bd4a5704eb,1,1,Coochey.net.xml
+97b344fb4914430115bd4efd7606438c43a7c6370726da90bd5a01f0192d836b,0,1,CoreCommerce.xml
+ff29267634f306a1256ce5fa90a5ad9d7a1f7999b38e535f04492bea224057c6,1,0,Corporate-ir.net.xml
+d1698155b22b3b7f5f0ca643cea078451d79ab6779f6f261d8ca54805b3db3e9,0,1,Costco.xml
+e0c331c927da606cf727ad4d21bdd9cee77632ae77ca1ad11e1f9114b27745be,1,0,Cotera.xml
+80eef43f077304055293c67afa215fccefe31871fe3a6712dd42fcc35c20857e,1,0,Couchbase.xml
+f69f84b0ca4c5b78ea0d15e83d62fd911beacd537eaa929fdf3780ed4b690a7e,1,0,Council_on_Foreign_Relations.xml
+491a52cea147014a5240c15914dfd2ef4040c6038f0b415df00c1a685841dcf3,1,1,CounterPunch.org.xml
+84384d174882086aa3fe03231d81ff90fcf806ea661d48da1c021a02f5c26bfa,0,1,Cox-Digital-Solutions-problematic.xml
+2a5aff5228b1ed8caf97f860b986a5e857043e46610b15cb1dd48f07d1a2a4df,1,0,Cox_Communications.xml
+c22b52fab2d5c0ae1ffb9f2f497672b1680a2a71c5abac5b9e3b11282594d51c,1,1,Cpaptalk.com.xml
+8a95bf245a528fdecd67ee9b2d3703a129581211501d34fa29afaef005287aad,1,0,Craigslist.ca.xml
+08f3749268ecd600f52dc3ed7ee35741b72088fc2b84ff1dcd24aae5d8609410,1,0,Craigslist.co.uk.xml
+7cab090cc110a6382eb16a0807adf568b1fa09d7ddb12325302a3e9480a7c978,0,1,Crain-Communications-mismatches.xml
+45b4b172795ddb3831140e93fc9a820127db515609f13cffb67557d53048f1e2,0,1,Crakpass.xml
+04f0d43bd1ab894b64d8ca6fb5e81b0213a4905c1bbd19bf92700ccada4fc0e4,1,1,Criminal_Justice_Inspectorates.xml
+1cd80467b55158721959b770308681c9e59a37977c7a4581996bb359e14bcd8d,1,1,Croscill.com.xml
+530481264817641a16714b2a38e392549ba9310d3689d7c8b7eaa494b1c73761,0,1,Cross-Pixel-Media-problematic.xml
+e82ff9c3312c6fc9f6904252577429fb985c41637c71dd8f33d25bbce57ebbeb,1,0,Crowd-Science.xml
+cb23a1bd35b86d242a4028ed7f0d6fa55a1b01d620b22f552c54ab3e8aa64562,0,1,CrySyS-Lab.xml
+80ff66109e0038eecb6e67362f210c6d389b69ab1044cf621d1ea28f7b624f19,1,1,Cryout_Creations.eu.xml
+734c847c64dd4746922d7dfd8874f2de5aeb8db469d6165352965bfc43a7d564,1,0,Cryptomonkeys.com.xml
+4c82fb71dd76ecce008a283a688f468dc95758a8b164fd4daac98b747eb1a7a8,0,1,Ctt.xml
+1458bcaba2c8a2abacdb39524deb5de8016181e03ae8030d8933478fb054ee1b,0,1,Cultura.no.xml
+8619973ac3fe5c8a8e4ddd2d2ba0c23acc05568d7ddb6921b33a04ee6cd05cdc,1,1,Cumulus_Networks.xml
+be67733780d14d90de81e3278a87fb4860cb0bbc38b58855980b323a8871b7c2,1,0,Cupid.xml
+a1375ad5b72a20bf94ccf118cc4d2386590687196810774dbd35f29de8b058fd,1,0,Curbed.com.xml
+dccfba7ca231bf88053a8a2e1064bb4d20db77854e80e0bbb0493d4523476062,1,1,CustomWheelConnection.com.xml
+ecb6609b54104e170eccfb8b213b46ef8571ed159691b69cd4e38ef28887120b,1,1,Cyando.xml
+c5f1993198ebf0755d6d2b884f09cca076a78cd635c91810e60e6d0c36938638,1,1,Cyber-Security-Challenge.xml
+62f9443ccedff68a2edfe57cbd28c734eaaa8a90177ec3ef972c51a0a7441715,0,1,CyberAgent.xml
+5c228b42ff2de9fd9ebea0fb810d2775625238e119a70c142cc80385c2aa2e54,1,0,CyberGhost.xml
+760cd650faf849e6b19245755eefd6460eb401ad4e174983e7dc5a28a50cffef,0,1,Cybermill.xml
+1562d48551eb9a11540bf840e1d6029b7332c0b7cfd7f423d305aeecd6f28fef,1,0,Cyberstreetwise.xml
+bc5f40825e2152d2725cd095f0af778875bc307c14701f874a651b3572adab65,0,1,Cybertip.ca.xml
+94ad8baa2a8b8607e45229fe2d5c8c43fdc7b53965d519bf47e075878096f230,0,1,Cyberwar.nl.xml
+514030beaf41176db4804a7febd2de28af67e58ed8bdee64ab5ba3214fa5b9c2,0,1,Cykloteket.se.xml
+33d4a5f51d4ac7bcd520f05e294995d9968d6b68bc8401289bcc9ecb0a94ab5f,0,1,Cyphdbyhiddenbhs.onion.xml
+9beab50432900f8782d6720032b6262671d1a04f960e530d7906e866ee798365,1,1,DE-CIX.xml
+5a3b022a658985b87a1a497348ecdca4dc3c29499681e1371f2793b0ab58bafa,1,1,DFiles.eu.xml
+d014e7330debe4f838f895d1ad269f9f67bf5691aa460a86e070c72357b87e82,1,1,DKB.de.xml
+cab182473bd2a1f12288fbf267de9e6bd6d249ba3f7d561186cc3b9eaca719e3,0,1,DMX-Austria.xml
+fbbe70181d1fe5c14edeb58820cc187697663b7ff1d6330318b52242cad50df7,1,1,DVIDS_Hub.net.xml
+4cd351e987026f37e854bf3ecbfc84ad5838db73d9b06f59ad58d07dac65ce85,1,0,DaWanda.xml
+0b1a6de4023a402b4d79c12a9d2b45c4c7d2d309203536bef8ae9dddb5113e19,1,1,Dabs.xml
+39a0ec5f2284937cc5b8e0cf5d1199fcdc3738146fc296224a8d14e20e4f5a33,0,1,Daft_Media.xml
+48068ffeea3bac8f6607d8b7ef042097a830f1ed5141b71a6b03fd73e2322076,0,1,Daily.xml
+73d5451a0140fc08b3eff45aa5ca92daf2bc964b24eb1e130d457035e85ca92b,0,1,Daily_Mail_and_General_Trust.xml
+607ae42d3906148f643091e3d42025c9ffc9997b3064de7de892580adfbee5dc,0,1,Dakko.us.xml
+0d3faf3da32111974235f26aaa4eb8ddc0f33c008708c891bc5cd95e29172e8c,0,1,Damn_Small_Linux.org.xml
+3d69ae3ebb3046ad3f64e32725de287e186478ede815092da1f5d3b7f43c04a0,1,1,DandB.xml
+9a3a5a84f0e2705bf60fb61037f6fa1f0fb38060008cf271575487aba5f4731f,1,1,Darmstadt_University_of_Applied_Sciences.xml
+2d7db66046578cb426ac52ffa00a0fc9091ea3c478a40f085fbfb2105f24d2ae,1,1,Dartmouth_College.xml
+3403f1624cd1350a9d7db9ccc20fe13619099815c6c6641ef55f4d3160338c78,0,1,Dasource.xml
+1cbda5f0a6ccf9c3000588ec54f6b1df0ba73b6ec3dd96caa6cb03da743d0b54,1,1,Dassault_Systemes.xml
+3313bd09107db392a871be91a9de6944cb93895ae79e67fef855166adef81c96,1,1,DatStat.xml
+1e3a6e9548c4695e497f2c70b8e140a688d130c1aa832f6ee57dc3d40db76f01,0,1,DataSphere.com.xml
+8cc5ce1e1d308f17e685fdf197fad2de85a59a1392d4e9b9097857cc31171c56,1,1,Data_Center_World.com.xml
+949b15687d157c91c170a0b91d4f0e1026caa5c7ddb979926a0464885157d9d7,0,1,Data_Informed.xml
+887c98b7b9913c7fdb123653bfb86245f5c77fe664dcbfbeb5dfe31e1cefd6c8,0,1,Database.com-problematic.xml
+a7d3313bd27112e3b58470d617fa23e5c45dad2250b0d024125b68fba7a5dd36,0,1,Database.com.xml
+1708197efa6250816a0daa89684b23abd5b6ec10424c0e588c4f79759269be34,1,1,Datamonitor.xml
+3c5b4f63385fe6f06d57c28f8318249835ea86a015594291a1208657c8cb87dc,0,1,Datamonitor_Healthcare.xml
+2f44a28ecb1cf5909c3f35c13216ebc02c9e1a66ebf5a48c970e1c3c6f9f4f69,0,1,David_Gold.xml
+a9f30668ad595cffb3d3b98571ccc614175c6c2863828db49ff61c5a35f3a07e,1,0,Davis_Instruments.xml
+a57ae2eea0e68d85ded9207e3de25e2e19bb21187e9ffa2ef3c0c4e1f2e95727,1,1,Davpack.co.uk.xml
+78c92cd9b90932227687233bc92ad00e35daf7021423f88e5d6c6fbf686d3666,0,1,Deater.Net.xml
+a00fc19e2917a733c02ce54c7121d6762fafe902c4501f07bda904ba1f5bcf95,1,0,Debuggable.xml
+99448264eb68a506c083d15fcfeb1d01c1649f8ac86e0631a3f79bea64e530de,0,1,DecisionKey.xml
+8e2fb9b334a1504d2a79b1d59bb0b8aac0c51bb9088960524a6f42af8dbe24ae,0,1,Delaware_Technical_Community_College.xml
+45795b36ce0a095278fa9b311648ccb7f94051ed1f755235fb6e378a766c5e26,1,1,Delaware_Today.com.xml
+4686fb4dd00fdb9a389a6b9da295ceeb432f9c119fd2a14f2f1f327d2d41fafd,0,1,Delico.se.xml
+d29e0712614544a2551a71e3e838262562f66639c28b491deebcda8f0c9e9c1f,1,0,Demdex.net.xml
+4a1ace170db113bed5a1c50a465a331a6a6f0d81e62327e320bc2372d55dc5e3,0,1,DepartmentofEmployment.xml
+df8c580f3fa4016df06bc402e23ba34c57171ad3b4b029d327115effc7be03b3,0,1,Dephormation.org.uk.xml
+ce07c0999500f19ce748e5038f1d502022455155d53ba17d506c6a71c6200f38,1,0,Deposit-Files.xml
+481a8ee74a06cd3978b3bfa1638b10f1a2798dcec48f905fd713f25e2cf5d884,1,0,Details.xml
+27f638b7d6ed66f2545782839032081245ea4c84a2cae5f79c7140249165b200,1,1,DevZing.com.xml
+d3ac7da52f675d22b7fc910eb3ed3c950ac43a8ada57c767bdf2ff42bfac8ce4,1,0,Devever.net.xml
+86a1f9c349c7266714c5d4a26bf9e6674443fae524e040bad4cdf0951f73a988,0,1,DevsBuild.It.xml
+24e1a5389bc35d553f48e0b8f0fecc7168ff63096b9115f3e48184e62f22072b,0,1,Dgl.cx.xml
+8f2ff5fe50e0b8edbb175166a44e2877df47e5951510d8650d18960527196904,0,1,DiaGrid.xml
+450f88fd960579ffa22b42f6e3ce2348be724fb59ce00353d742d078e4996bac,1,0,Dial_Direct.xml
+f58a0d9c1c02012ca40bc00fc4a07a08702af0924e7d8e5055551b57c16e4908,0,1,Digilinux.ru.xml
+3449a7d7da46522205fec252bc4bd787e9dfac2f15e635750d9cfafcc825f3a0,1,1,Digital_Photography_Review.xml
+1ae5023d7b4801aa93edc7b86c769faba82f98f393f917df3f9175b5bc594855,1,0,Digital_River_content.net.xml
+6db802e9310e1d721b92abde951d806fb9c9a2e99182795213ea3e4432e495d5,1,0,Digium.xml
+8f24d6a49faf7ac63a5a48b5dfea5d55a076865183dd5319b9cee2f6e6de8cfb,1,1,DigiumEnterprise.com.xml
+ca8710d2eb4a66d458863fcf716191ef82ed5a669710d97cf69c8573e7893be5,1,1,Dignity_in_Dying.org.uk.xml
+05a99eccf708bca913786f423daaca68b711001bffc0af52e173b0f31a38af30,0,1,Direct123.fi.xml
+65f1777abf53781ec3bebfc418b72e91032db63fd973a751ae810e04d7297016,0,1,Discover.com.xml
+ec9525132f84415de401293436c276fa6cdf29948edde5416665e10270bd8456,0,1,Discover_Card.com.xml
+3344bcc1244a1a002611a746364efee114e9347a0a7303600b89410b381b2475,0,1,Discover_Network.com.xml
+cbdb894eb5bae94156db1210de8033c32d42a877330b14af87c4d2abe5f58e81,1,1,Discshop.se.xml
+283b1ea012e127b576f1a2c847cd342c0e984455f87c5b7811f7c5cc2e8a1dc2,1,0,Divide.xml
+f0ac70f0936b229f6b6748635f259cc1ebb6bbd0c924baf792a792af86295fe3,0,1,DjangoEurope.com-problematic.xml
+ced8f070eeb91948e919fc5b49e98b171ead833df49b97ace89db1a5fa124a1a,1,1,Dmri-library.com.xml
+0c2d0599f841a470c303b8f4bcfffe014c25e51080b8ffa4c794350144ab4fd9,0,1,Docusign.net.xml
+50cdc237ad687503006bdeb50c714cccdf0d0f4d2a710d278a51be0a2a94bd84,1,1,Dolimg.com.xml
+76266350e22043e4d07c4a1389165d1f888e7034121235b75d208d58bfd9a8d3,0,1,DomainTools.xml
+cd9c9d875b77202d9bb64e526dd1ae2ad6b5bafc9d4d6ec0806d6be463f5f53a,1,1,Domaintank.xml
+b24f4ad17b97e8bfa9b40fe9399e2f5623d687f5c9c427b312c206b3c2f17031,0,1,Dominios.xml
+93ede45e0e0378015e32bf7e031f23b7a69174c9fe0023fe462549284e8362e0,1,1,Doncaster_College.xml
+555b32877b269226bbd508537205e4891362f82953796a44980ce54fd36b7dfb,1,0,DotCOM-host.xml
+bf7cc0c7b23f6d7fe047d15bd73388dd41815f6f1f4a922e46ab388b96552af7,1,0,DotMailer.xml
+d51edb2655670ea1a910c1f79a85696274ce6f066ae67700baa6207d60727448,1,1,Dotster.xml
+4c32fb438443d2547b3a3347d3b59eaabcbc53f9250ca6735be7dc6b22b47cf8,1,0,Dozuki.xml
+948fe6c1816bb404b4f3fbc4e1d21dd253cdaf065726cc41a7173f1055edb520,0,1,Dr-qubit.org.xml
+d6f6539911e50377e9ea5612c191b82977ea7723730c19d45293b3769b10abb0,0,1,Dream_News.jp.xml
+1699a3fbc0f1c9f54d828666cdb17e2eb6256e59bb3d752cad54207b3c16fef8,0,1,Dreamstime-problematic.xml
+f85cc97315b7e1d8d7cd5a8df8c238edd9e9303ebeb0f84f0dd57da3be87cf87,1,0,Dreamstime.xml
+4b67855f68d07aa5dd62c7b1470af02d953732516e530646752c5aae632d9baf,1,0,Drinkaware.xml
+6dce143c0bfb94e705a21f78d14dd5898868d1a649224c096ededd8910616adb,0,1,Drowned_In_Sound.com-problematic.xml
+c729946041e980450f9238a1177dbd53bd2d7f6d904444a27ff14817e5a8916b,1,1,Drowned_In_Sound.com.xml
+45c19d94eb666e445b664135d6c6c309c77f37517894e24684d63191cb22669b,0,1,Drug_Forum-problematic.xml
+916ea616d827dc5553528be9b879ed28d91007337b9fccfb593c4e624574feac,1,0,Drugstore.com.xml
+cb19a58271da26e0eb7c687c7d6a412de76bccd82dab5ea43c1adf2d4e9a790e,0,1,Dueling_Aanalogs.com.xml
+d4ed3a03f0dcc445f49c298bded76f72b676629578a5a01bc25d3743aea9c8c6,1,0,Dundee_City.gov.uk.xml
+4b6114f50a7b63eaca3c4072be4f8c98e013bb9e4fe8108b47dbda9a99ce8bad,0,1,Duodecim.fi.xml
+d1d3e7884fb59f03c02efe683d1ab6cd77b8d2fb507b4dca01645071c995b359,1,1,DuraSpace.org.xml
+8496afee88e5b9a35c67bf855d5aa960d9557295c3de825652c49d7666beb252,1,1,Dutch_Data_Protection_Authority.xml
+c97bcab9e6309fdd7047f8506ee40280dca5163ddd1e7e7eafa6ac4d2318360a,1,1,Dwarf_Fortress_Wiki.org.xml
+d0699296c13b7423272e4ae5ee1491a8449e6c95b7e1a769008f06d46fc7586f,0,1,E-Plus-problematic.xml
+80532b82c72bbe46287e9506f392e5378023e6766326380c5f276182502af47e,1,0,E-boks.dk.xml
+30b6cd8e0fb7a044f69d7f54ddc8c2c0739afe862e58f483fcf9e61211c4b27a,1,0,E-prawnik.pl.xml
+a236b2041b6696a94edf8eb10f21f2c384c1fdd022e6f93a2a6e97e0cb1d4bff,1,1,EBSCOhost.xml
+5d9191656ca3651a591a01916031d3f755252d09d09a846ac962918f14ee370a,1,0,EBlastEngine.com.xml
+27d5271339b66f984ea5bca4be574e9faed8825be522c825f5ee4a20e4d74d77,0,1,ECrime_Research.org.xml
+38acc77f3a1684db15405c335ffc2053bbb6959ebded1e53a76102e3972473d1,1,1,EMC.xml
+b82763e9cf1ccf4bfcf7ce931d4971bbd5f5d767431cbe015043bdf2e307f181,0,1,EPA.ie.xml
+21af6451e5293d3c590dba9f14d347d022d8ce5d7a06b8d1960a2d7dffbf76b6,0,1,ERNW.de.xml
+771c90d6313b15fb4d41a8c89ac03ef0029394521c105655c3d1aed1a8f44db4,1,1,EReceptionist.co.uk.xml
+1d0cf4aab6228ae65f34ff4ac5313082087f547d0b773e9403eb9ec40c19e30e,1,0,ESET_static.com.xml
+71d7ddf2c70bffe2c22311b10ac6ccbbcb82d057f298a71285e6e14da667b3c5,0,1,ESF-Works.com.xml
+e14997fcd1b49623692ba6542a019182b6f66628abd718680fbe20fec3725e7b,0,1,ETegro.xml
+9cb060c5bd472740cb08ecfa934b189e19567c4dbd35002501a01ec373dda1e7,1,0,EUKhosting.xml
+88f84319acd57ece012e2e66cc7447a8db701037146b74a839c89a1ddd685432,1,0,EUserv.de.xml
+97898e32a15c85d1f70bb1b15f7201cc03c1ebe0b624949fcd4e27ef48619c89,1,1,EVoice.co.uk.xml
+480256c07545a3dd139fde94d8b794e8f8c8374a48c9f8c02d00b2c6aa5efaf8,0,1,EXiled.xml
+c52705978d36a80cea351d25f4b1131be10c653ee5f7aef9fe661b0de448924c,0,1,Eagle_Rock_Reservation.xml
+f81ba5e26253661e9cd0406b4b538625b6cd39bfd2ce8977a526b67b44b908b8,0,1,Eastbay-problematic.xml
+1c87354f2f51c188db3313c9c68460147571ed92296962e148563e5def8ed4e3,1,1,Eastmon.com.au.xml
+332200909ab116588d0483ac47e1877ead9fcceb221724a8d3fa50251bcf1694,1,1,Easy2coach.net.xml
+0b8829a889f400ac3171d5602ff812f5bbd6559db9d6a3d3b835ed6694ef3e60,0,1,Easyspace-expired.xml
+9248288366ee2fc081c11be98b63d9d79069a3f8000c284e6ece22c53fa383de,1,0,Easyspace.xml
+421ade575e2e1e0e75d6c7bc746c9615bd7fe023bac2e3a21401cc6c61c2ee3e,1,1,Ebi.ac.uk.xml
+3d7ebd12328dce8238e333e2d00f53f314ea41fc6cb532d5f48682229e8ee622,1,1,Ebuyer.com-falsemixed.xml
+9a88de16ac51e357ce386b479d2c3a0d2b1e18a1df431478f16e01acdb1b90f0,0,1,Eclipso.ch.xml
+e831540685d0eb166dbf1cc602fd28389713d447549b60997066e3b2a125203e,1,0,Economic-Policy-Institute.xml
+f9f75c9eeb2e7da3b367c19fc86af398fb052e94c251bc9a22a3d3b8f565b39f,1,0,EdWeek.org.xml
+792f8df60f756ad2505db27b3aedb9034fffc3b05cf532fa9474de3284aa16d5,1,1,Eddie_Izzard.xml
+20aa540654afe4e46d8706423b1bc4b2cae3c3498e1ff6cc63ca93ca6957d59f,1,0,Editmysite.com.xml
+772fc66915c575b5e3c2b9330453da903a06e156fcb452206f0b0db4330ee367,1,1,Efax.co.uk.xml
+9346d6aa681d8272cbe2d56d6ba227156205d162fe3aa1ec83db7cd50ea1a8f3,1,0,Egnyte.xml
+0231502d992426f6dc6c8b6488cfb220c50aa5d5a624b854e956ca7f66269366,1,1,Ehosting.ca.xml
+d3812b45da73e759d3fd7d65bc13e9fc5f75d97bb15dbb0a53c4e9e11e9c7f97,1,1,Eimg.com.tw.xml
+822984ee7464450befd847ba351e2609b8b6b34ce8116ab38c54ddcffede5b5b,1,1,Electronic-Arts-Intermix.xml
+33d19feabaf5d7650acfd2dea5a837a763a632626c755caed1bceeb42ffbb6e9,0,1,Elijah-Laboratories.xml
+8c4ce2e6485d6a92b35ebdf64cfb826516669a9ca8b3ec20c32ea7f2ef0bd679,1,0,Elite_Casting_Network.com.xml
+92b5a0f2765dc0209ee35f20bfbab7f44970126ff686c803d592213acac588f8,0,1,Elitepartner.de.xml
+2ccd031d0b13fdad6fb4ab25d9dec34593ab18cc5f62208dfdb64c6152f654a3,1,1,Elizabeth_Smart_Foundation.xml
+03f6035a0d5cd3824fbc733aee7c1dd0d9a48cca2e3b612a7c2dccbd7920b6f7,1,1,Elle.com.xml
+995c937ddd871c8b758697457a5b14ca6c04d0911197fadd29b617391e49a16a,1,1,Emailsrvr.com.xml
+1d5f53d890008891065d1172327c971c2aac7a7e965e9ffdc3feabbe2d037492,0,1,Emily.St.xml
+13abe2167fec64e991b8e89e9efedca61be565e9d4f3b9802f500be922b9cf08,0,1,Emory_University.xml
+661bd6f53d1accd50024f22541da44cd49f15b58aab9e52418aeadd2bb3b2a22,1,0,Emsisoft.com.xml
+db21ed9907ecd72397a925f1a47e5c99e3d84024370ffb30b87b1b5142880bdb,0,1,Encyclopedia-Astronautica.xml
+431fedb9cd9b68a915890080f1eb4996aa3a6edd00e91b6cbcd6749178cf26cf,0,1,Enecto.com.xml
+6418b8410785f9fade87c96494372065791223e8bc6dbf60a3a6db6717d827fa,1,1,Eniro.xml
+80ef1d15e2f1ed5a951dd080ea0f482e68dbdf69d2d26f37c4db7508e5a6f2ec,1,1,EntroPay.xml
+09a7159cbece935f73ae3747c2c83a12d6852f1820ba99d791f6d6a97515c6ce,1,1,Envato-static.com.xml
+2ca4fd68486c7ed9b2229b029b17f898ba1c99c23e7132da7c15e5d62b8de32a,0,1,Envato.com-problematic.xml
+03342be1f13fcbbb19d8de98a172c33e0ef92b8322766df0743b05820413d7dd,1,1,Envato.com.xml
+d6bcf352b17998cd3dd749252c04696198281490324bcf4223fda56d223960e2,0,1,Eole-Water.xml
+1f7601e66f03a3d82babd1dc7a1d477eb37a567383073864f89ed39a28d0639b,1,1,Epartnershub.com.xml
+52a6b9dc4e013008f58b53424d04e899dbf6110a1d6ce7b5d8eef35a8a399a5f,1,0,Epic_Games.xml
+6b9e08f376753aad2163601f78b5051a819c4f2c54c54be0c231f0d44d20cb26,1,0,Equip.org.xml
+5acbeae1638df64a1e8ab2a261d2b3f810300c376824e2865970d0a1932cf595,0,1,Ergon.ch.xml
+40d2bb3f9270e7cf99f2bf2a446888d4c7162b079f5a196e0fd306ca7ae6c810,1,1,Erowid.xml
+b4ebbea0286d44564b7e8984bfe2fe38ce080b1390a0d6d37315d0993dbedd5d,1,0,Etarget_net.com.xml
+8d9add38a1725f7660e8bc03f9f6181886dfce418c3a726cef21f6672eee6955,0,1,Etipos.sk.xml
+4db319b5a12d2ba768b16e2ffcb6405c1ac8960c7f052decd7ff5c547a334c2c,0,1,Etrade.com.xml
+ae016ec38dd372b50f679c03442479c2df1eee65fa59a7173a1548e4b289409d,1,1,Ettus.com.xml
+b91a2bb082396988a0d23bf4de0e9e620d647828cd7b1abf9ad5d1d522d8fbba,1,0,Eurex_Repo.com.xml
+dd2ca763bc144f188f0dc08bff984e6c5f950860d9fa64ad3840af10bcb40832,1,0,EuroFlorist.no.xml
+eb2c414ae4ec2c034261b3cd828b87ba62ea8fdf6208052149c7cf7fe882bbbf,0,1,EuroPriSe.xml
+c3ce6b72a929adc8d7e227f86884c300979feb2a571c85cc44db4262eaa6881a,0,1,EuroSmartz.xml
+6d3e2a1d8568935ff376e011fa835b0a9c78a06c40eeaf5b9732abbdf0a27808,1,1,Eurodiet.xml
+2469df0235c8a578f6a3574825d70473517e612574f5e517174cd8ef453c46d1,0,1,Euroforum-problematic.xml
+9f07a1cd07e17aaef37455a8e6927200da4633d51836089d790ca00caa2a16a3,1,1,European-Southern-Observatory.xml
+c7d1a78c0d09e8db961d0d711d81b4967193f1692e7a23198a996e9dc8dbfd29,1,0,Eventbrite.co.uk.xml
+1213b9bcc58aef69599cda534a1140050ba6a542bafdadd27e62d1e88b6e3b56,1,0,Everest_Technology.xml
+de69b2a8fe3a9790c9aa7ce6435db3ad238567356e1a46ca1d374aa7944cbe31,0,1,Everyone_is_Gay.com.xml
+946a4fc3e8ca86971f8824a4576d947fc40b7fb4d50852f9604278a3d0f97ec1,1,1,Evo.com.xml
+bb9a0e1c85c28f8f09687aad733547dc640569557197fdb9be79b85d9ce4931c,1,1,Ex_Libris.xml
+83bc5eb214726e5221f5161cde0d085ac4d9c225d08c4611b6b6adebe8ca3c9a,0,1,Exaccess.ru.xml
+6841328fb4f2cbf6061dad6d4e8891fe0cbc9ff71db8155d4a10e3cb15ce1195,0,1,Executive_Interviews.biz.xml
+b164ef892520be08098945612a434b74349844dba5c7fe618b2e9e0b06fe70ca,1,0,Exinda.xml
+53d157231d09238b4b86f5d623b23cafe9e649f542c15ca65c93e4c03da3198d,0,1,ExploitHub.com.xml
+03b6227bca68fc7f7a99a9500fedf38d07361ea41dbf5e823158eda5e600f00f,0,1,Extract_Widget.com.xml
+d08eb1b730ce427a740e4b6366d314802a3b25eaa1ce165588d8df0cbf21fc80,1,0,EzineArticles.xml
+76e1a443721c7c57e7976241d045defbd2218dee42cbdef6a13472e13d9ff63b,1,1,F-CDN.com.xml
+dbcecf1c78f18bfa326267e0ca37f8f94debb98236913d73092883b39df4f204,1,1,F3images.com.xml
+03aee00629e0916b9627f907484ae885e2b9e783dd789c7b928dff3dee8da925,0,1,F9-Distribution.xml
+6635f4155c42dd8f694a85079f66436a3cdd466391b4814ff640259a9a9bd698,0,1,FAPMC.xml
+15e11d918a3d88dbfdd81e7faba1cfa99c5aea57b821c35cf269744465990066,0,1,FC2.com.xml
+b18bfe335ab271a0aa72bbe6836acf7b4a9fa299cf03b54bdca37aa90842ef16,0,1,FIFE.xml
+32dbe7b9807abb304f2779ad2ca7e6d939200e54e61607df80c8cf553ded77a4,1,0,FIGUE.com.xml
+4def65d5306408980eddf9267615a711b000ad48c4e177c6cea446ec6f822a41,0,1,FLOSSManuals.xml
+ea855265939a7763f890048183a4e9b27a37379adaca4db01df723287905e954,0,1,FOM_Networks.com.xml
+d78b9c027b108b40f4020703d1bc5b49e10ad84b7d1feaaa88e6a33d76666cb3,1,1,FORA.tv.xml
+64d7895f2f69cc720e9d958fb3a212eeb0ca68716d33b408daa6721f8ffafcaa,0,1,FOSS.IN.xml
+acf8d20b89b6d86853af14f1e154f2250fea106c13de2229bc831a897513f402,1,0,FOSSBazaar.org.xml
+2becbcde3ded8d4be896e314ef4d27afeb6d4db55cc8e8e2fda9625f47f64d78,0,1,FSU.edu.xml
+b2085754d0d68fe106aebadb88e72508f4e20b666d9e0ce2cdf408ca9e9b2609,0,1,FacebookCoreWWWi.onion.xml
+8767c03d704f5c34d0add741e10a7faca4c8f782e4c1c4e56f154acfc6b1b745,1,1,Faith_in_Motion.com.au.xml
+ab23648bd49cfe3cd9e3192b309fb18e60a64b3e908ea3299ba56583f0f52834,0,1,Falcon-UAV.com.xml
+6e006939a395f81dc649d4340231a869144a3720162e9fb3fadcefe86cbb3509,1,0,Fanatics.xml
+9c51c5f3685da502281c46d976f7ae3bb8b9b2ac9799e41eaf7253c170fecc15,0,1,FastSoft.xml
+e4333c0ffe626bd8aa67b64f9330a2857ad0392362849823d2804fb736b8c1d6,0,1,Fast_and_the_Furious.xml
+cba56bcb5b38b490a1ab63f0244c457a86793a8794c5e7ae60aaf2782c302334,1,0,FatCow-Web-Hosting.xml
+3b9a47db267c9a3cdcbd5b4e803ceac9d44fc713e99b99169b6876e8a5ccb0af,1,1,Fdworlds.net.xml
+1fe4b4c61b741995024b05158f8b082a8da905b3578624c82154a54ec6f692db,1,1,Federal_Emergency_Management_Agency.xml
+8dd2fc317fa4af0eb6299a4d9fa1ae2d4349e162258277903e16e5ccfac8d571,1,0,Federation-of-Small-Businesses.xml
+19c52d9111010e02b10a06aa009124959357ae9508639bb225e3a73989600d3a,1,1,Feedjit.xml
+120bf2c17ec6d85fee4a5bc1857fbe29f7d40ec9243c4da31c47bdcb59d9e96c,0,1,Feefo.xml
+274d8250863f1353526859ae21132138f2b7c29652d8c7e6c2b698a2504ad9f4,0,1,Fenland.gov.uk.xml
+e86d5e3ca3a837e961b2ca3031e5cdf8d15a4297ea12fda82280db4205b00c67,1,0,Feral_Hosting.com.xml
+1b5920ef6d56c0c4eb59282a72ded66e32afb565efe04e5f417a2b3c1acacad9,0,1,Ferris_State_University-problematic.xml
+7000307b3415118c4d10f8b5a68d875b64b0ba75042bc1cdba066376be025eee,1,0,Ferris_State_University.xml
+b415e81d1a66aef7b49d2569612f1ca6eb70cf80ed84d2dfb6137889d95d5a5e,1,1,Fibank.xml
+6c5fc7be0086b16f85edf4e13d77f5bb86d0ff940e14524e7cda87bfd30a7bbd,0,1,FiercePharma.xml
+03cac8045c0788bdb20a69714ad5af1627ecb48ba8e82a9d67ca83e7c1a3fa85,0,1,FilesCrunch.xml
+db02c441a91bd19ec19af65177aa0b1ecc68cecd2b6d10c8c362c6a335ffa284,1,0,FilmTrack.xml
+4b11026e46676ad595688a56f829cd5c7a1c4c1d167d542a02e48452246f919f,1,1,Filmdates.co.uk.xml
+d07188d89e618288aca51dcaffc90b6ed1630596512f0def5d73cf3049bae44c,1,1,Filter.xml
+20ade5eec380ab16ee4861c6086b39ec5beee7c33575e8f1978e5d9e3e8090ce,1,1,Financial_Post.com.xml
+85bcf7d5f5b5493ceae0271fe97f22164c904a463c4f10935274615544b5e4aa,0,1,Financialtrans.com.xml
+efcb4402229ed43863e8ac8eefcfcc9f73cfea6ae53352269795b1760d0e0a90,0,1,Financnahitparada.sk.xml
+e74290fbd951caf49445188e6d7d3d1a5e4f0880f0355ebb3f5461266fcaed5a,1,1,Find-a-Babysitter.xml
+ea59a590e5d74dc8cbc7c6a92cc0ae74cf6e0f509ed0b458580792958410e339,1,1,Finka.pl.xml
+552bd8ab83e0e59b4196d9ae48bbc364136198778d83a89bbc07c068d58618a0,1,1,Finn.xml
+c2a6e87647595dd9487c3959ff5cc3b598bcf08ccbd358f24f90b988c478d8be,1,1,Firedrive.com.xml
+265ad3eacbfd50c7c49f935afb3673fa55071a44114e1ee782e21f8f25a29f84,1,0,First-Central-State-Bank.xml
+711d4855340b3dcaad02671121099aa096bea856730eebec67c4231c89ed2a2f,0,1,Firstfloor-Electronix.xml
+c365305889b7baee90f2f7e899440b24b8c5b3cb994b44c00530cfc22ed52468,1,1,Fitness_Market.xml
+d2e39a36b53ec8c0d0923f33bc1d08dd2c530cb5f8c44ea496ba54c78580dd6b,1,0,Flightglobal.xml
+6522d1c1e1b9929b26a29d9b2ee2d1640b7e2a95d7a1e651e00904212a929095,1,0,Flinto.com.xml
+8ea7a8f22b03f1b163013b35d0ec7061ecf92eeddcaea9df4196738906859924,0,1,Floating_Hospital.org.xml
+b2b785c62c6cc9f4ed815d08e4e8d92e9349e72d303e9ffdcca16b74b380b0ac,1,0,FlokiNET.is.xml
+cb0a3d716d8f22654d96a8efeb32590ddd38adcd3ba9ae62bed7491c5e5486af,1,1,Fluctis_Hosting.com.xml
+3962fca2fa36bc16a4000801f7f7abd4d2ab6f5445da67e238a58fcbe23801b4,1,1,Fluendo.xml
+daa09a73d487052e243c63b74efb4e69273117f17917c6c7c15b8797d2cac930,1,1,Fnac.xml
+67380bbdadbe0ceb6daba1a7b93df6aaf590634e21be8c6162c07e2ce6ba834f,1,1,FoeBuD.xml
+7558cde03eaf45908c8378ed2f8ee64f34b9c3b69f267f128f75cf7e54be4c56,1,1,FogBugz.com.xml
+2c86bb4df074f731101dc6d4c65a35e0e26f30484aa4ade5a0645eb4b3c98715,0,1,Fomori.org.xml
+b50cb36cfc409474b96f6198d97d5229a1392b250965bd62553b174ae393b555,1,1,Fontspring.xml
+8def6206ee5b7f9f38db5c672cf6a64ad53a1217101909377e2fccaff4fc3d61,1,1,Food_Protection_Task_Force.com.xml
+bdeb72219338c7525ff16255af8d59fe4b6e246b5c8f2fce08f927a1b3d343a9,1,1,Football_Fanatics.xml
+a8ef5c027115c72025f427f939fa975f347e05e75001dcebe886fb8e76a5771b,1,1,Footholds.net.xml
+2656476357b57487509d522bdea0c4ad5d18edd3c9c9f2009be8b7e59e5b15c7,0,1,Forbes.com.xml
+ff3b2c2c74f4bae0b08249a9f3f0ba9ef3f45145f13adee065b179af0c366185,1,1,Ford.xml
+983c37c96f4294151ce45eb1842e69f2bf77a7ac3bd869db4c8c5d5983fe673f,1,0,Forensic_Institute.nl.xml
+7e195fc75d5b0faaf7a9fdfa19d0098ca2480cfd7716e492fe87b693279250a1,1,0,ForexCT.xml
+c67682b0fcfb5b328722d84fe8c192e393451f15d3deac0324c37c193edfe68e,1,1,Forgifs.com.xml
+5e8fc987828220c55b34c788b14e05218dd72014343d7d968aa77361601bc7b5,1,1,Forocoches.com.xml
+b6fc958980c2540d31f01eb6ede8ecf78e1430e81c407db0f84972ba310630d3,1,1,Forrester.xml
+863eb0975b9e8a5f88d3c76f5e7a371f31da838afaa684d1ec341add947060df,1,0,Fotki.xml
+1a248675d605c04901e6a2e6ba54332eeacca5a8eadb46a6d405d4a0ea1dadb2,1,1,Fotocommunity.de.xml
+f0fcfab8df8d22bc08e6ee92df4f201538ace2bf944be743223cf251d26c3c46,0,1,Founding_Fathers.xml
+23338597645b4a3ab4ff7b8841fc3efea480fe8444de694630a0462795c8f746,0,1,Fraternal-Order-of-Locksport.xml
+1a364af118ce9c0abcfbaa7635c1e0fba64baeea937b98e2cd06c80447faf42a,0,1,Free_TV_Online.com.xml
+0d48c14e2a05d9f90f4134baff79e48ca1778868b0491e7c7dc3043585d73ae7,1,1,Freedom-from-Religion-Foundation.xml
+dfec799168fd8446708a1540518f2829c0d71890a380ae775ed4b73ef262b88d,0,1,Freedom-to-Connect.xml
+d12551660a3ca3f4980666deff3758cc065dcfd4afa22807e598ead97a27a859,1,0,Freelancer.xml
+d0da63b8cfb124503218f5d2fc8e2f6de394eec88e65d7f44dc5b9e346f235ae,1,1,Freelansim.ru.xml
+5eb2f3c83b0135ef3f3022b665f265cc4c63b9d243d992fb4de5320a1c4a3026,0,1,Freestyle-Capital.xml
+1bc4e86cbfde644d76b06a2d42e53d2d3ad77aa44357b51fc3cda52cc13398f2,0,1,FriBID.se.xml
+74573855013be34cb1230aa388418d4134921cd8cff3db47111c1ec2fd3a386a,1,1,Frontiers.xml
+2ddf3d7696afa689b74e12c2dfa48ef10271c57cf8b52696ee584a5bdb09f03a,0,1,Fukuchi.org.xml
+b21f0fb6b215d5268425723bc75a19b326df831ea863d5a922c93c2edb08f1b8,1,1,FullTraffic.xml
+13a95ea4410e4b787d109639ceb3da60ebe59216893d7531fc6b6d35f2d1e1e1,1,0,FundRazr.com.xml
+0bf864d504b62b444ba798f46ae53acd1fe189b12bffc4c4a3bd9e4d144fb61b,1,1,FundaGeek.xml
+362fe4f58f36e45d49519cf808a46332a95af9c4cc9dd53a40054fe7989e92a6,1,1,Fused.xml
+f8a0422cad5ad0b4a9f2a4836d9b2354bfb7edc7aee9bbdaeda92dc36db5a6c0,0,1,Future-Publishing-mismatches.xml
+f30174c08a98d016d113a5730a45f4bb74099691dd3ef1d1d209d4f6fb7012b9,1,1,Fwdcdn.com.xml
+8426250d81f5cf4ac0d7d28b3c6506aae55186217010e055b523c7dc48639353,0,1,GAME.se.xml
+2da66d8b6b9143da5aa3de021865c3a1bd02324eab8038002e48a2ab8af86185,1,1,GCM_Asia.com.xml
+f7bdaf4a797376040d08fb18652d7cf0eedb8ba7906904146eb43b8a358aa5d5,0,1,GIMP-foo.xml
+8ece7b9a55dcc63fa7784890ada48016392aca3f34f12086284dc2dbbdd0e50f,0,1,GND-Tech.com.xml
+ab1451b0683e0014737f9f57f3e9f414f215dbff35b08fa8cf126e8d83c836c8,1,1,GNOME.xml
+9f9228d01a61c6c36749f43229b861d54f380cbfbf025469bced8cbdc2e08e55,1,0,GOV.UK.xml
+b1eb04822cc82a87c012a5b68622ca2804ddfa57f90165ab739d30d11afae09c,1,1,GO_Transit.xml
+6637d47a74a578146d45ff4f7aa375670d1aea3d1e41ed9a5e90284da437812d,0,1,GSU.edu-falsemixed.xml
+ca4b0f161ae75041c459ce29e5d2966ec73c220edf13d44cd43105509be11b84,1,0,GSU.edu.xml
+2658ea2070b54f5a51b5fed1141337e3b434ac2f1565884145c41b83c8ac6d15,1,1,GUADEC.org.xml
+943674e305df6b496953a700700d1e3301602f43f60cc1cc5c4b75f3d68d4ac3,1,1,GVNTube.com.xml
+37d6faf5ddc13f30dcaddab73cf89f5ade20495ba8ccabacd2a5f421c21a5990,1,1,Gallup.xml
+fbd7a51b3a90aa1e07e2061cece575928087594dbc159fb455b21f690775cd49,1,0,Game-Link.xml
+5d2394c351034dbe321e2c1fc675bd412c945a96aaf98744da20df4db5da97b3,0,1,Game.co.uk.xml
+34f8f5a92ee97baf0e3c14603fa42b65b89edb99a8e71c61877a933811035f4b,1,1,GameDev.net.xml
+51b99e7a6ab7cb4d9587ef4dcc9fd043d88924f3ea6dfc4268711dac06786606,1,0,Gameological_Society.xml
+5e479c67a14059e5d1d97d5c0dfa59efd46a91a731b7fa156731be0b1f9b06ab,0,1,Gamersfirst.com.xml
+3d51538a88733634e8692d273367853c40373ff980e6e63d35b98f1711854c5f,0,1,Gamestar.de.xml
+086c57cd99754d4786c53464fb9d076de23fc5af2127c7c9d534aa9f364b8635,0,1,Gameswelt.de.xml
+e031196f8fb6b2a3483248b387d37371ac587bfa8bf365a6f13ec2aa7c0b0732,1,1,Gamezebo.xml
+f639c545ed1cf318fe0e2bb27a8fff4e7253d59e9f83b06a8364ce5eee77abaf,0,1,Gamona.de.xml
+7a776fb081a9777f2314af66dfdeb753ac52a3124f9c46b7a400de6683ecc2a6,1,1,Gandi.xml
+035809e9f5bd95475a0a9b411c7401dc0cb02d0343ae1da2b72635a1f64ff652,1,0,Garcinia_Cambogia_VitalMend.com.xml
+cb1de2017a67592099d5d9c954c7c56e2e98bf32c7f265b9be519fbf869d98d5,0,1,Garfield.com.xml
+380a8d1eb10fe5a945578e4b2e76ca99abe4e00fde55ff1ba6937f8936dd35ef,1,1,Gasngrills.com.xml
+d282173eebd744c9e5761a975e9b6b5086e86ea8cf51c7803bc78ce8eec8f0c2,0,1,Gate-Crashing-Org.xml
+932651701c5fd6b9c5b272299aac182c260f3d005d9cdd624538ac5055bcd8af,1,0,Gateway-State-Bank.xml
+77d0072c08ac8a2b284de4354a9d9da5d9e3fbd2dd97532fa85c51680c813d5c,1,1,Gatwick_Airport.xml
+c325bbe3f25bde17054d2c65f66528221f834628788ba7c6f8275260b5294347,0,1,Gearhog.xml
+080439aaba8674d999ddba8845e23fa69c525446f11c7005c2bee848774cacc1,0,1,Gearman.xml
+9257553ea02a0d51787652f8f4144143fa4bf995632caca3a620f37e8f422552,0,1,Geekheim.de.xml
+6b70c3919be0ccfa44e991ff4e084fc38f51e4de86c8ce7e70d4e2007089f087,1,0,Gemius.xml
+82a575bfdd7c91f460c75b2c61c90f9b145af743bb17a462df5388d6ff93a9d9,0,1,Gentooexperimental.org.xml
+96c69b44fb2a6ff797e5ee08ae801303f2b36ab16fbd93f5d64a97f4162bde59,1,0,George-Washington-University.xml
+055d3a6e5f8d3e036c6c9f0a2e52b87fb76fdaded2e6768467e5a12f346eacd3,1,1,GetHarvest.com.xml
+10a621bf9199c08e61706800651e79887f7d9ab2eff080fe2c6cb96b6f18d664,1,1,GetResponse.com.xml
+ab59869864ab49f92b5999cf790130235959fe09824d4eb99e217acf4d93c856,1,0,Get_Safe_Online.xml
+682fb5bd1da5ede92efb99ab0044896bfdeed95c4a03ad363f48344f6c992f52,0,1,Gif_Gratis.net.xml
+fd005c94136bf38d49cb6c2e54e2d1eb3a1dcc47b14839e428c31a4e8fee16ad,1,1,Giganews.xml
+1d63e25cc0439afe39fbd853309091e58c612ef16c19421df703557c98780207,1,0,Gigaserver.xml
+f5298b32c824990297a18e92474c36a5d1b344ce7951b529a48dd0d6c2a9e620,0,1,GigeNET_Cloud.com.xml
+51e006dcc0faf9e3d034d633d244bbf7fb278b7f49388c9303bebb5d64d206b5,1,1,Givex.xml
+1d543c058797c2143e84af0016b439cef391b95b81a938a27400534400e3fc5e,0,1,GivingComfort.org.xml
+ed076293b391e63d4e03d8e9d6de8bc45e2e968273c10131468eacee40f1d08e,1,1,Glerups.xml
+745c86661e057217d3f6d9001632956d24085b474525744996044b02aaecade4,1,1,GlitterBank.xml
+9ca0b92729a85ee245177e7a30e4ab554cf09245017b322eb486667b90d30d2a,0,1,Global-Footprint-Network.xml
+bbf4d95e8b1cc5c2a5b862ff0bcae50fd87a7f055d1a085ee68a9f9196b445b3,1,0,Global_Human_Rights.org.xml
+28d1e935698d7bf9cdb4828b3fd4e933daa8cdf6934fe4e06bfc2820be0e81be,0,1,Global_Promote.xml
+2048765e5d20395f03f87f9fab3ec0691426edc106b94970fe052f1a7cb74e9a,1,1,Globaloneteam.com.xml
+5ddfa3a482674b780d4e0cd81e3ba0264703fe2b42c797a132127a132df0f974,0,1,Gnumeric.org.xml
+a274061c2d10fe93f56a7434e7f541897c64f1749bf842bb7d167eed03b32155,1,0,GoGetSSL.com.xml
+b4741f899272079753bb0118f166d0130bbedf31d16434e9b8127821fcc41f50,1,0,GoWork.pl.xml
+8035e4afba24967890b6a797e732159e2a135c28742d91b63f4ee5760fc980dc,1,1,GogoTraining.com.xml
+1857fb8f5f73fff134e4fdda43db8c16d0c9c22dcf0ac20fcf3ee2a846a022b5,1,1,Golden_Charter.xml
+9224e11b4b259be1d60b4d65c3903a9b2fe7403753ce0b1a540bc526cdb8e21c,0,1,Golf_Course_Industry.xml
+7fc9cf927c9b92789e3d57fde87b70aaf938b68e6b71adf4319411e2af1c67f5,1,1,Goodsearch.xml
+29c9afd965ed16539ae8450e714cef305ac462c4e59e30c4d12d85e63ca058f8,1,0,Google.tld_Subdomains.xml
+25c3f0f876658542a6ba1aa3b085d847ca547e3f03f0ece8b6b11ae4e08dcffa,1,0,Google_App_Engine.xml
+fc2c55f71e70b59c18712e3ce183d824f45432bc691882aa9a2990d64c8c0f92,1,1,Gotmerchant.com.xml
+8c2e217fca6c4f32665fceb124225f04edc9b8c01a403aedafd871a33c9d79ce,1,1,Gotraffic.net.xml
+2e29082cb5f6eac2d4995011751e0bef076bd568f46b022684a05e13edd48c7c,1,0,GourmetGiftBaskets.com.xml
+38ea979b7f650765d00622f7919e2589f093c8f0df62b005e1ee37f97e821289,1,1,Government-Security-News.xml
+adce25fe2ad3aaf12d9c15ea4ea6d9cdc060c1c52203c24c4a119f5c27e8c1f7,1,1,Gran-Turismo.com.xml
+7acff386a3f3713706f4533875c469e978d785fa9a072b750d010fe74ee2279f,1,1,Grand_Haven_Tribune.xml
+a86f4c61b5cbb47cfeaf651f2afd0fa4ea39f82dd2e73c927622cedad59f86a8,0,1,Gravatar.xml
+b7d75abaa69773098bd0b108a48aa4cbde2c00a211bacca52b107728f4230fcd,1,1,Grays-of-Westminster.xml
+6320c8a92fc89f7e04d91bd84a2570081ff7ac69ed87e0b5d3ce0055c3361b3c,0,1,Greasy_Fork.org.xml
+e4b6f7597186eff47f30a38f678dfc3d78db9dc04515fd3ee31e8831e0a743d5,1,0,GreenSky_Credit.com.xml
+054ef9c8b5459c29b97998aba9220474e3af78bb8af72316267560fea5174ef3,1,1,Greenmangaming.com.xml
+4988b2fe799481ffac172ac384a3951b46cf89ceda1461bf82522f468dcf566e,1,1,Grenet.fr.xml
+fc54f1280cad1fec94aa76e4bb91b14123e5f45ee89eacc58b0036334fd2d4cc,1,0,Griffith-University.xml
+c7a62209b05fc531978d48bfc38e9e0957dba51b78426f846743ecfe403723cd,0,1,Grok.org.uk.xml
+9fa1fec5b01de3f893162bb05593529fc9b9f40bdf02f4b00b6ffaf7a0d385dc,0,1,Groupon.com.xml
+bd99858b4f66b9655911910da919d75513c6be1606c9164b386c4df7e29819e6,1,1,Growery.xml
+7478de441d512f4f0f07602b17efda7bc4badbf0eee160a17e12c0492e1d6f10,0,1,Gsfn.us.xml
+a7f7e0bd7f195a558edb2fd3065eca2849c73dd757bbbf4f840482bc19781fc3,1,0,GumGum.xml
+f10393a60f224ac6a9127c33276d931066f78669a28786c577f068ac64b77b0c,1,1,Gust.xml
+4b4b09de35ac29ae3cb87642e66c4ae08593682c7847394a93c8d378766b5b41,1,0,Gustavus.edu.xml
+0ecd9594e7b04bdb9476ff3489d64735901f9230617b1d0bc8cbf0b0743ae62c,0,1,HH.se.xml
+6a011c27d3d1eaa622e81bac1766aefa2ef91699ef6e2c335df418719e2b168b,0,1,HIS.se.xml
+b7c742427b63875bf405b4617943b5e508ccf8ff4761279452ce909a2aad22cb,0,1,HKK.de.xml
+d09bb4ef7ae7ddb86f27ef0523b00a1e399bdc19cdaea4c3cb0dd86c6e6afdce,1,1,HK_Yanto_Yan.com.xml
+b1b43be7076c4ec828a14a45a16b5d0ac9427622b8899a87870920e1758b6532,1,0,HMV_Japan.xml
+805072ec20886e155a2c5688d1ed727a1f3f331fb607c2af876e2a5a0950821c,0,1,HSLDA.xml
+335c9d1e25fa8c3299bc8c25a3b21214cee62a69f8d1427fe405ffaaef5e8e90,0,1,HTWG-Konstanz.xml
+160cf059aeeb642add9c979040f1b60282a01c9ee49234f64bd25ed4611583aa,0,1,HUK.de.xml
+d97fb94656263a08627931829f3707297aaad16a2780d7efbc08d9a0e240af5f,0,1,Habbo.fi.xml
+2861461aaf5d9e64c74085dd5b9d240404207f44222cb49f8ba2cb1f0e3c5789,1,0,Hackerschool.xml
+922b403278bc9ae839f646bd231dd9ab11950ec5744da127a5e185b3eb1c20c6,1,1,Hackpad.xml
+51b17752c74062183224769643033cc2727e3263c0af2d83072f8f4fe3d30d51,1,0,Hafner-ips.com.xml
+36f8eada3ef9157fd9135fb2507307fc0a40d90e3f2b9727e1e483301180b35f,1,0,Hammacher-Schlemmer.xml
+c4c6765b82c3995fe1018d07d514748b3b1dc77463bd7f9745d4f81c89729b7f,1,1,Handmade_Kultur.de.xml
+a8183b3aee9c2ef8f331f6d2b4a65f99819fec523ff1df7d10cb69ed6fd7c746,0,1,Handsome_Code.com.xml
+0b7c9ea36c20bcc97958b4e3d5f6937282a35e3029bea14e6dc4fb95b3c17e25,0,1,Hardcore_Teen_Girls.xml
+e6f358268ccbfa9123abd3a38088ea30874f0fc2f7d577d6729117981c403c3b,0,1,Hardwarebug.xml
+33be37ec857b9b80c74e0ee3a9ad566bba7cdf793e076c4103427d1e5413f761,0,1,Hartware.de.xml
+1fcec52d0a6f3e89d64966ba878969749e4df9718a6500d911f5d86169e3beab,1,0,Harvard-University.xml
+db16d5037c30da9f3b7dcdc63eae06752d0a06a2f0cb2d1c16100e634db2a5b7,1,1,HasGeek.xml
+60daf8c2e3d24d7c737cd3ce182129c92f83bb25df7a66564b97abd5e2bced90,1,0,Hatena.xml
+8f3ad2dc6d52fe31fa281ff5c01e682f9275987572f2843458b7fc5dcb0979a2,1,0,Hawaii.gov.xml
+d23e1458e9cf3368a9340b486e4ed69d17fc5adce0d9d1839e7894ca3e5350e7,0,1,Hawk_Host.com.xml
+591930da4df33140beeaa02531b0b95e5f5dd8dd20879f314626f0eb2b187eae,1,1,Healths.Biz.xml
+04b1d51b64b57d6f1e5e899277205f72008d30b2db3cb6e69d40f7e334496bf0,0,1,Healthy_for_Kids.xml
+3edc0a640e42edae30c61c2af5a8e5b77455186e1d04c99b01235e248e320a5a,1,0,Heanet.ie.xml
+e6bd96b0e0f28e843af136c5fcfe7c0242778ff4aebe391eb57b29f2058a4511,0,1,Hearst-Corporation-self-signed.xml
+5a7c989104fae6ba6f4ee2a80242fab2e700357e5136b4e2f3bb235c6455faf5,0,1,Heartbleed.com.xml
+96303816b6d137a8ff22001e5a124d294fca5f073d184f8765d5fdb83f751f1e,0,1,Heimdal_Security.com.xml
+580d999997747a4097f5114244ceb0ed663803d141aa434b26b978c932efd3a1,1,0,Helpdocsonline.com.xml
+d242b4846eb0d61eb9e9d0e22ccb607616353391445d8f19e729ba9fe142a20e,1,1,Helsingin-Sanomat.xml
+820014421008b3ca657f912ac23f3adbdad002254ff6c94d5004483405ae083f,1,1,Hemmingway-Marketing.xml
+8291b5a137d3ec0d772b70f8d45a726e19b73dcc871494c813b61d0440886a7e,1,1,Herdict.xml
+25d4cb3f8b97c04d2b175c9f3d8e42df52bfc92fce67e743f57b5fdb37e86471,0,1,Heritage.org.xml
+69c3d0cdb2cedd4d13e8e4147bf4659509c178c0939ff2d6e9f41f621b55433b,1,0,Hesecure.com.xml
+95365d0076da114c98b41049f775b4e36a52bf8297842da9d533802ef3317761,1,1,Heteml.jp.xml
+93a85fe7954fb1d3f5226dd1ff4a98ba918d5a5f028d76ad0b519796e19ec8fe,1,0,Hetzner-Online.xml
+f335a4751adf7c6786b7521e5a699c6670cc3af8848778a442c82d764f118c7f,1,1,Hexonet.xml
+406fd610e2e705adefb26d72ada5b00607b27dfe683c2256efecea7ba1ed2e21,0,1,Hi-eg.xml
+7d15b6ecaf6ddcc637969553f0be451889bf2e45df35bfcca50aa3be43afc63e,1,1,Hi.nl.xml
+4307221f40a691dd191221761ecca21f6ef5956badce47258674d0cc030e453a,0,1,HideMe.ru.xml
+bc67427308208352d8a5a1fd4410b16fa545f7b9a6925155b05c146708a143b2,1,0,Hidemyass.xml
+f7af86a5eca73af32fc8ee59537226bf655617bc2db7bddc234ec7f3cae47254,1,0,Higher_Education_Academy.xml
+137fdd1f35698ccd261aec56e9aff59539e25dbb1d19b78819c3cc899097468a,0,1,Himediadx.com.xml
+1654debbc84e77392addfff21481c7d0908bb592c819a281a1d59b242d618e9b,0,1,Hitfarm.xml
+9adfaca1c0c2fa22166e4ac6749d4cfa121293e9945cc576b4530ea2d11a6578,1,1,Hobsons-EMT.xml
+8b5a732d5ccf78d73a0256acb161bf426b82ece7d1c75d77cd7b162db7eaedd9,1,1,HomeBello.xml
+2490e07912567101b6b4e07fe81d9ef66dc72ca97e1a8d3653f0cf32e43bf667,0,1,Home_Depot.com-problematic.xml
+7b460dff8a2b02d81df02b9d9ed829deb2dbd3d850c4536babea038ef2968ec4,1,1,Home_Depot.com.xml
+ac2f39b160910dfceaec540d188711e609245b31953c4a7740b9ddc2e7e7bc46,0,1,Home_Depot_Foundation.org.xml
+2d8e92f61fa2c3db92ca33b37933c4c6d7c9f3deaf712dbd4a9a31c4c4a94f51,1,0,Hosting2GO.nl.xml
+f9324749f745dd11d192d3e1b9664f2ca11636d60a9fc0ec77e1f821f39b432b,1,1,Hostmonster.xml
+caa78015c31b2b090cfbf9889caeb1402166faa48b75fd458874a52dbc06fbbd,0,1,Hostname.sk.xml
+d92eaeca0ceba278ae0843bb88be513630b35575dbfca641218c1115fc4651b7,1,0,Hostoople.com.xml
+95fa1eedf4dd91a07eff39c19a55e9ee97fd25a7b0fffb216c4508df91750aa5,1,1,Hotspot_Shield.xml
+e981fb89c3532e8d634681500de73da305cf7da937febc2a2346ce347fe14167,1,1,HousingWire.com.xml
+6c4a837e76f1df70409a02545ca923c1bef94e7a594fbdbb2a7e417e30d97426,1,0,Houston_Chronicle.xml
+79b67385e5095c34090fccb7de8b28850d1a081a776f5aa319318bd9a7c52d7d,1,1,Howard-Hughes-Medical-Institute.xml
+51a4120fc58d65fb2592da7322ae24629f9de9d2f7296ba2492771e06f062f8c,1,1,Hudson_Valley_Host.xml
+ffa9a50df3e8b93b0681cd903f99fceba361d148f82059e0368c5a98a688dad8,1,1,Human_Rights_First.org.xml
+7c965cb2a413ccd64e7ed9dd9044fe709db367844c8a60a4068a5051f7d5f684,0,1,HumanityPlus.xml
+cdf1b44b1b634ef96a8047c2c063237f457522acc532d4512d652ab469e52f32,1,0,Hush-Hush.xml
+0698b9892d4f3615f359bd0de6822c313b88a06ce3e15723d9e213eaf203ce73,1,0,Hwcdn.net.xml
+dbb782ebee6eff8bdb35faa1bf5ed396d62ff117785f233ff4f9a43fe8e82f93,1,1,Hyperspin.xml
+18c086c4defd26a9dd8a3fabcc666503c4ea63b34e95dfae104088cfc9a46347,0,1,I-kiz.de.xml
+5c03066e85c3aaf26417fe02f012ace3c4a4a650cd9c2463a4adad11f3f22f50,1,1,IAmplify.xml
+efe61764f8dfb9aaa617c1e56fcfef173f66aa12328bb32d162bef6d65f12348,0,1,IAnonym.com.xml
+b7cc4fc999d2a76591c5022d7bd3eec8ccb5425dc9312584de2f5cf1f5b4caf8,0,1,ICANN.org-falsemixed.xml
+eed3b45ec6eaadfb8fb4cbac10ee2dd946026c1bb45ab6e9fcc561c11ac565f8,1,0,ICANN.xml
+e158dbc2b1b6f24c03e24e1418e3c388738c260ff02efc428b534caf1185fae1,1,1,ICIMS.com.xml
+f18922a305bc3be951a93339bd0045ab5ca5b9741009636154eea681291cfcee,1,1,ICommons.xml
+211f626e770a4edd6e49ffa0449a7a34f3013a28e2da645b7297e471ff22460d,1,0,IET.xml
+5d1b07df986b4173849427f9c2d1e6a733f7027140bf3b9aaf4696115b704d50,1,0,IGrasp.xml
+eb4940331c51de8d5bea8ff74cf37cb4eed6371c5c5145dc58deb822690e151e,1,1,IHG_PLC.com.xml
+80113e93b37b37a4b5677a3b5f4468ab96198f2e4f1bb6fe82350d086e21e554,1,1,IJReview.com.xml
+612862cba9dcba8f259b40677fbb0dc0c970577a2ec8248d7b4b264723701570,0,1,IKK-Suedwest.xml
+756deaa5ee5b4d4c35a91db9c5e5f8173617434b69dac01f1017b5f33e5e4f74,1,1,ING.xml
+cf27f352065312c50689b9ef199fdaed72ec399f015a5a27984aae4f6eff48dc,1,1,IPCdigital.co.uk.xml
+4cac21996f65a1e7193902b0a88dcce06b2eca129343e5110933dc22fbd12066,1,1,IPXE.org.xml
+a87eccdb4a57249445db1771438e401dbc678d346083aaf5987566f384e5c05d,1,1,IP_check.xml
+8a66c900d13231321bea6872c759548b1dca37b059c7a1e729c7d15613ab0b82,1,1,IPage.xml
+4cab7ad0efb9a81786846b6c973ea525e4bd99e95bca78435ffa6eccac0f3fec,0,1,IRF.se.xml
+533d5759cfdb30ab6272db8f425bf1d563926f1eb157ae717742dc441b3b3d88,0,1,IT-Cube_Systems.xml
+48ea9aa1ebbed6fb580546fdae5f7641f1f6a3694f028f742631ea1213f166da,1,0,ITPC.xml
+3e4b1b3df1d0421acc6e09a8e2535e9d06a2ad1396cc753bb7d868acc64d439f,1,0,ITU.xml
+024f274cd2fb232792acb65a2c2c2b67fe893b6eebefec9da21f017262033102,1,1,ITV.com.xml
+3b48a035ae7e50023f531d8a79f7f41f7b3289b9a214d72ad9191edc5d596e02,1,1,IUPUI.edu.xml
+dfc01c229e85fc0afad8f20207e8aa59ce2ebc362cccd9258859d4c40e7dd75d,1,0,Ibiza-Rocks.xml
+047c2947f163b74bcfa7c71e4cbaf7b19e2c4fb951dc2bf975446720dd35fb3d,0,1,Ideas_on_board.com.xml
+06fa0e873e4bdea3ae9ca0d8ac78f1b8ee1c7785206d7b4cbe4f2b1dabd47abb,1,1,Ignite_Realtime.org.xml
+19a10f5af3e7219c9888aaa8159acd278ec023e7570d6369264dd4ac99b05bcc,0,1,Igolder.com.xml
+df7acefc4fc64903e803b27bb4d75cb6e9923d329711a4f14e2251e82b85f57d,0,1,Ihug.xml
+d3f0a875d56edbc43be1a9550784c2d199a6809baf1ce23c663030c246aa7419,1,0,Imag.fr.xml
+ded349d0e0b6957b6ecb94f4e85ab1dfe7fa03b1a0ed16ba7531ff3b9cda9322,0,1,ImgDino.xml
+f8f1473f26523608f91aefa8d1b68855201582099478a6177deedd9f2fc8bf44,0,1,ImpAct.xml
+2c56a55203e19f8757d1bd3ac5758338c21eb571a322466ddd48a27f99d3ab30,0,1,Improper-Bostonian.xml
+8e6cf93eeb46bce877ab9685359feeb109ad022109bbbf91a21b941519a3006f,1,1,Independent_News.xml
+08fdfcc35d415a8993d8bcba68b0216bb1343e148d736fbedbf61d6de08ff781,1,1,Independent_Voter_Network.xml
+0e11558aa800c2b2eaf87fff2fcaa7801f5bcf2b287180b9ddb86cc5df6cd7c9,0,1,Indian_Express.com.xml
+76196600f67cde4e2a5a69869eae23ded468e8c8ad6837e111b44ce8104cbff1,1,1,Indiegogo.xml
+69f67c7a6a357cbe15b8e565e6d2afc6b8fc2ba6cd3cfd393c4491b3861fa503,1,1,Infinet.com.au-falsemixed.xml
+d885a05161cc68f32429419ba4b53b0936456a6743206734896c8345467193ef,1,0,Infinet.com.au.xml
+3c43448b0f0cb113e11bd417ce99292ae25d977fd5191687aed8be931bb3550e,0,1,Infinity_Tracking.xml
+ff0dd4bb477d5c2b96ce3ca9edc86f4f449b5ad0688c3961ec8fe048f4c7f832,1,1,InfoQ.xml
+39b2c70087da6a223a686f168f6ce3703d48a89dd0d877c4bb175b5facfe0660,1,0,Infolinks.xml
+f4c83a13d0fd8f8e1248e83706d7426b8d5d39543fc0bab2f054bee91240fe66,1,1,Infomaniak-Network.xml
+9872dc9d2e174cbd02c79c23eb0c9c872c10ae2265835cd1cd6f3ab05a8a77f4,1,1,Infosec-Island.xml
+e8686224d76f240dfa05d6cec4525948de3ddbef03b1d39f83908e935f9ada69,0,1,Infused-Systems-mismatches.xml
+c45efd084b0b44e025939e768470d1ad22530fe4be95fd21e94fb53257671f41,1,0,Infused-Systems.xml
+f17275b6e9f48b06e9f1db362a27de41baf0eec5fe34f484f7c141e9266baae2,1,1,Ingentaconnect.xml
+54e572fdfcc270309db864e7098ba422d1eeb909daa2fc7237d77649dfc4f057,0,1,InkFrog.com-problematic.xml
+abf2bf8030eb7da4165548443a622f0f8504acc1c1e6c06821be88d9889ef1b1,1,1,Innovate_UK.org.xml
+f10ba13a6c5177bddaa25ef0a0bd9520f21fe2985c58603ad6938b5350d5ee37,1,1,Innovation-Interactive.xml
+c241d995f6e6793b43f3ae50cc1832289b1de058e929249ac5b3a8418806f8e7,0,1,Innovative_Food_Concepts.xml
+8f7914e006046e349b25fb919f40317c87fdd9ce249931917c24e48ab12247fb,0,1,InsideUniversal.xml
+449ba10b60382b828cd2a22be490c649e442925595d8081dc5f4affb480d3a1e,1,1,Insight.xml
+4858b9af0edd798ddc138ce6c02ddf6674e9be1574cc775864f1eb2da92fc85a,0,1,Institut_fur_Internet-Sicherheit.xml
+340838024acfc70d6deabe9ee17b085b055d4bc9a80120afc800318808c7fe29,1,1,Int_Gov_Forum.org.xml
+b19c12335d9ab9d9597fbd0f61c3445320de83618fd982a461ef2e42400286c9,1,1,Intelli-direct.com.xml
+f8ccce593fb95122a95fe00918c297e77ce818f5d344510362a3a99417f8141a,0,1,Intelligence.org.xml
+405674d9b11e8e289b645154f2352a4401d377c62570898515365300f4a3208a,0,1,Intense_School.xml
+424764bfede4c1ea62a389e05ba765b1a4e36dd7efd03cc193cb8010cc22ffaa,1,0,Interactive_Data_Corporation.xml
+5564ccb4d32a36d5d2c879378d9f261947d8dda7515702dd761615f6fb399fee,1,0,International-Business-Times.xml
+84e7f285a45629181dd08c4280bfa1293bfa38c3565b837ff7fd262a45c3bd35,0,1,International-Finance-Corporation-mismatches.xml
+127ddf485368851d2dc1f1eb1f64bb100f9397b2fbc05b401f2c53bbb0bce88d,0,1,International-Free-and-Open-Source-Software-Law-Review.xml
+0992d1e0fc55d6fe819499e798e99207e0ce9aeecab77981087ba963581e8149,1,0,International_SOS.xml
+7266fc84a1e6e39f0b812bf791d0b4c8f3705a3070bf41196385d46762dc2ca6,1,0,Internet-Archive.xml
+81b3be4036e221a597bf01d58395099db4a6791814c05bfdb666f9dcc2a8088e,0,1,Internet-Governance-Project.xml
+cab358f32e9a489eaa69ccfdefe364cb36fcb5ba3346874889de9fc875050d59,0,1,Internet_Coup.org.xml
+dc6ff49076759df04ad979467bf83cbb0678098f8162268e128a4a1f9b4a93f2,0,1,Internet_Week.jp.xml
+733c0f0956527491bf6a01d35e097c6df6b84c46e102332096a4fb81973f7f9e,1,1,Introversion-Software.xml
+b00472fc653c5118dcba1528fa24b826ac7a3c90f1724d7966bb4c34b237f936,1,1,Introweb.xml
+463310fdb182747ebb4fc15ab8c38a5f573b10b276ab7c3775acd3708408caca,1,1,Intuitiv.xml
+b8b926a42cd2792106cbee833c76f516fe15c33d7b2af468e29ef66a8694a465,1,1,InvestSMART.xml
+4f8f87e94bf9f3220dbf10f449349fcd2b1eb3a5dfcefcf4c64bf1b7fbae73bd,1,0,Invincea.com.xml
+6b83c7249532eaa85681d638f079f8c090c10b2e099714e498d70930e3a2f867,1,1,Invoca.com.xml
+b2ece42a9c773d4376618d1d3848eb747deba70a2de12185f51e1dc9136dbf93,1,0,Invodo.xml
+848e94d75fdc0df47147da78e0fd4d4c6ac21cbd9c9299ad3114f7944d655505,1,0,IoMTT.com.xml
+7e80592d8efa073fe201542cef44704110abe65a2b0132e1a7bbece9e8936f22,1,0,Iplay.com.xml
+333e71526ec644126315f77e20029f262ecd0746c68ff9a2cfbdfcc16b003066,0,1,Ironwhale.com.xml
+d3976d61894e1f8464f930466936d18aac9056ca9b23f7fc23d97382692b81b9,1,1,Isle.jp.xml
+1661e0be935e93fe17283133e908f52a3d73a05c2110ebb4a95d56343122a1ee,1,1,IsyVmon.xml
+36d12ffb1d7bfed62d6ccd2358a9ab1b004782d42a70f8e76255497e56e1ae48,1,1,Iv.lt.xml
+c94cc0f445874d3f294be079e1c4775fefad5e6bb8d6dec007efbfd060276163,1,0,Ivacy.xml
+dc52614b3a33ffebbf5763c7c2a25158699d866af7ceb86ec83fe1750ba742d4,1,1,Ive_Got_Kids.com-falsemixed.xml
+ef2b06228e963b94bc9c0848ac490cd4516d52f2c525f74812dcfdcac93acefe,1,1,Ive_Got_Kids.com.xml
+370755dacb3bb54bef963a118b65067bb321e839d51f337bdbf0448944708cd5,1,1,Ivwbox.de.xml
+2058d895da75a404225168a25a20ed36618333427509d7252de4bb28563c3b70,0,1,Izquierda-unida.es.xml
+20df0251075e227bd026718d531f83021987ee9c14a1438f3cd7e6f9ac12014c,0,1,JF-Shea-Co.xml
+ce1f1dfa4ffbe1de9185c4d5bf81e07ffa6afd0c0b3c16bceaadaa8194659a77,0,1,JSConf.us.xml
+ea862774de9cabd815710f212b32d626a515601e3bcabab24545c2cc190d1650,1,1,Jacobin_Mag.com.xml
+443e8c4948a9bd307012a1b725a0bc64e97ee68ec77972dec6bb036cf4700856,0,1,Jacqueline_Gold.xml
+d2130738c6e895702f300033327d5e273f6564c43c7f71006f8c288f83cc1b9b,0,1,Jansbrug.xml
+62d30f32c383b9005b247851e85115fd358c8ee752b97edc0d020b0ee1bcec88,1,1,Jarian_Gibson.com-falsemixed.xml
+7d850c502197ea8b2e13688d1f2b34c9b7a44ba657c92faa3b3ed2030dfaca66,0,1,Java.xml
+f895874ee61887214f675b5344b3a35cbe34590a6d27c4c9e33b348f590aa2ce,1,0,JavaScriptMVC.xml
+ba3e53a6684fe796317caf126f87f3e326812dbd09a838bade611ee313da196b,1,0,Jawbone.com.xml
+26c1c6b5233bfe9bcaafb3505cc40fe716ffac3309ff08136944f0608c825d1e,0,1,Jba.io.xml
+b77b4b9c609e0f61ab406d1aa62c5d046514aa6581f420374ef0fc4b7a112def,1,1,Jeff_Nabers.com.xml
+c1df2d5758953f29c992ec2598c94e7e73d5aa6c91d2f8eb4d62e0fdf0322a07,1,1,Jinx.com.xml
+aababc62c4dfc22dc8a9e12adc4364b9a0befe9ec0939060924b587747b8bc7b,0,1,Jitscale.com.xml
+80eed726a6c96bd4f97361b7ee9d2fe2e954fb74437a4e800500399676778e61,1,1,JobMatch.xml
+f1a84ec3b3e0e934ce0ee5517ea0b31cb7ba152de5278eb0895bb07023c6628d,1,1,Jobbik.xml
+33d8bda4d79682eae0ad704c6f834650e7054ab4a71d1b64cf62becfabdf42e9,1,0,Jobsgopublic.com.xml
+ff5eb876669cf155eb33966d0cdda8a88942ccf55c814b14addbe51e52db761d,0,1,Jobware.de.xml
+5d2c47c29c532a62ebdc816bdc6dfcbe1e573c4b5e2ad7a35f2288ee3d58c3ae,0,1,JodoHost.xml
+c13076995d5856791ee7814d103be8fb0afc12db160318575e4e35097fe599ba,1,0,JoomlArt.com.xml
+49e14eb4dbfb8cdd922261721b0b57280076bda7b75b59396dcd0a4b67914955,0,1,JoomlaCode.org.xml
+c979cb8a361e3ed2bf5032f85b8aea715a1bcaea1a278635048ec26d4e59240e,1,1,Joseph-Rowntree-Reform-Trust.xml
+101fd87908eecba0acf9700f26880592677e52c7d8edc8638dabd72dc06476c2,0,1,Journal-News.net.xml
+c621d4ba25d54b2ac74584129f4234f43b52d2bb00a11b49ef04dc15848169d7,1,1,Journal-of-Neurosurgery.xml
+878f0efcd4fda30f3821e5362986a41446a368b644fffa970eaadde331595bfa,0,1,Jubii.dk-problematic.xml
+139643e1ab4ac096871a49767ed0ea197a72a6dad80556b93ff55de39a577bf4,1,0,Jubii.dk.xml
+fa67059e40c7d86b9f448f529446594ec9f24e9293365e478a6a9e4a18c0cd29,0,1,Jugendschutzprogramm.de.xml
+21937f0fd2a36647290096e83c0db7202e391611c11760e4cd68edb237a4f7b5,1,1,Jumptap.xml
+4b35e98b981f9df97de267679053b07d243573d98a3b6c6ccb0cd6398c50fd35,0,1,Jusek.se.xml
+4f66a213e609f141d907611e755bf0e4379e737428775635060e8cb0bd91ef8c,0,1,Jussieu.fr-problematic.xml
+fb593e8ddf88bcb1d1508da06196adc76706e4a163a0e8ceabace9e8a5bbf42c,0,1,K2s.cc.xml
+a6a776e8e5901bd6be4af8ae581f0f74106f78b5b05b1b4e1521ff7df28c7fd5,1,1,KAU.se.xml
+7e5171a47befa926139743e6067915bae25cc403dbf0f588f7864ab606739b62,0,1,KKH.se.xml
+a6450ff330b90c225cc405c8f5c623dca8d7a80a0c16a3e58be546feb7ae886f,0,1,KMH.se.xml
+c998b1cafdda9cf06478f163ec72ba97ce710090b671180ceed391173d43a574,0,1,KOP11.com.xml
+c862e0e1a6711961135955912f1b1644c5e9dc31eb2966415367ebd39f434774,0,1,KPN-expired.xml
+18bd1f18f953302be45bf882bd9b3b8f6a738d8f6e1f844dab416d95b018b248,0,1,Kable_Packaging_and_Fulfillment_Services.xml
+f021b6ae3956e22e93e03da6a5ac8de94048821b7a588bde2b55940c9a8e5d17,1,1,Kaiser_Systeme.xml
+6fa233a4df630fb7dcb886a508843290392db8506e73a1a7da94954db2affa58,1,1,Kampyle.xml
+911f9f57dd80af37a918d5c5029a1b4d156298e48a029e7aa9497beeda774ccd,1,1,Kaneva.xml
+0d020e8196630cf58db7acdcfaf794b8eaed3ff489057148c718c3937d8fe03f,0,1,Kantar-Worldpanel.xml
+4d40f0740ed2f847fd8c22c07325ae9fc4a83b1a17668dd707ca61a2bb37af8f,0,1,Kaos.theory.xml
+aa9386df75242bb212ece0a1276439722214b066f3a533f48cd1c9ef722f5f7d,0,1,Kapsobor.de.xml
+cf193dd0623511229492237f7c7a1d06bb27fe241d5bb641cae8994407a54668,1,0,Kariera.gr.xml
+6ad5cc64325504eb05b4d56be62b0a8a17f98847e7f12784b18b75a2326b2393,0,1,Kasimp3.xml
+2533dd6d42cb718667d11a29e50393d300b659dac2e9c62a5954b17aeb915c71,0,1,Kathrein.xml
+8c3308c7790fec725f31e846d418fb1fda636beb525f9631be1cf2c9261f4672,0,1,KatzPorn.xml
+2086ed81e93368551d121b0508a0ae28a1d71f294f1ec7b58fb5d1d21b9380c6,0,1,Kayak.xml
+679dd719d00e4edf268f1937eca8d034fdaeaa5c0a744882e2435f342656a19a,1,0,Kayako-clients.xml
+a18f5ebe00ba0edd8322f6c5bfcb1b9db11fc1a04fa28ef93e2c91fd12bb04cb,1,0,Kayako.xml
+68709a34f51a5fd997ec08d97e2c0aa2330b4ea1134bcc5e11326893c82c9913,0,1,Kdoes.nl.xml
+acd59b926980f2e6a1edc1bd896e12121eb5ddbb7b91328e6ab7dec96b887c3b,1,1,Kei.pl.xml
+b67160a2bcb46424224f756e56dfb804323c2446e2161554d1d1015b64ab32d9,1,1,Kenai.com.xml
+cc4ede67cbb2b5809ac7bb84b1a3e4364ad98f9f3fc139ac38683c67256750a5,1,0,KernelOrg.xml
+911d17e381f38a6bc6ef545f5ca260fc0954922ed63bf05e2f7ca0e6035f4535,1,1,Keymile.com.xml
+5fb3e2cc1c993880a2f59cf36840a623d0d7f329e31b725c711619d78031845b,1,1,Khronos.xml
+12ae40cfc95aaaae2573664fd2fea40b4aa90e5adb75d013953225121bd38361,1,1,King.com.xml
+4b71dc7dbecc49f2b48f869a78b2cea026dc9eab9ee6627a49581d58bbf936a4,1,1,KingHost.xml
+22da148d8b0d0314b3d843781fd3c72bd14fbfa68fe38c808faa9e57f7a56aa3,1,0,Kirjoitusalusta.xml
+c945235a8c454c4c16e6974e30e93b93424b69da591daa36bb76e7fe25157cb5,1,0,Kirkus_Reviews.com.xml
+aac83590b0080a78a0b254d8cef88f132b0d609d2be69b2744903b627e000951,1,1,Kite_Packaging.co.uk.xml
+bd7d290a024a52feeea17c0687d34ed0412dd25138985aeb137ee451ff253b44,1,1,Kmart.com.xml
+8d12f9d79c207c30d5319a01f740f4a73681b5c5b5973fc74c6817ae87f76534,0,1,Knopper.net.xml
+52d6def38db07b96638bcde23b5b25c7872a170f91e482c676b5fd95d92be4ea,1,1,Kobo.xml
+60795a9ecf4a07f3a1a334fb06b698d5019c69bb24c1f395932ba5c6322ff747,1,0,Koding.xml
+900b42c2f9d1ce487f4de696a98cea74e452b7f9cf848de6eb9c8d8254784e64,0,1,Kommunal.se.xml
+7b7771e336e05a84d249ba6c7a5693e82edd32524986654d9f221d8813f93ac1,0,1,Komplett.xml
+796f232394138ee9298ed061fe587c009ab2a399f9d4db5fb77a07baa51c390e,0,1,Konami.com.xml
+d417f481fdbe9c2100592bf164c92feed9e2a9f8c989a8267012fb2bb4a294a1,0,1,Konstfack.se.xml
+c61197b469d6020a7cf8f4aacf5ff2c2af8a4903f35207fdae2fe0f81a370d85,0,1,Kraxel.org.xml
+70ea6a47d4bc8e3031576360df6556486307c552f6262b899f7f5b57dec7fa27,0,1,Kryo.se.xml
+3896c91714231d5364509bb35080579f7e57d4e79635b73e98987a83c0130e0e,1,0,Kryptronic.xml
+318a844861fe3efe2d779a4ebe1fa76f5dd22aa13aa7593b4ca05cd381f4d258,1,0,Kununu.xml
+53f972ce676848f11352f5c892d485ce971910da0814445e0a42662963eff652,0,1,Kuther.net.xml
+a62b1619581ed52ae2af7e41fa9207f1f557d26dad30077504608f30962785eb,0,1,Kvack.org.xml
+885092e6b3fa8f6489a89df450f876ad0eea51159c22f216e787e31b9e8a9ec5,1,1,Kyani.net.xml
+1e8699cf15dba86d69e26fb49441767a96265e2bc93408c5e0a5807e788ddb46,1,0,LF_Hair.com.xml
+c6af0bb28a0493ce2106970a3acdeadfcf1dba65e1f56a3244cc30daa5093c50,1,0,LG.com.xml
+e4115499b76cbc58fd655c147fc8ac7d5f4df58d2d83d0b9e754f04bcae2cc31,0,1,LKD.org.tr.xml
+f180daf50f99e6d294efe3cfa3782b3038ec3c34a48667dc72884554e2d2011a,1,1,LONAP.xml
+6e1614a42fb6bf41f161fb271e2cf441359eefea66a5de92ae60039337adf443,1,1,LPO.org.uk.xml
+7fd1c24a4f4664d94bd4dcbb1b3adf923768304192d282339008431d1e86d086,1,1,LSE.ac.uk.xml
+48d0e26e10e9650974898fbaee4e55861b58e585a8791e91472fc1733ee15d15,1,0,LTER.xml
+d83b6ba8eb9854f82349c1cb570e50cba577fb736a3ac89ef55868ee18f76463,0,1,LTRADIO.com.xml
+d3689ecf97752c8573fd559c68beae3b96bf66cc7a7e045a03f0d1050e6d3b48,1,1,LU.se.xml
+cebe40f289abe5d6a7ba31addbc3a99eee1003e22b2431d7ecaa4a7f2290f151,1,0,LaCaixa.xml
+440e3c3ec61a216fd7754eb08d64a06e73366ddb91e20c952543667a86473e31,1,1,Labels_by_the_Sheet.com.xml
+9cfd769231672625b8576733968b9cdccd500feac77f6f1510f30ed7f70959f2,0,1,Lagen.nu.xml
+82729f42964fb00d0a64961bed6138a79ae1222b15d76cebfc875163b1dee39a,1,1,Language_Perfect.xml
+8fbfb34c2994d782ce1ade635b78401d5a869fce79d309a6a5993640f8e2d552,1,1,Lanistaads.com.xml
+c01f9d5e0f0ef9ec2db156bf19729febd55117a48db33e144075f98a9e96debe,0,1,Lantmateriet.se.xml
+dd011e0f5fe4e3c951182b87f42d4c8da475b71bda1266177397782766a60a3e,1,1,LastPass.com.xml
+1fae5026b085ff0376c53284b2b7536230bd781b79f4be08506d04bdc7ef1286,1,1,LaunchRock.xml
+91ce0132d8fa941a30990cd98fd6a038a48e77a6a0c39d678bcf3823361f9625,1,0,Launchpad.xml
+bf3030ded18c245aa1d051c849660ef9807cbd9259da24dbbd0a5c12cefa65a9,1,1,Lautre.net.xml
+88c874136115bab5c0c463dc21b28c2aec420648b71c12ba9af82c4f86919cb2,1,0,Law_School_Admission_Council.xml
+329b80614b84565bba78c4cf3ebd40f2caf60cf648372f1deda76b93564693c8,0,1,Lawn_and_Landscape.xml
+f649aae090d1c7cb5e6329286ca40bc52e4085fd4d43d022ac986523a689f268,1,1,LboroAcUk.xml
+a6a354b175f07f96a7c2cd4ce4a00e26cde800c6f6176f660a59ae918cb56d91,1,1,LeadLander.xml
+e300d073903c53373ec3c3a839d324681cb79d4032894084c81bc40644863fbf,1,1,Leadwerks.com.xml
+acab086b0a34bf5d315b8292d4bdc886c9c30f77f9009c19417f85feb96438b3,0,1,League_of_Legends.com-problematic.xml
+e6045aab54c1eac855a6ffb4d28436677e5ce1f20039adcfac9475984867a8a8,0,1,LearnShare.com.xml
+e400c587a600d3ea1d156ae3063bc8aba863be12423441d42d9f56bc1c2b0516,0,1,Least_Fixed.com.xml
+9f95173fc7274e64f6258a7fb7e27acc4cf781d5f78efd28ae81ce97465672a6,0,1,Leia_Jung.org.xml
+44da4c65f5edbb2ed09326db6bbfe7bb0dd769545bf2f34f7eb8071d0d78ba3a,1,0,Leiden_Univ.nl.xml
+a3ef9c0d822a74a1fff679e554ac079db0976b0c53fd85a2362de2cf6012812d,1,0,Lelo.com.xml
+eedbe4c1b73b659f65c1b47b6b0a0b08e5e4ce32c8c96b82fa8b6e4ad2f5ead5,1,0,LibCal.com.xml
+6496d6df922c6b28f13e369f2925655f9c927c171bf09ecf6ab284ab28690b75,1,0,Libdems.org.uk.xml
+82d91c9bfd424f34898c9435240f08ba68083edf2a2f14eeaab224ebf245a606,0,1,Libdrc.org.xml
+4da6941625e8c737ccf9de80aadd671b78aab17d09bb0830557256dd8f3a6ca3,1,1,Liberal_America.org.xml
+e4ee080f90c4502d02852289bf7ba13986f2a06816f581dee48cc61cd03a4724,0,1,Libre_Graphics_World.org.xml
+993b07ba4b30101d7b4d133239b7a03ddc0d914cde338040b53d7871bedf04b1,1,1,Life-in-the-Fast-Lane.xml
+ec89dad60d6ad5181f1516398c0f565bca357a82f3e05270eb1f43dfd8283c11,0,1,Liftdna.com-problematic.xml
+91fc0e64deed78bdc5e964c46ad97765ae536dfc279fd42b8828f66653a1157b,1,1,Liftdna.com.xml
+3ff02692d6dee89e9579eee5d73a0e4cdad3e9e7a75ad9d0509b8abcd2fe9f5c,1,1,Limited_2_Art.com.xml
+a8f163ff8c42d612e5f6246df52033522d0264a77b677f2cf6c94219e5822f8c,0,1,Lindy.com.xml
+3058c9207313b250a6cd06db40b80815b52ba3ce969915bf1d4d19e70a5e84d6,1,1,Linn_Records.com.xml
+abed76a1e5201dde504d6396473b2961c66f1362ed13dd21c4805178430d208e,0,1,Linux-Counter-Trac.xml
+7aa31325bf3afc674fef9ff7fd6a022945a077e10cdb903ca73ca0227b01861c,1,1,Linux-Magazine.xml
+8704f5a37ed8b963c85260397289542d0d55eefbe1bf6855bfadf0aef5db1c16,0,1,Linux-New-Media.xml
+b116fbda85f0cb005d48ce4950f6f1c0cf9d1bc136bcc23d488a308c70e6737b,0,1,Linuxpl.com.xml
+ec41d249213aad2809c091e338ddb5eb2d3b97b335598082e618aa5814ce168d,1,0,List.ru.xml
+22ac503a66245c7042a817c200fc8c2a4e63d9e3287eb6d050fcda8623e65eb5,1,0,Listonic.xml
+935c7b3c73fefb6f6980cbfdbc828f2d89cfd8c8f8a51e1de48fcf78822e1316,1,0,ListrakBI.com.xml
+3558ab8db745d3b527d28ab5fc0dce1559dbe191d449b27d09223519354bc135,1,1,LiteSpeed-Technologies.xml
+9797c1484a96176ae9397050a435c54f9d0409368785d4355f14e6d506fe144f,1,1,Litter.com.xml
+36f0e15f0557defe9ac96dfe9ea3853af828688300ff6c438228f0ef4554b97d,0,1,Little_CMS.com.xml
+fe52803da1f703cfe9990e08d740aaba64f6d59c459653376356b5ecce922a7e,0,1,Littlesvr.ca.xml
+9c64457952ecd791e6df609d14cbd6861f04be1850e16fc064b86eb5042d8a75,1,0,Liv.ac.uk.xml
+0d6cb0837aabdd3ca8fbc4de6d3c8b1e60092939708186f1ecc9ca3e38ea0acf,1,0,Live.xml
+fbeaf8dbd06fc62fb6217d020e5d4401df8539e62b29c3d1af073ff07d52ae00,1,0,LiveAgent.xml
+e3d7781eb8af6d39d6b9ce237e46688f6615aec94f65cb2a54a87e167b0c2236,1,0,LiveJasmin.xml
+b39a16b01956252b32328acfd50d93cd04a0a33ea761eec5d5fb9df24a7d56fe,1,0,LivePerson.net.xml
+4df0e6a98068a7e8df85af4cb7248c048fbe6b5fd0bcbffadc7d155d8ce52610,1,0,Live_filestore.com.xml
+627f36782b5c58008a53cd2d0a4161d517705f45ecf809ebcca7aa06a6510fca,1,0,Livestream.xml
+6cf957e7613bc938177a082c0f9ce6b5773892518127b119b3444955c853d542,0,1,Liwenhaosuper.com.xml
+b250fbb7e12444692db8db24a0d8e51c9c16147a0bc0aa62599c05e6730f2c9e,0,1,LockerDome.com.xml
+44259251bea98f85ceb968382de8eca6ae98b9b9f6e42624d084cc06eb06af5b,0,1,Logilab.fr.xml
+097184d64f94a5c2eab91aeafdfc13f46bf7ccfc9d08f93e2524e20cd27bcfe2,1,0,Logitech.com.xml
+fd7e40226e930ab0f0ca06b65135ae1934840ed6077517bc1e3500503d680c78,0,1,Lokus.no.xml
+310690f227575180b1c3d8106079e906ac8c7d09b3301ef20de06c6ef723dde5,1,1,London-School-of-Economics.xml
+e47e410bcc64b4fbf107fcbac795a208e8fef9de4bbb8cfba3021b6a48e973e2,1,0,London_City_Airport.xml
+d7be9fab34a3d4a4aa00274545cedba1d569fd9344b46ecc8c5becb72d65d510,1,1,London_Hackspace.xml
+1952a95014630e2577fe966477723b32b1fe9004fd5ef2614f3717e5f6e5acc9,1,0,London_Review_of_Books.xml
+fdf67ed29757f0b2cc46d0c5beb73423f370f575c3a0192f8521e304f515750a,1,0,Londonist.com.xml
+3a16eb66437b66ca8fcc39076fa6f076e16ac3cb266af78debf75821a00aae3f,1,1,Long_Now.org.xml
+b2995ca65fcee921a0ec6e98a46d58772ef94f15817612627be142ecfd955c22,1,0,Look.co.uk.xml
+57516f8bb0c3c1af21b87b8b56b90f73ba952233ebf84d7dc5b4c697c21d1441,0,1,Look_Dumbass.xml
+eb71a3d0e0dcdf8f11f913ea38de4dbabe6924867384a0e08880c7466ba719da,1,0,Loopia.xml
+050bdb8522be2fed28033b318f7565def40681e0fa6de20d5175f41beaedf4ad,1,1,Loopia_secure.com.xml
+371f6fceb21caebfec3db3964b27141b5e00853315f431211d364301a45318df,0,1,Lords-of-the-Blog.xml
+62696a22e184c3f9a00d284aae7b2d249d58924957d0e8530041d66e0663bdea,1,1,Louhi.net.xml
+b9cf422f24dbcf3ce37fd654d260225348718ebf0ccc95d5060c4548e78e53af,1,0,Louisiana_State_University.xml
+d9d7001e11d2f9b2efc903ec39a8e0f0305f92a906c8f14db83627553e2fd718,1,0,Lovemoney.xml
+eddfa38063cb367bac3f2aebb2046bf5da400a0aef9cabedb9f7c6a4efdece8c,0,1,Lucky2u.net.xml
+fd8b6a9765c43949419ebab9dd91b8ba4dd6e350e7d4e1630edb8fae846fee26,1,0,Lulea_University_of_Technology.xml
+341fdca4778460bf1d7065884806c47c687fa52cc1c0e340eb3e0a53a3a6350c,1,0,Lulu.xml
+2d76724c1ff69dc9e9991ed1fdad701efd342e25431e0ab1689ecf981c350c35,1,1,Lumension.com.xml
+ad8ea5a90b1261249a8fa2448c3ff8165a8f13d73c357d610f16b2887e1df7fc,1,1,LuminoWorld.com.xml
+14531f584541639ca40d261d437c4659136bdb5772123a2527153919ace57ca7,1,0,Lumosity.xml
+bc8d53a934a8e46ead8ace467acdf5066d86d92d2f6f96c50f4cf4fae6d08f0e,0,1,LxCenter.xml
+a1db82defa904faec2c657e6ea22941e1b148f1e81cf35a58c40803424b6b01a,0,1,Lyft.xml
+551b122a2c152e388af55527367654016d5ba842ab144283c167b58436adb58e,0,1,Lynxtech.xml
+a111d5e3f1ad0f13c289431dcfe0282e42a9c88407cacdeca47577730a6a52dc,1,0,M-pathy.xml
+0543d58e7108adf6fe77cb43048db92c7284bed3903d22b30f3eac8c0654bcb4,0,1,M86security.xml
+c3e5082c4e57ed4c21107f5c05ef72a1fb33337c52b189b8360e41d57a8d268c,1,0,MAGIX-Online.com.xml
+377b1c7c98eb1ce1620a59edc315979347cc122ae5db49eaad58682c75f05edd,1,0,MAGIX.xml
+d46b3cb7383190722524604ced70583d6f4b42eaa79759186178b801e97cd05c,0,1,MAH.se.xml
+5cc8e9306a41a8e604a989ddfe777d9a560def287d8d4bd52b66df140610b5e5,1,1,MAPS.xml
+37dcf422788ed62d64197cc94af1c3d370c5936012db3caaee096c660a13bf93,0,1,MASSPIRG.xml
+3735faea1cb252d9a861985d3e2bd384e966b23f262e35d71175a878eac75593,0,1,MASSPIRG_Education_Fund.xml
+f2397e312d6ca68064f4b41df875ac7b7d1119332b020b4dacb6b8791a31bbb4,0,1,MASSPIRG_Students.xml
+a06c502a3fcac95756c576331f195baec2aec53014846bc08ca6f371eabf4d3c,1,0,MAXROAM.xml
+fd45d0e8767e26313781989617a3a068a35913d046a20ae46d47bae9cf5e4078,1,1,MCM_Electronics.com.xml
+e18e7618918c0fbc433386a096fad69825d0d259adb9acccba7661d5214b5221,0,1,MDGx.com.xml
+4ad79cf1cfd79bc4125c5cb83523560dc2c807adc28c3c6eeeae02a263f336a8,0,1,MDH.se.xml
+598f57a1cb07bb40a706984bcd19a35251f2df3b353a3c959d16c5eccd2f043d,1,1,MDNX.xml
+68d5134dd8eead364ed06ef6cc93d0b5177554f68d434f5fc628a3940454bb00,1,0,MGID.com.xml
+09cb67edc92fabdfd6ce3ad9ed0a50a6fe0176b9a963ac378e71b5e28c8eba71,1,1,MIRC.xml
+29fcdaf098e9079dbf7d1962edc0c29be9fcb714083e40a5019e7e6aaaec6320,1,1,MIT_Press_Journals.org.xml
+c4c92a7376681ef0c76224dce112d5b4aa7f3e765e1d94c5065839d75e7066a6,0,1,MIUN.se.xml
+ddc3203f686051186b20b88e459820135eaaf3aa50e5c4816c456d6445eb152a,1,1,MLP_Forums.xml
+03b6f29831d19024dee4e4cb3ac615574e779fae1b58a1c6d24acb91fbe4a850,1,1,MLive.com.xml
+3f5c7ddd043ad508aac3e6159c76e8bd41fcd37abdaa141cda95d8a685e20cbb,1,1,MND_CDN.com.xml
+976d52fd450f842cd7b01a773c0dc0cbfdfccc344170c16f62e8b06fd60b6dc9,1,1,MODX.xml
+16b17f054165cde5317da14eabc04cf40ed40f40f187a46a39a7107e46877ffb,1,1,MOOC-List.com-falsemixed.xml
+d5fd944719061d5c68cad846b8b479a3010bdd26ea072f677c0e77b09ce61746,1,1,MOOC-List.com.xml
+a142071929daf836814bbd8993688ea5e23a307b416df19553b09cf2c0a605b2,1,1,MPI_web.org.xml
+444b4dffc566a507319f9943d574f27c301f9d5a6af47ee6b85c9907886188d7,0,1,MPNewMedia.xml
+9f8863196cae74202e26c3d6ab1e50b57571f3c2ff4c6f8e5f82638ffce63007,1,0,MSN.xml
+15819092534ea0d06610f93be60d08860f430b49dba04ba701dd2ae56358a227,0,1,MTNA.xml
+7378e66420ddee33fe3189f9e9a7d611bc9e15edca5d8ca05c615a4cec99c992,1,1,MXGuarddog.xml
+9d231e863545aa6ab658902eec4a64ef6340e10f2fb03959c1108aab863f0d3f,1,1,MaaS360.com.xml
+342172ba363f805e1ff97d22dbd3b19a94fb46633f0d119ed9c353b5d2c9ebb4,0,1,Mach_Comedy_Fest.co.uk.xml
+c3367a69fe543bb4508508bf1032147b95bfad9809cbacb6f3ad3230024336b5,0,1,Macmillan_Dictionary.com.xml
+5a5895594dc8b6a1eb3ffb163f2949bbf5dd4e4a4608ed0b3fe343888ace6b58,0,1,Madstein.at.xml
+2853bd2dc0ad3ee1682f673571e0f9858829a8503f84673355950412524eb295,1,1,Magento_Go_images.xml
+60989fd88c2086073515182374adc54df5468d6e52b9a4074d0a5458e64b8c1a,0,1,Magictouch.com.xml
+2a0aafbaf384dd862dac3ddd0a7d9f0556cbdf5d5d9261a4a1c2edf12cdddf6d,1,1,Mahomet_Citizen.xml
+a7211ec19cd45b14cc36786884e3f5be9868dd63c1f1d9f2939c44d9a989e4a0,1,1,Mail.ru.xml
+0632beb9d9a8352ccf4e5abf6f4d129079e6be6a8fd030b89b240b9e3e5002ca,1,0,MailChimp.xml
+0574f873d084aeaadad6583735edea0b218b81a37d5205d2139a44ceacb21554,1,1,Majestic-12.xml
+eeb77187de3efc6c07b20bfb15ea4ffb65e95a906590f64bb4e2d85d3841a52d,1,1,Makerble.xml
+b7aef7f65c4126ab478fcc112a410721f9b52c70411e7e3ae239e275a22bc45c,0,1,Malcontents_Gambit.com.xml
+9e5f0fe1c8a73005f1bd9cfe7afa55e8e26908217555a15258c7ee8b389029ef,0,1,ManISec.xml
+3b2860a4494f8922f5b894c16b5c4fb0117cd9d79a785e836ec6683c02e08a93,1,0,Man_Group.xml
+f39f688438cd966643bab96109eb5b3e9d09649cd2913114ddef762b8caa9acf,0,1,Manasource.org.xml
+78acea4433a1367a7a99b78a26aabffb4433a766249b1eb32980e00566bd349a,1,1,Manhattanville_College.xml
+c8f65ca4abddc8b724b21e1aebb0d86f05aafd81c069e4cd368b3742d6b2a59b,1,1,ManuFrog-Webbhotell.xml
+68b4aec318e2003b40efb7bb11ac3dc92a9863d0c3b69a951d7f539a04ade8b2,0,1,MapQuest.xml
+bb36e083bd6761afcf4680ae0c9732d527f76a56e4845282ab8ae582a4024632,1,1,Mapraider.com.xml
+9f234dcd1e04c8b71b11dbfde4ff22c7ddf2e6eaabc3246bea8fc88403c4f1ad,0,1,Marcan.st.xml
+1e46e7c62c3c77d880aee1ddca06b25ec74c1c254f6e60c859a775829b679c50,1,1,Marie-Stopes-Intl-Australia.xml
+ae8efb072ebb5512ceb7e10c26d0b77612b368f5e20fddc50e59b8981fe10fcd,1,1,Marie_Claire.co.uk.xml
+f4c7dfe45cb0e35365300ce654feec069c5f0d57bc74d8f9b3d1941deb81bb17,0,1,Marin_Software-problematic.xml
+38c0e8fefcb929a1f8d50056c8ed0f84d7d885ef51529ad3af864bd78dc50935,1,0,Marine_Depot.com.xml
+72758fe8adfba1c718c27136cec21c089ac97a42aeb402bf9c53299668c72bb7,0,1,MarkMail.xml
+f8d9d668bf042c8eb63d92d924fa41f1b32d844414fdcecaa99a4e1c32fcff2c,1,0,MarkRuler.xml
+122a211832b9a5584f9367eb69489c8ee7323ba094af5a6a9b180971aabe7869,0,1,Mars_One.xml
+1eb3974a972e513bc37156dcd2d9c7e1a5605e957b196e753b5d58125896018c,1,0,Martha-Stewart.xml
+9774fbbc10a1e454d34b8dd2ad71ce16e15b489aae9472cf7c3330bdeb2ad483,1,1,Matalan.co.uk.xml
+4d52d23f40bd3606c43a447009e70e8cc92fb90e447f90988b9e742cbc4eaf62,0,1,Mathias-Kettner.de.xml
+886fdf64e35fbd1865f527901a8f71de87deb8bbfad48644c941b0faeeef73e2,1,1,Matrix_Group.xml
+def0843b236e6cbb3c41ce1e965479cf0c047278de38066a0ddb521e2e0d9490,1,1,Matrox.xml
+3956202a31b39b54bb350eb7c1c8fb2fe4421fa8e9fba93086c592e3727fba26,1,1,Matthews_Marking.com.xml
+2f36b825e79c48a62ca8b028588f001db53ea1c7e5bdeecf33846d6250fd8db0,1,1,MauivaAirCruise.com.xml
+9ebc3ea0b4f8a11d654190593216f2dbc2c849d75bd5d8769ce94ccb904b8032,1,0,McAfee-MX-Logic.xml
+21a0b0ab411510fb0d7f258ff953a606ab9b6cc190ec220254d0093d01a774e2,0,1,McGrhill-Warez.xml
+9f22004e6f050351ce543abd73bf9db38c4bcb4f3f691bc452d9f56362db44f4,0,1,McWhirter.com.au.xml
+54c5176a7393706ba64638cd6640cd03d970cdfe886fb1c292ab5567f5e01372,1,0,Mci.edu.xml
+0a2c162bca04cffbbb71b72948bdf6ea13d25f94c711e7cd851e3e743632476d,1,0,Mci4me.at.xml
+169f5d7a71d2a565c3db9bf616e59ab2c87ba135adcfe1617afdd6ba70db5c26,1,1,Mdgms.com.xml
+5c3f9e9594fd2136e76be06b682e4dcf281c5b4153eaab76026fd527212be1b5,0,1,Mechon-Mamre.org.xml
+cea6114526cc90715d8174513f29d6b7ea23c8a4787b35af2e4b59e41684b60c,0,1,Media-Proweb.de.xml
+2206b712d3da7e0b72ae87eaa7ca8e2c011c0285df551334334b6e6748c9f533,1,1,MediaHub.xml
+b35ab67041d795e2260b394b27c747f3226fe8c571e5a75f32526834f5f63620,1,1,Medialinx-Academy.de.xml
+dfb0575cda4b5cb197cc01897e864d2ed67d34dec1b9289895e7769ca3aacce8,0,1,MeetMe_Corp.xml
+a4aed7603a88fc03be501913cbf43136d92eee09e05a11b14cefe17e6172b515,1,0,Meetrics.xml
+d3b4dcb6411b0768f63f82ae89e15b07f5884e72f0b49398318e885b1bda1c38,0,1,Mega.com-problematic.xml
+0660211f8fcb506370363c91068a9a402402d4b809bd2c2bc61bf456b31c9469,1,0,Mega.xml
+e7034b4d62408593651f88f6fea5b58f9d7ac86cf01b03f8e56adf9ca757a9dc,1,1,MegaFon.xml
+4821002c2dbbe557f459c6cc0cee428616bd727f65f5a071002405e2cb370d7e,0,1,MeinVZ.xml
+b5541e596d343de6ac7f39223a9fc7c06ce47c438d9defe9116ba674062af063,1,1,Mellanox.xml
+eaef01e50024132334d995f459f0f3fcc9e56637833c501e91dcbd8dfec3073b,1,1,MemberClicks.net.xml
+8e0ca904341babe60e7080dd25ed1505f401f65f411e3d2092ff224e89cbeaaf,1,0,Memset.xml
+2271075dae8c3cde242f9bd187beb4e3874b1e3ed1ba167c70316ea7c881ae43,0,1,Mephi.ru.xml
+e036d076a66acf5d8e573b652b5e6ff6639d9ae0972240aae7676cf90e06181b,1,1,Merchant_City_Music.xml
+3e01012f7f40ac9c65f818ec9b1b3436bdaa18caa6c035be148c0630fa78a7ef,1,0,Merchantquest.net.xml
+30a1773b432db408705a3a3b1a5aec86d29006d7dfe739785beecee7b32a5c55,1,0,Merlinbreaks.co.uk.xml
+09478a2ec96acd68be1fe48e5dab2a4efe07075bc2415135c6b53cf64490c562,1,0,MetaPress.com.xml
+fc7e04f2a722f87b5dba20f6a548c1d26df7facfa98be2e09962d0b86506f34b,0,1,Metrotransit.org.xml
+02d77df85e09523445e0e86b04f0bb16c67bf3362b2e30bc29cba2af23ce2a0c,1,1,Miamire.com.xml
+7a9bc6518b843c943c645a850b84955939e8526e622f417732e751f6a6b50edf,0,1,Michigan_Campus_Compact.xml
+7b100b62a23d14a4e21a5f4775ce4f523326901c2464aeb6299fde517c42e32e,0,1,MicroSTER.pl.xml
+2c0230f2cff2ab22e873fccddd77ef7eb067a5af8b1ea6ead19eb11a7fe17e11,0,1,Microchip.com.xml
+575e8ecdacdfef4516413c432243e7a300b6cd70ed2a28fb17cdc28178946f92,1,1,Microchip_Direct.com.xml
+b195c75b64f391be38bc74da007cb9a59fd8a1049291c5f949b5847b16097641,1,1,Micron.xml
+206bb3a607259fe71f807da8d8d846aef174f1b18c220ac4871c6cf75022c4d2,1,1,Microsec.xml
+cc116d939b4a7d55452b99fb630fc82b7551bdea86eb7af4489a004738e16383,1,1,Microtech.xml
+b8f227cec9b319b4ebcc533515996788f2c7b780d487555edc3ac4e0433110b2,1,1,Microtronix.xml
+581745a360a493ced8c8bfa3a0c7a254f8849914d044284b63dd6400ed6f1e53,1,1,Miles-and-more.xml
+ea215ed16accf736366b380b06667a98ae300a6624277cc4c0b00ef82b87d316,0,1,MilkAndMore.xml
+6028c542090a205e31ad2cc71d109b7fa9f689e1d15064565afffa289860de6d,0,1,Millward-Brown.xml
+835ad6f02f0eea1e5a30f1bee9bd82f033b98f98c3e00dccae023635bc45ec84,1,1,Milonic.xml
+add16d917823cae95cb8fd37fa16fc8a30fb8abcb40d7d20317ef40115edaf2a,1,0,Minnesota-Public-Radio.xml
+9a6e79f0a137ef90758d5c9a6f4895963394f6841aee72f9b07fc458f89af5a9,1,0,Minted.xml
+aefdba42206c35b8b4c727e5174beca2cc9054e71405dc1fb04e58935e610c22,1,0,Miranda-IM.xml
+1c912cdd8a192d284723cd6aa022312be9af7d9d0f153ebd9332012212f7edd0,0,1,Miretail.com.xml
+05bdaa40888fb732b2dc4381eaec841becaa28c3a7ce521d309e31d46a5fe535,1,1,Mirror_Image_Internet.xml
+2fab3b5ae13f2fa84cac1b55ad4db417d235bb8c5b29182ba71fed019e20fe3e,0,1,Mirror_Reader_Offers.co.uk.xml
+b9b028b50744e726c2e0c1bba9b6d802bee0564067ab79a12f9f78db5a228efc,1,0,Misco.co.uk.xml
+e554b7787400fbb24420ffbaf18e8720e2711d0d7d5b01d57a6bc870d734678e,1,1,Mises.org.xml
+ef78bc469ee9ca1c5c6b5b7c55101de1b9f2e9bc5cb7635f55f72600da08a9c4,0,1,Mitsubishi.com.xml
+1083e6774f86f72f52db8ee1e5af98ac18d3badfa29f14c9210828dcaac4ffdc,1,0,Mixi.xml
+9445dcde76ee2f34507e683a0d830c835f5bdfa09605a3aa3acb4c5fb20e03eb,1,0,Mktoresp.com.xml
+e275fb63878dce4b9c0f53f39a068de38150abe580c9a232dcd84ead64a5e7f5,1,1,Moana_Surfrider.xml
+8f55bcfefb95327bb770495d7ed62175cffdf74e0a3f0ccd94b4dd42a1f64cdc,1,0,Moat_ads.com.xml
+0fc2d07c9cf4aa5580639fcc5ee5036b64df0422493aec017902367b6f7e10a7,1,0,MobStac.xml
+c7d6720b5f52ce6dbe90284cc5959d66c703a8db5ca33b998dd5821c131ca0c2,0,1,Mobile_Asia_Expo.xml
+089e42772722545c5013f3a48f05429db2991825eadaf29c1b80ccd769f4621a,1,1,Mochimedia.xml
+2aeed5b7608ed2cd5fbf95b9d233412e2b384dcb179cd0cd0b4be180f3a7b1c4,1,1,ModCloth.com.xml
+b0345c7f91042137a6196fc88f878d90cbc0e0621cb180f170e4b740d0230d82,0,1,Model_Mayhem-problematic.xml
+4148c9b370612b0072de8612e1795ff902efa5b5df42e1210c2f55bb0cd1d1f1,0,1,Modernus.xml
+b1e394fc6288df5f9d71a5795a3cfa2d868caf9a2d390259efb4f9a10aaa9e55,1,1,Moevideo.xml
+ffbf6ec6cfeef71b445211a87e4abe5ef1794e3d4fadb7d684ac90ac68533790,1,1,Money_Advice_Service_UK.xml
+4bdaf1c97ff84b0efb5970546093f4f4db2eff4b179667e41f78c050ee8a7f8e,1,1,Money_Saving_Expert.com.xml
+6c048760a7ae095bfd1d6f9fc51c634fb1a957e74f12f507135657c892090544,1,1,Mongabay.com.xml
+5480c8f1066022ccbd76c4cb65300e8f17f92e78c9468941e602eefc9911049f,1,0,Monsoon.xml
+238ba4857662f3a517f6702615d82e0a1789818c3f8e46200e18fbcb940206a9,1,1,Moon-ray.com.xml
+4098104d988c1e099f8131293582ffa74b214c84a0a6993f0dcb47dfdc166957,1,1,Morningstar.co.uk.xml
+06558325d916258454668fd676d1b26c4d0fd1de1413eb5256ef48a1956982bf,0,1,Morrisons-Corporate.com.xml
+e53b3dc48c8ebd8f953aa97db6e25331e51bb2781deac42f66180111e86274c9,1,1,Mosaic_Science.com.xml
+9ff01f7451d40691041ce184f700a74a77d67f31caafb8c3ca51d2afb9c7dc34,0,1,Motherless-media.xml
+6b4d8b8bbca99cd49c35ed81feea4d6f9d114213c670b2fbe7a947c8a7402dcd,1,1,Motherless.xml
+28a1b8fece126fb6620710ba56206bdeaffaa183d651c6c1c73a01a905de9059,0,1,Motigo.xml
+9a396c4dfe639ec6a63950420ebc1efeea0db0b034a9aba8c17a1af27b398352,0,1,Mount_Sinai.org.xml
+a1fa4d3ec8a62b93ed15cb141d7695f212f3dea2ddf0d4bce8654007987fd390,0,1,Mountain_Reservations.xml
+ad4b1e8c1f59d04a31d7c7b38de53205afb93bd575bee9e5353faf1e50cbcbc0,1,0,Mozdev-mismatches.xml
+743d8a5b68767e40138a06b7b5c3a1818337da7cea2ac37a282648b50974d04d,0,1,Mpx.xml
+ec70fa255895ba360493d2626c45911c22b80a49c5df9cb2f8f137846ceb0423,1,1,Msecnd.net.xml
+7976850527330f739448b947975b090d96b2bd01231b0376850a91033b941263,0,1,Muenchen.de.xml
+92c56ceb1370a552004ddf10ce50549f1d2099bbb296a6a414b2c9189cb1628d,0,1,MujBiz.cz.xml
+24a9a73f549eac48c4bd59bf8b2073bbba79cca79d84e3f8740e92c12e109413,0,1,Mullet.se.xml
+d2739263216b14436f55796854cf692ca03d4a305dc16dbe076a0ab077025e27,1,1,MultiSoft.xml
+5bef5c96def6636cfa60ba4bf92f25f9c182090f32130652dc0cbdc42fd505f3,1,1,Muni.cz.xml
+1a7511feb844171b7d853bc0273709cdf66649de2c2534ab1da21d6f5edf4cae,0,1,Museter.com-problematic.xml
+595e5a64455b0b23e67eb68b4e2cea4a6dbf424a07ab0fdb0231ded129adf7c0,1,0,Musicmetric.xml
+f42b8995cf8e8f8bed79d16d7155dea2522c8ba86dbdf63d5d82f88dd55fd614,0,1,Musikerforbundet.se.xml
+58a0fe0af15bd31fe5ec464807b08e208942049af861bb5440dfbba113271ccd,0,1,Mutantbrains.com.xml
+f89912846dc35b7b76c3ffce935c027fc0cfc569f75fd3c46270c260be6c5257,1,0,MyBuys.xml
+858230326c95e8f2e929b75459cc15aa2c7835928ed9db020e30f8f098bff621,1,1,MyTextGraphics.com.xml
+24d8bde990098ee1fed9b972e657433a4c1bf758a46d4063a668d58a2195abe2,1,1,My_Sullivan_News.com.xml
+4b89388d8b0e5f2c3f1114e50a5448bf371c53ea1a0b3bffcc968537df955ee0,0,1,Myhappyoffice.com.xml
+3102bccb45e89458c7d87c9004dd4a8f72ae88d3b01cd06a4ea6180a55036e9d,1,0,Myjobscotland.gov.uk.xml
+6524177cc322ec5eb14b8d9f5dcb0533874470422c2eb6160bbce281b3389fe3,1,0,Myregisteredsite.com.xml
+d9d037ffaa0d96eadc704dcfe9933c34961a4f1df39c800f496cba49c7174775,0,1,Mythical_Creatures_List.xml
+5fe0e1985e02f37e759a7388016c1343216120569d7254393d814adaa23d4f56,0,1,NAB.org.xml
+6b3df5ce283c7db4d6befd6a3c453a717cc7afd37a8737143325fce125e7ce59,1,0,NASA.gov.xml
+c30973dec56755f1de9304259af19b8145a0a571d6f7310a3b11195da023277f,0,1,NAVTEQ-problematic.xml
+83764b0e29046566cd51a6bcb9db58f8f7f8ceb45c59aed3e06e0367402fa2de,1,1,NCRIC.xml
+ef7d0c3649a77dde9f58d11fb9e77a0bce840e89177a6d853a3a50f37d138e78,0,1,NCTA.com.xml
+7f9b052555e00b4547eba435df9b0ada941b3b92146ea4bf7c4f8327179ef236,1,0,NEC_Display.com.xml
+4af8504478403141e13018b68dda2ca244cb990aac167268c0b51b3cbaaf649d,0,1,NIC.ad.jp.xml
+265295ed36d711a85ed56ee0a9984023a73ed3eb8bf449e3b270eda766fc56df,0,1,NIC.br.xml
+4aacfd1dff2d8f973a210019ccddd21d8e41afee921f582573ec8bdece14f27e,0,1,NICTA.xml
+98d863aa4168e437d6e0789f3b254cf5ce81c7bcbfc8df10581a03b33aa934b0,1,1,NJIT.edu.xml
+aeb084ed7d88d7b9e5f5adb3e28ef7b99206c53f4492d6d1b2cfbbd434e8657a,0,1,NJ_Edge.Net.xml
+b8a8048fa9d78e8f49ad9eb38a05c4dd88ad22df91e48f65496580938fde7370,1,1,NPO.nl.xml
+99a479c07d49448c6cd8f8e92d29c3c6ffaef57c428719b97c5fb1abe9ae4e16,1,1,NRAO.edu.xml
+f3161aaef5e1b8c8ff003407b46075792e538cba3c966cb04eae44220d606e5c,1,1,NTI.org.xml
+82b8c6fdce49f6cfec8a5af5a439ab933d6db04d1a96dd8bd79b398fde7ed662,0,1,NTU.xml
+6d5cbfcc8c9be0f7aed82f53f645a4a1aa507fd4bbe1e200a57f541ed33f5951,1,1,NYK_Europe.com.xml
+e839742e70b958a9ba7c9c64e2c25a3ea8b5a8d2acac5ede9eebf815505261dc,0,1,NZ_Herald.co.nz-problematic.xml
+e567c9f23505545a46c3f2094019189ec0bb0753d4042e09b9c3e4e4305ab2fe,1,1,Nandos.com.xml
+87d7cec32a9c98d029b8a7748f45f03a4c405f4b10af0c7dbf63a655a2f2501e,1,1,Nasuni.com.xml
+2025891cb707c5cb4bca8f7cfda7411a3b7c03084986c794c01d9966646ce307,1,1,National-Defense-Industrial-Association.xml
+b403cfeb4dba33d69d8496bb0afcb0815d8c611efce1f202f48a522aa6a258ad,1,0,National-Express.xml
+89e0c10cfdb60707da37a41b1bf06aa0f9db7c9ff759a4cbb8e94d772ca0bf75,1,0,National-Rail-Enquiries.xml
+77df8cd849c8f7755860365c3cb10c51ed391f95ad21327a88546086eb5a29f9,1,0,National-Science-Foundation.xml
+12eaba9bec7055b45b10dbdc36cfee93e480124f3cec55814ebc49fad23ff395,0,1,National-University-of-Ireland-mismatches.xml
+1fdbf03f38170dbf7fcc2e857edff149d2fc104f1cfe992e3346a6eaea3d9801,0,1,National_Priorities.org.xml
+0faca68701fed7d481ef2d407adb2988bb09737e4256fc13d94de4d50be29dcb,0,1,Nationale-IT-Security-Monitor.nl.xml
+c7a70c28854efe3443f37272478b64dc380b698ed063523ca0ae1afb3f3e9e1f,1,1,Nature_Shop.xml
+5fa991b9e337ffa71bfe80e49dcb48b46deac649f5bc33ea192903e0b44e7ca5,0,1,Naturvardsverket.se.xml
+1ce6aeb3e8c850b840ca30e2cc528f96fecf148fcdfcbbf4a0f6a633bb80c139,1,1,Navigant_Research.com.xml
+f1f93c4e6980e6ab9b58509fc5d1798975dc15bbeca4e33e5b90b19b304b8eb2,0,1,NeedMoreHits.com.xml
+53753f70998bf7ad4a70d4bca054a29485a0287e724015af709a44c638f36a3e,1,1,Nelonenmedia.fi.xml
+076624231a6913176a0296ea2fe8a98784d1331620d5cf7ec74230ce6d0ef229,1,1,Neobits.xml
+fe9a3b6a1ac58f6ed1d45edd7cd8aeb302d6a2f11d4db3d7b093b0e24c90c586,1,1,Neobookings.xml
+fb32bb1ec593963f579fc3218ced702def3c8820d295959e6791c1bb63837079,1,1,Nestle.xml
+58abadc12a0456ae8c4b9aed73cc326c59a0deb6cc9149476a1e44258cf308ff,1,1,Nestle_Scholler.xml
+dfb0e98c4fb750595bab6bc5a906c3f761003182e48d125371b2abb097d7377e,1,0,Net-Applications.xml
+3c93eb0d86d7235cf74032dd20892ef50387432c6d0a04bc0c5b2638efbf55d6,0,1,Net-Results.xml
+06a292203f1fb162f9eb6f48a60f5c5cf2fd82e2141c3be9b382da5a1a9580f2,1,1,NetLock.xml
+1d82d222efef097970af2ddde784abc4a54e9f0d7c72273efdd5a365eaadb215,1,1,Netcraft.com.xml
+424e493955331bd50889c4502677e64c6740246f98a855d6c499e2b8a576bd47,0,1,Netdialog.se.xml
+8da4a8d34c363318d78948b6d198a61b8b371b1eceb28751a2abe6a12904f4f0,1,0,Netflix.xml
+5bc65fba1edbd23a2c1127a5c66a01bc20ffc899e4abb0e6f1b4d05a639dd9c1,0,1,NetflixCanada.xml
+a27dc054f220c4e805fa21edb4a88bacd93be2033e19e33559d95a33df0ad418,1,1,Netguava.xml
+9479b1110a9b8792a5adf6e615bf3163bb867be0b95702bc1750af4ea2d6612b,0,1,Netswarm.net.xml
+090825ece5ea8c028837cbad251e6d80c0ab2612a3c5d4a6fdd4e651e24d4e17,1,0,Network-Depot.xml
+856a5e62ba2039659dfd6a0c341644c7cc94edbfcda039c0bbf2934c2fa6e490,0,1,Network-Redux.xml
+e39fb5c2ac9f1e495df9e58f17d8a4d761fe13825842ce000695d72bd0fec453,1,1,Network-Solutions.xml
+f1fcbae55c19d23c37bb4aede7c4f4beb0e2679890986b4e27ff088629f72bb1,1,0,NetworkedBlogs.xml
+dacbd937f1ec4f670a6b0f8e96831e58a65d461d22e0af250d92f241aac97059,1,0,New-York-University.xml
+f1fe546e322fc153e0c39bed532de0adde5d347f9b0785bdbb0212f60735af1d,0,1,New-nations.net.xml
+d47c31823f5affb8112f9b876508ea8cbe9c5c8888dd62fce6e94a49fc97ae7a,0,1,New_England_Journal_of_Medicine-problematic.xml
+f6af7fa84ba50b9a6fa5f194ca8b7eef1d4daeaf336129c15e63e126e516d9bb,1,0,New_England_Journal_of_Medicine.xml
+c726927c171b0ef46e22776ef84b862d65b67640d6bf0c04236116037f7f4658,1,1,New_Look.xml
+0460e9ed532d3f86f91064c6351cdf3910283bf26129ff8b9c0058ff5158759e,1,0,NewsCred.com.xml
+46cd5693a88f0c256c5ac5c5a02a6c0132b2f41f9997f6d98819d7d273b86c10,1,1,News_Funnel.xml
+a441436f47337705595460deaf9fcc0940b86b7e36ebda3cf9d947e0034c458e,1,1,Newsnet5.com.xml
+062c7a379d68a9a26d9445a86c7445b28d7f0c6d37a00280e9a6227855935654,1,1,Next-Update.xml
+3c57c2411ec4710cf0f5d9cf22ba0ce485a6a937aef4636b2fc5d60952aeb49b,0,1,NextRegister.com.xml
+ba5164f38a24d39d86f53ca602a4f7dd6588321e91dd31f3a41900e8235bfd1a,1,1,Nextgen-Gallery.com.xml
+3827f1f331ee1cfd087a75708156fe6dd1d78bf73689aa0e3f05e769f9ae7599,1,1,Nextgen_Auto_Parts.com.xml
+e4c1681bae2ceccfdfaaaffc32bdbedc097bd0b4ce9e484269bc7a8205ac5077,0,1,NiKec_Solutions.xml
+f97765db8ea0f75e2d5ce711e6454cd9b692e372e5e1ef99be2d15f2e44ec290,0,1,Nic.ir.xml
+346f439850c55caca5a78b5fc94710c205fbfdb3058553be31a46f6d12cf57aa,1,1,NiceKicks.com.xml
+5204e3581002355bd1567fa463b03daf14441600b888f345e1bd90bc0bd6644b,1,0,Niden.net.xml
+18ea11350b57bb0d7255c935b1f98fd8e0d7cad093cc814332920b14bd6e26da,0,1,Nightmarish-Dream.ru.xml
+ec01a5ee8630f2b83f7cd7bad3f4f4facf7fc17e717948751dbbf3e5563d3aa5,1,0,Nimbus_Hosting.xml
+a0f578f005779d8470ae10f1de0613020df1cbc8fe7fc5e8631a9fbf80512b1a,1,0,Nimenhuuto.com.xml
+19783adc449fb3c8149fc04770bab48e746409509239b2b416df034b4c5ec8a6,1,0,No_Starch_Press.xml
+debf94c52eec0428247d415d13cd14dbe048783d7ade4dd8ec829dcebbf97b47,0,1,Node_Security.io.xml
+8696b3d48a2371a343e0d10fb94f0310dd4d3e7884a7709d44843cf989d1bb15,1,0,Nokia_Siemens_Networks.xml
+d293276c96add15789fd139b6fb190bd50daf5959c426ddd1f65683c3fddec70,1,1,Non_Profit_Soapbox.com.xml
+8e7d3d54f3b3fcec404bce21849e00674a9584c262546e559d5a5844e6e3e82e,0,1,NordicHardware-mismatches.xml
+aa1619c02d07a8ad0e6e70d89453c9a7ad9b584cbe9f8ddfaea876ab46a59e44,0,1,Nordnet.se.xml
+fa6721f746512e5e4a8c64511e6726f1f815515a40851600355c0cf2cf4d41a7,0,1,Nordu.net.xml
+9c28e75e4e9e205b0480ab3255a05302a1faa57199f1541fe977bb077adb5b45,1,0,Northern_Tool.com.xml
+3c50d2e792ad7f86dfda1549fd4439d310b29f24094476e31666decfe77d9246,1,0,Northwestern_University.xml
+ea5981b9239016c61c8e430bc78234472035d90d5a111c75b5e9c19673d0684d,1,1,Norwalk_Reflector.xml
+ad056a6b989f162bc636a3de58b8064b41555bd6822b91bc47c0fde6a77dd24d,0,1,Novartisart.com.xml
+005d6ae4ecf390a96f0cabfa24bf3542de3358ed187c7d3fb6a9ceae451436c0,1,1,Npmawesome.com.xml
+86f390fef8e11c744e2b29a3ece207146ab8aa3d7d9520bbf034b9eccda38b7e,1,1,Npower.xml
+968ecdfba1b77f1e7d9ad0883bea2141a1bed5e8e66cc17f596f494904f959bc,0,1,Nttxstore.xml
+4389ff81399428de5835dcde6360c9355bd8bb30deca633fdcb442ed80e8279a,1,1,Ntwk45.xml
+8709dffade12885b49fe17396188fea66efa63feec67b4bd6450471210bcf54c,1,1,Nu_Image_Medical.xml
+74ee38c39c1732564c41660c16c36683c46aafc6785922df598dbf2c7d57057c,1,1,Nuclear-Blast.xml
+d16090d0d492da8b08cbedeef767e7654cdd46ac59ea36e79ec69d96672d33c5,1,1,Numato.com.xml
+cc50a9830d7a6ff8d19a2bb287d16061d1c06460547e7751ce3e44db8e3ca24a,0,1,Numergy.com.xml
+3549eafd309d3b4297a5c35cf3a6d5c49609a2369e6b86ec8329e62e9d7e5c18,0,1,Numsys.eu.xml
+d58912467627d4166913d3dcc6dbc6cdeff23bc192ddcde160f7284bc486fc57,0,1,OECD_iLibrary.xml
+604247fbc7405879ce5a0826368eef0b4799ac85361c5fa7ee0f10f961746b8f,1,1,ONEhelp.xml
+9a26195dc6d04b530cd64200f8298b482310e35b4a3186da8fe3b9ec6da3e510,0,1,ONEnews.xml
+c72d15ad574f5ad66d6458b440ecc89bf91f2004f4cc1452e2ebad2cc88ebde0,0,1,ONEweb.xml
+728de152c63f2b49cb0589754e38e8b4871fa8e61d9a6c3232d79574ca4c7241,0,1,OODA.com.xml
+f3b1426c891d64e2e32774be6acd55bc97c1a05d82b1ae8cdb4dfe2100275db0,0,1,OODA_Loop.com.xml
+4d183bce74e88eaa5bb7c8d5a64c015ccb1e76ea1a6737c03f209017aba39a13,1,0,OVPN.xml
+e79232198ecd818d2c8984bcb40357ff099f8916aee9743b4ab5cd29856f0b30,0,1,Obermassing.at.xml
+7a6389ef271a9d5a4dd6cc58ca95d36ee4fd49f8166edb672462ea728bee070d,0,1,Object_Security.xml
+74bd810666ffdb4fb2893f61b6ec93bac1fb8d2bdad9562cde970cece038f8e6,0,1,Ocron_USA.net.xml
+9f666a13d6dedffd0bd201d9a652bbea8f91f6d041de1302d6ebecc12e39cee9,0,1,Odevzdej.cz.xml
+ee9c9295fb3a208cc0b9796284238ad0f8fe79bde323ddb10029757a43887bf2,1,0,Odnoklassniki.ru.xml
+9ee2f486b20494ec87d2a1a4d7a436cb9c9fa66a792615927db08fc465e66923,0,1,Oe24.xml
+df2add100cd65ade870829bb1bca5dc06439fe3f15a4175bf92dc91418442725,1,0,Ofcom.org.uk.xml
+f1b954f78d24f7feeb7e04dac5fcdc774536df6891966380a0a1b2b497f95a92,1,0,Office.net.xml
+513d049368e3e03cb55f62920d316fd1658ff0886d1c98e27d0827055945a5dd,1,1,Office_Depot.xml
+a5b1318588cdcee1f4bdc1f20f342fb7e1e35521d34cd932f1176a1f188e6412,1,0,Officer_Down_Memorial_Page.xml
+5b55ee39e40189e984150ee57a844755de14b0927b9db79c61141d9fd9b1b574,0,1,Officersforbundet.se.xml
+eace07c9f40c8d1d737e1b1bf7ed811a6b93db64bcf35173c0db7463c02177a8,1,1,OmNovia-Technologies.xml
+543885653524b4a430d6bc05d5f0a915f8d2044b4a68210f400556475b617177,0,1,Omar_and_Will.com.xml
+497e4ef7981352ec9ab7c69c941e8dc50397ea32e225ad167258f3394047074d,1,1,Omaze.com.xml
+337868f3fa4ea5f7e775c58846ee41725e2bd31593b02a28804608ae479f4b32,1,1,Omaze.info.xml
+8eb315d424c1f4c13d69aef362350cc4f875291e6999d20d681ff77897022afb,1,0,Omeda.xml
+1d30f88270fece51ca75bad3af5f518d43b171b14e21ccd1166091b75c32bc12,0,1,Omniture.com.xml
+a75d4a62d470552e6ef9bcfecdd60e98f64930d84abca3e881cb3bc45e3f4518,1,0,Omtrdc.net.xml
+b4c5be316c8e413132d05640a58ba95e417021edfc0d625ac68ab4ca83c980bf,1,1,On-web.fr.xml
+1aa14c17aa4ef45659e1c0074208010389305aa5082249d6a70e108b55eb6bce,1,1,OnSugar.xml
+b62ddde7fe33d20f642cf8c4e03631afd45115f0cb94b9cbb7fa935c6cdf7d0e,1,1,One2Buy.xml
+fd71abc09391e0ebe4bbddd07f0e125e4e7d5fa442699c8180d350a0f04f4369,1,0,OneExchange.xml
+6dc92cee48556d89af4e82ce71e74ac9f797208689b7f351b93f2925f1a6529c,1,1,OneTaste.us.xml
+9d8246d0d33f52be5c89b398480ebadc3dc02f64e777daa066468c90a3906f84,1,0,One_Eyed_Man.net.xml
+0fc75f45ec3cbe2a8aae5bfd4d8f7fed37c17715033f2e9fbb3313fa8cfc2dce,0,1,One_in_3_Campaign.xml
+85ec8a42fc22df80efb738d7412c23f20c4270050280b12b13bb675eadedd42c,1,1,Onepager.xml
+02db8653ddfd7b04c789b65fadb6a8f65a56512f0e66a17925d9fc123bdf1c45,0,1,Onion.to.xml
+9200b7fda3c5624a030596856bac74a8aec47aa637d3c572738e3d7cca4556db,1,1,Online-convert.com.xml
+090726845bf1a7336dcf4b17cc5fd367393dc83cd61cb47480c05e9443fa6053,0,1,Onlinecreditcenter6.com.xml
+3ab0f58022ec25cfb953faee2bc9221c0a8440f250efc15d461033ccff06e042,0,1,Onlychange.com.xml
+78bac39af92a9662e70e310bac91bd8199e6836d0d1525f6030ca955bff3b38b,0,1,Onlyoffice.com.xml
+4451bf75cf6c947ca73f64b8deffb43eeea5f8f6bad4de32b40947b6acb816ed,1,1,Onstream_secure.com.xml
+dd51b1a05bce8252c471fe1e9ccc7ad3d295ab21d3f59485bfd45fb9392e1510,0,1,Ontario-Lung-Assoc.xml
+acafd275568454c22d4e6503b39246589eaabbfee280841d01b981a06e280fd6,1,1,Ooshirts.com.xml
+01ebddd2e42156535f850bd17d2855ea4d5cfcee2ac2d2c578e72385980f0182,1,1,OpenAdultDirectory.com.xml
+1dab5d9a056a6da15ef84d7a1cca305a4983a764da763c16c5f100c698f58c95,1,0,OpenCCC.xml
+cde322a388021fd678242253e1553602e42ca30238c48f4c0ae454c292fbe92e,0,1,OpenDZ.xml
+cfb20b50100cb3882d14da48ac922d0c7676fa21a9fa253934642b5cdfe0993d,1,0,OpenSRS.com.xml
+844a36d59938c66a965aa67a15d31a2376a10ff96420716e5c17b03e344822fa,1,1,OpenText.xml
+79b6f8f68eb3378456d604d32e2e10715d3aadf7e63bc6aed8bfe10533de3ff5,1,0,Open_Badges.xml
+52350bbf1f39b4f68721565615079a474494c0e285de5cc9ea08d414c11e3ea0,1,1,Openbaar_Ministerie.xml
+2013ceb768b7fb2e6ae7f5b25d5367595d6e665101205f208b092c0d4280b715,0,1,Opscode.com.xml
+2219f813d8e5729e90465151e21fec4c4983e78603af8a034b308bd1202643c1,0,1,Opsmate.xml
+e679e81cba89cfa6fe912e2750e9b2d63c212e8cfca50d110cad41576febf413,1,0,Optimizely.xml
+0d4d289bd08afe7cf3746463b1583ecbe548148093efba3b9d0c6b284b3d7adf,1,1,Oracle_outsourcing.com.xml
+056eb34319c7780b742ac8b8d770b2d059abdb70c2426b70a7ef35036d71b50b,1,1,Oregon_Live.com.xml
+295f868cf31e0503aa4895b15b142c28ec12e8b41a43dcbc4d22748af91def7a,1,0,Osmo.xml
+9a1ed180ddfce3019a6fe50d73e329c7ea2b0e3496ee5d9970aaae538c11ef17,0,1,Our_Tesco.com.xml
+71e57056b2bb6b821f6d15d459b9e1dab4127b457ef251b5c5e90aa39c09a533,1,1,Out-Law.com.xml
+c50eaa29c08c79598b85124d8472c939cbb08abcd36df7a21512bb92606cb600,1,1,Outernet.is.xml
+ff199168eef28407f5f4ec85c4a28f7c4bb363a2b1902a775788789754cde2e4,0,1,Oversee-mismatches.xml
+54aacde8fa49999c42572bac76d792ea3b489037f2d5b39d010dcad5a198eed1,1,0,Overstock.com.xml
+5e7c404505b85db849540392423e02d918afac5c262a77d56b9c54455c5d3020,0,1,Ovh-mismatches.xml
+b41b819bf65541edbc0cb4992fbf183ebe9a74e28d2eace3e0b7597b9b782dc5,0,1,Ovid.xml
+a2a23af5c2ae4a75d2bc089e535640eeeecc2dc198cd238a388b41feb8da12bb,0,1,Oyunhizmetleri.com.xml
+933469a7c612ed85c345b6b85e40ddc0869c4af696fe8fd142568624b55d602b,0,1,P-tano.com.xml
+ab6e11c74e0a8ed13d35553f3c8de56b8f5d9e134ddf5e600c9d9ccf29d202fc,1,1,PAL_cdn.com.xml
+3754825b11533fbebbb1f5555b448bad53f94dbb64c192d50d991717e48e4f1e,0,1,PANGAEA.xml
+04aa3907bd8de99537bde8f2f79aeb002ba7887efaebee3f1f3a615d4893b320,1,0,PBworks.xml
+57852e0864d16be6b308ff132e6c5d7a81b60be2ce25eefbe8daf25f7b33a7c7,0,1,PET-Portal.eu.xml
+dbd90f2c99bc31ae808344a6087f970e33788e1c8cde66d1768711db380133ff,1,1,PGi.xml
+2801efe212e1b86bd6c0f60c0b6aa71a13e10b92d1b1b35d41c24c8de8bc4fec,1,1,PHP_magazin.xml
+a64aadfc5703638d06d42fb40b03ed571d3553b67c5b8ef1c2ccbb3ca41ed3fc,1,1,PIERS.xml
+e003a3a5770e69050c1accb50e3688d18332e9afc5709c67d6ed37b21143d042,1,1,PJM.com.xml
+10733d148895545263de6b0d9b06e117bfbcc51765f53ce07718badd8ca9932c,1,0,PKWARE.com.xml
+78b114e3756ec21b948939f187308f695fccbaf94f4cc8f588f262d84d44acf5,0,1,PLYmedia.com.xml
+c4e5e8c4a2597b41871e044bfed5428d959056ee54b7e13374e61dd4447e74ba,1,0,POS_Portal.com.xml
+7728e9fa911551ac1d6f4a1e5c915bf7794c3036d4c85a809b2ddbe7b402ccdb,1,1,PPCoin.xml
+05c868c1c858abd8e57044f301b234c281562fb4e81b4b95d3102e61e9eae0da,1,1,PRWeb.xml
+42245e71c26f7b89f3877f043be47ebd89ba171ef04916472adcfd8466b7b5b7,0,1,PS3Crunch.xml
+fca579bef6575b699d2f3239f2aa31a80efc1c780a771e3eabdbd3b67d87d594,1,1,PSZAF.xml
+7bdaad22def9753b5c864b140690cfdb16095e8aa6ace2342abab2bd7847b6ab,1,1,Pabo.xml
+57aed24e9b9918af2c3000fc9dad59aad8643cfa4f4dd7fbd4d1a7ce8bff2ad7,1,1,Pace.com.xml
+eddd4d652f2dee5873d15813e51565a53671c97a859b85ca9b0e15a5fc2e48a8,1,1,Pace2Race.xml
+71054b6da4f4cadf2c038d4b31bb68e148084e4ffa94ee3980f98d6f97a8493c,0,1,Packt_Publishing-problematic.xml
+993dc3f9d1e08eb3a27b37543742ceb167bf5ac80930af48325e4284b0858397,0,1,Paket_de.xml
+e89d28ccda24a3b1cc9b37d3d269747a51d052aad6911ca7870a1b8a85212c3a,0,1,Palgrave.com.xml
+e557b6f440d476e55abb4d57ecc833bd70b1d43508f88aa2a7188c8b517ca1ff,0,1,PamConsult-mismatches.xml
+0e122fc15bd797982d15495539527f1952384f9f0e1d9a4f58ed9121aeccc471,0,1,PamConsult.xml
+2c02f527aac3a3b6ed1c50ccb0cc60f3071cdece9fb572a42d504f1f8507a27b,0,1,Panstwomiasto.xml
+66fd01bbbea23106a839b1b18364ed9781c70ab62c2b2c90fe21e27c02059daf,1,0,Pantheon.xml
+3d66d95fcc8eaff8c7fe025a95dc9990b8682f63e90359a2dce7f7d99117dd31,1,1,Paper_Mart.com.xml
+09cef0ecb2ffb1cb24d69ad9dfe80691d9d4ed827a8bd5256f1fb755ee71e1fc,0,1,Paradysz.xml
+2f11118b0aef6afd296fb8da24c425d5a3cf9142abdb8d48e51173074563d33d,1,1,Parallax.com.xml
+081de7e48c0be2a33abea11175c4af99f366194f21a664648fbd4e196b307f19,0,1,Paramount-Pictures.xml
+34d03a76bac9becd0ff8d0b1731df9311e583642f0e6cd4703b548021f4ac3c5,0,1,Pardot-mismatches.xml
+fdaf728f0d1645316bcb99336155adde2f724bad59b80e1518b30aba749e3ee5,0,1,Pardus.org.tr.xml
+8248f3806e6f85c5e29de65e505f6a5a4ab232d37173b9317ac6ef9fd4a944d5,0,1,Parker_Soft.co.uk.xml
+605051aad6959d5abacd3ea353c7176b9c5d7ae0d17e5792e944bb2948862375,0,1,Parrot.xml
+95355ec4cadb259b3053a38718cc8377c7fedb4b836845d8c3fcbc377a388b9f,1,1,Parse.ly.xml
+733577a614581c6c478432a6ebf5d60213d26161fd6bef61dcbfe441947c7c55,1,1,PassageBank.xml
+4627a7d8ff44d737bfb4c58d14430e8b141ecc16773a5728f4ae45ccf949deb7,1,1,Passion-Radio.com.xml
+7a7079f1bf3bcbaeb2c4d8a2c59f77d25956e4cd3aebab78ab1bc67f3f3df7ab,0,1,Passwd.hu.xml
+54bd67e965c51bf2587b2fc9952c21cb6de9fadf10e2b9554dcbe9da50b06779,1,1,Patexia.xml
+ed6cfba3387faae39123d9d8bcdca58ce96ca56fa36d4e78a0d87de9ebdfd664,1,0,PatientsLikeMe.com.xml
+935e0d2a2d60b5c793084c7a8345d04c58f4522bf9f620b1bcd410b454f23da7,1,0,Patreon.com.xml
+f9b23a9e9264d7f43f499ca056d36506c1c77eb873f333d6b2fd51adaab46c0f,1,1,Paxton_Record.xml
+f5ea970abc9b98f05c5d2d938d268b5f7ee2ffe08896b2732d2873eeaae7920c,1,0,PayGarden.com.xml
+8a4688c9225f39cdbd0bdf2461b215687a6e52fb158187d9cd52f0a794ae3995,1,1,Paymentech.com.xml
+cafaa354707ae4551d9e4cb2418f7693aae919a2b64cb9fd74668ba93ae62471,0,1,Pdadb.net.xml
+b734d20b4fa8db4e550c2063fe1f7571aa9255d4fba08668b7607e9075f9183f,1,1,Peace_Center_for_the_Performing_Arts.xml
+7ace65d7a07d3b5a62cdf6ea0e4d7aaa66e35a4cc4aa08dd49b9cb6410404a06,0,1,Peacefire.org.xml
+7906a49f15a7f530524ab186dccb29610399fda324d86a5e79806978facdfe9a,0,1,Pearson_Computing.net.xml
+caa27cb47eded0e0a39c74eafdd4e7c03be9a837ffebc3ea450bda58327668db,1,0,Pebble.xml
+1eb02087c60fb6dba349d89674f8fa25ac18106e527f762be774f5a3a56e0a6d,1,1,Peepd.xml
+426d215a62ea00ec4b4a5d36dd506982854831af3ee1dda5dac04acf588f886b,0,1,Peerius.com-problematic.xml
+da6ba14b9cc80cecf84262cd3e6035386578d6d27ae3061bf5cae3216eea3959,1,1,Peerius.com.xml
+a130c2186838ac25cf952bcc67cca009371321b3acbe4fc721309b72aad7027c,0,1,Pegelf.de.xml
+5ce21d515b34843606f42926f22d007948926b66c7cecc29c72c4a2753a71e1b,1,0,Pennsylvania-State-University.xml
+540cd8a82fb1de07061e983359475b2cbf144af5a1b98ef4b981f87982f3a7f9,0,1,Pensionsmyndigheten.se.xml
+96ac5d215f1b378cba2ae89c100c0f5c6c3a3ff562a31e622bc2dc04d49a5c69,1,0,Peoples_Choice_Awards.xml
+fb65b454d3712cdee0a55cde951214ff2906d1eecaf62927fc9baf552fe2a25f,0,1,Perfect_Market.com-problematic.xml
+a5c12d8025be3318d62d91387f841317857f79bb9aab652f91d65c755e8e47dc,0,1,Perfect_Sense_Digital.xml
+715bd34f865b02b1fd27059e7e4f542d3fc90d8f50d8bff1bac8666f2197e728,1,0,Personforce.xml
+bfed1f967eb05dabbd243cb0d4d1aa66de3bcb8ac299dfdb7a2d69b385b2a4e1,0,1,Pfizer_pro.com.xml
+aaf2de240b5d11f6a9714d588bbf7638e296302ae88da0d3f838097315d52f86,0,1,Pheedcontent.com.xml
+10c216db9072d4143dfe8c2573933753ef48295f0919f6baf00ca7358984521c,1,1,Philosophers_Guild.com.xml
+45dec8d1365b75a84a445c92227162ccff6526198d3af9b30e06c8c5b7a51e8a,1,1,Photobucket.xml
+016eb2664abc5fd82f5c2b38a525d838a57f2fce95ba0bb099a593c3e38665d0,1,0,PhpBB.xml
+444c82f47f7eac33666d99279e34013195eac91a77c5c4374dd870daa2ef425d,1,0,Phparchitect.xml
+b72e4e9f7d21bbce5b9e2a9ddd1a3b4455b44f2ad25ffc29e34ea737004745f6,1,1,Piatt_County_Journal-Republican.xml
+571e8129bb73ac64284c6a7cd6e8aba1cd9515297417c5d446e4b3f0f8de0f90,1,1,Pickaweb.xml
+cf7b1bd5b721d925da006f39ba1871955f031865f0671ceacc1682158090e92e,0,1,Pictomania.xml
+73228b03209d957e30c9949ed6f98aea5cb7625806c66b5b57d43d5cefe23273,1,1,Pimg.net.xml
+ab2c00ab831d35a95f6146fbb79857b64e431b16a55141848a9c8328c89cc30b,1,1,Pinescharter.net.xml
+351933a4ca393d784a3e0255666cdba8645c9e2d8f56ea3231467b53937a7460,0,1,Ping-Fast.com.xml
+590ab5ee7e510ba33049d5acfa6f332bd51388f0426e3959aace2e6ca7624e5a,1,1,Pingless.xml
+3c5a6453f20a2462fedce8629a68e47c615c8717e7f5934f3271d71bbf3980ee,1,1,Pinme.ru.xml
+662023093afa853230351a22ad3a03d92674583751f67b1c77db57439da389b0,0,1,Pipping.org.xml
+3b0b0f3ce5116f05fed6dc7b33bcff46821f1d46cc867891fc8df9895f83a2df,1,0,Piriform.xml
+44323e2b5b6caf12d77c2d59ec395f05871254633110d9445cfde16de26083d3,1,0,PixelX.de.xml
+0b633c07416948983bdcc4654fc98e5dc569e47c5f8faabf6a37f46efad6c582,1,0,Pixnet.net.xml
+c5c0d23e54473a42d466785be61c4ad691e44f62e710a2a6c9248a694b6cb084,0,1,Planet3dnow.de.xml
+3ea9dd12e12f7ee6c175c6196aefaf9dc366b0b46db96bbc6874afc901c1d2d5,0,1,Plantronics.xml
+89b0a11dabbebe35d43aaae8dc9610c937b3f47dfd4fb47d82777d740bcd65a2,0,1,Plati.ru.xml
+1094a99b5e8a0abb9fb46b17654826e1a8387207caa3278f89949c8b6d0f2ead,1,1,Platinum_Skin_Care.com.xml
+f17442d3412d38817ddf3cdd8ec7f104b45f54d6175505b0a315d5d655d05be6,1,1,Player.FM.xml
+f8eb1c5b920d861d39f2f49cc5b1b5b781034d05a5c5970492e2ca678feefb37,0,1,Playlists.net.xml
+8e4f71f2c21971751b4669d02db149088429c727002101104ba57365f5804531,0,1,PlentyOfFish.xml
+32e4746d265b44c1f5940e78b1102d817e382b19508a7c49699943f6f121a108,1,0,Pogo.xml
+43155ad40eeded32a53d8aa78bdd55503fa6bcb3088a29d92492d07b0ddcdbd4,1,0,Point.im.xml
+82900ee0fbe5e8da617b95011724372fdc7d1a9e68376b6e0b46d6128fc0419c,1,1,Pokemon.com.xml
+b18aaa63b24e4333450a6523704e29e485506972e8fc4be497e890e79ecef4bf,1,0,PoliceUK.xml
+e03dfabf9213efffd81e97ac515e6455cbbe46cff31ded39b41ea0fd787bd7a5,1,0,Police_Mutual.xml
+ed360bd7adf7254dcf2698e30ca35858cbf4cb1e37d305ed814aa2b0781de9c7,0,1,Polisforbundet.se.xml
+a0d5f094a2dfb958545b6baa8ac1a7d52733b10790028f9cfac80ca7766ce209,0,1,Political_Wire.com.xml
+fd7bac449610576bf5a1d87e2277ca130fc15ad1f557c6eb5679ca615b5ccc30,1,1,Polldaddy.xml
+62ba89768f63d01a33108d6612b1439a9dc7e1ebace2ce5c57ec7d72d5f7d562,1,1,PopSugar-assets.com.xml
+b9aeb8140b8c5ae9e60adc1f3189a4fcb72bb245869ab5b17b13eb2f42343f4c,1,1,PopSugar.com.xml
+37875c27e806135f0ac32c517079c7bb99f00e22dc3c2ad828ef0e8455b5d04a,0,1,Popular_Mechanics.com-problematic.xml
+2dff8eae8eb79b0ee7d7d9d03b678d18ab0e80c4f8c642f076169ba45ebde7d8,1,0,Popular_Photography.xml
+9d9f29b0e53a626445a096648cce8a40e721bfaf0c3e45b3066f19e78ae9fdf1,0,1,PortMorgan.com.xml
+4acb2c18ff46d235876ac28da274a69fdbf34c411da8503f46594d59b3f88d6d,0,1,Porteus-Kiosk.org.xml
+6b0d7ddf3bdd5ad91f34402c6d3f7f7d0386490d94b03dd8f129412f4e514d20,0,1,Portner_Press.com.au.xml
+4e5dbe5aef10968d09652fdebf8630baf5f78e41edbdf230238a6a0166985d6e,1,1,Post_Office.xml
+dc3f1b194ab37a2e2ac738b5fbcad32e24454912aafae49f7ac1510b8a2e8db7,1,1,Postlapsaria.xml
+2d4efa164c7dd27c982d9c131018cdbe5d7ffa3fc51b4d819e379a721ac329ff,1,1,Potager.org.xml
+d82fa518dafd334d1106c883a691314a2e188b467209396c7dc32e12db7ace88,1,0,PowerShell_Gallery.com.xml
+e699af2a0de904179a543e2cef6b7f805e123404341dbe5e8d78dac3708fc644,0,1,Powerbuy.co.th.xml
+b689ab0bf3c4612108106e20d8ee8afc95b2459b255b5bafbd243e152e9c0622,1,1,Powerhouse_Museum.com.xml
+b0d4020ae98c0a8792a14d61af286d8da58bdf81adbd1d1e19afc749ef600bc7,0,1,Prad.de.xml
+810fe9624db6579cb589bc5bf86447dc0bba88983b89c993152fd78554898224,0,1,Pressflex-mismatches.xml
+306c91a332845a079f5f867072dee43054fac522e9b377fa3a28dedc5505a88b,1,0,PriceRunner.xml
+302da6e9ef8981e7c9fc640d28274768775d2dcf4e6db959d02538d6b7d061ef,1,1,Priceonomics.com.xml
+a1023dd10e11b82db899a2b1cadad54c2f6ac3e51a4e056c58afc1efb67047d7,1,0,Printfection.com.xml
+44b5f33ecdb9f0c492366882955ceb80db6fab8976dcb2946ab853e344c73062,1,0,Prisma-IT.com.xml
+4aa8187315321bcfae808afacb259caea5d5023b7c2a8203a63daa89fcd25955,1,0,Pritunl.com.xml
+e0519f9b99fd87886edb3fc154d3fc1bb145333aa536966d417433030cd82eda,0,1,Privacy_Not_Prism.org.xml
+9335d8279c8e6c864c1c38fc7e140fa58be572a28ca0841aa83971d4c3a67260,0,1,Privacyscore.com.xml
+311f5788fc38e8633b10d3864ec787d33d6c7bf84e9a9917c01a78cb48ddcfc5,1,1,Pro_Bike_Kit.xml
+7bf89b1d0564666fba76d66df0b0fc2237dc1b92a27c52ace0c1cdd705bd4675,1,0,Prolexic.xml
+ed81e7fc8de7196452e9e9c0821196ba5de17d7274df4054ff5bd95800fe2523,0,1,Prolific.com.tw.xml
+e3ca25a923e2ba846cd50819fc928c44bab543f1f8380b3789c8552933068304,0,1,Prometheus_Global-problematic.xml
+6f67d36a686a32ecee265b2914c9e3145ec7b641e8a2640511a5c2488b510c2d,1,0,Proofpoint.xml
+632de51c809f29f705d7997d3f2b7674ea97aea38bb0678b1de48f0c6cc58bb8,1,1,PropertyInvesting.com.xml
+3a42b5c2052afced4f34ad117e2782af9088b53ebff090ea60bf3aac79562e74,0,1,Protonirockerxow.onion.xml
+cc1db5c4a0f3adeb96bd761fdc1491a0d213d37336cc4fa3301ba9c3ea69ba66,0,1,Proven_Credible.xml
+00e348922788c6e644d51801e5887325fc38759395bdbfe9f9782d6bdb737400,0,1,PrudentBear.xml
+2cb55093e265bb1a2c345613e293ba44500cc31603bd713c6dbe301fde49654b,0,1,Pss.sk.xml
+1c59135a4c622ee99ac387ff84d671258f9556c7ba525b89db979466180d1a46,1,1,PubNub.xml
+83055ef9b302a95dab4a512ce4db64ff78e36c9eceb2902a9fdd1ccf209295a5,0,1,Public-Knowledge.xml
+d9044daa3fa3513400d2990aedc735eceeb815c896b70a96f95d4d79b1c846fd,1,1,Pumo.com.tw.xml
+b2e2a5f8ed45c939a47777f82b4f45f9e6f29434abcd942895047a2926718560,1,1,Purdue_University.xml
+3559850f77b0bc7b063de923ddadd129a1c31e704e27f3318f4dcbb7eeb2d623,1,0,PutLocker.xml
+0c9b2d18c06cc6a3cdf9e3eda7c17efd3932f0a8a10e733cb1e3639b5b367dfc,1,1,QIP.xml
+610d9ca4c64e1044ed49151a455e132dedc6cb288f14f86223b4bfc84d58a368,1,0,Quattroplay.com.xml
+11670da974bdbd3ad8f36d0905cdb3b0a259181f1c2a7082c85c2ba432a1b21b,1,1,Queens_University_Belfast.xml
+9eb9fccf0ae3ad48a892df0a03e6970a5b311b263111bee6f629887307300add,1,0,Queer.de.xml
+3a871414f31ff7c5d2a08897c0f6209ebbfbd6e8e0887f825932d45dc6d26399,1,0,QuizAction.de.xml
+eebcbcbff68650421932b86e64a78ddf9bf0d55c33df14d1b2bda4b5923b3f16,1,0,RAND.xml
+f8be2a2667f90decacf4019ad460037617c4a39be2c437395df2448987ca49c9,0,1,RCA.org.xml
+07e6cd400a7d03ad2aed4557bbde4ef9e1f96248ad05aca16f22375ec65b6a8c,1,0,RE.is.xml
+b91a1ce21dbc933f96a58068120bdda50bd0a150db11f1d8be42f6ea85ec0812,1,1,RF_Parts.com.xml
+bdb3b3e81945ab7499b5313e73595f148c91413e7b947bd3fe699d03a0391c13,1,0,RHUL.ac.uk.xml
+21643040fe18563efb75dae1348aab27c6d7bcafd9d86669b454959072350177,1,1,RH_Cloud.com.xml
+f18741e03f4946bc8a2cc98ae60a581ede581ef9e454c6f0c24d09316b6d853d,1,0,RIKEN.jp.xml
+bf59bcd24750fce1e1b920a8626d7ff5fb298dcb0a958e7397f9068f35214f6b,0,1,RISCOS.com.xml
+e320c9532ea87d88cc1f29dfd2ded7ef50f88897f6fe1c5cb53144af11b7469b,1,0,RNW.nl.xml
+38e182d9a20d3e1d7e7f4e8229a209b0d4c73c76a11d8dc8afc53ce2584a73d5,1,1,RSM_secure.com.xml
+fc8f9a4458d71bfc071d9d7a289693bf39a34d4c48c513b40f8baf719b417370,1,0,RSVP.xml
+3b265196f1568487f91bc203fcea005f88de381527e88a4fcc0d73e927c16d33,0,1,RTK.xml
+43e2885073158c994a17bf0144cf97de1ac45a5f2a412f2d402475d7ae1e84f8,0,1,RU-Golos.xml
+a528fade4ec3280b09242df1f18bf8cf465255be7640d16222810d16da8ca8ff,1,1,RackCDN.com.xml
+b6b80b8e6effda900873a33d7f0c6865be96761af04446b036a54a44ca6376dc,1,1,Rackspace.com-falsemixed.xml
+d33a01659d482e190a861accaf706b98c369e189547a8ad101db63a85fe18e68,1,0,Rackspace_Cloud.com.xml
+53fa3192655dd12fe95df6e4054378b1aa4cee016141ea5b55ff62a0516a3af1,1,1,Radioleaks.xml
+be7e41eeb775ed3a092eb6caa67dece5052bae12be23f72922421af695d2892c,0,1,RailsConf.com.xml
+a8eac7a3ad4bed42d518579dfeddc1ea079e0bf08897a8b890ded2c4911f01c4,1,1,Rantoul_Press.xml
+46fd3ecefccc0ee271b35fdea5f695b5a7a8b821ab9bdbea090ab07e49f49e9a,0,1,RapidBuyr-problematic.xml
+825ab0b71141f945032d9eb9f2d107635184db4b244ab605bda6338a7c83f711,1,0,RapidBuyr.xml
+c141b46bc6e8bb32c9eb0beb311cff1ff66e003fef23f11d8ae1e23e1a308cb8,1,1,RatfishOil.com.xml
+922398c3843dea87e31afabf326f9cd2447344f6aed0f93514f2c98dbe69c9c8,0,1,Rawnet.com.xml
+96d6931dc7ddc1dfae37303fdb58cd0f855ba02abf08cb981aa1e0823513e9f3,0,1,Rayner-Software.xml
+e2125c4ff7f8379155ae1cbe641d8d42fc62ede1add7edc1abf0d519b28b231d,1,1,Razoo.xml
+f4f7f990d573489563d003524c724fac1479711483a0fd0b2a0e62614886a5c1,1,0,Razor_Servers.xml
+79757f97f7b60f450d8440be0d4280a576539dfc57f392ed11818a03876d208d,0,1,ReachLocal.com.xml
+0c7a2b9d81e562263408261a8d2c2132482cce04765bb9bb2dcf2db80bf37d77,1,0,ReactOS.org.xml
+41653b528d317761c5c16423c2e4d33ea37646cec0801764b40f21cd8d7e7d0c,1,1,ReadRobReid.com.xml
+08f10251ac36c100bf8ae7da9eabd18f65b25466f132d6e60138fe800bc19934,1,0,ReadTheDocs.xml
+65002fb8676849739c54b0dd684aae2e36792c16ab5144b1cde089a6561d2f52,0,1,Realtech_VR.xml
+d02d0ef8d9228fb73ed248df5c49f8e5f4ef408e4cd0442057337d7cc00c8537,1,1,Realtime.co.xml
+175a2519105c6a213529364cc7d07291395b1990d6972eda7a6114333639b0f2,1,1,Rec-log.xml
+3d81ab3a1e068cc3e433fb67054d899bfb0de1806dd6a4a04c6960c400ee2403,0,1,Reco.se.xml
+be04e4a5c75ce1b4a49738d3a5e13dd52e2b054f0049b56ae3dc5a96cf3e0bf3,1,1,Record-Store-Day.xml
+f53f48cc8819321f46aed9c297b688b9993d6a9de165e8763d0f37c8ebb26381,1,1,Red-Pill.eu.xml
+3eb21961867734b2a94ad5cf657258520891193e0d3067bb0fb624a4b1a68a18,1,1,RedIRIS.es.xml
+744461d0f9721427cfde87ec8eb72bb0b4af4c61eb03ccc359db7e80eef80e04,1,1,RedState.xml
+b436dee831b87aa69cb3b905bcf593cd7e47ed08820189f8974d4a3e00d98bcf,0,1,Red_Bean_Software.xml
+560d674192e89441ca7d23ecb5fb627f67f2e0ea32ca9a9b78f3b4af11f438c6,0,1,Red_Bull_Media_House.xml
+054b8501acbe0bc72dcc54d95df75e1d0175ade0c306d347daf0e54aa3fbcf15,1,0,Red_Bull_Mobile-falsemixed.xml
+def99e9c52843ab97071e7c51143321c1bc97dc6b2395b2619b4f9ff7d197f2e,1,1,Red_Cross.org.xml
+39eff1aef0a36525f9f373d24e20fa4850fff65d2acb945dae316680b84ed334,0,1,Redbox.xml
+460e113cb4ca654705691e100424c875fecb6c0499791cffccc734ac7f42c46d,0,1,Reebok.ca.xml
+49f413717d683b1902cdc262e5a77d4ac119e9b2c2bd4f19b0139c0298fe0c40,1,1,Reed-Exhibitions.xml
+1bc93887c36392e422e57cf7b8352bd344b1d034cbd78d09da67704520b5ee37,0,1,Reed_Business_Information.xml
+705ec8dbee1342fe705abee9ac8c3156529fc043e439e3ba01087b9c70ca0a9f,1,0,Reef_Builders.xml
+a384778aecfb187e57b08dd0a236b215c892c6ad4ea8053d1aab6307d65b58c9,1,1,ReelSEO.com.xml
+8817ad2ea935c94410c88e741c82b765efd59ae2b929e5adb3e3989fd4ee4351,1,1,ReelVidz.com.xml
+2e8b726961855461d27af664aa198af4386e9a61ea1b25ea9e3f97f1618645c2,0,1,RefinedLabs.xml
+0dca7f8db4e1a34403795e066f569135f7b6a690847e640627fbd4cb613d71c4,0,1,Reflex.cz.xml
+c1eea1a6dd94fbda613525ebeedaafcadf64b579f0a07e74f5585c47fee1041e,1,1,Reformal.xml
+ba5433cc440b527b0ac40a27ca63efa96122103a9bb85d2f90b1bb28c582de62,1,1,Rega.xml
+c1c45efb4372b9f3c19a93e582c93d068d6f86411177f976b1b30fb69f749305,0,1,Reimanpub.com.xml
+c2f8c90c2a61453cf72e9375c5892e7fae5092010e2cf0db37791e2a2b1fd1ac,1,0,Relcom.host.xml
+bedd10752a7feaf458f36cc9139a80e547ffc5cb86cacb4b45f3380b3ea28bc7,1,1,Religion_News.com.xml
+f5fa27df851da300199657c4ddd684050bb637a6a097e6514103fdca757165fc,1,0,Reno_Gazette-Journal.xml
+c71b26997cc7f392de406f1f5ed5f472755a3a42cdc30ab7680c3e7d81967d9c,1,0,Rent_the_Runway.xml
+bc848cf6d199b17cd1490d8ebb34d3cd247a9f7d400583b8e4fdbf3499def618,1,1,ReportLab.xml
+5cb0ade0d5d1dc7e4dd1ccc665dfb4c266ada546964c320112cfa58311fadcde,0,1,Repozitar.cz.xml
+e53aeaa878e3dfdc1fbf1b50f6d16c8951aa396e8023bfa9d521dc9bdb45b3de,1,1,Represent.Us.xml
+88e398ec4597fcd0126db82a9cb9efad999c17cda7de00490943b9ff12551771,1,1,Reputation.com.xml
+97c227a9339f8d2100116d0f78f3795404ff88c9b2af12ba755db9919347253e,0,1,Research-Blogging.xml
+6c3d96b7e739b4b9a319e64168eb7600a742f34a313821c44808c1ac1707f414,1,0,ResellerRatings.xml
+99c54146351ebc37702c69036a7969daf602f88a46a6659feed01e378049e8ee,1,1,Reservation_Counter.xml
+1fa6eb86f60348d8030e0e38d7dda49565e349900dab0bf903d26c35807773c0,1,0,Responsys.xml
+a67a18b5bfaa7dba51643416054612adaee639d425a8edf44b58eda19a4427f9,0,1,Retailhosting.fi.xml
+00acf51b8e95fb8568e1bd246a9339f38f1f950d5b043f1fa28e14ed065ae5a6,1,1,Rfecom.com.xml
+6da80a723a1d1077b1e7a27e1b7cf81d6dc7bd9da2161e9d63fe0c896ae0acb4,1,0,Rfihub.com.xml
+9aa7137976390aa76a522394805ce510e4202c6bb51f3bc80a7c8d84114ecded,1,1,Rhizome.xml
+ec0851667677ff8540dd4ea8454573e8d97df70843756980d2f1d6db93586f8b,0,1,RingtoneMatcher.com.xml
+d27f1b348e71e8e016f36a21025afb61c044ff05ca5b138551ed5218fd33d474,1,0,River_Island.xml
+6b1cbf8f7c764869e3bb58c50ca22966d48a7b7b8f653ced6110336bedce2541,1,1,Rock_Creek_Outfitters.xml
+a3f1aab489ec09b4b991b1a42dfd46871d9372f1a529bef1103a6c8717d1673a,0,1,RockstarGames.xml
+633a5865ee1e5db740e5ead4afef23585998006ac347bdb7a901cdf29a1e4db7,0,1,Roeck-us.net.xml
+5bcfb04034d3fd0eb17aaff546732ddda271ff01aa972f065d149b4db23e78f9,1,0,Roku.com.xml
+47d01b691df5218a1da827d4d17fa384cb3d577b1d8e577d9dae0f3a6ab21e34,1,0,Rolling_Stone.com.xml
+4783a0472b26a08c80e17722e5cafd5c18e160518f72d97c3354cd39fd2d5bcc,0,1,RootBSD.net.xml
+ccbabba764819bd13ef73fc6ffdffdbce63afa730066863a098b3c355bdbf548,1,0,Rother.gov.uk.xml
+22f670057d19b9f795990786abfd398fa7d9731920a97620deb989914fb6e642,1,0,Royal_Mail.xml
+56f318ca6b8f5c51699fba8b627ba828470db3e6b712d3b0aa9d4d1cd284b31d,1,1,Rsync.net.xml
+1f87be8d9de10ec8ee2b9e7fcd42f90979adce40fe8997a80f34313423cf3989,1,1,Rsys.net.xml
+e43729a767c12b46a514cfe5daa294e236ea9768010d72d82e254c32e601f590,0,1,Rue_La_La.com.xml
+a144e99c2ef329b7cf98af652bde5bd6153cb84602d3cce46f95d3a4685cb901,1,0,RugStudio.xml
+148588675e66210914e28a86d10c5f27b71a78517d06a70c423cbdab87bcd083,1,1,Rutgers_University.xml
+018fd6c1ea9077a236d9bb1f7fc10af3b335b662de27731d5d2432ce47859d3b,0,1,S-pankki.xml
+8ea654177b45b0907f63613a7f7a7ff5beea606fb948cbf52b0c513195bb051e,0,1,SAIC.com.xml
+26c41f1beb070887277febb9c002eec5f1824184016b8096316aa592b2d2cae2,0,1,SC.edu.xml
+fd71c353d28fceb8b115719e83bc37fc7f717fa194e03d48d2cabacc00fdcd29,1,1,SDSU.edu.xml
+afb0053160baf8df65cddef2e6252d980f0ae631ddee646810b0c57fcd384402,1,0,SEScoops.xml
+90e39924d85b911e9ab7c92ec676692a6f3cc4253ed1c5cd48ac62b788bd4d08,0,1,SF.se.xml
+e441e43ceff7d30a52ccc2002be68156248c0b3228cb3cf1f3f241567ff8def2,1,0,SFM-Group.xml
+b1ddc8eafc9185d502e8c25fa3239d0ece0bf86bf9dcf471af0dd11ffb792f4a,1,1,SGNO.org.xml
+17d8e1cd7f7e79152b5482c90e28f14bb732d4e3b6e09240171fb7fa0c47c5cd,0,1,SH.se.xml
+0ebfb123ecc0a797ffba53b2ed5e7a7a9def6cefd840ab6e9cadf49d77199d6c,1,1,SHld.net.xml
+ec5ec3032ad870e33ed2aee54e56fc4ddf43e6c2d0842f5b29530fd378212056,0,1,SI.se.xml
+acafdedb2df04d3278f3058d9be43aec8127024a12e89b7cc1d03f54b0b19f95,0,1,SICS.se.xml
+5d608db523d07b5fe5b23fccd9bc91b8c630f5c15ab83910c4a440441068e3fb,1,1,SIL-International.xml
+6846a45bb80c31778df50470a813f4360f4259103d29c032c0fad0dc86ca2e73,0,1,SIL_International-problematic.xml
+5e7ac697dcd343072fbf1e626ae8493b93fb809bc95e882eec2fd50ba4da66ce,1,0,SNCB.xml
+de4e0aad788b737f30398cc734dc7e93a178dffe24c0b73abe4fedd6a42e2015,1,0,SPEC.org.xml
+0541366178a7279745ea561f059b404fe3e0938cf75afa1c0d3c21f89a17a141,1,1,SYW_CDN.net.xml
+d801e51a50153a2119eedcdced489f520458e20b870d160379489582320da934,0,1,Sac.se.xml
+eb4b298e2328c9d3af283306b797b4e07e194584efce78f97c84b249f9339c8f,0,1,Sacred_Crystal_Singing_Bowls.net.xml
+8ca380dd32c44814c1f0d696c3efebf9657bbc01b5a1ee9b5e616c389eb239f4,1,0,Saga-Group.xml
+31910514d896bb6b9c90d691ce06da20594ba849e325fca5513329fe9ab57088,1,0,Sage.xml
+a67b67cba419c9c60f5af4693ade3ab0f4dcb71c0447e14eeccf5d9f8ccce305,1,1,Salesforce.com.xml
+70625d04b2bfb69c56b1dc93d19eed236e18e861c8d0134b164f8a348ade9116,1,1,Salesforce_Live_Agent.com.xml
+223be5286839874afef4638f6b87c51f4cb2d2ecc551bf4e994ba0a022b78fd1,1,1,Salsa-Labs.xml
+4fe8a655c2e05111677d094899b626987d18679aad18ffd1e17ea5447c3818fe,1,1,Sam_Harris.org.xml
+a7cdcfef95e0c16a840a8c72942fcf23944eab6aa4db5f3c02fc89679bdbd241,0,1,San_Francisco_Marathon.xml
+4888cb498299850bc240910cc61c5848296567d65037d0c150565779950679f9,0,1,Sanalika.xml
+045eda1307862552713004aa03d4b9681499d9af2bc7abcadda4a00237734eda,0,1,Santa_Clara_University-problematic.xml
+d6d63b4167f0c17262f7eae3dd84693b68a3caa00feb09bdcd547af74bce75da,1,1,Santa_Clara_University.xml
+e528e24518c3a4fdd013118b9388faf754c8ff65ddb0ff972871d046065998b2,1,1,Sapato.xml
+10dddb4466cc962eaca360f047e7c9b153d4ceaec7caa21507f9327a4d6e94c2,1,1,Sape.xml
+252603fc0bee7ddd0001cd5227b894007ecb583163499a47e384084251fd3e91,0,1,Saurik.xml
+e54714d568b3dc29507fb27dd4934a5192b8c1e397cb97009435a049cb103fc7,1,1,Scanadu.com.xml
+3921f7457145f30994e3e5edb393abe93434cb4cc158b6b77ac30ecc9692bbe9,1,0,Scania.xml
+38fcd3c77ef8529bfa24f39ca1a3031094574f86ec150997c16494f79bec85b2,0,1,Sceper.xml
+d4b3e1cd81bbf83fb126391a949fc64451f079d3c6c71683fac08b3972b86311,0,1,Schneider-Kreuznach-mismatches.xml
+eec14fa49b2eb3ca3cba02c29f921c816f1c59ec37ad0fcf64a2a03c1a79c219,0,1,SchoolLoop.xml
+b820ef0ca9ed892e54ecba43ca9744e3eaa8828238b13d527438029e749de50a,0,1,Schulte.org.xml
+25933077b070dbd4c7fda6d88421b3982c3457ea5b5f008aba6043900f07ca1b,0,1,Schwab_Plan.com.xml
+a7eb0ac9d79d8b16e404ad3a6206a9f19f51294e69b08cccbf4094148ededc22,1,0,Scoop.it.xml
+648bca2cf9de8921e93ab3cdc73e3b84fbd962af85e0c9f0547cf790dc625759,0,1,Scottlinux.com.xml
+78be6deb276806cd5ebb6953953297c789a83e254fef202137f493dc8bb93ae1,0,1,Screen-It.xml
+c95e7e25412c5fbcb4809458f4513a0b6e22552e282fd557a0aea34166e86e25,0,1,Screen_International.xml
+bd4374a901260cd4a63f44d11b6f1048ad380d5925d92b90a7eaaa83337a22dd,1,1,Scribit.xml
+83a8bbc82794caf87711ab36df2c8d9c6dd6bf8a90d4b627370eefc53fcb0882,1,1,ScriptSource.xml
+3ac88c2b6ef1fbebdc4efec463de28b51d4b0891dae3f3337d2142de265d8687,1,1,Scubbly.xml
+17a481d6a4f50aa56d025131da16786066d328c7f11ab915f6d57b39dd4bda23,1,0,Sculpteo.com.xml
+32e7fe0659f10a07ddd9e79c4451377d2794f8c90d679e5e12771ce7f39a24f1,0,1,Sdlcdn.com.xml
+b47e3b0004ed2b922443aa48b3dca1012843ed67610e4f15f881dc0b5d8494a3,1,0,SeaShepherd.org.xml
+47ab71ea32a7522b3aa11275a3fb25467963e52f52cbbd28fbc1e4290c9edbea,0,1,Sealed_Abstract.com.xml
+6835368660d2c2932d163024a8da85984bcaf646184f5eacd658c0fb52a62c5c,1,1,Seattle_Technical_Books.com.xml
+0e8e772f5af7e798a343bc7ffc07367d78688f53fc2b361b9b6f574c3f9bf55f,0,1,Secret-Maryo-Chronicles.xml
+a60519a17ed9b6f9752ad6bbc6a463d50f6640643958d6e615478c9a4a57fa77,1,0,Secunet.xml
+cc8342bcc4c3c676b7bd0cc012b441d3d9c4a7fabfab9b25a8d8146963b4a738,1,1,Secunia.xml
+33814228cd58cf773562cb2b4cca1385b282847778045dec33b0469b1f1ef33b,1,0,Secure-donor.com.xml
+fb80a2a8a1de294899f5a0615851aa20d733698590215f4fa5306b9786ecebe9,1,1,Secure-payment-processing.com.xml
+ef4aa3c48224f9ebd3f7d1957eafe93f20690e4111e7f2bc802943da7b762ee6,1,1,Secure-secure.co.uk.xml
+695d69a740be24d4ed56b02926d38131360b363e580859219aa87843dacf5b1a,1,1,Secure-zone.net.xml
+f7fcc791da39508c7c2f62ccd71aac9c7e345b35bb825469e3bf31fc51fb1fcb,0,1,Secure_in_the_Circle.xml
+2118b0c04b2f228827d360c8c22c50033954206dca3837833c615bf47d8bcdc2,1,0,Securepicssl.com.xml
+6b20be37aeafe97b9c0449d7815f06e73d80c685be3fad2d6d6a97ef625f3727,1,0,Secusmart.xml
+28bdc6b9c0d2041fc5fca0b87c6c88e524efc63ecf62bb07c9433ee7fca42194,1,1,See-Group.xml
+99b22782fcf7be5163da772801b440ea850cc78d175816238aaafa0b018b7c40,1,1,Seguros_Universales.xml
+1b9f7a18950ecc433514f5008b5331d4f139ce0db817e521c01640ec80e8f997,0,1,SendPepper.com.xml
+58cef17a92f366b7e1cde56909c647d27ff2ee35518214d71701a8d109673e17,0,1,Seonet-Multimedia.xml
+853dd75e3e890244ab5c4b515f84235930a5547df1efdda71304300a261a4b31,1,1,Server314.com.xml
+51c74b507fc022bac4558cf0303b02576e0834d66f42bb99c3b93c343ce146d5,1,1,Sferra.xml
+1813cb1da6645470c2e8d31aa8674d7d870457c6d266e17c779adc3beb496215,0,1,ShareThis.xml
+5ef4aa2f5d4f1d0045ff46b16bf66cb827ce05554693a23e46548a584871f44b,1,0,SharpSpring.xml
+52619008e0a398517bd3ed4b130df71beda4b92d61fc2261ebbcb4a4d9489a83,1,0,Shaw.ca.xml
+0d2c3ddd439373407efc3cbc24b6fd7ec6da6563499498590e742b02d87a3fbf,1,1,SheVibe.com.xml
+5a68196b57ecab58d93ad0d0a4e3b7de40fbe516b74708037237d2ad1583fd1a,1,0,Sheet-Music-Plus.xml
+de01005b2439ff85c10a569a5bc9f09b86631fd60af698b3929ffc1a57ce78ab,1,1,Shipto.com.xml
+529faf77dc8341243f94c02e7dcf5dc80f0e558ce630008f7b8a263c8930d80f,1,0,Shmoop.com.xml
+c971c8081e7157bb581cc54157b6169d600b84b01e2e64e7cea95cced39fcdc6,1,0,ShopCo.com.xml
+d651e9791352d0487ad06bac798a6665a3148331d2404a6dc37366e44e92af87,1,1,ShopMania.xml
+278c389123acf69565e494a9910ec501d4c6f9ec22efce8aae9b8b5972359de3,1,1,Shop_Your_Way.com.xml
+faf5c3a2ef00844a11a4fcae50f0b1c010bef569cd59f6458c17223b0306297f,1,1,Shopinfo.net.xml
+cb82ed89532cfe1510504e3f9c48624106a9d0047b71e3470960047b541e577f,1,0,Shoptiques.com.xml
+b76a5cfaaf82a320c34fa385a3226b8a8a4a6a838b84e2ccb701f315b0f3368d,1,0,Shorty_Awards.com.xml
+3184281fdf234480385384607083c2d89814a072d666cb5a27c15c132e4dc56b,1,0,ShowMeCon.com.xml
+e288931dca09be06dde50e2e7e88361e0b3f3a3fd70882d39142d93104d1dd4e,1,1,Shurgard.xml
+9c9167d6a433c5c4c16b5b968040168b122215635d360c94bc5ccce867d8638c,1,1,Shutterfly.xml
+893a6bf3dcbf71cf5e4f1ae4288f7303f13681b9812f5055a788e7acb879f173,1,1,Shutterstock.xml
+c2bdeaa9210ade411015be525d562ea16bedd70da5897af9d239278aa0ca8ae7,0,1,Sickbits.net.xml
+991b526f8347cc2655f4b38ab4579c1ceab9708768f98fb8bfcd68361001b7c1,0,1,Sieciovo.pl.xml
+9b5e1216c793e3384ca0e6d8dd68761986d3613af12b81d640922b982c1179d1,1,0,SigFig.xml
+c6231d1db4ffe805ac881cf622bc409747a3a6be51cf6effdc071baf5b6324aa,0,1,Silicon-Labs.xml
+d15d322b8717f52b79e0b14e43f7ab97ebc53a729183386817f29358a5a8f77d,0,1,Silverflint.xml
+7a69a21a35e8e9851f97fae04e3c2839a53d54cf7a74475af7ebca460b514cf1,0,1,Sim-technik.de.xml
+a49bac6e453d1a6b8658c5d09eb247a7201c2faf23ea278ff090f32c54f237ae,1,1,Sim_City.com.xml
+9c6b97f93cdda86aa2d39ebd6fe5db76c601aba1050ed094c4c8a940e753f3c7,0,1,Simmtester.com.xml
+9194c3e6f904add76fb734e02736c2301f3c218bb8cbdd30ae8a385aecc027bc,1,0,Simosnap.com.xml
+38efd0e81710a352219d2237161c5d0ed645f65fe77fc3cfea190557233de483,1,0,Simplekb.com.xml
+68aa39cfd4b062c20ea2e1bfba9fd71f4fffc47e1ae934649137626e113e2014,1,1,Simply-Stamps.xml
+12389eac2a2319caa3288d448b704e7306cd6aa0908efee8967c8f74e2088600,1,1,Singularity_Hub.xml
+b05ab2299cf4a3552b415ad2bc8898d5e257d28a0e9e38a13402447f5de540ac,0,1,Sinoptik.ua.xml
+d004407eb0d68f3471383f7ecb0506c506135731e203586cb1b04ab24ee9a51b,1,1,Sirportly.xml
+18fca85374104c3c57f5c8d3a82fe19eb00812b410016d9b5c73a8ee8c0e9063,1,1,Site5.xml
+239511aea016e2100b8b88f9afc63f52439c61aac67295ce2055c4945505a27e,1,1,Sitefinity.com.xml
+49cb9933bfe48be26b4838aabacb7026024ee2fa0ed28f3484ed76a96622ce99,1,1,Sitemason.xml
+e7d1ee6d42c793f1ffbf240274c7d7b096831967b41b575bce6593757c287b0c,1,1,Sitemeter.xml
+0a48115cb03ef57a2671772bb06ca76cce108021771e60f0a43e2fbb22a1dc3e,0,1,Skandia.se.xml
+d972951be8af16d4e250056f05a7f4a6e7f123ed0a06b56e879234a2be8a991a,0,1,Skatteministeriet.xml
+20765e85d2fd18909d94526931d694b90b3bc05c6fbc5f5aed8f60ba92192366,0,1,Skillclub.com.xml
+176505bc694962eb998f1de1ba452dbc98547266a6cfdd3e8d32c7e43bd08c55,1,1,Skreened.com.xml
+b6e69a65826e62e9a1cbaa20cd6ffb07fbadb650c80b03b1ef0ae768e2f628b7,0,1,Sky_News.Au.xml
+25157ef56d915eaaefa9f17ad1029535a8613503384273b5d65958dc73d126cb,1,1,Skydsl.eu.xml
+6fdaef17af1ea6490386e9a69d35056586c989cc0efb6ead360199c827556678,0,1,Slac.com.xml
+1613036e5a0687ff4af8fb97b3636dc47fe9cce73cc1e4fc8ac1de9d72c5e182,0,1,Sleviste.cz.xml
+f09f4e1fa797d89d9fded19d8860ca5657f9db89f488eb37b22aa65d09108f05,0,1,SlipFire.xml
+1ff601d9c6793cfd0173c3c5d3c070cf48ad8e661ea28e18658c35214f8a0bc5,1,1,Sloan_Consortium.xml
+8b5991e95bfde9024ae6045f915d2b5d081583abc5876d51c11efe8184570090,1,1,SlovenskaSporitelna.xml
+4be3f8e4caf2704e57b939bd74385ddda2f0fb979fb5af89634bdd72509beb4d,1,1,SmartRecruiters.com.xml
+410889ed15ac9076ccc7d2c95a80e3c71b12fb441d3c2909b41ca6ca149ca9d3,0,1,Smartling-problematic.xml
+b239281baeb1443860e1700cae78069bbe4ec5977f4368787125e5d5a4f0d7a4,1,0,Smartling.xml
+07737e4c4fe88850df4babad790e1d82ee39a0d3055511782be89bb54c85ebd7,0,1,Smith_Monitoring.com.xml
+0bcf0fbf67721c2842b061aa1fe6c94338394637e726ba0268acd5e7690b6a70,0,1,Smjg.xml
+a4b5b9da62123113eecf4398a533bd139de421a9f110e9c5b6d48ed5325bf140,1,0,Snagajob.xml
+f427d8fbc6b8bf77dc8605104bdf8e27ee06eede543ced548f23f22aae1441de,1,1,Snapdeal.com.xml
+b34278b513f81f664edd8653f1bb73fb84209a9625949fcf84364b1dfc0ae9f9,1,1,Snatchly.xml
+3b7f69aaa1c762b112ba9fd30146ba841bd92a50dc25a3849a17a3bb5c9ad048,0,1,Snow_Magazine.xml
+04a8295ed75474c2bac8649b4ed73955e07c6c228000c4539297c32473463223,0,1,SoCal_Linux_Expo.org.xml
+5bf36d6e7610b62e0d338fb24373da34fb83d0882ca9eb1aca333ed563a3c82a,0,1,SoccerWave_UK.com.xml
+8676533486e8956f0db8c6403eb63d4d11dbcdb1aab11b65facc883b596b3834,1,0,Socialbakers.xml
+1704dd273006545bd23e5c0a4a1f7f0cdd4b8ac4aae59268afd81190441f74a3,0,1,Society-of-Light-and-Lighting.xml
+dbfbc5e95c59ca8f5a6817ed26888960e39498fb14738f2ac049c176a530c2d3,0,1,SockShare.com-problematic.xml
+8ffc435a5ee2c8e3df71d5505314b49366e1bc038ffb3ceb5bdb626c0578853c,0,1,SoftLayer-mismatches.xml
+93fa0d5b997eda4d4f1016cbb8a14cc8134ee0f609ce4080dcc13307e7d412f1,1,1,Solid_Cactus.xml
+81582b8a8f659af0e041168acd9fda4d96c18f33acf41defb4bc714f80fd94e3,1,0,Sonatype.com.xml
+5f6ca1d9b19870ad93a58f44dc9ff37c84c4cd7cca95a9859b6af8b5d5ea96e9,0,1,SongColeta.com.xml
+bf0300e1945b14a33128707161ddd15d8744caac395131caebb69d6388005502,1,1,Sonos.com.xml
+f6596e850c1c453085e611473b2611a58f4146e6b34cc4264189a66a0e373e18,1,1,SotT.net.xml
+59cfd7776a8d4bce0bd6e2645e2c76d072a8ff62b965aa2999fea197c839f393,0,1,SoundViz.com.xml
+f141656339ca12f96352ed3819bbbbb35311d5bd2e0d452076254e352d9ff7b3,0,1,Sound_on_Sight.org.xml
+255e5f901544e078566776a84f40d488b808704d36fe4d045d1df074eb3340f9,1,0,Sounds-True.xml
+ed172433b5dd6d87853ced72c67bd31f58eb967d49cf152457fc80dc659c15de,1,1,SourceCoast.xml
+2f8e9d7d6aca7de5ec1b5688166de01b60e3ecafcd0bc3d73fe9dbc984df7dd1,0,1,SourceFed.xml
+49a79924cc9483c9d8b326a1493ea9604d7dd7101e58811cdde9465fd6a9ab7f,1,0,SourceForge.net.xml
+ee75312d7a227efc1996e38f741324c0223b6cd8228f18796f92a93808376065,0,1,Southwest-Research-Institute.xml
+749014fb456fade94fe8410d634d2c35faaa2ac81a812a1743cb742e7fd1ef41,1,1,Sozialdemokratische_Partei_Deutschlands.xml
+180cbbca38aafa09c9781486d20f8e8683c2dceeb2e0418217360acd01e3f7b8,1,1,Space2u.xml
+e962efd4e859976b3ad130f332a2da31aabdae922174ff4cff7dee7360a0484d,0,1,Space_Launch_Report.com.xml
+6b81a9de20423f8a2888e56ce73a7d92a425602713d857ce4e70d72a073ddd7a,1,1,Sparx_Trading.com.xml
+1e5fe1d6ac3f05b8ab1d7bac935cdec1e6aa7214cb1025010f29703a5b9bdb53,0,1,SpatialBuzz.com.xml
+28a4a3b9c096d4d94cf6e2b84461b16ad0da6411132504a02bbdbbc9289b2be4,1,1,Specialized_Products_Company.xml
+b6d12867f7d8012b03d30e3836cd3f71fccc19cdd0bceda42c3b8e3870481d0e,0,1,SpeedCrunch.org.xml
+916dc2183dbbf307a1e01713575b05b2831ece425195929b577b6221ff376ce9,0,1,Spin.de.xml
+4ba75720e6c03c8ab4f8bc95a8657e4b0d67fb91cdb319933829d95517329e60,0,1,SpiritAirlines.xml
+5aa4d692eb37aee5eaa407f998e26c6734bb23e3eda58e1621c549e5fa1a2251,1,1,Spoki.xml
+b440d89b9eed86cd745d0ff23333b7e12af88f7539a35833ee5b6ed2a77b0023,1,1,Sportifik.xml
+2a59ab0331fb5c8c9fcf6d5ea984db8ec59bbcfc92577aac1f79ecca8ccd9cbd,0,1,SpotXchange.com.xml
+ae6cb5584260120ff8f7595d678cef5dea152409c61ec7536200c68a285077c9,1,1,Spylog.com.xml
+1498e2530912c8e73b9cbf1c5284031b51f6e4fa7e37cbad0deb6d6eb290b3b9,1,0,Sqsp.com.xml
+b7c2aa4ee6285d36c77c5e564d09a69f25ec0e2f1c64a041b65a4059555490d0,0,1,SsbKyh.com.xml
+7ec67466391d0bc44bd5a233169801a3d8b68c34118ee890afefa17aa1aead19,1,1,Sslcert35.com.xml
+e7debf41fbb565a05a7830ae950f9bc8c3b24b1ba66090a894fa3db808e8177f,1,0,Ssldomain.com.xml
+554f6e5135b895544437fc3b23f9f06bf5e512318b24b8d13548b8282203e55d,0,1,Stadt-Zuerich.ch.xml
+8026ad04f83be259d2177775e0f798b96ab522511fe1fab28ab64a20387c5738,1,1,StarKist.xml
+1a88c6ce0c2b9a6fea7c476a92a7da09086ac913707d6b938ab618ec6b685f1c,1,0,Starbucks.com.xml
+384e89e4321c54fa7be3b75f19d06b7c029277463bf8cd2f8e0b3bac1cade42f,1,1,State_of_Alaska.xml
+de7a70a735ebdc462b94252b551593be99376fcb2b620ee900a245ed84e9e616,1,1,State_of_Oregon.xml
+cf6c0866d343514b97918cd62089f4191898d1c7c45d993b807f5d7ce291e172,1,1,Statesman_Journal.xml
+5c9829129baf195a9dbfac286a509c36e0e41bb8adafa18e9162034a65c19904,1,1,StaticWars.com.xml
+47c9f0e41ce3c056edcb0554a27d3a8a648782f976f6710cac42f10b6f7cfe8c,0,1,Steaknshake.com.xml
+8329d69c91eb46f21fb87da7033940a740293719013b549b2a04a465178b9c3c,1,1,Stevens.xml
+fcac83bfdb0b66dbe7ee339ad13cbb3784c2b1e9e6129bb33e9123ef6ec50686,1,0,Stirling.gov.uk.xml
+d808f99ff65f220d3830af04647f691f475ce411d11b80e49c43cef26d1d73db,1,1,Stockton_College.xml
+d64ce19ebfba74d32cafef6a02305b8aa5f95e7b4711d7dc988d46b5e2d217a4,1,1,StoreSecured.com.xml
+2f4835be761a19b7ecc69d772d7c194ac2ef0b064e0fcba4d2889f87334ce6b9,0,1,Storebrand.no.xml
+d5f7875b8bee79dfd4adac71fae7bf9d76c8fa8a64d22c110d2c1dbaf8ce4bcb,1,1,Storenvy.xml
+39c3c86ad9f644fd4fbeffc69a4098826e00813ce35787b1d55e4e02ff2ced30,1,1,Storywrite.xml
+3005bfd332932fb4fc56c276038ed76f182d90313ebcdd6ac02fe83589ade0d1,0,1,Stratum_0.xml
+899003a40e7472561a54bc1dd43e28edcea0121392eccad57d8db3f3d52a40d1,0,1,Stroeerdigitalmedia.xml
+b6d669821c47252e7ca26474737e7a99764a62314908a40b4303024e88e5a3d1,1,1,StrongLoop.com.xml
+b0ac2e6a5978ce833c84f82322e462375f44861de28f391b9fac57c75abf272f,0,1,StrongVPN.xml
+9ce00d1019a493c4f78331cd99076362c4233cc11920477c5e416697a6e7351d,0,1,StudiVZ.xml
+f46f2516e99adca54ddd6e9c756b3236597ebc0c14df0cded8b3aad507b93f76,0,1,SubDownloader.net.xml
+1a0921d175cad22ca99421e5d7b116251aeea7157be570e7beec3db83063f13e,0,1,SubPLY.com.xml
+d92a0a64fa96c98af6b520e133f9becfd9c7b105aca69c8a6b9559ff8b90406c,1,1,Subimage.xml
+55b2ac5b82c27a1407e454f90e7fec8950caeec6fd405bd62db2d8b3187a9e6e,1,1,SuccessFactors.xml
+4353ab81e240d88c9a212ec5ecc87fb3c36fe14968a5fa1bba7d26b117ccd9ab,0,1,Suddeutsche_Zeitung_Tickets.xml
+39ee1d4592c1dccceea5d80aa83500d03685d67985cca30f3c17069ef4b11b41,1,1,Sugester.xml
+7493cc3ffce2c67f7fa42f32e1e2408c84f9ebe3bfec0fd23e8c14b853e22d67,0,1,Sukimashita.xml
+34e524cb36278e49dd7e5a8d0a8deb009549cf988ec992a5a5afeb233d94f9c9,0,1,SunGuard-Higher-Education.xml
+ecca6c75485a2e76cabe9b3c426de37bf3550cf0605ad7a2763fc78292832c3d,1,1,Suntec.net.xml
+715dd9ee76e76e36924367d72de96365fb971aa9249de53407a7f80a91523da0,0,1,Super_Hexagon.com.xml
+24eb0ee48fa0e0e523fd9bd0b40ab944a581fc249f21c1ce876352fa21ac56de,0,1,Super_Lawyers.xml
+bbd4fb2f9b45366a2539533ccf4a4886c69022a7064c641de203f1a81b29d94a,0,1,Superstart.se.xml
+d9954e1099bf2f9157ffffeef5dad30cd7bb4f1295a8b47a49459e8f95a2992f,0,1,Supportion.org.xml
+7111b5e56fc1582bf7303824b586b80f95538d9954ed557d9a72dcfbe12a6ae5,1,0,Surfeasy.com.xml
+c364bfc1cc7f038bee4de11860562a5430e9f6e50f4304292877e5852682f36d,0,1,Surprisingly-Free.xml
+1a101eb73dc1657e33f8e9345675e37e389518d109592e299c8d9e6724cf08c9,0,1,SurveyMonkey.xml
+ba6e4c5379bf8c4de10621f7fe7b3df817d4658f9da9f162855fe903858416f4,0,1,Susy_Radio.com.xml
+0fd5d3870f9c3db62e5c4f6a72c986708fc02dd4f79ab555ba603706055e6f43,0,1,SverigesRadio.se.xml
+e503bd2eff7757f37cd05f11b904e0aa7f674a7897657278f0ee5fd2ff6db491,0,1,SweetsLyrics.com.xml
+3ff6f9659519c614788253eca3db799c20989ae2f87676105f096a6e5152d963,1,0,Swtor.com.xml
+b4a26c51885a323376d80c7fc81bd546a674b360d0d6a4f52c9bd1e775ea295b,0,1,Synacor.xml
+801c20d5ad81a56de838fa123adde660b159ae4af5e590107b911431ab7d366c,1,1,Synergy-FOSS.org.xml
+99e0a5b986eda1bcdc23434210e28403c55ed2605888c303241cd8ef83d912dc,1,0,Synopsys.xml
+9dc087e90745d0ea8953d26f82dbf9047cb610d088d94b9a25bd56e093d31a79,1,1,Systembolaget.se.xml
+1bcde0c8645fb6f4f858c9dae6da9a419f2a187914e0d5ea61cf6094bfca9a6b,0,1,TDRevolution.xml
+1de15a8e66a5c09e6729c20185fb9546d5a977f297659a1ac93f1115aa5f7f2e,1,0,TIBCO.com.xml
+77c7317f7b179d59b8c705df9b7962909ab665b313ef95c0b73763e909a80533,1,0,TPG-Capital.xml
+cbc81abedcaee320114fd5e4176a22df18d4f064aec016a1a5d63427f7b54138,0,1,TSMC.com.xml
+8c34838c49630b9434a0c38e5fb83e5f670a928d200746df255b9de2fbbf50f8,0,1,TUHH.de.xml
+08d6b767eb413eeb84fdf85ac2566e4571855734297213911cba0f44ac0bbb1e,1,0,TVNewsCheck.com.xml
+0b6df260724836c32c32d403eb7c8e3b21ebe80f68e4d1dc17c2ab806e9f226a,0,1,Taboolasyndication.com.xml
+07f333e0409ae4f5f9e2d09d26835d0a47da5bf52c535038344c40b71dbad8b0,0,1,Tahina.priv.at.xml
+3ce7dc41c4bc9b6d2e938d273bc5b661865520ab9d08a051ccf09efb1514c203,1,1,Tal.de.xml
+efab25b7fc246b2cde333d8f051380cd133eb4a7f0166145127a27ca555328c7,1,1,TalentSmart.com.xml
+988512d330564df476c731a89222b3e1b6dc5ad89c41132ea73ab78d27081f3c,1,0,Taleo.net.xml
+9a22153dffdb22ee7d1cdc7a9f9e4e292333b7b081d1707128f53aa397863177,0,1,Talk-Active-mismatches.xml
+0a01fbe6d6acec74d0ccd7aef778e02e8c7ac424d57e8e9d42d9729d56001f6a,0,1,Talkoclock.com.xml
+19f7c72edff92f8dcbb0b5c379aa1c9acff032256393f29b902d4e9c4ed08cc0,0,1,Tallinn-University-of-Technology.xml
+b14da75d358e6ae804086aa49d830c8fd9bcf3c257756297a5d1eb8199788a2c,1,1,Tampa_Bay.com.xml
+1640039109c8c2f9643d9d88c5de2572634fa496aa78cb664ef10ce34d04232f,1,1,Tampa_Bay_Sod.com.xml
+5b323dd6373330fb4fd7171ff18c09225a4ce52614e347489a3b08f58279d305,1,1,Tarasic.com.tw.xml
+0e6ce89f0541412c0ae5576d1962471a403777ef0a83778557ed87af872db0b6,0,1,Target.com.au.xml
+a8687053c02430a7161492d975a61c779c42f21172db6d16edca34d5a32fa4fe,1,1,Target.xml
+cfb76e4e7478c507dc48b61f51bdc71ed2176927fed165af863dfdba2d2dd270,0,1,Tau_Day.com.xml
+2239d41720f1c8fd08f8210ca202d9649e5fc4d4ff215f22be7a2be0108a082a,0,1,Tcodevelopment.com.xml
+d66c1d07ddf8eef1a809b0c40b83815ea832bd0e3b6a6fa99c0af49d71b32e47,1,1,Teachers_Assurance.xml
+686d302ec551ffe043988a5eda96e4bf5973b23ebdaf401c40d0ee46c476964e,0,1,TechOnline.com.xml
+872fa19600d84d669e883f58643d21eaa1aa79fffd73cc63f12eb1deca6de7c9,0,1,TechTarget-mismatches.xml
+c925b7818c3b2f8a2440e999deb5c1f156d488ef1d55d6e0564b77517b74af1c,1,1,TechVerse.xml
+0e34171c067993cc756f58f6073b767435fa61d1241b1fc40b4c531f8ff6bc41,0,1,Technical-University-of-Lisbon-Darkstar.xml
+041058b2cfa30630ce7863b511cac60ad6f12bffb7db7c064158d4463cf2bf40,1,1,Technische_Universitat_Berlin.xml
+fa340bfec44c43f86207ca9f60d2b470bd94c4b4b2eb8886e58fd20688f4eea8,0,1,TelVue.com.xml
+70b6adaf6c9bc160045df08164e8d160004bb31280d0e4b0397dc15581feea08,1,1,Tele-TASK.xml
+6d505dbdf780e9107561308221f5e592f1f457e9621b12ead11663533432d2c7,0,1,Tele2.se.xml
+5ddaeea1faff6f9fd577f7f16afc0186ca3620e153194008d51ab695ee84e55c,0,1,Telefonica-mismatches.xml
+cc4942ad4838d473ab3298a049bff85bdefabb58edd758b987111430c44d669e,0,1,Telegr.am.xml
+795a585b4772b8f4457901c8fcd0be1e27340d6e20d899b4eb7b4f8816688d59,1,0,Telegram.com.xml
+e1fc5bdc13beff7ff34e11b741f3a19c1c0d0d78e820291f2fda05897ac569c0,1,1,Telerik.com.xml
+7a1160cec6b54c012ab881841c30849660bbd7b05a827610c7fa4ef686698eb7,1,0,Telfort.nl.xml
+24d43ee30f2b4a41cff1884988065cf8896acb3272a41a97ec13b5c33e43ac34,1,0,Template_Monster.com.xml
+90d8cb4c77769dae735da60d72e3b84f57a93ab7aa48e7a01fe8c56c6edd7451,1,1,Tengient.xml
+8112be0dc26553e6fbf96b5fc8f649635c92a3c7fc30ebd158d447383797b596,0,1,Teracom-Consulting.xml
+068c6ab7bad10838f3256658455b0c882ee2d2cf27415bf6c64b2843c88011ce,0,1,Terveysportti.fi.xml
+1a0f294d147c61084bca26e4d51d13c0f5abe9ae3065b7940718a9a07c9e1b01,1,1,Tesco.com-falsemixed.xml
+80a2b0d54ed1eabf4ff9c4d5b2d7955a37a11eb7ea64736afefe5df15052f142,0,1,Tesco_Bank.com.xml
+0bdd9de6f132176da1797d3ef1d413079dd56859ceb2941d363e9b312ac79103,1,1,Texaco.com.xml
+0cab264afca5779881276b98ce5a5d0adb580cea04d2edc9a00023371a45eaec,0,1,Texas-Instruments.xml
+7852e498386c57ca064423bd91ac2c061cdc69b0d5220b4475cebc0220ee7052,1,1,Texas_A_and_M_University.xml
+501cf24c20b5944e72cdf9ca2922847f3b93a3690cc5a7e5e01be7bd0439f228,1,0,The-Art-Institutes.xml
+773a5b373f466ee72a5c552e6100c3a2a76dcd52853a8fc8aac33f9e03292629,1,1,The-Business-Journals.xml
+f1585d8c49cb634f499a564a2d05e17de79d20e60239838ef2908a0af3e96af4,0,1,The-Event-Diva.xml
+80d1ae41a278db7b4ff0ebc18f7767ff62bb0889bcd3b36f25d20e6adeb2bb24,1,1,The-Great-Courses.xml
+1d80b3f9223fc97c7ac1831cc522b5612049fd50584cc274563a3bdbeb1fd9a5,0,1,The-Lean-Startup.xml
+78316b9c51671aef4a4627a944b7214c571f32b32ccdc03f14972a435820553d,1,0,The-Next-Web.xml
+4c2b9a510b95f4dd85d039e37f92106befbc4313769107941058c4e0172e018a,0,1,The-Vault-Bar.xml
+9b57af0e82c0bb2e67e245c66dad276b711ac193b4e2de95c104d72b380bdd8c,0,1,TheBookPeople.xml
+fb9227ecb093d793a458ff52bfe79a76b3d8005f50dd173bbba33792b780aa16,1,1,TheHut.com.xml
+e3637d3a583d10b55e00af82ce877ace90d2723cb82aa3a9a17df8dc2c0582c5,0,1,ThePirateBay.xml
+398707f5013376b20a3ea329e82ee6e7a476ab7f07f00dc79456c805f0237858,1,0,TheResumator.com.xml
+eef2e6549dad53d5a1b299bac1fca6444fd7760c83753854193c64ecbb342d2f,0,1,The_Bureau_Investigates.com-falsemixed.xml
+9cfc917aed6ae985c5ba1ae46ae05f69bfe557915de4b3fd6464e635aedf118d,1,1,The_Bureau_Investigates.com.xml
+739e66b04c9a5af038011293d8007d404e72821820a1e79f3663a68b7cbffdb0,0,1,The_Center_for_Rights.org.xml
+ac7281798c66f642d911a05d2d0e2f01f254451e85a20f45a63816cc59ee9c97,1,1,The_Daily_Beast.xml
+11319e7025f205267ab92752cf95740a51b58cb9ae6b392d46fba9fc6cf448a8,1,1,The_Drom.com.xml
+6e6dc2a6166f6dcea7828592d5dd1e9c3ac319b0f83f20b90ee01e8cf921cf23,1,0,The_Gazette.xml
+cb6933673ccc5114fd706e250a9198c8581ebffd405f0fe839537110e03d43ff,1,1,The_Grommet.com.xml
+d3cad14d26c563280c4e79db4b0cf3861e3f31b33ca0eeaa23247d90c54d1599,0,1,The_Information.com.xml
+93302fad4ac7439faaeede5bf618c16d5f4b566da61c55fa8333a0a7230f9e27,0,1,The_Next_Web-problematic.xml
+b1cdc01ef33fd2f12c0e05959597fc420da308b364e03ab877ce6d85ca9678cc,1,1,The_Stranger.com.xml
+8c22882ab50988affb25c043bedf30891600e9b01147c502f680981cf767ea39,0,1,The_Theme_Foundry.com.xml
+192c7a558c80f5de13deb92fb4e194cf46e435a55413f27016131a33259fc2ca,0,1,The_Work_Dept.com.xml
+3b89f9f5c32b514122d49ceab4814e47ef0c97aaa9aff40b468aa9387ab4b672,0,1,Thingsquare.xml
+326ede1e13d0a578ad89ace621366155e7f89f408b79ac44b06649be18ad6393,0,1,ThirdPresence.com.xml
+90c675ebf5b3bafe827e2c5d8c63e5b6d2ce67964f4275c74caeef2b879355dc,1,0,Thumbshots.xml
+5c7384430e2a8498ee7650c8045cb2ced1f24318f6fafb4aa5795efd075615e4,1,1,Ticketnet.fr.xml
+df293463db93d5dc463389a7df8fa0780fbce66adf464f1c1a0c60b428469662,0,1,Ticketportal.sk.xml
+62bb7b01e3201ee67e66039114e8c24171c75ad40137c91f5a18e1d28cc72292,1,0,Tictail.com.xml
+298330bca9f99c55c045c6aaacc513f9435fd9b0080ffed0e11618cf2fb8325f,0,1,Tid.al.xml
+196e8b886586ee852fe896324643157d3c48009254fa4351eebad927a6985160,0,1,Timbro.se.xml
+a3bc46589d19e9d694f9bea35551cc18428ce2f98841482a332c2312dd67470a,0,1,TimesofMoney.xml
+9db7d3bda86ebaf938f4cfa084d270d03c123066e59f8572763f02fb7030322a,0,1,Tinder_Foundation.org.xml
+380b22a2edf379e5c07fd2ad78a08eec59587685ed3d0af1462e9dba0bb8bbb5,1,1,Tinkerforge.com.xml
+b7175de4d05adab926380c808c500136163bf0c5a254404e8ff21ff0c820168a,1,1,TinyChat.xml
+2924ac1a948e6361c2623f35a730c8a7bd6b6192a0cc3867cf2e653d654a34cd,1,0,Tjoos.xml
+1531eaa1067b3d3963d8e50104e17514d3379f4dd0c56b01ab934a74c7f57f41,1,1,Tlsfun.de.xml
+5c1a30c2008fc80c0aefdcc559777cdccdaca7d8f3c4c95e5e2d0e238c8a56b2,0,1,To_BTR.com.xml
+736eeb9e5e84ba51627e18d1fc4772582f48cae72c1f1869902e98c8c66808dc,1,1,Toad_Fly.xml
+e092dbaae7609c030309c6b4fa8e509833fa522fa39660e7e1ec1fabaeac8dfc,1,1,Toga_Hotels.xml
+b52667e2e9eba427ac0aa836b4742dcd8b393dc3c84a9c6a33295d44f521943b,0,1,Tokyotosho.xml
+06292948f6ffaada00246a0c636a0518391fbb988861bdfad633af27925787d8,0,1,Tompkins-CortlandCC.xml
+49e3cd62a362f46bf5ec9f889455c88efb9f9d5f854a96c476ce86f258e1022e,1,1,TonerGiant.xml
+22be09653a0cfacd2ab9fc4ba5cc359eb30e5232e0e67023221953ea2b4b30ae,1,1,TopOption.com.xml
+b75b3fb34aa93de7753e90173373e56eb02eaa3df6ca46adfc97e08b035accb5,1,1,TorreyCommerce.xml
+1ea0854c281793e41aeb16fb2951eb5c24d10a497311613b489e45271b4f4f4d,0,1,Torus_Knot.com.xml
+53edb1f24b82e87bfe6dbf9725ea58c151d56d01c93b6ccf402238ddf6dcdc6f,1,1,Toshiba.co.jp.xml
+9925bba044436e099ef9a17c05c3a9dd980c74652aeb939ac34c94ea63b7df57,1,1,Total_Choice_Hosting.xml
+564de255a2fe5b5ef4255de2e2dff1bae6284b29469b7c17d00380d21b9289be,0,1,Totse2.xml
+24758ddd0781ba99a1a9a29e03011c29687c1b5f67dd207daa8d811ea75a4615,1,1,TownNews.com.xml
+7259305af6c4290ae46de7c834ca0762784aab4962d66ab98641d750a83ed803,0,1,TracFone.com.xml
+eb283cec83d4235adac15a53986ce71e8770d0cde0f91ba7279e6b6cb5fab379,1,1,Trackalyzer.xml
+ab5cc8a1755685297bc40b4037f1277d7482417e04e5c520deed1d12e353c4d4,1,1,TrackingPoint.xml
+721009e195644d5540c59a6f42ab2716e35722aabfd718b4dbf487a5f52601c0,0,1,TradeKing.com.xml
+3f6e8ab2b5f0ed70138432ba3f0bfb91451404f1d1c361fcc625d070e4ac4f9b,0,1,Tradelab-problematic.xml
+8ce8022cf79d4e12ff69b3bd4ad3d9cefc94a750bc774c6666dccd1ef6ae7975,1,1,Trademarkia.com.xml
+33fe34b8b34cfe39278bbf256306a09c27ae0943883a0a037b6fe9dd92121893,0,1,Transact_Auto.xml
+8e3bf949537422735fb6201093ec7a14842e44819fa0740fe1fa626eaa61df0f,0,1,Transformationmadeeasy.com.xml
+00dd816c4f9e0a041f07ebf13af88e9eaa4c7c44adc9df183c7807a249bbd35e,0,1,Transformative_Works.org-problematic.xml
+9130f100904f6c25762b32d755c566fe6aa588b19feb0defa4d3473687abbc06,0,1,Transifex.net.xml
+bb06dd6b10f827e1ac23da17549badf7f17b97300d993618cc2e608e66328a1b,0,1,Transportstyrelsen.se.xml
+86a98debc03d6f499891066d33f90a70bd855eacfbbd4d0c90f9a42e2a911b54,1,0,TravelBlog.xml
+7740589641805a971f42b11b01a902297d1a6aac93f7f1ac546422fed26e739e,1,1,Tremor_Video.com.xml
+bfb604fae38480027943a3037882c5528b368486efcdcff8ffb0f9ecb7cb42d0,1,0,TrialPay.xml
+92ab3b2599243d5061be0b6ed2314323d516a7428db0b9d626c9d72ad81472fc,1,0,Tribune.xml
+a3906adccfc4301efbc4cea0a097d22264fa09498b92e9ab18dbe4deb4f9e3e6,0,1,Trinity_Home.org.xml
+2438a19009f61439104d77dce8c63f118c538313647589307aa3496d977ceeb4,1,0,TripAdvisor.xml
+9d1f2028d622611c85867fdb9cce067898baf1b0c8b1cdf76382a435006dee85,1,1,Tripbod.com.xml
+de005b963aa64c38345c6e74999e37867e4acf480ba1ca78a9817391e645eeaa,1,0,Tripodo.de.xml
+583fe8b250539316209b382249de834765d3336b789e278a0290906946a33230,0,1,Troopers.de.xml
+9f13abc038bc4708796c8149ab7a1ed9a3ad9ad1de438b1ee50addeabf4b1645,1,0,TrueLife.com.xml
+cc353d51b4fa9b6eb6e627384ca618e2739233019f262bed49a4e88829a5b8e7,0,1,TrueVault.com.xml
+d068f81127f1484bb4b0c190d455ee641f01a8fddbb6d3303992cc6e6b5339e3,1,1,Trusted_Reviews.xml
+49cbf04c22069b4867cf2dc0c8045ffe051ec0d58d4d1999fc2fc97d1074cd9b,1,1,Tufts.edu.xml
+de7344c2c6d972a368180b62f10774c317ddc037946309fae83d650d4ff4a538,0,1,Tufts_Giving.org.xml
+ed6c9a0705f39a6116bb5846e82ff40a083eb3ce58530524fa2c53c34fa73b2b,0,1,Tufts_Medical_Center.org.xml
+62a29c0411070865d40935c23e4b49d617647b4a7996250d5a97409a69ec3107,1,0,Tugg.com.xml
+5f6902d3fa2b7788a4027df3ebeb27e3970287829ea006dcfe0274ff4b8c557f,1,0,TurboSquid.xml
+bf1654baf8cb84aae5a32734e7779a06756a2e29cf28d765759e21ee1c5675c8,1,0,TutsPlus.com.xml
+910dc09ec17c26a12b275fe2d1282e94a82fbf0163282fe5a5ac496ff9ecbe3a,0,1,Tv-Release.xml
+b35b35365733082ecebdf86f03de9cd93bd738bd52a0239bb07d4507ad792b5d,0,1,Twilight-Laboratories.xml
+deae2b1c6be69bae7b6ec4895e585099a2f5374b53776ed4f075d45f4c1cfa6c,1,1,Typepad.xml
+1da05f6062123d8b368d700a96b0fbb2dc7baa69f14ba72716e3c937a49fdbe7,0,1,Typesafe.com.xml
+9d3134a5ead87b0c73882c2fb945b4ab92ca869e86ea2d8e5b93fe8529eb22df,1,0,Typography.com.xml
+7a670737c4553654c86e065057ee25d27b90472c143fecc08410c0014d408b79,0,1,U-Tokyo.ac.jp-problematic.xml
+ac05de6e9b0cf70e70cd6217887eeae3bb4ccc15153f931d34342766fa116bbe,0,1,U-Tokyo.ac.jp.xml
+d135385bdce6daba2dfa309bc31c7c871832ebfaff81f2c70d4e6fb4bc5e3081,0,1,UA.edu-problematic.xml
+a7fed2aaf25d78080b3ec0d40308a403283fecde51eb4a85208fce48ccefa882,1,1,UA.edu.xml
+27e5f54b8a4bf41f5fa918be6f7d9c4b78d52704aa6b1f7391d75f566760a76b,0,1,UCAR.edu.xml
+49c96678bc86a99b01c12892885c4fcf38f81dd5ff32f582af605567f64fd5b8,1,1,UCLA.edu.xml
+995aa7cdbe60994801ee5330b1ed5f89e56b12fa300fdd71deacc89cb1e21d51,1,1,UCM.es.xml
+080fc622ff8332704b958560b9d0d692594c26964918c2bf3c496602568e761b,1,1,UCalgary.ca.xml
+ea8f9bf69a5d5029ab1c217760e6e27c3b5a4e9672ace704a2f9f7d8332bb497,1,1,UD_Media.de.xml
+609b7137afc6337f00bbaf79031480a007ca9f78079a6f2e4a81e1bca8173090,1,1,UFies.org.xml
+dea8b7526b42b85e25f40701a5b312661473a090bee7bebb61f49ee99a3ee654,0,1,UK-Web-Solutions-Direct.xml
+1c2718eddf3aad2784493ace750680876d5388690df4bc5bb12461bdd2e2b867,0,1,UKLINUX.xml
+96961aa668492fd95b7a45e568a5388a77a045d1a965504e3f4c5cac64f72426,1,1,UK_online_centres.com.xml
+1ee8e426a02b2815dd6a3bacc4e8634e75b799bb770257db43e675ae1bfb1aea,1,1,UOregon.xml
+907266beed4a1d669f500978ddd09c3766b1680e654181dad0525c38e5cbea78,0,1,URLParser.com.xml
+4346e6ad0202aa001cf66c5efaf1326a85c87d9bd396cd1a4c80eac520510db8,0,1,US-military.xml
+7b056903a4f7fcdc8d3d1ed3a57395ada26cfa168d1a9e54829caa29df18a670,1,1,USB.org.xml
+e8405ab7de7e35328c149fde0221a4b584545b98daf10f5cfb5f971a53459403,0,1,USENIX.xml
+e4586a7c8a445349c9c401dfa92b39442b9f192a4b41ef5282bc0021a82e3483,1,0,USF_CA.edu.xml
+8c8a8154bc356f1026c6e659f9ba7a03ed3f31e50db20467d006bddc01827de1,1,1,USFreeads.xml
+37eb6c467058dd4c92fc635e6daa2c37fa7ef6c2d7c24996fafbde8fe43071e6,0,1,USNI.org-problematic.xml
+676d7b6466eddd7c4b84147c9035810f041067ca01a8014b6213dbc78b23b864,1,1,USNI.org.xml
+440f3a2d9cd10cac52a1f6f4b1772df23314784496ca885e1036f6e4c319f48f,1,0,US_Nautic.xml
+7eb29ac9b32f64670a1383ddf5af47ab5c0a520778a95a691f1c0aafcc629eb9,1,0,US_Patent_and_Trademark_Office.xml
+5729da227cb793cab2e8d6e8ae8959f7fe9331a3232249de3150f8dcc9da657e,1,0,UTSanDiego.com.xml
+977266102db9309a7d4170b34745445bc2847c67f8193af518c396ccd96eba71,0,1,UT_Dallas.edu-problematic.xml
+ff2aed5082fa7812f6c0249393b7ef2d75b9b97fff27ee0f75315c7a458a7adb,1,1,UTwente.nl.xml
+356a280f3948c07b7b730b87675e84c63439e43696f295a63f1a89e2ed5aa44b,1,0,UVic.ca.xml
+0c8e6b3534cb476f07b87f282cef2ac6b42a3faed84185a85603d04c6631ff8e,1,1,UWinnipeg.ca.xml
+db0b22a14e4f5c66f02f963504cdcaa35e78ed7f39f42e209b3e0a9b9ba1a593,1,1,Uberspace.xml
+83ef1c74e728e31f46d7c92a9987fb03960c81e1056291d01b6f4cd57f9367fe,1,1,Uhhospitals.org.xml
+254e23a8560db790d5da875d282c4364d6b9004388e55cfb8448ebc4fa3aef8d,0,1,Ukr.net.xml
+dae919c3f6ca4e00376c16f03704d0da1b907a19cf963af16a00b2a813c96c38,1,1,Uline.com.xml
+1fb81f92216ff932aa6f19d86d881e1787d534499a3de722e4422a269e346e35,1,0,Umbel.com.xml
+abde55d39d54436f83a19a822428de73e001bc42b5bf7a6846ecf331b8786696,0,1,Underwear_Expert.xml
+bd135ffdb815d31e79e5509bda7a2a677a86628cc655ca65c214de1b20bb4627,1,1,Uni-Kl.de-falsemixed.xml
+dacf0d738a537ef348d793f0cae29cb8a6767c63e4d352034c73b1ad503936dc,1,1,Uni-Kl.de.xml
+30d8208caf67565a05fffc16600350660f0a51f6d95f84a040b00a9dfbf35370,1,0,Uni-Saarland.de.xml
+bf4cfa2104d71e0ec0e3e930c0d1e9129a08bce034bb8eeaab0d7d12fa1d52e3,1,1,Unimi.it.xml
+a937024d9043a23d94d3d72c6882f07b3961be52ee04344cc3c63f26056138f4,0,1,Unique-Filer.xml
+1293236f4ba0c9ee7f91d8c5818ce140add73b0a4b3bf5b0905e02e8064b3e3b,0,1,Unisys.com.xml
+57f029555c472032caeea71fd0eb7cf643449d1dfbbff331875b4f10222ec2f9,1,0,United-States-Department-of-Energy.xml
+44cc911a17c526d1a8c74161d9d8a8104bd9e4fc2a2626d35a85739c0b7b880c,0,1,UnitedDomains.xml
+c765a715e75a8238ab6e70d332c7f4a2e714adf1164caf136b66b5f6e754e2a4,1,1,United_Republic.xml
+2f42e894be064592af7da170cd603d831acf2d10b0ed05d618b606f1cda08c80,0,1,Univ-Brest.fr.xml
+eac00803dc242cd3e843b8c8af41a0124c77d59a1287ac6a729d4716ec540585,0,1,University-of-Bern-expired.xml
+930135e45407a24b1740c05dc8bbdc963991d4da2ec3acc022b3987bdd097fba,0,1,University-of-California-mismatches.xml
+8c7c2ced844de3b70117b7f7c122c869a969beb3b271c7d5e2090bc1c531079e,1,1,University-of-California.xml
+7fd3d874bc7fcbe51137ef2294ddd5be26f4263b66effb0be5d36e80f947ad79,1,0,University-of-Colorado-at-Boulder.xml
+f89bc86351a2ada00395b41e4b0da61afc5fc5173d7bde7ffff24f463818b909,1,1,University-of-Delaware.xml
+a51b15e6ba94249ba53093ba41ced19ef790ba037bd92e71576e8a8398db2a22,0,1,University-of-Florida-expired.xml
+2f5ac83c903640138b112d1d93ebcb07fdeb3ec4accedd5713575aacee7cb0b5,1,0,University-of-Groningen.xml
+91de4dbc5f2a243b953901c0fa838f4f6887c7710d744e80cae9457e8ef0d115,1,0,University-of-Helsinki.xml
+1d9da1c02f10316311989f868fb5a6a1aadd7e986a2e9eed25b4d061627c492b,1,1,University-of-Hertfordshire.xml
+fb45af1fb5699cab6007d287aa55ed1977fc6ed96e508ed1b9fdb424662d90cb,0,1,University-of-Kansas.xml
+963d8f6c9de69041ea1358f02dab0a26d8da98bb414d1a8d23eeb1dfe16ed004,0,1,University-of-Manitoba.xml
+96dd94cc310e936db76b39b334266d0d30a1679ddd1454f8a839edd3a74c701a,0,1,University-of-Minho-mismatches.xml
+c2f53734fbb96b512f068f719a8a3ef75bfd817273ee5b6f47ad97d34e28ac19,1,1,University-of-North-Texas.xml
+631131e5eb30ce8652a864956ccb34accba494d9848e5cab91ab8a64d054ba45,1,0,University-of-Pennsylvania.xml
+0ab02841a6ead3924af19e98e079cc70a542e0c5c2b22a652846babbc9126383,1,1,University-of-Strasbourg.xml
+71d54122dedd8ad1d74e9ef5180aedf5e6cb470fc77ea84f6b5a61f095665b44,1,1,University-of-Texas-Southwestern-Medical-Center.xml
+f9eb2c0b78dce339b2999b544ae922ba97cc5144da81cc56e2e0f9e746cd8e01,1,1,University-of-Texas-at-Austin.xml
+7b3bd50f223a278de2b4e84cff987ba5ea36aa9a3b3df1d4d97fafaa20791049,1,0,University-of-Virginia.xml
+ed415b19e0e0588a60d6dc04924c1d9e38d3ef0b5f99cf749235132684e9092c,1,1,University_of_Arizona.xml
+e7685c1277c2f651539b00195e143bc7fc60979f5eb7f7c293e1caf9d4e58eec,1,1,University_of_Bath.xml
+63aaa16ef17c9cbf4781fbe89e5072b7f26e6baef4407383f2b715f68422c100,1,0,University_of_Cincinatti.xml
+bd8a650134717d6663fbacda4e3d6566448a7d8559997bc4250cde0b97c37d95,0,1,University_of_Derby-problematic.xml
+1268c589e9541f96345a70e088f7de08a8bfb822b6bea715218f5d06705c35d5,0,1,University_of_Grenada.xml
+6642506b348a157b2fc8b05fec0c40a6c21de1b6f82fdef38eaa1a4e79eb2588,1,1,University_of_Iowa.xml
+3fb888e05ab2904735bac34b2a01c4f80092692bc035c4198dd12055f53cb817,1,1,University_of_Louisville.xml
+ce6883479c26297a48c2cdea26cb8c3c73fd972b03dffa98ae58bd65bd63f221,1,1,University_of_Maine.xml
+7348f47d6e380a9db30b1db471ad9789f8626873de30027ddc17de72d022fb11,0,1,University_of_Maine_System-problematic.xml
+bffcbe68aafccead956b6c6632afd2de03feeb9c08d6b468ddca372bb77abe38,1,1,University_of_Maine_System.xml
+e1515eab7c49ca3ee3c60e48cd94dce063981c37da4ae5b5b5f70229365249db,1,1,University_of_Manchester.xml
+1fb1f0084da48e4529081b175449d4f1538dd7414e453c9d01ea3c70ef0aa662,1,1,University_of_North_Carolina_at_Greensboro.xml
+e53026669dbd17f842a6d23486aa11dbc6e30295e682e5120f8d579007b6d7ec,1,1,University_of_Passau.xml
+261b66202486f2496e38b246af0d33207bd6cc84831026e840ad13abf364b9b5,0,1,University_of_Rostock.xml
+a8c9e1461af5df7c9c40941920372e0bc35028e41dd7d8a00d9a1d927bbd9ebe,0,1,University_of_Salford.xml
+bd8ac3d00a5c2dad7c95051d88787288e4da87f7060a07667fd02ad3e657f482,0,1,University_of_Toronto-problematic.xml
+322408b567a94f9851873cc21f1a44703dc8c15136d9d50f383797a4f1909d27,1,1,University_of_Toronto.xml
+7700fdecad6ee5f90f9a7c20864cedff85fe76ae2fc41752f1fb1c7d3d7a876a,0,1,University_of_Tuebingen-problematic.xml
+a0b9cee829cb6f80e1019c93d840453ab45963bcf91037932c7b08efc680c549,1,0,University_of_Waikato.xml
+b3f88f94bde324c4229ee0cb6b41471a5ab30115bc84e145ee94e5e80edb9d46,1,0,University_of_Warwick.xml
+7fb37f17b8488e80198cde05724e9d3d6da3607d8aa6be2f81a8a7156d28d65d,1,0,Univie.ac.at.xml
+04f4e0a5aa2958d5f9d095cc0148d118aeede6fe8b452d0ce04deb2d05b6ac38,1,0,Unix4lyfe.org.xml
+576febcb2526052cf69c26013f26d075d466d8c57ac8e34d5aa5c60a74f3d1b5,1,0,Up0.net.xml
+82d9a9e33fdc00692b3f32910877b27fce81ce6acc6b01ae16e21dd70a29af12,1,1,UrbanTerror.info.xml
+0459389c2f8fa05a34ad3dc433d7cd0581dd707c79e49429d5ac0aa437f2e7e4,1,1,Us_Magazine.com.xml
+647434d2e73a8e2487a70f4119136be4b5b89886e76e40454907674bddd27130,1,1,Usenet.nl.xml
+37253ac964c42bb2b910621759ce273f910ae0f63f7497db27d5c900555d2a54,0,1,User-agents.org.xml
+624acce46170f956a165171c63c53ceed4292bc051035065d8f5c5b803cbd96d,1,0,UserEcho.com.xml
+572e6c6c3fe2566a715dec30b294a7f34c2e2a9d54a5102f280d5e7b640288c3,1,1,User_Local.xml
+737b235408a8cec2956ac513e3fb5555052b8998d8d48a1ffa90f230bcee8e64,0,1,Utica.xml
+ca9050e78347c6536655c413199565617815b1041ffd409a5a7b80c35a34e6a4,1,1,UvA.nl.xml
+99a979f836e3af45cbded60128ef9c83ca449dcd3ac13695cd75390c1748877a,1,1,UvCDN.com.xml
+afba8b9c6e64ef1168b1715b57188e6c89cc6c9e1873a0b30736c7d46830d4f1,1,1,V3.co.uk.xml
+194a500967109f3650e5c9ba755773ad1cee13caaa0cbefef550290d22cfac10,1,1,VBSEO.xml
+1281de78bff0eacf94857ee21a0721fbd26d8cb2f0faa190c9a5a2d813d3c29e,1,1,VCE.com.xml
+02f195e0534b84f901ed70ae7a9d857a25a6b97dc1c97dd159131c9caa8298c7,1,0,VG-WORT.xml
+248224aa6eae82843e074512ebf52e4bb7134b14410768fdfff5cfc3c684e52e,0,1,VIPserv.org.xml
+f83f5c1c242a7f0c265585689c1c625d357346762617ed2b19a96d108a4dc1c1,1,1,VSCo.co.xml
+51ab02160086d1d0ea7a8f03e7d7f2e1fbfca841b48c29c23a1f956547ddbd0e,0,1,Vantiv.com.xml
+86dac465019aa272c1d7231c6db0e96c17a64e805265e25cb7b4690236103e51,1,0,Vara.nl.xml
+4bcf9831e9ead34160a0f5081787288097fc34a7731e5079d485783f9a2b806d,0,1,Vayabe.com.xml
+4c9ec656775f15d9d294e51708d89c998cc0747d426effffdab33b2cf18cd442,0,1,Ve_Interactive.xml
+25f9fb9ad931eb2633dbf62a790dbef671003bedf05ce0c67a776b430eff60e3,1,1,VehBidz.xml
+28e082d445b8d7a2958d5302733cad7fcbf9f471cb6e8a3ee3a218cfe945add0,1,0,Velaro.xml
+03142920bcbd18f915c755c8a6feb9026a44156731240b30534a05b95fa051c5,0,1,Venuscafem.com.xml
+e12b6d5c3eb3e1115119c50070ef4410f6a1e1bc3dbfc9791bb77cb6d82fc52f,1,1,Verio.xml
+10eaee1c4dfe5667a67587aed27addad4dc47b3433137ba1a04e50087e367b2c,1,0,Verivox.xml
+2789e066bf6ff7755a8656f6d0a5d14fb16a35b40b59a9ce5502398b87ca32d1,1,0,Verizon-Wireless.xml
+eecd0f86d3976af4bc45b163839875219eae631d4620da357e43ff7e62f9a8bf,0,1,Verkkouutiset.fi.xml
+cc4ff6781b3b651943c483800500389937ea92a16b00110f6d5c9f45c44ae100,1,0,Versus-Technologies.xml
+0b2034c782d1f7de7c5c6e8416834dd312d437a0aa984e67fb21399667ebdee8,1,1,Vertical_Response.com.xml
+e99551855f8ef5ad0f4f728e46fb5a4503349c443b6a065609328d7c06fd1cbc,0,1,Vianet-Group.xml
+99311ff381a3405c395ef2792129e07ae1d9b90ad58d6b4e2f4a08c53358fe66,1,1,Vida_y_Salud.com.xml
+dc3cd4d884d6b0380ea5542f768e901c7a5f33e953ba11f49f3c5ba65844134e,0,1,Vidarholen.net.xml
+b9a96bb1e88431f6f508e49e1d99303ad56fb2e9beae2b798f019de7ad65239b,1,1,Viddler.com.xml
+0a02a181ce944e64fe86ee04f13404247e58d11ea4ecd8dc34767110033fa3d6,0,1,Video_Interchange.xml
+3915ca53eeab6ddd05064ddb9138d88de0e7739f67fdf66a67125b9d5830a20d,1,0,Vienna_University_of_Technology.xml
+6c277f1037e46a2a059a8225c98a2f813e5230cc48477cc5b2a1d345db77eb27,0,1,Vindico.com.xml
+4a290a60e295a9a2875c62b516f4417bc6c889a3a50be878acbe5a4f064769b1,1,0,VirginMobile.xml
+f684638888b331ae7388ef7261ca4558d1cfa293cb6df9c0dc71b4dcbd3ccb98,1,1,VirtualTourist.xml
+dbe019114063e2c60b5b435f84d09fec9eaa2780607cf1e0f36a339e7cfbb414,1,1,VisaHQ.xml
+5e9fc0c2fa0ca21f0859501a1e3745231351c916b9357d7e4d5544a9c3c98314,1,0,VisiStat.com.xml
+67cc534b0e9d0609197c2b306df791155c4fec3d7883bf170e5c972417a94f36,1,1,Vision_Art_Forum.com.xml
+00e3f5a241f93c1e5360b76113469ca7da9b076d49b3a1ddaeda9974935886b9,1,0,VisualWebsiteOptimizer.xml
+795e03ffcc375b164646923c72ea5afbf313792e2fd583095a0292d3e4962925,0,1,Visual_Revenue.xml
+75241e3d48e2578f64e46c1f39f4f412ddc4842f0990303c345b99085c18e16d,1,1,VitalMend.com.xml
+17f1c78d50c87022ca1f5898c00fb9e43c7c14237916d34135694a41f7906c2a,0,1,Vital_Gamers.com.xml
+c6920ad0394ef6eb3d8cd9b9d0a5e7cabbb1105a6112acf5f9bae60e97bbe2bb,0,1,Vivaciti.xml
+d8652363747589e0cc4a5b880150b22dee3297bb2f869e7b29a63460845fa6ed,0,1,Vliegtickets.nl.xml
+636420e195fd3296d6a0fbf1aa2af10402c50fd22d6c5070e95b87aa62784f08,1,1,Voices.com.xml
+dbaabb4bf10ca0694445404fa95fa7cd83ab885d560430dc702cf06bb4413113,0,1,Volatile_Systems.com-problematic.xml
+a0332f0bf80ee5d4c420c7e4dd1cfb3b0c509a510caae1711dfee040206be5c2,0,1,Volotea.com.xml
+ec9397d0213499cbc4dae60b3de338b64aa03aeae205a111d2442b7b88498db0,0,1,Volunteer_Centers_of_Michigan.xml
+e8ab747c2c48c350e01e548b2347aa6d96d2c6f4ffad2547a20af7f69075ff8c,0,1,Vonage.xml
+a117ac9f7b8795646b325f5eb086f08c07fc84618a85fe91af96a9527d964301,1,0,Vox_Media.com.xml
+dc251a155c574082098226745187bf67f565df6e3454c56d1cfeb3849c895b53,1,0,Voxer.xml
+08c7f617fb35b113d467230c0090583584709376901b026e6775840dec8c93bd,1,0,Vsexshop.ru.xml
+c4ba9f0a62d433fb9c96fa59cb49227da94382bfe1a0824c59acb53df7e8cefe,1,1,Vueling.xml
+ad403876ea5fa23b4f671bc9e3bfbcb1874b6333780a98c1a4e1cfc0eb960cec,0,1,Vungle.com-falsemixed.xml
+712e9c11fa537727065fc17317b376dbff0841191976892fbf193cb53956d898,1,1,Vungle.xml
+f1651a48bdaad9f31cc77e80136abe27ffcb9ed903a322fc915815f524c140a4,0,1,WD2go.com.xml
+f4f8368d94081e80d2dddbd1f5e8da02883d0a6656d7d23b17e09df9a234295a,1,1,WDWS.xml
+72a7669b29bef1809261b2b6b98b8398424646be1d1b67b956d1503a3fd03562,1,1,WHMS-FM.xml
+ed22ad03a82abe2247c198290494e6b90c1b93eefa050d66ed0b5e1759fa27db,0,1,WHO.int.xml
+5065006d5171a62cff4f927cbf17959479e9a88d39bb4604dfc31bc0f0265318,0,1,WOW_Analytics.co.uk.xml
+9dd9a5720a1895710d5794a11c762e4fc16b0deeaa43a806962bb6c8c39f7fc5,0,1,WP-Engine.xml
+c5112a2a9d8b7eae6e30545b6ee7e9d0a30f9c087bc7b761451e81d9916fc57a,1,1,WSO2.com.xml
+0601000b056c8d7de6c0cb80720f2ea5f7cab0a1011c94bf864532c51a148bd6,1,0,WSWS.xml
+686d52b9e887359a9fb2a3f6eede8bd81fbbba5a1b3d89935e85c4350883fca0,0,1,Wagner.xml
+27404357c723335a40fff088677c65479e073c10b4998506d2e74387d370b113,1,1,Waitrose.com.xml
+f207fc4292023db15237b03f8f5995f5c9584e455d788dcbcd657f9a07fe934d,1,0,Waitrose_Direct.com.xml
+683d274e1fa8a18fd73448d94c4477050828c653cbf8c5196bf212046bcb6943,0,1,Walder_Wyss.com.xml
+8a08efd9f436918f1558eea82c41cfa715b27a7ebc99c8e49c07542a92132620,1,0,Walgreens.xml
+5ea94d4f904b6afb84767bcf3a34ee6f91013b673284cf424d67eb09216a7b58,0,1,Wandoujia.xml
+490f37f964fb9bd7058bb7e2f52ac06bbd076a10428097654ea263efca37f629,0,1,Warner-Artists.xml
+1e26f33749735e34741aeb8c24b83694092d38f61bd183b7b901cbc4b7aa8385,0,1,Washington-Post-Company-mismatches.xml
+2720b91d15f91e446cc3db1e764a500531fa358673a978d012fe96f766757951,1,1,Water-Challenge.com.xml
+71bd62a4e628d4b7c81a282740fbd4a583cb768f21d7d78a815308bba9ec6c03,1,0,Water.org.xml
+345b6b2fae63c61a265a9f34a768f81133caa068af17f61b0a82066f02da1777,0,1,Watsi.org.xml
+1a1e4cb2d91932e0f0cffd605685ef4832d6799eff8507dd97541f2002001df2,0,1,Watson_Institute.org.xml
+52d9cdba31649b9d41912d38370925a9e4c794f6728f436279628fa9246facf6,0,1,Wazapp.xml
+0b818b88c798284cf79298c509cb9c22b7bfbbb1a9a2f8168214c272781633f2,1,1,Weather_Decision_Technologies.xml
+cb4cfbf5a7dd4dbee227dbe806a6b44b7cb7939a5f41c45e5fbacd7cbdfe5117,1,0,Weatherzone.xml
+af5d3235f7f19281f16e236425ecf793d15ae89d5278a12f02a3135bd93f338a,1,0,Web-servers.com.au.xml
+9bee3822b846148f1ab13645d332e7d528edba99136159c599f6c91c077caa78,0,1,Web.com-expired.xml
+af9750e35db542ad03022e8ae5b73065aef4db2aa1a6282597a86180aa3276d4,1,1,Web4U.xml
+7d614409e9e5c1a7376193e7aeb5950c05b532cfcbe43798148117dd94d4c5d0,0,1,WebFaction.xml
+72226cda0dc9050fa7c87ac0b8f99ffec01dc23f4a661d9bfa7c5193701be267,0,1,WebKite.com.xml
+08e726c154569add23e4cb12e8cd8a50626356f91f2a314e5ea30b1f740db4a1,1,1,WebProspector.xml
+fdcb633ebadb7b41aea3f5de3d3b0953dda6fb82a6a8dad164b026e93481d39f,1,1,WebShopRevolution.com.xml
+0b8acf849766096236f7876cf987e5da402f504ffa1eac70d416b07406b3fde8,1,1,WebSocial.ly.xml
+d85201be8c2aa6a431cc5b414d7d51d61497ede18d3fbd1dac4c2da2321be983,1,0,Web_Hosting_Pad.xml
+8e1b8e2644fbc5ea473acc74abe12256d8d73f48272ea58a092eedbb55c64e21,0,1,WebhostOne.xml
+5476efa330deb653c29a6a507a11c146301f583daad0a8346c880b96673b27af,1,1,Webmagazin.de.xml
+0163c1d1541570a0fb9502e3bace76baff044e8ccfade9fdd4a32a469d6cbf7b,1,0,Webroot.com.xml
+dbcc578640c655bb0c695ed4716f13a9fe86cc90b044caff1a3ea7ed0dd7dbbf,0,1,Webropolsurveys.com.xml
+2a440880c552f3116b2f466d4e831d12c295b8cd8defcb4a42e56324cc839936,1,1,Webshopapp.com.xml
+118ee8f7c8e74a35296fd66559a67800ac3e8bea5aba895b70813741955b5204,0,1,Webspace4All.xml
+bc4f58da915f1ffe725f80933f85e072c95b43b0841c879e0db9fc2e3773c4eb,1,1,Webspace4Clans.de.xml
+e1db152bba8aafd77e0943f58ad90ac2f8f8434c46db0f875ce8b67e70509180,1,0,WebtraffIQ.com.xml
+3b00d11eb23e281b78d953139aa17e5cda9e6e581be328d2f477795bbd85582c,0,1,Webtranslateit.xml
+cbbbdc6fb132f2cce52e3bd5d7010ac0c6c59a5c8e1f002542b76530aa712ba6,0,1,Wego_Health.com-problematic.xml
+8edb6acdbf3d70453a1082ad9cbb2b3301dd7a4a0e8aeb391fe10aaee498545e,1,1,Weizmann-Institute-of-Science.xml
+5521b2ce5f7e898bd3ea0d41fdf92bdc76c7af51509e957e7a588c6b8caafb06,0,1,Welk.sc.xml
+14de83ba384dd63e8dd89f465424d81fc6bfe8f69962f348a5d456aa9d713e8a,0,1,West_Orange_History.xml
+4ae3197a0f427caf0222250d811f751f5020e591719b63f3bc5e3e385af14c57,0,1,Westlotto.xml
+ae329e6dccdf72e9be85e53412a7f7a5a53fd44ae853a3e77a20bfeb506b7ea8,1,0,Westoxon.gov.uk.xml
+a8ee7b73785bf6447ac322a7af90fba115d2e75bd6a0ef6e7a90e387727b3035,0,1,Whamcat.xml
+6752c99fd0b439b67c13d1ee1063aad8dcf1eeab6e963e406d5a7d6f60af26ab,0,1,Whatbox.ca.xml
+d7537f7e21858dae64562a4f7e64eb14ad7608c4cd25e133a867f51bfd3a0ac9,1,1,Which.xml
+29211dc5f2d57c9bc61b7b06716d49200976da7aa5bdd47278557c373dce7f6b,1,1,White_Hot_Hair.co.uk.xml
+f5fa1d6e12185fb0d704ada571dcea48bc08869fa2164ecdc5f5ab846888d88c,1,0,Whole_Earth_Lectronic_Link.xml
+ce809b7bfb8a875feace606a959feb0c461732114e07338c99e258968c591b4a,1,1,Wholesale_Labels.com.xml
+230a483aa987f21dbc5a05091cf8551abc09c10b1c540ca8413061dd68578719,0,1,WhosOn.com.xml
+10f17a912f9e030ca1c9c9348ca6335939d638f0e14331165def15e6b14bea48,1,0,Wiggle.xml
+eed9dabd0f3c94d3672ef8638a276da0ef70bdd31c3a170075a161984f711e7a,1,0,Wikispooks.xml
+abacb82abb4afdf07777ea5f54f6ed6bc53e344a39d61dd7c2223eb41a00d636,1,1,Wiley.xml
+28d055e416728d3e566d13dda33e65237ecf5f262d2c6c62c4a59ee11ff83a57,0,1,Willamette_Week.xml
+2a13f6f7f6baa4dfa85c46ddb205c5b4dd5c9f20b736d016668dcc4c9caa7414,1,1,Windows_Secrets.com.xml
+a02a9ba57f217affd4ac0d4c5f2e5173a605af78d0bc5cb8d2e0e62e9b3ea26c,1,1,Windstream_Communications.xml
+32f6f0cc30b35c8976e18ca4ddcce03605753a93b528a5c2a1ca2d30a472d5b3,0,1,Wingolog.org.xml
+3f710d3b7e4222e65768e846825a278130b3648d785354f2cd900cf8aa4c3909,1,0,Winner.com.xml
+0c730c529f3cd69f7b467d504ff460ca46301660b1dcdd88ba8300d4ab7f1d6e,1,0,Withknown.com.xml
+e22b3d745136b4a31c7b3f3a8f65c77a8721c1afe5e2729c6cf848fa07ff8687,1,0,Wolrdssl.net.xml
+c0db25ec810ba107b136de619afd22b9a0ce8d5019e08be5247501fa7d3cedca,1,1,Womens_Health_Specialists.xml
+69427086023cb8659815526a6188f67b519e979df97998a8ef78e590491da187,1,0,WooConf.com.xml
+072d4bc8ac964f1db9fc4b3d1113dbe48d854b975c89839f3d5395226fee2b33,1,1,Woobox.com.xml
+9500afb5ea51aa0371714903801089c740a7955bd157c8bd6001ee5a3b2fcd3e,1,1,Worcester-Polytechnic-Institute.xml
+92fd7c961a4c484497a8ed726fdb7fd9a41968ef735746fd08457c37560bcb75,1,0,Workable.com.xml
+ee8ad00200a94e47b5c9f1552f83a87c7322a0632d7c29ec2c6cdf42edad6475,0,1,WorldOfGames.xml
+86a2e82a42eb0e970bafcb75d441c6fdc7d4dfe2f194f3f5f09a63afee0718ca,0,1,World_e-ID_Congress.xml
+6b2fcdbb1c045a0c1e4ab93e7732fb9b845d97763b4633bc836c46d0fa68ff49,1,0,Wrapadviser.co.uk.xml
+a2668cebf91bd8dde11b73e669c66f440f700c42243f6208ecdf3debcceac65d,1,1,Wservices.ch.xml
+1ed6357a0bb2153b9502ce2da5335e3d0d33a158a40570fc7bd40b6da0e54c5d,1,1,Wtop.com.xml
+6c1a71abc06b206b2553313564a62d2e4f0bc6a5754a6aabcece7ef4748227e2,1,0,Wufoo.xml
+07be9292aa9ca08d70d90978165e5cb8b2c05989adefb5415f8f42b8a93bf799,1,1,Wush.Net.xml
+35b9f9fea8edf91132dec2e801b084b173a58c519fba894e5968418d6e35fbab,1,1,WyzAnt.xml
+26ceb3ed2032542f2075db396734c4cb25ae58347dc7c780364bb100d198c2fd,1,1,Xetum.com.xml
+4d1c9f4983b197a9641abc19de6504d18016dd24ac9175dca499a9e0f8918348,1,1,Xg4ken.com.xml
+645bbf60775e6f22ed51012989302f79d66c599b6b17871b883e33861f497a4d,1,1,Xing.xml
+b925930748b05e603d05bbad9b35c9ada0a990bfe8e44c680ef5838f5f56de9b,1,1,Xperia_Studio.xml
+007ed995d2a01b0b3e02ea8ea01cb085ced95ddad059370171eb6def4f584df0,1,1,Xserver.xml
+a0a5dc3a7228f73e31ff237e89d46f6d9024a162fe2ac4c04d60968f11d0504b,1,1,Xtenit.xml
+033bde8d86b20991608db24d1854b95a54fcc5d4b072c26a0c3e78877283ac43,1,1,YMCMB_Official_Merch.xml
+877bfd008b92154e0bf7b5147d1f41fec35b98f8035ccb91b263c2bf12d4b06f,1,1,Yahoo.net.xml
+da2fd160f5803ed73336a0fcd8df659b18857c624b22cd38b286edef13e6c73e,1,1,Yahoo.xml
+0ae6d35db343a943f6c54011416bbe796435a13c894b5a719d1adc0dd29666e4,1,1,Yandex.st.xml
+60b992138d369e31e85ae939ae0b8c646799f15004d51d8a9b0cee042e6f01ee,0,1,Yard_Digital.com.xml
+4684c5eb2b3e908ba1df47e631a05893af0eede30bc216a2b8dea46d2a78d509,0,1,YellowPages.ca-problematic.xml
+b79a6f7942d60a42026d304ecc887e0471b7c96b27698c0a815f5892e697316d,1,0,Yimg.jp.xml
+e30ef33bc99dda8ab603adee29b3d8e5c06a4f03e54ca5945c4756191fea41b2,1,1,Yottaa.net.xml
+4df0da0257fcf4446e697afc9a01d46babf709f62d1bf6ebf2c099392acd7b69,0,1,Yottaa.xml
+e5702add6d485cbf6b018ea01bbd171656a5cb624d2ac685d7e189a373ab8812,1,1,Yourhosting.xml
+60cb1e358b417c0f4f6836240fbf7ab8356563060e09707ed5c5492b91e9243d,1,1,Zacks_Investment_Research.xml
+58d2ae044a28eabd58e291233ae948d32e97c42c8cf892aeb2deefe4b4e2a21d,1,1,Zappos.xml
+972b3ee4c16a24aab20cca8dfa8399b9353b8a2e5ae04388a24ea4398a10aa9d,1,1,Zendesk.com-clients.xml
+7c12b054111110d274fd3955b238c3c544d8add3805aec8b854d02de700868a2,1,0,Zerista.xml
+1a9195d25a90cc91b40b8849807f44232c624957f6e2f7558f0b2a8bf0732dc5,0,1,ZeroC.com.xml
+1555227474489fb63697ca75177e3558119df8b600b1409d57e3b577ebbf9c16,0,1,Zhaw.ch.xml
+26f56ed3495ccc23c923a63027caa34baef30311b4ddc96994297734293a4e9d,1,0,Zissousecure.com.xml
+1bd3ea0ac5d7e83747e15c8f53558ec863a930f53467de80e6fb2c8318ccbf51,0,1,Zlavy.odpadnes.sk.xml
+9cd38fa17f1cd6833d79cf92cd572c624c70f933e6fc881e52c92f486137b270,0,1,Zocalopublicsquare.xml
+618c143055176140e5517088535d1ca18e01aa1132adc3f546cf5f28d4f1f655,1,0,Zoho.xml
+647ab116fc936ea3096d11681a6105832fc48cbddddb8e105d2a319eefceb71a,1,0,Zoho_static.com.xml
+54f30ba3843ce2be5355b1259c28f6ffe7b3c9feddcbe0de95025bc506e913cf,1,0,Zulius.com.xml
+1e1a3eee124780dc325850e37cbe518f2ddb7fe35d245f00ef4e11a4abdaa67e,1,1,allAfrica.xml
+37c5f0433330fe4c2820d535944f85b15cb868cf41789490373ab03548516068,1,0,autotrader.co.uk.xml
+788abebdab63cc22f25ae5355e414c59ba172eb8398c4cb4068a984b993891a8,0,1,b-linked.bbyo.org.xml
+91bd48e097061265ae45976d057a045d7a8cad9056e27863cf2a9f83a8538128,1,0,bbci.co.uk.xml
+9759911a6cefdae952ef0a3dc425e6f6c5983a783bcb287f9c21631810442357,1,0,bbcimg.co.uk.xml
+c65218c1ca967f9407d41e68d3c1c678985e2e566e4c67fe407ee052c499abf8,1,0,bcebos.com.xml
+bd0efbba30261e92f11877fedb766e52efd5a9c7940b8db5db84c9096bb2ddcc,0,1,benj.cloud.xml
+f065925420ec63800dcfb7b402f1de343c87c37cba1c7dfd20ee956aad8d0dab,1,0,blindseeker.com.xml
+a914aedae4c3ef477c7d49a2d8657d51f774f4a43f9c32b98bf0a23245f9d894,0,1,blockchainbdgpzk.onion.xml
+fb3197e4ecf4999eb193dfaad46f0bc7dd2cce63d703ef7023b773e566af9310,1,0,bury.gov.uk.xml
+318dbfe8f4b7b7a37f1b28eec7d63c4c5be3c7821720a0832651c119bfac1b31,1,0,careplace.org.uk.xml
+7955a0d3d6af6b18aca473a36e0f62d93db444b63e032c8022673c2dae949c0a,1,0,ccczh.ch.xml
+d46688286a01470ae72a7494f809e4f5e3f1aebe8c1106fb90cf66225857e4fd,1,1,ch.ch.xml
+377f6ae7d5e69279a716acf1fa0da1587f111db733037671915e2f140d83ab60,0,1,coinpaymtstgtibr.onion.xml
+4d9de0cd9d5c53dc2e304a882eac29d39dc8ca80b885b56fdda99c3cb261fab1,0,1,comdirect.xml
+d5008a99ca26ac771eae43451d1a3f388ea560836b48126ed51e332c61ef850c,1,0,copyninja.info.xml
+9fe88b19037e7cb59d028c3fd40d30afb5e4db3e3f8b75299d9301245275542d,1,0,craigsmith.net.xml
+ecc5224bdf13e70d53652f6f917ddaf3525b293a3b014583a7e366f04851145c,1,0,cwrap.org.xml
+9a0e82fa2c84784bd866c0cdfcb15b4fde531d057cd5b0b2c2ae287fdb5479b5,1,0,dditservices.com.xml
+1191303496688bd47f3c42d5b9b20e188264588d02657e602a5e6beeaea448eb,0,1,direxion.xml
+115fd43e8f2968793726c7d1e0be246a5da55d02facef89e889c7c4b8106a052,0,1,dns4torpnlfs2ifuz2s2yf3fc7rdmsbhm6rw75euj35pac6ap25zgqad.onion.xml
+69543b744db80de441dc597c4edba83ba4ae47aab02eae703ed5782b59a46796,1,1,eBid.net.xml
+61b46e4fd28004ddfae160ab1527475fa290ebeaf0f756673c86609a431bade5,1,0,eastsussex1space.co.uk.xml
+d365f54ba88e9ee4e13bcfc5e40fee7822bbe84a1b6efce59d4270a6b889f28b,1,0,ehsanakhgari.org.xml
+dfc9384b551dd838583376c78fee9d0f89b5b1c1f4d51166555a7deb12174cc9,1,0,ellislab.com.xml
+3793098713d9b3a938d3f649c355ba4c73571d8206b1fefaac8403766c7053e7,1,0,eriklundblad.com.xml
+fff0a81810a4742d4a22da1c61e87ff21b4ab86f0f104a6d20acdb3c792aa209,1,0,faiumoni.de.xml
+b99040b9b2c0eb7d89f6e06d25fdad08ccf4f807268983bc00e418aa9d8e62c6,1,1,garmin.xml
+c1011922497c8cc64be64ec9a76a83ae794c36dfbe34dab0ef94b0bc3966c2a3,0,1,graylady3jvrrxbe.onion.xml
+7c0db8c41c1dbc742d88dd7432e190afdce29bc241ea958e0e9bb56e318a0040,1,0,hackint.org.xml
+24078831679588ac29d6189a8ce41cd4fd173dabec012d899c84da6ccf896721,1,0,huuto.net.xml
+fbb6f639b5195a93959082581d01bed9f3a7f267a8a19c346d366fef030212bd,1,0,iapc.utwente.nl.xml
+8da5f2bb9c147020134f872bf90cd9012bc6ab274e6c01ccdf3e529412599144,1,1,iway.ch.xml
+ee71a6176b5f92a9c5be034da928fc78ac61ae1948a2b7ebf0b0e65e170e4b63,1,0,lesershop24.de.xml
+f61044e54b7503f5fde78e5d6ca78ff31d5dc8d19a2f78a7fb27ac05d3e6edbb,1,0,letvcdn.xml
+2f66c9ecc06f5e9d323069143ec7b47c7138a47aaf2139866394b3dcca7c6e23,1,0,linuxpenguins.xyz.xml
+4cbc4ab621120f80ed37c2a18c50e6ec3696f80a11f345a8851de3bca3a7ec42,1,0,lukasa.co.uk.xml
+85a9f72b93eb5f52db8da9a4d375b4634d5ad80905a3e95ff143bedfd3b64123,0,1,luosimao.com.xml
+a707f9c2c70c9f5a5bf277f252d22c4253a5dba6988ceace7fd0400fd8f6812e,0,1,m3connect.xml
+c82d167ba8e98b856ae24b467a8695b544fe2d2110ed269675c6b9b5e8a18de5,1,0,myaffiliateprogram.com.xml
+ac2d93e3a82d7cdc5a6643eec162bc3f28d13e242e6038bb03d266cf5bcef17b,0,1,netzclub.xml
+fb92df7c56875eeaba042d251910aa25c63f4b5be19a988ad757d2c1cadd728d,1,0,norsk-tipping.no.xml
+2cf8f8dfbda7e8586efd5437951997d4d46e1f201396e49c7cd40371b19beca7,0,1,nytimes3xbfgragh.onion.xml
+6bd14bb9b62f275c92067c94a821910a1aee22e45e0ce229a5eafb03de195d7d,0,1,nyttips4bmquxfzw.onion.xml
+318ce4a2b8037d291b8eb484d043f90ea831af92859c92c6e2190dafe56c4cda,0,1,osf22p3lmweopgho.onion.xml
+d008a6ff2c3b16c6fbe4d134d1c1aa6b7f333d343d9e3fab3f88f9cd69599cca,1,0,plarium.com.xml
+287e64d55238846fb01707c87d7d0b7620816da9059a63b0eae64cf45e7a0428,1,0,plasso.co.xml
+dd309ed575e2ecbc07475735c3c4f7809acaf572582657ac7537aa116ca38a91,1,0,polyvore.com.xml
+bfc3c3c917777780e10a197d260a120acc3614a32577402968a480fd5b42c106,1,0,privacyintyqcroe.onion.xml
+f55d12ba30d05c9ba088ec96236232acaf987158f1803c65ca82028f8a71de64,0,1,profesia.sk.xml
+f94e3d01b52fe014422bb4d816910528c58234c96b39ebb582a92515c29e16b0,0,1,propub3r6espa33w.onion.xml
+19ff2b0b8ddf39a805465bf40819f9da9068dbae2932e8bd54a4c5a7a7a5a622,1,0,provisu.ch.xml
+f632d8275a444842292dccb0f595343a6ccfe660b36b20735a54fc6c18ce956a,1,0,puhtml.com.xml
+44142aac4ef5dd6b468e630fc477057ccdd3d8d4a5ff029c9ed0bdf85255c47e,1,0,rarbg.xml
+cb8b94399027893807adc9cefd84a64463afce56865fbe8a7cc757ceff822488,1,0,rns.online.xml
+eae3fbc7bf04ad2098b7d4f58372692b54f160c5903a53404535707844706b02,0,1,ruag.xml
+e071d5e6d188b0477ac02337403602d68e6b548c5f0173c6a1687748169e1cca,1,0,ruptureit.com.xml
+48ab8cda95a96123caac4761f3330eae482905dcf00bf964117fccc6f76a9389,1,0,saintcon.org.xml
+c2b375a2419b0bc0c1270e171d832ba53db5212308bc7680b5ee074f1a6b9515,1,0,sharetobuy.com.xml
+444c21385a86d34daa2b74872456cfa5914e7a7f3833bd5ce212611f068c117e,1,0,so36.net.xml
+ae5b536db2ffdf2df62111cb8494384f296eb2f9fb7421e78d623775cf61e64c,1,0,strongSwan.xml
+7a9da5e66bb52c47cedf57033ebd9aecfe74c3b97a8ef687113ff2be4ef8ff49,1,0,sustrans.org.uk.xml
+057b142ca3d2f84f2620bd70122ca28024124fef589ee328145f265a2064ec18,1,1,sysprovide.xml
+8598fa811ec5aad9d12066a3bbd72cc50d31a31ab552fc81406e4f5a980e6afd,0,1,tanx.com.xml
+d0d7cd27a1fad7c507c011633c1ded2d76779f270a18be9a1a600f34bc19f8ac,0,1,tomritterbassljd.onion.xml
+add909870db94aa5bd754824fd291da12cf5a35ef2dc039887e8fbfcf9559504,1,0,trafficjunky.com.xml
+6babe63d9649dc80201a730918427d18fc983abf0ae6aa64ebc751040d874711,1,0,trakt.xml
+6a22ef0685a22c0d02467d71bf60150171f2d9b2ea164bdc7cce9677255d836e,0,1,usatodayw7vu5egc.onion.xml
+dca681ef703ae025e986f1bef45575452df62543baa7a0bde381d6bf9a8ae56b,1,1,v.gd.xml
+b9b0396960be487e61ab263e7341e1fde512be9ce069f219bdfde8c363b7ab60,1,0,vauva.fi.xml
+22a722ad1e155e3bee71bdb1b9a3ae90235e9687c48bd387489dfb3ecb58bc8f,0,1,visitsealife.com.xml
+51cc6deb02fb6a815619bf535d299f9e24f81ab1451428ee479203126090fc4b,1,0,vogogo.com.xml
+7ed531500221bdf06b719c9fc59447357de77faeb9082ee7fac65da7df701332,0,1,wpa_supplicant.xml
+5cdcff57455137ed99e5dbee098da64da25450e307aec99e1edb70ae75f43c24,1,0,yottos.com.xml
diff --git a/utils/setversion.py b/utils/setversion.py
new file mode 100755
index 000000000000..2ade838ac523
--- /dev/null
+++ b/utils/setversion.py
@@ -0,0 +1,16 @@
+#!/usr/bin/env python3
+from datetime import date
+import json
+
+
+# Set the version in manifest.json to one based on today's date.
+
+t = date.today()
+version = repr(t.year) +'.'+ repr(t.month) +'.'+ repr(t.day)
+
+f = open('chromium/manifest.json')
+manifest = json.loads(f.read())
+f.close()
+manifest['version'] = version
+f = open('chromium/manifest.json','w')
+f.write(json.dumps(manifest,indent=4,sort_keys=True,separators=(',', ': ')))
diff --git a/utils/sign-bloom/add_timestamp.py b/utils/sign-bloom/add_timestamp.py
new file mode 100755
index 000000000000..1a45eeaab142
--- /dev/null
+++ b/utils/sign-bloom/add_timestamp.py
@@ -0,0 +1,21 @@
+#!/bin/env python3
+import json
+import sys
+
+def usage_and_exit():
+    print("Usage: " + sys.argv[0] + " TIMESTAMP")
+    sys.exit(1)
+
+if len(sys.argv) != 2:
+    usage_and_exit()
+
+try:
+    timestamp = int(sys.argv[1])
+except:
+    usage_and_exit()
+
+
+for line in sys.stdin:
+    json_line = json.loads(line)
+    json_line['timestamp'] = timestamp
+    print(json.dumps(json_line))
diff --git a/utils/sign-bloom/async-airgap.sh b/utils/sign-bloom/async-airgap.sh
new file mode 120000
index 000000000000..70899e99e837
--- /dev/null
+++ b/utils/sign-bloom/async-airgap.sh
@@ -0,0 +1 @@
+../sign-rulesets/async-airgap.sh
\ No newline at end of file
diff --git a/utils/sign-bloom/async-request.sh b/utils/sign-bloom/async-request.sh
new file mode 100755
index 000000000000..201ec13bee15
--- /dev/null
+++ b/utils/sign-bloom/async-request.sh
@@ -0,0 +1,30 @@
+#!/bin/bash
+# Used to sign bloom filters created with https://crates.io/crates/create-bloom-filter
+
+set -e
+
+if [ $# -ne 3 ]; then
+  echo "Usage: $0 bloom_file public_key_file output_path"
+  exit
+fi
+
+
+SIGNED_SHA256SUM_BASE64=`mktemp /tmp/bloom-signature.sha256.base64.XXXXXXXX`
+trap 'rm $SIGNED_SHA256SUM_BASE64' EXIT
+
+mkdir -p $3
+TIMESTAMP=`date +%s`
+cp $1 $3/bloom.$TIMESTAMP.bin
+cat $1.json | $(dirname $0)/add_timestamp.py $TIMESTAMP > $3/bloom-metadata.$TIMESTAMP.json
+
+echo 'Hash for signing: '
+sha256sum $3/bloom-metadata.$TIMESTAMP.json | cut -f1 -d' '
+echo metahash for confirmation only $(sha256sum $3/bloom-metadata.$TIMESTAMP.json | cut -f1 -d' ' | tr -d '\n' | sha256sum | cut -c1-6) ...
+
+echo 'Paste in the data from the QR code, then type Ctrl-D:'
+cat | tr -d '\n' > $SIGNED_SHA256SUM_BASE64
+
+base64 -d $SIGNED_SHA256SUM_BASE64 > $3/bloom-signature.$TIMESTAMP.sha256
+openssl dgst -sha256 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:32 -verify $2 -signature $3/bloom-signature.$TIMESTAMP.sha256 $3/bloom-metadata.$TIMESTAMP.json
+
+echo $TIMESTAMP > $3/latest-bloom-timestamp
diff --git a/utils/sign-bloom/ddgse b/utils/sign-bloom/ddgse
new file mode 100644
index 000000000000..3b7927ec5c38
Binary files /dev/null and b/utils/sign-bloom/ddgse differ
diff --git a/utils/sign-bloom/ddgse.json b/utils/sign-bloom/ddgse.json
new file mode 100644
index 000000000000..1d490c6e64ee
--- /dev/null
+++ b/utils/sign-bloom/ddgse.json
@@ -0,0 +1 @@
+{"bitmap_bits":11364392,"k_num":24,"sha256sum":"371bfb628062de163947c1226d99a5f3823e6fe1bc0838d24e0deffad1c96ee2","sip_keys":[["4746789603923246281","9835731802354323261"],["11277193235900924841","7296056854142719726"]]}
\ No newline at end of file
diff --git a/utils/sign-bloom/standalone.sh b/utils/sign-bloom/standalone.sh
new file mode 100755
index 000000000000..a4c614071ed2
--- /dev/null
+++ b/utils/sign-bloom/standalone.sh
@@ -0,0 +1,19 @@
+#!/bin/bash
+# Used to sign bloom filters created with https://crates.io/crates/create-bloom-filter
+
+set -e
+
+if [ $# -ne 3 ]; then
+  echo "Usage: $0 bloom_file private_key_file output_path"
+  exit
+fi
+
+
+mkdir -p $3
+TIMESTAMP=`date +%s`
+cp $1 $3/bloom.$TIMESTAMP.bin
+cat $1.json | $(dirname $0)/add_timestamp.py $TIMESTAMP > $3/bloom-metadata.$TIMESTAMP.json
+
+openssl dgst -sha256 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:32 -sign $2 -out $3/bloom-signature.$TIMESTAMP.sha256 $3/bloom-metadata.$TIMESTAMP.json
+
+echo $TIMESTAMP > $3/latest-bloom-timestamp
diff --git a/utils/sign-rulesets/async-airgap.sh b/utils/sign-rulesets/async-airgap.sh
new file mode 100755
index 000000000000..41ec90876c2e
--- /dev/null
+++ b/utils/sign-rulesets/async-airgap.sh
@@ -0,0 +1,23 @@
+#!/bin/bash
+
+set -e
+
+if [ $# -ne 2 ]; then
+  echo "Usage: $0 private_key_file sha256_hash"
+  exit
+fi
+
+
+echo metahash for confirmation only $(echo -n $2 | sha256sum | cut -c1-6) ...
+read -p "(press enter to continue)"
+
+SIGNED_SHA256SUM=`mktemp /tmp/signature.sha256.XXXXXXXX`
+trap 'rm $SIGNED_SHA256SUM' EXIT
+SIGNED_SHA256SUM_BASE64_QR=`mktemp /tmp/signature.sha256.base64.XXXXXXXX.png`
+trap 'rm $SIGNED_SHA256SUM_BASE64_QR' EXIT
+
+echo $2 | xxd -r -p | openssl pkeyutl -sign -inkey $1 -pkeyopt digest:sha256 -pkeyopt rsa_padding_mode:pss -pkeyopt rsa_pss_saltlen:32 -out $SIGNED_SHA256SUM
+
+cat $SIGNED_SHA256SUM | base64
+cat $SIGNED_SHA256SUM | base64 | qrencode -o $SIGNED_SHA256SUM_BASE64_QR
+eog $SIGNED_SHA256SUM_BASE64_QR 2>/dev/null
diff --git a/utils/sign-rulesets/async-request.sh b/utils/sign-rulesets/async-request.sh
new file mode 100755
index 000000000000..e63571da3469
--- /dev/null
+++ b/utils/sign-rulesets/async-request.sh
@@ -0,0 +1,31 @@
+#!/bin/bash
+
+set -e
+
+if [ $# -ne 2 ]; then
+  echo "Usage: $0 public_key_file output_path"
+  exit
+fi
+
+
+RULESETS_FILE=rules/default.rulesets
+
+SIGNED_SHA256SUM_BASE64=`mktemp /tmp/ruleset-signature.sha256.base64.XXXXXXXX`
+trap 'rm $SIGNED_SHA256SUM_BASE64' EXIT
+
+mkdir -p $2
+TIMESTAMP=`date +%s`
+REFERENCE=`git rev-parse HEAD`
+echo "{ \"timestamp\": $TIMESTAMP, \"reference\": \"$REFERENCE\", \"rulesets\":" "`cat $RULESETS_FILE`" "}" | tr -d '\n' | gzip -nc > $2/default.rulesets.$TIMESTAMP.gz
+
+echo 'Hash for signing: '
+sha256sum $2/default.rulesets.$TIMESTAMP.gz | cut -f1 -d' '
+echo metahash for confirmation only $(sha256sum $2/default.rulesets.$TIMESTAMP.gz | cut -f1 -d' ' | tr -d '\n' | sha256sum | cut -c1-6) ...
+
+echo 'Paste in the data from the QR code, then type Ctrl-D:'
+cat | tr -d '\n' > $SIGNED_SHA256SUM_BASE64
+
+base64 -d $SIGNED_SHA256SUM_BASE64 > $2/rulesets-signature.$TIMESTAMP.sha256
+openssl dgst -sha256 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:32 -verify $1 -signature $2/rulesets-signature.$TIMESTAMP.sha256 $2/default.rulesets.$TIMESTAMP.gz
+
+echo $TIMESTAMP > $2/latest-rulesets-timestamp
diff --git a/utils/sign-rulesets/standalone.sh b/utils/sign-rulesets/standalone.sh
new file mode 100755
index 000000000000..97e835dfb2a4
--- /dev/null
+++ b/utils/sign-rulesets/standalone.sh
@@ -0,0 +1,20 @@
+#!/bin/bash
+
+set -e
+
+if [ $# -ne 2 ]; then
+  echo "Usage: $0 private_key_file output_path"
+  exit
+fi
+
+
+RULESETS_FILE=rules/default.rulesets
+
+mkdir -p $2
+TIMESTAMP=`date +%s`
+REFERENCE=`git rev-parse HEAD`
+echo "{ \"timestamp\": $TIMESTAMP, \"reference\": \"$REFERENCE\", \"rulesets\":" "`cat $RULESETS_FILE`" "}" | tr -d '\n' | gzip -nc > $2/default.rulesets.$TIMESTAMP.gz
+
+openssl dgst -sha256 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:32 -sign $1 -out $2/rulesets-signature.$TIMESTAMP.sha256 $2/default.rulesets.$TIMESTAMP.gz
+
+echo $TIMESTAMP > $2/latest-rulesets-timestamp
diff --git a/utils/simple.py b/utils/simple.py
deleted file mode 100644
index ab941f8d91b0..000000000000
--- a/utils/simple.py
+++ /dev/null
@@ -1,59 +0,0 @@
-#!/usr/bin/env python
-
-from lxml import etree
-import regex
-
-# XXX: this doesn't work for from patterns that use the ?: in (?:www\.)?
-#      (one of many examples in Zoosk.com.xml)
-# XXX: this doesn't figure out if a target host causes a particular rule
-#      to be completely inapplicable (in which case it should probably be
-#      ignored) for determining simplicity
-# XXX: this doesn't catch simple rules that use alternation with
-#      backreferences, like from="^http://(foo|bar)\.example\.com/"
-#      to="\1.example.com"
-
-def simple(f):
-    tree = etree.parse(f)
-    targets = [target.attrib["host"] for target in tree.xpath("/ruleset/target")]
-    return all([
-    # ruleset must not be default_off
-    "default_off" not in tree.xpath("/ruleset")[0].attrib,
-    # ruleset must not contain a match_rule
-    "match_rule" not in tree.xpath("/ruleset")[0].attrib,
-    # XXX: maybe also check for platform="mixedcontent" here
-    # ruleset must not apply any securecookie patterns
-    not tree.xpath("/ruleset/securecookie"),
-    # ruleset must not contain any exclusions
-    not tree.xpath("/ruleset/exclusion"),
-    # targets must not contain any wildcards
-    not any("*" in target for target in targets),
-    # ruleset must not contain any downgrade rules
-    not any("downgrade" in rule.attrib for rule in tree.xpath("/ruleset/rule")),
-    # and every rule must itself be simple according to the criteria below
-    all(simple_rule(rule, targets) for rule in tree.xpath("/ruleset/rule"))
-    ])
-
-def simple_rule(rule, targets):
-    """Is this rule a simple rule?  A simple rule rewrites a single hostname,
-    perhaps with an optional leading www\., to itself or to itself plus www.,
-    at the top level with no other effects."""
-    rule_from = rule.attrib["from"]
-    rule_to = rule.attrib["to"]
-    # Simple rule with no capture
-    if regex.match(r"^\^http://[-A-Za-z0-9.\\]+/$", rule_from):
-        applicable_host = unescape(regex.search(r"^\^http://([-A-Za-z0-9.\\])+/$", rule_from).groups()[0])
-        if regex.match(r"^https://%s/" % applicable_host, rule_to) or regex.match("r^https://%s/" % applicable_host, rule_to):
-            return True
-        else:
-            return False
-    # Optional www
-    if regex.match(r"^\^http://\(www\\\.\)\?[-A-Za-z0-9.\\]+/$", rule_from):
-        applicable_host = unescape(regex.search(r"^\^http://\(www\\\.\)\?([-A-Za-z0-9.\\]+)/$", rule_from).groups()[0])
-        if regex.match(r"^https://www\.%s/" % applicable_host, rule_to) or regex.match(r"^https://%s/" % applicable_host, rule_to):
-            return True
-        else:
-            return False
-    return False
-
-def unescape(s):
-    return s.replace(r"\.", ".")
diff --git a/utils/single_rule_response.py b/utils/single_rule_response.py
deleted file mode 100755
index 3184298c0279..000000000000
--- a/utils/single_rule_response.py
+++ /dev/null
@@ -1,115 +0,0 @@
-#!/usr/bin/env python
-
-import sys, os, re
-from functools import partial
-
-try:
-    from lxml import etree
-except ImportError:
-    sys.stderr.write("** Could not import lxml!  Rule validation SKIPPED.\n")
-    sys.stderr.write("** Caution: A resulting build MAY CONTAIN INVALID RULES.\n")
-    sys.stderr.write("** Please install libxml2 and lxml to permit validation!\n")
-    sys.exit(0)
-
-try:
-    from requests import head
-    from requests.exceptions import SSLError, ConnectionError, Timeout
-except ImportError:
-    sys.stderr.write("** Could not import requests!  Rule validation SKIPPED.\n")
-    sys.stderr.write("** Caution: A resulting build MAY CONTAIN SITES WHICH DO NOT SUPPORT HTTPS.\n")
-    sys.stderr.write("** Please install requests to permit validation!\n")
-    sys.exit(0)
-
-if not (sys.argv[1:] and sys.argv[2:]):
-    sys.stderr.write("Usage: %s ruleset report_file\n\n" % sys.argv[0])
-    sys.exit(0)
-
-# Error lists
-certificate = []
-timeout = []
-redirect = []
-
-ruleset = sys.argv[1]
-report_file = sys.argv[2]
-
-request = partial(head, verify=True, timeout=15.0,
-        config={'keep_alive': False})
-# 'GET' - method, verify - verify the certificate, timeout - 5.0 seconds
-
-def test_response_no_redirect(to):
-    """destination may not support HTTPS."""
-    ret = True
-    try:
-        response = request(to, allow_redirects=False)
-        if response.status_code in (300, 301, 302, 307, 308):
-            find_redirect(to)
-            ret = False
-        if response.status_code != 200:
-            ret = False
-        del response
-    except SSLError:
-    #   sys.stdout.write("failure: %s certificate validity check failed.\n" % to)
-        certificate.append(to)
-        ret = False
-    except (ConnectionError, Timeout):
-    #   sys.stdout.write("failure: %s can not be reached.\n" % to)
-        timeout.append('%s - timeout' % to)
-        ret = False
-    except Exception:
-        ret = False
-    return ret
-
-
-def find_redirect(to):
-    """Prints redirects"""
-    try:
-        response = request(to, allow_redirects=True)
-        url_re = re.compile(re.escape(to))
-        if response.status_code == 200 and not url_re.match(response.url):
-            # i.e. it redirected and it didn't redirect from something like:
-            #  https://www.eff.org/ -> https://www.eff.org/index.html
-        #   sys.stdout.write("failure: %s redirects to %s.\n" % (to, response.url))
-            redirect.append('%s -> %s' % (to, response.url))
-    except SSLError:
-        redirect.append('%s - ssl_error' % to)
-    except (ConnectionError, Timeout):
-    #   sys.stdout.write("failure: %s can not be reached to complete a redirect\n" % to)
-        redirect.append('%s - timeout' % to)
-    except Exception:
-        pass
-
-
-failure = 0
-#failed = []
-back_ref = re.compile('\$\d+')
-
-if __name__ == "__main__":
-    tree = etree.parse(ruleset)
-
-    seen = []
-    for rule in tree.xpath('/ruleset/rule'):
-        to = rule.get('to')
-        if rule.get('downgrade') or to in seen:
-            continue
-        if back_ref.search(to):
-            continue
-        if not test_response_no_redirect(to):
-            #failed.append(to)
-            failure = 1
-        seen.append(to)
-
-    if failure:
-        sys.stdout.write("warning: %s failed test: %s\n" % (ruleset, test_response_no_redirect.__doc__))
-        with open(report_file, 'a') as fd:
-            #fd.write('%s: %s\n' % (ruleset, ', '.join(failed)))
-            if certificate:
-                fd.write('[%s] Certificate Errors:\n %s\n' %
-                        (ruleset, ', '.join(certificate)))
-            if redirect:
-                fd.write('[%s] Redirect Failures:\n %s\n' %
-                        (ruleset, ', '.join(redirect)))
-            if timeout:
-                fd.write('[%s] Timeout Failures:\n %s\n' %
-                        (ruleset, ', '.join(timeout)))
-
-    sys.exit(failure)
diff --git a/utils/standalone-translations.py b/utils/standalone-translations.py
new file mode 100644
index 000000000000..48624c0363c4
--- /dev/null
+++ b/utils/standalone-translations.py
@@ -0,0 +1,56 @@
+#!/usr/bin/env python3
+"""
+Generate a messages.json translations file for HTTPS Everywhere Standalone
+"""
+import re
+import sys
+import os
+import json
+
+source_dir = sys.argv[1]
+dest_dir = sys.argv[2]
+
+message_regex = re.compile("<!ENTITY https-everywhere\.([\w.-]+) \"(.*?)\">")
+strings_needed = [
+  "about.version",
+  "about.rulesets_version",
+  "menu.globalDisable",
+  "menu.globalEnable",
+  "menu.encryptAllSitesEligibleOn",
+  "menu.encryptAllSitesEligibleOff",
+  "options.enterDisabledSite",
+  "options.addDisabledSite",
+  "options.hostNotFormattedCorrectly",
+  "options.disabledUrlsListed",
+  "menu.httpNoWhereExplainedBlocked",
+  "menu.httpNoWhereExplainedAllowed",
+  "standalone.proxy_server_info_prefix",
+  "standalone.transparent_true",
+  "standalone.transparent_false",
+]
+
+def convert(locale):
+  translation_file = os.path.join(source_dir, locale, "https-everywhere.dtd")
+  if os.path.isfile(translation_file):
+    target_messages = {}
+    with open(translation_file, 'r', encoding='utf-8') as f:
+      for line in f:
+        m = message_regex.search(line)
+        if m:
+          message_name = m.group(1)
+          if message_name in strings_needed:
+            message_value = m.group(2)
+            message_name = re.sub("[.-]", "_", message_name)
+            target_messages[message_name] = message_value
+    return target_messages
+  else:
+    return False
+
+with open(os.path.join(dest_dir, "messages.json"), "w") as out_file:
+  all_target_messages = {}
+  for locale in os.listdir(source_dir):
+    if not "." in locale:
+      target_messages = convert(locale)
+      if target_messages:
+        all_target_messages[locale] = target_messages
+  out_file.write(json.dumps(all_target_messages, sort_keys=True, indent=4))
diff --git a/utils/trivial-response.py b/utils/trivial-response.py
deleted file mode 100755
index 00629d594023..000000000000
--- a/utils/trivial-response.py
+++ /dev/null
@@ -1,68 +0,0 @@
-#!/usr/bin/env python
-
-import sys, os, re, subprocess
-from time import sleep
-
-try:
-    from lxml import etree
-except ImportError:
-    sys.stderr.write("** Could not import lxml!  Rule validation SKIPPED.\n")
-    sys.stderr.write("** Caution: A resulting build MAY CONTAIN INVALID RULES.\n")
-    sys.stderr.write("** Please install libxml2 and lxml to permit validation!\n")
-    sys.exit(0)
-
-base_dir = os.getcwd()
-rule_script = '/'.join([base_dir, 'single_rule_response.py'])
-report_file = '/'.join([base_dir, 'response_report.txt'])
-rule_file = '/'.join([base_dir, '%s_report.txt'])
-
-if sys.argv[1:]:
-    os.chdir(sys.argv[1])
-
-failure = 0
-default_off = 0
-procs = []
-files = os.listdir('.')
-PARALLELISM = 10
-
-with open(report_file, 'w+') as fd:
-    fd.truncate(0)
-
-while True:
-    if files and (len(procs) < PARALLELISM):
-        fil = files.pop()
-        if 'mismatches' in fil:
-            continue
-        try:
-            tree = etree.parse(fil)
-
-            if tree.xpath('/ruleset/@default_off'):
-                default_off += 1
-                continue
-        except Exception as e:
-            continue
-
-        proc = subprocess.Popen([rule_script, fil, rule_file %
-            fil[:-4]])
-        procs.append((proc, fil[:-4]))
-
-    for (proc, f) in procs:
-        proc.poll()
-        print("POLL'D")
-        if proc.returncode != None:
-            print("FUCKED")
-            with open(rule_file % f, 'r') as rule_fd:
-                with open(report_file, 'a') as report_fd:
-                    print("CONTEXT")
-                    report_fd.writelines(rule_fd)
-            os.unlink(rule_file % f)
-            procs.remove((proc, f))
-
-    if not (files or procs):
-        break
-
-    sleep(0.75)
-
-sys.stdout.write("Skipped %d default_off rulesets.\n" % default_off)
-
-sys.exit(failure)
diff --git a/utils/trivial-validate.py b/utils/trivial-validate.py
deleted file mode 100755
index 42532e24735a..000000000000
--- a/utils/trivial-validate.py
+++ /dev/null
@@ -1,266 +0,0 @@
-#!/usr/bin/python
-
-import argparse
-import sys, re, os
-
-try:
-    from lxml import etree
-except ImportError:
-    sys.stderr.write("** Could not import lxml!  Rule validation SKIPPED.\n")
-    sys.stderr.write("** Caution: A resulting build MAY CONTAIN INVALID RULES.\n")
-    sys.stderr.write("** Please install libxml2 and lxml to permit validation!\n")
-    sys.exit(0)
-
-parser = argparse.ArgumentParser(
-    formatter_class=argparse.RawDescriptionHelpFormatter,
-    description="Ruleset validation script.")
-parser.add_argument('--ignoredups', type=str, nargs="*",
-    default="",
-    help="Ignore entries."
-    )
-parser.add_argument('--dupdir', type=str, nargs="*",
-    default="",
-    help="Duplicate directory."
-    )
-parser.add_argument('--quiet', action="store_true",
-    default=False, help="Suppress debug output."
-    )
-parser.add_argument('ruleset', metavar='XML directory', type=str, nargs="*",
-    default="src/chrome/content/rules",
-    help='Directory of XML files to validate.')
-
-args = parser.parse_args()
-
-ignoredups = [re.compile(val) for val in args.ignoredups]
-dupdir = [val for val in args.dupdir]
-quiet = args.quiet
-
-def warn(s):
-    if not quiet: sys.stdout.write("warning: %s\n" % s)
-
-def fail(s):
-    sys.stdout.write("failure: %s\n" % s)
-
-def test_not_anchored(tree):
-    # Rules not anchored to the beginning of a line.
-    """The 'from' rule is not anchored to beginning of line using the ^ symbol."""
-    for f in tree.xpath("/ruleset/rule/@from"):
-        if not f or f[0] != "^":
-            return False
-    return True
-
-def test_bad_regexp(tree):
-    # Rules with invalid regular expressions.
-    """The 'from' rule contains an invalid extended regular expression."""
-    for f in tree.xpath("/ruleset/rule/@from") + \
-             tree.xpath("/ruleset/exclusion/@pattern") + \
-             tree.xpath("/ruleset/securecookie/@host"):
-        try:
-            re.compile(f)
-        except:
-            return False
-    return True
-
-def test_missing_to(tree):
-
-    # Rules that are terminated before setting 'to'.
-    # These cases are probably either due to a misplaced
-    # rule end or intended to be different elements.
-    """Rule is missing a 'to' value."""
-    for rule in tree.xpath("/ruleset/rule"):
-	if not rule.get("to"):
-            warn("'to' attribute missing in %s. " %fi)
-            warn("Misplaced end or misnamed element?")
-            return False
-    return True
-
-def test_unescaped_dots(tree):
-    # Rules containing unescaped dots outside of brackets and before slash.
-    # Note: this is meant to require example\.com instead of example.com,
-    # but it also forbids things like .* which usually ought to be replaced
-    # with something like ([^/:@\.]+)
-    """The 'from' rule contains unescaped period in regular expression.  Try escaping it with a backslash."""
-    for f in tree.xpath("/ruleset/rule/@from"):
-        escaped = False
-        bracketed = False
-        s = re.sub("^\^https?://", "", f)
-        for c in s:
-            if c == "\\":
-               escaped = not escaped
-            elif not escaped and c == "[":
-               bracketed = True
-            elif not escaped and c == "]":
-               bracketed = False
-            elif not escaped and not bracketed and c == ".":
-               return False
-            elif not bracketed and c == "/":
-               break
-            else:
-               escaped = False
-    return True
-
-def test_space_in_to(tree):
-    # Rules where the to pattern contains a space.
-    """The 'to' rule contains a space."""
-    for t in tree.xpath("/ruleset/rule/@to"):
-        if ' ' in t:
-            return False
-    return True
-
-def test_unencrypted_to(tree):
-    # Rules that redirect to something other than https or http.
-    # This used to test for http: but testing for lack of https: will
-    # catch more kinds of mistakes.
-    # Now warn if the rule author indicates they intended it, with the
-    # downgrade attribute.  Error if this attribute is not present.
-    """Rule redirects to something other than https."""
-    for rule in tree.xpath("/ruleset/rule"):
-        to, downgrade = rule.get("to"), rule.get("downgrade")
-        if to[:6] != "https:" and to[:5] != "http:":
-            return False
-        elif to[:5] == "http:" and downgrade:
-            warn("downgrade rule in %s redirects to http." % fi)
-        elif to[:5] == "http:":
-            fail("non-downgrade rule in %s redirects to http." % fi)
-            return False
-    return True
-
-def test_backslash_in_to(tree):
-    # Rules containing backslashes in to pattern.
-    """The 'to' rule contains a backslash."""
-    for t in tree.xpath("/ruleset/rule/@to"):
-        if '\\' in t:
-            return False
-    return True
-
-def test_no_trailing_slash(tree):
-    # Rules not containing trailing slash in from or to pattern.
-    """Rule omits forward slash after host name."""
-    for r in tree.xpath("/ruleset/rule"):
-        f, t = r.get("from"), r.get("to")
-        if not re.search("//.*/", f):
-            return False
-        if not re.search("//.*/", t):
-            return False
-    return True
-
-def test_lacks_target_host(tree):
-    # Rules that lack at least one target host (target tag with host attr).
-    """Rule fails to specify at least one target host."""
-    return not not tree.xpath("/ruleset/target/@host")
-
-def test_bad_target_host(tree):
-    # Rules where a target host contains multiple wildcards or a slash.
-    """The target host must be a hostname, not URL, and must use at most one wildcard."""
-    for target in tree.xpath("/ruleset/target/@host"):
-        if "/" in target:
-            return False
-        if target.count("*") > 1:
-            return False
-    return True
-
-def test_duplicated_target_host(tree):
-    # Rules where a single target host appears more than once.
-    """Rule contains the same target host more than once."""
-    targets = tree.xpath("/ruleset/target/@host")
-    return len(set(targets)) == len(targets)
-
-printable_characters = set(map(chr, list(range(32, 127))))
-
-def test_non_ascii(tree):
-    # Rules containing non-printable characters.
-    """Rule contains non-printable character in 'to' pattern."""
-    for t in tree.xpath("/ruleset/rule/@to"):
-        for c in t:
-            if c not in printable_characters:
-                return False
-    return True
-
-def test_ruleset_name(tree):
-    """Rule has name"""
-    if tree.xpath("/ruleset/@name"):
-        return True
-    else:
-        return False
-
-def get_all_names_and_targets(ds):
-    """extract unique names and targets from a list of dirs of xml files"""
-    names = set()
-    targets = set()
-    for d in ds:
-        for fi in os.listdir(d):
-            fi = os.path.join(d, fi)
-            try:
-                tree = etree.parse(fi)
-                ruleset_name = tree.xpath("/ruleset/@name")[0]
-                target_names = tree.xpath("/ruleset/target/@host")
-            except Exception:
-                continue
-            names.add(ruleset_name)
-            for target in target_names:
-                targets.add(target)
-    return names, targets
-
-def nomes_all(where=sys.argv[1:]):
-    """Returns generator to extract all files from a list of files/dirs"""
-    if not where: where=['.']
-    for i in where:
-        if os.path.isfile(i):
-            yield i
-        elif os.path.isdir(i):
-            for r, d, f in os.walk(i):
-                for fi in f:
-                    yield os.path.join(r, fi)
-
-tests = [test_not_anchored, test_bad_regexp, test_unescaped_dots, test_missing_to,
-         test_space_in_to, test_unencrypted_to, test_backslash_in_to,
-         test_no_trailing_slash, test_lacks_target_host, test_bad_target_host,
-         test_duplicated_target_host, test_non_ascii]
-
-failure = 0
-seen_file = False
-all_names, all_targets = get_all_names_and_targets(dupdir)
-
-for fi in nomes_all():
-    try:
-        tree = etree.parse(fi)
-        if fi[-4:] != ".xml":
-            if tree.xpath("/ruleset"):
-                warn("ruleset in file without .xml extension: %s" % fi)
-            else:
-                continue
-        seen_file = True
-    except Exception as oops:
-        if fi[-4:] != ".xml":
-            continue
-        failure = 1
-        fail("%s failed XML validity: %s\n" % (fi, oops))
-    if failure or not tree.xpath("/ruleset"):
-        continue
-    if not test_ruleset_name(tree):
-        failure = 1
-        fail("unnamed ruleset: %s" % fi)
-        continue
-    ruleset_name = tree.xpath("/ruleset/@name")[0]
-    if ruleset_name in all_names:
-        failure = 1
-        fail("duplicate ruleset name %s" % ruleset_name)
-    all_names.add(ruleset_name)
-    for test in tests:
-        if not test(tree):
-            failure = 1
-            fail("%s failed test: %s" % (fi, test.__doc__))
-    for target in tree.xpath("/ruleset/target/@host"):
-        if target in all_targets and not any(ign.search(target) for ign in ignoredups):
-            # suppress warning about duplicate targets if an --ignoredups
-            # pattern matches target
-            warn("%s has duplicate target: %s" % (fi, target))
-        all_targets.add(target)
-
-if not seen_file:
-   which = "specified" if args else "current"
-   sys.stdout.write("There were no valid XML files in the %s " % which)
-   sys.stdout.write("directory.\n")
-   failure = 3
-
-sys.exit(failure)
diff --git a/utils/trivialize-cdn-rules/.gitignore b/utils/trivialize-cdn-rules/.gitignore
new file mode 100644
index 000000000000..ad46b30886fa
--- /dev/null
+++ b/utils/trivialize-cdn-rules/.gitignore
@@ -0,0 +1,61 @@
+# Logs
+logs
+*.log
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+
+# Runtime data
+pids
+*.pid
+*.seed
+*.pid.lock
+
+# Directory for instrumented libs generated by jscoverage/JSCover
+lib-cov
+
+# Coverage directory used by tools like istanbul
+coverage
+
+# nyc test coverage
+.nyc_output
+
+# Grunt intermediate storage (http://gruntjs.com/creating-plugins#storing-task-files)
+.grunt
+
+# Bower dependency directory (https://bower.io/)
+bower_components
+
+# node-waf configuration
+.lock-wscript
+
+# Compiled binary addons (https://nodejs.org/api/addons.html)
+build/Release
+
+# Dependency directories
+node_modules/
+jspm_packages/
+
+# TypeScript v1 declaration files
+typings/
+
+# Optional npm cache directory
+.npm
+
+# Optional eslint cache
+.eslintcache
+
+# Optional REPL history
+.node_repl_history
+
+# Output of 'npm pack'
+*.tgz
+
+# Yarn Integrity file
+.yarn-integrity
+
+# dotenv environment variables file
+.env
+
+# next.js build output
+.next
diff --git a/utils/trivialize-cdn-rules/index.js b/utils/trivialize-cdn-rules/index.js
new file mode 100644
index 000000000000..4f8116dd84be
--- /dev/null
+++ b/utils/trivialize-cdn-rules/index.js
@@ -0,0 +1,161 @@
+'use strict'
+
+const util = require('util')
+const path = require('path')
+
+const fs = require('graceful-fs')
+const xml2js = require('xml2js')
+const request = require('sync-request')
+const chalk = require('chalk')
+
+const readdir = util.promisify(fs.readdir)
+const readFile = util.promisify(fs.readFile)
+const parseXML = util.promisify(xml2js.parseString)
+
+const rulesDir = 'src/chrome/content/rules/'
+
+const log = (level, filename, message) => {
+  switch (level) {
+    case 'WARN':
+      console.warn(chalk.yellow(`[${level}] ${chalk.bold(filename)}: ${message}`))
+      break
+    case 'INFO':
+      console.info(chalk.green(`[${level}] ${chalk.bold(filename)}: ${message}`))
+      break
+    case 'FAIL':
+    default:
+      console.error(chalk.red(`[${level}] ${chalk.bold(filename)}: ${message}`))
+      break
+  }
+}
+
+const supportedCDNsRegexs = [
+  { // Cloudfront.net
+    fromRe: /^\^http(?:s\?)?:\/\/((([\\a-z0-9_-]+)\.)*([\\a-z0-9-]+))\/$/,
+    toRe: /^https:\/\/\w+\.cloudfront\.net\/$/
+  },
+  { // 2o7.net
+    fromRe: /^\^http(?:s\?)?:\/\/((([\\a-z0-9_-]+)\.)*([\\a-z0-9-]+))\/$/,
+    toRe: /^https:\/\/[\w-]+\.1[12]2\.2o7\.net\/$/
+  },
+  { // amazonaws.com
+    fromRe: /^\^http(?:s\?)?:\/\/((([\\a-z0-9_-]+)\.)*([\\a-z0-9-]+))\/$/,
+    toRe: /^https:\/\/s3\.amazonaws\.com\//
+  }
+]
+
+const escapeRegExp = (str) => {
+  return str.replace(/[\-\[\]\/\{\}\(\)\*\+\?\.\\\^\$\|]/g, '\\$&') // eslint-disable-line
+}
+
+const isSecureConnectionOkay = (host) => {
+  // FIXME: terrible performance...
+  let response = request('GET', `https://${host}/`, {
+    headers: {
+      'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:10.0) Gecko/20100101 Firefox/10.0'
+    },
+    timeout: 3000,
+    socketTimeout: 3000,
+    maxRedirects: 5
+  })
+  if (response) {
+    return true
+  } else {
+    return false
+  }
+}
+
+const trivializeGenericRewrites = async (fstat, content, rules) => {
+  return new Promise((resolve, reject) => {
+    let rewrittenAtLeastOnce = false
+    let originalContent = content
+
+    for (const rule of rules) {
+      for (const supportedCDNsRegex of supportedCDNsRegexs) {
+        if (supportedCDNsRegex.fromRe.test(rule.from) && supportedCDNsRegex.toRe.test(rule.to)) {
+          let host = rule.from.replace(supportedCDNsRegex.fromRe, '$1').replace(/\\\./g, '.')
+
+          if (host !== null && isSecureConnectionOkay(host)) {
+            // TODO: replace rule here...
+            const ruleRe = `\n([\t ]*)<rule\\s*from=\\s*"${escapeRegExp(rule.from)}"(\\s*)to=\\s*"${escapeRegExp(rule.to)}"\\s*?/>[\t ]*\n`
+            const ruleRegex = new RegExp(ruleRe, 'g')
+
+            if (ruleRegex.test(originalContent)) {
+              content = content.replace(ruleRegex, `\n$1<rule from="^http://${host.replace(/\./g, '\\.')}/"$2to="https://${host}/" />\n`)
+              if (originalContent !== content) {
+                rewrittenAtLeastOnce = true
+              }
+            } else {
+              log('WARN', fstat.filename, `Warning: cannot construct RegExp which match rule ${JSON.stringify(rule)}`)
+            }
+            break
+          }
+        }
+      }
+    }
+
+    if (rewrittenAtLeastOnce) {
+      try {
+        fs.writeFileSync(fstat.fullname, content, { encoding: 'utf8' })
+        resolve(rewrittenAtLeastOnce)
+      } catch (error) {
+        reject(error)
+      }
+    } else {
+      resolve(rewrittenAtLeastOnce)
+    }
+  })
+}
+
+const trivializeCDNRewrites = async (fstat) => {
+  return new Promise((resolve, reject) => {
+    (async () => { // async wrapper for await keyword...
+      let content = await readFile(fstat.fullname, { encoding: 'utf8' }).catch(error => reject(error))
+      let $ = await parseXML(content).catch(error => reject(error))
+      let rules = $.ruleset.rule.map(rule => rule.$)
+      let rewrittenAtLeastOnce = false
+
+      await trivializeGenericRewrites(fstat, content, rules)
+        .then(rewritten => {
+          if (rewritten) {
+            rewrittenAtLeastOnce = true
+          }
+        })
+        .catch(error => {
+          reject(error)
+        })
+
+      // TODO: Add support for more CDNs
+      resolve(rewrittenAtLeastOnce)
+    })()
+  })
+}
+
+(async () => {
+  await readdir(rulesDir)
+    .then(filenames => {
+      return filenames.filter(filename => filename.endsWith('.xml'))
+    })
+    .then(filenames => {
+      return filenames.map(filename => ({
+        fullname: path.join(rulesDir, filename),
+        filename
+      }))
+    })
+    .then(async (fstats) => {
+      return Promise.all(fstats.map(fstat => {
+        return trivializeCDNRewrites(fstat)
+          .then(rewritten => {
+            if (rewritten) {
+              log('INFO', fstat.filename, 'trivialized')
+            }
+          })
+          .catch(error => {
+            log('FAIL', fstat.filename, error)
+          })
+      }))
+    })
+    .catch(error => {
+      log('FAIL', '::Promise.all::', error)
+    })
+})()
diff --git a/utils/trivialize-cdn-rules/package-lock.json b/utils/trivialize-cdn-rules/package-lock.json
new file mode 100644
index 000000000000..423379f97406
--- /dev/null
+++ b/utils/trivialize-cdn-rules/package-lock.json
@@ -0,0 +1,2221 @@
+{
+  "name": "trivialize-cdn-rules",
+  "version": "1.0.0",
+  "lockfileVersion": 1,
+  "requires": true,
+  "dependencies": {
+    "@types/concat-stream": {
+      "version": "1.6.0",
+      "resolved": "https://registry.npmjs.org/@types/concat-stream/-/concat-stream-1.6.0.tgz",
+      "integrity": "sha1-OU2+C7X+5Gs42JZzXoto7yOQ0A0=",
+      "requires": {
+        "@types/node": "*"
+      }
+    },
+    "@types/form-data": {
+      "version": "0.0.33",
+      "resolved": "https://registry.npmjs.org/@types/form-data/-/form-data-0.0.33.tgz",
+      "integrity": "sha1-yayFsqX9GENbjIXZ7LUObWyJP/g=",
+      "requires": {
+        "@types/node": "*"
+      }
+    },
+    "@types/node": {
+      "version": "10.17.26",
+      "resolved": "https://registry.npmjs.org/@types/node/-/node-10.17.26.tgz",
+      "integrity": "sha512-myMwkO2Cr82kirHY8uknNRHEVtn0wV3DTQfkrjx17jmkstDRZ24gNUdl8AHXVyVclTYI/bNjgTPTAWvWLqXqkw=="
+    },
+    "@types/qs": {
+      "version": "6.9.3",
+      "resolved": "https://registry.npmjs.org/@types/qs/-/qs-6.9.3.tgz",
+      "integrity": "sha512-7s9EQWupR1fTc2pSMtXRQ9w9gLOcrJn+h7HOXw4evxyvVqMi4f+q7d2tnFe3ng3SNHjtK+0EzGMGFUQX4/AQRA=="
+    },
+    "acorn": {
+      "version": "5.7.4",
+      "resolved": "https://registry.npmjs.org/acorn/-/acorn-5.7.4.tgz",
+      "integrity": "sha512-1D++VG7BhrtvQpNbBzovKNc1FLGGEE/oGe7b9xJm/RFHMBeUaUGpluV9RLjZa47YFdPcDAenEYuq9pQPcMdLJg==",
+      "dev": true
+    },
+    "acorn-jsx": {
+      "version": "3.0.1",
+      "resolved": "https://registry.npmjs.org/acorn-jsx/-/acorn-jsx-3.0.1.tgz",
+      "integrity": "sha1-r9+UiPsezvyDSPb7IvRk4ypYs2s=",
+      "dev": true,
+      "requires": {
+        "acorn": "^3.0.4"
+      },
+      "dependencies": {
+        "acorn": {
+          "version": "3.3.0",
+          "resolved": "https://registry.npmjs.org/acorn/-/acorn-3.3.0.tgz",
+          "integrity": "sha1-ReN/s56No/JbruP/U2niu18iAXo=",
+          "dev": true
+        }
+      }
+    },
+    "ajv": {
+      "version": "5.5.2",
+      "resolved": "https://registry.npmjs.org/ajv/-/ajv-5.5.2.tgz",
+      "integrity": "sha1-c7Xuyj+rZT49P5Qis0GtQiBdyWU=",
+      "dev": true,
+      "requires": {
+        "co": "^4.6.0",
+        "fast-deep-equal": "^1.0.0",
+        "fast-json-stable-stringify": "^2.0.0",
+        "json-schema-traverse": "^0.3.0"
+      }
+    },
+    "ajv-keywords": {
+      "version": "2.1.1",
+      "resolved": "https://registry.npmjs.org/ajv-keywords/-/ajv-keywords-2.1.1.tgz",
+      "integrity": "sha1-YXmX/F9gV2iUxDX5QNgZ4TW4B2I=",
+      "dev": true
+    },
+    "ansi-escapes": {
+      "version": "3.1.0",
+      "resolved": "https://registry.npmjs.org/ansi-escapes/-/ansi-escapes-3.1.0.tgz",
+      "integrity": "sha512-UgAb8H9D41AQnu/PbWlCofQVcnV4Gs2bBJi9eZPxfU/hgglFh3SMDMENRIqdr7H6XFnXdoknctFByVsCOotTVw==",
+      "dev": true
+    },
+    "ansi-regex": {
+      "version": "2.1.1",
+      "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-2.1.1.tgz",
+      "integrity": "sha1-w7M6te42DYbg5ijwRorn7yfWVN8=",
+      "dev": true
+    },
+    "ansi-styles": {
+      "version": "3.2.1",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz",
+      "integrity": "sha512-VT0ZI6kZRdTh8YyJw3SMbYm/u+NqfsAxEpWO0Pf9sq8/e94WxxOpPKx9FR1FlyCtOVDNOQ+8ntlqFxiRc+r5qA==",
+      "dev": true,
+      "requires": {
+        "color-convert": "^1.9.0"
+      }
+    },
+    "argparse": {
+      "version": "1.0.10",
+      "resolved": "https://registry.npmjs.org/argparse/-/argparse-1.0.10.tgz",
+      "integrity": "sha512-o5Roy6tNG4SL/FOkCAN6RzjiakZS25RLYFrcMttJqbdd8BWrnA+fGz57iN5Pb06pvBGvl5gQ0B48dJlslXvoTg==",
+      "dev": true,
+      "requires": {
+        "sprintf-js": "~1.0.2"
+      }
+    },
+    "array-includes": {
+      "version": "3.0.3",
+      "resolved": "https://registry.npmjs.org/array-includes/-/array-includes-3.0.3.tgz",
+      "integrity": "sha1-GEtI9i2S10UrsxsyMWXH+L0CJm0=",
+      "dev": true,
+      "requires": {
+        "define-properties": "^1.1.2",
+        "es-abstract": "^1.7.0"
+      }
+    },
+    "array-union": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/array-union/-/array-union-1.0.2.tgz",
+      "integrity": "sha1-mjRBDk9OPaI96jdb5b5w8kd47Dk=",
+      "dev": true,
+      "requires": {
+        "array-uniq": "^1.0.1"
+      }
+    },
+    "array-uniq": {
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/array-uniq/-/array-uniq-1.0.3.tgz",
+      "integrity": "sha1-r2rId6Jcx/dOBYiUdThY39sk/bY=",
+      "dev": true
+    },
+    "arrify": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/arrify/-/arrify-1.0.1.tgz",
+      "integrity": "sha1-iYUI2iIm84DfkEcoRWhJwVAaSw0=",
+      "dev": true
+    },
+    "asap": {
+      "version": "2.0.6",
+      "resolved": "https://registry.npmjs.org/asap/-/asap-2.0.6.tgz",
+      "integrity": "sha1-5QNHYR1+aQlDIIu9r+vLwvuGbUY="
+    },
+    "asn1": {
+      "version": "0.2.4",
+      "resolved": "https://registry.npmjs.org/asn1/-/asn1-0.2.4.tgz",
+      "integrity": "sha512-jxwzQpLQjSmWXgwaCZE9Nz+glAG01yF1QnWgbhGwHI5A6FRIEY6IVqtHhIepHqI7/kyEyQEagBC5mBEFlIYvdg==",
+      "requires": {
+        "safer-buffer": "~2.1.0"
+      }
+    },
+    "assert-plus": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/assert-plus/-/assert-plus-1.0.0.tgz",
+      "integrity": "sha1-8S4PPF13sLHN2RRpQuTpbB5N1SU="
+    },
+    "asynckit": {
+      "version": "0.4.0",
+      "resolved": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz",
+      "integrity": "sha1-x57Zf380y48robyXkLzDZkdLS3k="
+    },
+    "aws-sign2": {
+      "version": "0.7.0",
+      "resolved": "https://registry.npmjs.org/aws-sign2/-/aws-sign2-0.7.0.tgz",
+      "integrity": "sha1-tG6JCTSpWR8tL2+G1+ap8bP+dqg="
+    },
+    "aws4": {
+      "version": "1.10.0",
+      "resolved": "https://registry.npmjs.org/aws4/-/aws4-1.10.0.tgz",
+      "integrity": "sha512-3YDiu347mtVtjpyV3u5kVqQLP242c06zwDOgpeRnybmXlYYsLbtTrUBUm8i8srONt+FWobl5aibnU1030PeeuA=="
+    },
+    "babel-code-frame": {
+      "version": "6.26.0",
+      "resolved": "https://registry.npmjs.org/babel-code-frame/-/babel-code-frame-6.26.0.tgz",
+      "integrity": "sha1-Y/1D99weO7fONZR9uP42mj9Yx0s=",
+      "dev": true,
+      "requires": {
+        "chalk": "^1.1.3",
+        "esutils": "^2.0.2",
+        "js-tokens": "^3.0.2"
+      },
+      "dependencies": {
+        "ansi-styles": {
+          "version": "2.2.1",
+          "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-2.2.1.tgz",
+          "integrity": "sha1-tDLdM1i2NM914eRmQ2gkBTPB3b4=",
+          "dev": true
+        },
+        "chalk": {
+          "version": "1.1.3",
+          "resolved": "https://registry.npmjs.org/chalk/-/chalk-1.1.3.tgz",
+          "integrity": "sha1-qBFcVeSnAv5NFQq9OHKCKn4J/Jg=",
+          "dev": true,
+          "requires": {
+            "ansi-styles": "^2.2.1",
+            "escape-string-regexp": "^1.0.2",
+            "has-ansi": "^2.0.0",
+            "strip-ansi": "^3.0.0",
+            "supports-color": "^2.0.0"
+          }
+        },
+        "strip-ansi": {
+          "version": "3.0.1",
+          "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-3.0.1.tgz",
+          "integrity": "sha1-ajhfuIU9lS1f8F0Oiq+UJ43GPc8=",
+          "dev": true,
+          "requires": {
+            "ansi-regex": "^2.0.0"
+          }
+        },
+        "supports-color": {
+          "version": "2.0.0",
+          "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-2.0.0.tgz",
+          "integrity": "sha1-U10EXOa2Nj+kARcIRimZXp3zJMc=",
+          "dev": true
+        }
+      }
+    },
+    "balanced-match": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.0.tgz",
+      "integrity": "sha1-ibTRmasr7kneFk6gK4nORi1xt2c=",
+      "dev": true
+    },
+    "bcrypt-pbkdf": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/bcrypt-pbkdf/-/bcrypt-pbkdf-1.0.2.tgz",
+      "integrity": "sha1-pDAdOJtqQ/m2f/PKEaP2Y342Dp4=",
+      "requires": {
+        "tweetnacl": "^0.14.3"
+      }
+    },
+    "brace-expansion": {
+      "version": "1.1.11",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz",
+      "integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==",
+      "dev": true,
+      "requires": {
+        "balanced-match": "^1.0.0",
+        "concat-map": "0.0.1"
+      }
+    },
+    "buffer-from": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/buffer-from/-/buffer-from-1.1.1.tgz",
+      "integrity": "sha512-MQcXEUbCKtEo7bhqEs6560Hyd4XaovZlO/k9V3hjVUF/zwW7KBVdSK4gIt/bzwS9MbR5qob+F5jusZsb0YQK2A=="
+    },
+    "builtin-modules": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/builtin-modules/-/builtin-modules-1.1.1.tgz",
+      "integrity": "sha1-Jw8HbFpywC9bZaR9+Uxf46J4iS8=",
+      "dev": true
+    },
+    "caller-path": {
+      "version": "0.1.0",
+      "resolved": "https://registry.npmjs.org/caller-path/-/caller-path-0.1.0.tgz",
+      "integrity": "sha1-lAhe9jWB7NPaqSREqP6U6CV3dR8=",
+      "dev": true,
+      "requires": {
+        "callsites": "^0.2.0"
+      }
+    },
+    "callsites": {
+      "version": "0.2.0",
+      "resolved": "https://registry.npmjs.org/callsites/-/callsites-0.2.0.tgz",
+      "integrity": "sha1-r6uWJikQp/M8GaV3WCXGnzTjUMo=",
+      "dev": true
+    },
+    "caseless": {
+      "version": "0.12.0",
+      "resolved": "https://registry.npmjs.org/caseless/-/caseless-0.12.0.tgz",
+      "integrity": "sha1-G2gcIf+EAzyCZUMJBolCDRhxUdw="
+    },
+    "chalk": {
+      "version": "2.4.2",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz",
+      "integrity": "sha512-Mti+f9lpJNcwF4tWV8/OrTTtF1gZi+f8FqlyAdouralcFWFQWF2+NgCHShjkCb+IFBLq9buZwE1xckQU4peSuQ==",
+      "dev": true,
+      "requires": {
+        "ansi-styles": "^3.2.1",
+        "escape-string-regexp": "^1.0.5",
+        "supports-color": "^5.3.0"
+      }
+    },
+    "chardet": {
+      "version": "0.4.2",
+      "resolved": "https://registry.npmjs.org/chardet/-/chardet-0.4.2.tgz",
+      "integrity": "sha1-tUc7M9yXxCTl2Y3IfVXU2KKci/I=",
+      "dev": true
+    },
+    "circular-json": {
+      "version": "0.3.3",
+      "resolved": "https://registry.npmjs.org/circular-json/-/circular-json-0.3.3.tgz",
+      "integrity": "sha512-UZK3NBx2Mca+b5LsG7bY183pHWt5Y1xts4P3Pz7ENTwGVnJOUWbRb3ocjvX7hx9tq/yTAdclXm9sZ38gNuem4A==",
+      "dev": true
+    },
+    "cli-cursor": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/cli-cursor/-/cli-cursor-2.1.0.tgz",
+      "integrity": "sha1-s12sN2R5+sw+lHR9QdDQ9SOP/LU=",
+      "dev": true,
+      "requires": {
+        "restore-cursor": "^2.0.0"
+      }
+    },
+    "cli-width": {
+      "version": "2.2.0",
+      "resolved": "https://registry.npmjs.org/cli-width/-/cli-width-2.2.0.tgz",
+      "integrity": "sha1-/xnt6Kml5XkyQUewwR8PvLq+1jk=",
+      "dev": true
+    },
+    "co": {
+      "version": "4.6.0",
+      "resolved": "https://registry.npmjs.org/co/-/co-4.6.0.tgz",
+      "integrity": "sha1-bqa989hTrlTMuOR7+gvz+QMfsYQ=",
+      "dev": true
+    },
+    "color-convert": {
+      "version": "1.9.3",
+      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz",
+      "integrity": "sha512-QfAUtd+vFdAtFQcC8CCyYt1fYWxSqAiK2cSD6zDB8N3cpsEBAvRxp9zOGg6G/SHHJYAT88/az/IuDGALsNVbGg==",
+      "dev": true,
+      "requires": {
+        "color-name": "1.1.3"
+      }
+    },
+    "color-name": {
+      "version": "1.1.3",
+      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz",
+      "integrity": "sha1-p9BVi9icQveV3UIyj3QIMcpTvCU=",
+      "dev": true
+    },
+    "combined-stream": {
+      "version": "1.0.8",
+      "resolved": "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz",
+      "integrity": "sha512-FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg==",
+      "requires": {
+        "delayed-stream": "~1.0.0"
+      }
+    },
+    "concat-map": {
+      "version": "0.0.1",
+      "resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz",
+      "integrity": "sha1-2Klr13/Wjfd5OnMDajug1UBdR3s=",
+      "dev": true
+    },
+    "concat-stream": {
+      "version": "1.6.2",
+      "resolved": "https://registry.npmjs.org/concat-stream/-/concat-stream-1.6.2.tgz",
+      "integrity": "sha512-27HBghJxjiZtIk3Ycvn/4kbJk/1uZuJFfuPEns6LaEvpvG1f0hTea8lilrouyo9mVc2GWdcEZ8OLoGmSADlrCw==",
+      "requires": {
+        "buffer-from": "^1.0.0",
+        "inherits": "^2.0.3",
+        "readable-stream": "^2.2.2",
+        "typedarray": "^0.0.6"
+      }
+    },
+    "contains-path": {
+      "version": "0.1.0",
+      "resolved": "https://registry.npmjs.org/contains-path/-/contains-path-0.1.0.tgz",
+      "integrity": "sha1-/ozxhP9mcLa67wGp1IYaXL7EEgo=",
+      "dev": true
+    },
+    "core-util-is": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.2.tgz",
+      "integrity": "sha1-tf1UIgqivFq1eqtxQMlAdUUDwac="
+    },
+    "cross-spawn": {
+      "version": "5.1.0",
+      "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-5.1.0.tgz",
+      "integrity": "sha1-6L0O/uWPz/b4+UUQoKVUu/ojVEk=",
+      "dev": true,
+      "requires": {
+        "lru-cache": "^4.0.1",
+        "shebang-command": "^1.2.0",
+        "which": "^1.2.9"
+      }
+    },
+    "dashdash": {
+      "version": "1.14.1",
+      "resolved": "https://registry.npmjs.org/dashdash/-/dashdash-1.14.1.tgz",
+      "integrity": "sha1-hTz6D3y+L+1d4gMmuN1YEDX24vA=",
+      "requires": {
+        "assert-plus": "^1.0.0"
+      }
+    },
+    "debug": {
+      "version": "3.1.0",
+      "resolved": "https://registry.npmjs.org/debug/-/debug-3.1.0.tgz",
+      "integrity": "sha512-OX8XqP7/1a9cqkxYw2yXss15f26NKWBpDXQd0/uK/KPqdQhxbPa994hnzjcE2VqQpDslf55723cKPUOGSmMY3g==",
+      "dev": true,
+      "requires": {
+        "ms": "2.0.0"
+      }
+    },
+    "debug-log": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/debug-log/-/debug-log-1.0.1.tgz",
+      "integrity": "sha1-IwdjLUwEOCuN+KMvcLiVBG1SdF8=",
+      "dev": true
+    },
+    "deep-is": {
+      "version": "0.1.3",
+      "resolved": "https://registry.npmjs.org/deep-is/-/deep-is-0.1.3.tgz",
+      "integrity": "sha1-s2nW+128E+7PUk+RsHD+7cNXzzQ=",
+      "dev": true
+    },
+    "define-properties": {
+      "version": "1.1.3",
+      "resolved": "https://registry.npmjs.org/define-properties/-/define-properties-1.1.3.tgz",
+      "integrity": "sha512-3MqfYKj2lLzdMSf8ZIZE/V+Zuy+BgD6f164e8K2w7dgnpKArBDerGYpM46IYYcjnkdPNMjPk9A6VFB8+3SKlXQ==",
+      "dev": true,
+      "requires": {
+        "object-keys": "^1.0.12"
+      }
+    },
+    "deglob": {
+      "version": "2.1.1",
+      "resolved": "https://registry.npmjs.org/deglob/-/deglob-2.1.1.tgz",
+      "integrity": "sha512-2kjwuGGonL7gWE1XU4Fv79+vVzpoQCl0V+boMwWtOQJV2AGDabCwez++nB1Nli/8BabAfZQ/UuHPlp6AymKdWw==",
+      "dev": true,
+      "requires": {
+        "find-root": "^1.0.0",
+        "glob": "^7.0.5",
+        "ignore": "^3.0.9",
+        "pkg-config": "^1.1.0",
+        "run-parallel": "^1.1.2",
+        "uniq": "^1.0.1"
+      }
+    },
+    "del": {
+      "version": "2.2.2",
+      "resolved": "https://registry.npmjs.org/del/-/del-2.2.2.tgz",
+      "integrity": "sha1-wSyYHQZ4RshLyvhiz/kw2Qf/0ag=",
+      "dev": true,
+      "requires": {
+        "globby": "^5.0.0",
+        "is-path-cwd": "^1.0.0",
+        "is-path-in-cwd": "^1.0.0",
+        "object-assign": "^4.0.1",
+        "pify": "^2.0.0",
+        "pinkie-promise": "^2.0.0",
+        "rimraf": "^2.2.8"
+      }
+    },
+    "delayed-stream": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz",
+      "integrity": "sha1-3zrhmayt+31ECqrgsp4icrJOxhk="
+    },
+    "doctrine": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/doctrine/-/doctrine-2.1.0.tgz",
+      "integrity": "sha512-35mSku4ZXK0vfCuHEDAwt55dg2jNajHZ1odvF+8SSr82EsZY4QmXfuWso8oEd8zRhVObSN18aM0CjSdoBX7zIw==",
+      "dev": true,
+      "requires": {
+        "esutils": "^2.0.2"
+      }
+    },
+    "ecc-jsbn": {
+      "version": "0.1.2",
+      "resolved": "https://registry.npmjs.org/ecc-jsbn/-/ecc-jsbn-0.1.2.tgz",
+      "integrity": "sha1-OoOpBOVDUyh4dMVkt1SThoSamMk=",
+      "requires": {
+        "jsbn": "~0.1.0",
+        "safer-buffer": "^2.1.0"
+      }
+    },
+    "error-ex": {
+      "version": "1.3.2",
+      "resolved": "https://registry.npmjs.org/error-ex/-/error-ex-1.3.2.tgz",
+      "integrity": "sha512-7dFHNmqeFSEt2ZBsCriorKnn3Z2pj+fd9kmI6QoWw4//DL+icEBfc0U7qJCisqrTsKTjw4fNFy2pW9OqStD84g==",
+      "dev": true,
+      "requires": {
+        "is-arrayish": "^0.2.1"
+      }
+    },
+    "es-abstract": {
+      "version": "1.12.0",
+      "resolved": "https://registry.npmjs.org/es-abstract/-/es-abstract-1.12.0.tgz",
+      "integrity": "sha512-C8Fx/0jFmV5IPoMOFPA9P9G5NtqW+4cOPit3MIuvR2t7Ag2K15EJTpxnHAYTzL+aYQJIESYeXZmDBfOBE1HcpA==",
+      "dev": true,
+      "requires": {
+        "es-to-primitive": "^1.1.1",
+        "function-bind": "^1.1.1",
+        "has": "^1.0.1",
+        "is-callable": "^1.1.3",
+        "is-regex": "^1.0.4"
+      }
+    },
+    "es-to-primitive": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/es-to-primitive/-/es-to-primitive-1.1.1.tgz",
+      "integrity": "sha1-RTVSSKiJeQNLZ5Lhm7gfK3l13Q0=",
+      "dev": true,
+      "requires": {
+        "is-callable": "^1.1.1",
+        "is-date-object": "^1.0.1",
+        "is-symbol": "^1.0.1"
+      }
+    },
+    "escape-string-regexp": {
+      "version": "1.0.5",
+      "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz",
+      "integrity": "sha1-G2HAViGQqN/2rjuyzwIAyhMLhtQ=",
+      "dev": true
+    },
+    "eslint": {
+      "version": "4.18.2",
+      "resolved": "https://registry.npmjs.org/eslint/-/eslint-4.18.2.tgz",
+      "integrity": "sha512-qy4i3wODqKMYfz9LUI8N2qYDkHkoieTbiHpMrYUI/WbjhXJQr7lI4VngixTgaG+yHX+NBCv7nW4hA0ShbvaNKw==",
+      "dev": true,
+      "requires": {
+        "ajv": "^5.3.0",
+        "babel-code-frame": "^6.22.0",
+        "chalk": "^2.1.0",
+        "concat-stream": "^1.6.0",
+        "cross-spawn": "^5.1.0",
+        "debug": "^3.1.0",
+        "doctrine": "^2.1.0",
+        "eslint-scope": "^3.7.1",
+        "eslint-visitor-keys": "^1.0.0",
+        "espree": "^3.5.2",
+        "esquery": "^1.0.0",
+        "esutils": "^2.0.2",
+        "file-entry-cache": "^2.0.0",
+        "functional-red-black-tree": "^1.0.1",
+        "glob": "^7.1.2",
+        "globals": "^11.0.1",
+        "ignore": "^3.3.3",
+        "imurmurhash": "^0.1.4",
+        "inquirer": "^3.0.6",
+        "is-resolvable": "^1.0.0",
+        "js-yaml": "^3.9.1",
+        "json-stable-stringify-without-jsonify": "^1.0.1",
+        "levn": "^0.3.0",
+        "lodash": "^4.17.4",
+        "minimatch": "^3.0.2",
+        "mkdirp": "^0.5.1",
+        "natural-compare": "^1.4.0",
+        "optionator": "^0.8.2",
+        "path-is-inside": "^1.0.2",
+        "pluralize": "^7.0.0",
+        "progress": "^2.0.0",
+        "require-uncached": "^1.0.3",
+        "semver": "^5.3.0",
+        "strip-ansi": "^4.0.0",
+        "strip-json-comments": "~2.0.1",
+        "table": "4.0.2",
+        "text-table": "~0.2.0"
+      }
+    },
+    "eslint-config-standard": {
+      "version": "11.0.0",
+      "resolved": "https://registry.npmjs.org/eslint-config-standard/-/eslint-config-standard-11.0.0.tgz",
+      "integrity": "sha512-oDdENzpViEe5fwuRCWla7AXQd++/oyIp8zP+iP9jiUPG6NBj3SHgdgtl/kTn00AjeN+1HNvavTKmYbMo+xMOlw==",
+      "dev": true
+    },
+    "eslint-config-standard-jsx": {
+      "version": "5.0.0",
+      "resolved": "https://registry.npmjs.org/eslint-config-standard-jsx/-/eslint-config-standard-jsx-5.0.0.tgz",
+      "integrity": "sha512-rLToPAEqLMPBfWnYTu6xRhm2OWziS2n40QFqJ8jAM8NSVzeVKTa3nclhsU4DpPJQRY60F34Oo1wi/71PN/eITg==",
+      "dev": true
+    },
+    "eslint-import-resolver-node": {
+      "version": "0.3.2",
+      "resolved": "https://registry.npmjs.org/eslint-import-resolver-node/-/eslint-import-resolver-node-0.3.2.tgz",
+      "integrity": "sha512-sfmTqJfPSizWu4aymbPr4Iidp5yKm8yDkHp+Ir3YiTHiiDfxh69mOUsmiqW6RZ9zRXFaF64GtYmN7e+8GHBv6Q==",
+      "dev": true,
+      "requires": {
+        "debug": "^2.6.9",
+        "resolve": "^1.5.0"
+      },
+      "dependencies": {
+        "debug": {
+          "version": "2.6.9",
+          "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz",
+          "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==",
+          "dev": true,
+          "requires": {
+            "ms": "2.0.0"
+          }
+        }
+      }
+    },
+    "eslint-module-utils": {
+      "version": "2.2.0",
+      "resolved": "https://registry.npmjs.org/eslint-module-utils/-/eslint-module-utils-2.2.0.tgz",
+      "integrity": "sha1-snA2LNiLGkitMIl2zn+lTphBF0Y=",
+      "dev": true,
+      "requires": {
+        "debug": "^2.6.8",
+        "pkg-dir": "^1.0.0"
+      },
+      "dependencies": {
+        "debug": {
+          "version": "2.6.9",
+          "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz",
+          "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==",
+          "dev": true,
+          "requires": {
+            "ms": "2.0.0"
+          }
+        }
+      }
+    },
+    "eslint-plugin-import": {
+      "version": "2.9.0",
+      "resolved": "https://registry.npmjs.org/eslint-plugin-import/-/eslint-plugin-import-2.9.0.tgz",
+      "integrity": "sha1-JgAu+/ylmJtyiKwEdQi9JPIXsWk=",
+      "dev": true,
+      "requires": {
+        "builtin-modules": "^1.1.1",
+        "contains-path": "^0.1.0",
+        "debug": "^2.6.8",
+        "doctrine": "1.5.0",
+        "eslint-import-resolver-node": "^0.3.1",
+        "eslint-module-utils": "^2.1.1",
+        "has": "^1.0.1",
+        "lodash": "^4.17.4",
+        "minimatch": "^3.0.3",
+        "read-pkg-up": "^2.0.0"
+      },
+      "dependencies": {
+        "debug": {
+          "version": "2.6.9",
+          "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz",
+          "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==",
+          "dev": true,
+          "requires": {
+            "ms": "2.0.0"
+          }
+        },
+        "doctrine": {
+          "version": "1.5.0",
+          "resolved": "https://registry.npmjs.org/doctrine/-/doctrine-1.5.0.tgz",
+          "integrity": "sha1-N53Ocw9hZvds76TmcHoVmwLFpvo=",
+          "dev": true,
+          "requires": {
+            "esutils": "^2.0.2",
+            "isarray": "^1.0.0"
+          }
+        }
+      }
+    },
+    "eslint-plugin-node": {
+      "version": "6.0.1",
+      "resolved": "https://registry.npmjs.org/eslint-plugin-node/-/eslint-plugin-node-6.0.1.tgz",
+      "integrity": "sha512-Q/Cc2sW1OAISDS+Ji6lZS2KV4b7ueA/WydVWd1BECTQwVvfQy5JAi3glhINoKzoMnfnuRgNP+ZWKrGAbp3QDxw==",
+      "dev": true,
+      "requires": {
+        "ignore": "^3.3.6",
+        "minimatch": "^3.0.4",
+        "resolve": "^1.3.3",
+        "semver": "^5.4.1"
+      }
+    },
+    "eslint-plugin-promise": {
+      "version": "3.7.0",
+      "resolved": "https://registry.npmjs.org/eslint-plugin-promise/-/eslint-plugin-promise-3.7.0.tgz",
+      "integrity": "sha512-2WO+ZFh7vxUKRfR0cOIMrWgYKdR6S1AlOezw6pC52B6oYpd5WFghN+QHxvrRdZMtbo8h3dfUZ2o1rWb0UPbKtg==",
+      "dev": true
+    },
+    "eslint-plugin-react": {
+      "version": "7.7.0",
+      "resolved": "https://registry.npmjs.org/eslint-plugin-react/-/eslint-plugin-react-7.7.0.tgz",
+      "integrity": "sha512-KC7Snr4YsWZD5flu6A5c0AcIZidzW3Exbqp7OT67OaD2AppJtlBr/GuPrW/vaQM/yfZotEvKAdrxrO+v8vwYJA==",
+      "dev": true,
+      "requires": {
+        "doctrine": "^2.0.2",
+        "has": "^1.0.1",
+        "jsx-ast-utils": "^2.0.1",
+        "prop-types": "^15.6.0"
+      }
+    },
+    "eslint-plugin-standard": {
+      "version": "3.0.1",
+      "resolved": "https://registry.npmjs.org/eslint-plugin-standard/-/eslint-plugin-standard-3.0.1.tgz",
+      "integrity": "sha1-NNDJFbRe3G8BA5PH7vOCOwhWXPI=",
+      "dev": true
+    },
+    "eslint-scope": {
+      "version": "3.7.3",
+      "resolved": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-3.7.3.tgz",
+      "integrity": "sha512-W+B0SvF4gamyCTmUc+uITPY0989iXVfKvhwtmJocTaYoc/3khEHmEmvfY/Gn9HA9VV75jrQECsHizkNw1b68FA==",
+      "dev": true,
+      "requires": {
+        "esrecurse": "^4.1.0",
+        "estraverse": "^4.1.1"
+      }
+    },
+    "eslint-visitor-keys": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-1.0.0.tgz",
+      "integrity": "sha512-qzm/XxIbxm/FHyH341ZrbnMUpe+5Bocte9xkmFMzPMjRaZMcXww+MpBptFvtU+79L362nqiLhekCxCxDPaUMBQ==",
+      "dev": true
+    },
+    "espree": {
+      "version": "3.5.4",
+      "resolved": "https://registry.npmjs.org/espree/-/espree-3.5.4.tgz",
+      "integrity": "sha512-yAcIQxtmMiB/jL32dzEp2enBeidsB7xWPLNiw3IIkpVds1P+h7qF9YwJq1yUNzp2OKXgAprs4F61ih66UsoD1A==",
+      "dev": true,
+      "requires": {
+        "acorn": "^5.5.0",
+        "acorn-jsx": "^3.0.0"
+      }
+    },
+    "esprima": {
+      "version": "4.0.1",
+      "resolved": "https://registry.npmjs.org/esprima/-/esprima-4.0.1.tgz",
+      "integrity": "sha512-eGuFFw7Upda+g4p+QHvnW0RyTX/SVeJBDM/gCtMARO0cLuT2HcEKnTPvhjV6aGeqrCB/sbNop0Kszm0jsaWU4A==",
+      "dev": true
+    },
+    "esquery": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/esquery/-/esquery-1.0.1.tgz",
+      "integrity": "sha512-SmiyZ5zIWH9VM+SRUReLS5Q8a7GxtRdxEBVZpm98rJM7Sb+A9DVCndXfkeFUd3byderg+EbDkfnevfCwynWaNA==",
+      "dev": true,
+      "requires": {
+        "estraverse": "^4.0.0"
+      }
+    },
+    "esrecurse": {
+      "version": "4.2.1",
+      "resolved": "https://registry.npmjs.org/esrecurse/-/esrecurse-4.2.1.tgz",
+      "integrity": "sha512-64RBB++fIOAXPw3P9cy89qfMlvZEXZkqqJkjqqXIvzP5ezRZjW+lPWjw35UX/3EhUPFYbg5ER4JYgDw4007/DQ==",
+      "dev": true,
+      "requires": {
+        "estraverse": "^4.1.0"
+      }
+    },
+    "estraverse": {
+      "version": "4.2.0",
+      "resolved": "https://registry.npmjs.org/estraverse/-/estraverse-4.2.0.tgz",
+      "integrity": "sha1-De4/7TH81GlhjOc0IJn8GvoL2xM=",
+      "dev": true
+    },
+    "esutils": {
+      "version": "2.0.2",
+      "resolved": "https://registry.npmjs.org/esutils/-/esutils-2.0.2.tgz",
+      "integrity": "sha1-Cr9PHKpbyx96nYrMbepPqqBLrJs=",
+      "dev": true
+    },
+    "extend": {
+      "version": "3.0.2",
+      "resolved": "https://registry.npmjs.org/extend/-/extend-3.0.2.tgz",
+      "integrity": "sha512-fjquC59cD7CyW6urNXK0FBufkZcoiGG80wTuPujX590cB5Ttln20E2UB4S/WARVqhXffZl2LNgS+gQdPIIim/g=="
+    },
+    "external-editor": {
+      "version": "2.2.0",
+      "resolved": "https://registry.npmjs.org/external-editor/-/external-editor-2.2.0.tgz",
+      "integrity": "sha512-bSn6gvGxKt+b7+6TKEv1ZycHleA7aHhRHyAqJyp5pbUFuYYNIzpZnQDk7AsYckyWdEnTeAnay0aCy2aV6iTk9A==",
+      "dev": true,
+      "requires": {
+        "chardet": "^0.4.0",
+        "iconv-lite": "^0.4.17",
+        "tmp": "^0.0.33"
+      }
+    },
+    "extsprintf": {
+      "version": "1.3.0",
+      "resolved": "https://registry.npmjs.org/extsprintf/-/extsprintf-1.3.0.tgz",
+      "integrity": "sha1-lpGEQOMEGnpBT4xS48V06zw+HgU="
+    },
+    "fast-deep-equal": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-1.1.0.tgz",
+      "integrity": "sha1-wFNHeBfIa1HaqFPIHgWbcz0CNhQ=",
+      "dev": true
+    },
+    "fast-json-stable-stringify": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/fast-json-stable-stringify/-/fast-json-stable-stringify-2.0.0.tgz",
+      "integrity": "sha1-1RQsDK7msRifh9OnYREGT4bIu/I="
+    },
+    "fast-levenshtein": {
+      "version": "2.0.6",
+      "resolved": "https://registry.npmjs.org/fast-levenshtein/-/fast-levenshtein-2.0.6.tgz",
+      "integrity": "sha1-PYpcZog6FqMMqGQ+hR8Zuqd5eRc=",
+      "dev": true
+    },
+    "figures": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/figures/-/figures-2.0.0.tgz",
+      "integrity": "sha1-OrGi0qYsi/tDGgyUy3l6L84nyWI=",
+      "dev": true,
+      "requires": {
+        "escape-string-regexp": "^1.0.5"
+      }
+    },
+    "file-entry-cache": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/file-entry-cache/-/file-entry-cache-2.0.0.tgz",
+      "integrity": "sha1-w5KZDD5oR4PYOLjISkXYoEhFg2E=",
+      "dev": true,
+      "requires": {
+        "flat-cache": "^1.2.1",
+        "object-assign": "^4.0.1"
+      }
+    },
+    "find-root": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/find-root/-/find-root-1.1.0.tgz",
+      "integrity": "sha512-NKfW6bec6GfKc0SGx1e07QZY9PE99u0Bft/0rzSD5k3sO/vwkVUpDUKVm5Gpp5Ue3YfShPFTX2070tDs5kB9Ng==",
+      "dev": true
+    },
+    "find-up": {
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/find-up/-/find-up-1.1.2.tgz",
+      "integrity": "sha1-ay6YIrGizgpgq2TWEOzK1TyyTQ8=",
+      "dev": true,
+      "requires": {
+        "path-exists": "^2.0.0",
+        "pinkie-promise": "^2.0.0"
+      }
+    },
+    "flat-cache": {
+      "version": "1.3.0",
+      "resolved": "https://registry.npmjs.org/flat-cache/-/flat-cache-1.3.0.tgz",
+      "integrity": "sha1-0wMLMrOBVPTjt+nHCfSQ9++XxIE=",
+      "dev": true,
+      "requires": {
+        "circular-json": "^0.3.1",
+        "del": "^2.0.2",
+        "graceful-fs": "^4.1.2",
+        "write": "^0.2.1"
+      }
+    },
+    "forever-agent": {
+      "version": "0.6.1",
+      "resolved": "https://registry.npmjs.org/forever-agent/-/forever-agent-0.6.1.tgz",
+      "integrity": "sha1-+8cfDEGt6zf5bFd60e1C2P2sypE="
+    },
+    "form-data": {
+      "version": "2.3.3",
+      "resolved": "https://registry.npmjs.org/form-data/-/form-data-2.3.3.tgz",
+      "integrity": "sha512-1lLKB2Mu3aGP1Q/2eCOx0fNbRMe7XdwktwOruhfqqd0rIJWwN4Dh+E3hrPSlDCXnSR7UtZ1N38rVXm+6+MEhJQ==",
+      "requires": {
+        "asynckit": "^0.4.0",
+        "combined-stream": "^1.0.6",
+        "mime-types": "^2.1.12"
+      }
+    },
+    "fs.realpath": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz",
+      "integrity": "sha1-FQStJSMVjKpA20onh8sBQRmU6k8=",
+      "dev": true
+    },
+    "function-bind": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.1.tgz",
+      "integrity": "sha512-yIovAzMX49sF8Yl58fSCWJ5svSLuaibPxXQJFLmBObTuCr0Mf1KiPopGM9NiFjiYBCbfaa2Fh6breQ6ANVTI0A==",
+      "dev": true
+    },
+    "functional-red-black-tree": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/functional-red-black-tree/-/functional-red-black-tree-1.0.1.tgz",
+      "integrity": "sha1-GwqzvVU7Kg1jmdKcDj6gslIHgyc=",
+      "dev": true
+    },
+    "get-port": {
+      "version": "3.2.0",
+      "resolved": "https://registry.npmjs.org/get-port/-/get-port-3.2.0.tgz",
+      "integrity": "sha1-3Xzn3hh8Bsi/NTeWrHHgmfCYDrw="
+    },
+    "get-stdin": {
+      "version": "6.0.0",
+      "resolved": "https://registry.npmjs.org/get-stdin/-/get-stdin-6.0.0.tgz",
+      "integrity": "sha512-jp4tHawyV7+fkkSKyvjuLZswblUtz+SQKzSWnBbii16BuZksJlU1wuBYXY75r+duh/llF1ur6oNwi+2ZzjKZ7g==",
+      "dev": true
+    },
+    "getpass": {
+      "version": "0.1.7",
+      "resolved": "https://registry.npmjs.org/getpass/-/getpass-0.1.7.tgz",
+      "integrity": "sha1-Xv+OPmhNVprkyysSgmBOi6YhSfo=",
+      "requires": {
+        "assert-plus": "^1.0.0"
+      }
+    },
+    "glob": {
+      "version": "7.1.2",
+      "resolved": "https://registry.npmjs.org/glob/-/glob-7.1.2.tgz",
+      "integrity": "sha512-MJTUg1kjuLeQCJ+ccE4Vpa6kKVXkPYJ2mOCQyUuKLcLQsdrMCpBPUi8qVE6+YuaJkozeA9NusTAw3hLr8Xe5EQ==",
+      "dev": true,
+      "requires": {
+        "fs.realpath": "^1.0.0",
+        "inflight": "^1.0.4",
+        "inherits": "2",
+        "minimatch": "^3.0.4",
+        "once": "^1.3.0",
+        "path-is-absolute": "^1.0.0"
+      }
+    },
+    "globals": {
+      "version": "11.7.0",
+      "resolved": "https://registry.npmjs.org/globals/-/globals-11.7.0.tgz",
+      "integrity": "sha512-K8BNSPySfeShBQXsahYB/AbbWruVOTyVpgoIDnl8odPpeSfP2J5QO2oLFFdl2j7GfDCtZj2bMKar2T49itTPCg==",
+      "dev": true
+    },
+    "globby": {
+      "version": "5.0.0",
+      "resolved": "https://registry.npmjs.org/globby/-/globby-5.0.0.tgz",
+      "integrity": "sha1-69hGZ8oNuzMLmbz8aOrCvFQ3Dg0=",
+      "dev": true,
+      "requires": {
+        "array-union": "^1.0.1",
+        "arrify": "^1.0.0",
+        "glob": "^7.0.3",
+        "object-assign": "^4.0.1",
+        "pify": "^2.0.0",
+        "pinkie-promise": "^2.0.0"
+      }
+    },
+    "graceful-fs": {
+      "version": "4.2.4",
+      "resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.4.tgz",
+      "integrity": "sha512-WjKPNJF79dtJAVniUlGGWHYGz2jWxT6VhN/4m1NdkbZ2nOsEF+cI1Edgql5zCRhs/VsQYRvrXctxktVXZUkixw=="
+    },
+    "har-schema": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/har-schema/-/har-schema-2.0.0.tgz",
+      "integrity": "sha1-qUwiJOvKwEeCoNkDVSHyRzW37JI="
+    },
+    "har-validator": {
+      "version": "5.1.3",
+      "resolved": "https://registry.npmjs.org/har-validator/-/har-validator-5.1.3.tgz",
+      "integrity": "sha512-sNvOCzEQNr/qrvJgc3UG/kD4QtlHycrzwS+6mfTrrSq97BvaYcPZZI1ZSqGSPR73Cxn4LKTD4PttRwfU7jWq5g==",
+      "requires": {
+        "ajv": "^6.5.5",
+        "har-schema": "^2.0.0"
+      },
+      "dependencies": {
+        "ajv": {
+          "version": "6.12.3",
+          "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.12.3.tgz",
+          "integrity": "sha512-4K0cK3L1hsqk9xIb2z9vs/XU+PGJZ9PNpJRDS9YLzmNdX6jmVPfamLvTJr0aDAusnHyCHO6MjzlkAsgtqp9teA==",
+          "requires": {
+            "fast-deep-equal": "^3.1.1",
+            "fast-json-stable-stringify": "^2.0.0",
+            "json-schema-traverse": "^0.4.1",
+            "uri-js": "^4.2.2"
+          }
+        },
+        "fast-deep-equal": {
+          "version": "3.1.3",
+          "resolved": "https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-3.1.3.tgz",
+          "integrity": "sha512-f3qQ9oQy9j2AhBe/H9VC91wLmKBCCU/gDOnKNAYG5hswO7BLKj09Hc5HYNz9cGI++xlpDCIgDaitVs03ATR84Q=="
+        },
+        "json-schema-traverse": {
+          "version": "0.4.1",
+          "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz",
+          "integrity": "sha512-xbbCH5dCYU5T8LcEhhuh7HJ88HXuW3qsI3Y0zOZFKfZEHcpWiHU/Jxzk629Brsab/mMiHQti9wMP+845RPe3Vg=="
+        }
+      }
+    },
+    "has": {
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/has/-/has-1.0.3.tgz",
+      "integrity": "sha512-f2dvO0VU6Oej7RkWJGrehjbzMAjFp5/VKPp5tTpWIV4JHHZK1/BxbFRtf/siA2SWTe09caDmVtYYzWEIbBS4zw==",
+      "dev": true,
+      "requires": {
+        "function-bind": "^1.1.1"
+      }
+    },
+    "has-ansi": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/has-ansi/-/has-ansi-2.0.0.tgz",
+      "integrity": "sha1-NPUEnOHs3ysGSa8+8k5F7TVBbZE=",
+      "dev": true,
+      "requires": {
+        "ansi-regex": "^2.0.0"
+      }
+    },
+    "has-flag": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz",
+      "integrity": "sha1-tdRU3CGZriJWmfNGfloH87lVuv0=",
+      "dev": true
+    },
+    "hosted-git-info": {
+      "version": "2.8.9",
+      "resolved": "https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-2.8.9.tgz",
+      "integrity": "sha512-mxIDAb9Lsm6DoOJ7xH+5+X4y1LU/4Hi50L9C5sIswK3JzULS4bwk1FvjdBgvYR4bzT4tuUQiC15FE2f5HbLvYw==",
+      "dev": true
+    },
+    "http-basic": {
+      "version": "8.1.3",
+      "resolved": "https://registry.npmjs.org/http-basic/-/http-basic-8.1.3.tgz",
+      "integrity": "sha512-/EcDMwJZh3mABI2NhGfHOGOeOZITqfkEO4p/xK+l3NpyncIHUQBoMvCSF/b5GqvKtySC2srL/GGG3+EtlqlmCw==",
+      "requires": {
+        "caseless": "^0.12.0",
+        "concat-stream": "^1.6.2",
+        "http-response-object": "^3.0.1",
+        "parse-cache-control": "^1.0.1"
+      }
+    },
+    "http-response-object": {
+      "version": "3.0.2",
+      "resolved": "https://registry.npmjs.org/http-response-object/-/http-response-object-3.0.2.tgz",
+      "integrity": "sha512-bqX0XTF6fnXSQcEJ2Iuyr75yVakyjIDCqroJQ/aHfSdlM743Cwqoi2nDYMzLGWUcuTWGWy8AAvOKXTfiv6q9RA==",
+      "requires": {
+        "@types/node": "^10.0.3"
+      }
+    },
+    "http-signature": {
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/http-signature/-/http-signature-1.2.0.tgz",
+      "integrity": "sha1-muzZJRFHcvPZW2WmCruPfBj7rOE=",
+      "requires": {
+        "assert-plus": "^1.0.0",
+        "jsprim": "^1.2.2",
+        "sshpk": "^1.7.0"
+      }
+    },
+    "iconv-lite": {
+      "version": "0.4.23",
+      "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.23.tgz",
+      "integrity": "sha512-neyTUVFtahjf0mB3dZT77u+8O0QB89jFdnBkd5P1JgYPbPaia3gXXOVL2fq8VyU2gMMD7SaN7QukTB/pmXYvDA==",
+      "dev": true,
+      "requires": {
+        "safer-buffer": ">= 2.1.2 < 3"
+      }
+    },
+    "ignore": {
+      "version": "3.3.10",
+      "resolved": "https://registry.npmjs.org/ignore/-/ignore-3.3.10.tgz",
+      "integrity": "sha512-Pgs951kaMm5GXP7MOvxERINe3gsaVjUWFm+UZPSq9xYriQAksyhg0csnS0KXSNRD5NmNdapXEpjxG49+AKh/ug==",
+      "dev": true
+    },
+    "imurmurhash": {
+      "version": "0.1.4",
+      "resolved": "https://registry.npmjs.org/imurmurhash/-/imurmurhash-0.1.4.tgz",
+      "integrity": "sha1-khi5srkoojixPcT7a21XbyMUU+o=",
+      "dev": true
+    },
+    "inflight": {
+      "version": "1.0.6",
+      "resolved": "https://registry.npmjs.org/inflight/-/inflight-1.0.6.tgz",
+      "integrity": "sha1-Sb1jMdfQLQwJvJEKEHW6gWW1bfk=",
+      "dev": true,
+      "requires": {
+        "once": "^1.3.0",
+        "wrappy": "1"
+      }
+    },
+    "inherits": {
+      "version": "2.0.3",
+      "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.3.tgz",
+      "integrity": "sha1-Yzwsg+PaQqUC9SRmAiSA9CCCYd4="
+    },
+    "inquirer": {
+      "version": "3.3.0",
+      "resolved": "https://registry.npmjs.org/inquirer/-/inquirer-3.3.0.tgz",
+      "integrity": "sha512-h+xtnyk4EwKvFWHrUYsWErEVR+igKtLdchu+o0Z1RL7VU/jVMFbYir2bp6bAj8efFNxWqHX0dIss6fJQ+/+qeQ==",
+      "dev": true,
+      "requires": {
+        "ansi-escapes": "^3.0.0",
+        "chalk": "^2.0.0",
+        "cli-cursor": "^2.1.0",
+        "cli-width": "^2.0.0",
+        "external-editor": "^2.0.4",
+        "figures": "^2.0.0",
+        "lodash": "^4.3.0",
+        "mute-stream": "0.0.7",
+        "run-async": "^2.2.0",
+        "rx-lite": "^4.0.8",
+        "rx-lite-aggregates": "^4.0.8",
+        "string-width": "^2.1.0",
+        "strip-ansi": "^4.0.0",
+        "through": "^2.3.6"
+      }
+    },
+    "is-arrayish": {
+      "version": "0.2.1",
+      "resolved": "https://registry.npmjs.org/is-arrayish/-/is-arrayish-0.2.1.tgz",
+      "integrity": "sha1-d8mYQFJ6qOyxqLppe4BkWnqSap0=",
+      "dev": true
+    },
+    "is-builtin-module": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/is-builtin-module/-/is-builtin-module-1.0.0.tgz",
+      "integrity": "sha1-VAVy0096wxGfj3bDDLwbHgN6/74=",
+      "dev": true,
+      "requires": {
+        "builtin-modules": "^1.0.0"
+      }
+    },
+    "is-callable": {
+      "version": "1.1.4",
+      "resolved": "https://registry.npmjs.org/is-callable/-/is-callable-1.1.4.tgz",
+      "integrity": "sha512-r5p9sxJjYnArLjObpjA4xu5EKI3CuKHkJXMhT7kwbpUyIFD1n5PMAsoPvWnvtZiNz7LjkYDRZhd7FlI0eMijEA==",
+      "dev": true
+    },
+    "is-date-object": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/is-date-object/-/is-date-object-1.0.1.tgz",
+      "integrity": "sha1-mqIOtq7rv/d/vTPnTKAbM1gdOhY=",
+      "dev": true
+    },
+    "is-fullwidth-code-point": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-2.0.0.tgz",
+      "integrity": "sha1-o7MKXE8ZkYMWeqq5O+764937ZU8=",
+      "dev": true
+    },
+    "is-path-cwd": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/is-path-cwd/-/is-path-cwd-1.0.0.tgz",
+      "integrity": "sha1-0iXsIxMuie3Tj9p2dHLmLmXxEG0=",
+      "dev": true
+    },
+    "is-path-in-cwd": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/is-path-in-cwd/-/is-path-in-cwd-1.0.1.tgz",
+      "integrity": "sha512-FjV1RTW48E7CWM7eE/J2NJvAEEVektecDBVBE5Hh3nM1Jd0kvhHtX68Pr3xsDf857xt3Y4AkwVULK1Vku62aaQ==",
+      "dev": true,
+      "requires": {
+        "is-path-inside": "^1.0.0"
+      }
+    },
+    "is-path-inside": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/is-path-inside/-/is-path-inside-1.0.1.tgz",
+      "integrity": "sha1-jvW33lBDej/cprToZe96pVy0gDY=",
+      "dev": true,
+      "requires": {
+        "path-is-inside": "^1.0.1"
+      }
+    },
+    "is-promise": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/is-promise/-/is-promise-2.1.0.tgz",
+      "integrity": "sha1-eaKp7OfwlugPNtKy87wWwf9L8/o=",
+      "dev": true
+    },
+    "is-regex": {
+      "version": "1.0.4",
+      "resolved": "https://registry.npmjs.org/is-regex/-/is-regex-1.0.4.tgz",
+      "integrity": "sha1-VRdIm1RwkbCTDglWVM7SXul+lJE=",
+      "dev": true,
+      "requires": {
+        "has": "^1.0.1"
+      }
+    },
+    "is-resolvable": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/is-resolvable/-/is-resolvable-1.1.0.tgz",
+      "integrity": "sha512-qgDYXFSR5WvEfuS5dMj6oTMEbrrSaM0CrFk2Yiq/gXnBvD9pMa2jGXxyhGLfvhZpuMZe18CJpFxAt3CRs42NMg==",
+      "dev": true
+    },
+    "is-symbol": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/is-symbol/-/is-symbol-1.0.1.tgz",
+      "integrity": "sha1-PMWfAAJRlLarLjjbrmaJJWtmBXI=",
+      "dev": true
+    },
+    "is-typedarray": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/is-typedarray/-/is-typedarray-1.0.0.tgz",
+      "integrity": "sha1-5HnICFjfDBsR3dppQPlgEfzaSpo="
+    },
+    "isarray": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz",
+      "integrity": "sha1-u5NdSFgsuhaMBoNJV6VKPgcSTxE="
+    },
+    "isexe": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/isexe/-/isexe-2.0.0.tgz",
+      "integrity": "sha1-6PvzdNxVb/iUehDcsFctYz8s+hA=",
+      "dev": true
+    },
+    "isstream": {
+      "version": "0.1.2",
+      "resolved": "https://registry.npmjs.org/isstream/-/isstream-0.1.2.tgz",
+      "integrity": "sha1-R+Y/evVa+m+S4VAOaQ64uFKcCZo="
+    },
+    "js-tokens": {
+      "version": "3.0.2",
+      "resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-3.0.2.tgz",
+      "integrity": "sha1-mGbfOVECEw449/mWvOtlRDIJwls=",
+      "dev": true
+    },
+    "js-yaml": {
+      "version": "3.13.1",
+      "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.13.1.tgz",
+      "integrity": "sha512-YfbcO7jXDdyj0DGxYVSlSeQNHbD7XPWvrVWeVUujrQEoZzWJIRrCPoyk6kL6IAjAG2IolMK4T0hNUe0HOUs5Jw==",
+      "dev": true,
+      "requires": {
+        "argparse": "^1.0.7",
+        "esprima": "^4.0.0"
+      }
+    },
+    "jsbn": {
+      "version": "0.1.1",
+      "resolved": "https://registry.npmjs.org/jsbn/-/jsbn-0.1.1.tgz",
+      "integrity": "sha1-peZUwuWi3rXyAdls77yoDA7y9RM="
+    },
+    "json-parse-better-errors": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/json-parse-better-errors/-/json-parse-better-errors-1.0.2.tgz",
+      "integrity": "sha512-mrqyZKfX5EhL7hvqcV6WG1yYjnjeuYDzDhhcAAUrq8Po85NBQBJP+ZDUT75qZQ98IkUoBqdkExkukOU7Ts2wrw==",
+      "dev": true
+    },
+    "json-schema": {
+      "version": "0.4.0",
+      "resolved": "https://registry.npmjs.org/json-schema/-/json-schema-0.4.0.tgz",
+      "integrity": "sha512-es94M3nTIfsEPisRafak+HDLfHXnKBhV3vU5eqPcS3flIWqcxJWgXHXiey3YrpaNsanY5ei1VoYEbOzijuq9BA=="
+    },
+    "json-schema-traverse": {
+      "version": "0.3.1",
+      "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.3.1.tgz",
+      "integrity": "sha1-NJptRMU6Ud6JtAgFxdXlm0F9M0A=",
+      "dev": true
+    },
+    "json-stable-stringify-without-jsonify": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/json-stable-stringify-without-jsonify/-/json-stable-stringify-without-jsonify-1.0.1.tgz",
+      "integrity": "sha1-nbe1lJatPzz+8wp1FC0tkwrXJlE=",
+      "dev": true
+    },
+    "json-stringify-safe": {
+      "version": "5.0.1",
+      "resolved": "https://registry.npmjs.org/json-stringify-safe/-/json-stringify-safe-5.0.1.tgz",
+      "integrity": "sha1-Epai1Y/UXxmg9s4B1lcB4sc1tus="
+    },
+    "jsprim": {
+      "version": "1.4.2",
+      "resolved": "https://registry.npmjs.org/jsprim/-/jsprim-1.4.2.tgz",
+      "integrity": "sha512-P2bSOMAc/ciLz6DzgjVlGJP9+BrJWu5UDGK70C2iweC5QBIeFf0ZXRvGjEj2uYgrY2MkAAhsSWHDWlFtEroZWw==",
+      "requires": {
+        "assert-plus": "1.0.0",
+        "extsprintf": "1.3.0",
+        "json-schema": "0.4.0",
+        "verror": "1.10.0"
+      }
+    },
+    "jsx-ast-utils": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/jsx-ast-utils/-/jsx-ast-utils-2.0.1.tgz",
+      "integrity": "sha1-6AGxs5mF4g//yHtA43SAgOLcrH8=",
+      "dev": true,
+      "requires": {
+        "array-includes": "^3.0.3"
+      }
+    },
+    "levn": {
+      "version": "0.3.0",
+      "resolved": "https://registry.npmjs.org/levn/-/levn-0.3.0.tgz",
+      "integrity": "sha1-OwmSTt+fCDwEkP3UwLxEIeBHZO4=",
+      "dev": true,
+      "requires": {
+        "prelude-ls": "~1.1.2",
+        "type-check": "~0.3.2"
+      }
+    },
+    "load-json-file": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/load-json-file/-/load-json-file-2.0.0.tgz",
+      "integrity": "sha1-eUfkIUmvgNaWy/eXvKq8/h/inKg=",
+      "dev": true,
+      "requires": {
+        "graceful-fs": "^4.1.2",
+        "parse-json": "^2.2.0",
+        "pify": "^2.0.0",
+        "strip-bom": "^3.0.0"
+      }
+    },
+    "locate-path": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-2.0.0.tgz",
+      "integrity": "sha1-K1aLJl7slExtnA3pw9u7ygNUzY4=",
+      "dev": true,
+      "requires": {
+        "p-locate": "^2.0.0",
+        "path-exists": "^3.0.0"
+      },
+      "dependencies": {
+        "path-exists": {
+          "version": "3.0.0",
+          "resolved": "https://registry.npmjs.org/path-exists/-/path-exists-3.0.0.tgz",
+          "integrity": "sha1-zg6+ql94yxiSXqfYENe1mwEP1RU=",
+          "dev": true
+        }
+      }
+    },
+    "lodash": {
+      "version": "4.17.21",
+      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz",
+      "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==",
+      "dev": true
+    },
+    "loose-envify": {
+      "version": "1.4.0",
+      "resolved": "https://registry.npmjs.org/loose-envify/-/loose-envify-1.4.0.tgz",
+      "integrity": "sha512-lyuxPGr/Wfhrlem2CL/UcnUc1zcqKAImBDzukY7Y5F/yQiNdko6+fRLevlw1HgMySw7f611UIY408EtxRSoK3Q==",
+      "dev": true,
+      "requires": {
+        "js-tokens": "^3.0.0 || ^4.0.0"
+      }
+    },
+    "lru-cache": {
+      "version": "4.1.3",
+      "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-4.1.3.tgz",
+      "integrity": "sha512-fFEhvcgzuIoJVUF8fYr5KR0YqxD238zgObTps31YdADwPPAp82a4M8TrckkWyx7ekNlf9aBcVn81cFwwXngrJA==",
+      "dev": true,
+      "requires": {
+        "pseudomap": "^1.0.2",
+        "yallist": "^2.1.2"
+      }
+    },
+    "mime-db": {
+      "version": "1.44.0",
+      "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.44.0.tgz",
+      "integrity": "sha512-/NOTfLrsPBVeH7YtFPgsVWveuL+4SjjYxaQ1xtM1KMFj7HdxlBlxeyNLzhyJVx7r4rZGJAZ/6lkKCitSc/Nmpg=="
+    },
+    "mime-types": {
+      "version": "2.1.27",
+      "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.27.tgz",
+      "integrity": "sha512-JIhqnCasI9yD+SsmkquHBxTSEuZdQX5BuQnS2Vc7puQQQ+8yiP5AY5uWhpdv4YL4VM5c6iliiYWPgJ/nJQLp7w==",
+      "requires": {
+        "mime-db": "1.44.0"
+      }
+    },
+    "mimic-fn": {
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/mimic-fn/-/mimic-fn-1.2.0.tgz",
+      "integrity": "sha512-jf84uxzwiuiIVKiOLpfYk7N46TSy8ubTonmneY9vrpHNAnp0QBt2BxWV9dO3/j+BoVAb+a5G6YDPW3M5HOdMWQ==",
+      "dev": true
+    },
+    "minimatch": {
+      "version": "3.0.4",
+      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.0.4.tgz",
+      "integrity": "sha512-yJHVQEhyqPLUTgt9B83PXu6W3rx4MvvHvSUvToogpwoGDOUQ+yDrR0HRot+yOCdCO7u4hX3pWft6kWBBcqh0UA==",
+      "dev": true,
+      "requires": {
+        "brace-expansion": "^1.1.7"
+      }
+    },
+    "minimist": {
+      "version": "1.2.6",
+      "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.6.tgz",
+      "integrity": "sha512-Jsjnk4bw3YJqYzbdyBiNsPWHPfO++UGG749Cxs6peCu5Xg4nrena6OVxOYxrQTqww0Jmwt+Ref8rggumkTLz9Q==",
+      "dev": true
+    },
+    "mkdirp": {
+      "version": "0.5.5",
+      "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-0.5.5.tgz",
+      "integrity": "sha512-NKmAlESf6jMGym1++R0Ra7wvhV+wFW63FaSOFPwRahvea0gMUcGUhVeAg/0BC0wiv9ih5NYPB1Wn1UEI1/L+xQ==",
+      "dev": true,
+      "requires": {
+        "minimist": "^1.2.5"
+      }
+    },
+    "ms": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz",
+      "integrity": "sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g=",
+      "dev": true
+    },
+    "mute-stream": {
+      "version": "0.0.7",
+      "resolved": "https://registry.npmjs.org/mute-stream/-/mute-stream-0.0.7.tgz",
+      "integrity": "sha1-MHXOk7whuPq0PhvE2n6BFe0ee6s=",
+      "dev": true
+    },
+    "natural-compare": {
+      "version": "1.4.0",
+      "resolved": "https://registry.npmjs.org/natural-compare/-/natural-compare-1.4.0.tgz",
+      "integrity": "sha1-Sr6/7tdUHywnrPspvbvRXI1bpPc=",
+      "dev": true
+    },
+    "normalize-package-data": {
+      "version": "2.4.0",
+      "resolved": "https://registry.npmjs.org/normalize-package-data/-/normalize-package-data-2.4.0.tgz",
+      "integrity": "sha512-9jjUFbTPfEy3R/ad/2oNbKtW9Hgovl5O1FvFWKkKblNXoN/Oou6+9+KKohPK13Yc3/TyunyWhJp6gvRNR/PPAw==",
+      "dev": true,
+      "requires": {
+        "hosted-git-info": "^2.1.4",
+        "is-builtin-module": "^1.0.0",
+        "semver": "2 || 3 || 4 || 5",
+        "validate-npm-package-license": "^3.0.1"
+      }
+    },
+    "oauth-sign": {
+      "version": "0.9.0",
+      "resolved": "https://registry.npmjs.org/oauth-sign/-/oauth-sign-0.9.0.tgz",
+      "integrity": "sha512-fexhUFFPTGV8ybAtSIGbV6gOkSv8UtRbDBnAyLQw4QPKkgNlsH2ByPGtMUqdWkos6YCRmAqViwgZrJc/mRDzZQ=="
+    },
+    "object-assign": {
+      "version": "4.1.1",
+      "resolved": "https://registry.npmjs.org/object-assign/-/object-assign-4.1.1.tgz",
+      "integrity": "sha1-IQmtx5ZYh8/AXLvUQsrIv7s2CGM=",
+      "dev": true
+    },
+    "object-keys": {
+      "version": "1.0.12",
+      "resolved": "https://registry.npmjs.org/object-keys/-/object-keys-1.0.12.tgz",
+      "integrity": "sha512-FTMyFUm2wBcGHnH2eXmz7tC6IwlqQZ6mVZ+6dm6vZ4IQIHjs6FdNsQBuKGPuUUUY6NfJw2PshC08Tn6LzLDOag==",
+      "dev": true
+    },
+    "once": {
+      "version": "1.4.0",
+      "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz",
+      "integrity": "sha1-WDsap3WWHUsROsF9nFC6753Xa9E=",
+      "dev": true,
+      "requires": {
+        "wrappy": "1"
+      }
+    },
+    "onetime": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/onetime/-/onetime-2.0.1.tgz",
+      "integrity": "sha1-BnQoIw/WdEOyeUsiu6UotoZ5YtQ=",
+      "dev": true,
+      "requires": {
+        "mimic-fn": "^1.0.0"
+      }
+    },
+    "optionator": {
+      "version": "0.8.2",
+      "resolved": "https://registry.npmjs.org/optionator/-/optionator-0.8.2.tgz",
+      "integrity": "sha1-NkxeQJ0/TWMB1sC0wFu6UBgK62Q=",
+      "dev": true,
+      "requires": {
+        "deep-is": "~0.1.3",
+        "fast-levenshtein": "~2.0.4",
+        "levn": "~0.3.0",
+        "prelude-ls": "~1.1.2",
+        "type-check": "~0.3.2",
+        "wordwrap": "~1.0.0"
+      }
+    },
+    "os-tmpdir": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/os-tmpdir/-/os-tmpdir-1.0.2.tgz",
+      "integrity": "sha1-u+Z0BseaqFxc/sdm/lc0VV36EnQ=",
+      "dev": true
+    },
+    "p-limit": {
+      "version": "1.3.0",
+      "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-1.3.0.tgz",
+      "integrity": "sha512-vvcXsLAJ9Dr5rQOPk7toZQZJApBl2K4J6dANSsEuh6QI41JYcsS/qhTGa9ErIUUgK3WNQoJYvylxvjqmiqEA9Q==",
+      "dev": true,
+      "requires": {
+        "p-try": "^1.0.0"
+      }
+    },
+    "p-locate": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/p-locate/-/p-locate-2.0.0.tgz",
+      "integrity": "sha1-IKAQOyIqcMj9OcwuWAaA893l7EM=",
+      "dev": true,
+      "requires": {
+        "p-limit": "^1.1.0"
+      }
+    },
+    "p-try": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/p-try/-/p-try-1.0.0.tgz",
+      "integrity": "sha1-y8ec26+P1CKOE/Yh8rGiN8GyB7M=",
+      "dev": true
+    },
+    "parse-cache-control": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/parse-cache-control/-/parse-cache-control-1.0.1.tgz",
+      "integrity": "sha1-juqz5U+laSD+Fro493+iGqzC104="
+    },
+    "parse-json": {
+      "version": "2.2.0",
+      "resolved": "https://registry.npmjs.org/parse-json/-/parse-json-2.2.0.tgz",
+      "integrity": "sha1-9ID0BDTvgHQfhGkJn43qGPVaTck=",
+      "dev": true,
+      "requires": {
+        "error-ex": "^1.2.0"
+      }
+    },
+    "path-exists": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/path-exists/-/path-exists-2.1.0.tgz",
+      "integrity": "sha1-D+tsZPD8UY2adU3V77YscCJ2H0s=",
+      "dev": true,
+      "requires": {
+        "pinkie-promise": "^2.0.0"
+      }
+    },
+    "path-is-absolute": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz",
+      "integrity": "sha1-F0uSaHNVNP+8es5r9TpanhtcX18=",
+      "dev": true
+    },
+    "path-is-inside": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/path-is-inside/-/path-is-inside-1.0.2.tgz",
+      "integrity": "sha1-NlQX3t5EQw0cEa9hAn+s8HS9/FM=",
+      "dev": true
+    },
+    "path-parse": {
+      "version": "1.0.7",
+      "resolved": "https://registry.npmjs.org/path-parse/-/path-parse-1.0.7.tgz",
+      "integrity": "sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw==",
+      "dev": true
+    },
+    "path-type": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/path-type/-/path-type-2.0.0.tgz",
+      "integrity": "sha1-8BLMuEFbcJb8LaoQVMPXI4lZTHM=",
+      "dev": true,
+      "requires": {
+        "pify": "^2.0.0"
+      }
+    },
+    "performance-now": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/performance-now/-/performance-now-2.1.0.tgz",
+      "integrity": "sha1-Ywn04OX6kT7BxpMHrjZLSzd8nns="
+    },
+    "pify": {
+      "version": "2.3.0",
+      "resolved": "https://registry.npmjs.org/pify/-/pify-2.3.0.tgz",
+      "integrity": "sha1-7RQaasBDqEnqWISY59yosVMw6Qw=",
+      "dev": true
+    },
+    "pinkie": {
+      "version": "2.0.4",
+      "resolved": "https://registry.npmjs.org/pinkie/-/pinkie-2.0.4.tgz",
+      "integrity": "sha1-clVrgM+g1IqXToDnckjoDtT3+HA=",
+      "dev": true
+    },
+    "pinkie-promise": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/pinkie-promise/-/pinkie-promise-2.0.1.tgz",
+      "integrity": "sha1-ITXW36ejWMBprJsXh3YogihFD/o=",
+      "dev": true,
+      "requires": {
+        "pinkie": "^2.0.0"
+      }
+    },
+    "pkg-conf": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/pkg-conf/-/pkg-conf-2.1.0.tgz",
+      "integrity": "sha1-ISZRTKbyq/69FoWW3xi6V4Z/AFg=",
+      "dev": true,
+      "requires": {
+        "find-up": "^2.0.0",
+        "load-json-file": "^4.0.0"
+      },
+      "dependencies": {
+        "find-up": {
+          "version": "2.1.0",
+          "resolved": "https://registry.npmjs.org/find-up/-/find-up-2.1.0.tgz",
+          "integrity": "sha1-RdG35QbHF93UgndaK3eSCjwMV6c=",
+          "dev": true,
+          "requires": {
+            "locate-path": "^2.0.0"
+          }
+        },
+        "load-json-file": {
+          "version": "4.0.0",
+          "resolved": "https://registry.npmjs.org/load-json-file/-/load-json-file-4.0.0.tgz",
+          "integrity": "sha1-L19Fq5HjMhYjT9U62rZo607AmTs=",
+          "dev": true,
+          "requires": {
+            "graceful-fs": "^4.1.2",
+            "parse-json": "^4.0.0",
+            "pify": "^3.0.0",
+            "strip-bom": "^3.0.0"
+          }
+        },
+        "parse-json": {
+          "version": "4.0.0",
+          "resolved": "https://registry.npmjs.org/parse-json/-/parse-json-4.0.0.tgz",
+          "integrity": "sha1-vjX1Qlvh9/bHRxhPmKeIy5lHfuA=",
+          "dev": true,
+          "requires": {
+            "error-ex": "^1.3.1",
+            "json-parse-better-errors": "^1.0.1"
+          }
+        },
+        "pify": {
+          "version": "3.0.0",
+          "resolved": "https://registry.npmjs.org/pify/-/pify-3.0.0.tgz",
+          "integrity": "sha1-5aSs0sEB/fPZpNB/DbxNtJ3SgXY=",
+          "dev": true
+        }
+      }
+    },
+    "pkg-config": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/pkg-config/-/pkg-config-1.1.1.tgz",
+      "integrity": "sha1-VX7yLXPaPIg3EHdmxS6tq94pj+Q=",
+      "dev": true,
+      "requires": {
+        "debug-log": "^1.0.0",
+        "find-root": "^1.0.0",
+        "xtend": "^4.0.1"
+      }
+    },
+    "pkg-dir": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/pkg-dir/-/pkg-dir-1.0.0.tgz",
+      "integrity": "sha1-ektQio1bstYp1EcFb/TpyTFM89Q=",
+      "dev": true,
+      "requires": {
+        "find-up": "^1.0.0"
+      }
+    },
+    "pluralize": {
+      "version": "7.0.0",
+      "resolved": "https://registry.npmjs.org/pluralize/-/pluralize-7.0.0.tgz",
+      "integrity": "sha512-ARhBOdzS3e41FbkW/XWrTEtukqqLoK5+Z/4UeDaLuSW+39JPeFgs4gCGqsrJHVZX0fUrx//4OF0K1CUGwlIFow==",
+      "dev": true
+    },
+    "prelude-ls": {
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/prelude-ls/-/prelude-ls-1.1.2.tgz",
+      "integrity": "sha1-IZMqVJ9eUv/ZqCf1cOBL5iqX2lQ=",
+      "dev": true
+    },
+    "process-nextick-args": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/process-nextick-args/-/process-nextick-args-2.0.0.tgz",
+      "integrity": "sha512-MtEC1TqN0EU5nephaJ4rAtThHtC86dNN9qCuEhtshvpVBkAW5ZO7BASN9REnF9eoXGcRub+pFuKEpOHE+HbEMw=="
+    },
+    "progress": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/progress/-/progress-2.0.0.tgz",
+      "integrity": "sha1-ihvjZr+Pwj2yvSPxDG/pILQ4nR8=",
+      "dev": true
+    },
+    "promise": {
+      "version": "8.1.0",
+      "resolved": "https://registry.npmjs.org/promise/-/promise-8.1.0.tgz",
+      "integrity": "sha512-W04AqnILOL/sPRXziNicCjSNRruLAuIHEOVBazepu0545DDNGYHz7ar9ZgZ1fMU8/MA4mVxp5rkBWRi6OXIy3Q==",
+      "requires": {
+        "asap": "~2.0.6"
+      }
+    },
+    "prop-types": {
+      "version": "15.6.2",
+      "resolved": "https://registry.npmjs.org/prop-types/-/prop-types-15.6.2.tgz",
+      "integrity": "sha512-3pboPvLiWD7dkI3qf3KbUe6hKFKa52w+AE0VCqECtf+QHAKgOL37tTaNCnuX1nAAQ4ZhyP+kYVKf8rLmJ/feDQ==",
+      "dev": true,
+      "requires": {
+        "loose-envify": "^1.3.1",
+        "object-assign": "^4.1.1"
+      }
+    },
+    "pseudomap": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/pseudomap/-/pseudomap-1.0.2.tgz",
+      "integrity": "sha1-8FKijacOYYkX7wqKw0wa5aaChrM=",
+      "dev": true
+    },
+    "psl": {
+      "version": "1.8.0",
+      "resolved": "https://registry.npmjs.org/psl/-/psl-1.8.0.tgz",
+      "integrity": "sha512-RIdOzyoavK+hA18OGGWDqUTsCLhtA7IcZ/6NCs4fFJaHBDab+pDDmDIByWFRQJq2Cd7r1OoQxBGKOaztq+hjIQ=="
+    },
+    "punycode": {
+      "version": "2.1.1",
+      "resolved": "https://registry.npmjs.org/punycode/-/punycode-2.1.1.tgz",
+      "integrity": "sha512-XRsRjdf+j5ml+y/6GKHPZbrF/8p2Yga0JPtdqTIY2Xe5ohJPD9saDJJLPvp9+NSBprVvevdXZybnj2cv8OEd0A=="
+    },
+    "qs": {
+      "version": "6.5.2",
+      "resolved": "https://registry.npmjs.org/qs/-/qs-6.5.2.tgz",
+      "integrity": "sha512-N5ZAX4/LxJmF+7wN74pUD6qAh9/wnvdQcjq9TZjevvXzSUo7bfmw91saqMjzGS2xq91/odN2dW/WOl7qQHNDGA=="
+    },
+    "read-pkg": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/read-pkg/-/read-pkg-2.0.0.tgz",
+      "integrity": "sha1-jvHAYjxqbbDcZxPEv6xGMysjaPg=",
+      "dev": true,
+      "requires": {
+        "load-json-file": "^2.0.0",
+        "normalize-package-data": "^2.3.2",
+        "path-type": "^2.0.0"
+      }
+    },
+    "read-pkg-up": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/read-pkg-up/-/read-pkg-up-2.0.0.tgz",
+      "integrity": "sha1-a3KoBImE4MQeeVEP1en6mbO1Sb4=",
+      "dev": true,
+      "requires": {
+        "find-up": "^2.0.0",
+        "read-pkg": "^2.0.0"
+      },
+      "dependencies": {
+        "find-up": {
+          "version": "2.1.0",
+          "resolved": "https://registry.npmjs.org/find-up/-/find-up-2.1.0.tgz",
+          "integrity": "sha1-RdG35QbHF93UgndaK3eSCjwMV6c=",
+          "dev": true,
+          "requires": {
+            "locate-path": "^2.0.0"
+          }
+        }
+      }
+    },
+    "readable-stream": {
+      "version": "2.3.6",
+      "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.6.tgz",
+      "integrity": "sha512-tQtKA9WIAhBF3+VLAseyMqZeBjW0AHJoxOtYqSUZNJxauErmLbVm2FW1y+J/YA9dUrAC39ITejlZWhVIwawkKw==",
+      "requires": {
+        "core-util-is": "~1.0.0",
+        "inherits": "~2.0.3",
+        "isarray": "~1.0.0",
+        "process-nextick-args": "~2.0.0",
+        "safe-buffer": "~5.1.1",
+        "string_decoder": "~1.1.1",
+        "util-deprecate": "~1.0.1"
+      }
+    },
+    "request": {
+      "version": "2.88.2",
+      "resolved": "https://registry.npmjs.org/request/-/request-2.88.2.tgz",
+      "integrity": "sha512-MsvtOrfG9ZcrOwAW+Qi+F6HbD0CWXEh9ou77uOb7FM2WPhwT7smM833PzanhJLsgXjN89Ir6V2PczXNnMpwKhw==",
+      "requires": {
+        "aws-sign2": "~0.7.0",
+        "aws4": "^1.8.0",
+        "caseless": "~0.12.0",
+        "combined-stream": "~1.0.6",
+        "extend": "~3.0.2",
+        "forever-agent": "~0.6.1",
+        "form-data": "~2.3.2",
+        "har-validator": "~5.1.3",
+        "http-signature": "~1.2.0",
+        "is-typedarray": "~1.0.0",
+        "isstream": "~0.1.2",
+        "json-stringify-safe": "~5.0.1",
+        "mime-types": "~2.1.19",
+        "oauth-sign": "~0.9.0",
+        "performance-now": "^2.1.0",
+        "qs": "~6.5.2",
+        "safe-buffer": "^5.1.2",
+        "tough-cookie": "~2.5.0",
+        "tunnel-agent": "^0.6.0",
+        "uuid": "^3.3.2"
+      }
+    },
+    "require-uncached": {
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/require-uncached/-/require-uncached-1.0.3.tgz",
+      "integrity": "sha1-Tg1W1slmL9MeQwEcS5WqSZVUIdM=",
+      "dev": true,
+      "requires": {
+        "caller-path": "^0.1.0",
+        "resolve-from": "^1.0.0"
+      }
+    },
+    "resolve": {
+      "version": "1.8.1",
+      "resolved": "https://registry.npmjs.org/resolve/-/resolve-1.8.1.tgz",
+      "integrity": "sha512-AicPrAC7Qu1JxPCZ9ZgCZlY35QgFnNqc+0LtbRNxnVw4TXvjQ72wnuL9JQcEBgXkI9JM8MsT9kaQoHcpCRJOYA==",
+      "dev": true,
+      "requires": {
+        "path-parse": "^1.0.5"
+      }
+    },
+    "resolve-from": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/resolve-from/-/resolve-from-1.0.1.tgz",
+      "integrity": "sha1-Jsv+k10a7uq7Kbw/5a6wHpPUQiY=",
+      "dev": true
+    },
+    "restore-cursor": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/restore-cursor/-/restore-cursor-2.0.0.tgz",
+      "integrity": "sha1-n37ih/gv0ybU/RYpI9YhKe7g368=",
+      "dev": true,
+      "requires": {
+        "onetime": "^2.0.0",
+        "signal-exit": "^3.0.2"
+      }
+    },
+    "rimraf": {
+      "version": "2.6.2",
+      "resolved": "https://registry.npmjs.org/rimraf/-/rimraf-2.6.2.tgz",
+      "integrity": "sha512-lreewLK/BlghmxtfH36YYVg1i8IAce4TI7oao75I1g245+6BctqTVQiBP3YUJ9C6DQOXJmkYR9X9fCLtCOJc5w==",
+      "dev": true,
+      "requires": {
+        "glob": "^7.0.5"
+      }
+    },
+    "run-async": {
+      "version": "2.3.0",
+      "resolved": "https://registry.npmjs.org/run-async/-/run-async-2.3.0.tgz",
+      "integrity": "sha1-A3GrSuC91yDUFm19/aZP96RFpsA=",
+      "dev": true,
+      "requires": {
+        "is-promise": "^2.1.0"
+      }
+    },
+    "run-parallel": {
+      "version": "1.1.9",
+      "resolved": "https://registry.npmjs.org/run-parallel/-/run-parallel-1.1.9.tgz",
+      "integrity": "sha512-DEqnSRTDw/Tc3FXf49zedI638Z9onwUotBMiUFKmrO2sdFKIbXamXGQ3Axd4qgphxKB4kw/qP1w5kTxnfU1B9Q==",
+      "dev": true
+    },
+    "rx-lite": {
+      "version": "4.0.8",
+      "resolved": "https://registry.npmjs.org/rx-lite/-/rx-lite-4.0.8.tgz",
+      "integrity": "sha1-Cx4Rr4vESDbwSmQH6S2kJGe3lEQ=",
+      "dev": true
+    },
+    "rx-lite-aggregates": {
+      "version": "4.0.8",
+      "resolved": "https://registry.npmjs.org/rx-lite-aggregates/-/rx-lite-aggregates-4.0.8.tgz",
+      "integrity": "sha1-dTuHqJoRyVRnxKwWJsTvxOBcZ74=",
+      "dev": true,
+      "requires": {
+        "rx-lite": "*"
+      }
+    },
+    "safe-buffer": {
+      "version": "5.1.2",
+      "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz",
+      "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g=="
+    },
+    "safer-buffer": {
+      "version": "2.1.2",
+      "resolved": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz",
+      "integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg=="
+    },
+    "sax": {
+      "version": "1.2.4",
+      "resolved": "https://registry.npmjs.org/sax/-/sax-1.2.4.tgz",
+      "integrity": "sha512-NqVDv9TpANUjFm0N8uM5GxL36UgKi9/atZw+x7YFnQ8ckwFGKrl4xX4yWtrey3UJm5nP1kUbnYgLopqWNSRhWw=="
+    },
+    "semver": {
+      "version": "5.5.1",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-5.5.1.tgz",
+      "integrity": "sha512-PqpAxfrEhlSUWge8dwIp4tZnQ25DIOthpiaHNIthsjEFQD6EvqUKUDM7L8O2rShkFccYo1VjJR0coWfNkCubRw==",
+      "dev": true
+    },
+    "shebang-command": {
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/shebang-command/-/shebang-command-1.2.0.tgz",
+      "integrity": "sha1-RKrGW2lbAzmJaMOfNj/uXer98eo=",
+      "dev": true,
+      "requires": {
+        "shebang-regex": "^1.0.0"
+      }
+    },
+    "shebang-regex": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/shebang-regex/-/shebang-regex-1.0.0.tgz",
+      "integrity": "sha1-2kL0l0DAtC2yypcoVxyxkMmO/qM=",
+      "dev": true
+    },
+    "signal-exit": {
+      "version": "3.0.2",
+      "resolved": "https://registry.npmjs.org/signal-exit/-/signal-exit-3.0.2.tgz",
+      "integrity": "sha1-tf3AjxKH6hF4Yo5BXiUTK3NkbG0=",
+      "dev": true
+    },
+    "slice-ansi": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/slice-ansi/-/slice-ansi-1.0.0.tgz",
+      "integrity": "sha512-POqxBK6Lb3q6s047D/XsDVNPnF9Dl8JSaqe9h9lURl0OdNqy/ujDrOiIHtsqXMGbWWTIomRzAMaTyawAU//Reg==",
+      "dev": true,
+      "requires": {
+        "is-fullwidth-code-point": "^2.0.0"
+      }
+    },
+    "spdx-correct": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/spdx-correct/-/spdx-correct-3.0.0.tgz",
+      "integrity": "sha512-N19o9z5cEyc8yQQPukRCZ9EUmb4HUpnrmaL/fxS2pBo2jbfcFRVuFZ/oFC+vZz0MNNk0h80iMn5/S6qGZOL5+g==",
+      "dev": true,
+      "requires": {
+        "spdx-expression-parse": "^3.0.0",
+        "spdx-license-ids": "^3.0.0"
+      }
+    },
+    "spdx-exceptions": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/spdx-exceptions/-/spdx-exceptions-2.1.0.tgz",
+      "integrity": "sha512-4K1NsmrlCU1JJgUrtgEeTVyfx8VaYea9J9LvARxhbHtVtohPs/gFGG5yy49beySjlIMhhXZ4QqujIZEfS4l6Cg==",
+      "dev": true
+    },
+    "spdx-expression-parse": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/spdx-expression-parse/-/spdx-expression-parse-3.0.0.tgz",
+      "integrity": "sha512-Yg6D3XpRD4kkOmTpdgbUiEJFKghJH03fiC1OPll5h/0sO6neh2jqRDVHOQ4o/LMea0tgCkbMgea5ip/e+MkWyg==",
+      "dev": true,
+      "requires": {
+        "spdx-exceptions": "^2.1.0",
+        "spdx-license-ids": "^3.0.0"
+      }
+    },
+    "spdx-license-ids": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/spdx-license-ids/-/spdx-license-ids-3.0.0.tgz",
+      "integrity": "sha512-2+EPwgbnmOIl8HjGBXXMd9NAu02vLjOO1nWw4kmeRDFyHn+M/ETfHxQUK0oXg8ctgVnl9t3rosNVsZ1jG61nDA==",
+      "dev": true
+    },
+    "sprintf-js": {
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz",
+      "integrity": "sha1-BOaSb2YolTVPPdAVIDYzuFcpfiw=",
+      "dev": true
+    },
+    "sshpk": {
+      "version": "1.16.1",
+      "resolved": "https://registry.npmjs.org/sshpk/-/sshpk-1.16.1.tgz",
+      "integrity": "sha512-HXXqVUq7+pcKeLqqZj6mHFUMvXtOJt1uoUx09pFW6011inTMxqI8BA8PM95myrIyyKwdnzjdFjLiE6KBPVtJIg==",
+      "requires": {
+        "asn1": "~0.2.3",
+        "assert-plus": "^1.0.0",
+        "bcrypt-pbkdf": "^1.0.0",
+        "dashdash": "^1.12.0",
+        "ecc-jsbn": "~0.1.1",
+        "getpass": "^0.1.1",
+        "jsbn": "~0.1.0",
+        "safer-buffer": "^2.0.2",
+        "tweetnacl": "~0.14.0"
+      }
+    },
+    "standard": {
+      "version": "11.0.1",
+      "resolved": "https://registry.npmjs.org/standard/-/standard-11.0.1.tgz",
+      "integrity": "sha512-nu0jAcHiSc8H+gJCXeiziMVZNDYi8MuqrYJKxTgjP4xKXZMKm311boqQIzDrYI/ktosltxt2CbDjYQs9ANC8IA==",
+      "dev": true,
+      "requires": {
+        "eslint": "~4.18.0",
+        "eslint-config-standard": "11.0.0",
+        "eslint-config-standard-jsx": "5.0.0",
+        "eslint-plugin-import": "~2.9.0",
+        "eslint-plugin-node": "~6.0.0",
+        "eslint-plugin-promise": "~3.7.0",
+        "eslint-plugin-react": "~7.7.0",
+        "eslint-plugin-standard": "~3.0.1",
+        "standard-engine": "~8.0.0"
+      }
+    },
+    "standard-engine": {
+      "version": "8.0.1",
+      "resolved": "https://registry.npmjs.org/standard-engine/-/standard-engine-8.0.1.tgz",
+      "integrity": "sha512-LA531C3+nljom/XRvdW/hGPXwmilRkaRkENhO3FAGF1Vtq/WtCXzgmnc5S6vUHHsgv534MRy02C1ikMwZXC+tw==",
+      "dev": true,
+      "requires": {
+        "deglob": "^2.1.0",
+        "get-stdin": "^6.0.0",
+        "minimist": "^1.1.0",
+        "pkg-conf": "^2.0.0"
+      }
+    },
+    "string-width": {
+      "version": "2.1.1",
+      "resolved": "https://registry.npmjs.org/string-width/-/string-width-2.1.1.tgz",
+      "integrity": "sha512-nOqH59deCq9SRHlxq1Aw85Jnt4w6KvLKqWVik6oA9ZklXLNIOlqg4F2yrT1MVaTjAqvVwdfeZ7w7aCvJD7ugkw==",
+      "dev": true,
+      "requires": {
+        "is-fullwidth-code-point": "^2.0.0",
+        "strip-ansi": "^4.0.0"
+      }
+    },
+    "string_decoder": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz",
+      "integrity": "sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==",
+      "requires": {
+        "safe-buffer": "~5.1.0"
+      }
+    },
+    "strip-ansi": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-4.0.0.tgz",
+      "integrity": "sha1-qEeQIusaw2iocTibY1JixQXuNo8=",
+      "dev": true,
+      "requires": {
+        "ansi-regex": "^3.0.0"
+      },
+      "dependencies": {
+        "ansi-regex": {
+          "version": "3.0.0",
+          "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-3.0.0.tgz",
+          "integrity": "sha1-7QMXwyIGT3lGbAKWa922Bas32Zg=",
+          "dev": true
+        }
+      }
+    },
+    "strip-bom": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/strip-bom/-/strip-bom-3.0.0.tgz",
+      "integrity": "sha1-IzTBjpx1n3vdVv3vfprj1YjmjtM=",
+      "dev": true
+    },
+    "strip-json-comments": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/strip-json-comments/-/strip-json-comments-2.0.1.tgz",
+      "integrity": "sha1-PFMZQukIwml8DsNEhYwobHygpgo=",
+      "dev": true
+    },
+    "supports-color": {
+      "version": "5.5.0",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz",
+      "integrity": "sha512-QjVjwdXIt408MIiAqCX4oUKsgU2EqAGzs2Ppkm4aQYbjm+ZEWEcW4SfFNTr4uMNZma0ey4f5lgLrkB0aX0QMow==",
+      "dev": true,
+      "requires": {
+        "has-flag": "^3.0.0"
+      }
+    },
+    "sync-request": {
+      "version": "6.1.0",
+      "resolved": "https://registry.npmjs.org/sync-request/-/sync-request-6.1.0.tgz",
+      "integrity": "sha512-8fjNkrNlNCrVc/av+Jn+xxqfCjYaBoHqCsDz6mt030UMxJGr+GSfCV1dQt2gRtlL63+VPidwDVLr7V2OcTSdRw==",
+      "requires": {
+        "http-response-object": "^3.0.1",
+        "sync-rpc": "^1.2.1",
+        "then-request": "^6.0.0"
+      }
+    },
+    "sync-rpc": {
+      "version": "1.3.6",
+      "resolved": "https://registry.npmjs.org/sync-rpc/-/sync-rpc-1.3.6.tgz",
+      "integrity": "sha512-J8jTXuZzRlvU7HemDgHi3pGnh/rkoqR/OZSjhTyyZrEkkYQbk7Z33AXp37mkPfPpfdOuj7Ex3H/TJM1z48uPQw==",
+      "requires": {
+        "get-port": "^3.1.0"
+      }
+    },
+    "table": {
+      "version": "4.0.2",
+      "resolved": "https://registry.npmjs.org/table/-/table-4.0.2.tgz",
+      "integrity": "sha512-UUkEAPdSGxtRpiV9ozJ5cMTtYiqz7Ni1OGqLXRCynrvzdtR1p+cfOWe2RJLwvUG8hNanaSRjecIqwOjqeatDsA==",
+      "dev": true,
+      "requires": {
+        "ajv": "^5.2.3",
+        "ajv-keywords": "^2.1.0",
+        "chalk": "^2.1.0",
+        "lodash": "^4.17.4",
+        "slice-ansi": "1.0.0",
+        "string-width": "^2.1.1"
+      }
+    },
+    "text-table": {
+      "version": "0.2.0",
+      "resolved": "https://registry.npmjs.org/text-table/-/text-table-0.2.0.tgz",
+      "integrity": "sha1-f17oI66AUgfACvLfSoTsP8+lcLQ=",
+      "dev": true
+    },
+    "then-request": {
+      "version": "6.0.2",
+      "resolved": "https://registry.npmjs.org/then-request/-/then-request-6.0.2.tgz",
+      "integrity": "sha512-3ZBiG7JvP3wbDzA9iNY5zJQcHL4jn/0BWtXIkagfz7QgOL/LqjCEOBQuJNZfu0XYnv5JhKh+cDxCPM4ILrqruA==",
+      "requires": {
+        "@types/concat-stream": "^1.6.0",
+        "@types/form-data": "0.0.33",
+        "@types/node": "^8.0.0",
+        "@types/qs": "^6.2.31",
+        "caseless": "~0.12.0",
+        "concat-stream": "^1.6.0",
+        "form-data": "^2.2.0",
+        "http-basic": "^8.1.1",
+        "http-response-object": "^3.0.1",
+        "promise": "^8.0.0",
+        "qs": "^6.4.0"
+      },
+      "dependencies": {
+        "@types/node": {
+          "version": "8.10.61",
+          "resolved": "https://registry.npmjs.org/@types/node/-/node-8.10.61.tgz",
+          "integrity": "sha512-l+zSbvT8TPRaCxL1l9cwHCb0tSqGAGcjPJFItGGYat5oCTiq1uQQKYg5m7AF1mgnEBzFXGLJ2LRmNjtreRX76Q=="
+        }
+      }
+    },
+    "through": {
+      "version": "2.3.8",
+      "resolved": "https://registry.npmjs.org/through/-/through-2.3.8.tgz",
+      "integrity": "sha1-DdTJ/6q8NXlgsbckEV1+Doai4fU=",
+      "dev": true
+    },
+    "tmp": {
+      "version": "0.0.33",
+      "resolved": "https://registry.npmjs.org/tmp/-/tmp-0.0.33.tgz",
+      "integrity": "sha512-jRCJlojKnZ3addtTOjdIqoRuPEKBvNXcGYqzO6zWZX8KfKEpnGY5jfggJQ3EjKuu8D4bJRr0y+cYJFmYbImXGw==",
+      "dev": true,
+      "requires": {
+        "os-tmpdir": "~1.0.2"
+      }
+    },
+    "tough-cookie": {
+      "version": "2.5.0",
+      "resolved": "https://registry.npmjs.org/tough-cookie/-/tough-cookie-2.5.0.tgz",
+      "integrity": "sha512-nlLsUzgm1kfLXSXfRZMc1KLAugd4hqJHDTvc2hDIwS3mZAfMEuMbc03SujMF+GEcpaX/qboeycw6iO8JwVv2+g==",
+      "requires": {
+        "psl": "^1.1.28",
+        "punycode": "^2.1.1"
+      }
+    },
+    "tunnel-agent": {
+      "version": "0.6.0",
+      "resolved": "https://registry.npmjs.org/tunnel-agent/-/tunnel-agent-0.6.0.tgz",
+      "integrity": "sha1-J6XeoGs2sEoKmWZ3SykIaPD8QP0=",
+      "requires": {
+        "safe-buffer": "^5.0.1"
+      }
+    },
+    "tweetnacl": {
+      "version": "0.14.5",
+      "resolved": "https://registry.npmjs.org/tweetnacl/-/tweetnacl-0.14.5.tgz",
+      "integrity": "sha1-WuaBd/GS1EViadEIr6k/+HQ/T2Q="
+    },
+    "type-check": {
+      "version": "0.3.2",
+      "resolved": "https://registry.npmjs.org/type-check/-/type-check-0.3.2.tgz",
+      "integrity": "sha1-WITKtRLPHTVeP7eE8wgEsrUg23I=",
+      "dev": true,
+      "requires": {
+        "prelude-ls": "~1.1.2"
+      }
+    },
+    "typedarray": {
+      "version": "0.0.6",
+      "resolved": "https://registry.npmjs.org/typedarray/-/typedarray-0.0.6.tgz",
+      "integrity": "sha1-hnrHTjhkGHsdPUfZlqeOxciDB3c="
+    },
+    "uniq": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/uniq/-/uniq-1.0.1.tgz",
+      "integrity": "sha1-sxxa6CVIRKOoKBVBzisEuGWnNP8=",
+      "dev": true
+    },
+    "uri-js": {
+      "version": "4.2.2",
+      "resolved": "https://registry.npmjs.org/uri-js/-/uri-js-4.2.2.tgz",
+      "integrity": "sha512-KY9Frmirql91X2Qgjry0Wd4Y+YTdrdZheS8TFwvkbLWf/G5KNJDCh6pKL5OZctEW4+0Baa5idK2ZQuELRwPznQ==",
+      "requires": {
+        "punycode": "^2.1.0"
+      }
+    },
+    "util-deprecate": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz",
+      "integrity": "sha1-RQ1Nyfpw3nMnYvvS1KKJgUGaDM8="
+    },
+    "uuid": {
+      "version": "3.4.0",
+      "resolved": "https://registry.npmjs.org/uuid/-/uuid-3.4.0.tgz",
+      "integrity": "sha512-HjSDRw6gZE5JMggctHBcjVak08+KEVhSIiDzFnT9S9aegmp85S/bReBVTb4QTFaRNptJ9kuYaNhnbNEOkbKb/A=="
+    },
+    "validate-npm-package-license": {
+      "version": "3.0.4",
+      "resolved": "https://registry.npmjs.org/validate-npm-package-license/-/validate-npm-package-license-3.0.4.tgz",
+      "integrity": "sha512-DpKm2Ui/xN7/HQKCtpZxoRWBhZ9Z0kqtygG8XCgNQ8ZlDnxuQmWhj566j8fN4Cu3/JmbhsDo7fcAJq4s9h27Ew==",
+      "dev": true,
+      "requires": {
+        "spdx-correct": "^3.0.0",
+        "spdx-expression-parse": "^3.0.0"
+      }
+    },
+    "verror": {
+      "version": "1.10.0",
+      "resolved": "https://registry.npmjs.org/verror/-/verror-1.10.0.tgz",
+      "integrity": "sha1-OhBcoXBTr1XW4nDB+CiGguGNpAA=",
+      "requires": {
+        "assert-plus": "^1.0.0",
+        "core-util-is": "1.0.2",
+        "extsprintf": "^1.2.0"
+      }
+    },
+    "which": {
+      "version": "1.3.1",
+      "resolved": "https://registry.npmjs.org/which/-/which-1.3.1.tgz",
+      "integrity": "sha512-HxJdYWq1MTIQbJ3nw0cqssHoTNU267KlrDuGZ1WYlxDStUtKUhOaJmh112/TZmHxxUfuJqPXSOm7tDyas0OSIQ==",
+      "dev": true,
+      "requires": {
+        "isexe": "^2.0.0"
+      }
+    },
+    "wordwrap": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/wordwrap/-/wordwrap-1.0.0.tgz",
+      "integrity": "sha1-J1hIEIkUVqQXHI0CJkQa3pDLyus=",
+      "dev": true
+    },
+    "wrappy": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz",
+      "integrity": "sha1-tSQ9jz7BqjXxNkYFvA0QNuMKtp8=",
+      "dev": true
+    },
+    "write": {
+      "version": "0.2.1",
+      "resolved": "https://registry.npmjs.org/write/-/write-0.2.1.tgz",
+      "integrity": "sha1-X8A4KOJkzqP+kUVUdvejxWbLB1c=",
+      "dev": true,
+      "requires": {
+        "mkdirp": "^0.5.1"
+      }
+    },
+    "xml2js": {
+      "version": "0.4.23",
+      "resolved": "https://registry.npmjs.org/xml2js/-/xml2js-0.4.23.tgz",
+      "integrity": "sha512-ySPiMjM0+pLDftHgXY4By0uswI3SPKLDw/i3UXbnO8M/p28zqexCUoPmQFrYD+/1BzhGJSs2i1ERWKJAtiLrug==",
+      "requires": {
+        "sax": ">=0.6.0",
+        "xmlbuilder": "~11.0.0"
+      }
+    },
+    "xmlbuilder": {
+      "version": "11.0.1",
+      "resolved": "https://registry.npmjs.org/xmlbuilder/-/xmlbuilder-11.0.1.tgz",
+      "integrity": "sha512-fDlsI/kFEx7gLvbecc0/ohLG50fugQp8ryHzMTuW9vSa1GJ0XYWKnhsUx7oie3G98+r56aTQIUB4kht42R3JvA=="
+    },
+    "xtend": {
+      "version": "4.0.1",
+      "resolved": "https://registry.npmjs.org/xtend/-/xtend-4.0.1.tgz",
+      "integrity": "sha1-pcbVMr5lbiPbgg77lDofBJmNY68=",
+      "dev": true
+    },
+    "yallist": {
+      "version": "2.1.2",
+      "resolved": "https://registry.npmjs.org/yallist/-/yallist-2.1.2.tgz",
+      "integrity": "sha1-HBH5IY8HYImkfdUS+TxmmaaoHVI=",
+      "dev": true
+    }
+  }
+}
diff --git a/utils/trivialize-cdn-rules/package.json b/utils/trivialize-cdn-rules/package.json
new file mode 100644
index 000000000000..c21b01694f84
--- /dev/null
+++ b/utils/trivialize-cdn-rules/package.json
@@ -0,0 +1,22 @@
+{
+  "name": "trivialize-cdn-rules",
+  "version": "1.0.0",
+  "main": "index.js",
+  "dependencies": {
+    "graceful-fs": "^4.2.0",
+    "request": "^2.87.0",
+    "sync-request": "^6.1.0",
+    "xml2js": "^0.4.19"
+  },
+  "devDependencies": {
+    "chalk": "^2.4.2",
+    "standard": "^11.0.1"
+  },
+  "scripts": {
+    "start": "node index.js",
+    "lint": "standard --fix index.js"
+  },
+  "keywords": [],
+  "author": "Chan Chak Shing",
+  "description": ""
+}
diff --git a/utils/trivialize-rules/.gitignore b/utils/trivialize-rules/.gitignore
new file mode 100644
index 000000000000..3c3629e647f5
--- /dev/null
+++ b/utils/trivialize-rules/.gitignore
@@ -0,0 +1 @@
+node_modules
diff --git a/utils/trivialize-rules/explode-regexp.js b/utils/trivialize-rules/explode-regexp.js
new file mode 100644
index 000000000000..c034f195a837
--- /dev/null
+++ b/utils/trivialize-rules/explode-regexp.js
@@ -0,0 +1,86 @@
+/* eslint-env es6, node */
+
+const { parse } = require('regulex');
+
+class UnsupportedRegExp extends Error {}
+
+function explodeRegExp(re, callback) {
+  (function buildUrls(str, items) {
+    if (items.length === 0) {
+      callback(str + '*');
+      return;
+    }
+
+    let [first, ...rest] = items;
+
+    if (first.repeat) {
+      let { repeat, ...firstSub } = first;
+      if (repeat.max !== 1) throw new UnsupportedRegExp(first.raw);
+      if (repeat.min === 0) {
+        buildUrls(str, rest);
+      }
+      return buildUrls(str, [ firstSub, ...rest ]);
+    }
+
+    switch (first.type) {
+      case 'group': {
+        return buildUrls(str, first.sub.concat(rest));
+      }
+
+      case 'assert': {
+        if (first.assertionType === 'AssertBegin') {
+          if (str !== '*') return; // can't match begin not at the beginning
+          return buildUrls('', rest);
+        }
+        if (first.assertionType === 'AssertEnd') {
+          callback(str);
+          return;
+        }
+        if (first.assertionType === 'AssertLookahead' && rest.length === 0) {
+          return buildUrls(str, first.sub.concat(rest));
+        }
+        break;
+      }
+
+      case 'choice': {
+        for (let branch of first.branches) {
+          buildUrls(str, branch.concat(rest));
+        }
+        return;
+      }
+
+      case 'exact': {
+        return buildUrls(str + first.chars, rest);
+      }
+
+      case 'charset': {
+        if (first.ranges.length === 1) {
+          let range = first.ranges[0];
+          let from = range.charCodeAt(0);
+          let to = range.charCodeAt(1);
+          if (to - from < 10) {
+            // small range, probably won't explode
+            for (; from <= to; from++) {
+              buildUrls(str + String.fromCharCode(from), rest);
+            }
+            first.ranges.length = 0;
+          }
+        }
+        if (!first.classes.length && !first.exclude && !first.ranges.length) {
+          for (let c of first.chars) {
+            buildUrls(str + c, rest);
+          }
+          return;
+        }
+        break;
+      }
+    }
+
+    throw new UnsupportedRegExp(first.raw);
+  })('*', parse(re).tree);
+};
+
+module.exports = {
+  UnsupportedRegExp,
+  explodeRegExp
+};
diff --git a/utils/trivialize-rules/package-lock.json b/utils/trivialize-rules/package-lock.json
new file mode 100644
index 000000000000..3bccfafbef51
--- /dev/null
+++ b/utils/trivialize-rules/package-lock.json
@@ -0,0 +1,112 @@
+{
+  "name": "trivialize-rules",
+  "version": "1.0.0",
+  "lockfileVersion": 1,
+  "requires": true,
+  "dependencies": {
+    "amdefine": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/amdefine/-/amdefine-1.0.1.tgz",
+      "integrity": "sha1-SlKCrBZHKek2Gbz9OtFR+BfOkfU="
+    },
+    "ansi-styles": {
+      "version": "3.2.1",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz",
+      "integrity": "sha512-VT0ZI6kZRdTh8YyJw3SMbYm/u+NqfsAxEpWO0Pf9sq8/e94WxxOpPKx9FR1FlyCtOVDNOQ+8ntlqFxiRc+r5qA==",
+      "requires": {
+        "color-convert": "^1.9.0"
+      }
+    },
+    "chalk": {
+      "version": "2.4.2",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz",
+      "integrity": "sha512-Mti+f9lpJNcwF4tWV8/OrTTtF1gZi+f8FqlyAdouralcFWFQWF2+NgCHShjkCb+IFBLq9buZwE1xckQU4peSuQ==",
+      "requires": {
+        "ansi-styles": "^3.2.1",
+        "escape-string-regexp": "^1.0.5",
+        "supports-color": "^5.3.0"
+      }
+    },
+    "color-convert": {
+      "version": "1.9.3",
+      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz",
+      "integrity": "sha512-QfAUtd+vFdAtFQcC8CCyYt1fYWxSqAiK2cSD6zDB8N3cpsEBAvRxp9zOGg6G/SHHJYAT88/az/IuDGALsNVbGg==",
+      "requires": {
+        "color-name": "1.1.3"
+      }
+    },
+    "color-name": {
+      "version": "1.1.3",
+      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz",
+      "integrity": "sha1-p9BVi9icQveV3UIyj3QIMcpTvCU="
+    },
+    "escape-string-regexp": {
+      "version": "1.0.5",
+      "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz",
+      "integrity": "sha1-G2HAViGQqN/2rjuyzwIAyhMLhtQ="
+    },
+    "graceful-fs": {
+      "version": "4.1.15",
+      "resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.1.15.tgz",
+      "integrity": "sha512-6uHUhOPEBgQ24HM+r6b/QwWfZq+yiFcipKFrOFiBEnWdy5sdzYoi+pJeQaPI5qOLRFqWmAXUPQNsielzdLoecA=="
+    },
+    "has-flag": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz",
+      "integrity": "sha1-tdRU3CGZriJWmfNGfloH87lVuv0="
+    },
+    "highland": {
+      "version": "2.13.4",
+      "resolved": "https://registry.npmjs.org/highland/-/highland-2.13.4.tgz",
+      "integrity": "sha512-r+YlbnBhCTcrcVzBpzPcrvB0llVjeDWKuXSZVuNBe5WgQJtN2xGUUMZC9WzHCntNIx0rskVernxLoFJUCkmb/Q==",
+      "requires": {
+        "util-deprecate": "^1.0.2"
+      }
+    },
+    "regulex": {
+      "version": "0.0.2",
+      "resolved": "https://registry.npmjs.org/regulex/-/regulex-0.0.2.tgz",
+      "integrity": "sha1-e7oj5R8JnIJiE5ZEbYDeQVm9Ksc=",
+      "requires": {
+        "amdefine": "~1.0.0"
+      }
+    },
+    "sax": {
+      "version": "1.2.4",
+      "resolved": "https://registry.npmjs.org/sax/-/sax-1.2.4.tgz",
+      "integrity": "sha512-NqVDv9TpANUjFm0N8uM5GxL36UgKi9/atZw+x7YFnQ8ckwFGKrl4xX4yWtrey3UJm5nP1kUbnYgLopqWNSRhWw=="
+    },
+    "supports-color": {
+      "version": "5.5.0",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz",
+      "integrity": "sha512-QjVjwdXIt408MIiAqCX4oUKsgU2EqAGzs2Ppkm4aQYbjm+ZEWEcW4SfFNTr4uMNZma0ey4f5lgLrkB0aX0QMow==",
+      "requires": {
+        "has-flag": "^3.0.0"
+      }
+    },
+    "util-deprecate": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz",
+      "integrity": "sha1-RQ1Nyfpw3nMnYvvS1KKJgUGaDM8="
+    },
+    "valid-url": {
+      "version": "1.0.9",
+      "resolved": "https://registry.npmjs.org/valid-url/-/valid-url-1.0.9.tgz",
+      "integrity": "sha1-HBRHm0DxOXp1eC8RXkCGRHQzogA="
+    },
+    "xml2js": {
+      "version": "0.4.19",
+      "resolved": "https://registry.npmjs.org/xml2js/-/xml2js-0.4.19.tgz",
+      "integrity": "sha512-esZnJZJOiJR9wWKMyuvSE1y6Dq5LCuJanqhxslH2bxM6duahNZ+HMpCLhBQGZkbX6xRf8x1Y2eJlgt2q3qo49Q==",
+      "requires": {
+        "sax": ">=0.6.0",
+        "xmlbuilder": "~9.0.1"
+      }
+    },
+    "xmlbuilder": {
+      "version": "9.0.7",
+      "resolved": "https://registry.npmjs.org/xmlbuilder/-/xmlbuilder-9.0.7.tgz",
+      "integrity": "sha1-Ey7mPS7FVlxVfiD0wi35rKaGsQ0="
+    }
+  }
+}
diff --git a/utils/trivialize-rules/package.json b/utils/trivialize-rules/package.json
new file mode 100644
index 000000000000..bae4431180c8
--- /dev/null
+++ b/utils/trivialize-rules/package.json
@@ -0,0 +1,22 @@
+{
+  "name": "trivialize-rules",
+  "version": "1.0.0",
+  "main": "trivialize-rules.js",
+  "dependencies": {
+    "chalk": "^2.1.0",
+    "escape-string-regexp": "^1.0.5",
+    "graceful-fs": "^4.1.11",
+    "highland": "^2.7.1",
+    "regulex": "0.0.2",
+    "valid-url": "^1.0.9",
+    "xml2js": "^0.4.16"
+  },
+  "devDependencies": {},
+  "scripts": {
+    "start": "node --harmony_destructuring trivialize-rules.js",
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "keywords": [],
+  "author": "Ingvar Stepanyan",
+  "description": ""
+}
diff --git a/utils/trivialize-rules/trivialize-cookie-rules.js b/utils/trivialize-rules/trivialize-cookie-rules.js
new file mode 100644
index 000000000000..3b8f5f17c68f
--- /dev/null
+++ b/utils/trivialize-rules/trivialize-cookie-rules.js
@@ -0,0 +1,142 @@
+"use strict";
+
+/**
+ * For future contributors, this script was written to trivialize a special
+ * form of securecookie rules which is equal to trivial securecookie rule
+ * under the current HTTPSe implementation. This allows trivialize-rules.js to
+ * simplify rulesets otherwise impossible due to the lack of support of
+ * unbounded wildcard RegExps in explode-regexp.js (by design).
+ *
+ * As stated in trivialize-rules.js, a securecookie rule works if there is an
+ * existing rule covering the exact same domain.
+ *
+ * In particular, <securecookie host=".*example.com" .../> covers all
+ * subdomains in cookie.host given at least one working rule cover
+ * the same subdomains.
+ *
+ * If there is at least one such rule, for e.g. www.example.com, the mentioned
+ * securecookie rules can be reduced to
+ *     <securecookie host="^\.?www\.example\.com$" .../>
+ * Else, the securecookie rule do not take into effect and thus can be ignored
+ * during the runtime.
+ *
+ * So, regardless of the existence of any rule, for all targets listed in a
+ * ruleset, the securecookie rule can be interpreted as
+ *     <securecookie host=".+" .../>
+ *
+ * For simplicity, this implementation require securecookie#host includes a
+ * tailing $
+ */
+
+let util = require("util");
+let path = require("path");
+let xml2js = require("xml2js");
+
+let fs = require("graceful-fs");
+let readdir = util.promisify(fs.readdir);
+let readFile = util.promisify(fs.readFile);
+let parseString = util.promisify(xml2js.parseString);
+
+let rulesDir = "src/chrome/content/rules";
+
+let trivialSecureCookieLiteral = `\n$1<securecookie host=".+"$3name=".+"/>\n`;
+let secureCookieRegExp = new RegExp(
+  `\n([\t ]*)<securecookie\\s*host=\\s*"([^"]+)"(\\s*)name=\\s*"([^"]+)"\\s*?/>[\t ]*\n`
+);
+
+let isTrivial = securecookie => {
+  return securecookie.host === ".+" && securecookie.name === ".+";
+};
+
+(async () => {
+  let filenames = (await readdir(rulesDir)).filter(fn => fn.endsWith(".xml"));
+  let filePromises = filenames.map(async filename => {
+    let content = await readFile(path.join(rulesDir, filename), "utf8");
+    let { ruleset } = await parseString(content);
+
+    let targets = ruleset.target.map(target => target.$.host);
+    let securecookies = ruleset.securecookie
+      ? ruleset.securecookie.map(sc => sc.$)
+      : [];
+
+    // make sure there is at least one non-trivial securecookie
+    if (!securecookies.length || securecookies.some(isTrivial)) {
+      return;
+    }
+
+    for (let securecookie of securecookies) {
+      if (securecookie.name !== ".+") {
+        return;
+      }
+
+      if (
+        !securecookie.host.startsWith("^.+") &&
+        !securecookie.host.startsWith("^.*") &&
+        !securecookie.host.startsWith(".+") &&
+        !securecookie.host.startsWith(".*") &&
+        !securecookie.host.startsWith("(?:.*\\.)?") &&
+        !securecookie.host.startsWith("(?:.+\\.)?") &&
+        !securecookie.host.startsWith("^(?:.*\\.)?") &&
+        !securecookie.host.startsWith("^(?:.+\\.)?")
+      ) {
+        return;
+      }
+    }
+
+    // make sure each domains and its subdomains are covered by at least
+    // one securecookie rule
+    let securedDomains = new Map();
+    for (let target of targets) {
+      // we cannot handle the right-wildcards based on the argument above
+      if (target.includes(".*")) {
+        return;
+      }
+      // replace left-wildcard with www is an implementation detail
+      // see https://github.com/EFForg/https-everywhere/blob/
+      // 260cd8d402fb8069c55cda311e1be7a60db7339d/chromium/background-scripts/background.js#L595
+      if (target.includes("*.")) {
+        target = target.replace("*.", "www.");
+      }
+      securedDomains.set(target, false);
+      securedDomains.set("." + target, false);
+    }
+
+    for (let securecookie of securecookies) {
+      let pattern = new RegExp(securecookie.host);
+      securedDomains.forEach((val, key, map) => {
+        if (pattern.test(key)) {
+          map.set(key, true);
+        }
+      });
+    }
+
+    // If any value of ${securedDomains} is false, return.
+    if (![...securedDomains.values()].every(secured => secured)) {
+      return;
+    }
+
+    // remove the securecookie tag except the last one
+    // replace the last securecookie tag with a trivial one
+    for (let occurrence = securecookies.length; occurrence; --occurrence) {
+      content = content.replace(
+        secureCookieRegExp,
+        occurrence == 1 ? trivialSecureCookieLiteral : ""
+      );
+    }
+
+    return new Promise((resolve, reject) => {
+      fs.writeFile(path.join(rulesDir, filename), content, "utf8", (err) => {
+        if (err) {
+          reject(err);
+        }
+        resolve();
+      });
+    })
+  });
+
+
+  // use for-loop to await too many file opened error
+  for (let fp of filePromises) {
+    await fp.catch(error => console.log(error));
+  }
+})();
diff --git a/utils/trivialize-rules/trivialize-rules.js b/utils/trivialize-rules/trivialize-rules.js
new file mode 100644
index 000000000000..663ecb60978c
--- /dev/null
+++ b/utils/trivialize-rules/trivialize-rules.js
@@ -0,0 +1,291 @@
+/* eslint-env es6, node */
+
+'use strict';
+
+const _ = require('highland');
+const fs = require('fs');
+const readDir = _.wrapCallback(fs.readdir);
+const readFile = _.wrapCallback(fs.readFile);
+const writeFile = _.wrapCallback(fs.writeFile);
+const parseXML = _.wrapCallback(require('xml2js').parseString);
+const { explodeRegExp, UnsupportedRegExp } = require('./explode-regexp');
+const escapeStringRegexp = require('escape-string-regexp');
+const chalk = require('chalk');
+
+const rulesDir = `${__dirname}/../../src/chrome/content/rules`;
+
+const tagsRegExps = new Map();
+
+function createTagsRegexp(tag) {
+  let re = tagsRegExps.get(tag);
+  if (!re) {
+    const tagRe = `<${tag}(?:\\s+\\w+=".*?")*\\s*\\/>`;
+    re = new RegExp(`(?:${tagRe}\\s*)*${tagRe}`, 'g');
+    tagsRegExps.set(tag, re);
+  }
+  return re;
+}
+
+function replaceXML(source, tag, newXML) {
+  let pos, indent;
+  let re = createTagsRegexp(tag);
+
+  source = source.replace(re, (match, index) => {
+    if (source.lastIndexOf('<!--', index) > source.lastIndexOf('-->', index)) {
+      // inside a comment
+      return match;
+    }
+    if (pos === undefined) {
+      pos = index;
+      indent = source.slice(source.lastIndexOf('\n', index) + 1, index);
+    }
+    return '';
+  });
+
+  if (pos === undefined) {
+    throw new Error(`${re}: <${tag} /> was not found in ${source}`);
+  }
+
+  return source.slice(0, pos) + newXML.join('\n' + indent) + source.slice(pos);
+}
+
+const files =
+        readDir(rulesDir)
+          .sequence()
+          .filter(name => name.endsWith('.xml'));
+
+const sources =
+        files.fork()
+          .map(name => readFile(`${rulesDir}/${name}`, 'utf-8'))
+          .parallel(10);
+
+const rules =
+        sources.fork()
+          .flatMap(parseXML)
+          .errors((err, push) => {
+            push(null, { err });
+          })
+          .zip(files.fork())
+          .map(([ { ruleset, err }, name ]) => {
+            if (err) {
+              err.message += ` (${name})`;
+              this.emit('error', err);
+            } else {
+              return ruleset;
+            }
+          });
+
+function isTrivial(rule) {
+  return rule.from === '^http:' && rule.to === 'https:';
+}
+
+files.fork().zipAll([ sources.fork(), rules ]).map(([name, source, ruleset]) => {
+  function createTag(tagName, colour, print) {
+    return (strings, ...values) => {
+      let result = `[${tagName}] ${chalk.bold(name)}: ${strings[0]}`;
+      for (let i = 1; i < strings.length; i++) {
+        let value = values[i - 1];
+        if (value instanceof Set) {
+          value = Array.from(value);
+        }
+        value = Array.isArray(value) ? value.join(', ') : value.toString();
+        result += chalk.blue(value) + strings[i];
+      }
+      print(colour(result));
+    };
+  }
+
+  const warn = createTag('WARN', chalk.yellow, console.warn);
+  const info = createTag('INFO', chalk.green, console.info);
+  const fail = createTag('FAIL', chalk.red, console.error);
+
+  let targets = ruleset.target.map(target => target.$.host);
+  let securecookies = ruleset.securecookie ? ruleset.securecookie.map(sc => sc.$) : new Array();
+  let rules = ruleset.rule.map(rule => rule.$);
+
+  if (rules.length === 1 && isTrivial(rules[0])) {
+    return;
+  }
+
+  let targetRe = new RegExp(`^(?:${targets.map(target => target.replace(/\./g, '\\.').replace(/\*/g, '.*')).join('|')})$`);
+  let domains = new Set();
+
+  function isStatic(rule) {
+    if (isTrivial(rule)) {
+      for (let target of targets) {
+        domains.add(target);
+      }
+      return true;
+    }
+
+    const { from, to } = rule;
+    const fromRe = new RegExp(from);
+    let localDomains = new Set();
+    let unknownDomains = new Set();
+    let nonTrivialUrls = new Set();
+    let suspiciousStrings = new Set();
+
+    try {
+      explodeRegExp(from, url => {
+        let parsed = url.match(/^http(s?):\/\/(.+?)(?::(\d+))?\/(.*)$/);
+        if (!parsed) {
+          suspiciousStrings.add(url);
+          return;
+        }
+        let [, secure, host, port = '80', path] = parsed;
+        if (!targetRe.test(host)) {
+          unknownDomains.add(host);
+        } else if (!secure && port === '80' && path === '*' && url.replace(fromRe, to) === url.replace(/^http:/, 'https:')) {
+          localDomains.add(host);
+        } else {
+          nonTrivialUrls.add(url);
+        }
+      });
+    } catch (e) {
+      if (!(e instanceof UnsupportedRegExp)) {
+        throw e;
+      }
+      if (e.message === '/*' || e.message === '/+') {
+        fail`Suspicious ${e.message} while traversing ${from} => ${to}`;
+      } else {
+        warn`Unsupported regexp part ${e.message} while traversing ${from} => ${to}`;
+      }
+      return false;
+    }
+
+    if (suspiciousStrings.size > 0) {
+      fail`${from} matches ${suspiciousStrings} which don't look like URLs`;
+    }
+
+    if (unknownDomains.size > 0) {
+      fail`${from} matches ${unknownDomains} which are not in targets ${targets}`;
+    }
+
+    if (suspiciousStrings.size > 0 || unknownDomains.size > 0) {
+      return false;
+    }
+
+    if (nonTrivialUrls.size > 0) {
+      if (localDomains.size > 0) {
+        warn`${from} => ${to} can trivialize ${localDomains} but not urls like ${nonTrivialUrls}`;
+      }
+      return false;
+    }
+
+    for (let domain of localDomains) {
+      domains.add(domain);
+    }
+
+    return true;
+  }
+
+  if (!rules.every(isStatic)) return;
+
+  domains = Array.from(domains);
+
+  // It is assumed that if all securecookies are static,
+  // they can be safely ignored.
+  //
+  // A securecookie is called to be static either it is a trivial securecookie
+  // or ALL of the following conditions are satisfied:
+  //
+  // 1. securecookie.host match cookie.host from the beginning ^ to the end $.
+  // Otherwise, it might match subdomains/ partial patterns, thus a non-trivial
+  // securecookie.
+  //
+  // 2. securecookie.host will not throw an error when passed to explodeRegExp().
+  // Otherwise, it might match patterns too complicated for our interests.
+  //
+  // 3. Each exploded securecookie.host should be included in ruleset.target/
+  // exploded target. Otherwise, this ruleset is likely problematic itself. It
+  // is dangerous for a rewrite.
+  function isStaticCookie(securecookie) {
+    if (securecookie.host === '.+' && securecookie.name === '.+') {
+      return [true, false];
+    }
+
+    if (!securecookie.host.startsWith('^') || !securecookie.host.endsWith('$')) {
+      return [false, false];
+    }
+
+    let localDomains = new Set();
+    let unsupportedDomains = new Set();
+
+    try {
+      explodeRegExp(securecookie.host, domain => {
+        if (domain.startsWith('.')) {
+          domain = domain.slice(1);
+        }
+        localDomains.add(domain);
+      });
+    } catch (e) {
+      if (!(e instanceof UnsupportedRegExp)) {
+        throw e;
+      }
+      warn`Unsupported regexp part ${e.message} while traversing securecookie : ${JSON.stringify(securecookie)}`;
+      return [false, false];
+    }
+
+    for (const domain of localDomains) {
+      if (domains.indexOf(domain) === -1) {
+        warn`Ruleset does not cover target ${domain} for securecookie : ${JSON.stringify(securecookie)}`;
+        unsupportedDomains.add(domain);
+      }
+    }
+
+    // For cookies to be covered, there must be at least one rule covering the
+    // same domain. This is guaranteed by safeToSecureCookie(cookie) in rules.js
+    //
+    // Since securecookie.host will only match cookie.domain if there there is
+    // a rule covers cookie.domain. Given the target are trivial, cookie.domain
+    // cannot be anything other than domain.example.com and .domain.example.com
+    // (possibly with more leading dots) for a securecookie rule ever to take
+    // place.
+    //
+    // With condition (1) effective, securecookie.host should explode to either
+    // one of the aforementioned patterns. Otherwise, the securecookie rules
+    // will never be applied. Such dangling securecookie rules can be removed
+    // safely.
+    if (unsupportedDomains.size > 0) {
+      if (unsupportedDomains.size === localDomains.size) {
+        return [true, true];
+      }
+      fail`Tag securecookie ${JSON.stringify(securecookie)} matches ${unsupportedDomains} which are not in targets ${targets}`;
+    }
+    return [true, false];
+  }
+
+  if (domains.slice().sort().join('\n') !== targets.sort().join('\n')) {
+    // For each securecookie rule, check if it is a static securecookie.
+    // If it is non-static, we do not trivialize the ruleset; Otherwise,
+    // we remove the securecookie if it contain only unsupported hosts.
+    // This removal is better done one by one to avoid side effects.
+    // Else if ALL securecookie rules are static, trivialize the targets.
+    for (const securecookie of securecookies) {
+      let [isStatic, shouldRemove] = isStaticCookie(securecookie);
+
+      if (isStatic) {
+        if (shouldRemove) {
+          let scReSrc = `\n([\t ]*)<securecookie\\s*host=\\s*"${escapeStringRegexp(securecookie.host)}"(\\s*)name=\\s*"${escapeStringRegexp(securecookie.name)}"\\s*?/>[\t ]*\n`;
+          let scRe = new RegExp(scReSrc);
+          source = source.replace(scRe, '');
+        }
+      } else {
+        // Skip this ruleset as it contain non-static securecookies
+        return;
+      }
+    }
+
+    source = replaceXML(source, 'target', domains.map(domain => `<target host="${domain}" />`));
+  }
+
+  source = replaceXML(source, 'rule', ['<rule from="^http:" to="https:" />']);
+
+  info`trivialized`;
+
+  return writeFile(`${rulesDir}/${name}`, source);
+})
+  .filter(Boolean)
+  .parallel(10)
+  .reduce(0, count => count + 1)
+  .each(count => console.log(`Rewritten ${count} files.`));
diff --git a/utils/trivialize-rules/trivialize-targets.js b/utils/trivialize-rules/trivialize-targets.js
new file mode 100644
index 000000000000..474c9a6a43b4
--- /dev/null
+++ b/utils/trivialize-rules/trivialize-targets.js
@@ -0,0 +1,270 @@
+'use strict';
+
+const util = require('util');
+const path = require('path');
+const xml2js = require('xml2js');
+
+const fs = require('graceful-fs');
+const readdir = util.promisify(fs.readdir);
+const readFile = util.promisify(fs.readFile);
+const parseString = util.promisify(xml2js.parseString);
+
+const chalk = require('chalk');
+const validUrl = require('valid-url');
+const escapeStringRegexp = require('escape-string-regexp');
+const { explodeRegExp, UnsupportedRegExp } = require('./explode-regexp');
+
+const rulesDir = `${__dirname}/../../src/chrome/content/rules`;
+
+(async () => {
+  const filenames = (await readdir(rulesDir)).filter(fn => fn.endsWith('.xml'));
+  const filePromises = filenames.map(async filename => {
+    const createTag = (tagName, colour, print) => {
+      return (strings, ...values) => {
+        let result = `[${tagName}] ${chalk.bold(filename)}: ${strings[0]}`;
+        for (let i = 1; i < strings.length; i++) {
+          let value = values[i - 1];
+          if (value instanceof Set) {
+            value = Array.from(value);
+          }
+          value = Array.isArray(value) ? value.join(', ') : value.toString();
+          result += chalk.blue(value) + strings[i];
+        }
+        print(colour(result));
+      };
+    };
+
+    const warn = createTag('WARN', chalk.yellow, console.warn);
+    const info = createTag('INFO', chalk.green, console.info);
+    const fail = createTag('FAIL', chalk.red, console.error);
+
+    let content = await readFile(path.join(rulesDir, filename), 'utf8');
+    const { ruleset } = await parseString(content);
+
+    const rules = ruleset.rule.map(rule => rule.$);
+    const targets = ruleset.target.map(target => target.$.host);
+
+    // make sure ruleset contains at least one left wildcard targets
+    if (!targets.some(target => target.startsWith('*.'))) {
+      return;
+    }
+
+    // but does not contain right widcard targets
+    if (targets.some(target => target.endsWith('.*'))) {
+      return;
+    }
+
+    // should not contain trivial rules
+    if (rules.some(rule => rule.from === '^http:' && rule.to === 'https:')) {
+      return;
+    }
+
+    const ruleToIsSimpleMap = new Map();
+    const ruleToIsSnappingMap = new Map();
+
+    const targetToSupportedExplodedDomainsMap = new Map();
+
+    const explodedDomains = new Set();
+    const unsupportedExplodedDomains = new Set();
+    const unusedTargets = new Set();
+
+    // (1) We check if all rules can be exploded to valid urls
+    //     (a) if true, continue to (2)
+    //     (b) if we cannot trivialize targets for this ruleset, skip
+    const isExplosiveRewrite = rule => {
+      const explodedUrls = [];
+
+      try {
+        explodeRegExp(rule.from, url => explodedUrls.push(url));
+      } catch (e) {
+        // we are getting into runtime error, log and exit
+        if (!(e instanceof UnsupportedRegExp)) {
+          fail(e.message);
+          process.exit(1);
+        }
+        return false;
+      }
+
+      // make sure each exploded URL is valid
+      if (!explodedUrls.every(url => validUrl.isUri(url))) {
+        return false;
+      }
+
+      let isSimpleToAllExplodedUrls = true;
+      let isSnappingToSomeExplodedUrls = false;
+
+      for (const url of explodedUrls) {
+        const { protocol, hostname, pathname } = new URL(url);
+
+        // if a rule do not rewrite all path for any URL, it is not a simple rule
+        // i.e. a rule is simple only if it rewrite all path for all URLs
+        if (!(protocol === 'http:' && pathname === '/*')) {
+          isSimpleToAllExplodedUrls = false;
+        }
+
+        // if a rule is snapping to any URL, it is a snapping rule
+        // where a rule is snapping to a URL if it change the domain
+        // e.g. <rule from="^https://www\.example\.com/" to="https://example.com/" />
+        if (
+          url.replace(new RegExp(rule.from), rule.to) !==
+          url.replace(/^http:/, 'https:')
+        ) {
+          isSnappingToSomeExplodedUrls = true;
+        }
+
+        // store a collection of exploded domains globally
+        explodedDomains.add(hostname);
+      }
+
+      ruleToIsSimpleMap.set(rule, isSimpleToAllExplodedUrls);
+      ruleToIsSnappingMap.set(rule, isSnappingToSomeExplodedUrls);
+      return true;
+    };
+
+    if (!rules.every(isExplosiveRewrite)) {
+      return;
+    }
+
+    // (2) We check if all the exploded domains are covered by the targets
+    //     (a) if true, continue to (3)
+    //     (b) some exploded domains are not covered by the targets,
+    //         it is not safe to rewrite ruleset to include the
+    //         exploded domains. skipping
+    const isSupported = domain => {
+      if (targets.includes(domain)) {
+        // do not map non-wildcard targets to exploded domains
+        // otherwise, it will introduce unnecessary rewrites
+        targetToSupportedExplodedDomainsMap.delete(domain);
+        return true;
+      }
+
+      // this part follows the implementation in rules.js
+      const segments = domain.split('.');
+      for (let i = 1; i <= segments.length - 2; ++i) {
+        const tmp = '*.' + segments.slice(i, segments.length).join('.');
+        if (targets.includes(tmp)) {
+          targetToSupportedExplodedDomainsMap.get(tmp).push(domain);
+          return true;
+        }
+      }
+      unsupportedExplodedDomains.add(domain);
+      return false;
+    };
+
+    // initially, assume each target doesn't support any exploded domain
+    for (const target of targets) {
+      targetToSupportedExplodedDomainsMap.set(target, []);
+    }
+
+    if (![...explodedDomains].every(domain => isSupported(domain))) {
+      warn`ruleset rewrites domains ${[
+        ...unsupportedExplodedDomains
+      ]} unsupported by ${targets}`;
+      return;
+    }
+
+    // (3) We check to make sure all targets are covered by rewrites
+    //     (a) if true, continue to (4)
+    //     (b) if some targets are not covered by any rewrites, this
+    //         doesn't affect our works trivializing the targets, but
+    //         we should give a warning and then proceed to (4)
+    for (const target of targets) {
+      const supportedExplodedDomains = targetToSupportedExplodedDomainsMap.get(target);
+      if (supportedExplodedDomains && supportedExplodedDomains.length === 0) {
+        // prepare the warning message here
+        unusedTargets.add(target);
+        // make sure we don't remove these targets when performing rewrites
+        targetToSupportedExplodedDomainsMap.delete(target);
+      }
+    }
+
+    if (unusedTargets.size > 0) {
+      warn`ruleset contains targets ${[
+        ...unusedTargets
+      ]} not applied to any rewrites`;
+    }
+
+    // (4) Replace non-trivial targets with exploded domains
+    let indent = null;
+
+    for (const [key, value] of targetToSupportedExplodedDomainsMap) {
+      const escapedKey = escapeStringRegexp(key);
+      const regexSource = `\n([\t ]*)<target\\s*host=\\s*"${escapedKey}"\\s*?/>[\t ]*\n`;
+      const regex = new RegExp(regexSource);
+
+      const matches = content.match(regex);
+      if (!matches) {
+        // should be unreachable.
+        warn`unexpected regular expression error`;
+        process.exit(1);
+      }
+
+      [, indent] = matches;
+      const sub =
+        value.map(v => `\n${indent}<target host=\"${v}\" />`).join('') + '\n';
+      content = content.replace(regex, sub);
+    }
+
+    // (5) Check if we can trivialize the rules. Need to satisfy all below conditions:
+    //     i)   there is no unused target, i.e. unusedTargets.size == 0
+    //     ii)  every rule is "simple" as in ruleToIsSimpleMap
+    //     iii) at least one rule is a non-snapping rule
+    //
+    //     (a) if all of the conditions are met, append a trivial rule after all
+    //         existing rules; and remove the non-snapping rules.
+    //     (b) otherwise, do not trivialize the rules
+    const condition1 = unusedTargets.size === 0;
+    const condition2 = [...ruleToIsSimpleMap.entries()].every(([, value]) => value);
+    const condition3 = [...ruleToIsSnappingMap.entries()].some(([, value]) => !value);
+
+    if (condition1 && condition2 && condition3) {
+      // append trivial rule to the end of current ruleset
+      if ((content.match(/\n<\/ruleset>/) || []).length !== 1) {
+        fail`ruleset contains zero or more than one </ruleset> tag`;
+        return;
+      } else {
+        content = content.replace(
+          /\n<\/ruleset>/,
+          `\n${indent}<rule from="^http:" to="https:" />\n</ruleset>`
+        );
+      }
+
+      // remove all non-snapping rules
+      const nonSnappingRules = [...ruleToIsSnappingMap.entries()]
+        .filter(([, value]) => value === false)
+        .map(([key]) => key);
+
+      for (const rule of nonSnappingRules) {
+        const escapedRuleFrom = escapeStringRegexp(rule.from);
+        const escapedRuleTo = escapeStringRegexp(rule.to);
+
+        const regexSource = `\n([\t ]*)<rule\\s*from=\\s*"${escapedRuleFrom}"(\\s*)to=\\s*"${escapedRuleTo}"\\s*?/>[\t ]*\n`;
+        const regex = new RegExp(regexSource);
+
+        const matches = content.match(regex);
+        if (!matches) {
+          // should be unreachable.
+          warn`unexpected regular expression error`;
+          process.exit(1);
+        }
+
+        [, indent] = matches;
+        content = content.replace(regex, '\n');
+      }
+    }
+
+    return new Promise((resolve, reject) => {
+      fs.writeFile(path.join(rulesDir, filename), content, 'utf8', err => {
+        if (err) {
+          reject(err);
+        }
+        resolve();
+      });
+    });
+  });
+
+  // use for-loop to await too many file opened error
+  for (const fp of filePromises) {
+    await fp.catch(error => console.log(error));
+  }
+})();
diff --git a/utils/zipfile_deterministic.py b/utils/zipfile_deterministic.py
index 95ab5daac4af..5c931f3b6a47 100644
--- a/utils/zipfile_deterministic.py
+++ b/utils/zipfile_deterministic.py
@@ -1,17 +1,27 @@
+#!/usr/bin/env python3
 """
-A fork of the Zipfile module to read and write ZIP files from Python 2.6.
-This module aims to create deterministic, byte-for-byte identical zip files.
+A fork of the Python 3.6 zipfile module, modified to remove sources of entropy
+and ensure bit-by-bit determinism for the output file.
 
-Author: Yan Zhu, yan@mit.edu
+Author: William Budington <bill@eff.org>, derived from similar changes written
+by Yan Zhu <yan@mit.edu>.
 
-Derived from Python 2.6, Copyright (c) 2001, 2002, 2003, 2004, 2005, 2006
-Python Software Foundation; All Rights Reserved, License at
-http://www.python.org/download/releases/2.6/license/
+Derived from Python 3.6, Copyright © 2001-2018 Python Software Foundation; All
+Rights Reserved
 """
+import io
+import os
+import importlib.util
+import sys
+import stat
+import shutil
+import struct
+import binascii
 
-import struct, os, time, sys, shutil
-import binascii, cStringIO, stat
-import unicodedata
+try:
+    import threading
+except ImportError:
+    import dummy_threading as threading
 
 try:
     import zlib # We may need its compression method
@@ -20,10 +30,21 @@
     zlib = None
     crc32 = binascii.crc32
 
-__all__ = ["BadZipfile", "error", "ZIP_STORED", "ZIP_DEFLATED", "is_zipfile",
-           "ZipInfo", "ZipFile", "PyZipFile", "LargeZipFile" ]
+try:
+    import bz2 # We may need its compression method
+except ImportError:
+    bz2 = None
+
+try:
+    import lzma # We may need its compression method
+except ImportError:
+    lzma = None
+
+__all__ = ["BadZipFile", "BadZipfile", "error",
+           "ZIP_STORED", "ZIP_DEFLATED", "ZIP_BZIP2", "ZIP_LZMA",
+           "is_zipfile", "ZipInfo", "ZipFile", "PyZipFile", "LargeZipFile"]
 
-class BadZipfile(Exception):
+class BadZipFile(Exception):
     pass
 
 
@@ -33,18 +54,28 @@ class LargeZipFile(Exception):
     and those extensions are disabled.
     """
 
-error = BadZipfile      # The exception raised by this module
+error = BadZipfile = BadZipFile      # Pre-3.2 compatibility names
+
 
 ZIP64_LIMIT = (1 << 31) - 1
-ZIP_FILECOUNT_LIMIT = 1 << 16
+ZIP_FILECOUNT_LIMIT = (1 << 16) - 1
 ZIP_MAX_COMMENT = (1 << 16) - 1
 
 # constants for Zip file compression methods
 ZIP_STORED = 0
 ZIP_DEFLATED = 8
+ZIP_BZIP2 = 12
+ZIP_LZMA = 14
 # Other ZIP compression methods not supported
 
-DEFAULT_DATE = (1980,1,1,0,0,0)  # hard-coded timestamp
+DEFAULT_VERSION = 20
+ZIP64_VERSION = 45
+BZIP2_VERSION = 46
+LZMA_VERSION = 63
+# we recognize (but not necessarily support) all features up to that version
+MAX_EXTRACT_VERSION = 63
+
+DEFAULT_DATE = (2013,12,1,0,0,0)  # hard-coded timestamp
 
 # Below are some formats and associated data for reading/writing headers using
 # the struct module.  The names and structures of headers/records are those used
@@ -54,8 +85,8 @@ class LargeZipFile(Exception):
 
 # The "end of central directory" structure, magic number, size, and indices
 # (section V.I in the format document)
-structEndArchive = "<4s4H2LH"
-stringEndArchive = "PK\005\006"
+structEndArchive = b"<4s4H2LH"
+stringEndArchive = b"PK\005\006"
 sizeEndCentDir = struct.calcsize(structEndArchive)
 
 _ECD_SIGNATURE = 0
@@ -74,7 +105,7 @@ class LargeZipFile(Exception):
 # The "central directory" structure, magic number, size, and indices
 # of entries in the structure (section V.F in the format document)
 structCentralDir = "<4s4B4HL2L5H2L"
-stringCentralDir = "PK\001\002"
+stringCentralDir = b"PK\001\002"
 sizeCentralDir = struct.calcsize(structCentralDir)
 
 # indexes of entries in the central directory structure
@@ -101,7 +132,7 @@ class LargeZipFile(Exception):
 # The "local file header" structure, magic number, size, and indices
 # (section V.A in the format document)
 structFileHeader = "<4s2B4HL2L2H"
-stringFileHeader = "PK\003\004"
+stringFileHeader = b"PK\003\004"
 sizeFileHeader = struct.calcsize(structFileHeader)
 
 _FH_SIGNATURE = 0
@@ -119,13 +150,13 @@ class LargeZipFile(Exception):
 
 # The "Zip64 end of central directory locator" structure, magic number, and size
 structEndArchive64Locator = "<4sLQL"
-stringEndArchive64Locator = "PK\x06\x07"
+stringEndArchive64Locator = b"PK\x06\x07"
 sizeEndCentDir64Locator = struct.calcsize(structEndArchive64Locator)
 
 # The "Zip64 end of central directory" record, magic number, size, and indices
 # (section V.G in the format document)
 structEndArchive64 = "<4sQ2H2L4Q"
-stringEndArchive64 = "PK\x06\x06"
+stringEndArchive64 = b"PK\x06\x06"
 sizeEndCentDir64 = struct.calcsize(structEndArchive64)
 
 _CD64_SIGNATURE = 0
@@ -139,50 +170,59 @@ class LargeZipFile(Exception):
 _CD64_DIRECTORY_SIZE = 8
 _CD64_OFFSET_START_CENTDIR = 9
 
-def normalize_unicode(filename):
-    """For dealing with different unicode normalizations in filenames."""
-    return unicodedata.normalize('NFC', unicode(filename, 'utf-8')).encode('utf-8')
-
-def standardize_filename(filename):
-    """Get OS-independent form of filename"""
-    # This is used to ensure paths in generated ZIP files always use
-    # forward slashes as the directory separator, as required by the
-    # ZIP format specification.
-    if os.sep != "/" and os.sep in filename:
-        filename = filename.replace(os.sep, "/")
-    return normalize_unicode(filename)
+def _check_zipfile(fp):
+    try:
+        if _EndRecData(fp):
+            return True         # file has correct magic number
+    except OSError:
+        pass
+    return False
 
 def is_zipfile(filename):
-    """Quickly see if file is a ZIP file by checking the magic number."""
+    """Quickly see if a file is a ZIP file by checking the magic number.
+
+    The filename argument may be a file or file-like object too.
+    """
+    result = False
     try:
-        fpin = open(filename, "rb")
-        endrec = _EndRecData(fpin)
-        fpin.close()
-        if endrec:
-            return True                 # file has correct magic number
-    except IOError:
+        if hasattr(filename, "read"):
+            result = _check_zipfile(fp=filename)
+        else:
+            with open(filename, "rb") as fp:
+                result = _check_zipfile(fp)
+    except OSError:
         pass
-    return False
+    return result
 
 def _EndRecData64(fpin, offset, endrec):
     """
     Read the ZIP64 end-of-archive records and use that to update endrec
     """
-    fpin.seek(offset - sizeEndCentDir64Locator, 2)
+    try:
+        fpin.seek(offset - sizeEndCentDir64Locator, 2)
+    except OSError:
+        # If the seek fails, the file is not large enough to contain a ZIP64
+        # end-of-archive record, so just return the end record we were given.
+        return endrec
+
     data = fpin.read(sizeEndCentDir64Locator)
+    if len(data) != sizeEndCentDir64Locator:
+        return endrec
     sig, diskno, reloff, disks = struct.unpack(structEndArchive64Locator, data)
     if sig != stringEndArchive64Locator:
         return endrec
 
     if diskno != 0 or disks != 1:
-        raise BadZipfile("zipfiles that span multiple disks are not supported")
+        raise BadZipFile("zipfiles that span multiple disks are not supported")
 
     # Assume no 'zip64 extensible data'
     fpin.seek(offset - sizeEndCentDir64Locator - sizeEndCentDir64, 2)
     data = fpin.read(sizeEndCentDir64)
+    if len(data) != sizeEndCentDir64:
+        return endrec
     sig, sz, create_version, read_version, disk_num, disk_dir, \
-            dircount, dircount2, dirsize, diroffset = \
-            struct.unpack(structEndArchive64, data)
+        dircount, dircount2, dirsize, diroffset = \
+        struct.unpack(structEndArchive64, data)
     if sig != stringEndArchive64:
         return endrec
 
@@ -212,16 +252,18 @@ def _EndRecData(fpin):
     # file if this is the case).
     try:
         fpin.seek(-sizeEndCentDir, 2)
-    except IOError:
+    except OSError:
         return None
     data = fpin.read()
-    if data[0:4] == stringEndArchive and data[-2:] == "\000\000":
+    if (len(data) == sizeEndCentDir and
+        data[0:4] == stringEndArchive and
+        data[-2:] == b"\000\000"):
         # the signature is correct and there's no comment, unpack structure
         endrec = struct.unpack(structEndArchive, data)
         endrec=list(endrec)
 
         # Append a blank comment and record start offset
-        endrec.append("")
+        endrec.append(b"")
         endrec.append(filesize - sizeEndCentDir)
 
         # Try to read the "Zip64 end of central directory" structure
@@ -239,46 +281,47 @@ def _EndRecData(fpin):
     if start >= 0:
         # found the magic number; attempt to unpack and interpret
         recData = data[start:start+sizeEndCentDir]
+        if len(recData) != sizeEndCentDir:
+            # Zip file is corrupted.
+            return None
         endrec = list(struct.unpack(structEndArchive, recData))
-        comment = data[start+sizeEndCentDir:]
-        # check that comment length is correct
-        if endrec[_ECD_COMMENT_SIZE] == len(comment):
-            # Append the archive comment and start offset
-            endrec.append(comment)
-            endrec.append(maxCommentStart + start)
+        commentSize = endrec[_ECD_COMMENT_SIZE] #as claimed by the zip file
+        comment = data[start+sizeEndCentDir:start+sizeEndCentDir+commentSize]
+        endrec.append(comment)
+        endrec.append(maxCommentStart + start)
 
-            # Try to read the "Zip64 end of central directory" structure
-            return _EndRecData64(fpin, maxCommentStart + start - filesize,
-                                 endrec)
+        # Try to read the "Zip64 end of central directory" structure
+        return _EndRecData64(fpin, maxCommentStart + start - filesize,
+                             endrec)
 
     # Unable to find a valid end of central directory structure
-    return
+    return None
 
 
 class ZipInfo (object):
     """Class with attributes describing each file in the ZIP archive."""
 
     __slots__ = (
-            'orig_filename',
-            'filename',
-            'date_time',
-            'compress_type',
-            'comment',
-            'extra',
-            'create_system',
-            'create_version',
-            'extract_version',
-            'reserved',
-            'flag_bits',
-            'volume',
-            'internal_attr',
-            'external_attr',
-            'header_offset',
-            'CRC',
-            'compress_size',
-            'file_size',
-            '_raw_time',
-        )
+        'orig_filename',
+        'filename',
+        'date_time',
+        'compress_type',
+        'comment',
+        'extra',
+        'create_system',
+        'create_version',
+        'extract_version',
+        'reserved',
+        'flag_bits',
+        'volume',
+        'internal_attr',
+        'external_attr',
+        'header_offset',
+        'CRC',
+        'compress_size',
+        'file_size',
+        '_raw_time',
+    )
 
     def __init__(self, filename="NoName", date_time=DEFAULT_DATE):
         self.orig_filename = filename   # Original file name in archive
@@ -291,19 +334,23 @@ def __init__(self, filename="NoName", date_time=DEFAULT_DATE):
         # This is used to ensure paths in generated ZIP files always use
         # forward slashes as the directory separator, as required by the
         # ZIP format specification.
-        self.filename = standardize_filename(filename)  # Normalized file name
+        self.filename = filename  # Normalized file name
         self.date_time = date_time      # year, month, day, hour, min, sec
+
+        if date_time[0] < 1980:
+            raise ValueError('ZIP does not support timestamps before 1980')
+
         # Standard values:
         self.compress_type = ZIP_STORED # Type of compression for the file
-        self.comment = ""               # Comment for each file
-        self.extra = ""                 # ZIP extra data
+        self.comment = b""              # Comment for each file
+        self.extra = b""                # ZIP extra data
         if sys.platform == 'win32':
             self.create_system = 0          # System which created ZIP archive
         else:
             # Assume everything else is unix-y
             self.create_system = 3          # System which created ZIP archive
-        self.create_version = 20        # Version which created ZIP archive
-        self.extract_version = 20       # Version needed to extract archive
+        self.create_version = DEFAULT_VERSION  # Version which created ZIP archive
+        self.extract_version = DEFAULT_VERSION # Version needed to extract archive
         self.reserved = 0               # Must be zero
         self.flag_bits = 0              # ZIP flag bits
         self.volume = 0                 # Volume number of file header
@@ -315,7 +362,29 @@ def __init__(self, filename="NoName", date_time=DEFAULT_DATE):
         # compress_size         Size of the compressed file
         # file_size             Size of the uncompressed file
 
-    def FileHeader(self):
+    def __repr__(self):
+        result = ['<%s filename=%r' % (self.__class__.__name__, self.filename)]
+        if self.compress_type != ZIP_STORED:
+            result.append(' compress_type=%s' %
+                          compressor_names.get(self.compress_type,
+                                               self.compress_type))
+        hi = self.external_attr >> 16
+        lo = self.external_attr & 0xFFFF
+        if hi:
+            result.append(' filemode=%r' % stat.filemode(hi))
+        if lo:
+            result.append(' external_attr=%#x' % lo)
+        isdir = self.is_dir()
+        if not isdir or self.file_size:
+            result.append(' file_size=%r' % self.file_size)
+        if ((not isdir or self.compress_size) and
+            (self.compress_type != ZIP_STORED or
+             self.file_size != self.compress_size)):
+            result.append(' compress_size=%r' % self.compress_size)
+        result.append('>')
+        return ''.join(result)
+
+    def FileHeader(self, zip64=None):
         """Return the per-file header as a string."""
         dt = self.date_time
         dosdate = (dt[0] - 1980) << 9 | dt[1] << 5 | dt[2]
@@ -330,45 +399,48 @@ def FileHeader(self):
 
         extra = self.extra
 
+        min_version = 0
+        if zip64 is None:
+            zip64 = file_size > ZIP64_LIMIT or compress_size > ZIP64_LIMIT
+        if zip64:
+            fmt = '<HHQQ'
+            extra = extra + struct.pack(fmt,
+                                        1, struct.calcsize(fmt)-4, file_size, compress_size)
         if file_size > ZIP64_LIMIT or compress_size > ZIP64_LIMIT:
+            if not zip64:
+                raise LargeZipFile("Filesize would require ZIP64 extensions")
             # File is larger than what fits into a 4 byte integer,
             # fall back to the ZIP64 extension
-            fmt = '<HHQQ'
-            extra = extra + struct.pack(fmt,
-                    1, struct.calcsize(fmt)-4, file_size, compress_size)
             file_size = 0xffffffff
             compress_size = 0xffffffff
-            self.extract_version = max(45, self.extract_version)
-            self.create_version = max(45, self.extract_version)
+            min_version = ZIP64_VERSION
+
+        if self.compress_type == ZIP_BZIP2:
+            min_version = max(BZIP2_VERSION, min_version)
+        elif self.compress_type == ZIP_LZMA:
+            min_version = max(LZMA_VERSION, min_version)
 
+        self.extract_version = max(min_version, self.extract_version)
+        self.create_version = max(min_version, self.create_version)
         filename, flag_bits = self._encodeFilenameFlags()
         header = struct.pack(structFileHeader, stringFileHeader,
-                 self.extract_version, self.reserved, flag_bits,
-                 self.compress_type, dostime, dosdate, CRC,
-                 compress_size, file_size,
-                 len(filename), len(extra))
+                             self.extract_version, self.reserved, flag_bits,
+                             self.compress_type, dostime, dosdate, CRC,
+                             compress_size, file_size,
+                             len(filename), len(extra))
         return header + filename + extra
 
     def _encodeFilenameFlags(self):
-        if isinstance(self.filename, unicode):
-            try:
-                return self.filename.encode('ascii'), self.flag_bits
-            except UnicodeEncodeError:
-                return self.filename.encode('utf-8'), self.flag_bits | 0x800
-        else:
-            return self.filename, self.flag_bits
-
-    def _decodeFilename(self):
-        if self.flag_bits & 0x800:
-            return self.filename.decode('utf-8')
-        else:
-            return self.filename
+        try:
+            return self.filename.encode('ascii'), self.flag_bits
+        except UnicodeEncodeError:
+            return self.filename.encode('utf-8'), self.flag_bits | 0x800
 
     def _decodeExtra(self):
         # Try to decode the extra field.
         extra = self.extra
         unpack = struct.unpack
-        while extra:
+        while len(extra) >= 4:
             tp, ln = unpack('<HH', extra[:4])
             if tp == 1:
                 if ln >= 24:
@@ -380,26 +452,62 @@ def _decodeExtra(self):
                 elif ln == 0:
                     counts = ()
                 else:
-                    raise RuntimeError, "Corrupt extra field %s"%(ln,)
+                    raise BadZipFile("Corrupt extra field %04x (size=%d)" % (tp, ln))
 
                 idx = 0
 
                 # ZIP64 extension (large files and/or large archives)
-                if self.file_size in (0xffffffffffffffffL, 0xffffffffL):
+                if self.file_size in (0xffffffffffffffff, 0xffffffff):
                     self.file_size = counts[idx]
                     idx += 1
 
-                if self.compress_size == 0xFFFFFFFFL:
+                if self.compress_size == 0xFFFFFFFF:
                     self.compress_size = counts[idx]
                     idx += 1
 
-                if self.header_offset == 0xffffffffL:
+                if self.header_offset == 0xffffffff:
                     old = self.header_offset
                     self.header_offset = counts[idx]
                     idx+=1
 
             extra = extra[ln+4:]
 
+    @classmethod
+    def from_file(cls, filename, arcname=None, date_time=DEFAULT_DATE):
+        """Construct an appropriate ZipInfo for a file on the filesystem.
+
+        filename should be the path to a file or directory on the filesystem.
+
+        arcname is the name which it will have within the archive (by default,
+        this will be the same as filename, but without a drive letter and with
+        leading path separators removed).
+        """
+        if isinstance(filename, os.PathLike):
+            filename = os.fspath(filename)
+        st = os.stat(filename)
+        isdir = stat.S_ISDIR(st.st_mode)
+        # Create ZipInfo instance to store file information
+        if arcname is None:
+            arcname = filename
+        arcname = os.path.normpath(os.path.splitdrive(arcname)[1])
+        while arcname[0] in (os.sep, os.altsep):
+            arcname = arcname[1:]
+        if isdir:
+            arcname += '/'
+        zinfo = cls(arcname, date_time)
+        zinfo.external_attr = 25165824      # Unix attributes, hard-codeds
+        if isdir:
+            zinfo.file_size = 0
+            zinfo.external_attr |= 0x10  # MS-DOS directory flag
+        else:
+            zinfo.file_size = st.st_size
+
+        return zinfo
+
+    def is_dir(self):
+        """Return True if this archive member is a directory."""
+        return self.filename[-1] == '/'
+
 
 class _ZipDecrypter:
     """Class to handle decryption of files stored within a ZIP archive.
@@ -432,13 +540,15 @@ def _GenerateCRCTable():
                     crc = ((crc >> 1) & 0x7FFFFFFF)
             table[i] = crc
         return table
-    crctable = _GenerateCRCTable()
+    crctable = None
 
     def _crc32(self, ch, crc):
         """Compute the CRC32 primitive on one byte."""
-        return ((crc >> 8) & 0xffffff) ^ self.crctable[(crc ^ ord(ch)) & 0xff]
+        return ((crc >> 8) & 0xffffff) ^ self.crctable[(crc ^ ch) & 0xff]
 
     def __init__(self, pwd):
+        if _ZipDecrypter.crctable is None:
+            _ZipDecrypter.crctable = _ZipDecrypter._GenerateCRCTable()
         self.key0 = 305419896
         self.key1 = 591751049
         self.key2 = 878082192
@@ -449,220 +559,496 @@ def _UpdateKeys(self, c):
         self.key0 = self._crc32(c, self.key0)
         self.key1 = (self.key1 + (self.key0 & 255)) & 4294967295
         self.key1 = (self.key1 * 134775813 + 1) & 4294967295
-        self.key2 = self._crc32(chr((self.key1 >> 24) & 255), self.key2)
+        self.key2 = self._crc32((self.key1 >> 24) & 255, self.key2)
 
     def __call__(self, c):
         """Decrypt a single character."""
-        c = ord(c)
+        assert isinstance(c, int)
         k = self.key2 | 2
         c = c ^ (((k * (k^1)) >> 8) & 255)
-        c = chr(c)
         self._UpdateKeys(c)
         return c
 
-class ZipExtFile:
+
+class LZMACompressor:
+
+    def __init__(self):
+        self._comp = None
+
+    def _init(self):
+        props = lzma._encode_filter_properties({'id': lzma.FILTER_LZMA1})
+        self._comp = lzma.LZMACompressor(lzma.FORMAT_RAW, filters=[
+            lzma._decode_filter_properties(lzma.FILTER_LZMA1, props)
+        ])
+        return struct.pack('<BBH', 9, 4, len(props)) + props
+
+    def compress(self, data):
+        if self._comp is None:
+            return self._init() + self._comp.compress(data)
+        return self._comp.compress(data)
+
+    def flush(self):
+        if self._comp is None:
+            return self._init() + self._comp.flush()
+        return self._comp.flush()
+
+
+class LZMADecompressor:
+
+    def __init__(self):
+        self._decomp = None
+        self._unconsumed = b''
+        self.eof = False
+
+    def decompress(self, data):
+        if self._decomp is None:
+            self._unconsumed += data
+            if len(self._unconsumed) <= 4:
+                return b''
+            psize, = struct.unpack('<H', self._unconsumed[2:4])
+            if len(self._unconsumed) <= 4 + psize:
+                return b''
+
+            self._decomp = lzma.LZMADecompressor(lzma.FORMAT_RAW, filters=[
+                lzma._decode_filter_properties(lzma.FILTER_LZMA1,
+                                               self._unconsumed[4:4 + psize])
+            ])
+            data = self._unconsumed[4 + psize:]
+            del self._unconsumed
+
+        result = self._decomp.decompress(data)
+        self.eof = self._decomp.eof
+        return result
+
+
+compressor_names = {
+    0: 'store',
+    1: 'shrink',
+    2: 'reduce',
+    3: 'reduce',
+    4: 'reduce',
+    5: 'reduce',
+    6: 'implode',
+    7: 'tokenize',
+    8: 'deflate',
+    9: 'deflate64',
+    10: 'implode',
+    12: 'bzip2',
+    14: 'lzma',
+    18: 'terse',
+    19: 'lz77',
+    97: 'wavpack',
+    98: 'ppmd',
+}
+
+def _check_compression(compression):
+    if compression == ZIP_STORED:
+        pass
+    elif compression == ZIP_DEFLATED:
+        if not zlib:
+            raise RuntimeError(
+                "Compression requires the (missing) zlib module")
+    elif compression == ZIP_BZIP2:
+        if not bz2:
+            raise RuntimeError(
+                "Compression requires the (missing) bz2 module")
+    elif compression == ZIP_LZMA:
+        if not lzma:
+            raise RuntimeError(
+                "Compression requires the (missing) lzma module")
+    else:
+        raise NotImplementedError("That compression method is not supported")
+
+
+def _get_compressor(compress_type):
+    if compress_type == ZIP_DEFLATED:
+        return zlib.compressobj(zlib.Z_DEFAULT_COMPRESSION,
+                                zlib.DEFLATED, -15)
+    elif compress_type == ZIP_BZIP2:
+        return bz2.BZ2Compressor()
+    elif compress_type == ZIP_LZMA:
+        return LZMACompressor()
+    else:
+        return None
+
+
+def _get_decompressor(compress_type):
+    if compress_type == ZIP_STORED:
+        return None
+    elif compress_type == ZIP_DEFLATED:
+        return zlib.decompressobj(-15)
+    elif compress_type == ZIP_BZIP2:
+        return bz2.BZ2Decompressor()
+    elif compress_type == ZIP_LZMA:
+        return LZMADecompressor()
+    else:
+        descr = compressor_names.get(compress_type)
+        if descr:
+            raise NotImplementedError("compression type %d (%s)" % (compress_type, descr))
+        else:
+            raise NotImplementedError("compression type %d" % (compress_type,))
+
+
+class _SharedFile:
+    def __init__(self, file, pos, close, lock, writing):
+        self._file = file
+        self._pos = pos
+        self._close = close
+        self._lock = lock
+        self._writing = writing
+
+    def read(self, n=-1):
+        with self._lock:
+            if self._writing():
+                raise ValueError("Can't read from the ZIP file while there "
+                        "is an open writing handle on it. "
+                        "Close the writing handle before trying to read.")
+            self._file.seek(self._pos)
+            data = self._file.read(n)
+            self._pos = self._file.tell()
+            return data
+
+    def close(self):
+        if self._file is not None:
+            fileobj = self._file
+            self._file = None
+            self._close(fileobj)
+
+# Provide the tell method for unseekable stream
+class _Tellable:
+    def __init__(self, fp):
+        self.fp = fp
+        self.offset = 0
+
+    def write(self, data):
+        n = self.fp.write(data)
+        self.offset += n
+        return n
+
+    def tell(self):
+        return self.offset
+
+    def flush(self):
+        self.fp.flush()
+
+    def close(self):
+        self.fp.close()
+
+
+class ZipExtFile(io.BufferedIOBase):
     """File-like object for reading an archive member.
        Is returned by ZipFile.open().
     """
 
-    def __init__(self, fileobj, zipinfo, decrypt=None):
-        self.fileobj = fileobj
-        self.decrypter = decrypt
-        self.bytes_read = 0L
-        self.rawbuffer = ''
-        self.readbuffer = ''
-        self.linebuffer = ''
-        self.eof = False
-        self.univ_newlines = False
-        self.nlSeps = ("\n", )
-        self.lastdiscard = ''
+    # Max size supported by decompressor.
+    MAX_N = 1 << 31 - 1
 
-        self.compress_type = zipinfo.compress_type
-        self.compress_size = zipinfo.compress_size
+    # Read from compressed files in 4k blocks.
+    MIN_READ_SIZE = 4096
 
-        self.closed  = False
-        self.mode    = "r"
-        self.name = zipinfo.filename
+    def __init__(self, fileobj, mode, zipinfo, decrypter=None,
+                 close_fileobj=False):
+        self._fileobj = fileobj
+        self._decrypter = decrypter
+        self._close_fileobj = close_fileobj
 
-        # read from compressed files in 64k blocks
-        self.compreadsize = 64*1024
-        if self.compress_type == ZIP_DEFLATED:
-            self.dc = zlib.decompressobj(-15)
+        self._compress_type = zipinfo.compress_type
+        self._compress_left = zipinfo.compress_size
+        self._left = zipinfo.file_size
 
-    def set_univ_newlines(self, univ_newlines):
-        self.univ_newlines = univ_newlines
+        self._decompressor = _get_decompressor(self._compress_type)
 
-        # pick line separator char(s) based on universal newlines flag
-        self.nlSeps = ("\n", )
-        if self.univ_newlines:
-            self.nlSeps = ("\r\n", "\r", "\n")
+        self._eof = False
+        self._readbuffer = b''
+        self._offset = 0
 
-    def __iter__(self):
-        return self
+        self.newlines = None
 
-    def next(self):
-        nextline = self.readline()
-        if not nextline:
-            raise StopIteration()
+        # Adjust read size for encrypted files since the first 12 bytes
+        # are for the encryption/password information.
+        if self._decrypter is not None:
+            self._compress_left -= 12
 
-        return nextline
+        self.mode = mode
+        self.name = zipinfo.filename
 
-    def close(self):
-        self.closed = True
-
-    def _checkfornewline(self):
-        nl, nllen = -1, -1
-        if self.linebuffer:
-            # ugly check for cases where half of an \r\n pair was
-            # read on the last pass, and the \r was discarded.  In this
-            # case we just throw away the \n at the start of the buffer.
-            if (self.lastdiscard, self.linebuffer[0]) == ('\r','\n'):
-                self.linebuffer = self.linebuffer[1:]
-
-            for sep in self.nlSeps:
-                nl = self.linebuffer.find(sep)
-                if nl >= 0:
-                    nllen = len(sep)
-                    return nl, nllen
-
-        return nl, nllen
-
-    def readline(self, size = -1):
-        """Read a line with approx. size. If size is negative,
-           read a whole line.
-        """
-        if size < 0:
-            size = 2147483647
-        elif size == 0:
-            return ''
+        if hasattr(zipinfo, 'CRC'):
+            self._expected_crc = zipinfo.CRC
+            self._running_crc = crc32(b'')
+        else:
+            self._expected_crc = None
+
+    def __repr__(self):
+        result = ['<%s.%s' % (self.__class__.__module__,
+                              self.__class__.__qualname__)]
+        if not self.closed:
+            result.append(' name=%r mode=%r' % (self.name, self.mode))
+            if self._compress_type != ZIP_STORED:
+                result.append(' compress_type=%s' %
+                              compressor_names.get(self._compress_type,
+                                                   self._compress_type))
+        else:
+            result.append(' [closed]')
+        result.append('>')
+        return ''.join(result)
 
-        # check for a newline already in buffer
-        nl, nllen = self._checkfornewline()
+    def readline(self, limit=-1):
+        """Read and return a line from the stream.
 
-        if nl >= 0:
-            # the next line was already in the buffer
-            nl = min(nl, size)
-        else:
-            # no line break in buffer - try to read more
-            size -= len(self.linebuffer)
-            while nl < 0 and size > 0:
-                buf = self.read(min(size, 100))
-                if not buf:
-                    break
-                self.linebuffer += buf
-                size -= len(buf)
-
-                # check for a newline in buffer
-                nl, nllen = self._checkfornewline()
-
-            # we either ran out of bytes in the file, or
-            # met the specified size limit without finding a newline,
-            # so return current buffer
-            if nl < 0:
-                s = self.linebuffer
-                self.linebuffer = ''
-                return s
-
-        buf = self.linebuffer[:nl]
-        self.lastdiscard = self.linebuffer[nl:nl + nllen]
-        self.linebuffer = self.linebuffer[nl + nllen:]
-
-        # line is always returned with \n as newline char (except possibly
-        # for a final incomplete line in the file, which is handled above).
-        return buf + "\n"
-
-    def readlines(self, sizehint = -1):
-        """Return a list with all (following) lines. The sizehint parameter
-        is ignored in this implementation.
+        If limit is specified, at most limit bytes will be read.
         """
-        result = []
-        while True:
-            line = self.readline()
-            if not line: break
-            result.append(line)
-        return result
 
-    def read(self, size = None):
-        # act like file() obj and return empty string if size is 0
-        if size == 0:
-            return ''
-
-        # determine read size
-        bytesToRead = self.compress_size - self.bytes_read
-
-        # adjust read size for encrypted files since the first 12 bytes
-        # are for the encryption/password information
-        if self.decrypter is not None:
-            bytesToRead -= 12
-
-        if size is not None and size >= 0:
-            if self.compress_type == ZIP_STORED:
-                lr = len(self.readbuffer)
-                bytesToRead = min(bytesToRead, size - lr)
-            elif self.compress_type == ZIP_DEFLATED:
-                if len(self.readbuffer) > size:
-                    # the user has requested fewer bytes than we've already
-                    # pulled through the decompressor; don't read any more
-                    bytesToRead = 0
-                else:
-                    # user will use up the buffer, so read some more
-                    lr = len(self.rawbuffer)
-                    bytesToRead = min(bytesToRead, self.compreadsize - lr)
-
-        # avoid reading past end of file contents
-        if bytesToRead + self.bytes_read > self.compress_size:
-            bytesToRead = self.compress_size - self.bytes_read
-
-        # try to read from file (if necessary)
-        if bytesToRead > 0:
-            bytes = self.fileobj.read(bytesToRead)
-            self.bytes_read += len(bytes)
-            self.rawbuffer += bytes
-
-            # handle contents of raw buffer
-            if self.rawbuffer:
-                newdata = self.rawbuffer
-                self.rawbuffer = ''
-
-                # decrypt new data if we were given an object to handle that
-                if newdata and self.decrypter is not None:
-                    newdata = ''.join(map(self.decrypter, newdata))
-
-                # decompress newly read data if necessary
-                if newdata and self.compress_type == ZIP_DEFLATED:
-                    newdata = self.dc.decompress(newdata)
-                    self.rawbuffer = self.dc.unconsumed_tail
-                    if self.eof and len(self.rawbuffer) == 0:
-                        # we're out of raw bytes (both from the file and
-                        # the local buffer); flush just to make sure the
-                        # decompressor is done
-                        newdata += self.dc.flush()
-                        # prevent decompressor from being used again
-                        self.dc = None
-
-                self.readbuffer += newdata
-
-
-        # return what the user asked for
-        if size is None or len(self.readbuffer) <= size:
-            bytes = self.readbuffer
-            self.readbuffer = ''
+        if limit < 0:
+            # Shortcut common case - newline found in buffer.
+            i = self._readbuffer.find(b'\n', self._offset) + 1
+            if i > 0:
+                line = self._readbuffer[self._offset: i]
+                self._offset = i
+                return line
+
+        return io.BufferedIOBase.readline(self, limit)
+
+    def peek(self, n=1):
+        """Returns buffered bytes without advancing the position."""
+        if n > len(self._readbuffer) - self._offset:
+            chunk = self.read(n)
+            if len(chunk) > self._offset:
+                self._readbuffer = chunk + self._readbuffer[self._offset:]
+                self._offset = 0
+            else:
+                self._offset -= len(chunk)
+
+        # Return up to 512 bytes to reduce allocation overhead for tight loops.
+        return self._readbuffer[self._offset: self._offset + 512]
+
+    def readable(self):
+        return True
+
+    def read(self, n=-1):
+        """Read and return up to n bytes.
+        If the argument is omitted, None, or negative, data is read and returned until EOF is reached..
+        """
+        if n is None or n < 0:
+            buf = self._readbuffer[self._offset:]
+            self._readbuffer = b''
+            self._offset = 0
+            while not self._eof:
+                buf += self._read1(self.MAX_N)
+            return buf
+
+        end = n + self._offset
+        if end < len(self._readbuffer):
+            buf = self._readbuffer[self._offset:end]
+            self._offset = end
+            return buf
+
+        n = end - len(self._readbuffer)
+        buf = self._readbuffer[self._offset:]
+        self._readbuffer = b''
+        self._offset = 0
+        while n > 0 and not self._eof:
+            data = self._read1(n)
+            if n < len(data):
+                self._readbuffer = data
+                self._offset = n
+                buf += data[:n]
+                break
+            buf += data
+            n -= len(data)
+        return buf
+
+    def _update_crc(self, newdata):
+        # Update the CRC using the given data.
+        if self._expected_crc is None:
+            # No need to compute the CRC if we don't have a reference value
+            return
+        self._running_crc = crc32(newdata, self._running_crc)
+        # Check the CRC if we're at the end of the file
+        if self._eof and self._running_crc != self._expected_crc:
+            raise BadZipFile("Bad CRC-32 for file %r" % self.name)
+
+    def read1(self, n):
+        """Read up to n bytes with at most one read() system call."""
+
+        if n is None or n < 0:
+            buf = self._readbuffer[self._offset:]
+            self._readbuffer = b''
+            self._offset = 0
+            while not self._eof:
+                data = self._read1(self.MAX_N)
+                if data:
+                    buf += data
+                    break
+            return buf
+
+        end = n + self._offset
+        if end < len(self._readbuffer):
+            buf = self._readbuffer[self._offset:end]
+            self._offset = end
+            return buf
+
+        n = end - len(self._readbuffer)
+        buf = self._readbuffer[self._offset:]
+        self._readbuffer = b''
+        self._offset = 0
+        if n > 0:
+            while not self._eof:
+                data = self._read1(n)
+                if n < len(data):
+                    self._readbuffer = data
+                    self._offset = n
+                    buf += data[:n]
+                    break
+                if data:
+                    buf += data
+                    break
+        return buf
+
+    def _read1(self, n):
+        # Read up to n compressed bytes with at most one read() system call,
+        # decrypt and decompress them.
+        if self._eof or n <= 0:
+            return b''
+
+        # Read from file.
+        if self._compress_type == ZIP_DEFLATED:
+            ## Handle unconsumed data.
+            data = self._decompressor.unconsumed_tail
+            if n > len(data):
+                data += self._read2(n - len(data))
+        else:
+            data = self._read2(n)
+
+        if self._compress_type == ZIP_STORED:
+            self._eof = self._compress_left <= 0
+        elif self._compress_type == ZIP_DEFLATED:
+            n = max(n, self.MIN_READ_SIZE)
+            data = self._decompressor.decompress(data, n)
+            self._eof = (self._decompressor.eof or
+                         self._compress_left <= 0 and
+                         not self._decompressor.unconsumed_tail)
+            if self._eof:
+                data += self._decompressor.flush()
         else:
-            bytes = self.readbuffer[:size]
-            self.readbuffer = self.readbuffer[size:]
+            data = self._decompressor.decompress(data)
+            self._eof = self._decompressor.eof or self._compress_left <= 0
+
+        data = data[:self._left]
+        self._left -= len(data)
+        if self._left <= 0:
+            self._eof = True
+        self._update_crc(data)
+        return data
+
+    def _read2(self, n):
+        if self._compress_left <= 0:
+            return b''
 
-        return bytes
+        n = max(n, self.MIN_READ_SIZE)
+        n = min(n, self._compress_left)
 
+        data = self._fileobj.read(n)
+        self._compress_left -= len(data)
+        if not data:
+            raise EOFError
+
+        if self._decrypter is not None:
+            data = bytes(map(self._decrypter, data))
+        return data
+
+    def close(self):
+        try:
+            if self._close_fileobj:
+                self._fileobj.close()
+        finally:
+            super().close()
+
+
+class _ZipWriteFile(io.BufferedIOBase):
+    def __init__(self, zf, zinfo, zip64):
+        self._zinfo = zinfo
+        self._zip64 = zip64
+        self._zipfile = zf
+        self._compressor = _get_compressor(zinfo.compress_type)
+        self._file_size = 0
+        self._compress_size = 0
+        self._crc = 0
+
+    @property
+    def _fileobj(self):
+        return self._zipfile.fp
+
+    def writable(self):
+        return True
+
+    def write(self, data):
+        if self.closed:
+            raise ValueError('I/O operation on closed file.')
+        nbytes = len(data)
+        self._file_size += nbytes
+        self._crc = crc32(data, self._crc)
+        if self._compressor:
+            data = self._compressor.compress(data)
+            self._compress_size += len(data)
+        self._fileobj.write(data)
+        return nbytes
+
+    def close(self):
+        if self.closed:
+            return
+        super().close()
+        # Flush any data from the compressor, and update header info
+        if self._compressor:
+            buf = self._compressor.flush()
+            self._compress_size += len(buf)
+            self._fileobj.write(buf)
+            self._zinfo.compress_size = self._compress_size
+        else:
+            self._zinfo.compress_size = self._file_size
+        self._zinfo.CRC = self._crc
+        self._zinfo.file_size = self._file_size
+
+        # Write updated header info
+        if self._zinfo.flag_bits & 0x08:
+            # Write CRC and file sizes after the file data
+            fmt = '<LQQ' if self._zip64 else '<LLL'
+            self._fileobj.write(struct.pack(fmt, self._zinfo.CRC,
+                self._zinfo.compress_size, self._zinfo.file_size))
+            self._zipfile.start_dir = self._fileobj.tell()
+        else:
+            if not self._zip64:
+                if self._file_size > ZIP64_LIMIT:
+                    raise RuntimeError('File size unexpectedly exceeded ZIP64 '
+                                       'limit')
+                if self._compress_size > ZIP64_LIMIT:
+                    raise RuntimeError('Compressed size unexpectedly exceeded '
+                                       'ZIP64 limit')
+            # Seek backwards and write file header (which will now include
+            # correct CRC and file sizes)
+
+            # Preserve current position in file
+            self._zipfile.start_dir = self._fileobj.tell()
+            self._fileobj.seek(self._zinfo.header_offset)
+            self._fileobj.write(self._zinfo.FileHeader(self._zip64))
+            self._fileobj.seek(self._zipfile.start_dir)
+
+        self._zipfile._writing = False
+
+        # Successfully written: Add file to our caches
+        self._zipfile.filelist.append(self._zinfo)
+        self._zipfile.NameToInfo[self._zinfo.filename] = self._zinfo
 
 class ZipFile:
     """ Class with methods to open, read, write, close, list zip files.
 
-    z = ZipFile(file, mode="r", compression=ZIP_STORED, allowZip64=False)
+    z = ZipFile(file, mode="r", compression=ZIP_STORED, allowZip64=True)
 
     file: Either the path to the file, or a file-like object.
           If it is a path, the file will be opened and closed by ZipFile.
-    mode: The mode can be either read "r", write "w" or append "a".
-    compression: ZIP_STORED (no compression) or ZIP_DEFLATED (requires zlib).
+    mode: The mode can be either read 'r', write 'w', exclusive create 'x',
+          or append 'a'.
+    compression: ZIP_STORED (no compression), ZIP_DEFLATED (requires zlib),
+                 ZIP_BZIP2 (requires bz2) or ZIP_LZMA (requires lzma).
     allowZip64: if True ZipFile will create files with ZIP64 extensions when
                 needed, otherwise it will raise an exception when this would
                 be necessary.
@@ -670,20 +1056,15 @@ class ZipFile:
     """
 
     fp = None                   # Set here since __del__ checks it
+    _windows_illegal_name_trans_table = None
 
-    def __init__(self, file, mode="r", compression=ZIP_STORED, allowZip64=False):
-        """Open the ZIP file with mode read "r", write "w" or append "a"."""
-        if mode not in ("r", "w", "a"):
-            raise RuntimeError('ZipFile() requires mode "r", "w", or "a"')
-
-        if compression == ZIP_STORED:
-            pass
-        elif compression == ZIP_DEFLATED:
-            if not zlib:
-                raise RuntimeError,\
-                      "Compression requires the (missing) zlib module"
-        else:
-            raise RuntimeError, "That compression method is not supported"
+    def __init__(self, file, mode="r", compression=ZIP_STORED, allowZip64=True):
+        """Open the ZIP file with mode read 'r', write 'w', exclusive create 'x',
+        or append 'a'."""
+        if mode not in ('r', 'w', 'x', 'a'):
+            raise ValueError("ZipFile requires mode 'r', 'w', 'x', or 'a'")
+
+        _check_compression(compression)
 
         self._allowZip64 = allowZip64
         self._didModify = False
@@ -691,67 +1072,113 @@ def __init__(self, file, mode="r", compression=ZIP_STORED, allowZip64=False):
         self.NameToInfo = {}    # Find file info given name
         self.filelist = []      # List of ZipInfo instances for archive
         self.compression = compression  # Method of compression
-        self.mode = key = mode.replace('b', '')[0]
+        self.mode = mode
         self.pwd = None
-        self.comment = ''
+        self._comment = b''
 
         # Check if we were passed a file-like object
-        if isinstance(file, basestring):
+        if isinstance(file, os.PathLike):
+            file = os.fspath(file)
+        if isinstance(file, str):
+            # No, it's a filename
             self._filePassed = 0
             self.filename = file
-            modeDict = {'r' : 'rb', 'w': 'wb', 'a' : 'r+b'}
-            try:
-                self.fp = open(file, modeDict[mode])
-            except IOError:
-                if mode == 'a':
-                    mode = key = 'w'
-                    self.fp = open(file, modeDict[mode])
-                else:
+            modeDict = {'r' : 'rb', 'w': 'w+b', 'x': 'x+b', 'a' : 'r+b',
+                        'r+b': 'w+b', 'w+b': 'wb', 'x+b': 'xb'}
+            filemode = modeDict[mode]
+            while True:
+                try:
+                    self.fp = io.open(file, filemode)
+                except OSError:
+                    if filemode in modeDict:
+                        filemode = modeDict[filemode]
+                        continue
                     raise
+                break
         else:
             self._filePassed = 1
             self.fp = file
             self.filename = getattr(file, 'name', None)
+        self._fileRefCnt = 1
+        self._lock = threading.RLock()
+        self._seekable = True
+        self._writing = False
 
-        if key == 'r':
-            self._GetContents()
-        elif key == 'w':
-            pass
-        elif key == 'a':
-            try:                        # See if file is a zip file
-                self._RealGetContents()
-                # seek to start of directory and overwrite
-                self.fp.seek(self.start_dir, 0)
-            except BadZipfile:          # file is not a zip file, just append
-                self.fp.seek(0, 2)
-        else:
-            if not self._filePassed:
-                self.fp.close()
-                self.fp = None
-            raise RuntimeError, 'Mode must be "r", "w" or "a"'
-
-    def _GetContents(self):
-        """Read the directory, making sure we close the file if the format
-        is bad."""
         try:
-            self._RealGetContents()
-        except BadZipfile:
-            if not self._filePassed:
-                self.fp.close()
-                self.fp = None
+            if mode == 'r':
+                self._RealGetContents()
+            elif mode in ('w', 'x'):
+                # set the modified flag so central directory gets written
+                # even if no files are added to the archive
+                self._didModify = True
+                try:
+                    self.start_dir = self.fp.tell()
+                except (AttributeError, OSError):
+                    self.fp = _Tellable(self.fp)
+                    self.start_dir = 0
+                    self._seekable = False
+                else:
+                    # Some file-like objects can provide tell() but not seek()
+                    try:
+                        self.fp.seek(self.start_dir)
+                    except (AttributeError, OSError):
+                        self._seekable = False
+            elif mode == 'a':
+                try:
+                    # See if file is a zip file
+                    self._RealGetContents()
+                    # seek to start of directory and overwrite
+                    self.fp.seek(self.start_dir)
+                except BadZipFile:
+                    # file is not a zip file, just append
+                    self.fp.seek(0, 2)
+
+                    # set the modified flag so central directory gets written
+                    # even if no files are added to the archive
+                    self._didModify = True
+                    self.start_dir = self.fp.tell()
+            else:
+                raise ValueError("Mode must be 'r', 'w', 'x', or 'a'")
+        except:
+            fp = self.fp
+            self.fp = None
+            self._fpclose(fp)
             raise
 
+    def __enter__(self):
+        return self
+
+    def __exit__(self, type, value, traceback):
+        self.close()
+
+    def __repr__(self):
+        result = ['<%s.%s' % (self.__class__.__module__,
+                              self.__class__.__qualname__)]
+        if self.fp is not None:
+            if self._filePassed:
+                result.append(' file=%r' % self.fp)
+            elif self.filename is not None:
+                result.append(' filename=%r' % self.filename)
+            result.append(' mode=%r' % self.mode)
+        else:
+            result.append(' [closed]')
+        result.append('>')
+        return ''.join(result)
+
     def _RealGetContents(self):
         """Read in the table of contents for the ZIP file."""
         fp = self.fp
-        endrec = _EndRecData(fp)
+        try:
+            endrec = _EndRecData(fp)
+        except OSError:
+            raise BadZipFile("File is not a zip file")
         if not endrec:
-            raise BadZipfile, "File is not a zip file"
+            raise BadZipFile("File is not a zip file")
         if self.debug > 1:
-            print endrec
+            print(endrec)
         size_cd = endrec[_ECD_SIZE]             # bytes in central directory
         offset_cd = endrec[_ECD_OFFSET]         # offset of central directory
-        self.comment = endrec[_ECD_COMMENT]     # archive comment
+        self._comment = endrec[_ECD_COMMENT]    # archive comment
 
         # "concat" is zero, unless zip was concatenated to another file
         concat = endrec[_ECD_LOCATION] - size_cd - offset_cd
@@ -761,38 +1188,49 @@ def _RealGetContents(self):
 
         if self.debug > 2:
             inferred = concat + offset_cd
-            print "given, inferred, offset", offset_cd, inferred, concat
+            print("given, inferred, offset", offset_cd, inferred, concat)
         # self.start_dir:  Position of start of central directory
         self.start_dir = offset_cd + concat
         fp.seek(self.start_dir, 0)
         data = fp.read(size_cd)
-        fp = cStringIO.StringIO(data)
+        fp = io.BytesIO(data)
         total = 0
         while total < size_cd:
             centdir = fp.read(sizeCentralDir)
-            if centdir[0:4] != stringCentralDir:
-                raise BadZipfile, "Bad magic number for central directory"
+            if len(centdir) != sizeCentralDir:
+                raise BadZipFile("Truncated central directory")
             centdir = struct.unpack(structCentralDir, centdir)
+            if centdir[_CD_SIGNATURE] != stringCentralDir:
+                raise BadZipFile("Bad magic number for central directory")
             if self.debug > 2:
-                print centdir
+                print(centdir)
             filename = fp.read(centdir[_CD_FILENAME_LENGTH])
+            flags = centdir[5]
+            if flags & 0x800:
+                # UTF-8 file names extension
+                filename = filename.decode('utf-8')
+            else:
+                # Historical ZIP filename encoding
+                filename = filename.decode('cp437')
             # Create ZipInfo instance to store file information
             x = ZipInfo(filename)
             x.extra = fp.read(centdir[_CD_EXTRA_FIELD_LENGTH])
             x.comment = fp.read(centdir[_CD_COMMENT_LENGTH])
             x.header_offset = centdir[_CD_LOCAL_HEADER_OFFSET]
             (x.create_version, x.create_system, x.extract_version, x.reserved,
-                x.flag_bits, x.compress_type, t, d,
-                x.CRC, x.compress_size, x.file_size) = centdir[1:12]
+             x.flag_bits, x.compress_type, t, d,
+             x.CRC, x.compress_size, x.file_size) = centdir[1:12]
+            if x.extract_version > MAX_EXTRACT_VERSION:
+                raise NotImplementedError("zip file version %.1f" %
+                                          (x.extract_version / 10))
             x.volume, x.internal_attr, x.external_attr = centdir[15:18]
             # Convert date/time code to (year, month, day, hour, min, sec)
             x._raw_time = t
             x.date_time = ( (d>>9)+1980, (d>>5)&0xF, d&0x1F,
-                                     t>>11, (t>>5)&0x3F, (t&0x1F) * 2 )
+                            t>>11, (t>>5)&0x3F, (t&0x1F) * 2 )
 
             x._decodeExtra()
             x.header_offset = x.header_offset + concat
-            x.filename = x._decodeFilename()
             self.filelist.append(x)
             self.NameToInfo[x.filename] = x
 
@@ -802,27 +1240,26 @@ def _RealGetContents(self):
                      + centdir[_CD_COMMENT_LENGTH])
 
             if self.debug > 2:
-                print "total", total
+                print("total", total)
 
 
     def namelist(self):
         """Return a list of file names in the archive."""
-        l = []
-        for data in self.filelist:
-            l.append(data.filename)
-        return l
+        return [data.filename for data in self.filelist]
 
     def infolist(self):
         """Return a list of class ZipInfo instances for files in the
         archive."""
         return self.filelist
 
-    def printdir(self):
+    def printdir(self, file=None):
         """Print a table of contents for the zip file."""
-        print "%-46s %19s %12s" % ("File Name", "Modified    ", "Size")
+        print("%-46s %19s %12s" % ("File Name", "Modified    ", "Size"),
+              file=file)
         for zinfo in self.filelist:
             date = "%d-%02d-%02d %02d:%02d:%02d" % zinfo.date_time[:6]
-            print "%-46s %s %12d" % (zinfo.filename, date, zinfo.file_size)
+            print("%-46s %s %12d" % (zinfo.filename, date, zinfo.file_size),
+                  file=file)
 
     def testzip(self):
         """Read all the files and check the CRC."""
@@ -831,10 +1268,10 @@ def testzip(self):
             try:
                 # Read by chunks, to avoid an OverflowError or a
                 # MemoryError with very large embedded files.
-                f = self.open(zinfo.filename, "r")
-                while f.read(chunk_size):     # Check CRC-32
-                    pass
-            except BadZipfile:
+                with self.open(zinfo.filename, "r") as f:
+                    while f.read(chunk_size):     # Check CRC-32
+                        pass
+            except BadZipFile:
                 return zinfo.filename
 
     def getinfo(self, name):
@@ -848,89 +1285,191 @@ def getinfo(self, name):
 
     def setpassword(self, pwd):
         """Set default password for encrypted files."""
-        self.pwd = pwd
+        if pwd and not isinstance(pwd, bytes):
+            raise TypeError("pwd: expected bytes, got %s" % type(pwd).__name__)
+        if pwd:
+            self.pwd = pwd
+        else:
+            self.pwd = None
+
+    @property
+    def comment(self):
+        """The comment text associated with the ZIP file."""
+        return self._comment
+
+    @comment.setter
+    def comment(self, comment):
+        if not isinstance(comment, bytes):
+            raise TypeError("comment: expected bytes, got %s" % type(comment).__name__)
+        # check for valid comment length
+        if len(comment) > ZIP_MAX_COMMENT:
+            import warnings
+            warnings.warn('Archive comment is too long; truncating to %d bytes'
+                          % ZIP_MAX_COMMENT, stacklevel=2)
+            comment = comment[:ZIP_MAX_COMMENT]
+        self._comment = comment
+        self._didModify = True
 
     def read(self, name, pwd=None):
         """Return file bytes (as a string) for name."""
-        return self.open(name, "r", pwd).read()
+        with self.open(name, "r", pwd) as fp:
+            return fp.read()
 
-    def open(self, name, mode="r", pwd=None):
-        """Return file-like object for 'name'."""
-        if mode not in ("r", "U", "rU"):
-            raise RuntimeError, 'open() requires mode "r", "U", or "rU"'
-        if not self.fp:
-            raise RuntimeError, \
-                  "Attempt to read ZIP archive that was already closed"
+    def open(self, name, mode="r", pwd=None, *, force_zip64=False):
+        """Return file-like object for 'name'.
 
-        # Only open a new file for instances where we were not
-        # given a file object in the constructor
-        if self._filePassed:
-            zef_file = self.fp
-        else:
-            zef_file = open(self.filename, 'rb')
+        name is a string for the file name within the ZIP file, or a ZipInfo
+        object.
+
+        mode should be 'r' to read a file already in the ZIP file, or 'w' to
+        write to a file newly added to the archive.
+
+        pwd is the password to decrypt files (only used for reading).
+
+        When writing, if the file size is not known in advance but may exceed
+        2 GiB, pass force_zip64 to use the ZIP64 format, which can handle large
+        files.  If the size is known in advance, it is best to pass a ZipInfo
+        instance for name, with zinfo.file_size set.
+        """
+        if mode not in {"r", "w"}:
+            raise ValueError('open() requires mode "r" or "w"')
+        if pwd and not isinstance(pwd, bytes):
+            raise TypeError("pwd: expected bytes, got %s" % type(pwd).__name__)
+        if pwd and (mode == "w"):
+            raise ValueError("pwd is only supported for reading files")
+        if not self.fp:
+            raise ValueError(
+                "Attempt to use ZIP archive that was already closed")
 
         # Make sure we have an info object
         if isinstance(name, ZipInfo):
             # 'name' is already an info object
             zinfo = name
+        elif mode == 'w':
+            zinfo = ZipInfo(name)
+            zinfo.compress_type = self.compression
         else:
             # Get info object for name
             zinfo = self.getinfo(name)
 
-        zef_file.seek(zinfo.header_offset, 0)
-
-        # Skip the file header:
-        fheader = zef_file.read(sizeFileHeader)
-        if fheader[0:4] != stringFileHeader:
-            raise BadZipfile, "Bad magic number for file header"
-
-        fheader = struct.unpack(structFileHeader, fheader)
-        fname = zef_file.read(fheader[_FH_FILENAME_LENGTH])
-        if fheader[_FH_EXTRA_FIELD_LENGTH]:
-            zef_file.read(fheader[_FH_EXTRA_FIELD_LENGTH])
-
-        if fname != zinfo.orig_filename:
-            raise BadZipfile, \
-                      'File name in directory "%s" and header "%s" differ.' % (
-                          zinfo.orig_filename, fname)
-
-        # check for encrypted flag & handle password
-        is_encrypted = zinfo.flag_bits & 0x1
-        zd = None
-        if is_encrypted:
-            if not pwd:
-                pwd = self.pwd
-            if not pwd:
-                raise RuntimeError, "File %s is encrypted, " \
-                      "password required for extraction" % name
-
-            zd = _ZipDecrypter(pwd)
-            # The first 12 bytes in the cypher stream is an encryption header
-            #  used to strengthen the algorithm. The first 11 bytes are
-            #  completely random, while the 12th contains the MSB of the CRC,
-            #  or the MSB of the file time depending on the header type
-            #  and is used to check the correctness of the password.
-            bytes = zef_file.read(12)
-            h = map(zd, bytes[0:12])
-            if zinfo.flag_bits & 0x8:
-                # compare against the file type from extended local headers
-                check_byte = (zinfo._raw_time >> 8) & 0xff
+        if mode == 'w':
+            return self._open_to_write(zinfo, force_zip64=force_zip64)
+
+        if self._writing:
+            raise ValueError("Can't read from the ZIP file while there "
+                    "is an open writing handle on it. "
+                    "Close the writing handle before trying to read.")
+
+        # Open for reading:
+        self._fileRefCnt += 1
+        zef_file = _SharedFile(self.fp, zinfo.header_offset,
+                               self._fpclose, self._lock, lambda: self._writing)
+        try:
+            # Skip the file header:
+            fheader = zef_file.read(sizeFileHeader)
+            if len(fheader) != sizeFileHeader:
+                raise BadZipFile("Truncated file header")
+            fheader = struct.unpack(structFileHeader, fheader)
+            if fheader[_FH_SIGNATURE] != stringFileHeader:
+                raise BadZipFile("Bad magic number for file header")
+
+            fname = zef_file.read(fheader[_FH_FILENAME_LENGTH])
+            if fheader[_FH_EXTRA_FIELD_LENGTH]:
+                zef_file.read(fheader[_FH_EXTRA_FIELD_LENGTH])
+
+            if zinfo.flag_bits & 0x20:
+                # Zip 2.7: compressed patched data
+                raise NotImplementedError("compressed patched data (flag bit 5)")
+
+            if zinfo.flag_bits & 0x40:
+                # strong encryption
+                raise NotImplementedError("strong encryption (flag bit 6)")
+
+            if zinfo.flag_bits & 0x800:
+                # UTF-8 filename
+                fname_str = fname.decode("utf-8")
             else:
-                # compare against the CRC otherwise
-                check_byte = (zinfo.CRC >> 24) & 0xff
-            if ord(h[11]) != check_byte:
-                raise RuntimeError("Bad password for file", name)
-
-        # build and return a ZipExtFile
-        if zd is None:
-            zef = ZipExtFile(zef_file, zinfo)
-        else:
-            zef = ZipExtFile(zef_file, zinfo, zd)
+                fname_str = fname.decode("cp437")
+
+            if fname_str != zinfo.orig_filename:
+                raise BadZipFile(
+                    'File name in directory %r and header %r differ.'
+                    % (zinfo.orig_filename, fname))
+
+            # check for encrypted flag & handle password
+            is_encrypted = zinfo.flag_bits & 0x1
+            zd = None
+            if is_encrypted:
+                if not pwd:
+                    pwd = self.pwd
+                if not pwd:
+                    raise RuntimeError("File %r is encrypted, password "
+                                       "required for extraction" % name)
+
+                zd = _ZipDecrypter(pwd)
+                # The first 12 bytes in the cypher stream is an encryption header
+                #  used to strengthen the algorithm. The first 11 bytes are
+                #  completely random, while the 12th contains the MSB of the CRC,
+                #  or the MSB of the file time depending on the header type
+                #  and is used to check the correctness of the password.
+                header = zef_file.read(12)
+                h = list(map(zd, header[0:12]))
+                if zinfo.flag_bits & 0x8:
+                    # compare against the file type from extended local headers
+                    check_byte = (zinfo._raw_time >> 8) & 0xff
+                else:
+                    # compare against the CRC otherwise
+                    check_byte = (zinfo.CRC >> 24) & 0xff
+                if h[11] != check_byte:
+                    raise RuntimeError("Bad password for file %r" % name)
+
+            return ZipExtFile(zef_file, mode, zinfo, zd, True)
+        except:
+            zef_file.close()
+            raise
+
+    def _open_to_write(self, zinfo, force_zip64=False):
+        if force_zip64 and not self._allowZip64:
+            raise ValueError(
+                "force_zip64 is True, but allowZip64 was False when opening "
+                "the ZIP file."
+            )
+        if self._writing:
+            raise ValueError("Can't write to the ZIP file while there is "
+                             "another write handle open on it. "
+                             "Close the first handle before opening another.")
+
+        # Sizes and CRC are overwritten with correct data after processing the file
+        if not hasattr(zinfo, 'file_size'):
+            zinfo.file_size = 0
+        zinfo.compress_size = 0
+        zinfo.CRC = 0
+
+        zinfo.flag_bits = 0x00
+        if zinfo.compress_type == ZIP_LZMA:
+            # Compressed data includes an end-of-stream (EOS) marker
+            zinfo.flag_bits |= 0x02
+        if not self._seekable:
+            zinfo.flag_bits |= 0x08
+
+        if not zinfo.external_attr:
+            zinfo.external_attr = 0o600 << 16  # permissions: ?rw-------
+
+        # Compressed size can be larger than uncompressed size
+        zip64 = self._allowZip64 and \
+                (force_zip64 or zinfo.file_size * 1.05 > ZIP64_LIMIT)
+
+        if self._seekable:
+            self.fp.seek(self.start_dir)
+        zinfo.header_offset = self.fp.tell()
 
-        # set universal newlines on ZipExtFile if necessary
-        if "U" in mode:
-            zef.set_univ_newlines(True)
-        return zef
+        self._writecheck(zinfo)
+        self._didModify = True
+
+        self.fp.write(zinfo.FileHeader(zip64))
+
+        self._writing = True
+        return _ZipWriteFile(self, zinfo, zip64)
 
     def extract(self, member, path=None, pwd=None):
         """Extract a member from the archive to the current working directory,
@@ -938,11 +1477,10 @@ def extract(self, member, path=None, pwd=None):
            as possible. `member' may be a filename or a ZipInfo object. You can
            specify a different directory using `path'.
         """
-        if not isinstance(member, ZipInfo):
-            member = self.getinfo(member)
-
         if path is None:
             path = os.getcwd()
+        else:
+            path = os.fspath(path)
 
         return self._extract_member(member, path, pwd)
 
@@ -955,26 +1493,53 @@ def extractall(self, path=None, members=None, pwd=None):
         if members is None:
             members = self.namelist()
 
+        if path is None:
+            path = os.getcwd()
+        else:
+            path = os.fspath(path)
+
         for zipinfo in members:
-            self.extract(zipinfo, path, pwd)
+            self._extract_member(zipinfo, path, pwd)
+
+    @classmethod
+    def _sanitize_windows_name(cls, arcname, pathsep):
+        """Replace bad characters and remove trailing dots from parts."""
+        table = cls._windows_illegal_name_trans_table
+        if not table:
+            illegal = ':<>|"?*'
+            table = str.maketrans(illegal, '_' * len(illegal))
+            cls._windows_illegal_name_trans_table = table
+        arcname = arcname.translate(table)
+        # remove trailing dots
+        arcname = (x.rstrip('.') for x in arcname.split(pathsep))
+        # rejoin, removing empty parts.
+        arcname = pathsep.join(x for x in arcname if x)
+        return arcname
 
     def _extract_member(self, member, targetpath, pwd):
         """Extract the ZipInfo object 'member' to a physical
            file on the path targetpath.
         """
+        if not isinstance(member, ZipInfo):
+            member = self.getinfo(member)
+
         # build the destination pathname, replacing
         # forward slashes to platform specific separators.
-        # Strip trailing path separator, unless it represents the root.
-        if (targetpath[-1:] in (os.path.sep, os.path.altsep)
-            and len(os.path.splitdrive(targetpath)[1]) > 1):
-            targetpath = targetpath[:-1]
-
-        # don't include leading "/" from file name if present
-        if member.filename[0] == '/':
-            targetpath = os.path.join(targetpath, member.filename[1:])
-        else:
-            targetpath = os.path.join(targetpath, member.filename)
-
+        arcname = member.filename.replace('/', os.path.sep)
+
+        if os.path.altsep:
+            arcname = arcname.replace(os.path.altsep, os.path.sep)
+        # interpret absolute pathname as relative, remove drive letter or
+        # UNC path, redundant separators, "." and ".." components.
+        arcname = os.path.splitdrive(arcname)[1]
+        invalid_path_parts = ('', os.path.curdir, os.path.pardir)
+        arcname = os.path.sep.join(x for x in arcname.split(os.path.sep)
+                                   if x not in invalid_path_parts)
+        if os.path.sep == '\\':
+            # filter illegal characters on Windows
+            arcname = self._sanitize_windows_name(arcname, os.path.sep)
+
+        targetpath = os.path.join(targetpath, arcname)
         targetpath = os.path.normpath(targetpath)
 
         # Create all upper directories if necessary.
@@ -982,160 +1547,117 @@ def _extract_member(self, member, targetpath, pwd):
         if upperdirs and not os.path.exists(upperdirs):
             os.makedirs(upperdirs)
 
-        if member.filename[-1] == '/':
+        if member.is_dir():
             if not os.path.isdir(targetpath):
                 os.mkdir(targetpath)
             return targetpath
 
-        source = self.open(member, pwd=pwd)
-        target = file(targetpath, "wb")
-        shutil.copyfileobj(source, target)
-        source.close()
-        target.close()
+        with self.open(member, pwd=pwd) as source, \
+             open(targetpath, "wb") as target:
+            shutil.copyfileobj(source, target)
 
         return targetpath
 
     def _writecheck(self, zinfo):
         """Check for errors before writing a file to the archive."""
         if zinfo.filename in self.NameToInfo:
-            if self.debug:      # Warning for duplicate names
-                print "Duplicate name:", zinfo.filename
-        if self.mode not in ("w", "a"):
-            raise RuntimeError, 'write() requires mode "w" or "a"'
+            import warnings
+            warnings.warn('Duplicate name: %r' % zinfo.filename, stacklevel=3)
+        if self.mode not in ('w', 'x', 'a'):
+            raise ValueError("write() requires mode 'w', 'x', or 'a'")
         if not self.fp:
-            raise RuntimeError, \
-                  "Attempt to write ZIP archive that was already closed"
-        if zinfo.compress_type == ZIP_DEFLATED and not zlib:
-            raise RuntimeError, \
-                  "Compression requires the (missing) zlib module"
-        if zinfo.compress_type not in (ZIP_STORED, ZIP_DEFLATED):
-            raise RuntimeError, \
-                  "That compression method is not supported"
-        if zinfo.file_size > ZIP64_LIMIT:
-            if not self._allowZip64:
-                raise LargeZipFile("Filesize would require ZIP64 extensions")
-        if zinfo.header_offset > ZIP64_LIMIT:
-            if not self._allowZip64:
-                raise LargeZipFile("Zipfile size would require ZIP64 extensions")
+            raise ValueError(
+                "Attempt to write ZIP archive that was already closed")
+        _check_compression(zinfo.compress_type)
+        if not self._allowZip64:
+            requires_zip64 = None
+            if len(self.filelist) >= ZIP_FILECOUNT_LIMIT:
+                requires_zip64 = "Files count"
+            elif zinfo.file_size > ZIP64_LIMIT:
+                requires_zip64 = "Filesize"
+            elif zinfo.header_offset > ZIP64_LIMIT:
+                requires_zip64 = "Zipfile size"
+            if requires_zip64:
+                raise LargeZipFile(requires_zip64 +
+                                   " would require ZIP64 extensions")
 
     def write(self, filename, arcname=None, compress_type=None, date_time=DEFAULT_DATE):
         """Put the bytes from filename into the archive under the name
         arcname."""
         if not self.fp:
-            raise RuntimeError(
-                  "Attempt to write to ZIP archive that was already closed")
+            raise ValueError(
+                "Attempt to write to ZIP archive that was already closed")
+        if self._writing:
+            raise ValueError(
+                "Can't write to ZIP archive while an open writing handle exists"
+            )
 
-        st = os.stat(filename)
-        isdir = stat.S_ISDIR(st.st_mode)
-        # Create ZipInfo instance to store file information
-        if arcname is None:
-            arcname = filename
-        arcname = os.path.normpath(os.path.splitdrive(arcname)[1])
-        while arcname[0] in (os.sep, os.altsep):
-            arcname = arcname[1:]
-        if isdir:
-            arcname += '/'
-        zinfo = ZipInfo(arcname, date_time)
-        zinfo.external_attr = 0600 << 16      # Unix attributes, hard-coded
-        if compress_type is None:
-            zinfo.compress_type = self.compression
-        else:
-            zinfo.compress_type = compress_type
-
-        zinfo.file_size = long(st.st_size)
-        zinfo.flag_bits = 0x00
-        zinfo.header_offset = self.fp.tell()    # Start of header bytes
-
-        self._writecheck(zinfo)
-        self._didModify = True
+        zinfo = ZipInfo.from_file(filename, arcname, date_time)
 
-        if isdir:
-            zinfo.file_size = 0
+        if zinfo.is_dir():
             zinfo.compress_size = 0
             zinfo.CRC = 0
-            self.filelist.append(zinfo)
-            self.NameToInfo[zinfo.filename] = zinfo
-            self.fp.write(zinfo.FileHeader())
-            return
-
-        fp = open(filename, "rb")
-        # Must overwrite CRC and sizes with correct data later
-        zinfo.CRC = CRC = 0
-        zinfo.compress_size = compress_size = 0
-        zinfo.file_size = file_size = 0
-        self.fp.write(zinfo.FileHeader())
-        if zinfo.compress_type == ZIP_DEFLATED:
-            cmpr = zlib.compressobj(zlib.Z_DEFAULT_COMPRESSION,
-                 zlib.DEFLATED, -15)
         else:
-            cmpr = None
-        while 1:
-            buf = fp.read(1024 * 8)
-            if not buf:
-                break
-            file_size = file_size + len(buf)
-            CRC = crc32(buf, CRC) & 0xffffffff
-            if cmpr:
-                buf = cmpr.compress(buf)
-                compress_size = compress_size + len(buf)
-            self.fp.write(buf)
-        fp.close()
-        if cmpr:
-            buf = cmpr.flush()
-            compress_size = compress_size + len(buf)
-            self.fp.write(buf)
-            zinfo.compress_size = compress_size
+            if compress_type is not None:
+                zinfo.compress_type = compress_type
+            else:
+                zinfo.compress_type = self.compression
+
+        if zinfo.is_dir():
+            with self._lock:
+                if self._seekable:
+                    self.fp.seek(self.start_dir)
+                zinfo.header_offset = self.fp.tell()  # Start of header bytes
+                if zinfo.compress_type == ZIP_LZMA:
+                # Compressed data includes an end-of-stream (EOS) marker
+                    zinfo.flag_bits |= 0x02
+
+                self._writecheck(zinfo)
+                self._didModify = True
+
+                self.filelist.append(zinfo)
+                self.NameToInfo[zinfo.filename] = zinfo
+                self.fp.write(zinfo.FileHeader(False))
+                self.start_dir = self.fp.tell()
         else:
-            zinfo.compress_size = file_size
-        zinfo.CRC = CRC
-        zinfo.file_size = file_size
-        # Seek backwards and write CRC and file sizes
-        position = self.fp.tell()       # Preserve current position in file
-        self.fp.seek(zinfo.header_offset + 14, 0)
-        self.fp.write(struct.pack("<LLL", zinfo.CRC, zinfo.compress_size,
-              zinfo.file_size))
-        self.fp.seek(position, 0)
-        self.filelist.append(zinfo)
-        self.NameToInfo[zinfo.filename] = zinfo
-
-    def writestr(self, zinfo_or_arcname, bytes):
-        """Write a file into the archive.  The contents is the string
-        'bytes'.  'zinfo_or_arcname' is either a ZipInfo instance or
+            with open(filename, "rb") as src, self.open(zinfo, 'w') as dest:
+                shutil.copyfileobj(src, dest, 1024*8)
+
+    def writestr(self, zinfo_or_arcname, data, compress_type=None, date_time=DEFAULT_DATE):
+        """Write a file into the archive.  The contents is 'data', which
+        may be either a 'str' or a 'bytes' instance; if it is a 'str',
+        it is encoded as UTF-8 first.
+        'zinfo_or_arcname' is either a ZipInfo instance or
         the name of the file in the archive."""
+        if isinstance(data, str):
+            data = data.encode("utf-8")
         if not isinstance(zinfo_or_arcname, ZipInfo):
             zinfo = ZipInfo(filename=zinfo_or_arcname,
-                            date_time=time.localtime(time.time())[:6])
+                            date_time=date_time)
             zinfo.compress_type = self.compression
-            zinfo.external_attr = 0600 << 16
+            if zinfo.filename[-1] == '/':
+                zinfo.external_attr = 0o40775 << 16   # drwxrwxr-x
+                zinfo.external_attr |= 0x10           # MS-DOS directory flag
+            else:
+                zinfo.external_attr = 0o600 << 16     # ?rw-------
         else:
             zinfo = zinfo_or_arcname
 
         if not self.fp:
-            raise RuntimeError(
-                  "Attempt to write to ZIP archive that was already closed")
+            raise ValueError(
+                "Attempt to write to ZIP archive that was already closed")
+        if self._writing:
+            raise ValueError(
+                "Can't write to ZIP archive while an open writing handle exists."
+            )
+
+        if compress_type is not None:
+            zinfo.compress_type = compress_type
 
-        zinfo.file_size = len(bytes)            # Uncompressed size
-        zinfo.header_offset = self.fp.tell()    # Start of header bytes
-        self._writecheck(zinfo)
-        self._didModify = True
-        zinfo.CRC = crc32(bytes) & 0xffffffff       # CRC-32 checksum
-        if zinfo.compress_type == ZIP_DEFLATED:
-            co = zlib.compressobj(zlib.Z_DEFAULT_COMPRESSION,
-                 zlib.DEFLATED, -15)
-            bytes = co.compress(bytes) + co.flush()
-            zinfo.compress_size = len(bytes)    # Compressed size
-        else:
-            zinfo.compress_size = zinfo.file_size
-        zinfo.header_offset = self.fp.tell()    # Start of header bytes
-        self.fp.write(zinfo.FileHeader())
-        self.fp.write(bytes)
-        self.fp.flush()
-        if zinfo.flag_bits & 0x08:
-            # Write CRC and file sizes after the file data
-            self.fp.write(struct.pack("<LLL", zinfo.CRC, zinfo.compress_size,
-                  zinfo.file_size))
-        self.filelist.append(zinfo)
-        self.NameToInfo[zinfo.filename] = zinfo
+        zinfo.file_size = len(data)            # Uncompressed size
+        with self._lock:
+            with self.open(zinfo, mode='w') as dest:
+                dest.write(data)
 
     def write_from_directory(self, directory, exclusions=None,
                              compress_type=None, date_time=DEFAULT_DATE):
@@ -1145,132 +1667,162 @@ def write_from_directory(self, directory, exclusions=None,
         """
         file_dict = {}
         for root,subfolders,files in os.walk(directory):
-            for fi in files:
-                filename = os.path.join(root, fi)
-                if filename not in exclusions:
-                    file_dict.update({standardize_filename(filename): filename})
+            path_fragments = root.split(os.sep)
+            path_nested = [os.path.join(*path_fragments[:x + 1]) for x, _ in enumerate(path_fragments)]
+
+            if not set(path_nested) & set(exclusions):
+                for fi in files:
+                    filename = os.path.join(root, fi)
+                    if filename not in exclusions:
+                        file_dict.update({filename: filename})
         for new_filename, old_filename in sorted(file_dict.items()):
             self.write(old_filename, compress_type=compress_type, date_time=date_time)
 
+
     def __del__(self):
         """Call the "close()" method in case the user forgot."""
         self.close()
 
     def close(self):
-        """Close the file, and for mode "w" and "a" write the ending
+        """Close the file, and for mode 'w', 'x' and 'a' write the ending
         records."""
         if self.fp is None:
             return
 
-        if self.mode in ("w", "a") and self._didModify: # write ending records
-            count = 0
-            pos1 = self.fp.tell()
-            for zinfo in self.filelist:         # write central directory
-                count = count + 1
-                dt = zinfo.date_time
-                dosdate = (dt[0] - 1980) << 9 | dt[1] << 5 | dt[2]
-                dostime = dt[3] << 11 | dt[4] << 5 | (dt[5] // 2)
-                extra = []
-                if zinfo.file_size > ZIP64_LIMIT \
-                        or zinfo.compress_size > ZIP64_LIMIT:
-                    extra.append(zinfo.file_size)
-                    extra.append(zinfo.compress_size)
-                    file_size = 0xffffffff
-                    compress_size = 0xffffffff
-                else:
-                    file_size = zinfo.file_size
-                    compress_size = zinfo.compress_size
+        if self._writing:
+            raise ValueError("Can't close the ZIP file while there is "
+                             "an open writing handle on it. "
+                             "Close the writing handle before closing the zip.")
 
-                if zinfo.header_offset > ZIP64_LIMIT:
-                    extra.append(zinfo.header_offset)
-                    header_offset = 0xffffffffL
-                else:
-                    header_offset = zinfo.header_offset
+        try:
+            if self.mode in ('w', 'x', 'a') and self._didModify: # write ending records
+                with self._lock:
+                    if self._seekable:
+                        self.fp.seek(self.start_dir)
+                    self._write_end_record()
+        finally:
+            fp = self.fp
+            self.fp = None
+            self._fpclose(fp)
+
+    def _write_end_record(self):
+        for zinfo in self.filelist:         # write central directory
+            dt = zinfo.date_time
+            dosdate = (dt[0] - 1980) << 9 | dt[1] << 5 | dt[2]
+            dostime = dt[3] << 11 | dt[4] << 5 | (dt[5] // 2)
+            extra = []
+            if zinfo.file_size > ZIP64_LIMIT \
+               or zinfo.compress_size > ZIP64_LIMIT:
+                extra.append(zinfo.file_size)
+                extra.append(zinfo.compress_size)
+                file_size = 0xffffffff
+                compress_size = 0xffffffff
+            else:
+                file_size = zinfo.file_size
+                compress_size = zinfo.compress_size
 
-                extra_data = zinfo.extra
-                if extra:
-                    # Append a ZIP64 field to the extra's
-                    extra_data = struct.pack(
-                            '<HH' + 'Q'*len(extra),
-                            1, 8*len(extra), *extra) + extra_data
+            if zinfo.header_offset > ZIP64_LIMIT:
+                extra.append(zinfo.header_offset)
+                header_offset = 0xffffffff
+            else:
+                header_offset = zinfo.header_offset
 
-                    extract_version = max(45, zinfo.extract_version)
-                    create_version = max(45, zinfo.create_version)
-                else:
-                    extract_version = zinfo.extract_version
-                    create_version = zinfo.create_version
+            extra_data = zinfo.extra
+            min_version = 0
+            if extra:
+                # Append a ZIP64 field to the extra's
+                extra_data = struct.pack(
+                    '<HH' + 'Q'*len(extra),
+                    1, 8*len(extra), *extra) + extra_data
 
-                try:
-                    filename, flag_bits = zinfo._encodeFilenameFlags()
-                    centdir = struct.pack(structCentralDir,
-                     stringCentralDir, create_version,
-                     zinfo.create_system, extract_version, zinfo.reserved,
-                     flag_bits, zinfo.compress_type, dostime, dosdate,
-                     zinfo.CRC, compress_size, file_size,
-                     len(filename), len(extra_data), len(zinfo.comment),
-                     0, zinfo.internal_attr, zinfo.external_attr,
-                     header_offset)
-                except DeprecationWarning:
-                    print >>sys.stderr, (structCentralDir,
-                     stringCentralDir, create_version,
-                     zinfo.create_system, extract_version, zinfo.reserved,
-                     zinfo.flag_bits, zinfo.compress_type, dostime, dosdate,
-                     zinfo.CRC, compress_size, file_size,
-                     len(zinfo.filename), len(extra_data), len(zinfo.comment),
-                     0, zinfo.internal_attr, zinfo.external_attr,
-                     header_offset)
-                    raise
-                self.fp.write(centdir)
-                self.fp.write(filename)
-                self.fp.write(extra_data)
-                self.fp.write(zinfo.comment)
-
-            pos2 = self.fp.tell()
-            # Write end-of-zip-archive record
-            centDirCount = count
-            centDirSize = pos2 - pos1
-            centDirOffset = pos1
-            if (centDirCount >= ZIP_FILECOUNT_LIMIT or
-                centDirOffset > ZIP64_LIMIT or
-                centDirSize > ZIP64_LIMIT):
-                # Need to write the ZIP64 end-of-archive records
-                zip64endrec = struct.pack(
-                        structEndArchive64, stringEndArchive64,
-                        44, 45, 45, 0, 0, centDirCount, centDirCount,
-                        centDirSize, centDirOffset)
-                self.fp.write(zip64endrec)
-
-                zip64locrec = struct.pack(
-                        structEndArchive64Locator,
-                        stringEndArchive64Locator, 0, pos2, 1)
-                self.fp.write(zip64locrec)
-                centDirCount = min(centDirCount, 0xFFFF)
-                centDirSize = min(centDirSize, 0xFFFFFFFF)
-                centDirOffset = min(centDirOffset, 0xFFFFFFFF)
-
-            # check for valid comment length
-            if len(self.comment) >= ZIP_MAX_COMMENT:
-                if self.debug > 0:
-                    msg = 'Archive comment is too long; truncating to %d bytes' \
-                          % ZIP_MAX_COMMENT
-                self.comment = self.comment[:ZIP_MAX_COMMENT]
-
-            endrec = struct.pack(structEndArchive, stringEndArchive,
-                                 0, 0, centDirCount, centDirCount,
-                                 centDirSize, centDirOffset, len(self.comment))
-            self.fp.write(endrec)
-            self.fp.write(self.comment)
-            self.fp.flush()
-
-        if not self._filePassed:
-            self.fp.close()
-        self.fp = None
+                min_version = ZIP64_VERSION
+
+            if zinfo.compress_type == ZIP_BZIP2:
+                min_version = max(BZIP2_VERSION, min_version)
+            elif zinfo.compress_type == ZIP_LZMA:
+                min_version = max(LZMA_VERSION, min_version)
+
+            extract_version = max(min_version, zinfo.extract_version)
+            create_version = max(min_version, zinfo.create_version)
+            try:
+                filename, flag_bits = zinfo._encodeFilenameFlags()
+                centdir = struct.pack(structCentralDir,
+                                      stringCentralDir, create_version,
+                                      zinfo.create_system, extract_version, zinfo.reserved,
+                                      flag_bits, zinfo.compress_type, dostime, dosdate,
+                                      zinfo.CRC, compress_size, file_size,
+                                      len(filename), len(extra_data), len(zinfo.comment),
+                                      0, zinfo.internal_attr, zinfo.external_attr,
+                                      header_offset)
+            except DeprecationWarning:
+                print((structCentralDir, stringCentralDir, create_version,
+                       zinfo.create_system, extract_version, zinfo.reserved,
+                       zinfo.flag_bits, zinfo.compress_type, dostime, dosdate,
+                       zinfo.CRC, compress_size, file_size,
+                       len(zinfo.filename), len(extra_data), len(zinfo.comment),
+                       0, zinfo.internal_attr, zinfo.external_attr,
+                       header_offset), file=sys.stderr)
+                raise
+            self.fp.write(centdir)
+            self.fp.write(filename)
+            self.fp.write(extra_data)
+            self.fp.write(zinfo.comment)
+
+        pos2 = self.fp.tell()
+        # Write end-of-zip-archive record
+        centDirCount = len(self.filelist)
+        centDirSize = pos2 - self.start_dir
+        centDirOffset = self.start_dir
+        requires_zip64 = None
+        if centDirCount > ZIP_FILECOUNT_LIMIT:
+            requires_zip64 = "Files count"
+        elif centDirOffset > ZIP64_LIMIT:
+            requires_zip64 = "Central directory offset"
+        elif centDirSize > ZIP64_LIMIT:
+            requires_zip64 = "Central directory size"
+        if requires_zip64:
+            # Need to write the ZIP64 end-of-archive records
+            if not self._allowZip64:
+                raise LargeZipFile(requires_zip64 +
+                                   " would require ZIP64 extensions")
+            zip64endrec = struct.pack(
+                structEndArchive64, stringEndArchive64,
+                44, 45, 45, 0, 0, centDirCount, centDirCount,
+                centDirSize, centDirOffset)
+            self.fp.write(zip64endrec)
+
+            zip64locrec = struct.pack(
+                structEndArchive64Locator,
+                stringEndArchive64Locator, 0, pos2, 1)
+            self.fp.write(zip64locrec)
+            centDirCount = min(centDirCount, 0xFFFF)
+            centDirSize = min(centDirSize, 0xFFFFFFFF)
+            centDirOffset = min(centDirOffset, 0xFFFFFFFF)
+
+        endrec = struct.pack(structEndArchive, stringEndArchive,
+                             0, 0, centDirCount, centDirCount,
+                             centDirSize, centDirOffset, len(self._comment))
+        self.fp.write(endrec)
+        self.fp.write(self._comment)
+        self.fp.flush()
+
+    def _fpclose(self, fp):
+        assert self._fileRefCnt > 0
+        self._fileRefCnt -= 1
+        if not self._fileRefCnt and not self._filePassed:
+            fp.close()
 
 
 class PyZipFile(ZipFile):
     """Class to create ZIP archives with Python library files and packages."""
 
-    def writepy(self, pathname, basename = ""):
+    def __init__(self, file, mode="r", compression=ZIP_STORED,
+                 allowZip64=True, optimize=-1):
+        ZipFile.__init__(self, file, mode=mode, compression=compression,
+                         allowZip64=allowZip64)
+        self._optimize = optimize
+
+    def writepy(self, pathname, basename="", filterfunc=None):
         """Add all files from "pathname" to the ZIP archive.
 
         If pathname is a package directory, search the directory and
@@ -1278,10 +1830,18 @@ def writepy(self, pathname, basename = ""):
         the modules into the archive.  If pathname is a plain
         directory, listdir *.py and enter all modules.  Else, pathname
         must be a Python *.py file and the module will be put into the
-        archive.  Added modules are always module.pyo or module.pyc.
+        archive.  Added modules are always module.pyc.
         This method will compile the module.py into module.pyc if
         necessary.
+        If filterfunc(pathname) is given, it is called with every argument.
+        When it is False, the file or directory is skipped.
         """
+        pathname = os.fspath(pathname)
+        if filterfunc and not filterfunc(pathname):
+            if self.debug:
+                label = 'path' if os.path.isdir(pathname) else 'file'
+                print('%s %r skipped by filterfunc' % (label, pathname))
+            return
         dir, name = os.path.split(pathname)
         if os.path.isdir(pathname):
             initname = os.path.join(pathname, "__init__.py")
@@ -1292,10 +1852,10 @@ def writepy(self, pathname, basename = ""):
                 else:
                     basename = name
                 if self.debug:
-                    print "Adding package in", pathname, "as", basename
+                    print("Adding package in", pathname, "as", basename)
                 fname, arcname = self._get_codename(initname[0:-3], basename)
                 if self.debug:
-                    print "Adding", arcname
+                    print("Adding", arcname)
                 self.write(fname, arcname)
                 dirlist = os.listdir(pathname)
                 dirlist.remove("__init__.py")
@@ -1306,33 +1866,42 @@ def writepy(self, pathname, basename = ""):
                     if os.path.isdir(path):
                         if os.path.isfile(os.path.join(path, "__init__.py")):
                             # This is a package directory, add it
-                            self.writepy(path, basename)  # Recursive call
+                            self.writepy(path, basename,
+                                         filterfunc=filterfunc)  # Recursive call
                     elif ext == ".py":
+                        if filterfunc and not filterfunc(path):
+                            if self.debug:
+                                print('file %r skipped by filterfunc' % path)
+                            continue
                         fname, arcname = self._get_codename(path[0:-3],
-                                         basename)
+                                                            basename)
                         if self.debug:
-                            print "Adding", arcname
+                            print("Adding", arcname)
                         self.write(fname, arcname)
             else:
                 # This is NOT a package directory, add its files at top level
                 if self.debug:
-                    print "Adding files from directory", pathname
+                    print("Adding files from directory", pathname)
                 for filename in os.listdir(pathname):
                     path = os.path.join(pathname, filename)
                     root, ext = os.path.splitext(filename)
                     if ext == ".py":
+                        if filterfunc and not filterfunc(path):
+                            if self.debug:
+                                print('file %r skipped by filterfunc' % path)
+                            continue
                         fname, arcname = self._get_codename(path[0:-3],
-                                         basename)
+                                                            basename)
                         if self.debug:
-                            print "Adding", arcname
+                            print("Adding", arcname)
                         self.write(fname, arcname)
         else:
             if pathname[-3:] != ".py":
-                raise RuntimeError, \
-                      'Files added with writepy() must end with ".py"'
+                raise RuntimeError(
+                    'Files added with writepy() must end with ".py"')
             fname, arcname = self._get_codename(pathname[0:-3], basename)
             if self.debug:
-                print "Adding file", arcname
+                print("Adding file", arcname)
             self.write(fname, arcname)
 
     def _get_codename(self, pathname, basename):
@@ -1342,25 +1911,77 @@ def _get_codename(self, pathname, basename):
         archive name, compiling if necessary.  For example, given
         /python/lib/string, return (/python/lib/string.pyc, string).
         """
-        file_py  = pathname + ".py"
-        file_pyc = pathname + ".pyc"
-        file_pyo = pathname + ".pyo"
-        if os.path.isfile(file_pyo) and \
-                            os.stat(file_pyo).st_mtime >= os.stat(file_py).st_mtime:
-            fname = file_pyo    # Use .pyo file
-        elif not os.path.isfile(file_pyc) or \
-             os.stat(file_pyc).st_mtime < os.stat(file_py).st_mtime:
+        def _compile(file, optimize=-1):
             import py_compile
             if self.debug:
-                print "Compiling", file_py
+                print("Compiling", file)
             try:
-                py_compile.compile(file_py, file_pyc, None, True)
-            except py_compile.PyCompileError,err:
-                print err.msg
-            fname = file_pyc
+                py_compile.compile(file, doraise=True, optimize=optimize)
+            except py_compile.PyCompileError as err:
+                print(err.msg)
+                return False
+            return True
+
+        file_py  = pathname + ".py"
+        file_pyc = pathname + ".pyc"
+        pycache_opt0 = importlib.util.cache_from_source(file_py, optimization='')
+        pycache_opt1 = importlib.util.cache_from_source(file_py, optimization=1)
+        pycache_opt2 = importlib.util.cache_from_source(file_py, optimization=2)
+        if self._optimize == -1:
+            # legacy mode: use whatever file is present
+            if (os.path.isfile(file_pyc) and
+                  os.stat(file_pyc).st_mtime >= os.stat(file_py).st_mtime):
+                # Use .pyc file.
+                arcname = fname = file_pyc
+            elif (os.path.isfile(pycache_opt0) and
+                  os.stat(pycache_opt0).st_mtime >= os.stat(file_py).st_mtime):
+                # Use the __pycache__/*.pyc file, but write it to the legacy pyc
+                # file name in the archive.
+                fname = pycache_opt0
+                arcname = file_pyc
+            elif (os.path.isfile(pycache_opt1) and
+                  os.stat(pycache_opt1).st_mtime >= os.stat(file_py).st_mtime):
+                # Use the __pycache__/*.pyc file, but write it to the legacy pyc
+                # file name in the archive.
+                fname = pycache_opt1
+                arcname = file_pyc
+            elif (os.path.isfile(pycache_opt2) and
+                  os.stat(pycache_opt2).st_mtime >= os.stat(file_py).st_mtime):
+                # Use the __pycache__/*.pyc file, but write it to the legacy pyc
+                # file name in the archive.
+                fname = pycache_opt2
+                arcname = file_pyc
+            else:
+                # Compile py into PEP 3147 pyc file.
+                if _compile(file_py):
+                    if sys.flags.optimize == 0:
+                        fname = pycache_opt0
+                    elif sys.flags.optimize == 1:
+                        fname = pycache_opt1
+                    else:
+                        fname = pycache_opt2
+                    arcname = file_pyc
+                else:
+                    fname = arcname = file_py
         else:
-            fname = file_pyc
-        archivename = os.path.split(fname)[1]
+            # new mode: use given optimization level
+            if self._optimize == 0:
+                fname = pycache_opt0
+                arcname = file_pyc
+            else:
+                arcname = file_pyc
+                if self._optimize == 1:
+                    fname = pycache_opt1
+                elif self._optimize == 2:
+                    fname = pycache_opt2
+                else:
+                    msg = "invalid value for 'optimize': {!r}".format(self._optimize)
+                    raise ValueError(msg)
+            if not (os.path.isfile(fname) and
+                    os.stat(fname).st_mtime >= os.stat(file_py).st_mtime):
+                if not _compile(file_py, optimize=self._optimize):
+                    fname = arcname = file_py
+        archivename = os.path.split(arcname)[1]
         if basename:
             archivename = "%s/%s" % (basename, archivename)
         return (fname, archivename)
@@ -1379,65 +2000,58 @@ def main(args = None):
         args = sys.argv[1:]
 
     if not args or args[0] not in ('-l', '-c', '-e', '-t'):
-        print USAGE
+        print(USAGE)
         sys.exit(1)
 
     if args[0] == '-l':
         if len(args) != 2:
-            print USAGE
+            print(USAGE)
             sys.exit(1)
-        zf = ZipFile(args[1], 'r')
-        zf.printdir()
-        zf.close()
+        with ZipFile(args[1], 'r') as zf:
+            zf.printdir()
 
     elif args[0] == '-t':
         if len(args) != 2:
-            print USAGE
+            print(USAGE)
             sys.exit(1)
-        zf = ZipFile(args[1], 'r')
-        zf.testzip()
-        print "Done testing"
+        with ZipFile(args[1], 'r') as zf:
+            badfile = zf.testzip()
+        if badfile:
+            print("The following enclosed file is corrupted: {!r}".format(badfile))
+        print("Done testing")
 
     elif args[0] == '-e':
         if len(args) != 3:
-            print USAGE
+            print(USAGE)
             sys.exit(1)
 
-        zf = ZipFile(args[1], 'r')
-        out = args[2]
-        for path in zf.namelist():
-            if path.startswith('./'):
-                tgt = os.path.join(out, path[2:])
-            else:
-                tgt = os.path.join(out, path)
-
-            tgtdir = os.path.dirname(tgt)
-            if not os.path.exists(tgtdir):
-                os.makedirs(tgtdir)
-            fp = open(tgt, 'wb')
-            fp.write(zf.read(path))
-            fp.close()
-        zf.close()
+        with ZipFile(args[1], 'r') as zf:
+            zf.extractall(args[2])
 
     elif args[0] == '-c':
         if len(args) < 3:
-            print USAGE
+            print(USAGE)
             sys.exit(1)
 
         def addToZip(zf, path, zippath):
             if os.path.isfile(path):
                 zf.write(path, zippath, ZIP_DEFLATED)
             elif os.path.isdir(path):
+                if zippath:
+                    zf.write(path, zippath)
                 for nm in os.listdir(path):
                     addToZip(zf,
-                            os.path.join(path, nm), os.path.join(zippath, nm))
+                             os.path.join(path, nm), os.path.join(zippath, nm))
             # else: ignore
 
-        zf = ZipFile(args[1], 'w', allowZip64=True)
-        for src in args[2:]:
-            addToZip(zf, src, os.path.basename(src))
-
-        zf.close()
+        with ZipFile(args[1], 'w') as zf:
+            for path in args[2:]:
+                zippath = os.path.basename(path)
+                if not zippath:
+                    zippath = os.path.basename(os.path.dirname(path))
+                if zippath in ('', os.curdir, os.pardir):
+                    zippath = ''
+                addToZip(zf, path, zippath)
 
 if __name__ == "__main__":
     main()